path: root/data/CVE/list

CVE-2018-11314
	RESERVED
CVE-2018-11313
	RESERVED
CVE-2018-11312
	RESERVED
CVE-2018-11311
	RESERVED
CVE-2018-11310
	RESERVED
CVE-2018-11309
	RESERVED
CVE-2018-11308
	RESERVED
CVE-2018-11307
	RESERVED
CVE-2018-11306
	RESERVED
CVE-2018-11305
	RESERVED
CVE-2018-11304
	RESERVED
CVE-2018-11303
	RESERVED
CVE-2018-11302
	RESERVED
CVE-2018-11301
	RESERVED
CVE-2018-11300
	RESERVED
CVE-2018-11299
	RESERVED
CVE-2018-11298
	RESERVED
CVE-2018-11297
	RESERVED
CVE-2018-11296
	RESERVED
CVE-2018-11295
	RESERVED
CVE-2018-11294
	RESERVED
CVE-2018-11293
	RESERVED
CVE-2018-11292
	RESERVED
CVE-2018-11291
	RESERVED
CVE-2018-11290
	RESERVED
CVE-2018-11289
	RESERVED
CVE-2018-11288
	RESERVED
CVE-2018-11287
	RESERVED
CVE-2018-11286
	RESERVED
CVE-2018-11285
	RESERVED
CVE-2018-11284
	RESERVED
CVE-2018-11283
	RESERVED
CVE-2018-11282
	RESERVED
CVE-2018-11281
	RESERVED
CVE-2018-11280
	RESERVED
CVE-2018-11279
	RESERVED
CVE-2018-11278
	RESERVED
CVE-2018-11277
	RESERVED
CVE-2018-11276
	RESERVED
CVE-2018-11275
	RESERVED
CVE-2018-11274
	RESERVED
CVE-2018-11273
	RESERVED
CVE-2018-11272
	RESERVED
CVE-2018-11271
	RESERVED
CVE-2018-11270
	RESERVED
CVE-2018-11269
	RESERVED
CVE-2018-11268
	RESERVED
CVE-2018-11267
	RESERVED
CVE-2018-11266
	RESERVED
CVE-2018-11265
	RESERVED
CVE-2018-11264
	RESERVED
CVE-2018-11263
	RESERVED
CVE-2018-11262
	RESERVED
CVE-2018-11261
	RESERVED
CVE-2018-11260
	RESERVED
CVE-2018-11259
	RESERVED
CVE-2018-11258
	RESERVED
CVE-2018-11257
	RESERVED
CVE-2017-18283
	RESERVED
CVE-2017-18282
	RESERVED
CVE-2017-18281
	RESERVED
CVE-2017-18280
	RESERVED
CVE-2017-18279
	RESERVED
CVE-2017-18278
	RESERVED
CVE-2017-18277
	RESERVED
CVE-2017-18276
	RESERVED
CVE-2017-18275
	RESERVED
CVE-2017-18274
	RESERVED
CVE-2018-11256 (An issue was discovered in PoDoFo 0.9.5. The function ...)
	- libpodofo <unfixed> (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575851
CVE-2018-11255 (An issue was discovered in PoDoFo 0.9.5. The function ...)
	- libpodofo <unfixed> (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575502
CVE-2018-11254 (An issue was discovered in PoDoFo 0.9.5. There is an Excessive ...)
	- libpodofo <unfixed> (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1576174
CVE-2018-11253
	RESERVED
CVE-2018-11252
	RESERVED
CVE-2018-11251 (In ImageMagick 7.0.7-23 Q16 x86_64 2018-01-24, there is a heap-based ...)
	- imagemagick 8:6.9.9.39+dfsg-1
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/956
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fbc6a557b4f63af18b2debe83f817859ef7481
CVE-2018-11250
	RESERVED
CVE-2018-11249
	RESERVED
CVE-2018-11248 (util/FileDownloadUtils.java in FileDownloader 1.7.3 does not check an ...)
	NOT-FOR-US: FileDownloader
CVE-2018-11247
	RESERVED
CVE-2018-11246
	RESERVED
CVE-2018-11245 (app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex ...)
	NOT-FOR-US: MISP
CVE-2018-11244 (The BBE theme before 1.53 for WordPress allows a direct launch of an ...)
	NOT-FOR-US: WordPress theme
CVE-2018-11243 (PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote ...)
	- upx-ucl <unfixed> (unimportant)
	NOTE: https://github.com/upx/upx/issues/206
	NOTE: https://github.com/upx/upx/issues/207
CVE-2018-11242
	RESERVED
CVE-2018-11241
	RESERVED
CVE-2018-11240
	RESERVED
CVE-2018-11239 (An integer overflow in the _transfer function of a smart contract ...)
	TODO: check
CVE-2018-11238
	RESERVED
CVE-2018-11237 (An AVX-512-optimized implementation of the mempcpy function in the GNU ...)
	- glibc <unfixed> (low; bug #899070)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23196
CVE-2018-11236 (stdlib/canonicalize.c in the GNU C Library (aka glibc or libc6) 2.27 ...)
	- glibc <unfixed> (low; bug #899071)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22786
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5460617d1567657621107d895ee2dd83bc1f88f2
CVE-2018-11235
	RESERVED
CVE-2018-11234
	RESERVED
CVE-2018-11233
	RESERVED
CVE-2018-1000400 (Kubernetes CRI-O version prior to 1.9 contains a Privilege Context ...)
	NOT-FOR-US: Kubernetes CRI-O
CVE-2017-18273 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...)
	- imagemagick 8:6.9.9.34+dfsg-3
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/910
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8fcb59e9e1d1189caf2e0f5e39346944dcd6b9d
CVE-2017-18272 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-25, there is a ...)
	- imagemagick 8:6.9.9.34+dfsg-3
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/918
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/93d029b70ac766ce0b5d7261a2dd334535f48038
CVE-2017-18271 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-22, an infinite loop ...)
	- imagemagick 8:6.9.9.34+dfsg-3
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/911
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7523250e2664028aa1d8f02d2d7ae49c769a851e
CVE-2017-18269 (An SSE2-optimized memmove implementation for i386 in ...)
	- glibc 2.27-3
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22644
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=cd66c0e584c6d692bc8347b5e72723d02b8a8ada
CVE-2018-11232 (The etm_setup_aux function in ...)
	- linux <not-affected> (Vulnerable code never present in unstable)
	NOTE: Fixed by: https://git.kernel.org/linus/f09444639099584bc4784dfcd85ada67c6f33e0f
CVE-2018-11231
	RESERVED
CVE-2018-11230 (jbig2_add_page in jbig2enc.cc in libjbig2enc.a in jbig2enc 0.29 allows ...)
	NOT-FOR-US: jbig2enc
CVE-2018-11229
	RESERVED
CVE-2018-11228
	RESERVED
CVE-2018-11227
	RESERVED
CVE-2018-11226 (The getString function in decompile.c in libming through 0.4.8 ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/144
CVE-2018-11225 (The dcputs function in decompile.c in libming through 0.4.8 mishandles ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/143
CVE-2018-11224 (An issue was discovered in Libav 12.3. A read access violation in the ...)
	- libav <undetermined>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1129
	TODO: check
CVE-2018-11223
	RESERVED
CVE-2018-11222
	RESERVED
CVE-2018-11221
	RESERVED
CVE-2018-11220
	RESERVED
CVE-2018-11219
	RESERVED
CVE-2018-11218
	RESERVED
CVE-2018-11217
	RESERVED
CVE-2018-11216
	RESERVED
CVE-2018-11215
	RESERVED
CVE-2018-11214 (An issue was discovered in libjpeg 9a. The get_text_rgb_row function in ...)
	- libjpeg9 <unfixed>
	TODO: check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-11213 (An issue was discovered in libjpeg 9a. The get_text_gray_row function ...)
	- libjpeg9 <unfixed>
	TODO: check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-11212 (An issue was discovered in libjpeg 9a. The alloc_sarray function in ...)
	- libjpeg9 <unfixed>
	TODO: check, for now only tracking libjpeg9 but decide if other implementations and versions need to be tracked
CVE-2018-11211
	RESERVED
CVE-2018-11210 (TinyXML2 6.2.0 has a heap-based buffer over-read in the ...)
	- tinyxml2 <unfixed> (bug #899063; unimportant)
	NOTE: https://github.com/leethomason/tinyxml2/issues/675
	NOTE: Non-real issue, missuse of API
CVE-2018-11209 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-11208 (** DISPUTED ** An issue was discovered in Z-BlogPHP 2.0.0. There is a ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-11207 (A division by zero was discovered in H5D__chunk_init in H5Dchunk.c in ...)
	- hdf5 <unfixed> (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
CVE-2018-11206 (A out of bounds read was discovered in H5O_fill_new_decode and ...)
	- hdf5 <unfixed> (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
CVE-2018-11205 (A out of bounds read was discovered in H5VM_memcpyvv in H5VM.c in the ...)
	- hdf5 <unfixed> (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
CVE-2018-11204 (A NULL pointer dereference was discovered in H5O__chunk_deserialize in ...)
	- hdf5 <unfixed> (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
CVE-2018-11203 (A division by zero was discovered in H5D__btree_decode_key in ...)
	- hdf5 <unfixed> (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
CVE-2018-11202 (A NULL pointer dereference was discovered in H5S_hyper_make_spans in ...)
	- hdf5 <unfixed> (low)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
CVE-2018-11201
	RESERVED
CVE-2018-11200
	RESERVED
CVE-2018-11199
	RESERVED
CVE-2018-11198
	RESERVED
CVE-2018-11197
	RESERVED
CVE-2018-11196
	RESERVED
CVE-2018-11195
	RESERVED
CVE-2018-11194
	RESERVED
CVE-2018-11193
	RESERVED
CVE-2018-11192
	RESERVED
CVE-2018-11191
	RESERVED
CVE-2018-11190
	RESERVED
CVE-2018-11189
	RESERVED
CVE-2018-11188
	RESERVED
CVE-2018-11187
	RESERVED
CVE-2018-11186
	RESERVED
CVE-2018-11185
	RESERVED
CVE-2018-11184
	RESERVED
CVE-2018-11183
	RESERVED
CVE-2018-11182
	RESERVED
CVE-2018-11181
	RESERVED
CVE-2018-11180
	RESERVED
CVE-2018-11179
	RESERVED
CVE-2018-11178
	RESERVED
CVE-2018-11177
	RESERVED
CVE-2018-11176
	RESERVED
CVE-2018-11175
	RESERVED
CVE-2018-11174
	RESERVED
CVE-2018-11173
	RESERVED
CVE-2018-11172
	RESERVED
CVE-2018-11171
	RESERVED
CVE-2018-11170
	RESERVED
CVE-2018-11169
	RESERVED
CVE-2018-11168
	RESERVED
CVE-2018-11167
	RESERVED
CVE-2018-11166
	RESERVED
CVE-2018-11165
	RESERVED
CVE-2018-11164
	RESERVED
CVE-2018-11163
	RESERVED
CVE-2018-11162
	RESERVED
CVE-2018-11161
	RESERVED
CVE-2018-11160
	RESERVED
CVE-2018-11159
	RESERVED
CVE-2018-11158
	RESERVED
CVE-2018-11157
	RESERVED
CVE-2018-11156
	RESERVED
CVE-2018-11155
	RESERVED
CVE-2018-11154
	RESERVED
CVE-2018-11153
	RESERVED
CVE-2018-11152
	RESERVED
CVE-2018-11151
	RESERVED
CVE-2018-11150
	RESERVED
CVE-2018-11149
	RESERVED
CVE-2018-11148
	RESERVED
CVE-2018-11147
	RESERVED
CVE-2018-11146
	RESERVED
CVE-2018-11145
	RESERVED
CVE-2018-11144
	RESERVED
CVE-2018-11143
	RESERVED
CVE-2018-11142
	RESERVED
CVE-2018-11141
	RESERVED
CVE-2018-11140
	RESERVED
CVE-2018-11139
	RESERVED
CVE-2018-11138
	RESERVED
CVE-2018-11137
	RESERVED
CVE-2018-11136
	RESERVED
CVE-2018-11135
	RESERVED
CVE-2018-11134
	RESERVED
CVE-2018-11133
	RESERVED
CVE-2018-11132
	RESERVED
CVE-2018-11131
	RESERVED
CVE-2018-11130 (The header::add_FORMAT_descriptor function in header.cpp in VCFtools ...)
	- vcftools <unfixed> (low)
	[stretch] - vcftools <no-dsa> (Minor issue)
	[jessie] - vcftools <no-dsa> (Minor issue)
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11129 (The header::add_INFO_descriptor function in header.cpp in VCFtools ...)
	- vcftools <unfixed> (low)
	[stretch] - vcftools <no-dsa> (Minor issue)
	[jessie] - vcftools <no-dsa> (Minor issue)
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11128 (The ObjReader::ReadObj() function in ObjReader.cpp in vincent0629 ...)
	NOT-FOR-US: vincent0629 PDFParser
CVE-2018-11127 (e107 2.1.7 has CSRF resulting in arbitrary user deletion. ...)
	NOT-FOR-US: e107
CVE-2018-11126 (dg-user/?controller=users&amp;action=add in doorGets 7.0 has CSRF that ...)
	NOT-FOR-US: doorGets
CVE-2018-11125
	REJECTED
CVE-2018-11124
	RESERVED
CVE-2018-11123
	RESERVED
CVE-2018-11122
	RESERVED
CVE-2018-11121
	RESERVED
CVE-2018-11120 (Services/COPage/classes/class.ilPCSourceCode.php in ILIAS 5.1.x, 5.2.x, ...)
	NOT-FOR-US: ILIAS
CVE-2018-11119 (ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 redirects a logged-in user ...)
	NOT-FOR-US: ILIAS
CVE-2018-11118 (The RSS subsystem in ILIAS 5.1.x, 5.2.x, and 5.3.x before 5.3.5 has XSS ...)
	NOT-FOR-US: ILIAS
CVE-2018-11117 (Services/Feeds/classes/class.ilExternalFeedItem.php in ILIAS 5.1.x, ...)
	NOT-FOR-US: ILIAS
CVE-2018-11116
	RESERVED
CVE-2018-11115
	RESERVED
CVE-2018-11114
	RESERVED
CVE-2018-11113
	RESERVED
CVE-2018-11112
	RESERVED
CVE-2018-11111
	RESERVED
CVE-2018-11110
	RESERVED
CVE-2018-11109
	RESERVED
CVE-2018-11108
	RESERVED
CVE-2018-11107
	RESERVED
CVE-2018-11106
	RESERVED
CVE-2018-11105 (There is stored cross site scripting in the wp-live-chat-support plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-11104
	RESERVED
CVE-2018-11103
	RESERVED
CVE-2018-11102 (An issue was discovered in Libav 12.3. A read access violation in the ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1128
CVE-2018-11101 (Open Whisper Signal (aka Signal-Desktop) through 1.10.1 allows XSS via ...)
	NOT-FOR-US: Signal-Desktop
CVE-2018-11100 (The decompileSETTARGET function in decompile.c in libming through 0.4.8 ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/142
CVE-2018-11099 (The header::add_INFO_descriptor function in header.cpp in VCFtools ...)
	- vcftools <unfixed> (low)
	[stretch] - vcftools <no-dsa> (Minor issue)
	[jessie] - vcftools <no-dsa> (Minor issue)
	[wheezy] - vcftools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/May/43
	NOTE: https://github.com/vcftools/vcftools/issues/109
CVE-2018-11098 (An issue was discovered in Frog CMS 0.9.5. There is a file upload ...)
	NOT-FOR-US: Frog CMS
CVE-2018-11097 (An issue was discovered in cloudwu/cstring through 2016-11-09. There is ...)
	NOT-FOR-US: cloudwu
CVE-2018-11096
	RESERVED
CVE-2018-11095 (The decompileJUMP function in decompile.c in libming through 0.4.8 ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/141
CVE-2018-11094 (An issue was discovered on Intelbras NCLOUD 300 1.0 devices. ...)
	NOT-FOR-US: Intelbras NCLOUD
CVE-2018-11093
	RESERVED
CVE-2018-11092
	RESERVED
CVE-2018-11091 (An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file ...)
	NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11090 (An XSS issue was discovered in MyBiz MyProcureNet 5.0.0. This ...)
	NOT-FOR-US: MyBiz MyProcureNet
CVE-2018-11089
	RESERVED
CVE-2018-11088
	RESERVED
CVE-2018-11087
	RESERVED
CVE-2018-11086
	RESERVED
CVE-2018-11085
	RESERVED
CVE-2018-11084
	RESERVED
CVE-2018-11083
	RESERVED
CVE-2018-11082
	RESERVED
CVE-2018-11081
	RESERVED
CVE-2018-11080
	RESERVED
CVE-2018-11079
	RESERVED
CVE-2018-11078
	RESERVED
CVE-2018-11077
	RESERVED
CVE-2018-11076
	RESERVED
CVE-2018-11075
	RESERVED
CVE-2018-11074
	RESERVED
CVE-2018-11073
	RESERVED
CVE-2018-11072
	RESERVED
CVE-2018-11071
	RESERVED
CVE-2018-11070
	RESERVED
CVE-2018-11069
	RESERVED
CVE-2018-11068
	RESERVED
CVE-2018-11067
	RESERVED
CVE-2018-11066
	RESERVED
CVE-2018-11065
	RESERVED
CVE-2018-11064
	RESERVED
CVE-2018-11063
	RESERVED
CVE-2018-11062
	RESERVED
CVE-2018-11061
	RESERVED
CVE-2018-11060
	RESERVED
CVE-2018-11059
	RESERVED
CVE-2018-11058
	RESERVED
CVE-2018-11057
	RESERVED
CVE-2018-11056
	RESERVED
CVE-2018-11055
	RESERVED
CVE-2018-11054
	RESERVED
CVE-2018-11053
	RESERVED
CVE-2018-11052
	RESERVED
CVE-2018-11051
	RESERVED
CVE-2018-11050
	RESERVED
CVE-2018-11049
	RESERVED
CVE-2018-11048
	RESERVED
CVE-2018-11047
	RESERVED
CVE-2018-11046
	RESERVED
CVE-2018-11045
	RESERVED
CVE-2018-11044
	RESERVED
CVE-2018-11043
	RESERVED
CVE-2018-11042
	RESERVED
CVE-2018-11041
	RESERVED
CVE-2018-11040
	RESERVED
CVE-2018-11039
	RESERVED
CVE-2017-18270 (In the Linux kernel before 4.13.5, a local user could create keyrings ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.56-1
	[wheezy] - linux 3.2.101-1
	NOTE: Fixed by: https://git.kernel.org/linus/237bbd29f7a049d310d907f4b2716a7feef9abf3 (4.14-rc3)
CVE-2017-18268 (Symantec IntelligenceCenter 3.3 is vulnerable to the Return of the ...)
	NOT-FOR-US: Symantec
CVE-2018-11038
	RESERVED
CVE-2018-11037 (In Exiv2 0.26, the Exiv2::PngImage::printStructure function in ...)
	- exiv2 <unfixed>
	NOTE: https://github.com/Exiv2/exiv2/issues/307
CVE-2018-11036
	RESERVED
CVE-2018-11035 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-11034 (In 2345 Security Guard 3.7, the driver file (2345NsProtect.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-11033 (The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=40842
CVE-2018-11032 (PHPRAP 1.0.4 through 1.0.8 has SQL Injection via the ...)
	NOT-FOR-US: PHPRAP
CVE-2018-11031 (application/home/controller/debug.php in PHPRAP 1.0.4 through 1.0.8 has ...)
	NOT-FOR-US: PHPRAP
CVE-2018-11030
	RESERVED
CVE-2018-11029
	RESERVED
CVE-2018-11028
	RESERVED
CVE-2018-11027
	RESERVED
CVE-2018-11026
	RESERVED
CVE-2018-11025
	RESERVED
CVE-2018-11024
	RESERVED
CVE-2018-11023
	RESERVED
CVE-2018-11022
	RESERVED
CVE-2018-11021
	RESERVED
CVE-2018-11020
	RESERVED
CVE-2018-11019
	RESERVED
CVE-2018-11018 (An issue was discovered in PbootCMS v1.0.7. Cross-site request forgery ...)
	NOT-FOR-US: PbootCMS
CVE-2018-11017 (The newVar_N function in decompile.c in libming through 0.4.8 ...)
	- ming <removed>
CVE-2018-11016
	RESERVED
CVE-2018-11015
	RESERVED
CVE-2018-11014
	RESERVED
CVE-2018-11013 (Stack-based buffer overflow in the websRedirect function in GoAhead on ...)
	NOT-FOR-US: D-Link
CVE-2018-11012 (ruibaby Halo 0.0.2 has stored XSS via the loginName and loginPwd ...)
	NOT-FOR-US: ruibaby Halo
CVE-2018-11011 (ruibaby Halo 0.0.2 has stored XSS via the commentAuthor field to ...)
	NOT-FOR-US: ruibaby Halo
CVE-2018-11010
	RESERVED
CVE-2018-11009
	RESERVED
CVE-2018-11008
	RESERVED
CVE-2018-11007
	RESERVED
CVE-2018-11006
	RESERVED
CVE-2018-11005
	RESERVED
CVE-2018-11004 (An issue was discovered in SDcms v1.5. Cross-site request forgery ...)
	NOT-FOR-US: SDcms
CVE-2018-11003 (An issue was discovered in YXcms 1.4.7. Cross-site request forgery ...)
	NOT-FOR-US: YXcms
CVE-2018-11002
	RESERVED
CVE-2018-11001
	RESERVED
CVE-2018-11000
	RESERVED
CVE-2018-10999 (An issue was discovered in Exiv2 0.26. The ...)
	- exiv2 <unfixed>
	NOTE: https://github.com/Exiv2/exiv2/issues/306
CVE-2018-10998 (An issue was discovered in Exiv2 0.26. readMetadata in jp2image.cpp ...)
	- exiv2 <unfixed>
	NOTE: https://github.com/Exiv2/exiv2/issues/303
CVE-2018-10997
	RESERVED
CVE-2018-10996 (The weblogin_log function in /htdocs/cgibin on D-Link DIR-629-B1 ...)
	NOT-FOR-US: D-Link
CVE-2018-10995
	RESERVED
CVE-2018-10994 (js/views/message_view.js in Open Whisper Signal (aka Signal-Desktop) ...)
	NOT-FOR-US: Signal-Desktop
CVE-2018-10993
	RESERVED
CVE-2018-10991
	REJECTED
CVE-2018-10990 (On Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices, a ...)
	NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10989 (Arris Touchstone Telephony Gateway TG1682G 9.1.103J6 devices are ...)
	NOT-FOR-US: Arris Touchstone Telephony Gateway
CVE-2018-10988
	RESERVED
CVE-2018-10987
	RESERVED
CVE-2018-10986
	RESERVED
CVE-2018-10985
	RESERVED
CVE-2018-10984
	RESERVED
CVE-2018-10983
	RESERVED
CVE-2009-5152 (Absolute Computrace Agent, as distributed on certain Dell Inspiron ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5151 (The stub component of Absolute Computrace Agent V70.785 executes code ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2009-5150 (Absolute Computrace Agent V80.845 and V80.866 does not have a digital ...)
	NOT-FOR-US: Absolute Computrace Agent
CVE-2018-10992 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings ...)
	- lilypond 2.18.2-13 (bug #898373)
	[jessie] - lilypond <not-affected> (Incomplete fix not applied)
	[wheezy] - lilypond <not-affected> (Incomplete fix not applied)
CVE-2018-10982 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
	{DSA-4201-1}
	- xen <unfixed>
	NOTE: https://xenbits.xen.org/xsa/advisory-261.html
CVE-2018-10981 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
	{DSA-4201-1}
	- xen <unfixed>
	NOTE: https://xenbits.xen.org/xsa/advisory-262.html
CVE-2018-10980
	RESERVED
CVE-2018-10979
	RESERVED
CVE-2018-10978
	RESERVED
CVE-2018-10977 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10976 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10975 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10974 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10973 (An integer overflow in the transferMulti function of a smart contract ...)
	NOT-FOR-US: KoreaShow
CVE-2018-10972 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
	- flif <unfixed> (bug #898407)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/503
CVE-2018-10971 (An issue was discovered in Free Lossless Image Format (FLIF) 0.3. The ...)
	- flif <unfixed> (bug #898406)
	NOTE: https://github.com/FLIF-hub/FLIF/issues/501
CVE-2018-10970
	RESERVED
CVE-2018-10969
	RESERVED
CVE-2018-10968 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious ...)
	NOT-FOR-US: D-Link
CVE-2018-10967 (On D-Link DIR-550A and DIR-604M devices through v2.10KR, a malicious ...)
	NOT-FOR-US: D-Link
CVE-2018-10966
	RESERVED
CVE-2018-10965
	RESERVED
CVE-2018-10964
	RESERVED
CVE-2018-10963 (The TIFFWriteDirectorySec() function in tif_dirwrite.c in LibTIFF ...)
	- tiff <unfixed> (bug #898348)
	[stretch] - tiff <no-dsa> (Minor issue)
	[jessie] - tiff <no-dsa> (Minor issue)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2795
	NOTE: https://gitlab.com/libtiff/libtiff/commit/de144fd228e4be8aa484c3caf3d814b6fa88c6d9
CVE-2018-10962 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10961
	RESERVED
CVE-2018-10960
	RESERVED
CVE-2018-10959
	RESERVED
CVE-2018-10958 (In types.cpp in Exiv2 0.26, a large size value may lead to a SIGABRT ...)
	- exiv2 <unfixed>
	NOTE: https://github.com/Exiv2/exiv2/issues/302
CVE-2018-10957 (CSRF exists on D-Link DIR-868L devices, leading to (for example) a ...)
	NOT-FOR-US: D-Link
CVE-2018-10956
	RESERVED
CVE-2018-10955 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10954 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10953 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10952 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10951 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before ...)
	NOT-FOR-US: Zimbra
CVE-2018-10950 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before ...)
	NOT-FOR-US: Zimbra
CVE-2018-10949 (mailboxd in Zimbra Collaboration Suite 8.8 before 8.8.8; 8.7 before ...)
	NOT-FOR-US: Zimbra
CVE-2018-10948
	RESERVED
CVE-2018-10947
	RESERVED
CVE-2018-10946
	RESERVED
CVE-2017-18267 (The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler ...)
	- poppler <unfixed> (bug #898357)
	[stretch] - poppler <no-dsa> (Minor issue)
	[jessie] - poppler <no-dsa> (Minor issue)
	[wheezy] - poppler <ignored> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=104942
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103238
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=60b4fe65bc9dc9b82bbadf0be2e3781be796a13d
CVE-2017-18266 (The open_envvar function in xdg-open in xdg-utils before 1.1.3 does not ...)
	- xdg-utils 1.1.3-1 (bug #898317)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103807
	NOTE: Upstream bug discussed possible other approach to fix the issue.
	NOTE: Fixed by: https://cgit.freedesktop.org/xdg/xdg-utils/commit/?id=ce802d71c3466d1dbb24f2fe9b6db82a1f899bcb
CVE-2018-10945
	RESERVED
CVE-2018-10944 (The request_dividend function of a smart contract implementation for ...)
	NOT-FOR-US: Rasputin Online Coin
CVE-2018-10943
	RESERVED
CVE-2018-10942 (modules/attributewizardpro/file_upload.php in the Attribute Wizard ...)
	NOT-FOR-US: Attribute Wizard addon for PrestaShop
CVE-2018-10941
	RESERVED
CVE-2018-10940 (The cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c in the ...)
	- linux <unfixed>
	NOTE: Fixed by: https://git.kernel.org/linus/9de4ee40547fd315d4a0ed1dd15a2fa3559ad707
CVE-2018-10939
	RESERVED
CVE-2018-10938
	RESERVED
CVE-2018-10937
	RESERVED
CVE-2018-10936
	RESERVED
CVE-2018-10935
	RESERVED
CVE-2018-10934
	RESERVED
CVE-2018-10933
	RESERVED
CVE-2018-10932
	RESERVED
CVE-2018-10931
	RESERVED
CVE-2018-10930
	RESERVED
CVE-2018-10929
	RESERVED
CVE-2018-10928
	RESERVED
CVE-2018-10927
	RESERVED
CVE-2018-10926
	RESERVED
CVE-2018-10925
	RESERVED
CVE-2018-10924
	RESERVED
CVE-2018-10923
	RESERVED
CVE-2018-10922
	RESERVED
CVE-2018-10921
	RESERVED
CVE-2018-10920
	RESERVED
CVE-2018-10919
	RESERVED
CVE-2018-10918
	RESERVED
CVE-2018-10917
	RESERVED
CVE-2018-10916
	RESERVED
CVE-2018-10915
	RESERVED
CVE-2018-10914
	RESERVED
CVE-2018-10913
	RESERVED
CVE-2018-10912
	RESERVED
CVE-2018-10911
	RESERVED
CVE-2018-10910
	RESERVED
CVE-2018-10909
	RESERVED
CVE-2018-10908
	RESERVED
CVE-2018-10907
	RESERVED
CVE-2018-10906
	RESERVED
CVE-2018-10905
	RESERVED
CVE-2018-10904
	RESERVED
CVE-2018-10903
	RESERVED
CVE-2018-10902
	RESERVED
CVE-2018-10901
	RESERVED
CVE-2018-10900
	RESERVED
CVE-2018-10899
	RESERVED
CVE-2018-10898
	RESERVED
CVE-2018-10897
	RESERVED
CVE-2018-10896
	RESERVED
CVE-2018-10895
	RESERVED
CVE-2018-10894
	RESERVED
CVE-2018-10893
	RESERVED
CVE-2018-10892
	RESERVED
CVE-2018-10891
	RESERVED
CVE-2018-10890
	RESERVED
CVE-2018-10889
	RESERVED
CVE-2018-10888
	RESERVED
CVE-2018-10887
	RESERVED
CVE-2018-10886
	RESERVED
CVE-2018-10885
	RESERVED
CVE-2018-10884
	RESERVED
CVE-2018-10883
	RESERVED
CVE-2018-10882
	RESERVED
CVE-2018-10881
	RESERVED
CVE-2018-10880
	RESERVED
CVE-2018-10879
	RESERVED
CVE-2018-10878
	RESERVED
CVE-2018-10877
	RESERVED
CVE-2018-10876
	RESERVED
CVE-2018-10875
	RESERVED
CVE-2018-10874
	RESERVED
CVE-2018-10873
	RESERVED
CVE-2018-10872
	RESERVED
CVE-2018-10871
	RESERVED
CVE-2018-10870
	RESERVED
CVE-2018-10869
	RESERVED
CVE-2018-10868
	RESERVED
CVE-2018-10867
	RESERVED
CVE-2018-10866
	RESERVED
CVE-2018-10865
	RESERVED
CVE-2018-10864
	RESERVED
CVE-2018-10863
	RESERVED
CVE-2018-10862
	RESERVED
CVE-2018-10861
	RESERVED
CVE-2018-10860
	RESERVED
CVE-2018-10859
	RESERVED
CVE-2018-10858
	RESERVED
CVE-2018-10857
	RESERVED
CVE-2018-10856
	RESERVED
CVE-2018-10855
	RESERVED
CVE-2018-10854
	RESERVED
CVE-2018-10853
	RESERVED
CVE-2018-10852
	RESERVED
CVE-2018-10851
	RESERVED
CVE-2018-10850
	RESERVED
CVE-2018-10849
	RESERVED
CVE-2018-10848
	RESERVED
CVE-2018-10847
	RESERVED
CVE-2018-10846
	RESERVED
CVE-2018-10845
	RESERVED
CVE-2018-10844
	RESERVED
CVE-2018-10843
	RESERVED
CVE-2018-10842
	RESERVED
CVE-2018-10841
	RESERVED
CVE-2018-10840
	RESERVED
CVE-2018-10839
	RESERVED
CVE-2018-10838
	RESERVED
CVE-2018-10837
	RESERVED
CVE-2018-10836
	RESERVED
CVE-2018-10835
	RESERVED
CVE-2018-10834
	RESERVED
CVE-2018-10833
	RESERVED
CVE-2018-10832 (ModbusPal 1.6b is vulnerable to an XML External Entity (XXE) attack. ...)
	NOT-FOR-US: ModbusPal
CVE-2018-10831 (Z-NOMP before 2018-04-05 has an incorrect Equihash solution verifier ...)
	NOT-FOR-US: Z-NOMP
CVE-2018-10830 (In 2345 Security Guard 3.7, the driver file (2345BdPcSafe.sys, X64 ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10829
	RESERVED
CVE-2018-10828 (An issue was discovered in Alps Pointing-device Driver 10.1.101.207. ...)
	NOT-FOR-US: Alps Pointing-device Driver
CVE-2018-10827 (LiteCart before 2.1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: LiteCart
CVE-2018-10826
	RESERVED
CVE-2018-10825 (Mimo Baby 2 devices do not use authentication or encryption for the ...)
	NOT-FOR-US: Mimo Baby 2
CVE-2018-10824
	RESERVED
CVE-2018-10823
	RESERVED
CVE-2018-10822
	RESERVED
CVE-2018-10821
	RESERVED
CVE-2018-10820
	RESERVED
CVE-2018-10819
	RESERVED
CVE-2018-10818
	RESERVED
CVE-2018-10817 (Severalnines ClusterControl before 1.6.0-4699 allows XSS. ...)
	NOT-FOR-US: Severalnines ClusterControl
CVE-2018-10816
	RESERVED
CVE-2018-10815
	RESERVED
CVE-2018-10814
	RESERVED
CVE-2018-10813
	RESERVED
CVE-2018-10812 (The Bitpie application through 3.2.4 for Android and iOS uses cleartext ...)
	NOT-FOR-US: Bitpie application for Android and iOS
CVE-2018-10811
	RESERVED
CVE-2018-10810 (chat/mobile/index.php in LiveZilla Live Chat 7.0.9.5 and prior is ...)
	NOT-FOR-US: LiveZilla Live Chat
CVE-2018-10809 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10808
	RESERVED
CVE-2018-10807
	RESERVED
CVE-2018-10806 (An issue was discovered in Frog CMS 0.9.5. There is a reflected Cross ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10805 (ImageMagick version 7.0.7-28 contains a memory leak in ReadYCBCRImage ...)
	- imagemagick <unfixed> (unimportant; bug #898218)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1054
CVE-2018-10804 (ImageMagick version 7.0.7-28 contains a memory leak in WriteTIFFImage ...)
	- imagemagick <unfixed> (unimportant; bug #898217)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1053
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/052f6c22d3a2b2aae9dfa24aff9ccdf8b72ace91
CVE-2018-10803 (Cross-site scripting (XSS) vulnerability in the add credentials ...)
	NOT-FOR-US: Zoho ManageEngine NetFlow Analyzer
CVE-2018-1000301 [RTSP bad headers buffer over-read]
	RESERVED
	{DSA-4202-1 DLA-1379-1}
	- curl 7.60.0-1 (bug #898856)
	NOTE: https://curl.haxx.se/docs/adv_2018-b138.html
CVE-2018-1000300 [FTP shutdown response buffer overflow]
	RESERVED
	- curl 7.60.0-1
	[stretch] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	[jessie] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.54.1)
	NOTE: https://curl.haxx.se/docs/adv_2018-82c2.html
CVE-2018-1000177 (A cross-site scripting vulnerability exists in Jenkins S3 Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000176 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000175 (A path traversal vulnerability exists in Jenkins HTML Publisher Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000174 (An open redirect vulnerability exists in Jenkins Google Login Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000173 (A session fixaction vulnerability exists in Jenkins Google Login ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-10802
	RESERVED
CVE-2018-10801 (TIFFClientOpen in tif_unix.c in LibTIFF 3.8.2 has memory leaks, as ...)
	- tiff <unfixed>
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2790
CVE-2018-10800
	RESERVED
CVE-2018-10799 (A hang issue was discovered in Brave before 0.14.0 (on, for example, ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-10798 (A hang issue was discovered in Brave before 0.14.0 (on, for example, ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-10797
	RESERVED
CVE-2018-10796 (In 2345 Security Guard 3.7, the driver file (2345NetFirewall.sys) ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-10795 (** DISPUTED ** Liferay 6.2.x and before has an FCKeditor configuration ...)
	NOT-FOR-US: Liferay
CVE-2017-18265 (Prosody before 0.10.0 allows remote attackers to cause a denial of ...)
	{DSA-4198-1}
	- prosody 0.10.0-1 (bug #875829)
	[jessie] - prosody <not-affected> (Only exploitable with a LuaSocket version not in jessie)
	[wheezy] - prosody <not-affected> (Vulnerable code not present)
	NOTE: https://prosody.im/issues/issue/987
CVE-2018-10794
	RESERVED
CVE-2018-10793
	RESERVED
CVE-2018-10792
	RESERVED
CVE-2018-10791
	RESERVED
CVE-2018-10790
	RESERVED
CVE-2018-10789
	RESERVED
CVE-2018-10788
	RESERVED
CVE-2018-10787
	RESERVED
CVE-2018-10786
	RESERVED
CVE-2018-10785
	RESERVED
CVE-2018-10784
	RESERVED
CVE-2018-10783
	RESERVED
CVE-2018-10782
	RESERVED
CVE-2018-10781
	RESERVED
CVE-2018-10780 (Exiv2::Image::byteSwap2 in image.cpp in Exiv2 0.26 has a heap-based ...)
	- exiv2 <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575201
	TODO: check, there is same function in byteSwap2 in earlier versions than 0.26
CVE-2018-10779 (TIFFWriteScanline in tif_write.c in LibTIFF 3.8.2 has a heap-based ...)
	- tiff <unfixed> (bug #898359)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2788
CVE-2018-10778 (Read access violation in the III_dequantize_sample function in ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10777 (Buffer overflow in the WriteMP3GainAPETag function in apetag.c in ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10776 (The getbits function in mpglibDBL/common.c in mp3gain through 1.5.2-r2 ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life> (Not supported in Wheezy)
CVE-2018-10775 (NULL pointer dereference in the _fields_add function in fields.c in ...)
	- bibutils <unfixed> (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10774 (Read access violation in the isiin_keyword function in isiin.c in ...)
	- bibutils <unfixed> (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10773 (NULL pointer deference in the addsn function in serialno.c in ...)
	- bibutils <unfixed> (unimportant; bug #898135)
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10772 (The tEXtToDataBuf function in pngimage.cpp in Exiv2 through 0.26 allows ...)
	[experimental] - exiv2 <unfixed>
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566260
CVE-2018-10771 (Stack-based buffer overflow in the get_key function in parse.c in ...)
	- abcm2ps <unfixed> (unimportant; bug #898130)
	NOTE: https://github.com/leesavide/abcm2ps/issues/17
	NOTE: https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
	NOTE: Crash in CLI tool (neutralised by toolchain hardening), no security impact
CVE-2018-10770 (download.rsp on ShenZhen Anni &quot;5 in 1 XVR&quot; devices allows remote ...)
	NOT-FOR-US: ShenZhen Anni "5 in 1 XVR" devices
CVE-2018-10769
	RESERVED
CVE-2018-10768 (There is a NULL pointer dereference in the AnnotPath::getCoordsLength ...)
	- poppler 0.38.0-2
	[jessie] - poppler <no-dsa> (Minor issue)
	[wheezy] - poppler <not-affected> (Vulnerable code is not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=106408
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=942adfc25e7a00ac3cf032ced2d8949e99099f70 (poppler-0.37)
CVE-2018-10767 (There is a stack-based buffer over-read in calling GLib in the function ...)
	- libgxps <unfixed> (bug #898133)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	[wheezy] - libgxps <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1575188
	TODO: check (in particular if reported upstream)
CVE-2018-10766
	RESERVED
CVE-2018-10765
	RESERVED
CVE-2018-10764
	RESERVED
CVE-2018-10763
	RESERVED
CVE-2018-10762
	RESERVED
CVE-2018-10761
	RESERVED
CVE-2018-10760 (Unrestricted file upload vulnerability in the Files plugin in ...)
	NOT-FOR-US: Files plugin in ProjectPier
CVE-2018-10759 (PHP remote file inclusion vulnerability in public/patch/patch.php in ...)
	NOT-FOR-US: Project Pier
CVE-2018-XXXX [Checker config files allow arbitrary code execution scenarios]
	- vim-syntastic 3.9.0-1 (bug #894736)
	NOTE: https://github.com/vim-syntastic/syntastic/issues/2170
	NOTE: https://github.com/vim-syntastic/syntastic/commit/6d7c0b394e001233dd09ec473fbea2002c72632f
CVE-2018-10758 (The edit/ URI in Datenstrom Yellow 0.7.3 has CSRF via a delete action ...)
	NOT-FOR-US: Datenstrom Yellow
CVE-2018-10757 (CSP MySQL User Manager 2.3.1 allows SQL injection, and resultant ...)
	NOT-FOR-US: CSP MySQL User Manager
CVE-2018-10756
	RESERVED
CVE-2018-10755
	RESERVED
CVE-2018-10754 (In ncurses before 6.1.20180414, there is a NULL Pointer Dereference in ...)
	- ncurses 6.1+20180210-3 (low)
	[stretch] - ncurses <no-dsa> (Minor issue)
	[jessie] - ncurses <no-dsa> (Minor issue)
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1566575
	NOTE: https://invisible-island.net/ncurses/NEWS.html#t20180414
CVE-2018-10753 (Stack-based buffer overflow in the delayed_output function in music.c ...)
	- abcm2ps <unfixed> (unimportant; bug #897966)
	NOTE: https://github.com/leesavide/abcm2ps/issues/16
	NOTE: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10752 (The Tagregator plugin 0.6 for WordPress has stored XSS via the title ...)
	NOT-FOR-US: Tagregator plugin for WordPress
CVE-2018-10751
	RESERVED
CVE-2018-10750 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
	NOT-FOR-US: D-Link
CVE-2018-10749 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
	NOT-FOR-US: D-Link
CVE-2018-10748 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
	NOT-FOR-US: D-Link
CVE-2018-10747 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
	NOT-FOR-US: D-Link
CVE-2018-10746 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
	NOT-FOR-US: D-Link
CVE-2018-10745
	RESERVED
CVE-2018-10744
	RESERVED
CVE-2018-10743
	RESERVED
CVE-2018-10742
	RESERVED
CVE-2018-10741
	RESERVED
CVE-2018-10740 (Axublog 1.1.0 allows remote Code Execution as demonstrated by injection ...)
	NOT-FOR-US: Axublog
CVE-2018-10739 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10738 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10737 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10736 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10735 (A SQL injection issue was discovered in Nagios XI before 5.4.13 via the ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10734 (KONGTOP DVR devices A303, A403, D303, D305, and D403 contain a ...)
	NOT-FOR-US: KONGTOP DVR devices
CVE-2018-10733 (There is a heap-based buffer over-read in the function ...)
	- libgxps <unfixed> (low; bug #897954)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	[wheezy] - libgxps <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1574844
	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=b458226e162fe1ffe7acb4230c114a52ada5131b
	NOTE: https://git.gnome.org/browse/libgxps/commit/?id=133fe2a96e020d4ca65c6f64fb28a404050ebbfd
CVE-2018-10732
	RESERVED
CVE-2018-10731 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10730 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10729 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10728 (All Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products ...)
	NOT-FOR-US: Phoenix Contact managed FL SWITCH 3xxx, 4xxx, 48xx products
CVE-2018-10727
	RESERVED
CVE-2018-10726 (** DISPUTED ** A stored XSS vulnerability was found in Datenstrom ...)
	NOT-FOR-US: Datenstrom Yellow
CVE-2018-10725
	RESERVED
CVE-2018-10724
	RESERVED
CVE-2018-10723 (Directus 6.4.9 has a hardcoded admin password for the Admin account ...)
	NOT-FOR-US: Directus
CVE-2018-10722 (In Cylance CylancePROTECT before 1470, an unprivileged local user can ...)
	NOT-FOR-US: Cylance CylancePROTECT
CVE-2018-10721
	RESERVED
CVE-2018-10720
	RESERVED
CVE-2018-10719
	RESERVED
CVE-2018-10718 (Stack-based buffer overflow in Activision Infinity Ward Call of Duty ...)
	NOT-FOR-US: Activision
CVE-2018-10717 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 does not ...)
	NOT-FOR-US: ngiflib
CVE-2018-10716 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10715
	RESERVED
CVE-2018-10714
	RESERVED
CVE-2018-10713 (An issue was discovered on D-Link DSL-3782 EU 1.01 devices. An ...)
	NOT-FOR-US: D-Link
CVE-2018-10712
	RESERVED
CVE-2018-10711
	RESERVED
CVE-2018-10710
	RESERVED
CVE-2018-10709
	RESERVED
CVE-2018-10708
	RESERVED
CVE-2018-10707
	RESERVED
CVE-2018-10706 (An integer overflow in the transferMulti function of a smart contract ...)
	NOT-FOR-US: Social Chain
CVE-2018-10705 (The Owned smart contract implementation for Aurora DAO (AURA), an ...)
	NOT-FOR-US: Aurora DAD
CVE-2018-10704
	RESERVED
CVE-2018-10703
	RESERVED
CVE-2018-10702
	RESERVED
CVE-2018-10701
	RESERVED
CVE-2018-10700
	RESERVED
CVE-2018-10699
	RESERVED
CVE-2018-10698
	RESERVED
CVE-2018-10697
	RESERVED
CVE-2018-10696
	RESERVED
CVE-2018-10695
	RESERVED
CVE-2018-10694
	RESERVED
CVE-2018-10693
	RESERVED
CVE-2018-10692
	RESERVED
CVE-2018-10691
	RESERVED
CVE-2018-10690
	RESERVED
CVE-2018-10689 (blktrace (aka Block IO Tracing) 1.2.0, as used with the Linux kernel ...)
	- blktrace <unfixed> (low; bug #897695)
	[stretch] - blktrace <no-dsa> (Minor issue)
	[jessie] - blktrace <no-dsa> (Minor issue)
	[wheezy] - blktrace <no-dsa> (Minor issue)
	NOTE: https://git.kernel.org/pub/scm/linux/kernel/git/axboe/blktrace.git/commit/?id=d61ff409cb4dda31386373d706ea0cfb1aaac5b7
	NOTE: https://www.spinics.net/lists/linux-btrace/msg00847.html
CVE-2018-10688
	RESERVED
CVE-2018-10687
	RESERVED
CVE-2018-10686 (An issue was discovered in Vesta Control Panel 0.9.8-20. There is ...)
	NOT-FOR-US:  Vesta Control Panel
CVE-2018-10685 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
	- lrzip 0.631+git180517-1 (low; bug #897645)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <ignored> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/95
CVE-2018-10684
	RESERVED
CVE-2018-10683 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. In the ...)
	- wildfly <itp> (bug #752018)
CVE-2018-10682 (** DISPUTED ** An issue was discovered in WildFly 10.1.2.Final. It is ...)
	- wildfly <itp> (bug #752018)
CVE-2016-10722 (partclone.fat in Partclone before 0.2.88 is prone to a heap-based ...)
	- partclone 0.2.88-1
	[jessie] - partclone <no-dsa> (Minor issue)
	[wheezy] - partclone <no-dsa> (Minor issue)
	NOTE: https://david.gnedt.at/blog/2016/11/14/advisory-partclone-fat-bitmap-heap-overflow/
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/71
CVE-2016-10721 (partclone.restore in Partclone 0.2.87 is prone to a heap-based buffer ...)
	- partclone 0.2.88-1
	[jessie] - partclone <no-dsa> (Minor issue)
	[wheezy] - partclone <no-dsa> (Minor issue)
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/82
CVE-2018-10681
	RESERVED
CVE-2018-10680 (** DISPUTED ** Z-BlogPHP 1.5.2 has a stored Cross Site Scripting ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-10679
	RESERVED
CVE-2018-10678 (MyBB 1.8.15, when accessed with Microsoft Edge, mishandles ...)
	NOT-FOR-US: MyBB
CVE-2018-10677 (The DecodeGifImg function in ngiflib.c in MiniUPnP ngiflib 0.4 lacks ...)
	NOT-FOR-US: ngiflib
CVE-2018-10676 (CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR ...)
	NOT-FOR-US: CeNova, Night OWL, Novo, Pulnix, QSee, Securus, and TBK Vision DVR devices
CVE-2018-10674
	RESERVED
CVE-2018-10673
	RESERVED
CVE-2018-10672
	RESERVED
CVE-2018-10671
	RESERVED
CVE-2018-10670
	RESERVED
CVE-2018-10669
	RESERVED
CVE-2018-10668
	RESERVED
CVE-2018-10667
	RESERVED
CVE-2018-10666 (The Owned smart contract implementation for Aurora IDEX Membership ...)
	NOT-FOR-US: Aurora IDEX
CVE-2018-10665 (ILIAS 5.3.4 has XSS through unsanitized output of PHP_SELF, related to ...)
	NOT-FOR-US: ILIAS
CVE-2018-10664
	RESERVED
CVE-2018-10663
	RESERVED
CVE-2018-10662
	RESERVED
CVE-2018-10661
	RESERVED
CVE-2018-10660
	RESERVED
CVE-2018-10659
	RESERVED
CVE-2018-10658
	RESERVED
CVE-2018-10675 (The do_get_mempolicy function in mm/mempolicy.c in the Linux kernel ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: https://git.kernel.org/linus/73223e4e2e3867ebf033a5a8eb2e5df0158ccc99 (4.13-rc6)
CVE-2018-10657 (Matrix Synapse before 0.28.1 is prone to a denial of service flaw where ...)
	- matrix-synapse 0.28.1+dfsg-1
	NOTE: https://github.com/matrix-org/synapse/commit/33f469ba19586bbafa0cf2c7d7c35463bdab87eb
	NOTE: https://matrix.org/blog/2018/05/01/security-update-synapse-0-28-1/
CVE-2018-10656
	RESERVED
CVE-2018-10655 (DLPnpAuditor.exe in DeviceLock Plug and Play Auditor (freeware) 5.72 ...)
	NOT-FOR-US: DeviceLock Plug and Play Auditor
CVE-2018-10654
	RESERVED
CVE-2018-10653
	RESERVED
CVE-2018-10652
	RESERVED
CVE-2018-10651
	RESERVED
CVE-2018-10650
	RESERVED
CVE-2018-10649
	RESERVED
CVE-2018-10648
	RESERVED
CVE-2018-10647 (SaferVPN 4.2.5 for Windows suffers from a SYSTEM privilege escalation ...)
	NOT-FOR-US: SaferVPN
CVE-2018-10646 (CyberGhost 6.5.0.3180 for Windows suffers from a SYSTEM privilege ...)
	NOT-FOR-US: CyberGhost
CVE-2018-10645 (Golden Frog VyprVPN 2.12.1.8015 for Windows suffers from a SYSTEM ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2018-10644
	RESERVED
CVE-2018-10643
	RESERVED
CVE-2018-10642 (Command injection vulnerability in Combodo iTop 2.4.1 allows remote ...)
	NOT-FOR-US: Combodo iTop
CVE-2018-10641 (D-Link DIR-601 A1 1.02NA devices do not require the old password for a ...)
	NOT-FOR-US: D-Link
CVE-2018-10640
	RESERVED
CVE-2018-10639
	RESERVED
CVE-2018-10638
	RESERVED
CVE-2018-10637
	RESERVED
CVE-2018-10636
	RESERVED
CVE-2018-10635
	RESERVED
CVE-2018-10634
	RESERVED
CVE-2018-10633
	RESERVED
CVE-2018-10632
	RESERVED
CVE-2018-10631
	RESERVED
CVE-2018-10630
	RESERVED
CVE-2018-10629
	RESERVED
CVE-2018-10628
	RESERVED
CVE-2018-10627
	RESERVED
CVE-2018-10626
	RESERVED
CVE-2018-10625
	RESERVED
CVE-2018-10624
	RESERVED
CVE-2018-10623
	RESERVED
CVE-2018-10622
	RESERVED
CVE-2018-10621
	RESERVED
CVE-2018-10620
	RESERVED
CVE-2018-10619
	RESERVED
CVE-2018-10618
	RESERVED
CVE-2018-10617
	RESERVED
CVE-2018-10616
	RESERVED
CVE-2018-10615
	RESERVED
CVE-2018-10614
	RESERVED
CVE-2018-10613
	RESERVED
CVE-2018-10612
	RESERVED
CVE-2018-10611
	RESERVED
CVE-2018-10610
	RESERVED
CVE-2018-10609
	RESERVED
CVE-2018-10608
	RESERVED
CVE-2018-10607
	RESERVED
CVE-2018-10606
	RESERVED
CVE-2018-10605
	RESERVED
CVE-2018-10604
	RESERVED
CVE-2018-10603
	RESERVED
CVE-2018-10602
	RESERVED
CVE-2018-10601
	RESERVED
CVE-2018-10600
	RESERVED
CVE-2018-10599
	RESERVED
CVE-2018-10598
	RESERVED
CVE-2018-10597
	RESERVED
CVE-2018-10596
	RESERVED
CVE-2018-10595
	RESERVED
CVE-2018-10594
	RESERVED
CVE-2018-10593
	RESERVED
CVE-2018-10592
	RESERVED
CVE-2018-10591 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-10590 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-10589 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-10588
	RESERVED
CVE-2018-10587
	RESERVED
CVE-2018-10586
	RESERVED
CVE-2018-10585
	RESERVED
CVE-2018-10584
	RESERVED
CVE-2018-10583 (An information disclosure vulnerability occurs when LibreOffice 6.0.3 ...)
	- libreoffice <unfixed> (unimportant)
	NOTE: http://secureyourit.co.uk/wp/2018/05/01/creating-malicious-odt-files/
	NOTE: This is the generic behaviour of accessing remote SMB shares and not limited to
	NOTE: Libreoffice. This can e.g. be addressed by rejecting outgoing SMB connections
	NOTE: from the local network
	NOTE: The following commit adds this class of access to the list of trusted locations:
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=0b7f4a4f57117fde33d0b1df96134aa6ccce023e	
CVE-2018-10582
	RESERVED
CVE-2018-10581 (In Octopus Deploy 3.4.x before 2018.4.7, an authenticated user is able ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-10580 (The &quot;Latest Posts on Profile&quot; plugin 1.1 for MyBB has XSS because ...)
	NOT-FOR-US: "Latest Posts on Profile" plugin for MyBB
CVE-2018-10579
	RESERVED
CVE-2018-10578 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
	NOT-FOR-US: WatchGuard AP100, AP102, and AP200 devices
CVE-2018-10577 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
	NOT-FOR-US: WatchGuard AP100, AP102, and AP200 devices
CVE-2018-10576 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
	NOT-FOR-US: WatchGuard devices
CVE-2018-10575 (An issue was discovered on WatchGuard AP100, AP102, and AP200 devices ...)
	NOT-FOR-US: WatchGuard devices
CVE-2018-10574 (site/index.php/admin/trees/add/ in BigTree 4.2.22 and earlier allows ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-1000172 (Imagely NextGEN Gallery version 2.2.30 and earlier contains a Cross ...)
	NOT-FOR-US: Imagely NextGEN Gallery
CVE-2018-10573 (interface/fax/fax_dispatch.php in OpenEMR before 5.0.1 allows remote ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10572 (interface/patient_file/letter.php in OpenEMR before 5.0.1 allows remote ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10571 (Multiple reflected cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: OpenEMR
CVE-2018-10570 (Frog CMS 0.9.5 has XSS in /install/index.php via the ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10569
	RESERVED
CVE-2018-10568 (XSS exists in Flexense DiskSorter Enterprise from v9.5.12 to v10.7. ...)
	NOT-FOR-US: Flexense DiskSorter Enterprise
CVE-2018-10567 (XSS exists in Flexense VX Search Enterprise from v10.1.12 to v10.7. ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2018-10566 (XSS exists in Flexense DupScout Enterprise from v10.0.18 to v10.7. ...)
	NOT-FOR-US: Flexense DupScout Enterprise
CVE-2018-10565 (XSS exists in Flexense DiskSavvy Enterprise from v10.4 to v10.7. ...)
	NOT-FOR-US: Flexense DiskSavvy Enterprise
CVE-2018-10564 (XSS exists in Flexense DiskPulse Enterprise from v10.4 to v10.7. ...)
	NOT-FOR-US: Flexense DiskPulse Enterprise
CVE-2018-10563 (An XSS in Flexense SyncBreeze affects all versions (tested from ...)
	NOT-FOR-US: Flexense SyncBreeze
CVE-2018-10562 (An issue was discovered on Dasan GPON home routers. Command Injection ...)
	NOT-FOR-US: Dasan GPON home routers
CVE-2018-10561 (An issue was discovered on Dasan GPON home routers. It is possible to ...)
	NOT-FOR-US: Dasan GPON home routers
CVE-2018-10560
	RESERVED
CVE-2018-10559
	RESERVED
CVE-2018-10558
	RESERVED
CVE-2018-10557
	RESERVED
CVE-2018-10556
	RESERVED
CVE-2018-10555
	RESERVED
CVE-2018-10554 (An issue was discovered in Nagios XI 5.4.13. There is XSS exploitable ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10553 (An issue was discovered in Nagios XI 5.4.13. A registered user is able ...)
	NOT-FOR-US: Nagios XI
CVE-2018-10552
	RESERVED
CVE-2018-10551
	RESERVED
CVE-2018-10550 (In Octopus Deploy before 2018.4.7, target and tenant tag variable ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-10549 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
	- php7.2 <unfixed>
	- php7.1 <unfixed>
	- php7.0 <unfixed>
	- php5 <removed>
	[wheezy] - php5 <not-affected> (vulnerable code is not present)
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76130
CVE-2018-10548 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
	{DLA-1373-1}
	- php7.2 <unfixed>
	- php7.1 <unfixed>
	- php7.0 <unfixed>
	- php5 <removed>
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76248
CVE-2018-10547 (An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, ...)
	{DLA-1373-1}
	- php7.2 <unfixed>
	- php7.1 <unfixed>
	- php7.0 <unfixed>
	- php5 <removed>
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76129
CVE-2018-10546 (An issue was discovered in PHP before 5.6.36, 7.0.x before 7.0.30, ...)
	- php7.2 <unfixed>
	- php7.1 <unfixed>
	- php7.0 <unfixed>
	- php5 <removed>
	[wheezy] - php5 <not-affected> (does not cause an infinite loop)
	NOTE: Fixed in 5.6.36, 7.0.30, 7.1.17, 7.2.5
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=76249
CVE-2018-10545 (An issue was discovered in PHP before 5.6.35, 7.0.x before 7.0.29, ...)
	{DLA-1373-1}
	- php7.2 7.2.4-1
	- php7.1 7.1.16-1
	- php7.0 7.0.29-1
	- php5 <removed>
	NOTE: Fixed in 5.6.35, 7.0.29, 7.1.16, 7.2.4
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75605
CVE-2018-10544 (Meross MSS110 devices through 1.1.24 contain an unauthenticated ...)
	NOT-FOR-US: Meross MSS110
CVE-2018-10543
	RESERVED
CVE-2018-10542
	RESERVED
CVE-2018-10541
	RESERVED
CVE-2018-10540 (An issue was discovered in WavPack 5.1.0 and earlier for W64 input. ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10539 (An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10538 (An issue was discovered in WavPack 5.1.0 and earlier for WAV input. ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/6f8bb34c2993a48ab9afbe353e6d0cff7c8d821d
	NOTE: https://github.com/dbry/WavPack/issues/33
CVE-2018-10537 (An issue was discovered in WavPack 5.1.0 and earlier. The W64 parser ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
	NOTE: https://github.com/dbry/WavPack/issues/30
	NOTE: https://github.com/dbry/WavPack/issues/31
	NOTE: https://github.com/dbry/WavPack/issues/32
CVE-2018-10536 (An issue was discovered in WavPack 5.1.0 and earlier. The WAV parser ...)
	{DSA-4197-1}
	- wavpack 5.1.0-3 (bug #897271)
	[jessie] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present, introduced in 5.0.0)
	NOTE: https://github.com/dbry/WavPack/commit/26cb47f99d481ad9b93eeff80d26e6b63bbd7e15
	NOTE: https://github.com/dbry/WavPack/issues/30
	NOTE: https://github.com/dbry/WavPack/issues/31
	NOTE: https://github.com/dbry/WavPack/issues/32
CVE-2018-10535 (The ignore_section_sym function in elf.c in the Binary File Descriptor ...)
	- binutils <unfixed>
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23113
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db0c309f4011ca94a4abc8458e27f3734dab92ac
CVE-2018-10534 (The _bfd_XX_bfd_copy_private_bfd_data_common function in peXXigen.c in ...)
	- binutils <unfixed>
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23110
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=aa4a8c2a2a67545e90c877162c53cc9de42dc8b4
CVE-2018-10533
	RESERVED
CVE-2018-10532
	RESERVED
CVE-2018-10531
	RESERVED
CVE-2018-10530
	RESERVED
CVE-2018-10529 (An issue was discovered in LibRaw 0.18.9. There is an out-of-bounds ...)
	- libraw <unfixed> (low; bug #897186)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/f0c505a3e5d47989a5f69be2d0d4f250af6b1a6c
	NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10528 (An issue was discovered in LibRaw 0.18.9. There is a stack-based buffer ...)
	- libraw <unfixed> (low; bug #897185)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/895529fc2f2eb8bc633edd6b04b5b237eb4db564
	NOTE: https://github.com/LibRaw/LibRaw/issues/144
CVE-2018-10527 (EasyCMS 1.3 is prone to Stored XSS when posting an article; four fields ...)
	NOT-FOR-US: EasyCMS
CVE-2018-10526
	RESERVED
CVE-2018-10525
	RESERVED
CVE-2017-18264 (An issue was discovered in libraries/common.inc.php in phpMyAdmin 4.0 ...)
	- phpmyadmin 4:4.6.6-2
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-8/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/7232271a379396ca1d4b083af051262057003c41 (4.7-branch)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/b6ca92cc75c8a16001425be7881e73430bcc35b8 (4.0-branch)
	NOTE: If the issue is triggerable depends as well on the used PHP version.
CVE-2017-18263 (Seagate Media Server in Seagate Personal Cloud before 4.3.18.4 has ...)
	NOT-FOR-US: Seagate
CVE-2018-10524
	RESERVED
CVE-2018-10523 (CMS Made Simple (CMSMS) through 2.2.7 contains a physical path leakage ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10522 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;file view&quot; operation in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10521 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;file move&quot; operation in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10520 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;module remove&quot; operation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10519 (CMS Made Simple (CMSMS) 2.2.7 contains a privilege escalation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10518 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;file delete&quot; operation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10517 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;module import&quot; operation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10516 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;file rename&quot; operation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10515 (In CMS Made Simple (CMSMS) through 2.2.7, the &quot;file unpack&quot; operation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10514
	RESERVED
CVE-2018-10513
	RESERVED
CVE-2018-10512
	RESERVED
CVE-2018-10511
	RESERVED
CVE-2018-10510
	RESERVED
CVE-2018-10509
	RESERVED
CVE-2018-10508
	RESERVED
CVE-2018-10507
	RESERVED
CVE-2018-10506
	RESERVED
CVE-2018-10505
	RESERVED
CVE-2018-10504 (The WebDorado &quot;Form Maker by WD&quot; plugin before 1.12.24 for WordPress ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-10503 (An issue was discovered in index.php in baijiacms V4 v4_1_4_20170105. ...)
	NOT-FOR-US: baijiacms
CVE-2018-10502
	RESERVED
CVE-2018-10501
	RESERVED
CVE-2018-10500
	RESERVED
CVE-2018-10499
	RESERVED
CVE-2018-10498
	RESERVED
CVE-2018-10497
	RESERVED
CVE-2018-10496
	RESERVED
CVE-2018-10495 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10494 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10493 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10492 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10491 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10490 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10489 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10488 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10487 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10486 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10485 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10484 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10483 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10482 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10481 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10480 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10479 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10478 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10477 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10476 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10475 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10474 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10473 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10470
	RESERVED
CVE-2018-10469 (b3log Symphony (aka Sym) 2.6.0 allows remote attackers to upload and ...)
	NOT-FOR-US: b3log Symphony (aka Sym)
CVE-2018-10468 (The transferFrom function of a smart contract implementation for ...)
	NOT-FOR-US: Ethereum
CVE-2018-10467
	RESERVED
CVE-2018-10466
	RESERVED
CVE-2018-10465
	RESERVED
CVE-2018-10464
	RESERVED
CVE-2018-10463
	RESERVED
CVE-2018-10462
	RESERVED
CVE-2018-10461
	RESERVED
CVE-2018-10460
	RESERVED
CVE-2018-10459
	RESERVED
CVE-2018-10458
	RESERVED
CVE-2018-10457
	RESERVED
CVE-2018-10456
	RESERVED
CVE-2018-10455
	RESERVED
CVE-2018-10454
	RESERVED
CVE-2018-10453
	RESERVED
CVE-2018-10452
	RESERVED
CVE-2018-10451
	RESERVED
CVE-2018-10450
	RESERVED
CVE-2018-10449
	RESERVED
CVE-2018-10448
	RESERVED
CVE-2018-10447
	RESERVED
CVE-2018-10446
	RESERVED
CVE-2018-10445
	RESERVED
CVE-2018-10444
	RESERVED
CVE-2018-10443
	RESERVED
CVE-2018-10442
	RESERVED
CVE-2018-10441
	RESERVED
CVE-2018-10440
	RESERVED
CVE-2018-10439
	RESERVED
CVE-2018-10438
	RESERVED
CVE-2018-10437
	RESERVED
CVE-2018-10436
	RESERVED
CVE-2018-10435
	RESERVED
CVE-2018-10434
	RESERVED
CVE-2018-10433
	RESERVED
CVE-2017-18262 (Blackboard Learn (Since at least 17th of October 2017) has allowed ...)
	NOT-FOR-US: Blackboard Learn
CVE-2018-10471 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
	{DSA-4201-1}
	- xen <unfixed>
	[wheezy] - xen <not-affected> (Regression for XSA-254 which was not applied in wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-259.html
CVE-2018-10472 (An issue was discovered in Xen through 4.10.x allowing x86 HVM guest OS ...)
	{DSA-4201-1}
	- xen <unfixed>
	[wheezy] - xen <not-affected> (No QMP support in wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-258.html
CVE-2018-10432
	RESERVED
CVE-2018-10431 (D-Link DIR-615 2.5.17 devices allow Remote Code Execution via shell ...)
	NOT-FOR-US: D-Link
CVE-2018-10430 (An issue was discovered in DiliCMS (aka DiligentCMS) 2.4.0. There is a ...)
	NOT-FOR-US: DiliCMS
CVE-2018-10429 (Cosmo 1.0.0Beta6 allows attackers to execute arbitrary PHP code via the ...)
	NOT-FOR-US: Cosmo
CVE-2018-10428
	RESERVED
CVE-2018-10427
	RESERVED
CVE-2018-10426
	RESERVED
CVE-2018-10425 (An issue was discovered in Shanghai 2345 Security Guard 3.7.0. ...)
	NOT-FOR-US: Shanghai 2345 Security Guard
CVE-2018-10424 (mc-admin/post-edit.php in MiniCMS 1.10 allows full path disclosure via ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10423 (mc-admin/post.php in MiniCMS 1.10 allows remote attackers to obtain a ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10422 (An issue was discovered in HongCMS 3.0.0. The post news feature has ...)
	NOT-FOR-US: HongCMS
CVE-2018-10421
	RESERVED
CVE-2018-10420
	RESERVED
CVE-2018-10419
	RESERVED
CVE-2018-10418
	RESERVED
CVE-2018-10417
	RESERVED
CVE-2018-10416
	RESERVED
CVE-2018-10415
	RESERVED
CVE-2018-10414
	RESERVED
CVE-2018-10413
	RESERVED
CVE-2018-10412
	RESERVED
CVE-2018-10411
	RESERVED
CVE-2018-10410
	RESERVED
CVE-2018-10409
	RESERVED
CVE-2018-10408
	RESERVED
CVE-2018-10407
	RESERVED
CVE-2018-10406
	RESERVED
CVE-2018-10405
	RESERVED
CVE-2018-10404
	RESERVED
CVE-2018-10403
	RESERVED
CVE-2018-10402
	RESERVED
CVE-2018-10401
	RESERVED
CVE-2018-10400
	RESERVED
CVE-2018-10399
	RESERVED
CVE-2018-10398
	RESERVED
CVE-2018-10397
	RESERVED
CVE-2018-10396
	RESERVED
CVE-2018-10395
	RESERVED
CVE-2018-10394
	RESERVED
CVE-2018-10393 (bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a ...)
	- libvorbis <unfixed> (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[jessie] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <ignored> (Minor issue)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2334
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
	NOTE: Same patch as for CVE-2017-14160
CVE-2018-10392 (mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not ...)
	- libvorbis <unfixed> (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[jessie] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <ignored> (Minor issue)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2335
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
	NOTE: Same patch as for CVE-2017-14160
CVE-2018-10391 (An issue was discovered in WUZHI CMS 4.1.0. There is XSS via the email ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10390
	RESERVED
CVE-2018-10389
	RESERVED
CVE-2018-10388
	RESERVED
CVE-2018-10387
	RESERVED
CVE-2018-10386
	RESERVED
CVE-2018-10385
	RESERVED
CVE-2018-10384
	RESERVED
CVE-2018-10383
	RESERVED
CVE-2018-10382
	RESERVED
CVE-2018-10381 (TunnelBear 3.2.0.6 for Windows suffers from a SYSTEM privilege ...)
	NOT-FOR-US: TunnelBear for Windows
CVE-2018-10380 (kwallet-pam in KDE KWallet before 5.12.6 allows local users to obtain ...)
	{DSA-4200-1}
	- kwallet-pam 5.12.1-2
	NOTE: https://www.kde.org/info/security/advisory-20180503-1.txt
	NOTE: https://commits.kde.org/kwallet-pam/2134dec85ce19d6378d03cddfae9e5e464cb24c0 (Plasma 5.12)
	NOTE: https://commits.kde.org/kwallet-pam/01d4143fda5bddb6dca37b23304dc239a5fb38b5 (Plasma 5.12)
	NOTE: https://commits.kde.org/kwallet-pam/99abc7fde21f40cc6da5feb6ee766cc46fcca1f8 (Plasma 5.8)
	NOTE: https://commits.kde.org/kwallet-pam/802f305d81f8771c4f4a8bd7fd0e368ffc6f9b3b (Plasma 5.8)
CVE-2018-10379 [Persistent XSS in 'Move Issue' using project namespace]
	RESERVED
	- gitlab 10.6.5+dfsg-1
	NOTE: https://about.gitlab.com/2018/04/30/security-release-gitlab-10-dot-7-dot-2-released/
CVE-2018-10378
	RESERVED
CVE-2018-10377
	RESERVED
CVE-2018-10376 (An integer overflow in the transferProxy function of a smart contract ...)
	NOT-FOR-US: SmartMesh token
CVE-2018-10375 (A file uploading vulnerability exists in ...)
	NOT-FOR-US: DedeCMS
CVE-2018-10374 (EasyCMS 1.3 has XSS via the s POST parameter (aka a search box value) ...)
	NOT-FOR-US: EasyCMS
CVE-2018-10373 (concat_filename in dwarf2.c in the Binary File Descriptor (BFD) library ...)
	- binutils <unfixed>
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23065
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6327533b1fd29fa86f6bf34e61c332c010e3c689
CVE-2018-10372 (process_cu_tu_index in dwarf.c in GNU Binutils 2.30 allows remote ...)
	- binutils <unfixed>
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23064
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6aea08d9f3e3d6475a65454da488a0c51f5dc97d
CVE-2018-10371 (An issue was discovered in the wunderfarm WF Cookie Consent plugin ...)
	NOT-FOR-US: wunderfarm WF Cookie Consent plugin for WordPress
CVE-2018-1000178 (A heap corruption of type CWE-120 exists in quassel version 0.12.4 in ...)
	{DSA-4189-1 DLA-1370-1}
	- quassel 1:0.12.5-1 (bug #896914)
	NOTE: https://github.com/quassel/quassel/commit/2b777e99fc9f74d4ed21491710260664a1721d1f (master)
	NOTE: https://github.com/quassel/quassel/commit/18389a713a6810f57ab237b945e8ee03df857b8b (0.12)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-1000179 (A NULL Pointer Dereference of CWE-476 exists in quassel version 0.12.4 ...)
	{DSA-4189-1}
	- quassel 1:0.12.5-1 (bug #896915)
	[wheezy] - quassel <no-dsa> (Minor issue)
	NOTE: https://github.com/quassel/quassel/commit/e17fca767d60c06ca02bc5898ced04f06d3670bd (master)
	NOTE: https://github.com/quassel/quassel/commit/08bace4e9ecf08273f094c0c6aa8b3363d38ac3e (0.12)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/27/1
CVE-2018-10370
	RESERVED
CVE-2018-10369
	RESERVED
CVE-2018-10368 (An issue was discovered in WUZHI CMS 4.1.0. The &quot;Extension Module -&gt; ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10367 (An issue was discovered in WUZHI CMS 4.1.0. The content-management ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10366 (An issue was discovered in the Users (aka Front-end user management) ...)
	NOT-FOR-US: Users (aka Front-end user management) plugin for October CMS
CVE-2018-10365 (An XSS issue was discovered in the Threads to Link plugin 1.3 for ...)
	NOT-FOR-US: Threads to Link plugin for MyBB
CVE-2018-10364 (BigTree before 4.2.22 has XSS in the Users management page via the name ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-10363
	RESERVED
CVE-2018-10360
	RESERVED
CVE-2018-10359
	RESERVED
CVE-2018-10358
	RESERVED
CVE-2018-10357
	RESERVED
CVE-2018-10356
	RESERVED
CVE-2018-10355
	RESERVED
CVE-2018-10354
	RESERVED
CVE-2018-10353
	RESERVED
CVE-2018-10352
	RESERVED
CVE-2018-10351
	RESERVED
CVE-2018-10350
	RESERVED
CVE-2018-10349
	RESERVED
CVE-2018-10348
	RESERVED
CVE-2018-10347
	RESERVED
CVE-2018-10346
	RESERVED
CVE-2018-10345
	RESERVED
CVE-2018-10344
	RESERVED
CVE-2018-10343
	RESERVED
CVE-2018-10342
	RESERVED
CVE-2018-10341
	RESERVED
CVE-2018-10340
	RESERVED
CVE-2018-10339
	RESERVED
CVE-2018-10338
	RESERVED
CVE-2018-10337
	RESERVED
CVE-2018-10336
	RESERVED
CVE-2018-10335
	RESERVED
CVE-2018-10334
	RESERVED
CVE-2018-10333
	RESERVED
CVE-2018-10332
	RESERVED
CVE-2018-10331
	RESERVED
CVE-2018-10330
	RESERVED
CVE-2018-10361 (An issue was discovered in KTextEditor 5.34.0 through 5.45.0. Insecure ...)
	- ktexteditor <unfixed> (bug #896836)
	[stretch] - ktexteditor <not-affected> (Introduced in 5.34.0)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/24/1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033055
CVE-2018-10329 (app/tools/mac-lookup/index.php in phpIPAM 1.3.1 has Reflected XSS on ...)
	- phpipam <itp> (bug #731713)
	NOTE: https://github.com/phpipam/phpipam/issues/1903
CVE-2018-10328 (Momentum Axel 720P 5.1.8 devices have a hardcoded password of streaming ...)
	NOT-FOR-US: Momentum Axel 720P 5.1.8 devices
CVE-2018-10327 (PrinterOn Enterprise 4.1.3 stores the Active Directory bind ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-10326 (PrinterOn Enterprise 4.1.3 suffers from multiple authenticated stored ...)
	NOT-FOR-US: PrinterOn Enterprise
CVE-2018-10325
	RESERVED
CVE-2018-10324
	RESERVED
CVE-2018-10323 (The xfs_bmap_extents_to_btree function in fs/xfs/libxfs/xfs_bmap.c in ...)
	{DSA-4188-1}
	- linux 4.16.5-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199423
CVE-2018-10322 (The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the ...)
	- linux 4.16.5-1
	[wheezy] - linux <ignored> (dinode verifier not implemented)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199377
CVE-2018-10321 (Frog CMS 0.9.5 has a stored Cross Site Scripting Vulnerability via ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10320 (Frog CMS 0.9.5 has XSS via the admin/?/layout/edit layout[name] ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10319 (Frog CMS 0.9.5 has XSS via the admin/?/snippet/edit snippet[name] ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10318 (Frog CMS 0.9.5 has XSS via the admin/?/page/edit page[keywords] ...)
	NOT-FOR-US: Frog CMS
CVE-2018-10317
	RESERVED
CVE-2018-10316 (Netwide Assembler (NASM) 2.14rc0 has an endless while loop in the ...)
	- nasm <unfixed> (unimportant)
	NOTE: No security impact
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392474
CVE-2018-10315
	RESERVED
CVE-2018-10314 (Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 ...)
	NOT-FOR-US: Open-AudIT Community
CVE-2018-10313 (WUZHI CMS 4.1.0 allows persistent XSS via the form%5Bqq_10%5D parameter ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10312 (index.php?m=member&amp;v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10311 (A vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10310 (A persistent cross-site scripting vulnerability has been identified in ...)
	NOT-FOR-US: web interface of the Catapult UK Cookie Consent plugin for WordPress
CVE-2018-10309 (The Responsive Cookie Consent plugin before 1.8 for WordPress ...)
	NOT-FOR-US: Responsive Cookie Consent plugin for WordPress
CVE-2018-10308
	RESERVED
CVE-2018-10307 (error.php in ILIAS 5.2.x through 5.3.x before 5.3.4 allows XSS via the ...)
	NOT-FOR-US: ILIAS
CVE-2018-10306 (Services/Form/classes/class.ilDateDurationInputGUI.php and ...)
	NOT-FOR-US: ILIAS
CVE-2018-10305 (The MessageSearch2 function in PersonalMessage.php in Simple Machines ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2018-10304
	RESERVED
CVE-2018-10303 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10302 (A use-after-free in Foxit Reader before 9.1 and PhantomPDF before 9.1 ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-10362 (An issue was discovered in phpLiteAdmin 1.9.5 through 1.9.7.1. Due to ...)
	- phpliteadmin <unfixed> (bug #896682)
	NOTE: https://github.com/phpLiteAdmin/pla/issues/11
	NOTE: Fixed by: https://github.com/phpLiteAdmin/pla/commit/41545fe058e674a983f557bff13787df53167274
CVE-2018-10301 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram ...)
	NOT-FOR-US: Web-Dorado Instagram Feed WD plugin Premium for WordPress
CVE-2018-10300 (Cross-site scripting (XSS) vulnerability in the Web-Dorado Instagram ...)
	NOT-FOR-US: Web-Dorado Instagram Feed WD plugin for WordPress
CVE-2018-10299 (An integer overflow in the batchTransfer function of a smart contract ...)
	NOT-FOR-US: Beauty Chain
CVE-2018-10298 (Discuz! DiscuzX through X3.4 has reflected XSS via ...)
	NOT-FOR-US: DiscuzX
CVE-2018-10297 (Discuz! DiscuzX through X3.4 has stored XSS via the ...)
	NOT-FOR-US: DiscuzX
CVE-2018-10296 (MiniCMS V1.10 has XSS via the mc-admin/post-edit.php title parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10295 (ChemCMS v1.0.6 has CSRF by using public/admin/user/addpost.html to add ...)
	NOT-FOR-US: ChemCMS
CVE-2018-10294 (Flexense DiskBoss Enterprise v7.4.28 to v9.1.16 has XSS. ...)
	NOT-FOR-US: Flexense DiskBoss Enterprise
CVE-2018-10293
	RESERVED
CVE-2018-10292
	RESERVED
CVE-2018-10291
	RESERVED
CVE-2018-10290
	RESERVED
CVE-2018-10289 (In MuPDF 1.13.0, there is an infinite loop in the fz_skip_space ...)
	- mupdf <unfixed> (unimportant; bug #896545)
	[jessie] - mupdf <not-affected> (Vulnerable code introduced later)
	[wheezy] - mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699271
	NOTE: Introduced in http://git.ghostscript.com/?p=mupdf.git;a=commit;h=1acaaf2b40614401378aa697de47093be9f390fe (1.8)
CVE-2018-10288
	RESERVED
CVE-2018-10287
	RESERVED
CVE-2018-10286 (The Ericsson-LG iPECS NMS A.1Ac web application discloses sensitive ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10285 (The Ericsson-LG iPECS NMS A.1Ac web application uses incorrect access ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac web application
CVE-2018-10284 (Adaltech G-Ticket v70 EME104 has SQL Injection via the ...)
	NOT-FOR-US: Adaltech G-Ticket v70 EME104
CVE-2018-10283 (CliqueMania loja virtual 14 has SQL Injection via the patch/remote.php ...)
	NOT-FOR-US: CliqueMania loja virtual
CVE-2018-10282
	RESERVED
CVE-2018-10281
	RESERVED
CVE-2018-10280
	RESERVED
CVE-2018-10279
	RESERVED
CVE-2018-10278
	RESERVED
CVE-2018-10277
	RESERVED
CVE-2018-10276
	RESERVED
CVE-2018-10275
	RESERVED
CVE-2018-10274
	RESERVED
CVE-2018-10273
	RESERVED
CVE-2018-10272
	RESERVED
CVE-2018-10271
	RESERVED
CVE-2018-10270
	RESERVED
CVE-2018-10269
	RESERVED
CVE-2018-10268 (An issue was discovered in FastAdmin V1.0.0.20180417_beta. There is XSS ...)
	NOT-FOR-US: FastAdmin
CVE-2018-10267 (WTCMS 1.0 has a CSRF vulnerability to add an administrator account via ...)
	NOT-FOR-US: WTCMS
CVE-2018-10266 (BEESCMS 4.0 has a CSRF vulnerability to add an administrator account ...)
	NOT-FOR-US: BEESCMS
CVE-2018-10265 (An issue was discovered in HongCMS v3.0.0. There is a CSRF ...)
	NOT-FOR-US: HongCMS
CVE-2018-10264
	RESERVED
CVE-2018-10263
	RESERVED
CVE-2018-10262
	RESERVED
CVE-2018-10261
	RESERVED
CVE-2018-10260 (A Local File Inclusion vulnerability was found in HRSALE The Ultimate ...)
	NOT-FOR-US: HRSALE
CVE-2018-10259 (An Authenticated Stored XSS vulnerability was found in HRSALE The ...)
	NOT-FOR-US: HRSALE
CVE-2018-10258 (A CSV Injection vulnerability was discovered in Shopy Point of Sale ...)
	NOT-FOR-US: Shopy
CVE-2018-10257 (A CSV Injection vulnerability was discovered in HRSALE The Ultimate ...)
	NOT-FOR-US: HRSALE
CVE-2018-10256 (A SQL Injection vulnerability was discovered in HRSALE The Ultimate ...)
	NOT-FOR-US: HRSALE
CVE-2018-10255 (A CSV Injection vulnerability was discovered in clustercoding Blog ...)
	NOT-FOR-US: clustercoding
CVE-2018-10254 (Netwide Assembler (NASM) 2.13 has a stack-based buffer over-read in the ...)
	- nasm <unfixed> (bug #896523)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/nasm/bugs/561/
CVE-2018-10253 (Paessler PRTG Network Monitor before 18.1.39.1648 mishandles stack ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2018-10252 (An issue was discovered on Actiontec WCB6200Q before 1.1.10.20a ...)
	NOT-FOR-US: Actiontec WCB6200Q
CVE-2018-10251 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...)
	NOT-FOR-US: Sierra Wireless AirLink routers
CVE-2018-10250 (iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a ...)
	NOT-FOR-US: iCMS
CVE-2018-10249 (baijiacms V3 has CSRF via ...)
	NOT-FOR-US: baijiacms
CVE-2018-10248 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10247
	RESERVED
CVE-2018-10246
	RESERVED
CVE-2018-10245 (A Full Path Disclosure vulnerability in AWStats through 7.6 allows ...)
	- awstats <unfixed> (unimportant)
	NOTE: Path disclosure for awstats negligible within Debian
CVE-2018-10244
	RESERVED
CVE-2018-10243
	RESERVED
CVE-2018-10242
	RESERVED
CVE-2014-10073 (The create_response function in server/server.c in Psensor before 1.1.4 ...)
	{DLA-1361-1}
	- psensor 1.1.5-1 (low; bug #896195)
	[jessie] - psensor <no-dsa> (Minor issue)
	NOTE: http://git.wpitchoune.net/gitweb/?p=psensor.git;a=commitdiff;h=8b10426dcc0246c1712a99460dd470dcb1cc4d9c
CVE-2018-10241 (A denial of service vulnerability in SolarWinds Serv-U before 15.1.6 ...)
	NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10240 (SolarWinds Serv-U MFT before 15.1.6 HFv1 assigns authenticated users a ...)
	NOT-FOR-US: SolarWinds Serv-U
CVE-2018-10239
	RESERVED
CVE-2018-10238 (bvlc.c in skarg BACnet Protocol Stack 0.8.5 has a buffer overflow in ...)
	NOT-FOR-US: skarg BACnet Protocol Stack
CVE-2018-10237 (Unbounded memory allocation in Google Guava 11.0 through 24.x before ...)
	NOT-FOR-US: Google Guava
CVE-2018-10236 (POSCMS 3.2.18 allows remote attackers to execute arbitrary PHP code via ...)
	NOT-FOR-US: POSCMS
CVE-2018-10235 (POSCMS 3.2.10 allows remote attackers to execute arbitrary PHP code via ...)
	NOT-FOR-US: POSCMS
CVE-2018-10234 (Authenticated Cross site Scripting exists in the User Profile &amp; ...)
	NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10233 (The User Profile &amp; Membership plugin before 2.0.7 for WordPress has no ...)
	NOT-FOR-US: User Profile & Membership plugin for WordPress
CVE-2018-10232
	RESERVED
CVE-2018-10231
	RESERVED
CVE-2018-10230 (Zend Debugger in Zend Server before 9.1.3 has XSS, aka ZSR-2455. ...)
	NOT-FOR-US: Zend Server
CVE-2018-10229 (A hardware vulnerability in GPU memory modules allows attackers to ...)
	TODO: check
CVE-2018-10228
	RESERVED
CVE-2018-10227 (MiniCMS v1.10 has XSS via the mc-admin/conf.php site_link parameter. ...)
	NOT-FOR-US: MiniCMS
CVE-2018-10226
	RESERVED
CVE-2018-10225 (thinkphp 3.1.3 has SQL Injection via the index.php s parameter. ...)
	NOT-FOR-US: thinkphp
CVE-2018-10224 (An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability ...)
	NOT-FOR-US: YzmCMS
CVE-2018-10223 (An issue was discovered in YzmCMS 3.8. There is a CSRF vulnerability ...)
	NOT-FOR-US: YzmCMS
CVE-2018-10222 (An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-10221 (An issue was discovered in WUZHI CMS V4.1.0. There is a persistent XSS ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-10220 (** DISPUTED ** Glastopf 3.1.3-dev has SSRF, as demonstrated by the ...)
	NOT-FOR-US: Glastopf
CVE-2018-10219 (baijiacms V3 has physical path leakage via an ...)
	NOT-FOR-US: baijiacms
CVE-2018-10218
	RESERVED
CVE-2018-10217
	RESERVED
CVE-2018-10216
	RESERVED
CVE-2018-10215
	RESERVED
CVE-2018-10214
	RESERVED
CVE-2018-10213 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10212 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10211 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10210 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10209 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10208 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10207 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10206 (An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. ...)
	NOT-FOR-US: Vaultize Enterprise File Sharing
CVE-2018-10205 (hyperstart 1.0.0 in HyperHQ Hyper has memory leaks in the ...)
	NOT-FOR-US: HyperHQ Hyper
CVE-2018-10204 (PureVPN 6.0.1 for Windows suffers from a SYSTEM privilege escalation ...)
	NOT-FOR-US: PureVPN
CVE-2018-10203
	RESERVED
CVE-2018-10202
	RESERVED
CVE-2018-10201 (An issue was discovered in NcMonitorServer.exe in NC Monitor Server in ...)
	NOT-FOR-US: NC Monitor Server
CVE-2017-18261 (The arch_timer_reg_read_stable macro in ...)
	- linux 4.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/adb4f11e0a8f4e29900adb2b7af28b6bbd5c1fa4 (4.13-rc6)
CVE-2018-10200
	RESERVED
CVE-2018-10198
	RESERVED
CVE-2018-10197
	RESERVED
CVE-2018-10196 [null derefence in rebuild_vlist]
	RESERVED
	- graphviz <unfixed> (low; bug #898841)
	[stretch] - graphviz <no-dsa> (Minor issue)
	[jessie] - graphviz <no-dsa> (Minor issue)
	[wheezy] - graphviz <no-dsa> (Minor issue)
	NOTE: https://gitlab.com/graphviz/graphviz/issues/1367
	NOTE: https://issuetracker.google.com/issues/77810342
CVE-2018-10195 [rzsz: sz can leak data to receiving side]
	RESERVED
	- lrzsz 0.12.21-10 (low; bug #897010)
	[stretch] - lrzsz <no-dsa> (Minor issue)
	[jessie] - lrzsz <no-dsa> (Minor issue)
	[wheezy] - lrzsz <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1090051
	NOTE: Fedora patch: https://src.fedoraproject.org/cgit/rpms/lrzsz.git/tree/lrzsz-0.12.20.patch
CVE-2018-10194 (The set_text_distance function in devices/vector/gdevpdts.c in the ...)
	{DLA-1363-1}
	- ghostscript 9.22~dfsg-2.1 (bug #896069)
	[stretch] - ghostscript <no-dsa> (Minor issue)
	[jessie] - ghostscript <no-dsa> (Minor issue)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=39b1e54b2968620723bf32e96764c88797714879
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=699255 (not yet public)
CVE-2018-1000200 [mm, oom: fix concurrent munlock and oom reaper unmap]
	RESERVED
	- linux <unfixed>
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/27ae357fa82be5ab73b2ef8d39dcb8ca2563483a
CVE-2018-1000167 (OISF suricata-update version 1.0.0a1 contains an Insecure ...)
	NOT-FOR-US: suricata-update (different from suricata)
CVE-2018-1000166
	REJECTED
CVE-2018-1000165 (LightSAML version prior to 1.3.5 contains a Incorrect Access Control ...)
	NOT-FOR-US: LightSAML
CVE-2018-1000163 (Floodlight version 1.2 and earlier contains a Cross Site Scripting ...)
	NOT-FOR-US: Floodlight
CVE-2018-1000162 (Parsedown version prior to 1.7.0 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Parsedown
CVE-2018-1000160 (RisingStack protect version 1.2.0 and earlier contains a Cross Site ...)
	NOT-FOR-US: RisingStack
CVE-2018-1000158 (cmsmadesimple version 2.2.7 contains a Incorrect Access Control ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10199 (In versions of mruby up to and including 1.4.0, a use-after-free ...)
	- mruby 1.4.0+20180418+git54905e98-1 (bug #896021)
	[stretch] - mruby <not-affected> (Vulnerable code introduced later)
	[jessie] - mruby <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mruby/mruby/issues/4001
	NOTE: https://github.com/mruby/mruby/commit/b51b21fc63c9805862322551387d9036f2b63433
CVE-2018-10193 (LogMeIn LastPass through 4.9.1 allows remote attackers to cause a ...)
	NOT-FOR-US: LogMeIn LastPass
CVE-2018-10192 (IPVanish 3.0.11 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: IPVanish for macOS
CVE-2018-10191 (In versions of mruby up to and including 1.4.0, an integer overflow ...)
	- mruby 1.4.0+20180418+git54905e98-1 (bug #896020)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/3995
	NOTE: https://github.com/mruby/mruby/commit/1905091634a6a2925c911484434448e568330626
CVE-2018-10190 (A vulnerability in London Trust Media Private Internet Access (PIA) VPN ...)
	NOT-FOR-US: London Trust Media Private Internet Access (PIA) VPN Client for Windows
CVE-2018-10189 (An issue was discovered in Mautic 1.x and 2.x before 2.13.0. It is ...)
	NOT-FOR-US: Mautic
CVE-2018-10188 (phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to ...)
	- phpmyadmin <unfixed> (bug #896490)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c6dd6b56e236a3aff953cee4135ecaa67130e641
CVE-2018-10187 (In radare2 2.5.0, there is a heap-based buffer over-read in the ...)
	- radare2 <unfixed> (low; bug #897305)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/9913
	NOTE: https://github.com/radare/radare2/commit/cdb278059b7b0aaaaa2315b82d0fa6ad50433db0
CVE-2018-10186 (In radare2 2.5.0, there is a heap-based buffer over-read in the ...)
	- radare2 <unfixed> (low; bug #897305)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/9915
	NOTE: https://github.com/radare/radare2/commit/86ccbf47c5146d29b9a8e9c363aa800e9e217077
	NOTE: Before applying the fix for CVE-2018-8808 the issue is covered/differently visible
CVE-2018-10185 (An issue was discovered in TuziCMS v2.0.6. There is a CSRF ...)
	NOT-FOR-US: TuziCMS
CVE-2018-10184 (An issue was discovered in HAProxy before 1.8.8. The incoming H2 frame ...)
	- haproxy 1.8.8-1
	[stretch] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	[jessie] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	[wheezy] - haproxy <not-affected> (Vulnerable code introduced later with HTTP/2 support)
	NOTE: http://git.haproxy.org/?p=haproxy.git;a=commit;h=3f0e1ec70173593f4c2b3681b26c04a4ed5fc588
	NOTE: http://git.haproxy.org/?p=haproxy-1.8.git;a=commit;h=cd117685f0cff4f2f5577ef6a21eaae96ebd9f28
CVE-2018-10183 (An issue was discovered in BigTree 4.2.22. There is cross-site ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-10182
	RESERVED
CVE-2018-1000199 [ptrace() incorrect error handling leads to corruption and DoS]
	RESERVED
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/f67b15037a7a50c57f72e69a6d59941ad90a0f0f
CVE-2018-10181
	RESERVED
CVE-2018-10180
	RESERVED
CVE-2018-10179
	RESERVED
CVE-2018-10178 (The FromDocToPDF extension before 13.611.13.2303 for Chrome allows ...)
	NOT-FOR-US: FromDocToPDF extension for Ghrome
CVE-2018-10177 (In ImageMagick 7.0.7-28, there is an infinite loop in the ...)
	- imagemagick <unfixed> (bug #896018)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1095
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9fdda6391e38aaad3bfd6a30bd6a72bd31aeee02
CVE-2018-10176 (Digital Guardian Management Console 7.1.2.0015 has a Directory ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10175 (Digital Guardian Management Console 7.1.2.0015 has an XXE issue. ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10174 (Digital Guardian Management Console 7.1.2.0015 has an SSRF issue that ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10173 (Digital Guardian Management Console 7.1.2.0015 allows authenticated ...)
	NOT-FOR-US: Digital Guardian Management Console
CVE-2018-10172 (7-Zip through 18.01 on Windows implements the &quot;Large memory pages&quot; ...)
	NOT-FOR-US: 7-Zip
CVE-2018-10171
	RESERVED
CVE-2018-10170 (NordVPN 6.12.7.0 for Windows suffers from a SYSTEM privilege escalation ...)
	NOT-FOR-US: NordVPN for Windows
CVE-2018-10169 (ProtonVPN 1.3.3 for Windows suffers from a SYSTEM privilege escalation ...)
	NOT-FOR-US: ProtonVPN for Windows
CVE-2018-10168 (TP-Link EAP Controller and Omada Controller versions ...)
	NOT-FOR-US: TP-Link
CVE-2018-10167 (The web application backup file in the TP-Link EAP Controller and Omada ...)
	NOT-FOR-US: TP-Link
CVE-2018-10166 (The web management interface in the TP-Link EAP Controller and Omada ...)
	NOT-FOR-US: TP-Link
CVE-2018-10165 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP ...)
	NOT-FOR-US: TP-Link
CVE-2018-10164 (Stored Cross-site scripting (XSS) vulnerability in the TP-Link EAP ...)
	NOT-FOR-US: TP-Link
CVE-2018-10163
	RESERVED
CVE-2018-10162
	RESERVED
CVE-2018-10161
	RESERVED
CVE-2018-10160
	RESERVED
CVE-2018-10159
	RESERVED
CVE-2018-10158
	RESERVED
CVE-2018-10157
	RESERVED
CVE-2018-10156
	RESERVED
CVE-2018-10155
	RESERVED
CVE-2018-10154
	RESERVED
CVE-2018-10153
	RESERVED
CVE-2018-10152
	RESERVED
CVE-2018-10151
	RESERVED
CVE-2018-10150
	RESERVED
CVE-2018-10149
	RESERVED
CVE-2018-10148
	RESERVED
CVE-2018-10147
	RESERVED
CVE-2018-10146
	RESERVED
CVE-2018-10145
	RESERVED
CVE-2018-10144
	RESERVED
CVE-2018-10143
	RESERVED
CVE-2018-10142
	RESERVED
CVE-2018-10141
	RESERVED
CVE-2018-10140
	RESERVED
CVE-2018-10139
	RESERVED
CVE-2018-10138 (The CATALooK.netStore module through 7.2.8 for DNN (formerly ...)
	NOT-FOR-US: DNN
CVE-2018-10137 (iScripts UberforX 2.2 has CSRF in the &quot;manage_settings&quot; section of the ...)
	NOT-FOR-US: iScripts UberforX
CVE-2018-10136 (iScripts UberforX 2.2 has Stored XSS in the &quot;manage_settings&quot; section ...)
	NOT-FOR-US: iScripts UberforX
CVE-2018-10135 (iScripts eSwap v2.4 has Reflected XSS via the &quot;catwiseproducts.php&quot; ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10134
	RESERVED
CVE-2018-10133 (PbootCMS v0.9.8 allows PHP code injection via an IF label in ...)
	NOT-FOR-US: PbootCMS
CVE-2018-10132 (PbootCMS v0.9.8 has CSRF via an ...)
	NOT-FOR-US: PbootCMS
CVE-2018-10131
	RESERVED
CVE-2018-10130
	RESERVED
CVE-2018-10129
	RESERVED
CVE-2018-10128 (An issue was discovered in XYHCMS 3.5. It has XSS via the test ...)
	NOT-FOR-US: XYHCMS
CVE-2018-10127 (An issue was discovered in XYHCMS 3.5. It has CSRF via an ...)
	NOT-FOR-US: XYHCMS
CVE-2018-10126 (LibTIFF 4.0.9 has a NULL pointer dereference in the jpeg_fdct_16x16 ...)
	- tiff <unfixed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2786
	NOTE: Crash in CLI tool, no security impact
CVE-2018-10125
	RESERVED
CVE-2018-10123 (p910nd on Inteno IOPSYS 2.0 through 4.2.0 allows remote attackers to ...)
	NOT-FOR-US: p910nd on Inteno IOPSYS
CVE-2018-10122 (QingDao Nature Easy Soft Chanzhi Enterprise Portal System (aka ...)
	NOT-FOR-US: QingDao Nature Easy Soft Chanzhi Enterprise Portal System
CVE-2018-10121 (plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10120 (The SwCTBWrapper::Read function in sw/source/filter/ww8/ww8toolbar.cxx ...)
	{DSA-4178-1 DLA-1356-1}
	- libreoffice 1:6.0.2-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6173
	NOTE: https://gerrit.libreoffice.org/#/c/49486/
	NOTE: https://gerrit.libreoffice.org/#/c/49499/
	NOTE: https://gerrit.libreoffice.org/#/c/49500/
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=017fcc2fcd00af17a97bd5463d89662404f57667
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10120/
CVE-2018-10119 (sot/source/sdstor/stgstrms.cxx in LibreOffice before 5.4.5.1 and 6.x ...)
	{DSA-4178-1 DLA-1356-1}
	- libreoffice 1:6.0.1-1
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5747
	NOTE: https://gerrit.libreoffice.org/#/c/48751/
	NOTE: https://gerrit.libreoffice.org/#/c/48756/
	NOTE: https://gerrit.libreoffice.org/#/c/48757/
	NOTE: https://gerrit.libreoffice.org/#/c/48758/
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commit;h=fdd41c995d1f719e92c6f083e780226114762f05
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2018-10119/
CVE-2018-10118 (Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10117 (An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-10116
	RESERVED
CVE-2018-10115 (Incorrect initialization logic of RAR decoder objects in 7-Zip 18.03 ...)
	- p7zip-rar <unfixed> (bug #897674)
	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
	NOTE: https://landave.io/2018/05/7-zip-from-uninitialized-memory-to-remote-code-execution/
	NOTE: https://sourceforge.net/p/sevenzip/discussion/45797/thread/adc65bfa/
CVE-2018-10114 (An issue was discovered in GEGL through 0.3.32. The ...)
	- gegl 0.3.34-1 (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795248
	NOTE: https://git.gnome.org/browse/gegl/commit/?id=c83b05d565a1e3392c9606a4ecaa560eb9a4ee29
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#1-gegl-outbound-write-1
CVE-2018-10113 (An issue was discovered in GEGL through 0.3.32. The process function in ...)
	- gegl <unfixed> (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#3-gegl-dos-2
CVE-2018-10112 (An issue was discovered in GEGL through 0.3.32. The ...)
	- gegl <unfixed> (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=795249
	NOTE: https://github.com/xiaoqx/pocs/tree/master/gegl#4-gegl-outbound-write-2
CVE-2018-10111 (An issue was discovered in GEGL through 0.3.32. The render_rectangle ...)
	- gegl <unfixed> (low)
	[stretch] - gegl <no-dsa> (Minor issue)
	[jessie] - gegl <no-dsa> (Minor issue)
	[wheezy] - gegl <no-dsa> (Minor issue)
	NOTE: POC https://github.com/xiaoqx/pocs/tree/master/gegl#2-gegl-dos-1
CVE-2018-10110 (D-Link DIR-615 T1 devices allow XSS via the Add User feature. ...)
	NOT-FOR-US: D-Link
CVE-2018-10109 (Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-10108 (D-Link DIR-815 REV. B (with firmware through ...)
	NOT-FOR-US: D-Link
CVE-2018-10107 (D-Link DIR-815 REV. B (with firmware through ...)
	NOT-FOR-US: D-Link
CVE-2018-10106 (D-Link DIR-815 REV. B (with firmware through ...)
	NOT-FOR-US: D-Link
CVE-2018-10105
	RESERVED
CVE-2018-10104
	RESERVED
CVE-2018-10103
	RESERVED
CVE-2018-10099
	RESERVED
CVE-2018-10098
	RESERVED
CVE-2018-10097 (XSS exists in Domain Trader 2.5.3 via the recoverlogin.php ...)
	NOT-FOR-US: Domain Trader
CVE-2018-1000171
	REJECTED
CVE-2018-1002100 [Kubectl copy doesn't check for paths outside of it's destination directory]
	- kubernetes <unfixed>
	NOTE: https://github.com/kubernetes/kubernetes/issues/61297
CVE-2018-1000170 (A cross-site scripting vulnerability exists in Jenkins 2.115 and ...)
	- jenkins <removed>
CVE-2018-1000169 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	- jenkins <removed>
CVE-2018-10096 (joyplus-cms 1.6.0 has XSS via the device_name parameter in a ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10095
	RESERVED
CVE-2018-10094
	RESERVED
CVE-2018-10093
	RESERVED
CVE-2018-10092
	RESERVED
CVE-2018-10091
	RESERVED
CVE-2018-10090
	RESERVED
CVE-2018-10089
	RESERVED
CVE-2018-10088
	RESERVED
CVE-2018-10124 (The kill_something_info function in kernel/signal.c in the Linux kernel ...)
	- linux 4.13.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/linus/4ea77014af0d6205b05503d1c7aac6eace11d473 (4.13-rc1)
CVE-2018-10087 (The kernel_wait4 function in kernel/exit.c in the Linux kernel before ...)
	- linux 4.13.4-1
	[stretch] - linux <ignored> (Minor issue)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <ignored> (Minor issue)
	NOTE: Fixed by: https://git.kernel.org/linus/dd83c161fbcc5d8be637ab159c0de015cbff5ba4 (4.13-rc1)
CVE-2018-10086 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary code ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10085 (CMS Made Simple (CMSMS) through 2.2.6 allows PHP object injection ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10084 (CMS Made Simple (CMSMS) through 2.2.6 contains a privilege escalation ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10083 (CMS Made Simple (CMSMS) through 2.2.7 contains an arbitrary file ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10082 (CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10081 (CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10080 (Secutech RiS-11, RiS-22, and RiS-33 devices with firmware ...)
	NOT-FOR-US: Secutech RiS-11, RiS-22, and RiS-33 devices
CVE-2018-10079 (Geist WatchDog Console 3.2.2 uses a weak ACL for the ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10078 (Cross-site scripting (XSS) vulnerability in Geist WatchDog Console ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10077 (XML external entity (XXE) vulnerability in Geist WatchDog Console ...)
	NOT-FOR-US: Geist WatchDog Console
CVE-2018-10076
	RESERVED
CVE-2018-10075
	RESERVED
CVE-2018-10073 (joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10072 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
	NOT-FOR-US: WinDriver
CVE-2018-10071 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
	NOT-FOR-US: WinDriver
CVE-2018-10070 (A vulnerability in MikroTik Version 6.41.4 could allow an ...)
	NOT-FOR-US: MikroTik
CVE-2018-10069
	RESERVED
CVE-2018-10068 (The jDownloads extension before 3.2.59 for Joomla! has XSS. ...)
	NOT-FOR-US: jDownloads extension for Joomla!
CVE-2018-10067
	RESERVED
CVE-2018-10066 (An issue was discovered in MikroTik RouterOS 6.41.4. Missing OpenVPN ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2018-10065
	RESERVED
CVE-2018-10064
	RESERVED
CVE-2018-10063 (The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to ...)
	NOT-FOR-US: Convert Forms extension for Joomla!
CVE-2018-10062
	RESERVED
CVE-2018-10074 (The hi3660_stub_clk_probe function in ...)
	- linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/9903e41ae1f5d50c93f268ca3304d4d7c64b9311 (4.16-rc7)
CVE-2018-10061 (Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars ...)
	- cacti 1.1.37+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <no-dsa> (Minor issue)
	[wheezy] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10060 (Cacti before 1.1.37 has XSS because it does not properly reject ...)
	- cacti 1.1.37+ds1-1 (low)
	[stretch] - cacti <no-dsa> (Minor issue)
	[jessie] - cacti <no-dsa> (Minor issue)
	[wheezy] - cacti <no-dsa> (Minor issue)
	NOTE: https://github.com/Cacti/cacti/issues/1457
CVE-2018-10059 (Cacti before 1.1.37 has XSS because the get_current_page function in ...)
	- cacti 1.1.37+ds1-1
	[stretch] - cacti <not-affected> (Issue introduced later)
	[jessie] - cacti <not-affected> (Issue introduced later)
	[wheezy] - cacti <not-affected> (Issue introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/1457
	NOTE: get_current_page was added in the 1.x series
CVE-2018-10058
	RESERVED
CVE-2018-10057
	RESERVED
CVE-2018-10056
	RESERVED
CVE-2018-10055
	RESERVED
CVE-2018-10054 (H2 1.4.197, as used in Datomic before 0.9.5697 and other products, ...)
	NOT-FOR-US: H2 (different from src:python-h2)
CVE-2018-10053
	RESERVED
CVE-2018-10052 (iScripts SupportDesk v4.3 has XSS via the ...)
	NOT-FOR-US: iScripts SupportDesk
CVE-2018-10051 (iScripts SupportDesk v4.3 has XSS via the ...)
	NOT-FOR-US: iScripts SupportDesk
CVE-2018-10050 (iScripts eSwap v2.4 has SQL injection via the ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10049 (iScripts eSwap v2.4 has XSS via the &quot;registration_settings.php&quot; txtDate ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10048 (iScripts eSwap v2.4 has CSRF via &quot;registration_settings.php&quot; in the ...)
	NOT-FOR-US: iScripts eSwap
CVE-2018-10047
	RESERVED
CVE-2018-10046
	RESERVED
CVE-2018-10045
	RESERVED
CVE-2018-10044
	RESERVED
CVE-2018-10043
	RESERVED
CVE-2018-10042
	RESERVED
CVE-2018-10041
	RESERVED
CVE-2018-10040
	RESERVED
CVE-2018-10039
	RESERVED
CVE-2018-10038
	RESERVED
CVE-2018-10037
	RESERVED
CVE-2018-10036
	RESERVED
CVE-2018-10035
	RESERVED
CVE-2018-10034
	RESERVED
CVE-2018-10033 (CMS Made Simple (aka CMSMS) 2.2.7 has Stored XSS in admin/siteprefs.php ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10032 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10031 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10030 (CMS Made Simple (aka CMSMS) 2.2.7 has CSRF in admin/siteprefs.php. ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10029 (CMS Made Simple (aka CMSMS) 2.2.7 has Reflected XSS in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-10028 (joyplus-cms 1.6.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-10027 (ESTsoft ALZip before 10.76 allows local users to execute arbitrary code ...)
	NOT-FOR-US: ESTsoft ALZip
CVE-2018-10026 (The WeChat module in YzmCMS 3.7.1 has reflected XSS via the ...)
	NOT-FOR-US: WeChat module in YzmCMS
CVE-2018-10025
	RESERVED
CVE-2018-10024 (ubiQuoss Switch VP5208A creates a bcm_password file at /cgi-bin/ with ...)
	NOT-FOR-US: ubiQuoss Switch VP5208A
CVE-2018-10023 (Catfish CMS V4.7.21 allows XSS via the pinglun parameter to ...)
	NOT-FOR-US: Catfish CMS
CVE-2018-10022
	RESERVED
CVE-2018-10021 (** DISPUTED ** drivers/scsi/libsas/sas_scsi_host.c in the Linux kernel ...)
	- linux 4.15.17-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/318aaf34f1179b39fa9c30fa0f3288b645beee39 (4.16-rc7)
	NOTE: Low security impact, failure can only occur for physically
	NOTE: proximate attackers who unplug SAS Host Bus Adapter cables.
CVE-2018-10020
	RESERVED
CVE-2018-10019
	RESERVED
CVE-2018-9999 (In Zulip Server versions before 1.7.2, there was an XSS issue with user ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9998
	RESERVED
CVE-2018-9997
	RESERVED
CVE-2018-9996 (An issue was discovered in cplus-dem.c in GNU libiberty, as ...)
	- binutils <unfixed> (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85304
CVE-2018-9995 (TBK DVR4104 and DVR4216 devices, as well as Novo, CeNova, QSee, ...)
	NOT-FOR-US: TBK DVR4104 and DVR4216 devices
CVE-2018-9994
	RESERVED
CVE-2018-9993 (YUNUCMS 1.0.7 has XSS via the content title on an ...)
	NOT-FOR-US: YUNUCMS
CVE-2018-9992 (Frog CMS 0.9.5 has XSS via the name field of a new &quot;File&quot; or ...)
	NOT-FOR-US: Frog CMS
CVE-2018-9991 (Frog CMS 0.9.5 has XSS via the /admin/?/user/add Name or Username ...)
	NOT-FOR-US: Frog CMS
CVE-2018-9990 (In Zulip Server versions before 1.7.2, there was an XSS issue with ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-10018
	RESERVED
CVE-2018-10017 (soundlib/Snd_fx.cpp in OpenMPT before 1.27.07.00 and libopenmpt before ...)
	- libopenmpt 0.3.8-1 (bug #895406)
	[stretch] - libopenmpt <no-dsa> (Minor issue)
	NOTE: https://github.com/OpenMPT/openmpt/commit/492022c7297ede682161d9c0ec2de15526424e76
CVE-2018-10016 (Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability ...)
	- nasm <unfixed> (bug #895408)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: ttps://bugzilla.nasm.us/show_bug.cgi?id=3392473
CVE-2018-10015
	RESERVED
CVE-2018-10014
	RESERVED
CVE-2018-10013
	RESERVED
CVE-2018-10012
	RESERVED
CVE-2018-10011
	RESERVED
CVE-2018-10010
	RESERVED
CVE-2018-10009
	RESERVED
CVE-2018-10008
	RESERVED
CVE-2018-10007
	RESERVED
CVE-2018-10006
	RESERVED
CVE-2018-10005
	RESERVED
CVE-2018-10004
	RESERVED
CVE-2018-10003
	RESERVED
CVE-2018-10002
	RESERVED
CVE-2018-10001 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
	- ffmpeg <unfixed> (low)
	[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=47b7c68ae54560e2308bdb6be4fb076c73b93081
	- libav <undetermined>
CVE-2018-10000 (The Video Downloader professional extension before 2018-04-05 for ...)
	NOT-FOR-US: The Video Downloader professional extension for Chrome
CVE-2017-18260 (Dolibarr ERP/CRM is affected by multiple SQL injection vulnerabilities ...)
	- dolibarr <removed>
	[jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2017-18259 (Dolibarr ERP/CRM is affected by stored Cross-Site Scripting (XSS) in ...)
	- dolibarr <removed>
	[jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2018-9989 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
	- mbedtls 2.8.0-1
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[jessie] - polarssl <no-dsa> (Minor issue)
	[wheezy] - polarssl <no-dsa> (Minor issue)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/5224a7544c95552553e2e6be0b4a789956a6464e
	NOTE: https://github.com/ARMmbed/mbedtls/commit/740b218386083dc708ce98ccc94a63a95cd5629e
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9988 (ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer ...)
	- mbedtls 2.8.0-1
	[stretch] - mbedtls <no-dsa> (Minor issue)
	- polarssl <removed>
	[jessie] - polarssl <no-dsa> (Minor issue)
	[wheezy] - polarssl <no-dsa> (Minor issue)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/027f84c69f4ef30c0693832a6c396ef19e563ca1
	NOTE: https://github.com/ARMmbed/mbedtls/commit/a1098f81c252b317ad34ea978aea2bc47760b215
	NOTE: https://tls.mbed.org/tech-updates/releases/mbedtls-2.8.0-2.7.2-and-2.1.11-released
CVE-2018-9987 (In Zulip Server versions 1.5.x, 1.6.x, and 1.7.x before 1.7.2, there ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9986 (In Zulip Server versions before 1.7.2, there were XSS issues with the ...)
	- zulip-server <itp> (bug #800052)
CVE-2018-9985 (The front page of MetInfo 6.0 allows XSS by sending a feedback message ...)
	NOT-FOR-US: MetInfo
CVE-2018-9984 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9983 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9982 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9981 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9980 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9979 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9978 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9977 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9976 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9975 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9974 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9973 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9972 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9971 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9970 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9969 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9968 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9967 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9966 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9965 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9964 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9963 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9962 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9961 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9960 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9959 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9958 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9957 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9956 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9955 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9954 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9953 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9952 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9951 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9950 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9949 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9948 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9947 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9946 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9945 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9944 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9943 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9942 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9941 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9940 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9939 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9938 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9937 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9936 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9935 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-9934 (The reset-password feature in MetInfo 6.0 allows remote attackers to ...)
	NOT-FOR-US: MetInfo
CVE-2018-9933
	RESERVED
CVE-2018-9932
	RESERVED
CVE-2018-9931
	RESERVED
CVE-2018-9930
	RESERVED
CVE-2018-9929
	RESERVED
CVE-2018-9928 (Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 ...)
	NOT-FOR-US: MetInfo
CVE-2018-9927 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-9926 (An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF ...)
	NOT-FOR-US: WUZHI CMS
CVE-2018-9925 (An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9924 (An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9923 (An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9922 (An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path ...)
	NOT-FOR-US: idreamsoft iCMS
CVE-2018-9921 (In CMS Made Simple 2.2.7, a Directory Traversal issue makes it possible ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-9920
	RESERVED
CVE-2018-9919 (A web-accessible backdoor, with resultant SSRF, exists in Tp-shop ...)
	NOT-FOR-US: Tp-shop
CVE-2018-9918 (libqpdf.a in QPDF through 8.0.2 mishandles certain &quot;expected dictionary ...)
	- qpdf 8.0.2-3 (bug #895443)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/202
CVE-2018-9917
	RESERVED
CVE-2018-9916
	RESERVED
CVE-2018-9915
	RESERVED
CVE-2018-9914
	RESERVED
CVE-2018-9913
	RESERVED
CVE-2018-9912
	RESERVED
CVE-2018-9911
	RESERVED
CVE-2018-9910
	RESERVED
CVE-2018-9909
	RESERVED
CVE-2018-9908
	RESERVED
CVE-2018-9907
	RESERVED
CVE-2018-9906
	RESERVED
CVE-2018-9905
	RESERVED
CVE-2018-9904
	RESERVED
CVE-2018-9903
	RESERVED
CVE-2018-9902
	RESERVED
CVE-2018-9901
	RESERVED
CVE-2018-9900
	RESERVED
CVE-2018-9899
	RESERVED
CVE-2018-9898
	RESERVED
CVE-2018-9897
	RESERVED
CVE-2018-9896
	RESERVED
CVE-2018-9895
	RESERVED
CVE-2018-9894
	RESERVED
CVE-2018-9893
	RESERVED
CVE-2018-9892
	RESERVED
CVE-2018-9891
	RESERVED
CVE-2018-9890
	RESERVED
CVE-2018-9889
	RESERVED
CVE-2018-9888
	RESERVED
CVE-2018-9887
	RESERVED
CVE-2018-9886
	RESERVED
CVE-2018-9885
	RESERVED
CVE-2018-9884
	RESERVED
CVE-2018-9883
	RESERVED
CVE-2018-9882
	RESERVED
CVE-2018-9881
	RESERVED
CVE-2018-9880
	RESERVED
CVE-2018-9879
	RESERVED
CVE-2018-9878
	RESERVED
CVE-2018-9877
	RESERVED
CVE-2018-9876
	RESERVED
CVE-2018-9875
	RESERVED
CVE-2018-9874
	RESERVED
CVE-2018-9873
	RESERVED
CVE-2018-9872
	RESERVED
CVE-2018-9871
	RESERVED
CVE-2018-9870
	RESERVED
CVE-2018-9869
	RESERVED
CVE-2018-9868
	RESERVED
CVE-2018-9867
	RESERVED
CVE-2018-9866
	RESERVED
CVE-2018-9865
	RESERVED
CVE-2018-9864 (The WP Live Chat Support plugin before 8.0.06 for WordPress has stored ...)
	NOT-FOR-US: WP Live Chat Support plugin for WordPress
CVE-2018-9863
	RESERVED
CVE-2018-9862 (util.c in runV 1.0.0 for Docker mishandles a numeric username, which ...)
	NOT-FOR-US: runV for Docker
CVE-2018-9861 (Cross-site scripting (XSS) vulnerability in the Enhanced Image (aka ...)
	NOT-FOR-US: ckeditor plugin
CVE-2018-9860 (An issue was discovered in Botan 1.11.32 through 2.x before 2.6.0. An ...)
	- botan 2.4.0-6
	- botan1.10 <not-affected> (Issue introduced in 1.11.32)
	NOTE: https://github.com/randombit/botan/commit/ec222c99719c396a1f4756b2ca345dbbfbeb5ed5
	NOTE: Bug introduced in 1.11.32, fixed in 2.6.0
CVE-2018-9859
	RESERVED
CVE-2018-1000168 (nghttp2 version &gt;= 1.10.0 and nghttp2 &lt;= v1.31.0 contains an Improper ...)
	- nghttp2 1.31.1-1 (low; bug #895566)
	[stretch] - nghttp2 <no-dsa> (Minor issue)
	[jessie] - nghttp2 <not-affected> (Issue introduced in 1.10.0)
	NOTE: Affected versions: nghttp2 >= 1.10.0 and nghttp2 <= v1.31.0
	NOTE: Fixed by: https://github.com/nghttp2/nghttp2/commit/b1bd6035e884b3d83748914a3b5f2a8e52a78a2f
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/4
CVE-2018-9858
	RESERVED
CVE-2018-9857 (PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field ...)
	NOT-FOR-US: PHP Scripts Mall Match Clone Script
CVE-2018-9856 (Kotti before 1.3.2 and 2.x before 2.0.0b2 has CSRF in the local roles ...)
	NOT-FOR-US: Kotti
CVE-2018-9855
	RESERVED
CVE-2018-9854
	RESERVED
CVE-2018-9853
	RESERVED
CVE-2018-9852 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Home\HitsAction.class.php allows ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9851 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\TplAction.class.php allows ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9850 (In Gxlcms QY v1.0.0713, Lib\Lib\Action\Admin\DataAction.class.php ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9849 (Pulse Secure Pulse Connect Secure 8.1.x before 8.1R14, 8.2.x before ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-9848 (In Gxlcms QY v1.0.0713, the upload function in ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9847 (In Gxlcms QY v1.0.0713, the update function in ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9846 (In Roundcube from versions 1.2.0 to 1.3.5, with the archive plugin ...)
	{DSA-4181-1}
	- roundcube 1.3.6+dfsg.1-1 (bug #895184)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present in archive.php)
	NOTE: https://github.com/roundcube/roundcubemail/issues/6238
	NOTE: https://github.com/roundcube/roundcubemail/commit/e3dd5b66d236867572e68fcb80281e9268a0cfb0 (release-1.3)
	NOTE: https://github.com/roundcube/roundcubemail/commit/cdeb6234a2e029c499898c3432fdf5b2cf093640 (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/5b7e9a2c960eb4fd2364921297020a5dcd2d7dbc (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/c69b851b8a704f6483ec9d1cae7cd1ecd33c3343 (release-1.2)
	NOTE: https://github.com/roundcube/roundcubemail/commit/7901047474729a7f466eb8c59c92a36fc7cf0e70 (release-1.2)
CVE-2018-9845 (Etherpad Lite before 1.6.4 is exploitable for admin access. ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9844 (The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress ...)
	NOT-FOR-US: Iptanus WordPress File Upload plugin for WordPress
CVE-2018-9843 (The REST API in CyberArk Password Vault Web Access before 9.9.5 and ...)
	NOT-FOR-US: CyberArk Password Vault Web Access
CVE-2018-9842 (CyberArk Password Vault before 9.7 allows remote attackers to obtain ...)
	NOT-FOR-US: CyberArk Password Vault
CVE-2018-9841 (The export function in libavfilter/vf_signature.c in FFmpeg through ...)
	- ffmpeg <unfixed> (low)
	[stretch] - ffmpeg <postponed> (Can wait until the next ffmpeg 3.2.x release)
	- libav <undetermined>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=35eeff30caf34df835206f1c12bcf4b7c2bd6758
CVE-2018-9840 (The Open Whisper Signal app before 2.23.2 for iOS allows physically ...)
	NOT-FOR-US: Open Whisper Signal app for iOS
CVE-2018-9839
	RESERVED
CVE-2018-1000164 (gunicorn version 19.4.5 contains a CWE-113: Improper Neutralization of ...)
	{DSA-4186-1 DLA-1357-1}
	- gunicorn 19.5.0-1 (bug #896548)
	NOTE: https://epadillas.github.io/2018/04/02/http-header-splitting-in-gunicorn-19.4.5
	NOTE: https://github.com/benoitc/gunicorn/issues/1227
	NOTE: https://github.com/benoitc/gunicorn/commit/5263a4ef2a63c62216680876f3813959839608ff
CVE-2018-1000161 (nmap version 6.49BETA6 through 7.60, up to and including SVN revision ...)
	- nmap 7.70+dfsg1-1
	[stretch] - nmap <no-dsa> (Minor issue)
	[jessie] - nmap <not-affected> (Vulnerable code not present)
	[wheezy] - nmap <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/098e32713650f54732472f31245b7eca936b2bd8
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/da0c861299ae1ce6268e9591838f7a1144b327d7
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/88631b50676c38824e01d30819f46258a8497b0a
	NOTE: Fixed by: https://github.com/nmap/nmap/commit/80e1977308e51b1b7aa038a38f8837a7e90b3849
	NOTE: Introduced in https://github.com/nmap/nmap/commit/88381c2e685297a4fafe7182a06877b27da34e1e
	NOTE: Script added in 6.49BETA6 (cf. https://bugzilla.novell.com/show_bug.cgi?id=1088608#c1)
CVE-2018-1000159 (tlslite-ng version 0.7.3 and earlier, since commit ...)
	- tlslite-ng 0.7.4-1 (low; bug #895728)
	[stretch] - tlslite-ng <no-dsa> (Minor issue, code describes itself as beta quality and use with caution)
	NOTE: https://github.com/tomato42/tlslite-ng/pull/234
	NOTE: https://github.com/tomato42/tlslite-ng/pull/234/commits/3674815d1b0f7484454995e2737a352e0a6a93d8 (v0.8.0-alpha3)
	NOTE: https://github.com/tomato42/tlslite-ng/pull/235
	NOTE: https://github.com/tomato42/tlslite-ng/pull/235/commits/e5e9145558f4c1a81071c61c947aa55a52542585 (backport for tslite-ng-0.7)
CVE-2018-1000157
	REJECTED
CVE-2018-9838 (The caml_ba_deserialize function in byterun/bigarray.c in the standard ...)
	- ocaml <unfixed> (bug #895472)
	[stretch] - ocaml <no-dsa> (Minor issue)
	[jessie] - ocaml <no-dsa> (Minor issue)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	NOTE: https://caml.inria.fr/mantis/view.php?id=7765
	NOTE: https://github.com/ocaml/ocaml/pull/1718
	NOTE: https://github.com/ocaml/ocaml/commit/9664c7ee807c2dfa802f53cabd405ff58e219c47
	NOTE: Before 4.06.0+beta1 the code is present in otherlibs/bigarray/bigarray_stubs.c
CVE-2018-10101 (Before WordPress 4.9.5, the URL validator assumed URLs with the ...)
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u3
	[jessie] - wordpress <not-affected> (vulnerable code is not present)
	[wheezy] - wordpress <not-affected> (vulnerable code is not present)
	NOTE: https://core.trac.wordpress.org/changeset/42894
	NOTE: https://github.com/WordPress/WordPress/commit/804363859602d4050d9a38a21f5a65d9aec18216
	NOTE: Introduced via https://github.com/WordPress/WordPress/commit/c73a812109e1a64ecf21b6a198f949c58d1f2674 (4.5)
CVE-2018-10100 (Before WordPress 4.9.5, the redirection URL for the login page was not ...)
	{DSA-4193-1 DLA-1366-1}
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	NOTE: https://core.trac.wordpress.org/changeset/42892
	NOTE: https://github.com/WordPress/WordPress/commit/14bc2c0a6fde0da04b47130707e01df850eedc7e
CVE-2018-10102 (Before WordPress 4.9.5, the version string was not escaped in the ...)
	{DSA-4193-1 DLA-1366-1}
	- wordpress 4.9.5+dfsg1-1 (bug #895034)
	NOTE: https://core.trac.wordpress.org/changeset/42893
	NOTE: https://github.com/WordPress/WordPress/commit/31a4369366d6b8ce30045d4c838de2412c77850d
CVE-2018-9837
	RESERVED
CVE-2018-9836
	RESERVED
CVE-2018-9835
	RESERVED
CVE-2018-9834
	RESERVED
CVE-2018-9833
	RESERVED
CVE-2018-9832
	RESERVED
CVE-2018-9831
	RESERVED
CVE-2018-9830
	RESERVED
CVE-2018-9829
	RESERVED
CVE-2018-9828
	RESERVED
CVE-2018-9827
	RESERVED
CVE-2018-9826
	RESERVED
CVE-2018-9825
	RESERVED
CVE-2018-9824
	RESERVED
CVE-2018-9823
	RESERVED
CVE-2018-9822
	RESERVED
CVE-2018-9821
	RESERVED
CVE-2018-9820
	RESERVED
CVE-2018-9819
	RESERVED
CVE-2018-9818
	RESERVED
CVE-2018-9817
	RESERVED
CVE-2018-9816
	RESERVED
CVE-2018-9815
	RESERVED
CVE-2018-9814
	RESERVED
CVE-2018-9813
	RESERVED
CVE-2018-9812
	RESERVED
CVE-2018-9811
	RESERVED
CVE-2018-9810
	RESERVED
CVE-2018-9809
	RESERVED
CVE-2018-9808
	RESERVED
CVE-2018-9807
	RESERVED
CVE-2018-9806
	RESERVED
CVE-2018-9805
	RESERVED
CVE-2018-9804
	RESERVED
CVE-2018-9803
	RESERVED
CVE-2018-9802
	RESERVED
CVE-2018-9801
	RESERVED
CVE-2018-9800
	RESERVED
CVE-2018-9799
	RESERVED
CVE-2018-9798
	RESERVED
CVE-2018-9797
	RESERVED
CVE-2018-9796
	RESERVED
CVE-2018-9795
	RESERVED
CVE-2018-9794
	RESERVED
CVE-2018-9793
	RESERVED
CVE-2018-9792
	RESERVED
CVE-2018-9791
	RESERVED
CVE-2018-9790
	RESERVED
CVE-2018-9789
	RESERVED
CVE-2018-9788
	RESERVED
CVE-2018-9787
	RESERVED
CVE-2018-9786
	RESERVED
CVE-2018-9785
	RESERVED
CVE-2018-9784
	RESERVED
CVE-2018-9783
	RESERVED
CVE-2018-9782
	RESERVED
CVE-2018-9781
	RESERVED
CVE-2018-9780
	RESERVED
CVE-2018-9779
	RESERVED
CVE-2018-9778
	RESERVED
CVE-2018-9777
	RESERVED
CVE-2018-9776
	RESERVED
CVE-2018-9775
	RESERVED
CVE-2018-9774
	RESERVED
CVE-2018-9773
	RESERVED
CVE-2018-9772
	RESERVED
CVE-2018-9771
	RESERVED
CVE-2018-9770
	RESERVED
CVE-2018-9769
	RESERVED
CVE-2018-9768
	RESERVED
CVE-2018-9767
	RESERVED
CVE-2018-9766
	RESERVED
CVE-2018-9765
	RESERVED
CVE-2018-9764
	RESERVED
CVE-2018-9763
	RESERVED
CVE-2018-9762
	RESERVED
CVE-2018-9761
	RESERVED
CVE-2018-9760
	RESERVED
CVE-2018-9759
	RESERVED
CVE-2018-9758
	RESERVED
CVE-2018-9757
	RESERVED
CVE-2018-9756
	RESERVED
CVE-2018-9755
	RESERVED
CVE-2018-9754
	RESERVED
CVE-2018-9753
	RESERVED
CVE-2018-9752
	RESERVED
CVE-2018-9751
	RESERVED
CVE-2018-9750
	RESERVED
CVE-2018-9749
	RESERVED
CVE-2018-9748
	RESERVED
CVE-2018-9747
	RESERVED
CVE-2018-9746
	RESERVED
CVE-2018-9745
	RESERVED
CVE-2018-9744
	RESERVED
CVE-2018-9743
	RESERVED
CVE-2018-9742
	RESERVED
CVE-2018-9741
	RESERVED
CVE-2018-9740
	RESERVED
CVE-2018-9739
	RESERVED
CVE-2018-9738
	RESERVED
CVE-2018-9737
	RESERVED
CVE-2018-9736
	RESERVED
CVE-2018-9735
	RESERVED
CVE-2018-9734
	RESERVED
CVE-2018-9733
	RESERVED
CVE-2018-9732
	RESERVED
CVE-2018-9731
	RESERVED
CVE-2018-9730
	RESERVED
CVE-2018-9729
	RESERVED
CVE-2018-9728
	RESERVED
CVE-2018-9727
	RESERVED
CVE-2018-9726
	RESERVED
CVE-2018-9725
	RESERVED
CVE-2018-9724
	RESERVED
CVE-2018-9723
	RESERVED
CVE-2018-9722
	RESERVED
CVE-2018-9721
	RESERVED
CVE-2018-9720
	RESERVED
CVE-2018-9719
	RESERVED
CVE-2018-9718
	RESERVED
CVE-2018-9717
	RESERVED
CVE-2018-9716
	RESERVED
CVE-2018-9715
	RESERVED
CVE-2018-9714
	RESERVED
CVE-2018-9713
	RESERVED
CVE-2018-9712
	RESERVED
CVE-2018-9711
	RESERVED
CVE-2018-9710
	RESERVED
CVE-2018-9709
	RESERVED
CVE-2018-9708
	RESERVED
CVE-2018-9707
	RESERVED
CVE-2018-9706
	RESERVED
CVE-2018-9705
	RESERVED
CVE-2018-9704
	RESERVED
CVE-2018-9703
	RESERVED
CVE-2018-9702
	RESERVED
CVE-2018-9701
	RESERVED
CVE-2018-9700
	RESERVED
CVE-2018-9699
	RESERVED
CVE-2018-9698
	RESERVED
CVE-2018-9697
	RESERVED
CVE-2018-9696
	RESERVED
CVE-2018-9695
	RESERVED
CVE-2018-9694
	RESERVED
CVE-2018-9693
	RESERVED
CVE-2018-9692
	RESERVED
CVE-2018-9691
	RESERVED
CVE-2018-9690
	RESERVED
CVE-2018-9689
	RESERVED
CVE-2018-9688
	RESERVED
CVE-2018-9687
	RESERVED
CVE-2018-9686
	RESERVED
CVE-2018-9685
	RESERVED
CVE-2018-9684
	RESERVED
CVE-2018-9683
	RESERVED
CVE-2018-9682
	RESERVED
CVE-2018-9681
	RESERVED
CVE-2018-9680
	RESERVED
CVE-2018-9679
	RESERVED
CVE-2018-9678
	RESERVED
CVE-2018-9677
	RESERVED
CVE-2018-9676
	RESERVED
CVE-2018-9675
	RESERVED
CVE-2018-9674
	RESERVED
CVE-2018-9673
	RESERVED
CVE-2018-9672
	RESERVED
CVE-2018-9671
	RESERVED
CVE-2018-9670
	RESERVED
CVE-2018-9669
	RESERVED
CVE-2018-9668
	RESERVED
CVE-2018-9667
	RESERVED
CVE-2018-9666
	RESERVED
CVE-2018-9665
	RESERVED
CVE-2018-9664
	RESERVED
CVE-2018-9663
	RESERVED
CVE-2018-9662
	RESERVED
CVE-2018-9661
	RESERVED
CVE-2018-9660
	RESERVED
CVE-2018-9659
	RESERVED
CVE-2018-9658
	RESERVED
CVE-2018-9657
	RESERVED
CVE-2018-9656
	RESERVED
CVE-2018-9655
	RESERVED
CVE-2018-9654
	RESERVED
CVE-2018-9653
	RESERVED
CVE-2018-9652
	RESERVED
CVE-2018-9651
	RESERVED
CVE-2018-9650
	RESERVED
CVE-2018-9649
	RESERVED
CVE-2018-9648
	RESERVED
CVE-2018-9647
	RESERVED
CVE-2018-9646
	RESERVED
CVE-2018-9645
	RESERVED
CVE-2018-9644
	RESERVED
CVE-2018-9643
	RESERVED
CVE-2018-9642
	RESERVED
CVE-2018-9641
	RESERVED
CVE-2018-9640
	RESERVED
CVE-2018-9639
	RESERVED
CVE-2018-9638
	RESERVED
CVE-2018-9637
	RESERVED
CVE-2018-9636
	RESERVED
CVE-2018-9635
	RESERVED
CVE-2018-9634
	RESERVED
CVE-2018-9633
	RESERVED
CVE-2018-9632
	RESERVED
CVE-2018-9631
	RESERVED
CVE-2018-9630
	RESERVED
CVE-2018-9629
	RESERVED
CVE-2018-9628
	RESERVED
CVE-2018-9627
	RESERVED
CVE-2018-9626
	RESERVED
CVE-2018-9625
	RESERVED
CVE-2018-9624
	RESERVED
CVE-2018-9623
	RESERVED
CVE-2018-9622
	RESERVED
CVE-2018-9621
	RESERVED
CVE-2018-9620
	RESERVED
CVE-2018-9619
	RESERVED
CVE-2018-9618
	RESERVED
CVE-2018-9617
	RESERVED
CVE-2018-9616
	RESERVED
CVE-2018-9615
	RESERVED
CVE-2018-9614
	RESERVED
CVE-2018-9613
	RESERVED
CVE-2018-9612
	RESERVED
CVE-2018-9611
	RESERVED
CVE-2018-9610
	RESERVED
CVE-2018-9609
	RESERVED
CVE-2018-9608
	RESERVED
CVE-2018-9607
	RESERVED
CVE-2018-9606
	RESERVED
CVE-2018-9605
	RESERVED
CVE-2018-9604
	RESERVED
CVE-2018-9603
	RESERVED
CVE-2018-9602
	RESERVED
CVE-2018-9601
	RESERVED
CVE-2018-9600
	RESERVED
CVE-2018-9599
	RESERVED
CVE-2018-9598
	RESERVED
CVE-2018-9597
	RESERVED
CVE-2018-9596
	RESERVED
CVE-2018-9595
	RESERVED
CVE-2018-9594
	RESERVED
CVE-2018-9593
	RESERVED
CVE-2018-9592
	RESERVED
CVE-2018-9591
	RESERVED
CVE-2018-9590
	RESERVED
CVE-2018-9589
	RESERVED
CVE-2018-9588
	RESERVED
CVE-2018-9587
	RESERVED
CVE-2018-9586
	RESERVED
CVE-2018-9585
	RESERVED
CVE-2018-9584
	RESERVED
CVE-2018-9583
	RESERVED
CVE-2018-9582
	RESERVED
CVE-2018-9581
	RESERVED
CVE-2018-9580
	RESERVED
CVE-2018-9579
	RESERVED
CVE-2018-9578
	RESERVED
CVE-2018-9577
	RESERVED
CVE-2018-9576
	RESERVED
CVE-2018-9575
	RESERVED
CVE-2018-9574
	RESERVED
CVE-2018-9573
	RESERVED
CVE-2018-9572
	RESERVED
CVE-2018-9571
	RESERVED
CVE-2018-9570
	RESERVED
CVE-2018-9569
	RESERVED
CVE-2018-9568
	RESERVED
CVE-2018-9567
	RESERVED
CVE-2018-9566
	RESERVED
CVE-2018-9565
	RESERVED
CVE-2018-9564
	RESERVED
CVE-2018-9563
	RESERVED
CVE-2018-9562
	RESERVED
CVE-2018-9561
	RESERVED
CVE-2018-9560
	RESERVED
CVE-2018-9559
	RESERVED
CVE-2018-9558
	RESERVED
CVE-2018-9557
	RESERVED
CVE-2018-9556
	RESERVED
CVE-2018-9555
	RESERVED
CVE-2018-9554
	RESERVED
CVE-2018-9553
	RESERVED
CVE-2018-9552
	RESERVED
CVE-2018-9551
	RESERVED
CVE-2018-9550
	RESERVED
CVE-2018-9549
	RESERVED
CVE-2018-9548
	RESERVED
CVE-2018-9547
	RESERVED
CVE-2018-9546
	RESERVED
CVE-2018-9545
	RESERVED
CVE-2018-9544
	RESERVED
CVE-2018-9543
	RESERVED
CVE-2018-9542
	RESERVED
CVE-2018-9541
	RESERVED
CVE-2018-9540
	RESERVED
CVE-2018-9539
	RESERVED
CVE-2018-9538
	RESERVED
CVE-2018-9537
	RESERVED
CVE-2018-9536
	RESERVED
CVE-2018-9535
	RESERVED
CVE-2018-9534
	RESERVED
CVE-2018-9533
	RESERVED
CVE-2018-9532
	RESERVED
CVE-2018-9531
	RESERVED
CVE-2018-9530
	RESERVED
CVE-2018-9529
	RESERVED
CVE-2018-9528
	RESERVED
CVE-2018-9527
	RESERVED
CVE-2018-9526
	RESERVED
CVE-2018-9525
	RESERVED
CVE-2018-9524
	RESERVED
CVE-2018-9523
	RESERVED
CVE-2018-9522
	RESERVED
CVE-2018-9521
	RESERVED
CVE-2018-9520
	RESERVED
CVE-2018-9519
	RESERVED
CVE-2018-9518
	RESERVED
CVE-2018-9517
	RESERVED
CVE-2018-9516
	RESERVED
CVE-2018-9515
	RESERVED
CVE-2018-9514
	RESERVED
CVE-2018-9513
	RESERVED
CVE-2018-9512
	RESERVED
CVE-2018-9511
	RESERVED
CVE-2018-9510
	RESERVED
CVE-2018-9509
	RESERVED
CVE-2018-9508
	RESERVED
CVE-2018-9507
	RESERVED
CVE-2018-9506
	RESERVED
CVE-2018-9505
	RESERVED
CVE-2018-9504
	RESERVED
CVE-2018-9503
	RESERVED
CVE-2018-9502
	RESERVED
CVE-2018-9501
	RESERVED
CVE-2018-9500
	RESERVED
CVE-2018-9499
	RESERVED
CVE-2018-9498
	RESERVED
CVE-2018-9497
	RESERVED
CVE-2018-9496
	RESERVED
CVE-2018-9495
	RESERVED
CVE-2018-9494
	RESERVED
CVE-2018-9493
	RESERVED
CVE-2018-9492
	RESERVED
CVE-2018-9491
	RESERVED
CVE-2018-9490
	RESERVED
CVE-2018-9489
	RESERVED
CVE-2018-9488
	RESERVED
CVE-2018-9487
	RESERVED
CVE-2018-9486
	RESERVED
CVE-2018-9485
	RESERVED
CVE-2018-9484
	RESERVED
CVE-2018-9483
	RESERVED
CVE-2018-9482
	RESERVED
CVE-2018-9481
	RESERVED
CVE-2018-9480
	RESERVED
CVE-2018-9479
	RESERVED
CVE-2018-9478
	RESERVED
CVE-2018-9477
	RESERVED
CVE-2018-9476
	RESERVED
CVE-2018-9475
	RESERVED
CVE-2018-9474
	RESERVED
CVE-2018-9473
	RESERVED
CVE-2018-9472
	RESERVED
CVE-2018-9471
	RESERVED
CVE-2018-9470
	RESERVED
CVE-2018-9469
	RESERVED
CVE-2018-9468
	RESERVED
CVE-2018-9467
	RESERVED
CVE-2018-9466
	RESERVED
CVE-2018-9465
	RESERVED
CVE-2018-9464
	RESERVED
CVE-2018-9463
	RESERVED
CVE-2018-9462
	RESERVED
CVE-2018-9461
	RESERVED
CVE-2018-9460
	RESERVED
CVE-2018-9459
	RESERVED
CVE-2018-9458
	RESERVED
CVE-2018-9457
	RESERVED
CVE-2018-9456
	RESERVED
CVE-2018-9455
	RESERVED
CVE-2018-9454
	RESERVED
CVE-2018-9453
	RESERVED
CVE-2018-9452
	RESERVED
CVE-2018-9451
	RESERVED
CVE-2018-9450
	RESERVED
CVE-2018-9449
	RESERVED
CVE-2018-9448
	RESERVED
CVE-2018-9447
	RESERVED
CVE-2018-9446
	RESERVED
CVE-2018-9445
	RESERVED
CVE-2018-9444
	RESERVED
CVE-2018-9443
	RESERVED
CVE-2018-9442
	RESERVED
CVE-2018-9441
	RESERVED
CVE-2018-9440
	RESERVED
CVE-2018-9439
	RESERVED
CVE-2018-9438
	RESERVED
CVE-2018-9437
	RESERVED
CVE-2018-9436
	RESERVED
CVE-2018-9435
	RESERVED
CVE-2018-9434
	RESERVED
CVE-2018-9433
	RESERVED
CVE-2018-9432
	RESERVED
CVE-2018-9431
	RESERVED
CVE-2018-9430
	RESERVED
CVE-2018-9429
	RESERVED
CVE-2018-9428
	RESERVED
CVE-2018-9427
	RESERVED
CVE-2018-9426
	RESERVED
CVE-2018-9425
	RESERVED
CVE-2018-9424
	RESERVED
CVE-2018-9423
	RESERVED
CVE-2018-9422
	RESERVED
CVE-2018-9421
	RESERVED
CVE-2018-9420
	RESERVED
CVE-2018-9419
	RESERVED
CVE-2018-9418
	RESERVED
CVE-2018-9417
	RESERVED
CVE-2018-9416
	RESERVED
CVE-2018-9415
	RESERVED
CVE-2018-9414
	RESERVED
CVE-2018-9413
	RESERVED
CVE-2018-9412
	RESERVED
CVE-2018-9411
	RESERVED
CVE-2018-9410
	RESERVED
CVE-2018-9409
	RESERVED
CVE-2018-9408
	RESERVED
CVE-2018-9407
	RESERVED
CVE-2018-9406
	RESERVED
CVE-2018-9405
	RESERVED
CVE-2018-9404
	RESERVED
CVE-2018-9403
	RESERVED
CVE-2018-9402
	RESERVED
CVE-2018-9401
	RESERVED
CVE-2018-9400
	RESERVED
CVE-2018-9399
	RESERVED
CVE-2018-9398
	RESERVED
CVE-2018-9397
	RESERVED
CVE-2018-9396
	RESERVED
CVE-2018-9395
	RESERVED
CVE-2018-9394
	RESERVED
CVE-2018-9393
	RESERVED
CVE-2018-9392
	RESERVED
CVE-2018-9391
	RESERVED
CVE-2018-9390
	RESERVED
CVE-2018-9389
	RESERVED
CVE-2018-9388
	RESERVED
CVE-2018-9387
	RESERVED
CVE-2018-9386
	RESERVED
CVE-2018-9385
	RESERVED
CVE-2018-9384
	RESERVED
CVE-2018-9383
	RESERVED
CVE-2018-9382
	RESERVED
CVE-2018-9381
	RESERVED
CVE-2018-9380
	RESERVED
CVE-2018-9379
	RESERVED
CVE-2018-9378
	RESERVED
CVE-2018-9377
	RESERVED
CVE-2018-9376
	RESERVED
CVE-2018-9375
	RESERVED
CVE-2018-9374
	RESERVED
CVE-2018-9373
	RESERVED
CVE-2018-9372
	RESERVED
CVE-2018-9371
	RESERVED
CVE-2018-9370
	RESERVED
CVE-2018-9369
	RESERVED
CVE-2018-9368
	RESERVED
CVE-2018-9367
	RESERVED
CVE-2018-9366
	RESERVED
CVE-2018-9365
	RESERVED
CVE-2018-9364
	RESERVED
CVE-2018-9363
	RESERVED
CVE-2018-9362
	RESERVED
CVE-2018-9361
	RESERVED
CVE-2018-9360
	RESERVED
CVE-2018-9359
	RESERVED
CVE-2018-9358
	RESERVED
CVE-2018-9357
	RESERVED
CVE-2018-9356
	RESERVED
CVE-2018-9355
	RESERVED
CVE-2018-9354
	RESERVED
CVE-2018-9353
	RESERVED
CVE-2018-9352
	RESERVED
CVE-2018-9351
	RESERVED
CVE-2018-9350
	RESERVED
CVE-2018-9349
	RESERVED
CVE-2018-9348
	RESERVED
CVE-2018-9347
	RESERVED
CVE-2018-9346
	RESERVED
CVE-2018-9345
	RESERVED
CVE-2018-9344
	RESERVED
CVE-2018-9343
	RESERVED
CVE-2018-9342
	RESERVED
CVE-2018-9341
	RESERVED
CVE-2018-9340
	RESERVED
CVE-2018-9339
	RESERVED
CVE-2018-9338
	RESERVED
CVE-2018-9337
	RESERVED
CVE-2018-9336 (openvpnserv.exe (aka the interactive service helper) in OpenVPN 2.4.x ...)
	- openvpn <not-affected> (Windows specific issue)
	NOTE: https://github.com/OpenVPN/openvpn/commit/1394192b210cb3c6624a7419bcf3ff966742e79b
CVE-2018-9335
	RESERVED
CVE-2018-9334
	RESERVED
CVE-2018-9333
	RESERVED
CVE-2018-9332
	RESERVED
CVE-2018-9331 (An issue was discovered in zzcms 8.2. user/adv.php allows remote ...)
	NOT-FOR-US: zzcms
CVE-2016-10720
	RESERVED
CVE-2016-10719
	RESERVED
CVE-2018-9330 (register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by ...)
	NOT-FOR-US: Coremail XT3.0
CVE-2018-9329
	REJECTED
CVE-2018-9328 (PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from ...)
	NOT-FOR-US: PHP Scripts Mall Redbus Clone Script
CVE-2018-9327 (Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to execute ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9326 (Etherpad 1.6.3 before 1.6.4 allows an attacker to execute arbitrary ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9325 (Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-9324
	REJECTED
CVE-2018-9323
	REJECTED
CVE-2018-9322
	RESERVED
CVE-2018-9321
	REJECTED
CVE-2018-9320
	RESERVED
CVE-2018-9319
	REJECTED
CVE-2018-9318
	RESERVED
CVE-2018-9317
	REJECTED
CVE-2018-9316
	REJECTED
CVE-2018-9315
	REJECTED
CVE-2018-9314
	RESERVED
CVE-2018-9313
	RESERVED
CVE-2018-9312
	RESERVED
CVE-2018-9311
	RESERVED
CVE-2018-1000155 [Denial of Service, Improper Authentication and Authorization, and Covert Channel in the OpenFlow handshake]
	RESERVED
	NOT-FOR-US: Flaw in the OpenFlow protocol
CVE-2018-1000154 (Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper ...)
	NOT-FOR-US: Zammad GmbH Zammad
CVE-2018-1000142 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000143 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000144 (A cross site scripting vulnerability exists in Jenkins Cucumber Living ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000145 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000146 (An arbitrary code execution vulnerability exists in Liquibase Runner ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000147 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000148 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000149 (A man in the middle vulnerability exists in Jenkins Ansible Plugin 0.8 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000150 (An exposure of sensitive information vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000151 (A man in the middle vulnerability exists in Jenkins vSphere Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000152 (An improper authorization vulnerability exists in Jenkins vSphere ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000153 (A cross-site request forgery vulnerability exists in Jenkins vSphere ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-9310 (An issue was discovered in MagniComp SysInfo before 10-H82 if setuid ...)
	NOT-FOR-US: MagniComp SysInfo
CVE-2018-9309 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...)
	NOT-FOR-US: zzcms
CVE-2018-9308
	RESERVED
CVE-2018-9307 (dsmall v20180320 allows XSS via the pdr_sn parameter to ...)
	NOT-FOR-US: dsmall
CVE-2018-9306
	REJECTED
CVE-2018-9305 (In Exiv2 0.26, an out-of-bounds read in IptcData::printStructure in ...)
	[experimental] - exiv2 <unfixed>
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/263
CVE-2018-9304 (In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/262
CVE-2018-9303 (In Exiv2 0.26, an assertion failure in BigTiffImage::readData in ...)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/262
CVE-2018-9302 (SSRF (Server Side Request Forgery) in /assets/lib/fuc.js.php in ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2018-9301
	RESERVED
CVE-2018-9300
	RESERVED
CVE-2018-9299
	RESERVED
CVE-2018-9298
	RESERVED
CVE-2018-9297
	RESERVED
CVE-2018-9296
	RESERVED
CVE-2018-9295
	RESERVED
CVE-2018-9294
	RESERVED
CVE-2018-9293
	RESERVED
CVE-2018-9292
	RESERVED
CVE-2018-9291
	RESERVED
CVE-2018-9290
	RESERVED
CVE-2018-9289
	RESERVED
CVE-2018-9288
	RESERVED
CVE-2018-9287
	RESERVED
CVE-2018-9286
	RESERVED
CVE-2018-9243 (GitLab Community and Enterprise Editions version 8.4 up to 10.4 are ...)
	- gitlab 10.6.3+dfsg-1 (bug #894869)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9244 (GitLab Community and Enterprise Editions version 9.2 up to 10.4 are ...)
	- gitlab 10.6.3+dfsg-1 (bug #894868)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-XXXX [Confidential issue comments in Slack, Mattermost, and webhook integrations]
	- gitlab 10.6.3+dfsg-1 (bug #894867)
	NOTE: https://about.gitlab.com/2018/04/04/security-release-gitlab-10-dot-6-dot-3-released/
CVE-2018-9285 (Main_Analysis_Content.asp in /apply.cgi on ASUS RT-AC66U, RT-AC68U, ...)
	NOT-FOR-US: ASUS
CVE-2018-9284 (authentication.cgi on D-Link DIR-868L devices with Singapore StarHub ...)
	NOT-FOR-US: D-Link
CVE-2018-9283
	RESERVED
CVE-2018-9282
	RESERVED
CVE-2018-9281
	RESERVED
CVE-2018-9280
	RESERVED
CVE-2018-9279
	RESERVED
CVE-2018-9278
	RESERVED
CVE-2018-9277
	RESERVED
CVE-2018-9276
	RESERVED
CVE-2018-9275 (In check_user_token in util.c in the Yubico PAM module (aka pam_yubico) ...)
	- yubico-pam <unfixed> (bug #896491)
	[stretch] - yubico-pam <no-dsa> (Minor issue)
	[jessie] - yubico-pam <not-affected> (Vulnerable code introduced later)
	[wheezy] - yubico-pam <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1088027
	NOTE: Fixed by: https://github.com/Yubico/yubico-pam/commit/0f6ceabab0a8849b47f67d727aa526c2656089ba
	NOTE: Introduced in: https://github.com/Yubico/yubico-pam/commit/d9780eacd9e61c5062cdabdce21c224de1884583 (2.18)
	NOTE: https://github.com/Yubico/yubico-pam/issues/136
CVE-2017-18257 (The __get_data_block function in fs/f2fs/data.c in the Linux kernel ...)
	{DSA-4188-1}
	- linux 4.11.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b86e33075ed1909d8002745b56ecf73b833db143
CVE-2018-1002150 (Koji version 1.12, 1.13, 1.14 and 1.15 contain an incorrect access ...)
	- koji <not-affected> (Issue introduced in 1.12.0, cf. #894832)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/04/1
	NOTE: https://docs.pagure.org/koji/CVE-2018-1002150/
	NOTE: https://pagure.io/koji/issue/850
	NOTE: Fixed by: https://pagure.io/koji/c/ab1ade7
CVE-2018-9274 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ui/failure_message.c ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14489
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=211845aba4794720ae265c782cdffddae54a3e7a
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f38e895dfc0d97bce64f73ce99df706911d9aa07
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9273 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14488
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1f8f1456f1e73b6c09e50a64749e43413ac12df7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9272 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14487
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6e3b90824a82724f445a0374e99f0b76e4cf5e8b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9271 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14486
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b0228945dc74ee82d2ab4a4e7af2bdfe7b75910
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9270 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, epan/oids.c has a ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14485
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0fbc50f9b9219be54d6db47f04b65af19696a7c7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9269 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14484
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e19aba33026212cbe000ece633adf14d109489fa
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9268 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14483
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c69d710d2bf39fe633800db65efddf55701131b6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9267 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14482
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ed057f7faa709dbde34b91f0715a957837f74d9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9266 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14481
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9d3714e767cb104dcfa1647935fa5960b16bb8e1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9265 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14480
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b12cc581cd4878d74b6116ca02c7dbe650c1f242
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-24.html
CVE-2018-9264 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the ADB dissector ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14460
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0290a62be0fca8da9bb190f59dc1fe26c1d65024
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-16.html
CVE-2018-9263 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the Kerberos dissector ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14576
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4fe65168fd0de81306710330aa414f10f53cbdf0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-23.html
CVE-2018-9262 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the VLAN dissector ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14469
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f05c3b91f9571210b86576ee6284e71a3306109d
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-19.html
CVE-2018-9261 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the NBAP dissector ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14471
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=66bc372716e04d6a8afdf6712583c9b5d11fee55
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-18.html
CVE-2018-9260 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the IEEE 802.15.4 ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14468
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=14d6f717d8ea27688af48532edb1d29f502ea8f0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-17.html
CVE-2018-9259 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the MP4 dissector ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2113179835b37549f245ac7c05ff2b96276893e4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-15.html
CVE-2018-9258 (In Wireshark 2.4.0 to 2.4.5, the TCP dissector could crash. This was ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14472
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2d4695de1477df60b0188fd581c0c279db601978
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-21.html
CVE-2018-9257 (In Wireshark 2.4.0 to 2.4.5, the CQL dissector could go into an ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14530
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d7a9501b0439a5dbf24016a95b4896170d789dc2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-22.html
CVE-2018-9256 (In Wireshark 2.4.0 to 2.4.5 and 2.2.0 to 2.2.13, the LWAPP dissector ...)
	- wireshark 2.4.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14467
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dac48f148538c706c446e5105d84ebcb54587528
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-20.html
CVE-2018-9255
	RESERVED
CVE-2018-9254
	RESERVED
CVE-2018-9253
	RESERVED
CVE-2018-9252 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/173
	NOTE: Negligable impact
CVE-2018-9251 (The xz_decomp function in xzlib.c in libxml2 2.9.8, if --with-lzma is ...)
	- libxml2 <not-affected> (Fix for CVE-2017-18258 not applied, cf. bug #895195)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=794914
	NOTE: Before upstream commit https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: the memlimit argument to lzma_auto_decoder was set to UINT64_MAX, possibly
	NOTE: allowing a malicious LZMA compressed files to consume large amounts of memory
	NOTE: when decompressed. Setting memlimit to UINT64_MAX the limiter is effectively
	NOTE: disabled and "lzma_auto_decoder(&state->strm, UINT64_MAX, 0)" can never result
	NOTE: in LZMA_MEMLIMIT_ERROR outcome because there is no way to exceed UINT64_MAX.
	NOTE: Thus CVE-2018-9251 is only affecting libxml2 if e2a9122b8dde53d320750451e9907a7dcb2ca8bb
CVE-2017-18258 (The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote ...)
	- libxml2 <unfixed> (bug #895245)
	[stretch] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
	[jessie] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
	[wheezy] - libxml2 <postponed> (Minor issue; wait for upstream fix for upstream bug 794914)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=786696
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e2a9122b8dde53d320750451e9907a7dcb2ca8bb
	NOTE: When fixing this issue make sure to not open CVE-2018-9251 and apply
	NOTE: the fix for CVE-2018-9251 / https://bugzilla.gnome.org/show_bug.cgi?id=794914
CVE-2018-9250 (interface\super\edit_list.php in OpenEMR before v5_0_1_1 allows remote ...)
	NOT-FOR-US: OpenEMR
CVE-2018-9249 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass by ...)
	NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9248 (FiberHome VDSL2 Modem HG 150-UB devices allow authentication bypass via ...)
	NOT-FOR-US: FiberHome VDSL2 Modem HG 150-UB devices
CVE-2018-9247 (The upsql function in \Lib\Lib\Action\Admin\DataAction.class.php in ...)
	NOT-FOR-US: Gxlcms QY
CVE-2018-9246
	RESERVED
CVE-2018-9245 (The Ericsson-LG iPECS NMS A.1Ac login portal has a SQL injection ...)
	NOT-FOR-US: Ericsson-LG iPECS NMS A.1Ac login portal
CVE-2018-9242
	RESERVED
CVE-2018-9241
	RESERVED
CVE-2018-9239
	RESERVED
CVE-2018-9238 (proberv.php in Yahei-PHP Proberv 0.4.7 has XSS via the funName ...)
	NOT-FOR-US: Yahei-PHP Proberv
CVE-2018-9237 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the &quot;Site ...)
	NOT-FOR-US: iScripts EasyCreate
CVE-2018-9236 (iScripts EasyCreate 3.2.1 has Stored Cross-Site Scripting in the &quot;Site ...)
	NOT-FOR-US: iScripts EasyCreate
CVE-2018-9235 (iScripts SonicBB 1.0 has Reflected Cross-Site Scripting via the query ...)
	NOT-FOR-US: iScripts SonicBB
CVE-2017-18256 (Brave Browser before 0.13.0 allows remote attackers to cause a denial ...)
	- brave-browser <itp> (bug #864795)
CVE-2016-10718 (Brave Browser before 0.13.0 allows a tab to close itself even if the ...)
	- brave-browser <itp> (bug #864795)
CVE-2018-9234 (GnuPG 2.2.4 and 2.2.5 does not enforce a configuration in which key ...)
	- gnupg2 <unfixed> (low; bug #894983)
	[stretch] - gnupg2 <no-dsa> (Minor issue)
	[jessie] - gnupg2 <no-dsa> (Minor issue)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	NOTE: https://dev.gnupg.org/T3844
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=a17d2d1f690ebe5d005b4589a5fe378b6487c657
CVE-2018-9240 (ncmpc through 0.29 is prone to a NULL pointer dereference flaw. If a ...)
	- ncmpc <unfixed> (low; bug #894724)
	[stretch] - ncmpc <no-dsa> (Minor issue)
	[jessie] - ncmpc <no-dsa> (Minor issue)
	[wheezy] - ncmpc <no-dsa> (Minor issue)
CVE-2018-9233 (Sophos Endpoint Protection 10.7 uses an unsalted SHA-1 hash for ...)
	NOT-FOR-US: Sophos
CVE-2018-9232 (Due to the lack of firmware authentication in the upgrade process of ...)
	NOT-FOR-US: T&W WIFI Repeater BE126 devices
CVE-2018-9231
	RESERVED
CVE-2018-9230 (** DISPUTED ** In OpenResty through 1.13.6.1, URI parameters are ...)
	NOT-FOR-US: OpenResty
CVE-2018-9229
	RESERVED
CVE-2018-9228
	RESERVED
CVE-2018-9227
	RESERVED
CVE-2018-9226
	RESERVED
CVE-2018-9225
	RESERVED
CVE-2018-9224
	RESERVED
CVE-2018-9223
	RESERVED
CVE-2018-9222
	RESERVED
CVE-2018-9221
	RESERVED
CVE-2018-9220
	RESERVED
CVE-2018-9219
	RESERVED
CVE-2018-9218
	RESERVED
CVE-2018-9217
	RESERVED
CVE-2018-9216
	RESERVED
CVE-2018-9215
	RESERVED
CVE-2018-9214
	RESERVED
CVE-2018-9213
	RESERVED
CVE-2018-9212
	RESERVED
CVE-2018-9211
	RESERVED
CVE-2018-9210
	RESERVED
CVE-2018-9209
	RESERVED
CVE-2018-9208
	RESERVED
CVE-2018-9207
	RESERVED
CVE-2018-9206
	RESERVED
CVE-2018-9205 (Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php ...)
	NOT-FOR-US: avatar_uploader
CVE-2018-9204
	RESERVED
CVE-2018-9203
	RESERVED
CVE-2018-9202
	RESERVED
CVE-2018-9201
	RESERVED
CVE-2018-9200
	RESERVED
CVE-2018-9199
	RESERVED
CVE-2018-9198
	RESERVED
CVE-2018-9197
	RESERVED
CVE-2018-9196
	RESERVED
CVE-2018-9195
	RESERVED
CVE-2018-9194
	RESERVED
CVE-2018-9193
	RESERVED
CVE-2018-9192
	RESERVED
CVE-2018-9191
	RESERVED
CVE-2018-9190
	RESERVED
CVE-2018-9189
	RESERVED
CVE-2018-9188
	RESERVED
CVE-2018-9187
	RESERVED
CVE-2018-9186
	RESERVED
CVE-2018-9185
	RESERVED
CVE-2018-9184
	RESERVED
CVE-2018-9183 (The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. ...)
	NOT-FOR-US: Joomla addon
CVE-2018-9182
	RESERVED
CVE-2018-9181
	RESERVED
CVE-2018-9180
	RESERVED
CVE-2018-9179
	RESERVED
CVE-2018-9178
	RESERVED
CVE-2018-9177
	RESERVED
CVE-2018-9176
	RESERVED
CVE-2018-9175 (DedeCMS 5.7 allows remote attackers to execute arbitrary PHP code via ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9174 (sys_verifies.php in DedeCMS 5.7 allows remote attackers to execute ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9173 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: GetSimple CMS
CVE-2018-9172 (The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9171
	RESERVED
CVE-2018-9170
	RESERVED
CVE-2018-9169 (Z-BlogPHP 1.5.1 has XSS via the ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-9168
	RESERVED
CVE-2018-9167
	RESERVED
CVE-2018-9166
	RESERVED
CVE-2018-9165 (The pushdup function in util/decompile.c in libming through 0.4.8 does ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/121
CVE-2018-9164
	RESERVED
CVE-2018-9163 (A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho
CVE-2018-9162 (Contec Smart Home 4.15 devices do not require authentication for ...)
	NOT-FOR-US: Contec Smart Home
CVE-2018-9161 (Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers ...)
	NOT-FOR-US: Prisma Industriale Checkweigher PrismaWEB
CVE-2018-9160 (SickRage before v2018.03.09-1 includes cleartext credentials in HTTP ...)
	NOT-FOR-US: SickRage
CVE-2018-9159 (In Spark before 2.7.2, a remote attacker can read unintended static ...)
	NOT-FOR-US: Spark Java framework (unrelated to src:spark)
CVE-2018-9158 (An issue was discovered on AXIS M1033-W (IP camera) Firmware version ...)
	NOT-FOR-US: AXIS
CVE-2018-9157 (** DISPUTED ** An issue was discovered on AXIS M1033-W (IP camera) ...)
	NOT-FOR-US: AXIS
CVE-2018-9156 (** DISPUTED ** An issue was discovered on AXIS P1354 (IP camera) ...)
	NOT-FOR-US: AXIS
CVE-2018-9155 (Cross-site scripting (XSS) vulnerability in Open-AudIT Professional ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-9154 (There is a reachable abort in the function jpc_dec_process_sot in ...)
	- jasper <removed> (unimportant)
	NOTE: Negligable security impact
CVE-2018-9153 (The plugin upload component in Z-BlogPHP 1.5.1 allows remote attackers ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2017-18255 (The perf_cpu_time_max_percent_handler function in kernel/events/core.c ...)
	- linux 4.11.6-1 (unimportant)
	NOTE: https://git.kernel.org/linus/1572e45a924f254d9570093abde46430c3172e3d
CVE-2015-9259 (In Docker Notary before 0.1, the checkRoot function in ...)
	- notary 0.1~ds1-1
CVE-2015-9258 (In Docker Notary before 0.1, gotuf/signed/verify.go has a Signature ...)
	- notary 0.1~ds1-1
CVE-2018-9152
	RESERVED
CVE-2018-9151 (A NULL pointer dereference bug in the function ...)
	NOT-FOR-US: Kingsoft Internet Security
CVE-2018-9150
	RESERVED
CVE-2018-9149 (The Zyxel Multy X (AC3000 Tri-Band WiFi System) device doesn't use a ...)
	NOT-FOR-US: Zyxel
CVE-2018-9148 (Western Digital WD My Cloud v04.05.00-320 devices embed the session ...)
	NOT-FOR-US: Western Digital WD My Cloud
CVE-2018-9147 (Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage ...)
	NOT-FOR-US: Gespage
CVE-2018-9146
	REJECTED
CVE-2018-9145 (In the DataBuf class in include/exiv2/types.hpp in Exiv2 0.26, an ...)
	- exiv2 <undetermined>
	[wheezy] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
CVE-2018-9144 (In Exiv2 0.26, there is an out-of-bounds read in ...)
	- exiv2 <unfixed> (low)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/254
	NOTE: https://github.com/xiaoqx/pocs/tree/master/exiv2
	NOTE: https://github.com/Exiv2/exiv2/pull/180 intends to fix this
CVE-2018-9143 (On Samsung mobile devices with M(6.0) and N(7.x) software, a heap ...)
	NOT-FOR-US: Samsung
CVE-2018-9142 (On Samsung mobile devices with N(7.x) software, attackers can install ...)
	NOT-FOR-US: Samsung
CVE-2018-9141 (On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, ...)
	NOT-FOR-US: Samsung
CVE-2018-9140 (On Samsung mobile devices with M(6.0) software, the Email application ...)
	NOT-FOR-US: Samsung
CVE-2018-9139 (On Samsung mobile devices with N(7.x) software, a buffer overflow in ...)
	NOT-FOR-US: Samsung
CVE-2018-9138 (An issue was discovered in cplus-dem.c in GNU libiberty, as ...)
	- binutils <unfixed> (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=23008
CVE-2018-9137 (Open-AudIT before 2.2 has CSV Injection. ...)
	NOT-FOR-US: Open-AudIT
CVE-2018-9136 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
	NOT-FOR-US: Jungo
CVE-2018-9135 (In ImageMagick 7.0.7-24 Q16, there is a heap-based buffer over-read in ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1009
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/361ed689cc8e56fd125f9d0d6508e9eb303bdca6
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4f7196b0b7539b113f2580b6a77aa496813d8899
	NOTE: webp support not enabled, see #806425
CVE-2018-9134 (file_manage_control.php in DedeCMS 5.7 has CSRF in an fmdo=rename ...)
	NOT-FOR-US: DedeCMS
CVE-2018-9133 (ImageMagick 7.0.7-26 Q16 has excessive iteration in the DecodeLabImage ...)
	- imagemagick <unfixed> (low; bug #894848)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1072
	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/089fca04e0130549fa15f48ace3f56e30a06049a
	NOTE: IM7: https://github.com/ImageMagick/ImageMagick/commit/19b96ba61431914e2ac316b72c0789965f2b7c09
CVE-2018-9132 (libming 0.4.8 has a NULL pointer dereference in the getInt function of ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/133
CVE-2018-9131 (Reaper 5.78 suffers from a local buffer overflow that allows code ...)
	NOT-FOR-US: Reaper
CVE-2018-9130 (IBOS 4.4.3 has XSS via a company full name. ...)
	NOT-FOR-US: IBOS
CVE-2018-9129
	RESERVED
CVE-2018-9128 (DVD X Player Standard 5.5.3.9 has a Buffer Overflow via a crafted .plf ...)
	NOT-FOR-US: DVD X Player Standard
CVE-2018-9127 (Botan 2.2.0 - 2.4.0 (fixed in 2.5.0) improperly handled wildcard ...)
	- botan 2.4.0-5 (bug #894648)
CVE-2018-9126 (The DNNArticle module 11 for DNN (formerly DotNetNuke) allows remote ...)
	NOT-FOR-US: DNN
CVE-2018-9125
	RESERVED
CVE-2018-9124
	RESERVED
CVE-2018-9123 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a User ...)
	NOT-FOR-US: Crea8social
CVE-2018-9122 (In Crea8social 2018.2, there is Reflected Cross-Site Scripting via the ...)
	NOT-FOR-US: Crea8social
CVE-2018-9121 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post ...)
	NOT-FOR-US: Crea8social
CVE-2018-9120 (In Crea8social 2018.2, there is Stored Cross-Site Scripting via a post. ...)
	NOT-FOR-US: Crea8social
CVE-2018-9119 (An attacker with physical access to a BrilliantTS FUZE card (MCU ...)
	NOT-FOR-US: BrilliantTS FUZE card
CVE-2018-9118 (exports/download.php in the 99 Robots WP Background Takeover ...)
	NOT-FOR-US: 99 Robots WP Background Takeover Advertisements plugin for WordPress
CVE-2018-9117 (WireMock before 2.16.0 contains a vulnerability that allows a remote ...)
	NOT-FOR-US: WireMock
CVE-2018-9116 (An XXE vulnerability within WireMock before 2.16.0 allows a remote ...)
	NOT-FOR-US: WireMock
CVE-2018-9115 (Systematic SitaWare 6.4 SP2 does not validate input from other sources ...)
	NOT-FOR-US: Systematic SitaWare
CVE-2018-9114
	RESERVED
CVE-2018-9113 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.12 allows ...)
	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
CVE-2018-9112 (A low privileged admin account with a weak default password of admin ...)
	NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9111 (Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T ...)
	NOT-FOR-US: Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE
CVE-2018-9110 (Studio 42 elFinder before 2.1.37 on Windows has Directory Traversal via ...)
	NOT-FOR-US: Studio 42 elFinder
CVE-2018-9109 (Studio 42 elFinder before 2.1.36 has Directory Traversal via the ...)
	NOT-FOR-US: Studio 42 elFinder
CVE-2018-9108 (CSRF in /admin/user/manage/add in QuickAppsCMS 2.0.0-beta2 allows an ...)
	NOT-FOR-US: QuickAppsCMS
CVE-2018-9107 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
	NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9106 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
	NOT-FOR-US: Acyba AcyMailing extension for Joomla!
CVE-2018-9105 (NordVPN 3.3.10 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: NordVPN
CVE-2018-9104 (A vulnerability in the conferencing component of Mitel MiVoice ...)
	NOT-FOR-US: Mitel
CVE-2018-9103 (A vulnerability in the conferencing component of Mitel MiVoice ...)
	NOT-FOR-US: Mitel
CVE-2018-9102 (A vulnerability in the conferencing component of Mitel MiVoice ...)
	NOT-FOR-US: Mitel
CVE-2018-9101 (A vulnerability in the conferencing component of Mitel MiVoice ...)
	NOT-FOR-US: Mitel
CVE-2018-9100
	RESERVED
CVE-2018-9099
	RESERVED
CVE-2018-9098
	RESERVED
CVE-2018-9097
	RESERVED
CVE-2018-9096
	RESERVED
CVE-2018-9095
	RESERVED
CVE-2018-9094
	RESERVED
CVE-2018-9093
	RESERVED
CVE-2018-9092 (There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that ...)
	NOT-FOR-US: MiniCMS
CVE-2018-9091
	RESERVED
CVE-2018-9090
	RESERVED
CVE-2018-9089
	RESERVED
CVE-2018-9088
	RESERVED
CVE-2018-9087
	RESERVED
CVE-2018-9086
	RESERVED
CVE-2018-9085
	RESERVED
CVE-2018-9084
	RESERVED
CVE-2018-9083
	RESERVED
CVE-2018-9082
	RESERVED
CVE-2018-9081
	RESERVED
CVE-2018-9080
	RESERVED
CVE-2018-9079
	RESERVED
CVE-2018-9078
	RESERVED
CVE-2018-9077
	RESERVED
CVE-2018-9076
	RESERVED
CVE-2018-9075
	RESERVED
CVE-2018-9074
	RESERVED
CVE-2018-9073
	RESERVED
CVE-2018-9072
	RESERVED
CVE-2018-9071
	RESERVED
CVE-2018-9070
	RESERVED
CVE-2018-9069
	RESERVED
CVE-2018-9068
	RESERVED
CVE-2018-9067
	RESERVED
CVE-2018-9066
	RESERVED
CVE-2018-9065
	RESERVED
CVE-2018-9064
	RESERVED
CVE-2018-9063 (MapDrv (C:\Program Files\Lenovo\System Update\mapdrv.exe) In Lenovo ...)
	NOT-FOR-US: Lenovo
CVE-2018-9062
	RESERVED
CVE-2018-9061
	RESERVED
CVE-2018-9060 (R 3.4.4 suffers from a local buffer overflow that allows code ...)
	- r-base <not-affected> (R on Linux doesn't ship the GUI, likely non-issue for Windows as well, see #897254)
	NOTE: https://github.com/bzyo/CVE-PoCs/tree/master/CVE-2018-9060
	NOTE: https://github.com/wch/r-source/commit/c7263b067451b9cd553c4f42dd2b54b82689fbb4
CVE-2018-9059 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 7.2 ...)
	NOT-FOR-US: Easy File Sharing (EFS)
CVE-2018-9058 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop in the ...)
	- lrzip 0.631+git180517-1 (unimportant)
	NOTE: https://github.com/ckolivas/lrzip/issues/93
	NOTE: No security impact
CVE-2018-7600 (Drupal before 7.58, 8.x before 8.3.9, 8.4.x before 8.4.6, and 8.5.x ...)
	{DSA-4156-1 DLA-1325-1}
	- drupal7 7.58-1 (bug #894259)
	NOTE: https://www.drupal.org/sa-core-2018-002
	NOTE: https://groups.drupal.org/security/faq-2018-002
	NOTE: https://www.drupal.org/psa-2018-001
	NOTE: Drupal 7.x Patch: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5
CVE-2018-9057 (aws/resource_aws_iam_user_login_profile.go in the HashiCorp Terraform ...)
	NOT-FOR-US: HashiCorp Terraform Amazon Web Services
CVE-2018-9056 (Systems with microprocessors utilizing speculative execution may allow ...)
	NOTE: Hardware side channel attack
	NOTE: http://www.cs.ucr.edu/~nael/pubs/asplos18.pdf
CVE-2018-9055 (JasPer 2.0.14 allows denial of service via a reachable assertion in the ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/172
	NOTE: Negligable impact
CVE-2018-9054 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9053 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9052 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9051 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9050 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9049 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9048 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9047 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9046 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9045 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-9044 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9043 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9042 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9041 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9040 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9039 (In Octopus Deploy 2.0 and later before 2018.3.7, an authenticated user, ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-9038 (Monstra CMS 3.0.4 allows remote attackers to delete files via an ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-9037 (Monstra CMS 3.0.4 allows remote code execution via an upload_file ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-9036
	RESERVED
CVE-2018-9035 (CSV Injection vulnerability in ExportToCsvUtf8.php of the Contact Form ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9034 (Cross-site scripting (XSS) vulnerability in lib/interface.php of the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9033
	RESERVED
CVE-2018-9032 (An authentication bypass vulnerability on D-Link DIR-850L Wireless ...)
	NOT-FOR-US: D-Link
CVE-2018-9031 (The login interface on TNLSoftSolutions Sentry Vision 3.x devices ...)
	NOT-FOR-US: TNLSoftSolutions Sentry Vision 3.x devices
CVE-2018-9030
	RESERVED
CVE-2018-9029
	RESERVED
CVE-2018-9028
	RESERVED
CVE-2018-9027
	RESERVED
CVE-2018-9026
	RESERVED
CVE-2018-9025
	RESERVED
CVE-2018-9024
	RESERVED
CVE-2018-9023
	RESERVED
CVE-2018-9022
	RESERVED
CVE-2018-9021
	RESERVED
CVE-2017-18254 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/24d5699753170c141b46816284430516c2d48fed
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/53ea13989003cdb4955024f95b4a0158a2e871c6
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/808
CVE-2017-18253 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/794
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/de5deab202c340162b65f65bafbbe17b1eda2c1a
CVE-2017-18252 (An issue was discovered in ImageMagick 7.0.7. The MogrifyImageList ...)
	- imagemagick <unfixed> (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/802
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/12f34b60564de1cbec08e23e2413dab5b64daeb7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb04ccb34fd45e9c3020786857fb79b09f44d7db
CVE-2017-18251 (An issue was discovered in ImageMagick 7.0.7. A memory leak ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/809
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/12a43437fec6f9245327636dc2730863bb9fdd8b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/99718b41102f26f802311045e882aa947ef2941b
CVE-2017-18250 (An issue was discovered in ImageMagick 7.0.7. A NULL pointer ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/793
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2f368e74a51ec7541b6595af712d17d6d1376534
CVE-2017-18249 (The add_free_nid function in fs/f2fs/node.c in the Linux kernel before ...)
	- linux 4.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/30a61ddf8117c26ac5b295e1233eaa9629a94ca3
CVE-2017-18248 (The add_job function in scheduler/ipp.c in CUPS before 2.2.6, when ...)
	- cups 2.2.6-1
	NOTE: https://github.com/apple/cups/commit/49fa4983f25b64ec29d548ffa3b9782426007df3
	NOTE: https://github.com/apple/cups/issues/5143
CVE-2018-9020 (The Events Manager plugin before 5.8.1.2 for WordPress allows XSS via ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-9019
	RESERVED
CVE-2018-9018 (In GraphicsMagick 1.3.28, there is a divide-by-zero in the ReadMNGImage ...)
	{DLA-1322-1}
	- graphicsmagick 1.3.28-2 (bug #894396)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/554/
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/84040fada1ee
CVE-2018-9017 (dsmall v20180320 allows XSS via the member search box at the ...)
	NOT-FOR-US: dsmall
CVE-2018-9016 (dsmall v20180320 allows XSS via the main page search box at the ...)
	NOT-FOR-US: dsmall
CVE-2018-9015 (dsmall v20180320 allows XSS via the ...)
	NOT-FOR-US: dsmall
CVE-2018-9014 (dsmall v20180320 allows physical path leakage via a ...)
	NOT-FOR-US: dsmall
CVE-2018-9013
	RESERVED
CVE-2018-9012
	RESERVED
CVE-2018-9011
	RESERVED
CVE-2018-9010 (Intelbras TELEFONE IP TIP200/200 LITE 60.0.75.29 devices allow remote ...)
	NOT-FOR-US: Intelbras
CVE-2018-9009 (In libming 0.4.8, there is a use-after-free in the decompileJUMP ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/131
CVE-2018-9008
	RESERVED
CVE-2018-9007 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9006 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9005 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9004 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9003 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9002 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9001 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-9000 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8999 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8998 (In Advanced SystemCare Ultimate 11.0.1.58, the driver file ...)
	NOT-FOR-US: Advanced SystemCare Ultimate
CVE-2018-8997 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8996 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8995 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8994 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8993 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8992 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8991 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8990 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8989 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8988 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Master (aka Windows Optimization Master)
CVE-2018-8987
	RESERVED
CVE-2018-8986
	RESERVED
CVE-2018-8985
	RESERVED
CVE-2018-8984
	RESERVED
CVE-2018-8983
	RESERVED
CVE-2018-8982
	RESERVED
CVE-2018-8981
	RESERVED
CVE-2018-8980
	RESERVED
CVE-2018-8979 (Open-AudIT Professional 2.1 has CSRF, as demonstrated by modifying a ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8978 (Open-AudIT Professional 2.1 has XSS via a crafted src attribute of an ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8977 (In Exiv2 0.26, the Exiv2::Internal::printCsLensFFFF function in ...)
	[experimental] - exiv2 <unfixed> (bug #894179)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/247
CVE-2018-8976 (In Exiv2 0.26, jpgimage.cpp allows remote attackers to cause a denial ...)
	- exiv2 <unfixed> (low)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/246
CVE-2018-8975 (The pm_mallocarray2 function in lib/util/mallocvar.c in Netpbm through ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
	NOTE: Debian uses an unaffected fork
CVE-2018-8974 (Centers for Disease Control and Prevention MicrobeTRACE 0.1.11 allows ...)
	NOT-FOR-US: Centers for Disease Control and Prevention MicrobeTRACE
CVE-2018-8973 (OTCMS 3.20 allows XSS by adding a keyword or link to an article, as ...)
	NOT-FOR-US: OTCMS
CVE-2018-8972 (Creditwest Bank CMS Project (aka CWCMS) through 2017-07-28 has CSRF in ...)
	NOT-FOR-US: Creditwest Bank CMS Project (aka CWCMS)
CVE-2018-8970 (The int_x509_param_set_hosts function in lib/libcrypto/x509/x509_vpm.c ...)
	- libressl <itp> (bug #754513)
CVE-2018-8969 (An issue was discovered in zzcms 8.2. user/licence_save.php allows ...)
	NOT-FOR-US: zzcms
CVE-2018-8968 (An issue was discovered in zzcms 8.2. user/manage.php allows remote ...)
	NOT-FOR-US: zzcms
CVE-2018-8967 (An issue was discovered in zzcms 8.2. It allows SQL injection via the ...)
	NOT-FOR-US: zzcms
CVE-2018-8966 (An issue was discovered in zzcms 8.2. It allows PHP code injection via ...)
	NOT-FOR-US: zzcms
CVE-2018-8965 (An issue was discovered in zzcms 8.2. user/ppsave.php allows remote ...)
	NOT-FOR-US: zzcms
CVE-2015-9257 (BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 ...)
	NOT-FOR-US: BMC Remedy Action Request (AR) System
CVE-2018-8964 (In libming 0.4.8, the decompileDELETE function of decompile.c has a ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8963 (In libming 0.4.8, the decompileGETVARIABLE function of decompile.c has ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8962 (In libming 0.4.8, the decompileSingleArgBuiltInFunctionCall function of ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8961 (In libming 0.4.8, the decompilePUSHPARAM function of decompile.c has a ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/130
CVE-2018-8960 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-26 Q16 ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1020
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/23f6beef78cfe806cabc090a015e73557d60788e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7c0b29f621ebcce1a35c0e6c1992c9043b3bb1bd
CVE-2018-8959
	RESERVED
CVE-2018-8958
	RESERVED
CVE-2018-8957 (CoverCMS v1.1.6 has XSS via the fourth input box to index.php, related ...)
	NOT-FOR-US: CoverCMS
CVE-2018-8956
	RESERVED
CVE-2018-8955
	RESERVED
CVE-2018-8954 (CA Workload Control Center before r11.4 SP6 allows remote attackers to ...)
	NOT-FOR-US: CA Workload Control Center
CVE-2018-8953 (CA Workload Automation AE before r11.3.6 SP7 allows remote attackers ...)
	NOT-FOR-US: CA Workload Automation AE
CVE-2018-8952
	RESERVED
CVE-2018-8951
	RESERVED
CVE-2018-8950
	RESERVED
CVE-2018-8949 (An issue was discovered in app/Model/Attribute.php in MISP before ...)
	NOT-FOR-US: MISP
CVE-2018-8948 (In MISP before 2.4.89, app/View/Events/resolved_attributes.ctp has ...)
	NOT-FOR-US: MISP
CVE-2018-8947 (rap2hpoutre Laravel Log Viewer before v0.13.0 relies on Base64 encoding ...)
	NOT-FOR-US: rap2hpoutre Laravel Log Viewer
CVE-2018-1000141 (I, Librarian version 4.9 and earlier contains an Incorrect Access ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/124
CVE-2018-1000140 (rsyslog librelp version 1.2.14 and earlier contains a Buffer Overflow ...)
	{DSA-4151-1}
	- librelp 1.2.15-1
	[wheezy] - librelp <not-affected> (vulnerable code not present)
	NOTE: https://www.rsyslog.com/cve-2018-1000140/
	NOTE: Fixed by: https://github.com/rsyslog/librelp/commit/2cfe657672636aa5d7d2a14cfcb0a6ab9d1f00cf
CVE-2018-1000139 (I, Librarian version 4.8 and earlier contains a Cross Site Scripting ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/119
CVE-2018-1000138 (I, Librarian version 4.8 and earlier contains a SSRF vulnerability in ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/120
CVE-2018-1000137 (I, Librarian version 4.8 and earlier contains a Cross site Request ...)
	- i-librarian <itp> (bug #649291)
	NOTE: https://github.com/mkucej/i-librarian/issues/121
CVE-2017-18247 (The av_audio_fifo_size function in libavutil/audio_fifo.c in Libav 12.2 ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1089
CVE-2017-18246 (The pcm_encode_frame function in libavcodec/pcm.c in Libav 12.2 allows ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1095
CVE-2017-18245 (The mpc8_probe function in libavformat/mpc8.c in Libav 12.2 allows ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1094
CVE-2018-8971 (The Auth0 integration in GitLab before 10.3.9, 10.4.x before 10.4.6, ...)
	- gitlab 10.5.6+dfsg-1 (bug #893905)
	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8946
	RESERVED
CVE-2018-8945 (The bfd_section_from_shdr function in elf.c in the Binary File ...)
	- binutils <unfixed> (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22809
CVE-2018-8944 (PHPOK 4.8.338 has an arbitrary file upload vulnerability. ...)
	NOT-FOR-US: PHPOK
CVE-2018-8943 (There is a SQL injection in the PHPSHE 1.6 userbank parameter. ...)
	NOT-FOR-US: PHPSE
CVE-2018-8942 (Xiuno BBS 4.0.0 has XSS in the adminpage sitename parameter. ...)
	NOT-FOR-US: Xiuno BBS
CVE-2017-18244 (The stereo_processing function in libavcodec/aacps.c in Libav 12.2 ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1105
CVE-2017-18243 (The unpack_parse_unit function in libavcodec/dirac_parser.c in Libav ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1088
CVE-2017-18242 (The apply_dependent_coupling function in libavcodec/aacdec.c in Libav ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1093
CVE-2018-8941 (Diagnostics functionality on D-Link DSL-3782 devices with firmware EU ...)
	NOT-FOR-US: D-Link
CVE-2018-8940
	RESERVED
CVE-2018-8939 (An SSRF issue was discovered in NmAPI.exe in Ipswitch WhatsUp Gold ...)
	NOT-FOR-US: Ipswitch
CVE-2018-8938 (A Code Injection issue was discovered in DlgSelectMibFile.asp in ...)
	NOT-FOR-US: Ipswitch
CVE-2018-8937 (An issue was discovered in Open-AudIT Professional 2.1. It is possible ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8936 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
	NOT-FOR-US: AMD
CVE-2018-8935 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...)
	NOT-FOR-US: AMD
CVE-2018-8934 (The Promontory chipset, as used in AMD Ryzen and Ryzen Pro platforms, ...)
	NOT-FOR-US: AMD
CVE-2018-8933 (The AMD EPYC Server processor chips have insufficient access control ...)
	NOT-FOR-US: AMD
CVE-2018-8932 (The AMD Ryzen and Ryzen Pro processor chips have insufficient access ...)
	NOT-FOR-US: AMD
CVE-2018-8931 (The AMD Ryzen, Ryzen Pro, and Ryzen Mobile processor chips have ...)
	NOT-FOR-US: AMD
CVE-2018-8930 (The AMD EPYC Server, Ryzen, Ryzen Pro, and Ryzen Mobile processor chips ...)
	NOT-FOR-US: AMD
CVE-2018-8929
	RESERVED
CVE-2018-8928
	RESERVED
CVE-2018-8927
	RESERVED
CVE-2018-8926
	RESERVED
CVE-2018-8925
	RESERVED
CVE-2018-8924
	RESERVED
CVE-2018-8923
	RESERVED
CVE-2018-8922
	RESERVED
CVE-2018-8921
	RESERVED
CVE-2018-8920
	RESERVED
CVE-2018-8919
	RESERVED
CVE-2018-8918
	RESERVED
CVE-2018-8917
	RESERVED
CVE-2018-8916
	RESERVED
CVE-2018-8915 (Cross-site scripting (XSS) vulnerability in Notification Center in ...)
	NOT-FOR-US: Synology
CVE-2018-8914 (SQL injection vulnerability in UPnP DMA in Synology Media Server ...)
	NOT-FOR-US: Synology Media Server
CVE-2018-8913
	RESERVED
CVE-2018-8912 (Cross-site scripting (XSS) vulnerability in SYNO.NoteStation.Note in ...)
	NOT-FOR-US: Synology Note Station
CVE-2018-8911 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
	NOT-FOR-US: Synology Note Station
CVE-2018-8910 (Cross-site scripting (XSS) vulnerability in Attachment Preview in ...)
	NOT-FOR-US: Synology
CVE-2018-8909 (The Wire application before 2018-03-07 for Android allows attackers to ...)
	NOT-FOR-US: Wire application for Android
CVE-2018-8908 (An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The ...)
	NOT-FOR-US: Frog CMS
CVE-2018-8907
	RESERVED
CVE-2018-8906 (dsmall v20180320 has XSS via a crafted street address to ...)
	NOT-FOR-US: dsmall
CVE-2018-8905 (In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function ...)
	{DLA-1378-1 DLA-1377-1}
	- tiff <unfixed> (bug #893806)
	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
	[jessie] - tiff <postponed> (Can be fixed along in a future DSA)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2780
	NOTE: https://gitlab.com/libtiff/libtiff/commit/58a898cb4459055bb488ca815c23b880c242a27d
CVE-2018-8904 (In Windows Master (aka Windows Optimization Master) 7.99.13.604, the ...)
	NOT-FOR-US: Windows Optimization Master
CVE-2018-8903 (Open-AudIT Professional 2.1 allows XSS via the Name or Description ...)
	NOT-FOR-US: Open-AudIT Professional
CVE-2018-8902
	RESERVED
CVE-2018-8901
	RESERVED
CVE-2018-8900 (The License Manager service of HASP SRM, Sentinel HASP and Sentinel ...)
	NOT-FOR-US: HASP SRM
CVE-2018-8899 (IdentityServer IdentityServer4 1.x before 1.5.3 and 2.x before 2.1.3 ...)
	NOT-FOR-US: IdentityServer
CVE-2018-8898
	RESERVED
CVE-2018-8897 (A statement in the System Programming Guide of the Intel 64 and IA-32 ...)
	{DSA-4201-1 DSA-4196-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/d8ba61ba58c88d5207c1ba2f7d9a2280e7d03be9 (4.16-rc7)
	- xen <unfixed>
	NOTE: https://xenbits.xen.org/xsa/advisory-260.html
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/4
CVE-2018-8896 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8895 (In 2345 Security Guard 3.6, the driver file (2345DumpBlock.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8894 (In 2345 Security Guard 3.6, the driver file (2345BdPcSafe.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8893 (Z-BlogPHP 1.5.1 Zero has CSRF in plugin_edit.php, resulting in the ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-8892
	RESERVED
CVE-2018-8891
	RESERVED
CVE-2018-8890
	RESERVED
CVE-2018-8889
	RESERVED
CVE-2018-8888
	RESERVED
CVE-2018-8887
	RESERVED
CVE-2018-8886
	RESERVED
CVE-2018-8885 (screenresolution-mechanism in screen-resolution-extra 0.17.2 does not ...)
	NOT-FOR-US: screen-resolution-extra
CVE-2018-1000136 (Electron version 1.7 up to 1.7.12; 1.8 up to 1.8.3 and 2.0.0 up to ...)
	- electron <itp> (bug #842420)
CVE-2017-18241 (fs/f2fs/segment.c in the Linux kernel before 4.13 allows local users to ...)
	{DSA-4188-1 DSA-4187-1}
	- linux 4.13.4-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/d4fdf8ba0e5808ba9ad6b44337783bd9935e0982
CVE-2016-10717 (A vulnerability in the encryption and permission implementation of ...)
	NOT-FOR-US: Malwarebytes Anti-Malware
CVE-2018-8884
	RESERVED
CVE-2018-8883 (Netwide Assembler (NASM) 2.13.02rc2 has a buffer over-read in the ...)
	- nasm <unfixed> (low; bug #894847)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392447
CVE-2018-8882 (Netwide Assembler (NASM) 2.13.02rc2 has a stack-based buffer under-read ...)
	- nasm <unfixed> (low; bug #894846)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392445
CVE-2018-8881 (Netwide Assembler (NASM) 2.13.02rc2 has a heap-based buffer over-read ...)
	- nasm 2.13.02-0.1 (low)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <ignored> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392446
	NOTE: http://repo.or.cz/nasm.git/commit/3144e84add8b152cc7a71e44617ce6f21daa4ba3 (nasm-2.13.02rc3)
CVE-2018-8880 (Lutron Quantum BACnet Integration 2.0 (firmware 3.2.243) doesn't check ...)
	NOT-FOR-US: Lutron Quantum BACnet Integration
CVE-2018-8879
	RESERVED
CVE-2018-8878
	RESERVED
CVE-2018-8877
	RESERVED
CVE-2018-8876 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8875 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8874 (In 2345 Security Guard 3.6, the driver file (2345Wrath.sys) allows ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8873 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8872 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions ...)
	NOT-FOR-US: Schneider
CVE-2018-8871
	RESERVED
CVE-2018-8870
	RESERVED
CVE-2018-8869 (In Lantech IDS 2102 2.0 and prior, nearly all input fields allow for ...)
	NOT-FOR-US: Lantech
CVE-2018-8868
	RESERVED
CVE-2018-8867 (In GE PACSystems RX3i CPE305/310 version 9.20 and prior, RX3i CPE330 ...)
	NOT-FOR-US: GE PACSystems
CVE-2018-8866 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker on an ...)
	NOT-FOR-US: Vecna VGo Robot
CVE-2018-8865 (In Lantech IDS 2102 2.0 and prior, a stack-based buffer overflow ...)
	NOT-FOR-US: Lantech
CVE-2018-8864
	RESERVED
CVE-2018-8863
	RESERVED
CVE-2018-8862
	RESERVED
CVE-2018-8861 (Vulnerabilities within the Philips Brilliance CT kiosk environment ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8860 (In Vecna VGo Robot versions prior to 3.0.3.52164, an attacker may be ...)
	NOT-FOR-US: Vecna VGo Robot
CVE-2018-8859
	RESERVED
CVE-2018-8858
	RESERVED
CVE-2018-8857 (Philips Brilliance CT software (Brilliance 64 version 2.6.2 and prior, ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8856
	RESERVED
CVE-2018-8855
	RESERVED
CVE-2018-8854
	RESERVED
CVE-2018-8853 (Philips Brilliance CT devices operate user functions from within a ...)
	NOT-FOR-US: Philips Brilliance
CVE-2018-8852
	RESERVED
CVE-2018-8851
	RESERVED
CVE-2018-8850
	RESERVED
CVE-2018-8849 (Medtronic N'Vision Clinician Programmer 8840 N'Vision Clinician ...)
	NOT-FOR-US: Medtronic
CVE-2018-8848
	RESERVED
CVE-2018-8847
	RESERVED
CVE-2018-8846
	RESERVED
CVE-2018-8845 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-8844
	RESERVED
CVE-2018-8843 (Rockwell Automation Arena versions 16.10.00 and prior contains a use ...)
	NOT-FOR-US: Rockwell
CVE-2018-8842
	RESERVED
CVE-2018-8841 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-8840 (A remote attacker could send a carefully crafted packet in InduSoft ...)
	NOT-FOR-US: InduSoft
CVE-2018-8839 (Delta PMSoft versions 2.10 and prior have multiple stack-based buffer ...)
	NOT-FOR-US: Delta PMSoft
CVE-2018-8838 (A weakness in access controls in CENTUM CS 1000 all versions, CENTUM ...)
	NOT-FOR-US: CENTUM
CVE-2018-8837 (Processing specially crafted .pm3 files in Advantech WebAccess HMI ...)
	NOT-FOR-US: Advantech
CVE-2018-8836 (Wago 750 Series PLCs with firmware version 10 and prior include a ...)
	NOT-FOR-US: Wago 750 Series PLCs
CVE-2018-8835 (Double free vulnerabilities in Advantech WebAccess HMI Designer ...)
	NOT-FOR-US: Advantech
CVE-2018-8834 (Parsing malformed project files in Omron CX-One versions 4.42 and ...)
	NOT-FOR-US: Omron
CVE-2018-8833 (Heap-based buffer overflow vulnerabilities in Advantech WebAccess HMI ...)
	NOT-FOR-US: Advantech
CVE-2018-8832 (enhavo 0.4.0 has XSS via a user-group that contains executable ...)
	NOT-FOR-US: enhavo
CVE-2018-8831 (A Persistent XSS vulnerability exists in Kodi (formerly XBMC) through ...)
	- kodi <unfixed> (low)
	[stretch] - kodi <no-dsa> (Minor issue)
	- xbmc <removed>
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2018/Apr/36
	NOTE: https://trac.kodi.tv/ticket/17814
CVE-2018-8830
	RESERVED
CVE-2018-8829
	RESERVED
CVE-2018-8828 (A Buffer Overflow issue was discovered in Kamailio before 4.4.7, 5.0.x ...)
	{DSA-4148-1}
	- kamailio 5.1.2-1
	NOTE: https://github.com/EnableSecurity/advisories/tree/master/ES2018-05-kamailio-heap-overflow
	NOTE: https://github.com/kamailio/kamailio/commit/e1d8008a09d9390ebaf698abe8909e10dfec4097
CVE-2018-8827
	RESERVED
CVE-2018-8826 (ASUS RT-AC51U, RT-AC58U, RT-AC66U, RT-AC1750, RT-ACRH13, and RT-N12 D1 ...)
	NOT-FOR-US: ASUS routers
CVE-2018-8825
	RESERVED
CVE-2018-8824 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu ...)
	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
CVE-2018-8823 (modules/bamegamenu/ajax_phpcode.php in the Responsive Mega Menu ...)
	NOT-FOR-US: Responsive Mega Menu Pro module for PrestaShop
CVE-2018-8822 (Incorrect buffer length handling in the ncp_read_kernel function in ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
CVE-2018-1000135 (GNOME NetworkManager version 1.10.2 and earlier contains a Information ...)
	- network-manager <unfixed> (bug #895658)
	[stretch] - network-manager <no-dsa> (Minor issue)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1754671
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746422
	NOTE: https://cgit.freedesktop.org/NetworkManager/NetworkManager/log/?h=bg/dns-bgo746422
	NOTE: Merge: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d9782589248e61c0cb5aec90e3eb62612891116b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553634
CVE-2018-8821 (windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers ...)
	NOT-FOR-US: windrvr1260.sys in Jungo DriverWizard WinDriver
CVE-2018-8820 (An issue was discovered in Square 9 GlobalForms 6.2.x. A Time Based ...)
	NOT-FOR-US: Square 9
CVE-2018-8819
	RESERVED
CVE-2018-8818
	RESERVED
CVE-2018-8817 (Wampserver before 3.1.3 has CSRF in add_vhost.php. ...)
	NOT-FOR-US: Wampserver
CVE-2018-8816
	RESERVED
CVE-2018-8815 (Cross-site scripting (XSS) vulnerability in the gallery function in ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2018-8814 (Cross-site request forgery (CSRF) vulnerability in WolfCMS 0.8.3.1 ...)
	NOT-FOR-US: WolfCMS
CVE-2018-8813 (Open redirect vulnerability in the login[redirect] parameter login ...)
	NOT-FOR-US: WolfCMS
CVE-2018-8812
	RESERVED
CVE-2018-8811 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: OpenCMS
CVE-2018-8810 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
	- radare2 <unfixed> (bug #895749)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/radare/radare2/issues/9727
	NOTE: https://github.com/radare/radare2/commit/06c9903be9a1ca46b74571d49027bee2168fbd69
CVE-2018-8809 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
	- radare2 <unfixed> (low; bug #895751)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
	NOTE: https://github.com/radare/radare2/issues/9726
	NOTE: https://github.com/radare/radare2/commit/24282de142000d2ed2c19783b40a1351872dfc54
CVE-2018-8808 (In radare2 2.4.0, there is a heap-based buffer over-read in the ...)
	- radare2 <unfixed> (low; bug #895752)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (minor issue, likely not even affected)
	NOTE: https://github.com/radare/radare2/issues/9725
	NOTE: https://github.com/radare/radare2/commit/a88069940950999d5e2fd16cd7d16c7e956bf516
CVE-2018-8807 (In libming 0.4.8, these is a use-after-free in the function ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/129
CVE-2018-8806 (In libming 0.4.8, there is a use-after-free in the ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/128
CVE-2018-8805 (Yxcms building system (compatible cell phone) v1.4.7 has XSS via the ...)
	NOT-FOR-US: Yxcms
CVE-2018-8804 (WriteEPTImage in coders/ept.c in ImageMagick 7.0.7-25 Q16 allows remote ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f55d3a622d234e940fb99325b92c6d3df578fa9b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6355db269e03f879c516cf9d592c72e157bc75d6
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/1025
CVE-2018-8803
	RESERVED
CVE-2018-8802 (SQL injection vulnerability in the management interface in ePortal ...)
	NOT-FOR-US: ePortal Manager in Unisys ClearPath MCP OS systems
CVE-2018-8801 (GitLab Community and Enterprise Editions version 8.3 up to 10.x before ...)
	- gitlab 10.5.6+dfsg-1 (bug #893905)
	NOTE: https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
CVE-2018-8800
	RESERVED
CVE-2018-8799
	RESERVED
CVE-2018-8798
	RESERVED
CVE-2018-8797
	RESERVED
CVE-2018-8796
	RESERVED
CVE-2018-8795
	RESERVED
CVE-2018-8794
	RESERVED
CVE-2018-8793
	RESERVED
CVE-2018-8792
	RESERVED
CVE-2018-8791
	RESERVED
CVE-2018-8790
	RESERVED
CVE-2018-8789
	RESERVED
CVE-2018-8788
	RESERVED
CVE-2018-8787
	RESERVED
CVE-2018-8786
	RESERVED
CVE-2018-8785
	RESERVED
CVE-2018-8784
	RESERVED
CVE-2018-8783
	RESERVED
CVE-2018-8782
	RESERVED
CVE-2018-8781 (The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://patchwork.freedesktop.org/patch/211845/
	NOTE: Fixed by: https://git.kernel.org/linus/3b82a4db8eaccce735dffd50b4d4e1578099b8e8
CVE-2018-8780 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
	{DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-dir-cve-2018-8780/
	NOTE: https://hackerone.com/reports/302338
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bd5661a3cbb38a8c3a3ea10cd76c88bbef7871b8
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/143eb22f1877815dd802f7928959c5f93d4c7bb3 (2.2.10)
CVE-2018-8779 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
	{DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/poisoned-nul-byte-unixsocket-cve-2018-8779/
	NOTE: https://hackerone.com/reports/302997
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/8794dec6a5f11adc5cdd19a5ee91ea6b0816763f
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/47165eed264d357e78e27371cfef20d5c2bde5d9 (2.2.10)
	NOTE: ruby1.8: test examples from hackerone doesn't work. ext/socket/socket.c:init_unixsock() uses SafeStringValue(path) though.
CVE-2018-8778 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
	{DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/buffer-under-read-unpack-cve-2018-8778/
	NOTE: https://hackerone.com/reports/298246
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/d02b7bd864706fc2a40d83fb6014772ad3cc3b80
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4cd92d7b13002161a3452a0fe278b877901a8859 (2.2.10)
CVE-2018-8777 (In Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
	{DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/large-request-dos-in-webrick-cve-2018-8777/
CVE-2018-XXXX [Multiple vulnerabilities in CiviCRM]
	- civicrm 4.7.30+dfsg-1 (bug #887330)
	NOTE: https://civicrm.org/blog/dev-team/security-release-civicrm-4726-and-4633-monthly-release-4727
CVE-2017-18240 (The Gentoo app-admin/collectd package before 5.7.2-r1 sets the ...)
	TODO: check
CVE-2018-8776
	RESERVED
CVE-2018-8775
	RESERVED
CVE-2018-8774
	RESERVED
CVE-2018-8773
	RESERVED
CVE-2018-8772 (Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on ...)
	NOT-FOR-US: Coship RT3052 4.0.0.48 devices
CVE-2018-8771
	RESERVED
CVE-2018-8770 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8769 (elfutils 0.170 has a buffer over-read in the ebl_dynamic_tag_name ...)
	- elfutils <not-affected> (Issue introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22976
	NOTE: https://sourceware.org/ml/elfutils-devel/2018-q1/msg00078.html
	NOTE: Issue introduced with a merge/update of elf.h from glibc in
	NOTE: https://sourceware.org/git/?p=elfutils.git;a=commit;h=88f3d2daa107b09fdba376a82bce7ed534c93645
	NOTE: when SYMTAB_SHNDX was introduced, but not yet handled in the
	NOTE: ebl_dynamic_tag_name function.
CVE-2018-8767 (joyplus-cms 1.6.0 has XSS in ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8766 (joyplus-cms 1.6.0 allows Remote Code Execution because of an Arbitrary ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8765 (In 2345 Security Guard 3.6, the driver file (2345NetFirewall.sys) ...)
	NOT-FOR-US: 2345 Security Guard
CVE-2018-8764 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 ...)
	- ldap-account-manager 6.3-1
	[stretch] - ldap-account-manager 5.5-1+deb9u1
	[jessie] - ldap-account-manager <not-affected> (Issue introduced later)
	[wheezy] - ldap-account-manager <not-affected> (Issue introduced later)
	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
	NOTE: https://github.com/LDAPAccountManager/lam/commit/993751c7ff0faa07b7c028295152cf9c20349688
CVE-2018-8763 (Roland Gruber Softwareentwicklung LDAP Account Manager before 6.3 has ...)
	{DSA-4165-1 DLA-1342-1}
	- ldap-account-manager 6.3-1
	NOTE: https://github.com/LDAPAccountManager/lam/commit/f1d7aec5fc4aaf516e1d8a6f0eb3082050553302
	NOTE: https://github.com/LDAPAccountManager/lam/commit/16fc7f7e8603c5cb7c129cfbf97fc572b9b8740c
	NOTE: https://github.com/LDAPAccountManager/lam/commit/d4f0d6db966af4dd7d83c978125635f03895b81a
	NOTE: https://www.ldap-account-manager.org/lamcms/node/354
CVE-2018-8762
	RESERVED
CVE-2018-8761 (protected\apps\member\controller\shopcarController.php in Yxcms ...)
	NOT-FOR-US: Yxcms
CVE-2018-8760
	RESERVED
CVE-2018-8759
	RESERVED
CVE-2018-8758
	RESERVED
CVE-2018-8757
	RESERVED
CVE-2018-8756 (Eval injection in yzmphp/core/function/global.func.php in YzmCMS v3.7.1 ...)
	NOT-FOR-US: YzmCMS
CVE-2018-8755
	RESERVED
CVE-2018-8754 (The libevt_record_values_read_event() function in ...)
	{DSA-4160-1}
	- libevt 20180317-1 (bug #893431)
	NOTE: https://github.com/libyal/libevt/commit/444ca3ce7853538c577e0ec3f6146d2d65780734
	NOTE: Impact limited to OOB read, not write
CVE-2018-8753
	RESERVED
CVE-2018-8752
	RESERVED
CVE-2018-8751
	RESERVED
CVE-2018-8750
	RESERVED
CVE-2018-8749
	RESERVED
CVE-2018-8748
	RESERVED
CVE-2018-8747
	RESERVED
CVE-2018-8746
	RESERVED
CVE-2018-8745
	RESERVED
CVE-2018-8744
	RESERVED
CVE-2018-8743
	RESERVED
CVE-2018-8742
	RESERVED
CVE-2017-18239 (A time-sensitive equality check on the JWT signature in the ...)
	NOT-FOR-US: authentikat-jwt
CVE-2018-8768 (In Jupyter Notebook before 5.4.1, a maliciously forged notebook file ...)
	- jupyter-notebook 5.4.1-1 (bug #893436)
	[stretch] - jupyter-notebook <no-dsa> (Minor issue)
	- ipython 5.1.0-2
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <ignored> (Too invasive to fix)
	NOTE: After the reupload of ipython to Debian as 4.1.2-1 via experimental
	NOTE: src:ipython does not provide anymore the Notebook
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/15/2
	NOTE: Fixed by: https://github.com/jupyter/notebook/commit/4e79ebb49acac722b37b03f1fe811e67590d3831
	NOTE: Ipython in Wheezy lacks sanitization of untrusted HTML completely
	NOTE: which means in theory this CVE does not apply. However due to the absence of
	NOTE: sanitization it is recommended not to use Ipython's notebook with untrusted
	NOTE: content. This issue is no-dsa because it cannot be determined if Ipython
	NOTE: in Wheezy is still affected, a fix appears to be to intrusive though. We recommend to
	NOTE: upgrade to a newer version instead.
CVE-2018-8741 (A directory traversal flaw in SquirrelMail 1.4.22 allows an ...)
	{DSA-4168-1 DLA-1344-1}
	- squirrelmail <removed> (bug #893202)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/17/2
	NOTE: https://sourceforge.net/p/squirrelmail/bugs/2846/
	NOTE: https://sourceforge.net/p/squirrelmail/code/14751/
CVE-2018-8740 (In SQLite through 3.22.0, databases whose schema is corrupted using a ...)
	- sqlite3 3.22.0-2 (bug #893195)
	[stretch] - sqlite3 <no-dsa> (Minor issue)
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	[wheezy] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1756349
	NOTE: https://www.sqlite.org/cgi/src/vdiff?from=1774f1c3baf0bc3d&to=d75e67654aa9620b
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=6964
CVE-2018-8739 (VPN Unlimited 4.2.0 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: VPN Unlimited
CVE-2018-1000134 (UnboundID LDAP SDK version from commit ...)
	NOT-FOR-US: UnboundID LDAP SDK
CVE-2018-1000133 (Pitchfork version 1.4.6 RC1 contains an Improper Privilege Management ...)
	NOT-FOR-US: Pitchfork
CVE-2016-10716 (The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS ...)
	NOT-FOR-US: Atlassian Jira plugin
CVE-2016-10715 (The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira ...)
	NOT-FOR-US: Atlassian Jira plugin
CVE-2018-8738
	RESERVED
CVE-2018-8737 (Bookme Control Panel 2.0 Application is vulnerable to stored XSS within ...)
	NOT-FOR-US: Bookme Control Panel Application
CVE-2018-8736 (A privilege escalation vulnerability in Nagios XI 5.2.x through 5.4.x ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8735 (Remote command execution (RCE) vulnerability in Nagios XI 5.2.x through ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8734 (SQL injection vulnerability in the core config manager in Nagios XI ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8733 (Authentication bypass vulnerability in the core config manager in ...)
	NOT-FOR-US: Nagios XI
CVE-2018-8732 (Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows ...)
	NOT-FOR-US: WampServer
CVE-2018-8731
	RESERVED
CVE-2018-8730
	RESERVED
CVE-2018-8729 (Multiple cross-site scripting (XSS) vulnerabilities in the Activity Log ...)
	NOT-FOR-US: Activity Log plugin for WordPress
CVE-2018-8728 (server/app/views/static/code.html in Kontena before 1.5.0 allows XSS in ...)
	NOT-FOR-US: Kontena
CVE-2018-8727
	RESERVED
CVE-2017-18238 (An issue was discovered in Exempi before 2.4.4. The ...)
	{DLA-1310-1}
	- exempi 2.4.4-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102483
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=886cd1d2314755adb1f4cdb99c16ff00830f0331
CVE-2017-18237 (An issue was discovered in Exempi before 2.4.3. The ...)
	- exempi 2.4.3-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101914
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=f19d0107fbae1fb41836cd110d4425e407e64048
CVE-2017-18236 (An issue was discovered in Exempi before 2.4.4. The ...)
	{DLA-1310-1}
	- exempi 2.4.4-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102484
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=fe59605d3520bf2ca4e0a963d194f10e9fee5806
CVE-2017-18235 (An issue was discovered in Exempi before 2.4.3. The VPXChunk class in ...)
	- exempi 2.4.3-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101913
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=9e76a7782a54a242f18d609e7ba32bf1c430a5e4
CVE-2017-18234 (An issue was discovered in Exempi before 2.4.3. It allows remote ...)
	{DLA-1310-1}
	- exempi 2.4.3-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100397
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=c26d5beb60a5a85f76259f50ed3e08c8169b0a0c
CVE-2017-18233 (An issue was discovered in Exempi before 2.4.4. Integer overflow in the ...)
	{DLA-1310-1}
	- exempi 2.4.4-1 (low)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102151
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=65a8492832b7335ffabd01f5f64d89dec757c260
CVE-2018-8726
	RESERVED
CVE-2018-8725
	RESERVED
CVE-2018-8724
	RESERVED
CVE-2018-8723
	RESERVED
CVE-2018-8722 (Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has ...)
	NOT-FOR-US: Zoho
CVE-2018-8721 (Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored ...)
	NOT-FOR-US: Zoho
CVE-2018-8720 (ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name ...)
	NOT-FOR-US: ServiceNow ITSM
CVE-2018-8719 (An issue was discovered in the WP Security Audit Log plugin 3.1.1 for ...)
	NOT-FOR-US: WP Security Audit Log plugin for WordPress
CVE-2018-8718 (Cross-site request forgery (CSRF) vulnerability in the Mailer Plugin ...)
	- jenkins-mailer-plugin <removed>
CVE-2017-18232 (The Serial Attached SCSI (SAS) implementation in the Linux kernel ...)
	{DSA-4187-1}
	- linux 4.15.17-1
	[wheezy] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/0558f33c06bb910e2879e355192227a8e8f0219d
CVE-2018-8717 (joyplus-cms 1.6.0 has CSRF, as demonstrated by adding an administrator ...)
	NOT-FOR-US: joyplus-cms
CVE-2018-8716 (WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2018-8715 (The Embedthis HTTP library, and Appweb versions before 7.0.3, have a ...)
	NOT-FOR-US: Embedthis HTTP library / Appweb
CVE-2018-8714 (Honeywell MatrikonOPC OPC Controller before 5.1.0.0 allows local users ...)
	NOT-FOR-US: Honeywell MatrikonOPC OPC Controller
CVE-2018-8713
	RESERVED
CVE-2018-8712 (An issue was discovered in Webmin 1.840 and 1.880 when the default Yes ...)
	- webmin <removed>
CVE-2018-8711 (A local file inclusion issue was discovered in the WooCommerce Products ...)
	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
CVE-2018-8710 (A remote code execution issue was discovered in the WooCommerce ...)
	NOT-FOR-US: WooCommerce Products Filter (aka WOOF) plugin for WordPress
CVE-2018-8709
	RESERVED
CVE-2018-8708
	RESERVED
CVE-2018-8707
	RESERVED
CVE-2018-8706
	RESERVED
CVE-2018-8705
	RESERVED
CVE-2018-8704
	RESERVED
CVE-2018-8703
	RESERVED
CVE-2018-8702
	RESERVED
CVE-2018-8701
	RESERVED
CVE-2018-8700
	RESERVED
CVE-2018-8699
	RESERVED
CVE-2018-8698
	RESERVED
CVE-2018-8697
	RESERVED
CVE-2018-8696
	RESERVED
CVE-2018-8695
	RESERVED
CVE-2018-8694
	RESERVED
CVE-2018-8693
	RESERVED
CVE-2018-8692
	RESERVED
CVE-2018-8691
	RESERVED
CVE-2018-8690
	RESERVED
CVE-2018-8689
	RESERVED
CVE-2018-8688
	RESERVED
CVE-2018-8687
	RESERVED
CVE-2018-8686
	RESERVED
CVE-2018-8685
	RESERVED
CVE-2018-8684
	RESERVED
CVE-2018-8683
	RESERVED
CVE-2018-8682
	RESERVED
CVE-2018-8681
	RESERVED
CVE-2018-8680
	RESERVED
CVE-2018-8679
	RESERVED
CVE-2018-8678
	RESERVED
CVE-2018-8677
	RESERVED
CVE-2018-8676
	RESERVED
CVE-2018-8675
	RESERVED
CVE-2018-8674
	RESERVED
CVE-2018-8673
	RESERVED
CVE-2018-8672
	RESERVED
CVE-2018-8671
	RESERVED
CVE-2018-8670
	RESERVED
CVE-2018-8669
	RESERVED
CVE-2018-8668
	RESERVED
CVE-2018-8667
	RESERVED
CVE-2018-8666
	RESERVED
CVE-2018-8665
	RESERVED
CVE-2018-8664
	RESERVED
CVE-2018-8663
	RESERVED
CVE-2018-8662
	RESERVED
CVE-2018-8661
	RESERVED
CVE-2018-8660
	RESERVED
CVE-2018-8659
	RESERVED
CVE-2018-8658
	RESERVED
CVE-2018-8657
	RESERVED
CVE-2018-8656
	RESERVED
CVE-2018-8655
	RESERVED
CVE-2018-8654
	RESERVED
CVE-2018-8653
	RESERVED
CVE-2018-8652
	RESERVED
CVE-2018-8651
	RESERVED
CVE-2018-8650
	RESERVED
CVE-2018-8649
	RESERVED
CVE-2018-8648
	RESERVED
CVE-2018-8647
	RESERVED
CVE-2018-8646
	RESERVED
CVE-2018-8645
	RESERVED
CVE-2018-8644
	RESERVED
CVE-2018-8643
	RESERVED
CVE-2018-8642
	RESERVED
CVE-2018-8641
	RESERVED
CVE-2018-8640
	RESERVED
CVE-2018-8639
	RESERVED
CVE-2018-8638
	RESERVED
CVE-2018-8637
	RESERVED
CVE-2018-8636
	RESERVED
CVE-2018-8635
	RESERVED
CVE-2018-8634
	RESERVED
CVE-2018-8633
	RESERVED
CVE-2018-8632
	RESERVED
CVE-2018-8631
	RESERVED
CVE-2018-8630
	RESERVED
CVE-2018-8629
	RESERVED
CVE-2018-8628
	RESERVED
CVE-2018-8627
	RESERVED
CVE-2018-8626
	RESERVED
CVE-2018-8625
	RESERVED
CVE-2018-8624
	RESERVED
CVE-2018-8623
	RESERVED
CVE-2018-8622
	RESERVED
CVE-2018-8621
	RESERVED
CVE-2018-8620
	RESERVED
CVE-2018-8619
	RESERVED
CVE-2018-8618
	RESERVED
CVE-2018-8617
	RESERVED
CVE-2018-8616
	RESERVED
CVE-2018-8615
	RESERVED
CVE-2018-8614
	RESERVED
CVE-2018-8613
	RESERVED
CVE-2018-8612
	RESERVED
CVE-2018-8611
	RESERVED
CVE-2018-8610
	RESERVED
CVE-2018-8609
	RESERVED
CVE-2018-8608
	RESERVED
CVE-2018-8607
	RESERVED
CVE-2018-8606
	RESERVED
CVE-2018-8605
	RESERVED
CVE-2018-8604
	RESERVED
CVE-2018-8603
	RESERVED
CVE-2018-8602
	RESERVED
CVE-2018-8601
	RESERVED
CVE-2018-8600
	RESERVED
CVE-2018-8599
	RESERVED
CVE-2018-8598
	RESERVED
CVE-2018-8597
	RESERVED
CVE-2018-8596
	RESERVED
CVE-2018-8595
	RESERVED
CVE-2018-8594
	RESERVED
CVE-2018-8593
	RESERVED
CVE-2018-8592
	RESERVED
CVE-2018-8591
	RESERVED
CVE-2018-8590
	RESERVED
CVE-2018-8589
	RESERVED
CVE-2018-8588
	RESERVED
CVE-2018-8587
	RESERVED
CVE-2018-8586
	RESERVED
CVE-2018-8585
	RESERVED
CVE-2018-8584
	RESERVED
CVE-2018-8583
	RESERVED
CVE-2018-8582
	RESERVED
CVE-2018-8581
	RESERVED
CVE-2018-8580
	RESERVED
CVE-2018-8579
	RESERVED
CVE-2018-8578
	RESERVED
CVE-2018-8577
	RESERVED
CVE-2018-8576
	RESERVED
CVE-2018-8575
	RESERVED
CVE-2018-8574
	RESERVED
CVE-2018-8573
	RESERVED
CVE-2018-8572
	RESERVED
CVE-2018-8571
	RESERVED
CVE-2018-8570
	RESERVED
CVE-2018-8569
	RESERVED
CVE-2018-8568
	RESERVED
CVE-2018-8567
	RESERVED
CVE-2018-8566
	RESERVED
CVE-2018-8565
	RESERVED
CVE-2018-8564
	RESERVED
CVE-2018-8563
	RESERVED
CVE-2018-8562
	RESERVED
CVE-2018-8561
	RESERVED
CVE-2018-8560
	RESERVED
CVE-2018-8559
	RESERVED
CVE-2018-8558
	RESERVED
CVE-2018-8557
	RESERVED
CVE-2018-8556
	RESERVED
CVE-2018-8555
	RESERVED
CVE-2018-8554
	RESERVED
CVE-2018-8553
	RESERVED
CVE-2018-8552
	RESERVED
CVE-2018-8551
	RESERVED
CVE-2018-8550
	RESERVED
CVE-2018-8549
	RESERVED
CVE-2018-8548
	RESERVED
CVE-2018-8547
	RESERVED
CVE-2018-8546
	RESERVED
CVE-2018-8545
	RESERVED
CVE-2018-8544
	RESERVED
CVE-2018-8543
	RESERVED
CVE-2018-8542
	RESERVED
CVE-2018-8541
	RESERVED
CVE-2018-8540
	RESERVED
CVE-2018-8539
	RESERVED
CVE-2018-8538
	RESERVED
CVE-2018-8537
	RESERVED
CVE-2018-8536
	RESERVED
CVE-2018-8535
	RESERVED
CVE-2018-8534
	RESERVED
CVE-2018-8533
	RESERVED
CVE-2018-8532
	RESERVED
CVE-2018-8531
	RESERVED
CVE-2018-8530
	RESERVED
CVE-2018-8529
	RESERVED
CVE-2018-8528
	RESERVED
CVE-2018-8527
	RESERVED
CVE-2018-8526
	RESERVED
CVE-2018-8525
	RESERVED
CVE-2018-8524
	RESERVED
CVE-2018-8523
	RESERVED
CVE-2018-8522
	RESERVED
CVE-2018-8521
	RESERVED
CVE-2018-8520
	RESERVED
CVE-2018-8519
	RESERVED
CVE-2018-8518
	RESERVED
CVE-2018-8517
	RESERVED
CVE-2018-8516
	RESERVED
CVE-2018-8515
	RESERVED
CVE-2018-8514
	RESERVED
CVE-2018-8513
	RESERVED
CVE-2018-8512
	RESERVED
CVE-2018-8511
	RESERVED
CVE-2018-8510
	RESERVED
CVE-2018-8509
	RESERVED
CVE-2018-8508
	RESERVED
CVE-2018-8507
	RESERVED
CVE-2018-8506
	RESERVED
CVE-2018-8505
	RESERVED
CVE-2018-8504
	RESERVED
CVE-2018-8503
	RESERVED
CVE-2018-8502
	RESERVED
CVE-2018-8501
	RESERVED
CVE-2018-8500
	RESERVED
CVE-2018-8499
	RESERVED
CVE-2018-8498
	RESERVED
CVE-2018-8497
	RESERVED
CVE-2018-8496
	RESERVED
CVE-2018-8495
	RESERVED
CVE-2018-8494
	RESERVED
CVE-2018-8493
	RESERVED
CVE-2018-8492
	RESERVED
CVE-2018-8491
	RESERVED
CVE-2018-8490
	RESERVED
CVE-2018-8489
	RESERVED
CVE-2018-8488
	RESERVED
CVE-2018-8487
	RESERVED
CVE-2018-8486
	RESERVED
CVE-2018-8485
	RESERVED
CVE-2018-8484
	RESERVED
CVE-2018-8483
	RESERVED
CVE-2018-8482
	RESERVED
CVE-2018-8481
	RESERVED
CVE-2018-8480
	RESERVED
CVE-2018-8479
	RESERVED
CVE-2018-8478
	RESERVED
CVE-2018-8477
	RESERVED
CVE-2018-8476
	RESERVED
CVE-2018-8475
	RESERVED
CVE-2018-8474
	RESERVED
CVE-2018-8473
	RESERVED
CVE-2018-8472
	RESERVED
CVE-2018-8471
	RESERVED
CVE-2018-8470
	RESERVED
CVE-2018-8469
	RESERVED
CVE-2018-8468
	RESERVED
CVE-2018-8467
	RESERVED
CVE-2018-8466
	RESERVED
CVE-2018-8465
	RESERVED
CVE-2018-8464
	RESERVED
CVE-2018-8463
	RESERVED
CVE-2018-8462
	RESERVED
CVE-2018-8461
	RESERVED
CVE-2018-8460
	RESERVED
CVE-2018-8459
	RESERVED
CVE-2018-8458
	RESERVED
CVE-2018-8457
	RESERVED
CVE-2018-8456
	RESERVED
CVE-2018-8455
	RESERVED
CVE-2018-8454
	RESERVED
CVE-2018-8453
	RESERVED
CVE-2018-8452
	RESERVED
CVE-2018-8451
	RESERVED
CVE-2018-8450
	RESERVED
CVE-2018-8449
	RESERVED
CVE-2018-8448
	RESERVED
CVE-2018-8447
	RESERVED
CVE-2018-8446
	RESERVED
CVE-2018-8445
	RESERVED
CVE-2018-8444
	RESERVED
CVE-2018-8443
	RESERVED
CVE-2018-8442
	RESERVED
CVE-2018-8441
	RESERVED
CVE-2018-8440
	RESERVED
CVE-2018-8439
	RESERVED
CVE-2018-8438
	RESERVED
CVE-2018-8437
	RESERVED
CVE-2018-8436
	RESERVED
CVE-2018-8435
	RESERVED
CVE-2018-8434
	RESERVED
CVE-2018-8433
	RESERVED
CVE-2018-8432
	RESERVED
CVE-2018-8431
	RESERVED
CVE-2018-8430
	RESERVED
CVE-2018-8429
	RESERVED
CVE-2018-8428
	RESERVED
CVE-2018-8427
	RESERVED
CVE-2018-8426
	RESERVED
CVE-2018-8425
	RESERVED
CVE-2018-8424
	RESERVED
CVE-2018-8423
	RESERVED
CVE-2018-8422
	RESERVED
CVE-2018-8421
	RESERVED
CVE-2018-8420
	RESERVED
CVE-2018-8419
	RESERVED
CVE-2018-8418
	RESERVED
CVE-2018-8417
	RESERVED
CVE-2018-8416
	RESERVED
CVE-2018-8415
	RESERVED
CVE-2018-8414
	RESERVED
CVE-2018-8413
	RESERVED
CVE-2018-8412
	RESERVED
CVE-2018-8411
	RESERVED
CVE-2018-8410
	RESERVED
CVE-2018-8409
	RESERVED
CVE-2018-8408
	RESERVED
CVE-2018-8407
	RESERVED
CVE-2018-8406
	RESERVED
CVE-2018-8405
	RESERVED
CVE-2018-8404
	RESERVED
CVE-2018-8403
	RESERVED
CVE-2018-8402
	RESERVED
CVE-2018-8401
	RESERVED
CVE-2018-8400
	RESERVED
CVE-2018-8399
	RESERVED
CVE-2018-8398
	RESERVED
CVE-2018-8397
	RESERVED
CVE-2018-8396
	RESERVED
CVE-2018-8395
	RESERVED
CVE-2018-8394
	RESERVED
CVE-2018-8393
	RESERVED
CVE-2018-8392
	RESERVED
CVE-2018-8391
	RESERVED
CVE-2018-8390
	RESERVED
CVE-2018-8389
	RESERVED
CVE-2018-8388
	RESERVED
CVE-2018-8387
	RESERVED
CVE-2018-8386
	RESERVED
CVE-2018-8385
	RESERVED
CVE-2018-8384
	RESERVED
CVE-2018-8383
	RESERVED
CVE-2018-8382
	RESERVED
CVE-2018-8381
	RESERVED
CVE-2018-8380
	RESERVED
CVE-2018-8379
	RESERVED
CVE-2018-8378
	RESERVED
CVE-2018-8377
	RESERVED
CVE-2018-8376
	RESERVED
CVE-2018-8375
	RESERVED
CVE-2018-8374
	RESERVED
CVE-2018-8373
	RESERVED
CVE-2018-8372
	RESERVED
CVE-2018-8371
	RESERVED
CVE-2018-8370
	RESERVED
CVE-2018-8369
	RESERVED
CVE-2018-8368
	RESERVED
CVE-2018-8367
	RESERVED
CVE-2018-8366
	RESERVED
CVE-2018-8365
	RESERVED
CVE-2018-8364
	RESERVED
CVE-2018-8363
	RESERVED
CVE-2018-8362
	RESERVED
CVE-2018-8361
	RESERVED
CVE-2018-8360
	RESERVED
CVE-2018-8359
	RESERVED
CVE-2018-8358
	RESERVED
CVE-2018-8357
	RESERVED
CVE-2018-8356
	RESERVED
CVE-2018-8355
	RESERVED
CVE-2018-8354
	RESERVED
CVE-2018-8353
	RESERVED
CVE-2018-8352
	RESERVED
CVE-2018-8351
	RESERVED
CVE-2018-8350
	RESERVED
CVE-2018-8349
	RESERVED
CVE-2018-8348
	RESERVED
CVE-2018-8347
	RESERVED
CVE-2018-8346
	RESERVED
CVE-2018-8345
	RESERVED
CVE-2018-8344
	RESERVED
CVE-2018-8343
	RESERVED
CVE-2018-8342
	RESERVED
CVE-2018-8341
	RESERVED
CVE-2018-8340
	RESERVED
CVE-2018-8339
	RESERVED
CVE-2018-8338
	RESERVED
CVE-2018-8337
	RESERVED
CVE-2018-8336
	RESERVED
CVE-2018-8335
	RESERVED
CVE-2018-8334
	RESERVED
CVE-2018-8333
	RESERVED
CVE-2018-8332
	RESERVED
CVE-2018-8331
	RESERVED
CVE-2018-8330
	RESERVED
CVE-2018-8329
	RESERVED
CVE-2018-8328
	RESERVED
CVE-2018-8327
	RESERVED
CVE-2018-8326
	RESERVED
CVE-2018-8325
	RESERVED
CVE-2018-8324
	RESERVED
CVE-2018-8323
	RESERVED
CVE-2018-8322
	RESERVED
CVE-2018-8321
	RESERVED
CVE-2018-8320
	RESERVED
CVE-2018-8319
	RESERVED
CVE-2018-8318
	RESERVED
CVE-2018-8317
	RESERVED
CVE-2018-8316
	RESERVED
CVE-2018-8315
	RESERVED
CVE-2018-8314
	RESERVED
CVE-2018-8313
	RESERVED
CVE-2018-8312
	RESERVED
CVE-2018-8311
	RESERVED
CVE-2018-8310
	RESERVED
CVE-2018-8309
	RESERVED
CVE-2018-8308
	RESERVED
CVE-2018-8307
	RESERVED
CVE-2018-8306
	RESERVED
CVE-2018-8305
	RESERVED
CVE-2018-8304
	RESERVED
CVE-2018-8303
	RESERVED
CVE-2018-8302
	RESERVED
CVE-2018-8301
	RESERVED
CVE-2018-8300
	RESERVED
CVE-2018-8299
	RESERVED
CVE-2018-8298
	RESERVED
CVE-2018-8297
	RESERVED
CVE-2018-8296
	RESERVED
CVE-2018-8295
	RESERVED
CVE-2018-8294
	RESERVED
CVE-2018-8293
	RESERVED
CVE-2018-8292
	RESERVED
CVE-2018-8291
	RESERVED
CVE-2018-8290
	RESERVED
CVE-2018-8289
	RESERVED
CVE-2018-8288
	RESERVED
CVE-2018-8287
	RESERVED
CVE-2018-8286
	RESERVED
CVE-2018-8285
	RESERVED
CVE-2018-8284
	RESERVED
CVE-2018-8283
	RESERVED
CVE-2018-8282
	RESERVED
CVE-2018-8281
	RESERVED
CVE-2018-8280
	RESERVED
CVE-2018-8279
	RESERVED
CVE-2018-8278
	RESERVED
CVE-2018-8277
	RESERVED
CVE-2018-8276
	RESERVED
CVE-2018-8275
	RESERVED
CVE-2018-8274
	RESERVED
CVE-2018-8273
	RESERVED
CVE-2018-8272
	RESERVED
CVE-2018-8271
	RESERVED
CVE-2018-8270
	RESERVED
CVE-2018-8269
	RESERVED
CVE-2018-8268
	RESERVED
CVE-2018-8267
	RESERVED
CVE-2018-8266
	RESERVED
CVE-2018-8265
	RESERVED
CVE-2018-8264
	RESERVED
CVE-2018-8263
	RESERVED
CVE-2018-8262
	RESERVED
CVE-2018-8261
	RESERVED
CVE-2018-8260
	RESERVED
CVE-2018-8259
	RESERVED
CVE-2018-8258
	RESERVED
CVE-2018-8257
	RESERVED
CVE-2018-8256
	RESERVED
CVE-2018-8255
	RESERVED
CVE-2018-8254
	RESERVED
CVE-2018-8253
	RESERVED
CVE-2018-8252
	RESERVED
CVE-2018-8251
	RESERVED
CVE-2018-8250
	RESERVED
CVE-2018-8249
	RESERVED
CVE-2018-8248
	RESERVED
CVE-2018-8247
	RESERVED
CVE-2018-8246
	RESERVED
CVE-2018-8245
	RESERVED
CVE-2018-8244
	RESERVED
CVE-2018-8243
	RESERVED
CVE-2018-8242
	RESERVED
CVE-2018-8241
	RESERVED
CVE-2018-8240
	RESERVED
CVE-2018-8239
	RESERVED
CVE-2018-8238
	RESERVED
CVE-2018-8237
	RESERVED
CVE-2018-8236
	RESERVED
CVE-2018-8235
	RESERVED
CVE-2018-8234
	RESERVED
CVE-2018-8233
	RESERVED
CVE-2018-8232
	RESERVED
CVE-2018-8231
	RESERVED
CVE-2018-8230
	RESERVED
CVE-2018-8229
	RESERVED
CVE-2018-8228
	RESERVED
CVE-2018-8227
	RESERVED
CVE-2018-8226
	RESERVED
CVE-2018-8225
	RESERVED
CVE-2018-8224
	RESERVED
CVE-2018-8223
	RESERVED
CVE-2018-8222
	RESERVED
CVE-2018-8221
	RESERVED
CVE-2018-8220
	RESERVED
CVE-2018-8219
	RESERVED
CVE-2018-8218
	RESERVED
CVE-2018-8217
	RESERVED
CVE-2018-8216
	RESERVED
CVE-2018-8215
	RESERVED
CVE-2018-8214
	RESERVED
CVE-2018-8213
	RESERVED
CVE-2018-8212
	RESERVED
CVE-2018-8211
	RESERVED
CVE-2018-8210
	RESERVED
CVE-2018-8209
	RESERVED
CVE-2018-8208
	RESERVED
CVE-2018-8207
	RESERVED
CVE-2018-8206
	RESERVED
CVE-2018-8205
	RESERVED
CVE-2018-8204
	RESERVED
CVE-2018-8203
	RESERVED
CVE-2018-8202
	RESERVED
CVE-2018-8201
	RESERVED
CVE-2018-8200
	RESERVED
CVE-2018-8199
	RESERVED
CVE-2018-8198
	RESERVED
CVE-2018-8197
	RESERVED
CVE-2018-8196
	RESERVED
CVE-2018-8195
	RESERVED
CVE-2018-8194
	RESERVED
CVE-2018-8193
	RESERVED
CVE-2018-8192
	RESERVED
CVE-2018-8191
	RESERVED
CVE-2018-8190
	RESERVED
CVE-2018-8189
	RESERVED
CVE-2018-8188
	RESERVED
CVE-2018-8187
	RESERVED
CVE-2018-8186
	RESERVED
CVE-2018-8185
	RESERVED
CVE-2018-8184
	RESERVED
CVE-2018-8183
	RESERVED
CVE-2018-8182
	RESERVED
CVE-2018-8181
	RESERVED
CVE-2018-8180
	RESERVED
CVE-2018-8179 (A remote code execution vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-8178 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8177 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8176
	RESERVED
CVE-2018-8175
	RESERVED
CVE-2018-8174 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8173 (A remote code execution vulnerability exists in Microsoft InfoPath ...)
	NOT-FOR-US: Microsoft
CVE-2018-8172
	RESERVED
CVE-2018-8171
	RESERVED
CVE-2018-8170 (An elevation of privilege vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8169
	RESERVED
CVE-2018-8168 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8167 (An elevation of privilege vulnerability exists when the Windows Common ...)
	NOT-FOR-US: Microsoft
CVE-2018-8166 (An elevation of privilege vulnerability exists in Windows when the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8165 (An elevation of privilege vulnerability exists when the DirectX ...)
	NOT-FOR-US: Microsoft
CVE-2018-8164 (An elevation of privilege vulnerability exists in Windows when the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8163 (An information disclosure vulnerability exists when Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8162 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8161 (A remote code execution vulnerability exists in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-8160 (An information disclosure vulnerability exists in Outlook when a ...)
	NOT-FOR-US: Microsoft
CVE-2018-8159 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8158 (A remote code execution vulnerability exists in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-8157 (A remote code execution vulnerability exists in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-8156 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8155 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8154 (A remote code execution vulnerability exists in Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8153 (A spoofing vulnerability exists in Microsoft Exchange Server when ...)
	NOT-FOR-US: Microsoft
CVE-2018-8152 (An elevation of privilege vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8151 (An information disclosure vulnerability exists when Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-8150 (A security feature bypass vulnerability exists when the Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8149 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8148 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8147 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8146
	RESERVED
CVE-2018-8145 (An information disclosure vulnerability exists when Chakra improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-8144
	RESERVED
CVE-2018-8143
	RESERVED
CVE-2018-8142
	RESERVED
CVE-2018-8141 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8140
	RESERVED
CVE-2018-8139 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8138
	RESERVED
CVE-2018-8137 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8136 (A remote code execution vulnerability exists in the way that Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-8135
	RESERVED
CVE-2018-8134 (An elevation of privilege vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8133 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8132 (A security feature bypass vulnerability exists in Windows which could ...)
	NOT-FOR-US: Microsoft
CVE-2018-8131
	RESERVED
CVE-2018-8130 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8129 (A security feature bypass vulnerability exists in Windows which could ...)
	NOT-FOR-US: Microsoft
CVE-2018-8128 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8127 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-8126 (A security feature bypass vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-8125
	RESERVED
CVE-2018-8124 (An elevation of privilege vulnerability exists in Windows when the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8123 (An information disclosure vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-8122 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8121
	RESERVED
CVE-2018-8120 (An elevation of privilege vulnerability exists in Windows when the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8119 (A spoofing vulnerability exists when the Azure IoT Device Provisioning ...)
	NOT-FOR-US: Microsoft
CVE-2018-8118 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-8117 (A security feature bypass vulnerability exists in the Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-8116 (A denial of service vulnerability exists in the way that Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-8115 (A remote code execution vulnerability exists when the Windows Host ...)
	NOT-FOR-US: Microsoft
CVE-2018-8114 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-8113
	RESERVED
CVE-2018-8112 (A security feature bypass vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-8111
	RESERVED
CVE-2018-8110
	RESERVED
CVE-2018-1000132 (Mercurial version 4.5 and earlier contains a Incorrect Access Control ...)
	{DLA-1331-1}
	- mercurial 4.5.2-1 (bug #892964)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/2ecb0fc535b1 (4.5.2)
	NOTE: Backports for older branches in https://hg.mozilla.org/users/gszorc_mozilla.com/hg
	NOTE: 4.4: 4843835c835::7cf827e5f8af
	NOTE: 4.3: db527ae12671::86f9a022ccb8
CVE-2018-1000131 (Pradeep Makone wordpress Support Plus Responsive Ticket System version ...)
	NOT-FOR-US: Pradeep Makone wordpress Support Plus Responsive Ticket System
CVE-2018-1000130 (A JNDI Injection vulnerability exists in Jolokia agent version 1.3.7 ...)
	NOT-FOR-US: Jolokia
CVE-2018-1000129 (An XSS vulnerability exists in the Jolokia agent version 1.3.7 in the ...)
	NOT-FOR-US: Jolokia
CVE-2018-8109
	RESERVED
CVE-2018-8108 (The select component in bui through 2018-03-13 has XSS because it ...)
	NOT-FOR-US: bui
CVE-2018-8107 (The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8106 (The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8105 (The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8104 (The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8103 (The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8102 (The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8101 (The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8100 (The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-8099 (Incorrect returning of an error code in the index.c:read_entry() ...)
	[experimental] - libgit2 0.27.0+dfsg.1-0.1
	- libgit2 <unfixed> (low; bug #892962)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/58a6fe94cb851f71214dbefac3f9bffee437d6fe
CVE-2018-8098 (Integer overflow in the index.c:read_entry() function while ...)
	[experimental] - libgit2 0.27.0+dfsg.1-0.1
	- libgit2 <unfixed> (low; bug #892961)
	[stretch] - libgit2 <no-dsa> (Minor issue)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	NOTE: https://github.com/libgit2/libgit2/commit/3207ddb0103543da8ad2139ec6539f590f9900c1
	NOTE: https://github.com/libgit2/libgit2/commit/3db1af1f370295ad5355b8f64b865a2a357bcac0
CVE-2018-8097 (io/mongo/parser.py in Eve (aka pyeve) before 0.7.5 allows remote ...)
	NOT-FOR-US: pyeve
CVE-2018-8096 (Datalust Seq before 4.2.605 is vulnerable to Authentication Bypass ...)
	NOT-FOR-US: Datalust Seq
CVE-2018-8095
	RESERVED
CVE-2018-1000128
	REJECTED
CVE-2018-1000127 (memcached version prior to 1.4.37 contains an Integer Overflow ...)
	{DLA-1329-1}
	- memcached 1.5.0-1 (bug #894404)
	NOTE: https://github.com/memcached/memcached/commit/a8c4a82787b8b6c256d61bd5c42fb7f92d1bae00
	NOTE: https://github.com/memcached/memcached/issues/271
CVE-2018-1000126 (Ajenti version 2 contains an Information Disclosure vulnerability in ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000125 (inversoft prime-jwt version prior to version 1.3.0 or prior to commit ...)
	NOT-FOR-US: inversoft prime-jwt
CVE-2018-1000124 (I Librarian I-librarian version 4.8 and earlier contains a XML ...)
	- i-librarian <itp> (bug #649291)
CVE-2018-1000123 (Ionic Team Cordova plugin iOS Keychain version before commit ...)
	NOT-FOR-US: Ionic Team Cordova plugin iOS Keychain
CVE-2017-18231 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
	{DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ea074081678b
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/475/
CVE-2017-18230 (An issue was discovered in GraphicsMagick 1.3.26. A NULL pointer ...)
	{DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/53a4d841e90f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/473/
CVE-2017-18229 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
	{DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/752c0b41fa32
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/461/
CVE-2018-8094
	RESERVED
CVE-2018-8093
	RESERVED
CVE-2018-8092 (Mautic before 2.13.0 allows CSV injection. ...)
	NOT-FOR-US: Mautic
CVE-2018-8091
	RESERVED
CVE-2018-8090
	RESERVED
CVE-2018-8089
	RESERVED
CVE-2018-8088 (org.slf4j.ext.EventData in the slf4j-ext module in QOS.CH SLF4J before ...)
	- libslf4j-java 1.7.25-3 (bug #893684; unimportant)
	NOTE: slf4j-ext module is not built by default
	NOTE: https://github.com/qos-ch/slf4j/commit/d2b27fba88e983f921558da27fc29b5f5d269405
	NOTE: https://jira.qos.ch/browse/SLF4J-430
	NOTE: https://jira.qos.ch/browse/SLF4J-431
CVE-2018-8087 (Memory leak in the hwsim_new_radio_nl function in ...)
	{DSA-4188-1}
	- linux 4.15.11-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/0ddcff49b672239dda94d70d0fcf50317a9f4b51
CVE-2018-8086
	REJECTED
CVE-2018-8085
	RESERVED
CVE-2018-1000097 (Sharutils sharutils (unshar command) version 4.15.2 contains a Buffer ...)
	{DSA-4167-1}
	- sharutils 1:4.15.2-3 (bug #893525)
	[wheezy] - sharutils <not-affected> (Vulnerable code not present)
	NOTE: http://seclists.org/bugtraq/2018/Feb/54
CVE-2018-1000096 (brianleroux tiny-json-http version all versions since commit ...)
	NOT-FOR-US: tiny-json-http
CVE-2018-1000095 (oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1000094 (CMS Made Simple version 2.2.5 contains a Remote Code Execution ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-18228 (Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey ...)
	NOT-FOR-US: Remedy Mid Tier in BMC Remedy AR System
CVE-2018-8084
	RESERVED
CVE-2018-8083
	RESERVED
CVE-2018-8082
	RESERVED
CVE-2018-8081
	RESERVED
CVE-2018-8080
	RESERVED
CVE-2018-8079
	RESERVED
CVE-2018-8078 (YzmCMS 3.7 has Stored XSS via the title parameter to ...)
	NOT-FOR-US: YzmCMS
CVE-2018-8077
	RESERVED
CVE-2018-8076 (ZenMate 1.5.4 for macOS suffers from a type confusion vulnerability ...)
	NOT-FOR-US: ZenMate
CVE-2018-8075
	RESERVED
CVE-2018-8074 (Yii 2.x before 2.0.15 allows remote attackers to inject unintended ...)
	- yii <itp> (bug #597899)
CVE-2018-8073 (Yii 2.x before 2.0.15 allows remote attackers to execute arbitrary LUA ...)
	- yii <itp> (bug #597899)
CVE-2018-8072 (An issue was discovered on EDIMAX IC-3140W through 3.06, IC-5150W ...)
	NOT-FOR-US: EDIMAX
CVE-2018-8071 (Mautic before v2.13.0 has stored XSS via a theme config file. ...)
	NOT-FOR-US: Mautic
CVE-2018-8070 (QCMS version 3.0 has XSS via the title parameter to the ...)
	NOT-FOR-US: QCMS
CVE-2018-8069 (QCMS version 3.0 has XSS via the webname parameter to the ...)
	NOT-FOR-US: QCMS
CVE-2018-8068
	RESERVED
CVE-2018-8067
	RESERVED
CVE-2018-8066
	RESERVED
CVE-2018-8065 (An issue was discovered in the web server in Flexense SyncBreeze ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-18227 (TitanHQ WebTitan Gateway has incorrect certificate validation for the ...)
	NOT-FOR-US: TitanHQ WebTitan Gateway
CVE-2017-18226 (The Gentoo net-im/jabberd2 package through 2.6.1 sets the ownership of ...)
	TODO: check
CVE-2017-18225 (The Gentoo net-im/jabberd2 package through 2.6.1 installs jabberd, ...)
	TODO: check
CVE-2017-18224 (In the Linux kernel before 4.15, fs/ocfs2/aops.c omits use of a ...)
	{DSA-4188-1}
	- linux 4.15.4-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/3e4c56d41eef5595035872a2ec5a483f42e8917f
CVE-2018-8064
	RESERVED
CVE-2018-8063
	RESERVED
CVE-2018-8062
	RESERVED
CVE-2018-8061 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an ...)
	NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8060 (HWiNFO AMD64 Kernel driver version 8.98 and lower allows an ...)
	NOT-FOR-US: HWiNFO AMD64 Kernel driver
CVE-2018-8059 (The Djelibeybi configuration examples for use of NGINX in SUSE Portus ...)
	NOT-FOR-US: Portus
CVE-2018-8058 (CMS Made Simple (CMSMS) 2.2.6 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-8057 (A SQL Injection vulnerability exists in Western Bridge Cobub Razor ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8056 (Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-8055
	RESERVED
CVE-2018-8054
	RESERVED
CVE-2018-8053
	RESERVED
CVE-2018-8052
	RESERVED
CVE-2018-8051
	RESERVED
CVE-2018-8050 (The af_get_page() function in lib/afflib_pages.cpp in AFFLIB (aka ...)
	- afflib 3.7.16-3 (unimportant; bug #892599)
	NOTE: https://github.com/sshock/AFFLIBv3/commit/435a2ca802358a3debb6d164d2c33049131df81c
	NOTE: Negligable security impact
CVE-2018-8049 (The Stealth endpoint in Unisys Stealth SVG 2.8.x, 3.0.x before ...)
	NOT-FOR-US: Unisys Stealth SVG
CVE-2018-8048 (In the Loofah gem through 2.2.0 for Ruby, non-whitelisted HTML ...)
	{DSA-4171-1}
	- ruby-loofah 2.2.1-1 (bug #893596)
	NOTE: https://github.com/flavorjones/loofah/issues/144
	NOTE: https://github.com/flavorjones/loofah/commit/4a08c25a603654f2fc505a7d2bf0c35a39870ad7
	NOTE: https://github.com/flavorjones/loofah/commit/56e95a6696b1e17a242eb8ebbbab64d613c4f1fe
CVE-2018-8047
	RESERVED
CVE-2018-8046
	RESERVED
CVE-2018-8045 (In Joomla! 3.5.0 through 3.8.5, the lack of type casting of a variable ...)
	NOT-FOR-US: Joomla
CVE-2018-8044
	RESERVED
CVE-2017-18223 (BMC Remedy AR System before 9.1 SP3, when Remedy AR Authentication is ...)
	NOT-FOR-US: BMC Remedy AR System
CVE-2018-8043 (The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in ...)
	- linux <unfixed> (unimportant)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
	NOTE: Negligable security impact, only enabled on armhf
CVE-2018-8042
	RESERVED
CVE-2018-8041
	RESERVED
CVE-2018-8040
	RESERVED
CVE-2018-8039
	RESERVED
CVE-2018-8038
	RESERVED
CVE-2018-8037
	RESERVED
CVE-2018-8036
	RESERVED
CVE-2018-8035
	RESERVED
CVE-2018-8034
	RESERVED
CVE-2018-8033
	RESERVED
CVE-2018-8032
	RESERVED
CVE-2018-8031
	RESERVED
CVE-2018-8030
	RESERVED
CVE-2018-8029
	RESERVED
CVE-2018-8028
	RESERVED
CVE-2018-8027
	RESERVED
CVE-2018-8026
	RESERVED
CVE-2018-8025
	RESERVED
CVE-2018-8024
	RESERVED
CVE-2018-8023
	RESERVED
CVE-2018-8022
	RESERVED
CVE-2018-8021
	RESERVED
CVE-2018-8020
	RESERVED
CVE-2018-8019
	RESERVED
CVE-2018-8018
	RESERVED
CVE-2018-8017
	RESERVED
CVE-2018-8016
	RESERVED
CVE-2018-8015 (In Apache ORC 1.0.0 to 1.4.3 a malformed ORC file can trigger an ...)
	NOT-FOR-US: Apache ORC
CVE-2018-8014 (The defaults settings for the CORS filter provided in Apache Tomcat ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 <unfixed> (bug #898935)
	[stretch] - tomcat8 <no-dsa> (Minor issue; user expected to configure filters appropriately)
	[jessie] - tomcat8 <no-dsa> (Minor issue; user expected to configure filters appropriately)
	- tomcat8.0 <unfixed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	[jessie] - tomcat7 <no-dsa> (Minor issue; user expected to configure filters appropriately)
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1831728 (8.5.x)
	NOTE: https://svn.apache.org/r1831729 (8.0.x)
	NOTE: https://svn.apache.org/r1831730 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62343
	NOTE: It is expected that users of the CORS filter will have configured it appropriately
	NOTE: for their einvironment rather than using it in the default configuration
CVE-2018-8013
	RESERVED
CVE-2018-8012
	RESERVED
CVE-2018-8011
	RESERVED
CVE-2018-8010
	RESERVED
CVE-2018-8009
	RESERVED
CVE-2018-8008
	RESERVED
CVE-2018-8007
	RESERVED
CVE-2018-8006
	RESERVED
CVE-2018-8005
	RESERVED
CVE-2018-8004
	RESERVED
CVE-2018-8003 (Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory ...)
	NOT-FOR-US: Apache Ambari
CVE-2018-8002 (In PoDoFo 0.9.5, there exists an infinite loop vulnerability in ...)
	- libpodofo <unfixed> (low; bug #892557)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548930
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/15/
CVE-2018-8001 (In PoDoFo 0.9.5, there exists a heap-based buffer over-read ...)
	[experimental] - libpodofo 0.9.6~rc1+dfsg-1
	- libpodofo <unfixed> (low; bug #892556)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1549469
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/14/
	NOTE: Upstream commit: http://sourceforge.net/p/podofo/code/1909
CVE-2018-8000 (In PoDoFo 0.9.5, there exists a heap-based buffer overflow ...)
	NOTE: PoC https://bugzilla.redhat.com/show_bug.cgi?id=1548918
	NOTE: Upstream bug: https://sourceforge.net/p/podofo/tickets/13/
	NOTE: Upstream tracked this down as a of CVE-2017-5886
CVE-2018-7999 (In libgraphite2 in graphite2 1.3.11, a NULL pointer dereference ...)
	- graphite2 1.3.11-2 (bug #892590)
	[stretch] - graphite2 <no-dsa> (Minor issue)
	[jessie] - graphite2 <no-dsa> (Minor issue)
	[wheezy] - graphite2 <no-dsa> (Minor issue)
	NOTE: https://github.com/silnrsi/graphite/commit/db132b4731a9b4c9534144ba3a18e65b390e9ff6
	NOTE: https://github.com/silnrsi/graphite/issues/22
CVE-2018-7998 (In libvips before 8.6.3, a NULL function pointer dereference ...)
	{DLA-1306-1}
	- vips 8.4.5-2 (low; bug #892589)
	[stretch] - vips <no-dsa> (Minor issue)
	[jessie] - vips <no-dsa> (Minor issue)
	NOTE: https://github.com/jcupitt/libvips/commit/20d840e6da15c1574b3ed998bc92f91d1e36c2a5
	NOTE: https://github.com/jcupitt/libvips/issues/893
CVE-2018-7997 (Eramba e1.0.6.033 has Reflected XSS on the Error page of the CSV file ...)
	NOT-FOR-US: Eramba
CVE-2018-7996 (Eramba e1.0.6.033 has Stored XSS on the tooltip box via the ...)
	NOT-FOR-US: Eramba
CVE-2018-7994
	RESERVED
CVE-2018-7993
	RESERVED
CVE-2018-7992
	RESERVED
CVE-2018-7991
	RESERVED
CVE-2018-7990
	RESERVED
CVE-2018-7989
	RESERVED
CVE-2018-7988
	RESERVED
CVE-2018-7987
	RESERVED
CVE-2018-7986
	RESERVED
CVE-2018-7985
	RESERVED
CVE-2018-7984
	RESERVED
CVE-2018-7983
	RESERVED
CVE-2018-7982
	RESERVED
CVE-2018-7981
	RESERVED
CVE-2018-7980
	RESERVED
CVE-2018-7979
	RESERVED
CVE-2018-7978
	RESERVED
CVE-2018-7977
	RESERVED
CVE-2018-7976
	RESERVED
CVE-2018-7975
	RESERVED
CVE-2018-7974
	RESERVED
CVE-2018-7973
	RESERVED
CVE-2018-7972
	RESERVED
CVE-2018-7971
	RESERVED
CVE-2018-7970
	RESERVED
CVE-2018-7969
	RESERVED
CVE-2018-7968
	RESERVED
CVE-2018-7967
	RESERVED
CVE-2018-7966
	RESERVED
CVE-2018-7965
	RESERVED
CVE-2018-7964
	RESERVED
CVE-2018-7963
	RESERVED
CVE-2018-7962
	RESERVED
CVE-2018-7961
	RESERVED
CVE-2018-7960
	RESERVED
CVE-2018-7959
	RESERVED
CVE-2018-7958
	RESERVED
CVE-2018-7957
	RESERVED
CVE-2018-7956
	RESERVED
CVE-2018-7955
	RESERVED
CVE-2018-7954
	RESERVED
CVE-2018-7953
	RESERVED
CVE-2018-7952
	RESERVED
CVE-2018-7951
	RESERVED
CVE-2018-7950
	RESERVED
CVE-2018-7949
	RESERVED
CVE-2018-7948
	RESERVED
CVE-2018-7947
	RESERVED
CVE-2018-7946
	RESERVED
CVE-2018-7945
	RESERVED
CVE-2018-7944
	RESERVED
CVE-2018-7943
	RESERVED
CVE-2018-7942
	RESERVED
CVE-2018-7941 (Huawei iBMC V200R002C60 have an authentication bypass vulnerability. A ...)
	NOT-FOR-US: Huawei
CVE-2018-7940 (Huawei smart phones Mate 10 and Mate 10 Pro with earlier versions than ...)
	NOT-FOR-US: Huawei
CVE-2018-7939
	RESERVED
CVE-2018-7938
	RESERVED
CVE-2018-7937
	RESERVED
CVE-2018-7936
	RESERVED
CVE-2018-7935
	RESERVED
CVE-2018-7934
	RESERVED
CVE-2018-7933 (Huawei home gateway products HiRouter-CD20 and WS5200 with the ...)
	NOT-FOR-US: Huawei
CVE-2018-7932 (Huawei AppGallery versions before 8.0.4.301 has an arbitrary ...)
	NOT-FOR-US: Huawei
CVE-2018-7931 (Huawei AppGallery versions before 8.0.4.301 has a whitelist mechanism ...)
	NOT-FOR-US: Huawei
CVE-2018-7930 (The Near Field Communication (NFC) module in Mate 9 Huawei mobile ...)
	NOT-FOR-US: Mate 9 Huawei mobile phones
CVE-2018-7929
	RESERVED
CVE-2018-7928
	RESERVED
CVE-2018-7927
	RESERVED
CVE-2018-7926
	RESERVED
CVE-2018-7925
	RESERVED
CVE-2018-7924
	RESERVED
CVE-2018-7923
	RESERVED
CVE-2018-7922
	RESERVED
CVE-2018-7921
	RESERVED
CVE-2018-7920 (Huawei AR1200 V200R006C10SPC300, AR160 V200R006C10SPC300, AR200 ...)
	NOT-FOR-US: Huawei
CVE-2018-7919
	RESERVED
CVE-2018-7918
	RESERVED
CVE-2018-7917
	RESERVED
CVE-2018-7916
	RESERVED
CVE-2018-7915
	RESERVED
CVE-2018-7914
	RESERVED
CVE-2018-7913
	RESERVED
CVE-2018-7912
	RESERVED
CVE-2018-7911
	RESERVED
CVE-2018-7910
	RESERVED
CVE-2018-7909
	RESERVED
CVE-2018-7908
	RESERVED
CVE-2018-7907
	RESERVED
CVE-2018-7906
	RESERVED
CVE-2018-7905
	RESERVED
CVE-2018-7904
	RESERVED
CVE-2018-7903
	RESERVED
CVE-2018-7902
	RESERVED
CVE-2018-7901 (RCS module in Huawei ALP-AL00B smart phones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2018-7900
	RESERVED
CVE-2018-7899 (The Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones ...)
	NOT-FOR-US: Mali Driver of Huawei Berkeley-AL20 and Berkeley-BD smart phones
CVE-2018-7898
	RESERVED
CVE-2018-7897
	RESERVED
CVE-2018-7896
	RESERVED
CVE-2018-7895
	RESERVED
CVE-2018-7894 (Eramba e1.0.6.033 has Reflected XSS in ...)
	NOT-FOR-US: Eramba
CVE-2018-7893 (CMS Made Simple (CMSMS) 2.2.6 has stored XSS in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-7892
	RESERVED
CVE-2018-7891 (The Milestone XProtect Video Management Software (Corporate, Expert, ...)
	NOT-FOR-US: Milestone XProtect Video Management Software
CVE-2018-7995 (** DISPUTED ** Race condition in the store_int_with_restart() function ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://lkml.org/lkml/2018/3/2/970
CVE-2018-7890 (A remote code execution issue was discovered in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2018-7889 (gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on ...)
	- calibre 3.19.0+dfsg-1 (bug #892242)
	[stretch] - calibre <no-dsa> (Minor issue)
	[jessie] - calibre <no-dsa> (Minor issue)
	[wheezy] - calibre <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/calibre/+bug/1753870
	NOTE: deserialization fix https://github.com/kovidgoyal/calibre/commit/aeb5b036a0bf657951756688b3c72bd68b6e4a7d
	NOTE: insufficient as import also loads configuration files, which are python executables,
	NOTE: see https://lists.debian.org/87muy0usv1.fsf@curie.anarc.at
	NOTE: The CVE assignment is specific to the issue fixed by upstream commit
	NOTE: aeb5b036a0bf657951756688b3c72bd68b6e4a7d.
CVE-2018-1000122 (A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-b047.html
	NOTE: https://curl.haxx.se/CVE-2018-1000122.patch
CVE-2018-1000121 (A NULL pointer dereference exists in curl 7.21.0 to and including curl ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-97a2.html
	NOTE: https://curl.haxx.se/CVE-2018-1000121.patch
CVE-2018-1000120 (A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 ...)
	{DSA-4136-1 DLA-1309-1}
	- curl 7.60.0-1 (bug #893546)
	NOTE: https://curl.haxx.se/docs/adv_2018-9cd6.html
	NOTE: https://curl.haxx.se/CVE-2018-1000120.patch
CVE-2018-7888
	RESERVED
CVE-2018-7887
	RESERVED
CVE-2018-7886 (An issue was discovered in CloudMe 1.11.0. An unauthenticated local ...)
	NOT-FOR-US: CloudMe
CVE-2018-7885
	RESERVED
CVE-2018-7884
	RESERVED
CVE-2018-7883
	RESERVED
CVE-2018-7882
	RESERVED
CVE-2018-7881
	RESERVED
CVE-2018-7880
	RESERVED
CVE-2018-7879
	RESERVED
CVE-2018-7878
	RESERVED
CVE-2018-7877 (There is a heap-based buffer overflow in the getString function of ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/110
CVE-2018-7876 (In libming 0.4.8, a memory exhaustion vulnerability was found in the ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/109
CVE-2018-7875 (There is a heap-based buffer over-read in the getString function of ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/112
CVE-2018-7874 (An invalid memory address dereference was discovered in strlenext in ...)
	- ming <removed>
	[wheezy] - ming 1:0.4.4-1.1+deb7u8
	NOTE: https://github.com/libming/libming/issues/115
CVE-2018-7873 (There is a heap-based buffer overflow in the getString function of ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/111
CVE-2018-7872 (An invalid memory address dereference was discovered in the function ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/114
CVE-2018-7871 (There is a heap-based buffer over-read in the getName function of ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/120
CVE-2018-7870 (An invalid memory address dereference was discovered in getString in ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/117
CVE-2018-7869 (There is a memory leak triggered in the function dcinit of ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/119
CVE-2018-7868 (There is a heap-based buffer over-read in the getName function of ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/113
CVE-2018-7867 (There is a heap-based buffer overflow in the getString function of ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/116
CVE-2018-7866 (A NULL pointer dereference was discovered in newVar3 in ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/118
CVE-2018-7865
	REJECTED
CVE-2018-7864
	REJECTED
CVE-2018-7863
	REJECTED
CVE-2018-7862
	REJECTED
CVE-2018-7861
	REJECTED
CVE-2018-7860
	RESERVED
CVE-2018-7859
	RESERVED
CVE-2018-7858 (Quick Emulator (aka QEMU), when built with the Cirrus CLGD 54xx VGA ...)
	- qemu 1:2.12~rc3+dfsg-1 (bug #892497)
	[stretch] - qemu <not-affected> (Vulnerable code not present)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2018-03/msg02174.html
CVE-2018-7857
	RESERVED
CVE-2018-7856
	RESERVED
CVE-2018-7855
	RESERVED
CVE-2018-7854
	RESERVED
CVE-2018-7853
	RESERVED
CVE-2018-7852
	RESERVED
CVE-2018-7851
	RESERVED
CVE-2018-7850
	RESERVED
CVE-2018-7849
	RESERVED
CVE-2018-7848
	RESERVED
CVE-2018-7847
	RESERVED
CVE-2018-7846
	RESERVED
CVE-2018-7845
	RESERVED
CVE-2018-7844
	RESERVED
CVE-2018-7843
	RESERVED
CVE-2018-7842
	RESERVED
CVE-2018-7841
	RESERVED
CVE-2018-7840
	RESERVED
CVE-2018-7839
	RESERVED
CVE-2018-7838
	RESERVED
CVE-2018-7837
	RESERVED
CVE-2018-7836
	RESERVED
CVE-2018-7835
	RESERVED
CVE-2018-7834
	RESERVED
CVE-2018-7833
	RESERVED
CVE-2018-7832
	RESERVED
CVE-2018-7831
	RESERVED
CVE-2018-7830
	RESERVED
CVE-2018-7829
	RESERVED
CVE-2018-7828
	RESERVED
CVE-2018-7827
	RESERVED
CVE-2018-7826
	RESERVED
CVE-2018-7825
	RESERVED
CVE-2018-7824
	RESERVED
CVE-2018-7823
	RESERVED
CVE-2018-7822
	RESERVED
CVE-2018-7821
	RESERVED
CVE-2018-7820
	RESERVED
CVE-2018-7819
	RESERVED
CVE-2018-7818
	RESERVED
CVE-2018-7817
	RESERVED
CVE-2018-7816
	RESERVED
CVE-2018-7815
	RESERVED
CVE-2018-7814
	RESERVED
CVE-2018-7813
	RESERVED
CVE-2018-7812
	RESERVED
CVE-2018-7811
	RESERVED
CVE-2018-7810
	RESERVED
CVE-2018-7809
	RESERVED
CVE-2018-7808
	RESERVED
CVE-2018-7807
	RESERVED
CVE-2018-7806
	RESERVED
CVE-2018-7805
	RESERVED
CVE-2018-7804
	RESERVED
CVE-2018-7803
	RESERVED
CVE-2018-7802
	RESERVED
CVE-2018-7801
	RESERVED
CVE-2018-7800
	RESERVED
CVE-2018-7799
	RESERVED
CVE-2018-7798
	RESERVED
CVE-2018-7797
	RESERVED
CVE-2018-7796
	RESERVED
CVE-2018-7795
	RESERVED
CVE-2018-7794
	RESERVED
CVE-2018-7793
	RESERVED
CVE-2018-7792
	RESERVED
CVE-2018-7791
	RESERVED
CVE-2018-7790
	RESERVED
CVE-2018-7789
	RESERVED
CVE-2018-7788
	RESERVED
CVE-2018-7787
	RESERVED
CVE-2018-7786
	RESERVED
CVE-2018-7785
	RESERVED
CVE-2018-7784
	RESERVED
CVE-2018-7783
	RESERVED
CVE-2018-7782
	RESERVED
CVE-2018-7781
	RESERVED
CVE-2018-7780
	RESERVED
CVE-2018-7779
	RESERVED
CVE-2018-7778
	RESERVED
CVE-2018-7777
	RESERVED
CVE-2018-7776
	RESERVED
CVE-2018-7775
	RESERVED
CVE-2018-7774
	RESERVED
CVE-2018-7773
	RESERVED
CVE-2018-7772
	RESERVED
CVE-2018-7771
	RESERVED
CVE-2018-7770
	RESERVED
CVE-2018-7769
	RESERVED
CVE-2018-7768
	RESERVED
CVE-2018-7767
	RESERVED
CVE-2018-7766
	RESERVED
CVE-2018-7765
	RESERVED
CVE-2018-7764
	RESERVED
CVE-2018-7763
	RESERVED
CVE-2018-7762 (A vulnerability exists in the web services to process SOAP requests in ...)
	NOT-FOR-US: Schneider
CVE-2018-7761 (A vulnerability exists in the HTTP request parser in Schneider ...)
	NOT-FOR-US: Schneider
CVE-2018-7760 (An authorization bypass vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7759 (A buffer overflow vulnerability exists in Schneider Electric's Modicon ...)
	NOT-FOR-US: Schneider
CVE-2018-7758 (A denial of service vulnerability exists in Schneider Electric's MiCOM ...)
	NOT-FOR-US: Schneider
CVE-2018-7757 (Memory leak in the sas_smp_get_phy_events function in ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/4a491b1ab11ca0556d2fda1ff1301e862a2d44c4 (4.16-rc1)
CVE-2017-18222 (In the Linux kernel before 4.12, Hisilicon Network Subsystem (HNS) does ...)
	{DSA-4188-1}
	- linux 4.15.17-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2018-7756 (RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices ...)
	NOT-FOR-US: RunExeFile.exe in the installer for DEWESoft X3 SP1 devices
CVE-2018-7755 (An issue was discovered in the fd_locked_ioctl function in ...)
	- linux <unfixed>
	NOTE: https://lkml.org/lkml/2018/3/7/1116
CVE-2018-7754
	RESERVED
CVE-2018-7751 (The svg_probe function in libavformat/img2dec.c in FFmpeg through 3.4.2 ...)
	- ffmpeg <unfixed>
	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/a6cba062051f345e8ebfdff34aba071ed73d923f
CVE-2018-7750 (transport.py in the SSH server implementation of Paramiko before ...)
	- paramiko <unfixed> (bug #892859)
	[stretch] - paramiko <no-dsa> (Minor issue)
	[jessie] - paramiko <no-dsa> (Minor issue)
	[wheezy] - paramiko <no-dsa> (Minor issue)
	NOTE: https://github.com/paramiko/paramiko/issues/1175
	NOTE: https://github.com/paramiko/paramiko/commit/fa29bd8446c8eab237f5187d28787727b4610516
CVE-2018-7749 (The SSH server implementation of AsyncSSH before 1.12.1 does not ...)
	- python-asyncssh 1.12.1-1 (bug #892787)
	NOTE: https://github.com/ronf/asyncssh/commit/16e6ebfa893167c7d9d3f6dc7a2c0d197e47f43a
CVE-2018-7748
	RESERVED
CVE-2018-7747 (Multiple cross-site scripting (XSS) vulnerabilities in the Caldera ...)
	NOT-FOR-US: Caldera Forms plugin for WordPress
CVE-2018-7746 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7745 (An issue was discovered in Western Bridge Cobub Razor 0.7.2. ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7744
	RESERVED
CVE-2018-7743
	RESERVED
CVE-2018-7742
	RESERVED
CVE-2018-7741 (Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created ...)
	NOT-FOR-US: Eramba
CVE-2018-1000118 (Github Electron version Electron 1.8.2-beta.4 and earlier contains a ...)
	- electron <itp> (bug #842420)
CVE-2018-1000116 (NET-SNMP version 5.7.2 contains a heap corruption vulnerability in the ...)
	{DSA-4154-1 DLA-1317-1}
	- net-snmp 5.7.3+dfsg-1.1 (bug #894110)
	NOTE: https://sourceforge.net/p/net-snmp/bugs/2821/
	NOTE: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: Same patch/commit as #788964 (as used for fixing CVE-2015-5621)
	NOTE: adresses CVE-2018-1000116 as well.
CVE-2018-7753 (An issue was discovered in Bleach 2.1.x before 2.1.3. Attributes that ...)
	- python-bleach 2.1.3-1 (bug #892252)
	[stretch] - python-bleach <not-affected> (Vulnerable code introduced later)
	[jessie] - python-bleach <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/mozilla/bleach/pull/356
	NOTE: https://github.com/mozilla/bleach/commit/c5df5789ec3471a31311f42c2d19fc2cf21b35ef
CVE-2018-1000117 (Python Software Foundation CPython version From 3.2 until 3.6.4 on ...)
	- python3.7 <not-affected> (Windows-specific)
	- python3.6 <not-affected> (Windows-specific)
	- python3.5 <not-affected> (Windows-specific)
	- python3.4 <not-affected> (Windows-specific)
	NOTE: http://hg.python.org/lookup/6921e73e33edc3c61bc2d78ed558eaa22a89a564
	NOTE: https://bugs.python.org/issue33001
CVE-2018-7740 (The resv_map_release function in mm/hugetlb.c in the Linux kernel ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199037
CVE-2018-7739 (antsle antman before 0.9.1a allows remote attackers to bypass ...)
	NOT-FOR-US: antsle antman
CVE-2018-7737 (In Z-BlogPHP 1.5.1.1740, there is Web Site physical path leakage, as ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-7736 (In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2017-18221 (The __munlock_pagevec function in mm/mlock.c in the Linux kernel before ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.48-1
	[wheezy] - linux <not-affected> (Vulnerable code introduce later)
CVE-2018-7735 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection ...)
	NOT-FOR-US: Afian FileRun
CVE-2018-7734 (Afian FileRun (before 2018.02.13) suffers from a remote SQL injection ...)
	NOT-FOR-US: Afian FileRun
CVE-2018-7733 (An issue was discovered in YxtCMF 3.1. RbacController.class.php has ...)
	NOT-FOR-US: YxtCMF
CVE-2018-7732 (An issue was discovered in YxtCMF 3.1. SQL Injection exists in ...)
	NOT-FOR-US: YxtCMF
CVE-2018-7731 (An issue was discovered in Exempi through 2.4.4. ...)
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <not-affected> (Vulnerable code introduced later)
	[wheezy] - exempi <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105247
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=aabedb5e749dd59112a3fe1e8e08f2d934f56666
CVE-2018-7730 (An issue was discovered in Exempi through 2.4.4. A certain case of a ...)
	{DLA-1310-1}
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105204
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=6cbd34025e5fd3ba47b29b602096e456507ce83b
CVE-2018-7729 (An issue was discovered in Exempi through 2.4.4. There is a stack-based ...)
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	[wheezy] - exempi <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105206
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=baa4b8a02c1ffab9645d13f0bfb1c0d10d311a0c
CVE-2018-7728 (An issue was discovered in Exempi through 2.4.4. ...)
	{DLA-1310-1}
	- exempi 2.4.5-1 (low; bug #892782)
	[stretch] - exempi <no-dsa> (Minor issue)
	[jessie] - exempi <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=105205
	NOTE: https://cgit.freedesktop.org/exempi/commit/?id=e163667a06a9b656a047b0ec660b871f29a83c9f
CVE-2018-7727 (An issue was discovered in ZZIPlib 0.13.68. There is a memory leak ...)
	- zziplib <unfixed> (low)
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/40
CVE-2018-7726 (An issue was discovered in ZZIPlib 0.13.68. There is a bus error caused ...)
	- zziplib <unfixed> (low)
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/41
CVE-2018-7725 (An issue was discovered in ZZIPlib 0.13.68. An invalid memory address ...)
	- zziplib <unfixed> (low)
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/39
CVE-2018-7724 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
	- piwigo <removed>
CVE-2018-7723 (The management panel in Piwigo 2.9.3 has stored XSS via the ...)
	- piwigo <removed>
CVE-2018-7722 (The management panel in Piwigo 2.9.3 has stored XSS via the name ...)
	- piwigo <removed>
CVE-2018-7721 (Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via ...)
	NOT-FOR-US: MetInfo
CVE-2018-7720 (A cross-site request forgery (CSRF) vulnerability exists in Western ...)
	NOT-FOR-US: Western Bridge Cobub Razor
CVE-2018-7719 (Acrolinx Server before 5.2.5 on Windows allows Directory Traversal. ...)
	NOT-FOR-US: Acrolinx Server
CVE-2018-7752 (GPAC through 0.7.1 has a Buffer Overflow in the gf_media_avc_read_sps ...)
	- gpac <unfixed> (bug #892526)
	[stretch] - gpac <no-dsa> (Minor issue)
	[jessie] - gpac <no-dsa> (Minor issue)
	[wheezy] - gpac <not-affected> (vulnerable code not present)
	NOTE: https://github.com/gpac/gpac/issues/997
	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
	NOTE: CVE is for the issue in av_parsers.c and fixed in same commit as
	NOTE: CVE-2018-1000100
CVE-2018-1000100 (GPAC MP4Box version 0.7.1 and earlier contains a Buffer Overflow ...)
	- gpac <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/gpac/gpac/issues/994
	NOTE: https://github.com/gpac/gpac/commit/90dc7f853d31b0a4e9441cba97feccf36d8b69a4
CVE-2018-7738 (In util-linux before 2.32-rc1, bash-completion/umount allows local ...)
	{DSA-4134-1}
	- bash-completion <unfixed> (unimportant)
	- util-linux 2.31.1-0.5 (bug #892179)
	[jessie] - util-linux <not-affected> (umount completion added later)
	[wheezy] - util-linux <not-affected> (umount completion added later)
	NOTE: Fix in bash-completion's from util-linux:
	NOTE: https://github.com/karelzak/util-linux/commit/75f03badd7ed9f1dd951863d75e756883d3acc55#diff-a47601b5dbce9dc06c3af1deb02758c7
	NOTE: src:util-linux/2.28-1 takes over the umount completion from
	NOTE: src:bash-completion (which in turn starting from 1:2.1-4.3
	NOTE: does not provide the umount completion in the binary packaage)
CVE-2018-7718
	RESERVED
CVE-2018-7717 (The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik ...)
	NOT-FOR-US: Kubik-Rubik Simple Image Gallery Extended (SIGE) extension for Joomla!
CVE-2018-7716 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7715 (PrivateVPN 2.0.31 for macOS suffers from a root privilege escalation ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7714 (The validateInputImageSize function in ...)
	- opencv <unfixed> (low)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <ignored> (Minor issue)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7713 (The validateInputImageSize function in ...)
	- opencv <unfixed> (low)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <ignored> (Minor issue)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7712 (The validateInputImageSize function in ...)
	- opencv <unfixed> (low)
	[stretch] - opencv <ignored> (Minor issue)
	[jessie] - opencv <ignored> (Minor issue)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/xiaoqx/pocs/tree/master/opencv/dos-by-assert
	NOTE: https://github.com/opencv/opencv/issues/10998
CVE-2018-7710
	RESERVED
CVE-2018-7709
	RESERVED
CVE-2018-7708
	RESERVED
CVE-2018-7707 (Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7706 (Directory traversal vulnerability in SecurEnvoy SecurMail before ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7705 (Directory traversal vulnerability in SecurEnvoy SecurMail before ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7704 (SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7703 (Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7702 (SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2018-7701 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: SecurEnvoy SecurMail
CVE-2017-18220 (The ReadOneJNGImage and ReadJNGImage functions in coders/png.c in ...)
	{DLA-1322-1}
	- graphicsmagick 1.3.26-8
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98721124e51f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/438/
	NOTE: Issue is related to CVE-2017-11403 but not the same issue.
	TODO: check, needs clarification, the issue is CloseBlob use-after-free
CVE-2017-18219 (An issue was discovered in GraphicsMagick 1.3.26. An allocation failure ...)
	{DLA-1322-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/cadd4b0522fa
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/459/
CVE-2018-7700 (DedeCMS 5.7 has CSRF with an impact of arbitrary code execution, ...)
	NOT-FOR-US: DedeCMS
CVE-2018-7699
	RESERVED
CVE-2018-7698 (An issue was discovered in D-Link mydlink+ 3.8.5 build 259 for DCS-933L ...)
	NOT-FOR-US: D-Link
CVE-2018-7697
	RESERVED
CVE-2018-7696
	RESERVED
CVE-2018-7695
	RESERVED
CVE-2018-7694
	RESERVED
CVE-2018-7693
	RESERVED
CVE-2018-7692
	RESERVED
CVE-2018-7691
	RESERVED
CVE-2018-7690
	RESERVED
CVE-2018-7689
	RESERVED
CVE-2018-7688
	RESERVED
CVE-2018-7687
	RESERVED
CVE-2018-7686
	RESERVED
CVE-2018-7685
	RESERVED
CVE-2018-7684
	RESERVED
CVE-2018-7683
	RESERVED
CVE-2018-7682
	RESERVED
CVE-2018-7681
	RESERVED
CVE-2018-7680
	RESERVED
CVE-2018-7679
	RESERVED
CVE-2018-7678 (A cross site scripting vulnerability exist in the Administration ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-7677 (A CSRF exposure exists in NetIQ Access Manager (NAM) 4.4 Identity ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-7676 (The NetIQ Identity Manager, in versions prior to 4.7, userapp with log ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7675 (In NetIQ Sentinel before 8.1.x, a Sentinel user is logged into the ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2018-7674 (The NetIQ Identity Manager user console, in versions prior to 4.7, is ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-7673 (The NetIQ Identity Manager communication channel, in versions prior to ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-18218 (In drivers/net/ethernet/hisilicon/hns/hns_enet.c in the Linux kernel ...)
	{DSA-4188-1}
	- linux 4.13.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/27463ad99f738ed93c7c8b3e2e5bc8c4853a2ff2
CVE-2017-18217 (An issue was discovered in InvoicePlane before 1.5.5. It was observed ...)
	NOT-FOR-US: InvoicePlane
CVE-2017-18216 (In fs/ocfs2/cluster/nodemanager.c in the Linux kernel before 4.15, ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: Fixed by: https://git.kernel.org/linus/853bc26a7ea39e354b9f8889ae7ad1492ffa28d2
CVE-2017-18215 (xvpng.c in xv 3.10a has memory corruption (out-of-bounds write) when ...)
	- xv <removed>
CVE-2018-7672
	RESERVED
CVE-2018-7671
	RESERVED
CVE-2018-7670
	RESERVED
CVE-2018-7669 (An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 ...)
	NOT-FOR-US: Sitecore
CVE-2018-7668 (TestLink through 1.9.16 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: TestLink
CVE-2018-7667 (Adminer through 4.3.1 has SSRF via the server parameter. ...)
	{DLA-1311-1}
	- adminer 4.5.0-1 (bug #893668)
	[stretch] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling)
	[jessie] - adminer <no-dsa> (Minor issue, issue can be mitigated by upfront application firewalling)
	NOTE: http://hyp3rlinx.altervista.org/advisories/ADMINER-UNAUTHENTICATED-SERVER-SIDE-REQUEST-FORGERY.txt
	NOTE: https://github.com/vrana/adminer/commit/0fae40fb611b5c8167fa2b8d40bf576a8935a380
	NOTE: adminer 4.4.0 disallows connecting to privileged ports, and thus not "enumerating"
	NOTE: services on (another) host for ports < 1024.
	NOTE: Additionally 4.4.0 rate-limits password-less login attempts from the same
	NOTE: IP address:
	NOTE: https://github.com/vrana/adminer/commit/0e5df34ea87ad34c1bc0ceac162eb86175d611a3
CVE-2018-7666 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. SQL ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7665 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. A ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7664 (An issue was discovered in ClipBucket before 4.0.0 Release 4902. Any OS ...)
	NOT-FOR-US: ClipBucket
CVE-2018-7663 (An issue was discovered in resources/views/layouts/app.blade.php in ...)
	NOT-FOR-US: Voten.co
CVE-2018-7662 (Couch through 2.0 allows remote attackers to discover the full path via ...)
	NOT-FOR-US: CouchCMS
CVE-2018-7661 (Papenmeier WiFi Baby Monitor Free &amp; Lite before 2.02.2 allows remote ...)
	NOT-FOR-US: Papenmeier WiFi Baby Monitor Free & Lite
CVE-2018-7660 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Reflected ...)
	NOT-FOR-US: OpenText Documentum D2 Webtop
CVE-2018-7659 (In OpenText Documentum D2 Webtop v4.6.0030 build 059, a Stored ...)
	NOT-FOR-US: OpenText Documentum D2 Webtop
CVE-2018-7711 (HTTPRedirect.php in the saml2 library in SimpleSAMLphp before 1.15.4 ...)
	{DLA-1314-1}
	- simplesamlphp 1.15.4-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: failure mode hard to trigger for an attacker, signing of redirect binding in many cases not that important
	NOTE: https://simplesamlphp.org/security/201803-01
	NOTE: https://github.com/simplesamlphp/saml2/commit/4f6af7f69f29df8555a18b9bb7b646906b45924d
CVE-2018-7658 (NTSServerSvc.exe in the server in Softros Network Time System 2.3.4 ...)
	NOT-FOR-US: Softros Network Time System
CVE-2018-7657
	RESERVED
CVE-2018-7656
	RESERVED
CVE-2018-7655
	RESERVED
CVE-2018-7654 (On 3CX 15.5.6354.2 devices, the parameter &quot;file&quot; in the request ...)
	NOT-FOR-US: 3CX 15.5.6354.2 devices
CVE-2018-7653 (In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7652 (lib/Zonemaster/GUI/Dancer/Export.pm in Zonemaster Web GUI before 1.0.11 ...)
	NOT-FOR-US: Zonemaster Web GUI
	NOTE: The source (1.0.7) is in Salsa, but never uploaded: https://salsa.debian.org/perl-team/modules/packages/zonemaster-gui
CVE-2017-18213 (In Exponent CMS before 2.4.1 Patch #6, certain admin users can elevate ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-18214 (The moment module before 2.19.3 for Node.js is prone to a regular ...)
	- node-moment 2.19.3+ds-1 (unimportant)
	NOTE: fixed in 2.19.3 upstream
	NOTE: https://github.com/moment/moment/commit/69ed9d44957fa6ab12b73d2ae29d286a857b80eb
	NOTE: https://github.com/moment/moment/pull/4326
	NOTE: https://github.com/moment/moment/issues/4163
	NOTE: https://nodesecurity.io/advisories/532
	NOTE: nodejs not covered by security support
CVE-2018-7651 (index.js in the ssri module before 5.2.2 for Node.js is prone to a ...)
	- node-ssri 5.2.4-1 (unimportant; bug #891980)
	NOTE: fixed in 5.2.2
	NOTE: https://github.com/zkat/ssri/commit/d0ebcdc22cb5c8f47f89716d08b3518b2485d65d
	NOTE: https://github.com/zkat/ssri/issues/10
	NOTE: https://nodesecurity.io/advisories/565
	NOTE: nodejs not covered by security support
CVE-2018-1000119 (Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier ...)
	- ruby-rack-protection <unfixed> (bug #892250)
	[wheezy] - ruby-rack-protection <ignored> (Low prio package and low prio vulnerability according to RedHat)
	NOTE: https://snyk.io/vuln/SNYK-RUBY-SINATRA-20470
	NOTE: https://snyk.io/vuln/SNYK-RUBY-RACKPROTECTION-20395
	NOTE: https://github.com/sinatra/sinatra/commit/8aa6c42ef724f93ae309fb7c5668e19ad547eceb
CVE-2018-1000115 (Memcached version 1.5.5 contains an Insufficient Control of Network ...)
	- memcached 1.5.6-1
	[stretch] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
	[jessie] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
	[wheezy] - memcached <no-dsa> (Minor issue; Debian defaults to listen only on localhost)
	NOTE: Upstream 1.5.6 disables by default the UDP protocol
	NOTE: https://github.com/memcached/memcached/commit/dbb7a8af90054bf4ef51f5814ef7ceb17d83d974
	NOTE: Documentation in memcached's config files clearly mentions the
	NOTE: issues: "Specify which IP address to listen on. The default
	NOTE: (upstream) is to listen on all IP addresses. [...] so make sure
	NOTE: it's listening on a firewalled interface."
CVE-2018-7650 (PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone:Script Classified Application
CVE-2018-7649
	RESERVED
CVE-2018-7648 (An issue was discovered in mj2/opj_mj2_extract.c in OpenJPEG 2.3.0. The ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/kbabioch/openjpeg/commit/6d8c0c06ee32dc03ba80acd48334e98728e56cf5
	NOTE: https://github.com/uclouvain/openjpeg/issues/1088
	NOTE: The Debian package is built with -DBUILD_MJ2:BOOL=OFF
CVE-2018-7647
	RESERVED
CVE-2018-7646
	RESERVED
CVE-2018-7645
	RESERVED
CVE-2018-7643 (The display_debug_ranges function in dwarf.c in GNU Binutils 2.30 ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22905
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d11ae95ea3403559f052903ab053f43ad7821e37
CVE-2018-7642 (The swap_std_reloc_in function in aoutx.h in the Binary File Descriptor ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22887
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=116acb2c268c89c89186673a7c92620d21825b25
CVE-2018-7641 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7640 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7639 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7638 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7637 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/185
	NOTE: https://github.com/dtschump/CImg/commit/10af1e8c1ad2a58a0a3342a856bae63e8f257abb
CVE-2018-7636
	RESERVED
CVE-2018-7635
	RESERVED
CVE-2018-7634 (An issue was discovered in Enalean Tuleap 9.17. Lack of CSRF attack ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-7633
	RESERVED
CVE-2018-7632
	RESERVED
CVE-2018-7631
	RESERVED
CVE-2018-7630
	RESERVED
CVE-2018-7629
	RESERVED
CVE-2018-7628
	RESERVED
CVE-2018-7627
	RESERVED
CVE-2018-7626
	RESERVED
CVE-2018-7625
	RESERVED
CVE-2018-7624
	RESERVED
CVE-2018-7623
	RESERVED
CVE-2018-7622
	RESERVED
CVE-2018-7621
	RESERVED
CVE-2018-7620
	RESERVED
CVE-2018-7619
	RESERVED
CVE-2018-7618
	RESERVED
CVE-2018-7617
	RESERVED
CVE-2018-7616
	RESERVED
CVE-2018-7615
	RESERVED
CVE-2018-7614
	RESERVED
CVE-2018-7613
	RESERVED
CVE-2018-7612
	RESERVED
CVE-2018-7611
	RESERVED
CVE-2018-7610
	RESERVED
CVE-2018-7609
	RESERVED
CVE-2018-7608
	RESERVED
CVE-2018-7607
	RESERVED
CVE-2018-7606
	RESERVED
CVE-2018-7605
	RESERVED
CVE-2018-7604
	RESERVED
CVE-2018-7603
	RESERVED
CVE-2018-7602 [SA-CORE-2018-004]
	RESERVED
	{DSA-4180-1 DLA-1365-1}
	- drupal7 <removed> (bug #896701)
	NOTE: https://www.drupal.org/psa-2018-003
	NOTE: https://www.drupal.org/sa-core-2018-004
	NOTE: https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=080daa38f265ea28444c540832509a48861587d0
CVE-2018-7601
	RESERVED
CVE-2018-7599
	RESERVED
CVE-2018-7598
	RESERVED
CVE-2018-7597
	RESERVED
CVE-2018-7596
	RESERVED
CVE-2018-7595
	RESERVED
CVE-2018-7594
	RESERVED
CVE-2018-7593
	RESERVED
CVE-2018-7592
	RESERVED
CVE-2018-7591
	RESERVED
CVE-2018-7590 (CSRF exists in Hoosk 1.7.0 via /admin/users/new/add, resulting in ...)
	NOT-FOR-US: Hoosk
CVE-2018-7589 (An issue was discovered in CImg v.220. A double free in load_bmp in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/184
	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7588 (An issue was discovered in CImg v.220. A heap-based buffer over-read in ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
	NOTE: https://github.com/dtschump/CImg/issues/183
	NOTE: https://github.com/dtschump/CImg/commit/8447076ef22322a14a0ce130837e44c5ba8095f4
CVE-2018-7587 (An issue was discovered in CImg v.220. DoS occurs when loading a ...)
	- cimg <unfixed> (low; bug #892780)
	[stretch] - cimg <no-dsa> (Minor issue)
	[jessie] - cimg <no-dsa> (Minor issue)
	[wheezy] - cimg <no-dsa> (Minor issue)
CVE-2018-7586 (In the nextgen-gallery plugin before 2.2.50 for WordPress, gallery ...)
	NOT-FOR-US: nextgen-gallery plugin for WordPress
CVE-2017-18212 (An issue was discovered in JerryScript 1.0. There is a heap-based ...)
	NOT-FOR-US: JerryScript
CVE-2018-7585
	RESERVED
CVE-2018-7584 (In PHP through 5.6.33, 7.0.x before 7.0.28, 7.1.x through 7.1.14, and ...)
	{DLA-1326-1}
	- php7.2 7.2.3-1
	- php7.1 7.1.15-1
	- php7.0 7.0.28-1
	- php5 <removed>
	NOTE: Fixed in 5.6.34, 7.0.28, 7.1.15, 7.2.3
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75981
	NOTE: https://github.com/php/php-src/commit/523f230c831d7b33353203fa34aee4e92ac12bba
CVE-2018-7583 (Proxy.exe in DualDesk 20 allows Remote Denial Of Service (daemon crash) ...)
	NOT-FOR-US: Proxy.exe in DualDesk 20
CVE-2018-7582 (WebLog Expert Web Server Enterprise 9.4 allows Remote Denial Of ...)
	NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7581 (\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert ...)
	NOT-FOR-US: WebLog Expert Web Server Enterprise
CVE-2018-7580
	RESERVED
CVE-2017-18211 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/792
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96c2fab85e1699c87080271254c5a01387805564
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/22eec833cd72b5abab2627fcacc27d2dfb6aa6e7
CVE-2017-18210 (In ImageMagick 7.0.7, a NULL pointer dereference vulnerability was ...)
	- imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/791
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d2b87b403059af21db3002db95f4603f32b492ef
	NOTE: The commit referenced the wrong issue in the upstream issue tracker, but
	NOTE: as noted in https://github.com/ImageMagick/ImageMagick/issues/791#issuecomment-334050314
CVE-2017-18209 (In the GetOpenCLCachedFilesDirectory function in magick/opencl.c in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/790
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6ac2858a87df6d645813e43928b4f01a3169ad3f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cca91aa1861818342e3d072bb0fad7dc4ffac24a
CVE-2018-7579 (\application\admin\controller\update_urls.class.php in YzmCMS 3.6 has ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7578
	RESERVED
CVE-2018-7577
	RESERVED
CVE-2018-7576
	RESERVED
CVE-2018-7575
	RESERVED
CVE-2018-7574
	RESERVED
CVE-2018-7573 (An issue was discovered in FTPShell Client 6.7. A remote FTP server can ...)
	NOT-FOR-US: FTPShell Client
CVE-2018-7572
	RESERVED
CVE-2018-7571
	RESERVED
CVE-2018-7570 (The assign_file_positions_for_non_load_sections function in elf.c in ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22881
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=01f7e10cf2dcf403462b2feed06c43135651556d
CVE-2018-7569 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22895
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=12c963421d045a127c413a0722062b9932c50aa9
CVE-2018-7568 (The parse_die function in dwarf1.c in the Binary File Descriptor (BFD) ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22894
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eef104664efb52965d85a28bc3fc7c77e52e48e2
CVE-2017-18208 (The madvise_willneed function in mm/madvise.c in the Linux kernel ...)
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <ignored> (Only affects ARM with XIP enabled)
	[wheezy] - linux <ignored> (Only affects ARM with XIP enabled)
	NOTE: Fixed by: https://git.kernel.org/linus/6ea8d958a2c95a1d514015d4e29ba21a8c0a1a91
CVE-2017-18207 (** DISPUTED ** The Wave_read._read_fmt_chunk function in Lib/wave.py ...)
	NOTE: Nonsense report for Python
CVE-2018-1000103
	REJECTED
CVE-2018-1000102
	REJECTED
CVE-2018-1000114 (An improper authorization vulnerability exists in Jenkins Promoted ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000113 (A cross-site scripting vulnerability exists in Jenkins TestLink Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000112 (An improper authorization vulnerability exists in Jenkins Mercurial ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000111 (An improper authorization vulnerability exists in Jenkins Subversion ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000110 (An improper authorization vulnerability exists in Jenkins Git Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000109 (An improper authorization vulnerability exists in Jenkins Google Play ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000108 (A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000107 (An improper authorization vulnerability exists in Jenkins Job and Node ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000106 (An improper authorization vulnerability exists in Jenkins Gerrit ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000105 (An improper authorization vulnerability exists in Jenkins Gerrit ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000104 (A plaintext storage of a password vulnerability exists in Jenkins ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-7567 (** DISPUTED ** In the Admin Package Manager in Open Ticket Request ...)
	- otrs2 <unfixed> (unimportant)
	NOTE: PoC https://0day.today/exploit/29938
	NOTE: Admin Package Manager works as designed and warns if a package is beeing
	NOTE: installed which is not verified by the OTRS Group. Responsiblity of the
	NOTE: respective admin to check packages before installation.
CVE-2018-7566 (The Linux kernel 4.15 has a Buffer Overflow via an ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/d15d662e89fc667b90cd294b0eb45694e33144da
CVE-2018-7565 (CSRF exists on Polycom QDX 6000 devices. ...)
	NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7564 (Stored XSS exists on Polycom QDX 6000 devices. ...)
	NOT-FOR-US: Polycom QDX 6000 devices
CVE-2018-7563 (An issue was discovered in GLPI through 9.2.1. The application is ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7562 (A remote code execution issue was discovered in GLPI through 9.2.1. ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2018-7561 (Stack-based Buffer Overflow in httpd on Tenda AC9 devices ...)
	NOT-FOR-US: Tenda AC9 devices
CVE-2018-7560 (index.js in the Anton Myshenin aws-lambda-multipart-parser NPM package ...)
	NOT-FOR-US: aws-lambda-multipart-parser NPM package
CVE-2018-7559
	RESERVED
CVE-2018-7558
	RESERVED
CVE-2018-7557 (The decode_init function in libavcodec/utvideodec.c in FFmpeg through ...)
	- ffmpeg <unfixed>
	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
	- libav <removed>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/7414d0bda7763f9bd69c26c068e482ab297c1c96
CVE-2018-7556 (LimeSurvey 2.6.x before 2.6.7, 2.7x.x before 2.73.1, and 3.x before ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-7555
	RESERVED
CVE-2018-7554 (There is an invalid free in ReadImage in input-bmp.ci that leads to a ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
	NOTE: https://github.com/pts/sam2p/issues/29
	NOTE: https://github.com/pts/sam2p/commit/a6621e996f976912252018be8a8836ee6a966ee3
	NOTE: https://github.com/pts/sam2p/commit/118cb8102b767df4100d8a14184e44b33a822861
	NOTE: https://github.com/pts/sam2p/commit/1e43ec5fe34b009cb43f90a9d562442ca347cd75
	NOTE: https://github.com/pts/sam2p/commit/beea3bd8dd05a731fddfa447ff0bad19fe32c973
	NOTE: https://github.com/pts/sam2p/commit/47378716ab03d6b39ee959c949df551c643942f1
CVE-2018-7553 (There is a heap-based buffer overflow in the pcxLoadRaster function of ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
	NOTE: https://github.com/pts/sam2p/issues/32
CVE-2018-7552 (There is an invalid free in Mapping::DoubleHash::clear in mapping.cpp ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
	NOTE: https://github.com/pts/sam2p/issues/30
	NOTE: CVE-2018-7554 patches will address this issue too.
CVE-2018-7551 (There is an invalid free in MiniPS::delete0 in minips.cpp that leads to ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
	NOTE: https://github.com/pts/sam2p/issues/28
CVE-2018-7550 (The load_multiboot function in hw/i386/multiboot.c in Quick Emulator ...)
	{DLA-1351-1 DLA-1350-1}
	- qemu 1:2.12~rc3+dfsg-1 (bug #892041)
	- qemu-kvm <removed>
	NOTE: https://git.qemu.org/?p=qemu.git;a=patch;h=2a8fcd119eb7c6bb3837fc3669eb1b2dfb31daf8
CVE-2018-7549 (In params.c in zsh through 5.4.2, there is a crash during a copy of an ...)
	- zsh <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/c2cc8b0fbefc9868fa83537f5b6d90fc1ec438dd
	NOTE: no security impact
CVE-2018-7548 (In subst.c in zsh through 5.4.2, there is a NULL pointer dereference ...)
	- zsh <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/110b13e1090bc31ac1352b28adc2d02b6d25a102
	NOTE: no security impact
CVE-2018-7547 (lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the ...)
	NOT-FOR-US: lyadmin
CVE-2018-7546
	RESERVED
CVE-2018-7545
	RESERVED
CVE-2017-18206 (In utils.c in zsh before 5.4, symlink expansion had a buffer overflow. ...)
	{DLA-1304-1}
	- zsh 5.4.1-1
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/c7a9cf465dd620ef48d586026944d9bd7a0d5d6d
CVE-2017-18205 (In builtin.c in zsh before 5.4, when sh compatibility mode is used, ...)
	- zsh 5.4.1-1 (unimportant)
	NOTE: https://sourceforge.net/p/zsh/code/ci/eb783754bdb74377f3cea4ceca9c23a02ea1bf58
	NOTE: no security impact
CVE-2016-10714 (In zsh before 5.3, an off-by-one error resulted in undersized buffers ...)
	{DLA-1304-1}
	- zsh 5.3-1
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/a62e1640bcafbb82d86ea8d8ce057a83c4683d60
CVE-2014-10072 (In utils.c in zsh before 5.0.6, there is a buffer overflow when ...)
	{DLA-1304-1}
	- zsh 5.0.6-1
	NOTE: https://sourceforge.net/p/zsh/code/ci/3e06aeabd8a9e8384ebaa8b08996cd1f64737210
CVE-2014-10071 (In exec.c in zsh before 5.0.7, there is a buffer overflow for very long ...)
	{DLA-1304-1}
	- zsh 5.0.7-3
	NOTE: https://sourceforge.net/p/zsh/code/ci/49a3086bb67575435251c70ee598e2fd406ef055
	NOTE: Debian needed to add cherry-pick-9982ab6f-missing-changelog-entry
CVE-2014-10070 (zsh before 5.0.7 allows evaluation of the initial values of integer ...)
	{DLA-1304-1}
	- zsh 5.0.7-3
	NOTE: https://sourceforge.net/p/zsh/code/ci/546203a770cec329e73781c3c8ab1078390aee72
CVE-2018-7544 (** DISPUTED ** A cross-protocol scripting issue was discovered in the ...)
	- openvpn <unfixed> (unimportant)
	NOTE: Not a security issue per se, later versions might explicitly warn in
	NOTE: affected problematic configurations in both the documentation and with
	NOTE: a runtime warning.
CVE-2018-7543 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-7539 (On Appear TV XC5000 and XC5100 devices with firmware 3.26.217, it is ...)
	NOT-FOR-US: Appear TV XC5000 and XC5100 devices
CVE-2018-7538 (A SQL injection vulnerability in the tracker functionality of Enalean ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2018-7542 (An issue was discovered in Xen 4.8.x through 4.10.x allowing x86 PVH ...)
	{DSA-4131-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	[jessie] - xen <not-affected> (Vulnerable code introduced later)
	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-256.html
CVE-2018-7541 (An issue was discovered in Xen through 4.10.x allowing guest OS users ...)
	{DSA-4131-1 DLA-1300-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-255.html
CVE-2018-7540 (An issue was discovered in Xen through 4.10.x allowing x86 PV guest OS ...)
	{DSA-4131-1 DLA-1300-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-252.html
CVE-2018-7644 (The XmlSecLibs library as used in the saml2 library in SimpleSAMLphp ...)
	{DSA-4127-1 DLA-1298-1}
	- simplesamlphp 1.15.3-1
	NOTE: https://simplesamlphp.org/security/201802-01
	NOTE: Fixed by: https://github.com/simplesamlphp/saml2/commit/88a9ae848c4b310b1c53b5700893d890999dd930
CVE-2018-7537 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...)
	{DSA-4161-1 DLA-1303-1}
	- python-django 1:1.11.11-1
	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
	NOTE: Patch https://github.com/django/django/commit/a91436360b79a6ff995c3e5018bcc666dfaf1539
CVE-2018-7536 (An issue was discovered in Django 2.0 before 2.0.3, 1.11 before ...)
	{DSA-4161-1 DLA-1303-1}
	- python-django 1:1.11.11-1
	NOTE: https://www.djangoproject.com/weblog/2018/mar/06/security-releases/
	NOTE: Patch https://github.com/django/django/commit/abf89d729f210c692a50e0ad3f75fb6bec6fae16
CVE-2018-7535
	RESERVED
CVE-2018-7534
	RESERVED
CVE-2018-7533 (An Incorrect Default Permissions issue was discovered in OSIsoft PI ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7532 (Unauthentication vulnerabilities have been identified in Geutebruck ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7531 (An Improper Input Validation issue was discovered in OSIsoft PI Data ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7530 (Parsing malformed project files in Omron CX-One versions 4.42 and ...)
	NOT-FOR-US: Omron
CVE-2018-7529 (A Deserialization of Untrusted Data issue was discovered in OSIsoft PI ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7528 (An SQL injection vulnerability has been identified in Geutebruck ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7527 (A buffer overflow can be triggered in LeviStudio HMI Editor, Version ...)
	NOT-FOR-US: LeviStudio HMI Editor
CVE-2018-7526
	RESERVED
CVE-2018-7525 (In Omron CX-Supervisor Versions 3.30 and prior, processing a malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7524 (A cross-site request forgery vulnerability has been identified in ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7523 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7522 (In Schneider Electric Triconex Tricon MP model 3008 firmware versions ...)
	NOT-FOR-US: Schneider
CVE-2018-7521 (In Omron CX-Supervisor Versions 3.30 and prior, use after free ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7520 (An improper access control vulnerability has been identified in ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7519 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7518
	RESERVED
CVE-2018-7517 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7516 (A server-side request forgery vulnerability has been identified in ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7515 (In Omron CX-Supervisor Versions 3.30 and prior, access of ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7514 (Parsing malformed project files in Omron CX-One versions 4.42 and ...)
	NOT-FOR-US: Omron
CVE-2018-7513 (In Omron CX-Supervisor Versions 3.30 and prior, parsing malformed ...)
	NOT-FOR-US: Omron CX-Supervisor
CVE-2018-7512 (A cross-site scripting vulnerability has been identified in Geutebruck ...)
	NOT-FOR-US: IP Geutebruck and Topline IP cameras
CVE-2018-7511 (In Eaton ELCSoft versions 2.04.02 and prior, there are multiple cases ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2018-7510
	RESERVED
CVE-2018-7509 (WPLSoft in Delta Electronics versions 2.45.0 and prior writes data ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7508 (A Cross-site Scripting issue was discovered in OSIsoft PI Web API ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7507 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7506 (The private key of the web server in Moxa MXview versions 2.8 and ...)
	NOT-FOR-US: Moxa
CVE-2018-7505 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-7504 (A Protection Mechanism Failure issue was discovered in OSIsoft PI ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7503 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-7502 (Kernel drivers in Beckhoff TwinCAT 3.1 Build 4022.4, TwinCAT 2.11 R3 ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2018-7501 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-7500 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7499 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-7498 (In Philips Alice 6 System version R8.0.2 or prior, the lack of proper ...)
	NOT-FOR-US: Philips Alice 6 System
CVE-2018-7497 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-7496 (An Information Exposure issue was discovered in OSIsoft PI Vision ...)
	NOT-FOR-US: OSIsoft PI
CVE-2018-7495 (In Advantech WebAccess versions V8.2_20170817 and prior, WebAccess ...)
	NOT-FOR-US: Advantech
CVE-2018-7494 (WPLSoft in Delta Electronics versions 2.45.0 and prior utilizes a ...)
	NOT-FOR-US: Delta Electronics
CVE-2018-7493 (CactusVPN through 6.0 for macOS suffers from a root privilege ...)
	NOT-FOR-US: CactusVPN for macOS
CVE-2017-18204 (The ocfs2_setattr function in fs/ocfs2/file.c in the Linux kernel ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/28f5a8a7c033cbf3e32277f4cc9c6afd74f05300
CVE-2017-18203 (The dm_get_from_kobject function in drivers/md/dm.c in the Linux kernel ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/b9a41d21dceadf8104812626ef85dc56ee8a60ed
CVE-2017-18202 (The __oom_reap_task_mm function in mm/oom_kill.c in the Linux kernel ...)
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/687cb0884a714ff484d038e9190edc874edcf146
CVE-2018-7492 (A NULL pointer dereference was found in the net/rds/rdma.c ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.7-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/f3069c6d33f6ae63a1668737bc78aaaa51bff7ca
CVE-2018-7491 (In PrestaShop through 1.7.2.5, a UI-Redressing/Clickjacking ...)
	NOT-FOR-US: PrestaShop
CVE-2018-7490 (uWSGI before 2.0.17 mishandles a DOCUMENT_ROOT check during use of the ...)
	{DSA-4142-1}
	- uwsgi 2.0.15-10.4 (bug #891639)
	[wheezy] - uwsgi <not-affected> (plugin package introduced in jessie)
	NOTE: Fixed in 2.0.17 upstream
	NOTE: https://github.com/unbit/uwsgi/commit/0a480f435ea6feb63deb410ad2bf376ed3f05f8a
	NOTE: https://blog.runesec.com/2018/03/01/uwsgi-path-traversal/
CVE-2018-7489 (FasterXML jackson-databind before 2.8.11.1 and 2.9.x before 2.9.5 ...)
	{DSA-4190-1}
	- jackson-databind 2.9.5-1 (bug #891614)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1931
	NOTE: https://github.com/FasterXML/jackson-databind/commit/6799f8f10cc78e9af6d443ed6982d00a13f2e7d2
CVE-2018-7488
	RESERVED
CVE-2018-7487 (There is a heap-based buffer overflow in the LoadPCX function of ...)
	{DLA-1340-1}
	- sam2p <removed>
	[jessie] - sam2p <no-dsa> (Will be fixed via point release)
	NOTE: https://github.com/pts/sam2p/issues/18
CVE-2018-7486 (Blue River Mura CMS before v7.0.7029 supports inline function calls ...)
	NOT-FOR-US: Blue River Mura CMS
CVE-2018-7485 (The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC ...)
	- unixodbc <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
	NOTE: Issue introduced with https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
	NOTE: when actually fixing another potential (security) issue, "Buffer
	NOTE: overflows and missing null checks in SQLConfigDataSource,
	NOTE: SQLInstallDriverEx, and SQLWriteFileDSN"
CVE-2017-18201 (An issue was discovered in GNU libcdio before 2.0.0. There is a double ...)
	[experimental] - libcdio 2.0.0-1
	- libcdio <unfixed> (bug #891638)
	[stretch] - libcdio <not-affected> (Vulnerable code introduced post 0.92)
	[jessie] - libcdio <not-affected> (Vulnerable code introduced post 0.92)
	[wheezy] - libcdio <not-affected> (Vulnerable code introduced post 0.92)
	NOTE: Fixed by https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=f6f9c48fb40b8a1e8218799724b0b61a7161eb1d
	NOTE: with https://git.savannah.gnu.org/cgit/libcdio.git/commit/?id=dec2f876c2d7162da213429bce1a7140cdbdd734
CVE-2018-7484 (An issue was discovered in PureVPN through 5.19.4.0 on Windows. The ...)
	NOT-FOR-US: PureVPN on Windows
CVE-2018-7483
	RESERVED
CVE-2018-7482 (** DISPUTED ** The K2 component 2.8.0 for Joomla! has Incorrect Access ...)
	NOT-FOR-US: K2 component for Joomla!
CVE-2017-18200 (The f2fs implementation in the Linux kernel before 4.14 mishandles ...)
	- linux <not-affected> (Vulnerable code not present)
CVE-2018-1000099 (Teluu PJSIP version 2.7.1 and earlier contains a Access of ...)
	{DSA-4170-1}
	- pjproject 2.7.2~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-003.html
	NOTE: https://trac.pjsip.org/repos/ticket/2092
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2018-1000098 (Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow ...)
	{DSA-4170-1}
	- pjproject 2.7.2~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-002.html
	NOTE: https://trac.pjsip.org/repos/ticket/2093
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2018-1000101 (Mingw-w64 version 5.0.3 and earlier contains an Improper Null ...)
	- mingw-w64 <unfixed> (low; bug #897196)
	[stretch] - mingw-w64 <ignored> (Minor issue)
	[jessie] - mingw-w64 <ignored> (Minor issue)
	[wheezy] - mingw-w64 <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/mingw-w64/bugs/709/
CVE-2018-7481
	RESERVED
CVE-2018-7480 (The blkcg_init_queue function in block/blk-cgroup.c in the Linux ...)
	{DSA-4188-1}
	- linux 4.11.6-1
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/9b54d816e00425c3a517514e0d677bb3cec49258
CVE-2018-7479 (YzmCMS 3.6 allows remote attackers to discover the full path via a ...)
	NOT-FOR-US: YzmCMS
CVE-2018-7478
	RESERVED
CVE-2018-7477 (SQL Injection exists in PHP Scripts Mall School Management Script 3.0.4 ...)
	NOT-FOR-US: PHP Scripts Mall School Management Script
CVE-2018-7476 (controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site ...)
	NOT-FOR-US: FineCms
CVE-2018-7475
	RESERVED
CVE-2018-7474 (An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is ...)
	- textpattern <removed>
CVE-2018-7473 (Open redirect vulnerability in the SO Connect SO WIFI hotspot web ...)
	NOT-FOR-US: SO Connect SO WIFI
CVE-2018-7472 (INVT Studio 1.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: INVT Studio
CVE-2018-7471 (KingView 7.5SP1 has an integer overflow during stgopenstorage API read ...)
	NOT-FOR-US: KingView
CVE-2018-7470 (An issue was discovered in ImageMagick 7.0.7-22 Q16. The ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (unimportant; bug #891420)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/998
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e80713e5132a3bd26702ee0a833306f7e801469
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8130e12eb30685ef958f4e62fe624da393920be7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7305dacfcdf5e51c4f8d0ba9f77fa97792f8acf7
	NOTE: webp support not enabled, see #806425
CVE-2018-7469 (PHP Scripts Mall Entrepreneur Job Portal Script 2.0.9 has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Entrepreneur Job Portal Script
CVE-2018-7468
	RESERVED
CVE-2018-7467 (AxxonSoft Axxon Next has Directory Traversal via an initial /css//..%2f ...)
	NOT-FOR-US: AxxonSoft Axxon Next
CVE-2018-7466 (install/installNewDB.php in TestLink through 1.9.16 allows remote ...)
	NOT-FOR-US: TestLink
CVE-2018-7465 (An XSS issue was discovered in VirtueMart before 3.2.14. All the ...)
	NOT-FOR-US: VirtueMart
CVE-2018-7464
	RESERVED
CVE-2018-7463 (SQL injection vulnerability in files.php in the &quot;files&quot; component in ...)
	NOT-FOR-US: ASANHAMAYESH CMS
CVE-2018-7462
	RESERVED
CVE-2018-7461
	RESERVED
CVE-2018-7460
	RESERVED
CVE-2018-7459
	RESERVED
CVE-2018-7458
	RESERVED
CVE-2018-7457
	RESERVED
CVE-2018-7456 (A NULL Pointer Dereference occurs in the function TIFFPrintDirectory in ...)
	{DLA-1347-1 DLA-1346-1}
	- tiff 4.0.9-5 (bug #891288)
	[stretch] - tiff <postponed> (Can be fixed along in a future DSA)
	[jessie] - tiff <postponed> (Can be fixed along in a future DSA)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2778
	NOTE: https://gitlab.com/libtiff/libtiff/commit/be4c85b16e8801a16eec25e80eb9f3dd6a96731b
CVE-2018-7455 (An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=654&p=819#p819
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7454 (A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7453 (Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?p=814#p814
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7452 (A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
	NOTE: Reproducer correctly detected as broken with jessie's poppler build
CVE-2018-7451
	RESERVED
CVE-2018-7450
	RESERVED
CVE-2018-7449 (SEGGER FTP Server for Windows before 3.22a allows remote attackers to ...)
	NOT-FOR-US: SEGGER embOS/IP FTP Server
CVE-2018-7448 (Remote code execution vulnerability in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-7447 (mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site ...)
	NOT-FOR-US: mojoPortal
CVE-2018-7446
	RESERVED
CVE-2018-7445 (A buffer overflow was found in the MikroTik RouterOS SMB service when ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2018-7444
	RESERVED
CVE-2017-18199 (realloc_symlink in rock.c in GNU libcdio before 1.0.0 allows remote ...)
	- libcdio 1.0.0-1 (low)
	[stretch] - libcdio <no-dsa> (Minor issue)
	[jessie] - libcdio <no-dsa> (Minor issue)
	[wheezy] - libcdio <no-dsa> (Minor issue)
	NOTE: https://savannah.gnu.org/bugs/?52264
CVE-2017-18198 (print_iso9660_recurse in iso-info.c in GNU libcdio before 1.0.0 allows ...)
	- libcdio 1.0.0-1 (low)
	[stretch] - libcdio <no-dsa> (Minor issue)
	[jessie] - libcdio <no-dsa> (Minor issue)
	[wheezy] - libcdio <no-dsa> (Minor issue)
	NOTE: https://savannah.gnu.org/bugs/?52265
CVE-2017-18197 (In mxGraphViewImageReader.java in mxGraph before 3.7.6, the ...)
	{DLA-1299-1}
	- libjgraphx-java <unfixed> (low; bug #891796)
	[jessie] - libjgraphx-java <no-dsa> (Minor issue)
	[stretch] - libjgraphx-java <no-dsa> (Minor issue)
	NOTE: https://github.com/jgraph/mxgraph/issues/124
	NOTE: https://bitbucket.org/jgraph/mxgraph2/commits/7d159ca3259b961cbb1c51b4ea42cb408c624ff1
CVE-2018-7443 (The ReadTIFFImage function in coders/tiff.c in ImageMagick 7.0.7-23 Q16 ...)
	{DLA-1293-1}
	- imagemagick 8:6.9.9.39+dfsg-1 (low; bug #891291)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/999
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1f7c6b153882896e7a569a6e8a362ce2a11a8b1f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5c0e1a31bc44829b1024ce599097f43285a05a42
CVE-2018-7434 (zzcms 8.2 allows remote attackers to discover the full path via a ...)
	NOT-FOR-US: zzcms
CVE-2018-7433 (The iThemes Security plugin before 6.9.1 for WordPress does not ...)
	NOT-FOR-US: iThemes Security plugin for WordPress
CVE-2018-7432
	RESERVED
CVE-2018-7431
	RESERVED
CVE-2018-7430
	RESERVED
CVE-2018-7429
	RESERVED
CVE-2018-7428
	RESERVED
CVE-2018-7427
	RESERVED
CVE-2018-7426
	RESERVED
CVE-2018-7425
	RESERVED
CVE-2018-7424
	RESERVED
CVE-2018-7423
	RESERVED
CVE-2017-18195 (An issue was discovered in tools/conversations/view_ajax.php in ...)
	NOT-FOR-US: Concrete5
CVE-2012-6709 (ELinks 0.12 and Twibright Links 2.3 have Missing SSL Certificate ...)
	- elinks <unfixed> (low; bug #891575)
	[stretch] - elinks <ignored> (Minor issue)
	[jessie] - elinks <ignored> (Minor issue)
	[wheezy] - elinks <ignored> (Minor issue)
	- links2 2.6-1 (bug #694658; bug #510417)
	NOTE: Patch proposed upstream (when using): http://lists.linuxfromscratch.org/pipermail/elinks-dev/2015-June/002099.html
	NOTE: tested links2 against badssl.com, no apparent issue back in wheezy
	NOTE: src:links2/2.6-1 adds verify-ssl-certs-510417.diff to verify SSL certs.
	NOTE: src:links2 upstream in 2.11 adds support for verifying SSL certificates.
CVE-2018-7422 (A Local File Inclusion vulnerability in the Site Editor plugin through ...)
	NOT-FOR-US: Site Editor plugin for WordPress
CVE-2018-7421 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the DMP dissector ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14408
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=656812ee1f2a8ddfd383b02a066e888f5919e17a
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e8be5adae469ba563acfad2c2b98673e1afaf901
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7420 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the pcapng file parser ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14403
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=129e41f9f63885ad8224ef413c2860788fb9e849
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-11.html
CVE-2018-7419 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the NBAP dissector ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14443
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bebd3a1f50b0a27738d8d3da5b33c1b392eb7273
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-14.html
CVE-2018-7418 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the SIGCOMP dissector ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14410
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=29d920b8309905dda11ad397596fe8aafc9b4bf7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-13.html
CVE-2018-7417 (In Wireshark 2.2.0 to 2.2.12 and 2.4.0 to 2.4.4, the IPMI dissector ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14409
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81216a176b25dd8a616e11808a951e141a467009
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-12.html
CVE-2018-7416
	RESERVED
CVE-2018-7439 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547892
CVE-2018-7438 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547889
CVE-2018-7437 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547885
CVE-2018-7436 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547883
CVE-2018-7435 (An issue was discovered in FreeXL before 1.0.5. There is a heap-based ...)
	{DSA-4129-1 DLA-1297-1}
	- freexl 1.0.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1547879
CVE-2018-7415
	RESERVED
CVE-2018-7414
	RESERVED
CVE-2018-7413
	RESERVED
CVE-2018-7412
	RESERVED
CVE-2018-7411
	RESERVED
CVE-2018-7410
	RESERVED
CVE-2018-7409 (In unixODBC before 2.3.5, there is a buffer overflow in the ...)
	- unixodbc 2.3.6-0.1 (bug #891596)
	[stretch] - unixodbc <no-dsa> (Minor issue)
	[jessie] - unixodbc <no-dsa> (Minor issue)
	[wheezy] - unixodbc <ignored> (Minor issue)
	NOTE: Fixed by: https://sourceforge.net/p/unixodbc/code/136/
	NOTE: https://github.com/lurcher/unixODBC/commit/4f9f77fb4204659ec9b7be8745d9e05a539c80b9
CVE-2018-7408 (An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked ...)
	- npm <not-affected> (Vulnerable code introduced later)
CVE-2018-7407
	RESERVED
CVE-2018-7406
	RESERVED
CVE-2018-7405 (Cross-site scripting (XSS) in Zoho ManageEngine EventLog Analyzer ...)
	NOT-FOR-US: Zoho ManageEngine EventLog Analyzer
CVE-2018-7404
	RESERVED
CVE-2018-7403
	RESERVED
CVE-2018-7402
	RESERVED
CVE-2018-7401
	RESERVED
CVE-2018-7400
	RESERVED
CVE-2018-7399
	RESERVED
CVE-2018-7398
	RESERVED
CVE-2018-7397
	RESERVED
CVE-2018-7396
	RESERVED
CVE-2018-7395
	RESERVED
CVE-2018-7394
	RESERVED
CVE-2018-7393
	RESERVED
CVE-2018-7392
	RESERVED
CVE-2018-7391
	RESERVED
CVE-2018-7390
	RESERVED
CVE-2018-7389
	RESERVED
CVE-2018-7388
	RESERVED
CVE-2018-7387
	RESERVED
CVE-2018-7386
	RESERVED
CVE-2018-7385
	RESERVED
CVE-2018-7384
	RESERVED
CVE-2018-7383
	RESERVED
CVE-2018-7382
	RESERVED
CVE-2018-7381
	RESERVED
CVE-2018-7380
	RESERVED
CVE-2018-7379
	RESERVED
CVE-2018-7378
	RESERVED
CVE-2018-7377
	RESERVED
CVE-2018-7376
	RESERVED
CVE-2018-7375
	RESERVED
CVE-2018-7374
	RESERVED
CVE-2018-7373
	RESERVED
CVE-2018-7372
	RESERVED
CVE-2018-7371
	RESERVED
CVE-2018-7370
	RESERVED
CVE-2018-7369
	RESERVED
CVE-2018-7368
	RESERVED
CVE-2018-7367
	RESERVED
CVE-2018-7366
	RESERVED
CVE-2018-7365
	RESERVED
CVE-2018-7364
	RESERVED
CVE-2018-7363
	RESERVED
CVE-2018-7362
	RESERVED
CVE-2018-7361
	RESERVED
CVE-2018-7360
	RESERVED
CVE-2018-7359
	RESERVED
CVE-2018-7358
	RESERVED
CVE-2018-7357
	RESERVED
CVE-2018-7356
	RESERVED
CVE-2018-7355
	RESERVED
CVE-2018-7354
	RESERVED
CVE-2018-7353
	RESERVED
CVE-2018-7352
	RESERVED
CVE-2018-7351
	RESERVED
CVE-2018-7350
	RESERVED
CVE-2018-7349
	RESERVED
CVE-2018-7348
	RESERVED
CVE-2018-7347
	RESERVED
CVE-2018-7346
	RESERVED
CVE-2018-7345
	RESERVED
CVE-2018-7344
	RESERVED
CVE-2018-7343
	RESERVED
CVE-2018-7342
	RESERVED
CVE-2018-7341
	RESERVED
CVE-2018-7340
	RESERVED
CVE-2018-7339 (The MP4Atom class in mp4atom.cpp in MP4v2 through 2.0.0 mishandles ...)
	- mp4v2 <unfixed> (low; bug #893544)
	[stretch] - mp4v2 <no-dsa> (Minor issue)
	[jessie] - mp4v2 <no-dsa> (Minor issue)
	[wheezy] - mp4v2 <ignored> (Minor issue)
	NOTE: https://github.com/pingsuewim/libmp4_bof
CVE-2017-18194 (SQL injection vulnerability in users/signup.php in the &quot;signup&quot; ...)
	NOT-FOR-US: HamayeshNegar CMS
CVE-2017-18193 (fs/f2fs/extent_cache.c in the Linux kernel before 4.13 mishandles ...)
	{DSA-4188-1}
	- linux 4.13.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/dad48e73127ba10279ea33e6dbc8d3905c4d31c0
CVE-2017-6932 (Drupal core 7.x versions before 7.57 has an external link injection ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal7 7.57-1 (bug #891154)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6929 (A jQuery cross site scripting vulnerability is present when making ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal7 7.57-1 (bug #891153)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6928 (Drupal core 7.x versions before 7.57 when using Drupal's private file ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal7 7.57-1 (bug #891152)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6927 (Drupal 8.4.x versions before 8.4.5 and Drupal 7.x versions before 7.57 ...)
	{DSA-4123-1 DLA-1295-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.57-1 (bug #891150)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2018-7338
	RESERVED
	NOT-FOR-US: Duo Network Gateway
	NOTE: https://duo.com/labs/psa/duo-psa-2017-003
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-7337 (In Wireshark 2.4.0 to 2.4.4, the DOCSIS protocol dissector could crash. ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14446
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=511a8b0b546d25413e289dc5a7d3a455a33994c2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-08.html
CVE-2018-7336 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the FCP protocol ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14374
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b56f598f1bc04f5d00f13b38c713763928cedb7c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-09.html
CVE-2018-7335 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the IEEE 802.11 ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14442
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a2901dcf45c9f1b07abfbf2a0b0cd654371d72a4
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-05.html
CVE-2018-7334 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the UMTS MAC dissector ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14339
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ed705e1227d3d582e3f0de435bba606d053d686
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-07.html
CVE-2018-7333 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.7)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.7)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14449
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=bd6313181317bfe83842b27650b65f3c2b8d5dc9
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7332 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14445
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1ab0585098c7ce20f3afceb6730427cc2a1e98ea
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7331 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14444
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=157712b2f5f89b19ef2497ea89c5938eb29529da
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7330 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14428
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8ad0c5b3683a17d9e2e16bbf25869140fd5c1c66
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7329 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14423
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d8a0cbc4f2979e0b1cadbe79f0b8b4ecb92477be
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7328 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14421
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=69d09028c956f6e049145485ce9b3e2858789b2b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7327 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v2.4.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14420
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=563989f888e51258edb9a27db56124bdc33c9afe
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7326 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14419
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=293b999425e998d6cde0d9149648e421ea7687d0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7325 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14414
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7be234d06ea39ab6a88115ae41d71060f1f15e3c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7324 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14413
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9e7695bbee18525eaa6d12b32230313ae8a36a81
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7323 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14412
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f9199ea8cff56c6704e9828c3d80360b27c4565
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5d45b69b590cabc5127282d1ade3bca1598e5f5c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7322 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	{DLA-1353-1}
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14411
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afc780e2c796e971bb7d164103f4f0d10d3c25b5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7321 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, ...)
	- wireshark 2.4.5-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (vulnerable code introduced later in v1.99.6)
	[wheezy] - wireshark <not-affected> (vulnerable code introduced later in v1.99.6)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14379
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=c784d551ad50864de1035ce54e72837301cf6aca
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-06.html
CVE-2018-7320 (In Wireshark 2.4.0 to 2.4.4 and 2.2.0 to 2.2.12, the SIGCOMP protocol ...)
	- wireshark 2.4.5-1
	[wheezy] - wireshark <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14398
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=015e3399390b8b5cfbfcfcda30589983ab6cc129
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-10.html
CVE-2018-7319 (SQL Injection exists in the OS Property Real Estate 3.12.7 component ...)
	NOT-FOR-US: OS Property Real Estate component for Joomla!
CVE-2018-7318 (SQL Injection exists in the CheckList 1.1.1 component for Joomla! via ...)
	NOT-FOR-US: CheckList component for Joomla!
CVE-2018-7317 (Backup Download exists in the Proclaim 9.1.1 component for Joomla! via ...)
	NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7316 (Arbitrary File Upload exists in the Proclaim 9.1.1 component for ...)
	NOT-FOR-US: Proclaim component for Joomla!
CVE-2018-7315 (SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the ...)
	NOT-FOR-US: Ek Rishta component for Joomla!
CVE-2018-7314 (SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! ...)
	NOT-FOR-US: PrayerCenter component for Joomla!
CVE-2018-7313 (SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the ...)
	NOT-FOR-US: CW Tags component for Joomla!
CVE-2018-7312 (SQL Injection exists in the Alexandria Book Library 3.1.2 component for ...)
	NOT-FOR-US: Alexandria Book Library component for Joomla!
CVE-2018-7311 (** DISPUTED ** PrivateVPN 2.0.31 for macOS suffers from a root ...)
	NOT-FOR-US: PrivateVPN for macOS
CVE-2018-7310
	RESERVED
CVE-2018-7309
	RESERVED
CVE-2018-7308 (A CSRF issue was found in var/www/html/files.php in DanWin hosting ...)
	NOT-FOR-US: DanWin hosting
CVE-2018-7307 (The Auth0 Auth0.js library before 9.3 has CSRF because it mishandles ...)
	NOT-FOR-US: Auth0 Auth0.js library
CVE-2018-7306
	RESERVED
CVE-2018-7305 (MyBB 1.8.14 is not checking for a valid CSRF token, leading to ...)
	NOT-FOR-US: MyBB
CVE-2018-7304 (Tiki 17.1 does not validate user input for special characters; ...)
	NOT-FOR-US: Tiki
CVE-2018-7303 (The Calendar component in Tiki 17.1 allows HTML injection. ...)
	NOT-FOR-US: Tiki
CVE-2018-7302 (Tiki 17.1 allows upload of a .PNG file that actually has SVG content, ...)
	NOT-FOR-US: Tiki
CVE-2018-7301 (eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port ...)
	NOT-FOR-US: eQ-3 AG HomeMatic CCU2 2.29.22 devices
CVE-2018-7300 (Directory Traversal / Arbitrary File Write / Remote Code Execution in ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7299 (Remote Code Execution in the addon installation process in eQ-3 AG ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7298 (In /usr/local/etc/config/addons/mh/loopupd.sh on eQ-3 AG HomeMatic ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7297 (Remote Code Execution in the TCL script interpreter in eQ-3 AG ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7296 (Directory Traversal / Arbitrary File Read in User.getLanguage method ...)
	NOT-FOR-US: eQ-3 AG Homematic CCU2
CVE-2018-7295
	RESERVED
CVE-2018-7294
	RESERVED
CVE-2018-7293
	RESERVED
CVE-2018-7292
	RESERVED
CVE-2018-7291
	RESERVED
CVE-2018-7290 (Cross Site Scripting (XSS) exists in Tiki before 12.13, 15.6, 17.2, ...)
	NOT-FOR-US: Tiki
CVE-2018-7289 (An issue was discovered in armadito-windows-driver/src/communication.c ...)
	NOT-FOR-US: Armadito
CVE-2018-7288
	RESERVED
CVE-2018-7287 (An issue was discovered in res_http_websocket.c in Asterisk 15.x ...)
	- asterisk <not-affected> (Only affects Asterisk 15.x)
	NOTE: downloads.digium.com/pub/security/AST-2018-006.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27658
CVE-2018-7286 (An issue was discovered in Asterisk through 13.19.1, 14.x through ...)
	- asterisk 1:13.20.0~dfsg-1 (bug #891228)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27618
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-005-13.diff
CVE-2018-7285 (A NULL pointer access issue was discovered in Asterisk 15.x through ...)
	- asterisk <not-affected> (Only affects Asterisk 15.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-001.html
CVE-2018-7284 (A Buffer Overflow issue was discovered in Asterisk through 13.19.1, ...)
	- asterisk 1:13.20.0~dfsg-1 (bug #891227)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27640
	NOTE: http://downloads.asterisk.org/pub/security/AST-2018-004-13.diff
CVE-2018-7283
	RESERVED
CVE-2018-7282
	RESERVED
CVE-2018-7281 (CactusVPN 5.3.6 for macOS contains a root privilege escalation ...)
	NOT-FOR-US: CactusVPN for macOS
CVE-2018-7280 (The Ninja Forms plugin before 3.2.14 for WordPress has XSS. ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2018-1000093 (CryptoNote version version 0.8.9 and possibly later contain a local ...)
	NOT-FOR-US: CryptoNote
CVE-2018-1000092 (CMS Made Simple version versions 2.2.5 contains a Cross ite Request ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-1000091 (KadNode version version 2.2.0 contains a Buffer Overflow vulnerability ...)
	NOT-FOR-US: KadNode
CVE-2018-1000090 (textpattern version version 4.6.2 contains a XML Injection ...)
	- textpattern <removed>
CVE-2018-1000089 (Anymail django-anymail version version 0.2 through 1.3 contains a ...)
	- django-anymail 1.4-1 (bug #890097)
	[stretch] - django-anymail <no-dsa> (Minor issue; non-free/contrib not security supported)
	NOTE: https://github.com/anymail/django-anymail/commit/1a6086f2b58478d71f89bf27eb034ed81aefe5ef
CVE-2018-1000088 (Doorkeeper version 2.1.0 through 4.2.5 contains a Cross Site Scripting ...)
	- ruby-doorkeeper <unfixed> (bug #891069)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/969
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/pull/970
CVE-2018-1000087 (WolfCMS version version 0.8.3.1 contains a Reflected Cross Site ...)
	NOT-FOR-US: WolfCMS
CVE-2018-1000086 (NPR Visuals Team Pym.js version versions 0.4.2 up to 1.3.1 contains a ...)
	NOT-FOR-US: pym.js
CVE-2018-1000085 (ClamAV version version 0.99.3 contains a Out of bounds heap memory ...)
	{DLA-1307-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/29/4
CVE-2018-1000084 (WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site ...)
	NOT-FOR-US: WolfCMS
CVE-2018-1000083 (Ajenti version version 2 contains a Improper Error Handling ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000082 (Ajenti version version 2 contains a Cross ite Request Forgery (CSRF) ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000081 (Ajenti version version 2 contains a Input Validation vulnerability in ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000080 (Ajenti version version 2 contains a Insecure Permissions vulnerability ...)
	- ajenti <itp> (bug #792019)
CVE-2018-1000079 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code not present)
	- jruby <unfixed> (bug #895778)
	[jessie] - jruby <not-affected> (Vulnerable code not present)
	[wheezy] - jruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/rubygems/rubygems/commit/f83f911e19e27cbac1ccce7471d96642241dd759
	NOTE: https://github.com/rubygems/rubygems/commit/666ef793cad42eed96f7aee1cdf77865db921099
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000078 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby <unfixed> (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/66a28b9275551384fdab45f3591a82d6b59952cb
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000077 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby <unfixed> (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/feadefc2d351dcb95d6492f5ad17ebca546eb964
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000076 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby <unfixed> (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/f5042b879259b1f1ce95a0c5082622c646376693
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000075 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	{DLA-1358-1 DLA-1337-1 DLA-1336-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	- jruby <unfixed> (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/92e98bf8f810bd812f919120d4832df51bc25d83
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000074 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	{DLA-1352-1}
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, too intrusive to backport)
	- rubygems <removed>
	[wheezy] - rubygems <no-dsa> (Minor issue)
	- jruby <unfixed> (bug #895778)
	NOTE: https://github.com/rubygems/rubygems/commit/254e3d0ee873c008c0b74e8b8abcbdab4caa0a6d
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000073 (RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: ...)
	- ruby2.5 2.5.0-5
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code not present)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code not present)
	- jruby <unfixed> (bug #895778)
	[jessie] - jruby <not-affected> (Vulnerable code not present)
	[wheezy] - jruby <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/rubygems/rubygems/commit/1b931fc03b819b9a0214be3eaca844ef534175e2
	NOTE: https://www.ruby-lang.org/en/news/2018/02/17/multiple-vulnerabilities-in-rubygems/
CVE-2018-1000072 (iRedMail version prior to commit f04b8ef contains a Insecure ...)
	NOT-FOR-US: iRedMail
CVE-2018-1000071 (roundcube version 1.3.4 and earlier contains an Insecure Permissions ...)
	- roundcube <unfixed> (unimportant; bug #897014)
	[stretch] - roundcube 1.2.3+dfsg.1-4+deb9u2
	NOTE: https://github.com/roundcube/roundcubemail/issues/6173
	NOTE: https://github.com/roundcube/roundcubemail/commit/48417c5fc9f6eb4b90500c09596606d489c700b5
	NOTE: https://www.legacysecuritygroup.com/cve/references/02122018-roundcube-enigma.txt
	NOTE: That plugin is not functional in stretch due to a missing package dependency, setting it
	NOTE: up would require several additional manual changes on the admin's side
	NOTE: Can be mitigated by moving home folder outside the scope of the webserver
CVE-2018-1000070 (Bitmessage PyBitmessage version v0.6.2 (and introduced in or after ...)
	NOT-FOR-US: PyBitmessage
CVE-2018-1000069 (FreePlane version 1.5.9 and earlier contains a XML External Entity ...)
	{DSA-4175-1 DLA-1316-1}
	- freeplane 1.6.6-1 (bug #893663)
	NOTE: https://www.freeplane.org/wiki/index.php/XML_External_Entity_vulnerability_in_map_parser
	NOTE: https://github.com/freeplane/freeplane/commit/a5dce7f9f
CVE-2018-7279 (A remote code execution issue was discovered in AlienVault USM and ...)
	NOT-FOR-US: AlienVault
CVE-2018-7278 (An issue was discovered on RLE Protocol Converter FDS-PC / FDS-PC-DP ...)
	NOT-FOR-US: RLE Protocol Converter FDS-PC / FDS-PC-DP devices
CVE-2018-7277 (An issue was discovered on RLE Wi-MGR/FDS-Wi 6.2 devices. Persistent ...)
	NOT-FOR-US: RLE Wi-MGR/FDS-Wi 6.2 devices
CVE-2018-7276 (An issue was discovered on Lutron Quantum BACnet Integration 2.0 ...)
	NOT-FOR-US: Lutron Quantum BACnet Integration 2.0 devices
CVE-2018-7275
	RESERVED
CVE-2018-7274 (Yab Quarx through 2.4.3 is prone to multiple persistent cross-site ...)
	NOT-FOR-US: Yab Quarx
CVE-2018-7273 (In the Linux kernel through 4.15.4, the floppy driver reveals the ...)
	- linux 4.15.4-1
	NOTE: https://lkml.org/lkml/2018/2/20/669
CVE-2018-7272 (The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part ...)
	NOT-FOR-US: ForgeRock AM
CVE-2018-7271 (An issue was discovered in MetInfo 6.0.0. In install/install.php in the ...)
	NOT-FOR-US: MetInfo
CVE-2018-7270
	RESERVED
CVE-2018-7269 (The findByCondition function in framework/db/ActiveRecord.php in Yii ...)
	- yii <itp> (bug #597899)
CVE-2018-7268
	RESERVED
CVE-2018-7267
	RESERVED
CVE-2018-7266
	RESERVED
CVE-2018-7265 (Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that ...)
	NOT-FOR-US: Shimmie
CVE-2018-7264 (The Pictview image processing library embedded in the ActivePDF ...)
	NOT-FOR-US: ActivePDF
CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b ...)
	- libid3tag 0.15.1b-5 (bug #304913)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
	NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
CVE-2018-7263 (The mad_decoder_run() function in decoder.c in Underbit libmad through ...)
	NOTE: Seems like a duplicate of CVE-2017-11552 relates to the issue raised in
	NOTE: https://bugs.debian.org/870608
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1081784
	NOTE: MITRE stated, that "[...] However, if there are two different code
	NOTE: paths by which libmad is used incorrectly, and both code paths result
	NOTE: in "double free or corruption" errors, then we would represent this
	NOTE: with two CVEs."
CVE-2018-7262 (In Ceph before 12.2.3 and 13.x through 13.0.1, the rgw_civetweb.cc ...)
	- ceph <not-affected> (Issue introduced later)
	NOTE: See details in https://bugs.debian.org/891963#15 . Ceph as present in
	NOTE: Debian up to 10.2.5-7.2 is not vulnerable as they contain an older
	NOTE: version of the embedded webserver in RADOS gateway which does not return
	NOTE: null strings on malformed HTTP requests.
	NOTE: Original pull request: https://github.com/ceph/ceph/pull/20403
	NOTE: Superseeded by: https://github.com/ceph/ceph/pull/20488
CVE-2018-7261 (There are multiple Persistent XSS vulnerabilities in Radiant CMS ...)
	NOT-FOR-US: Radiant CMS
CVE-2018-7260 (Cross-site scripting (XSS) vulnerability in db_central_columns.php in ...)
	- phpmyadmin <unfixed> (bug #893539)
	[stretch] - phpmyadmin <no-dsa> (Minor issue)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2886a3
	NOTE: https://www.phpmyadmin.net/security/PMASA-2018-1/
CVE-2018-7259 (The FSX / P3Dv4 installer 2.0.1.231 for Flight Sim Labs A320-X sends a ...)
	NOT-FOR-US: Flight Sim Labs
CVE-2018-7258
	RESERVED
CVE-2018-7257
	RESERVED
CVE-2018-7256
	RESERVED
CVE-2018-7255
	RESERVED
CVE-2018-7252
	RESERVED
CVE-2018-7251 (An issue was discovered in config/error.php in Anchor 0.12.3. The error ...)
	NOT-FOR-US: Anchor CMS
CVE-2018-7250 (An issue was discovered in secdrv.sys as shipped in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-7249 (An issue was discovered in secdrv.sys as shipped in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-18192 (smart/calculator/gallerylock/CalculatorActivity.java in the ...)
	NOT-FOR-US: "Photo,Video Locker-Calculator" application for Android
CVE-2015-9256 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2015-9255 (Datto ALTO and SIRIS devices allow remote attackers to obtain sensitive ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2015-9254 (Datto ALTO and SIRIS devices have a default VNC password. ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2018-7254 (The ParseCaffHeaderConfig function of the cli/caff.c file of WavPack ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889274)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/dbry/WavPack/issues/26
	NOTE: https://github.com/dbry/WavPack/commit/8e3fe45a7bac31d9a3b558ae0079e2d92a04799e
CVE-2018-7253 (The ParseDsdiffHeaderConfig function of the cli/dsdiff.c file of ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889559)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/dbry/WavPack/issues/28
	NOTE: https://github.com/dbry/WavPack/commit/36a24c7881427d2e1e4dc1cef58f19eee0d13aec
CVE-2018-7248 (An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3 ...)
	NOT-FOR-US: Zoho ManageEngine ServiceDesk Plus
CVE-2018-7247 (An issue was discovered in pixHtmlViewer in prog/htmlviewer.c in ...)
	- leptonlib 1.76.0-1 (unimportant)
	NOTE: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729917ca37a3ed9f
CVE-2018-7246 (A cleartext transmission of sensitive information vulnerability exists ...)
	NOT-FOR-US: Schneider
CVE-2018-7245 (An improper authorization vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7244 (An information disclosure vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7243 (An authorization bypass vulnerability exists In Schneider Electric's ...)
	NOT-FOR-US: Schneider
CVE-2018-7242 (Vulnerable hash algorithms exists in Schneider Electric's Modicon ...)
	NOT-FOR-US: Schneider
CVE-2018-7241 (Hard coded accounts exist in Schneider Electric's Modicon Premium, ...)
	NOT-FOR-US: Schneider
CVE-2018-7240 (A vulnerability exists in Schneider Electric's Modicon Quantum in all ...)
	NOT-FOR-US: Schneider
CVE-2018-7239 (A DLL hijacking vulnerability exists in Schneider Electric's SoMove ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7238 (A buffer overflow vulnerability exist in the web-based GUI of ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7237 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7236 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7235 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7234 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7233 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7232 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7231 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7230 (A XML external entity (XXE) vulnerability exists in the import.cgi of ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7229 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7228 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2018-7227 (A vulnerability exists in Schneider Electric's Pelco Sarix ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-18191 (An issue was discovered in OpenStack Nova 15.x through 15.1.0 and 16.x ...)
	- nova 2:17.0.0-1
	[stretch] - nova <no-dsa> (Minor issue)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <end-of-life> (Not supported in Wheezy)
	NOTE: https://launchpad.net/bugs/1739593
	NOTE: https://review.openstack.org/539893
CVE-2015-9253 (An issue was discovered in PHP through 7.2.2. The php-fpm master ...)
	- php7.2 <unfixed> (unimportant)
	- php7.1 <unfixed> (unimportant)
	- php7.0 <unfixed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: https://bugs.php.net/bug.php?id=73342
	NOTE: https://bugs.php.net/bug.php?id=70185
	NOTE: https://bugs.php.net/bug.php?id=75968
	NOTE: Only exploitable with malicious script
CVE-2018-7226 (An issue was discovered in vcSetXCutTextProc() in VNConsole.c in ...)
	- vncterm <unfixed> (bug #898453)
	NOTE: https://github.com/LibVNC/vncterm/issues/6
CVE-2018-7225 (An issue was discovered in LibVNCServer through 0.9.11. ...)
	{DLA-1332-1}
	- libvncserver <unfixed> (bug #894045)
	NOTE: https://github.com/LibVNC/libvncserver/issues/218
	NOTE: https://github.com/LibVNC/libvncserver/commit/b0c77391e6bd0a2305bbc9b37a2499af74ddd9ee
CVE-2018-7224
	RESERVED
CVE-2018-7223
	RESERVED
CVE-2018-7222
	RESERVED
CVE-2018-7221
	RESERVED
CVE-2018-7220
	RESERVED
CVE-2018-7219 (application/admin/controller/Admin.php in NoneCms 1.3.0 has CSRF, as ...)
	NOT-FOR-US: NoneCms
CVE-2018-7218 (The AppFirewall functionality in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix
CVE-2018-7217 (In Bravo Tejari Procurement Portal, uploaded files are not properly ...)
	NOT-FOR-US: Bravo Tejari Procurement Portal
CVE-2018-7216 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Bravo Tejari Procurement Portal
CVE-2018-7215
	RESERVED
CVE-2018-7214
	RESERVED
CVE-2018-7213 (The Password Manager Extension in Abine Blur 7.8.242* before 7.8.2428 ...)
	NOT-FOR-US: Password Manager Extension in Abine Blur
CVE-2018-7212 (An issue was discovered in ...)
	NOT-FOR-US: Sinatra
CVE-2018-7211 (An issue was discovered in iDashboards 9.6b. The SSO implementation is ...)
	NOT-FOR-US: iDashboards
CVE-2018-7210 (An issue was discovered in iDashboards 9.6b. It allows remote attackers ...)
	NOT-FOR-US: iDashboards
CVE-2018-7209 (An issue was discovered in iDashboards 9.6b. It allows remote attackers ...)
	NOT-FOR-US: iDashboards
CVE-2018-7208 (In the coff_pointerize_aux function in coffgen.c in the Binary File ...)
	- binutils 2.30-6
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22741
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=eb77f6a4621795367a39cdd30957903af9dbb815
CVE-2018-7207
	REJECTED
CVE-2018-7206 (An issue was discovered in Project Jupyter JupyterHub OAuthenticator ...)
	NOT-FOR-US: JupyterHub
CVE-2018-7205 (** DISPUTED ** Reflected Cross-Site Scripting vulnerability in ...)
	NOT-FOR-US: Kentico
CVE-2018-7204 (inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2018-7203 (Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 ...)
	NOT-FOR-US: Twonky Server
CVE-2018-7202
	RESERVED
CVE-2018-7201
	RESERVED
CVE-2018-7200
	RESERVED
CVE-2018-7199
	RESERVED
CVE-2018-7198 (October CMS through 1.0.431 allows XSS by entering HTML on the Add ...)
	NOT-FOR-US: October CMS
CVE-2018-7197 (An issue was discovered in Pluck through 4.7.4. A stored cross-site ...)
	NOT-FOR-US: Pluck CMS
CVE-2018-7196 (Cross-site scripting (XSS) vulnerability in /scp/index.php in ...)
	NOT-FOR-US: osTicket
CVE-2018-7195 (Enhancesoft osTicket before 1.10.2 allows remote attackers to reset ...)
	NOT-FOR-US: osTicket
CVE-2018-7194 (Integer format vulnerability in the ticket number generator in ...)
	NOT-FOR-US: osTicket
CVE-2018-7193 (Cross-site scripting (XSS) vulnerability in /scp/directory.php in ...)
	NOT-FOR-US: osTicket
CVE-2018-7192 (Cross-site scripting (XSS) vulnerability in /ajax.php/form/help-topic ...)
	NOT-FOR-US: osTicket
CVE-2018-7191
	RESERVED
CVE-2018-7190
	RESERVED
CVE-2018-7189
	RESERVED
CVE-2018-7188 (An XSS vulnerability (via an SVG image) in Tiki before 18 allows an ...)
	NOT-FOR-US: Tiki
CVE-2018-7187 (The &quot;go get&quot; implementation in Go 1.9.4, when the -insecure ...)
	{DLA-1294-1}
	- golang-1.10 1.10.1-1
	- golang-1.9 <unfixed> (bug #895663)
	- golang-1.8 <unfixed> (bug #895664)
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <unfixed> (bug #895665)
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/23867
	NOTE: https://github.com/golang/go/commit/c941e27e70c3e06e1011d2dd71d72a7a06a9bcbc
CVE-2018-7185 (The protocol engine in ntp 4.2.6 before 4.2.8p11 allows a remote ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <ignored> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3454
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7184 (ntpd in ntp 4.2.8p4 before 4.2.8p11 drops bad packets before updating ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <ignored> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3453
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7183 (Buffer overflow in the decodearr function in ntpq in ntp 4.2.8p6 ...)
	- ntp 1:4.2.8p11+dfsg-1 (low)
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3414
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7182 (The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows ...)
	- ntp 1:4.2.8p11+dfsg-1
	[stretch] - ntp <postponed> (Can be fixed along in a future update)
	[jessie] - ntp <postponed> (Can be fixed along in a future update)
	[wheezy] - ntp <not-affected> (Issue not present)
	- ntpsec 1.0.0+dfsg1-5
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3412
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: Fixed by (ntpsec): https://gitlab.com/NTPsec/ntpsec/commit/6d6aa6da0fe685011f5a9633c3618409af8349d7
	NOTE: https://lists.ntpsec.org/pipermail/devel/2018-March/006008.html
CVE-2018-7181
	RESERVED
CVE-2017-18190 (A localhost.localdomain whitelist entry in valid_host() in ...)
	{DLA-1288-1}
	- cups 2.2.3-2
	[stretch] - cups 2.2.1-8+deb9u1
	[jessie] - cups <no-dsa> (Minor issue, can be fixed via pu)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1048
	NOTE: https://github.com/apple/cups/commit/afa80cb2b457bf8d64f775bed307588610476c41 (v2.2.2)
CVE-2018-7186 (Leptonica before 1.75.3 does not limit the number of characters in a %s ...)
	{DLA-1302-1}
	- leptonlib 1.75.3-2 (low; bug #890548)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	NOTE: https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a
CVE-2018-7180 (SQL Injection exists in the Saxum Astro 4.0.14 component for Joomla! ...)
	NOT-FOR-US: Saxum Astro component for Joomla!
CVE-2018-7179 (SQL Injection exists in the SquadManagement 1.0.3 component for Joomla! ...)
	NOT-FOR-US: SquadManagement component for Joomla!
CVE-2018-7178 (SQL Injection exists in the Saxum Picker 3.2.10 component for Joomla! ...)
	NOT-FOR-US: Saxum Picker component for Joomla!
CVE-2018-7177 (SQL Injection exists in the Saxum Numerology 3.0.4 component for ...)
	NOT-FOR-US: Saxum Numerology component for Joomla!
CVE-2018-7176 (FrontAccounting 2.4.3 suffers from a CSRF flaw, which leads to adding a ...)
	- frontaccounting <removed> (bug #890604)
	[wheezy] - frontaccounting <end-of-life> (unsupported in wheezy, already vulnerable to SQL injection in CVE-2014-3973)
	NOTE: https://securitywarrior9.blogspot.ca/2018/02/cross-site-request-forgery-front.html
CVE-2018-7175 (An issue was discovered in xpdf 4.00. A NULL pointer dereference in ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=613
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-7174 (An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=605
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-7173 (A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...)
	- xpdf <unfixed> (unimportant)
	NOTE: https://forum.xpdfreader.com/viewtopic.php?f=3&t=607
	NOTE: src:xpdf switched to use system poppler libary in 3.02-3
CVE-2018-1000068 (An improper input validation vulnerability exists in Jenkins versions ...)
	- jenkins <removed>
CVE-2018-1000067 (An improper authorization vulnerability exists in Jenkins versions ...)
	- jenkins <removed>
CVE-2018-7172 (In index.php in WonderCMS before 2.4.1, remote attackers can delete ...)
	NOT-FOR-US: WonderCMS
CVE-2018-7171 (Directory traversal vulnerability in Twonky Server 7.0.11 through 8.5 ...)
	NOT-FOR-US: Twonky Server
CVE-2018-7170 (ntpd in ntp 4.2.x before 4.2.8p7 and 4.3.x before 4.3.92 allows ...)
	- ntp 1:4.2.8p11+dfsg-1
	[stretch] - ntp <no-dsa> (Minor issue)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	- ntpsec <not-affected> (Issue not present)
	NOTE: http://www.kb.cert.org/vuls/id/961909
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3415
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
CVE-2018-7169 (An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is ...)
	- shadow <unfixed> (bug #890557)
	[stretch] - shadow <no-dsa> (Minor issue)
	[jessie] - shadow <no-dsa> (Minor issue)
	[wheezy] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
	NOTE: https://github.com/shadow-maint/shadow/pull/97
CVE-2018-7168
	RESERVED
CVE-2018-7167
	RESERVED
CVE-2018-7166
	RESERVED
CVE-2018-7165
	RESERVED
CVE-2018-7164
	RESERVED
CVE-2018-7163
	RESERVED
CVE-2018-7162
	RESERVED
CVE-2018-7161
	RESERVED
CVE-2018-7160 (The Node.js inspector, in 6.x and later is vulnerable to a DNS ...)
	- nodejs <unfixed> (unimportant)
	[stretch] - nodejs <not-affected> (Vulnerable code not present)
	[jessie] - nodejs <not-affected> (Vulnerable code not present)
	[wheezy] - nodejs <not-affected> (Vulnerable code not present)
CVE-2018-7159 (The HTTP parser in all current versions of Node.js ignores spaces in ...)
	- nodejs <unfixed> (unimportant)
CVE-2018-7158 (The `'path'` module in the Node.js 4.x release line contains a ...)
	- nodejs 6.0.0~dfsg-1 (unimportant)
CVE-2018-7157
	RESERVED
CVE-2018-7156
	RESERVED
CVE-2018-7155
	RESERVED
CVE-2018-7154
	RESERVED
CVE-2018-7153
	RESERVED
CVE-2018-7152
	RESERVED
CVE-2018-7151
	RESERVED
CVE-2018-7150
	RESERVED
CVE-2018-7149
	RESERVED
CVE-2018-7148
	RESERVED
CVE-2018-7147
	RESERVED
CVE-2018-7146
	RESERVED
CVE-2018-7145
	RESERVED
CVE-2018-7144
	RESERVED
CVE-2018-7143
	RESERVED
CVE-2018-7142
	RESERVED
CVE-2018-7141
	RESERVED
CVE-2018-7140
	RESERVED
CVE-2018-7139
	RESERVED
CVE-2018-7138
	RESERVED
CVE-2018-7137
	RESERVED
CVE-2018-7136
	RESERVED
CVE-2018-7135
	RESERVED
CVE-2018-7134
	RESERVED
CVE-2018-7133
	RESERVED
CVE-2018-7132
	RESERVED
CVE-2018-7131
	RESERVED
CVE-2018-7130
	RESERVED
CVE-2018-7129
	RESERVED
CVE-2018-7128
	RESERVED
CVE-2018-7127
	RESERVED
CVE-2018-7126
	RESERVED
CVE-2018-7125
	RESERVED
CVE-2018-7124
	RESERVED
CVE-2018-7123
	RESERVED
CVE-2018-7122
	RESERVED
CVE-2018-7121
	RESERVED
CVE-2018-7120
	RESERVED
CVE-2018-7119
	RESERVED
CVE-2018-7118
	RESERVED
CVE-2018-7117
	RESERVED
CVE-2018-7116
	RESERVED
CVE-2018-7115
	RESERVED
CVE-2018-7114
	RESERVED
CVE-2018-7113
	RESERVED
CVE-2018-7112
	RESERVED
CVE-2018-7111
	RESERVED
CVE-2018-7110
	RESERVED
CVE-2018-7109
	RESERVED
CVE-2018-7108
	RESERVED
CVE-2018-7107
	RESERVED
CVE-2018-7106
	RESERVED
CVE-2018-7105
	RESERVED
CVE-2018-7104
	RESERVED
CVE-2018-7103
	RESERVED
CVE-2018-7102
	RESERVED
CVE-2018-7101
	RESERVED
CVE-2018-7100
	RESERVED
CVE-2018-7099
	RESERVED
CVE-2018-7098
	RESERVED
CVE-2018-7097
	RESERVED
CVE-2018-7096
	RESERVED
CVE-2018-7095
	RESERVED
CVE-2018-7094
	RESERVED
CVE-2018-7093
	RESERVED
CVE-2018-7092
	RESERVED
CVE-2018-7091
	RESERVED
CVE-2018-7090
	RESERVED
CVE-2018-7089
	RESERVED
CVE-2018-7088
	RESERVED
CVE-2018-7087
	RESERVED
CVE-2018-7086
	RESERVED
CVE-2018-7085
	RESERVED
CVE-2018-7084
	RESERVED
CVE-2018-7083
	RESERVED
CVE-2018-7082
	RESERVED
CVE-2018-7081
	RESERVED
CVE-2018-7080
	RESERVED
CVE-2018-7079
	RESERVED
CVE-2018-7078
	RESERVED
CVE-2018-7077
	RESERVED
CVE-2018-7076
	RESERVED
CVE-2018-7075
	RESERVED
CVE-2018-7074
	RESERVED
CVE-2018-7073
	RESERVED
CVE-2018-7072
	RESERVED
CVE-2018-7071
	RESERVED
CVE-2018-7070
	RESERVED
CVE-2018-7069
	RESERVED
CVE-2018-7068
	RESERVED
CVE-2018-7067
	RESERVED
CVE-2018-7066
	RESERVED
CVE-2018-7065
	RESERVED
CVE-2018-7064
	RESERVED
CVE-2018-7063
	RESERVED
CVE-2018-7062
	RESERVED
CVE-2018-7061
	RESERVED
CVE-2018-7060
	RESERVED
CVE-2018-7059
	RESERVED
CVE-2018-7058
	RESERVED
CVE-2018-7057 (RoomWizard before 4.4.x allows XSS via the HelpAction.action pageName ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7056 (RoomWizard before 4.4.x allows remote attackers to obtain potentially ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7055 (GroupViewProxyServlet in RoomWizard before 4.4.x allows SSRF via the ...)
	NOT-FOR-US: RoomWizard
CVE-2018-7054 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #890674)
	[jessie] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
	[wheezy] - irssi <not-affected> (Vulnerable netsplit code introduced in 1.0.0)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Some netsplit related changes as introduced in 1.0.0 were reverted:
	NOTE: https://github.com/irssi/irssi/commit/7605f67f95b6ee1ac26dd8fb7f3121f319497943
	NOTE: https://github.com/irssi/irssi/commit/fa8508404f4c4a02749cae5148662e2322c2abf0
	NOTE: https://github.com/irssi/irssi/commit/a4f99ae746efb121185fe76c392a64d743a9eb92
	NOTE: But the CVE is specifically for the use-after-free issue.
CVE-2018-7053 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #890674)
	[jessie] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
	[wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.18)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/84f03e01467b90a4251987b32b2813ee976b357c
CVE-2018-7052 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
	{DSA-4162-1 DLA-1289-1}
	- irssi 1.0.7-1 (bug #890676)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/5b5bfef03596d95079c728f65f523570dd7b03aa
CVE-2018-7051 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. ...)
	{DSA-4162-1 DLA-1318-1}
	- irssi 1.0.7-1 (bug #890677)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e32e9d63c67ab95ef0576154680a6c52334b97af
CVE-2018-7050 (An issue was discovered in Irssi before 1.0.7 and 1.1.x before 1.1.1. A ...)
	{DSA-4162-1 DLA-1289-1}
	- irssi 1.0.7-1 (bug #890678)
	[jessie] - irssi <ignored> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_02.txt
	NOTE: Fixed by: https://github.com/irssi/irssi/commit/e91da9e4098e449dc36eaa15354aff67650e7703
CVE-2017-18189 (In the startread function in xa.c in Sound eXchange (SoX) through ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #881121)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: https://public-inbox.org/sox-devel/20171109114554.16297-1-mans@mansr.com/raw
CVE-2018-7049 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7048 (An issue was discovered in Wowza Streaming Engine before 4.7.1. There ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7047 (An issue was discovered in the MBeans Server in Wowza Streaming Engine ...)
	NOT-FOR-US: Wowza Streaming Engine
CVE-2018-7046 (** DISPUTED ** Arbitrary code execution vulnerability in Kentico 9 ...)
	NOT-FOR-US: Kentico
CVE-2018-7045
	RESERVED
CVE-2018-7044
	RESERVED
CVE-2018-7043
	RESERVED
CVE-2018-7042
	RESERVED
CVE-2018-7041
	RESERVED
CVE-2018-7040
	RESERVED
CVE-2018-7039 (CCN-lite 2.0.0 Beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-7038
	RESERVED
CVE-2018-7037
	RESERVED
CVE-2018-7036
	RESERVED
CVE-2018-7035 (Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 ...)
	NOT-FOR-US: Gleez CMS
CVE-2018-7034 (TRENDnet TEW-751DR v1.03B03, TEW-752DRU v1.03B01, and TEW733GR v1.03B01 ...)
	NOT-FOR-US: TRENDnet devices
CVE-2018-7033 (SchedMD Slurm before 17.02.10 and 17.11.x before 17.11.5 allows SQL ...)
	{DLA-1367-1}
	- slurm-llnl 17.11.5-1 (bug #893044)
	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4792 (not yet public)
	NOTE: https://github.com/SchedMD/slurm/commit/db468895240ad6817628d07054fe54e71273b2fe
	NOTE: https://github.com/SchedMD/slurm/commit/2f5e924bf6e018dbcef24bcda9683d6b3662f6d4
CVE-2018-7031
	RESERVED
CVE-2018-7030
	RESERVED
CVE-2018-7029
	RESERVED
CVE-2018-7028
	RESERVED
CVE-2018-7027
	RESERVED
CVE-2018-7026
	RESERVED
CVE-2018-7025
	RESERVED
CVE-2018-7024
	RESERVED
CVE-2018-7023
	RESERVED
CVE-2018-7022
	RESERVED
CVE-2018-7021
	RESERVED
CVE-2018-7020
	RESERVED
CVE-2018-7019
	RESERVED
CVE-2018-7018
	RESERVED
CVE-2018-7017
	RESERVED
CVE-2018-7016
	RESERVED
CVE-2018-7015
	RESERVED
CVE-2018-7014
	RESERVED
CVE-2018-7013
	RESERVED
CVE-2018-7012
	RESERVED
CVE-2018-7011
	RESERVED
CVE-2018-7010
	RESERVED
CVE-2018-7009
	RESERVED
CVE-2018-7008
	RESERVED
CVE-2018-7007
	RESERVED
CVE-2018-7006
	RESERVED
CVE-2018-7005
	RESERVED
CVE-2018-7004
	RESERVED
CVE-2018-7003
	RESERVED
CVE-2018-7002
	RESERVED
CVE-2018-7001
	RESERVED
CVE-2018-7000
	RESERVED
CVE-2018-6999
	RESERVED
CVE-2018-6998
	RESERVED
CVE-2018-6997
	RESERVED
CVE-2018-6996
	RESERVED
CVE-2018-6995
	RESERVED
CVE-2018-6994
	RESERVED
CVE-2018-6993
	RESERVED
CVE-2018-6992
	RESERVED
CVE-2018-6991
	RESERVED
CVE-2018-6990
	RESERVED
CVE-2018-6989
	RESERVED
CVE-2018-6988
	RESERVED
CVE-2018-6987
	RESERVED
CVE-2018-6986
	RESERVED
CVE-2018-6985
	RESERVED
CVE-2018-6984
	RESERVED
CVE-2018-6983
	RESERVED
CVE-2018-6982
	RESERVED
CVE-2018-6981
	RESERVED
CVE-2018-6980
	RESERVED
CVE-2018-6979
	RESERVED
CVE-2018-6978
	RESERVED
CVE-2018-6977
	RESERVED
CVE-2018-6976
	RESERVED
CVE-2018-6975
	RESERVED
CVE-2018-6974
	RESERVED
CVE-2018-6973
	RESERVED
CVE-2018-6972
	RESERVED
CVE-2018-6971
	RESERVED
CVE-2018-6970
	RESERVED
CVE-2018-6969
	RESERVED
CVE-2018-6968
	RESERVED
CVE-2018-6967
	RESERVED
CVE-2018-6966
	RESERVED
CVE-2018-6965
	RESERVED
CVE-2018-6964
	RESERVED
CVE-2018-6963
	RESERVED
CVE-2018-6962
	RESERVED
CVE-2018-6961
	RESERVED
CVE-2018-6960 (VMware Horizon DaaS (7.x before 8.0.0) contains a broken ...)
	NOT-FOR-US: VMware Horizon DaaS
CVE-2018-6959 (VMware vRealize Automation (vRA) prior to 7.4.0 contains a ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2018-6958 (VMware vRealize Automation (vRA) prior to 7.3.1 contains a ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2018-6957 (VMware Workstation (14.x before 14.1.1, 12.x) and Fusion (10.x before ...)
	NOT-FOR-US: VMware
CVE-2017-18188 (OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks ...)
	NOT-FOR-US: opentmpfiles
CVE-2017-18187 (In ARM mbed TLS before 2.7.0, there is a bounds-check bypass through an ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ARMmbed/mbedtls/commit/83c9f495ffe70c7dd280b41fdfd4881485a3bc28
CVE-2018-7032 (webcheckout in myrepos through 1.20171231 does not sanitize URLs that ...)
	- myrepos <unfixed> (bug #840014)
	[stretch] - myrepos <no-dsa> (Minor issue)
	[jessie] - myrepos <no-dsa> (Minor issue)
	- mr 1.16
	[wheezy] - mr <no-dsa> (Minor issue)
	NOTE: 1.16 was made a source-based transitional package to myrepos not containg
	NOTE: in particular webcheckout anymore.
	NOTE: http://source.myrepos.branchable.com/?p=source.git;a=commitdiff;h=40a3df21c73f1bb1b6915cc6fa503f50814664c8
CVE-2018-6956
	RESERVED
CVE-2018-6955
	RESERVED
CVE-2018-6954 (systemd-tmpfiles in systemd through 237 mishandles symlinks present in ...)
	- systemd 238-1 (bug #890779)
	[stretch] - systemd <postponed> (Minor issue, revisit if/when fixed upstream)
	[jessie] - systemd <postponed> (Minor issue, revisit if/when fixed upstream)
	[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
	NOTE: https://github.com/systemd/systemd/issues/7986
CVE-2018-6953 (In CCN-lite 2, the Parser of NDNTLV does not verify whether a certain ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6952 (A double free exists in the another_hunk function in pch.c in GNU patch ...)
	- patch <unfixed> (unimportant)
	NOTE: https://savannah.gnu.org/bugs/index.php?53133
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6951 (An issue was discovered in GNU patch through 2.7.6. There is a ...)
	- patch <unfixed> (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/?id=f290f48a621867084884bfff87f8093c15195e6a
	NOTE: https://savannah.gnu.org/bugs/index.php?53132
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6950
	RESERVED
CVE-2018-6949
	RESERVED
CVE-2018-6948 (In CCN-lite 2, the function ccnl_prefix_to_str_detailed can cause a ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6947 (An uninitialised stack variable in the nxfuse component that is part ...)
	NOT-FOR-US: DokanFS
CVE-2018-6946
	RESERVED
CVE-2018-6945
	RESERVED
CVE-2018-6944 (core/lib/upload/um-file-upload.php in the UltimateMember plugin 2.0 for ...)
	NOT-FOR-US: UltimateMember plugin for WordPress
CVE-2018-6943 (core/lib/upload/um-image-upload.php in the UltimateMember plugin 2.0 ...)
	NOT-FOR-US: UltimateMember plugin for WordPress
CVE-2018-6942 (An issue was discovered in FreeType 2 through 2.9. A NULL pointer ...)
	- freetype <unfixed> (bug #890450)
	[stretch] - freetype <not-affected> (Vulnerable code introduced later)
	[jessie] - freetype <not-affected> (Vulnerable code introduced later)
	[wheezy] - freetype <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=5736
	NOTE: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=29c759284e305ec428703c9a5831d0b1fc3497ef
CVE-2018-6941 (A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 ...)
	NOT-FOR-US: NAT32 devices
CVE-2018-6940 (A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 ...)
	NOT-FOR-US: NAT32 devices
CVE-2018-6939
	RESERVED
CVE-2018-6938
	RESERVED
CVE-2018-6937
	RESERVED
CVE-2018-6936 (Cross Site Scripting (XSS) exists on the D-Link DIR-600M C1 3.01 via ...)
	NOT-FOR-US: D-Link
CVE-2018-6935 (PHP Scripts Mall Student Profile Management System Script v2.0.6 has ...)
	NOT-FOR-US: PHP Scripts Mall Student Profile Management System Script
CVE-2018-6934 (CSRF exists in student/personal-info in PHP Scripts Mall Online ...)
	NOT-FOR-US: PHP Scripts Mall Online Tutoring Script
CVE-2018-6933
	RESERVED
CVE-2018-6932
	RESERVED
CVE-2018-6931
	RESERVED
CVE-2018-6930 (A stack-based buffer over-read in the ComputeResizeImage function in ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/967
CVE-2018-6929
	RESERVED
CVE-2018-6928 (PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a ...)
	NOT-FOR-US: PHP Scripts Mall News Website Script
CVE-2018-1000066
	REJECTED
CVE-2018-1000065
	REJECTED
CVE-2018-1000064
	REJECTED
CVE-2017-18186 (An issue was discovered in QPDF before 7.0.0. There is an infinite loop ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937
	NOTE: https://github.com/qpdf/qpdf/issues/149
CVE-2017-18185 (An issue was discovered in QPDF before 7.0.0. There is a large ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71
	NOTE: https://github.com/qpdf/qpdf/issues/150
CVE-2017-18184 (An issue was discovered in QPDF before 7.0.0. There is a stack-based ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317
	NOTE: https://github.com/qpdf/qpdf/issues/147
CVE-2017-18183 (An issue was discovered in QPDF before 7.0.0. There is an infinite loop ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481
	NOTE: https://github.com/qpdf/qpdf/issues/143
CVE-2017-18182
	RESERVED
CVE-2017-18181
	RESERVED
CVE-2017-18180
	RESERVED
CVE-2016-10713 (An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access ...)
	- patch 2.7.6-1 (unimportant)
	NOTE: https://git.savannah.gnu.org/cgit/patch.git/commit/src/pch.c?id=a0d7fe4589651c64bd16ddaaa634030bb0455866
	NOTE: Crash in CLI tool, no security impact
CVE-2015-9252 (An issue was discovered in QPDF before 7.0.0. Endless recursion causes ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e
	NOTE: https://github.com/qpdf/qpdf/issues/51
CVE-2018-6927 (The futex_requeue function in kernel/futex.c in the Linux kernel before ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/fbe0e839d1e22d88810f3ee3e2f1479be4c0aa4a
CVE-2018-6926 (In app/Controller/ServersController.php in MISP 2.4.87, a server ...)
	NOT-FOR-US: MISP
CVE-2018-6925
	RESERVED
CVE-2018-6924
	RESERVED
CVE-2018-6923
	RESERVED
CVE-2018-6922
	RESERVED
CVE-2018-6921 (In FreeBSD before 11.1-STABLE(r332066) and 11.1-RELEASE-p10, due to ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6920 (In FreeBSD before 11.1-STABLE(r332303), 11.1-RELEASE-p10, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:05.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6919 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-EN-18:04.mem.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6918 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-18:05.ipsec.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6917 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p9, 10.4-STABLE, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-18:04.vt.asc
	NOTE: kfreebsd not covered by security support
CVE-2018-6916 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p7, 10.4-STABLE, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/patches/SA-18:01/ipsec-10.patch
	NOTE: kfreebsd not covered by security support
CVE-2018-6915
	RESERVED
CVE-2018-6914 (Directory traversal vulnerability in the Dir.mktmpdir method in the ...)
	{DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/unintentional-file-and-directory-creation-with-directory-traversal-cve-2018-6914/
	NOTE: https://hackerone.com/reports/302298
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/10b96900b90914b0cc1dba36f9736c038db2859d
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/e9ddf2ba41a0bffe1047e33576affd48808c5d0b (2.2.10)
CVE-2018-1000063
	REJECTED
CVE-2017-18179 (Progress Sitefinity 9.1 uses wrap_access_token as a non-expiring ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18178 (Authenticate/SWT in Progress Sitefinity 9.1 has an open redirect issue ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18177 (Progress Sitefinity 9.1 has XSS via the Last name, First name, and ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18176 (Progress Sitefinity 9.1 has XSS via file upload, because JavaScript ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2017-18175 (Progress Sitefinity 9.1 has XSS via the Content Management Template ...)
	NOT-FOR-US: Progress Sitefinity
CVE-2018-6913 (Heap-based buffer overflow in the pack function in Perl before 5.26.2 ...)
	{DSA-4172-1 DLA-1345-1}
	- perl 5.26.1-6
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131844
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/0fcf83230df5f8c52602ae22fde57c7ea885534d
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/a9d5c6e11891b48be06d4e06eeed18642bc98527
CVE-2018-6912 (The decode_plane function in libavcodec/utvideodec.c in FFmpeg through ...)
	- ffmpeg <unfixed> (low)
	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
	- libav <undetermined>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/76cc0f0f673353cd4746cd3b83838ae335e5d9ed
CVE-2018-6911 (The VBWinExec function in Node\AspVBObj.dll in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2018-6910 (DedeCMS 5.7 allows remote attackers to discover the full path via a ...)
	NOT-FOR-US: DedeCMS
CVE-2018-6909
	RESERVED
CVE-2018-6908
	RESERVED
CVE-2018-6907
	RESERVED
CVE-2018-6906
	RESERVED
CVE-2018-6905 (The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life>
CVE-2018-6904 (PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2018-6903 (PHP Scripts Mall Hot Scripts Clone Script Classified v3.1 uses the ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6902 (PHP Scripts Mall Image Sharing Script 1.3.3 has XSS via the Full Name ...)
	NOT-FOR-US: PHP Scripts Mall Image Sharing Script
CVE-2018-6901
	RESERVED
CVE-2018-6900 (PHP Scripts Mall Website Broker Script 3.0.6 has XSS via the Last Name ...)
	NOT-FOR-US: PHP Scripts Mall Website Broker Script
CVE-2018-6899
	RESERVED
CVE-2018-6898
	RESERVED
CVE-2018-6897
	RESERVED
CVE-2018-6896
	RESERVED
CVE-2018-6895
	RESERVED
CVE-2018-6894
	RESERVED
CVE-2018-6893 (controllers/member/Api.php in dayrui FineCms 5.2.0 has SQL Injection: a ...)
	NOT-FOR-US: FineCms
CVE-2018-6892 (An issue was discovered in CloudMe before 1.11.0. An unauthenticated ...)
	NOT-FOR-US: CloudMe
CVE-2018-6891 (Bookly #1 WordPress Booking Plugin Lite before 14.5 has XSS via a ...)
	NOT-FOR-US: Bookly #1 WordPress Booking Plugin Lite
CVE-2018-6890 (Cross-site scripting (XSS) vulnerability in Wolf CMS 0.8.3.1 via the ...)
	NOT-FOR-US: Wolf CMS
CVE-2018-6889 (An issue was discovered in Typesetter 5.1. It suffers from a Host ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-6888 (An issue was discovered in Typesetter 5.1. The User Permissions page ...)
	NOT-FOR-US: Typesetter CMS
CVE-2018-6887
	RESERVED
CVE-2018-6886
	RESERVED
CVE-2018-6885
	RESERVED
CVE-2018-6884
	RESERVED
CVE-2018-6883 (Piwigo before 2.9.3 has SQL injection in admin/tags.php in the ...)
	- piwigo <removed>
CVE-2018-6882 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Zimbra
CVE-2018-1000062 (WonderCMS version 2.4.0 contains a Stored Cross-Site Scripting on File ...)
	NOT-FOR-US: WonderCMS
CVE-2018-1000061 (ARM mbedTLS version development branch, 2.7.0 and earlier contains a ...)
	- mbedtls <unfixed> (unimportant)
	NOTE: https://github.com/ARMmbed/mbedtls/issues/1356
	NOTE: Non-issue as further analysis has shown and issue in progress to be rejected
CVE-2018-1000060 (Sensu, Inc. Sensu Core version Before 1.2.0 &amp; before commit ...)
	- sensu <itp> (bug #838484)
CVE-2018-1000059 (ValidFormBuilder version 4.5.4 contains a PHP Object Injection ...)
	NOT-FOR-US: ValidFormBuilder
CVE-2018-6881 (EmpireCMS 6.6 allows remote attackers to discover the full path via an ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-6880 (EmpireCMS 6.6 through 7.2 allows remote attackers to discover the full ...)
	NOT-FOR-US: EmpireCMS
CVE-2018-6879 (PHP Scripts Mall Website Seller Script 2.0.3 uses the client side to ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6878 (Cross Site Scripting (XSS) exists in the review section in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Mall Hot Scripts Clone Script Classified
CVE-2018-6877
	RESERVED
CVE-2018-6876 (The OLEProperty class in ole/oleprop.cpp in libfpx 1.3.1-10, as used in ...)
	NOT-FOR-US: libfpx
CVE-2018-6875 (Format String vulnerability in KeepKey version 4.0.0 allows attackers ...)
	NOT-FOR-US: KeepKey
CVE-2018-6874 (CSRF exists in the Auth0 authentication service through 14591 if the ...)
	NOT-FOR-US: Auth0
CVE-2018-6873 (The Auth0 authentication service before 2017-10-15 allows privilege ...)
	NOT-FOR-US: Auth0
CVE-2018-6872 (The elf_parse_notes function in elf.c in the Binary File Descriptor ...)
	- binutils 2.30-4
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22788
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commit;h=ef135d4314fd4c2d7da66b9d7b59af4a85b0f7e6
CVE-2018-6871 (LibreOffice before 5.4.5 and 6.x before 6.0.1 allows remote attackers ...)
	{DSA-4111-2 DSA-4111-1}
	- libreoffice 1:6.0.1-1
	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/jollheef/libreoffice-remote-arbitrary-file-disclosure
CVE-2018-6870 (Reflected XSS exists in PHP Scripts Mall Website Seller Script 2.0.3 ...)
	NOT-FOR-US: PHP Scripts Mall Website Seller Script
CVE-2018-6869 (In ZZIPlib 0.13.68, there is an uncontrolled memory allocation and a ...)
	{DLA-1287-1}
	- zziplib <unfixed>
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/22
CVE-2018-6868 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / ...)
	NOT-FOR-US: PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script
CVE-2018-6867 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone ...)
	NOT-FOR-US: PHP Scripts Mall Alibaba Clone Script
CVE-2018-6866 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and ...)
	NOT-FOR-US: PHP Scripts Mall Learning and Examination Management System Script
CVE-2018-6865
	RESERVED
CVE-2018-6864 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Multi religion ...)
	NOT-FOR-US: PHP Scripts Mall Multi religion Responsive Matrimonial
CVE-2018-6863 (SQL Injection exists in PHP Scripts Mall Select Your College Script ...)
	NOT-FOR-US: PHP Scripts Mall Select Your College Script
CVE-2018-6862 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Bitcoin MLM ...)
	NOT-FOR-US: PHP Scripts Mall Bitcoin MLM Software
CVE-2018-6861 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Lawyer Search ...)
	NOT-FOR-US: PHP Scripts Mall Lawyer Search Script
CVE-2018-6860 (Arbitrary File Upload and Remote Code Execution exist in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-6859 (SQL Injection exists in PHP Scripts Mall Schools Alert Management ...)
	NOT-FOR-US: PHP Scripts Mall Schools Alert Management Script
CVE-2018-6858 (Cross Site Scripting (XSS) exists in PHP Scripts Mall Facebook Clone ...)
	NOT-FOR-US: PHP Scripts Mall Facebook Clone Script
CVE-2018-6857
	RESERVED
CVE-2018-6856
	RESERVED
CVE-2018-6855
	RESERVED
CVE-2018-6854
	RESERVED
CVE-2018-6853
	RESERVED
CVE-2018-6852
	RESERVED
CVE-2018-6851
	RESERVED
CVE-2018-6850
	RESERVED
CVE-2018-6849 (In the WebRTC component in DuckDuckGo 4.2.0, after visiting a web site ...)
	NOT-FOR-US: DuckDuckGo
CVE-2018-6848
	RESERVED
CVE-2018-6847
	RESERVED
CVE-2018-6846 (Z-BlogPHP 1.5.1 allows remote attackers to discover the full path via a ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-6845 (PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Multi Language Olx Clone Script
CVE-2018-6844 (MyBB 1.8.14 has XSS via the Title or Description field on the Edit ...)
	NOT-FOR-US: MyBB
CVE-2018-6843 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has SQL injection in the ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-6842 (Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a ...)
	NOT-FOR-US: Kentico CMS
CVE-2018-6841
	RESERVED
CVE-2018-6840
	RESERVED
CVE-2018-6839
	RESERVED
CVE-2018-6838
	RESERVED
CVE-2018-6837
	RESERVED
CVE-2018-6836 (The netmonrec_comment_destroy function in wiretap/netmon.c in Wireshark ...)
	- wireshark <not-affected> (Vulnerable code introduced in v2.5.0)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14397
	NOTE: Introduced by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=52823805b29a44a83eacd0e5b415b11227ec313b
	NOTE: Fixed by: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=28960d79cca262ac6b974f339697b299a1e28fef
CVE-2018-6835 (node/hooks/express/apicalls.js in Etherpad Lite before v1.6.3 ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-6834 (static/js/pad_utils.js in Etherpad Lite before v1.6.3 has XSS via ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2018-6833
	RESERVED
CVE-2018-6832
	RESERVED
CVE-2018-6831
	RESERVED
CVE-2018-6830
	RESERVED
CVE-2018-6829 (cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt ...)
	- libgcrypt20 <unfixed> (unimportant)
	- libgcrypt11 <removed> (unimportant)
	- gnupg1 <unfixed> (unimportant)
	- gnupg <removed> (unimportant)
	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal
	NOTE: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
	NOTE: GnuPG uses ElGamal in hybrid mode only.
	NOTE: This is not a vulnerability in libgcrypt, but in an application using
	NOTE: it in an insecure manner, see also
	NOTE: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
CVE-2018-6828
	RESERVED
CVE-2018-6827 (VOBOT CLOCK before 0.99.30 devices do not verify X.509 certificates ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6826 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6825 (An issue was discovered on VOBOT CLOCK before 0.99.30 devices. An SSH ...)
	NOT-FOR-US: VOBOT CLOCK
CVE-2018-6824 (Cozy version 2 has XSS allowing remote attackers to obtain ...)
	NOT-FOR-US: Cozy
CVE-2018-6823 (In the VPN client in Mailbutler Shimo before 4.1.5.1 on macOS, the ...)
	NOT-FOR-US: Mailbutler Shimo
CVE-2018-6822 (In PureVPN 6.0.1 on macOS, HelperTool LaunchDaemon implements an ...)
	NOT-FOR-US: PureVPN
CVE-2018-6821
	RESERVED
CVE-2018-6820
	RESERVED
CVE-2018-6819
	RESERVED
CVE-2018-6818
	RESERVED
CVE-2018-6817
	RESERVED
CVE-2018-6816
	RESERVED
CVE-2018-6815
	RESERVED
CVE-2018-6814
	RESERVED
CVE-2018-6813
	RESERVED
CVE-2018-6812
	RESERVED
CVE-2018-6811 (Multiple cross-site scripting (XSS) vulnerabilities in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2018-6810 (Directory traversal vulnerability in NetScaler ADC 10.5, 11.0, 11.1, ...)
	NOT-FOR-US: Citrix
CVE-2018-6809 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, ...)
	NOT-FOR-US: Citrix
CVE-2018-6808 (NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, ...)
	NOT-FOR-US: Citrix
CVE-2018-6807
	RESERVED
CVE-2018-6806 (Marked 2 through 2.5.11 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Marked 2
CVE-2018-6805
	RESERVED
CVE-2018-6804
	RESERVED
CVE-2018-6803
	RESERVED
CVE-2018-6802
	RESERVED
CVE-2018-6801
	RESERVED
CVE-2018-6800
	RESERVED
CVE-2018-6799 (The AcquireCacheNexus function in magick/pixel_cache.c in ...)
	{DLA-1282-1}
	- graphicsmagick 1.3.28-1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/b41e2efce6d3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d30ed06e9b87
CVE-2018-6798 (An issue was discovered in Perl 5.22 through 5.26. Matching a crafted ...)
	- perl 5.26.1-6
	[stretch] - perl 5.24.1-3+deb9u3
	[jessie] - perl <not-affected> (Issue introduced later)
	[wheezy] - perl <not-affected> (Issue introduced later)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132063
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8e6f44c90c7fa1f63c19a44c45482b09a407e15b
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/8b80ce67ff257aaa36e47eaf4194d27a51595524
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/0abf1e8d89aecd32dbdabda5da4d52a2d57a7cff
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f65da1ca2eee74696d9c120e9d69af37b4fa1920
CVE-2018-6797 (An issue was discovered in Perl 5.18 through 5.26. A crafted regular ...)
	- perl 5.26.1-6
	[stretch] - perl 5.24.1-3+deb9u3
	[jessie] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
	[wheezy] - perl <ignored> (Backport of fixes too intrusive and risky for regressions)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=132227
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/abe1e6c568b96bcb382dfa4f61c56d1ab001ea51
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/510cc261d965ccfa427900ebb368fc4d337442d2
CVE-2018-6796 (PHP Scripts Mall Multilanguage Real Estate MLM Script 3.0 has Stored ...)
	NOT-FOR-US: PHP Scripts Mall Multilanguage Real Estate MLM Script
CVE-2018-6795 (PHP Scripts Mall Naukri Clone Script 3.0.3 has Stored XSS via every ...)
	NOT-FOR-US: PHP Scripts Mall Naukri Clone Script
CVE-2018-6794 (Suricata before 4.1 is prone to an HTTP detection bypass vulnerability ...)
	- suricata 1:4.0.4-1 (bug #889842)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	[wheezy] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2427
	NOTE: https://github.com/OISF/suricata/pull/3202/commits/e1ef57c848bbe4e567d5d4b66d346a742e3f77a1
CVE-2018-6793
	RESERVED
CVE-2018-6792 (Multiple SQL injection vulnerabilities in Saifor CVMS HUB 1.3.1 allow ...)
	NOT-FOR-US: Saifor CVMS HUB
CVE-2018-6791 (An issue was discovered in soliduiserver/deviceserviceaction.cpp in KDE ...)
	{DSA-4116-1}
	- plasma-workspace 4:5.12.0-2
	- kde-runtime <not-affected> (Performs correct escaping)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=389815
	NOTE: https://commits.kde.org/plasma-workspace/f32002ce50edc3891f1fa41173132c820b917d57 (Plasma/5.12)
	NOTE: https://commits.kde.org/plasma-workspace/9db872df82c258315c6ebad800af59e81ffb9212 (Plasma/5.8)
CVE-2018-6790 (An issue was discovered in KDE Plasma Workspace before 5.12.0. ...)
	- plasma-workspace 4:5.12.0-2
	[stretch] - plasma-workspace <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://phabricator.kde.org/D10188
	NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=5bc696b5abcdb460c1017592e80b2d7f6ed3107c
	NOTE: https://cgit.kde.org/plasma-workspace.git/commit/?id=8164beac15ea34ec0d1564f0557fe3e742bdd938
CVE-2018-6789 (An issue was discovered in the base64d function in the SMTP listener ...)
	{DSA-4110-1 DLA-1274-1}
	- exim4 4.90.1-1 (bug #890000)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/07/2
	NOTE: https://exim.org/static/doc/security/CVE-2018-6789.txt
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2235
	NOTE: https://git.exim.org/exim.git/commit/062990cc1b2f9e5d82a413b53c8f0569075de700
CVE-2018-6788 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6787 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6786 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6785 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6784 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6783 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6782 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6781 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6780 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6779 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6778 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6777 (In Jiangmin Antivirus 16.0.0.100, the driver file (KVFG.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6776 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6775 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6774 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6773 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6772 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6771 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6770 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6769 (In Jiangmin Antivirus 16.0.0.100, the driver file (KrnlCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6768 (In Jiangmin Antivirus 16.0.0.100, the driver file (KSysCall.sys) allows ...)
	NOT-FOR-US: Jiangmin Antivirus
CVE-2018-6766 (Swisscom TVMediaHelper 1.1.0.50 contains a vulnerability that could ...)
	NOT-FOR-US: Swisscom TVMediaHelper
CVE-2018-6765 (Swisscom MySwisscomAssistant 2.17.1.1065 contains a vulnerability that ...)
	NOT-FOR-US: Swisscom MySwisscomAssistant
CVE-2018-6763
	RESERVED
CVE-2018-6762
	RESERVED
CVE-2018-6761
	RESERVED
CVE-2018-6760
	RESERVED
CVE-2018-6767 (A stack-based buffer over-read in the ParseRiffHeaderConfig function of ...)
	{DSA-4125-1}
	- wavpack 5.1.0-3 (bug #889276)
	[jessie] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
	[wheezy] - wavpack <not-affected> (Vulnerable code introduced later in 4.80.0)
	NOTE: https://github.com/dbry/WavPack/issues/27
	NOTE: https://github.com/dbry/WavPack/commit/d5bf76b5a88d044a1be1d5656698e3ba737167e5
CVE-2018-6764 (util/virlog.c in libvirt does not properly determine the hostname on ...)
	- libvirt 4.0.0-2 (bug #889839)
	[stretch] - libvirt 3.0.0-4+deb9u3
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later in 1.3.1)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later in 1.3.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1541444
	NOTE: introduced-by https://libvirt.org/git/?p=libvirt.git;a=commit;h=759b4d1b0fe5f4d84d98b99153dfa7ac289dd167
CVE-2018-6759 (The bfd_get_debug_link_info_1 function in opncls.c in the Binary File ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22794
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=64e234d417d5685a4aec0edc618114d9991c031b
CVE-2018-6757
	RESERVED
CVE-2018-6756
	RESERVED
CVE-2018-6755
	RESERVED
CVE-2018-6754
	RESERVED
CVE-2018-6753
	RESERVED
CVE-2018-6752
	RESERVED
CVE-2018-6751
	RESERVED
CVE-2018-6750
	RESERVED
CVE-2018-6749
	RESERVED
CVE-2018-6748
	RESERVED
CVE-2018-6747
	RESERVED
CVE-2018-6746
	RESERVED
CVE-2018-6745
	RESERVED
CVE-2018-6744
	RESERVED
CVE-2018-6743
	RESERVED
CVE-2018-6742
	RESERVED
CVE-2018-6741
	RESERVED
CVE-2018-6740
	RESERVED
CVE-2018-6739
	RESERVED
CVE-2018-6738
	RESERVED
CVE-2018-6737
	RESERVED
CVE-2018-6736
	RESERVED
CVE-2018-6735
	RESERVED
CVE-2018-6734
	RESERVED
CVE-2018-6733
	RESERVED
CVE-2018-6732
	RESERVED
CVE-2018-6731
	RESERVED
CVE-2018-6730
	RESERVED
CVE-2018-6729
	RESERVED
CVE-2018-6728
	RESERVED
CVE-2018-6727
	RESERVED
CVE-2018-6726
	RESERVED
CVE-2018-6725
	RESERVED
CVE-2018-6724
	RESERVED
CVE-2018-6723
	RESERVED
CVE-2018-6722
	RESERVED
CVE-2018-6721
	RESERVED
CVE-2018-6720
	RESERVED
CVE-2018-6719
	RESERVED
CVE-2018-6718
	RESERVED
CVE-2018-6717
	RESERVED
CVE-2018-6716
	RESERVED
CVE-2018-6715
	RESERVED
CVE-2018-6714
	RESERVED
CVE-2018-6713
	RESERVED
CVE-2018-6712
	RESERVED
CVE-2018-6711
	RESERVED
CVE-2018-6710
	RESERVED
CVE-2018-6709
	RESERVED
CVE-2018-6708
	RESERVED
CVE-2018-6707
	RESERVED
CVE-2018-6706
	RESERVED
CVE-2018-6705
	RESERVED
CVE-2018-6704
	RESERVED
CVE-2018-6703
	RESERVED
CVE-2018-6702
	RESERVED
CVE-2018-6701
	RESERVED
CVE-2018-6700
	RESERVED
CVE-2018-6699
	RESERVED
CVE-2018-6698
	RESERVED
CVE-2018-6697
	RESERVED
CVE-2018-6696
	RESERVED
CVE-2018-6695
	RESERVED
CVE-2018-6694
	RESERVED
CVE-2018-6693
	RESERVED
CVE-2018-6692
	RESERVED
CVE-2018-6691
	RESERVED
CVE-2018-6690
	RESERVED
CVE-2018-6689
	RESERVED
CVE-2018-6688
	RESERVED
CVE-2018-6687
	RESERVED
CVE-2018-6686
	RESERVED
CVE-2018-6685
	RESERVED
CVE-2018-6684
	RESERVED
CVE-2018-6683
	RESERVED
CVE-2018-6682
	RESERVED
CVE-2018-6681
	RESERVED
CVE-2018-6680
	RESERVED
CVE-2018-6679
	RESERVED
CVE-2018-6678
	RESERVED
CVE-2018-6677
	RESERVED
CVE-2018-6676
	RESERVED
CVE-2018-6675
	RESERVED
CVE-2018-6674
	RESERVED
CVE-2018-6673
	RESERVED
CVE-2018-6672
	RESERVED
CVE-2018-6671
	RESERVED
CVE-2018-6670
	RESERVED
CVE-2018-6669
	RESERVED
CVE-2018-6668
	RESERVED
CVE-2018-6667
	RESERVED
CVE-2018-6666
	RESERVED
CVE-2018-6665
	RESERVED
CVE-2018-6664
	RESERVED
CVE-2018-6663
	RESERVED
CVE-2018-6662
	RESERVED
CVE-2018-6661 (DLL Side-Loading vulnerability in Microsoft Windows Client in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2018-6660 (Directory Traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
	NOT-FOR-US: McAfee
CVE-2018-6659 (Reflected Cross-Site Scripting vulnerability in McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2018-6658
	RESERVED
CVE-2018-6758 (The uwsgi_expand_path function in core/utils.c in Unbit uWSGI through ...)
	{DLA-1275-1}
	- uwsgi 2.0.15-10.2 (bug #889753)
	[stretch] - uwsgi 2.0.14+20161117-3+deb9u1
	[jessie] - uwsgi 2.0.7-1+deb8u2
	NOTE: http://lists.unbit.it/pipermail/uwsgi/2018-February/008835.html
	NOTE: https://github.com/unbit/uwsgi/commit/cb4636f7c0af2e97a4eef7a3cdcbd85a71247bfe
CVE-2018-6657
	RESERVED
CVE-2018-6656 (Z-BlogPHP 1.5.1 has CSRF via zb_users/plugin/AppCentre/app_del.php, as ...)
	NOT-FOR-US: Z-BlogPHP
CVE-2018-6655 (PHP Scripts Mall Doctor Search Script 1.0.2 has Stored XSS via an ...)
	NOT-FOR-US: PHP Scripts Mall Doctor Search Script
CVE-2018-6654 (The Grammarly extension before 2018-02-02 for Chrome allows remote ...)
	NOT-FOR-US: Grammarly extension for Chrome
CVE-2018-6653 (comforte SWAP 1049 through 1069 and 20.0.0 through 21.5.3 (as used in ...)
	NOT-FOR-US: comforte SWAP
CVE-2018-6652
	RESERVED
CVE-2018-6651 (In the uncurl_ws_accept function in uncurl.c in uncurl before 0.07, as ...)
	NOT-FOR-US: uncurl
CVE-2018-6650
	RESERVED
CVE-2018-6649
	RESERVED
CVE-2018-6648
	RESERVED
CVE-2018-6647
	RESERVED
CVE-2018-6646
	RESERVED
CVE-2018-6645
	RESERVED
CVE-2018-6644 (SBLIM Small Footprint CIM Broker (SFCB) 1.4.9 has a null pointer (DoS) ...)
	- sblim-sfcb <itp> (bug #754493)
CVE-2018-6643
	RESERVED
CVE-2018-6642
	RESERVED
CVE-2018-6641 (An Arbitrary Free (Remote Code Execution) issue was discovered in ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6640 (A Heap Overflow (Remote Code Execution) issue was discovered in Design ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6639 (An out-of-bounds write (Remote Code Execution) issue was discovered in ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6638 (A stack-based buffer overflow (Remote Code Execution) issue was ...)
	NOT-FOR-US: Design Science MathType
CVE-2018-6637
	RESERVED
CVE-2018-6636
	RESERVED
CVE-2018-6635 (System Manager in Avaya Aura before 7.1.2 does not properly use SSL in ...)
	NOT-FOR-US: System Manager in Avaya Aura
CVE-2018-6634
	RESERVED
CVE-2018-6633 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6632 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6631 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6630 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6629 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6628 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6627 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) ...)
	NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6626 (In Micropoint proactive defense software 2.0.20266.0146, the driver ...)
	NOT-FOR-US: Micropoint proactive defense software
CVE-2018-6625 (In WatchDog Anti-Malware 2.74.186.150, the driver file (ZAMGUARD32.SYS) ...)
	NOT-FOR-US: WatchDog Anti-Malware
CVE-2018-6624 (OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass ...)
	NOT-FOR-US: OMRON NS devices
CVE-2018-6623 (An issue was discovered in Hola 1.79.859. An unprivileged user could ...)
	NOT-FOR-US: Hola
CVE-2018-1000058 (Jenkins Pipeline: Supporting APIs Plugin 2.17 and earlier have an ...)
	NOT-FOR-US: jenkins-plugin-workflow-support
CVE-2018-1000057 (Jenkins Credentials Binding Plugin 1.14 and earlier masks passwords it ...)
	NOT-FOR-US: jenkins-plugin-credentials-binding
CVE-2018-1000056 (Jenkins JUnit Plugin 1.23 and earlier processes XML external entities ...)
	NOT-FOR-US: jenkins-plugin-junit
CVE-2018-1000055 (Jenkins Android Lint Plugin 2.5 and earlier processes XML external ...)
	NOT-FOR-US: Jenkins Android Lint Plugin
CVE-2018-1000054 (Jenkins CCM Plugin 3.1 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins CCM Plugin
CVE-2018-1000053 (LimeSurvey version 3.0.0-beta.3+17110 contains a Cross ite Request ...)
	- limesurvey <itp> (bug #472802)
CVE-2018-1000052 (fmtlib version prior to version 4.1.0 (before commit ...)
	- fmtlib <unfixed> (unimportant; bug #890033)
	NOTE: https://github.com/fmtlib/fmt/issues/642
	NOTE: https://github.com/fmtlib/fmt/commit/8cf30aa2be256eba07bb1cefb998c52326e846e7
	NOTE: This looks bogus, how would that come from untrusted input
CVE-2018-1000051 (Artifex Mupdf version 1.12.0 contains a Use After Free vulnerability ...)
	{DSA-4152-1}
	- mupdf 1.12.0+ds1-1 (bug #891245)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present, introduced in version 1.3)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698825
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698873
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?321ba1de287016b0036bf4a56ce774ad11763384
CVE-2018-1000050 (Sean Barrett stb_vorbis version 1.12 and earlier contains a Buffer ...)
	NOT-FOR-US: Sean Barrett stb_vorbis
CVE-2018-1000049 (nanopool Claymore Dual Miner version 7.3 and earlier contains a Remote ...)
	NOT-FOR-US: nanopool Claymore Dual Miner
CVE-2018-1000048 (NASA RtRetrievalFramework version v1.0 contains a CWE-502 ...)
	NOT-FOR-US: NASA RtRetrievalFramework
CVE-2018-1000047 (NASA Kodiak version v1.0 contains a CWE-502 vulnerability in Kodiak ...)
	NOT-FOR-US: NASA Kodiak
CVE-2018-1000046 (NASA Pyblock version v1.0 - v1.3 contains a CWE-502 vulnerability in ...)
	NOT-FOR-US: NASA Pyblock
CVE-2018-1000045 (NASA Singledop version v1.0 contains a CWE-502 vulnerability in NASA ...)
	NOT-FOR-US: NASA Singledop
CVE-2018-1000044 (Security Onion Solutions Squert version 1.1.1 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000043 (Security Onion Solutions Squert version 1.0.1 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000042 (Security Onion Solutions Squert version 1.3.0 through 1.6.7 contains a ...)
	NOT-FOR-US: Security Onion Solutions Squert
CVE-2018-1000041 (GNOME librsvg version before commit ...)
	{DLA-1278-1}
	- librsvg <not-affected> (Specific to Windows)
	NOTE: Merge of changes: https://github.com/GNOME/librsvg/commit/c6ddf2ed4d768fd88adbea2b63f575cd523022ea
	NOTE: https://github.com/GNOME/librsvg/commit/4de19d9fdddf81773125b04a4defe1ffd0d3bfe0
CVE-2017-18174 (In the Linux kernel before 4.7, the amd_gpio_remove function in ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: double-free introduced and fixed in the 4.11 release cycle
CVE-2017-18173
	RESERVED
CVE-2017-18172
	RESERVED
CVE-2017-18171
	RESERVED
CVE-2017-18170
	RESERVED
CVE-2017-18169
	RESERVED
CVE-2017-18168
	RESERVED
CVE-2017-18167
	RESERVED
CVE-2017-18166
	RESERVED
CVE-2017-18165
	RESERVED
CVE-2017-18164
	RESERVED
CVE-2017-18163
	RESERVED
CVE-2017-18162
	RESERVED
CVE-2017-18161
	RESERVED
CVE-2017-18160
	RESERVED
CVE-2017-18159
	RESERVED
CVE-2017-18158
	RESERVED
CVE-2017-18157
	RESERVED
CVE-2017-18156
	RESERVED
CVE-2017-18155
	RESERVED
CVE-2017-18154
	RESERVED
CVE-2017-18153
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18152
	RESERVED
CVE-2017-18151
	RESERVED
CVE-2017-18150
	RESERVED
CVE-2017-18149
	RESERVED
CVE-2017-18148
	RESERVED
CVE-2017-18147 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18146 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18145 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18144 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18143 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18142 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18141
	RESERVED
CVE-2017-18140 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18139 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18138 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18137 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18136 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18135 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18134 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18133 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18132 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18131
	RESERVED
CVE-2017-18130 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18129 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18128 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18127 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18126 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18125 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18124
	RESERVED
CVE-2018-6622
	RESERVED
CVE-2018-6621 (The decode_frame function in libavcodec/utvideodec.c in FFmpeg through ...)
	- ffmpeg 7:3.4.2-1 (low)
	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
	- libav <undetermined>
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/118e1b0b3370dd1c0da442901b486689efd1654b
CVE-2018-6620 (Odoo does not require authentication to be configured for a Backup ...)
	NOT-FOR-US: Odoo
CVE-2018-6619 (Easy Hosting Control Panel (EHCP) v0.37.12.b makes it easier for ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6618 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows attackers to ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6617 (Easy Hosting Control Panel (EHCP) v0.37.12.b, when using a local MySQL ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6616 (In OpenJPEG 2.3.0, there is excessive iteration in the ...)
	- openjpeg2 <unfixed> (bug #889683)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1059
CVE-2018-6615
	RESERVED
CVE-2018-6614
	RESERVED
CVE-2018-6613
	RESERVED
CVE-2018-6612 (An integer underflow bug in the process_EXIF function of the exif.c ...)
	- jhead 1:3.00-6 (unimportant; bug #889272)
	NOTE: https://anonscm.debian.org/git/collab-maint/jhead.git/diff/debian/patches/0008-heap-buffer-overflow.patch?id=01f09ab772d0d341cdc1326490dd2aa5aa2a7784
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6611 (soundlib/Load_stp.cpp in OpenMPT through 1.27.04.00, and libopenmpt ...)
	- libopenmpt 0.3.6-1 (bug #889545)
	[stretch] - libopenmpt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/OpenMPT/openmpt/commit/61fc6d3030a4d4283105cb5fb46b27b42fa5575e
CVE-2018-6610 (Information Leakage exists in the jLike 1.0 component for Joomla! via a ...)
	NOT-FOR-US: jLike component for Joomla!
CVE-2018-6609 (SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via ...)
	NOT-FOR-US: JSP Tickets component for Joomla!
CVE-2018-6608 (In the WebRTC component in Opera 51.0.2830.55, after visiting a web ...)
	NOT-FOR-US: WebRTC component in Opera
CVE-2018-6607
	RESERVED
CVE-2018-6606 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
	NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6605 (SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! ...)
	NOT-FOR-US: Zh BaiduMap component for Joomla!
CVE-2018-6604 (SQL Injection exists in the Zh YandexMap 6.2.1.0 component for Joomla! ...)
	NOT-FOR-US: Zh YandexMap component for Joomla!
CVE-2018-6603 (Promise Technology WebPam Pro-E devices allow remote attackers to ...)
	NOT-FOR-US: Promise Technology WebPam Pro-E devices
CVE-2018-6602
	RESERVED
CVE-2018-6601
	RESERVED
CVE-2018-6600
	RESERVED
CVE-2018-6599
	RESERVED
CVE-2018-6598
	RESERVED
CVE-2018-6597
	RESERVED
CVE-2018-6596 (webhooks/base.py in Anymail (aka django-anymail) before 1.2.1 is prone ...)
	{DSA-4107-1}
	- django-anymail 1.3-1 (bug #889450)
	NOTE: https://github.com/anymail/django-anymail/commit/db586ede1fbb41dce21310ea28ae15a1cf1286c5 (v1.3)
	NOTE: https://github.com/anymail/django-anymail/commit/c07998304b4a31df4c61deddcb03d3607a04691b (v1.2.x-branch)
CVE-2018-6595
	RESERVED
CVE-2018-6594 (lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates ...)
	- pycryptodome 3.4.11-1 (bug #889998)
	- python-crypto 2.6.1-9 (bug #889999)
	[stretch] - python-crypto <no-dsa> (Minor issue)
	[jessie] - python-crypto <no-dsa> (Minor issue)
	[wheezy] - python-crypto <no-dsa> (Minor issue)
	NOTE: PyCrypto: https://github.com/dlitz/pycrypto/issues/253
	NOTE: The issue is found as well in pycryptodome (fork from python-crypto)
	NOTE: PyCryptodome: https://github.com/Legrandin/pycryptodome/issues/90
	NOTE: PyCrytpodome: https://github.com/Legrandin/pycryptodome/commit/99c27a3b9e8a884bbde0e88c63234b669d4398d8 (3.4.10)
	NOTE: See further discussion as per https://github.com/Legrandin/pycryptodome/issues/90#issuecomment-362783537
	NOTE: Upstream feels that this is not a vulnerability in pycryptodome/python-crypto,
	NOTE: but in an application using it in an insecure manner.
CVE-2018-6593 (An issue was discovered in MalwareFox AntiMalware 2.74.0.150. Improper ...)
	NOT-FOR-US: MalwareFox AntiMalware
CVE-2018-6592 (Unisys Stealth 3.3 Windows endpoints before 3.3.016.1 allow local ...)
	NOT-FOR-US: Unisys Stealth Windows endpoints
CVE-2018-6591 (Converse.js and Inverse.js through 3.3 allow remote attackers to obtain ...)
	NOT-FOR-US: Converse.js
CVE-2018-6590
	RESERVED
CVE-2018-6589 (CA Spectrum 10.1 prior to 10.01.02.PTF_10.1.239 and 10.2.x prior to ...)
	NOT-FOR-US: CA Spectrum
CVE-2018-6588 (CA API Developer Portal 3.5 up to and including 3.5 CR5 has a ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6587 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-6586 (CA API Developer Portal 3.5 up to and including 3.5 CR6 has a stored ...)
	NOT-FOR-US: CA API Developer Portal
CVE-2018-1000040
	RESERVED
CVE-2018-1000039
	RESERVED
CVE-2018-1000038
	RESERVED
CVE-2018-1000037
	RESERVED
CVE-2018-1000036
	RESERVED
CVE-2018-1000035 (A heap-based buffer overflow exists in Info-Zip UnZip version &lt;= 6.00 ...)
	- unzip <unfixed> (bug #889838)
	[stretch] - unzip <no-dsa> (Harmless crash, builds with fortified source)
	[jessie] - unzip <no-dsa> (Harmless crash, builds with fortified source)
	[wheezy] - unzip <no-dsa> (Harmless crash, builds with fortified source)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000034 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000033 (An out-of-bounds read exists in Info-Zip UnZip version 6.10c22 that ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000032 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2018-1000031 (A heap-based buffer overflow exists in Info-Zip UnZip version 6.10c22 ...)
	- unzip <not-affected> (Only affects 6.1c22)
	NOTE: https://www.sec-consult.com/en/blog/advisories/multiple-vulnerabilities-in-infozip-unzip/index.html
CVE-2017-18123 (The call parameter of /lib/exe/ajax.php in DokuWiki through 2017-02-19e ...)
	{DLA-1269-1}
	- dokuwiki <unfixed> (bug #889281)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2029
	NOTE: https://github.com/splitbrain/dokuwiki/commit/238b8e878ad48f370903465192b57c2072f65d86
CVE-2018-6585 (SQL Injection exists in the JTicketing 2.0.16 component for Joomla! via ...)
	NOT-FOR-US: JTicketing component for Joomla!
CVE-2018-6584 (SQL Injection exists in the DT Register 3.2.7 component for Joomla! via ...)
	NOT-FOR-US: DT Register component for Joomla!
CVE-2018-6583 (SQL Injection exists in the Timetable Responsive Schedule 1.5 component ...)
	NOT-FOR-US: Timetable Responsive Schedule component for Joomla!
CVE-2018-6582 (SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! ...)
	NOT-FOR-US: Zh GoogleMap component for Joomla!
CVE-2018-6581 (SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a ...)
	NOT-FOR-US: JMS Music component for Joomla!
CVE-2018-6580 (Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component ...)
	NOT-FOR-US: Jimtawl component for Joomla!
CVE-2018-6579 (SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for ...)
	NOT-FOR-US: JEXTN Reverse Auction component for Joomla!
CVE-2018-6578 (SQL Injection exists in the JE PayperVideo 3.0.0 component for Joomla! ...)
	NOT-FOR-US: JE PayperVideo component for Joomla!
CVE-2018-6577 (SQL Injection exists in the JEXTN Membership 3.1.0 component for ...)
	NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6576 (SQL Injection exists in Event Manager 1.0 via the event.php id ...)
	NOT-FOR-US: Event Manager
CVE-2018-6575 (SQL Injection exists in the JEXTN Classified 1.0.0 component for ...)
	NOT-FOR-US: JEXTN Membership component for Joomla!
CVE-2018-6574 (Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before ...)
	- golang-1.10 1.10~rc2-1
	- golang-1.9 1.9.4-1
	- golang-1.8 <unfixed>
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <unfixed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	[wheezy] - golang <ignored> (Minor issue)
	NOTE: https://github.com/golang/go/issues/23672
	NOTE: https://go.googlesource.com/go/+/44821583bc16ff2508664fab94360bb856e9e9d6
	NOTE: https://go.googlesource.com/go/+/867fb18b6d5bc73266b68c9a695558a04e060a8a
CVE-2018-6573
	RESERVED
CVE-2018-6572
	RESERVED
CVE-2018-6571
	RESERVED
CVE-2018-6570
	RESERVED
CVE-2018-6569 (West Wind Web Server 6.x does not require authentication for ...)
	NOT-FOR-US: West Wind Web Server
CVE-2018-6568
	RESERVED
CVE-2018-6567
	RESERVED
CVE-2018-6566
	RESERVED
CVE-2018-6565
	RESERVED
CVE-2018-6564
	RESERVED
CVE-2018-6563
	RESERVED
CVE-2018-6562 (totemomail Encryption Gateway before 6.0_b567 allows remote attackers ...)
	NOT-FOR-US: totemomail Encryption Gateway
CVE-2018-6561 (dijit.Editor in Dojo Toolkit 1.13 allows XSS via the onload attribute ...)
	- dojo <unfixed> (bug #898944)
	[jessie] - dojo <ignored> (Minor issue)
	[wheezy] - dojo <no-dsa> (Minor issue)
	NOTE: https://github.com/imsebao/404team/blob/master/dijit_editor_xss.md
CVE-2018-6560 (In dbus-proxy/flatpak-proxy.c in Flatpak before 0.8.9, and 0.9.x and ...)
	- flatpak 0.10.3-1 (bug #888842)
	[stretch] - flatpak 0.8.9-0+deb9u1
	NOTE: https://github.com/flatpak/flatpak/commit/52346bf187b5a7f1c0fe9075b328b7ad6abe78f6
CVE-2018-6559
	RESERVED
CVE-2018-6558
	RESERVED
CVE-2018-6557
	RESERVED
CVE-2018-6556
	RESERVED
CVE-2018-6555
	RESERVED
CVE-2018-6554
	RESERVED
CVE-2018-6553
	RESERVED
CVE-2018-6552
	RESERVED
CVE-2018-6551 (The malloc implementation in the GNU C Library (aka glibc or libc6), ...)
	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
	- glibc 2.27-1
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <not-affected> (Issue introduced in 2.24, 2.26 only for i386)
	- eglibc <not-affected> (Issue introduced in 2.24 for powerpc, 2.26 only for i386)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22774
	NOTE: Fixed by: https://sourceware.org/git/?p=glibc.git;a=commit;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6550 (Monstra CMS through 3.0.4 has XSS in the title function in ...)
	NOT-FOR-US: Monstra CMS
CVE-2017-18122 (A signature-validation bypass issue was discovered in SimpleSAMLphp ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.0-1 (bug #889286)
	NOTE: https://simplesamlphp.org/security/201710-01
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2d53086abbb253efb24ddcb49b116246eb0b6ca (v1.14.17)
CVE-2017-18121 (The consentAdmin module in SimpleSAMLphp through 1.14.15 is vulnerable ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.0-1 (bug #889286)
	NOTE: https://simplesamlphp.org/security/201709-01
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/34e1bdb7660c0c9b627f8e5f0ca224a6afe641a8 (v1.14.16)
CVE-2018-6549
	RESERVED
CVE-2018-6548 (A use-after-free issue was discovered in libwebm through 2018-02-02. If ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: Chromium is built with support for VP9 disabled in Debian
	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1493
	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info/libwebm%20Vp9HeaderParser%20UAF%20by%20PrintVP9Info.md
CVE-2018-6547 (plays_service.exe in the plays.tv service before 1.27.7.0, as ...)
	NOT-FOR-US: plays_service.exe in the plays.tv service
CVE-2018-6546 (plays_service.exe in the plays.tv service before 1.27.7.0, as ...)
	NOT-FOR-US: plays_service.exe in the plays.tv service
CVE-2018-6545 (Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting ...)
	NOT-FOR-US: Ipswitch MoveIt
CVE-2018-6544 (pdf_load_obj_stm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could ...)
	{DSA-4152-1}
	- mupdf 1.12.0+ds1-1 (bug #891245)
	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=26527eef77b3e51c2258c8e40845bfbc015e405d
	NOTE: above patch is not needed in Jessie, as there is no fz_try() used in this version
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=b03def134988da8c800adac1a38a41a1f09a1d89
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698830
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698965
	NOTE: https://lists.debian.org/debian-lts/2018/03/msg00043.html
CVE-2018-6543 (In GNU Binutils 2.30, there's an integer overflow in the function ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22769
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f2023ce7e8d70b0155cc6206c901e185260918f0
CVE-2018-6542 (In ZZIPlib 0.13.67, there is a bus error (when handling a ...)
	- zziplib <unfixed>
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/17
CVE-2018-6541 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
	- zziplib <unfixed>
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/16
CVE-2018-6540 (In ZZIPlib 0.13.67, there is a bus error caused by loading of a ...)
	- zziplib <unfixed>
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/15
CVE-2018-6539
	RESERVED
CVE-2018-6538
	REJECTED
CVE-2018-6537 (A buffer overflow vulnerability in the control protocol of Flexense ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2018-6536 (An issue was discovered in Icinga 2.x through 2.8.1. The daemon creates ...)
	- icinga2 2.8.4-1
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/5991
CVE-2018-6535 (An issue was discovered in Icinga 2.x through 2.8.1. The lack of a ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/4920
	NOTE: https://github.com/Icinga/icinga2/pull/5715
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6534 (An issue was discovered in Icinga 2.x through 2.8.1. By sending ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/6104
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6533 (An issue was discovered in Icinga 2.x through 2.8.1. By editing the ...)
	- icinga2 2.8.4-1 (low; bug #897301)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/5850
	NOTE: CVE is related to CVE-2017-16933 but for "the issue in using
	NOTE: init.conf to support run-time reconfiguration of an account is
	NOTE: design flaw". CVE-2018-6533 larger issue than CVE-2017-16933.
CVE-2018-6532 (An issue was discovered in Icinga 2.x through 2.8.1. By sending ...)
	- icinga2 2.8.4-1 (low)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/pull/6103
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/22/3
CVE-2018-6531
	RESERVED
CVE-2018-6530 (OS command injection vulnerability in soap.cgi (soapcgi_main in ...)
	NOT-FOR-US: D-Link
CVE-2018-6529 (XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link ...)
	NOT-FOR-US: D-Link
CVE-2018-6528 (XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link ...)
	NOT-FOR-US: D-Link
CVE-2018-6527 (XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in ...)
	NOT-FOR-US: D-Link
CVE-2018-6526 (view_all_bug_page.php in MantisBT 2.10.0-development before 2018-02-02 ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://mantisbt.org/bugs/view.php?id=23921
CVE-2018-6525 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6524 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6523 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKFsAv.SYS) ...)
	NOT-FOR-US: nProtect AVS
CVE-2018-6522 (In nProtect AVS V4.0 before 4.0.0.39, the driver file (TKRgFtXp.SYS) ...)
	NOT-FOR-US: nProtect AVS
CVE-2017-18120 (A double-free bug in the read_gif function in gifread.c in gifsicle ...)
	- gifsicle 1.91-1 (unimportant; bug #878739; bug #881120)
	NOTE: https://github.com/kohler/gifsicle/issues/117
	NOTE: https://github.com/kohler/gifsicle/commit/118a46090c50829dc543179019e6140e1235f909
	NOTE: Crash in CLI tool, no security impact
CVE-2018-6521 (The sqlauth module in SimpleSAMLphp before 1.15.2 relies on the MySQL ...)
	{DSA-4127-1 DLA-1273-1}
	- simplesamlphp 1.15.2-1
	NOTE: https://simplesamlphp.org/security/201801-03
CVE-2018-6520 (SimpleSAMLphp before 1.15.2 allows remote attackers to bypass an open ...)
	- simplesamlphp 1.15.2-1
	[stretch] - simplesamlphp <no-dsa> (Minor issue)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code introduced in 1.12)
	NOTE: https://simplesamlphp.org/security/201801-02
CVE-2018-6519 (The SAML2 library before 1.10.4, 2.x before 2.3.5, and 3.x before 3.1.1 ...)
	{DSA-4127-1}
	- simplesamlphp 1.15.2-1
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
	NOTE: minor issue
	NOTE: https://simplesamlphp.org/security/201801-01
	NOTE: The issue lies in the simplesamlphp/saml2 part, which is
	NOTE: updated in 1.15.2 to the respective fixed version.
	NOTE: https://github.com/simplesamlphp/saml2/commit/726404bf7b4085a9eb9c9a869af1ecc146bd8f6d
CVE-2018-6518 (Composr CMS 10.0.13 has XSS via the site_name parameter in a ...)
	NOT-FOR-US: Composr CMS
CVE-2018-6517
	RESERVED
CVE-2018-6516
	RESERVED
CVE-2018-6515
	RESERVED
CVE-2018-6514
	RESERVED
CVE-2018-6513
	RESERVED
CVE-2018-6512
	RESERVED
CVE-2018-6511 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6510 (A cross-site scripting vulnerability in Puppet Enterprise Console of ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2018-6509
	RESERVED
CVE-2018-6508 (Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a ...)
	- puppet-module-puppetlabs-apt <unfixed> (unimportant)
	- puppet-module-puppetlabs-apache <unfixed> (unimportant)
	- puppet-module-puppetlabs-mysql <unfixed> (unimportant)
	NOTE: https://puppet.com/security/cve/CVE-2018-6508
	NOTE: Issue in various puppet modules: facter_task, puppet_conf, apt, apache and mysql modules
	NOTE: https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c
	NOTE: https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b
	NOTE: https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc
	NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef
	NOTE: https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c
	NOTE: This is only exploitable with Puppet Tasks, which aren't packaged/available in Debian
CVE-2018-6507
	RESERVED
CVE-2018-6506 (Cross-Site Scripting (XSS) exists in the Add Forum feature in the ...)
	NOT-FOR-US: miniBB
CVE-2018-6505
	RESERVED
CVE-2018-6504
	RESERVED
CVE-2018-6503
	RESERVED
CVE-2018-6502
	RESERVED
CVE-2018-6501
	RESERVED
CVE-2018-6500
	RESERVED
CVE-2018-6499
	RESERVED
CVE-2018-6498
	RESERVED
CVE-2018-6497
	RESERVED
CVE-2018-6496
	RESERVED
CVE-2018-6495
	RESERVED
CVE-2018-6494
	RESERVED
CVE-2018-6493
	RESERVED
CVE-2018-6492
	RESERVED
CVE-2018-6491 (Local Escalation of Privilege vulnerability to Micro Focus Universal ...)
	NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6490 (Denial of Service vulnerability in Micro Focus Operations ...)
	NOT-FOR-US: Micro Focus Operations Orchestration Software
CVE-2018-6489 (XML External Entity (XXE) vulnerability in Micro Focus Project and ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2018-6488 (Arbitrary Code Execution vulnerability in Micro Focus Universal CMDB, ...)
	NOT-FOR-US: Micro Focus Universal CMDB
CVE-2018-6487 (Remote Disclosure of Information in Micro Focus Universal CMDB ...)
	NOT-FOR-US: Micro Focus Universal CMDB Foundation Software
CVE-2018-6486 (XML External Entity (XXE) vulnerability in Micro Focus Fortify Audit ...)
	NOT-FOR-US: Micro Focus Fortify Audit Workbench
CVE-2017-18119
	RESERVED
CVE-2017-18118
	RESERVED
CVE-2017-18117
	RESERVED
CVE-2017-18116
	RESERVED
CVE-2017-18115
	RESERVED
CVE-2017-18114
	RESERVED
CVE-2017-18113
	RESERVED
CVE-2017-18112
	RESERVED
CVE-2017-18111
	RESERVED
CVE-2017-18110
	RESERVED
CVE-2017-18109
	RESERVED
CVE-2017-18108
	RESERVED
CVE-2017-18107
	RESERVED
CVE-2017-18106
	RESERVED
CVE-2017-18105
	RESERVED
CVE-2017-18104
	RESERVED
CVE-2017-18103
	RESERVED
CVE-2017-18102 (The wiki markup component of atlassian-renderer from version 8.0.0 ...)
	NOT-FOR-US: wiki markup component of atlassian-renderer
CVE-2017-18101 (Various administrative external system import resources in Atlassian ...)
	NOT-FOR-US: Atlassian
CVE-2017-18100 (The agile wallboard gadget in Atlassian Jira before version 7.8.1 ...)
	NOT-FOR-US: Atlassian
CVE-2017-18099
	RESERVED
CVE-2017-18098 (The searchrequest-xml resource in Atlassian Jira before version 7.6.1 ...)
	NOT-FOR-US: Atlassian
CVE-2017-18097 (The Trello board importer resource in Atlassian Jira before version ...)
	NOT-FOR-US: Atlassian
CVE-2017-18096 (The OAuth status rest resource in Atlassian Application Links before ...)
	NOT-FOR-US: Atlassian Application Links
CVE-2017-18095 (The SnippetRPCServiceImpl class in Atlassian Crucible before version ...)
	NOT-FOR-US: Atlassian Crucible
CVE-2017-18094 (Various resources in Atlassian Fisheye and Crucible before version ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18093 (Various resources in Atlassian Fisheye and Crucible before version ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18092 (The print snippet resource in Atlassian Crucible before version 4.4.3 ...)
	NOT-FOR-US: Atlassian Crucible
CVE-2017-18091 (The admin backupprogress action in Atlassian Fisheye and Crucible ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18090 (Various resources in Atlassian Fisheye before version 4.5.1 (the fixed ...)
	NOT-FOR-US: Atlassian Fisheye
CVE-2017-18089 (The view review history resource in Atlassian Crucible before version ...)
	NOT-FOR-US: Atlassian Crucible
CVE-2017-18088 (Various plugin servlet resources in Atlassian Bitbucket Server before ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2017-18087 (The download commit resource in Atlassian Bitbucket Server from ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2017-18086 (Various resources in Atlassian Confluence Server before version 6.4.2 ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18085 (The viewdefaultdecorator resource in Atlassian Confluence Server ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18084 (The usermacros resource in Atlassian Confluence Server before version ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18083 (The editinword resource in Atlassian Confluence Server before version ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-18082 (The plan configure branches resource in Atlassian Bamboo before ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18081 (The signupUser resource in Atlassian Bamboo before version 6.3.1 ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18080 (The saveConfigureSecurity resource in Atlassian Bamboo before version ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2018-6485 (An integer overflow in the implementation of the posix_memalign in ...)
	[experimental] - glibc 2.26.9000+20180127.7e23a7dd-0experimental0
	- glibc 2.27-1 (bug #878159)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22343
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8e448310d74b283c5cd02b9ed7fb997b47bf9b22
CVE-2018-6484 (In ZZIPlib 0.13.67, there is a memory alignment error and bus error in ...)
	- zziplib <unfixed> (bug #889089)
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/14
CVE-2018-6483
	RESERVED
CVE-2018-6482
	RESERVED
CVE-2018-6481 (A buffer overflow vulnerability in the control protocol of Disk Savvy ...)
	NOT-FOR-US: Disk Savvy Enterprise
CVE-2018-6480 (A type confusion issue was discovered in CCN-lite 2, leading to a ...)
	NOT-FOR-US: CCN-lite 2
CVE-2018-6479 (An issue was discovered on Netwave IP Camera devices. An ...)
	NOT-FOR-US: Netwave IP Camera devices
CVE-2018-6478
	RESERVED
CVE-2018-6477
	RESERVED
CVE-2018-6476 (In SUPERAntiSpyware Professional Trial 6.0.1254, the SASKUTIL.SYS ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6475 (In SUPERAntiSpyware Professional Trial 6.0.1254, SUPERAntiSpyware.exe ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6474 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6473 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6472 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6471 (In SUPERAntiSpyware Professional Trial 6.0.1254, the driver file ...)
	NOT-FOR-US: SUPERAntiSpyware Professional Trial
CVE-2018-6470 (Nibbleblog 4.0.5 on macOS defaults to having .DS_Store in each ...)
	NOT-FOR-US: Nibbleblog on macOS
CVE-2018-6469 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6468 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6467 (The flickrRSS plugin 5.3.1 for WordPress has CSRF via ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6466 (A cross-site scripting (XSS) vulnerability in flickrRSS.php in the ...)
	NOT-FOR-US: flickrRSS plugin for WordPress
CVE-2018-6465 (The PropertyHive plugin before 1.4.15 for WordPress has XSS via the ...)
	NOT-FOR-US: PropertyHive plugin for WordPress
CVE-2018-6464 (Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a ...)
	NOT-FOR-US: Simditor
CVE-2018-6463
	RESERVED
CVE-2018-6462 (Tracker PDF-XChange Viewer and Viewer AX SDK before 2.5.322.8 mishandle ...)
	NOT-FOR-US: Tracker PDF-XChange Viewer and Viewer AX SDK
CVE-2018-6461 (March Hare WINCVS before 2.8.01 build 6610, and CVS Suite before 2009R2 ...)
	NOT-FOR-US: March Hare
CVE-2018-6460 (Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and ...)
	NOT-FOR-US: Hotspot Shield
CVE-2018-6459 (The rsa_pss_params_parse function in ...)
	- strongswan 5.6.2-1
	[stretch] - strongswan <not-affected> (Vulnerable code introduced later)
	[jessie] - strongswan <not-affected> (Vulnerable code introduced later)
	[wheezy] - strongswan <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.strongswan.org/blog/2018/02/19/strongswan-vulnerability-(cve-2018-6459).html
CVE-2018-6458 (Easy Hosting Control Panel (EHCP) v0.37.12.b allows remote attackers ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6457
	RESERVED
CVE-2018-6456
	RESERVED
CVE-2018-6455
	RESERVED
CVE-2018-6454
	RESERVED
CVE-2018-6453
	RESERVED
CVE-2018-6452
	RESERVED
CVE-2018-6451
	RESERVED
CVE-2018-6450
	RESERVED
CVE-2018-6449
	RESERVED
CVE-2018-6448
	RESERVED
CVE-2018-6447
	RESERVED
CVE-2018-6446
	RESERVED
CVE-2018-6445
	RESERVED
CVE-2018-6444
	RESERVED
CVE-2018-6443
	RESERVED
CVE-2018-6442
	RESERVED
CVE-2018-6441
	RESERVED
CVE-2018-6440
	RESERVED
CVE-2018-6439
	RESERVED
CVE-2018-6438
	RESERVED
CVE-2018-6437
	RESERVED
CVE-2018-6436
	RESERVED
CVE-2018-6435
	RESERVED
CVE-2018-6434
	RESERVED
CVE-2018-6433
	RESERVED
CVE-2018-6432
	RESERVED
CVE-2018-6431
	RESERVED
CVE-2018-6430
	RESERVED
CVE-2018-6429
	RESERVED
CVE-2018-6428
	RESERVED
CVE-2018-6427
	RESERVED
CVE-2018-6426
	RESERVED
CVE-2018-6425
	RESERVED
CVE-2018-6424
	RESERVED
CVE-2018-6423
	RESERVED
CVE-2018-6422
	RESERVED
CVE-2018-6421
	RESERVED
CVE-2018-6420
	RESERVED
CVE-2018-6419
	RESERVED
CVE-2018-6418
	RESERVED
CVE-2018-6417
	RESERVED
CVE-2018-6416
	RESERVED
CVE-2018-6415
	RESERVED
CVE-2018-6414
	RESERVED
CVE-2018-6413 (There is a buffer overflow in the Hikvision Camera DS-2CD9111-S of ...)
	NOT-FOR-US: Hikvision Camera DS-2CD9111-S
CVE-2018-6412 (In the function sbusfb_ioctl_helper() in drivers/video/fbdev/sbuslib.c ...)
	- linux <unfixed> (unimportant)
	NOTE: https://marc.info/?l=linux-fbdev&m=151734425901499&w=2
	NOTE: The issue only affects SPARC systems.
CVE-2018-6411
	RESERVED
CVE-2018-6410
	RESERVED
CVE-2018-6409
	RESERVED
CVE-2018-6408 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 ...)
	NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6407 (An issue was discovered on Conceptronic CIPCAMPTIWL V3 0.61.30.21 ...)
	NOT-FOR-US: CIPCAMPTIWL devices
CVE-2018-6406 (The function ParseVP9SuperFrameIndex in common/libwebm_util.cc in ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: Chromium is built with support for VP9 disabled in Debian
	NOTE: https://bugs.chromium.org/p/webm/issues/detail?id=1492
	NOTE: https://github.com/dwfault/PoCs/blob/master/libwebm%20ParseVP9SuperFrameIndex%20memory%20corruption/libwebm%20ParseVP9SuperFrameIndex%20OOB%20read.md
CVE-2018-6405 (In the ReadDCMImage function in coders/dcm.c in ImageMagick before ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/964
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1fbed78912c830ccd82eecdb8a1db4882abb8276
CVE-2018-6404
	RESERVED
CVE-2018-6403
	RESERVED
CVE-2018-6402
	RESERVED
CVE-2018-6401 (Meross MSS110 devices before 1.1.24 contain a TELNET listener providing ...)
	NOT-FOR-US: Meross
CVE-2018-6400 (Kingsoft WPS Office Free 10.2.0.5978 allows local users to gain ...)
	NOT-FOR-US: Kingsoft WPS Office Free
CVE-2018-6399
	RESERVED
CVE-2018-6398 (SQL Injection exists in the CP Event Calendar 3.0.1 component for ...)
	NOT-FOR-US: CP Event Calendar component for Joomla!
CVE-2018-6397 (Directory Traversal exists in the Picture Calendar 3.1.4 component for ...)
	NOT-FOR-US: Picture Calendar  component for Joomla!
CVE-2018-6396 (SQL Injection exists in the Google Map Landkarten through 4.2.3 ...)
	NOT-FOR-US: Google Map Landkarten component for Joomla!
CVE-2018-6395 (SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! ...)
	NOT-FOR-US: Visual Calendar component for Joomla!
CVE-2018-6394 (SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the ...)
	NOT-FOR-US: InviteX component for Joomla!
CVE-2018-6393 (** DISPUTED ** FreePBX 10.13.66-32bit and 14.0.1.24 ...)
	NOT-FOR-US: FreePBX
CVE-2018-6392 (The filter_slice function in libavfilter/vf_transpose.c in FFmpeg ...)
	- ffmpeg 7:3.4.2-1
	[stretch] - ffmpeg <postponed> (Wait for next 3.2.x release)
	- libav <undetermined>
	NOTE: Fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3f621455d62e46745453568d915badd5b1e5bcd5
	NOTE: Needs as well: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c6939f65a116b1ffed345d29d8621ee4ffb32235
	NOTE: fixing a (functional) regression introduced by the original fix.
CVE-2018-6391 (A cross-site request forgery web vulnerability has been discovered on ...)
	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-6390 (The WStr::assign function in kso.dll in Kingsoft WPS Office 10.1.0.7106 ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6389 (In WordPress through 4.9.2, unauthenticated attackers can cause a ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://baraktawily.blogspot.fr/2018/02/how-to-dos-29-of-world-wide-websites.html
	NOTE: https://thehackernews.com/2018/02/wordpress-dos-exploit.html
	NOTE: https://wpvulndb.com/vulnerabilities/9021
	NOTE: disputed by upstream as best fixed at the server level
	NOTE: patch in progress in https://core.trac.wordpress.org/ticket/43308
	NOTE: Architectual limitation, marginal impact
CVE-2018-6388 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices allow remote ...)
	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6387 (iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices have a hardcoded ...)
	NOT-FOR-US: iBall iB-WRA150N 1.2.6 build 110401 Rel.47776n devices
CVE-2018-6386
	RESERVED
CVE-2018-6385
	RESERVED
CVE-2018-6384 (Unquoted Windows search path vulnerability in NSClient++ before ...)
	NOT-FOR-US: NSClient++
CVE-2018-6383 (Monstra CMS through 3.0.4 has an incomplete &quot;forbidden types&quot; list that ...)
	NOT-FOR-US: Monstra CMS
CVE-2018-6382 (** DISPUTED ** MantisBT 2.10.0 allows local users to conduct SQL ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
	NOTE: https://mantisbt.org/bugs/view.php?id=23908
CVE-2018-6381 (In ZZIPlib 0.13.67, there is a segmentation fault caused by invalid ...)
	- zziplib <unfixed> (bug #889096)
	[stretch] - zziplib <no-dsa> (Minor issue)
	[jessie] - zziplib <no-dsa> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: https://github.com/gdraheim/zziplib/issues/12
CVE-2018-6380 (In Joomla! before 3.8.4, lack of escaping in the module chromes leads ...)
	NOT-FOR-US: Joomla!
CVE-2018-6379 (In Joomla! before 3.8.4, inadequate input filtering in the Uri class ...)
	NOT-FOR-US: Joomla!
CVE-2018-6378
	RESERVED
CVE-2018-6377 (In Joomla! before 3.8.4, inadequate input filtering in com_fields leads ...)
	NOT-FOR-US: Joomla!
CVE-2018-6376 (In Joomla! before 3.8.4, the lack of type casting of a variable in a ...)
	NOT-FOR-US: Joomla!
CVE-2018-1000030 (Python 2.7.14 is vulnerable to a Heap-Buffer-Overflow as well as a ...)
	- python3.7 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.6 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.5 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.4 <not-affected> (Reading ahead of file objects implemented differently)
	- python3.2 <not-affected> (Reading ahead of file objects implemented differently)
	- python2.7 2.7.14-5
	[stretch] - python2.7 <no-dsa> (Minor issue)
	[jessie] - python2.7 <no-dsa> (Minor issue)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed>
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: Original report: https://bugs.python.org/issue31530
	NOTE: https://bugs.python.org/file47157/0001-stop-crashes-when-iterating-over-a-file-on-multiple-.patch
	NOTE: which was followed by a pull request to fix the issue:
	NOTE: https://github.com/python/cpython/pull/3670
	NOTE: https://github.com/python/cpython/pull/3672
	NOTE: https://github.com/python/cpython/commit/6401e5671781eb217ee1afb4603cc0d1b0367ae6
	NOTE: The original approach caused a regression leading to
	NOTE: https://github.com/python/cpython/pull/5060
	NOTE: https://bugs.python.org/msg309265
	NOTE: where the 6401e56 commit was mostly reverted again.
	NOTE: Needed: https://github.com/python/cpython/commit/dbf52e02f18dac6f5f0a64f78932f3dc6efc056b
CVE-2018-1000029 (mcholste Enterprise Log Search and Archive (ELSA) version revision ...)
	NOT-FOR-US: mcholste Enterprise Log Search and Archive
CVE-2018-1000026 (Linux Linux kernel version at least v4.8 onwards, probably well before ...)
	- linux <unfixed>
	NOTE: https://patchwork.ozlabs.org/patch/859410/
	NOTE: http://lists.openwall.net/netdev/2018/01/16/40
	NOTE: http://lists.openwall.net/netdev/2018/01/18/96
	NOTE: https://git.kernel.org/linus/8914a595110a6eca69a5e275b323f5d09e18f4f9
	NOTE: https://git.kernel.org/linus/2b16f048729bf35e6c28a40cbfad07239f9dcd90
CVE-2018-1000025 (Jerome Gamez Firebase Admin SDK for PHP version from 3.2.0 to 3.8.0 ...)
	NOT-FOR-US: Jerome Gamez Firebase Admin SDK for PHP
CVE-2018-1000023 (Bitpay/insight-api Insight-api version 5.0.0 and earlier contains a ...)
	NOT-FOR-US: Bitpay/insight-api Insight-api
CVE-2018-1000021 (GIT version 2.15.1 and earlier contains a Input Validation Error ...)
	- git <unfixed> (unimportant; bug #889680)
	NOTE: http://www.batterystapl.es/2018/01/security-implications-of-ansi-escape.html
	NOTE: Terminal emulators need to perform proper escaping
CVE-2018-1000020 (OpenEMR version 5.0.0 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: OpenEMR
CVE-2018-1000019 (OpenEMR version 5.0.0 contains a OS Command Injection vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2017-1000510 (Croogo version 2.3.1-17-g6f82e6c contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Croogo
CVE-2017-1000509 (Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) ...)
	- dolibarr <removed>
	[jessie] - dolibarr <ignored> (Scheduled for removal)
	NOTE: https://github.com/Dolibarr/dolibarr/issues/7727
CVE-2017-1000508 (Invoice Plane version 1.5.4 and earlier contains a Cross Site ...)
	NOT-FOR-US: Invoice Plane
CVE-2017-1000507 (Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) ...)
	NOT-FOR-US: Canvs Canvas
CVE-2017-1000506 (Mautic version 2.11.0 and earlier contains a Cross Site Scripting ...)
	NOT-FOR-US: Mautic
CVE-2016-10711 (Apsis Pound before 2.8a allows request smuggling via crafted headers, a ...)
	{DLA-1280-1}
	- pound <removed> (bug #888786)
	[stretch] - pound <no-dsa> (Minor issue)
	[jessie] - pound <no-dsa> (Minor issue)
	NOTE: http://www.apsis.ch/pound/pound_list/archive/2016/2016-10/1477235279000
	NOTE: https://www.suse.com/de-de/security/cve/CVE-2016-10711/
	NOTE: Fixed by https://build.opensuse.org/request/show/571084
	NOTE: Confirmed that the SUSE patch is the security relevant diff between
	NOTE: version 2.7 and 2.8a
CVE-2018-6375
	RESERVED
CVE-2018-6374 (The GUI component (aka PulseUI) in Pulse Secure Desktop Linux clients ...)
	NOT-FOR-US: PulseUI in Pulse Secure Desktop Linux clients
CVE-2018-6373 (SQL Injection exists in the Fastball 2.5 component for Joomla! via the ...)
	NOT-FOR-US: Fastball component for Joomla!
CVE-2018-6372 (SQL Injection exists in the JB Bus 2.3 component for Joomla! via the ...)
	NOT-FOR-US: JB Bus component for Joomla!
CVE-2018-6371
	RESERVED
CVE-2018-6370 (SQL Injection exists in the NeoRecruit 4.1 component for Joomla! via ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2018-6369
	RESERVED
CVE-2018-6368 (SQL Injection exists in the JomEstate PRO through 3.7 component for ...)
	NOT-FOR-US: JomEstate PRO component for Joomla!
CVE-2018-6367 (SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 ...)
	NOT-FOR-US: Vastal I-Tech Buddy Zone Facebook Clone
CVE-2018-6366
	RESERVED
CVE-2018-6365 (SQL Injection exists in TSiteBuilder 1.0 via the id parameter to ...)
	NOT-FOR-US: TSiteBuilder
CVE-2018-6364 (SQL Injection exists in Multilanguage Real Estate MLM Script through ...)
	NOT-FOR-US: Multilanguage Real Estate MLM Script
CVE-2018-6363 (SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php ...)
	NOT-FOR-US: Task Rabbit Clone
CVE-2017-18079 (drivers/input/serio/i8042.c in the Linux kernel before 4.12.4 allows ...)
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: Fixed by: https://git.kernel.org/linus/340d394a789518018f834ff70f7534fc463d3226
CVE-2017-18078 (systemd-tmpfiles in systemd before 237 attempts to support ...)
	- systemd 237-1 (unimportant)
	NOTE: https://github.com/systemd/systemd/issues/7736
	NOTE: https://github.com/systemd/systemd/commit/5579f85663d10269e7ac7464be6548c99cea4ada (v237)
	NOTE: Neutralised by kernel hardening
CVE-2018-6362 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6361 (Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op ...)
	NOT-FOR-US: Easy Hosting Control Panel (EHCP)
CVE-2018-6360 (mpv through 0.28.0 allows remote attackers to execute arbitrary code ...)
	{DSA-4105-1}
	- mpv 0.27.0-3 (bug #888654)
	[jessie] - mpv <not-affected> (Vulnerable code not present, youtube-dl hook script added in 0.7.0)
	NOTE: https://github.com/mpv-player/mpv/issues/5456
	NOTE: https://github.com/mpv-player/mpv/commit/e6e6b0dcc7e9b0dbf35154a179b3dc1fcfcaff43
CVE-2018-6359 (The decompileIF function (util/decompile.c) in libming through 0.4.8 is ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/105
CVE-2018-6358 (The printDefineFont2 function (util/listfdb.c) in libming through 0.4.8 ...)
	{DLA-1343-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/104
CVE-2018-6357 (The acx_asmw_saveorder_callback function in function.php in the ...)
	NOT-FOR-US: acurax-social-media-widget plugin for WordPress
CVE-2018-6356 (Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly ...)
	- jenkins <removed>
CVE-2018-6355 (/goform/setLang on iBall 300M devices with &quot;iB-WRB302N_1.0.1-Sep 8 ...)
	NOT-FOR-US: iBall 300M devices
CVE-2018-6354 (templates/forms/thanks.html in Formspree before 2018-01-23 allows XSS ...)
	NOT-FOR-US: Formspree
CVE-2018-6353 (The Python console in Electrum through 2.9.4 and 3.x through 3.0.5 ...)
	- electrum <unfixed> (bug #890003; unimportant)
	[jessie] - electrum <ignored> (scheduled for removal from jessie)
	NOTE: https://github.com/spesmilo/electrum/issues/3678
	NOTE: https://github.com/spesmilo/electrum/pull/3700
CVE-2018-6352 (In PoDoFo 0.9.5, there is an Excessive Iteration in the ...)
	- libpodofo <unfixed>
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1539237
	NOTE: https://sourceforge.net/p/podofo/tickets/3/
CVE-2018-6351
	RESERVED
CVE-2018-6350
	RESERVED
CVE-2018-6349
	RESERVED
CVE-2018-6348
	RESERVED
CVE-2018-6347
	RESERVED
CVE-2018-6346
	RESERVED
CVE-2018-6345
	RESERVED
CVE-2018-6344
	RESERVED
CVE-2018-6343
	RESERVED
CVE-2018-6342
	RESERVED
CVE-2018-6341
	RESERVED
CVE-2018-6340
	RESERVED
CVE-2018-6339
	RESERVED
CVE-2018-6338
	RESERVED
CVE-2018-6337
	RESERVED
CVE-2018-6336
	RESERVED
CVE-2018-6335
	RESERVED
	- hhvm 3.24.7+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/4cb57dd753a339654ca464c139db9871fe961d56
	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html
CVE-2018-6334 [ability to override global variables and members of $GLOBALS via file uploads]
	RESERVED
	- hhvm 3.24.7+dfsg-1 (bug #895194)
	NOTE: https://hhvm.com/blog/2018/03/30/hhvm-3.25.2.html
	NOTE: https://github.com/facebook/hhvm/commit/6937de5544c3eead3466b75020d8382080ed0cff
CVE-2018-6333
	RESERVED
CVE-2018-6332 [denial-of-service issue in the Proxygen handling of invalid HTTP2 settings]
	RESERVED
	- hhvm 3.24.7+dfsg-1 (bug #895194)
	NOTE: https://hhvm.com/blog/2018/03/15/hhvm-3.25.html
CVE-2018-6331
	RESERVED
CVE-2018-6330
	RESERVED
CVE-2018-6329 (It was discovered that the Unitrends Backup (UB) before 10.1.0 ...)
	NOT-FOR-US: Unitrends Backup
CVE-2018-6328 (It was discovered that the Unitrends Backup (UB) before 10.1.0 user ...)
	NOT-FOR-US: Unitrends Backup
CVE-2018-6327
	RESERVED
CVE-2018-6326
	RESERVED
CVE-2018-6325
	RESERVED
CVE-2017-18077 (index.js in brace-expansion before 1.1.7 is vulnerable to Regular ...)
	- node-brace-expansion 1.1.8-1 (unimportant; bug #862712)
	[stretch] - node-brace-expansion 1.1.6-1+deb9u1
	NOTE: https://nodesecurity.io/advisories/338
	NOTE: https://github.com/juliangruber/brace-expansion/issues/33
	NOTE: https://github.com/juliangruber/brace-expansion/pull/35/commits/b13381281cead487cbdbfd6a69fb097ea5e456c3
	NOTE: nodejs not covered by security support
CVE-2017-18076 (In strategy.rb in OmniAuth before 1.3.2, the authenticity_token value ...)
	{DSA-4109-1}
	[experimental] - ruby-omniauth 1.6.1-1
	- ruby-omniauth 1.3.1-2 (bug #888523)
	NOTE: https://github.com/omniauth/omniauth/pull/867
CVE-2018-6324 (F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated ...)
	NOT-FOR-US: F-Secure Radar
CVE-2018-6323 (The elf_object_p function in elfcode.h in the Binary File Descriptor ...)
	- binutils 2.30-3
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22746
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=38e64b0ecc7f4ee64a02514b8d532782ac057fa2
CVE-2018-6322 (Panda Global Protection 17.0.1 allows local users to gain privileges ...)
	NOT-FOR-US: Panda Global Protection
CVE-2018-6321 (Unquoted Windows search path vulnerability in the panda_url_filtering ...)
	NOT-FOR-US: Panda Global Protection
CVE-2018-6320
	RESERVED
CVE-2018-6319 (In Sophos Tester Tool 3.2.0.7 Beta, the driver accepts a special ...)
	NOT-FOR-US: Sophos Tester Tool
CVE-2018-6318 (In Sophos Tester Tool 3.2.0.7 Beta, the driver loads (in the context ...)
	NOT-FOR-US: Sophos Tester Tool
CVE-2018-6317 (The remote management interface in Claymore Dual Miner 10.5 and ...)
	NOT-FOR-US: Claymore's Dual Ethereum
CVE-2018-6316 (Ivanti Endpoint Security (formerly HEAT Endpoint Management and ...)
	NOT-FOR-US: Ivanti Endpoint Security
CVE-2018-6315 (The outputSWF_TEXT_RECORD function (util/outputscript.c) in libming ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/101
CVE-2018-6314
	RESERVED
CVE-2018-6313 (Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote ...)
	NOT-FOR-US: WBCE CMS
CVE-2016-10710 (Biscom Secure File Transfer (SFT) 5.0.1000 through 5.0.1048 does not ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-1000505 (In Jenkins Script Security Plugin version 1.36 and earlier, users with ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2017-1000468
	REJECTED
CVE-2017-1000464
	REJECTED
CVE-2017-1000414 (ImpulseAdventure JPEGsnoop version 1.7.5 is vulnerable to a division ...)
	NOT-FOR-US: ImpulseAdventure JPEGsnoop
CVE-2018-6312 (A privileged account with a weak default password on the Foxconn ...)
	NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
CVE-2018-6311 (One can gain root access on the Foxconn femtocell FEMTO AP-FC4064-T ...)
	NOT-FOR-US: Foxconn femtocell FEMTO AP-FC4064-T
CVE-2018-6310
	RESERVED
CVE-2018-6309
	RESERVED
CVE-2018-6308 (Multiple SQL injections exist in SugarCRM Community Edition 6.5.26 and ...)
	NOT-FOR-US: SugarCRM
CVE-2018-6307
	RESERVED
CVE-2018-6306 (Unauthorized code execution from specific DLL and is known as DLL ...)
	NOT-FOR-US: Kaspersky Password Manager
CVE-2018-6305 (Denial of service in Gemalto's Sentinel LDK RTE version before 7.65 ...)
	NOT-FOR-US: Gemalto
CVE-2018-6304 (Stack overflow in custom XML-parser in Gemalto's Sentinel LDK RTE ...)
	NOT-FOR-US: Gemalto
CVE-2018-6303 (Denial of service by uploading malformed firmware in Hanwha Techwin ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6302 (Denial of service by blocking of new camera registration on the cloud ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6301 (Arbitrary camera access and monitoring via cloud in Hanwha Techwin ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6300 (Remote password change in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6299 (Authentication bypass in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6298 (Remote code execution in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6297 (Buffer overflow in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6296 (An undocumented (hidden) capability for switching the web interface in ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6295 (Unencrypted way of remote control and communications in Hanwha Techwin ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6294 (Unsecured way of firmware update in Hanwha Techwin Smartcams ...)
	NOT-FOR-US: Hanwha Techwin Smartcams
CVE-2018-6293 (Arbitrary File Read in Saperion Web Client version 7.5.2 83166. ...)
	NOT-FOR-US: Saperion Web Client
CVE-2018-6292 (Remote Code Execution in Saperion Web Client version 7.5.2 83166. ...)
	NOT-FOR-US: Saperion Web Client
CVE-2018-6291 (WebConsole Cross-Site Scripting in Kaspersky Secure Mail Gateway ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6290 (Local Privilege Escalation in Kaspersky Secure Mail Gateway version ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6289 (Configuration file injection leading to Code Execution as Root in ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6288 (Cross-site Request Forgery leading to Administrative account takeover ...)
	NOT-FOR-US: Kaspersky Secure Mail Gateway
CVE-2018-6287
	RESERVED
CVE-2018-6286
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6285
	RESERVED
CVE-2018-6284
	RESERVED
CVE-2018-6283
	RESERVED
CVE-2018-6282
	RESERVED
CVE-2018-6281
	RESERVED
	NOT-FOR-US: NVIDIA component for Android
CVE-2018-6280
	RESERVED
CVE-2018-6279
	RESERVED
CVE-2018-6278
	RESERVED
CVE-2018-6277
	RESERVED
CVE-2018-6276
	RESERVED
CVE-2018-6275
	RESERVED
CVE-2018-6274
	RESERVED
CVE-2018-6273
	RESERVED
CVE-2018-6272
	RESERVED
CVE-2018-6271
	RESERVED
CVE-2018-6270
	RESERVED
CVE-2018-6269
	RESERVED
CVE-2018-6268
	RESERVED
CVE-2018-6267
	RESERVED
CVE-2018-6266
	RESERVED
CVE-2018-6265
	RESERVED
CVE-2018-6264
	RESERVED
CVE-2018-6263
	RESERVED
CVE-2018-6262
	RESERVED
CVE-2018-6261
	RESERVED
CVE-2018-6260
	RESERVED
CVE-2018-6259
	RESERVED
CVE-2018-6258
	RESERVED
CVE-2018-6257
	RESERVED
CVE-2018-6256
	RESERVED
CVE-2018-6255
	RESERVED
CVE-2018-6254 (In Android before the 2018-05-05 security patch level, NVIDIA Media ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2018-6253 (NVIDIA GPU Display Driver contains a vulnerability in the DirectX and ...)
	- nvidia-graphics-drivers 390.48-1 (bug #894338)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6250 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6249 (NVIDIA GPU Display Driver contains a vulnerability in kernel mode ...)
	- nvidia-graphics-drivers 390.48-1 (bug #894338)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4649
CVE-2018-6248 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6247 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2018-6246 (In Android before the 2018-05-05 security patch level, NVIDIA Widevine ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2018-6245
	RESERVED
CVE-2018-6244
	RESERVED
CVE-2018-6243
	RESERVED
CVE-2018-6242 (Some NVIDIA Tegra mobile processors released prior to 2016 contain a ...)
	NOT-FOR-US: NVIDIA
CVE-2018-6241
	RESERVED
CVE-2018-6240
	RESERVED
CVE-2018-6239
	RESERVED
CVE-2018-6238
	RESERVED
CVE-2018-6237
	RESERVED
CVE-2018-6236
	RESERVED
CVE-2018-6235
	RESERVED
CVE-2018-6234
	RESERVED
CVE-2018-6233
	RESERVED
CVE-2018-6232
	RESERVED
CVE-2018-6231 (A server auth command injection authentication bypass vulnerability in ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6230 (A SQL injection vulnerability in an Trend Micro Email Encryption ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6229 (A SQL injection vulnerability in an Trend Micro Email Encryption ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6228 (A SQL injection vulnerability in a Trend Micro Email Encryption ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6227 (A stored cross-site scripting (XSS) vulnerability in Trend Micro Email ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6226 (Reflected cross-site scripting (XSS) vulnerabilities in two Trend ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6225 (An XML external entity injection (XXE) vulnerability in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6224 (A lack of cross-site request forgery (CSRF) protection vulnerability ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6223 (A missing authentication for appliance registration vulnerability in ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6222 (Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6221 (An unvalidated software update vulnerability in Trend Micro Email ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6220 (An arbitrary file write vulnerability in Trend Micro Email Encryption ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6219 (An Insecure Update via HTTP vulnerability in Trend Micro Email ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6218 (A DLL Hijacking vulnerability in Trend Micro's User-Mode Hooking ...)
	NOT-FOR-US: Trend Micro
CVE-2018-6217 (The WStr::_alloc_iostr_data() function in kso.dll in Kingsoft WPS ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2018-6216
	RESERVED
CVE-2018-6215
	RESERVED
CVE-2018-6214
	RESERVED
CVE-2018-6213
	RESERVED
CVE-2018-6212
	RESERVED
CVE-2018-6211
	RESERVED
CVE-2018-6210
	RESERVED
CVE-2018-6209 (In Max Secure Anti Virus 19.0.3.019,, the driver file (MaxCryptMon.sys) ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6208 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6207 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6206 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6205 (In Max Secure Anti Virus 19.0.3.019,, the driver file ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6204 (In Max Secure Anti Virus 19.0.3.019,, the driver file (SDActMon.sys) ...)
	NOT-FOR-US: Max Secure Anti Virus
CVE-2018-6203 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6202 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6201 (In eScan Antivirus 14.0.1400.2029, the driver file (econceal.sys) ...)
	NOT-FOR-US: eScan Antivirus
CVE-2018-6200 (vBulletin 3.x.x and 4.2.x through 4.2.5 has an open redirect via the ...)
	NOT-FOR-US: vBulletin
CVE-2018-6199
	RESERVED
CVE-2018-6195 (admin/partials/wp-splashing-admin-main.php in the Splashing Images ...)
	NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6194 (A cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin wp-splashing-images
CVE-2018-6193 (A Cross-Site Scripting (XSS) vulnerability was found in Routers2 2.24, ...)
	NOT-FOR-US: Routers2
CVE-2018-6192 (In Artifex MuPDF 1.12.0, the pdf_read_new_xref function in ...)
	- mupdf 1.13.0+ds1-1 (bug #888487)
	[stretch] - mupdf <no-dsa> (Minor issue)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698916
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?5e411a99604ff6be5db9e273ee84737204113299
CVE-2018-6191 (The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an ...)
	NOT-FOR-US: MuJS
CVE-2018-6190 (Netis WF2419 V3.2.41381 devices allow XSS via the Description field on ...)
	NOT-FOR-US: Netis WF2419 V3.2.41381 devices
CVE-2017-1000504 (A race condition during Jenkins 2.94 and earlier; 2.89.1 and earlier ...)
	- jenkins <removed>
CVE-2017-1000503 (A race condition during Jenkins 2.81 through 2.94 (inclusive); 2.89.1 ...)
	- jenkins <removed>
CVE-2017-1000502 (Users with permission to create or configure agents in Jenkins 1.37 ...)
	- jenkins <removed>
CVE-2017-1000474 (Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is ...)
	NOT-FOR-US: Soyket Chowdhury Vehicle Sales Management System
CVE-2018-6198 (w3m through 0.5.3 does not properly handle temporary files when the ...)
	- w3m 0.5.3-36 (bug #888097; unimportant)
	[stretch] - w3m 0.5.3-34+deb9u1
	NOTE: https://github.com/tats/w3m/commit/18dcbadf2771cdb0c18509b14e4e73505b242753
	NOTE: Neutralised by kernel hardening
CVE-2018-6197 (w3m through 0.5.3 is prone to a NULL pointer dereference flaw in ...)
	- w3m 0.5.3-36 (low)
	[stretch] - w3m 0.5.3-34+deb9u1
	[jessie] - w3m <no-dsa> (Minor issue)
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/89
	NOTE: https://github.com/tats/w3m/commit/7fdc83b0364005a0b5ed869230dd81752ba022e8
CVE-2018-6196 (w3m through 0.5.3 is prone to an infinite recursion flaw in ...)
	- w3m 0.5.3-36 (low)
	[stretch] - w3m 0.5.3-34+deb9u1
	[jessie] - w3m <no-dsa> (Minor issue)
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/88
	NOTE: https://github.com/tats/w3m/commit/8354763b90490d4105695df52674d0fcef823e92
CVE-2018-6189 (F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors ...)
	NOT-FOR-US: F-Secure Radar
CVE-2018-6188 (django.contrib.auth.forms.AuthenticationForm in Django 2.0 before ...)
	- python-django 1:1.11.10-1
	[stretch] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	[jessie] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	[wheezy] - python-django <not-affected> (Issue introduced in 1.11.8 and 2.0)
	NOTE: https://www.djangoproject.com/weblog/2018/feb/01/security-releases/
CVE-2018-6187 (In Artifex MuPDF 1.12.0, there is a heap-based buffer overflow ...)
	- mupdf 1.13.0+ds1-1 (bug #888464)
	[stretch] - mupdf <no-dsa> (Minor issue)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <ignored> (Most likely not affected, minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698908
	NOTE: https://lists.debian.org/debian-lts/2018/03/msg00041.html
	NOTE: Fixed by: http://www.ghostscript.com/cgi-bin/findgit.cgi?3e30fbb7bf5efd88df431e366492356e7eb969ec
	NOTE: issued covered by: http://www.ghostscript.com/cgi-bin/findgit.cgi?fa9cd085533f68367c299e058ab3fbb7ad8a2dc6
CVE-2018-6186 (Citrix NetScaler VPX through NS12.0 53.13.nc allows an SSRF attack via ...)
	NOT-FOR-US: Citrix NetScaler VPX
CVE-2018-6185
	RESERVED
CVE-2018-6184 (ZEIT Next.js 4 before 4.2.3 has Directory Traversal under the /_next ...)
	NOT-FOR-US: ZEIT Next.js
CVE-2018-6183 (BitDefender Total Security 2018 allows local users to gain privileges ...)
	NOT-FOR-US: BitDefender Total Security
CVE-2018-6182 (Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before ...)
	- mahara <removed>
CVE-2018-6181
	RESERVED
CVE-2018-6180 (A flaw in the profile section of Online Voting System 1.0 allows an ...)
	NOT-FOR-US: Online Voting System
CVE-2018-1000017
	REJECTED
CVE-2017-1000475 (FreeSSHd 1.3.1 version is vulnerable to an Unquoted Path Service ...)
	NOT-FOR-US: FreeSSHd
CVE-2017-18075 (crypto/pcrypt.c in the Linux kernel before 4.14.13 mishandles freeing ...)
	- linux 4.14.13-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/d76c68109f37cb85b243a1cf0f40313afd2bae68
CVE-2018-1000018 (An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-6179
	RESERVED
CVE-2018-6178
	RESERVED
CVE-2018-6177
	RESERVED
CVE-2018-6176
	RESERVED
CVE-2018-6175
	RESERVED
CVE-2018-6174
	RESERVED
CVE-2018-6173
	RESERVED
CVE-2018-6172
	RESERVED
CVE-2018-6171
	RESERVED
CVE-2018-6170
	RESERVED
CVE-2018-6169
	RESERVED
CVE-2018-6168
	RESERVED
CVE-2018-6167
	RESERVED
CVE-2018-6166
	RESERVED
CVE-2018-6165
	RESERVED
CVE-2018-6164
	RESERVED
CVE-2018-6163
	RESERVED
CVE-2018-6162
	RESERVED
CVE-2018-6161
	RESERVED
CVE-2018-6160
	RESERVED
CVE-2018-6159
	RESERVED
CVE-2018-6158
	RESERVED
CVE-2018-6157
	RESERVED
CVE-2018-6156
	RESERVED
CVE-2018-6155
	RESERVED
CVE-2018-6154
	RESERVED
CVE-2018-6153
	RESERVED
CVE-2018-6152
	RESERVED
CVE-2018-6151
	RESERVED
CVE-2018-6150
	RESERVED
CVE-2018-6149
	RESERVED
CVE-2018-6148
	RESERVED
CVE-2018-6147
	RESERVED
CVE-2018-6146
	RESERVED
CVE-2018-6145
	RESERVED
CVE-2018-6144
	RESERVED
CVE-2018-6143
	RESERVED
CVE-2018-6142
	RESERVED
CVE-2018-6141
	RESERVED
CVE-2018-6140
	RESERVED
CVE-2018-6139
	RESERVED
CVE-2018-6138
	RESERVED
CVE-2018-6137
	RESERVED
CVE-2018-6136
	RESERVED
CVE-2018-6135
	RESERVED
CVE-2018-6134
	RESERVED
CVE-2018-6133
	RESERVED
CVE-2018-6132
	RESERVED
CVE-2018-6131
	RESERVED
CVE-2018-6130
	RESERVED
CVE-2018-6129
	RESERVED
CVE-2018-6128
	RESERVED
CVE-2018-6127
	RESERVED
CVE-2018-6126
	RESERVED
CVE-2018-6125
	RESERVED
CVE-2018-6124
	RESERVED
CVE-2018-6123
	RESERVED
CVE-2018-6122
	RESERVED
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6121
	RESERVED
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6120
	RESERVED
	- chromium-browser 66.0.3359.181-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6119
	RESERVED
CVE-2018-6118
	RESERVED
	- chromium-browser 66.0.3359.139-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6117
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6116
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6115
	RESERVED
	- chromium-browser <not-affected> (windows specific)
CVE-2018-6114
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6113
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6112
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6111
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6110
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6109
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6108
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6107
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6106
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6105
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6104
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6103
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6102
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6101
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6100
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6099
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6098
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6097
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6096
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6095
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6094
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6093
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6092
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6091
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6090
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6089
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6088
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6087
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6086
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6085
	RESERVED
	{DSA-4182-1}
	- chromium-browser 66.0.3359.117-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6084
	RESERVED
	- chromium-browser <not-affected> (Specific to MacOS)
CVE-2018-6083
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6082
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6081
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6080
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6079
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6078
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6077
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6076
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6075
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6074
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6073
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6072
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6071
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6070
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6069
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6068
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6067
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6066
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6065
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6064
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6063
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6062
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6061
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6060
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6059
	RESERVED
	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6058
	RESERVED
	- chromium-browser <not-affected> (Chromium doesn't bundle Flash)
CVE-2018-6057
	RESERVED
	{DSA-4182-1}
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6056
	RESERVED
	{DSA-4182-1}
	[experimental] - chromium-browser 65.0.3325.73-1
	- chromium-browser 65.0.3325.146-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2018-6055
	RESERVED
CVE-2018-6054
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6053
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6052
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6051
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6050
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6049
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6048
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6047
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6046
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6045
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6044
	RESERVED
CVE-2018-6043
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6042
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6041
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6040
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6039
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6038
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6037
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6036
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6035
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6034
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6033
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6032
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6031
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2018-6030
	RESERVED
CVE-2018-1000016
	REJECTED
CVE-2018-1000015 (On Jenkins instances with Authorize Project plugin, the authentication ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000014 (Jenkins Translation Assistance Plugin 1.15 and earlier did not require ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000013 (Jenkins Release Plugin 2.9 and earlier did not require form ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000012 (Jenkins Warnings Plugin 4.64 and earlier processes XML external ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000011 (Jenkins FindBugs Plugin 4.71 and earlier processes XML external ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000010 (Jenkins DRY Plugin 2.49 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000009 (Jenkins Checkstyle Plugin 3.49 and earlier processes XML external ...)
	NOT-FOR-US: Jenkins plugin
CVE-2018-1000008 (Jenkins PMD Plugin 3.49 and earlier processes XML external entities in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2015-1142857 (On multiple SR-IOV cars it is possible for VF's assigned to guests to ...)
	NOT-FOR-US: SR-IOV cars
CVE-2018-6029 (The copy function in application/admin/controller/Article.php in ...)
	NOT-FOR-US: NoneCms
CVE-2018-6028
	RESERVED
CVE-2018-6027
	RESERVED
CVE-2018-6026
	RESERVED
CVE-2018-6025
	RESERVED
CVE-2018-6024 (SQL Injection exists in the Project Log 1.5.3 component for Joomla! via ...)
	NOT-FOR-US: Project Log component for Joomla!
CVE-2018-6023 (Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts ...)
	NOT-FOR-US: Fastweb FASTgate
CVE-2018-6022 (Directory traversal vulnerability in ...)
	NOT-FOR-US: NoneCms
CVE-2018-6021 (Silex SD-320AN version 2.01 and prior and GE MobileLink(GEH-SD-320AN) ...)
	NOT-FOR-US: Silex Technology products
CVE-2018-6020 (In Silex SX-500 all versions and GE MobileLink(GEH-500) version 1.54 ...)
	NOT-FOR-US: Silex Technology products
CVE-2018-6019 (Samsung Display Solutions App before 3.02 for Android allows ...)
	NOT-FOR-US: Samsung Display Solutions App for Android
CVE-2018-6018 (Fixed sizes of HTTPS responses in Tinder iOS app and Tinder Android ...)
	NOT-FOR-US: Tinder
CVE-2018-6017 (Unencrypted transmission of images in Tinder iOS app and Tinder ...)
	NOT-FOR-US: Tinder
CVE-2018-6016 (Unquoted Windows search path vulnerability in the ...)
	NOT-FOR-US: 10-Strike Network Monitor
CVE-2018-6015 (An issue was discovered in the &quot;Email Subscribers &amp; Newsletters&quot; ...)
	NOT-FOR-US: "Email Subscribers & Newsletters" plugin for WordPress
CVE-2018-6014 (Subsonic v6.1.3 has an insecure allow-access-from domain=&quot;*&quot; Flash ...)
	NOT-FOR-US: Subsonic
CVE-2018-6013 (Cross-site scripting (XSS) in BigTree 4.2.19 allows any remote users to ...)
	NOT-FOR-US: BigTree CMS
CVE-2018-6012
	RESERVED
CVE-2018-6011
	RESERVED
CVE-2018-6010 (In Yii Framework 2.x before 2.0.14, remote attackers could obtain ...)
	NOT-FOR-US: Yii Framework
CVE-2018-6009 (In Yii Framework 2.x before 2.0.14, the switchIdentity function in ...)
	NOT-FOR-US: Yii Framework
CVE-2018-6008 (Arbitrary File Download exists in the Jtag Members Directory 5.3.7 ...)
	NOT-FOR-US: Jtag Members Directory component for Joomla!
CVE-2018-6007 (CSRF exists in the JS Support Ticket 1.1.0 component for Joomla! and ...)
	NOT-FOR-US: Support Ticket component for Joomla!
CVE-2018-6006 (SQL Injection exists in the JS Autoz 1.0.9 component for Joomla! via ...)
	NOT-FOR-US: JS Autoz component for Joomla!
CVE-2018-6005 (SQL Injection exists in the Realpin through 1.5.04 component for ...)
	NOT-FOR-US: Realpin component for Joomla!
CVE-2018-6004 (SQL Injection exists in the File Download Tracker 3.0 component for ...)
	NOT-FOR-US: File Download Tracker component for Joomla!
CVE-2017-18074 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18073 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18072 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18071 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18070
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-18068 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18066 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18065 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18058 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-18049 (In the CSV export feature of SilverStripe before 3.5.6, 3.6.x before ...)
	NOT-FOR-US: SilverStripe
CVE-2017-18048 (Monstra CMS 3.0.4 allows users to upload arbitrary files, which leads ...)
	NOT-FOR-US: Monstra CMS
CVE-2017-1000417 (MatrixSSL version 3.7.2 adopts a collision-prone OID comparison logic ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2017-1000416 (axTLS version 1.5.3 has a coding error in the ASN.1 parser resulting ...)
	NOT-FOR-US: axTLS
CVE-2018-6003 (An issue was discovered in the _asn1_decode_simple_ber function in ...)
	{DSA-4106-1}
	- libtasn1-6 4.13-2
	[jessie] - libtasn1-6 <not-affected> (Vulnerable code introduced in 4.3)
	- libtasn1-3 <not-affected> (Vulnerable code introduced in 4.3)
	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2018-01/msg00000.html
	NOTE: Affected function introduced in: http://git.savannah.nongnu.org/cgit/libtasn1.git/commit/lib/decoding.c?id=b12bfa8932f44d1d1c25b4a2e385387a62dfbcc9 (libtasn1_4_3)
	NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/c593ae84cfcde8fea45787e53950e0ac71e9ca97 (libtasn1_4_13)
CVE-2018-6002 (The Soundy Background Music plugin 3.9 and below for WordPress has ...)
	NOT-FOR-US: Soundy Background Music plugin for WordPress
CVE-2018-6001 (The Soundy Audio Playlist plugin 4.6 and below for WordPress has ...)
	NOT-FOR-US: Soundy Audio Playlist plugin for WordPress
CVE-2018-6000 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The ...)
	NOT-FOR-US: AsusWRT
CVE-2018-5999 (An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the ...)
	NOT-FOR-US: AsusWRT
CVE-2018-5998
	RESERVED
CVE-2018-5997 (An issue was discovered in the HTTP Server in RAVPower Filehub ...)
	NOT-FOR-US: RAVPower Filehub
CVE-2018-1000007 (libcurl 7.1 through 7.57.0 might accidentally leak authentication data ...)
	{DSA-4098-1 DLA-1263-1}
	- curl 7.58.0-1
	NOTE: https://curl.haxx.se/docs/adv_2018-b3bf.html
	NOTE: Patch: https://github.com/curl/curl/commit/af32cd3859336ab.patch
CVE-2018-5996 (Insufficient exception handling in the method ...)
	- p7zip-rar 16.02-2 (bug #888314)
	[stretch] - p7zip-rar <no-dsa> (Non-free not supported)
	[jessie] - p7zip-rar <no-dsa> (Non-free not supported)
	[wheezy] - p7zip-rar <no-dsa> (Non-free not supported)
	NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
CVE-2018-5995
	RESERVED
CVE-2018-5994 (SQL Injection exists in the JS Jobs 1.1.9 component for Joomla! via the ...)
	NOT-FOR-US: JS Jobs component for Joomla!
CVE-2018-5993 (SQL Injection exists in the Aist through 2.0 component for Joomla! via ...)
	NOT-FOR-US: Aist component for Joomla!
CVE-2018-5992 (SQL Injection exists in the Staff Master through 1.0 RC 1 component for ...)
	NOT-FOR-US: Staff Master component for Joomla!
CVE-2018-5991 (SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via ...)
	NOT-FOR-US: Form Maker component for Joomla!
CVE-2018-5990 (SQL Injection exists in the AllVideos Reloaded 1.2.x component for ...)
	NOT-FOR-US: AllVideos Reloaded component for Joomla!
CVE-2018-5989 (SQL Injection exists in the ccNewsletter 2.x component for Joomla! via ...)
	NOT-FOR-US: ccNewsletter component for Joomla!
CVE-2018-5988 (SQL Injection exists in Flexible Poll 1.2 via the id parameter to ...)
	NOT-FOR-US: Flexible Poll
CVE-2018-5987 (SQL Injection exists in the Pinterest Clone Social Pinboard 2.0 ...)
	NOT-FOR-US: Pinterest Clone Social Pinboard component for Joomla!
CVE-2018-5986 (SQL Injection exists in Easy Car Script 2014 via the s_order or s_row ...)
	NOT-FOR-US: Easy Car Script
CVE-2018-5985 (SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for ...)
	NOT-FOR-US: LiveCRM SaaS Cloud
CVE-2018-5984 (SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 ...)
	NOT-FOR-US: Tumder
CVE-2018-5983 (SQL Injection exists in the JquickContact 1.3.2.2.1 component for ...)
	NOT-FOR-US: JquickContact component for Joomla!
CVE-2018-5982 (SQL Injection exists in the Advertisement Board 3.1.0 component for ...)
	NOT-FOR-US: Advertisement Board component for Joomla!
CVE-2018-5981 (SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via ...)
	NOT-FOR-US: Gallery WD component for Joomla!
CVE-2018-5980 (SQL Injection exists in the Solidres 2.5.1 component for Joomla! via ...)
	NOT-FOR-US: Solidres component for Joomla!
CVE-2018-5979 (SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 ...)
	NOT-FOR-US: Wchat Fully Responsive PHP AJAX Chat Script
CVE-2018-5978 (SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the ...)
	NOT-FOR-US: Facebook Style Php Ajax Chat Zechat
CVE-2018-5977 (SQL Injection exists in Affiligator Affiliate Webshop Management System ...)
	NOT-FOR-US: Affiligator Affiliate Webshop Management System
CVE-2018-5976 (Cross Site Request Forgery (CSRF) exists in RSVP Invitation Online 1.0 ...)
	NOT-FOR-US: RSVP Invitation Online
CVE-2018-5975 (SQL Injection exists in the Smart Shoutbox 3.0.0 component for Joomla! ...)
	NOT-FOR-US: Smart Shoutbox component for Joomla!
CVE-2018-5974 (SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! ...)
	NOT-FOR-US: SimpleCalendar component for Joomla!
CVE-2018-5973 (SQL Injection exists in Professional Local Directory Script 1.0 via ...)
	NOT-FOR-US: Professional Local Directory Script
CVE-2018-5972 (SQL Injection exists in Classified Ads CMS Quickad 4.0 via the ...)
	NOT-FOR-US: Classified Ads CMS Quickad
CVE-2018-5971 (SQL Injection exists in the MediaLibrary Free 4.0.12 component for ...)
	NOT-FOR-US: MediaLibrary Free component for Joomla!
CVE-2018-5970 (SQL Injection exists in the JGive 2.0.9 component for Joomla! via the ...)
	NOT-FOR-US: JGive component for Joomla!
CVE-2018-5969 (Cross Site Request Forgery (CSRF) exists in Photography CMS 1.0 via ...)
	NOT-FOR-US: Photography CMS
CVE-2018-5968 (FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 ...)
	{DSA-4114-1}
	- jackson-databind 2.9.4-1 (bug #888316)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1899
	NOTE: https://github.com/FasterXML/jackson-databind/commit/038b471e2efde2e8f96b4e0be958d3e5a1ff1d05
CVE-2018-5967 (Netis WF2419 V2.2.36123 devices allow XSS via the Description parameter ...)
	NOT-FOR-US: Netis WF2419 V2.2.36123 devices
CVE-2018-5966
	RESERVED
CVE-2018-5965 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5964 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5963 (CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2018-5962 (index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5961 (CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has ...)
	NOT-FOR-US: CentOS-WebPanel.com CentOS Web Panel
CVE-2018-5960 (Zenario v7.1 - v7.6 has SQL injection via the `Name` input field of ...)
	NOT-FOR-US: Zenario
CVE-2018-5959
	RESERVED
CVE-2018-5958 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5957 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5956 (In Zillya! Antivirus 3.0.2230.0, the driver file (zef.sys) allows local ...)
	NOT-FOR-US: Zillya! Antivirus
CVE-2018-5955 (An issue was discovered in GitStack through 2.3.10. User controlled ...)
	NOT-FOR-US: GitStack
CVE-2017-18047 (Buffer Overflow in the FTP client in LabF nfsAxe 3.7 allows remote FTP ...)
	NOT-FOR-US: LabF nfsAxe
CVE-2017-18046 (Buffer overflow on Dasan GPON ONT WiFi Router H640X 12.02-01121 ...)
	NOT-FOR-US: Dasan GPON ONT WiFi Router devices
CVE-2016-10709 (pfSense before 2.3 allows remote authenticated users to execute ...)
	NOT-FOR-US: pfSense
CVE-2016-10708 (sshd in OpenSSH before 7.4 allows remote attackers to cause a denial of ...)
	{DLA-1257-1}
	- openssh 1:7.4p1-1
	[jessie] - openssh <no-dsa> (Minor issue)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737
	NOTE: http://blog.swiecki.net/2018/01/fuzzing-tcp-servers.html
	NOTE: Flaw is not crashing the whole sshd daemon, rather the privsep process
CVE-2018-5954 (phpFreeChat 1.7 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: phpFreeChat
CVE-2018-5953
	RESERVED
CVE-2018-5952
	RESERVED
CVE-2018-5951
	RESERVED
CVE-2017-18045 (JBMC DirectAdmin before 1.52, when the email_ftp_password_change ...)
	NOT-FOR-US: JBMC DirectAdmin
CVE-2018-5950 (Cross-site scripting (XSS) vulnerability in the web UI in Mailman ...)
	{DSA-4108-1 DLA-1272-1}
	- mailman 1:2.1.26-1 (bug #888201)
	NOTE: https://mail.python.org/pipermail/mailman-users/2018-February/083011.html
	NOTE: Patch: https://launchpadlibrarian.net/355686141/options.patch
	NOTE: https://bugs.launchpad.net/mailman/+bug/1747209
CVE-2018-5949
	RESERVED
CVE-2018-5948
	RESERVED
CVE-2018-5947
	RESERVED
CVE-2018-5946
	RESERVED
CVE-2018-5945
	RESERVED
CVE-2018-5944
	RESERVED
CVE-2018-5943
	RESERVED
CVE-2018-5942
	RESERVED
CVE-2018-5941
	RESERVED
CVE-2018-5940
	RESERVED
CVE-2018-5939
	RESERVED
CVE-2018-5938
	RESERVED
CVE-2018-5937
	RESERVED
CVE-2018-5936
	RESERVED
CVE-2018-5935
	RESERVED
CVE-2018-5934
	RESERVED
CVE-2018-5933
	RESERVED
CVE-2018-5932
	RESERVED
CVE-2018-5931
	RESERVED
CVE-2018-5930
	RESERVED
CVE-2018-5929
	RESERVED
CVE-2018-5928
	RESERVED
CVE-2018-5927
	RESERVED
CVE-2018-5926
	RESERVED
CVE-2018-5925
	RESERVED
CVE-2018-5924
	RESERVED
CVE-2018-5923
	RESERVED
CVE-2018-5922
	RESERVED
CVE-2018-5921
	RESERVED
CVE-2018-5920
	RESERVED
CVE-2018-5919
	RESERVED
CVE-2018-5918
	RESERVED
CVE-2018-5917
	RESERVED
CVE-2018-5916
	RESERVED
CVE-2018-5915
	RESERVED
CVE-2018-5914
	RESERVED
CVE-2018-5913
	RESERVED
CVE-2018-5912
	RESERVED
CVE-2018-5911
	RESERVED
CVE-2018-5910
	RESERVED
CVE-2018-5909
	RESERVED
CVE-2018-5908
	RESERVED
CVE-2018-5907
	RESERVED
CVE-2018-5906
	RESERVED
CVE-2018-5905
	RESERVED
CVE-2018-5904
	RESERVED
CVE-2018-5903
	RESERVED
CVE-2018-5902
	RESERVED
CVE-2018-5901
	RESERVED
CVE-2018-5900
	RESERVED
CVE-2018-5899
	RESERVED
CVE-2018-5898
	RESERVED
CVE-2018-5897
	RESERVED
CVE-2018-5896
	RESERVED
CVE-2018-5895
	RESERVED
CVE-2018-5894
	RESERVED
CVE-2018-5893
	RESERVED
CVE-2018-5892
	RESERVED
CVE-2018-5891
	RESERVED
CVE-2018-5890
	RESERVED
CVE-2018-5889
	RESERVED
CVE-2018-5888
	RESERVED
CVE-2018-5887
	RESERVED
CVE-2018-5886
	RESERVED
CVE-2018-5885
	RESERVED
CVE-2018-5884
	RESERVED
CVE-2018-5883
	RESERVED
CVE-2018-5882
	RESERVED
CVE-2018-5881
	RESERVED
CVE-2018-5880
	RESERVED
CVE-2018-5879
	RESERVED
CVE-2018-5878
	RESERVED
CVE-2018-5877
	RESERVED
CVE-2018-5876
	RESERVED
CVE-2018-5875
	RESERVED
CVE-2018-5874
	RESERVED
CVE-2018-5873
	RESERVED
CVE-2018-5872
	RESERVED
CVE-2018-5871
	RESERVED
CVE-2018-5870
	RESERVED
CVE-2018-5869
	RESERVED
CVE-2018-5868
	RESERVED
CVE-2018-5867
	RESERVED
CVE-2018-5866
	RESERVED
CVE-2018-5865
	RESERVED
CVE-2018-5864
	RESERVED
CVE-2018-5863
	RESERVED
CVE-2018-5862
	RESERVED
CVE-2018-5861
	RESERVED
CVE-2018-5860
	RESERVED
CVE-2018-5859
	RESERVED
CVE-2018-5858
	RESERVED
CVE-2018-5857
	RESERVED
CVE-2018-5856
	RESERVED
CVE-2018-5855
	RESERVED
CVE-2018-5854
	RESERVED
CVE-2018-5853
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5852
	RESERVED
CVE-2018-5851
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5850
	RESERVED
CVE-2018-5849
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5848
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5847
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5846
	RESERVED
CVE-2018-5845
	RESERVED
CVE-2018-5844
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5843
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5842
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5841
	RESERVED
CVE-2018-5840
	RESERVED
CVE-2018-5839
	RESERVED
CVE-2018-5838
	RESERVED
CVE-2018-5837
	RESERVED
CVE-2018-5836
	RESERVED
CVE-2018-5835
	RESERVED
CVE-2018-5834
	RESERVED
CVE-2018-5833
	RESERVED
CVE-2018-5832
	RESERVED
CVE-2018-5831
	RESERVED
CVE-2018-5830
	RESERVED
CVE-2018-5829
	RESERVED
CVE-2018-5828 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5827 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5826 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5825 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5824 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5823 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5821 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5820 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-5819
	RESERVED
CVE-2018-5818
	RESERVED
CVE-2018-5817
	RESERVED
CVE-2018-5816
	RESERVED
CVE-2018-5815
	RESERVED
CVE-2018-5814
	RESERVED
CVE-2018-5813
	RESERVED
CVE-2018-5812
	RESERVED
CVE-2018-5811
	RESERVED
CVE-2018-5810
	RESERVED
CVE-2018-5809
	RESERVED
CVE-2018-5808
	RESERVED
CVE-2018-5807
	RESERVED
CVE-2018-5806
	RESERVED
CVE-2018-5805
	RESERVED
CVE-2018-5804
	RESERVED
CVE-2018-5803 [Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service]
	RESERVED
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/07f2c7ab6f8d0a7e7c5764c4e6cc9c52951b9d9c
CVE-2018-5802 [Out-of-bounds read in kodak_radc_load_raw function internal/dcraw_common.cpp]
	RESERVED
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5801 [NULL pointer dereference in LibRaw::unpack function src/libraw_cxx.cpp]
	RESERVED
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-5800 [Heap-based buffer overflow in LibRaw::kodak_ycbcr_load_raw function in internal/dcraw_common.cpp]
	RESERVED
	- libraw 0.18.7-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <ignored> (Minor issue)
	NOTE: https://packetstormsecurity.com/files/146172/secunia-libraw.txt
	NOTE: https://github.com/LibRaw/LibRaw/commit/8682ad204392b914ab1cc6ebcca9c27c19c1a4b4
CVE-2018-1000006 (GitHub Electron versions 1.8.2-beta.3 and earlier, 1.7.10 and earlier, ...)
	- electron <itp> (bug #842420)
	NOTE: Linux is not affected
	NOTE: https://electronjs.org/blog/protocol-handler-fix
	NOTE: https://nodesecurity.io/advisories/563
CVE-2018-5799 (In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows ...)
	NOT-FOR-US: Zoho
CVE-2018-5798
	RESERVED
CVE-2018-5797 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5796 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5795 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5794 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5793 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5792 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5791 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5790 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5789 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5788 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2018-5787 (An issue was discovered in Extreme Networks ExtremeWireless WiNG 5.x ...)
	NOT-FOR-US: Extreme Networks ExtremeWireless WiNG
CVE-2017-18044 (A Command Injection issue was discovered in ...)
	NOT-FOR-US: Commvault
CVE-2018-5786 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...)
	- lrzip 0.631+git180517-1 (bug #888506)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/91
CVE-2018-5785 (In OpenJPEG 2.3.0, there is an integer overflow caused by an ...)
	- openjpeg2 <unfixed> (low; bug #888533)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1057
CVE-2018-5784 (In LibTIFF 4.0.9, there is an uncontrolled resource consumption in the ...)
	- tiff 4.0.9-4 (bug #890441)
	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2772
	NOTE: Fixed by: https://gitlab.com/libtiff/libtiff/commit/473851d211cf8805a161820337ca74cc9615d6ef
CVE-2018-5783 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...)
	- libpodofo <unfixed>
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/4/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1536179
CVE-2018-5782 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5781 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5780 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5779 (A vulnerability in the conferencing component of Mitel Connect ONSITE, ...)
	NOT-FOR-US: Mitel
CVE-2018-5778 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5777 (An issue was discovered in Ipswitch WhatsUp Gold before 2017 Plus SP1 ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2018-5775
	RESERVED
CVE-2018-5774
	RESERVED
CVE-2018-5773 (An issue was discovered in markdown2 (aka python-markdown2) through ...)
	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2017-18043 (Integer overflow in the macro ROUND_UP (n, d) in Quick Emulator (Qemu) ...)
	- qemu 1:2.10.0+dfsg-2
	[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
	[wheezy] - qemu <not-affected> (vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://git.qemu.org/?p=qemu.git;a=commit;h=2098b073f398cd628c09c5a78537a6854
	NOTE: Broken since: https://git.qemu.org/?p=qemu.git;a=object;h=292c8e50 (v1.5.0)
	NOTE: Fix included in 1:2.10.0+dfsg-2 via debian/patches/qemu-2.10.1.diff patch
CVE-2016-10707 (jQuery 3.0.0-rc.1 is vulnerable to Denial of Service (DoS) due to ...)
	- jquery <not-affected> (Vulnerable code never in unstable; only experimental)
	NOTE: https://github.com/jquery/jquery/issues/3133
	NOTE: https://github.com/jquery/jquery/pull/3134
	NOTE: https://snyk.io/vuln/npm:jquery:20160529
	NOTE: Only 3.0.0-rc1 affected: https://github.com/jquery/jquery/issues/3133#issuecomment-358978489
CVE-2015-9251 (jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks ...)
	- jquery 3.1.1-1
	[jessie] - jquery <ignored> (Too intrusive to backport)
	[wheezy] - jquery <ignored> (Too invasive to fix)
	NOTE: https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
	NOTE: https://github.com/jquery/jquery/issues/2432
	NOTE: https://github.com/jquery/jquery/pull/2588
	NOTE: https://snyk.io/vuln/npm:jquery:20150627
	NOTE: only 3.0 was fixed upstream, because fix considered too invasive: https://github.com/jquery/jquery/issues/2432#issuecomment-290983196
CVE-2012-6708 (jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) ...)
	- jquery 1.11.3+dfsg-1
	[jessie] - jquery <ignored> (Too intrusive to backport)
	[wheezy] - jquery <ignored> (Too invasive to fix)
	NOTE: https://bugs.jquery.com/ticket/11290
	NOTE: https://github.com/jquery/jquery/commit/05531fc4080ae24070930d15ae0cea7ae056457d
	NOTE: https://snyk.io/vuln/npm:jquery:20120206
	NOTE: 1.9 release introduced backwards incompatible changes to fix this, so may be too invasive to fix
CVE-2018-5776 (WordPress before 4.9.2 has XSS in the Flash fallback files in ...)
	- wordpress 4.9.2+dfsg-1 (bug #887596)
	[stretch] - wordpress <not-affected> (Vulnerable files have been removed before)
	[jessie] - wordpress <not-affected> (Vulnerable files have been removed before)
	[wheezy] - wordpress <not-affected> (Vulnerable files have been removed before)
	NOTE: For jessie and stretch version the files silverlightmediaelement.xap and
	NOTE: flashmediaelement.swf have been removed with the 4.1+dfsg-1 version.
	NOTE: sid in version 4.9.1+dfsg-1 did as well *not* have the files but track here the
	NOTE: final wordpress version 4.9.2 which finally removed the mediaelement files.
	NOTE: https://wordpress.org/news/2018/01/wordpress-4-9-2-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/3fe9cb61ee71fcfadb5e002399296fcc1198d850
CVE-2018-5772 (In Exiv2 0.26, there is a segmentation fault caused by uncontrolled ...)
	[experimental] - exiv2 <unfixed> (bug #888862)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/216
CVE-2018-5771
	RESERVED
CVE-2018-5770 (An issue was discovered on Tenda AC15 devices. A remote, ...)
	NOT-FOR-US: Tenda AC15 devices
CVE-2018-5769
	RESERVED
CVE-2018-5768 (A remote, unauthenticated attacker can gain remote code execution on ...)
	NOT-FOR-US: Tenda AC15 router
CVE-2018-5767 (An issue was discovered on Tenda AC15 V15.03.1.16_multi devices. A ...)
	NOT-FOR-US: Tenda AC15 V15.03.1.16_multi devices
CVE-2018-5766 (In Libav through 12.2, there is an invalid memcpy in the av_packet_ref ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1112
CVE-2018-5765
	RESERVED
CVE-2018-5764 (The parse_arguments function in options.c in rsyncd in rsync before ...)
	{DLA-1247-1}
	- rsync <unfixed> (bug #887588)
	[stretch] - rsync <no-dsa> (Minor issue)
	[jessie] - rsync <no-dsa> (Minor issue)
	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=7706303828fcde524222babb2833864a4bd09e07
CVE-2018-5763 (An issue was discovered in OXID eShop Enterprise Edition before 5.3.7 ...)
	NOT-FOR-US: OXID eShop Enterprise Edition
CVE-2018-5762 (The TLS implementation in the TCP/IP networking module in Unisys ...)
	NOT-FOR-US: Unisys ClearPath MCP systems
CVE-2018-5761 (A man-in-the-middle vulnerability related to vCenter access was found ...)
	NOT-FOR-US: Rubrik CDM
CVE-2018-5760
	RESERVED
CVE-2018-5759 (jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the ...)
	NOT-FOR-US: MuJS
CVE-2018-5758 (The Upload File functionality in upload.jspa in Aurea Jive Jive-n ...)
	NOT-FOR-US: Aurea Jive Jive-n
CVE-2018-5757
	RESERVED
CVE-2018-5756
	RESERVED
CVE-2018-5755
	RESERVED
CVE-2018-5754
	RESERVED
CVE-2018-5753
	RESERVED
CVE-2018-5752
	RESERVED
CVE-2018-5751
	RESERVED
CVE-2017-18042 (The update user administration resource in Atlassian Bamboo before ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18041 (The viewDeploymentVersionJiraIssuesDialog resource in Atlassian Bamboo ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18040 (The viewDeploymentVersionCommits resource in Atlassian Bamboo before ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-18039 (The IncomingMailServers resource in Atlassian Jira from version 6.2.1 ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-18038 (The repository settings resource in Atlassian Bitbucket Server before ...)
	NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18037 (The git repository tag rest resource in Atlassian Bitbucket Server ...)
	NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18036 (The Github repository importer in Atlassian Bitbucket Server before ...)
	NOT-FOR-US: Atlassian Bitbucket
CVE-2017-18035 (The /rest/review-coverage-chart/1.0/data/&lt;repository_name&gt;/.json ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18034 (The source browse resource in Atlassian FishEye and Crucible before ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-18033 (The Jira-importers-plugin in Atlassian Jira before version 7.6.1 ...)
	NOT-FOR-US: Jira-importers-plugin in Atlassian Jira
CVE-2018-5750 (The acpi_smbus_hc_add function in drivers/acpi/sbshc.c in the Linux ...)
	{DSA-4187-1 DSA-4120-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: https://patchwork.kernel.org/patch/10174835/
CVE-2018-5749 (install.php in Minecraft Servers List Lite before commit c1cd164 and ...)
	NOT-FOR-US: Minecraft Servers List Lite
CVE-2018-5748 (qemu/qemu_monitor.c in libvirt allows attackers to cause a denial of ...)
	{DLA-1315-1}
	- libvirt 4.0.0-1 (bug #887700)
	[stretch] - libvirt 3.0.0-4+deb9u2
	[jessie] - libvirt 1.2.9-9+deb8u5
	NOTE: https://www.redhat.com/archives/libvir-list/2017-December/msg00749.html
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bc251ea91bcfddd2622fce6bce701a438b2e7276
CVE-2018-5747 (In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in the ...)
	- lrzip 0.631+git180517-1 (bug #898451)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/90
CVE-2018-5746
	RESERVED
CVE-2018-5745
	RESERVED
CVE-2018-5744
	RESERVED
CVE-2018-5743
	RESERVED
CVE-2018-5742
	RESERVED
CVE-2018-5741
	RESERVED
CVE-2018-5740
	RESERVED
CVE-2018-5739
	RESERVED
CVE-2018-5738
	RESERVED
CVE-2018-5737 [serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.]
	RESERVED
	- bind9 <not-affected> (only affects 9.12, not yet packaged)
	NOTE: https://kb.isc.org/article/AA-01606
CVE-2018-5736 [Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c]
	RESERVED
	- bind9 <not-affected> (only affects 9.12, not yet packaged)
	NOTE: https://kb.isc.org/article/AA-01602
CVE-2018-5735 [assertion failure in validator.c:1858]
	RESERVED
	{DLA-1285-1}
	- bind9 1:9.9.3.dfsg.P2-1 (bug #889285)
	NOTE: Issue similar/closely related to the CVE-2017-3139 issue in Red Hat.
	NOTE: Mark as fixed version the 1:9.9.3.dfsg.P2-1 as the related code was
	NOTE: added upstream in 9.9.3b1. The issue though does not affect bind9 upstream
	NOTE: and is only triggered as described in #889285.
CVE-2018-5734 [A malformed request can trigger an assertion failure in badcache.c]
	RESERVED
	- bind9 <not-affected> (Only affects Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/article/AA-01562/74/CVE-2018-5734
CVE-2018-5733 [A malicious client can overflow a reference counter in ISC dhcpd]
	RESERVED
	{DSA-4133-1 DLA-1313-1}
	- isc-dhcp 4.3.5-3.1 (bug #891785)
	NOTE: https://kb.isc.org/article/AA-01567/75/CVE-2018-5733
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47140
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=197b26f25309f947b97a83b8fdfc414b767798f8 (4.4.1)
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-5732 [A specially constructed response from a malicious server can cause a buffer overflow in dhclient]
	RESERVED
	{DSA-4133-1 DLA-1313-1}
	- isc-dhcp 4.3.5-3.1 (bug #891786)
	NOTE: https://kb.isc.org/article/AA-01565/75/CVE-2018-5732
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=47139
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=c5931725b48b121d232df4ba9e45bc41e0ba114d (4.4.1)
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2018-1000005 (libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in ...)
	- curl 7.58.0-1
	[stretch] - curl 7.52.1-5+deb9u4
	[jessie] - curl <not-affected> (Vulnerable code introduce later)
	[wheezy] - curl <not-affected> (Vulnerable code introduce later)
	NOTE: https://github.com/curl/curl/pull/2231
	NOTE: https://curl.haxx.se/docs/adv_2018-824a.html
	NOTE: Introduced by: https://github.com/curl/curl/commit/0761a51ee0551ad9e5
	NOTE: Patch: https://github.com/curl/curl/commit/fa3dbb9a147488a294.patch
CVE-2018-5731 (An issue was discovered in Heimdal PRO 2.2.190. As part of the ...)
	NOT-FOR-US: Heimdal PRO
CVE-2018-5730 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...)
	- krb5 <unfixed> (bug #891869)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[jessie] - krb5 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5729 (MIT krb5 1.6 or later allows an authenticated kadmin with permission ...)
	- krb5 <unfixed> (bug #891869)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[jessie] - krb5 <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/e1caf6fb74981da62039846931ebdffed71309d1
CVE-2018-5728 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5727 (In OpenJPEG 2.3.0, there is an integer overflow vulnerability in the ...)
	- openjpeg2 <unfixed> (low; bug #888532)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1053
CVE-2018-5726 (MASTER IPCAMERA01 3.3.4.2103 devices allow remote attackers to obtain ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5725 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5724 (MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5723 (MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of ...)
	NOT-FOR-US: MASTER IPCAMERA01 3.3.4.2103 devices
CVE-2018-5722
	RESERVED
CVE-2018-5721 (Stack-based buffer overflow in the ej_update_variables function in ...)
	NOT-FOR-US: ASUS routers
CVE-2018-5720 (An issue was discovered on DODOCOOL DC38 3-in-1 N300 Mini Wireless ...)
	NOT-FOR-US: DODOCOOL DC38 3-in-1 N300 Mini Wireless Range Extend RTN2-AW.GD.R3465.1.20161103 devices
CVE-2018-5719
	RESERVED
CVE-2018-5718
	RESERVED
CVE-2018-5717 (Memory write mechanism in NCR S2 Dispenser controller before firmware ...)
	NOT-FOR-US: NCR S2 Dispenser controller
CVE-2018-5716 (An issue was discovered in Reprise License Manager 11.0. This ...)
	NOT-FOR-US: Reprise License Manager
CVE-2018-5715 (phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query ...)
	NOT-FOR-US: SugarCRM
CVE-2018-5714 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...)
	NOT-FOR-US: Malwarefox Anti-Malware
CVE-2018-5713 (In Malwarefox Anti-Malware 2.72.169, the driver file (zam64.sys) allows ...)
	NOT-FOR-US: Malwarefox Anti-Malware
CVE-2018-5712 (An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, ...)
	{DSA-4081-1 DSA-4080-1 DLA-1251-1}
	- php7.1 7.1.13-1
	- php7.0 7.0.27-1
	- php5 <removed>
	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74782
CVE-2018-5711 (gd_gif_in.c in the GD Graphics Library (aka libgd), as used in PHP ...)
	{DSA-4081-1 DSA-4080-1 DLA-1248-1}
	- php7.1 7.1.13-1 (unimportant)
	- php7.0 7.0.27-1 (unimportant)
	- php5 <removed> (unimportant)
	- hhvm 3.24.7+dfsg-1
	NOTE: Fixed in 5.6.33, 7.0.27, 7.1.13, 7.2.1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75571
	NOTE: https://hhvm.com/blog/2018/05/04/hhvm-3.25.3.html (has a typo, pinged them for correction)
	- libgd2 <unfixed> (bug #887485)
	[stretch] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
	[jessie] - libgd2 <postponed> (Minor issue, can be fixed along in a future update)
	NOTE: https://github.com/libgd/libgd/issues/420
	NOTE: https://github.com/libgd/libgd/commit/a11f47475e6443b7f32d21f2271f28f417e2ac04
CVE-2018-5710 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. The ...)
	- krb5 <unfixed> (bug #889685)
	[stretch] - krb5 <no-dsa> (Minor issue)
	[jessie] - krb5 <no-dsa> (Minor issue)
	[wheezy] - krb5 <not-affected> (all strlen() parameters are checked for NULL)
	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Denial%20Of%20Service(DoS)
	NOTE: The CVE is a duplicate of the #891869 issue(s) due to reporter not
	NOTE: having coordinated with upstream and the CVE assignment ist sill for
	NOTE: slight different coverage. Thus keep it distinct (for now) and mark
	NOTE: CVE-2018-5710 issue as well as fixed once #891869 is adressed.
CVE-2018-5709 (An issue was discovered in MIT Kerberos 5 (aka krb5) through 1.16. ...)
	- krb5 <unfixed> (unimportant; bug #889684)
	NOTE: https://github.com/poojamnit/Kerberos-V5-1.16-Vulnerabilities/tree/master/Integer%20Overflow
	NOTE: non-issue, codepath is only run on trusted input, potential integer
	NOTE: overflow is non-issue
CVE-2018-5708 (An issue was discovered on D-Link DIR-601 B1 2.02NA devices. Being on ...)
	NOT-FOR-US: D-Link
CVE-2018-5707
	RESERVED
CVE-2018-5706 (An issue was discovered in Octopus Deploy before 4.1.9. Any user with ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-5705 (Reservo Image Hosting 1.6 is vulnerable to XSS attacks. The affected ...)
	NOT-FOR-US: Reservo Image Hosting
CVE-2018-1000003 (Improper input validation bugs in DNSSEC validators components in ...)
	- pdns-recursor 4.1.1-1
	[stretch] - pdns-recursor <not-affected> (Only affects 4.1)
	[jessie] - pdns-recursor <not-affected> (Only affects 4.1)
	[wheezy] - pdns-recursor <not-affected> (Only affects 4.1)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-01.html
CVE-2018-1000002 (Improper input validation bugs in DNSSEC validators components in Knot ...)
	- knot-resolver 1.5.2-1
	[stretch] - knot-resolver <ignored> (Minor issue)
	NOTE: https://www.knot-resolver.cz/2018-01-22-knot-resolver-1.5.2.html
	NOTE: prior to 1.5.1 memcached module was called kmemcached
CVE-2018-5704 (Open On-Chip Debugger (OpenOCD) 0.10.0 does not block attempts to use ...)
	{DSA-4093-1 DLA-1253-1}
	- openocd 0.10.0-4 (bug #887488)
	NOTE: https://sourceforge.net/p/openocd/mailman/message/36188041/
	NOTE: http://openocd.zylin.com/4330
	NOTE: http://openocd.zylin.com/4331
	NOTE: http://openocd.zylin.com/4335
CVE-2018-5703 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
	- linux 4.15.11-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/1/16/53
CVE-2017-18032 (The download-manager plugin before 2.9.52 for WordPress has XSS via the ...)
	NOT-FOR-US: download-manager plugin for WordPress
CVE-2018-5701 (In Iolo System Shield AntiVirus and AntiSpyware 5.0.0.136, the amp.sys ...)
	NOT-FOR-US: Iolo System Shield AntiVirus and AntiSpyware
CVE-2018-5700 (Winmail Server through 6.2 allows remote code execution by ...)
	NOT-FOR-US: Winmail Server
CVE-2018-5699
	RESERVED
CVE-2017-18031
	RESERVED
CVE-2018-5698 (libreadstat.a in WizardMac ReadStat 0.1.1 has a heap-based buffer ...)
	NOT-FOR-US: WizardMac ReadStat
CVE-2018-5697 (Icy Phoenix 2.2.0.105 allows SQL injection via an unapprove request to ...)
	NOT-FOR-US: Icy Phoenix
CVE-2018-5696 (The iJoomla com_adagency plugin 6.0.9 for Joomla! allows SQL injection ...)
	NOT-FOR-US: iJoomla com_adagency plugin for Joomla!
CVE-2018-5695 (The WpJobBoard plugin 4.4.4 for WordPress allows SQL injection via the ...)
	NOT-FOR-US: WpJobBoard plugin for WordPress
CVE-2018-5694 (The callforward module in User Control Panel (UCP) in Nicolas Gudino ...)
	NOT-FOR-US: Nicolas Gudino (aka Asternic) Flash Operator Panel
CVE-2018-5693 (The LinuxMagic MagicSpam extension 2.0.13 for Plesk allows local users ...)
	NOT-FOR-US: LinuxMagic MagicSpam extension for Plesk
CVE-2018-5692 (Piwigo v2.8.2 has XSS via the `tab`, `to`, `section`, `mode`, ...)
	- piwigo <removed>
CVE-2018-5691 (SonicWall Global Management System (GMS) 8.1 has XSS via the `newName` ...)
	NOT-FOR-US: SonicWall Global Management System
CVE-2018-5690 (Cross-site scripting (XSS) vulnerability in admin/users.php in Dotclear ...)
	- dotclear <removed>
CVE-2018-5689 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Dotclear ...)
	- dotclear <removed>
CVE-2018-5688 (ILIAS before 5.2.4 has XSS via the cmd parameter to the displayHeader ...)
	NOT-FOR-US: ILIAS
CVE-2018-5687 (NewsBee allows XSS via the Company Name field in the Settings under ...)
	NOT-FOR-US: NewsBee CMS
CVE-2018-5686 (In MuPDF 1.12.0, there is an infinite loop vulnerability and ...)
	- mupdf 1.13.0+ds1-1 (bug #887130)
	[stretch] - mupdf <no-dsa> (Minor issue)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698860
	NOTE: pdf_parse_array function in source/pdf/pdf-parse.c does not consider
	NOTE: EOF.
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=b70eb93f6936c03d8af52040bbca4d4a7db39079
CVE-2018-5685 (In GraphicsMagick 1.3.27, there is an infinite loop and application ...)
	{DLA-1245-1}
	- graphicsmagick 1.3.27-4 (bug #887158)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52a91ddb1aa6
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/541/
	NOTE: Before 1.3.27, the problem only affects 32-bit architectures (i.e., 4-byte long) it
	NOTE: expanded to 64-bit architectures with upstream commit be5e89e6032d
CVE-2018-5684 (In Libav through 12.2, there is an invalid memcpy call in the ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1110
CVE-2018-5683 (The vga_draw_text function in Qemu allows local OS guest privileged ...)
	- qemu 1:2.12~rc3+dfsg-1 (bug #887392)
	[jessie] - qemu <postponed> (Minor issue, can be fixed along in future DSA)
	[wheezy] - qemu <postponed> (Minor issue, can be fixed along in next DLA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Minor issue, can be fixed along in next DLA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-01/msg02131.html
CVE-2017-18030 (The cirrus_invalidate_region function in hw/display/cirrus_vga.c in ...)
	- qemu 1:2.8+dfsg-4
	[wheezy] - qemu 1.1.2+dfsg-6+deb7u22
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u21
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=f153b563f8cf121aebf5a2fff5f0110faf58ccb3
CVE-2018-5682 (PrestaShop 1.7.2.4 allows user enumeration via the Reset Password ...)
	NOT-FOR-US: PrestaShop
CVE-2018-5681 (PrestaShop 1.7.2.4 has XSS via source-code editing on the &quot;Pages &gt; Edit ...)
	NOT-FOR-US: PrestaShop
CVE-2018-5680
	RESERVED
CVE-2018-5679
	RESERVED
CVE-2018-5678
	RESERVED
CVE-2018-5677
	RESERVED
CVE-2018-5676
	RESERVED
CVE-2018-5675
	RESERVED
CVE-2018-5674
	RESERVED
CVE-2018-5673 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5672 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5671 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5670 (An issue was discovered in the booking-calendar plugin 2.1.7 for ...)
	NOT-FOR-US: booking-calendar plugin for WordPress
CVE-2018-5669 (An issue was discovered in the read-and-understood plugin 2.1 for ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5668 (An issue was discovered in the read-and-understood plugin 2.1 for ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5667 (An issue was discovered in the read-and-understood plugin 2.1 for ...)
	NOT-FOR-US: read-and-understood plugin for WordPress
CVE-2018-5666 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5665 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5664 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5663 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5662 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5661 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5660 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5659 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5658 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5657 (An issue was discovered in the responsive-coming-soon-page plugin ...)
	NOT-FOR-US: responsive-coming-soon-page plugin for WordPress
CVE-2018-5656 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5655 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5654 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5653 (An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 ...)
	NOT-FOR-US: weblizar-pinterest-feeds plugin for WordPress
CVE-2018-5652 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
	NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5651 (An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS ...)
	NOT-FOR-US: dark-mode plugin for WordPress
CVE-2018-5650 (In Long Range Zip (aka lrzip) 0.631, there is an infinite loop and ...)
	- lrzip 0.631+git180517-1 (bug #887065)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/88
	NOTE: https://github.com/ckolivas/lrzip/commit/50cfb3b9f68c7458822795e8b87a07dc06b39816
CVE-2018-5649
	RESERVED
CVE-2018-5648
	RESERVED
CVE-2018-5647
	RESERVED
CVE-2018-5646
	RESERVED
CVE-2018-5645
	RESERVED
CVE-2018-5644
	RESERVED
CVE-2018-5643
	RESERVED
CVE-2018-5642
	RESERVED
CVE-2018-5641
	RESERVED
CVE-2018-5640
	RESERVED
CVE-2018-5639
	RESERVED
CVE-2018-5638
	RESERVED
CVE-2018-5637
	RESERVED
CVE-2018-5636
	RESERVED
CVE-2018-5635
	RESERVED
CVE-2018-5634
	RESERVED
CVE-2018-5633
	RESERVED
CVE-2018-5632
	RESERVED
CVE-2018-5631
	RESERVED
CVE-2018-5630
	RESERVED
CVE-2018-5629
	RESERVED
CVE-2018-5628
	RESERVED
CVE-2018-5627
	RESERVED
CVE-2018-5626
	RESERVED
CVE-2018-5625
	RESERVED
CVE-2018-5624
	RESERVED
CVE-2018-5623
	RESERVED
CVE-2018-5622
	RESERVED
CVE-2018-5621
	RESERVED
CVE-2018-5620
	RESERVED
CVE-2018-5619
	RESERVED
CVE-2018-5618
	RESERVED
CVE-2018-5617
	RESERVED
CVE-2018-5616
	RESERVED
CVE-2018-5615
	RESERVED
CVE-2018-5614
	RESERVED
CVE-2018-5613
	RESERVED
CVE-2018-5612
	RESERVED
CVE-2018-5611
	RESERVED
CVE-2018-5610
	RESERVED
CVE-2018-5609
	RESERVED
CVE-2018-5608
	RESERVED
CVE-2018-5607
	RESERVED
CVE-2018-5606
	RESERVED
CVE-2018-5605
	RESERVED
CVE-2018-5604
	RESERVED
CVE-2018-5603
	RESERVED
CVE-2018-5602
	RESERVED
CVE-2018-5601
	RESERVED
CVE-2018-5600
	RESERVED
CVE-2018-5599
	RESERVED
CVE-2018-5598
	RESERVED
CVE-2018-5597
	RESERVED
CVE-2018-5596
	RESERVED
CVE-2018-5595
	RESERVED
CVE-2018-5594
	RESERVED
CVE-2018-5593
	RESERVED
CVE-2018-5592
	RESERVED
CVE-2018-5591
	RESERVED
CVE-2018-5590
	RESERVED
CVE-2018-5589
	RESERVED
CVE-2018-5588
	RESERVED
CVE-2018-5587
	RESERVED
CVE-2018-5586
	RESERVED
CVE-2018-5585
	RESERVED
CVE-2018-5584
	RESERVED
CVE-2018-5583
	RESERVED
CVE-2018-5582
	RESERVED
CVE-2018-5581
	RESERVED
CVE-2018-5580
	RESERVED
CVE-2018-5579
	RESERVED
CVE-2018-5578
	RESERVED
CVE-2018-5577
	RESERVED
CVE-2018-5576
	RESERVED
CVE-2018-5575
	RESERVED
CVE-2018-5574
	RESERVED
CVE-2018-5573
	RESERVED
CVE-2018-5572
	RESERVED
CVE-2018-5571
	RESERVED
CVE-2018-5570
	RESERVED
CVE-2018-5569
	RESERVED
CVE-2018-5568
	RESERVED
CVE-2018-5567
	RESERVED
CVE-2018-5566
	RESERVED
CVE-2018-5565
	RESERVED
CVE-2018-5564
	RESERVED
CVE-2018-5563
	RESERVED
CVE-2018-5562
	RESERVED
CVE-2018-5561
	RESERVED
CVE-2018-5560
	RESERVED
CVE-2018-5559
	RESERVED
CVE-2018-5558
	RESERVED
CVE-2018-5557
	RESERVED
CVE-2018-5556
	RESERVED
CVE-2018-5555
	RESERVED
CVE-2018-5554
	RESERVED
CVE-2018-5553
	RESERVED
CVE-2018-5552 (Versions of DocuTrac QuicDoc and Office Therapy that ship with ...)
	NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
CVE-2018-5551 (Versions of DocuTrac QuicDoc and Office Therapy that ship with ...)
	NOT-FOR-US: DocuTrac QuicDoc and Office Therapy
CVE-2018-5550 (Versions of Epson AirPrint released prior to January 19, 2018 contain ...)
	NOT-FOR-US: Epson AirPrint
CVE-2015-9250 (An issue was discovered in Skybox Platform before 7.5.201. Directory ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9249 (An issue was discovered in Skybox Platform before 7.5.201. SQL ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9248 (An issue was discovered in Skybox Platform before 7.5.201. Stored ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9247 (An issue was discovered in Skybox Platform before 7.5.401. Reflected ...)
	NOT-FOR-US: Skybox Platform
CVE-2015-9246 (An issue was discovered in Skybox Platform before 7.5.201. Remote ...)
	NOT-FOR-US: Skybox Platform
CVE-2018-5549
	RESERVED
CVE-2018-5548
	RESERVED
CVE-2018-5547
	RESERVED
CVE-2018-5546
	RESERVED
CVE-2018-5545
	RESERVED
CVE-2018-5544
	RESERVED
CVE-2018-5543
	RESERVED
CVE-2018-5542
	RESERVED
CVE-2018-5541
	RESERVED
CVE-2018-5540
	RESERVED
CVE-2018-5539
	RESERVED
CVE-2018-5538
	RESERVED
CVE-2018-5537
	RESERVED
CVE-2018-5536
	RESERVED
CVE-2018-5535
	RESERVED
CVE-2018-5534
	RESERVED
CVE-2018-5533
	RESERVED
CVE-2018-5532
	RESERVED
CVE-2018-5531
	RESERVED
CVE-2018-5530
	RESERVED
CVE-2018-5529
	RESERVED
CVE-2018-5528
	RESERVED
CVE-2018-5527
	RESERVED
CVE-2018-5526
	RESERVED
CVE-2018-5525
	RESERVED
CVE-2018-5524
	RESERVED
CVE-2018-5523
	RESERVED
CVE-2018-5522
	RESERVED
CVE-2018-5521
	RESERVED
CVE-2018-5520 (On an F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.1, or 11.2.1-11.6.3.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5519 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.3.3, or 11.2.1-11.6.3.1, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5518 (On F5 BIG-IP 13.0.0-13.1.0.5 or 12.0.0-12.1.3.3, malicious root users ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5517 (On F5 BIG-IP 13.1.0-13.1.0.5, malformed TCP packets sent to a self IP ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5516 (On F5 BIG-IP 13.0.0-13.1.0.5, 12.1.0-12.1.2, or 11.2.1-11.6.3.1, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5515 (On F5 BIG-IP 13.0.0-13.1.0.5, using RADIUS authentication responses ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5514 (On F5 BIG-IP 13.1.0-13.1.0.5, maliciously crafted HTTP/2 request ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5513
	RESERVED
CVE-2018-5512 (On F5 BIG-IP 13.1.0-13.1.0.5, when Large Receive Offload (LRO) and SYN ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5511 (On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5510 (On F5 BIG-IP 11.5.4 HF4-11.5.5, the Traffic Management Microkernel ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5509 (On F5 BIG-IP versions 13.0.0 or 12.1.0 - 12.1.3.1, when a specifically ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5508 (On F5 BIG-IP PEM versions 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5507 (On F5 BIG-IP versions 13.0.0, 12.1.0-12.1.3.1, 11.6.1-11.6.2, or ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5506 (In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5505 (On F5 BIG-IP versions 13.1.0 - 13.1.0.3, when ASM and AVR are both ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5504 (In some circumstances, the Traffic Management Microkernel (TMM) does ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5503 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3 or 12.0.0 - 12.1.3.1, TMM may ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5502 (On F5 BIG-IP versions 13.0.0 - 13.1.0.3, attackers may be able to ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5501 (In some circumstances, on F5 BIG-IP systems running 13.0.0, 12.1.0 - ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5500 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2018-5499
	RESERVED
CVE-2018-5498
	RESERVED
CVE-2018-5497
	RESERVED
CVE-2018-5496
	RESERVED
CVE-2018-5495
	RESERVED
CVE-2018-5494
	RESERVED
CVE-2018-5493
	RESERVED
CVE-2018-5492
	RESERVED
CVE-2018-5491
	RESERVED
CVE-2018-5490
	RESERVED
CVE-2018-5489
	RESERVED
CVE-2018-5488
	RESERVED
CVE-2018-5487
	RESERVED
CVE-2018-5486 (NetApp OnCommand Unified Manager for Linux versions 7.2 though 7.3 ...)
	NOT-FOR-US: NetApp OnCommand Unified Manager for Linux
CVE-2018-5485
	RESERVED
CVE-2018-5484
	RESERVED
CVE-2018-5483
	RESERVED
CVE-2018-5482
	RESERVED
CVE-2018-5481
	RESERVED
CVE-2018-5480
	RESERVED
CVE-2018-5479 (FoxSash ImgHosting 1.5 (according to footer information) is vulnerable ...)
	NOT-FOR-US: FoxSash ImgHosting
CVE-2018-5478
	RESERVED
CVE-2018-5477 (An Information Exposure issue was discovered in ABB netCADOPS Web ...)
	NOT-FOR-US: ABB netCADOPS Web Application
CVE-2018-5476 (A Stack-based Buffer Overflow issue was discovered in Delta Electronics ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation DOPSoft
CVE-2018-5475 (A Stack-based Buffer Overflow issue was discovered in GE D60 Line ...)
	NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5474 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an input ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5473 (An Improper Restriction of Operations within the Bounds of a Memory ...)
	NOT-FOR-US: GE D60 Line Distance Relay devices
CVE-2018-5472 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have an ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5471 (A Cleartext Transmission of Sensitive Information issue was discovered ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5470 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5469 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5468 (Philips Intellispace Portal all versions 7.0.x and 8.0.x have a remote ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5467 (An Information Exposure Through Query Strings in GET Request issue was ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5466 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5465 (A Session Fixation issue was discovered in Belden Hirschmann RS, RSR, ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5464 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5463 (A structured exception handler overflow vulnerability in Leao ...)
	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA
CVE-2018-5462 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have an ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5461 (An Inadequate Encryption Strength issue was discovered in Belden ...)
	NOT-FOR-US: Belden Hirschmann RS, RSR, RSB, MACH100, MACH1000, MACH4000, MS, and OCTOPUS Classic Platform Switches
CVE-2018-5460
	RESERVED
CVE-2018-5459 (An Improper Authentication issue was discovered in WAGO PFC200 Series ...)
	NOT-FOR-US: WAGO PFC200
CVE-2018-5458 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5457 (A uncontrolled search path element issue was discovered in Vyaire ...)
	NOT-FOR-US: Vyaire Medical CareFusion Upgrade Utility
CVE-2018-5456
	RESERVED
CVE-2018-5455 (A Reliance on Cookies without Validation and Integrity Checking issue ...)
	NOT-FOR-US: Moxa
CVE-2018-5454 (Philips IntelliSpace Portal all versions of 8.0.x, and 7.0.x have a ...)
	NOT-FOR-US: Philips Intellispace Portal
CVE-2018-5453 (An Improper Handling of Length Parameter Inconsistency issue was ...)
	NOT-FOR-US: Moxa
CVE-2018-5452 (A Stack-based Buffer Overflow issue was discovered in Emerson Process ...)
	NOT-FOR-US: Emerson Process Management ControlWave Micro Process Automation Controller
CVE-2018-5451 (In Philips Alice 6 System version R8.0.2 or prior, when an actor ...)
	NOT-FOR-US: Philips Alice 6 System
CVE-2018-5450
	RESERVED
CVE-2018-5449 (A NULL Pointer Dereference issue was discovered in Moxa OnCell ...)
	NOT-FOR-US: Moxa
CVE-2018-5448 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
	NOT-FOR-US: Medtronic
CVE-2018-5447 (An Improper Input Validation issue was discovered in Nari PCS-9611 ...)
	NOT-FOR-US: Nari PCS-9611 relay
CVE-2018-5446 (All versions of the Medtronic 2090 Carelink Programmer are affected by ...)
	NOT-FOR-US: Medtronic
CVE-2018-5445 (A Path Traversal issue was discovered in Advantech WebAccess/SCADA ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5444
	RESERVED
CVE-2018-5443 (A SQL Injection issue was discovered in Advantech WebAccess/SCADA ...)
	NOT-FOR-US: Advantech WebAccess/SCADA
CVE-2018-5442 (A Stack-based Buffer Overflow issue was discovered in Fuji Electric ...)
	NOT-FOR-US: Fuji Electric V-Server VPR
CVE-2018-5441 (An Improper Validation of Integrity Check Value issue was discovered in ...)
	NOT-FOR-US: PHOENIX CONTACT mGuard firmware
CVE-2018-5440 (A Stack-based Buffer Overflow issue was discovered in 3S-Smart CODESYS ...)
	NOT-FOR-US: 3S-Smart
CVE-2018-5439 (A Command Injection issue was discovered in Nortek Linear eMerge E3 ...)
	NOT-FOR-US: Nortek Linear eMerge E3 series
CVE-2018-5438 (Philips ISCV application prior to version 2.3.0 has an insufficient ...)
	NOT-FOR-US: Philips ISCV application
CVE-2018-5437
	RESERVED
CVE-2018-5436
	RESERVED
CVE-2018-5435
	RESERVED
CVE-2018-5434
	RESERVED
CVE-2018-5433
	RESERVED
CVE-2018-5432
	RESERVED
CVE-2018-5431 (The domain designer component of TIBCO Software Inc.'s TIBCO ...)
	- jasperreports <unfixed>
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5431
CVE-2018-5430 (The Spring web flows of TIBCO Software Inc.'s TIBCO JasperReports ...)
	- jasperreports <unfixed>
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430
CVE-2018-5429 (A vulnerability in the report scripting component of TIBCO Software ...)
	- jasperreports <unfixed>
	[wheezy] - jasperreports <end-of-life> (not supported in Wheezy)
	NOTE: https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429
CVE-2018-5428
	RESERVED
CVE-2018-5427
	RESERVED
CVE-2018-5426
	RESERVED
CVE-2018-5425
	RESERVED
CVE-2018-5424
	RESERVED
CVE-2018-5423
	RESERVED
CVE-2018-5422
	RESERVED
CVE-2018-5421
	RESERVED
CVE-2018-5420
	RESERVED
CVE-2018-5419
	RESERVED
CVE-2018-5418
	RESERVED
CVE-2018-5417
	RESERVED
CVE-2018-5416
	RESERVED
CVE-2018-5415
	RESERVED
CVE-2018-5414
	RESERVED
CVE-2018-5413
	RESERVED
CVE-2018-5412
	RESERVED
CVE-2018-5411
	RESERVED
CVE-2018-5410
	RESERVED
CVE-2018-5409
	RESERVED
CVE-2018-5408
	RESERVED
CVE-2018-5407
	RESERVED
CVE-2018-5406
	RESERVED
CVE-2018-5405
	RESERVED
CVE-2018-5404
	RESERVED
CVE-2018-5403
	RESERVED
CVE-2018-5402
	RESERVED
CVE-2018-5401
	RESERVED
CVE-2018-5400
	RESERVED
CVE-2018-5399
	RESERVED
CVE-2018-5398
	RESERVED
CVE-2018-5397
	RESERVED
CVE-2018-5396
	RESERVED
CVE-2018-5395
	RESERVED
CVE-2018-5394
	RESERVED
CVE-2018-5393
	RESERVED
CVE-2018-5392
	RESERVED
CVE-2018-5391
	RESERVED
CVE-2018-5390
	RESERVED
CVE-2018-5389
	RESERVED
CVE-2018-5388
	RESERVED
CVE-2018-5387
	RESERVED
CVE-2018-5386
	RESERVED
CVE-2018-5385
	RESERVED
CVE-2018-5384
	RESERVED
CVE-2018-5383
	RESERVED
CVE-2018-5382 (Bouncy Castle BKS version 1 keystore (BKS-V1) files use an HMAC that ...)
	- bouncycastle 1.48+dfsg-2
	[wheezy] - bouncycastle <ignored> (this only affects the integrity verification and not the content of the BKS keystore)
	NOTE: https://insights.sei.cmu.edu/cert/2018/03/the-curious-case-of-the-bouncy-castle-bks-passwords.html
	NOTE: https://www.kb.cert.org/vuls/id/306792
	NOTE: Issue fixed in 1.47 upstream. The default MAC for a BKS key store was
	NOTE: 2 bytes before and has been upgraded to 20 bytes.
CVE-2018-5381 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 has a bug in its ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1975.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=ce07207c50a3d1f05d6dd49b5294282e59749787
CVE-2018-5380 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 can overrun ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1550.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=9e5251151894aefdf8e9392a2371615222119ad8
CVE-2018-5379 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 can double-free ...)
	{DSA-4115-1 DLA-1286-1}
	- quagga 1.2.4-1 (bug #890563)
	NOTE: https://www.quagga.net/security/Quagga-2018-1114.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=e69b535f92eafb599329bf725d9b4c6fd5d7fded
CVE-2018-5378 (The Quagga BGP daemon (bgpd) prior to version 1.2.3 does not properly ...)
	- quagga 1.2.4-1 (bug #890563)
	[stretch] - quagga 1.1.1-3+deb9u2
	[jessie] - quagga <not-affected> (Vulnerable code not present)
	[wheezy] - quagga <not-affected> (Vulnerable code not present)
	NOTE: https://www.quagga.net/security/Quagga-2018-0543.txt
	NOTE: https://git.savannah.gnu.org/cgit/quagga.git/commit/?id=cc2e6770697e343f4af534114ab7e633d5beabec
CVE-2018-5377 (Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5376 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5375 (Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2017-18029 (In ImageMagick 7.0.6-10 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/691
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d3144a8be81aed6e635de68f0d8e97881638a398
CVE-2017-18028 (In ImageMagick 7.0.7-1 Q16, a memory exhaustion vulnerability was found ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/736
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/740985d9bd3f1c50d622c3496bb2e75d44b65a91
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/32a3eeb9e0da083cbc05909e4935efdbf9846df9
CVE-2017-18027 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/734
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a43f4155ee916fbed080acd534232a9d2396b5b5
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6a88a234cbb88a06fcb7e7ebe6668267b72fa787
CVE-2016-10706 (The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted ...)
	NOT-FOR-US: WordPress plugin jetpack
CVE-2016-10705 (The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes ...)
	NOT-FOR-US: WordPress plugin jetpack
CVE-2018-5702 (Transmission through 2.92 relies on X-Transmission-Session-Id (which is ...)
	{DSA-4087-1 DLA-1246-1}
	- transmission 2.92-3 (bug #886990)
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/12/1
	NOTE: https://github.com/transmission/transmission/pull/468
	NOTE: Proposed patch: https://patch-diff.githubusercontent.com/raw/transmission/transmission/pull/468.diff
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1447
CVE-2018-5374 (The Dbox 3D Slider Lite plugin through 1.2.2 for WordPress has SQL ...)
	NOT-FOR-US: Dbox 3D Slider Lite plugin for WordPress
CVE-2018-5373 (The Smooth Slider plugin through 2.8.6 for WordPress has SQL Injection ...)
	NOT-FOR-US: Smooth Slider plugin for WordPress
CVE-2018-5372 (The Testimonial Slider plugin through 1.2.4 for WordPress has SQL ...)
	NOT-FOR-US: Testimonial Slider plugin for WordPress
CVE-2018-5371 (diag_ping.cmd on D-Link DSL-2640U devices with firmware IM_1.00 and ...)
	NOT-FOR-US: D-Link
CVE-2018-5370 (BizLogic xnami 1.0 has XSS via the comment parameter in an addComment ...)
	NOT-FOR-US: BizLogic xnami
CVE-2018-5369 (The SrbTransLatin plugin 1.46 for WordPress has XSS via an ...)
	NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5368 (The SrbTransLatin plugin 1.46 for WordPress has CSRF via an ...)
	NOT-FOR-US: SrbTransLatin plugin for WordPress
CVE-2018-5367 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5366 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5365 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5364 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5363 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5362 (The WPGlobus plugin 1.9.6 for WordPress has XSS via the ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5361 (The WPGlobus plugin 1.9.6 for WordPress has CSRF via ...)
	NOT-FOR-US: WPGlobus plugin for WordPress
CVE-2018-5360 (LibTIFF before 4.0.6 mishandles the reading of TIFF files, as ...)
	- tiff <unfixed>
	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: Issue demostrated in tiff via a vector through graphicsmagick, cf.
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/540/
	TODO: claimed to be fixed in latest libtiff, but no idication yet which changes adresses the issue
CVE-2018-5359 (The server in Flexense SysGauge 3.6.18 operating on port 9221 can be ...)
	NOT-FOR-US: Flexense SysGauge
CVE-2018-5358 (ImageMagick 7.0.7-22 Q16 has memory leaks in the EncodeImageAttributes ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/939
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e72d445220287727d7886a5f17a10caf944a802
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed80c93e4cbf2727ead75fd8bd5e5d9ecbe762f9
CVE-2018-5357 (ImageMagick 7.0.7-22 Q16 has memory leaks in the ReadDCMImage function ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/941
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4b60459202805cb4c9a96cdeeb70db594b1d3c72
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/152d81b91fc83d72da1989518685b1d70fc5e60a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fcce81295235f39aace870e1ed4785eec40790c1
CVE-2018-5356
	RESERVED
CVE-2018-5355
	RESERVED
CVE-2018-5354
	RESERVED
CVE-2018-5353
	RESERVED
CVE-2018-5352
	RESERVED
CVE-2018-5351
	RESERVED
CVE-2018-5350
	RESERVED
CVE-2018-5349 (A vulnerability has been found in Heimdal PRO v2.2.190, but it is most ...)
	NOT-FOR-US: Heimdal PRO
CVE-2018-5348
	RESERVED
CVE-2018-5347 (Seagate Media Server in Seagate Personal Cloud has unauthenticated ...)
	NOT-FOR-US: Seagate Media Server in Seagate Personal Cloud
CVE-2018-5346
	RESERVED
CVE-2018-1000004 (In the Linux kernel 4.12, 3.10, 2.6 and possibly earlier versions a ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
CVE-2018-1000001 (In glibc 2.26 and earlier there is confusion in the usage of getcwd() ...)
	- glibc 2.26-4 (bug #887001)
	[stretch] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
	[jessie] - glibc <postponed> (Minor issue, can be fixed along in next DSA or preferably point release)
	- eglibc <removed>
	[wheezy] - eglibc <postponed> (Minor issue, can be fixed along in next DSA)
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/11/5
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22679
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=52a713fdd0a30e1bd79818e2e3c4ab44ddca1a94
CVE-2018-5345 (A stack-based buffer overflow within GNOME gcab through 0.7.4 can be ...)
	{DSA-4095-1}
	- gcab 0.7-7 (bug #887776)
	NOTE: https://git.gnome.org/browse/gcab/commit/?id=bd2abee5f0a9b5cbe3a1ab1f338c4fb8f6ca797b
CVE-2018-5344 (In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles ...)
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerability introduced later)
	[wheezy] - linux <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/ae6650163c66a7eff1acd6eb8b0f752dcfa8eba5
CVE-2018-5343
	RESERVED
CVE-2018-5342 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5341 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5340 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5339 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5338 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5337 (An issue was discovered in Zoho ManageEngine Desktop Central 10.0.124 ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2018-5336 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the JSON, XML, NTP, ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-01.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14253
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f4c95cf46ba6adbd10b09747e10742801bc706b
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f6702e49a9720d173246668495eece6d77eca5b0
CVE-2018-5335 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the WCP dissector ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-04.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14251
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=086b87376b988c555484349aa115d6e08ac6db07
CVE-2018-5334 (In Wireshark 2.4.0 to 2.4.3 and 2.2.0 to 2.2.11, the IxVeriWave file ...)
	{DSA-4101-1 DLA-1258-1}
	- wireshark 2.4.4-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-03.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14297
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=dc308c05ba0673460fe80873b22d296880ee996d
CVE-2018-5333 (In the Linux kernel through 4.14.13, the rds_cmsg_atomic function in ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/7d11f77f84b27cef452cee332f4e469503084737
CVE-2018-5332 (In the Linux kernel through 4.14.13, the rds_message_alloc_sgs() ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.17-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/c095508770aebf1b9218e77026e48345d719b17c
CVE-2017-1000441
	REJECTED
CVE-2017-1000439
	REJECTED
CVE-2018-5331 (Discuz! DiscuzX X3.4 has XSS via the view parameter to ...)
	NOT-FOR-US: Discuz!
CVE-2018-5330 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...)
	NOT-FOR-US: ZyXEL
CVE-2018-5329 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5328 (ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2018-5327 (Cheetah Mobile Armorfly Browser &amp; Downloader 1.1.05.0010, when ...)
	NOT-FOR-US: Cheetah Mobile Armorfly Browser & Downloader
CVE-2018-5326 (Cheetah Mobile CM Browser 5.22.06.0012, when installed on unspecified ...)
	NOT-FOR-US: Cheetah Mobile CM Browser
CVE-2018-5325
	RESERVED
CVE-2018-5324
	RESERVED
CVE-2018-5323
	RESERVED
CVE-2018-5322
	RESERVED
CVE-2018-5321
	RESERVED
CVE-2018-5320
	RESERVED
CVE-2018-5319 (RAVPower FileHub 2.000.056 allows remote users to steal sensitive ...)
	NOT-FOR-US: RAVPower FileHub
CVE-2018-5318
	RESERVED
CVE-2018-5317
	RESERVED
CVE-2018-5316 (The &quot;SagePay Server Gateway for WooCommerce&quot; plugin before 1.0.9 for ...)
	NOT-FOR-US: "SagePay Server Gateway for WooCommerce" plugin for WordPress
CVE-2018-5315 (The Wachipi WP Events Calendar plugin 1.0 for WordPress has SQL ...)
	NOT-FOR-US: Wachipi WP Events Calendar plugin for WordPress
CVE-2018-5314 (Command injection vulnerability in Citrix NetScaler ADC and NetScaler ...)
	NOT-FOR-US: Citrix
CVE-2017-1000465 (Sulu-standard version 1.6.6 is vulnerable to stored cross-site ...)
	NOT-FOR-US: Sulu-standard
CVE-2017-1000429 (rui Li finecms 5.0.10 is vulnerable to a reflected XSS in the file ...)
	NOT-FOR-US: rui Li finecms
CVE-2017-1000428 (flatCore-CMS 1.4.6 is vulnerable to reflected XSS in ...)
	NOT-FOR-US: flatCore-CMS
CVE-2017-18026 (Redmine before 3.2.9, 3.3.x before 3.3.6, and 3.4.x before 3.4.4 does ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #887307)
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/issues/27516 (private)
	NOTE: https://github.com/redmine/redmine/commit/ca87bf766cdc70179cb2dce03015d78ec9c13ebd
	NOTE: https://github.com/redmine/redmine/commit/58ed8655136ff2fe5ff7796859bf6a399c76c678
	NOTE: https://github.com/redmine/redmine/commit/9d797400eaec5f9fa7ba9507c82d9c18cb91d02e
	NOTE: upstream fixed in 3.2.9, 3.3.6 and 3.4.4
CVE-2018-5313 (A vulnerability allows local attackers to escalate privilege on Rapid ...)
	NOT-FOR-US: Rapid Scada
CVE-2017-1000415 (MatrixSSL version 3.7.2 has an incorrect UTCTime date range validation ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2018-5312 (The tabs-responsive plugin 1.8.0 for WordPress has XSS via the ...)
	NOT-FOR-US: tabs-responsive plugin for WordPress
CVE-2018-5311 (The Easy Custom Auto Excerpt plugin 2.4.6 for WordPress has XSS via the ...)
	NOT-FOR-US: Easy Custom Auto Excerpt plugin for WordPress
CVE-2018-5310 (In the &quot;Media from FTP&quot; plugin before 9.85 for WordPress, Directory ...)
	NOT-FOR-US: "Media from FTP" plugin for WordPress
CVE-2018-5309 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
	[experimental] - libpodofo 0.9.6~rc1+dfsg-1
	- libpodofo <unfixed> (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/5/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532381
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1907
CVE-2018-5308 (PoDoFo 0.9.5 does not properly validate memcpy arguments in the ...)
	- libpodofo 0.9.5-9 (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1532390
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1870
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1876
CVE-2018-5307 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5306 (Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus ...)
	NOT-FOR-US: Sonatype Nexus Repository Manager
CVE-2018-5305
	RESERVED
CVE-2018-5304 (An issue was discovered on the Impinj Speedway Connect R420 RFID ...)
	NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5303 (An issue was discovered on the Impinj Speedway Connect R420 RFID ...)
	NOT-FOR-US: Impinj Speedway Connect R420 RFID Reader
CVE-2018-5302
	RESERVED
CVE-2018-5301 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
	NOT-FOR-US: Magento
CVE-2017-18025 (cgi-bin/drknow.cgi in Innotube ITGuard-Manager 0.0.0.1 allows remote ...)
	NOT-FOR-US: Innotube ITGuard-Manager
CVE-2017-18024 (AvantFAX 3.3.3 has XSS via an arbitrary parameter name to the default ...)
	NOT-FOR-US: AvantFAX
CVE-2017-18023 (Office Tracker 11.2.5 has XSS via the logincount parameter to the ...)
	NOT-FOR-US: Office Tracker
CVE-2018-1000028 (Linux kernel version after commit bdcf0a423ea1 - 4.15-rc4+, 4.14.8+, ...)
	- linux 4.14.17-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/1995266727fa8143897e89b55f5d3c79aa828420
	NOTE: Introducing commit backported to 4.14.8 and 4.9.76. But Debian stretch
	NOTE: did never contain the vulnerable code alone without the fix.
CVE-2018-1000027 (The Squid Software Foundation Squid HTTP Caching Proxy version prior ...)
	{DSA-4122-1 DLA-1267-1 DLA-1266-1}
	[experimental] - squid 4.0.23-1~exp8
	- squid <removed>
	- squid3 3.5.27-1 (bug #888720)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_2.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_2.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
CVE-2018-1000024 (The Squid Software Foundation Squid HTTP Caching Proxy version 3.0 to ...)
	{DSA-4122-1 DLA-1266-1}
	[experimental] - squid 4.0.23-1~exp8
	- squid <removed>
	[wheezy] - squid <not-affected> (Not affected according to upstream advisory)
	- squid3 3.5.27-1 (bug #888719)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: Squid 3.5: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_1.patch
	NOTE: Squid 4: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2018_1.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
	NOTE: Squid3 in Debian builds to use the libxml2 or libexpat XML parsers.
CVE-2018-1000022 (Electrum Technologies GmbH Electrum Bitcoin Wallet version prior to ...)
	- electrum 3.0.5-1 (bug #886683)
	[jessie] - electrum <not-affected> (Only affects >= 2.6)
	NOTE: https://github.com/spesmilo/electrum/issues/3374
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/10/4
CVE-2018-5300
	RESERVED
CVE-2018-5299 (A stack-based Buffer Overflow Vulnerability exists in the web server in ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2018-5298 (In the Procter &amp; Gamble &quot;Oral-B App&quot; (aka com.pg.oralb.oralbapp) ...)
	NOT-FOR-US: Procter & Gamble "Oral-B App" for Android
CVE-2018-5297
	RESERVED
CVE-2018-5296 (In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the ...)
	- libpodofo <unfixed> (low)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/tickets/6/
CVE-2018-5295 (In PoDoFo 0.9.5, there is an integer overflow in the ...)
	- libpodofo 0.9.5-9 (low; bug #889511)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: upstream thread: https://sourceforge.net/p/podofo/mailman/message/36180168/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1889
CVE-2018-5294 (In libming 0.4.8, there is an integer overflow (caused by an ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/98
CVE-2018-5293 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5292 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5291 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5290 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5289 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5288 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5287 (The GD Rating System plugin 2.3 for WordPress has Directory Traversal ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5286 (The GD Rating System plugin 2.3 for WordPress has XSS via the ...)
	NOT-FOR-US: GD Rating System plugin for WordPress
CVE-2018-5285 (The ImageInject plugin 1.15 for WordPress has CSRF via ...)
	NOT-FOR-US: ImageInject plugin for WordPress
CVE-2018-5284 (The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid ...)
	NOT-FOR-US: ImageInject plugin for WordPress
CVE-2018-5283 (The Photos in Wifi application 1.0.1 for iOS has directory traversal ...)
	NOT-FOR-US: Photos in Wifi application for iOS
CVE-2018-5282 (** DISPUTED ** Kentico 9.0 through 11.0 has a stack-based buffer ...)
	NOT-FOR-US: Kentico
CVE-2018-5281 (SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices ...)
	NOT-FOR-US: SonicWall SonicOS
CVE-2018-5280 (SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices ...)
	NOT-FOR-US: SonicWall SonicOS
CVE-2018-5279 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5278 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5277 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5276 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5275 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5274 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5273 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5272 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5271 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5270 (** DISPUTED ** In Malwarebytes Premium 3.3.1.2183, the driver file ...)
	NOT-FOR-US: Malwarebytes Premium
CVE-2018-5269 (In OpenCV 3.3.1, an assertion failure happens in ...)
	{DLA-1354-1}
	- opencv <unfixed> (bug #886675)
	NOTE: https://github.com/opencv/opencv/issues/10540
	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5268 (In OpenCV 3.3.1, a heap-based buffer overflow happens in ...)
	{DLA-1354-1}
	- opencv <unfixed> (bug #886674)
	NOTE: https://github.com/opencv/opencv/issues/10541
	NOTE: 2.4 backport: https://patch-diff.githubusercontent.com/raw/opencv/opencv/pull/10901.patch
CVE-2018-5267 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5266 (Cobham Sea Tel 121 build 222701 devices allow remote attackers to ...)
	NOT-FOR-US: Cobham Sea Tel 121 build 222701 devices
CVE-2018-5265
	RESERVED
CVE-2018-5264
	RESERVED
CVE-2018-5263 (The StackIdeas EasyDiscuss (aka com_easydiscuss) extension before ...)
	NOT-FOR-US: The StackIdeas EasyDiscuss extension for Joomla!
CVE-2018-5262 (A stack-based buffer overflow in Flexense DiskBoss 8.8.16 and earlier ...)
	NOT-FOR-US: Flexense DiskBoss
CVE-2018-5261 (An issue was discovered in Flexense DiskBoss 8.8.16 and earlier. Due ...)
	NOT-FOR-US: Flexense DiskBoss
CVE-2018-5260
	RESERVED
CVE-2018-5259 (Discuz! DiscuzX X3.4 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Discuz! DiscuzX
CVE-2018-5258 (The Neon app 1.6.14 iOS does not verify X.509 certificates from SSL ...)
	NOT-FOR-US: Neon app
CVE-2018-5257
	RESERVED
CVE-2018-5256 (CoreOS Tectonic 1.7.x before 1.7.9-tectonic.4 and 1.8.x before ...)
	NOT-FOR-US: CoreOS Tectonic
CVE-2014-10069 (Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared ...)
	NOT-FOR-US: Hitron CVE-30360 devices
CVE-2018-5255 (The Mlag agent in Arista EOS 4.19 before 4.19.4M and 4.20 before ...)
	NOT-FOR-US: Arista
CVE-2018-5254 (Arista EOS before 4.20.2F allows remote BGP peers to cause a denial of ...)
	NOT-FOR-US: Arista EOS
CVE-2018-5253 (The AP4_FtypAtom class in Core/Ap4FtypAtom.cpp in Bento4 1.5.1.0 has an ...)
	NOT-FOR-US: Bento4
CVE-2018-5252 (libimageworsener.a in ImageWorsener 1.3.2, when libjpeg 8d is used, has ...)
	NOT-FOR-US: ImageWorsener
CVE-2018-5251 (In libming 0.4.8, there is an integer signedness error vulnerability ...)
	{DLA-1305-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/97
CVE-2018-5250
	RESERVED
CVE-2018-5249 (Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and ...)
	- shaarli <itp> (bug #864559)
CVE-2018-5248 (In ImageMagick 7.0.7-17 Q16, there is a heap-based buffer over-read in ...)
	{DSA-4204-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886588)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/927
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c76434c16b5ac8861ee0c5d5c3ab8974fae3d624
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0272305f91763b5ce119a2c7a0e0084d8241a58d
CVE-2018-5247 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadRLAImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/928
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0ecb22aa909e52d86b4545aa7a51f7a0922147e6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d85c34f8bd699c31b94118babc6c0445eecc9920
CVE-2018-5246 (In ImageMagick 7.0.7-17 Q16, there are memory leaks in ReadPATTERNImage ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/929
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c3dd700bbb17837ee6f540aff3eafc76262accf
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e59dc85e6ce58fd7618c3680b2a8def62050582f
CVE-2018-5245
	RESERVED
CVE-2018-5243
	RESERVED
CVE-2018-5242
	RESERVED
CVE-2018-5241
	RESERVED
CVE-2018-5240
	RESERVED
CVE-2018-5239
	RESERVED
CVE-2018-5238
	RESERVED
CVE-2018-5237
	RESERVED
CVE-2018-5236
	RESERVED
CVE-2018-5235
	RESERVED
CVE-2018-5234 (The Norton Core router prior to v237 may be susceptible to a command ...)
	NOT-FOR-US: Norton Core router
CVE-2017-18022 (In ImageMagick 7.0.7-12 Q16, there are memory leaks in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/904
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8cf0676455929a067257400e8020dea6ca94c1a4
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e7649e96a7730dd116afb629b372c5772be0b900
CVE-2018-5244 (In Xen 4.10, new infrastructure was introduced as part of an overhaul ...)
	- xen <not-affected> (Only affects Xen 4.10 onwards)
	NOTE: https://xenbits.xen.org/xsa/advisory-253.html
CVE-2018-5233 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Grav CMS admin plugin
CVE-2018-5232
	RESERVED
CVE-2018-5231 (The ForgotLoginDetails resource in Atlassian Jira before version ...)
	NOT-FOR-US: Atlassian
CVE-2018-5230 (The issue collector in Atlassian Jira before version 7.6.6, from ...)
	NOT-FOR-US: Atlassian
CVE-2018-5229
	RESERVED
CVE-2018-5228 (The /browse/~raw resource in Atlassian Fisheye and Crucible before ...)
	NOT-FOR-US: Atlassian
CVE-2018-5227 (Various administrative application link resources in Atlassian ...)
	NOT-FOR-US: Atlassian
CVE-2018-5226 (There was an argument injection vulnerability in Sourcetree for ...)
	NOT-FOR-US: Atlassian
CVE-2018-5225 (In browser editing in Atlassian Bitbucket Server from version 4.13.0 ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2018-5224 (Bamboo did not correctly check if a configured Mercurial repository ...)
	NOT-FOR-US: Atlassian
CVE-2018-5223 (Fisheye and Crucible did not correctly check if a configured Mercurial ...)
	NOT-FOR-US: Atlassian
CVE-2018-5222
	RESERVED
CVE-2018-5221 (Multiple buffer overflows in BarCodeWiz BarCode before 6.7 ActiveX ...)
	NOT-FOR-US: BarCodeWiz BarCode
CVE-2018-5220 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5219 (In K7 Antivirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5218 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5217 (In K7 Antivirus 15.1.0306, the driver file (K7Sentry.sys) allows local ...)
	NOT-FOR-US: K7 Antivirus
CVE-2018-5216 (Radiant CMS 1.1.4 has XSS via crafted Markdown input in the ...)
	NOT-FOR-US: Radiant CMS
CVE-2018-5215 (Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title ...)
	NOT-FOR-US: Fork CMS
CVE-2018-5214 (The &quot;Add Link to Facebook&quot; plugin through 2.3 for WordPress has XSS via ...)
	NOT-FOR-US: "Add Link to Facebook" plugin for WordPress
CVE-2018-5213 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
	NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5212 (The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS ...)
	NOT-FOR-US: Simple Download Monitor plugin for WordPress
CVE-2018-5211 (PHP Melody version 2.7.1 suffer from SQL Injection Time-based attack ...)
	NOT-FOR-US: PHP Melody
CVE-2018-5210 (On Samsung mobile devices with N(7.x) software and Exynos chipsets, ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2018-5209
	RESERVED
CVE-2018-5208 (In Irssi before 1.0.6, a calculation error in the completion code could ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5207 (When using an incomplete variable argument, Irssi before 1.0.6 may ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5206 (When the channel topic is set without specifying a sender, Irssi before ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5205 (When using incomplete escape codes, Irssi before 1.0.6 may access data ...)
	{DSA-4162-1}
	- irssi 1.0.7-1 (bug #886475)
	[jessie] - irssi <ignored> (Minor issue)
	[wheezy] - irssi <no-dsa> (Minor issue)
	NOTE: https://irssi.org/security/irssi_sa_2018_01.txt
	NOTE: https://github.com/irssi/irssi/releases/download/1.0.6/irssi-1.0.5_1.0.6.diff
CVE-2018-5204
	RESERVED
CVE-2018-5203
	RESERVED
CVE-2018-5202
	RESERVED
CVE-2018-5201
	RESERVED
CVE-2018-5200
	RESERVED
CVE-2018-5199
	RESERVED
CVE-2018-5198
	RESERVED
CVE-2018-5197
	RESERVED
CVE-2018-5196
	RESERVED
CVE-2018-5195 (Hancom NEO versions 9.6.1.5183 and earlier have a buffer Overflow ...)
	NOT-FOR-US: Hancom NEO
CVE-2018-5194
	RESERVED
CVE-2018-5193
	RESERVED
CVE-2018-5192
	RESERVED
CVE-2018-5191
	REJECTED
CVE-2018-5190 (PicturesPro Photo Cart 6 and 7 before Security-Patch-2018-B allows ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2018-5189 (Race condition in Jungo Windriver 12.5.1 allows local users to cause a ...)
	NOT-FOR-US: Jungo Windriver
CVE-2018-5188
	RESERVED
CVE-2018-5187
	RESERVED
CVE-2018-5186
	RESERVED
CVE-2018-5185
	RESERVED
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5185
CVE-2018-5184
	RESERVED
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5184
CVE-2018-5183
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5183
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5183
CVE-2018-5182
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5182
CVE-2018-5181
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5181
CVE-2018-5180
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5180
CVE-2018-5179
	RESERVED
CVE-2018-5178
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5178
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5178
CVE-2018-5177
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5177
CVE-2018-5176
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5176
CVE-2018-5175
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5175
CVE-2018-5174
	RESERVED
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- thunderbird <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5174
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5174
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5174
CVE-2018-5173
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5173
CVE-2018-5172
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5172
CVE-2018-5171
	RESERVED
CVE-2018-5170
	RESERVED
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5170
CVE-2018-5169
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5169
CVE-2018-5168
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5168
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5168
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5168
CVE-2018-5167
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5167
CVE-2018-5166
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5166
CVE-2018-5165
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5165
CVE-2018-5164
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5164
CVE-2018-5163
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5163
CVE-2018-5162
	RESERVED
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5162
CVE-2018-5161
	RESERVED
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5161
CVE-2018-5160
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5160
CVE-2018-5159
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5159
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5159
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5159
CVE-2018-5158
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
CVE-2018-5157
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5157
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
CVE-2018-5156
	RESERVED
CVE-2018-5155
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5155
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5155
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5155
CVE-2018-5154
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5154
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5154
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5154
CVE-2018-5153
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5153
CVE-2018-5152
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5152
CVE-2018-5151
	RESERVED
	- firefox 60.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5151
CVE-2018-5150
	RESERVED
	{DSA-4199-1 DLA-1376-1}
	- firefox 60.0-1
	- firefox-esr 52.8.0esr-1
	- thunderbird 1:52.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5150
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5150
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-13/#CVE-2018-5150
CVE-2018-5149
	RESERVED
CVE-2018-5148 [Use-after-free in compositor]
	RESERVED
	{DSA-4153-1 DLA-1321-1}
	- firefox 59.0.2-1
	- firefox-esr 52.7.3esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-10/
CVE-2018-5147 [out-of-bound write]
	RESERVED
	{DSA-4143-1 DSA-4141-1 DLA-1319-1 DLA-1312-1}
	- firefox 59.0.1-1
	- firefox-esr 52.7.2esr-1
	- libvorbisidec 1.2.1+git20180316-1 (bug #893132)
	NOTE: https://git.xiph.org/?p=tremor.git;a=commit;h=562307a4a7082e24553f3d2c55dab397a17c4b4f
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
CVE-2018-5146 [out-of-bound write]
	RESERVED
	{DSA-4155-1 DSA-4143-1 DSA-4140-1 DLA-1368-1 DLA-1327-1 DLA-1319-1}
	- firefox 59.0.1-1
	- firefox-esr 52.7.2esr-1
	- thunderbird 1:52.7.0-1
	- libvorbis 1.3.5-4.2 (bug #893130)
	NOTE: https://git.xiph.org/?p=vorbis.git;a=commit;h=667ceb4aab60c1f74060143bb24e5f427b3cce5f
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-08/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5145
	RESERVED
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5144
	RESERVED
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5143
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5142
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5141
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5140
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5139
	RESERVED
CVE-2018-5138
	RESERVED
	- firefox <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5137
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5136
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5135
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5134
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5133
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5132
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5131
	RESERVED
	{DSA-4139-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5130
	RESERVED
	{DSA-4139-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5129
	RESERVED
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5128
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5127
	RESERVED
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5126
	RESERVED
	- firefox 59.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
CVE-2018-5125
	RESERVED
	{DSA-4155-1 DSA-4139-1 DLA-1327-1 DLA-1308-1}
	- firefox 59.0-1
	- firefox-esr 52.7.0esr-1
	- thunderbird 1:52.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-07/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-06/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-09/
CVE-2018-5124
	RESERVED
	- firefox 58.0.1-1
	- firefox-esr <not-affected> (Vulnerable code introduced later than 52)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-05/
CVE-2018-5123
	RESERVED
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
CVE-2018-5122
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5122
CVE-2018-5121
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5121
CVE-2018-5120
	RESERVED
CVE-2018-5119
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5119
CVE-2018-5118
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5118
CVE-2018-5117
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5117
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5117
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5117
CVE-2018-5116
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5116
CVE-2018-5115
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5115
CVE-2018-5114
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5114
CVE-2018-5113
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5113
CVE-2018-5112
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5112
CVE-2018-5111
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5111
CVE-2018-5110
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5110
CVE-2018-5109
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5109
CVE-2018-5108
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5108
CVE-2018-5107
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5107
CVE-2018-5106
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5106
CVE-2018-5105
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5105
CVE-2018-5104
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5104
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5104
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5104
CVE-2018-5103
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5103
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5103
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5103
CVE-2018-5102
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5102
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5102
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5102
CVE-2018-5101
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5101
CVE-2018-5100
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5100
CVE-2018-5099
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5099
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5099
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5099
CVE-2018-5098
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5098
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5098
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5098
CVE-2018-5097
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5097
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5097
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5097
CVE-2018-5096
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5096
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5096
CVE-2018-5095
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- skia <itp> (bug #818180)
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5095
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5095
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5095
CVE-2018-5094
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5094
CVE-2018-5093
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5093
CVE-2018-5092
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5092
CVE-2018-5091
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5091
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5091
CVE-2018-5090
	RESERVED
	- firefox 58.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5090
CVE-2018-5089
	RESERVED
	{DSA-4102-1 DSA-4096-1 DLA-1262-1 DLA-1256-1}
	- firefox 58.0-1
	- firefox-esr 52.6.0esr-1
	- thunderbird 1:52.6.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-02/#CVE-2018-5089
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-03/#CVE-2018-5089
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2018-04/#CVE-2018-5089
CVE-2018-5088 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5087 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5086 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5085 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5084 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5083 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5082 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5081 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5080 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2018-5079 (In K7 AntiVirus 15.1.0306, the driver file (K7FWHlpr.sys) allows local ...)
	NOT-FOR-US: K7 AntiVirus
CVE-2017-18021 (It was discovered that QtPass before 1.2.1, when using the built-in ...)
	- qtpass 1.2.1-1
	[stretch] - qtpass 1.1.6-1+deb9u1
	NOTE: https://lists.zx2c4.com/pipermail/password-store/2018-January/003165.html
	NOTE: https://github.com/IJHack/QtPass/issues/338
CVE-2017-18020 (On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2017-18019 (In K7 Total Security before 15.1.0.305, user-controlled input to the ...)
	NOT-FOR-US: K7 Total Security
CVE-2017-18018 (In GNU Coreutils through 8.29, chown-core.c in chown and chgrp does not ...)
	- coreutils <unfixed> (unimportant)
	NOTE: http://lists.gnu.org/archive/html/coreutils/2017-12/msg00045.html
	NOTE: http://www.openwall.com/lists/oss-security/2018/01/04/3
	NOTE: Documentation patches proposed:
	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00072.html
	NOTE: https://lists.gnu.org/archive/html/coreutils/2017-12/msg00073.html
	NOTE: Neutralised by kernel hardening
CVE-2018-5078 (Online Ticket Booking has XSS via the admin/eventlist.php cast ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5077 (Online Ticket Booking has XSS via the admin/movieedit.php moviename ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5076 (Online Ticket Booking has XSS via the admin/newsedit.php newstitle ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5075 (Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5074 (Online Ticket Booking has XSS via the admin/manageownerlist.php contact ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5073 (Online Ticket Booking has CSRF via admin/movieedit.php. ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5072 (Online Ticket Booking has XSS via the admin/sitesettings.php keyword ...)
	NOT-FOR-US: Online Ticket Booking
CVE-2018-5071 (Persistent XSS exists in the web server on Cobham Sea Tel 116 build ...)
	NOT-FOR-US: Cobham Sea Tel 116 build 222429 satellite communication system devices
CVE-2018-5070
	RESERVED
CVE-2018-5069
	RESERVED
CVE-2018-5068
	RESERVED
CVE-2018-5067
	RESERVED
CVE-2018-5066
	RESERVED
CVE-2018-5065
	RESERVED
CVE-2018-5064
	RESERVED
CVE-2018-5063
	RESERVED
CVE-2018-5062
	RESERVED
CVE-2018-5061
	RESERVED
CVE-2018-5060
	RESERVED
CVE-2018-5059
	RESERVED
CVE-2018-5058
	RESERVED
CVE-2018-5057
	RESERVED
CVE-2018-5056
	RESERVED
CVE-2018-5055
	RESERVED
CVE-2018-5054
	RESERVED
CVE-2018-5053
	RESERVED
CVE-2018-5052
	RESERVED
CVE-2018-5051
	RESERVED
CVE-2018-5050
	RESERVED
CVE-2018-5049
	RESERVED
CVE-2018-5048
	RESERVED
CVE-2018-5047
	RESERVED
CVE-2018-5046
	RESERVED
CVE-2018-5045
	RESERVED
CVE-2018-5044
	RESERVED
CVE-2018-5043
	RESERVED
CVE-2018-5042
	RESERVED
CVE-2018-5041
	RESERVED
CVE-2018-5040
	RESERVED
CVE-2018-5039
	RESERVED
CVE-2018-5038
	RESERVED
CVE-2018-5037
	RESERVED
CVE-2018-5036
	RESERVED
CVE-2018-5035
	RESERVED
CVE-2018-5034
	RESERVED
CVE-2018-5033
	RESERVED
CVE-2018-5032
	RESERVED
CVE-2018-5031
	RESERVED
CVE-2018-5030
	RESERVED
CVE-2018-5029
	RESERVED
CVE-2018-5028
	RESERVED
CVE-2018-5027
	RESERVED
CVE-2018-5026
	RESERVED
CVE-2018-5025
	RESERVED
CVE-2018-5024
	RESERVED
CVE-2018-5023
	RESERVED
CVE-2018-5022
	RESERVED
CVE-2018-5021
	RESERVED
CVE-2018-5020
	RESERVED
CVE-2018-5019
	RESERVED
CVE-2018-5018
	RESERVED
CVE-2018-5017
	RESERVED
CVE-2018-5016
	RESERVED
CVE-2018-5015
	RESERVED
CVE-2018-5014
	RESERVED
CVE-2018-5013
	RESERVED
CVE-2018-5012
	RESERVED
CVE-2018-5011
	RESERVED
CVE-2018-5010
	RESERVED
CVE-2018-5009
	RESERVED
CVE-2018-5008
	RESERVED
CVE-2018-5007
	RESERVED
CVE-2018-5006
	RESERVED
CVE-2018-5005
	RESERVED
CVE-2018-5004
	RESERVED
CVE-2018-5003
	RESERVED
CVE-2018-5002
	RESERVED
CVE-2018-5001
	RESERVED
CVE-2018-5000
	RESERVED
CVE-2018-4999
	RESERVED
CVE-2018-4998
	RESERVED
CVE-2018-4997
	RESERVED
CVE-2018-4996
	RESERVED
CVE-2018-4995
	RESERVED
CVE-2018-4994 (Adobe Connect versions 9.7.5 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4993
	RESERVED
CVE-2018-4992 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2018-4991 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2018-4990
	RESERVED
CVE-2018-4989
	RESERVED
CVE-2018-4988
	RESERVED
CVE-2018-4987
	RESERVED
CVE-2018-4986
	RESERVED
CVE-2018-4985
	RESERVED
CVE-2018-4984
	RESERVED
CVE-2018-4983
	RESERVED
CVE-2018-4982
	RESERVED
CVE-2018-4981
	RESERVED
CVE-2018-4980
	RESERVED
CVE-2018-4979
	RESERVED
CVE-2018-4978
	RESERVED
CVE-2018-4977
	RESERVED
CVE-2018-4976
	RESERVED
CVE-2018-4975
	RESERVED
CVE-2018-4974
	RESERVED
CVE-2018-4973
	RESERVED
CVE-2018-4972
	RESERVED
CVE-2018-4971
	RESERVED
CVE-2018-4970
	RESERVED
CVE-2018-4969
	RESERVED
CVE-2018-4968
	RESERVED
CVE-2018-4967
	RESERVED
CVE-2018-4966
	RESERVED
CVE-2018-4965
	RESERVED
CVE-2018-4964
	RESERVED
CVE-2018-4963
	RESERVED
CVE-2018-4962
	RESERVED
CVE-2018-4961
	RESERVED
CVE-2018-4960
	RESERVED
CVE-2018-4959
	RESERVED
CVE-2018-4958
	RESERVED
CVE-2018-4957
	RESERVED
CVE-2018-4956
	RESERVED
CVE-2018-4955
	RESERVED
CVE-2018-4954
	RESERVED
CVE-2018-4953
	RESERVED
CVE-2018-4952
	RESERVED
	NOT-FOR-US: VMware Xenon
CVE-2018-4951
	RESERVED
CVE-2018-4950
	RESERVED
CVE-2018-4949
	RESERVED
CVE-2018-4948
	RESERVED
CVE-2018-4947
	RESERVED
	NOT-FOR-US: VMware Xenon
CVE-2018-4946
	RESERVED
CVE-2018-4945
	RESERVED
CVE-2018-4944 (Adobe Flash Player versions 29.0.0.140 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4943 (Adobe PhoneGap Push Plugin versions 1.8.0 and earlier have an ...)
	NOT-FOR-US: Adobe
CVE-2018-4942 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 ...)
	NOT-FOR-US: Adobe
CVE-2018-4941 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 ...)
	NOT-FOR-US: Adobe
CVE-2018-4940 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 ...)
	NOT-FOR-US: Adobe
CVE-2018-4939 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 ...)
	NOT-FOR-US: Adobe
CVE-2018-4938 (Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 ...)
	NOT-FOR-US: Adobe
CVE-2018-4937 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4936 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4935 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4934 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4933 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4932 (Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4931 (Adobe Experience Manager versions 6.1 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4930 (Adobe Experience Manager versions 6.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4929 (Adobe Experience Manager versions 6.2 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4928 (Adobe InDesign versions 13.0 and below have an exploitable Memory ...)
	NOT-FOR-US: Adobe
CVE-2018-4927 (Adobe InDesign versions 13.0 and below have an exploitable Untrusted ...)
	NOT-FOR-US: Adobe
CVE-2018-4926 (Adobe Digital Editions versions 4.5.7 and below have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4925 (Adobe Digital Editions versions 4.5.7 and below have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4924 (Adobe Dreamweaver CC versions 18.0 and earlier have an OS Command ...)
	NOT-FOR-US: Adobe
CVE-2018-4923 (Adobe Connect versions 9.7 and earlier have an exploitable OS Command ...)
	NOT-FOR-US: Adobe
CVE-2018-4922
	RESERVED
CVE-2018-4921 (Adobe Connect versions 9.7 and earlier have an exploitable unrestricted ...)
	NOT-FOR-US: Adobe
CVE-2018-4920 (Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4919 (Adobe Flash Player versions 28.0.0.161 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2018-4918 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2018-4917 (Adobe Acrobat and Reader versions 2018.009.20050 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2018-4916 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4915 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4914 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4913 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4912 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4911 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4910 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4909 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4908 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4907 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4906 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4905 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4904 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4903 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4902 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4901 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4900 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4899 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4898 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4897 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4896 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4895 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4894 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4893 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4892 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4891 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4890 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4889 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4888 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4887 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4886 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4885 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4884 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4883 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4882 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4881 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4880 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4879 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4878 (A use-after-free vulnerability was discovered in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4877 (A use-after-free vulnerability was discovered in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4876 (Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-4875 (Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a ...)
	NOT-FOR-US: Adobe Experience Manager
CVE-2018-4874
	RESERVED
CVE-2018-4873 (Adobe Creative Cloud Desktop Application versions 4.4.1.298 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2018-4872 (An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and ...)
	NOT-FOR-US: Adobe
CVE-2018-4871 (An Out-of-bounds Read issue was discovered in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2018-4870
	RESERVED
CVE-2018-4869
	RESERVED
CVE-2018-4868 (The Exiv2::Jp2Image::readMetadata function in jp2image.cpp in Exiv2 ...)
	- exiv2 <not-affected> (Vulnerable code introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/202
CVE-2017-1000500 (Keycloak SSO versions prior to 2.x are vulnerable to Host Header ...)
	NOT-FOR-US: Keycloak
CVE-2017-1000499 (phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a ...)
	- phpmyadmin <not-affected> (Only affects phpMyAdmin starting from 4.7.0)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-9/
CVE-2017-1000498 (AndroidSVG version 1.2.2 is vulnerable to XXE attacks in the SVG ...)
	NOT-FOR-US: AndroidSVG
CVE-2017-1000497 (Pepperminty-Wiki version 0.15 is vulnerable to XXE attacks in the ...)
	NOT-FOR-US: Pepperminty-Wiki
CVE-2017-1000496 (Commsy version 9.0.0 is vulnerable to XXE attacks in the configuration ...)
	NOT-FOR-US: Commsy
CVE-2017-1000495 (QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site ...)
	NOT-FOR-US: QuickApps CMS
CVE-2017-1000494 (Uninitialized stack variable vulnerability in NameValueParserEndElt ...)
	- miniupnpd 2.0.20171212-1 (bug #887129)
	[stretch] - miniupnpd <no-dsa> (Minor issue)
	[jessie] - miniupnpd <no-dsa> (Minor issue)
	- miniupnpc 2.0.20171212-3 (unimportant)
	NOTE: https://github.com/miniupnp/miniupnp/issues/268
	NOTE: https://github.com/miniupnp/miniupnp/commit/7aeb624b44f86d335841242ff427433190e7168a
	NOTE: https://github.com/miniupnp/miniupnp/commit/a0573e251817ec090a8c9f9f41b56d720c835a6c
CVE-2017-1000490 (Mautic versions 1.0.0 - 2.11.0 are vulnerable to allowing any ...)
	NOT-FOR-US: Mautic
CVE-2017-1000489 (Mautic versions 2.0.0 - 2.11.0 with a SSO plugin installed could allow ...)
	NOT-FOR-US: Mautic
CVE-2017-1000488 (Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack ...)
	NOT-FOR-US: Mautic
CVE-2017-1000487 (Plexus-utils before 3.0.16 is vulnerable to command injection because ...)
	{DSA-4149-1 DSA-4146-1 DLA-1237-1 DLA-1236-1}
	- plexus-utils 1:1.5.15-5
	- plexus-utils2 3.0.22-1
	NOTE: https://snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31522
	NOTE: https://github.com/codehaus-plexus/plexus-utils/commit/b38a1b3a4352303e4312b2bb601a0d7ec6e28f41
CVE-2017-1000486 (Primetek Primefaces 5.x is vulnerable to a weak encryption flaw ...)
	NOT-FOR-US: Primetek Primefaces
CVE-2017-1000485 (Nylas Mail Lives 2.2.2 uses 0755 permissions for $HOME/.nylas-mail, ...)
	NOT-FOR-US: Nylas Mail Lives
CVE-2017-1000484 (By linking to a specific url in Plone 2.5-5.1rc1 with a parameter, an ...)
	NOT-FOR-US: Plone
CVE-2017-1000483 (Accessing private content via str.format in through-the-web templates ...)
	NOT-FOR-US: Plone
CVE-2017-1000482 (A member of the Plone 2.5-5.1rc1 site could set javascript in the ...)
	NOT-FOR-US: Plone
CVE-2017-1000481 (When you visit a page where you need to login, Plone 2.5-5.1rc1 sends ...)
	NOT-FOR-US: Plone
CVE-2017-1000480 (Smarty 3 before 3.1.32 is vulnerable to a PHP code injection when ...)
	{DSA-4094-1 DLA-1249-1}
	- smarty <removed>
	- smarty3 3.1.31+20161214.1.c7d42e4+selfpack1-3 (bug #886460)
	NOTE: https://github.com/smarty-php/smarty/commit/614ad1f8b9b00086efc123e49b7bb8efbfa81b61
CVE-2017-1000479 (pfSense versions 2.4.1 and lower are vulnerable to clickjacking ...)
	NOT-FOR-US: pfSense
CVE-2017-1000478 (ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in ...)
	NOT-FOR-US: ELabftw
CVE-2017-1000477 (XMLBundle version 0.1.7 is vulnerable to XXE attacks which can result ...)
	NOT-FOR-US: XMLBundle
CVE-2017-1000476 (ImageMagick 7.0.7-12 Q16, a CPU exhaustion vulnerability was found in ...)
	{DLA-1229-1}
	- imagemagick 8:6.9.9.34+dfsg-3
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/867
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e5dae180b9236bccd73ce93bfce81e99232a8533
CVE-2017-1000473 (Linux Dash up to version v2 is vulnerable to multiple command ...)
	NOT-FOR-US: Linux Dash
CVE-2017-1000472 (The ZipCommon::isValidPath() function in Zip/src/ZipCommon.cpp in POCO ...)
	{DSA-4083-1 DLA-1239-1}
	- poco 1.8.0-2
	NOTE: https://github.com/pocoproject/poco/issues/1968
CVE-2017-1000471 (EmbedThis GoAhead Webserver version 4.0.0 is vulnerable to a NULL ...)
	NOT-FOR-US: EmbedThis GoAhead Webserver
CVE-2017-1000470 (EmbedThis GoAhead Webserver versions 4.0.0 and earlier is vulnerable ...)
	NOT-FOR-US: EmbedThis GoAhead Webserver
CVE-2017-1000469 (Cobbler version up to 2.8.2 is vulnerable to a command injection ...)
	- cobbler <removed> (bug #886480)
	NOTE: https://github.com/cobbler/cobbler/issues/1845
CVE-2017-1000467 (LavaLite version 5.2.4 is vulnerable to stored cross-site scripting ...)
	NOT-FOR-US: LavaLite
CVE-2017-1000462 (BookStack version 0.18.4 is vulnerable to stored cross-site scripting, ...)
	NOT-FOR-US: BookStack
CVE-2017-1000461 (Brave Software's Brave Browser, version 0.19.73 (and earlier) is ...)
	- brave-browser <itp> (bug #864795)
CVE-2017-1000460 (In line libavcodec/h264dec.c:500 in libav(v13_dev0), ffmpeg(n3.4), ...)
	- libav <removed>
	- ffmpeg 7:3.1.1-1
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=952
	NOTE: https://lists.ffmpeg.org/pipermail/ffmpeg-cvslog/2017-January/104221.html
CVE-2018-4867
	RESERVED
CVE-2018-4866
	RESERVED
CVE-2018-4865
	RESERVED
CVE-2018-4864
	RESERVED
CVE-2018-4863 (Sophos Endpoint Protection 10.7 allows local users to bypass an ...)
	NOT-FOR-US: Sophos
CVE-2018-4862 (In Octopus Deploy versions 3.2.11 - 4.1.5 (fixed in 4.1.6), an ...)
	NOT-FOR-US: Octopus Deploy
CVE-2018-4861
	RESERVED
CVE-2018-4860
	RESERVED
CVE-2018-4859
	RESERVED
CVE-2018-4858
	RESERVED
CVE-2018-4857
	RESERVED
CVE-2018-4856
	RESERVED
CVE-2018-4855
	RESERVED
CVE-2018-4854
	RESERVED
CVE-2018-4853
	RESERVED
CVE-2018-4852
	RESERVED
CVE-2018-4851
	RESERVED
CVE-2018-4850 (A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4849 (A vulnerability has been identified in Siveillance VMS Video for ...)
	NOT-FOR-US: Siveillance VMS Video
CVE-2018-4848
	RESERVED
CVE-2018-4847 (A vulnerability has been identified in SIMATIC WinCC OA Operator iOS ...)
	NOT-FOR-US: SIMATIC WinCC OA Operator iOS App
CVE-2018-4846
	RESERVED
CVE-2018-4845
	RESERVED
CVE-2018-4844 (A vulnerability has been identified in SIMATIC WinCC OA UI for Android ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4843 (A vulnerability has been identified in SIMATIC CP 343-1 Advanced (All ...)
	NOT-FOR-US: SIMATIC
CVE-2018-4842
	RESERVED
CVE-2018-4841 (A vulnerability has been identified in TIM 1531 IRC (All versions &lt; ...)
	NOT-FOR-US: TIM
CVE-2018-4840 (A vulnerability has been identified in Siemens DIGSI 4 (All versions &lt; ...)
	NOT-FOR-US: Siemens
CVE-2018-4839 (A vulnerability has been identified in Siemens DIGSI 4 (All versions &lt; ...)
	NOT-FOR-US: Siemens
CVE-2018-4838 (A vulnerability has been identified in Siemens EN100 Ethernet module ...)
	NOT-FOR-US: Siemens
CVE-2018-4837 (A vulnerability has been identified in TeleControl Server Basic &lt; ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4836 (A vulnerability has been identified in TeleControl Server Basic &lt; ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4835 (A vulnerability has been identified in TeleControl Server Basic &lt; ...)
	NOT-FOR-US: Siemens / TeleControl Server Basic
CVE-2018-4834 (A vulnerability has been identified in Desigo Automation Controllers ...)
	NOT-FOR-US: Desigo
CVE-2018-4833
	RESERVED
CVE-2018-4832 (A vulnerability has been identified in OpenPCS 7 V7.1 and earlier (All ...)
	NOT-FOR-US: Siemens
CVE-2018-4831
	RESERVED
CVE-2018-4830
	RESERVED
CVE-2018-4829
	RESERVED
CVE-2018-4828
	RESERVED
CVE-2018-4827
	RESERVED
CVE-2018-4826
	RESERVED
CVE-2018-4825
	RESERVED
CVE-2018-4824
	RESERVED
CVE-2018-4823
	RESERVED
CVE-2018-4822
	RESERVED
CVE-2018-4821
	RESERVED
CVE-2018-4820
	RESERVED
CVE-2018-4819
	RESERVED
CVE-2018-4818
	RESERVED
CVE-2018-4817
	RESERVED
CVE-2018-4816
	RESERVED
CVE-2018-4815
	RESERVED
CVE-2018-4814
	RESERVED
CVE-2018-4813
	RESERVED
CVE-2018-4812
	RESERVED
CVE-2018-4811
	RESERVED
CVE-2018-4810
	RESERVED
CVE-2018-4809
	RESERVED
CVE-2018-4808
	RESERVED
CVE-2018-4807
	RESERVED
CVE-2018-4806
	RESERVED
CVE-2018-4805
	RESERVED
CVE-2018-4804
	RESERVED
CVE-2018-4803
	RESERVED
CVE-2018-4802
	RESERVED
CVE-2018-4801
	RESERVED
CVE-2018-4800
	RESERVED
CVE-2018-4799
	RESERVED
CVE-2018-4798
	RESERVED
CVE-2018-4797
	RESERVED
CVE-2018-4796
	RESERVED
CVE-2018-4795
	RESERVED
CVE-2018-4794
	RESERVED
CVE-2018-4793
	RESERVED
CVE-2018-4792
	RESERVED
CVE-2018-4791
	RESERVED
CVE-2018-4790
	RESERVED
CVE-2018-4789
	RESERVED
CVE-2018-4788
	RESERVED
CVE-2018-4787
	RESERVED
CVE-2018-4786
	RESERVED
CVE-2018-4785
	RESERVED
CVE-2018-4784
	RESERVED
CVE-2018-4783
	RESERVED
CVE-2018-4782
	RESERVED
CVE-2018-4781
	RESERVED
CVE-2018-4780
	RESERVED
CVE-2018-4779
	RESERVED
CVE-2018-4778
	RESERVED
CVE-2018-4777
	RESERVED
CVE-2018-4776
	RESERVED
CVE-2018-4775
	RESERVED
CVE-2018-4774
	RESERVED
CVE-2018-4773
	RESERVED
CVE-2018-4772
	RESERVED
CVE-2018-4771
	RESERVED
CVE-2018-4770
	RESERVED
CVE-2018-4769
	RESERVED
CVE-2018-4768
	RESERVED
CVE-2018-4767
	RESERVED
CVE-2018-4766
	RESERVED
CVE-2018-4765
	RESERVED
CVE-2018-4764
	RESERVED
CVE-2018-4763
	RESERVED
CVE-2018-4762
	RESERVED
CVE-2018-4761
	RESERVED
CVE-2018-4760
	RESERVED
CVE-2018-4759
	RESERVED
CVE-2018-4758
	RESERVED
CVE-2018-4757
	RESERVED
CVE-2018-4756
	RESERVED
CVE-2018-4755
	RESERVED
CVE-2018-4754
	RESERVED
CVE-2018-4753
	RESERVED
CVE-2018-4752
	RESERVED
CVE-2018-4751
	RESERVED
CVE-2018-4750
	RESERVED
CVE-2018-4749
	RESERVED
CVE-2018-4748
	RESERVED
CVE-2018-4747
	RESERVED
CVE-2018-4746
	RESERVED
CVE-2018-4745
	RESERVED
CVE-2018-4744
	RESERVED
CVE-2018-4743
	RESERVED
CVE-2018-4742
	RESERVED
CVE-2018-4741
	RESERVED
CVE-2018-4740
	RESERVED
CVE-2018-4739
	RESERVED
CVE-2018-4738
	RESERVED
CVE-2018-4737
	RESERVED
CVE-2018-4736
	RESERVED
CVE-2018-4735
	RESERVED
CVE-2018-4734
	RESERVED
CVE-2018-4733
	RESERVED
CVE-2018-4732
	RESERVED
CVE-2018-4731
	RESERVED
CVE-2018-4730
	RESERVED
CVE-2018-4729
	RESERVED
CVE-2018-4728
	RESERVED
CVE-2018-4727
	RESERVED
CVE-2018-4726
	RESERVED
CVE-2018-4725
	RESERVED
CVE-2018-4724
	RESERVED
CVE-2018-4723
	RESERVED
CVE-2018-4722
	RESERVED
CVE-2018-4721
	RESERVED
CVE-2018-4720
	RESERVED
CVE-2018-4719
	RESERVED
CVE-2018-4718
	RESERVED
CVE-2018-4717
	RESERVED
CVE-2018-4716
	RESERVED
CVE-2018-4715
	RESERVED
CVE-2018-4714
	RESERVED
CVE-2018-4713
	RESERVED
CVE-2018-4712
	RESERVED
CVE-2018-4711
	RESERVED
CVE-2018-4710
	RESERVED
CVE-2018-4709
	RESERVED
CVE-2018-4708
	RESERVED
CVE-2018-4707
	RESERVED
CVE-2018-4706
	RESERVED
CVE-2018-4705
	RESERVED
CVE-2018-4704
	RESERVED
CVE-2018-4703
	RESERVED
CVE-2018-4702
	RESERVED
CVE-2018-4701
	RESERVED
CVE-2018-4700
	RESERVED
CVE-2018-4699
	RESERVED
CVE-2018-4698
	RESERVED
CVE-2018-4697
	RESERVED
CVE-2018-4696
	RESERVED
CVE-2018-4695
	RESERVED
CVE-2018-4694
	RESERVED
CVE-2018-4693
	RESERVED
CVE-2018-4692
	RESERVED
CVE-2018-4691
	RESERVED
CVE-2018-4690
	RESERVED
CVE-2018-4689
	RESERVED
CVE-2018-4688
	RESERVED
CVE-2018-4687
	RESERVED
CVE-2018-4686
	RESERVED
CVE-2018-4685
	RESERVED
CVE-2018-4684
	RESERVED
CVE-2018-4683
	RESERVED
CVE-2018-4682
	RESERVED
CVE-2018-4681
	RESERVED
CVE-2018-4680
	RESERVED
CVE-2018-4679
	RESERVED
CVE-2018-4678
	RESERVED
CVE-2018-4677
	RESERVED
CVE-2018-4676
	RESERVED
CVE-2018-4675
	RESERVED
CVE-2018-4674
	RESERVED
CVE-2018-4673
	RESERVED
CVE-2018-4672
	RESERVED
CVE-2018-4671
	RESERVED
CVE-2018-4670
	RESERVED
CVE-2018-4669
	RESERVED
CVE-2018-4668
	RESERVED
CVE-2018-4667
	RESERVED
CVE-2018-4666
	RESERVED
CVE-2018-4665
	RESERVED
CVE-2018-4664
	RESERVED
CVE-2018-4663
	RESERVED
CVE-2018-4662
	RESERVED
CVE-2018-4661
	RESERVED
CVE-2018-4660
	RESERVED
CVE-2018-4659
	RESERVED
CVE-2018-4658
	RESERVED
CVE-2018-4657
	RESERVED
CVE-2018-4656
	RESERVED
CVE-2018-4655
	RESERVED
CVE-2018-4654
	RESERVED
CVE-2018-4653
	RESERVED
CVE-2018-4652
	RESERVED
CVE-2018-4651
	RESERVED
CVE-2018-4650
	RESERVED
CVE-2018-4649
	RESERVED
CVE-2018-4648
	RESERVED
CVE-2018-4647
	RESERVED
CVE-2018-4646
	RESERVED
CVE-2018-4645
	RESERVED
CVE-2018-4644
	RESERVED
CVE-2018-4643
	RESERVED
CVE-2018-4642
	RESERVED
CVE-2018-4641
	RESERVED
CVE-2018-4640
	RESERVED
CVE-2018-4639
	RESERVED
CVE-2018-4638
	RESERVED
CVE-2018-4637
	RESERVED
CVE-2018-4636
	RESERVED
CVE-2018-4635
	RESERVED
CVE-2018-4634
	RESERVED
CVE-2018-4633
	RESERVED
CVE-2018-4632
	RESERVED
CVE-2018-4631
	RESERVED
CVE-2018-4630
	RESERVED
CVE-2018-4629
	RESERVED
CVE-2018-4628
	RESERVED
CVE-2018-4627
	RESERVED
CVE-2018-4626
	RESERVED
CVE-2018-4625
	RESERVED
CVE-2018-4624
	RESERVED
CVE-2018-4623
	RESERVED
CVE-2018-4622
	RESERVED
CVE-2018-4621
	RESERVED
CVE-2018-4620
	RESERVED
CVE-2018-4619
	RESERVED
CVE-2018-4618
	RESERVED
CVE-2018-4617
	RESERVED
CVE-2018-4616
	RESERVED
CVE-2018-4615
	RESERVED
CVE-2018-4614
	RESERVED
CVE-2018-4613
	RESERVED
CVE-2018-4612
	RESERVED
CVE-2018-4611
	RESERVED
CVE-2018-4610
	RESERVED
CVE-2018-4609
	RESERVED
CVE-2018-4608
	RESERVED
CVE-2018-4607
	RESERVED
CVE-2018-4606
	RESERVED
CVE-2018-4605
	RESERVED
CVE-2018-4604
	RESERVED
CVE-2018-4603
	RESERVED
CVE-2018-4602
	RESERVED
CVE-2018-4601
	RESERVED
CVE-2018-4600
	RESERVED
CVE-2018-4599
	RESERVED
CVE-2018-4598
	RESERVED
CVE-2018-4597
	RESERVED
CVE-2018-4596
	RESERVED
CVE-2018-4595
	RESERVED
CVE-2018-4594
	RESERVED
CVE-2018-4593
	RESERVED
CVE-2018-4592
	RESERVED
CVE-2018-4591
	RESERVED
CVE-2018-4590
	RESERVED
CVE-2018-4589
	RESERVED
CVE-2018-4588
	RESERVED
CVE-2018-4587
	RESERVED
CVE-2018-4586
	RESERVED
CVE-2018-4585
	RESERVED
CVE-2018-4584
	RESERVED
CVE-2018-4583
	RESERVED
CVE-2018-4582
	RESERVED
CVE-2018-4581
	RESERVED
CVE-2018-4580
	RESERVED
CVE-2018-4579
	RESERVED
CVE-2018-4578
	RESERVED
CVE-2018-4577
	RESERVED
CVE-2018-4576
	RESERVED
CVE-2018-4575
	RESERVED
CVE-2018-4574
	RESERVED
CVE-2018-4573
	RESERVED
CVE-2018-4572
	RESERVED
CVE-2018-4571
	RESERVED
CVE-2018-4570
	RESERVED
CVE-2018-4569
	RESERVED
CVE-2018-4568
	RESERVED
CVE-2018-4567
	RESERVED
CVE-2018-4566
	RESERVED
CVE-2018-4565
	RESERVED
CVE-2018-4564
	RESERVED
CVE-2018-4563
	RESERVED
CVE-2018-4562
	RESERVED
CVE-2018-4561
	RESERVED
CVE-2018-4560
	RESERVED
CVE-2018-4559
	RESERVED
CVE-2018-4558
	RESERVED
CVE-2018-4557
	RESERVED
CVE-2018-4556
	RESERVED
CVE-2018-4555
	RESERVED
CVE-2018-4554
	RESERVED
CVE-2018-4553
	RESERVED
CVE-2018-4552
	RESERVED
CVE-2018-4551
	RESERVED
CVE-2018-4550
	RESERVED
CVE-2018-4549
	RESERVED
CVE-2018-4548
	RESERVED
CVE-2018-4547
	RESERVED
CVE-2018-4546
	RESERVED
CVE-2018-4545
	RESERVED
CVE-2018-4544
	RESERVED
CVE-2018-4543
	RESERVED
CVE-2018-4542
	RESERVED
CVE-2018-4541
	RESERVED
CVE-2018-4540
	RESERVED
CVE-2018-4539
	RESERVED
CVE-2018-4538
	RESERVED
CVE-2018-4537
	RESERVED
CVE-2018-4536
	RESERVED
CVE-2018-4535
	RESERVED
CVE-2018-4534
	RESERVED
CVE-2018-4533
	RESERVED
CVE-2018-4532
	RESERVED
CVE-2018-4531
	RESERVED
CVE-2018-4530
	RESERVED
CVE-2018-4529
	RESERVED
CVE-2018-4528
	RESERVED
CVE-2018-4527
	RESERVED
CVE-2018-4526
	RESERVED
CVE-2018-4525
	RESERVED
CVE-2018-4524
	RESERVED
CVE-2018-4523
	RESERVED
CVE-2018-4522
	RESERVED
CVE-2018-4521
	RESERVED
CVE-2018-4520
	RESERVED
CVE-2018-4519
	RESERVED
CVE-2018-4518
	RESERVED
CVE-2018-4517
	RESERVED
CVE-2018-4516
	RESERVED
CVE-2018-4515
	RESERVED
CVE-2018-4514
	RESERVED
CVE-2018-4513
	RESERVED
CVE-2018-4512
	RESERVED
CVE-2018-4511
	RESERVED
CVE-2018-4510
	RESERVED
CVE-2018-4509
	RESERVED
CVE-2018-4508
	RESERVED
CVE-2018-4507
	RESERVED
CVE-2018-4506
	RESERVED
CVE-2018-4505
	RESERVED
CVE-2018-4504
	RESERVED
CVE-2018-4503
	RESERVED
CVE-2018-4502
	RESERVED
CVE-2018-4501
	RESERVED
CVE-2018-4500
	RESERVED
CVE-2018-4499
	RESERVED
CVE-2018-4498
	RESERVED
CVE-2018-4497
	RESERVED
CVE-2018-4496
	RESERVED
CVE-2018-4495
	RESERVED
CVE-2018-4494
	RESERVED
CVE-2018-4493
	RESERVED
CVE-2018-4492
	RESERVED
CVE-2018-4491
	RESERVED
CVE-2018-4490
	RESERVED
CVE-2018-4489
	RESERVED
CVE-2018-4488
	RESERVED
CVE-2018-4487
	RESERVED
CVE-2018-4486
	RESERVED
CVE-2018-4485
	RESERVED
CVE-2018-4484
	RESERVED
CVE-2018-4483
	RESERVED
CVE-2018-4482
	RESERVED
CVE-2018-4481
	RESERVED
CVE-2018-4480
	RESERVED
CVE-2018-4479
	RESERVED
CVE-2018-4478
	RESERVED
CVE-2018-4477
	RESERVED
CVE-2018-4476
	RESERVED
CVE-2018-4475
	RESERVED
CVE-2018-4474
	RESERVED
CVE-2018-4473
	RESERVED
CVE-2018-4472
	RESERVED
CVE-2018-4471
	RESERVED
CVE-2018-4470
	RESERVED
CVE-2018-4469
	RESERVED
CVE-2018-4468
	RESERVED
CVE-2018-4467
	RESERVED
CVE-2018-4466
	RESERVED
CVE-2018-4465
	RESERVED
CVE-2018-4464
	RESERVED
CVE-2018-4463
	RESERVED
CVE-2018-4462
	RESERVED
CVE-2018-4461
	RESERVED
CVE-2018-4460
	RESERVED
CVE-2018-4459
	RESERVED
CVE-2018-4458
	RESERVED
CVE-2018-4457
	RESERVED
CVE-2018-4456
	RESERVED
CVE-2018-4455
	RESERVED
CVE-2018-4454
	RESERVED
CVE-2018-4453
	RESERVED
CVE-2018-4452
	RESERVED
CVE-2018-4451
	RESERVED
CVE-2018-4450
	RESERVED
CVE-2018-4449
	RESERVED
CVE-2018-4448
	RESERVED
CVE-2018-4447
	RESERVED
CVE-2018-4446
	RESERVED
CVE-2018-4445
	RESERVED
CVE-2018-4444
	RESERVED
CVE-2018-4443
	RESERVED
CVE-2018-4442
	RESERVED
CVE-2018-4441
	RESERVED
CVE-2018-4440
	RESERVED
CVE-2018-4439
	RESERVED
CVE-2018-4438
	RESERVED
CVE-2018-4437
	RESERVED
CVE-2018-4436
	RESERVED
CVE-2018-4435
	RESERVED
CVE-2018-4434
	RESERVED
CVE-2018-4433
	RESERVED
CVE-2018-4432
	RESERVED
CVE-2018-4431
	RESERVED
CVE-2018-4430
	RESERVED
CVE-2018-4429
	RESERVED
CVE-2018-4428
	RESERVED
CVE-2018-4427
	RESERVED
CVE-2018-4426
	RESERVED
CVE-2018-4425
	RESERVED
CVE-2018-4424
	RESERVED
CVE-2018-4423
	RESERVED
CVE-2018-4422
	RESERVED
CVE-2018-4421
	RESERVED
CVE-2018-4420
	RESERVED
CVE-2018-4419
	RESERVED
CVE-2018-4418
	RESERVED
CVE-2018-4417
	RESERVED
CVE-2018-4416
	RESERVED
CVE-2018-4415
	RESERVED
CVE-2018-4414
	RESERVED
CVE-2018-4413
	RESERVED
CVE-2018-4412
	RESERVED
CVE-2018-4411
	RESERVED
CVE-2018-4410
	RESERVED
CVE-2018-4409
	RESERVED
CVE-2018-4408
	RESERVED
CVE-2018-4407
	RESERVED
CVE-2018-4406
	RESERVED
CVE-2018-4405
	RESERVED
CVE-2018-4404
	RESERVED
CVE-2018-4403
	RESERVED
CVE-2018-4402
	RESERVED
CVE-2018-4401
	RESERVED
CVE-2018-4400
	RESERVED
CVE-2018-4399
	RESERVED
CVE-2018-4398
	RESERVED
CVE-2018-4397
	RESERVED
CVE-2018-4396
	RESERVED
CVE-2018-4395
	RESERVED
CVE-2018-4394
	RESERVED
CVE-2018-4393
	RESERVED
CVE-2018-4392
	RESERVED
CVE-2018-4391
	RESERVED
CVE-2018-4390
	RESERVED
CVE-2018-4389
	RESERVED
CVE-2018-4388
	RESERVED
CVE-2018-4387
	RESERVED
CVE-2018-4386
	RESERVED
CVE-2018-4385
	RESERVED
CVE-2018-4384
	RESERVED
CVE-2018-4383
	RESERVED
CVE-2018-4382
	RESERVED
CVE-2018-4381
	RESERVED
CVE-2018-4380
	RESERVED
CVE-2018-4379
	RESERVED
CVE-2018-4378
	RESERVED
CVE-2018-4377
	RESERVED
CVE-2018-4376
	RESERVED
CVE-2018-4375
	RESERVED
CVE-2018-4374
	RESERVED
CVE-2018-4373
	RESERVED
CVE-2018-4372
	RESERVED
CVE-2018-4371
	RESERVED
CVE-2018-4370
	RESERVED
CVE-2018-4369
	RESERVED
CVE-2018-4368
	RESERVED
CVE-2018-4367
	RESERVED
CVE-2018-4366
	RESERVED
CVE-2018-4365
	RESERVED
CVE-2018-4364
	RESERVED
CVE-2018-4363
	RESERVED
CVE-2018-4362
	RESERVED
CVE-2018-4361
	RESERVED
CVE-2018-4360
	RESERVED
CVE-2018-4359
	RESERVED
CVE-2018-4358
	RESERVED
CVE-2018-4357
	RESERVED
CVE-2018-4356
	RESERVED
CVE-2018-4355
	RESERVED
CVE-2018-4354
	RESERVED
CVE-2018-4353
	RESERVED
CVE-2018-4352
	RESERVED
CVE-2018-4351
	RESERVED
CVE-2018-4350
	RESERVED
CVE-2018-4349
	RESERVED
CVE-2018-4348
	RESERVED
CVE-2018-4347
	RESERVED
CVE-2018-4346
	RESERVED
CVE-2018-4345
	RESERVED
CVE-2018-4344
	RESERVED
CVE-2018-4343
	RESERVED
CVE-2018-4342
	RESERVED
CVE-2018-4341
	RESERVED
CVE-2018-4340
	RESERVED
CVE-2018-4339
	RESERVED
CVE-2018-4338
	RESERVED
CVE-2018-4337
	RESERVED
CVE-2018-4336
	RESERVED
CVE-2018-4335
	RESERVED
CVE-2018-4334
	RESERVED
CVE-2018-4333
	RESERVED
CVE-2018-4332
	RESERVED
CVE-2018-4331
	RESERVED
CVE-2018-4330
	RESERVED
CVE-2018-4329
	RESERVED
CVE-2018-4328
	RESERVED
CVE-2018-4327
	RESERVED
CVE-2018-4326
	RESERVED
CVE-2018-4325
	RESERVED
CVE-2018-4324
	RESERVED
CVE-2018-4323
	RESERVED
CVE-2018-4322
	RESERVED
CVE-2018-4321
	RESERVED
CVE-2018-4320
	RESERVED
CVE-2018-4319
	RESERVED
CVE-2018-4318
	RESERVED
CVE-2018-4317
	RESERVED
CVE-2018-4316
	RESERVED
CVE-2018-4315
	RESERVED
CVE-2018-4314
	RESERVED
CVE-2018-4313
	RESERVED
CVE-2018-4312
	RESERVED
CVE-2018-4311
	RESERVED
CVE-2018-4310
	RESERVED
CVE-2018-4309
	RESERVED
CVE-2018-4308
	RESERVED
CVE-2018-4307
	RESERVED
CVE-2018-4306
	RESERVED
CVE-2018-4305
	RESERVED
CVE-2018-4304
	RESERVED
CVE-2018-4303
	RESERVED
CVE-2018-4302
	RESERVED
CVE-2018-4301
	RESERVED
CVE-2018-4300
	RESERVED
CVE-2018-4299
	RESERVED
CVE-2018-4298
	RESERVED
CVE-2018-4297
	RESERVED
CVE-2018-4296
	RESERVED
CVE-2018-4295
	RESERVED
CVE-2018-4294
	RESERVED
CVE-2018-4293
	RESERVED
CVE-2018-4292
	RESERVED
CVE-2018-4291
	RESERVED
CVE-2018-4290
	RESERVED
CVE-2018-4289
	RESERVED
CVE-2018-4288
	RESERVED
CVE-2018-4287
	RESERVED
CVE-2018-4286
	RESERVED
CVE-2018-4285
	RESERVED
CVE-2018-4284
	RESERVED
CVE-2018-4283
	RESERVED
CVE-2018-4282
	RESERVED
CVE-2018-4281
	RESERVED
CVE-2018-4280
	RESERVED
CVE-2018-4279
	RESERVED
CVE-2018-4278
	RESERVED
CVE-2018-4277
	RESERVED
CVE-2018-4276
	RESERVED
CVE-2018-4275
	RESERVED
CVE-2018-4274
	RESERVED
CVE-2018-4273
	RESERVED
CVE-2018-4272
	RESERVED
CVE-2018-4271
	RESERVED
CVE-2018-4270
	RESERVED
CVE-2018-4269
	RESERVED
CVE-2018-4268
	RESERVED
CVE-2018-4267
	RESERVED
CVE-2018-4266
	RESERVED
CVE-2018-4265
	RESERVED
CVE-2018-4264
	RESERVED
CVE-2018-4263
	RESERVED
CVE-2018-4262
	RESERVED
CVE-2018-4261
	RESERVED
CVE-2018-4260
	RESERVED
CVE-2018-4259
	RESERVED
CVE-2018-4258
	RESERVED
CVE-2018-4257
	RESERVED
CVE-2018-4256
	RESERVED
CVE-2018-4255
	RESERVED
CVE-2018-4254
	RESERVED
CVE-2018-4253
	RESERVED
CVE-2018-4252
	RESERVED
CVE-2018-4251
	RESERVED
CVE-2018-4250
	RESERVED
CVE-2018-4249
	RESERVED
CVE-2018-4248
	RESERVED
CVE-2018-4247
	RESERVED
CVE-2018-4246
	RESERVED
CVE-2018-4245
	RESERVED
CVE-2018-4244
	RESERVED
CVE-2018-4243
	RESERVED
CVE-2018-4242
	RESERVED
CVE-2018-4241
	RESERVED
CVE-2018-4240
	RESERVED
CVE-2018-4239
	RESERVED
CVE-2018-4238
	RESERVED
CVE-2018-4237
	RESERVED
CVE-2018-4236
	RESERVED
CVE-2018-4235
	RESERVED
CVE-2018-4234
	RESERVED
CVE-2018-4233
	RESERVED
CVE-2018-4232
	RESERVED
CVE-2018-4231
	RESERVED
CVE-2018-4230
	RESERVED
CVE-2018-4229
	RESERVED
CVE-2018-4228
	RESERVED
CVE-2018-4227
	RESERVED
CVE-2018-4226
	RESERVED
CVE-2018-4225
	RESERVED
CVE-2018-4224
	RESERVED
CVE-2018-4223
	RESERVED
CVE-2018-4222
	RESERVED
CVE-2018-4221
	RESERVED
CVE-2018-4220
	RESERVED
CVE-2018-4219
	RESERVED
CVE-2018-4218
	RESERVED
CVE-2018-4217
	RESERVED
CVE-2018-4216
	RESERVED
CVE-2018-4215
	RESERVED
CVE-2018-4214
	RESERVED
CVE-2018-4213
	RESERVED
CVE-2018-4212
	RESERVED
CVE-2018-4211
	RESERVED
CVE-2018-4210
	RESERVED
CVE-2018-4209
	RESERVED
CVE-2018-4208
	RESERVED
CVE-2018-4207
	RESERVED
CVE-2018-4206
	RESERVED
CVE-2018-4205
	RESERVED
CVE-2018-4204
	RESERVED
	- webkit2gtk 2.20.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4203
	RESERVED
CVE-2018-4202
	RESERVED
CVE-2018-4201
	RESERVED
CVE-2018-4200
	RESERVED
	- webkit2gtk 2.20.2-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4199
	RESERVED
CVE-2018-4198
	RESERVED
CVE-2018-4197
	RESERVED
CVE-2018-4196
	RESERVED
CVE-2018-4195
	RESERVED
CVE-2018-4194
	RESERVED
CVE-2018-4193
	RESERVED
CVE-2018-4192
	RESERVED
CVE-2018-4191
	RESERVED
CVE-2018-4190
	RESERVED
CVE-2018-4189
	RESERVED
CVE-2018-4188
	RESERVED
CVE-2018-4187
	RESERVED
CVE-2018-4186
	RESERVED
CVE-2018-4185
	RESERVED
CVE-2018-4184
	RESERVED
CVE-2018-4183
	RESERVED
CVE-2018-4182
	RESERVED
CVE-2018-4181
	RESERVED
CVE-2018-4180
	RESERVED
CVE-2018-4179
	RESERVED
CVE-2018-4178
	RESERVED
CVE-2018-4177
	RESERVED
CVE-2018-4176 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4175 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4174 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4173 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4172 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4171
	RESERVED
CVE-2018-4170 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4169
	RESERVED
CVE-2018-4168 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4167 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4166 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4165 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4164 (An issue was discovered in certain Apple products. Xcode before 9.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4163 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4162 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4161 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4160 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4159
	RESERVED
CVE-2018-4158 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4157 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4156 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4155 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4154 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4153
	RESERVED
CVE-2018-4152 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4151 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4150 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4149 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4148 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4147
	RESERVED
CVE-2018-4146 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4145
	RESERVED
CVE-2018-4144 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4143 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4142 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4141
	RESERVED
CVE-2018-4140 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4139 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4138 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: NVIDIA graphics driver for MacOS
CVE-2018-4137 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4136 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4135 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4134 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4133 (An issue was discovered in certain Apple products. Safari before 11.1 ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4132 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Intel graphics driver for MacOS
CVE-2018-4131 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4130 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4129 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4128 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4127 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4126
	RESERVED
CVE-2018-4125 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4124 (An issue was discovered in certain Apple products. iOS before 11.2.6 ...)
	NOT-FOR-US: Apple
CVE-2018-4123 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4122 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4121 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0004.html
	NOTE: Not covered by security support
CVE-2018-4120 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4119 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4118 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4117 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4116 (An issue was discovered in certain Apple products. Safari before 11.1 ...)
	NOT-FOR-US: Apple
CVE-2018-4115 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4114 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4113 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4112 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4111 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4110 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4109 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4108 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4107 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4106 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4105 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4104 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	NOT-FOR-US: Apple
CVE-2018-4103
	RESERVED
CVE-2018-4102 (An issue was discovered in certain Apple products. Safari before 11.1 ...)
	NOT-FOR-US: Apple
CVE-2018-4101 (An issue was discovered in certain Apple products. iOS before 11.3 is ...)
	- webkit2gtk 2.20.0-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2018-0003.html
	NOTE: Not covered by security support
CVE-2018-4100 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4099
	RESERVED
CVE-2018-4098 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4097 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4096 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4095 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple bluetoothd
	NOTE: https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
CVE-2018-4094 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4093 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4092 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4091 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4090 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4089 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4088 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2018-4087 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple bluetoothd
	NOTE: https://blog.zimperium.com/cve-2018-4087-poc-escaping-sandbox-misleading-bluetoothd/
CVE-2018-4086 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4085 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4084 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4083 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2018-4082 (An issue was discovered in certain Apple products. iOS before 11.2.5 ...)
	NOT-FOR-US: Apple
CVE-2018-4081
	RESERVED
CVE-2018-4080
	RESERVED
CVE-2018-4079
	RESERVED
CVE-2018-4078
	RESERVED
CVE-2018-4077
	RESERVED
CVE-2018-4076
	RESERVED
CVE-2018-4075
	RESERVED
CVE-2018-4074
	RESERVED
CVE-2018-4073
	RESERVED
CVE-2018-4072
	RESERVED
CVE-2018-4071
	RESERVED
CVE-2018-4070
	RESERVED
CVE-2018-4069
	RESERVED
CVE-2018-4068
	RESERVED
CVE-2018-4067
	RESERVED
CVE-2018-4066
	RESERVED
CVE-2018-4065
	RESERVED
CVE-2018-4064
	RESERVED
CVE-2018-4063
	RESERVED
CVE-2018-4062
	RESERVED
CVE-2018-4061
	RESERVED
CVE-2018-4060
	RESERVED
CVE-2018-4059
	RESERVED
CVE-2018-4058
	RESERVED
CVE-2018-4057
	RESERVED
CVE-2018-4056
	RESERVED
CVE-2018-4055
	RESERVED
CVE-2018-4054
	RESERVED
CVE-2018-4053
	RESERVED
CVE-2018-4052
	RESERVED
CVE-2018-4051
	RESERVED
CVE-2018-4050
	RESERVED
CVE-2018-4049
	RESERVED
CVE-2018-4048
	RESERVED
CVE-2018-4047
	RESERVED
CVE-2018-4046
	RESERVED
CVE-2018-4045
	RESERVED
CVE-2018-4044
	RESERVED
CVE-2018-4043
	RESERVED
CVE-2018-4042
	RESERVED
CVE-2018-4041
	RESERVED
CVE-2018-4040
	RESERVED
CVE-2018-4039
	RESERVED
CVE-2018-4038
	RESERVED
CVE-2018-4037
	RESERVED
CVE-2018-4036
	RESERVED
CVE-2018-4035
	RESERVED
CVE-2018-4034
	RESERVED
CVE-2018-4033
	RESERVED
CVE-2018-4032
	RESERVED
CVE-2018-4031
	RESERVED
CVE-2018-4030
	RESERVED
CVE-2018-4029
	RESERVED
CVE-2018-4028
	RESERVED
CVE-2018-4027
	RESERVED
CVE-2018-4026
	RESERVED
CVE-2018-4025
	RESERVED
CVE-2018-4024
	RESERVED
CVE-2018-4023
	RESERVED
CVE-2018-4022
	RESERVED
CVE-2018-4021
	RESERVED
CVE-2018-4020
	RESERVED
CVE-2018-4019
	RESERVED
CVE-2018-4018
	RESERVED
CVE-2018-4017
	RESERVED
CVE-2018-4016
	RESERVED
CVE-2018-4015
	RESERVED
CVE-2018-4014
	RESERVED
CVE-2018-4013
	RESERVED
CVE-2018-4012
	RESERVED
CVE-2018-4011
	RESERVED
CVE-2018-4010
	RESERVED
CVE-2018-4009
	RESERVED
CVE-2018-4008
	RESERVED
CVE-2018-4007
	RESERVED
CVE-2018-4006
	RESERVED
CVE-2018-4005
	RESERVED
CVE-2018-4004
	RESERVED
CVE-2018-4003
	RESERVED
CVE-2018-4002
	RESERVED
CVE-2018-4001
	RESERVED
CVE-2018-4000
	RESERVED
CVE-2018-3999
	RESERVED
CVE-2018-3998
	RESERVED
CVE-2018-3997
	RESERVED
CVE-2018-3996
	RESERVED
CVE-2018-3995
	RESERVED
CVE-2018-3994
	RESERVED
CVE-2018-3993
	RESERVED
CVE-2018-3992
	RESERVED
CVE-2018-3991
	RESERVED
CVE-2018-3990
	RESERVED
CVE-2018-3989
	RESERVED
CVE-2018-3988
	RESERVED
CVE-2018-3987
	RESERVED
CVE-2018-3986
	RESERVED
CVE-2018-3985
	RESERVED
CVE-2018-3984
	RESERVED
CVE-2018-3983
	RESERVED
CVE-2018-3982
	RESERVED
CVE-2018-3981
	RESERVED
CVE-2018-3980
	RESERVED
CVE-2018-3979
	RESERVED
CVE-2018-3978
	RESERVED
CVE-2018-3977
	RESERVED
CVE-2018-3976
	RESERVED
CVE-2018-3975
	RESERVED
CVE-2018-3974
	RESERVED
CVE-2018-3973
	RESERVED
CVE-2018-3972
	RESERVED
CVE-2018-3971
	RESERVED
CVE-2018-3970
	RESERVED
CVE-2018-3969
	RESERVED
CVE-2018-3968
	RESERVED
CVE-2018-3967
	RESERVED
CVE-2018-3966
	RESERVED
CVE-2018-3965
	RESERVED
CVE-2018-3964
	RESERVED
CVE-2018-3963
	RESERVED
CVE-2018-3962
	RESERVED
CVE-2018-3961
	RESERVED
CVE-2018-3960
	RESERVED
CVE-2018-3959
	RESERVED
CVE-2018-3958
	RESERVED
CVE-2018-3957
	RESERVED
CVE-2018-3956
	RESERVED
CVE-2018-3955
	RESERVED
CVE-2018-3954
	RESERVED
CVE-2018-3953
	RESERVED
CVE-2018-3952
	RESERVED
CVE-2018-3951
	RESERVED
CVE-2018-3950
	RESERVED
CVE-2018-3949
	RESERVED
CVE-2018-3948
	RESERVED
CVE-2018-3947
	RESERVED
CVE-2018-3946
	RESERVED
CVE-2018-3945
	RESERVED
CVE-2018-3944
	RESERVED
CVE-2018-3943
	RESERVED
CVE-2018-3942
	RESERVED
CVE-2018-3941
	RESERVED
CVE-2018-3940
	RESERVED
CVE-2018-3939
	RESERVED
CVE-2018-3938
	RESERVED
CVE-2018-3937
	RESERVED
CVE-2018-3936
	RESERVED
CVE-2018-3935
	RESERVED
CVE-2018-3934
	RESERVED
CVE-2018-3933
	RESERVED
CVE-2018-3932
	RESERVED
CVE-2018-3931
	RESERVED
CVE-2018-3930
	RESERVED
CVE-2018-3929
	RESERVED
CVE-2018-3928
	RESERVED
CVE-2018-3927
	RESERVED
CVE-2018-3926
	RESERVED
CVE-2018-3925
	RESERVED
CVE-2018-3924
	RESERVED
CVE-2018-3923
	RESERVED
CVE-2018-3922
	RESERVED
CVE-2018-3921
	RESERVED
CVE-2018-3920
	RESERVED
CVE-2018-3919
	RESERVED
CVE-2018-3918
	RESERVED
CVE-2018-3917
	RESERVED
CVE-2018-3916
	RESERVED
CVE-2018-3915
	RESERVED
CVE-2018-3914
	RESERVED
CVE-2018-3913
	RESERVED
CVE-2018-3912
	RESERVED
CVE-2018-3911
	RESERVED
CVE-2018-3910
	RESERVED
CVE-2018-3909
	RESERVED
CVE-2018-3908
	RESERVED
CVE-2018-3907
	RESERVED
CVE-2018-3906
	RESERVED
CVE-2018-3905
	RESERVED
CVE-2018-3904
	RESERVED
CVE-2018-3903
	RESERVED
CVE-2018-3902
	RESERVED
CVE-2018-3901
	RESERVED
CVE-2018-3900
	RESERVED
CVE-2018-3899
	RESERVED
CVE-2018-3898
	RESERVED
CVE-2018-3897
	RESERVED
CVE-2018-3896
	RESERVED
CVE-2018-3895
	RESERVED
CVE-2018-3894
	RESERVED
CVE-2018-3893
	RESERVED
CVE-2018-3892
	RESERVED
CVE-2018-3891
	RESERVED
CVE-2018-3890
	RESERVED
CVE-2018-3889 (A specially crafted PCX image processed via the application can lead ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3888 (A memory corruption vulnerability exists in the PCX-parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3887 (A memory corruption vulnerability exists in the PCX-parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3886 (A memory corruption vulnerability exists in the PCX-parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3885
	RESERVED
CVE-2018-3884
	RESERVED
CVE-2018-3883
	RESERVED
CVE-2018-3882
	RESERVED
CVE-2018-3881
	RESERVED
CVE-2018-3880
	RESERVED
CVE-2018-3879
	RESERVED
CVE-2018-3878
	RESERVED
CVE-2018-3877
	RESERVED
CVE-2018-3876
	RESERVED
CVE-2018-3875
	RESERVED
CVE-2018-3874
	RESERVED
CVE-2018-3873
	RESERVED
CVE-2018-3872
	RESERVED
CVE-2018-3871
	RESERVED
CVE-2018-3870
	RESERVED
CVE-2018-3869
	RESERVED
CVE-2018-3868 (A specially crafted TIFF image processed via the application can lead ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3867
	RESERVED
CVE-2018-3866
	RESERVED
CVE-2018-3865
	RESERVED
CVE-2018-3864
	RESERVED
CVE-2018-3863
	RESERVED
CVE-2018-3862 (A specially crafted TIFF image processed via the application can lead ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3861 (A specially crafted TIFF image processed via the application can lead ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2018-3860
	RESERVED
CVE-2018-3859
	RESERVED
CVE-2018-3858
	RESERVED
CVE-2018-3857
	RESERVED
CVE-2018-3856
	RESERVED
CVE-2018-3855 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3854
	RESERVED
CVE-2018-3853
	RESERVED
CVE-2018-3852
	RESERVED
CVE-2018-3851 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3850 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3849 (In the ffghtb function in NASA CFITSIO 3.42, specially crafted images ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3848 (In the ffghbn function in NASA CFITSIO 3.42, specially crafted images ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0531
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3847
	RESERVED
CVE-2018-3846 (In the ffgphd and ffgtkn functions in NASA CFITSIO 3.42, specially ...)
	- cfitsio 3.430-1 (low; bug #892458)
	[stretch] - cfitsio <no-dsa> (Minor issue)
	[jessie] - cfitsio <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0529
	NOTE: Mitigated to a crash due to hardened build flags
CVE-2018-3845 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3844 (In Hyland Perceptive Document Filters 11.4.0.2647 - x86/x64 ...)
	NOT-FOR-US: Hyland Perceptive Document Filters
CVE-2018-3843 (An exploitable type confusion vulnerability exists in the way Foxit ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3842 (An exploitable use of an uninitialized pointer vulnerability exists in ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2018-3841
	RESERVED
CVE-2018-3840
	RESERVED
CVE-2018-3839 (An exploitable code execution vulnerability exists in the XCF image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/fb643e371806910f1973abfdfe7f981e8dba60f5
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0521
CVE-2018-3838 (An exploitable information vulnerability exists in the XCF image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/c5f9cbb5d2bbcb2150ba0596ea56b49efeed660d
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0520
CVE-2018-3837 (An exploitable information disclosure vulnerability exists in the PCX ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://hg.libsdl.org/SDL_image/rev/2938fc80591abeae74b971cbdf966eff3213297e
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0519
CVE-2018-7442 (An issue was discovered in Leptonica through 1.75.3. The ...)
	- leptonlib 1.76.0-1 (bug #898439)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	[wheezy] - leptonlib <ignored> (Minor issue)
	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00086.html
CVE-2018-7441 (Leptonica through 1.75.3 uses hardcoded /tmp pathnames, which might ...)
	- leptonlib 1.76.0-1 (unimportant)
	NOTE: https://lists.debian.org/debian-lts/2018/02/msg00054.html
	NOTE: Neutralised by kernel hardening
CVE-2017-18196 (Leptonica 1.74.4 constructs unintended pathnames (containing duplicated ...)
	- leptonlib 1.74.4-2 (low; bug #885704)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <not-affected> (Vulnerable code not present)
	[wheezy] - leptonlib <not-affected> (Vulnerable code not present)
CVE-2018-7440 (An issue was discovered in Leptonica through 1.75.3. The ...)
	{DLA-1302-1}
	- leptonlib 1.75.3-3 (bug #891932)
	[stretch] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied)
	[jessie] - leptonlib <not-affected> (Incomplete fix for CVE-2018-3836 not applied)
	NOTE: https://github.com/DanBloomberg/leptonica/issues/303#issuecomment-366472212
	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
CVE-2018-3836 (An exploitable command injection vulnerability exists in the ...)
	{DLA-1284-1}
	- leptonlib 1.75.3-1 (bug #889759)
	[stretch] - leptonlib <no-dsa> (Minor issue)
	[jessie] - leptonlib <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0516
	NOTE: https://github.com/DanBloomberg/leptonica/issues/303
	NOTE: When fixing this issue make sure the fix is complete and includes as well
	NOTE: https://github.com/DanBloomberg/leptonica/pull/313/commits/49ecb6c2dfd6ed5078c62f4a8eeff03e3beced3b
	NOTE: to not open CVE-2018-7440.
CVE-2018-3835 (An exploitable out of bounds write vulnerability exists in version 2.2 ...)
	NOT-FOR-US: Per Face Texture (PTEX)
CVE-2018-3834
	RESERVED
CVE-2018-3833
	RESERVED
CVE-2018-3832
	RESERVED
CVE-2018-3831
	RESERVED
CVE-2018-3830
	RESERVED
CVE-2018-3829
	RESERVED
CVE-2018-3828
	RESERVED
CVE-2018-3827
	RESERVED
CVE-2018-3826
	RESERVED
CVE-2018-3825
	RESERVED
CVE-2018-3824
	RESERVED
CVE-2018-3823
	RESERVED
CVE-2018-3822 (X-Pack Security versions 6.2.0, 6.2.1, and 6.2.2 are vulnerable to a ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2018-3821 (Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a ...)
	- kibana <itp> (bug #700337)
CVE-2018-3820 (Kibana versions after 6.1.0 and before 6.1.3 had a cross-site ...)
	- kibana <itp> (bug #700337)
CVE-2018-3819 (The fix in Kibana for ESA-2017-23 was incomplete. With X-Pack security ...)
	- kibana <itp> (bug #700337)
CVE-2018-3818 (Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting ...)
	- kibana <itp> (bug #700337)
CVE-2018-3817 (When logging warnings regarding deprecated settings, Logstash before ...)
	- logstash <itp> (bug #664841)
CVE-2017-18017 (The tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c in the ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.11.6-1
	[stretch] - linux 4.9.47-1
	NOTE: Fixed by: https://git.kernel.org/linus/2638fd0f92d4397884fd991d8f4925cb3f081901
CVE-2017-18016 (Parity Browser 1.6.10 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Paritytech Parity Ethereum
CVE-2017-1000493 (Rocket.Chat Server version 0.59 and prior is vulnerable to a NoSQL ...)
	NOT-FOR-US: Rocket.Chat Server
CVE-2017-1000492 (Leanote-desktop version v2.5 is vulnerable to a XSS which leads to ...)
	NOT-FOR-US: Leanote-desktop
CVE-2017-1000491 (Shiba markdown live preview app version 1.1.0 is vulnerable to XSS ...)
	NOT-FOR-US: Shiba markdown live preview app
CVE-2017-1000466 (Invoice Ninja version 3.8.1 is vulnerable to stored cross-site ...)
	NOT-FOR-US: Invoice Ninja
CVE-2017-1000463 (Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site ...)
	NOT-FOR-US: Leafpub
CVE-2017-1000459 (Leanote version &lt;= 2.5 is vulnerable to XSS due to not sanitized input ...)
	NOT-FOR-US: Leanote
CVE-2017-1000438 (In OMERO 5.3.3 or earlier a user could create an OriginalFile and ...)
	NOT-FOR-US: OMERO
CVE-2017-1000437 (Creolabs Gravity 1.0 contains a stack based buffer overflow in the ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000434 (Wordpress plugin Furikake version 0.1.0 is vulnerable to an Open ...)
	NOT-FOR-US: Wordpress plugin Furikake
CVE-2017-1000433 (pysaml2 version 4.4.0 and older accept any password when run with ...)
	- python-pysaml2 <unfixed> (bug #886423)
	NOTE: https://github.com/rohe/pysaml2/issues/451
	NOTE: Fixed by: https://github.com/rohe/pysaml2/commit/6312a41e037954850867f29d329e5007df1424a5
CVE-2017-1000432 (Vanilla Forums below 2.1.5 are affected by CSRF leading to Deleting ...)
	NOT-FOR-US: Vanilla Forums
CVE-2017-1000427 (marked version 0.3.6 and earlier is vulnerable to an XSS attack in the ...)
	- node-marked 0.3.9+dfsg-1 (unimportant; bug #886451)
	NOTE: https://github.com/chjj/marked/commit/cd2f6f5b7091154c5526e79b5f3bfb4d15995a51
	NOTE: nodejs not covered by security support
CVE-2017-1000426 (MapProxy version 1.10.3 and older is vulnerable to a Cross Site ...)
	- mapproxy 1.10.4-1 (low)
	[stretch] - mapproxy 1.9.0-3+deb9u1
	NOTE: https://github.com/mapproxy/mapproxy/issues/322
	NOTE: https://github.com/mapproxy/mapproxy/commit/2e102843203c11b02c002daa08ca59d05d5eff5a (master)
	NOTE: https://github.com/mapproxy/mapproxy/commit/87faa667007b00ef11ee09b16707aa9ad2e8da28 (1.10.x)
CVE-2017-1000425 (Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp ...)
	NOT-FOR-US: Liferay Portal CE
CVE-2017-1000458 (Bro before Bro v2.5.2 is vulnerable to an out of bounds write in the ...)
	- bro 2.5.2-1
	[stretch] - bro <no-dsa> (Minor issue)
	NOTE: https://bro-tracker.atlassian.net/browse/BIT-1856
	NOTE: https://github.com/bro/bro/commit/6c0f101a62489b1c5927b4ed63b0e1d37db40282
CVE-2017-1000457 (Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal ...)
	NOT-FOR-US: mojoPortal
CVE-2017-1000456 (freedesktop.org libpoppler 0.60.1 fails to validate boundaries in ...)
	{DSA-4097-1 DLA-1228-1}
	- poppler 0.61.1-2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103116
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=7ee9dadef37b20bca707a6b1e858e17d191e368b
CVE-2017-1000455 (GuixSD prior to Git commit 5e66574a128937e7f2fcf146d146225703ccfd5d ...)
	- guix <itp> (bug #850644)
	NOTE: https://lists.gnu.org/archive/html/guix-devel/2017-10/msg00090.html
CVE-2017-1000454 (CMS Made Simple 2.1.6, 2.2, 2.2.1 are vulnerable to Smarty Template ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-1000453 (CMS Made Simple version 2.1.6 and 2.2 are vulnerable to Smarty ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-1000452 (An XML Signature Wrapping vulnerability exists in Samlify 2.2.0 and ...)
	NOT-FOR-US: Samlify
CVE-2017-1000451 (fs-git is a file system like api for git repository. The fs-git ...)
	NOT-FOR-US: fs-git
CVE-2017-1000450 (In opencv/modules/imgcodecs/src/utils.cpp, functions FillUniColor and ...)
	{DLA-1235-1}
	- opencv <unfixed> (bug #886282)
	NOTE: https://github.com/opencv/opencv/issues/9723
	NOTE: https://github.com/blendin/pocs/blob/master/opencv/0.OOB_Write_FillUniColor
	NOTE: https://github.com/opencv/opencv/pull/9726
CVE-2017-1000449
	REJECTED
CVE-2017-1000448 (Structured Data Linter versions 2.4.1 and older are vulnerable to a ...)
	NOT-FOR-US: Structured Data Linter
CVE-2017-1000445 (ImageMagick 7.0.7-1 and older version are vulnerable to null pointer ...)
	{DLA-1229-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886281)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/775
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/441fde32557eb3cec573b0f877ac324173feed7f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/839a14e43d0c88db7b3fffe8aa4ec57d80c93623
CVE-2017-1000444 (Eleix Openhacker version 0.1.47 is vulnerable to an SQL injection in ...)
	NOT-FOR-US: Eleix Openhacker
CVE-2017-1000443 (Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability ...)
	NOT-FOR-US: Eleix Openhacker
CVE-2017-1000442 (Passbolt API version 1.6.4 and older are vulnerable to a XSS in the ...)
	NOT-FOR-US: Passbolt API
CVE-2017-1000431 (eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is ...)
	NOT-FOR-US: eZ Systems eZ Publish
CVE-2017-1000430 (rust-base64 version &lt;= 0.5.1 is vulnerable to a buffer overflow when ...)
	NOTE: https://github.com/RustSec/advisory-db/blob/master/crates/base64/RUSTSEC-2017-0004.toml
	NOT-FOR-US: rust-base64
CVE-2017-1000424 (Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable ...)
	- electron <itp> (bug #842420)
CVE-2017-1000423 (b2evolution version 6.6.0 - 6.8.10 is vulnerable to input validation ...)
	- b2evolution <removed>
CVE-2017-1000422 (Gnome gdk-pixbuf 2.36.8 and older is vulnerable to several integer ...)
	{DSA-4088-1 DLA-1234-1}
	- gdk-pixbuf 2.36.11-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785973
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e066ba37439d402ce46afbc1311530a4ec61
CVE-2017-1000421 (Gifsicle gifview 1.89 and older is vulnerable to a use-after-free in ...)
	{DSA-4084-1 DLA-1233-1}
	- gifsicle 1.90-1
	NOTE: https://github.com/kohler/gifsicle/issues/114
	NOTE: https://github.com/kohler/gifsicle/commit/81fd7823f6d9c85ab598bc850e40382068361185
CVE-2017-1000420 (Syncthing version 0.14.33 and older is vulnerable to symlink traversal ...)
	- syncthing 0.14.36+ds1-1
	[stretch] - syncthing <no-dsa> (Minor issue)
	NOTE: https://github.com/syncthing/syncthing/commit/1f09488a0f1fdca07076b007b9789f23a6df1060 (v0.14.34)
	NOTE: https://github.com/syncthing/syncthing/commit/a0f771c221f6ef18fcc496e736670d85f36b8dec
	NOTE: https://github.com/syncthing/syncthing/issues/4286
CVE-2017-1000419 (phpBB version 3.2.0 is vulnerable to SSRF in the Remote Avatar ...)
	- phpbb3 <removed>
	[jessie] - phpbb3 <not-affected> (Vulnerable code not present)
	[wheezy] - phpbb3 <not-affected> (Vulnerable code not present)
CVE-2017-1000418 (The WildMidi_Open function in WildMIDI since commit ...)
	- wildmidi 0.4.2-1 (bug #886503)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (Vulnerable code introduced later)
	[wheezy] - wildmidi <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Mindwerks/wildmidi/issues/178
	NOTE: https://github.com/Mindwerks/wildmidi/commit/814f31d8eceda8401eb812fc2e94ed143fdad0ab
CVE-2017-1000413 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...)
	NOT-FOR-US: OP-TEE
CVE-2017-1000412 (Linaro's open source TEE solution called OP-TEE, version 2.4.0 (and ...)
	NOT-FOR-US: OP-TEE
CVE-2018-3816
	RESERVED
CVE-2018-3815 (The &quot;XML Interface to Messaging, Scheduling, and Signaling&quot; (XIMSS) ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2017-18015 (The ILLID Share This Image plugin before 1.04 for WordPress has XSS via ...)
	NOT-FOR-US: ILLID Share This Image plugin for WordPress
CVE-2017-18014 (An NC-25986 issue was discovered in the Logging subsystem of Sophos XG ...)
	NOT-FOR-US: Sophos
CVE-2018-3814 (Craft CMS 2.6.3000 allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: Craft CMS
CVE-2018-3813 (getConfigExportFile.cgi on FLIR Brickstream 2300 devices 2.0 4.1.53.166 ...)
	NOT-FOR-US: FLIR Brickstream 2300 devices
CVE-2018-3812
	RESERVED
CVE-2018-3811 (SQL Injection vulnerability in the Oturia Smart Google Code Inserter ...)
	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
CVE-2018-3810 (Authentication Bypass vulnerability in the Oturia Smart Google Code ...)
	NOT-FOR-US: Oturia Smart Google Code Inserter plugin for WordPress
CVE-2017-18013 (In LibTIFF 4.0.9, there is a Null-Pointer Dereference in the ...)
	{DSA-4100-1 DLA-1260-1 DLA-1259-1}
	- tiff 4.0.9-3 (bug #885985)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2770
	NOTE: https://gitlab.com/libtiff/libtiff/commit/c6f41df7b581402dfba3c19a1e3df4454c551a01
CVE-2017-18012 (The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the ...)
	NOT-FOR-US: Z-URL Preview plugin for WordPress
CVE-2017-18011 (The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 ...)
	NOT-FOR-US: MyCBGenie Affiliate Ads for Clickbank Products plugin WordPress
CVE-2017-18010 (The E-goi Smart Marketing SMS and Newsletters Forms plugin before ...)
	NOT-FOR-US: E-goi Smart Marketing SMS and Newsletters Forms plugin for WordPress
CVE-2017-18009 (In OpenCV 3.3.1, a heap-based buffer over-read exists in the function ...)
	- opencv <unfixed>
	[stretch] - opencv <not-affected> (Vulnerable code introduced later)
	[jessie] - opencv <not-affected> (Vulnerable code introduced later)
	[wheezy] - opencv <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/opencv/opencv/issues/10479
	NOTE: Introduced after: https://github.com/opencv/opencv/commit/7469c935f3ec8e9fe4f56b7eed07b284b7b7b5df
CVE-2017-18008 (In ImageMagick 7.0.7-17 Q16, there is a Memory Leak in ReadPWPImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/921
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1a5f95fc018a5667de5a9448aee9d7251b2eb952
CVE-2017-18007
	RESERVED
CVE-2017-18006 (netpub/server.np in Extensis Portfolio NetPublish has XSS in the ...)
	NOT-FOR-US: Extensis Portfolio NetPublish
CVE-2017-18005 (Exiv2 0.26 has a Null Pointer Dereference in the ...)
	- exiv2 <unfixed> (low; bug #885981)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/168
	NOTE: Fixed via: https://github.com/Exiv2/exiv2/pull/199
CVE-2017-18004 (Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to ...)
	NOT-FOR-US: Zurmo
CVE-2017-18003
	RESERVED
CVE-2017-18002
	RESERVED
CVE-2017-18001 (Trustwave Secure Web Gateway (SWG) through 11.8.0.27 allows remote ...)
	NOT-FOR-US: Trustwave Secure Web Gateway
CVE-2016-10704 (Magento Community Edition and Enterprise Edition before 2.0.10 and ...)
	NOT-FOR-US: Magento
CVE-2017-18000
	RESERVED
CVE-2017-17999 (SQL injection vulnerability in RISE Ultimate Project Manager 1.9 ...)
	NOT-FOR-US: RISE Ultimate Project Manager
CVE-2017-17998
	RESERVED
CVE-2017-17997 (In Wireshark before 2.2.12, the MRDISC dissector misuses a NULL ...)
	- wireshark 2.4.0-1
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2018-02.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14299
	NOTE: https://code.wireshark.org/review/#/c/25063/
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=80a695869c9aef2fb473d9361da068022be7cb50
CVE-2017-17996 (A buffer overflow vulnerability in &quot;Add command&quot; functionality exists ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-17995 (Biometric Shift Employee Management System has XSS via the Last_Name ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17994 (Biometric Shift Employee Management System has XSS via the criteria ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17993 (Biometric Shift Employee Management System has XSS via the amount ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17992 (Biometric Shift Employee Management System allows Arbitrary File ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17991 (Biometric Shift Employee Management System has XSS via the expense_name ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17990 (Biometric Shift Employee Management System has CSRF via index.php in an ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17989 (Biometric Shift Employee Management System has XSS via the index.php ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17988 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17987 (PHP Scripts Mall Muslim Matrimonial Script allows arbitrary file upload ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17986 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17985 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17984 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17983 (PHP Scripts Mall Muslim Matrimonial Script has SQL injection via the ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17982 (PHP Scripts Mall Muslim Matrimonial Script has CSRF via ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17981 (PHP Scripts Mall Muslim Matrimonial Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Muslim Matrimonial Script
CVE-2017-17980
	RESERVED
CVE-2017-17979
	RESERVED
CVE-2017-17978
	RESERVED
CVE-2017-17977
	RESERVED
CVE-2017-17976 (In Utilities.php in Perfex CRM 1.9.7, Unrestricted file upload can ...)
	NOT-FOR-US: Perfex CRM
CVE-2017-17975 (Use-after-free in the usbtv_probe function in ...)
	{DSA-4188-1}
	- linux 4.15.17-1
	[jessie] - linux <not-affected> (Vulnerable code path not present)
	[wheezy] - linux <not-affected> (Vulnerable code path not present)
CVE-2017-17974 (BA SYSTEMS BAS Web on BAS920 devices (with Firmware 01.01.00*, HTTPserv ...)
	NOT-FOR-US: BA SYSTEMS BAS Web on BAS920 devices
CVE-2017-17973 (** DISPUTED ** In LibTIFF 4.0.8, there is a heap-based use-after-free ...)
	- tiff <unfixed> (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2769
	NOTE: Details on the issue are not confirmed by the reporter after several attempts
	NOTE: and this does like a non-issue. More reprodicibly reports are from SUSE in
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1074318#c5 claiming this might be
	NOTE: a duplicate of CVE-2017-9935. Unless the reporter provides more details on
	NOTE: upstream report go and consider this as non-issue.
CVE-2017-1000447
	REJECTED
CVE-2017-1000446
	REJECTED
CVE-2017-1000440
	REJECTED
CVE-2017-1000436
	REJECTED
CVE-2017-1000435
	REJECTED
CVE-2017-1000501 (Awstats version 7.6 and earlier is vulnerable to a path traversal flaw ...)
	{DSA-4092-1 DLA-1238-1}
	- awstats 7.6+dfsg-2 (bug #885835)
	NOTE: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
	NOTE: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
CVE-2017-17972
	RESERVED
CVE-2017-17971 (The test_sql_and_script_inject function in htdocs/main.inc.php in ...)
	- dolibarr <removed> (bug #885828)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/issues/8000
CVE-2018-3809
	RESERVED
CVE-2018-3808
	RESERVED
CVE-2018-3807
	RESERVED
CVE-2018-3806
	RESERVED
CVE-2018-3805
	RESERVED
CVE-2018-3804
	RESERVED
CVE-2018-3803
	RESERVED
CVE-2018-3802
	RESERVED
CVE-2018-3801
	RESERVED
CVE-2018-3800
	RESERVED
CVE-2018-3799
	RESERVED
CVE-2018-3798
	RESERVED
CVE-2018-3797
	RESERVED
CVE-2018-3796
	RESERVED
CVE-2018-3795
	RESERVED
CVE-2018-3794
	RESERVED
CVE-2018-3793
	RESERVED
CVE-2018-3792
	RESERVED
CVE-2018-3791
	RESERVED
CVE-2018-3790
	RESERVED
CVE-2018-3789
	RESERVED
CVE-2018-3788
	RESERVED
CVE-2018-3787
	RESERVED
CVE-2018-3786
	RESERVED
CVE-2018-3785
	RESERVED
CVE-2018-3784
	RESERVED
CVE-2018-3783
	RESERVED
CVE-2018-3782
	RESERVED
CVE-2018-3781
	RESERVED
CVE-2018-3780
	RESERVED
CVE-2018-3779
	RESERVED
CVE-2018-3778
	RESERVED
CVE-2018-3777
	RESERVED
CVE-2018-3776
	RESERVED
CVE-2018-3775
	RESERVED
CVE-2018-3774
	RESERVED
CVE-2018-3773
	RESERVED
CVE-2018-3772
	RESERVED
CVE-2018-3771
	RESERVED
CVE-2018-3770
	RESERVED
CVE-2018-3769
	RESERVED
CVE-2018-3768
	RESERVED
CVE-2018-3767
	RESERVED
CVE-2018-3766
	RESERVED
CVE-2018-3765
	RESERVED
CVE-2018-3764
	RESERVED
CVE-2018-3763
	RESERVED
CVE-2018-3762
	RESERVED
CVE-2018-3761
	RESERVED
CVE-2018-3760
	RESERVED
CVE-2018-3759
	RESERVED
CVE-2018-3758
	RESERVED
CVE-2018-3757
	RESERVED
CVE-2018-3756
	RESERVED
CVE-2018-3755
	RESERVED
CVE-2018-3754
	RESERVED
CVE-2018-3753
	RESERVED
CVE-2018-3752
	RESERVED
CVE-2018-3751
	RESERVED
CVE-2018-3750 [Prototype pollution can allow attackers to modify object properties]
	RESERVED
	- node-deep-extend <unfixed> (unimportant)
	NOTE: https://nodesecurity.io/advisories/612
	NOTE: nodejs not covered by security support
CVE-2018-3749
	RESERVED
CVE-2018-3748
	RESERVED
CVE-2018-3747
	RESERVED
CVE-2018-3746
	RESERVED
CVE-2018-3745
	RESERVED
CVE-2018-3744
	RESERVED
CVE-2018-3743
	RESERVED
CVE-2018-3742
	RESERVED
CVE-2018-3741 (There is a possible XSS vulnerability in all rails-html-sanitizer gem ...)
	- ruby-rails-html-sanitizer 1.0.4-1 (bug #893994)
	NOTE: https://github.com/rails/rails-html-sanitizer/commit/f3ba1a839a35f2ba7f941c15e239a1cb379d56ae
CVE-2018-3740 (A specially crafted HTML fragment can cause Sanitize gem for Ruby to ...)
	- ruby-sanitize <unfixed> (bug #893610)
	NOTE: https://github.com/rgrove/sanitize/issues/176
	NOTE: https://github.com/rgrove/sanitize/commit/01629a162e448a83d901456d0ba8b65f3b03d46e
	NOTE: Only an issue in combination with libxml2 >= 2.9.2
	NOTE: The 'fragment' method was renamed from 'clean' method in earlier version
	NOTE: in v3.0.0
CVE-2018-3739
	RESERVED
CVE-2018-3738
	RESERVED
CVE-2018-3737
	RESERVED
CVE-2018-3736
	RESERVED
CVE-2018-3735
	RESERVED
CVE-2018-3734
	RESERVED
CVE-2018-3733
	RESERVED
CVE-2018-3732
	RESERVED
CVE-2018-3731
	RESERVED
CVE-2018-3730
	RESERVED
CVE-2018-3729
	RESERVED
CVE-2018-3728 (hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of ...)
	- node-hoek <unfixed> (unimportant)
	NOTE: fixed in 4.2.1
	NOTE: https://github.com/hapijs/hoek/issues/230
	NOTE: https://hackerone.com/reports/310439
	NOTE: https://snyk.io/vuln/npm:hoek:20180212
	NOTE: https://nodesecurity.io/advisories/566
	NOTE: nodejs not covered by security support
CVE-2018-3727
	RESERVED
CVE-2018-3726
	RESERVED
CVE-2018-3725
	RESERVED
CVE-2018-3724
	RESERVED
CVE-2018-3723
	RESERVED
CVE-2018-3722
	RESERVED
CVE-2018-3721 [Prototype pollution in utilities function]
	RESERVED
	- node-lodash <unfixed> (unimportant; bug #890575)
	NOTE: https://snyk.io/vuln/npm:lodash:20180130
	NOTE: https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4a
	NOTE: nodejs not covered by security support
CVE-2018-3720
	RESERVED
CVE-2018-3719 [Prototype pollution via merging functions]
	RESERVED
	- node-mixin-deep <unfixed> (unimportant; bug #898315)
	NOTE: https://nodesecurity.io/advisories/578
	NOTE: nodejs not covered by security support
CVE-2018-3718
	RESERVED
CVE-2018-3717
	RESERVED
CVE-2018-3716
	RESERVED
CVE-2018-3715
	RESERVED
CVE-2018-3714
	RESERVED
CVE-2018-3713
	RESERVED
CVE-2018-3712
	RESERVED
	NOT-FOR-US: npm serve
	NOTE: fixed in 6.4.9 upstream
	NOTE: https://github.com/zeit/serve/commit/6adad6881c61991da61ebc857857c53409544575
	NOTE: https://github.com/zeit/serve/pull/316
	NOTE: https://hackerone.com/reports/307666
	NOTE: https://nodesecurity.io/advisories/561
CVE-2018-3711
	RESERVED
	NOT-FOR-US: Fastify
	NOTE: fixed in 0.38.0 upstream
	NOTE: https://github.com/fastify/fastify/commit/fabd2a011f2ffbb877394abe699f549513ffbd76
	NOTE: https://hackerone.com/reports/303632
	NOTE: https://nodesecurity.io/advisories/564
CVE-2018-3710 (Gitlab Community and Enterprise Editions version 10.3.3 is vulnerable ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-17970 (Multiple SQL injection vulnerabilities in Muviko 1.1 allow remote ...)
	NOT-FOR-US: Muviko
CVE-2017-17969 (Heap-based buffer overflow in the ...)
	{DSA-4104-1 DLA-1268-1}
	- p7zip 16.02+dfsg-5 (bug #888297)
	NOTE: https://landave.io/2018/01/7-zip-multiple-memory-corruptions-via-rar-and-zip/
	NOTE: Fixed in upstream 18.00-beta.
CVE-2018-3709
	RESERVED
CVE-2018-3708
	RESERVED
CVE-2018-3707
	RESERVED
CVE-2018-3706
	RESERVED
CVE-2018-3705
	RESERVED
CVE-2018-3704
	RESERVED
CVE-2018-3703
	RESERVED
CVE-2018-3702
	RESERVED
CVE-2018-3701
	RESERVED
CVE-2018-3700
	RESERVED
CVE-2018-3699
	RESERVED
CVE-2018-3698
	RESERVED
CVE-2018-3697
	RESERVED
CVE-2018-3696
	RESERVED
CVE-2018-3695
	RESERVED
CVE-2018-3694
	RESERVED
CVE-2018-3693
	RESERVED
CVE-2018-3692
	RESERVED
CVE-2018-3691
	RESERVED
CVE-2018-3690
	RESERVED
CVE-2018-3689 (AESM daemon in Intel Software Guard Extensions Platform Software ...)
	NOT-FOR-US: Intel
CVE-2018-3688
	RESERVED
CVE-2018-3687
	RESERVED
CVE-2018-3686
	RESERVED
CVE-2018-3685
	RESERVED
CVE-2018-3684
	RESERVED
CVE-2018-3683
	RESERVED
CVE-2018-3682
	RESERVED
CVE-2018-3681
	RESERVED
CVE-2018-3680
	RESERVED
CVE-2018-3679
	RESERVED
CVE-2018-3678
	RESERVED
CVE-2018-3677
	RESERVED
CVE-2018-3676
	RESERVED
CVE-2018-3675
	RESERVED
CVE-2018-3674
	RESERVED
CVE-2018-3673
	RESERVED
CVE-2018-3672
	RESERVED
CVE-2018-3671
	RESERVED
CVE-2018-3670
	RESERVED
CVE-2018-3669
	RESERVED
CVE-2018-3668
	RESERVED
CVE-2018-3667
	RESERVED
CVE-2018-3666
	RESERVED
CVE-2018-3665
	RESERVED
CVE-2018-3664
	RESERVED
CVE-2018-3663
	RESERVED
CVE-2018-3662
	RESERVED
CVE-2018-3661 (Buffer overflow in Intel system Configuration utilities selview.exe ...)
	NOT-FOR-US: Intel
CVE-2018-3660
	RESERVED
CVE-2018-3659
	RESERVED
CVE-2018-3658
	RESERVED
CVE-2018-3657
	RESERVED
CVE-2018-3656
	RESERVED
CVE-2018-3655
	RESERVED
CVE-2018-3654
	RESERVED
CVE-2018-3653
	RESERVED
CVE-2018-3652
	RESERVED
CVE-2018-3651
	RESERVED
CVE-2018-3650
	RESERVED
CVE-2018-3649 (DLL injection vulnerability in the installation executables ...)
	NOT-FOR-US: Intel
CVE-2018-3648
	RESERVED
CVE-2018-3647
	RESERVED
CVE-2018-3646
	RESERVED
CVE-2018-3645 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
	NOT-FOR-US: Intel
CVE-2018-3644
	RESERVED
CVE-2018-3643
	RESERVED
CVE-2018-3642
	RESERVED
CVE-2018-3641 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
	NOT-FOR-US: Intel
CVE-2018-3640
	RESERVED
CVE-2018-3639
	RESERVED
CVE-2018-3638 (Escalation of privilege in all versions of the Intel Remote Keyboard ...)
	NOT-FOR-US: Intel
CVE-2018-3637
	RESERVED
CVE-2018-3636
	RESERVED
CVE-2018-3635
	RESERVED
CVE-2018-3634 (Parameter corruption in NDIS filter driver in Intel Online Connect ...)
	NOT-FOR-US: Intel
CVE-2018-3633
	RESERVED
CVE-2018-3632
	RESERVED
CVE-2018-3631
	RESERVED
CVE-2018-3630
	RESERVED
CVE-2018-3629
	RESERVED
CVE-2018-3628
	RESERVED
CVE-2018-3627
	RESERVED
CVE-2018-3626 (Edger8r tool in the Intel SGX SDK before version 2.1.2 (Linux) and ...)
	NOT-FOR-US: Intel
CVE-2018-3625
	RESERVED
CVE-2018-3624 (Buffer overflow in ETWS processing module Intel XMM71xx, XMM72xx, ...)
	NOT-FOR-US: Intel
CVE-2018-3623
	RESERVED
CVE-2018-3622
	RESERVED
CVE-2018-3621
	RESERVED
CVE-2018-3620
	RESERVED
CVE-2018-3619
	RESERVED
CVE-2018-3618
	RESERVED
CVE-2018-3617 (Some implementations in Intel Integrated Performance Primitives ...)
	NOT-FOR-US: Intel
CVE-2018-3616
	RESERVED
CVE-2018-3615
	RESERVED
CVE-2018-3614
	RESERVED
CVE-2018-3613
	RESERVED
CVE-2018-3612 (Intel NUC kits with insufficient input validation in system firmware, ...)
	NOT-FOR-US: Intel
CVE-2018-3611 (Bounds check vulnerability in User Mode Driver in Intel Graphics ...)
	NOT-FOR-US: Intel
CVE-2018-3610 (SEMA driver in Intel Driver and Support Assistant before version 3.1.1 ...)
	NOT-FOR-US: Intel
CVE-2017-17968 (A buffer overflow vulnerability in NetTransport.exe in NetTransport ...)
	NOT-FOR-US: NetTransport Download Manager
CVE-2017-17967 (pptreader.dll in Kingsoft WPS Office 10.1.0.6930 allows remote ...)
	NOT-FOR-US: Kingsoft WPS Office
CVE-2017-17966
	RESERVED
CVE-2017-17965
	RESERVED
CVE-2017-17964
	RESERVED
CVE-2017-17963
	RESERVED
CVE-2017-17962
	RESERVED
CVE-2017-17961
	RESERVED
CVE-2017-17960 (PHP Scripts Mall PHP Multivendor Ecommerce has CSRF via ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17959 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17958 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17957 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17956 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17955 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17954 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17953 (PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17952 (PHP Scripts Mall PHP Multivendor Ecommerce has a predicable ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17951 (PHP Scripts Mall PHP Multivendor Ecommerce has SQL Injection via the ...)
	NOT-FOR-US: PHP Scripts Mall PHP Multivendor Ecommerce
CVE-2017-17950 (Cells Blog 3.5 has SQL Injection via the pub_readpost.php ptid ...)
	NOT-FOR-US: Cells Blog
CVE-2017-17949 (Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. ...)
	NOT-FOR-US: Cells Blog
CVE-2017-17948 (Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic ...)
	NOT-FOR-US: Cells Blog
CVE-2017-17947 (A cross site scripting issue has been found in custompage.cgi in Pulse ...)
	NOT-FOR-US: Pulse Secure Pulse Connect Secure
CVE-2017-1000411 (OpenFlow Plugin and OpenDayLight Controller versions Nitrogen, Carbon, ...)
	NOT-FOR-US: OpenDayLight
CVE-2017-17946 (A buffer overflow in Handy Password 4.9.3 allows remote attackers to ...)
	NOT-FOR-US: Handy Password
CVE-2017-17945
	RESERVED
CVE-2017-17944
	RESERVED
CVE-2017-17943
	RESERVED
CVE-2017-17942 (In LibTIFF 4.0.9, there is a heap-based buffer over-read in the ...)
	- tiff <unfixed> (bug #885579)
	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2767
CVE-2017-17941 (PHP Scripts Mall Single Theater Booking has SQL Injection via the ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17940 (PHP Scripts Mall Single Theater Booking has XSS via the title parameter ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17939 (PHP Scripts Mall Single Theater Booking has CSRF via ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17938 (PHP Scripts Mall Single Theater Booking has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Single Theater Booking
CVE-2017-17937 (Vanguard Marketplace Digital Products PHP has XSS via the phps_query ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17936 (Vanguard Marketplace Digital Products PHP has CSRF via /search. ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2018-3609 (A vulnerability in the Trend Micro InterScan Messaging Security ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3608
	RESERVED
CVE-2018-3607 (XXXTreeNode method SQL injection remote code execution (RCE) ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3606 (XXXStatusXXX, XXXSummary, TemplateXXX and XXXCompliance method SQL ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3605 (TopXXX, ViolationXXX, and IncidentXXX method SQL injection remote code ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3604 (GetXXX method SQL injection remote code execution (RCE) ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3603 (A CGGIServlet SQL injection remote code execution (RCE) vulnerability ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3602 (An AdHocQuery_Processor SQL injection remote code execution (RCE) ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3601 (A password hash usage authentication bypass vulnerability in Trend ...)
	NOT-FOR-US: Trend Micro
CVE-2018-3600 (A external entity processing information disclosure (XXE) ...)
	NOT-FOR-US: Trend Micro
CVE-2017-17935 (The File_read_line function in epan/wslua/wslua_file.c in Wireshark ...)
	- wireshark 2.4.4-1 (bug #885831)
	[stretch] - wireshark <ignored> (Minor issue)
	[jessie] - wireshark <ignored> (Minor issue)
	[wheezy] - wireshark <ignored> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14295
	NOTE: https://code.wireshark.org/review/#/c/24997/
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=137ab7d5681486c6d6cc8faac4300b7cd4ec0cf1
CVE-2017-17934 (ImageMagick 7.0.7-17 Q16 x86_64 has memory leaks in coders/msl.c, ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/920
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3755d2289b032919c065f6ab11ef570063f7f828
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/08278c7cf1c0b4f1da4cdcfaa857ff6b2373a1b2
CVE-2017-17933 (cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or ...)
	NOT-FOR-US: NetWin SurgeFTP
CVE-2017-17932 (A buffer overflow vulnerability exists in MediaServer.exe in ALLPlayer ...)
	NOT-FOR-US: ALLPlayer
CVE-2017-17931 (PHP Scripts Mall Resume Clone Script has SQL Injection via the ...)
	NOT-FOR-US: PHP Scripts Mall Resume Clone Script
CVE-2017-17930 (PHP Scripts Mall Professional Service Script has CSRF via ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17929 (PHP Scripts Mall Professional Service Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17928 (PHP Scripts Mall Professional Service Script has SQL injection via the ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17927 (PHP Scripts Mall Professional Service Script allows remote attackers to ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17926 (PHP Scripts Mall Professional Service Script has a predicable ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17925 (PHP Scripts Mall Professional Service Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17924 (PHP Scripts Mall Professional Service Script allows remote attackers to ...)
	NOT-FOR-US: PHP Scripts Mall Professional Service Script
CVE-2017-17923
	RESERVED
CVE-2017-17922
	RESERVED
CVE-2017-17921
	RESERVED
CVE-2017-17920 (** DISPUTED ** SQL injection vulnerability in the 'reorder' method in ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17919 (** DISPUTED ** SQL injection vulnerability in the 'order' method in ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17918
	RESERVED
CVE-2017-17917 (** DISPUTED ** SQL injection vulnerability in the 'where' method in ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17916 (** DISPUTED ** SQL injection vulnerability in the 'find_by' method in ...)
	- rails <unfixed> (unimportant)
	NOTE: https://kay-malwarebenchmark.github.io/blog/ruby-on-rails-arbitrary-sql-injection/
	NOTE: All of those methods accept arbitrary SQL by design.
CVE-2017-17915 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/1721f1b7e67a
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/535/
CVE-2017-17914 (In ImageMagick 7.0.7-16 Q16, a vulnerability was found in the function ...)
	{DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #886584)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/908
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/650ec57d84b7b1dce66435b8cd3b58f7ae66db1b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/42781eeebadf111a2e01559735ea504a78192046
CVE-2017-17913 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a stack-based ...)
	- graphicsmagick 1.3.27-3
	[wheezy] - graphicsmagick <not-affected> (webp feature has not been implemented)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/88313ebe379c
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6dda3c33f35f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/536/
CVE-2017-17912 (In GraphicsMagick 1.4 snapshot-20171217 Q8, there is a heap-based ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-3
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/0d871e813a4f
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/533/
CVE-2017-17911 (packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer ...)
	NOT-FOR-US: Archon
CVE-2017-17910 (On Hoermann BiSecur devices before 2018, a vulnerability can be ...)
	NOT-FOR-US: Hoermann BiSecur
CVE-2017-17909 (PHP Scripts Mall Responsive Realestate Script has XSS via the ...)
	NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
CVE-2017-17908 (PHP Scripts Mall Responsive Realestate Script has CSRF via ...)
	NOT-FOR-US: PHP Scripts Mall Responsive Realestate Script
CVE-2017-17907 (PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2017-17906 (PHP Scripts Mall Car Rental Script has SQL Injection via the ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2017-17905 (PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. ...)
	NOT-FOR-US: PHP Scripts Mall Car Rental Script
CVE-2017-17904 (FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the ...)
	NOT-FOR-US: FS Lynda Clone
CVE-2017-17903 (FS Lynda Clone has CSRF via user/edit_profile, as demonstrated by ...)
	NOT-FOR-US: FS Lynda Clone
CVE-2017-17902 (SQL Injection exists in Kliqqi CMS 3.5.2 via the randkey parameter of a ...)
	NOT-FOR-US: Kliqqi CMS
CVE-2017-17901 (ZyXEL P-660HW v3 devices allow remote attackers to cause a denial of ...)
	NOT-FOR-US: ZyXEL
CVE-2017-17900 (SQL injection vulnerability in fourn/index.php in Dolibarr ERP/CRM ...)
	- dolibarr <removed> (bug #885321)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17899 (SQL injection vulnerability in adherents/subscription/info.php in ...)
	- dolibarr <removed> (bug #885321)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17898 (Dolibarr ERP/CRM version 6.0.4 does not block direct requests to ...)
	- dolibarr <removed> (bug #885321)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
	NOTE: https://github.com/Dolibarr/dolibarr/commit/6a62e139604dbbd5729e57df2433b37a5950c35c
CVE-2017-17897 (SQL injection vulnerability in comm/multiprix.php in Dolibarr ERP/CRM ...)
	- dolibarr <removed> (bug #885321)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/4a5988accbb770b74105baacd5a034689272128c
CVE-2017-17896 (Readymade Job Site Script has XSS via the keyword parameter to the /job ...)
	NOT-FOR-US: Readymade Job Site Script
CVE-2017-17895 (Readymade Job Site Script has SQL Injection via the location_name array ...)
	NOT-FOR-US: Readymade Job Site Script
CVE-2017-17894 (Readymade Job Site Script has CSRF via the /job URI. ...)
	NOT-FOR-US: Readymade Job Site Script
CVE-2017-17893 (Readymade Video Sharing Script has XSS via the search_video.php search ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17892 (Readymade Video Sharing Script has SQL Injection via the viewsubs.php ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17891 (Readymade Video Sharing Script has CSRF via user-profile-edit.php. ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17890
	RESERVED
CVE-2017-17889 (Kliqqi CMS 3.5.2 has XSS via a crafted group name in pligg/groups.php, ...)
	NOT-FOR-US: Kliqqi CMS
CVE-2017-17888 (cgi-bin/write.cgi in Anti-Web through 3.8.7, as used on NetBiter / HMS, ...)
	NOT-FOR-US: Anti-Web
CVE-2017-17887 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/903
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a42f63927e7f2e26846b7ed4560e9cb4984af7b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dddce3e790b5b0f5dad91a7960de67af5bdea789
CVE-2017-17886 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/874
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8204599ef0e85324876459e5d45db00660920482
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4a71d71f4ae289b6672102efaef6543643e8efb8
CVE-2017-17885 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/879
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba085736fd49ad89c1937d1ee2b80ae4e11ab97
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/5e863ae629010110772321fd181bac34c4b57345
CVE-2017-17884 (In ImageMagick 7.0.7-16 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/902
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4d6accd355119d54429a86a1859b8329f0130f30
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/82f20a898107a9c1ef6ad2024c4b191719b294ea
CVE-2017-17883 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/877
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0a7241df0f889cc3158ba82774ff21fa1da87ec
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2a1ec7d97f356e9fb6dbc328da17d93ab7a8167c
CVE-2017-17882 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/880
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/903f14eb94521aa6dca9d9ac55d3d9a6c7676a63
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/92fbef516b94ed96fa2a672831acd5dafb242ac5
CVE-2017-17881 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/878
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ece953bbe14e8514afc23e05e4030eea872e29da
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/aa601d79a630f6de0694fadbeee31456a357fa73
CVE-2017-17880 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a stack-based ...)
	- imagemagick 8:6.9.9.39+dfsg-1 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/907
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b5d1edb02c432040e3ff894d0c461bcce6fd2c9
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/663b3b432c202cd2aeda7ea7e82b74cce51ab1cf
	NOTE: webp support not enabled, see #806425
CVE-2017-17879 (In ImageMagick 7.0.7-16 Q16 x86_64 2017-12-21, there is a heap-based ...)
	{DSA-4204-1 DSA-4074-1 DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #885125)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/906
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72b3994a948a8a90dc664f3e7f72464878a31fbf
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e41f18ecccbdd1c38e1382057718e91e8f8d6d80
CVE-2017-17878 (An issue was discovered in Valve Steam Link build 643. Root passwords ...)
	NOT-FOR-US: Valve Steam Link
CVE-2017-17877 (An issue was discovered in Valve Steam Link build 643. When the SSH ...)
	NOT-FOR-US: Valve Steam Link
CVE-2017-17876 (Biometric Shift Employee Management System 3.0 allows remote attackers ...)
	NOT-FOR-US: Biometric Shift Employee Management System
CVE-2017-17875 (The JEXTN FAQ Pro extension 4.0.0 for Joomla! has SQL Injection via the ...)
	NOT-FOR-US: JEXTN FAQ Pro extension for Joomla!
CVE-2017-17874 (Vanguard Marketplace Digital Products PHP 1.4 allows arbitrary file ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17873 (Vanguard Marketplace Digital Products PHP 1.4 has SQL Injection via the ...)
	NOT-FOR-US: Vanguard Marketplace Digital Products PHP
CVE-2017-17872 (The JEXTN Video Gallery extension 3.0.5 for Joomla! has SQL Injection ...)
	NOT-FOR-US: JEXTN Video Gallery extension for Joomla!
CVE-2017-17871 (The &quot;JEXTN Question And Answer&quot; extension 3.1.0 for Joomla! has SQL ...)
	NOT-FOR-US: "JEXTN Question And Answer" extension for Joomla!
CVE-2017-17870 (The JBuildozer extension 1.4.1 for Joomla! has SQL Injection via the ...)
	NOT-FOR-US: JBuildozer extension for Joomla!
CVE-2017-17869 (The mgl-instagram-gallery plugin for WordPress has XSS via the ...)
	NOT-FOR-US: mgl-instagram-gallery plugin for WordPress
CVE-2017-17868 (In Liferay Portal 6.1.0, the tags section has XSS via a Public Render ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-17867 (Inteno iopsys 2.0-3.14 and 4.0 devices allow remote authenticated users ...)
	NOT-FOR-US: Inteno iopsys
CVE-2017-17866 (pdf/pdf-write.c in Artifex MuPDF before 1.12.0 mishandles certain ...)
	- mupdf 1.12.0+ds1-1 (bug #885120)
	[stretch] - mupdf <no-dsa> (Minor issue)
	[jessie] - mupdf <no-dsa> (Minor issue)
	[wheezy] - mupdf <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=520cc26d18c9ee245b56e9e91f9d4fcae02be5f0
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698699 (not public)
CVE-2017-17865
	RESERVED
CVE-2017-17864 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 mishandles ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-17863 (kernel/bpf/verifier.c in the Linux kernel 4.9.x through 4.9.71 does not ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.spinics.net/lists/stable/msg206985.html
CVE-2017-17862 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 ignores ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c131187db2d3fa2f8bf32fdf4e9a4ef805168467
	NOTE: https://www.spinics.net/lists/stable/msg206984.html
CVE-2017-17861
	RESERVED
CVE-2017-17860 (In Samsung Gear products, Bluetooth link key is updated to the ...)
	NOT-FOR-US: Samsung
CVE-2017-17859 (Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass ...)
	NOT-FOR-US: Samsung Internet Browser
CVE-2017-17858 (Heap-based buffer overflow in the ensure_solid_xref function in ...)
	- mupdf <not-affected> (Vulnerable code introduced in 1.11.1)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698819 (not public)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;a=commit;h=55c3f68d638ac1263a386e0aaa004bb6e8bde731
	NOTE: Commit http://git.ghostscript.com/?p=mupdf.git;a=commit;h=f595e889b91a674eb94db7ca4d832da54f5194cd
	NOTE: switches to use int64_t for public file API offsets and introduced the flaw.
	NOTE: https://github.com/mzet-/Security-Advisories/blob/master/mzet-adv-2017-01.md
CVE-2017-17851
	RESERVED
CVE-2017-17850 (An issue was discovered in Asterisk 13.18.4 and older, 14.7.4 and ...)
	- asterisk 1:13.18.5~dfsg-1 (bug #885072)
	[stretch] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
	[jessie] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
	[wheezy] - asterisk <not-affected> (Vulnerable code introduced after 13.15.0)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-014.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27480
CVE-2017-17849 (A buffer overflow vulnerability in GetGo Download Manager 5.3.0.2712 ...)
	NOT-FOR-US: GetGo Download Manager
CVE-2017-17857 (The check_stack_boundary function in kernel/bpf/verifier.c in the Linux ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/ea25f914dc164c8d56b36147ecc86bc65f83c469
CVE-2017-17856 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/a5ec6ae161d72f01411169a938fa5f8baea16e8f
CVE-2017-17855 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/179d1c5602997fef5a940c6ddcf31212cbfebd14
CVE-2017-17854 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/bb7f0f989ca7de1153bd128a40a71709e339fa03
CVE-2017-17853 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/4374f256ce8182019353c0c639bb8d0695b4c941
CVE-2017-17852 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introdued later)
	[jessie] - linux <not-affected> (Vulnerable code introdued later)
	[wheezy] - linux <not-affected> (Vulnerable code introdued later)
	NOTE: Fixed by: https://git.kernel.org/linus/468f6eafa6c44cb2c5d8aad35e12f06c240a812a
CVE-2017-17842
	RESERVED
CVE-2017-17841 (Palo Alto Networks PAN-OS 6.1, 7.1, and 8.0.x before 8.0.7, when an ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-17840 (An issue was discovered in Open-iSCSI through 2.0.875. A local attacker ...)
	- open-iscsi 2.0.874-5 (bug #885021)
	[stretch] - open-iscsi <no-dsa> (Minor issue)
	[jessie] - open-iscsi <ignored> (Minor issue, iscsiuio not built in this version, source affected)
	[wheezy] - open-iscsi <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/13/2
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1072312
	NOTE: Specfic CVE fixed by https://github.com/open-iscsi/open-iscsi/pull/72/commits/b9c33683bdc0aed28ffe31c3f3d50bf5cdf519ea
	NOTE: But all of the commits in https://github.com/open-iscsi/open-iscsi/pull/72
	NOTE: should be applied.
	NOTE: Not marking the issue as unimportant, since vulnerable source is present, but
	NOTE: not in all suites iscsiuio is built.
CVE-2017-17839
	REJECTED
CVE-2017-17838
	REJECTED
CVE-2017-17837 (The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the ...)
	NOT-FOR-US: Apache DeltaSpike-JSF module
CVE-2017-17836
	RESERVED
CVE-2017-17835
	RESERVED
CVE-2017-17834
	RESERVED
CVE-2017-17833 (OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a ...)
	{DLA-1364-1}
	- openslp-dfsg <removed> (low)
	[jessie] - openslp-dfsg <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/openslp/mercurial/ci/151f07745901cbdba6e00e4889561b4083250da1/
CVE-2017-17832 (ServersCheck Monitoring Software before 14.2.3 is prone to a ...)
	NOT-FOR-US: ServersCheck Monitoring Software
CVE-2017-17843 (An issue was discovered in Enigmail before 1.9.9 that allows remote ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17844 (An issue was discovered in Enigmail before 1.9.9. A remote attacker can ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17845 (An issue was discovered in Enigmail before 1.9.9. Improper Random ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17846 (An issue was discovered in Enigmail before 1.9.9. Regular expressions ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17847 (An issue was discovered in Enigmail before 1.9.9. Signature spoofing is ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17848 (An issue was discovered in Enigmail before 1.9.9. In a variant of ...)
	{DSA-4070-1 DLA-1219-1}
	- enigmail 2:1.9.9-1
	NOTE: https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
CVE-2017-17831 (GitHub Git LFS before 2.1.1 allows remote attackers to execute ...)
	- git-lfs <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://github.com/git-lfs/git-lfs/pull/2242
	NOTE: https://github.com/git-lfs/git-lfs/releases/tag/v2.1.1
CVE-2017-17830 (Bus Booking Script has CSRF via admin/new_master.php. ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17829 (Bus Booking Script has SQL Injection via the admin/view_seatseller.php ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17828 (Bus Booking Script has XSS via the results.php datepicker parameter or ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17827 (Piwigo 2.9.2 is vulnerable to Cross-Site Request Forgery via ...)
	- piwigo <removed>
CVE-2017-17826 (The Configuration component of Piwigo 2.9.2 is vulnerable to Persistent ...)
	- piwigo <removed>
CVE-2017-17825 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to Persistent ...)
	- piwigo <removed>
CVE-2017-17824 (The Batch Manager component of Piwigo 2.9.2 is vulnerable to SQL ...)
	- piwigo <removed>
CVE-2017-17823 (The Configuration component of Piwigo 2.9.2 is vulnerable to SQL ...)
	- piwigo <removed>
CVE-2017-17822 (The List Users API of Piwigo 2.9.2 is vulnerable to SQL Injection via ...)
	- piwigo <removed>
CVE-2017-17821 (WTF/wtf/FastBitVector.h in WebKit, as distributed in Safari Technology ...)
	- webkit2gtk <unfixed> (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=181020 (not public)
	NOTE: Not covered by security support
CVE-2017-17820 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392433
CVE-2017-17819 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392435
	NOTE: http://repo.or.cz/nasm.git/commit/7524cfd91492e6e3719b959498be584a9ced13af (nasm-2.13.02rc3)
CVE-2017-17818 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392428
CVE-2017-17817 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392427
CVE-2017-17816 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392426
CVE-2017-17815 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: http://repo.or.cz/nasm.git/commit/c9244eaadd05b27637cde06021bac3fa1d920aa3 (nasm-2.13.02rc3)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392436
CVE-2017-17814 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392430
CVE-2017-17813 (In Netwide Assembler (NASM) 2.14rc0, there is a use-after-free in the ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392429
CVE-2017-17812 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: http://repo.or.cz/nasm.git/commit/9b7ee09abfd426b99aa1ea81d19a3b2818eeabf9 (nasm-2.13.02rc3)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392424
CVE-2017-17811 (In Netwide Assembler (NASM) 2.14rc0, there is a heap-based buffer ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392432
CVE-2017-17810 (In Netwide Assembler (NASM) 2.14rc0, there is a &quot;SEGV on unknown ...)
	- nasm 2.13.02-0.1
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	[wheezy] - nasm <no-dsa> (Minor issue)
	NOTE: http://repo.or.cz/nasm.git/commit/59ce1c67b16967c652765e62aa130b7e43f21dd4 (nasm-2.13.02rc3)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392431
CVE-2017-17809 (In Golden Frog VyprVPN before 2.15.0.5828 for macOS, the vyprvpnservice ...)
	NOT-FOR-US: Golden Frog VyprVPN
CVE-2017-17808
	RESERVED
CVE-2018-3599 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3598 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3597
	RESERVED
CVE-2018-3596 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3595
	RESERVED
CVE-2018-3594 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3593 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3592 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3591 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3590 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3589 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3588
	RESERVED
CVE-2018-3587
	RESERVED
CVE-2018-3586
	RESERVED
CVE-2018-3585
	RESERVED
CVE-2018-3584 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3583
	RESERVED
CVE-2018-3582
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3581
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3580
	RESERVED
CVE-2018-3579
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3578
	RESERVED
CVE-2018-3577
	RESERVED
CVE-2018-3576
	RESERVED
CVE-2018-3575
	RESERVED
CVE-2018-3574
	RESERVED
CVE-2018-3573
	RESERVED
CVE-2018-3572
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3571
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3570
	RESERVED
CVE-2018-3569
	RESERVED
CVE-2018-3568 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3567 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3566 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3565
	RESERVED
CVE-2018-3564
	RESERVED
CVE-2018-3563 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3562
	RESERVED
CVE-2018-3561 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2018-3560 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-17807 (The KEYS subsystem in the Linux kernel before 4.14.6 omitted an ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/4dca6ea1d9432052afb06baf2e3ae78188a4410b (v4.15-rc3)
CVE-2017-17806 (The HMAC implementation (crypto/hmac.c) in the Linux kernel before ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/af3ff8045bbf3e32f1a448542e73abb4c8ceb6f1 (v4.15-rc4)
CVE-2017-17805 (The Salsa20 encryption algorithm in the Linux kernel before 4.14.8 does ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: Fixed by: https://git.kernel.org/linus/ecaaab5649781c5a0effdaf298a925063020500e (4.15-rc4)
CVE-2017-17804 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-17803 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17802 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17801 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17800 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17799 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17798 (In TG Soft Vir.IT eXplorer Lite 8.5.42, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17797 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-17796 (In TG Soft Vir.IT eXplorer Lite 8.5.65, the driver file (VIRAGTLT.SYS) ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17795 (In IKARUS anti.virus 2.16.20, the driver file (ntguard.SYS) allows ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-17794 (validate_form_preferences in admin/preferences.php in BlogoText through ...)
	NOT-FOR-US: BlogoText
CVE-2017-17793 (Information Disclosure vulnerability in creer_fichier_zip in ...)
	NOT-FOR-US: BlogoText
CVE-2017-17792 (Cross site scripting (XSS) vulnerability in the markup_clean_href ...)
	NOT-FOR-US: BlogoText
CVE-2017-17791
	RESERVED
CVE-2017-17790 (The lazy_initialize function in lib/resolv.rb in Ruby through 2.4.3 ...)
	{DLA-1222-1 DLA-1221-1}
	- ruby2.5 2.5.0-1 (bug #884878)
	- ruby2.3 <removed> (bug #884879)
	[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in future DSA)
	- ruby2.1 <removed>
	[jessie] - ruby2.1 <postponed> (Minor issue, can be fixed along in future DSA)
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://github.com/ruby/ruby/pull/1777
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/e7464561b5151501beb356fc750d5dd1a88014f7
CVE-2017-17783 (In GraphicsMagick 1.3.27a, there is a buffer over-read in ReadPALMImage ...)
	- graphicsmagick 1.3.27-2 (bug #884904)
	[stretch] - graphicsmagick <no-dsa> (Minor issue, built with QuantumDepth=16)
	[jessie] - graphicsmagick <no-dsa> (Minor issue)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present, unreproducible with ASAN)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=60932931559a
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/529/
CVE-2017-17782 (In GraphicsMagick 1.3.27a, there is a heap-based buffer over-read in ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-2 (bug #884905)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e3d2264109c
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/530/
CVE-2017-17781 (In Horde Groupware through 5.2.22, SQL Injection exists via the group ...)
	- php-horde <undetermined>
	NOTE: http://code610.blogspot.com/2017/12/modus-operandi-horde-52x.html
CVE-2017-17780 (The Clockwork SMS clockwork-test-message.php component has XSS via a ...)
	NOT-FOR-US: Clockwork SMS plugins for WordPress
CVE-2017-17779 (Paid To Read Script 2.0.5 has SQL injection via the referrals.php id ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17778 (Paid To Read Script 2.0.5 has XSS via the referrals.php tier parameter ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17777 (Paid To Read Script 2.0.5 has authentication bypass in the admin panel ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17776 (Paid To Read Script 2.0.5 has full path disclosure via an invalid ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17775 (Piwigo 2.9.2 has XSS via the name parameter in an ...)
	- piwigo <removed>
CVE-2017-17774 (admin/configuration.php in Piwigo 2.9.2 has CSRF. ...)
	- piwigo <removed>
CVE-2017-17773 (In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile ...)
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2017-17772
	RESERVED
CVE-2017-17771 (In msm_isp_prepare_v4l2_buf in Android for MSM, Firefox OS for MSM, ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17770 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Android Linux component (source code not availalable, so probably Android-specific)
CVE-2017-17769 (Information leakage in Android for MSM, Firefox OS for MSM, and QRD ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17768
	RESERVED
CVE-2017-17767 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17766 (In wma_peer_info_event_handler() in Android for MSM, Firefox OS for ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17765 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17764 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17763 (SuperBeam through 4.1.3, when using the LAN or WiFi Direct Share ...)
	NOT-FOR-US: SuperBeam
CVE-2017-17762
	RESERVED
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-17761 (An issue was discovered on Ichano AtHome IP Camera devices. The device ...)
	NOT-FOR-US: Ichano AtHome IP Camera
CVE-2017-17476 (Open Ticket Request System (OTRS) 4.0.x before 4.0.28, 5.0.x before ...)
	{DSA-4069-1 DLA-1215-1}
	- otrs2 6.0.3-1 (bug #884801)
	NOTE: https://www.otrs.com/security-advisory-2017-10-security-update-otrs-framework/
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/36e3be99cfe8a9e09afa1b75fdc39f3e28f561fc
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/720c73fbf53e476ca7dfdf2ae1d4d3d2aad2b953
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/26707eaaa791648e6c7ad6aeaa27efd70e7c66eb
CVE-2017-17785 (In GIMP 2.8.22, there is a heap-based buffer overflow in the ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (bug #884836)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739133
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=edb251a7ef1602d20a5afcbf23f24afb163de63b (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=1882bac996a20ab5c15c42b0c5e8f49033a1af54 (gimp-2-8)
	NOTE: Can be reproduced (at least in wheezy) with "valgrind --trace-children=yes gimp <reproducerfile>"
CVE-2017-17786 (In GIMP 2.8.22, there is a heap-based buffer over-read in ReadImage in ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #884862)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=739134
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=674b62ad45b6579ec6d7923dc3cb1ef4e8b5498b (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=8ea316667c8a3296bce2832b3986b58d0fdfc077 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=ef9c821fff8b637a2178eab1c78cae6764c50e12 (gimp-2-8)
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=gimp-2-8&id=22e2571c25425f225abdb11a566cc281fca6f366 (gimp-2-8)
	NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17788 (In GIMP 2.8.22, there is a stack-based buffer over-read in ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #885347)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126 (master)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790783
	NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17784 (In GIMP 2.8.22, there is a heap-based buffer over-read in load_image in ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #884925)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790784
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=06d24a79af94837d615d0024916bb95a01bf3c59 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=c57f9dcf1934a9ab0cd67650f2dea18cb0902270 (gimp-2-8)
	NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17789 (In GIMP 2.8.22, there is a heap-based buffer overflow in ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (bug #884837)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790849
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=28e95fbeb5720e6005a088fa811f5bf3c1af48b8 (master)
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f (gimp-2-8)
	NOTE: Cannot be reproduced in wheezy with "valgrind --trace-children=yes gimp <reproducerfile>"
	NOTE: Some OOB read/write can be reproduced in sid with "valgrind --trace-children=yes gimp <reproducerfile>"
CVE-2017-17787 (In GIMP 2.8.22, there is a heap-based buffer over-read in ...)
	{DSA-4077-1 DLA-1220-1}
	- gimp 2.8.20-1.1 (unimportant; bug #884927)
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=eb2980683e6472aff35a3117587c4f814515c74d (master)
	NOTE: https://git.gnome.org/browse/GIMP/commit/?id=87ba505fff85989af795f4ab6a047713f4d9381d (gimp-2-8)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=790853
	NOTE: Crash in desktop tool, no/negligable security impact
CVE-2017-17760 (OpenCV 3.3.1 has a Buffer Overflow in the cv::PxMDecoder::readData ...)
	{DLA-1235-1}
	- opencv <unfixed> (bug #885843)
	NOTE: https://github.com/opencv/opencv/issues/10351
	NOTE: https://github.com/opencv/opencv/pull/10369/commits/7bbe1a53cfc097b82b1589f7915a2120de39274c
CVE-2017-17759 (Conarc iChannel allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Conarc iChannel
CVE-2017-17758 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to ...)
	NOT-FOR-US: TP-Link
CVE-2017-17757 (TP-Link TL-WVR and TL-WAR devices allow remote authenticated users to ...)
	NOT-FOR-US: TP-Link
CVE-2017-17756
	RESERVED
CVE-2017-17755
	RESERVED
CVE-2017-17754
	RESERVED
CVE-2017-17753 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: esb-csv-import-export plugin for WordPress
CVE-2017-17752 (Ability Mail Server 3.3.2 has Cross Site Scripting (XSS) via the body ...)
	NOT-FOR-US: Ability Mail Server
CVE-2017-17751 (Bose SoundTouch devices allows remote attackers to achieve remote ...)
	NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17750 (Bose SoundTouch devices allow XSS via a crafted public playlist from ...)
	NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17749 (Bose SoundTouch devices allow XSS via crafted song data from a music ...)
	NOT-FOR-US: Bose SoundTouch devices
CVE-2017-17748
	RESERVED
CVE-2017-17747 (Weak access controls in the Device Logout functionality on the TP-Link ...)
	NOT-FOR-US: TP-Link
CVE-2017-17746 (Weak access control methods on the TP-Link TL-SG108E 1.0.0 allow any ...)
	NOT-FOR-US: TP-Link
CVE-2017-17745 (Cross-site scripting (XSS) vulnerability in system_name_set.cgi in ...)
	NOT-FOR-US: TP-Link
CVE-2017-17744 (A cross-site scripting (XSS) vulnerability in the custom-map plugin ...)
	NOT-FOR-US: custom-map plugin for WordPress
CVE-2017-17743 (Improper input sanitization within the restricted administration shell ...)
	NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-17742 (Ruby before 2.2.10, 2.3.x before 2.3.7, 2.4.x before 2.4.4, 2.5.x ...)
	{DLA-1359-1 DLA-1358-1}
	- ruby2.5 2.5.1-1
	- ruby2.3 <removed>
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2018/03/28/http-response-splitting-in-webrick-cve-2017-17742/
CVE-2017-17741 (The KVM implementation in the Linux kernel through 4.14.7 allows ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: https://www.spinics.net/lists/kvm/msg160796.html
CVE-2017-17740 (contrib/slapd-modules/nops/nops.c in OpenLDAP through 2.4.45, when both ...)
	- openldap <unfixed> (unimportant)
	NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=8759
	NOTE: nops slapd-module not built
CVE-2017-17739 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and ...)
	NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17738 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and ...)
	NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17737 (The BrightSign Digital Signage (4k242) device (Firmware 6.2.63 and ...)
	NOT-FOR-US: BrightSign Digital Signage
CVE-2017-17736 (Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote ...)
	NOT-FOR-US: Kentico
CVE-2017-17735 (CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login ...)
	NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2017-17734 (CMS Made Simple (CMSMS) before 2.2.5 does not properly cache login ...)
	NOT-FOR-US: CMS Made Simple (CMSMS)
CVE-2017-17733 (Maccms 8.x allows remote command execution via the wd parameter in an ...)
	NOT-FOR-US: Maccms
CVE-2017-17732
	RESERVED
CVE-2017-17731 (DedeCMS through 5.7 has SQL Injection via the $_FILES superglobal to ...)
	NOT-FOR-US: DedeCMS
CVE-2017-17730 (DedeCMS through 5.7 has SQL Injection via the logo parameter to ...)
	NOT-FOR-US: DedeCMS
CVE-2017-17729
	RESERVED
CVE-2017-17728
	RESERVED
CVE-2017-17727 (DedeCMS through 5.6 allows arbitrary file upload and PHP code execution ...)
	NOT-FOR-US: DedeCMS
CVE-2017-17726
	RESERVED
CVE-2017-17725 (In Exiv2 0.26, there is an integer overflow leading to a heap-based ...)
	- exiv2 <unfixed> (low)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1525055
	NOTE: https://github.com/Exiv2/exiv2/issues/188
	NOTE: https://github.com/Exiv2/exiv2/pull/193
CVE-2017-17724 (In Exiv2 0.26, there is a heap-based buffer over-read in the ...)
	[experimental] - exiv2 <unfixed> (bug #891783)
	- exiv2 <not-affected> (Introduced in 0.26)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524107
	NOTE: https://github.com/Exiv2/exiv2/issues/210
CVE-2017-17723 (In Exiv2 0.26, there is a heap-based buffer over-read in the ...)
	- exiv2 <unfixed> (low)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524104
	NOTE: https://github.com/Exiv2/exiv2/issues/229
CVE-2017-17722 (In Exiv2 0.26, there is a reachable assertion in the readHeader ...)
	[experimental] - exiv2 <unfixed> (low; bug #891044)
	- exiv2 <not-affected> (Vulnerable code introduced in 0.26)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524116
	NOTE: https://github.com/Exiv2/exiv2/issues/208
	NOTE: https://github.com/Exiv2/exiv2/issues/228 (duplicate)
	NOTE: https://github.com/Kicer86/exiv2/commit/1647908e00a4df7246d76678e59587e62c690dcd
CVE-2017-17721 (CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 ...)
	NOT-FOR-US: ZUUSE BEIMS ContractorWeb .NET
CVE-2017-17720
	RESERVED
CVE-2017-17719 (A cross-site scripting (XSS) vulnerability in the wp-concours plugin ...)
	NOT-FOR-US: wp-concours plugin for WordPress
CVE-2017-17718 (The Net::LDAP (aka net-ldap) gem before 0.16.0 for Ruby has Missing SSL ...)
	- ruby-net-ldap <unfixed> (bug #884693)
	[stretch] - ruby-net-ldap <no-dsa> (Minor issue)
	[jessie] - ruby-net-ldap <not-affected> (Documentation already states that there is no validation)
	[wheezy] - ruby-net-ldap <ignored> (Doc always said that there is no validation)
	NOTE: https://github.com/ruby-ldap/ruby-net-ldap/issues/258
	NOTE: Versions < 0.10 properly acknowledge in their documentation the lack of any SSL
	NOTE: validation, see https://sources.debian.org/src/ruby-net-ldap/0.8.0-1/lib/net/ldap.rb/#L476
	NOTE: In wheezy/jessie, only reverse dependencies are redmine (which is unsupported in wheezy)
	NOTE: and ruby-omniauth-ldap (which has no reverse dep either).
CVE-2017-17717 (Sonatype Nexus Repository Manager through 2.14.5 has weak password ...)
	NOT-FOR-US: Sonatype Nexus
CVE-2017-17716 (GitLab 9.4.x before 9.4.2 does not support LDAP SSL certificate ...)
	- gitlab <not-affected> (vulnerable version never uploaded to the archive)
CVE-2017-17715 (The saveFile method in MediaController.java in the Telegram Messenger ...)
	NOT-FOR-US: Telegram Messenger for Android
CVE-2017-17714 (Trape before 2017-11-05 has XSS via the /nr red parameter, the /nr vId ...)
	NOT-FOR-US: Trape
CVE-2017-17713 (Trape before 2017-11-05 has SQL injection via the /nr red parameter, ...)
	NOT-FOR-US: Trape
CVE-2017-17712 (The raw_sendmsg() function in net/ipv4/raw.c in the Linux kernel ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8f659a03a0ba9289b9aeb9b4470e6fb263d6f483
CVE-2017-17711
	RESERVED
CVE-2017-17710
	RESERVED
CVE-2017-17709
	RESERVED
CVE-2017-17708
	RESERVED
CVE-2017-17707
	RESERVED
CVE-2017-17706
	RESERVED
CVE-2017-17705
	RESERVED
CVE-2017-17704 (A door-unlocking issue was discovered on Software House iStar Ultra ...)
	NOT-FOR-US: Software House iStar Ultra devices
CVE-2017-17703 (Synacor Zimbra Collaboration Suite (ZCS) before 8.8.3 has Persistent ...)
	NOT-FOR-US: Zimbra
CVE-2017-17702
	RESERVED
CVE-2018-3559
	RESERVED
CVE-2018-3558
	RESERVED
CVE-2018-3557
	RESERVED
CVE-2018-3556
	RESERVED
CVE-2018-3555
	RESERVED
CVE-2018-3554
	RESERVED
CVE-2018-3553
	RESERVED
CVE-2018-3552
	RESERVED
CVE-2018-3551
	RESERVED
CVE-2018-3550
	RESERVED
CVE-2018-3549
	RESERVED
CVE-2018-3548
	RESERVED
CVE-2018-3547
	RESERVED
CVE-2018-3546
	RESERVED
CVE-2018-3545
	RESERVED
CVE-2018-3544
	RESERVED
CVE-2018-3543
	RESERVED
CVE-2018-3542
	RESERVED
CVE-2018-3541
	RESERVED
CVE-2018-3540
	RESERVED
CVE-2018-3539
	RESERVED
CVE-2018-3538
	RESERVED
CVE-2018-3537
	RESERVED
CVE-2018-3536
	RESERVED
CVE-2018-3535
	RESERVED
CVE-2018-3534
	RESERVED
CVE-2018-3533
	RESERVED
CVE-2018-3532
	RESERVED
CVE-2018-3531
	RESERVED
CVE-2018-3530
	RESERVED
CVE-2018-3529
	RESERVED
CVE-2018-3528
	RESERVED
CVE-2018-3527
	RESERVED
CVE-2018-3526
	RESERVED
CVE-2018-3525
	RESERVED
CVE-2018-3524
	RESERVED
CVE-2018-3523
	RESERVED
CVE-2018-3522
	RESERVED
CVE-2018-3521
	RESERVED
CVE-2018-3520
	RESERVED
CVE-2018-3519
	RESERVED
CVE-2018-3518
	RESERVED
CVE-2018-3517
	RESERVED
CVE-2018-3516
	RESERVED
CVE-2018-3515
	RESERVED
CVE-2018-3514
	RESERVED
CVE-2018-3513
	RESERVED
CVE-2018-3512
	RESERVED
CVE-2018-3511
	RESERVED
CVE-2018-3510
	RESERVED
CVE-2018-3509
	RESERVED
CVE-2018-3508
	RESERVED
CVE-2018-3507
	RESERVED
CVE-2018-3506
	RESERVED
CVE-2018-3505
	RESERVED
CVE-2018-3504
	RESERVED
CVE-2018-3503
	RESERVED
CVE-2018-3502
	RESERVED
CVE-2018-3501
	RESERVED
CVE-2018-3500
	RESERVED
CVE-2018-3499
	RESERVED
CVE-2018-3498
	RESERVED
CVE-2018-3497
	RESERVED
CVE-2018-3496
	RESERVED
CVE-2018-3495
	RESERVED
CVE-2018-3494
	RESERVED
CVE-2018-3493
	RESERVED
CVE-2018-3492
	RESERVED
CVE-2018-3491
	RESERVED
CVE-2018-3490
	RESERVED
CVE-2018-3489
	RESERVED
CVE-2018-3488
	RESERVED
CVE-2018-3487
	RESERVED
CVE-2018-3486
	RESERVED
CVE-2018-3485
	RESERVED
CVE-2018-3484
	RESERVED
CVE-2018-3483
	RESERVED
CVE-2018-3482
	RESERVED
CVE-2018-3481
	RESERVED
CVE-2018-3480
	RESERVED
CVE-2018-3479
	RESERVED
CVE-2018-3478
	RESERVED
CVE-2018-3477
	RESERVED
CVE-2018-3476
	RESERVED
CVE-2018-3475
	RESERVED
CVE-2018-3474
	RESERVED
CVE-2018-3473
	RESERVED
CVE-2018-3472
	RESERVED
CVE-2018-3471
	RESERVED
CVE-2018-3470
	RESERVED
CVE-2018-3469
	RESERVED
CVE-2018-3468
	RESERVED
CVE-2018-3467
	RESERVED
CVE-2018-3466
	RESERVED
CVE-2018-3465
	RESERVED
CVE-2018-3464
	RESERVED
CVE-2018-3463
	RESERVED
CVE-2018-3462
	RESERVED
CVE-2018-3461
	RESERVED
CVE-2018-3460
	RESERVED
CVE-2018-3459
	RESERVED
CVE-2018-3458
	RESERVED
CVE-2018-3457
	RESERVED
CVE-2018-3456
	RESERVED
CVE-2018-3455
	RESERVED
CVE-2018-3454
	RESERVED
CVE-2018-3453
	RESERVED
CVE-2018-3452
	RESERVED
CVE-2018-3451
	RESERVED
CVE-2018-3450
	RESERVED
CVE-2018-3449
	RESERVED
CVE-2018-3448
	RESERVED
CVE-2018-3447
	RESERVED
CVE-2018-3446
	RESERVED
CVE-2018-3445
	RESERVED
CVE-2018-3444
	RESERVED
CVE-2018-3443
	RESERVED
CVE-2018-3442
	RESERVED
CVE-2018-3441
	RESERVED
CVE-2018-3440
	RESERVED
CVE-2018-3439
	RESERVED
CVE-2018-3438
	RESERVED
CVE-2018-3437
	RESERVED
CVE-2018-3436
	RESERVED
CVE-2018-3435
	RESERVED
CVE-2018-3434
	RESERVED
CVE-2018-3433
	RESERVED
CVE-2018-3432
	RESERVED
CVE-2018-3431
	RESERVED
CVE-2018-3430
	RESERVED
CVE-2018-3429
	RESERVED
CVE-2018-3428
	RESERVED
CVE-2018-3427
	RESERVED
CVE-2018-3426
	RESERVED
CVE-2018-3425
	RESERVED
CVE-2018-3424
	RESERVED
CVE-2018-3423
	RESERVED
CVE-2018-3422
	RESERVED
CVE-2018-3421
	RESERVED
CVE-2018-3420
	RESERVED
CVE-2018-3419
	RESERVED
CVE-2018-3418
	RESERVED
CVE-2018-3417
	RESERVED
CVE-2018-3416
	RESERVED
CVE-2018-3415
	RESERVED
CVE-2018-3414
	RESERVED
CVE-2018-3413
	RESERVED
CVE-2018-3412
	RESERVED
CVE-2018-3411
	RESERVED
CVE-2018-3410
	RESERVED
CVE-2018-3409
	RESERVED
CVE-2018-3408
	RESERVED
CVE-2018-3407
	RESERVED
CVE-2018-3406
	RESERVED
CVE-2018-3405
	RESERVED
CVE-2018-3404
	RESERVED
CVE-2018-3403
	RESERVED
CVE-2018-3402
	RESERVED
CVE-2018-3401
	RESERVED
CVE-2018-3400
	RESERVED
CVE-2018-3399
	RESERVED
CVE-2018-3398
	RESERVED
CVE-2018-3397
	RESERVED
CVE-2018-3396
	RESERVED
CVE-2018-3395
	RESERVED
CVE-2018-3394
	RESERVED
CVE-2018-3393
	RESERVED
CVE-2018-3392
	RESERVED
CVE-2018-3391
	RESERVED
CVE-2018-3390
	RESERVED
CVE-2018-3389
	RESERVED
CVE-2018-3388
	RESERVED
CVE-2018-3387
	RESERVED
CVE-2018-3386
	RESERVED
CVE-2018-3385
	RESERVED
CVE-2018-3384
	RESERVED
CVE-2018-3383
	RESERVED
CVE-2018-3382
	RESERVED
CVE-2018-3381
	RESERVED
CVE-2018-3380
	RESERVED
CVE-2018-3379
	RESERVED
CVE-2018-3378
	RESERVED
CVE-2018-3377
	RESERVED
CVE-2018-3376
	RESERVED
CVE-2018-3375
	RESERVED
CVE-2018-3374
	RESERVED
CVE-2018-3373
	RESERVED
CVE-2018-3372
	RESERVED
CVE-2018-3371
	RESERVED
CVE-2018-3370
	RESERVED
CVE-2018-3369
	RESERVED
CVE-2018-3368
	RESERVED
CVE-2018-3367
	RESERVED
CVE-2018-3366
	RESERVED
CVE-2018-3365
	RESERVED
CVE-2018-3364
	RESERVED
CVE-2018-3363
	RESERVED
CVE-2018-3362
	RESERVED
CVE-2018-3361
	RESERVED
CVE-2018-3360
	RESERVED
CVE-2018-3359
	RESERVED
CVE-2018-3358
	RESERVED
CVE-2018-3357
	RESERVED
CVE-2018-3356
	RESERVED
CVE-2018-3355
	RESERVED
CVE-2018-3354
	RESERVED
CVE-2018-3353
	RESERVED
CVE-2018-3352
	RESERVED
CVE-2018-3351
	RESERVED
CVE-2018-3350
	RESERVED
CVE-2018-3349
	RESERVED
CVE-2018-3348
	RESERVED
CVE-2018-3347
	RESERVED
CVE-2018-3346
	RESERVED
CVE-2018-3345
	RESERVED
CVE-2018-3344
	RESERVED
CVE-2018-3343
	RESERVED
CVE-2018-3342
	RESERVED
CVE-2018-3341
	RESERVED
CVE-2018-3340
	RESERVED
CVE-2018-3339
	RESERVED
CVE-2018-3338
	RESERVED
CVE-2018-3337
	RESERVED
CVE-2018-3336
	RESERVED
CVE-2018-3335
	RESERVED
CVE-2018-3334
	RESERVED
CVE-2018-3333
	RESERVED
CVE-2018-3332
	RESERVED
CVE-2018-3331
	RESERVED
CVE-2018-3330
	RESERVED
CVE-2018-3329
	RESERVED
CVE-2018-3328
	RESERVED
CVE-2018-3327
	RESERVED
CVE-2018-3326
	RESERVED
CVE-2018-3325
	RESERVED
CVE-2018-3324
	RESERVED
CVE-2018-3323
	RESERVED
CVE-2018-3322
	RESERVED
CVE-2018-3321
	RESERVED
CVE-2018-3320
	RESERVED
CVE-2018-3319
	RESERVED
CVE-2018-3318
	RESERVED
CVE-2018-3317
	RESERVED
CVE-2018-3316
	RESERVED
CVE-2018-3315
	RESERVED
CVE-2018-3314
	RESERVED
CVE-2018-3313
	RESERVED
CVE-2018-3312
	RESERVED
CVE-2018-3311
	RESERVED
CVE-2018-3310
	RESERVED
CVE-2018-3309
	RESERVED
CVE-2018-3308
	RESERVED
CVE-2018-3307
	RESERVED
CVE-2018-3306
	RESERVED
CVE-2018-3305
	RESERVED
CVE-2018-3304
	RESERVED
CVE-2018-3303
	RESERVED
CVE-2018-3302
	RESERVED
CVE-2018-3301
	RESERVED
CVE-2018-3300
	RESERVED
CVE-2018-3299
	RESERVED
CVE-2018-3298
	RESERVED
CVE-2018-3297
	RESERVED
CVE-2018-3296
	RESERVED
CVE-2018-3295
	RESERVED
CVE-2018-3294
	RESERVED
CVE-2018-3293
	RESERVED
CVE-2018-3292
	RESERVED
CVE-2018-3291
	RESERVED
CVE-2018-3290
	RESERVED
CVE-2018-3289
	RESERVED
CVE-2018-3288
	RESERVED
CVE-2018-3287
	RESERVED
CVE-2018-3286
	RESERVED
CVE-2018-3285
	RESERVED
CVE-2018-3284
	RESERVED
CVE-2018-3283
	RESERVED
CVE-2018-3282
	RESERVED
CVE-2018-3281
	RESERVED
CVE-2018-3280
	RESERVED
CVE-2018-3279
	RESERVED
CVE-2018-3278
	RESERVED
CVE-2018-3277
	RESERVED
CVE-2018-3276
	RESERVED
CVE-2018-3275
	RESERVED
CVE-2018-3274
	RESERVED
CVE-2018-3273
	RESERVED
CVE-2018-3272
	RESERVED
CVE-2018-3271
	RESERVED
CVE-2018-3270
	RESERVED
CVE-2018-3269
	RESERVED
CVE-2018-3268
	RESERVED
CVE-2018-3267
	RESERVED
CVE-2018-3266
	RESERVED
CVE-2018-3265
	RESERVED
CVE-2018-3264
	RESERVED
CVE-2018-3263
	RESERVED
CVE-2018-3262
	RESERVED
CVE-2018-3261
	RESERVED
CVE-2018-3260
	RESERVED
CVE-2018-3259
	RESERVED
CVE-2018-3258
	RESERVED
CVE-2018-3257
	RESERVED
CVE-2018-3256
	RESERVED
CVE-2018-3255
	RESERVED
CVE-2018-3254
	RESERVED
CVE-2018-3253
	RESERVED
CVE-2018-3252
	RESERVED
CVE-2018-3251
	RESERVED
CVE-2018-3250
	RESERVED
CVE-2018-3249
	RESERVED
CVE-2018-3248
	RESERVED
CVE-2018-3247
	RESERVED
CVE-2018-3246
	RESERVED
CVE-2018-3245
	RESERVED
CVE-2018-3244
	RESERVED
CVE-2018-3243
	RESERVED
CVE-2018-3242
	RESERVED
CVE-2018-3241
	RESERVED
CVE-2018-3240
	RESERVED
CVE-2018-3239
	RESERVED
CVE-2018-3238
	RESERVED
CVE-2018-3237
	RESERVED
CVE-2018-3236
	RESERVED
CVE-2018-3235
	RESERVED
CVE-2018-3234
	RESERVED
CVE-2018-3233
	RESERVED
CVE-2018-3232
	RESERVED
CVE-2018-3231
	RESERVED
CVE-2018-3230
	RESERVED
CVE-2018-3229
	RESERVED
CVE-2018-3228
	RESERVED
CVE-2018-3227
	RESERVED
CVE-2018-3226
	RESERVED
CVE-2018-3225
	RESERVED
CVE-2018-3224
	RESERVED
CVE-2018-3223
	RESERVED
CVE-2018-3222
	RESERVED
CVE-2018-3221
	RESERVED
CVE-2018-3220
	RESERVED
CVE-2018-3219
	RESERVED
CVE-2018-3218
	RESERVED
CVE-2018-3217
	RESERVED
CVE-2018-3216
	RESERVED
CVE-2018-3215
	RESERVED
CVE-2018-3214
	RESERVED
CVE-2018-3213
	RESERVED
CVE-2018-3212
	RESERVED
CVE-2018-3211
	RESERVED
CVE-2018-3210
	RESERVED
CVE-2018-3209
	RESERVED
CVE-2018-3208
	RESERVED
CVE-2018-3207
	RESERVED
CVE-2018-3206
	RESERVED
CVE-2018-3205
	RESERVED
CVE-2018-3204
	RESERVED
CVE-2018-3203
	RESERVED
CVE-2018-3202
	RESERVED
CVE-2018-3201
	RESERVED
CVE-2018-3200
	RESERVED
CVE-2018-3199
	RESERVED
CVE-2018-3198
	RESERVED
CVE-2018-3197
	RESERVED
CVE-2018-3196
	RESERVED
CVE-2018-3195
	RESERVED
CVE-2018-3194
	RESERVED
CVE-2018-3193
	RESERVED
CVE-2018-3192
	RESERVED
CVE-2018-3191
	RESERVED
CVE-2018-3190
	RESERVED
CVE-2018-3189
	RESERVED
CVE-2018-3188
	RESERVED
CVE-2018-3187
	RESERVED
CVE-2018-3186
	RESERVED
CVE-2018-3185
	RESERVED
CVE-2018-3184
	RESERVED
CVE-2018-3183
	RESERVED
CVE-2018-3182
	RESERVED
CVE-2018-3181
	RESERVED
CVE-2018-3180
	RESERVED
CVE-2018-3179
	RESERVED
CVE-2018-3178
	RESERVED
CVE-2018-3177
	RESERVED
CVE-2018-3176
	RESERVED
CVE-2018-3175
	RESERVED
CVE-2018-3174
	RESERVED
CVE-2018-3173
	RESERVED
CVE-2018-3172
	RESERVED
CVE-2018-3171
	RESERVED
CVE-2018-3170
	RESERVED
CVE-2018-3169
	RESERVED
CVE-2018-3168
	RESERVED
CVE-2018-3167
	RESERVED
CVE-2018-3166
	RESERVED
CVE-2018-3165
	RESERVED
CVE-2018-3164
	RESERVED
CVE-2018-3163
	RESERVED
CVE-2018-3162
	RESERVED
CVE-2018-3161
	RESERVED
CVE-2018-3160
	RESERVED
CVE-2018-3159
	RESERVED
CVE-2018-3158
	RESERVED
CVE-2018-3157
	RESERVED
CVE-2018-3156
	RESERVED
CVE-2018-3155
	RESERVED
CVE-2018-3154
	RESERVED
CVE-2018-3153
	RESERVED
CVE-2018-3152
	RESERVED
CVE-2018-3151
	RESERVED
CVE-2018-3150
	RESERVED
CVE-2018-3149
	RESERVED
CVE-2018-3148
	RESERVED
CVE-2018-3147
	RESERVED
CVE-2018-3146
	RESERVED
CVE-2018-3145
	RESERVED
CVE-2018-3144
	RESERVED
CVE-2018-3143
	RESERVED
CVE-2018-3142
	RESERVED
CVE-2018-3141
	RESERVED
CVE-2018-3140
	RESERVED
CVE-2018-3139
	RESERVED
CVE-2018-3138
	RESERVED
CVE-2018-3137
	RESERVED
CVE-2018-3136
	RESERVED
CVE-2018-3135
	RESERVED
CVE-2018-3134
	RESERVED
CVE-2018-3133
	RESERVED
CVE-2018-3132
	RESERVED
CVE-2018-3131
	RESERVED
CVE-2018-3130
	RESERVED
CVE-2018-3129
	RESERVED
CVE-2018-3128
	RESERVED
CVE-2018-3127
	RESERVED
CVE-2018-3126
	RESERVED
CVE-2018-3125
	RESERVED
CVE-2018-3124
	RESERVED
CVE-2018-3123
	RESERVED
CVE-2018-3122
	RESERVED
CVE-2018-3121
	RESERVED
CVE-2018-3120
	RESERVED
CVE-2018-3119
	RESERVED
CVE-2018-3118
	RESERVED
CVE-2018-3117
	RESERVED
CVE-2018-3116
	RESERVED
CVE-2018-3115
	RESERVED
CVE-2018-3114
	RESERVED
CVE-2018-3113
	RESERVED
CVE-2018-3112
	RESERVED
CVE-2018-3111
	RESERVED
CVE-2018-3110
	RESERVED
CVE-2018-3109
	RESERVED
CVE-2018-3108
	RESERVED
CVE-2018-3107
	RESERVED
CVE-2018-3106
	RESERVED
CVE-2018-3105
	RESERVED
CVE-2018-3104
	RESERVED
CVE-2018-3103
	RESERVED
CVE-2018-3102
	RESERVED
CVE-2018-3101
	RESERVED
CVE-2018-3100
	RESERVED
CVE-2018-3099
	RESERVED
CVE-2018-3098
	RESERVED
CVE-2018-3097
	RESERVED
CVE-2018-3096
	RESERVED
CVE-2018-3095
	RESERVED
CVE-2018-3094
	RESERVED
CVE-2018-3093
	RESERVED
CVE-2018-3092
	RESERVED
CVE-2018-3091
	RESERVED
CVE-2018-3090
	RESERVED
CVE-2018-3089
	RESERVED
CVE-2018-3088
	RESERVED
CVE-2018-3087
	RESERVED
CVE-2018-3086
	RESERVED
CVE-2018-3085
	RESERVED
CVE-2018-3084
	RESERVED
CVE-2018-3083
	RESERVED
CVE-2018-3082
	RESERVED
CVE-2018-3081
	RESERVED
CVE-2018-3080
	RESERVED
CVE-2018-3079
	RESERVED
CVE-2018-3078
	RESERVED
CVE-2018-3077
	RESERVED
CVE-2018-3076
	RESERVED
CVE-2018-3075
	RESERVED
CVE-2018-3074
	RESERVED
CVE-2018-3073
	RESERVED
CVE-2018-3072
	RESERVED
CVE-2018-3071
	RESERVED
CVE-2018-3070
	RESERVED
CVE-2018-3069
	RESERVED
CVE-2018-3068
	RESERVED
CVE-2018-3067
	RESERVED
CVE-2018-3066
	RESERVED
CVE-2018-3065
	RESERVED
CVE-2018-3064
	RESERVED
CVE-2018-3063
	RESERVED
CVE-2018-3062
	RESERVED
CVE-2018-3061
	RESERVED
CVE-2018-3060
	RESERVED
CVE-2018-3059
	RESERVED
CVE-2018-3058
	RESERVED
CVE-2018-3057
	RESERVED
CVE-2018-3056
	RESERVED
CVE-2018-3055
	RESERVED
CVE-2018-3054
	RESERVED
CVE-2018-3053
	RESERVED
CVE-2018-3052
	RESERVED
CVE-2018-3051
	RESERVED
CVE-2018-3050
	RESERVED
CVE-2018-3049
	RESERVED
CVE-2018-3048
	RESERVED
CVE-2018-3047
	RESERVED
CVE-2018-3046
	RESERVED
CVE-2018-3045
	RESERVED
CVE-2018-3044
	RESERVED
CVE-2018-3043
	RESERVED
CVE-2018-3042
	RESERVED
CVE-2018-3041
	RESERVED
CVE-2018-3040
	RESERVED
CVE-2018-3039
	RESERVED
CVE-2018-3038
	RESERVED
CVE-2018-3037
	RESERVED
CVE-2018-3036
	RESERVED
CVE-2018-3035
	RESERVED
CVE-2018-3034
	RESERVED
CVE-2018-3033
	RESERVED
CVE-2018-3032
	RESERVED
CVE-2018-3031
	RESERVED
CVE-2018-3030
	RESERVED
CVE-2018-3029
	RESERVED
CVE-2018-3028
	RESERVED
CVE-2018-3027
	RESERVED
CVE-2018-3026
	RESERVED
CVE-2018-3025
	RESERVED
CVE-2018-3024
	RESERVED
CVE-2018-3023
	RESERVED
CVE-2018-3022
	RESERVED
CVE-2018-3021
	RESERVED
CVE-2018-3020
	RESERVED
CVE-2018-3019
	RESERVED
CVE-2018-3018
	RESERVED
CVE-2018-3017
	RESERVED
CVE-2018-3016
	RESERVED
CVE-2018-3015
	RESERVED
CVE-2018-3014
	RESERVED
CVE-2018-3013
	RESERVED
CVE-2018-3012
	RESERVED
CVE-2018-3011
	RESERVED
CVE-2018-3010
	RESERVED
CVE-2018-3009
	RESERVED
CVE-2018-3008
	RESERVED
CVE-2018-3007
	RESERVED
CVE-2018-3006
	RESERVED
CVE-2018-3005
	RESERVED
CVE-2018-3004
	RESERVED
CVE-2018-3003
	RESERVED
CVE-2018-3002
	RESERVED
CVE-2018-3001
	RESERVED
CVE-2018-3000
	RESERVED
CVE-2018-2999
	RESERVED
CVE-2018-2998
	RESERVED
CVE-2018-2997
	RESERVED
CVE-2018-2996
	RESERVED
CVE-2018-2995
	RESERVED
CVE-2018-2994
	RESERVED
CVE-2018-2993
	RESERVED
CVE-2018-2992
	RESERVED
CVE-2018-2991
	RESERVED
CVE-2018-2990
	RESERVED
CVE-2018-2989
	RESERVED
CVE-2018-2988
	RESERVED
CVE-2018-2987
	RESERVED
CVE-2018-2986
	RESERVED
CVE-2018-2985
	RESERVED
CVE-2018-2984
	RESERVED
CVE-2018-2983
	RESERVED
CVE-2018-2982
	RESERVED
CVE-2018-2981
	RESERVED
CVE-2018-2980
	RESERVED
CVE-2018-2979
	RESERVED
CVE-2018-2978
	RESERVED
CVE-2018-2977
	RESERVED
CVE-2018-2976
	RESERVED
CVE-2018-2975
	RESERVED
CVE-2018-2974
	RESERVED
CVE-2018-2973
	RESERVED
CVE-2018-2972
	RESERVED
CVE-2018-2971
	RESERVED
CVE-2018-2970
	RESERVED
CVE-2018-2969
	RESERVED
CVE-2018-2968
	RESERVED
CVE-2018-2967
	RESERVED
CVE-2018-2966
	RESERVED
CVE-2018-2965
	RESERVED
CVE-2018-2964
	RESERVED
CVE-2018-2963
	RESERVED
CVE-2018-2962
	RESERVED
CVE-2018-2961
	RESERVED
CVE-2018-2960
	RESERVED
CVE-2018-2959
	RESERVED
CVE-2018-2958
	RESERVED
CVE-2018-2957
	RESERVED
CVE-2018-2956
	RESERVED
CVE-2018-2955
	RESERVED
CVE-2018-2954
	RESERVED
CVE-2018-2953
	RESERVED
CVE-2018-2952
	RESERVED
CVE-2018-2951
	RESERVED
CVE-2018-2950
	RESERVED
CVE-2018-2949
	RESERVED
CVE-2018-2948
	RESERVED
CVE-2018-2947
	RESERVED
CVE-2018-2946
	RESERVED
CVE-2018-2945
	RESERVED
CVE-2018-2944
	RESERVED
CVE-2018-2943
	RESERVED
CVE-2018-2942
	RESERVED
CVE-2018-2941
	RESERVED
CVE-2018-2940
	RESERVED
CVE-2018-2939
	RESERVED
CVE-2018-2938
	RESERVED
CVE-2018-2937
	RESERVED
CVE-2018-2936
	RESERVED
CVE-2018-2935
	RESERVED
CVE-2018-2934
	RESERVED
CVE-2018-2933
	RESERVED
CVE-2018-2932
	RESERVED
CVE-2018-2931
	RESERVED
CVE-2018-2930
	RESERVED
CVE-2018-2929
	RESERVED
CVE-2018-2928
	RESERVED
CVE-2018-2927
	RESERVED
CVE-2018-2926
	RESERVED
CVE-2018-2925
	RESERVED
CVE-2018-2924
	RESERVED
CVE-2018-2923
	RESERVED
CVE-2018-2922
	RESERVED
CVE-2018-2921
	RESERVED
CVE-2018-2920
	RESERVED
CVE-2018-2919
	RESERVED
CVE-2018-2918
	RESERVED
CVE-2018-2917
	RESERVED
CVE-2018-2916
	RESERVED
CVE-2018-2915
	RESERVED
CVE-2018-2914
	RESERVED
CVE-2018-2913
	RESERVED
CVE-2018-2912
	RESERVED
CVE-2018-2911
	RESERVED
CVE-2018-2910
	RESERVED
CVE-2018-2909
	RESERVED
CVE-2018-2908
	RESERVED
CVE-2018-2907
	RESERVED
CVE-2018-2906
	RESERVED
CVE-2018-2905
	RESERVED
CVE-2018-2904
	RESERVED
CVE-2018-2903
	RESERVED
CVE-2018-2902
	RESERVED
CVE-2018-2901
	RESERVED
CVE-2018-2900
	RESERVED
CVE-2018-2899
	RESERVED
CVE-2018-2898
	RESERVED
CVE-2018-2897
	RESERVED
CVE-2018-2896
	RESERVED
CVE-2018-2895
	RESERVED
CVE-2018-2894
	RESERVED
CVE-2018-2893
	RESERVED
CVE-2018-2892
	RESERVED
CVE-2018-2891
	RESERVED
CVE-2018-2890
	RESERVED
CVE-2018-2889
	RESERVED
CVE-2018-2888
	RESERVED
CVE-2018-2887
	RESERVED
CVE-2018-2886
	RESERVED
CVE-2018-2885
	RESERVED
CVE-2018-2884
	RESERVED
CVE-2018-2883
	RESERVED
CVE-2018-2882
	RESERVED
CVE-2018-2881
	RESERVED
CVE-2018-2880
	RESERVED
CVE-2018-2879 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2878 (Vulnerability in the PeopleSoft Enterprise HCM Shared Components ...)
	NOT-FOR-US: Oracle
CVE-2018-2877 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
	- mysql-cluster <itp> (bug #833356)
CVE-2018-2876 (Vulnerability in the Oracle Retail Integration Bus component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2875
	RESERVED
CVE-2018-2874 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2873 (Vulnerability in the Oracle General Ledger component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2872 (Vulnerability in the Oracle General Ledger component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2871 (Vulnerability in the Oracle Human Resources component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2870 (Vulnerability in the Oracle Human Resources component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2869 (Vulnerability in the Oracle Human Resources component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2868 (Vulnerability in the Oracle Human Resources component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2867 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2866 (Vulnerability in the Oracle General Ledger component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2865 (Vulnerability in the Oracle General Ledger component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2864 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2863 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2862 (Vulnerability in the Oracle Retail Point-of-Service component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2861 (Vulnerability in the Oracle Retail Back Office component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2860 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2859 (Vulnerability in the Oracle Financial Services Basel Regulatory ...)
	NOT-FOR-US: Oracle
CVE-2018-2858 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2857 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2856 (Vulnerability in the Oracle Financial Services Basel Regulatory ...)
	NOT-FOR-US: Oracle
CVE-2018-2855 (Vulnerability in the Oracle Financial Services Basel Regulatory ...)
	NOT-FOR-US: Oracle
CVE-2018-2854 (Vulnerability in the Oracle Financial Services Basel Regulatory ...)
	NOT-FOR-US: Oracle
CVE-2018-2853 (Vulnerability in the Oracle Hospitality Simphony First Edition ...)
	NOT-FOR-US: Oracle
CVE-2018-2852 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2851 (Vulnerability in the Oracle Hospitality Simphony First Edition ...)
	NOT-FOR-US: Oracle
CVE-2018-2850 (Vulnerability in the Oracle Hospitality Cruise Fleet Management System ...)
	NOT-FOR-US: Oracle
CVE-2018-2849 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2018-2848 (Vulnerability in the Oracle Hospitality Simphony First Edition ...)
	NOT-FOR-US: Oracle
CVE-2018-2847 (Vulnerability in the Oracle Hospitality Simphony First Edition ...)
	NOT-FOR-US: Oracle
CVE-2018-2846 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2845 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2844 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2843 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2842 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2841 (Vulnerability in the Java VM component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2018-2840 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
	NOT-FOR-US: Oracle
CVE-2018-2839 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2838 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2018-2837 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2836 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2835 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2834 (Vulnerability in the Oracle Data Visualization Desktop component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2833 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2832 (Vulnerability in the Oracle GoldenGate component of Oracle GoldenGate. ...)
	NOT-FOR-US: Oracle
CVE-2018-2831 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2830 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.10-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2829 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2828 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2827 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2826 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-10 <unfixed>
CVE-2018-2825 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-10 <unfixed>
CVE-2018-2824 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2823 (Vulnerability in the Oracle Transportation Management component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2822 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2018-2821 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2820 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2819 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2818 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2817 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2816 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2815 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2814 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2813 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2812 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2811 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (Specific to Oracle Java, our installation procedure are obviously different)
CVE-2018-2810 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2809 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2808 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2807 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2806 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2805 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <not-affected> (Only affects GIS Extension in Oracle MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects GIS Extension in Oracle MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2804 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2803 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2018-2802 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2801 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2800 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2799 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
CVE-2018-2798 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2797 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2796 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
CVE-2018-2795 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2794 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2793 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2792 (Vulnerability in the Hardware Management Pack component of Oracle Sun ...)
	NOT-FOR-US: Oracle
CVE-2018-2791 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2790 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4185-1}
	- openjdk-10 10.0.1+10-4
	- openjdk-8 8u171-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2789 (Vulnerability in the Siebel Core - Server Framework component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2788 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2787 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2786 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2785 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2784 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2783 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	- openjdk-10 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-8 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-7 <not-affected> (Apparently specific to Oracle Java)
	- openjdk-6 <not-affected> (Apparently specific to Oracle Java)
CVE-2018-2782 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2781 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2780 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2779 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2778 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2777 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2776 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2775 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2774 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2773 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2772 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2771 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2770 (Vulnerability in the Oracle Adaptive Access Manager component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2769 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2768 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2767 [Use of SSL/TLS not enforced in client library (Return of BACKRONYM)]
	RESERVED
	- mariadb-10.2 <unfixed>
	- mariadb-10.1 <unfixed>
	[stretch] - mariadb-10.1 <postponed> (Wait for next upstream security/bugfix release)
	- mariadb-10.0 <removed>
	[jessie] - mariadb-10.0 <postponed> (Wait for next upstream security/bugfix release)
	- mysql-5.7 <unfixed>
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
	[wheezy] - mysql-5.5 <postponed> (Wait for next upstream security/bugfix release)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/2
	NOTE: Result from an incomplete fix for CVE-2015-3152 and related CVE for
	NOTE: Oracle products.
CVE-2018-2766 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2765 (Vulnerability in the Oracle Security Service component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2764 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2763 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2762 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2761 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2760 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2759 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2758 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2757
	RESERVED
CVE-2018-2756 (Vulnerability in the Oracle Communications Order and Service ...)
	NOT-FOR-US: Oracle
CVE-2018-2755 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4176-1 DLA-1355-1}
	- mariadb-10.1 <unfixed> (bug #898445)
	- mariadb-10.0 <removed>
	- mysql-5.7 <unfixed> (bug #895997)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.35, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html#AppendixMSQL
CVE-2018-2754 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2753 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2752 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2751
	RESERVED
CVE-2018-2750 (Vulnerability in the Enterprise Manager Base Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2749 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2748 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2747 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2746 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2745
	RESERVED
CVE-2018-2744
	RESERVED
CVE-2018-2743
	RESERVED
CVE-2018-2742 (Vulnerability in the Enterprise Manager Ops Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2741
	RESERVED
CVE-2018-2740
	RESERVED
CVE-2018-2739 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2738 (Vulnerability in the Oracle Retail Central Office component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2737 (Vulnerability in the Oracle Retail Returns Management component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2736
	RESERVED
CVE-2018-2735
	RESERVED
CVE-2018-2734
	RESERVED
CVE-2018-2733 (Vulnerability in the Oracle Hyperion Planning component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2732 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2731 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...)
	NOT-FOR-US: Oracle
CVE-2018-2730 (Vulnerability in the Oracle Retail Merchandising System component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2729 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing ...)
	NOT-FOR-US: Oracle
CVE-2018-2728 (Vulnerability in the Oracle Financial Services Funds Transfer Pricing ...)
	NOT-FOR-US: Oracle
CVE-2018-2727 (Vulnerability in the Oracle Financial Services Market Risk Measurement ...)
	NOT-FOR-US: Oracle
CVE-2018-2726 (Vulnerability in the Oracle Financial Services Market Risk component ...)
	NOT-FOR-US: Oracle
CVE-2018-2725 (Vulnerability in the Oracle Financial Services Hedge Management and ...)
	NOT-FOR-US: Oracle
CVE-2018-2724 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting ...)
	NOT-FOR-US: Oracle
CVE-2018-2723 (Vulnerability in the Oracle Financial Services Asset Liability ...)
	NOT-FOR-US: Oracle
CVE-2018-2722 (Vulnerability in the Oracle Financial Services Price Creation and ...)
	NOT-FOR-US: Oracle
CVE-2018-2721 (Vulnerability in the Oracle Financial Services Price Creation and ...)
	NOT-FOR-US: Oracle
CVE-2018-2720 (Vulnerability in the Oracle Financial Services Liquidity Risk ...)
	NOT-FOR-US: Oracle
CVE-2018-2719 (Vulnerability in the Oracle Financial Services Hedge Management and ...)
	NOT-FOR-US: Oracle
CVE-2018-2718 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2717 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2716 (Vulnerability in the Oracle Financial Services Market Risk Measurement ...)
	NOT-FOR-US: Oracle
CVE-2018-2715 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
	NOT-FOR-US: Oracle
CVE-2018-2714 (Vulnerability in the Oracle Financial Services Market Risk component ...)
	NOT-FOR-US: Oracle
CVE-2018-2713 (Vulnerability in the Oracle WebCenter Portal component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2712 (Vulnerability in the Oracle Financial Services Loan Loss Forecasting ...)
	NOT-FOR-US: Oracle
CVE-2018-2711 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2710 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2709 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2708 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2707 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2706 (Vulnerability in the Oracle Banking Corporate Lending component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2705 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2704 (Vulnerability in the Oracle Banking Payments component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2703 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2702 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2701 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2018-2700 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2018-2699 (Vulnerability in the Application Express component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2018-2698 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2697 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2018-2696 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2695 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2694 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2693 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox-guest-additions-iso 5.2.6-1
	[jessie] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2018-2692 (Vulnerability in the Oracle Financial Services Asset Liability ...)
	NOT-FOR-US: Oracle
CVE-2018-2691 (Vulnerability in the Oracle User Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2690 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2689 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2688 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2687 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2686 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2685 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2684 (Vulnerability in the Oracle User Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2683 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2682 (Vulnerability in the Oracle Financial Services Liquidity Risk ...)
	NOT-FOR-US: Oracle
CVE-2018-2681 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources ...)
	NOT-FOR-US: Oracle
CVE-2018-2680 (Vulnerability in the Java VM component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2018-2679 (Vulnerability in the Oracle Financial Services Profitability ...)
	NOT-FOR-US: Oracle Financial Services Applications
CVE-2018-2678 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2677 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2676 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2018-2675 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2018-2674 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2673 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2672 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2671 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2670 (Vulnerability in the Oracle Financial Services Profitability ...)
	NOT-FOR-US: Oracle
CVE-2018-2669 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2018-2668 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4091-1 DLA-1250-1}
	- mariadb-10.1 <unfixed> (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2667 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2666 (Vulnerability in the Oracle Hospitality Labor Management component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2665 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4091-1 DLA-1250-1}
	- mariadb-10.1 <unfixed> (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2664 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2663 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2662 (Vulnerability in the Oracle Transportation Management component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2661 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2660 (Vulnerability in the Oracle Financial Services Analytical Applications ...)
	NOT-FOR-US: Oracle
CVE-2018-2659 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2658 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2657 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
	- openjdk-9 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-8 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-7 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-6 <not-affected> (Seems to be specific to Oracle Java)
CVE-2018-2656 (Vulnerability in the Oracle General Ledger component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2655 (Vulnerability in the Oracle Work in Process component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2654 (Vulnerability in the PeopleSoft Enterprise HCM Human Resources ...)
	NOT-FOR-US: Oracle
CVE-2018-2653 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2652 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2651 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2650 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2018-2649 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2648 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2647 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2646 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2645 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2644 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
	NOT-FOR-US: Oracle
CVE-2018-2643 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
	NOT-FOR-US: Oracle
CVE-2018-2642 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
	NOT-FOR-US: Oracle
CVE-2018-2641 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4091-1 DLA-1250-1}
	- mariadb-10.1 <unfixed> (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.33
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2639 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2638 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2018-2637 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2636 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2635 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2634 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2633 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2632 (Vulnerability in the Siebel Engineering - Installer and Deployment ...)
	NOT-FOR-US: Oracle
CVE-2018-2631 (Vulnerability in the Oracle Transportation Management component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2630 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2629 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2628 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2627 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-9 <not-affected> (Specific to installer for Windows)
	- openjdk-8 <not-affected> (Specific to installer for Windows)
CVE-2018-2626 (Vulnerability in the Oracle Financial Services Balance Sheet Planning ...)
	NOT-FOR-US: Oracle
CVE-2018-2625 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2624 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2623 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2622 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4091-1 DLA-1250-1}
	- mariadb-10.1 <unfixed> (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2621 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
	NOT-FOR-US: Oracle
CVE-2018-2620 (Vulnerability in the Primavera Unifier component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2619 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2618 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2617 (Vulnerability in the OSS Support Tools component of Oracle Support ...)
	NOT-FOR-US: Oracle
CVE-2018-2616 (Vulnerability in the OSS Support Tools component of Oracle Support ...)
	NOT-FOR-US: Oracle
CVE-2018-2615 (Vulnerability in the OSS Support Tools component of Oracle Support ...)
	NOT-FOR-US: Oracle
CVE-2018-2614 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2613 (Vulnerability in the Oracle Argus Safety component of Oracle Health ...)
	NOT-FOR-US: Oracle
CVE-2018-2612 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.1 <unfixed> (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2611 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2610 (Vulnerability in the Hyperion Data Relationship Management component ...)
	NOT-FOR-US: Oracle
CVE-2018-2609 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2018-2608 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2607 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2606 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2605 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2604 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2603 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2602 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2601 (Vulnerability in the Oracle Internet Directory component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2599 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2598
	RESERVED
CVE-2018-2597 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
	NOT-FOR-US: Oracle
CVE-2018-2596 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2595 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion ...)
	NOT-FOR-US: Oracle
CVE-2018-2594 (Vulnerability in the Hyperion BI+ component of Oracle Hyperion ...)
	NOT-FOR-US: Oracle
CVE-2018-2593 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2592 (Vulnerability in the Oracle Financial Services Balance Sheet Planning ...)
	NOT-FOR-US: Oracle
CVE-2018-2591 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2590 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2589 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2588 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2587 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2586 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2585 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	- mysql-connector-net <unfixed> (bug #887751)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2584 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2583 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2582 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4144-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
CVE-2018-2581 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjfx 8u161-b12-1 (bug #888530)
	[stretch] - openjfx <no-dsa> (Minor issue)
CVE-2018-2580 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2579 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4166-1 DSA-4144-1 DLA-1339-1}
	- openjdk-9 9.0.4+12-1
	- openjdk-8 8u162-b12-1
	[experimental] - openjdk-7 7u171-2.6.13-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2018-2578 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2577 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2576 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2575 (Vulnerability in the Core RDBMS component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2018-2574 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...)
	NOT-FOR-US: Oracle
CVE-2018-2573 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2572 (Vulnerability in the Oracle Agile Product Lifecycle Management for ...)
	NOT-FOR-US: Oracle
CVE-2018-2571 (Vulnerability in the Oracle Communications Unified Inventory ...)
	NOT-FOR-US: Oracle
CVE-2018-2570 (Vulnerability in the Oracle Communications Unified Inventory ...)
	NOT-FOR-US: Oracle
CVE-2018-2569 (Vulnerability in the Java ME SDK component of Oracle Java Micro ...)
	NOT-FOR-US: Oracle
CVE-2018-2568 (Vulnerability in the Integrated Lights Out Manager (ILOM) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2567 (Vulnerability in the Oracle Communications Order and Service ...)
	NOT-FOR-US: Oracle
CVE-2018-2566 (Vulnerability in the Integrated Lights Out Manager (ILOM) component of ...)
	NOT-FOR-US: Oracle
CVE-2018-2565 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.21-1 (bug #887477)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2564 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2018-2563 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2562 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4091-1 DLA-1250-1}
	- mariadb-10.1 <unfixed> (bug #898444)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1
	- mysql-5.5 <removed>
	NOTE: Fixed in MariaDB 10.0.34, 10.1.31
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html#AppendixMSQL
CVE-2018-2561 (Vulnerability in the Oracle HTTP Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2018-2560 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2018-2559
	RESERVED
CVE-2018-2558
	RESERVED
CVE-2018-2557
	RESERVED
CVE-2018-2556
	RESERVED
CVE-2018-2555
	RESERVED
CVE-2018-2554
	RESERVED
CVE-2018-2553
	RESERVED
CVE-2018-2552
	RESERVED
CVE-2018-2551
	RESERVED
CVE-2018-2550
	RESERVED
CVE-2018-2549
	RESERVED
CVE-2018-2548
	RESERVED
CVE-2018-2547
	RESERVED
CVE-2018-2546
	RESERVED
CVE-2018-2545
	RESERVED
CVE-2018-2544
	RESERVED
CVE-2018-2543
	RESERVED
CVE-2018-2542
	RESERVED
CVE-2018-2541
	RESERVED
CVE-2018-2540
	RESERVED
CVE-2018-2539
	RESERVED
CVE-2018-2538
	RESERVED
CVE-2018-2537
	RESERVED
CVE-2018-2536
	RESERVED
CVE-2018-2535
	RESERVED
CVE-2018-2534
	RESERVED
CVE-2018-2533
	RESERVED
CVE-2018-2532
	RESERVED
CVE-2018-2531
	RESERVED
CVE-2018-2530
	RESERVED
CVE-2018-2529
	RESERVED
CVE-2018-2528
	RESERVED
CVE-2018-2527
	RESERVED
CVE-2018-2526
	RESERVED
CVE-2018-2525
	RESERVED
CVE-2018-2524
	RESERVED
CVE-2018-2523
	RESERVED
CVE-2018-2522
	RESERVED
CVE-2018-2521
	RESERVED
CVE-2018-2520
	RESERVED
CVE-2018-2519
	RESERVED
CVE-2018-2518
	RESERVED
CVE-2018-2517
	RESERVED
CVE-2018-2516
	RESERVED
CVE-2018-2515
	RESERVED
CVE-2018-2514
	RESERVED
CVE-2018-2513
	RESERVED
CVE-2018-2512
	RESERVED
CVE-2018-2511
	RESERVED
CVE-2018-2510
	RESERVED
CVE-2018-2509
	RESERVED
CVE-2018-2508
	RESERVED
CVE-2018-2507
	RESERVED
CVE-2018-2506
	RESERVED
CVE-2018-2505
	RESERVED
CVE-2018-2504
	RESERVED
CVE-2018-2503
	RESERVED
CVE-2018-2502
	RESERVED
CVE-2018-2501
	RESERVED
CVE-2018-2500
	RESERVED
CVE-2018-2499
	RESERVED
CVE-2018-2498
	RESERVED
CVE-2018-2497
	RESERVED
CVE-2018-2496
	RESERVED
CVE-2018-2495
	RESERVED
CVE-2018-2494
	RESERVED
CVE-2018-2493
	RESERVED
CVE-2018-2492
	RESERVED
CVE-2018-2491
	RESERVED
CVE-2018-2490
	RESERVED
CVE-2018-2489
	RESERVED
CVE-2018-2488
	RESERVED
CVE-2018-2487
	RESERVED
CVE-2018-2486
	RESERVED
CVE-2018-2485
	RESERVED
CVE-2018-2484
	RESERVED
CVE-2018-2483
	RESERVED
CVE-2018-2482
	RESERVED
CVE-2018-2481
	RESERVED
CVE-2018-2480
	RESERVED
CVE-2018-2479
	RESERVED
CVE-2018-2478
	RESERVED
CVE-2018-2477
	RESERVED
CVE-2018-2476
	RESERVED
CVE-2018-2475
	RESERVED
CVE-2018-2474
	RESERVED
CVE-2018-2473
	RESERVED
CVE-2018-2472
	RESERVED
CVE-2018-2471
	RESERVED
CVE-2018-2470
	RESERVED
CVE-2018-2469
	RESERVED
CVE-2018-2468
	RESERVED
CVE-2018-2467
	RESERVED
CVE-2018-2466
	RESERVED
CVE-2018-2465
	RESERVED
CVE-2018-2464
	RESERVED
CVE-2018-2463
	RESERVED
CVE-2018-2462
	RESERVED
CVE-2018-2461
	RESERVED
CVE-2018-2460
	RESERVED
CVE-2018-2459
	RESERVED
CVE-2018-2458
	RESERVED
CVE-2018-2457
	RESERVED
CVE-2018-2456
	RESERVED
CVE-2018-2455
	RESERVED
CVE-2018-2454
	RESERVED
CVE-2018-2453
	RESERVED
CVE-2018-2452
	RESERVED
CVE-2018-2451
	RESERVED
CVE-2018-2450
	RESERVED
CVE-2018-2449
	RESERVED
CVE-2018-2448
	RESERVED
CVE-2018-2447
	RESERVED
CVE-2018-2446
	RESERVED
CVE-2018-2445
	RESERVED
CVE-2018-2444
	RESERVED
CVE-2018-2443
	RESERVED
CVE-2018-2442
	RESERVED
CVE-2018-2441
	RESERVED
CVE-2018-2440
	RESERVED
CVE-2018-2439
	RESERVED
CVE-2018-2438
	RESERVED
CVE-2018-2437
	RESERVED
CVE-2018-2436
	RESERVED
CVE-2018-2435
	RESERVED
CVE-2018-2434
	RESERVED
CVE-2018-2433
	RESERVED
CVE-2018-2432
	RESERVED
CVE-2018-2431
	RESERVED
CVE-2018-2430
	RESERVED
CVE-2018-2429
	RESERVED
CVE-2018-2428
	RESERVED
CVE-2018-2427
	RESERVED
CVE-2018-2426
	RESERVED
CVE-2018-2425
	RESERVED
CVE-2018-2424
	RESERVED
CVE-2018-2423 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2422 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2421 (SAP Internet Graphics Server (IGS) Portwatcher, 7.20, 7.20EXT, 7.45, ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2420 (SAP Internet Graphics Server (IGS), 7.20, 7.20EXT, 7.45, 7.49, 7.53, ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2419 (SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, ...)
	NOT-FOR-US: SAP Enterprise Financial Services
CVE-2018-2418 (SAP MaxDB ODBC driver (all versions before 7.9.09.07) allows an ...)
	NOT-FOR-US: SAP MaxDB ODBC driver
CVE-2018-2417 (Under certain conditions, the SAP Identity Management 8.0 (pass of ...)
	NOT-FOR-US: SAP Identity Management
CVE-2018-2416 (SAP Identity Management 8.0 does not sufficiently validate an XML ...)
	NOT-FOR-US: SAP Identity Management
CVE-2018-2415 (SAP NetWeaver Application Server Java Web Container and HTTP Service ...)
	NOT-FOR-US: SAP NetWeaver Application Server Java Web Container and HTTP Service
CVE-2018-2414
	RESERVED
CVE-2018-2413 (SAP Disclosure Management 10.1 does not perform necessary ...)
	NOT-FOR-US: SAP
CVE-2018-2412 (SAP Disclosure Management 10.1 does not perform necessary ...)
	NOT-FOR-US: SAP
CVE-2018-2411
	RESERVED
CVE-2018-2410 (SAP Business One, 9.2, 9.3, browser access does not sufficiently ...)
	NOT-FOR-US: SAP
CVE-2018-2409 (Improper session management when using SAP Cloud Platform 2.0 ...)
	NOT-FOR-US: SAP
CVE-2018-2408 (Improper Session Management in SAP Business Objects, 4.0, from 4.10, ...)
	NOT-FOR-US: SAP
CVE-2018-2407
	RESERVED
CVE-2018-2406 (Unquoted windows search path (directory/path traversal) vulnerability ...)
	NOT-FOR-US: Crystal Reports Server
CVE-2018-2405 (SAP Solution Manager, 7.10, 7.20, Incident Management Work Center ...)
	NOT-FOR-US: SAP
CVE-2018-2404 (SAP Disclosure Management 10.1 allows an attacker to upload any file ...)
	NOT-FOR-US: SAP
CVE-2018-2403 (Under certain conditions, SAP Disclosure Management 10.1 allows an ...)
	NOT-FOR-US: SAP
CVE-2018-2402 (In systems using the optional capture &amp; replay functionality of SAP ...)
	NOT-FOR-US: SAP
CVE-2018-2401 (SAP Business Process Automation (BPA) By Redwood does not sufficiently ...)
	NOT-FOR-US: SAP
CVE-2018-2400 (Under certain conditions SAP Business Process Automation (BPA) By ...)
	NOT-FOR-US: SAP
CVE-2018-2399 (Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 ...)
	NOT-FOR-US: SAP
CVE-2018-2398 (Under certain conditions SAP Business Client 6.5 allows an attacker to ...)
	NOT-FOR-US: SAP
CVE-2018-2397 (In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, ...)
	NOT-FOR-US: SAP
CVE-2018-2396 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2395 (Under certain conditions a malicious user may retrieve information on ...)
	NOT-FOR-US: SAP Internet Graphic Server
CVE-2018-2394 (Under certain conditions an unauthenticated malicious user can prevent ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2393 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2392 (Under certain conditions SAP Internet Graphics Server (IGS) 7.20, ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2391 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2390 (Under certain conditions a malicious user can prevent legitimate users ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2389 (Under certain conditions a malicious user can inject log files of SAP ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2388 (Stored cross-site scripting vulnerability in SAP internet Graphics ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2387 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2386 (Under certain conditions a malicious user provoking an out of bounds ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2385 (Under certain conditions a malicious user provoking a divide by zero ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2384 (Under certain conditions a malicious user provoking a Null Pointer ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2383 (Reflected cross-site scripting vulnerability in SAP internet Graphics ...)
	NOT-FOR-US: SAP Internet Graphics Server
CVE-2018-2382 (A vulnerability in the SAP internet Graphics Server, 7.20, 7.20EXT, ...)
	NOT-FOR-US: SAP internet Graphics Server
CVE-2018-2381 (SAP ERP Financials Information System (SAP_APPL 6.00, 6.02, 6.03, ...)
	NOT-FOR-US: SAP ERP Financials Information System
CVE-2018-2380 (SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to ...)
	NOT-FOR-US: SAP CRM
CVE-2018-2379 (In SAP HANA Extended Application Services, 1.0, an unauthenticated ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2378 (In SAP HANA Extended Application Services, 1.0, unauthorized users can ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2377 (In SAP HANA Extended Application Services, 1.0, some general server ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2376 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2375 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2374 (In SAP HANA Extended Application Services, 1.0, a controller user who ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2373 (Under certain circumstances, a specific endpoint of the Controller's ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2372 (A plain keystore password is written to a system log file in SAP HANA ...)
	NOT-FOR-US: SAP HANA Extended Application Services
CVE-2018-2371 (The SAML 2.0 service provider of SAP Netweaver AS Java Web ...)
	NOT-FOR-US: SAP Netweaver AS Java Web Application
CVE-2018-2370 (Server Side Request Forgery (SSRF) vulnerability in SAP Central ...)
	NOT-FOR-US: SAP Central Management Console
CVE-2018-2369 (Under certain conditions SAP HANA, 1.00, 2.00, allows an ...)
	NOT-FOR-US: SAP HANA
CVE-2018-2368 (SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, ...)
	NOT-FOR-US: SAP NetWeaver System Landscape Directory
CVE-2018-2367 (ABAP File Interface in, SAP BASIS, from 7.00 to 7.02, from 7.10 to ...)
	NOT-FOR-US: SAP BASIS
CVE-2018-2366 (SAP Business Process Automation (BPA) By Redwood, 9.0, 9.1, allows an ...)
	NOT-FOR-US: SAP
CVE-2018-2365 (SAP NetWeaver Portal, WebDynpro Java, 7.30, 7.31, 7.40, 7.50, does not ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2018-2364 (SAP CRM WebClient UI 7.01, 7.31, 7.46, 7.47, 7.48, 8.00, 8.01, S4FND ...)
	NOT-FOR-US: SAP
CVE-2018-2363 (SAP NetWeaver, SAP BASIS from 7.00 to 7.02, from 7.10 to 7.11, 7.30, ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2018-2362 (A remote unauthenticated attacker, SAP HANA 1.00 and 2.00, could send ...)
	NOT-FOR-US: SAP HANA
CVE-2018-2361 (In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the ...)
	NOT-FOR-US: SAP Solution Manager
CVE-2018-2360 (SAP Startup Service, SAP KERNEL 7.45, 7.49, and 7.52, is missing an ...)
	NOT-FOR-US: SAP Startup Service
CVE-2017-17701 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17700 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17699 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17698 (Zoho ManageEngine Password Manager Pro 9 before 9.4 (9400) has ...)
	NOT-FOR-US: Zoho ManageEngine Password Manager Pro
CVE-2017-17697 (The Ping() function in ui/api/target.go in Harbor through 1.3.0-rc4 has ...)
	NOT-FOR-US: Harbor
CVE-2017-17696 (Techno - Portfolio Management Panel through 2017-11-16 allows full path ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17695 (Techno - Portfolio Management Panel through 2017-11-16 allows SQL ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17694 (Techno - Portfolio Management Panel through 2017-11-16 allows XSS via ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17693 (Techno - Portfolio Management Panel through 2017-11-16 does not check ...)
	NOT-FOR-US: Techno - Portfolio Management Panel
CVE-2017-17692 (Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass ...)
	NOT-FOR-US: Samsung Internet Browser
CVE-2017-17691
	RESERVED
CVE-2017-17690
	RESERVED
CVE-2017-17689 (The S/MIME specification allows a Cipher Block Chaining (CBC) ...)
	- thunderbird 1:52.8.0-1 (bug #898631)
	- evolution <unfixed> (bug #898633)
	- kmail <unfixed> (bug #898634)
	- kf5-messagelib <unfixed> (bug #899127)
	- kdepim <removed> (bug #899128)
	NOTE: https://efail.de
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=796135 
	NOTE: https://dot.kde.org/2018/05/15/efail-and-kmail
	TODO: check all clients
CVE-2017-17688 (** DISPUTED ** The OpenPGP specification allows a Cipher Feedback Mode ...)
	- enigmail <unfixed> (bug #898630)
	NOTE: vulnerability is in the clients handling, not in OpenPGP
	NOTE: https://efail.de
	TODO: check all clients
CVE-2017-17687
	RESERVED
CVE-2017-17686
	RESERVED
CVE-2017-17685
	RESERVED
CVE-2016-10703 (A regular expression Denial of Service (DoS) vulnerability in the file ...)
	NOT-FOR-US: ecstatic npm
CVE-2018-2359
	RESERVED
CVE-2018-2358
	RESERVED
CVE-2018-2357
	RESERVED
CVE-2018-2356
	RESERVED
CVE-2018-2355
	RESERVED
CVE-2018-2354
	RESERVED
CVE-2018-2353
	RESERVED
CVE-2018-2352
	RESERVED
CVE-2018-2351
	RESERVED
CVE-2018-2350
	RESERVED
CVE-2018-2349
	RESERVED
CVE-2018-2348
	RESERVED
CVE-2018-2347
	RESERVED
CVE-2018-2346
	RESERVED
CVE-2018-2345
	RESERVED
CVE-2018-2344
	RESERVED
CVE-2018-2343
	RESERVED
CVE-2018-2342
	RESERVED
CVE-2018-2341
	RESERVED
CVE-2018-2340
	RESERVED
CVE-2018-2339
	RESERVED
CVE-2018-2338
	RESERVED
CVE-2018-2337
	RESERVED
CVE-2018-2336
	RESERVED
CVE-2018-2335
	RESERVED
CVE-2018-2334
	RESERVED
CVE-2018-2333
	RESERVED
CVE-2018-2332
	RESERVED
CVE-2018-2331
	RESERVED
CVE-2018-2330
	RESERVED
CVE-2018-2329
	RESERVED
CVE-2018-2328
	RESERVED
CVE-2018-2327
	RESERVED
CVE-2018-2326
	RESERVED
CVE-2018-2325
	RESERVED
CVE-2018-2324
	RESERVED
CVE-2018-2323
	RESERVED
CVE-2018-2322
	RESERVED
CVE-2018-2321
	RESERVED
CVE-2018-2320
	RESERVED
CVE-2018-2319
	RESERVED
CVE-2018-2318
	RESERVED
CVE-2018-2317
	RESERVED
CVE-2018-2316
	RESERVED
CVE-2018-2315
	RESERVED
CVE-2018-2314
	RESERVED
CVE-2018-2313
	RESERVED
CVE-2018-2312
	RESERVED
CVE-2018-2311
	RESERVED
CVE-2018-2310
	RESERVED
CVE-2018-2309
	RESERVED
CVE-2018-2308
	RESERVED
CVE-2018-2307
	RESERVED
CVE-2018-2306
	RESERVED
CVE-2018-2305
	RESERVED
CVE-2018-2304
	RESERVED
CVE-2018-2303
	RESERVED
CVE-2018-2302
	RESERVED
CVE-2018-2301
	RESERVED
CVE-2018-2300
	RESERVED
CVE-2018-2299
	RESERVED
CVE-2018-2298
	RESERVED
CVE-2018-2297
	RESERVED
CVE-2018-2296
	RESERVED
CVE-2018-2295
	RESERVED
CVE-2018-2294
	RESERVED
CVE-2018-2293
	RESERVED
CVE-2018-2292
	RESERVED
CVE-2018-2291
	RESERVED
CVE-2018-2290
	RESERVED
CVE-2018-2289
	RESERVED
CVE-2018-2288
	RESERVED
CVE-2018-2287
	RESERVED
CVE-2018-2286
	RESERVED
CVE-2018-2285
	RESERVED
CVE-2018-2284
	RESERVED
CVE-2018-2283
	RESERVED
CVE-2018-2282
	RESERVED
CVE-2018-2281
	RESERVED
CVE-2018-2280
	RESERVED
CVE-2018-2279
	RESERVED
CVE-2018-2278
	RESERVED
CVE-2018-2277
	RESERVED
CVE-2018-2276
	RESERVED
CVE-2018-2275
	RESERVED
CVE-2018-2274
	RESERVED
CVE-2018-2273
	RESERVED
CVE-2018-2272
	RESERVED
CVE-2018-2271
	RESERVED
CVE-2018-2270
	RESERVED
CVE-2018-2269
	RESERVED
CVE-2018-2268
	RESERVED
CVE-2018-2267
	RESERVED
CVE-2018-2266
	RESERVED
CVE-2018-2265
	RESERVED
CVE-2018-2264
	RESERVED
CVE-2018-2263
	RESERVED
CVE-2018-2262
	RESERVED
CVE-2018-2261
	RESERVED
CVE-2018-2260
	RESERVED
CVE-2018-2259
	RESERVED
CVE-2018-2258
	RESERVED
CVE-2018-2257
	RESERVED
CVE-2018-2256
	RESERVED
CVE-2018-2255
	RESERVED
CVE-2018-2254
	RESERVED
CVE-2018-2253
	RESERVED
CVE-2018-2252
	RESERVED
CVE-2018-2251
	RESERVED
CVE-2018-2250
	RESERVED
CVE-2018-2249
	RESERVED
CVE-2018-2248
	RESERVED
CVE-2018-2247
	RESERVED
CVE-2018-2246
	RESERVED
CVE-2018-2245
	RESERVED
CVE-2018-2244
	RESERVED
CVE-2018-2243
	RESERVED
CVE-2018-2242
	RESERVED
CVE-2018-2241
	RESERVED
CVE-2018-2240
	RESERVED
CVE-2018-2239
	RESERVED
CVE-2018-2238
	RESERVED
CVE-2018-2237
	RESERVED
CVE-2018-2236
	RESERVED
CVE-2018-2235
	RESERVED
CVE-2018-2234
	RESERVED
CVE-2018-2233
	RESERVED
CVE-2018-2232
	RESERVED
CVE-2018-2231
	RESERVED
CVE-2018-2230
	RESERVED
CVE-2018-2229
	RESERVED
CVE-2018-2228
	RESERVED
CVE-2018-2227
	RESERVED
CVE-2018-2226
	RESERVED
CVE-2018-2225
	RESERVED
CVE-2018-2224
	RESERVED
CVE-2018-2223
	RESERVED
CVE-2018-2222
	RESERVED
CVE-2018-2221
	RESERVED
CVE-2018-2220
	RESERVED
CVE-2018-2219
	RESERVED
CVE-2018-2218
	RESERVED
CVE-2018-2217
	RESERVED
CVE-2018-2216
	RESERVED
CVE-2018-2215
	RESERVED
CVE-2018-2214
	RESERVED
CVE-2018-2213
	RESERVED
CVE-2018-2212
	RESERVED
CVE-2018-2211
	RESERVED
CVE-2018-2210
	RESERVED
CVE-2018-2209
	RESERVED
CVE-2018-2208
	RESERVED
CVE-2018-2207
	RESERVED
CVE-2018-2206
	RESERVED
CVE-2018-2205
	RESERVED
CVE-2018-2204
	RESERVED
CVE-2018-2203
	RESERVED
CVE-2018-2202
	RESERVED
CVE-2018-2201
	RESERVED
CVE-2018-2200
	RESERVED
CVE-2018-2199
	RESERVED
CVE-2018-2198
	RESERVED
CVE-2018-2197
	RESERVED
CVE-2018-2196
	RESERVED
CVE-2018-2195
	RESERVED
CVE-2018-2194
	RESERVED
CVE-2018-2193
	RESERVED
CVE-2018-2192
	RESERVED
CVE-2018-2191
	RESERVED
CVE-2018-2190
	RESERVED
CVE-2018-2189
	RESERVED
CVE-2018-2188
	RESERVED
CVE-2018-2187
	RESERVED
CVE-2018-2186
	RESERVED
CVE-2018-2185
	RESERVED
CVE-2018-2184
	RESERVED
CVE-2018-2183
	RESERVED
CVE-2018-2182
	RESERVED
CVE-2018-2181
	RESERVED
CVE-2018-2180
	RESERVED
CVE-2018-2179
	RESERVED
CVE-2018-2178
	RESERVED
CVE-2018-2177
	RESERVED
CVE-2018-2176
	RESERVED
CVE-2018-2175
	RESERVED
CVE-2018-2174
	RESERVED
CVE-2018-2173
	RESERVED
CVE-2018-2172
	RESERVED
CVE-2018-2171
	RESERVED
CVE-2018-2170
	RESERVED
CVE-2018-2169
	RESERVED
CVE-2018-2168
	RESERVED
CVE-2018-2167
	RESERVED
CVE-2018-2166
	RESERVED
CVE-2018-2165
	RESERVED
CVE-2018-2164
	RESERVED
CVE-2018-2163
	RESERVED
CVE-2018-2162
	RESERVED
CVE-2018-2161
	RESERVED
CVE-2018-2160
	RESERVED
CVE-2018-2159
	RESERVED
CVE-2018-2158
	RESERVED
CVE-2018-2157
	RESERVED
CVE-2018-2156
	RESERVED
CVE-2018-2155
	RESERVED
CVE-2018-2154
	RESERVED
CVE-2018-2153
	RESERVED
CVE-2018-2152
	RESERVED
CVE-2018-2151
	RESERVED
CVE-2018-2150
	RESERVED
CVE-2018-2149
	RESERVED
CVE-2018-2148
	RESERVED
CVE-2018-2147
	RESERVED
CVE-2018-2146
	RESERVED
CVE-2018-2145
	RESERVED
CVE-2018-2144
	RESERVED
CVE-2018-2143
	RESERVED
CVE-2018-2142
	RESERVED
CVE-2018-2141
	RESERVED
CVE-2018-2140
	RESERVED
CVE-2018-2139
	RESERVED
CVE-2018-2138
	RESERVED
CVE-2018-2137
	RESERVED
CVE-2018-2136
	RESERVED
CVE-2018-2135
	RESERVED
CVE-2018-2134
	RESERVED
CVE-2018-2133
	RESERVED
CVE-2018-2132
	RESERVED
CVE-2018-2131
	RESERVED
CVE-2018-2130
	RESERVED
CVE-2018-2129
	RESERVED
CVE-2018-2128
	RESERVED
CVE-2018-2127
	RESERVED
CVE-2018-2126
	RESERVED
CVE-2018-2125
	RESERVED
CVE-2018-2124
	RESERVED
CVE-2018-2123
	RESERVED
CVE-2018-2122
	RESERVED
CVE-2018-2121
	RESERVED
CVE-2018-2120
	RESERVED
CVE-2018-2119
	RESERVED
CVE-2018-2118
	RESERVED
CVE-2018-2117
	RESERVED
CVE-2018-2116
	RESERVED
CVE-2018-2115
	RESERVED
CVE-2018-2114
	RESERVED
CVE-2018-2113
	RESERVED
CVE-2018-2112
	RESERVED
CVE-2018-2111
	RESERVED
CVE-2018-2110
	RESERVED
CVE-2018-2109
	RESERVED
CVE-2018-2108
	RESERVED
CVE-2018-2107
	RESERVED
CVE-2018-2106
	RESERVED
CVE-2018-2105
	RESERVED
CVE-2018-2104
	RESERVED
CVE-2018-2103
	RESERVED
CVE-2018-2102
	RESERVED
CVE-2018-2101
	RESERVED
CVE-2018-2100
	RESERVED
CVE-2018-2099
	RESERVED
CVE-2018-2098
	RESERVED
CVE-2018-2097
	RESERVED
CVE-2018-2096
	RESERVED
CVE-2018-2095
	RESERVED
CVE-2018-2094
	RESERVED
CVE-2018-2093
	RESERVED
CVE-2018-2092
	RESERVED
CVE-2018-2091
	RESERVED
CVE-2018-2090
	RESERVED
CVE-2018-2089
	RESERVED
CVE-2018-2088
	RESERVED
CVE-2018-2087
	RESERVED
CVE-2018-2086
	RESERVED
CVE-2018-2085
	RESERVED
CVE-2018-2084
	RESERVED
CVE-2018-2083
	RESERVED
CVE-2018-2082
	RESERVED
CVE-2018-2081
	RESERVED
CVE-2018-2080
	RESERVED
CVE-2018-2079
	RESERVED
CVE-2018-2078
	RESERVED
CVE-2018-2077
	RESERVED
CVE-2018-2076
	RESERVED
CVE-2018-2075
	RESERVED
CVE-2018-2074
	RESERVED
CVE-2018-2073
	RESERVED
CVE-2018-2072
	RESERVED
CVE-2018-2071
	RESERVED
CVE-2018-2070
	RESERVED
CVE-2018-2069
	RESERVED
CVE-2018-2068
	RESERVED
CVE-2018-2067
	RESERVED
CVE-2018-2066
	RESERVED
CVE-2018-2065
	RESERVED
CVE-2018-2064
	RESERVED
CVE-2018-2063
	RESERVED
CVE-2018-2062
	RESERVED
CVE-2018-2061
	RESERVED
CVE-2018-2060
	RESERVED
CVE-2018-2059
	RESERVED
CVE-2018-2058
	RESERVED
CVE-2018-2057
	RESERVED
CVE-2018-2056
	RESERVED
CVE-2018-2055
	RESERVED
CVE-2018-2054
	RESERVED
CVE-2018-2053
	RESERVED
CVE-2018-2052
	RESERVED
CVE-2018-2051
	RESERVED
CVE-2018-2050
	RESERVED
CVE-2018-2049
	RESERVED
CVE-2018-2048
	RESERVED
CVE-2018-2047
	RESERVED
CVE-2018-2046
	RESERVED
CVE-2018-2045
	RESERVED
CVE-2018-2044
	RESERVED
CVE-2018-2043
	RESERVED
CVE-2018-2042
	RESERVED
CVE-2018-2041
	RESERVED
CVE-2018-2040
	RESERVED
CVE-2018-2039
	RESERVED
CVE-2018-2038
	RESERVED
CVE-2018-2037
	RESERVED
CVE-2018-2036
	RESERVED
CVE-2018-2035
	RESERVED
CVE-2018-2034
	RESERVED
CVE-2018-2033
	RESERVED
CVE-2018-2032
	RESERVED
CVE-2018-2031
	RESERVED
CVE-2018-2030
	RESERVED
CVE-2018-2029
	RESERVED
CVE-2018-2028
	RESERVED
CVE-2018-2027
	RESERVED
CVE-2018-2026
	RESERVED
CVE-2018-2025
	RESERVED
CVE-2018-2024
	RESERVED
CVE-2018-2023
	RESERVED
CVE-2018-2022
	RESERVED
CVE-2018-2021
	RESERVED
CVE-2018-2020
	RESERVED
CVE-2018-2019
	RESERVED
CVE-2018-2018
	RESERVED
CVE-2018-2017
	RESERVED
CVE-2018-2016
	RESERVED
CVE-2018-2015
	RESERVED
CVE-2018-2014
	RESERVED
CVE-2018-2013
	RESERVED
CVE-2018-2012
	RESERVED
CVE-2018-2011
	RESERVED
CVE-2018-2010
	RESERVED
CVE-2018-2009
	RESERVED
CVE-2018-2008
	RESERVED
CVE-2018-2007
	RESERVED
CVE-2018-2006
	RESERVED
CVE-2018-2005
	RESERVED
CVE-2018-2004
	RESERVED
CVE-2018-2003
	RESERVED
CVE-2018-2002
	RESERVED
CVE-2018-2001
	RESERVED
CVE-2018-2000
	RESERVED
CVE-2018-1999
	RESERVED
CVE-2018-1998
	RESERVED
CVE-2018-1997
	RESERVED
CVE-2018-1996
	RESERVED
CVE-2018-1995
	RESERVED
CVE-2018-1994
	RESERVED
CVE-2018-1993
	RESERVED
CVE-2018-1992
	RESERVED
CVE-2018-1991
	RESERVED
CVE-2018-1990
	RESERVED
CVE-2018-1989
	RESERVED
CVE-2018-1988
	RESERVED
CVE-2018-1987
	RESERVED
CVE-2018-1986
	RESERVED
CVE-2018-1985
	RESERVED
CVE-2018-1984
	RESERVED
CVE-2018-1983
	RESERVED
CVE-2018-1982
	RESERVED
CVE-2018-1981
	RESERVED
CVE-2018-1980
	RESERVED
CVE-2018-1979
	RESERVED
CVE-2018-1978
	RESERVED
CVE-2018-1977
	RESERVED
CVE-2018-1976
	RESERVED
CVE-2018-1975
	RESERVED
CVE-2018-1974
	RESERVED
CVE-2018-1973
	RESERVED
CVE-2018-1972
	RESERVED
CVE-2018-1971
	RESERVED
CVE-2018-1970
	RESERVED
CVE-2018-1969
	RESERVED
CVE-2018-1968
	RESERVED
CVE-2018-1967
	RESERVED
CVE-2018-1966
	RESERVED
CVE-2018-1965
	RESERVED
CVE-2018-1964
	RESERVED
CVE-2018-1963
	RESERVED
CVE-2018-1962
	RESERVED
CVE-2018-1961
	RESERVED
CVE-2018-1960
	RESERVED
CVE-2018-1959
	RESERVED
CVE-2018-1958
	RESERVED
CVE-2018-1957
	RESERVED
CVE-2018-1956
	RESERVED
CVE-2018-1955
	RESERVED
CVE-2018-1954
	RESERVED
CVE-2018-1953
	RESERVED
CVE-2018-1952
	RESERVED
CVE-2018-1951
	RESERVED
CVE-2018-1950
	RESERVED
CVE-2018-1949
	RESERVED
CVE-2018-1948
	RESERVED
CVE-2018-1947
	RESERVED
CVE-2018-1946
	RESERVED
CVE-2018-1945
	RESERVED
CVE-2018-1944
	RESERVED
CVE-2018-1943
	RESERVED
CVE-2018-1942
	RESERVED
CVE-2018-1941
	RESERVED
CVE-2018-1940
	RESERVED
CVE-2018-1939
	RESERVED
CVE-2018-1938
	RESERVED
CVE-2018-1937
	RESERVED
CVE-2018-1936
	RESERVED
CVE-2018-1935
	RESERVED
CVE-2018-1934
	RESERVED
CVE-2018-1933
	RESERVED
CVE-2018-1932
	RESERVED
CVE-2018-1931
	RESERVED
CVE-2018-1930
	RESERVED
CVE-2018-1929
	RESERVED
CVE-2018-1928
	RESERVED
CVE-2018-1927
	RESERVED
CVE-2018-1926
	RESERVED
CVE-2018-1925
	RESERVED
CVE-2018-1924
	RESERVED
CVE-2018-1923
	RESERVED
CVE-2018-1922
	RESERVED
CVE-2018-1921
	RESERVED
CVE-2018-1920
	RESERVED
CVE-2018-1919
	RESERVED
CVE-2018-1918
	RESERVED
CVE-2018-1917
	RESERVED
CVE-2018-1916
	RESERVED
CVE-2018-1915
	RESERVED
CVE-2018-1914
	RESERVED
CVE-2018-1913
	RESERVED
CVE-2018-1912
	RESERVED
CVE-2018-1911
	RESERVED
CVE-2018-1910
	RESERVED
CVE-2018-1909
	RESERVED
CVE-2018-1908
	RESERVED
CVE-2018-1907
	RESERVED
CVE-2018-1906
	RESERVED
CVE-2018-1905
	RESERVED
CVE-2018-1904
	RESERVED
CVE-2018-1903
	RESERVED
CVE-2018-1902
	RESERVED
CVE-2018-1901
	RESERVED
CVE-2018-1900
	RESERVED
CVE-2018-1899
	RESERVED
CVE-2018-1898
	RESERVED
CVE-2018-1897
	RESERVED
CVE-2018-1896
	RESERVED
CVE-2018-1895
	RESERVED
CVE-2018-1894
	RESERVED
CVE-2018-1893
	RESERVED
CVE-2018-1892
	RESERVED
CVE-2018-1891
	RESERVED
CVE-2018-1890
	RESERVED
CVE-2018-1889
	RESERVED
CVE-2018-1888
	RESERVED
CVE-2018-1887
	RESERVED
CVE-2018-1886
	RESERVED
CVE-2018-1885
	RESERVED
CVE-2018-1884
	RESERVED
CVE-2018-1883
	RESERVED
CVE-2018-1882
	RESERVED
CVE-2018-1881
	RESERVED
CVE-2018-1880
	RESERVED
CVE-2018-1879
	RESERVED
CVE-2018-1878
	RESERVED
CVE-2018-1877
	RESERVED
CVE-2018-1876
	RESERVED
CVE-2018-1875
	RESERVED
CVE-2018-1874
	RESERVED
CVE-2018-1873
	RESERVED
CVE-2018-1872
	RESERVED
CVE-2018-1871
	RESERVED
CVE-2018-1870
	RESERVED
CVE-2018-1869
	RESERVED
CVE-2018-1868
	RESERVED
CVE-2018-1867
	RESERVED
CVE-2018-1866
	RESERVED
CVE-2018-1865
	RESERVED
CVE-2018-1864
	RESERVED
CVE-2018-1863
	RESERVED
CVE-2018-1862
	RESERVED
CVE-2018-1861
	RESERVED
CVE-2018-1860
	RESERVED
CVE-2018-1859
	RESERVED
CVE-2018-1858
	RESERVED
CVE-2018-1857
	RESERVED
CVE-2018-1856
	RESERVED
CVE-2018-1855
	RESERVED
CVE-2018-1854
	RESERVED
CVE-2018-1853
	RESERVED
CVE-2018-1852
	RESERVED
CVE-2018-1851
	RESERVED
CVE-2018-1850
	RESERVED
CVE-2018-1849
	RESERVED
CVE-2018-1848
	RESERVED
CVE-2018-1847
	RESERVED
CVE-2018-1846
	RESERVED
CVE-2018-1845
	RESERVED
CVE-2018-1844
	RESERVED
CVE-2018-1843
	RESERVED
CVE-2018-1842
	RESERVED
CVE-2018-1841
	RESERVED
CVE-2018-1840
	RESERVED
CVE-2018-1839
	RESERVED
CVE-2018-1838
	RESERVED
CVE-2018-1837
	RESERVED
CVE-2018-1836
	RESERVED
CVE-2018-1835
	RESERVED
CVE-2018-1834
	RESERVED
CVE-2018-1833
	RESERVED
CVE-2018-1832
	RESERVED
CVE-2018-1831
	RESERVED
CVE-2018-1830
	RESERVED
CVE-2018-1829
	RESERVED
CVE-2018-1828
	RESERVED
CVE-2018-1827
	RESERVED
CVE-2018-1826
	RESERVED
CVE-2018-1825
	RESERVED
CVE-2018-1824
	RESERVED
CVE-2018-1823
	RESERVED
CVE-2018-1822
	RESERVED
CVE-2018-1821
	RESERVED
CVE-2018-1820
	RESERVED
CVE-2018-1819
	RESERVED
CVE-2018-1818
	RESERVED
CVE-2018-1817
	RESERVED
CVE-2018-1816
	RESERVED
CVE-2018-1815
	RESERVED
CVE-2018-1814
	RESERVED
CVE-2018-1813
	RESERVED
CVE-2018-1812
	RESERVED
CVE-2018-1811
	RESERVED
CVE-2018-1810
	RESERVED
CVE-2018-1809
	RESERVED
CVE-2018-1808
	RESERVED
CVE-2018-1807
	RESERVED
CVE-2018-1806
	RESERVED
CVE-2018-1805
	RESERVED
CVE-2018-1804
	RESERVED
CVE-2018-1803
	RESERVED
CVE-2018-1802
	RESERVED
CVE-2018-1801
	RESERVED
CVE-2018-1800
	RESERVED
CVE-2018-1799
	RESERVED
CVE-2018-1798
	RESERVED
CVE-2018-1797
	RESERVED
CVE-2018-1796
	RESERVED
CVE-2018-1795
	RESERVED
CVE-2018-1794
	RESERVED
CVE-2018-1793
	RESERVED
CVE-2018-1792
	RESERVED
CVE-2018-1791
	RESERVED
CVE-2018-1790
	RESERVED
CVE-2018-1789
	RESERVED
CVE-2018-1788
	RESERVED
CVE-2018-1787
	RESERVED
CVE-2018-1786
	RESERVED
CVE-2018-1785
	RESERVED
CVE-2018-1784
	RESERVED
CVE-2018-1783
	RESERVED
CVE-2018-1782
	RESERVED
CVE-2018-1781
	RESERVED
CVE-2018-1780
	RESERVED
CVE-2018-1779
	RESERVED
CVE-2018-1778
	RESERVED
CVE-2018-1777
	RESERVED
CVE-2018-1776
	RESERVED
CVE-2018-1775
	RESERVED
CVE-2018-1774
	RESERVED
CVE-2018-1773
	RESERVED
CVE-2018-1772
	RESERVED
CVE-2018-1771
	RESERVED
CVE-2018-1770
	RESERVED
CVE-2018-1769
	RESERVED
CVE-2018-1768
	RESERVED
CVE-2018-1767
	RESERVED
CVE-2018-1766
	RESERVED
CVE-2018-1765
	RESERVED
CVE-2018-1764
	RESERVED
CVE-2018-1763
	RESERVED
CVE-2018-1762
	RESERVED
CVE-2018-1761
	RESERVED
CVE-2018-1760
	RESERVED
CVE-2018-1759
	RESERVED
CVE-2018-1758
	RESERVED
CVE-2018-1757
	RESERVED
CVE-2018-1756
	RESERVED
CVE-2018-1755
	RESERVED
CVE-2018-1754
	RESERVED
CVE-2018-1753
	RESERVED
CVE-2018-1752
	RESERVED
CVE-2018-1751
	RESERVED
CVE-2018-1750
	RESERVED
CVE-2018-1749
	RESERVED
CVE-2018-1748
	RESERVED
CVE-2018-1747
	RESERVED
CVE-2018-1746
	RESERVED
CVE-2018-1745
	RESERVED
CVE-2018-1744
	RESERVED
CVE-2018-1743
	RESERVED
CVE-2018-1742
	RESERVED
CVE-2018-1741
	RESERVED
CVE-2018-1740
	RESERVED
CVE-2018-1739
	RESERVED
CVE-2018-1738
	RESERVED
CVE-2018-1737
	RESERVED
CVE-2018-1736
	RESERVED
CVE-2018-1735
	RESERVED
CVE-2018-1734
	RESERVED
CVE-2018-1733
	RESERVED
CVE-2018-1732
	RESERVED
CVE-2018-1731
	RESERVED
CVE-2018-1730
	RESERVED
CVE-2018-1729
	RESERVED
CVE-2018-1728
	RESERVED
CVE-2018-1727
	RESERVED
CVE-2018-1726
	RESERVED
CVE-2018-1725
	RESERVED
CVE-2018-1724
	RESERVED
CVE-2018-1723
	RESERVED
CVE-2018-1722
	RESERVED
CVE-2018-1721
	RESERVED
CVE-2018-1720
	RESERVED
CVE-2018-1719
	RESERVED
CVE-2018-1718
	RESERVED
CVE-2018-1717
	RESERVED
CVE-2018-1716
	RESERVED
CVE-2018-1715
	RESERVED
CVE-2018-1714
	RESERVED
CVE-2018-1713
	RESERVED
CVE-2018-1712
	RESERVED
CVE-2018-1711
	RESERVED
CVE-2018-1710
	RESERVED
CVE-2018-1709
	RESERVED
CVE-2018-1708
	RESERVED
CVE-2018-1707
	RESERVED
CVE-2018-1706
	RESERVED
CVE-2018-1705
	RESERVED
CVE-2018-1704
	RESERVED
CVE-2018-1703
	RESERVED
CVE-2018-1702
	RESERVED
CVE-2018-1701
	RESERVED
CVE-2018-1700
	RESERVED
CVE-2018-1699
	RESERVED
CVE-2018-1698
	RESERVED
CVE-2018-1697
	RESERVED
CVE-2018-1696
	RESERVED
CVE-2018-1695
	RESERVED
CVE-2018-1694
	RESERVED
CVE-2018-1693
	RESERVED
CVE-2018-1692
	RESERVED
CVE-2018-1691
	RESERVED
CVE-2018-1690
	RESERVED
CVE-2018-1689
	RESERVED
CVE-2018-1688
	RESERVED
CVE-2018-1687
	RESERVED
CVE-2018-1686
	RESERVED
CVE-2018-1685
	RESERVED
CVE-2018-1684
	RESERVED
CVE-2018-1683
	RESERVED
CVE-2018-1682
	RESERVED
CVE-2018-1681
	RESERVED
CVE-2018-1680
	RESERVED
CVE-2018-1679
	RESERVED
CVE-2018-1678
	RESERVED
CVE-2018-1677
	RESERVED
CVE-2018-1676
	RESERVED
CVE-2018-1675
	RESERVED
CVE-2018-1674
	RESERVED
CVE-2018-1673
	RESERVED
CVE-2018-1672
	RESERVED
CVE-2018-1671
	RESERVED
CVE-2018-1670
	RESERVED
CVE-2018-1669
	RESERVED
CVE-2018-1668
	RESERVED
CVE-2018-1667
	RESERVED
CVE-2018-1666
	RESERVED
CVE-2018-1665
	RESERVED
CVE-2018-1664
	RESERVED
CVE-2018-1663
	RESERVED
CVE-2018-1662
	RESERVED
CVE-2018-1661
	RESERVED
CVE-2018-1660
	RESERVED
CVE-2018-1659
	RESERVED
CVE-2018-1658
	RESERVED
CVE-2018-1657
	RESERVED
CVE-2018-1656
	RESERVED
CVE-2018-1655
	RESERVED
CVE-2018-1654
	RESERVED
CVE-2018-1653
	RESERVED
CVE-2018-1652
	RESERVED
CVE-2018-1651
	RESERVED
CVE-2018-1650
	RESERVED
CVE-2018-1649
	RESERVED
CVE-2018-1648
	RESERVED
CVE-2018-1647
	RESERVED
CVE-2018-1646
	RESERVED
CVE-2018-1645
	RESERVED
CVE-2018-1644
	RESERVED
CVE-2018-1643
	RESERVED
CVE-2018-1642
	RESERVED
CVE-2018-1641
	RESERVED
CVE-2018-1640
	RESERVED
CVE-2018-1639
	RESERVED
CVE-2018-1638
	RESERVED
CVE-2018-1637
	RESERVED
CVE-2018-1636
	RESERVED
CVE-2018-1635
	RESERVED
CVE-2018-1634
	RESERVED
CVE-2018-1633
	RESERVED
CVE-2018-1632
	RESERVED
CVE-2018-1631
	RESERVED
CVE-2018-1630
	RESERVED
CVE-2018-1629
	RESERVED
CVE-2018-1628
	RESERVED
CVE-2018-1627
	RESERVED
CVE-2018-1626
	RESERVED
CVE-2018-1625
	RESERVED
CVE-2018-1624
	RESERVED
CVE-2018-1623
	RESERVED
CVE-2018-1622
	RESERVED
CVE-2018-1621
	RESERVED
CVE-2018-1620
	RESERVED
CVE-2018-1619
	RESERVED
CVE-2018-1618
	RESERVED
CVE-2018-1617
	RESERVED
CVE-2018-1616
	RESERVED
CVE-2018-1615
	RESERVED
CVE-2018-1614
	RESERVED
CVE-2018-1613
	RESERVED
CVE-2018-1612
	RESERVED
CVE-2018-1611
	RESERVED
CVE-2018-1610
	RESERVED
CVE-2018-1609
	RESERVED
CVE-2018-1608
	RESERVED
CVE-2018-1607
	RESERVED
CVE-2018-1606
	RESERVED
CVE-2018-1605
	RESERVED
CVE-2018-1604
	RESERVED
CVE-2018-1603
	RESERVED
CVE-2018-1602
	RESERVED
CVE-2018-1601
	RESERVED
CVE-2018-1600
	RESERVED
CVE-2018-1599
	RESERVED
CVE-2018-1598
	RESERVED
CVE-2018-1597
	RESERVED
CVE-2018-1596
	RESERVED
CVE-2018-1595
	RESERVED
CVE-2018-1594
	RESERVED
CVE-2018-1593
	RESERVED
CVE-2018-1592
	RESERVED
CVE-2018-1591
	RESERVED
CVE-2018-1590
	RESERVED
CVE-2018-1589
	RESERVED
CVE-2018-1588
	RESERVED
CVE-2018-1587
	RESERVED
CVE-2018-1586
	RESERVED
CVE-2018-1585
	RESERVED
CVE-2018-1584
	RESERVED
CVE-2018-1583
	RESERVED
CVE-2018-1582
	RESERVED
CVE-2018-1581
	RESERVED
CVE-2018-1580
	RESERVED
CVE-2018-1579
	RESERVED
CVE-2018-1578
	RESERVED
CVE-2018-1577
	RESERVED
CVE-2018-1576
	RESERVED
CVE-2018-1575
	RESERVED
CVE-2018-1574
	RESERVED
CVE-2018-1573
	RESERVED
CVE-2018-1572
	RESERVED
CVE-2018-1571
	RESERVED
CVE-2018-1570
	RESERVED
CVE-2018-1569
	RESERVED
CVE-2018-1568
	RESERVED
CVE-2018-1567
	RESERVED
CVE-2018-1566
	RESERVED
CVE-2018-1565
	RESERVED
CVE-2018-1564
	RESERVED
CVE-2018-1563
	RESERVED
CVE-2018-1562
	RESERVED
CVE-2018-1561
	RESERVED
CVE-2018-1560
	RESERVED
CVE-2018-1559
	RESERVED
CVE-2018-1558
	RESERVED
CVE-2018-1557
	RESERVED
CVE-2018-1556
	RESERVED
CVE-2018-1555
	RESERVED
CVE-2018-1554
	RESERVED
CVE-2018-1553
	RESERVED
CVE-2018-1552
	RESERVED
CVE-2018-1551
	RESERVED
CVE-2018-1550
	RESERVED
CVE-2018-1549
	RESERVED
CVE-2018-1548
	RESERVED
CVE-2018-1547
	RESERVED
CVE-2018-1546
	RESERVED
CVE-2018-1545
	RESERVED
CVE-2018-1544
	RESERVED
CVE-2018-1543
	RESERVED
CVE-2018-1542
	RESERVED
CVE-2018-1541
	RESERVED
CVE-2018-1540
	RESERVED
CVE-2018-1539
	RESERVED
CVE-2018-1538
	RESERVED
CVE-2018-1537
	RESERVED
CVE-2018-1536
	RESERVED
CVE-2018-1535
	RESERVED
CVE-2018-1534
	RESERVED
CVE-2018-1533
	RESERVED
CVE-2018-1532
	RESERVED
CVE-2018-1531
	RESERVED
CVE-2018-1530
	RESERVED
CVE-2018-1529
	RESERVED
CVE-2018-1528
	RESERVED
CVE-2018-1527
	RESERVED
CVE-2018-1526
	RESERVED
CVE-2018-1525
	RESERVED
CVE-2018-1524
	RESERVED
CVE-2018-1523
	RESERVED
CVE-2018-1522
	RESERVED
CVE-2018-1521
	RESERVED
CVE-2018-1520
	RESERVED
CVE-2018-1519
	RESERVED
CVE-2018-1518
	RESERVED
CVE-2018-1517
	RESERVED
CVE-2018-1516
	RESERVED
CVE-2018-1515
	RESERVED
CVE-2018-1514
	RESERVED
CVE-2018-1513
	RESERVED
CVE-2018-1512
	RESERVED
CVE-2018-1511
	RESERVED
CVE-2018-1510
	RESERVED
CVE-2018-1509
	RESERVED
CVE-2018-1508
	RESERVED
CVE-2018-1507
	RESERVED
CVE-2018-1506
	RESERVED
CVE-2018-1505
	RESERVED
CVE-2018-1504
	RESERVED
CVE-2018-1503
	RESERVED
CVE-2018-1502 (IBM Content Manager Enterprise Edition Resource Manager 8.4.3 and 9.5 ...)
	NOT-FOR-US: IBM
CVE-2018-1501
	RESERVED
CVE-2018-1500
	RESERVED
CVE-2018-1499
	RESERVED
CVE-2018-1498
	RESERVED
CVE-2018-1497
	RESERVED
CVE-2018-1496
	RESERVED
CVE-2018-1495
	RESERVED
CVE-2018-1494
	RESERVED
CVE-2018-1493
	RESERVED
CVE-2018-1492
	RESERVED
CVE-2018-1491
	RESERVED
CVE-2018-1490
	RESERVED
CVE-2018-1489
	RESERVED
CVE-2018-1488
	RESERVED
CVE-2018-1487
	RESERVED
CVE-2018-1486
	RESERVED
CVE-2018-1485
	RESERVED
CVE-2018-1484
	RESERVED
CVE-2018-1483 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1482
	RESERVED
CVE-2018-1481
	RESERVED
CVE-2018-1480
	RESERVED
CVE-2018-1479 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site request ...)
	NOT-FOR-US: IBM
CVE-2018-1478
	RESERVED
CVE-2018-1477
	RESERVED
CVE-2018-1476
	RESERVED
CVE-2018-1475 (IBM BigFix Platform 9.2 and 9.5 uses an inadequate account lockout ...)
	NOT-FOR-US: IBM
CVE-2018-1474
	RESERVED
CVE-2018-1473 (IBM BigFix Platform 9.2 and 9.5 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2018-1472
	RESERVED
CVE-2018-1471
	REJECTED
CVE-2018-1470
	RESERVED
CVE-2018-1469 (IBM API Connect Developer Portal 5.0.0.0 through 5.0.8.2 could allow ...)
	NOT-FOR-US: IBM API Connect Developer Portal
CVE-2018-1468 (IBM API Connect 5.0.8.1 and 5.0.8.2 could allow a user to get access ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1467
	RESERVED
CVE-2018-1466 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1465 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1464 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1463 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1462 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1461 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1460
	RESERVED
CVE-2018-1459
	RESERVED
CVE-2018-1458
	RESERVED
CVE-2018-1457
	RESERVED
CVE-2018-1456
	RESERVED
CVE-2018-1455
	RESERVED
CVE-2018-1454
	RESERVED
CVE-2018-1453
	RESERVED
CVE-2018-1452
	RESERVED
CVE-2018-1451
	RESERVED
CVE-2018-1450
	RESERVED
CVE-2018-1449
	RESERVED
CVE-2018-1448 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2018-1447 (The GSKit (IBM Spectrum Protect 7.1 and 7.2) and (IBM Spectrum Protect ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2018-1446
	RESERVED
CVE-2018-1445 (IBM WebSphere Portal 8.0.0 through 8.0.0.1, 8.5, and 9.0 is vulnerable ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1444 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2018-1443 (An XML parsing vulnerability affects IBM SAML-based single sign-on ...)
	NOT-FOR-US: IBM
CVE-2018-1442 (IBM Application Performance Management - Response Time Monitoring ...)
	NOT-FOR-US: IBM
CVE-2018-1441 (IBM Application Performance Management - Response Time Monitoring ...)
	NOT-FOR-US: IBM
CVE-2018-1440
	RESERVED
CVE-2018-1439
	RESERVED
CVE-2018-1438 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1437 (IBM Notes 8.5 and 9.0 could allow an attacker to execute arbitrary ...)
	NOT-FOR-US: IBM
CVE-2018-1436
	RESERVED
CVE-2018-1435 (IBM Notes 8.5 and 9.0 is vulnerable to a DLL hijacking attack. A ...)
	NOT-FOR-US: IBM
CVE-2018-1434 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1433 (IBM SAN Volume Controller, IBM Storwize, IBM Spectrum Virtualize and ...)
	NOT-FOR-US: IBM
CVE-2018-1432
	RESERVED
CVE-2018-1431
	RESERVED
CVE-2018-1430 (IBM API Connect 5.0.0.0 through 5.0.8.2 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1429 (IBM MQ Appliance 9.0.1, 9.0.2, 9.0.3, amd 9.0.4 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2018-1428 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
	NOT-FOR-US: IBM
CVE-2018-1427 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
	NOT-FOR-US: IBM
CVE-2018-1426 (IBM GSKit (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and ...)
	NOT-FOR-US: IBM
CVE-2018-1425 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses weaker ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1424
	RESERVED
CVE-2018-1423
	RESERVED
CVE-2018-1422
	RESERVED
CVE-2018-1421 (IBM WebSphere DataPower Appliances 7.1, 7.2, 7.5, 7.5.1, 7.5.2, and ...)
	NOT-FOR-US: IBM WebSphere DataPower Appliances
CVE-2018-1420
	RESERVED
CVE-2018-1419
	RESERVED
CVE-2018-1418 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a user to bypass ...)
	NOT-FOR-US: IBM
CVE-2018-1417 (Under certain circumstances, a flaw in the J9 JVM (IBM SDK, Java ...)
	NOT-FOR-US: IBM Runtimes for Java Technology
CVE-2018-1416 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1415 (IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1414 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to SQL ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2018-1413 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2018-1412
	RESERVED
CVE-2018-1411 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1410 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1409 (IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) ...)
	NOT-FOR-US: IBM Notes Diagnostics
CVE-2018-1408
	RESERVED
CVE-2018-1407
	RESERVED
CVE-2018-1406
	RESERVED
CVE-2018-1405
	RESERVED
CVE-2018-1404
	RESERVED
CVE-2018-1403
	RESERVED
CVE-2018-1402
	RESERVED
CVE-2018-1401 (IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2018-1400
	RESERVED
CVE-2018-1399 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5 and 5.0 is ...)
	NOT-FOR-US: IBM Daeja ViewONE Professional
CVE-2018-1398
	RESERVED
CVE-2018-1397
	RESERVED
CVE-2018-1396
	RESERVED
CVE-2018-1395
	RESERVED
CVE-2018-1394
	RESERVED
CVE-2018-1393
	RESERVED
CVE-2018-1392 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1391 (IBM Financial Transaction Manager 3.0.4 and 3.1.0 for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2018-1390 (IBM Financial Transaction Manager for Check Services for ...)
	NOT-FOR-US: IBM
CVE-2018-1389 (IBM API Connect 5.0.0.0 through 5.0.8.2 is impacted by generated ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1388 (GSKit V7 may disclose side channel information via discrepancies ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1387 (IBM Application Performance Management for Monitoring &amp; Diagnostics ...)
	NOT-FOR-US: IBM
CVE-2018-1386 (IBM Tivoli Workload Automation for AIX (IBM Workload Scheduler 8.6, ...)
	NOT-FOR-US: IBM
CVE-2018-1385
	RESERVED
CVE-2018-1384 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2018-1383 (A software logic bug creates a vulnerability in an AIX 6.1, 7.1, and ...)
	NOT-FOR-US: AIX
CVE-2018-1382 (IBM API Connect 5.0.0.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM API Connect
CVE-2018-1381
	RESERVED
CVE-2018-1380
	RESERVED
CVE-2018-1379
	RESERVED
CVE-2018-1378
	RESERVED
CVE-2018-1377 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 stores user ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1376
	RESERVED
CVE-2018-1375
	RESERVED
CVE-2018-1374
	RESERVED
CVE-2018-1373 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 uses an ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1372 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2018-1371 (An IBM WebSphere MQ 8.0.0.8, 9.0.0.2, and 9.0.4 Client connecting to a ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2018-1370
	RESERVED
CVE-2018-1369
	RESERVED
CVE-2018-1368 (IBM Security Guardium Database Activity Monitor 9.0, 9.1, and 9.5 ...)
	NOT-FOR-US: IBM Security Guardium Database Activity Monitor
CVE-2018-1367
	RESERVED
CVE-2018-1366 (IBM Content Navigator 2.0 and 3.0 is vulnerable to Comma Separated ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1365
	RESERVED
CVE-2018-1364 (IBM Content Navigator 2.0 and 3.0 is vulnerable to a XML External ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2018-1363 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Jazz Reporting Service
CVE-2018-1362 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2018-1361 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-17684 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c04 ...)
	NOT-FOR-US: Panda Global Protection
CVE-2017-17683 (Panda Global Protection 17.0.1 allows a system crash via a 0xb3702c44 ...)
	NOT-FOR-US: Panda Global Protection
CVE-2017-17682 (In ImageMagick 7.0.7-12 Q16, a large loop vulnerability was found in ...)
	{DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885942)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/870
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/da649f031e36753c69268c5c027e695b8ae45e9a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/06c8dd4de59e48d282d4f224faa64ab9012a711a
CVE-2017-17681 (In ImageMagick 7.0.7-12 Q16, an infinite loop vulnerability was found ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #885941)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present, unreproducible)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/869
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f6ca1441a5260165dabc627d26f60c32af1d5678
	NOTE: different fix: https://github.com/ImageMagick/ImageMagick/commit/73d59a74e0b0a864c1a9581b8a4bdbee427125e2
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/edf1b9408492b97cd08111a0a9cb123f6391dc5b
	NOTE: different fix for IM-6: https://github.com/ImageMagick/ImageMagick/commit/cae42160e5ab6de4b2a9433267e143ce295ae957
	NOTE: The fix involves all done changes on the relevant part of coders/psd.c between
	NOTE: (and including) edf1b9408492b97cd08111a0a9cb123f6391dc5b and cae42160e5ab6de4b2a9433267e143ce295ae957 .
CVE-2017-17680 (In ImageMagick 7.0.7-12 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/873
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/69601843684dd038a8397e1a12dd15777d2513bf
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b97357e7f8d6ae848a4c699fe17db6fcf4bd7a9
CVE-2017-17679
	RESERVED
CVE-2017-17678
	RESERVED
CVE-2017-17677
	RESERVED
CVE-2017-17676
	RESERVED
CVE-2017-17675
	RESERVED
CVE-2017-17674
	RESERVED
CVE-2017-17673
	RESERVED
CVE-2017-17672 (In vBulletin through 5.3.x, there is an unauthenticated deserialization ...)
	NOT-FOR-US: vBulletin
CVE-2017-17671 (vBulletin through 5.3.x on Windows allows remote PHP code execution ...)
	NOT-FOR-US: vBulletin
CVE-2017-17670 (In VideoLAN VLC media player through 2.2.8, there is a type conversion ...)
	{DSA-4203-1}
	- vlc 3.0.0~rc2-1
	[jessie] - vlc <end-of-life> (See DSA-4203-1)
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/15/1
	NOTE: POC: https://gist.github.com/dyntopia/194d912287656f66dd502158b0cd2e68
CVE-2017-17669 (There is a heap-based buffer over-read in the ...)
	- exiv2 <unfixed> (bug #886006)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/187
CVE-2017-17668 (Memory write mechanism in NCR S1 Dispenser controller before firmware ...)
	NOT-FOR-US: NCR S1 Dispenser controller
CVE-2017-17667
	RESERVED
CVE-2017-17666
	RESERVED
CVE-2017-17665 (In Octopus Deploy before 4.1.3, the machine update process doesn't ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-17664 (A Remote Crash issue was discovered in Asterisk Open Source 13.x before ...)
	- asterisk 1:13.18.5~dfsg-1 (bug #884345)
	[stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
	[jessie] - asterisk <not-affected> (Vulnerable code introduced later)
	[wheezy] - asterisk <not-affected> (Vulnerable code introduced later)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-012.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27382
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27429
CVE-2017-17663 (The htpasswd implementation of mini_httpd before v1.28 and of thttpd ...)
	- mini-httpd <unfixed> (unimportant)
	- thttpd <removed> (unimportant)
	NOTE: http://acme.com/updates/archive/199.html
CVE-2017-17662 (Directory traversal in the HTTP server on Yawcam 0.2.6 through 0.6.0 ...)
	NOT-FOR-US: Yawcam
CVE-2017-17661
	RESERVED
CVE-2017-17660
	RESERVED
CVE-2017-17659 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17658 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17657 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17656 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17655 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17654 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17653 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17652 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17651 (Paid To Read Script 2.0.5 has SQL Injection via the admin/userview.php ...)
	NOT-FOR-US: Paid To Read Script
CVE-2017-17650
	RESERVED
CVE-2017-17649 (Readymade Video Sharing Script 3.2 has HTML Injection via the ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17648 (Entrepreneur Dating Script 2.0.1 has SQL Injection via the ...)
	NOT-FOR-US: Entrepreneur Dating Script
CVE-2017-17647
	RESERVED
CVE-2017-17646
	RESERVED
CVE-2017-17645 (Bus Booking Script 1.0 has SQL Injection via the txtname parameter to ...)
	NOT-FOR-US: Bus Booking Script
CVE-2017-17644
	RESERVED
CVE-2017-17643 (FS Lynda Clone 1.0 has SQL Injection via the keywords parameter to ...)
	NOT-FOR-US: FS Lynda Clone
CVE-2017-17642 (Basic Job Site Script 2.0.5 has SQL Injection via the keyword parameter ...)
	NOT-FOR-US: Basic Job Site Script
CVE-2017-17641 (Resume Clone Script 2.0.5 has SQL Injection via the preview.php id ...)
	NOT-FOR-US: Resume Clone Script
CVE-2017-17640 (Advanced World Database 2.0.5 has SQL Injection via the city.php ...)
	NOT-FOR-US: Advanced World Database
CVE-2017-17639 (Muslim Matrimonial Script 3.02 has SQL Injection via the ...)
	NOT-FOR-US: Muslim Matrimonial Script
CVE-2017-17638 (Groupon Clone Script 3.01 has SQL Injection via the city_ajax.php ...)
	NOT-FOR-US: Groupon Clone Script
CVE-2017-17637 (Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val ...)
	NOT-FOR-US: Car Rental Script
CVE-2017-17636 (MLM Forced Matrix 2.0.9 has SQL Injection via the news-detail.php newid ...)
	NOT-FOR-US: MLM Forced Matrix
CVE-2017-17635 (MLM Forex Market Plan Script 2.0.4 has SQL Injection via the ...)
	NOT-FOR-US: MLM Forex Market Plan Script
CVE-2017-17634 (Single Theater Booking Script 3.2.1 has SQL Injection via the ...)
	NOT-FOR-US: Single Theater Booking Script
CVE-2017-17633 (Multiplex Movie Theater Booking Script 3.1.5 has SQL Injection via the ...)
	NOT-FOR-US: Multiplex Movie Theater Booking Script
CVE-2017-17632 (Responsive Events And Movie Ticket Booking Script 3.2.1 has SQL ...)
	NOT-FOR-US: Responsive Events And Movie Ticket Booking Script
CVE-2017-17631 (Multireligion Responsive Matrimonial 4.7.2 has SQL Injection via the ...)
	NOT-FOR-US: Multireligion Responsive Matrimonial
CVE-2017-17630 (Yoga Class Script 1.0 has SQL Injection via the /list city parameter. ...)
	NOT-FOR-US: Yoga Class Script
CVE-2017-17629 (Secure E-commerce Script 2.0.1 has SQL Injection via the category.php ...)
	NOT-FOR-US: Secure E-commerce Script
CVE-2017-17628 (Responsive Realestate Script 3.2 has SQL Injection via the ...)
	NOT-FOR-US: Responsive Realestate Script
CVE-2017-17627 (Readymade Video Sharing Script 3.2 has SQL Injection via the ...)
	NOT-FOR-US: Readymade Video Sharing Script
CVE-2017-17626 (Readymade PHP Classified Script 3.3 has SQL Injection via the ...)
	NOT-FOR-US: Readymade PHP Classified Script
CVE-2017-17625 (Professional Service Script 1.0 has SQL Injection via the service-list ...)
	NOT-FOR-US: Professional Service Script
CVE-2017-17624 (PHP Multivendor Ecommerce 1.0 has SQL Injection via the ...)
	NOT-FOR-US: PHP Multivendor Ecommerce
CVE-2017-17623 (Opensource Classified Ads Script 3.2 has SQL Injection via the ...)
	NOT-FOR-US: Opensource Classified Ads Script
CVE-2017-17622 (Online Exam Test Application Script 1.6 has SQL Injection via the ...)
	NOT-FOR-US: Online Exam Test Application Script
CVE-2017-17621 (Multivendor Penny Auction Clone Script 1.0 has SQL Injection via the ...)
	NOT-FOR-US: Multivendor Penny Auction Clone Script
CVE-2017-17620 (Lawyer Search Script 1.1 has SQL Injection via the /lawyer-list city ...)
	NOT-FOR-US: Lawyer Search Script
CVE-2017-17619 (Laundry Booking Script 1.0 has SQL Injection via the /list city ...)
	NOT-FOR-US: Laundry Booking Script
CVE-2017-17618 (Kickstarter Clone Script 2.0 has SQL Injection via the investcalc.php ...)
	NOT-FOR-US: Kickstarter Clone Script
CVE-2017-17617 (Foodspotting Clone Script 1.0 has SQL Injection via the quicksearch.php ...)
	NOT-FOR-US: Foodspotting Clone Script
CVE-2017-17616 (Event Search Script 1.0 has SQL Injection via the /event-list city ...)
	NOT-FOR-US: Event Search Script
CVE-2017-17615 (Facebook Clone Script 1.0 has SQL Injection via the friend-profile.php ...)
	NOT-FOR-US: Facebook Clone Script
CVE-2017-17614 (Food Order Script 1.0 has SQL Injection via the /list city parameter. ...)
	NOT-FOR-US: Food Order Script
CVE-2017-17613 (Freelance Website Script 2.0.6 has SQL Injection via the jobdetails.php ...)
	NOT-FOR-US: Freelance Website Script
CVE-2017-17612 (Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or ...)
	NOT-FOR-US: Hot Scripts Clone
CVE-2017-17611 (Doctor Search Script 1.0 has SQL Injection via the /list city ...)
	NOT-FOR-US: Doctor Search Script
CVE-2017-17610 (E-commerce MLM Software 1.0 has SQL Injection via the ...)
	NOT-FOR-US: E-commerce MLM Software
CVE-2017-17609 (Chartered Accountant Booking Script 1.0 has SQL Injection via the ...)
	NOT-FOR-US: Chartered Accountant Booking Script
CVE-2017-17608 (Child Care Script 1.0 has SQL Injection via the /list city parameter. ...)
	NOT-FOR-US: Child Care Script
CVE-2017-17607 (CMS Auditor Website 1.0 has SQL Injection via the PATH_INFO to ...)
	NOT-FOR-US: CMS Auditor Website
CVE-2017-17606 (Co-work Space Search Script 1.0 has SQL Injection via the /list city ...)
	NOT-FOR-US: Co-work Space Search Script
CVE-2017-17605 (Consumer Complaints Clone Script 1.0 has SQL Injection via the ...)
	NOT-FOR-US: Consumer Complaints Clone Script
CVE-2017-17604 (Entrepreneur Bus Booking Script 3.0.4 has SQL Injection via the ...)
	NOT-FOR-US: Entrepreneur Bus Booking Script
CVE-2017-17603 (Advanced Real Estate Script 4.0.7 has SQL Injection via the ...)
	NOT-FOR-US: Advanced Real Estate Script
CVE-2017-17602 (Advance B2B Script 2.1.3 has SQL Injection via the ...)
	NOT-FOR-US: Advance B2B Script
CVE-2017-17601 (Cab Booking Script 1.0 has SQL Injection via the /service-list city ...)
	NOT-FOR-US: Cab Booking Script
CVE-2017-17600 (Basic B2B Script 2.0.8 has SQL Injection via the product_details.php id ...)
	NOT-FOR-US: Basic B2B Script
CVE-2017-17599 (Advance Online Learning Management Script 3.1 has SQL Injection via the ...)
	NOT-FOR-US: Advance Online Learning Management Script
CVE-2017-17598 (Affiliate MLM Script 1.0 has SQL Injection via the product-category.php ...)
	NOT-FOR-US: Affiliate MLM Script
CVE-2017-17597 (Nearbuy Clone Script 3.2 has SQL Injection via the category_list.php ...)
	NOT-FOR-US: Nearbuy Clone Script
CVE-2017-17596 (Entrepreneur Job Portal Script 2.0.6 has SQL Injection via the ...)
	NOT-FOR-US: Entrepreneur Job Portal Script
CVE-2017-17595 (Beauty Parlour Booking Script 1.0 has SQL Injection via the /list ...)
	NOT-FOR-US: Beauty Parlour Booking Script
CVE-2017-17594 (DomainSale PHP Script 1.0 has SQL Injection via the domain.php id ...)
	NOT-FOR-US: DomainSale PHP Script
CVE-2017-17593 (Simple Chatting System 1.0 allows Arbitrary File Upload via ...)
	NOT-FOR-US: Simple Chatting System
CVE-2017-17592 (Website Auction Marketplace 2.0.5 has SQL Injection via the search.php ...)
	NOT-FOR-US: Website Auction Marketplace
CVE-2017-17591 (Realestate Crowdfunding Script 2.7.2 has SQL Injection via the ...)
	NOT-FOR-US: Realestate Crowdfunding Script
CVE-2017-17590 (FS Stackoverflow Clone 1.0 has SQL Injection via the /question keywords ...)
	NOT-FOR-US: FS Stackoverflow Clone
CVE-2017-17589 (FS Thumbtack Clone 1.0 has SQL Injection via the browse-category.php ...)
	NOT-FOR-US: FS Thumbtack Clone
CVE-2017-17588 (FS IMDB Clone 1.0 has SQL Injection via the movie.php f parameter, ...)
	NOT-FOR-US: FS IMDB Clone
CVE-2017-17587 (FS Indiamart Clone 1.0 has SQL Injection via the catcompany.php token ...)
	NOT-FOR-US: FS Indiamart Clone
CVE-2017-17586 (FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter ...)
	NOT-FOR-US: FS Olx Clone
CVE-2017-17585 (FS Monster Clone 1.0 has SQL Injection via the Employer_Details.php id ...)
	NOT-FOR-US: FS Monster Clone
CVE-2017-17584 (FS Makemytrip Clone 1.0 has SQL Injection via the ...)
	NOT-FOR-US: FS Makemytrip Clone
CVE-2017-17583 (FS Shutterstock Clone 1.0 has SQL Injection via the /Category keywords ...)
	NOT-FOR-US: FS Shutterstock Clone
CVE-2017-17582 (FS Grubhub Clone 1.0 has SQL Injection via the /food keywords ...)
	NOT-FOR-US: FS Grubhub Clone
CVE-2017-17581 (FS Quibids Clone 1.0 has SQL Injection via the itechd.php productid ...)
	NOT-FOR-US: FS Quibids Clone
CVE-2017-17580 (FS Linkedin Clone 1.0 has SQL Injection via the group.php grid ...)
	NOT-FOR-US: FS Linkedin Clone
CVE-2017-17579 (FS Freelancer Clone 1.0 has SQL Injection via the profile.php u ...)
	NOT-FOR-US: FS Freelancer Clone
CVE-2017-17578 (FS Crowdfunding Script 1.0 has SQL Injection via the ...)
	NOT-FOR-US: FS Crowdfunding Script
CVE-2017-17577 (FS Trademe Clone 1.0 has SQL Injection via the search_item.php search ...)
	NOT-FOR-US: FS Trademe Clone
CVE-2017-17576 (FS Gigs Script 1.0 has SQL Injection via the browse-category.php cat ...)
	NOT-FOR-US: FS Gigs Script
CVE-2017-17575 (FS Groupon Clone 1.0 has SQL Injection via the item_details.php id ...)
	NOT-FOR-US: FS Groupon Clone
CVE-2017-17574 (FS Care Clone 1.0 has SQL Injection via the searchJob.php jobType or ...)
	NOT-FOR-US: FS Care Clone
CVE-2017-17573 (FS Ebay Clone 1.0 has SQL Injection via the product.php id parameter, ...)
	NOT-FOR-US: FS Ebay Clone
CVE-2017-17572 (FS Amazon Clone 1.0 has SQL Injection via the PATH_INFO to /VerAyari. ...)
	NOT-FOR-US: FS Amazon Clone
CVE-2017-17571 (FS Foodpanda Clone 1.0 has SQL Injection via the /food keywords ...)
	NOT-FOR-US: FS Foodpanda Clone
CVE-2017-17570 (FS Expedia Clone 1.0 has SQL Injection via the pages.php or content.php ...)
	NOT-FOR-US: FS Expedia Clone
CVE-2017-17569 (Scubez Posty Readymade Classifieds has XSS via the ...)
	NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17568 (Scubez Posty Readymade Classifieds has Incorrect Access Control for ...)
	NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17567 (Scubez Posty Readymade Classifieds has SQL Injection via the ...)
	NOT-FOR-US: Scubez Posty Readymade Classifieds
CVE-2017-17562 (Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is ...)
	NOT-FOR-US: Embedthis GoAhead
CVE-2017-17561 (SeaCMS 6.56 allows remote authenticated administrators to execute ...)
	NOT-FOR-US: SeaCMS
CVE-2017-17560 (An issue was discovered on Western Digital MyCloud PR4100 2.30.172 ...)
	NOT-FOR-US: Western Digital MyCloud
CVE-2017-17559
	RESERVED
CVE-2017-17565 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
	{DSA-4112-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-251.html
CVE-2017-17564 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
	{DSA-4112-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-250.html
CVE-2017-17563 (An issue was discovered in Xen through 4.9.x allowing guest OS users to ...)
	{DSA-4112-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-249.html
CVE-2017-17566 (An issue was discovered in Xen through 4.9.x allowing PV guest OS users ...)
	{DSA-4112-1 DLA-1230-1}
	- xen 4.8.3+comet2+shim4.10.0+comet3-1+deb9u5
	NOTE: https://xenbits.xen.org/xsa/advisory-248.html
CVE-2017-17558 (The usb_destroy_configuration function in drivers/usb/core/config.c in ...)
	{DSA-4082-1 DSA-4073-1 DLA-1232-1}
	- linux 4.14.7-1
	NOTE: https://www.spinics.net/lists/linux-usb/msg163644.html
	NOTE: Fixed by: https://git.kernel.org/linus/48a4ff1c7bb5a32d2e396b03132d20d552c0eca7
CVE-2017-17557 (In Foxit Reader before 9.1 and Foxit PhantomPDF before 9.1, a flaw ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-17556 (A debug tool in Synaptics TouchPad drivers allows local users with ...)
	NOT-FOR-US: debug tool in Synaptics TouchPad drivers
CVE-2017-17555 (The swri_audio_convert function in audioconvert.c in FFmpeg ...)
	- aubio <unfixed> (low; bug #884232)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	[wheezy] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20swri_audio_convert%20of%20ffmpeg%20libswresample.md
	NOTE: aubio initializes libswresample with 2 channels and then passes data
	NOTE: that contains just one channel. Not an issue in src:ffmpeg.
	NOTE: https://github.com/aubio/aubio/issues/137
CVE-2017-17554 (A NULL pointer dereference (DoS) Vulnerability was found in the ...)
	- aubio <unfixed> (low; bug #884237)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <no-dsa> (Minor issue)
	[wheezy] - aubio <no-dsa> (Minor issue)
	NOTE: https://github.com/IvanCql/vulnerability/blob/master/An%20NULL%20pointer%20dereference(DoS)%20Vulnerability%20was%20found%20in%20function%20%20aubio_source_avcodec_readframe%20of%20aubio.md
	NOTE: https://github.com/aubio/aubio/issues/137
CVE-2017-17553 (The Dolphin Browser for Android 12.0.2 suffers from an insecure parsing ...)
	NOT-FOR-US: Dolphin Browser for Android
CVE-2017-17552 (/LoadFrame in Zoho ManageEngine AD Manager Plus build 6590 - 6613 ...)
	NOT-FOR-US: Zoho ManageEngine AD Manager Plus
CVE-2018-1360
	RESERVED
CVE-2018-1359
	RESERVED
CVE-2018-1358
	RESERVED
CVE-2018-1357
	RESERVED
CVE-2018-1356
	RESERVED
CVE-2018-1355
	RESERVED
CVE-2018-1354
	RESERVED
CVE-2018-1353
	RESERVED
CVE-2018-1352
	RESERVED
CVE-2018-1351
	RESERVED
CVE-2017-17551 (The Backup and Restore feature in Mobotap Dolphin Browser for Android ...)
	NOT-FOR-US: Dolphin Browser for Android
CVE-2017-17550
	RESERVED
CVE-2017-17549 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2017-17548
	RESERVED
CVE-2017-17547
	RESERVED
CVE-2017-17546
	RESERVED
CVE-2017-17545
	RESERVED
CVE-2017-17544
	RESERVED
CVE-2017-17543 (Users' VPN authentication credentials are unsafely encrypted in ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2017-17542
	RESERVED
CVE-2017-17541
	RESERVED
CVE-2017-17540 (The presence of a hardcoded account in Fortinet FortiWLC 8.3.3 allows ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2017-17539 (The presence of a hardcoded account in Fortinet FortiWLC 7.0.11 and ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2017-17538 (MikroTik v6.40.5 devices allow remote attackers to cause a denial of ...)
	NOT-FOR-US: MikroTik
CVE-2017-17537 (MikroTik RouterBOARD v6.39.2 and v6.40.5 allows an unauthenticated ...)
	NOT-FOR-US: MikroTik
CVE-2018-1350 (The NetIQ Identity Manager driver log file, in versions prior to 4.7, ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1349 (The NetIQ Identity Manager driver log file, in versions prior to 4.7, ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1348 (NetIQ Identity Manager driver, in versions prior to 4.7, allows for an ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2018-1347 (The administrative web interface in NetIQ iManager, versions prior to ...)
	NOT-FOR-US: NetIQ
CVE-2018-1346 (Addresses denial of service attack to eDirectory versions prior to ...)
	NOT-FOR-US: NetIQ
CVE-2018-1345 (NetIQ iManager, versions prior to 3.1, under some circumstances could ...)
	NOT-FOR-US: NetIQ
CVE-2018-1344 (Addresses potential communication downgrade attack in NetIQ iManager ...)
	NOT-FOR-US: NetIQ
CVE-2018-1343 (PAM exposure enabling unauthenticated access to remote host ...)
	NOT-FOR-US: NetIQ
CVE-2018-1342 (A Vulnerability exists on Admin Console where an attacker can upload ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2018-1341
	RESERVED
CVE-2017-17536 (Phabricator before 2017-11-10 does not block the --config and ...)
	- phabricator <unfixed> (unimportant)
	NOTE: Fixed by: https://github.com/phacility/phabricator/commit/a7921a4448093d00defa8bd18f35b8c8f8bf3314
	NOTE: Starting with 0~git20160726-3 the Phabricator package is not built
	NOTE: The issue is unfixed in the source up to 0~git20170812-1
	NOTE: Fixed in 0~git20171202-1 (not yet accepted from NEW)
CVE-2017-17535 (lib/gui.py in Bob Hepple gjots2 2.4.1 does not validate strings before ...)
	- gjots2 <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/gjots2/2.4.1-2/lib/gui.py/?hl=2188#L2188
CVE-2017-17534 (uiutil.c in Mensis 0.0.080507 does not validate strings before ...)
	- mensis <removed> (unimportant)
	NOTE: https://sources.debian.org/src/mensis/0.0.080507-4/uiutil.c/?hl=293#L428
CVE-2017-17533 (** DISPUTED ** default.tcl in Tkabber 1.1 does not validate strings ...)
	NOTE: Originally assigned for src:tkabber
	NOTE: https://sources.debian.org/src/tkabber/1.1-1/default.tcl/?hl=118#L118
	NOTE: TCL's exec call does not involve the shell. It does its own argument parsing
	NOTE: which safely forwards the content of any variable. No command injection is
	NOTE: thus possible. See https://tcl.tk/man/tcl/TclCmd/exec.htm
	NOTE: MITRE only considers this as DISPUTED rather than fully REJECT The CVE.
CVE-2017-17532 (examples/framework/news/news3.py in Kiwi 1.9.22 does not validate ...)
	- kiwi <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/kiwi/1.9.22-4/examples/framework/news/news3.py/?hl=88#L88
	NOTE: Only in examples code, negligible impact
CVE-2017-17531 (gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before ...)
	- global 6.6.1-1 (unimportant; bug #884912)
	[stretch] - global 6.5.6-2+deb9u1
	NOTE: https://sources.debian.org/src/global/4.8.6-2/gozilla/gozilla.c/#L269
CVE-2017-17530 (common/help.c in Geomview 1.9.5 does not validate strings before ...)
	- geomview <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/geomview/1.9.5-1/src/bin/geomview/common/help.c/?hl=51#L83
CVE-2017-17529 (af/util/xp/ut_go_file.cpp in AbiWord 3.0.2-2 does not validate strings ...)
	- abiword <unfixed> (bug #884923)
	[stretch] - abiword <no-dsa> (Minor issue)
	[jessie] - abiword <no-dsa> (Minor issue)
	[wheezy] - abiword <no-dsa> (Minor issue)
	NOTE: https://sources.debian.org/src/abiword/3.0.2-5/src/af/util/xp/ut_go_file.cpp/#L1717
	NOTE: Issue can be mitigated by compiling abiword in future with --with-gnomevfs so that
	NOTE: abiword does not use the problematic fallback_open_uri. This though only works for
	NOTE: GTK+-2. Abiword in Debian is compiled against GTK+3+
	NOTE: See explanation in https://bugs.debian.org/884923#15
CVE-2017-17528 (backends/platform/sdl/posix/posix.cpp in ScummVM 1.9.0 does not ...)
	- scummvm <unfixed> (unimportant)
	[wheezy] - scummvm <not-affected> (Vulnerable code not there)
	NOTE: https://sources.debian.org/src/scummvm/1.9.0+dfsg-2/backends/platform/sdl/posix/posix.cpp/?hl=274#L274
CVE-2017-17527 (** DISPUTED ** delphi_gui/WWWBrowserRunnerDM.pas in PasDoc 0.14 does ...)
	- pasdoc 0.15.0-1 (unimportant)
	NOTE: https://sources.debian.org/src/pasdoc/0.14.0-1/source/delphi_gui/WWWBrowserRunnerDM.pas/?hl=63#L63
	NOTE: Marked as unimportant since issue in unused code. MITRE marks CVE as
	NOTE: disputed.
CVE-2017-17526 (Input.cc in Bernard Parisse Giac 1.2.3.57 does not validate strings ...)
	- giac <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/giac/1.2.3.57+dfsg1-2/src/Input.cc/?hl=68#L77
CVE-2017-17525 (guiclient/guiclient.cpp in xTuple PostBooks 4.7.0 does not validate ...)
	- postbooks <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/postbooks/4.7.0-3/guiclient/guiclient.cpp/?hl=1610#L1610
CVE-2017-17524 (library/www_browser.pl in SWI-Prolog 7.2.3 does not validate strings ...)
	- swi-prolog <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/swi-prolog/7.2.3+dfsg-1/library/www_browser.pl/?hl=68#L68
	NOTE: In wheezy it is technically possible to trigger an argument injection
	NOTE: vulnerability however it is quoted in an unusual way which makes it highly
	NOTE: unlikely that it going to be.
CVE-2017-17523 (lilypond-invoke-editor in LilyPond 2.19.80 does not validate strings ...)
	- lilypond 2.18.2-12 (bug #884136)
	[jessie] - lilypond <no-dsa> (Minor issue)
	[wheezy] - lilypond <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/testlilyissues/issues/5243/
CVE-2017-17522 (** DISPUTED ** Lib/webbrowser.py in Python through 3.6.3 does not ...)
	- jython <unfixed> (unimportant)
	[wheezy] - jython <not-affected> (Vulnerable code is not provided in the binary package)
	- python2.6 <removed> (unimportant)
	- python2.7 <unfixed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python3.4 <removed> (unimportant)
	- python3.5 <unfixed> (unimportant)
	- python3.6 <unfixed> (unimportant)
	- python3.7 <unfixed> (unimportant)
	NOTE: Lib/webbrowser.py does not validate strings before launching the program
	NOTE: specified by the BROWSER environment variable.
	NOTE: https://bugs.python.org/issue32367
	NOTE: Hardly an issue with security impact, as the problematic code further relies
	NOTE: on subprocess.Popen with the default shell=False.
CVE-2017-17521 (uiutil.c in FontForge through 20170731 does not validate strings before ...)
	- fontforge <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/fontforge/1:20170731%7Edfsg-1/fontforgeexe/uiutil.c/#L285
CVE-2017-17520 (** DISPUTED ** tools/url_handler.pl in TIN 2.4.1 does not validate ...)
	- tin <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/tin/1:2.4.1-1/tools/url_handler.pl/?hl=120#L120
	NOTE: Documentation has a clear SECURITY section mentioning that [...] url_handler
	NOTE: does not try hard to shell escape its input nor does it convert relative URLs
	NOTE: into abosulte ones. If you use url_handler.pl from other applications be sure to
	NOTE: at least shell escaped its input.
CVE-2017-17519 (batteriesConfig.mlp in OCaml Batteries Included (aka ocaml-batteries) ...)
	- ocaml-batteries <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/ocaml-batteries/2.6.0-1/src/batteriesConfig.mlp/?hl=23#L23
CVE-2017-17518 (swt/motif/browser.c in White_dune (aka whitedune) 0.30.10 does not ...)
	- whitedune <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/whitedune/0.30.10-2.1/src/swt/motif/browser.c/?hl=159#L214
CVE-2017-17517 (libsylph/utils.c in Sylpheed through 3.6 does not validate strings ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/sylpheed/3.5.1-1/libsylph/utils.c/?hl=4292#L4292
CVE-2017-17516 (scripts/inspect_webbrowser.py in Reddit Terminal Viewer (RTV) 1.19.0 ...)
	- rtv <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/rtv/1.20.0+dfsg-1/scripts/inspect_webbrowser.py/
CVE-2017-17515 (** DISPUTED ** etc/ObjectList in Metview 4.7.3 does not validate ...)
	- metview <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/metview/4.7.2-3/share/metview/etc/ObjectList/?hl=2857#L2857
CVE-2017-17514 (** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before ...)
	- nip2 <unfixed> (unimportant)
	NOTE: https://sources.debian.org/src/nip2/8.4.0-1/src/boxes.c/?hl=727#L727
CVE-2017-17513 (TeX Live through 20170524 does not validate strings before launching ...)
	- texlive-base <unfixed> (unimportant)
	[wheezy] - texlive-base <not-affected> (Vulnerable code do not exist)
	- texlive-bin <unfixed> (unimportant)
	[wheezy] - texlive-bin <not-affected> (Vulnerable code do not exist)
	- context <unfixed> (unimportant)
	[wheezy] - context <not-affected> (Vulnerable code do not exist)
	NOTE: https://sources.debian.org/src/texlive-base/2017.20171128-1/texmf-dist/tex/luatex/lualibs/lualibs-os.lua/#L153
	NOTE: https://sources.debian.org/src/texlive-bin/2016.20160513.41080.dfsg-2/texk/texlive/linked_scripts/context/stubs/unix/mtxrun/#L3004
	NOTE: https://sources.debian.org/src/context/2017.05.15.20170613-2/texmf-dist/scripts/context/stubs/mswin/mtxrun.lua/?hl=3424#L3424
CVE-2017-17512 (sensible-browser in sensible-utils before 0.0.11 does not validate ...)
	{DSA-4071-1 DLA-1209-1}
	- sensible-utils 0.0.11 (bug #881767)
	NOTE: https://anonscm.debian.org/git/collab-maint/sensible-utils.git/commit/?id=e16c937c43126df7f08d355277f99dd94cc21ce5
CVE-2017-17511 (KildClient 3.1.0 does not validate strings before launching the program ...)
	{DLA-1210-1}
	- kildclient 3.2.0-1 (bug #885007)
	[stretch] - kildclient 3.1.0-1+deb9u1
	[jessie] - kildclient <no-dsa> (Minor issue)
	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
	NOTE: https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
CVE-2017-17510
	RESERVED
CVE-2017-17509 (In HDF5 1.10.1, there is an out of bounds write vulnerability in the ...)
	- hdf5 <unfixed> (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/5-hdf5-heap-overflow-H5G__ent_decode_vec
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17508 (In HDF5 1.10.1, there is a divide-by-zero vulnerability in the function ...)
	- hdf5 <unfixed> (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/1-hdf5-divbyzero-H5T_set_loc
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17507 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
	- hdf5 <unfixed> (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/3-hdf5-outbound-read-H5T_conv_struct_opt
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17506 (In HDF5 1.10.1, there is an out of bounds read vulnerability in the ...)
	- hdf5 <unfixed> (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/4-hdf5-outbound-read-H5Opline_pline_decode
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17505 (In HDF5 1.10.1, there is a NULL pointer dereference in the function ...)
	- hdf5 <unfixed> (bug #884365)
	[stretch] - hdf5 <no-dsa> (Minor issue)
	[jessie] - hdf5 <no-dsa> (Minor issue)
	[wheezy] - hdf5 <no-dsa> (Minor issue)
	NOTE: POC: https://github.com/xiaoqx/pocs/blob/master/hdf5/2-hdf5-null-pointer-H5O_pline_decode
	NOTE: https://github.com/xiaoqx/pocs/blob/master/hdf5/readme.md
CVE-2017-17504 (ImageMagick before 7.0.7-12 has a coders/png.c ...)
	{DSA-4204-1 DSA-4074-1 DLA-1227-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #885340)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/872
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ce3a586a43a7d13442587eb7f28d129557b6a135
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/59c49559e302e06bfba46cb6feb4e39adbe675b6
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/fb89192c4ca1600741af79dd22166a7d91e76924
CVE-2017-17503 (ReadGRAYImage in coders/gray.c in GraphicsMagick 1.3.26 has a ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/460ef5e858ad
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/522/
CVE-2017-17502 (ReadCMYKImage in coders/cmyk.c in GraphicsMagick 1.3.26 has a ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a9c425688397
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/521/
CVE-2017-17501 (WriteOnePNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/5b8414c0d0c4
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/526/
CVE-2017-17500 (ReadRGBImage in coders/rgb.c in GraphicsMagick 1.3.26 has a ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1366f2dd9931
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/523/
CVE-2017-17499 (ImageMagick before 6.9.9-24 and 7.x before 7.0.7-12 has a ...)
	{DSA-4074-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #885339)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c35502217c1879cb8257c617007282eee3fe1cc
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dd96d671e4d5ae22c6894c302e8996c13f24c45a
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=33078&sid=5fbb164c3830293138917f9b14264ed1
CVE-2017-17498 (WritePNMImage in coders/pnm.c in GraphicsMagick 1.3.26 allows remote ...)
	{DLA-1231-1}
	- graphicsmagick 1.3.27-1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f1c418ef0260
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/525/
CVE-2017-17497 (In Tidy 5.7.0, the prvTidyTidyMetaCharset function in clean.c allows ...)
	- tidy-html5 <not-affected> (Vulnerable code introduced after 5.6.0)
	- tidy <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/htacg/tidy-html5/issues/656
	NOTE: https://github.com/htacg/tidy-html5/commit/a111d7a9691953f903ffa1fdbc3762dec22fc215
CVE-2017-17496
	REJECTED
CVE-2017-17495
	RESERVED
CVE-2017-17494
	RESERVED
CVE-2017-17493
	RESERVED
CVE-2017-17492
	RESERVED
CVE-2017-17491
	RESERVED
CVE-2017-17490
	RESERVED
CVE-2017-17489
	RESERVED
CVE-2017-17488
	RESERVED
CVE-2017-17487
	RESERVED
CVE-2017-17486
	RESERVED
CVE-2017-17485 (FasterXML jackson-databind through 2.8.10 and 2.9.x through 2.9.3 ...)
	{DSA-4114-1}
	- jackson-databind 2.9.4-1 (bug #888318)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1528565#c0
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1855
CVE-2017-17484 (The ucnv_UTF8FromUTF8 function in ucnv_u8.cpp in International ...)
	- icu <not-affected> (Vulnerable code not present, only experimental was ever affected and fixed in 60.2-1)
	NOTE: https://ssl.icu-project.org/trac/ticket/13510
	NOTE: https://ssl.icu-project.org/trac/ticket/13490
	NOTE: Fixed by: https://ssl.icu-project.org/trac/changeset/40714
	NOTE: Testcase: https://ssl.icu-project.org/trac/changeset/40715
	NOTE: POC: https://ssl.icu-project.org/trac/attachment/ticket/13490/poc.2.cpp
	NOTE: Introduced by https://ssl.icu-project.org/trac/changeset/40455/
CVE-2017-17483
	RESERVED
CVE-2017-17482 (An issue was discovered in OpenVMS through V8.4-2L2 on Alpha and ...)
	NOT-FOR-US: OpenVMS
CVE-2017-17481
	RESERVED
CVE-2017-17480 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
	- openjpeg2 <unfixed> (bug #884738)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
CVE-2017-17479 (In OpenJPEG 2.3.0, a stack-based buffer overflow was discovered in the ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/1044
	NOTE: Debian packaging does not build JPWL, has BUILD_JPWL:BOOL=OFF
CVE-2017-17478 (An XSS issue was discovered in Designer Studio in Pegasystems Pega ...)
	NOT-FOR-US: Pegasystems Pega Platform
CVE-2017-17477
	RESERVED
CVE-2017-17475 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17474 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17473 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17472 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17471 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17470 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17469 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17468 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17467 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17466 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to gain ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17465 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17464 (K7Sentry.sys 15.1.0.59 in K7 Antivirus 15.1.0309 has a NULL pointer ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17463 (Vivo modems allow remote attackers to obtain sensitive information by ...)
	NOT-FOR-US: Vivo modems
CVE-2017-17462
	RESERVED
CVE-2017-17461
	REJECTED
CVE-2017-17460
	RESERVED
CVE-2018-1340
	RESERVED
CVE-2018-1339 (A carefully crafted (or fuzzed) file can trigger an infinite loop in ...)
	- tika <unfixed> (low)
	[jessie] - tika <ignored> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/7
CVE-2018-1338 (A carefully crafted (or fuzzed) file can trigger an infinite loop in ...)
	- tika <not-affected> (BGP parser introduced in 1.7)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/6
CVE-2018-1337
	RESERVED
CVE-2018-1336
	RESERVED
CVE-2018-1335 (From Apache Tika versions 1.7 to 1.17, clients could send carefully ...)
	- tika <not-affected> (Server functionality not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/25/8
CVE-2018-1334
	RESERVED
CVE-2018-1333
	RESERVED
CVE-2018-1332
	RESERVED
CVE-2018-1331
	RESERVED
CVE-2018-1330
	RESERVED
CVE-2018-1329
	RESERVED
CVE-2018-1328
	RESERVED
CVE-2018-1327 (The Apache Struts REST Plugin is using XStream library which is ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-056
CVE-2018-1326
	RESERVED
CVE-2018-1325 (In Apache wicket-jquery-ui &lt;= 6.29.0, &lt;= 7.10.1, &lt;= 8.0.0-M9.1, JS ...)
	NOT-FOR-US: Wicket jQuery UI
CVE-2018-1324 (A specially crafted ZIP archive can be used to cause an infinite loop ...)
	- libcommons-compress-java 1.13-2 (bug #893174)
	[stretch] - libcommons-compress-java <no-dsa> (Minor issue)
	[jessie] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	[wheezy] - libcommons-compress-java <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=commons-compress.git;a=blobdiff;f=src/main/java/org/apache/commons/compress/archivers/zip/X0017_StrongEncryptionHeader.java;h=acc3b22346b49845e85b5ef27a5814b69e834139;hp=0feb9c98cc622cde1defa3bbd268ef82b4ae5c18;hb=2a2f1dc48e22a34ddb72321a4db211da91aa933b;hpb=dcb0486fb4cb2b6592c04d6ec2edbd3f690df5f2
	NOTE: https://issues.apache.org/jira/browse/COMPRESS-432
CVE-2018-1323 (The IIS/ISAPI specific code in the Apache Tomcat JK ISAPI Connector ...)
	- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific issue)
	NOTE: http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.43
	NOTE: Fixed by: http://svn.apache.org/r1825658
CVE-2018-1322 (An administrator with user search entitlements in Apache Syncope 1.2.x ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-1321 (An administrator with report and template entitlements in Apache ...)
	NOT-FOR-US: Apache Syncope
CVE-2018-1320
	RESERVED
CVE-2018-1319 (In Apache Allura prior to 1.8.1, attackers may craft URLs that cause ...)
	NOT-FOR-US: Apache Allura
CVE-2018-1318
	RESERVED
CVE-2018-1317
	RESERVED
CVE-2018-1316 (The ODE process deployment web service was sensible to deployment ...)
	NOT-FOR-US: Apache ODE
CVE-2018-1315 (In Apache Hive 2.1.0 to 2.3.2, when 'COPY FROM FTP' statement is run ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1314
	RESERVED
CVE-2018-1313 (In Apache Derby 10.3.1.4 to 10.14.1.0, a specially-crafted network ...)
	- derby 10.14.2.0-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/05/1
CVE-2018-1312 (In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/7
CVE-2018-1311
	RESERVED
CVE-2018-1310
	RESERVED
CVE-2018-1309
	RESERVED
CVE-2018-1308 (This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 ...)
	{DSA-4194-1 DLA-1360-1}
	- lucene-solr 3.6.2+dfsg-12 (bug #896604)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/08/3
	NOTE: https://issues.apache.org/jira/browse/SOLR-11971
	NOTE: master: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/02c693f3
	NOTE: branch_7x: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/739a7933
	NOTE: branch_6_6: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/dd3be31f
CVE-2018-1307 (In Apache jUDDI 3.2 through 3.3.4, if using the WADL2Java or WSDL2Java ...)
	NOT-FOR-US: Apache juddi-client
CVE-2018-1306
	RESERVED
CVE-2018-1305 (Security constraints defined by annotations of Servlets in Apache ...)
	{DLA-1301-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.28-1
	- tomcat8.0 <unfixed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1823314 (8.5.x)
	NOTE: https://svn.apache.org/r1824358 (8.5.x)
	NOTE: https://svn.apache.org/r1823319 (8.0.x)
	NOTE: https://svn.apache.org/r1824359 (8.0.x)
	NOTE: https://svn.apache.org/r1823322 (7.0.x)
	NOTE: https://svn.apache.org/r1824360 (7.0.x)
CVE-2018-1304 (The URL pattern of &quot;&quot; (the empty string) which exactly maps to the ...)
	{DLA-1301-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.28-1
	- tomcat8.0 <unfixed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://svn.apache.org/r1823307 (8.5.x)
	NOTE: https://svn.apache.org/r1823308 (8.0.x)
	NOTE: https://svn.apache.org/r1823309 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62067
CVE-2018-1303 (A specially crafted HTTP request header could have crashed the Apache ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/3
CVE-2018-1302 (When an HTTP/2 stream was destroyed after being handled, the Apache ...)
	- apache2 2.4.33-1
	[stretch] - apache2 <postponed> (Will be fixed via stretch-pu and upating to 2.4.33's mod_http2)
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/5
CVE-2018-1301 (A specially crafted request could have crashed the Apache HTTP Server ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/2
CVE-2018-1300
	RESERVED
CVE-2018-1299 (In Apache Allura before 1.8.0, unauthenticated attackers may retrieve ...)
	NOT-FOR-US: Apache Allura
CVE-2018-1298 (A Denial of Service vulnerability was found in Apache Qpid Broker-J ...)
	- qpid-java <itp> (bug #840131)
	NOTE: https://issues.apache.org/jira/browse/QPID-8046
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=de509dd
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=30ca170
	NOTE: https://git-wip-us.apache.org/repos/asf?p=qpid-broker-j.git;h=4b9fb37
CVE-2018-1297 (When using Distributed Test only (RMI based), Apache JMeter 2.x and ...)
	- jakarta-jmeter <unfixed> (low; bug #897259)
	[stretch] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[jessie] - jakarta-jmeter <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/1
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1296
	RESERVED
CVE-2018-1295 (In Apache Ignite 2.3 or earlier, the serialization mechanism does not ...)
	NOT-FOR-US: Apache Ignite
CVE-2018-1294 (If a user of Commons-Email (typically an application programmer) ...)
	- commons-email <not-affected> (Fixed with first upload to Debian)
	NOTE: https://marc.info/?i=CAF8HOZ+J3NkaywfbHuQpHxK9ZXeT4=4Vs9rOwCDiUdnt1QA1Yw@mail.gmail.com
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&amp;revision=1777030
CVE-2018-1293
	RESERVED
CVE-2018-1292 (Within the 'getReportType' method in Apache Fineract 1.0.0, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1291 (Apache Fineract 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1290 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1289 (In Apache Fineract versions 1.0.0, 0.6.0-incubating, 0.5.0-incubating, ...)
	NOT-FOR-US: Apache Fineract
CVE-2018-1288
	RESERVED
CVE-2018-1287 (In Apache JMeter 2.X and 3.X, when using Distributed Test only (RMI ...)
	- jakarta-jmeter <unfixed> (low)
	[stretch] - jakarta-jmeter <no-dsa> (Minor issue)
	[jessie] - jakarta-jmeter <no-dsa> (Minor issue)
	[wheezy] - jakarta-jmeter <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/11/2
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=62039
CVE-2018-1286 (In Apache OpenMeetings 3.0.0 - 4.0.1, CRUD operations on privileged ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2018-1285
	RESERVED
CVE-2018-1284 (In Apache Hive 0.6.0 to 2.3.2, malicious user might use any xpath UDFs ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1283 (In Apache httpd 2.4.0 to 2.4.29, when mod_session is configured to ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/4
CVE-2018-1282 (This vulnerability in Apache Hive JDBC driver 0.7.1 to 2.3.2 allows ...)
	NOT-FOR-US: Apache Hive
CVE-2018-1281
	RESERVED
CVE-2017-17459 (http_transport.c in Fossil before 2.4, when the SSH sync protocol is ...)
	- fossil 1:2.4-1
	[stretch] - fossil <no-dsa> (Minor issue)
	[jessie] - fossil <no-dsa> (Minor issue)
	[wheezy] - fossil <no-dsa> (Minor issue)
	NOTE: https://www.fossil-scm.org/xfer/info/1f63db591c77108c
CVE-2017-17458 (In Mercurial before 4.4.1, it is possible that a specially malformed ...)
	{DLA-1224-1}
	- mercurial 4.4.1-1
	NOTE: https://bz.mercurial-scm.org/show_bug.cgi?id=5730
	NOTE: https://www.mercurial-scm.org/pipermail/mercurial-devel/2017-November/107333.html
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.4.1_.282017-11-07.29
	NOTE: Fixed by: https://mercurial-scm.org/repo/hg/rev/071cbeba4212
	NOTE: Alternative workaround: https://mercurial-scm.org/repo/hg/rev/5e27afeddaee
CVE-2017-1002102 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to ...)
	- kubernetes 1.7.16+dfsg-1 (bug #894051)
	NOTE: https://github.com/kubernetes/kubernetes/issues/60814
CVE-2017-1002101 (In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to ...)
	- kubernetes 1.7.16+dfsg-1 (bug #892801)
	NOTE: https://github.com/kubernetes/kubernetes/issues/60813
CVE-2017-17457 (The function d2ulaw_array() in ulaw.c of libsndfile 1.0.29pre1 may lead ...)
	- libsndfile <unfixed> (low; bug #884735)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/344
CVE-2017-17456 (The function d2alaw_array() in alaw.c of libsndfile 1.0.29pre1 may lead ...)
	- libsndfile <unfixed> (low; bug #884735)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/344
CVE-2017-17455 (Mahara 16.10 before 16.10.7, 17.04 before 17.04.5, and 17.10 before ...)
	- mahara <removed>
CVE-2017-17454 (Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before ...)
	- mahara <removed>
CVE-2017-17453
	RESERVED
CVE-2017-17452
	RESERVED
CVE-2017-17451 (The WP Mailster plugin before 1.5.5 for WordPress has XSS in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-17450 (net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <ignored> (User namespaces not supported)
	NOTE: https://lkml.org/lkml/2017/12/5/982
CVE-2017-17449 (The __netlink_deliver_tap_skb function in net/netlink/af_netlink.c in ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2017/12/5/950
CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <ignored> (User namespaces not supported)
	NOTE: https://patchwork.kernel.org/patch/10089373/
CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...)
	NOT-FOR-US: Pivotal
CVE-2018-1279
	RESERVED
CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...)
	NOT-FOR-US: Pivotal
CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1276 (Windows 2012R2 stemcells, versions prior to 1200.17, contain an ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1275 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
	- libspring-java <not-affected> (Partial fix for CVE-2018-1270 not applied)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1274 (Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1273 (Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1272 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
	- libspring-java <unfixed> (bug #895114)
	[wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
	NOTE: https://pivotal.io/security/cve-2018-1272
CVE-2018-1271 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
	- libspring-java <not-affected> (Issue specific when served from a file system on Windows)
	NOTE: https://pivotal.io/security/cve-2018-1271
CVE-2018-1270 (Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior ...)
	- libspring-java <unfixed> (bug #895114)
	[wheezy] - libspring-java <not-affected> (Vulnerable broker code introduced in various commits re. https://github.com/spring-projects/spring-framework/blame/0009806debb578e884f6dc98bd1f2dc668020021/spring-messaging/src/main/java/org/springframework/messaging/simp/broker/DefaultSubscriptionRegistry.java)
	NOTE: https://pivotal.io/security/cve-2018-1270
	NOTE: when addressing this issue make sure to not only apply a partial fix but
	NOTE: make it complete, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1565307
CVE-2018-1269
	RESERVED
CVE-2018-1268
	RESERVED
CVE-2018-1267 (Cloud Foundry Silk CNI plugin, versions prior to 0.2.0, contains an ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1266 (Cloud Foundry Cloud Controller, versions prior to 1.52.0, contains ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1265
	RESERVED
CVE-2018-1264
	RESERVED
CVE-2018-1263 (Addresses partial fix in CVE-2018-1261. Pivotal ...)
	NOT-FOR-US: Spring-integration-zip
CVE-2018-1262 (Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a ...)
	NOT-FOR-US: Cloud Foundry Foundation UAA
CVE-2018-1261 (Spring-integration-zip versions prior to 1.0.1 exposes an arbitrary ...)
	NOT-FOR-US: Spring-integration-zip
CVE-2018-1260 (Spring Security OAuth, versions 2.3 prior to 2.3.3, 2.2 prior to ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2018-1259 (Spring Data Commons, versions 1.13 prior to 1.13.12 and 2.0 prior to ...)
	NOT-FOR-US: Spring Data Commons
CVE-2018-1258 (Spring Security in combination with Spring Framework versions prior to ...)
	- libspring-security-2.0-java <removed>
	NOTE: https://pivotal.io/security/cve-2018-1258
CVE-2018-1257 (Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior ...)
	- libspring-java <unfixed>
	NOTE: https://pivotal.io/security/cve-2018-1257
CVE-2018-1256 (Spring Cloud SSO Connector, version 2.1.2, contains a regression which ...)
	NOT-FOR-US: Spring Cloud SSO Connector
CVE-2018-1255
	RESERVED
CVE-2018-1254
	RESERVED
CVE-2018-1253
	RESERVED
CVE-2018-1252
	RESERVED
CVE-2018-1251
	RESERVED
CVE-2018-1250
	RESERVED
CVE-2018-1249
	RESERVED
CVE-2018-1248 (RSA Authentication Manager Security Console, Operation Console and ...)
	NOT-FOR-US: RSA Authentication Mamager
CVE-2018-1247 (RSA Authentication Manager Security Console, version 8.3 and earlier, ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2018-1246
	RESERVED
CVE-2018-1245
	RESERVED
CVE-2018-1244
	RESERVED
CVE-2018-1243
	RESERVED
CVE-2018-1242
	RESERVED
CVE-2018-1241
	RESERVED
CVE-2018-1240 (Dell EMC ViPR Controller, versions after 3.0.0.38, contain an ...)
	NOT-FOR-US: EMC ViPR Controller
CVE-2018-1239 (Dell EMC Unity Operating Environment (OE) versions prior to ...)
	NOT-FOR-US: EMC Unity Operating Environment
CVE-2018-1238 (Dell EMC ScaleIO versions prior to 2.5, contain a command injection ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1237 (Dell EMC ScaleIO versions prior to 2.5, contain improper restriction ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1236
	RESERVED
CVE-2018-1235
	RESERVED
CVE-2018-1234 (RSA Authentication Agent version 8.0.1 and earlier for Web for IIS is ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1233 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1232 (RSA Authentication Agent version 8.0.1 and earlier for Web for both ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2018-1231 (Cloud Foundry BOSH CLI, versions prior to v3.0.1, contains an improper ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1230 (Pivotal Spring Batch Admin, all versions, does not contain cross site ...)
	NOT-FOR-US: Pivotal
CVE-2018-1229 (Pivotal Spring Batch Admin, all versions, contains a stored XSS ...)
	NOT-FOR-US: Pivotal
CVE-2018-1228
	REJECTED
CVE-2018-1227 (Pivotal Concourse after 2018-03-05 might allow remote attackers to ...)
	NOT-FOR-US: Pivotal
CVE-2018-1226
	REJECTED
CVE-2018-1225
	REJECTED
CVE-2018-1224
	REJECTED
CVE-2018-1223
	RESERVED
CVE-2018-1222
	RESERVED
CVE-2018-1221 (In cf-deployment before 1.14.0 and routing-release before 0.172.0, the ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1220 (EMC RSA Archer, versions prior to 6.2.0.8, contains a redirect ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2018-1219 (EMC RSA Archer, versions prior to 6.2.0.8, contains an improper access ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2018-1218 (In Dell EMC NetWorker versions prior to 9.2.1.1, versions prior to ...)
	NOT-FOR-US: EMC NetWorker
CVE-2018-1217 (Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2018-1216 (A hard-coded password vulnerability was discovered in vApp Manager ...)
	NOT-FOR-US: EMC
CVE-2018-1215 (An arbitrary file upload vulnerability was discovered in vApp Manager ...)
	NOT-FOR-US: EMC
CVE-2018-1214 (Dell EMC SupportAssist Enterprise version 1.1 creates a local Windows ...)
	NOT-FOR-US: EMC
CVE-2018-1213 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
	NOT-FOR-US: Dell
CVE-2018-1212
	RESERVED
CVE-2018-1211 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain a path ...)
	NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1210
	REJECTED
CVE-2018-1209
	REJECTED
CVE-2018-1208
	REJECTED
CVE-2018-1207 (Dell EMC iDRAC7/iDRAC8, versions prior to 2.52.52.52, contain CGI ...)
	NOT-FOR-US: Dell EMC iDRAC7/iDRAC8
CVE-2018-1206 (Dell EMC Data Protection Advisor versions prior to 6.3 Patch 159 and ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2018-1205 (Dell EMC ScaleIO, versions prior to 2.5, do not properly handle some ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2018-1204 (Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - ...)
	NOT-FOR-US: Dell
CVE-2018-1203 (In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary ...)
	NOT-FOR-US: Dell
CVE-2018-1202 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1201 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1200 (Apps Manager for PCF (Pivotal Application Service 1.11.x before ...)
	NOT-FOR-US: Pivotal
CVE-2018-1199 (Spring Security (Spring Security 4.1.x before 4.1.5, 4.2.x before ...)
	- libspring-java 4.3.14-1 (bug #890001)
	[wheezy] - libspring-java <ignored> (Too intrusive to fix by upgrade)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2018-1199
CVE-2018-1198
	RESERVED
CVE-2018-1197 (In Windows Stemcells versions prior to 1200.14, apps running inside ...)
	NOT-FOR-US: Windows Stemcells
CVE-2018-1196 (Spring Boot supports an embedded launch script that can be used to ...)
	NOT-FOR-US: Spring Boot
CVE-2018-1195 (In Cloud Controller versions prior to 1.46.0, cf-deployment versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1194
	REJECTED
CVE-2018-1193
	RESERVED
CVE-2018-1192 (In Cloud Foundry Foundation cf-release versions prior to v285; ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1191 (Cloud Foundry Garden-runC, versions prior to 1.11.0, contains an ...)
	NOT-FOR-US: Cloud Foundry
CVE-2018-1190 (An issue was discovered in these Pivotal Cloud Foundry products: all ...)
	NOT-FOR-US: Pivotal
CVE-2018-1189 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1188 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1187 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1186 (Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, ...)
	NOT-FOR-US: Dell
CVE-2018-1185 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
	NOT-FOR-US: EMC
CVE-2018-1184 (An issue was discovered in EMC RecoverPoint for Virtual Machines ...)
	NOT-FOR-US: EMC
CVE-2018-1183 (In Dell EMC Unisphere for VMAX Virtual Appliance versions prior to ...)
	NOT-FOR-US: EMC
CVE-2018-1182 (An issue was discovered in EMC RSA Identity Governance and Lifecycle ...)
	NOT-FOR-US: EMC
CVE-2018-1181
	RESERVED
CVE-2017-17447
	RESERVED
CVE-2017-17445
	RESERVED
CVE-2017-17444
	RESERVED
CVE-2017-17443
	RESERVED
CVE-2017-17442 (In BlackBerry UEM Management Console version 12.7.1 and earlier, a ...)
	NOT-FOR-US: BlackBerry
CVE-2017-17441
	RESERVED
CVE-2017-17446 (The Mem_File_Reader::read_avail function in Data_Reader.cpp in the ...)
	- game-music-emu 0.6.2-1 (bug #883691)
	[stretch] - game-music-emu <no-dsa> (Minor issue)
	[jessie] - game-music-emu <no-dsa> (Minor issue)
	[wheezy] - game-music-emu <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/mpyne/game-music-emu/issues/14/addresssanitizer-negative-size-param-size
	NOTE: Patch: https://bitbucket.org/mpyne/game-music-emu/commits/205290614cdc057541b26adeea05a9d45993f860
	NOTE: Additional hardening: https://bitbucket.org/mpyne/game-music-emu/commits/4a441e94cba14268bc4e983d4dfd6ed112084d00
CVE-2017-17440 (GNU Libextractor 1.6 allows remote attackers to cause a denial of ...)
	- libextractor 1:1.6-2 (bug #883528)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	[wheezy] - libextractor <no-dsa> (Minor issue)
	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=7cc63b001ceaf81143795321379c835486d0c92e
CVE-2017-17439 (In Heimdal through 7.4, remote unauthenticated attackers are able to ...)
	{DSA-4055-1}
	- heimdal 7.5.0+dfsg-1 (bug #878144)
	[jessie] - heimdal <not-affected> (Vulnerability introduced in 7.0)
	[wheezy] - heimdal <not-affected> (Vulnerability introduced in 7.0)
	NOTE: https://github.com/heimdal/heimdal/issues/353
	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/749d377fa357351a7bbba51f8aae72cdf0629592 (7.1)
	NOTE: Fixed by: https://github.com/heimdal/heimdal/commit/1a6a6e462dc2ac6111f9e02c6852ddec4849b887 (master)
CVE-2017-17438
	RESERVED
CVE-2017-17437
	RESERVED
CVE-2017-17436 (An issue was discovered in the software on Vaultek Gun Safe VT20i ...)
	NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17435 (An issue was discovered in the software on Vaultek Gun Safe VT20i ...)
	NOT-FOR-US: Vaultek Gun Safe
CVE-2017-17434 (The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...)
	{DSA-4068-1 DLA-1218-1}
	- rsync 3.1.2-2.1 (bug #883665)
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=5509597decdbd7b91994210f700329d8a35e70a1
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=70aeb5fddd1b2f8e143276f8d5a085db16c593b9
CVE-2017-17433 (The recv_files function in receiver.c in the daemon in rsync 3.1.2, and ...)
	{DSA-4068-1 DLA-1218-1}
	- rsync 3.1.2-2.1 (bug #883667)
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=3e06d40029cfdce9d0f73d87cfd4edaf54be9c51
CVE-2017-17431 (GeniXCMS 1.1.5 has XSS via the from, id, lang, menuid, mod, q, status, ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-17430 (Sangoma NetBorder / Vega Session Controller before 2.3.12-80-GA allows ...)
	NOT-FOR-US: Sangoma NetBorder / Vega Session Controller
CVE-2017-17429 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input to the ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-17428 (Cavium Nitrox SSL, Nitrox V SSL, and TurboSSL software development ...)
	NOT-FOR-US: Cisco ACE
	NOTE: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171212-bleichenbacher
	NOTE: https://robotattack.org/
CVE-2017-17427 (Radware Alteon devices with a firmware version between ...)
	NOT-FOR-US: Radware
	NOTE: https://portals.radware.com/getattachment/21be0b7b-fa1c-4cbc-8bd2-c19946aee270/Security-Advisory-Adaptive-chosen-ciphertext-atta/
	NOTE: https://robotattack.org/
CVE-2017-17426 (The malloc function in the GNU C Library (aka glibc or libc6) 2.26 ...)
	- glibc <not-affected> (Issue introduced in glibc-2.26 with addition of per-thread cache to malloc)
	- eglibc <not-affected> (Issue introduced in glibc-2.26 with addition of per-thread cache to malloc)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22375
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d5c3fafc4307c9b7a4c7d5cb381fcdbfad340bcc
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=34697694e8a93b325b18f25f7dcded55d6baeaf6
	NOTE: The upload of 2.26-0experimental2 to experimental fixed the issue (cf. #883729).
CVE-2017-1000410 (The Linux kernel version 3.3-rc1 and later is affected by a ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.3)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/06/3
CVE-2017-1000409 (A buffer overflow in glibc 2.5 (released on September 29, 2006) and ...)
	- glibc 2.25-5 (bug #884133)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-1000408 (A memory leak in glibc 2.1.1 (released on May 24, 1999) can be reached ...)
	- glibc 2.25-5 (bug #884132)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/11/4
CVE-2017-17432 (OpenAFS 1.x before 1.6.22 does not properly validate Rx ack packets, ...)
	{DSA-4067-1 DLA-1213-1}
	- openafs 1.6.22-1 (bug #883602)
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2017-001.txt
CVE-2018-1180 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1179 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1178 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1177 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1176 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1175 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1174 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1173 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2018-1172 (This vulnerability allows remote attackers to deny service on ...)
	[experimental] - squid 4.0.21-1~exp5 (unimportant)
	- squid <removed> (unimportant)
	[wheezy] - squid <not-affected> (Vunerable code introduced in 3.1)
	- squid3 <unfixed> (unimportant)
	NOTE: src:squid as source package reintroduced for 4.x in experimental
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2018_3.txt
	NOTE: Squid 3.5 patch: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2018_3.patch
	NOTE: Only affects custom builds with OpenSSL support enabled
CVE-2018-1171 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1170 (This vulnerability allows adjacent attackers to inject arbitrary ...)
	NOT-FOR-US: Volkswagen Customer-Link App and HTC Customer-Link Bridge
CVE-2018-1169 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Amazon Music Player
CVE-2018-1168 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: ABB MicroSCADA
CVE-2018-1167 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Spotify Music Player
CVE-2018-1166 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1165 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2018-1164 (This vulnerability allows remote attackers to cause a ...)
	NOT-FOR-US: ZyXEL
CVE-2018-1163 (This vulnerability allows remote attackers to bypass authentication on ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1162 (This vulnerability allows remote attackers to create a ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1161 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2018-1160
	RESERVED
CVE-2018-1159
	RESERVED
CVE-2018-1158
	RESERVED
CVE-2018-1157
	RESERVED
CVE-2018-1156
	RESERVED
CVE-2018-1155
	RESERVED
CVE-2018-1154
	RESERVED
CVE-2018-1153
	RESERVED
CVE-2018-1152
	RESERVED
CVE-2018-1151
	RESERVED
CVE-2018-1150
	RESERVED
CVE-2018-1149
	RESERVED
CVE-2018-1148 (In Nessus before 7.1.0, Session Fixation exists due to insufficient ...)
	NOT-FOR-US: Nessus
CVE-2018-1147 (In Nessus before 7.1.0, a XSS vulnerability exists due to improper ...)
	NOT-FOR-US: Nessus
CVE-2018-1146 (A remote unauthenticated user can enable telnet on the Belkin N750 ...)
	NOT-FOR-US: Belkin
CVE-2018-1145 (A remote unauthenticated user can overflow a stack buffer in the ...)
	NOT-FOR-US: Belkin
CVE-2018-1144 (A remote unauthenticated user can execute commands as root in the ...)
	NOT-FOR-US: Belkin
CVE-2018-1143 (A remote unauthenticated user can execute commands as root in the ...)
	NOT-FOR-US: Belkin
CVE-2018-1142 (Tenable Appliance versions 4.6.1 and earlier have been found to ...)
	NOT-FOR-US: Tenable
CVE-2018-1141 (When installing Nessus to a directory outside of the default location, ...)
	NOT-FOR-US: Nessus
CVE-2017-17425 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17424 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17423 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17422 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17421 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17420 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17419 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17418 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17417 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17416 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17415 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17414 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17413 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17412 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Quest NetVault Backup
CVE-2017-17411 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: web management portal of Linksys WVBR0 WVBR0
CVE-2017-17410 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17409 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17408 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Bitdefender Internet Security 2018
CVE-2017-17407 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: NetGain
CVE-2017-17406 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: NetGain
CVE-2017-17405 (Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, ...)
	{DLA-1222-1 DLA-1221-1}
	- ruby2.5 2.5.0~rc1-1 (bug #884437)
	- ruby2.3 2.3.6-1 (bug #884438)
	[stretch] - ruby2.3 <postponed> (Minor issue, can be fixed along in a future update)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/12/14/net-ftp-command-injection-cve-2017-17405/
	NOTE: https://github.com/ruby/ruby/commit/6d3f72e5be2312be312f2acbf3465b05293c1431
	NOTE: ruby2.3: https://github.com/ruby/ruby/commit/1cfe43fd85c66a9e2b5068480b3e043c31e6b8ca
	NOTE: ruby2.3: https://github.com/ruby/ruby/commit/3ec034c597e6d40543bb844dc8f96645bef4bed2
CVE-2017-17404
	RESERVED
CVE-2017-17403
	RESERVED
CVE-2017-17402
	RESERVED
CVE-2017-17401
	RESERVED
CVE-2017-17400
	RESERVED
CVE-2017-17399
	RESERVED
CVE-2017-17398
	RESERVED
CVE-2017-17397
	RESERVED
CVE-2017-17396
	RESERVED
CVE-2017-17395
	RESERVED
CVE-2017-17394
	RESERVED
CVE-2017-17393
	RESERVED
CVE-2017-17392
	RESERVED
CVE-2017-17391
	RESERVED
CVE-2017-17390
	RESERVED
CVE-2017-17389
	RESERVED
CVE-2017-17388
	RESERVED
CVE-2017-17387
	RESERVED
CVE-2017-17386
	RESERVED
CVE-2017-17385
	RESERVED
CVE-2017-17384 (ISPConfig 3.x before 3.1.9 allows remote authenticated users to obtain ...)
	NOT-FOR-US: ISPConfig
CVE-2017-17383 (Jenkins through 2.93 allows remote authenticated administrators to ...)
	- jenkins <removed>
CVE-2017-17382 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
	NOT-FOR-US: Citrix
	NOTE: https://support.citrix.com/article/CTX230238
	NOTE: https://robotattack.org/
CVE-2017-17381 (The Virtio Vring implementation in QEMU allows local OS guest users to ...)
	- qemu 1:2.11+dfsg-1 (bug #883625)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <postponed> (Can be fixed along in later update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-12/msg00166.html
CVE-2018-1140
	RESERVED
CVE-2018-1139
	RESERVED
CVE-2018-1138
	RESERVED
CVE-2018-1137
	RESERVED
CVE-2018-1136
	RESERVED
CVE-2018-1135
	RESERVED
CVE-2018-1134
	RESERVED
CVE-2018-1133
	RESERVED
CVE-2018-1132
	RESERVED
	NOT-FOR-US: OpenDaylight
CVE-2018-1131 (Infinispan permits improper deserialization of trusted data via XML ...)
	NOT-FOR-US: infinispan
CVE-2018-1130 (Linux kernel before version 4.16-rc7 is vulnerable to a null pointer ...)
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/67f93df79aeefc3add4e4b31a752600f834236e2
CVE-2018-1129
	RESERVED
CVE-2018-1128
	RESERVED
CVE-2018-1127
	RESERVED
	NOT-FOR-US: tendrl-api
CVE-2018-1126 [0035-proc-alloc.-Use-size_t-not-unsigned-int.patch]
	RESERVED
	- procps <unfixed> (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: Patch: 0035-proc-alloc.-Use-size_t-not-unsigned-int.patch
CVE-2018-1125 [0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch]
	RESERVED
	- procps <unfixed> (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: Patch: 0008-pgrep-Prevent-a-potential-stack-based-buffer-overflo.patch
CVE-2018-1124 [Local Privilege Escalation in libprocps]
	RESERVED
	- procps <unfixed> (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: Patch: 0074-proc-readproc.c-Fix-bugs-and-overflows-in-file2strve.patch
CVE-2018-1123 [Denial of Service in ps]
	RESERVED
	- procps <unfixed> (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: Patch: 0054-ps-output.c-Fix-outbuf-overflows-in-pr_args-etc.patch
CVE-2018-1122 [Local Privilege Escalation in top]
	RESERVED
	- procps <unfixed> (bug #899170)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: Patch: 0097-top-Do-not-default-to-the-cwd-in-configs_read.patch
CVE-2018-1121 [Unprivileged process hiding]
	RESERVED
	- linux <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
CVE-2018-1120 [FUSE-backed /proc/PID/cmdline]
	RESERVED
	- linux <unfixed>
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/17/1
	NOTE: Fixed by: https://git.kernel.org/linus/7f7ccc2ccc2e70c6054685f5e3522efa81556830
CVE-2018-1119
	REJECTED
CVE-2018-1118 (Linux kernel vhost since version 4.8 does not properly initialize ...)
	- linux <unfixed>
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2018/4/27/833
CVE-2018-1117
	RESERVED
	NOT-FOR-US: ovirt-ansible-roles
CVE-2018-1116
	RESERVED
CVE-2018-1115 (postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack ...)
	- postgresql-10 10.4-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 <no-dsa> (Minor issue)
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <not-affected> (Code not present)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (Code not present)
	[wheezy] - postgresql-9.1 <not-affected> (Code not present)
CVE-2018-1114 [File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service]
	RESERVED
	- undertow 1.4.25-1 (bug #897247)
	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1338
	NOTE: https://github.com/undertow-io/undertow/commit/882d5884f2614944a0c2ae69bafd9d13bfc5b64a
	NOTE: https://bugs.openjdk.java.net/browse/JDK-6956385
CVE-2018-1113
	RESERVED
	NOT-FOR-US: Red Hat specific CVE assignment for Red Hat / Fedora setups (nologin listed in /etc/shells violates security expectations)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1571094
CVE-2018-1112 (glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when ...)
	- glusterfs <not-affected> (Fix for CVE-2018-1088 was not applied/ incomplete fix not applied)	
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1570891
CVE-2018-1111 (DHCP packages in Red Hat Enterprise Linux 6 and 7, Fedora 28, and ...)
	NOT-FOR-US: Red Hat Specific script
	NOTE: https://access.redhat.com/security/vulnerabilities/3442151
CVE-2018-1110 [Improper Input Validation]
	RESERVED
	- knot-resolver 2.3.0-1 (bug #896681)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/2
CVE-2018-1109
	RESERVED
	- node-braces <unfixed> (unimportant)
	NOTE: https://snyk.io/vuln/npm:braces:20180219
	NOTE: https://github.com/micromatch/braces/commit/abdafb0cae1e0c00f184abbadc692f4eaa98f451
	NOTE: nodejs not covered by security support
CVE-2018-1108 [random: fix crng_ready() test]
	RESERVED
	- linux 4.16.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/43838a23a05fbd13e47d750d3dfd77001536dd33
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1559
CVE-2018-1107
	RESERVED
	NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2018-1106 (An authentication bypass flaw has been found in PackageKit before ...)
	- packagekit 1.1.10-1 (bug #896703)
	[jessie] - packagekit <not-affected> (Issue introduced later)
	[wheezy] - packagekit <not-affected> (Issue introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/23/3
	NOTE: Fixed by: https://github.com/hughsie/PackageKit/commit/7e8a7905ea9abbd1f384f05f36a4458682cd4697 (PACKAGEKIT_1_1_10)
	NOTE: Introduced by: https://github.com/hughsie/PackageKit/commit/f176976e24e8c17b80eff222572275517c16bdad
	NOTE: Resulting affected (upstream) versions: >= 1.0.10 up until current 1.1.9
CVE-2018-1105
	RESERVED
CVE-2018-1104 (Ansible Tower through version 3.2.3 has a vulnerability that allows ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-1103
	RESERVED
CVE-2018-1102 (A flaw was found in source-to-image function as shipped with Openshift ...)
	NOT-FOR-US: source-to-image in OpenShift
CVE-2018-1101 (Ansible Tower before version 3.2.4 has a flaw in the management of ...)
	NOT-FOR-US: Ansible Tower
CVE-2018-1100 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...)
	- zsh 5.5-1 (bug #895225)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	[wheezy] - zsh <no-dsa> (Minor issue)
	NOTE: https://www.zsh.org/cgi-bin/mla/redirect?WORKERNUMBER=42607
	NOTE: https://sourceforge.net/p/zsh/code/ci/31f72205630687c1cef89347863aab355296a27f/
CVE-2018-1099 (DNS rebinding vulnerability found in etcd 3.3.1 and earlier. An ...)
	- etcd <unfixed>
	NOTE: https://github.com/coreos/etcd/issues/9353
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552717
CVE-2018-1098 (A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. ...)
	- etcd <unfixed>
	NOTE: https://github.com/coreos/etcd/issues/9353
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552714
CVE-2018-1097 (A flaw was found in foreman before 1.16.1. The issue allows users with ...)
	- foreman <itp> (bug #663101)
	NOTE: https://projects.theforeman.org/issues/22546
	NOTE: https://github.com/theforeman/foreman/pull/5369
CVE-2018-1096 (An input sanitization flaw was found in the id field in the dashboard ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/23028
	NOTE: https://github.com/theforeman/foreman/pull/5363
CVE-2018-1095 (The ext4_xattr_check_entries function in fs/ext4/xattr.c in the Linux ...)
	- linux 4.16.5-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199185
CVE-2018-1094 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
	- linux 4.15.17-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199183
CVE-2018-1093 (The ext4_valid_block_bitmap function in fs/ext4/balloc.c in the Linux ...)
	{DSA-4188-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199181
CVE-2018-1092 (The ext4_iget function in fs/ext4/inode.c in the Linux kernel through ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.17-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=199179
	NOTE: Fixed by: https://git.kernel.org/linus/8e4b5eae5decd9dfe5a4ee369c22028f90ab4c44
CVE-2018-1091 (In the flush_tmregs_to_thread function in arch/powerpc/kernel/ptrace.c ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Hardware not supported; POWER9 support missing)
	[wheezy] - linux <not-affected> (Hardware not supported)
	NOTE: Fixed by: https://git.kernel.org/linus/c1fa0768a8713b135848f78fd43ffc208d8ded70
CVE-2018-1090
	RESERVED
	NOT-FOR-US: Pulp (Red Hat)
CVE-2018-1089 (389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not ...)
	- 389-ds-base <unfixed> (bug #898138)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/07/2
CVE-2018-1088 (A privilege escalation flaw was found in gluster 3.x snapshot ...)
	- glusterfs 4.0.2-1 (bug #896128)
	[jessie] - glusterfs <not-affected> (vulnerable code not present)
	[wheezy] - glusterfs <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1558721
	NOTE: https://review.gluster.org/#/c/19899/
	NOTE: https://review.gluster.org/#/c/19898/
	NOTE: When fixing the issue it's important to not apply the incomplete fix and open
	NOTE: CVE-2018-1112 causing that auth.allow allows all clients to mount volumes.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1570891
	NOTE: Needs: https://review.gluster.org/#/c/19899/1..2
CVE-2018-1087 (kernel KVM before versions kernel 4.16, kernel 4.16-rc7, kernel ...)
	{DSA-4196-1}
	- linux 4.15.17-1
	NOTE: Fixed by: https://git.kernel.org/linus/32d43cd391bacb5f0814c2624399a5dad3501d09 (4.16-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/08/5
CVE-2018-1086 (pcs before versions 0.9.164 and 0.10 is vulnerable to a debug ...)
	{DSA-4169-1}
	- pcs 0.9.164-1 (bug #895313)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1085
	RESERVED
	NOT-FOR-US: openshift-ansible
CVE-2018-1084 (corosync before version 2.4.4 is vulnerable to an integer overflow in ...)
	{DSA-4174-1}
	- corosync 2.4.4-1 (bug #895653)
	[jessie] - corosync <not-affected> (Vulnerable code introduced later)
	[wheezy] - corosync <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/12/2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1552830
	NOTE: Fixed by: https://github.com/corosync/corosync/commit/fc1d5418533c1faf21616b282c2559bed7d361c4
	NOTE: https://oss.clusterlabs.org/pipermail/users/2018-April/014856.html
CVE-2018-1083 (Zsh before version 5.4.2-test-1 is vulnerable to a buffer overflow in ...)
	{DLA-1335-1}
	- zsh 5.4.2-4 (low; bug #894043)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/259ac472eac291c8c103c7a0d8a4eaf3c2942ed7
CVE-2018-1082 (A flaw was found in Moodle 3.4 to 3.4.1, and 3.3 to 3.3.4. If a user ...)
	- moodle <removed>
CVE-2018-1081 (A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, ...)
	- moodle <removed>
CVE-2018-1080 [Mishandled ACL configuration in AAclAuthz.java reverses rules that allow and deny access]
	RESERVED
	[experimental] - dogtag-pki 10.6.0-2
	- dogtag-pki <unfixed> (bug #893690)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1556657
	NOTE: https://pagure.io/freeipa/issue/7453
	NOTE: https://review.gerrithub.io/#/c/404435/
CVE-2018-1079 (pcs before version 0.9.164 and 0.10 is vulnerable to a privilege ...)
	- pcs 0.9.164-1 (bug #895314)
	[stretch] - pcs <not-affected> (Vulnerable code introduced in 0.9.157)
	NOTE: http://www.openwall.com/lists/oss-security/2018/04/09/2
CVE-2018-1078 (OpenDayLight version Carbon SR3 and earlier contain a vulnerability ...)
	NOT-FOR-US: OpenDayLight
CVE-2018-1077 (Spacewalk 2.6 contains an API which has an XXE flaw allowing for the ...)
	NOT-FOR-US: NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2018-1076
	RESERVED
CVE-2018-1075
	RESERVED
CVE-2018-1074 (ovirt-engine API and administration web portal before versions ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1073
	RESERVED
	NOT-FOR-US: ovirt-engine
CVE-2018-1072
	RESERVED
CVE-2018-1071 (zsh through version 5.4.2 is vulnerable to a stack-based buffer ...)
	{DLA-1335-1}
	- zsh 5.4.2-4 (low; bug #894044)
	[stretch] - zsh <no-dsa> (Minor issue)
	[jessie] - zsh <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/zsh/code/ci/679b71ec4d852037fe5f73d35bf557b0f406c8d4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1553531
CVE-2018-1070
	RESERVED
CVE-2018-1069 (Red Hat OpenShift Enterprise version 3.7 is vulnerable to access ...)
	NOT-FOR-US: OpenShift
CVE-2018-1068 (A flaw was found in the Linux 4.x kernel's implementation of 32-bit ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://git.kernel.org/linus/b71812168571fa55e44cdd0254471331b9c4c4c6
	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
	NOTE: non-standard setups
CVE-2018-1067
	RESERVED
	TODO: check, unclear if issue is in src:untertow or in its use in WildFly (issue is incomplete fix for CVE-2016-4993, which might need an update depending on the result)
CVE-2018-1066 (The Linux kernel before version 4.11 is vulnerable to a NULL pointer ...)
	{DSA-4188-1 DSA-4187-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/cabfb3680f78981d26c078a26e5c748531257ebb
CVE-2018-1065 (The netfilter subsystem in the Linux kernel through 4.15.7 mishandles ...)
	{DSA-4188-1}
	- linux 4.15.11-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/57ebd808a97d7c5b1e1afb937c2db22beba3c1f8
CVE-2018-1064 (libvirt version before 4.2.0-rc1 is vulnerable to a resource ...)
	{DSA-4137-1 DLA-1315-1}
	- libvirt 4.1.0-1
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=fbf31e1a4cd19d6f6e33e0937a009775cd7d9513
CVE-2018-1063 (Context relabeling of filesystems is vulnerable to symbolic link ...)
	- policycoreutils <unfixed>
	[stretch] - policycoreutils <no-dsa> (Minor issue)
	[jessie] - policycoreutils <no-dsa> (Minor issue)
	[wheezy] - policycoreutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1550122
	NOTE: Mitigation by removing any symbolic link in /tmp and /var/tmp directories
	NOTE: before relabeling the file system. Futhtermore only triggerable at
	NOTE: relabeling time.
CVE-2018-1062 (A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the ...)
	NOT-FOR-US: ovirt-engine
CVE-2018-1061 [DOS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib]
	RESERVED
	- python3.7 3.7.0~b3-1 (low)
	- python3.6 3.6.5~rc1-1 (low)
	- python3.5 <unfixed> (low)
	[stretch] - python3.5 <no-dsa> (Minor issue)
	- python3.4 <removed> (low)
	[jessie] - python3.4 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python2.7 2.7.14-7 (low)
	[stretch] - python2.7 <no-dsa> (Minor issue)
	[jessie] - python2.7 <no-dsa> (Minor issue)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue32981
	NOTE: https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
	NOTE: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
	NOTE: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1060 [DOS via regular expression catastrophic backtracking in apop() method in pop3lib]
	RESERVED
	- python3.7 3.7.0~b3-1 (low)
	- python3.6 3.6.5~rc1-1 (low)
	- python3.5 <unfixed> (low)
	[stretch] - python3.5 <no-dsa> (Minor issue)
	- python3.4 <removed> (low)
	[jessie] - python3.4 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python2.7 2.7.14-7 (low)
	[stretch] - python2.7 <no-dsa> (Minor issue)
	[jessie] - python2.7 <no-dsa> (Minor issue)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue32981
	NOTE: https://github.com/python/cpython/commit/0e6c8ee2358a2e23117501826c008842acb835ac (master)
	NOTE: https://github.com/python/cpython/commit/0902a2d6b2d1d9dbde36aeaaccf1788ceaa97143 (3.7)
	NOTE: https://github.com/python/cpython/commit/c9516754067d71fd7429a25ccfcb2141fc583523 (3.6)
	NOTE: https://github.com/python/cpython/commit/937ac1fe069a4dc8471dff205f553d82e724015b (3.5)
	NOTE: https://github.com/python/cpython/commit/942cc04ae44825ea120e3a19a80c9b348b8194d0 (3.4)
	NOTE: https://github.com/python/cpython/commit/e052d40cea15f582b50947f7d906b39744dc62a2 (2.7)
CVE-2018-1059 (The DPDK vhost-user interface does not check to verify that all the ...)
	- dpdk 17.11.2-1 (bug #896688)
	[stretch] - dpdk <no-dsa> (Minor issue; can be fixed via point release)
CVE-2018-1058 (A flaw was found in the way Postgresql allowed a user to modify the ...)
	- postgresql-10 10.3-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 <no-dsa> (Minor issue; documentation update for recommendations)
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <no-dsa> (Minor issue; documentation update for recommendations)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
	[wheezy] - postgresql-9.1 <no-dsa> (Minor issue)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=3d2aed664ee8271fd6c721ed0aa10168cda112ea
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=582edc369cdbd348d68441fc50fa26a84afd0c1a
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=5770172cb0c9df9e6ce27c507b449557e5b45124
CVE-2018-1057 (On a Samba 4 AD DC the LDAP server in all versions of Samba from 4.0.0 ...)
	{DSA-4135-1}
	- samba 2:4.7.4+dfsg-2
	[jessie] - samba <ignored> (Too intrusive to backport)
	[wheezy] - samba <not-affected> (Vulnerable code introduced later in 4.0.0alpha13)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1057.html
	NOTE: https://wiki.samba.org/index.php/CVE-2018-1057
CVE-2018-1056 [heap buffer overflow while running advzip]
	RESERVED
	{DLA-1281-1}
	- advancecomp 2.1-1 (bug #889270)
	[stretch] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - advancecomp <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://sourceforge.net/p/advancemame/bugs/259/
	NOTE: https://github.com/amadvance/advancecomp/commit/7deeafc02b29cc51d51079e66f4f43f986ff9cc5
CVE-2018-1055
	REJECTED
CVE-2018-1054 (An out-of-bounds memory read flaw was found in the way 389-ds-base ...)
	- 389-ds-base 1.3.7.10-1 (bug #892124)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1537314
	NOTE: https://pagure.io/389-ds-base/issue/49545
	NOTE: https://pagure.io/389-ds-base/c/14ce2fe0dfa67405dae0ae2e7fde13f6a1360d30?branch=master
CVE-2018-1053 (In postgresql 9.3.x before 9.3.21, 9.4.x before 9.4.16, 9.5.x before ...)
	{DLA-1271-1}
	- postgresql-10 10.2-1
	- postgresql-9.6 <removed>
	[stretch] - postgresql-9.6 9.6.7-0+deb9u1
	- postgresql-9.4 <removed>
	[jessie] - postgresql-9.4 <no-dsa> (Minor issue)
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie is PL/Perl only)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=6ba52aeb24e62586b51e77723d87627c18a844ca
CVE-2018-1052 (Memory disclosure vulnerability in table partitioning was found in ...)
	- postgresql-10 10.2-1
	- postgresql-9.6 <not-affected> (code introduced in 10)
	- postgresql-9.4 <not-affected> (code introduced in 10)
	- postgresql-9.1 <not-affected> (code introduced in 10)
CVE-2018-1051 (It was found that the fix for CVE-2016-9606 in versions 3.0.22 and ...)
	- resteasy <undetermined>
	- resteasy3.0 <undetermined>
	TODO: check
CVE-2018-1050 (All versions of Samba from 4.0.0 onwards are vulnerable to a denial of ...)
	{DSA-4135-1 DLA-1320-1}
	- samba 2:4.7.4+dfsg-2
	[jessie] - samba <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2018-1050.html
CVE-2018-1049 (In systemd prior to 234 a race condition exists between .mount and ...)
	- systemd 234-1
	[stretch] - systemd <postponed> (Minor issue, can either be included in future DSA or point release)
	[jessie] - systemd <postponed> (Minor issue, can either be included in future DSA or point release)
	[wheezy] - systemd <postponed>  (Minor issue, can be fixed along in next DLA)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1709649
	NOTE: https://github.com/systemd/systemd/pull/5916
	NOTE: https://github.com/systemd/systemd/commit/e7d54bf58789545a9eb0b3964233defa0b007318
CVE-2018-1048 (It was found that the AJP connector in undertow, as shipped in Jboss ...)
	- undertow 1.4.22-1 (bug #891928)
	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1534343
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1245
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1bc0c275aadf5835abfbd3835d5d78095c2f1cf5
CVE-2018-1047 (A flaw was found in Wildfly 9.x. A path traversal vulnerability ...)
	- wildfly <itp> (bug #752018)
	NOTE: https://issues.jboss.org/browse/WFLY-9620
	NOTE: https://developer.jboss.org/thread/276826
	NOTE: Fixed by https://github.com/wildfly/wildfly/pull/10748
CVE-2018-1046 [stack-based buffer overflow in dnsreplay]
	RESERVED
	- pdns 4.1.2-1 (bug #898255)
	[stretch] - pdns <no-dsa> (local DoS when parsing untrusted files)
	[jessie] - pdns <not-affected> (Vulnerable code not present)
	[wheezy] - pdns <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-02.html
	NOTE: Fixed by https://github.com/PowerDNS/pdns/commit/f9c57c98da1b1007a51680629b667d57d9b702b8
CVE-2018-1045 (In Moodle 3.x, there is XSS via a calendar event name. ...)
	- moodle <removed>
CVE-2018-1044 (In Moodle 3.x, quiz web services allow students to see quiz results ...)
	- moodle <removed>
CVE-2018-1043 (In Moodle 3.x, the setting for blocked hosts list can be bypassed with ...)
	- moodle <removed>
CVE-2018-1042 (Moodle 3.x has Server Side Request Forgery in the filepicker. ...)
	- moodle <removed>
CVE-2018-1041 (A vulnerability was found in the way RemoteMessageChannel, introduced ...)
	- libjboss-remoting-java <removed>
	[wheezy] - libjboss-remoting-java <ignored> (unimportant leaf package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1530457
CVE-2017-17380
	RESERVED
CVE-2017-17379
	RESERVED
CVE-2017-17378
	RESERVED
CVE-2017-17377
	RESERVED
CVE-2017-17376
	RESERVED
CVE-2017-17375
	RESERVED
CVE-2017-17374
	RESERVED
CVE-2017-17373
	RESERVED
CVE-2017-17372
	RESERVED
CVE-2017-17371
	RESERVED
CVE-2017-17370
	RESERVED
CVE-2017-17369
	RESERVED
CVE-2017-17368
	RESERVED
CVE-2017-17367
	RESERVED
CVE-2017-17366
	RESERVED
CVE-2017-17365
	RESERVED
CVE-2017-17364
	RESERVED
CVE-2017-17363
	RESERVED
CVE-2017-17362
	RESERVED
CVE-2017-17361
	RESERVED
CVE-2017-17360
	RESERVED
CVE-2017-17359
	RESERVED
CVE-2017-17358
	RESERVED
CVE-2017-17357
	RESERVED
CVE-2017-17356
	RESERVED
CVE-2017-17355
	RESERVED
CVE-2017-17354
	RESERVED
CVE-2017-17353
	RESERVED
CVE-2017-17352
	RESERVED
CVE-2017-17351
	RESERVED
CVE-2017-17350
	RESERVED
CVE-2017-17349
	RESERVED
CVE-2017-17348
	RESERVED
CVE-2017-17347
	RESERVED
CVE-2017-17346
	RESERVED
CVE-2017-17345
	RESERVED
CVE-2017-17344
	RESERVED
CVE-2017-17343
	RESERVED
CVE-2017-17342
	RESERVED
CVE-2017-17341
	RESERVED
CVE-2017-17340
	RESERVED
CVE-2017-17339
	RESERVED
CVE-2017-17338
	RESERVED
CVE-2017-17337
	RESERVED
CVE-2017-17336
	RESERVED
CVE-2017-17335
	RESERVED
CVE-2017-17334
	RESERVED
CVE-2017-17333
	RESERVED
CVE-2017-17332
	RESERVED
CVE-2017-17331
	RESERVED
CVE-2017-17330 (Huawei AR3200 V200R005C32; V200R006C10; V200R006C11; V200R007C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17329 (Huawei ViewPoint 8660 V100R008C03 have a memory leak vulnerability. ...)
	NOT-FOR-US: Huawei
CVE-2017-17328 (Huawei smartphones with software of MHA-AL00AC00B125 have an integer ...)
	NOT-FOR-US: Huawei
CVE-2017-17327 (Huawei smartphones with software of MHA-AL00AC00B125 have an improper ...)
	NOT-FOR-US: Huawei
CVE-2017-17326 (Huawei Mate 9 Pro Smartphones with software of LON-AL00BC00B139D; ...)
	NOT-FOR-US: Huawei
CVE-2017-17325 (Huawei video applications HiCinema with software of 8.0.3.308; ...)
	NOT-FOR-US: Huawei
CVE-2017-17324 (Huawei Mate 9 Pro smartphones with software LON-AL00BC00B139D; ...)
	NOT-FOR-US: Huawei
CVE-2017-17323 (Huawei iBMC V200R002C10; V200R002C20; V200R002C30 have an improper ...)
	NOT-FOR-US: Huawei
CVE-2017-17322 (Huawei Honor Smart Scale Application with software of 1.1.1 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-17321 (Huawei eNSP software with software of versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-17320 (Huawei Mate 9 Pro smartphones with software of LON-AL00BC00B139D, ...)
	NOT-FOR-US: Huawei
CVE-2017-17319 (Huawei P9 smartphones with the versions before EVA-AL10C00B399SP02 ...)
	NOT-FOR-US: Huawei
CVE-2017-17318 (Huawei MBB (Mobile Broadband) products E5771h-937 with the versions ...)
	NOT-FOR-US: Huawei
CVE-2017-17317
	RESERVED
CVE-2017-17316
	RESERVED
CVE-2017-17315
	RESERVED
CVE-2017-17314 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-17313 (The inputhub driver of HUAWEI P9 Lite mobile phones with Versions ...)
	NOT-FOR-US: inputhub driver of HUAWEI P9 Lite mobile phones
CVE-2017-17312
	RESERVED
CVE-2017-17311
	RESERVED
CVE-2017-17310 (Electronic Numbers to URI Mapping (ENUM) module in some Huawei ...)
	NOT-FOR-US: Huawei
CVE-2017-17309
	RESERVED
CVE-2017-17308 (SCCPX module in Huawei DP300 V500R002C00, RP200 V500R002C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-17307 (Some Huawei Smartphones with software of VNS-L21AUTC555B141 have an ...)
	NOT-FOR-US: Huawei
CVE-2017-17306 (Some Huawei Smartphones with software of VNS-L21AUTC555B141, ...)
	NOT-FOR-US: Huawei
CVE-2017-17305
	RESERVED
CVE-2017-17304 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
	NOT-FOR-US: Huawei
CVE-2017-17303 (Huawei DP300 V500R002C00; V500R002C00B010; V500R002C00B011; ...)
	NOT-FOR-US: Huawei
CVE-2017-17302 (Huawei DP300 V500R002C00, RP200 V600R006C00, TE30 V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-17301 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-17300 (Huawei S12700 V200R008C00, V200R009C00, S5700 V200R007C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-17299 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-17298 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17297 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17296 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17295 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17294 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17293 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17292 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17291 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17290 (The Light Directory Access Protocol (LDAP) clients of Huawei TE60 with ...)
	NOT-FOR-US: Huawei
CVE-2017-17289 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17288 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17287 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-17286 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-17285 (Bluetooth module in some Huawei mobile phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-17284 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17283 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17282 (SCCP (Signalling Connection Control Part) module in Huawei DP300 ...)
	NOT-FOR-US: Huawei
CVE-2017-17281 (SFTP module in Huawei DP300 V500R002C00; RP200 V600R006C00; TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17280 (NFC (Near Field Communication) module in Huawei mobile phones with ...)
	NOT-FOR-US: Huawei
CVE-2017-17279 (The soundtrigger module in Huawei Mate 9 Pro smart phones with ...)
	NOT-FOR-US: Huawei
CVE-2017-17278
	RESERVED
CVE-2017-17277
	RESERVED
CVE-2017-17276
	RESERVED
CVE-2017-17275
	RESERVED
CVE-2017-17274
	RESERVED
CVE-2017-17273
	RESERVED
CVE-2017-17272
	RESERVED
CVE-2017-17271
	RESERVED
CVE-2017-17270
	RESERVED
CVE-2017-17269
	RESERVED
CVE-2017-17268
	RESERVED
CVE-2017-17267
	RESERVED
CVE-2017-17266
	RESERVED
CVE-2017-17265
	RESERVED
CVE-2017-17264
	RESERVED
CVE-2017-17263
	RESERVED
CVE-2017-17262
	RESERVED
CVE-2017-17261
	RESERVED
CVE-2017-17260
	RESERVED
CVE-2017-17259
	RESERVED
CVE-2017-17258 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17257 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17256 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17255 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17254 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17253 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17252 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17251 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-17250 (Huawei AR120-S V200R005C32; AR1200 V200R005C32; AR1200-S V200R005C32; ...)
	NOT-FOR-US: Huawei
CVE-2017-17249
	RESERVED
CVE-2017-17248
	RESERVED
CVE-2017-17247
	RESERVED
CVE-2017-17246
	RESERVED
CVE-2017-17245
	RESERVED
CVE-2017-17244
	RESERVED
CVE-2017-17243
	RESERVED
CVE-2017-17242
	RESERVED
CVE-2017-17241
	RESERVED
CVE-2017-17240
	RESERVED
CVE-2017-17239
	RESERVED
CVE-2017-17238
	RESERVED
CVE-2017-17237
	RESERVED
CVE-2017-17236
	RESERVED
CVE-2017-17235
	RESERVED
CVE-2017-17234
	RESERVED
CVE-2017-17233
	RESERVED
CVE-2017-17232
	RESERVED
CVE-2017-17231
	RESERVED
CVE-2017-17230
	RESERVED
CVE-2017-17229
	RESERVED
CVE-2017-17228
	RESERVED
CVE-2017-17227 (GPU driver in Huawei Mate 10 smart phones with the versions before ...)
	NOT-FOR-US: Huawei
CVE-2017-17226 (The TripAdvisor app with the versions before TAMobileApp-24.6.4 ...)
	NOT-FOR-US: The TripAdvisor app on Huawei
CVE-2017-17225 (The Near Field Communication (NFC) module in Huawei Mate 9 Pro mobile ...)
	NOT-FOR-US: Huawei
CVE-2017-17224
	RESERVED
CVE-2017-17223 (Huawei eSpace 7910 V200R003C30; eSpace 7950 V200R003C30; eSpace 8950 ...)
	NOT-FOR-US: Huawei
CVE-2017-17222 (Import Language Package function in Huawei eSpace 7950 V200R003C30; ...)
	NOT-FOR-US: Huawei
CVE-2017-17221 (Import Signal Tone function in Huawei eSpace 7950 V200R003C30; eSpace ...)
	NOT-FOR-US: Huawei
CVE-2017-17220 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17219 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17218 (SCCPX module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17217 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17216 (Media Gateway Control Protocol (MGCP) in Huawei DP300 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17215 (Huawei HG532 with some customized versions has a remote code execution ...)
	NOT-FOR-US: Huawei
CVE-2017-17214
	RESERVED
CVE-2017-17213
	RESERVED
CVE-2017-17212
	RESERVED
CVE-2017-17211
	RESERVED
CVE-2017-17210
	RESERVED
CVE-2017-17209
	RESERVED
CVE-2017-17208
	RESERVED
CVE-2017-17207
	RESERVED
CVE-2017-17206
	RESERVED
CVE-2017-17205
	RESERVED
CVE-2017-17204
	RESERVED
CVE-2017-17203
	RESERVED
CVE-2017-17202 (Huawei AR120-S V200R005C32, V200R006C10, V200R007C00, V200R008C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-17201 (Some huawei smartphones with software BTV-DL09C233B350, ...)
	NOT-FOR-US: Huawei
CVE-2017-17200 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17199 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17198
	RESERVED
CVE-2017-17197
	RESERVED
CVE-2017-17196
	RESERVED
CVE-2017-17195
	RESERVED
CVE-2017-17194
	RESERVED
CVE-2017-17193
	RESERVED
CVE-2017-17192
	RESERVED
CVE-2017-17191
	RESERVED
CVE-2017-17190
	RESERVED
CVE-2017-17189
	RESERVED
CVE-2017-17188
	RESERVED
CVE-2017-17187 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17186 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17185 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17184 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17183 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17182 (Huawei DP300 V500R002C00, RP200 V500R002C00, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17181
	RESERVED
CVE-2017-17180
	RESERVED
CVE-2017-17179
	RESERVED
CVE-2017-17178
	RESERVED
CVE-2017-17177
	RESERVED
CVE-2017-17176
	RESERVED
CVE-2017-17175
	RESERVED
CVE-2017-17174
	RESERVED
CVE-2017-17173
	RESERVED
CVE-2017-17172
	RESERVED
CVE-2017-17171
	RESERVED
CVE-2017-17170 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
	NOT-FOR-US: Huawei
CVE-2017-17169 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
	NOT-FOR-US: Huawei
CVE-2017-17168 (The CIDAM Protocol on Huawei DP300 V500R002C00; V500R002C00B010; ...)
	NOT-FOR-US: Huawei
CVE-2017-17167 (Huawei DP300 V500R002C00; TP3206 V100R002C00; ViewPoint 9030 ...)
	NOT-FOR-US: Huawei
CVE-2017-17166 (Huawei DP300 V500R002C00, Secospace USG6300 V500R001C00, V500R001C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-17165 (IPv6 function in Huawei Quidway S2700 V200R003C00SPC300, Quidway S5300 ...)
	NOT-FOR-US: Huawei
CVE-2017-17164 (Huawei Secospace AntiDDoS8000 V500R001C20SPC500 have a memory leak ...)
	NOT-FOR-US: Huawei
CVE-2017-17163 (Huawei Secospace USG6600 V500R001C30SPC100 has an Out-of-Bounds memory ...)
	NOT-FOR-US: Huawei
CVE-2017-17162 (Huawei Secospace USG6600 V500R001C30SPC100, Secospace USG6600 ...)
	NOT-FOR-US: Huawei
CVE-2017-17161 (The 'Find Phone' function in some Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-17160 (Huawei AR120-S V200R006C10, V200R007C00, AR1200 V200R006C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-17159 (Some Huawei smart phones with software of NXT-AL10C00B386, ...)
	NOT-FOR-US: Huawei
CVE-2017-17158
	RESERVED
CVE-2017-17157 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-17156 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-17155 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-17154 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-17153 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-17152 (IKEv2 in Huawei IPS Module V500R001C00, V500R001C00SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-17151 (Huawei AR100, AR100-S, AR110-S, AR120, AR120-S, AR1200, AR1200-S, ...)
	NOT-FOR-US: Huawei
CVE-2017-17150 (Timergrp module in Huawei DP300 V500R002C00; RP200 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17149 (Huawei HiWallet App with the versions before 8.0.4 has an arbitrary ...)
	NOT-FOR-US: Huawei
CVE-2017-17148 (Huawei DP300 V500R002C00 have a DoS vulnerability due to the lack of ...)
	NOT-FOR-US: Huawei
CVE-2017-17147 (Huawei DP300 V500R002C00 have an integer overflow vulnerability due to ...)
	NOT-FOR-US: Huawei
CVE-2017-17146 (Huawei DP300 V500R002C00 have a buffer overflow vulnerability due to ...)
	NOT-FOR-US: Huawei
CVE-2017-17145 (Huawei Honor V9 Play smart phones with the versions before ...)
	NOT-FOR-US: Huawei
CVE-2017-17144 (Backup feature of SIP module in Huawei DP300 V500R002C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17143 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...)
	NOT-FOR-US: Huawei
CVE-2017-17142 (SIP module in Huawei DP300 V500R002C00; V500R002C00SPC100; ...)
	NOT-FOR-US: Huawei
CVE-2017-17141 (Huawei S12700 V200R005C00; V200R006C00; V200R007C00; V200R007C01; ...)
	NOT-FOR-US: Huawei
CVE-2017-17140 (Huawei Enjoy 5s and Y6 Pro smartphones with software the versions ...)
	NOT-FOR-US: Huawei
CVE-2017-17139 (Huawei Mate 9 and Mate 9 pro smart phones with software the versions ...)
	NOT-FOR-US: Huawei
CVE-2017-17138 (PEM module of DP300 V500R002C00; IPS Module V500R001C00; V500R001C30; ...)
	NOT-FOR-US: Huawei
CVE-2017-17137 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17136 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17135 (PEM module of Huawei DP300 V500R002C00; IPS Module V500R001C00; ...)
	NOT-FOR-US: Huawei
CVE-2017-17134 (XML parser in Huawei DP300 V500R002C00; RP200 V500R002C00SPC200; ...)
	NOT-FOR-US: Huawei
CVE-2017-17133 (Huawei VP9660 V500R002C10 has a null pointer reference vulnerability ...)
	NOT-FOR-US: Huawei
CVE-2017-17132 (Huawei VP9660 V500R002C10 has a uncontrolled format string ...)
	NOT-FOR-US: Huawei
CVE-2017-17131 (Huawei DP300 V500R002C00; RP200 V500R002C00; V600R006C00; TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-17130 (The ff_free_picture_tables function in libavcodec/mpegpicture.c in ...)
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1100
CVE-2017-17129 (The ff_vc1_mc_4mv_chroma4 function in libavcodec/vc1_mc.c in Libav 12.2 ...)
	- libav <not-affected> (Vulnerable code introduced in 12.x)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1101
CVE-2017-17128 (The h264_slice_init function in libavcodec/h264_slice.c in Libav 12.2 ...)
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1104
CVE-2017-17127 (The vc1_decode_frame function in libavcodec/vc1dec.c in Libav 12.2 ...)
	- libav <removed>
	[jessie] - libav <ignored> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1099
CVE-2017-17126 (The load_debug_section function in readelf.c in GNU Binutils 2.29.1 ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22510
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f425ec6600b69e39eb605f3128806ff688137ea8
CVE-2017-17125 (nm.c and objdump.c in GNU Binutils 2.29.1 mishandle certain global ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22443
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=160b1a618ad94988410dc81fce9189fcda5b7ff4
CVE-2017-17124 (The _bfd_coff_read_string_table function in coffgen.c in the Binary ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22507
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b0029dce6867de1a2828293177b0e030d2f0f03c
CVE-2017-17123 (The coff_slurp_reloc_table function in coffcode.h in the Binary File ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22509
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4581a1c7d304ce14e714b27522ebf3d0188d6543
CVE-2017-17122 (The dump_relocs_in_section function in objdump.c in GNU Binutils 2.29.1 ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22508
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d785b7d4b877ed465d04072e17ca19d0f47d840f
CVE-2017-17121 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	[experimental] - binutils 2.29.51.20171208-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22506
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b23dc97fe237a1d9e850d7cbeee066183a00630b
CVE-2017-17120
	RESERVED
CVE-2017-17119
	RESERVED
CVE-2017-17118
	RESERVED
CVE-2017-17117
	RESERVED
CVE-2017-17116
	RESERVED
CVE-2017-17115
	RESERVED
CVE-2017-17114 (ntguard.sys and ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus ...)
	NOT-FOR-US: IKARUS
CVE-2017-17113 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a NULL ...)
	NOT-FOR-US: IKARUS
CVE-2017-17112 (ntguard_x64.sys 0.18780.0.0 in IKARUS anti.virus 2.16.15 has a Pool ...)
	NOT-FOR-US: IKARUS
CVE-2017-17111 (Posty Readymade Classifieds Script 1.0 allows an attacker to inject ...)
	NOT-FOR-US: Posty Readymade Classifieds Script
CVE-2017-17110 (Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL ...)
	NOT-FOR-US: Techno Portfolio Management Panel
CVE-2017-17109
	RESERVED
CVE-2017-17108 (Path traversal vulnerability in the administrative panel in KonaKart ...)
	NOT-FOR-US: KonaKart eCommerce Platform
CVE-2017-17107 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras contain a hard-coded ...)
	NOT-FOR-US: Zivif web cameras
CVE-2017-17106 (Credentials for Zivif PR115-204-P-RS V2.3.4.2103 Webcams can be ...)
	NOT-FOR-US: Zivif web cameras
CVE-2017-17105 (Zivif PR115-204-P-RS V2.3.4.2103 web cameras are vulnerable to ...)
	NOT-FOR-US: Zivif web cameras
CVE-2017-17104 (Fiyo CMS 2.0.7 has an arbitrary file read vulnerability in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-17103 (Fiyo CMS 2.0.7 has SQL injection in /apps/app_user/sys_user.php via ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-17102 (Fiyo CMS 2.0.7 has SQL injection in /system/site.php via ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-17101 (An issue was discovered in Apexis APM-H803-MPC software, as used with ...)
	NOT-FOR-US: Apexis
CVE-2017-17100
	RESERVED
CVE-2017-17099 (There exists an unauthenticated SEH based Buffer Overflow vulnerability ...)
	NOT-FOR-US: Flexense SyncBreeze Enterprise
CVE-2017-17098 (The writeLog function in fn_common.php in gps-server.net GPS Tracking ...)
	NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17097 (gps-server.net GPS Tracking Software (self hosted) 2.x has a password ...)
	NOT-FOR-US: gps-server.net GPS Tracking Software
CVE-2017-17096 (Cross-site scripting (XSS) vulnerability in the Content Cards plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-17090 (An issue was discovered in chan_skinny.c in Asterisk Open Source ...)
	{DSA-4076-1 DLA-1225-1}
	- asterisk 1:13.18.3~dfsg-1 (bug #883342)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-013.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27452
CVE-2018-1040
	RESERVED
CVE-2018-1039 (A security feature bypass vulnerability exists in .Net Framework which ...)
	TODO: check, can potentially affect mono packages
CVE-2018-1038 (The Windows kernel in Windows 7 SP1 and Windows Server 2008 R2 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2018-1037 (An information disclosure vulnerability exists when Visual Studio ...)
	NOT-FOR-US: Microsoft
CVE-2018-1036
	RESERVED
CVE-2018-1035 (A security feature bypass vulnerability exists in Windows which could ...)
	NOT-FOR-US: Microsoft
CVE-2018-1034 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1033
	RESERVED
CVE-2018-1032 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1031
	RESERVED
CVE-2018-1030 (A remote code execution vulnerability exists in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-1029 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-1028 (A remote code execution vulnerability exists when the Office graphics ...)
	NOT-FOR-US: Microsoft
CVE-2018-1027 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-1026 (A remote code execution vulnerability exists in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-1025 (An information disclosure vulnerability exists when affected Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1024
	RESERVED
CVE-2018-1023 (A remote code execution vulnerability exists in the way that Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1022 (A remote code execution vulnerability exists in the way the scripting ...)
	NOT-FOR-US: Microsoft
CVE-2018-1021 (An information disclosure vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-1020 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-1019 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-1018 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-1017
	RESERVED
CVE-2018-1016 (A remote code execution vulnerability exists when the Windows font ...)
	NOT-FOR-US: Microsoft
CVE-2018-1015 (A remote code execution vulnerability exists when the Windows font ...)
	NOT-FOR-US: Microsoft
CVE-2018-1014 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1013 (A remote code execution vulnerability exists when the Windows font ...)
	NOT-FOR-US: Microsoft
CVE-2018-1012 (A remote code execution vulnerability exists when the Windows font ...)
	NOT-FOR-US: Microsoft
CVE-2018-1011 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-1010 (A remote code execution vulnerability exists when the Windows font ...)
	NOT-FOR-US: Microsoft
CVE-2018-1009 (An elevation of privilege vulnerability exists when Windows improperly ...)
	NOT-FOR-US: Microsoft
CVE-2018-1008 (An elevation of privilege vulnerability exists in Windows Adobe Type ...)
	NOT-FOR-US: Microsoft
CVE-2018-1007 (An information disclosure vulnerability exists when Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-1006
	RESERVED
CVE-2018-1005 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-1004 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-1003 (A buffer overflow vulnerability exists in the Microsoft JET Database ...)
	NOT-FOR-US: Microsoft
CVE-2018-1002
	RESERVED
CVE-2018-1001 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-1000 (An information disclosure vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0999
	RESERVED
CVE-2018-0998 (An information disclosure vulnerability exists when Microsoft Edge PDF ...)
	NOT-FOR-US: Microsoft
CVE-2018-0997 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-0996 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0995 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0994 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0993 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0992
	RESERVED
CVE-2018-0991 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-0990 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0989 (An information disclosure vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0988 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0987 (An information disclosure vulnerability exists when the scripting ...)
	NOT-FOR-US: Microsoft
CVE-2018-0986 (A remote code execution vulnerability exists when the Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0985
	RESERVED
CVE-2018-0984
	RESERVED
CVE-2018-0983 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0982
	RESERVED
CVE-2018-0981 (An information disclosure vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0980 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0979 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0978
	RESERVED
CVE-2018-0977 (The Windows kernel mode driver in Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0976 (A denial of service vulnerability exists in Remote Desktop Protocol ...)
	NOT-FOR-US: Microsoft
CVE-2018-0975 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0974 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0973 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0972 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0971 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0970 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0969 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0968 (An information disclosure vulnerability exists in the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0967 (A denial of service vulnerability exists in the way that Windows SNMP ...)
	NOT-FOR-US: Microsoft
CVE-2018-0966 (A security feature bypass exists when Device Guard incorrectly ...)
	NOT-FOR-US: Microsoft
CVE-2018-0965
	RESERVED
CVE-2018-0964 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-0963 (An elevation of privilege vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0962
	RESERVED
CVE-2018-0961 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0960 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0959 (A remote code execution vulnerability exists when Windows Hyper-V on a ...)
	NOT-FOR-US: Microsoft
CVE-2018-0958 (A security feature bypass vulnerability exists in Windows which could ...)
	NOT-FOR-US: Microsoft
CVE-2018-0957 (An information disclosure vulnerability exists when Windows Hyper-V on ...)
	NOT-FOR-US: Microsoft
CVE-2018-0956 (A denial of service vulnerability exists in the HTTP 2.0 protocol ...)
	NOT-FOR-US: Microsoft
CVE-2018-0955 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0954 (A remote code execution vulnerability exists in the way the scripting ...)
	NOT-FOR-US: Microsoft
CVE-2018-0953 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0952
	RESERVED
CVE-2018-0951 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0950 (An information disclosure vulnerability exists when Office renders ...)
	NOT-FOR-US: Microsoft
CVE-2018-0949
	RESERVED
CVE-2018-0948
	RESERVED
CVE-2018-0947 (Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2018-0946 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0945 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0944 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0943 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2018-0942 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0941 (Microsoft Exchange Server 2016 Cumulative Update 7 and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0940 (Microsoft Exchange Outlook Web Access (OWA) in Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2018-0939 (ChakraCore and Microsoft Edge in Windows 10 1703 and 1709 allow ...)
	NOT-FOR-US: Microsoft
CVE-2018-0938
	RESERVED
CVE-2018-0937 (ChakraCore and Microsoft Windows 10 1703 and 1709 allow remote code ...)
	NOT-FOR-US: Microsoft
CVE-2018-0936 (ChakraCore and Microsoft Windows 10 1709 allow remote code execution, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0935 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0934 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0933 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0932 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0931 (ChakraCore and Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0930 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1709 allows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0929 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0928
	RESERVED
CVE-2018-0927 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0926 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0925 (ChakraCore allows remote code execution, due to how the ChakraCore ...)
	NOT-FOR-US: Microsoft
CVE-2018-0924 (Microsoft Exchange Server 2010 Service Pack 3 Update Rollup 20, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0923 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2018-0922 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0921 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2018-0920 (A remote code execution vulnerability exists in Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0919 (Microsoft Office 2010 SP2, 2013 SP1, and 2016, Microsoft Office 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0918
	RESERVED
CVE-2018-0917 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2018-0916 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0915 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0914 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0913 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0912 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0911 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0910 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0909 (Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise ...)
	NOT-FOR-US: Microsoft
CVE-2018-0908 (Microsoft Identity Manager 2016 SP1 allows an attacker to gain ...)
	NOT-FOR-US: Microsoft
CVE-2018-0907 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, Microsoft Excel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0906
	RESERVED
CVE-2018-0905
	RESERVED
CVE-2018-0904 (The Windows kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0903 (Microsoft Access 2010 SP2, Microsoft Access 2013 SP1, Microsoft Access ...)
	NOT-FOR-US: Microsoft
CVE-2018-0902 (The Cryptography Next Generation (CNG) kernel-mode driver (cng.sys) in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0901 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0900 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0899 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0898 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0897 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0896 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0895 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0894 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0893 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0892 (An information disclosure vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2018-0891 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0890 (A security feature bypass vulnerability exists when Active Directory ...)
	NOT-FOR-US: Microsoft
CVE-2018-0889 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0888 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0887 (An information disclosure vulnerability exists when the Windows kernel ...)
	NOT-FOR-US: Microsoft
CVE-2018-0886 (The Credential Security Support Provider protocol (CredSSP) in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0885 (The Microsoft Hyper-V Network Switch in 64-bit versions of Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0884 (Windows Scripting Host (WSH) in Windows 10 Gold, 1511, 1607, 1703 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0883 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0882 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-0881 (The Microsoft Video Control in Microsoft Windows Server 2008 R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0880 (The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-0879 (Microsoft Edge in Windows 10 1709 allows information disclosure, due ...)
	NOT-FOR-US: Microsoft
CVE-2018-0878 (Windows Remote Assistance in Microsoft Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0877 (The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0876 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0875 (.NET Core 1.0, .NET Core 1.1, NET Core 2.0 and PowerShell Core 6.0.0 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0874 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0873 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0872 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0871
	RESERVED
CVE-2018-0870 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2018-0869 (SharePoint Server 2016 allows an elevation of privilege vulnerability ...)
	NOT-FOR-US: Microsoft
CVE-2018-0868 (Windows Installer in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0867
	RESERVED
CVE-2018-0866 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0865
	RESERVED
CVE-2018-0864 (SharePoint Project Server 2013 and SharePoint Enterprise Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0863
	RESERVED
CVE-2018-0862 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0861 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-0860 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0859 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0858 (ChakraCore allows remote code execution, due to how the ChakraCore ...)
	NOT-FOR-US: Microsoft
CVE-2018-0857 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0856 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0855 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0854 (A security feature bypass vulnerability exists in Windows Scripting ...)
	NOT-FOR-US: Microsoft
CVE-2018-0853 (Microsoft Office 2010 SP2, Microsoft Office 2013 SP1 and RT SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0852 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0851 (Microsoft Office 2007 SP2, Microsoft Office Word Viewer, Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0850 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2018-0849 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0848 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0847 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0846 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0845 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0844 (The Windows Common Log File System (CLFS) driver in Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0843 (The Windows kernel in Windows 10 version 1709 and Windows Server, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0842 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0841 (Microsoft Office 2016 Click-to-Run allows a remote code execution ...)
	NOT-FOR-US: Microsoft
CVE-2018-0840 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0839 (Microsoft Edge in Microsoft Windows 10 1703 allows information ...)
	NOT-FOR-US: Microsoft
CVE-2018-0838 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0837 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0836 (Microsoft Edge and ChakraCore in Microsoft Windows 10 1703 and 1709 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0835 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0834 (Microsoft Edge and ChakraCore in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0833 (The Microsoft Server Message Block 2.0 and 3.0 (SMBv2/SMBv3) client in ...)
	NOT-FOR-US: Microsoft
CVE-2018-0832 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 R2, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0831 (The Windows kernel in Windows 10 versions 1607, 1703 and 1709, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0830 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0829 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0828 (Windows 10 version 1607 and Windows Server 2016 allow an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2018-0827 (Windows Scripting Host (WSH) in Windows 10 versions 1703 and 1709 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0826 (Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0825 (StructuredQuery in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0824 (A remote code execution vulnerability exists in &quot;Microsoft COM for ...)
	NOT-FOR-US: Microsoft
CVE-2018-0823 (The Named Pipe File System in Windows 10 version 1709 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0822 (NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-0821 (AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0820 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0819 (Microsoft Office 2016 for Mac allows an attacker to send a specially ...)
	NOT-FOR-US: Microsoft
CVE-2018-0818 (Microsoft ChakraCore allows an attacker to bypass Control Flow Guard ...)
	NOT-FOR-US: Microsoft
CVE-2018-0817 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0816 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0815 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0814 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0813 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0812 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0811 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0810 (The Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0809 (The Windows kernel in Windows 10, versions 1703 and 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0808 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
	NOT-FOR-US: Microsoft
CVE-2018-0807 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0806 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0805 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0804 (Equation Editor in Microsoft Office 2003, Microsoft Office 2007, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0803 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0802 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0801 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0800 (Microsoft Edge in Microsoft Windows 10 1709 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2018-0799 (Microsoft Access in Microsoft SharePoint Enterprise Server 2013 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0798 (Equation Editor in Microsoft Office 2007, Microsoft Office 2010, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0797 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-0796 (Microsoft Excel in Microsoft Office 2007, Microsoft Office 2010, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0795 (Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2018-0794 (Microsoft Word in Microsoft Office 2007, Microsoft Office 2010, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0793 (Microsoft Outlook 2007, Microsoft Outlook 2010 and Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2018-0792 (Microsoft Word 2016 in Microsoft Office 2016 allows a remote code ...)
	NOT-FOR-US: Microsoft
CVE-2018-0791 (Microsoft Outlook 2007, Microsoft Outlook 2010, Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2018-0790 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0789 (Microsoft SharePoint Foundation 2010, Microsoft SharePoint Server 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0788 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0787 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
	NOT-FOR-US: Microsoft
CVE-2018-0786 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0785 (ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery ...)
	NOT-FOR-US: Microsoft
CVE-2018-0784 (ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege ...)
	NOT-FOR-US: Microsoft
CVE-2018-0783
	RESERVED
CVE-2018-0782
	RESERVED
CVE-2018-0781 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0780 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0779
	RESERVED
CVE-2018-0778 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2018-0777 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0776 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0775 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2018-0774 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2018-0773 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2018-0772 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0771 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2018-0770 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0769 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0768 (Microsoft Edge in Windows 10 1709 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2018-0767 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, 1709, and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0765 (A denial of service vulnerability exists when .NET and .NET Core ...)
	TODO: check, can potentially affect mono packages
CVE-2018-0764 (Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0763 (Microsoft Edge in Microsoft Windows 10 1703 and 1709 allows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0762 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0761 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0760 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0759
	RESERVED
CVE-2018-0758 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0757 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0756 (The Windows kernel in Windows 10 Gold, 1511, 1607, 1703 and 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0755 (The Microsoft Windows Embedded OpenType (EOT) font engine in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2018-0754 (The Windows Adobe Type Manager Font Driver (Atmfd.dll) in Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0753 (Windows 8.1 and RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0752 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0751 (The Windows Kernel API in Windows 8.1 and RT 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0750 (The Windows GDI component in Windows 7 SP1 and Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0749 (The Microsoft Server Message Block (SMB) Server in Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2018-0748 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0747 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0746 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0745 (The Windows kernel in Windows 10 version 1703. Windows 10 version ...)
	NOT-FOR-US: Microsoft
CVE-2018-0744 (The Windows kernel in Windows 8.1 and RT 8.1, Windows Server 2012 and ...)
	NOT-FOR-US: Microsoft
CVE-2018-0743 (Windows Subsystem for Linux in Windows 10 version 1703, Windows 10 ...)
	NOT-FOR-US: Microsoft
CVE-2018-0742 (The Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2018-0741 (The Color Management Module (Icm32.dll) in Windows 7 SP1 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-17089 (custom/run.cgi in Webmin before 1.870 allows remote authenticated ...)
	- webmin <removed>
CVE-2017-17091 (wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/eaf1cfdc1fe0bdffabd8d879c591b864d833326c
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17093 (wp-includes/general-template.php in WordPress before 4.9.1 does not ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/3713ac5ebc90fb2011e98dfd691420f43da6c09a
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17094 (wp-includes/feed.php in WordPress before 4.9.1 does not properly ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/f1de7e42df29395c3314bf85bff3d1f4f90541de
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17092 (wp-includes/functions.php in WordPress before 4.9.1 does not require ...)
	{DSA-4090-1 DLA-1216-1}
	- wordpress 4.9.1+dfsg-1 (bug #883314)
	NOTE: https://github.com/WordPress/WordPress/commit/67d03a98c2cae5f41843c897f206adde299b0509
	NOTE: https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
CVE-2017-17095 (tools/pal2rgb.c in pal2rgb in LibTIFF 4.0.9 allows remote attackers to ...)
	- tiff 4.0.9-5 (unimportant; bug #883320)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2750
	NOTE: Crash in CLI tool not treated as a security issue
CVE-2017-17088 (The Enterprise version of SyncBreeze 10.2.12 and earlier is affected ...)
	NOT-FOR-US: SyncBreeze
CVE-2017-17087 (fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp ...)
	- vim 2:8.0.1401-1
	[stretch] - vim <no-dsa> (Minor issue)
	[jessie] - vim <no-dsa> (Minor issue)
	[wheezy] - vim <no-dsa> (Minor issue)
	NOTE: https://github.com/vim/vim/commit/5a73e0ca54c77e067c3b12ea6f35e3e8681e8cf8 (8.0.1263)
CVE-2017-17086 (Indeo Otter through 1.7.4 mishandles a &quot;&lt;/script&gt;&quot; substring in an ...)
	NOT-FOR-US: Indeo Otter
CVE-2017-17085 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14250
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f5939debe96e3c3953c6020818f1fbb80eb83ce8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-49.html
CVE-2017-17084 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the IWARP_MPA ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14236
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8502fe94ef9e431860921507e1a351c5e3f5c634
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-47.html
CVE-2017-17083 (In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the NetBIOS dissector ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14249
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=79768d63d14fbce6bf7fb4d4a1c86be0c5205eb3
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-48.html
CVE-2017-17082
	REJECTED
CVE-2017-17081 (The gmc_mmx function in libavcodec/x86/mpegvideodsp.c in FFmpeg 3.4 ...)
	{DSA-4099-1}
	- ffmpeg 7:3.4.1-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/58cf31cee7a456057f337b3102a03206d833d5e8
CVE-2017-17080 (elf.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22421
CVE-2018-0740
	RESERVED
CVE-2018-0739 (Constructed ASN.1 types with a recursive definition (such as can be ...)
	{DSA-4158-1 DSA-4157-1 DLA-1330-1}
	- openssl 1.1.0h-1
	- openssl1.0 1.0.2o-1
	NOTE: https://www.openssl.org/news/secadv/20180327.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=2ac4c6f7b2b2af20c0e2b0ba05367e454cd11b33
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=9310d45087ae546e27e61ddf8f6367f29848220d
CVE-2018-0738
	RESERVED
CVE-2018-0737 (The OpenSSL RSA Key generation algorithm has been shown to be ...)
	- openssl 1.1.0h-3 (low; bug #895844)
	[stretch] - openssl <postponed> (Can wait for next DSA and upstream release)
	[jessie] - openssl <postponed> (Can wait for next DSA and upstream release)
	[wheezy] - openssl <postponed> (Can wait for next update)
	- openssl1.0 <unfixed> (low; bug #895845)
	[stretch] - openssl1.0 <postponed> (Can wait for next DSA and upstream release)
	NOTE: https://www.openssl.org/news/secadv/20180416.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=6939eab03a6e23d2bd2c3f5e34fe1d48e542e787
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=349a41da1ad88ad87825414752a8ff5fdd6a6c3f
	NOTE: https://eprint.iacr.org/2018/367
CVE-2018-0736
	RESERVED
CVE-2018-0735
	RESERVED
CVE-2018-0734
	RESERVED
CVE-2018-0733 (Because of an implementation bug the PA-RISC CRYPTO_memcmp function is ...)
	- openssl 1.1.0h-1 (unimportant)
	[stretch] - openssl 1.1.0f-3+deb9u2
	[jessie] - openssl <not-affected> (vulnerable code not present)
	[wheezy] - openssl <not-affected> (vulnerable code not present)
	- openssl1.0 <not-affected> (Only affects OpenSSL 1.1.0)
	NOTE: Issue specific to HP-UX
	NOTE: https://www.openssl.org/news/secadv/20180327.txt
CVE-2018-0732
	RESERVED
CVE-2018-0731
	RESERVED
CVE-2017-17079
	REJECTED
CVE-2017-17078
	REJECTED
CVE-2017-17077
	REJECTED
CVE-2017-17076
	REJECTED
CVE-2017-17075
	REJECTED
CVE-2017-17074
	REJECTED
CVE-2017-17073
	REJECTED
CVE-2017-17072
	REJECTED
CVE-2017-17071
	REJECTED
CVE-2017-17070
	REJECTED
CVE-2017-17069 (ActiveSetupN.exe in Amazon Audible for Windows before November 2017 ...)
	NOT-FOR-US: ActiveSetupN.exe in Amazon Audible for Windows
CVE-2017-17068 (A cross-origin vulnerability has been discovered in the Auth0 auth0.js ...)
	NOT-FOR-US: Auth0 auth0.js library
CVE-2017-17067 (Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before ...)
	NOT-FOR-US: Splunk Web
CVE-2017-17066 (The (1) i2pd before 2.17 and (2) kovri pre-alpha implementations of the ...)
	- i2pd <not-affected> (Fixed before/with the initial upload to Debian)
	NOTE: Issue fixed with 2.17.0 upstream
CVE-2017-17065 (An issue was discovered on D-Link DIR-605L Model B before ...)
	NOT-FOR-US: D-Link
CVE-2017-17064
	RESERVED
CVE-2017-17063
	RESERVED
CVE-2017-17062
	RESERVED
CVE-2017-17061
	RESERVED
CVE-2017-17060
	RESERVED
CVE-2017-17059 (XSS exists in the amtyThumb amty-thumb-recent-post (aka amtyThumb posts ...)
	NOT-FOR-US: WordPress plugin wp-thumb-post
CVE-2017-1000385 (The Erlang otp TLS server answers with different TLS alerts to ...)
	{DSA-4057-1 DLA-1207-1}
	- erlang 1:20.1.7+dfsg-1
	NOTE: https://groups.google.com/forum/#!topic/erlang-programming/J0LH-j6fRlM
	NOTE: https://github.com/erlang/otp/commit/38b07caa2a1c6cd3537eadd36770afa54f067562 (OTP-20.1.7)
	NOTE: https://github.com/erlang/otp/commit/3b4386dd19b7e669f557c95ace8d7ba228291927 (OTP-19.3.6.4)
	NOTE: https://github.com/erlang/otp/commit/de3b9cdb8521d7edd524b4e17d1e3f883f832ec0 (OTP-18.3.4.7)
	NOTE: https://robotattack.org/
CVE-2017-17058 (** DISPUTED ** The WooCommerce plugin through 3.x for WordPress has a ...)
	NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2017-17057 (There is a reflected XSS vulnerability in ZKTime Web 2.0.1.12280. The ...)
	NOT-FOR-US: ZKTeco ZKTime Web Software
CVE-2017-17056 (The ZKTime Web Software 2.0.1.12280 allows the Administrator to ...)
	NOT-FOR-US: ZKTeco ZKTime Web Software
CVE-2017-17055 (Artica Web Proxy before 3.06.112911 allows remote attackers to execute ...)
	NOT-FOR-US: Artica Web Proxy
CVE-2017-17054 (In aubio 0.4.6, a divide-by-zero error exists in the function ...)
	- aubio <unfixed> (bug #883355)
	[stretch] - aubio <no-dsa> (Minor issue)
	[jessie] - aubio <not-affected> (Vulnerability introduced in 0.4.3)
	[wheezy] - aubio <not-affected> (Vulnerability introduced in 0.4.3)
	NOTE: https://github.com/aubio/aubio/issues/148
CVE-2017-17050 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17049 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-17048
	RESERVED
CVE-2017-17047
	RESERVED
CVE-2017-17043 (The Emag Marketplace Connector plugin 1.0.0 for WordPress has reflected ...)
	NOT-FOR-US: Emag Marketplace Connector for WordPress
CVE-2017-17053 (The init_new_context function in arch/x86/include/asm/mmu_context.h in ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/ccd5b3235180eef3cfec337df1c8554ab151b5cc
CVE-2017-17052 (The mm_init function in kernel/fork.c in the Linux kernel before ...)
	- linux 4.12.12-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/2b7e8665b4ff51c034c55df3cff76518d1a9ee3a
CVE-2018-0730
	RESERVED
CVE-2018-0729
	RESERVED
CVE-2018-0728
	RESERVED
CVE-2018-0727
	RESERVED
CVE-2018-0726
	RESERVED
CVE-2018-0725
	RESERVED
CVE-2018-0724
	RESERVED
CVE-2018-0723
	RESERVED
CVE-2018-0722
	RESERVED
CVE-2018-0721
	RESERVED
CVE-2018-0720
	RESERVED
CVE-2018-0719
	RESERVED
CVE-2018-0718
	RESERVED
CVE-2018-0717
	RESERVED
CVE-2018-0716
	RESERVED
CVE-2018-0715
	RESERVED
CVE-2018-0714
	RESERVED
CVE-2018-0713
	RESERVED
CVE-2018-0712
	RESERVED
CVE-2018-0711 (Cross-site scripting (XSS) vulnerability in QNAP QTS 4.3.3 build ...)
	NOT-FOR-US: QNAP
CVE-2018-0710
	RESERVED
CVE-2018-0709
	RESERVED
CVE-2018-0708
	RESERVED
CVE-2018-0707
	RESERVED
CVE-2018-0706
	RESERVED
CVE-2017-17042 (lib/yard/core_ext/file.rb in the server in YARD before 0.9.11 does not ...)
	- yard 0.9.12-1
	[stretch] - yard <no-dsa> (Minor issue)
	[jessie] - yard <no-dsa> (Minor issue)
	[wheezy] - yard <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/lsegal/yard/commit/b0217b3e30dc53d057b1682506333335975e62b4 (0.9.11)
CVE-2017-17041
	RESERVED
CVE-2017-17040
	RESERVED
CVE-2017-17039
	RESERVED
CVE-2017-17038
	RESERVED
CVE-2017-17037
	RESERVED
CVE-2017-17036
	RESERVED
CVE-2017-17035
	RESERVED
CVE-2017-17034
	RESERVED
CVE-2017-17033 (A buffer overflow vulnerability in password function in QNAP QTS ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17032 (A buffer overflow vulnerability in password function in QNAP QTS ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17031 (A buffer overflow vulnerability in password function in QNAP QTS ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17030 (A buffer overflow vulnerability in login function in QNAP QTS version ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17029 (A buffer overflow vulnerability in login function in QNAP QTS version ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17028 (A buffer overflow vulnerability in external device function in QNAP ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17027 (A buffer overflow vulnerability in FTP service in QNAP QTS version ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-17045 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...)
	{DSA-4050-1 DLA-1230-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-247.html
CVE-2017-17044 (An issue was discovered in Xen through 4.9.x allowing HVM guest OS ...)
	{DSA-4050-1 DLA-1230-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-246.html
CVE-2017-17046 (An issue was discovered in Xen through 4.9.x on the ARM platform ...)
	{DSA-4050-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: https://xenbits.xen.org/xsa/advisory-245.html
CVE-2018-0705
	RESERVED
CVE-2018-0704
	RESERVED
CVE-2018-0703
	RESERVED
CVE-2018-0702
	RESERVED
CVE-2018-0701
	RESERVED
CVE-2018-0700
	RESERVED
CVE-2018-0699
	RESERVED
CVE-2018-0698
	RESERVED
CVE-2018-0697
	RESERVED
CVE-2018-0696
	RESERVED
CVE-2018-0695
	RESERVED
CVE-2018-0694
	RESERVED
CVE-2018-0693
	RESERVED
CVE-2018-0692
	RESERVED
CVE-2018-0691
	RESERVED
CVE-2018-0690
	RESERVED
CVE-2018-0689
	RESERVED
CVE-2018-0688
	RESERVED
CVE-2018-0687
	RESERVED
CVE-2018-0686
	RESERVED
CVE-2018-0685
	RESERVED
CVE-2018-0684
	RESERVED
CVE-2018-0683
	RESERVED
CVE-2018-0682
	RESERVED
CVE-2018-0681
	RESERVED
CVE-2018-0680
	RESERVED
CVE-2018-0679
	RESERVED
CVE-2018-0678
	RESERVED
CVE-2018-0677
	RESERVED
CVE-2018-0676
	RESERVED
CVE-2018-0675
	RESERVED
CVE-2018-0674
	RESERVED
CVE-2018-0673
	RESERVED
CVE-2018-0672
	RESERVED
CVE-2018-0671
	RESERVED
CVE-2018-0670
	RESERVED
CVE-2018-0669
	RESERVED
CVE-2018-0668
	RESERVED
CVE-2018-0667
	RESERVED
CVE-2018-0666
	RESERVED
CVE-2018-0665
	RESERVED
CVE-2018-0664
	RESERVED
CVE-2018-0663
	RESERVED
CVE-2018-0662
	RESERVED
CVE-2018-0661
	RESERVED
CVE-2018-0660
	RESERVED
CVE-2018-0659
	RESERVED
CVE-2018-0658
	RESERVED
CVE-2018-0657
	RESERVED
CVE-2018-0656
	RESERVED
CVE-2018-0655
	RESERVED
CVE-2018-0654
	RESERVED
CVE-2018-0653
	RESERVED
CVE-2018-0652
	RESERVED
CVE-2018-0651
	RESERVED
CVE-2018-0650
	RESERVED
CVE-2018-0649
	RESERVED
CVE-2018-0648
	RESERVED
CVE-2018-0647
	RESERVED
CVE-2018-0646
	RESERVED
CVE-2018-0645
	RESERVED
CVE-2018-0644
	RESERVED
CVE-2018-0643
	RESERVED
CVE-2018-0642
	RESERVED
CVE-2018-0641
	RESERVED
CVE-2018-0640
	RESERVED
CVE-2018-0639
	RESERVED
CVE-2018-0638
	RESERVED
CVE-2018-0637
	RESERVED
CVE-2018-0636
	RESERVED
CVE-2018-0635
	RESERVED
CVE-2018-0634
	RESERVED
CVE-2018-0633
	RESERVED
CVE-2018-0632
	RESERVED
CVE-2018-0631
	RESERVED
CVE-2018-0630
	RESERVED
CVE-2018-0629
	RESERVED
CVE-2018-0628
	RESERVED
CVE-2018-0627
	RESERVED
CVE-2018-0626
	RESERVED
CVE-2018-0625
	RESERVED
CVE-2018-0624
	RESERVED
CVE-2018-0623
	RESERVED
CVE-2018-0622
	RESERVED
CVE-2018-0621
	RESERVED
CVE-2018-0620
	RESERVED
CVE-2018-0619
	RESERVED
CVE-2018-0618
	RESERVED
CVE-2018-0617
	RESERVED
CVE-2018-0616
	RESERVED
CVE-2018-0615
	RESERVED
CVE-2018-0614
	RESERVED
CVE-2018-0613
	RESERVED
CVE-2018-0612
	RESERVED
CVE-2018-0611
	RESERVED
CVE-2018-0610
	RESERVED
CVE-2018-0609
	RESERVED
CVE-2018-0608
	RESERVED
CVE-2018-0607
	RESERVED
CVE-2018-0606
	RESERVED
CVE-2018-0605
	RESERVED
CVE-2018-0604
	RESERVED
CVE-2018-0603
	RESERVED
CVE-2018-0602
	RESERVED
CVE-2018-0601
	RESERVED
CVE-2018-0600
	RESERVED
CVE-2018-0599
	RESERVED
CVE-2018-0598
	RESERVED
CVE-2018-0597
	RESERVED
CVE-2018-0596
	RESERVED
CVE-2018-0595
	RESERVED
CVE-2018-0594
	RESERVED
CVE-2018-0593
	RESERVED
CVE-2018-0592
	RESERVED
CVE-2018-0591 (The KINEPASS App for Android Ver 3.1.1 and earlier, and for iOS Ver ...)
	NOT-FOR-US: KINEPASS
CVE-2018-0590 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0589 (Ultimate Member plugin prior to version 2.0.4 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0588 (Directory traversal vulnerability in the AJAX function of Ultimate ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0587 (Unrestricted file upload vulnerability in Ultimate Member plugin prior ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0586 (Directory traversal vulnerability in the shortcodes function of ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0585 (Cross-site scripting vulnerability in Ultimate Member plugin prior to ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2018-0584
	RESERVED
CVE-2018-0583 (Cross-site scripting vulnerability in ASUS RT-AC1200HP Firmware ...)
	NOT-FOR-US: ASUS
CVE-2018-0582 (Cross-site scripting vulnerability in ASUS RT-AC68U Firmware version ...)
	NOT-FOR-US: ASUS
CVE-2018-0581 (Cross-site scripting vulnerability in ASUS RT-AC87U Firmware version ...)
	NOT-FOR-US: ASUS
CVE-2018-0580 (Untrusted search path vulnerability in CELSYS, Inc CLIP STUDIO series ...)
	NOT-FOR-US: CELSYS
CVE-2018-0579 (Cross-site scripting vulnerability in Open Graph for Facebook, Google+ ...)
	NOT-FOR-US: WordPress plugin wonderm00ns-simple-facebook-open-graph-tags
CVE-2018-0578 (Cross-site scripting vulnerability in PixelYourSite plugin prior to ...)
	NOT-FOR-US: WordPress plugin pixelyoursite
CVE-2018-0577 (Cross-site scripting vulnerability in WP Google Map Plugin prior to ...)
	NOT-FOR-US: WordPress plugin wp-google-map-plugin
CVE-2018-0576 (Cross-site scripting vulnerability in Events Manager plugin prior to ...)
	NOT-FOR-US: WordPress plugin events-manager
CVE-2018-0575
	RESERVED
CVE-2018-0574
	RESERVED
CVE-2018-0573
	RESERVED
CVE-2018-0572
	RESERVED
CVE-2018-0571
	RESERVED
CVE-2018-0570
	RESERVED
CVE-2018-0569
	RESERVED
CVE-2018-0568 (Unrestricted file upload vulnerability in SiteBridge Inc. Joruri Gw ...)
	NOT-FOR-US: Joruri Gw
CVE-2018-0567
	RESERVED
CVE-2018-0566
	RESERVED
CVE-2018-0565
	RESERVED
CVE-2018-0564 (Session fixation vulnerability in EC-CUBE (EC-CUBE 3.0.0, EC-CUBE ...)
	NOT-FOR-US: EC-CUBE
CVE-2018-0563
	RESERVED
CVE-2018-0562 (Untrusted search path vulnerability in Installer of SoundEngine Free ...)
	NOT-FOR-US: Installer of SoundEngine Free
CVE-2018-0561 (Untrusted search path vulnerability in The installer of PhishWall ...)
	NOT-FOR-US: Installer of PhishWall Client Internet Explorer
CVE-2018-0560 (Hatena Bookmark App for iOS Version 3.0 to 3.70 allows remote ...)
	NOT-FOR-US: Hatena Bookmark App for iOS
CVE-2018-0559
	RESERVED
CVE-2018-0558
	RESERVED
CVE-2018-0557
	RESERVED
CVE-2018-0556 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0555 (Buffer overflow in Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0554 (Buffalo WZR-1750DHP2 Ver.2.30 and earlier allows an attacker to bypass ...)
	NOT-FOR-US: Buffalo WZR-1750DHP2
CVE-2018-0553 (The iRemoconWiFi App for Android version 4.1.7 and earlier does not ...)
	NOT-FOR-US: iRemoconWiFi App for Android
CVE-2018-0552 (Untrusted search path vulnerability in The installer of PhishWall ...)
	NOT-FOR-US: installer of PhishWall Client (Firefox and Chrome edition for Windows)
CVE-2018-0551 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0550 (Cybozu Garoon 3.5.0 to 4.6.1 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0549 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0548 (Cybozu Garoon 4.0.0 to 4.6.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0547 (Cross-site scripting vulnerability in WP All Import plugin prior to ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0546 (Cross-site scripting vulnerability in WP All Import plugin prior to ...)
	NOT-FOR-US: WP All Import plugin for WordPress
CVE-2018-0545 (LXR version 1.0.0 to 2.3.0 allows remote attackers to execute ...)
	NOT-FOR-US: LXR
CVE-2018-0544 (Untrusted search path vulnerability in WinShot 1.53a and earlier ...)
	NOT-FOR-US: WinShot
CVE-2018-0543 (Untrusted search path vulnerability in Jtrim 1.53c and earlier ...)
	NOT-FOR-US: Jtrim installer
CVE-2018-0542 (Directory traversal vulnerability in WebProxy version 1.7.8 allows an ...)
	NOT-FOR-US: WebProxy (some software released by LunarLight)
CVE-2018-0541 (Buffer overflow in Tiny FTP Daemon Ver0.52d allows an attacker to ...)
	NOT-FOR-US: Tiny FTP Daemon
CVE-2018-0540 (Untrusted search path vulnerability in ViX version 2.21.148.0 allows ...)
	NOT-FOR-US: ViX
CVE-2018-0539 (QQQ SYSTEMS version 2.24 allows an attacker to execute arbitrary ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0538 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0537 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0536 (Cross-site scripting vulnerability in QQQ SYSTEMS ver2.24 allows an ...)
	NOT-FOR-US: QQQ SYSTEMS
CVE-2018-0535 (Cross-site scripting vulnerability in PHP 2chBBS version bbs18c allows ...)
	NOT-FOR-US: PHP 2chBBS
CVE-2018-0534 (Cross-site scripting vulnerability in ArsenoL Version 0.5 allows an ...)
	NOT-FOR-US: ArsenoL
CVE-2018-0533 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0532 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0531 (Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0530 (SQL injection vulnerability in the Cybozu Garoon 3.5.0 to 4.2.6 allows ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2018-0529
	RESERVED
CVE-2018-0528
	RESERVED
CVE-2018-0527
	RESERVED
CVE-2018-0526
	RESERVED
CVE-2018-0525 (Directory traversal vulnerability in Jubatus 1.0.2 and earlier allows ...)
	- jubatus <itp> (bug #704100)
CVE-2018-0524 (Jubatus 1.0.2 and earlier allows remote code execution via unspecified ...)
	- jubatus <itp> (bug #704100)
CVE-2018-0523 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...)
	NOT-FOR-US: Buffalo
CVE-2018-0522 (Buffer overflow in Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier ...)
	NOT-FOR-US: Buffalo
CVE-2018-0521 (Buffalo WXR-1900DHP2 firmware Ver.2.48 and earlier allows an attacker ...)
	NOT-FOR-US: Buffalo
CVE-2018-0520 (Cross-site request forgery (CSRF) vulnerability in FS010W firmware ...)
	NOT-FOR-US: FS010W firmware
CVE-2018-0519 (Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 ...)
	NOT-FOR-US: FS010W firmware
CVE-2018-0518 (LINE for iOS version 7.1.3 to 7.1.5 does not verify X.509 certificates ...)
	NOT-FOR-US: LINE for iOS
CVE-2018-0517 (Untrusted search path vulnerability in Anshin net security for Windows ...)
	NOT-FOR-US: Anshin net security for Windows
CVE-2018-0516 (Untrusted search path vulnerability in FLET'S v4 / v6 address ...)
	NOT-FOR-US: FLET'S v4 / v6 address selection tool
CVE-2018-0515 (Untrusted search path vulnerability in &quot;FLET'S Azukeru Backup Tool&quot; ...)
	NOT-FOR-US: FLET'S Azukeru Backup Tool
CVE-2018-0514 (MP Form Mail CGI eCommerce Edition Ver 2.0.13 and earlier allows ...)
	NOT-FOR-US: MP Form Mail CGI eCommerce Edition
CVE-2018-0513 (Cross-site scripting vulnerability in MTS Simple Booking C, MTS Simple ...)
	NOT-FOR-US: MTS Simple Booking
CVE-2018-0512 (Devices with IP address setting tool &quot;MagicalFinder&quot; provided by I-O ...)
	NOT-FOR-US: IP address setting tool "MagicalFinder" provided by I-O DATA DEVICE, INC.
CVE-2018-0511 (Cross-site scripting vulnerability in WP Retina 2x prior to version ...)
	NOT-FOR-US: WP Retina
CVE-2018-0510 (Buffer overflow in epg search result viewer (kkcald) 0.7.19 and ...)
	NOT-FOR-US: kkcal
CVE-2018-0509 (Cross-site request forgery (CSRF) vulnerability in epg search result ...)
	NOT-FOR-US: kkcal
CVE-2018-0508 (Cross-site scripting vulnerability in epg search result viewer ...)
	NOT-FOR-US: kkcal
CVE-2018-0507 (Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup &amp; ...)
	NOT-FOR-US: FLET'S VIRUS CLEAR
CVE-2018-0506 (Nootka 1.4.4 and earlier allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Nootka
CVE-2018-0505
	RESERVED
CVE-2018-0504
	RESERVED
CVE-2018-0503
	RESERVED
CVE-2018-0502
	RESERVED
CVE-2018-0501
	RESERVED
CVE-2018-0500
	RESERVED
CVE-2018-0499
	RESERVED
CVE-2018-0498
	RESERVED
CVE-2018-0497
	RESERVED
CVE-2018-0496
	RESERVED
CVE-2018-0495
	RESERVED
CVE-2018-0494 (GNU Wget before 1.19.5 is prone to a cookie injection vulnerability in ...)
	{DSA-4195-1 DLA-1375-1}
	- wget 1.19.5-1 (bug #898076)
	NOTE: https://lists.gnu.org/archive/html/bug-wget/2018-05/msg00020.html
	NOTE: https://savannah.gnu.org/bugs/?53763
	NOTE: https://git.savannah.gnu.org/cgit/wget.git/commit/?id=1fc9c95ec144499e69dc8ec76dbe07799d7d82cd
	NOTE: https://sintonen.fi/advisories/gnu-wget-cookie-injection.txt
CVE-2018-0493 (remctld in remctl before 3.14, when an attacker is authorized to ...)
	{DSA-4159-1}
	- remctl 3.14-1
	[jessie] - remctl <not-affected> (Affected code introduced in 3.12)
	[wheezy] - remctl <not-affected> (Affected code introduced in 3.12)
	NOTE: https://www.eyrie.org/~eagle/software/remctl/security/2018-04-01.html
	NOTE: https://git.eyrie.org/?p=kerberos/remctl.git;a=commitdiff;h=e2b34e086f199b39f8ea36dd621684003835d172
CVE-2018-0492 (Johnathan Nightingale beep through 1.3.4, if setuid, has a race ...)
	{DSA-4163-1 DLA-1338-1}
	- beep 1.3-5 (bug #894667)
	NOTE: https://github.com/johnath/beep/issues/11
CVE-2018-0491 (A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. ...)
	- tor 0.3.2.10-1
	[stretch] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	[jessie] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	[wheezy] - tor <not-affected> (Only affects tor 0.3.2.x series and later)
	NOTE: https://trac.torproject.org/projects/tor/ticket/25117
	NOTE: https://trac.torproject.org/projects/tor/ticket/24700
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=adaf3e9b89f62d68ab631b8f672d9bff996689b9
CVE-2018-0490 (An issue was discovered in Tor before 0.2.9.15, 0.3.1.x before ...)
	{DSA-4183-1}
	- tor 0.3.2.10-1
	[jessie] - tor <not-affected> (Vulnerable code introduced after tor-0.2.9.4-alpha)
	[wheezy] - tor <not-affected> (Vulnerable code introduced after tor-0.2.9.4-alpha)
	NOTE: https://trac.torproject.org/projects/tor/ticket/25074
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-and-dos-prevention-03210-03110-02915
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=65f2eec694f18a64291cc85317b9f22dacc1d8e4
CVE-2018-0489 (Shibboleth XMLTooling-C before 1.6.4, as used in Shibboleth Service ...)
	{DSA-4126-1 DLA-1296-1}
	- xmltooling 1.6.4-1
	NOTE: https://shibboleth.net/community/advisories/secadv_20180227.txt
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-128
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2018-0488 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0, when the ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2 (bug #890287)
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.2.19 not affected)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
	NOTE: https://github.com/ARMmbed/mbedtls/commit/992b6872f3ca717282ae367749a47f006d337a87
	NOTE: https://github.com/ARMmbed/mbedtls/commit/464147cadc694379b7717afb7b517fe05cdb323f
CVE-2018-0487 (ARM mbed TLS before 1.3.22, before 2.1.10, and before 2.7.0 allows ...)
	{DSA-4147-1 DSA-4138-1}
	- mbedtls 2.7.0-2 (bug #890288)
	- polarssl <removed>
	[wheezy] - polarssl <not-affected> (according to the upstream advisory < 1.3.7 not affected)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2018-01
	NOTE: https://github.com/ARMmbed/mbedtls/commit/28a0c727957990ac655cbe40c7eb20b7ef01167d
CVE-2018-0486 (Shibboleth XMLTooling-C before 1.6.3, as used in Shibboleth Service ...)
	{DSA-4085-1 DLA-1242-1}
	- xmltooling 1.6.3-1
	[stretch] - xmltooling 1.6.0-4+deb9u1
	NOTE: https://shibboleth.net/community/advisories/secadv_20180112.txt
	NOTE: Fixed upstream in 1.6.3 to workaround bug independent of if parser already
	NOTE: disallow DTD use.
	NOTE: https://issues.shibboleth.net/jira/browse/CPPXT-127
	NOTE: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commit;h=a02314e96d6746d29c5697b504d37f2e04a6e6cd
CVE-2017-17026
	RESERVED
CVE-2017-17025
	RESERVED
CVE-2017-17024
	RESERVED
CVE-2017-17023
	RESERVED
CVE-2017-17022
	RESERVED
CVE-2017-17021
	RESERVED
CVE-2017-17020 (On D-Link DCS-5009 devices with firmware 1.08.11 and earlier, DCS-5010 ...)
	NOT-FOR-US: D-Link
CVE-2017-17019
	RESERVED
CVE-2017-17018
	RESERVED
CVE-2017-17017
	RESERVED
CVE-2017-17016
	RESERVED
CVE-2017-17015
	RESERVED
CVE-2017-17014
	RESERVED
CVE-2017-17013
	RESERVED
CVE-2017-17012
	RESERVED
CVE-2017-17011
	RESERVED
CVE-2017-17010 (Untrusted search path vulnerability in Content Manager Assistant for ...)
	NOT-FOR-US: Content Manager Assistant for PlayStation
CVE-2017-17009
	REJECTED
CVE-2017-17008
	REJECTED
CVE-2017-17007
	REJECTED
CVE-2017-17006
	REJECTED
CVE-2017-17005
	REJECTED
CVE-2017-17004
	REJECTED
CVE-2017-17003
	REJECTED
CVE-2017-17002
	REJECTED
CVE-2017-17001
	REJECTED
CVE-2017-17000
	REJECTED
CVE-2017-16999
	REJECTED
CVE-2017-16998
	REJECTED
CVE-2017-16997 (elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through ...)
	- glibc 2.25-6 (bug #884615)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22625
	NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-12/msg00528.html
CVE-2017-16996 (kernel/bpf/verifier.c in the Linux kernel through 4.14.8 allows local ...)
	- linux 4.14.7-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/0c17d1d2c61936401f4702e1846e2c19b200f958
CVE-2017-16995 (The check_alu_op function in kernel/bpf/verifier.c in the Linux kernel ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/95a762e2c8c942780948091f8f2a4f32fce1ac6f
CVE-2016-10702 (Pebble Smartwatch devices through 4.3 mishandle UUID storage, which ...)
	NOT-FOR-US: Pebble
CVE-2016-10701 (In Hitachi Vantara Pentaho BA Platform through 8.0, a CSRF issue exists ...)
	NOT-FOR-US: Hitachi Vantara Pentaho BA Platform
CVE-2017-1001004 (typed-function before 0.10.6 had an arbitrary code execution in the ...)
	NOT-FOR-US: typed-function
CVE-2017-1001003 (math.js before 3.17.0 had an issue where private properties such as a ...)
	NOT-FOR-US: math.js
CVE-2017-1001002 (math.js before 3.17.0 had an arbitrary code execution in the ...)
	NOT-FOR-US: math.js
CVE-2017-1000214 (GitPHP by xiphux is vulnerable to OS Command Injections ...)
	NOT-FOR-US: GitPHP
CVE-2017-1000207 (A vulnerability in Swagger-Parser's version &lt;= 1.0.30 and Swagger ...)
	NOT-FOR-US: Swagger-Parser
CVE-2017-1000159 (Command injection in evince via filename when printing to PDF. This ...)
	{DLA-1204-1}
	- evince 3.25.92-1 (low)
	[stretch] - evince <no-dsa> (Minor issue)
	[jessie] - evince <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784947
	NOTE: Introduced by: https://git.gnome.org/browse/evince/commit/?id=1fcca0b8041de0d6074d7e17fba174da36c65f99 (EVINCE_0_9_1)
	NOTE: Fixed by: https://git.gnome.org/browse/evince/commit/?id=350404c76dc8601e2cdd2636490e2afc83d3090e (3.25.91)
CVE-2018-0485
	RESERVED
CVE-2018-0484
	RESERVED
CVE-2018-0483
	RESERVED
CVE-2018-0482
	RESERVED
CVE-2018-0481
	RESERVED
CVE-2018-0480
	RESERVED
CVE-2018-0479
	RESERVED
CVE-2018-0478
	RESERVED
CVE-2018-0477
	RESERVED
CVE-2018-0476
	RESERVED
CVE-2018-0475
	RESERVED
CVE-2018-0474
	RESERVED
CVE-2018-0473
	RESERVED
CVE-2018-0472
	RESERVED
CVE-2018-0471
	RESERVED
CVE-2018-0470
	RESERVED
CVE-2018-0469
	RESERVED
CVE-2018-0468
	RESERVED
CVE-2018-0467
	RESERVED
CVE-2018-0466
	RESERVED
CVE-2018-0465
	RESERVED
CVE-2018-0464
	RESERVED
CVE-2018-0463
	RESERVED
CVE-2018-0462
	RESERVED
CVE-2018-0461
	RESERVED
CVE-2018-0460
	RESERVED
CVE-2018-0459
	RESERVED
CVE-2018-0458
	RESERVED
CVE-2018-0457
	RESERVED
CVE-2018-0456
	RESERVED
CVE-2018-0455
	RESERVED
CVE-2018-0454
	RESERVED
CVE-2018-0453
	RESERVED
CVE-2018-0452
	RESERVED
CVE-2018-0451
	RESERVED
CVE-2018-0450
	RESERVED
CVE-2018-0449
	RESERVED
CVE-2018-0448
	RESERVED
CVE-2018-0447
	RESERVED
CVE-2018-0446
	RESERVED
CVE-2018-0445
	RESERVED
CVE-2018-0444
	RESERVED
CVE-2018-0443
	RESERVED
CVE-2018-0442
	RESERVED
CVE-2018-0441
	RESERVED
CVE-2018-0440
	RESERVED
CVE-2018-0439
	RESERVED
CVE-2018-0438
	RESERVED
CVE-2018-0437
	RESERVED
CVE-2018-0436
	RESERVED
CVE-2018-0435
	RESERVED
CVE-2018-0434
	RESERVED
CVE-2018-0433
	RESERVED
CVE-2018-0432
	RESERVED
CVE-2018-0431
	RESERVED
CVE-2018-0430
	RESERVED
CVE-2018-0429
	RESERVED
CVE-2018-0428
	RESERVED
CVE-2018-0427
	RESERVED
CVE-2018-0426
	RESERVED
CVE-2018-0425
	RESERVED
CVE-2018-0424
	RESERVED
CVE-2018-0423
	RESERVED
CVE-2018-0422
	RESERVED
CVE-2018-0421
	RESERVED
CVE-2018-0420
	RESERVED
CVE-2018-0419
	RESERVED
CVE-2018-0418
	RESERVED
CVE-2018-0417
	RESERVED
CVE-2018-0416
	RESERVED
CVE-2018-0415
	RESERVED
CVE-2018-0414
	RESERVED
CVE-2018-0413
	RESERVED
CVE-2018-0412
	RESERVED
CVE-2018-0411
	RESERVED
CVE-2018-0410
	RESERVED
CVE-2018-0409
	RESERVED
CVE-2018-0408
	RESERVED
CVE-2018-0407
	RESERVED
CVE-2018-0406
	RESERVED
CVE-2018-0405
	RESERVED
CVE-2018-0404
	RESERVED
CVE-2018-0403
	RESERVED
CVE-2018-0402
	RESERVED
CVE-2018-0401
	RESERVED
CVE-2018-0400
	RESERVED
CVE-2018-0399
	RESERVED
CVE-2018-0398
	RESERVED
CVE-2018-0397
	RESERVED
CVE-2018-0396
	RESERVED
CVE-2018-0395
	RESERVED
CVE-2018-0394
	RESERVED
CVE-2018-0393
	RESERVED
CVE-2018-0392
	RESERVED
CVE-2018-0391
	RESERVED
CVE-2018-0390
	RESERVED
CVE-2018-0389
	RESERVED
CVE-2018-0388
	RESERVED
CVE-2018-0387
	RESERVED
CVE-2018-0386
	RESERVED
CVE-2018-0385
	RESERVED
CVE-2018-0384
	RESERVED
CVE-2018-0383
	RESERVED
CVE-2018-0382
	RESERVED
CVE-2018-0381
	RESERVED
CVE-2018-0380
	RESERVED
CVE-2018-0379
	RESERVED
CVE-2018-0378
	RESERVED
CVE-2018-0377
	RESERVED
CVE-2018-0376
	RESERVED
CVE-2018-0375
	RESERVED
CVE-2018-0374
	RESERVED
CVE-2018-0373
	RESERVED
CVE-2018-0372
	RESERVED
CVE-2018-0371
	RESERVED
CVE-2018-0370
	RESERVED
CVE-2018-0369
	RESERVED
CVE-2018-0368
	RESERVED
CVE-2018-0367
	RESERVED
CVE-2018-0366
	RESERVED
CVE-2018-0365
	RESERVED
CVE-2018-0364
	RESERVED
CVE-2018-0363
	RESERVED
CVE-2018-0362
	RESERVED
CVE-2018-0361
	RESERVED
CVE-2018-0360
	RESERVED
CVE-2018-0359
	RESERVED
CVE-2018-0358
	RESERVED
CVE-2018-0357
	RESERVED
CVE-2018-0356
	RESERVED
CVE-2018-0355
	RESERVED
CVE-2018-0354
	RESERVED
CVE-2018-0353
	RESERVED
CVE-2018-0352
	RESERVED
CVE-2018-0351
	RESERVED
CVE-2018-0350
	RESERVED
CVE-2018-0349
	RESERVED
CVE-2018-0348
	RESERVED
CVE-2018-0347
	RESERVED
CVE-2018-0346
	RESERVED
CVE-2018-0345
	RESERVED
CVE-2018-0344
	RESERVED
CVE-2018-0343
	RESERVED
CVE-2018-0342
	RESERVED
CVE-2018-0341
	RESERVED
CVE-2018-0340
	RESERVED
CVE-2018-0339
	RESERVED
CVE-2018-0338
	RESERVED
CVE-2018-0337
	RESERVED
CVE-2018-0336
	RESERVED
CVE-2018-0335
	RESERVED
CVE-2018-0334
	RESERVED
CVE-2018-0333
	RESERVED
CVE-2018-0332
	RESERVED
CVE-2018-0331
	RESERVED
CVE-2018-0330
	RESERVED
CVE-2018-0329
	RESERVED
CVE-2018-0328 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2018-0327 (A vulnerability in the web framework of Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco
CVE-2018-0326 (A vulnerability in the web UI of Cisco TelePresence Server Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0325 (A vulnerability in the Session Initiation Protocol (SIP) call-handling ...)
	NOT-FOR-US: Cisco
CVE-2018-0324 (A vulnerability in the CLI of Cisco Enterprise NFV Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2018-0323 (A vulnerability in the web management interface of Cisco Enterprise NFV ...)
	NOT-FOR-US: Cisco
CVE-2018-0322
	RESERVED
CVE-2018-0321
	RESERVED
CVE-2018-0320
	RESERVED
CVE-2018-0319
	RESERVED
CVE-2018-0318
	RESERVED
CVE-2018-0317
	RESERVED
CVE-2018-0316
	RESERVED
CVE-2018-0315
	RESERVED
CVE-2018-0314
	RESERVED
CVE-2018-0313
	RESERVED
CVE-2018-0312
	RESERVED
CVE-2018-0311
	RESERVED
CVE-2018-0310
	RESERVED
CVE-2018-0309
	RESERVED
CVE-2018-0308
	RESERVED
CVE-2018-0307
	RESERVED
CVE-2018-0306
	RESERVED
CVE-2018-0305
	RESERVED
CVE-2018-0304
	RESERVED
CVE-2018-0303
	RESERVED
CVE-2018-0302
	RESERVED
CVE-2018-0301
	RESERVED
CVE-2018-0300
	RESERVED
CVE-2018-0299
	RESERVED
CVE-2018-0298
	RESERVED
CVE-2018-0297 (A vulnerability in the detection engine of Cisco Firepower Threat ...)
	NOT-FOR-US: Cisco
CVE-2018-0296
	RESERVED
CVE-2018-0295
	RESERVED
CVE-2018-0294
	RESERVED
CVE-2018-0293
	RESERVED
CVE-2018-0292
	RESERVED
CVE-2018-0291
	RESERVED
CVE-2018-0290 (A vulnerability in the TCP stack of Cisco SocialMiner could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0289 (A vulnerability in the logs component of Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco
CVE-2018-0288 (A vulnerability in Cisco WebEx Recording Format (WRF) Player could ...)
	NOT-FOR-US: Cisco
CVE-2018-0287 (A vulnerability in the Cisco WebEx Network Recording Player for ...)
	NOT-FOR-US: Cisco
CVE-2018-0286 (A vulnerability in the netconf interface of Cisco IOS XR Software could ...)
	NOT-FOR-US: Cisco
CVE-2018-0285 (A vulnerability in service logging for Cisco Prime Service Catalog ...)
	NOT-FOR-US: Cisco
CVE-2018-0284
	RESERVED
CVE-2018-0283 (A vulnerability in the detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0282
	RESERVED
CVE-2018-0281 (A vulnerability in the detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0280 (A vulnerability in the Real-Time Transport Protocol (RTP) bitstream ...)
	NOT-FOR-US: Cisco
CVE-2018-0279 (A vulnerability in the Secure Copy Protocol (SCP) server of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0278 (A vulnerability in the management console of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0277 (A vulnerability in the Extensible Authentication Protocol-Transport ...)
	NOT-FOR-US: Cisco
CVE-2018-0276 (A vulnerability in Cisco WebEx Connect IM could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0275 (A vulnerability in the support tunnel feature of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0274
	RESERVED
CVE-2018-0273 (A vulnerability in the IPsec Manager of Cisco StarOS for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0272 (A vulnerability in the Secure Sockets Layer (SSL) Engine of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0271 (A vulnerability in the API gateway of the Cisco Digital Network ...)
	NOT-FOR-US: Cisco
CVE-2018-0270 (A vulnerability in the web-based management interface of Cisco IoT ...)
	NOT-FOR-US: Cisco
CVE-2018-0269 (A vulnerability in the web framework of the Cisco Digital Network ...)
	NOT-FOR-US: Cisco
CVE-2018-0268 (A vulnerability in the container management subsystem of Cisco Digital ...)
	NOT-FOR-US: Cisco
CVE-2018-0267 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2018-0266 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2018-0265
	RESERVED
CVE-2018-0264 (A vulnerability in the Cisco WebEx Network Recording Player for ...)
	NOT-FOR-US: Cisco
CVE-2018-0263
	RESERVED
CVE-2018-0262 (A vulnerability in Cisco Meeting Server could allow an unauthenticated, ...)
	NOT-FOR-US: Cisco
CVE-2018-0261
	RESERVED
CVE-2018-0260 (A vulnerability in the web interface of Cisco MATE Live could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0259 (A vulnerability in the web-based management interface of Cisco MATE ...)
	NOT-FOR-US: Cisco
CVE-2018-0258 (A vulnerability in the Cisco Prime File Upload servlet affecting ...)
	NOT-FOR-US: Cisco
CVE-2018-0257 (A vulnerability in Cisco IOS XE Software running on Cisco cBR Series ...)
	NOT-FOR-US: Cisco
CVE-2018-0256 (A vulnerability in the peer-to-peer message processing functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0255 (A vulnerability in the device manager web interface of Cisco Industrial ...)
	NOT-FOR-US: Cisco
CVE-2018-0254 (A vulnerability in the detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0253 (A vulnerability in the ACS Report component of Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2018-0252 (A vulnerability in the IP Version 4 (IPv4) fragment reassembly function ...)
	NOT-FOR-US: Cisco
CVE-2018-0251 (A vulnerability in the Web Server Authentication Required screen of the ...)
	NOT-FOR-US: Cisco
CVE-2018-0250 (A vulnerability in Central Web Authentication (CWA) with FlexConnect ...)
	NOT-FOR-US: Cisco
CVE-2018-0249 (A vulnerability when handling incoming 802.11 Association Requests for ...)
	NOT-FOR-US: Cisco
CVE-2018-0248
	RESERVED
CVE-2018-0247 (A vulnerability in Web Authentication (WebAuth) clients for the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0246
	RESERVED
CVE-2018-0245 (A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless ...)
	NOT-FOR-US: Cisco
CVE-2018-0244 (A vulnerability in the detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0243 (A vulnerability in the detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0242 (A vulnerability in the WebVPN web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0241 (A vulnerability in the UDP broadcast forwarding function of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0240 (Multiple vulnerabilities in the Application Layer Protocol Inspection ...)
	NOT-FOR-US: Cisco
CVE-2018-0239 (A vulnerability in the egress packet processing functionality of the ...)
	NOT-FOR-US: Cisco
CVE-2018-0238 (A vulnerability in the role-based resource checking functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0237 (A vulnerability in the file type detection mechanism of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0236
	RESERVED
CVE-2018-0235 (A vulnerability in the 802.11 frame validation functionality of the ...)
	NOT-FOR-US: Cisco
CVE-2018-0234 (A vulnerability in the implementation of Point-to-Point Tunneling ...)
	NOT-FOR-US: Cisco
CVE-2018-0233 (A vulnerability in the Secure Sockets Layer (SSL) packet reassembly ...)
	NOT-FOR-US: Cisco
CVE-2018-0232
	RESERVED
CVE-2018-0231 (A vulnerability in the Transport Layer Security (TLS) library of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0230 (A vulnerability in the internal packet-processing functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0229 (A vulnerability in the implementation of Security Assertion Markup ...)
	NOT-FOR-US: Cisco
CVE-2018-0228 (A vulnerability in the ingress flow creation functionality of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0227 (A vulnerability in the Secure Sockets Layer (SSL) Virtual Private ...)
	NOT-FOR-US: Cisco
CVE-2018-0226 (A vulnerability in the assignment and management of default user ...)
	NOT-FOR-US: Cisco
CVE-2018-0225
	RESERVED
CVE-2018-0224 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
	NOT-FOR-US: Cisco
CVE-2018-0223 (A vulnerability in DesktopServlet in the web-based management interface ...)
	NOT-FOR-US: Cisco
CVE-2018-0222 (A vulnerability in Cisco Digital Network Architecture (DNA) Center ...)
	NOT-FOR-US: Cisco
CVE-2018-0221 (A vulnerability in specific CLI commands for the Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0220 (A vulnerability in the web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0219 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0218 (A vulnerability in the web-based user interface of the Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2018-0217 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
	NOT-FOR-US: Cisco
CVE-2018-0216 (A vulnerability in the web-based management interface of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0215 (A vulnerability in the web-based management interface of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0214 (A vulnerability in certain CLI commands of Cisco Identity Services ...)
	NOT-FOR-US: Cisco
CVE-2018-0213 (A vulnerability in the credential reset functionality for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0212 (A vulnerability in the web-based management interface of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0211 (A vulnerability in specific CLI commands for the Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0210 (A vulnerability in the web-based management interface of Cisco Data ...)
	NOT-FOR-US: Cisco
CVE-2018-0209 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
	NOT-FOR-US: Cisco
CVE-2018-0208 (A vulnerability in the web-based management interface of the (cloud ...)
	NOT-FOR-US: Cisco
CVE-2018-0207 (A vulnerability in the web-based user interface of the Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2018-0206 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0205 (A vulnerability in the User Provisioning tab in the Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2018-0204 (A vulnerability in the web portal of the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2018-0203 (A vulnerability in the SMTP relay of Cisco Unity Connection could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0202 (clamscan in ClamAV before 0.99.4 contains a vulnerability that could ...)
	{DLA-1307-1}
	- clamav 0.100.0~beta+dfsg-2
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11973
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11980
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/87aaa10b29476958f5bf54b6119a133069f944fc
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/700ed96af56077cb1a9bff7b91d21db112f6465d
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/0df2fedf2805e574512c486b32a0fff4ed394560
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/495fce917445063d519f14b0009cee025f817bc3
	NOTE: https://github.com/Cisco-Talos/clamav-devel/commit/99eadf7a9ad351210165312362d1f32b77c6f857
CVE-2018-0201 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0200 (A vulnerability in the web-based interface of Cisco Prime Service ...)
	NOT-FOR-US: Cisco
CVE-2018-0199 (A vulnerability in Cisco Jabber Client Framework (JCF) could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0198 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2018-0197
	RESERVED
CVE-2018-0196 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0195 (A vulnerability in the Cisco IOS XE Software REST API could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0194 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0193 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0192
	RESERVED
CVE-2018-0191
	RESERVED
CVE-2018-0190 (Multiple vulnerabilities in the web-based user interface (web UI) of ...)
	NOT-FOR-US: Cisco
CVE-2018-0189 (A vulnerability in the Forwarding Information Base (FIB) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0188 (Multiple vulnerabilities in the web-based user interface (web UI) of ...)
	NOT-FOR-US: Cisco
CVE-2018-0187
	RESERVED
CVE-2018-0186 (Multiple vulnerabilities in the web-based user interface (web UI) of ...)
	NOT-FOR-US: Cisco
CVE-2018-0185 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0184 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0183 (A vulnerability in the CLI parser of Cisco IOS XE Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2018-0182 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0181
	RESERVED
CVE-2018-0180 (Multiple vulnerabilities in the Login Enhancements (Login Block) ...)
	NOT-FOR-US: Cisco
CVE-2018-0179 (Multiple vulnerabilities in the Login Enhancements (Login Block) ...)
	NOT-FOR-US: Cisco
CVE-2018-0178
	RESERVED
CVE-2018-0177 (A vulnerability in the IP Version 4 (IPv4) processing code of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0176 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0175 (Format String vulnerability in the Link Layer Discovery Protocol ...)
	NOT-FOR-US: Cisco
CVE-2018-0174 (A vulnerability in the DHCP option 82 encapsulation functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0173 (A vulnerability in the Cisco IOS Software and Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0172 (A vulnerability in the DHCP option 82 encapsulation functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0171 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...)
	NOT-FOR-US: Cisco
CVE-2018-0170 (A vulnerability in the Cisco Umbrella Integration feature of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0169 (Multiple vulnerabilities in the CLI parser of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2018-0168
	RESERVED
CVE-2018-0167 (Multiple Buffer Overflow vulnerabilities in the Link Layer Discovery ...)
	NOT-FOR-US: Cisco
CVE-2018-0166
	RESERVED
CVE-2018-0165 (A vulnerability in the Internet Group Management Protocol (IGMP) ...)
	NOT-FOR-US: Cisco
CVE-2018-0164 (A vulnerability in the Switch Integrated Security Features of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0163 (A vulnerability in the 802.1x multiple-authentication (multi-auth) ...)
	NOT-FOR-US: Cisco
CVE-2018-0162
	RESERVED
CVE-2018-0161 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
	NOT-FOR-US: Cisco
CVE-2018-0160 (A vulnerability in Simple Network Management Protocol (SNMP) subsystem ...)
	NOT-FOR-US: Cisco
CVE-2018-0159 (A vulnerability in the implementation of Internet Key Exchange Version ...)
	NOT-FOR-US: Cisco
CVE-2018-0158 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module ...)
	NOT-FOR-US: Cisco
CVE-2018-0157 (A vulnerability in the Zone-Based Firewall code of Cisco IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2018-0156 (A vulnerability in the Smart Install feature of Cisco IOS Software and ...)
	NOT-FOR-US: Cisco
CVE-2018-0155 (A vulnerability in the Bidirectional Forwarding Detection (BFD) offload ...)
	NOT-FOR-US: Cisco
CVE-2018-0154 (A vulnerability in the crypto engine of the Cisco Integrated Services ...)
	NOT-FOR-US: Cisco
CVE-2018-0153
	RESERVED
CVE-2018-0152 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0151 (A vulnerability in the quality of service (QoS) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0150 (A vulnerability in Cisco IOS XE Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0149
	RESERVED
CVE-2018-0148 (A vulnerability in the web-based management interface of Cisco UCS ...)
	NOT-FOR-US: Cisco
CVE-2018-0147 (A vulnerability in Java deserialization used by Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2018-0146 (A vulnerability in the Cisco Data Center Analytics Framework ...)
	NOT-FOR-US: Cisco
CVE-2018-0145 (A vulnerability in the web-based management interface of the Cisco Data ...)
	NOT-FOR-US: Cisco
CVE-2018-0144 (A vulnerability in the web-based management interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2018-0143
	RESERVED
CVE-2018-0142
	RESERVED
CVE-2018-0141 (A vulnerability in Cisco Prime Collaboration Provisioning (PCP) ...)
	NOT-FOR-US: Cisco
CVE-2018-0140 (A vulnerability in the spam quarantine of Cisco Email Security ...)
	NOT-FOR-US: Cisco
CVE-2018-0139 (A vulnerability in the Interactive Voice Response (IVR) management ...)
	NOT-FOR-US: Cisco
CVE-2018-0138 (A vulnerability in the detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2018-0137 (A vulnerability in the TCP throttling process of Cisco Prime Network ...)
	NOT-FOR-US: Cisco
CVE-2018-0136 (A vulnerability in the IPv6 subsystem of Cisco IOS XR Software Release ...)
	NOT-FOR-US: Cisco
CVE-2018-0135 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0134 (A vulnerability in the RADIUS authentication module of Cisco Policy ...)
	NOT-FOR-US: Cisco
CVE-2018-0133
	RESERVED
CVE-2018-0132 (A vulnerability in the forwarding information base (FIB) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0131
	RESERVED
CVE-2018-0130 (A vulnerability in the use of JSON web tokens by the web-based service ...)
	NOT-FOR-US: Cisco
CVE-2018-0129 (A vulnerability in the web-based management interface of Cisco Data ...)
	NOT-FOR-US: Cisco
CVE-2018-0128 (A vulnerability in the web-based management interface of Cisco Data ...)
	NOT-FOR-US: Cisco
CVE-2018-0127 (A vulnerability in the web interface of Cisco RV132W ADSL2+ Wireless-N ...)
	NOT-FOR-US: Cisco
CVE-2018-0126
	RESERVED
CVE-2018-0125 (A vulnerability in the web interface of the Cisco RV132W ADSL2+ ...)
	NOT-FOR-US: Cisco
CVE-2018-0124 (A vulnerability in Cisco Unified Communications Domain Manager could ...)
	NOT-FOR-US: Cisco
CVE-2018-0123 (A Path Traversal vulnerability in the diagnostic shell for Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2018-0122 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
	NOT-FOR-US: Cisco
CVE-2018-0121 (A vulnerability in the authentication functionality of the web-based ...)
	NOT-FOR-US: Cisco
CVE-2018-0120 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2018-0119 (A vulnerability in certain authentication controls in the account ...)
	NOT-FOR-US: Cisco
CVE-2018-0118 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2018-0117 (A vulnerability in the ingress packet processing functionality of the ...)
	NOT-FOR-US: Cisco
CVE-2018-0116 (A vulnerability in the RADIUS authentication module of Cisco Policy ...)
	NOT-FOR-US: Cisco
CVE-2018-0115 (A vulnerability in the CLI of the Cisco StarOS operating system for ...)
	NOT-FOR-US: Cisco
CVE-2018-0114 (A vulnerability in the Cisco node-jose open source library before ...)
	NOT-FOR-US: Cisco node-jose
CVE-2018-0113 (A vulnerability in an operations script of Cisco UCS Central could ...)
	NOT-FOR-US: Cisco
CVE-2018-0112 (A vulnerability in Cisco WebEx Business Suite clients, Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2018-0111 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0110 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0109 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0108 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0107 (A vulnerability in the web framework of Cisco Prime Service Catalog ...)
	NOT-FOR-US: Cisco
CVE-2018-0106 (A vulnerability in the ConfD server of the Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2018-0105 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2018-0104 (A vulnerability in Cisco WebEx Network Recording Player for Advanced ...)
	NOT-FOR-US: Cisco
CVE-2018-0103 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player ...)
	NOT-FOR-US: Cisco
CVE-2018-0102 (A vulnerability in the Pong tool of Cisco NX-OS Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2018-0101 (A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of ...)
	NOT-FOR-US: Cisco
CVE-2018-0100 (A vulnerability in the Profile Editor of the Cisco AnyConnect Secure ...)
	NOT-FOR-US: Cisco
CVE-2018-0099 (A vulnerability in the web management GUI of the Cisco D9800 Network ...)
	NOT-FOR-US: Cisco
CVE-2018-0098 (A vulnerability in the web-based management interface of Cisco WAP150 ...)
	NOT-FOR-US: Cisco
CVE-2018-0097 (A vulnerability in the web interface of Cisco Prime Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2018-0096 (A vulnerability in the role-based access control (RBAC) functionality ...)
	NOT-FOR-US: Cisco
CVE-2018-0095 (A vulnerability in the administrative shell of Cisco AsyncOS on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0094 (A vulnerability in IPv6 ingress packet processing for Cisco UCS Central ...)
	NOT-FOR-US: Cisco
CVE-2018-0093 (A vulnerability in the web-based management interface of Cisco Web ...)
	NOT-FOR-US: Cisco
CVE-2018-0092 (A vulnerability in the network-operator user role implementation for ...)
	NOT-FOR-US: Cisco
CVE-2018-0091 (A vulnerability in the web-based management interface of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2018-0090 (A vulnerability in management interface access control list (ACL) ...)
	NOT-FOR-US: Cisco
CVE-2018-0089 (A vulnerability in the Policy and Charging Rules Function (PCRF) of the ...)
	NOT-FOR-US: Cisco
CVE-2018-0088 (A vulnerability in one of the diagnostic test CLI commands on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2018-0087 (A vulnerability in the FTP server of the Cisco Web Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2018-0086 (A vulnerability in the application server of the Cisco Unified Customer ...)
	NOT-FOR-US: Cisco
CVE-2017-16994 (The walk_hugetlb_range function in mm/pagewalk.c in the Linux kernel ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.0)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
	NOTE: Fixed by: https://git.kernel.org/linus/373c4557d2aa362702c4c2d41288fb1e54990b7c (4.15-rc1)
CVE-2017-16993
	RESERVED
CVE-2017-16992
	RESERVED
CVE-2017-16991
	RESERVED
CVE-2017-16990
	RESERVED
CVE-2017-16989
	RESERVED
CVE-2017-16988
	RESERVED
CVE-2017-16987
	RESERVED
CVE-2017-16986
	RESERVED
CVE-2017-16985
	RESERVED
CVE-2017-16984
	RESERVED
CVE-2017-16983
	RESERVED
CVE-2017-16982
	RESERVED
CVE-2017-16981
	RESERVED
CVE-2017-16980
	RESERVED
CVE-2017-16979
	RESERVED
CVE-2017-16978
	RESERVED
CVE-2017-16977
	RESERVED
CVE-2017-16976
	RESERVED
CVE-2017-16975
	RESERVED
CVE-2017-16974
	RESERVED
CVE-2017-16973
	RESERVED
CVE-2017-16972
	RESERVED
CVE-2017-16971
	RESERVED
CVE-2017-16970
	RESERVED
CVE-2017-16969
	RESERVED
CVE-2017-16968
	RESERVED
CVE-2017-16967
	RESERVED
CVE-2017-16966
	RESERVED
CVE-2017-16965
	RESERVED
CVE-2017-16964
	RESERVED
CVE-2017-16963
	RESERVED
CVE-2017-16962 (The WebMail components (Crystal, pronto, and pronto4) in CommuniGate ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2017-16961 (A SQL injection vulnerability in core/inc/auto-modules.php in BigTree ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-16960 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...)
	NOT-FOR-US: TP-Link
CVE-2017-16959 (The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, ...)
	NOT-FOR-US: TP-Link
CVE-2017-16958 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...)
	NOT-FOR-US: TP-Link
CVE-2017-16957 (TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allow remote ...)
	NOT-FOR-US: TP-Link
CVE-2017-16956 (b3log Symphony (aka Sym) 2.2.0 allows an XSS attack by sending a ...)
	NOT-FOR-US: b3log Symphony
CVE-2017-16955 (SQL injection vulnerability in the InLinks plugin through 1.1 for ...)
	NOT-FOR-US: InLinks plugin for WordPress
CVE-2017-16954
	RESERVED
CVE-2017-16953 (connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic ...)
	NOT-FOR-US: ZTE
CVE-2017-16952 (KMPlayer 4.2.2.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: K-Multimedia Player
CVE-2017-16951 (Winamp Pro 5.66 Build 3512 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Winamp
CVE-2017-16950 (Cross - site scripting (XSS) vulnerability in UrBackup Server before ...)
	- urbackup-server <itp> (bug #697325)
CVE-2017-16949 (An issue was discovered in the AccessKeys AccessPress Anonymous Post ...)
	NOT-FOR-US: AccessKeys AccessPress Anonymous Post Pro plugin for WordPress
CVE-2017-16948 (TG Soft Vir.IT eXplorer Lite 8.5.42 allows local users to cause a ...)
	NOT-FOR-US: TG Soft Vir.IT eXplorer Lite
CVE-2017-16947
	RESERVED
CVE-2017-16946 (The admin_edit function in app/Controller/UsersController.php in MISP ...)
	NOT-FOR-US: MISP
CVE-2017-16945 (The standardrestorer binary in Arq 5.10 and earlier for Mac allows ...)
	NOT-FOR-US: standardrestorer binary in Arq
CVE-2017-16942 (In libsndfile 1.0.25 (fixed in 1.0.26), a divide-by-zero error exists ...)
	- libsndfile 1.0.27-1
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/341
CVE-2017-16944 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...)
	{DSA-4053-1}
	- exim4 4.89-13 (bug #882671)
	[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	[wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2201
	NOTE: https://git.exim.org/exim.git/commitdiff/178ecb70987f024f0e775d87c2f8b2cf587dd542
	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
	NOTE: 4.89-10 adds a workaround which disables the affected code by default
CVE-2017-16943 (The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 ...)
	{DSA-4053-1}
	- exim4 4.89-12 (bug #882648)
	[jessie] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	[wheezy] - exim4 <not-affected> (ESMTP CHUNKING extension introduced in 4.88)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2199
	NOTE: https://git.exim.org/exim.git/commitdiff/4e6ae6235c68de243b1c2419027472d7659aa2b4
	NOTE: https://lists.exim.org/lurker/message/20171125.034842.d1d75cac.en.html
	NOTE: https://twitter.com/philpennock/status/934270613811875840
	NOTE: 4.89-10 adds a workaround which disables the affected code by default
CVE-2017-16941 (** DISPUTED ** October CMS through 1.0.428 does not prevent use of ...)
	NOT-FOR-US: October CMS
CVE-2017-16940
	RESERVED
CVE-2017-16939 (The XFRM dump policy implementation in net/xfrm/xfrm_user.c in the ...)
	{DSA-4082-1 DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	NOTE: Fixed by: https://git.kernel.org/linus/1137b5e2529a8f5ca8ee709288ecba3e68044df2
CVE-2017-16938 (A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to ...)
	{DSA-4058-1 DLA-1196-1}
	- optipng 0.7.6-1.1 (bug #878839)
	NOTE: https://sourceforge.net/p/optipng/bugs/69/
CVE-2017-16937
	RESERVED
CVE-2017-16936 (Directory Traversal vulnerability in app_data_center on Shenzhen Tenda ...)
	NOT-FOR-US: Shenzhen Tenda
CVE-2017-16935 (Ametys before 4.0.3 requires authentication only for URIs containing a ...)
	NOT-FOR-US: Ametys CMS
CVE-2017-16934 (The web server on DBL DBLTek devices allows remote attackers to execute ...)
	NOT-FOR-US: DBL DBLTek devices
CVE-2017-16933 (etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.1 has a chown ...)
	- icinga2 2.8.4-1 (low; bug #883247)
	[stretch] - icinga2 <no-dsa> (Minor issue)
	[jessie] - icinga2 <no-dsa> (Minor issue)
	NOTE: https://github.com/Icinga/icinga2/issues/5793
	NOTE: CVE is for the unsafe use of chown(1)
CVE-2016-10700 (auth_login.php in Cacti before 1.0.0 allows remote authenticated users ...)
	- cacti 0.8.8h+ds1-5 (bug #833420)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u6
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u9
	NOTE: https://web.archive.org/web/20160817090458/http://bugs.cacti.net/view.php?id=2697
	NOTE: https://github.com/Cacti/cacti/commit/69983495cd41bf0903fe02baeef84b1fa85f2846
	NOTE: Fix for the incomplete fix for CVE-2016-2313
CVE-2017-16932 (parser.c in libxml2 before 2.9.5 does not prevent infinite recursion in ...)
	{DLA-1194-1}
	[experimental] - libxml2 2.9.7+dfsg-1
	- libxml2 <unfixed> (bug #882613)
	[stretch] - libxml2 <ignored> (Minor issue; too intrusive to backport)
	[jessie] - libxml2 <ignored> (Minor issue; too intrusive to backport)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759579
	NOTE: https://github.com/GNOME/libxml2/commit/899a5d9f0ed13b8e32449a08a361e0de127dd961
	NOTE: Applying only 899a5d9f0ed13b8e32449a08a361e0de127dd961 does not completely
	NOTE: fix the issue, see https://bugs.debian.org/882613#12 for discussion.
CVE-2017-16931 (parser.c in libxml2 before 2.9.5 mishandles parameter-entity references ...)
	{DLA-1194-1}
	- libxml2 2.9.4+dfsg1-3.1
	[stretch] - libxml2 2.9.4+dfsg1-2.2+deb9u1
	[jessie] - libxml2 2.9.1+dfsg1-5+deb8u5
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766956
	NOTE: https://github.com/GNOME/libxml2/commit/e26630548e7d138d2c560844c43820b6767251e3
	NOTE: Not a duplicate but a variant of the issue of CVE-2017-9049 and CVE-2017-9050
CVE-2017-16930 (The remote management interface on the Claymore Dual GPU miner 10.1 ...)
	NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16929 (The remote management interface on the Claymore Dual GPU miner 10.1 is ...)
	NOT-FOR-US: Claymore's Dual Ethereum+Decred AMD+NVIDIA GPU Miner
CVE-2017-16928 (The arq_updater binary in Arq 5.10 and earlier for Mac allows local ...)
	NOT-FOR-US: arq_updater binary in Arq
CVE-2017-16927 (The scp_v0s_accept function in sesman/libscp/libscp_v0.c in the session ...)
	{DLA-1203-1}
	- xrdp 0.9.4-3 (bug #882463)
	[stretch] - xrdp 0.9.1-9+deb9u2
	[jessie] - xrdp <no-dsa> (Minor issue)
	NOTE: Proposed pull request: https://github.com/neutrinolabs/xrdp/pull/958
	NOTE: https://groups.google.com/forum/#!topic/xrdp-devel/PmVfMuy_xBA
	NOTE: Originally fixed with upstream patch in 0.9.4-2 but which caused regression
	NOTE: thus marking it only as fixed in the followup version, cf. #884702
CVE-2017-16926 (Ohcount 3.0.0 is prone to a command injection via specially crafted ...)
	- ohcount 3.1.0-1 (bug #882372)
	[stretch] - ohcount <no-dsa> (Minor issue)
	[jessie] - ohcount <no-dsa> (Minor issue)
	[wheezy] - ohcount <no-dsa> (Minor issue)
	NOTE: https://github.com/blackducksoftware/ohcount/commit/6bed45d6fb7c080ae5c163c12b4eb8749a3492ac (v3.1.0)
CVE-2017-16925
	RESERVED
CVE-2017-16924 (Remote Information Disclosure and Escalation of Privileges in ...)
	NOT-FOR-US: ManageEngine Desktop Central
CVE-2017-16923 (Command Injection vulnerability in app_data_center on Shenzhen Tenda ...)
	NOT-FOR-US: Shenzhen Tenda
CVE-2017-16922 (In com.wowza.wms.timedtext.http.HTTPProviderCaptionFile in Wowza ...)
	NOT-FOR-US: Wowza
CVE-2017-16921 (In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including ...)
	{DSA-4066-1 DLA-1212-1}
	- otrs2 6.0.2-1 (bug #883774)
	NOTE: https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13357
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/d12797bf1efa6722c2ba9af6d8238446c2903cd1
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/d433518d7bd8e9e079af67ef9ea7079cd2f59646
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/368bc37f137e6344f4db014ee2e03c38e2fc62d2
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/4043ebb2580cd8f87e7758e95bf0d77eea5c82ae
CVE-2017-16920 (v5/config/system.php in dayrui FineCms 5.2.0 has a default SYS_KEY ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-16919 (MapOS 3.1.11 and earlier has a Stored Cross-site Scripting (XSS) ...)
	NOT-FOR-US: MapOS
CVE-2017-16918
	RESERVED
CVE-2017-16917
	RESERVED
CVE-2017-16916
	RESERVED
CVE-2017-16915
	RESERVED
CVE-2017-16914 (The &quot;stub_send_ret_submit()&quot; function (drivers/usb/usbip/stub_tx.c) in ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/be6123df1ea8f01ee2f896a16c2b7be3e4557a5a
CVE-2017-16913 (The &quot;stub_recv_cmd_submit()&quot; function (drivers/usb/usbip/stub_rx.c) in ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/c6688ef9f29762e65bce325ef4acd6c675806366
CVE-2017-16912 (The &quot;get_pipe()&quot; function (drivers/usb/usbip/stub_rx.c) in the Linux ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/635f545a7e8be7596b9b2b6a43cab6bbd5a88e43
CVE-2017-16911 (The vhci_hcd driver in the Linux Kernel before version 4.14.8 and ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	NOTE: Fixed by: https://git.kernel.org/linus/2f2d0088eb93db5c649d2a5e34a3800a8a935fc5
CVE-2017-16910
	RESERVED
	- libraw 0.18.6-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
	NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16909
	RESERVED
	- libraw 0.18.6-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-19
	NOTE: https://github.com/LibRaw/LibRaw/commit/2f59bac59dbcbf6bbcf01a9f3eed74307e96ca7e
CVE-2017-16908 (In Horde Groupware 5.2.19, there is XSS via the Name field during ...)
	- php-horde <undetermined>
	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
	TODO: check
CVE-2017-16907 (In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field ...)
	- php-horde <undetermined>
	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
	TODO: check
CVE-2017-16906 (In Horde Groupware 5.2.19-5.2.22, there is XSS via the URL field in a ...)
	- php-horde <undetermined>
	NOTE: http://code610.blogspot.com/2017/11/rce-via-xss-horde-5219.html
	TODO: check
CVE-2017-16905 (The DuoLingo TinyCards application before 1.0 for Android has one use ...)
	NOT-FOR-US: DuoLingo TinyCards application
CVE-2017-16904 (The Public tologin feature in admin.php in LvyeCMS through 3.1 allows ...)
	NOT-FOR-US: LvyeCMS
CVE-2017-16903 (LvyeCMS through 3.1 allows remote attackers to upload and execute ...)
	NOT-FOR-US: LvyeCMS
CVE-2017-16902 (On the Vonage VDV-23 115 3.2.11-0.9.40 home router, sending a long ...)
	NOT-FOR-US: Vonage VDV-23 115 3.2.11-0.9.40 home router
CVE-2017-16901
	RESERVED
CVE-2017-16900
	RESERVED
CVE-2017-16899 (An array index error in the fig2dev program in Xfig 3.2.6a allows ...)
	- fig2dev 1:3.2.6a-5 (bug #881143)
	[stretch] - fig2dev 1:3.2.6a-2+deb9u1
	- transfig <removed>
	[jessie] - transfig 1:3.2.5.e-4+deb8u1
	[wheezy] - transfig <no-dsa> (Minor issue)
CVE-2017-16898 (The printMP3Headers function in util/listmp3.c in libming v0.4.8 or ...)
	{DLA-1240-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/75
CVE-2017-16897 (A vulnerability has been discovered in the Auth0 passport-wsfed-saml2 ...)
	NOT-FOR-US: Auth0 passport-wsfed-saml2 library
CVE-2017-16896 (A SQL injection in classes/handler/public.php in the forgotpass ...)
	- tt-rss 17.4+git20180312+dfsg-1 (bug #882543)
	NOTE: https://discourse.tt-rss.org/t/sql-injection-in-forgotpass-fixed/669
	NOTE: https://git.tt-rss.org/git/tt-rss/commit/2352c320c2ed34ec7df1ad22f0c55a1b26489815
CVE-2017-16895 (The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) ...)
	NOT-FOR-US: Arq
CVE-2017-16894 (In Laravel framework through 5.5.21, remote attackers can obtain ...)
	NOT-FOR-US: Laravel framework
CVE-2017-16893 (The application Piwigo is affected by an SQL injection vulnerability ...)
	- piwigo <removed>
CVE-2017-16892 (In Bftpd before 4.7, there is a memory leak in the file rename ...)
	- bftpd <itp> (bug #640469)
	NOTE: http://bftpd.sourceforge.net/news.html#032390
CVE-2017-16891
	RESERVED
CVE-2017-16890
	RESERVED
CVE-2017-16889
	RESERVED
CVE-2017-16888
	RESERVED
CVE-2017-16887 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
	NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38
CVE-2017-16886 (The portal on FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38 ...)
	NOT-FOR-US: FiberHome Mobile WIFI Device Model LM53Q1 VH519R05C01S38
CVE-2017-16885 (Improper Permissions Handling in the Portal on FiberHome LM53Q1 ...)
	NOT-FOR-US: FiberHome LM53Q1 VH519R05C01S38 devices
CVE-2017-1000407 (The Linux Kernel 2.6.32 and later are affected by a denial of service, ...)
	{DSA-4082-1 DSA-4073-1 DLA-1200-1}
	- linux 4.14.7-1
	NOTE: https://www.spinics.net/lists/kvm/msg159809.html
CVE-2017-1000406 (OpenDaylight Karaf 0.6.1-Carbon fails to clear the cache after a ...)
	NOT-FOR-US: OpenDayLight
CVE-2017-1000405 (The Linux Kernel versions 2.6.38 through 4.14 have a problematic use ...)
	- linux 4.14.2-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (vulnerable code not present, cf. kernel-sec information)
	NOTE: Fixed by: https://git.kernel.org/linus/a8f97366452ed491d13cf1e44241bc0b5740b1f0
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/30/1
	NOTE: https://github.com/bindecy/HugeDirtyCowPOC
CVE-2017-1000404 (The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000403 (Jenkins Speaks! Plugin, all current versions, allows users with ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000402 (Jenkins Swarm Plugin Client 3.4 and earlier bundled a version of the ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000401 (The Jenkins 2.73.1 and earlier, 2.83 and earlier default form control ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000400 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000399 (The Jenkins 2.73.1 and earlier, 2.83 and earlier remote API at ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000398 (The remote API in Jenkins 2.73.1 and earlier, 2.83 and earlier at ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000397 (Jenkins Maven Plugin 2.17 and earlier bundled a version of the ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000396 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000395 (Jenkins 2.73.1 and earlier, 2.83 and earlier provides information ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000394 (Jenkins 2.73.1 and earlier, 2.83 and earlier bundled a version of the ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000393 (Jenkins 2.73.1 and earlier, 2.83 and earlier users with permission to ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000392 (Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000391 (Jenkins versions 2.88 and earlier and 2.73.2 and earlier stores ...)
	NOT-FOR-US: Jenkins
CVE-2017-1000390 (Jenkins Multijob plugin version 1.25 and earlier did not check ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000389 (Some URLs provided by Jenkins global-build-stats plugin version 1.4 ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000388 (Jenkins Dependency Graph Viewer plugin 0.12 and earlier did not ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000387 (Jenkins Build-Publisher plugin version 1.21 and earlier stores ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000386 (Jenkins Active Choices plugin version 1.5.3 and earlier allowed users ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-16884 (Cross-site scripting (XSS) vulnerability in MistServer before 2.13 ...)
	NOT-FOR-US: MistServer
CVE-2017-16883 (The outputSWF_TEXT_RECORD function in util/outputscript.c in libming &lt;= ...)
	{DLA-1240-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/77
CVE-2017-16882 (Icinga Core through 1.14.0 initially executes bin/icinga as root but ...)
	- icinga <not-affected> (Doesn't affect Icinga 1.x as packaged in Debian)
	NOTE: https://github.com/Icinga/icinga-core/issues/1601
	NOTE: State is not fully correct, since "affected" source would be there,
	NOTE: But Debian does not install the binaries nor configuration files as
	NOTE: respective icinga user.
CVE-2017-16881 (b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON ...)
	NOT-FOR-US: b3log Symphony
CVE-2017-16880 (The dump function in Util/TemplateHelper.php in filp whoops before ...)
	NOT-FOR-US: filp whoops
CVE-2017-1000230 (The Snap7 Server version 1.4.1 can be crashed when the ItemCount field ...)
	NOT-FOR-US: Snap7 Server
CVE-2017-1000227 (Stored XSS in Salutation Responsive WordPress + BuddyPress Theme ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1000221 (In Opencast 2.2.3 and older if user names overlap, the Opencast search ...)
	NOT-FOR-US: Opencast
CVE-2017-1000217 (Opencast 2.3.2 and older versions are vulnerable to script injections ...)
	NOT-FOR-US: Opencast
CVE-2017-1000190 (SimpleXML (latest version 2.7.1) is vulnerable to an XXE vulnerability ...)
	- simple-xml <unfixed> (bug #888547)
	[stretch] - simple-xml <no-dsa> (Minor issue)
	[jessie] - simple-xml <no-dsa> (Minor issue)
	[wheezy] - simple-xml <no-dsa> (Minor issue)
	NOTE: https://github.com/ngallagher/simplexml/issues/18
CVE-2017-1000163 (The Phoenix Framework versions 1.0.0 through 1.0.4, 1.1.0 through ...)
	NOT-FOR-US: Phoenix Framework
CVE-2017-1000128 (Exiv2 0.26 contains a stack out of bounds read in JPEG2000 parser ...)
	- exiv2 <unfixed> (bug #897260)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	[wheezy] - exiv2 <not-affected> (Cannot reproduce with crash file)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
	NOTE: https://github.com/Exiv2/exiv2/issues/177
CVE-2017-1000127 (Exiv2 0.26 contains a heap buffer overflow in tiff parser ...)
	[experimental] - exiv2 <unfixed> (low; bug #888863)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
	NOTE: https://github.com/Exiv2/exiv2/issues/176
CVE-2017-1000126 (exiv2 0.26 contains a Stack out of bounds read in webp parser ...)
	[experimental] - exiv2 <unfixed> (low; bug #888864)
	- exiv2 <not-affected> (WebP support introduced in 0.26)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/30/1
	NOTE: https://github.com/Exiv2/exiv2/issues/175
CVE-2017-16879 (Stack-based buffer overflow in the _nc_write_entry function in ...)
	- ncurses 6.0+20171125-1 (bug #882620)
	[stretch] - ncurses 6.0+20161126-1+deb9u2
	[jessie] - ncurses <no-dsa> (Minor issue)
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: PoC https://packetstormsecurity.com/files/download/145045/tic-overflow.tgz
	NOTE: http://invisible-island.net/ncurses/NEWS.html#t20171125
CVE-2017-16878 (Cross-site scripting (XSS) vulnerability in the Captive Portal ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-16877 (ZEIT Next.js before 2.4.1 has directory traversal under the /_next and ...)
	NOT-FOR-US: ZEIT Next.js
CVE-2017-16876 (Cross-site scripting (XSS) vulnerability in the _keyify function in ...)
	- mistune 0.8.1-1
	[stretch] - mistune <no-dsa> (Minor issue)
	NOTE: https://github.com/lepture/mistune/commit/5f06d724bc05580e7f203db2d4a4905fc1127f98
CVE-2017-16875 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
	{DSA-4170-1}
	- pjproject 2.7.1~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: https://trac.pjsip.org/repos/ticket/2055
	NOTE: https://trac.pjsip.org/repos/changeset/5680
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2017-16874
	RESERVED
CVE-2017-16873 (It is possible to exploit an unsanitized PATH in the suid binary that ...)
	NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-1000233
	REJECTED
CVE-2017-1000222
	REJECTED
CVE-2017-1000215 (ROOT xrootd version 4.6.0 and below is vulnerable to an ...)
	- xrootd <itp> (bug #687222)
CVE-2017-1000212 (Elixir's vim plugin, alchemist.vim is vulnerable to remote code ...)
	NOT-FOR-US: Elixir's vim plugin
CVE-2017-1000211 (Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML ...)
	{DLA-1175-1}
	- lynx 2.8.9dev16-1
	[stretch] - lynx <no-dsa> (Minor issue)
	- lynx-cur <removed>
	[jessie] - lynx-cur <no-dsa> (Minor issue)
	NOTE: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9
CVE-2017-1000206 (samtools htslib library version 1.4.0 and earlier is vulnerable to ...)
	- htslib 1.4.1-1
	[stretch] - htslib <no-dsa> (Minor issue)
	[jessie] - htslib <no-dsa> (Minor issue)
CVE-2017-1000204
	REJECTED
CVE-2017-1000203 (ROOT version 6.9.03 and below is vulnerable to an authenticated shell ...)
	- root-system <removed>
	[jessie] - root-system <ignored> (Minor issue)
	[wheezy] - root-system <ignored> (Minor issue as it's restricted to authenticated users)
	NOTE: https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e
CVE-2017-1000192 (Cygnux sysPass version 2.1.7 and older is vulnerable to a Local File ...)
	NOT-FOR-US: Cygnux sysPass
CVE-2017-1000191 (Jool 3.5.0-3.5.1 is vulnerable to a kernel crashing packet resulting ...)
	NOT-FOR-US: Jool
CVE-2017-1000170 (jqueryFileTree 2.1.5 and older Directory Traversal ...)
	NOT-FOR-US: jqueryFileTree
CVE-2017-1000169 (QuickerBB version &lt;= 0.7.2 is vulnerable to arbitrary file writes ...)
	NOT-FOR-US: QuickerBB
CVE-2017-1000168 (sodiumoxide 0.0.13 and older scalarmult() vulnerable to degenerate ...)
	NOT-FOR-US: sodiumoxide
CVE-2017-1000161
	REJECTED
CVE-2017-16872 (An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in ...)
	{DSA-4170-1}
	- pjproject 2.7.1~dfsg-1
	[jessie] - pjproject <ignored> (Minor issue)
	NOTE: https://trac.pjsip.org/repos/ticket/2056
	NOTE: https://trac.pjsip.org/repos/changeset/5682
	NOTE: In jessie Asterisk doesn't use pjproject for SIP (only for ICE, STUN and TURN)
CVE-2017-16871 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...)
	NOT-FOR-US: UpdraftPlus plugin for WordPress
CVE-2017-16870 (** DISPUTED ** The UpdraftPlus plugin through 1.13.12 for WordPress ...)
	NOT-FOR-US: UpdraftPlus plugin for WordPress
CVE-2017-16869 (** DISPUTED ** p_mach.cpp in UPX 3.94 allows remote attackers to cause ...)
	- upx-ucl 3.94-4 (bug #882041; unimportant)
	NOTE: https://github.com/upx/upx/issues/146
	NOTE: crash in CLI tool, no security impact
CVE-2017-16868 (In SWFTools 0.9.2, the wav_convert2mono function in lib/wav.c does not ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/52
	NOTE: Crash in CLI tool, no security impact
CVE-2017-16867 (Amazon Key through 2017-11-16 mishandles Cloud Cam 802.11 ...)
	NOT-FOR-US: Amazon Key
CVE-2017-1000248 (Redis-store &lt;=v1.3.0 allows unsafe objects to be loaded from redis ...)
	- ruby-redis-store 1.1.6-2 (bug #882034)
	[stretch] - ruby-redis-store 1.1.6-1+deb9u1
	NOTE: https://github.com/redis-store/redis-store/commit/e0c1398d54a9661c8c70267c3a925ba6b192142e
CVE-2017-1000247 (British Columbia Institute of Technology CodeIgniter 3.1.3 is ...)
	NOT-FOR-US: CodeIgniter
CVE-2017-1000246 (Python package pysaml2 version 4.4.0 and earlier reuses the ...)
	- python-pysaml2 <unfixed> (bug #882012)
	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
	[jessie] - python-pysaml2 <no-dsa> (Minor issue)
	NOTE: https://github.com/rohe/pysaml2/issues/417
CVE-2017-1000241 (The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected ...)
	NOT-FOR-US: OpenEMR
CVE-2017-1000240 (The application OpenEMR is affected by multiple reflected &amp; stored ...)
	NOT-FOR-US: OpenEMR
CVE-2017-1000239 (InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site ...)
	NOT-FOR-US: InvoicePlane
CVE-2017-1000238 (InvoicePlane version 1.4.10 is vulnerable to a Arbitrary File Upload ...)
	NOT-FOR-US: InvoicePlane
CVE-2017-1000237 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Server-Side Request ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000236 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Reflected Cross-Site ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000235 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to OS Command Injection ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000234 (I, Librarian version &lt;=4.6 &amp; 4.7 is vulnerable to Directory ...)
	- i-librarian <itp> (bug #649291)
CVE-2017-1000232 (A double-free vulnerability in str2host.c in ldns 1.7.0 have ...)
	- ldns <unfixed> (bug #882014)
	[stretch] - ldns <no-dsa> (Minor issue)
	[jessie] - ldns <no-dsa> (Minor issue)
	[wheezy] - ldns <not-affected> (Vulnerable code not present)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257
	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=3bdeed02505c9bbacb3b64a97ddcb1de967153b7
CVE-2017-1000231 (A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified ...)
	{DLA-1182-1}
	- ldns <unfixed> (bug #882015)
	[stretch] - ldns <no-dsa> (Minor issue)
	[jessie] - ldns <no-dsa> (Minor issue)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256
	NOTE: https://git.nlnetlabs.nl/ldns/commit/?id=c8391790c96d4c8a2c10f9ab1460fda83b509fc2
CVE-2017-1000229 (Integer overflow bug in function minitiff_read_info() of optipng 0.7.6 ...)
	{DSA-4058-1 DLA-1184-1}
	- optipng 0.7.6-1.1 (bug #882032)
	NOTE: https://sourceforge.net/p/optipng/bugs/65/
	NOTE: Proposed patch: https://sourceforge.net/p/optipng/bugs/_discuss/thread/2a56b3aa/f6bb/attachment/0001-Prevent-integer-overflow-bug-65-CVE-2017-1000229.patch
CVE-2017-1000228 (nodejs ejs versions older than 2.5.3 is vulnerable to remote code ...)
	NOT-FOR-US: nodejs ejs
CVE-2017-1000226 (Stop User Enumeration 1.3.8 allows user enumeration via the REST API ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1000225 (Reflected XSS in Relevanssi Premium version 1.14.8 when using ...)
	NOT-FOR-US: Relevanssi
CVE-2017-1000224 (CSRF in YouTube (WordPress plugin) could allow unauthenticated ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1000223 (A stored web content injection vulnerability (WCI, a.k.a XSS) is ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-1000220 (soyuka/pidusage &lt;=1.1.4 is vulnerable to command injection in the ...)
	NOT-FOR-US: soyuka/pidusage
CVE-2017-1000219 (npm/KyleRoss windows-cpu all versions vulnerable to command injection ...)
	NOT-FOR-US: npm/KyleRoss windows-cpu
CVE-2017-1000218 (LightFTP version 1.1 is vulnerable to a buffer overflow in the ...)
	NOT-FOR-US: LightFTP
CVE-2017-1000213 (WBCE v1.1.11 is vulnerable to reflected XSS via the &quot;begriff&quot; POST ...)
	NOT-FOR-US: WBCE
CVE-2017-1000210 (picoTCP (versions 1.7.0 - 1.5.0) is vulnerable to stack buffer ...)
	NOT-FOR-US: picoTCP
CVE-2017-1000209 (The Java WebSocket client nv-websocket-client does not verify that the ...)
	NOT-FOR-US: Java WebSocket client nv-websocket-client
CVE-2017-1000208 (A vulnerability in Swagger-Parser's (version &lt;= 1.0.30) yaml parsing ...)
	NOT-FOR-US: Swagger-Parser
CVE-2017-1000197 (October CMS build 412 is vulnerable to file path modification in asset ...)
	NOT-FOR-US: October CMS
CVE-2017-1000196 (October CMS build 412 is vulnerable to PHP code execution in the asset ...)
	NOT-FOR-US: October CMS
CVE-2017-1000195 (October CMS build 412 is vulnerable to PHP object injection in asset ...)
	NOT-FOR-US: October CMS
CVE-2017-1000194 (October CMS build 412 is vulnerable to Apache configuration ...)
	NOT-FOR-US: October CMS
CVE-2017-1000193 (October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand ...)
	NOT-FOR-US: October CMS
CVE-2017-1000189 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
	NOT-FOR-US: nodejs ejs
CVE-2017-1000188 (nodejs ejs version older than 2.5.5 is vulnerable to a ...)
	NOT-FOR-US: nodejs ejs
CVE-2017-1000187 (In SWFTools, an address access exception was found in pdf2swf. ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/36
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000186 (In SWFTools, a stack overflow was found in pdf2swf. ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/34
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000185 (In SWFTools, a memcpy buffer overflow was found in gif2swf. ...)
	- swftools <unfixed>
	[stretch] - swftools <no-dsa> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/33
CVE-2017-1000182 (In SWFTools, a memory leak was found in wav2swf. ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/30
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000176 (In SWFTools, a memcpy buffer overflow was found in swfc. ...)
	- swftools <unfixed>
	[stretch] - swftools <no-dsa> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/23
CVE-2017-1000174 (In SWFTools, an address access exception was found in swfdump ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/21
	NOTE: Crash in CLI tool, no security implications
CVE-2017-1000173 (Creolabs Gravity Version: 1.0 Heap Overflow Potential Code Execution. ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000172 (Creolabs Gravity Version: 1.0 Use-After-Free Possible code execution. ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000164 (Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook ...)
	NOT-FOR-US: Tine groupware
CVE-2017-1000160 (EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting ...)
	NOT-FOR-US: EllisLab ExpressionEngine
CVE-2017-1000158 (CPython (aka Python) up to 2.7.13 is vulnerable to an integer overflow ...)
	{DLA-1190-1 DLA-1189-1}
	- python2.7 2.7.13-4
	[stretch] - python2.7 2.7.13-2+deb9u2
	[jessie] - python2.7 <no-dsa> (Minor issue)
	- python2.6 <removed>
	NOTE: https://bugs.python.org/issue30657
	NOTE: https://github.com/python/cpython/commit/c3c9db89273fabc62ea1b48389d9a3000c1c03ae
	NOTE: The 2.7.13-4 upload included the commit in debian/patches/git-updates.diff
CVE-2017-1000129 (Serendipity 2.0.3 is vulnerable to a SQL injection in the blog ...)
	- serendipity <removed>
CVE-2017-1000125 (Codiad(full version) is vulnerable to write anything to configure file ...)
	NOT-FOR-US: Codiad
CVE-2018-0085
	RESERVED
CVE-2018-0084
	RESERVED
CVE-2018-0083
	RESERVED
CVE-2018-0082
	RESERVED
CVE-2018-0081
	RESERVED
CVE-2018-0080
	RESERVED
CVE-2018-0079
	RESERVED
CVE-2018-0078
	RESERVED
CVE-2018-0077
	RESERVED
CVE-2018-0076
	RESERVED
CVE-2018-0075
	RESERVED
CVE-2018-0074
	RESERVED
CVE-2018-0073
	RESERVED
CVE-2018-0072
	RESERVED
CVE-2018-0071
	RESERVED
CVE-2018-0070
	RESERVED
CVE-2018-0069
	RESERVED
CVE-2018-0068
	RESERVED
CVE-2018-0067
	RESERVED
CVE-2018-0066
	RESERVED
CVE-2018-0065
	RESERVED
CVE-2018-0064
	RESERVED
CVE-2018-0063
	RESERVED
CVE-2018-0062
	RESERVED
CVE-2018-0061
	RESERVED
CVE-2018-0060
	RESERVED
CVE-2018-0059
	RESERVED
CVE-2018-0058
	RESERVED
CVE-2018-0057
	RESERVED
CVE-2018-0056
	RESERVED
CVE-2018-0055
	RESERVED
CVE-2018-0054
	RESERVED
CVE-2018-0053
	RESERVED
CVE-2018-0052
	RESERVED
CVE-2018-0051
	RESERVED
CVE-2018-0050
	RESERVED
CVE-2018-0049
	RESERVED
CVE-2018-0048
	RESERVED
CVE-2018-0047
	RESERVED
CVE-2018-0046
	RESERVED
CVE-2018-0045
	RESERVED
CVE-2018-0044
	RESERVED
CVE-2018-0043
	RESERVED
CVE-2018-0042
	RESERVED
CVE-2018-0041
	RESERVED
CVE-2018-0040
	RESERVED
CVE-2018-0039
	RESERVED
CVE-2018-0038
	RESERVED
CVE-2018-0037
	RESERVED
CVE-2018-0036
	RESERVED
CVE-2018-0035
	RESERVED
CVE-2018-0034
	RESERVED
CVE-2018-0033
	RESERVED
CVE-2018-0032
	RESERVED
CVE-2018-0031
	RESERVED
CVE-2018-0030
	RESERVED
CVE-2018-0029
	RESERVED
CVE-2018-0028
	RESERVED
CVE-2018-0027
	RESERVED
CVE-2018-0026
	RESERVED
CVE-2018-0025
	RESERVED
CVE-2018-0024
	RESERVED
CVE-2018-0023 (JSNAPy is an open source python version of Junos Snapshot ...)
	NOT-FOR-US: JSNAPy
CVE-2018-0022 (A Junos device with VPLS routing-instances configured on one or more ...)
	NOT-FOR-US: Juniper
CVE-2018-0021 (If all 64 digits of the connectivity association name (CKN) key or all ...)
	NOT-FOR-US: Juniper
CVE-2018-0020 (Junos OS may be impacted by the receipt of a malformed BGP UPDATE ...)
	NOT-FOR-US: Juniper
CVE-2018-0019 (A vulnerability in Junos OS SNMP MIB-II subagent daemon (mib2d) may ...)
	NOT-FOR-US: Juniper
CVE-2018-0018 (On SRX Series devices during compilation of IDP policies, an attacker ...)
	NOT-FOR-US: Juniper
CVE-2018-0017 (A vulnerability in the Network Address Translation - Protocol ...)
	NOT-FOR-US: Juniper
CVE-2018-0016 (Receipt of a specially crafted Connectionless Network Protocol (CLNP) ...)
	NOT-FOR-US: Juniper
CVE-2018-0015 (A malicious user with unrestricted access to the AppFormix application ...)
	NOT-FOR-US: AppFormix
CVE-2018-0014 (Juniper Networks ScreenOS devices do not pad Ethernet packets with ...)
	NOT-FOR-US: Juniper
CVE-2018-0013 (A local file inclusion vulnerability in Juniper Networks Junos Space ...)
	NOT-FOR-US: Juniper
CVE-2018-0012 (Junos Space is affected by a privilege escalation vulnerability that ...)
	NOT-FOR-US: Juniper
CVE-2018-0011 (A reflected cross site scripting (XSS) vulnerability in Junos Space ...)
	NOT-FOR-US: Juniper
CVE-2018-0010 (A vulnerability in the Juniper Networks Junos Space Security Director ...)
	NOT-FOR-US: Juniper
CVE-2018-0009 (On Juniper Networks SRX series devices, firewall rules configured to ...)
	NOT-FOR-US: Juniper
CVE-2018-0008 (An unauthenticated root login may allow upon reboot when a commit ...)
	NOT-FOR-US: Juniper
CVE-2018-0007 (An unauthenticated network-based attacker able to send a maliciously ...)
	NOT-FOR-US: Juniper
CVE-2018-0006 (A high rate of VLAN authentication attempts sent from an adjacent host ...)
	NOT-FOR-US: Juniper
CVE-2018-0005 (QFX and EX Series switches configured to drop traffic when the MAC ...)
	NOT-FOR-US: Juniper
CVE-2018-0004 (A sustained sequence of different types of normal transit traffic can ...)
	NOT-FOR-US: Juniper
CVE-2018-0003 (A specially crafted MPLS packet received or processed by the system, ...)
	NOT-FOR-US: Juniper
CVE-2018-0002 (On SRX Series and MX Series devices with a Service PIC with any ALG ...)
	NOT-FOR-US: Juniper
CVE-2018-0001 (A remote, unauthenticated attacker may be able to execute code by ...)
	NOT-FOR-US: Juniper
CVE-2017-16866 (dayrui FineCms 5.2.0 before 2017.11.16 has Cross Site Scripting (XSS) ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-16865 (The Trello importer in Atlassian Jira before version 7.6.1 allows ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-16864 (The issue search resource in Atlassian Jira before version 7.4.2 ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-16863 (The PieChart gadget in Atlassian Jira before version 7.5.3 allows ...)
	NOT-FOR-US: PieChart gadget in Atlassian Jira
CVE-2017-16862 (The IncomingMailServers resource in Atlassian Jira before version ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-16861 (It was possible for double OGNL evaluation in certain redirect action ...)
	NOT-FOR-US: Atlassian Fisheye and Crucible
CVE-2017-16860 (The invalidRedirectUrl template in Atlassian Application Links before ...)
	NOT-FOR-US: Atlassian
CVE-2017-16859
	RESERVED
CVE-2017-16858 (The 'crowd-application' plugin module (notably used by the Google Apps ...)
	NOT-FOR-US: 'crowd-application' plugin module in Atlassian Crowd
CVE-2017-16857 (It is possible to bypass the bitbucket auto-unapprove plugin via ...)
	NOT-FOR-US: Atlassian
CVE-2017-16856 (The RSS Feed macro in Atlassian Confluence before version 6.5.2 allows ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-16855
	REJECTED
CVE-2017-16854 (In Open Ticket Request System (OTRS) through 3.3.20, 4 through 4.0.26, ...)
	{DSA-4066-1 DLA-1212-1}
	- otrs2 6.0.2-1
	NOTE: https://www.otrs.com/security-advisory-2017-08-security-update-otrs-framework/
	NOTE: https://bugs.otrs.org/show_bug.cgi?id=13347
	NOTE: OTRS-6: https://github.com/OTRS/otrs/commit/867aba14900f17caacb0285a08b6981bbdbbe016
	NOTE: OTRS-5: https://github.com/OTRS/otrs/commit/8748d040058695fda5c9cfcb2a78d8947ed4188d
	NOTE: OTRS-4: https://github.com/OTRS/otrs/commit/e0deab303e3d0f7c860bba291410512734f4d6b0
CVE-2017-16851 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16850 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16849 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16848 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16847 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16846 (Zoho ManageEngine Applications Manager 13 allows SQL injection via the ...)
	NOT-FOR-US: Zoho ManageEngine Applications Manager
CVE-2017-16845 (hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values ...)
	- qemu 1:2.12~rc3+dfsg-1 (bug #882136)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg02982.html
	NOTE: https://git.qemu.org/?p=qemu.git;a=commitdiff;h=802cbcb73002b92e6ddc8464d39b668a71b78d74
CVE-2017-16844 (Heap-based buffer overflow in the loadbuf function in formisc.c in ...)
	{DSA-4041-1 DLA-1173-1}
	- procmail 3.22-26 (bug #876511)
CVE-2017-16843 (Vonage VDV-23 115 3.2.11-0.9.40 devices have stored XSS via the ...)
	NOT-FOR-US: Vonage VDV-23
CVE-2017-16842 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Yoast SEO plugin for WordPress
CVE-2017-16841 (LanSweeper 6.0.100.75 has XSS via the description parameter to ...)
	NOT-FOR-US: LanSweeper
CVE-2017-16840 (The VC-2 Video Compression encoder in FFmpeg 3.4 allows remote ...)
	{DSA-4049-1}
	- ffmpeg 7:3.4.1-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=a94cb36ab2ad99d3a1331c9f91831ef593d94f74
CVE-2017-16839 (Hashicorp vagrant-vmware-fusion 5.0.4 allows local users to steal root ...)
	NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16838
	RESERVED
CVE-2017-16837 (Certain function pointers in Trusted Boot (tboot) through 1.9.6 are not ...)
	- tboot <itp> (bug #803180)
CVE-2017-16836 (Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse ...)
	NOT-FOR-US: Arris TG1682G devices
CVE-2017-16835 (The &quot;Photo,Video Locker-Calculator&quot; application 12.0 for Android has ...)
	NOT-FOR-US: Photo Video Locker-Calculator application for Android
CVE-2017-16834 (PNP4Nagios through 0.6.26 has /usr/bin/npcd and npcd.cfg owned by an ...)
	- pnp4nagios <not-affected> (/etc/pnp4nagios and its content is installed as root by the Debian package)
	NOTE: https://github.com/lingej/pnp4nagios/issues/140
CVE-2017-16833 (Stored cross-site scripting (XSS) vulnerability in Gemirro before ...)
	NOT-FOR-US: Gemirro
CVE-2017-16853 (The DynamicMetadataProvider class in ...)
	{DSA-4039-1 DLA-1178-1}
	- opensaml2 2.6.1-1 (bug #881856)
	NOTE: https://git.shibboleth.net/view/?p=cpp-opensaml.git;a=commit;h=6182b0acf2df670e75423c2ed7afe6950ef11c9d
	NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
CVE-2017-16852 (shibsp/metadata/DynamicMetadataProvider.cpp in the Dynamic ...)
	{DSA-4038-1 DLA-1179-1}
	- shibboleth-sp2 2.6.1+dfsg1-1 (bug #881857)
	NOTE: https://git.shibboleth.net/view/?p=cpp-sp.git;a=commit;h=b66cceb0e992c351ad5e2c665229ede82f261b16
	NOTE: https://shibboleth.net/community/advisories/secadv_20171115.txt
CVE-2017-16832 (The pe_bfd_read_buildid function in peicode.h in the Binary File ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22373
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0bb6961f18b8e832d88b490d421ca56cea16c45b
CVE-2017-16831 (coffgen.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22385
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6cee897971d4d7cd37d2a686bb6d2aa3e759c8ca
CVE-2017-16830 (The print_gnu_property_note function in readelf.c in GNU Binutils ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22384
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=6ab2c4ed51f9c4243691755e1b1d2149c6a426f4
CVE-2017-16829 (The _bfd_elf_parse_gnu_properties function in elf-properties.c in the ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22307
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cf54ebff3b7361989712fd9c0128a9b255578163
CVE-2017-16828 (The display_debug_frames function in dwarf.c in GNU Binutils 2.29.1 ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22386
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bf59c5d5f4f5b8b4da1f5f605cfa546f8029b43d
CVE-2017-16827 (The aout_get_external_symbols function in aoutx.h in the Binary File ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22306
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0301ce1486b1450f219202677f30d0fa97335419
CVE-2017-16826 (The coff_slurp_line_table function in coffcode.h in the Binary File ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22376
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a67d66eb97e7613a38ffe6622d837303b3ecd31d
CVE-2017-16825
	RESERVED
CVE-2017-16824
	RESERVED
CVE-2017-16823
	RESERVED
CVE-2017-16822
	RESERVED
CVE-2017-16821 (b3log Symphony (aka Sym) 2.2.0 has XSS in processor/AdminProcessor.java ...)
	NOT-FOR-US: b3log Symphony
CVE-2017-16819 (A stored cross-site scripting vulnerability in the Icon Time Systems ...)
	NOT-FOR-US: Icon Time Systems RTC-1000
CVE-2017-16818 (RADOS Gateway in Ceph 12.1.0 through 12.2.1 allows remote ...)
	- ceph <not-affected> (Vulnerable code introduced after 12.1.0)
	NOTE: https://github.com/ceph/ceph/commit/b3118cabb8060a8cc6a01c4e8264cb18e7b1745a
CVE-2017-16817
	RESERVED
CVE-2017-16816 [A user can cause the condor_schedd to crash by submitting a job designed for that purpose]
	RESERVED
	- condor 8.6.8~dfsg.1-1
	[stretch] - condor <not-affected> (VOMS support disabled)
	[jessie] - condor <no-dsa> (Minor issue)
	[wheezy] - condor <no-dsa> (Minor issue)
	NOTE: http://research.cs.wisc.edu/htcondor//security/vulnerabilities/HTCONDOR-2017-0001.html
CVE-2017-16815 (installer.php in the Snap Creek Duplicator (WordPress Site Migration &amp; ...)
	NOT-FOR-US: Snap Creek Duplicator (WordPress Site Migration & Backup) plugin for WordPress
CVE-2017-16820 (The csnmp_read_table function in snmp.c in the SNMP plugin in collectd ...)
	- collectd 5.8.0-1 (bug #881757)
	[stretch] - collectd <no-dsa> (Minor issue)
	[jessie] - collectd <no-dsa> (Minor issue)
	[wheezy] - collectd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/collectd/collectd/issues/2291
CVE-2017-16814 (A Directory Traversal issue was discovered in the Foxit MobilePDF app ...)
	NOT-FOR-US: Foxit
CVE-2017-16813 (A denial-of-service issue was discovered in the Foxit MobilePDF app ...)
	NOT-FOR-US: Foxit
CVE-2017-16812
	RESERVED
CVE-2017-16811
	RESERVED
CVE-2017-16810 (Cross-site scripting (XSS) vulnerability in the All Variables tab in ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-16809
	RESERVED
CVE-2017-16808 (tcpdump 4.9.2 has a heap-based buffer over-read related to aoe_print in ...)
	- tcpdump <unfixed> (low; bug #881862)
	[stretch] - tcpdump <postponed> (Can be fixed along in a future update)
	[jessie] - tcpdump <postponed> (Can be fixed along in a future update)
	[wheezy] - tcpdump <postponed> (Can be fixed along in a future update)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/645
CVE-2017-16807 (A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, ...)
	NOT-FOR-US: Kirby Panel
CVE-2017-16806 (The Process function in RemoteTaskServer/WebServer/HttpServer.cs in ...)
	NOT-FOR-US: Ulterius
CVE-2017-16805 (In radare2 2.0.1, libr/bin/dwarf.c allows remote attackers to cause a ...)
	- radare2 2.1.0+dfsg-1 (bug #882134)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <not-affected> (Vulnerable code does not exist; no dwarf support)
	NOTE: https://github.com/radare/radare2/commit/2ca9ab45891b6ae8e32b6c28c81eebca059cbe5d
	NOTE: https://github.com/radare/radare2/issues/8813
CVE-2017-16803 (In Libav through 11.11 and 12.x through 12.1, the smacker_decode_tree ...)
	{DSA-4119-1}
	- libav <removed> (low)
	- ffmpeg 7:2.2.1-1
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1098
	NOTE: https://github.com/libav/libav/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
	NOTE: ffmpeg: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/cd4663dc80323ba64989d0c103d51ad3ee0e9c2f
	NOTE: ffmpeg originally fixed by: https://git.ffmpeg.org/gitweb/ffmpeg.git/commitdiff/b829da363985cb2f80130bba304cc29a632f6446
CVE-2017-16802 (In the sharingGroupPopulateOrganisations function in ...)
	NOT-FOR-US: MISP
CVE-2017-16804 (In Redmine before 3.2.7 and 3.3.x before 3.3.4, the reminders function ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/issues/25713 (private)
	NOTE: upstream fixed in 3.2.7, 3.3.4 and 3.4.0
	NOTE: https://github.com/redmine/redmine/commit/0f09f161f64f4190a52166675ff380a15b72a8bc
CVE-2017-16801 (Cross-site scripting (XSS) vulnerability in Octopus Deploy ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-16800
	RESERVED
CVE-2017-16799 (In CMS Made Simple 2.2.3.1, in modules/New/action.addcategory.php, ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16798 (In CMS Made Simple 2.2.3.1, the is_file_acceptable function in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16797 (In SWFTools 0.9.2, the png_load function in lib/png.c does not properly ...)
	- swftools <unfixed>
	[stretch] - swftools <no-dsa> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/51
CVE-2017-16796 (In SWFTools 0.9.2, the png_load function in lib/png.c does not check ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/51
	NOTE: Crash in CLI tool, no security implications
CVE-2017-16795
	RESERVED
CVE-2017-16794 (The png_load function in lib/png.c in SWFTools 0.9.2 does not properly ...)
	- swftools <unfixed> (unimportant)
	NOTE: https://github.com/matthiaskramm/swftools/issues/50
	NOTE: Crash in CLI tool, no security implications
CVE-2017-16793 (The wav_convert2mono function in lib/wav.c in SWFTools 0.9.2 does not ...)
	- swftools <unfixed>
	[stretch] - swftools <no-dsa> (Minor issue)
	[jessie] - swftools <no-dsa> (Minor issue)
	[wheezy] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/47
CVE-2017-16792 (Stored cross-site scripting (XSS) vulnerability in &quot;geminabox&quot; (Gem in ...)
	NOT-FOR-US: geminabox
CVE-2017-16791
	RESERVED
CVE-2017-16790
	RESERVED
CVE-2017-16789 (Cross-site scripting (XSS) vulnerability in Integration Matters nJAMS ...)
	NOT-FOR-US: TIBCO
CVE-2017-16788 (Directory traversal vulnerability in the &quot;Upload Groupkey&quot; ...)
	NOT-FOR-US: Meinberg LANTIME
CVE-2017-16787 (The Web Configuration Utility in Meinberg LANTIME devices with ...)
	NOT-FOR-US: Meinberg LANTIME
CVE-2017-16786 (The Web Configuration Utility in Meinberg LANTIME devices with ...)
	NOT-FOR-US: Meinberg LANTIME
CVE-2017-16784 (In CMS Made Simple 2.2.2, there is Reflected XSS via the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16783 (In CMS Made Simple 2.1.6, there is Server-Side Template Injection via ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-16782 (In Home Assistant before 0.57, it is possible to inject JavaScript code ...)
	NOT-FOR-US: Home Assistant
CVE-2017-16781 (The installer in MyBB before 1.8.13 has XSS. ...)
	NOT-FOR-US: MyBB
CVE-2017-16780 (The installer in MyBB before 1.8.13 allows remote attackers to execute ...)
	NOT-FOR-US: MyBB
CVE-2017-16785 (Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php. ...)
	- cacti 1.1.27+ds1-3
	[stretch] - cacti <not-affected> (Vulnerable code does not exist)
	[jessie] - cacti <not-affected> (Vulnerable code does not exist)
	[wheezy] - cacti <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/Cacti/cacti/issues/1071
	NOTE: this is more or less a dublicate of CVE-2017-16641
	NOTE: one of the applied patches reopened the vulnerability
CVE-2017-16779
	RESERVED
CVE-2017-16778
	RESERVED
CVE-2017-16777 (If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-16776 (Security researchers discovered an authentication bypass vulnerability ...)
	NOT-FOR-US: Conserus Workflow Intelligence
CVE-2017-16775
	RESERVED
CVE-2017-16774
	RESERVED
CVE-2017-16773
	RESERVED
CVE-2017-16772 (Improper input validation vulnerability in ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-16771 (Cross-site scripting (XSS) vulnerability in Log Viewer in Synology ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-16770 (File and directory information exposure vulnerability in ...)
	NOT-FOR-US: Synology Surveillance Station
CVE-2017-16769 (Exposure of private information vulnerability in Photo Viewer in ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-16768 (Cross-site scripting (XSS) vulnerability in User Policy editor in ...)
	NOT-FOR-US: Synology MailPlus Server
CVE-2017-16767 (Cross-site scripting (XSS) vulnerability in User Profile in Synology ...)
	NOT-FOR-US: Synology Surveillance Station
CVE-2017-16766 (An improper access control vulnerability in synodsmnotify in Synology ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-16765 (XSS exists on D-Link DWR-933 1.00(WW)B17 devices via cgi-bin/gui.cgi. ...)
	NOT-FOR-US: D-Link
CVE-2017-16764 (An exploitable vulnerability exists in the YAML parsing functionality ...)
	NOT-FOR-US: django_make_app
CVE-2017-16763 (An exploitable vulnerability exists in the YAML parsing functionality ...)
	NOT-FOR-US: Confire
CVE-2017-16762 (Sanic before 0.5.1 allows reading arbitrary files with directory ...)
	NOT-FOR-US: Sanic
CVE-2017-16761 (An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16760 (Inedo BuildMaster before 5.8.2 has XSS. ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16759 (The installation process in LibreNMS before 2017-08-18 allows remote ...)
	NOT-FOR-US: LibreNMS
CVE-2017-16758 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-16757 (Hola VPN 1.34 has weak permissions (Everyone:F) under %PROGRAMFILES%, ...)
	NOT-FOR-US: Hola VPN
CVE-2017-16756 (An issue was discovered in Userscape HelpSpot before 4.7.2. A ...)
	NOT-FOR-US: Userscape HelpSpot
CVE-2017-16755 (An issue was discovered in Userscape HelpSpot before 4.7.2. A reflected ...)
	NOT-FOR-US: Userscape HelpSpot
CVE-2017-16754 (Bolt before 3.3.6 does not properly restrict access to _profiler ...)
	NOT-FOR-US: Bolt CMS
CVE-2017-16753 (An Improper Input Validation issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16752
	RESERVED
CVE-2017-16751 (A Stack-based Buffer Overflow issue was discovered in Delta Electronics ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16750
	RESERVED
CVE-2017-16749 (A Use-after-Free issue was discovered in Delta Electronics Delta ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16748
	RESERVED
CVE-2017-16747 (An Out-of-bounds Write issue was discovered in Delta Electronics Delta ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16746
	RESERVED
CVE-2017-16745 (A Type Confusion issue was discovered in Delta Electronics Delta ...)
	NOT-FOR-US: Delta Electronics Delta Industrial Automation Screen Editor
CVE-2017-16744
	RESERVED
CVE-2017-16743 (An Improper Authorization issue was discovered in PHOENIX CONTACT FL ...)
	NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16742
	RESERVED
CVE-2017-16741 (An Information Exposure issue was discovered in PHOENIX CONTACT FL ...)
	NOT-FOR-US: PHOENIX CONTACT FL SWITCH
CVE-2017-16740 (A Buffer Overflow issue was discovered in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley MicroLogix 1400 Controllers
CVE-2017-16739 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
	NOT-FOR-US: WECON Technology LEVI Studio HMI Editor
CVE-2017-16738
	RESERVED
CVE-2017-16737 (An issue was discovered in WECON Technology LEVI Studio HMI Editor ...)
	NOT-FOR-US: WECON Technology LEVI Studio HMI Editor
CVE-2017-16736 (An Unrestricted Upload Of File With Dangerous Type issue was discovered ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16735 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2017-16734
	RESERVED
CVE-2017-16733 (A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2017-16732 (A use-after-free issue was discovered in Advantech WebAccess versions ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16731 (An Unprotected Transport of Credentials issue was discovered in ABB ...)
	NOT-FOR-US: Ellipse
CVE-2017-16730
	RESERVED
CVE-2017-16729
	RESERVED
CVE-2017-16728 (An Untrusted Pointer Dereference issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16727 (A Credentials Management issue was discovered in Moxa NPort W2150A ...)
	NOT-FOR-US: Moxa
CVE-2017-16726
	RESERVED
CVE-2017-16725 (A Stack-based Buffer Overflow issue was discovered in Xiongmai ...)
	NOT-FOR-US: Xiongmai Technology IP Cameras and DVRs
CVE-2017-16724 (A Stack-based Buffer Overflow issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16723 (A Cross-site Scripting issue was discovered in PHOENIX CONTACT FL ...)
	NOT-FOR-US: PHOENIX
CVE-2017-16722
	RESERVED
CVE-2017-16721 (A Cross-site Scripting issue was discovered in Geovap Reliance SCADA ...)
	NOT-FOR-US: Geovap Reliance SCADA
CVE-2017-16720 (A Path Traversal issue was discovered in WebAccess versions prior to ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16719 (An Injection issue was discovered in Moxa NPort 5110 Version 2.2, NPort ...)
	NOT-FOR-US: Moxa
CVE-2017-16718
	RESERVED
CVE-2017-16717 (A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio ...)
	NOT-FOR-US: WECON LeviStudio HMI
CVE-2017-16716 (A SQL Injection issue was discovered in WebAccess versions prior to ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-16715 (An Information Exposure issue was discovered in Moxa NPort 5110 Version ...)
	NOT-FOR-US: Moxa
CVE-2017-16714
	RESERVED
CVE-2017-16713
	RESERVED
CVE-2017-16712
	RESERVED
CVE-2017-16711 (The swf_DefineLosslessBitsTagToImage function in lib/modules/swfbits.c ...)
	- swftools <unfixed> (unimportant; bug #881390)
	NOTE: https://github.com/matthiaskramm/swftools/issues/46
	NOTE: Crash in CLI tool, no security implications
CVE-2017-16710
	RESERVED
CVE-2017-16709
	RESERVED
CVE-2017-16708
	RESERVED
CVE-2017-16707
	RESERVED
CVE-2017-16706
	RESERVED
CVE-2017-16705
	RESERVED
CVE-2017-16704
	RESERVED
CVE-2017-16703
	RESERVED
CVE-2017-16702
	RESERVED
CVE-2017-16701
	RESERVED
CVE-2017-16700
	RESERVED
CVE-2017-16699
	RESERVED
CVE-2017-16698
	RESERVED
CVE-2017-16697
	RESERVED
CVE-2017-16696
	RESERVED
CVE-2017-16695
	RESERVED
CVE-2017-16694
	RESERVED
CVE-2017-16693
	RESERVED
CVE-2017-16692
	RESERVED
CVE-2017-16691 (SAP Note Assistant tool (SAP BASIS from 7.00 to 7.02, from 7.10 to ...)
	NOT-FOR-US: SAP Note Assistant
CVE-2017-16690 (A malicious DLL preload attack possible on NwSapSetup and Installation ...)
	NOT-FOR-US: SAP Plant Connectivity
CVE-2017-16689 (A Trusted RFC connection in SAP KERNEL 32NUC, SAP KERNEL 32Unicode, ...)
	NOT-FOR-US: SAP KERNEL
CVE-2017-16688
	RESERVED
CVE-2017-16687 (The user self-service tools of SAP HANA extended application services, ...)
	NOT-FOR-US: SAP HANA
CVE-2017-16686
	RESERVED
CVE-2017-16685 (Cross-Site scripting (XSS) in SAP Business Warehouse Universal Data ...)
	NOT-FOR-US: SAP Business Warehouse Universal Data Integration
CVE-2017-16684 (SAP Business Intelligence Promotion Management Application, Enterprise ...)
	NOT-FOR-US: SAP Business Intelligence Promotion Management Application
CVE-2017-16683 (Denial of Service (DOS) in SAP Business Objects Platform, Enterprise ...)
	NOT-FOR-US: SAP Business Objects Platform
CVE-2017-16682 (SAP NetWeaver Internet Transaction Server (ITS), SAP Basis from 7.00 ...)
	NOT-FOR-US: SAP NetWeaver Internet Transaction Server
CVE-2017-16681 (Cross-Site Scripting (XSS) vulnerability in SAP Business Intelligence ...)
	NOT-FOR-US: SAP Business Intelligence Promotion Management Application
CVE-2017-16680 (Two potential audit log injections in SAP HANA extended application ...)
	NOT-FOR-US: SAP HANA extended application services
CVE-2017-16679 (URL redirection vulnerability in SAP's Startup Service, SAP KERNEL 32 ...)
	NOT-FOR-US: SAP's Startup Service
CVE-2017-16678 (Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver ...)
	NOT-FOR-US: SAP NetWeaver Knowledge Management Configuration Service
CVE-2017-16677
	RESERVED
CVE-2017-16676
	RESERVED
CVE-2017-16675
	RESERVED
CVE-2017-16674 (Datto Windows Agent allows unauthenticated remote command execution via ...)
	NOT-FOR-US: Datto Windows Agent
CVE-2017-16673 (Datto Backup Agent 1.0.6.0 and earlier does not authenticate incoming ...)
	NOT-FOR-US: Datto Backup Agent
CVE-2017-16672 (An issue was discovered in Asterisk Open Source 13 before 13.18.1, 14 ...)
	- asterisk 1:13.18.1~dfsg-1 (bug #881256)
	[stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-011.html
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-011-13.diff
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27345
CVE-2017-16671 (A Buffer Overflow issue was discovered in Asterisk Open Source 13 ...)
	- asterisk 1:13.18.1~dfsg-1 (bug #881257)
	[stretch] - asterisk 1:13.14.1~dfsg-2+deb9u3
	[jessie] - asterisk <not-affected> (Vulnerable code do not exist)
	[wheezy] - asterisk <not-affected> (Vulnerable code do not exist)
	NOTE: http://downloads.digium.com/pub/security/AST-2017-010.html
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-010-13.diff
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27337
CVE-2017-16670 (The project import functionality in SoapUI 5.3.0 allows remote ...)
	NOT-FOR-US: SoapUI
CVE-2017-16669 (coders/wpg.c in GraphicsMagick 1.3.26 allows remote attackers to cause ...)
	{DLA-1168-1}
	- graphicsmagick 1.3.26-19 (bug #881391)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/450/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/135bdcb88b8d
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b9e64a8901e
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2a21cda3145b
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2b7c826d36af
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/3dc7b4e3779d
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/75245a215fff
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/fcd3ed3394f6
CVE-2017-16668
	RESERVED
CVE-2017-16666 (Xplico before 1.2.1 allows remote authenticated users to execute ...)
	NOT-FOR-US: Xplico
CVE-2017-16665 (RemObjects Remoting SDK 9 1.0.0.0 for Delphi is vulnerable to a ...)
	NOT-FOR-US: RemObjects Remoting SDK
CVE-2017-16664 (Code injection exists in Kernel/System/Spelling.pm in Open Ticket ...)
	{DSA-4047-1 DLA-1212-1}
	- otrs2 5.0.24-1 (bug #882370)
	NOTE: https://www.otrs.com/security-advisory-2017-07-security-update-otrs-framework/
	NOTE: OTRS 5: https://github.com/OTRS/otrs/commit/4c36932d0c42343f21246a107e17a2ebbd9c2c7d
	NOTE: OTRS 3.3: https://github.com/OTRS/otrs/commit/2e58a4bbd99b2477d72c3b2d9fef009537ab19ce
CVE-2017-16667 (backintime (aka Back in Time) before 1.1.24 did improper ...)
	- backintime <unfixed> (bug #881205)
	[stretch] - backintime <no-dsa> (Minor issue)
	[jessie] - backintime <no-dsa> (Minor issue)
	[wheezy] - backintime <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/bit-team/backintime/issues/834
	NOTE: https://github.com/bit-team/backintime/commit/cef81d0da93ff601252607df3db1a48f7f6f01b3
CVE-2017-16663 (In sam2p 0.49.4, there are integer overflows (with resultant heap-based ...)
	{DLA-1185-1}
	- sam2p <removed>
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/16
CVE-2017-16662
	RESERVED
CVE-2017-16659 (The Gentoo mail-filter/assp package 1.9.8.13030 and earlier allows ...)
	NOT-FOR-US: assp as packaged by Gentoo
CVE-2017-16658
	RESERVED
CVE-2017-16657
	RESERVED
CVE-2017-16656
	RESERVED
CVE-2017-16655
	RESERVED
CVE-2017-16654
	RESERVED
CVE-2017-16653
	RESERVED
CVE-2017-16652
	RESERVED
CVE-2017-16651 (Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before ...)
	{DSA-4030-1 DLA-1193-1}
	- roundcube 1.3.3+dfsg.1-1
	NOTE: master: https://github.com/roundcube/roundcubemail/commit/2a32f51c91d5e9c7b1a9d931846dd44c008ff36d
	NOTE: release-1.3: https://github.com/roundcube/roundcubemail/commit/c90ad5a97784fb32683b8e3c21d6c95baab6d806
	NOTE: release-1.2: https://github.com/roundcube/roundcubemail/commit/9be2224c779d7abc7b29eea2b83a8a3671c543e0
	NOTE: release-1.1: https://github.com/roundcube/roundcubemail/commit/e757cc410145d043c30889d28fa0b5f67a5cf2fd
	NOTE: release-1.0: https://github.com/roundcube/roundcubemail/commit/8d87bb34f3c6103ab81e5342d8b3d297832d178a
	NOTE: https://github.com/roundcube/roundcubemail/issues/6026
CVE-2017-16650 (The qmi_wwan_bind function in drivers/net/usb/qmi_wwan.c in the Linux ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16649 (The usbnet_generic_cdc_bind function in drivers/net/usb/cdc_ether.c in ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16648 (The dvb_frontend_free function in drivers/media/dvb-core/dvb_frontend.c ...)
	- linux <not-affected> (Vulnerable code not present)
CVE-2017-16647 (drivers/net/usb/asix_devices.c in the Linux kernel through 4.13.11 ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16646 (drivers/media/usb/dvb-usb/dib0700_devices.c in the Linux kernel through ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16645 (The ims_pcu_get_cdc_union_desc function in drivers/input/misc/ims-pcu.c ...)
	- linux 4.14.2-1 (unimportant)
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.56-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: CONFIG_INPUT_IMS_PCU is not set in Debian config
CVE-2017-16644 (The hdpvr_probe function in drivers/media/usb/hdpvr/hdpvr-core.c in the ...)
	{DSA-4073-1}
	- linux 4.14.7-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16643 (The parse_hid_report_descriptor function in drivers/input/tablet/gtco.c ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16642 (In PHP before 5.6.32, 7.x before 7.0.25, and 7.1.x before 7.1.11, an ...)
	{DSA-4081-1 DSA-4080-1}
	- php7.1 7.1.11-1
	- php7.0 7.0.25-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present; proof of concept produces expected non-buggy output; upstream patch also appears overly intrusive)
	NOTE: Fixed in: 5.6.32, 7.0.25, 7.1.11
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=75055
	NOTE: https://github.com/derickr/timelib/commit/aa9156006e88565e1f1a5f7cc088b18322d57536
	NOTE: https://github.com/php/php-src/commit/5c0455bf2c8cd3c25401407f158e820aa3b239e1
CVE-2017-16661 (Cacti 1.1.27 allows remote authenticated administrators to read ...)
	- cacti 1.1.27+ds1-3
	[stretch] - cacti <not-affected> (Vulnerable code does not exist)
	[jessie] - cacti <not-affected> (Vulnerable code does not exist)
	[wheezy] - cacti <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/Cacti/cacti/issues/1066
	NOTE: affected code was introduced in the 1.x release
CVE-2017-16660 (Cacti 1.1.27 allows remote authenticated administrators to conduct ...)
	- cacti 1.1.27+ds1-3
	[stretch] - cacti <not-affected> (Vulnerable code does not exist)
	[jessie] - cacti <not-affected> (Vulnerable code does not exist)
	[wheezy] - cacti <not-affected> (Vulnerable code does not exist)
	NOTE: https://github.com/Cacti/cacti/issues/1066
	NOTE: affected code was introduced in the 1.x release
CVE-2017-16641 (lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators ...)
	- cacti 1.1.27+ds1-3 (bug #881110)
	[stretch] - cacti <ignored> (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream)
	[jessie] - cacti <ignored> (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream)
	[wheezy] - cacti <no-dsa> (Minor issue, due to CVE-2009-4112 does not make sense to isolately fix unless CVE-2009-4112 adressed upstream)
	NOTE: https://github.com/Cacti/cacti/issues/1057
	NOTE: https://github.com/Cacti/cacti/commit/e8088bb6593e6a49d000c342d17402f01db8740e
CVE-2017-16640
	RESERVED
CVE-2017-16639
	RESERVED
CVE-2008-7319 (The Net::Ping::External extension through 0.15 for Perl does not ...)
	- libnet-ping-external-perl <removed> (bug #881097)
	[wheezy] - libnet-ping-external-perl <ignored> (Package may be removed from Wheezy, see #881102)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=33230
	NOTE: Proposed patch: http://matthias.sdfeu.org/devel/net-ping-external-cmd-injection.patch
CVE-2017-16638 (The Gentoo net-misc/vde package before version 2.3.2-r4 may allow ...)
	NOT-FOR-US: Gentoo net-misc/vde packaging issue
CVE-2017-16637 (In Vectura Perfect Privacy VPN Manager v1.10.10 and v1.10.11, when ...)
	NOT-FOR-US: Vectura Perfect Privacy VPN Manager
CVE-2017-16636 (In Bludit v1.5.2 and v2.0.1, an XSS vulnerability is located in the new ...)
	NOT-FOR-US: Bludit
CVE-2017-16635 (In TinyWebGallery v2.4, an XSS vulnerability is located in the ...)
	NOT-FOR-US: TinyWebGallery
CVE-2017-16634 (In Joomla! before 3.8.2, a bug allowed third parties to bypass a ...)
	NOT-FOR-US: Joomla!
CVE-2017-16633 (In Joomla! before 3.8.2, a logic bug in com_fields exposed read-only ...)
	NOT-FOR-US: Joomla!
CVE-2017-16632
	RESERVED
CVE-2017-16631
	RESERVED
CVE-2017-16630
	RESERVED
CVE-2017-16629
	RESERVED
CVE-2017-16628
	RESERVED
CVE-2017-16627
	RESERVED
CVE-2017-16626
	RESERVED
CVE-2017-16625
	RESERVED
CVE-2017-16624
	RESERVED
CVE-2017-16623
	RESERVED
CVE-2017-16622
	RESERVED
CVE-2017-16621
	RESERVED
CVE-2017-16620
	RESERVED
CVE-2017-16619
	RESERVED
CVE-2017-16618 (An exploitable vulnerability exists in the YAML loading functionality ...)
	NOT-FOR-US: OwlMixin
CVE-2017-16617
	RESERVED
CVE-2017-16616 (An exploitable vulnerability exists in the YAML parsing functionality ...)
	NOT-FOR-US: pyanyapi
CVE-2017-16615 (An exploitable vulnerability exists in the YAML parsing functionality ...)
	NOT-FOR-US: MLAlchemy
CVE-2017-16614 (SSRF (Server Side Request Forgery) in tpshop 2.0.5 and 2.0.6 allows ...)
	NOT-FOR-US: tpshop
CVE-2017-16613 (An issue was discovered in middleware.py in OpenStack Swauth through ...)
	{DSA-4044-1}
	- swauth 1.2.0-4 (bug #882314)
	NOTE: https://bugs.launchpad.net/swift/+bug/1655781
CVE-2017-16612 (libXcursor before 1.1.15 has various integer overflows that could lead ...)
	{DSA-4059-1 DLA-1201-1}
	- libxcursor 1:1.1.14-3.1 (bug #883792)
	- wayland 1.14.0-2 (bug #889681)
	[stretch] - wayland <no-dsa> (Minor issue)
	[jessie] - wayland <no-dsa> (Minor issue)
	[wheezy] - wayland <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/6
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXcursor/commit/?id=4794b5dd34688158fb51a2943032569d3780c4b8
	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188036018262&w=2
	NOTE: Wayland: https://bugs.freedesktop.org/show_bug.cgi?id=103961
	NOTE: Wayland: https://cgit.freedesktop.org/wayland/wayland/commit/?id=5d201df72f3d4f4cb8b8f75f980169b03507da38
CVE-2017-16611 (In libXfont before 1.5.4 and libXfont2 before 2.0.3, a local attacker ...)
	- libxfont 1:2.0.3-1 (low; bug #883929)
	[stretch] - libxfont <no-dsa> (Minor issue)
	[jessie] - libxfont <no-dsa> (Minor issue)
	[wheezy] - libxfont <postponed> (Minor issue)
	- libxfont1 <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/28/7
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=7b377456f95d2ec3ead40f4fb74ea620191f88c8
	NOTE: (for 1.5.x): https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?h=libXfont-1.5-branch&id=5ed8ac0e4f063825b8ecda48e9a111d3ce92e825
	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188049718337&w=2
	NOTE: https://marc.info/?l=freedesktop-xorg-announce&m=151188044218304&w=2
CVE-2017-16610 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Netgain
CVE-2017-16609 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Netgain
CVE-2017-16608 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Netgain
CVE-2017-16607 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Netgain
CVE-2017-16606 (This vulnerability allows remote attackers to execute code by creating ...)
	NOT-FOR-US: Netgain
CVE-2017-16605 (This vulnerability allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Netgain
CVE-2017-16604 (This vulnerability allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Netgain
CVE-2017-16603 (This vulnerability allows remote attackers to execute code by creating ...)
	NOT-FOR-US: Netgain
CVE-2017-16602 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Netgain
CVE-2017-16601 (This vulnerability allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Netgain
CVE-2017-16600 (This vulnerability allows remote attackers to overwrite files on ...)
	NOT-FOR-US: Netgain
CVE-2017-16599 (This vulnerability allows remote attackers to delete arbitrary files ...)
	NOT-FOR-US: Netgain
CVE-2017-16598 (This vulnerability allows remote attackers to execute code by ...)
	NOT-FOR-US: Netgain
CVE-2017-16597 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Netgain
CVE-2017-16596 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Netgain
CVE-2017-16595 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Netgain
CVE-2017-16594 (This vulnerability allows remote attackers to create arbitrary files ...)
	NOT-FOR-US: Netgain
CVE-2017-16593 (This vulnerability allows remote attackers to delete arbitrary files ...)
	NOT-FOR-US: Netgain
CVE-2017-16592 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Netgain
CVE-2017-16591 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Netgain
CVE-2017-16590 (This vulnerability allows remote attackers to bypass authentication on ...)
	NOT-FOR-US: Netgain
CVE-2017-16589 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16588 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16587 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16586 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16585 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16584 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16583 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16582 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16581 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16580 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16579 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16578 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16577 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16576 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16575 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16574 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16573 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16572 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16571 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-16570 (KeystoneJS before 4.0.0-beta.7 allows application-wide CSRF bypass by ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-16569 (An Open URL Redirect issue exists in Zurmo 3.2.1.57987acc3018 via an ...)
	NOT-FOR-US: Zurmo
CVE-2017-16568 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
	NOT-FOR-US: Logitech Media Server
CVE-2017-16567 (Cross-site scripting (XSS) vulnerability in Logitech Media Server ...)
	NOT-FOR-US: Logitech Media Server
CVE-2017-16566 (On Jooan IP Camera A5 2.3.36 devices, an insecure FTP server does not ...)
	NOT-FOR-US: Jooan IP Camera A5 2.3.36 devices
CVE-2017-16565 (Cross-Site Request Forgery (CSRF) in /cgi-bin/login on Vonage ...)
	NOT-FOR-US: Vonage
CVE-2017-16564 (Stored Cross-site scripting (XSS) vulnerability in /cgi-bin/config2 on ...)
	NOT-FOR-US: Vonage
CVE-2017-16563 (Cross-Site Request Forgery (CSRF) in the Basic Settings screen on ...)
	NOT-FOR-US: Vonage
CVE-2017-16562 (The UserPro plugin before 4.9.17.1 for WordPress, when used on a site ...)
	NOT-FOR-US: WordPress plugin userpro
CVE-2017-16561 (/view/friend_profile.php in Ingenious School Management System 2.3.0 is ...)
	NOT-FOR-US: Ingenious School Management System
CVE-2017-16560 (SanDisk Secure Access 3.01 vault decrypts and copies encrypted files ...)
	NOT-FOR-US: SanDisk Secure Access
CVE-2017-16559
	RESERVED
CVE-2017-16558
	RESERVED
CVE-2017-16557 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16556 (In K7 Antivirus Premium before 15.1.0.53, user-controlled input can be ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16555 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16554 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16553 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16552 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16551 (K7 Antivirus Premium before 15.1.0.53 allows local users to gain ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16550 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16549 (K7 Antivirus Premium before 15.1.0.53 allows local users to write to ...)
	NOT-FOR-US: K7 Antivirus
CVE-2017-16548 (The receive_xattr function in xattrs.c in rsync 3.1.2 and ...)
	{DSA-4068-1 DLA-1218-1}
	- rsync 3.1.2-2.1 (bug #880954)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=13112
	NOTE: https://git.samba.org/rsync.git/?p=rsync.git;a=commit;h=47a63d90e71d3e19e0e96052bb8c6b9cb140ecc1
CVE-2017-16547 (The DrawImage function in magick/render.c in GraphicsMagick 1.3.26 does ...)
	{DLA-1170-1}
	- graphicsmagick 1.3.26-18
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/785758bbbfcc
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/517/
CVE-2017-16546 (The ReadWPGImage function in coders/wpg.c in ImageMagick 7.0.7-9 does ...)
	{DSA-4074-1 DSA-4040-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #881392)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present; PoC from GitHub issue results in memory allocation exception thrown at coders/wpg.c:1109 and valgrind does not report any issues)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2130bf6f89ded32ef0c88a11694f107c52566c53
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e04cf3e9524f50ca336253513d977224e083b816
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/851
CVE-2017-16545 (The ReadWPGImage function in coders/wpg.c in GraphicsMagick 1.3.26 does ...)
	- graphicsmagick 1.3.26-18
	[wheezy] - graphicsmagick <no-dsa> (Not possible to trigger with presented test case)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8086faa52d0
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/519/
	NOTE: The wheezy version gives an assert before the vulnerability can be triggered. Due to this
	NOTE: the severity of the wheezy version is low even though the vulnerable code is still present.
	NOTE: The patch is trivial so it may be worth fixing in combination with some other fix.
CVE-2017-16544 (In the add_match function in libbb/lineedit.c in BusyBox through ...)
	- busybox 1:1.27.2-2 (bug #882258)
	[stretch] - busybox <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - busybox <no-dsa> (Minor issue, can be fixed via point release)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
	NOTE: https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8
CVE-2017-16543 (Zoho ManageEngine Applications Manager 13 allows SQL injection via ...)
	NOT-FOR-US: Zoho
CVE-2017-16542 (Zoho ManageEngine Applications Manager 13 allows Post-authentication ...)
	NOT-FOR-US: Zoho
CVE-2017-16541 (Tor Browser before 7.0.9 on macOS and Linux allows remote attackers to ...)
	- firefox-esr <not-affected> (Specific to Tor Browser)
	NOTE: https://trac.torproject.org/projects/tor/ticket/24052
	NOTE: https://blog.torproject.org/tor-browser-709-released
CVE-2017-16540 (OpenEMR before 5.0.0 Patch 5 allows unauthenticated remote database ...)
	NOT-FOR-US: OpenEMR
CVE-2017-16539 (The DefaultLinuxSpec function in oci/defaults.go in Docker Moby through ...)
	- docker.io <unfixed>
	NOTE: https://github.com/moby/moby/pull/35399
	NOTE: https://github.com/moby/moby/pull/35399/commits/a21ecdf3c8a343a7c94e4c4d01b178c87ca7aaa1
CVE-2017-16538 (drivers/media/usb/dvb-usb-v2/lmedm04.c in the Linux kernel through ...)
	{DSA-4082-1 DSA-4073-1}
	- linux 4.14.7-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-16537 (The imon_probe function in drivers/media/rc/imon.c in the Linux kernel ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16536 (The cx231xx_usb_probe function in ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16535 (The usb_get_bos_descriptor function in drivers/usb/core/config.c in the ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/1c0edc3633b56000e18d82fc241e3995ca18a69e
CVE-2017-16534 (The cdc_parse_cdc_header function in drivers/usb/core/message.c in the ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/2e1c42391ff2556387b3cb6308b24f6f65619feb
CVE-2017-16533 (The usbhid_parse function in drivers/hid/usbhid/hid-core.c in the Linux ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/f043bfc98c193c284e2cd768fefabe18ac2fed9b
CVE-2017-16532 (The get_endpoints function in drivers/usb/misc/usbtest.c in the Linux ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/7c80f9e4a588f1925b07134bb2e3689335f6c6d8
CVE-2017-16531 (drivers/usb/core/config.c in the Linux kernel before 4.13.6 allows ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/bd7a3fe770ebd8391d1c7d072ff88e9e76d063eb
CVE-2017-16530 (The uas driver in the Linux kernel before 4.13.6 allows local users to ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/786de92b3cb26012d3d0f00ee37adf14527f35c4
CVE-2017-16529 (The snd_usb_create_streams function in sound/usb/card.c in the Linux ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/bfc81a8bc18e3c4ba0cbaa7666ff76be2f998991
CVE-2017-16528 (sound/core/seq_device.c in the Linux kernel before 4.13.4 allows local ...)
	- linux 4.13.4-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/fc27fe7e8deef2f37cba3f2be2d52b6ca5eb9d57
CVE-2017-16527 (sound/usb/mixer.c in the Linux kernel before 4.13.8 allows local users ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/124751d5e63c823092060074bd0abaae61aaa9c4
CVE-2017-16526 (drivers/uwb/uwbd.c in the Linux kernel before 4.13.6 allows local users ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	NOTE: Fixed by: https://git.kernel.org/linus/bbf26183b7a6236ba602f4d6a2f7cade35bba043
CVE-2017-16525 (The usb_serial_console_disconnect function in ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
CVE-2017-16524 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an ...)
	NOT-FOR-US: Samsung SRN-1670D devices
CVE-2017-16523 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
	NOT-FOR-US: MitraStar
CVE-2017-16522 (MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ...)
	NOT-FOR-US: MitraStar
CVE-2017-16521 (In Inedo BuildMaster before 5.8.2, XslTransform was used where ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16520 (Inedo BuildMaster before 5.8.2 does not properly restrict creation of ...)
	NOT-FOR-US: Inedo BuildMaster
CVE-2017-16519
	RESERVED
CVE-2017-16518
	RESERVED
CVE-2017-16517
	RESERVED
CVE-2017-16516 (In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is ...)
	{DLA-1167-1}
	- ruby-yajl 1.2.0-3.1 (low; bug #880691)
	[stretch] - ruby-yajl <no-dsa> (Minor issue)
	[jessie] - ruby-yajl <no-dsa> (Minor issue)
	NOTE: https://github.com/brianmario/yajl-ruby/issues/176
	NOTE: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce
CVE-2017-16515
	RESERVED
CVE-2017-16514 (Multiple persistent stored Cross-Site-Scripting (XSS) vulnerabilities ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-16513 (Ipswitch WS_FTP Professional before 12.6.0.3 has buffer overflows in ...)
	NOT-FOR-US: Ipswitch WS_FTP Professional
CVE-2017-16512 (The vagrant update process in Hashicorp vagrant-vmware-fusion 5.0.2 ...)
	NOT-FOR-US: vagrant-vmware-fusion
CVE-2017-16511
	RESERVED
CVE-2017-1000171 (Mahara Mobile before 1.2.1 is vulnerable to passwords being sent to ...)
	- mahara <removed>
CVE-2017-1000157 (Mahara 15.04 before 15.04.13 and 16.04 before 16.04.7 and 16.10 before ...)
	- mahara <removed>
CVE-2017-1000156 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000155 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000154 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000153 (Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000152 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 running PHP 5.3 ...)
	- mahara <removed>
CVE-2017-1000151 (Mahara 15.04 before 15.04.9 and 15.10 before 15.10.5 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000150 (Mahara 15.04 before 15.04.7 and 15.10 before 15.10.3 are vulnerable to ...)
	- mahara <removed>
CVE-2017-1000149 (Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before ...)
	- mahara <removed>
CVE-2017-1000148 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000147 (Mahara 1.9 before 1.9.8 and 1.10 before 1.10.6 and 15.04 before ...)
	- mahara <removed>
CVE-2017-1000146 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before ...)
	- mahara <removed>
CVE-2017-1000145 (Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before ...)
	- mahara <removed>
CVE-2017-1000144 (Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before ...)
	- mahara <removed>
CVE-2017-1000143 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
	- mahara <removed>
CVE-2017-1000142 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
	- mahara <removed>
CVE-2017-1000141
	REJECTED
CVE-2017-1000140 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
	- mahara <removed>
CVE-2017-1000139 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
	- mahara <removed>
CVE-2017-1000138 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to ...)
	- mahara <removed>
CVE-2017-1000137 (Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to ...)
	- mahara <removed>
CVE-2017-1000136 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 ...)
	- mahara <removed>
CVE-2017-1000135 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
	- mahara <removed>
CVE-2017-1000134 (Mahara 1.8 before 1.8.6 and 1.9 before 1.9.4 and 1.10 before 1.10.1 ...)
	- mahara <removed>
CVE-2017-1000133 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...)
	- mahara <removed>
CVE-2017-1000132 (Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 ...)
	- mahara <removed>
CVE-2017-1000131 (Mahara 15.04 before 15.04.8 and 15.10 before 15.10.4 and 16.04 before ...)
	- mahara <removed>
CVE-2017-16510 (WordPress before 4.8.3 is affected by an issue where $wpdb-&gt;prepare() ...)
	{DSA-4090-1 DLA-1160-1}
	- wordpress 4.8.3+dfsg-1 (bug #880528)
	NOTE: https://wpvulndb.com/vulnerabilities/8941
	NOTE: https://github.com/WordPress/WordPress/commit/a2693fd8602e3263b5925b9d799ddd577202167d
	NOTE: https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
CVE-2017-16509
	RESERVED
CVE-2017-16508
	RESERVED
CVE-2017-16507
	RESERVED
CVE-2017-16506
	RESERVED
CVE-2017-16505
	RESERVED
CVE-2017-16504
	RESERVED
CVE-2017-16503
	RESERVED
CVE-2017-16502
	RESERVED
CVE-2017-16501
	RESERVED
CVE-2017-16500
	RESERVED
CVE-2017-16499
	RESERVED
CVE-2017-16498
	RESERVED
CVE-2017-16497
	RESERVED
CVE-2017-16496
	RESERVED
CVE-2017-16495
	RESERVED
CVE-2017-16494
	RESERVED
CVE-2017-16493
	RESERVED
CVE-2017-16492
	RESERVED
CVE-2017-16491
	RESERVED
CVE-2017-16490
	RESERVED
CVE-2017-16489
	RESERVED
CVE-2017-16488
	RESERVED
CVE-2017-16487
	RESERVED
CVE-2017-16486
	RESERVED
CVE-2017-16485
	RESERVED
CVE-2017-16484
	RESERVED
CVE-2017-16483
	RESERVED
CVE-2017-16482
	RESERVED
CVE-2017-16481
	RESERVED
CVE-2017-16480
	RESERVED
CVE-2017-16479
	RESERVED
CVE-2017-16478
	RESERVED
CVE-2017-16477
	RESERVED
CVE-2017-16476
	RESERVED
CVE-2017-16475
	RESERVED
CVE-2017-16474
	RESERVED
CVE-2017-16473
	RESERVED
CVE-2017-16472
	RESERVED
CVE-2017-16471
	RESERVED
CVE-2017-16470
	RESERVED
CVE-2017-16469
	RESERVED
CVE-2017-16468
	RESERVED
CVE-2017-16467
	RESERVED
CVE-2017-16466
	RESERVED
CVE-2017-16465
	RESERVED
CVE-2017-16464
	RESERVED
CVE-2017-16463
	RESERVED
CVE-2017-16462
	RESERVED
CVE-2017-16461
	RESERVED
CVE-2017-16460
	RESERVED
CVE-2017-16459
	RESERVED
CVE-2017-16458
	RESERVED
CVE-2017-16457
	RESERVED
CVE-2017-16456
	RESERVED
CVE-2017-16455
	RESERVED
CVE-2017-16454
	RESERVED
CVE-2017-16453
	RESERVED
CVE-2017-16452
	RESERVED
CVE-2017-16451
	RESERVED
CVE-2017-16450
	RESERVED
CVE-2017-16449
	RESERVED
CVE-2017-16448
	RESERVED
CVE-2017-16447
	RESERVED
CVE-2017-16446
	RESERVED
CVE-2017-16445
	RESERVED
CVE-2017-16444
	RESERVED
CVE-2017-16443
	RESERVED
CVE-2017-16442
	RESERVED
CVE-2017-16441
	RESERVED
CVE-2017-16440
	RESERVED
CVE-2017-16439
	RESERVED
CVE-2017-16438
	RESERVED
CVE-2017-16437
	RESERVED
CVE-2017-16436
	RESERVED
CVE-2017-16435
	RESERVED
CVE-2017-16434
	RESERVED
CVE-2017-16433
	RESERVED
CVE-2017-16432
	RESERVED
CVE-2017-16431
	RESERVED
CVE-2017-16430
	RESERVED
CVE-2017-16429
	RESERVED
CVE-2017-16428
	RESERVED
CVE-2017-16427
	RESERVED
CVE-2017-16426
	RESERVED
CVE-2017-16425
	RESERVED
CVE-2017-16424
	RESERVED
CVE-2017-16423
	RESERVED
CVE-2017-16422
	RESERVED
CVE-2017-16421
	RESERVED
CVE-2017-16420 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16419 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16418 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16417 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16416 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16415 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16414 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16413 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16412 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16411 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16410 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16409 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16408 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16407 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16406 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16405 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16404 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16403 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16402 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16401 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16400 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16399 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16398 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16397 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16396 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16395 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16394 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16393 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16392 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16391 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16390 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16389 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16388 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16387 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16386 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16385 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16384 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16383 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16382 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16381 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16380 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16379 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16378 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16377 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16376 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16375 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16374 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16373 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16372 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16371 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16370 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16369 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16368 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16367 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16366 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16365 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16364 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16363 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16362 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16361 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16360 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-16359 (In radare 2.0.1, a pointer wraparound vulnerability exists in ...)
	- radare2 2.1.0+dfsg-1 (bug #880616)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/commit/62e39f34b2705131a2d08aff0c2e542c6a52cf0e
	NOTE: https://github.com/radare/radare2/commit/d21e91f075a7a7a8ed23baa5c1bb1fac48313882
	NOTE: https://github.com/radare/radare2/commit/fbaf24bce7ea4211e4608b3ab6c1b45702cb243d
	NOTE: https://github.com/radare/radare2/issues/8764
CVE-2017-16358 (In radare 2.0.1, an out-of-bounds read vulnerability exists in ...)
	- radare2 2.1.0+dfsg-1 (bug #880619)
	[stretch] - radare2 <not-affected> (Vulnerable code introduced later)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/commit/d31c4d3cbdbe01ea3ded16a584de94149ecd31d9
	NOTE: https://github.com/radare/radare2/issues/8748
CVE-2017-16357 (In radare 2.0.1, a memory corruption vulnerability exists in ...)
	- radare2 2.1.0+dfsg-1 (bug #880620)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/commit/0b973e28166636e0ff1fad80baa0385c9c09c53a
	NOTE: https://github.com/radare/radare2/issues/8742
CVE-2017-16356 (Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) ...)
	NOT-FOR-US: Kubik-Rubik SIGE
CVE-2017-16355 (In agent/Core/SpawningKit/Spawner.h in Phusion Passenger 5.1.10 (fixed ...)
	- passenger <unfixed> (bug #884463)
	- ruby-passenger <removed>
	[jessie] - ruby-passenger <no-dsa> (Minor issue)
	[wheezy] - ruby-passenger <not-affected> (Vulnerable code introduced later)
	NOTE: https://blog.phusion.nl/2017/10/13/passenger-security-advisory-5-1-11/
	NOTE: https://github.com/phusion/passenger/commit/4043718264095cde6623c2cbe8c644541036d7bf
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/21/2 and following.
	NOTE: Problem mitigated in versions prior to 5.0.10 where root privileges were required to
	NOTE: get the status information.
CVE-2017-16354
	RESERVED
CVE-2017-16353 (GraphicsMagick 1.3.26 is vulnerable to a memory information disclosure ...)
	{DLA-1159-1}
	- graphicsmagick 1.3.26-17
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=e4e1c2a581d8
	NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-16352 (GraphicsMagick 1.3.26 is vulnerable to a heap-based buffer overflow ...)
	{DLA-1159-1}
	- graphicsmagick 1.3.26-17
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=7292230dd185
	NOTE: https://blogs.securiteam.com/index.php/archives/3494
CVE-2017-1001001 (PluXml version 5.6 is vulnerable to stored cross-site scripting ...)
	- pluxml 5.6-1 (bug #881796)
	[stretch] - pluxml <no-dsa> (Minor issue)
	[jessie] - pluxml <no-dsa> (Minor issue)
	NOTE: https://github.com/pluxml/PluXml/issues/253
CVE-2017-1000244 (Jenkins Favorite Plugin version 2.2.0 and older is vulnerable to CSRF ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000243 (Jenkins Favorite Plugin 2.1.4 and older does not perform permission ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000242 (Jenkins Git Client Plugin 2.4.2 and earlier creates temporary file ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-16351
	RESERVED
CVE-2017-16350
	RESERVED
CVE-2017-16349
	RESERVED
CVE-2017-16348
	RESERVED
CVE-2017-16347
	RESERVED
CVE-2017-16346
	RESERVED
CVE-2017-16345
	RESERVED
CVE-2017-16344
	RESERVED
CVE-2017-16343
	RESERVED
CVE-2017-16342
	RESERVED
CVE-2017-16341
	RESERVED
CVE-2017-16340
	RESERVED
CVE-2017-16339
	RESERVED
CVE-2017-16338
	RESERVED
CVE-2017-16337
	RESERVED
CVE-2017-16336
	RESERVED
CVE-2017-16335
	RESERVED
CVE-2017-16334
	RESERVED
CVE-2017-16333
	RESERVED
CVE-2017-16332
	RESERVED
CVE-2017-16331
	RESERVED
CVE-2017-16330
	RESERVED
CVE-2017-16329
	RESERVED
CVE-2017-16328
	RESERVED
CVE-2017-16327
	RESERVED
CVE-2017-16326
	RESERVED
CVE-2017-16325
	RESERVED
CVE-2017-16324
	RESERVED
CVE-2017-16323
	RESERVED
CVE-2017-16322
	RESERVED
CVE-2017-16321
	RESERVED
CVE-2017-16320
	RESERVED
CVE-2017-16319
	RESERVED
CVE-2017-16318
	RESERVED
CVE-2017-16317
	RESERVED
CVE-2017-16316
	RESERVED
CVE-2017-16315
	RESERVED
CVE-2017-16314
	RESERVED
CVE-2017-16313
	RESERVED
CVE-2017-16312
	RESERVED
CVE-2017-16311
	RESERVED
CVE-2017-16310
	RESERVED
CVE-2017-16309
	RESERVED
CVE-2017-16308
	RESERVED
CVE-2017-16307
	RESERVED
CVE-2017-16306
	RESERVED
CVE-2017-16305
	RESERVED
CVE-2017-16304
	RESERVED
CVE-2017-16303
	RESERVED
CVE-2017-16302
	RESERVED
CVE-2017-16301
	RESERVED
CVE-2017-16300
	RESERVED
CVE-2017-16299
	RESERVED
CVE-2017-16298
	RESERVED
CVE-2017-16297
	RESERVED
CVE-2017-16296
	RESERVED
CVE-2017-16295
	RESERVED
CVE-2017-16294
	RESERVED
CVE-2017-16293
	RESERVED
CVE-2017-16292
	RESERVED
CVE-2017-16291
	RESERVED
CVE-2017-16290
	RESERVED
CVE-2017-16289
	RESERVED
CVE-2017-16288
	RESERVED
CVE-2017-16287
	RESERVED
CVE-2017-16286
	RESERVED
CVE-2017-16285
	RESERVED
CVE-2017-16284
	RESERVED
CVE-2017-16283
	RESERVED
CVE-2017-16282
	RESERVED
CVE-2017-16281
	RESERVED
CVE-2017-16280
	RESERVED
CVE-2017-16279
	RESERVED
CVE-2017-16278
	RESERVED
CVE-2017-16277
	RESERVED
CVE-2017-16276
	RESERVED
CVE-2017-16275
	RESERVED
CVE-2017-16274
	RESERVED
CVE-2017-16273
	RESERVED
CVE-2017-16272
	RESERVED
CVE-2017-16271
	RESERVED
CVE-2017-16270
	RESERVED
CVE-2017-16269
	RESERVED
CVE-2017-16268
	RESERVED
CVE-2017-16267
	RESERVED
CVE-2017-16266
	RESERVED
CVE-2017-16265
	RESERVED
CVE-2017-16264
	RESERVED
CVE-2017-16263
	RESERVED
CVE-2017-16262
	RESERVED
CVE-2017-16261
	RESERVED
CVE-2017-16260
	RESERVED
CVE-2017-16259
	RESERVED
CVE-2017-16258
	RESERVED
CVE-2017-16257
	RESERVED
CVE-2017-16256
	RESERVED
CVE-2017-16255
	RESERVED
CVE-2017-16254
	RESERVED
CVE-2017-16253
	RESERVED
CVE-2017-16252
	RESERVED
CVE-2017-16251 (A vulnerability in the conferencing component of Mitel ST 14.2, ...)
	NOT-FOR-US: Mitel
CVE-2017-16250 (A vulnerability in Mitel ST 14.2, release GA28 and earlier, could ...)
	NOT-FOR-US: Mitel
CVE-2017-16249 (The Debut embedded http server contains a remotely exploitable denial ...)
	NOT-FOR-US: Debut embedded http server
CVE-2017-16247
	RESERVED
CVE-2017-16246
	RESERVED
CVE-2017-16245
	RESERVED
CVE-2017-16244 (Cross-Site Request Forgery exists in OctoberCMS 1.0.426 (aka Build 426) ...)
	NOT-FOR-US: OctoberCMS
CVE-2017-16243
	RESERVED
CVE-2017-16242 (An issue was discovered on MECO USB Memory Stick with Fingerprint ...)
	NOT-FOR-US: MECO
CVE-2017-1000384
	REJECTED
CVE-2017-1000383 (GNU Emacs version 25.3.1 (and other versions most likely) ignores ...)
	NOTE: This CVE assignment is nonsense, GNU emacs reuses the umask of the original
	NOTE: file when creating a backup file. That's hardly incorrect behaviour
	NOTE: Upstream report: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=29182
CVE-2017-1000382 (VIM version 8.0.1187 (and other versions most likely) ignores umask ...)
	- vim <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/31/15
	NOTE: Cf. http://www.openwall.com/lists/oss-security/2017/11/01/4
	NOTE: vim creates the .swp file according to the permissions of the file being
	NOTE: edited, admitely ignoring the umask, so in the reporters case the .swp
	NOTE: file is readable by others. But that seem to be the intended behaviour.
CVE-2017-16248 (The Catalyst-Plugin-Static-Simple module before 0.34 for Perl allows ...)
	- libcatalyst-plugin-static-simple-perl 0.34-1 (bug #880458)
	[stretch] - libcatalyst-plugin-static-simple-perl <no-dsa> (Minor issue)
	[jessie] - libcatalyst-plugin-static-simple-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=120558
CVE-2017-16241 (Incorrect access control in AMAG Symmetry Door Edge Network Controllers ...)
	NOT-FOR-US: AMAG Symmetry Door Edge Network Controllers
CVE-2017-16240
	RESERVED
CVE-2017-17051 (An issue was discovered in the default FilterScheduler in OpenStack ...)
	- nova 2:16.0.3-6 (bug #883621)
	[stretch] - nova <not-affected> (Fix for CVE-2017-16239 not applied and not affecting 14.x.y)
	[jessie] - nova <not-affected> (Vulnerable code not present)
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/05/5
	NOTE: https://launchpad.net/bugs/1732976
CVE-2017-16239 (In OpenStack Nova through 14.0.9, 15.x through 15.0.7, and 16.x through ...)
	{DSA-4056-1}
	- nova 2:16.0.3-1 (bug #882009)
	[jessie] - nova <not-affected> (Vulnerble code introduced later)
	[wheezy] - nova <not-affected> (Vulnerble code introduced later)
	NOTE: https://launchpad.net/bugs/1664931
	NOTE: https://security.openstack.org/ossa/OSSA-2017-005.html
	NOTE: Regression fix: http://www.openwall.com/lists/oss-security/2017/12/05/4
CVE-2017-16238
	RESERVED
CVE-2017-16237 (In Vir.IT eXplorer Anti-Virus before 8.5.42, the driver file ...)
	NOT-FOR-US: Vir.IT eXplorer Anti-Virus
CVE-2017-16236
	RESERVED
CVE-2017-16235
	RESERVED
CVE-2017-16234
	RESERVED
CVE-2017-16233
	RESERVED
CVE-2016-10699 (D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS ...)
	NOT-FOR-US: D-Link devices
CVE-2015-9245 (Insecure default configuration in Progress Software OpenEdge 10.2x and ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2017-16232 [memory-based DoS in tiff2bw]
	RESERVED
	- tiff <unfixed> (unimportant)
	NOTE: http://seclists.org/oss-sec/2017/q4/168
CVE-2017-16231 [match() stack overflow]
	RESERVED
	- pcre3 <unfixed> (unimportant)
CVE-2017-16230 (In admin/write-post.php in Typecho through 1.1, one can log in to the ...)
	NOT-FOR-US: Typecho
CVE-2017-16229 (In the Ox gem 2.8.1 for Ruby, the process crashes with a stack-based ...)
	- ruby-ox 2.8.2-1
	[stretch] - ruby-ox <no-dsa> (Minor issue)
	[jessie] - ruby-ox <no-dsa> (Minor issue)
	NOTE: https://github.com/ohler55/ox/issues/195
	NOTE: https://github.com/ohler55/ox/pull/196
	NOTE: https://github.com/ohler55/ox/commit/0708ae44faf2ffc3d9330daf6ae023859a8b168b
CVE-2017-16228 (Dulwich before 0.18.5, when an SSH subprocess is used, allows remote ...)
	- dulwich 0.18.5-1
	[stretch] - dulwich <no-dsa> (Minor issue)
	[jessie] - dulwich <no-dsa> (Minor issue)
	[wheezy] - dulwich <no-dsa> (Minor issue)
	NOTE: https://www.dulwich.io/code/dulwich/commit/7116a0cbbda571f7dac863f4b1c00b6e16d6d8d6/
	NOTE: This is similar class of issue as for CVE-2017-1000117/git
	NOTE: But needs a separate CVE since different codebasis.
CVE-2017-16227 (The aspath_put function in bgpd/bgp_aspath.c in Quagga before 1.2.2 ...)
	{DSA-4011-1 DLA-1152-1}
	- quagga 1.2.2-1 (bug #879474)
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2017-September/033284.html
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7a42b78be9a4108d98833069a88e6fddb9285008
CVE-2017-16226
	RESERVED
CVE-2017-16225
	RESERVED
CVE-2017-16224
	RESERVED
CVE-2017-16223
	RESERVED
CVE-2017-16222
	RESERVED
CVE-2017-16221
	RESERVED
CVE-2017-16220
	RESERVED
CVE-2017-16219
	RESERVED
CVE-2017-16218
	RESERVED
CVE-2017-16217
	RESERVED
CVE-2017-16216
	RESERVED
CVE-2017-16215
	RESERVED
CVE-2017-16214
	RESERVED
CVE-2017-16213
	RESERVED
CVE-2017-16212
	RESERVED
CVE-2017-16211
	RESERVED
CVE-2017-16210
	RESERVED
CVE-2017-16209
	RESERVED
CVE-2017-16208
	RESERVED
CVE-2017-16207
	RESERVED
CVE-2017-16206
	RESERVED
CVE-2017-16205
	RESERVED
CVE-2017-16204
	RESERVED
CVE-2017-16203
	RESERVED
CVE-2017-16202
	RESERVED
CVE-2017-16201
	RESERVED
CVE-2017-16200
	RESERVED
CVE-2017-16199
	RESERVED
CVE-2017-16198
	RESERVED
CVE-2017-16197
	RESERVED
CVE-2017-16196
	RESERVED
CVE-2017-16195
	RESERVED
CVE-2017-16194
	RESERVED
CVE-2017-16193
	RESERVED
CVE-2017-16192
	RESERVED
CVE-2017-16191
	RESERVED
CVE-2017-16190
	RESERVED
CVE-2017-16189
	RESERVED
CVE-2017-16188
	RESERVED
CVE-2017-16187
	RESERVED
CVE-2017-16186
	RESERVED
CVE-2017-16185
	RESERVED
CVE-2017-16184
	RESERVED
CVE-2017-16183
	RESERVED
CVE-2017-16182
	RESERVED
CVE-2017-16181
	RESERVED
CVE-2017-16180
	RESERVED
CVE-2017-16179
	RESERVED
CVE-2017-16178
	RESERVED
CVE-2017-16177
	RESERVED
CVE-2017-16176
	RESERVED
CVE-2017-16175
	RESERVED
CVE-2017-16174
	RESERVED
CVE-2017-16173
	RESERVED
CVE-2017-16172
	RESERVED
CVE-2017-16171
	RESERVED
CVE-2017-16170
	RESERVED
CVE-2017-16169
	RESERVED
CVE-2017-16168
	RESERVED
CVE-2017-16167
	RESERVED
CVE-2017-16166
	RESERVED
CVE-2017-16165
	RESERVED
CVE-2017-16164
	RESERVED
CVE-2017-16163
	RESERVED
CVE-2017-16162
	RESERVED
CVE-2017-16161
	RESERVED
CVE-2017-16160
	RESERVED
CVE-2017-16159
	RESERVED
CVE-2017-16158
	RESERVED
CVE-2017-16157
	RESERVED
CVE-2017-16156
	RESERVED
CVE-2017-16155
	RESERVED
CVE-2017-16154
	RESERVED
CVE-2017-16153
	RESERVED
CVE-2017-16152
	RESERVED
CVE-2017-16151
	RESERVED
CVE-2017-16150
	RESERVED
CVE-2017-16149
	RESERVED
CVE-2017-16148
	RESERVED
CVE-2017-16147
	RESERVED
CVE-2017-16146
	RESERVED
CVE-2017-16145
	RESERVED
CVE-2017-16144
	RESERVED
CVE-2017-16143
	RESERVED
CVE-2017-16142
	RESERVED
CVE-2017-16141
	RESERVED
CVE-2017-16140
	RESERVED
CVE-2017-16139
	RESERVED
CVE-2017-16138
	RESERVED
CVE-2017-16137
	RESERVED
CVE-2017-16136
	RESERVED
CVE-2017-16135
	RESERVED
CVE-2017-16134
	RESERVED
CVE-2017-16133
	RESERVED
CVE-2017-16132
	RESERVED
CVE-2017-16131
	RESERVED
CVE-2017-16130
	RESERVED
CVE-2017-16129
	RESERVED
CVE-2017-16128
	RESERVED
CVE-2017-16127
	RESERVED
CVE-2017-16126
	RESERVED
CVE-2017-16125
	RESERVED
CVE-2017-16124
	RESERVED
CVE-2017-16123
	RESERVED
CVE-2017-16122
	RESERVED
CVE-2017-16121
	RESERVED
CVE-2017-16120
	RESERVED
CVE-2017-16119
	RESERVED
CVE-2017-16118
	RESERVED
CVE-2017-16117
	RESERVED
CVE-2017-16116
	RESERVED
CVE-2017-16115
	RESERVED
CVE-2017-16114
	RESERVED
CVE-2017-16113
	RESERVED
CVE-2017-16112
	RESERVED
CVE-2017-16111
	RESERVED
CVE-2017-16110
	RESERVED
CVE-2017-16109
	RESERVED
CVE-2017-16108
	RESERVED
CVE-2017-16107
	RESERVED
CVE-2017-16106
	RESERVED
CVE-2017-16105
	RESERVED
CVE-2017-16104
	RESERVED
CVE-2017-16103
	RESERVED
CVE-2017-16102
	RESERVED
CVE-2017-16101
	RESERVED
CVE-2017-16100
	RESERVED
CVE-2017-16099
	RESERVED
CVE-2017-16098
	RESERVED
CVE-2017-16097
	RESERVED
CVE-2017-16096
	RESERVED
CVE-2017-16095
	RESERVED
CVE-2017-16094
	RESERVED
CVE-2017-16093
	RESERVED
CVE-2017-16092
	RESERVED
CVE-2017-16091
	RESERVED
CVE-2017-16090
	RESERVED
CVE-2017-16089
	RESERVED
CVE-2017-16088
	RESERVED
CVE-2017-16087
	RESERVED
CVE-2017-16086
	RESERVED
CVE-2017-16085
	RESERVED
CVE-2017-16084
	RESERVED
CVE-2017-16083
	RESERVED
CVE-2017-16082
	RESERVED
CVE-2017-16081
	RESERVED
CVE-2017-16080
	RESERVED
CVE-2017-16079
	RESERVED
CVE-2017-16078
	RESERVED
CVE-2017-16077
	RESERVED
CVE-2017-16076
	RESERVED
CVE-2017-16075
	RESERVED
CVE-2017-16074
	RESERVED
CVE-2017-16073
	RESERVED
CVE-2017-16072
	RESERVED
CVE-2017-16071
	RESERVED
CVE-2017-16070
	RESERVED
CVE-2017-16069
	RESERVED
CVE-2017-16068
	RESERVED
CVE-2017-16067
	RESERVED
CVE-2017-16066
	RESERVED
CVE-2017-16065
	RESERVED
CVE-2017-16064
	RESERVED
CVE-2017-16063
	RESERVED
CVE-2017-16062
	RESERVED
CVE-2017-16061
	RESERVED
CVE-2017-16060
	RESERVED
CVE-2017-16059
	RESERVED
CVE-2017-16058
	RESERVED
CVE-2017-16057
	RESERVED
CVE-2017-16056
	RESERVED
CVE-2017-16055
	RESERVED
CVE-2017-16054
	RESERVED
CVE-2017-16053
	RESERVED
CVE-2017-16052
	RESERVED
CVE-2017-16051
	RESERVED
CVE-2017-16050
	RESERVED
CVE-2017-16049
	RESERVED
CVE-2017-16048
	RESERVED
CVE-2017-16047
	RESERVED
CVE-2017-16046
	RESERVED
CVE-2017-16045
	RESERVED
CVE-2017-16044
	RESERVED
CVE-2017-16043
	RESERVED
CVE-2017-16042
	RESERVED
CVE-2017-16041
	RESERVED
CVE-2017-16040
	RESERVED
CVE-2017-16039
	RESERVED
CVE-2017-16038
	RESERVED
CVE-2017-16037
	RESERVED
CVE-2017-16036
	RESERVED
CVE-2017-16035
	RESERVED
CVE-2017-16034
	RESERVED
CVE-2017-16033
	RESERVED
CVE-2017-16032
	RESERVED
CVE-2017-16031
	RESERVED
CVE-2017-16030
	RESERVED
CVE-2017-16029
	RESERVED
CVE-2017-16028
	RESERVED
CVE-2017-16027
	RESERVED
CVE-2017-16026
	RESERVED
CVE-2017-16025
	RESERVED
CVE-2017-16024
	RESERVED
CVE-2017-16023
	RESERVED
CVE-2017-16022
	RESERVED
CVE-2017-16021
	RESERVED
CVE-2017-16020
	RESERVED
CVE-2017-16019
	RESERVED
CVE-2017-16018
	RESERVED
CVE-2017-16017
	RESERVED
CVE-2017-16016
	RESERVED
CVE-2017-16015
	RESERVED
CVE-2017-16014
	RESERVED
CVE-2017-16013
	RESERVED
CVE-2017-16012
	RESERVED
CVE-2017-16011
	RESERVED
CVE-2017-16010
	RESERVED
CVE-2017-16009
	RESERVED
CVE-2017-16008
	RESERVED
CVE-2017-16007
	RESERVED
CVE-2017-16006
	RESERVED
CVE-2017-16005
	RESERVED
CVE-2017-16004
	RESERVED
CVE-2017-16003
	RESERVED
CVE-2017-16002
	RESERVED
CVE-2017-16001 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
	NOT-FOR-US: VMware
CVE-2017-16000 (SQL injection vulnerability in the EyesOfNetwork web interface (aka ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15999 (In the &quot;NQ Contacts Backup &amp; Restore&quot; application 1.1 for Android, no ...)
	NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15998 (In the &quot;NQ Contacts Backup &amp; Restore&quot; application 1.1 for Android, DES ...)
	NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15997 (In the &quot;NQ Contacts Backup &amp; Restore&quot; application 1.1 for Android, RC4 ...)
	NOT-FOR-US: Contacts Backup & Restore
CVE-2017-15996 (elfcomm.c in readelf in GNU Binutils 2.29 allows remote attackers to ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22361
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d91f0b20e561e326ee91a09a76206257bde8438b
CVE-2017-15995
	RESERVED
CVE-2016-10698
	RESERVED
CVE-2016-10697
	RESERVED
CVE-2016-10696
	RESERVED
CVE-2016-10695
	RESERVED
CVE-2016-10694
	RESERVED
CVE-2016-10693
	RESERVED
CVE-2016-10692
	RESERVED
CVE-2016-10691
	RESERVED
CVE-2016-10690
	RESERVED
CVE-2016-10689
	RESERVED
CVE-2016-10688
	RESERVED
CVE-2016-10687
	RESERVED
CVE-2016-10686
	RESERVED
CVE-2016-10685
	RESERVED
CVE-2016-10684
	RESERVED
CVE-2016-10683
	RESERVED
CVE-2016-10682
	RESERVED
CVE-2016-10681
	RESERVED
CVE-2016-10680
	RESERVED
CVE-2016-10679
	RESERVED
CVE-2016-10678
	RESERVED
CVE-2016-10677
	RESERVED
CVE-2016-10676
	RESERVED
CVE-2016-10675
	RESERVED
CVE-2016-10674
	RESERVED
CVE-2016-10673
	RESERVED
CVE-2016-10672
	RESERVED
CVE-2016-10671
	RESERVED
CVE-2016-10670
	RESERVED
CVE-2016-10669
	RESERVED
CVE-2016-10668
	RESERVED
CVE-2016-10667
	RESERVED
CVE-2016-10666
	RESERVED
CVE-2016-10665
	RESERVED
CVE-2016-10664
	RESERVED
CVE-2016-10663
	RESERVED
CVE-2016-10662
	RESERVED
CVE-2016-10661
	RESERVED
CVE-2016-10660
	RESERVED
CVE-2016-10659
	RESERVED
CVE-2016-10658
	RESERVED
CVE-2016-10657
	RESERVED
CVE-2016-10656
	RESERVED
CVE-2016-10655
	RESERVED
CVE-2016-10654
	RESERVED
CVE-2016-10653
	RESERVED
CVE-2016-10652
	RESERVED
CVE-2016-10651
	RESERVED
CVE-2016-10650
	RESERVED
CVE-2016-10649
	RESERVED
CVE-2016-10648
	RESERVED
CVE-2016-10647
	RESERVED
CVE-2016-10646
	RESERVED
CVE-2016-10645
	RESERVED
CVE-2016-10644
	RESERVED
CVE-2016-10643
	RESERVED
CVE-2016-10642
	RESERVED
CVE-2016-10641
	RESERVED
CVE-2016-10640
	RESERVED
CVE-2016-10639
	RESERVED
CVE-2016-10638
	RESERVED
CVE-2016-10637
	RESERVED
CVE-2016-10636
	RESERVED
CVE-2016-10635
	RESERVED
CVE-2016-10634
	RESERVED
CVE-2016-10633
	RESERVED
CVE-2016-10632
	RESERVED
CVE-2016-10631
	RESERVED
CVE-2016-10630
	RESERVED
CVE-2016-10629
	RESERVED
CVE-2016-10628
	RESERVED
CVE-2016-10627
	RESERVED
CVE-2016-10626
	RESERVED
CVE-2016-10625
	RESERVED
CVE-2016-10624
	RESERVED
CVE-2016-10623
	RESERVED
CVE-2016-10622
	RESERVED
CVE-2016-10621
	RESERVED
CVE-2016-10620
	RESERVED
CVE-2016-10619
	RESERVED
CVE-2016-10618
	RESERVED
CVE-2016-10617
	RESERVED
CVE-2016-10616
	RESERVED
CVE-2016-10615
	RESERVED
CVE-2016-10614
	RESERVED
CVE-2016-10613
	RESERVED
CVE-2016-10612
	RESERVED
CVE-2016-10611
	RESERVED
CVE-2016-10610
	RESERVED
CVE-2016-10609
	RESERVED
CVE-2016-10608
	RESERVED
CVE-2016-10607
	RESERVED
CVE-2016-10606
	RESERVED
CVE-2016-10605
	RESERVED
CVE-2016-10604
	RESERVED
CVE-2016-10603
	RESERVED
CVE-2016-10602
	RESERVED
CVE-2016-10601
	RESERVED
CVE-2016-10600
	RESERVED
CVE-2016-10599
	RESERVED
CVE-2016-10598
	RESERVED
CVE-2016-10597
	RESERVED
CVE-2016-10596
	RESERVED
CVE-2016-10595
	RESERVED
CVE-2016-10594
	RESERVED
CVE-2016-10593
	RESERVED
CVE-2016-10592
	RESERVED
CVE-2016-10591
	RESERVED
CVE-2016-10590
	RESERVED
CVE-2016-10589
	RESERVED
CVE-2016-10588
	RESERVED
CVE-2016-10587
	RESERVED
CVE-2016-10586
	RESERVED
CVE-2016-10585
	RESERVED
CVE-2016-10584
	RESERVED
CVE-2016-10583
	RESERVED
CVE-2016-10582
	RESERVED
CVE-2016-10581
	RESERVED
CVE-2016-10580
	RESERVED
CVE-2016-10579
	RESERVED
CVE-2016-10578
	RESERVED
CVE-2016-10577
	RESERVED
CVE-2016-10576
	RESERVED
CVE-2016-10575
	RESERVED
CVE-2016-10574
	RESERVED
CVE-2016-10573
	RESERVED
CVE-2016-10572
	RESERVED
CVE-2016-10571
	RESERVED
CVE-2016-10570
	RESERVED
CVE-2016-10569
	RESERVED
CVE-2016-10568
	RESERVED
CVE-2016-10567
	RESERVED
CVE-2016-10566
	RESERVED
CVE-2016-10565
	RESERVED
CVE-2016-10564
	RESERVED
CVE-2016-10563
	RESERVED
CVE-2016-10562
	RESERVED
CVE-2016-10561
	RESERVED
CVE-2016-10560
	RESERVED
CVE-2016-10559
	RESERVED
CVE-2016-10558
	RESERVED
CVE-2016-10557
	RESERVED
CVE-2016-10556
	RESERVED
CVE-2016-10555
	RESERVED
CVE-2016-10554
	RESERVED
CVE-2016-10553
	RESERVED
CVE-2016-10552
	RESERVED
CVE-2016-10551
	RESERVED
CVE-2016-10550
	RESERVED
CVE-2016-10549
	RESERVED
CVE-2016-10548
	RESERVED
CVE-2016-10547
	RESERVED
CVE-2016-10546
	RESERVED
CVE-2016-10545
	RESERVED
CVE-2016-10544
	RESERVED
CVE-2016-10543
	RESERVED
CVE-2016-10542
	RESERVED
CVE-2016-10541
	RESERVED
CVE-2016-10540
	RESERVED
CVE-2016-10539
	RESERVED
CVE-2016-10538
	RESERVED
CVE-2016-10537
	RESERVED
CVE-2016-10536
	RESERVED
CVE-2016-10535
	RESERVED
CVE-2016-10534
	RESERVED
CVE-2016-10533
	RESERVED
CVE-2016-10532
	RESERVED
CVE-2016-10531
	RESERVED
CVE-2016-10530
	RESERVED
CVE-2016-10529
	RESERVED
CVE-2016-10528
	RESERVED
CVE-2016-10527
	RESERVED
CVE-2016-10526
	RESERVED
CVE-2016-10525
	RESERVED
CVE-2016-10524
	RESERVED
CVE-2016-10523
	RESERVED
CVE-2016-10522
	RESERVED
CVE-2016-10521
	RESERVED
CVE-2016-10520
	RESERVED
CVE-2016-10519
	RESERVED
CVE-2016-10518
	RESERVED
CVE-2015-9244
	RESERVED
CVE-2015-9243
	RESERVED
CVE-2015-9242
	RESERVED
CVE-2015-9241
	RESERVED
CVE-2015-9240
	RESERVED
CVE-2015-9239
	RESERVED
CVE-2015-9238
	RESERVED
CVE-2015-9237
	RESERVED
CVE-2015-9236
	RESERVED
CVE-2015-9235
	RESERVED
CVE-2014-10068
	RESERVED
CVE-2014-10067
	RESERVED
CVE-2014-10066
	RESERVED
CVE-2014-10065
	RESERVED
CVE-2014-10064
	RESERVED
CVE-2017-15994 (rsync 3.1.3-development before 2017-10-24 mishandles archaic ...)
	- rsync <not-affected> (Problematic code to allow checksum choice only introduced after 3.1.2 release)
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
	NOTE: And possibly the following two commits on top:
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3
	NOTE: The following commit introduced special handling of archaic versions / handling of
	NOTE: --checksum-choice option to choose the checksum algorithms:
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=a5a7d3a297b836387b0ac677383bdddaf2ac3598
CVE-2017-15993 (Zomato Clone Script allows SQL Injection via the restaurant-menu.php ...)
	NOT-FOR-US: Zomato Clone Script
CVE-2017-15992 (Website Broker Script allows SQL Injection via the 'status_id' ...)
	NOT-FOR-US: Website Broker Script
CVE-2017-15991 (Vastal I-Tech Agent Zone (aka The Real Estate Script) allows SQL ...)
	NOT-FOR-US: Vastal I-Tech Agent Zone
CVE-2017-15990 (Php Inventory &amp; Invoice Management System allows Arbitrary File Upload ...)
	NOT-FOR-US: Php Inventory & Invoice Management System
CVE-2017-15989 (Online Exam Test Application allows SQL Injection via the resources.php ...)
	NOT-FOR-US: Online Exam Test Application
CVE-2017-15988 (Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme ...)
	NOT-FOR-US: PHP FAQ Script
CVE-2017-15987 (Fake Magazine Cover Script allows SQL Injection via the rate.php value ...)
	NOT-FOR-US: Fake Magazine Cover Script
CVE-2017-15986 (CPA Lead Reward Script allows SQL Injection via the username parameter. ...)
	NOT-FOR-US: CPA Lead Reward Script
CVE-2017-15985 (Basic B2B Script allows SQL Injection via the product_view1.php pid or ...)
	NOT-FOR-US: Basic B2B Script
CVE-2017-15984 (Creative Management System (CMS) Lite 1.4 allows SQL Injection via the ...)
	NOT-FOR-US: Creative Management System (CMS) Lite
CVE-2017-15983 (MyMagazine Magazine &amp; Blog CMS 1.0 allows SQL Injection via the id ...)
	NOT-FOR-US: MyMagazine Magazine & Blog CMS
CVE-2017-15982 (Dynamic News Magazine &amp; Blog CMS 1.0 allows SQL Injection via the id ...)
	NOT-FOR-US: Dynamic News Magazine & Blog CMS
CVE-2017-15981 (Responsive Newspaper Magazine &amp; Blog CMS 1.0 allows SQL Injection via ...)
	NOT-FOR-US: Responsive Newspaper Magazine & Blog CMS
CVE-2017-15980 (US Zip Codes Database Script 1.0 allows SQL Injection via the state ...)
	NOT-FOR-US: US Zip Codes Database Script
CVE-2017-15979 (Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the ...)
	NOT-FOR-US: Shareet - Photo Sharing Social Network
CVE-2017-15978 (AROX School ERP PHP Script 1.0 allows SQL Injection via the ...)
	NOT-FOR-US: AROX School ERP PHP Script
CVE-2017-15977 (Protected Links - Expiring Download Links 1.0 allows SQL Injection via ...)
	NOT-FOR-US: Protected Links - Expiring Download Links
CVE-2017-15976 (ZeeBuddy 2x allows SQL Injection via the admin/editadgroup.php groupid ...)
	NOT-FOR-US: ZeeBuddy
CVE-2017-15975 (Vastal I-Tech Dating Zone 0.9.9 allows SQL Injection via the ...)
	NOT-FOR-US: Vastal I-Tech Dating Zone
CVE-2017-15974 (tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 ...)
	NOT-FOR-US: tPanel
CVE-2017-15973 (Sokial Social Network Script 1.0 allows SQL Injection via the id ...)
	NOT-FOR-US: Sokial Social Network Script
CVE-2017-15972 (SoftDatepro Dating Social Network 1.3 allows SQL Injection via the ...)
	NOT-FOR-US: SoftDatepro Dating Social Network
CVE-2017-15971 (Same Sex Dating Software Pro 1.0 allows SQL Injection via the ...)
	NOT-FOR-US: Same Sex Dating Software Pro
CVE-2017-15970 (PHP CityPortal 2.0 allows SQL Injection via the nid parameter to ...)
	NOT-FOR-US: PHP CityPortal
CVE-2017-15969 (PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to ...)
	NOT-FOR-US: PG All Share Video
CVE-2017-15968 (MyBuilder Clone 1.0 allows SQL Injection via the ...)
	NOT-FOR-US: MyBuilder Clone
CVE-2017-15967 (Mailing List Manager Pro 3.0 allows SQL Injection via the edit ...)
	NOT-FOR-US: Mailing List Manager Pro
CVE-2017-15966 (The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! ...)
	NOT-FOR-US: Zh YandexMap
CVE-2017-15965 (The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for ...)
	NOT-FOR-US: NS Download Shop
CVE-2017-15964 (Job Board Script Software allows SQL Injection via the PATH_INFO to a ...)
	NOT-FOR-US: Job Board Script Software
CVE-2017-15963 (iTech Gigs Script 1.21 allows SQL Injection via the ...)
	NOT-FOR-US: iTech Gigs Script
CVE-2017-15962 (iStock Management System 1.0 allows Arbitrary File Upload via ...)
	NOT-FOR-US: iStock Management System
CVE-2017-15961 (iProject Management System 1.0 allows SQL Injection via the ID ...)
	NOT-FOR-US: iProject Management System
CVE-2017-15960 (Article Directory Script 3.0 allows SQL Injection via the id parameter ...)
	NOT-FOR-US: Article Directory Scrip
CVE-2017-15959 (Adult Script Pro 2.2.4 allows SQL Injection via the PATH_INFO to a ...)
	NOT-FOR-US: Adult Script Pro
CVE-2017-15958 (D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the ...)
	NOT-FOR-US: D-Park Pro Domain Parking Script
CVE-2017-15957 (my_profile.php in Ingenious School Management System 2.3.0 allows a ...)
	NOT-FOR-US: Ingenious School Management System
CVE-2017-15956 (ConverTo Video Downloader &amp; Converter 1.4.1 allows Arbitrary File ...)
	NOT-FOR-US: ConverTo Video Downloader
CVE-2017-15955 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an ...)
	{DSA-4026-1 DLA-1158-1}
	- bchunk 1.2.0-12.1 (bug #880116)
	NOTE: https://github.com/extramaster/bchunk/issues/4
CVE-2017-15954 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a ...)
	{DSA-4026-1 DLA-1158-1}
	- bchunk 1.2.0-12.1 (bug #880116)
	NOTE: https://github.com/extramaster/bchunk/issues/3
CVE-2017-15953 (bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a ...)
	{DSA-4026-1 DLA-1158-1}
	- bchunk 1.2.0-12.1 (bug #880116)
	NOTE: https://github.com/extramaster/bchunk/issues/2
CVE-2017-15952
	RESERVED
CVE-2017-15951 (The KEYS subsystem in the Linux kernel before 4.13.10 does not ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/363b02dab09b3226f3bd1420dad9c72b79a42a76 (v4.14-rc6)
CVE-2017-15950 (Flexense SyncBreeze Enterprise version 10.1.16 is vulnerable to a ...)
	NOT-FOR-US: Flexense SyncBreeze
CVE-2017-15949 (Xavier PHP Management Panel 2.4 allows SQL injection via the usertoedit ...)
	NOT-FOR-US: Xavier PHP Management Panel
CVE-2017-15948 (Perch Content Management System 3.0.3 allows unrestricted file upload ...)
	NOT-FOR-US: Perch Content Management System
CVE-2017-15947 (Simple ASC Content Management System v1.2 has XSS in the location field ...)
	NOT-FOR-US: Simple ASC Content Management
CVE-2017-15946 (In the com_tag component 1.7.6 for Joomla!, a SQL injection ...)
	NOT-FOR-US: Joomla addon
CVE-2017-15945 (The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, ...)
	NOT-FOR-US: Gentoo installation scripts
CVE-2017-15944 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15943 (The configuration file import for applications, spyware and ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15942 (Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15941 (Cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15940 (The web interface packet capture management component in Palo Alto ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-15939 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	- binutils <not-affected> (Incomplete fix not applied)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22205
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a54018b72d75abf2e74bf36016702da06399c1d9
	NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c-incomplete-fix-for-cve-2017-15023/
CVE-2017-15938 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22209
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1b86808a86077722ee4f42ff97f836b12420bb2a
	NOTE: https://blogs.gentoo.org/ago/2017/10/24/binutils-invalid-memory-read-in-find_abstract_instance_name-dwarf2-c/
CVE-2017-15937 (Artica Pandora FMS version 7.0 leaks a full installation pathname via ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15936 (In Artica Pandora FMS version 7.0, an Attacker with write Permission ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15935 (Artica Pandora FMS version 7.0 is vulnerable to remote PHP code ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15934 (Artica Pandora FMS version 7.0 is vulnerable to stored Cross-Site ...)
	NOT-FOR-US: Artica Pandora FMS
CVE-2017-15933 (SQL injection vulnerability vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15932 (In radare2 2.0.1, an integer exception (negative number leading to an ...)
	- radare2 2.1.0+dfsg-1 (bug #880024)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	NOTE: https://github.com/radare/radare2/commit/44ded3ff35b8264f54b5a900cab32ec489d9e5b9
	NOTE: https://github.com/radare/radare2/issues/8743
CVE-2017-15931 (In radare2 2.0.1, an integer exception (negative number leading to an ...)
	- radare2 2.1.0+dfsg-1 (bug #880025)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	NOTE: https://github.com/radare/radare2/commit/c6d0076c924891ad9948a62d89d0bcdaf965f0cd
	NOTE: https://github.com/radare/radare2/issues/8731
CVE-2017-15930 (In ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26, a Null ...)
	{DLA-1154-1}
	- graphicsmagick 1.3.26-16 (bug #879999)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=6fc54b6d2be8
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=da135eaedc3b
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/518/
CVE-2017-15929
	RESERVED
CVE-2017-15928 (In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation ...)
	- ruby-ox 2.8.2-1 (bug #881445)
	[stretch] - ruby-ox 2.1.1-2+deb9u1
	[jessie] - ruby-ox 2.1.1-2+deb8u1
	NOTE: https://github.com/ohler55/ox/issues/194
	NOTE: https://github.com/ohler55/ox/commit/e4565dbc167f0d38c3f93243d7a4fcfc391cbfc8
CVE-2017-15927
	RESERVED
CVE-2017-15926
	RESERVED
CVE-2017-15925
	RESERVED
CVE-2017-15923 (Konversation 1.4.x, 1.5.x, 1.6.x, and 1.7.x before 1.7.3 allow remote ...)
	{DSA-4033-1 DLA-1174-1}
	- konversation 1.7.3-1 (bug #881586)
	NOTE: https://cgit.kde.org/konversation.git/commit/?h=1.7&id=6a7f59ee1b9dbc6e5cf9e5f3b306504d02b73ef0
CVE-2017-15922 (In GNU Libextractor 1.4, there is an out-of-bounds read in the ...)
	{DLA-1198-1}
	- libextractor 1:1.6-2 (low; bug #880016)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00008.html
	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=d4d488b0e5ab13dda241d688d87a07816368f117
CVE-2017-15921 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro ...)
	NOT-FOR-US: Watchdog Anti-Malware
CVE-2017-15920 (In Watchdog Anti-Malware 2.74.186.150 and Online Security Pro ...)
	NOT-FOR-US: Watchdog Anti-Malware
CVE-2017-15918 (Sera 1.2 stores the user's login password in plain text in their home ...)
	NOT-FOR-US: Sera
CVE-2017-15917 (In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2017-15908 (In systemd 223 through 235, a remote DNS server can respond with a ...)
	- systemd 235-3 (bug #880026)
	[stretch] - systemd 232-25+deb9u2
	[jessie] - systemd <not-affected> (Vulnerable code introduced later)
	[wheezy] - systemd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1725351
	NOTE: https://github.com/systemd/systemd/pull/7184
	NOTE: Fix: https://github.com/systemd/systemd/commit/9f939335a07085aa9a9663efd1dca06ef6405d62
CVE-2017-15919 (The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has ...)
	NOT-FOR-US: WordPress plugin ultimate-form-builder-lite
CVE-2017-15916
	RESERVED
CVE-2017-15915
	RESERVED
CVE-2017-15914 (Incorrect implementation of access controls allows remote users to ...)
	- borgbackup 1.1.3-1
	[stretch] - borgbackup <not-affected> (Only affects 1.1.0, 1.1.1 and 1.1.2 releases)
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#version-1-1-3-2017-11-27
CVE-2017-15913 (The Installer in Whale allows DLL hijacking. ...)
	NOT-FOR-US: Installer in Whale
CVE-2017-15912
	RESERVED
CVE-2017-15911 (The Admin Console in Ignite Realtime Openfire Server before 4.1.7 ...)
	NOT-FOR-US: Ignite Realtime Openfire Server
CVE-2017-15910
	RESERVED
CVE-2017-15909 (D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, ...)
	NOT-FOR-US: D-Link
CVE-2017-15907 (SQL injection vulnerability in phpCollab 2.5.1 and earlier allows ...)
	NOT-FOR-US: phpCollab
CVE-2017-15906 (The process_open function in sftp-server.c in OpenSSH before 7.6 does ...)
	- openssh 1:7.6p1-1 (low)
	[stretch] - openssh 1:7.4p1-10+deb9u3
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: https://github.com/openbsd/src/commit/a6981567e8e215acc1ef690c8dbb30f2d9b00a19
CVE-2017-15905
	RESERVED
CVE-2017-15904
	RESERVED
CVE-2017-15903
	RESERVED
CVE-2017-15902
	RESERVED
CVE-2017-15901
	RESERVED
CVE-2017-15900
	RESERVED
CVE-2017-15899
	RESERVED
CVE-2017-15898
	RESERVED
CVE-2017-15897 (Node.js had a bug in versions 8.X and 9.X which caused buffers to not ...)
	- nodejs <not-affected> (Only affects 8.x and 9.x)
CVE-2017-15896 (Node.js was affected by OpenSSL vulnerability CVE-2017-3737 in regards ...)
	- nodejs <not-affected> (HTTP2 module only in 8.x and 9.x and Debian package uses the system copy of OpenSSL)
CVE-2017-15895 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
	NOT-FOR-US: Synology Router Manager
CVE-2017-15894 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-15893 (Directory traversal vulnerability in the SYNO.FileStation.Extract in ...)
	NOT-FOR-US: Synology File Station
CVE-2017-15892 (Multiple cross-site scripting (XSS) vulnerabilities in Slash Command ...)
	NOT-FOR-US: Synology Chat
CVE-2017-15891 (Improper access control vulnerability in SYNO.Cal.EventBase in ...)
	NOT-FOR-US: Synology Calendar
CVE-2017-15890 (Cross-site scripting (XSS) vulnerability in Disclaimer in Synology ...)
	NOT-FOR-US: Synology
CVE-2017-15889 (Command injection vulnerability in smart.cgi in Synology DiskStation ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-15888 (Cross-site scripting (XSS) vulnerability in Custom Internet Radio List ...)
	NOT-FOR-US: Synology
CVE-2017-15887 (An improper restriction of excessive authentication attempts ...)
	NOT-FOR-US: Synology
CVE-2017-15886 (Server-side request forgery (SSRF) vulnerability in Link Preview in ...)
	NOT-FOR-US: Synology Chat
CVE-2017-15885 (Reflected XSS in the web administration portal on the Axis 2100 Network ...)
	NOT-FOR-US: Axis
CVE-2017-15884 (In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-15883 (Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow ...)
	NOT-FOR-US: Sitefinity
CVE-2017-15882 (The London Trust Media Private Internet Access (PIA) application before ...)
	NOT-FOR-US: London Trust Media Private Internet Access (PIA) application
CVE-2017-15881 (Cross-Site Scripting vulnerability in KeystoneJS before 4.0.0-beta.7 ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-15880 (SQL injection vulnerability vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15879 (CSV Injection (aka Excel Macro Injection or Formula Injection) exists ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-15878 (A cross-site scripting (XSS) vulnerability exists in ...)
	NOT-FOR-US: KeystoneJS
CVE-2017-15877 (Insecure Permissions vulnerability in db.php file in GPWeb 8.4.61 ...)
	NOT-FOR-US: GPWeb
CVE-2017-15876 (Unrestricted File Upload vulnerability in GPWeb 8.4.61 allows remote ...)
	NOT-FOR-US: GPWeb
CVE-2017-15875 (SQL injection vulnerability in Password Recovery in GPWeb 8.4.61 ...)
	NOT-FOR-US: GPWeb
CVE-2017-15874 (archival/libarchive/decompress_unlzma.c in BusyBox 1.27.2 has an ...)
	- busybox 1:1.27.2-2 (bug #879732)
	[stretch] - busybox <not-affected> (Vulnerable code not present)
	[jessie] - busybox <not-affected> (Vulnerable code not present)
	[wheezy] - busybox <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=10436
	NOTE: Introduced in: https://git.busybox.net/busybox/commit/?id=3989e5adf454a3ab98412b249c2c9bd2a3175ae0
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=9ac42c500586fa5f10a1f6d22c3f797df11b1f6b
CVE-2017-15873 (The get_next_block function in archival/libarchive/decompress_bunzip2.c ...)
	- busybox 1:1.27.2-2 (bug #879732)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=0402cb32df015d9372578e3db27db47b33d5c7b0
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=10431
CVE-2017-15872 (phpwcms 1.8.9 has XSS in include/inc_tmpl/admin.edituser.tmpl.php and ...)
	NOT-FOR-US: phpwcms
CVE-2017-15871 (** DISPUTED ** The deserialize function in serialize-to-js through ...)
	NOT-FOR-US: Disputed serialize-to-js issue
CVE-2017-15870 (Palo Alto Networks GlobalProtect Agent before 4.0.3 allows attackers ...)
	NOT-FOR-US: Palo Alto Networks GlobalProtect Agent
CVE-2017-15869 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
	NOT-FOR-US: LiveZilla
CVE-2017-15868 (The bnep_add_connection function in net/bluetooth/bnep/core.c in the ...)
	{DSA-4082-1 DLA-1200-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/71bb99a02b32b4cc4265118e85f6035ca72923f0 (v3.19-rc3)
CVE-2017-15867 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: user-login-history plugin for WordPress
CVE-2017-15866
	RESERVED
CVE-2017-15865 (bgpd in FRRouting (FRR) before 2.0.2 and 3.x before 3.0.2, as used in ...)
	- frr <itp> (bug #863249)
CVE-2017-15864 (In the Agent Frontend in Open Ticket Request System (OTRS) 3.3.x ...)
	{DLA-1212-1}
	- otrs2 4.0.7-2
	[jessie] - otrs2 3.3.18-1+deb8u2
	NOTE: https://www.otrs.com/security-advisory-2017-06-security-update-otrs-3-3/
	NOTE: https://github.com/OTRS/otrs/compare/3bc58ebeb9bdbe8107251a03cf7b9b8cfc515f53...80a0a9a138278d63a2621d146eb3c29e982aa2d5
	NOTE: Root cause for the issue is the recursive parsing handling in the old
	NOTE: DTL template engine that OTRS used up to OTRS 3.3. Starting with OTRS 4
	NOTE: OTRS switched to a new Template::Toolkit based engine which does not perform
	NOTE: recursive parsing and not affected by this issue.
CVE-2016-10517 (networking.c in Redis before 3.2.7 allows &quot;Cross Protocol Scripting&quot; ...)
	{DLA-1161-1}
	- redis 3:3.2.7-1
	[stretch] - redis <no-dsa> (Minor issue)
	[jessie] - redis <no-dsa> (Minor issue)
	NOTE: https://github.com/antirez/redis/commit/874804da0c014a7d704b3d285aa500098a931f50
CVE-2017-15863 (Cross Site Scripting (XSS) exists in the wp-noexternallinks plugin ...)
	NOT-FOR-US: WordPress plugin wp-noexternallinks
CVE-2017-15862 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15861 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15860 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15859 (While processing the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15858
	RESERVED
CVE-2017-15857
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15856
	RESERVED
CVE-2017-15855 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15854
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15853 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15852 (Information leak of the ISPIF base address in Android for MSM, Firefox ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15851
	RESERVED
CVE-2017-15850 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15849 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15848 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15847 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15846 (In the video_ioctl2() function in the camera driver in Android for ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15845 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15844
	RESERVED
CVE-2017-15843
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15842
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15841
	RESERVED
CVE-2017-15840
	RESERVED
CVE-2017-15839
	RESERVED
CVE-2017-15838
	RESERVED
CVE-2017-15837 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15836 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15835
	RESERVED
CVE-2017-15834 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15833 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15832
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15831 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15830 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15829 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15828
	RESERVED
CVE-2017-15827
	RESERVED
CVE-2017-15826 (Due to a race condition in MDSS rotator in Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15825
	RESERVED
CVE-2017-15824
	RESERVED
CVE-2017-15823 (In spectral_create_samp_msg() in Android for MSM, Firefox OS for MSM, ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15822 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15821 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15820 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15819
	RESERVED
CVE-2017-15818
	RESERVED
CVE-2017-15817 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-15816
	RESERVED
CVE-2017-15815 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15814 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-15813 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm closed-source components on Android
CVE-2017-15812 (The Easy Appointments plugin before 1.12.0 for WordPress has XSS via a ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-15811 (The Pootle Button plugin before 1.2.0 for WordPress has XSS via the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-15810 (The PopCash.Net Code Integration Tool plugin before 1.1 for WordPress ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-15809 (In phpMyFaq before 2.9.9, there is XSS in admin/tags.main.php via a ...)
	NOT-FOR-US: phpMyFaq
CVE-2017-15808 (In phpMyFaq before 2.9.9, there is CSRF in admin/ajax.config.php. ...)
	NOT-FOR-US: phpMyFaq
CVE-2017-15807
	RESERVED
CVE-2017-15806 (The send function in the ezcMailMtaTransport class in Zeta Components ...)
	NOT-FOR-US: Zeta Components Mail
CVE-2016-10516 (Cross-site scripting (XSS) vulnerability in the render_full function in ...)
	{DLA-1191-1}
	- python-werkzeug 0.11.11+dfsg1-1
	[jessie] - python-werkzeug <no-dsa> (Minor issue)
	NOTE: http://blog.neargle.com/2016/09/21/flask-src-review-get-a-xss-from-debuger/
	NOTE: https://github.com/pallets/werkzeug/pull/1001
	NOTE: https://github.com/pallets/werkzeug/commit/1034edc7f901dd645ec6e462754111b39002bd65
CVE-2017-15805 (Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and ...)
	NOT-FOR-US: Cisco
CVE-2017-15804 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
	- glibc 2.25-3 (low; bug #879955)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22332
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a159b53fa059947cc2548e3b0d5bdcf7b9630ba8
CVE-2017-15803 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15802 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15801 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15800
	REJECTED
CVE-2017-15799
	REJECTED
CVE-2017-15798
	REJECTED
CVE-2017-15797
	REJECTED
CVE-2017-15796
	REJECTED
CVE-2017-15795
	REJECTED
CVE-2017-15794
	REJECTED
CVE-2017-15793
	REJECTED
CVE-2017-15792
	REJECTED
CVE-2017-15791
	REJECTED
CVE-2017-15790
	REJECTED
CVE-2017-15789 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15788 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15787 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15786 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15785 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15784 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15783 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15782 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15781 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15780 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15779 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15778 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15777 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15776 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15775 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15774 (XnView Classic for Windows Version 2.43 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-15773 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15772 (XnView Classic for Windows Version 2.43 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-15771
	REJECTED
CVE-2017-15770
	REJECTED
CVE-2017-15769 (IrfanView 4.50 - 64bit allows attackers to cause a denial of service or ...)
	NOT-FOR-US: IrfanView
CVE-2017-15768 (IrfanView version 4.50 - 64bit allows attackers to cause a denial of ...)
	NOT-FOR-US: IrfanView
CVE-2017-15767 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15766 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15765 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15764 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15763 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15762 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15761 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15760 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15759 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15758 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15757 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15756 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15755 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15754 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15753 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15752 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15751 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15750 (IrfanView 4.50 - 64bit with BabaCAD4Image plugin version 1.3 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15749 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15748 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15747 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15746 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15745 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15744 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15743 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15742 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15741 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15740 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15739 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15738 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15737 (IrfanView 4.50 - 64bit with CADImage plugin version 12.0.0.5 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15736 (Cross-site scripting (XSS) vulnerability (stored) in SPIP before 3.1.7 ...)
	- spip <unfixed> (bug #879954)
	[stretch] - spip <no-dsa> (Minor issue)
	[jessie] - spip <no-dsa> (Minor issue)
	[wheezy] - spip <not-affected> (vulnerable code not present)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23701
CVE-2017-15735 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15734 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15733 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15732 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15731 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15730 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15729 (In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15728 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15727 (In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-15726
	RESERVED
CVE-2017-15725
	RESERVED
CVE-2017-15724
	RESERVED
CVE-2017-15723 (In Irssi before 1.0.5, overlong nicks or targets may result in a NULL ...)
	{DSA-4016-1}
	- irssi 1.0.5-1 (bug #879521)
	[wheezy] - irssi <not-affected> (Vulnerable code introduced in 0.8.17)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15722 (In certain cases, Irssi before 1.0.5 may fail to verify that a Safe ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15721 (In Irssi before 1.0.5, certain incorrectly formatted DCC CTCP messages ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15720
	RESERVED
CVE-2017-15719 (In Wicket jQuery UI 6.28.0 and earlier, 7.9.1 and earlier, and ...)
	NOT-FOR-US: Wicket jQuery UI
CVE-2017-15718 (The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the ...)
	- hadoop <itp> (bug #793644)
CVE-2017-15717 (A flaw in the way URLs are escaped and encoded in the ...)
	NOT-FOR-US: Apache Sling
CVE-2017-15716
	RESERVED
CVE-2017-15715 (In Apache httpd 2.4.0 to 2.4.29, the expression specified in ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/6
CVE-2017-15714 (The BIRT plugin in Apache OFBiz 16.11.01 to 16.11.03 does not escape ...)
	NOT-FOR-US: BIRT plugin in Apache OFBiz
CVE-2017-15713 (Vulnerability in Apache Hadoop 0.23.x, 2.x before 2.7.5, 2.8.x before ...)
	- hadoop <itp> (bug #793644)
CVE-2017-15712 (Vulnerability allows a user of Apache Oozie 3.1.3-incubating to 4.3.0 ...)
	NOT-FOR-US: Oozie
CVE-2017-15711
	REJECTED
CVE-2017-15710 (In Apache httpd 2.0.23 to 2.0.65, 2.2.0 to 2.2.34, and 2.4.0 to ...)
	{DSA-4164-1}
	- apache2 2.4.33-1
	NOTE: http://www.openwall.com/lists/oss-security/2018/03/24/8
CVE-2017-15709 (When using the OpenWire protocol in ActiveMQ versions 5.14.0 to 5.15.2 ...)
	- activemq 5.15.3-1 (bug #890352)
	[stretch] - activemq <no-dsa> (Minor issue)
	[jessie] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
	[wheezy] - activemq <not-affected> (Issue introduced with OpenWire protocol support)
CVE-2017-15708 (In Apache Synapse, by default no authentication is required for Java ...)
	NOT-FOR-US: Apache Synapse
CVE-2017-15707 (In Apache Struts 2.5 to 2.5.14, the REST Plugin is using an outdated ...)
	- libstruts1.2-java <not-affected> (Specific to 2.x)
CVE-2017-15706 (As part of the fix for bug 61201, the documentation for Apache Tomcat ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.24-1
	[stretch] - tomcat8 <not-affected> (Issue introduced later)
	[jessie] - tomcat8 <not-affected> (Issue introduced later)
	- tomcat8.0 <unfixed> (unimportant)
	NOTE: tomcat8.0 builds only tomcat8.0-user and libtomcat8.0-java
	- tomcat7 <not-affected> (Only affects 7.0.79 to 7.0.82, Upstream bugzilla entry bz#61201 not addressed)
	NOTE: https://svn.apache.org/r1814828 (7.0.x)
	NOTE: https://svn.apache.org/r1814827 (8.0.x)
	NOTE: https://svn.apache.org/r1814826 (8.5.x)
	NOTE: Introduced by fix for https://bz.apache.org/bugzilla/show_bug.cgi?id=61201
	NOTE: https://lists.apache.org/thread.html/e1ef853fc0079cdb55befbd2dac042934e49288b476d5f6a649e5da2@%3Cannounce.tomcat.apache.org%3E
CVE-2017-15705
	RESERVED
CVE-2017-15704
	REJECTED
CVE-2017-15703 (Any authenticated user (valid client certificate but without ACL ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-15702 (In Apache Qpid Broker-J 0.18 through 0.32, if the broker is configured ...)
	- qpid-java <itp> (bug #840131)
CVE-2017-15701 (In Apache Qpid Broker-J versions 6.1.0 through 6.1.4 (inclusive) the ...)
	- qpid-java <itp> (bug #840131)
CVE-2017-15700 (A flaw in the org.apache.sling.auth.core.AuthUtil#isRedirectValid ...)
	NOT-FOR-US: Apache Sling Authentication Service
CVE-2017-15699 (A Denial of Service vulnerability was found in Apache Qpid Dispatch ...)
	- qpid-dispatch <itp> (bug #737776)
	NOTE: http://www.openwall.com/lists/oss-security/2018/02/13/5
CVE-2017-15698 (When parsing the AIA-Extension field of a client certificate, Apache ...)
	{DSA-4118-1 DLA-1276-1}
	- tomcat-native 1.2.16-1
	NOTE: https://lists.apache.org/thread.html/6eb0a53e5827d97db1a05c736d01101fec21202a5b8fc77bb0eaaed8@%3Cannounce.tomcat.apache.org%3E
	NOTE: http://svn.apache.org/r1815200
	NOTE: http://svn.apache.org/r1815218
	NOTE: Affects: 1.2.0 to 1.2.14 and 1.1.23 to 1.1.34
CVE-2017-15697 (A malicious X-ProxyContextPath or X-Forwarded-Context header ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-15696 (When an Apache Geode cluster before v1.4.0 is operating in secure ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15695
	RESERVED
CVE-2017-15694
	RESERVED
CVE-2017-15693 (In Apache Geode before v1.4.0, the Geode server stores application ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15692 (In Apache Geode before v1.4.0, the TcpServer within the Geode locator ...)
	NOT-FOR-US: Apache Geode
CVE-2017-15691 (In Apache uimaj prior to 2.10.2, Apache uimaj 3.0.0-xxx prior to ...)
	- uimaj <unfixed> (bug #897009)
	[stretch] - uimaj <no-dsa> (Minor issue)
	[jessie] - uimaj <no-dsa> (Minor issue)
	[wheezy] - uimaj <no-dsa> (Minor issue)
	NOTE: https://uima.apache.org/security_report#CVE-2017-15691
CVE-2017-15924 (In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing ...)
	{DSA-4009-1}
	- shadowsocks-libev 3.1.0+ds-2
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-010-shadowsocks-libev/
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/issues/1734
	NOTE: https://github.com/shadowsocks/shadowsocks-libev/commit/c67d275
CVE-2017-15690
	RESERVED
CVE-2017-15689
	RESERVED
CVE-2017-15688
	RESERVED
CVE-2017-15687 (DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server ...)
	NOT-FOR-US: Logitech
CVE-2017-15686
	RESERVED
CVE-2017-15685
	RESERVED
CVE-2017-15684
	RESERVED
CVE-2017-15683
	RESERVED
CVE-2017-15682
	RESERVED
CVE-2017-15681
	RESERVED
CVE-2017-15680
	RESERVED
CVE-2017-15679
	RESERVED
CVE-2017-15678
	RESERVED
CVE-2017-15677
	RESERVED
CVE-2017-15676
	RESERVED
CVE-2017-15675
	RESERVED
CVE-2017-15674
	RESERVED
CVE-2017-15673 (The files function in the administration section in CS-Cart 4.6.2 and ...)
	NOT-FOR-US: CS-Cart
CVE-2017-15672 (The read_header function in libavcodec/ffv1dec.c in FFmpeg 3.3.4 and ...)
	{DSA-4049-1}
	- ffmpeg 7:3.4-1
	- libav <undetermined>
	NOTE: Fixed by: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c20f4fcb74da2d0432c7b54499bb98f48236b904
CVE-2017-15671 (The glob function in glob.c in the GNU C Library (aka glibc or libc6) ...)
	[experimental] - glibc 2.26-0experimental0
	- glibc 2.25-3 (low; bug #879500)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22325
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c66c908230169c1bab1f83b071eb585baa214b9f
CVE-2017-15670 (The GNU C Library (aka glibc or libc6) before 2.27 contains an ...)
	[experimental] - glibc 2.26-0experimental0
	- glibc 2.25-3 (low; bug #879501)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22320
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=c369d66e5426a30e4725b100d5cd28e372754f90 (master)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a76376df7c07e577a9515c3faa5dbd50bda5da07 (release/2.26/master)
CVE-2017-15669
	RESERVED
CVE-2017-15668
	RESERVED
CVE-2017-15667 (In Flexense SysGauge Server 3.6.18, the Control Protocol suffers from a ...)
	NOT-FOR-US: Flexense SysGauge Server
CVE-2017-15666
	RESERVED
CVE-2017-15665 (In Flexense DiskBoss Enterprise 8.5.12, the Control Protocol suffers ...)
	NOT-FOR-US: Flexense DiskBoss Enterprise
CVE-2017-15664 (In Flexense Sync Breeze Enterprise v10.1.16, the Control Protocol ...)
	NOT-FOR-US: Flexense Sync Breeze Enterprise
CVE-2017-15663 (In Flexense Disk Pulse Enterprise v10.1.18, the Control Protocol ...)
	NOT-FOR-US: Flexense Disk Pulse Enterprise
CVE-2017-15662 (In Flexense VX Search Enterprise v10.1.12, the Control Protocol ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2017-15661
	RESERVED
CVE-2017-15660
	RESERVED
CVE-2017-15659
	RESERVED
CVE-2017-15658
	RESERVED
CVE-2017-15657
	RESERVED
CVE-2017-15656 (Password are stored in plaintext in nvram in the HTTPd server in all ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15655 (Multiple buffer overflow vulnerabilities exist in the HTTPd server in ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15654 (Highly predictable session tokens in the HTTPd server in all current ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15653 (Improper administrator IP validation after his login in the HTTPd ...)
	NOT-FOR-US: HTTPd server in Asus asuswrt
CVE-2017-15652
	RESERVED
CVE-2017-15651 (PRTG Network Monitor 17.3.33.2830 allows remote authenticated ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15649 (net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/008ba2a13f2d04c947adc536d19debb8fe66f110
	NOTE: Fixed by: https://git.kernel.org/linus/4971613c1639d8e5f102c4e797c3bf8f83a5a69e
CVE-2017-15648 (In PHPSUGAR PHP Melody before 2.7.3, page_manager.php has XSS via the ...)
	NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15647 (On FiberHome routers, Directory Traversal exists in /cgi-bin/webproc ...)
	NOT-FOR-US: On FiberHome
CVE-2017-15646 (Webmin before 1.860 has XSS with resultant remote code execution. Under ...)
	- webmin <removed>
CVE-2017-15645 (CSRF exists in Webmin 1.850. By sending a GET request to ...)
	- webmin <removed>
CVE-2017-15644 (SSRF exists in Webmin 1.850 via the PATH_INFO to tunnel/link.cgi, as ...)
	- webmin <removed>
CVE-2017-15643 (An active network attacker (MiTM) can achieve remote code execution on ...)
	NOT-FOR-US: IKARUS Anti Virus
CVE-2017-15650 (musl libc before 1.1.17 has a buffer overflow via crafted DNS replies ...)
	- musl 1.1.17-1
	[stretch] - musl <no-dsa> (Minor issue)
	[jessie] - musl <no-dsa> (Minor issue)
	NOTE: https://git.musl-libc.org/cgit/musl/patch/?id=45ca5d3fcb6f874bf5ba55d0e9651cef68515395
CVE-2017-15642 (In lsx_aiffstartread in aiff.c in Sound eXchange (SoX) 14.4.2, there is ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #882144)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/sox/bugs/298/
CVE-2017-15641
	RESERVED
CVE-2017-15640 (app/sections/user-menu.php in phpIPAM before 1.3.1 has XSS via the ip ...)
	NOT-FOR-US: phpIPAM
CVE-2017-15639 (tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to ...)
	NOT-FOR-US: Mura CMS
CVE-2017-15638 (The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux ...)
	NOT-FOR-US: SuSEfirewall2 in SUSE
CVE-2012-6707 (WordPress through 4.8.2 uses a weak MD5-based password hashing ...)
	- wordpress <unfixed> (bug #880868)
	[stretch] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	[jessie] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	[wheezy] - wordpress <postponed> (Minor issue, can be revisited with upstream has picked a new hashing solution)
	NOTE: https://core.trac.wordpress.org/ticket/21022
	NOTE: Proposed patch (but not merged): https://core.trac.wordpress.org/attachment/ticket/21022/21022.3.diff
	NOTE: Cf. https://core.trac.wordpress.org/ticket/21022#comment:80 and following.
CVE-2017-15637 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15636 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15635 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15634 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15633 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15632 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15631 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15630 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15629 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15628 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15627 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15626 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15625 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15624 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15623 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15622 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15621 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15620 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15619 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15618 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15617 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15616 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15615 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15614 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15613 (TP-Link WVR, WAR and ER devices allow remote authenticated ...)
	NOT-FOR-US: TP-Link
CVE-2017-15612 (mistune.py in Mistune 0.7.4 allows XSS via an unexpected newline (such ...)
	- mistune 0.8-1 (bug #879098)
	[stretch] - mistune <no-dsa> (Minor issue)
	NOTE: https://github.com/lepture/mistune/pull/140
	NOTE: https://github.com/lepture/mistune/commit/d6f0b6402299bf5a380e7b4e77bd80e8736630fe
CVE-2017-15611 (In Octopus before 3.17.7, an authenticated user who was explicitly ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-15610 (An issue was discovered in Octopus before 3.17.7. When the special ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-15609 (Octopus before 3.17.7 allows attackers to obtain sensitive cleartext ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-15608
	RESERVED
CVE-2017-15607 (Inedo Otter before 1.7.4 has directory traversal in filesystem-based ...)
	NOT-FOR-US: Inedo Otter
CVE-2017-15606
	RESERVED
CVE-2017-15605
	RESERVED
CVE-2017-15604
	RESERVED
CVE-2017-15603
	RESERVED
CVE-2017-15602 (In GNU Libextractor 1.4, there is an integer signedness error for the ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (low)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00005.html
	NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=ffab889c1710c7646af9ed360c796a2a0a619efc
CVE-2017-15601 (In GNU Libextractor 1.4, there is a heap-based buffer overflow in the ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (low)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00006.html
	NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=f813535dad4ad860b989952a46266a1469801091
CVE-2017-15600 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in the ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (low)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00004.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501695
	NOTE: Fixed by https://gnunet.org/git/libextractor.git/commit/?id=38e8933539ee9d044057b18a971c2eae3c21aba7
CVE-2017-15599
	RESERVED
CVE-2017-15598
	RESERVED
CVE-2017-15597 (An issue was discovered in Xen through 4.9.x. Grant copying code made ...)
	{DSA-4050-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-236.html
CVE-2017-15586
	RESERVED
CVE-2017-15585
	RESERVED
CVE-2017-15584
	RESERVED
CVE-2017-15583 (The embedded web server on ABB Fox515T 1.0 devices is vulnerable to ...)
	NOT-FOR-US: ABB Fox515T 1.0 devices
CVE-2017-15582 (In net.MCrypt in the &quot;Diary with lock&quot; (aka WriteDiary) application ...)
	NOT-FOR-US: Diary with lock
CVE-2017-15581 (In the &quot;Diary with lock&quot; (aka WriteDiary) application 4.72 for Android, ...)
	NOT-FOR-US: Diary with lock
CVE-2017-15580 (osTicket 1.10.1 provides a functionality to upload 'html' files with ...)
	NOT-FOR-US: osTicket
CVE-2017-15579 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via an ...)
	NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15578 (In PHPSUGAR PHP Melody before 2.7.3, SQL Injection exists via the image ...)
	NOT-FOR-US: PHPSUGAR PHP Melody
CVE-2017-15567 (The certificate import component in IDEMIA (formerly Morpho) ...)
	NOT-FOR-US: IDEMIA
CVE-2017-15566 (Insecure SPANK environment variable handling exists in SchedMD Slurm ...)
	{DSA-4023-1}
	- slurm-llnl 17.02.9-1 (bug #880530)
	[jessie] - slurm-llnl <not-affected> (Vulnerable code introduced later)
	[wheezy] - slurm-llnl <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.schedmd.com/show_bug.cgi?id=4228 (not public)
	NOTE: Fixed by: https://github.com/SchedMD/slurm/commit/b30e9e9ee2ade6951bfaf28e15ef77325a206971
CVE-2017-15565 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (bug #879066)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103016
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19ebd40547186a8ea6da08c8d8e2a6d6b7e84f5d
CVE-2017-15564
	REJECTED
CVE-2017-15563
	REJECTED
CVE-2017-15562
	REJECTED
CVE-2017-15561
	REJECTED
CVE-2017-15560
	REJECTED
CVE-2017-15559
	REJECTED
CVE-2017-15558
	REJECTED
CVE-2017-15557
	REJECTED
CVE-2017-15556
	REJECTED
CVE-2017-15555
	RESERVED
CVE-2017-15554
	RESERVED
CVE-2017-15553
	RESERVED
CVE-2017-15552
	RESERVED
CVE-2017-15551
	RESERVED
CVE-2017-15550 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2017-15549 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2017-15548 (An issue was discovered in EMC Avamar Server 7.1.x, 7.2.x, 7.3.x, ...)
	NOT-FOR-US: EMC Avamar Server
CVE-2017-15547
	RESERVED
CVE-2017-15546 (The Security Console in EMC RSA Authentication Manager 8.2 SP1 P6 and ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2017-15545
	REJECTED
CVE-2017-15544
	REJECTED
CVE-2017-15543
	REJECTED
CVE-2017-15542
	REJECTED
CVE-2017-15541
	REJECTED
CVE-2017-15540
	REJECTED
CVE-2017-15539 (SQL Injection exists in zorovavi/blog through 2017-10-17 via the id ...)
	NOT-FOR-US: zorovavi/blog
CVE-2017-15587 (An integer overflow was discovered in pdf_read_new_xref_section in ...)
	{DSA-4006-2 DSA-4006-1 DLA-1164-1}
	- mupdf 1.11+ds1-2 (bug #879055)
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=82df2631d7d0446b206ea6b434ea609b6c28b0e8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698605 (not public)
	NOTE: https://nandynarwhals.org/CVE-2017-15587/
CVE-2017-15538 (Stored XSS vulnerability in the Media Objects component of ILIAS before ...)
	NOT-FOR-US: ILIAS
CVE-2017-15536 (An issue was discovered in Cloudera Data Science Workbench (CDSW) 1.x ...)
	NOT-FOR-US: Cloudera Data Science Workbench
CVE-2017-15535 (MongoDB 3.4.x before 3.4.10, and 3.5.x-development, has a ...)
	- mongodb <not-affected> (wire protocol compression introduced in 3.4.x and disabled by default)
	NOTE: https://jira.mongodb.org/browse/SERVER-31273
CVE-2017-15534 (The Norton App Lock prior to version 1.3.0.13 can be susceptible to an ...)
	NOT-FOR-US: Noron App Lock
CVE-2017-15533 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.10 prior to 3.10.4.1, 3.11, ...)
	NOT-FOR-US: Symantec
CVE-2017-15532 (Prior to 10.6.4, Symantec Messaging Gateway may be susceptible to a ...)
	NOT-FOR-US: Symantec
CVE-2017-15531 (Symantec Reporter 9.5 prior to 9.5.4.1 and 10.1 prior to 10.1.5.5 ...)
	NOT-FOR-US: Symantec
CVE-2017-15530 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
	NOT-FOR-US: Norton
CVE-2017-15529 (Prior to 4.4.1.10, the Norton Family Android App can be susceptible to ...)
	NOT-FOR-US: Norton
CVE-2017-15528 (Prior to v 7.6, the Install Norton Security (INS) product can be ...)
	NOT-FOR-US: Install Norton Security
CVE-2017-15527 (Prior to ITMS 8.1 RU4, the Symantec Management Console can be ...)
	NOT-FOR-US: Symantec
CVE-2017-15526 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...)
	NOT-FOR-US: Symantec
CVE-2017-15525 (Prior to SEE v11.1.3MP1, Symantec Endpoint Encryption can be ...)
	NOT-FOR-US: Symantec
CVE-2017-15524 (The Application Firewall Pack (AFP, aka Web Application Firewall) ...)
	NOT-FOR-US: Kemp Load Balancer
CVE-2017-15523
	REJECTED
CVE-2017-15522
	REJECTED
CVE-2017-15521
	REJECTED
CVE-2017-15520
	REJECTED
CVE-2017-15519 (Versions of SnapCenter 2.0 through 3.0.1 allow unauthenticated remote ...)
	NOT-FOR-US: SnapCenter
CVE-2017-15518 (All versions of OnCommand API Services prior to 2.1 and NetApp Service ...)
	NOT-FOR-US: NetApp
CVE-2017-15517 (AltaVault OST Plug-in versions prior to 1.2.2 may allow attackers to ...)
	NOT-FOR-US: AltaVault OST Plug-in
CVE-2017-15516 (NetApp SnapCenter Server versions 1.1 through 2.x are susceptible to a ...)
	NOT-FOR-US: NetApp
CVE-2017-15515
	RESERVED
CVE-2017-15514
	RESERVED
CVE-2017-15568 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882544)
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: upstream fixed in 3.2.8, 3.3.5 and 3.4.3
	NOTE: https://github.com/redmine/redmine/commit/94f7cfbf990028348b9262578acbc53a94fce448
CVE-2017-15569 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882545)
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: https://github.com/redmine/redmine/commit/56c8ee0440d8555aa7822d947ba9091c8a791508
CVE-2017-15570 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882547)
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: https://github.com/redmine/redmine/commit/1a0976417975a128b0a932ba1552c37e9414953b
CVE-2017-15571 (In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, ...)
	{DSA-4191-1}
	- redmine 3.4.4-1 (bug #882548)
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/27186 (private)
	NOTE: https://github.com/redmine/redmine/commit/273dd9cb3bcfb1e0a0b90570b3b34eafa07d67aa
CVE-2017-15573 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, XSS exists because ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/25503 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15572 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, remote attackers can ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/24416 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15575 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, Redmine.pm lacks a ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/24307 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15574 (In Redmine before 3.2.6 and 3.3.x before 3.3.3, stored XSS is possible ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/24199 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15576 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles Time Entry ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/23803 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2017-15577 (Redmine before 3.2.6 and 3.3.x before 3.3.3 mishandles the rendering of ...)
	{DSA-4191-1}
	- redmine 3.4.2-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/23793 (private)
	NOTE: upstream fixed in 3.2.6 and 3.3.3
CVE-2016-10515 (In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting ...)
	- redmine 3.2.3-1
	[jessie] - redmine <end-of-life> (See DSA-4191-1)
	[wheezy] - redmine <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: upstream fixed in 3.2.3
CVE-2017-15537 (The x86/fpu (Floating Point Unit) subsystem in the Linux kernel before ...)
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/814fb7bb7db5433757d76f4c4502c96fc53b0b5e (v4.14-rc3)
CVE-2017-15513
	REJECTED
CVE-2017-15512
	REJECTED
CVE-2017-15511
	REJECTED
CVE-2017-15510
	REJECTED
CVE-2017-15509
	REJECTED
CVE-2017-15508
	REJECTED
CVE-2017-15507
	REJECTED
CVE-2017-15506
	REJECTED
CVE-2017-15505
	REJECTED
CVE-2017-15504
	REJECTED
CVE-2017-15503
	REJECTED
CVE-2017-15502
	REJECTED
CVE-2017-15501
	REJECTED
CVE-2017-15500
	REJECTED
CVE-2017-15499
	REJECTED
CVE-2017-15498
	REJECTED
CVE-2017-15497
	REJECTED
CVE-2017-15496
	REJECTED
CVE-2017-15495
	REJECTED
CVE-2017-15494
	REJECTED
CVE-2017-15493
	REJECTED
CVE-2017-15492
	REJECTED
CVE-2017-15491
	REJECTED
CVE-2017-15490
	REJECTED
CVE-2017-15489
	REJECTED
CVE-2017-15488
	REJECTED
CVE-2017-15487
	REJECTED
CVE-2017-15486
	REJECTED
CVE-2017-15485
	REJECTED
CVE-2017-15484
	REJECTED
CVE-2017-15483
	REJECTED
CVE-2017-15482
	REJECTED
CVE-2017-15481
	REJECTED
CVE-2017-15480
	REJECTED
CVE-2017-15479
	REJECTED
CVE-2017-15478
	REJECTED
CVE-2017-15477
	REJECTED
CVE-2017-15476
	REJECTED
CVE-2017-15475
	REJECTED
CVE-2017-15474
	REJECTED
CVE-2017-15473
	REJECTED
CVE-2017-15472
	REJECTED
CVE-2017-15471
	REJECTED
CVE-2017-15470
	REJECTED
CVE-2017-15469
	REJECTED
CVE-2017-15468
	REJECTED
CVE-2017-15467
	REJECTED
CVE-2017-15466
	REJECTED
CVE-2017-15465
	REJECTED
CVE-2017-15464
	REJECTED
CVE-2017-15463
	REJECTED
CVE-2017-15462
	REJECTED
CVE-2017-15461
	REJECTED
CVE-2017-15460
	REJECTED
CVE-2017-15459
	REJECTED
CVE-2017-15458
	REJECTED
CVE-2017-15457
	REJECTED
CVE-2017-15456
	REJECTED
CVE-2017-15455
	REJECTED
CVE-2017-15454
	REJECTED
CVE-2017-15453
	REJECTED
CVE-2017-15452
	REJECTED
CVE-2017-15451
	REJECTED
CVE-2017-15450
	REJECTED
CVE-2017-15449
	REJECTED
CVE-2017-15448
	REJECTED
CVE-2017-15447
	REJECTED
CVE-2017-15446
	REJECTED
CVE-2017-15445
	REJECTED
CVE-2017-15444
	REJECTED
CVE-2017-15443
	REJECTED
CVE-2017-15442
	REJECTED
CVE-2017-15441
	REJECTED
CVE-2017-15440
	REJECTED
CVE-2017-15439
	REJECTED
CVE-2017-15438
	REJECTED
CVE-2017-15437
	REJECTED
CVE-2017-15436
	REJECTED
CVE-2017-15435
	REJECTED
CVE-2017-15434
	REJECTED
CVE-2017-15433
	REJECTED
CVE-2017-15432
	REJECTED
CVE-2017-15431
	RESERVED
CVE-2017-15430
	RESERVED
CVE-2017-15429
	RESERVED
	{DSA-4103-1}
	- chromium-browser 64.0.3282.119-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15428
	RESERVED
CVE-2017-15427
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15426
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15425
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15424
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15423
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15422 [integer overflow in icu]
	RESERVED
	{DSA-4150-1}
	- icu 57.1-9 (bug #892766)
	[wheezy] - icu <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/chromium/issues/detail?id=774382
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1523136
	NOTE: Issue fixed in: https://ssl.icu-project.org/trac/changeset/40654
CVE-2017-15421
	RESERVED
CVE-2017-15420
	RESERVED
	{DSA-4103-1 DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15419
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15418
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15417
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15416
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15415
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15414
	RESERVED
CVE-2017-15413
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15412 [use after free]
	RESERVED
	{DSA-4086-1 DLA-1211-1}
	- libxml2 2.9.4+dfsg1-5.2 (bug #883790)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=727039
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783160 (not public)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=0f3b843b3534784ef57a4f9b874238aa1fda5a73
CVE-2017-15411
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15410
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15409
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15408
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15407
	RESERVED
	{DSA-4064-1}
	- chromium-browser 63.0.3239.84-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15406
	RESERVED
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15405
	RESERVED
CVE-2017-15404
	RESERVED
CVE-2017-15403
	RESERVED
CVE-2017-15402
	RESERVED
CVE-2017-15401
	RESERVED
CVE-2017-15400 (Insufficient restriction of IPP filters in CUPS in Google Chrome OS ...)
	- cups 2.2.3-2
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=777215
	NOTE: Patches from upstream to restrict what filters will be accpeted
	NOTE: https://github.com/apple/cups/commit/07428f6a640ff93aa0b4cc69ca372e2cf8490e41 (v2.2.2)
	NOTE: https://github.com/apple/cups/commit/1add23375658e9163e5493ee19de7c9f7a9b483b (v2.2.2)
	TODO: double-check
CVE-2017-15399
	RESERVED
	{DSA-4024-1}
	- chromium-browser 62.0.3202.89-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15398
	RESERVED
	{DSA-4024-1}
	- chromium-browser 62.0.3202.89-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15397 (Inappropriate implementation in ChromeVox in Google Chrome OS prior to ...)
	NOT-FOR-US: ChromeVox in Google Chrome OS
CVE-2017-15396
	RESERVED
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-15395 (A use after free in Blink in Google Chrome prior to 62.0.3202.62 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15394 (Insufficient Policy Enforcement in Extensions in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15393 (Insufficient Policy Enforcement in Devtools remote debugging in Google ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15392 (Insufficient data validation in V8 in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15391 (Insufficient Policy Enforcement in Extensions in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15390 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15389 (An insufficient watchdog timer in navigation in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15388 (Iteration through non-finite points in Skia in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15387 (Insufficient enforcement of Content Security Policy in Blink in Google ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15386 (Incorrect implementation in Blink in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-15385 (The store_versioninfo_gnu_verdef function in libr/bin/format/elf/elf.c ...)
	- radare2 2.1.0+dfsg-1 (bug #879119)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 0.10.2)
	NOTE: https://github.com/radare/radare2/issues/8685
	NOTE: https://github.com/radare/radare2/commit/21a6f570ba33fa9f52f1bba87f07acc4e8c178f4
CVE-2017-15384 (rate-me.php in Rate Me 1.0 has XSS via the id field in a rate action. ...)
	NOT-FOR-US: Rate Me
CVE-2017-15383 (Nero 7.10.1.0 has an unquoted BINARY_PATH_NAME for NBService, ...)
	NOT-FOR-US: Nero
CVE-2017-15382
	RESERVED
CVE-2017-15381 (SQL Injection exists in E-Sic 1.0 via the f parameter to ...)
	NOT-FOR-US: E-Sic
CVE-2017-15380 (XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the ...)
	NOT-FOR-US: E-Sic
CVE-2017-15379 (An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI ...)
	NOT-FOR-US: E-Sic
CVE-2017-15378 (SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the ...)
	NOT-FOR-US: E-Sic
CVE-2017-15377 (In Suricata before 4.x, it was possible to trigger lots of redundant ...)
	- suricata 1:4.0.0-1 (low)
	[stretch] - suricata <no-dsa> (Minor issue)
	[jessie] - suricata <no-dsa> (Minor issue)
	[wheezy] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/OISF/suricata/pull/2680/commits/47afc577ff763150f9b47f10331f5ef9eb847a57
	NOTE: https://redmine.openinfosecfoundation.org/issues/2231
CVE-2017-15376 (The TELNET service in Mobatek MobaXterm 10.4 does not require ...)
	NOT-FOR-US: Mobatek MobaXterm
CVE-2017-15375 (Multiple client-side cross site scripting vulnerabilities have been ...)
	NOT-FOR-US: WpJobBoard
CVE-2017-15374 (Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the ...)
	NOT-FOR-US: Shopware
CVE-2017-15373 (E-Sic 1.0 allows SQL injection via the q parameter to ...)
	NOT-FOR-US: E-Sic
CVE-2017-15372 (There is a stack-based buffer overflow in the ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #878808)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500553
CVE-2017-15371 (There is a reachable assertion abort in the function ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #878809)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500570
CVE-2017-15370 (There is a heap-based buffer overflow in the ImaExpandS function of ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #878810)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500554
CVE-2017-15369 (The build_filter_chain function in pdf/pdf-stream.c in Artifex MuPDF ...)
	- mupdf <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=c2663e51238ec8256da7fc61ad580db891d9fe9a
	NOTE: Introduced by: http://git.ghostscript.com/?p=mupdf.git;h=2707fa9e8e6d17d794330e719dec1b08161fb045
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698592
CVE-2017-15368 (The wasm_dis function in libr/asm/arch/wasm/wasm.c in radare2 2.0.0 ...)
	- radare2 2.1.0+dfsg-1 (bug #878767)
	[stretch] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 2.0.0)
	NOTE: https://github.com/radare/radare2/issues/8673
	NOTE: https://github.com/radare/radare2/commit/52b1526443c1f433087928291d1c3d37a5600515
CVE-2017-15367 (Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection ...)
	NOT-FOR-US: Bacula-Web
CVE-2017-15366 (Before Thornberry NDoc version 8.0, laptop clients and the server have ...)
	NOT-FOR-US: Thornberry NDoc
CVE-2017-15365 (sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before ...)
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 <unfixed> (bug #885345)
	[stretch] - mariadb-10.1 <postponed> (Minor issue)
	- mariadb-10.0 <undetermined>
	- percona-xtrabackup <undetermined>
	- mysql-5.7 <undetermined>
	- mysql-5.5 <undetermined>
	[wheezy] - mysql-5.5 <not-affected> (Vulnerable code not present)
	NOTE: MariaDB: Fixed in 10.2.10, 10.1.30
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1524234
	NOTE: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
	NOTE: Likely (unconfirmed) fix: https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e?diff=unified
	NOTE: Possibly only introduced with https://github.com/MariaDB/server/commit/df4dd593f29aec8e2116aec1775ad4b8833d8c93 (mariadb-10.1.1)
	NOTE: starting to be present in mariadb-10.1.1.
CVE-2017-15364 (The foreach function in ext/ccsv.c in Ccsv 1.1.0 allows remote ...)
	NOT-FOR-US: ccsv
CVE-2017-15363 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Luracast Restler
CVE-2017-15362 (osTicket 1.10.1 allows arbitrary client-side JavaScript code execution ...)
	NOT-FOR-US: osTicket
CVE-2017-15361 (The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module ...)
	NOT-FOR-US: Infineon RSA library
CVE-2017-15360 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15359 (In the 3CX Phone System 15.5.3554.1, the Management Console typically ...)
	NOT-FOR-US: 3CX Phone System
CVE-2017-15358
	RESERVED
CVE-2017-15357 (The setpermissions function in the auto-updater in Arq before 5.9.7 ...)
	NOT-FOR-US: Arq
CVE-2017-15356 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15355 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15354 (Huawei DP300, V500R002C00, RP200, V600R006C00, TE30, V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15353 (Huawei DP300, V500R002C00, RP200, V500R002C00, V600R006C00, RSE6500, ...)
	NOT-FOR-US: Huawei
CVE-2017-15352 (Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, ...)
	NOT-FOR-US: Huawei
CVE-2017-15351 (The 'Find Phone' function in Huawei Honor V9 play smart phones with ...)
	NOT-FOR-US: Huawei
CVE-2017-15350 (The Common Open Policy Service Protocol (COPS) module in Huawei DP300 ...)
	NOT-FOR-US: Huawei
CVE-2017-15349 (Huawei CloudEngine 12800 V100R003C00, V100R005C00, V100R005C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15348 (Huawei IPS Module V500R001C00, NGFW Module V500R001C00, NIP6300 ...)
	NOT-FOR-US: Huawei
CVE-2017-15347 (Huawei Mate 9 Pro mobile phones with software of versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-15346 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15345 (Huawei Smartphones with software LON-L29DC721B186 have a denial of ...)
	NOT-FOR-US: Huawei
CVE-2017-15344 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15343 (Huawei AR3200 with software V200R006C10, V200R006C11, V200R007C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15342 (Huawei DP300 V500R002C00, TE60 V600R006C00, TP3106 V100R002C00, eSpace ...)
	NOT-FOR-US: Huawei
CVE-2017-15341 (Huawei AR3200 V200R008C20, V200R008C30, TE40 V600R006C00, TE50 ...)
	NOT-FOR-US: Huawei
CVE-2017-15340 (Huawei smartphones with software of TAG-AL00C92B168 have an ...)
	NOT-FOR-US: Huawei
CVE-2017-15339 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15338 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15337 (The SIP module in Huawei DP300 V500R002C00, IPS Module V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-15336 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module ...)
	NOT-FOR-US: Huawei
CVE-2017-15335 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module ...)
	NOT-FOR-US: Huawei
CVE-2017-15334 (The SIP backup feature in Huawei DP300 V500R002C00, IPS Module ...)
	NOT-FOR-US: Huawei
CVE-2017-15333 (XML parser in Huawei S12700 V200R005C00,S1700 V200R009C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15332 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-15331 (Huawei AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30, ...)
	NOT-FOR-US: Huawei
CVE-2017-15330 (The Flp Driver in some Huawei smartphones of the software ...)
	NOT-FOR-US: Huawei
CVE-2017-15329 (Huawei UMA V200R001C00 has a SQL injection vulnerability in the ...)
	NOT-FOR-US: Huawei
CVE-2017-15328 (Huawei HG8245H version earlier than V300R018C00SPC110 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-15327 (S12700 V200R005C00, V200R006C00, V200R006C01, V200R007C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15326 (DBS3900 TDD LTE V100R003C00, V100R004C10 have a weak encryption ...)
	NOT-FOR-US: Huawei
CVE-2017-15325 (The Bdat driver of Prague smart phones with software versions earlier ...)
	NOT-FOR-US: Bdat driver of Prague smart phones
CVE-2017-15324 (Huawei S5700 and S6700 with software of V200R005C00 have a DoS ...)
	NOT-FOR-US: Huawei
CVE-2017-15323 (Huawei DP300 V500R002C00, NIP6600 V500R001C00, V500R001C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-15322 (Some Huawei smartphones with software of BGO-L03C158B003CUSTC158D001 ...)
	NOT-FOR-US: Huawei
CVE-2017-15321 (Huawei FusionSphere OpenStack V100R006C000SPC102 (NFV) has an ...)
	NOT-FOR-US: Huawei
CVE-2017-15320 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15319 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15318 (RP200 V500R002C00, V600R006C00; TE30 V100R001C10, V500R002C00, ...)
	NOT-FOR-US: Huawei
CVE-2017-15317 (AR120-S V200R006C10, V200R007C00, V200R008C20, V200R008C30; AR1200 ...)
	NOT-FOR-US: Huawei
CVE-2017-15316 (The GPU driver of Mate 9 Huawei smart phones with software before ...)
	NOT-FOR-US: Huawei
CVE-2017-15315 (Patch module of Huawei NIP6300 V500R001C20SPC100, V500R001C20SPC200, ...)
	NOT-FOR-US: Huawei
CVE-2017-15314 (Huawei DP300 V500R002C00, RP200 V500R002C00SPC200, V600R006C00, TE30 ...)
	NOT-FOR-US: Huawei
CVE-2017-15313 (Huawei SmartCare V200R003C10 has a CSV injection vulnerability. An ...)
	NOT-FOR-US: Huawei
CVE-2017-15312 (Huawei SmartCare V200R003C10 has a stored XSS (cross-site scripting) ...)
	NOT-FOR-US: Huawei
CVE-2017-15311 (The baseband modules of Mate 10, Mate 10 Pro, Mate 9, Mate 9 Pro ...)
	NOT-FOR-US: Huawei
CVE-2017-15310 (Huawei iReader app before 8.0.2.301 has an arbitrary file deletion ...)
	NOT-FOR-US: Huawei
CVE-2017-15309 (Huawei iReader app before 8.0.2.301 has a path traversal vulnerability ...)
	NOT-FOR-US: Huawei
CVE-2017-15308 (Huawei iReader app before 8.0.2.301 has an input validation ...)
	NOT-FOR-US: Huawei
CVE-2017-15307 (Huawei Honor 8 smartphone with software versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-15306 (The kvm_vm_ioctl_check_extension function in arch/powerpc/kvm/powerpc.c ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/ac64115a66c18c01745bbd3c47a36b124e5fd8c0 (4.14-rc7)
CVE-2017-15305 (XSS exists in NexusPHP 1.5 via the keyword parameter to messages.php. ...)
	NOT-FOR-US: NexusPHP
CVE-2017-15304 (/bin/login.php in the Web Panel on the Airtame HDMI dongle with ...)
	NOT-FOR-US: Airtame HDMI dongle
CVE-2017-15303 (In CPUID CPU-Z before 1.43, there is an arbitrary memory write that ...)
	NOT-FOR-US: CPUID CPU-Z
CVE-2017-15302 (In CPUID CPU-Z through 1.81, there are improper access rights to a ...)
	NOT-FOR-US: CPUID CPU-Z
CVE-2017-15301
	RESERVED
CVE-2017-15300 (The miner statistics HTTP API in EWBF Cuda Zcash Miner Version 0.3.4b ...)
	NOT-FOR-US: EWBF Cuda Zcash Miner
CVE-2017-15299 (The KEYS subsystem in the Linux kernel through 4.13.7 mishandles use of ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: Fixed by: https://git.kernel.org/linus/60ff5b2f547af3828aebafd54daded44cfb0807a (4.14-rc6)
CVE-2017-15298 (Git through 2.14.2 mishandles layers of tree objects, which allows ...)
	- git <unfixed> (unimportant)
	NOTE: https://kate.io/blog/git-bomb/
	NOTE: https://github.com/Katee/git-bomb
	NOTE: No practical security implications
CVE-2017-15297 (SAP Hostcontrol does not require authentication for the SOAP ...)
	NOT-FOR-US: SAP
CVE-2017-15296 (The Java component in SAP CRM has CSRF. This is SAP Security Note ...)
	NOT-FOR-US: SAP
CVE-2017-15295 (Xpress Server in SAP POS does not require authentication for ...)
	NOT-FOR-US: SAP
CVE-2017-15294 (The Java administration console in SAP CRM has XSS. This is SAP ...)
	NOT-FOR-US: SAP
CVE-2017-15293 (Xpress Server in SAP POS does not require authentication for file read ...)
	NOT-FOR-US: SAP
CVE-2017-15292
	RESERVED
CVE-2017-15291 (Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering ...)
	NOT-FOR-US: TP-LINK TL-MR3220 wireless routers
CVE-2017-15290 (Mirasys Video Management System (VMS) 6.x before 6.4.6, 7.x before ...)
	NOT-FOR-US: Mirasys Video Management System
CVE-2017-15594 (An issue was discovered in Xen through 4.9.x allowing x86 SVM PV guest ...)
	{DSA-4050-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <ignored> (minor issue)
	NOTE: https://xenbits.xen.org/xsa/advisory-244.html
CVE-2017-15592 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
	{DSA-4050-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-243.html
CVE-2017-15593 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
	{DSA-4050-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-242.html
CVE-2017-15588 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
	{DSA-4050-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-241.html
CVE-2017-15595 (An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS ...)
	{DSA-4050-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-240.html
CVE-2017-15589 (An issue was discovered in Xen through 4.9.x allowing x86 HVM guest OS ...)
	{DSA-4050-1 DLA-1181-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-239.html
CVE-2017-15591 (An issue was discovered in Xen 4.5.x through 4.9.x allowing attackers ...)
	{DSA-4050-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	[wheezy] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-238.html
CVE-2017-15590 (An issue was discovered in Xen through 4.9.x allowing x86 guest OS ...)
	{DSA-4050-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[wheezy] - xen <no-dsa> (Patches too intrusive to backport)
	NOTE: https://xenbits.xen.org/xsa/advisory-237.html
CVE-2017-15289 (The mode4and5 write functions in hw/display/cirrus_vga.c in Qemu allow ...)
	- qemu 1:2.11+dfsg-1 (bug #880832)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <postponed> (Can be fixed along in a future update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future update)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02557.html
	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=eb38e1bc3740725ca29a535351de94107ec58d51
CVE-2017-15288 (The compilation daemon in Scala before 2.10.7, 2.11.x before 2.11.12, ...)
	- scala 2.11.12-1 (unimportant)
	NOTE: http://scala-lang.org/news/security-update-nov17.html
	NOTE: For 2.11.x: https://github.com/scala/scala/pull/6108
	NOTE: For 2.12.x: https://github.com/scala/scala/pull/6120
	NOTE: For 2.10.x: https://github.com/scala/scala/pull/6128
	NOTE: Neutralised by kernel hardening
CVE-2017-15287 (There is XSS in the BouquetEditor WebPlugin for Dream Multimedia ...)
	NOT-FOR-US: BouquetEditor WebPlugin
CVE-2017-15286 (SQLite 3.20.1 has a NULL pointer dereference in tableColumnList in ...)
	- sqlite3 3.20.1-2 (low; bug #878680)
	[stretch] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[jessie] - sqlite3 <not-affected> (Vulnerable code introduced later)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Ha0Team/crash-of-sqlite3/blob/master/poc.md
	NOTE: https://www.sqlite.org/src/info/5d0ceb8dcdef92cd
CVE-2017-15285 (X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote ...)
	NOT-FOR-US: X-Cart
CVE-2017-15284 (Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), ...)
	NOT-FOR-US: OctoberCMS
CVE-2017-15283
	RESERVED
CVE-2017-15282
	RESERVED
CVE-2017-15281 (ReadPSDImage in coders/psd.c in ImageMagick 7.0.7-6 allows remote ...)
	{DLA-1139-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878579)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/832
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e9d1c2adae866861a291535997b2263f26becb1e
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/32cbfceeee57962321b2ead627129c9d9ffbfcdb
CVE-2017-15280 (XML external entity (XXE) vulnerability in Umbraco CMS before 7.7.3 ...)
	NOT-FOR-US: Umbraco CMS
CVE-2017-15279 (Cross-site scripting (XSS) vulnerability in Umbraco CMS before 7.7.3 ...)
	NOT-FOR-US: Umbraco CMS
CVE-2017-15278 (Cross-Site Scripting (XSS) was discovered in TeamPass before 2.1.27.9. ...)
	NOT-FOR-US: TeamPass
CVE-2017-15277 (ReadGIFImage in coders/gif.c in ImageMagick 7.0.6-1 and GraphicsMagick ...)
	{DSA-4040-1 DSA-4032-1 DLA-1140-1 DLA-1139-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878578)
	- graphicsmagick 1.3.26-14
	NOTE: IM6: https://github.com/ImageMagick/ImageMagick/commit/10aae21bf9dac47e16d8fcde7eba7f7f9d1e52f8
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/592
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/923c4a525c99
	NOTE: https://github.com/neex/gifoeb
CVE-2017-15276 (OpenText Documentum Content Server (formerly EMC Documentum Content ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-15275 (Samba before 4.7.3 might allow remote attackers to obtain sensitive ...)
	{DSA-4043-1 DLA-1183-1}
	- samba 2:4.7.1+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-15275.html
CVE-2017-15274 (security/keys/keyctl.c in the Linux kernel before 4.11.5 does not ...)
	- linux 4.11.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.48-1
	[wheezy] - linux 3.2.93-1
	NOTE: Fixed by: https://git.kernel.org/linus/5649645d725c73df4302428ee4e02c869248b4c5 (4.12-rc5)
CVE-2017-15273 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...)
	- mahara <removed>
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8081
CVE-2017-15272 (The PSFTPd 10.0.4 Build 729 server stores its configuration inside ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15271 (A use-after-free issue could be triggered remotely in the SFTP ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15270 (The PSFTPd 10.0.4 Build 729 server does not properly escape data ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15269 (The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans ...)
	NOT-FOR-US: PSFTPd
CVE-2017-15268 (Qemu through 2.10.0 allows remote attackers to cause a memory leak by ...)
	- qemu 1:2.11+dfsg-1 (bug #880836)
	[jessie] - qemu <not-affected> (I/O channels driver websockets introduced later)
	[wheezy] - qemu <not-affected> (I/O channels driver websockets introduced later)
	- qemu-kvm <not-affected> (I/O channels driver websockets introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg02278.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1496879
	NOTE: https://bugs.launchpad.net/bugs/1718964
	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=a7b20a8efa28e5f22c26c06cd06c2f12bc863493
CVE-2017-15267 (In GNU Libextractor 1.4, there is a NULL Pointer Dereference in ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (bug #878314)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00003.html
	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499600
	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=6095d7132b57fc7368fc7a40bab2a71b735724d2
CVE-2017-15266 (In GNU Libextractor 1.4, there is a Divide-By-Zero in ...)
	{DLA-1198-1}
	- libextractor 1:1.6-1 (bug #878314)
	[stretch] - libextractor <no-dsa> (Minor issue)
	[jessie] - libextractor <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/bug-libextractor/2017-10/msg00002.html
	NOTE: http://openwall.com/lists/oss-security/2017/10/11/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1499599
	NOTE: Fixed by: https://gnunet.org/git/libextractor.git/commit/?id=b577d5452c5c4ee9d552da62a24b95f461551fe2
CVE-2017-15265 (Race condition in the ALSA subsystem in the Linux kernel before 4.13.8 ...)
	{DLA-1200-1}
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1062520
	NOTE: http://mailman.alsa-project.org/pipermail/alsa-devel/2017-October/126292.html
CVE-2017-15264 (IrfanView version 4.44 (32bit) allows attackers to cause a denial of ...)
	NOT-FOR-US: IrfanView
CVE-2017-15263 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15262 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15261 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15260 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15259 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15258 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15257 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15256 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15255 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15254 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15253 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15252 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15251 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15250 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15249 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15248 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15247 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15246 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15245 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15244 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15243 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15242 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15241 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15240 (IrfanView version 4.44 (32bit) with PDF plugin version 4.43 allows ...)
	NOT-FOR-US: IrfanView
CVE-2017-15239 (IrfanView 4.44 - 32bit with PDF plugin version 4.43 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-15238 (ReadOneJNGImage in coders/png.c in GraphicsMagick 1.3.26 has a ...)
	- graphicsmagick 1.3.26-14
	[wheezy] - graphicsmagick <not-affected> (Vulnerable code do not exist)
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=93bdb9b30076
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=df946910910d
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/469/
CVE-2017-15237
	RESERVED
CVE-2017-15236 (Tiandy IP cameras 5.56.17.120 do not properly restrict a certain ...)
	NOT-FOR-US: Tiandy IP cameras
CVE-2017-15235 (The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 ...)
	- php-horde-gollem 3.0.12-1
	[stretch] - php-horde-gollem <no-dsa> (Minor issue)
	[jessie] - php-horde-gollem <no-dsa> (Minor issue)
	NOTE: https://blogs.securiteam.com/index.php/archives/3454
	NOTE: https://lists.horde.org/archives/announce/2017/001260.html
	NOTE: https://github.com/horde/gollem/commit/416249efa0fb9e98b596783565258806542a2c51
CVE-2017-15234
	RESERVED
CVE-2017-15233
	RESERVED
CVE-2017-15232 (libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and ...)
	- libjpeg-turbo <unfixed> (low; bug #878567)
	[stretch] - libjpeg-turbo <no-dsa> (Minor issue)
	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
	- libjpeg6b <not-affected> (Vulnerable code not present)
	- libjpeg8 <not-affected> (Vulnerable code not present)
	- libjpeg9 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/pull/182
	NOTE: https://github.com/mozilla/mozjpeg/issues/268
	NOTE: IJG libjpeg releases not affected, see https://lists.debian.org/debian-lts/2017/10/msg00061.html
CVE-2017-15231
	RESERVED
CVE-2017-15230
	RESERVED
CVE-2017-15229
	RESERVED
CVE-2017-15228 (Irssi before 1.0.5, when installing themes with unterminated colour ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15227 (Irssi before 1.0.5, while waiting for the channel synchronisation, may ...)
	{DSA-4016-1 DLA-1217-1}
	- irssi 1.0.5-1 (bug #879521)
	NOTE: https://irssi.org/security/irssi_sa_2017_10.txt
	NOTE: https://github.com/irssi/irssi/commit/43e44d553d44e313003cee87e6ea5e24d68b84a1
CVE-2017-15226 (Zyxel NBG6716 V1.00(AAKG.9)C0 devices allow command injection in the ...)
	NOT-FOR-US: Zyxel
CVE-2017-15225 (_bfd_dwarf2_cleanup_debug_info in dwarf2.c in the Binary File ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22212
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b55ec8b676ed05d93ee49d6c79ae0403616c4fb0
CVE-2017-15224
	RESERVED
CVE-2017-15223 (Denial-of-service vulnerability in ArGoSoft Mini Mail Server 1.0.0.2 ...)
	NOT-FOR-US: ArGoSoft Mini Mail Server
CVE-2017-15222 (Buffer Overflow vulnerability in Ayukov NFTPD 2.0 and earlier allows ...)
	NOT-FOR-US: Ayukov NFTPD
CVE-2017-15221 (ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a ...)
	NOT-FOR-US: ASX to MP3 converter
CVE-2017-15220 (Flexense VX Search Enterprise 10.1.12 is vulnerable to a buffer ...)
	NOT-FOR-US: Flexense VX Search Enterprise
CVE-2017-15219 (The dotCMS 4.1.1 application is vulnerable to Stored Cross-Site ...)
	NOT-FOR-US: dotCMS
CVE-2017-15218 (ImageMagick 7.0.7-2 has a memory leak in ReadOneJNGImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/760
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/698c09d05a749664288281012f319cd51da664ee
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6387479aa974709d5c329c8efbde38175f386844
CVE-2017-15217 (ImageMagick 7.0.7-2 has a memory leak in ReadSGIImage in coders/sgi.c. ...)
	[experimental] - imagemagick 8:6.9.9.34+dfsg-1
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/759
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9bad9cd6752bf8dc5825f555fd1117855bd2fc47
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8fa3c10977f668c92688272a4802f4477df61076
CVE-2016-10514 (url_check_format in include/functions.inc.php in Piwigo before 2.8.3 ...)
	- piwigo <removed>
CVE-2016-10513 (Cross Site Scripting (XSS) exists in Piwigo before 2.8.3 via a crafted ...)
	- piwigo <removed>
CVE-2017-15216 (MISP before 2.4.81 has a potential reflected XSS in a quickDelete ...)
	NOT-FOR-US: MISP
CVE-2017-15215 (Reflected XSS vulnerability in Shaarli v0.9.1 allows an unauthenticated ...)
	- shaarli <itp> (bug #864559)
CVE-2017-15214 (Stored XSS vulnerability in Flyspray 1.0-rc4 before 1.0-rc6 allows an ...)
	NOT-FOR-US: Flyspray
CVE-2017-15213 (Stored XSS vulnerability in Flyspray before 1.0-rc6 allows an ...)
	NOT-FOR-US: Flyspray
CVE-2017-15212 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15211 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15210 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15209 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15208 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15207 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15206 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15205 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15204 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15203 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15202 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15201 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15200 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15199 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15198 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15197 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15196 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15195 (In Kanboard before 1.0.47, by altering form data, an authenticated user ...)
	- kanboard <itp> (bug #790814)
CVE-2017-15193 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the MBIM dissector ...)
	- wireshark 2.4.2-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14056
	NOTE: https://code.wireshark.org/review/23537
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=afb9ff7982971aba6e42472de0db4c1bedfc641b
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-43.html
CVE-2017-15192 (In Wireshark 2.4.0 to 2.4.1 and 2.2.0 to 2.2.9, the BT ATT dissector ...)
	- wireshark 2.4.2-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14049
	NOTE: https://code.wireshark.org/review/23470
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3689dc1db36037436b1616715f9a3f888fc9a0f6
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-42.html
CVE-2017-15191 (In Wireshark 2.4.0 to 2.4.1, 2.2.0 to 2.2.9, and 2.0.0 to 2.0.15, the ...)
	- wireshark 2.4.2-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14068
	NOTE: https://code.wireshark.org/review/23591
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8dbb21dfde14221dab09b6b9c7719b9067c1f06e
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-44.html
CVE-2017-15190 (In Wireshark 2.4.0 to 2.4.1, the RTSP dissector could crash. This was ...)
	- wireshark 2.4.2-1 (low)
	[stretch] - wireshark <not-affected> (Only affects 2.4)
	[jessie] - wireshark <not-affected> (Only affects 2.4)
	[wheezy] - wireshark <not-affected> (Only affects 2.4)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14077
	NOTE: https://code.wireshark.org/review/23635
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e27870eaa6efa1c2dac08aa41a67fe9f0839e6e0
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-45.html
CVE-2017-15189 (In Wireshark 2.4.0 to 2.4.1, the DOCSIS dissector could go into an ...)
	- wireshark 2.4.2-1 (low)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14080
	NOTE: https://code.wireshark.org/review/23663
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=625bab309d9dd21db2d8ae2aa3511810d32842a8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-46.html
CVE-2017-15188 (A persistent (stored) XSS vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-15187
	RESERVED
CVE-2017-15194 (include/global_session.php in Cacti 1.1.25 has XSS related to (1) the ...)
	- cacti 1.1.25+ds1-1 (bug #878304)
	[stretch] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
	[jessie] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced in 1.0.0)
	NOTE: https://github.com/Cacti/cacti/issues/1010
	NOTE: https://github.com/Cacti/cacti/commit/93f661d8adcfa6618b11522cdab30e97bada33fd
	NOTE: https://github.com/Cacti/cacti/commit/4f87256e63859117f81d2a2bd40c9c730e39b65d
CVE-2017-15186 (Double free vulnerability in FFmpeg 3.3.4 and earlier allows remote ...)
	{DSA-4049-1}
	- ffmpeg 7:3.4-1
	- libav <undetermined>
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/20/4
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/df62b70de8aaa285168e72fe8f6e740843ca91fa
CVE-2017-15185 (plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis ...)
	- mp3splt 2.6.2+20170630-2
	[jessie] - mp3splt <not-affected> (Vulnerable code not present)
	[wheezy] - mp3splt <not-affected> (Vulnerable code does not exist)
	- libmp3splt <removed>
	[stretch] - libmp3splt <no-dsa> (Minor issue)
	[jessie] - libmp3splt <no-dsa> (Minor issue)
	[wheezy] - libmp3splt <no-dsa> (Minor issue)
	NOTE: https://anonscm.debian.org/cgit/users/ron/mp3splt.git/commit/?id=18f018cd774cb931116ce06a520dc0c5f9443932
CVE-2017-15184
	RESERVED
CVE-2017-15183
	RESERVED
CVE-2017-15182
	RESERVED
CVE-2017-15181
	RESERVED
CVE-2017-15180
	RESERVED
CVE-2017-15179
	RESERVED
CVE-2017-15178
	RESERVED
CVE-2017-15177
	RESERVED
CVE-2017-15176
	RESERVED
CVE-2017-15175
	RESERVED
CVE-2017-15174
	RESERVED
CVE-2017-15173
	RESERVED
CVE-2017-15172
	RESERVED
CVE-2017-15171
	RESERVED
CVE-2017-15170
	RESERVED
CVE-2017-15169
	RESERVED
CVE-2017-15168
	RESERVED
CVE-2017-15167
	RESERVED
CVE-2017-15166
	RESERVED
CVE-2017-15165
	RESERVED
CVE-2017-15164
	RESERVED
CVE-2017-15163
	RESERVED
CVE-2017-15162
	RESERVED
CVE-2017-15161
	RESERVED
CVE-2017-15160
	RESERVED
CVE-2017-15159
	RESERVED
CVE-2017-15158
	RESERVED
CVE-2017-15157
	RESERVED
CVE-2017-15156
	RESERVED
CVE-2017-15155
	RESERVED
CVE-2017-15154
	RESERVED
CVE-2017-15153
	RESERVED
CVE-2017-15152
	RESERVED
CVE-2017-15151
	RESERVED
CVE-2017-15150
	RESERVED
CVE-2017-15149
	RESERVED
CVE-2017-15148
	RESERVED
CVE-2017-15147
	RESERVED
CVE-2017-15146
	RESERVED
CVE-2017-15145
	RESERVED
CVE-2017-15144
	RESERVED
CVE-2017-15143
	RESERVED
CVE-2017-15142
	RESERVED
CVE-2017-15141
	RESERVED
CVE-2017-15140
	RESERVED
CVE-2017-15139
	RESERVED
CVE-2017-15138
	RESERVED
	NOT-FOR-US: atomic-openshift
CVE-2017-15137
	RESERVED
	NOT-FOR-US: atomic-openshift
CVE-2017-15136 (When registering and activating a new system with Red Hat Satellite 6 ...)
	NOT-FOR-US: Red Hat Satellite 6
CVE-2017-15135 (It was found that 389-ds-base since 1.3.6.1 up to and including ...)
	- 389-ds-base 1.3.7.9-1 (bug #888451)
CVE-2017-15134 (A stack buffer overflow flaw was found in the way 389-ds-base 1.3.6.x ...)
	- 389-ds-base 1.3.7.9-1 (bug #888452)
CVE-2017-15133 (A denial of service flaw was found in miekg-dns before 1.0.4. A remote ...)
	- golang-github-miekg-dns 0.0~git20170501.0.f282f80-3 (bug #888777)
	[stretch] - golang-github-miekg-dns <no-dsa> (Minor issue)
	NOTE: https://github.com/miekg/dns/issues/627
	NOTE: https://github.com/miekg/dns/pull/631
CVE-2017-15132 (A flaw was found in dovecot 2.0 up to 2.2.33 and 2.3.0. An abort of ...)
	{DSA-4130-1 DLA-1333-1}
	- dovecot 1:2.2.34-1 (bug #888432)
	NOTE: Fixed by: https://github.com/dovecot/core/commit/1a29ed2f96da1be22fa5a4d96c7583aa81b8b060.patch
	NOTE: Regression fix needed on top: https://github.com/dovecot/core/commit/a9b135760aea6d1790d447d351c56b78889dac22
CVE-2017-15131 (It was found that system umask policy is not being honored when ...)
	- xdg-user-dirs <unfixed> (unimportant)
	NOTE: The CVE relates that created directories by xdg-user-dirs might not
	NOTE: respect a system policy for user created files by setting a umask
	NOTE: system-wide in e.g. /etc/profile due to xdg-user-dirs beeing invoked
	NOTE: from Xsession scripts. This can be mitigated by e.g. using pam_umask
	NOTE: on session start and having it when xdg-user-dirs is executed.
	NOTE: In Debian xdg-user-dirs starting from 0.15-3 replaces the use of
	NOTE: /etc/X11/Xsession.d/*xdg-user-dirs-update with an autostart .desktop
	NOTE: file for user-dirs-update primarly to work as well with Wayland
	NOTE: sessions.
	NOTE: Enforcements can be achieved e.g. by using pam_umask.
	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303
CVE-2017-15130 (A denial of service flaw was found in dovecot before 2.2.34. An ...)
	{DSA-4130-1 DLA-1333-1}
	- dovecot 1:2.2.34-1 (bug #891820)
	NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
	NOTE: https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
	NOTE: https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21
	NOTE: https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1
	NOTE: https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f
	NOTE: https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb
	NOTE: https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1
CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces code ...)
	- linux 4.14.12-1
	[stretch] - linux 4.9.80-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/21b5944350052d2583e82dd59b19a9ba94a007f0
CVE-2017-15128 (A flaw was found in the hugetlb_mcopy_atomic_pte function in ...)
	- linux 4.13.13-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://post-office.corp.redhat.com/archives/rhkernel-list/2017-October/msg09574.html
CVE-2017-15127 (A flaw was found in the hugetlb_mcopy_atomic_pte function in ...)
	- linux 3.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/5af10dfd0afc559bb4b0f7e3e8227a1578333995
CVE-2017-15126 (A use-after-free flaw was found in fs/userfaultfd.c in the Linux kernel ...)
	- linux 4.13.10-1
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/384632e67e0829deb8015ee6ad916b180049d252
CVE-2017-15125
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-15124 (VNC server implementation in Quick Emulator (QEMU) 2.11.0 and older ...)
	- qemu 1:2.12~rc3+dfsg-1 (bug #884806)
	[jessie] - qemu <postponed> (Can be fixed along in later update)
	[wheezy] - qemu <postponed> (Can be fixed along in later update)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
	NOTE: http://www.openwall.com/lists/oss-security/2017/12/19/4
CVE-2017-15123
	RESERVED
CVE-2017-15122
	RESERVED
CVE-2017-15121 (A non-privileged user is able to mount a fuse filesystem on RHEL 6 or ...)
	- linux 3.11.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1520893
	NOTE: Fixed by: https://git.kernel.org/linus/5a7203947a1d9b6f3a00a39fda08c2466489555f (v3.11-rc1)
CVE-2017-15120 [Crafted CNAME answer can cause a denial of service]
	RESERVED
	{DSA-4063-1}
	- pdns-recursor 4.1.0-1
	[jessie] - pdns-recursor <not-affected> (Vulnerable code introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced in 4.0.0)
	NOTE: Patch: https://downloads.powerdns.com/patches/2017-08
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-08.html
CVE-2017-15119 [DoS via large option request]
	RESERVED
	- qemu 1:2.11+dfsg-1 (bug #883399)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05044.html
CVE-2017-15118 [stack buffer overflow in NBD server triggered via long export name]
	RESERVED
	- qemu 1:2.11+dfsg-1 (bug #883406)
	[stretch] - qemu <not-affected> (Vulnerable code introduced in 2.10)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.10)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.10)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.10)
	NOTE: Introduced by: https://git.qemu.org/?p=qemu.git;a=commit;h=f37708f6b8
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-11/msg05045.html
CVE-2017-15117
	REJECTED
CVE-2017-15116 (The rngapi_reset function in crypto/rng.c in the Linux kernel before ...)
	- linux 4.2.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-15115 (The sctp_do_peeloff function in net/sctp/socket.c in the Linux kernel ...)
	{DLA-1200-1}
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://git.kernel.org/linus/df80cd9b28b9ebaa284a41df611dbf3a2d05ca74 (v4.14-rc6)
CVE-2017-15114 (When libvirtd is configured by OSP director (tripleo-heat-templates) ...)
	- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510015
	NOTE: Bug: https://bugs.launchpad.net/tripleo/+bug/1730370
	NOTE: TLS libvirt live migration disabled in: https://review.openstack.org/#/c/519015/
	NOTE: TLS libvirt live migration introduced in: https://git.openstack.org/cgit/openstack/tripleo-heat-templates/commit/?id=fa740c5e49994ffdd3a5aa1f43a0305c8e5a0b3a
	NOTE: Re-enabled libvirt TLS with SASL auth:
	NOTE: https://bugs.launchpad.net/tripleo/+bug/1732479
CVE-2017-15113
	RESERVED
	NOT-FOR-US: ovirt-engine
CVE-2017-15112 (keycloak-httpd-client-install versions before 0.8 allow users to ...)
	NOT-FOR-US: Keycloak
CVE-2017-15111 (keycloak-httpd-client-install versions before 0.8 insecurely creates ...)
	NOT-FOR-US: Keycloak
CVE-2017-15110 (In Moodle 3.x, students can find out email addresses of other students ...)
	- moodle <removed>
CVE-2017-15109
	RESERVED
CVE-2017-15108 (spice-vdagent up to and including 0.17.0 does not properly escape save ...)
	- spice-vdagent <unfixed> (bug #883238)
	[stretch] - spice-vdagent <no-dsa> (Minor issue)
	[jessie] - spice-vdagent <no-dsa> (Minor issue)
	[wheezy] - spice-vdagent <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/linux/vd_agent/commit/?id=8ba174816d245757e743e636df357910e1d5eb61
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1510864
CVE-2017-15107 (A vulnerability was found in the implementation of DNSSEC in Dnsmasq ...)
	- dnsmasq 2.79-1 (bug #888200)
	[stretch] - dnsmasq <no-dsa> (Minor issue)
	[jessie] - dnsmasq <no-dsa> (Minor issue)
	[wheezy] - dnsmasq <no-dsa> (Minor issue)
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
CVE-2017-15106
	RESERVED
CVE-2017-15105 (A flaw was found in the way unbound before 1.6.8 validated ...)
	{DLA-1264-1}
	- unbound <unfixed> (bug #887733)
	[stretch] - unbound <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - unbound <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://unbound.net/downloads/CVE-2017-15105.txt
	NOTE: https://unbound.net/downloads/patch_cve_2017_15105.diff
CVE-2017-15104 (An access flaw was found in Heketi 5, where the heketi.json ...)
	NOT-FOR-US: Heketi
CVE-2017-15103 (A security-check flaw was found in the way the Heketi 5 server API ...)
	NOT-FOR-US: Heketi
CVE-2017-15102 (The tower_probe function in drivers/usb/misc/legousbtower.c in the ...)
	- linux 4.7.8-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux 3.2.86-1
	NOTE: Fixed by: https://git.kernel.org/linus/2fae9e5a7babada041e2e161699ade2447a01989 (4.9-rc1)
CVE-2017-15101 [Incomplete fix for CVE-2014-8184]
	RESERVED
	- liblouis <not-affected> (Incomplete fix not applied in Debian)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c12
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1511023
CVE-2017-15100 (An attacker submitting facts to the Foreman server containing HTML can ...)
	- foreman <itp> (bug #663101)
CVE-2017-15099 (INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before ...)
	{DSA-4028-1}
	- postgresql-10 10.1-1
	- postgresql-9.6 <removed>
	- postgresql-9.4 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5)
	- postgresql-9.1 <not-affected> (ON CONFLICT DO UPDATE and RLS introduced in 9.5)
CVE-2017-15098 (Invalid json_populate_recordset or jsonb_populate_recordset function ...)
	{DSA-4028-1 DSA-4027-1}
	- postgresql-10 10.1-1
	- postgresql-9.6 <removed>
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code does not exist)
CVE-2017-15097
	RESERVED
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1508985
	NOTE: Similar issues as CVE-2016-1255 in Debian
	NOT-FOR-US: Red Hat specific provides scripts for starting the database server during system boot and for initializing the database
CVE-2017-15096 (A flaw was found in GlusterFS in versions prior to 3.10. A null ...)
	- glusterfs 3.12.2-2 (bug #880017)
	[stretch] - glusterfs <not-affected> (Vulnerable code introduced later)
	[jessie] - glusterfs <not-affected> (Vulnerable code introduced later)
	[wheezy] - glusterfs <not-affected> (Vulnerable code introduced later)
	NOTE: https://review.gluster.org/18538 (master)
	NOTE: https://review.gluster.org/18539 (release-3.10)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1502928
	NOTE: Fixed by: http://git.gluster.org/cgit/glusterfs.git/commit/?id=1f48d17fee0cac95648ec34d13f038b27ef5c6ac
CVE-2017-15095 (A deserialization flaw was discovered in the jackson-databind in ...)
	{DSA-4037-1}
	- jackson-databind 2.9.1-1
	NOTE: The Debian upload for stretch (2.8.6-1+deb9u1) and jessie (2.4.2-2+deb8u1)
	NOTE: misses the further sets of blacklists, in particular as well
	NOTE: https://github.com/FasterXML/jackson-databind/commit/3bfbb835
	NOTE: which was already for CVE-2017-7525 but then the further tickets and patches
	NOTE: to block more dangerous types (at leas they are):
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1680
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1723
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1737
	NOTE: https://github.com/FasterXML/jackson-databind/commit/e8f043d1
	NOTE: https://github.com/FasterXML/jackson-databind/commit/ddfddfba
	NOTE: This CVE-2017-15095 should be considered to include everything in
	NOTE: NO_DESER_CLASS_NAMES as of:
	NOTE: https://github.com/FasterXML/jackson-databind/blob/7093008aa2afe8068e120df850189ae072dfa1b2/src/main/java/com/fasterxml/jackson/databind/deser/BeanDeserializerFactory.java#L43
	NOTE: Details: http://www.openwall.com/lists/oss-security/2017/11/02/3
CVE-2017-15094 (An issue has been found in the DNSSEC parsing code of PowerDNS ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-07.html
	NOTE: https://downloads.powerdns.com/patches/2017-07/
CVE-2017-15093 (When api-config-dir is set to a non-empty value, which is not the case ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor 3.6.2-2+deb8u4
	[wheezy] - pdns-recursor <not-affected> (Vulnerable code introduced later)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-06.html
	NOTE: https://downloads.powerdns.com/patches/2017-06/
CVE-2017-15092 (A cross-site scripting issue has been found in the web interface of ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-05.html
	NOTE: https://downloads.powerdns.com/patches/2017-05/
CVE-2017-15091 (An issue has been found in the API component of PowerDNS Authoritative ...)
	- pdns 4.0.5-1
	[stretch] - pdns 4.0.3-1+deb9u2
	[jessie] - pdns 3.4.1-4+deb8u8
	[wheezy] - pdns <not-affected> (Vulnerable code not present)
	NOTE: https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2017-04.html
	NOTE: https://downloads.powerdns.com/patches/2017-04/
CVE-2017-15090 (An issue has been found in the DNSSEC validation component of PowerDNS ...)
	- pdns-recursor 4.0.7-1
	[stretch] - pdns-recursor 4.0.4-1+deb9u2
	[jessie] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	[wheezy] - pdns-recursor <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2017-03.html
	NOTE: https://downloads.powerdns.com/patches/2017-03/
CVE-2017-15089 (It was found that the Hotrod client in Infinispan before 9.2.0.CR1 ...)
	NOT-FOR-US: infinispan
CVE-2017-15088 (plugins/preauth/pkinit/pkinit_crypto_openssl.c in MIT Kerberos 5 (aka ...)
	- krb5 1.15.2-2 (unimportant; bug #871698)
	NOTE: https://github.com/krb5/krb5/pull/707
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/fbb687db1088ddd894d975996e5f6a4252b9a2b4
	NOTE: Red Hat eanbled the code in question in the KDC and thus having it
	NOTE: exposed as network-facing issue. For Debian and upstream the code only
	NOTE: runs on client systems, and only with a certificate that is explicitly
	NOTE: configured locally, leading to a local kinit crash if passed a crafted
	NOTE: local certificate. This is hardly has any harmful security implication.
CVE-2017-15087 (It was discovered that the fix for CVE-2017-12163 was not properly ...)
	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12163)
CVE-2017-15086 (It was discovered that the fix for CVE-2017-12151 was not properly ...)
	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12151)
CVE-2017-15085 (It was discovered that the fix for CVE-2017-12150 was not properly ...)
	- samba <not-affected> (Incomplete Red Hat backport for CVE-2017-12150)
CVE-2017-15084 (The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout ...)
	NOT-FOR-US: Metasploit Framework
CVE-2017-15083
	REJECTED
CVE-2017-15082
	RESERVED
CVE-2017-15081 (In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist ...)
	NOT-FOR-US: PHPSUGAR PHP Melody CMS
CVE-2017-15080
	RESERVED
CVE-2017-15079 (The Smush Image Compression and Optimization plugin before 2.7.6 for ...)
	NOT-FOR-US: Smush Image Compression and Optimization plugin for WordPress
CVE-2017-15078
	REJECTED
CVE-2017-15077
	REJECTED
CVE-2017-15076
	REJECTED
CVE-2017-15075
	REJECTED
CVE-2017-15074
	REJECTED
CVE-2017-15073
	REJECTED
CVE-2017-15072
	REJECTED
CVE-2017-15071
	REJECTED
CVE-2017-15070
	REJECTED
CVE-2017-15069
	REJECTED
CVE-2017-15068
	REJECTED
CVE-2017-15067
	REJECTED
CVE-2017-15066
	REJECTED
CVE-2017-15065
	REJECTED
CVE-2017-15064
	REJECTED
CVE-2017-1002153 (Koji 1.13.0 does not properly validate SCM paths, allowing an attacker ...)
	- koji <unfixed> (bug #877921)
	[stretch] - koji <no-dsa> (Minor issue)
	NOTE: https://pagure.io/koji/issue/563
	NOTE: https://pagure.io/koji/c/ba7b5a3cbed11ade11c3af5e834c9a6de4f6d7c3
CVE-2017-1000257 (An IMAP FETCH response line indicates the size of the returned data, ...)
	{DSA-4007-1 DLA-1143-1}
	- curl 7.56.1-1
	NOTE: https://curl.haxx.se/docs/adv_20171023.html
CVE-2017-1000256 (libvirt version 2.3.0 and later is vulnerable to a bad default ...)
	{DSA-4003-1}
	- libvirt 3.8.0-3 (bug #878799)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.redhat.com/archives/libvirt-announce/2017-October/msg00001.html
	NOTE: https://security.libvirt.org/2017/0002.html
	NOTE: Broken by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=ce61c16450d4992612d1fc6f39a39e79bfccead5 (master)
	NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=441d3eb6d1be940a67ce45a286602a967601b157 (master)
CVE-2017-1000255 (On Linux running on PowerPC hardware (Power8 or later) a user process ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/265e60a170d0a0ecfc2d20490134ed2c48dd45ab
CVE-2017-15063 (There are CSRF vulnerabilities in Subrion CMS 4.1.x through 4.1.5, and ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-15062
	RESERVED
CVE-2017-15061
	RESERVED
CVE-2017-15060
	RESERVED
CVE-2017-15059
	RESERVED
CVE-2017-15058
	RESERVED
CVE-2017-15057
	RESERVED
CVE-2017-15056 (p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote ...)
	- upx-ucl 3.94-4 (unimportant)
	NOTE: https://github.com/upx/upx/issues/128
	NOTE: https://github.com/upx/upx/commit/ef336dbcc6dc8344482f8cf6c909ae96c3286317
	NOTE: crash in CLI tool, no security impact
CVE-2017-15055 (TeamPass before 2.1.27.9 does not properly enforce item access control ...)
	- teampass <itp> (bug #730180)
CVE-2017-15054 (An arbitrary file upload vulnerability, present in TeamPass before ...)
	- teampass <itp> (bug #730180)
CVE-2017-15053 (TeamPass before 2.1.27.9 does not properly enforce manager access ...)
	- teampass <itp> (bug #730180)
CVE-2017-15052 (TeamPass before 2.1.27.9 does not properly enforce manager access ...)
	- teampass <itp> (bug #730180)
CVE-2017-15051 (Multiple stored cross-site scripting (XSS) vulnerabilities in TeamPass ...)
	- teampass <itp> (bug #730180)
CVE-2017-15050
	RESERVED
CVE-2017-15049 (The ZoomLauncher binary in the Zoom client for Linux before ...)
	NOT-FOR-US: Zoom
CVE-2017-15048 (Stack-based buffer overflow in the ZoomLauncher binary in the Zoom ...)
	NOT-FOR-US: Zoom
CVE-2017-15047 (The clusterLoadConfig function in cluster.c in Redis 4.0.2 allows ...)
	- redis 4:4.0.2-5 (bug #878076; unimportant)
	[jessie] - redis <not-affected> (Vulnerable code introduced later)
	[wheezy] - redis <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/antirez/redis/issues/4278
	NOTE: Pull request: https://github.com/antirez/redis/pull/4365
CVE-2017-15046 (LAME 3.99.5 has a stack-based buffer overflow in unpack_read_samples ...)
	- lame 3.99.5+repack1-8
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/479/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15045 (LAME 3.99.5 has a heap-based buffer over-read in fill_buffer in ...)
	- lame 3.99.5+repack1-8
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/478/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15044 (The default installation of DocuWare Fulltext Search server through ...)
	NOT-FOR-US: DocuWare Fulltext Search server
CVE-2017-15043 (A vulnerability in Sierra Wireless AirLink GX400, GX440, ES440, and ...)
	NOT-FOR-US: Sierra Wireless AirLink routers
CVE-2017-15042 (An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x ...)
	- golang-1.9 1.9.1-1
	- golang-1.8 1.8.4-1
	[stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang-1.7 <unfixed>
	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue, would require builds of all go packages in stable)
	[wheezy] - golang <not-affected> (Vulnerable code introduced later in version 1.1)
	NOTE: https://github.com/golang/go/issues/22134
	NOTE: https://golang.org/cl/68023
	NOTE: https://golang.org/cl/68210
	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15041 (Go before 1.8.4 and 1.9.x before 1.9.1 allows &quot;go get&quot; remote command ...)
	{DLA-1148-1}
	- golang-1.9 1.9.1-1
	- golang-1.8 1.8.4-1
	[stretch] - golang-1.8 <ignored> (Minor issue)
	- golang-1.7 <unfixed>
	[stretch] - golang-1.7 <ignored> (Minor issue)
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://go.googlesource.com/go/+/a4544a0f8af001d1fb6df0e70750f570ec49ccf9%5E%21/
	NOTE: https://github.com/golang/go/issues/22125
	NOTE: https://golang.org/cl/68022
	NOTE: https://golang.org/cl/68190
	NOTE: https://groups.google.com/d/msg/golang-dev/RinSE3EiJBI/kYL7zb07AgAJ
CVE-2017-15040
	RESERVED
CVE-2017-15039 (Cross-site scripting (XSS) exists in Zurmo 3.2.1.57987acc3018 via a ...)
	NOT-FOR-US: Zurmo
CVE-2017-15038 (Race condition in the v9fs_xattrwalk function in hw/9pfs/9p.c in QEMU ...)
	{DLA-1129-1 DLA-1128-1}
	- qemu 1:2.10.0+dfsg-2 (bug #877890)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-10/msg00729.html
CVE-2017-15037 (In FreeBSD through 11.1, the smb_strdupin function in ...)
	- kfreebsd-10 <unfixed> (unimportant; bug #877903)
	NOTE: kfreebsd not covered by security support
CVE-2017-15036
	RESERVED
CVE-2017-15035 (EmTec PyroBatchFTP before 3.18 allows remote servers to cause a denial ...)
	NOT-FOR-US: EmTec PyroBatchFTP
CVE-2017-15034
	RESERVED
CVE-2017-15033 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYUVImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/756
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ef8f40689ac452398026c07da41656a7c87e4683
CVE-2017-15032 (ImageMagick version 7.0.7-2 contains a memory leak in ReadYCBCRImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/752
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/241988ca28139ad970c1d9717c419f41e360ddb0
CVE-2017-15031
	RESERVED
CVE-2017-15030
	RESERVED
CVE-2017-15029
	RESERVED
CVE-2017-15028
	RESERVED
CVE-2017-15027
	RESERVED
CVE-2017-15026
	RESERVED
CVE-2017-15025 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22186
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d8010d3e75ec7194a4703774090b27486b742d48
CVE-2017-15024 (find_abstract_instance_name in dwarf2.c in the Binary File Descriptor ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22187
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52a93b95ec0771c97e26f0bb28630a271a667bd2
CVE-2017-15023 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22200
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c361faae8d964db951b7100cada4dcdc983df1bf
	NOTE: When this issue is fixed it is to make sure to not open CVE-2017-15939, i.e.
	NOTE: not to apply the incomplete fix. See notes on CVE-2017-15939
CVE-2017-15022 (dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22201
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=11855d8a1f11b102a702ab76e95b22082cccf2f8
CVE-2017-15021 (bfd_get_debug_link_info_1 in opncls.c in the Binary File Descriptor ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22197
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d
CVE-2017-15020 (dwarf1.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22202
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5
CVE-2017-15019 (LAME 3.99.5 has a NULL Pointer Dereference in the hip_decode_init ...)
	- lame <unfixed>
	[stretch] - lame <ignored> (Minor issue)
	[jessie] - lame <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/477/
CVE-2017-15018 (LAME 3.99.5 has a heap-based buffer over-read when handling a malformed ...)
	- lame 3.99.5+repack1-8
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/480/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-15017 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878554)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/723
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a1006a249516a875558c3d642e719b1eac8f820
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0cff8bac0a47f8693cfe57f026fcd752689ff375
CVE-2017-15016 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/725
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8254d24b86a62803231773ecf54c707aef4a1457
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/27f8ba82ddd665ab41cef6588128f680cbd69905
	NOTE: emf.c not compiled under Debian
CVE-2017-15015 (ImageMagick 7.0.7-0 Q16 has a NULL pointer dereference vulnerability in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878555)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/724
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0cbb3b3b02e7af493a9aafa8f7e7d23fc70644e4
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a0cef9db632ef8e1b9de4c463700c6a24d4f96ca
CVE-2017-15014 (OpenText Documentum Content Server (formerly EMC Documentum Content ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-15013 (OpenText Documentum Content Server (formerly EMC Documentum Content ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-15012 (OpenText Documentum Content Server (formerly EMC Documentum Content ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-1000120 ([ERPNext][Frappe Version &lt;= 7.1.27] SQL injection vulnerability in ...)
	NOT-FOR-US: ERPNext Frappe framework
CVE-2017-1000119 (October CMS build 412 is vulnerable to PHP code execution in the file ...)
	NOT-FOR-US: October CMS
CVE-2017-1000118 (Akka HTTP versions &lt;= 10.0.5 Illegal Media Range in Accept Header ...)
	NOT-FOR-US: Akka HTTP
CVE-2017-1000114 (The Datadog Plugin stores an API key to access the Datadog service in ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000113 (The Deploy to container Plugin stored passwords unencrypted as part of ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000110 (Blue Ocean allows the creation of GitHub organization folders that are ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000109 (The custom Details view of the Static Analysis Utilities based OWASP ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000106 (Blue Ocean allows the creation of GitHub organization folders that are ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000105 (The optional Run/Artifacts permission can be enabled by setting a Java ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000104 (The Config File Provider Plugin is used to centrally manage ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000103 (The custom Details view of the Static Analysis Utilities based DRY ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000102 (The Details view of some Static Analysis Utilities based plugins, was ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000098 (The net/http package's Request.ParseMultipartForm method starts ...)
	{DLA-1123-1}
	- golang-1.9 <not-affected> (Fixed before initial release to Debian)
	- golang-1.8 <not-affected> (Fixed before initial release to Debian)
	- golang-1.7 1.7.4-1
	- golang <removed>
	[jessie] - golang <ignored> (Minor issue)
	NOTE: https://groups.google.com/forum/#!msg/golang-dev/4NdLzS8sls8/uIz8QlnIBQAJ
	NOTE: https://golang.org/cl/30410
	NOTE: https://golang.org/issue/17965
CVE-2017-1000097 (On Darwin, user's trust preferences for root certificates were not ...)
	- golang <not-affected> (OS X specific issue)
	- golang-1.7 <not-affected> (OS X specific issue)
	- golang-1.8 <not-affected> (OS X specific issue)
	- golang-1.9 <not-affected> (OS X specific issue)
	NOTE: https://github.com/golang/go/issues/18141
CVE-2017-15011 (The named pipes in qtsingleapp in Qt 5.x, as used in qBittorrent and ...)
	- qbittorrent <not-affected> (Only affects Windows)
CVE-2017-15010 (A ReDoS (regular expression denial of service) flaw was found in the ...)
	- node-tough-cookie <unfixed> (bug #877660)
	NOTE: https://github.com/salesforce/tough-cookie/issues/92
	NOTE: https://nodesecurity.io/advisories/525
CVE-2017-15009 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to reflected ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15008 (PRTG Network Monitor version 17.3.33.2830 is vulnerable to stored ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2017-15007
	RESERVED
CVE-2017-15006
	RESERVED
CVE-2017-15005
	RESERVED
CVE-2017-15004
	RESERVED
CVE-2017-15003
	RESERVED
CVE-2017-15002
	RESERVED
CVE-2017-15001
	RESERVED
CVE-2017-15000
	RESERVED
CVE-2017-14999
	RESERVED
CVE-2017-14998
	RESERVED
CVE-2017-14997 (GraphicsMagick 1.3.26 allows remote attackers to cause a denial of ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-13
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/0683f8724200495059606c03f04e0d589b33ebe8/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/511/
CVE-2017-14996
	RESERVED
CVE-2017-14995 (The Management Console in WSO2 Application Server 5.3.0, WSO2 Business ...)
	NOT-FOR-US: WSO2 Application Server
CVE-2017-14994 (ReadDCMImage in coders/dcm.c in GraphicsMagick 1.3.26 allows remote ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-13
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=b3eca3eaa264
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/512/
CVE-2017-14993 (OXID eShop Community Edition before 6.0.0 RC3 (development), 4.10.x ...)
	NOT-FOR-US: OXID eShop Community Edition
CVE-2017-14992 (Lack of content verification in Docker-CE (Also known as Moby) ...)
	- docker.io <undetermined>
CVE-2017-14991 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel before ...)
	- linux 4.13.4-1
	[stretch] - linux <not-affected> (Vulnerable code introduced later)
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/3e0097499839e0fe3af380410eababe5a47c4cf9
CVE-2017-14758 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
	NOT-FOR-US: EMC
CVE-2017-14990 (WordPress 4.8.2 stores cleartext wp_signups.activation_key values (but ...)
	{DSA-3997-1}
	- wordpress 4.8.2+dfsg-2 (bug #877629)
	[wheezy] - wordpress <ignored> (Fix requires database upgrade which is too intrusive compared to the actual benefit.)
	NOTE: https://core.trac.wordpress.org/ticket/38474
CVE-2017-14989 (A use-after-free in RenderFreetype in MagickCore/annotate.c in ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878562)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/781
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/97740ccc177ee264e79091fa573d994eb6b05628
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/28bad01242898d7f863deedbfa8502c348293093
CVE-2017-14988 (Header::readfrom in IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote ...)
	- openexr <unfixed> (bug #878551)
	[wheezy] - openexr <postponed> (Should be fixed along in future update)
	NOTE: https://github.com/openexr/openexr/issues/248
CVE-2017-14987
	RESERVED
CVE-2017-14986
	RESERVED
CVE-2017-14985 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14984 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14983 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14982
	RESERVED
CVE-2017-14981 (Cross-Site Scripting (XSS) was discovered in ATutor before 2.2.3. The ...)
	NOT-FOR-US: ATutor
CVE-2017-14980 (Buffer overflow in Sync Breeze Enterprise 10.0.28 allows remote ...)
	NOT-FOR-US: Sync Breeze Enterprise
CVE-2017-14979 (Gxlcms uses an unsafe character-replacement approach in an attempt to ...)
	NOT-FOR-US: Gxlcms
CVE-2017-14978
	RESERVED
CVE-2017-14977 (The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (low; bug #877952)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=103045
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=19eedc6fb693a62f305e13079501e3105f869f3c
CVE-2017-14976 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (low; bug #877954)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102724
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf
CVE-2017-14975 (The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler ...)
	{DSA-4079-1 DLA-1177-1}
	- poppler 0.61.1-2 (low; bug #877957)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102653
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a5e5649ecf16fa05770620dbbd4985935dc2bbff
CVE-2017-14974 (The *_get_synthetic_symtab functions in the Binary File Descriptor ...)
	- binutils 2.29.1-2
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by
	NOTE: a fixed 2.29.1-3 for unrelated issues.
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22163
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e70c19e3a4c26e9c1ebf0c9170d105039b56d7cf
CVE-2017-14973 (IDenticard Two-Reader Controller Configuration Manager 1.18.8 (396) is ...)
	NOT-FOR-US: IDenticard Two-Reader Controller Configuration Manager
CVE-2017-14972 (InFocus Mondopad 2.2.08 is vulnerable to authentication bypass when ...)
	NOT-FOR-US: InFocus Mondopad
CVE-2017-14971 (Infocus Mondopad 2.2.08 is vulnerable to a Hashed Credential Disclosure ...)
	NOT-FOR-US: InFocus Mondopad
CVE-2017-14970 (In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #877543)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339085.html
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-September/339086.html
	NOTE: Not considered a security issue by upstream, see #877543
CVE-2017-14969 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14968 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14967 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14966 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14965 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14964 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14963 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14962 (In IKARUS anti.virus before 2.16.18, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14961 (In IKARUS anti.virus 2.16.7, the ntguard.sys driver contains an ...)
	NOT-FOR-US: IKARUS anti.virus
CVE-2017-14960 (xDashboard in OpenText Document Sciences xPression (formerly EMC ...)
	NOT-FOR-US: EMC Document Sciences xPression
CVE-2017-14959
	RESERVED
CVE-2017-14958 (lib.php in PivotX 2.3.11 does not properly block uploads of dangerous ...)
	NOT-FOR-US: PivotX
CVE-2017-14957 (Stored XSS vulnerability via a comment in inc/conv.php in BlogoText ...)
	NOT-FOR-US: BlogoText
CVE-2017-14956 (AlienVault USM v5.4.2 and earlier offers authenticated users the ...)
	NOT-FOR-US: AlienVault
CVE-2017-14955 (Check_MK before 1.2.8p26 mishandles certain errors within the ...)
	- check-mk 1.2.8p26-1
	[wheezy] - check-mk <not-affected> (Vulnerable code not present)
	NOTE: http://mathias-kettner.com/check_mk_werks.php?edition_id=raw&branch=1.2.8
	NOTE: https://mathias-kettner.de/check_mk_werks.php?werk_id=5208&HTML=yes
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54
CVE-2017-14954 (The waitid implementation in kernel/exit.c in the Linux kernel through ...)
	- linux <not-affected> (Vulnerable code introduced in v4.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/6c85501f2fabcfc4fc6ed976543d252c4eaf4be9
CVE-2017-14953 (HikVision Wi-Fi IP cameras, when used in a wired configuration, allow ...)
	NOT-FOR-US: HikVision
CVE-2017-14952 (Double free in i18n/zonemeta.cpp in International Components for ...)
	- icu 57.1-7 (bug #878840)
	[stretch] - icu 57.1-6+deb9u1
	[jessie] - icu 52.1-8+deb8u6
	[wheezy] - icu <postponed> (Can be fixed in next update)
	NOTE: http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
	NOTE: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
CVE-2017-14951
	RESERVED
CVE-2017-14950
	RESERVED
CVE-2015-9234 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9233 (The cp-contact-form-with-paypal (aka CP Contact Form with PayPal) ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14949 (Restlet Framework before 2.3.12 allows remote attackers to access ...)
	- restlet <itp> (bug #596472)
CVE-2017-14948
	RESERVED
CVE-2017-14947 (Artifex GSView 6.0 Beta on Windows allows attackers to execute ...)
	NOT-FOR-US: GSView (different from gv)
CVE-2017-14946 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
	NOT-FOR-US: GSView (different from gv)
CVE-2017-14945 (Artifex GSView 6.0 Beta on Windows allows attackers to cause a denial ...)
	NOT-FOR-US: GSView (different from gv)
CVE-2017-14944 (Inedo ProGet before 4.7.14 does not properly address dangerous package ...)
	NOT-FOR-US: Inedo ProGet
CVE-2017-14943 (Trapeze TransitMaster is vulnerable to information disclosure (emails / ...)
	NOT-FOR-US: Trapeze TransitMaster
CVE-2017-14942 (Intelbras WRN 150 devices allow remote attackers to read the ...)
	NOT-FOR-US: Intelbras WRN 150 devices
CVE-2017-14941 (Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure ...)
	- jasperreports <undetermined> (bug #880467; bug #884131)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://github.com/binary1985/VulnerabilityDisclosure/blob/master/JasperSoft%20JasperReports%20-%204.7%20-%20CVE-2017-14941
CVE-2017-14940 (scan_unit_for_symbols in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d76029f92182c3682d8be2c833d45bc9a2068fe
	NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-null-pointer-dereference-in-scan_unit_for_symbols-dwarf2-c
CVE-2017-14939 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22169
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=515f23e63c0074ab531bc954f84ca40c6281a724
	NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-heap-based-buffer-overflow-in-read_1_byte-dwarf2-c
CVE-2017-14938 (_bfd_elf_slurp_version_tables in elf.c in the Binary File Descriptor ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22166
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bd61e135492ecf624880e6b78e5fcde3c9716df6
	NOTE: https://blogs.gentoo.org/ago/2017/09/26/binutils-memory-allocation-failure-in-_bfd_elf_slurp_version_tables-elf-c/
CVE-2017-14937 (The airbag detonation algorithm allows injury to passenger-car ...)
	NOT-FOR-US: passenger-car
CVE-2017-14936
	RESERVED
CVE-2016-10512 (MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for ...)
	NOT-FOR-US: MultiTech FaxFinder
CVE-2017-14935 (Pulse Secure Pulse One On-Premise 2.0.1649 and below does not properly ...)
	NOT-FOR-US: Pulse Secure
CVE-2017-14934 (process_debug_info in dwarf.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22219
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=19485196044b2521af979f1e5c4a89bfb90fba0b
CVE-2017-14933 (read_formatted_entries in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22210
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=30d0157a2ad64e64e5ff9fcc0dbe78a3e682f573
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=33e0a9a056bd23e923b929a4f2ab049ade0b1c32
CVE-2017-14932 (decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22204
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e338894dc2e603683bed2172e8e9f25b29051005
CVE-2017-14931 (ExifImageFile::readDQT in ExifImageFileRead.cpp in OpenExif 2.1.4 ...)
	NOT-FOR-US: OpenExif
CVE-2017-14930 (Memory leak in decode_line_info in dwarf2.c in the Binary File ...)
	[experimental] - binutils 2.29.51.20171128-1
	- binutils 2.29.90.20180122-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22191
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a26a013f22a19e2c16729e64f40ef8a7dfcc086e
CVE-2017-14929 (In Poppler 0.59.0, memory corruption occurs in a call to ...)
	- poppler 0.61.1-2 (bug #877222)
	[stretch] - poppler 0.48.0-2+deb9u2
	[jessie] - poppler <ignored> (Minor impact, too intrusive to backport)
	[wheezy] - poppler <ignored> (unreproducible, requires API change which appears to be too intrusive in this case.)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102969
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2c92c7b6a828c9db8a38f079ea7a3d51c12a481d
CVE-2017-14928 (In Poppler 0.59.0, a NULL Pointer Dereference exists in ...)
	- poppler 0.61.1-2 (bug #877231)
	[stretch] - poppler <no-dsa> (Minor issue)
	[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
	[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102607
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=1316c7a41f4dd7276f404f775ebb5fef2d24ab1c
CVE-2017-14927 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...)
	- poppler 0.61.1-2 (bug #877237)
	[stretch] - poppler <not-affected> (Vulnerable code introduced in 0.49)
	[jessie] - poppler <not-affected> (Vulnerable code introduced in 0.49)
	[wheezy] - poppler <not-affected> (Vulnerable code introduced in 0.49)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102604
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=6472d8493f7e82cc78b41da20a2bf19fcb4e0a7d
CVE-2017-14926 (In Poppler 0.59.0, a NULL Pointer Dereference exists in ...)
	- poppler 0.61.1-2 (bug #877239)
	[stretch] - poppler <no-dsa> (Minor issue)
	[jessie] - poppler <not-affected> (Problematic code introduced in 0.36)
	[wheezy] - poppler <not-affected> (Problematic code introduced in 0.36)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102601
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=2532df6060092e9fab7f041ae9598aff9cdd94bb
CVE-2017-14925 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki ...)
	NOT-FOR-US: Tiki
CVE-2017-14924 (Cross-Site Request Forgery (CSRF) vulnerability via IMG element in Tiki ...)
	NOT-FOR-US: Tiki
CVE-2017-14923 (Stored XSS vulnerability via IMG element at &quot;Leadname&quot; of CRM in Tine ...)
	NOT-FOR-US: Tine groupware
CVE-2017-14922 (Stored XSS vulnerability via IMG element at &quot;History&quot; of Profile, ...)
	NOT-FOR-US: Tine groupware
CVE-2017-14921 (Stored XSS vulnerability via IMG element at &quot;Filename&quot; of Filemanager ...)
	NOT-FOR-US: Tine groupware
CVE-2017-14920 (Stored XSS vulnerability in eGroupware Community Edition before ...)
	NOT-FOR-US: eGroupware
CVE-2017-14919 (Node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0 allows ...)
	- nodejs <unfixed> (unimportant)
	NOTE: Debian doesn't use zlib 1.2.9 yet
	NOTE: https://nodejs.org/en/blog/vulnerability/oct-2017-dos/
CVE-2017-14918 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14917 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14916 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14915 (In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14914 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14913 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14912 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14911 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14910 (In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14909 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14908 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14907 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm closed-source components on Android
CVE-2017-14906 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14905 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14904 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android MediaServer
CVE-2017-14903 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14902 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android
CVE-2017-14901 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14900 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14899 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14898 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14897 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android
CVE-2017-14896 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14895 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android
CVE-2017-14894 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14893
	RESERVED
CVE-2017-14892 (In the function msm_pcm_hw_params() in Android for MSM, Firefox OS for ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14891 (In the KGSL driver function _gpuobj_map_useraddr() in Android for MSM, ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14890 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14889 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14888
	RESERVED
CVE-2017-14887 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14886
	RESERVED
CVE-2017-14885 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14884 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14883 (In the function wma_unified_power_debug_stats_event_handler() in ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14882 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14881 (While calling the IPA IOCTL handler for IPA_IOC_ADD_HDR_PROC_CTX in ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14880 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14879 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14878 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14877 (While the IPA driver in Android for MSM, Firefox OS for MSM, and QRD ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14876 (In msm_ispif_config_stereo() in Android for MSM, Firefox OS for MSM, ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14875 (In the handler for the ioctl command VIDIOC_MSM_ISP_DUAL_HW_LPM_MODE ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-14874
	RESERVED
CVE-2017-14873 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14872
	RESERVED
CVE-2017-14871
	RESERVED
CVE-2017-14870 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14869 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-14868 (Restlet Framework before 2.3.11, when using SimpleXMLProvider, allows ...)
	- restlet <itp> (bug #596472)
CVE-2017-14866 (There is a heap-based buffer overflow in the Exiv2::s2Data function of ...)
	[experimental] - exiv2 <unfixed> (bug #880015)
	- exiv2 <not-affected> (Versions prior to 0.26 don't parse ICC profiles yet)
	NOTE: https://github.com/Exiv2/exiv2/issues/140
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494781
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14865 (There is a heap-based buffer overflow in the Exiv2::us2Data function of ...)
	[experimental] - exiv2 <unfixed> (bug #888865)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/134
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494778
	NOTE: Patch: https://github.com/Exiv2/exiv2/commit/d3c2b9938583440f87ce9115de5a7e8cd8f8db57
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): corrupted unsorted chunks" without valgrind).
CVE-2017-14864 (An Invalid memory address dereference was discovered in Exiv2::getULong ...)
	{DLA-1147-1}
	- exiv2 <unfixed>
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/73
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494467
	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14863 (A NULL pointer dereference was discovered in ...)
	[experimental] - exiv2 <unfixed> (low; bug #888866)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/132
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494443
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and "free(): invalid next size (fast)" without valgrind).
CVE-2017-14862 (An Invalid memory address dereference was discovered in ...)
	{DLA-1147-1}
	- exiv2 <unfixed>
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/75
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494786
	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14861 (There is a stack consumption vulnerability in the ...)
	[experimental] - exiv2 <unfixed> (bug #880027)
	- exiv2 <not-affected> (printIFDStructure introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/139
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494787
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14860 (There is a heap-based buffer over-read in the ...)
	[experimental] - exiv2 <unfixed> (low; bug #888867)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/71
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494776
	NOTE: Patch: https://github.com/Exiv2/exiv2/pull/108
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with valgrind (and segfault without valgrind).
CVE-2017-14859 (An Invalid memory address dereference was discovered in ...)
	{DLA-1147-1}
	- exiv2 <unfixed>
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/74
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494780
	NOTE: Patches here: https://github.com/Exiv2/exiv2/pull/110
	NOTE: Depends on: https://github.com/Exiv2/exiv2/commit/65f45a350516bfde4941d7906f2d67462f48d1ca
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14858 (There is a heap-based buffer overflow in the Exiv2::l2Data function of ...)
	[experimental] - exiv2 <unfixed> (bug #897134)
	- exiv2 <not-affected> (TIFF meta data handler doesn't parse ICC profiles yet)
	NOTE: https://github.com/Exiv2/exiv2/issues/138
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1494782
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1) with a different error (double free or corruption (out))
CVE-2017-14857 (In Exiv2 0.26, there is an invalid free in the Image class in image.cpp ...)
	[experimental] - exiv2 <unfixed> (low; bug #888869)
	- exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/Exiv2/exiv2/issues/76
	NOTE: https://github.com/Exiv2/exiv2/issues/124
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495043
	NOTE: Unreproducible on wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental(0.26-1).
CVE-2017-14856
	RESERVED
CVE-2017-14855 (Red Lion HMI panels allow remote attackers to cause a denial of service ...)
	NOT-FOR-US: Red Lion HMI
CVE-2017-14854
	RESERVED
CVE-2017-14853
	RESERVED
CVE-2017-14852
	RESERVED
CVE-2017-14851
	RESERVED
CVE-2017-14850
	RESERVED
CVE-2017-14849 (Node.js 8.5.0 before 8.6.0 allows remote attackers to access unintended ...)
	- nodejs <not-affected> (Vulnerable code introduced in 8.5.0)
	NOTE: https://nodejs.org/en/blog/vulnerability/september-2017-path-validation/
	NOTE: https://twitter.com/nodejs/status/913131152868876288
CVE-2017-14848 (WPHRM Human Resource Management System for WordPress 1.0 allows SQL ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14847 (Mojoomla WPAMS Apartment Management System for WordPress allows SQL ...)
	NOT-FOR-US: Mojoomla WPAMS Apartment Management System for WordPress
CVE-2017-14846 (Mojoomla Hospital Management System for WordPress allows SQL Injection ...)
	NOT-FOR-US: Mojoomla Hospital Management System for WordPress
CVE-2017-14845 (Mojoomla WPCHURCH Church Management System for WordPress allows SQL ...)
	NOT-FOR-US: Mojoomla WPCHURCH Church Management System for WordPress
CVE-2017-14844 (Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via ...)
	NOT-FOR-US: Mojoomla WPGYM WordPress Gym Management System
CVE-2017-14843 (Mojoomla School Management System for WordPress allows SQL Injection ...)
	NOT-FOR-US: Mojoomla School Management System for WordPress
CVE-2017-14842 (Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL ...)
	NOT-FOR-US: Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress
CVE-2017-14841 (Mojoomla Annual Maintenance Contract (AMC) Management System allows ...)
	NOT-FOR-US: Mojoomla Annual Maintenance Contract (AMC) Management System
CVE-2017-14840 (TeamWork TicketPlus allows Arbitrary File Upload in updateProfile. ...)
	NOT-FOR-US: TeamWork TicketPlus
CVE-2017-14839 (TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and ...)
	NOT-FOR-US: TeamWork Photo Fusion
CVE-2017-14838 (TeamWork Job Links allows Arbitrary File Upload in profileChange and ...)
	NOT-FOR-US: TeamWork Job Links
CVE-2017-14837 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14836 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14835 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14834 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14833 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14832 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14831 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14830 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14829 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14828 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14827 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14826 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14825 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14824 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14823 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14822 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14821 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14820 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14819 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14818 (This vulnerability allows remote attackers to disclose sensitive on ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14817
	RESERVED
CVE-2017-14816
	RESERVED
CVE-2017-14815
	RESERVED
CVE-2017-14814
	RESERVED
CVE-2017-14813
	RESERVED
CVE-2017-14812
	RESERVED
CVE-2017-14811
	RESERVED
CVE-2017-14810
	RESERVED
CVE-2017-14809
	RESERVED
CVE-2017-14808
	RESERVED
CVE-2017-14807
	RESERVED
CVE-2017-14806
	RESERVED
CVE-2017-14805
	RESERVED
CVE-2017-14804 (The build package before 20171128 did not check directory names during ...)
	- obs-build 20180302-1 (bug #887306)
	[stretch] - obs-build <no-dsa> (Minor issue)
	[jessie] - obs-build <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1069904
CVE-2017-14803 (In NetIQ Access Manager 4.3 and 4.4, a bug exists in Identity Server ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-14802 (Novell Access Manager Admin Console and IDP servers before 4.3.3 have ...)
	NOT-FOR-US: Novell Access Manager Admin Console
CVE-2017-14801 (Reflected XSS in the NetIQ Access Manager before 4.3.3 allowed ...)
	NOT-FOR-US: NetIQ
CVE-2017-14800 (A reflected cross site scripting attack in the NetIQ Access Manager ...)
	NOT-FOR-US: NetIQ
CVE-2017-14799 (A cross site scripting attack in handling the ESP login parameter ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-14798 (A race condition in the postgresql init script could be used by ...)
	NOT-FOR-US: SuSE-specific flaw in Postgres init script
CVE-2017-14797 (Lack of Transport Encryption in the public API in Philips Hue Bridge ...)
	NOT-FOR-US: Philips Hue
CVE-2017-14796 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
	NOT-FOR-US: libbpg
CVE-2017-14795 (The hevc_write_frame function in libbpg.c in libbpg 0.9.7 allows remote ...)
	NOT-FOR-US: libbpg
CVE-2017-14794
	RESERVED
CVE-2017-14793
	RESERVED
CVE-2017-14792
	RESERVED
CVE-2017-14791
	RESERVED
CVE-2017-14790
	RESERVED
CVE-2017-14789
	RESERVED
CVE-2017-14788
	RESERVED
CVE-2017-14787
	RESERVED
CVE-2017-14786
	RESERVED
CVE-2017-14785
	RESERVED
CVE-2017-14784
	RESERVED
CVE-2017-14783
	RESERVED
CVE-2017-14782
	RESERVED
CVE-2017-14781
	RESERVED
CVE-2017-14780
	RESERVED
CVE-2017-14779
	RESERVED
CVE-2017-14778
	RESERVED
CVE-2017-14777
	RESERVED
CVE-2017-14776
	RESERVED
CVE-2017-14775 (Laravel before 5.5.10 mishandles the remember_me token verification ...)
	NOT-FOR-US: Laravel
CVE-2017-14774
	RESERVED
CVE-2017-14773 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14772 (Skybox Manager Client Application is prone to information disclosure ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14771 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14770 (Skybox Manager Client Application prior to 8.5.501 is prone to an ...)
	NOT-FOR-US: Skybox Manager Client Application
CVE-2017-14769
	RESERVED
CVE-2017-14768
	RESERVED
CVE-2017-14767 (The sdp_parse_fmtp_config_h264 function in libavformat/rtpdec_h264.c in ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c42a1388a6d1bfd8001bf6a4241d8ca27e49326d
	NOTE: Fixed in 3.2.8
CVE-2017-14766 (The Simple Student Result plugin before 1.6.4 for WordPress has an ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14765 (In GeniXCMS 1.1.4, gxadmin/index.php has XSS via the Menu ID field in a ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14764 (In the Upload Modules page in GeniXCMS 1.1.4, remote authenticated ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14763 (In the Install Themes page in GeniXCMS 1.1.4, remote authenticated ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14762 (In GeniXCMS 1.1.4, /inc/lib/Control/Backend/menus.control.php has XSS ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14761 (In GeniXCMS 1.1.4, /inc/lib/backend/menus.control.php has XSS via the ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14760 (SQL Injection exists in /includes/event-management/index.php in the ...)
	NOT-FOR-US: Event Espresso Lite
CVE-2017-14759 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14757 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14756 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14755 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14754 (OpenText Document Sciences xPression (formerly EMC Document Sciences ...)
	NOT-FOR-US: OpenText Document Sciences xPression
CVE-2017-14753 (Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14752 (Mahara 15.04 before 15.04.15, 16.04 before 16.04.9, 16.10 before ...)
	- mahara <removed>
	NOTE: https://mahara.org/interaction/forum/topic.php?id=8083
CVE-2017-14751 (The Intense WP &quot;WP Jobs&quot; plugin 1.5 for WordPress has XSS, related to ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14750
	RESERVED
CVE-2017-14749 (JerryScript 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: JerryScript
CVE-2017-14748 (Race condition in Blizzard Overwatch 1.15.0.2 allows remote ...)
	NOT-FOR-US: Blizzard Overwatch
CVE-2017-14747
	RESERVED
CVE-2017-14746 (Use-after-free vulnerability in Samba 4.x before 4.7.3 allows remote ...)
	{DSA-4043-1}
	- samba 2:4.7.1+dfsg-2
	[wheezy] - samba <not-affected> (Issue introduced in 4.0.0)
	NOTE: https://www.samba.org/samba/security/CVE-2017-14746.html
CVE-2017-14745 (The *_get_synthetic_symtab functions in the Binary File Descriptor ...)
	- binutils 2.29-11
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22148
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=94670f6cf11fc29cc6db6814b38c4305d9bcac96 (master)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e6ff33ca50c1180725dde11c84ee93fcdb4235ef (binutils-2_29-branch)
CVE-2017-14867 (Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x ...)
	{DSA-3984-1 DLA-1120-1}
	- git 1:2.14.2-1 (bug #876854)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/26/9
	NOTE: https://public-inbox.org/git/xmqqy3p29ekj.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-14744 (UEditor 1.4.3.3 has XSS via the SRC attribute of an IFRAME element. ...)
	NOT-FOR-US: UEditor
CVE-2017-14743 (Faleemi FSC-880 00.01.01.0048P2 devices allow unauthenticated SQL ...)
	NOT-FOR-US: Faleemi FSC-880 00.01.01.0048P2 devices
CVE-2017-14742
	RESERVED
CVE-2017-14741 (The ReadCAPTIONImage function in coders/caption.c in ImageMagick ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878548)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/771
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d8e14899c562157c7760a77fc91625a27cb596f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bb11d07139efe0f5e4ce0e4afda32abdbe82fa9d
CVE-2017-14740 (Cross-site scripting (XSS) vulnerability in GeniXCMS 1.1.0 allows ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-14739 (The AcquireResampleFilterThreadSet function in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878547)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/780
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6017a80fe8327fefb77fa677d81154db2b857d1d
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/700fcf95b2c3f554dfbe75833b91f19dde208089
	NOTE: Requires additional fixes:
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bbc582d5439a7f9338c6bdc8c34b1ae221ae5214
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/67a633df9386704f45d1ad24f7f5af8a5d11f4a3
CVE-2017-14738 (FileRun (version 2017.09.18 and below) suffers from a remote SQL ...)
	NOT-FOR-US: FileRun
CVE-2017-14737 (A cryptographic cache-based side channel in the RSA implementation in ...)
	{DLA-1125-1}
	- botan1.10 1.10.17-0.1 (bug #877436)
	[stretch] - botan1.10 <no-dsa> (Minor issue)
	[jessie] - botan1.10 <no-dsa> (Minor issue)
	NOTE: https://github.com/randombit/botan/issues/1222
	NOTE: https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai
	NOTE: for 1.10: https://github.com/randombit/botan/commit/aeb87170d1b9013b079c300c8858bad477d30bd4
	NOTE: for 2.x: https://github.com/randombit/botan/commit/95df7f155570949837e8e28e733f3d59408092da
CVE-2017-14736
	RESERVED
CVE-2017-14735 (OWASP AntiSamy before 1.5.7 allows XSS via HTML5 entities, as ...)
	NOT-FOR-US: OWASP AntiSamy
CVE-2017-14734 (The build_msps function in libbpg.c in libbpg 0.9.7 allows remote ...)
	NOT-FOR-US: libbpg
CVE-2017-14733 (ReadRLEImage in coders/rle.c in GraphicsMagick 1.3.26 mishandles RLE ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-13
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=5381c71724e3
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/458/
CVE-2017-14732
	RESERVED
CVE-2017-14731 (ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote ...)
	{DLA-1192-1}
	- libofx 1:0.9.11-5 (bug #877442)
	[stretch] - libofx 1:0.9.10-2+deb9u1
	[jessie] - libofx 1:0.9.10-1+deb8u1
	NOTE: https://github.com/libofx/libofx/issues/10
	NOTE: https://github.com/libofx/libofx/commit/fad8418f34094de42e1307113598e0e8bee0a2bd
CVE-2017-14730 (The init script in the Gentoo app-admin/logstash-bin package before ...)
	NOT-FOR-US: Gentoo packagin flaw for Logstash
CVE-2017-14729 (The *_get_synthetic_symtab functions in the Binary File Descriptor ...)
	- binutils 2.29.1-2
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: First version containing the fix was 2.29.1-2, which was quickly followed by
	NOTE: a fixed 2.29.1-3 for unrelated issues.
	NOTE: https://blogs.gentoo.org/ago/2017/09/25/binutils-heap-based-buffer-overflow-in-_bfd_x86_elf_get_synthetic_symtab-elfxx-x86-c/
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22170
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=56933f9e3e90eebf1018ed7417d6c1184b91db6b
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=61e3bf5f83f7e505b6bc51ef65426e5b31e6e360
CVE-2017-14728
	RESERVED
CVE-2017-14726 (Before version 4.8.2, WordPress was vulnerable to a cross-site ...)
	{DSA-3997-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/41395
CVE-2017-14725 (Before version 4.8.2, WordPress was susceptible to an open redirect ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41398
CVE-2017-14724 (Before version 4.8.2, WordPress was vulnerable to cross-site scripting ...)
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	[stretch] - wordpress 4.7.5+dfsg-2+deb9u1
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/41448
CVE-2017-14723 (Before version 4.8.2, WordPress mishandled % characters and additional ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41470
	NOTE: https://core.trac.wordpress.org/changeset/41496
	NOTE: https://github.com/WordPress/WordPress/commit/70b21279098fc973eae803693c0705a548128e48
	NOTE: https://github.com/WordPress/WordPress/commit/fc930d3daed1c3acef010d04acc2c5de93cd18ec
	NOTE: https://medium.com/websec/wordpress-sqli-bbb2afcc8e94
	NOTE: https://medium.com/websec/wordpress-sqli-poc-f1827c20bf8e
CVE-2017-14722 (Before version 4.8.2, WordPress allowed a Directory Traversal attack in ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41397
CVE-2017-14721 (Before version 4.8.2, WordPress allowed Cross-Site scripting in the ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14720 (Before version 4.8.2, WordPress allowed a Cross-Site scripting attack ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41412
CVE-2017-14719 (Before version 4.8.2, WordPress was vulnerable to a directory traversal ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41457
CVE-2017-14718 (Before version 4.8.2, WordPress was susceptible to a Cross-Site ...)
	{DSA-3997-1 DLA-1151-1}
	- wordpress 4.8.2+dfsg-1 (bug #876274)
	NOTE: https://core.trac.wordpress.org/changeset/41393
CVE-2017-14727 (logger.c in the logger plugin in WeeChat before 1.9.1 allows a crash ...)
	{DLA-1111-1}
	- weechat 1.9.1-1 (bug #876553)
	[stretch] - weechat 1.6-1+deb9u2
	[jessie] - weechat 1.0.1-1+deb8u2
	NOTE: Fixed by: https://github.com/weechat/weechat/commit/f105c6f0b56fb5687b2d2aedf37cb1d1b434d556
CVE-2017-14717 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks ...)
	NOT-FOR-US: EPESI
CVE-2017-14716 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Title ...)
	NOT-FOR-US: EPESI
CVE-2017-14715 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Alerts ...)
	NOT-FOR-US: EPESI
CVE-2017-14714 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls ...)
	NOT-FOR-US: EPESI
CVE-2017-14713 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Phonecalls ...)
	NOT-FOR-US: EPESI
CVE-2017-14712 (In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall ...)
	NOT-FOR-US: EPESI
CVE-2017-14711 (The Kickbase GmbH &quot;Kickbase Bundesliga Manager&quot; app before 2.2.1 -- aka ...)
	NOT-FOR-US: Kickbase GmbH "Kickbase Bundesliga Manager"
CVE-2017-14710
	RESERVED
CVE-2017-14709
	RESERVED
CVE-2017-14708
	RESERVED
CVE-2017-14707
	RESERVED
CVE-2017-14706 (DenyAll WAF before 6.4.1 allows unauthenticated remote attackers to ...)
	NOT-FOR-US: DenyAll WAF
CVE-2017-14705 (DenyAll WAF before 6.4.1 allows unauthenticated remote command ...)
	NOT-FOR-US: DenyAll WAF
CVE-2017-14704 (Multiple unrestricted file upload vulnerabilities in the (1) ...)
	NOT-FOR-US: Claydip Laravel Airbnb Clone
CVE-2017-14703 (SQL injection vulnerability in Cash Back Comparison Script 1.0 allows ...)
	NOT-FOR-US: Cash Back Comparison Script
CVE-2017-14702 (ERS Data System 1.8.1.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: ERS Data System
CVE-2017-14701
	RESERVED
CVE-2017-14700
	RESERVED
CVE-2017-14699 (Multiple XML external entity (XXE) vulnerabilities in the AiCloud ...)
	NOT-FOR-US: ASUS routers
CVE-2017-14698 (ASUS DSL-AC51, DSL-AC52U, DSL-AC55U, DSL-N55U C1, DSL-N55U D1, ...)
	NOT-FOR-US: ASUS routers
CVE-2017-14697
	RESERVED
CVE-2017-14696 (SaltStack Salt before 2016.3.8, 2016.11.x before 2016.11.8, and ...)
	- salt 2016.11.8+dfsg1-1 (bug #879090)
	[stretch] - salt 2016.11.2+ds-1+deb9u1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/5f8b5e1a0f23fe0f2be5b3c3e04199b57a53db5b
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/89e084bda356739de645c15e7d1968afebdcc56e (2016.11)
CVE-2017-14695 (Directory traversal vulnerability in minion id validation in SaltStack ...)
	- salt 2016.11.8+dfsg1-1 (bug #879089)
	[stretch] - salt 2016.11.2+ds-1+deb9u1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/80d90307b07b3703428ecbb7c8bb468e28a9ae6d
	NOTE: Fixed by: https://github.com/saltstack/salt/commit/206ae23f15cb7ec95a07dee4cbe9802da84f9c42 (2016.11)
CVE-2017-14694 (Foxit Reader 8.3.2.25013 and earlier and Foxit PhantomPDF 8.3.2.25013 ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-14693 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
	NOT-FOR-US: IrfanView
CVE-2017-14692 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14691 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14690 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14689 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14688 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14687 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
	{DSA-4006-1 DLA-1164-1}
	- mupdf 1.11+ds1-1.1 (bug #877379)
	[jessie] - mupdf <no-dsa> (Minor issue)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698558
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=2b16dbd8f73269cb15ca61ece75cf8d2d196ed28
	NOTE: Several fz_xml_tag && !strcmp idoms are used in older versions
CVE-2017-14686 (Artifex MuPDF 1.11 allows attackers to execute arbitrary code or cause ...)
	{DSA-4006-1}
	- mupdf 1.11+ds1-1.1 (bug #877379)
	[jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698540
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=0f0fbc07d9be31f5e83ec5328d7311fdfd8328b1
CVE-2017-14685 (Artifex MuPDF 1.11 allows attackers to cause a denial of service or ...)
	{DSA-4006-1}
	- mupdf 1.11+ds1-1.1 (bug #877379)
	[jessie] - mupdf <not-affected> (vulnerable code not present, poc not effective)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698539
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=ab1a420613dec93c686acbee2c165274e922f82a
CVE-2017-14684 (In ImageMagick 7.0.7-4 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #876487)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/770
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/dd367e0c3c3f37fbf1c20fa107b67a668b22c6e2
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a25142f284384a10306f14393d9bfd7af95ddfff
CVE-2017-14683 (geminabox (aka Gem in a Box) before 0.13.7 has CSRF, as demonstrated by ...)
	NOT-FOR-US: geminabox
CVE-2017-14682 (GetNextToken in MagickCore/token.c in ImageMagick 7.0.6 allows remote ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #876488)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32726
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3bee958ee63eb6ec62834d0c7b28b4b6835e6a00
CVE-2017-14681 (The daemon in P3Scan 3.0_rc1 and earlier creates a p3scan.pid file ...)
	- p3scan <removed> (bug #876674)
	[stretch] - p3scan <ignored> (Minor issue)
	[jessie] - p3scan <ignored> (Minor issue)
	[wheezy] - p3scan <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/p3scan/bugs/33/
CVE-2017-14680 (ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain ...)
	NOT-FOR-US: ZKTeco ZKTime Web
CVE-2017-14679
	RESERVED
CVE-2017-14678
	RESERVED
CVE-2017-14677
	RESERVED
CVE-2017-14676
	RESERVED
CVE-2017-14675
	RESERVED
CVE-2017-14674
	RESERVED
CVE-2017-14673
	RESERVED
CVE-2017-14672
	RESERVED
CVE-2017-14671
	RESERVED
CVE-2017-14670
	RESERVED
CVE-2017-14669
	RESERVED
CVE-2017-14668
	RESERVED
CVE-2017-14667
	RESERVED
CVE-2017-14666
	RESERVED
CVE-2017-14665
	RESERVED
CVE-2017-14664
	RESERVED
CVE-2017-14663
	RESERVED
CVE-2017-14662
	RESERVED
CVE-2017-14661
	RESERVED
CVE-2017-14660
	RESERVED
CVE-2017-14659
	RESERVED
CVE-2017-14658
	RESERVED
CVE-2017-14657
	RESERVED
CVE-2017-14656
	RESERVED
CVE-2017-14655
	RESERVED
CVE-2017-14654
	RESERVED
CVE-2017-14653 (member/Orderinfo.asp in ASP4CMS AspCMS 2.7.2 allows remote ...)
	NOT-FOR-US: ASP4CMS AspCMS
CVE-2017-14652 (SQL Injection vulnerability in mobiquo/lib/classTTForum.php in the ...)
	NOT-FOR-US: Tapatalk plugin for MyBB
CVE-2017-14651 (WSO2 Data Analytics Server 3.1.0 has XSS in ...)
	NOT-FOR-US: WSO2 Data Analytics Server
CVE-2017-14649 (ReadOneJNGImage in coders/png.c in GraphicsMagick version 1.3.26 does ...)
	- graphicsmagick 1.3.26-12 (unimportant; bug #876460)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/358608a46f0a
	NOTE: https://blogs.gentoo.org/ago/2017/09/19/graphicsmagick-assertion-failure-in-pixel_cache-c/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/439/
CVE-2017-14648 (A global buffer overflow was discovered in the iteration_loop function ...)
	NOT-FOR-US: BladeEnc
CVE-2017-14647 (A heap-based buffer overflow was discovered in ...)
	NOT-FOR-US: Bento4
CVE-2017-14646 (The AP4_AvccAtom and AP4_HvccAtom classes in Bento4 version 1.5.0-617 ...)
	NOT-FOR-US: Bento4
CVE-2017-14645 (A heap-based buffer over-read was discovered in ...)
	NOT-FOR-US: Bento4
CVE-2017-14644 (A heap-based buffer overflow was discovered in the AP4_HdlrAtom class ...)
	NOT-FOR-US: Bento4
CVE-2017-14643 (The AP4_HdlrAtom class in Core/Ap4HdlrAtom.cpp in Bento4 version ...)
	NOT-FOR-US: Bento4
CVE-2017-14642 (A NULL pointer dereference was discovered in the AP4_HdlrAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14641 (A NULL pointer dereference was discovered in the AP4_DataAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14640 (A NULL pointer dereference was discovered in ...)
	NOT-FOR-US: Bento4
CVE-2017-14639 (AP4_VisualSampleEntry::ReadFields in Core/Ap4SampleEntry.cpp in Bento4 ...)
	NOT-FOR-US: Bento4
CVE-2017-14638 (AP4_AtomFactory::CreateAtomFromStream in Core/Ap4AtomFactory.cpp in ...)
	NOT-FOR-US: Bento4
CVE-2017-14637 (In sam2p 0.49.3, there is an invalid read of size 2 in the parse_rgb ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 5)
CVE-2017-14636 (Because of an integer overflow in sam2p 0.49.3, a loop executes ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 4)
CVE-2017-14635 (In Open Ticket Request System (OTRS) 3.3.x before 3.3.18, 4.x before ...)
	{DSA-4021-1 DLA-1119-1}
	- otrs2 5.0.23-1 (bug #876462)
	NOTE: https://github.com/OTRS/otrs/commit/a4093dc404fcbd87b235b31c72913141672f2a85 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/00bcc89dc2443b5d8b34a0908e224373926aa618 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/b69c2533c951fa72bfe238f255ce76352f054897 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/b92ec17196ac3e1fdcab40fbb16dbb602d5d52b5 (rel-5_0)
	NOTE: https://github.com/OTRS/otrs/commit/3ccc426ec220267d0cac8e3fdc39015a3db7d720 (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/f27dc65e4a937ba832d60e212ce6c9e3a28e406b (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/454c50116c2bf82dcd9dfee9146a7416be686875 (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/5468720cc8225a85699b1977ff230adbf9f8362d (rel-3_3)
	NOTE: https://github.com/OTRS/otrs/commit/0583dfda7bc9c7d76457aad68083f4b28a288ce5 (rel-3_3)
	NOTE: https://www.otrs.com/security-advisory-2017-04-security-update-otrs-versions/
CVE-2017-14650 (A Remote Code Execution vulnerability has been found in the Horde_Image ...)
	- php-horde-image 2.5.2-1 (bug #876400)
	NOTE: https://marc.info/?l=horde-announce&m=150600299528079&w=2
	NOTE: https://github.com/horde/horde/commit/eb3afd14c22c77ae0d29e2848f5ac726ef6e7c5b
CVE-2017-14634 (In libsndfile 1.0.28, a divide-by-zero error exists in the function ...)
	- libsndfile <unfixed> (bug #876783)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/318
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/85c877d5072866aadbe8ed0c3e0590fbb5e16788
CVE-2017-14633 (In Xiph.Org libvorbis 1.3.5, an out-of-bounds array read vulnerability ...)
	{DSA-4113-1 DLA-1368-1}
	- libvorbis 1.3.5-4.1 (bug #876778)
	[jessie] - libvorbis <postponed> (Minor issue, can be fixed along later)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2329
	NOTE: https://github.com/xiph/vorbis/pull/34
	NOTE: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-14632 (Xiph.Org libvorbis 1.3.5 allows Remote Code Execution upon freeing ...)
	{DSA-4113-1 DLA-1368-1}
	- libvorbis 1.3.5-4.1 (bug #876779)
	[jessie] - libvorbis <not-affected> (Vulnerable code not present)
	[wheezy] - libvorbis <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2328
	NOTE: https://github.com/xiph/vorbis/issues/29
	NOTE: https://github.com/xiph/vorbis/pull/34
CVE-2017-14631 (In sam2p 0.49.3, the pcxLoadRaster function in in_pcx.cpp has an ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 1)
CVE-2017-14630 (In sam2p 0.49.3, an integer overflow exists in the pcxLoadImage24 ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 6)
CVE-2017-14629 (In sam2p 0.49.3, the in_xpm_reader function in in_xpm.cpp has an ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 3)
CVE-2017-14628 (In sam2p 0.49.3, a heap-based buffer overflow exists in the ...)
	{DLA-1127-1}
	- sam2p <removed> (bug #876744)
	[jessie] - sam2p 0.49.2-3+deb8u1
	NOTE: https://github.com/pts/sam2p/issues/14 (bug 2)
CVE-2017-14627 (Stack-based buffer overflows in CyberLink LabelPrint 2.5 allow remote ...)
	NOT-FOR-US: CyberLink LabelPrint
CVE-2017-14626 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878524)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/720
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90b301db18434b2c2228776d06c2898b5fed74f0
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14625 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877355)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/721
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cc797c296c30f3ec31cd02418b58a2c27549b0a9
CVE-2017-14624 (ImageMagick 7.0.7-0 Q16 has a NULL Pointer Dereference vulnerability in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #877354)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/722
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9ff805077fd5297dc41dc989f9dba59877e12f97
CVE-2017-14623 (In the ldap.v2 (aka go-ldap) package through 2.5.0 for Go, an attacker ...)
	- golang-github-go-ldap-ldap 2.5.1-1 (low; bug #876404)
	[stretch] - golang-github-go-ldap-ldap 2.4.1-1+deb9u1
	NOTE: https://github.com/go-ldap/ldap/pull/126
	NOTE: https://github.com/go-ldap/ldap/commit/95ede1266b237bf8e9aa5dce0b3250e51bfefe66
CVE-2017-14622 (Multiple cross-site scripting (XSS) vulnerabilities in the 2kb Amazon ...)
	NOT-FOR-US: 2kb Amazon Affiliates Store plugin for WordPress
CVE-2017-14621 (Portus 2.2.0 has XSS via the Team field, related to typeahead. ...)
	NOT-FOR-US: Portus
CVE-2017-14620 (SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP ...)
	NOT-FOR-US: SmarterStats
CVE-2017-14619 (Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-14618 (Cross-site scripting (XSS) vulnerability in inc/PMF/Faq.php in phpMyFAQ ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-14617 (In Poppler 0.59.0, a floating point exception occurs in the ImageStream ...)
	{DLA-1116-1}
	- poppler 0.61.1-2 (bug #876385)
	[stretch] - poppler <ignored> (Minor issue)
	[jessie] - poppler <ignored> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102854
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=939465c40902d72e0c05d4f3a27ee67e4a007ed7
	NOTE: The patch applied in 0.48.0-2+deb9u1 (stretch) and 0.26.5-2+deb8u2 (jessie)
	NOTE: does not completely fix the issue thus still marked as unfixed even if the
	NOTE: CVE is recorded in debian/changelog.
CVE-2015-9232 (The Good for Enterprise application 3.0.0.415 for Android does not use ...)
	NOT-FOR-US: Good for Enterprise application for Android
CVE-2017-14616 (An FBX-5312 issue was discovered in WatchGuard Fireware before 12.0. If ...)
	NOT-FOR-US: WatchGuard Fireware
CVE-2017-14615 (An FBX-5313 issue was discovered in WatchGuard Fireware before 12.0. ...)
	NOT-FOR-US: WatchGuard Fireware
CVE-2017-14614 (Directory traversal vulnerability in the Visor GUI Console in GridGain ...)
	NOT-FOR-US: GridGain
CVE-2017-14613
	RESERVED
CVE-2017-14612
	RESERVED
CVE-2017-14611 (SSRF (Server Side Request Forgery) in Cockpit 0.13.0 allows remote ...)
	NOT-FOR-US: Cockpit CMS (different from src:cockpit)
CVE-2017-14610 (bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 ...)
	- bareos <unfixed> (bug #877334)
	[stretch] - bareos <no-dsa> (Minor issue)
	[jessie] - bareos <no-dsa> (Minor issue)
	NOTE: https://bugs.bareos.org/view.php?id=847
CVE-2017-14609 (The server daemons in Kannel 1.5.0 and earlier create a PID file after ...)
	- kannel <unfixed> (low; bug #877361)
	[stretch] - kannel <no-dsa> (Minor issue)
	[jessie] - kannel <no-dsa> (Minor issue)
	[wheezy] - kannel <no-dsa> (Minor issue)
	NOTE: https://redmine.kannel.org/issues/771
CVE-2017-14608 (In LibRaw through 0.18.4, an out of bounds read flaw related to ...)
	{DLA-1109-1}
	- libraw 0.18.5-1 (low)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/commit/d13e8f6d1e987b7491182040a188c16a395f1d21
	NOTE: https://github.com/LibRaw/LibRaw/issues/101
CVE-2017-14607 (In ImageMagick 7.0.7-4 Q16, an out of bounds read flaw related to ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878527)
	NOTE: IM6 patch: https://github.com/ImageMagick/ImageMagick/commit/cd665c3d05b46d1579c738a72214175ff50aec74
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/765
CVE-2017-14606
	RESERVED
CVE-2017-14605
	RESERVED
CVE-2015-9231 (iTerm2 3.x before 3.1.1 allows remote attackers to discover passwords ...)
	NOT-FOR-US: iTerm2
CVE-2017-14604 (GNOME Nautilus before 3.23.90 allows attackers to spoof a file type by ...)
	{DSA-3994-1}
	- nautilus 3.25.90-1 (bug #860268)
	[jessie] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
	[wheezy] - nautilus <no-dsa> (Minor issue, issue mitigated because does not silently decompress tarballs)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777991
	NOTE: https://micahflee.com/2017/04/breaking-the-security-model-of-subgraph-os/
	NOTE: https://github.com/freedomofpress/securedrop/issues/2238
	NOTE: https://github.com/GNOME/nautilus/commit/1630f53481f445ada0a455e9979236d31a8d3bb0
CVE-2017-14603 (In Asterisk 11.x before 11.25.3, 13.x before 13.17.2, and 14.x before ...)
	{DSA-3990-1}
	- asterisk 1:13.17.2~dfsg-1 (bug #876328)
	[wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-008.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27274
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27252
CVE-2017-14602 (A vulnerability has been identified in the management interface of ...)
	NOT-FOR-US: Citrix
CVE-2017-14601 (Pragyan CMS v3.0 is vulnerable to a Boolean-based SQL injection in ...)
	NOT-FOR-US: Pragyan CMS
CVE-2017-14600 (Pragyan CMS v3.0 is vulnerable to an Error-Based SQL injection in ...)
	NOT-FOR-US: Pragyan CMS
CVE-2017-14599
	RESERVED
CVE-2017-14598
	RESERVED
CVE-2017-14597 (AdminPanel in AfterLogic WebMail 7.7 and Aurora 7.7.5 has XSS via the ...)
	NOT-FOR-US: AfterLogic WebMail
CVE-2017-14596 (In Joomla! before 3.8.0, inadequate escaping in the LDAP authentication ...)
	NOT-FOR-US: Joomla!
CVE-2017-14595 (In Joomla! before 3.8.0, a logic bug in a SQL query could lead to the ...)
	NOT-FOR-US: Joomla!
CVE-2017-14594 (The printable searchrequest issue resource in Atlassian Jira before ...)
	NOT-FOR-US: Atlassian Jira
CVE-2017-14593 (Sourcetree for Windows had several argument and command injection bugs ...)
	NOT-FOR-US: Sourcetree
CVE-2017-14592 (Sourcetree for macOS had several argument and command injection bugs ...)
	NOT-FOR-US: Sourcetree
CVE-2017-14591 (Atlassian Fisheye and Crucible versions less than 4.4.3 and version ...)
	NOT-FOR-US: Atlassian
CVE-2017-14590 (Bamboo did not check that the name of a branch in a Mercurial ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-14589 (It was possible for double OGNL evaluation in FreeMarker templates ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-14588 (Various resources in Atlassian FishEye and Crucible before version ...)
	NOT-FOR-US: Atlassian
CVE-2017-14587 (The administration user deletion resource in Atlassian FishEye and ...)
	NOT-FOR-US: Atlassian
CVE-2017-14586 (The Hipchat for Mac desktop client is vulnerable to client-side remote ...)
	NOT-FOR-US: Atlassian
CVE-2017-14585 (A Server Side Request Forgery (SSRF) vulnerability could lead to ...)
	NOT-FOR-US: Atlassian
CVE-2017-14584
	RESERVED
CVE-2017-14583 (NetApp Clustered Data ONTAP versions 9.x prior to 9.1P10 and 9.2P2 are ...)
	NOT-FOR-US: NetApp Clustered Data ONTAP
CVE-2017-14582 (The Zoho Site24x7 Mobile Network Poller application before 1.1.5 for ...)
	NOT-FOR-US: Zoho
CVE-2017-XXXX [pcb code injection by malicious layout file]
	- pcb-rnd 1.2.5-2 (bug #876540)
	[stretch] - pcb-rnd 1.1.4-2
CVE-2017-14581 (The Host Control web service in SAP NetWeaver AS JAVA 7.0 through 7.5 ...)
	NOT-FOR-US: SAP
CVE-2017-14580 (XnView Classic for Windows Version 2.41 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14579 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14578 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
	NOT-FOR-US: IrfanView
CVE-2017-14577 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14576 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14575 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14574 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14573 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14572 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14571 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14570 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14569 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14568 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14567 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14566 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14565 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14564 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14563 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14562 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14561 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14560 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14559 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14558 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14557 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14556 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14555 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14554 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14553 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14552 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14551 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14550 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14549 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14548 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14547 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14546 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14545 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14544 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14543 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14542 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14541 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14540 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
	NOT-FOR-US: IrfanView
CVE-2017-14539 (IrfanView 4.44 - 32bit allows attackers to cause a denial of service or ...)
	NOT-FOR-US: IrfanView
CVE-2017-14538 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14537 (trixbox 2.8.0.4 has path traversal via the xajaxargs array parameter to ...)
	NOT-FOR-US: trixbox
CVE-2017-14536 (trixbox 2.8.0.4 has XSS via the PATH_INFO to /maint/index.php or ...)
	NOT-FOR-US: trixbox
CVE-2017-14535 (trixbox 2.8.0.4 has OS command injection via shell metacharacters in ...)
	NOT-FOR-US: trixbox
CVE-2017-14534 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14533 (ImageMagick 7.0.6-6 has a memory leak in ReadMATImage in coders/mat.c. ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/648
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1f2089e79bcf5714cefba7cdc47049b4ac53c6b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bdfc5538051ad0d1c2083ba2a29180ff6abea907
CVE-2017-14532 (ImageMagick 7.0.7-0 has a NULL Pointer Dereference in TIFFIgnoreTags in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878541)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/719
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1942317d9208ea17ee17d976a39768cd51d74160
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c55fb18c3f78445d100a378ab8b3c0acd53c6590
CVE-2017-14531 (ImageMagick 7.0.7-0 has a memory exhaustion issue in ReadSUNImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/718
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/69967f4161bd14d8e03ea463d6545da442a6ea78
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1385a09732c261f1f403a9af6700979ca56c76d3
CVE-2017-14530 (WP_Admin_UI in the Crony Cronjob Manager plugin before 0.4.7 for ...)
	NOT-FOR-US: Crony Cronjob Manager plugin for WordPress
CVE-2017-14529 (The pe_print_idata function in peXXigen.c in the Binary File Descriptor ...)
	- binutils 2.29-10
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22113
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=4d465c689a8fb27212ef358d0aee89d60dee69a6
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dcaaca89e8618eba35193c27afcb1cfa54f74582
CVE-2017-14528 (The TIFFSetProfiles function in coders/tiff.c in ImageMagick 7.0.6 has ...)
	- imagemagick <unfixed> (bug #878544)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2730
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32560
CVE-2017-14527 (Multiple XML external entity (XXE) vulnerabilities in the OpenText ...)
	NOT-FOR-US: OpenText Documentum Webtop
CVE-2017-14526 (Multiple XML external entity (XXE) vulnerabilities in the OpenText ...)
	NOT-FOR-US: OpenText Documentum Administrator
CVE-2017-14525 (Multiple open redirect vulnerabilities in OpenText Documentum Webtop ...)
	NOT-FOR-US: OpenText Documentum Webtop
CVE-2017-14524 (Multiple open redirect vulnerabilities in OpenText Documentum ...)
	NOT-FOR-US: OpenText Documentum Administrator
CVE-2017-14523 (** DISPUTED **  ...)
	NOT-FOR-US: WonderCMS
CVE-2017-14522 (** DISPUTED **  ...)
	NOT-FOR-US: WonderCMS
CVE-2017-14521 (In WonderCMS 2.3.1, the upload functionality accepts random ...)
	NOT-FOR-US: WonderCMS
CVE-2017-14520 (In Poppler 0.59.0, a floating point exception occurs in ...)
	{DSA-4079-1}
	- poppler 0.61.1-2 (low; bug #876081)
	[wheezy] - poppler <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102719
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=504b3590182175390f474657a372e78fb1508262
CVE-2017-14519 (In Poppler 0.59.0, memory corruption occurs in a call to ...)
	{DSA-4079-1 DLA-1116-1}
	- poppler 0.61.1-2 (bug #876086)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102701
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=aaf5327649e8f7371c9d3270e7813c43ddfd47ee
CVE-2017-14518 (In Poppler 0.59.0, a floating point exception exists in the ...)
	{DSA-4079-1}
	- poppler 0.61.1-2 (low; bug #876082)
	[wheezy] - poppler <not-affected> (vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102688
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=80f9819b6233f9f9b5fd44f0e4cad026e5d048c2
CVE-2017-14517 (In Poppler 0.59.0, a NULL Pointer Dereference exists in the ...)
	{DSA-4079-1 DLA-1116-1}
	- poppler 0.61.1-2 (low; bug #876079)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=102687
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=476394e7a025e02e4897da2e765df2c895d0708f
CVE-2017-14516 (Cross-Site Scripting (XSS) exists in SAP Business Objects Financial ...)
	NOT-FOR-US: SAP Business Objects Financial Consolidation
CVE-2017-14515 (Heap-based Buffer Overflow on Tenda W15E devices before 15.11.0.14 ...)
	NOT-FOR-US: Tenda W15E devices
CVE-2017-14514 (Directory Traversal on Tenda W15E devices before 15.11.0.14 allows ...)
	NOT-FOR-US: Tenda W15E devices
CVE-2017-14513 (Directory traversal vulnerability in MetInfo 5.3.17 allows remote ...)
	NOT-FOR-US: MetInfo
CVE-2017-14512 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14511 (An issue was discovered in SAP E-Recruiting (aka ERECRUIT) 605 through ...)
	NOT-FOR-US: SAP
CVE-2017-14510 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before ...)
	NOT-FOR-US: SugarCRM
CVE-2017-14509 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before ...)
	NOT-FOR-US: SugarCRM
CVE-2017-14508 (An issue was discovered in SugarCRM before 7.7.2.3, 7.8.x before ...)
	NOT-FOR-US: SugarCRM
CVE-2016-10511 (The Twitter iOS client versions 6.62 and 6.62.1 fail to validate ...)
	NOT-FOR-US: Twitter iOS client
CVE-2017-14507 (Multiple SQL injection vulnerabilities in the Content Timeline plugin ...)
	NOT-FOR-US: Content Timeline plugin for WordPress
CVE-2017-14506 (geminabox (aka Gem in a Box) before 0.13.6 has XSS, as demonstrated by ...)
	NOT-FOR-US: geminabox
CVE-2017-14505 (DrawGetStrokeDashArray in wand/drawing-wand.c in ImageMagick 7.0.7-1 ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878545)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/716
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6ad5fc3c9b652eec27fc0b1a0817159f8547d5d9
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f7b0cf098bc800c5b6181dc522a99997bfee8948
CVE-2017-14504 (ReadPNMImage in coders/pnm.c in GraphicsMagick 1.3.26 does not ensure ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-11
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=fb09ca6dd22c
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/465/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/466/
CVE-2017-14503 (libarchive 3.3.2 suffers from an out-of-bounds read within ...)
	- libarchive <unfixed> (bug #875960)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	[wheezy] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/948
CVE-2017-14502 (read_header in archive_read_support_format_rar.c in libarchive 3.3.2 ...)
	- libarchive <unfixed> (bug #875974)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	[wheezy] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/commit/5562545b5562f6d12a4ef991fae158bf4ccf92b6
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=573
CVE-2017-14501 (An out-of-bounds read flaw exists in parse_file_info in ...)
	- libarchive <unfixed> (bug #875966)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	[wheezy] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/949
CVE-2017-14500 (Improper Neutralization of Special Elements used in an OS Command in ...)
	{DSA-3977-1 DLA-1104-1}
	- newsbeuter 2.9-7 (bug #876004)
	NOTE: http://openwall.com/lists/oss-security/2017/09/16/1
	NOTE: newsbeuter-2.9.x: https://github.com/akrennmair/newsbeuter/commit/26f5a4350f3ab5507bb8727051c87bb04660f333
	NOTE: master: https://github.com/akrennmair/newsbeuter/commit/c8fea2f60c18ed30bdd1bb6f798e994e51a58260
	NOTE: https://github.com/akrennmair/newsbeuter/issues/598
CVE-2017-14499
	RESERVED
CVE-2017-14498 (SilverStripe CMS before 3.6.1 has XSS via an SVG document that is ...)
	NOT-FOR-US: SilverStripe CMS
CVE-2017-14497 (The tpacket_rcv function in net/packet/af_packet.c in the Linux kernel ...)
	- linux 4.12.13-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/edbd58be15a957f6a760c4a514cd475217eb97fd (v4.13)
CVE-2017-14496 (Integer underflow in the add_pseudoheader function in dnsmasq before ...)
	- dnsmasq 2.78-1
	[stretch] - dnsmasq 2.76-5+deb9u1
	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
CVE-2017-14495 (Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id ...)
	- dnsmasq 2.78-1
	[stretch] - dnsmasq 2.76-5+deb9u1
	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
CVE-2017-14494 (dnsmasq before 2.78, when configured as a relay, allows remote ...)
	{DSA-3989-1 DLA-1124-1}
	- dnsmasq 2.78-1
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=33e3f1029c9ec6c63e430ff51063a6301d4b2262
CVE-2017-14493 (Stack-based buffer overflow in dnsmasq before 2.78 allows remote ...)
	{DSA-3989-1}
	- dnsmasq 2.78-1
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033
CVE-2017-14492 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...)
	{DSA-3989-1 DLA-1124-1}
	- dnsmasq 2.78-1
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
CVE-2017-14491 (Heap-based buffer overflow in dnsmasq before 2.78 allows remote ...)
	{DSA-3989-1 DLA-1124-1}
	- dnsmasq 2.78-1
	NOTE: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=62cb936cb7ad5f219715515ae7d32dd281a5aa1f
CVE-2017-14490
	RESERVED
CVE-2017-14489 (The iscsi_if_rx function in drivers/scsi/scsi_transport_iscsi.c in the ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: https://patchwork.kernel.org/patch/9923803/
	NOTE: Fixed by: https://git.kernel.org/linus/c88f0e6b06f4092995688211a631bb436125d77b
CVE-2017-14488
	RESERVED
CVE-2017-14487 (The OhMiBod Remote app for Android and iOS allows remote attackers to ...)
	NOT-FOR-US: OhMiBod Remote app
CVE-2017-14486 (The Vibease Wireless Remote Vibrator app for Android and the Vibease ...)
	NOT-FOR-US: Vibease Wireless Remote Vibrator app
CVE-2017-14485
	RESERVED
CVE-2017-14484 (The Gentoo sci-mathematics/gimps package before 28.10-r1 for Great ...)
	NOT-FOR-US: Gentoo packaging flaw in gimps
CVE-2017-14483 (flower.initd in the Gentoo dev-python/flower package before 0.9.1-r1 ...)
	- flower <not-affected> (Gentoo-specific issue, Debian doesn't provide an init script at all)
CVE-2017-1002100 (Default access permissions for Persistent Volumes (PVs) created by the ...)
	- kubernetes <not-affected> (Vulnerable code not yet present)
CVE-2017-1002028 (Vulnerability in wordpress plugin wordpress-gallery-transformation ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002027 (Vulnerability in wordpress plugin rk-responsive-contact-form v1.0, The ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002026 (Vulnerability in wordpress plugin Event Expresso Free v3.1.37.11.L, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002025 (Vulnerability in wordpress plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002023 (Vulnerability in wordpress plugin Easy Team Manager v1.3.2, The code ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002022 (Vulnerability in wordpress plugin surveys v1.01.8, The code in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002021 (Vulnerability in wordpress plugin surveys v1.01.8, The code in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002020 (Vulnerability in wordpress plugin surveys v1.01.8, The code in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002019 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002018 (Vulnerability in wordpress plugin eventr v1.02.2, The edit.php form ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002017 (Vulnerability in wordpress plugin gift-certificate-creator v1.0, The ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002016 (Vulnerability in wordpress plugin flickr-picture-backup v0.7, The code ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002015 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002014 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002013 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002012 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002011 (Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002010 (Vulnerability in wordpress plugin Membership Simplified v1.58, The ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002009 (Vulnerability in wordpress plugin Membership Simplified v1.58, The ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002008 (Vulnerability in wordpress plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002007 (Vulnerability in wordpress plugin DTracker v1.5, The code ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002006 (Vulnerability in wordpress plugin DTracker v1.5, The code ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002005 (Vulnerability in wordpress plugin DTracker v1.5, In file ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002004 (Vulnerability in wordpress plugin DTracker v1.5, In file ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002003 (Vulnerability in wordpress plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002002 (Vulnerability in wordpress plugin webapp-builder v2.0, The plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002001 (Vulnerability in wordpress plugin mobile-app-builder-by-wappress ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-1002000 (Vulnerability in wordpress plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14481 (In the MMM::Agent::Helpers::Network::send_arp function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14480 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14479 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14478 (In the MMM::Agent::Helpers::Network::clear_ip function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14477 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14476 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14475 (In the MMM::Agent::Helpers::Network::add_ip function in MySQL ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14474 (In the MMM::Agent::Helpers::_execute function in MySQL Multi-Master ...)
	NOT-FOR-US: MySQL ulti-Master Replication Manager
CVE-2017-14473 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14472 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14471 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14470 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14469 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14468 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14467 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14466 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14465 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14464 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14463 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14462 (An exploitable access control vulnerability exists in the data, ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-14461 (A specially crafted email delivered over SMTP and passed on to Dovecot ...)
	{DSA-4130-1 DLA-1333-1}
	- dovecot 1:2.2.34-1 (bug #891819)
	NOTE: https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
	NOTE: https://github.com/dovecot/core/commit/30dc856f7b97b75b0e0d69f5003d5d99a13249b4
	NOTE: https://github.com/dovecot/core/commit/8d65e2345e1dbedb00b662ee0abd05be2e7e6b7e
	NOTE: https://github.com/dovecot/core/commit/b72d864b8c34cb21076214c0b28101baec530141
	NOTE: https://github.com/dovecot/core/commit/e9b86842441a668b30796bff7d60828614570a1b
	NOTE: https://github.com/dovecot/core/commit/f5cd17a27f0b666567747f8c921ebe1026970f11
	NOTE: https://github.com/dovecot/core/commit/18a7a161c8dae6f630770a3cbab7374a0c3dd732
	NOTE: https://github.com/dovecot/core/commit/0ed696987e5e5d44e971da2a10f6275b276ece34
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0510
CVE-2017-14460 (An exploitable overly permissive cross-domain (CORS) whitelist ...)
	- parity <itp> (bug #890550)
CVE-2017-14459 (An exploitable OS Command Injection vulnerability exists in the ...)
	NOT-FOR-US: Moxa
CVE-2017-14458 (An exploitable use-after-free vulnerability exists in the JavaScript ...)
	NOT-FOR-US: Foxit PDF Reader
CVE-2017-14457 (An exploitable information leak/denial of service vulnerability exists ...)
	- cpp-etherum <itp> (bug #860434)
CVE-2017-14456
	RESERVED
CVE-2017-14455
	RESERVED
CVE-2017-14454
	RESERVED
CVE-2017-14453
	RESERVED
CVE-2017-14452
	RESERVED
CVE-2017-14451
	RESERVED
CVE-2017-14450 (A buffer overflow vulnerability exists in the GIF image parsing ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0499
	NOTE: https://hg.libsdl.org/SDL_image/rev/45e750f92c84
CVE-2017-14449 (A double-Free vulnerability exists in the XCF image rendering ...)
	{DSA-4177-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 <not-affected> (Vulnerable code not present)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0498
	NOTE: https://hg.libsdl.org/SDL_image/rev/d0142861559c
CVE-2017-14448 (An exploitable code execution vulnerability exists in the XCF image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0497
	NOTE: https://hg.libsdl.org/SDL_image/rev/7df1580f1695
CVE-2017-14447
	RESERVED
CVE-2017-14446
	RESERVED
CVE-2017-14445
	RESERVED
CVE-2017-14444
	RESERVED
CVE-2017-14443
	RESERVED
CVE-2017-14442 (An exploitable code execution vulnerability exists in the BMP image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0491
	NOTE: https://hg.libsdl.org/SDL_image/rev/37445f6180a8
CVE-2017-14441 (An exploitable code execution vulnerability exists in the ICO image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0490
	NOTE: https://hg.libsdl.org/SDL_image/rev/a1e9b624ca10
CVE-2017-14440 (An exploitable code execution vulnerability exists in the ILBM image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0489
	NOTE: https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c
CVE-2017-14439 (Exploitable denial of service vulnerabilities exists in the Service ...)
	NOT-FOR-US: Moxa
CVE-2017-14438 (Exploitable denial of service vulnerabilities exists in the Service ...)
	NOT-FOR-US: Moxa
CVE-2017-14437 (An exploitable denial of service vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-14436 (An exploitable denial of service vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-14435 (An exploitable denial of service vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-14434 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-14433 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-14432 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-14430 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14429 (The DHCP client on D-Link DIR-850L REV. A (with firmware through ...)
	NOT-FOR-US: D-Link
CVE-2017-14428 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14427 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14426 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14425 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14424 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14423 (htdocs/parentalcontrols/bind.php on D-Link DIR-850L REV. A (with ...)
	NOT-FOR-US: D-Link
CVE-2017-14422 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14421 (D-Link DIR-850L REV. B (with firmware through FW208WWb02) devices have ...)
	NOT-FOR-US: D-Link
CVE-2017-14420 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with ...)
	NOT-FOR-US: D-Link
CVE-2017-14419 (The D-Link NPAPI extension, as used on D-Link DIR-850L REV. A (with ...)
	NOT-FOR-US: D-Link
CVE-2017-14418 (The D-Link NPAPI extension, as used in conjunction with D-Link DIR-850L ...)
	NOT-FOR-US: D-Link
CVE-2017-14417 (register_send.php on D-Link DIR-850L REV. B (with firmware through ...)
	NOT-FOR-US: D-Link
CVE-2017-14416 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14415 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14414 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14413 (D-Link DIR-850L REV. A (with firmware through FW114WWb07_h2ab_beta1) ...)
	NOT-FOR-US: D-Link
CVE-2017-14412 (An invalid memory write was discovered in copy_mp in interface.c in ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-invalid-memory-write-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14411 (A stack-based buffer overflow was discovered in copy_mp in interface.c ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-copy_mp-mpglibdblinterface-c/
CVE-2017-14410 (A buffer over-read was discovered in III_i_stereo in layer3.c in ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_i_stereo-mpglibdbllayer3-c/
CVE-2017-14409 (A buffer overflow was discovered in III_dequantize_sample in layer3.c ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-global-buffer-overflow-in-iii_dequantize_sample-mpglibdbllayer3-c/
CVE-2017-14408 (A stack-based buffer over-read was discovered in dct36 in layer3.c in ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-dct36-mpglibdbllayer3-c/
CVE-2017-14407 (A stack-based buffer over-read was discovered in filterYule in ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-stack-based-buffer-overflow-in-filteryule-gain_analysis-c/
CVE-2017-14406 (A NULL pointer dereference was discovered in sync_buffer in interface.c ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://blogs.gentoo.org/ago/2017/09/08/mp3gain-null-pointer-dereference-in-sync_buffer-mpglibdblinterface-c/
CVE-2017-14405 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14404 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows local file ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14403 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14402 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14401 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 has SQL injection ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14400 (In ImageMagick 7.0.7-1 Q16, the PersistPixelCache function in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878546)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/746
	NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/04b863f15effa4375e4ee42f413f0246062b48af
	NOTE: im6 patch: https://github.com/ImageMagick/ImageMagick/commit/44a55580ac8c01d8cff1e6e0063820af113f8591
CVE-2017-14399 (In BlackCat CMS 1.2.2, unrestricted file upload is possible in ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14398 (rzpnk.sys in Razer Synapse 2.20.15.1104 allows local users to read and ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-14397 (AnyDesk before 3.6.1 on Windows has a DLL injection vulnerability. ...)
	NOT-FOR-US: AnyDesk
CVE-2017-14396 (In osTicket before 1.10.1, SQL injection is possible by constructing ...)
	NOT-FOR-US: osTicket
CVE-2017-14395
	RESERVED
CVE-2017-14394
	RESERVED
CVE-2017-14393
	REJECTED
CVE-2017-14392
	REJECTED
CVE-2017-14391
	REJECTED
CVE-2017-14390 (In Cloud Foundry Foundation cf-deployment v0.35.0, a misconfiguration ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-14389 (An issue was discovered in Cloud Foundry Foundation capi-release (all ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-14388 (Cloud Foundry Foundation GrootFS release 0.3.x versions prior to 0.30.0 ...)
	NOT-FOR-US: Cloud Foundry Foundation GrootFS
CVE-2017-14387 (The NFS service in EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, and ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2017-14386 (The web user interface of Dell 2335dn and 2355dn Multifunction Laser ...)
	NOT-FOR-US: Dell
CVE-2017-14385 (An issue was discovered in EMC Data Domain DD OS 5.7 family, versions ...)
	NOT-FOR-US: EMC Data Domain DD OS
CVE-2017-14384 (In Dell Storage Manager versions earlier than 16.3.20, the ...)
	NOT-FOR-US: EMConfigMigration service
CVE-2017-14383 (In Dell EMC VNX2 versions prior to Operating Environment for File ...)
	NOT-FOR-US: EMC VNX
CVE-2017-14382
	RESERVED
CVE-2017-14381
	RESERVED
CVE-2017-14380 (In EMC Isilon OneFS 8.1.0.0, 8.0.1.0 - 8.0.1.1, 8.0.0.0 - 8.0.0.4, ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2017-14379 (EMC RSA Authentication Manager before 8.2 SP1 P6 has a cross-site ...)
	NOT-FOR-US: EMC RSA
CVE-2017-14378 (EMC RSA Authentication Agent API 8.5 for C and RSA Authentication Agent ...)
	NOT-FOR-US: EMC RSA
CVE-2017-14377 (EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and ...)
	NOT-FOR-US: EMC RSA
CVE-2017-14376 (EMC AppSync Server prior to 3.5.0.1 contains database accounts with ...)
	NOT-FOR-US: EMC AppSync Server
CVE-2017-14375 (EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to ...)
	NOT-FOR-US: EMC
CVE-2017-14374 (The SMI-S service in Dell Storage Manager versions earlier than 16.3.20 ...)
	NOT-FOR-US: Dell
CVE-2017-14373 (EMC RSA Authentication Manager 8.2 SP1 P4 and earlier contains a ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2017-14372 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14371 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by reflected ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14370 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14369 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by a privilege ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-14368
	RESERVED
CVE-2017-14367
	RESERVED
CVE-2017-14366
	RESERVED
CVE-2017-14365
	RESERVED
CVE-2017-14364
	RESERVED
CVE-2017-14363 (Cross-Site Scripting (XSS) vulnerability has been identified in Micro ...)
	NOT-FOR-US: Micro Focus Operations Manager
CVE-2017-14362 (Cross-Site Request Forgery vulnerability in Micro Focus Project and ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2017-14361 (Man-In-The-Middle vulnerability in Micro Focus Project and Portfolio ...)
	NOT-FOR-US: Micro Focus Project and Portfolio Management Center
CVE-2017-14360 (A potential security vulnerability has been identified in HPE Content ...)
	NOT-FOR-US: HPE
CVE-2017-14359 (A potential security vulnerability has been identified in HPE ...)
	NOT-FOR-US: HPE Performance Center
CVE-2017-14358 (A URL redirection to untrusted site vulnerability in HP ArcSight ESM ...)
	NOT-FOR-US: HP ArcSight
CVE-2017-14357 (A Reflected and Stored Cross-Site Scripting (XSS) vulnerability in HP ...)
	NOT-FOR-US: HP ArcSight
CVE-2017-14356 (An SQL Injection vulnerability in HP ArcSight ESM and HP ArcSight ESM ...)
	NOT-FOR-US: HP ArcSight
CVE-2017-14355 (A potential security vulnerability has been identified in HPE ...)
	NOT-FOR-US: HPE Connected Backup
CVE-2017-14354 (A remote cross-site scripting vulnerability in HP UCMDB Foundation ...)
	NOT-FOR-US: HP UCMDB Foundation
CVE-2017-14353 (A remote code execution vulnerability in HP UCMDB Foundation Software ...)
	NOT-FOR-US: HP UCMDB Foundation
CVE-2017-14352 (A potential security vulnerability has been identified in HP UCMDB ...)
	NOT-FOR-US: HP
CVE-2017-14351 (A potential security vulnerability has been identified in HP UCMDB ...)
	NOT-FOR-US: HP
CVE-2017-14350 (A potential security vulnerability has been identified in HPE ...)
	NOT-FOR-US: HP
CVE-2017-14349 (An authentication vulnerability in HPE SiteScope product versions ...)
	NOT-FOR-US: HP
CVE-2015-9230 (In the admin/db-backup-security/db-backup-security.php page in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-9229 (In the nggallery-manage-gallery page in the Photocrati NextGEN Gallery ...)
	NOT-FOR-US: Photocrati NextGEN Gallery
CVE-2017-14347 (NexusPHP 1.5.beta5.20120707 has XSS in the returnto parameter to ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14346 (upload.php in tianchoy/blog through 2017-09-12 allows unrestricted file ...)
	NOT-FOR-US: tianchoy/blog
CVE-2017-14345 (SQL Injection exists in tianchoy/blog through 2017-09-12 via the id ...)
	NOT-FOR-US: tianchoy/blog
CVE-2017-14344 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: Jungo WinDriver
CVE-2017-14343 (ImageMagick 7.0.6-6 has a memory leak vulnerability in ReadXCFImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/649
CVE-2017-14342 (ImageMagick 7.0.6-6 has a memory exhaustion vulnerability in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/650
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e378ea8fb99e869768f34e900105e8c769adfcd
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6d5b22baedd49ef8a35011789bd600762ce1ef21
CVE-2017-14341 (ImageMagick 7.0.6-6 has a large loop vulnerability in ReadWPGImage in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876105)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/654
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d63315a64267c565d1f34b9cb523a14616fed24
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4eae304e773bad8a876c3c26fdffac24d4253ae4
CVE-2017-14348 (LibRaw before 0.18.4 has a heap-based Buffer Overflow in the ...)
	- libraw 0.18.5-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <not-affected> (Vulnerable code not present)
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/100
	NOTE: https://github.com/LibRaw/LibRaw/commit/8303e74b0567806dd5f16fc39aab70fe928de1a2
CVE-2017-14340 (The XFS_IS_REALTIME_INODE macro in fs/xfs/xfs_linux.h in the Linux ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/b31ff3cdf540110da4572e3e29bd172087af65cc
CVE-2017-14339 (The DNS packet parser in YADIFA before 2.2.6 does not check for the ...)
	{DSA-4001-1}
	- yadifa 2.2.6-1 (bug #876315)
	NOTE: https://www.tarlogic.com/blog/fuzzing-yadifa-dns/
	NOTE: https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog
CVE-2017-14338
	RESERVED
CVE-2017-14337 (When MISP before 2.4.80 is configured with X.509 certificate ...)
	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
CVE-2017-14336
	RESERVED
CVE-2017-14335 (On Beijing Hanbang Hanbanggaoke devices, because user-controlled input ...)
	NOT-FOR-US: Beijing Hanbang Hanbanggaoke devices
CVE-2017-14334
	RESERVED
CVE-2017-14333 (The process_version_sections function in readelf.c in GNU Binutils 2.29 ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21990
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=452bf675ea772002aa86fb1d28f3474da70ee1de
CVE-2017-14332 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14331 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to bypass the ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14330 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14329 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to obtain a ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14328 (Extreme EXOS 15.7, 16.x, 21.x, and 22.x allows remote attackers to ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14327 (Extreme EXOS 16.x, 21.x, and 22.x allows administrators to read ...)
	NOT-FOR-US: Extreme EXOS
CVE-2017-14326 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/740
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/dfefe8de5068a547ae4097c69456f02f93935164
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a542c9f9a53327b623333150874d4e5a5b3bcbd0
CVE-2017-14325 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/741
CVE-2017-14324 (In ImageMagick 7.0.7-1 Q16, a memory leak vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/739
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/399631650b38eaf21c2f3c306b8b74e66be6a0d2
CVE-2017-14323 (SSRF (Server Side Request Forgery) in getRemoteImage.php in Ueditor in ...)
	NOT-FOR-US: Onethink
CVE-2017-14322 (The function in charge to check whether the user is already logged in ...)
	NOT-FOR-US: Interspire Email Marketer
CVE-2017-14321 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14320 (Mirasvit Helpdesk MX before 1.5.3 might allow remote attackers to ...)
	NOT-FOR-US: Mirasvit Helpdesk MX
CVE-2017-14319 (A grant unmapping issue was discovered in Xen through 4.9.x. When ...)
	{DSA-4050-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-234.html
CVE-2017-14318 (An issue was discovered in Xen 4.5.x through 4.9.x. The function ...)
	{DSA-4050-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-232.html
	NOTE: Wheezy will be affected with the upcoming grant table backport
CVE-2017-14317 (A domain cleanup issue was discovered in the C xenstore daemon (aka ...)
	{DSA-4050-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-233.html
CVE-2017-14316 (A parameter verification issue was discovered in Xen through 4.9.x. The ...)
	{DSA-4050-1 DLA-1132-1}
	- xen 4.8.2+xsa245-0+deb9u1
	NOTE: https://xenbits.xen.org/xsa/advisory-231.html
CVE-2017-14315 (In Apple iOS 7 through 9, due to a BlueBorne flaw in the implementation ...)
	NOT-FOR-US: Apple
CVE-2017-14314 (Off-by-one error in the DrawImage function in magick/render.c in ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-10
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/2835184bfb78
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/448/
CVE-2017-14312 (Nagios Core through 4.3.4 initially executes /usr/sbin/nagios as root ...)
	- nagios3 <not-affected> (Doesn't affect Nagios as packaged in Debian)
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/424
	NOTE: State is not fully correct, since "affected" source would be there.
CVE-2015-9228 (In post-new.php in the Photocrati NextGEN Gallery plugin 2.1.10 for ...)
	NOT-FOR-US: Photocrati NextGEN Gallery plugin for WordPress
CVE-2017-15596 (An issue was discovered in Xen 4.4.x through 4.9.x allowing ARM guest ...)
	{DSA-3969-1}
	- xen 4.8.1-1+deb9u3
	[wheezy] - xen <not-affected> (No arm support in Wheezy)
	NOTE: https://xenbits.xen.org/xsa/advisory-235.html
CVE-2017-14311 (The Winring0x32.sys driver in NetMechanica NetDecision 5.8.2 allows ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2017-14310 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14309 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14308 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14307 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14306 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14305 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14304 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14303 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14302 (STDU Viewer 1.6.375 allows attackers to cause a denial of service or ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14301 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14300 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14299 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14298 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14297 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14296 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14295 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14294 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14293 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14292 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14291 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14290 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14289 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14288 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14287 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14286 (STDU Viewer 1.6.375 allows attackers to execute arbitrary code or cause ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-14285 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14284 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14283 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14282 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14281 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14280 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14279 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14278 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14277 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14276 (XnView Classic for Windows Version 2.40 allows attackers to cause a ...)
	NOT-FOR-US: XnView
CVE-2017-14275 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14274 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14273 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14272 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14271 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-14270 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2015-9227 (PHP remote file inclusion vulnerability in the get_file function in ...)
	NOT-FOR-US: AlegroCart
CVE-2015-9226 (Multiple SQL injection vulnerabilities in AlegroCart 1.2.8 allow ...)
	NOT-FOR-US: AlegroCart
CVE-2017-14482 (GNU Emacs before 25.3 allows remote attackers to execute arbitrary code ...)
	{DSA-3975-1 DSA-3970-1 DLA-1101-1}
	- emacs25 25.2+1-6 (bug #875447)
	- emacs24 <removed> (bug #875448)
	- emacs23 <removed> (bug #875449)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/11/1
	NOTE: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=28350
	NOTE: https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-25&id=9ad0fcc54442a9a01d41be19880250783426db70
CVE-2017-14313 (The shibboleth_login_form function in shibboleth.php in the Shibboleth ...)
	{DSA-3973-1 DLA-1096-1}
	- wordpress-shibboleth 1.8-1 (bug #874416)
	NOTE: https://github.com/michaelryanmcneill/shibboleth/commit/1d65ad6786282d23ba1865f56e2fd19188e7c26a
	NOTE: https://make.wordpress.org/plugins/2015/04/20/fixing-add_query_arg-and-remove_query_arg-usage/
CVE-2017-14269 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices allow remote ...)
	NOT-FOR-US: EE 4GEE WiFi MBB
CVE-2017-14268 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have XSS in the ...)
	NOT-FOR-US: EE 4GEE WiFi MBB
CVE-2017-14267 (EE 4GEE WiFi MBB (before EE60_00_05.00_31) devices have CSRF, related ...)
	NOT-FOR-US: EE 4GEE WiFi MBB
CVE-2017-14266 (tcprewrite in Tcpreplay 3.4.4 has a Heap-Based Buffer Overflow ...)
	- tcpreplay 3.4.4-3
	[jessie] - tcpreplay 3.4.4-2+deb8u1
	[wheezy] - tcpreplay 3.4.3-2+wheezy2
	NOTE: Fixed by http://launchpadlibrarian.net/270778908/tcpreplay_3.4.4-2_3.4.4-3.diff.gz
	NOTE: Not a duplicate of CVE-2016-6160 the detailed MITRE description, but both issues
	NOTE: are addressed with the same patch:
	NOTE: Patch enforce-maxpacket.patch addresses the issue
CVE-2017-14265 (A Stack-based Buffer Overflow was discovered in xtrans_interpolate in ...)
	- libraw 0.18.5-1
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/LibRaw/LibRaw/issues/99
	NOTE: https://github.com/LibRaw/LibRaw/commit/82616eff4c7f7437e96bdeeed238c3ef3dc12d60
CVE-2017-14264
	RESERVED
CVE-2017-14263 (Honeywell NVR devices allow remote attackers to create a user account ...)
	NOT-FOR-US: Honeywell
CVE-2017-14262 (On Samsung NVR devices, remote attackers can read the MD5 password hash ...)
	NOT-FOR-US: Samsung
CVE-2017-14261 (In the SDK in Bento4 1.5.0-616, the AP4_StszAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14260 (In the SDK in Bento4 1.5.0-616, the AP4_StssAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14259 (In the SDK in Bento4 1.5.0-616, the AP4_StscAtom class in ...)
	NOT-FOR-US: Bento4
CVE-2017-14258 (In the SDK in Bento4 1.5.0-616, SetItemCount in Core/Ap4StscAtom.h file ...)
	NOT-FOR-US: Bento4
CVE-2017-14257 (In the SDK in Bento4 1.5.0-616, AP4_AtomSampleTable::GetSample in ...)
	NOT-FOR-US: Bento4
CVE-2017-14256
	RESERVED
CVE-2017-14255
	RESERVED
CVE-2017-14254
	RESERVED
CVE-2017-14253
	RESERVED
CVE-2017-14252 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14251 (Unrestricted File Upload vulnerability in the fileDenyPattern in ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
CVE-2017-14250 (In TP-LINK TL-WR741N / TL-WR741ND 150M Wireless Lite N Router with ...)
	NOT-FOR-US: TP-LINK Router
CVE-2017-14249 (ImageMagick 7.0.6-8 Q16 mishandles EOF checks in ReadMPCImage in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #876099)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/708
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2071d67ebf729f76d73c33c1152df4816d1d79ac
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/66112b7a7b64f688efe6fec53a829874a74dea04
CVE-2017-14248 (A heap-based buffer over-read in SampleImage() in MagickCore/resize.c ...)
	- imagemagick <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/717
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c5402b6e0fcf8b694ae2af6a6652ebb8ce0ccf46
CVE-2017-14247 (SQL Injection exists in the EyesOfNetwork web interface (aka eonweb) ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14246 (An out of bounds read in the function d2ulaw_array() in ulaw.c of ...)
	- libsndfile <unfixed> (low; bug #876682)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/317
CVE-2017-14245 (An out of bounds read in the function d2alaw_array() in alaw.c of ...)
	- libsndfile <unfixed> (low; bug #876682)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	[wheezy] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/317
CVE-2017-14244 (An authentication bypass vulnerability on iBall Baton ADSL2+ Home ...)
	NOT-FOR-US: iBall
CVE-2017-14243 (An authentication bypass vulnerability on UTStar WA3002G4 ADSL ...)
	NOT-FOR-US: UTStar
CVE-2017-14242 (SQL injection vulnerability in don/list.php in Dolibarr version 6.0.0 ...)
	- dolibarr <removed> (bug #885319)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/33e2179b65331d9d9179b59d746817c5be1fecdb
CVE-2017-14241 (Cross-site scripting (XSS) vulnerability in Dolibarr ERP/CRM 6.0.0 ...)
	- dolibarr <removed> (bug #885320)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14240 (There is a sensitive information disclosure vulnerability in ...)
	- dolibarr <removed> (bug #885320)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14239 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM ...)
	- dolibarr <removed> (bug #885320)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14238 (SQL injection vulnerability in admin/menus/edit.php in Dolibarr ERP/CRM ...)
	- dolibarr <removed> (bug #885320)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/d26b2a694de30f95e46ea54ea72cc54f0d38e548
CVE-2017-14237
	RESERVED
CVE-2017-14236
	RESERVED
CVE-2017-14235
	RESERVED
CVE-2017-14234
	RESERVED
CVE-2017-14233
	RESERVED
CVE-2017-14232
	RESERVED
CVE-2017-14231 (GeniXCMS before 1.1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GenixCMS
CVE-2017-14230 (In the mboxlist_do_find function in imap/mboxlist.c in Cyrus IMAP ...)
	- cyrus-imapd <not-affected> (Vulnerable code introduced later)
	- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/cyrusimap/cyrus-imapd/commit/6bd33275368edfa71ae117de895488584678ac79
	NOTE: Introduced by: https://github.com/cyrusimap/cyrus-imapd/commit/1fe918087237f55e09a37fa414bf988873739021 (cyrus-imapd-3.0.0-beta1)
	NOTE: https://github.com/cyrusimap/cyrus-imapd/issues/2132
CVE-2017-14229 (There is an infinite loop in the jpc_dec_tileinit function in ...)
	- jasper <removed>
	[jessie] - jasper <ignored> (Minor issue)
	[wheezy] - jasper <ignored> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/issues/146
	NOTE: Possible false-positive, cf. https://github.com/mdadams/jasper/issues/146#issuecomment-330674648
CVE-2017-14228 (In Netwide Assembler (NASM) 2.14rc0, there is an illegal address access ...)
	- nasm 2.13.02-0.1 (unimportant; bug #874731)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392423
	NOTE: Crash in CLI tool, no securiy impact
CVE-2017-14227 (In MongoDB libbson 1.7.0, the bson_iter_codewscope function in ...)
	- libbson 1.8.0-1 (bug #874754)
	[stretch] - libbson <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489355
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489356
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489362
	NOTE: Latest https://github.com/mongodb/libbson/commit/0f501e7ed51a42d5502d319bce35b41f1a3aa112 (1.7.0-rc0)
	NOTE: uncovers the issue, which introduces UTF-8 validation during JSON encoding.
	NOTE: Only after that the utf8_len=4294967295 as shown with the POC is passed to
	NOTE: bson_utf8_validate via src/bson/bson-iter.c:2069
	NOTE: Still the underlying issue in bson-iter.c when parsing BSON with a codewscope
	NOTE: type is present in earlier versions.
	NOTE: Upstream issue: https://jira.mongodb.org/browse/CDRIVER-2269
	NOTE: Fixed by: https://github.com/mongodb/libbson/commit/42900956dc461dfe7fb91d93361d10737c1602b3
CVE-2017-14226 (WP1StylesListener.cpp, WP5StylesListener.cpp, and ...)
	- libwpd 0.10.2-1 (bug #876001)
	[stretch] - libwpd 0.10.1-5+deb9u1
	[jessie] - libwpd 0.10.0-2+deb8u1
	[wheezy] - libwpd <not-affected> (Vulnerable code do not exist)
	NOTE: https://bugs.documentfoundation.org/show_bug.cgi?id=112269
	NOTE: https://sourceforge.net/p/libwpd/code/ci/0329a9c57f9b3b0efa0f09a5235dfd90236803a5/
	NOTE: https://sourceforge.net/p/libwpd/code/ci/f40827b3eae260ce657c67d9fecc855b09dea3c3/
CVE-2017-14225 (The av_color_primaries_name function in libavutil/pixdesc.c in FFmpeg ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/837cb4325b712ff1aab531bf41668933f61d75d2
CVE-2017-14224 (A heap-based buffer overflow in WritePCXImage in coders/pcx.c in ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #876097)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/733
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f2d6fe34d695d3445e2d50937db5541a1b76bde
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c6409227c430f114b6425337e64b848535b62e0b
CVE-2017-14223 (In libavformat/asfdec_f.c in FFmpeg 3.3.3, a DoS in ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/afc9c683ed9db01edb357bc8c19edad4282b3a97
CVE-2017-14222 (In libavformat/mov.c in FFmpeg 3.3.3, a DoS in read_tfra() due to lack ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9cb4eb772839c5e1de2855d126bf74ff16d13382
CVE-2017-14221
	RESERVED
CVE-2017-14220
	RESERVED
CVE-2017-14219 (XSS (persistent) on the Intelbras Wireless N 150Mbps router with ...)
	NOT-FOR-US: Intelbras Wireless N 150Mbps router
CVE-2017-14218
	RESERVED
CVE-2017-14217
	RESERVED
CVE-2017-14216
	RESERVED
CVE-2017-14215
	RESERVED
CVE-2017-14214
	RESERVED
CVE-2017-14213
	RESERVED
CVE-2017-14212
	RESERVED
CVE-2017-14211
	RESERVED
CVE-2017-14210
	RESERVED
CVE-2017-14209
	RESERVED
CVE-2017-14208
	RESERVED
CVE-2017-14207
	RESERVED
CVE-2017-14206
	RESERVED
CVE-2017-14205
	RESERVED
CVE-2017-14204
	RESERVED
CVE-2017-14203
	RESERVED
CVE-2017-14202
	RESERVED
CVE-2017-14201
	RESERVED
CVE-2017-14200
	RESERVED
CVE-2017-14199
	RESERVED
CVE-2017-14198 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...)
	NOT-FOR-US: Squiz Matrix
CVE-2017-14197 (An issue was discovered in Squiz Matrix before 5.3.6.1 and 5.4.x before ...)
	NOT-FOR-US: Squiz Matrix
CVE-2017-14196 (An issue was discovered in Squiz Matrix from 5.3 through to 5.3.6.1 and ...)
	NOT-FOR-US: Squiz Matrix
CVE-2017-14195 (The call_msg function in controllers/Form.php in dayrui FineCms 5.0.11 ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14194 (The out function in controllers/member/Login.php in dayrui FineCms ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14193 (The oauth function in controllers/member/api.php in dayrui FineCms ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14192 (The checktitle function in controllers/member/api.php in dayrui FineCms ...)
	NOT-FOR-US: dayrui FineCms
CVE-2017-14191 (An Improper Access Control vulnerability in Fortinet FortiWeb 5.6.0 ...)
	NOT-FOR-US: Fortinet
CVE-2017-14190 (A Cross-site Scripting vulnerability in Fortinet FortiOS 5.6.0 to ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-14189 (An improper access control vulnerability in Fortinet FortiWebManager ...)
	NOT-FOR-US: Fortinet
CVE-2017-14188
	RESERVED
CVE-2017-14187
	RESERVED
CVE-2017-14186 (A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 5.6.0 ...)
	NOT-FOR-US: Fortinet
CVE-2017-14185
	RESERVED
CVE-2017-14184 (An Information Disclosure vulnerability in Fortinet FortiClient for ...)
	NOT-FOR-US: Fortinet
CVE-2017-14183
	RESERVED
CVE-2017-14182 (A Denial of Service (DoS) vulnerability in Fortinet FortiOS 5.4.0 to ...)
	NOT-FOR-US: Fortinet
CVE-2017-14180 (Apport 2.13 through 2.20.7 does not properly handle crashes ...)
	[experimental] - apport <unfixed>
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, to have an explicit reference for apport if it ever enters unstable
CVE-2017-14179 (Apport before 2.13 does not properly handle crashes originating from a ...)
	[experimental] - apport <unfixed>
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, to have an explicit reference for apport if it ever enters unstable
CVE-2017-14178 (In snapd 2.27 through 2.29.2 the 'snap logs' command could be made to ...)
	- snapd 2.30-1
	[stretch] - snapd <not-affected> (Issue introduced in 2.27)
	NOTE: https://launchpad.net/bugs/1730255
CVE-2017-14177 (Apport through 2.20.7 does not properly handle core dumps from setuid ...)
	[experimental] - apport <unfixed>
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, to have an explicit reference for apport if it ever enters unstable
CVE-2017-14181 (DeleteBitBuffer in libbitbuf/bitbuffer.c in mp4tools aacplusenc 0.17.5 ...)
	NOT-FOR-US: aacplusenc
CVE-2017-14175 (In coders/xbm.c in ImageMagick 7.0.6-1 Q16, a DoS in ReadXBMImage() due ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875502)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/712
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b8c63b156bf26b52e710b1a0643c846a6cd01e56
CVE-2017-14174 (In coders/psd.c in ImageMagick 7.0.7-0 Q16, a DoS in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875503)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/714
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/04a567494786d5bb50894fc8bb8fea0cf496bea8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f68a98a9d385838a1c73ec960a14102949940a64
CVE-2017-14173 (In the function ReadTXTImage() in coders/txt.c in ImageMagick 7.0.6-10, ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875504)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/713
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/48bcf7c39302cdf9b0d9202ad03bf1b95152c44d
CVE-2017-14172 (In coders/ps.c in ImageMagick 7.0.7-0 Q16, a DoS in ReadPSImage() due ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875506)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/715
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8598a497e2d1f556a34458cf54b40ba40674734c
CVE-2017-14171 (In libavformat/nsvdec.c in FFmpeg 3.3.3, a DoS in ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c24bcb553650b91e9eff15ef6e54ca73de2453b7
CVE-2017-14170 (In libavformat/mxfdec.c in FFmpeg 3.3.3, a DoS in ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/900f39692ca0337a98a7cf047e4e2611071810c2
CVE-2017-14169 (In the mxf_read_primer_pack function in libavformat/mxfdec.c in FFmpeg ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9d00fb9d70ee8c0cc7002b89318c5be00f1bbdad
CVE-2017-14168
	RESERVED
CVE-2017-14167 (Integer overflow in the load_multiboot function in hw/i386/multiboot.c ...)
	{DSA-3991-1 DLA-1129-1 DLA-1128-1}
	- qemu 1:2.10.0-1 (bug #874606)
	- qemu-kvm <removed>
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-09/msg01483.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1489375
CVE-2017-14163 (An issue was discovered in Mahara before 15.04.14, 16.x before ...)
	- mahara <removed>
CVE-2017-14162
	RESERVED
CVE-2017-14161
	RESERVED
CVE-2017-14166 (libarchive 3.3.2 allows remote attackers to cause a denial of service ...)
	{DLA-1092-1}
	- libarchive 3.2.2-3.1 (bug #874539)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/5
	NOTE: https://github.com/libarchive/libarchive/commit/fa7438a0ff4033e4741c807394a9af6207940d71
	NOTE: https://github.com/libarchive/libarchive/issues/935
CVE-2017-14165 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
	- graphicsmagick 1.3.26-9 (unimportant; bug #874724)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/493da54370aa
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/06/4
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/442/
CVE-2017-14160 (The bark_noise_hybridmp function in psy.c in Xiph.Org libvorbis 1.3.5 ...)
	- libvorbis <unfixed> (bug #876780)
	[stretch] - libvorbis <no-dsa> (Minor issue)
	[jessie] - libvorbis <no-dsa> (Minor issue)
	[wheezy] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/2
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/21/3
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2330
	NOTE: Upstream fix: https://gitlab.xiph.org/xiph/vorbis/commit/018ca26dece618457dd13585cad52941193c4a25
CVE-2017-14176 (Bazaar through 2.7.0, when Subprocess SSH is used, allows remote ...)
	{DSA-4052-1 DLA-1107-1}
	- bzr 2.7.0+bzr6622-7 (bug #874429)
	- breezy 3.0.0~bzr6772-1
	NOTE: https://bugs.launchpad.net/bzr/+bug/1710979
CVE-2017-14159 (slapd in OpenLDAP 2.4.45 and earlier creates a PID file after dropping ...)
	- openldap <unfixed> (unimportant)
	NOTE: http://www.openldap.org/its/index.cgi?findid=8703
	NOTE: Negligable security impact, but filed #877512
CVE-2017-14158 (Scrapy 1.4 allows remote attackers to cause a denial of service (memory ...)
	- python-scrapy <unfixed> (bug #875947)
	[stretch] - python-scrapy <no-dsa> (Minor issue)
	[jessie] - python-scrapy <no-dsa> (Minor issue)
	[wheezy] - python-scrapy <no-dsa> (Minor issue)
	NOTE: http://blog.csdn.net/wangtua/article/details/75228728
	NOTE: https://github.com/scrapy/scrapy/issues/482
CVE-2017-14157
	RESERVED
CVE-2017-14156 (The atyfb_ioctl function in drivers/video/fbdev/aty/atyfb_base.c in the ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1 (low)
CVE-2017-14155
	RESERVED
CVE-2017-14154
	RESERVED
CVE-2017-14153 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: Jungo WinDriver
CVE-2017-14164 (A size-validation issue was discovered in opj_j2k_write_sot in ...)
	- openjpeg2 <not-affected> (Incomplete fix for CVE-2017-14152 not applied)
CVE-2017-14152 (A mishandled zero case was discovered in opj_j2k_set_cinema_parameters ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874431)
	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_write_bytes_le-cio-c/
	NOTE: https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
	NOTE: https://github.com/uclouvain/openjpeg/issues/985
	NOTE: When fixing this issue make sure to apply the complete fix including the following
	NOTE: commit:
	NOTE: https://github.com/uclouvain/openjpeg/commit/dcac91b8c72f743bda7dbfa9032356bc8110098a
	NOTE: to not make openjpeg2 vulnerable to CVE-2017-14164.
CVE-2017-14151 (An off-by-one error was discovered in ...)
	- openjpeg2 2.3.0-1 (bug #874430)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u2
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874430)
	NOTE: https://blogs.gentoo.org/ago/2017/08/16/openjpeg-heap-based-buffer-overflow-in-opj_mqc_flush-mqc-c/
	NOTE: https://github.com/uclouvain/openjpeg/commit/afb308b9ccbe129608c9205cf3bb39bbefad90b9
	NOTE: https://github.com/uclouvain/openjpeg/issues/982
CVE-2017-1000254 (libcurl may read outside of a heap allocated buffer when doing FTP. ...)
	{DSA-3992-1 DLA-1121-1}
	- curl 7.56.1-1 (bug #877671)
	NOTE: https://curl.haxx.se/docs/adv_20171004.html
	NOTE: Patch: https://curl.haxx.se/CVE-2017-1000254.patch
	NOTE: Introduced by: https://github.com/curl/curl/commit/415d2e7cb7
	NOTE: Upstream fix: https://github.com/curl/curl/commit/5ff2c5ff25750aba1a8f64fbcad8e5b891512584
CVE-2017-1000253 (Linux distributions that have not patched their long-term kernels with ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
CVE-2017-1000252 (The KVM subsystem in the Linux kernel through 4.13.3 allows guest OS ...)
	- linux 4.12.13-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/3a8b0677fc6180a467e26cc32ce6b0c09a32f9bb (v4.14-rc1)
	NOTE: https://marc.info/?l=kvm&m=150549145711115&w=2
	NOTE: https://marc.info/?l=kvm&m=150549146311117&w=2
CVE-2017-1000251 (The native Bluetooth stack in the Linux Kernel (BlueZ), starting at ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1 (bug #875881)
	NOTE: Fixed by: https://git.kernel.org/linus/e860d2c904d1a9f38a24eb44c9f34b8f915a6ea3
	NOTE: https://www.armis.com/blueborne/
	NOTE: https://access.redhat.com/security/vulnerabilities/blueborne
CVE-2017-1000250 (All versions of the SDP server in BlueZ 5.46 and earlier are ...)
	{DSA-3972-1 DLA-1103-1}
	- bluez 5.46-1 (bug #875633)
	NOTE: https://www.armis.com/blueborne/
	NOTE: https://git.kernel.org/pub/scm/bluetooth/bluez.git/commit/?id=9e009647b14e810e06626dde7f1bb9ea3c375d09
CVE-2017-1000249 (An issue in file() was introduced in commit ...)
	{DSA-3965-1}
	- file 1:5.32-1
	[jessie] - file <not-affected> (Vulnerable code introduced later)
	[wheezy] - file <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: https://github.com/file/file/commit/35c94dc6acc418f1ad7f6241a6680e5327495793
	NOTE: Introduced by: https://github.com/file/file/commit/9611f31313a93aa036389c5f3b15eea53510d4d1
CVE-2017-14150
	RESERVED
CVE-2017-14149 (GoAhead 3.4.0 through 3.6.5 has a NULL Pointer Dereference in the ...)
	NOT-FOR-US: GoAhead
CVE-2017-14148
	RESERVED
CVE-2017-14147 (An issue was discovered on FiberHome User End Routers Bearing Model ...)
	NOT-FOR-US: FiberHome
CVE-2017-14146 (HelpDEZk 1.1.1 allows remote authenticated users to execute arbitrary ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-14145 (HelpDEZk 1.1.1 has SQL Injection in ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-14144
	RESERVED
CVE-2017-14143 (The getUserzoneCookie function in Kaltura before 13.2.0 uses a ...)
	NOT-FOR-US: Kaltura
CVE-2017-14142 (Multiple cross-site scripting (XSS) vulnerabilities in Kaltura before ...)
	NOT-FOR-US: Kaltura
CVE-2017-14141 (The wiki_decode Developer System Helper function in the admin panel in ...)
	NOT-FOR-US: Kaltura
CVE-2017-14140 (The move_pages system call in mm/migrate.c in the Linux kernel before ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.12-1
	NOTE: Fixed by: https://git.kernel.org/linus/197e7e521384a23b9e585178f3f11c9fa08274b9
CVE-2017-14139 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMSLImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/578
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/955bd1008a5371bbd1b8db0a1e41e333ebfc63ef
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dbe0008c6fa225d01085ca86f3e425c306ee6240
	NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/d426a1dc84cfdafdac67bdb2a1ecc6e1798053e6
	NOTE: Requires: https://github.com/ImageMagick/ImageMagick/commit/0dfce0579c881245e495aa2d8d114e63b96a860e
CVE-2017-14138 (ImageMagick 7.0.6-5 has a memory leak vulnerability in ReadWEBPImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/639
CVE-2017-14137 (ReadWEBPImage in coders/webp.c in ImageMagick 7.0.6-5 has an issue ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/641
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb63560ba25e4a6c51ab282538c24877fff7d471
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/cfc2bd4c87481d4cf60308cc6ffd3c61288ff004
	NOTE: ImageMagick in Debian not compiled with webp support (--with-webp=yes)
CVE-2017-14136 (OpenCV (Open Source Computer Vision Library) 3.3 has an out-of-bounds ...)
	- opencv <not-affected> (Incomplete patch never shipped)
	NOTE: https://github.com/opencv/opencv/issues/9443
	NOTE: https://github.com/opencv/opencv/pull/9448
CVE-2017-14135 (enigma2-plugins/blob/master/webadmin/src/WebChilds/Script.py in the ...)
	NOT-FOR-US: webadmin plugin for opendreambox
CVE-2017-14134 (A Reflected XSS Vulnerability affects the forgotten password page of ...)
	NOT-FOR-US: Maplesoft Maple
CVE-2017-14133
	RESERVED
CVE-2017-14132 (JasPer 2.0.13 allows remote attackers to cause a denial of service ...)
	- jasper <removed> (low)
	[jessie] - jasper <ignored> (Minor issue)
	[wheezy] - jasper <ignored> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/issues/147
CVE-2017-14131
	RESERVED
CVE-2017-14130 (The _bfd_elf_parse_attributes function in elf-attrs.c in the Binary ...)
	- binutils 2.29-9 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22058
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=2a143b99fc4a5094a9cf128f3184d8e6818c8229
CVE-2017-14129 (The read_section function in dwarf2.c in the Binary File Descriptor ...)
	- binutils 2.29-10 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22047
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e4f2723003859dc6b33ca0dadbc4a7659ebf1643
CVE-2017-14128 (The decode_line_info function in dwarf2.c in the Binary File Descriptor ...)
	- binutils 2.29-9 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22059
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e8b60085eb3e6f2c41bc0c00c0d759fa7f72780
CVE-2017-14127 (Command Injection in the Ping Module in the Web Interface on ...)
	NOT-FOR-US: Technicolor
CVE-2017-14126 (The Participants Database plugin before 1.7.5.10 for WordPress has XSS. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-14125 (SQL injection vulnerability in the Responsive Image Gallery plugin ...)
	NOT-FOR-US: Responsive Image Gallery plugin for WordPress
CVE-2017-14124 (In eLux RP 5.x before 5.5.1000 LTSR and 5.6.x before 5.6.2 CR when ...)
	NOT-FOR-US: eLux
CVE-2017-14123 (Zoho ManageEngine Firewall Analyzer 12200 has an unrestricted File ...)
	NOT-FOR-US: Zoho ManageEngine
CVE-2017-14122 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a stack-based ...)
	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874060)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
	NOTE: Crash in CLI tool, no security impact
CVE-2017-14121 (The DecodeNumber function in unrarlib.c in unrar 0.0.1 (aka unrar-free ...)
	- unrar-free 1:0.0.1+cvs20140707-4 (unimportant; bug #874061)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
	NOTE: Crash in CLI tool, no security impact
CVE-2017-14120 (unrar 0.0.1 (aka unrar-free or unrar-gpl) suffers from a directory ...)
	{DLA-1091-1}
	- unrar-free 1:0.0.1+cvs20140707-2 (bug #874059)
	[stretch] - unrar-free <no-dsa> (Minor issue)
	[jessie] - unrar-free <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/20/1
	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=874059;filename=874059.diff.txt;msg=29
CVE-2017-14119 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14118 (In the EyesOfNetwork web interface (aka eonweb) 5.1-0, ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14117 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 ...)
	NOT-FOR-US: Arris
CVE-2017-14116 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG599 device, when ...)
	NOT-FOR-US: Arris
CVE-2017-14115 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589 and NVG599 ...)
	NOT-FOR-US: Arris
CVE-2017-14114 (RTPproxy through 2.2.alpha.20160822 has a NAT feature that results in ...)
	- rtpproxy <unfixed> (unimportant; bug #874070)
	NOTE: https://rtpbleed.com/
	NOTE: https://github.com/sippy/rtpproxy/issues/70
	NOTE: Design limitation in RTP protocol
CVE-2017-14113
	REJECTED
CVE-2017-14112
	RESERVED
CVE-2017-14111 (The workstation logging function in Philips IntelliSpace ...)
	NOT-FOR-US: Philips IntelliSpace Cardiovascular and Xcelera
CVE-2017-14110
	RESERVED
CVE-2017-1000201 (The tcmu-runner daemon in tcmu-runner version 1.0.5 to 1.2.0 is ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-1000200 (tcmu-runner version 1.0.5 to 1.2.0 is vulnerable to a dbus triggered ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-1000199 (tcmu-runner version 0.91 up to 1.20 is vulnerable to information ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-1000198 (tcmu-runner daemon version 0.9.0 to 1.2.0 is vulnerable to invalid ...)
	NOT-FOR-US: tcmu-runner
CVE-2017-14109
	RESERVED
CVE-2017-14108 (libgedit.a in GNOME gedit through 3.22.1 allows remote attackers to ...)
	- gedit <unfixed> (unimportant; bug #875311)
	NOTE: negligible security impact
CVE-2017-14107 (The _zip_read_eocd64 function in zip_open.c in libzip before 1.3.0 ...)
	[experimental] - libzip 1.3.0+dfsg.1-1
	- libzip <unfixed> (low; bug #874010)
	[stretch] - libzip <no-dsa> (Minor issue)
	[jessie] - libzip <no-dsa> (Minor issue)
	[wheezy] - libzip <no-dsa> (Minor issue)
	- php5 <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/09/01/libzip-memory-allocation-failure-in-_zip_cdir_grow-zip_dirent-c/
	NOTE: https://github.com/nih-at/libzip/commit/9b46957ec98d85a572e9ef98301247f39338a3b5
	NOTE: PHP commit: https://github.com/php/php-src/commit/f6e8ce812174343b5c9fd1860f9e2e2864428567
	NOTE: Marked as unimportant, php5 uses system libzip since 5.4.5-1
CVE-2017-14105 (HiveManager Classic through 8.1r1 allows arbitrary JSP code execution ...)
	NOT-FOR-US: HiveManager
CVE-2017-14104
	RESERVED
CVE-2017-14106 (The tcp_disconnect function in net/ipv4/tcp.c in the Linux kernel ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/499350a5a6e7512d9ed369ed63a4244b6536f4f8 (v4.12-rc3)
CVE-2017-14103 (The ReadJNGImage and ReadOneJNGImage functions in coders/png.c in ...)
	{DLA-1130-1}
	- graphicsmagick 1.3.26-8
	[stretch] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
	[jessie] - graphicsmagick <not-affected> (Incomplete fix for CVE-2017-11403 not applied)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/98721124e51f
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/01/6
	NOTE: https://blogs.gentoo.org/ago/2017/07/12/graphicsmagick-use-after-free-in-closeblob-blob-c/
CVE-2017-14102 (MIMEDefang 2.80 and earlier creates a PID file after dropping ...)
	- mimedefang <unfixed> (bug #877363)
	[stretch] - mimedefang <no-dsa> (Minor issue)
	[jessie] - mimedefang <no-dsa> (Minor issue)
	[wheezy] - mimedefang <ignored> (Minor issue only exploitable if daemon is compromised in some other way)
	NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038077.html
	NOTE: http://lists.roaringpenguin.com/pipermail/mimedefang/2017-August/038085.html
CVE-2017-14101 (A security researcher found an XML External Entity (XXE) vulnerability ...)
	NOT-FOR-US: Conserus Image Repository
CVE-2017-14097 (An improper access control vulnerability in Trend Micro Smart ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14096 (A stored cross site scripting (XSS) vulnerability in Trend Micro Smart ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14095 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14094 (A vulnerability in Trend Micro Smart Protection Server (Standalone) ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14093 (The Log Query and Quarantine Query pages in Trend Micro ScanMail for ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14092 (The absence of Anti-CSRF tokens in Trend Micro ScanMail for Exchange ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14091 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14090 (A vulnerability in Trend Micro ScanMail for Exchange 12.0 exists in ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2017-14089 (An Unauthorized Memory Corruption vulnerability in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14088 (Memory Corruption Privilege Escalation vulnerabilities in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14087 (A Host Header Injection vulnerability in Trend Micro OfficeScan XG ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14086 (Pre-authorization Start Remote Process vulnerabilities in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14085 (Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14084 (A potential Man-in-the-Middle (MitM) attack vulnerability in Trend ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14083 (A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14082 (An uninitialized pointer information disclosure vulnerability in Trend ...)
	NOT-FOR-US: Trend Micro
CVE-2017-14081 (Proxy command injection vulnerabilities in Trend Micro Mobile Security ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14080 (Authentication bypass vulnerability in Trend Micro Mobile Security ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14079 (Unrestricted file uploads in Trend Micro Mobile Security (Enterprise) ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14078 (SQL Injection vulnerabilities in Trend Micro Mobile Security ...)
	NOT-FOR-US: Trend Micro Mobile Security
CVE-2017-14098 (In the pjsip channel driver (res_pjsip) in Asterisk 13.x before 13.17.1 ...)
	- asterisk 1:13.17.1~dfsg-1 (bug #873909)
	[stretch] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
	[jessie] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present; issue introduced in 13.15)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27152
	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27152
CVE-2017-14100 (In Asterisk 11.x before 11.25.2, 13.x before 13.17.1, and 14.x before ...)
	{DSA-3964-1 DLA-1122-1}
	- asterisk 1:13.17.1~dfsg-1 (bug #873908)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27103
	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27103
CVE-2017-14099 (In res/res_rtp_asterisk.c in Asterisk 11.x before 11.25.2, 13.x before ...)
	{DSA-3964-1}
	- asterisk 1:13.17.1~dfsg-1 (bug #873907)
	[wheezy] - asterisk <ignored> (strictrtp option is disabled by default. Too intrusive too backport)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-27013
	NOTE: Fix: https://gerrit.asterisk.org/#/q/topic:ASTERISK-27013
CVE-2017-14077 (HTML Injection in Securimage 3.6.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Securimage
CVE-2017-14076 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the id ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14075 (This vulnerability allows local attackers to escalate privileges on ...)
	NOT-FOR-US: Jungo WinDriver
CVE-2017-14074
	RESERVED
CVE-2017-14073
	RESERVED
CVE-2017-14072
	RESERVED
CVE-2017-14071
	RESERVED
CVE-2017-14070 (Cross Site Scripting (XSS) exists in NexusPHP 1.5.beta5.20120707 via ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14069 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the usernw ...)
	NOT-FOR-US: NexusPHP
CVE-2017-14068
	RESERVED
CVE-2017-14067
	RESERVED
CVE-2017-14066
	RESERVED
CVE-2017-14065
	RESERVED
CVE-2017-14064 (Ruby through 2.2.7, 2.3.x through 2.3.4, and 2.4.x through 2.4.1 can ...)
	{DSA-3966-1 DLA-1114-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873906)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	NOTE: https://bugs.ruby-lang.org/issues/13853
	NOTE: https://github.com/flori/json/commit/8f782fd8e181d9cfe9387ded43a5ca9692266b85
CVE-2017-14062 (Integer overflow in the decode_digit function in puny_decode.c in ...)
	{DSA-3988-1 DLA-1085-1 DLA-1084-1}
	- libidn2-0 2.0.2-4 (bug #873902)
	- libidn 1.33-2 (bug #873903)
	NOTE: https://gitlab.com/libidn/libidn2/commit/3284eb342cd0ed1a18786e3fcdf0cdd7e76676bd
CVE-2017-14061 (Integer overflow in the _isBidi function in bidi.c in Libidn2 before ...)
	- libidn2-0 2.0.2-4 (bug #873904)
	[stretch] - libidn2-0 <not-affected> (Vulnerable code not present)
	[jessie] - libidn2-0 <not-affected> (Vulnerable code not present)
	[wheezy] - libidn2-0 <not-affected> (Vulnerable code not present)
	- libidn <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.com/libidn/libidn2/commit/16853b6973a1e72fee2b7cccda85472cb9951305
CVE-2017-14060 (In ImageMagick 7.0.6-10, a NULL Pointer Dereference issue is present in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878506)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/710
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c535e1f1a6b1faaa35e007df4fc535ec08daa97c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5bdfef29f5e6744f36f25ec04583c6b6f4a13b48
CVE-2017-14059 (In FFmpeg 3.3.3, a DoS in cine_read_header() due to lack of an EOF ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7e80b63ecd259d69d383623e75b318bf2bd491f6
CVE-2017-14058 (In FFmpeg 3.3.3, the read_data function in libavformat/hls.c does not ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ec414892ddcad88313848494b6fc5f437c9ca4a
CVE-2017-14057 (In FFmpeg 3.3.3, a DoS in asf_read_marker() due to lack of an EOF (End ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7f9ec5593e04827249e7aeb466da06a98a0d7329
CVE-2017-14056 (In libavformat/rl2.c in FFmpeg 3.3.3, a DoS in rl2_read_header() due to ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/96f24d1bee7fe7bac08e2b7c74db1a046c9dc0de
CVE-2017-14055 (In libavformat/mvdec.c in FFmpeg 3.3.3, a DoS in mv_read_header() due ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4f05e2e2dc1a89f38cd9f0960a6561083d714f1e
CVE-2017-14054 (In libavformat/rmdec.c in FFmpeg 3.3.3, a DoS in ivr_read_header() due ...)
	{DSA-3996-1}
	- ffmpeg 7:3.3.4-1 (low)
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/124eb202e70678539544f6268efc98131f19fa49
CVE-2017-14053 (NetApp OnCommand Unified Manager for Clustered Data ONTAP before 7.2P1 ...)
	NOT-FOR-US: NetApp
CVE-2017-14052
	RESERVED
CVE-2016-10510 (Cross-site scripting (XSS) vulnerability in the Security component of ...)
	{DLA-1241-1}
	- libkohana2-php <removed>
	[jessie] - libkohana2-php <ignored> (Minor issue)
	NOTE: https://github.com/kohana/kohana/issues/107
	NOTE: Fixed by https://github.com/kohana/core/pull/697
CVE-2016-10509 (SQL injection vulnerability in the updateAmazonOrderTracking function ...)
	NOT-FOR-US: OpenCart
CVE-2016-10508 (Multiple cross-site scripting (XSS) vulnerabilities in phpThumb() ...)
	NOT-FOR-US: phpThumb
CVE-2017-14063 (Async Http Client (aka async-http-client) before 2.0.35 can be tricked ...)
	- async-http-client <not-affected> (Vulnerable code introduced later after port to new Request API)
	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/1455
	NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/eb9e3347e45319be494db24d285a2aee4396f5d3
CVE-2017-14050 (In BlackCat CMS 1.2, backend/addons/install.php allows remote ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14049 (In BlackCat CMS 1.2, backend/settings/ajax_save_settings.php allows ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14048 (BlackCat CMS 1.2 allows remote authenticated users to inject arbitrary ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-14047
	RESERVED
CVE-2017-14046
	RESERVED
CVE-2017-14045
	RESERVED
CVE-2017-14044
	RESERVED
CVE-2017-14043
	RESERVED
CVE-2017-14038 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has a redirect ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14037 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has an HTTP header ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14036 (CrushFTP before 7.8.0 and 8.x before 8.2.0 has XSS. ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14035 (CrushFTP 8.x before 8.2.0 has a serialization vulnerability. ...)
	NOT-FOR-US: CrushFTP
CVE-2017-14051 (An integer overflow in the qla2x00_sysfs_write_optrom_ctl function in ...)
	{DLA-1200-1}
	- linux 4.12.13-1 (unimportant)
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux 3.16.43-2+deb8u5
	NOTE: Fixed by: https://git.kernel.org/linus/e6f77540c067b48dee10f1e33678415bfcc89017
	NOTE: https://patchwork.kernel.org/patch/9929625/
	NOTE: Non issue, only "exploitable" with root access
CVE-2017-14034 (The restore_tqb_pixels function in hevc_filter.c in libavcodec, as used ...)
	- ffmpeg <undetermined>
	NOTE: Issue 3 from https://github.com/ebel34/bpg-web-encoder/issues/1
CVE-2017-14033 (The decode method in the OpenSSL::ASN1 module in Ruby before 2.2.8, ...)
	{DSA-4031-1 DLA-1114-1}
	- ruby2.3 2.3.5-1 (bug #875928)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <not-affected> (vunlerable code not present)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1058757
	NOTE: https://www.ruby-lang.org/en/news/2017/09/14/openssl-asn1-buffer-underrun-cve-2017-14033/
	NOTE: https://github.com/ruby/openssl/commit/1648afef33c1d97fb203c82291b8a61269e85d3b
CVE-2017-14031 (An Improper Access Control issue was discovered in Trihedral VTScada ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-14030 (An issue was discovered in Moxa MXview v2.8 and prior. The unquoted ...)
	NOT-FOR-US: Moxa MXview
CVE-2017-14029 (An Uncontrolled Search Path Element issue was discovered in Trihedral ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-14028 (A Resource Exhaustion issue was discovered in Moxa NPort 5110 Version ...)
	NOT-FOR-US: Moxa
CVE-2017-14027 (A Use of Hard-coded Credentials issue was discovered in Korenix JetNet ...)
	NOT-FOR-US: Korenix
CVE-2017-14026
	RESERVED
CVE-2017-14025 (An Improper Input Validation issue was discovered in ABB FOX515T ...)
	NOT-FOR-US: ABB FOX515T
CVE-2017-14024 (A Stack-based Buffer Overflow issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-14023 (An Improper Input Validation issue was discovered in Siemens SIMATIC ...)
	NOT-FOR-US: Siemens
CVE-2017-14022 (An Improper Input Validation issue was discovered in Rockwell ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Alarms and Events
CVE-2017-14021 (A Use of Hard-coded Cryptographic Key issue was discovered in Korenix ...)
	NOT-FOR-US: Korenix
CVE-2017-14020 (An Uncontrolled Search Path Element issue was discovered in ...)
	NOT-FOR-US: AutomationDirect
CVE-2017-14019 (An Unquoted Search Path or Element issue was discovered in Progea ...)
	NOT-FOR-US: Progea Movicon
CVE-2017-14018 (An improper authentication issue was discovered in Johnson &amp; Johnson ...)
	NOT-FOR-US: Johnson & Johnson Ethicon Endo-Surgery Generator Gen11
CVE-2017-14017 (An Uncontrolled Search Path Element issue was discovered in Progea ...)
	NOT-FOR-US: Progea Movicon
CVE-2017-14016 (A Stack-based Buffer Overflow issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech
CVE-2017-14015
	RESERVED
CVE-2017-14014 (Boston Scientific ZOOM LATITUDE PRM Model 3120 uses a hard-coded ...)
	NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120
CVE-2017-14013 (A Client-Side Enforcement of Server-Side Security issue was discovered ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14012 (Boston Scientific ZOOM LATITUDE PRM Model 3120 does not encrypt PHI at ...)
	NOT-FOR-US: Boston Scientific ZOOM LATITUDE PRM Model 3120
CVE-2017-14011 (A Cross-Site Request Forgery issue was discovered in ProMinent ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14010 (In SpiderControl MicroBrowser Windows XP, Vista 7, 8 and 10, Versions ...)
	NOT-FOR-US: SpiderControl
CVE-2017-14009 (An Information Exposure issue was discovered in ProMinent MultiFLEX ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14008 (GE Centricity PACS RA1000, diagnostic image analysis, all current ...)
	NOT-FOR-US: GE Centricity PACS RA1000
CVE-2017-14007 (An Insufficient Session Expiration issue was discovered in ProMinent ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14006 (GE Xeleris versions 1.0,1.1,2.1,3.0,3.1, medical imaging systems, all ...)
	NOT-FOR-US: GE Xeleris
CVE-2017-14005 (An Unverified Password Change issue was discovered in ProMinent ...)
	NOT-FOR-US: ProMinent MultiFLEX M10a Controller
CVE-2017-14004 (GE GEMNet License server (EchoServer) all current versions are ...)
	NOT-FOR-US: GE GEMNet License server
CVE-2017-14003 (An Authentication Bypass by Spoofing issue was discovered in LAVA ...)
	NOT-FOR-US: LAVA Ether-Serial Link
CVE-2017-14002 (GE Infinia/Infinia with Hawkeye 4 medical imaging systems all current ...)
	NOT-FOR-US: GE Infinia/Infinia with Hawkeye 4 medical imaging systems
CVE-2017-14001 (An Improper Neutralization of Special Elements used in an OS Command ...)
	NOT-FOR-US: Asterisk GUI
	NOTE: Different from standard asterisk: https://wiki.asterisk.org/wiki/display/AST/Asterisk+GUI
CVE-2017-14000 (An Improper Authentication issue was discovered in Ctek SkyRouter ...)
	NOT-FOR-US: Ctek SkyRouter
CVE-2017-13999 (A Stack-based Buffer Overflow issue was discovered in WECON LEVI Studio ...)
	NOT-FOR-US: WECON LEVI Studio HMI Editor
CVE-2017-13998 (An Insufficiently Protected Credentials issue was discovered in LOYTEC ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13997 (A Missing Authentication for Critical Function issue was discovered in ...)
	NOT-FOR-US: Schneider
CVE-2017-13996 (A Relative Path Traversal issue was discovered in LOYTEC LVIS-3ME ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13995 (An Improper Authentication issue was discovered in iniNet Solutions ...)
	NOT-FOR-US: iniNet Solutions iniNet Webserver
CVE-2017-13994 (A Cross-site Scripting issue was discovered in LOYTEC LVIS-3ME versions ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13993 (An Uncontrolled Search Path or Element issue was discovered in i-SENS ...)
	NOT-FOR-US: i-SENS SmartLog Diabetes Management Software
CVE-2017-13992 (An Insufficient Entropy issue was discovered in LOYTEC LVIS-3ME ...)
	NOT-FOR-US: LOYTEC LVIS-3ME
CVE-2017-13991 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
	NOT-FOR-US: ArcSight
CVE-2017-13990 (An information leakage vulnerability in ArcSight ESM and ArcSight ESM ...)
	NOT-FOR-US: ArcSight
CVE-2017-13989 (An improper access control vulnerability in ArcSight ESM and ArcSight ...)
	NOT-FOR-US: ArcSight
CVE-2017-13988 (An improper access control vulnerability in ArcSight ESM and ArcSight ...)
	NOT-FOR-US: ArcSight
CVE-2017-13987 (An insufficient access control vulnerability in ArcSight ESM and ...)
	NOT-FOR-US: ArcSight
CVE-2017-13986 (A reflected Cross-Site Scripting(XSS) vulnerability in ArcSight ESM ...)
	NOT-FOR-US: ArcSight
CVE-2017-13985 (An authentication vulnerability in HPE BSM Platform Application ...)
	NOT-FOR-US: HP
CVE-2017-13984 (An authentication vulnerability in HPE BSM Platform Application ...)
	NOT-FOR-US: HP
CVE-2017-13983 (An authentication vulnerability in HPE BSM Platform Application ...)
	NOT-FOR-US: HP
CVE-2017-13982 (A directory traversal vulnerability in HPE BSM Platform Application ...)
	NOT-FOR-US: HP
CVE-2017-13981
	RESERVED
CVE-2017-13980
	RESERVED
CVE-2017-13979
	RESERVED
CVE-2017-13978
	RESERVED
CVE-2017-13977
	RESERVED
CVE-2017-13976
	RESERVED
CVE-2017-13975
	RESERVED
CVE-2017-13974
	RESERVED
CVE-2017-13973
	RESERVED
CVE-2017-13972
	RESERVED
CVE-2017-13971
	RESERVED
CVE-2017-13970
	RESERVED
CVE-2017-13969
	RESERVED
CVE-2017-13968
	RESERVED
CVE-2017-13967
	RESERVED
CVE-2017-13966
	RESERVED
CVE-2017-13965
	RESERVED
CVE-2017-13964
	RESERVED
CVE-2017-13963
	RESERVED
CVE-2017-13962
	RESERVED
CVE-2017-13961
	RESERVED
CVE-2017-13960
	RESERVED
CVE-2017-13959
	RESERVED
CVE-2017-13958
	RESERVED
CVE-2017-13957
	RESERVED
CVE-2017-13956
	RESERVED
CVE-2017-13955
	RESERVED
CVE-2017-13954
	RESERVED
CVE-2017-13953
	RESERVED
CVE-2017-13952
	RESERVED
CVE-2017-13951
	RESERVED
CVE-2017-13950
	RESERVED
CVE-2017-13949
	RESERVED
CVE-2017-13948
	RESERVED
CVE-2017-13947
	RESERVED
CVE-2017-13946
	RESERVED
CVE-2017-13945
	RESERVED
CVE-2017-13944
	RESERVED
CVE-2017-13943
	RESERVED
CVE-2017-13942
	RESERVED
CVE-2017-13941
	RESERVED
CVE-2017-13940
	RESERVED
CVE-2017-13939
	RESERVED
CVE-2017-13938
	RESERVED
CVE-2017-13937
	RESERVED
CVE-2017-13936
	RESERVED
CVE-2017-13935
	RESERVED
CVE-2017-13934
	RESERVED
CVE-2017-13933
	RESERVED
CVE-2017-13932
	RESERVED
CVE-2017-13931
	RESERVED
CVE-2017-13930
	RESERVED
CVE-2017-13929
	RESERVED
CVE-2017-13928
	RESERVED
CVE-2017-13927
	RESERVED
CVE-2017-13926
	RESERVED
CVE-2017-13925
	RESERVED
CVE-2017-13924
	RESERVED
CVE-2017-13923
	RESERVED
CVE-2017-13922
	RESERVED
CVE-2017-13921
	RESERVED
CVE-2017-13920
	RESERVED
CVE-2017-13919
	RESERVED
CVE-2017-13918
	RESERVED
CVE-2017-13917
	RESERVED
CVE-2017-13916
	RESERVED
CVE-2017-13915
	RESERVED
CVE-2017-13914
	RESERVED
CVE-2017-13913
	RESERVED
CVE-2017-13912
	RESERVED
CVE-2017-13911
	RESERVED
CVE-2017-13910
	RESERVED
CVE-2017-13909
	RESERVED
CVE-2017-13908
	RESERVED
CVE-2017-13907
	RESERVED
CVE-2017-13906
	RESERVED
CVE-2017-13905
	RESERVED
CVE-2017-13904 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13903 (An issue was discovered in certain Apple products. iOS before 11.2.1 ...)
	NOT-FOR-US: Apple
CVE-2017-13902
	RESERVED
CVE-2017-13901
	RESERVED
CVE-2017-13900
	RESERVED
CVE-2017-13899
	RESERVED
CVE-2017-13898
	RESERVED
CVE-2017-13897
	RESERVED
CVE-2017-13896
	RESERVED
CVE-2017-13895
	RESERVED
CVE-2017-13894
	RESERVED
CVE-2017-13893
	RESERVED
CVE-2017-13892
	RESERVED
CVE-2017-13891
	RESERVED
CVE-2017-13890 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13889
	RESERVED
CVE-2017-13888
	RESERVED
CVE-2017-13887
	RESERVED
CVE-2017-13886
	RESERVED
CVE-2017-13885 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-13884 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-13883 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13882
	RESERVED
CVE-2017-13881
	RESERVED
CVE-2017-13880
	RESERVED
CVE-2017-13879 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13878 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13877 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-13876 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13875 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13874 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13873 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-13872 (An issue was discovered in certain Apple products. macOS High Sierra ...)
	NOT-FOR-US: Apple
CVE-2017-13871 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13870 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-13869 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13868 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13867 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13866 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-13865 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13864 (An issue was discovered in certain Apple products. iCloud before 7.2 ...)
	NOT-FOR-US: Apple
CVE-2017-13863 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-13862 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13861 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13860 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13859
	RESERVED
CVE-2017-13858 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13857
	RESERVED
CVE-2017-13856 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-13855 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13854 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-13853 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13852 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-13851 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-13850 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13849 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-13848 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13847 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-13846 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Potentially src:pcre3, but Apple doesn't play by the rules
CVE-2017-13845
	RESERVED
CVE-2017-13844 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-13843 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13842 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13841 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13840 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13839 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-13838 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13837 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-13836 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13835
	RESERVED
CVE-2017-13834 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13833 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13832 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13831 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13830 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13829 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13828 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13827 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-13826
	REJECTED
CVE-2017-13825 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13824 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13823 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13822 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13821 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13820 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13819 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13818 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13817 (An out-of-bounds read issue was discovered in certain Apple products. ...)
	NOT-FOR-US: Apple
CVE-2017-13816 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
CVE-2017-13815 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-13814 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13813 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
CVE-2017-13812 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Potentially src:libarchive, but Apple doesn't play by the rules
CVE-2017-13811 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13810 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13809 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13808 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13807 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13806 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-13805 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-13804 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-13803 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13802 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13801 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13800 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13799 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-13798 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13797 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple-specific Webkit change (since not mentioned in webkitgtk releases)
CVE-2017-13796 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13795 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13794 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13793 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13792 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13791 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13790 (An issue was discovered in certain Apple products. Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2017-13789 (An issue was discovered in certain Apple products. Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2017-13788 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.3-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13787
	RESERVED
CVE-2017-13786 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13785 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13784 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13783 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0009.html
	NOTE: Not covered by security support
CVE-2017-13782 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-13781
	RESERVED
CVE-2017-13780 (The EyesOfNetwork web interface (aka eonweb) 5.1-0 allows directory ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-14032 (ARM mbed TLS before 1.3.21 and 2.x before 2.1.9, if optional ...)
	{DSA-3967-1}
	- mbedtls 2.6.0-1 (bug #873557)
	- polarssl <removed>
	[jessie] - polarssl <not-affected> (Vulnerable code not present)
	[wheezy] - polarssl <not-affected> (Vulnerable code not present)
	NOTE: Affected versions: all from version 1.3.10 up and including 2.1 and later releases
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-02
	NOTE: https://github.com/ARMmbed/mbedtls/commit/31458a18788b0cf0b722acda9bb2f2fe13a3fb32
	NOTE: https://github.com/ARMmbed/mbedtls/commit/d15795acd5074e0b44e71f7ede8bdfe1b48591fc
CVE-2017-13779 (GSTN_offline_tool in India Goods and Services Tax Network (GSTN) ...)
	NOT-FOR-US: India Goods and Services Tax Network
CVE-2017-13778 (Fiyo CMS 2.0.7 has XSS in dapur\apps\app_config\sys_config.php via the ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-13777 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-8 (low)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13776 (GraphicsMagick 1.3.26 has a denial of service issue in ReadXBMImage() ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-8 (low)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/233a720bfd5e
CVE-2017-13775 (GraphicsMagick 1.3.26 has a denial of service issue in ReadJNXImage() ...)
	- graphicsmagick 1.3.26-8 (low)
	[wheezy] - graphicsmagick <not-affected> (Vulnerable code not present)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/b037d79b6ccd
CVE-2017-13774 (Hikvision iVMS-4200 devices before v2.6.2.7 allow local users to ...)
	NOT-FOR-US: Hikvision
CVE-2017-13773
	RESERVED
CVE-2017-13772 (Multiple stack-based buffer overflows in TP-Link WR940N WiFi routers ...)
	NOT-FOR-US: TP-Link
CVE-2017-13771 (Lexmark Scan To Network (SNF) 3.2.9 and earlier stores network ...)
	NOT-FOR-US: Lexmark Scan To Network
CVE-2017-13770
	RESERVED
CVE-2017-13769 (The WriteTHUMBNAILImage function in coders/thumbnail.c in ImageMagick ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #878507)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/705
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/45d342155b5e9b83904c695411d20f33cf9b524c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/457e63263de6f732785608504b6e607799ad3dd5
	NOTE: Extra checks:
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5a3897693a8b4e97add649c0ca1d538bd90f59c9
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/abb9d1322317733b799e8b87b2e346b3038f3260
CVE-2017-13768 (Null Pointer Dereference in the IdentifyImage function in ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875352)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/706
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/152e510e2b7858efe5992ed95090d8e0049417f3
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/2c1b360d80e5f8f7c7108c0afedde64ab79318ff
CVE-2017-13767 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the MSDP ...)
	- wireshark 2.4.1-1
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13933
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6f18ace2a2683418a9368a8dfd92da6bd8213e15
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-38.html
CVE-2017-13766 (In Wireshark 2.4.0 and 2.2.0 to 2.2.8, the Profinet I/O dissector could ...)
	- wireshark 2.4.1-1
	[stretch] - wireshark 2.2.6+g32dac6a-2+deb9u1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13847
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2096bc1e5078732543e0a3ee115a2ce520a72bbc
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=af7b093ca528516c14247acb545046199d30843e
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-39.html
CVE-2017-13765 (In Wireshark 2.4.0, 2.2.0 to 2.2.8, and 2.0.0 to 2.0.14, the IrCOMM ...)
	- wireshark 2.4.1-1
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13929
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94666d4357096fc45e3bcad3d9414a14f0831bc8
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-41.html
CVE-2017-13764 (In Wireshark 2.4.0, the Modbus dissector could crash with a NULL ...)
	- wireshark 2.4.1-1
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13925
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b87ffbd12bddf64582c0a6e082b462744474de94
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-40.html
CVE-2017-13763 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 do not restrict the amount of ...)
	NOT-FOR-US: ONOS
CVE-2017-13762 (ONOS versions 1.8.0, 1.9.0, and 1.10.0 are vulnerable to XSS. ...)
	NOT-FOR-US: ONOS
CVE-2017-13761 (The Fastly CDN module before 1.2.26 for Magento2, when used with a ...)
	NOT-FOR-US: Fastly CDN module for Magento2
CVE-2017-13760 (In The Sleuth Kit (TSK) 4.4.2, fls hangs on a corrupt exfat image in ...)
	- sleuthkit 4.4.2-3 (unimportant; bug #873724)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/906
	NOTE: Negligable security impact
CVE-2017-13759
	RESERVED
CVE-2017-13758 (In ImageMagick 7.0.6-10, there is a heap-based buffer overflow in the ...)
	{DSA-4040-1 DSA-4032-1 DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #878508)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=32583
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/ef6cee1bcf144b7c9285787920361a53296e7907
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/57eced684ad0660fe580800d977ba94623ec67ac
CVE-2017-13757 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.29-10
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22018
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=90efb6422939ca031804266fba669f77c22a274a
CVE-2017-13756 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted disk image triggers ...)
	- sleuthkit 4.4.2-3 (unimportant; bug #873725)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/914
	NOTE: Negligable security impact
CVE-2017-13755 (In The Sleuth Kit (TSK) 4.4.2, opening a crafted ISO 9660 image ...)
	- sleuthkit 4.4.2-3 (unimportant; bug #873726)
	NOTE: https://github.com/sleuthkit/sleuthkit/issues/913
	NOTE: Negligable security impact
CVE-2017-13754 (Cross-site scripting (XSS) vulnerability in the &quot;advanced settings - ...)
	NOT-FOR-US: Wibu-Systems
CVE-2016-10507 (Integer overflow vulnerability in the bmp24toimage function in ...)
	- openjpeg2 2.1.2-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://github.com/uclouvain/openjpeg/commit/33a0e66eb129c4e91b555a6b8dd9eab512fbfeb8 (v2.1.1)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/da940424816e11d624362ce080bc026adffa26e8 (v2.1.2)
	NOTE: https://github.com/uclouvain/openjpeg/issues/833
CVE-2016-10506 (Division-by-zero vulnerabilities in the functions opj_pi_next_cprl, ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
	NOTE: https://github.com/uclouvain/openjpeg/issues/731
	NOTE: https://github.com/uclouvain/openjpeg/issues/732
	NOTE: https://github.com/uclouvain/openjpeg/issues/777
	NOTE: https://github.com/uclouvain/openjpeg/issues/778
	NOTE: https://github.com/uclouvain/openjpeg/issues/779
	NOTE: https://github.com/uclouvain/openjpeg/issues/780
CVE-2016-10505 (NULL pointer dereference vulnerabilities in the imagetopnm function in ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/776
	NOTE: https://github.com/uclouvain/openjpeg/issues/784
	NOTE: https://github.com/uclouvain/openjpeg/issues/785
	NOTE: https://github.com/uclouvain/openjpeg/issues/792
CVE-2016-10504 (Heap-based buffer overflow vulnerability in the opj_mqc_byteout ...)
	- openjpeg2 2.2.0-1 (bug #874113)
	[stretch] - openjpeg2 2.1.2-1.1+deb9u2
	[jessie] - openjpeg2 <not-affected> (Vulnerable code introduced later, see #874113)
	NOTE: https://github.com/uclouvain/openjpeg/commit/397f62c0a838e15d667ef50e27d5d011d2c79c04
	NOTE: https://github.com/uclouvain/openjpeg/issues/835
CVE-2017-13753
	REJECTED
CVE-2017-13752 (There is a reachable assertion abort in the function jpc_dequantize() ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485276
CVE-2017-13751 (There is a reachable assertion abort in the function calcstepsizes() in ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485283
CVE-2017-13750 (There is a reachable assertion abort in the function ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485280
CVE-2017-13749 (There is a reachable assertion abort in the function jpc_pi_nextrpcl() ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485285
CVE-2017-13748 (There are lots of memory leaks in JasPer 2.0.12, triggered in the ...)
	- jasper <removed> (low)
	[jessie] - jasper <ignored> (Minor issue)
	[wheezy] - jasper <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485287
CVE-2017-13747 (There is a reachable assertion abort in the function jpc_floorlog2() in ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485282
CVE-2017-13746 (There is a reachable assertion abort in the function ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485286
CVE-2017-13745 (There is a reachable assertion abort in the function ...)
	- jasper <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1485274
CVE-2017-13744 (There is an illegal address access in the function _lou_getALine() in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484338
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13743 (There is a buffer overflow in Liblouis 3.2.0, triggered in the function ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484335
CVE-2017-13742 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484334
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13741 (There is a use-after-free in the function compileBrailleIndicator() in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484332
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/af5791ea792acc0a9707738001aa1df3daff7a66
CVE-2017-13740 (There is a stack-based buffer overflow in Liblouis 3.2.0, triggered in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484306
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13739 (There is a heap-based buffer overflow that causes a more than two ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484299
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/d8cfdf1ab64a4c9c6685efe45bc735f68dac618c
CVE-2017-13738 (There is an illegal address access in the _lou_getALine function in ...)
	- liblouis 3.3.0-1 (low; bug #874302)
	[stretch] - liblouis 3.0.0-3+deb9u1
	[jessie] - liblouis <no-dsa> (Minor issue)
	[wheezy] - liblouis <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484297
	NOTE: Proposed fix via pull request: https://github.com/liblouis/liblouis/pull/393/commits/edf8ee00197e5a9b062554bdca00fe1617d257a4
CVE-2017-13737 (There is an invalid free in the MagickFree function in magick/memory.c ...)
	{DLA-1140-1}
	- graphicsmagick 1.3.26-15 (low; bug #878511)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484196
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/3db9449e3d6a/
CVE-2017-13736 (There are lots of memory leaks in the GMCommand function in ...)
	- graphicsmagick <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484192
CVE-2017-13735 (There is a floating point exception in the kodak_radc_load_raw function ...)
	- libraw 0.18.5-1 (low; bug #874729)
	[stretch] - libraw <no-dsa> (Minor issue)
	[jessie] - libraw <no-dsa> (Minor issue)
	[wheezy] - libraw <no-dsa> (Minor issue)
	NOTE: https://github.com/LibRaw/LibRaw/issues/96
	NOTE: Isolated patch: https://github.com/LibRaw/LibRaw/files/1276421/radc_divbyzero.txt
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483988
CVE-2017-13734 (There is an illegal address access in the _nc_safe_strcat function in ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484291
CVE-2017-13733 (There is an illegal address access in the fmt_entry function in ...)
	- ncurses 6.0+20170902-1 (bug #873746)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484290
CVE-2017-13732 (There is an illegal address access in the function dump_uses() in ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484287
CVE-2017-13731 (There is an illegal address access in the function ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484285
CVE-2017-13730 (There is an illegal address access in the function ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484284
CVE-2017-13729 (There is an illegal address access in the _nc_save_str function in ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484276
CVE-2017-13728 (There is an infinite loop in the next_char function in comp_scan.c in ...)
	- ncurses 6.0+20170827-1 (bug #873723)
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1484274
CVE-2017-13727 (There is a reachable assertion abort in the function ...)
	{DSA-4100-1 DLA-1093-1}
	- tiff 4.0.8-5 (bug #873879)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2728
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/b6af137bf9ef852f1a48a50a5afb88f9e9da01cc
CVE-2017-13726 (There is a reachable assertion abort in the function ...)
	{DSA-4100-1 DLA-1093-1}
	- tiff 4.0.8-5 (bug #873880)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2727
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/f91ca83a21a6a583050e5a5755ce1441b2bf1d7e
CVE-2017-13725 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13724 (On the Axesstel MU553S MU55XS-V1.14, there is a Stored Cross Site ...)
	NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-13723 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, a local ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.4-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=94f11ca5cf011ef123bd222cabeaef6f424d76ac
	NOTE: This is in libxkbfile in wheezy
CVE-2017-13722 (In the pcfGetProperties function in bitmap/pcfread.c in libXfont ...)
	{DSA-3995-1 DLA-1126-1}
	- libxfont 1:2.0.1-4
	- libxfont1 <removed> (unimportant)
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=672bb944311392e2415b39c0d63b1e1902905bcd
	NOTE: libxfont1 is only used by xfonts-utils, no security impact
CVE-2017-13721 (In X.Org Server (aka xserver and xorg-server) before 1.19.4, an ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.4-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b95f25af141d33a65f6f821ea9c003f66a01e1f1
CVE-2017-13720 (In the PatternMatch function in fontfile/fontdir.c in libXfont through ...)
	{DSA-3995-1 DLA-1126-1}
	- libxfont 1:2.0.1-4
	- libxfont1 <removed> (unimportant)
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=d1e670a4a8704b8708e493ab6155589bcd570608
	NOTE: libxfont1 is only used by xfonts-utils, no security impact
CVE-2017-13719
	RESERVED
CVE-2017-13718
	RESERVED
CVE-2017-13717
	RESERVED
CVE-2017-13716 (The C++ symbol demangler routine in cplus-dem.c in libiberty, as ...)
	- binutils <unfixed> (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=22009
	NOTE: Underlying bug is though in the C++ demangler part of libiberty, but MITRE
	NOTE: has assigned it specifically to the issue as raised within binutils.
CVE-2016-10503 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2017-13715 (The __skb_flow_dissect function in net/core/flow_dissector.c in the ...)
	- linux 4.3.1-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/a6e544b0a88b53114bfa5a57e21b7be7a8dfc9d0 (4.3-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/b3baa0fbd02a1a9d493d8cb92ae4a4491b9e9d13 (4.2-rc1)
CVE-2017-13714
	RESERVED
CVE-2017-13713 (T&amp;W WIFI Repeater BE126 allows remote authenticated users to execute ...)
	NOT-FOR-US: T&W WIFI Repeater BE126
CVE-2017-13712 (NULL Pointer Dereference in the id3v2AddAudioDuration function in ...)
	- lame 3.100-1 (low)
	[stretch] - lame <no-dsa> (Minor issue)
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/lame/bugs/472/
CVE-2017-13711 (Use-after-free vulnerability in the sofree function in slirp/socket.c ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (bug #873875)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg05201.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1486400
CVE-2017-14041 (A stack-based buffer overflow was discovered in the pgxtoimage function ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874115)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/e5285319229a5d77bf316bb0d3a6cbd3cb8666d9
	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-stack-based-buffer-overflow-write-in-pgxtoimage-convert-c/
	NOTE: https://github.com/uclouvain/openjpeg/issues/997
CVE-2017-14040 (An invalid write access was discovered in bin/jp2/convert.c in OpenJPEG ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874117)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/2cd30c2b06ce332dede81cccad8b334cde997281
	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-invalid-memory-write-in-tgatoimage-convert-c/
	NOTE: https://github.com/uclouvain/openjpeg/issues/995
CVE-2017-14039 (A heap-based buffer overflow was discovered in the opj_t2_encode_packet ...)
	{DSA-4013-1}
	- openjpeg2 2.3.0-1 (bug #874118)
	NOTE: Fixed by: https://github.com/uclouvain/openjpeg/commit/c535531f03369623b9b833ef41952c62257b507e
	NOTE: Reproducer: https://blogs.gentoo.org/ago/2017/08/28/openjpeg-heap-based-buffer-overflow-in-opj_t2_encode_packet-t2-c/
	NOTE: https://github.com/uclouvain/openjpeg/issues/992
	NOTE: The issue is covered by https://github.com/uclouvain/openjpeg/commit/4241ae6fbbf1de9658764a80944dc8108f2b4154
CVE-2017-14042 (A memory allocation failure was discovered in the ReadPNMImage function ...)
	- graphicsmagick 1.3.26-9 (unimportant; bug #873538)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/3bbf7a13643d
	NOTE: https://blogs.gentoo.org/ago/2017/08/28/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c-2/
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/441/
CVE-2017-13710 (The setup_group function in elf.c in the Binary File Descriptor (BFD) ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0c54f69295208331faab9bc5e995111a35672f9b
CVE-2017-13708 (Buffer overflow in the web server service in VX Search Enterprise ...)
	NOT-FOR-US: VX Search Enterprise
CVE-2017-13707 (Privilege escalation in Replibit Backup Manager earlier than version ...)
	NOT-FOR-US: Replibit
CVE-2017-13706 (XML external entity (XXE) vulnerability in the import package ...)
	NOT-FOR-US: Lansweeper
CVE-2017-13709 (In FlightGear before version 2017.3.1, Main/logger.cxx in the FGLogger ...)
	- flightgear 1:2017.2.1+dfsg-4 (low; bug #873439)
	[stretch] - flightgear 1:2016.4.4+dfsg-3+deb9u1
	[jessie] - flightgear 3.0.0-5+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/27/1
CVE-2017-13705
	RESERVED
CVE-2017-13704 (In dnsmasq before 2.78, if the DNS packet size does not match the ...)
	- dnsmasq 2.78-1 (bug #877102)
	[stretch] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
	[jessie] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code not present; Upstream: Regression introduced in 2.77)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495510
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928
CVE-2017-13703 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. A ...)
	NOT-FOR-US: Moxa
CVE-2017-13702 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
	NOT-FOR-US: Moxa
CVE-2017-13701 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
	NOT-FOR-US: Moxa
CVE-2017-13700 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
	NOT-FOR-US: Moxa
CVE-2017-13699 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
	NOT-FOR-US: MOXA
CVE-2017-13698 (An issue was discovered on MOXA EDS-G512E 5.1 build 16072215 devices. ...)
	NOT-FOR-US: MOXA
CVE-2017-13697 (controllers/member/api.php in dayrui FineCms 5.0.11 has XSS related to ...)
	NOT-FOR-US: FineCMS
CVE-2017-13696 (A buffer overflow vulnerability lies in the web server component of ...)
	NOT-FOR-US: Dup Scout Enterprise
CVE-2017-1000122 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
	NOTE: Not covered by security support
CVE-2017-1000121 (The UNIX IPC layer in WebKit, including WebKitGTK+ prior to 2.16.3, ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0007.html
	NOTE: Not covered by security support
CVE-2017-13695 (The acpi_ns_evaluate() function in drivers/acpi/acpica/nseval.c in the ...)
	- acpica-unix 20180209-1 (unimportant)
	- linux <unfixed> (unimportant)
	NOTE: https://patchwork.kernel.org/patch/9850567/
	NOTE: non-issue/no relevant security impact
CVE-2017-13694 (The acpi_ps_complete_final_op() function in ...)
	- acpica-unix 20180209-1 (unimportant)
	- linux <unfixed> (unimportant)
	NOTE: https://patchwork.kernel.org/patch/9806085/
	NOTE: non-issue/no relevant security impact
CVE-2017-13693 (The acpi_ds_create_operands() function in drivers/acpi/acpica/dsutils.c ...)
	- acpica-unix 20180209-1 (unimportant)
	- linux <unfixed> (unimportant)
	NOTE: https://patchwork.kernel.org/patch/9919053/
	NOTE: non-issue/no relevant security impact
CVE-2017-13692 (In Tidy 5.5.31, the IsURLCodePoint function in attrs.c allows attackers ...)
	- tidy-html5 <not-affected> (Vulnerable code introduced later)
	- tidy <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/htacg/tidy-html5/issues/588
CVE-2017-13691
	RESERVED
CVE-2017-13690 (The IKEv2 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13689 (The IKEv1 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13688 (The OLSR parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13687 (The Cisco HDLC parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13686 (net/ipv4/route.c in the Linux kernel 4.13-rc1 through 4.13-rc6 is too ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/bc3aae2bbac46dd894c89db5d5e98f7f0ef9e205
CVE-2016-1000245
	RESERVED
CVE-2017-13685 (The dump_callback function in SQLite 3.20.0 allows remote attackers to ...)
	- sqlite3 3.20.1-1 (unimportant; bug #873762)
	NOTE: https://sqlite.org/src/info/02f0f4c54f2819b3
	NOTE: http://www.mail-archive.com/sqlite-users%40mailinglists.sqlite.org/msg105314.html
	NOTE: Crash in the command-line shell program, not the the core SQLite library.
CVE-2017-13684 (Unisys Libra 64xx and 84xx and FS601 class systems with MCP-FIRMWARE ...)
	NOT-FOR-US: Unisys Libra
CVE-2017-13683 (In Symantec Endpoint Encryption before SEE 11.1.3HF3, a kernel memory ...)
	NOT-FOR-US: Symantec
CVE-2017-13682 (In Symantec Encryption Desktop before SED 10.4.1 MP2HF1, a kernel ...)
	NOT-FOR-US: Symantec
CVE-2017-13681 (Symantec Endpoint Protection prior to SEP 12.1 RU6 MP9 could be ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2017-13680 (Prior to SEP 12.1 RU6 MP9 &amp; SEP 14 RU1 Symantec Endpoint Protection ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2017-13679 (A denial of service (DoS) attack in Symantec Encryption Desktop before ...)
	NOT-FOR-US: Symantec
CVE-2017-13678 (Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) ...)
	NOT-FOR-US: Symantec
CVE-2017-13677 (Denial-of-service (DoS) vulnerability in the Symantec Advanced Secure ...)
	NOT-FOR-US: Symantec
CVE-2017-13676 (Norton Remove &amp; Reinstall can be susceptible to a DLL preloading ...)
	NOT-FOR-US: Symantec
CVE-2017-13675 (A denial of service (DoS) attack in Symantec Endpoint Encryption ...)
	NOT-FOR-US: Symantec
CVE-2017-13674 (Symantec ProxyClient 3.4 for Windows is susceptible to a privilege ...)
	NOT-FOR-US: Symantec ProxyClient
CVE-2017-13673 (The vga display update in mis-calculated the region for the dirty ...)
	- qemu 1:2.10.0+dfsg-2
	[stretch] - qemu <not-affected> (Vulnerable code introduced later)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04685.html
	NOTE: Fixed by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=d6f7f3b0cf4b6c5e7cdff9dfa6d20545e1051375 (v2.10.1)
	NOTE: Introduced by: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=fec5e8c92becad223df9d972770522f64aafdb72
	NOTE: In the unstable upload the fix is integrated in debian/patches/qemu-2.10.1.diff
CVE-2017-13672 (QEMU (aka Quick Emulator), when built with the VGA display emulator ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (low; bug #873851)
	[jessie] - qemu <postponed> (Can be fixed along in a future DSA)
	[wheezy] - qemu <postponed> (Can be fixed along in a future DSA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in a future DSA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg04684.html
	NOTE: Fixed by https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=3d90c6254863693a6b13d918d2b8682e08bbc681
CVE-2017-13671 (app/View/Helper/CommandHelper.php in MISP before 2.4.79 has persistent ...)
	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
CVE-2017-13670 (In BlackCat CMS 1.2, remote authenticated users can upload any file via ...)
	NOT-FOR-US: BlackCat CMS
CVE-2017-13669 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the setanswered ...)
	NOT-FOR-US: NexusPHP
CVE-2017-13668
	RESERVED
CVE-2017-13667
	RESERVED
CVE-2017-13666 (An integer underflow vulnerability exists in pixel-a.asm, the x86 ...)
	- x265 <not-affected> (Affected code is not enabled)
CVE-2017-13665
	RESERVED
CVE-2017-13664 (Password file exposure in firmware in iSmartAlarm CubeOne version ...)
	NOT-FOR-US: iSmartAlarm CubeOne
CVE-2017-13663 (Encryption key exposure in firmware in iSmartAlarm CubeOne version ...)
	NOT-FOR-US: iSmartAlarm CubeOne
CVE-2017-13662
	RESERVED
CVE-2017-13661
	RESERVED
CVE-2017-13660
	RESERVED
CVE-2017-13659
	RESERVED
CVE-2017-13657
	RESERVED
CVE-2017-13656
	RESERVED
CVE-2017-13655
	RESERVED
CVE-2017-13654
	RESERVED
CVE-2017-13653
	RESERVED
CVE-2017-13652
	RESERVED
CVE-2017-13651
	RESERVED
CVE-2017-13650
	RESERVED
CVE-2017-1002150 (python-fedora 0.8.0 and lower is vulnerable to an open redirect ...)
	- python-fedora 0.9.0-1
	[stretch] - python-fedora <no-dsa> (Minor issue)
	[jessie] - python-fedora <no-dsa> (Minor issue)
	NOTE: https://github.com/fedora-infra/python-fedora/commit/b27f38a67573f4c989710c9bfb726dd4c1eeb929.patch
CVE-2017-13649 (UnrealIRCd 4.0.13 and earlier creates a PID file after dropping ...)
	- unrealircd <itp> (bug #515130)
CVE-2017-13648 (In GraphicsMagick 1.3.26, a memory leak vulnerability was found in the ...)
	- graphicsmagick <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/433/
CVE-2017-13647
	RESERVED
CVE-2017-13646
	RESERVED
CVE-2017-13645
	RESERVED
CVE-2017-13644
	RESERVED
CVE-2017-13643
	RESERVED
CVE-2017-13642
	RESERVED
CVE-2017-13641
	RESERVED
CVE-2017-13640
	RESERVED
CVE-2017-13639
	RESERVED
CVE-2017-13638
	RESERVED
CVE-2017-13637
	RESERVED
CVE-2017-13636
	RESERVED
CVE-2017-13635
	RESERVED
CVE-2017-13634
	RESERVED
CVE-2017-13633
	RESERVED
CVE-2017-13632
	RESERVED
CVE-2017-13631
	RESERVED
CVE-2017-13630
	RESERVED
CVE-2017-13629
	RESERVED
CVE-2017-13628
	RESERVED
CVE-2017-13627
	RESERVED
CVE-2017-13626
	RESERVED
CVE-2017-13625
	RESERVED
CVE-2017-13624
	RESERVED
CVE-2017-13623
	RESERVED
CVE-2017-13622
	RESERVED
CVE-2017-13621
	RESERVED
CVE-2017-13620
	RESERVED
CVE-2017-13619
	RESERVED
CVE-2017-13618
	RESERVED
CVE-2017-13617
	RESERVED
CVE-2017-13616
	RESERVED
CVE-2017-13615
	RESERVED
CVE-2017-13614
	RESERVED
CVE-2017-13613
	RESERVED
CVE-2017-13612
	RESERVED
CVE-2017-13611
	RESERVED
CVE-2017-13610
	RESERVED
CVE-2017-13609
	RESERVED
CVE-2017-13608
	RESERVED
CVE-2017-13607
	RESERVED
CVE-2017-13606
	RESERVED
CVE-2017-13605
	RESERVED
CVE-2017-13604
	RESERVED
CVE-2017-13603
	RESERVED
CVE-2017-13602
	RESERVED
CVE-2017-13601
	RESERVED
CVE-2017-13600
	RESERVED
CVE-2017-13599
	RESERVED
CVE-2017-13598
	RESERVED
CVE-2017-13597
	RESERVED
CVE-2017-13596
	RESERVED
CVE-2017-13595
	RESERVED
CVE-2017-13594
	RESERVED
CVE-2017-13593
	RESERVED
CVE-2017-13592
	RESERVED
CVE-2017-13591
	RESERVED
CVE-2017-13590
	RESERVED
CVE-2017-13589
	RESERVED
CVE-2017-13588
	RESERVED
CVE-2017-13587
	RESERVED
CVE-2017-13586
	RESERVED
CVE-2017-13585
	RESERVED
CVE-2017-13584
	RESERVED
CVE-2017-13583
	RESERVED
CVE-2017-13582
	RESERVED
CVE-2017-13581
	RESERVED
CVE-2017-13580
	RESERVED
CVE-2017-13579
	RESERVED
CVE-2017-13578
	RESERVED
CVE-2017-13577
	RESERVED
CVE-2017-13576
	RESERVED
CVE-2017-13575
	RESERVED
CVE-2017-13574
	RESERVED
CVE-2017-13573
	RESERVED
CVE-2017-13572
	RESERVED
CVE-2017-13571
	RESERVED
CVE-2017-13570
	RESERVED
CVE-2017-13569
	RESERVED
CVE-2017-13568
	RESERVED
CVE-2017-13567
	RESERVED
CVE-2017-13566
	RESERVED
CVE-2017-13565
	RESERVED
CVE-2017-13564
	RESERVED
CVE-2017-13563
	RESERVED
CVE-2017-13562
	RESERVED
CVE-2017-13561
	RESERVED
CVE-2017-13560
	RESERVED
CVE-2017-13559
	RESERVED
CVE-2017-13558
	RESERVED
CVE-2017-13557
	RESERVED
CVE-2017-13556
	RESERVED
CVE-2017-13555
	RESERVED
CVE-2017-13554
	RESERVED
CVE-2017-13553
	RESERVED
CVE-2017-13552
	RESERVED
CVE-2017-13551
	RESERVED
CVE-2017-13550
	RESERVED
CVE-2017-13549
	RESERVED
CVE-2017-13548
	RESERVED
CVE-2017-13547
	RESERVED
CVE-2017-13546
	RESERVED
CVE-2017-13545
	RESERVED
CVE-2017-13544
	RESERVED
CVE-2017-13543
	RESERVED
CVE-2017-13542
	RESERVED
CVE-2017-13541
	RESERVED
CVE-2017-13540
	RESERVED
CVE-2017-13539
	RESERVED
CVE-2017-13538
	RESERVED
CVE-2017-13537
	RESERVED
CVE-2017-13536
	RESERVED
CVE-2017-13535
	RESERVED
CVE-2017-13534
	RESERVED
CVE-2017-13533
	RESERVED
CVE-2017-13532
	RESERVED
CVE-2017-13531
	RESERVED
CVE-2017-13530
	RESERVED
CVE-2017-13529
	RESERVED
CVE-2017-13528
	RESERVED
CVE-2017-13527
	RESERVED
CVE-2017-13526
	RESERVED
CVE-2017-13525
	RESERVED
CVE-2017-13524
	RESERVED
CVE-2017-13523
	RESERVED
CVE-2017-13522
	RESERVED
CVE-2017-13521
	RESERVED
CVE-2017-13520
	RESERVED
CVE-2017-13519
	RESERVED
CVE-2017-13518
	RESERVED
CVE-2017-13517
	RESERVED
CVE-2017-13516
	RESERVED
CVE-2017-13515
	RESERVED
CVE-2017-13514
	RESERVED
CVE-2017-13513
	RESERVED
CVE-2017-13512
	RESERVED
CVE-2017-13511
	RESERVED
CVE-2017-13510
	RESERVED
CVE-2017-13509
	RESERVED
CVE-2017-13508
	RESERVED
CVE-2017-13507
	RESERVED
CVE-2017-13506
	RESERVED
CVE-2017-13505
	RESERVED
CVE-2017-13504
	RESERVED
CVE-2017-13503
	RESERVED
CVE-2017-13502
	RESERVED
CVE-2017-13501
	RESERVED
CVE-2017-13500
	RESERVED
CVE-2017-13499
	RESERVED
CVE-2017-13498
	RESERVED
CVE-2017-13497
	RESERVED
CVE-2017-13496
	RESERVED
CVE-2017-13495
	RESERVED
CVE-2017-13494
	RESERVED
CVE-2017-13493
	RESERVED
CVE-2017-13492
	RESERVED
CVE-2017-13491
	RESERVED
CVE-2017-13490
	RESERVED
CVE-2017-13489
	RESERVED
CVE-2017-13488
	RESERVED
CVE-2017-13487
	RESERVED
CVE-2017-13486
	RESERVED
CVE-2017-13485
	RESERVED
CVE-2017-13484
	RESERVED
CVE-2017-13483
	RESERVED
CVE-2017-13482
	RESERVED
CVE-2017-13481
	RESERVED
CVE-2017-13480
	RESERVED
CVE-2017-13479
	RESERVED
CVE-2017-13478
	RESERVED
CVE-2017-13477
	RESERVED
CVE-2017-13476
	RESERVED
CVE-2017-13475
	RESERVED
CVE-2017-13474
	RESERVED
CVE-2017-13473
	RESERVED
CVE-2017-13472
	RESERVED
CVE-2017-13471
	RESERVED
CVE-2017-13470
	RESERVED
CVE-2017-13469
	RESERVED
CVE-2017-13468
	RESERVED
CVE-2017-13467
	RESERVED
CVE-2017-13466
	RESERVED
CVE-2017-13465
	RESERVED
CVE-2017-13464
	RESERVED
CVE-2017-13463
	RESERVED
CVE-2017-13462
	RESERVED
CVE-2017-13461
	RESERVED
CVE-2017-13460
	RESERVED
CVE-2017-13459
	RESERVED
CVE-2017-13458
	RESERVED
CVE-2017-13457
	RESERVED
CVE-2017-13456
	RESERVED
CVE-2017-13455
	RESERVED
CVE-2017-13454
	RESERVED
CVE-2017-13453
	RESERVED
CVE-2017-13452
	RESERVED
CVE-2017-13451
	RESERVED
CVE-2017-13450
	RESERVED
CVE-2017-13449
	RESERVED
CVE-2017-13448
	RESERVED
CVE-2017-13447
	RESERVED
CVE-2017-13446
	RESERVED
CVE-2017-13445
	RESERVED
CVE-2017-13444
	RESERVED
CVE-2017-13443
	RESERVED
CVE-2017-13442
	RESERVED
CVE-2017-13441
	RESERVED
CVE-2017-13440
	RESERVED
CVE-2017-13439
	RESERVED
CVE-2017-13438
	RESERVED
CVE-2017-13437
	RESERVED
CVE-2017-13436
	RESERVED
CVE-2017-13435
	RESERVED
CVE-2017-13434
	RESERVED
CVE-2017-13433
	RESERVED
CVE-2017-13432
	RESERVED
CVE-2017-13431
	RESERVED
CVE-2017-13430
	RESERVED
CVE-2017-13429
	RESERVED
CVE-2017-13428
	RESERVED
CVE-2017-13427
	RESERVED
CVE-2017-13426
	RESERVED
CVE-2017-13425
	RESERVED
CVE-2017-13424
	RESERVED
CVE-2017-13423
	RESERVED
CVE-2017-13422
	RESERVED
CVE-2017-13421
	RESERVED
CVE-2017-13420
	RESERVED
CVE-2017-13419
	RESERVED
CVE-2017-13418
	RESERVED
CVE-2017-13417
	RESERVED
CVE-2017-13416
	RESERVED
CVE-2017-13415
	RESERVED
CVE-2017-13414
	RESERVED
CVE-2017-13413
	RESERVED
CVE-2017-13412
	RESERVED
CVE-2017-13411
	RESERVED
CVE-2017-13410
	RESERVED
CVE-2017-13409
	RESERVED
CVE-2017-13408
	RESERVED
CVE-2017-13407
	RESERVED
CVE-2017-13406
	RESERVED
CVE-2017-13405
	RESERVED
CVE-2017-13404
	RESERVED
CVE-2017-13403
	RESERVED
CVE-2017-13402
	RESERVED
CVE-2017-13401
	RESERVED
CVE-2017-13400
	RESERVED
CVE-2017-13399
	RESERVED
CVE-2017-13398
	RESERVED
CVE-2017-13397
	RESERVED
CVE-2017-13396
	RESERVED
CVE-2017-13395
	RESERVED
CVE-2017-13394
	RESERVED
CVE-2017-13393
	RESERVED
CVE-2017-13392
	RESERVED
CVE-2017-13391
	RESERVED
CVE-2017-13390
	RESERVED
CVE-2017-13389
	RESERVED
CVE-2017-13388
	RESERVED
CVE-2017-13387
	RESERVED
CVE-2017-13386
	RESERVED
CVE-2017-13385
	RESERVED
CVE-2017-13384
	RESERVED
CVE-2017-13383
	RESERVED
CVE-2017-13382
	RESERVED
CVE-2017-13381
	RESERVED
CVE-2017-13380
	RESERVED
CVE-2017-13379
	RESERVED
CVE-2017-13378
	RESERVED
CVE-2017-13377
	RESERVED
CVE-2017-13376
	RESERVED
CVE-2017-13375
	RESERVED
CVE-2017-13374
	RESERVED
CVE-2017-13373
	RESERVED
CVE-2017-13372
	RESERVED
CVE-2017-13371
	RESERVED
CVE-2017-13370
	RESERVED
CVE-2017-13369
	RESERVED
CVE-2017-13368
	RESERVED
CVE-2017-13367
	RESERVED
CVE-2017-13366
	RESERVED
CVE-2017-13365
	RESERVED
CVE-2017-13364
	RESERVED
CVE-2017-13363
	RESERVED
CVE-2017-13362
	RESERVED
CVE-2017-13361
	RESERVED
CVE-2017-13360
	RESERVED
CVE-2017-13359
	RESERVED
CVE-2017-13358
	RESERVED
CVE-2017-13357
	RESERVED
CVE-2017-13356
	RESERVED
CVE-2017-13355
	RESERVED
CVE-2017-13354
	RESERVED
CVE-2017-13353
	RESERVED
CVE-2017-13352
	RESERVED
CVE-2017-13351
	RESERVED
CVE-2017-13350
	RESERVED
CVE-2017-13349
	RESERVED
CVE-2017-13348
	RESERVED
CVE-2017-13347
	RESERVED
CVE-2017-13346
	RESERVED
CVE-2017-13345
	RESERVED
CVE-2017-13344
	RESERVED
CVE-2017-13343
	RESERVED
CVE-2017-13342
	RESERVED
CVE-2017-13341
	RESERVED
CVE-2017-13340
	RESERVED
CVE-2017-13339
	RESERVED
CVE-2017-13338
	RESERVED
CVE-2017-13337
	RESERVED
CVE-2017-13336
	RESERVED
CVE-2017-13335
	RESERVED
CVE-2017-13334
	RESERVED
CVE-2017-13333
	RESERVED
CVE-2017-13332
	RESERVED
CVE-2017-13331
	RESERVED
CVE-2017-13330
	RESERVED
CVE-2017-13329
	RESERVED
CVE-2017-13328
	RESERVED
CVE-2017-13327
	RESERVED
CVE-2017-13326
	RESERVED
CVE-2017-13325
	RESERVED
CVE-2017-13324
	RESERVED
CVE-2017-13323
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13322
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13321
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13320
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13319
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13318
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13317
	RESERVED
	NOT-FOR-US: Android Media Framework
CVE-2017-13316
	RESERVED
	NOT-FOR-US: Android
CVE-2017-13315
	RESERVED
CVE-2017-13314
	RESERVED
CVE-2017-13313
	RESERVED
CVE-2017-13312
	RESERVED
CVE-2017-13311
	RESERVED
CVE-2017-13310
	RESERVED
CVE-2017-13309
	RESERVED
CVE-2017-13308
	RESERVED
CVE-2017-13307 (A elevation of privilege vulnerability in the Upstream kernel pci ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13306 (A elevation of privilege vulnerability in the Upstream kernel mnh ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13305 (A information disclosure vulnerability in the Upstream kernel ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13304 (A information disclosure vulnerability in the Upstream kernel mnh_sm ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13303 (A information disclosure vulnerability in the Broadcom bcmdhd driver. ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2017-13302 (A denial of service vulnerability in the Android system (system ui). ...)
	NOT-FOR-US: Android
CVE-2017-13301 (A denial of service vulnerability in the Android system (system ui). ...)
	NOT-FOR-US: Android
CVE-2017-13300 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13299 (A other vulnerability in the Android media framework (libavc). ...)
	NOT-FOR-US: Android media framework
CVE-2017-13298 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13297 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13296 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13295 (A denial of service vulnerability in the Android framework (package ...)
	NOT-FOR-US: Android
CVE-2017-13294 (A information disclosure vulnerability in the Android framework (aosp ...)
	NOT-FOR-US: Android framework (aosp email application)
CVE-2017-13293 (In the nfc_hci_cmd_received() function of core.c, there is a possible ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13292 (In wl_get_assoc_ies of wl_cfg80211.c, there is a possible out of ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2017-13291 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2017-13290 (In sdp_server_handle_client_req of sdp_server.cc, there is an out of ...)
	NOT-FOR-US: Android
CVE-2017-13289 (In writeToParcel and createFromParcel of RttManager.java, there is a ...)
	NOT-FOR-US: Android
CVE-2017-13288 (In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, ...)
	NOT-FOR-US: Android
CVE-2017-13287 (In createFromParcel of VerifyCredentialResponse.java, there is a ...)
	NOT-FOR-US: Android
CVE-2017-13286 (In writeToParcel and readFromParcel of OutputConfiguration.java, there ...)
	NOT-FOR-US: Android
CVE-2017-13285 (In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a ...)
	NOT-FOR-US: Android
CVE-2017-13284 (In config_set_string of config.cc, it is possible to pair a second BT ...)
	NOT-FOR-US: Android
CVE-2017-13283 (In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a ...)
	NOT-FOR-US: Android
CVE-2017-13282 (In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2017-13281 (In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2017-13280 (In the FrameSequence_gif::FrameSequence_gif function of ...)
	NOT-FOR-US: Android media framework
CVE-2017-13279 (In M3UParser::parse of M3UParser.cpp, there is a memory resource ...)
	NOT-FOR-US: Android media framework
CVE-2017-13278 (In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there ...)
	NOT-FOR-US: Android media framework
CVE-2017-13277 (In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of ...)
	NOT-FOR-US: Android media framework
CVE-2017-13276 (In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible ...)
	NOT-FOR-US: Android media framework
CVE-2017-13275 (In getVSCoverage of CmapCoverage.cpp, there is a possible out of ...)
	NOT-FOR-US: Android
CVE-2017-13274 (In the getHost() function of UriTest.java, there is the possibility of ...)
	NOT-FOR-US: Android
CVE-2017-13273 (In xt_qtaguid.c, there is a race condition due to insufficient ...)
	NOT-FOR-US: Android
CVE-2017-13272 (In alarm_ready_generic of alarm.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2017-13271 (A elevation of privilege vulnerability in the upstream kernel mnh_sm ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13270 (A elevation of privilege vulnerability in the upstream kernel mnh_sm ...)
	NOT-FOR-US: Android kernel (no source release, so apparently not in mainline)
CVE-2017-13269 (A information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13268 (A information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13267 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...)
	NOT-FOR-US: Android
CVE-2017-13266 (In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack ...)
	NOT-FOR-US: Android
CVE-2017-13265 (A elevation of privilege vulnerability in the Android system (OTA ...)
	NOT-FOR-US: Android
CVE-2017-13264 (A other vulnerability in the Android media framework (Avcdec). ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13263 (A elevation of privilege vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-13262 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2017-13261 (In bnep_process_control_packet of bnep_utils.cc, there is a possible ...)
	NOT-FOR-US: Android
CVE-2017-13260 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2017-13259 (In functionality implemented in sdp_discovery.cc, there are possible ...)
	NOT-FOR-US: Android
CVE-2017-13258 (In bnep_data_ind of bnep_main.cc, there is a possible out of bounds ...)
	NOT-FOR-US: Android
CVE-2017-13257 (In bta_pan_data_buf_ind_cback of bta_pan_act.cc there is a use after ...)
	NOT-FOR-US: Android
CVE-2017-13256 (In process_service_search_attr_req of sdp_server.cc, there is an out ...)
	NOT-FOR-US: Android
CVE-2017-13255 (In process_service_attr_req of sdp_server.c, there is an out of bounds ...)
	NOT-FOR-US: Android
CVE-2017-13254 (A other vulnerability in the Android media framework (AACExtractor). ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13253 (In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13252 (In CryptoHal::decrypt of CryptoHal.cpp, there is an out of bounds ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13251 (In impeg2d_dec_pic_data_thread of impeg2d_dec_hdr.c, there is a ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13250 (In ih264d_fmt_conv_420sp_to_420p of ih264d_utils.c, there is an out of ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13249 (In impeg2d_api_set_display_frame of impeg2d_api_main.c, there is an ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13248 (In impeg2_idct_recon_sse42() of impeg2_idct_recon_sse42_intr.c, there ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13247 (In the Pixel 2 bootloader, there is a missing permission check which ...)
	NOT-FOR-US: HTC Android components
CVE-2017-13246 (A information disclosure vulnerability in the Upstream kernel network ...)
	NOT-FOR-US: Closed source network driver for Pixel phones
CVE-2017-13245 (A elevation of privilege vulnerability in the Upstream kernel audio ...)
	NOT-FOR-US: Closed source audio driver for Pixel phones
CVE-2017-13244 (A elevation of privilege vulnerability in the Upstream kernel easel. ...)
	NOT-FOR-US: Easel driver for Pixel phones
CVE-2017-13243 (A information disclosure vulnerability in the Android system (ui). ...)
	NOT-FOR-US: Android
CVE-2017-13242 (A information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13241 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13240 (A information disclosure vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-13239 (A information disclosure vulnerability in the Android framework (ui ...)
	NOT-FOR-US: Android
CVE-2017-13238 (In XBLRamDump mode, there is a debug feature that can be used to dump ...)
	NOT-FOR-US: HTC Android components
CVE-2017-13237
	RESERVED
CVE-2017-13236 (In the KeyStore service, there is a permissions bypass that allows ...)
	NOT-FOR-US: Android
CVE-2017-13235 (A other vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13234 (In DLSParser of the sonivox library, there is possible resource ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13233 (In ihevcd_ctb_boundary_strength_pbslice of libhevc, there is possible ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13232 (In audioserver, there is an out-of-bounds write due to a log statement ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13231 (In libmediadrm, there is an out-of-bounds write due to improper input ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13230 (In hevc codec, there is an out-of-bounds write due to an incorrect ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13229 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13228 (In function ih264d_ref_idx_reordering of libavc, there is an ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13227
	RESERVED
CVE-2017-13226 (An elevation of privilege vulnerability in the MediaTek mtk. Product: ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2017-13225 (In libMtkOmxVdec.so there is a possible heap buffer overflow. This ...)
	NOT-FOR-US: Mediatek components for Android
CVE-2017-13224
	RESERVED
CVE-2017-13223
	RESERVED
CVE-2017-13222 (An information disclosure vulnerability in the Upstream kernel kernel. ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13221 (An elevation of privilege vulnerability in the Upstream kernel wifi ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13220 (An elevation of privilege vulnerability in the Upstream kernel bluez. ...)
	{DSA-4187-1}
	- linux 4.0.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://git.kernel.org/linus/51bda2bca53b265715ca1852528f38dc67429d9a
CVE-2017-13219 (A denial of service vulnerability in the Upstream kernel synaptics ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13218 (Access to CNTVCT_EL0 could be used for side channel attacks. This ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13217 (In DisplayFtmItem in the bootloader, there is an out-of-bounds write ...)
	NOT-FOR-US: Android kernel component (no source release, no apparently not affecting mainline)
CVE-2017-13216 (In ashmem_ioctl of ashmem.c, there is an out-of-bounds write due to ...)
	- linux 4.14.17-1 (unimportant)
	[stretch] - linux 4.9.80-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/443064cb0b1fb4569fe0a71209da7625129f
CVE-2017-13215 (A elevation of privilege vulnerability in the Upstream kernel ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
CVE-2017-13214 (In the hardware HEVC decoder, some media files could cause a page ...)
	NOT-FOR-US: HTC components for Android
CVE-2017-13213 (An elevation of privilege vulnerability in the Broadcom bcmdhd driver. ...)
	NOT-FOR-US: Broadcom component for Android
CVE-2017-13212 (An elevation of privilege vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13211 (In bta_scan_results_cb_impl of btif_ble_scanner.cc, there is possible ...)
	NOT-FOR-US: Android
CVE-2017-13210 (In CameraDeviceClient::submitRequestList of CameraDeviceClient.cpp, ...)
	NOT-FOR-US: Android
CVE-2017-13209 (In the ServiceManager::add function in the hardware service manager, ...)
	NOT-FOR-US: Android
CVE-2017-13208 (In receive_packet of libnetutils/packet.c, there is a possible ...)
	NOT-FOR-US: Android
CVE-2017-13207 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13206 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13205 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13204 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13203 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13202 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13201 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13200 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13199 (In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception ...)
	NOT-FOR-US: Android media framework
CVE-2017-13198 (A vulnerability in the Android media framework (ex) related to ...)
	NOT-FOR-US: Android media framework
CVE-2017-13197 (In the ihevcd_parse_slice.c function, slave threads are not joined if ...)
	NOT-FOR-US: Android media framework
CVE-2017-13196 (In several places in ihevcd_decode.c, a dead loop could occur due to ...)
	NOT-FOR-US: Android media framework
CVE-2017-13195 (In the ihevcd_parse_sps function of ihevcd_parse_headers.c, several ...)
	NOT-FOR-US: Android media framework
CVE-2017-13194 (A vulnerability in the Android media framework (libvpx) related to odd ...)
	{DSA-4132-1 DLA-1290-1}
	- libvpx 1.7.0-2
	NOTE: Android patch: https://android.googlesource.com/platform/external/libvpx/+/55cd1dd7c8d0a3de907d22e0f12718733f4e41d9
CVE-2017-13193 (In ihevcd_decode.c there is a possible infinite loop due to bytes for ...)
	NOT-FOR-US: Android media framework
CVE-2017-13192 (In the ihevcd_parse_slice_header function of ...)
	NOT-FOR-US: Android media framework
CVE-2017-13191 (In the ihevcd_decode function of ihevcd_decode.c, there is an infinite ...)
	NOT-FOR-US: Android media framework
CVE-2017-13190 (A vulnerability in the Android media framework (libhevc) related to ...)
	NOT-FOR-US: Android media framework
CVE-2017-13189 (A vulnerability in the Android media framework (libavc) related to ...)
	NOT-FOR-US: Android media framework
CVE-2017-13188 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13187 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13186 (A vulnerability in the Android media framework (libavc) related to ...)
	NOT-FOR-US: Android media framework
CVE-2017-13185 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-13184 (In the enableVSyncInjections function of SurfaceFlinger, there is a ...)
	NOT-FOR-US: Android media framework
CVE-2017-13183 (In the OMXNodeInstance::useBuffer and IOMX::freeBuffer functions, ...)
	NOT-FOR-US: Android media framework
CVE-2017-13182 (In the sendFormatChange function of ACodec, there is a possible ...)
	NOT-FOR-US: Android media framework
CVE-2017-13181 (In the doGetThumb and getThumbnail functions of MtpServer, there is a ...)
	NOT-FOR-US: Android media framework
CVE-2017-13180 (In the onQueueFilled function of SoftAVCDec, there is a possible ...)
	NOT-FOR-US: Android media framework
CVE-2017-13179 (In the ihevcd_allocate_static_bufs and ihevcd_create functions of ...)
	NOT-FOR-US: Android media framework
CVE-2017-13178 (In the initDecoder function of SoftAVCDec, there is a possible ...)
	NOT-FOR-US: Android media framework
CVE-2017-13177 (In several functions of libhevc, NEON registers are not preserved. ...)
	NOT-FOR-US: Android media framework
CVE-2017-13176 (In the parseURL function of URLStreamHandler, there is improper input ...)
	NOT-FOR-US: Android
CVE-2017-13175 (An information disclosure vulnerability in the NVIDIA libwilhelm. ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-13174 (An elevation of privilege vulnerability in the kernel edl. Product: ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13173 (An elevation of privilege vulnerability in the MediaTek system server. ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13172 (An elevation of privilege vulnerability in the MediaTek bluetooth ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13171 (An elevation of privilege vulnerability in the MediaTek performance ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13170 (An elevation of privilege vulnerability in the MediaTek display ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-13169 (An information disclosure vulnerability in the kernel camera server. ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13168 (An elevation of privilege vulnerability in the kernel scsi driver. ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13167 (An elevation of privilege vulnerability in the kernel sound timer. ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13166 (An elevation of privilege vulnerability in the kernel v4l2 video ...)
	{DSA-4187-1 DSA-4120-1 DLA-1369-1}
	- linux 4.15.4-1
	NOTE: https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13166.html
	NOTE: https://git.kernel.org/linus/a1dfb4c48cc1e64eeb7800a27c66a6f7e88d075a
CVE-2017-13165 (An elevation of privilege vulnerability in the kernel file system. ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13164 (An information disclosure vulnerability in the kernel binder driver. ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13163 (An elevation of privilege vulnerability in the kernel mtp usb driver. ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13162 (An elevation of privilege vulnerability in the kernel binder. Product: ...)
	NOT-FOR-US: Android kernel components (no source release, so apparently not present in mainline)
CVE-2017-13161 (An elevation of privilege vulnerability in the Broadcom wireless ...)
	NOT-FOR-US: Broadcom components for Android
CVE-2017-13160 (A remote code execution vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13159 (An information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13158 (An information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13157 (An information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-13156 (An elevation of privilege vulnerability in the Android system (art). ...)
	- android-platform-system-core <not-affected> (Not exploitable on Debian, see #890949)
CVE-2017-13155
	RESERVED
CVE-2017-13154 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13153 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13152 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13151 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13150 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13149 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13148 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-13147 (In GraphicsMagick 1.3.26, an allocation failure vulnerability was found ...)
	- graphicsmagick <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/446/
CVE-2017-13146 (In ImageMagick before 6.9.8-5 and 7.x before 7.0.5-6, there is a memory ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870013)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/437a35e57db5ec078f4a3ccbf71f941276e88430
CVE-2017-13141 (In ImageMagick before 6.9.9-4 and 7.x before 7.0.6-4, a crafted file ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870116)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/600
CVE-2017-13138 (DOM based Cross-site scripting (XSS) vulnerability in the Bridge theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2017-13137 (The FormCraft Basic plugin 1.0.5 for WordPress has SQL injection in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-13136 (The image_alloc function in bpgenc.c in libbpg 0.9.7 has an integer ...)
	NOT-FOR-US: libbpg
CVE-2017-13135 (A NULL Pointer Dereference exists in VideoLAN x265, as used in libbpg ...)
	- x265 2.6-3
	[stretch] - x265 <no-dsa> (Minor issue)
	NOTE: https://github.com/ebel34/bpg-web-encoder/issues/1
	NOTE: https://bitbucket.org/multicoreware/x265/issues/385/cve-2017-13135
	NOTE: https://bitbucket.org/multicoreware/x265/commits/78c0f2c8ba087b38e291226a9555b4b4dab323a5/raw
CVE-2017-13134 (In ImageMagick 7.0.6-6 and GraphicsMagick 1.3.26, a heap-based buffer ...)
	{DSA-4040-1 DSA-4032-1 DLA-1170-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #873099)
	- graphicsmagick 1.3.26-19 (bug #881524)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/670
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5304ae14655a67b9a3db00563fe44d9abd6de4f0
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/1b234b4fe2ec864b2d5af898a31c06c9736da904
	NOTE: GraphicsMagick: http://hg.code.sf.net/p/graphicsmagick/code/rev/1b47e0078e05
CVE-2017-13133 (In ImageMagick 7.0.6-8, the load_level function in coders/xcf.c lacks ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873100)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/679
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/19dbe11c5060f66abb393d1945107c5f54894fa8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/fad03699658d2607562a8487c944c300d59a1ca5
CVE-2017-13132 (In ImageMagick 7.0.6-8, the WritePDFImage function in coders/pdf.c ...)
	- imagemagick <not-affected> (Vulnerable code not present, introduced in 7.0.1-0)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/674
CVE-2017-13131 (In ImageMagick 7.0.6-8, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/676
CVE-2017-13130 (mcmnm in BMC Patrol allows local users to gain privileges via a crafted ...)
	NOT-FOR-US: BMC Patrol
CVE-2017-13129 (Cross-site request forgery (CSRF) vulnerability in ZKTeco ZKTime Web ...)
	NOT-FOR-US: ZKTeco ZKTime Web
CVE-2017-13128
	RESERVED
CVE-2017-13127 (The VIP.com application for IOS and Android allows remote attackers to ...)
	NOT-FOR-US: VIP.com app
CVE-2017-13126
	RESERVED
CVE-2017-13125
	RESERVED
CVE-2017-13124
	RESERVED
CVE-2017-13123
	RESERVED
CVE-2017-13122
	RESERVED
CVE-2017-13121
	RESERVED
CVE-2017-13120
	RESERVED
CVE-2017-13119
	RESERVED
CVE-2017-13118
	RESERVED
CVE-2017-13117
	RESERVED
CVE-2017-13116
	RESERVED
CVE-2017-13115
	RESERVED
CVE-2017-13114
	RESERVED
CVE-2017-13113
	RESERVED
CVE-2017-13112
	RESERVED
CVE-2017-13111
	RESERVED
CVE-2017-13110
	RESERVED
CVE-2017-13109
	RESERVED
CVE-2017-13108
	RESERVED
CVE-2017-13107
	RESERVED
CVE-2017-13106
	RESERVED
CVE-2017-13105
	RESERVED
CVE-2017-13104
	RESERVED
CVE-2017-13103
	RESERVED
CVE-2017-13102
	RESERVED
CVE-2017-13101
	RESERVED
CVE-2017-13100
	RESERVED
CVE-2017-13099 (wolfSSL prior to version 3.12.2 provides a weak Bleichenbacher oracle ...)
	- wolfssl 3.13.0+dfsg-1 (bug #884235)
	NOTE: https://github.com/wolfSSL/wolfssl/pull/1229
	NOTE: https://robotattack.org/
CVE-2017-13098 (BouncyCastle TLS prior to version 1.0.3, when configured to use the ...)
	{DSA-4072-1}
	- bouncycastle 1.58-1 (bug #884241)
	[jessie] - bouncycastle <not-affected> (Vulnerable code introduced in 1.56 with tls API addition)
	[wheezy] - bouncycastle <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/bcgit/bc-java/commit/9b53e60792e14c65cd1dbfad65e88ec5949ce4b3
	NOTE: Fixed by: https://github.com/bcgit/bc-java/commit/a00b684465b38d722ca9a3543b8af8568e6bad5c
	NOTE: Fixed in 1.59 beta 9
	NOTE: https://robotattack.org/
CVE-2017-13097
	RESERVED
CVE-2017-13096
	RESERVED
CVE-2017-13095
	RESERVED
CVE-2017-13094
	RESERVED
CVE-2017-13093
	RESERVED
CVE-2017-13092
	RESERVED
CVE-2017-13091
	RESERVED
CVE-2017-13090 (The retr.c:fd_read_body() function is called when processing OK ...)
	{DSA-4008-1 DLA-1149-1}
	- wget 1.19.2-1 (bug #879957)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=ba6b44f6745b14dce414761a8e4b35d31b176bba
CVE-2017-13089 (The http.c:skip_short_body() function is called in some circumstances, ...)
	{DSA-4008-1 DLA-1149-1}
	- wget 1.19.2-1 (bug #879957)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=d892291fb8ace4c3b734ea5125770989c215df3f
CVE-2017-13088 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13087 (Wi-Fi Protected Access (WPA and WPA2) that support 802.11v allows ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13086 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13085
	RESERVED
CVE-2017-13084 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
	- wpa <unfixed> (unimportant)
	NOTE: From https://w1.fi/security/2017-1/wpa-packet-number-reuse-with-replayed-messages.txt
	NOTE: As far as the related CVE-2017-13084 (reinstallation of the STK key in
	NOTE: the PeerKey handshake) is concerned, it should be noted that PeerKey
	NOTE: implementation in wpa_supplicant is not fully functional and the actual
	NOTE: installation of the key into the driver does not work. As such, this
	NOTE: item is not applicable in practice. Furthermore, the PeerKey handshake
	NOTE: for IEEE 802.11e DLS is obsolete and not known to have been deployed.
CVE-2017-13083 (Akeo Consulting Rufus prior to version 2.17.1187 does not adequately ...)
	NOT-FOR-US: Akeo Consulting Rufus
CVE-2017-13082 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11r ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13081 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13080 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
	{DSA-3999-1 DLA-1200-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://w1.fi/security/2017-1/
	NOTE: https://git.kernel.org/linus/fdf7cb4185b60c68e1a75e61691c4afdc15dea0e (v4.14-rc6)
CVE-2017-13079 (Wi-Fi Protected Access (WPA and WPA2) that supports IEEE 802.11w ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13078 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13077 (Wi-Fi Protected Access (WPA and WPA2) allows reinstallation of the ...)
	{DSA-3999-1 DLA-1150-1}
	- wpa 2:2.4-1.1
	NOTE: https://w1.fi/security/2017-1/
CVE-2017-13076
	RESERVED
CVE-2017-13075
	RESERVED
CVE-2017-13074
	RESERVED
CVE-2017-13073 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Photo ...)
	NOT-FOR-US: NAP NAS application Photo Station
CVE-2017-13072
	RESERVED
CVE-2017-13071 (QNAP has already patched this vulnerability. This security concern ...)
	NOT-FOR-US: QNAP
CVE-2017-13070 (A DLL Hijacking vulnerability in QNAP Qsync for Windows (exe) version ...)
	NOT-FOR-US: QNAP
CVE-2017-13069 (QNAP discovered a number of command injection vulnerabilities found in ...)
	NOT-FOR-US: QNAP
CVE-2017-13068 (QNAP has already patched this vulnerability. This security concern ...)
	NOT-FOR-US: QNAP
CVE-2017-13067 (QNAP has patched a remote code execution vulnerability affecting the ...)
	NOT-FOR-US: QNAP
CVE-2017-13066 (GraphicsMagick 1.3.26 has a memory leak vulnerability in the function ...)
	- graphicsmagick <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/430/
CVE-2017-13065 (GraphicsMagick 1.3.26 has a NULL pointer dereference vulnerability in ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-7 (bug #873119)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/435/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13064 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-7 (bug #873129)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/436/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13063 (GraphicsMagick 1.3.26 has a heap-based buffer overflow vulnerability in ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-7 (bug #873130)
	NOTE: https://sourceforge.net/p/graphicsmagick/bugs/434/
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/54f48ab2d52a
CVE-2017-13062 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/669
CVE-2017-13061 (In ImageMagick 7.0.6-5, a length-validation vulnerability was found in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #873131)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/645
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/90ed66889d6455a1d7f36e939977fa099e2d7ca7
CVE-2017-13060 (In ImageMagick 7.0.6-5, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/644
CVE-2017-13059 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/667
CVE-2017-13058 (In ImageMagick 7.0.6-6, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/666
CVE-2017-13057
	RESERVED
CVE-2017-13056 (The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might ...)
	NOT-FOR-US: PDF-XChange Viewer
CVE-2017-13055 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13054 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13053 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13052 (The CFM parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13051 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13050 (The RPKI-Router parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13049 (The Rx protocol parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13048 (The RSVP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13047 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13046 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13045 (The VQP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13044 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13043 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13042 (The HNCP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13041 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13040 (The MPTCP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13039 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13038 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13037 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13036 (The OSPFv3 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13035 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13034 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13033 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13032 (The RADIUS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13031 (The IPv6 fragmentation header parser in tcpdump before 4.9.2 has a ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13030 (The PIM parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13029 (The PPP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13028 (The BOOTP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13027 (The LLDP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13026 (The ISO IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13025 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13024 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13023 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13022 (The IP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13021 (The ICMPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13020 (The VTP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13019 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13018 (The PGM parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13017 (The DHCPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13016 (The ISO ES-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13015 (The EAP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13014 (The White Board protocol parser in tcpdump before 4.9.2 has a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13013 (The ARP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13012 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13011 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13010 (The BEEP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13009 (The IPv6 mobility parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13008 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13007 (The Apple PKTAP parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13006 (The L2TP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13005 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13004 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13003 (The LMP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13002 (The AODV parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13001 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-13000 (The IEEE 802.15.4 parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12999 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12998 (The IS-IS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12997 (The LLDP parser in tcpdump before 4.9.2 could enter an infinite loop ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12996 (The PIMv2 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12995 (The DNS parser in tcpdump before 4.9.2 could enter an infinite loop due ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12994 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12993 (The Juniper protocols parser in tcpdump before 4.9.2 has a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12992 (The RIPng parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12991 (The BGP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12990 (The ISAKMP parser in tcpdump before 4.9.2 could enter an infinite loop ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12989 (The RESP parser in tcpdump before 4.9.2 could enter an infinite loop ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12988 (The telnet parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12987 (The IEEE 802.11 parser in tcpdump before 4.9.2 has a buffer over-read ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12986 (The IPv6 routing header parser in tcpdump before 4.9.2 has a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12985 (The IPv6 parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12984 (PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, ...)
	NOT-FOR-US: PHPMyWind
CVE-2017-12983 (Heap-based buffer overflow in the ReadSFWImage function in coders/sfw.c ...)
	{DSA-4040-1 DSA-4032-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #873134)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/682
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d4145e664aea3752ca6d3bf1ee825352b595dab5
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/26078285f49c361ad8ddc8e14bd1d4aab7ed5682
CVE-2017-12981 (NexusPHP 1.5.beta5.20120707 has SQL Injection in forummanage.php via ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12980 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...)
	- dokuwiki <unfixed> (bug #872941)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2081
	NOTE: https://github.com/splitbrain/dokuwiki/commit/f883db117a4fdeae72071db41b3ef5932d6335da
CVE-2017-12979 (DokuWiki through 2017-02-19c has stored XSS when rendering a malicious ...)
	- dokuwiki <unfixed> (bug #872940)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2080
	NOTE: https://github.com/splitbrain/dokuwiki/commit/56bd9509ab2037512829392fda6427af7f390724
CVE-2017-12978 (lib/html.php in Cacti before 1.1.18 has XSS via the title field of an ...)
	- cacti 1.1.18+ds1-1
	[stretch] - cacti <not-affected> (Vulnerable code, external link support, introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code, external link support, introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code, external link support, introduced later)
	NOTE: https://github.com/Cacti/cacti/commit/9c610a7a4e29595dcaf7d7082134e4b89619ea24
	NOTE: https://github.com/Cacti/cacti/issues/918
CVE-2017-12977 (The Web-Dorado &quot;Photo Gallery by WD - Responsive Photo Gallery&quot; plugin ...)
	NOT-FOR-US: Web-Dorado plugin for Wordpress
CVE-2017-1000216
	REJECTED
CVE-2017-1000205
	REJECTED
CVE-2017-1000202
	REJECTED
CVE-2017-1000184
	REJECTED
CVE-2017-1000183
	REJECTED
CVE-2017-1000181
	REJECTED
CVE-2017-1000180
	REJECTED
CVE-2017-1000179
	REJECTED
CVE-2017-1000178
	REJECTED
CVE-2017-1000177
	REJECTED
CVE-2017-1000175
	REJECTED
CVE-2017-1000167
	REJECTED
CVE-2017-1000166
	REJECTED
CVE-2017-1000165
	REJECTED
CVE-2017-1000162
	REJECTED
CVE-2017-1000124
	REJECTED
CVE-2017-1000123
	REJECTED
CVE-2017-12982 (The bmp_read_info_header function in bin/jp2/convertbmp.c in OpenJPEG ...)
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/983
	NOTE: https://github.com/uclouvain/openjpeg/commit/baf0c1ad4572daa89caa3b12985bdd93530f0dd7
CVE-2017-12975
	RESERVED
CVE-2017-12974 (Nimbus JOSE+JWT before 4.36 proceeds with ECKey construction without ...)
	NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12973 (Nimbus JOSE+JWT before 4.39 proceeds improperly after detection of an ...)
	NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12972 (In Nimbus JOSE+JWT before 4.39, there is no integer-overflow check when ...)
	NOT-FOR-US: Nimbus JOSE + JWT
CVE-2017-12976 (git-annex before 6.20170818 allows remote attackers to execute ...)
	{DSA-4010-1 DLA-1144-1}
	- git-annex 6.20170818-1 (bug #873088)
	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=df11e54788b254efebb4898b474de11ae8d3b471
	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=commit;h=c24d0f0e8984576654e2be149005bc884fe0403a
	NOTE: http://source.git-annex.branchable.com/?p=source.git;a=blob;f=doc/bugs/dashed_ssh_hostname_security_hole.mdwn
	NOTE: jessie patch: https://gitlab.com/anarcat/git-annex/commit/58daf6cbe4c1ea1cf71f3a538a0e27b5075c7265
	NOTE: stretch patch: https://gitlab.com/anarcat/git-annex/commit/115585df48dce16aa702663dab220de625b9de7d
	NOTE: This is similar class of issue as for CVE-2017-1000117/git
CVE-2017-12971 (Cross-site scripting (XSS) vulnerability in Apache2Triad 1.5.4 allows ...)
	NOT-FOR-US: Apache2Triad
CVE-2017-12970 (Cross-site request forgery (CSRF) vulnerability in Apache2Triad 1.5.4 ...)
	NOT-FOR-US: Apache2Triad
CVE-2017-12969 (Buffer overflow in the ViewerCtrlLib.ViewerCtrl ActiveX control in ...)
	NOT-FOR-US: Avaya IP Office Contact Center
CVE-2017-12968
	RESERVED
CVE-2017-12967 (The getsym function in tekhex.c in the Binary File Descriptor (BFD) ...)
	- binutils 2.29-5
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <ignored> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21962
CVE-2017-12966 (The asn1f_lookup_symbol_impl function in asn1fix_retrieve.c in ...)
	- asn1c <unfixed> (unimportant)
CVE-2017-12965 (Session fixation vulnerability in Apache2Triad 1.5.4 allows remote ...)
	NOT-FOR-US: Apache2Triad
CVE-2017-12964 (There is a stack consumption issue in LibSass 3.4.5 that is triggered ...)
	- libsass <unfixed> (low; bug #873034)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482397
CVE-2017-12963 (There is an illegal address access in Sass::Eval::operator() in ...)
	- libsass <unfixed> (low; bug #873034)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482335
	NOTE: Similar issue to CVE-2017-11555 but for the issue which remains unfixed
	NOTE: with the upstream patch for CVE-2017-11555.
CVE-2017-12962 (There are memory leaks in LibSass 3.4.5 triggered by deeply nested ...)
	- libsass <unfixed> (low; bug #873034)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482331
CVE-2017-12961 (There is an assertion abort in the function parse_attributes() in ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482436
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12960 (There is a reachable assertion abort in the function dict_rename_var() ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482433
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12959 (There is a reachable assertion abort in the function dict_add_mrset() ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482432
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12958 (There is an illegal address access in the function output_hex() in ...)
	- pspp 1.0.1-1 (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482429
	NOTE: Crash in CLI tool, no security impact
CVE-2017-12957 (There is a heap-based buffer over-read in libexiv2 in Exiv2 0.26 that ...)
	- exiv2 <not-affected> (Incorrect memory allocation introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/60
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482423
	NOTE: Experimental is affected, tracking as #876242
CVE-2017-12956 (There is an illegal address access in Exiv2::FileIo::path[abi:cxx11]() ...)
	[experimental] - exiv2 <unfixed> (low; bug #888872)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/59
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482296
	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The file contains data of an unknown image type"
	NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12955 (There is a heap-based buffer overflow in basicio.cpp of Exiv2 0.26. The ...)
	[experimental] - exiv2 <unfixed> (bug #888873)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/58
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1482295
	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1) => "The memory contains data of an unknown image type"
	NOTE: Reproducible in experimental (0.26-1).
CVE-2017-12954 (The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig ...)
	- libgig 4.0.0-5 (low; bug #877652)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3350
CVE-2017-12953 (The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in ...)
	- libgig 4.0.0-4 (low; bug #873718)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
CVE-2017-12952 (The LoadString function in helper.h in libgig 4.0.0 allows remote ...)
	- libgig 4.0.0-4 (low; bug #873718)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
CVE-2017-12951 (The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in ...)
	- libgig 4.0.0-5 (low; bug #877651)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3349
CVE-2017-12950 (The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows ...)
	- libgig 4.0.0-4 (low; bug #873718)
	[stretch] - libgig <no-dsa> (Minor issue)
	[jessie] - libgig <no-dsa> (Minor issue)
	[wheezy] - libgig <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/39 (provides repoducer files)
	NOTE: http://svn.linuxsampler.org/cgi-bin/viewvc.cgi?view=revision&revision=3348
CVE-2017-12949 (lib\modules\contributors\contributor_list_table.php in the Podlove ...)
	NOT-FOR-US: Podlove Podcast Publisher plugin for Wordpress
CVE-2017-12948 (Core\Admin\PFTemplater.php in the PressForward plugin 4.3.0 and earlier ...)
	NOT-FOR-US: PressForward plugin for Wordpress
CVE-2017-12947 (classes\controller\admin\modals.php in the Easy Modal plugin before ...)
	NOT-FOR-US: Easy Modal plugin for WordPress
CVE-2017-12946 (classes\controller\admin\modals.php in the Easy Modal plugin before ...)
	NOT-FOR-US: Easy Modal plugin for WordPress
CVE-2017-12945
	RESERVED
CVE-2017-12944 (The TIFFReadDirEntryArray function in tif_read.c in LibTIFF 4.0.8 ...)
	{DSA-4100-1 DLA-1093-1}
	- tiff 4.0.8-6 (bug #872607)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2725
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/dc02f9050311a90b3c0655147cee09bfa7081cfc
CVE-2017-12943 (D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers ...)
	NOT-FOR-US: D-Link DIR-600 Rev Bx devices
CVE-2017-12939 (A Remote Code Execution vulnerability was identified in all Windows ...)
	NOT-FOR-US: Unity Editor
CVE-2017-12942 (libunrar.a in UnRAR before 5.5.7 has a buffer overflow in the ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12941 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12940 (libunrar.a in UnRAR before 5.5.7 has an out-of-bounds read in the ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/6
CVE-2017-12938 (UnRAR before 5.5.7 allows remote attackers to bypass a ...)
	- unrar-nonfree 1:5.5.8-1
	[stretch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[jessie] - unrar-nonfree <no-dsa> (Non-free not supported)
	[wheezy] - unrar-nonfree <no-dsa> (Non-free not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/2
CVE-2017-12937 (The ReadSUNImage function in coders/sun.c in GraphicsMagick 1.3.26 has ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-6 (bug #872574)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/5
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/95d00d55e978
CVE-2017-12936 (The ReadWMFImage function in coders/wmf.c in GraphicsMagick 1.3.26 has ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-6 (bug #872575)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/3
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/be898b7c97bd
CVE-2017-12935 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
	{DLA-1082-1}
	- graphicsmagick 1.3.26-6 (bug #872576)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/18/4
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/cd699a44f188
CVE-2017-12934 (ext/standard/var_unserializer.re in PHP 7.0.x before 7.0.21 and 7.1.x ...)
	{DSA-4080-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	NOTE: Fixed in 7.1.7, 7.0.21
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74101
CVE-2017-12933 (The finish_nested_data function in ext/standard/var_unserializer.re in ...)
	{DSA-4081-1 DSA-4080-1 DLA-1076-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	- php5 <removed>
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74111
CVE-2017-12932 (ext/standard/var_unserializer.re in PHP 7.0.x through 7.0.22 and 7.1.x ...)
	{DSA-4080-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	NOTE: Fixed in 7.1.8, 7.0.22
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74103
	NOTE: https://github.com/php/php-src/commit/1a23ebc1fff59bf480ca92963b36eba5c1b904c4
CVE-2017-12931
	RESERVED
CVE-2017-12930 (SQL Injection in the admin interface in TecnoVISION DLX Spot Player4 ...)
	NOT-FOR-US: TecnoVISION DLX Spot Player4
CVE-2017-12929 (Arbitrary File Upload in resource.php of TecnoVISION DLX Spot Player4 ...)
	NOT-FOR-US: TecnoVISION DLX Spot Player4
CVE-2017-12928 (A hard-coded password of tecn0visi0n for the dlxuser account in ...)
	NOT-FOR-US: TecnoVISION DLX Spot Player4
CVE-2017-12926
	RESERVED
CVE-2017-12918
	RESERVED
CVE-2017-12917
	RESERVED
CVE-2017-12916
	RESERVED
CVE-2017-12915
	RESERVED
CVE-2017-12914
	RESERVED
CVE-2017-12913
	RESERVED
CVE-2017-12912 (The &quot;mpglibDBL/layer3.c&quot; file in MP3Gain 1.5.2.r2 has a vulnerability ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU
CVE-2017-12911 (The &quot;apetag.c&quot; file in MP3Gain 1.5.2.r2 has a vulnerability which ...)
	- mp3gain <removed>
	[wheezy] - mp3gain <end-of-life>
	NOTE: https://drive.google.com/open?id=0B9DojFnTUSNGeS1hZlJkeGVkYlU
CVE-2017-12910 (SQL injection vulnerability in massmail.php in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12909 (SQL injection vulnerability in modtask.php in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12908 (SQL injection vulnerability in takeconfirm.php in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12907 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the url ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12906 (Multiple cross-site scripting (XSS) vulnerabilities in NexusPHP allow ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12905 (Server Side Request Forgery vulnerability in Vebto Pixie Image Editor ...)
	NOT-FOR-US: Vebto Pixie Image Editor
CVE-2017-12904 (Improper Neutralization of Special Elements used in an OS Command in ...)
	{DSA-3947-1 DLA-1061-1}
	- newsbeuter 2.9-6
	NOTE: https://github.com/akrennmair/newsbeuter/issues/591
	NOTE: https://github.com/akrennmair/newsbeuter/commit/96e9506ae9e252c548665152d1b8968297128307
CVE-2017-12903
	RESERVED
CVE-2017-12902 (The Zephyr parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12901 (The EIGRP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12900 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12899 (The DECnet parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12898 (The NFS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12897 (The ISO CLNS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12896 (The ISAKMP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12895 (The ICMP parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12894 (Several protocol parsers in tcpdump before 4.9.2 could cause a buffer ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12893 (The SMB/CIFS parser in tcpdump before 4.9.2 has a buffer over-read in ...)
	{DSA-3971-1 DLA-1097-1}
	- tcpdump 4.9.2-1
CVE-2017-12925 (Double free vulnerability in DfFromLB in docfile.cxx in libfpx ...)
	NOT-FOR-US: libfpx
CVE-2017-12924 (CDirVector::GetTable in dirfunc.hxx in libfpx 1.3.1_p6 allows remote ...)
	NOT-FOR-US: libfpx
CVE-2017-12923 (OLEStream::WriteVT_LPSTR in olestrm.cpp in libfpx 1.3.1_p6 allows ...)
	NOT-FOR-US: libfpx
CVE-2017-12922 (wchar.c in libfpx 1.3.1_p6 allows remote attackers to cause a denial ...)
	NOT-FOR-US: libfpx
CVE-2017-12921 (PFileFlashPixView::GetGlobalInfoProperty in f_fpxvw.cpp in libfpx ...)
	NOT-FOR-US: libfpx
CVE-2017-12920 (CDirectory::GetDirEntry in dir.cxx in libfpx 1.3.1_p6 allows remote ...)
	NOT-FOR-US: libfpx
CVE-2017-12919 (Heap-based buffer overflow in OLEStream::WriteVT_LPSTR in olestrm.cpp ...)
	NOT-FOR-US: libfpx
CVE-2017-12927 (A cross-site scripting vulnerability exists in Cacti 1.1.17 in the ...)
	- cacti 1.1.17+ds1-2 (bug #872478)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/907
	NOTE: https://github.com/Cacti/cacti/commit/a032ce0be6a4ea47862c594e40a619ac8de1ef99
CVE-2017-1000108 (The Pipeline: Input Step Plugin by default allowed users with ...)
	NOT-FOR-US: Jenkins Input Step Plugin
CVE-2017-1000107 (Script Security Plugin did not apply sandboxing restrictions to ...)
	NOT-FOR-US: Jenkins Script Security Plugin
CVE-2017-12892 (Foxit PDF Compressor installers from versions from 7.0.0.183 to ...)
	NOT-FOR-US: Foxit PDF Compressor
CVE-2017-12891
	RESERVED
CVE-2017-12890
	RESERVED
CVE-2017-12889
	RESERVED
CVE-2017-12888
	RESERVED
CVE-2017-12887
	RESERVED
CVE-2017-12886
	RESERVED
CVE-2017-12885
	RESERVED
CVE-2017-12884
	RESERVED
CVE-2017-12883 (Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 ...)
	{DSA-3982-1}
	- perl 5.26.0-8 (bug #875597)
	[wheezy] - perl <not-affected> (Vulnerable code introduced later)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131598 (not yet public)
	NOTE: https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/2692dda97731c37082a0075eff50d741901c665f
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/40b3cdad3649334585cee8f4630ec9a025e62be6
CVE-2017-12882 (Stored Cross-site scripting (XSS) vulnerability in Spring Batch Admin ...)
	NOT-FOR-US: Spring Batch Admin
CVE-2017-12881 (Cross-site request forgery (CSRF) vulnerability in the Spring Batch ...)
	NOT-FOR-US: Spring Batch Admin
CVE-2017-12880
	REJECTED
CVE-2017-12879 (Cross-site scripting (XSS-STORED) vulnerability in the DEVICES OR ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2017-12878
	RESERVED
CVE-2016-10502
	RESERVED
CVE-2016-10501 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10500
	RESERVED
CVE-2016-10499 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10498 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10497 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10496 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10495 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10494 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10493 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10492 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10491 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10490 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10489 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10488
	RESERVED
CVE-2016-10487 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10486 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10485 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10484 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10483 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10482 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10481 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10480 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10479 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10478 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10477 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10476 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10475 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10474 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10473 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10472 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10471 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10470
	RESERVED
CVE-2016-10469 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10468
	RESERVED
CVE-2016-10467 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10466 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10465
	RESERVED
CVE-2016-10464 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10463
	RESERVED
CVE-2016-10462 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10461 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10460 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10459 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10458 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10457 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10456 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10455 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10454 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10453
	RESERVED
CVE-2016-10452 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10451 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10450 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10449 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10448 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10447 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10446 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10445 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10444 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10443 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10442 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10441 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10440 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10439 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10438 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10437 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10436 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10435 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10434 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10433 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10432 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10431 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10430 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10429 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10428 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10427 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10426 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10425 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10424 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10423 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10422 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10421 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10420 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10419 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10418 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10417 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10416 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10415 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10414 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10413
	RESERVED
CVE-2016-10412 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10411 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10410 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10409 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10408
	RESERVED
CVE-2016-10407 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10406 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9225
	RESERVED
CVE-2015-9224 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9223 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9222 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9221 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9220 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9219 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9218 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9217 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9216 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9215 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9214
	RESERVED
CVE-2015-9213 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9212 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9211 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9210 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9209 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9208 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9207 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9206 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9205 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9204 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9203 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9202 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9201 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9200 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9199 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9198 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9197 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9196 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9195 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9194 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9193 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9192 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9191 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9190 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9189 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9188 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9187 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9186 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9185 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9184 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9183 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9182 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9181 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9180 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9179 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9178 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9177 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9176 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9175 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9174 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9173 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9172 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9171 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9170 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9169 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9168
	RESERVED
CVE-2015-9167 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9166 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9165 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9164 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9163 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9162 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9161 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9160 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9159 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9158 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9157 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9156 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9155
	RESERVED
CVE-2015-9154
	RESERVED
CVE-2015-9153 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9152 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9151 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9150 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9149 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9148 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9147 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9146 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9145 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9144 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9143 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9142 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9141 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9140 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9139 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9138 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9137 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9136 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9135 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9134 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9133 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9132 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9131 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9130 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9129 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9128 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9127 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9126 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9125
	RESERVED
CVE-2015-9124 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9123 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9122 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9121
	RESERVED
CVE-2015-9120 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9119 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9118 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9117
	RESERVED
CVE-2015-9116 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9115 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9114 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9113 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9112 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9111 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9110 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9109 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9108 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9998 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9997 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9996 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9995 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9994 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9993 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9992
	RESERVED
CVE-2014-9991 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9990 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9989 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9988 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9987 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9986 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9985 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10063 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10062 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10061
	RESERVED
CVE-2014-10060
	RESERVED
CVE-2014-10059 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10058 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10057 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10056 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10055 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10054 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10053 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10052 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10051 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10050 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10049
	RESERVED
CVE-2014-10048 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10047 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10046 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10045 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10044 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10043 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-10039 (In Android before 2018-04-05 or earlier security patch level on ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-12877 (Use-after-free vulnerability in the DestroyImage function in image.c ...)
	{DSA-4074-1 DSA-4040-1 DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (bug #872373)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/662
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/98dda239ec398dd56453460849b4c9057fc424e5
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/04178de2247e353fc095846784b9a10fefdbf890
	NOTE: This doesn't affect the base releases, but got introduced via security fixes, which got backported to older suites
CVE-2017-12876 (Heap-based buffer overflow in enhance.c in ImageMagick before 7.0.6-6 ...)
	- imagemagick <not-affected> (Specific to Imagemagick 7, 6.x uses fixed pixel cache morphology)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/663
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1cc6f0ccc92c20c7cab6c4a7335daf29c91f0d8e
CVE-2017-12875 (The WritePixelCachePixels function in ImageMagick 7.0.6-6 allows ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873871)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/659
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6f95e543c80319721e22d623bb23712cd29afa9e
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d96b55ea41e71de43663818ccd17c6af3fa6c4fd
CVE-2017-12866
	RESERVED
CVE-2017-12865 (Stack-based buffer overflow in &quot;dnsproxy.c&quot; in connman 1.34 and ...)
	{DSA-3956-1 DLA-1078-1}
	- connman 1.35-1 (bug #872844)
	NOTE: https://git.kernel.org/pub/scm/network/connman/connman.git/commit/?id=5c281d182ecdd0a424b64f7698f32467f8f67b71 (1.35)
CVE-2017-12864 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ReadNumber did ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #875345)
	NOTE: https://github.com/opencv/opencv/issues/9372
CVE-2017-12863 (In opencv/modules/imgcodecs/src/grfmt_pxm.cpp, function ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #875344)
	NOTE: https://github.com/opencv/opencv/issues/9371
CVE-2017-12862 (In modules/imgcodecs/src/grfmt_pxm.cpp, the length of buffer ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #875342)
	NOTE: https://github.com/opencv/opencv/issues/9370
CVE-2017-12861 (The Epson &quot;EasyMP&quot; software is designed to remotely stream a users ...)
	NOT-FOR-US: Epson "EasyMP"
CVE-2017-12860 (The Epson &quot;EasyMP&quot; software is designed to remotely stream a users ...)
	NOT-FOR-US: Epson "EasyMP"
CVE-2017-12859 (NetApp Data ONTAP before 8.2.5, when operating in 7-Mode in NFS ...)
	NOT-FOR-US: NetApp
CVE-2017-12858 (Double free vulnerability in the _zip_dirent_read function in ...)
	- libzip <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced after: https://github.com/nih-at/libzip/commit/796c5968ad679220db3fb65ec6f48c66e554e5d5 (rel-1-2-0)
	NOTE: Fixed by: https://github.com/nih-at/libzip/commit/2217022b7d1142738656d891e00b3d2d9179b796
CVE-2017-12857 (Polycom SoundStation IP, VVX, and RealPresence Trio that are running ...)
	NOT-FOR-US: Polycom
CVE-2017-12856 (Cross-site scripting (XSS) vulnerability in C.P.Sub 5.2 allows remote ...)
	NOT-FOR-US: C.P.Sub
CVE-2017-12854
	RESERVED
CVE-2017-12874 (The InfoCard module 1.0 for SimpleSAMLphp allows attackers to spoof ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.11-1
	NOTE: Issue lies in simplesamlphp/simplesamlphp-module-infocard and fixed
	NOTE: in 1.0.1. The module is embedded in src:simplesamlphp
	NOTE: https://simplesamlphp.org/security/201612-03
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp-module-infocard/commit/7353762acacd827a61378629f87de991451089da
CVE-2017-12873 (SimpleSAMLphp 1.7.0 through 1.14.10 might allow attackers to obtain ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.11-1
	NOTE: https://simplesamlphp.org/security/201612-04
	NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/90dca835158495b173808273e7df127303b8b953aa
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/e2daf4ceb6e580815c3741384b3a09b85a5fc231
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/300d8aa48fe93706ade95be481c68e9cf2f32d1f
CVE-2017-12872 (The (1) Htpasswd authentication source in the authcrypt module and (2) ...)
	{DLA-1205-1}
	- simplesamlphp 1.14.15-1
	NOTE: https://simplesamlphp.org/security/201703-01
	NOTE: Patches: https://github.com/simplesamlphp/simplesamlphp/commit/ab7761d4a523a4ed00479fb1ddba688e7ca72439
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
CVE-2017-12871 (The aesEncrypt method in lib/SimpleSAML/Utils/Crypto.php in ...)
	- simplesamlphp 1.14.15-1
	[jessie] - simplesamlphp <not-affected> (Vulnerable code not present)
	[wheezy] - simplesamlphp <not-affected> (Vulnerable code not present)
	NOTE: https://simplesamlphp.org/security/201703-02
CVE-2017-12870 (SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle ...)
	- simplesamlphp 1.14.15-1
	[wheezy] - simplesamlphp <ignored> (Minor issue mitigated by HTTPS usage, hard to backport)
	NOTE: https://simplesamlphp.org/security/201704-01
CVE-2017-12869 (The multiauth module in SimpleSAMLphp 1.14.13 and earlier allows ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.15-1
	NOTE: https://simplesamlphp.org/security/201704-02
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/f1e485284dd428ab3cd9500c62e19c7c7234be9a
CVE-2017-12868 (The secureCompare method in lib/SimpleSAML/Utils/Crypto.php in ...)
	{DLA-1205-1}
	- simplesamlphp 1.14.15-1
	NOTE: https://simplesamlphp.org/security/201705-01
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/caf764cc2c9b68ac29741070ebdf133a595443f1
CVE-2017-12867 (The SimpleSAML_Auth_TimeLimitedToken class in SimpleSAMLphp 1.14.14 ...)
	{DSA-4127-1 DLA-1205-1}
	- simplesamlphp 1.14.15-1
	NOTE: https://simplesamlphp.org/security/201708-01
	NOTE: Patch: https://github.com/simplesamlphp/simplesamlphp/commit/608f24c2d5afd70c2af050785d2b12f878b33c68
CVE-2017-12855 (Xen maintains the _GTF_{read,writ}ing bits as appropriate, to inform ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-230.html
CVE-2017-12853 (The RealTime RWR-3G-100 Router Firmware Version : Ver1.0.56 is ...)
	NOT-FOR-US: RealTime RWR-3G-100 Router Firmware
CVE-2017-12852 (The numpy.pad function in Numpy 1.13.1 and older versions is missing ...)
	- python-numpy <unfixed> (bug #872407)
	[stretch] - python-numpy <no-dsa> (Minor issue)
	[jessie] - python-numpy <no-dsa> (Minor issue)
	[wheezy] - python-numpy <no-dsa> (Minor issue)
	NOTE: https://github.com/numpy/numpy/issues/9560#issuecomment-322395292
CVE-2017-12851 (An authenticated standard user could reset the password of the admin ...)
	- kanboard <itp> (bug #790814)
CVE-2017-12850 (An authenticated standard user could reset the password of other users ...)
	- kanboard <itp> (bug #790814)
	NOTE: https://github.com/kanboard/kanboard/commit/88dd6abbf3f519897f2f6280e95c9eec9123a4ae
CVE-2017-12849 (Response discrepancy in the login and password reset forms in ...)
	NOT-FOR-US: SilverStripe CMS
CVE-2017-12848
	RESERVED
CVE-2017-12847 (Nagios Core before 4.3.3 creates a nagios.lock PID file after dropping ...)
	- nagios3 <removed>
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/16/7
	NOTE: https://github.com/NagiosEnterprises/nagioscore/issues/404
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/1b197346d490df2e2d3b1dcce5ac6134ad0c8752
	NOTE: https://github.com/orlitzky/nagioscore/commit/3baffa78bafebbbdf9f448890ba5a952ea2d73cb
CVE-2017-12846
	RESERVED
CVE-2017-12845
	RESERVED
CVE-2017-12844 (Cross-site scripting (XSS) vulnerability in the admin panel in IceWarp ...)
	NOT-FOR-US: IceWarp
CVE-2017-12843 (Cyrus IMAP before 3.0.3 allows remote authenticated users to write to ...)
	- cyrus-imapd <not-affected> (Vulnerable code introduced later)
	- cyrus-imapd-2.4 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/cyrusimap/cyrus-imapd/commit/d734a23122155f3522a8cb6aef118223aa73cde0
CVE-2017-12842
	RESERVED
CVE-2017-12841
	RESERVED
CVE-2017-12840 (A kernel driver, namely DLMFENC.sys, bundled with the DESLock+ client ...)
	NOTE: DESLock+
CVE-2017-12839
	RESERVED
CVE-2017-12838 (Cross-site request forgery (CSRF) vulnerability in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12837 (Heap-based buffer overflow in the S_regatom function in regcomp.c in ...)
	{DSA-3982-1}
	- perl 5.26.0-8 (bug #875596)
	[wheezy] - perl <not-affected> (Vulnerable code introduced after 5.14.4)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131582 (not yet public)
	NOTE: https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
	NOTE: maint-5.26: https://perl5.git.perl.org/perl.git/commitdiff/66288bb3f44c8aa5122e5f40d8cfc0eada8b1695
	NOTE: maint-5.24: https://perl5.git.perl.org/perl.git/commitdiff/f7e5417e7bffba03947b66e4d8622d7c220f2876
CVE-2017-12835
	RESERVED
CVE-2017-12834
	RESERVED
CVE-2017-12833
	RESERVED
CVE-2017-12832
	RESERVED
CVE-2017-12831
	RESERVED
CVE-2017-12830
	RESERVED
CVE-2017-12829
	RESERVED
CVE-2017-12828
	RESERVED
CVE-2017-12827
	RESERVED
CVE-2017-12826
	RESERVED
CVE-2017-12825
	RESERVED
CVE-2017-12824 (Special crafted InPage document leads to arbitrary code execution in ...)
	NOT-FOR-US: InPage
CVE-2017-12823 (Kernel pool memory corruption in one of drivers in Kaspersky Embedded ...)
	NOT-FOR-US: Kaspersky
CVE-2017-12822 (Remote enabling and disabling admin interface in Gemalto's HASP SRM, ...)
	NOT-FOR-US: Gemalto
CVE-2017-12821 (Memory corruption in Gemalto's HASP SRM, Sentinel HASP and Sentinel ...)
	NOT-FOR-US: Gemalto
CVE-2017-12820 (Arbitrary memory read from controlled memory pointer in Gemalto's HASP ...)
	NOT-FOR-US: Gemalto
CVE-2017-12819 (Remote manipulations with language pack updater lead to NTLM-relay ...)
	NOT-FOR-US: Gemalto
CVE-2017-12818 (Stack overflow in custom XML-parser in Gemalto's HASP SRM, Sentinel ...)
	NOT-FOR-US: Gemalto
CVE-2017-12817 (In Kaspersky Internet Security for Android 11.12.4.1622, some of the ...)
	NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12816 (In Kaspersky Internet Security for Android 11.12.4.1622, some of ...)
	NOT-FOR-US: Kaspersky Internet Security for Android
CVE-2017-12815 (Analysis of the Bomgar Remote Support Portal JavaStart.jar Applet ...)
	NOT-FOR-US: Bomgar Remote Support Portal JavaStart Applet
CVE-2017-12814 (Stack-based buffer overflow in the CPerlHost::Add method in ...)
	- perl <not-affected> (Windows specific issue)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=131665 (not yet public)
CVE-2017-12813 (PHPJabbers File Sharing Script 1.0 has stored XSS in the comments ...)
	NOT-FOR-US: PHPJabbers File Sharing Script
CVE-2017-12812 (PHPJabbers Night Club Booking Software has stored XSS in the name ...)
	NOT-FOR-US: PHPJabbers Night Club Booking Software
CVE-2017-12811 (PHPJabbers Star Rating Script 4.0 has stored XSS via a rating item. ...)
	NOT-FOR-US: PHPJabbers Star Rating Script
CVE-2017-12810 (PHPJabbers PHP Newsletter Script 4.2 has stored XSS in lists in the ...)
	NOT-FOR-US: PHPJabbers PHP Newsletter Script
CVE-2017-12809 (QEMU (aka Quick Emulator), when built with the IDE disk and CD/DVD-ROM ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (bug #873849)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-08/msg01850.html
CVE-2017-12808
	RESERVED
CVE-2017-12807
	REJECTED
CVE-2017-12806
	RESERVED
CVE-2017-12805
	RESERVED
CVE-2017-12804
	RESERVED
CVE-2017-12803 (The Node_ValidatePtr function in corec/corec/node/node.c in mkclean ...)
	NOT-FOR-US: mkclean
CVE-2017-12802 (The EBML_IntegerValue function in ebmlnumber.c in libebml2 through ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12801 (The UpdateDataSize function in ebmlmaster.c in libebml2 through ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12800 (The EBML_FindNextElement function in ebmlmain.c in libebml2 through ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2016-10405 (Session fixation vulnerability in D-Link DIR-600L routers (rev. Ax) ...)
	NOT-FOR-US: D-Link
CVE-2017-12836 (CVS 1.12.x, when configured to use SSH for remote repositories, might ...)
	{DSA-3940-1 DLA-1056-1}
	- cvs 2:1.12.13+real-24 (bug #871810)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/11/1
CVE-2017-12799 (The elf_read_notesfunction in bfd/elf.c in GNU Binutils 2.29 allows ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21933
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=957e1fc1c5d0262e4b2f764cf031ad1458446498
CVE-2017-12798 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the q ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12797 (Integer overflow in the INT123_parse_new_id3 function in the ID3 ...)
	- mpg123 1.25.6-1
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <no-dsa> (Minor issue)
	[wheezy] - mpg123 <ignored> (Minor issue)
	NOTE: https://sourceforge.net/p/mpg123/bugs/254/
	NOTE: https://sourceforge.net/p/mpg123/mailman/message/35987663/
CVE-2017-12796 (The Reporting Compatibility Add On before 2.0.4 for OpenMRS, as ...)
	NOT-FOR-US: OpenMRS addon
CVE-2017-12795
	RESERVED
CVE-2017-12794 (In Django 1.10.x before 1.10.8 and 1.11.x before 1.11.5, HTML ...)
	- python-django 1:1.11.5-1 (low; bug #874415)
	[stretch] - python-django <postponed> (Only affects debug mode)
	[jessie] - python-django <not-affected> (Vulnerable code do not exist)
	[wheezy] - python-django <not-affected> (Vulnerable code do not exist)
	NOTE: https://www.djangoproject.com/weblog/2017/sep/05/security-releases/
CVE-2017-12793
	RESERVED
CVE-2017-12792 (Multiple cross-site request forgery (CSRF) vulnerabilities in NexusPHP ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12791 (Directory traversal vulnerability in minion id validation in SaltStack ...)
	- salt 2016.11.8+dfsg1-1 (bug #872399)
	[stretch] - salt 2016.11.2+ds-1+deb9u1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://github.com/saltstack/salt/pull/42944
	NOTE: https://github.com/saltstack/salt/commit/6366e05d0d70bd709cc4233c3faf32a759d0173a
	NOTE: https://docs.saltstack.com/en/2016.11/topics/releases/2016.11.7.html
CVE-2017-12790
	RESERVED
CVE-2017-12789
	RESERVED
CVE-2017-12788
	RESERVED
CVE-2017-12787 (A network interface of the novi_process_manager_daemon service, ...)
	NOT-FOR-US: NoviWare
CVE-2017-12786 (Network interfaces of the cliengine and noviengine services, included ...)
	NOT-FOR-US: NoviWare
CVE-2017-12785 (The novish command-line interface, included in the NoviWare software ...)
	NOT-FOR-US: NoviWare
CVE-2017-12784 (In Youngzsoft CCFile (aka CC File Transfer) 3.6, by sending a crafted ...)
	NOT-FOR-US: Youngzsoft CCFile
CVE-2017-12783 (The ReadDataFloat function in ebmlnumber.c in libebml2 through ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12782 (The ReadData function in ebmlmaster.c in libebml2 through 2012-08-26 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12781 (The EBML_BufferToID function in ebmlelement.c in libebml2 through ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12780 (The ReadData function in ebmlstring.c in libebml2 through 2012-08-26 ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12779 (The Node_GetData function in corec/corec/node/node.c in mkvalidator ...)
	NOT-FOR-US: libembl2 (different codebase than src:libebml)
CVE-2017-12778
	RESERVED
CVE-2017-1000112 (Linux kernel: Exploitable memory corruption due to UFO to non-UFO path ...)
	{DSA-3981-1}
	- linux 4.12.6-1 (low)
	[wheezy] - linux <ignored> (Low severity and difficult to backport)
	NOTE: Introduced by: https://git.kernel.org/linus/e89e9cf539a28df7d0eb1d0a545368e9920b34ac (2.6.15-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/85f1bd9a7b5a79d5baa8bf44af19658f7bf77bfa
CVE-2017-1000111 (Linux kernel: heap out-of-bounds in AF_PACKET sockets. This new issue ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: Introduced by: https://git.kernel.org/linus/8913336a7e8d56e984109a3137d6c0e3362596a4 (2.6.27-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/c27927e372f0785f3303e8fad94b85945e2c97b7
	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2017-1000117 (A malicious third-party can give a crafted &quot;ssh://...&quot; URL to an ...)
	{DSA-3934-1 DLA-1068-1}
	- git 1:2.14.1-1
	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-1000116 (Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ...)
	{DSA-3963-1 DLA-1072-1}
	- mercurial 4.3.1-1 (bug #871710)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
	NOTE: 11 patches need to be applied, the following are for 4.2:
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/f9134e96ed0f
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/92b583e3e522
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/08cfc4baf3ba
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/55681baf4cf9
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/173ecccb9ee7
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23
	NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7
	NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1
CVE-2017-1000115 (Mercurial prior to version 4.3 is vulnerable to a missing symlink ...)
	{DSA-3963-1 DLA-1072-1}
	- mercurial 4.3.1-1 (bug #871709)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test)
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef (fix)
	NOTE: 3.7 and 4.1 backports available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7
	NOTE: and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1CVE-2017-12777
CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12775 (qa-include/qa-install.php in Question2Answer before 1.7.5 allows ...)
	NOT-FOR-US: question2answer
CVE-2017-12774 (finecms in 1.9.5\controllers\member\ContentController.php allows ...)
	NOT-FOR-US: FineCMS
CVE-2017-12773
	RESERVED
CVE-2017-12772
	RESERVED
CVE-2017-12771
	RESERVED
CVE-2017-12770
	RESERVED
CVE-2017-12769
	RESERVED
CVE-2017-12768
	RESERVED
CVE-2017-12767
	RESERVED
CVE-2017-12766
	RESERVED
CVE-2017-12765
	RESERVED
CVE-2017-12764
	RESERVED
CVE-2017-12763 (An unspecified server utility in NoMachine before 5.3.10 on Mac OS X ...)
	NOT-FOR-US: NoMachine
CVE-2017-12762 (In /drivers/isdn/i4l/isdn_net.c: A user-controlled buffer is copied ...)
	- linux 4.13.4-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/9f5af546e6acc30f075828cb58c7f09665033967 (v4.13-rc4)
	NOTE: Driver is disabled since squeeze and unmaintained for a long time
CVE-2017-12761
	RESERVED
CVE-2017-12760
	RESERVED
CVE-2017-12759
	RESERVED
CVE-2017-12758
	RESERVED
CVE-2017-12757
	RESERVED
CVE-2017-12756 (Command inject in transfer from another server in extplorer 2.1.9 and ...)
	{DLA-1063-1}
	- extplorer <removed>
	NOTE: http://extplorer.net/news/21
CVE-2017-12755
	RESERVED
CVE-2017-12754 (Stack buffer overflow in httpd in Asuswrt-Merlin firmware ...)
	NOT-FOR-US: Asuswrt-Merlin firmware
CVE-2017-12753
	RESERVED
CVE-2017-12752
	RESERVED
CVE-2017-12751
	RESERVED
CVE-2017-12750
	RESERVED
CVE-2017-12749
	RESERVED
CVE-2017-12748
	RESERVED
CVE-2017-12747
	RESERVED
CVE-2017-12746
	RESERVED
CVE-2017-12745
	RESERVED
CVE-2017-12744
	RESERVED
CVE-2017-12743
	RESERVED
CVE-2017-12742
	RESERVED
CVE-2017-12741 (A vulnerability has been identified in SINAMICS GH150 V4.7 w. PROFINET ...)
	NOT-FOR-US: Siemens
CVE-2017-12740 (Siemens LOGO! Soft Comfort (All versions before V8.2) lacks integrity ...)
	NOT-FOR-US: Siemens
CVE-2017-12739 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...)
	NOT-FOR-US: Siemens
CVE-2017-12738 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...)
	NOT-FOR-US: Siemens
CVE-2017-12737 (An issue was discovered on Siemens SICAM RTUs SM-2556 COM Modules with ...)
	NOT-FOR-US: Siemens
CVE-2017-12736 (A vulnerability has been identified in RUGGEDCOM ROS for RSL910 ...)
	NOT-FOR-US: Siemens
CVE-2017-12735 (A vulnerability has been identified in Siemens LOGO! devices. An ...)
	NOT-FOR-US: Siemens
CVE-2017-12734 (A vulnerability has been identified in Siemens LOGO! devices before ...)
	NOT-FOR-US: Siemens
CVE-2017-12733 (A Missing Authentication for Critical Function issue was discovered in ...)
	NOT-FOR-US: SiteSentinel
CVE-2017-12732 (A Stack-based Buffer Overflow issue was discovered in GE CIMPLICITY ...)
	NOT-FOR-US: GE CIMPLICITY
CVE-2017-12731 (A SQL Injection issue was discovered in OPW Fuel Management Systems ...)
	NOT-FOR-US: SiteSentinel
CVE-2017-12730 (An Unquoted Search Path issue was discovered in mySCADA myPRO Versions ...)
	NOT-FOR-US: mySCADA myPRO
CVE-2017-12729 (A SQL Injection issue was discovered in Moxa SoftCMS Live Viewer ...)
	NOT-FOR-US: Moxa SoftCMS Live Viewer
CVE-2017-12728 (An Improper Privilege Management issue was discovered in SpiderControl ...)
	NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-12727
	RESERVED
CVE-2017-12726 (A Use of Hard-coded Password issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12725 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12724 (A Use of Hard-coded Credentials issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12723 (A Password in Configuration File issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12722 (An Out-of-bounds Read issue was discovered in Smiths Medical Medfusion ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12721 (An Improper Certificate Validation issue was discovered in Smiths ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12720 (An Improper Access Control issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12719 (An Untrusted Pointer Dereference issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech
CVE-2017-12718 (A Classic Buffer Overflow issue was discovered in Smiths Medical ...)
	NOT-FOR-US: Smiths Medical Medfusion
CVE-2017-12717 (An Uncontrolled Search Path Element issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12716 (Abbott Laboratories Accent and Anthem pacemakers manufactured prior to ...)
	NOT-FOR-US: Abbott Laboratories Accent and Anthem pacemakers
CVE-2017-12715
	RESERVED
CVE-2017-12714 (Abbott Laboratories pacemakers manufactured prior to Aug 28, 2017 do ...)
	NOT-FOR-US: Abbott Laboratories pacemakers
CVE-2017-12713 (An Incorrect Permission Assignment for Critical Resource issue was ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12712 (The authentication algorithm in Abbott Laboratories pacemakers ...)
	NOT-FOR-US: Abbott Laboratories pacemakers
CVE-2017-12711 (An Incorrect Privilege Assignment issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12710 (A SQL Injection issue was discovered in Advantech WebAccess versions ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12709 (A Use of Hard-Coded Credentials issue was discovered in MRD-305-DIN ...)
	NOT-FOR-US: Westermo devices
CVE-2017-12708 (An Improper Restriction Of Operations Within The Bounds Of A Memory ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12707 (A Stack-based Buffer Overflow issue was discovered in SpiderControl ...)
	NOT-FOR-US: SpiderControl SCADA MicroBrowser
CVE-2017-12706 (A stack-based buffer overflow issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12705 (A Heap-Based Buffer Overflow issue was discovered in Advantech WebOP. A ...)
	NOT-FOR-US: Advantech
CVE-2017-12704 (A heap-based buffer overflow issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12703 (A Cross-Site Request Forgery (CSRF) issue was discovered in Westermo ...)
	NOT-FOR-US: Westermo
CVE-2017-12702 (An Externally Controlled Format String issue was discovered in ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12701 (BMC Medical Luna CPAP Machines released prior to July 1, 2017, contain ...)
	NOT-FOR-US: BMC Medical Luna CPAP Machines
CVE-2017-12700
	RESERVED
CVE-2017-12699 (An Incorrect Default Permissions issue was discovered in AzeoTech ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2017-12698 (An Improper Authentication issue was discovered in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-12697 (A Man-in-the-Middle issue was discovered in General Motors (GM) and ...)
	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-12696
	RESERVED
CVE-2017-12695 (An Improper Authentication issue was discovered in General Motors (GM) ...)
	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-12694 (A Directory Traversal issue was discovered in SpiderControl SCADA Web ...)
	NOT-FOR-US: SpiderControl SCADA Web Server
CVE-2017-1000101 (curl supports &quot;globbing&quot; of URLs, in which a user can pass a numerical ...)
	{DSA-3992-1}
	- curl 7.55.0-1 (bug #871554)
	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced later in 7.34.0)
	NOTE: https://curl.haxx.se/docs/adv_20170809A.html
	NOTE: https://curl.haxx.se/CVE-2017-1000101.patch
CVE-2017-1000100 (When doing a TFTP transfer and curl/libcurl is given a URL that ...)
	{DSA-3992-1 DLA-1062-1}
	- curl 7.55.0-1 (bug #871555)
	NOTE: https://curl.haxx.se/docs/adv_20170809B.html
	NOTE: https://curl.haxx.se/CVE-2017-1000100.patch
CVE-2017-1000099 (When asking to get a file from a file:// URL, libcurl provides a ...)
	- curl <not-affected> (Only affects 7.54.1, no affected version ever in the archive)
	NOTE: https://curl.haxx.se/docs/adv_20170809C.html
	NOTE: https://curl.haxx.se/CVE-2017-1000099.patch
	NOTE: Introduced by: https://github.com/curl/curl/commit/7c312f84ea930d8
CVE-2017-12693 (The ReadBMPImage function in coders/bmp.c in ImageMagick 7.0.6-6 ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875341)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/652
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75fcbf5d649bba046c6a0db650a518f7bfc0fb3f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6709bd585b9609a9cf98a7042089f3e725886d5e
CVE-2017-12692 (The ReadVIFFImage function in coders/viff.c in ImageMagick 7.0.6-6 ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875339)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/653
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4a25fe5447bfb3a1918a2e9d595928e853b09d2e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5919dc606bc1d6022d3d2d205a91fdbe98de9e15
CVE-2017-12691 (The ReadOneLayer function in coders/xcf.c in ImageMagick 7.0.6-6 ...)
	{DLA-1131-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #875338)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/656
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f1ea048a3a34df293764502401d966aeacf9179d
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/68bbe7b8b226ed79e339296793f68f1b2bebc519
CVE-2017-12690
	RESERVED
CVE-2017-12689
	RESERVED
CVE-2017-12688
	RESERVED
CVE-2017-12687
	RESERVED
CVE-2017-12686
	RESERVED
CVE-2017-12685
	RESERVED
CVE-2017-12684
	RESERVED
CVE-2017-12683
	RESERVED
CVE-2017-12682
	RESERVED
CVE-2017-12681
	RESERVED
CVE-2017-12680 (Cross-Site Scripting (XSS) exists in NexusPHP 1.5 via the type ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12679 (SQL Injection exists in NexusPHP 1.5.beta5.20120707 via the delcheater ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12678 (In TagLib 1.11.1, the rebuildAggregateFrames function in ...)
	- taglib 1.11.1+dfsg.1-0.2 (bug #871511)
	[stretch] - taglib <no-dsa> (Minor issue)
	[jessie] - taglib <not-affected> (Vulnerable code not present)
	[wheezy] - taglib <not-affected> (Vulnerable code not present)
	- silverjuke <not-affected> (Vulnerable code not present, based on older taglib version)
	NOTE: https://github.com/taglib/taglib/issues/829
	NOTE: https://github.com/taglib/taglib/pull/831/commits/eb9ded1206f18f2c319157337edea2533a40bea6#diff-37f706c8696a7c1ca939b169c0a04d97
CVE-2017-12677 (IdentityServer3 2.4.x, 2.5.x, and 2.6.x before 2.6.1 has XSS in an ...)
	NOT-FOR-US: IdentityServer
CVE-2017-12676 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870118)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/618
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/387adbe4b05a545b9f3972e862602480c850303c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7287f50888c26b133ee173816332fcaec4e8cb62
CVE-2017-12675 (In ImageMagick 7.0.6-3, a missing check for multidimensional data was ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870022)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/616
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7a020acbcfea6e53eff6766c87ea175eac9dcd18
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/e33a39a6a168cdd800fd160e8f93f0059432bdf7
CVE-2017-12674 (In ImageMagick 7.0.6-2, a CPU exhaustion vulnerability was found in the ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #872609)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/604
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/91651bd482b6637cf650700ffd7b3b63de1cb049
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5a91708c6b70bd4e3d2b931465307e0aeababb3c
CVE-2017-12673 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870117)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/619
CVE-2017-12672 (In ImageMagick 7.0.6-3, a memory leak vulnerability was found in the ...)
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870021)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/617
CVE-2017-12671 (In ImageMagick 7.0.6-3, a missing NULL assignment was found in ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870119)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/621
CVE-2017-12669 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteCALSImage ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870475)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/571
CVE-2017-12668 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePCXImage in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870489)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/575
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ba8f335fa06daf1165e0878462686028e633a74
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/560e6e512961008938aa1d1b9aab06347b1c8f9b
CVE-2017-12667 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMATImage in ...)
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870015)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/553
CVE-2017-12666 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteINLINEImage ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870482)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/572
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d5559407ce29f4371e5df9c1cbde65455fe5854c
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/45aeda5da9eb328689afc221fa3b7dfa5cdea54d
CVE-2017-12665 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePICTImage ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870501)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/577
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c1b09bbec148f6ae11d0b686fdb89ac6dc0ab14e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/859084b4fd966ac007965c3d85caabccd8aee9b4
CVE-2017-12663 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WriteMAPImage in ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870483)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/573
CVE-2017-12662 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePDFImage in ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870492)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/576
CVE-2017-12661
	RESERVED
CVE-2017-12660
	RESERVED
CVE-2017-12659
	RESERVED
CVE-2017-12658
	RESERVED
CVE-2017-12657
	RESERVED
CVE-2017-12656
	RESERVED
CVE-2017-12655 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via the ...)
	NOT-FOR-US: NexusPHP
CVE-2017-12654 (The ReadPICTImage function in coders/pict.c in ImageMagick 7.0.6-3 ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870502)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/620
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ffcb8f8e2248fde38a2cb30aeb48403d2b3471cc
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f2c26fa4db84e92d754c7f8b269db2883cf7f32c
CVE-2017-12653 (360 Total Security 9.0.0.1202 before 2017-07-07 allows Privilege ...)
	NOT-FOR-US: 360 Total Security
CVE-2017-12652
	RESERVED
CVE-2017-12651 (Cross Site Request Forgery (CSRF) exists in the Blacklist and Whitelist ...)
	NOT-FOR-US: Loginizer plugin for WordPress
CVE-2017-12650 (SQL Injection exists in the Loginizer plugin before 1.3.6 for WordPress ...)
	NOT-FOR-US: Loginizer plugin for WordPress
CVE-2017-12649 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted title or ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12648 (XSS exists in Liferay Portal before 7.0 CE GA4 via a bookmark URL. ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12647 (XSS exists in Liferay Portal before 7.0 CE GA4 via a Knowledge Base ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12646 (XSS exists in Liferay Portal before 7.0 CE GA4 via a login name, ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12645 (XSS exists in Liferay Portal before 7.0 CE GA4 via an invalid ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12644 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadDCMImage in ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/551
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a33f7498f9052b50e8fe8c8422a11ba84474cb42
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/9f375e7080a2c1044cd546854d0548b4bfb429d0
CVE-2017-12642 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadMPCImage in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869796)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/552
CVE-2017-12641 (ImageMagick 7.0.6-1 has a memory leak vulnerability in ReadOneJNGImage ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870108)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/550
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3320955045e5a2a22c13a04fa9422bb809e75eda
CVE-2017-12640 (ImageMagick 7.0.6-1 has an out-of-bounds read vulnerability in ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870106)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/542
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78d4c5db50fbab0b4beb69c46c6167f2c6513dec
CVE-2017-12639 (Stack based buffer overflow in Ipswitch IMail server up to and ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2017-12638 (Stack based buffer overflow in Ipswitch IMail server up to and ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2017-12637 (Directory traversal vulnerability in ...)
	NOT-FOR-US: SAP
CVE-2017-12636 (CouchDB administrative users can configure the database server via ...)
	{DLA-1252-1}
	- couchdb <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
	NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/9a28df7e9703a1a3420e7616c4d33a523ee06354
	NOTE: Possibly needs more updates: https://github.com/apache/couchdb/commit/bf6b6a1c84321baee2c4ad354059a45e0b8fdec7
CVE-2017-12635 (Due to differences in the Erlang-based JSON parser and ...)
	{DLA-1252-1}
	- couchdb <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/11/14/6
	NOTE: Likely patch for 1.2.x: https://github.com/apache/couchdb/commit/3706a77c13a78672e5a3fbde06e7bffd3665f73b
CVE-2017-12634 (The camel-castor component in Apache Camel 2.x before 2.19.4 and ...)
	NOT-FOR-US: Apache Camel
CVE-2017-12633 (The camel-hessian component in Apache Camel 2.x before 2.19.4 and ...)
	NOT-FOR-US: Apache Camel
CVE-2017-12632 (A malicious host header in an incoming HTTP request could cause NiFi ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-12631 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
	NOT-FOR-US: Apache CXF
CVE-2017-12630 (In Apache Drill 1.11.0 and earlier when submitting form from Query ...)
	NOT-FOR-US: Apache Drill
CVE-2017-12629 (Remote code execution occurs in Apache Solr before 7.1 with Apache ...)
	{DSA-4124-1 DLA-1254-1}
	- lucene-solr 3.6.2+dfsg-11
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1501529
	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-td4358308.html
	NOTE: http://lucene.472066.n3.nabble.com/Re-Several-critical-vulnerabilities-discovered-in-Apache-Solr-XXE-amp-RCE-tt4358355.html
	NOTE: Patch removing RunExecutableListener: https://github.com/apache/lucene-solr/commit/7b313bb597a6d1f78773dc9c00f484c078a46c25
	NOTE: Patch disallowing XXE: https://github.com/apache/lucene-solr/commit/926cc4d65b6d2cc40ff07f76d50ddeda947e3cc4
CVE-2017-12628 (The JMX server embedded in Apache James, also used by the command line ...)
	NOT-FOR-US: Apache James
CVE-2017-12627 (In Apache Xerces-C XML Parser library before 3.2.1, processing of ...)
	{DLA-1328-1}
	- xerces-c 3.2.1+debian-1 (bug #894050)
	[stretch] - xerces-c <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - xerces-c <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1819998
	NOTE: https://xerces.apache.org/xerces-c/secadv/CVE-2017-12627.txt
CVE-2017-12626 (Apache POI in versions prior to release 3.17 are vulnerable to Denial ...)
	- libapache-poi-java <unfixed> (bug #888651)
	[stretch] - libapache-poi-java <no-dsa> (Minor issue)
	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61338
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61294
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=52372
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61295
CVE-2017-12625 (Apache Hive 2.1.x before 2.1.2, 2.2.x before 2.2.1, and 2.3.x before ...)
	NOT-FOR-US: Apache Hive
CVE-2017-12624 (Apache CXF supports sending and receiving attachments via either the ...)
	NOT-FOR-US: Apache CXF
CVE-2017-12623 (An authorized user could upload a template which contained malicious ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-12622 (When an Apache Geode cluster before v1.3.0 is operating in secure mode ...)
	NOT-FOR-US: Apache Geode
CVE-2017-12621 (During Jelly (xml) file parsing with Apache Xerces, if a custom ...)
	- jenkins-commons-jelly <removed>
	[jessie] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
	[wheezy] - jenkins-commons-jelly <ignored> (Minor issue, only used by Jenkins which got removed)
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/27/6
CVE-2017-12620 (When loading models or dictionaries that contain XML it is possible to ...)
	NOT-FOR-US: Apache OpenNLP
CVE-2017-12619
	RESERVED
CVE-2017-12618 (Apache Portable Runtime Utility (APR-util) 1.6.0 and prior fail to ...)
	{DLA-1163-1}
	- apr-util 1.6.1-1 (low; bug #879996)
	[stretch] - apr-util <no-dsa> (Minor issue)
	[jessie] - apr-util <no-dsa> (Minor issue)
	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
	NOTE: https://github.com/apache/apr/commit/f672b565c825c34de9ee298b5bdc62c01cdd6147
CVE-2017-12617 (When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to ...)
	{DLA-1166-1}
	- tomcat8 <not-affected> (Specific to running Tomcat on Windows)
	- tomcat8.0 <not-affected> (Specific to running Tomcat on Windows)
	- tomcat7 <not-affected> (Specific to running Tomcat on Windows)
	NOTE: https://svn.apache.org/r1809673 (8.5.x)
	NOTE: https://svn.apache.org/r1809675 (8.5.x)
	NOTE: https://svn.apache.org/r1809896 (8.5.x)
	NOTE: https://svn.apache.org/r1809921 (8.0.x)
	NOTE: https://svn.apache.org/r1809978 (7.0.x)
	NOTE: https://svn.apache.org/r1809992 (7.0.x)
	NOTE: https://svn.apache.org/r1810014 (7.0.x)
	NOTE: https://svn.apache.org/r1810026 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61542
CVE-2017-12616 (When using a VirtualDirContext with Apache Tomcat 7.0.0 to 7.0.80 it ...)
	{DLA-1108-1}
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.81
	NOTE: https://svn.apache.org/r1804729
CVE-2017-12615 (When running Apache Tomcat 7.0.0 to 7.0.79 on Windows with HTTP PUTs ...)
	- tomcat7 <not-affected> (Windows-specific)
CVE-2017-12614
	RESERVED
CVE-2017-12613 (When apr_time_exp*() or apr_os_exp_time*() functions are invoked with ...)
	{DLA-1162-1}
	- apr 1.6.3-1 (low; bug #879708)
	[stretch] - apr <no-dsa> (Minor issue)
	[jessie] - apr <no-dsa> (Minor issue)
	NOTE: mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E
	NOTE: Fixed by: https://github.com/apache/apr/commit/ad958385a4180d7a83d90589689fcd36e3bbc57a
CVE-2017-12612 (In Apache Spark 1.6.0 until 2.1.1, the launcher API performs unsafe ...)
	NOT-FOR-US: Apache Spark
CVE-2017-12611 (In Apache Struts 2.0.1 through 2.3.33 and 2.5 through 2.5.10, using an ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <ignored> (Minor issue)
	NOTE: Only a problem if the application programmer has made a security mistake.
	NOTE: https://struts.apache.org/docs/s2-053.html
CVE-2017-12610
	RESERVED
CVE-2017-12609
	REJECTED
CVE-2017-12608 (A vulnerability in Apache OpenOffice Writer DOC file parser before ...)
	{DSA-4022-1 DLA-1214-1}
	- libreoffice 1:5.0.2-1
	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0301
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12608
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=42a709d1ef647aab9a1c9422b4e25ecaee857aba
CVE-2017-12607 (A vulnerability in OpenOffice's PPT file parser before 4.1.4, and ...)
	{DSA-4022-1 DLA-1214-1}
	- libreoffice 1:5.0.2-1
	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0300
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-12607
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=334dba623dfb0c4fb2b5292c2d03741b7b33aef1
CVE-2016-10404 (XSS exists in Liferay Portal before 7.0 CE GA4 via a crafted redirect ...)
	NOT-FOR-US: Liferay Portal
CVE-2017-12606 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12605 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12604 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12603 (OpenCV (Open Source Computer Vision Library) through 3.3 has an invalid ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12602 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
	- opencv <unfixed> (bug #872045)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12601 (OpenCV (Open Source Computer Vision Library) through 3.3 has a buffer ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12600 (OpenCV (Open Source Computer Vision Library) through 3.3 has a denial ...)
	- opencv <unfixed> (bug #872045)
	[wheezy] - opencv <ignored> (Minor issue)
	NOTE: https://github.com/opencv/opencv/issues/9311
CVE-2017-12599 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12598 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12597 (OpenCV (Open Source Computer Vision Library) through 3.3 has an ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872044)
	NOTE: https://github.com/opencv/opencv/issues/9309
CVE-2017-12596 (In OpenEXR 2.2.0, a crafted image causes a heap-based buffer over-read ...)
	- openexr 2.2.0-11.1 (bug #877352)
	[wheezy] - openexr 1.6.1-6+deb7u1
	NOTE: https://github.com/openexr/openexr/issues/238
	NOTE: Upstream fix https://github.com/openexr/openexr/commit/f09f5f26c1924c4f7e183428ca79c9881afaf53c
CVE-2017-12595 (The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and ...)
	- qpdf 7.0.0-1
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <ignored> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/146
	NOTE: Fixed by: https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b
CVE-2017-12594
	RESERVED
CVE-2017-12593 (ASUS DSL-N10S V2.1.16_APAC devices allow CSRF. ...)
	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12592 (ASUS DSL-N10S V2.1.16_APAC devices have a privilege escalation ...)
	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12591 (ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross ...)
	NOT-FOR-US: ASUS DSL-N10S V2.1.16_APAC devices
CVE-2017-12590 (ASUS RT-N14UHP devices before 3.0.0.4.380.8015 have a reflected XSS ...)
	NOT-FOR-US: ASUS RT-N14UHP devices
CVE-2017-12589 (ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices do not have any ...)
	NOT-FOR-US: ToMAX R60G R60GV2-V2.0-v.2.6.3-170330 devices
CVE-2017-12588 (The zmq3 input and output modules in rsyslog before 8.28.0 interpreted ...)
	- rsyslog 8.28.0-1 (unimportant)
	NOTE: https://github.com/rsyslog/rsyslog/commit/062d0c671a29f7c6f7dff4a2f1f35df375bbb30b
	NOTE: https://github.com/rsyslog/rsyslog/pull/1565
	NOTE: The zmq3 input and output modules are not enabled and built in Debian
CVE-2017-12587 (ImageMagick 7.0.6-1 has a large loop vulnerability in the ReadPWPImage ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870526)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/535
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bb5b16c512977e8134701063e0adb05a4a342add
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d4192df5eb03892089806d52a317cc3101856726
CVE-2017-12586 (SLiMS 8 Akasia through 8.3.1 has an arbitrary file reading issue ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2017-12585 (SLiMS 8 Akasia through 8.3.1 has SQL injection in ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2017-12584 (There is no CSRF mitigation in SLiMS 8 Akasia through 8.3.1. Also, an ...)
	NOT-FOR-US: SLiMS 8 Akasia
CVE-2017-12583 (DokuWiki through 2017-02-19b has XSS in the at parameter (aka the ...)
	- dokuwiki <unfixed> (bug #870903)
	[jessie] - dokuwiki <not-affected> (Vulnerable code not present)
	[wheezy] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/2061
CVE-2017-12582 (Unprivileged user can access all functions in the Surveillance Station ...)
	NOT-FOR-US: QNAP
CVE-2017-12581 (GitHub Electron before 1.6.8 allows remote command execution because of ...)
	- electron <itp> (bug #842420)
CVE-2017-12580
	RESERVED
CVE-2017-12579 (An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-12578
	RESERVED
CVE-2017-12577
	RESERVED
CVE-2017-12576
	RESERVED
CVE-2017-12575
	RESERVED
CVE-2017-12574
	RESERVED
CVE-2017-12573
	RESERVED
CVE-2017-12572 (Persistent Cross Site Scripting (XSS) exists in Splunk Enterprise 6.5.x ...)
	NOT-FOR-US: Splunk
CVE-2017-12571
	RESERVED
CVE-2017-12570
	RESERVED
CVE-2017-12569
	RESERVED
CVE-2017-12568 (Denial of Service vulnerability in Debut embedded httpd 1.20 in Brother ...)
	NOT-FOR-US: Brother
CVE-2017-12567 (SQL injection exists in Quest KACE Asset Management Appliance ...)
	NOT-FOR-US: Quest KACE Asset Management Appliance
CVE-2017-12566 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870503)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/603
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2477eacf09d3a26efe814590a5dbbe1efd16764f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/27b3b9ca5cfb7b8935852cf315abc005ea7c1e16
CVE-2017-12565 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870115)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/602
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e0e544bb173213df00f82a810d66321e1bb4f3c8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4d0ac66c9778faebd2d1fac7140462b043626458
CVE-2017-12564 (In ImageMagick 7.0.6-2, a memory leak vulnerability was found in the ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870017)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/601
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ff3faa31166439d81b72de22daea2b6404569137
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/a4779cfbee2e4235fa9f9f8f2e58dca17f7ccc6b
CVE-2017-12563 (In ImageMagick 7.0.6-2, a memory exhaustion vulnerability was found in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870530)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/599
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/82b53bd74df1489332e4043035a51b43f54d43f1
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7d3af83d8b946f952bfd028451e6dfb1f7ace07a
CVE-2017-12561 (A remote code execution vulnerability in HPE intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12560 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12559 (A Remote Denial of Service vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12558 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12557 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12556 (A Remote Code Execution vulnerability in HPE intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12555 (A remote arbitrary file download and disclosure of information ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12554 (A remote code execution vulnerability in HPE intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12553 (A local authentication bypass vulnerability in HPE System Management ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12552 (A local arbitrary execution of commands vulnerability in HPE System ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12551 (A local arbitrary execution of commands vulnerability in HPE System ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12550 (A local security misconfiguration vulnerability in HPE System ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12549 (A local authentication bypass vulnerability in HPE System Management ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12548 (A local arbitrary command execution vulnerability in HPE System ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12547 (A local arbitrary command execution vulnerability in HPE System ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12546 (A local buffer overflow vulnerability in HPE System Management ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12545 (A remote denial of service vulnerability in HPE System Management ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12544 (A cross-site scripting vulnerability in HPE System Management Homepage ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2017-12543 (A remote disclosure of information vulnerability in Moonshot Remote ...)
	NOT-FOR-US: Moonshot Remote Console Administrator Pro
CVE-2017-12542 (A authentication bypass and execution of code vulnerability in HPE ...)
	NOT-FOR-US: HPE ILO 4
CVE-2017-12541 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12540 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12539 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12538 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12537 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12536 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12535 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12534 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12533 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12532 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12531 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12530 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12529 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12528 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12527 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12526 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12525 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12524 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12523 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12522 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12521 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12520 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12519 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12518 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12517 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12516 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12515 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12514 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12513 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12512 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12511 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12510 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12509 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12508 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12507 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12506 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12505 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12504 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12503 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12502 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12501 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12500 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12499 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12498 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12497 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12496 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12495 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12494 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12493 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12492 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12491 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12490 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12489 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12488 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12487 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-12486
	RESERVED
CVE-2017-12485
	RESERVED
CVE-2017-12484
	RESERVED
CVE-2017-12483
	RESERVED
CVE-2017-12482 (The ledger::parse_date_mask_routine function in times.cc in Ledger ...)
	- ledger <unfixed> (low; bug #870900)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1224
CVE-2017-12481 (The find_option function in option.cc in Ledger 3.1.1 allows remote ...)
	- ledger <unfixed> (low; bug #870900)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: http://bugs.ledger-cli.org/show_bug.cgi?id=1222
CVE-2017-12480 (Sandboxie installer 5071703 has a DLL Hijacking or Unsafe DLL Loading ...)
	NOT-FOR-US: Sandboxie
CVE-2017-12479 (It was discovered that an issue in the session logic in Unitrends ...)
	NOT-FOR-US: Unitrends Backup
CVE-2017-12478 (It was discovered that the api/storage web interface in Unitrends ...)
	NOT-FOR-US: Unitrends Backup
CVE-2017-12477 (It was discovered that the bpserverd proprietary protocol in Unitrends ...)
	NOT-FOR-US: Unitrends Backup
CVE-2017-12476 (The AP4_AvccAtom::InspectFields function in Core/Ap4AvccAtom.cpp in ...)
	NOT-FOR-US: Bento4
CVE-2017-12475 (The AP4_Processor::Process function in Core/Ap4Processor.cpp in Bento4 ...)
	NOT-FOR-US: Bento4
CVE-2017-12474 (The AP4_AtomSampleTable::GetSample function in ...)
	NOT-FOR-US: Bento4
CVE-2017-12473 (ccnl_ccntlv_bytes2pkt in CCN-lite allows context-dependent attackers ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12472 (ccnl-ext-mgmt.c in CCN-lite before 2.00 allows context-dependent ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12471 (The cnb_parse_lev function in CCN-lite before 2.00 allows ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12470 (Integer overflow in the ndn_parse_sequence function in CCN-lite before ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12469 (Buffer overflow in util/ccnl-common.c in CCN-lite before 2.00 allows ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12468 (Buffer overflow in ccn-lite-ccnb2xml.c in CCN-lite before 2.00 allows ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12467 (Memory leak in CCN-lite before 2.00 allows context-dependent attackers ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12466 (CCN-lite before 2.00 allows context-dependent attackers to have ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12465 (Multiple integer overflows in CCN-lite before 2.00 allow ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12464 (ccn-lite-valid.c in CCN-lite before 2.00 allows context-dependent ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12463 (Memory leak in the ccnl_app_RX function in ccnl-uapi.c in CCN-lite ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12462
	RESERVED
CVE-2017-12461
	RESERVED
CVE-2017-12460 (An issue was discovered in Barco ClickShare CSM-1 firmware before ...)
	NOT-FOR-US: Barco ClickShare CSM-1 firmware
CVE-2017-12459 (The bfd_mach_o_read_symtab_strtab function in bfd/mach-o.c in the ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12458 (The nlm_swap_auxiliary_headers_in function in bfd/nlmcode.h in the ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12457 (The bfd_make_section_with_flags function in section.c in the Binary ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=patch;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12456 (The read_symbol_stabs_debugging_info function in rddbg.c in GNU ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12455 (The evax_bfd_print_emh function in vms-alpha.c in the Binary File ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12454 (The _bfd_vms_slurp_egsd function in bfd/vms-alpha.c in the Binary File ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12453 (The _bfd_vms_slurp_eeom function in libbfd.c in the Binary File ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12452 (The bfd_mach_o_i386_canonicalize_one_reloc function in ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ca4cf9b9c622a5695e01f7f5815a7382a31fcf51
CVE-2017-12451 (The _bfd_xcoff_read_ar_hdr function in bfd/coff-rs6000.c and ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21786
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=29866fa186ee3ebda5242221607dba360b2e541e
CVE-2017-12450 (The alpha_vms_object_p function in bfd/vms-alpha.c in the Binary File ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21813
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8a2df5e2df374289e00ecd8f099eb46d76ef982e
CVE-2017-12449 (The _bfd_vms_save_sized_string function in vms-misc.c in the Binary ...)
	- binutils 2.29-8
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21840
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8bdf0be19d2777565a8b1c88347f65d6a4b8c5fc
CVE-2017-12448 (The bfd_cache_close function in bfd/cache.c in the Binary File ...)
	- binutils 2.29-9
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21787
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=909e4e716c4d77e33357bbe9bc902bfaf2e1af24
CVE-2017-12447
	RESERVED
CVE-2017-12446
	RESERVED
CVE-2017-12445 (The JB2BitmapCoder::code_row_by_refinement function in ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12444 (The mdjvu_bitmap_get_bounding_box function in base/4bitmap.c in ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12443 (The mdjvu_bitmap_pack_row function in base/4bitmap.c in minidjvu 0.8 ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12442 (The row_is_empty function in base/4bitmap.c:272 in minidjvu 0.8 can ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12441 (The row_is_empty function in base/4bitmap.c:274 in minidjvu 0.8 can ...)
	- minidjvu <unfixed> (unimportant; bug #871495)
	NOTE: https://sourceforge.net/p/minidjvu/bugs/8/
CVE-2017-12440 (Aodh as packaged in Openstack Ocata and Newton before change-ID ...)
	{DSA-3953-1}
	- aodh <unfixed> (bug #872605)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0080
	NOTE: Master: https://review.openstack.org/#/c/493823/
	NOTE: Ocata: https://review.openstack.org/#/c/493824/
	NOTE: Newton: https://review.openstack.org/#/c/493826/
CVE-2017-12439 (SocuSoft Flash Slideshow Maker Professional through v5.20, when the ...)
	NOT-FOR-US: SocuSoft Flash Slideshow Maker Professional
CVE-2017-12438
	RESERVED
CVE-2017-12437
	RESERVED
CVE-2017-12436
	RESERVED
CVE-2017-12435 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870504)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/543
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2dd8d55742fce7d079b6a16039c18e49c091224f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/44cb8dfd4cbe6fc475c863a5946cff64e34c2088
CVE-2017-12433 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872481)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/548
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7beec9a7a8a5701652b313e6e94bafd36b3627dc
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/0a170d18390d3762586f164e6abe3c4766d14620
CVE-2017-12432 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (low; bug #870491)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/536
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/061de02095a56d438409c63f723f340b2d9d36c7
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ded916c5da6febe9660c3cfa44c3114567adf74
CVE-2017-12429 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/545
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30a74ed25a4890acfa94f452d653d54c9628c87e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/3ac6c73d39d59a7b0285b3756810272121759a31
	NOTE: The fix applied for #869727 included the change for upstream issue 545, cf.
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/546#issuecomment-313968413
CVE-2017-12427 (The ProcessMSLScript function in coders/msl.c in ImageMagick before ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870525)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/636
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/e793eb203e5e0f91f5037aed6585e81b1e27395b
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/841f7b27dc88c685c61252d59b7e20e94c982456
CVE-2017-12426 (GitLab Community Edition (CE) and Enterprise Edition (EE) before ...)
	- gitlab <unfixed> (bug #872190; unimportant)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/35212
	NOTE: The fix for git for CVE-2017-1000117 mitgates the issue in gitlab itself.
	NOTE: The CVE is for the issue when importing a project via crafted SSH URLs,
	NOTE: which becomes ineffective with a fixed git version itself.
CVE-2017-12424 (In shadow before 4.5, the newusers tool could be made to manipulate ...)
	- shadow 1:4.5-1 (bug #756630)
	[stretch] - shadow <no-dsa> (Minor issue)
	[jessie] - shadow <no-dsa> (Minor issue)
	[wheezy] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1266675
	NOTE: https://github.com/shadow-maint/shadow/commit/954e3d2e7113e9ac06632aee3c69b8d818cc8952 (4.5)
CVE-2017-12423 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote ...)
	NOT-FOR-US: NetApp
CVE-2017-12422 (NetApp StorageGRID Webscale 10.2.x before 10.2.2.3, 10.3.x before ...)
	NOT-FOR-US: NetApp
CVE-2017-12421 (NetApp Clustered Data ONTAP 8.3.x before 8.3.2P12 allows remote ...)
	NOT-FOR-US: NetApp
CVE-2017-12420 (Heap-based buffer overflow in the SMB implementation in NetApp ...)
	NOT-FOR-US: NetApp
CVE-2017-12419 (If, after successful installation of MantisBT through 2.5.2 on ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy)
	NOTE: https://mantisbt.org/bugs/view.php?id=23173
CVE-2017-12418 (ImageMagick 7.0.6-5 has memory leaks in the parse8BIMW and format8BIM ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #872498)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/643
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/46382526a3f09cebf9f2af680fc55b2a668fcbef
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bfd93888beccf2eff49cc9abfa6b5167c9c9109d
CVE-2017-12417
	RESERVED
CVE-2017-12416 (Cross-site scripting (XSS) vulnerability in the GlobalProtect internal ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-12415 (OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x ...)
	NOT-FOR-US: OXID eShop
CVE-2015-9107 (Zoho ManageEngine OpManager 11 through 12.2 uses a custom encryption ...)
	NOT-FOR-US: Zoho ManageEngine OpManager
CVE-2017-12414 (Format Factory 4.1.0 has a DLL Hijacking Vulnerability because an ...)
	NOT-FOR-US: Format Factory
CVE-2017-12413 (AXIS 2100 devices 2.43 have XSS via the URI, possibly related to ...)
	NOT-FOR-US: AXIS 2100 devices
CVE-2017-12412 (ccn-lite-ccnb2xml in CCN-lite before 2.0.0 allows context-dependent ...)
	NOT-FOR-US: CCN-lite
CVE-2017-12411
	RESERVED
CVE-2017-12410 (It is possible to exploit a Time of Check &amp; Time of Use (TOCTOU) ...)
	NOT-FOR-US: Kaseya Virtual System Administrator agent
CVE-2017-12409
	RESERVED
CVE-2017-12408
	RESERVED
CVE-2017-12407
	RESERVED
CVE-2017-12406
	RESERVED
CVE-2017-12405
	RESERVED
CVE-2017-12404
	RESERVED
CVE-2017-12403
	RESERVED
CVE-2017-12402
	RESERVED
CVE-2017-12401
	RESERVED
CVE-2017-12400
	RESERVED
CVE-2017-12399
	RESERVED
CVE-2017-12398
	RESERVED
CVE-2017-12397
	RESERVED
CVE-2017-12396
	RESERVED
CVE-2017-12395
	RESERVED
CVE-2017-12394
	RESERVED
CVE-2017-12393
	RESERVED
CVE-2017-12392
	RESERVED
CVE-2017-12391
	RESERVED
CVE-2017-12390
	RESERVED
CVE-2017-12389
	RESERVED
CVE-2017-12388
	RESERVED
CVE-2017-12387
	RESERVED
CVE-2017-12386
	RESERVED
CVE-2017-12385
	RESERVED
CVE-2017-12384
	RESERVED
CVE-2017-12383
	RESERVED
CVE-2017-12382
	RESERVED
CVE-2017-12381
	RESERVED
CVE-2017-12380 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11945
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/39c89d14a61aef2958b8ea64ade1be7a5faca897
CVE-2017-12379 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11944
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0604618374dc0dfd148b0ce7bf7a3d2b7528e66b
CVE-2017-12378 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11946
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/292d6878fa3e7fd2ab0f7275a78190639ad116d4
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0cf813f835e48ab0f94dd54200ceba0dc25fa1c4
CVE-2017-12377 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11943
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/38da4800bfb2d6b13579950b6543302d13e3015c
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/e887f113242ffcb0ea8735c3f567c6be77f382d6
CVE-2017-12376 (ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11942
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/c8ba4ae2e47a4f49add3e85ef7041b166be6bfdb
CVE-2017-12375 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11940
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/d1100be31a567718ce7c7dd6e6c632eddab55209
CVE-2017-12374 (The ClamAV AntiVirus software versions 0.99.2 and prior contain a ...)
	{DLA-1261-1}
	- clamav 0.99.3~beta2+dfsg-1 (bug #888484)
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (clamav is updated via -updates)
	NOTE: http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11939
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/7cf2a701041b775dda9743d01665279facc9b326
CVE-2017-12373 (A vulnerability in the TLS protocol implementation of legacy Cisco ASA ...)
	NOT-FOR-US: Cisco
CVE-2017-12372 (A &quot;Cisco WebEx Network Recording Player Remote Code Execution ...)
	NOT-FOR-US: Cisco
CVE-2017-12371 (A &quot;Cisco WebEx Network Recording Player Remote Code Execution ...)
	NOT-FOR-US: Cisco
CVE-2017-12370 (A &quot;Cisco WebEx Network Recording Player Remote Code Execution ...)
	NOT-FOR-US: Cisco
CVE-2017-12369 (A &quot;Cisco WebEx Network Recording Player Out-of-Bounds Vulnerability&quot; ...)
	NOT-FOR-US: Cisco
CVE-2017-12368 (A &quot;Cisco WebEx Network Recording Player Remote Code Execution ...)
	NOT-FOR-US: Cisco
CVE-2017-12367 (A &quot;Cisco WebEx Network Recording Player Denial of Service ...)
	NOT-FOR-US: Cisco
CVE-2017-12366 (A vulnerability in Cisco WebEx Meeting Center could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12365 (A vulnerability in Cisco WebEx Event Center could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12364 (A SQL Injection vulnerability in the web framework of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-12363 (A vulnerability in Cisco WebEx Meeting Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12362 (A vulnerability in Cisco Meeting Server versions prior to 2.2.2 could ...)
	NOT-FOR-US: Cisco
CVE-2017-12361 (A vulnerability in Cisco Jabber for Windows could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12360 (A vulnerability in Cisco WebEx Network Recording Player for WebEx ...)
	NOT-FOR-US: Cisco
CVE-2017-12359 (A Buffer Overflow vulnerability in Cisco WebEx Network Recording Player ...)
	NOT-FOR-US: Cisco
CVE-2017-12358 (A vulnerability in the web-based management interface of Cisco Jabber ...)
	NOT-FOR-US: Cisco
CVE-2017-12357 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-12356 (A vulnerability in the web-based management interface of Cisco Jabber ...)
	NOT-FOR-US: Cisco
CVE-2017-12355 (A vulnerability in the Local Packet Transport Services (LPTS) ingress ...)
	NOT-FOR-US: Cisco
CVE-2017-12354 (A vulnerability in the web-based interface of Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2017-12353 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...)
	NOT-FOR-US: Cisco
CVE-2017-12352 (A vulnerability in certain system script files that are installed at ...)
	NOT-FOR-US: Cisco
CVE-2017-12351 (A vulnerability in the guest shell feature of Cisco NX-OS System ...)
	NOT-FOR-US: Cisco
CVE-2017-12350 (A vulnerability in Cisco Umbrella Insights Virtual Appliances 2.1.0 and ...)
	NOT-FOR-US: Cisco
CVE-2017-12349 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12348 (Multiple vulnerabilities in the web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12347 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco
CVE-2017-12346 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco
CVE-2017-12345 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco
CVE-2017-12344 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco
CVE-2017-12343 (Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco
CVE-2017-12342 (A vulnerability in the Open Agent Container (OAC) feature of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12341 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12340 (A vulnerability in Cisco NX-OS System Software running on Cisco MDS ...)
	NOT-FOR-US: Cisco
CVE-2017-12339 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12338 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12337 (A vulnerability in the upgrade mechanism of Cisco collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-12336 (A vulnerability in the TCL scripting subsystem of Cisco NX-OS System ...)
	NOT-FOR-US: Cisco
CVE-2017-12335 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12334 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12333 (A vulnerability in Cisco NX-OS System Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12332 (A vulnerability in Cisco NX-OS System Software patch installation could ...)
	NOT-FOR-US: Cisco
CVE-2017-12331 (A vulnerability in Cisco NX-OS System Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12330 (A vulnerability in the CLI of Cisco NX-OS System Software could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12329 (A vulnerability in the CLI of Cisco Firepower Extensible Operating ...)
	NOT-FOR-US: Cisco
CVE-2017-12328 (A vulnerability in Session Initiation Protocol (SIP) call handling in ...)
	NOT-FOR-US: Cisco
CVE-2017-12327
	RESERVED
CVE-2017-12326
	RESERVED
CVE-2017-12325
	RESERVED
CVE-2017-12324
	RESERVED
CVE-2017-12323 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12322 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12321 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12320 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12319 (A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet ...)
	NOT-FOR-US: Cisco
CVE-2017-12318 (A vulnerability in the TCP state machine of Cisco RF Gateway 1 devices ...)
	NOT-FOR-US: Cisco
CVE-2017-12317 (The Cisco AMP For Endpoints application allows an authenticated, local ...)
	NOT-FOR-US: Cisco
CVE-2017-12316 (A vulnerability in the Guest Portal login page of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2017-12315 (A vulnerability in system logging when replication is being configured ...)
	NOT-FOR-US: Cisco
CVE-2017-12314 (A vulnerability in the Cisco FindIT Network Discovery Utility could ...)
	NOT-FOR-US: Cisco
CVE-2017-12313 (An untrusted search path (aka DLL Preload) vulnerability in the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12312 (An untrusted search path (aka DLL Preloading) vulnerability in the ...)
	NOT-FOR-US: Cisco
CVE-2017-12311 (A vulnerability in the H.264 decoder function of Cisco Meeting Server ...)
	NOT-FOR-US: Cisco
CVE-2017-12310 (A vulnerability in the auto discovery phase of Cisco Spark Hybrid ...)
	NOT-FOR-US: Cisco
CVE-2017-12309 (A vulnerability in the Cisco Email Security Appliance (ESA) could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12308 (A vulnerability in the web framework of Cisco Small Business Managed ...)
	NOT-FOR-US: Cisco
CVE-2017-12307 (A vulnerability in the web framework of Cisco Small Business Managed ...)
	NOT-FOR-US: Cisco
CVE-2017-12306 (A vulnerability in the upgrade process of Cisco Spark Board could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12305 (A vulnerability in the debug interface of Cisco IP Phone 8800 series ...)
	NOT-FOR-US: Cisco
CVE-2017-12304 (A vulnerability in the IOS daemon (IOSd) web-based management interface ...)
	NOT-FOR-US: Cisco
CVE-2017-12303 (A vulnerability in the Advanced Malware Protection (AMP) file filtering ...)
	NOT-FOR-US: Cisco
CVE-2017-12302 (A vulnerability in the Cisco Unified Communications Manager SQL ...)
	NOT-FOR-US: Cisco
CVE-2017-12301 (A vulnerability in the Python scripting subsystem of Cisco NX-OS ...)
	NOT-FOR-US: Cisco
CVE-2017-12300 (A vulnerability in the SNORT detection engine of Cisco Firepower System ...)
	NOT-FOR-US: Cisco
CVE-2017-12299 (A vulnerability exists in the process of creating default IP blocks ...)
	NOT-FOR-US: Cisco
CVE-2017-12298 (A vulnerability in Cisco WebEx Meeting Center could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12297 (A vulnerability in Cisco WebEx Meeting Center could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12296 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12295 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12294 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12293 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12292 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12291 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12290 (Multiple vulnerabilities in the web interface of the Cisco Registered ...)
	NOT-FOR-US: Cisco
CVE-2017-12289 (A vulnerability in conditional, verbose debug logging for the IPsec ...)
	NOT-FOR-US: Cisco
CVE-2017-12288 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-12287 (A vulnerability in the cluster database (CDB) management component of ...)
	NOT-FOR-US: Cisco
CVE-2017-12286 (A vulnerability in the web interface of Cisco Jabber could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12285 (A vulnerability in the web interface of Cisco Network Analysis Module ...)
	NOT-FOR-US: Cisco
CVE-2017-12284 (A vulnerability in the web interface of Cisco Jabber for Windows Client ...)
	NOT-FOR-US: Cisco
CVE-2017-12283 (A vulnerability in the handling of 802.11w Protected Management Frames ...)
	NOT-FOR-US: Cisco
CVE-2017-12282 (A vulnerability in the Access Network Query Protocol (ANQP) ingress ...)
	NOT-FOR-US: Cisco
CVE-2017-12281 (A vulnerability in the implementation of Protected Extensible ...)
	NOT-FOR-US: Cisco
CVE-2017-12280 (A vulnerability in the Control and Provisioning of Wireless Access ...)
	NOT-FOR-US: Cisco
CVE-2017-12279 (A vulnerability in the packet processing code of Cisco IOS Software for ...)
	NOT-FOR-US: Cisco
CVE-2017-12278 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
	NOT-FOR-US: Cisco
CVE-2017-12277 (A vulnerability in the Smart Licensing Manager service of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12276 (A vulnerability in the web framework code for the SQL database ...)
	NOT-FOR-US: Cisco
CVE-2017-12275 (A vulnerability in the implementation of 802.11v Basic Service Set ...)
	NOT-FOR-US: Cisco
CVE-2017-12274 (A vulnerability in Extensible Authentication Protocol (EAP) ingress ...)
	NOT-FOR-US: Cisco
CVE-2017-12273 (A vulnerability in 802.11 association request frame processing for the ...)
	NOT-FOR-US: Cisco
CVE-2017-12272 (A vulnerability in the web framework code of Cisco IOS XE Software ...)
	NOT-FOR-US: Cisco
CVE-2017-12271 (A vulnerability in Cisco SPA300 and SPA500 Series IP Phones could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-12270 (A vulnerability in the gRPC code of Cisco IOS XR Software for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12269 (A vulnerability in the web UI of Cisco Spark Messaging Software could ...)
	NOT-FOR-US: Cisco
CVE-2017-12268 (A vulnerability in the Network Access Manager (NAM) of Cisco AnyConnect ...)
	NOT-FOR-US: Cisco
CVE-2017-12267 (A vulnerability in the Independent Computing Architecture (ICA) ...)
	NOT-FOR-US: Cisco
CVE-2017-12266 (A vulnerability in the routine that loads DLL files in Cisco Meeting ...)
	NOT-FOR-US: Cisco
CVE-2017-12265 (A vulnerability in the web-based management interface of Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2017-12264 (A vulnerability in the Web Admin Interface of Cisco Meeting Server ...)
	NOT-FOR-US: Cisco
CVE-2017-12263 (A vulnerability in the web interface of Cisco License Manager software ...)
	NOT-FOR-US: Cisco
CVE-2017-12262 (A vulnerability within the firewall configuration of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12261 (A vulnerability in the restricted shell of the Cisco Identity Services ...)
	NOT-FOR-US: Cisco
CVE-2017-12260 (A vulnerability in the implementation of Session Initiation Protocol ...)
	NOT-FOR-US: Cisco
CVE-2017-12259 (A vulnerability in the implementation of Session Initiation Protocol ...)
	NOT-FOR-US: Cisco
CVE-2017-12258 (A vulnerability in the web-based UI of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-12257 (A vulnerability in the web framework of Cisco WebEx Meetings Server ...)
	NOT-FOR-US: Cisco
CVE-2017-12256 (A vulnerability in the Akamai Connect feature of Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2017-12255 (A vulnerability in the CLI of Cisco UCS Central Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12254 (A vulnerability in the web interface of Cisco Unified Intelligence ...)
	NOT-FOR-US: Cisco
CVE-2017-12253 (A vulnerability in the Cisco Unified Intelligence Center could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-12252 (A vulnerability in the Cisco FindIT Network Discovery Utility could ...)
	NOT-FOR-US: Cisco
CVE-2017-12251 (A vulnerability in the web console of the Cisco Cloud Services Platform ...)
	NOT-FOR-US: Cisco
CVE-2017-12250 (A vulnerability in the HTTP web interface for Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2017-12249 (A vulnerability in the Traversal Using Relay NAT (TURN) server included ...)
	NOT-FOR-US: Cisco Meeting Server
CVE-2017-12248 (A vulnerability in the web framework code of Cisco Unified Intelligence ...)
	NOT-FOR-US: Cisco
CVE-2017-12247
	RESERVED
CVE-2017-12246 (A vulnerability in the implementation of the direct authentication ...)
	NOT-FOR-US: Cisco
CVE-2017-12245 (A vulnerability in SSL traffic decryption for Cisco Firepower Threat ...)
	NOT-FOR-US: Cisco
CVE-2017-12244 (A vulnerability in the detection engine parsing of IPv6 packets for ...)
	NOT-FOR-US: Cisco
CVE-2017-12243 (A vulnerability in the Cisco Unified Computing System (UCS) Manager, ...)
	NOT-FOR-US: Cisco
CVE-2017-12242
	RESERVED
CVE-2017-12241
	RESERVED
CVE-2017-12240 (The DHCP relay subsystem of Cisco IOS 12.2 through 15.6 and Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-12239 (A vulnerability in motherboard console ports of line cards for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12238 (A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12237 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module ...)
	NOT-FOR-US: Cisco
CVE-2017-12236 (A vulnerability in the implementation of the Locator/ID Separation ...)
	NOT-FOR-US: Cisco
CVE-2017-12235 (A vulnerability in the implementation of the PROFINET Discovery and ...)
	NOT-FOR-US: Cisco
CVE-2017-12234 (Multiple vulnerabilities in the implementation of the Common Industrial ...)
	NOT-FOR-US: Cisco
CVE-2017-12233 (Multiple vulnerabilities in the implementation of the Common Industrial ...)
	NOT-FOR-US: Cisco
CVE-2017-12232 (A vulnerability in the implementation of a protocol in Cisco Integrated ...)
	NOT-FOR-US: Cisco
CVE-2017-12231 (A vulnerability in the implementation of Network Address Translation ...)
	NOT-FOR-US: Cisco
CVE-2017-12230 (A vulnerability in the web-based user interface (web UI) of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-12229 (A vulnerability in the REST API of the web-based user interface (web ...)
	NOT-FOR-US: Cisco
CVE-2017-12228 (A vulnerability in the Cisco Network Plug and Play application of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12227 (A vulnerability in the SQL database interface for Cisco Emergency ...)
	NOT-FOR-US: Cisco
CVE-2017-12226 (A vulnerability in the web-based Wireless Controller GUI of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-12225 (A vulnerability in the web functionality of the Cisco Prime LAN ...)
	NOT-FOR-US: Cisco
CVE-2017-12224 (A vulnerability in the ability for guest users to join meetings via a ...)
	NOT-FOR-US: Cisco
CVE-2017-12223 (A vulnerability in the ROM Monitor (ROMMON) code of Cisco IR800 ...)
	NOT-FOR-US: Cisco
CVE-2017-12222 (A vulnerability in the wireless controller manager of Cisco IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2017-12221 (A vulnerability in the web framework of Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2017-12220 (A vulnerability in the web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-12219 (A vulnerability in the handling of IP fragments for the Cisco Small ...)
	NOT-FOR-US: Cisco
CVE-2017-12218 (A vulnerability in the malware detection functionality within Advanced ...)
	NOT-FOR-US: Cisco
CVE-2017-12217 (A vulnerability in the General Packet Radio Service (GPRS) Tunneling ...)
	NOT-FOR-US: Cisco
CVE-2017-12216 (A vulnerability in the web-based user interface of Cisco SocialMiner ...)
	NOT-FOR-US: Cisco
CVE-2017-12215 (A vulnerability in the email message filtering feature of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2017-12214 (A vulnerability in the Operations, Administration, Maintenance, and ...)
	NOT-FOR-US: Cisco
CVE-2017-12213 (A vulnerability in the dynamic access control list (ACL) feature of ...)
	NOT-FOR-US: Cisco
CVE-2017-12212 (A vulnerability in the web framework of Cisco Unity Connection could ...)
	NOT-FOR-US: Cisco
CVE-2017-12211 (A vulnerability in the IPv6 Simple Network Management Protocol (SNMP) ...)
	NOT-FOR-US: Cisco
CVE-2017-12210
	RESERVED
CVE-2017-12209
	RESERVED
CVE-2017-12208
	RESERVED
CVE-2017-12207
	RESERVED
CVE-2017-12206
	RESERVED
CVE-2017-12205
	RESERVED
CVE-2017-12204
	RESERVED
CVE-2017-12203
	RESERVED
CVE-2017-12202
	RESERVED
CVE-2017-12201
	RESERVED
CVE-2016-10403
	RESERVED
CVE-2017-12425 (An issue was discovered in Varnish HTTP Cache 4.0.1 through 4.0.4, ...)
	{DSA-3924-1}
	- varnish 5.0.0-7.1 (bug #870467)
	[wheezy] - varnish <not-affected> (code path is not exposed to clients)
	NOTE: https://www.varnish-cache.org/security/VSV00001.html#vsv00001
	NOTE: https://github.com/varnishcache/varnish-cache/issues/2379
	NOTE: https://github.com/varnishcache/varnish-cache/commit/09731b24b2225e3c0d66d3ec1b4fedef6fa22b6e
CVE-2017-12200 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12199 (The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12198
	RESERVED
CVE-2017-12197 (It was found that libpam4j up to and including 1.8 did not properly ...)
	{DSA-4025-1 DLA-1165-1}
	- libpam4j 1.4-3 (bug #879001)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503103
	NOTE: https://github.com/kohsuke/libpam4j/issues/18
	NOTE: (Non-upstream) patch: https://github.com/letonez/libpam4j/commit/84f32f4001fc6bdcc125ccc959081de022d18b6d
CVE-2017-12196 (undertow before versions 1.4.18.SP1, 2.0.2.Final, 1.4.24.Final was ...)
	- undertow 1.4.25-1
	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1503055
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/facb33a5cedaf4b7b96d3840a08210370a806870
	NOTE: See also https://github.com/undertow-io/undertow/commit/8804170ce3186bdd83b486959399ec7ac0f59d0f
CVE-2017-12195
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2017-12194 (A flaw was found in the way spice-client processed certain messages ...)
	- spice-gtk <unfixed> (bug #898503)
	[stretch] - spice-gtk <no-dsa> (Minor issue)
	[jessie] - spice-gtk <no-dsa> (Minor issue)
	[wheezy] - spice-gtk <not-affected> (Vulnerable code is not in any binary package, only in the source package)
	NOTE: Proposed patches in: https://bugzilla.redhat.com/show_bug.cgi?id=1240165
	NOTE: Although not present in the binary packages the (de)marshal.py are used to
	NOTE: generate repsecitve code which should be in libspice-common-client.
CVE-2017-12193 (The assoc_array_insert_into_terminal_node function in lib/assoc_array.c ...)
	- linux 4.13.13-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/ea6789980fdaa610d7eb63602c746bf6ec70cd2b (4.14-rc7)
	NOTE: Introduced by: https://git.kernel.org/linus/3cb989501c2688cacbb7dc4b0d353faf838f53a1 (3.13-rc1)
CVE-2017-12192 (The keyctl_read_key function in security/keys/keyctl.c in the Key ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/37863c43b2c6464f252862bf2e9768264e961678 (4.14-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/61ea0c0ba904a55f55317d850c1072ff7835ac92 (3.13-rc1)
CVE-2017-12191 (A flaw was found in the CloudForms account configuration when using ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-12190 (The bio_map_user_iov and bio_unmap_user functions in block/bio.c in the ...)
	{DLA-1200-1}
	- linux 4.13.10-1
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1495089
CVE-2017-12189 (It was discovered that the jboss init script as used in Red Hat JBoss ...)
	NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2017-12188 (arch/x86/kvm/mmu.c in the Linux kernel through 4.13.5, when nested ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1500380
	NOTE: https://www.spinics.net/lists/kvm/msg156651.html
CVE-2017-12187 (xorg-x11-server before 1.19.5 was missing length validation in RENDER ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12186 (xorg-x11-server before 1.19.5 was missing length validation in ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.5-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12185 (xorg-x11-server before 1.19.5 was missing length validation in ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12184 (xorg-x11-server before 1.19.5 was missing length validation in ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=cad5a1050b7184d828aef9c1dd151c3ab649d37e
CVE-2017-12183 (xorg-x11-server before 1.19.5 was missing length validation in XFIXES ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=55caa8b08c84af2b50fbc936cf334a5a93dd7db5
CVE-2017-12182 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12181 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.5-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12180 (xorg-x11-server before 1.19.5 was missing length validation in XFree86 ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=1b1d4c04695dced2463404174b50b3581dbd857b
CVE-2017-12179 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ...)
	{DSA-4000-1}
	- xorg-server 2:1.19.5-1
	[wheezy] - xorg-server <not-affected> (Vulnerable code introduced later)
CVE-2017-12178 (xorg-x11-server before 1.19.5 had wrong extra length check in ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=859b08d523307eebde7724fd1a0789c44813e821
CVE-2017-12177 (xorg-x11-server before 1.19.5 was vulnerable to integer overflow in ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=4ca68b878e851e2136c234f40a25008297d8d831
CVE-2017-12176 (xorg-x11-server before 1.19.5 was missing extra length validation in ...)
	{DSA-4000-1 DLA-1186-1}
	- xorg-server 2:1.19.5-1
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=b747da5e25be944337a9cd1415506fc06b70aa81
CVE-2017-12175
	RESERVED
	NOT-FOR-US: Red Hat Satellite
CVE-2017-12174 (It was found that when Artemis and HornetQ before 2.4.0 are configured ...)
	NOT-FOR-US: Artemis and HornetQ
CVE-2017-12173 [unsanitized input when searching in local cache database]
	RESERVED
	- sssd 1.15.3-2 (bug #877885)
	[jessie] - sssd <not-affected> (Vulnerable code introduced later)
	[wheezy] - sssd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1498173
	NOTE: Fixed by: https://pagure.io/SSSD/sssd/c/1f2662c8f97c9c0fa250055d4b6750abfc6d0835
	NOTE: Introduced by https://pagure.io/SSSD/sssd/c/7ecb5aea65cb1899f16e7a41bffa93d074defd4a (sssd-1_12_0)
CVE-2017-12172 (PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, ...)
	- postgresql-10 10.1-1 (unimportant)
	- postgresql-9.6 <removed> (unimportant)
	[stretch] - postgresql-9.6 9.6.6-0+deb9u1
	- postgresql-9.4 <removed> (unimportant)
	[jessie] - postgresql-9.4 9.4.15-0+deb8u1
	- postgresql-9.1 <removed> (unimportant)
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not installed)
	NOTE: Issue in sample init-scirpt as provided by postgresql project, but not installed
CVE-2017-12171 [httpd: # character matches all IPs]
	RESERVED
	- apache2 <not-affected> (Introduced by Red Hat RHEL 6.9 specific non-security patch)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1493056
CVE-2017-12170 (Downstream version 1.0.46-1 of pure-ftpd as shipped in Fedora was ...)
	- pure-ftpd <not-affected> (Fedora specific packaging error)
CVE-2017-12169 (It was found that FreeIPA 4.2.0 and later could disclose password ...)
	- freeipa <unfixed> (low; bug #895950)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1487697
	NOTE: Proposed patch: https://bugzilla.redhat.com/attachment.cgi?id=1331008
CVE-2017-12168 (The access_pmu_evcntr function in arch/arm64/kvm/sys_regs.c in the ...)
	- linux 4.8.11-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/9e3f7a29694049edd728e2400ab57ad7553e5aa9 (4.9-rc6)
CVE-2017-12167
	RESERVED
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2017-12166 (OpenVPN versions before 2.3.3 and 2.4.x before 2.4.4 are vulnerable to ...)
	- openvpn 2.4.4-1 (bug #877089)
	[stretch] - openvpn <no-dsa> (Minor issue)
	[jessie] - openvpn <no-dsa> (Minor issue)
	[wheezy] - openvpn <no-dsa> (Minor issue)
	NOTE: https://community.openvpn.net/openvpn/wiki/CVE-2017-12166
	NOTE: http://www.openwall.com/lists/oss-security/2017/09/28/2
	NOTE: https://community.openvpn.net/openvpn/changeset/3b1a61e9fb27213c46f76312f4065816bee8ed01/ (master)
	NOTE: https://community.openvpn.net/openvpn/changeset/c7e259160b28e94e4ea7f0ef767f8134283af255/ (release/2.4)
	NOTE: https://community.openvpn.net/openvpn/changeset/fce34375295151f548a26c2d0eb30141e427c81a/ (release/2.3)
	NOTE: https://community.openvpn.net/openvpn/changeset/a9f5c744d6b09f2495ca48d2c926efd3a4b981e6/ (release/2.2)
CVE-2017-12165 [improper whitespace parsing leading to potential HTTP request smuggling]
	RESERVED
	- undertow <unfixed> (bug #885338)
	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490301
	NOTE: Fix likely included in the same commit as the fix for CVE-2017-7559
	NOTE: https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
CVE-2017-12164 [lock screen can be circumvented when autologin is set]
	RESERVED
	- gdm3 3.26.0-1
	[stretch] - gdm3 <not-affected> (Vulnerable code not present)
	[jessie] - gdm3 <not-affected> (Vulnerable code not present)
	[wheezy] - gdm3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1490417
	NOTE: Introduced in https://git.gnome.org/browse/gdm/commit/?id=ff98b28
CVE-2017-12163 [Server memory information leak over SMB1]
	RESERVED
	{DSA-3983-1 DLA-1110-1}
	- samba 2:4.6.7+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-12163.html
CVE-2017-12162
	RESERVED
CVE-2017-12161 (It was found that keycloak before 3.4.2 final would permit misuse of a ...)
	NOT-FOR-US: Keycloak
CVE-2017-12160 (It was found that Keycloak oauth would permit an authenticated ...)
	NOT-FOR-US: Keycloak
CVE-2017-12159 (It was found that the cookie used for CSRF prevention in Keycloak was ...)
	NOT-FOR-US: Keycloak
CVE-2017-12158 (It was found that Keycloak would accept a HOST header URL in the admin ...)
	NOT-FOR-US: Keycloak
CVE-2017-12157 (In Moodle 3.x, various course reports allow teachers to view details ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=358586
CVE-2017-12156 (Moodle 3.x has XSS in the contact form on the &quot;non-respondents&quot; page in ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=358585
CVE-2017-12155 (A resource-permission flaw was found in the ...)
	- tripleo-heat-templates <undetermined>
CVE-2017-12154 (The prepare_vmcs02 function in arch/x86/kvm/vmx.c in the Linux kernel ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/51aa68e7d57e3217192d88ce90fd5b8ef29ec94f (v4.14-rc1)
	NOTE: https://www.spinics.net/lists/kvm/msg155414.html
CVE-2017-12153 (A security flaw was discovered in the nl80211_set_rekey_data() function ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.13-1
	NOTE: https://marc.info/?t=150525503100001&r=1&w=2
	NOTE: https://marc.info/?l=linux-wireless&m=150525493517953&w=2
CVE-2017-12152
	RESERVED
CVE-2017-12151 [SMB3 connections don't keep encryption across DFS redirects]
	RESERVED
	{DSA-3983-1}
	- samba 2:4.6.7+dfsg-2
	[wheezy] - samba <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.samba.org/samba/security/CVE-2017-12151.html
CVE-2017-12150 [SMB1/2/3 connections may not require signing where they should]
	RESERVED
	{DSA-3983-1 DLA-1110-1}
	- samba 2:4.6.7+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-12150.html
CVE-2017-12149 (In Jboss Application Server as shipped with Red Hat Enterprise ...)
	- jbossas4 <removed>
	[wheezy] - jbossas4 <end-of-life> (incomplete packaging, 4.x series released more than nine years ago.)
CVE-2017-12148
	RESERVED
	NOT-FOR-US: Ansible Tower
CVE-2017-12147
	RESERVED
CVE-2017-12146 (The driver_override implementation in drivers/base/platform.c in the ...)
	- linux 4.11.11-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/6265539776a0810b7ce6398c27866ddb9c6bd154 (v4.13-rc1)
CVE-2017-12145 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
	- libquicktime <unfixed> (unimportant)
	NOTE: Negligable security impact
CVE-2017-12144 (In ytnef 1.9.2, an allocation failure was found in the function ...)
	- libytnef <unfixed> (bug #870817)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/51
CVE-2017-12143 (In libquicktime 1.2.4, an allocation failure was found in the function ...)
	- libquicktime <unfixed> (unimportant)
	NOTE: Negligable security impact
CVE-2017-12142 (In ytnef 1.9.2, an invalid memory read vulnerability was found in the ...)
	- libytnef <unfixed> (low; bug #870816)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/49
CVE-2017-12141 (In ytnef 1.9.2, a heap-based buffer overflow vulnerability was found in ...)
	- libytnef <unfixed> (low; bug #870815)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/50
CVE-2017-12140 (The ReadDCMImage function in coders\dcm.c in ImageMagick 7.0.6-1 has an ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.9.34+dfsg-3 (low; bug #873059)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/533
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/94933146cb2d9d95889a385f08d5eb5f92d4e3cd
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/6bf56fbe1fc551f198c3491ed58d56bb5efea23c
CVE-2017-12139 (XOOPS Core 2.5.8 has stored XSS in imagemanager.php because of missing ...)
	NOT-FOR-US: XOOPS
CVE-2017-12138 (XOOPS Core 2.5.8 has a stored URL redirect bypass vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2017-12137 (arch/x86/mm.c in Xen allows local PV guest OS users to gain host OS ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-227.html
CVE-2017-12136 (Race condition in the grant table code in Xen 4.6.x through 4.9.x ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <not-affected> (Only affects 4.6 and later)
	[wheezy] - xen <not-affected> (Only affects 4.6 and later)
	NOTE: https://xenbits.xen.org/xsa/advisory-228.html
CVE-2017-12135 (Xen allows local OS guest users to cause a denial of service (crash) ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-226.html
CVE-2017-12134 (The xen_biovec_phys_mergeable function in drivers/xen/biomerge.c in ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.12-1
	NOTE: https://xenbits.xen.org/xsa/advisory-229.html
	NOTE: https://git.kernel.org/linus/462cdace790ac2ed6aad1b19c9c0af0143b6aab0 (v4.13-rc6)
CVE-2017-12133 (Use-after-free vulnerability in the clntudp_call function in ...)
	- glibc 2.24-15 (bug #870648)
	[stretch] - glibc 2.24-11+deb9u2
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: issue introduced by fix for CVE-2016-4429
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21115
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d42eed4a044e5e10dfb885cf9891c2518a72a491
CVE-2017-12132 (The DNS stub resolver in the GNU C Library (aka glibc or libc6) before ...)
	[experimental] - glibc 2.25-0experimental1
	- glibc 2.25-1 (bug #870650)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21361
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e14a27723cc3a154d67f3f26e719d08c0ba9ad25
	NOTE: https://arxiv.org/pdf/1205.4011.pdf
CVE-2017-12131 (The Easy Testimonials plugin 3.0.4 for WordPress has XSS in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12130 (An exploitable NULL pointer dereference vulnerability exists in the ...)
	NOT-FOR-US: tinysvcmdns
CVE-2017-12129 (An exploitable Weak Cryptography for Passwords vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2017-12128 (An exploitable information disclosure vulnerability exists in the ...)
	NOT-FOR-US: Moxa
CVE-2017-12127 (A password storage vulnerability exists in the operating system ...)
	NOT-FOR-US: Moxa
CVE-2017-12126 (An exploitable cross-site request forgery vulnerability exists in the ...)
	NOT-FOR-US: Moxa
CVE-2017-12125 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-12124 (An exploitable denial of service vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-12123 (An exploitable clear text transmission of password vulnerability ...)
	NOT-FOR-US: Moxa
CVE-2017-12122 (An exploitable code execution vulnerability exists in the ILBM image ...)
	{DSA-4184-1 DSA-4177-1 DLA-1341-1}
	- libsdl2-image 2.0.3+dfsg1-1
	- sdl-image1.2 1.2.12-8
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0488
	NOTE: https://hg.libsdl.org/SDL_image/rev/16772bbb1b09
	NOTE: https://hg.libsdl.org/SDL_image/rev/97f7f01e0665
CVE-2017-12121 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-12120 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2017-12119 (An exploitable unhandled exception vulnerability exists in multiple ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12118 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12117 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12116 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12115 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12114 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12113 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12112 (An exploitable improper authorization vulnerability exists in ...)
	- cpp-ethereum <itp> (bug #860434)
CVE-2017-12111 (An exploitable out-of-bounds vulnerability exists in the xls_addCell ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0463
CVE-2017-12110 (An exploitable integer overflow vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0462
CVE-2017-12109 (An exploitable integer overflow vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0461
CVE-2017-12108 (An exploitable integer overflow vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460
CVE-2017-12107 (An memory corruption vulnerability exists in the .PCX parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-12106 (A memory corruption vulnerability exists in the .TGA parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-12105 (An exploitable integer overflow exists in the way that the Blender ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0457
CVE-2017-12104 (An exploitable integer overflow exists in the way that the Blender ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0456
CVE-2017-12103 (An exploitable integer overflow exists in the way that the Blender ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0455
CVE-2017-12102 (An exploitable integer overflow exists in the way that the Blender ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e6df02861e17f75d4dd243776f35208681b78465
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0454
CVE-2017-12101 (An exploitable integer overflow exists in the ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0453
CVE-2017-12100 (An exploitable integer overflow exists in the 'multires_load_old_dm' ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0452
CVE-2017-12099 (An exploitable integer overflow exists in the upgrade of the legacy ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0451
CVE-2017-12098 (An exploitable cross site scripting (XSS) vulnerability exists in the ...)
	- ruby-rails-admin <unfixed>
	[stretch] - ruby-rails-admin <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0450
CVE-2017-12097 (An exploitable cross site scripting (XSS) vulnerability exists in the ...)
	NOT-FOR-US: delayed_job_web rails gem
CVE-2017-12096 (An exploitable vulnerability exists in the WiFi management of Circle ...)
	NOT-FOR-US: Circle of Disney
CVE-2017-12095 (An exploitable vulnerability exists in the WiFi Access Point feature ...)
	NOT-FOR-US: Circle of Disney
CVE-2017-12094 (An exploitable vulnerability exists in the WiFi Channel parsing of ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12093 (An exploitable insufficient resource pool vulnerability exists in the ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12092
	RESERVED
CVE-2017-12091
	REJECTED
CVE-2017-12090 (An exploitable denial of service vulnerability exists in the ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12089 (An exploitable denial of service vulnerability exists in the program ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12088 (An exploitable denial of service vulnerability exists in the Ethernet ...)
	NOT-FOR-US: Allen Bradley Micrologix
CVE-2017-12087 (An exploitable heap overflow vulnerability exists in the tinysvcmdns ...)
	- shairport-sync 3.1.4-1 (unimportant; bug #882508)
	NOTE: Debian build uses Avahi instead
	NOTE: https://bugs.launchpad.net/ubuntu/+source/shairport-sync/+bug/1729668
CVE-2017-12086 (An exploitable integer overflow exists in the ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0438
CVE-2017-12085 (An exploitable routing vulnerability exists in the Circle with Disney ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12084 (A backdoor vulnerability exists in remote control functionality of ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12083 (An exploitable information disclosure vulnerability exists in the apid ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-12082 (An exploitable integer overflow exists in the 'CustomData' Mesh ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0434
CVE-2017-12081 (An exploitable integer overflow exists in the upgrade of a legacy Mesh ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/e04d7c49dca9dc7bbf1cbe446b612aaa5ba12581
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0433
CVE-2017-12080 (An information exposure vulnerability in default HTTP configuration ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-12079 (Files or directories accessible to external parties vulnerability in ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-12078
	RESERVED
CVE-2017-12077 (Uncontrolled Resource Consumption vulnerability in ...)
	NOT-FOR-US: Synology
CVE-2017-12076 (Uncontrolled Resource Consumption vulnerability in ...)
	NOT-FOR-US: Synology
CVE-2017-12075
	RESERVED
CVE-2017-12074 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: Synology
CVE-2017-12073
	RESERVED
CVE-2017-12072 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...)
	NOT-FOR-US: Synology
CVE-2017-12071 (Server-side request forgery (SSRF) vulnerability in file_upload.php in ...)
	NOT-FOR-US: Synology
CVE-2017-12070
	RESERVED
CVE-2017-12069 (An XXE vulnerability has been identified in OPC Foundation UA .NET ...)
	NOT-FOR-US: OPC Foundation UA .NET Sampe code and Local Discovery Server affecting various vendors
CVE-2017-12068 (The Event List plugin 0.7.9 for WordPress has XSS in the slug array ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-12067 (Potrace 1.14 has a heap-based buffer over-read in the interpolate_cubic ...)
	- potrace 1.15-1 (unimportant; bug #870356)
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/potrace/heap-buffer-overflow-mkbitmap
	NOTE: Upstream bug report https://sourceforge.net/p/potrace/bugs/22/
	NOTE: Crash only in CLI tool mkbitmap, negligible security impact
CVE-2017-12066 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
	- cacti 1.1.16+ds1-1 (bug #870354)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
	NOTE: https://github.com/Cacti/cacti/issues/877
CVE-2017-12065 (spikekill.php in Cacti before 1.1.16 might allow remote attackers to ...)
	- cacti 1.1.16+ds1-1 (bug #870353)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/commit/bd0e586f6f46d814930226f1516a194e7e72293e
	NOTE: https://github.com/Cacti/cacti/issues/877
CVE-2017-12064 (The csv_log_html function in library/edihistory/edih_csv_inc.php in ...)
	NOT-FOR-US: OpenEMR
CVE-2017-12063
	RESERVED
CVE-2017-12062 (An XSS issue was discovered in manage_user_page.php in MantisBT 2.x ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
CVE-2017-12061 (An XSS issue was discovered in admin/install.php in MantisBT before ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
CVE-2017-12060
	RESERVED
CVE-2017-12059
	RESERVED
CVE-2017-12058
	RESERVED
CVE-2017-12057
	RESERVED
CVE-2017-12056
	RESERVED
CVE-2017-12055
	RESERVED
CVE-2017-12054
	RESERVED
CVE-2017-12053
	RESERVED
CVE-2017-12052
	RESERVED
CVE-2017-12051
	RESERVED
CVE-2017-12050
	RESERVED
CVE-2017-12049
	RESERVED
CVE-2017-12048
	RESERVED
CVE-2017-12047
	RESERVED
CVE-2017-12046
	RESERVED
CVE-2017-12045
	RESERVED
CVE-2017-12044
	RESERVED
CVE-2017-12043
	RESERVED
CVE-2017-12042
	RESERVED
CVE-2017-12041
	RESERVED
CVE-2017-12040
	RESERVED
CVE-2017-12039
	RESERVED
CVE-2017-12038
	RESERVED
CVE-2017-12037
	RESERVED
CVE-2017-12036
	RESERVED
CVE-2017-12035
	RESERVED
CVE-2017-12034
	RESERVED
CVE-2017-12033
	RESERVED
CVE-2017-12032
	RESERVED
CVE-2017-12031
	RESERVED
CVE-2017-12030
	RESERVED
CVE-2017-12029
	RESERVED
CVE-2017-12028
	RESERVED
CVE-2017-12027
	RESERVED
CVE-2017-12026
	RESERVED
CVE-2017-12025
	RESERVED
CVE-2017-12024
	RESERVED
CVE-2017-12023
	RESERVED
CVE-2017-12022
	RESERVED
CVE-2017-12021
	RESERVED
CVE-2017-12020
	RESERVED
CVE-2017-12019
	RESERVED
CVE-2017-12018
	RESERVED
CVE-2017-12017
	RESERVED
CVE-2017-12016
	RESERVED
CVE-2017-12015
	RESERVED
CVE-2017-12014
	RESERVED
CVE-2017-12013
	RESERVED
CVE-2017-12012
	RESERVED
CVE-2017-12011
	RESERVED
CVE-2017-12010
	RESERVED
CVE-2017-12009
	RESERVED
CVE-2017-12008
	RESERVED
CVE-2017-12007
	RESERVED
CVE-2017-12006
	RESERVED
CVE-2017-12005
	RESERVED
CVE-2017-12004
	RESERVED
CVE-2017-12003
	RESERVED
CVE-2017-12002
	RESERVED
CVE-2017-12001
	RESERVED
CVE-2017-12000
	RESERVED
CVE-2017-11999
	RESERVED
CVE-2017-11998
	RESERVED
CVE-2017-11997
	RESERVED
CVE-2017-11996
	RESERVED
CVE-2017-11995
	RESERVED
CVE-2017-11994
	RESERVED
CVE-2017-11993
	RESERVED
CVE-2017-11992
	RESERVED
CVE-2017-11991
	RESERVED
CVE-2017-11990
	RESERVED
CVE-2017-11989
	RESERVED
CVE-2017-11988
	RESERVED
CVE-2017-11987
	RESERVED
CVE-2017-11986
	RESERVED
CVE-2017-11985
	RESERVED
CVE-2017-11984
	RESERVED
CVE-2017-11983
	RESERVED
CVE-2017-11982
	RESERVED
CVE-2017-11981
	RESERVED
CVE-2017-11980
	RESERVED
CVE-2017-11979
	RESERVED
CVE-2017-11978
	RESERVED
CVE-2017-11977
	RESERVED
CVE-2017-11976
	RESERVED
CVE-2017-11975
	RESERVED
CVE-2017-11974
	RESERVED
CVE-2017-11973
	RESERVED
CVE-2017-11972
	RESERVED
CVE-2017-11971
	RESERVED
CVE-2017-11970
	RESERVED
CVE-2017-11969
	RESERVED
CVE-2017-11968
	RESERVED
CVE-2017-11967
	RESERVED
CVE-2017-11966
	RESERVED
CVE-2017-11965
	RESERVED
CVE-2017-11964
	RESERVED
CVE-2017-11963
	RESERVED
CVE-2017-11962
	RESERVED
CVE-2017-11961
	RESERVED
CVE-2017-11960
	RESERVED
CVE-2017-11959
	RESERVED
CVE-2017-11958
	RESERVED
CVE-2017-11957
	RESERVED
CVE-2017-11956
	RESERVED
CVE-2017-11955
	RESERVED
CVE-2017-11954
	RESERVED
CVE-2017-11953
	RESERVED
CVE-2017-11952
	RESERVED
CVE-2017-11951
	RESERVED
CVE-2017-11950
	RESERVED
CVE-2017-11949
	RESERVED
CVE-2017-11948
	RESERVED
CVE-2017-11947
	RESERVED
CVE-2017-11946
	RESERVED
CVE-2017-11945
	RESERVED
CVE-2017-11944
	RESERVED
CVE-2017-11943
	RESERVED
CVE-2017-11942
	RESERVED
CVE-2017-11941
	RESERVED
CVE-2017-11940 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-11939 (Microsoft Office 2016 Click-to-Run (C2R) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-11938
	RESERVED
CVE-2017-11937 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-11936 (Microsoft SharePoint Enterprise Server 2016 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2017-11935 (Microsoft Office 2016 Click-to-Run (C2R) allows a remote code ...)
	NOT-FOR-US: Microsoft
CVE-2017-11934 (Microsoft Office 2013 RT SP1, Microsoft Office 2013 SP1, and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11933
	RESERVED
CVE-2017-11932 (Microsoft Exchange Server 2016 CU5 and Microsoft Exchange Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11931
	RESERVED
CVE-2017-11930 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11929
	RESERVED
CVE-2017-11928
	RESERVED
CVE-2017-11927 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11926
	RESERVED
CVE-2017-11925
	RESERVED
CVE-2017-11924
	RESERVED
CVE-2017-11923
	RESERVED
CVE-2017-11922
	RESERVED
CVE-2017-11921
	RESERVED
CVE-2017-11920
	RESERVED
CVE-2017-11919 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11918 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11917
	RESERVED
CVE-2017-11916 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11915
	RESERVED
CVE-2017-11914 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11913 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11912 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11911 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11910 (ChakraCore and Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11909 (ChakraCore and Windows 10 1511, 1607, 1703, 1709, and Windows Server ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11908 (ChakraCore and Windows 10 1709 allows an attacker to execute arbitrary ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11907 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11906 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11905 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11904
	RESERVED
CVE-2017-11903 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11902
	RESERVED
CVE-2017-11901 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11900
	RESERVED
CVE-2017-11899 (Device Guard in Windows 10 1511, 1607, 1703 and 1709, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11898
	RESERVED
CVE-2017-11897
	RESERVED
CVE-2017-11896
	RESERVED
CVE-2017-11895 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11894 (ChakraCore, and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11893 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11892
	RESERVED
CVE-2017-11891
	RESERVED
CVE-2017-11890 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11889 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft ChakraCore
CVE-2017-11888 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft Edge
CVE-2017-11887 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2017-11886 (Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11885 (Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-11884 (Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run ...)
	NOT-FOR-US: Microsoft
CVE-2017-11883 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...)
	NOT-FOR-US: .NET core
CVE-2017-11882 (Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service ...)
	NOT-FOR-US: Microsoft
CVE-2017-11881
	RESERVED
CVE-2017-11880 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11879 (ASP.NET Core 2.0 allows an attacker to steal log-in session ...)
	NOT-FOR-US: Microsoft
CVE-2017-11878 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...)
	NOT-FOR-US: Microsoft
CVE-2017-11877 (Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack ...)
	NOT-FOR-US: Microsoft
CVE-2017-11876 (Microsoft Project Server and Microsoft SharePoint Enterprise Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11875
	RESERVED
CVE-2017-11874 (Microsoft Edge in Microsoft Windows 10 1703, 1709, Windows Server, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11873 (ChakraCore and Microsoft Edge in Windows 10 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11872 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11871 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11870 (ChakraCore and Microsoft Edge in Windows 10 1703, 1709, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11869 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-11868
	RESERVED
CVE-2017-11867
	RESERVED
CVE-2017-11866 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11865
	RESERVED
CVE-2017-11864
	RESERVED
CVE-2017-11863 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11862 (ChakraCore and Microsoft Edge in Windows 10 1709 and Windows Server, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11861 (Microsoft Edge in Windows 10 1607, 1703, 1709, Windows Server 2016 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-11860
	RESERVED
CVE-2017-11859
	RESERVED
CVE-2017-11858 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11857
	RESERVED
CVE-2017-11856 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11855 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11854 (Microsoft Word 2007 Service Pack 3, Microsoft Word 2010 Service Pack ...)
	NOT-FOR-US: Microsoft
CVE-2017-11853 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11852 (Microsoft GDI Component in Windows 7 SP1 and Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11851 (The Windows kernel component on Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11850 (Microsoft Graphics Component in Windows 8.1 and RT 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11849 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11848 (Internet Explorer in Microsoft Microsoft Windows 7 SP1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11847 (Windows kernel in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11846 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11845 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-11844 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11843 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11842 (Windows kernel in Windows 8.1 and RT 8.1, Server 2012 and R2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11841 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11840 (ChakraCore and Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11839 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11838 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11837 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11836 (ChakraCore, and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11835 (Microsoft graphics in Windows 7 SP1 and Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11834 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11833 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, 1709, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11832 (The Microsoft Windows embedded OpenType (EOT) font engine in Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11831 (Windows kernel in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11830 (Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11829 (Microsoft Windows 10 allows an elevation of privilege vulnerability ...)
	NOT-FOR-US: Microsoft
CVE-2017-11828
	RESERVED
CVE-2017-11827 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11826 (Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2017-11825 (Microsoft Office 2016 Click-to-Run (C2R) and Microsoft Office 2016 for ...)
	NOT-FOR-US: Microsoft
CVE-2017-11824 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11823 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11822 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11821 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-11820 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11819 (Microsoft Windows 7 SP1 allows an attacker to execute arbitrary code ...)
	NOT-FOR-US: Microsoft
CVE-2017-11818 (The Microsoft Windows Storage component on Microsoft Windows 8.1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11817 (The Microsoft Windows Kernel component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11816 (The Microsoft Windows Graphics Device Interface (GDI) on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11815 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11814 (The Microsoft Windows Kernel component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11813 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11812 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1511, 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11811 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11810 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11809 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11808 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11807 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-11806 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-11805 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-11804 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11803 (Microsoft Edge in Microsoft Windows 10 1703, 1709 and Windows Server, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11802 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11801 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
	NOT-FOR-US: Microsoft
CVE-2017-11800 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11799 (ChakraCore and Microsoft Edge in Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11798 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-11797 (ChakraCore allows an attacker to execute arbitrary code in the context ...)
	NOT-FOR-US: Microsoft
CVE-2017-11796 (ChakraCore and Microsoft Edge in Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-11795
	RESERVED
CVE-2017-11794 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-11793 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11792 (ChakraCore and Microsoft Edge in Microsoft Windows 10 1703 allow an ...)
	NOT-FOR-US: Microsoft
CVE-2017-11791 (ChakraCore and Internet Explorer in Microsoft Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11790 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11789
	RESERVED
CVE-2017-11788 (Windows Search in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11787
	RESERVED
CVE-2017-11786 (Skype for Business in Microsoft Lync 2013 SP1 and Skype for Business ...)
	NOT-FOR-US: Skype
CVE-2017-11785 (The Microsoft Windows Kernel component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11784 (The Microsoft Windows Kernel component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11783 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-11782 (The Microsoft Server Block Message (SMB) on Microsoft Windows 10 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11781 (The Microsoft Server Block Message (SMB) on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11780 (The Server Message Block 1.0 (SMBv1) on Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11779 (The Microsoft Windows Domain Name System (DNS) DNSAPI.dll on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11778
	RESERVED
CVE-2017-11777 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11776 (Microsoft Outlook 2016 allows an attacker to obtain the email content ...)
	NOT-FOR-US: Microsoft
CVE-2017-11775 (Microsoft SharePoint Enterprise Server 2013 SP1 and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-11774 (Microsoft Outlook 2010 SP2, Outlook 2013 SP1 and RT SP1, and Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2017-11773
	RESERVED
CVE-2017-11772 (The Microsoft Windows Search component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11771 (The Microsoft Windows Search component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11770 (.NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to ...)
	NOT-FOR-US: .NET Core
CVE-2017-11769 (The Microsoft Windows TRIE component on Microsoft Windows 10 Gold, ...)
	NOT-FOR-US: Microsoft
CVE-2017-11768 (Windows Media Player in Windows 7 SP1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11767 (ChakraCore allows an attacker to gain the same user rights as the ...)
	NOT-FOR-US: Microsoft
CVE-2017-11766 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-11765 (The Microsoft Windows Kernel component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11764 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-11763 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11762 (The Microsoft Graphics Component on Microsoft Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11761 (Microsoft Exchange Server 2013 and Microsoft Exchange Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-11760 (uploadImage.php in ProjeQtOr before 6.3.2 allows remote authenticated ...)
	NOT-FOR-US: ProjeQtOr
CVE-2017-11759
	RESERVED
CVE-2017-11758
	RESERVED
CVE-2017-11757 (Heap-based buffer overflow in Actian Pervasive PSQL v12.10 and Zen v13 ...)
	NOT-FOR-US: Actian Pervasive PSQL server
CVE-2017-XXXX [executes javascript code downloaded from insecure URL]
	- smplayer 17.7.0~ds0-1 (low; bug #870233)
	[stretch] - smplayer <no-dsa> (Minor issue)
	[jessie] - smplayer <no-dsa> (Minor issue)
	[wheezy] - smplayer <not-affected> (vulnerable code not present)
	NOTE: The version tracking here is not 100% since the vulnerable code still would
	NOTE: be present in the source. Users though need to explicitly rebuilt the package
	NOTE: changing the upstream pro file to enable YT_USE_YTSIG. YT_USE_YTSIG is
	NOTE: disabled by default on upstream since 17.2.0
CVE-2017-13140 (In ImageMagick before 6.9.9-1 and 7.x before 7.0.6-2, the ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870111)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/596
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/62fcf3d9638b87cd7ac81962cadf5bf88db62fa0
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/75f7e994e4e990627a5a37385bcc9a0205013645
CVE-2017-13139 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, the ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870109)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/22e0310345499ffe906c604428f2a3a668942b05
CVE-2017-12643 (ImageMagick 7.0.6-1 has a memory exhaustion vulnerability in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870107)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/549
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eedb5660f1704cde8e8cd784c5c2a09dd2fd60f
CVE-2017-13142 (In ImageMagick before 6.9.9-0 and 7.x before 7.0.6-1, a crafted PNG ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (low; bug #870105)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/46e3aabbf8d59a1bdebdbb65acb9b9e0484577d3
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aa84944b405acebbeefe871d0f64969b9e9f31ac
CVE-2017-11756 (In Earcms Ear Music through 4.1 build 20170710, remote authenticated ...)
	NOT-FOR-US: Earcms
CVE-2017-11755 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/634
	NOTE: Possibly fixed by same commit as issue #631 upstream
CVE-2017-11754 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
	- imagemagick <unfixed> (unimportant)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/633
	NOTE: ossibly fixed by same commit as issue #631 upstream
CVE-2017-11753 (The GetImageDepth function in MagickCore/attribute.c in ImageMagick ...)
	- imagemagick <not-affected> (Affects only ImageMagick-7; vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/629
CVE-2017-11752 (The ReadMAGICKImage function in coders/magick.c in ImageMagick 7.0.6-4 ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870481)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/628
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/21d19d0c64ff070dbf37279432837bf425c0d5dd
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9eccfd52199616da66c93b6d627d4d4126f5a5f0
CVE-2017-11751 (The WritePICONImage function in coders/xpm.c in ImageMagick 7.0.6-4 ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-16 (unimportant; bug #870480)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/631
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/cb713211bad3fa4f0c535255fa043917482fc964
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/b04e9c949d917a4a603f1a9bfe09737246229323
CVE-2017-11750 (The ReadOneJNGImage function in coders/png.c in ImageMagick 6.9.9-4 and ...)
	- imagemagick 8:6.9.7.4+dfsg-16 (bug #870478)
	[stretch] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
	[jessie] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
	[wheezy] - imagemagick <not-affected> (Incomplete patch for upstream issues/618 not applied)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/632
	NOTE: Introduced by: https://github.com/ImageMagick/ImageMagick/commit/8cc53f1d8946bad2a2c62e084aaf956d4d889f08
	NOTE: Introduced by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/3cba1bb43acf5b3cba7388f67bf87b6f192138f0
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/1828667e81e53345cfb3eb46539d78757f1aa680
	NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/253d56027765dcbd8d6bc2bbd7d59aa41dab60e7
	NOTE: Issue introduced by the original patch for https://github.com/ImageMagick/ImageMagick/issues/618
	TODO: check if patch simplifying patch applied in any suite
CVE-2017-11749 (InternetSoft FTP Commander 8.02 and prior has an untrusted search path, ...)
	NOT-FOR-US: InternetSoft FTP Commander
CVE-2017-11748 (VIT Spider Player 2.5.3 has an untrusted search path, allowing DLL ...)
	NOT-FOR-US: VIT Spider Player
CVE-2017-11747 (main.c in Tinyproxy 1.8.4 and earlier creates a ...)
	- tinyproxy <unfixed> (bug #870307)
	[stretch] - tinyproxy <no-dsa> (Minor issue)
	[jessie] - tinyproxy <no-dsa> (Minor issue)
	[wheezy] - tinyproxy <no-dsa> (Minor issue)
	NOTE: https://github.com/tinyproxy/tinyproxy/issues/106
CVE-2017-11746 (Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a ...)
	{DLA-1069-1}
	- tenshi <unfixed> (unimportant; bug #871321)
	NOTE: https://github.com/inversepath/tenshi/issues/6
	NOTE: https://github.com/inversepath/tenshi/commit/d0e7f28c13ffbd5888b31d6532c2faf78f10f176
	NOTE: Negligable security impact
CVE-2017-11745
	RESERVED
CVE-2017-11744 (In MODX Revolution 2.5.7, the &quot;key&quot; and &quot;name&quot; parameters in the System ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-11743 (MEDHOST Connex contains a hard-coded Mirth Connect admin credential ...)
	NOT-FOR-US: MEDHOST Connex
CVE-2017-11742 (The writeRandomBytes_RtlGenRandom function in xmlparse.c in libexpat in ...)
	- expat <not-affected> (Windows specfic issue)
CVE-2017-11741 (HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-11740
	RESERVED
CVE-2017-11739
	RESERVED
CVE-2017-11738
	RESERVED
CVE-2017-11737 (interface/js/app/history.js in WebUI in Rspamd before 1.6.3 allows XSS ...)
	- rspamd <removed>
	[jessie] - rspamd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/vstakhov/rspamd/issues/1738
CVE-2017-11736 (SQL injection vulnerability in ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-11735
	REJECTED
CVE-2017-11734 (A heap-based buffer over-read was found in the function ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/83
CVE-2017-11733 (A null pointer dereference vulnerability was found in the function ...)
	{DLA-1176-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/78
CVE-2017-11732 (A heap-based buffer overflow vulnerability was found in the function ...)
	{DLA-1240-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/80
CVE-2017-11731 (An invalid memory read vulnerability was found in the function OpCode ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/84
CVE-2017-11730 (A heap-based buffer over-read was found in the function OpCode (called ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/81
CVE-2017-11729 (A heap-based buffer over-read was found in the function OpCode (called ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/79
CVE-2017-11728 (A heap-based buffer over-read was found in the function OpCode (called ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/82
CVE-2017-11727 (services/system_io/actionprocessor/Contact.rails in ConnectWise Manage ...)
	NOT-FOR-US: ConnectWise Manage
CVE-2017-11726 (services/system_io/actionprocessor/System.rails in ConnectWise Manage ...)
	NOT-FOR-US: ConnectWise Manage
CVE-2017-11725 (The share function in Thycotic Secret Server before 10.2.000019 ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2017-11723 (Directory traversal vulnerability in plugins/ImageManager/backend.php ...)
	NOT-FOR-US: Xinha
CVE-2017-11724 (The ReadMATImage function in coders/mat.c in ImageMagick through ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870023)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/624
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5163756a1f829a561912dfdb74a0dae41d8ed8cf
CVE-2017-12670 (In ImageMagick 7.0.6-3, missing validation was found in coders/mat.c, ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870020)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/610
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ab440f9ea11e0dbefb7a808cbb9441198758b0cb
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/75db34b6a4d642cb6f88c792942de27490c900e0
CVE-2017-13658 (In ImageMagick before 6.9.9-3 and 7.x before 7.0.6-3, there is a ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #870019)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/598
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e5c063a1007506ba69e97a35effcdef944421c89
CVE-2017-12434 (In ImageMagick 7.0.6-1, a missing NULL check vulnerability was found in ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (bug #870014)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/547
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6767f31cac3eacdc9dc41b3193a73bdd37610375
CVE-2017-13143 (In ImageMagick before 6.9.7-6 and 7.x before 7.0.4-6, the ReadMATImage ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (bug #870012)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/362
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/51b0ae01709adc1e4a9245e158ef17b85a110960
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f86268752ffc70e40b6e1afdebfc96dcc29452db
CVE-2017-11722 (The WriteOnePNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
	- graphicsmagick 1.3.26-4 (bug #870158)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f423ba88ca4e
CVE-2017-11721 (Buffer overflow in ioquake3 before 2017-08-02 allows remote attackers ...)
	{DSA-3948-1 DSA-3941-1}
	- ioquake3 1.36+u20170803+dfsg1-1 (bug #870725)
	[wheezy] - ioquake3 <end-of-life> (games are not supported in Wheezy)
	NOTE: https://github.com/ioquake/ioq3/commit/d2b1d124d4055c2fcbe5126863487c52fd58cca1
	- iortcw 1.51+dfsg1-3 (bug #870811)
	NOTE: https://github.com/iortcw/iortcw/commit/260c39a29af517a08b3ee1a0e78ad654bdd70934
	NOTE: Also affects openjk (only in experimental; fixed in 0~20170718+dfsg1-2
CVE-2017-11720 (There is a division-by-zero vulnerability in LAME 3.99.5, caused by a ...)
	- lame 3.99.5+repack1-6 (low; bug #870809; bug #777159)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: https://sourceforge.net/p/lame/bugs/460/
	NOTE: Duplicate/same as: https://blogs.gentoo.org/ago/2017/06/17/lame-divide-by-zero-in-parse_wave_header-get_audio-c/
CVE-2017-11719 (The dnxhd_decode_header function in libavcodec/dnxhddec.c in FFmpeg ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/296debd213bd6dce7647cedd34eb64e5b94cdc92
	NOTE: Fixed in 3.2.7
CVE-2017-11718 (There is URL Redirector Abuse in MetInfo through 5.3.17 via the gourl ...)
	NOT-FOR-US: MetInfo
CVE-2017-11717 (MetInfo through 5.3.17 accepts the same CAPTCHA response for 120 ...)
	NOT-FOR-US: MetInfo
CVE-2017-11716 (MetInfo through 5.3.17 allows stored XSS via HTML Edit Mode. ...)
	NOT-FOR-US: MetInfo
CVE-2017-11715 (job/uploadfile_save.php in MetInfo through 5.3.17 blocks the .php ...)
	NOT-FOR-US: MetInfo
CVE-2017-11714 (psi/ztoken.c in Artifex Ghostscript 9.21 mishandles references to the ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869977)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698158
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=671fd59eb657743aa86fbc1895cb15872a317caa (ghostpdl-9.22rc1)
CVE-2017-11713
	RESERVED
CVE-2017-11712
	RESERVED
CVE-2017-11711
	RESERVED
CVE-2017-11710
	RESERVED
CVE-2017-11709
	RESERVED
CVE-2017-11708
	RESERVED
CVE-2017-11707
	RESERVED
CVE-2017-11706 (The Boozt Fashion application before 2.3.4 for Android allows remote ...)
	NOT-FOR-US: Boozt Fashion application
CVE-2017-11705 (A memory leak was found in the function parseSWF_SHAPEWITHSTYLE in ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/71
CVE-2017-11704 (A heap-based buffer over-read was found in the function decompileIF in ...)
	{DLA-1133-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/76
CVE-2017-11703 (A memory leak vulnerability was found in the function parseSWF_DOACTION ...)
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/72
CVE-2017-11702
	RESERVED
CVE-2017-11701
	RESERVED
CVE-2017-11700
	RESERVED
CVE-2017-11699
	RESERVED
CVE-2017-11698 (Heap-based buffer overflow in the __get_page function in ...)
	- nss <unfixed> (bug #873259; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360779
CVE-2017-11697 (The __hash_open function in hash.c:229 in Mozilla Network Security ...)
	- nss <unfixed> (bug #873258; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360900
CVE-2017-11696 (Heap-based buffer overflow in the __hash_open function in ...)
	- nss <unfixed> (bug #873257; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360778
CVE-2017-11695 (Heap-based buffer overflow in the alloc_segs function in ...)
	- nss <unfixed> (bug #873256; unimportant)
	NOTE: Issues triggered by crafted DBM databases, which would
	NOTE: require local user access to a machine running NSS and
	NOTE: crafting the local DBM files.
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/17
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1360782
CVE-2017-11694 (MEDHOST Document Management System contains hard-coded credentials that ...)
	NOT-FOR-US: MEDHOST Document Management System
CVE-2017-11693 (MEDHOST Document Management System contains hard-coded credentials that ...)
	NOT-FOR-US: MEDHOST Document Management System
CVE-2017-11692 (The function &quot;Token&amp; Scanner::peek&quot; in scanner.cpp in yaml-cpp 0.5.3 ...)
	- yaml-cpp <unfixed> (bug #870326)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <no-dsa> (Minor issue)
	[wheezy] - yaml-cpp <no-dsa> (Minor issue)
	- yaml-cpp0.3 <unfixed> (bug #870327)
	[stretch] - yaml-cpp0.3 <no-dsa>  (Minor issue)
	[jessie] - yaml-cpp0.3 <no-dsa>  (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/519
CVE-2016-10402 (Avira Antivirus engine versions before 8.3.36.60 allow remote code ...)
	NOT-FOR-US: Avira
CVE-2017-11690
	RESERVED
CVE-2017-11689
	RESERVED
CVE-2017-11688
	RESERVED
CVE-2017-11687 (Multiple Persistent cross-site scripting (XSS) vulnerabilities in Event ...)
	NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11686 (Zoho ManageEngine Event Log Analyzer 11.4 and 11.5 allows remote ...)
	NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11685 (Multiple Reflective cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Zoho ManageEngine Event Log Analyzer
CVE-2017-11684 (There is an illegal address access in the build_table function in ...)
	- libav <removed>
	- ffmpeg 7:2.3.1-1
CVE-2017-11683 (There is a reachable assertion in the ...)
	{DLA-1147-1}
	- exiv2 <unfixed> (low)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: http://dev.exiv2.org/issues/1307
	NOTE: https://github.com/Exiv2/exiv2/issues/57
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475124
	NOTE: Problematic assert() exists in all versions in Debian.
CVE-2017-11682 (Stored Cross-site scripting vulnerability in Hashtopussy 0.4.0 allows ...)
	NOT-FOR-US: Hashtopussy
CVE-2017-11681 (Incorrect Access Control vulnerability in Hashtopussy 0.4.0 allows ...)
	NOT-FOR-US: Hashtopussy
CVE-2017-11680 (Cross-Site Request Forgery (CSRF) exists in Hashtopussy 0.4.0, allowing ...)
	NOT-FOR-US: Hashtopussy
CVE-2017-11679 (Cross-Site Request Forgery (CSRF) exists in Hashtopus 1.5g via the ...)
	NOT-FOR-US: Hashtopus
CVE-2017-11678 (SQL injection vulnerability in Hashtopus 1.5g allows remote ...)
	NOT-FOR-US: Hashtopus
CVE-2017-11677 (Cross-site scripting (XSS) vulnerability in Hashtopus 1.5g allows ...)
	NOT-FOR-US: Hashtopus
CVE-2017-11676
	RESERVED
CVE-2017-11675 (The traverseStrictSanitize function in ...)
	NOT-FOR-US: ZenCart
CVE-2017-11674 (Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Acunetix
CVE-2017-11673 (Reporter.exe in Acunetix 8 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Acunetix
CVE-2017-11672
	RESERVED
CVE-2017-11671 (Under certain circumstances, the ix86_expand_builtin function in i386.c ...)
	- gcc-6 6.3.0-12
	- gcc-5 5.4.1-10
	- gcc-4.9 <removed>
	[jessie] - gcc-4.9 <no-dsa> (Minor issue)
	- gcc-4.8 <removed>
	[jessie] - gcc-4.8 <no-dsa> (Minor issue)
	- gcc-4.7 <removed>
	[wheezy] - gcc-4.7 <no-dsa> (Minor issue)
	- gcc-4.6 <removed>
	[wheezy] - gcc-4.6 <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2017/07/27/2
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=80180
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2017-03/msg01349.html
CVE-2017-11670 (A length validation (leading to out-of-bounds read and write) flaw was ...)
	NOT-FOR-US: eapmd5pass
CVE-2017-11669 (An out-of-bounds read flaw related to the assess_packet function in ...)
	NOT-FOR-US: eapmd5pass
CVE-2017-11668 (An out-of-bounds read flaw related to the assess_packet function in ...)
	NOT-FOR-US: eapmd5pass
CVE-2017-13145 (In ImageMagick before 6.9.8-8 and 7.x before 7.0.5-9, the ReadJP2Image ...)
	{DSA-4019-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869830)
	[jessie] - imagemagick <ignored> (Minor issue)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/501
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/acee073df34aa4d491bf5cb74d3a15fc80f0a3aa
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ac23b02ecb741e5de60f5235ea443790c88a0b80
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b0c5222ce31e8f941fa02ff9c7a040fb2db30dbc
CVE-2017-11691 (Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti ...)
	- cacti 1.1.15+ds1-1 (bug #869848)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later with addition of user profile management page for users)
	NOTE: https://github.com/Cacti/cacti/issues/867
	NOTE: /for/fohttps://github.com/Cacti/cacti/commit/104090aeead4aa433bf1f18cd6d52dcfeb71236c
CVE-2017-11667 (OpenProject before 6.1.6 and 7.x before 7.0.3 mishandles session ...)
	NOT-FOR-US: OpenProject
CVE-2017-11666 (Cross-site scripting (XSS) vulnerability in js/ViewerPanel.js in the ...)
	NOT-FOR-US: Kopano
CVE-2017-11665 (The ff_amf_get_field_value function in libavformat/rtmppkt.c in FFmpeg ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ffcc82219cef0928bed2d558b19ef6ea35634130
	NOTE: Fixed in 3.2.7
CVE-2017-11664 (The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11663 (The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11662 (The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11661 (The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI ...)
	- wildmidi 0.4.2-1 (low; bug #871616)
	[stretch] - wildmidi <no-dsa> (Minor issue)
	[jessie] - wildmidi <not-affected> (vulnerable code not present)
	[wheezy] - wildmidi <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2017/Aug/12
	NOTE: https://github.com/Mindwerks/wildmidi/commit/660b513d99bced8783a4a5984ac2f742c74ebbdd
CVE-2017-11660
	RESERVED
CVE-2017-11659
	RESERVED
CVE-2017-11658 (In the WP Rocket plugin 2.9.3 for WordPress, the Local File Inclusion ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-11657 (Dashlane might allow local users to gain privileges by placing a Trojan ...)
	NOT-FOR-US: Dashlane
CVE-2017-11656
	RESERVED
CVE-2017-11655 (A memory leak was found in the way SIPcrack 0.2 handled processing of ...)
	- sipcrack <unfixed> (unimportant; bug #869803)
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
	NOTE: Negligable security impact
CVE-2017-11654 (An out-of-bounds read and write flaw was found in the way SIPcrack 0.2 ...)
	- sipcrack <unfixed> (unimportant; bug #869803)
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/26/1
	NOTE: Negligable security impact
CVE-2017-11653 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-11652 (Razer Synapse 2.20.15.1104 and earlier uses weak permissions for the ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-11651 (NexusPHP V1.5 has XSS via a javascript: or data: URL in a UBBCode url ...)
	NOT-FOR-US: NexusPHP
CVE-2017-11650 (Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C ...)
	NOT-FOR-US: DrayTek
CVE-2017-11649 (Cross-site request forgery (CSRF) vulnerability in DrayTek Vigor ...)
	NOT-FOR-US: DrayTek
CVE-2017-11648 (Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices do ...)
	NOT-FOR-US: Techroutes TR 1803-3G Wireless Cellular Router/Modem 2.4.25 devices
CVE-2017-11647 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
	NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11646 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
	NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11645 (NetComm Wireless 4GT101W routers with Hardware: 0.01 / Software: ...)
	NOT-FOR-US: NetComm Wireless 4GT101W routers
CVE-2017-11644 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (unimportant; bug #870016)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/587
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a6802e21d824e786d1e2a8440cf749a6e1a8d95f
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/418f88dd18af34b6cb64f709567c81b89865d7bc
CVE-2017-11643 (GraphicsMagick 1.3.26 has a heap overflow in the WriteCMYKImage() ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870157)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d00b74315a71
CVE-2017-11642 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870156)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11641 (GraphicsMagick 1.3.26 has a Memory Leak in the PersistCache function in ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870155)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/db732abd9318
CVE-2017-11640 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870067)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/584
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1b811f7e7dad92b2992939f854201370a7d8084a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fcd0feb93b51b9363176097ee5f360c62687d86
CVE-2017-11639 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (bug #870065)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/588
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/65b7c57502bb2b6d22f607383e87cc3eaed94014
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8ec8ca4c61b1199b727cf52e440f3db79a5b0d0a
CVE-2017-11638 (GraphicsMagick 1.3.26 has a segmentation violation in the ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870154)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/29550606d8b9
CVE-2017-11637 (GraphicsMagick 1.3.26 has a NULL pointer dereference in the ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870153)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f3ffc5541257
CVE-2017-11636 (GraphicsMagick 1.3.26 has a heap overflow in the WriteRGBImage() ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-4 (bug #870149)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/39961adf974c
CVE-2017-11635 (An issue was discovered on Wireless IP Camera 360 devices. Attackers ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11634 (An issue was discovered on Wireless IP Camera 360 devices. Remote ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11633 (An issue was discovered on Wireless IP Camera 360 devices. Remote ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11632 (An issue was discovered on Wireless IP Camera 360 devices. A root ...)
	NOT-FOR-US: Wireless IP Camera 360 devices
CVE-2017-11631 (dapur/app/app_user/controller/status.php in Fiyo CMS 2.0.7 has SQL ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11630 (dapur\apps\app_config\controller\backuper.php in Fiyo CMS 2.0.7 allows ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11629 (dayrui FineCms through 5.0.10 has Cross Site Scripting (XSS) in ...)
	NOT-FOR-US: FineCMS
CVE-2017-11628 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, a ...)
	{DSA-4081-1 DSA-4080-1 DLA-1066-1}
	- php7.1 7.1.8-1 (low)
	- php7.0 7.0.22-1 (low)
	- php5 <removed> (low)
	NOTE: https://bugs.php.net/bug.php?id=74603
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: Fixed by https://git.php.net/?p=php-src.git;a=commit;h=05255749139b3686c8a6a58ee01131ac0047465e
CVE-2017-11627 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/118
CVE-2017-11626 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/119
CVE-2017-11625 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/120
CVE-2017-11624 (A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #871320)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: https://github.com/qpdf/qpdf/issues/117
CVE-2017-11623
	RESERVED
CVE-2017-11622
	RESERVED
CVE-2017-11621
	RESERVED
CVE-2017-11620
	RESERVED
CVE-2017-11619
	RESERVED
CVE-2017-XXXX [out-of-bounds read in eexec_line()]
	- t1utils 1.40-1 (bug #868134; unimportant)
	[jessie] - t1utils <not-affected> (Vulnerable code introduced in 1.39)
	[wheezy] - t1utils <not-affected> (Vulnerable code introduced in 1.39)
	NOTE: Crash in CLI tool, no security impact
	NOTE: https://github.com/kohler/t1utils/issues/6
CVE-2017-13144 (In ImageMagick before 6.9.7-10, there is a crash (rather than a &quot;width ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869728)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31438
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b580ad0564aefd9beeccbcbb8d62ccd05795a84
CVE-2017-12430 (In ImageMagick 7.0.6-1, a memory exhaustion vulnerability was found in ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869727)
	[stretch] - imagemagick <ignored> (Minor issue)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/546
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/98e5d0001cda195da0e8ea7650ab85c6f8333ff5
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/8d537f6d778675e08ef9d238606d05101bf471b9
CVE-2017-XXXX [memory leak in quantize]
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869722)
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u16
	NOTE: Workaround entry for DLA-1081-1 since no CVE assigned
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b604a554dfb6630fe32e739334fa57341dc6123
CVE-2017-12664 (ImageMagick 7.0.6-2 has a memory leak vulnerability in WritePALMImage ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869721)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/574
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/db1ffb6cf44bcfe5c4d5fcf9d9109ded5617387f
CVE-2017-12431 (In ImageMagick 7.0.6-1, a use-after-free vulnerability was found in the ...)
	{DSA-4040-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869715)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/555
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/784fcac688161aeaea221e00b706c88b08196945
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/5660836f9197107e9c38f14f27a45c2d9f26afe2
CVE-2017-12428 (In ImageMagick 7.0.6-1, a memory leak vulnerability was found in the ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869713)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/544
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b2b48d50300a9fbcd0aa0d9230fd6d7a08f7671e
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/f37d26336bf13737db45e556c25fc098f8a8b277
CVE-2017-11618
	RESERVED
CVE-2017-11617 (Cross-site scripting (XSS) vulnerability in atmail prior to version ...)
	- atmailopen <removed>
CVE-2017-11616
	RESERVED
CVE-2017-11615 (A sandbox escape in the Lua interface in Wube Factorio before 0.15.31 ...)
	NOT-FOR-US: Wube Factorio
CVE-2017-11614 (MEDHOST Connex contains hard-coded credentials that are used for ...)
	NOT-FOR-US: MEDHOST Connex
CVE-2017-11613 (In LibTIFF 4.0.8, there is a denial of service vulnerability in the ...)
	- tiff 4.0.9-5 (low; bug #869823)
	[stretch] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[jessie] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	[wheezy] - tiff <postponed> (Minor issue, revisit once fixed upstream)
	- tiff3 <removed>
	[wheezy] - tiff3 <postponed> (Minor issue, revisit once fixed upstream)
	NOTE: https://gist.github.com/dazhouzhou/1a3b7400547f23fe316db303ab9b604f
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2724
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1475530
	NOTE: Upstream fix 1/2: https://gitlab.com/libtiff/libtiff/commit/3719385a3fac5cfb20b487619a5f08abbf967cf8
	NOTE: Upstream fix 2/2: https://gitlab.com/libtiff/libtiff/commit/7a092f8af2568d61993a8cc2e7a35a998d7d37be
CVE-2017-11612 (In Joomla! before 3.7.4, inadequate filtering of potentially malicious ...)
	NOT-FOR-US: Joomla!
CVE-2016-10401 (ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it ...)
	NOT-FOR-US: ZyXEL
CVE-2017-11611 (Wolf CMS 0.8.3.1 allows Cross-Site Scripting (XSS) attacks. The ...)
	NOT-FOR-US: Wolf CMS
CVE-2017-11610 (The XML-RPC server in supervisor before 3.0.1, 3.1.x before 3.1.4, ...)
	{DSA-3942-1 DLA-1047-1}
	- supervisor 3.3.1-1.1 (bug #870187)
	NOTE: https://github.com/Supervisor/supervisor/issues/964
	NOTE: 3.3.3 https://github.com/Supervisor/supervisor/commit/058f46141e346b18dee0497ba11203cb81ecb19e
	NOTE: 3.2.4 https://github.com/Supervisor/supervisor/commit/aac3c21893cab7361f5c35c8e20341b298f6462e
	NOTE: 3.1.4 https://github.com/Supervisor/supervisor/commit/dbe0f55871a122eac75760aef511efc3a8830b88
	NOTE: 3.0.1 https://github.com/Supervisor/supervisor/commit/83060f3383ebd26add094398174f1de34cf7b7f0
CVE-2017-11609
	RESERVED
CVE-2017-11608 (There is a heap-based buffer over-read in the ...)
	- libsass <unfixed> (bug #870186)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474276
CVE-2017-11607
	RESERVED
CVE-2017-11606
	RESERVED
CVE-2017-11605 (There is a heap based buffer over-read in LibSass 3.4.5, related to ...)
	- libsass <unfixed> (bug #870184)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1474019
CVE-2017-11604
	RESERVED
CVE-2017-11603
	RESERVED
CVE-2017-11602
	RESERVED
CVE-2017-11601
	RESERVED
CVE-2017-11600 (net/xfrm/xfrm_policy.c in the Linux kernel through 4.12.3, when ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: http://seclists.org/bugtraq/2017/Jul/30
CVE-2017-11599
	RESERVED
CVE-2017-11598
	RESERVED
CVE-2017-11597
	RESERVED
CVE-2017-11596
	RESERVED
CVE-2017-11595
	RESERVED
CVE-2017-11594 (Cross-site scripting (XSS) vulnerability in the Markdown parser in ...)
	- loomio <itp> (bug #756319)
CVE-2017-11593 (Cross-site scripting (XSS) vulnerability in the Markdown Preview Plus ...)
	NOT-FOR-US: Chrome extension Markdown Preview Plus
CVE-2017-11592 (There is a Mismatched Memory Management Routines vulnerability in the ...)
	[experimental] - exiv2 <unfixed> (bug #895568)
	- exiv2 <not-affected> (printTiffStructure introduced in 0.26)
	NOTE: https://github.com/Exiv2/exiv2/issues/56
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473889
	NOTE: Not reproducible in wheezy/jessie/stretch/sid(0.25-3.1).
	NOTE: Reproducible in experimental with version 0.26-1.
CVE-2017-11591 (There is a Floating point exception in the Exiv2::ValueType function in ...)
	{DLA-1147-1}
	- exiv2 <unfixed> (low; bug #876893)
	[stretch] - exiv2 <ignored> (Minor issue)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: https://github.com/Exiv2/exiv2/issues/55
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473888
	NOTE: Reproducible in wheezy/jessie/stretch/sid(0.25-3.1)/experimental(0.26-1).
CVE-2017-11590 (There is a NULL pointer dereference in the caseless_hash function in ...)
	{DLA-1054-1}
	- libgxps 0.3.0-1 (low; bug #870183)
	[stretch] - libgxps <no-dsa> (Minor issue)
	[jessie] - libgxps <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473167
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785479
	NOTE: Fixed by: https://git.gnome.org/browse/libgxps/commit/?id=9d5d2920
CVE-2017-11589 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
	NOT-FOR-US: Cisco
CVE-2017-11588 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
	NOT-FOR-US: Cisco
CVE-2017-11587 (On Cisco DDR2200 ADSL2+ Residential Gateway ...)
	NOT-FOR-US: Cisco
CVE-2017-11586 (dayrui FineCms 5.0.9 has URL Redirector Abuse via the url parameter in ...)
	NOT-FOR-US: FineCms
CVE-2017-11585 (dayrui FineCms 5.0.9 has remote PHP code execution via the param ...)
	NOT-FOR-US: FineCms
CVE-2017-11584 (dayrui FineCms 5.0.9 has SQL Injection via the field parameter in an ...)
	NOT-FOR-US: FineCms
CVE-2017-11583 (dayrui FineCms 5.0.9 has SQL Injection via the catid parameter in an ...)
	NOT-FOR-US: FineCms
CVE-2017-11582 (dayrui FineCms 5.0.9 has SQL Injection via the num parameter in an ...)
	NOT-FOR-US: FineCms
CVE-2017-11581 (dayrui FineCms 5.0.9 has Cross Site Scripting (XSS) in admin/Login.php ...)
	NOT-FOR-US: FineCms
CVE-2017-11580
	RESERVED
CVE-2017-11579
	RESERVED
CVE-2017-11578
	RESERVED
CVE-2017-11577 (FontForge 20161012 is vulnerable to a buffer over-read in getsid ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3088
	NOTE: https://github.com/fontforge/fontforge/commit/3245d354865def9d712bdffe61fa211ad6aa4081
CVE-2017-11576 (FontForge 20161012 does not ensure a positive size in a weight vector ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3091
	NOTE: https://github.com/fontforge/fontforge/commit/df349365630344ef3004a3c7934c7e7496692fb1
CVE-2017-11575 (FontForge 20161012 is vulnerable to a buffer over-read in strnmatch ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3096
	NOTE: https://github.com/fontforge/fontforge/commit/4de0c58a01e5e30610c200e9aea98bc7db12c7ac
CVE-2017-11574 (FontForge 20161012 is vulnerable to a heap-based buffer overflow in ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3090
	NOTE: https://github.com/fontforge/fontforge/commit/62b6433a81ee7ed6e0ac2d6b09ac85b885046ac3
CVE-2017-11573 (FontForge 20161012 is vulnerable to a buffer over-read in ...)
	- fontforge <unfixed> (low; bug #873588)
	[stretch] - fontforge <no-dsa> (Minor issue)
	[jessie] - fontforge <no-dsa> (Minor issue)
	[wheezy] - fontforge <no-dsa> (Minor issue)
	NOTE: https://github.com/fontforge/fontforge/issues/3098
CVE-2017-11572 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3092
CVE-2017-11571 (FontForge 20161012 is vulnerable to a stack-based buffer overflow in ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3087
	NOTE: https://github.com/fontforge/fontforge/commit/5a0c6522682b0788fc478dd159dd6168cb5fa38b
CVE-2017-11570 (FontForge 20161012 is vulnerable to a buffer over-read in umodenc ...)
	- fontforge <unfixed> (low; bug #873587)
	[stretch] - fontforge <no-dsa> (Minor issue)
	[jessie] - fontforge <no-dsa> (Minor issue)
	[wheezy] - fontforge <no-dsa> (Minor issue)
	NOTE: https://github.com/fontforge/fontforge/issues/3097
CVE-2017-11569 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3093
	NOTE: https://github.com/fontforge/fontforge/commit/7bfec47910293bf149b8debe44c6f3f788506092
CVE-2017-11568 (FontForge 20161012 is vulnerable to a heap-based buffer over-read in ...)
	{DSA-3958-1 DLA-1065-1}
	- fontforge 1:20170731~dfsg-1 (bug #869614)
	NOTE: https://github.com/fontforge/fontforge/issues/3089
CVE-2017-11567 (Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server ...)
	NOT-FOR-US: Mongoose
CVE-2017-11566 (AppUse 4.0 allows shell command injection via a proxy field. ...)
	NOT-FOR-US: AppUse
CVE-2017-1002151 (Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due ...)
	- pagure <itp> (bug #829046)
	NOTE: https://pagure.io/pagure/pull-request/2426
CVE-2017-11564
	RESERVED
CVE-2017-11563
	RESERVED
CVE-2017-11562 (A Session Fixation Vulnerability exists in the MT4 Networks ...)
	NOT-FOR-US: MT4 SenhaSegura
CVE-2017-11561
	RESERVED
CVE-2017-11560
	RESERVED
CVE-2017-11559
	RESERVED
CVE-2017-11558
	RESERVED
CVE-2017-11557
	RESERVED
CVE-2017-11556 (There is a stack consumption vulnerability in the ...)
	- libsass <unfixed> (bug #870182)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2447
CVE-2017-11555 (There is an illegal address access in the Eval::operator function in ...)
	- libsass <unfixed> (bug #870182)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2446
CVE-2017-11554 (There is a stack consumption vulnerability in the lex function in ...)
	- libsass <unfixed> (bug #870182)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://github.com/sass/libsass/issues/2445
CVE-2017-11553 (There is an illegal address access in the extend_alias_table function ...)
	[experimental] - exiv2 <unfixed> (low; bug #888874)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/54
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1471772
	NOTE: Not reproducible in wheezy/jessie/stretch.
	NOTE: Reproducible with 0.26-1 (experimental).
CVE-2017-11552 (mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use ...)
	- mpg321 <unfixed> (bug #870406)
	[stretch] - mpg321 <no-dsa> (Minor issue)
	[jessie] - mpg321 <no-dsa> (Minor issue)
	[wheezy] - mpg321 <no-dsa> (Minor issue)
	NOTE: CVE was originally assigned for libmad, but further analysis has shown
	NOTE: that the underlying issue is in src:mpg321
	NOTE: Cf. https://bugs.debian.org/870406#25 for more Details.
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/94
CVE-2017-11551 (The id3_field_parse function in field.c in libid3tag 0.15.1b allows ...)
	- libid3tag 0.15.1b-5 (bug #870333)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/85
	NOTE: Same issue as #304913
CVE-2017-11550 (The id3_ucs4_length function in ucs4.c in libid3tag 0.15.1b allows ...)
	- libid3tag 0.15.1b-9 (bug #405801)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/85
	NOTE: Addressed by the 11_unknown_encoding.dpatch patch
CVE-2017-11549 (The play_midi function in playmidi.c in TiMidity++ 2.14.0 allows remote ...)
	- timidity <unfixed> (unimportant; bug #870338)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/83
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11548 (The _tokenize_matrix function in audio_out.c in Xiph.Org libao 1.2.0 ...)
	- libao <unfixed> (low; bug #870608)
	[stretch] - libao <no-dsa> (Minor issue)
	[jessie] - libao <no-dsa> (Minor issue)
	[wheezy] - libao <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/84
CVE-2017-11547 (The resample_gauss function in resample.c in TiMidity++ 2.14.0 allows ...)
	- timidity <unfixed> (unimportant; bug #870338)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/83
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11546 (The insert_note_steps function in readmidi.c in TiMidity++ 2.14.0 ...)
	- timidity <unfixed> (unimportant; bug #870338)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/83
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11545
	REJECTED
CVE-2017-11544
	REJECTED
CVE-2017-11543 (tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-3 (bug #873806)
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/7039327875525278d17edee59720e29a3e76b7b3
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/global-overflow/print-sl
CVE-2017-11542 (tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-3 (bug #873805)
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/bed48062a64fca524156d7684af19f5b4a116fae
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/print-pim
CVE-2017-11541 (tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-3 (bug #873804)
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/21d702a136c5c16882e368af7c173df728242280
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/tcpdump-vul/heap-buffer-overflow/util-print
CVE-2017-11540 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	- imagemagick <not-affected> (Only affects ImageMagick-7 series)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/581
CVE-2017-11539 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-15 (unimportant; bug #870120)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/582
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/4e81160d66f02bf7b4f569669ca7dd80d416ba6e
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/36aad912d1f405a28a9a1204120b569e7da5898e
CVE-2017-11538 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	- imagemagick <not-affected> (Vulnerable code introduced later, cf bug #870110)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/569
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0a80c9e5f293a8de51011ac784ac52b96932c08f
	NOTE: Introduced after: https://github.com/ImageMagick/ImageMagick/commit/0bf18387ae1336475631284854b664d0e2d89697
CVE-2017-11537 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #869712)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/560
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bbc1b96f0d9371df675fdf7b8fc9bd4a42ae9cd
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/bac384563f557d1ac7413d2eaec00dd59c3cc29b
CVE-2017-11536 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869831)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/567
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/167e1538ae9818d46c9462a4273082871e35a480
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/dba1ccfbcdf61c0eb599c7c308b42ed46dc92be6
CVE-2017-11535 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869827)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/561
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8647f11ddfd6f85a6cc39654c7e78c2bc6412e4
	NOTE: Imagemagick-6: https://github.com/ImageMagick/ImageMagick/commit/bba95cfcc19fa8a261e12692f31279148ad42441
CVE-2017-11534 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869711)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/564
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3f21b17f06eacb40dab08738e0abf68fb0d58c90
CVE-2017-11533 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DSA-4204-1 DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (bug #869834)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/562
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f0c29cc251578fe0ad8ec7b72f2487a77a1696b8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/ed1fd69231ab21dc540167c63bc3b0fa3282ec59
CVE-2017-11532 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869726)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/563
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/d60d705cddac7fa5d0e6596c183bbb9b46a57161
CVE-2017-11531 (When ImageMagick 7.0.6-1 processes a crafted file in convert, it can ...)
	{DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (unimportant; bug #869725)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/566
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/c81594c6ee93581b97e8f8c743200b1366d83989
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1885ab1231e82f90d3f0e839555ee3e1a441bbf8
CVE-2017-11521 (The SdpContents::Session::Medium::parse function in ...)
	{DLA-1040-1}
	- resiprocate <unfixed> (low; bug #869404)
	[stretch] - resiprocate <no-dsa> (Minor issue)
	[jessie] - resiprocate <no-dsa> (Minor issue)
	NOTE: https://github.com/resiprocate/resiprocate/pull/88
	NOTE: https://github.com/resiprocate/resiprocate/pull/88/commits/4b8ffa5afd3291a2701f8d39c31ada443f79a5c8
CVE-2016-10400 (Directory Traversal exists in ATutor before 2.2.2 via the icon ...)
	NOT-FOR-US: ATutor
CVE-2017-11520
	RESERVED
CVE-2017-11519 (passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an ...)
	NOT-FOR-US: TP-Link
CVE-2016-10399 (Sendio versions before 8.2.1 were affected by a Local File Inclusion ...)
	NOT-FOR-US: Sendio
CVE-2017-11518
	RESERVED
CVE-2017-11517 (Stack-based buffer overflow in GCoreServer.exe in the server in ...)
	NOT-FOR-US: Geutebrueck Gcore
CVE-2017-11516 (An XSS vulnerability exists in ...)
	NOT-FOR-US: Yii Framework
CVE-2017-11515
	RESERVED
CVE-2017-11514
	RESERVED
CVE-2017-11513
	RESERVED
CVE-2017-11512 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...)
	NOT-FOR-US: ManageEngine ServiceDesk
CVE-2017-11511 (The ManageEngine ServiceDesk 9.3.9328 is vulnerable to arbitrary file ...)
	NOT-FOR-US: ManageEngine ServiceDesk
CVE-2017-11510 (An information leak exists in Wanscam's HW0021 network camera that ...)
	NOT-FOR-US: Wanscam's HW0021 network camera
CVE-2017-11509 (An authenticated remote attacker can execute arbitrary code in ...)
	{DLA-1374-1}
	- firebird3.0 3.0.3.32900.ds4-3
	[stretch] - firebird3.0 <postponed> (Minor issue, can be fixed along in a future update)
	- firebird2.5 <removed>
	[jessie] - firebird2.5 <no-dsa> (Minor issue, can be fixed along in a future update)
	NOTE: https://www.tenable.com/security/research/tra-2017-36
	NOTE: Firebird upstream responded to Tenable the issue is not intended to be addressed
	NOTE: in "any current release".
	NOTE: Issue adressed by disabling UDFs in firebird.conf, this is not a source code fix,
	NOTE: and might actually be considered more justof a mitigation.
	NOTE: Steps to reproduce (partly) in: https://lists.debian.org/874lk9wyz5.fsf@curie.anarc.at
CVE-2017-11508 (SecurityCenter versions 5.5.0, 5.5.1 and 5.5.2 contain a SQL Injection ...)
	NOT-FOR-US: SecurityCenter
CVE-2017-11507 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
	- check-mk 1.2.8p26-1
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=7661
	NOTE: https://www.tenable.com/security/research/tra-2017-20
CVE-2017-11506 (When linking a Nessus scanner or agent to Tenable.io or other manager, ...)
	NOT-FOR-US: Nessus
CVE-2017-11565 (debian/tor.init in the Debian tor_0.2.9.11-1~deb9u1 package for Tor was ...)
	- tor 0.3.1.7-1 (bug #869153)
	[stretch] - tor <no-dsa> (Minor issue)
	[jessie] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)
	[wheezy] - tor <not-affected> (aa-exec in jessie is located in /usr/sbin/)
	NOTE: https://twitter.com/pissquark/status/888142796414226432
CVE-2017-11523 (The ReadTXTImage function in coders/txt.c in ImageMagick through ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-14 (low; bug #869210)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/591
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/83e0f8ffd7eeb7661b0ff83257da23d24ca7f078
	NOTE: Fixed by (ImageMagick-6): https://github.com/ImageMagick/ImageMagick/commit/a8f9c2aabed37cd6a728532d1aed13ae0f3dfd78
CVE-2017-11522 (The WriteOnePNGImage function in coders/png.c in ImageMagick through ...)
	- imagemagick <not-affected> (bug #869209; vulnerable code not present, ImageMagick-7 issue only)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/586
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/816ecab6c532ae086ff4186b3eaf4aa7092d536f
CVE-2017-11504
	RESERVED
CVE-2017-11503 (PHPMailer 5.2.23 has XSS in the &quot;From Email Address&quot; and &quot;To Email ...)
	- libphp-phpmailer <unfixed> (unimportant)
	NOTE: code_generator.phps installed to examples
CVE-2017-11502 (Technicolor DPC3928AD DOCSIS devices allow remote attackers to read ...)
	NOT-FOR-US: Technicolor
CVE-2017-11501 (NixOS 17.03 and earlier has an unintended default absence of SSL ...)
	NOT-FOR-US: NixOS
CVE-2017-11500 (A directory traversal vulnerability exists in MetInfo 5.3.17. A remote ...)
	NOT-FOR-US: MetInfo
CVE-2017-11499 (Node.js v4.0 through v4.8.3, all versions of v5.x, v6.0 through ...)
	- nodejs 4.8.4~dfsg-1 (bug #868162; unimportant)
	NOTE: https://nodejs.org/en/blog/release/v6.11.1/
	NOTE: https://nodejs.org/en/blog/release/v4.8.4/
CVE-2017-11498 (Buffer overflow in hasplms in Gemalto ACC (Admin Control Center), all ...)
	NOT-FOR-US: Gemalto ACC
CVE-2017-11497 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control ...)
	NOT-FOR-US: Gemalto ACC
CVE-2017-11496 (Stack buffer overflow in hasplms in Gemalto ACC (Admin Control ...)
	NOT-FOR-US: Gemalto ACC
CVE-2017-11495 (PHICOMM K2(PSG1218) devices V22.5.11.5 and earlier allow ...)
	NOT-FOR-US: PHICOMM
CVE-2017-11494 (SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and ...)
	NOT-FOR-US: SOL.Connect ISET-mpp meter
CVE-2017-11493
	RESERVED
CVE-2017-11492
	RESERVED
CVE-2017-11491
	RESERVED
CVE-2017-11490
	RESERVED
CVE-2017-11489
	RESERVED
CVE-2017-11488
	RESERVED
CVE-2017-11487
	RESERVED
CVE-2017-11486
	RESERVED
CVE-2017-11485
	RESERVED
CVE-2017-11484
	RESERVED
CVE-2017-11483
	RESERVED
CVE-2017-11482 (The Kibana fix for CVE-2017-8451 was found to be incomplete. With ...)
	- kibana <itp> (bug #700337)
CVE-2017-11481 (Kibana versions prior to 6.0.1 and 5.6.5 had a cross-site scripting ...)
	- kibana <itp> (bug #700337)
CVE-2017-11480 (Packetbeat versions prior to 5.6.4 are affected by a denial of service ...)
	NOT-FOR-US: Packetbeat
CVE-2017-11479 (Kibana versions prior to 5.6.1 had a cross-site scripting (XSS) ...)
	- kibana <itp> (bug #700337)
CVE-2017-11477
	RESERVED
CVE-2017-11476
	RESERVED
CVE-2017-11475 (GLPI before 9.1.5.1 has SQL Injection in the condition rule field, ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11474 (GLPI before 9.1.5.1 has SQL Injection in the $crit variable in ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11471 (IDERA Uptime Monitor 7.8 has SQL injection in ...)
	NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11470 (IDERA Uptime Monitor 7.8 has SQL injection in ...)
	NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11469 (get2post.php in IDERA Uptime Monitor 7.8 has directory traversal in the ...)
	NOT-FOR-US: IDERA Uptime Monitor
CVE-2017-11468 (Docker Registry before 2.6.2 in Docker Distribution does not properly ...)
	- docker-registry 2.6.2~ds1-1 (bug #869242)
CVE-2017-11467 (OrientDB through 2.2.22 does not enforce privilege requirements during ...)
	NOT-FOR-US: OrientDB
CVE-2017-11465 (The parser_yyerror function in the UTF-8 parser in Ruby 2.4.1 allows ...)
	- ruby2.3 <not-affected> (Specific to Ruby 2.4)
	- ruby2.1 <not-affected> (Specific to Ruby 2.4)
CVE-2017-11464 (A SIGFPE is raised in the function box_blur_line of rsvg-filter.c in ...)
	- librsvg 2.40.18-1 (bug #869129)
	[stretch] - librsvg <no-dsa> (Minor issue)
	[jessie] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
	[wheezy] - librsvg <not-affected> (Vulnerable code introduced in 2.40.9)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783835
	NOTE: Introduced in: https://git.gnome.org/browse/librsvg/commit/?id=054807726db76558728e7a7513aabc4698b3dc95 (2.40.9)
	NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=ecf9267a24b2c3c0cd211dbdfa9ef2232511972a
CVE-2017-11473 (Buffer overflow in the mp_override_legacy_irq() function in ...)
	- linux 4.13.4-1 (unimportant)
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux 3.2.96-1
	NOTE: Fixed by: https://git.kernel.org/linus/dad5ab0db8deac535d03e3fe3d8f2892173fa6a4
	NOTE: Non-issue since ACPI tables are trusted
CVE-2017-11472 (The acpi_ns_terminate() function in drivers/acpi/acpica/nsutils.c in ...)
	- linux <unfixed> (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/3b2d69114fefa474fca542e51119036dceb4aa6f (4.12-rc1)
	NOTE: Non-issue since ACPI tables are trusted
CVE-2017-11466 (Arbitrary file upload vulnerability in ...)
	NOT-FOR-US: dotCMS
CVE-2017-11463 (In Ivanti Service Desk (formerly LANDESK Management Suite) versions ...)
	NOT-FOR-US: LANDESK
CVE-2017-11462 (Double free vulnerability in MIT Kerberos 5 (aka krb5) allows ...)
	- krb5 1.15.2-1 (low; bug #873563)
	[stretch] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
	[jessie] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
	[wheezy] - krb5 <ignored> (Minor issue, might lead to behaviour changes)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/56f7b1bc95a2a3eeb420e069e7655fb181ade5cf
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8598
CVE-2017-11461 (NetApp OnCommand Unified Manager for 7-mode (core package) versions ...)
	NOT-FOR-US: NetApp
CVE-2017-11460 (Cross-site scripting (XSS) vulnerability in the DataArchivingService ...)
	NOT-FOR-US: SAP
CVE-2017-11459 (SAP TREX 7.10 allows remote attackers to (1) read arbitrary files via ...)
	NOT-FOR-US: SAP
CVE-2017-11458 (Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol ...)
	NOT-FOR-US: SAP
CVE-2017-11457 (XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP ...)
	NOT-FOR-US: SAP
CVE-2017-11456 (Geneko GWR routers allow directory traversal sequences starting with a ...)
	NOT-FOR-US: Geneko GWR routers
CVE-2017-11455 (diag.cgi in Pulse Connect Secure 8.2R1 through 8.2R5, 8.1R1 through ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11454
	RESERVED
CVE-2017-11453
	RESERVED
CVE-2017-11452
	RESERVED
CVE-2017-11451
	RESERVED
CVE-2017-11450 (coders/jpeg.c in ImageMagick before 7.0.6-1 allows remote attackers to ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867894)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/948356eec65aea91995d4b7cc487d197d2c5f602
CVE-2017-11449 (coders/mpc.c in ImageMagick before 7.0.6-1 does not enable seekable ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867896)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b007dd3a048097d8f58949297f5b434612e1e1a3#diff-cdb21e3ad4d6e304030bd19bdc881fce
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/529ff26b68febb2ac03062c58452ea0b4c6edbc1#diff-cdb21e3ad4d6e304030bd19bdc881fce
CVE-2017-11448 (The ReadJPEGImage function in coders/jpeg.c in ImageMagick before ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867893)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1737ac82b335e53376382c07b9a500d73dd2aa11
CVE-2017-11447 (The ReadSCREENSHOTImage function in coders/screenshot.c in ImageMagick ...)
	{DSA-3914-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867897)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/556
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8c10b9247509c0484b55330458846115131ec2ae#diff-0a5dc34e461f3c458e758c199f2dc46d
CVE-2017-11446 (The ReadPESImage function in coders\pes.c in ImageMagick 7.0.6-1 has an ...)
	{DSA-4019-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #868950)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/537
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/787ee25e9fb0e4e0509121342371d925fe5044f8
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/96182884778bfc43d6a9a0abd90cedb5d8cf8977
CVE-2017-11445 (Subrion CMS before 4.1.6 has a SQL injection vulnerability in ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-11444 (Subrion CMS before 4.1.5.10 has a SQL injection vulnerability in ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-11443
	RESERVED
CVE-2017-11442
	RESERVED
CVE-2017-11441 (The WHM Upload Locale interface in cPanel before 56.0.51, 58.x before ...)
	NOT-FOR-US: WHM Upload Locale interface in cPanel
CVE-2017-11440 (In Sitecore 8.2, there is absolute path traversal via the ...)
	NOT-FOR-US: Sitecore
CVE-2017-11439 (In Sitecore 8.2, there is reflected XSS in the ...)
	NOT-FOR-US: Sitecore
CVE-2017-11438 (GitLab Community Edition (CE) and Enterprise Edition (EE) before ...)
	- gitlab <not-affected> (Only affects 8.5 onwards)
	NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
CVE-2017-11437 (GitLab Enterprise Edition (EE) before 8.17.7, 9.0.11, 9.1.8, 9.2.8, ...)
	- gitlab <not-affected> (Only affects Enterprise Edition)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ee/issues/2905
	NOTE: https://about.gitlab.com/2017/07/19/gitlab-9-dot-3-dot-8-released/
CVE-2017-11436 (D-Link DIR-615 before v20.12PTb04 has a second admin account with a 0x1 ...)
	NOT-FOR-US: D-Link
CVE-2017-11435 (The Humax Wi-Fi Router model HG100R-* 2.0.6 is prone to an ...)
	NOT-FOR-US: Humax Wi-Fi Router model HG100R-*
CVE-2017-11434 (The dhcp_decode function in slirp/bootp.c in QEMU (aka Quick Emulator) ...)
	{DSA-3925-1 DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-7 (bug #869171)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg05001.html
CVE-2017-11433
	RESERVED
CVE-2017-11432
	RESERVED
CVE-2017-11431
	RESERVED
CVE-2017-11430
	RESERVED
	- ruby-omniauth-saml 1.10.0-1 (bug #892864)
	NOTE: fixed in 1.10.0
	NOTE: https://github.com/omniauth/omniauth-saml/issues/156
	NOTE: https://github.com/omniauth/omniauth-saml/pull/157
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11429
	RESERVED
	NOT-FOR-US: Clever saml2-js
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://nodesecurity.io/advisories/567
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11428
	RESERVED
	- ruby-saml 1.7.2-1 (bug #892865)
	NOTE: fixed in 1.7.0
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11427
	RESERVED
	NOT-FOR-US: OneLogin python-saml
	NOTE: https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
	NOTE: https://www.kb.cert.org/vuls/id/475445
CVE-2017-11426
	RESERVED
CVE-2017-11425
	RESERVED
CVE-2017-11424 (In PyJWT 1.5.0 and below the `invalid_strings` check in ...)
	{DSA-3979-1}
	- pyjwt 1.4.2-1.1 (bug #873244)
	NOTE: https://github.com/jpadilla/pyjwt/pull/277
CVE-2017-11423 (The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...)
	{DSA-3946-1 DLA-1279-1}
	- libmspack 0.6-1 (bug #868956)
	- clamav 0.99.3~beta1+dfsg-1 (unimportant)
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11873 (not public)
	NOTE: https://github.com/kyz/libmspack/commit/17038206fcc384dcee6dd9e3a75f08fd3ddc6a38
	NOTE: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul
	NOTE: ClamAV: https://github.com/vrtadmin/clamav-devel/commit/ffa31264a657618a0e40c51c01e4bfc32e244d13
	NOTE: ClamaV: https://github.com/vrtadmin/clamav-devel/commit/ada5f94e5cfb04e1ac2a6f383f2184753f475b96
	NOTE: ClamAV uses the libmspack system library when available. This is the
	NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
	NOTE: libmspack and thus need to have the fix as well in the src:clamav source package.
CVE-2017-11422 (Statamic framework before 2.6.0 does not correctly check a session's ...)
	NOT-FOR-US: Statamic
CVE-2017-11420 (Stack-based buffer overflow in ASUS_Discovery.c in networkmap in ...)
	NOT-FOR-US: ASUS
CVE-2017-11419 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11418 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11417 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11416 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11415 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11414 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11413 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11412 (Fiyo CMS 2.0.7 has SQL injection in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11411 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the openSAFETY ...)
	- wireshark 2.4.0-1 (bug #870179)
	[stretch] - wireshark <not-affected> (Incomplete fix for CVE-2017-9350 not applied)
	[jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-9350 not applied)
	[wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-9350 not applied)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13755
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a83a324acdfc07a0ca8b65e6ebaba3374ab19c76
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
CVE-2017-11410 (In Wireshark through 2.0.13 and 2.2.x through 2.2.7, the WBXML ...)
	- wireshark 2.4.0-1 (bug #870180)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied)
	[wheezy] - wireshark <not-affected> (Incomplete fix for CVE-2017-7702 not applied)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13796
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3c7168cc5f044b4da8747d35da0b2b204dabf398
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html
CVE-2017-11409 (In Wireshark 2.0.0 to 2.0.13, the GPRS LLC dissector could go into a ...)
	- wireshark 2.2.0~rc1+g438c022-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13603
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=57b83bbbd76f543eb8d108919f13b662910bff9a
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-37.html
	NOTE: Technically the 2.2.0~rc1+g438c022-1 is just the first version in unstable
	NOTE: after 2.1.0 from upstream. Upstream changed the types in llc_gprs_dissect_xid
	NOTE: in version 2.1.0.
CVE-2017-11408 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the AMQP dissector ...)
	{DSA-4060-1 DLA-1226-1}
	- wireshark 2.4.0-1 (bug #870172)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13780
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a102c172b0b2fe231fdb49f4f6694603f5b93b0c
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e57c86ef8e3b57b7f90c224f6053d1eacf20e1ba
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-34.html
CVE-2017-11407 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the MQ dissector could ...)
	- wireshark 2.4.0-1 (low; bug #870172)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13792
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4e54dae7f0d7840836ee6d5ce1e688f152ab2978
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-35.html
CVE-2017-11406 (In Wireshark 2.2.0 to 2.2.7 and 2.0.0 to 2.0.13, the DOCSIS dissector ...)
	- wireshark 2.4.0-1 (bug #870172)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13797
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=250216263c3a3f2c651e80d9c6b3dc0adc53dc2c
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-36.html
CVE-2017-11405 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-11404 (In CMS Made Simple (CMSMS) 2.2.2, remote authenticated administrators ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-11403 (The ReadMNGImage function in coders/png.c in GraphicsMagick 1.3.26 has ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-3
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d0a76868ca37
	NOTE: When fixing this CVE make sure to not make the fix incomplete and open the CVE-2017-14103
	NOTE: issue. See: http://www.openwall.com/lists/oss-security/2017/09/01/6
CVE-2017-11402 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...)
	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11401 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...)
	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11400 (An issue has been discovered on the Belden Hirschmann Tofino Xenon ...)
	NOT-FOR-US: Belden Hirschmann Tofino Xenon Security Appliance
CVE-2017-11421 (gnome-exe-thumbnailer before 0.9.5 is prone to a VBScript Injection ...)
	- gnome-exe-thumbnailer 0.9.5-1 (bug #868705)
	[stretch] - gnome-exe-thumbnailer 0.9.4-2+deb9u1
	NOTE: http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
	NOTE: https://github.com/gnome-exe-thumbnailer/gnome-exe-thumbnailer/commit/1d8e3102dd8fd23431ae6127d14a236da6b4a4a5
CVE-2017-11399 (Integer overflow in the ape_decode_frame function in ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/ba4beaf6149f7241c8bd85fe853318c2f6837ad0
	NOTE: Fixed in 3.2.7
CVE-2017-11398 (A session hijacking via log disclosure vulnerability in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11397 (A service DLL preloading vulnerability in Trend Micro Encryption for ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11396 (Vulnerability issues with the web service inspection of input ...)
	NOT-FOR-US: Trend Micro Web Security Virtual Appliance
CVE-2017-11395 (Command injection vulnerability in Trend Micro Smart Protection Server ...)
	NOT-FOR-US: Trend Micro Smart Protection Server
CVE-2017-11394 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11393 (Proxy command injection vulnerability in Trend Micro OfficeScan 11 and ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11392 (Proxy command injection vulnerability in Trend Micro InterScan ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11391 (Proxy command injection vulnerability in Trend Micro InterScan ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11390 (XML external entity (XXE) processing vulnerability in Trend Micro ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11389 (Directory traversal vulnerability in Trend Micro Control Manager 6.0 ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11388 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11387 (Authentication Bypass in Trend Micro Control Manager 6.0 causes ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11386 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11385 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11384 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11383 (SQL Injection in Trend Micro Control Manager 6.0 causes Remote Code ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2017-11382 (Denial of Service vulnerability in Trend Micro Deep Discovery Email ...)
	NOT-FOR-US: Trend Micro
CVE-2017-11381 (A command injection vulnerability exists in Trend Micro Deep Discovery ...)
	NOT-FOR-US: Trend Micro Deep Discovery Director
CVE-2017-11380 (Backup archives were found to be encrypted with a static password ...)
	NOT-FOR-US: Trend Micro Deep Discovery Director
CVE-2017-11379 (Configuration and database backup archives are not signed or validated ...)
	NOT-FOR-US: Trend Micro Deep Discovery Director
CVE-2017-11378
	RESERVED
CVE-2017-11377
	RESERVED
CVE-2017-11376
	RESERVED
CVE-2017-11375
	RESERVED
CVE-2017-11374
	RESERVED
CVE-2017-11373
	RESERVED
CVE-2017-11372
	RESERVED
CVE-2017-11371
	RESERVED
CVE-2017-11370
	RESERVED
CVE-2017-11369
	RESERVED
CVE-2017-11368 (In MIT Kerberos 5 (aka krb5) 1.7 and later, an authenticated attacker ...)
	{DLA-1058-1}
	- krb5 1.15.1-2 (bug #869260)
	[stretch] - krb5 1.15-1+deb9u1
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/pull/678/commits/a860385dd8fbd239fdb31b347e07f4e6b2fbdcc2
CVE-2017-11367 (The shoco_decompress function in the API in shoco through 2017-07-17 ...)
	NOT-FOR-US: shoco
CVE-2017-11366 (components/filemanager/class.filemanager.php in Codiad before 2.8.4 is ...)
	NOT-FOR-US: Codiad
CVE-2017-11365
	RESERVED
CVE-2017-11364 (The CMS installer in Joomla! before 3.7.4 does not verify a user's ...)
	NOT-FOR-US: Joomla
CVE-2017-11363
	RESERVED
CVE-2017-11362 (In PHP 7.x before 7.0.21 and 7.1.x before 7.1.7, ...)
	- php7.1 7.1.8-1 (unimportant)
	- php7.0 7.0.22-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73473
	NOTE: Fixed in 7.1.7, 7.0.21
	NOTE: Only triggerable by malicious script
CVE-2017-11361 (Inteno routers have a JUCI ACL misconfiguration that allows the &quot;user&quot; ...)
	NOT-FOR-US: Inteno routers
CVE-2017-11360 (The ReadRLEImage function in coders\rle.c in ImageMagick 7.0.6-1 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867808)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/518
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/224bc946b24824a77e8e8c52ee07e9bc65796e30
CVE-2017-11359 (The wavwritehdr function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #870328)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11358 (The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #870328)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11357 (Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not ...)
	NOT-FOR-US: Progress Telerik UI
CVE-2017-11356 (The application distribution export functionality in PEGA Platform 7.2 ...)
	NOT-FOR-US: PEGA Platform
CVE-2017-11355 (Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform ...)
	NOT-FOR-US: PEGA Platform
CVE-2017-11354 (Fiyo CMS v2.0.7 has an SQL injection vulnerability in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-11351 (Axesstel MU553S MU55XS-V1.14 devices have a default password of admin ...)
	NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-11350 (Cross-Site Request Forgery (CSRF) exists in cgi-bin/ConfigSet on ...)
	NOT-FOR-US: Axesstel MU553S MU55XS-V1.14
CVE-2017-11349 (dataTaker DT8x dEX 1.72.007 allows remote attackers to compose programs ...)
	NOT-FOR-US: dataTaker
CVE-2017-11348 (In Octopus Deploy 3.x before 3.15.4, an authenticated user with ...)
	NOT-FOR-US: Octopus Deploy
CVE-2017-11347 (Authenticated Code Execution Vulnerability in MetInfo 5.3.17 allows a ...)
	NOT-FOR-US: MetInfo
CVE-2017-11346 (Zoho ManageEngine Desktop Central before build 100092 allows remote ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2017-11345 (Stack buffer overflow in networkmap in Asuswrt-Merlin firmware for ASUS ...)
	NOT-FOR-US: ASUS
CVE-2017-11344 (Global buffer overflow in networkmap in Asuswrt-Merlin firmware for ...)
	NOT-FOR-US: ASUS
CVE-2017-11353 (yadm (yet another dotfile manager) 1.10.0 has a race condition ...)
	- yadm 1.11.1-1 (bug #868300)
	[stretch] - yadm 1.06-1+deb9u1
	NOTE: https://github.com/TheLocehiliosan/yadm/issues/74
CVE-2017-11343 (Due to an incomplete fix for CVE-2012-6125, all versions of CHICKEN ...)
	- chicken 4.12.0-0.2 (bug #870266)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2017-07/msg00000.html
CVE-2017-11342 (There is an illegal address access in ast.cpp of LibSass 3.4.5. A ...)
	- libsass <unfixed> (bug #868577)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470722
CVE-2017-11341 (There is a heap based buffer over-read in lexer.hpp of LibSass 3.4.5. A ...)
	- libsass <unfixed> (bug #868577)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470714
CVE-2017-11340 (There is a Segmentation fault in the XmpParser::terminate() function in ...)
	[experimental] - exiv2 <unfixed> (low; bug #868578)
	- exiv2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Exiv2/exiv2/issues/53
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470950
	NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type".
	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11339 (There is a heap-based buffer overflow in the Image::printIFDStructure ...)
	[experimental] - exiv2 <unfixed> (bug #868578)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/52
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470946
	NOTE: Not reproducible in wheezy/jessie/stretch, I get "The file contains data of an unknown image type".
	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11338 (There is an infinite loop in the Exiv2::Image::printIFDStructure ...)
	[experimental] - exiv2 <unfixed> (low; bug #868578)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/51
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470913
	NOTE: Not reproducible in wheezy/jessie/stretch, I get "No Exif data found in the file".
	NOTE: Reproducible with 0.26-1 (experimental).
CVE-2017-11337 (There is an invalid free in the Action::TaskFactory::cleanup function ...)
	[experimental] - exiv2 <unfixed> (low; bug #868578)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/50
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470737
	NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind), I get "No Exif data found in the file".
	NOTE: Reproducible with 0.26-1 (experimental).
	NOTE: Action::TaskFactory::cleanup function is the same in all versions, so the problem is likely an earlier memory corruption.
CVE-2017-11336 (There is a heap-based buffer over-read in the Image::printIFDStructure ...)
	[experimental] - exiv2 <unfixed> (bug #868578)
	- exiv2 <not-affected> (Vulnerable code introduced after 0.25)
	NOTE: https://github.com/Exiv2/exiv2/issues/49
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470729
	NOTE: Not reproducible in wheezy/jessie/stretch (even with valgrind).
	NOTE: Reproducible with 0.26-1 (experimental) although I get another error "free(): invalid next size (fast)".
CVE-2017-11335 (There is a heap based buffer overflow in tools/tiff2pdf.c of LibTIFF ...)
	{DSA-4100-1 DLA-1094-1 DLA-1093-1}
	- tiff 4.0.8-4 (bug #868513)
	[stretch] - tiff <no-dsa> (Minor issue)
	[jessie] - tiff <no-dsa> (Minor issue)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2715
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/69bfeec247899776b1b396651adb47436e5f1556
CVE-2017-11529 (The ReadMATImage function in coders/mat.c in ImageMagick before 6.9.9-0 ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867823)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/525
CVE-2017-11478 (The ReadOneDJVUImage function in coders/djvu.c in ImageMagick through ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867826)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/528
CVE-2017-11526 (The ReadOneMNGImage function in coders/png.c in ImageMagick before ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867825)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/527
CVE-2017-11505 (The ReadOneJNGImage function in coders/png.c in ImageMagick through ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867824)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/526
CVE-2017-11530 (The ReadEPTImage function in coders/ept.c in ImageMagick before 6.9.9-0 ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867821)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/524
CVE-2017-11524 (The WriteBlob function in MagickCore/blob.c in ImageMagick before ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867798)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/506
CVE-2017-11334 (The address_space_write_continue function in exec.c in QEMU (aka Quick ...)
	{DSA-3925-1}
	- qemu 1:2.8+dfsg-7 (bug #869173)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=f5aa69bdc3418773f26747ca282c291519626ece
	NOTE: https://git.qemu.org/gitweb.cgi?p=qemu.git;a=commit;h=04bf2526ce87f21b32c9acba1c5518708c243ad0
CVE-2017-11333 (The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis ...)
	{DSA-4113-1 DLA-1368-1}
	- libvorbis 1.3.5-4.1 (low; bug #870341)
	[jessie] - libvorbis <postponed> (Minor issue, can be revisited once fixed upstream)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/82
	NOTE: https://gitlab.xiph.org/xiph/vorbis/issues/2332
	NOTE: Fixed by: https://gitlab.xiph.org/xiph/vorbis/commit/a79ec216cd119069c68b8f3542c6a425a74ab993
CVE-2017-11332 (The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows ...)
	{DLA-1197-1}
	- sox 14.4.2-2 (bug #870328)
	[stretch] - sox <no-dsa> (Minor issue)
	[jessie] - sox <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/81
	NOTE: Upstream bug report https://sourceforge.net/p/sox/bugs/296/
CVE-2017-11331 (The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 ...)
	- vorbis-tools <unfixed> (unimportant)
	NOTE: The issue is "covered" by the fix applied in 0016-oggenc-validate-count-of-channels-in-the-header-CVE-.patch
	NOTE: still the return of malloc is not checked.
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/80
	NOTE: Crash in CLI tool only, negligible security impact
CVE-2017-11330 (The DivFixppCore::avi_header_fix function in DivFix++Core.cpp in ...)
	NOT-FOR-US: DivFix++
CVE-2017-11329 (GLPI before 9.1.5 allows SQL injection via an ajax/getDropdownValue.php ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-10398 (Android 6.0 has an authentication bypass for attackers with root and ...)
	NOT-FOR-US: Android
CVE-2017-11328 (Heap buffer overflow in the yr_object_array_set_item() function in ...)
	- yara 3.6.3+dfsg-1
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/4a342f01e5439b9bb901aff1c6c23c536baeeb3f
CVE-2017-11327 (An issue was discovered in Tilde CMS 1.0.1. It is possible to retrieve ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11326 (An issue was discovered in Tilde CMS 1.0.1. It is possible to bypass ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11325 (An issue was discovered in Tilde CMS 1.0.1. Arbitrary files can be read ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11324 (An issue was discovered in Tilde CMS 1.0.1. Due to missing escaping of ...)
	NOT-FOR-US: Tilde CMS
CVE-2017-11323 (Stack-based buffer overflow in ESTsoft ALZip 8.51 and earlier allows ...)
	NOT-FOR-US: ESTsoft ALZip
CVE-2017-11322 (The chroothole_client executable in UCOPIA Wireless Appliance before ...)
	NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-11321 (The restricted shell interface in UCOPIA Wireless Appliance before ...)
	NOT-FOR-US: UCOPIA Wireless Appliance
CVE-2017-11320 (Persistent XSS through the SSID of nearby Wi-Fi devices on Technicolor ...)
	NOT-FOR-US: Technicolor TC7337 routers
CVE-2017-11319 (Perspective ICM Investigation &amp; Case 5.1.1.16 allows remote ...)
	NOT-FOR-US: Perspective ICM Investigation
CVE-2017-11318 (Cobian Backup 11 client allows man-in-the-middle attackers to add and ...)
	NOT-FOR-US: Cobian
CVE-2017-11317 (Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 ...)
	NOT-FOR-US: Progress Telerik UI
CVE-2017-11316
	RESERVED
CVE-2017-11315
	RESERVED
CVE-2017-11314
	RESERVED
CVE-2017-11313
	RESERVED
CVE-2017-11312
	RESERVED
CVE-2017-11311 (soundlib/Load_psm.cpp in OpenMPT through 1.26.12.00 and libopenmpt ...)
	- libopenmpt 0.2.8461~beta26-1 (bug #867579)
	[stretch] - libopenmpt 0.2.7386~beta20.3-3+deb9u2
CVE-2017-11310 (The read_user_chunk_callback function in coders\png.c in ImageMagick ...)
	- imagemagick <not-affected> (Vulnerable code not present, Only affects ImageMagick-7)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/517
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/8ca35831e91c3db8c6d281d09b605001003bec08
CVE-2017-11309 (Buffer overflow in the SoftConsole client in Avaya IP Office before ...)
	NOT-FOR-US: Avaya IP Office
CVE-2017-11308 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2017-11307 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2017-11306 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2017-11305 (A regression affecting Adobe Flash Player version 27.0.0.187 (and ...)
	NOT-FOR-US: Adobe
CVE-2017-11304 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and ...)
	NOT-FOR-US: Adobe
CVE-2017-11303 (An issue was discovered in Adobe Photoshop 18.1.1 (2017.1.1) and ...)
	NOT-FOR-US: Adobe
CVE-2017-11302 (An issue was discovered in Adobe InDesign 12.1.0 and earlier versions. ...)
	NOT-FOR-US: Adobe
CVE-2017-11301 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11300 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11299 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11298 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11297 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11296 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. ...)
	NOT-FOR-US: Adobe
CVE-2017-11295 (An issue was discovered in Adobe DNG Converter 9.12.1 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11294 (An issue was discovered in Adobe Shockwave 12.2.9.199 and earlier. An ...)
	NOT-FOR-US: Adobe
CVE-2017-11293 (An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and ...)
	NOT-FOR-US: Adobe
CVE-2017-11292 (Adobe Flash Player version 27.0.0.159 and earlier has a flawed bytecode ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-11291 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11290 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11289 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11288 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11287 (An issue was discovered in Adobe Connect 9.6.2 and earlier versions. A ...)
	NOT-FOR-US: Adobe
CVE-2017-11286 (Adobe ColdFusion has an XML external entity (XXE) injection ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11285 (Adobe ColdFusion has a cross-site scripting (XSS) vulnerability. This ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11284 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11283 (Adobe ColdFusion has an Untrusted Data Deserialization vulnerability. ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2017-11282 (Adobe Flash Player has an exploitable memory corruption vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2017-11281 (Adobe Flash Player has an exploitable memory corruption vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2017-11280 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...)
	NOT-FOR-US: Adobe
CVE-2017-11279 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after ...)
	NOT-FOR-US: Adobe
CVE-2017-11278 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...)
	NOT-FOR-US: Adobe
CVE-2017-11277 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...)
	NOT-FOR-US: Adobe
CVE-2017-11276 (Adobe Digital Editions 4.5.4 and earlier has an exploitable memory ...)
	NOT-FOR-US: Adobe
CVE-2017-11275 (Adobe Digital Editions 4.5.4 and earlier has an exploitable heap ...)
	NOT-FOR-US: Adobe
CVE-2017-11274 (Adobe Digital Editions 4.5.4 and earlier has an exploitable use after ...)
	NOT-FOR-US: Adobe
CVE-2017-11273 (An issue was discovered in Adobe Digital Editions 4.5.6 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11272 (Adobe Digital Editions 4.5.4 and earlier has a security bypass ...)
	NOT-FOR-US: Adobe
CVE-2017-11271 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11270 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11269 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11268 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11267 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11266
	RESERVED
CVE-2017-11265 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11264
	RESERVED
CVE-2017-11263 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11262 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11261 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11260 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11259 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11258 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11257 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11256 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11255 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11254 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11253 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2017-11252 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11251 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11250 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2017-11249 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11248 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11247
	RESERVED
CVE-2017-11246 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11245 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11244 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11243 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11242 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11241 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11240 (Adobe Acrobat and Reader versions 2017.012.20098 and earlier, ...)
	NOT-FOR-US: Adobe
CVE-2017-11239 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11238 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11237 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11236 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11235 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11234 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11233 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11232 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11231 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11230 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11229 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11228 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11227 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11226 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11225 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11224 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11223 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11222 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11221 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11220 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11219 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11218 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11217 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11216 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11215 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11214 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11213 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-11212 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11211 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11210 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-11209 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-1000083 (backend/comics/comics-document.c (aka the comic book backend) in GNOME ...)
	{DSA-3916-1 DSA-3911-1 DLA-1031-1}
	- evince 3.22.1-4
	- atril 1.16.1-2.1 (bug #868500)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784630
CVE-2017-11208
	RESERVED
CVE-2017-11207
	RESERVED
CVE-2017-11206
	RESERVED
CVE-2017-11205
	RESERVED
CVE-2017-11204
	RESERVED
CVE-2017-11203
	RESERVED
CVE-2017-11202 (FineCMS through 2017-07-12 allows XSS in visitors.php because ...)
	NOT-FOR-US: FineCMS
CVE-2017-11201 (application/core/controller/images.php in FineCMS through 2017-07-12 ...)
	NOT-FOR-US: FineCMS
CVE-2017-11200 (SQL Injection exists in FineCMS through 2017-07-12 via the ...)
	NOT-FOR-US: FineCMS
CVE-2017-11199
	RESERVED
CVE-2017-11198 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: FineCMS
CVE-2017-11197
	RESERVED
CVE-2017-12562 (Heap-based Buffer Overflow in the psf_binheader_writef function in ...)
	{DLA-1049-1}
	- libsndfile 1.0.28-3 (bug #869166)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/issues/292
	NOTE: https://github.com/erikd/libsndfile/commit/cf7a8182c2642c50f1cf90dddea9ce96a8bad2e8
CVE-2017-11196 (Pulse Connect Secure 8.3R1 has CSRF in logout.cgi. The logout function ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11195 (Pulse Connect Secure 8.3R1 has Reflected XSS in launchHelp.cgi. The ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11194 (Pulse Connect Secure 8.3R1 has Reflected XSS in ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11193 (Pulse Connect Secure 8.3R1 has CSRF in diag.cgi. In the panel, the ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2017-11192
	RESERVED
CVE-2017-11191 (** DISPUTED ** FreeIPA 4.x with API version 2.213 allows a remote ...)
	NOTE: non-issue claimed for freepia
CVE-2017-11190 (unrarlib.c in unrar-free 0.0.1, when _DEBUG_LOG mode is enabled, might ...)
	- unrar-free <unfixed> (unimportant)
	NOTE: Affected debug code not enabled
CVE-2017-11189 (unrarlib.c in unrar-free 0.0.1 might allow remote attackers to cause a ...)
	- unrar-free <unfixed> (unimportant)
	NOTE: Crash in CLI tool, no security impact
CVE-2017-11187 (phpMyFAQ before 2.9.8 does not properly mitigate brute-force attacks ...)
	NOT-FOR-US: phpMyFAQ
CVE-2017-11186
	RESERVED
CVE-2017-11185 (The gmp plugin in strongSwan before 5.6.0 allows remote attackers to ...)
	{DSA-3962-1 DLA-1059-1}
	- strongswan 5.6.0-1 (bug #872155)
	NOTE: https://www.strongswan.org/blog/2017/08/14/strongswan-vulnerability-(cve-2017-11185).html
	NOTE: https://git.strongswan.org/?p=strongswan.git;a=commit;h=ef5c37fcdf47273feea320091598135688df4ef7
CVE-2017-11184 (SQL injection exists in front/devicesoundcard.php in GLPI before 9.1.5 ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11183 (front/backup.php in GLPI before 9.1.5 allows remote authenticated ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2017-11182 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...)
	NOT-FOR-US: Rise Ultimate Project Manager
CVE-2017-11181 (In Rise Ultimate Project Manager v1.8, XSS vulnerabilities were found ...)
	NOT-FOR-US: Rise Ultimate Project Manager
CVE-2017-11180 (FineCMS through 2017-07-11 has stored XSS in the logging functionality, ...)
	NOT-FOR-US: FineCMS
CVE-2017-11179 (FineCMS through 2017-07-11 has stored XSS in route=admin when modifying ...)
	NOT-FOR-US: FineCMS
CVE-2017-11178 (In FineCMS through 2017-07-11, application/core/controller/style.php ...)
	NOT-FOR-US: FineCMS
CVE-2017-11177 (TRITON AP-EMAIL 8.2 before 8.2 IB does not properly restrict file ...)
	NOT-FOR-US: TRITON
CVE-2017-11176 (The mq_notify function in the Linux kernel through 4.11.9 does not set ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.11.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/f991af3daabaecff34684fd51fac80319d1baad1
CVE-2017-11175
	RESERVED
CVE-2017-11174 (In install/page_dbsettings.php in the Core distribution of XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2017-11173 (Missing anchor in generated regex for rack-cors before 0.4.1 allows a ...)
	{DSA-3931-1}
	- ruby-rack-cors 0.4.1-1
	[jessie] - ruby-rack-cors <not-affected> (Vulnerable code not present)
CVE-2017-11172
	RESERVED
CVE-2017-1000096 (Arbitrary code execution due to incomplete sandbox protection: ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000095 (The default whitelist included the following unsafe entries: ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000094 (Docker Commons Plugin provides a list of applicable credential IDs to ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000093 (Poll SCM Plugin was not requiring requests to its API be sent via ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000092 (Git Plugin connects to a user-specified Git repository as part of form ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000091 (GitHub Branch Source Plugin connects to a user-specified GitHub API ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000090 (Role-based Authorization Strategy Plugin was not requiring requests to ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000089 (Builds in Jenkins are associated with an authentication that controls ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000088 (The Sidebar Link plugin allows users able to configure jobs, views, ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000087 (GitHub Branch Source provides a list of applicable credential IDs to ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000086 (The Periodic Backup Plugin did not perform any permission checks, ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000085 (Subversion Plugin connects to a user-specified Subversion repository ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-1000084 (Parameterized Trigger Plugin fails to check Item/Build permission: The ...)
	NOT-FOR-US: Jenkins plugin
CVE-2017-11171 (Bad reference counting in the context of accept_ice_connection() in ...)
	- gnome-session 2.30.0-1
	NOTE: https://github.com/GNOME/gnome-session/commit/b0dc999e0b45355314616321dbb6cb71e729fc9d
CVE-2017-11170 (The ReadTGAImage function in coders\tga.c in ImageMagick 7.0.5-6 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868184)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/472
CVE-2017-11169 (Privilege Escalation on iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices ...)
	NOT-FOR-US: iBall iB-WRA300N3GT iB-WRA300N3GT_1.1.1 devices
CVE-2017-11168
	RESERVED
CVE-2017-11167 (FineCMS 2.1.0 allows remote attackers to execute arbitrary PHP code by ...)
	NOT-FOR-US: FineCMS
CVE-2017-11166 (The ReadXWDImage function in coders\xwd.c in ImageMagick 7.0.5-6 has a ...)
	- imagemagick 8:6.9.7.4+dfsg-7 (unimportant; bug #868263)
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u14
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/471
CVE-2017-11165 (dataTaker DT80 dEX 1.50.012 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: dataTaker
CVE-2017-11164 (In PCRE 8.41, the OP_KETRMAX feature in the match function in ...)
	- pcre3 <unfixed> (unimportant)
	NOTE: http://openwall.com/lists/oss-security/2017/07/11/3
CVE-2017-11163 (Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in ...)
	- cacti 1.1.12+ds1-1 (bug #868080)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/847
	NOTE: aggregate_graphs.php not available in 0.8.8.
	NOTE: Upstream claims fix for CVE-2017-10970 also fixes this CVE
	NOTE: but produced this patch anyway: https://github.com/Cacti/cacti/commit/bf5b1309dcf68578c3bdc4db54112dfb2e8ec4f4
CVE-2017-11162 (Directory traversal vulnerability in synphotoio in Synology Photo ...)
	NOT-FOR-US: Synology
CVE-2017-11161 (Multiple SQL injection vulnerabilities in Synology Photo Station ...)
	NOT-FOR-US: Synology
CVE-2017-11160 (Multiple untrusted search path vulnerabilities in installer in ...)
	NOT-FOR-US: Installer in Synology Assistant
CVE-2017-11159 (Multiple untrusted search path vulnerabilities in installer in ...)
	NOT-FOR-US: Installer in Synology Photo Station Uploader
CVE-2017-11158 (Multiple untrusted search path vulnerabilities in the installer in ...)
	NOT-FOR-US: Synology Cloud Station Drive
CVE-2017-11157 (Multiple untrusted search path vulnerabilities in the installer in ...)
	NOT-FOR-US: Synology
CVE-2017-11156 (Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before ...)
	NOT-FOR-US: Synology Download Station
CVE-2017-11155 (An information exposure vulnerability in index.php in Synology Photo ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11154 (Unrestricted file upload vulnerability in PixlrEditorHandler.php in ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11153 (Deserialization vulnerability in synophoto_csPhotoMisc.php in Synology ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11152 (Directory traversal vulnerability in PixlrEditorHandler.php in ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11151 (A vulnerability in synotheme_upload.php in Synology Photo Station ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-11150 (Command injection vulnerability in Document.php in Synology Office ...)
	NOT-FOR-US: Synology Office
CVE-2017-11149 (Server-side request forgery (SSRF) vulnerability in Downloader in ...)
	NOT-FOR-US: Synology Download Station
CVE-2017-11148 (Server-side request forgery (SSRF) vulnerability in link preview in ...)
	NOT-FOR-US: Synology Chat
CVE-2017-11146
	REJECTED
CVE-2017-11145 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, an ...)
	{DSA-4081-1 DSA-4080-1 DLA-1034-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74819
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: Fixed by: https://github.com/php/php-src/commit/e8b7698f5ee757ce2c8bd10a192a491a498f891c
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-1000362 (The re-key admin monitor was introduced in Jenkins 1.498 and ...)
	- jenkins <removed>
CVE-2017-1000081 (Linux foundation ONOS 1.9.0 is vulnerable to unauthenticated upload of ...)
	NOT-FOR-US: ONOS
CVE-2017-1000080 (Linux foundation ONOS 1.9.0 allows unauthenticated use of websockets. ...)
	NOT-FOR-US: ONOS
CVE-2017-1000079 (Linux foundation ONOS 1.9.0 is vulnerable to a DoS. ...)
	NOT-FOR-US: ONOS
CVE-2017-1000078 (Linux foundation ONOS 1.9 is vulnerable to XSS in the device. ...)
	NOT-FOR-US: ONOS
CVE-2017-1000077
	REJECTED
CVE-2017-1000076
	REJECTED
CVE-2017-1000075 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000074 (Creolabs Gravity version 1.0 is vulnerable to a stack overflow in the ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000073 (Creolabs Gravity version 1.0 is vulnerable to a heap overflow in an ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000072 (Creolabs Gravity version 1.0 is vulnerable to a Double Free in ...)
	NOT-FOR-US: Creolabs Gravity
CVE-2017-1000071 (Jasig phpCAS version 1.3.4 is vulnerable to an authentication bypass ...)
	- php-cas <unfixed> (bug #868466)
	[stretch] - php-cas <no-dsa> (Minor issue)
	[jessie] - php-cas <no-dsa> (Minor issue)
	[wheezy] - php-cas <no-dsa> (Minor issue, only works with old CAS server)
	NOTE: https://github.com/Jasig/phpCAS/issues/228
	NOTE: The vulnerability only exists when the server is affected by
	NOTE: another very old vulnerability fixed in 2010.
CVE-2017-1000070 (The Bitly oauth2_proxy in version 2.1 and earlier was affected by an ...)
	NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000069 (CSRF in Bitly oauth2_proxy 2.1 during authentication flow ...)
	NOT-FOR-US: Bitly oauth2_proxy
CVE-2017-1000068 (TestTrack Server versions 1.0 and earlier are vulnerable to an ...)
	NOT-FOR-US: TestTrack
CVE-2017-1000067 (MODX Revolution version 2.x - 2.5.6 is vulnerable to blind SQL ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-1000066 (The entry details view function in KeePass version 1.32 inadvertently ...)
	- keepass2 <not-affected> (Only affects 1.x)
CVE-2017-1000065 (Multiple Cross-site scripting (XSS) vulnerabilities in rpc.php in ...)
	NOT-FOR-US: OpenMediaVault
CVE-2017-1000064 (kittoframework kitto version 0.5.1 is vulnerable to memory exhaustion ...)
	NOT-FOR-US: kittoframework kitto
CVE-2017-1000063 (kittoframework kitto version 0.5.1 is vulnerable to an XSS in the 404 ...)
	NOT-FOR-US: kittoframework kitto
CVE-2017-1000062 (kittoframework kitto 0.5.1 is vulnerable to directory traversal in the ...)
	NOT-FOR-US: kittoframework kitto
CVE-2017-1000061 (xmlsec 1.2.23 and before is vulnerable to XML External Entity ...)
	- xmlsec1 1.2.24-1
	[stretch] - xmlsec1 <no-dsa> (Minor issue)
	[jessie] - xmlsec1 <no-dsa> (Minor issue)
	[wheezy] - xmlsec1 <no-dsa> (Minor issue)
	NOTE: https://github.com/lsh123/xmlsec/issues/43
CVE-2017-1000060 (EyesOfNetwork (EON) 5.1 Unauthenticated SQL Injection in eonweb ...)
	NOT-FOR-US: EyesOfNetwork (EON)
CVE-2017-1000059 (Live Helper Chat version 2.06v and older is vulnerable to Cross-Site ...)
	NOT-FOR-US: Live Helper Chat
CVE-2017-1000058 (Stored XSS vulnerabilities in chevereto CMS before version 3.8.11, ...)
	NOT-FOR-US: chevereto CMS
CVE-2017-1000057
	REJECTED
CVE-2017-1000056 (Kubernetes version 1.5.0-1.5.4 is vulnerable to a privilege escalation ...)
	- kubernetes 1.5.5+dfsg-1
	NOTE: https://github.com/kubernetes/kubernetes/issues/43459
CVE-2017-1000055
	REJECTED
CVE-2017-1000054 (Rocket.Chat version 0.8.0 and newer is vulnerable to XSS in the ...)
	NOT-FOR-US: Rocket.Chat
CVE-2017-1000053 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...)
	NOT-FOR-US: Elixir Plug
CVE-2017-1000052 (Elixir Plug before v1.0.4, v1.1.7, v1.2.3 and v1.3.2 is vulnerable to ...)
	NOT-FOR-US: Elixir Plug
CVE-2017-1000051 (Cross-site scripting (XSS) vulnerability in pad export in XWiki labs ...)
	NOT-FOR-US: XWiki labs
CVE-2017-1000049
	REJECTED
CVE-2017-1000048 (the web framework using ljharb's qs module older than v6.3.2, v6.2.3, ...)
	NOT-FOR-US: ljharb
CVE-2017-1000047 (rbenv (all current versions) is vulnerable to Directory Traversal in ...)
	- rbenv <unfixed> (bug #869702)
	[stretch] - rbenv <no-dsa> (Minor issue)
	[jessie] - rbenv <no-dsa> (Minor issue)
	[wheezy] - rbenv <no-dsa> (Minor issue)
	NOTE: https://github.com/rbenv/rbenv/issues/977
	NOTE: .ruby-version is .rbenv-version in wheezy
CVE-2017-1000046 (Mautic 2.6.1 and earlier fails to set flags on session cookies ...)
	NOT-FOR-US: Mautic
CVE-2017-1000045
	REJECTED
CVE-2017-1000043 (Mapbox.js versions 1.x prior to 1.6.6 and 2.x prior to 2.2.4 are ...)
	NOT-FOR-US: Mapbox.js
CVE-2017-1000042 (Mapbox.js versions 1.x prior to 1.6.5 and 2.x prior to 2.1.7 are ...)
	NOT-FOR-US: Mapbox.js
CVE-2017-1000039 (Framadate version 1.0 is vulnerable to Formula Injection in the CSV ...)
	NOT-FOR-US: Framadate
CVE-2017-1000038 (WordPress plugin Relevanssi version 3.5.7.1 is vulnerable to stored ...)
	NOT-FOR-US: WordPress plugin
CVE-2017-1000037 (RVM automatically loads environment variables from files in $PWD ...)
	NOT-FOR-US: RVM
CVE-2017-1000036
	REJECTED
CVE-2017-1000035 (Tiny Tiny RSS before 829d478f is vulnerable to XSS window.opener ...)
	- tt-rss 17.1+git20170410+dfsg-1
	NOTE: https://git.tt-rss.org/git/tt-rss/commit/829d478f1b054c8ce1eeb4f15170dc4a1abb3e47
CVE-2017-1000034 (Akka versions &lt;=2.4.16 and 2.5-M1 are vulnerable to a java ...)
	NOT-FOR-US: Akka
CVE-2017-1000033 (Wordpress Plugin Vospari Forms version &lt; 1.4 is vulnerable to a ...)
	NOT-FOR-US: WordPress plugin
CVE-2017-1000032 (Cross-Site scripting (XSS) vulnerabilities in Cacti 0.8.8b allow ...)
	- cacti 0.8.8b+dfsg-6
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u3
	NOTE: MITRE will not reject the entry, but the issue is already covered by the
	NOTE: patch as for CVE-2014-4002. See discussion in
	NOTE: https://github.com/distributedweaknessfiling/DWF-CVE-Database/issues/27
CVE-2017-1000031 (SQL injection vulnerability in graph_templates_inputs.php in Cacti ...)
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls)
	[wheezy] - cacti <ignored> (Minor issue, can be mitigated with Web Application Firewalls)
	NOTE: https://www.trustwave.com/Resources/Security-Advisories/Advisories/TWSL2016-007/?fid=7789
	NOTE: MITRE disagrees that this CVE is a duplicate of CVE-2014-4002 and CVE-2016-3172.
	NOTE: MITRE believes that CVE-2017-1000031 is a different vulnerability than
	NOTE: CVE-2014-4002 and CVE-2016-3172. This is because they seprate on vulnerability
	NOTE: type, so it cannot be a duplicate of CVE-2014-4002 despite sharing attack
	NOTE: vectors with this vulnerability, and covers different attack vectors than
	NOTE: CVE-2016-3172 despite sharing vulnerability type, and appears to be
	NOTE: independently fixable from said vulnerability based on the fix provided here:
	NOTE: https://github.com/Cacti/cacti/issues/866
	NOTE: According to https://github.com/Cacti/cacti/issues/866#issuecomment-316865448
	NOTE: the first issue was fixed by https://github.com/Cacti/cacti/commit/be800c9e552d2929106b576922e9693c83b4bd46
	NOTE: whereas the second issue was fixed by https://github.com/Cacti/cacti/commit/4e4dd6784adfc07b6011da999809d86a06f0f4e5
	NOTE: After the request to MITRE to reject this CVE, elbrus discovered that also
	NOTE: CVE-2015-4634 seems part of the duplication. Upstream commit 4e4dd67 was in the
	NOTE: preperation git tree for 1.x, its equivalent svn commit was used to fix
	NOTE: CVE-2015-4634 in Debian.
CVE-2017-1000030 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-1000029 (Oracle, GlassFish Server Open Source Edition 3.0.1 (build 22) is ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-1000028 (Oracle, GlassFish Server Open Source Edition 4.1 is vulnerable to both ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-1000027 (Koozali Foundation SME Server versions 8.x, 9.x, 10.x are vulnerable ...)
	NOT-FOR-US: Koozali Foundation SME Server
CVE-2017-1000026 (Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable ...)
	{DSA-3915-1}
	- ruby-mixlib-archive 0.4.1-1 (bug #868572)
	NOTE: https://github.com/chef/mixlib-archive/pull/6
	NOTE: https://github.com/chef/mixlib-archive/pull/6/commits/3a874a24aed6ee93fbccf97efe0ecc999bafe87d
CVE-2017-1000025 (GNOME Web (Epiphany) 3.23 before 3.23.5, 3.22 before 3.22.6, 3.20 ...)
	- epiphany-browser 3.22.6-1 (unimportant)
	NOTE: webkit not covered by security support
CVE-2017-1000024 (Shotwell version 0.24.4 or earlier and 0.25.3 or earlier is vulnerable ...)
	- shotwell 0.25.4+really0.24.5-0.1 (unimportant)
CVE-2017-1000023
	REJECTED
CVE-2017-1000022
	REJECTED
CVE-2017-1000021
	REJECTED
CVE-2017-1000020 (SYN Flood or FIN Flood attack in ECos 1 and other versions embedded ...)
	NOT-FOR-US: ECos
CVE-2017-1000018 (phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-7
CVE-2017-1000017 (phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-6
CVE-2017-1000016 (A weakness was discovered where an attacker can inject arbitrary ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-5
CVE-2017-1000015 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-4
CVE-2017-1000014 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-3
CVE-2017-1000013 (phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect ...)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2017-1
CVE-2017-1000012 (MySQL Dumper version 1.24 is vulnerable to stored XSS when displaying ...)
	NOT-FOR-US: MySQL Dumper
CVE-2017-1000011 (MyWebSQL version 3.6 is vulnerable to stored XSS in the database ...)
	NOT-FOR-US: MyWebSQL
CVE-2017-1000010 (Audacity version 2.1.2 is vulnerable to Dll HIjacking in the ...)
	- audacity <not-affected> (Specific to Windows packaging)
CVE-2017-1000009 (Akeneo PIM CE and EE &lt;1.6.6, &lt;1.5.15, &lt;1.4.28 are vulnerable to shell ...)
	NOT-FOR-US: Akeneo PIM
CVE-2017-1000008 (Chyrp Lite version 2016.04 is vulnerable to a CSRF in the user ...)
	NOT-FOR-US: Chyrp Lite
CVE-2017-1000007 (txAWS (all current versions) fail to perform complete certificate ...)
	NOT-FOR-US: txAWS
CVE-2017-1000006 (Plotly, Inc. plotly.js versions prior to 1.16.0 are vulnerable to an ...)
	NOT-FOR-US: plotly.js (different from the plotly Python package)
CVE-2017-1000005 (PHPMiniAdmin version 1.9.160630 is vulnerable to stored XSS in the ...)
	NOT-FOR-US: PHPMiniAdmin
CVE-2017-1000004 (ATutor version 2.2.1 and earlier are vulnerable to a SQL injection in ...)
	NOT-FOR-US: ATutor
CVE-2017-1000003 (ATutor versions 2.2.1 and earlier are vulnerable to an incorrect ...)
	NOT-FOR-US: ATutor
CVE-2017-1000002 (ATutor versions 2.2.1 and earlier are vulnerable to a directory ...)
	NOT-FOR-US: ATutor
CVE-2017-1000001 (FedMsg 0.18.1 and older is vulnerable to a message validation flaw ...)
	- fedmsg <removed> (bug #868508)
	[jessie] - fedmsg <no-dsa> (Minor issue)
	NOTE: https://github.com/fedora-infra/fedmsg/commit/5c21cf88a
CVE-2017-11141 (The ReadMATImage function in coders\mat.c in ImageMagick 7.0.5-6 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #868264)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/469
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/353b942bd83da7e1356ba99c942848bd1871ee9f
CVE-2017-11140 (The ReadJPEGImage function in coders/jpeg.c in GraphicsMagick 1.3.26 ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-3 (low)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b4139088b49a
CVE-2017-11139 (GraphicsMagick 1.3.26 has double free vulnerabilities in the ...)
	- graphicsmagick 1.3.26-2 (low)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code for CVE-2017-11102 not applied in Wheezy)
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
CVE-2017-11138
	RESERVED
CVE-2017-11137
	RESERVED
CVE-2017-11136 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11135 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11134 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11133 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11132 (An issue was discovered in heinekingmedia StashCat before 1.5.18 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11131 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11130 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11129 (An issue was discovered in heinekingmedia StashCat through 1.7.5 for ...)
	NOT-FOR-US: heinekingmedia StashCat
CVE-2017-11128 (Bolt CMS 3.2.14 allows stored XSS via text input, as demonstrated by ...)
	NOT-FOR-US: Bolt CMS
CVE-2017-11127 (Bolt CMS 3.2.14 allows stored XSS by uploading an SVG document with a ...)
	NOT-FOR-US: Bolt CMS
CVE-2017-11126 (The III_i_stereo function in libmpg123/layer3.c in mpg123 through ...)
	- mpg123 1.25.3-1 (unimportant)
	NOTE: no security impact
CVE-2017-11125 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the ...)
	- xar <removed>
CVE-2017-11124 (libxar.so in xar 1.6.1 has a NULL pointer dereference in the ...)
	- xar <removed>
CVE-2017-11123
	RESERVED
CVE-2017-11122 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56, an attacker can ...)
	NOT-FOR-US: Broadcom
CVE-2017-11121 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, ...)
	NOT-FOR-US: Broadcom
CVE-2017-11120 (On Broadcom BCM4355C0 Wi-Fi chips 9.44.78.27.0.1.56 and other chips, ...)
	NOT-FOR-US: Broadcom
CVE-2017-11119 (The chk_mem_access function in cpu/nes6502/nes6502.c in libnosefart.a ...)
	- xine-lib-1.2 <not-affected> (it is built with --disable-nosefart)
	- xine-lib <not-affected> (it is built with --disable-nosefart)
	NOTE: https://sourceforge.net/p/nosefart/bugs/6/
CVE-2017-11118 (The ExifImageFile::readImage function in ExifImageFileRead.cpp in ...)
	NOT-FOR-US: OpenExif
CVE-2017-11117 (The ExifImageFile::readDHT function in ExifImageFileRead.cpp in ...)
	NOT-FOR-US: OpenExif
CVE-2017-11116 (The ExifImageFile::readDQT function in ExifImageFileRead.cpp in ...)
	NOT-FOR-US: OpenExif
CVE-2017-11115 (The ExifJpegHUFFTable::deriveTable function in ExifHuffmanTable.cpp in ...)
	NOT-FOR-US: OpenExif
CVE-2017-11114 (The put_chars function in html_r.c in Twibright Links 2.14 allows ...)
	- links2 2.14-3 (unimportant; bug #870299)
	NOTE: PoC: http://seclists.org/fulldisclosure/2017/Jul/76
CVE-2017-11527 (The ReadDPXImage function in coders/dpx.c in ImageMagick before 6.9.9-0 ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867812)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/523
CVE-2017-11528 (The ReadDIBImage function in coders/dib.c in ImageMagick before 6.9.9-0 ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867811)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/522
CVE-2017-11525 (The ReadCINImage function in coders/cin.c in ImageMagick before 6.9.9-0 ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867810)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/519
CVE-2017-11188 (The ReadDPXImage function in coders\dpx.c in ImageMagick 7.0.6-0 has a ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867806)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/509
CVE-2017-11113 (In ncurses 6.0, there is a NULL Pointer Dereference in the ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464691
CVE-2017-11112 (In ncurses 6.0, there is an attempted 0xffffffffffffffff access in the ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464686
CVE-2017-11111 (In Netwide Assembler (NASM) 2.14rc0, preproc.c allows remote attackers ...)
	{DLA-1041-1}
	- nasm 2.13.02-0.1 (bug #867988)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392415
CVE-2017-11110 (The ole_init function in ole.c in catdoc 0.95 allows remote attackers ...)
	{DSA-3917-1 DLA-1037-1}
	- catdoc 1:0.95-3 (bug #867717)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468471
CVE-2017-11109 (Vim 8.0 allows attackers to cause a denial of service (invalid free) or ...)
	{DLA-1030-1}
	- vim 2:8.0.0197-5 (low; bug #867720)
	[stretch] - vim 2:8.0.0197-4+deb9u1
	[jessie] - vim <postponed> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468492
CVE-2017-11108 (tcpdump 4.9.0 allows remote attackers to cause a denial of service ...)
	{DSA-3971-1 DLA-1090-1}
	- tcpdump 4.9.1-1 (bug #867718)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1468504
	NOTE: Proposed patch: https://github.com/the-tcpdump-group/tcpdump/pull/617
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/d9e65de3d94698ec90dbca42962a30dd2f0680e1 (4.9.1)
CVE-2017-11107 (phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the ...)
	{DLA-1019-1}
	- phpldapadmin <unfixed> (bug #867719)
	[jessie] - phpldapadmin <no-dsa> (Minor issue)
	NOTE: https://github.com/leenooks/phpLDAPadmin/issues/50
	NOTE: https://bugs.launchpad.net/ubuntu/+source/phpldapadmin/+bug/1701731
CVE-2017-11106
	RESERVED
CVE-2017-11105 (The OnePlus 2 Primary Bootloader (PBL) does not validate the SBL1 ...)
	NOT-FOR-US: OnePlus
CVE-2017-1000050 (JasPer 2.0.12 is vulnerable to a NULL pointer exception in the ...)
	- jasper <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/06/1
	NOTE: https://github.com/mdadams/jasper/issues/120
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/58ba0365d911b9f9dd68e9abf826682c0b4f2293
CVE-2017-1002024 (Vulnerability in web application Kind Editor v4.1.12, ...)
	NOT-FOR-US: kindeditor
CVE-2017-11103 (Heimdal before 7.4 allows remote attackers to impersonate services with ...)
	{DSA-3912-1 DSA-3909-1 DLA-1027-1}
	- heimdal 7.4.0.dfsg.1-1 (bug #868208)
	- samba 2:4.6.5+dfsg-4 (bug #868209)
	[wheezy] - samba <not-affected> (Heimdal is only used in 4.x, wheezy ships 3.6.6)
	- samba4 <removed>
	[wheezy] - samba4 <not-affected> (dynamically linked against system heimdal)
	NOTE: https://orpheus-lyre.info/
	NOTE: https://github.com/heimdal/heimdal/commit/6dd3eb836bbb80a00ffced4ad57077a1cdf227ea
	NOTE: samba's source package embeds heimdal but the binary is statically linked to src:heimdal
	NOTE: https://www.samba.org/samba/security/CVE-2017-11103.html
	NOTE: Upstream Samba Bug: https://bugzilla.samba.org/show_bug.cgi?id=12894
CVE-2017-11102 (The ReadOneJNGImage function in coders/png.c in GraphicsMagick 1.3.26 ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-2 (bug #867746)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/d445af60a8d5
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/dea93a690fc1
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/4d0baa77245b
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e8f859704230
CVE-2017-11101 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...)
	- swftools <unfixed> (unimportant; bug #871022)
	NOTE: https://github.com/matthiaskramm/swftools/issues/26
CVE-2017-11100 (When SWFTools 0.9.2 processes a crafted file in swfextract, it can lead ...)
	- swftools <unfixed> (unimportant; bug #871024)
	NOTE: https://github.com/matthiaskramm/swftools/issues/27
CVE-2017-11099 (When SWFTools 0.9.2 processes a crafted file in wav2swf, it can lead to ...)
	- swftools <unfixed> (unimportant; bug #871018)
	NOTE: https://github.com/matthiaskramm/swftools/issues/31
CVE-2017-11098 (When SWFTools 0.9.2 processes a crafted file in png2swf, it can lead to ...)
	- swftools <unfixed> (unimportant; bug #871020)
	NOTE: https://github.com/matthiaskramm/swftools/issues/32
CVE-2017-11097 (When SWFTools 0.9.2 processes a crafted file in swfc, it can lead to a ...)
	- swftools <unfixed> (unimportant; bug #871025)
	NOTE: https://github.com/matthiaskramm/swftools/issues/24
CVE-2017-11096 (When SWFTools 0.9.2 processes a crafted file in swfcombine, it can lead ...)
	- swftools <unfixed> (unimportant; bug #871026)
	NOTE: https://github.com/matthiaskramm/swftools/issues/25
CVE-2017-11095
	RESERVED
CVE-2017-11094
	RESERVED
CVE-2017-11093 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11092 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11091 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11090 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11089 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11088
	RESERVED
CVE-2017-11087 (libOmxVenc in Android for MSM, Firefox OS for MSM, and QRD Android ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-11086
	RESERVED
CVE-2017-11085 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11084
	RESERVED
CVE-2017-11083
	RESERVED
CVE-2017-11082 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11081 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11080 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11079 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11078
	RESERVED
CVE-2017-11077
	RESERVED
CVE-2017-11076
	RESERVED
CVE-2017-11075 (In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11074 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11073 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11072 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: HTC component for Android
CVE-2017-11071
	RESERVED
CVE-2017-11070
	RESERVED
CVE-2017-11069 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11068
	RESERVED
CVE-2017-11067 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11066 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11065
	RESERVED
CVE-2017-11064 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11063 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11062 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11061 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11060 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11059 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11058 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11057 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11056 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11055 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11054 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11053 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11052 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11051 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11050 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11049 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11048 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11047 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11046 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11045 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11044 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11043 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11042 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11041 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11040 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11039
	RESERVED
CVE-2017-11038 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11037
	RESERVED
CVE-2017-11036
	RESERVED
CVE-2017-11035 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11034
	RESERVED
CVE-2017-11033 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11032 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11031 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11030 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11029 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11028 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android
CVE-2017-11027 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11026 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11025 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11024 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11023 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11022 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11021
	RESERVED
CVE-2017-11020
	RESERVED
CVE-2017-11019 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11018 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11017 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11016 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11015 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11014 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11013 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11012 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11011 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11010 (In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11009
	RESERVED
CVE-2017-11008
	RESERVED
CVE-2017-11007 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11006 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11005 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm closed-source components for Android
CVE-2017-11004
	RESERVED
CVE-2017-11003 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-11002 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11001 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-11000 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10999 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10998 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10997 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10996 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-10995 (The mng_get_long function in coders/png.c in ImageMagick 7.0.6-0 allows ...)
	{DSA-4204-1 DLA-1081-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #867748)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/538
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/24430226caf7eb468b4180f2883b2563e8cc1b23
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1fdc09dc8f9522f07f5f501fe8453765ad82556c
	NOTE: The second commit is not security sensitive relevant, cf.
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/538#issuecomment-317047977
CVE-2017-10994 (Foxit Reader before 8.3.1 and PhantomPDF before 8.3.1 have an Arbitrary ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10993 (Contao before 3.5.28 and 4.x before 4.4.1 allows remote attackers to ...)
	NOT-FOR-US: Contao
CVE-2017-10992
	RESERVED
CVE-2017-10991 (The WP Statistics plugin through 12.0.9 for WordPress has XSS in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-10990
	RESERVED
CVE-2017-10989 (The getNodeSize function in ext/rtree/rtree.c in SQLite through ...)
	{DLA-1018-1}
	- sqlite3 3.19.3-3 (bug #867618)
	[stretch] - sqlite3 3.16.2-5+deb9u1
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://sqlite.org/src/vpatch?from=0db20efe201736b3&to=66de6f4a9504ec26
	NOTE: https://sqlite.org/src/info/66de6f4a
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sqlite3/+bug/1700937
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=2405
	NOTE: http://marc.info/?l=sqlite-users&m=149933696214713&w=2
CVE-2017-10988
	REJECTED
CVE-2017-10987 (An FR-GV-304 issue in FreeRADIUS 3.x before 3.0.15 allows &quot;DHCP - ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-304
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/19a18bf7c8af649c9e9742fb6a046f6aff639866
CVE-2017-10986 (An FR-GV-303 issue in FreeRADIUS 3.x before 3.0.15 allows &quot;DHCP - ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-303
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/21e2e95751bfb54c0fb0328392d06671a75c191c
CVE-2017-10985 (An FR-GV-302 issue in FreeRADIUS 3.x before 3.0.15 allows &quot;Infinite ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-302
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/6726c16549b131ed39f6f8886cdf5d9d922a9a97
CVE-2017-10984 (An FR-GV-301 issue in FreeRADIUS 3.x before 3.0.15 allows &quot;Write ...)
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	[stretch] - freeradius 3.0.12+dfsg-5+deb9u1
	[jessie] - freeradius <not-affected> (Only affects 3.x series)
	[wheezy] - freeradius <not-affected> (Only affects 3.x series)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-301
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/931850e5d2f65193520c2d9c9878148c0cdc16a6
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/4b059296e14b6ab75dc17163077490528a819806
CVE-2017-10983 (An FR-GV-206 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before ...)
	{DSA-3930-1 DLA-1064-1}
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-206
	NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/ec08b30f87066f82073d02fab57e8ffeef81373d
	NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/5759b20af99af6d30924f0efd8da5eac2a17163d
CVE-2017-10982 (An FR-GV-205 issue in FreeRADIUS 2.x before 2.2.10 allows &quot;DHCP - ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-205
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/10b6de9345c9e0d9d4d5e0426fa5c3d68d702875
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10981 (An FR-GV-204 issue in FreeRADIUS 2.x before 2.2.10 allows &quot;DHCP - ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-204
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/812766e2150faa07b4c574e51393b014feaffe6c
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10980 (An FR-GV-203 issue in FreeRADIUS 2.x before 2.2.10 allows &quot;DHCP - ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-203
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ef0727fc68e211a36637b5c4e4a6fa1326f0a029
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10979 (An FR-GV-202 issue in FreeRADIUS 2.x before 2.2.10 allows &quot;Write ...)
	{DLA-1064-1}
	- freeradius 3.0.12+dfsg-3
	[jessie] - freeradius 2.2.5+dfsg-0.2+deb8u1
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-202
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/ae3ba0011e7d299e92c45300e0137a56a650e8f5
	NOTE: Mark as fixed in 3.0.12+dfsg-3 the first 3.x version in unstable
	NOTE: This is not fully technically correct, the issue affects only the 2.x
	NOTE: series but not 3.x.
CVE-2017-10978 (An FR-GV-201 issue in FreeRADIUS 2.x before 2.2.10 and 3.x before ...)
	{DSA-3930-1 DLA-1064-1}
	- freeradius 3.0.15+dfsg-1 (bug #868765)
	NOTE: http://freeradius.org/security/fuzzer-2017.html#FR-GV-201
	NOTE: 2.x: https://github.com/FreeRADIUS/freeradius-server/commit/38ee90f2a5a28dc5887a30bdfdc98109c0418e68
	NOTE: 3.x: https://github.com/FreeRADIUS/freeradius-server/commit/fc8662d7e827f630d515eaa0bddfa94754c8047f
CVE-2017-1000082 (systemd v233 and earlier fails to safely parse usernames starting with ...)
	- systemd 234-1 (unimportant)
	[jessie] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
	[wheezy] - systemd <not-affected> (Vulnerable code introduced in systemd-229)
	NOTE: https://github.com/systemd/systemd/issues/6237
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/bb28e68477a3a39796e4999a6cbc6ac6345a9159
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/02/1
CVE-2017-10977
	RESERVED
CVE-2017-10976 (When SWFTools 0.9.2 processes a crafted file in ttftool, it can lead to ...)
	- swftools <unfixed> (unimportant)
	NOTE: ttftool not shipped in Debian package
CVE-2017-10975 (Cross-site scripting (XSS) vulnerability in Lutim before 0.8 might ...)
	NOT-FOR-US: Lutim
CVE-2017-10974 (Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP ...)
	- yaws 1.91-2
	NOTE: Slightly different, additional CVE assignment which MITRE insists on, but fixed by the
	NOTE: original patch for CVE-2011-4350
CVE-2017-10973 (In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php ...)
	NOT-FOR-US: FineCMS
CVE-2017-10970 (Cross-site scripting (XSS) vulnerability in link.php in Cacti 1.1.12 ...)
	- cacti 1.1.12+ds1-1 (bug #867532)
	[stretch] - cacti <not-affected> (Vulnerable code introduced later)
	[jessie] - cacti <not-affected> (Vulnerable code introduced later)
	[wheezy] - cacti <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/Cacti/cacti/issues/838
	NOTE: https://github.com/Cacti/cacti/commit/3381cba6a9e36b01ed0ab0acfd41b00487966cb5
CVE-2017-11147 (In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler ...)
	{DLA-1034-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73773
	NOTE: Fixed in 7.1.1, 7.0.15, 5.6.30
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=e5246580a85f031e1a3b8064edbaa55c1643a451
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2016-10397 (In PHP before 5.6.28 and 7.x before 7.0.13, incorrect handling of ...)
	{DLA-1034-1}
	- php7.1 <not-affected> (Fixed with initial upload to unstable)
	- php7.0 7.0.13-1
	- php5 <removed>
	[jessie] - php5 5.6.28+dfsg-0+deb8u1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=73192
	NOTE: Fixed in 7.1.0, 7.0.13, 5.6.28
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=b061fa909de77085d3822a89ab901b934d0362c4
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11144 (In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the ...)
	{DSA-4081-1 DSA-4080-1 DLA-1034-1}
	- php7.1 7.1.8-1
	- php7.0 7.0.22-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74651
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=89637c6b41b510c20d262c17483f582f115c66d6
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=73cabfedf519298e1a11192699f44d53c529315e
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=91826a311dd37f4c4e5d605fa7af331e80ddd4c3
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11143 (In PHP before 5.6.31, an invalid free in the WDDX deserialization of ...)
	{DSA-4081-1 DLA-1034-1}
	- php7.1 <not-affected> (Only affected 5.6)
	- php7.0 <not-affected> (Only affected 5.6)
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74145
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2aae60461c2ff7b7fbcdd194c789ac841d0747d7
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f269cdcd4f76accbecd03884f327cffb9a7f1ca9
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-11142 (In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3, remote ...)
	{DSA-4081-1}
	- php7.1 7.1.3+-1
	- php7.0 7.0.17-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (vulnerable code not present)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73807
	NOTE: Fixed in 7.1.3, 7.0.17, 5.6.31
	NOTE: https://github.com/php/php-src/commit/a15bffd105ac28fd0dd9b596632dbf035238fda3
	NOTE: https://github.com/php/php-src/commit/0f8cf3b8497dc45c010c44ed9e96518e11e19fc3
	NOTE: http://openwall.com/lists/oss-security/2017/07/10/6
CVE-2017-10972 (Uninitialized data in endianness conversion in the XEvent handling of ...)
	{DSA-3905-1 DLA-1026-1}
	- xorg-server 2:1.19.3-2 (bug #867492)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=05442de962d3dc624f79fc1a00eca3ffc5489ced
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10971 (In the X.Org X server before 2017-06-19, a user authenticated to an X ...)
	{DSA-3905-1 DLA-1026-1}
	- xorg-server 2:1.19.3-2 (bug #867492)
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=ba336b24052122b136486961c82deac76bbde455
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=8caed4df36b1f802b4992edcfd282cbeeec35d9d
	NOTE: https://cgit.freedesktop.org/xorg/xserver/commit/?id=215f894965df5fb0bb45b107d84524e700d2073c
	NOTE: http://www.openwall.com/lists/oss-security/2017/07/06/6
CVE-2017-10969
	RESERVED
CVE-2017-10968 (In FineCMS through 2017-07-07, application\core\controller\template.php ...)
	NOT-FOR-US: FineCMS
CVE-2017-10967 (In FineCMS before 2017-07-06, application\core\controller\config.php ...)
	NOT-FOR-US: FineCMS
CVE-2017-10966 (An issue was discovered in Irssi before 1.0.4. While updating the ...)
	{DLA-1089-1}
	- irssi 1.0.4-1 (low; bug #867598)
	[stretch] - irssi 1.0.2-1+deb9u2
	[jessie] - irssi 0.8.17-1+deb8u5
	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
CVE-2017-10965 (An issue was discovered in Irssi before 1.0.4. When receiving messages ...)
	{DLA-1089-1}
	- irssi 1.0.4-1 (low; bug #867598)
	[stretch] - irssi 1.0.2-1+deb9u2
	[jessie] - irssi 0.8.17-1+deb8u5
	NOTE: https://irssi.org/security/irssi_sa_2017_07.txt
	NOTE: https://github.com/irssi/irssi/commit/5e26325317c72a04c1610ad952974e206384d291
CVE-2017-10964
	RESERVED
CVE-2017-10963 (In Knox SDS IAM (Identity Access Management) and EMM (Enterprise ...)
	NOT-FOR-US: Samsung
CVE-2017-10962 (REDCap before 7.5.1 has XSS via the query string. ...)
	NOT-FOR-US: REDCap
CVE-2017-10961 (REDCap before 7.5.1 has CSRF in the deletion feature of the File ...)
	NOT-FOR-US: REDCap
CVE-2017-10960
	RESERVED
CVE-2017-10959 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10958 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10957 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10956 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10955 (** DISPUTED ** This vulnerability allows remote attackers to execute ...)
	NOT-FOR-US: EMC
CVE-2017-10954 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Bitdefender Internet Security Internet Security 2018
CVE-2017-10953 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10952 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10951 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10950 (This vulnerability allows local attackers to execute arbitrary code on ...)
	NOT-FOR-US: Bitdefender Total Security
CVE-2017-10949 (Directory Traversal in Dell Storage Manager 2016 R2.1 causes ...)
	NOT-FOR-US: Dell Storage Manager
CVE-2017-10948 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10947 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10946 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10945 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10944 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10943 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10942 (This vulnerability allows remote attackers to disclose sensitive ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10941 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-10940 (This vulnerability allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Joyent
CVE-2017-10939
	REJECTED
CVE-2017-10938
	REJECTED
CVE-2017-10937
	RESERVED
CVE-2017-10936
	RESERVED
CVE-2017-10935
	RESERVED
CVE-2017-10934
	RESERVED
CVE-2017-10933 (All versions prior to V2.06.00.00 of ZTE ZXDT22 SF01, an monitoring ...)
	NOT-FOR-US: ZTE ZXDT22 SF01
CVE-2017-10932 (All versions prior to V12.17.20 of the ZTE Microwave NR8000 series ...)
	NOT-FOR-US: ZTE Microwave
CVE-2017-10931 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts the download ...)
	NOT-FOR-US: ZXR10 1800-2S
CVE-2017-10930 (The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a ...)
	NOT-FOR-US: ZXR10 1800-2S
CVE-2016-10396 (The racoon daemon in IPsec-Tools 0.8.2 contains a remotely exploitable ...)
	{DLA-1044-1}
	- ipsec-tools 1:0.8.2+20140711-9 (bug #867986)
	[stretch] - ipsec-tools 1:0.8.2+20140711-8+deb9u1
	[jessie] - ipsec-tools <no-dsa> (Will be fixed via point release)
	NOTE: NetBSD applied patch: http://cvsweb.netbsd.org/bsdweb.cgi/src/crypto/dist/ipsec-tools/src/racoon/isakmp_frag.c.diff?r1=1.5&r2=1.5.36.1
	NOTE: NetBSD Problem report: https://gnats.netbsd.org/cgi-bin/query-pr-single.pl?number=51682
	NOTE: Patch disputed, cf. https://bugzilla.novell.com/show_bug.cgi?id=1047443#c1
	NOTE: Updated patch: https://anonscm.debian.org/cgit/pkg-ipsec-tools/pkg-ipsec-tools.git/plain/debian/patches/CVE-2016-10396.patch?id=62ac12648a4eb7c5ba5dba0f81998d1acf310d8b
CVE-2017-10929 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
	{DLA-1016-1}
	- radare2 1.6.0+dfsg-1 (low; bug #867369)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7855
	NOTE: https://github.com/radare/radare2/commit/c57997e76ec70862174a1b3b3aeb62a6f8570e85
CVE-2017-10928 (In ImageMagick 7.0.6-0, a heap-based buffer over-read in the ...)
	{DSA-3914-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #867367)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/539
CVE-2017-10927
	RESERVED
CVE-2017-10926 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-10925 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 might allow attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-10924 (IrfanView 4.44 (32bit) with FPX Plugin 4.47 allows attackers to execute ...)
	NOT-FOR-US: IrfanView
CVE-2017-10910 (MQTT.js 2.x.x prior to 2.15.0 issue in handling PUBLISH tickets may ...)
	- node-mqtt <itp> (bug #816028)
CVE-2017-10909 (Untrusted search path vulnerability in Music Center for PC version ...)
	NOT-FOR-US: Music Center for PC
CVE-2017-10908 (H2O version 2.2.3 and earlier allows remote attackers to cause a ...)
	- h2o 2.2.4+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1544
CVE-2017-10907 (Directory traversal vulnerability in OneThird CMS Show Off v1.85 and ...)
	NOT-FOR-US: OneThird CMS Show Off
CVE-2017-10906 (Escape sequence injection vulnerability in Fluentd versions 0.12.29 ...)
	NOT-FOR-US: Fluentd
CVE-2017-10905 (A vulnerability in applications created using Qt for Android prior to ...)
	NOT-FOR-US: Qt for Android
CVE-2017-10904 (Qt for Android prior to 5.9.0 allows remote attackers to execute ...)
	NOT-FOR-US: Qt for Android
CVE-2017-10903 (Improper authentication issue in PTW-WMS1 firmware version 2.000.012 ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10902 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to execute ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10901 (Buffer overflow in PTW-WMS1 firmware version 2.000.012 allows remote ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10900 (PTW-WMS1 firmware version 2.000.012 allows remote attackers to bypass ...)
	NOT-FOR-US: PTW-WMS1 firmware
CVE-2017-10899 (SQL injection vulnerability in the A-Reserve and A-Reserve for MT ...)
	NOT-FOR-US: A-Reserve
CVE-2017-10898 (SQL injection vulnerability in the A-Member and A-Member for MT cloud ...)
	NOT-FOR-US: A-Member
CVE-2017-10897 (Input validation issue in Buffalo BBR-4HG and and BBR-4MG broadband ...)
	NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers
CVE-2017-10896 (Cross-site scripting vulnerability in Buffalo BBR-4HG and and BBR-4MG ...)
	NOT-FOR-US: Buffalo BBR-4HG and and BBR-4MG broadband routers
CVE-2017-10895 (sDNSProxy.exe ver1.1.0.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: sDNSProxy
CVE-2017-10894 (StreamRelay.NET.exe ver2.14.0.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: StreamRelay.NET
CVE-2017-10893 (Untrusted search path vulnerability in The Public Certification ...)
	NOT-FOR-US: The Public Certification Service for Individuals
CVE-2017-10892 (Untrusted search path vulnerability in Music Center for PC version ...)
	NOT-FOR-US: Music Center for PC
CVE-2017-10891 (Untrusted search path vulnerability in Media Go version 3.2.0.191 and ...)
	NOT-FOR-US: Media Go
CVE-2017-10890 (Session management issue in RX-V200 firmware versions prior to ...)
	NOT-FOR-US: RX-V200 firmware
CVE-2017-10889 (TablePress prior to version 1.8.1 allows an attacker to conduct XML ...)
	NOT-FOR-US: TablePress
CVE-2017-10888 (BOOK WALKER for Windows Ver.1.2.9 and earlier, BOOK WALKER for Mac ...)
	NOT-FOR-US: BOOK WALKER
CVE-2017-10887 (Untrusted search path vulnerability in BOOK WALKER for Windows ...)
	NOT-FOR-US: BOOK WALKER
CVE-2017-10886 (Cross-site scripting vulnerability in CS-Cart Japanese Edition v4.3.10 ...)
	NOT-FOR-US: CS-Cart
CVE-2017-10885 (Untrusted search path vulnerability in HYPER SBI Ver. 2.2 and earlier ...)
	NOT-FOR-US: HYPER SBI
CVE-2017-10884
	RESERVED
CVE-2017-10883
	RESERVED
CVE-2017-10882
	RESERVED
CVE-2017-10881
	RESERVED
CVE-2017-10880
	RESERVED
CVE-2017-10879
	RESERVED
CVE-2017-10878
	RESERVED
CVE-2017-10877
	RESERVED
CVE-2017-10876
	RESERVED
CVE-2017-10875 (I-O DATA DEVICE LAN DISK Connect Ver2.02 and earlier allows an ...)
	NOT-FOR-US: I-O DATA DEVICE LAN DISK Connect
CVE-2017-10874 (PWR-Q200 does not use random values for source ports of DNS query ...)
	NOT-FOR-US: PWR-Q200
CVE-2017-10873 (OpenAM (Open Source Edition) allows an attacker to bypass ...)
	NOT-FOR-US: OpenAM
CVE-2017-10872 (H2O version 2.2.3 and earlier allows remote attackers to cause a ...)
	- h2o 2.2.4+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1543
CVE-2017-10871 (Buffer overflow in NTT DOCOMO Wi-Fi STATION L-02F Software version ...)
	NOT-FOR-US: NTT DOCOMO Wi-Fi STATION L-02F Software
CVE-2017-10870 (Memory corruption vulnerability in Rakuraku Hagaki (Rakuraku Hagaki ...)
	NOT-FOR-US: Rakuraku Hagaki
CVE-2017-10869 (Buffer overflow in H2O version 2.2.2 and earlier allows remote ...)
	- h2o 2.2.3+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1460
CVE-2017-10868 (H2O version 2.2.2 and earlier allows remote attackers to cause a ...)
	- h2o 2.2.3+dfsg-1 (medium)
	NOTE: https://github.com/h2o/h2o/issues/1459
CVE-2017-10867
	RESERVED
CVE-2017-10866
	RESERVED
CVE-2017-10865 (Untrusted search path vulnerability in HIBUN Confidential File ...)
	NOT-FOR-US: HIBUN Confidential File Decryption
CVE-2017-10864 (Untrusted search path vulnerability in Installer of HIBUN Confidential ...)
	NOT-FOR-US: HIBUN Confidential File Decryption
CVE-2017-10863 (Untrusted search path vulnerability in HIBUN Confidential File ...)
	NOT-FOR-US: HIBUN Confidential File Decryption
CVE-2017-10862 (jwt-scala 1.2.2 and earlier fails to verify token signatures correctly ...)
	NOT-FOR-US: jwt-scala
CVE-2017-10861 (Directory traversal vulnerability in QND Advance/Standard allows an ...)
	NOT-FOR-US: QND Advance/Standard
CVE-2017-10860 (Untrusted search path vulnerability in &quot;i-filter 6.0 installer&quot; ...)
	NOT-FOR-US: i-filter 6.0 installer
CVE-2017-10859 (Untrusted search path vulnerability in &quot;i-filter 6.0 installer&quot; ...)
	NOT-FOR-US: i-filter 6.0 installer
CVE-2017-10858 (Untrusted search path vulnerability in &quot;i-filter 6.0 install program&quot; ...)
	NOT-FOR-US: i-filter 6.0 install program
CVE-2017-10857 (Cybozu Office 10.0.0 to 10.6.1 allows authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2017-10856 (SEIL/X 4.60 to 5.72, SEIL/B1 4.60 to 5.72, SEIL/x86 3.20 to 5.72, ...)
	NOT-FOR-US: SEIL
CVE-2017-10855 (Untrusted search path vulnerability in FENCE-Explorer for Windows ...)
	NOT-FOR-US: FENCE-Explorer for Windows
CVE-2017-10854 (Corega CG-WGR1200 firmware 2.20 and earlier allows an attacker to ...)
	NOT-FOR-US: Corega CG-WGR1200 firmware
CVE-2017-10853 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...)
	NOT-FOR-US: Corega CG-WGR1200 firmware
CVE-2017-10852 (Buffer overflow in Corega CG-WGR1200 firmware 2.20 and earlier allows ...)
	NOT-FOR-US: Corega CG-WGR1200 firmware
CVE-2017-10851 (Untrusted search path vulnerability in Installer for ContentsBridge ...)
	NOT-FOR-US: Installer for ContentsBridge Utility for Windows
CVE-2017-10850 (Untrusted search path vulnerability in Installers of ART EX Driver for ...)
	NOT-FOR-US: Various installer for Drivers for ApeosPort-VI and DocuCentre-VI products
CVE-2017-10849 (Untrusted search path vulnerability in Self-extracting document ...)
	NOT-FOR-US: DocuWorks
CVE-2017-10848 (Untrusted search path vulnerability in Installers for DocuWorks 8.0.7 ...)
	NOT-FOR-US: Installers for DocuWorks
CVE-2017-10847
	RESERVED
CVE-2017-10846 (Wi-Fi STATION L-02F Software version V10b and earlier allows remote ...)
	NOT-FOR-US: Wi-Fi STATION L-02F Software
CVE-2017-10845 (Wi-Fi STATION L-02F Software version V10g and earlier allows remote ...)
	NOT-FOR-US: Wi-Fi STATION L-02F Software
CVE-2017-10844 (baserCMS 3.0.14 and earlier, 4.0.5 and earlier allows an attacker to ...)
	NOT-FOR-US: baserCMS
CVE-2017-10843 (baserCMS version 3.0.14 and earlier, 4.0.5 and earlier allows remote ...)
	NOT-FOR-US: baserCMS
CVE-2017-10842 (SQL injection vulnerability in the baserCMS 3.0.14 and earlier, 4.0.5 ...)
	NOT-FOR-US: baserCMS
CVE-2017-10841 (Directory traversal vulnerability in WebCalendar 1.2.7 and earlier ...)
	- webcalendar <removed>
CVE-2017-10840 (Cross-site scripting vulnerability in WebCalendar 1.2.7 and earlier ...)
	- webcalendar <removed>
CVE-2017-10839 (SQL injection vulnerability in the SEO Panel prior to version 3.11.0 ...)
	NOT-FOR-US: SEO Panel
CVE-2017-10838 (Cross-site scripting vulnerability in SEO Panel prior to version ...)
	NOT-FOR-US: SEO Panel
CVE-2017-10837 (Cross-site scripting vulnerability in BackupGuard prior to version ...)
	NOT-FOR-US: BackupGuard
CVE-2017-10836 (Untrusted search path vulnerability in Optimal Guard 1.1.21 and ...)
	NOT-FOR-US: Optimal Guard
CVE-2017-10835 (&quot;Dokodemo eye Smart HD&quot; SCR02HD Firmware 1.0.3.1000 and earlier allows ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10834 (Directory traversal vulnerability in &quot;Dokodemo eye Smart HD&quot; SCR02HD ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10833 (&quot;Dokodemo eye Smart HD&quot; SCR02HD Firmware 1.0.3.1000 and earlier allows ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10832 (&quot;Dokodemo eye Smart HD&quot; SCR02HD Firmware 1.0.3.1000 and earlier allows ...)
	NOT-FOR-US: "Dokodemo eye Smart HD" SCR02HD Firmware
CVE-2017-10831 (Untrusted search path vulnerability in The electronic authentication ...)
	NOT-FOR-US: The CRCA user's Software system
CVE-2017-10830 (Untrusted search path vulnerability in Security Setup Tool all ...)
	NOT-FOR-US: Security Setup Tool
CVE-2017-10829 (Untrusted search path vulnerability in Remote Support Tool (Enkaku ...)
	NOT-FOR-US: Remote Support Tool (Enkaku Support Tool)
CVE-2017-10828 (Untrusted search path vulnerability in Flets Install Tool all versions ...)
	NOT-FOR-US: Flets Install Tool
CVE-2017-10827 (Untrusted search path vulnerability in Flets Azukeru for Windows Auto ...)
	NOT-FOR-US: Flets Azukeru for Windows Auto Backup Tool
CVE-2017-10826 (Untrusted search path vulnerability in Security Kinou Mihariban ...)
	NOT-FOR-US: Security Kinou Mihariban
CVE-2017-10825 (Untrusted search path vulnerability in Installer of Flets Easy Setup ...)
	NOT-FOR-US: Installer of Flets Easy Setup Tool
CVE-2017-10824 (Untrusted search path vulnerability in TDB CA TypeA use software ...)
	NOT-FOR-US: TDB CA TypeA use software
CVE-2017-10823 (Untrusted search path vulnerability in Installer for Shin Kinkyuji ...)
	NOT-FOR-US: Installer for Shin Kinkyuji Houkoku Data Nyuryoku Program
CVE-2017-10822 (Untrusted search path vulnerability in Installer for Shin Sekiyu Yunyu ...)
	NOT-FOR-US: Installer for Shin Sekiyu Yunyu Chousa Houkoku Data Nyuryoku Program
CVE-2017-10821 (Untrusted search path vulnerability in Installer for Shin Kikan Toukei ...)
	NOT-FOR-US: Installer for Shin Kikan Toukei Houkoku Data Nyuryokuyou Program
CVE-2017-10820 (Untrusted search path vulnerability in Installer of IP Messenger for ...)
	NOT-FOR-US: Installer of IP Messenger for Win
CVE-2017-10819 (MaLion for Mac 4.3.0 to 5.2.1 does not properly validate certificates, ...)
	NOT-FOR-US: MaLion
CVE-2017-10818 (MaLion for Windows and Mac versions 3.2.1 to 5.2.1 uses a hardcoded ...)
	NOT-FOR-US: MaLion
CVE-2017-10817 (MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to ...)
	NOT-FOR-US: MaLion
CVE-2017-10816 (SQL injection vulnerability in the MaLion for Windows and Mac 5.0.0 to ...)
	NOT-FOR-US: MaLion
CVE-2017-10815 (MaLion for Windows 5.2.1 and earlier (only when &quot;Remote Control&quot; is ...)
	NOT-FOR-US: MaLion
CVE-2017-10814 (Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier ...)
	NOT-FOR-US: CG-WLR300NM Firmware
CVE-2017-10813 (CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to ...)
	NOT-FOR-US: CG-WLR300NM Firmware
CVE-2017-10812 (Untrusted search path vulnerability in Photo Collection PC Software ...)
	NOT-FOR-US: Photo Collection PC Software
CVE-2017-10811 (Buffalo WCR-1166DS devices with firmware 1.30 and earlier allow an ...)
	NOT-FOR-US: Buffalo WCR-1166DS devices
CVE-2017-10810 (Memory leak in the virtio_gpu_object_create function in ...)
	{DSA-3927-1}
	- linux 4.11.11-1 (low)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/385aee965b4e4c36551c362a334378d2985b722a
CVE-2017-10809
	RESERVED
CVE-2017-10808
	RESERVED
CVE-2017-10806 (Stack-based buffer overflow in hw/usb/redirect.c in QEMU (aka Quick ...)
	{DSA-3925-1}
	- qemu 1:2.8+dfsg-7 (bug #867751)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-05/msg03087.html
CVE-2017-10807 (JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate ...)
	{DSA-3902-1}
	- jabberd2 2.6.1-1 (bug #867032)
	NOTE: Fixed by: https://github.com/jabberd2/jabberd2/commit/8416ae54ecefa670534f27a31db71d048b9c7f16
	NOTE: https://github.com/jabberd2/jabberd2/releases/tag/jabberd-2.6.1
CVE-2017-10805 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
	NOT-FOR-US: Odoo
CVE-2017-10804 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
	NOT-FOR-US: Odoo
CVE-2017-10803 (In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise ...)
	NOT-FOR-US: Odoo
CVE-2017-10802
	RESERVED
CVE-2017-10801 (phpSocial (formerly phpDolphin) before 3.0.1 has XSS in the PATH_INFO ...)
	NOT-FOR-US: phpSocial
CVE-2017-10800 (When GraphicsMagick 1.3.25 processes a MATLAB image in coders/mat.c, it ...)
	- graphicsmagick 1.3.26-1 (bug #867060)
	[stretch] - graphicsmagick <no-dsa> (Minor issue)
	[jessie] - graphicsmagick <no-dsa> (Minor issue)
	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/e5761e3a2012
	NOTE: The above commit unfortunately is not enough. There are more related
	NOTE: changes, and Bob Friesenhahn commented that it's not complete. All
	NOTE: the rlated changesets to mat.c since the one referenced should be
	NOTE: picked up.
CVE-2017-10799 (When GraphicsMagick 1.3.25 processes a DPX image (with metadata ...)
	{DLA-1045-1}
	- graphicsmagick 1.3.26-1 (bug #867077)
	[stretch] - graphicsmagick <no-dsa> (Minor issue)
	[jessie] - graphicsmagick <no-dsa> (Minor issue)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/f10b9bb3ca62
CVE-2017-10798 (In ObjectPlanet Opinio before 7.6.4, there is XSS. ...)
	NOT-FOR-US: ObjectPlanet Opinio
CVE-2017-10797
	RESERVED
CVE-2017-10796 (On TP-Link NC250 devices with firmware through 1.2.1 build 170515, ...)
	NOT-FOR-US: TP-Link
CVE-2017-10795 (Cross-site scripting (XSS) vulnerability in Subrion CMS 4.1.4 allows ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-10794 (When GraphicsMagick 1.3.25 processes an RGB TIFF picture (with metadata ...)
	- graphicsmagick 1.3.26-1 (bug #867085)
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/a20bee0a0ad2
CVE-2017-10793 (The AT&amp;T U-verse 9.2.2h0d83 firmware for the Arris NVG589, NVG599, and ...)
	NOT-FOR-US: Arris
CVE-2017-10792 (There is a NULL Pointer Dereference in the function ll_insert() of the ...)
	- pspp 1.0.0-1 (unimportant; bug #866890)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467005
	NOTE: No security impact, crash in CLI tool
CVE-2017-10791 (There is an Integer overflow in the hash_int function of the libpspp ...)
	- pspp 1.0.0-1 (unimportant; bug #866890)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1467004
	NOTE: No security impact as built in Debian
CVE-2017-10790 (The _asn1_check_identifier function in GNU Libtasn1 through 4.12 causes ...)
	{DSA-4106-1 DLA-1038-1}
	- libtasn1-6 4.12-2.1 (bug #867398)
	[jessie] - libtasn1-6 <no-dsa> (Minor issue)
	- libtasn1-3 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464141
	NOTE: Fixed by: https://gitlab.com/gnutls/libtasn1/commit/d8d805e1f2e6799bb2dff4871a8598dc83088a39
CVE-2017-10789 (The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 ...)
	{DLA-1079-1}
	- libdbd-mysql-perl 4.046-1 (bug #866821)
	[stretch] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/110
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/114
	NOTE: Upstream 4.042 fixed this issue, but was reverted upstream in 4.043:
	NOTE: https://www.nntp.perl.org/group/perl.dbi.dev/2017/08/msg8037.html
	NOTE: No upstream-blessed patch available.
CVE-2017-10788 (The DBD::mysql module through 4.043 for Perl allows remote attackers to ...)
	{DLA-1079-1}
	- libdbd-mysql-perl 4.046-1 (bug #866818)
	[stretch] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: http://seclists.org/oss-sec/2017/q2/443
	NOTE: https://github.com/perl5-dbi/DBD-mysql/issues/120
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/142
CVE-2017-10787
	RESERVED
CVE-2017-10786
	RESERVED
CVE-2017-10785
	RESERVED
CVE-2017-10784 (The Basic authentication code in WEBrick library in Ruby before 2.2.8, ...)
	{DSA-4031-1 DLA-1114-1 DLA-1113-1}
	- ruby2.3 2.3.5-1 (bug #875931)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/09/14/webrick-basic-auth-escape-sequence-injection-cve-2017-10784/
	NOTE: https://github.com/ruby/ruby/commit/6617c41292b7d1e097abb8fdb0cab9ddd83c77e7
	NOTE: https://hackerone.com/reports/223363
CVE-2017-10783 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10782 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10781 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10780 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10779 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10778 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10777 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10776 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10775 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10774 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10773 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10772 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10771 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10770 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10769 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10768 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10767 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10766 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10765 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10764 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10763 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10762 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10761 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10760 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10759 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10758 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10757 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10756 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10755 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10754 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10753 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10752 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10751 (XnView Classic for Windows Version 2.40 might allow attackers to cause ...)
	NOT-FOR-US: XnView
CVE-2017-10750 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10749 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10748 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10747 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10746 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10745 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10744 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10743 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10742 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10741 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10740 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10739 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10738 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10737 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10736 (XnView Classic for Windows Version 2.40 allows attackers to execute ...)
	NOT-FOR-US: XnView
CVE-2017-10735 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10734 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10733 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10732 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-10731 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary ...)
	NOT-FOR-US: IrfanView
CVE-2017-10730 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary ...)
	NOT-FOR-US: IrfanView
CVE-2017-10729 (IrfanView version 4.44 (32bit) allows attackers to execute arbitrary ...)
	NOT-FOR-US: IrfanView
CVE-2017-10728 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary ...)
	NOT-FOR-US: Winamp
CVE-2017-10727 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary ...)
	NOT-FOR-US: Winamp
CVE-2017-10726 (Winamp 5.666 Build 3516(x86) might allow attackers to execute arbitrary ...)
	NOT-FOR-US: Winamp
CVE-2017-10725 (Winamp 5.666 Build 3516(x86) allows attackers to execute arbitrary code ...)
	NOT-FOR-US: Winamp
CVE-2017-10724
	RESERVED
CVE-2017-10723
	RESERVED
CVE-2017-10722
	RESERVED
CVE-2017-10721
	RESERVED
CVE-2017-10720
	RESERVED
CVE-2017-10719
	RESERVED
CVE-2017-10718
	RESERVED
CVE-2017-10717
	RESERVED
CVE-2017-10716
	RESERVED
CVE-2017-10715
	RESERVED
CVE-2017-10714
	RESERVED
CVE-2017-10713
	RESERVED
CVE-2017-10712
	RESERVED
CVE-2017-10711 (In SimpleRisk 20170614-001, a CSRF attack on reset.php (aka the Send ...)
	NOT-FOR-US: SimpleRisk
CVE-2017-10710
	RESERVED
CVE-2017-10709 (The lockscreen on Elephone P9000 devices (running Android 6.0) allows ...)
	NOT-FOR-US: Elephone P9000 devices
CVE-2017-10708 (An issue was discovered in Apport through 2.20.x. In apport/report.py, ...)
	[experimental] - apport 2.20.4-2 (bug #868831)
	NOTE: apport only in experimental, so we cannot track this in security-tracker
CVE-2017-10707
	RESERVED
CVE-2017-10706 (When Antiy Antivirus Engine before 5.0.0.05171547 scans a special ZIP ...)
	NOT-FOR-US: When Antiy Antivirus Engine
CVE-2017-10705
	RESERVED
CVE-2017-10704
	RESERVED
CVE-2017-10703
	RESERVED
CVE-2017-10702
	RESERVED
CVE-2017-10701 (Cross site scripting (XSS) vulnerability in SAP Enterprise Portal 7.50 ...)
	NOT-FOR-US: SAP Enterprise Portal
CVE-2017-10700 (In the medialibrary component in QNAP NAS 4.3.3.0229, an ...)
	NOT-FOR-US: QNAP
CVE-2017-10699 (avcodec 2.2.x, as used in VideoLAN VLC media player 2.2.7-x before ...)
	{DSA-4045-1}
	- vlc 2.2.6-3
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=6cc73bcad19da2cd2e95671173f2e0d203a57e9b
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=a38a85db58c569cc592d9380cc07096757ef3d49
	NOTE: https://trac.videolan.org/vlc/ticket/18467
CVE-2017-10698
	RESERVED
CVE-2017-10697
	RESERVED
CVE-2017-10696
	RESERVED
CVE-2017-10695
	RESERVED
CVE-2017-10694
	RESERVED
CVE-2017-10693
	RESERVED
CVE-2017-10692
	RESERVED
CVE-2017-10691
	RESERVED
CVE-2017-10690 (In previous versions of Puppet Agent it was possible for the agent to ...)
	- puppet <not-affected> (Only affects Puppet 5, only in experimental)
	NOTE: https://puppet.com/security/cve/CVE-2017-10690
	NOTE: https://tickets.puppetlabs.com/browse/PUP-8225
	NOTE: Fixed by: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b
CVE-2017-10689 (In previous versions of Puppet Agent it was possible to install a ...)
	- puppet 5.4.0-1 (bug #890412)
	[stretch] - puppet <no-dsa> (Minor issue)
	[jessie] - puppet <no-dsa> (Minor issue)
	[wheezy] - puppet <not-affected> (vulnerable code not present)
	NOTE: https://puppet.com/security/cve/CVE-2017-10689
	NOTE: https://tickets.puppetlabs.com/browse/PUP-7866
	NOTE: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
	NOTE: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399
CVE-2017-10688 (In LibTIFF 4.0.8, there is a assertion abort in the ...)
	{DSA-3903-1 DLA-1022-1}
	- tiff 4.0.8-3 (bug #866611)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2712
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/6173a57d39e04d68b139f8c1aa499a24dbe74ba1
CVE-2017-10687 (In LibSass 3.4.5, there is a heap-based buffer over-read in the ...)
	- libsass <unfixed> (low; bug #866672)
	[stretch] - libsass <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1466411
CVE-2017-10686 (In Netwide Assembler (NASM) 2.14rc0, there are multiple heap use after ...)
	{DLA-1041-1}
	- nasm 2.13.02-0.1 (bug #867988)
	[stretch] - nasm <no-dsa> (Minor issue)
	[jessie] - nasm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.nasm.us/show_bug.cgi?id=3392414
CVE-2017-10685 (In ncurses 6.0, there is a format string vulnerability in the fmt_entry ...)
	- ncurses 6.0+20170701-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464692
CVE-2017-10684 (In ncurses 6.0, there is a stack-based buffer overflow in the fmt_entry ...)
	- ncurses 6.0+20170708-1
	[stretch] - ncurses 6.0+20161126-1+deb9u1
	[jessie] - ncurses 5.9+20140913-1+deb8u1
	[wheezy] - ncurses <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464687
CVE-2017-10683 (In mpg123 1.25.0, there is a heap-based buffer over-read in the ...)
	{DLA-1017-1}
	- mpg123 1.25.1-1 (bug #866860)
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465819
	NOTE: Duplicate of https://sourceforge.net/p/mpg123/bugs/252/
	NOTE: Patch: http://scm.orgis.org/view/mpg123/trunk/src/libmpg123/id3.c?sortby=date&r1=4249&r2=4248&pathrev=4249
CVE-2017-10682 (SQL injection vulnerability in the administrative backend in Piwigo ...)
	- piwigo <removed>
CVE-2017-10681 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 ...)
	- piwigo <removed>
CVE-2017-10680 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 ...)
	- piwigo <removed>
CVE-2017-10679 (Piwigo through 2.9.1 allows remote attackers to obtain sensitive ...)
	- piwigo <removed>
CVE-2017-10678 (Cross-site request forgery (CSRF) vulnerability in Piwigo through 2.9.1 ...)
	- piwigo <removed>
CVE-2017-10677 (Cross-Site Request Forgery (CSRF) exists on Linksys EA4500 devices with ...)
	NOT-FOR-US: Linksys EA4500 devices
CVE-2017-10676 (On D-Link DIR-600M devices before C1_v3.05ENB01_beta_20170306, XSS was ...)
	NOT-FOR-US: D-Link
CVE-2017-10675
	RESERVED
CVE-2017-10674 (Antiy Antivirus Engine 5.0.0.06281654 allows local users to cause a ...)
	NOT-FOR-US: Antiy Antivirus Engine
CVE-2015-9106
	RESERVED
	NOT-FOR-US: WordPress plugin the-holiday-calendar
CVE-2015-9105 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Video ...)
	NOT-FOR-US: Synology
CVE-2015-9104 (Cross-site scripting (XSS) vulnerabilities in Synology Audio Station ...)
	NOT-FOR-US: Synology
CVE-2015-9103 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Note ...)
	NOT-FOR-US: Synology
CVE-2015-9102 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...)
	NOT-FOR-US: Synology
CVE-2017-10673 (admin/profile.php in GetSimple CMS 3.x has XSS in a name field. ...)
	NOT-FOR-US: GetSimple CMS
CVE-2017-10672 (Use-after-free in the XML-LibXML module through 2.0129 for Perl allows ...)
	{DSA-4042-1 DLA-1171-1}
	- libxml-libxml-perl 2.0128+dfsg-5 (bug #866676)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=122246
	NOTE: Pull request: https://github.com/shlomif/perl-XML-LibXML/pull/8
CVE-2017-10671 (Heap-based Buffer Overflow in the de_dotdot function in libhttpd.c in ...)
	- thttpd <removed>
CVE-2017-10670 (An XML External Entity (XXE) issue exists in OSCI-Transport 1.2 as used ...)
	NOT-FOR-US: OSCI-Transport
CVE-2017-10669 (Signature Wrapping exists in OSCI-Transport 1.2 as used in OSCI ...)
	NOT-FOR-US: OSCI-Transport
CVE-2017-10668 (A Padding Oracle exists in OSCI-Transport 1.2 as used in OSCI Transport ...)
	NOT-FOR-US: OSCI-Transport
CVE-2017-10667 (In index.php in Zen Cart 1.6.0, the products_id parameter can cause ...)
	NOT-FOR-US: Zen Cart
CVE-2017-10666
	RESERVED
CVE-2017-10665 (Directory traversal vulnerability in ajaxfileupload.php in Kayson ...)
	NOT-FOR-US: Kayson Group Ltd. phpGrid
CVE-2017-9998 (The _dwarf_decode_s_leb128_chk function in dwarf_leb.c in libdwarf ...)
	- dwarfutils 20170416-3 (bug #866968)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465756
CVE-2017-9997
	RESERVED
CVE-2017-10664 (qemu-nbd in QEMU (aka Quick Emulator) does not ignore SIGPIPE, which ...)
	{DSA-3920-1 DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-7 (bug #866674)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02693.html
	NOTE: Fixed by (master): http://git.qemu.org/?p=qemu.git;a=commitdiff;h=041e32b8d9d076980b4e35317c0339e57ab888f1
CVE-2017-10663 (The sanity_check_ckpt function in fs/f2fs/super.c in the Linux kernel ...)
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/15d3042a937c13f5d9244241c7a9c8416ff6e82a (v4.13-rc1)
CVE-2017-10662 (The sanity_check_raw_super function in fs/f2fs/super.c in the Linux ...)
	- linux 4.9.30-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b9dd46188edc2f0d1f37328637860bb65a771124 (v4.12-rc1)
CVE-2017-10661 (Race condition in fs/timerfd.c in the Linux kernel before 4.10.15 ...)
	{DLA-1099-1}
	- linux 4.9.30-1
	[jessie] - linux 3.16.43-2+deb8u5
	NOTE: Fixed by: https://git.kernel.org/linus/1e38da300e1e395a15048b0af1e5305bd91402f6 (v4.11-rc1)
CVE-2017-10660
	RESERVED
CVE-2017-10659
	RESERVED
CVE-2017-10658
	RESERVED
CVE-2017-10657
	RESERVED
CVE-2017-10656
	RESERVED
CVE-2017-10655
	RESERVED
CVE-2017-10654
	RESERVED
CVE-2017-10653
	RESERVED
CVE-2017-10652
	RESERVED
CVE-2017-10651
	RESERVED
CVE-2017-10650
	RESERVED
CVE-2017-10649
	RESERVED
CVE-2017-10648
	RESERVED
CVE-2017-10647
	RESERVED
CVE-2017-10646
	RESERVED
CVE-2017-10645
	RESERVED
CVE-2017-10644
	RESERVED
CVE-2017-10643
	RESERVED
CVE-2017-10642
	RESERVED
CVE-2017-10641
	RESERVED
CVE-2017-10640
	RESERVED
CVE-2017-10639
	RESERVED
CVE-2017-10638
	RESERVED
CVE-2017-10637
	RESERVED
CVE-2017-10636
	RESERVED
CVE-2017-10635
	RESERVED
CVE-2017-10634
	RESERVED
CVE-2017-10633
	RESERVED
CVE-2017-10632
	RESERVED
CVE-2017-10631
	RESERVED
CVE-2017-10630
	RESERVED
CVE-2017-10629
	RESERVED
CVE-2017-10628
	RESERVED
CVE-2017-10627
	RESERVED
CVE-2017-10626
	RESERVED
CVE-2017-10625
	RESERVED
CVE-2017-10624 (Insufficient verification of node certificates in Juniper Networks ...)
	NOT-FOR-US: Juniper
CVE-2017-10623 (Lack of authentication and authorization of cluster messages in ...)
	NOT-FOR-US: Juniper
CVE-2017-10622 (An authentication bypass vulnerability in Juniper Networks Junos Space ...)
	NOT-FOR-US: Juniper
CVE-2017-10621 (A denial of service vulnerability in telnetd service on Juniper ...)
	NOT-FOR-US: Juniper
CVE-2017-10620 (Juniper Networks Junos OS on SRX series devices do not verify the ...)
	NOT-FOR-US: Juniper
CVE-2017-10619 (When Express Path (formerly known as service offloading) is configured ...)
	NOT-FOR-US: Juniper
CVE-2017-10618 (When the 'bgp-error-tolerance' feature &amp;#xe2;&amp;#x80;&quot; designed to help ...)
	NOT-FOR-US: Juniper
CVE-2017-10617 (The ifmap service that comes bundled with Contrail has an XML External ...)
	NOT-FOR-US: Juniper
CVE-2017-10616 (The ifmap service that comes bundled with Juniper Networks Contrail ...)
	NOT-FOR-US: Juniper
CVE-2017-10615 (A vulnerability in the pluggable authentication module (PAM) of ...)
	NOT-FOR-US: Juniper
CVE-2017-10614 (A vulnerability in telnetd service on Junos OS allows a remote ...)
	NOT-FOR-US: Juniper
CVE-2017-10613 (A vulnerability in a specific loopback filter action command, ...)
	NOT-FOR-US: Juniper
CVE-2017-10612 (A persistent site scripting vulnerability in Juniper Networks Junos ...)
	NOT-FOR-US: Juniper
CVE-2017-10611 (If extended statistics are enabled via 'set chassis ...)
	NOT-FOR-US: Juniper
CVE-2017-10610 (On SRX Series devices, a crafted ICMP packet embedded within a NAT64 ...)
	NOT-FOR-US: Juniper
CVE-2017-10609
	RESERVED
CVE-2017-10608 (Any Juniper Networks SRX series device with one or more ALGs enabled ...)
	NOT-FOR-US: Juniper
CVE-2017-10607 (Juniper Networks Junos OS 16.1R1, and services releases based off of ...)
	NOT-FOR-US: Juniper
CVE-2017-10606 (Version 4.40 of the TPM (Trusted Platform Module) firmware on Juniper ...)
	NOT-FOR-US: Juniper
CVE-2017-10605 (On all vSRX and SRX Series devices, when the DHCP or DHCP relay is ...)
	NOT-FOR-US: Juniper
CVE-2017-10604 (When the device is configured to perform account lockout with a ...)
	NOT-FOR-US: Juniper
CVE-2017-10603 (An XML injection vulnerability in Junos OS CLI can allow a locally ...)
	NOT-FOR-US: Juniper
CVE-2017-10602 (A buffer overflow vulnerability in Junos OS CLI may allow a local ...)
	NOT-FOR-US: Juniper
CVE-2017-10601 (A specific device configuration can result in a commit failure ...)
	NOT-FOR-US: Juniper
CVE-2017-10600 (ubuntu-image 1.0 before 2017-07-07, when invoked as non-root, creates ...)
	NOT-FOR-US: ubuntu-image
CVE-2017-9996 (The cdxl_decode_frame function in libavcodec/cdxl.c in FFmpeg 2.8.x ...)
	- ffmpeg 7:3.2.5-1
	- libav <not-affected> (Vulnerable feature not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/1e42736b95065c69a7481d0cf55247024f54b660
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e1b60aad77c27ed5d4dfc11e5e6a05a38c70489d
	NOTE: The bug affects FFmpeg's support for CHUNKY cdxl files, a feature that is
	NOTE: not present in Libav. Libav detects CHUNKY files and bails out early.
CVE-2017-9995 (libavcodec/scpr.c in FFmpeg 3.3 before 3.3.1 does not properly validate ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2171dfae8c065878a2e130390eb78cf2947a5b69
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/7ac5067146613997bb38442cb022d7f41321a706
CVE-2017-9994 (libavcodec/webp.c in FFmpeg before 2.8.12, 3.0.x before 3.0.8, 3.1.x ...)
	- ffmpeg 7:3.2.5-1
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present, WebP decoder feature introduced in v10)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/6b5d3fb26fb4be48e4966e4b1d97c2165538d4ef
CVE-2017-9993 (FFmpeg before 2.8.12, 3.0.x and 3.1.x before 3.1.9, 3.2.x before 3.2.6, ...)
	{DSA-3957-1}
	- ffmpeg 7:3.2.6-1
	- libav <undetermined>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/189ff4219644532bdfa7bab28dfedaee4d6d4021
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a5d849b149ca67ced2d271dc84db0bc95a548abb
	NOTE: Fixed in 3.2.6
CVE-2017-9992 (Heap-based buffer overflow in the decode_dds1 function in ...)
	{DSA-4012-1 DLA-1142-1}
	- ffmpeg 7:3.2.5-1
	- libav <removed>
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/f52fbf4f3ed02a7d872d8a102006f29b4421f360
	NOTE: Fixed in 11.11
CVE-2017-9991 (Heap-based buffer overflow in the xwd_decode_frame function in ...)
	- ffmpeg 7:3.2.5-1
	- libav <not-affected> (Vulnerable feature not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/441026fcb13ac23aa10edc312bdacb6445a0ad06
	NOTE: The error occurs in the support for 8bpp XWD images where bpp and image
	NOTE: depth are not checked thoroughly enough. Libav does not support 8bpp
	NOTE: images and bails out early -- Diego Biurrun (libav project)
CVE-2017-9990 (Stack-based buffer overflow in the color_string_to_rgba function in ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cb243972b121b1ae6b60a78ff55a0506c69f3879
CVE-2017-9989 (util/outputtxt.c in libming 0.4.8 mishandles memory allocation. A ...)
	{DLA-1176-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/86
CVE-2017-9988 (The readEncUInt30 function in util/read.c in libming 0.4.8 mishandles ...)
	{DLA-1176-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/85
CVE-2017-9987 (There is a heap-based buffer overflow in the function hpel_motion in ...)
	- libav <removed>
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1067
CVE-2017-9986 (The intr function in sound/oss/msnd_pinnacle.c in the Linux kernel ...)
	- linux <unfixed> (unimportant)
	NOTE: No security issue, only "exploitable" with malicious ISA cards
CVE-2017-9985 (The snd_msndmidi_input_read function in sound/isa/msnd/msnd_midi.c in ...)
	- linux 4.13.4-1 (unimportant)
	[stretch] - linux 4.9.51-1
	NOTE: No security issue, only "exploitable" with malicious ISA cards
	NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196133
CVE-2017-9984 (The snd_msnd_interrupt function in sound/isa/msnd/msnd_pinnacle.c in ...)
	- linux 4.13.4-1 (unimportant)
	[stretch] - linux 4.9.51-1
	NOTE: No security issue, only "exploitable" with malicious ISA cards
	NOTE: Fixed by: https://git.kernel.org/linus/20e2b791796bd68816fa115f12be5320de2b8021 (v4.13-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=196131
CVE-2017-9983
	RESERVED
CVE-2017-9982 (TeamSpeak Client 3.0.19 allows remote attackers to cause a denial of ...)
	- teamspeak-client <removed>
	[wheezy] - teamspeak-client <end-of-life> (non-free is not supported)
CVE-2017-9981
	RESERVED
CVE-2017-9980 (In Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb, the ...)
	NOT-FOR-US: Green Packet
CVE-2017-9979 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the ...)
	NOT-FOR-US: QuantaStor
CVE-2017-9978 (On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, a flaw ...)
	NOT-FOR-US: QuantaStor
CVE-2017-9977 (AVG AntiVirus for MacOS with scan engine before 4668 might allow ...)
	NOT-FOR-US: AVG
CVE-2017-9976
	RESERVED
CVE-2017-9975
	REJECTED
CVE-2017-9974
	REJECTED
CVE-2017-9973
	REJECTED
CVE-2017-9972
	REJECTED
CVE-2017-9971
	REJECTED
CVE-2017-9970 (A remote code execution vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9969 (An information disclosure vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9968 (A security misconfiguration vulnerability exists in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9967 (A security misconfiguration vulnerability exists in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9966 (A privilege escalation vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9965 (An exposure of sensitive information vulnerability exists in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9964 (A Path Traversal issue was discovered in Schneider Electric Pelco ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9963 (A cross-site request forgery vulnerability exists on the Secure ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9962 (Schneider Electric's ClearSCADA versions released prior to August 2017 ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9961 (A vulnerability exists in Schneider Electric's Pro-Face GP Pro EX ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9960 (An information disclosure vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9959 (A vulnerability exists in Schneider Electric's U.motion Builder ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9958 (An improper access control vulnerability exists in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9957 (A vulnerability exists in Schneider Electric's U.motion Builder ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9956 (An authentication bypass vulnerability exists in Schneider Electric's ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9955 (The get_build_id function in opncls.c in the Binary File Descriptor ...)
	- binutils 2.29-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21665
CVE-2017-9954 (The getvalue function in tekhex.c in the Binary File Descriptor (BFD) ...)
	- binutils 2.29-1
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21670
CVE-2017-9953 (There is an invalid free in Image::printIFDStructure that leads to a ...)
	- exiv2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465061
	NOTE: Possibly introduced after https://github.com/Exiv2/exiv2/commit/fd5e983746c336336039e91cb6b656cf8eeccdea
	NOTE: which introduces printIFDStructure function and later restructurated
	NOTE: again. Around that commit upstream source though does not build.
CVE-2017-9952
	RESERVED
CVE-2017-9951 (The try_read_command function in memcached.c in memcached before 1.4.39 ...)
	{DLA-1033-1}
	- memcached 1.5.0-1 (bug #868701)
	[stretch] - memcached <no-dsa> (Minor issue)
	[jessie] - memcached <no-dsa> (Minor issue)
	NOTE: https://www.twistlock.com/2017/07/13/cve-2017-9951-heap-overflow-memcached-server-1-4-38-twistlock-vulnerability-report/
	NOTE: https://github.com/memcached/memcached/commit/328629445c71e6c17074f6e9e0e3ef585b58f167
CVE-2017-9950
	RESERVED
CVE-2017-9949 (The grub_memmove function in shlr/grub/kern/misc.c in radare2 1.5.0 ...)
	- radare2 1.6.0+dfsg-1 (bug #866068)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7683
	NOTE: https://github.com/radare/radare2/commit/796dd28aaa6b9fa76d99c42c4d5ff8b257cc2191
CVE-2017-9948 (A stack buffer overflow vulnerability has been discovered in Microsoft ...)
	NOT-FOR-US: Microsoft Skype
CVE-2017-9947 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...)
	NOT-FOR-US: Siemens
CVE-2017-9946 (A vulnerability has been identified in Siemens APOGEE PXC and TALON TC ...)
	NOT-FOR-US: Siemens
CVE-2017-9945 (In the Siemens 7KM PAC Switched Ethernet PROFINET expansion module (All ...)
	NOT-FOR-US: Siemens
CVE-2017-9944 (A vulnerability has been identified in Siemens 7KT PAC1200 data manager ...)
	NOT-FOR-US: Siemens
CVE-2017-9943
	RESERVED
CVE-2017-9942 (A vulnerability was discovered in Siemens SiPass integrated (All ...)
	NOT-FOR-US: Siemens
CVE-2017-9941 (A vulnerability was discovered in Siemens SiPass integrated (All ...)
	NOT-FOR-US: Siemens
CVE-2017-9940 (A vulnerability was discovered in Siemens SiPass integrated (All ...)
	NOT-FOR-US: Siemens
CVE-2017-9939 (A vulnerability was discovered in Siemens SiPass integrated (All ...)
	NOT-FOR-US: Siemens
CVE-2017-9938 (A vulnerability was discovered in Siemens SIMATIC Logon (All versions ...)
	NOT-FOR-US: Siemens
CVE-2017-9937 (In LibTIFF 4.0.8, there is a memory malloc failure in tif_jbig.c. A ...)
	- jbigkit <unfixed> (unimportant; bug #869708)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2707
	NOTE: The CVE was assigned for src:tiff by MITRE, but the issue actually lies
	NOTE: in jbigkit itself.
CVE-2017-9936 (In LibTIFF 4.0.8, there is a memory leak in tif_jbig.c. A crafted TIFF ...)
	{DSA-3903-1 DLA-1023-1 DLA-1022-1}
	- tiff 4.0.8-3 (bug #866113)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2706
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fe8d7165956b88df4837034a9161dc5fd20cf67a
CVE-2017-9935 (In LibTIFF 4.0.8, there is a heap-based buffer overflow in the ...)
	{DSA-4100-1 DLA-1206-1}
	- tiff 4.0.9-2 (bug #866109)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (does not build vulnerable tiff2pdf)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2704
CVE-2017-9934 (Missing CSRF token checks and improper input validation in Joomla! CMS ...)
	NOT-FOR-US: Joomla
CVE-2017-9933 (Improper cache invalidation in Joomla! CMS 1.7.3 through 3.7.2 leads ...)
	NOT-FOR-US: Joomla
CVE-2017-9932 (Green Packet DX-350 Firmware version v2.8.9.5-g1.4.8-atheeb has a ...)
	NOT-FOR-US: Green Packet
CVE-2017-9931 (Cross-Site Scripting (XSS) exists in Green Packet DX-350 Firmware ...)
	NOT-FOR-US: Green Packet
CVE-2017-9930 (Cross-Site Request Forgery (CSRF) exists in Green Packet DX-350 ...)
	NOT-FOR-US: Green Packet
CVE-2017-9929 (In lrzip 0.631, a stack buffer overflow was found in the function ...)
	- lrzip 0.631+git180517-1 (bug #866020)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/75
CVE-2017-9928 (In lrzip 0.631, a stack buffer overflow was found in the function ...)
	- lrzip 0.631+git180517-1 (bug #866022)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/74
CVE-2017-9927 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
	- swftools <unfixed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9926 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
	- swftools <unfixed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9925 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
	- swftools <unfixed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9924 (In SWFTools 2013-04-09-1007 on Windows, png2swf allows remote attackers ...)
	- swftools <unfixed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-9923 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9922 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9921 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9920 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9919 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9918 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9917 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9916 (IrfanView version 4.44 (32bit) with TOOLS Plugin 4.50 might allow ...)
	NOT-FOR-US: IrfanView
CVE-2017-9915 (IrfanView version 4.44 (32bit) with TOOLS plugin 4.50 allows attackers ...)
	NOT-FOR-US: IrfanView
CVE-2017-9914 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9913 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9912 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9911 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9910 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9909 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9908 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9907 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9906 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9905 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9904 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9903 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9902 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9901 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9900 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9899 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9898 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9897 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9896 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9895 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9894 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9893 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9892 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9891 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9890 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9889 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9888 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9887 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9886 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9885 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9884 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9883 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9882 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9881 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9880 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9879 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9878 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9877 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9876 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9875 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9874 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9873 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9872 (The III_dequantize_sample function in layer3.c in mpglib, as used in ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_dequantize_sample-layer3-c/
	NOTE: https://sourceforge.net/p/lame/bugs/482/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9871 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-stack-based-buffer-overflow-in-iii_i_stereo-layer3-c/
	NOTE: https://sourceforge.net/p/lame/bugs/483/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9870 (The III_i_stereo function in layer3.c in mpglib, as used in ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-iii_i_stereo-layer3-c/
	NOTE: https://sourceforge.net/p/lame/bugs/481/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9869 (The II_step_one function in layer2.c in mpglib, as used in ...)
	- lame 3.99.5+repack1-8 (bug #867725)
	[jessie] - lame <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/06/17/lame-global-buffer-overflow-in-ii_step_one-layer2-c/
	NOTE: https://sourceforge.net/p/lame/bugs/475/
	NOTE: Starting with 3.99.5+repack1-8 libsndfile is used to read the input file, marking that as the fixed
	NOTE: version, although the internal lame code was only fixed in 3.100 (strictly speaking that would be
	NOTE: severity:unimportant for stretch onwards, but we don't have suite-specific severity annotations
CVE-2017-9868 (In Mosquitto through 1.4.12, mosquitto.db (aka the persistence file) is ...)
	{DLA-1146-1}
	- mosquitto 1.4.14-1 (bug #865959)
	[stretch] - mosquitto 1.4.10-3+deb9u1
	[jessie] - mosquitto <no-dsa> (Minor issue)
	NOTE: https://github.com/eclipse/mosquitto/issues/468
	NOTE: https://github.com/eclipse/mosquitto/commit/09cb1b61c8f48284d9c42bd911faa7525cc689c7
CVE-2017-9867
	RESERVED
CVE-2017-9866
	RESERVED
CVE-2017-9865 (The function GfxImageColorMap::getGray in GfxState.cc in Poppler 0.54.0 ...)
	{DSA-4079-1 DLA-1074-1}
	- poppler 0.57.0-2 (bug #867477)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100774
	NOTE: http://somevulnsofadlab.blogspot.com/2017/06/popplerstack-buffer-overflow-in.html
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=75fff6556eaf0ef3a6fcdef2c2229d0b6d1c58d9
CVE-2017-9864 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9863 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9862 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9861 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9860 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9859 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9858 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9857 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9856 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9855 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9854 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9853 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9852 (** DISPUTED ** An Incorrect Password Management issue was discovered ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9851 (** DISPUTED ** An issue was discovered in SMA Solar Technology ...)
	NOT-FOR-US: SMA Solar Technology products
CVE-2017-9850
	RESERVED
CVE-2017-9849
	RESERVED
CVE-2017-9848 (SQL injection vulnerability in C_InfoService.asmx in WebServices in ...)
	NOT-FOR-US: Easysite
CVE-2017-9847 (The bdecode function in bdecode.cpp in libtorrent 1.1.3 allows remote ...)
	- libtorrent-rasterbar 1.1.4-1 (bug #865845)
	[stretch] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <not-affected> (new bdecode introduced in 1.1.0; vulnerable code not present)
	NOTE: https://github.com/arvidn/libtorrent/issues/2099
	NOTE: Fixed by: https://github.com/arvidn/libtorrent/commit/ec30a5e9ec703afb8abefba757c6d401303b53db
	NOTE: Pre-1.1.0 versions possibly similarly affected in lazy_bdecode.cpp
CVE-2017-9846 (Winmail Server 6.1 allows remote code execution by authenticated users ...)
	NOT-FOR-US: Winmail Server
CVE-2017-9845 (disp+work 7400.12.21.30308 in SAP NetWeaver 7.40 allows remote ...)
	NOT-FOR-US: SAP
CVE-2017-9844 (SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a ...)
	NOT-FOR-US: SAP
CVE-2017-9843 (SAP NetWeaver AS ABAP 7.40 allows remote authenticated users with ...)
	NOT-FOR-US: SAP
CVE-2017-9842
	RESERVED
CVE-2017-9841 (Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 ...)
	- phpunit 5.4.6-2 (bug #866200)
	[stretch] - phpunit 5.4.6-2~deb9u1
	[jessie] - phpunit <not-affected> (Issue introduced later; vulnerable code not present)
	[wheezy] - phpunit <not-affected> (Issue introduced later; vulnerable code not present)
	NOTE: https://github.com/sebastianbergmann/phpunit/pull/1956
	NOTE: https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5
	NOTE: http://phpunit.vulnbusters.com/
CVE-2017-9840 (Dolibarr ERP/CRM 5.0.3 and prior allows low-privilege users to upload ...)
	- dolibarr <removed> (bug #867495)
	[jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-9839 (Dolibarr ERP/CRM is affected by SQL injection in versions before 5.0.4 ...)
	- dolibarr <removed>
	[jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2017-9838 (Dolibarr ERP/CRM is affected by multiple reflected Cross-Site Scripting ...)
	- dolibarr <removed>
	[jessie] - dolibarr <ignored> (Scheduled for removal)
CVE-2017-9837
	REJECTED
CVE-2017-9836 (Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote ...)
	- piwigo <removed>
CVE-2017-9835 (The gs_alloc_ref_array function in psi/ialloc.c in Artifex Ghostscript ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869907)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697985
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=cfde94be1d4286bc47633c6e6eaf4e659bd78066 (ghostpdl-9.22rc1)
CVE-2017-9834 (SQL injection vulnerability in the WatuPRO plugin before 5.5.3.7 for ...)
	NOT-FOR-US: WatuPRO plugin for WordPress
CVE-2017-9833 (/cgi-bin/wapopen in BOA Webserver 0.94.14rc21 allows the injection of ...)
	NOT-FOR-US: Undetermined product
	NOTE: /wapopen is not part of BOA, it's probably an insecure CGI
	NOTE: script used in some embedded product relying on BOA as webserver.
	NOTE: I asked Mitre to reject the CVE. -- Raphael Hertzog
CVE-2017-9832 (An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL ...)
	{DLA-1029-1}
	- libmtp 1.1.13-1
	[jessie] - libmtp <no-dsa> (Minor issue; can be fixed in a point release)
	NOTE: https://sourceforge.net/p/libmtp/mailman/message/35729062/
	NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/
	NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at
CVE-2017-9831 (An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx ...)
	{DLA-1029-1}
	- libmtp 1.1.13-1
	[jessie] - libmtp <no-dsa> (Minor issue; can be fixed in a point release)
	NOTE: https://sourceforge.net/p/libmtp/mailman/message/35735992/
	NOTE: https://sourceforge.net/p/libmtp/code/ci/aa7d91a789873a9d86969028e57f888a1241c085/
	NOTE: reduced patchset: https://lists.debian.org/87lgnzvjvb.fsf@curie.anarc.at
CVE-2017-9830 (Remote Code Execution is possible in Code42 CrashPlan 5.4.x via the ...)
	NOT-FOR-US: Code42
CVE-2017-9829 ('/cgi-bin/admin/downloadMedias.cgi' of the web service in most of the ...)
	NOT-FOR-US: VIVOTEK Network Cameras
CVE-2017-9828 ('/cgi-bin/admin/testserver.cgi' of the web service in most of the ...)
	NOT-FOR-US: VIVOTEK Network Cameras
CVE-2017-9827
	RESERVED
CVE-2017-9826
	RESERVED
CVE-2017-11104 (Knot DNS before 2.4.5 and 2.5.x before 2.5.2 contains a flaw within the ...)
	{DSA-3910-1}
	- knot 2.5.3-1 (bug #865678)
	NOTE: https://lists.nic.cz/pipermail/knot-dns-users/2017-June/001144.html
	NOTE: http://www.synacktiv.ninja/ressources/Knot_DNS_TSIG_Signature_Forgery.pdf
CVE-2017-9825
	RESERVED
CVE-2017-9824
	RESERVED
CVE-2017-9823
	RESERVED
CVE-2017-9822 (DNN (aka DotNetNuke) before 9.1.1 has Remote Code Execution via a ...)
	NOT-FOR-US: DotNetNuke
CVE-2017-9821
	RESERVED
CVE-2017-9820
	RESERVED
CVE-2017-9819
	RESERVED
CVE-2017-9818
	RESERVED
CVE-2017-9817
	RESERVED
CVE-2017-9816 (Cross-site scripting (XSS) vulnerability in Paessler PRTG Network ...)
	NOT-FOR-US: Paessler PRTG Network Monitor
CVE-2017-9815 (In LibTIFF 4.0.7, the TIFFReadDirEntryLong8Array function in ...)
	- tiff 4.0.8-1
	[jessie] - tiff <ignored> (Minor issue)
	[wheezy] - tiff <ignored> (Minor issue)
	- tiff3 <removed>
	[wheezy] - tiff3 <ignored> (Minor issue)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2682
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
	NOTE: The issue is addressed with the same commit as for CVE-2017-9403
CVE-2017-9814 (cairo-truetype-subset.c in cairo 1.15.6 and earlier allows remote ...)
	- cairo <unfixed> (low; bug #868580)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101547
CVE-2017-9813 (In Kaspersky Anti-Virus for Linux File Server before Maintenance Pack ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9812 (The reportId parameter of the getReportStatus action method can be ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9811 (The kluser is able to interact with the kav4fs-control binary in ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9810 (There are no Anti-CSRF tokens in any forms on the web interface in ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2017-9809
	RESERVED
CVE-2017-9808
	RESERVED
CVE-2015-9098 (In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote ...)
	NOT-FOR-US: Redgate SQL Monitor
CVE-2017-9807 (An issue was discovered in the OpenWebif plugin through 1.2.4 for E2 ...)
	NOT-FOR-US: OpenWebif plugin for E2
CVE-2017-9806 (A vulnerability in the OpenOffice Writer DOC file parser before 4.1.4, ...)
	- libreoffice 1:3.4.3-1
	NOTE: https://www.talosintelligence.com/reports/TALOS-2017-0295
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2017-9806
	NOTE: https://gerrit.libreoffice.org/gitweb?p=core.git;a=commitdiff_plain;h=bb494d6bd8c5868f34bd8f9444ed3eb401145f10
CVE-2017-9805 (The REST Plugin in Apache Struts 2.1.2 through 2.3.x before 2.3.34 and ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
	NOTE: https://struts.apache.org/docs/s2-052.html
CVE-2017-9804 (In Apache Struts 2.3.7 through 2.3.33 and 2.5 through 2.5.12, if an ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <ignored> (Minor issue)
	NOTE: DOS class vulnerability and classified as low by upstream.
	NOTE: https://struts.apache.org/docs/s2-050.html
CVE-2017-9803 (Solr's Kerberos plugin can be configured to use delegation tokens, ...)
	- lucene-solr <not-affected> (Introduced in 6.2)
CVE-2017-9802 (The Javascript method Sling.evalString() in Apache Sling Servlets Post ...)
	NOT-FOR-US: Apache Sling
CVE-2017-9801 (When a call-site passes a subject for an email that contains ...)
	- commons-email <not-affected> (Fixed with first upload to Debian)
	NOTE: https://commons.apache.org/proper/commons-email/security-reports.html
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801385
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801388
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1801389
CVE-2017-9800 (A maliciously constructed svn+ssh:// URL would cause Subversion ...)
	{DSA-3932-1 DLA-1052-1}
	- subversion 1.9.7-1
	NOTE: Fixed by: http://svn.apache.org/viewvc?view=revision&amp;sortby=rev&amp;revision=1804691
	NOTE: http://subversion.apache.org/security/CVE-2017-9800-advisory.txt
CVE-2017-9799 (It was found that under some situations and configurations of Apache ...)
	NOT-FOR-US: Apache Storm
CVE-2017-9798 (Apache httpd allows remote attackers to read secret data from process ...)
	{DSA-3980-1 DLA-1102-1}
	- apache2 2.4.27-6 (bug #876109)
	NOTE: https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
	NOTE: https://github.com/hannob/optionsbleed
	NOTE: Patch: https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch
	NOTE: Patch backport for 2.2: https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch
CVE-2017-9797 (When an Apache Geode cluster before v1.2.1 is operating in secure ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9796 (When an Apache Geode cluster before v1.3.0 is operating in secure ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9795 (When an Apache Geode cluster before v1.3.0 is operating in secure ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9794 (When a cluster is operating in secure mode, a user with read ...)
	NOT-FOR-US: Apache Geode
CVE-2017-9793 (The REST Plugin in Apache Struts 2.3.7 through 2.3.33 and 2.5 through ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <not-affected> (vulnerable code not present)
	NOTE: https://struts.apache.org/docs/s2-051.html
CVE-2017-9792 (In Apache Impala (incubating) before 2.10.0, a malicious user with ...)
	NOT-FOR-US: Apache Impala
CVE-2017-9791 (The Struts 1 plugin in Apache Struts 2.3.x might allow remote code ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: Issue is specific to Struts 2.x.
CVE-2017-9790 (When handling a libprocess message wrapped in an HTTP request, ...)
	- apache-mesos <itp> (bug #760315)
CVE-2017-9789 (When under stress, closing many connections, the HTTP/2 handling code ...)
	- apache2 <not-affected> (Only affected 2.4.26)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
CVE-2017-9788 (In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value ...)
	{DSA-3913-1 DLA-1028-1}
	- apache2 2.4.27-1 (bug #868467)
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html#2.4.27
	NOTE: Fixed by (2.4.x): https://svn.apache.org/r1800955
	NOTE: 2.4.x: https://github.com/apache/httpd/commit/549ba6a39aa0df78a610025f74f3a06503a70f67
	NOTE: trunk: https://github.com/apache/httpd/commit/c5d3719133b9e5dab0d540c5aa03b2fdabc30395
CVE-2017-9787 (When using a Spring AOP functionality to secure Struts actions it is ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: Issue is specific to Struts 2.x.
	NOTE: https://struts.apache.org/docs/s2-049.html
CVE-2017-9786 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
	NOT-FOR-US: ProjectSend
CVE-2017-9785 (Csrf.cs in NancyFX Nancy before 1.4.4 and 2.x before 2.0-dangermouse ...)
	NOT-FOR-US: NancyFX Nancy
CVE-2017-9784
	RESERVED
CVE-2017-9783 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
	NOT-FOR-US: ProjectSend
CVE-2017-10599
	RESERVED
CVE-2017-10598
	RESERVED
CVE-2017-10597
	RESERVED
CVE-2017-10596
	RESERVED
CVE-2017-10595
	RESERVED
CVE-2017-10594
	RESERVED
CVE-2017-10593
	RESERVED
CVE-2017-10592
	RESERVED
CVE-2017-10591
	RESERVED
CVE-2017-10590
	RESERVED
CVE-2017-10589
	RESERVED
CVE-2017-10588
	RESERVED
CVE-2017-10587
	RESERVED
CVE-2017-10586
	RESERVED
CVE-2017-10585
	RESERVED
CVE-2017-10584
	RESERVED
CVE-2017-10583
	RESERVED
CVE-2017-10582
	RESERVED
CVE-2017-10581
	RESERVED
CVE-2017-10580
	RESERVED
CVE-2017-10579
	RESERVED
CVE-2017-10578
	RESERVED
CVE-2017-10577
	RESERVED
CVE-2017-10576
	RESERVED
CVE-2017-10575
	RESERVED
CVE-2017-10574
	RESERVED
CVE-2017-10573
	RESERVED
CVE-2017-10572
	RESERVED
CVE-2017-10571
	RESERVED
CVE-2017-10570
	RESERVED
CVE-2017-10569
	RESERVED
CVE-2017-10568
	RESERVED
CVE-2017-10567
	RESERVED
CVE-2017-10566
	RESERVED
CVE-2017-10565
	RESERVED
CVE-2017-10564
	RESERVED
CVE-2017-10563
	RESERVED
CVE-2017-10562
	RESERVED
CVE-2017-10561
	RESERVED
CVE-2017-10560
	RESERVED
CVE-2017-10559
	RESERVED
CVE-2017-10558
	RESERVED
CVE-2017-10557
	RESERVED
CVE-2017-10556
	RESERVED
CVE-2017-10555
	RESERVED
CVE-2017-10554
	RESERVED
CVE-2017-10553
	RESERVED
CVE-2017-10552
	RESERVED
CVE-2017-10551
	RESERVED
CVE-2017-10550
	RESERVED
CVE-2017-10549
	RESERVED
CVE-2017-10548
	RESERVED
CVE-2017-10547
	RESERVED
CVE-2017-10546
	RESERVED
CVE-2017-10545
	RESERVED
CVE-2017-10544
	RESERVED
CVE-2017-10543
	RESERVED
CVE-2017-10542
	RESERVED
CVE-2017-10541
	RESERVED
CVE-2017-10540
	RESERVED
CVE-2017-10539
	RESERVED
CVE-2017-10538
	RESERVED
CVE-2017-10537
	RESERVED
CVE-2017-10536
	RESERVED
CVE-2017-10535
	RESERVED
CVE-2017-10534
	RESERVED
CVE-2017-10533
	RESERVED
CVE-2017-10532
	RESERVED
CVE-2017-10531
	RESERVED
CVE-2017-10530
	RESERVED
CVE-2017-10529
	RESERVED
CVE-2017-10528
	RESERVED
CVE-2017-10527
	RESERVED
CVE-2017-10526
	RESERVED
CVE-2017-10525
	RESERVED
CVE-2017-10524
	RESERVED
CVE-2017-10523
	RESERVED
CVE-2017-10522
	RESERVED
CVE-2017-10521
	RESERVED
CVE-2017-10520
	RESERVED
CVE-2017-10519
	RESERVED
CVE-2017-10518
	RESERVED
CVE-2017-10517
	RESERVED
CVE-2017-10516
	RESERVED
CVE-2017-10515
	RESERVED
CVE-2017-10514
	RESERVED
CVE-2017-10513
	RESERVED
CVE-2017-10512
	RESERVED
CVE-2017-10511
	RESERVED
CVE-2017-10510
	RESERVED
CVE-2017-10509
	RESERVED
CVE-2017-10508
	RESERVED
CVE-2017-10507
	RESERVED
CVE-2017-10506
	RESERVED
CVE-2017-10505
	RESERVED
CVE-2017-10504
	RESERVED
CVE-2017-10503
	RESERVED
CVE-2017-10502
	RESERVED
CVE-2017-10501
	RESERVED
CVE-2017-10500
	RESERVED
CVE-2017-10499
	RESERVED
CVE-2017-10498
	RESERVED
CVE-2017-10497
	RESERVED
CVE-2017-10496
	RESERVED
CVE-2017-10495
	RESERVED
CVE-2017-10494
	RESERVED
CVE-2017-10493
	RESERVED
CVE-2017-10492
	RESERVED
CVE-2017-10491
	RESERVED
CVE-2017-10490
	RESERVED
CVE-2017-10489
	RESERVED
CVE-2017-10488
	RESERVED
CVE-2017-10487
	RESERVED
CVE-2017-10486
	RESERVED
CVE-2017-10485
	RESERVED
CVE-2017-10484
	RESERVED
CVE-2017-10483
	RESERVED
CVE-2017-10482
	RESERVED
CVE-2017-10481
	RESERVED
CVE-2017-10480
	RESERVED
CVE-2017-10479
	RESERVED
CVE-2017-10478
	RESERVED
CVE-2017-10477
	RESERVED
CVE-2017-10476
	RESERVED
CVE-2017-10475
	RESERVED
CVE-2017-10474
	RESERVED
CVE-2017-10473
	RESERVED
CVE-2017-10472
	RESERVED
CVE-2017-10471
	RESERVED
CVE-2017-10470
	RESERVED
CVE-2017-10469
	RESERVED
CVE-2017-10468
	RESERVED
CVE-2017-10467
	RESERVED
CVE-2017-10466
	RESERVED
CVE-2017-10465
	RESERVED
CVE-2017-10464
	RESERVED
CVE-2017-10463
	RESERVED
CVE-2017-10462
	RESERVED
CVE-2017-10461
	RESERVED
CVE-2017-10460
	RESERVED
CVE-2017-10459
	RESERVED
CVE-2017-10458
	RESERVED
CVE-2017-10457
	RESERVED
CVE-2017-10456
	RESERVED
CVE-2017-10455
	RESERVED
CVE-2017-10454
	RESERVED
CVE-2017-10453
	RESERVED
CVE-2017-10452
	RESERVED
CVE-2017-10451
	RESERVED
CVE-2017-10450
	RESERVED
CVE-2017-10449
	RESERVED
CVE-2017-10448
	RESERVED
CVE-2017-10447
	RESERVED
CVE-2017-10446
	RESERVED
CVE-2017-10445
	RESERVED
CVE-2017-10444
	RESERVED
CVE-2017-10443
	RESERVED
CVE-2017-10442
	RESERVED
CVE-2017-10441
	RESERVED
CVE-2017-10440
	RESERVED
CVE-2017-10439
	RESERVED
CVE-2017-10438
	RESERVED
CVE-2017-10437
	RESERVED
CVE-2017-10436
	RESERVED
CVE-2017-10435
	RESERVED
CVE-2017-10434
	RESERVED
CVE-2017-10433
	RESERVED
CVE-2017-10432
	RESERVED
CVE-2017-10431
	RESERVED
CVE-2017-10430
	RESERVED
CVE-2017-10429
	RESERVED
CVE-2017-10428 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10427 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
	NOT-FOR-US: Oracle
CVE-2017-10426 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10425 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10424 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
	NOT-FOR-US: MySQL Enterprise Monitor component of Oracle MySQL
CVE-2017-10423 (Vulnerability in the Oracle Retail Back Office component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10422 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10421 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10420 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10419 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10418 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10417 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10416 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10415 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10414 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10413 (Vulnerability in the Oracle Mobile Field Service component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10412 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10411 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10410 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10409 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10408 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10407 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10406 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10405 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10404 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10403 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10402 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10401 (Vulnerability in the Oracle Hospitality Cruise Materials Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10400 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10399 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10398 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10397 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10396 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component ...)
	NOT-FOR-US: Oracle
CVE-2017-10395 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10394 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10393 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10392 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.30-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10391 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10390
	RESERVED
CVE-2017-10389 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10388 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10387 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10386 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10385 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-10384 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4002-1 DSA-3944-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10383 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10382 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10381 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10380 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10379 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4002-1 DSA-3944-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10378 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4002-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.29-1
	[stretch] - mariadb-10.1 <postponed> (Minor issue)
	- mariadb-10.0 <removed>
	[jessie] - mariadb-10.0 <postponed> (Minor issue)
	- mysql-5.7 <not-affected> (Fixed before initial release to Debian, upstream 5.7.12)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
	NOTE: https://jira.mariadb.org/browse/MDEV-13819
	NOTE: https://github.com/MariaDB/server/commit/b000e169562697aa072600695d4f0c0412f94f4f
CVE-2017-10377
	RESERVED
CVE-2017-10376
	RESERVED
CVE-2017-10375 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10374
	RESERVED
CVE-2017-10373 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10372 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10371
	RESERVED
CVE-2017-10370 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10369 (Vulnerability in the Oracle Virtual Directory component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10368 (Vulnerability in the PeopleSoft Enterprise SCM eProcurement component ...)
	NOT-FOR-US: Oracle
CVE-2017-10367 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10366 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10365 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.2 <removed> (bug #884065)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10364 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10363 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10362 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10361 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
	NOT-FOR-US: Oracle
CVE-2017-10360 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10359 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...)
	NOT-FOR-US: Oracle
CVE-2017-10358 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10357 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10356 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10355 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10354 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10353 (Vulnerability in the Oracle Hospitality Hotel Mobile component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10352 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10351 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10350 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
CVE-2017-10349 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10348 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10347 (Vulnerability in the Java SE, JRockit component of Oracle Java SE ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10346 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10345 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10344 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10343 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10342 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10341 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10340 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10339 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10338 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10337 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10336 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10335 (Vulnerability in the PeopleSoft Enterprise PT PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10334 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10333 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle
CVE-2017-10332 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10331 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10330 (Vulnerability in the Oracle Common Applications component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10329 (Vulnerability in the Oracle Global Order Promising component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10328 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10327 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10326 (Vulnerability in the Oracle Common Applications Calendar component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10325 (Vulnerability in the Oracle Common Applications Calendar component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10324 (Vulnerability in the Oracle Applications Technology Stack component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10323 (Vulnerability in the Oracle Web Applications Desktop Integrator ...)
	NOT-FOR-US: Oracle
CVE-2017-10322 (Vulnerability in the Oracle Common Applications Calendar component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10321 (Vulnerability in the Core RDBMS component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-10320 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mariadb-10.2 <removed> (bug #884065)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10319 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10318 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10317 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10316 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10315 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle
CVE-2017-10314 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10313 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10312 (Vulnerability in the Oracle Hyperion BI+ component of Oracle Hyperion ...)
	NOT-FOR-US: Oracle
CVE-2017-10311 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10310 (Vulnerability in the Oracle Hyperion Financial Reporting component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10309 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-9 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-10308 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10307
	RESERVED
CVE-2017-10306 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10305
	RESERVED
CVE-2017-10304 (Vulnerability in the PeopleSoft Enterprise HCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10303 (Vulnerability in the Oracle Interaction Center Intelligence component ...)
	NOT-FOR-US: Oracle
CVE-2017-10302 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle
CVE-2017-10301 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10300 (Vulnerability in the Siebel CRM Desktop component of Oracle Siebel CRM ...)
	NOT-FOR-US: Oracle
CVE-2017-10299 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10298
	RESERVED
CVE-2017-10297
	RESERVED
CVE-2017-10296 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10295 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10294 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10293 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-7 <not-affected> (Seems to be specific to Oracle Java)
	- openjdk-6 <not-affected> (Seems to be specific to Oracle Java)
CVE-2017-10292 (Vulnerability in the RDBMS Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2017-10291
	RESERVED
CVE-2017-10290
	RESERVED
CVE-2017-10289
	RESERVED
CVE-2017-10288
	RESERVED
CVE-2017-10287 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10286 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3944-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10285 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10284 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10283 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10282 (Vulnerability in the Core RDBMS component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-10281 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10280 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10279 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10278 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10277 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	- mysql-connector-net <unfixed> (bug #883923)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
CVE-2017-10276 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10275 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10274 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-4048-1 DSA-4015-1 DLA-1187-1}
	- openjdk-9 9.0.1+11-1
	- openjdk-8 8u151-b12-1
	[experimental] - openjdk-7 7u151-2.6.11-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10273 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10272 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10271 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10270 (Vulnerability in the Oracle Identity Manager Connector component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10269 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10268 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-4002-1 DLA-1141-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.29-1
	[stretch] - mariadb-10.1 <postponed> (Minor issue)
	- mariadb-10.0 <removed>
	[jessie] - mariadb-10.0 <postponed> (Minor issue)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <removed> (bug #878402)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10267 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10266 (Vulnerability in the Oracle Tuxedo component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10265 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle
CVE-2017-10264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle
CVE-2017-10263 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle
CVE-2017-10262 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10261 (Vulnerability in the XML Database component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-10260 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle
CVE-2017-10259 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10258 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10257 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10256 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10255 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10254 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10253 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10252 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10251 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10250 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10249 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10248 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10247 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10246 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10245 (Vulnerability in the Oracle General Ledger component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10244 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10243 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10242 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10241 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10240 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10239 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10238 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10237 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10236 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10235 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10234 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2017-10233 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10232 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10231 (Vulnerability in the Oracle Hospitality Cruise AffairWhere component ...)
	NOT-FOR-US: Oracle
CVE-2017-10230 (Vulnerability in the Oracle Hospitality Cruise Dining Room Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10229 (Vulnerability in the Oracle Hospitality Cruise Materials Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10228 (Vulnerability in the Oracle Hospitality Cruise Shipboard Property ...)
	NOT-FOR-US: Oracle
CVE-2017-10227 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10226 (Vulnerability in the Oracle Hospitality Cruise Fleet Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10225 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10224 (Vulnerability in the Oracle Hospitality Inventory Management component ...)
	NOT-FOR-US: Oracle
CVE-2017-10223 (Vulnerability in the Oracle Hospitality Materials Control component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10222 (Vulnerability in the Oracle Hospitality Materials Control component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10221 (Vulnerability in the Oracle Hospitality RES 3700 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10220 (Vulnerability in the Hospitality Property Interfaces component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10219 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10218 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10217 (Vulnerability in the Oracle Hospitality Guest Access component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10216 (Vulnerability in the Hospitality Property Interfaces component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10215 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: PeopleSoft
CVE-2017-10214 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
	NOT-FOR-US: Oracle
CVE-2017-10213 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10212 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10211 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10210 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10209 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10208 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10207 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10206 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10205 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10204 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10203 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	- mysql-connector-net <unfixed> (bug #883923)
	[stretch] - mysql-connector-net <no-dsa> (Minor issue)
	[jessie] - mysql-connector-net <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-net <no-dsa> (Minor issue)
CVE-2017-10202 (Vulnerability in the OJVM component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-10201 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10200 (Vulnerability in the Oracle Hospitality e7 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10199 (Vulnerability in the Oracle iLearning component of Oracle iLearning ...)
	NOT-FOR-US: Oracle
CVE-2017-10198 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10197 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-10196 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10195 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10194 (Vulnerability in the Oracle Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle
CVE-2017-10193 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10192 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10191 (Vulnerability in the Oracle Web Analytics component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10190 (Vulnerability in the Java VM component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-10189 (Vulnerability in the Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10188 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10187 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10186 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10185 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10184 (Vulnerability in the Oracle Field Service component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10183 (Vulnerability in the Oracle Retail Xstore Point of Service component ...)
	NOT-FOR-US: Oracle
CVE-2017-10182 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-10181 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10180 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10179 (Vulnerability in the Application Management Pack for Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10178 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10177 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10176 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
CVE-2017-10175 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10174 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10173 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10172 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10171 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10170 (Vulnerability in the Oracle Field Service component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10169 (Vulnerability in the Oracle Hospitality 9700 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10168 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10167 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10166 (Vulnerability in the Oracle Security Service component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10165 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10164 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10163 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
	NOT-FOR-US: Oracle
CVE-2017-10162 (Vulnerability in the Siebel Core - Server Framework component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10161 (Vulnerability in the Oracle Engineering Data Management component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10160 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Primavera
CVE-2017-10159 (Vulnerability in the Oracle Communications Policy Management component ...)
	NOT-FOR-US: Oracle
CVE-2017-10158 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10157 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10156 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10155 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #878398)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html#AppendixMSQL
CVE-2017-10154 (Vulnerability in the Oracle Access Manager component of Oracle Fusion ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10153 (Vulnerability in the Oracle Communications WebRTC Session Controller ...)
	NOT-FOR-US: Oracle
CVE-2017-10152 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10151 (Vulnerability in the Oracle Identity Manager component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10150 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
	NOT-FOR-US: Primavera
CVE-2017-10149 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
	NOT-FOR-US: Primavera
CVE-2017-10148 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10147 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10146 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10145 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10144 (Vulnerability in the Oracle Applications Manager component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10143 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10142 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10141 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10140 (Postfix before 2.11.10, 3.0.x before 3.0.10, 3.1.x before 3.1.6, and ...)
	{DLA-1137-1 DLA-1136-1 DLA-1135-1}
	- db5.3 5.3.28-13.1 (bug #872436)
	[stretch] - db5.3 5.3.28-12+deb9u1
	[jessie] - db5.3 5.3.28-9+deb8u1
	- db5.2 <removed>
	- db5.1 <removed>
	- db4.8 <removed>
	- db4.7 <removed>
	- db4.6 <removed>
	- db4.5 <removed>
	- db4.4 <removed>
	- db4.3 <removed>
	- db4.2 <removed>
	- db4.1 <removed>
	- db4.0 <removed>
	- db <removed>
	[jessie] - db 5.1.29-9+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/12/1
	NOTE: Patch as used in Fedora: https://src.fedoraproject.org/rpms/libdb/raw/8047fa8580659fcae740c25e91b490539b8453eb/f/db-5.3.28-cwd-db_config.patch
	NOTE: and is acknowledged by libdb upstream, cf. https://bugzilla.redhat.com/show_bug.cgi?id=1464032#c9
CVE-2017-10139
	RESERVED
CVE-2017-10138
	RESERVED
CVE-2017-10137 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10136 (Vulnerability in the Oracle Hospitality Simphony component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10135 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
	NOTE: OpenJDK-8 upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/079cd6c5de27
CVE-2017-10134 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10133 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10132 (Vulnerability in the Hospitality Hotel Mobile component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10131 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2017-10130 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10129 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.24-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-10128 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10127
	RESERVED
CVE-2017-10126 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10125 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-10124
	RESERVED
CVE-2017-10123 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10122 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10121 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10120 (Vulnerability in the RDBMS Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2017-10119 (Vulnerability in the Oracle Service Bus component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10118 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
CVE-2017-10117 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10116 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10115 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10114 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-4005-1}
	- openjfx 8u141-b14-1 (low; bug #870860)
CVE-2017-10113 (Vulnerability in the Oracle Common Applications component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10112 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-10111 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3919-1}
	- openjdk-8 8u141-b15-1
CVE-2017-10110 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10109 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10108 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10107 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10106 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10105 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-10104 (Vulnerability in the Java Advanced Management Console component of ...)
	NOT-FOR-US: Java Advanced Management Console
CVE-2017-10103 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10102 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <unfixed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10101 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10100 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10099 (Vulnerability in the SPARC M7, T7, S7 based Servers component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10098 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10097 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10096 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10095 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10094 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10093 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10092 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10091 (Vulnerability in the Enterprise Manager Base Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10090 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
CVE-2017-10089 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10088 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10087 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10086 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-4005-1}
	- openjfx 8u141-b14-1 (low; bug #870860)
CVE-2017-10085 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10084 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10083 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10082 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10081 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10080 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10079 (Vulnerability in the Oracle Hospitality Suites Management component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10078 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-3919-1}
	- openjdk-8 8u141-b15-1
CVE-2017-10077 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10076 (Vulnerability in the Oracle Hospitality Simphony First Edition Venue ...)
	NOT-FOR-US: Oracle
CVE-2017-10075 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10074 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10073 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10072 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10071 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10070 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10069 (Vulnerability in the Oracle Payment Interface component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10068 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
	NOT-FOR-US: Oracle
CVE-2017-10067 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10066 (Vulnerability in the Oracle Applications Technology Stack component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10065 (Vulnerability in the Oracle Retail Point-of-Service component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10064 (Vulnerability in the Hospitality WebSuite8 Cloud Service component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10063 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10062 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10061 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10060 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
	NOT-FOR-US: Oracle
CVE-2017-10059 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10058 (Vulnerability in the Oracle Business Intelligence Enterprise Edition ...)
	NOT-FOR-US: Oracle
CVE-2017-10057 (Vulnerability in the PeopleSoft Enterprise PRTL Interaction Hub ...)
	NOT-FOR-US: Oracle
CVE-2017-10056 (Vulnerability in the Oracle Hospitality 9700 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10055 (Vulnerability in the Oracle iPlanet Web Server component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10054 (Vulnerability in the Oracle Hospitality Cruise Materials Management ...)
	NOT-FOR-US: Oracle
CVE-2017-10053 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3954-1 DSA-3919-1 DLA-1073-1}
	- openjdk-8 8u141-b15-1
	[experimental] - openjdk-7 7u151-2.6.11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-10052 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10051 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10050 (Vulnerability in the Oracle Hospitality Suite8 component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10049 (Vulnerability in the Siebel Core CRM component of Oracle Siebel CRM ...)
	NOT-FOR-US: Oracle
CVE-2017-10048 (Vulnerability in the Oracle Enterprise Repository component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10047 (Vulnerability in the MICROS BellaVita component of Oracle Hospitality ...)
	NOT-FOR-US: Oracle
CVE-2017-10046 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2017-10045 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10044 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-10043 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10042 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10041 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10040 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10039 (Vulnerability in the Oracle Agile PLM component of Oracle Supply Chain ...)
	NOT-FOR-US: Oracle
CVE-2017-10038 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2017-10037 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10036 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10035 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10034 (Vulnerability in the Oracle BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10033 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10032 (Vulnerability in the Oracle Transportation Management component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10031 (Vulnerability in the Oracle Communications Convergence component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10030 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10029 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10028 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10027 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10026 (Vulnerability in the Oracle SOA Suite component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10025 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10024 (Vulnerability in the BI Publisher component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-10023 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10022 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10021 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10020 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10019 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10018 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-10017 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10016 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10015 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10014 (Vulnerability in the Oracle Hospitality Hotel Mobile component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10013 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10012 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10011 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10010 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10009 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10008 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10007 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10006 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10005 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-10004 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10003 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle
CVE-2017-10002 (Vulnerability in the Oracle Hospitality Inventory Management component ...)
	NOT-FOR-US: Oracle
CVE-2017-10001 (Vulnerability in the Oracle Hospitality Simphony First Edition ...)
	NOT-FOR-US: Oracle
CVE-2017-10000 (Vulnerability in the Oracle Hospitality Reporting and Analytics ...)
	NOT-FOR-US: Oracle
CVE-2017-9782 (JasPer 2.0.12 allows remote attackers to cause a denial of service ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/issues/140
CVE-2017-9781 (A cross site scripting (XSS) vulnerability exists in Check_MK versions ...)
	[experimental] - check-mk 1.4.0p9-1
	- check-mk <unfixed> (bug #865497)
	[wheezy] - check-mk <ignored> (Minor issue)
	NOTE: http://mathias-kettner.com/check_mk_werks.php?werk_id=4757
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commitdiff;h=c248f0b6ff7b15ced9f07a3df8a80fad656ea5b1
CVE-2017-9779 (OCaml compiler allows attackers to have unspecified impact via unknown ...)
	- ocaml <unfixed> (bug #874700)
	[stretch] - ocaml <no-dsa> (Minor issue)
	[jessie] - ocaml <no-dsa> (Minor issue)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	NOTE: https://sympa.inria.fr/sympa/arc/caml-list/2017-06/msg00094.html
	NOTE: https://caml.inria.fr/mantis/view.php?id=7557
	NOTE: Make sure any potential advisories are clear that any created suid
	NOTE: binaries using ocaml must be re-created once ocaml has been updated.
CVE-2012-6706 (A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as ...)
	{DLA-1014-1 DLA-1003-1}
	- unrar-nonfree 1:5.5.5-1 (bug #865461)
	[stretch] - unrar-nonfree 1:5.3.2-1+deb9u1
	[jessie] - unrar-nonfree 1:5.2.7-0.1+deb8u1
	- libclamunrar 0.99-4 (bug #867223)
	[stretch] - libclamunrar 0.99-3+deb9u1
	[jessie] - libclamunrar 0.99-0+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/9
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd
CVE-2017-9778 (GNU Debugger (GDB) 8.0 and earlier fails to detect a negative length ...)
	- gdb <unfixed> (unimportant; bug #865607)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21600
CVE-2017-9777
	RESERVED
CVE-2017-9776 (Integer overflow leading to Heap buffer overflow in JBIG2Stream.cc in ...)
	{DSA-4079-2 DSA-4079-1 DLA-1074-1}
	- poppler 0.57.0-2 (bug #865679)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101541
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=a3a98a6d83dfbf49f565f5aa2d7c07153a7f62fc
CVE-2017-9775 (Stack buffer overflow in GfxState.cc in pdftocairo in Poppler before ...)
	{DSA-4079-1 DLA-1074-1}
	- poppler 0.57.0-2 (bug #865680)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101540
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=8f4ff8243a3d599ff2a6c08b1da389e606ba4fc9
CVE-2017-9774 (Remote Code Execution was found in Horde_Image 2.x before 2.5.0 via a ...)
	- php-horde-image 2.5.1-1 (bug #865505)
	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
CVE-2017-9773 (Denial of Service was found in Horde_Image 2.x before 2.5.0 via a ...)
	- php-horde-image 2.5.1-1 (bug #865504)
	[jessie] - php-horde-image <not-affected> (Only Horde_Image above 2.3.0 affected)
	NOTE: https://lists.horde.org/archives/announce/2017/001234.html
CVE-2017-9772 (Insufficient sanitisation in the OCaml compiler versions 4.04.0 and ...)
	- ocaml <not-affected> (Only affects 4.04.0 and 4.04.1)
	NOTE: https://caml.inria.fr/mantis/view.php?id=7557
CVE-2017-9771 (install\save.php in WebsiteBaker v2.10.0 allows remote attackers to ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-9770 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-9769 (A specially crafted IOCTL can be issued to the rzpnk.sys driver in ...)
	NOT-FOR-US: Razer Synapse
CVE-2017-9768
	RESERVED
CVE-2017-9767 (Multiple cross-site scripting (XSS) vulnerabilities in Quali ...)
	NOT-FOR-US: Quali CloudShell
CVE-2017-9766 (In Wireshark 2.2.7, PROFINET IO data with a high recursion depth allows ...)
	- wireshark 2.4.0-1 (low; bug #870175)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13811
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d6e888400ba64de3147d1111a4c23edf389b0000
CVE-2017-9765 (Integer overflow in the soap_get function in Genivia gSOAP 2.7.x and ...)
	{DLA-1036-1}
	- gsoap 2.8.48-1
	[stretch] - gsoap 2.8.35-4+deb9u1
	[jessie] - gsoap 2.8.17-1+deb8u1
	NOTE: http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
	NOTE: https://www.genivia.com/changelog.html#Version_2.8.48_upd_(06/21/2017)
	NOTE: SuSE patch: https://bugzilla.suse.com/attachment.cgi?id=733005
CVE-2017-9764 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.17 allows ...)
	NOT-FOR-US: MetInfo
CVE-2017-9780 (In Flatpak before 0.8.7, a third-party app repository could include ...)
	{DSA-3895-1}
	- flatpak 0.8.7-1 (bug #865413)
	NOTE: https://github.com/flatpak/flatpak/issues/845
CVE-2017-10923 (Xen through 4.8.x does not validate a vCPU array index upon the sending ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <not-affected> (Vulnerable code not present)
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-225.html
CVE-2017-10922 (The grant-table feature in Xen through 4.8.x mishandles MMIO region ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10921 (The grant-table feature in Xen through 4.8.x does not ensure sufficient ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10920 (The grant-table feature in Xen through 4.8.x mishandles a ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-224.html
CVE-2017-10919 (Xen through 4.8.x mishandles virtual interrupt injection, which allows ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <ignored> (No backport available, limited to arm)
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: https://xenbits.xen.org/xsa/advisory-223.html
CVE-2017-10918 (Xen through 4.8.x does not validate memory allocations during certain ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-222.html
CVE-2017-10917 (Xen through 4.8.x does not validate the port numbers of polled event ...)
	{DSA-3969-1}
	- xen 4.8.1-1+deb9u3
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-221.html
CVE-2017-10916 (The vCPU context-switch implementation in Xen through 4.8.x improperly ...)
	- xen 4.8.1-1+deb9u3
	[stretch] - xen 4.8.1-1+deb9u3
	[jessie] - xen <not-affected> (Vulnerable code not present)
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	NOTE: https://xenbits.xen.org/xsa/advisory-220.html
CVE-2017-10915 (The shadow-paging feature in Xen through 4.8.x mismanages page ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-219.html
CVE-2017-10914 (The grant-table feature in Xen through 4.8.x has a race condition ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
CVE-2017-10913 (The grant-table feature in Xen through 4.8.x provides false mapping ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-218.html
CVE-2017-10912 (Xen through 4.8.x mishandles page transfer, which allows guest OS users ...)
	{DSA-3969-1 DLA-1132-1}
	- xen 4.8.1-1+deb9u3
	NOTE: https://xenbits.xen.org/xsa/advisory-217.html
CVE-2017-10911 (The make_response function in drivers/block/xen-blkback/blkback.c in ...)
	{DSA-3945-1 DSA-3927-1 DSA-3920-1 DLA-1099-1}
	- linux 4.11.11-1
	- qemu 1:2.8+dfsg-7 (bug #869706)
	[wheezy] - qemu <no-dsa> (Wheezy's xen uses an embedded qemu copy)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Wheezy's xen uses an embedded qemu copy)
	NOTE: https://xenbits.xen.org/xsa/advisory-216.html
CVE-2017-1000381 (The c-ares function `ares_parse_naptr_reply()`, which is used for ...)
	{DLA-998-1}
	- c-ares 1.12.0-4 (bug #865360)
	[stretch] - c-ares 1.12.0-1+deb9u1
	[jessie] - c-ares 1.10.0-2+deb8u2
	NOTE: https://c-ares.haxx.se/adv_20170620.html
	NOTE: Patch: https://c-ares.haxx.se/CVE-2017-1000381.patch
CVE-2017-9763 (The grub_ext2_read_block function in fs/ext2.c in GNU GRUB before ...)
	- grub2 2.02~beta2-8 (unimportant)
	- radare2 1.6.0+dfsg-1 (bug #869423)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/65000a7fd9eea62359e6d6714f17b94a99a82edd
	NOTE: https://github.com/radare/radare2/issues/7723
	NOTE: Not a security issue for Grub
CVE-2017-9762 (The cmd_info function in libr/core/cmd_info.c in radare2 1.5.0 allows ...)
	- radare2 1.6.0+dfsg-1 (low; bug #869426)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7726
	NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
CVE-2017-9761 (The find_eoq function in libr/core/cmd.c in radare2 1.5.0 allows remote ...)
	- radare2 1.6.0+dfsg-1 (low; bug #869428)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/00e8f205475332d7842d0f0d1481eeab4e83017c
	NOTE: https://github.com/radare/radare2/issues/7727
CVE-2017-9760
	RESERVED
CVE-2017-9759 (SQL Injection exists in admin/index.php in Zenbership 1.0.8 via the ...)
	NOT-FOR-US: Zenbership
CVE-2017-9758 (Savitech driver packages for Windows silently install a self-signed ...)
	NOT-FOR-US: Savitech driver packages for Windows
CVE-2017-9757 (IPFire 2.19 has a Remote Command Injection vulnerability in ids.cgi via ...)
	NOT-FOR-US: IPFire
CVE-2017-1000375 (NetBSD maps the run-time link-editor ld.so directly below the stack ...)
	NOT-FOR-US: NetBSD
CVE-2017-1000374 (A flaw exists in NetBSD's implementation of the stack guard page that ...)
	NOT-FOR-US: NetBSD
CVE-2017-1000373 (The OpenBSD qsort() function is recursive, and not randomized, an ...)
	NOT-FOR-US: OpenBSD
CVE-2017-1000372 (A flaw exists in OpenBSD's implementation of the stack guard page that ...)
	NOT-FOR-US: OpenBSD
CVE-2017-1000364 (An issue was discovered in the size of the stack guard page on Linux, ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.11.6-1
	[stretch] - linux 4.9.30-2+deb9u1
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000365 (The Linux Kernel imposes a size restriction on the arguments and ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.11.11-1
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
	NOTE: Fixed by: https://git.kernel.org/linus/98da7d08850fb8bdeb395d6368ed15753304aa0c
CVE-2017-1000366 (glibc contains a vulnerability that allows specially crafted ...)
	{DSA-3887-1 DLA-992-1}
	- glibc 2.24-12
	- eglibc <removed>
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000369 (Exim supports the use of multiple &quot;-p&quot; command line arguments which ...)
	{DSA-3888-1 DLA-1001-1}
	- exim4 4.89-3
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000370 (The offset2lib patch as used in the Linux Kernel contains a ...)
	{DSA-3981-1}
	- linux 4.11.11-1
	[wheezy] - linux <not-affected> (Memory layout is different)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000371 (The offset2lib patch as used by the Linux Kernel contains a ...)
	{DSA-3981-1}
	- linux 4.11.11-1
	[wheezy] - linux <not-affected> (Memory layout is different)
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000376 (libffi requests an executable stack allowing attackers to more easily ...)
	{DSA-3889-1 DLA-997-1}
	- libffi 3.2.1-4
	NOTE: https://github.com/libffi/libffi/commit/978c9540154d320525488db1b7049277122f736d
	NOTE: and additionally cf. #751907 for the configure flag.
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000377 (An issue was discovered in the size of the default stack guard page on ...)
	NOT-FOR-US: GRSecurity/PAX Linux specific assignment
CVE-2017-9756 (The aarch64_ext_ldst_reglist function in opcodes/aarch64-dis.c in GNU ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21595
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=cd3ea7c69acc5045eb28f9bf80d923116e15e4f5
CVE-2017-9755 (opcodes/i386-dis.c in GNU Binutils 2.28 does not consider the number of ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21594
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0d96e4df4812c3bad77c229dfef47a9bc115ac12
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=8cac017d35ef374e65acc98818a17cf8a652cbd0
CVE-2017-9754 (The process_otr function in bfd/versados.c in the Binary File ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac
CVE-2017-9753 (The versados_mkobject function in bfd/versados.c in the Binary File ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21591
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04f963fd489cae724a60140e13984415c205f4ac
CVE-2017-9752 (bfd/vms-alpha.c in the Binary File Descriptor (BFD) library (aka ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21589
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c53d2e6d744da000aaafe0237bced090aab62818
CVE-2017-9751 (opcodes/rl78-decode.opc in GNU Binutils 2.28 has an unbounded GETBYTE ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21588
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63323b5b23bd83fa7b04ea00dff593c933e9b0e3
CVE-2017-9750 (opcodes/rx-decode.opc in GNU Binutils 2.28 lacks bounds checks for ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21587
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=db5fa770268baf8cc82cf9b141d69799fd485fe2
CVE-2017-9749 (The *regs* macros in opcodes/bfin-dis.c in GNU Binutils 2.28 allow ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21586
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=08c7881b814c546efc3996fd1decdf0877f7a779
CVE-2017-9748 (The ieee_object_p function in bfd/ieee.c in the Binary File Descriptor ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21582
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=63634bb4a107877dd08b6282e28e11cfd1a1649e
CVE-2017-9747 (The ieee_archive_p function in bfd/ieee.c in the Binary File Descriptor ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21581
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=62b76e4b6e0b4cb5b3e0053d1de4097b32577049
CVE-2017-9746 (The disassemble_bytes function in objdump.c in GNU Binutils 2.28 allows ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21580
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ae87f7e73eba29bd38b3a9684a10b948ed715612
CVE-2017-9745 (The _bfd_vms_slurp_etir function in bfd/vms-alpha.c in the Binary File ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21579
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=76800cba595efc3fe95a446c2d664e42ae4ee869
CVE-2017-9744 (The sh_elf_set_mach_from_flags function in bfd/elf32-sh.c in the Binary ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21578
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f461bbd847f15657f3dd2f317c30c75a7520da1f
CVE-2017-9743 (The print_insn_score32 function in opcodes/score7-dis.c:552 in GNU ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21577
CVE-2017-9742 (The score_opcodes function in opcodes/score7-dis.c in GNU Binutils 2.28 ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21576
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e64519d1ed7fd8f990f05a5562d5b5c0c44b7d7e
CVE-2017-9741 (install/make-config.php in ProjectSend r754 allows remote attackers to ...)
	NOT-FOR-US: ProjectSend
CVE-2017-9740 (The xps_decode_font_char_imp function in xps/xpsfont.c in Artifex ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698064
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=961b10cdd71403072fb99401a45f3bef6ce53626
CVE-2017-9739 (The Ins_JMPR function in base/ttinterp.c in Artifex Ghostscript ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869910)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698063
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c501a58f8d5650c8ba21d447c0d6f07eafcb0f15 (ghostpdl-9.22rc1)
CVE-2017-9738
	RESERVED
CVE-2017-9737
	RESERVED
CVE-2017-9736 (SPIP 3.1.x before 3.1.6 and 3.2.x before Beta 3 does not remove shell ...)
	{DSA-3890-1}
	- spip 3.1.4-3 (bug #864921)
	[jessie] - spip <not-affected> (Vulnerable code not present)
	[wheezy] - spip <not-affected> (Vulnerable code not present)
	NOTE: https://contrib.spip.net/CRITICAL-security-update-SPIP-3-1-6-and-SPIP-3-2-Beta
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23593
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23594
CVE-2017-9734
	RESERVED
CVE-2017-9733
	RESERVED
CVE-2017-9732
	RESERVED
CVE-2017-9731 (In meta/classes/package_ipk.bbclass in Poky in poky-pyro 17.0.0 for ...)
	NOT-FOR-US: Poky for Yocto Project
CVE-2017-9730 (SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and ...)
	NOT-FOR-US: nuevoMailer
CVE-2017-9729 (In uClibc 0.9.33.2, there is stack exhaustion (uncontrolled recursion) ...)
	- uclibc <unfixed> (unimportant)
CVE-2017-9728 (In uClibc 0.9.33.2, there is an out-of-bounds read in the get_subexp ...)
	- uclibc <unfixed> (unimportant)
CVE-2017-9727 (The gx_ttfReader__Read function in base/gxttfb.c in Artifex Ghostscript ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869913)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698056
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=937ccd17ac65935633b2ebc06cb7089b91e17e6b (ghostpdl-9.22rc1)
CVE-2017-9726 (The Ins_MDRP function in base/ttinterp.c in Artifex Ghostscript ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869915)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=698055
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7755e67116e8973ee0e3b22d653df026a84fa01b (ghostpdl-9.22rc1)
CVE-2017-9735 (Jetty through 9.4.x is prone to a timing channel in ...)
	{DLA-1021-1 DLA-1020-1}
	- jetty9 9.2.22-1 (bug #864898)
	[stretch] - jetty9 <no-dsa> (Minor issue)
	- jetty8 <removed>
	[jessie] - jetty8 <no-dsa> (Minor issue)
	- jetty <removed>
	[jessie] - jetty <no-dsa> (Minor issue)
	NOTE: https://github.com/eclipse/jetty.project/issues/1556
	NOTE: https://github.com/eclipse/jetty.project/commit/042f325f1cd6e7891d72c7e668f5947b5457dc02
	NOTE: https://github.com/eclipse/jetty.project/commit/f3751d70787fd8ab93932a51c60514c2eb37cb58
	NOTE: https://github.com/eclipse/jetty.project/commit/2baa1abe4b1c380a30deacca1ed367466a1a62ea
CVE-2017-9725 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9724 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9723 (The touchscreen driver synaptics_dsx in Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-9722 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9721 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android boot loader (aboot)
CVE-2017-9720 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9719 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9718 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9717 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9716 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: qbt1000 driver in Android
CVE-2017-9715 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9714 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9713
	RESERVED
CVE-2017-9712 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9711
	RESERVED
CVE-2017-9710 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9709 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9708 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9707
	RESERVED
CVE-2017-9706 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9705 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9704
	RESERVED
CVE-2017-9703 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9702 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9701 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9700 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9699
	RESERVED
CVE-2017-9698 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9697 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9696 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9695
	RESERVED
CVE-2017-9694 (While parsing Netlink attributes in ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9693 (The length of attribute value for STA_EXT_CAPABILITY in ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9692 (When an atomic commit is issued on a writeback panel with a NULL ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9691 (There is a race condition in Android for MSM, Firefox OS for MSM, and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9690 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9689 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9688
	RESERVED
CVE-2017-9687 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9686 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9685 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9684 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9683 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-9682 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9681 (In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9680 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9679 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-9678 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9677 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9676 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-9675 (On D-Link DIR-605L devices, firmware before 2.08UIBetaB01.bin allows an ...)
	NOT-FOR-US: D-Link DIR-605L devices
CVE-2017-9674 (In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on ...)
	NOT-FOR-US: SimpleCE
CVE-2017-9673 (In SimpleCE 2.3.0, a CSRF vulnerability can be exploited to add an ...)
	NOT-FOR-US: SimpleCE
CVE-2017-9672
	RESERVED
CVE-2017-9671 (A heap overflow in apk (Alpine Linux's package manager) allows a ...)
	NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9670 (An uninitialized stack variable vulnerability in load_tic_series() in ...)
	- gnuplot 5.0.5+dfsg1-7 (unimportant; bug #864901)
	[stretch] - gnuplot 5.0.5+dfsg1-6+deb9u1
	[jessie] - gnuplot <not-affected> (Vulnerable code introduced later)
	[wheezy] - gnuplot <not-affected> (Vulnerable code introduced later)
	- gnuplot5 <removed> (unimportant; bug #864903)
	[jessie] - gnuplot5 <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceforge.net/p/gnuplot/bugs/1933/
	NOTE: The specific CVE is for the uninitialized stack variable fixed via set.c
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1044638#c5
	NOTE: Fixed by: https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e
	NOTE: Introduced by: https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6
	NOTE: Crash in a CLI tool, no security impact
CVE-2017-9669 (A heap overflow in apk (Alpine Linux's package manager) allows a ...)
	NOT-FOR-US: apk (Alpine's package manager)
CVE-2017-9668 (In admin\addgroup.php in CMS Made Simple 2.1.6, when adding a user ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-9667
	RESERVED
CVE-2017-9666
	RESERVED
CVE-2017-9665
	RESERVED
CVE-2017-9664
	RESERVED
CVE-2017-9663 (An Cleartext Storage of Sensitive Information issue was discovered in ...)
	NOT-FOR-US: General Motors (GM) and Shanghai OnStar (SOS) SOS iOS Client
CVE-2017-9662 (An Improper Privilege Management issue was discovered in Fuji Electric ...)
	NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9661 (An Uncontrolled Search Path Element issue was discovered in SIMPlight ...)
	NOT-FOR-US: SIMPlight SCADA Software
CVE-2017-9660 (A Heap-Based Buffer Overflow was discovered in Fuji Electric Monitouch ...)
	NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9659 (A Stack-Based Buffer Overflow issue was discovered in Fuji Electric ...)
	NOT-FOR-US: Fuji Electric Monitouch V-SFT
CVE-2017-9658 (Certain 802.11 network management messages have been determined to ...)
	NOT-FOR-US: Philips IntelliVue MX40
CVE-2017-9657 (Under specific 802.11 network conditions, a partial re-association of ...)
	NOT-FOR-US: Philips IntelliVue MX40
CVE-2017-9656 (The backend database of the Philips DoseWise Portal application ...)
	NOT-FOR-US: Philips DoseWise Portal
CVE-2017-9655 (A Cross-Site Scripting issue was discovered in OSIsoft PI Integrator ...)
	NOT-FOR-US: OSIsoft
CVE-2017-9654 (The Philips DoseWise Portal web-based application versions 1.1.7.333 ...)
	NOT-FOR-US: Philips DoseWise Portal
CVE-2017-9653 (An Improper Authorization issue was discovered in OSIsoft PI ...)
	NOT-FOR-US: OSIsoft
CVE-2017-9652
	RESERVED
CVE-2017-9651
	RESERVED
CVE-2017-9650 (An Unrestricted Upload of File with Dangerous Type issue was discovered ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9649 (A Use of Hard-Coded Cryptographic Key issue was discovered in Mirion ...)
	NOT-FOR-US: Mirion
CVE-2017-9648 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
	NOT-FOR-US: Solar Controls WATTConfig M Software
CVE-2017-9647 (A Stack-Based Buffer Overflow issue was discovered in the Continental ...)
	NOT-FOR-US: Continental AG Infineon S-Gold
CVE-2017-9646 (An Uncontrolled Search Path Element issue was discovered in Solar ...)
	NOT-FOR-US: Solar Controls Heating Control Downloader (HCDownloader)
CVE-2017-9645 (An Inadequate Encryption Strength issue was discovered in Mirion ...)
	NOT-FOR-US: Mirion
CVE-2017-9644 (An Unquoted Search Path or Element issue was discovered in Automated ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9643
	RESERVED
CVE-2017-9642
	RESERVED
CVE-2017-9641
	RESERVED
CVE-2017-9640 (A Path Traversal issue was discovered in Automated Logic Corporation ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2017-9639 (An issue was discovered in Fuji Electric V-Server Version 3.3.22.0 and ...)
	NOT-FOR-US: Fuji Electric V-Server
CVE-2017-9638 (Mitsubishi E-Designer, Version 7.52 Build 344 contains six code ...)
	NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9637 (Schneider Electric Ampla MES 6.4 provides capability to interact with ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9636 (Mitsubishi E-Designer, Version 7.52 Build 344 contains five code ...)
	NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9635 (Schneider Electric Ampla MES 6.4 provides capability to configure ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9634 (Mitsubishi E-Designer, Version 7.52 Build 344 contains two code ...)
	NOT-FOR-US: Mitsubishi E-Designer
CVE-2017-9633 (An Improper Restriction of Operations within the Bounds of a Memory ...)
	NOT-FOR-US: Continental AG Infineon S-Gold 2
CVE-2017-9632 (A Missing Encryption of Sensitive Data issue was discovered in PDQ ...)
	NOT-FOR-US: PDQ Manufacturing LaserWash
CVE-2017-9631 (A Null Pointer Dereference issue was discovered in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9630 (An Improper Authentication issue was discovered in PDQ Manufacturing ...)
	NOT-FOR-US: PDQ Manufacturing LaserWash
CVE-2017-9629 (A Stack-Based Buffer Overflow issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9628 (An Information Exposure issue was discovered in Saia Burgess Controls ...)
	NOT-FOR-US: Saia Burgess Controls
CVE-2017-9627 (An Uncontrolled Resource Consumption issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-9626
	RESERVED
CVE-2017-9625 (An Improper Authentication issue was discovered in Envitech EnviDAS ...)
	NOT-FOR-US: Envitech EnviDAS Ultimate
CVE-2017-9624 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9623 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9622 (Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9621 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Telaxus/EPESI
CVE-2017-9620 (The xps_select_font_encoding function in xps/xpsfont.c in Artifex ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698050
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ee55637480d5e319a5de0481b01c3346855cbc9
CVE-2017-9619 (The xps_true_callback_glyph_name function in xps/xpsttf.c in Artifex ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698042
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c53183d4e7103e87368b7cfa15367a47d559e323
CVE-2017-9618 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698044
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3c2aebbedd37fab054e80f2e315de07d7e9b5bdb
CVE-2017-9617 (In Wireshark 2.2.7, deeply nested DAAP data may cause stack exhaustion ...)
	- wireshark 2.4.0-1 (low; bug #870174)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13799
CVE-2017-9616 (In Wireshark 2.2.7, overly deep mp4 chunks may cause stack exhaustion ...)
	- wireshark 2.4.0-1 (low; bug #870173)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13777
CVE-2017-9615 (Password exposure in Cognito Software Moneyworks 8.0.3 and earlier ...)
	NOT-FOR-US: Cognito Software Moneyworks
CVE-2017-9614 (The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 ...)
	NOT-FOR-US: Not a bug in libjpeg itself, but incorrect API usage
	NOTE: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/167
CVE-2017-9613 (Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors ...)
	NOT-FOR-US: SAP SuccessFactors
CVE-2017-9612 (The Ins_IP function in base/ttinterp.c in Artifex Ghostscript GhostXPS ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869916)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698026
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=98f6da60b9d463c617e631fc254cf6d66f2e8e3c (ghostpdl-9.22rc1)
CVE-2017-9611 (The Ins_MIRP function in base/ttinterp.c in Artifex Ghostscript ...)
	{DSA-3986-1 DLA-1048-1}
	[experimental] - ghostscript 9.22~~rc1~dfsg-1
	- ghostscript 9.22~dfsg-1 (bug #869917)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698024
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=c7c55972758a93350882c32147801a3485b010fe (ghostpdl-9.22rc1)
CVE-2017-9610 (The xps_load_sfnt_name function in xps/xpsfont.c in Artifex Ghostscript ...)
	- ghostscript 9.22~dfsg-1 (unimportant; bug #869879)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: The Debian binary package is not affected xps/ not used
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698025
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d2ab84732936b6e7e5a461dc94344902965e9a06
CVE-2017-9609 (Cross-site scripting (XSS) vulnerability in Blackcat CMS 1.2 allows ...)
	NOT-FOR-US: Blackcat CMS
CVE-2017-9608 (The dnxhd decoder in FFmpeg before 3.2.6, and 3.3.x before 3.3.3 ...)
	{DSA-3957-1}
	- ffmpeg 7:3.3.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/14/1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/611b35627488a8d0763e75c25ee0875c5b7987dd
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/0a709e2a10b8288a0cc383547924ecfe285cef89
CVE-2017-9607 (The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might ...)
	NOT-FOR-US: ARM Trusted Firmware
CVE-2017-9606 (Infotecs ViPNet Client and Coordinator before 4.3.2-42442 allow local ...)
	NOT-FOR-US: Infotecs ViPNet Client and Coordinator
CVE-2017-9604 (KDE kmail before 5.5.2 and messagelib before 5.5.2, as distributed in ...)
	- kdepim 4:16.04.3-4 (bug #864804)
	[stretch] - kdepim 4:16.04.3-4~deb9u1
	[jessie] - kdepim 4:4.14.1-1+deb8u1
	[wheezy] - kdepim <not-affected> (sendlater issue is not present in kdepim-4.4.11.1+l10n)
	- kf5-messagelib 4:16.04.3-3 (bug #864803)
	[stretch] - kf5-messagelib 4:16.04.3-3~deb9u1
	NOTE: Fixed by (kmail): https://commits.kde.org/kmail/78c5552be2f00a4ac25bd77ca39386522fca70a8
	NOTE: Fixed by (messagelib): https://commits.kde.org/messagelib/c54706e990bbd6498e7b1597ec7900bc809e8197
	NOTE: https://www.kde.org/info/security/advisory-20170615-1.txt
CVE-2017-1000379 (The Linux Kernel running on AMD64 systems will sometimes map the ...)
	- linux <unfixed>
	NOTE: https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
CVE-2017-1000378 (The NetBSD qsort() function is recursive, and not randomized, an ...)
	NOT-FOR-US: NetBSD
CVE-2017-9605 (The vmw_gb_surface_define_ioctl function (accessible via ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/13/2
	NOTE: Fixed by: https://git.kernel.org/linus/07678eca2cf9c9a18584e546c2b2a0d0c9a3150c (v4.12-rc5)
CVE-2017-9603 (SQL injection vulnerability in the WP Jobs plugin before 1.5 for ...)
	NOT-FOR-US: WP Jobs plugin for WordPress
CVE-2017-9602 (KBVault Mysql Free Knowledge Base application package 0.16a comes with ...)
	NOT-FOR-US: KBVault Mysql Free Knowledge Base application
CVE-2017-9601 (The &quot;FNB Kemp Mobile Banking&quot; by First National Bank of Kemp app 3.0.2 ...)
	NOT-FOR-US: "FNB Kemp Mobile Banking" by First National Bank of Kemp app
CVE-2017-9600 (The &quot;Peoples Bank Tulsa&quot; by Peoples Bank - OK app 3.0.2 -- aka ...)
	NOT-FOR-US: "Peoples Bank Tulsa" by Peoples Bank - OK app
CVE-2017-9599 (The &quot;Fountain Trust Mobile Banking&quot; by FOUNTAIN TRUST COMPANY app ...)
	NOT-FOR-US: "Fountain Trust Mobile Banking" by FOUNTAIN TRUST COMPANY app
CVE-2017-9598 (The &quot;Morton Credit Union Mobile Banking&quot; by Morton Credit Union app ...)
	NOT-FOR-US: "Morton Credit Union Mobile Banking" by Morton Credit Union app
CVE-2017-9597 (The &quot;Blue Ridge Bank and Trust Co. Mobile Banking&quot; by Blue Ridge Bank ...)
	NOT-FOR-US: "Blue Ridge Bank and Trust Co. Mobile Banking" app
CVE-2017-9596 (The &quot;CFB Mobile Banking&quot; by Citizens First Bank Wisconsin app 3.0.1 -- ...)
	NOT-FOR-US: "CFB Mobile Banking" by Citizens First Bank Wisconsin app
CVE-2017-9595 (The &quot;First State Bank of Bigfork Mobile Banking&quot; by First State Bank of ...)
	NOT-FOR-US: "First State Bank of Bigfork Mobile Banking" by First State Bank of Bigfork app
CVE-2017-9594 (The &quot;SVB Mobile&quot; by Sauk Valley Bank Mobile Banking app 3.0.0 -- aka ...)
	NOT-FOR-US: "SVB Mobile" by Sauk Valley Bank Mobile Banking app
CVE-2017-9593 (The &quot;Oculina Mobile Banking&quot; by Oculina Bank app 3.0.0 -- aka ...)
	NOT-FOR-US: "Oculina Mobile Banking" by Oculina Bank app
CVE-2017-9592 (The &quot;Your Legacy Federal Credit Union Mobile Banking&quot; by Your Legacy ...)
	NOT-FOR-US: "Your Legacy Federal Credit Union Mobile Banking" by Your Legacy Federal Credit Union app
CVE-2017-9591 (The &quot;PCB Mobile&quot; by Phelps County Bank app 3.0.2 -- aka ...)
	NOT-FOR-US: "PCB Mobile" by Phelps County Bank app
CVE-2017-9590 (The &quot;State Bank of Waterloo Mobile Banking&quot; by State Bank of Waterloo ...)
	NOT-FOR-US: "State Bank of Waterloo Mobile Banking" by State Bank of Waterloo app
CVE-2017-9589 (The &quot;SCSB Shelbyville IL Mobile Banking&quot; by Shelby County State Bank ...)
	NOT-FOR-US: "SCSB Shelbyville IL Mobile Banking" by Shelby County State Bank app
CVE-2017-9588 (The &quot;Oritani Mobile Banking&quot; by Oritani Bank app 3.0.0 -- aka ...)
	NOT-FOR-US: "Oritani Mobile Banking" by Oritani Bank app
CVE-2017-9587 (The &quot;PCSB BANK Mobile&quot; by PCSB Bank app 3.0.4 -- aka ...)
	NOT-FOR-US: "PCSB BANK Mobile" by PCSB Bank app
CVE-2017-9586 (The &quot;FSBY Mobile Banking&quot; by First State Bank of Yoakum TX app 3.0.0 -- ...)
	NOT-FOR-US: "FSBY Mobile Banking" by First State Bank of Yoakum TX app
CVE-2017-9585 (The &quot;Community State Bank - Lamar Mobile Banking&quot; by Community State ...)
	NOT-FOR-US: "Community State Bank - Lamar Mobile Banking" by Community State Bank - Lamar app
CVE-2017-9584 (The &quot;HBO Mobile Banking&quot; by Heritage Bank of Ozarks app 3.0.0 -- aka ...)
	NOT-FOR-US: "HBO Mobile Banking" by Heritage Bank of Ozarks app
CVE-2017-9583 (The &quot;Charlevoix State Bank&quot; by Charlevoix State Bank app 3.0.1 -- aka ...)
	NOT-FOR-US: "Charlevoix State Bank" by Charlevoix State Bank app
CVE-2017-9582 (The &quot;BNB Mobile Banking&quot; by Brady National Bank app 3.0.0 -- aka ...)
	NOT-FOR-US: "BNB Mobile Banking" by Brady National Bank app
CVE-2017-9581 (The &quot;Algonquin State Bank Mobile Banking&quot; by Algonquin State Bank app ...)
	NOT-FOR-US: "Algonquin State Bank Mobile Banking" by Algonquin State Bank app
CVE-2017-9580 (The &quot;Pioneer Bank &amp; Trust Mobile Banking&quot; by PIONEER BANK AND TRUST app ...)
	NOT-FOR-US: "Pioneer Bank & Trust Mobile Banking" by PIONEER BANK AND TRUST app
CVE-2017-9579 (The &quot;JMCU Mobile Banking&quot; by Joplin Metro Credit Union app 3.0.0 -- aka ...)
	NOT-FOR-US: "JMCU Mobile Banking" by Joplin Metro Credit Union app
CVE-2017-9578 (The &quot;RVCB Mobile&quot; by RVCB Mobile Banking app 3.0.0 -- aka ...)
	NOT-FOR-US: "RVCB Mobile" by RVCB Mobile Banking app
CVE-2017-9577 (The &quot;First Citizens Bank-Mobile Banking&quot; by First Citizens Bank (AL) ...)
	NOT-FOR-US: "First Citizens Bank-Mobile Banking" by First Citizens Bank (AL) app
CVE-2017-9576 (The &quot;Middleton Community Bank Mobile Banking&quot; by Middleton Community ...)
	NOT-FOR-US: "Middleton Community Bank Mobile Banking" by Middleton Community Bank app
CVE-2017-9575 (The &quot;FVB Mobile Banking&quot; by First Volunteer Bank of Tennessee app 3.1.1 ...)
	NOT-FOR-US: "FVB Mobile Banking" by First Volunteer Bank of Tennessee app
CVE-2017-9574 (The &quot;KC Area Credit Union Mobile Banking&quot; by K C Area Credit Union app ...)
	NOT-FOR-US: "KC Area Credit Union Mobile Banking" by K C Area Credit Union app
CVE-2017-9573 (The North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app ...)
	NOT-FOR-US: North Adams State Bank (Ursa) nasb-mobile-banking/id980573797 app
CVE-2017-9572 (The athens-state-bank-mobile-banking/id719748589 app 3.0.0 for iOS does ...)
	NOT-FOR-US: athens-state-bank-mobile-banking/id719748589 app
CVE-2017-9571 (The Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app ...)
	NOT-FOR-US: Citizens Community Bank (TN) ccb-mobile-banking/id610030469 app
CVE-2017-9570 (The mount-vernon-bank-trust-mobile-banking/id542706679 app 3.0.0 for ...)
	NOT-FOR-US: mount-vernon-bank-trust-mobile-banking/id542706679 app
CVE-2017-9569 (The Citizens Bank (TX) cbtx-on-the-go/id892396102 app 3.0.0 for iOS ...)
	NOT-FOR-US: Citizens Bank (TX) cbtx-on-the-go/id892396102 app
CVE-2017-9568 (The financial-plus-mobile-banking/id731070564 app 3.0.3 for iOS does ...)
	NOT-FOR-US: financial-plus-mobile-banking/id731070564 app
CVE-2017-9567 (The avb-bank-mobile-banking/id592565443 app 3.0.0 for iOS does not ...)
	NOT-FOR-US: avb-bank-mobile-banking/id592565443 app
CVE-2017-9566 (The fsb-dequeen-mobile-banking/id1091025340 app 3.0.1 for iOS does not ...)
	NOT-FOR-US: fsb-dequeen-mobile-banking/id1091025340 app
CVE-2017-9565 (The first-security-bank-sleepy-eye-mobile/id870531890 app 3.0.0 for iOS ...)
	NOT-FOR-US: first-security-bank-sleepy-eye-mobile/id870531890 app
CVE-2017-9564 (The community-banks-cb2go/id445828071 app 3.1.3 for iOS does not verify ...)
	NOT-FOR-US: community-banks-cb2go/id445828071 app
CVE-2017-9563 (The First Citizens Community Bank fccb/id809930960 app 3.0.1 for iOS ...)
	NOT-FOR-US: First Citizens Community Bank fccb/id809930960 app
CVE-2017-9562 (The Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 ...)
	NOT-FOR-US: Freedom First freedom-1st-credit-union-mobile-banking/id1085229458 app
CVE-2017-9561 (The Lee Bank &amp; Trust lbtc-mobile/id1068984753 app 3.0.1 for iOS does ...)
	NOT-FOR-US: Lee Bank & Trust lbtc-mobile/id1068984753 app
CVE-2017-9560 (The cayuga-lake-national-bank/id1151601539 app 4.0.1 for iOS does not ...)
	NOT-FOR-US: cayuga-lake-national-bank/id1151601539 app
CVE-2017-9559 (The MEA Financial vision-bank/id420406345 app 3.0.1 for iOS does not ...)
	NOT-FOR-US: MEA Financial vision-bank/id420406345 app
CVE-2017-9558 (The wawa-employees-credit-union-mobile/id1158082793 app 4.0.1 for iOS ...)
	NOT-FOR-US: wawa-employees-credit-union-mobile/id1158082793 app
CVE-2017-9557 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 ...)
	NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9556 (Cross-site scripting (XSS) vulnerability in Video Metadata Editor in ...)
	NOT-FOR-US: Synology Video Station
CVE-2017-9555 (Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-9554 (An information exposure vulnerability in forget_passwd.cgi in Synology ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-9553 (A design flaw in SYNO.API.Encryption in Synology DiskStation Manager ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2017-9552 (A design flaw in authentication in Synology Photo Station 6.0-2528 ...)
	NOT-FOR-US: Synology Photo Station
CVE-2015-9096 (Net::SMTP in Ruby before 2.4.0 is vulnerable to SMTP command injection ...)
	{DSA-3966-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #864860)
	- ruby2.1 <removed>
	[jessie] - ruby2.1 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)
	- ruby1.8 <removed>
	[wheezy] - ruby1.8 <no-dsa> (Minor issue, Net::SMTP users should validate data they send too)
	NOTE: https://github.com/ruby/ruby/commit/0827a7e52ba3d957a634b063bf5a391239b9ffee
	NOTE: https://github.com/rubysec/ruby-advisory-db/issues/215
CVE-2017-9551 (Mahara 15.04 before 15.04.14 and 16.04 before 16.04.8 and 16.10 before ...)
	- mahara <removed>
CVE-2017-9550
	RESERVED
CVE-2017-9549
	RESERVED
CVE-2017-9548 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9547 (admin.php in BigTree through 4.2.18 has a Cross-site Scripting (XSS) ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9546 (admin.php in BigTree through 4.2.18 allows remote authenticated users ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9545 (The next_text function in src/libmpg123/id3.c in mpg123 1.24.0 allows ...)
	- mpg123 1.25.4-1 (low; bug #870799)
	[stretch] - mpg123 <no-dsa> (Minor issue)
	[jessie] - mpg123 <no-dsa> (Minor issue)
	[wheezy] - mpg123 <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/65
CVE-2017-9544 (There is a remote stack-based buffer overflow (SEH) in register.ghp in ...)
	NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9543 (register.ghp in EFS Software Easy Chat Server versions 2.0 to 3.1 ...)
	NOT-FOR-US: EFS Software Easy Chat Server
CVE-2017-9542 (D-Link DIR-615 Wireless N 300 Router allows authentication bypass via a ...)
	NOT-FOR-US: D-Link
CVE-2017-9541
	RESERVED
CVE-2017-9540
	RESERVED
CVE-2017-9539
	RESERVED
CVE-2017-9538 (The 'Upload logo from external path' function of SolarWinds Network ...)
	NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2017-9537 (Persistent cross-site scripting (XSS) in the Add Node function of ...)
	NOT-FOR-US: SolarWinds Network Performance Monitor
CVE-2017-9536 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9535 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9534 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9533 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9532 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9531 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows attackers to ...)
	NOT-FOR-US: IrfanView
CVE-2017-9530 (IrfanView version 4.44 (32bit) might allow attackers to cause a denial ...)
	NOT-FOR-US: IrfanView
CVE-2017-9529 (XnView Classic for Windows Version 2.40 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2017-9528 (IrfanView version 4.44 (32bit) with FPX Plugin 4.46 allows remote ...)
	NOT-FOR-US: IrfanView
CVE-2017-9527 (The mark_context_stack function in gc.c in mruby through 1.2.0 allows ...)
	[experimental] - mruby 1.2.0+20170601+git51e0e690-1
	- mruby <unfixed> (low; bug #865778)
	[stretch] - mruby <no-dsa> (Minor issue)
	[jessie] - mruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mruby/mruby/issues/3486
	NOTE: Fixed by: https://github.com/mruby/mruby/commit/5c114c91d4ff31859fcd84cf8bf349b737b90d99
CVE-2017-9526 (In Libgcrypt before 1.7.7, an attacker who learns the EdDSA session key ...)
	{DSA-3880-1}
	- libgcrypt20 1.7.6-2
	- libgcrypt11 <not-affected> (Curve Ed25519 signing and verification introduced in 1.6.0)
	NOTE: master: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=5a22de904a0a366ae79f03ff1e13a1232a89e26b
	NOTE: 1.7.x: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=f9494b3f258e01b6af8bd3941ce436bcc00afc56
	NOTE: Curve Ed25519 signing and verification inplemented in 1.6.0 with
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=bc5199a02abe428ad377443280b3eda60141a1d6
	NOTE: and following refactorings.
CVE-2017-9524 (The qemu-nbd server in QEMU (aka Quick Emulator), when built with the ...)
	{DSA-3925-1}
	- qemu 1:2.8+dfsg-7 (bug #865755)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg06240.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg02321.html
CVE-2017-9525 (In the cron package through 3.0pl1-128 on Debian, and through ...)
	- cron 3.0pl1-129 (bug #864466)
	[stretch] - cron <no-dsa> (Minor issue)
	[jessie] - cron <no-dsa> (Minor issue)
	[wheezy] - cron <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/08/3
CVE-2017-9523 (The Sophos Web Appliance before 4.3.2 has XSS in the FTP redirect page, ...)
	NOT-FOR-US: Sophos
CVE-2017-9522 (The Time Warner firmware on Technicolor TC8717T devices sets the ...)
	NOT-FOR-US: Time Warner firmware on Technicolor TC8717T devices
CVE-2017-9521 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9520 (The r_config_set function in libr/config/config.c in radare2 1.5.0 ...)
	- radare2 1.6.0+dfsg-1 (low; bug #864533)
	[stretch] - radare2 <no-dsa> (Minor issue)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/f85bc674b2a2256a364fe796351bc1971e106005
	NOTE: https://github.com/radare/radare2/issues/7698
CVE-2017-9519 (atmail before 7.8.0.2 has CSRF, allowing an attacker to create a user ...)
	NOT-FOR-US: atmail
CVE-2017-9518 (atmail before 7.8.0.2 has CSRF, allowing an attacker to change the SMTP ...)
	NOT-FOR-US: atmail
CVE-2017-9517 (atmail before 7.8.0.2 has CSRF, allowing an attacker to upload and ...)
	NOT-FOR-US: atmail
CVE-2017-9516 (Craft CMS before 2.6.2982 allows for a potential XSS attack vector by ...)
	NOT-FOR-US: Craft CMS
CVE-2017-9515
	RESERVED
CVE-2017-9514 (Bamboo before 6.0.5, 6.1.x before 6.1.4, and 6.2.x before 6.2.1 had a ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-9513 (Several rest inline action resources of Atlassian Activity Streams ...)
	NOT-FOR-US: Atlassian Activity Streams
CVE-2017-9512 (The mostActiveCommitters.do resource in Atlassian FishEye and ...)
	NOT-FOR-US: Atlassian
CVE-2017-9511 (The MultiPathResource class in Atlassian FishEye and Crucible, before ...)
	NOT-FOR-US: Atlassian
CVE-2017-9510 (The repository changelog resource in Atlassian FishEye before version ...)
	NOT-FOR-US: Atlassian
CVE-2017-9509 (The review file upload resource in Atlassian Crucible before version ...)
	NOT-FOR-US: Atlassian
CVE-2017-9508 (Various resources in Atlassian FishEye and Crucible before version ...)
	NOT-FOR-US: Atlassian
CVE-2017-9507 (The review dashboard resource in Atlassian Crucible from version 4.1.0 ...)
	NOT-FOR-US: Atlassian
CVE-2017-9506 (The IconUriServlet of the Atlassian OAuth Plugin from version 1.3.0 ...)
	NOT-FOR-US: Atlassian
CVE-2017-9505 (Atlassian Confluence starting with 4.3.0 before 6.2.1 did not check if ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2017-9504
	REJECTED
CVE-2017-9503 (QEMU (aka Quick Emulator), when built with MegaRAID SAS 8708EM2 Host ...)
	- qemu 1:2.10.0-1 (bug #865754)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01313.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-06/msg01309.html
CVE-2017-9502 (In curl before 7.54.1 on Windows and DOS, libcurl's default protocol ...)
	- curl <not-affected> (Windows only)
CVE-2017-9501 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...)
	{DSA-3914-1 DLA-1081-1 DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #867721)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/491
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/01843366d6a7b96e22ad7bb67f3df7d9fd4d5d74
CVE-2017-9500 (In ImageMagick 7.0.5-8 Q16, an assertion failure was found in the ...)
	{DSA-4019-1 DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-13 (low; bug #867778)
	[jessie] - imagemagick <ignored> (Minor issue)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/500
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/5d95b4c24a964114e2b1ae85c2b36769251ed11d
	NOTE: Fixed by (6.x): https://github.com/ImageMagick/ImageMagick/commit/837085e7725f6eb591eb019e299c1ddcf34b9a79
CVE-2017-9499 (In ImageMagick 7.0.5-7 Q16, an assertion failure was found in the ...)
	- imagemagick <not-affected> (Vulnerable code introduced later, only affects ImageMagick 7.x)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/492
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/7fd419441bc7103398e313558171d342c6315f44
CVE-2017-9498 (The Comcast firmware on Motorola MX011ANM (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9497 (The Comcast firmware on Motorola MX011ANM (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9496 (The Comcast firmware on Motorola MX011ANM (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9495 (The Comcast firmware on Motorola MX011ANM (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9494 (The Comcast firmware on Motorola MX011ANM (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9493 (The Comcast firmware on Motorola MX011ANM (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9492 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9491 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9490 (The Comcast firmware on Arris TG1682G (eMTA&amp;DOCSIS version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9489 (The Comcast firmware on Cisco DPC3939B (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9488 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9487 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9486 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9485 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9484 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9483 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9482 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9481 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9480 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9479 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9478 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9477 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9476 (The Comcast firmware on Cisco DPC3939 (firmware version ...)
	NOT-FOR-US: Comcast firmware on various devices
CVE-2017-9475 (Comcast XFINITY WiFi Home Hotspot devices allow remote attackers to ...)
	NOT-FOR-US: Comcast XFINITY WiFi Home Hotspot devices
CVE-2017-9474 (In ytnef 1.9.2, the DecompressRTF function in lib/ytnef.c allows remote ...)
	- libytnef <unfixed> (low; bug #870192)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/40
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-decompressrtf-ytnef-c/
CVE-2017-9473 (In ytnef 1.9.2, the TNEFFillMapi function in lib/ytnef.c allows remote ...)
	- libytnef <unfixed> (low; bug #870197)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/42
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-memory-allocation-failure-in-tneffillmapi-ytnef-c/
CVE-2017-9472 (In ytnef 1.9.2, the SwapDWord function in lib/ytnef.c allows remote ...)
	- libytnef <unfixed> (low; bug #870193)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/41
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapdword-ytnef-c/
CVE-2017-9471 (In ytnef 1.9.2, the SwapWord function in lib/ytnef.c allows remote ...)
	- libytnef <unfixed> (low; bug #870194)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/39
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-heap-based-buffer-overflow-in-swapword-ytnef-c/
CVE-2017-9470 (In ytnef 1.9.2, the MAPIPrint function in lib/ytnef.c allows remote ...)
	- libytnef <unfixed> (low; bug #870196)
	[stretch] - libytnef <no-dsa> (Minor issue)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/37
	NOTE: https://blogs.gentoo.org/ago/2017/05/24/ytnef-null-pointer-dereference-in-mapiprint-ytnef-c/
CVE-2017-9469 (In Irssi before 1.0.3, when receiving certain incorrectly quoted DCC ...)
	{DSA-3885-1 DLA-1088-1}
	- irssi 1.0.3-1 (bug #864400)
	NOTE: https://github.com/irssi/irssi/commit/30a92754bb650c3dedd507d41110443142899a65
	NOTE: https://irssi.org/security/irssi_sa_2017_06.txt
CVE-2017-9468 (In Irssi before 1.0.3, when receiving a DCC message without source ...)
	{DSA-3885-1 DLA-1088-1}
	- irssi 1.0.3-1 (bug #864400)
	NOTE: https://github.com/irssi/irssi/commit/528f51bfbe5c65c5b24546faa244009dd5b3c586
	NOTE: https://irssi.org/security/irssi_sa_2017_06.txt
CVE-2017-9467 (Cross-site scripting (XSS) vulnerability in the GlobalProtect external ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9466 (The executable httpd on the TP-Link WR841N V8 router before ...)
	NOT-FOR-US: TP-Link
CVE-2017-9465 (The yr_arena_write_data function in YARA 3.6.1 allows remote attackers ...)
	- yara 3.6.2+dfsg-1 (low; bug #864517)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/678
	NOTE: https://github.com/VirusTotal/yara/commit/992480c30f75943e9cd6245bb2015c7737f9b661
CVE-2017-9464 (An open redirect vulnerability is present in Piwigo 2.9 and probably ...)
	- piwigo <removed>
CVE-2017-9463 (The application Piwigo is affected by a SQL injection vulnerability in ...)
	- piwigo <removed>
CVE-2017-9460
	RESERVED
CVE-2017-9459 (Cross-site scripting (XSS) vulnerability in the management web ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9458 (XML external entity (XXE) vulnerability in the GlobalProtect internal ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-9457 (Intense PC Phoenix SecureCore UEFI firmware does not perform capsule ...)
	NOT-FOR-US: Intense PC (aka MintBox 2) Phoenix SecureCore UEFI firmware
CVE-2017-9456
	RESERVED
CVE-2017-9455
	RESERVED
CVE-2017-9454 (Buffer overflow in the ares_parse_a_reply function in the embedded ...)
	- resiprocate 1:1.11.0~beta4-1 (unimportant)
	NOTE: https://github.com/resiprocate/resiprocate/commit/d67a9ca6fd06ca65d23e313bdbad1ef4dd3aa0df
	NOTE: Fixed sourcewise in 1:1.11.0~beta4-1 but unimportant since uses the
	NOTE: system library.
CVE-2017-9453
	RESERVED
CVE-2017-9452 (Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 ...)
	- piwigo <removed>
CVE-2017-9451 (Cross site scripting (XSS) vulnerability in pages.edit_form.php in ...)
	NOT-FOR-US: flatCore CMS
CVE-2017-9450 (The Amazon Web Services (AWS) CloudFormation bootstrap tools package ...)
	NOT-FOR-US: Amazon Web Services (AWS) CloudFormation bootstrap tools package
CVE-2017-9449 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9448 (Cross-site scripting (XSS) vulnerabilities in BigTree CMS through ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9462 (In Mercurial before 4.1.3, &quot;hg serve --stdio&quot; allows remote ...)
	{DLA-1005-1}
	- mercurial 4.3.1-1 (bug #861243)
	[stretch] - mercurial 4.0-1+deb9u1
	[jessie] - mercurial <no-dsa> (Minor issue)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.1.3_.282017-4-18.29
	NOTE: https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
CVE-2017-9461 (smbd in Samba before 4.4.10 and 4.5.x before 4.5.6 has a denial of ...)
	- samba 2:4.5.6+dfsg-1 (bug #864291)
	[jessie] - samba <no-dsa> (Minor issue)
	[wheezy] - samba <no-dsa> (Minor, non reproducible issue)
	NOTE: https://git.samba.org/?p=samba.git;a=commitdiff;h=10c3e3923022485c720f322ca4f0aca5d7501310
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=12572
CVE-2017-9447 (In the web interface of Parallels Remote Application Server (RAS) 15.5 ...)
	NOT-FOR-US: Parallels Remote Application Server
CVE-2017-9446
	RESERVED
CVE-2017-9445 (In systemd through 233, certain sizes passed to dns_packet_new in ...)
	- systemd 233-10 (bug #866147)
	[stretch] - systemd 232-25+deb9u1
	[jessie] - systemd <not-affected> (Vulnerable code not present)
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a0166609f782da91710dea9183d1bf138538db37
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/27/8
CVE-2017-9444 (BigTree CMS through 4.2.18 has CSRF related to the ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9443 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9442 (** DISPUTED ** BigTree CMS through 4.2.18 allows remote authenticated ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9441 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9440 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...)
	{DSA-3914-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864273)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/462
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/c2be129c25763680afeca59f4de5d6d4240ca2cf
CVE-2017-9439 (In ImageMagick 7.0.5-5, a memory leak was found in the function ...)
	{DSA-3914-1 DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (low; bug #864274)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/460
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6c6abed989ea4a3ef472db65ab487c1809a3a718
CVE-2017-9438 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...)
	- yara 3.6.1+dfsg-1 (low; bug #864518)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/674
	NOTE: Fixed by: https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7
CVE-2017-9437 (Openbravo Business Suite 3.0 is affected by SQL injection. This ...)
	NOT-FOR-US: Openbravo Business Suite
CVE-2017-9436 (TeamPass before 2.1.27.4 is vulnerable to a SQL injection in ...)
	NOT-FOR-US: TeamPass
CVE-2017-9435 (Dolibarr ERP/CRM before 5.0.3 is vulnerable to a SQL injection in ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #864569)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: https://github.com/Dolibarr/dolibarr/commit/70636cc59ffa1ffbc0ce3dba315d7d9b837aad04
CVE-2017-9434 (Crypto++ (aka cryptopp) through 5.6.5 contains an out-of-bounds read ...)
	- libcrypto++ 5.6.4-7 (bug #864214)
	[jessie] - libcrypto++ <no-dsa> (Minor issue)
	[wheezy] - libcrypto++ <no-dsa> (Minor issue)
	NOTE: https://github.com/weidai11/cryptopp/issues/414
	NOTE: https://github.com/weidai11/cryptopp/commit/07dbcc3d9644b18e05c1776db2a57fe04d780965
CVE-2017-9433 (Document Liberation Project libmwaw before 2017-04-08 has an ...)
	{DSA-3875-1}
	- libmwaw 0.3.9-2 (bug #864366)
	NOTE: https://sourceforge.net/p/libmwaw/libmwaw/ci/68b3b74569881248bfb6cbb4266177cc253b292f/
CVE-2017-9432 (Document Liberation Project libstaroffice before 2017-04-07 has an ...)
	- libstaroffice 0.0.3-3 (bug #864207)
CVE-2017-9431 (Google gRPC before 2017-04-05 has an out-of-bounds write caused by a ...)
	- grpc 1.3.2-0.1 (bug #864210)
	NOTE: https://github.com/grpc/grpc/pull/10492
	NOTE: Fixed by: https://github.com/grpc/grpc/commit/c6ec1155d026c91b1badb07ef1605bb747cff064
CVE-2017-9430 (Stack-based buffer overflow in dnstracer through 1.9 allows attackers ...)
	- dnstracer <unfixed> (unimportant)
	NOTE: Crash in CLI tool, disputable if any exposed service makes use of dnstrace.
	NOTE: One scenario would be to have a web application that launches dnstracer
	NOTE: with user supplied name strings to evaluate.
CVE-2017-9429 (SQL injection vulnerability in the Event List plugin 0.7.8 for ...)
	NOT-FOR-US: Event List plugin for WordPress
CVE-2017-9428 (A directory traversal vulnerability exists in ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9427 (SQL injection vulnerability in BigTree CMS through 4.2.18 allows remote ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9426 (ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection ...)
	NOT-FOR-US: Piwigo extension
CVE-2017-9425 (The Facetag extension 0.0.3 for Piwigo allows XSS via the name ...)
	NOT-FOR-US: Piwigo extension
CVE-2017-9424 (IdeaBlade Breeze Breeze.Server.NET before 1.6.5 allows remote attackers ...)
	NOT-FOR-US: IdeaBlade Breeze Breeze.Server.NET
CVE-2017-9423
	RESERVED
CVE-2017-9422
	REJECTED
CVE-2017-9421
	RESERVED
CVE-2017-9420 (Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin ...)
	NOT-FOR-US: Spiffy Calendar plugin for WordPress
CVE-2017-9419 (Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom ...)
	NOT-FOR-US: Webhammer WP Custom Fields Search plugin for WordPress
CVE-2017-9418 (SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for ...)
	NOT-FOR-US: WP-Testimonials plugin for WordPress
CVE-2017-9417 (Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute ...)
	- firmware-nonfree <unfixed> (bug #869639)
	[stretch] - firmware-nonfree <no-dsa> (non-free not supported)
	[jessie] - firmware-nonfree <no-dsa> (non-free not supported)
	[wheezy] - firmware-nonfree <no-dsa> (non-free not supported)
	NOTE: https://www.blackhat.com/us-17/briefings/schedule/#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets-7603
	NOTE: https://marc.info/?l=linux-wireless&m=150391055518346&w=2
CVE-2017-9416 (Directory traversal vulnerability in tools.file_open in Odoo 8.0, 9.0, ...)
	NOT-FOR-US: Odoo
CVE-2017-9415 (Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 ...)
	NOT-FOR-US: Subsonic
CVE-2017-9414 (Cross-site request forgery (CSRF) vulnerability in the Subscribe to ...)
	NOT-FOR-US: Subsonic
CVE-2017-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Subsonic
CVE-2012-6705 (Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the ...)
	NOT-FOR-US: Jamroom
CVE-2017-9412 (The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 ...)
	- lame 3.99.5+repack1-7
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: Fixed by the improved 0001-Add-check-for-invalid-input-sample-rate.patch in
	NOTE: 3.99.5+repack1-7, https://anonscm.debian.org/cgit/pkg-multimedia/lame.git/commit/debian/patches?id=1c7c62d3c5614443524b5ad170ba2713a14d4e09
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
	NOTE: https://sourceforge.net/p/lame/bugs/463/
	NOTE: Invalid read in command line tool so no CVE is needed. MITRE contacted by ago@gentoo
CVE-2017-9411 (The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 ...)
	- lame 3.99.5+repack1-6
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
	NOTE: https://sourceforge.net/p/lame/bugs/462/
	NOTE: Duplicate of CVE-2015-9100
CVE-2017-9410 (The fill_buffer_resample function in libmp3lame/util.c in LAME 3.99.5 ...)
	- lame 3.99.5+repack1-6
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: http://seclists.org/fulldisclosure/2017/Jul/63
	NOTE: https://sourceforge.net/p/lame/bugs/461/
	NOTE: Duplicate of CVE-2015-9101
CVE-2017-9409 (In ImageMagick 7.0.5-5, the ReadMPCImage function in mpc.c allows ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864090)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/458
CVE-2017-9408 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
	{DSA-4079-1}
	- poppler 0.57.0-2 (low; bug #864009)
	[wheezy] - poppler <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100776
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b21b041f7948680c03109f0c404400a9dbc4544c
CVE-2017-9407 (In ImageMagick 7.0.5-5, the ReadPALMImage function in palm.c allows ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864089)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/459
CVE-2017-9406 (In Poppler 0.54.0, a memory leak vulnerability was found in the ...)
	{DSA-4079-1}
	- poppler 0.57.0-2 (low; bug #864010)
	[wheezy] - poppler <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100775
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=278439531b13b0b047dbe3a75aa3f1b3407c8bd4
CVE-2017-9405 (In ImageMagick 7.0.5-5, the ReadICONImage function in icon.c:452 allows ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-11 (low; bug #864087)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/457
CVE-2017-9404 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-1
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2688
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
	NOTE: Possibly sensible to add the other memory leaks fixes in OJPEGReadHeaderInfoSecTables
	NOTE: method from tif_ojpeg.c, i.e.:
	NOTE: https://github.com/vadz/libtiff/commit/e9bd1b06fe25219cf0873fca70e46f01843fd9f4
	NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
	NOTE: Reproducing the issue itself is "covered" after fixing https://github.com/vadz/libtiff/commit/5ed9fea523316c2f5cec4d393e4d5d671c2dbc33
	NOTE: To verify 2ea32f7372b65c24b2816f11c04bf59b5090d05b fixes the issue build src:tiff
	NOTE: with ASAN with 5ed9fea523316c2f5cec4d393e4d5d671c2dbc33 reverted. Before the
	NOTE: 2ea32f7372b65c24b2816f11c04bf59b5090d05b commit the Direct leak of 73 byte
	NOTE: with backtrace following the methods in http://bugzilla.maptools.org/show_bug.cgi?id=2688
	NOTE: is shown.
CVE-2017-9403 (In LibTIFF 4.0.7, a memory leak vulnerability was found in the function ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-1
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2689
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/fb3dc46a2fcf6197ff3b93fc76f0c37fddc0333b
CVE-2017-9402
	RESERVED
CVE-2017-9401
	RESERVED
CVE-2017-9400
	RESERVED
CVE-2017-9399
	RESERVED
CVE-2017-9398
	RESERVED
CVE-2017-9397
	RESERVED
CVE-2017-9396
	RESERVED
CVE-2017-9395
	RESERVED
CVE-2017-9394 (A stored cross-site scripting vulnerability in CA Identity Governance ...)
	NOT-FOR-US: CA Identity Governance
CVE-2017-9393 (CA Identity Manager r12.6 to r12.6 SP8, 14.0, and 14.1 allows remote ...)
	NOT-FOR-US: CA Identity Manager
CVE-2017-9392
	RESERVED
CVE-2017-9391
	RESERVED
CVE-2017-9390
	RESERVED
CVE-2017-9389
	RESERVED
CVE-2017-9388
	RESERVED
CVE-2017-9387
	RESERVED
CVE-2017-9386
	RESERVED
CVE-2017-9385
	RESERVED
CVE-2017-9384
	RESERVED
CVE-2017-9383
	RESERVED
CVE-2017-9382
	RESERVED
CVE-2017-9381
	RESERVED
CVE-2017-9380 (OpenEMR 5.0.0 and prior allows low-privilege users to upload files of ...)
	NOT-FOR-US: OpenEMR
CVE-2017-9379 (Multiple CSRF issues exist in BigTree CMS through 4.2.18 - the clear ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9378 (BigTree CMS through 4.2.18 does not prevent a user from deleting their ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9377 (A command injection was identified on Barco ClickShare Base Unit ...)
	NOT-FOR-US: Barco ClickShare Base Unit device
CVE-2017-9376
	RESERVED
CVE-2017-9375 (QEMU (aka Quick Emulator), when built with USB xHCI controller ...)
	{DSA-3991-1}
	- qemu 1:2.10.0-1 (bug #864219)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=96d87bdda3919bb16f754b3d3fd1227e1f38f13c
CVE-2017-9374 (Memory leak in QEMU (aka Quick Emulator), when built with USB EHCI ...)
	{DSA-3920-1}
	- qemu 1:2.8+dfsg-7 (bug #864568)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d710e1e7bd3d5bfc26b631f02ae87901ebe646b0
CVE-2017-9373 (Memory leak in QEMU (aka Quick Emulator), when built with IDE AHCI ...)
	{DSA-3920-1}
	- qemu 1:2.8+dfsg-7 (bug #864216)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d68f0f778e7f4fbd674627274267f269e40f0b04
CVE-2017-9371 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-9370 (An information disclosure / elevation of privilege vulnerability in ...)
	NOT-FOR-US: BlackBerry
CVE-2017-9369 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0 and 6.5.0 ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-9368 (An information disclosure vulnerability in the BlackBerry Workspaces ...)
	NOT-FOR-US: BlackBerry Workspaces Server
CVE-2017-9367 (A directory traversal vulnerability in the BlackBerry Workspaces ...)
	NOT-FOR-US: BlackBerry Workspaces Server
CVE-2017-9366 (Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) ...)
	NOT-FOR-US: Telaxus EPESI
CVE-2017-9365 (CSRF exists in BigTree CMS through 4.2.18 with the force parameter to ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9364 (Unrestricted File Upload exists in BigTree CMS through 4.2.18: if an ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-9363 (Untrusted Java serialization in Soffid IAM console before 1.7.5 allows ...)
	NOT-FOR-US: Soffid IAM console
CVE-2017-9362
	RESERVED
CVE-2017-9361 (WebsiteBaker v2.10.0 has a stored XSS vulnerability in ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-9360 (WebsiteBaker v2.10.0 has a SQL injection vulnerability in ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-9357
	RESERVED
CVE-2017-9356 (Sitecore.NET 7.1 through 7.2 has a Cross Site Scripting Vulnerability ...)
	NOT-FOR-US: Sitecore.NET
CVE-2017-9358 (A memory exhaustion vulnerability exists in Asterisk Open Source 13.x ...)
	- asterisk 1:13.14.1~dfsg-2 (bug #863906)
	[jessie] - asterisk <not-affected> (11.x series not affected)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-004.txt
CVE-2017-9359 (The multi-part body parser in PJSIP, as used in Asterisk Open Source ...)
	{DSA-3933-1}
	- pjproject 2.5.5~dfsg-6 (bug #863902)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-003.txt
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-26939
CVE-2017-9372 (PJSIP, as used in Asterisk Open Source 13.x before 13.15.1 and 14.x ...)
	{DSA-3933-1}
	- pjproject 2.5.5~dfsg-6 (bug #863901)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-002.txt
CVE-2017-9355 (XML external entity (XXE) vulnerability in the import playlist feature ...)
	NOT-FOR-US: Subsonic
CVE-2017-9354 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the RGMP dissector ...)
	- wireshark 2.2.7-1 (bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-32.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13646
CVE-2017-9353 (In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-33.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13675
CVE-2017-9352 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bazaar dissector ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-22.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13599
CVE-2017-9351 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DHCP dissector ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-24.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13628
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13609
CVE-2017-9350 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the openSAFETY ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-28.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13649
	NOTE: When fixing this entry make sure to apply the complete fix and adding
	NOTE: the related commits from the CVE-2017-11411. Otherwise those releases
	NOTE: are opened to CVE-2017-11411, which exists because of an incomplete fix.
CVE-2017-9349 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DICOM dissector ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-27.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13685
CVE-2017-9348 (In Wireshark 2.2.0 to 2.2.6, the DOF dissector could read past the end ...)
	- wireshark 2.2.7-1 (bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-23.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13608
CVE-2017-9347 (In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL ...)
	- wireshark 2.2.7-1 (bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-31.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13637
CVE-2017-9346 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the SoulSeek dissector ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-25.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13631
CVE-2017-9345 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the DNS dissector ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-26.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13633
CVE-2017-9344 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the Bluetooth L2CAP ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-29.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13701
CVE-2017-9343 (In Wireshark 2.2.0 to 2.2.6 and 2.0.0 to 2.0.12, the MSNIP dissector ...)
	- wireshark 2.2.7-1 (low; bug #864058)
	[stretch] - wireshark <no-dsa> (Minor issue)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-30.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13725
CVE-2017-9342
	RESERVED
CVE-2017-9341
	RESERVED
CVE-2017-9340 (An attacker is logged in as a normal user and can somehow make admin ...)
	- owncloud <removed>
CVE-2017-9339 (A logical error in ownCloud Server before 10.0.2 caused disclosure of ...)
	- owncloud <removed>
CVE-2017-9338 (Inadequate escaping lead to XSS vulnerability in the search module in ...)
	- owncloud <removed>
CVE-2017-9337 (The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-9336 (The WP Editor.MD plugin 1.6 for WordPress has a stored XSS ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-9335
	RESERVED
CVE-2017-9333 (OpenWebif 1.2.5 allows remote code execution via a URL to the CallOPKG ...)
	NOT-FOR-US: OpenWebif
CVE-2017-9332 (The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 ...)
	NOT-FOR-US: PivotX
CVE-2017-9331 (The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored ...)
	NOT-FOR-US: Telaxus EPESI
CVE-2017-9329
	RESERVED
CVE-2017-9328 (Shell metacharacter injection vulnerability in ...)
	NOT-FOR-US: TerraMaster TOS
CVE-2017-9327
	RESERVED
CVE-2017-9326
	RESERVED
CVE-2017-9325
	RESERVED
CVE-2017-9334 (An incorrect &quot;pair?&quot; check in the Scheme &quot;length&quot; procedure results in ...)
	- chicken 4.12.0-0.2 (low; bug #863884)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: Original announcement: http://lists.nongnu.org/archive/html/chicken-announce/2017-05/msg00000.html
	NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2017-05/msg00099.html
CVE-2017-9330 (QEMU (aka Quick Emulator) before 2.9.0, when built with the USB OHCI ...)
	{DSA-3920-1}
	- qemu 1:2.8+dfsg-7 (bug #863943)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code no present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code no present)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=26f670a244982335cc08943fb1ec099a2c81e42d
CVE-2017-9324 (In Open Ticket Request System (OTRS) 3.3.x through 3.3.16, 4.x through ...)
	{DSA-3876-1}
	- otrs2 5.0.20-1 (bug #864319)
	[stretch] - otrs2 5.0.16-1+deb9u1
	[wheezy] - otrs2 <not-affected> (does not affect version 3.1.7)
	NOTE: https://www.otrs.com/security-advisory-2017-03-security-update-otrs-versions/
	NOTE: https://github.com/OTRS/otrs/commit/45e05f854d2dc7c9fa7dd7467ea00cdcde350ac3
CVE-2017-9323
	RESERVED
CVE-2017-9322
	RESERVED
CVE-2017-9321
	RESERVED
CVE-2017-9320
	RESERVED
CVE-2017-9319
	RESERVED
CVE-2017-9318
	RESERVED
CVE-2017-9317
	RESERVED
CVE-2017-9316 (Firmware upgrade authentication bypass vulnerability was found in ...)
	NOT-FOR-US: Dahua
CVE-2017-9315 (Customer of Dahua IP camera or IP PTZ could submit relevant device ...)
	NOT-FOR-US: Dahua
CVE-2017-9314 (Authentication vulnerability found in Dahua NVR models NVR50XX, ...)
	NOT-FOR-US: Dahua NVR
CVE-2017-9313 (Multiple Cross-site scripting (XSS) vulnerabilities in Webmin before ...)
	- webmin <removed>
CVE-2017-9312
	RESERVED
CVE-2017-9311
	RESERVED
CVE-2017-9309
	RESERVED
CVE-2017-9308
	RESERVED
CVE-2017-9307 (SSRF vulnerability in remotedownload.php in Allen Disk 1.6 allows ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9306 (inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to ...)
	NOT-FOR-US: sysPass
CVE-2017-9305 (lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 ...)
	- tikiwiki <removed>
CVE-2017-9304 (libyara/re.c in the regexp module in YARA 3.5.0 allows remote attackers ...)
	- yara 3.6.1+dfsg-1 (bug #863842)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/674
	NOTE: https://github.com/VirusTotal/yara/commit/925bcf3c3b0a28b5b78e25d9efda5c0bf27ae699
CVE-2016-10395 (In FlexNet Publisher versions before Luton SP1 (11.14.1.1) running ...)
	NOT-FOR-US: FlexNet Publisher
CVE-2016-10394
	RESERVED
CVE-2016-10393 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Android Qualcomm closed-source components
CVE-2016-10392 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10391 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10390 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10389 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10388 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10387 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10386 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10385 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10384 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10383 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10382 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10381 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10380 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9095
	RESERVED
CVE-2015-9094
	RESERVED
CVE-2015-9093
	RESERVED
CVE-2015-9092
	RESERVED
CVE-2015-9091
	RESERVED
CVE-2015-9090
	RESERVED
CVE-2015-9089
	RESERVED
CVE-2015-9088
	RESERVED
CVE-2015-9087
	RESERVED
CVE-2015-9086
	RESERVED
CVE-2015-9085
	RESERVED
CVE-2015-9084
	RESERVED
CVE-2015-9083
	RESERVED
CVE-2015-9082
	RESERVED
CVE-2015-9081
	RESERVED
CVE-2015-9080
	RESERVED
CVE-2015-9079
	RESERVED
CVE-2015-9078
	RESERVED
CVE-2015-9077
	RESERVED
CVE-2015-9076
	RESERVED
CVE-2015-9075
	RESERVED
CVE-2015-9074
	RESERVED
CVE-2015-9073 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9072 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9071 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9070 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9069 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9068 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9067 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9066 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9065 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9064 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9063 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9062 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9061 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9060 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9984 (nscd in the GNU C Library (aka glibc or libc6) before version 2.20 does ...)
	- glibc 2.19-14
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16695
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=c44496df2f090a56d3bf75df930592dac6bba46f
CVE-2014-9982
	RESERVED
CVE-2014-9981 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9980 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9979 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9978 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9977 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9976 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9975 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9974 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9973 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9972 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9971 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-1000380 (sound/core/timer.c in the Linux kernel before 4.11.5 is vulnerable to a ...)
	{DSA-3981-1 DLA-1099-1}
	- linux 4.11.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/d11662f4f798b50d8c8743f433842c3e40fe3378 (v4.12-rc5)
	NOTE: Fixed by: https://git.kernel.org/linus/ba3021b2c79b2fa9114f92790a99deb27a65b728 (v4.12-rc5)
CVE-2017-1000368 (Todd Miller's sudo version 1.8.20p1 and earlier is vulnerable to an ...)
	{DLA-1011-1}
	- sudo 1.8.20p1-1.1 (bug #863897)
	[buster] - sudo 1.8.19p1-2.1
	[stretch] - sudo 1.8.19p1-2.1
	[jessie] - sudo 1.8.10p3-1+deb8u5
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/02/7
	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/15a46f4007dd
CVE-2017-1000367 (Todd Miller's sudo version 1.8.20 and earlier is vulnerable to an ...)
	{DSA-3867-1 DLA-970-1}
	- sudo 1.8.20p1-1 (bug #863731)
	[buster] - sudo 1.8.19p1-2
	[stretch] - sudo 1.8.19p1-2
	NOTE: https://www.sudo.ws/alerts/linux_tty.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/30/16
	NOTE: https://www.sudo.ws/repos/sudo/raw-rev/b5460cbbb11b
CVE-2017-9310 (QEMU (aka Quick Emulator), when built with the e1000e NIC emulation ...)
	{DSA-3920-1}
	- qemu 1:2.8+dfsg-7 (bug #863840)
	[jessie] - qemu <not-affected> (Vulnerable code not present; e1000e introduced in 2.7.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4154c7e03fa55b4cf52509a83d50d6c09d743b7
CVE-2017-9303 (Laravel 5.4.x before 5.4.22 does not properly constrain the host ...)
	NOT-FOR-US: Laravel
CVE-2017-9302 (RealPlayer 16.0.2.32 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: RealPlayer
CVE-2017-9301 (plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media ...)
	- vlc 2.2.5.1-1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9300 (plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 ...)
	{DSA-4045-1}
	- vlc 2.2.6-3
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=55a82442cfea9dab8b853f3a4610f2880c5fadf3
CVE-2017-9299 (Open Ticket Request System (OTRS) 3.3.9 has XSS in ...)
	NOTE: This report for OTRS is quite vague/unclear and upstream can
	NOTE: not track the issue down to a specific fixed release claims though that
	NOTE: it should not be reproducible with versions later than 3.3.17.
CVE-2017-9298 (Cross-site scripting vulnerability in Hitachi Device Manager before ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9297 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9296 (Open Redirect vulnerability in Hitachi Device Manager before 8.5.2-01 ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9295 (XXE vulnerability in Hitachi Device Manager before 8.5.2-01 and Hitachi ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9294 (RMI vulnerability in Hitachi Device Manager before 8.5.2-01 allows ...)
	NOT-FOR-US: Hitacho Device Manager
CVE-2017-9293
	RESERVED
CVE-2017-9292 (Lansweeper before 6.0.0.65 has XSS in an image retrieval URI, aka Bug ...)
	NOT-FOR-US: Lansweeper
CVE-2017-9291
	RESERVED
CVE-2017-9290
	RESERVED
CVE-2017-9289 (Bram Korsten Note through 1.2.0 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: Bram Korsten Note
CVE-2017-9288 (The Raygun4WP plugin 1.8.0 for WordPress is vulnerable to a reflected ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-9286 (The packaging of NextCloud in openSUSE used /srv/www/htdocs in an ...)
	NOT-FOR-US: OpenSUSE specific packaging issue of NextCloud
CVE-2017-9285 (NetIQ eDirectory before 9.0 SP4 did not enforce login restrictions ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2017-9284 (IDM 4.6 Identity Applications prior to 4.6.2.1 may expose sensitive ...)
	NOT-FOR-US: IDM
CVE-2017-9283 (An out-of-bounds read (CWE-125) vulnerability exists in Micro Focus ...)
	NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9282 (An integer overflow (CWE-190) led to an out-of-bounds write (CWE-787) ...)
	NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9281 (An integer overflow (CWE-190) potentially causing an out-of-bounds ...)
	NOT-FOR-US: Micro Focus VisiBroker
CVE-2017-9280 (Some NetIQ Identity Manager Applications before Identity Manager ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-9279 (NetIQ Identity Manager before 4.5.6.1 allowed uploading files with ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-9278 (The NetIQ Identity Manager Oracle EBS driver before 4.0.2.0 sent EBS ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-9277 (The LDAP backend in Novell eDirectory before 9.0 SP4 when switched to ...)
	NOT-FOR-US: Novell eDirectory
CVE-2017-9276 (Novell Access Manager iManager before 4.3.3 did not validate ...)
	NOT-FOR-US: Novell Access Manager iManager
CVE-2017-9275 (NetIQ Identity Reporting, in versions prior to 5.5 Service Pack 1, is ...)
	NOT-FOR-US: NetIQ Identity Reporting
CVE-2017-9274 (A shell command injection in the obs-service-source_validator before ...)
	- osc 0.162.1-1 (bug #887391)
	[stretch] - osc <no-dsa> (Minor issue)
	[jessie] - osc <no-dsa> (Minor issue)
	[wheezy] - osc <no-dsa> (Minor issue)
	NOTE: Details in https://bugzilla.novell.com/show_bug.cgi?id=938556
	NOTE: SUSE adressed the issue not only in the obs-service-source_validator
	NOTE: and adding a validation in 0.162.0 when using OBS 2.9, cf.:
	NOTE: https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7eb864378a1
CVE-2017-9273 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
	NOT-FOR-US: IDM
CVE-2017-9272 (The Bi-directional driver in IDM 4.5 before 4.0.3.0 could be ...)
	NOT-FOR-US: IDM
CVE-2017-9271 (The commandline package update tool zypper writes HTTP proxy ...)
	- zypper <unfixed> (low)
	[jessie] - zypper <ignored> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1050625
CVE-2017-9270 (In cryptctl before version 2.0 a malicious server could send RPC ...)
	NOT-FOR-US: SuSE cryptctl
CVE-2017-9269 (In libzypp before August 2018 GPG keys attached to YUM repositories ...)
	- libzypp <unfixed> (bug #899065)
	[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-9268 (In the open build service before 201707022 the wipetrigger and rebuild ...)
	- open-build-service <unfixed> (low)
	[stretch] - open-build-service <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1045519
CVE-2017-9267 (In Novell eDirectory before 9.0.3.1 the LDAP interface was not ...)
	NOT-FOR-US: Novell eDirectory
CVE-2016-10379 (The VirtueMart com_virtuemart component 3.0.14 for Joomla! allows SQL ...)
	NOT-FOR-US: Joomla addon
CVE-2016-10378 (e107 2.1.1 allows SQL injection by remote authenticated administrators ...)
	NOT-FOR-US: e107
CVE-2017-9266
	RESERVED
CVE-2017-9265 (In Open vSwitch (OvS) v2.7.0, there is a buffer over-read while parsing ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863662)
	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332965.html
	NOTE: OpenFlow 1.5 support still incomplete
CVE-2017-9264 (In lib/conntrack.c in the firewall implementation in Open vSwitch (OvS) ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863661)
	[jessie] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
	[wheezy] - openvswitch <not-affected> (Vulnerable code not present; connection tracking support introduced in 2.6.0)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-March/329323.html
	NOTE: Userspace data path not enabled in Debian packaging
CVE-2017-9263 (In Open vSwitch (OvS) 2.7.0, while parsing an OpenFlow role status ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (unimportant; bug #863655)
	[jessie] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
	[wheezy] - openvswitch <not-affected> (No controllers implemented, cf. #863655)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332966.html
	NOTE: Controllers shipped in Debian not vulnerable, see #863655
CVE-2017-9262 (In ImageMagick 7.0.5-6 Q16, the ReadJNGImage function in coders/png.c ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863834)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/475
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4649578df8dcbfb2b08d8623d52486dc124da3a8
CVE-2017-9261 (In ImageMagick 7.0.5-6 Q16, the ReadMNGImage function in coders/png.c ...)
	{DLA-1000-1}
	- imagemagick 8:6.9.7.4+dfsg-10 (low; bug #863833)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u10
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/476
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/01d522e990aa57cbe67d222dd5e8f7196cc6d199
CVE-2017-9260 (The TDStretchSSE::calcCrossCorr function in ...)
	- soundtouch 1.9.2-3 (low; bug #870857)
	[stretch] - soundtouch 1.9.2-2+deb9u1
	[jessie] - soundtouch <no-dsa> (Minor issue)
	[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9259 (The TDStretch::acceptNewOverlapLength function in ...)
	- soundtouch 1.9.2-3 (low; bug #870856)
	[stretch] - soundtouch 1.9.2-2+deb9u1
	[jessie] - soundtouch <no-dsa> (Minor issue)
	[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9258 (The TDStretch::processSamples function in ...)
	- soundtouch 1.9.2-3 (low; bug #870854)
	[stretch] - soundtouch 1.9.2-2+deb9u1
	[jessie] - soundtouch <no-dsa> (Minor issue)
	[wheezy] - soundtouch <no-dsa> (Minor issue)
CVE-2017-9257 (The mp4ff_read_ctts function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9256 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9255 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9254 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9253 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2016-10377 (In Open vSwitch (OvS) 2.5.0, a malformed IP packet can cause the switch ...)
	- openvswitch 2.6.1+git20161123-1
	[jessie] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
	[wheezy] - openvswitch <not-affected> (Vulnerable code using tot_len introduced later)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2016-July/319503.html
CVE-2017-9287 (servers/slapd/back-mdb/search.c in OpenLDAP through 2.4.44 is prone to ...)
	{DSA-3868-1 DLA-972-1}
	- openldap 2.4.44+dfsg-5 (bug #863563)
	NOTE: http://www.openldap.org/its/?findid=8655
	NOTE: https://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=0cee1ffb6021b1aae3fcc9581699da1c85a6dd6e
CVE-2017-9252 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: FineCMS
CVE-2017-9251 (andrzuk/FineCMS through 2017-05-28 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: FineCMS
CVE-2017-9250 (The lexer_process_char_literal function in ...)
	NOT-FOR-US: jerryscript
CVE-2017-9249 (Cross-site scripting (XSS) vulnerability in Allen Disk 1.6 allows ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9248 (Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 ...)
	NOT-FOR-US: Progress Telerik UI for ASP.NET AJAX
CVE-2017-9247 (Multiple unquoted service path vulnerabilities in Sierra Wireless ...)
	NOT-FOR-US: Sierra Wireless Windows Mobile Broadband Driver Packages
CVE-2017-9246 (New Relic .NET Agent before 6.3.123.0 adds SQL injection flaws to safe ...)
	NOT-FOR-US: New Relic .NET Agent
CVE-2017-9245 (The Google News and Weather application before 3.3.1 for Android allows ...)
	NOT-FOR-US: Google News and Weather application for Android
CVE-2017-9244 (Cross-site scripting (XSS) vulnerability in the Trello app before ...)
	NOT-FOR-US: Trello
CVE-2017-9243 (Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 ...)
	NOT-FOR-US: Aries QWR-1104 Wireless-N Router
CVE-2015-9059 (picocom before 2.0 has a command injection vulnerability in the 'send ...)
	{DLA-974-1}
	- picocom 1.7-2 (bug #863671)
	[jessie] - picocom <no-dsa> (Minor issue)
	NOTE: https://github.com/npat-efault/picocom/commit/1ebc60b20fbe9a02436d5cbbf8951714e749ddb1
CVE-2017-9242 (The __ip6_append_data function in net/ipv6/ip6_output.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: https://git.kernel.org/linus/232cd35d0804cc241eb887bb8d4d9b3b9881c64a
CVE-2017-9241
	RESERVED
CVE-2017-9240
	RESERVED
CVE-2016-10376 (Gajim through 0.16.7 unconditionally implements the &quot;XEP-0146: Remote ...)
	{DSA-3943-1 DLA-967-1}
	- gajim 0.16.6-1.1 (bug #863445)
	NOTE: https://dev.gajim.org/gajim/gajim/commit/cb65cfc5aed9efe05208ebbb7fb2d41fcf7253cc
	NOTE: https://dev.gajim.org/gajim/gajim/issues/8378
CVE-2016-10375 (Yodl before 3.07.01 has a Buffer Over-read in the queue_push function ...)
	{DLA-976-1}
	- yodl 3.07.01-1
	[jessie] - yodl <no-dsa> (Minor issue)
	NOTE: https://github.com/fbb-git/yodl/issues/1
	NOTE: https://github.com/fbb-git/yodl/commit/fd85f8c94182558ff1480d06a236d6fb927979a3
CVE-2017-9239 (An issue was discovered in Exiv2 0.26. When the data structure of the ...)
	{DLA-963-1}
	- exiv2 0.25-3.1 (bug #863410)
	[jessie] - exiv2 <ignored> (Minor issue)
	NOTE: http://dev.exiv2.org/issues/1296
	NOTE: fix: https://github.com/Exiv2/exiv2/commit/2f8681e120d277e418941c4361c83b5028f67fd8
CVE-2017-9238
	RESERVED
CVE-2017-9237
	RESERVED
CVE-2017-9236
	RESERVED
CVE-2017-9235
	RESERVED
CVE-2017-9234
	RESERVED
CVE-2017-9233 (XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat ...)
	{DSA-3898-1 DLA-990-1}
	- expat 2.2.1-1
	NOTE: https://libexpat.github.io/doc/cve-2017-9233/
	NOTE: https://github.com/libexpat/libexpat/commit/c4bf96bb51dd2a1b0e185374362ee136fe2c9d7f
CVE-2017-9232 (Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses ...)
	- juju <removed>
CVE-2017-9231 (XML external entity (XXE) vulnerability in Citrix XenMobile Server 9.x ...)
	NOT-FOR-US: Citrix
CVE-2017-9230 (The Bitcoin Proof-of-Work algorithm does not consider a certain attack ...)
	NOT-FOR-US: Bitcoin Proof-of-Work algorithm
CVE-2017-9229 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863318)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/issues/59
	NOTE: https://github.com/kkos/oniguruma/commit/b690371bbf97794b4a1d3f295d4fb9a8b05d402d
CVE-2017-9228 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863316)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/3b63d12038c8d8fc278e81c942fa9bec7c704c8b
	NOTE: https://github.com/kkos/oniguruma/issues/60
CVE-2017-9227 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863315)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/9690d3ab1f9bcd2db8cbe1fe3ee4a5da606b8814
	NOTE: https://github.com/kkos/oniguruma/issues/58
CVE-2017-9226 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863314)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/b4bf968ad52afe14e60a2dc8a95d3555c543353a
	NOTE: https://github.com/kkos/oniguruma/commit/f015fbdd95f76438cd86366467bb2b39870dd7c6
	NOTE: https://github.com/kkos/oniguruma/issues/55
CVE-2017-9225 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
	- libonig 6.1.3-2 (bug #863313)
	[jessie] - libonig <not-affected> (Vulnerable code introduced later)
	[wheezy] - libonig <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/kkos/oniguruma/commit/166a6c3999bf06b4de0ab4ce6b088a468cc4029f
	NOTE: https://github.com/kkos/oniguruma/issues/56
CVE-2017-9224 (An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in ...)
	{DLA-958-1}
	- libonig 6.1.3-2 (bug #863312)
	[jessie] - libonig 5.9.5-3.2+deb8u1
	NOTE: https://github.com/kkos/oniguruma/commit/690313a061f7a4fa614ec5cc8368b4f2284e059b
	NOTE: https://github.com/kkos/oniguruma/issues/57
CVE-2017-9223 (The mp4ff_read_stts function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9222 (The mp4ff_parse_tag function in common/mp4ff/mp4meta.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9221 (The mp4ff_read_mdhd function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9220 (The mp4ff_read_stco function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9219 (The mp4ff_read_stsc function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9218 (The mp4ff_read_stsd function in common/mp4ff/mp4atom.c in Freeware ...)
	{DLA-1077-1}
	- faad2 2.8.1-1 (low; bug #867724)
	[stretch] - faad2 <no-dsa> (Minor issue)
	[jessie] - faad2 <no-dsa> (Minor issue)
CVE-2017-9217 (systemd-resolved through 233 allows remote attackers to cause a denial ...)
	[experimental] - systemd 233-8
	- systemd 232-24 (bug #863277)
	[jessie] - systemd <not-affected> (vulnerable code introduced later)
	[wheezy] - systemd <not-affected> (vulnerable code introduced later)
	NOTE: https://github.com/systemd/systemd/pull/5998
CVE-2017-9216 (libjbig2dec.a in Artifex jbig2dec 0.13, as used in MuPDF and ...)
	- jbig2dec 0.13-5 (bug #863279)
	[stretch] - jbig2dec <no-dsa> (Minor issue)
	[jessie] - jbig2dec <no-dsa> (Minor issue)
	[wheezy] - jbig2dec <no-dsa> (Minor issue, can be fixed in a future update)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697934
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=3ebffb1d96ba0cacec23016eccb4047dab365853
CVE-2017-9215
	RESERVED
CVE-2017-9214 (In Open vSwitch (OvS) 2.7.0, while parsing an ...)
	[experimental] - openvswitch 2.8.1+dfsg1-1
	- openvswitch 2.8.1+dfsg1-2 (bug #863228)
	[stretch] - openvswitch <no-dsa> (Minor issue)
	[jessie] - openvswitch <not-affected> (Vulnerable code not present)
	[wheezy] - openvswitch <not-affected> (Vulnerable code not present)
	NOTE: https://mail.openvswitch.org/pipermail/ovs-dev/2017-May/332711.html
CVE-2017-9213
	RESERVED
CVE-2017-9212 (The Bluetooth stack on the BMW 330i 2011 allows a remote crash of the ...)
	NOT-FOR-US: Bluetooth stack on the BMW 330i 2011
CVE-2017-9211 (The crypto_skcipher_init_tfm function in crypto/skcipher.c in the Linux ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/9933e113c2e87a9f46a40fde8dafbf801dca1ab9
CVE-2017-9200 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9199 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9198 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9197 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9196 (libautotrace.a in AutoTrace 0.31.1 has a &quot;negative-size-param&quot; issue in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9195 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9194 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9193 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9192 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9191 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9190 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9189 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9188 (libautotrace.a in AutoTrace 0.31.1 has a &quot;left shift ... cannot be ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9187 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9186 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9185 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9184 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9183 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9182 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9181 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9180 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9179 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9178 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9177 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9176 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9175 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9174 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9173 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9172 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9171 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9170 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9169 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9168 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9167 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9166 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9165 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9164 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9163 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9162 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9161 (libautotrace.a in AutoTrace 0.31.1 has a &quot;cannot be represented in type ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9160 (libautotrace.a in AutoTrace 0.31.1 has a stack-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9159 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9158 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9157 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9156 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9155 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9154 (libautotrace.a in AutoTrace 0.31.1 allows remote attackers to cause a ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9153 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9152 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer over-read in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9151 (libautotrace.a in AutoTrace 0.31.1 has a heap-based buffer overflow in ...)
	- autotrace <removed>
	[wheezy] - autotrace <end-of-life> (Not supported in wheezy LTS)
CVE-2017-9150 (The do_check function in kernel/bpf/verifier.c in the Linux kernel ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/0d0e57697f162da4aa218b5feafe614fb666db07
CVE-2017-9210 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #863390)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
	NOTE: https://github.com/qpdf/qpdf/issues/101
CVE-2017-9209 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #863390)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
	NOTE: https://github.com/qpdf/qpdf/issues/100
CVE-2017-9208 (libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of ...)
	[experimental] - qpdf 7.0~b1-1
	- qpdf 7.0.0-1 (low; bug #863390)
	[stretch] - qpdf <no-dsa> (Minor issue)
	[jessie] - qpdf <no-dsa> (Minor issue)
	[wheezy] - qpdf <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/23/10
	NOTE: https://github.com/qpdf/qpdf/issues/99
CVE-2017-9207 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9206 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9205 (The iw_get_ui16be function in imagew-util.c:422:24 in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9204 (The iw_get_ui16le function in imagew-util.c:405:23 in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9203 (imagew-main.c:960:12 in libimageworsener.a in ImageWorsener 1.3.1 ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9202 (imagew-cmd.c:854:45 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9201 (imagew-cmd.c:850:46 in libimageworsener.a in ImageWorsener 1.3.1 allows ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9148 (The TLS session cache in FreeRADIUS 2.1.1 through 2.1.7, 3.0.x before ...)
	{DLA-977-1}
	- freeradius 3.0.12+dfsg-5 (bug #863673)
	[jessie] - freeradius <not-affected> (Only affects 2.1.1 to 2.1.7 and 3.0 to 3.0.13)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/29/1
	NOTE: http://freeradius.org/security.html#session-resumption-2017
	NOTE: https://anonscm.debian.org/cgit/pkg-freeradius/freeradius.git/commit/?id=8d681449aa95ee4388b5e3c266bdb070a264f563
CVE-2017-9147 (LibTIFF 4.0.7 has an invalid read in the _TIFFVGetField function in ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-2 (bug #863185)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2693
CVE-2017-9146 (The TNEFFillMapi function in lib/ytnef.c in libytnef in ytnef through ...)
	- libytnef <unfixed> (bug #862707)
	[stretch] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
	[jessie] - libytnef <no-dsa> (Minor issue, can be fixed via a point update)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/47
CVE-2017-9145 (TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not ...)
	- tikiwiki <removed>
CVE-2017-11352 (In ImageMagick before 7.0.5-10, a crafted RLE image can trigger a crash ...)
	{DSA-4040-1 DLA-1081-1}
	- imagemagick 8:6.9.7.4+dfsg-12 (bug #868469)
	[stretch] - imagemagick 8:6.9.7.4+dfsg-11+deb9u1
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/502
	NOTE: ImageMagick-6: https://github.com/ImageMagick/ImageMagick/commit/7f1f01b695e869c410ee10e2176f8fd764f09373
	NOTE: ImageMagick-7: https://github.com/ImageMagick/ImageMagick/commit/86cb33143c5b21912187403860a7c26761a3cd23
CVE-2017-9144 (In ImageMagick 7.0.5-5, a crafted RLE image can trigger a crash because ...)
	{DSA-3863-1 DLA-1081-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863126)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7fdf9ea808caa3c81a0eb42656e5fafc59084198
CVE-2017-9142 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863125)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/490
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/72f5c8632bff2daf3c95005f9b4cf2982786b52a
CVE-2017-9141 (In ImageMagick 7.0.5-7 Q16, a crafted file could trigger an assertion ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863124)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/489
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f5910e91b0778e03ded45b9022be8eb8f77942cd
CVE-2017-9143 (In ImageMagick 7.0.5-5, the ReadARTImage function in coders/art.c ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #863123)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/456
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b8c1df65b25d6671f113e2306982eded44ce3b4
CVE-2017-9140 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Telerik
CVE-2017-9139 (There is a stack-based buffer overflow on some Tenda routers ...)
	NOT-FOR-US: Tenda
CVE-2017-9138 (There is a debug-interface vulnerability on some Tenda routers ...)
	NOT-FOR-US: Tenda
CVE-2017-9137 (Ceragon FibeAir IP-10 wireless radios through 7.2.0 have a default ...)
	NOT-FOR-US: Ceragon FibeAir
CVE-2017-9136 (An issue was discovered on Mimosa Client Radios before 2.2.3. In the ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9135 (An issue was discovered on Mimosa Client Radios before 2.2.4 and Mimosa ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9134 (An information-leakage issue was discovered on Mimosa Client Radios ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9133 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9132 (A hard-coded credentials issue was discovered on Mimosa Client Radios ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9131 (An issue was discovered on Mimosa Client Radios before 2.2.3 and Mimosa ...)
	NOT-FOR-US: Mimosa Client Radios
CVE-2017-9130 (The faacEncOpen function in libfaac/frame.c in Freeware Advanced Audio ...)
	- faac 1.29+git20170704-1 (bug #865909)
	[stretch] - faac <no-dsa> (Non-free not supported)
	[jessie] - faac <no-dsa> (Non-free not supported)
	NOTE: https://www.exploit-db.com/exploits/42207/
CVE-2017-9129 (The wav_open_read function in frontend/input.c in Freeware Advanced ...)
	- faac 1.29+git20170704-1 (bug #865909)
	[stretch] - faac <no-dsa> (Non-free not supported)
	[jessie] - faac <no-dsa> (Non-free not supported)
	NOTE: https://www.exploit-db.com/exploits/42207/
CVE-2017-9128 (The quicktime_video_width function in lqt_quicktime.c in libquicktime ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9127 (The quicktime_user_atoms_read_atom function in useratoms.c in ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9126 (The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9125 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9124 (The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9123 (The lqt_frame_duration function in lqt_quicktime.c in libquicktime ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9122 (The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows ...)
	{DLA-1042-1}
	- libquicktime 2:1.2.4-11 (low; bug #864664)
	[stretch] - libquicktime 2:1.2.4-10+deb9u1
	[jessie] - libquicktime <no-dsa> (Minor issue)
CVE-2017-9121
	RESERVED
CVE-2017-9120
	RESERVED
CVE-2017-9119 (The i_zval_ptr_dtor function in Zend/zend_variables.h in PHP 7.1.5 ...)
	- php7.1 <unfixed> (unimportant)
	- php7.0 <unfixed> (unimportant)
	- php5 <unfixed> (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74593
	NOTE: Only triggerable by malicious script
CVE-2017-9118
	RESERVED
CVE-2017-9117 (In LibTIFF 4.0.7, the program processes BMP images without verifying ...)
	- tiff <unfixed> (unimportant)
	- tiff3 <not-affected> (Does not ship libtiff-tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2690
	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-9116 (In OpenEXR 2.2.0, an invalid read of size 1 in the uncompress function ...)
	{DLA-1083-1}
	- openexr 2.2.0-11.1 (bug #864078)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9115 (In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function ...)
	- openexr <unfixed> (bug #873885)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9114 (In OpenEXR 2.2.0, an invalid read of size 1 in the refill function in ...)
	- openexr <unfixed> (bug #873885)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9113 (In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels ...)
	- openexr <unfixed> (bug #873885)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9112 (In OpenEXR 2.2.0, an invalid read of size 1 in the getBits function in ...)
	{DLA-1083-1}
	- openexr 2.2.0-11.1 (bug #864078)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9111 (In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function ...)
	- openexr <unfixed> (bug #873885)
	[wheezy] - openexr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9110 (In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function ...)
	{DLA-1083-1}
	- openexr 2.2.0-11.1 (bug #864078)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/12/5
	NOTE: https://github.com/openexr/openexr/issues/232
CVE-2017-9109
	RESERVED
CVE-2017-9108
	RESERVED
CVE-2017-9107
	RESERVED
CVE-2017-9106
	RESERVED
CVE-2017-9105
	RESERVED
CVE-2017-9104
	RESERVED
CVE-2017-9103
	RESERVED
CVE-2017-9102
	RESERVED
CVE-2017-9101 (import.php (aka the Phonebook import feature) in PlaySMS 1.4 allows ...)
	NOT-FOR-US: PlaySMS
CVE-2014-9970 (jasypt before 1.9.2 allows a timing attack against the password hash ...)
	- jasypt 1.9.2-1
	[jessie] - jasypt <no-dsa> (Minor issue)
	[wheezy] - jasypt <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/jasypt/code/668/
CVE-2017-9100 (login.cgi on D-Link DIR-600M devices with firmware 3.04 allows remote ...)
	NOT-FOR-US: D-Link
CVE-2017-9099
	RESERVED
CVE-2017-9098 (ImageMagick before 7.0.5-2 and GraphicsMagick before 1.3.24 use ...)
	{DSA-3863-1 DLA-960-1 DLA-953-1}
	- imagemagick 8:6.9.7.4+dfsg-9 (bug #862967)
	- graphicsmagick 1.3.24-1
	NOTE: ImageMagick fix: https://github.com/ImageMagick/ImageMagick/commit/1c358ffe0049f768dd49a8a889c1cbf99ac9849b
	NOTE: GraphicsMagick fix: http://hg.code.sf.net/p/graphicsmagick/code/diff/0a5b75e019b6/coders/rle.c
	NOTE: https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
CVE-2017-9097 (In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through ...)
	NOT-FOR-US: Anti-Web
CVE-2017-9096 (The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not ...)
	NOT-FOR-US: iText
CVE-2017-9095 (XXE in Diving Log 6.0 allows attackers to remotely view local files ...)
	NOT-FOR-US: Diving Log
CVE-2017-9094 (The lzw_add_to_dict function in imagew-gif.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9093 (The my_skip_input_data_fn function in imagew-jpeg.c in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-9092
	RESERVED
CVE-2017-9091 (/admin/loginc.php in Allen Disk 1.6 doesn't check if ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9090 (reg.php in Allen Disk 1.6 doesn't check if ...)
	NOT-FOR-US: Allen Disk
CVE-2017-9089
	RESERVED
CVE-2017-9088
	RESERVED
CVE-2017-9087
	RESERVED
CVE-2017-9086
	RESERVED
CVE-2017-9085 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite 6.5 ...)
	NOT-FOR-US: Kodak InSite
CVE-2017-9084
	RESERVED
CVE-2017-9083 (poppler 0.54.0, as used in Evince and other products, has a NULL ...)
	- poppler <unfixed> (unimportant; bug #863016)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101084
	NOTE: Does not use JPX decoder but openjpeg; affected only source wise
CVE-2017-9082
	RESERVED
CVE-2017-9081
	RESERVED
CVE-2017-9080 (PlaySMS 1.4 allows remote code execution because PHP code in the name ...)
	NOT-FOR-US: PlaySMS
CVE-2017-9079 (Dropbear before 2017.75 might allow local users to read certain files ...)
	{DSA-3859-1 DLA-948-1}
	- dropbear 2016.74-5 (bug #862970)
	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/0d889b068123
CVE-2017-9078 (The server in Dropbear before 2017.75 might allow post-authentication ...)
	{DSA-3859-1}
	- dropbear 2016.74-5 (bug #862970)
	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://secure.ucc.asn.au/hg/dropbear/rev/c8114a48837c
CVE-2017-9077 (The tcp_v6_syn_recv_sock function in net/ipv6/tcp_ipv6.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
CVE-2017-9076 (The dccp_v6_request_recv_sock function in net/dccp/ipv6.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/83eaddab4378db256d00d295bda6ca997cd13a52
CVE-2017-9075 (The sctp_v6_create_accept_sk function in net/sctp/ipv6.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/fdcee2cbb8438702ea1b328fb6e0ac5e9a40c7f8
CVE-2017-9074 (The IPv6 fragmentation implementation in the Linux kernel through ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/2423496af35d94a87156b063ea5cedffc10a70a1
CVE-2017-9073
	REJECTED
CVE-2017-9072 (Two CalendarXP products have XSS in common parts of HTML files. ...)
	NOT-FOR-US: CalendarXP
CVE-2017-9071 (In MODX Revolution before 2.5.7, an attacker might be able to trigger ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9070 (In MODX Revolution before 2.5.7, a user with resource edit permissions ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9069 (In MODX Revolution before 2.5.7, a user with file upload permissions is ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9068 (In MODX Revolution before 2.5.7, an attacker is able to trigger ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9067 (In MODX Revolution before 2.5.7, when PHP 5.3.3 is used, an attacker is ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-9060 (Memory leak in the virtio_gpu_set_scanout function in ...)
	- qemu <unfixed> (unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dd248ed7e204ee8a1873914e02b8b526e8f1b80d
CVE-2017-9059 (The NFSv4 implementation in the Linux kernel through 4.11.1 allows ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Introduced in 4.9)
	[wheezy] - linux <not-affected> (Introduced in 4.9)
CVE-2017-9057
	RESERVED
CVE-2017-9056
	RESERVED
CVE-2017-9055 (An issue, also known as DW201703-001, was discovered in libdwarf ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-001
CVE-2017-9054 (An issue, also known as DW201703-002, was discovered in libdwarf ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-002
CVE-2017-9053 (An issue, also known as DW201703-005, was discovered in libdwarf ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-005
CVE-2017-9052 (An issue, also known as DW201703-006, was discovered in libdwarf ...)
	- dwarfutils 20170416-2 (bug #864064)
	[stretch] - dwarfutils 20161124-1+deb9u1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201703-006
CVE-2017-9051 (libav before 12.1 is vulnerable to an invalid read of size 1 due to ...)
	- libav <removed> (low)
	[jessie] - libav <not-affected> (Tested with the original reproducer, 0.11 branch not vulnerable)
	[wheezy] - libav <not-affected> (Tested with the original reproducer, 0.8 branch not vulnerable)
	- ffmpeg 7:2.6.1-1 (low)
	NOTE: Fix in libav: https://github.com/libav/libav/commit/fe6eea99efac66839052af547426518efd970b24.patch
	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/8d7ce5cdb707d4b22749f72d3f118e62e2b95cd3
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1039
CVE-2017-9050 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863018)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781361 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9049 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863019)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781205 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=e26630548e7d138d2c560844c43820b6767251e3
CVE-2017-9048 (libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863021)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781701 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9047 (A buffer overflow was discovered in libxml2 ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #863022)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781333 (not public)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/15/1
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=932cc9896ab41475d4aa429c27d9afd175959d74
CVE-2017-9046 (winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code ...)
	NOT-FOR-US: Pegasus Mail
CVE-2017-9045 (The Google I/O 2017 application before 5.1.4 for Android downloads ...)
	NOT-FOR-US: Google I/O 2017 application
CVE-2017-9044 (The print_symbol_for_build_attribute function in readelf.c in GNU ...)
	- binutils 2.29-1 (low)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
CVE-2017-9043 (readelf.c in GNU Binutils 2017-04-12 has a &quot;shift exponent too large ...)
	- binutils 2.29-1 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ddef72cdc10d82ba011a7ff81cafbbd3466acf54
CVE-2017-9042 (readelf.c in GNU Binutils 2017-04-12 has a &quot;cannot be represented in ...)
	- binutils 2.29-1 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9041 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
	- binutils 2.28-6 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=75ec1fdbb797a389e4fe4aaf2e15358a070dcc19
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=c4ab9505b53cdc899506ed421fddb7e1f8faf7a3
CVE-2017-9040 (GNU Binutils 2017-04-03 allows remote attackers to cause a denial of ...)
	- binutils 2.29-1 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7296a62a2a237f6b1ad8db8c38b090e9f592c8cf
CVE-2017-9039 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
	- binutils 2.28-6 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=82156ab704b08b124d319c0decdbd48b3ca2dac5
CVE-2017-9038 (GNU Binutils 2.28 allows remote attackers to cause a denial of service ...)
	- binutils 2.28-6 (low; bug #863674)
	[stretch] - binutils <ignored> (Minor issue)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f32ba72991d2406b21ab17edc234a2f3fa7fb23d
CVE-2017-9037 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9036 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9035 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9034 (Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9033 (Cross-site request forgery (CSRF) vulnerability in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9032 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2017-9058 (In libytnef in ytnef through 1.9.2, there is a heap-based buffer ...)
	- libytnef 1.9.2-2 (low; bug #862556)
	[jessie] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	NOTE: https://github.com/Yeraze/ytnef/issues/45
CVE-2017-9030 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
	NOT-FOR-US: Joomla extension
CVE-2017-9029
	RESERVED
CVE-2017-9028
	RESERVED
CVE-2017-9027
	RESERVED
CVE-2017-9026 (Stack buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...)
	NOT-FOR-US: HooHoo Trip Mate
CVE-2017-9025 (Heap buffer overflow in vshttpd (aka ioos) in HooToo Trip Mate 6 (TM6) ...)
	NOT-FOR-US: HooHoo Trip Mate
CVE-2017-9066 (In WordPress before 4.7.5, there is insufficient redirect validation in ...)
	{DLA-1075-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	[jessie] - wordpress 4.1+dfsg-1+deb8u16
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/76d77e927bb4d0f87c7262a50e28d84e01fd2b11
CVE-2017-9065 (In WordPress before 4.7.5, there is a lack of capability checks for ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/e88a48a066ab2200ce3091b131d43e2fab2460a4
CVE-2017-9064 (In WordPress before 4.7.5, a Cross Site Request Forgery (CSRF) ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/38347d7c580be4cdd8476e4bbc653d5c79ed9b67
CVE-2017-9063 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/3d10fef22d788f29aed745b0f5ff6f6baea69af3
CVE-2017-9062 (In WordPress before 4.7.5, there is improper handling of post meta data ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/3d95e3ae816f4d7c638f40d3e936a4be19724381
CVE-2017-9061 (In WordPress before 4.7.5, a cross-site scripting (XSS) vulnerability ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-1 (bug #862816)
	NOTE: https://wordpress.org/news/2017/05/wordpress-4-7-5/
	NOTE: https://github.com/WordPress/WordPress/commit/8c7ea71edbbffca5d9766b7bea7c7f3722ffafa6
CVE-2017-9024 (Secure Bytes Cisco Configuration Manager, as bundled in Secure Bytes ...)
	NOT-FOR-US: Secure Bytes Cisco Configuration Manager
CVE-2017-9023 (The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE ...)
	{DSA-3866-1 DLA-973-1}
	- strongswan 5.5.1-4
	NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=407fcca200fdf6a41a04ac0885a770b6b53c5d23
CVE-2017-9022 (The gmp plugin in strongSwan before 5.5.3 does not properly validate ...)
	{DSA-3866-1 DLA-973-1}
	- strongswan 5.5.1-4
	NOTE: upstream fix https://git.strongswan.org/?p=strongswan.git;a=commit;h=6681d98d18d24b31410fc12c3d61f150107481b3
CVE-2017-9021
	REJECTED
CVE-2017-9020
	RESERVED
CVE-2016-10373
	REJECTED
CVE-2016-10372 (The Eir D1000 modem does not properly restrict the TR-064 protocol, ...)
	NOT-FOR-US: Eir D1000 modem
CVE-2017-9019
	RESERVED
CVE-2017-9018
	RESERVED
CVE-2017-9017
	RESERVED
CVE-2017-9016
	RESERVED
CVE-2017-9015
	RESERVED
CVE-2017-9014
	RESERVED
CVE-2017-9013
	RESERVED
CVE-2017-9012
	RESERVED
CVE-2017-9011
	RESERVED
CVE-2017-9010
	RESERVED
CVE-2017-9009
	RESERVED
CVE-2017-9008
	RESERVED
CVE-2017-9007
	RESERVED
CVE-2017-9006
	RESERVED
CVE-2017-9005
	RESERVED
CVE-2017-9004
	RESERVED
CVE-2017-9003
	RESERVED
CVE-2017-9002
	RESERVED
CVE-2017-9001
	RESERVED
CVE-2017-9000
	RESERVED
CVE-2017-8999
	RESERVED
CVE-2017-8998
	RESERVED
CVE-2017-8997
	RESERVED
CVE-2017-8996
	RESERVED
CVE-2017-8995
	RESERVED
CVE-2017-8994 (A input validation vulnerability in HPE Operations Orchestration ...)
	NOT-FOR-US: HPE
CVE-2017-8993 (A Remote Cross-Site Scripting vulnerability in HPE Project and ...)
	NOT-FOR-US: HPE Project and Portfolio Management
CVE-2017-8992
	RESERVED
CVE-2017-8991
	RESERVED
CVE-2017-8990
	RESERVED
CVE-2017-8989
	RESERVED
CVE-2017-8988
	RESERVED
CVE-2017-8987
	RESERVED
CVE-2017-8986
	RESERVED
CVE-2017-8985 (HPE XP Storage using Hitachi Global Link Manager (HGLM) has a local ...)
	NOT-FOR-US: HPE XP Storage
CVE-2017-8984 (A remote code execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8983 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8982 (A Remote Authentication Restriction Bypass vulnerability in HPE ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8981 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8980 (A Remote Disclosure of Information vulnerability in HPE Intelligent ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8979 (Security vulnerabilities in the HPE Integrated Lights-Out 2 (iLO 2) ...)
	NOT-FOR-US: HPE Integrated Lights-Out 2 (iLO 2) firmware
CVE-2017-8978 (A Remote Unauthorized Disclosure of Information vulnerability in HPE ...)
	NOT-FOR-US: HPE IceWall Products
CVE-2017-8977 (A Remote Denial of Service vulnerability in Hewlett Packard Enterprise ...)
	NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
CVE-2017-8976 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise ...)
	NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
CVE-2017-8975 (A Remote Code Execution vulnerability in Hewlett Packard Enterprise ...)
	NOT-FOR-US: Hewlett Packard Enterprise Moonshot Provisioning Manager Appliance
CVE-2017-8974 (A Local Authentication Restriction Bypass vulnerability in HPE NonStop ...)
	NOT-FOR-US: HPE NonStop Server
CVE-2017-8973 (An improper input validation vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8972 (A clickjacking vulnerability in HPE Matrix Operating Environment ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8971 (A clickjacking vulnerability in HPE Matrix Operating Environment ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8970 (A remote unauthenticated disclosure of information vulnerability in ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-8969 (An improper input validation vulnerability in HPE Insight Control ...)
	NOT-FOR-US: HPE Insight Control
CVE-2017-8968
	RESERVED
CVE-2017-8967 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8966 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8965 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8964 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8963 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8962 (A Deserialization of Untrusted Data vulnerability in Hewlett Packard ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8961 (A directory traversal vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8960 (An Authentication Bypass vulnerability in HPE MSA 1040 and MSA 2040 ...)
	NOT-FOR-US: HPE MSA
CVE-2017-8959 (An Authentication Bypass vulnerability in HPE MSA 1040 and HPE MSA ...)
	NOT-FOR-US: HPE MSA
CVE-2017-8958 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8957 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8956 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8955 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8954 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-8953 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE LoadRunner ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2017-8952 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8951 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8950 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8949 (A Disclosure of Sensitive Information vulnerability in HPE SiteScope ...)
	NOT-FOR-US: HPE SiteScope
CVE-2017-8948 (A Remote Bypass Security Restriction vulnerability in HPE Network Node ...)
	NOT-FOR-US: HPE Network Node Manager
CVE-2017-8947 (A Remote Code Execution vulnerability in HPE UCMDB version v10.10, ...)
	NOT-FOR-US: HPE UCMDB
CVE-2017-8946 (A Remote Code Execution vulnerability in HPE Aruba AirWave Glass ...)
	NOT-FOR-US: HPE Aruba AirWave Glass
CVE-2017-8945 (A Remote Unauthorized Disclosure of Information vulnerability in HPE ...)
	NOT-FOR-US: HPE IceWall Federation Agent
CVE-2017-8944 (A Remote Disclosure of Information vulnerability in HPE Cloud ...)
	NOT-FOR-US: HPE Cloud Optimizer
CVE-2017-8943 (The PUMA PUMATRAC app 3.0.2 for iOS does not verify X.509 certificates ...)
	NOT-FOR-US: PUMA PUMATRAC app
CVE-2017-8942 (The YottaMark ShopWell - Healthy Diet &amp; Grocery Food Scanner app 5.3.7 ...)
	NOT-FOR-US: YottaMark ShopWell app
CVE-2017-8941 (The Interval International app 3.3 through 3.5.1 for iOS does not ...)
	NOT-FOR-US: Interval International app
CVE-2017-8940 (The Zipongo - Healthy Recipes and Grocery Deals app before 6.3 for iOS ...)
	NOT-FOR-US: Zipongo app
CVE-2017-8939 (The Warner Bros. ellentube app 3.1.1 through 3.1.3 for iOS does not ...)
	NOT-FOR-US: ellentube app
CVE-2017-8938 (The Radio Javan app 9.3.4 through 9.6.1 for iOS does not verify X.509 ...)
	NOT-FOR-US: Radio Javan app
CVE-2017-8937 (The Life Before Us Yo app 2.5.8 for iOS does not verify X.509 ...)
	NOT-FOR-US: Life Before Us Yo app
CVE-2017-8936 (The MoboTap Dolphin Web Browser - Fast Private Internet Search app ...)
	NOT-FOR-US: MoboTap Dolphin Web Browser
CVE-2017-8935 (The Quest Information Systems Indiana Voters app 1.1.24 for iOS does ...)
	NOT-FOR-US: Quest Information Systems Indiana Voters app
CVE-2016-10374 (perltidy through 20160302, as used by perlcritic, check-all-the-things, ...)
	- perltidy 20140328-2 (bug #862667)
	[jessie] - perltidy <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - perltidy <no-dsa> (Minor issue)
CVE-2017-8932 (A bug in the standard library ScalarMult implementation of curve P-256 ...)
	- golang-1.8 1.8.3-1 (bug #863307)
	[stretch] - golang-1.8 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang-1.7 1.7.6-1 (bug #863308)
	[stretch] - golang-1.7 <ignored> (Minor issue, would require builds of all go packages in stable)
	- golang <removed>
	[wheezy] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve)
	[jessie] - golang <not-affected> (Vulnerable code not present, no ASM implementation of the p256 elliptic curve)
	NOTE: Upstream issue: https://github.com/golang/go/issues/20040
	NOTE: Upstream patch: https://golang.org/cl/41070
	NOTE: Fix for 1.7: https://go-review.googlesource.com/c/43773
	NOTE: Fix for 1.8: https://go-review.googlesource.com/c/43770
CVE-2017-8931
	RESERVED
CVE-2017-8930 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
	NOT-FOR-US: Simple Invoices
CVE-2017-8929 (The sized_string_cmp function in libyara/sizedstr.c in YARA 3.5.0 ...)
	- yara 3.6.0+dfsg-1
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/658
	NOTE: https://github.com/VirusTotal/yara/commit/053e67e3ec81cc9268ce30eaf0d6663d8639ed1e
CVE-2017-8928 (mailcow 0.14, as used in &quot;mailcow: dockerized&quot; and other products, has ...)
	NOT-FOR-US: mailcow
CVE-2017-9031 (The WebUI component in Deluge before 1.3.15 contains a directory ...)
	{DSA-3856-1 DLA-943-1}
	- deluge 1.3.13+git20161130.48cedf63-3 (bug #862611)
	NOTE: http://dev.deluge-torrent.org/wiki/ReleaseNotes/1.3.15
	NOTE: Fixed by: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=41acade01ae88f7b7bbdba308a0886771aa582fd
CVE-2017-8934 (PCManFM 1.2.5 insecurely uses /tmp for a socket file, allowing a local ...)
	- pcmanfm 1.2.5-3 (low; bug #862571)
	[jessie] - pcmanfm <no-dsa> (Minor issue)
	[wheezy] - pcmanfm <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/pcmanfm.git;a=commitdiff;h=bc8c3d871e9ecc67c47ff002b68cf049793faf08
CVE-2017-8933 (Libmenu-cache 1.0.2 insecurely uses /tmp for a socket file, allowing a ...)
	- menu-cache 1.0.2-3 (low; bug #862570)
	[jessie] - menu-cache <no-dsa> (Minor issue)
	[wheezy] - menu-cache <no-dsa> (Minor issue)
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/menu-cache.git;a=commitdiff;h=56f66684592abf257c4004e6e1fff041c64a12ce
CVE-2017-8927 (Buffer overflow in Larson VizEx Reader 9.7.5 allows attackers to cause ...)
	NOT-FOR-US: Larson VizEx Reader
CVE-2017-8926 (Buffer overflow in Halliburton LogView Pro 10.0.1 allows attackers to ...)
	NOT-FOR-US: Halliburton LogView Pro
CVE-2017-8925 (The omninet_open function in drivers/usb/serial/omninet.c in the Linux ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.16-1 (low)
	NOTE: Fixed by: https://git.kernel.org/linus/30572418b445d85fcfe6c8fe84c947d2606767d8
CVE-2017-8924 (The edge_bulk_in_callback function in drivers/usb/serial/io_ti.c in the ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.16-1 (low)
	NOTE: Fixed by: https://git.kernel.org/linus/654b404f2a222f918af9b0cd18ad469d0c941a8e
CVE-2017-8923 (The zend_string_extend function in Zend/zend_string.h in PHP through ...)
	- php7.1 <unfixed> (bug #881539)
	- php7.0 <unfixed> (bug #881538)
	[stretch] - php7.0 <ignored> (Minor issue)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74577
	NOTE: (Duplicate of) PHP Bug: https://bugs.php.net/bug.php?id=73122
CVE-2017-8922
	RESERVED
CVE-2017-8921 (In FlightGear before 2017.2.1, the FGCommand interface allows ...)
	- flightgear 1:2016.4.4+dfsg-3 (bug #862689)
	[jessie] - flightgear 3.0.0-5+deb8u2
	NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/faf872e7f71ca14c567ac7080561fc785d8d2fd0/ (next)
	NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/19ab09406e4249f2c6f8ac51938258d1c51eace0/ (2016.4)
	NOTE: Fixed by: https://sourceforge.net/p/flightgear/flightgear/ci/c8250b10bb9a116889f831d2299678b0ef70fec2/ (3.0.0)
CVE-2017-8920 (irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the ...)
	- cgiirc <removed>
CVE-2017-8919 (NetApp OnCommand API Services before 1.2P3 logs the LDAP BIND password ...)
	NOT-FOR-US: NetApp
CVE-2017-8918 (XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - ...)
	NOT-FOR-US: Dive Assistant
CVE-2017-8917 (SQL injection vulnerability in Joomla! 3.7.x before 3.7.1 allows ...)
	NOT-FOR-US: Joomla
CVE-2017-8916 (In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an ...)
	NOT-FOR-US: Center for Internet Security CIS-CAT Pro Dashboard
CVE-2017-8915 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2017-8914 (sinopia, as used in SAP HANA XS 1.00 and 2.00, allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2017-8913 (The Visual Composer VC70RUNTIME component in SAP NetWeaver AS JAVA 7.5 ...)
	NOT-FOR-US: SAP
CVE-2017-8912 (** DISPUTED ** CMS Made Simple (CMSMS) 2.1.6 allows remote ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-8911 (An integer underflow has been identified in the unicode_to_utf8() ...)
	{DSA-3869-1 DLA-962-1}
	- tnef 1.4.12-1.2 (bug #862442)
	NOTE: https://github.com/verdammelt/tnef/issues/23
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/a686971a1f124d9ae18946b1844dbc2c1f30df10
CVE-2017-8910
	RESERVED
CVE-2017-8909
	RESERVED
CVE-2017-8908 (The mark_line_tr function in gxscanc.c in Artifex Ghostscript 9.21 ...)
	- ghostscript 9.22~dfsg-1 (unimportant)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697810
	NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
	NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
CVE-2017-8907 (Atlassian Bamboo 5.x before 5.15.7 and 6.x before 6.0.1 did not ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2017-8906 (An integer underflow vulnerability exists in pixel-a.asm, the x86 ...)
	- x265 <not-affected> (Affected code is not enabled)
	NOTE: https://bitbucket.org/multicoreware/x265/issues/345/integer-underflow-in-x265-source-common
CVE-2017-8902
	RESERVED
CVE-2017-8901
	RESERVED
CVE-2017-8900 (LightDM through 1.22.0, when systemd is used in Ubuntu 16.10 and 17.x, ...)
	- lightdm <not-affected> (No guest account support in Debian, cf. #661230)
CVE-2017-8899 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
	NOT-FOR-US: Invision Power Services
CVE-2017-8898 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
	NOT-FOR-US: Invision Power Services
CVE-2017-8897 (Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has ...)
	NOT-FOR-US: Invision Power Services
CVE-2017-8896 (ownCloud Server before 8.2.12, 9.0.x before 9.0.10, 9.1.x before ...)
	- owncloud <removed>
CVE-2017-8895 (In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before ...)
	NOT-FOR-US: Veritas
CVE-2017-8894 (AeroAdmin 4.1 uses an insecure protocol (HTTP) to perform software ...)
	NOT-FOR-US: AeroAdmin
CVE-2017-8893 (AeroAdmin 4.1 uses a function to copy data between two pointers where ...)
	NOT-FOR-US: AeroAdmin
CVE-2017-8892 (Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 ...)
	NOT-FOR-US: OpenText Tempo Box
CVE-2017-8891 (Dropbox Lepton 1.2.1 allows DoS (SEGV and application crash) via a ...)
	- lepton 1.2.1+20170405-1 (bug #862446)
	NOTE: https://github.com/dropbox/lepton/issues/87
	NOTE: https://github.com/dropbox/lepton/commit/82167c144a322cc956da45407f6dce8d4303d346
CVE-2017-8889
	RESERVED
CVE-2017-8888
	RESERVED
CVE-2017-8887
	RESERVED
CVE-2017-8886
	RESERVED
CVE-2017-8885
	RESERVED
CVE-2017-8884
	RESERVED
CVE-2017-8883
	RESERVED
CVE-2017-8882
	RESERVED
CVE-2017-8881
	RESERVED
CVE-2017-8880
	RESERVED
CVE-2017-8879 (Dolibarr ERP/CRM 4.0.4 allows password changes without supplying the ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	[jessie] - dolibarr <no-dsa> (Minor issue)
CVE-2017-8878 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
	NOT-FOR-US: ASUS
CVE-2017-8877 (ASUS RT-AC* and RT-N* devices with firmware through 3.0.0.4.380.7378 ...)
	NOT-FOR-US: ASUS
CVE-2017-8890 (The inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c in ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/657831ffc38e30092a2d5f03d385d710eb88b09a
CVE-2017-8876 (Symphony 2 2.6.11 has XSS in the meta[navigation_group] parameter to ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-8875 (CSRF in the Clean Login plugin before 1.8 for WordPress allows remote ...)
	NOT-FOR-US: Wordpress addon
CVE-2017-8874 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mautic ...)
	NOT-FOR-US: Mautic
CVE-2017-8873
	RESERVED
CVE-2017-8872 (The htmlParseTryOrFinish function in HTMLparser.c in libxml2 2.9.4 ...)
	- libxml2 2.9.4+dfsg1-6.1 (bug #862450)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	[jessie] - libxml2 <no-dsa> (Minor issue)
	[wheezy] - libxml2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775200
CVE-2017-8871 (The cr_parser_parse_selector_core function in cr-parser.c in libcroco ...)
	- libcroco <unfixed> (bug #864666; low)
	[stretch] - libcroco <no-dsa> (Minor issue)
	[jessie] - libcroco <no-dsa> (Minor issue)
	[wheezy] - libcroco <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782649
CVE-2017-8870 (Buffer overflow in AudioCoder 0.8.46 allows remote attackers to execute ...)
	NOT-FOR-US: AudioCoder
CVE-2017-8869 (Buffer overflow in MediaCoder 0.8.48.5888 allows remote attackers to ...)
	NOT-FOR-US: MediaCoder
CVE-2017-8868 (acp/core/files.browser.php in flatCore 1.4.7 allows file deletion via ...)
	NOT-FOR-US: flatCore
CVE-2017-8867 (Elemental Path's CogniToys Dino smart toys through firmware version ...)
	NOT-FOR-US: Elemental Path's CogniToys Dino smart toys
CVE-2017-8866 (Elemental Path's CogniToys Dino smart toys through firmware version ...)
	NOT-FOR-US: Elemental Path's CogniToys Dino smart toys
CVE-2017-8865 (Elemental Path's CogniToys Dino smart toys through firmware version ...)
	NOT-FOR-US: Elemental Path's CogniToys Dino smart toys
CVE-2017-8864 (Client-side enforcement using JavaScript of server-side security ...)
	NOT-FOR-US: Cohu
CVE-2017-8863 (Information disclosure of .esp source code on the Cohu 3960 allows an ...)
	NOT-FOR-US: Cohu
CVE-2017-8862 (The webupgrade function on the Cohu 3960HD does not verify the firmware ...)
	NOT-FOR-US: Cohu
CVE-2017-8861 (Missing authentication for the remote configuration port 1236/tcp on ...)
	NOT-FOR-US: Cohu
CVE-2017-8860 (Information disclosure through directory listing on the Cohu 3960HD ...)
	NOT-FOR-US: Cohu
CVE-2017-8859 (In Veritas NetBackup Appliance 3.0 and earlier, unauthenticated users ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-8858 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-8857 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-8856 (In Veritas NetBackup 8.0 and earlier and NetBackup Appliance 3.0 and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2016-10371 (The TIFFWriteDirectoryTagCheckedRational function in tif_dirwrite.c in ...)
	{DLA-969-1}
	- tiff 4.0.7-7 (low; bug #862929)
	[jessie] - tiff 4.0.3-12.3+deb8u5
	- tiff3 <removed>
	[wheezy] - tiff3 <no-dsa> (tiff tools are not built, can be fixed later)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2535
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2612
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/0abd094b6e5079c4d8be733829240491cb230f3d
CVE-2017-1000044 (gtk-vnc 0.4.2 and older doesn't check framebuffer boundaries correctly ...)
	- gtk-vnc 0.4.3-1
	NOTE: Fixed by: https://git.gnome.org/browse/gtk-vnc/commit/?id=f3fc5e57a78d4be9872f1394f697b9929873a737 (release-0.4.3)
CVE-2017-8855 (wolfSSL before 3.11.0 does not prevent wc_DhAgree from accepting a ...)
	- wolfssl 3.12.0+dfsg-1 (bug #870170)
	NOTE: Fixed upstream in 3.11.0, https://github.com/wolfSSL/wolfssl/releases/tag/v3.11.0-stable
CVE-2017-8854 (wolfSSL before 3.10.2 has an out-of-bounds memory access with loading ...)
	- wolfssl 3.10.2+dfsg-1
CVE-2017-8853 (Fiyo CMS v2.0.7 has an arbitrary file delete vulnerability in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-8852 (SAP SAPCAR 721.510 has a Heap Based Buffer Overflow Vulnerability. It ...)
	NOT-FOR-US: SAP
CVE-2017-8851 (An issue was discovered on OnePlus One and X devices. Due to a lenient ...)
	NOT-FOR-US: OnePlus One
CVE-2017-8850 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. Due to ...)
	NOT-FOR-US: OnePlus One
CVE-2017-8849 (smb4k before 2.0.1 allows local users to gain root privileges by ...)
	{DSA-3951-1 DLA-1002-1}
	- smb4k 1.2.1-2 (bug #862505)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
	NOTE: https://www.kde.org/info/security/advisory-20170510-2.txt
	NOTE: https://github.com/stealth/plasmapulsar
	NOTE: smb4k 2.0.0: https://commits.kde.org/smb4k/a90289b0962663bc1d247bbbd31b9e65b2ca000e
	NOTE: smb4k 1.2.3: https://commits.kde.org/smb4k/71554140bdaede27b95dbe4c9b5a028a83c83cce
CVE-2017-8848 (Allen Disk 1.6 has CSRF in setpass.php with an impact of changing a ...)
	NOT-FOR-US: Allen Disk
CVE-2017-8847 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863145)
	NOTE: https://github.com/ckolivas/lrzip/issues/67
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-bufreadget-libzpaq-h/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8846 (The read_stream function in stream.c in liblrzip.so in lrzip 0.631 ...)
	- lrzip 0.631+git180517-1 (bug #863150)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/71
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-use-after-free-in-read_stream-stream-c/
CVE-2017-8845 (The lzo1x_decompress function in lzo1x_d.ch in LZO 2.08, as used in ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863151)
	NOTE: https://github.com/ckolivas/lrzip/issues/68
	NOTE: https://github.com/ckolivas/lrzip/commit/89d7b33e6a6450eed326b40084b547d42bad333f
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-invalid-memory-read-in-lzo_decompress_buf-stream-c/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8844 (The read_1g function in stream.c in liblrzip.so in lrzip 0.631 allows ...)
	- lrzip 0.631+git180517-1 (bug #863153)
	[stretch] - lrzip <no-dsa> (Minor issue)
	[jessie] - lrzip <no-dsa> (Minor issue)
	[wheezy] - lrzip <no-dsa> (Minor issue)
	NOTE: https://github.com/ckolivas/lrzip/issues/70
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-heap-based-buffer-overflow-write-in-read_1g-stream-c/
CVE-2017-8843 (The join_pthread function in stream.c in liblrzip.so in lrzip 0.631 ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863155)
	NOTE: https://github.com/ckolivas/lrzip/issues/69
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-null-pointer-dereference-in-join_pthread-stream-c/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8842 (The bufRead::get() function in libzpaq/libzpaq.h in liblrzip.so in ...)
	- lrzip 0.631+git180517-1 (unimportant; bug #863156)
	NOTE: https://github.com/ckolivas/lrzip/issues/66
	NOTE: https://blogs.gentoo.org/ago/2017/05/07/lrzip-divide-by-zero-in-bufreadget-libzpaq-h/
	NOTE: Crash in CLI tool, no security implications
CVE-2017-8841 (Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8840 (Debug information disclosure exists on Peplink Balance 305, 380, 580, ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8839 (XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8838 (XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8837 (Cleartext password storage exists on Peplink Balance 305, 380, 580, ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8836 (CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2017-8835 (SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and ...)
	NOT-FOR-US: Peplink Balance devices
CVE-2016-10370 (An issue was discovered on OnePlus devices such as the 3T. The OnePlus ...)
	NOT-FOR-US: OnePlus
CVE-2016-10369 (unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a ...)
	{DLA-935-1}
	- lxterminal 0.3.0-2 (low; bug #862098)
	[jessie] - lxterminal 0.2.0-1+deb8u1
	NOTE: Fixed by: https://git.lxde.org/gitweb/?p=lxde/lxterminal.git;a=commit;h=f99163c6ff8b2f57c5f37b1ce5d62cf7450d4648
CVE-2017-8834 (The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 ...)
	- libcroco <unfixed> (bug #864666; low)
	[stretch] - libcroco <no-dsa> (Minor issue)
	[jessie] - libcroco <no-dsa> (Minor issue)
	[wheezy] - libcroco <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=782647
CVE-2017-8833 (Zen Cart 1.6.0 has XSS in the main_page parameter to index.php. NOTE: ...)
	NOT-FOR-US: Zen Cart
CVE-2017-8832 (Allen Disk 1.6 has XSS in the id parameter to downfile.php. ...)
	NOT-FOR-US: Allen Disk
CVE-2017-8831 (The saa7164_bus_get function in drivers/media/pci/saa7164/saa7164-bus.c ...)
	{DLA-1200-1}
	- linux 4.12.6-1
	[stretch] - linux 4.9.47-1
	[jessie] - linux 3.16.51-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=195559
CVE-2017-8830 (In ImageMagick 7.0.5-6, the ReadBMPImage function in bmp.c:1379 allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862637)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/467
CVE-2017-8828
	RESERVED
CVE-2017-8827 (forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might ...)
	NOT-FOR-US: GenixCMS
CVE-2017-8826 (FastStone Image Viewer 6.2 has a &quot;User Mode Write AV&quot; issue, possibly ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2017-8825 (A null dereference vulnerability has been found in the MIME handling ...)
	- libetpan 1.6-3 (bug #862151)
	[jessie] - libetpan <no-dsa> (Minor issue)
	[wheezy] - libetpan <no-dsa> (Minor issue)
	NOTE: https://github.com/dinhviethoa/libetpan/commit/1fe8fbc032ccda1db9af66d93016b49c16c1f22d
	NOTE: https://github.com/dinhviethoa/libetpan/issues/274
CVE-2017-8824 (The dccp_disconnect function in net/dccp/proto.c in the Linux kernel ...)
	{DSA-4082-1 DSA-4073-1 DLA-1200-1}
	- linux 4.14.7-1
	NOTE: http://lists.openwall.net/netdev/2017/12/04/224
	NOTE: Fixed by: https://git.kernel.org/linus/69c64866ce072dea1d1e59a0d61e0f66c0dffb76
CVE-2017-8823 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24313
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8822 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/21534
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8821 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24246
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8820 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24245
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8819 (In Tor before 0.2.5.16, 0.2.6 through 0.2.8 before 0.2.8.17, 0.2.9 ...)
	{DSA-4054-1}
	- tor 0.3.1.9-1
	[wheezy] - tor <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://bugs.torproject.org/24244
	NOTE: https://blog.torproject.org/new-stable-tor-releases-security-fixes-0319-03013-02914-02817-02516
CVE-2017-8818 (curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to ...)
	- curl 7.57.0-1
	[stretch] - curl <not-affected> (Vulnerable code not present)
	[jessie] - curl <not-affected> (Vulnerable code not present)
	[wheezy] - curl <not-affected> (Vulnerable code not present)
	NOTE: https://curl.haxx.se/docs/adv_2017-af0a.html
	NOTE: https://curl.haxx.se/CVE-2017-8818.patch
CVE-2017-8817 (The FTP wildcard function in curl and libcurl before 7.57.0 allows ...)
	{DSA-4051-1 DLA-1195-1}
	- curl 7.57.0-1
	NOTE: https://curl.haxx.se/docs/adv_2017-ae72.html
	NOTE: https://curl.haxx.se/CVE-2017-8817.patch
CVE-2017-8816 (The NTLM authentication feature in curl and libcurl before 7.57.0 on ...)
	{DSA-4051-1}
	- curl 7.57.0-1
	[wheezy] - curl <not-affected> (Vulnerable code not present, introduced in 7.36.0)
	NOTE: https://curl.haxx.se/docs/adv_2017-11e7.html
	NOTE: https://curl.haxx.se/CVE-2017-8816.patch
CVE-2017-8815 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T119158
CVE-2017-8814 (The language converter in MediaWiki before 1.27.4, 1.28.x before ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T124404
CVE-2017-8813
	REJECTED
CVE-2017-8812 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T125163
CVE-2017-8811 (The implementation of raw message parameter expansion in MediaWiki ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T176247
CVE-2017-8810 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T134100
CVE-2017-8809 (api.php in MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T128209
CVE-2017-8808 (MediaWiki before 1.27.4, 1.28.x before 1.28.3, and 1.29.x before 1.29.2 ...)
	{DSA-4036-1}
	- mediawiki 1:1.27.4-1
	[wheezy] - mediawiki <end-of-life> (Not supported in wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000216.html
	NOTE: https://phabricator.wikimedia.org/T178451
CVE-2017-8807 (vbf_stp_error in bin/varnishd/cache/cache_fetch.c in Varnish HTTP Cache ...)
	{DSA-4034-1}
	- varnish 5.2.1-1 (bug #881808)
	[jessie] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0)
	[wheezy] - varnish <not-affected> (Vulnerable code not present, issue introduced in 4.1.0)
	NOTE: http://varnish-cache.org/security/VSV00002.html
	NOTE: https://github.com/varnishcache/varnish-cache/pull/2429
	NOTE: Fixed by: https://github.com/varnishcache/varnish-cache/commit/176f8a075a
CVE-2017-8806 (The Debian pg_ctlcluster, pg_createcluster, and pg_upgradecluster ...)
	{DSA-4029-1 DLA-1169-1}
	- postgresql-common 188
CVE-2017-8805 (Debian ftpsync before 20171017 does not use the rsync --safe-links ...)
	- archvsync 20171017
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/17/2
	NOTE: https://anonscm.debian.org/cgit/mirror/archvsync.git/commit/?id=d1ca2ab2210990b6dfb664cd6776a41b71c48016
CVE-2017-1000041
	REJECTED
CVE-2017-1000040
	REJECTED
CVE-2017-1000019
	REJECTED
CVE-2016-1000393
	REJECTED
CVE-2016-1000373
	REJECTED
CVE-2016-1000372
	REJECTED
CVE-2016-1000371
	REJECTED
CVE-2016-1000370
	REJECTED
CVE-2016-1000369
	REJECTED
CVE-2016-1000368
	REJECTED
CVE-2016-1000367
	REJECTED
CVE-2016-1000366
	REJECTED
CVE-2016-1000365
	REJECTED
CVE-2016-1000364
	REJECTED
CVE-2016-1000363
	REJECTED
CVE-2016-1000362
	REJECTED
CVE-2016-1000361
	REJECTED
CVE-2016-1000360
	REJECTED
CVE-2017-8829 (Deserialization vulnerability in lintian through 2.5.50.3 allows ...)
	- lintian 2.5.50.4 (bug #861958)
	[jessie] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
	[wheezy] - lintian <not-affected> (upstream/metadata check introduced in 2.5.41; vulnerable code not present)
CVE-2017-8804 (The xdr_bytes and xdr_string functions in the GNU C Library (aka glibc ...)
	- glibc <unfixed> (bug #862086)
	[stretch] - glibc <no-dsa> (Can be fixed in a point update)
	[jessie] - glibc <no-dsa> (Can be fixed in a point update)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Can be fixed later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/05/2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21461
	NOTE: https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1037559#c7
	NOTE: Proposed patch: https://sourceware.org/ml/libc-alpha/2017-05/msg00105.html
CVE-2017-8803 (Notepad++ 7.3.3 (32-bit) with Hex Editor Plugin v0.9.5 might allow ...)
	NOT-FOR-US: Notepad++
CVE-2017-8802 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
	NOT-FOR-US: Zimbra
CVE-2017-8801 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 (with Agent Module Build ...)
	NOT-FOR-US: Trend Micro
CVE-2017-8800
	RESERVED
CVE-2017-8799 (Untrusted input execution via igetwild in all iRODS versions before ...)
	NOT-FOR-US: iRODS
CVE-2017-8798 (Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through ...)
	{DLA-949-1}
	- miniupnpc 1.9.20140610-3 (bug #862273)
	[jessie] - miniupnpc <no-dsa> (Minor issue)
	NOTE: https://github.com/tintinweb/pub/blob/master/pocs/cve-2017-8798/Readme.md
	NOTE: Fixed by: https://github.com/miniupnp/miniupnp/commit/f0f1f4b22d6a98536377a1bb07e7c20e4703d229
CVE-2017-8797 (The NFSv4 server in the Linux kernel before 4.11.3 does not properly ...)
	- linux 4.9.30-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b550a32e60a4941994b437a8d662432a486235a5 (4.12-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/f961e3f2acae94b727380c0b74e2d3954d0edf79 (4.12-rc1)
CVE-2017-8796 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8795 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8794 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8793 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8792 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8791 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8790 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8789 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. A ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8788 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8787 (The PoDoFo::PdfXRefStreamParserObject::ReadXRefStreamEntry function in ...)
	- libpodofo 0.9.5-7 (bug #861738)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: Possible unspecified impact. Needs further analysis.
	NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1851
CVE-2017-8786 (pcre2test.c in PCRE2 10.23 allows remote attackers to cause a denial of ...)
	- pcre2 10.31-1 (unimportant; bug #861873)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2079
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libpcre-heap-based-buffer-overflow-write-in-pcre2test-c/
	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2test.c?r1=692&r2=697
CVE-2017-8785 (FastStone Image Viewer 6.2 has a &quot;Data from Faulting Address may be ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2017-8784
	REJECTED
CVE-2017-8783 (Synacor Zimbra Collaboration Suite (ZCS) before 8.7.10 has Persistent ...)
	NOT-FOR-US: Zimbra
CVE-2017-8782 (The readString function in util/read.c and util/old/read.c in libming ...)
	{DLA-980-1}
	- ming <removed>
	NOTE: https://github.com/libming/libming/issues/70
CVE-2017-8781 (XnView Classic for Windows Version 2.40 allows user-assisted remote ...)
	NOT-FOR-US: XnView
CVE-2017-8780 (GeniXCMS 1.0.2 has XSS triggered by a comment that is mishandled during ...)
	NOT-FOR-US: GenixCMS
CVE-2017-8778 (GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 ...)
	- gitlab <not-affected> (SVG rendering feature introduced later, cf. bug #861870)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
CVE-2017-8777
	RESERVED
CVE-2017-8779 (rpcbind through 0.2.4, LIBTIRPC through 1.0.1 and 1.0.2-rc through ...)
	{DSA-3845-1 DLA-937-1 DLA-936-1}
	- rpcbind 0.2.3-0.6 (bug #861835)
	- libtirpc 0.2.5-1.2 (bug #861834)
	- ntirpc 1.4.4-1 (bug #861836)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/04/1
	NOTE: https://github.com/guidovranken/rpcbomb/
CVE-2017-8776 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8775 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8774 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8773 (Quick Heal Internet Security 10.1.0.316, Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal Internet Security
CVE-2017-8772 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet ...)
	NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8771 (On BE126 WIFI repeater 1.0 devices, an attacker can log into telnet ...)
	NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8770 (There is LFD (local file disclosure) on BE126 WIFI repeater 1.0 ...)
	NOT-FOR-US: BE126 WIFI repeater
CVE-2017-8769 (** DISPUTED ** Facebook WhatsApp Messenger before 2.16.323 for Android ...)
	NOT-FOR-US: WhatsApp Messenger
CVE-2017-8768 (Atlassian SourceTree v2.5c and prior are affected by a command ...)
	NOT-FOR-US: Atlassian SourceTree
CVE-2017-8767
	REJECTED
CVE-2017-8766 (IrfanView version 4.44 (32bit) allows remote attackers to execute code ...)
	NOT-FOR-US: IrfanView
CVE-2017-8765 (The function named ReadICONImage in coders\icon.c in ImageMagick ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (low; bug #862653)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/466
CVE-2017-8764
	RESERVED
CVE-2017-8763 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: EPESI
CVE-2017-8762 (GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a ...)
	NOT-FOR-US: GenixCMS
CVE-2017-8761
	RESERVED
CVE-2017-8760 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8759 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8758 (Microsoft Exchange Server 2016 allows an elevation of privilege ...)
	NOT-FOR-US: Microsoft
CVE-2017-8757 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8756 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8755 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8754 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8753 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8752 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-8751 (Microsoft Edge in Microsoft Windows 1703 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8750 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8749 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8748 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8747 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8746 (Windows Device Guard in Windows 10 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8745 (An elevation of privilege vulnerability exists in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2017-8744 (A remote code execution vulnerability exists in Excel Services, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8743 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
	NOT-FOR-US: Microsoft
CVE-2017-8742 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
	NOT-FOR-US: Microsoft
CVE-2017-8741 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8740 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8739 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8738 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8737 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2017-8736 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8735 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8734 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8733 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8732
	RESERVED
CVE-2017-8731 (Microsoft Edge in Microsoft Windows 10 1607 and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8730
	RESERVED
CVE-2017-8729 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8728 (Microsoft Windows PDF Library in Microsoft Windows 8.1 and Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2017-8727 (Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8726 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8725 (A remote code execution vulnerability exists in Microsoft Publisher ...)
	NOT-FOR-US: Microsoft
CVE-2017-8724 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...)
	NOT-FOR-US: Microsoft
CVE-2017-8723 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8722
	RESERVED
CVE-2017-8721
	RESERVED
CVE-2017-8720 (The Microsoft Windows graphics component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8719 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8718 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8717 (The Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8716 (Windows Control Flow Guard in Microsoft Windows 10 Version 1703 allows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8715 (The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8714 (The Windows Hyper-V component on Microsoft Windows 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8713 (The Windows Hyper-V component on Microsoft Windows Windows 8.1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8712 (The Windows Hyper-V component on Microsoft Windows 10 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8711 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8710 (The Microsoft Common Console Document (.msc) in Microsoft Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8709 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8708 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8707 (The Windows Hyper-V component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8706 (The Windows Hyper-V component on Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8705
	RESERVED
CVE-2017-8704 (The Windows Hyper-V component on Microsoft Windows 10 1607 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8703 (The Microsoft Windows Subsystem for Linux on Microsoft Windows 10 1703 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8702 (Windows Error Reporting (WER) in Microsoft Windows 10 Gold, 1511, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8701
	RESERVED
CVE-2017-8700 (ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2017-8699 (Windows Shell in Microsoft Windows 7 SP1, Windows Server 2008 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8698
	RESERVED
CVE-2017-8697
	RESERVED
CVE-2017-8696 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2017-8695 (Windows Uniscribe in Microsoft Windows Server 2008 SP2 and R2 SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2017-8694 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8693 (The Microsoft Graphics Component on Microsoft Windows 10 Gold, 1511, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8692 (The Windows Uniscribe component on Microsoft Windows 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8691 (Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allow an ...)
	NOT-FOR-US: Microsoft Windows
CVE-2017-8690
	RESERVED
CVE-2017-8689 (The Microsoft Windows Kernel Mode Driver on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8688 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8687 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8686 (The Windows Server DHCP service in Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8685 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8684 (Windows GDI+ on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8683 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8682 (Windows graphics on Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8681 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8680 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8679 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8678 (The Windows kernel component on Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8677 (The Windows GDI+ component on Microsoft Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8676 (The Windows Graphics Device Interface (GDI) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8675 (The Windows Kernel-Mode Drivers component on Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8674 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8673 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8672 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8671 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8670 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8669 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8668 (The Volume Manager Extension Driver in Microsoft Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8667
	RESERVED
CVE-2017-8666 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8665 (The Xamarin.iOS update component on systems running macOS allows an ...)
	NOT-FOR-US: Xamarin.iOS
CVE-2017-8664 (Windows Hyper-V in Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8663 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8662 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8661 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8660 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8659 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8658 (A remote code execution vulnerability exists in the way that the ...)
	NOT-FOR-US: Microsoft
CVE-2017-8657 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8656 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8655 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8654 (Microsoft SharePoint Server 2010 Service Pack 2 allows a cross-site ...)
	NOT-FOR-US: Microsoft
CVE-2017-8653 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8652 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8651 (Internet Explorer in Microsoft Windows Server 2008 SP2 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8650 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8649 (Microsoft Edge in Microsoft Windows 10 1607, 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8648 (Microsoft Edge in Microsoft Windows Version 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8647 (Microsoft Edge in Windows 10 1703 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8646 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8645 (Microsoft Edge in Windows 10 1511, 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8644 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8643 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8642 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8641 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8640 (Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8639 (Microsoft Edge in Windows 10 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8638 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8637 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8636 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8635 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: MIcrosoft
CVE-2017-8634 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8633 (Windows Error Reporting (WER) in Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8632 (A remote code execution vulnerability exists in Microsoft Excel 2010 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8631 (A remote code execution vulnerability exists in Excel Services, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8630 (Microsoft Office 2016 allows a remote code execution vulnerability ...)
	NOT-FOR-US: Microsoft
CVE-2017-8629 (Microsoft SharePoint Server 2013 Service Pack 1 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2017-8628 (Microsoft Bluetooth Driver in Windows Server 2008 SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft Windows
	NOTE: https://www.armis.com/blueborne/
CVE-2017-8627 (Windows Subsystem for Linux in Windows 10 1703, allows a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2017-8626
	RESERVED
CVE-2017-8625 (Internet Explorer in Windows 10 Gold, 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8624 (CLFS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8623 (Windows Hyper-V in Windows 10 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8622 (Windows Subsystem for Linux in Windows 10 1703 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2017-8621 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2017-8620 (Windows Search in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8619 (Microsoft Edge on Windows 10 Gold, 1511, 1607, and 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8618 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8617 (Microsoft Edge in Windows 10 1703 Microsoft Edge allows a remote code ...)
	NOT-FOR-US: Microsoft
CVE-2017-8616
	RESERVED
CVE-2017-8615
	RESERVED
CVE-2017-8614
	RESERVED
CVE-2017-8613 (Azure AD Connect Password writeback, if misconfigured during ...)
	NOT-FOR-US: Azure AD Connect Password writeback
CVE-2017-8612
	RESERVED
CVE-2017-8611 (Microsoft Edge on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8610 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8609 (Microsoft Internet Explorer in Microsoft Windows 10 Gold, 1511, 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8608 (Microsoft browsers in Microsoft Windows Server 2008 and R2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8607 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8606 (Microsoft browsers in Microsoft Windows 7, Windows Server 2008 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8605 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8604 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8603 (Microsoft Edge in Microsoft Windows 10 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8602 (Microsoft browsers on Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8601 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8600
	RESERVED
CVE-2017-8599 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8598 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8597 (Microsoft Edge in Microsoft Windows 10 Version 1703 allows an attacker ...)
	NOT-FOR-US: Microsoft
CVE-2017-8596 (Microsoft Edge in Microsoft Windows 10 1607, and 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8595 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8594 (Internet Explorer on Microsoft Windows 8.1 and Windows RT 8.1, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8593 (Microsoft Win32k in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8592 (Microsoft browsers on when Microsoft Windows 7 SP1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8591 (Windows Input Method Editor (IME) in Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8590 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8589 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8588 (Microsoft WordPad in Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8587 (Windows Explorer in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8586
	RESERVED
CVE-2017-8585 (Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, and 4.7 allow an attacker ...)
	NOT-FOR-US: Microsoft
CVE-2017-8584 (Windows 10 1607 and Windows Server 2016 allow an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8583
	RESERVED
CVE-2017-8582 (HTTP.sys in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8581 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8580 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8579 (The DirectX component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8578 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8577 (Win32k in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8576 (The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8575 (The kernel in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Windows
CVE-2017-8574 (Graphics in Microsoft Windows 10 1607, 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8573 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8572 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8571 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8570 (Microsoft Office allows a remote code execution vulnerability due to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8569 (Microsoft SharePoint Server allows an elevation of privilege ...)
	NOT-FOR-US: Microsoft
CVE-2017-8568
	RESERVED
CVE-2017-8567 (A remote code execution vulnerability exists in Microsoft Excel for ...)
	NOT-FOR-US: Microsoft
CVE-2017-8566 (Microsoft Windows 1607, 1703, and Windows Server 2016 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-8565 (Windows PowerShell in Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8564 (Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8563 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8562 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8561 (Windows kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8560 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2017-8559 (Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2017-8558 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8557 (Windows System Information Console in Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8556 (Graphics in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8555 (Microsoft Edge in Microsoft Windows 10 1703 allows an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8554 (The kernel in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8553 (An information disclosure vulnerability exists in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8552 (A kernel-mode driver in Microsoft Windows XP SP3, Windows XP x64 XP2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8551 (An elevation of privilege vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-8550 (A remote code execution vulnerability exists in Skype for Business ...)
	NOT-FOR-US: Microsoft
CVE-2017-8549 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8548 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8547 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8546
	RESERVED
CVE-2017-8545 (A spoofing vulnerability exists in when Microsoft Outlook for Mac does ...)
	NOT-FOR-US: Microsoft
CVE-2017-8544 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8543 (Microsoft Windows XP SP3, Windows XP x64 XP2, Windows Server 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8542 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8541 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8540 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8539 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8538 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8537 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8536 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8535 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-8534 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8533 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8532 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8531 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8530 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8529 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8528 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8527 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8526
	RESERVED
CVE-2017-8525
	RESERVED
CVE-2017-8524 (Microsoft browsers in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8523 (Microsoft Edge in Microsoft Windows 10 Gold, 1511, 1607, and 1703, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8522 (Microsoft browsers in Microsoft Windows 8.1 and Windows RT 8.1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8521 (Microsoft Edge in Windows 10 1703 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8520 (Microsoft Edge in Windows 10 1703 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8519 (Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8518 (Microsoft Edge allows a remote code execution vulnerability due to the ...)
	NOT-FOR-US: Microsoft
CVE-2017-8517 (Microsoft browsers in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8516 (Microsoft SQL Server Analysis Services in Microsoft SQL Server 2012, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8515 (Microsoft Windows 10 1511, 1607, and 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8514 (An information disclosure vulnerability exists when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-8513 (A remote code execution vulnerability exists in Microsoft PowerPoint ...)
	NOT-FOR-US: Microsoft
CVE-2017-8512 (A remote code execution vulnerability exists in Microsoft Office when ...)
	NOT-FOR-US: Microsoft
CVE-2017-8511 (A remote code execution vulnerability exists in Microsoft Office when ...)
	NOT-FOR-US: Microsoft
CVE-2017-8510 (A remote code execution vulnerability exists in Microsoft Office when ...)
	NOT-FOR-US: Microsoft
CVE-2017-8509 (A remote code execution vulnerability exists in Microsoft Office when ...)
	NOT-FOR-US: Microsoft
CVE-2017-8508 (A security feature bypass vulnerability exists in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-8507 (A remote code execution vulnerability exists in the way Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-8506 (A remote code execution vulnerability exists in Microsoft Office when ...)
	NOT-FOR-US: Microsoft
CVE-2017-8505
	RESERVED
CVE-2017-8504 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8503 (Microsoft Edge in Microsoft Windows 10 1511, 1607, 1703, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8502 (Microsoft Office allows a remote code execution vulnerability due to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8501 (Microsoft Office allows a remote code execution vulnerability due to ...)
	NOT-FOR-US: Microsoft
CVE-2017-8500
	RESERVED
CVE-2017-8499 (Microsoft Edge in Windows 10 1703 allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2017-8498 (Microsoft Edge in Windows 10 1607 and 1703, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8497 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-8496 (Microsoft Edge in Windows 10 1607 and Windows Server 2016 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2017-8495 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8494 (Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-8493 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8492 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8491 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8490 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8489 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8488 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8487 (Windows OLE in Windows XP and Windows Server 2003 allows an attacker ...)
	NOT-FOR-US: Microsoft
CVE-2017-8486 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8485 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8484 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8483 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8482 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8481 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8480 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8479 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8478 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8477 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8476 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8475 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8474 (The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8473 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8472 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8471 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8470 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8469 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8468 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8467 (Graphics in Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8466 (Windows Cursor in Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8465 (Microsoft Windows 8.1 and Windows RT 8.1, Windows Server 2012 R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8464 (Windows Shell in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8463 (Windows Shell in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-8462 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-8461 (Windows RPC with Routing and Remote Access enabled in Windows XP and ...)
	NOT-FOR-US: Microsoft
CVE-2017-8460 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-8459 (** DISPUTED ** Brave 0.12.4 has a Status Bar Obfuscation issue in which ...)
	- brave-browser <itp> (bug #864795)
CVE-2017-8458 (Brave 0.12.4 has a URI Obfuscation issue in which a string such as ...)
	- brave-browser <itp> (bug #864795)
CVE-2017-8457
	RESERVED
CVE-2017-8456
	RESERVED
CVE-2017-8455 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-8454 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-8453 (Foxit Reader before 8.2.1 and PhantomPDF before 8.2.1 have an ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-10368 (Open redirect vulnerability in Opsview Monitor Pro (Prior to ...)
	NOT-FOR-US: Opsview Monitor Pro
CVE-2016-10367 (In Opsview Monitor Pro (Prior to 5.1.0.162300841, prior to 5.0.2.27475, ...)
	NOT-FOR-US: Opsview Monitor Pro
CVE-2015-9058 (Open redirect vulnerability in Proxmox Mail Gateway prior to hotfix ...)
	NOT-FOR-US: Proxmox Mail Gateway
CVE-2015-9057 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail ...)
	NOT-FOR-US: Proxmox Mail Gateway
CVE-2017-8452 (Kibana versions prior to 5.2.1 configured for SSL client access, file ...)
	- kibana <itp> (bug #700337)
CVE-2017-8451 (With X-Pack installed, Kibana versions before 5.3.1 have an open ...)
	NOT-FOR-US: Kibana addon
CVE-2017-8450 (X-Pack 5.1.1 did not properly apply document and field level security ...)
	NOT-FOR-US: Kibana addon
CVE-2017-8449 (X-Pack Security 5.2.x would allow access to more fields than the user ...)
	NOT-FOR-US: Kibana addon
CVE-2017-8448 (An error was found in the permission model used by X-Pack Alerting ...)
	- kibana <itp> (bug #700337)
CVE-2017-8447 (An error was found in the X-Pack Security 5.3.0 to 5.5.2 privilege ...)
	NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8446 (The Reporting feature in X-Pack in versions prior to 5.5.2 and ...)
	NOT-FOR-US: X-Pack plugin for Kibana
CVE-2017-8445 (An error was found in the X-Pack Security TLS trust manager for ...)
	NOT-FOR-US: X-PackSecurity TLS trust manager plugin for Elasticsearch
CVE-2017-8444 (The client-forwarder in Elastic Cloud Enterprise versions prior to ...)
	NOT-FOR-US: Elastic Cloud Enterprise
CVE-2017-8443 (In Kibana X-Pack security versions prior to 5.4.3 if a Kibana user ...)
	NOT-FOR-US: Kibana X-Pack Security
CVE-2017-8442 (Elasticsearch X-Pack Security versions 5.0.0 to 5.4.3, when enabled, ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8441 (Elastic X-Pack Security versions prior to 5.4.1 and 5.3.3 did not ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8440 (Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) ...)
	- kibana <itp> (bug #700337)
CVE-2017-8439 (Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug ...)
	- kibana <itp> (bug #700337)
CVE-2017-8438 (Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege ...)
	NOT-FOR-US: Elastic X-Pack Security
CVE-2017-8437
	RESERVED
CVE-2017-8436
	RESERVED
CVE-2017-8435
	RESERVED
CVE-2017-8434
	RESERVED
CVE-2017-8433
	RESERVED
CVE-2017-8432
	RESERVED
CVE-2017-8431
	RESERVED
CVE-2017-8430
	RESERVED
CVE-2017-8429
	RESERVED
CVE-2017-8428
	RESERVED
CVE-2017-8427
	RESERVED
CVE-2017-8426
	RESERVED
CVE-2017-8425
	RESERVED
CVE-2017-8424
	RESERVED
CVE-2017-8423
	RESERVED
CVE-2017-8422 (KDE kdelibs before 4.14.32 and KAuth before 5.34 allow local users to ...)
	{DSA-3849-1 DLA-952-1}
	- kauth 5.28.0-2
	- kde4libs 4:4.14.26-2
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/3
	NOTE: patch for kauth: https://cgit.kde.org/kauth.git/commit/?id=df875f725293af53399f5146362eb158b4f9216a
	NOTE: patch for kde4libs: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=264e97625abe2e0334f97de17f6ffb52582888ab
	NOTE: https://www.kde.org/info/security/advisory-20170510-1.txt
CVE-2017-8421 (The function coff_set_alignment_hook in coffcode.h in Binary File ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21440
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=39ff1b79f687b65f4144ddb379f22587003443fb
CVE-2017-8420 (SWFTools 2013-04-09-1007 on Windows has a &quot;Data from Faulting Address ...)
	- swftools <unfixed> (unimportant)
	NOTE: No actionable information, just a crash report against a four year old release
	NOTE: https://github.com/matthiaskramm/swftools/issues/41
CVE-2017-8419 (LAME through 3.99.5 relies on the signed integer data type for values ...)
	- lame 3.99.5+repack1-7
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	NOTE: https://sourceforge.net/p/lame/bugs/458/
	NOTE: Issue addressed in Debian via: https://sources.debian.org/patches/lame/3.99.5%2Brepack1-9/0001-Add-check-for-invalid-input-sample-rate.patch/
	NOTE: in the revised version as included in 3.99.5+repack1-7
CVE-2016-10366 (Kibana versions after and including 4.3 and before 4.6.2 are ...)
	- kibana <itp> (bug #700337)
CVE-2016-10365 (Kibana versions before 4.6.3 and 5.0.1 have an open redirect ...)
	- kibana <itp> (bug #700337)
CVE-2016-10364 (With X-Pack installed, Kibana versions 5.0.0 and 5.0.1 were not ...)
	NOT-FOR-US: Kibana addon
CVE-2016-10363 (Logstash versions prior to 2.3.3, when using the Netflow Codec plugin, ...)
	- logstash <itp> (bug #664841)
CVE-2016-10362 (Prior to Logstash version 5.0.1, Elasticsearch Output plugin when ...)
	- logstash <itp> (bug #664841)
CVE-2016-10361
	RESERVED
CVE-2016-10360
	RESERVED
CVE-2016-10359
	RESERVED
CVE-2016-10358
	RESERVED
CVE-2016-10357
	RESERVED
CVE-2016-10356
	RESERVED
CVE-2016-10355
	RESERVED
CVE-2016-10354
	RESERVED
CVE-2016-10353
	RESERVED
CVE-2016-10352
	RESERVED
CVE-2015-9056 (Kibana versions prior to 4.1.3 and 4.2.1 are vulnerable to a XSS ...)
	- kibana <itp> (bug #700337)
CVE-2017-8905 (Xen through 4.6.x on 64-bit platforms mishandles a failsafe callback, ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.0~rc3-1 (bug #861662)
	NOTE: https://xenbits.xen.org/xsa/advisory-215.html
CVE-2017-8904 (Xen through 4.8.x mishandles the &quot;contains segment descriptors&quot; ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.1-1+deb9u1 (bug #861660)
	NOTE: https://xenbits.xen.org/xsa/advisory-214.html
CVE-2017-8903 (Xen through 4.8.x on 64-bit platforms mishandles page tables after an ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.1-1+deb9u1 (bug #861659)
	NOTE: https://xenbits.xen.org/xsa/advisory-213.html
CVE-2017-8418 (RuboCop 0.48.1 and earlier does not use /tmp in safe way, allowing ...)
	- rubocop 0.49.1+dfsg-1 (bug #870852)
	NOTE: https://github.com/bbatsov/rubocop/issues/4336
	NOTE: https://github.com/bbatsov/rubocop/commit/dcb258fabd5f2624c1ea0e1634763094590c09d7
CVE-2017-8417
	RESERVED
CVE-2017-8416
	RESERVED
CVE-2017-8415
	RESERVED
CVE-2017-8414
	RESERVED
CVE-2017-8413
	RESERVED
CVE-2017-8412
	RESERVED
CVE-2017-8411
	RESERVED
CVE-2017-8410
	RESERVED
CVE-2017-8409
	RESERVED
CVE-2017-8408
	RESERVED
CVE-2017-8407
	RESERVED
CVE-2017-8406
	RESERVED
CVE-2017-8405
	RESERVED
CVE-2017-8404
	RESERVED
CVE-2017-8403 (360fly 4K cameras allow unauthenticated Wi-Fi password changes and ...)
	NOT-FOR-US: 360fly
CVE-2017-8402 (PivotX 2.3.11 allows remote authenticated users to execute arbitrary ...)
	NOT-FOR-US: PivotX
CVE-2017-8401 (In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the ...)
	{DLA-995-1}
	- swftools <unfixed> (unimportant; bug #861998)
	NOTE: https://github.com/matthiaskramm/swftools/issues/14
	NOTE: https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2
	NOTE: Crash in CLI tool not considered a security issue
CVE-2017-8400 (In SWFTools 0.9.2, an out-of-bounds write of heap data can occur in the ...)
	{DLA-995-1}
	- swftools 0.9.2+git20130725-4.1 (bug #861693)
	[jessie] - swftools <no-dsa> (Minor issue)
	NOTE: https://github.com/matthiaskramm/swftools/issues/13
	NOTE: https://github.com/matthiaskramm/swftools/commit/7139f3cf7c8bc576bea1dbd07c58ce1ad92b774a
CVE-2017-8399 (PCRE2 before 2017-03-10 has an out-of-bounds write caused by a ...)
	- pcre2 <not-affected> (Did only affect revision after r670 upstream; not in a released version)
	NOTE: Fixed by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=783
	NOTE: https://vcs.pcre.org/pcre2?view=revision&revision=674
CVE-2017-8398 (dwarf.c in GNU Binutils 2.28 is vulnerable to an invalid read of size 1 ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21438
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=d949ff5607b9f595e0eed2ff15fbe5eb84eb3a34
CVE-2017-8397 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21434
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=04b31182bf3f8a1a76e995bdfaaaab4c009b9cb2
CVE-2017-8396 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21432
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a941291cab71b9ac356e1c03968c177c03e602ab
CVE-2017-8395 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21431
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e63d123268f23a4cbc45ee55fb6dbc7d84729da3
CVE-2017-8394 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21414
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7eacd66b086cabb1daab20890d5481894d4f56b2
CVE-2017-8393 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.28-5
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21412
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bce964aa6c777d236fbd641f2bc7bb931cfe4bf3
CVE-2017-8392 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21409
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=97e83a100aa8250be783304bfe0429761c6e6b6b
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=3239a4231ff79bf8b67b8faaf414b1667486167c
CVE-2017-8391 (The OS Installation Management component in CA Client Automation r12.9, ...)
	NOT-FOR-US: OS Installation Management component in CA Client Automation
CVE-2017-8390 (The DNS Proxy in Palo Alto Networks PAN-OS before 6.1.18, 7.x before ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-8389
	RESERVED
CVE-2017-8388 (GeniXCMS 1.0.2 allows remote attackers to bypass the alertDanger ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-8387 (STDU Viewer version 1.6.375 might allow user-assisted attackers to ...)
	NOT-FOR-US: STDU Viewer
CVE-2017-8386 (git-shell in git before 2.4.12, 2.5.x before 2.5.6, 2.6.x before ...)
	{DSA-3848-1 DLA-938-1}
	- git 1:2.11.0-3
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01337.html
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1705.1/01346.html
	NOTE: https://insinuator.net/2017/05/git-shell-bypass-by-abusing-less-cve-2017-8386/
	NOTE: https://git.kernel.org/pub/scm/git/git.git/commit/?id=3ec804490a265f4c418a321428c12f3f18b7eff5
CVE-2017-8385 (Craft CMS before 2.6.2976 does not prevent modification of the URL in a ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8384 (Craft CMS before 2.6.2976 allows XSS attacks because an array returned ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8383 (Craft CMS before 2.6.2976 does not properly restrict viewing the ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8382 (admidio 3.2.8 has CSRF in ...)
	NOT-FOR-US: admidio
CVE-2017-8381 (XnView Classic for Windows Version 2.40 allows user-assisted remote ...)
	NOT-FOR-US: XnView Classic for Windows
CVE-2017-8380 (Buffer overflow in the &quot;megasas_mmio_write&quot; function in Qemu 2.9.0 ...)
	- qemu 1:2.8+dfsg-5 (bug #862282)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04147.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e23d04984a78490d8aaa5c45724a3a334933331f (v2.2.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=24dfa9fa2f90a95ac33c7372de4f4f2c8a2c141f
CVE-2017-8379 (Memory leak in the keyboard input event handlers support in QEMU (aka ...)
	- qemu 1:2.8+dfsg-5 (bug #862289)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=fa18f36a461984eae50ab957e47ec78dae3c14fc
CVE-2017-8378 (Heap-based buffer overflow in the PdfParser::ReadObjects function in ...)
	- libpodofo 0.9.5-9 (bug #861597)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: PoC: https://github.com/xiangxiaobo/poc_and_report/tree/master/podofo_heapoverflow_PdfParser.ReadObjects
	NOTE: Upstream commit: https://sourceforge.net/p/podofo/code/1833/
CVE-2017-8377 (GeniXCMS 1.0.2 has SQL Injection in ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-8376 (GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is ...)
	NOT-FOR-US: GeniXCMS
CVE-2017-8375
	RESERVED
CVE-2017-8374 (The mad_bit_skip function in bit.c in Underbit MAD libmad 0.15.1b ...)
	{DSA-4192-1 DLA-1380-1}
	- libmad 0.15.1b-9
	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_bit_skip-bit-c/
	NOTE: The patch from #508133 fixed things related to this, but did not fix this.
	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/length-check.patch
CVE-2017-8373 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b ...)
	{DSA-4192-1 DLA-1380-1}
	- libmad 0.15.1b-9 (bug #287519)
	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-heap-based-buffer-overflow-in-mad_layer_iii-layer3-c/
	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
	NOTE: "Duplicate with"/basically same as CVE-2017-8372
	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8372 (The mad_layer_III function in layer3.c in Underbit MAD libmad 0.15.1b, ...)
	{DSA-4192-1 DLA-1380-1}
	- libmad 0.15.1b-9 (bug #287519)
	NOTE: https://blogs.gentoo.org/ago/2017/04/30/libmad-assertion-failure-in-layer3-c/
	NOTE: The patch from #508133 applied in 0.15.1b-4 only partially fixed it
	NOTE: "Duplicate" with/basically same as CVE-2017-8373
	NOTE: Patch in 0.15.1b-9: libmad-0.15.1b/debian/patches/md_size.diff
CVE-2017-8371 (Schneider Electric StruxureWare Data Center Expert before 7.4.0 uses ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-8370 (IrfanView version 4.44 (32bit) with FPX Plugin 4.45 allows remote ...)
	NOT-FOR-US: IrfanView
CVE-2017-8369 (IrfanView version 4.44 (32bit) has a &quot;Data from Faulting Address ...)
	NOT-FOR-US: IrfanView
CVE-2017-8368 (Sublime Text 3 Build 3126 allows user-assisted attackers to cause a ...)
	- sublime-text <itp> (bug #682158)
CVE-2017-8367 (Buffer overflow in Ether Software Easy MOV Converter 1.4.24, Easy DVD ...)
	NOT-FOR-US: Ether Software
CVE-2017-8366 (The strescape function in ec_strings.c in Ettercap 0.8.2 allows remote ...)
	{DSA-3874-1}
	- ettercap 1:0.8.2-5 (bug #861604)
	NOTE: https://github.com/Ettercap/ettercap/issues/792
	NOTE: Fixed by: https://github.com/Ettercap/ettercap/commit/1083d604930ebb9f350126b83802ecd2cbc17f90
CVE-2017-8365 (The i2les_array function in pcm.c in libsndfile 1.0.28 allows remote ...)
	{DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862202)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-i2les_array-pcm-c/
	NOTE: https://github.com/erikd/libsndfile/issues/230
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8364 (The read_buf function in stream.c in rzip 2.1 allows remote attackers ...)
	{DLA-955-1}
	- rzip 2.1-4.1 (bug #861614)
	[jessie] - rzip <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/rzip-heap-based-buffer-overflow-in-read_buf-stream-c/
	NOTE: Patch in http://download.opensuse.org/repositories/openSUSE:/Leap:/42.2:/Update/standard/src/rzip-2.1-151.3.1.src.rpm
CVE-2017-8363 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
	{DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862203)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-heap-based-buffer-overflow-in-flac_buffer_copy-flac-c/
	NOTE: https://github.com/erikd/libsndfile/issues/233
	NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
	NOTE: https://github.com/erikd/libsndfile/commit/cd7da8dbf6ee4310d21d9e44b385d6797160d9e8
CVE-2017-8362 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
	{DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862204)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-invalid-memory-read-in-flac_buffer_copy-flac-c/
	NOTE: https://github.com/erikd/libsndfile/issues/231
	NOTE: https://github.com/erikd/libsndfile/commit/ef1dbb2df1c0e741486646de40bd638a9c4cd808
CVE-2017-8361 (The flac_buffer_copy function in flac.c in libsndfile 1.0.28 allows ...)
	{DLA-956-1}
	- libsndfile 1.0.27-3 (bug #862205)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/29/libsndfile-global-buffer-overflow-in-flac_buffer_copy-flac-c/
	NOTE: https://github.com/erikd/libsndfile/issues/232
	NOTE: https://github.com/erikd/libsndfile/commit/fd0484aba8e51d16af1e3a880f9b8b857b385eb3
CVE-2017-8360 (Conexant Systems mictray64 task, as used on HP Elite, EliteBook, ...)
	NOT-FOR-US: Conexant Systems mictray64 task
CVE-2017-8359 (Google gRPC before 2017-03-29 has an out-of-bounds write caused by a ...)
	- grpc 1.3.2-0.1
	NOTE: https://github.com/grpc/grpc/pull/10353
	NOTE: Fixed by: https://github.com/grpc/grpc/commit/6544a2d5d9ecdb64214da1d228886a7d15bbf5c7
CVE-2017-8358 (LibreOffice before 2017-03-17 has an out-of-bounds write caused by a ...)
	- libreoffice <not-affected> (Vulnerable code introduced on 2017-03-15; never in released version)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/6e6e54f944a5ebb49e9110bdeff844d00a96c56c
	NOTE: Introduced by: https://github.com/LibreOffice/core/commit/ceb53ad9f34ae05d09f61845d581546eac0c6d60
CVE-2017-8357 (In ImageMagick 7.0.5-5, the ReadEPTImage function in ept.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862636)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/453
CVE-2017-8356 (In ImageMagick 7.0.5-5, the ReadSUNImage function in sun.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862635)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/449
CVE-2017-8355 (In ImageMagick 7.0.5-5, the ReadMTVImage function in mtv.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862634)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/450
CVE-2017-8354 (In ImageMagick 7.0.5-5, the ReadBMPImage function in bmp.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862633)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/451
CVE-2017-8353 (In ImageMagick 7.0.5-5, the ReadPICTImage function in pict.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862632)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/454
CVE-2017-8352 (In ImageMagick 7.0.5-5, the ReadXWDImage function in xwd.c allows ...)
	{DSA-3863-1 DLA-1081-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862590)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/452
CVE-2017-8351 (In ImageMagick 7.0.5-5, the ReadPCDImage function in pcd.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862589)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/448
CVE-2017-8350 (In ImageMagick 7.0.5-5, the ReadJNGImage function in png.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862587)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/447
CVE-2017-8349 (In ImageMagick 7.0.5-5, the ReadSFWImage function in sfw.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862579)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/443
CVE-2017-8348 (In ImageMagick 7.0.5-5, the ReadMATImage function in mat.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862578)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/445
CVE-2017-8347 (In ImageMagick 7.0.5-5, the ReadEXRImage function in exr.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862577)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/441
CVE-2017-8346 (In ImageMagick 7.0.5-5, the ReadDCMImage function in dcm.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862575)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/440
CVE-2017-8345 (In ImageMagick 7.0.5-5, the ReadMNGImage function in png.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862573)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/442
CVE-2017-8344 (In ImageMagick 7.0.5-5, the ReadPCXImage function in pcx.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862574)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/446
CVE-2017-8343 (In ImageMagick 7.0.5-5, the ReadAAIImage function in aai.c allows ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-7 (bug #862572)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/444
CVE-2017-8341
	RESERVED
CVE-2017-8340
	RESERVED
CVE-2017-8339 (PSKMAD.sys in Panda Free Antivirus 18.0 allows local users to cause a ...)
	NOT-FOR-US: Panda Free Antivirus
CVE-2017-8338 (A vulnerability in MikroTik Version 6.38.5 could allow an ...)
	NOT-FOR-US: MikroTik
CVE-2017-8337
	RESERVED
CVE-2017-8336
	RESERVED
CVE-2017-8335
	RESERVED
CVE-2017-8334
	RESERVED
CVE-2017-8333
	RESERVED
CVE-2017-8332
	RESERVED
CVE-2017-8331
	RESERVED
CVE-2017-8330
	RESERVED
CVE-2017-8329
	RESERVED
CVE-2017-8328
	RESERVED
CVE-2016-10351 (Telegram Desktop 0.10.19 uses 0755 permissions for ...)
	- telegram-desktop 1.1.19-2
	NOTE: https://github.com/telegramdesktop/tdesktop/issues/2666
CVE-2016-10350 (The archive_read_format_cab_read_header function in ...)
	{DLA-1006-1}
	- libarchive 3.2.2-3.1 (bug #861609)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/835
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2016-10349 (The archive_le32dec function in archive_endian.h in libarchive 3.2.2 ...)
	{DLA-1006-1}
	- libarchive 3.2.2-3.1 (bug #861609)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/834
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/88eb9e1d73fef46f04677c25b1697b8e25777ed3 (v3.3.0)
CVE-2017-8342 (Radicale before 1.1.2 and 2.x before 2.0.0rc2 is prone to timing ...)
	{DLA-934-1}
	- radicale 1.1.1+20160115-4 (bug #861514)
	[jessie] - radicale <no-dsa> (Minor issue)
	NOTE: https://github.com/Kozea/Radicale/commit/190b1dd795f0c552a4992445a231da760211183b (1.1.x)
	NOTE: https://github.com/Kozea/Radicale/commit/059ba8dec1f22ccbeab837e288b3833a099cee2d (master)
CVE-2017-8327 (The bmpr_read_uncompressed function in imagew-bmp.c in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-8326 (libimageworsener.a in ImageWorsener before 1.3.1 has &quot;left shift cannot ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-8325 (The iw_process_cols_to_intermediate function in imagew-main.c in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-8324
	RESERVED
CVE-2017-8323
	RESERVED
CVE-2017-8322
	RESERVED
CVE-2017-8321
	RESERVED
CVE-2017-8320
	RESERVED
CVE-2017-8319
	RESERVED
CVE-2017-8318
	RESERVED
CVE-2017-8317
	RESERVED
CVE-2017-8316
	RESERVED
CVE-2017-8315 (Eclipse XML parser for the Eclipse IDE versions 2017.2.5 and earlier ...)
	- eclipse <undetermined>
	NOTE: Upstream bug with details is restricted
CVE-2017-8314 (Directory Traversal in Zip Extraction built-in function in Kodi 17.1 ...)
	{DLA-1243-1}
	- kodi 2:17.1+dfsg1-3 (bug #863230)
	- xbmc <removed>
	[jessie] - xbmc <no-dsa> (Minor issue)
	NOTE: http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
	NOTE: https://kodi.tv/article/kodi-v172-minor-bug-fix-and-security-release
	NOTE: Fixed by https://github.com/xbmc/xbmc/commit/35cfe35608b15335ef21d798947fceab3f47c8d7
CVE-2017-8313 (Heap out-of-bound read in ParseJSS in VideoLAN VLC before 2.2.5 due to ...)
	{DSA-3899-1}
	- vlc 2.2.5-1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=05b653355ce303ada3b5e0e645ae717fea39186c
CVE-2017-8312 (Heap out-of-bound read in ParseJSS in VideoLAN VLC due to missing ...)
	{DSA-3899-1}
	- vlc 2.2.6-1~deb9u1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=611398fc8d32f3fe4331f60b220c52ba3557beaa
CVE-2017-8311 (Potential heap based buffer overflow in ParseJSS in VideoLAN VLC ...)
	{DSA-3899-1}
	- vlc 2.2.5-1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=775de716add17322f24b476439f903a829446eb6
CVE-2017-8310 (Heap out-of-bound read in CreateHtmlSubtitle in VideoLAN VLC 2.2.x due ...)
	{DSA-3899-1}
	- vlc 2.2.5.1-1~deb9u1
	[wheezy] - vlc <end-of-life> (Not supported in wheezy LTS)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.2.git;a=commit;h=7cac839692ab79dbfe5e4ebd4c4e37d9a8b1b328
CVE-2017-8309 (Memory leak in the audio/audio.c in QEMU (aka Quick Emulator) allows ...)
	{DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-5 (bug #862280)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=3268a845f41253fb55852a8429c32b50f36f349a
CVE-2017-8308 (In Avast Antivirus before v17, an unprivileged user (and thus malware ...)
	NOT-FOR-US: Avast Antivirus
CVE-2017-8307 (In Avast Antivirus before v17, using the LPC interface API exposed by ...)
	NOT-FOR-US: Avast Antivirus
CVE-2017-8306
	RESERVED
CVE-2017-8304 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8303 (An issue was discovered on Accellion FTA devices before FTA_9_12_180. ...)
	NOT-FOR-US: Accellion FTA devices
CVE-2017-8302 (Mura CMS 7.0.6967 allows admin/?muraAction= XSS attacks, related to ...)
	NOT-FOR-US: Mura CMS
CVE-2017-8300
	RESERVED
CVE-2017-8299
	RESERVED
CVE-2017-8298 (cnvs.io Canvas 3.3.0 has XSS in the title and content fields of a ...)
	NOT-FOR-US: cnvs.io Canvas
CVE-2017-8297 (A path traversal vulnerability exists in simple-file-manager before ...)
	NOT-FOR-US: simple-file-manager
CVE-2017-8296 (kedpm 0.5 and 1.0 creates a history file in ~/.kedpm/history that is ...)
	{DLA-925-1}
	- kedpm <removed> (bug #860817)
	[jessie] - kedpm 1.0+deb8u1
	NOTE: patch in BTS gives workaround to always prompt for password and do not save
	NOTE: to database.
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/9
CVE-2017-8295 (WordPress through 4.7.4 relies on the Host HTTP header for a ...)
	{DSA-3870-1 DLA-975-1}
	- wordpress 4.7.5+dfsg-2 (bug #862053)
	NOTE: https://exploitbox.io/vuln/WordPress-Exploit-4-7-Unauth-Password-Reset-0day-CVE-2017-8295.html
	NOTE: http://blog.dewhurstsecurity.com/2017/05/04/exploitbox-wordpress-security-advisories.html
	NOTE: https://core.trac.wordpress.org/ticket/25239
CVE-2017-8294 (libyara/re.c in the regex component in YARA 3.5.0 allows remote ...)
	- yara 3.6.0+dfsg-1 (bug #861590)
	[stretch] - yara <ignored> (Minor issue, too intrusive to backport)
	[jessie] - yara <ignored> (Minor issue, too intrusive to backport)
	NOTE: https://github.com/VirusTotal/yara/issues/646
	NOTE: https://github.com/VirusTotal/yara/commit/83d799804648c2a0895d40a19835d9b757c6fa4e
CVE-2017-8293
	RESERVED
CVE-2017-8292
	RESERVED
CVE-2017-8290 (A potential Buffer Overflow Vulnerability (from a BB Code handling ...)
	- teamspeak-server <removed>
	[wheezy] - teamspeak-server <end-of-life> (non-free is not supported)
CVE-2017-8289 (Stack-based buffer overflow in the ipv6_addr_from_str function in ...)
	NOT-FOR-US: RIOS OS
CVE-2017-8288 (gnome-shell 3.22 through 3.24.1 mishandles extensions that fail to ...)
	- gnome-shell 3.22.3-3
	[jessie] - gnome-shell <no-dsa> (Minor issue)
	[wheezy] - gnome-shell <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=781728
	NOTE: https://github.com/GNOME/gnome-shell/commit/ff425d1db7082e2755d2a405af53861552acf2a1
CVE-2017-8305 (The UDFclient (before 0.8.8) custom strlcpy implementation has a buffer ...)
	- udfclient 0.8.8-1 (bug #861347)
CVE-2017-8301 (LibreSSL 2.5.1 to 2.5.3 lacks TLS certificate verification if ...)
	- libressl <itp> (bug #754513)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/27/11
CVE-2017-8291 (Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and ...)
	{DSA-3838-1 DLA-932-1}
	- ghostscript 9.20~dfsg-3.1 (bug #861295)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697808 (duplicate of 697799)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697799 (made private)
	NOTE: Full report viewable at: https://bugzilla.suse.com/show_bug.cgi?id=1036453
	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=04b37bbce174eed24edec7ad5b920eb93db4d47d
	NOTE: Fixed by: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4f83478c88c2e05d6e8d79ca4557eb039354d2f3
CVE-2017-8287 (FreeType 2 before 2017-03-26 has an out-of-bounds write caused by a ...)
	{DSA-3839-1 DLA-931-1}
	- freetype 2.6.3-3.2 (bug #861308)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3774fc08b502c3e685afca098b6e8a195aded6a0
CVE-2017-8286
	RESERVED
CVE-2017-8285
	RESERVED
CVE-2017-8284 (** DISPUTED ** The disas_insn function in target/i386/translate.c in ...)
	- qemu <unfixed> (unimportant)
	- qemu-kvm <removed> (unimportant)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=30663fd26c0307e414622c7a8607fbc04f92ec14
	NOTE: qemu issue without security implication per upstream
CVE-2017-8282 (XnView Classic for Windows Version 2.40 allows user-assisted remote ...)
	NOT-FOR-US: XnView Classic for Windows
CVE-2017-8281 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8280 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8279 (In android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-8278 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8277 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8276
	RESERVED
CVE-2017-8275 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-8274 (In Android before security patch level 2018-04-05 on Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-8273 (In all Qualcomm products with Android release from CAF using the Linux ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8272 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8271 (Out of bound memory write can happen in the MDSS Rotator driver in all ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8270 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8269 (Userspace-controlled non null terminated parameter for IPA WAN ioctl ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8268 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8267 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8266 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8265 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8264 (A userspace process can cause a Denial of Service in the camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8263 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8262 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8261 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8260 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8259 (In the service locator in all Qualcomm products with Android releases ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8258 (An array out-of-bounds access in all Qualcomm products with Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8257 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8256 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8255 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8254 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8253 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8252
	RESERVED
CVE-2017-8251 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8250 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8249
	RESERVED
CVE-2017-8248 (A buffer overflow may occur in the processing of a downlink NAS ...)
	NOT-FOR-US: Qualcomm Telephony
CVE-2017-8247 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8246 (In function msm_pcm_playback_close() in all Android releases from CAF ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8245 (In all Android releases from CAF using the Linux kernel, while ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8244 (In core_info_read and inst_info_read in all Android releases from CAF ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8243 (A buffer overflow can occur in all Qualcomm products with Android for ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-8242 (In all Android releases from CAF using the Linux kernel, a race ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-8241 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Android driver
CVE-2017-8240 (In all Android releases from CAF using the Linux kernel, a kernel ...)
	- linux 4.0.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-8239 (In all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Android driver
CVE-2017-8238 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Android driver
CVE-2017-8237 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Android driver
CVE-2017-8236 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Android driver
CVE-2017-8235 (In all Android releases from CAF using the Linux kernel, a memory ...)
	NOT-FOR-US: Android driver
CVE-2017-8234 (In all Android releases from CAF using the Linux kernel, an out of ...)
	NOT-FOR-US: Android driver
CVE-2017-8233 (In a camera driver function in all Android releases from CAF using the ...)
	NOT-FOR-US: Android driver
CVE-2017-8232
	RESERVED
CVE-2017-8231
	RESERVED
CVE-2017-8230
	RESERVED
CVE-2017-8229
	RESERVED
CVE-2017-8228
	RESERVED
CVE-2017-8227
	RESERVED
CVE-2017-8226
	RESERVED
CVE-2017-8283 (dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU ...)
	- dpkg 1.18.24 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/20/2
CVE-2017-8225 (On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8224 (Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8223 (On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8222 (Wireless IP Camera (P2P) WIFICAM devices have an &quot;Apple Production IOS ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8221 (Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel ...)
	NOT-FOR-US: Wireless IP Camera (P2P) WIFICAM devices
CVE-2017-8220 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build ...)
	NOT-FOR-US: TP-Link
CVE-2017-8219 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build ...)
	NOT-FOR-US: TP-Link
CVE-2017-8218 (vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 ...)
	NOT-FOR-US: TP-Link
CVE-2017-8217 (TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build ...)
	NOT-FOR-US: TP-Link
CVE-2017-8216 (Warsaw Huawei Smart phones with software of versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8215 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 ...)
	NOT-FOR-US: Huawei
CVE-2017-8214 (Honor 8,Honor V8,Honor 9,Honor V9,Nova 2,Nova 2 Plus,P9,P10 ...)
	NOT-FOR-US: Huawei
CVE-2017-8213 (Huawei SMC2.0 with software of V100R003C10, V100R005C00SPC100, ...)
	NOT-FOR-US: Huawei
CVE-2017-8212 (The driver of honor 5C,honor 6x Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8211 (The driver of honor 5C,honor 6x Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8210 (The driver of honor 5C,honor 6x Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8209 (The driver of honor 5C,honor 6x Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8208 (The driver of honor 5C,honor 6x Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8207 (The driver of honor 5C, honor 6x Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8206 (HONOR 7 Lite mobile phones with software of versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8205 (The Bastet driver of Honor 9 Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8204 (The Bastet driver of Honor 9 Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8203 (The Bastet Driver of Nova 2 Plus,Nova 2 Huawei smart phones with ...)
	NOT-FOR-US: Huawei
CVE-2017-8202 (The CameraISP driver of some Huawei smart phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8201 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...)
	NOT-FOR-US: Huawei
CVE-2017-8200 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...)
	NOT-FOR-US: Huawei
CVE-2017-8199 (MAX PRESENCE V100R001C00, TP3106 V100R002C00, TP3206 V100R002C00 have ...)
	NOT-FOR-US: Huawei
CVE-2017-8198 (FusionSphere V100R006C00SPC102(NFV) has an SQL injection ...)
	NOT-FOR-US: Huawei
CVE-2017-8197 (FusionSphere V100R006C00SPC102(NFV) has a command injection ...)
	NOT-FOR-US: Huawei
CVE-2017-8196 (FusionSphere V100R006C00SPC102(NFV) has an incorrect authorization ...)
	NOT-FOR-US: Huawei
CVE-2017-8195 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper ...)
	NOT-FOR-US: Huawei
CVE-2017-8194 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has an improper ...)
	NOT-FOR-US: Huawei
CVE-2017-8193 (The FusionSphere OpenStack V100R006C00SPC102(NFV) has a command ...)
	NOT-FOR-US: Huawei
CVE-2017-8192 (FusionSphere OpenStack V100R006C00 has an improper authorization ...)
	NOT-FOR-US: Huawei
CVE-2017-8191 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a week cryptographic ...)
	NOT-FOR-US: Huawei
CVE-2017-8190 (FusionSphere OpenStack V100R006C00SPC102(NFV)has an improper ...)
	NOT-FOR-US: Huawei
CVE-2017-8189 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a path traversal ...)
	NOT-FOR-US: Huawei
CVE-2017-8188 (FusionSphere OpenStack V100R006C00SPC102(NFV)has a command injection ...)
	NOT-FOR-US: Huawei
CVE-2017-8187 (Huawei FusionSphere OpenStack V100R006C00SPC102(NFV) has a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-8186 (The Bastet of some Huawei mobile phones with software of earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8185 (ME906s-158 earlier than ME906S_Installer_13.1805.10.3 versions has a ...)
	NOT-FOR-US: Huawei
CVE-2017-8184 (MTK platform in Huawei smart phones with software of earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8183 (MTK platform in Huawei smart phones with software of earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8182 (MTK platform in Huawei smart phones with software of earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8181 (The camera driver of MTK platform in Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8180 (The camera driver of MTK platform in Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8179 (The camera driver of MTK platform in Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8178 (Huawei Email APP Vicky-AL00 smartphones with software of earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8177 (Huawei APP HiWallet earlier than 5.0.3.100 versions do not support ...)
	NOT-FOR-US: Huawei
CVE-2017-8176 (Huawei IPTV STB with earlier than IPTV STB V100R003C01LMYTa6SPC001 ...)
	NOT-FOR-US: Huawei
CVE-2017-8175 (The Bastet of some Huawei mobile phones with software earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8174 (Huawei USG6300 V100R001C30SPC300 and USG6600 with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8173 (Maya-L02,VKY-L09,VTR-L29,Vicky-AL00A,Victoria-AL00A,Warsaw-AL00 smart ...)
	NOT-FOR-US: Huawei
CVE-2017-8172 (Isub service in P10 Plus and P10 smart phones with earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8171 (Huawei smart phones with software earlier than Vicky-AL00AC00B172D ...)
	NOT-FOR-US: Huawei
CVE-2017-8170 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8169 (Huawei smart phones with software earlier than VIE-L09C40B360 versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8168 (FusionSphere OpenStack with software V100R006C00SPC102(NFV) and ...)
	NOT-FOR-US: Huawei
CVE-2017-8167 (Huawei firewall products USG9500 V500R001C50 has a DoS vulnerability.A ...)
	NOT-FOR-US: Huawei
CVE-2017-8166 (Huawei mobile phones Honor V9 with the software versions before ...)
	NOT-FOR-US: Huawei
CVE-2017-8165 (Mate 9 Huawei smart phones with versions earlier than MHA-AL00BC00B233 ...)
	NOT-FOR-US: Huawei
CVE-2017-8164 (Some Huawei smart phones with software EVA-L09C34B142; EVA-L09C40B196; ...)
	NOT-FOR-US: Huawei
CVE-2017-8163 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-8162 (AR120-S with software V200R006C10, V200R007C00, V200R008C20, ...)
	NOT-FOR-US: Huawei
CVE-2017-8161 (EVA-L09 smartphones with software Earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-8160 (The Madapt Driver of some Huawei smart phones with software Earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-8159 (Some Huawei smartphones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8158 (FusionCompute V100R005C00 and V100R005C10 have an improper ...)
	NOT-FOR-US: Huawei
CVE-2017-8157 (OceanStor 5800 V3 with software V300R002C00 and V300R002C10, OceanStor ...)
	NOT-FOR-US: Huawei
CVE-2017-8156 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...)
	NOT-FOR-US: Huawei
CVE-2017-8155 (The outdoor unit of Customer Premise Equipment (CPE) product B2338-168 ...)
	NOT-FOR-US: Huawei
CVE-2017-8154 (The Themes App Honor 8 Lite Huawei mobile phones with software of ...)
	NOT-FOR-US: Huawei
CVE-2017-8153 (Huawei VMall (for Android) with the versions before 1.5.8.5 have a ...)
	NOT-FOR-US: Huawei
CVE-2017-8152 (Huawei Honor 5S smart phones with software the versions before ...)
	NOT-FOR-US: Huawei
CVE-2017-8151 (Huawei Honor 5S smart phones with software the versions before ...)
	NOT-FOR-US: Huawei
CVE-2017-8150 (The boot loaders of P10 and P10 Plus Huawei mobile phones with ...)
	NOT-FOR-US: Huawei
CVE-2017-8149 (The boot loaders of P10 and P10 Plus Huawei mobile phones with ...)
	NOT-FOR-US: Huawei
CVE-2017-8148 (Audio driver in P9 smartphones with software The versions before ...)
	NOT-FOR-US: Huawei
CVE-2017-8147 (AC6005 V200R006C10SPC200,AC6605 V200R006C10SPC200,AR1200 with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8146 (The call module of P10 and P10 Plus smartphones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8145 (The call module of P10 and P10 Plus smartphones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8144 (Honor 5A,Honor 8 Lite,Mate9,Mate9 Pro,P10,P10 Plus Huawei smartphones ...)
	NOT-FOR-US: Huawei
CVE-2017-8143 (Wi-Fi driver of Honor 5C and P9 Lite Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8142 (The Trusted Execution Environment (TEE) module driver of Mate 9 and ...)
	NOT-FOR-US: Huawei
CVE-2017-8141 (The Touch Panel (TP) driver in P10 Plus smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-8140 (The soundtrigger driver in P9 Plus smart phones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2017-8139 (HedEx Earlier than V200R006C00 versions have the stored cross-site ...)
	NOT-FOR-US: Huawei
CVE-2017-8138 (HedEx Earlier than V200R006C00 versions has a cross-site request ...)
	NOT-FOR-US: Huawei
CVE-2017-8137 (HedEx Earlier than V200R006C00 versions has a dynamic link library ...)
	NOT-FOR-US: Huawei
CVE-2017-8136 (HedEx Earlier than V200R006C00 versions has an arbitrary file download ...)
	NOT-FOR-US: Huawei
CVE-2017-8135 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 ...)
	NOT-FOR-US: Huawei
CVE-2017-8134 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 ...)
	NOT-FOR-US: Huawei
CVE-2017-8133 (Huawei iManager NetEco with software V600R008C00 and V600R008C10 has a ...)
	NOT-FOR-US: Huawei
CVE-2017-8132 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 ...)
	NOT-FOR-US: Huawei
CVE-2017-8131 (The FusionSphere OpenStack with software V100R006C00 and V100R006C10 ...)
	NOT-FOR-US: Huawei
CVE-2017-8130 (The UMA product with software V200R001 and V300R001 has an information ...)
	NOT-FOR-US: Huawei
CVE-2017-8129 (The UMA product with software V200R001 and V300R001 has a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-8128 (The UMA product with software V200R001 and V300R001 has a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-8127 (The UMA product with software V200R001 has a cross-site scripting ...)
	NOT-FOR-US: Huawei
CVE-2017-8126 (The UMA product with software V200R001 has a privilege elevation ...)
	NOT-FOR-US: Huawei
CVE-2017-8125 (The UMA product with software V200R001 and V300R001 has a cross-site ...)
	NOT-FOR-US: Huawei
CVE-2017-8124 (The UMA product with software V200R001 has a privilege elevation ...)
	NOT-FOR-US: Huawei
CVE-2017-8123 (The UMA product with software V200R001 has a privilege elevation ...)
	NOT-FOR-US: Huawei
CVE-2017-8122 (The UMA product with software V200R001 has a privilege elevation ...)
	NOT-FOR-US: Huawei
CVE-2017-8121 (The UMA product with software V200R001 and V300R001 has an information ...)
	NOT-FOR-US: Huawei
CVE-2017-8120 (The UMA product with software V200R001 and V300R001 has a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-8119 (The UMA product with software V200R001 and V300R001 has a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-8118 (The UMA product with software V200R001 and V300R001 has an information ...)
	NOT-FOR-US: Huawei
CVE-2017-8117 (The UMA product with software V200R001 and V300R001 has a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-8116 (The management interface for the Teltonika RUT9XX routers (aka LuCI) ...)
	NOT-FOR-US: Teltonika RUT9XX routers
CVE-2017-8115 (Directory traversal in setup/processors/url_search.php (aka the search ...)
	NOT-FOR-US: MODX
CVE-2017-8114 (Roundcube Webmail allows arbitrary password resets by authenticated ...)
	{DLA-933-1}
	- roundcube 1.2.3+dfsg.1-4 (bug #861388)
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.2.5
	NOTE: https://github.com/roundcube/roundcubemail/commit/6e054a37d13dc3772d0aa454a32d5dc3bdcc7003 (1.2.x)
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.9
	NOTE: https://github.com/roundcube/roundcubemail/commit/10b227d70a03e33682aaaa0138e84f9256f3cd50 (1.1.x)
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.0.11
	NOTE: https://github.com/roundcube/roundcubemail/commit/271426429bfbb5b63e6dec91b1e4780e8ef1c67e (1.0.x)
CVE-2017-8113
	RESERVED
CVE-2017-8112 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest ...)
	- qemu 1:2.8+dfsg-5 (bug #861351)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-04/msg04578.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1445621
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=f68826989cd4d1217797251339579c57b3c0934e
CVE-2017-8111
	RESERVED
CVE-2017-8110 (www.modified-shop.org modified eCommerce Shopsoftware 2.0.2.2 rev 10690 ...)
	NOT-FOR-US: modified eCommerce Shopsoftware
CVE-2017-8109 (The salt-ssh minion code in SaltStack Salt 2016.11 before 2016.11.4 ...)
	- salt 2016.11.5+ds-1 (bug #861219)
	[stretch] - salt <no-dsa> (Minor issue)
	[jessie] - salt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/saltstack/salt/issues/40075
	NOTE: https://github.com/saltstack/salt/pull/40609
	NOTE: https://github.com/saltstack/salt/commit/8492cef7a5c8871a3978ffc2f6e48b3b960e0151
CVE-2017-8108 (Unspecified tests in Lynis before 2.5.0 allow local users to write to ...)
	- lynis 2.5.0-1 (unimportant)
	[wheezy] - lynis <not-affected> (Vulnerable code do not exist)
	NOTE: Neutralised by kernel hardening
CVE-2017-8107
	RESERVED
CVE-2017-8106 (The handle_invept function in arch/x86/kvm/vmx.c in the Linux kernel ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://git.kernel.org/linus/bfd0a56b90005f8c8a004baf407ad90045c2b11e (3.12-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/4b855078601fc422dbac3059f2215e776f49780f (3.16-rc4)
CVE-2017-8105 (FreeType 2 before 2017-03-24 has an out-of-bounds write caused by a ...)
	{DSA-3839-1 DLA-918-1}
	- freetype 2.6.3-3.2 (bug #861220)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f958c48ee431bef8d4d466b40c9cb2d4dbcb7791
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=935
CVE-2017-8104 (In MyBB before 1.8.11, the smilie module allows Directory Traversal via ...)
	NOT-FOR-US: MyBB
CVE-2017-8103 (In MyBB before 1.8.11, the Email MyCode component allows XSS, as ...)
	NOT-FOR-US: MyBB
CVE-2017-8102 (Stored XSS in Serendipity v2.1-rc1 allows an attacker to steal an ...)
	- serendipity <removed>
CVE-2017-8101 (There is CSRF in Serendipity 2.0.5, allowing attackers to install any ...)
	- serendipity <removed>
CVE-2017-8100 (There is CSRF in the CopySafe Web Protection plugin before 2.6 for ...)
	NOT-FOR-US: CopySafe Web Protection plugin
CVE-2017-8099 (There is CSRF in the WHIZZ plugin before 1.1.1 for WordPress, allowing ...)
	NOT-FOR-US: WHIZZ plugin for Wordpress
CVE-2017-8098 (e107 2.1.4 is vulnerable to cross-site request forgery in ...)
	NOT-FOR-US: e107
CVE-2017-8097
	RESERVED
CVE-2017-8096
	RESERVED
CVE-2017-8095
	RESERVED
CVE-2017-8094
	RESERVED
CVE-2017-8093
	RESERVED
CVE-2017-8092
	RESERVED
CVE-2017-8091
	RESERVED
CVE-2017-8090
	RESERVED
CVE-2017-8089
	RESERVED
CVE-2017-8088
	RESERVED
CVE-2017-8087
	RESERVED
CVE-2017-8086 (Memory leak in the v9fs_list_xattr function in hw/9pfs/9p-xattr.c in ...)
	{DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-5 (bug #861348)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4ffcdef4277a91af15a3c09f7d16af072c29f3f2 (v2.9.0-rc4)
	NOTE: Introduced possibly by the fix d10142c11bdcecebe97fd834a834167053b7a05c to
	NOTE: partially fix CVE-2016-9602.
CVE-2017-8085 (In Exponent CMS before 2.4.1 Patch #5, XSS in elFinder is possible in ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-1000363 (Linux drivers/char/lp.c Out-of-Bounds Write. Due to a missing bounds ...)
	{DSA-3945-1 DLA-1099-1}
	- linux 4.9.30-1 (low)
	NOTE: Fixed by: https://git.kernel.org/linus/3e21f4af170bebf47c187c1ff8bf155583c9f3b1 (4.12-rc2)
	NOTE: https://alephsecurity.com/vulns/aleph-2017023
CVE-2017-1000361 (DOMRpcImplementationNotAvailableException when sending Port-Status ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000360 (StreamCorruptedException and NullPointerException in OpenDaylight ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000359 (Java out of memory error and significant increase in resource ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000358 (Controller throws an exception and does not allow user to add ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000357 (Denial of Service attack when the switch rejects to receive packets ...)
	NOT-FOR-US: OpenDaylight
CVE-2017-1000356 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...)
	- jenkins <removed>
CVE-2017-1000355 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...)
	- jenkins <removed>
CVE-2017-1000354 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...)
	- jenkins <removed>
CVE-2017-1000353 (Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier ...)
	- jenkins <removed>
CVE-2017-8084
	RESERVED
CVE-2017-8083 (CompuLab Intense PC and MintBox 2 devices with BIOS before 2017-05-21 ...)
	NOT-FOR-US: CompuLab Intense PC and MintBox 2 devices
CVE-2017-8082 (concrete5 8.1.0 has CSRF in Thumbnail Editor in the File Manager, which ...)
	NOT-FOR-US: concrete5
CVE-2017-8081 (Poor cryptographic salt initialization in ...)
	NOT-FOR-US: GetSimple CMS
CVE-2017-8080 (Atlassian Hipchat Server before 2.2.4 allows remote authenticated ...)
	NOT-FOR-US: HipChat
CVE-2010-5329 (The video_usercopy function in drivers/media/video/v4l2-ioctl.c in the ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/fc0a80798576f80ca10b3f6c9c7097f12fd1d64e (v2.6.39-rc2)
CVE-2007-6761 (drivers/media/video/videobuf-vmalloc.c in the Linux kernel before ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/0b29669c065f60501e7289e1950fa2a618962358 (v2.6.24-rc6)
CVE-2017-8079
	RESERVED
CVE-2017-8078 (On the TP-Link TL-SG108E 1.0, the upgrade process can be requested ...)
	NOT-FOR-US: TP-Link
CVE-2017-8077 (On the TP-Link TL-SG108E 1.0, there is a hard-coded ciphering key (a ...)
	NOT-FOR-US: TP-Link
CVE-2017-8076 (On the TP-Link TL-SG108E 1.0, admin network communications are RC4 ...)
	NOT-FOR-US: TP-Link
CVE-2017-8075 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve ...)
	NOT-FOR-US: TP-Link
CVE-2017-8074 (On the TP-Link TL-SG108E 1.0, a remote attacker could retrieve ...)
	NOT-FOR-US: TP-Link
CVE-2017-8073 (WeeChat before 1.7.1 allows a remote crash by sending a filename via ...)
	{DSA-3836-1 DLA-919-1}
	- weechat 1.7-3 (bug #861121)
	[stretch] - weechat 1.6-1+deb9u1
	NOTE: https://github.com/weechat/weechat/commit/2fb346f25f79e412cf0ed314fdf791763c19b70b
CVE-2017-8072 (The cp2112_gpio_direction_input function in drivers/hid/hid-cp2112.c ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8e9faa15469ed7c7467423db4c62aeed3ff4cae3
CVE-2017-8071 (drivers/hid/hid-cp2112.c in the Linux kernel 4.9.x before 4.9.9 uses a ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/7a7b5df84b6b4e5d599c7289526eed96541a0654
CVE-2017-8070 (drivers/net/usb/catc.c in the Linux kernel 4.9.x before 4.9.11 ...)
	- linux 4.9.13-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/2d6a0e9de03ee658a9adc3bfb2f0ca55dff1e478
CVE-2017-8069 (drivers/net/usb/rtl8150.c in the Linux kernel 4.9.x before 4.9.11 ...)
	- linux 4.9.13-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/7926aff5c57b577ab0f43364ff0c59d968f6a414
CVE-2017-8068 (drivers/net/usb/pegasus.c in the Linux kernel 4.9.x before 4.9.11 ...)
	- linux 4.9.10-1 (bug #852556)
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/5593523f968bc86d42a035c6df47d5e0979b5ace
CVE-2017-8067 (drivers/char/virtio_console.c in the Linux kernel 4.9.x and 4.10.x ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/c4baad50297d84bde1a7ad45e50c73adae4a2192
CVE-2017-8066 (drivers/net/can/usb/gs_usb.c in the Linux kernel 4.9.x and 4.10.x ...)
	- linux 4.9.16-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c919a3069c775c1c876bec55e00b2305d5125caa
CVE-2017-8065 (crypto/ccm.c in the Linux kernel 4.9.x and 4.10.x through 4.10.12 ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/3b30460c5b0ed762be75a004e924ec3f8711e032
CVE-2017-8064 (drivers/media/usb/dvb-usb-v2/dvb_usb_core.c in the Linux kernel 4.9.x ...)
	{DSA-3886-1}
	- linux 4.9.25-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/005145378c9ad7575a01b6ce1ba118fb427f583a
CVE-2017-8063 (drivers/media/usb/dvb-usb/cxusb.c in the Linux kernel 4.9.x and 4.10.x ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/3f190e3aec212fc8c61e202c51400afa7384d4bc
CVE-2017-8062 (drivers/media/usb/dvb-usb/dw2102.c in the Linux kernel 4.9.x and ...)
	- linux 4.9.16-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/606142af57dad981b78707234cfbd15f9f7b7125
CVE-2017-8061 (drivers/media/usb/dvb-usb/dvb-usb-firmware.c in the Linux kernel 4.9.x ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9-rc1 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/67b0503db9c29b04eadfeede6bebbfe5ddad94ef
CVE-2017-8060 (Acceptance of invalid/self-signed TLS certificates in &quot;Panda Mobile ...)
	NOT-FOR-US: Panda
CVE-2017-8059 (Acceptance of invalid/self-signed TLS certificates in &quot;Foxit PDF - PDF ...)
	NOT-FOR-US: Foxit
CVE-2017-8058 (Acceptance of invalid/self-signed TLS certificates in Atlassian HipChat ...)
	NOT-FOR-US: HipChat
CVE-2017-8057 (In Joomla! 3.4.0 through 3.6.5 (fixed in 3.7.0), multiple files caused ...)
	NOT-FOR-US: Joomla
CVE-2017-8056 (WatchGuard Fireware v11.12.1 and earlier mishandles requests referring ...)
	NOT-FOR-US: WatchGuard
CVE-2017-8055 (WatchGuard Fireware allows user enumeration, e.g., in the Firebox ...)
	NOT-FOR-US: WatchGuard
CVE-2017-8054 (The function PdfPagesTree::GetPageNodeFromArray in PdfPageTree.cpp:464 ...)
	- libpodofo 0.9.5-9 (bug #860995)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: The motivation for no-dsa in wheezy is that there are no known
	NOTE: services that use this library (apart from desktop applications)
	NOTE: and the worst case is a DoS.
	NOTE: http://qwertwwwe.github.io/2017/04/22/PoDoFo-0-9-5-allows-remote-attackers-to-cause-a-denial-of-service-infinit-loop/
	NOTE: PoC: https://github.com/qwertwwwe/PoC/blob/master/podofo/PoC
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1872
	NOTE: partially reverted in: https://sourceforge.net/p/podofo/code/1881
	NOTE: ... and re-fixed in: https://sourceforge.net/p/podofo/code/1882
	NOTE: and https://sourceforge.net/p/podofo/code/1883
CVE-2017-8053 (PoDoFo 0.9.5 allows denial of service (infinite recursion and stack ...)
	- libpodofo <unfixed> (bug #860994)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2017/04/22/1
	NOTE: https://sourceforge.net/p/podofo/tickets/7/
CVE-2017-8052 (Craft CMS before 2.6.2974 allows XSS attacks. ...)
	NOT-FOR-US: Craft CMS
CVE-2017-8051 (Tenable Appliance 3.5 - 4.4.0, and possibly prior versions, contains a ...)
	NOT-FOR-US: Tenable Appliance
CVE-2017-8050 (Tenable Appliance 4.4.0, and possibly prior, contains a flaw in the Web ...)
	NOT-FOR-US: Tenable Appliance
CVE-2017-8049
	REJECTED
CVE-2017-8048 (In Cloud Foundry capi-release versions 1.33.0 and later, prior to ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8047 (In Cloud Foundry router routing-release all versions prior to v0.163.0 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8046 (Malicious PATCH requests submitted to spring-data-rest servers in ...)
	NOT-FOR-US: Spring Data REST
CVE-2017-8045 (In Pivotal Spring AMQP versions prior to 1.7.4, 1.6.11, and 1.5.7, an ...)
	NOT-FOR-US: Spring AMQP
CVE-2017-8044 (In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and ...)
	NOT-FOR-US: Pivotal SSO
CVE-2017-8043
	REJECTED
CVE-2017-8042
	REJECTED
CVE-2017-8041 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...)
	NOT-FOR-US: Pivotal
CVE-2017-8040 (In Single Sign-On for Pivotal Cloud Foundry (PCF) 1.3.x versions prior ...)
	NOT-FOR-US: Pivotal
CVE-2017-8039 (An issue was discovered in Pivotal Spring Web Flow through 2.4.5. ...)
	NOT-FOR-US: Spring Web Flow
CVE-2017-8038 (In Cloud Foundry Foundation Credhub-release version 1.1.0, access ...)
	NOT-FOR-US: Cloud Foundry Foundation Credhub-release
CVE-2017-8037 (In Cloud Foundry Foundation CAPI-release versions after v1.6.0 and ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8036 (An issue was discovered in the Cloud Controller API in Cloud Foundry ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8035 (An issue was discovered in the Cloud Controller API in Cloud Foundry ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8034 (The Cloud Controller and Router in Cloud Foundry (CAPI-release capi ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8033 (An issue was discovered in the Cloud Controller API in Cloud Foundry ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8032 (In Cloud Foundry cf-release versions prior to v264; UAA release all ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8031 (An issue was discovered in Cloud Foundry Foundation cf-release (all ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-8030
	REJECTED
CVE-2017-8029
	REJECTED
CVE-2017-8028 (In Pivotal Spring-LDAP versions 1.3.0 - 2.3.1, when connected to some ...)
	{DSA-4046-1 DLA-1180-1}
	- libspring-ldap-java <removed>
	NOTE: https://pivotal.io/security/cve-2017-8028
	NOTE: https://github.com/spring-projects/spring-ldap/issues/430
CVE-2017-8027
	REJECTED
CVE-2017-8026
	REJECTED
CVE-2017-8025 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by an arbitrary ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-8024 (EMC Isilon OneFS (versions prior to 8.1.0.1, versions prior to 8.0.1.2, ...)
	NOT-FOR-US: EMC
CVE-2017-8023
	RESERVED
CVE-2017-8022 (An issue was discovered in EMC NetWorker (prior to 8.2.4.9, all ...)
	NOT-FOR-US: EMC
CVE-2017-8021 (EMC Elastic Cloud Storage (ECS) before 3.1 is affected by an ...)
	NOT-FOR-US: EMC Elastic Cloud Storage
CVE-2017-8020 (An issue was discovered in EMC ScaleIO 2.0.1.x. A buffer overflow ...)
	NOT-FOR-US: EMC
CVE-2017-8019 (An issue was discovered in EMC ScaleIO 2.0.1.x. A vulnerability in ...)
	NOT-FOR-US: EMC
CVE-2017-8018 (EMC AppSync host plug-in versions 3.5 and below (Windows platform only) ...)
	NOT-FOR-US: EMC AppSync
CVE-2017-8017 (EMC Network Configuration Manager (NCM) 9.3.x, 9.4.0.x, 9.4.1.x, and ...)
	NOT-FOR-US: EMC Network Configuration Manager
CVE-2017-8016 (RSA Archer GRC Platform prior to 6.2.0.5 is affected by stored ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2017-8015 (EMC AppSync (all versions prior to 3.5) contains a SQL injection ...)
	NOT-FOR-US: EMC
CVE-2017-8014
	RESERVED
CVE-2017-8013 (EMC Data Protection Advisor 6.3.x before patch 67 and 6.4.x before ...)
	NOT-FOR-US: EMC Data Protection Adv
CVE-2017-8012 (In EMC ViPR SRM, Storage M&amp;R, VNX M&amp;R, and M&amp;R (Watch4Net) for SAS ...)
	NOT-FOR-US: EMC
CVE-2017-8011 (EMC ViPR SRM, EMC Storage M&amp;R, EMC VNX M&amp;R, EMC M&amp;R for SAS Solution ...)
	NOT-FOR-US: EMC
CVE-2017-8010
	RESERVED
CVE-2017-8009
	REJECTED
CVE-2017-8008
	REJECTED
CVE-2017-8007 (In EMC ViPR SRM, Storage M&amp;R, VNX M&amp;R, and M&amp;R (Watch4Net) for SAS ...)
	NOT-FOR-US: EMC
CVE-2017-8006 (In EMC RSA Authentication Manager 8.2 SP1 Patch 1 and earlier, a ...)
	NOT-FOR-US: EMC
CVE-2017-8005 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
	NOT-FOR-US: EMC
CVE-2017-8004 (The EMC RSA Identity Governance and Lifecycle, RSA Via Lifecycle and ...)
	NOT-FOR-US: EMC
CVE-2017-8003 (EMC Data Protection Advisor prior to 6.4 contains a path traversal ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2017-8002 (EMC Data Protection Advisor prior to 6.4 contains multiple blind SQL ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2017-8001 (An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, ...)
	NOT-FOR-US: EMC
CVE-2017-8000 (In EMC RSA Authentication Manager 8.2 SP1 and earlier, a malicious RSA ...)
	NOT-FOR-US: EMC
CVE-2017-7999 (Atlassian Eucalyptus before 4.4.1, when in EDGE mode, allows remote ...)
	NOT-FOR-US: Atlassian Eucalyptus
CVE-2017-7998 (Multiple cross-site scripting (XSS) vulnerabilities in Gespage before ...)
	NOT-FOR-US: Gespage
CVE-2017-7997 (Multiple SQL injection vulnerabilities in Gespage before 7.4.9 allow ...)
	NOT-FOR-US: Gespage
CVE-2017-7996
	RESERVED
CVE-2017-7995 (Xen PV guest before Xen 4.3 checked access permissions to MMIO ranges ...)
	{DLA-964-1}
	- xen 4.3.0-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1033948
CVE-2017-7994 (The function TextExtractor::ExtractText in TextExtractor.cpp:77 in ...)
	- libpodofo 0.9.5-7 (bug #860930)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://github.com/icepng/PoC/tree/master/PoC1
	NOTE: https://icepng.github.io/2017/04/21/PoDoFo-1/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1849
CVE-2017-7993
	RESERVED
CVE-2017-7992 (Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php ...)
	NOT-FOR-US: Heartland Payment Systems Payment Gateway PHP SDK
CVE-2016-10348
	RESERVED
CVE-2017-7991 (Exponent CMS 2.4.1 and earlier has SQL injection via a base64 ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-7990 (The Reporting Module 1.12.0 for OpenMRS allows CSRF attacks with ...)
	NOT-FOR-US: OpenMRS
CVE-2017-7989 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate MIME type ...)
	NOT-FOR-US: Joomla
CVE-2017-7988 (In Joomla! 1.6.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
	NOT-FOR-US: Joomla
CVE-2017-7987 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate escaping of ...)
	NOT-FOR-US: Joomla
CVE-2017-7986 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
	NOT-FOR-US: Joomla
CVE-2017-7985 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
	NOT-FOR-US: Joomla
CVE-2017-7984 (In Joomla! 3.2.0 through 3.6.5 (fixed in 3.7.0), inadequate filtering ...)
	NOT-FOR-US: Joomla
CVE-2017-7983 (In Joomla! 1.5.0 through 3.6.5 (fixed in 3.7.0), mail sent using the ...)
	NOT-FOR-US: Joomla
CVE-2017-7982 (Integer overflow in the plist_from_bin function in bplist.c in ...)
	- libplist 1.12+git+1+e37ca00-0.3 (bug #860945)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/fdebf8b319b9280cd0e9b4382f2c7cbf26ef9325
	NOTE: https://github.com/libimobiledevice/libplist/issues/103
	NOTE: The issue seems covered in prior versions of upstream dccd9290745345896e3a4a73154576a599fd8b7b
	NOTE: which is CVE-2017-6440.
CVE-2017-7981 (Tuleap before 9.7 allows command injection via the PhpWiki 1.3.10 ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2017-7980 (Heap-based buffer overflow in Cirrus CLGD 54xx VGA Emulator in Quick ...)
	{DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=026aeffcb4752054830ba203020ed6eb05bcaba8
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ffaf857778286ca54e3804432a2369a279e73aa7
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=f019722cbbb45aea153294fc8921fcc96a4d3fa2
CVE-2017-7978 (Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software ...)
	NOT-FOR-US: Samsung
CVE-2017-7979 (The cookie feature in the packet action API implementation in ...)
	- linux <not-affected> (Only affects 4.11-rc1 onwards)
CVE-2017-7977 (The Screensavercc component in eLux RP before 5.5.0 allows attackers ...)
	NOT-FOR-US: Screensavercc component in eLux RP
CVE-2017-7976 (Artifex jbig2dec 0.13 allows out-of-bounds writes and reads because of ...)
	{DSA-3855-1 DLA-942-1}
	- jbig2dec 0.13-4.1 (bug #860787)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697683
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ed6c5133a1004ce8d
CVE-2017-7975 (Artifex jbig2dec 0.13, as used in Ghostscript, allows out-of-bounds ...)
	{DSA-3855-1 DLA-942-1}
	- jbig2dec 0.13-4.1 (bug #860788)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697693
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=5e57e483298dae8b
CVE-2017-7974 (A path traversal information disclosure vulnerability exists in ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7973 (A SQL injection vulnerability exists in Schneider Electric's U.motion ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7972 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7971 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7970 (A vulnerability exists in Schneider Electric's PowerSCADA Anywhere ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7969 (A cross-site request forgery vulnerability exists on the Secure ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7968 (An Incorrect Default Permissions issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider
CVE-2017-7967 (All versions of VAMPSET software produced by Schneider Electric, prior ...)
	NOT-FOR-US: Schneider
CVE-2017-7966 (A DLL Hijacking vulnerability in the programming software in Schneider ...)
	NOT-FOR-US: Schneider
CVE-2017-7965 (A buffer overflow vulnerability exists in Programming Software ...)
	NOT-FOR-US: Schneider
CVE-2017-7964 (Zyxel WRE6505 devices have a default TELNET password of 1234 for the ...)
	NOT-FOR-US: Zyxel
CVE-2017-7963 (** DISPUTED ** The GNU Multiple Precision Arithmetic Library (GMP) ...)
	NOTE: PHP non-issue, might get rejected
CVE-2017-7962 (The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7961 (** DISPUTED ** The cr_tknzr_parse_rgb function in cr-tknzr.c in ...)
	{DLA-909-1}
	- libcroco 0.6.11-3 (bug #860961)
	[jessie] - libcroco <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
	NOTE: https://git.gnome.org/browse/libcroco/commit/?id=9ad72875e9f08e4c519ef63d44cdbd94aa9504f7
CVE-2017-7960 (The cr_input_new_from_uri function in cr-input.c in libcroco 0.6.11 and ...)
	{DLA-909-1}
	- libcroco 0.6.11-3 (bug #860961)
	[jessie] - libcroco <no-dsa> (Minor issue; will be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2017/04/17/libcroco-heap-overflow-and-undefined-behavior/
	NOTE: https://git.gnome.org/browse/libcroco/commit/?id=898e3a8c8c0314d2e6b106809a8e3e93cf9d4394
CVE-2017-7959
	RESERVED
CVE-2017-7958
	RESERVED
CVE-2017-7957 (XStream through 1.4.9, when a certain denyTypes workaround is not used, ...)
	{DSA-3841-1 DLA-930-1}
	- libxstream-java 1.4.9-2 (bug #861521)
	NOTE: https://x-stream.github.io/CVE-2017-7957.html
	NOTE: Fixed by: https://github.com/x-stream/xstream/commit/b3570be
CVE-2017-7956
	RESERVED
CVE-2017-7955
	RESERVED
CVE-2017-7954
	RESERVED
CVE-2017-7953 (INFOR EAM V11.0 Build 201410 has XSS via comment fields. ...)
	NOT-FOR-US: INFOR EAM
CVE-2017-7952 (INFOR EAM V11.0 Build 201410 has SQL injection via search fields, ...)
	NOT-FOR-US: INFOR EAM
CVE-2017-7951 (WonderCMS before 2.0.3 has CSRF because of lack of a token in an ...)
	NOT-FOR-US: WonderCMS
CVE-2017-7950 (Nitro Pro 11.0.3 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Nitro Pro
CVE-2017-7949
	RESERVED
CVE-2017-7948 (Integer overflow in the mark_curve function in Artifex Ghostscript 9.21 ...)
	- ghostscript 9.22~dfsg-1 (unimportant)
	[jessie] - ghostscript <not-affected> (Vulnerable code not present)
	[wheezy] - ghostscript <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697762
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=8210a2864372723b49c526e2b102fdc00c9c4699
	NOTE: edgebuffer scan converter was made default only in: http://git.ghostscript.com/?p=ghostpdl.git;h=dd5da2cb3e08398ac6d86598b36b00994d058308
	NOTE: But the vulnerable code via base/gxscan.c, a new scan converter introduced in 9.20 is present.
CVE-2017-7947 (NetApp Clustered Data ONTAP before 8.3.2P11, 9.0 before P4, and 9.1 ...)
	NOT-FOR-US: NetApp
CVE-2016-10347 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10346 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9055 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2013-7463 (The aescrypt gem 1.0.0 for Ruby does not randomize the CBC IV for use ...)
	NOT-FOR-US: aescrypt gem for Ruby
CVE-2017-7946 (The get_relocs_64 function in libr/bin/format/mach0/mach0.c in radare2 ...)
	- radare2 1.1.0+dfsg-5 (low; bug #860962)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/7301
	NOTE: https://github.com/radare/radare2/commit/d1e8ac62c6d978d4662f69116e30230d43033c92
CVE-2017-7945 (The GlobalProtect external interface in Palo Alto Networks PAN-OS ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7944 (XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install ...)
	NOT-FOR-US: XOOPS
CVE-2017-7943 (The ReadSVGImage function in svg.c in ImageMagick 7.0.5-4 allows remote ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860736)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/427
CVE-2017-7942 (The ReadAVSImage function in avs.c in ImageMagick 7.0.5-4 allows remote ...)
	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860735)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present, does not use pixel_info yet)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present, does not use pixel_info yet)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/429
CVE-2017-7941 (The ReadSGIImage function in sgi.c in ImageMagick 7.0.5-4 allows remote ...)
	{DSA-3863-1 DLA-960-1}
	- imagemagick 8:6.9.7.4+dfsg-6 (low; bug #860734)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/428
CVE-2017-7940 (The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7939 (The read_next_pam_token function in imagew-pnm.c in libimageworsener.a ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7938 (Stack-based buffer overflow in DMitry (Deepmagic Information Gathering ...)
	NOT-FOR-US: DMitry
CVE-2017-7937 (An Improper Authentication issue was discovered in Phoenix Contact GmbH ...)
	NOT-FOR-US: Phoenix Contact
CVE-2017-7936 (A stack-based buffer overflow issue was discovered in NXP i.MX 50, i.MX ...)
	NOT-FOR-US: NXP i.MX devices
CVE-2017-7935 (A Resource Exhaustion issue was discovered in Phoenix Contact GmbH ...)
	NOT-FOR-US: Phoenix Contact
CVE-2017-7934 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
	NOT-FOR-US: OSIsoft
CVE-2017-7933
	RESERVED
CVE-2017-7932 (An improper certificate validation issue was discovered in NXP i.MX 28 ...)
	NOT-FOR-US: NXP i.MX devices
CVE-2017-7931
	RESERVED
CVE-2017-7930 (An Improper Authentication issue was discovered in OSIsoft PI Server ...)
	NOT-FOR-US: OSIsoft
CVE-2017-7929 (An Absolute Path Traversal issue was discovered in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-7928 (An Improper Access Control issue was discovered in Schweitzer ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories Security Gateway
CVE-2017-7927 (A Use of Password Hash Instead of Password for Authentication issue was ...)
	NOT-FOR-US: Dahua
CVE-2017-7926 (A Cross-Site Request Forgery issue was discovered in OSIsoft PI Web API ...)
	NOT-FOR-US: OSIsoft
CVE-2017-7925 (A Password in Configuration File issue was discovered in Dahua ...)
	NOT-FOR-US: Dahua
CVE-2017-7924 (An Improper Input Validation issue was discovered in Rockwell ...)
	NOT-FOR-US: Rockwell
CVE-2017-7923 (A Password in Configuration File issue was discovered in Hikvision ...)
	NOT-FOR-US: Hikvision
CVE-2017-7922 (An Improper Privilege Management issue was discovered in Cambium ...)
	NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7921 (An Improper Authentication issue was discovered in Hikvision ...)
	NOT-FOR-US: Hikvision
CVE-2017-7920 (An Improper Authentication issue was discovered in ABB VSN300 WiFi ...)
	NOT-FOR-US: ABB WiFi Logger Card
CVE-2017-7919 (An Improper Authentication issue was discovered in Newport XPS-Cx and ...)
	NOT-FOR-US: Newport
CVE-2017-7918 (An Improper Access Control issue was discovered in Cambium Networks ...)
	NOT-FOR-US: Cambium Networks ePMP
CVE-2017-7917 (A Cross-Site Request Forgery issue was discovered in Moxa OnCell ...)
	NOT-FOR-US: Moxa
CVE-2017-7916 (A Permissions, Privileges, and Access Controls issue was discovered in ...)
	NOT-FOR-US: ABB WiFi Logger Card
CVE-2017-7915 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Moxa
CVE-2017-7914 (A Missing Authorization issue was discovered in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Rockwell PanelView Plus
CVE-2017-7913 (A Plaintext Storage of a Password issue was discovered in Moxa OnCell ...)
	NOT-FOR-US: Moxa
CVE-2017-7912
	RESERVED
CVE-2017-7911 (A Code Injection issue was discovered in CyberVision Kaa IoT Platform, ...)
	NOT-FOR-US: CyberVision Kaa IoT Platform
CVE-2017-7910 (A Stack-Based Buffer Overflow issue was discovered in Digital Canal ...)
	NOT-FOR-US: Digital Canal Structural Wind Analysis
CVE-2017-7909 (A Use of Client-Side Authentication issue was discovered in Advantech ...)
	NOT-FOR-US: Advantech
CVE-2017-7908
	RESERVED
CVE-2017-7907 (An Improper XML Parser Configuration issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider
CVE-2017-7906
	RESERVED
CVE-2017-7905 (A Weak Cryptography for Passwords issue was discovered in General ...)
	NOT-FOR-US: General Electric
CVE-2017-7904
	RESERVED
CVE-2017-7903 (A Weak Password Requirements issue was discovered in Rockwell ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7902 (A &quot;Reusing a Nonce, Key Pair in Encryption&quot; issue was discovered in ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7901 (A Predictable Value Range from Previous Values issue was discovered in ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7900
	RESERVED
CVE-2017-7899 (An Information Exposure issue was discovered in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7898 (An Improper Restriction of Excessive Authentication Attempts issue was ...)
	NOT-FOR-US: Rockwell Automation
CVE-2017-7897 (A cross-site scripting (XSS) vulnerability in the MantisBT (2.3.x ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
CVE-2017-7896 (Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) 9.1 ...)
	NOT-FOR-US: Trend Micro
CVE-2017-7895 (The NFSv2 and NFSv3 server implementations in the Linux kernel through ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.25-1
	NOTE: Fixed by: https://git.kernel.org/linus/13bf9fbff0e5e099e2b6f003a0ab8ae145436309
CVE-2016-10345 (In Phusion Passenger before 5.1.0, a known /tmp filename was used ...)
	- passenger <unfixed> (unimportant)
	NOTE: https://github.com/phusion/passenger/commit/e5b4b0824d6b648525b4bf63d9fa37e5beeae441
	NOTE: Source present, but passenger-install-nginx-module not installed
CVE-2016-10344 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10343 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10342 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10341 (In all Android releases from CAF using the Linux kernel, 3rd party ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10340 (In all Android releases from CAF using the Linux kernel, an integer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10339 (In all Android releases from CAF using the Linux kernel, HLOS can ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10338 (In all Android releases from CAF using the Linux kernel, there was an ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10337 (In all Android releases from CAF using the Linux kernel, some ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10336 (In all Android releases from CAF using the Linux kernel, some regions ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10335 (In all Android releases from CAF using the Linux kernel, libtomcrypt ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10334 (In all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10333 (In all Android releases from CAF using the Linux kernel, a sensitive ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10332 (In all Android releases from CAF using the Linux kernel, stack ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10331 (Directory traversal vulnerability in download.php in Synology Photo ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10330 (Directory traversal vulnerability in synophoto_dsm_user, a SUID ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10329 (Command injection vulnerability in login.php in Synology Photo Station ...)
	NOT-FOR-US: Synology Photo Station
CVE-2015-9054 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9053 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9052 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9051 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9050 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9049 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9048 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9047 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9046 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9045 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9044 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9043 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9042 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9041 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9040 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9039 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9038 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9037 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9036 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9035 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9034 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-9033 (In all Android releases from CAF using the Linux kernel, a QTEE system ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9032 (In all Android releases from CAF using the Linux kernel, a DRM key was ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9031 (In all Android releases from CAF using the Linux kernel, a TZ memory ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9030 (In all Android releases from CAF using the Linux kernel, the ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9029 (In all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9028 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9027 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9026 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9025 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9024 (In all Android releases from CAF using the Linux kernel, some ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9023 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9022 (In all Android releases from CAF using the Linux kernel, time-of-check ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9021 (In all Android releases from CAF using the Linux kernel, access ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2015-9020 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9969 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9968 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9967 (In all Android releases from CAF using the Linux kernel, an untrusted ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9966 (In all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9965 (In all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9964 (In all Android releases from CAF using the Linux kernel, an integer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9963 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9962 (In all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9961 (In all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9960 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-7894 (WinDjView 2.1 might allow user-assisted attackers to execute code via ...)
	NOT-FOR-US: WinDjView
CVE-2017-7893 (In SaltStack Salt before 2016.3.6, compromised salt-minions can ...)
	- salt <undetermined>
	NOTE: https://docs.saltstack.com/en/2017.7/topics/releases/2016.3.6.html
	TODO: check, pinpoint fixing version, check with maintainers on issue
CVE-2017-7892 (Sandstorm Cap'n Proto before 0.5.3.1 allows remote crashes related to a ...)
	- capnproto 0.6.1-1 (unimportant; bug #860960)
	NOTE: https://github.com/sandstorm-io/capnproto/blob/master/security-advisories/2017-04-17-0-apple-clang-elides-bounds-check.md
	NOTE: Fixed by: https://github.com/sandstorm-io/capnproto/commit/52bc956459a5e83d7c31be95763ff6399e064ae4
	NOTE: So far only Apple's compiler has been shown to apply the problematic optimization, fixed in 0.5.3.1 upstream
CVE-2017-7891 (sourcebans-pp (SourceBans++) 1.5.4.7 has XSS in admin.comms.php via the ...)
	NOT-FOR-US: SourceBans++
CVE-2017-7890 (The GIF decoding function gdImageCreateFromGifCtx in gd_gif_in.c in ...)
	{DSA-3938-1 DLA-1055-1}
	- php7.1 7.1.8-1 (unimportant)
	- php7.0 7.0.22-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=74435
	NOTE: Fixed in 7.1.7, 7.0.21, 5.6.31
	- libgd2 2.2.5-1 (bug #869263)
	NOTE: https://github.com/libgd/libgd/issues/399
	NOTE: https://github.com/libgd/libgd/commit/c613bc169802bb4b639ee2e15c61b25b80a88424
CVE-2017-7888 (Dolibarr ERP/CRM 4.0.4 stores passwords with the MD5 algorithm, which ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7887 (Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7886 (Dolibarr ERP/CRM 4.0.4 has SQL Injection in ...)
	- dolibarr 5.0.4+dfsg3-1 (bug #863544)
	[jessie] - dolibarr <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/10/6
CVE-2017-7885 (Artifex jbig2dec 0.13 has a heap-based buffer over-read leading to ...)
	{DSA-3855-1 DLA-942-1}
	- jbig2dec 0.13-4.1 (bug #860460)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697703
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=b184e783702246e15
CVE-2017-7884 (In Adam Kropelin adk0212 APC UPS Daemon through 3.14.14, the default ...)
	- apcupsd <not-affected> (Only APC UPS Daemon on Windows)
CVE-2017-7889 (The mm subsystem in the Linux kernel through 4.10.10 does not properly ...)
	{DSA-3945-1 DLA-1099-1}
	- linux 4.9.25-1
	NOTE: Fixed by: https://git.kernel.org/linus/a4866aa812518ed1a37d8ea0c881dc946409de94 (v4.11-rc7)
CVE-2017-7883
	RESERVED
CVE-2017-7882 (LibreOffice before 2017-03-14 has an out-of-bounds write related to the ...)
	- libreoffice <not-affected> (Vulnerable code not present in any release)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/65dcd1d8195069c8c8acb3a188b8e5616c51029c
CVE-2017-7881 (BigTree CMS through 4.2.17 relies on a substring check for CSRF ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-7880
	RESERVED
CVE-2017-7879 (SQL Injection vulnerability in flatCore version 1.4.6 allows an ...)
	NOT-FOR-US: flatCore
CVE-2017-7878 (SQL Injection vulnerability in flatCore version 1.4.6 allows an ...)
	NOT-FOR-US: flatCore
CVE-2017-7877 (CSRF vulnerability in flatCore version 1.4.6 allows remote attackers to ...)
	NOT-FOR-US: flatCore
CVE-2017-7876 (QNAP QTS before 4.2.6 build 20170517 allows command injection. ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-7875 (In wallpaper.c in feh before v2.18.3, if a malicious client pretends to ...)
	{DLA-899-1}
	- feh 2.18-2 (low; bug #860367)
	[jessie] - feh <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/derf/feh/commit/f7a547b7ef8fc8ebdeaa4c28515c9d72e592fb6d
CVE-2017-7874
	REJECTED
CVE-2017-7873
	RESERVED
CVE-2017-7872
	RESERVED
CVE-2017-7871 (trollepierre/tdm before 2017-04-13 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: trollepierre/tdm
CVE-2016-1000259
	REJECTED
CVE-2016-1000258
	REJECTED
CVE-2017-7870 (LibreOffice before 2017-01-02 has an out-of-bounds write caused by a ...)
	{DSA-3837-1 DLA-910-1}
	- libreoffice 1:5.2.5-1
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/62a97e6a561ce65e88d4c537a1b82c336f012722
CVE-2017-7869 (GnuTLS before 2017-02-20 has an out-of-bounds write caused by an ...)
	- gnutls28 3.5.8-4
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gitlab.com/gnutls/gnutls/commit/51464af713d71802e3c6d5ac15f1a95132a354fe
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=420
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-3
CVE-2017-7868 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...)
	{DSA-3830-1 DLA-947-1}
	- icu 57.1-6 (bug #860314)
	NOTE: http://bugs.icu-project.org/trac/changeset/39671
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437
CVE-2017-7867 (International Components for Unicode (ICU) for C/C++ before 2017-02-13 ...)
	{DSA-3830-1 DLA-947-1}
	- icu 57.1-6 (bug #860314)
	NOTE: http://bugs.icu-project.org/trac/changeset/39671
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213
CVE-2017-7866 (FFmpeg before 2017-01-23 has an out-of-bounds write caused by a ...)
	- ffmpeg 7:3.2.4-1
	- libav <undetermined>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e371f031b942d73e02c090170975561fabd5c264
CVE-2017-7865 (FFmpeg before 2017-01-24 has an out-of-bounds write caused by a ...)
	- ffmpeg 7:3.2.4-1
	- libav <undetermined>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/2080bc33717955a0e4268e738acf8c1eeddbf8cb
CVE-2017-7864 (FreeType 2 before 2017-02-02 has an out-of-bounds write caused by a ...)
	- freetype <not-affected> (Vulnerable code not present; CFF2 support introduced in 2.7.1, cf #860313)
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=e6699596af5c5d6f0ae0ea06e19df87dce088df8
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=509
CVE-2017-7863 (FFmpeg before 2017-02-04 has an out-of-bounds write caused by a ...)
	- ffmpeg 7:3.2.4-1
	- libav <undetermined>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/e477f09d0b3619f3d29173b2cd593e17e2d1978e
CVE-2017-7862 (FFmpeg before 2017-02-07 has an out-of-bounds write caused by a ...)
	{DSA-4012-1 DLA-1142-1}
	- ffmpeg 7:3.2.4-1
	- libav <removed>
	NOTE: Fixed by: https://github.com/FFmpeg/FFmpeg/commit/8c2ea3030af7b40a3c4275696fb5c76cdb80950a
	NOTE: Fixed in 11.11
CVE-2017-7861 (Google gRPC before 2017-02-22 has an out-of-bounds write related to the ...)
	- grpc 1.2.5-1+nmu0 (bug #860316)
CVE-2017-7860 (Google gRPC before 2017-02-22 has an out-of-bounds write caused by a ...)
	- grpc 1.2.5-1+nmu0 (bug #860316)
CVE-2017-7859 (FFmpeg before 2017-03-05 has an out-of-bounds write caused by a ...)
	- ffmpeg <not-affected> (Only affected master, not present in a release)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=1034183
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/70ebc05bce51215cd0857194d6cabf1e4d1440fb
CVE-2017-7858 (FreeType 2 before 2017-03-07 has an out-of-bounds write related to the ...)
	- freetype <not-affected> (Vulnerable code introduced in 2.6.4)
	NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=779309744222a736eba0f1731e8162fce6288d4e
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=738
CVE-2017-7857 (FreeType 2 before 2017-03-08 has an out-of-bounds write caused by a ...)
	- freetype <not-affected> (Vulnerable code introduced in 2.6.4)
	NOTE: Introduced after: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=813aca51d28704f7ffc470721167738fa8decb3d
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7bbb91fbf47fc0775cc9705673caf0c47a81f94b
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=759
CVE-2017-7856 (LibreOffice before 2017-03-11 has an out-of-bounds write caused by a ...)
	- libreoffice <not-affected> (Didn't affect any released version of LibreOffice)
CVE-2016-10328 (FreeType 2 before 2016-12-16 has an out-of-bounds write caused by a ...)
	- freetype <not-affected> (Only affected head for about a day, see bug #860303)
	NOTE: Introduced with: https://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=010e0614f2effe058855aacfc3e61c71e1cb5739
	NOTE: Fixed with http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=beecf80a6deecbaf5d264d4f864451bde4fe98b8
	NOTE: http://savannah.nongnu.org/bugs/?func=detailitem&item_id=49858
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=289
CVE-2016-10327 (LibreOffice before 2016-12-22 has an out-of-bounds write caused by a ...)
	- libreoffice 1:5.2.5-1
	[jessie] - libreoffice <not-affected> (Vulnerable code not present)
	[wheezy] - libreoffice <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibreOffice/core/commit/7485fc2a1484f31631f62f97e5c64c0ae74c6416
CVE-2017-7855 (In the webmail component in IceWarp Server 11.3.1.5, there was an XSS ...)
	NOT-FOR-US: IceWarp
CVE-2017-7854 (The consume_init_expr function in wasm.c in radare2 1.3.0 allows remote ...)
	- radare2 <not-affected> (Vulnerable code introduced later)
CVE-2017-7853 (In libosip2 in GNU oSIP 4.1.0 and 5.0.0, a malformed SIP message can ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109265
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1ae06daf3b2375c34af23083394a6f010be24a45
CVE-2017-7852 (D-Link DCS cameras have a weak/insecure CrossDomain.XML file that ...)
	NOT-FOR-US: D-Link
CVE-2017-7851 (D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate ...)
	NOT-FOR-US: D-Link
CVE-2016-10326 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109132
	NOTE: Fixed by: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=b9dd097b5b24f5ee54b0a8739e59641cd51b6ead
CVE-2016-10325 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109131
	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=1d9fb1d3a71cc85ef95352e549b140c706cf8696
CVE-2016-10324 (In libosip2 in GNU oSIP 4.1.0, a malformed SIP message can lead to a ...)
	{DSA-3879-1 DLA-898-1}
	- libosip2 4.1.0-2.1 (bug #860287)
	NOTE: https://savannah.gnu.org/support/index.php?109133
	NOTE: https://git.savannah.gnu.org/cgit/osip.git/commit/?id=7e0793e15e21f68337e130c67b031ca38edf055f
CVE-2017-7850 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...)
	NOT-FOR-US: Nessus
CVE-2017-7849 (Nessus 6.10.x before 6.10.5 was found to be vulnerable to a local ...)
	NOT-FOR-US: Nessus
CVE-2017-7848
	RESERVED
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7848
CVE-2017-7847
	RESERVED
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7847
CVE-2017-7846
	RESERVED
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7846
CVE-2017-7845
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
	- thunderbird <not-affected> (Only affects Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-29/#CVE-2017-7845
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7845
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7845
CVE-2017-7844
	RESERVED
	- firefox 57.0.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7844
CVE-2017-7843
	RESERVED
	{DSA-4062-1 DLA-1202-1}
	- firefox 57.0.1-1
	- firefox-esr 52.5.2esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-27/#CVE-2017-7843
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-28/#CVE-2017-7843
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1410106
CVE-2017-7842
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7842
CVE-2017-7841
	RESERVED
CVE-2017-7840
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7840
CVE-2017-7839
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7839
CVE-2017-7838
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7838
CVE-2017-7837
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7837
CVE-2017-7836
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7836
CVE-2017-7835
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7835
CVE-2017-7834
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7834
CVE-2017-7833
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7833
CVE-2017-7832
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7832
CVE-2017-7831
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7831
CVE-2017-7830
	RESERVED
	{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
	- firefox 57.0-1
	- firefox-esr 52.5.0esr-1
	- thunderbird 1:52.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7830
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7830
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7830
CVE-2017-7829
	RESERVED
	{DSA-4075-1 DLA-1223-1}
	- thunderbird 1:52.5.2-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-30/#CVE-2017-7829
CVE-2017-7828
	RESERVED
	{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
	- firefox 57.0-1
	- firefox-esr 52.5.0esr-1
	- thunderbird 1:52.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7828
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7828
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7828
CVE-2017-7827
	RESERVED
	- firefox 57.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7827
CVE-2017-7826
	RESERVED
	{DSA-4075-1 DSA-4061-1 DSA-4035-1 DLA-1199-1 DLA-1172-1}
	- firefox 57.0-1
	- firefox-esr 52.5.0esr-1
	- thunderbird 1:52.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-24/#CVE-2017-7826
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-25/#CVE-2017-7826
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-26/#CVE-2017-7826
CVE-2017-7825
	RESERVED
	- firefox <not-affected> (Only affects Firefox on OS X)
	- firefox-esr <not-affected> (Only affects Firefox on OS X)
	- icedove <not-affected> (Only affects Thunderbird on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7825
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7825
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7825
CVE-2017-7824
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7824
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7824
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7824
CVE-2017-7823
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7823
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7823
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7823
CVE-2017-7822
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7822
CVE-2017-7821
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7821
CVE-2017-7820
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7820
CVE-2017-7819
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7819
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7819
CVE-2017-7818
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7818
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7818
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7818
CVE-2017-7817
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7817
CVE-2017-7816
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7816
CVE-2017-7815
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7815
CVE-2017-7814
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7814
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7814
CVE-2017-7813
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7813
CVE-2017-7812
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7812
CVE-2017-7811
	RESERVED
	- firefox 56.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7811
CVE-2017-7810
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7810
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7810
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7810
CVE-2017-7809
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7808
	RESERVED
	- firefox 55.0-1
CVE-2017-7807
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7806
	RESERVED
	- firefox 55.0-1
CVE-2017-7805
	RESERVED
	{DSA-4014-1 DSA-3998-1 DSA-3987-1 DLA-1153-1 DLA-1138-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	- nss 2:3.33-1
	NOTE: https://hg.mozilla.org/projects/nss/rev/839200ce0943166a079284bdf45dcc37bb672925
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1377618 (not public)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7805
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7805
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7805
CVE-2017-7804
	RESERVED
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
CVE-2017-7803
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7802
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7801
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7800
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7799
	RESERVED
	- firefox 55.0-1
CVE-2017-7798
	RESERVED
	{DSA-3928-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
CVE-2017-7797
	RESERVED
	- firefox 55.0-1
CVE-2017-7796
	RESERVED
	- firefox <not-affected> (Windows-specific)
CVE-2017-7795
	RESERVED
CVE-2017-7794
	RESERVED
	- firefox 55.0-1
CVE-2017-7793
	RESERVED
	{DSA-4014-1 DSA-3987-1 DLA-1153-1 DLA-1118-1}
	- firefox 56.0-1
	- firefox-esr 52.4.0esr-2
	- thunderbird 1:52.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-21/#CVE-2017-7793
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-22/#CVE-2017-7793
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-23/#CVE-2017-7793
CVE-2017-7792
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7791
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7790
	RESERVED
	- firefox <not-affected> (Windows-specific)
CVE-2017-7789 [Firefox ignores Strict-Transport-Security when two more STS headers are sent from server]
	RESERVED
	- firefox 55.0-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074642
CVE-2017-7788
	RESERVED
	- firefox 55.0-1
CVE-2017-7787
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7786
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7785
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7784
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7783
	RESERVED
	- firefox 55.0-1
CVE-2017-7782
	RESERVED
	- firefox <not-affected> (Windows-specific)
	- firefox-esr <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
CVE-2017-7781
	RESERVED
	- firefox 55.0-1
CVE-2017-7780
	RESERVED
	- firefox 55.0-1
CVE-2017-7779
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7778
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7778
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7778
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7778
CVE-2017-7777
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1349310
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1358551
CVE-2017-7776
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1356607
CVE-2017-7775
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355182
CVE-2017-7774
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1355174
CVE-2017-7773
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352747
CVE-2017-7772
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1352745
CVE-2017-7771
	RESERVED
	{DSA-3918-1 DSA-3894-1 DSA-3881-1 DLA-1013-1 DLA-1007-1 DLA-991-1}
	- graphite2 1.3.10-1
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1350047
CVE-2017-7770
	RESERVED
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7770
CVE-2017-7769
	RESERVED
CVE-2017-7768
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7768
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7768
CVE-2017-7767
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7767
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7767
CVE-2017-7766
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7766
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7766
CVE-2017-7765
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	- icedove <not-affected> (Only Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7765
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7765
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7765
CVE-2017-7764
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7764
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7764
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7764
CVE-2017-7763
	RESERVED
	- firefox <not-affected> (Only firefox on Mac OS X)
	- firefox-esr <not-affected> (Only Firefox ESR on Mac OS X)
	- icedove <not-affected> (Only Thunderbird on Mac OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7763
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7763
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7763
CVE-2017-7762
	RESERVED
	- firefox 54.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7762
CVE-2017-7761
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7761
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7761
CVE-2017-7760
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7760
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7760
CVE-2017-7759
	RESERVED
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7759
CVE-2017-7758
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7758
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7758
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7758
CVE-2017-7757
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7757
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7757
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7757
CVE-2017-7756
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7756
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7756
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7756
CVE-2017-7755
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox ESR on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7755
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7755
CVE-2017-7754
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7754
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7754
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7754
CVE-2017-7753
	RESERVED
	{DSA-3968-1 DSA-3928-1 DLA-1087-1 DLA-1053-1}
	- firefox 55.0-1
	- firefox-esr 52.3.0esr-1
	- icedove 1:52.3.0-1 (bug #872834)
CVE-2017-7752
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7752
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7752
CVE-2017-7751
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7751
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7751
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7751
CVE-2017-7750
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7750
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7750
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7750
CVE-2017-7749
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-7749
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-7749
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-7749
CVE-2017-7748 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WSP dissector ...)
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-21.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=f55cbcde2c8f74b652add4450b0592082eb6acff
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13581
CVE-2017-7747 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the PacketBB dissector ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-18.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5cfd52d6629cf8a7ab67c6bacd3431a964f43584
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13559
CVE-2017-7746 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SLSK dissector ...)
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-19.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=58e69cc769dea24b721abd8a29f9eedc11024b7e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13576
CVE-2017-7745 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the SIGCOMP dissector ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-20.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=acd8e1a9b17ad274bea1e01e10e4481508a1cbf0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13578
CVE-2017-7744
	RESERVED
CVE-2017-7743
	RESERVED
CVE-2017-7742 (In libsndfile before 1.0.28, an error in the &quot;flac_buffer_copy()&quot; ...)
	{DLA-928-1}
	- libsndfile 1.0.27-3 (bug #860255)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
CVE-2017-7741 (In libsndfile before 1.0.28, an error in the &quot;flac_buffer_copy()&quot; ...)
	{DLA-928-1}
	- libsndfile 1.0.27-2
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsndfile-invalid-memory-read-and-invalid-memory-write-in/
	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7740
	RESERVED
CVE-2017-7739 (A reflected Cross-site Scripting (XSS) vulnerability in web proxy ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7738 (An Information Disclosure vulnerability in Fortinet FortiOS 5.6.0 to ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7737 (An information disclosure vulnerability in Fortinet FortiWeb 5.8.2 and ...)
	NOT-FOR-US: Fortinet
CVE-2017-7736 (A stored Cross-site Scripting (XSS) vulnerability in Fortinet FortiWeb ...)
	NOT-FOR-US: Fortinet
CVE-2017-7735 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7734 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-7733 (A Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiOS 5.4.0 ...)
	NOT-FOR-US: Fortinet
CVE-2017-7732 (A reflected Cross-Site Scripting (XSS) vulnerability in Fortinet ...)
	NOT-FOR-US: Fortinet
CVE-2017-7731 (A weak password recovery vulnerability in Fortinet FortiPortal ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7730 (iSmartAlarm cube devices allow Denial of Service. Sending a SYN flood ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7729 (On iSmartAlarm cube devices, there is Incorrect Access Control because ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7728 (On iSmartAlarm cube devices, there is authentication bypass leading to ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7727
	REJECTED
CVE-2017-7726 (iSmartAlarm cube devices have an SSL Certificate Validation ...)
	NOT-FOR-US: iSmartAlarm
CVE-2017-7725 (concrete5 8.1.0 places incorrect trust in the HTTP Host header during ...)
	NOT-FOR-US: concrete5
CVE-2017-7724
	RESERVED
CVE-2017-7723 (XSS exists in Easy WP SMTP (before 1.2.5), a WordPress Plugin, via the ...)
	NOT-FOR-US: Easy WP SMTP WordPress plugin
CVE-2017-7722 (In SolarWinds Log &amp; Event Manager (LEM) before 6.3.1 Hotfix 4, a menu ...)
	NOT-FOR-US: SolarWinds
CVE-2017-7721 (IrfanView version 4.44 (32bit) with FPX Plugin before 4.45 has an ...)
	NOT-FOR-US: IrfanView
CVE-2017-7720 (Buffer overflow in PrivateTunnel 2.7 and 2.8 allows local attackers to ...)
	NOT-FOR-US: PrivateTunnel
CVE-2017-7719 (SQL injection in the Spider Event Calendar (aka spider-event-calendar) ...)
	NOT-FOR-US: Spider Event Calendar
CVE-2017-7718 (hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local ...)
	{DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4
	- qemu-kvm <removed>
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=215902d7b6fb50c6fc216fc74f770858278ed904
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=3328c14e63f08fb07e8c6dec779c9d365e9e9864 (v2.8.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443441
CVE-2017-7717 (SQL injection vulnerability in the getUserUddiElements method in the ...)
	NOT-FOR-US: SAP
CVE-2017-7716 (The read_u32_leb128 function in libr/util/uleb128.c in radare2 1.3.0 ...)
	- radare2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/radare/radare2/issues/7260
CVE-2017-7715
	RESERVED
CVE-2017-7714
	RESERVED
CVE-2017-7713
	RESERVED
CVE-2017-7712
	RESERVED
CVE-2017-7711
	RESERVED
CVE-2017-7710
	RESERVED
CVE-2017-7709
	RESERVED
CVE-2017-7708
	RESERVED
CVE-2017-7707
	RESERVED
CVE-2017-7706
	RESERVED
CVE-2017-7705 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the RPC over RDMA ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-15.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13558
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=08d392bbecc8fb666bf979e70a34536007b83ea2
CVE-2017-7704 (In Wireshark 2.2.0 to 2.2.5, the DOF dissector could go into an ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-17.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13453
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6032b0fe5fc1176ab77e03e20765f95fbd21b19e
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=da53a90b6895e47e03c5de05edf84bd99d535fd8
CVE-2017-7703 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the IMAP dissector ...)
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-12.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13466
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=671e32820ab29d41d712cc8a472eab9b672684d9
CVE-2017-7702 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the WBXML dissector ...)
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	[wheezy] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-13.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13477
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7
	NOTE: When for older releases fixing this entry, make sure to fix apply the
	NOTE: complete patch including https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2f322f66cbcca2fefdaa630494f9d6c97eb659b7
	NOTE: to not open CVE-2017-11410.
CVE-2017-7701 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the BGP dissector ...)
	- wireshark 2.2.6+g32dac6a-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-16.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13557
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=fa31f69b407436d0946f84baa0acdcc50962bf7a
CVE-2017-7700 (In Wireshark 2.2.0 to 2.2.5 and 2.0.0 to 2.0.11, the NetScaler file ...)
	{DLA-858-1}
	- wireshark 2.2.6+g32dac6a-1 (low)
	[jessie] - wireshark <no-dsa> (Minor issue)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-14.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13478
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=8fc0af859de4993951a915ad735be350221f3f53
CVE-2017-7699
	RESERVED
CVE-2017-7698 (A Use After Free in the pdf2swf part of swftools 0.9.2 and earlier ...)
	- swftools 0.9.2+ds1-2
	NOTE: https://github.com/matthiaskramm/swftools/pull/19
	NOTE: Vulnerable code removed with the 0.9.2+dfs1-2 upload
CVE-2017-7697 (In libsamplerate before 0.1.9, a buffer over-read occurs in the ...)
	- libsamplerate 0.1.9-1 (bug #860159)
	[stretch] - libsamplerate <no-dsa> (Minor issue)
	[jessie] - libsamplerate <no-dsa> (Minor issue)
	[wheezy] - libsamplerate <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsamplerate/issues/11
	NOTE: https://blogs.gentoo.org/ago/2017/04/11/libsamplerate-global-buffer-overflow-in-calc_output_single-src_sinc-c/
	NOTE: Fixed by: https://github.com/erikd/libsamplerate/commit/c3b66186656de44da18b7058aec099dbe782dd0b
CVE-2017-7696 (SAP AS JAVA SSO Authentication Library 2.0 through 3.0 allow remote ...)
	NOT-FOR-US: SAP
CVE-2017-7695 (Unrestricted File Upload exists in BigTree CMS before 4.2.17: if an ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-7694 (Remote Code Execution vulnerability in ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-7693 (Directory traversal vulnerability in viewer_script.jsp in Riverbed ...)
	NOT-FOR-US: Riverbed OPNET App Response Xpert (ARX)
CVE-2017-7692 (SquirrelMail 1.4.22 (and other versions before 20170427_0200-SVN) ...)
	{DSA-3852-1 DLA-941-1}
	- squirrelmail <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/19/6
	NOTE: https://legalhackers.com/advisories/SquirrelMail-Exploit-Remote-Code-Exec-CVE-2017-7692-Vuln.html
CVE-2017-7691 (A code injection vulnerability exists in SAP TREX / Business Warehouse ...)
	NOT-FOR-US: SAP TREX
CVE-2017-7690 (Proxifier for Mac before 2.19.2, when first run, allows local users to ...)
	NOT-FOR-US: Proxifier for Mac
CVE-2017-7689 (A Command Injection vulnerability in Schneider Electric homeLYnk ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-7688 (Apache OpenMeetings 1.0.0 updates user password in insecure manner. ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7687 (When handling a decoding failure for a malformed URL path of an HTTP ...)
	- apache-mesos <itp> (bug #760315)
CVE-2017-7686 (Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to ...)
	NOT-FOR-US: Apache Ignite
CVE-2017-7685 (Apache OpenMeetings 1.0.0 responds to the following insecure HTTP ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7684 (Apache OpenMeetings 1.0.0 doesn't check contents of files being ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7683 (Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7682 (Apache OpenMeetings 3.2.0 is vulnerable to parameter manipulation ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7681 (Apache OpenMeetings 1.0.0 is vulnerable to SQL injection. This allows ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7680 (Apache OpenMeetings 1.0.0 has an overly permissive crossdomain.xml ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7679 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-7678 (In Apache Spark before 2.2.0, it is possible for an attacker to take ...)
	NOT-FOR-US: Apache Spark
CVE-2017-7677 (In environments that use external location for hive tables, Hive ...)
	NOT-FOR-US: Apache Ranger
CVE-2017-7676 (Policy resource matcher in Apache Ranger before 0.7.1 ignores ...)
	NOT-FOR-US: Apache Ranger
CVE-2017-7675 (The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.16-1
	[stretch] - tomcat8 8.5.14-1+deb9u2
	[jessie] - tomcat8 <not-affected> (Only affects 8.5.0 to 8.5.15)
	- tomcat7 <not-affected> (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present)
	- tomcat6 <not-affected> (Only affects Tomcat 8.5.x and 9.x series; vulnerable code not present)
	NOTE: Fixed by: http://svn.apache.org/r1796091 (8.5.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61120
CVE-2017-7674 (The CORS Filter in Apache Tomcat 9.0.0.M1 to 9.0.0.M21, 8.5.0 to ...)
	{DSA-3974-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.16-1
	- tomcat7 7.0.72-3
	[jessie] - tomcat7 <postponed> (Can be fixed along in a future update)
	[wheezy] - tomcat7 <not-affected> (Vulnerable code not present)
	NOTE: NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: Fixed by: http://svn.apache.org/r1795814 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1795815 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1795816 (7.0.x)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=61101
CVE-2017-7673 (Apache OpenMeetings 1.0.0 uses not very strong cryptographic storage, ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7672 (If an application allows enter an URL in a form field and built-in ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: Issue is specific to Struts 2.x.
CVE-2017-7671 (There is a DOS attack vulnerability in Apache Traffic Server (ATS) ...)
	{DSA-4128-1}
	- trafficserver 7.1.2+ds-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/apache/trafficserver/pull/1941
CVE-2017-7670 (The Traffic Router component of the incubating Apache Traffic Control ...)
	NOT-FOR-US: Apache Traffic Control
CVE-2017-7669 (In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the ...)
	- hadoop <itp> (bug #793644)
CVE-2017-7668 (The HTTP strict parsing changes added in Apache httpd 2.2.32 and ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-7667 (Apache NiFi before 0.7.4 and 1.x before 1.3.0 need to establish the ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-7666 (Apache OpenMeetings 1.0.0 is vulnerable to Cross-Site Request Forgery ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7665 (In Apache NiFi before 0.7.4 and 1.x before 1.3.0, there are certain ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-7664 (Uploaded XML documents were not correctly validated in Apache ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7663 (Both global and Room chat are vulnerable to XSS attack in Apache ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2017-7662 (Apache CXF Fediz ships with an OpenId Connect (OIDC) service which has ...)
	NOT-FOR-US: Apache CXF
CVE-2017-7661 (Apache CXF Fediz ships with a number of container-specific plugins to ...)
	NOT-FOR-US: Apache CXF
CVE-2017-7660 (Apache Solr uses a PKI based mechanism to secure inter-node ...)
	- lucene-solr <not-affected> (Vulnerable code introduced later)
	NOTE: https://issues.apache.org/jira/browse/SOLR-10624
	NOTE: http://git-wip-us.apache.org/repos/asf/lucene-solr/commit/2f5ecbcf
CVE-2017-7659 (A maliciously constructed HTTP/2 request could cause mod_http2 2.4.24, ...)
	- apache2 2.4.25-4
	[stretch] - apache2 2.4.25-3+deb9u1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/19/5
CVE-2017-7658
	RESERVED
CVE-2017-7657
	RESERVED
CVE-2017-7656
	RESERVED
CVE-2017-7655
	RESERVED
CVE-2017-7654
	RESERVED
CVE-2017-7653
	RESERVED
CVE-2017-7652 (In Eclipse Mosquitto 1.4.14, if a Mosquitto instance is set running ...)
	{DLA-1334-1}
	- mosquitto 1.4.15-1
	NOTE: Patches: https://mosquitto.org/files/cve/2017-7652
	NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
CVE-2017-7651 (In Eclipse Mosquitto 1.4.14, a user can shutdown the Mosquitto server ...)
	{DLA-1334-1}
	- mosquitto 1.4.15-1
	NOTE: Patches: https://mosquitto.org/files/cve/2017-7651
	NOTE: http://mosquitto.org/blog/2018/02/security-advisory-cve-2017-7651-cve-2017-7652/
CVE-2017-7650 (In Mosquitto before 1.4.12, pattern based ACLs can be bypassed by ...)
	{DSA-3865-1 DLA-961-1}
	- mosquitto 1.4.10-3
	NOTE: http://mosquitto.org/2017/05/security-advisory-cve-2017-7650/
	NOTE: Patches: https://mosquitto.org/files/cve/2017-7650/
CVE-2017-7649 (The network enabled distribution of Kura before 2.1.0 takes control ...)
	NOT-FOR-US: Kura
CVE-2017-7648 (Foscam networked devices use the same hardcoded SSL private key across ...)
	NOT-FOR-US: Foscam
CVE-2017-7647 (SolarWinds Log &amp; Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
	NOT-FOR-US: SolarWinds
CVE-2017-7646 (SolarWinds Log &amp; Event Manager (LEM) before 6.3.1 Hotfix 4 allows an ...)
	NOT-FOR-US: SolarWinds
CVE-2017-7645 (The NFSv2/NFSv3 server in the nfsd subsystem in the Linux kernel ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.25-1
	NOTE: Fixed by: https://git.kernel.org/linus/e6838a29ecb484c97e4efef9429643b9851fba6e
CVE-2017-7644 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
	NOT-FOR-US: Management Web Interface in Palo Alto Networks PAN-OS
CVE-2017-7643 (Proxifier for Mac before 2.19 allows local users to gain privileges ...)
	NOT-FOR-US: Proxifier for Mac
CVE-2017-7642 (The sudo helper in the HashiCorp Vagrant VMware Fusion plugin (aka ...)
	NOT-FOR-US: HashiCorp Vagrant VMware Fusion plugin
CVE-2017-7641 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7640 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7639
	RESERVED
CVE-2017-7638 (QNAP NAS application Media Streaming add-on version 421.1.0.2, ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7637
	RESERVED
CVE-2017-7636
	RESERVED
CVE-2017-7635
	RESERVED
CVE-2017-7634 (Cross-site scripting (XSS) vulnerability in QNAP NAS application Media ...)
	NOT-FOR-US: QNAP NAS application Media Streaming add-on
CVE-2017-7633 (QNAP Qfinder Pro 6.1.0.0317 and earlier may expose sensitive ...)
	NOT-FOR-US: QNAP
CVE-2017-7632 (Cross-site scripting (XSS) vulnerability in File Station of QNAP QTS ...)
	NOT-FOR-US: File Station of QNAP QTS
CVE-2017-7631 (Cross-site scripting (XSS) vulnerability in the share link function of ...)
	NOT-FOR-US: File Station of QNAP
CVE-2017-7630 (QNAP QTS 4.2.6 build 20171026, QTS 4.3.3 build 20170727 and earlier ...)
	NOT-FOR-US: QNAP
CVE-2017-7629 (QNAP QTS before 4.2.6 build 20170517 has a flaw in the change password ...)
	NOT-FOR-US: QNAP QTS
CVE-2017-7628 (The &quot;Smart related articles&quot; extension 1.1 for Joomla! has SQL ...)
	NOT-FOR-US: Joomla extension
CVE-2017-7627 (The &quot;Smart related articles&quot; extension 1.1 for Joomla! does not prevent ...)
	NOT-FOR-US: Joomla extension
CVE-2017-7626 (The &quot;Smart related articles&quot; extension 1.1 for Joomla! has XSS in ...)
	NOT-FOR-US: Joomla extension
CVE-2017-7625 (In Fiyo CMS 2.x through 2.0.7, attackers may upload a webshell via the ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-7624 (The iw_read_bmp_file function in imagew-bmp.c in libimageworsener.a in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7623 (The iwmiffr_convert_row32 function in imagew-miff.c in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7622 (dde-daemon, the daemon process of DDE (Deepin Desktop Environment) 15.0 ...)
	NOT-FOR-US: dde-daemon
CVE-2017-7621 (Cross Site Scripting Vulnerability in core-eMLi in AuroMeera ...)
	NOT-FOR-US: core-eMLi
CVE-2017-7620 (MantisBT before 1.3.11, 2.x before 2.3.3, and 2.4.x before 2.4.1 omits ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://mantisbt.org/bugs/view.php?id=22909
	NOTE: https://mantisbt.org/bugs/view.php?id=22702
CVE-2017-7618 (crypto/ahash.c in the Linux kernel through 4.10.9 allows attackers to ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: http://marc.info/?l=linux-crypto-vger&m=149181655623850&w=2
CVE-2017-7616 (Incorrect error handling in the set_mempolicy and mbind compat syscalls ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/cf01fb9985e8deb25ccf0ea54d916b8871ae0e62 (4.11-rc6)
	NOTE: https://grsecurity.net/the_infoleak_that_mostly_wasnt.php
CVE-2016-10323 (Synology Photo Station before 6.3-2958 allows local users to gain ...)
	NOT-FOR-US: Synology Photo Station
CVE-2016-10322 (Synology Photo Station before 6.3-2958 allows remote authenticated ...)
	NOT-FOR-US: Synology Photo Station
CVE-2017-7615 (MantisBT through 2.3.0 allows arbitrary password reset and ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/16/2
CVE-2017-7614 (elflink.c in the Binary File Descriptor (BFD) library (aka libbfd), as ...)
	- binutils 2.28-4 (low; bug #859989)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/04/05/binutils-two-null-pointer-dereference-in-elflink-c/
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=ad32986fdf9da1c8748e47b8b45100398223dba8
CVE-2017-7613 (elflint.c in elfutils 0.168 does not validate the number of sections ...)
	- elfutils 0.168-1 (bug #859990)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21312
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-xcalloc-xmalloc-c/
CVE-2017-7612 (The check_sysv_hash function in elflint.c in elfutils 0.168 allows ...)
	- elfutils 0.168-1 (bug #859991)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21311
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_sysv_hash-elflint-c/
CVE-2017-7611 (The check_symtab_shndx function in elflint.c in elfutils 0.168 allows ...)
	- elfutils 0.168-1 (bug #859992)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21310
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_symtab_shndx-elflint-c/
CVE-2017-7610 (The check_group function in elflint.c in elfutils 0.168 allows remote ...)
	- elfutils 0.168-1 (bug #859993)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21320
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-check_group-elflint-c/
CVE-2017-7609 (elf_compress.c in elfutils 0.168 does not validate the zlib compression ...)
	- elfutils 0.168-1 (bug #859994)
	[jessie] - elfutils <not-affected> (Vulnerable code not present)
	[wheezy] - elfutils <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21301
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-memory-allocation-failure-in-__libelf_decompress-elf_compress-c/
CVE-2017-7608 (The ebl_object_note_type_name function in eblobjnotetypename.c in ...)
	- elfutils 0.168-1 (bug #859995)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21300
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-ebl_object_note_type_name-eblobjnotetypename-c/
CVE-2017-7607 (The handle_gnu_hash function in readelf.c in elfutils 0.168 allows ...)
	- elfutils 0.168-1 (bug #859996)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <not-affected> (vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21299
	NOTE: https://blogs.gentoo.org/ago/2017/04/03/elfutils-heap-based-buffer-overflow-in-handle_gnu_hash-readelf-c/
CVE-2017-7605 (aacplusenc.c in HE-AAC+ Codec (aka libaacplus) 2.0.2 has an assertion ...)
	NOT-FOR-US: libaacplus
CVE-2017-7604 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a left-shift ...)
	NOT-FOR-US: libaacplus
CVE-2017-7603 (au_channel.h in HE-AAC+ Codec (aka libaacplus) 2.0.2 has a signed ...)
	NOT-FOR-US: libaacplus
CVE-2017-7602 (LibTIFF 4.0.7 has a signed integer overflow, which might allow remote ...)
	{DSA-3844-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/vadz/libtiff/commit/66e7bd59520996740e4df5495a830b42fae48bc4
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7601 (LibTIFF 4.0.7 has a &quot;shift exponent too large for 64-bit type long&quot; ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/0a76a8c765c7b8327c59646284fa78c3c27e5490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7600 (LibTIFF 4.0.7 has an &quot;outside the range of representable values of type ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7599 (LibTIFF 4.0.7 has an &quot;outside the range of representable values of type ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7598 (tif_dirread.c in LibTIFF 4.0.7 might allow remote attackers to cause a ...)
	{DSA-3844-1 DLA-911-1}
	- tiff 4.0.7-6 (low)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: https://github.com/vadz/libtiff/commit/3cfd62d77c2a7e147a05bd678524c345fa9c2bb8
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7597 (tif_dirread.c in LibTIFF 4.0.7 has an &quot;outside the range of ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
CVE-2017-7596 (LibTIFF 4.0.7 has an &quot;outside the range of representable values of type ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6
	- tiff3 <removed>
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-multiple-ubsan-crashes
	NOTE: https://github.com/vadz/libtiff/commit/3144e57770c1e4d26520d8abee750f8ac8b75490
CVE-2017-7595 (The JPEGSetupEncode function in tiff_jpeg.c in LibTIFF 4.0.7 allows ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6 (low; bug #860003)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2653
	NOTE: https://blogs.gentoo.org/ago/2017/04/01/libtiff-divide-by-zero-in-jpegsetupencode-tiff_jpeg-c
	NOTE: https://github.com/vadz/libtiff/commit/47f2fb61a3a64667bce1a8398a8fcb1b348ff122
CVE-2017-7594 (The OJPEGReadHeaderInfoSecTablesDcTable function in tif_ojpeg.c in ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6 (low; bug #860001)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2659
	NOTE: https://github.com/vadz/libtiff/commit/2ea32f7372b65c24b2816f11c04bf59b5090d05b
	NOTE: https://github.com/vadz/libtiff/commit/8283e4d1b7e53340684d12932880cbcbaf23a8c1
CVE-2017-7593 (tif_read.c in LibTIFF 4.0.7 does not ensure that tif_rawdata is ...)
	{DSA-3844-1 DLA-912-1 DLA-911-1}
	- tiff 4.0.7-6 (bug #860000)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2651
	NOTE: https://github.com/vadz/libtiff/commit/d60332057b9575ada4f264489582b13e30137be1
CVE-2017-7592 (The putagreytile function in tif_getimage.c in LibTIFF 4.0.7 has a ...)
	{DSA-3844-1 DLA-911-1}
	- tiff 4.0.7-6 (bug #859998)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (vulnerable code not present)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2658
	NOTE: https://github.com/vadz/libtiff/commit/48780b4fcc425cddc4ef8ffdf536f96a0d1b313b
CVE-2017-7617 (Remote code execution can occur in Asterisk Open Source 13.x before ...)
	- asterisk 1:13.14.1~dfsg-1 (bug #859910)
	[jessie] - asterisk <not-affected> (Vulnerable code not present)
	[wheezy] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2017-001.html
CVE-2017-7619 (In ImageMagick 7.0.4-9, an infinite loop can occur because of a ...)
	{DSA-3863-1 DLA-902-1}
	- imagemagick 8:6.9.7.4+dfsg-4 (bug #859769)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31506
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/63757068c803f692bd70304b06ce3406e0b67c7f
CVE-2017-7606 (coders/rle.c in ImageMagick 7.0.5-4 has an &quot;outside the range of ...)
	{DSA-3863-1 DLA-902-1}
	- imagemagick 8:6.9.7.4+dfsg-4 (bug #859771)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/415
	NOTE: https://blogs.gentoo.org/ago/2017/04/02/imagemagick-undefined-behavior-in-codersrle-c/
CVE-2017-7591 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to reflected cross-site ...)
	NOT-FOR-US: ForgeRock OpenIDM
CVE-2017-7590 (OpenIDM through 4.0.0 and 4.5.0 is vulnerable to persistent cross-site ...)
	NOT-FOR-US: ForgeRock OpenIDM
CVE-2017-7589 (In OpenIDM through 4.0.0 before 4.5.0, the info endpoint may leak ...)
	NOT-FOR-US: ForgeRock OpenIDM
CVE-2017-7588 (On certain Brother devices, authorization is mishandled by including a ...)
	NOT-FOR-US: Brother devices
CVE-2017-7587
	RESERVED
CVE-2017-7586 (In libsndfile before 1.0.28, an error in the &quot;header_read()&quot; function ...)
	{DLA-928-1}
	- libsndfile 1.0.27-2
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/commit/708e996c87c5fae77b104ccfeb8f6db784c32074
	NOTE: https://github.com/erikd/libsndfile/commit/f457b7b5ecfe91697ed01cfc825772c4d8de1236
	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7585 (In libsndfile before 1.0.28, an error in the &quot;flac_buffer_copy()&quot; ...)
	{DLA-928-1}
	- libsndfile 1.0.27-2
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: https://github.com/erikd/libsndfile/commit/60b234301adf258786d8b90be5c1d437fc8799e0
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-4/
	NOTE: 1.0.27-2 in unstable contain fix_bufferoverflows.patch meant to address this issue
	NOTE: https://sources.debian.org/data/main/libs/libsndfile/1.0.27-2/debian/patches/fix_bufferoverflows.patch
CVE-2017-7584 (Memory Corruption Vulnerability in Foxit PDF Toolkit before 2.1 allows ...)
	NOT-FOR-US: Foxit PDF Toolkit
CVE-2017-7583 (ILIAS before 5.2.3 has XSS via SVG documents. ...)
	NOT-FOR-US: ILIAS
CVE-2017-7582
	RESERVED
CVE-2017-7581 (SQL injection vulnerability in NewsController.php in the News module ...)
	NOT-FOR-US: News module for TYPO3
CVE-2017-7580
	RESERVED
CVE-2017-7579 (inc/PMF/Faq.php in phpMyFAQ before 2.9.7 has XSS in the question field. ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-6760 (Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) ...)
	NOT-FOR-US: Dataprobe iBootBar
CVE-2007-6759 (Dataprobe iBootBar (with 2007-09-20 and possibly later released ...)
	NOT-FOR-US: Dataprobe iBootBar
CVE-2017-7577 (XiongMai uc-httpd has directory traversal allowing the reading of ...)
	NOT-FOR-US: XiongMai uc-httpd
CVE-2017-7576 (DragonWave Horizon 1.01.03 wireless radios have hardcoded login ...)
	NOT-FOR-US: DragonWave Horizon
CVE-2017-7575 (Schneider Electric Modicon TM221CE16R 1.3.3.3 devices allow remote ...)
	NOT-FOR-US: Schneider
CVE-2017-7574 (Schneider Electric SoMachine Basic 1.4 SP1 and Schneider Electric ...)
	NOT-FOR-US: Schneider
CVE-2017-7573
	RESERVED
CVE-2017-7572 (The _checkPolkitPrivilege function in serviceHelper.py in Back In Time ...)
	- backintime 1.1.12-2 (bug #859815)
	[jessie] - backintime <no-dsa> (Minor issue)
	[wheezy] - backintime <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/2
	NOTE: https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
CVE-2017-7571 (public/rolechangeadmin in Faveo 1.9.3 allows CSRF. The impact is ...)
	NOT-FOR-US: Faveo
CVE-2017-7570 (PivotX 2.3.11 allows remote authenticated Advanced users to execute ...)
	NOT-FOR-US: PivotX
CVE-2017-7569 (In vBulletin before 5.3.0, remote attackers can bypass the ...)
	NOT-FOR-US: vBulletin
CVE-2017-7568
	RESERVED
CVE-2017-7567
	RESERVED
CVE-2017-7566 (MyBB before 1.8.11 allows remote attackers to bypass an SSRF protection ...)
	NOT-FOR-US: MyBB
CVE-2017-7565 (Splunk Hadoop Connect App has a path traversal vulnerability that ...)
	NOT-FOR-US: Splunk Hadoop Connect App
CVE-2017-7564 (In ARM Trusted Firmware through 1.3, the secure self-hosted invasive ...)
	NOT-FOR-US: ARM
CVE-2017-7563 (In ARM Trusted Firmware 1.3, RO memory is always executable at AArch64 ...)
	NOT-FOR-US: ARM
CVE-2016-10320 (textract before 1.5.0 allows OS Command Injection attacks via a ...)
	NOT-FOR-US: textract
CVE-2016-10319 (In ARM Trusted Firmware 1.2 and 1.3, a malformed firmware update SMC ...)
	NOT-FOR-US: ARM
CVE-2016-1000307 (Multiple Cross Site Scripting (XSS) Vulnerabilities in ClipBucket ...)
	NOT-FOR-US: ClipBucket
CVE-2016-1000306
	REJECTED
CVE-2017-7578 (Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow ...)
	{DLA-890-1}
	- ming <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/07/1
	NOTE: https://github.com/libming/libming/issues/68
CVE-2017-7562 [Make certauth eku module restrictive-only]
	RESERVED
	- krb5 <not-affected> (Vulnerable code introduced later, cf. #873281)
	NOTE: https://github.com/krb5/krb5/pull/694
	NOTE: https://github.com/krb5/krb5/pull/694/commits/50fe4074f188c2d4da0c421e96553acea8378db2
	NOTE: https://github.com/krb5/krb5/pull/694/commits/1de6ca2f2eb1fdbab51f1549a25a6903aefcc196
	NOTE: https://github.com/krb5/krb5/pull/694/commits/b7af544e50a4d8291524f590e20dd44430bf627d
CVE-2017-7561 (Red Hat JBoss EAP version 3.0.7 through before 4.0.0.Beta1 is ...)
	- resteasy <unfixed> (bug #873392)
	[jessie] - resteasy <not-affected> (CORS Filter added in 3.0.7.Final)
	- resteasy3.0 <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1483823
	NOTE: https://issues.jboss.org/projects/RESTEASY/issues/RESTEASY-1704
	NOTE: Fixed by: https://github.com/resteasy/Resteasy/commit/517db971d8f7094124416bf72091fd0b45a13028
CVE-2017-7560 (It was found that rhnsd PID files are created as world-writable that ...)
	- rhnsd <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1480550
	NOTE: Introduced by: https://github.com/spacewalkproject/spacewalk/commit/75d9c00b96ab430221c5c7668baebebc74ddd67e
CVE-2017-7559 (In Undertow 2.x before 2.0.0.Alpha2, 1.4.x before 1.4.17.Final, and ...)
	- undertow 1.4.23-1 (bug #885576)
	[stretch] - undertow <no-dsa> (Scheduled for removal on point release)
	NOTE: CVE is for an incomplete fix of CVE-2017-2666
	NOTE: Invalid characters were still allowed in the query string and path parameters.
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1165
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1295
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1481665#c7
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/3436b03eda8b0b62c1855698c4d7c358add836c2
CVE-2017-7558 [sctp: out-of-bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info()]
	RESERVED
	- linux 4.12.13-1
	[stretch] - linux 4.9.30-2+deb9u5
	[jessie] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later 4.7 and not backported)
CVE-2017-7557 (dnsdist version 1.1.0 is vulnerable to a flaw in authentication ...)
	- dnsdist 1.2.0-1 (low; bug #872854)
	[stretch] - dnsdist 1.1.0-2+deb9u1
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-02.html
	NOTE: https://downloads.powerdns.com/patches/2017-02
CVE-2017-7556 (Hawtio versions up to and including 1.5.3 are vulnerable to CSRF ...)
	NOT-FOR-US: hawtio
CVE-2017-7555 (Augeas versions up to and including 1.8.0 are vulnerable to heap-based ...)
	{DSA-3949-1 DLA-1067-1}
	- augeas 1.8.1-1 (bug #872400)
	NOTE: https://github.com/hercules-team/augeas/pull/480
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1478373
CVE-2017-7554 (It was found that the App Studio component of RHMAP 4.4 executes ...)
	NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7553 (The external_request api call in App Studio (millicore) allows server ...)
	NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7552 (A flaw was discovered in the file editor of millicore, affecting ...)
	NOT-FOR-US: Red Hat Mobile Application Platform
CVE-2017-7551 (389-ds-base version before 1.3.5.19 and 1.3.6.7 are vulnerable to ...)
	- 389-ds-base 1.3.6.7-1 (bug #870752)
	NOTE: https://pagure.io/389-ds-base/issue/49336
CVE-2017-7550 (A flaw was found in the way Ansible (2.3.x before 2.3.3, and 2.4.x ...)
	- ansible <unfixed> (unimportant)
	NOTE: Just an insecure example
CVE-2017-7549 (A flaw was found in instack-undercloud 7.2.0 as packaged in Red Hat ...)
	NOT-FOR-US: instack-undercloud
CVE-2017-7548 (PostgreSQL versions before 9.4.13, 9.5.8 and 9.6.4 are vulnerable to ...)
	{DSA-3936-1 DSA-3935-1}
	- postgresql-9.6 9.6.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code not present)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7547 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...)
	{DSA-3936-1 DSA-3935-1 DLA-1051-1}
	- postgresql-9.6 9.6.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7546 (PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are ...)
	{DSA-3936-1 DSA-3935-1 DLA-1051-1}
	- postgresql-9.6 9.6.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	NOTE: https://www.postgresql.org/about/news/1772/
CVE-2017-7545
	RESERVED
	NOT-FOR-US: jbpm-designer / jBPM
CVE-2017-7544 (libexif through 0.6.21 is vulnerable to out-of-bounds heap read ...)
	- libexif 0.6.21-2.1 (bug #876466)
	[stretch] - libexif <no-dsa> (Minor issue)
	[jessie] - libexif <no-dsa> (Minor issue)
	[wheezy] - libexif <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libexif/bugs/130/
CVE-2017-7543 [iptables not active after update]
	RESERVED
	- neutron <not-affected> (Specific to Red Hat packaging)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1473792
CVE-2017-7542 (The ip6_find_1stfragopt function in net/ipv6/output_core.c in the Linux ...)
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.12.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/6399f1fae4ec29fab5ec76070435555e256ca3a6
CVE-2017-7541 (The brcmf_cfg80211_mgmt_tx function in ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8f44c9a41386729fea410e688959ddaa9d51be7c
CVE-2017-7540 (rubygem-safemode, as used in Foreman, versions 1.3.2 and earlier are ...)
	NOT-FOR-US: Safemode ruby gem
CVE-2017-7539 [qemu-nbd crashes due to undefined I/O coroutine]
	RESERVED
	- qemu <not-affected> (Vulnerable code introduced in v2.9.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.9.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2b0bbc4f8809c972bad134bc1a2570dbb01dea0b
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ff82911cd3f69f028f2537825c9720ff78bc3f19
CVE-2017-7538
	RESERVED
	NOT-FOR-US: Red Hat Satellite
CVE-2017-7537
	RESERVED
	- dogtag-pki 10.3.5+12-5 (bug #869261)
	NOTE: https://github.com/dogtagpki/pki/commit/876d13c6d20e7e1235b9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1470817
CVE-2017-7536 (In Hibernate Validator 5.2.x before 5.2.5 final, 5.3.x, and 5.4.x, it ...)
	- libhibernate-validator-java 4.3.3-4 (bug #885577)
	[stretch] - libhibernate-validator-java 4.3.3-1+deb9u1
	[jessie] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
	[wheezy] - libhibernate-validator-java <not-affected> (Vulnerable code introduced in 4.3)
	NOTE: https://github.com/hibernate/hibernate-validator/commit/0ed45f37c4680998167179e631113a2c9cb5d113
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1465573
CVE-2017-7535
	RESERVED
	- foreman <itp> (bug #663101)
CVE-2017-7534 (OpenShift Enterprise version 3.x is vulnerable to a stored XSS via the ...)
	NOT-FOR-US: OpenShift
CVE-2017-7533 (Race condition in the fsnotify implementation in the Linux kernel ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/08/03/2
	NOTE: Fixed by: https://git.kernel.org/linus/49d31c2f389acfe83417083e1208422b4091cd9 (v4.13-rc1)
CVE-2017-7532 (In Moodle 3.x, course creators are able to change system default ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=355556
CVE-2017-7531 (In Moodle 3.3, the course overview block reveals activities in hidden ...)
	- moodle <not-affected> (Only affects 3.3)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=355555
CVE-2017-7530
	RESERVED
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-7529 (Nginx versions since 0.5.6 up to and including 1.13.2 are vulnerable ...)
	{DSA-3908-1 DLA-1024-1}
	- nginx 1.13.3-1 (bug #868109)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html
	NOTE: Fixed in 1.13.3, 1.12.1.
CVE-2017-7528
	RESERVED
	NOT-FOR-US: Ansible Tower
CVE-2017-7527
	RESERVED
CVE-2017-7526 [Use of left-to-right sliding window method allows full RSA key recovery]
	RESERVED
	{DSA-3960-1 DSA-3901-1 DLA-1080-1 DLA-1015-1}
	- libgcrypt20 1.7.8-1
	- libgcrypt11 <removed>
	- gnupg2 <not-affected> (Uses system libgcrypt)
	- gnupg1 1.4.22-1
	[stretch] - gnupg1 <no-dsa> (Only affects the legacy packages)
	- gnupg <removed>
	NOTE: https://eprint.iacr.org/2017/627
	NOTE: Fixes for RSA exponent blinding fixes (A):
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=a9f612def801c8145d551d995475e5d51a4c988c
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=aff5fd0f2650e24cf99efcd7b499627ea48782c3
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=312101e1f266314b4391fcdbe11c03de5c147e38
	NOTE: Fixes for mpi_powm itsef (B):
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=0e6788517eac6f508fa32ec5d5c1cada7fb980bc
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fbd10abc057453789017f11c7f1fc8e6c61b79a3
	NOTE: For the particular attack to RSA, either (A) or (B) is enough. In
	NOTE: general cases, (A) plus (B) is needed.
	NOTE: For GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2017-July/058598.html
	NOTE: GnuPG: https://dev.gnupg.org/rC8725c99ffa41778f382ca97233183bcd687bb0ce
	NOTE: GnuPG1: https://dev.gnupg.org/D438
CVE-2017-7525 (A deserialization flaw was discovered in the jackson-databind, ...)
	{DSA-4004-1}
	- jackson-databind 2.9.1-1 (bug #870848)
	NOTE: https://github.com/FasterXML/jackson-databind/issues/1599
CVE-2017-7524 (tpm2-tools versions before 1.1.1 are vulnerable to a password leak due ...)
	- tpm2-tools 2.1.0-1 (bug #866257)
	NOTE: https://github.com/01org/tpm2.0-tools/commit/c5d72beaab1cbbbe68271f4bc4b6670d69985157
CVE-2017-7523 (Cygwin versions 1.7.2 up to and including 1.8.0 are vulnerable to ...)
	NOT-FOR-US: Cygwin
CVE-2017-7522 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...)
	- openvpn 2.4.3-1 (unimportant)
	[jessie] - openvpn <not-affected> (x509-track implemented in 2.4.0)
	[wheezy] - openvpn <not-affected> (x509-track implemented in 2.4.0)
	NOTE: Fixed by: https://github.com/OpenVPN/openvpn/commit/426392940c
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
	NOTE: In Debian openvpn is compiled against OpenSSL, thus even affected
	NOTE: code present.
CVE-2017-7521 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...)
	{DSA-3900-1}
	- openvpn 2.4.3-1 (bug #865480)
	[wheezy] - openvpn <not-affected> (Vulnerable code not present)
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/2d032c7fcdfd692c851ea2fa858b4c2d9ea7d52d
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/cb4e35ece4a5b70b10ef9013be3bff263d82f32b
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/2341f716198fa90193e040b3fdb16959a47c6c27
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/040084067119dd5a9e15eb3bcfc0079debaa3777
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/84e1775961de1c9d2ab32159fc03f758591f5238
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/1dde0cd6e5e6a0f2f45ec9969b7ff1b6537514ad
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7520 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...)
	{DSA-3900-1 DLA-999-1}
	- openvpn 2.4.3-1 (bug #865480)
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/7718c8984f04b507c1885f363970e2124e3c6c77
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/043fe327878eba75efa13794c9845f85c3c629f2
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/f38a4a105979b87ebebe9be1c3d323116d3fb924
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
CVE-2017-7519 [libradosstriper processes arbitrary printf placeholders in user input]
	RESERVED
	- ceph <unfixed> (bug #864535)
	[stretch] - ceph <no-dsa> (Minor issue)
	[jessie] - ceph <not-affected> (Vulnerable code not present)
	NOTE: http://tracker.ceph.com/issues/20240
CVE-2017-7518 [debug exception via syscall emulation]
	RESERVED
	{DSA-3981-1}
	- linux 4.11.11-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/23/5
	NOTE: https://www.spinics.net/lists/kvm/msg151817.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1464473
	NOTE: Fixed by: https://git.kernel.org/linus/c8401dda2f0a00cd25c0af6a95ed50e478d25de4
CVE-2017-7517
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2017-7516
	REJECTED
CVE-2017-7515 (poppler through version 0.55.0 is vulnerable to an uncontrolled ...)
	- poppler 0.57.0-2 (unimportant)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101208
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=771c82623e8e1e0c92b8ca6f7c2b8a81ccbb60d3
	NOTE: Crash in CLI tool, no security implications
CVE-2017-7514
	RESERVED
	NOT-FOR-US: Red Hat Satellite
CVE-2017-7513
	RESERVED
	NOT-FOR-US: Red Hat Satellite
CVE-2017-7512 (Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before ...)
	NOT-FOR-US: Red Hat 3scale
CVE-2017-7511 (poppler since version 0.17.3 has been vulnerable to NULL pointer ...)
	- poppler 0.57.0-2 (unimportant; bug #863759)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101149
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=101153
	NOTE: Fixed by: https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a
	NOTE: Crash in CLI tool, no security implications
CVE-2017-7510
	RESERVED
CVE-2017-7509
	RESERVED
	NOT-FOR-US: Red Hat Certificate System
CVE-2017-7508 (OpenVPN versions before 2.4.3 and before 2.3.17 are vulnerable to ...)
	{DSA-3900-1}
	- openvpn 2.4.3-1 (bug #865480)
	[wheezy] - openvpn <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/21/6
	NOTE: https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243
	NOTE: Fixed by (master): https://github.com/OpenVPN/openvpn/commit/c3f47077a7756de5929094569421a95aa66f2022
	NOTE: Fixed by (2.4.x): https://github.com/OpenVPN/openvpn/commit/ed28cde3d8bf3f1459b2f42f0e27d64801009f92
	NOTE: Fixed by (2.3.x): https://github.com/OpenVPN/openvpn/commit/fc61d1bda112ffc669dbde961fab19f60b3c7439
CVE-2017-7507 (GnuTLS version 3.5.12 and earlier is vulnerable to a NULL pointer ...)
	{DSA-3884-1}
	[experimental] - gnutls28 3.5.13-1
	- gnutls28 3.5.8-6 (bug #864560)
	- gnutls26 <removed>
	[wheezy] - gnutls26 <not-affected> (Vulnerable code not present)
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-4
	NOTE: https://gitlab.com/gnutls/gnutls/commit/4c4d35264fada08b6536425c051fb8e0b05ee86b
	NOTE: https://gitlab.com/gnutls/gnutls/commit/3efb6c5fd0e3822ec11879d5bcbea0e8d322cd03
	NOTE: https://gitlab.com/gnutls/gnutls/commit/e1d6c59a7b0392fb3b8b75035614084a53e2c8c9
CVE-2017-7506 (spice versions though 0.13 are vulnerable to out-of-bounds memory ...)
	{DSA-3907-1}
	- spice 0.12.8-2.2 (bug #868083)
	[wheezy] - spice <not-affected> (Vulnerable code not introduced later)
CVE-2017-7505 (Foreman since version 1.5 is vulnerable to an incorrect authorization ...)
	- foreman <itp> (bug #663101)
CVE-2017-7504 (HTTPServerILServlet.java in JMS over HTTP Invocation Layer of the ...)
	NOT-FOR-US: Red Hat JBoss
CVE-2017-7503 (It was found that the Red Hat JBoss EAP 7.0.5 implementation of ...)
	NOT-FOR-US: Red Hat JBoss EAP implementation of javax.xml.transform.TransformerFactory
CVE-2017-7502 (Null pointer dereference vulnerability in NSS since 3.24.0 was found ...)
	{DSA-3872-1 DLA-971-1}
	[experimental] - nss 2:3.29-1
	- nss 2:3.26.2-1.1 (bug #863839)
	NOTE: https://hg.mozilla.org/projects/nss/rev/55ea60effd0d
CVE-2017-7501 (It was found that versions of rpm before 4.13.0.2 use temporary files ...)
	- rpm <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1452133
	NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
CVE-2017-7500 [Following symlinks to directories when installing packages allows privilege escalation]
	RESERVED
	- rpm <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450369
	NOTE: Not supported for installations in Debian (and an unprivileged attacker would not have permissions for systems directories anyway)
CVE-2017-7499
	REJECTED
CVE-2017-7498
	REJECTED
CVE-2017-7497
	RESERVED
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-7496 (fedora-arm-installer up to and including 1.99.16 is vulnerable to ...)
	NOT-FOR-US: fedora-arm-installer
CVE-2017-7495 (fs/ext4/inode.c in the Linux kernel before 4.6.2, when ext4 ...)
	- linux 4.6.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/06bd3c36a733ac27962fea7d6f47168841376824
CVE-2017-7494 (Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is ...)
	{DSA-3860-1 DLA-951-1}
	- samba 2:4.5.8+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-7494.html
CVE-2017-7493 (Quick Emulator (Qemu) built with the VirtFS, host directory sharing ...)
	{DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-6
	- qemu-kvm <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1451709
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-05/msg03663.html
CVE-2017-7492
	REJECTED
CVE-2017-7491 (In Moodle 2.x and 3.x, a CSRF attack is possible that allows attackers ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=352355
CVE-2017-7490 (In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=352354
CVE-2017-7489 (In Moodle 2.x and 3.x, remote authenticated users can take ownership of ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=352353
CVE-2017-7488 (Authconfig version 6.2.8 is vulnerable to an Information exposure ...)
	NOT-FOR-US: authconfig in Red Hat
CVE-2017-7487 (The ipxitf_ioctl function in net/ipx/af_ipx.c in the Linux kernel ...)
	{DSA-3886-1 DLA-993-1}
	- linux 4.9.30-1
	NOTE: Fixed by: https://git.kernel.org/linus/ee0d8d8482345ff97a75a7d747efc309f13b0d80
CVE-2017-7486 (PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in ...)
	{DSA-3851-1 DLA-1051-1}
	- postgresql-9.6 9.6.3-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <not-affected> (feature not present in 8.x)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808
CVE-2017-7485 (In PostgreSQL 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before ...)
	{DSA-3851-1}
	- postgresql-9.6 9.6.3-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <not-affected> (bug introduced in 9.3)
	- postgresql-8.4 <not-affected> (bug introduced in 9.3)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=aafbd1df969135c185947c596c46608fc9f4a67c
CVE-2017-7484 (It was found that some selectivity estimation functions in PostgreSQL ...)
	{DSA-3851-1}
	- postgresql-9.6 9.6.3-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	[wheezy] - postgresql-9.1 <not-affected> (Vulnerable code do not exist)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (Vulnerable code do not exist)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c33c42362256382ed398df9dcda559cd547c68a7
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cad15943225adbcadea51602b38b04d71d1183d2
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=935e77d527a018b652f247c7374c558871210db6
CVE-2017-7483 (Rxvt 2.7.10 is vulnerable to a denial of service attack by passing the ...)
	- rxvt 1:2.7.10-7.1 (low; bug #861694)
	[stretch] - rxvt <no-dsa> (Minor issue)
	[jessie] - rxvt <no-dsa> (Minor issue)
	[wheezy] - rxvt <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/05/01/15
CVE-2017-7482
	RESERVED
	{DSA-3945-1 DSA-3927-1 DLA-1099-1}
	- linux 4.11.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/5f2f97656ada8d811d3c1bef503ced266fcd53a0
CVE-2017-7481 [Security issue with lookup return not tainting the jinja2 environment]
	RESERVED
	- ansible 2.3.1.0+dfsg-1 (bug #862666)
	[stretch] - ansible <no-dsa> (Minor issue)
	[jessie] - ansible <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1450018
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ed56f51f185a1ffd7ea57130d260098686fcc7c2
CVE-2017-7480 (rkhunter versions before 1.4.4 are vulnerable to file download over ...)
	{DLA-1039-1}
	- rkhunter 1.4.4-1 (bug #866677)
	[stretch] - rkhunter 1.4.2-6+deb9u1
	[jessie] - rkhunter 1.4.2-0.4+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/29/2
	NOTE: http://rkhunter.cvs.sourceforge.net/viewvc/rkhunter/rkhunter/files/rkhunter?r1=1.549&r2=1.550&view=patch
CVE-2017-7479 (OpenVPN versions before 2.3.15 and before 2.4.2 are vulnerable to ...)
	{DLA-944-1}
	- openvpn 2.4.0-5 (low)
	[jessie] - openvpn 2.3.4-5+deb8u2
	NOTE: https://github.com/OpenVPN/openvpn/commit/e498cb0ea8d3a451b39eaf6f9b6a7488f18250b8 (master)
	NOTE: https://github.com/OpenVPN/openvpn/commit/591a4e574c43cb9e820950f15dcaabda261def78 (2.4.x)
	NOTE: https://github.com/OpenVPN/openvpn/commit/b727643cdf4e078f132a90e1c474a879a5760578 (2.3.x)
	NOTE: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14643.html (3 patches for 2.2.x)
	NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
CVE-2017-7478 (OpenVPN version 2.3.12 and newer is vulnerable to unauthenticated ...)
	- openvpn 2.4.0-5
	[jessie] - openvpn <not-affected> (Vulnerable code introduced later)
	[wheezy] - openvpn <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/OpenVPN/openvpn/commit/5774cf4c25e1d8bf4e544702db8f157f111c9d93 (master)
	NOTE: https://github.com/OpenVPN/openvpn/commit/66b99a0753352c5cc43e11e39835b6423112df98 (2.4.x)
	NOTE: https://github.com/OpenVPN/openvpn/commit/feb35ee5cac605edddd6e9dc62941e2c53f96fb3 (2.3.x)
	NOTE: Introduced in: https://github.com/OpenVPN/openvpn/commit/3c1b19e04745177185decd14da82c71458442b82 (2.4.0)
	NOTE: Introduced in (backported to 2.3.12): https://github.com/OpenVPN/openvpn/commit/358f513c008bf01fadb82759ac75ffb8613fc785
	NOTE: https://community.openvpn.net/openvpn/wiki/QuarkslabAndCryptographyEngineerAudits
CVE-2017-7477 (Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Introduced in 4.6)
	[wheezy] - linux <not-affected> (Introduced in 4.6)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/25/4
	NOTE: Fixed by: https://git.kernel.org/linus/4d6fa57b4dab0d77f4d8e9d9c73d1e63f6fe8fee
	NOTE: Fixed by: https://git.kernel.org/linus/5294b83086cc1c35b4efeca03644cf9d12282e5b
CVE-2017-7476 (Gnulib before 2017-04-26 has a heap-based buffer overflow with the TZ ...)
	- gnulib <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.savannah.gnu.org/gitweb/?p=gnulib.git;a=commitdiff;h=94e01571
	NOTE: Introduced with 4bc76593 and 4e6e16b3f.
CVE-2017-7475 (Cairo version 1.15.4 is vulnerable to a NULL pointer dereference ...)
	- cairo <unfixed> (low; bug #870264)
	[stretch] - cairo <no-dsa> (Minor issue)
	[jessie] - cairo <no-dsa> (Minor issue)
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=100763
CVE-2017-7474 (It was found that the Keycloak Node.js adapter 2.5 - 3.0 did not ...)
	NOT-FOR-US: Keycloak
CVE-2017-7473
	REJECTED
CVE-2017-7472 (The KEYS subsystem in the Linux kernel before 4.10.13 allows local ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: https://lkml.org/lkml/2017/4/1/235
	NOTE: https://lkml.org/lkml/2017/4/3/724
CVE-2017-7471 [9p: virtfs allows guest to change filesystem attributes on host]
	RESERVED
	{DLA-1035-1}
	- qemu 1:2.8+dfsg-5 (bug #860785)
	[jessie] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
	- qemu-kvm <not-affected> (Vulnerable code introduced with fix for CVE-2016-9602)
	NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=9c6b899f7a46893ab3b671e341a2234e9c0c060e
	NOTE: Fixed by (stable-2.8): http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=96bae145e27d4df62671b4eebd6c735f412016cf (v2.8.1.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1443401
	NOTE: Introduced by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=acf22d2264a131ad2695b5a18746dabf0cc8b843
	NOTE: which is part of the fix for CVE-2016-9602.
CVE-2017-7470
	RESERVED
	NOT-FOR-US: Red Hat / spacewalk-backend
CVE-2017-7469
	REJECTED
CVE-2017-7468
	RESERVED
	- curl 7.52.1-5
	[jessie] - curl <not-affected> (Only affects 7.52 and later)
	[wheezy] - curl <not-affected> (Only affects 7.52 and later)
	NOTE: https://curl.haxx.se/docs/adv_20170419.html
CVE-2017-7467
	RESERVED
	{DLA-914-1}
	- minicom 2.7-1.1 (bug #860940)
	[jessie] - minicom 2.7-1+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/5
CVE-2017-7466 [Incomplete fix for CVE-2016-9587]
	RESERVED
	- ansible 2.2.1.0-2
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible/commit/0d418789a298561fded9bce977d34babc9097079 (v2.3.0.0-0.1.rc1)
CVE-2017-7465
	RESERVED
	NOT-FOR-US: JBoss JAXP
CVE-2017-7464
	RESERVED
	NOT-FOR-US: JBoss JAXP
CVE-2017-7463
	RESERVED
	NOT-FOR-US: Red Hat business central
CVE-2017-7462 (Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a ...)
	NOT-FOR-US: Intellinet NFC-30ir IP Camera
CVE-2017-7461 (Directory traversal vulnerability in the web-based management site on ...)
	NOT-FOR-US: Intellinet NFC-30ir IP Camera
CVE-2017-7460
	RESERVED
CVE-2017-7459 (ntopng before 3.0 allows HTTP Response Splitting. ...)
	- ntopng 2.4+dfsg1-4 (bug #866719)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: https://github.com/ntop/ntopng/commit/9469e58f07e043da712e6d6c41244852a11bcaeb
CVE-2017-7458 (The NetworkInterface::getHost function in NetworkInterface.cpp in ...)
	- ntopng 2.4+dfsg1-4 (bug #866721)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: https://github.com/ntop/ntopng/commit/01f47e04fd7c8d54399c9e465f823f0017069f8f
CVE-2017-7457 (XML External Entity via &quot;.AOP&quot; files used by Moxa MX-AOPC Server 1.5 ...)
	NOT-FOR-US: Moxa
CVE-2017-7456 (Moxa MXView 2.8 allows remote attackers to cause a Denial of Service ...)
	NOT-FOR-US: Moxa
CVE-2017-7455 (Moxa MXView 2.8 allows remote attackers to read web server's private ...)
	NOT-FOR-US: Moxa
CVE-2017-7454 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7453 (The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7452 (The iwbmp_read_info_header function in imagew-bmp.c in ...)
	NOT-FOR-US: ImageWorsener
CVE-2017-7451
	RESERVED
CVE-2017-7450 (AIRTAME HDMI dongle with firmware before 2.2.0 allows unauthenticated ...)
	NOT-FOR-US: AIRTAME HDMI dongle
CVE-2017-7449
	RESERVED
CVE-2017-7448 (The allocate_channel_framebuffer function in uncompressed_components.hh ...)
	- lepton 1.2.1-3 (bug #859714)
	NOTE: https://github.com/dropbox/lepton/issues/86
	NOTE: https://github.com/dropbox/lepton/commit/7789d99ac156adfd7bbf66e7824bd3e948a74cf7
CVE-2017-7447 (HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-7446 (HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of ...)
	NOT-FOR-US: HelpDEZk
CVE-2017-7445
	RESERVED
CVE-2017-0887 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a bypass in the ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-7443 (Exponent CMS 2.3.0 through 2.3.9 allows remote attackers to have ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-9019 (In libxslt 1.1.29 and earlier, the EXSLT math.random function was not ...)
	- libxslt <unfixed> (unimportant; bug #859796)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758400
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=934119
	NOTE: There's no indication that math.random() in intended to ensure cryptographic
	NOTE: randomness requirements. Proper seeding needs to happen in the application
	NOTE: using libxslt.
CVE-2017-7444 (In Veritas System Recovery before 16 SP1, there is a DLL hijacking ...)
	NOT-FOR-US: Veritas System Recovery
CVE-2017-7442 (Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Nitro Pro
CVE-2017-7441 (In Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the ...)
	NOT-FOR-US: Sophos
CVE-2017-7440 (Kerio Connect 8.0.0 through 9.2.2, and Kerio Connect Client desktop ...)
	NOT-FOR-US: Kerio
CVE-2017-7439 (NetApp OnCommand Unified Manager Core Package 5.x before 5.2.2P1 might ...)
	NOT-FOR-US: NetApp
CVE-2017-7438 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...)
	NOT-FOR-US: NetIQ Privileged Account Manager
CVE-2017-7437 (NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed ...)
	NOT-FOR-US: NetIQ Privileged Account Manager
CVE-2017-7436 (In libzypp before 20170803 it was possible to retrieve unsigned ...)
	- libzypp <unfixed> (bug #899065)
	[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-7435 (In libzypp before 20170803 it was possible to add unsigned YUM ...)
	- libzypp <unfixed> (bug #899065)
	[jessie] - libzypp <ignored> (Minor issue)
CVE-2017-7434 (In the JDBC driver of NetIQ Identity Manager before 4.6 sending out ...)
	NOT-FOR-US: NetIQ Identity Manager
CVE-2017-7433 (An absolute path traversal vulnerability (CWE-36) in Micro Focus Vibe ...)
	NOT-FOR-US: Micro Focus Vibe
CVE-2017-7432 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
CVE-2017-7431 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
CVE-2017-7430 (Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager ...)
	NOT-FOR-US: Novell Novell iManager and NetIQ iManager
CVE-2017-7429 (The certificate upload in NetIQ eDirectory PKI plugin before 8.8.8 ...)
	NOT-FOR-US: NetIQ eDirectory PKI plugin
CVE-2017-7428 (NetIQ iManager 3.x before 3.0.3.1 has an issue in the renegotiation of ...)
	NOT-FOR-US: NetIQ iManager
CVE-2017-7427 (Multiple cross site scripting attacks were found in the Identity ...)
	NOT-FOR-US: NetIQ Identity Manager Plug-in
CVE-2017-7426 (The NetIQ Identity Manager Plugins before 4.6.1 contained various XML ...)
	NOT-FOR-US: NetIQ Identity Manager Plugins
CVE-2017-7425 (Multiple potential reflected XSS issues exist in NetIQ iManager ...)
	NOT-FOR-US: NetIQ
CVE-2017-7424 (A Path Traversal (CWE-22) vulnerability in esfadmingui in Micro Focus ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7423 (A Cross-Site Request Forgery (CWE-352) vulnerability in esfadmingui in ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7422 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7421 (Reflected and stored Cross-Site Scripting (XSS, CWE-79) ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7420 (An Authentication Bypass (CWE-287) vulnerability in ESMAC (aka ...)
	NOT-FOR-US: Micro Focus
CVE-2017-7419 (A OAuth application in NetIQ Access Manager 4.3 before 4.3.2 and 4.2 ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-7418 (ProFTPD before 1.3.5e and 1.3.6 before 1.3.6rc5 controls whether the ...)
	- proftpd-dfsg 1.3.5b-4 (low; bug #859592)
	[jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4295
	NOTE: https://github.com/proftpd/proftpd/commit/ecff21e0d0e84f35c299ef91d7fda088e516d4ed
	NOTE: https://github.com/proftpd/proftpd/commit/f59593e6ff730b832dbe8754916cb5c821db579f
CVE-2017-7417
	RESERVED
CVE-2017-7416 (ntopng before 3.0 allows XSS because GET and POST parameters are ...)
	- ntopng 3.2+dfsg1-1 (bug #866722)
	[stretch] - ntopng <no-dsa> (Minor issue)
	[jessie] - ntopng <no-dsa> (Minor issue)
CVE-2017-7415 (Atlassian Confluence 6.x before 6.0.7 allows remote attackers to bypass ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-10318 (A missing authorization check in the fscrypt_process_policy function in ...)
	- linux 4.7.4-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-7414 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition ...)
	- php-horde-crypt 2.7.5-2 (bug #859635)
CVE-2017-7413 (In Horde_Crypt before 2.7.6, as used in Horde Groupware Webmail Edition ...)
	- php-horde-crypt 2.7.5-2 (bug #859635)
CVE-2017-7412 (NixOS 17.03 before 17.03.887 has a world-writable Docker socket, which ...)
	NOT-FOR-US: NixOS specific Docker issue
CVE-2017-7411 (An issue was discovered in Enalean Tuleap 9.6 and prior versions. The ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2017-7410 (Multiple SQL injection vulnerabilities in account/signup.php and ...)
	NOT-FOR-US: WebsiteBaker
CVE-2017-7409 (Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2017-7408 (Palo Alto Networks Traps ESM Console before 3.4.4 allows attackers to ...)
	NOT-FOR-US: Palo Alto Networks Traps ESM Console
CVE-2017-7407 (The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow ...)
	{DLA-883-1}
	- curl 7.52.1-4 (unimportant; bug #859500)
	NOTE: https://github.com/curl/curl/commit/1890d59905414ab84a35892b2e45833654aa5c13
	NOTE: Negligable security impact
CVE-2017-7406 (The D-Link DIR-615 device before v20.12PTb04 doesn't use SSL for any of ...)
	NOT-FOR-US: D-Link
CVE-2017-7405 (On the D-Link DIR-615 before v20.12PTb04, once authenticated, this ...)
	NOT-FOR-US: D-Link
CVE-2017-7404 (On the D-Link DIR-615 before v20.12PTb04, if a victim logged in to the ...)
	NOT-FOR-US: D-Link
CVE-2017-7403
	RESERVED
CVE-2017-7402 (Pixie 1.0.4 allows remote authenticated users to upload and execute ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7401 (Incorrect interaction of the parse_packet() and ...)
	{DLA-884-1}
	- collectd 5.7.2-1 (bug #859494)
	[stretch] - collectd <no-dsa> (Minor issue)
	[jessie] - collectd <no-dsa> (Minor issue)
	NOTE: https://github.com/collectd/collectd/issues/2174
	NOTE: https://github.com/collectd/collectd/commit/f6be4f9b49b949b379326c3d7002476e6ce4f211
CVE-2017-7400 (OpenStack Horizon 9.x through 9.1.1, 10.x through 10.0.2, and 11.0.0 ...)
	- horizon 3:10.0.1-1 (bug #859559)
	[jessie] - horizon <not-affected> (Vulnerable code not present)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: https://launchpad.net/bugs/1667086
CVE-2016-10317 (The fill_threshhold_buffer function in base/gxht_thresh.c in Artifex ...)
	- ghostscript 9.22~dfsg-2.1 (bug #860869)
	[stretch] - ghostscript <no-dsa> (Minor issue)
	[jessie] - ghostscript <no-dsa> (Minor issue)
	[wheezy] - ghostscript <no-dsa> (Not directly reproducible, to re-evaluate once the upstream fix is known)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697459
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=362ec9daadb9992b0def3520cd1dc6fa52edd1c4
	NOTE: I got the reproducer file from the bug submitter and tried to reproduce it.
	NOTE: Results are the following: sid/stretch with 9.20~dfsg-3 are
	NOTE: affected, it even segfaults. But with wheezy 9.05~dfsg-6.3+deb7u2
	NOTE: and jessie 9.06~dfsg-2+deb8u4, we have no segfault and valgrind
	NOTE: reports no buffer overrun. -- Raphael Hertzog
CVE-2017-1001000 (The register_routes function in ...)
	- wordpress 4.7.2+dfsg-1
	[jessie] - wordpress <not-affected> (Vulnerable code introduced after 4.4)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/WordPress/WordPress/commit/e357195ce303017d517aff944644a7a1232926f7
	NOTE: rest-api introduced in 4.4 upstream
CVE-2016-10316 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10315 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10314 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10313 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-10312 (Jensen of Scandinavia AS Air:Link 3G (AL3G) version 2.23m (Rev. 3), ...)
	NOT-FOR-US: Jensen of Scandinavia AS Air:Link 3G
CVE-2016-1000351
	REJECTED
CVE-2016-1000350
	REJECTED
CVE-2016-1000349
	REJECTED
CVE-2016-1000348
	REJECTED
CVE-2016-1000268
	REJECTED
CVE-2017-7399
	RESERVED
CVE-2017-7398 (D-Link DIR-615 HW: T1 FW:20.09 is vulnerable to Cross-Site Request ...)
	NOT-FOR-US: D-Link
CVE-2017-7397 (** DISPUTED ** BackBox Linux 4.6 allows remote attackers to cause a ...)
	NOT-FOR-US: BackBox OS specific CVE assignment
CVE-2017-7396 (In TigerVNC 1.7.1 (CConnection.cxx CConnection::CConnection), an ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/dccb5f7d776e93863ae10bbff56a45c523c6eeb0
CVE-2017-7395 (In TigerVNC 1.7.1 (SMsgReader.cxx SMsgReader::readClientCutText), by ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436
	NOTE: https://github.com/TigerVNC/tigervnc/pull/436/commits/bf3bdac082978ca32895a4b6a123016094905689
CVE-2017-7394 (In TigerVNC 1.7.1 (SSecurityPlain.cxx SSecurityPlain::processMsg), ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/440
CVE-2017-7393 (In TigerVNC 1.7.1 (VNCSConnectionST.cxx VNCSConnectionST::fence), an ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/438
CVE-2017-7392 (In TigerVNC 1.7.1 (SSecurityVeNCrypt.cxx ...)
	- tigervnc 1.7.0+dfsg-7 (bug #859259)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/441
CVE-2017-7391 (A Cross-Site Scripting (XSS) was discovered in 'Magmi 0.7.22'. The ...)
	NOT-FOR-US: Magmi
CVE-2017-7390 (A Cross-Site Scripting (XSS) was discovered in 'SocialNetwork v1.2.1'. ...)
	NOT-FOR-US: SocialNetwork
CVE-2017-7389 (Multiple Cross-Site Scripting (XSS) were discovered in 'openeclass ...)
	NOT-FOR-US: The Open eClass Platform
CVE-2017-7388 (A Cross-Site Scripting (XSS) was discovered in 'wallacepos v1.4.1'. The ...)
	NOT-FOR-US: WallacePOS
CVE-2017-7387 (TheFirstQuestion/HelpMeWatchWho before 2017-03-28 is vulnerable to a ...)
	NOT-FOR-US: HelpMeWatchWho
CVE-2017-7386 (citymont/symetrie v.0.9.6 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: symetrie
CVE-2017-7385
	RESERVED
CVE-2017-7384 (Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF ...)
	NOT-FOR-US: FlipBuilder Flip PDF
CVE-2017-7383 (The PdfFontFactory.cpp:195:62 code in PoDoFo 0.9.5 allows remote ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00252-podofo-nullptr4
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7382 (The PdfFontFactory.cpp:200:88 code in PoDoFo 0.9.5 allows remote ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr3
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7381 (The doc/PdfPage.cpp:609:23 code in PoDoFo 0.9.5 allows remote attackers ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00251-podofo-nullptr2
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7380 (The doc/PdfPage.cpp:614:20 code in PoDoFo 0.9.5 allows remote attackers ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859329)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/3
	NOTE: https://github.com/asarubbo/poc/blob/master/00250-podofo-nullptr1
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1848
CVE-2017-7379 (The PoDoFo::PdfSimpleEncoding::ConvertToEncoding function in ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #859331)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/2
	NOTE: upstream fix: https://sourceforge.net/p/podofo/code/1842/
CVE-2017-7378 (The PoDoFo::PdfPainter::ExpandTabs function in PdfPainter.cpp in PoDoFo ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #859330)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/01/1
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1847
CVE-2017-7377 (The (1) v9fs_create and (2) v9fs_lcreate functions in hw/9pfs/9p.c in ...)
	{DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-4 (bug #859854)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-03/msg05449.html
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=d63fb193e71644a073b77ff5ac6f1216f2f6cf6e
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/03/2
	NOTE: For older releases affected code is in hw/9pfs/virtio-9p.c
CVE-2017-7376 (Buffer overflow in libxml2 allows remote attackers to execute ...)
	{DSA-3952-1 DLA-1060-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #870865)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780690 (not yet public)
	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4
	NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=5dca9eea1bd4263bfa4d037ab2443de1cd730f7e
	NOTE: The upstream patch has the slight consequence that some port values end up
	NOTE: negative when cast to a 32-bit int. A negative port though in the URL would
	NOTE: make the URL invalid. It is discussed if instead it would be best to prevent
	NOTE: the port from ever being negative. Upstream decided to leave the above patch.
CVE-2017-7375 (A flaw in libxml2 allows remote XML entity inclusion with default ...)
	{DSA-3952-1 DLA-1008-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #870867)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780691 (not yet public)
	NOTE: Android patch: https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa
	NOTE: Fix upstream: https://git.gnome.org/browse/libxml2/commit/?id=90ccb58242866b0ba3edbef8fe44214a101c2b3e
CVE-2017-7374 (Use-after-free vulnerability in fs/crypto/ in the Linux kernel before ...)
	- linux 4.9.25-1
	[jessie] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code not present; Introduced in 4.2-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/1b53cf9815bb4744958d41f3795d5d5a1d365e2d (4.11-rc4)
CVE-2017-7373 (In all Android releases from CAF using the Linux kernel, a double free ...)
	NOT-FOR-US: Android display driver
CVE-2017-7372 (In all Android releases from CAF using the Linux kernel, a race ...)
	NOT-FOR-US: Android
CVE-2017-7371 (In all Android releases from CAF using the Linux kernel, a data ...)
	NOT-FOR-US: Android
CVE-2017-7370 (In all Android releases from CAF using the Linux kernel, a race ...)
	NOT-FOR-US: Android
CVE-2017-7369 (In all Android releases from CAF using the Linux kernel, an array ...)
	- linux <not-affected> (Android-specific)
CVE-2017-7368 (In all Android releases from CAF using the Linux kernel, a race ...)
	NOT-FOR-US: Android driver
CVE-2017-7367 (In all Android releases from CAF using the Linux kernel, an integer ...)
	NOT-FOR-US: Android
CVE-2017-7366 (In all Android releases from CAF using the Linux kernel, a KGSL ioctl ...)
	NOT-FOR-US: Android driver
CVE-2017-7365 (In all Android releases from CAF using the Linux kernel, a buffer ...)
	NOT-FOR-US: Android
CVE-2017-7364 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-7363 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=module&amp;x= XSS ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7362 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=dynamic&amp;x= XSS ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7361 (Pixie 1.0.4 allows an admin/index.php s=publish&amp;m=static&amp;x= XSS ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7360 (Pixie 1.0.4 allows an admin/index.php s=settings&amp;x= XSS attack. ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7359 (Pixie 1.0.4 allows an admin/index.php s=login&amp;m= XSS attack. ...)
	NOT-FOR-US: Pixie CMS
CVE-2017-7358 (In LightDM through 1.22.0, a directory traversal issue in ...)
	- lightdm <not-affected> (Vulnerable code not present)
	NOTE: https://launchpad.net/bugs/1677924
	NOTE: Specific script debian/guest-account.sh not merged from Ubuntu
CVE-2017-7357 (Hipchat Server before 2.2.3 allows remote authenticated users with ...)
	NOT-FOR-US: Hipchat Server
CVE-2017-7356
	RESERVED
CVE-2017-7355
	RESERVED
CVE-2017-7354
	RESERVED
CVE-2017-7353
	RESERVED
CVE-2017-7352 (Stored Cross-site scripting (XSS) vulnerability in Pure Storage Purity ...)
	NOT-FOR-US: Pure Storage Purity
CVE-2017-7351 (A SQL injection issue exists in a file upload handler in REDCap 7.x ...)
	NOT-FOR-US: REDCap
CVE-2017-7350
	RESERVED
CVE-2017-7349
	RESERVED
CVE-2017-7348
	RESERVED
CVE-2017-7347
	RESERVED
CVE-2017-7346 (The vmw_gb_surface_define_ioctl function in ...)
	{DSA-3945-1 DSA-3927-1}
	- linux 4.11.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.14)
	NOTE: Fixed by: https://git.kernel.org/linus/ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf
CVE-2017-7345 (NetApp OnCommand Performance Manager and OnCommand Unified Manager for ...)
	NOT-FOR-US: NetApp
CVE-2016-10311 (Stack-based buffer overflow in SAP NetWeaver 7.0 through 7.5 allows ...)
	NOT-FOR-US: SAP
CVE-2016-10310 (Buffer overflow in the MobiLink Synchronization Server component in ...)
	NOT-FOR-US: MobiLink Synchronization Server
CVE-2017-7344 (A privilege escalation in Fortinet FortiClient Windows 5.4.3 and ...)
	NOT-FOR-US: Fortinet FortiClient Windows
CVE-2017-7343 (An open redirect vulnerability in Fortinet FortiPortal 4.0.0 and below ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7342
	RESERVED
CVE-2017-7341 (An OS Command Injection vulnerability in Fortinet FortiWLC 6.1-2 ...)
	NOT-FOR-US: Fortinet
CVE-2017-7340
	RESERVED
CVE-2017-7339 (A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7338 (A password management vulnerability in Fortinet FortiPortal versions ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7337 (An improper Access Control vulnerability in Fortinet FortiPortal ...)
	NOT-FOR-US: Fortinet FortiPortal
CVE-2017-7336 (A hard-coded account named 'upgrade' in Fortinet FortiWLM 8.3.0 and ...)
	NOT-FOR-US: Fortinet
CVE-2017-7335 (A Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC 6.1-x ...)
	NOT-FOR-US: Fortinet
CVE-2017-7334
	RESERVED
CVE-2017-7333
	RESERVED
CVE-2017-7332
	RESERVED
CVE-2017-7331
	RESERVED
CVE-2017-7330
	RESERVED
CVE-2017-7329
	RESERVED
CVE-2017-7328
	RESERVED
CVE-2017-7327 (Yandex Browser installer for Desktop before 17.4.1 has a DLL Hijacking ...)
	NOT-FOR-US: Yandex Browser installer for Desktop
CVE-2017-7326 (Race condition issue in Yandex Browser for Android before 17.4.0.16 ...)
	NOT-FOR-US: Yandex Browser for Android
CVE-2017-7325 (Yandex Browser before 16.9.0 allows remote attackers to spoof the ...)
	NOT-FOR-US: Yandex Browser
CVE-2017-7324 (setup/templates/findcore.php in MODX Revolution 2.5.4-pl and earlier ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7323 (The (1) update and (2) package-installation features in MODX ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7322 (The (1) update and (2) package-installation features in MODX ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7321 (setup/controllers/welcome.php in MODX Revolution 2.5.4-pl and earlier ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7320 (setup/controllers/language.php in MODX Revolution 2.5.4-pl and earlier ...)
	NOT-FOR-US: MODX Revolution
CVE-2017-7319
	REJECTED
CVE-2017-7318 (Siklu EtherHaul devices before 7.4.0 are vulnerable to a remote command ...)
	NOT-FOR-US: Siklu EtherHaul
CVE-2017-7317 (An issue was discovered on Humax Digital HG100 2.0.6 devices. The ...)
	NOT-FOR-US: Humax Digital HG100
CVE-2017-7316 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. There is ...)
	NOT-FOR-US: Humax Digital HG100R
CVE-2017-7315 (An issue was discovered on Humax Digital HG100R 2.0.6 devices. To ...)
	NOT-FOR-US: Humax Digital HG100R
CVE-2017-7314 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...)
	NOT-FOR-US: Personify360 e-Business
CVE-2017-7313 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...)
	NOT-FOR-US: Personify360 e-Business
CVE-2017-7312 (An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. ...)
	NOT-FOR-US: Personify360 e-Business
CVE-2017-7311
	RESERVED
CVE-2017-7310 (A buffer overflow vulnerability in Import Command in SyncBreeze before ...)
	NOT-FOR-US: Sync Breeze Enterprise
CVE-2017-7309 (A cross-site scripting (XSS) vulnerability in the MantisBT ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7307 (Riverbed RiOS before 9.0.1 does not properly restrict shell access in ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-7306 (** DISPUTED ** Riverbed RiOS through 9.6.0 has a weak default password ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-7305 (** DISPUTED ** Riverbed RiOS through 9.6.0 does not require a ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-7304 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <not-affected> (vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20931
CVE-2017-7303 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <not-affected> (vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20922
CVE-2017-7302 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20921
CVE-2017-7301 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20924
CVE-2017-7300 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20909
CVE-2017-7299 (The Binary File Descriptor (BFD) library (aka libbfd), as distributed ...)
	- binutils 2.27.51.20161220-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20908
CVE-2016-10309 (In the GUI of Ceragon FibeAir IP-10 (before 7.2.0) devices, a remote ...)
	NOT-FOR-US: Ceragon FibeAir
CVE-2016-10308 (Siklu EtherHaul radios before 3.7.1 and 6.x before 6.9.0 have a ...)
	NOT-FOR-US: Siklu EtherHaul
CVE-2016-10307 (Trango ApexLynx 2.0, ApexOrion 2.0, GigaLynx 2.0, GigaOrion 2.0, and ...)
	NOT-FOR-US: Trango
CVE-2016-10306 (Trango Altum AC600 devices have a built-in, hidden root account, with a ...)
	NOT-FOR-US: Trango
CVE-2016-10305 (Trango Apex &lt;= 2.1.1, ApexLynx &lt; 2.0, ApexOrion &lt; 2.0, ApexPlus &lt;= ...)
	NOT-FOR-US: Trango
CVE-2016-10304 (The SAP EP-RUNTIME component in SAP NetWeaver AS JAVA 7.5 allows ...)
	NOT-FOR-US: SAP
CVE-2017-7308 (The packet_set_ring function in net/packet/af_packet.c in the Linux ...)
	{DLA-922-1}
	- linux 4.9.18-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/2b6867c2ce76c596676bec7d2d525af525fdc6e2
	NOTE: Fixed by: https://git.kernel.org/linus/8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b
	NOTE: Fixed by: https://git.kernel.org/linus/bcc5364bdcfe131e6379363f089e7b4108d35b70
	NOTE: https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
CVE-2017-7298 (In Moodle 3.2.2+, there is XSS in the Course summary filter of the &quot;Add ...)
	- moodle <removed> (unimportant)
	NOTE: http://www.daimacn.com/post/12.html
	NOTE: https://tracker.moodle.org/browse/MDL-52038
	NOTE: Not considered a security issue/bug upstream, disputed that it got a CVE
	NOTE: assigned. Mark as unimportant as non-issue.
CVE-2017-7297 (Rancher Labs rancher server 1.2.0+ is vulnerable to authenticated users ...)
	NOT-FOR-US: Rancher Labs rancher server
CVE-2017-7296 (An issue was discovered in Contiki Operating System 3.0. A Persistent ...)
	NOT-FOR-US: Contiki Operating System
CVE-2017-7295 (An issue was discovered in Contiki Operating System 3.0. A ...)
	NOT-FOR-US: Contiki Operating System
CVE-2017-7293 (The Dolby DAX2 and DAX3 API services are vulnerable to a privilege ...)
	NOT-FOR-US: Dolby
CVE-2017-7294 (The vmw_surface_define_ioctl function in ...)
	{DLA-922-1}
	- linux 4.9.18-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/e7e11f99564222d82f0ce84bd521e57d78a6b678
CVE-2017-7292
	RESERVED
CVE-2017-7291
	RESERVED
CVE-2017-7290 (SQL injection vulnerability in XOOPS 2.5.7.2 and other versions before ...)
	NOT-FOR-US: XOOPS
CVE-2017-7289
	RESERVED
CVE-2017-7288 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration Suite ...)
	NOT-FOR-US: Zimbra
CVE-2017-7287
	RESERVED
CVE-2017-7286
	REJECTED
CVE-2016-10303
	RESERVED
CVE-2016-10302
	RESERVED
CVE-2016-10301
	RESERVED
CVE-2016-10300
	RESERVED
CVE-2016-10299 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10298 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10297 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10296 (An information disclosure vulnerability in the Qualcomm shared memory ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10295 (An information disclosure vulnerability in the Qualcomm LED driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10294 (An information disclosure vulnerability in the Qualcomm power driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10293 (An information disclosure vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10292 (A denial of service vulnerability in the Qualcomm Wi-Fi driver could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10291 (An elevation of privilege vulnerability in the Qualcomm Slimbus driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10290 (An elevation of privilege vulnerability in the Qualcomm shared memory ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10289 (An elevation of privilege vulnerability in the Qualcomm crypto driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10288 (An elevation of privilege vulnerability in the Qualcomm LED driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10287 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10286 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10285 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10284 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10283 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10282 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10281 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10280 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-10279
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10278
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10277 (An elevation of privilege vulnerability in the Motorola bootloader ...)
	NOT-FOR-US: Motorola component for Android
CVE-2016-10276 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10275 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-10274 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2015-9018
	RESERVED
CVE-2015-9017
	RESERVED
CVE-2015-9016 (In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a ...)
	{DSA-4187-1}
	- linux 4.2.3-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/0048b4837affd153897ed1222283492070027aa9 (4.3-rc1)
CVE-2015-9015 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9014 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9013 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9012 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9011 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9010 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9009 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9008 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9007 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9006 (In Resource Power Manager (RPM) in all Android releases from CAF using ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9005 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9004 (kernel/events/core.c in the Linux kernel before 3.19 mishandles ...)
	- linux 3.16.7-ckt7-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2014-9959 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9958 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9957 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9956 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9955 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9954 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9953 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2014-9952 (In the Secure File System in all Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9951 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9950 (In Core Kernel in all Android releases from CAF using the Linux ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9949 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9948 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9947 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9946 (In Core Kernel in all Android releases from CAF using the Linux ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9945 (In TrustZone in all Android releases from CAF using the Linux kernel, ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9944 (In the Secure File System in all Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9943 (In Core Kernel in all Android releases from CAF using the Linux ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9942 (In Boot in all Android releases from CAF using the Linux kernel, a Use ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9941 (In the Embedded File System in all Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9940 (The regulator_ena_gpio_free function in drivers/regulator/core.c in ...)
	{DSA-3945-1}
	- linux 4.0.2-1 (low)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2017-7285 (A vulnerability in the network stack of MikroTik Version 6.38.5 ...)
	NOT-FOR-US: MikroTik
CVE-2017-7284 (An attacker that has hijacked a Unitrends Enterprise Backup (before ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7283 (An authenticated user of Unitrends Enterprise Backup before 9.1.2 can ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7282 (An issue was discovered in Unitrends Enterprise Backup before 9.1.1. ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7281 (An issue was discovered in Unitrends Enterprise Backup before 9.1.2. A ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7280 (An issue was discovered in api/includes/systems.php in Unitrends ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7279 (An unprivileged user of the Unitrends Enterprise Backup before 9.0.0 ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2017-7278 (Unspecified vulnerability in ASSA ABLOY APTUS Styra Porttelefonkort ...)
	NOT-FOR-US: ASSA ABLOY APTUS Styra Porttelefonkort 4400
CVE-2017-7277 (The TCP stack in the Linux kernel through 4.10.6 mishandles the ...)
	- linux <not-affected> (Vulnerable code introduced in 4.10-rc1)
CVE-2017-7276 (There is reflected XSS in TOPdesk before 5.7.6 and 6.x and 7.x before ...)
	NOT-FOR-US: TOPdesk
CVE-2017-7275 (The ReadPCXImage function in coders/pcx.c in ImageMagick 7.0.4.9 allows ...)
	- imagemagick <unfixed> (unimportant; bug #859025)
	NOTE: https://blogs.gentoo.org/ago/2017/03/27/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862-and-cve-2016-8866/
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/271
	NOTE: Furthermore: upstream is not able to reproduce the problem as well
	NOTE: The problem result in a memory allocation issue when compiled with ASAN
	NOTE: but unreproducible from unstream. Since no more details can be provided
	NOTE: and the issue not addressed, treat this as "non-issue" (and thus marked
	NOTE: unimportant). If in future details can be elaborated by the reporter
	NOTE: we might re-evaluate this entry.
CVE-2017-7274 (The r_pkcs7_parse_cms function in libr/util/r_pkcs7.c in radare2 1.3.0 ...)
	- radare2 <not-affected> (Vulnerable parsers introduced in 1.3.0-git, cf. #858873)
	NOTE: https://github.com/radare/radare2/commit/7ab66cca5bbdf6cb2d69339ef4f513d95e532dbf
	NOTE: https://github.com/radare/radare2/issues/7152
CVE-2017-7271 (Reflected Cross-site scripting (XSS) vulnerability in Yii Framework ...)
	- yii <itp> (bug #597899)
CVE-2017-7270
	RESERVED
CVE-2017-7273 (The cp_report_fixup function in drivers/hid/hid-cypress.c in the Linux ...)
	{DLA-922-1}
	- linux 4.9.6-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/1ebb71143758f45dc0fa76e2f48429e13b16d110
CVE-2017-7272 (PHP through 7.1.11 enables potential SSRF in applications that accept ...)
	{DLA-875-1}
	- php7.1 <unfixed>
	- php7.0 <unfixed>
	[stretch] - php7.0 <ignored> (Upstream patch breaks existing applications, revisit if a new approach has been identified)
	- php5 <removed>
	[jessie] - php5 <ignored> (Never applied to PHP 5 by upstream, breaks existing applications)
	NOTE: https://github.com/php/php-src/commit/bab0b99f376dac9170ac81382a5ed526938d595a
	NOTE: https://bugs.php.net/bug.php?id=74216
	NOTE: Fixed in 7.1.4 and 7.0.18, but were later reverted: https://bugzilla.redhat.com/show_bug.cgi?id=1437837#c3
CVE-2017-7269 (Buffer overflow in the ScStoragePathFromUrl function in the WebDAV ...)
	NOT-FOR-US: Windows
CVE-2017-7268
	RESERVED
CVE-2017-7267
	RESERVED
CVE-2017-7266 (Netflix Security Monkey before 0.8.0 has an Open Redirect. The logout ...)
	NOT-FOR-US: Netflix Security Monkey
CVE-2017-7265
	RESERVED
CVE-2017-7264 (Use-after-free vulnerability in the fz_subsample_pixmap function in ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-3 (bug #854734)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
	NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
	NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
	NOTE: Related to CVE-2017-5896. But CVE-2017-7264 is for the use-after-free
	NOTE: vulnerability whereas CVE-2017-5896 is for the hea-based buffer overflow
	NOTE: in fz_subsample_pixmap.
CVE-2017-7263 (The bm_readbody_bmp function in bitmap_io.c in Potrace 1.14 allows ...)
	- potrace 1.15-1 (bug #858763)
	[stretch] - potrace <no-dsa> (Minor issue)
	[jessie] - potrace <no-dsa> (Minor issue)
	[wheezy] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/03/03/potrace-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c-incomplete-fix-for-cve-2016-8698/
	NOTE: Proposed patch: https://github.com/asarubbo/poc/blob/master/00219-potrace-heapoverflow-bm_readbody_bmp-PATCH
	NOTE: This CVE is for an incomplete fix of CVE-2016-8698
CVE-2016-10273 (Multiple stack buffer overflow vulnerabilities in Jensen of Scandinavia ...)
	NOT-FOR-US: Jensen of Scandinavia Air:Link Routers
CVE-2017-7262 (The AMD Ryzen processor with AGESA microcode through 2017-01-27 allows ...)
	NOT-FOR-US: Hardware bug in AMD Ryzen CPUs, cannot be fixed via micro code updates, but only BIOS updates
CVE-2017-7261 (The vmw_surface_define_ioctl function in ...)
	{DLA-922-1}
	- linux 4.9.18-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/36274ab8c596f1240c606bb514da329add2a1bcd
CVE-2017-7260
	RESERVED
CVE-2017-7259
	REJECTED
CVE-2017-7258 (HTTP Exploit in eMLi Portal in AuroMeera Technometrix Pvt. Ltd. eMLi ...)
	NOT-FOR-US: AuroMeera Technometrix
CVE-2017-7257 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 &quot;Content--&gt;News--&gt;Add ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-7256 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 &quot;Content--&gt;News--&gt;Add ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-7255 (XSS exists in the CMS Made Simple (CMSMS) 2.1.6 &quot;Content--&gt;News--&gt;Add ...)
	NOT-FOR-US: CMS Made Simple
CVE-2016-10272 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10271 (tools/tiffcrop.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
CVE-2016-10270 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
	{DSA-3844-1}
	- tiff 4.0.7-2 (bug #846837)
	[wheezy] - tiff 4.0.2-6+deb7u9
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/9a72a69e035ee70ff5c41541c8c61cd97990d018
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2608
CVE-2016-10269 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/1044b43637fa7f70fb19b93593777b78bd20da86
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2604
CVE-2016-10268 (tools/tiffcp.c in LibTIFF 4.0.7 allows remote attackers to cause a ...)
	{DLA-877-1}
	- tiff 4.0.7-2 (unimportant)
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (issue in tiffcp that is not shipped by the source package)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-heap-based-buffer-overflow/
	NOTE: https://github.com/vadz/libtiff/commit/5397a417e61258c69209904e652a1f409ec3b9df
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2598
	NOTE: Crash in CLI tool not treated as a security issue
CVE-2016-10267 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible, BigTIFF not supported by this version)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero/
	NOTE: https://github.com/vadz/libtiff/commit/43bc256d8ae44b92d2734a3c5bc73957a4d7c1ec
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2611
CVE-2016-10266 (LibTIFF 4.0.7 allows remote attackers to cause a denial of service ...)
	{DSA-3844-1 DLA-877-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: https://blogs.gentoo.org/ago/2017/01/01/libtiff-multiple-divide-by-zero
	NOTE: https://github.com/vadz/libtiff/commit/438274f938e046d33cb0e1230b41da32ffe223e1
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2596
CVE-2017-7254
	RESERVED
CVE-2017-7253 (Dahua IP Camera devices 3.200.0001.6 can be exploited via these steps: ...)
	NOT-FOR-US: Dahua IP Camera devices
CVE-2017-7252 [Incorrect bcrypt computation]
	RESERVED
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Bug introduced in 1.11.0, fixed in 2.1.0.
CVE-2017-7251 (A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. The ...)
	NOT-FOR-US: pi-engine
CVE-2017-7250 (A Cross-Site Scripting (XSS) was discovered in Gazelle before ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7249 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7248 (A Cross-Site Scripting (XSS) was discovered in Gazelle before ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7247 (Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before ...)
	NOT-FOR-US: Gazelle torrent tracker
CVE-2017-7246 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
	- pcre3 <unfixed> (bug #858679; unimportant)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2057
	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
CVE-2017-7245 (Stack-based buffer overflow in the pcre32_copy_substring function in ...)
	- pcre3 <unfixed> (bug #858678; unimportant)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2055
	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/
	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1691 (8.41)
CVE-2017-7244 (The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 ...)
	- pcre3 2:8.39-3 (bug #858683)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2054
	NOTE: https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/
	NOTE: pcre32 support enabled only in pcre3/1:8.35-4
	NOTE: Bisected and the following change addresses the issue for pcre3:
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1688 (8.41)
CVE-2017-7243 (Eclipse tinydtls 0.8.2 for Eclipse IoT allows remote attackers to cause ...)
	NOT-FOR-US: Eclipse tinydtls for Eclipse IoT
CVE-2017-7242 (Multiple Cross-Site Scripting (XSS) were discovered in admin/modules ...)
	NOT-FOR-US: SLiMS
CVE-2017-7241 (A cross-site scripting (XSS) vulnerability in the MantisBT Move ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-7240 (An issue was discovered on Miele Professional PST10 devices. The ...)
	NOT-FOR-US: Miele Professional PG 8528 PST10 devices
CVE-2017-7239 (Ninka before 1.3.2 might allow remote attackers to obtain sensitive ...)
	- ninka <not-affected> (Fixed with the initial release to Debian)
	NOTE: https://github.com/dmgerman/ninka/commit/81f185261c8863c5b84344ee31192870be939faf
CVE-2017-7238
	RESERVED
CVE-2017-7237 (The Spiceworks TFTP Server, as distributed with Spiceworks Inventory ...)
	NOT-FOR-US: Spiceworks
CVE-2017-7236 (SQL injection vulnerability in NetApp OnCommand Unified Manager Core ...)
	NOT-FOR-US: NetApp
CVE-2016-10265
	RESERVED
CVE-2016-10264
	RESERVED
CVE-2016-10263
	RESERVED
CVE-2016-10262
	RESERVED
CVE-2016-10261
	RESERVED
CVE-2016-10260
	RESERVED
CVE-2016-10259 (Symantec SSL Visibility (SSLV) 3.8.4FC, 3.9, 3.10 before 3.10.4.1, and ...)
	NOT-FOR-US: Blue Coat
CVE-2016-10258 (Unrestricted file upload vulnerability in the Symantec Advanced Secure ...)
	NOT-FOR-US: Symantec
CVE-2016-10257 (The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to ...)
	NOT-FOR-US: Symantec
CVE-2016-10256 (The Symantec ProxySG 6.5 (prior to 6.5.10.6), 6.6, and 6.7 (prior to ...)
	NOT-FOR-US: Symantec
CVE-2017-7235 (An issue was discovered in cloudflare-scrape 1.6.6 through 1.7.1. A ...)
	NOT-FOR-US: cloudflare-scrape
CVE-2017-7234 (A maliciously crafted URL to a Django (1.10 before 1.10.7, 1.9 before ...)
	{DSA-3835-1 DLA-885-1}
	- python-django 1:1.10.7-1 (bug #859516)
	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
	NOTE: Fixed by (master): https://github.com/django/django/commit/a1f948b468b6621083a03b0d53432341b7a4d753
CVE-2017-7233 (Django 1.10 before 1.10.7, 1.9 before 1.9.13, and 1.8 before 1.8.18 ...)
	{DSA-3835-1 DLA-885-1}
	- python-django 1:1.10.7-1 (bug #859515)
	NOTE: https://www.djangoproject.com/weblog/2017/apr/04/security-releases/
	NOTE: Fixed by (master): https://github.com/django/django/commit/5ea48a70afac5e5684b504f09286e7defdd1a81a
CVE-2017-7232
	RESERVED
CVE-2017-7231 (pngdefry through 2017-03-22 is prone to a heap-based buffer-overflow ...)
	NOT-FOR-US: pngdefry
CVE-2017-7230 (A buffer overflow vulnerability in Disk Sorter Enterprise 9.5.12 and ...)
	NOT-FOR-US: Disk Sorter Enterprise
CVE-2017-7229 (PGP/MIME encrypted messages injected into a Vaultive O365 (before ...)
	NOT-FOR-US: Vaultive O365
CVE-2017-7228 (An issue (known as XSA-212) was discovered in Xen, with fixes available ...)
	{DSA-3847-1 DLA-907-1}
	- xen 4.8.1-1 (bug #859560)
	NOTE: https://xenbits.xen.org/xsa/advisory-212.html
CVE-2017-7227 (GNU linker (ld) in GNU Binutils 2.28 is vulnerable to a heap-based ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20906
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=406bd128dba2a59d0736839fc87a59bce319076c
CVE-2017-7226 (The pe_ILF_object_p function in the Binary File Descriptor (BFD) ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20905
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=fa6631b4eecfcca00c13b9594e6336dffd40982f
CVE-2017-7225 (The find_nearest_line function in addr2line in GNU Binutils 2.28 does ...)
	- binutils 2.27.51.20161201-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20891
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=50455f1ab2935f7321215dfa681745c9b1cb5b19
CVE-2017-7224 (The find_nearest_line function in objdump in GNU Binutils 2.28 is ...)
	- binutils 2.27.51.20161201-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20892
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=e82ab856bb4689330c29fb9f1c57a8555b26380e
CVE-2017-7223 (GNU assembler in GNU Binutils 2.28 is vulnerable to a global buffer ...)
	- binutils 2.27.51.20161212-1
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20898
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=69ace2200106348a1b00d509a6a234337c104c17
CVE-2017-7222 (A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
CVE-2017-7221 (OpenText Documentum Content Server has an inadequate protection ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-7220 (OpenText Documentum Content Server allows superuser access via ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-7219 (A heap overflow vulnerability in Citrix NetScaler Gateway versions 10.1 ...)
	NOT-FOR-US: Citrix
CVE-2017-7218 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7217 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2017-7216 (The Management Web Interface in Palo Alto Networks PAN-OS before 7.1.9 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-10255 (The __libelf_set_rawdata_wrlock function in elf_getdata.c in elfutils ...)
	- elfutils 0.168-0.2 (low)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: 0.168-0.2 first version uploaded to unstable
	NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-__libelf_set_rawdata_wrlock-elf_getdata-c/
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=09ec02ec7f7e6913d10943148e2a898264345b07
CVE-2016-10254 (The allocate_elf function in common.h in elfutils before 0.168 allows ...)
	- elfutils 0.168-0.2 (low)
	[jessie] - elfutils <no-dsa> (Minor issue)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	NOTE: 0.168-0.2 first version uploaded to unstable
	NOTE: https://blogs.gentoo.org/ago/2016/11/04/elfutils-memory-allocation-failure-in-allocate_elf-common-h/
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=191000fdedba3fafe4d5b8cddad3f3318b49c3fb
CVE-2017-7215 (Cross site scripting in some view elements in the index filter tool in ...)
	NOT-FOR-US: MISP (Malware Information Sharing Platform and Threat Sharing)
CVE-2017-7214 (An issue was discovered in exception_wrapper.py in OpenStack Nova 13.x ...)
	- nova 2:14.0.0-4 (bug #858568)
	[jessie] - nova <not-affected> (Vulnerable code not present)
	[wheezy] - nova <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://bugs.launchpad.net/nova/+bug/1673569
CVE-2017-7213 (Zoho ManageEngine Desktop Central before build 100082 allows remote ...)
	NOT-FOR-US: Zoho ManageEngine Desktop Central
CVE-2017-7212
	RESERVED
CVE-2017-7211
	RESERVED
CVE-2017-7210 (objdump in GNU Binutils 2.28 is vulnerable to multiple heap-based ...)
	- binutils 2.28-3 (low; bug #858324)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21157
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a2dea0b20bc66a4c287c3c50002b8c3b3e9d953a
CVE-2017-7209 (The dump_section_as_bytes function in readelf in GNU Binutils 2.28 ...)
	- binutils 2.28-3 (low; bug #858323)
	[jessie] - binutils <not-affected> (Vulnerable code introduced later)
	[wheezy] - binutils <not-affected> (Vulnerable code introduced later)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21135
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f055032e4e922f1e1a5e11026c7c2669fa2a7d19
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=1835f746a7c7fff70a2cc03a051b14fdc6b3f73f
CVE-2017-7208 (The decode_residual function in libavcodec in libav 9.21 allows remote ...)
	{DSA-4012-1 DLA-1142-1}
	- libav <removed> (low)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1000
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=522d850e68ec4b77d3477b3c8f55b1ba00a9d69a
CVE-2017-7207 (The mem_get_bits_rectangle function in Artifex Software, Inc. ...)
	{DSA-3838-1 DLA-1048-1}
	- ghostscript 9.20~dfsg-3 (bug #858350)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=309eca4e0a31ea70dcc844812691439312dad091
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697676
CVE-2017-7206 (The ff_h2645_extract_rbsp function in libavcodec in libav 9.21 allows ...)
	- libav <removed>
	[jessie] - libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (bug #872517; Previous patches mitigated the issue)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=1002
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=83b2b34d06e74cc8775ba3d833f9782505e17539
CVE-2017-7205 (A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. ...)
	NOT-FOR-US: GamePanelX-V3
CVE-2017-7204 (A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. The ...)
	NOT-FOR-US: imdbphp
CVE-2017-7203 (A Cross-Site Scripting (XSS) was discovered in ZoneMinder before ...)
	- zoneminder 1.30.4+dfsg-1 (bug #858329)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/issues/1797
	NOTE: Fixed in 1.30.2 upstream.
CVE-2017-7202 (Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana ...)
	NOT-FOR-US: SLiMS
CVE-2017-7201
	RESERVED
CVE-2017-7199 (Nessus 6.6.2 - 6.10.3 contains a flaw related to insecure permissions ...)
	NOT-FOR-US: Nessus
CVE-2017-7200 (An SSRF issue was discovered in OpenStack Glance before Newton. The ...)
	- glance 2:13.0.0-1
	[jessie] - glance <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - glance <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0078
	NOTE: https://bugs.launchpad.net/ossn/+bug/1606495
	NOTE: https://bugs.launchpad.net/ossn/+bug/1153614
	NOTE: The only implemented solution is to move to the v2 API (deprecated in
	NOTE: 2:13.0.0-1, using that as the fixed version)
CVE-2017-7198
	RESERVED
CVE-2017-7197
	RESERVED
CVE-2017-7196
	RESERVED
CVE-2017-7195
	RESERVED
CVE-2017-7194
	RESERVED
CVE-2017-7193
	RESERVED
CVE-2017-7192 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass ...)
	NOT-FOR-US: Starscream
CVE-2017-7190
	RESERVED
CVE-2017-7189
	RESERVED
CVE-2017-7188 (Zurmo 3.1.1 Stable allows a Cross-Site Scripting (XSS) attack with a ...)
	NOT-FOR-US: Zurmo
CVE-2017-7187 (The sg_ioctl function in drivers/scsi/sg.c in the Linux kernel through ...)
	- linux 4.9.18-1
	[jessie] - linux <not-affected> (Introduced in 3.17)
	[wheezy] - linux <not-affected> (Introduced in 3.17)
	NOTE: Fixed by: https://git.kernel.org/linus/bf33f87dd04c371ea33feb821b60d63d754e3124 (4.11-rc5)
	NOTE: Introduced by: https://git.kernel.org/linus/65c26a0f39695ba01d9693754f27ca76cc8a3ab5 (3.17-rc1)
CVE-2017-7185 (Use-after-free vulnerability in the ...)
	NOT-FOR-US: Mongoose
CVE-2017-7183 (The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers ...)
	NOT-FOR-US: ExtraPuTTY
CVE-2017-7182
	RESERVED
CVE-2017-7181
	RESERVED
CVE-2017-7180 (Net Monitor for Employees Pro through 5.3.4 has an unquoted service ...)
	NOT-FOR-US: Net Monitor for Employees Pro
CVE-2017-7179
	RESERVED
CVE-2016-10253 (An issue was discovered in Erlang/OTP 18.x. Erlang's generation of ...)
	- erlang 1:19.2.1+dfsg-2 (bug #858313)
	[jessie] - erlang 1:17.3-dfsg-4+deb8u1
	[wheezy] - erlang <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/erlang/otp/pull/1108
CVE-2017-7184 (The xfrm_replay_verify_len function in net/xfrm/xfrm_user.c in the ...)
	{DLA-922-1}
	- linux 4.9.18-1 (low)
	[jessie] - linux 3.16.43-1
	NOTE: Unprivileged user namespaces are disabled in Debian, this only affects
	NOTE: non-standard setups
CVE-2017-7186 (libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote ...)
	- pcre3 2:8.39-3 (bug #858230)
	[jessie] - pcre3 <no-dsa> (Minor issue; 32bit character support not enabled)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	- pcre2 10.22-3 (bug #858233)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2052
	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_internal.h?r1=1649&r2=1688&sortby=date (for pcre3)
	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_ucd.c?r1=1490&r2=1688&sortby=date (for pcre3)
	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_ucd.c?r1=316&r2=670&sortby=date (for pcre2)
	NOTE: https://vcs.pcre.org/pcre2/code/trunk/src/pcre2_internal.h?r1=600&r2=670&sortby=date (for pcre2)
CVE-2017-7178 (CSRF was discovered in the web UI in Deluge before 1.3.14. The ...)
	{DSA-3856-1 DLA-863-1}
	- deluge 1.3.13+git20161130.48cedf63-2 (bug #857903)
	NOTE: http://git.deluge-torrent.org/deluge/commit/?h=1.3-stable&id=318ab179865e0707d7945edc3a13a464a108d583
CVE-2017-9149 (Metadata Anonymisation Toolkit (MAT) 0.6 and 0.6.1 silently fails to ...)
	- mat 0.6.1-4 (bug #858058)
	[jessie] - mat <not-affected> (Vulnerable code not present)
	[wheezy] - mat <not-affected> (Vulnerable code not present)
	NOTE: https://0xacab.org/mat/mat/issues/11527
	NOTE: Fixed by: https://0xacab.org/mat/mat/commit/94ca62a429bb6a3a5f293de26053e54bbfeea9f9
	NOTE: Fixed by: https://0xacab.org/mat/mat/commit/8f6303a1f26fe8dad83ba96ab8328dbdfa3af59a
	NOTE: Introduced by: https://0xacab.org/mat/mat/commit/0d1fe2555e90db35eeb531a1b6026ff64f1f5ae5
CVE-2017-7176
	REJECTED
CVE-2017-7175 (NfSen before 1.3.8 allows remote attackers to execute arbitrary OS ...)
	NOT-FOR-US: NfSen
CVE-2017-7174 (The user-account creation feature in Chef Manage 2.1.0 through 2.4.4 ...)
	NOT-FOR-US: Chef Manage
CVE-2017-7173 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7172 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7171 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7170 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7169
	RESERVED
CVE-2017-7168
	RESERVED
CVE-2017-7167 (An issue was discovered in certain Apple products. Xcode before 9.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7166
	RESERVED
CVE-2017-7165 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7164 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7163 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Intel Graphics Driver on Apple / macOS
CVE-2017-7162 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7161 (An issue was discovered in certain Apple products. Safari before ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7160 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7159 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7158 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7157 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-7156 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.4-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0010.html
	NOTE: Not covered by security support
CVE-2017-7155 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Intel Graphics Driver on Apple / macOS
CVE-2017-7154 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7153 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	- webkit2gtk 2.18.6-1 (unimportant)
	[stretch] - webkit2gtk 2.18.6-1~deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2018-0002.html
	NOTE: Not covered by security support
CVE-2017-7152 (An issue was discovered in certain Apple products. iOS before 11.2 is ...)
	NOT-FOR-US: Apple
CVE-2017-7151
	RESERVED
CVE-2017-7150 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7149 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7148 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7147 (An issue was discovered in certain Apple products. The Apple Support ...)
	NOT-FOR-US: Apple
CVE-2017-7146 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7145 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7144 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7143 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7142 (An issue was discovered in certain Apple products. Safari before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7141 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7140 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7139 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7138 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7137 (An issue was discovered in certain Apple products. Xcode before 9 is ...)
	NOT-FOR-US: Apple
CVE-2017-7136 (An issue was discovered in certain Apple products. Xcode before 9 is ...)
	NOT-FOR-US: Apple
CVE-2017-7135 (An issue was discovered in certain Apple products. Xcode before 9 is ...)
	NOT-FOR-US: Apple
CVE-2017-7134 (An issue was discovered in certain Apple products. Xcode before 9 is ...)
	NOT-FOR-US: Apple
CVE-2017-7133 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7132 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7131 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7130 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7129 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7128 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7127 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7126 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7125 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7124 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7123 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7122 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7121 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Potentially src:file, but Apple doesn't play by the rules
CVE-2017-7120 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7119 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7118 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7117 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7116 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7115 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7114 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7113 (An issue was discovered in certain Apple products. iOS before 11.1 is ...)
	NOT-FOR-US: Apple
CVE-2017-7112 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7111 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7110 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7109 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7108 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7107 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7106 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7105 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7104 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7103 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7102 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7101
	RESERVED
CVE-2017-7100 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7099 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7098 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7097 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7096 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7095 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7094 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7093 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7092 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7091 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7090 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7089 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7088 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7087 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7086 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7085 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7084 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7083 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7082 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7081 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	- webkit2gtk 2.18.1-1 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0008.html
	NOTE: Not covered by security support
CVE-2017-7080 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7079 (An issue was discovered in certain Apple products. iTunes before 12.7 ...)
	NOT-FOR-US: Apple
CVE-2017-7078 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7077 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7076 (An issue was discovered in certain Apple products. Xcode before 9 is ...)
	NOT-FOR-US: Apple
CVE-2017-7075 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7074 (An issue was discovered in certain Apple products. macOS before 10.13 ...)
	NOT-FOR-US: Apple
CVE-2017-7073
	RESERVED
CVE-2017-7072 (An issue was discovered in certain Apple products. iOS before 11 is ...)
	NOT-FOR-US: Apple
CVE-2017-7071 (An issue was discovered in certain Apple products. Safari before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2017-7070 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7069 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7068 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2017-7067 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7066 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7065 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-7064 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7063 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7062 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7061 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: Not covered by security support
CVE-2017-7060 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7059 (A DOMParser XSS issue was discovered in certain Apple products. iOS ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-7058 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7057
	RESERVED
CVE-2017-7056 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: Not covered by security support
CVE-2017-7055 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7054 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7053 (An issue was discovered in certain Apple products. iTunes before ...)
	NOT-FOR-US: Apple
CVE-2017-7052 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.4-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7051 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7050 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7049 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7048 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7047 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7046 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7045 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7044 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7043 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7042 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7041 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7040 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7039 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7038 (A DOMParser XSS issue was discovered in certain Apple products. iOS ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7037 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7036 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7035 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7034 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7033 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7032 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7031 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7030 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7029 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7028 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7027 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7026 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7025 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7024 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7023 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7022 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7021 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7020 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7019 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7018 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.6-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7017 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7016 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7015 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7014 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-7013 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2017-7012 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7011 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7010 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2017-7009 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7008 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7007 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple
CVE-2017-7006 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: https://webkitgtk.org/security/WSA-2017-0006.html
	NOTE: Not covered by security support
CVE-2017-7005 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-7004 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-7003 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-7002 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7001 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Potentially src:sqlite, but Apple doesn't play by the rules
CVE-2017-7000 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-6999 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6998 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6997 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6996 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6995 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6994 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6993
	RESERVED
CVE-2017-6992
	RESERVED
CVE-2017-6991 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOTE: Unspecified sqlite issue found by Apple, no further details available
CVE-2017-6990 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6989 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6988 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6987 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6986 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6985 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6984 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-6983 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOTE: Unspecified sqlite issue found by Apple, no further details available
CVE-2017-6982 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6981 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6980 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-6979 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-6978 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6977 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6976 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-6975 (Wi-Fi in Apple iOS before 10.3.1 does not prevent CVE-2017-6956 stack ...)
	NOT-FOR-US: Applie
CVE-2017-6974 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-6973 (A cross-site scripting (XSS) vulnerability in the MantisBT ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/30/4
CVE-2017-6972 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 have an ...)
	NOT-FOR-US: AlienVault
CVE-2017-6971 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
	NOT-FOR-US: AlienVault
CVE-2017-6970 (AlienVault USM and OSSIM before 5.3.7 and NfSen before 1.3.8 allow ...)
	NOT-FOR-US: AlienVault
CVE-2017-6968 (GMV Checker ATM Security prior to 5.0.18 allows remote authenticated ...)
	NOT-FOR-US: GMV Checker ATM Security
CVE-2017-6969 (readelf in GNU Binutils 2.28 is vulnerable to a heap-based buffer ...)
	- binutils 2.28-3 (bug #858256)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21156
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=b814a36d3440de95f2ac6eaa4fc7935c322ea456
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=43a444f9c5bfd44b4304eafd78338e21d54bea14
CVE-2017-6967 (xrdp 0.9.1 calls the PAM function auth_start_session() in an incorrect ...)
	{DLA-872-1}
	[experimental] - xrdp 0.9.2~20170325-1~exp1
	- xrdp 0.9.1-9 (bug #858143)
	[jessie] - xrdp <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/xrdp/+bug/1672742
	NOTE: https://github.com/neutrinolabs/xrdp/issues/350
	NOTE: First attempt: https://github.com/neutrinolabs/xrdp/pull/694
	NOTE: Followed by: https://github.com/neutrinolabs/xrdp/pull/696
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/18/1
	NOTE: https://github.com/neutrinolabs/xrdp/pull/696/commits/44129acd210c803fc8bbcfaf1b0db05e5bb4034f
CVE-2017-6966 (readelf in GNU Binutils 2.28 has a use-after-free (specifically ...)
	- binutils 2.28-3 (bug #858263)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21139
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=f84ce13b6708801ca1d6289b7c4003e2f5a6d7f9
CVE-2017-6965 (readelf in GNU Binutils 2.28 writes to illegal addresses while ...)
	- binutils 2.28-3 (bug #858264)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21137
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=03f7786e2f440b9892b1c34a58fb26222ce1b493
CVE-2017-6964 (dmcrypt-get-device, as shipped in the eject package of Debian and ...)
	{DSA-3823-1 DLA-876-1}
	- eject 2.1.5+deb1+cvs20081104-13.2 (bug #858872)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/eject/+bug/1673627
CVE-2017-6963
	RESERVED
CVE-2017-6962 (An issue was discovered in apng2gif 1.7. There is an integer overflow ...)
	- apng2gif <unfixed> (bug #854447)
	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6961 (An issue was discovered in apng2gif 1.7. There is improper sanitization ...)
	- apng2gif <unfixed> (bug #854441)
	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
	[wheezy] - apng2gif <not-affected> (Vulnerable code introduced later with refactoring)
CVE-2017-6960 (An issue was discovered in apng2gif 1.7. There ...)
	{DLA-981-1}
	- apng2gif <unfixed> (bug #854367)
	[stretch] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - apng2gif <no-dsa> (Minor issue; can be fixed via point release)
CVE-2017-6959
	REJECTED
CVE-2017-6958 (An XSS vulnerability in the MantisBT Source Integration Plugin (before ...)
	NOT-FOR-US: MantisBT Source Integration Plugin
CVE-2017-6957 (Stack-based buffer overflow in the firmware in Broadcom Wi-Fi HardMAC ...)
	NOT-FOR-US: Firmware on some Broadcom SoCs
CVE-2017-6956 (On the Broadcom Wi-Fi HardMAC SoC with fbt firmware, a stack buffer ...)
	NOT-FOR-US: Firmware on some Broadcom SoCs
CVE-2017-6955 (An issue was discovered in by-email/by-email.php in the Invite Anyone ...)
	NOT-FOR-US: wordpress Anyone plugin
CVE-2017-6954 (An issue was discovered in includes/component.php in the BuddyPress ...)
	NOT-FOR-US: wordpress buddypress docs plugin
CVE-2017-6953 (Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow ...)
	NOT-FOR-US: Gemalto SmartDiag Diagnosis Tool
CVE-2017-6952 (Integer overflow in the cs_winkernel_malloc function in winkernel_mm.c ...)
	- capstone <not-affected> (Vulnerable code not present, in Windows specific distribution)
CVE-2017-9999
	REJECTED
CVE-2017-6951 (The keyring_search_aux function in security/keys/keyring.c in the Linux ...)
	{DLA-922-1}
	- linux 4.0.2-1
	[jessie] - linux 3.16.43-1
CVE-2017-6950 (SAP GUI 7.2 through 7.5 allows remote attackers to bypass intended ...)
	NOT-FOR-US: SAP
CVE-2017-6949 (An issue was discovered in CHICKEN Scheme through 4.12.0. When using a ...)
	{DLA-908-1}
	- chicken 4.12.0-0.2 (bug #858057)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/chicken-announce/2017-03/msg00000.html
CVE-2017-6948
	RESERVED
CVE-2017-6947
	RESERVED
CVE-2017-6946
	RESERVED
CVE-2017-6945
	RESERVED
CVE-2017-6944
	RESERVED
CVE-2017-6943
	RESERVED
CVE-2017-6942
	RESERVED
CVE-2017-6941
	RESERVED
CVE-2017-6940
	RESERVED
CVE-2017-6939
	RESERVED
CVE-2017-6938
	RESERVED
CVE-2017-6937
	RESERVED
CVE-2017-6936
	RESERVED
CVE-2017-6935
	RESERVED
CVE-2017-6934
	RESERVED
CVE-2017-6933
	RESERVED
CVE-2017-6931 (In Drupal versions 8.4.x versions before 8.4.5 the Settings Tray ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6930 (In Drupal versions 8.4.x versions before 8.4.5 when using node access ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6926 (In Drupal versions 8.4.x versions before 8.4.5 users with permission ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/sa-core-2018-001
CVE-2017-6925 [Entity access bypass for entities that do not have UUIDs or have protected revisions - Access Bypass]
	RESERVED
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6924 [REST API can bypass comment approval - Access Bypass]
	RESERVED
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6923 [Views - Access Bypass]
	RESERVED
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-004
CVE-2017-6922 [Files uploaded by anonymous users into a private file system can be accessed by other anonymous users]
	RESERVED
	{DSA-3897-1 DLA-1004-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.56-1 (bug #865498)
	NOTE: https://www.drupal.org/SA-CORE-2017-003
	NOTE: http://cgit.drupalcode.org/drupal/diff/?h=7.x&id=600c1346ed976e6f35fc2b0f907a7837f0f7c145&id2=9eebe462d1e93e785e6c028dc6cf689623c4d936
CVE-2017-6921 [File REST resource does not properly validate]
	RESERVED
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-003
CVE-2017-6920 [PECL YAML parser unsafe object handling]
	RESERVED
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-003
CVE-2017-6919 (Drupal 8 before 8.2.8 and 8.3 before 8.3.1 allows critical access ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-CORE-2017-002
CVE-2017-6918 (CSRF exists in BigTree CMS 4.2.16 with the value[#][*] parameter to the ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6917 (CSRF exists in BigTree CMS 4.2.16 with the value parameter to the ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6916 (CSRF exists in BigTree CMS 4.1.18 with the nav-social[#] parameter to ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6915 (CSRF exists in BigTree CMS 4.1.18 with the colophon parameter to the ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6914 (CSRF exists in BigTree CMS 4.1.18 and 4.2.16 with the id parameter to ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-6913
	RESERVED
CVE-2017-6912
	RESERVED
CVE-2017-6911 (USB Pratirodh is prone to sensitive information disclosure. It stores ...)
	NOT-FOR-US: USB Pratirodh
CVE-2017-6910 (The HTTP and WebSocket engine components in the server in Kaazing ...)
	NOT-FOR-US: Kaazing Gateway
CVE-2017-6909 (An issue was discovered in Shimmie &lt;= 2.5.1. The vulnerability exists ...)
	NOT-FOR-US: Shimmie
CVE-2017-6908 (An issue was discovered in concrete5 &lt;= 5.6.3.4. The vulnerability ...)
	NOT-FOR-US: concrete5
CVE-2017-6907 (An issue was discovered in Open.GL before 2017-03-13. The vulnerability ...)
	NOT-FOR-US: Open.GL
CVE-2017-6906 (An issue was discovered in SiberianCMS before 4.10.0.  The ...)
	NOT-FOR-US: SiberianCMS
CVE-2017-6905 (An issue was discovered in concrete5 &lt;= 5.6.3.4. The vulnerability ...)
	NOT-FOR-US: concrete5
CVE-2017-6904
	RESERVED
CVE-2017-6902
	REJECTED
CVE-2017-6901
	RESERVED
CVE-2017-6900
	RESERVED
CVE-2017-6899 (The msm_bus_dbg_update_request_write function in ...)
	NOT-FOR-US: android_kernel_huawei_msm8916 in LineageOS (and other kernels for MSM devices)
CVE-2017-6898
	RESERVED
CVE-2017-6897
	RESERVED
CVE-2017-6896 (Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 ...)
	NOT-FOR-US: DIGISOL DG-HR1400 1.00.02 wireless router
CVE-2017-6895 (USB Pratirodh allows remote attackers to conduct XML External Entity ...)
	NOT-FOR-US: USB Pratirodh
CVE-2017-6894
	RESERVED
CVE-2017-6893
	RESERVED
CVE-2017-6892 (In libsndfile version 1.0.28, an error in the &quot;aiff_read_chanmap()&quot; ...)
	{DLA-985-1}
	- libsndfile 1.0.28-1 (bug #864704)
	[stretch] - libsndfile <no-dsa> (Minor issue)
	[jessie] - libsndfile <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/erikd/libsndfile/commit/f833c53cb596e9e1792949f762e0b33661822748
CVE-2017-6891 (Two errors in the &quot;asn1_find_node()&quot; function (lib/parser_aux.c) ...)
	{DSA-3861-1 DLA-950-1}
	- libtasn1-6 4.10-1.1 (bug #863186)
	- libtasn1-3 <removed>
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-11/
	NOTE: https://gitlab.com/gnutls/libtasn1/commit/5520704d075802df25ce4ffccc010ba1641bd484
CVE-2017-6890 (A boundary error within the &quot;foveon_load_camf()&quot; function ...)
	NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
CVE-2017-6889 (An integer overflow error within the &quot;foveon_load_camf()&quot; function ...)
	NOT-FOR-US: libraw demosaic extension (not packaged in Debian)
CVE-2017-6888 (An error in the &quot;read_metadata_vorbiscomment_()&quot; function ...)
	- flac 1.3.2-2 (low; bug #897015)
	[stretch] - flac <no-dsa> (Minor issue)
	[jessie] - flac <no-dsa> (Minor issue)
	[wheezy] - flac <no-dsa> (Minor issue)
	NOTE: https://secuniaresearch.flexerasoftware.com/secunia_research/2017-7/
	NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=4f47b63e9c971e6391590caf00a0f2a5ed612e67
CVE-2017-6887 (A boundary error within the &quot;parse_tiff_ifd()&quot; function ...)
	{DSA-3950-1 DLA-1057-1}
	- libraw 0.18.2-2 (bug #864183)
	NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
CVE-2017-6886 (An error within the &quot;parse_tiff_ifd()&quot; function ...)
	{DSA-3950-1 DLA-1057-1}
	- libraw 0.18.2-2 (bug #864183)
	NOTE: https://github.com/LibRaw/LibRaw/commit/d7c3d2cb460be10a3ea7b32e9443a83c243b2251
CVE-2017-6885 (An error when handling certain external commands and services related ...)
	NOT-FOR-US: FlexNet
CVE-2017-6903 (In ioquake3 before 2017-03-14, the auto-downloading feature has ...)
	{DSA-3812-1}
	- ioquake3 1.36+u20161101+dfsg1-2 (bug #857699)
	[wheezy] - ioquake3 <end-of-life> (Not supported in Wheezy LTS)
	- iortcw 1.50a+dfsg1-3 (bug #857714)
	NOTE: https://ioquake3.org/2017/03/13/important-security-update-please-update-ioquake3-immediately/
	NOTE: Also affects openjk (only in experimental; bug #857715)
CVE-2017-6884 (A command injection vulnerability was discovered on the Zyxel EMG2926 ...)
	NOT-FOR-US: Zyxel
CVE-2017-6883 (The ConvertToPDF plugin in Foxit Reader before 8.2.1 and PhantomPDF ...)
	NOT-FOR-US: Foxit
CVE-2017-6882
	RESERVED
CVE-2017-6881
	RESERVED
CVE-2017-6880 (Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2017-6879
	RESERVED
CVE-2017-6878 (Cross-site scripting (XSS) vulnerability in MetInfo 5.3.15 allows ...)
	NOT-FOR-US: MetInfo
CVE-2017-6877 (Cross-site scripting (XSS) vulnerability in SVG file handling in Lutim ...)
	NOT-FOR-US: Lutim
CVE-2017-6876
	RESERVED
CVE-2017-6875
	RESERVED
CVE-2017-6874 (Race condition in kernel/ucount.c in the Linux kernel through 4.10.2 ...)
	- linux 4.9.16-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/040757f738e13caaa9c5078bca79aa97e11dde88
CVE-2017-6873 (A vulnerability was discovered in Siemens OZW672 (all versions) and ...)
	NOT-FOR-US: Siemens
CVE-2017-6872 (A vulnerability was discovered in Siemens OZW672 (all versions) and ...)
	NOT-FOR-US: Siemens
CVE-2017-6871 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for ...)
	NOT-FOR-US: Siemens
CVE-2017-6870 (A vulnerability was discovered in Siemens SIMATIC WinCC Sm@rtClient for ...)
	NOT-FOR-US: Siemens
CVE-2017-6869 (A vulnerability was discovered in Siemens ViewPort for Web Office ...)
	NOT-FOR-US: Siemens
CVE-2017-6868 (An Improper Authentication issue was discovered in Siemens SIMATIC CP ...)
	NOT-FOR-US: Siemens
CVE-2017-6867 (A vulnerability was discovered in Siemens SIMATIC WinCC (V7.3 before ...)
	NOT-FOR-US: Siemens
CVE-2017-6866 (A vulnerability was discovered in Siemens XHQ server 4 and 5 (4 before ...)
	NOT-FOR-US: Siemens
CVE-2017-6865 (A vulnerability has been identified in Primary Setup Tool (PST) (All ...)
	NOT-FOR-US: Siemens
CVE-2017-6864 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...)
	NOT-FOR-US: Siemens
CVE-2017-6863
	RESERVED
CVE-2017-6862 (NETGEAR WNR2000v3 devices before 1.1.2.14, WNR2000v4 devices before ...)
	NOT-FOR-US: NETGEAR
CVE-2017-6861
	RESERVED
CVE-2017-6860
	RESERVED
CVE-2017-6859
	RESERVED
CVE-2017-6858
	RESERVED
CVE-2017-6857
	RESERVED
CVE-2017-6856
	RESERVED
CVE-2017-6855
	RESERVED
CVE-2017-6854
	RESERVED
CVE-2017-6853
	RESERVED
CVE-2017-6839 (Integer overflow in modules/MSADPCM.cpp in Audio File Library (aka ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
	NOTE: https://github.com/mpruett/audiofile/issues/41
	NOTE: https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9
CVE-2017-6838 (Integer overflow in sfcommands/sfconvert.c in Audio File Library (aka ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
	NOTE: https://github.com/mpruett/audiofile/issues/41
	NOTE: https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6837 (WAVE.cpp in Audio File Library (aka audiofile) 0.3.6 allows remote ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/
	NOTE: https://github.com/mpruett/audiofile/issues/41
	NOTE: https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6836 (Heap-based buffer overflow in the Expand3To4Module::run function in ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h
	NOTE: https://github.com/mpruett/audiofile/issues/40
	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6835 (The reset1 function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/39
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6834 (Heap-based buffer overflow in the ulaw2linear_buf function in G711.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/38
	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6833 (The runPull function in libaudiofile/modules/BlockCodec.cpp in Audio ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/37
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6832 (Heap-based buffer overflow in the decodeBlock in MSADPCM.cpp in Audio ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/36
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6831 (Heap-based buffer overflow in the decodeBlockWAVE function in IMA.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/35
	NOTE: https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6
CVE-2017-6830 (Heap-based buffer overflow in the alaw2linear_buf function in G711.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp
	NOTE: https://github.com/mpruett/audiofile/issues/34
	NOTE: https://github.com/mpruett/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c
	NOTE: https://github.com/antlarr/audiofile/commit/ce536d707b8e2a26baca77320398c45238224ca7
CVE-2017-6829 (The decodeSample function in IMA.cpp in Audio File Library (aka ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://github.com/mpruett/audiofile/issues/33
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp
	NOTE: https://github.com/mpruett/audiofile/pull/43/commits/25eb00ce913452c2e614548d7df93070bf0d066f
CVE-2017-6828 (Heap-based buffer overflow in the readValue function in FileHandle.cpp ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://github.com/mpruett/audiofile/issues/31
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-readvalue-filehandle-cpp
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2017-6827 (Heap-based buffer overflow in the MSADPCM::initializeCoefficients ...)
	{DSA-3814-1 DLA-867-1}
	- audiofile 0.3.6-4 (bug #857651)
	NOTE: https://github.com/mpruett/audiofile/issues/32
	NOTE: https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcminitializecoefficients-msadpcm-cpp
	NOTE: https://github.com/mpruett/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0
CVE-2016-10252 (Memory leak in the IsOptionMember function in MagickCore/option.c in ...)
	{DSA-3808-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #857426)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/6790815c75bdea0357df5564345847856e995d6b
CVE-2016-10251 (Integer overflow in the jpc_pi_nextcprl function in jpc_t2cod.c in ...)
	{DSA-3827-1 DLA-920-1}
	- jasper <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/11
	NOTE: https://github.com/mdadams/jasper/commit/1f0dfe5a42911b6880a1445f13f6d615ddb55387
	NOTE: https://github.com/asarubbo/poc/blob/master/00029-jasper-uninitvalue-jpc_pi_nextcprl
CVE-2016-10248 (The jpc_tsfb_synthesize function in jpc_tsfb.c in JasPer before ...)
	- jasper <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/20/5
	NOTE: Not suitable for code injection, hardly denial of service
	NOTE: https://github.com/mdadams/jasper/commit/2e82fa00466ae525339754bb3ab0a0474a31d4bd
CVE-2016-10247 (Buffer overflow in the my_getline function in jstest_main.c in ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/19
CVE-2016-10246 (Buffer overflow in the main function in jstest_main.c in Mujstest in ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/16/20
CVE-2017-XXXX [Server certificates are not verified]
	- profanity 0.5.1-1 (bug #857546)
	[jessie] - profanity <no-dsa> (Minor issue)
	NOTE: https://github.com/boothj5/profanity/issues/280
CVE-2017-7191 (The netjoin processing in Irssi 1.x before 1.0.2 allows attackers to ...)
	- irssi 1.0.2-1 (bug #857502)
	[jessie] - irssi <not-affected> (Different code path caused the netjoins to be flushed prior reaching use-after-free condition)
	[wheezy] - irssi <not-affected> (Different code path caused the netjoins to be flushed prior reaching use-after-free condition)
	NOTE: https://irssi.org/security/irssi_sa_2017_03.txt
	NOTE: https://github.com/irssi/irssi/commit/77b2631c78461965bc9a7414aae206b5c514e1b3
CVE-2017-6826
	RESERVED
CVE-2017-6825
	RESERVED
CVE-2017-6824
	RESERVED
CVE-2017-6823 (Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges ...)
	NOT-FOR-US: Fiyo CMS
CVE-2017-6822
	RESERVED
CVE-2017-6821 (Directory traversal vulnerability in Zimbra Collaboration Suite (aka ...)
	NOT-FOR-US: Zimbra
CVE-2017-6820 (rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is ...)
	{DLA-855-1}
	- roundcube 1.2.3+dfsg.1-3 (bug #857473)
	NOTE: https://github.com/roundcube/roundcubemail/commit/fa2824fdcd44af3f970b2797feb47652482c8305
	NOTE: https://github.com/roundcube/roundcubemail/commit/cbd35626f7db7855f3b5e2db00d28ecc1554e9f4
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-124
	NOTE: https://github.com/roundcube/roundcubemail/releases/tag/1.1.8
CVE-2017-6813 (A service provided by Zimbra Collaboration Suite (ZCS) before 8.7.6 ...)
	NOT-FOR-US: Zimbra
CVE-2017-6812 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6811 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6810 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6809 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6808 (paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2017-6807 (mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session ...)
	- libapache2-mod-auth-mellon 0.12.0-2
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2017-6806
	RESERVED
CVE-2017-6805 (Directory traversal vulnerability in the TFTP server in MobaXterm ...)
	NOT-FOR-US: MobaXterm
CVE-2017-6804
	REJECTED
CVE-2017-6803 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: SolarWinds (formerly Serv-U) FTP Voyager
CVE-2017-6798 (Trend Micro Endpoint Sensor 1.6 before b1290 has a DLL hijacking ...)
	NOT-FOR-US: Trend Micro Endpoint Sensor
CVE-2017-6802 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.2-1
	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/22f8346c8d4f0020a40d9f258fdb3bfc097359cc
CVE-2017-6801 (An issue was discovered in ytnef before 1.9.2. There is a potential ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.2-1
	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/3cb0f914d6427073f262e1b2b5fd973e3043cdf7
CVE-2017-6800 (An issue was discovered in ytnef before 1.9.2. An invalid memory access ...)
	{DSA-3846-1}
	- libytnef 1.9.2-1
	[wheezy] - libytnef <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://github.com/Yeraze/ytnef/commit/f98f5d4adc1c4bd4033638f6167c1bb95d642f89
CVE-2017-6799 (A cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
	- mantis <not-affected> (Vulnerable versions only 2.1.0 through 2.2.0)
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: https://github.com/mantisbt/mantisbt/commit/1677251434b6e8b2be8f1d4376a3e78f7be14d95
	NOTE: http://www.mantisbt.org/bugs/view.php?id=22497
CVE-2017-6797 (A cross-site scripting (XSS) vulnerability in ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (Unsupported in Wheezy LTS)
	NOTE: https://github.com/mantisbt/mantisbt/commit/a2d90ecabf3bcf3aa22ed9dbbecfd3d37902956f
	NOTE: https://github.com/mantisbt/mantisbt/commit/c272c3f65da9677e505ff692b1f1e476b3afa56e
	NOTE: http://www.mantisbt.org/bugs/view.php?id=22486
CVE-2017-6796 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...)
	NOT-FOR-US: Cisco
CVE-2017-6795 (A vulnerability in the USB-modem code of Cisco IOS XE Software running ...)
	NOT-FOR-US: Cisco
CVE-2017-6794 (A vulnerability in the CLI command-parsing code of Cisco Meeting Server ...)
	NOT-FOR-US: Cisco
CVE-2017-6793 (A vulnerability in the Inventory Management feature of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6792 (A vulnerability in the batch provisioning feature in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6791 (A vulnerability in the Trust Verification Service (TVS) of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6790 (A vulnerability in the Session Initiation Protocol (SIP) on the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6789 (A vulnerability in the Cisco Unified Intelligence Center web interface ...)
	NOT-FOR-US: Cisco
CVE-2017-6788 (The WebLaunch functionality of Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2017-6787
	RESERVED
CVE-2017-6786 (A vulnerability in Cisco Elastic Services Controller could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6785 (A vulnerability in configuration modification permissions validation ...)
	NOT-FOR-US: Cisco
CVE-2017-6784 (A vulnerability in the web interface of the Cisco RV340, RV345, and ...)
	NOT-FOR-US: Cisco
CVE-2017-6783 (A vulnerability in SNMP polling for the Cisco Web Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2017-6782 (A vulnerability in the administrative web interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6781 (A vulnerability in the management of shell user accounts for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6780 (A vulnerability in the TCP throttling process for Cisco IoT Field ...)
	NOT-FOR-US: Cisco
CVE-2017-6779
	RESERVED
CVE-2017-6778 (A vulnerability in the Elastic Services Controller (ESC) web interface ...)
	NOT-FOR-US: Cisco
CVE-2017-6777 (A vulnerability in the ConfD server of the Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6776 (A vulnerability in the web framework of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6775 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated ...)
	NOT-FOR-US: Cisco
CVE-2017-6774 (A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers ...)
	NOT-FOR-US: Cisco
CVE-2017-6773 (A vulnerability in the CLI of Cisco ASR 5000 Series Aggregated ...)
	NOT-FOR-US: Cisco
CVE-2017-6772 (A vulnerability in Cisco Elastic Services Controller (ESC) could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-6771 (A vulnerability in the AutoVNF automation tool of the Cisco Ultra ...)
	NOT-FOR-US: Cisco
CVE-2017-6770 (Cisco IOS 12.0 through 15.6, Adaptive Security Appliance (ASA) Software ...)
	NOT-FOR-US: Cisco
CVE-2017-6769 (A vulnerability in the web-based management interface of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6768 (A vulnerability in the build procedure for certain executable system ...)
	NOT-FOR-US: Cisco
CVE-2017-6767 (A vulnerability in Cisco Application Policy Infrastructure Controller ...)
	NOT-FOR-US: Cisco
CVE-2017-6766 (A vulnerability in the Secure Sockets Layer (SSL) Decryption and ...)
	NOT-FOR-US: Cisco
CVE-2017-6765 (A vulnerability in the web-based management interface of Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2017-6764 (A vulnerability in the web-based management interface of Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2017-6763 (A vulnerability in the implementation of the H.264 protocol in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6762 (A vulnerability in the web-based management interface of Cisco Jabber ...)
	NOT-FOR-US: Cisco
CVE-2017-6761 (A vulnerability in the web-based management interface of Cisco Finesse ...)
	NOT-FOR-US: Cisco
CVE-2017-6760
	RESERVED
CVE-2017-6759 (A vulnerability in the UpgradeManager of the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6758 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-6757 (A vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6756 (A vulnerability in the Web UI Application of the Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6755 (A vulnerability in the web portal of the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6754 (A vulnerability in the web-based management interface of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6753 (A vulnerability in Cisco WebEx browser extensions for Google Chrome and ...)
	NOT-FOR-US: Cisco
CVE-2017-6752 (A vulnerability in the web interface of the Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2017-6751 (A vulnerability in the web proxy functionality of the Cisco Web ...)
	NOT-FOR-US: Cisco
CVE-2017-6750 (A vulnerability in AsyncOS for the Cisco Web Security Appliance (WSA) ...)
	NOT-FOR-US: Cisco
CVE-2017-6749 (A vulnerability in the web-based management interface of Cisco Web ...)
	NOT-FOR-US: Cisco
CVE-2017-6748 (A vulnerability in the CLI parser of the Cisco Web Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2017-6747 (A vulnerability in the authentication module of Cisco Identity Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6746 (A vulnerability in the web interface of the Cisco Web Security ...)
	NOT-FOR-US: Cisco
CVE-2017-6745 (A vulnerability in the cache server within Cisco Videoscape ...)
	NOT-FOR-US: Cisco
CVE-2017-6744 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6743 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6742 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6741 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6740 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6739 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6738 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6737 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6736 (The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6735 (A vulnerability in the backup and restore functionality of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6734 (A vulnerability in the web-based management interface of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2017-6733 (A vulnerability in the web-based application interface of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6732 (A vulnerability in the installation procedure for Cisco Prime Network ...)
	NOT-FOR-US: Cisco
CVE-2017-6731 (A vulnerability in Multicast Source Discovery Protocol (MSDP) ingress ...)
	NOT-FOR-US: Cisco
CVE-2017-6730 (A vulnerability in the web-based GUI of Cisco Wide Area Application ...)
	NOT-FOR-US: Cisco
CVE-2017-6729 (A vulnerability in the Border Gateway Protocol (BGP) processing ...)
	NOT-FOR-US: Cisco
CVE-2017-6728 (A vulnerability in the CLI of Cisco IOS XR Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6727 (A vulnerability in the Server Message Block (SMB) protocol of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6726 (A vulnerability in the CLI of the Cisco Prime Network Gateway could ...)
	NOT-FOR-US: Cisco
CVE-2017-6725 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2017-6724 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2017-6723
	RESERVED
CVE-2017-6722 (A vulnerability in the Extensible Messaging and Presence Protocol ...)
	NOT-FOR-US: Cisco
CVE-2017-6721 (A vulnerability in the ingress processing of fragmented TCP packets by ...)
	NOT-FOR-US: Cisco
CVE-2017-6720 (A vulnerability in the Secure Shell (SSH) subsystem of Cisco Small ...)
	NOT-FOR-US: Cisco
CVE-2017-6719 (A vulnerability in the CLI of Cisco IOS XR Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6718 (A vulnerability in the CLI of Cisco IOS XR Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6717 (A vulnerability in the web framework of Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6716 (A vulnerability in the web framework code of Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6715 (A vulnerability in the web framework of Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6714 (A vulnerability in the AutoIT service of Cisco Ultra Services Framework ...)
	NOT-FOR-US: Cisco
CVE-2017-6713 (A vulnerability in the Play Framework of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6712 (A vulnerability in certain commands of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6711 (A vulnerability in the Ultra Automation Service (UAS) of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6710 (A vulnerability in the Cisco Virtual Network Function (VNF) Element ...)
	NOT-FOR-US: Cisco
CVE-2017-6709 (A vulnerability in the AutoVNF tool for the Cisco Ultra Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6708 (A vulnerability in the symbolic link (symlink) creation functionality ...)
	NOT-FOR-US: Cisco
CVE-2017-6707 (A vulnerability in the CLI command-parsing code of the Cisco StarOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6706 (A vulnerability in the logging subsystem of the Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6705 (A vulnerability in the filesystem of the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6704 (A vulnerability in the web application in the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6703 (A vulnerability in the web application in the Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6702 (A vulnerability in the web framework of Cisco SocialMiner could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-6701 (A vulnerability in the web application interface of the Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2017-6700 (A vulnerability in the web-based management interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6699 (A vulnerability in the web-based management interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6698 (A vulnerability in the Cisco Prime Infrastructure (PI) and Evolved ...)
	NOT-FOR-US: Cisco
CVE-2017-6697 (A vulnerability in the web interface of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6696 (A vulnerability in the file system of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6695 (A vulnerability in the ConfD server in Cisco Ultra Services Platform ...)
	NOT-FOR-US: Cisco
CVE-2017-6694 (A vulnerability in the Virtual Network Function Manager's (VNFM) ...)
	NOT-FOR-US: Cisco
CVE-2017-6693 (A vulnerability in the ConfD server component of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6692 (A vulnerability in Cisco Ultra Services Framework Element Manager could ...)
	NOT-FOR-US: Cisco
CVE-2017-6691 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...)
	NOT-FOR-US: Cisco
CVE-2017-6690 (A vulnerability in the file check operation of Cisco ASR 5000 Series ...)
	NOT-FOR-US: Cisco
CVE-2017-6689 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...)
	NOT-FOR-US: Cisco
CVE-2017-6688 (A vulnerability in Cisco Elastic Services Controllers could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6687 (A vulnerability in Cisco Ultra Services Framework Element Manager could ...)
	NOT-FOR-US: Cisco
CVE-2017-6686 (A vulnerability in Cisco Ultra Services Framework Element Manager could ...)
	NOT-FOR-US: Cisco
CVE-2017-6685 (A vulnerability in Cisco Ultra Services Framework Staging Server could ...)
	NOT-FOR-US: Cisco
CVE-2017-6684 (A vulnerability in Cisco Elastic Services Controllers could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6683 (A vulnerability in the esc_listener.py script of Cisco Elastic Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6682 (A vulnerability in the ConfD CLI of Cisco Elastic Services Controllers ...)
	NOT-FOR-US: Cisco
CVE-2017-6681 (A vulnerability in the AutoVNF VNFStagingView class of Cisco Ultra ...)
	NOT-FOR-US: Cisco
CVE-2017-6680 (A vulnerability in the AutoVNF logging function of Cisco Ultra Services ...)
	NOT-FOR-US: Cisco
CVE-2017-6679 (The Cisco Umbrella Virtual Appliance Version 2.0.3 and prior contained ...)
	NOT-FOR-US: Cisco
CVE-2017-6678 (A vulnerability in the ingress UDP packet processing functionality of ...)
	NOT-FOR-US: Cisco
CVE-2017-6677
	RESERVED
CVE-2017-6676
	RESERVED
CVE-2017-6675 (A vulnerability in the web interface of Cisco Industrial Network ...)
	NOT-FOR-US: Cisco
CVE-2017-6674 (A vulnerability in the feature-license management functionality of ...)
	NOT-FOR-US: Cisco
CVE-2017-6673 (A vulnerability in Cisco Firepower Management Center could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6672 (A vulnerability in certain filtering mechanisms of access control lists ...)
	NOT-FOR-US: Cisco
CVE-2017-6671 (A vulnerability in the email message scanning of Cisco AsyncOS Software ...)
	NOT-FOR-US: Cisco
CVE-2017-6670 (A vulnerability in the web-based GUI of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-6669 (Multiple buffer overflow vulnerabilities exist in the Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2017-6668 (Vulnerabilities in the web-based GUI of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-6667 (A vulnerability in the update process for the dynamic JAR file of the ...)
	NOT-FOR-US: Cisco
CVE-2017-6666 (A vulnerability in the forwarding component of Cisco IOS XR Software ...)
	NOT-FOR-US: Cisco
CVE-2017-6665 (A vulnerability in the Autonomic Networking feature of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6664 (A vulnerability in the Autonomic Networking feature of Cisco IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2017-6663 (A vulnerability in the Autonomic Networking feature of Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2017-6662 (A vulnerability in the web-based user interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6661 (A vulnerability in the web-based management interface of Cisco Email ...)
	NOT-FOR-US: Cisco
CVE-2017-6660
	RESERVED
CVE-2017-6659 (A vulnerability in the web-based management interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6658 (Cisco Sourcefire Snort 3.0 before build 233 has a Buffer Overread ...)
	NOT-FOR-US: Cisco
CVE-2017-6657 (Cisco Sourcefire Snort 3.0 before build 233 mishandles Ether Type ...)
	NOT-FOR-US: Cisco
CVE-2017-6656 (A vulnerability in Session Initiation Protocol (SIP) call handling of ...)
	NOT-FOR-US: Cisco
CVE-2017-6655 (A vulnerability in the Fibre Channel over Ethernet (FCoE) protocol ...)
	NOT-FOR-US: Cisco
CVE-2017-6654 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-6653 (A vulnerability in the TCP throttling process for the GUI of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6652 (A vulnerability in the web framework of the Cisco TelePresence IX5000 ...)
	NOT-FOR-US: Cisco
CVE-2017-6651 (A vulnerability in Cisco WebEx Meetings Server could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-6650 (A vulnerability in the Telnet CLI command of Cisco NX-OS System ...)
	NOT-FOR-US: Cisco
CVE-2017-6649 (A vulnerability in the CLI of Cisco NX-OS System Software 7.1 through ...)
	NOT-FOR-US: Cisco
CVE-2017-6648 (A vulnerability in the Session Initiation Protocol (SIP) of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6647 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6646 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6645 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6644 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6643 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6642 (A vulnerability in the web interface of Cisco Remote Expert Manager ...)
	NOT-FOR-US: Cisco
CVE-2017-6641 (A vulnerability in the TCP connection handling functionality of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6640 (A vulnerability in Cisco Prime Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco
CVE-2017-6639 (A vulnerability in the role-based access control (RBAC) functionality ...)
	NOT-FOR-US: Cisco
CVE-2017-6638 (A vulnerability in how DLL files are loaded with Cisco AnyConnect ...)
	NOT-FOR-US: Cisco
CVE-2017-6637 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6636 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6635 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6634 (A vulnerability in the Device Manager web interface of Cisco Industrial ...)
	NOT-FOR-US: Cisco
CVE-2017-6633 (A vulnerability in the TCP throttling process of Cisco UCS C-Series ...)
	NOT-FOR-US: Cisco
CVE-2017-6632 (A vulnerability in the logging configuration of Secure Sockets Layer ...)
	NOT-FOR-US: Cisco
CVE-2017-6631 (A vulnerability in the HTTP remote procedure call (RPC) service of ...)
	NOT-FOR-US: Cisco
CVE-2017-6630 (A vulnerability in the Session Initiation Protocol (SIP) implementation ...)
	NOT-FOR-US: Cisco
CVE-2017-6629 (A vulnerability in the ImageID parameter of Cisco Unity Connection ...)
	NOT-FOR-US: Cisco
CVE-2017-6628 (A vulnerability in SMART-SSL Accelerator functionality for Cisco Wide ...)
	NOT-FOR-US: Cisco
CVE-2017-6627 (A vulnerability in the UDP processing code of Cisco IOS 15.1, 15.2, and ...)
	NOT-FOR-US: Cisco
CVE-2017-6626 (A vulnerability in the Cisco Finesse Notification Service for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6625 (A &quot;Cisco Firepower Threat Defense 6.0.0 through 6.2.2 and Cisco ASA ...)
	NOT-FOR-US: Cisco
CVE-2017-6624 (A vulnerability in Cisco IOS 15.5(3)M Software for Cisco CallManager ...)
	NOT-FOR-US: Cisco
CVE-2017-6623 (A vulnerability in a script file that is installed as part of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-6622 (A vulnerability in the web interface for Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6621 (A vulnerability in the web interface of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2017-6620 (A vulnerability in the remote management access control list (ACL) ...)
	NOT-FOR-US: Cisco
CVE-2017-6619 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6618 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6617 (A vulnerability in the session identification management functionality ...)
	NOT-FOR-US: Cisco
CVE-2017-6616 (A vulnerability in the web-based GUI of Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6615 (A vulnerability in the Simple Network Management Protocol (SNMP) ...)
	NOT-FOR-US: Cisco
CVE-2017-6614 (A vulnerability in the file-download feature of the web user interface ...)
	NOT-FOR-US: Cisco
CVE-2017-6613 (A vulnerability in the DNS input packet processor for Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-6612 (A vulnerability in the gateway GPRS support node (GGSN) of Cisco ASR ...)
	NOT-FOR-US: Cisco
CVE-2017-6611 (A vulnerability in the web framework code of Cisco Prime Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2017-6610 (A vulnerability in the Internet Key Exchange Version 1 (IKEv1) XAUTH ...)
	NOT-FOR-US: Cisco
CVE-2017-6609 (A vulnerability in the IPsec code of Cisco ASA Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6608 (A vulnerability in the Secure Sockets Layer (SSL) and Transport Layer ...)
	NOT-FOR-US: Cisco
CVE-2017-6607 (A vulnerability in the DNS code of Cisco ASA Software could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-6606 (A vulnerability in a startup script of Cisco IOS XE Software could ...)
	NOT-FOR-US: Cisco
CVE-2017-6605 (A vulnerability in the web-based management interface of Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2017-6604 (A vulnerability in the web interface of Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2017-6603 (A vulnerability in Cisco ASR 903 or ASR 920 Series Devices running with ...)
	NOT-FOR-US: Cisco
CVE-2017-6602 (A vulnerability in the CLI of Cisco Unified Computing System (UCS) ...)
	NOT-FOR-US: Cisco
CVE-2017-6601 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...)
	NOT-FOR-US: Cisco
CVE-2017-6600 (A vulnerability in the CLI of the Cisco Unified Computing System (UCS) ...)
	NOT-FOR-US: Cisco
CVE-2017-6599 (A vulnerability in Google-defined remote procedure call (gRPC) handling ...)
	NOT-FOR-US: Cisco
CVE-2017-6598 (A vulnerability in the debug plug-in functionality of the Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-6597 (A vulnerability in the local-mgmt CLI command of the Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-6596 (partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer ...)
	{DLA-923-1}
	[experimental] - partclone 0.2.90-1
	- partclone 0.2.89-3 (bug #857966)
	[jessie] - partclone <no-dsa> (Minor issue)
	NOTE: https://github.com/insidej/Partclone_HeapOverFlow/blob/master/README.md
	NOTE: https://github.com/Thomas-Tsai/partclone/issues/91
	NOTE: https://github.com/Thomas-Tsai/partclone/commit/2d6bcfd8016dc6090090934bab71c663d9a4d36d
	NOTE: https://github.com/Thomas-Tsai/partclone/commit/96401fb5b7221fc5f44df7079485c395f9c3a428
CVE-2017-6595
	RESERVED
CVE-2017-6594 (The transit path validation code in Heimdal before 7.3 might allow ...)
	- heimdal 7.1.0+dfsg-12
	[jessie] - heimdal <no-dsa> (Minor issue)
	[wheezy] - heimdal <no-dsa> (Minor issue)
	NOTE: https://github.com/heimdal/heimdal/commit/b1e699103f08d6a0ca46a122193c9da65f6cf837
	NOTE: See https://lists.debian.org/debian-lts/2017/05/msg00010.html
CVE-2017-6593
	RESERVED
CVE-2017-6592
	RESERVED
CVE-2017-6591 (There is a cross-site scripting vulnerability in django-epiceditor ...)
	NOT-FOR-US: django-epiceditor
CVE-2017-6590 (An issue was discovered in network-manager-applet (aka ...)
	- network-manager-applet <unfixed> (unimportant)
	NOTE: Marked as 'unimportant', since not exploitable in Debian, although the source
	NOTE: would be affected as well for Debian.
	NOTE: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321
CVE-2017-6589 (EpicEditor through 0.2.3 has Cross-Site Scripting because of an ...)
	NOT-FOR-US: django-epiceditor
CVE-2017-6588
	RESERVED
CVE-2017-6587
	RESERVED
CVE-2017-6586
	RESERVED
CVE-2017-6585
	RESERVED
CVE-2017-6584
	RESERVED
CVE-2017-6583
	RESERVED
CVE-2017-6582
	RESERVED
CVE-2017-6581
	RESERVED
CVE-2017-6580
	RESERVED
CVE-2017-6579
	RESERVED
CVE-2017-6578 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6577 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6576 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6575 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6574 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6573 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6572 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6571 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6570 (A SQL injection issue is exploitable, with WordPress admin access, in ...)
	NOT-FOR-US: Mail Masta (aka mail-masta) plugin 1.0 for WordPress
CVE-2017-6569
	RESERVED
CVE-2017-6568
	RESERVED
CVE-2017-6567
	RESERVED
CVE-2017-6566
	RESERVED
CVE-2017-6565 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the roleDiag ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550 evo
CVE-2017-6564 (On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550 evo
CVE-2017-6563
	RESERVED
CVE-2017-6562 (XSS in Agora-Project 3.2.2 exists with an ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6561 (XSS in Agora-Project 3.2.2 exists with an ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6560 (XSS in Agora-Project 3.2.2 exists with an ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6559 (XSS in Agora-Project 3.2.2 exists with an ...)
	NOT-FOR-US: Agora-Project
CVE-2017-6558 (iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n ...)
	NOT-FOR-US: iball Baton
CVE-2017-6557 (SQL injection vulnerability in ArrayOS before AG 9.4.0.135, when the ...)
	NOT-FOR-US: ArrayOS
CVE-2017-6556 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6555 (Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6554 (pmmasterd in Quest Privilege Manager before 6.0.0.061, when configured ...)
	NOT-FOR-US: Quest Privilege Manager
CVE-2017-6553 (Buffer Overflow in Quest One Identity Privilege Manager for Unix before ...)
	NOT-FOR-US: Quest One Identity Privilege Manager for Unix
CVE-2017-6552 (Livebox 3 Sagemcom SG30_sip-fr-5.15.8.1 devices have an insufficiently ...)
	NOT-FOR-US: Livebox 3 Sagemcom
CVE-2017-6551 (Pexip Infinity before 14.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Pexip Infinity
CVE-2017-6550 (Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson ...)
	NOT-FOR-US: Kinsey Infor-Lawson
CVE-2017-6549 (Session hijack vulnerability in httpd on ASUS RT-N56U, RT-N66U, ...)
	NOT-FOR-US: ASUS
CVE-2017-6548 (Buffer overflows in networkmap on ASUS RT-N56U, RT-N66U, RT-AC66U, ...)
	NOT-FOR-US: ASUS
CVE-2017-6547 (Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, ...)
	NOT-FOR-US: ASUS
CVE-2017-6546
	RESERVED
CVE-2017-6545
	RESERVED
CVE-2017-6544 (Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: wuhu
CVE-2017-6543 (Tenable Nessus before 6.10.2 (as used alone or in Tenable Appliance ...)
	NOT-FOR-US: Nessus
CVE-2017-6542 (The ssh_agent_channel_data function in PuTTY before 0.68 allows remote ...)
	- putty 0.67-3 (bug #857642)
	[jessie] - putty <no-dsa> (Minor issue)
	[wheezy] - putty <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-agent-fwd-overflow.html
	NOTE: Fixed by: https://git.tartarus.org/?p=simon/putty.git;a=commitdiff;h=4ff22863d895cb7ebfced4cf923a012a614adaa8 (0.68)
	NOTE: Bug only exploitable if SSH agent forwarding enabled (not the default) and if
	NOTE: the attacker can already be able to connect to the  Unix-domain socket
	NOTE: representing the forwarded agent connection.
CVE-2017-6541 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
	NOT-FOR-US: webpagetest
CVE-2017-6540 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
	NOT-FOR-US: webpagetest
CVE-2017-6539 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
	NOT-FOR-US: webpagetest
CVE-2017-6538 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
	NOT-FOR-US: webpagetest
CVE-2017-6537 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
	NOT-FOR-US: webpagetest
CVE-2017-6536 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
	NOT-FOR-US: webpagetest
CVE-2017-6535 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
	NOT-FOR-US: webpagetest
CVE-2017-6534 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
	NOT-FOR-US: webpagetest
CVE-2017-6533 (A Cross-Site Scripting (XSS) issue was discovered in webpagetest 3.0. ...)
	NOT-FOR-US: webpagetest
CVE-2017-6532 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 ...)
	NOT-FOR-US: Televes COAXDATA GATEWAY
CVE-2017-6531 (On Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20, ...)
	NOT-FOR-US: Televes COAXDATA GATEWAY
CVE-2017-6530 (Televes COAXDATA GATEWAY 1Gbps devices doc-wifi-hgw_v1.02.0014 4.20 do ...)
	NOT-FOR-US: Televes COAXDATA GATEWAY
CVE-2017-6529 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6528 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6527 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6526 (An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is ...)
	NOT-FOR-US: dnaLIMS
CVE-2017-6525
	RESERVED
CVE-2017-6524
	RESERVED
CVE-2017-6523
	RESERVED
CVE-2017-6522
	RESERVED
CVE-2017-6521
	RESERVED
CVE-2017-6520 (The Multicast DNS (mDNS) responder used in BOSE Soundtouch 30 ...)
	NOT-FOR-US: Multicast DNS (mDNS) responder used in BOSE Soundtouch 30
CVE-2017-6519 (avahi-daemon in Avahi through 0.6.32 inadvertently responds to IPv6 ...)
	- avahi <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1426712
CVE-2017-6518 (Cross-site scripting (XSS) vulnerability in /sanadata/seo/index.asp in ...)
	NOT-FOR-US: SanaCMS
CVE-2017-6517 (Microsoft Skype 7.16.0.102 contains a vulnerability that could allow ...)
	NOT-FOR-US: Microsoft
CVE-2017-6516 (A Local Privilege Escalation Vulnerability in MagniComp's Sysinfo ...)
	NOT-FOR-US: MagniComp
CVE-2017-6515
	RESERVED
CVE-2017-6514
	RESERVED
CVE-2017-6513 (The WHMCS Reseller Module V2 2.0.2 in Softaculous Virtualizor before ...)
	NOT-FOR-US: Softaculous Virtualizor
CVE-2017-6512 (Race condition in the rmtree and remove_tree functions in the ...)
	{DSA-3873-1 DLA-978-1}
	- perl 5.24.1-3 (bug #863870)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=121951
	NOTE: https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
CVE-2016-10245
	RESERVED
CVE-2017-6511 (andrzuk/FineCMS before 2017-03-06 is vulnerable to a reflected XSS in ...)
	NOT-FOR-US: FineCMS
CVE-2017-6510 (Easy File Sharing FTP Server version 3.6 is vulnerable to a directory ...)
	NOT-FOR-US: Easy File Sharing FTP Server
CVE-2017-6509 (Smith0r/burgundy-cms before 2017-03-06 is vulnerable to a reflected XSS ...)
	NOT-FOR-US: burgundy-cms
CVE-2017-6507 (An issue was discovered in AppArmor before 2.12. Incorrect handling of ...)
	- apparmor 2.11.0-3 (bug #858768)
	[jessie] - apparmor <no-dsa> (Minor issue)
	[wheezy] - apparmor <no-dsa> (Experimental/unsupported feature)
	NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3647
	NOTE: http://bazaar.launchpad.net/~apparmor-dev/apparmor/master/revision/3648
	NOTE: https://bugs.launchpad.net/apparmor/+bug/1668892
	NOTE: affects only third-party rules, e.g. from Docker or LXC
	NOTE: LXC in wheezy doesn't support proper isolation
CVE-2017-6814 (In WordPress before 4.7.3, there is authenticated Cross-Site Scripting ...)
	{DSA-3815-1 DLA-860-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/28f838ca3ee205b6f39cd2bf23eb4e5f52796bd7
CVE-2017-6815 (In WordPress before 4.7.3 (wp-includes/pluggable.php), control ...)
	{DSA-3815-1 DLA-860-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/288cd469396cfe7055972b457eb589cea51ce40e
CVE-2017-6816 (In WordPress before 4.7.3 (wp-admin/plugins.php), unintended files can ...)
	{DSA-3815-1 DLA-860-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/4d80f8b3e1b00a3edcee0774dc9c2f4c78f9e663
CVE-2017-6817 (In WordPress before 4.7.3 (wp-includes/embed.php), there is ...)
	{DSA-3815-1}
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	[wheezy] - wordpress <not-affected> (vulnerable code was introduced later)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/419c8d97ce8df7d5004ee0b566bc5e095f0a6ca8
CVE-2017-6818 (In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is ...)
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	[jessie] - wordpress <not-affected> (Only affects 4.7.x)
	[wheezy] - wordpress <not-affected> (Only affects 4.7.x)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/9092fd01e1f452f37c313d38b18f9fe6907541f9
CVE-2017-6819 (In WordPress before 4.7.3, there is cross-site request forgery (CSRF) ...)
	- wordpress 4.7.3+dfsg-1 (bug #857026)
	[jessie] - wordpress <not-affected> (Only affects 4.2 and later)
	[wheezy] - wordpress <not-affected> (Only affects 4.2 and later)
	NOTE: https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
	NOTE: https://github.com/WordPress/WordPress/commit/263831a72d08556bc2f3a328673d95301a152829
CVE-2017-6508 (CRLF injection vulnerability in the url_parse function in url.c in Wget ...)
	{DLA-851-1}
	- wget 1.19.1-2 (bug #857073)
	[buster] - wget 1.18-5
	[stretch] - wget 1.18-5
	[jessie] - wget 1.16-1+deb8u2
	NOTE: http://lists.gnu.org/archive/html/bug-wget/2017-03/msg00018.html
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=4d729e322fae359a1aefaafec1144764a54e8ad4
CVE-2017-6506 (In Azure Data Expert Ultimate 2.2.16, the SMTP verification function ...)
	NOT-FOR-US: Azure Data Expert Ultimate
CVE-2017-6505 (The ohci_service_ed_list function in hw/usb/hcd-ohci.c in QEMU (aka ...)
	{DLA-1071-1 DLA-1070-1}
	- qemu 1:2.8+dfsg-4 (bug #856969)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=95ed56939eb2eaa4e2f349fe6dcd13ca4edfd8fb
CVE-2017-6504 (WebUI in qBittorrent before 3.3.11 did not set the X-Frame-Options ...)
	{DLA-897-1}
	- qbittorrent 3.3.7-3 (low; bug #856978)
	[jessie] - qbittorrent <no-dsa> (Minor issue)
	NOTE: https://github.com/qbittorrent/qBittorrent/commit/f5ad04766f4abaa78374ff03704316f8ce04627d
	NOTE: Fixed upstream in 3.3.11
CVE-2017-6503 (WebUI in qBittorrent before 3.3.11 did not escape many values, which ...)
	{DLA-897-1}
	- qbittorrent 3.3.7-3 (low; bug #856977)
	[jessie] - qbittorrent <no-dsa> (Minor issue)
	NOTE: https://github.com/qbittorrent/qBittorrent/commit/6ca3e4f094da0a0017cb2d483ec1db6176bb0b16
	NOTE: Fixed upstream in 3.3.11
CVE-2017-6502 (An issue was discovered in ImageMagick 6.9.7. A specially crafted webp ...)
	- imagemagick 8:6.9.9.34+dfsg-3 (unimportant; bug #856883)
	NOTE: webp is disable under Debian, cf. https://bugs.debian.org/856883#14
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/126c7c98ea788241922c30df4a5633ea692cf8df
CVE-2017-6501 (An issue was discovered in ImageMagick 6.9.7. A specially crafted xcf ...)
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856881)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d31fec57e9dfb0516deead2053a856e3c71e9751
CVE-2017-6500 (An issue was discovered in ImageMagick 6.9.7. A specially crafted sun ...)
	{DSA-3808-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856879)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3007531bfd326c5c1e29cd41d2cd80c166de8528
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/375
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/376
CVE-2017-6499 (An issue was discovered in Magick++ in ImageMagick 6.9.7. A specially ...)
	{DSA-3808-1}
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856880)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=23&p=142634
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3358f060fc182551822576b2c0a8850faab5d543
CVE-2017-6498 (An issue was discovered in ImageMagick 6.9.7. Incorrect TGA files could ...)
	{DSA-3808-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856878)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/65f75a32a93ae4044c528a987a68366ecd4b46b9
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/359
CVE-2017-6497 (An issue was discovered in ImageMagick 6.9.7. A specially crafted psd ...)
	- imagemagick 8:6.9.7.4+dfsg-2 (bug #856882)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7f2dc7a1afc067d0c89f12c82bcdec0445fb1b94
CVE-2017-6496
	RESERVED
CVE-2017-6495
	RESERVED
CVE-2017-6494
	RESERVED
CVE-2017-6493
	RESERVED
CVE-2017-6492 (SQL Injection was discovered in ...)
	NOT-FOR-US: Admidio
CVE-2017-6491 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI ...)
	NOT-FOR-US: EPESI
CVE-2017-6490 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI ...)
	NOT-FOR-US: EPESI
CVE-2017-6489 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI ...)
	NOT-FOR-US: EPESI
CVE-2017-6488 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI ...)
	NOT-FOR-US: EPESI
CVE-2017-6487 (Multiple Cross-Site Scripting (XSS) issues were discovered in EPESI ...)
	NOT-FOR-US: EPESI
CVE-2017-6486 (A Cross-Site Scripting (XSS) issue was discovered in reasoncms before ...)
	NOT-FOR-US: reasoncms
CVE-2017-6485 (A Cross-Site Scripting (XSS) issue was discovered in php-calendar ...)
	NOT-FOR-US: PHP-Calendar
CVE-2017-6484 (Multiple Cross-Site Scripting (XSS) issues were discovered in ...)
	NOT-FOR-US: INTER-Mediator
CVE-2017-6483 (Multiple Cross-Site Scripting (XSS) issues were discovered in ATutor ...)
	NOT-FOR-US: ATutor
CVE-2017-6482
	REJECTED
CVE-2017-6481 (Multiple Cross-Site Scripting (XSS) issues were discovered in phpipam ...)
	NOT-FOR-US: phpipam
CVE-2017-6480 (groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS ...)
	NOT-FOR-US: cmsgroovel
CVE-2017-6479 (FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a ...)
	NOT-FOR-US: FenixHosting (different than fenix game engine)
CVE-2017-6478 (paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected ...)
	NOT-FOR-US: MaNGOSWebV4
CVE-2016-10244 (The parse_charstrings function in type1/t1load.c in FreeType 2 before ...)
	{DSA-3839-1 DLA-848-1}
	[experimental] - freetype 2.7.1-0.1
	- freetype 2.6.3-3.1 (bug #856971)
	NOTE: Fixed in 2.7: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/tree/ChangeLog?h=VER-2-7
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=a660e3de422731b94d4a134d27555430cbb6fb39 (VER-2-7)
CVE-2016-10243 (TeX Live allows remote attackers to execute arbitrary commands by ...)
	{DSA-3803-1 DLA-847-1}
	- texlive-bin <unfixed> (unimportant)
	- texlive-base 2016.20161130-1
	NOTE: https://scumjr.github.io/2016/11/28/pwning-coworkers-thanks-to-latex/
	NOTE: http://www.tug.org/svn/texlive?view=revision&revision=42605
CVE-2017-6477
	RESERVED
CVE-2017-6476
	RESERVED
CVE-2017-6475
	RESERVED
CVE-2017-6474 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-07.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a998c9195f183d85f5b0bbeebba21a2d4d303d47
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13429
CVE-2017-6473 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a K12 file ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-09.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=7edc761a01cda8e1b37677f673985582330317d2
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13431
CVE-2017-6472 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an RTMPT ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-04.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2b3a0909beff8963b390034c594e0b6be6a4e531
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13347
CVE-2017-6471 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a WSP ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-05.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=62afef41277dfac37f515207ca73d33306e3302b
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13348
CVE-2017-6470 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an IAX2 ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-10.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=0b89174ef4c531a1917437fff586fe525ee7bf2d
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13432
CVE-2017-6469 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is an LDSS ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-03.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=4f753c127082d5e28abf482d6d175cbfee6661f7
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13346
CVE-2017-6468 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a NetScaler ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-08.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9f3bc84b7e7e435c50b8b68f0fc526d0f5676cbf
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13430
CVE-2017-6467 (In Wireshark 2.2.0 to 2.2.4 and 2.0.0 to 2.0.10, there is a Netscaler ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.5+g440fd4d-2
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-11.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=284ad58d288722a8725401967bff0c4455488f0c
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12083
CVE-2017-6466 (F-Secure Software Updater 2.20, as distributed in several F-Secure ...)
	NOT-FOR-US: F-Secure
CVE-2017-6465 (Remote Code Execution was discovered in FTPShell Client 6.53. By ...)
	NOT-FOR-US: FTPShell Client
CVE-2017-6464 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote attackers to ...)
	- ntp 1:4.2.8p10+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3389
	NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6463 (NTP before 4.2.8p10 and 4.3.x before 4.3.94 allows remote ...)
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3387
	NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6462 (Buffer overflow in the legacy Datum Programmable Time Server (DPTS) ...)
	- ntp 1:4.2.8p10+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3388
	NOTE: https://cure53.de/pentest-report_ntp.pdf
	NOTE: Obscure legacy feature, no real impact
CVE-2017-6461
	REJECTED
CVE-2017-6460 (Stack-based buffer overflow in the reslist function in ntpq in NTP ...)
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3377
	NOTE: https://cure53.de/pentest-report_ntp.pdf
CVE-2017-6459 (The Windows installer for NTP before 4.2.8p10 and 4.3.x before 4.3.94 ...)
	- ntp <not-affected> (NTP on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3382
CVE-2017-6458 (Multiple buffer overflows in the ctl_put* functions in NTP before ...)
	- ntp 1:4.2.8p10+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3379
	NOTE: https://cure53.de/pentest-report_ntp.pdf
	NOTE: This is not a vulnerability per se, but a weakness in an internal helper function
CVE-2017-6457
	REJECTED
CVE-2017-6456
	REJECTED
CVE-2017-6455 (NTP before 4.2.8p10 and 4.3.x before 4.3.94, when using PPSAPI, allows ...)
	- ntp <not-affected> (NTP on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3384
CVE-2017-6454
	REJECTED
CVE-2017-6453
	REJECTED
CVE-2017-6452 (Stack-based buffer overflow in the Windows installer for NTP before ...)
	- ntp <not-affected> (NTP on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3383
CVE-2017-6451 (The mx4200_send function in the legacy MX4200 refclock in NTP before ...)
	- ntp <not-affected> (Vulnerable code not enabled at build time)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3378
CVE-2017-6450
	RESERVED
CVE-2017-6449
	RESERVED
CVE-2017-6448 (The dalvik_disassemble function in libr/asm/p/asm_dalvik.c in radare2 ...)
	{DLA-901-1}
	[experimental] - radare2 1.3.0+dfsg-1
	- radare2 1.1.0+dfsg-4 (bug #859447)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/commit/f41e941341e44aa86edd4483c4487ec09a074257 (1.3.0-git)
	NOTE: https://github.com/radare/radare2/issues/6885
CVE-2017-6447
	RESERVED
CVE-2017-6446 (XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and ...)
	- dotclear <removed>
CVE-2017-6445 (The auto-update feature of Open Embedded Linux Entertainment Center ...)
	NOT-FOR-US: OpenELEC
CVE-2017-6444 (The MikroTik Router hAP Lite 6.25 has no protection mechanism for ...)
	NOT-FOR-US: MikroTik Router hAP Lite
CVE-2017-6443 (Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 ...)
	NOT-FOR-US: EPSON TMNet WebConfig
CVE-2002-2447
	RESERVED
CVE-2017-XXXX [dns: out of bound memory read]
	- suricata 3.2.1-1 (bug #856648)
	[jessie] - suricata <no-dsa> (Minor issue)
	[wheezy] - suricata <not-affected> (vulnerable code not present)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2022
	NOTE: Fixed by: https://github.com/inliniac/suricata/commit/20990f7a7eb7939946a275dfc9a95426b0080a19 (3.2.1)
CVE-2017-7177 (Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused ...)
	{DLA-865-1}
	- suricata 3.2.1-1 (bug #856649)
	[jessie] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/2019
	NOTE: Fixed by: https://github.com/inliniac/suricata/commit/4a04f814b15762eb446a5ead4d69d021512df6f8 (3.2.1)
CVE-2017-6442
	RESERVED
CVE-2017-6441 (** DISPUTED ** The _zval_get_long_func_ex in Zend/zend_operators.c in ...)
	NOTE: PHP bug without security relevance
CVE-2017-6440 (The parse_data_node function in bplist.c in libimobiledevice libplist ...)
	- libplist 1.12+git+1+e37ca00-0.2 (bug #858055)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libplist/issues/99
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
CVE-2017-6439 (Heap-based buffer overflow in the parse_string_node function in ...)
	{DLA-870-1}
	- libplist 1.12+git+1+e37ca00-0.1
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libplist/issues/95
	NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd
CVE-2017-6438 (Heap-based buffer overflow in the parse_unicode_node function in ...)
	- libplist 1.12+git+1+e37ca00-0.2 (bug #858786)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libplist/issues/98
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
CVE-2017-6437 (The base64encode function in base64.c in libimobiledevice libplist ...)
	- libplist 1.12+git+1+e37ca00-0.2 (bug #858787)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libplist/issues/100
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/dccd9290745345896e3a4a73154576a599fd8b7b
CVE-2017-6436 (The parse_string_node function in bplist.c in libimobiledevice ...)
	{DLA-870-1}
	- libplist 1.12+git+1+e37ca00-0.1
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libplist/issues/94
	NOTE: https://github.com/libimobiledevice/libplist/commit/32ee5213fe64f1e10ec76c1ee861ee6f233120dd
CVE-2017-6435 (The parse_string_node function in bplist.c in libimobiledevice ...)
	{DLA-870-1}
	- libplist 1.12+git+1+e37ca00-0.1
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libplist/issues/93
	NOTE: https://github.com/libimobiledevice/libplist/commit/fbd8494d5e4e46bf2e90cb6116903e404374fb56
CVE-2017-6434
	RESERVED
CVE-2017-6433
	RESERVED
CVE-2017-6432 (An issue was discovered on Dahua DHI-HCVR7216A-S3 3.210.0001.10 build ...)
	NOT-FOR-US: Dahua DVR
CVE-2017-6431
	RESERVED
CVE-2017-6430 (The compile_tree function in ef_compiler.c in the Etterfilter utility ...)
	{DSA-3874-1}
	- ettercap 1:0.8.2-4 (bug #857035)
	NOTE: https://github.com/Ettercap/ettercap/issues/782
	NOTE: Patch: https://github.com/LocutusOfBorg/ettercap/commit/626dc56686f15f2dda13c48f78c2a666cb6d8506
CVE-2017-6429 (Buffer overflow in the tcpcapinfo utility in Tcpreplay before 4.2.0 ...)
	- tcpreplay <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/appneta/tcpreplay/issues/278
	NOTE: https://github.com/appneta/tcpreplay/commit/d689d14dbcd768c028eab2fb378d849e543dcfe9
CVE-2017-6428
	RESERVED
CVE-2017-6427 (A Buffer Overflow was discovered in EvoStream Media Server 1.7.1. A ...)
	NOT-FOR-US: EvoStream Media Server
CVE-2017-6849 (The PoDoFo::PdfColorGray::~PdfColorGray function in PdfColor.cpp in ...)
	- libpodofo <unfixed> (bug #861566)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/10
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcolorgraypdfcolorgray-pdfcolor-cpp
	NOTE: https://sourceforge.net/p/podofo/tickets/8/
CVE-2017-6848 (The PoDoFo::PdfXObject::PdfXObject function in PdfXObject.cpp in ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861565)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/9
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfxobjectpdfxobject-pdfxobject-cpp
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6847 (The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861564)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/8
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfvariantdelayedload-pdfvariant-h
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1846
CVE-2017-6846 (The GraphicsStack::TGraphicsStackElement::SetNonStrokingColorSpace ...)
	- libpodofo <unfixed> (bug #861563)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/7
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementsetnonstrokingcolorspace-graphicsstack-h/
	NOTE: https://sourceforge.net/p/podofo/tickets/9/
CVE-2017-6845 (The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo ...)
	- libpodofo 0.9.5-9 (bug #861562)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: The motivation for no-dsa in wheezy is that there are no known
	NOTE: services that use this library (apart from desktop applications)
	NOTE: and the worst case is a DoS.
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/6
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-podofopdfcoloroperator-pdfcolor-cpp
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1892
CVE-2017-6844 (Buffer overflow in the PoDoFo::PdfParser::ReadXRefSubsection function ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #861561)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/5
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-global-buffer-overflow-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
CVE-2017-6843 (Heap-based buffer overflow in the PoDoFo::PdfVariant::DelayedLoad ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861560)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/4
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-heap-based-buffer-overflow-in-podofopdfvariantdelayedload-pdfvariant-h
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6842 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861559)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/3
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-colorchangergetcolorfromstack-colorchanger-cpp
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6841 (The GraphicsStack::TGraphicsStackElement::~TGraphicsStackElement ...)
	- libpodofo <unfixed> (bug #861558)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/2
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-null-pointer-dereference-in-graphicsstacktgraphicsstackelementtgraphicsstackelement-graphicsstack-h
	NOTE: https://sourceforge.net/p/podofo/tickets/10/
CVE-2017-6840 (The ColorChanger::GetColorFromStack function in colorchanger.cpp in ...)
	{DLA-968-1}
	- libpodofo 0.9.4-6 (bug #861557)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/02/1
	NOTE: https://blogs.gentoo.org/ago/2017/03/02/podofo-invalid-memory-read-in-colorchangergetcolorfromstack-colorchanger-cpp
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1844
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1845
CVE-2017-6426 (An information disclosure vulnerability in the Qualcomm SPMI driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6425 (An information disclosure vulnerability in the Qualcomm video driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6424 (An elevation of privilege vulnerability in the Qualcomm WiFi driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-6423 (An elevation of privilege vulnerability in the Qualcomm kyro L2 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10242 (A time-of-check time-of-use race condition could potentially exist in ...)
	NOT-FOR-US: Qualcomm component/driver for Android
CVE-2016-10241
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10240
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10239 (In TrustZone access control policy may potentially be bypassed in all ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10238 (In QSEE in all Android releases from CAF using the Linux kernel access ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10237 (If shared content protection memory were passed as the secure camera ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-10236 (An information disclosure vulnerability in the Qualcomm USB driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10235 (A denial of service vulnerability in the Qualcomm WiFi driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10234 (An information disclosure vulnerability in the Qualcomm IPA driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10233 (An elevation of privilege vulnerability in the Qualcomm video driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10232 (An elevation of privilege vulnerability in the Qualcomm video driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10231 (An elevation of privilege vulnerability in the Qualcomm sound codec ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10230 (A remote code execution vulnerability in the Qualcomm crypto driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-10229 (udp.c in the Linux kernel before 4.5 allows remote attackers to ...)
	- linux 4.5.1-1 (bug #808293)
	[jessie] - linux 3.16.7-ckt20-1+deb8u2
	[wheezy] - linux 3.2.73-2+deb7u2
	NOTE: Fixed by: https://git.kernel.org/linus/197c949e7798fbf28cfadc69d9ca0c2abbf93191 (v4.5-rc1)
CVE-2015-9003 (In TrustZone a cryptographic issue can potentially occur in all ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9002 (In TrustZone an out-of-range pointer offset vulnerability can ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9001 (In TrustZone an information exposure vulnerability can potentially ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-9000 (In TrustZone an untrusted pointer dereference vulnerability can ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8999 (In TrustZone a buffer overflow vulnerability can potentially occur in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8998 (In TrustZone an integer overflow vulnerability can potentially occur ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8997 (In TrustZone a time-of-check time-of-use race condition could ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8996 (In TrustZone a time-of-check time-of-use race condition could ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8995 (In TrustZone an integer overflow vulnerability can potentially occur ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9938 (contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize ...)
	- git 1:2.0.0~rc2-1
	[wheezy] - git <not-affected> (Vulnerable code introduced in 1.8.1-rc0)
	NOTE: https://github.com/git/git/commit/8976500cbbb13270398d3b3e07a17b8cc7bff43f
	NOTE: https://github.com/njhartwell/pw3nage
	NOTE: Vulnerability likely introduced by the "pc_mode" in https://github.com/git/git/commit/1bfc51ac814125de03ddf1900245e42d6ce0d250
CVE-2014-9937 (In TrustZone a buffer overflow vulnerability can potentially occur in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9936 (In TrustZone a time-of-check time-of-use race condition could ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9935 (In TrustZone an integer overflow vulnerability leading to a buffer ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9934 (A PKCS#1 v1.5 signature verification routine in all Android releases ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9933 (Due to missing input validation in all Android releases from CAF using ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9932 (In TrustZone, an integer overflow vulnerability can potentially occur ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9931 (A buffer overflow vulnerability in all Android releases from CAF using ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9930 (In WCDMA in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9929 (In WCDMA in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9928 (In GERAN in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9927 (In UIM in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9926 (In GNSS in all Android releases from CAF using the Linux kernel, a Use ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9925 (In HDR in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9924 (In 1x in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9923 (In NAS in all Android releases from CAF using the Linux kernel, a ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9922 (The eCryptfs subsystem in the Linux kernel before 3.18 allows local ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux 3.2.82-1
	NOTE: Fixed by: https://git.kernel.org/linus/69c433ed2ecd2d3264efd7afec4439524b319121 (v3.18-rc2)
CVE-2017-6422
	RESERVED
CVE-2017-6421 (In the touch controller function in all Qualcomm products with Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-6420 (The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...)
	{DLA-1261-1 DLA-1105-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (Gets updated via -updates)
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11798
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/dfc00cd3301a42b571454b51a6102eecf58407bc
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/60671e3deb1df6c626e5c7e13752c2eec1649f98
CVE-2017-6419 (mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...)
	{DSA-3946-1 DLA-1279-1}
	- libmspack 0.6-1 (bug #871263)
	- clamav 0.99.3~beta1+dfsg-1 (unimportant)
	[stretch] - clamav 0.99.4+dfsg-1+deb9u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11701
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1
	NOTE: ClamAV uses the libmspack system library when available. This is the
	NOTE: case from starting from Debian Jessie. Debian Wheezy does not have
	NOTE: have libmspack and thus need to have the fix as well in the
	NOTE: src:clamav source package.
	NOTE: libmspack: https://github.com/kyz/libmspack/commit/6139a0b9e93fcb7fcf423e56aa825bc869e02229
CVE-2017-6418 (libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a ...)
	{DLA-1261-1 DLA-1105-1}
	- clamav 0.99.3~beta1+dfsg-1
	[stretch] - clamav 0.99.2+dfsg-6+deb9u1
	[jessie] - clamav <no-dsa> (Gets updated via -updates)
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11797
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/586a5180287262070637c8943f2f7efd652e4a2c
CVE-2017-6417 (Code injection vulnerability in Avira Total Security Suite 15.0 (and ...)
	NOT-FOR-US: Avira Total Security Suite
CVE-2017-6416 (An issue was discovered in SysGauge 1.5.18. A buffer overflow ...)
	NOT-FOR-US: SysGauge
CVE-2017-6415 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
	- radare2 1.1.0+dfsg-3 (bug #856572)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	NOTE: https://github.com/radare/radare2/issues/6872
	NOTE: https://github.com/radare/radare2/commit/252afb1cff9676f3ae1f341a28448bf2c8b6e308
CVE-2017-6414 (Memory leak in the vcard_apdu_new function in card_7816.c in libcacard ...)
	- libcacard 1:2.5.0-3 (bug #856501)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/libcacard/commit/?id=9113dc6a303604a2d9812ac70c17d076ef11886c
CVE-2017-6413 (The &quot;OpenID Connect Relying Party and OAuth 2.0 Resource Server&quot; (aka ...)
	- libapache2-mod-auth-openidc 2.1.6-1
	[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
	NOTE: https://github.com/pingidentity/mod_auth_openidc/commit/21e3728a825c41ab41efa75e664108051bb9665e
CVE-2017-6412 (In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could ...)
	NOT-FOR-US: Sophos
CVE-2017-6411 (Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 ...)
	NOT-FOR-US: D-Link
CVE-2017-6410 (kpac/script.cpp in KDE kio before 5.32 and kdelibs before 4.14.30 calls ...)
	{DSA-3849-1 DLA-952-1}
	- kio 5.28.0-2 (bug #856889)
	- kde4libs 4:4.14.26-2 (bug #856890)
	NOTE: https://www.kde.org/info/security/advisory-20170228-1.txt
	NOTE: Patch for kio: https://commits.kde.org/kio/f9d0cb47cf94e209f6171ac0e8d774e68156a6e4
	NOTE: Patch for kde4libs: https://commits.kde.org/kdelibs/1804c2fde7bf4e432c6cf5bb8cce5701c7010559
CVE-2017-6409 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6408 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6407 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6406 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6405 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6404 (An issue was discovered in Veritas NetBackup Before 7.7 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6403 (An issue was discovered in Veritas NetBackup Before 8.0 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6402 (An issue was discovered in Veritas NetBackup 8.0 and earlier and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6401 (An issue was discovered in Veritas NetBackup before 8.0 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6400 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6399 (An issue was discovered in Veritas NetBackup Before 7.7.2 and NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2017-6398 (An issue was discovered in Trend Micro InterScan Messaging Security ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6397 (An issue was discovered in FlightAirMap v1.0-beta.10. The vulnerability ...)
	NOT-FOR-US: FlightAirMap
CVE-2017-6396 (An issue was discovered in WPO-Foundation WebPageTest 3.0. The ...)
	NOT-FOR-US: WPO-Foundation WebPageTest
CVE-2017-6395 (An issue was discovered in HashOver 2.0. The vulnerability exists due ...)
	NOT-FOR-US: HashOveer
CVE-2017-6394 (Multiple Cross-Site Scripting (XSS) issues were discovered in OpenEMR ...)
	NOT-FOR-US: OpenEMR
CVE-2017-6393 (An issue was discovered in NagVis 1.9b12. The vulnerability exists due ...)
	- nagvis <not-affected> (Vulnerable code introduced in nagvis-1.8.0)
	NOTE: https://github.com/NagVis/nagvis/issues/91
CVE-2017-6392 (An issue was discovered in Kaltura server Lynx-12.11.0. The ...)
	NOT-FOR-US: Kaltura server
CVE-2017-6391 (An issue was discovered in Kaltura server Lynx-12.11.0. The ...)
	NOT-FOR-US: Kaltura server
CVE-2017-6390 (An issue was discovered in whatanime.ga before ...)
	NOT-FOR-US: whatanime.ga
CVE-2017-6389
	RESERVED
CVE-2017-6388
	RESERVED
CVE-2017-6387 (The dex_loadcode function in libr/bin/p/bin_dex.c in radare2 1.2.1 ...)
	- radare2 1.1.0+dfsg-3 (bug #856574)
	[jessie] - radare2 <not-affected> (Vulnerable code not present)
	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/ead645853a63bf83d8386702cad0cf23b31d7eeb
	NOTE: https://github.com/radare/radare2/issues/6857
CVE-2017-6386 (Memory leak in the vrend_create_vertex_elements_state function in ...)
	- virglrenderer 0.6.0-2 (bug #858255; bug #872884)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=737c3350850ca4dbc5633b3bdb4118176ce59920
CVE-2017-6385
	RESERVED
CVE-2017-6383
	REJECTED
CVE-2017-6382
	RESERVED
CVE-2017-6381 (A 3rd party development library including with Drupal 8 development ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6380
	RESERVED
CVE-2017-6379 (Some administrative paths in Drupal 8.2.x before 8.2.7 did not include ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6378
	RESERVED
CVE-2017-6377 (When adding a private file via the editor in Drupal 8.2.x before ...)
	- drupal8 <itp> (bug #756305)
	NOTE: https://www.drupal.org/SA-2017-001
CVE-2017-6376
	RESERVED
CVE-2017-6375
	RESERVED
CVE-2017-6374
	RESERVED
CVE-2017-6373
	RESERVED
CVE-2017-6372
	RESERVED
CVE-2017-6371
	RESERVED
CVE-2017-6370 (TYPO3 7.6.15 sends an http request to an index.php?loginProvider URI in ...)
	NOT-FOR-US: Typo3
CVE-2017-6369 (Insufficient checks in the UDF subsystem in Firebird 2.5.x before 2.5.7 ...)
	{DSA-3824-1 DLA-879-1}
	- firebird2.5 <unfixed> (bug #858641)
	- firebird3.0 3.0.1.32609.ds4-14 (bug #858644)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-5474
	NOTE: Fixed by: https://github.com/FirebirdSQL/firebird/commit/8b2a9cb44bf6055e15f016d70a6842b8ada60375 (3.0)
	NOTE: https://github.com/FirebirdSQL/firebird/commit/9d9b9e0c94e201da489d1da81f858c570d3ca6ef (2.5)
	NOTE: https://github.com/FirebirdSQL/firebird/commit/a802126cd501f641f00d6cda12d5d9ee3ecda6f5 (2.5)
CVE-2017-6368
	RESERVED
CVE-2017-6367 (In Cerberus FTP Server 8.0.10.1, a crafted HTTP request causes the ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2017-6366 (Cross-site request forgery (CSRF) vulnerability in NETGEAR DGN2200 ...)
	NOT-FOR-US: Netgear
CVE-2017-6365
	RESERVED
CVE-2017-6364
	RESERVED
CVE-2017-6363
	RESERVED
CVE-2017-6362 (Double free vulnerability in the gdImagePngPtr function in libgd2 ...)
	{DSA-3961-1 DLA-1106-1}
	- libgd2 2.2.5-1
	NOTE: https://github.com/libgd/libgd/issues/381
	NOTE: https://github.com/libgd/libgd/commit/56ce6ef068b954ad28379e83cca04feefc51320c
CVE-2017-6361 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute ...)
	NOT-FOR-US: QNAP
CVE-2017-6360 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...)
	NOT-FOR-US: QNAP
CVE-2017-6359 (QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain ...)
	NOT-FOR-US: QNAP
CVE-2017-6358
	RESERVED
CVE-2017-6357
	RESERVED
CVE-2017-6356 (Palo Alto Networks Terminal Services (aka TS) Agent 6.0, 7.0, and 8.0 ...)
	NOT-FOR-US: Palo Alto Networks Terminal Services
CVE-2015-8994 (An issue was discovered in PHP 5.x and 7.x, when the configuration ...)
	- php7.1 <not-affected> (Fixed before initial upload to Debian)
	- php7.0 7.0.14-1
	- php5 <removed>
	[jessie] - php5 5.6.29+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (vulnerable code not present)
	NOTE: Fixed in 7.1.0, 7.0.14, 5.6.29
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=69090
CVE-2015-8993 (Malicious file execution vulnerability in Intel Security CloudAV ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8992 (Malicious file execution vulnerability in Intel Security WebAdvisor ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8991 (Malicious file execution vulnerability in Intel Security McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8990 (Detection bypass vulnerability in Intel Security Advanced Threat ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8989 (Unsalted password vulnerability in the Enterprise Manager (web portal) ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8988 (Unquoted executable path vulnerability in Client Management and ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8987 (Man-in-the-middle (MitM) attack vulnerability in non-Mac OS agents in ...)
	NOT-FOR-US: Intel antivirus
CVE-2015-8986 (Sandbox detection evasion vulnerability in hardware appliances in ...)
	NOT-FOR-US: Intel antivirus
CVE-2014-9921 (Information disclosure vulnerability in McAfee (now Intel Security) ...)
	NOT-FOR-US: Intel antivirus
CVE-2014-9920 (Unauthorized execution of binary vulnerability in McAfee (now Intel ...)
	NOT-FOR-US: Intel antivirus
CVE-2013-7462 (A directory traversal vulnerability in the web application in McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2013-7461 (A write protection and execution bypass vulnerability in McAfee (now ...)
	NOT-FOR-US: Intel antivirus
CVE-2013-7460 (A write protection and execution bypass vulnerability in McAfee (now ...)
	NOT-FOR-US: Intel antivirus
CVE-2017-6355 (Integer overflow in the vrend_create_shader function in ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=93761787b29f37fa627dea9082cdfc1a1ec608d6 (0.6.0)
CVE-2017-6354
	RESERVED
CVE-2017-6352
	RESERVED
CVE-2017-6351 (The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer ...)
	NOT-FOR-US: WePresent WiPG-1500
CVE-2017-6350 (An integer overflow at an unserialize_uep memory allocation site would ...)
	{DLA-850-1}
	- vim 2:8.0.0197-3 (bug #856266)
	[jessie] - vim 2:7.4.488-7+deb8u3
	- neovim 0.1.7-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/0c8485f0e4931463c0f7986e1ea84a7d79f10c75
CVE-2017-6349 (An integer overflow at a u_read_undo memory allocation site would occur ...)
	{DLA-850-1}
	- vim 2:8.0.0197-3 (bug #856266)
	[jessie] - vim 2:7.4.488-7+deb8u3
	- neovim 0.1.7-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/3eb1637b1bba19519885dd6d377bd5596e91d22c
CVE-2017-6344 (XML External Entity (XXE) vulnerability in Grails PDF Plugin 0.6 allows ...)
	NOT-FOR-US: Grails PDF plugin
CVE-2017-6343 (The web interface on Dahua DHI-HCVR7216A-S3 devices with NVR Firmware ...)
	NOT-FOR-US: Dahua devices
CVE-2017-6342 (An issue was discovered on Dahua DHI-HCVR7216A-S3 devices with NVR ...)
	NOT-FOR-US: Dahua devices
CVE-2017-6341 (Dahua DHI-HCVR7216A-S3 devices with NVR Firmware 3.210.0001.10 ...)
	NOT-FOR-US: Dahua devices
CVE-2017-6340 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6339 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 before ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6338 (Multiple Access Control issues in Trend Micro InterScan Web Security ...)
	NOT-FOR-US: Trend Micro
CVE-2017-6337
	RESERVED
CVE-2017-6336
	RESERVED
CVE-2017-6334 (dnslookup.cgi on NETGEAR DGN2200 devices with firmware through ...)
	NOT-FOR-US: NETGEAR
CVE-2017-6333
	RESERVED
CVE-2017-6332
	RESERVED
CVE-2017-6331 (Prior to SEP 14 RU1 Symantec Endpoint Protection product can encounter ...)
	NOT-FOR-US: Symantec
CVE-2017-6330 (Symantec Encryption Desktop before SED 10.4.1MP2 can allow remote ...)
	NOT-FOR-US: Symantec
CVE-2017-6329 (Symantec VIP Access for Desktop prior to 2.2.4 can be susceptible to a ...)
	NOT-FOR-US: Symantec
CVE-2017-6328 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an ...)
	NOT-FOR-US: Symantec
CVE-2017-6327 (The Symantec Messaging Gateway before 10.6.3-267 can encounter an ...)
	NOT-FOR-US: Symantec
CVE-2017-6326 (The Symantec Messaging Gateway can encounter an issue of remote code ...)
	NOT-FOR-US: Symantec
CVE-2017-6325 (The Symantec Messaging Gateway can encounter a file inclusion ...)
	NOT-FOR-US: Symantec
CVE-2017-6324 (The Symantec Messaging Gateway, when processing a specific email ...)
	NOT-FOR-US: Symantec
CVE-2017-6323 (The Symantec Management Console prior to ITMS 8.1 RU1, ITMS ...)
	NOT-FOR-US: Symantec
CVE-2017-6322
	RESERVED
CVE-2017-XXXX [scanelf: out of bounds read in scanelf_file_get_symtabs (scanelf.c)]
	- pax-utils <unfixed> (unimportant; bug #856196)
	NOTE: https://blogs.gentoo.org/ago/2017/02/25/pax-utils-scanelf-out-of-bounds-read-in-scanelf_file_get_symtabs-scanelf-c-2/
	NOTE: https://github.com/gentoo/pax-utils/commit/e577c5b7e230c52e5fc4fa40e4e9014c634b3c1d
	NOTE: https://github.com/gentoo/pax-utils/commit/858939ea6ad63f1acb4ec74bba705c197a67d559
CVE-2017-6353 (net/sctp/socket.c in the Linux kernel through 4.10.1 does not properly ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: https://marc.info/?l=linux-netdev&m=148785309416337&w=2
CVE-2017-6348 (The hashbin_delete function in net/irda/irqueue.c in the Linux kernel ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/4c03b862b12f980456f9de92db6d508a4999b788
CVE-2017-6347 (The ip_cmsg_recv_checksum function in net/ipv4/ip_sockglue.c in the ...)
	- linux 4.9.13-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.0)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.0)
	NOTE: Fixed by: https://git.kernel.org/linus/ca4ef4574f1ee5252e2cd365f8f5d5bafd048f32
CVE-2017-6346 (Race condition in net/packet/af_packet.c in the Linux kernel before ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/d199fab63c11998a602205f7ee7ff7c05c97164b
CVE-2017-6345 (The LLC subsystem in the Linux kernel before 4.9.13 does not ensure ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/8b74d439e1697110c5e5c600643e823eb1dd0762
CVE-2017-6321
	RESERVED
CVE-2017-6320 (A remote command injection vulnerability exists in the Barracuda Load ...)
	NOT-FOR-US: Barracuda
CVE-2017-6319 (The dex_parse_debug_item function in libr/bin/p/bin_dex.c in radare2 ...)
	- radare2 1.1.0+dfsg-3 (bug #856579)
	[jessie] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	[wheezy] - radare2 <not-affected> (Vulnerable code introduced in 1.1.0)
	NOTE: https://github.com/radare/radare2/issues/6836
	NOTE: https://github.com/radare/radare2/commit/ad55822430a03fe075221b543efb434567e9e431
CVE-2017-6318 (saned in sane-backends 1.0.25 allows remote attackers to obtain ...)
	{DLA-940-1}
	- sane-backends 1.0.25-4 (low; bug #854804)
	[jessie] - sane-backends 1.0.24-8+deb8u2
	NOTE: Upstream patch: https://anonscm.debian.org/cgit/sane/sane-backends.git/commit/frontend/saned.c?id=42896939822b44f44ecd1b6d35afdfa4473ed35d
CVE-2017-6316 (Citrix NetScaler SD-WAN devices through v9.1.2.26.561201 allow remote ...)
	NOT-FOR-US: Citrix
CVE-2017-6315 (Astaro Security Gateway (aka ASG) 7 allows remote attackers to execute ...)
	NOT-FOR-US: Astaro
CVE-2017-6335 (The QuantumTransferMode function in coders/tiff.c in GraphicsMagick ...)
	- graphicsmagick 1.3.25-8
	[wheezy] - graphicsmagick <not-affected> (vulnerable code not present)
	NOTE: Fixed by: https://sourceforge.net/p/graphicsmagick/code/ci/6156b4c2992d855ece6079653b3b93c3229fc4b8/
CVE-2017-6317 (Memory leak in the add_shader_program function in vrend_renderer.c in ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a2f12a1b0f95b13b6f8dc3d05d7b74b4386394e4 (0.6.0)
CVE-2017-6314 (The make_available_at_least function in io-tiff.c in gdk-pixbuf allows ...)
	- gdk-pixbuf 2.36.11-2 (low; bug #856448)
	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
	[jessie] - gdk-pixbuf <ignored> (Minor issue)
	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779020
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=1e513abdb55529f888233d3c96b27352d83aad5f
CVE-2017-6313 (Integer underflow in the load_resources function in io-icns.c in ...)
	- gdk-pixbuf 2.36.11-2 (low; bug #856445)
	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
	[jessie] - gdk-pixbuf <ignored> (Minor issue)
	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779016
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=210b16399a492d05efb209615a143920b24251f4
	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4cc39d479356b6b09e3d62a0f3ab424db6c266d8
CVE-2017-6312 (Integer overflow in io-ico.c in gdk-pixbuf allows context-dependent ...)
	- gdk-pixbuf 2.36.11-2 (low; bug #856444)
	[stretch] - gdk-pixbuf 2.36.5-2+deb9u2
	[jessie] - gdk-pixbuf <ignored> (Minor issue)
	[wheezy] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed in next update)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=779012
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dec9ca22d70c0f0d4492333b4e8147afb038afd2
	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=a6303ad765882555cf1b278a09be5f9e4cf3a39d
CVE-2017-6311 (gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent ...)
	- gdk-pixbuf 2.36.10-1 (bug #858491; unimportant)
	[jessie] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
	[wheezy] - gdk-pixbuf <not-affected> (Code introduced in 2.36.1)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=778204
	NOTE: http://mov.sx/2017/02/21/bug-hunting-gdk-pixbuf.html
	NOTE: Upload of gdk-pixbuf 2.36.5-3 to experimental added a new binary package containing
	NOTE: the thumbnailer.
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=57362ed4c1f37c05723e25e136327e262f32d35f
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=758655315bc3760c2d646e1e935f7448847073af
	NOTE: Tests: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=67a02e1bfef1ae8f7fa50ca36f6d922c1b6d3ed6
CVE-2017-6310 (An issue was discovered in tnef before 1.4.13. Four type confusions ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
	NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/9c4015433ecd3177976f820f7aa524c7e64c7c92
	NOTE: regression fixed by: https://github.com/verdammelt/tnef/commit/c0b99164d14dcc61348a2ddffd47dfe31d087bad
CVE-2017-6309 (An issue was discovered in tnef before 1.4.13. Two type confusions have ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/8dccf79857ceeb7a6d3e42c1e762e7b865d5344d
CVE-2017-6308 (An issue was discovered in tnef before 1.4.13. Several Integer ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/c5044689e50039635e7700fe2472fd632ac77176
CVE-2017-6307 (An issue was discovered in tnef before 1.4.13. Two OOB Writes have been ...)
	{DSA-3798-1 DLA-839-1}
	- tnef 1.4.12-1.1 (bug #856117)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-004-tnef/
	NOTE: Fixed by: https://github.com/verdammelt/tnef/commit/1a17af1ed0c791aec44dbdc9eab91218cc1e335a
CVE-2017-6306 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1}
	- libytnef 1.9.1-1
	[wheezy] - libytnef <not-affected> (vulnerable code not present)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6305 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6304 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6303 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6302 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6301 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6300 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6299 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6298 (An issue was discovered in ytnef before 1.9.1. This is related to a ...)
	{DSA-3846-1 DLA-878-1}
	- libytnef 1.9.1-1
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-002-ytnef/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/15/4
	NOTE: fixed in https://github.com/Yeraze/ytnef/commit/b36d6b25b7a546fc28d6c3812124e487987a4910
CVE-2017-6297 (The L2TP Client in MikroTik RouterOS versions 6.83.3 and 6.37.4 does ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2017-6296 (NVIDIA TrustZone Software contains a TOCTOU issue in the DRM ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6295 (NVIDIA TrustZone Software contains a vulnerability in the Keymaster ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6294
	RESERVED
CVE-2017-6293 (In Android before the 2018-05-05 security patch level, NVIDIA Tegra X1 ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6292
	RESERVED
CVE-2017-6291
	RESERVED
CVE-2017-6290
	RESERVED
CVE-2017-6289 (In Android before the 2018-05-05 security patch level, NVIDIA Trusted ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6288 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6287 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6286 (NVIDIA libnvomx contains a possible out of bounds write due to a ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6285 (NVIDIA libnvrm contains a possible out of bounds read due to a missing ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6284 (NVIDIA Security Engine contains a vulnerability in the Deterministic ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6283 (NVIDIA Security Engine contains a vulnerability in the RSA function ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6282 (NVIDIA Tegra kernel driver contains a vulnerability in NVMAP where an ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6281 (NVIDIA libnvomx contains a possible out of bounds write due to a ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6280 (NVIDIA driver contains a possible out-of-bounds read vulnerability due ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6279 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6278 (NVIDIA Tegra kernel contains a vulnerability in the CORE DVFS Thermal ...)
	NOT-FOR-US: NVIDIA Tegra
CVE-2017-6277 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6276 (NVIDIA mediaserver contains a vulnerability where it is possible a use ...)
	NOT-FOR-US: NVIDIA
CVE-2017-6275 (An information disclosure vulnerability exists in the Thermal Driver, ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-6274 (An elevation of Privilege vulnerability exists in the Thermal Driver, ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-6273 (NVIDIA ADSP Firmware contains a vulnerability in the ADSP Loader ...)
	NOT-FOR-US: NVIDIA ADSP Firmware
CVE-2017-6272 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
	[experimental] - nvidia-graphics-drivers 384.90-1
	- nvidia-graphics-drivers 384.98-2 (bug #876414)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6271 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6270 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6269 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6268 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6267 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
	[experimental] - nvidia-graphics-drivers 384.90-1
	- nvidia-graphics-drivers 384.98-2 (bug #876414)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6266 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
	[experimental] - nvidia-graphics-drivers 384.90-1
	- nvidia-graphics-drivers 384.98-2 (bug #876414)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-340xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://nvidia.custhelp.com/app/answers/detail/a_id/4544
CVE-2017-6265
	RESERVED
CVE-2017-6264 (An elevation of privilege vulnerability exists in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-6263 (NVIDIA driver contains a vulnerability where it is possible a use ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6262 (NVIDIA driver contains a vulnerability where it is possible a use ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6261
	RESERVED
CVE-2017-6260 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6259 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
	- nvidia-graphics-drivers 375.82-1 (bug #869783)
	[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Limited to E384 and E375)
CVE-2017-6258 (NVIDIA libnvmmlite_audio.so contains an elevation of privilege ...)
	NOT-FOR-US: Nvidia component for Android
CVE-2017-6257 (NVIDIA GPU Display Driver contains a vulnerability in the kernel mode ...)
	- nvidia-graphics-drivers 375.82-1 (bug #869783)
	[stretch] - nvidia-graphics-drivers 375.82-1~deb9u1
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Limited to E384 and E375)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Limited to E384 and E375)
CVE-2017-6256 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6255 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6254 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6253 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6252 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6251 (NVIDIA Windows GPU Display Driver contains a vulnerability in the ...)
	NOT-FOR-US: NVIDIA Windows GPU Display Driver
CVE-2017-6250 (NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2017-6249 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6248 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6247 (An elevation of privilege vulnerability in the NVIDIA sound driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-6246
	RESERVED
CVE-2017-6245
	RESERVED
CVE-2017-6244
	RESERVED
CVE-2017-6243
	RESERVED
CVE-2017-6242
	RESERVED
CVE-2017-6241
	RESERVED
CVE-2017-6240
	RESERVED
CVE-2017-6239
	RESERVED
CVE-2017-6238
	RESERVED
CVE-2017-6237
	RESERVED
CVE-2017-6236
	RESERVED
CVE-2017-6235
	RESERVED
CVE-2017-6234
	RESERVED
CVE-2017-6233
	RESERVED
CVE-2017-6232
	RESERVED
CVE-2017-6231
	RESERVED
CVE-2017-6230 (Ruckus Networks Solo APs firmware releases R110.x or before and Ruckus ...)
	NOT-FOR-US: Ruckus Networks firmware
CVE-2017-6229 (Ruckus Networks Unleashed AP firmware releases before 200.6.10.1.x and ...)
	NOT-FOR-US: Ruckus Networks firmware
CVE-2017-6228
	RESERVED
CVE-2017-6227 (A vulnerability in the IPv6 stack on Brocade Fibre Channel SAN ...)
	NOT-FOR-US: Brocade
CVE-2017-6226
	RESERVED
CVE-2017-6225 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Brocade
CVE-2017-6224 (Ruckus Wireless Zone Director Controller firmware releases ZD9.x, ...)
	NOT-FOR-US: Ruckus
CVE-2017-6223 (Ruckus Wireless Zone Director Controller firmware releases ZD9.9.x, ...)
	NOT-FOR-US: Ruckus
CVE-2017-6222
	RESERVED
CVE-2017-6221
	RESERVED
CVE-2017-6220
	RESERVED
CVE-2017-6219
	RESERVED
CVE-2017-6218
	RESERVED
CVE-2017-6217
	RESERVED
CVE-2017-6216
	RESERVED
CVE-2017-6215
	RESERVED
CVE-2017-6213
	RESERVED
CVE-2017-6212
	REJECTED
CVE-2017-6211 (In Android for MSM, Firefox OS for MSM, QRD Android, with all Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2017-6214 (The tcp_splice_read function in net/ipv4/tcp.c in the Linux kernel ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/ccf7abb93af09ad0868ae9033d1ca8108bdaec82 (v4.10-rc8)
CVE-2017-6210 (The vrend_decode_reset function in vrend_decode.c in virglrenderer ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=0a5dff15912207b83018485f83e067474e818bab (0.6.0)
CVE-2017-6209 (Stack-based buffer overflow in the parse_identifier function in ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: Fixed by: https://cgit.freedesktop.org/virglrenderer/commit/?id=e534b51ca3c3cd25f3990589932a9ed711c59b27 (0.6.0)
CVE-2017-6208
	RESERVED
CVE-2017-6207
	REJECTED
CVE-2017-6206 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, ...)
	NOT-FOR-US: D-Link
CVE-2017-6205 (D-Link DGS-1510-28XMP, DGS-1510-28X, DGS-1510-52X, DGS-1510-52, ...)
	NOT-FOR-US: D-Link
CVE-2017-6204
	RESERVED
CVE-2017-6203
	RESERVED
CVE-2017-6202
	RESERVED
CVE-2017-6201 (A Server Side Request Forgery vulnerability exists in the install app ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6200 (Sandstorm before build 0.203 allows remote attackers to read any ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6199 (A remote attacker could bypass the Sandstorm organization restriction ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6198 (The Supervisor in Sandstorm doesn't set and enforce the resource ...)
	NOT-FOR-US: Sandstorm
CVE-2017-6197 (The r_read_* functions in libr/include/r_endian.h in radare2 1.2.1 ...)
	{DLA-837-1}
	- radare2 1.1.0+dfsg-2 (bug #856063)
	[jessie] - radare2 <no-dsa> (Minor issue)
	NOTE: https://github.com/radare/radare2/issues/6816
	NOTE: Fixed by: https://github.com/radare/radare2/commit/1ea23bd6040441a21fbcfba69dce9a01af03f989
	NOTE: Although the respective new versions were only introduced in 0.10.3
	NOTE: The NULL pointer dereferences are still triggerable, via the shown
	NOTE: vector and seen under valgrind. It might be disputable if that is the
	NOTE: same vulnerability though.
CVE-2017-6196 (Multiple use-after-free vulnerabilities in the gx_image_enum_begin ...)
	- ghostscript <not-affected> (Issue introduced later, cf. bug #856142)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697596
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;h=ecceafe3abba2714ef9b432035fe0739d9b1a283
	NOTE: Possibly introduced only after http://git.ghostscript.com/?p=ghostpdl.git;h=cffb5712bc10c2c2f46adf311fc74aaae74cb784
CVE-2017-6195 (Ipswitch MOVEit Transfer (formerly DMZ) allows pre-authentication blind ...)
	NOT-FOR-US: Ipswitch MOVEit Transfer
CVE-2017-6194 (The relocs function in libr/bin/p/bin_bflt.c in radare2 1.2.1 allows ...)
	[experimental] - radare2 1.3.0+dfsg-1
	- radare2 1.1.0+dfsg-4 (bug #859448)
	[jessie] - radare2 <not-affected> (Vulnerable code not present)
	[wheezy] - radare2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/radare/radare2/commit/72794dc3523bbd5bb370de3c5857cb736c387e18 (1.3.0-git)
	NOTE: https://github.com/radare/radare2/issues/6829
CVE-2017-6193 (Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to ...)
	NOT-FOR-US: APNGDis
CVE-2017-6192 (Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers ...)
	NOT-FOR-US: APNGDis
CVE-2017-6191 (Buffer overflow in APNGDis 2.8 and below allows a remote attacker to ...)
	NOT-FOR-US: APNGDis
CVE-2017-6190 (Directory traversal vulnerability in the web interface on the D-Link ...)
	NOT-FOR-US: D-Link
CVE-2017-6189 (Untrusted search path vulnerability in Amazon Kindle for PC before ...)
	NOT-FOR-US: Amazon Kindle
CVE-2017-6187 (Buffer overflow in the built-in web server in DiskSavvy Enterprise ...)
	NOT-FOR-US: DiskSavvy Enterprise
CVE-2017-6186 (Code injection vulnerability in Bitdefender Total Security 12.0 (and ...)
	NOT-FOR-US: Bitdefender
CVE-2017-6185
	RESERVED
CVE-2017-6184 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
	NOT-FOR-US: Sophos
CVE-2017-6183 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
	NOT-FOR-US: Sophos
CVE-2017-6182 (In Sophos Web Appliance (SWA) before 4.3.1.2, a section of the ...)
	NOT-FOR-US: Sophos
CVE-2017-6181 (The parse_char_class function in regparse.c in the Onigmo (aka ...)
	- ruby2.3 <not-affected> (Introduced in v2_4_0_rc1)
	- ruby2.1 <not-affected> (Introduced in v2_4_0_rc1)
	NOTE: Introduced by: https://github.com/ruby/ruby/commit/2873edeafb6f6df1fc99bb9b1167591b99dd378c
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/ea940cc4dcff8d6c345d7015eda0bf06671f87e9
	NOTE: https://bugs.ruby-lang.org/issues/13234
CVE-2017-6180 (Keekoon KK002 devices 1.8.12 HD have a Cross Site Request Forgery ...)
	NOT-FOR-US: Keekoon KK002 devices
CVE-2017-6179
	RESERVED
CVE-2017-6178 (The IofCallDriver function in USBPcap 1.1.0.0 allows local users to ...)
	NOT-FOR-US: USBPcap
CVE-2017-6177
	RESERVED
CVE-2017-6176
	RESERVED
CVE-2017-6175
	RESERVED
CVE-2017-6174
	RESERVED
CVE-2017-6173
	RESERVED
CVE-2017-6172
	RESERVED
CVE-2017-6171
	RESERVED
CVE-2017-6170
	RESERVED
CVE-2017-6169 (In versions 13.0.0, 12.0.0-12.1.3, or 11.6.0-11.6.2, an F5 BIG-IP ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6168 (On BIG-IP versions 11.6.0-11.6.2 (fixed in 11.6.2 HF1), 12.0.0-12.1.2 ...)
	NOT-FOR-US: F5 BIG-IP
	NOTE: https://support.f5.com/csp/article/K21905460
	NOTE: https://robotattack.org/
CVE-2017-6167 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6166 (In BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6165 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6164 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6163 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, PSM ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6162 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6161 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6160 (In F5 BIG-IP AAM and PEM software version 12.0.0 to 12.1.1, 11.6.0 to ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6159 (F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6158 (In F5 BIG-IP 12.0.0-12.1.2, 11.6.0-11.6.1, 11.5.1-11.5.5, or 11.2.1 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6157 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6156 (When the F5 BIG-IP 12.1.0-12.1.1, 11.6.0-11.6.1, 11.5.1-11.5.5, or ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6155 (On F5 BIG-IP 13.0.0, 12.0.0-12.1.3.1, 11.6.0-11.6.2, 11.4.1-11.5.5, or ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6154 (On F5 BIG-IP systems running 13.0.0, 12.1.0 - 12.1.3.1, or 11.6.1 - ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6153
	RESERVED
CVE-2017-6152 (A local user on F5 BIG-IQ Centralized Management 5.1.0-5.2.0 with the ...)
	NOT-FOR-US: F5 BIG-IQ Centralized Management
CVE-2017-6151 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6150 (Under certain conditions for F5 BIG-IP systems 13.0.0 or 12.1.0 - ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6149
	RESERVED
CVE-2017-6148 (Responses to SOCKS proxy requests made through F5 BIG-IP version ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6147 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6146
	RESERVED
CVE-2017-6145 (iControl REST in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6144 (In F5 BIG-IP PEM 12.1.0 through 12.1.2 when downloading the Type ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6143 (X509 certificate verification was not correctly implemented in the IP ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6142 (X509 certificate verification was not correctly implemented in the ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6141 (In F5 BIG-IP LTM, AAM, AFM, APM, ASM, Link Controller, PEM, and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6140 (On the BIG-IP 2000s, 2200s, 4000s, 4200v, i5600, i5800, i7600, i7800, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6139 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6138 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6137 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, ...)
	NOT-FOR-US: F5
CVE-2017-6136 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6135 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6134 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6133 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6132 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6131 (In some circumstances, an F5 BIG-IP version 12.0.0 to 12.1.2 and ...)
	NOT-FOR-US: F5
CVE-2017-6130 (F5 SSL Intercept iApp 1.5.0 - 1.5.7 and SSL Orchestrator 2.0 is ...)
	NOT-FOR-US: F5
CVE-2017-6129 (In F5 BIG-IP APM software version 13.0.0 and 12.1.2, in some ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-6128 (An attacker may be able to cause a denial-of-service (DoS) attack ...)
	NOT-FOR-US: F5
CVE-2017-6188 (Munin before 2.999.6 has a local file write vulnerability when CGI ...)
	{DSA-3794-1 DLA-836-1}
	- munin 2.0.31-1 (bug #855705)
	NOTE: https://github.com/munin-monitoring/munin/issues/721
CVE-2017-6127 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: DIGISOL DG-HR1400 Wireless Router
CVE-2017-6126
	RESERVED
CVE-2017-6125
	RESERVED
CVE-2017-6124
	RESERVED
CVE-2017-6123
	RESERVED
CVE-2017-6122
	RESERVED
CVE-2017-6121
	RESERVED
CVE-2017-6120
	RESERVED
CVE-2017-6119
	RESERVED
CVE-2017-6118
	RESERVED
CVE-2017-6117
	RESERVED
CVE-2017-6116
	RESERVED
CVE-2017-6115
	RESERVED
CVE-2017-6114
	RESERVED
CVE-2017-6113
	RESERVED
CVE-2017-6112
	RESERVED
CVE-2017-6111
	RESERVED
CVE-2017-6110
	RESERVED
CVE-2017-6109
	RESERVED
CVE-2017-6108
	RESERVED
CVE-2017-6107
	RESERVED
CVE-2017-6106
	RESERVED
CVE-2017-6105
	RESERVED
CVE-2017-6104 (Remote file upload vulnerability in Wordpress Plugin Mobile App Native ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-6103 (Persistent XSS Vulnerability in Wordpress plugin AnyVar v0.1.1. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-6102 (Persistent XSS in wordpress plugin rockhoist-badges v1.2.2. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2017-6384 (Memory leak in the login_user function in saslserv/main.c in ...)
	- atheme-services 7.2.9-1 (bug #855588)
	[jessie] - atheme-services <not-affected> (versions prior to 7.2.7 not vulnerable)
	NOTE: 7.2.7 vulnerable, fixed in 7.2.8, but the fix introduced another DOS, fixed in 7.2.9
	NOTE: (Possibly) introduced in https://github.com/atheme/atheme/commit/8ac7aa8d007331ae694f099c288e27f911e8cad1 (v7.2.7)
CVE-2017-6101
	RESERVED
CVE-2017-6099 (Cross-site scripting (XSS) vulnerability in GetAuthDetails.html.php in ...)
	NOT-FOR-US: PayPal PHP Merchant SDK
CVE-2017-6098 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta) ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6097 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta) ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6096 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta) ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6095 (A SQL injection issue was discovered in the Mail Masta (aka mail-masta) ...)
	NOT-FOR-US: Mail Masta plugin for Wordpress
CVE-2017-6094 (CPEs used by subscribers on the access network receive their ...)
	NOT-FOR-US: Genexis GASP
CVE-2017-6093
	RESERVED
CVE-2017-6092
	RESERVED
CVE-2017-6091
	RESERVED
CVE-2017-6090 (Unrestricted file upload vulnerability in clients/editclient.php in ...)
	NOT-FOR-US: PhpCollab
CVE-2017-6089 (SQL injection vulnerability in PhpCollab 2.5.1 and earlier allows ...)
	NOT-FOR-US: PhpCollab
CVE-2017-6088 (Multiple SQL injection vulnerabilities in EyesOfNetwork (aka EON) 5.0 ...)
	NOT-FOR-US: EyesOfNetwork
CVE-2017-6087 (EyesOfNetwork (&quot;EON&quot;) 5.0 and earlier allows remote authenticated ...)
	NOT-FOR-US: EyesOfNetwork
CVE-2017-6086 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: ViMbAdmin
CVE-2017-6085
	RESERVED
CVE-2017-6084
	RESERVED
CVE-2017-6083
	RESERVED
CVE-2017-6082
	RESERVED
CVE-2017-6081 (A CSRF issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, ...)
	- zammad <itp> (bug #841355)
CVE-2017-6080 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and ...)
	- zammad <itp> (bug #841355)
CVE-2017-6079 (The HTTP web-management application on Edgewater Networks Edgemarc ...)
	NOT-FOR-US: Edgewater
CVE-2017-6078 (FastStone MaxView 3.0 and 3.1 allows user-assisted attackers to cause a ...)
	NOT-FOR-US: FastStone MaxView
CVE-2017-6077 (ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10228 (The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and ...)
	- glibc <unfixed> (bug #856503)
	[stretch] - glibc <no-dsa> (Minor issue)
	[jessie] - glibc <no-dsa> (Minor issue)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19519
CVE-2016-10227 (Zyxel USG50 Security Appliance and NWA3560-N Access Point allow remote ...)
	NOT-FOR-US: Zyxel
CVE-2017-6076 (In versions of wolfSSL before 3.10.2 the function fp_mul_comba makes ...)
	- wolfssl 3.10.2+dfsg-1 (bug #856114)
	NOTE: https://github.com/wolfSSL/wolfssl/releases/tag/v3.10.2-stable
	NOTE: https://github.com/wolfSSL/wolfssl/commit/345df93978c41da1ac8047a37f1fed5286883d8d
CVE-2017-6075
	RESERVED
CVE-2017-6074 (The dccp_rcv_state_process function in net/dccp/input.c in the Linux ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.13-1
	NOTE: Fixed by: https://git.kernel.org/linus/5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4
CVE-2017-6073
	RESERVED
CVE-2017-6072 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6071 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6070 (CMS Made Simple version 1.x Form Builder before version 0.8.1.6 allows ...)
	NOT-FOR-US: CMS Made Simple
CVE-2017-6069 (Subrion CMS 4.0.5 has CSRF in admin/blog/add/. The attacker can add any ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6068 (Subrion CMS 4.0.5 has CSRF in admin/blocks/add/. The attacker can ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6067 (Symphony 2.6.9 has XSS in publish/notes/edit/##/saved/ via the bottom ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-6066 (Subrion CMS 4.0.5 has CSRF in admin/languages/edit/1/. The attacker can ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6065 (SQL injection vulnerability in ...)
	NOT-FOR-US: GenixCMS
CVE-2017-6064
	RESERVED
CVE-2017-6063
	RESERVED
CVE-2016-10226 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...)
	- webkitgtk <unfixed> (unimportant)
	NOTE: Not covered by security support
CVE-2017-6061 (Cross-site scripting (XSS) vulnerability in the help component of SAP ...)
	NOT-FOR-US: SAP
CVE-2017-6060 (Stack-based buffer overflow in jstest_main.c in mujstest in Artifex ...)
	- mupdf <unfixed> (unimportant)
	[wheezy] - mupdf <not-affected> (Vulnerable code not present)
	NOTE: Although jstest_main.c compiled during build and mujstest is created
	NOTE: it is not included in the produced binary packages
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/18/1
CVE-2017-6058 (Buffer overflow in NetRxPkt::ehdr_buf in hw/net/net_rx_pkt.c in QEMU ...)
	- qemu 1:2.8+dfsg-3 (bug #855616)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg03527.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1423358
CVE-2017-6057
	RESERVED
CVE-2017-6055 (XML external entity (XXE) vulnerability in eParakstitajs 3 before 1.3.9 ...)
	NOT-FOR-US: eParakstitajs and eParaksts Java lib
CVE-2017-6054 (A Use of Hard-Coded Cryptographic Key issue was discovered in Hyundai ...)
	NOT-FOR-US: Hyundai
CVE-2017-6053 (A Cross-Site Scripting issue was discovered in Trihedral VTScada ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-6052 (A Man-in-the-Middle issue was discovered in Hyundai Motor America Blue ...)
	NOT-FOR-US: Hyundai
CVE-2017-6051 (An Uncontrolled Search Path Element issue was discovered in BLF-Tech ...)
	NOT-FOR-US: BLF-Tech LLC VisualView HMI
CVE-2017-6050 (A SQL Injection issue was discovered in Ecava IntegraXor Versions ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2017-6049
	RESERVED
CVE-2017-6048 (A Command Injection issue was discovered in Satel Iberia SenNet Data ...)
	NOT-FOR-US: Satel Iberia SenNet Data Logger and Electricity Meters
CVE-2017-6047
	RESERVED
CVE-2017-6046 (An Insufficiently Protected Credentials issue was discovered in Sierra ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6045 (An Information Exposure issue was discovered in Trihedral VTScada ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-6044 (An Improper Authorization issue was discovered in Sierra Wireless ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6043 (A Resource Consumption issue was discovered in Trihedral VTScada ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2017-6042 (A Cross-Site Request Forgery issue was discovered in Sierra Wireless ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven
CVE-2017-6041 (An Unrestricted Upload issue was discovered in Marel Food Processing ...)
	NOT-FOR-US: Marel
CVE-2017-6040 (An Information Exposure issue was discovered in Belden Hirschmann GECKO ...)
	NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch
CVE-2017-6039 (A Use of Hard-Coded Password issue was discovered in Phoenix Broadband ...)
	NOT-FOR-US: Phoenix
CVE-2017-6038 (A Cross-Site Request Forgery issue was discovered in Belden Hirschmann ...)
	NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch
CVE-2017-6037 (A Heap-Based Buffer Overflow issue was discovered in Wecon Technologies ...)
	NOT-FOR-US: Wecon
CVE-2017-6036 (A Server-Side Request Forgery issue was discovered in Belden Hirschmann ...)
	NOT-FOR-US: Belden Hirschmann GECKO Lite Managed switch
CVE-2017-6035 (A Stack-Based Buffer Overflow issue was discovered in Wecon ...)
	NOT-FOR-US: Wecon
CVE-2017-6034 (An Authentication Bypass by Capture-Replay issue was discovered in ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6033 (A DLL Hijacking issue was discovered in Schneider Electric Interactive ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6032 (A Violation of Secure Design Principles issue was discovered in ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6031 (A Header Injection issue was discovered in Certec EDV GmbH atvise scada ...)
	NOT-FOR-US: Certec EDV GmbH atvise scada
CVE-2017-6030 (A Predictable Value Range from Previous Values issue was discovered in ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6029 (A Cross-Site Scripting issue was discovered in Certec EDV GmbH atvise ...)
	NOT-FOR-US: Certec EDV GmbH atvise scada
CVE-2017-6028 (An Insufficiently Protected Credentials issue was discovered in ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6027 (An Arbitrary File Upload issue was discovered in 3S-Smart Software ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server
CVE-2017-6026 (A Use of Insufficiently Random Values issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6025 (A Stack Buffer Overflow issue was discovered in 3S-Smart Software ...)
	NOT-FOR-US: 3S-Smart Software Solutions GmbH CODESYS Web Server
CVE-2017-6024 (A Resource Exhaustion issue was discovered in Rockwell Automation ...)
	NOT-FOR-US: Rockwell
CVE-2017-6023 (An issue was discovered in Fatek Automation PLC Ethernet Module. The ...)
	NOT-FOR-US: Fatek
CVE-2017-6022 (A hard-coded password issue was discovered in Becton, Dickinson and ...)
	NOT-FOR-US: BD's Kiestra PerformA and KLA Journal Service applications
CVE-2017-6021 (In Schneider Electric ClearSCADA 2014 R1 (build 75.5210) and prior, ...)
	NOT-FOR-US: Schneider
CVE-2017-6020 (Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis ...)
	NOT-FOR-US: Leao Consultoria e Desenvolvimento de Sistemas (LCDS) LTDA ME LAquis SCADA software
CVE-2017-6019 (An issue was discovered in Schneider Electric Conext ComBox, model ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6018 (An open redirect issue was discovered in B. Braun Medical SpaceCom ...)
	NOT-FOR-US: SpaceCom / SpaceStation
CVE-2017-6017 (A Resource Exhaustion issue was discovered in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-6016 (An Improper Access Control issue was discovered in LCDS - Leao ...)
	NOT-FOR-US: LCDS (Leao Consultoria e Desenvolvimento de Sistemas LTDA ME LAquis SCADA)
CVE-2017-6015 (Without quotation marks, any whitespace in the file path for Rockwell ...)
	NOT-FOR-US: Rockwell
CVE-2017-6014 (In Wireshark 2.2.4 and earlier, a crafted or malformed STANAG 4607 ...)
	{DSA-3811-1 DLA-826-1}
	- wireshark 2.2.5+g440fd4d-2 (bug #855408)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13416
CVE-2017-6013 (Subrion CMS 4.0.5.10 has SQL injection in admin/database/ via the query ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-6012
	RESERVED
CVE-2017-6011 (An issue was discovered in icoutils 0.31.1. An out-of-bounds read ...)
	{DSA-3807-1 DLA-854-1}
	- icoutils 0.31.2-1 (bug #854054)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74
	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393
CVE-2017-6010 (An issue was discovered in icoutils 0.31.1. A buffer overflow was ...)
	{DSA-3807-1 DLA-854-1}
	- icoutils 0.31.2-1 (bug #854054)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=bf97b99109607d4367a4e57df9a37cbcac02e220
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=45a0207225df4cd4b82f41eee636e21f11a7db74
	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256393
CVE-2017-6009 (An issue was discovered in icoutils 0.31.1. A buffer overflow was ...)
	{DSA-3807-1 DLA-854-1}
	- icoutils 0.31.2-1 (bug #854050)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=f148ae5af1c9eeb85610a5653a7f625dd6c3ac2e
	NOTE: Proposed patch from Red Hat contributor: https://bugzilla.redhat.com/attachment.cgi?id=1256407
CVE-2017-6008 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos ...)
	NOT-FOR-US: Sophos
CVE-2017-6007 (A kernel pool overflow in the driver hitmanpro37.sys in Sophos ...)
	NOT-FOR-US: Sophos
CVE-2017-6006
	REJECTED
CVE-2017-6005 (Waves MaxxAudio, as installed on Dell laptops, adds a &quot;WavesSysSvc&quot; ...)
	NOT-FOR-US: Waves MaxxAudio
CVE-2017-6004 (The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE ...)
	- pcre3 2:8.39-2.1 (bug #855405)
	[jessie] - pcre3 <not-affected> (Vulnerable code introduced later)
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://vcs.pcre.org/pcre/code/trunk/pcre_jit_compile.c?r1=1676&r2=1680&view=patch
	NOTE: https://bugs.exim.org/show_bug.cgi?id=2035
CVE-2017-6003 (dotCMS 3.7.0 has XSS reachable from ext/languages_manager/edit_language ...)
	NOT-FOR-US: dotCMS
CVE-2017-6002 (Subrion CMS 4.0.5.10 has CSRF in admin/blog/add/. The attacker can add ...)
	NOT-FOR-US: Subrion CMS
CVE-2014-9919
	RESERVED
CVE-2014-9918
	RESERVED
CVE-2014-9917
	RESERVED
CVE-2014-9916 (Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 ...)
	NOT-FOR-US: Bilboplanet
CVE-2017-6001 (Race condition in kernel/events/core.c in the Linux kernel before ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.10-1
	NOTE: Fixed by: https://git.kernel.org/linus/321027c1fe77f892f4ea07846aeae08cefbbb290
CVE-2017-6000
	REJECTED
CVE-2017-5999 (An issue was discovered in sysPass 2.x before 2.1, in which an ...)
	NOT-FOR-US: sysPass
CVE-2017-5998 (Cross-site scripting (XSS) vulnerability in InterSect Alliance SNARE ...)
	NOT-FOR-US: InterSect Alliance SNARE Epilog
CVE-2017-5997 (The SAP Message Server HTTP daemon in SAP KERNEL 7.21-7.49 allows ...)
	NOT-FOR-US: SAP Message Server
CVE-2017-5996 (The agent in Bomgar Remote Support 15.2.x before 15.2.3, 16.1.x before ...)
	NOT-FOR-US: Bomgar Remote Support
CVE-2017-5995 (The NetApp ONTAP Select Deploy administration utility 2.0 through ...)
	NOT-FOR-US: NetApp ONTAP Select Deploy administration utility
CVE-2017-14431 (Memory leak in Xen 3.3 through 4.8.x allows guest OS users to cause a ...)
	- xen 4.8.1-1 (bug #856229)
	[jessie] - xen <no-dsa> (Minor issue)
	[wheezy] - xen <no-dsa> (Minor issue)
	NOTE: https://xenbits.xen.org/xsa/advisory-207.html
CVE-2017-XXXX [XSA-206: xenstore denial of service via repeated update]
	- xen 4.8.1-1 (bug #860565)
	[jessie] - xen <ignored> (Too intrusive to backport)
	[wheezy] - xen <ignored> (Too intrusive to backport)
	NOTE: https://xenbits.xen.org/xsa/advisory-206.html
CVE-2017-5994 (Heap-based buffer overflow in the vrend_create_vertex_elements_state ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=114688c526fe45f341d75ccd1d85473c3b08f7a7 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422452
CVE-2017-5993 (Memory leak in the vrend_renderer_init_blit_ctx function in ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=6eb13f7a2dcf391ec9e19b4c2a79e68305f63c22 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422438
CVE-2017-5991 (An issue was discovered in Artifex Software, Inc. MuPDF before ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-4 (low)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697500
	NOTE: http://git.ghostscript.com/?p=mupdf.git;h=1912de5f08e90af1d9d0a9791f58ba3afdb9d465
CVE-2017-5990 (An issue was discovered in PhreeBooksERP before 2017-02-13. The ...)
	NOT-FOR-US: PhreeBooksERP
CVE-2017-5989
	RESERVED
CVE-2017-5988 (NetApp Clustered Data ONTAP 8.1 through 9.1P1, when NFS or SMB is ...)
	NOT-FOR-US: NetApp
CVE-2017-5987 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
	- qemu 1:2.8+dfsg-3 (bug #855159)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg02776.html
CVE-2017-5986 (Race condition in the sctp_wait_for_sndbuf function in ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.10-1
	NOTE: Fixed by: https://git.kernel.org/linus/2dcab598484185dea7ec22219c76dcdd59e3cb90
CVE-2017-5985 (lxc-user-nic in Linux Containers (LXC) allows local users with a ...)
	- lxc 1:2.0.7-2 (bug #857295)
	[jessie] - lxc 1:1.0.6-6+deb8u6
	[wheezy] - lxc <not-affected> (vulnerable code not present)
	NOTE: https://lists.linuxcontainers.org/pipermail/lxc-users/2017-March/012925.html
	NOTE: https://launchpad.net/bugs/1654676
	NOTE: master: https://github.com/lxc/lxc/commit/16af238036a5464ae8f2420ed3af214f0de875f9
	NOTE: stable-2.0: https://github.com/lxc/lxc/commit/d512bd5efb0e407eba350c4e649c464a65b712a3
	NOTE: stable-1.0: https://github.com/lxc/lxc/commit/c905f00ad78b78a5e9c0d67504b86e00dfe085ec
CVE-2017-5984
	RESERVED
CVE-2017-5983 (The JIRA Workflow Designer Plugin in Atlassian JIRA Server before ...)
	NOT-FOR-US: JIRA Workflow Designer Plugin
CVE-2017-5982 (Directory traversal vulnerability in the Chorus2 2.4.2 add-on for Kodi ...)
	- kodi <unfixed> (bug #855225)
	[stretch] - kodi <ignored> (Minor issue)
	[jessie] - kodi <ignored> (Minor issue)
	- xbmc <removed> (bug #861274)
	[jessie] - xbmc <ignored> (Minor issue)
	[wheezy] - xbmc <ignored> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2017/Feb/27
	NOTE: http://trac.kodi.tv/ticket/17314
	NOTE: https://lists.debian.org/debian-lts/2017/04/msg00025.html
	NOTE: https://lists.debian.org/debian-lts/2017/04/msg00055.html (and followups)
	NOTE: https://lists.debian.org/debian-lts/2017/05/msg00006.html
CVE-2017-5681 (The RSA-CRT implementation in the Intel QuickAssist Technology (QAT) ...)
	NOT-FOR-US: Intel QuickAssist Technology (QAT) Engine
CVE-2017-6056 (It was discovered that a programming error in the processing of HTTPS ...)
	{DSA-3788-1 DSA-3787-1 DLA-823-1}
	- tomcat8 8.0.21-2 (bug #851304)
	- tomcat7 7.0.72-3 (bug #854551)
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57544
CVE-2017-5981 (seeko.c in zziplib 0.13.62 allows remote attackers to cause a denial ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c/
CVE-2017-5980 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-zzip_mem_entry_new-memdisk-c/
CVE-2017-5979 (The prescan_entry function in fseeko.c in zziplib 0.13.62 allows ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-prescan_entry-fseeko-c/
CVE-2017-5978 (The zzip_mem_entry_new function in memdisk.c in zziplib 0.13.62 allows ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-out-of-bounds-read-in-zzip_mem_entry_new-memdisk-c/
CVE-2017-5977 (The zzip_mem_entry_extra_block function in memdisk.c in zziplib ...)
	- zziplib <unfixed> (bug #864150; bug #854727)
	[stretch] - zziplib <ignored> (Minor issue)
	[jessie] - zziplib <ignored> (Minor issue)
	[wheezy] - zziplib <ignored> (Minor issue)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-invalid-memory-read-in-zzip_mem_entry_extra_block-memdisk-c/
CVE-2017-5976 (Heap-based buffer overflow in the zzip_mem_entry_extra_block function ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-zzip_mem_entry_extra_block-memdisk-c/
CVE-2017-5975 (Heap-based buffer overflow in the __zzip_get64 function in fetch.c in ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get64-fetch-c/
CVE-2017-5974 (Heap-based buffer overflow in the __zzip_get32 function in fetch.c in ...)
	{DSA-3878-1 DLA-994-1}
	- zziplib 0.13.62-3.1 (bug #854727)
	NOTE: http://blogs.gentoo.org/ago/2017/02/09/zziplib-heap-based-buffer-overflow-in-__zzip_get32-fetch-c/
CVE-2017-5973 (The xhci_kick_epctx function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
	{DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (bug #855611)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01101.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/13/11
CVE-2017-5972 (The TCP stack in the Linux kernel 3.x does not properly implement a ...)
	- linux 4.4.2-1
	[jessie] - linux <ignored> (Known perfomance limitation)
	[wheezy] - linux <no-dsa> (Known perfomance limitation)
CVE-2016-10225 (The sunxi-debug driver in Allwinner 3.4 legacy kernel for H3, A83T and ...)
	NOT-FOR-US: sunxi-debug driver in Allwinner kernel
CVE-2016-10224 (An issue was discovered in Sauter NovaWeb web HMI. The application uses ...)
	NOT-FOR-US: Sauter NovaWeb
CVE-2016-10223 (An issue was discovered in BigTree CMS before 4.2.15. The vulnerability ...)
	NOT-FOR-US: BigTree CMS
CVE-2017-5971 (SQL injection vulnerability in NewsBee CMS allow remote attackers to ...)
	NOT-FOR-US: NewsBee CMS
CVE-2017-5970 (The ipv4_pktinfo_prepare function in net/ipv4/ip_sockglue.c in the ...)
	{DSA-3791-1 DLA-922-1}
	- linux 4.9.10-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/34b2cef20f19c87999fff3da4071e66937db9644 (v4.10-rc8)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/f84af32cbca70a3c6d30463dc08c7984af11c277 (v2.6.35-rc1)
CVE-2017-5969 (** DISPUTED ** libxml2 2.9.4, when used in recover mode, allows remote ...)
	- libxml2 2.9.4+dfsg1-5.1 (bug #855001)
	[stretch] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
	[jessie] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
	[wheezy] - libxml2 <no-dsa> (Minor issue, only a denial-of-service when using recover mode)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/05/3
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=778519
	NOTE: Duplicate upstream bug (contains patch): https://bugzilla.gnome.org/show_bug.cgi?id=758422
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=94691dc884d1a8ada39f073408b4bb92fe7fe882
CVE-2017-5968
	RESERVED
CVE-2017-5967 (The time subsystem in the Linux kernel through 4.9.9, when ...)
	{DLA-922-1}
	- linux 4.9.13-1 (low)
	[jessie] - linux 3.16.43-1
CVE-2017-5966 (Sitecore CRM 8.1 Rev 151207 allows remote authenticated administrators ...)
	NOT-FOR-US: Sitecore
CVE-2017-5965 (The package manager in Sitecore CRM 8.1 Rev 151207 allows remote ...)
	NOT-FOR-US: Sitecore
CVE-2017-5964 (An issue was discovered in Emoncms through 9.8.0. The vulnerability ...)
	NOT-FOR-US: Emoncms
CVE-2017-5963 (An issue was discovered in caddy (for TYPO3) before 7.2.10. The ...)
	NOT-FOR-US: Typo3 extension
CVE-2017-5962 (An issue was discovered in contexts_wurfl (for TYPO3) before 0.4.2. The ...)
	NOT-FOR-US: Typo3 extension
CVE-2017-5961 (An issue was discovered in ionize through 1.0.8. The vulnerability ...)
	NOT-FOR-US: ionize
CVE-2017-5960 (An issue was discovered in Phalcon Eye through 0.4.1. The vulnerability ...)
	NOT-FOR-US: Phalcon Eye
CVE-2017-5959 (CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5958
	RESERVED
CVE-2017-5957 (Stack-based buffer overflow in the vrend_decode_set_framebuffer_state ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=926b9b3460a48f6454d8bbe9e44313d86a65447f (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421126
CVE-2017-5956 (The vrend_draw_vbo function in virglrenderer before 0.6.0 allows local ...)
	- virglrenderer 0.6.0-1 (bug #858255)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=a5ac49940c40ae415eac0cf912eac7070b4ba95d (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421073
	NOTE: The original fix opens a memory leak: http://www.openwall.com/lists/oss-security/2017/02/24/2
	NOTE: Additional patch required: https://bugzilla.suse.com/attachment.cgi?id=715395
CVE-2017-5955
	RESERVED
CVE-2017-5954 (An issue was discovered in the serialize-to-js package 0.5.0 for ...)
	NOT-FOR-US: serialize-to-js Node package
CVE-2017-5953 (vim before patch 8.0.0322 does not properly validate values for tree ...)
	{DSA-3786-1 DLA-822-1}
	- vim 2:8.0.0197-2 (bug #854969)
	- neovim 0.1.7-4
	NOTE: Fixed by https://github.com/vim/vim/commit/399c297aa93afe2c0a39e2a1b3f972aebba44c9d
CVE-2017-5952
	RESERVED
CVE-2017-5951 (The mem_get_bits_rectangle function in base/gdevmem.c in Artifex ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859696)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697548
	NOTE: Fixed by: http://git.ghostscript.com/?p=user/chrisl/ghostpdl.git;a=commitdiff;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8
CVE-2017-5950 (The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) ...)
	- yaml-cpp <unfixed> (low; bug #859891)
	[stretch] - yaml-cpp <no-dsa> (Minor issue)
	[jessie] - yaml-cpp <no-dsa> (Minor issue)
	[wheezy] - yaml-cpp <no-dsa> (Minor issue)
	- yaml-cpp0.3 <unfixed> (low; bug #859892)
	[stretch] - yaml-cpp0.3 <no-dsa> (Minor issue)
	[jessie] - yaml-cpp0.3 <no-dsa> (Minor issue)
	NOTE: https://github.com/jbeder/yaml-cpp/issues/459
	NOTE: possible fix: https://github.com/jbeder/yaml-cpp/pull/489
CVE-2017-5949 (JavaScriptCore in WebKit, as distributed in Safari Technology Preview ...)
	- webkitgtk <unfixed> (unimportant)
	NOTE: Not covered by security support
CVE-2017-5948 (An issue was discovered on OnePlus One, X, 2, 3, and 3T devices. ...)
	NOT-FOR-US: OnePlus One
CVE-2017-5947 (An issue was discovered in OnePlus One, X, 2, 3, 3T, and 5 devices ...)
	NOT-FOR-US: OnePlus One, X, 2, 3, 3T, and 5 devices with OxygenOS
CVE-2017-5946 (The Zip::File component in the rubyzip gem before 1.2.1 for Ruby has a ...)
	{DSA-3801-1 DLA-846-1}
	- ruby-zip 1.2.0-1.1 (bug #856269)
	- libzip-ruby <removed>
	NOTE: https://github.com/rubyzip/rubyzip/issues/315
CVE-2017-5945 (An issue was discovered in the PoodLL Filter plugin through 3.0.20 for ...)
	NOT-FOR-US: Moodle plugin
CVE-2017-5944 (The dashboard subscription interface in Request Tracker (RT) 4.x ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2017-5943 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2017-5942 (An issue was discovered in the WP Mail plugin before 1.2 for WordPress. ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-10222 (runtime/JSONObject.cpp in JavaScriptCore in WebKit, as distributed in ...)
	- webkitgtk <unfixed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-10221 (The count_entries function in pdf-layer.c in Artifex Software, Inc. ...)
	- mupdf <not-affected> (Vulnerable code not yet present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697400
CVE-2016-10220 (The gs_makewordimagedevice function in base/gsdevmem.c in Artifex ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859694)
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?daf85701dab05f17e924a48a81edc9195b4a04e8
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697450
CVE-2016-10219 (The intersect function in base/gxfill.c in Artifex Software, Inc. ...)
	{DSA-3838-1 DLA-905-1}
	- ghostscript 9.20~dfsg-3.1 (bug #859666)
	NOTE: http://www.ghostscript.com/cgi-bin/findgit.cgi?4bef1a1d32e29b68855616020dbff574b9cda08f
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697453
CVE-2016-10218 (The pdf14_pop_transparency_group function in base/gdevp14.c in the PDF ...)
	- ghostscript <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d621292fb2c8157d9899dcd83fd04dd250e30fe4
	NOTE: Introduced by: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=47294ff5b168d25bfc7db64f51572d64b8ebde91
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697444
CVE-2016-10217 (The pdf14_open function in base/gdevp14.c in Artifex Software, Inc. ...)
	- ghostscript 9.20~dfsg-3.1 (bug #859662)
	[jessie] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
	[wheezy] - ghostscript <not-affected> (pdf14_cleanup_parent_color_profiles not yet present)
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=90fd0c7ca3efc1ddff64a86f4104b13b3ac969eb
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697456
CVE-2016-10216 (An issue was discovered in IT ITems DataBase (ITDB) through 1.23. The ...)
	NOT-FOR-US: IT ITems DataBase
CVE-2016-10215 (An issue was discovered in Fastspot BigTree bigtree-form-builder before ...)
	NOT-FOR-US: Fastspot BigTree bigtree-form-builder
CVE-2017-5941 (An issue was discovered in the node-serialize package 0.0.4 for ...)
	NOT-FOR-US: node-serialize
CVE-2017-5939
	RESERVED
CVE-2017-5936 (OpenStack Nova-LXD before 13.1.1 uses the wrong name for the veth ...)
	NOT-FOR-US: Nova-LXD
CVE-2017-5937 (The util_format_is_pure_uint function in vrend_renderer.c in Virgil 3d ...)
	- virglrenderer 0.6.0-1 (bug #854728)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=48f67f60967f963b698ec8df57ec6912a43d6282 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420246
CVE-2016-10214 (Memory leak in the virgl_resource_attach_backing function in ...)
	- virglrenderer 0.6.0-1 (bug #854728)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=40b0e7813325b08077b6f541b3989edb2d86d837 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420266
CVE-2017-5935
	RESERVED
CVE-2017-5934
	RESERVED
CVE-2017-5933 (Citrix NetScaler ADC and NetScaler Gateway 10.5 before Build 65.11, ...)
	NOT-FOR-US: Citrix
CVE-2016-10213 (A10 AX1030 and possibly other devices with software before 2.7.2-P8 ...)
	NOT-FOR-US: A10
CVE-2016-10212 (Radware devices use the same value for the first two GCM nonces, which ...)
	NOT-FOR-US: Radware devices
CVE-2017-5932 (The path autocompletion feature in Bash 4.4 allows local users to gain ...)
	- bash 4.4-3
	[jessie] - bash <not-affected> (Introduced in 4.4)
	[wheezy] - bash <not-affected> (Introduced in 4.4)
	NOTE: https://github.com/jheyens/bash_completion_vuln/raw/master/2017-01-17.bash_completion_report.pdf
	NOTE: Fix http://git.savannah.gnu.org/cgit/bash.git/commit/?id=4f747edc625815f449048579f6e65869914dd715
CVE-2017-5931 (Integer overflow in hw/virtio/virtio-crypto.c in QEMU (aka Quick ...)
	- qemu 1:2.8+dfsg-3 (bug #854730)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01368.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/8
CVE-2017-5930 (The AliasHandler component in PostfixAdmin before 3.0.2 allows remote ...)
	- postfixadmin 3.0.2-1 (bug #854742)
	[jessie] - postfixadmin <not-affected> (Vulnerable code not present)
	[wheezy] - postfixadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/6
CVE-2017-5929 (QOS.ch Logback before 1.2.0 has a serialization vulnerability affecting ...)
	{DLA-888-1}
	- logback 1:1.1.9-3 (bug #857343)
	[jessie] - logback 1:1.1.2-1+deb8u1
	NOTE: https://github.com/qos-ch/logback/commit/f46044b805bca91efe5fd6afe52257cd02f775f8
	NOTE: https://github.com/qos-ch/logback/commit/979b042cb1f0b4c1e5869ccc8912e68c39f769f9
	NOTE: https://github.com/qos-ch/logback/commit/7fbea6127fa98fc48368ca5e8540eefe0e60cec5
	NOTE: https://github.com/qos-ch/logback/commit/3b4f605454534b304770eeee3cb343521fcd6968
	NOTE: Information asked about complete patchset to fix CVE-2017-5929: http://mailman.qos.ch/pipermail/logback-user/2017-March/004875.html
CVE-2017-5928 (The W3C High Resolution Time API, as implemented in various web ...)
	NOT-FOR-US: Design limitation of W3C High Resolution Time API
CVE-2017-5927 (Page table walks conducted by the MMU during virtual to physical ...)
	NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5926 (Page table walks conducted by the MMU during virtual to physical ...)
	NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5925 (Page table walks conducted by the MMU during virtual to physical ...)
	NOT-FOR-US: Hardware issue in some Intel CPUs
CVE-2017-5924 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/593
CVE-2017-5923 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/597
CVE-2017-5922
	RESERVED
CVE-2017-5921
	RESERVED
CVE-2017-5920
	RESERVED
CVE-2016-10211 (libyara/grammar.y in YARA 3.5.0 allows remote attackers to cause a ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/575
CVE-2016-10210 (libyara/lexer.l in YARA 3.5.0 allows remote attackers to cause a denial ...)
	- yara 3.5.0+dfsg-9 (bug #859821)
	[jessie] - yara 3.1.0-2+deb8u1
	NOTE: https://github.com/VirusTotal/yara/issues/576
CVE-2016-10209 (The archive_wstring_append_from_mbs function in archive_string.c in ...)
	{DLA-1006-1}
	- libarchive 3.2.2-3.1 (low; bug #859456)
	[stretch] - libarchive <no-dsa> (Minor issue)
	[jessie] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/842
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/42a3408ac7df1e69bea9ea12b72e14f59f7400c0 (v3.3.0)
CVE-2017-5919 (The 21st Century Insurance app 10.0.0 for iOS does not verify X.509 ...)
	NOT-FOR-US: 21st Century Insurance app for iOS
CVE-2017-5918 (The Banco de Costa Rica BCR Movil app 3.7 for iOS does not verify X.509 ...)
	NOT-FOR-US: Banco de Costa Rica BCR Movil app for iOS
CVE-2017-5917
	REJECTED
CVE-2017-5916 (The America's First Federal Credit Union (FCU) Mobile Banking app 3.1.0 ...)
	NOT-FOR-US: America's First Federal Credit Union (FCU) Mobile Banking app
CVE-2017-5915 (The Emirates NBD Bank P.J.S.C Emirates NBD KSA app 3.10.0 through ...)
	NOT-FOR-US: Emirates NBD Bank P.J.S.C Emirates NBD KSA app
CVE-2017-5914 (The DOT IT Banque Zitouna app 2.1 for iOS does not verify X.509 ...)
	NOT-FOR-US: DOT IT Banque Zitouna app
CVE-2017-5913 (The TradeKing Forex for iPhone app 1.2.1 for iOS does not verify X.509 ...)
	NOT-FOR-US: TradeKing Forex for iPhone app
CVE-2017-5912 (The FOREX.com FOREXTrader for iPhone app 2.9.12 through 2.9.14 for iOS ...)
	NOT-FOR-US: FOREX.com FOREXTrader for iPhone app
CVE-2017-5911 (The Banco Santander Mexico SA Supermovil app 3.5 through 3.7 for iOS ...)
	NOT-FOR-US: Banco Santander Mexico SA Supermovil app
CVE-2017-5910
	RESERVED
CVE-2017-5909 (The Electronic Funds Source (EFS) Mobile Driver Source app 2.5 for iOS ...)
	NOT-FOR-US: Electronic Funds Source (EFS) Mobile Driver Source app
CVE-2017-5908
	REJECTED
CVE-2017-5907 (The Great Southern Bank Great Southern Mobile Banking app before 4.0.4 ...)
	NOT-FOR-US: Great Southern Bank Great Southern Mobile Banking app
CVE-2017-5906 (The Everyday Health Diabetes in Check: Blood Glucose &amp; Carb Tracker app ...)
	NOT-FOR-US: Everyday Health Diabetes in Check: Blood Glucose & Carb Tracker app
CVE-2017-5905 (The Dollar Bank Mobile app 2.6.3 for iOS does not verify X.509 ...)
	NOT-FOR-US: Dollar Bank Mobile app
CVE-2017-5904
	RESERVED
CVE-2017-5903
	RESERVED
CVE-2017-5902 (The PayQuicker app 1.0.0 for iOS does not verify X.509 certificates ...)
	NOT-FOR-US: PayQuicker app
CVE-2017-5901 (The State Bank of India State Bank Anywhere app 5.1.0 for iOS does not ...)
	NOT-FOR-US: State Bank of India State Bank Anywhere app
CVE-2017-5900 (Cross-site scripting (XSS) vulnerability in the NetComm NB16WV-02 ...)
	NOT-FOR-US: NetComm
CVE-2017-5896 (Heap-based buffer overflow in the fz_subsample_pixmap function in ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-3 (bug #854734)
	[wheezy] - mupdf <not-affected> (vulnerable code not present)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697515
	NOTE: Fix http://git.ghostscript.com/?p=mupdf.git;h=2c4e5867ee699b1081527bc6c6ea0e99a35a5c27
	NOTE: https://blogs.gentoo.org/ago/2017/02/09/mupdf-use-after-free-in-fz_subsample_pixmap-pixmap-c/
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/10/1
CVE-2017-5895
	RESERVED
CVE-2017-5894
	RESERVED
CVE-2017-5893
	RESERVED
CVE-2017-5892 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
	NOT-FOR-US: ASUS
CVE-2017-5891 (ASUS RT-AC* and RT-N* devices with firmware before 3.0.0.4.380.7378 ...)
	NOT-FOR-US: ASUS
CVE-2017-5898 (Integer overflow in the emulated_apdu_from_guest function in ...)
	{DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (bug #854729)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-02/msg01075.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1419699
	NOTE: http://git.qemu-project.org/?p=qemu.git;a=commit;h=c7dfbf322595ded4e70b626bf83158a9f3807c6a
CVE-2017-5897 (The ip6gre_err function in net/ipv6/ip6_gre.c in the Linux kernel ...)
	{DSA-3791-1}
	- linux 4.9.13-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/next/linux-next.git/commit/?id=7892032cfe67f4bde6fc2ee967e45a8fbaf33756
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/c12b395a46646bab69089ce7016ac78177f6001f (3.7-rc1)
CVE-2017-5890
	RESERVED
CVE-2017-5889
	RESERVED
CVE-2017-5888
	RESERVED
CVE-2017-5887 (WebSocket.swift in Starscream before 2.0.4 allows an SSL Pinning bypass ...)
	NOT-FOR-US: Starscream
CVE-2017-5885 (Multiple integer overflows in the (1) vnc_connection_server_message ...)
	{DLA-831-1}
	- gtk-vnc 0.6.0-3 (bug #854450)
	[jessie] - gtk-vnc <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2017/02/05/5
CVE-2017-5884 (gtk-vnc before 0.7.0 does not properly check boundaries of ...)
	{DLA-831-1}
	- gtk-vnc 0.6.0-3 (bug #854450)
	[jessie] - gtk-vnc <no-dsa> (Minor issue)
	NOTE: Scope of the CVE is all of https://bugzilla.gnome.org/show_bug.cgi?id=778048#c1
	NOTE: http://openwall.com/lists/oss-security/2017/02/05/5
CVE-2017-5883
	RESERVED
CVE-2017-5882 (Cross-site scripting (XSS) vulnerability in index.asp in SANADATA ...)
	NOT-FOR-US: SanaCMS
CVE-2017-5881 (GOM Player 2.3.10.5266 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GOM Player
CVE-2017-5880 (Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x ...)
	NOT-FOR-US: Splunk
CVE-2017-5879 (An issue was discovered in Exponent CMS 2.4.1. This is a blind SQL ...)
	NOT-FOR-US: Exponent CMS
CVE-2017-5878 (The AMF unmarshallers in Red5 Media Server before 1.0.8 do not ...)
	NOT-FOR-US: AMF unmarshallers in Red5 Media Server
CVE-2016-10207 (The Xvnc server in TigerVNC allows remote attackers to cause a denial ...)
	- tigervnc 1.7.0-1
	NOTE: https://github.com/TigerVNC/tigervnc/commit/8aa4bc53206c2430bbf0c8f4b642f59a379ee649
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1023012
CVE-2016-10200 (Race condition in the L2TPv3 IP Encapsulation feature in the Linux ...)
	{DLA-922-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/32c231164b762dddefa13af5a0101032c70b50ef (v4.9-rc7)
CVE-2017-5938 (Cross-site scripting (XSS) vulnerability in the nav_path function in ...)
	{DSA-3784-1 DLA-820-1}
	- viewvc 1.1.26-1 (bug #854681)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/08/7
	NOTE: https://github.com/viewvc/viewvc/commit/9dcfc7daa4c940992920d3b2fbd317da20e44aad
CVE-2017-5992 (Openpyxl 2.4.1 resolves external entities by default, which allows ...)
	- openpyxl 2.3.0-3 (bug #854442)
	[jessie] - openpyxl <not-affected> (vulnerable code not present)
	[wheezy] - openpyxl <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/07/5
	NOTE: https://bitbucket.org/openpyxl/openpyxl/issues/749
	NOTE: https://bitbucket.org/openpyxl/openpyxl/commits/3b4905f428e1
CVE-2017-6059 (Mod_auth_openidc.c in the Ping Identity OpenID Connect authentication ...)
	- libapache2-mod-auth-openidc 2.1.5-1
	[jessie] - libapache2-mod-auth-openidc <no-dsa> (Minor issue)
	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/212
CVE-2017-6062 (The &quot;OpenID Connect Relying Party and OAuth 2.0 Resource Server&quot; (aka ...)
	- libapache2-mod-auth-openidc 2.1.5-1
	[jessie] - libapache2-mod-auth-openidc <not-affected> (support for OIDCUnAuthAction added in 1.8.5rc1)
	NOTE: https://github.com/pingidentity/mod_auth_openidc/issues/222
CVE-2017-XXXX [irssi memory leak]
	- irssi 1.0.1-1 (bug #855108)
	[jessie] - irssi <not-affected> (support for sasl not present)
	[wheezy] - irssi <not-affected> (support for sasl not present)
	NOTE: Patch: https://github.com/irssi/irssi/commit/19c51789967a2f63da033e60f6ef08848b9cd144
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
CVE-2017-XXXX [irssi missing null terminator]
	- irssi 1.0.1-1 (unimportant)
	NOTE: Patch: https://github.com/irssi/irssi/pull/619/commits/677fb1f55ca52d0e43c93f7d8361d333ff5bffd6
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2017/02/05/8
CVE-2016-10206 (Cross-site request forgery (CSRF) vulnerability in Zoneminder 1.30 and ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10205 (Session fixation vulnerability in Zoneminder 1.30 and earlier allows ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10204 (SQL injection vulnerability in Zoneminder 1.30 and earlier allows ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10203 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10202 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10201 (Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854272)
	[jessie] - zoneminder <no-dsa> (Minor issue)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2016-10208 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
	{DLA-1200-1}
	- linux 4.9.10-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/3a4b77cd47bb837b8557595ec7425f281f2ca1fe (4.10-rc1)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/952fc18ef9ec707ebdc16c0786ec360295e5ff15 (3.6-rc1)
CVE-2017-5886 (Heap-based buffer overflow in the PoDoFo::PdfTokenizer::GetNextToken ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #854604)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/03/podofo-heap-based-buffer-overflow-in-podofopdftokenizergetnexttoken-pdftokenizer-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/1623824.EtgW9yDooZ%40blackgate/#msg35644693
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1837
CVE-2017-5877 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
	NOT-FOR-US: dotCMS
CVE-2017-5876 (XSS was discovered in dotCMS 3.7.0, with an unauthenticated attack ...)
	NOT-FOR-US: dotCMS
CVE-2017-5875 (XSS was discovered in dotCMS 3.7.0, with an authenticated attack ...)
	NOT-FOR-US: dotCMS
CVE-2017-5874 (CSRF exists on D-Link DIR-600M Rev. Cx devices before ...)
	NOT-FOR-US: D-Link
CVE-2017-5873 (Unquoted Windows search path vulnerability in the guest service in ...)
	NOT-FOR-US: Unisys
CVE-2017-5872 (The TCP/IP networking module in Unisys ClearPath MCP systems with ...)
	NOT-FOR-US: Unisys ClearPath
CVE-2017-5871
	RESERVED
CVE-2017-5870 (Multiple cross-site scripting (XSS) vulnerabilities in ViMbAdmin ...)
	NOT-FOR-US: ViMbAdmin
CVE-2017-5869 (Directory traversal vulnerability in the file import feature in Nuxeo ...)
	NOT-FOR-US: Nuxeo
CVE-2017-5868 (CRLF injection vulnerability in the web interface in OpenVPN Access ...)
	NOT-FOR-US: OpenVPN Access Server
CVE-2017-5867 (ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, ...)
	- owncloud <removed>
CVE-2017-5866 (The autocomplete feature in the E-Mail share dialog in ownCloud Server ...)
	- owncloud <removed>
CVE-2017-5865 (The password reset functionality in ownCloud Server before 8.1.11, ...)
	- owncloud <removed>
CVE-2017-5864
	RESERVED
CVE-2017-5863
	RESERVED
CVE-2017-5862
	RESERVED
CVE-2017-5861
	RESERVED
CVE-2017-5860
	RESERVED
CVE-2017-5859 (On Cambium Networks cnPilot R200/201 devices before 4.3, there is a ...)
	NOT-FOR-US: Cambium Networks cnPilot
CVE-2017-5858 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	NOT-FOR-US: converse.js
CVE-2017-5836 (The plist_free_data function in plist.c in libplist allows attackers ...)
	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
	[jessie] - libplist <no-dsa> (Minor issue)
	[wheezy] - libplist <no-dsa> (pointers are not incorrectly freed and non-string key nodes are officially allowed)
	NOTE: https://github.com/libimobiledevice/libplist/issues/86
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5835 (libplist allows attackers to cause a denial of service (large memory ...)
	{DLA-840-1}
	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libplist/issues/88
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5834 (The parse_dict_node function in bplist.c in libplist allows attackers ...)
	{DLA-840-1}
	- libplist 1.12+git+1+e37ca00-0.1 (bug #854000)
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libplist/issues/89
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/6
CVE-2017-5829 (An access restriction bypass vulnerability in HPE Aruba ClearPass ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5828 (An arbitrary command execution vulnerability in HPE Aruba ClearPass ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5827 (A reflected cross site scripting vulnerability in HPE Aruba ClearPass ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5826 (An authenticated remote code execution vulnerability in HPE Aruba ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5825 (A privilege escalation vulnerability in HPE Aruba ClearPass Policy ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5824 (An unauthenticated remote code execution vulnerability in HPE Aruba ...)
	NOT-FOR-US: HPE Aruba ClearPass Policy Manager
CVE-2017-5823 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5822 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5821 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5820 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5819 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5818 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5817 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5816 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5815 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5814 (A remote sql injection authentication bypass in HPE Network Automation ...)
	NOT-FOR-US: HPE
CVE-2017-5813 (A remote unauthenticated access vulnerability in HPE Network ...)
	NOT-FOR-US: HPE
CVE-2017-5812 (A remote sql information disclosure vulnerability in HPE Network ...)
	NOT-FOR-US: HPE
CVE-2017-5811 (A remote code execution vulnerability in HPE Network Automation ...)
	NOT-FOR-US: HPE
CVE-2017-5810 (A remote sql injection vulnerability in HPE Network Automation version ...)
	NOT-FOR-US: HPE
CVE-2017-5809 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
	NOT-FOR-US: HPE
CVE-2017-5808 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
	NOT-FOR-US: HPE
CVE-2017-5807 (A Remote Arbitrary Code Execution vulnerability in HPE Data Protector ...)
	NOT-FOR-US: HPE
CVE-2017-5806 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5805 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5804 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5803 (A Remote Disclosure of Information vulnerability in HPE NonStop ...)
	NOT-FOR-US: HPE NonStop Servers
CVE-2017-5802 (A Remote Gain Privileged Access vulnerability in HPE Vertica Analytics ...)
	NOT-FOR-US: HPE Vertica Analytics Platform
CVE-2017-5801 (A Remote Unauthorized Access to Data vulnerability in HPE Business ...)
	NOT-FOR-US: HPE Business Process Monitor
CVE-2017-5800 (A Remote Cross-Site Scripting (XSS) vulnerability in HPE Operations ...)
	NOT-FOR-US: HPE Operations Bridge Analytics
CVE-2017-5799 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ...)
	NOT-FOR-US: HPE OpenCall Media Platform
CVE-2017-5798 (A Remote Code Execution vulnerability in HPE OpenCall Media Platform ...)
	NOT-FOR-US: HPE OpenCall Media Platform
CVE-2017-5797 (A Remote Unauthenticated Disclosure of Information vulnerability in ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5796 (A Remote Cross Site Request Forgery (CSRF) vulnerability in HPE 2620 ...)
	NOT-FOR-US: HPE 2620 Series Network Switches
CVE-2017-5795 (A Local Arbitrary File Download vulnerability in HPE Intelligent ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5794 (A Remote Arbitrary File Download vulnerability in HPE Intelligent ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5793 (A Remote Arbitrary Code Execution vulnerability in HPE Intelligent ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5792 (A Remote Code Execution vulnerability in HPE Intelligent Management ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5791 (The doFilter method in UrlAccessController in HPE Intelligent ...)
	NOT-FOR-US: HPE Intelligent Management Center
	NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
CVE-2017-5790 (A remote deserialization of untrusted data vulnerability in HPE ...)
	NOT-FOR-US: HPE Intelligent Management Center
CVE-2017-5789 (HPE LoadRunner before 12.53 Patch 4 and HPE Performance Center before ...)
	NOT-FOR-US: HPE LoadRunner
	NOTE: it appears that it was incorrectly used for an issue in JanTek JTC-200
CVE-2017-5788 (A Local Disclosure of Sensitive Information vulnerability in HPE ...)
	NOT-FOR-US: HPE NonStop Software Essentials
CVE-2017-5787 (A remote denial of service vulnerability in HPE Version Control ...)
	NOT-FOR-US: HPE Version Control Manager
CVE-2017-5786 (A local Unauthorized Data Modification vulnerability in HPE ...)
	NOT-FOR-US: HPE OfficeConnect Network Switches
CVE-2017-5785 (A remote information disclosure vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5784 (A missing HSTS Header vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5783 (A remote clickjacking vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5782 (A missing HSTS Header vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5781 (A CSRF vulnerability in HPE Matrix Operating Environment version v7.6 ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5780 (A remote clickjacking vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2017-5779
	RESERVED
CVE-2017-5778
	RESERVED
CVE-2017-5777
	RESERVED
CVE-2017-5776
	RESERVED
CVE-2017-5775
	RESERVED
CVE-2017-5774
	RESERVED
CVE-2017-5773
	RESERVED
CVE-2017-5772
	RESERVED
CVE-2017-5771
	RESERVED
CVE-2017-5770
	RESERVED
CVE-2017-5769
	RESERVED
CVE-2017-5768
	RESERVED
CVE-2017-5767
	RESERVED
CVE-2017-5766
	RESERVED
CVE-2017-5765
	RESERVED
CVE-2017-5764
	RESERVED
CVE-2017-5763
	RESERVED
CVE-2017-5762
	RESERVED
CVE-2017-5761
	RESERVED
CVE-2017-5760
	RESERVED
CVE-2017-5759
	RESERVED
CVE-2017-5758
	RESERVED
CVE-2017-5757
	RESERVED
CVE-2017-5756
	RESERVED
CVE-2017-5755
	RESERVED
CVE-2017-5754 (Systems with microprocessors utilizing speculative execution and ...)
	{DSA-4120-1 DSA-4082-1 DSA-4078-1 DLA-1232-1}
	- linux 4.14.12-1
	- nvidia-graphics-drivers 384.111-1 (bug #886852)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.106-1
	[stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://meltdownattack.com/
	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
	NOTE: http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
	NOTE: Paper: https://meltdownattack.com/meltdown.pdf
	NOTE: https://01.org/security/advisories/intel-oss-10003
	- linux-grsec <removed>
CVE-2017-5753 (Systems with microprocessors utilizing speculative execution and ...)
	{DSA-4188-1 DSA-4187-1}
	- linux 4.15.11-1
	- nvidia-graphics-drivers 384.111-1 (bug #886852)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.106-1
	[stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	NOTE: https://spectreattack.com/
	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
	NOTE: Paper: https://spectreattack.com/spectre.pdf
	NOTE: https://01.org/security/advisories/intel-oss-10002
	- linux-grsec <removed>
CVE-2017-5752
	RESERVED
CVE-2017-5751
	RESERVED
CVE-2017-5750
	RESERVED
CVE-2017-5749
	RESERVED
CVE-2017-5748
	RESERVED
CVE-2017-5747
	RESERVED
CVE-2017-5746
	RESERVED
CVE-2017-5745
	RESERVED
CVE-2017-5744
	RESERVED
CVE-2017-5743
	RESERVED
CVE-2017-5742
	RESERVED
CVE-2017-5741
	RESERVED
CVE-2017-5740
	RESERVED
CVE-2017-5739
	RESERVED
CVE-2017-5738 (Escalation of privilege vulnerability in admin portal for Intel Unite ...)
	NOT-FOR-US: Intel Unite App
CVE-2017-5737
	RESERVED
CVE-2017-5736 (An elevation of privilege in Intel Software Guard Extensions Platform ...)
	NOT-FOR-US: Intel
CVE-2017-5735
	RESERVED
CVE-2017-5734
	RESERVED
CVE-2017-5733
	RESERVED
CVE-2017-5732
	RESERVED
CVE-2017-5731
	RESERVED
CVE-2017-5730
	RESERVED
CVE-2017-5729 (Frame replay vulnerability in Wi-Fi subsystem in Intel Dual-Band and ...)
	NOT-FOR-US: Intel
CVE-2017-5728
	RESERVED
CVE-2017-5727 (Pointer dereference in subsystem in Intel Graphics Driver 15.40.x.x, ...)
	NOT-FOR-US: Intel
CVE-2017-5726
	RESERVED
CVE-2017-5725
	RESERVED
CVE-2017-5724
	RESERVED
CVE-2017-5723
	RESERVED
CVE-2017-5722 (Incorrect policy enforcement in system firmware for Intel NUC7i3BNK, ...)
	NOT-FOR-US: Intel
CVE-2017-5721 (Insufficient input validation in system firmware for Intel NUC7i3BNK, ...)
	NOT-FOR-US: Intel
CVE-2017-5720
	RESERVED
CVE-2017-5719 (A vulnerability in the Intel Deep Learning Training Tool Beta 1 allows ...)
	NOT-FOR-US: Intel
CVE-2017-5718
	RESERVED
CVE-2017-5717 (Type Confusion in Content Protection HECI Service in Intel Graphics ...)
	NOT-FOR-US: Intel graphics driver
CVE-2017-5716
	REJECTED
CVE-2017-5715 (Systems with microprocessors utilizing speculative execution and ...)
	{DSA-4188-1 DSA-4187-1 DLA-1369-1}
	- linux 4.15.11-1
	NOTE: https://spectreattack.com/
	NOTE: https://xenbits.xen.org/xsa/advisory-254.html
	NOTE: https://googleprojectzero.blogspot.co.uk/2018/01/reading-privileged-memory-with-side.html
	NOTE: Paper: https://spectreattack.com/spectre.pdf
	NOTE: https://www.suse.com/de-de/support/kb/doc/?id=7022512
	NOTE: https://www.suse.com/support/update/announcement/2018/suse-su-20180009-1/
	NOTE: For the required microcode updates in advance:
	NOTE: intel-microcode: https://bugs.debian.org/886367
	NOTE: intel-microcode: Some microcode updates to partially adress CVE-2017-5715 included in 3.20171215.1
	NOTE: Further updates in 3.20180312.1
	NOTE: amd64-microcode: https://bugs.debian.org/886382
	NOTE: amd64-microcode updates in 3.20180515.1
	- qemu 1:2.12~rc3+dfsg-1 (bug #886532)
	- qemu-kvm <removed>
	NOTE: Qemu patches: https://lists.nongnu.org/archive/html/qemu-devel/2018-01/msg00811.html
	NOTE: to pass thorugh new MSR and CPUID flags from the host VM to the CPU, to
	NOTE: allow (future) enabling/disabling ranch prediction features in the Intel
	NOTE: CPU.
	- virtualbox 5.2.6-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	- nvidia-graphics-drivers 384.111-1 (bug #886852)
	[stretch] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.106-1
	[stretch] - nvidia-graphics-drivers-legacy-340xx 340.106-1~deb9u1
	- nvidia-graphics-drivers-legacy-304xx <unfixed>
	[stretch] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
	- linux-grsec <removed>
CVE-2017-5714
	RESERVED
CVE-2017-5713
	RESERVED
CVE-2017-5712 (Buffer overflow in Active Management Technology (AMT) in Intel ...)
	NOT-FOR-US: Intel
CVE-2017-5711 (Multiple buffer overflows in Active Management Technology (AMT) in ...)
	NOT-FOR-US: Intel
CVE-2017-5710 (Multiple privilege escalations in kernel in Intel Trusted Execution ...)
	NOT-FOR-US: Intel
CVE-2017-5709 (Multiple privilege escalations in kernel in Intel Server Platform ...)
	NOT-FOR-US: Intel
CVE-2017-5708 (Multiple privilege escalations in kernel in Intel Manageability Engine ...)
	NOT-FOR-US: Intel
CVE-2017-5707 (Multiple buffer overflows in kernel in Intel Trusted Execution Engine ...)
	NOT-FOR-US: Intel
CVE-2017-5706 (Multiple buffer overflows in kernel in Intel Server Platform Services ...)
	NOT-FOR-US: Intel
CVE-2017-5705 (Multiple buffer overflows in kernel in Intel Manageability Engine ...)
	NOT-FOR-US: Intel
CVE-2017-5704
	RESERVED
CVE-2017-5703 (Configuration of SPI Flash in platforms based on multiple Intel ...)
	NOT-FOR-US: Intel
CVE-2017-5702
	RESERVED
CVE-2017-5701 (Insecure platform configuration in system firmware for Intel ...)
	NOT-FOR-US: Intel
CVE-2017-5700 (Insufficient protection of password storage in system firmware for ...)
	NOT-FOR-US: Intel
CVE-2017-5699 (Input validation error in Intel MinnowBoard 3 Firmware versions prior ...)
	NOT-FOR-US: Intel MinnowBoard 3 Firmware
CVE-2017-5698 (Intel Active Management Technology, Intel Standard Manageability, and ...)
	NOT-FOR-US: Intel
CVE-2017-5697 (Insufficient clickjacking protection in the Web User Interface of ...)
	NOT-FOR-US: Intel
CVE-2017-5696 (Untrusted search path in Intel Graphics Driver 15.40.x.x, 15.45.x.x, ...)
	NOT-FOR-US: Intel
CVE-2017-5695 (Data corruption vulnerability in firmware in Intel Solid-State Drive ...)
	NOT-FOR-US: Intel
CVE-2017-5694 (Data corruption vulnerability in firmware in Intel Solid-State Drive ...)
	NOT-FOR-US: Intel
CVE-2017-5693
	RESERVED
CVE-2017-5692
	RESERVED
CVE-2017-5691 (Incorrect check in Intel processors from 6th and 7th Generation Intel ...)
	NOT-FOR-US: Intel CPUs
CVE-2017-5690
	RESERVED
CVE-2017-5689 (An unprivileged network attacker could gain system privileges to ...)
	NOT-FOR-US: Intel AMT
CVE-2017-5688 (There is an escalation of privilege vulnerability in the Intel Solid ...)
	NOT-FOR-US: Intel Solid State Drive Toolbox
CVE-2017-5687
	RESERVED
CVE-2017-5686 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors ...)
	NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5685 (The BIOS in Intel NUC systems based on 6th Gen Intel Core processors ...)
	NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5684 (The BIOS in Intel Compute Stick systems based on 6th Gen Intel Core ...)
	NOT-FOR-US: BIOS in Intel NUC systems
CVE-2017-5683 (Privilege escalation in IntelHAXM.sys driver in the Intel Hardware ...)
	NOT-FOR-US: Intel Hardware Accelerated Execution Manager
CVE-2017-5682 (Intel PSET Application Install wrapper of Intel Parallel Studio XE, ...)
	NOT-FOR-US: Intel PSET
CVE-2017-5680
	RESERVED
CVE-2016-10197 (The search_make_new function in evdns.c in libevent before 2.1.6-beta ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/332
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10196 (Stack-based buffer overflow in the evutil_parse_sockaddr_port function ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/318
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2016-10195 (The name_parse function in evdns.c in libevent before 2.1.6-beta ...)
	{DSA-3789-1 DLA-824-1}
	- libevent 2.0.21-stable-3 (bug #854092)
	NOTE: https://github.com/libevent/libevent/issues/317
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/17
CVE-2017-5848 (The gst_ps_demux_parse_psm function in gst/mpegdemux/gstmpegdemux.c in ...)
	{DSA-3818-1 DLA-830-1}
	- gst-plugins-bad1.0 1.10.4-1 (low)
	- gst-plugins-bad0.10 <unfixed> (low)
	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777957
	NOTE: Patch: https://bugzilla.gnome.org/show_bug.cgi?id=777957#c3
CVE-2017-5847 (The gst_asf_demux_process_ext_content_desc function in ...)
	{DSA-3821-1 DLA-829-1}
	- gst-plugins-ugly1.0 1.10.4-1 (low)
	- gst-plugins-ugly0.10 <unfixed> (low)
	[jessie] - gst-plugins-ugly0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777955
	NOTE: https://github.com/GStreamer/gst-plugins-ugly/commit/d21017b52a585f145e8d62781bcc1c5fefc7ee37
CVE-2017-5846 (The gst_asf_demux_process_ext_stream_props function in ...)
	{DSA-3821-1 DLA-829-1}
	- gst-plugins-ugly1.0 1.10.3-1 (low)
	- gst-plugins-ugly0.10 <unfixed> (low)
	[jessie] - gst-plugins-ugly0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777937
CVE-2017-5845 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777532
CVE-2017-5844 (The gst_riff_create_audio_caps function in ...)
	{DSA-3819-1 DLA-827-1}
	- gst-plugins-base1.0 1.10.3-1 (low)
	- gst-plugins-base0.10 <unfixed> (low)
	[jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777525
CVE-2017-5843 (Multiple use-after-free vulnerabilities in the (1) ...)
	{DSA-3818-1 DLA-830-1}
	- gst-plugins-bad1.0 1.10.3-1
	- gst-plugins-bad0.10 <unfixed> (low)
	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777503
CVE-2017-5842 (The html_context_handle_element function in gst/subparse/samiparse.c ...)
	{DSA-3819-1}
	- gst-plugins-base1.0 1.10.3-1
	- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777502
CVE-2017-5841 (The gst_avi_demux_parse_ncdt function in gst/avi/gstavidemux.c in ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777500
CVE-2017-5840 (The qtdemux_parse_samples function in gst/isomp4/qtdemux.c in ...)
	{DSA-3820-1 DLA-828-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <unfixed> (low)
	[jessie] - gst-plugins-good0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777469
CVE-2017-5839 (The gst_riff_create_audio_caps function in ...)
	{DSA-3819-1}
	- gst-plugins-base1.0 1.10.3-1
	- gst-plugins-base0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777265
CVE-2017-5838 (The gst_date_time_new_from_iso8601_string function in ...)
	{DSA-3822-1}
	- gstreamer1.0 1.10.3-1 (low)
	- gstreamer0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777263
CVE-2017-5837 (The gst_riff_create_audio_caps function in ...)
	{DSA-3819-1 DLA-827-1}
	- gst-plugins-base1.0 1.10.3-1 (low)
	- gst-plugins-base0.10 <unfixed> (low)
	[jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=777262
CVE-2016-10199 (The qtdemux_tag_add_str_full function in gst/isomp4/qtdemux.c in ...)
	{DSA-3820-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775451
CVE-2016-10198 (The gst_aac_parse_sink_setcaps function in ...)
	{DSA-3820-1 DLA-828-1}
	- gst-plugins-good1.0 1.10.3-1 (low)
	- gst-plugins-good0.10 <unfixed> (low)
	[jessie] - gst-plugins-good0.10 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/7
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775450
CVE-2016-XXXX [iio-sensor-proxy: insecure dbus policy]
	- iio-sensor-proxy 2.0-4 (bug #853951)
CVE-2016-10192 (Heap-based buffer overflow in ffserver.c in FFmpeg before 2.8.10, ...)
	- ffmpeg 7:3.2.2-1
	- libav <undetermined>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/a5d25faa3f4b18dac737fdb35d0dd68eb0dc2156
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10191 (Heap-based buffer overflow in libavformat/rtmppkt.c in FFmpeg before ...)
	- ffmpeg 7:3.2.2-1
	- libav <undetermined>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/7d57ca4d9a75562fa32e40766211de150f8b3ee7
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2016-10190 (Heap-based buffer overflow in libavformat/http.c in FFmpeg before ...)
	- ffmpeg 7:3.2.2-1
	- libav <undetermined>
	NOTE: Patch: https://github.com/FFmpeg/FFmpeg/commit/2a05c8f813de6f2278827734bf8102291e7484aa
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/31/12
CVE-2017-5851 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
	- mp3splt <unfixed> (unimportant)
	NOTE: https://github.com/asarubbo/poc/blob/master/00127-mp3splt-nullptr-free_options
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/mp3splt-null-pointer-dereference-in-free_options-options_manager-c
	NOTE: No security impact, crash in CLI tool
CVE-2017-5679
	RESERVED
CVE-2017-5678
	RESERVED
CVE-2017-5677 (PEAR HTML_AJAX 0.3.0 through 0.5.7 has a PHP Object Injection ...)
	NOT-FOR-US: PEAR HTML_AJAX
	NOTE: http://karmainsecurity.com/KIS-2017-01
CVE-2017-5676
	RESERVED
CVE-2017-5857 (Memory leak in the virgl_cmd_resource_unref function in ...)
	- qemu 1:2.8+dfsg-3 (bug #853996; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg04615.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418382
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/21
CVE-2017-5856 (Memory leak in the megasas_handle_dcmd function in hw/scsi/megasas.c ...)
	- qemu 1:2.8+dfsg-3 (bug #853996)
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/01/19
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=765a707000e838c30b18d712fe6cb3dd8e0435f3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1418342
CVE-2016-10193 (The espeak-ruby gem before 1.0.3 for Ruby allows remote attackers to ...)
	NOT-FOR-US: espeak-ruby Ruby gem
CVE-2016-10194 (The festivaltts4r gem for Ruby allows remote attackers to execute ...)
	NOT-FOR-US: festivaltts4r
CVE-2015-8981 (Heap-based buffer overflow in the PdfParser::ReadXRefSubsection ...)
	{DLA-929-1}
	- libpodofo 0.9.4-1 (bug #854599)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/podofo/mailman/message/34205419/
	NOTE: https://sourceforge.net/p/podofo/code/1672
CVE-2017-5855 (The PoDoFo::PdfParser::ReadXRefSubsection function in PdfParser.cpp in ...)
	- libpodofo 0.9.4-6 (bug #854603)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	[wheezy] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-podofopdfparserreadxrefsubsection-pdfparser-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: upstream commit: http://sourceforge.net/p/podofo/code/1843
CVE-2017-5854 (base/PdfOutputStream.cpp in PoDoFo 0.9.4 allows remote attackers to ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #854602)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-null-pointer-dereference-in-pdfoutputstream-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1836
CVE-2017-5853 (Integer overflow in base/PdfParser.cpp in PoDoFo 0.9.4 allows remote ...)
	{DLA-929-1}
	- libpodofo 0.9.4-5 (bug #854601)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-signed-integer-overflow-in-pdfparser-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: Proposed fix: https://sourceforge.net/p/podofo/mailman/message/35692197/
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1840/
CVE-2017-5852 (The PoDoFo::PdfPage::GetInheritedKeyFromObject function in ...)
	{DLA-929-1}
	- libpodofo 0.9.5-7 (low; bug #854600)
	[stretch] - libpodofo <no-dsa> (Minor issue)
	[jessie] - libpodofo <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/02/01/podofo-infinite-loop-in-podofopdfpagegetinheritedkeyfromobject-pdfpage-cpp
	NOTE: https://sourceforge.net/p/podofo/mailman/podofo-users/thread/12497325.VLNgGImML2%40blackgate/#msg35640936
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1835
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1838
	NOTE: upstream commit: https://sourceforge.net/p/podofo/code/1841
	NOTE: further patch for ABI compatibility: https://sourceforge.net/p/podofo/mailman/message/36084628/
CVE-2017-5849 (tiffttopnm in netpbm 10.47.63 does not properly use the libtiff ...)
	- netpbm-free <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/02/2
	NOTE: Debian uses an unaffected fork:
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2654#c8
CVE-2017-5850 (httpd in OpenBSD allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: OpenBSD httpd
CVE-2017-5833 (Cross-site scripting (XSS) vulnerability in the invocation code ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5832 (Cross-site scripting (XSS) vulnerability in Revive Adserver before ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5831 (Session fixation vulnerability in the forgot password mechanism in ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5830 (Revive Adserver before 4.0.1 allows remote attackers to execute ...)
	NOT-FOR-US: Revive Adserver
CVE-2017-5675 (A command-injection vulnerability exists in a web application on a ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2017-5674 (A vulnerability in a custom-built GoAhead web server used on Foscam, ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2017-5673 (In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum ...)
	NOT-FOR-US: Joomla extension
CVE-2017-5672 (Kony Enterprise Mobile Management (EMM) before 4.2.5.2 has the ...)
	NOT-FOR-US: Kony Enterprise Mobile Management
CVE-2017-5671 (Honeywell Intermec PM23, PM42, PM43, PC23, PC43, PD43, and PC42 ...)
	NOT-FOR-US: Honeywell
CVE-2017-5670 (Riverbed RiOS through 9.6.0 deletes the secure vault with the rm ...)
	NOT-FOR-US: Riverbed RiOS
CVE-2017-5669 (The do_shmat function in ipc/shm.c in the Linux kernel through 4.9.12 ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.13-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=192931
CVE-2017-5666 (The free_options function in options_manager.c in mp3splt 2.6.2 allows ...)
	- mp3splt <unfixed> (bug #854278)
	[jessie] - mp3splt <no-dsa> (Minor issue)
	[wheezy] - mp3splt <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c
	NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
CVE-2017-5665 (The splt_cue_export_to_file function in cue.c in libmp3splt 0.9.2 ...)
	- mp3splt <unfixed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/01/29/mp3splt-null-pointer-dereference-in-splt_cue_export_to_file-cue-c
	NOTE: https://sourceforge.net/p/mp3splt/bugs/209/
	NOTE: No security impact, crash in CLI tool
CVE-2017-5664 (The error page mechanism of the Java Servlet Specification requires ...)
	{DSA-3892-1 DSA-3891-1 DLA-996-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.14-2 (bug #864447)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	[wheezy] - tomcat6 <end-of-life> (Not supported in Wheezy)
	NOTE: https://lists.apache.org/thread.html/a42c48e37398d76334e17089e43ccab945238b8b7896538478d76066@%3Cannounce.tomcat.apache.org%3E
	NOTE: Fixed by: http://svn.apache.org/r1793469 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1793488 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1793489 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1793470 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1793471 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1793491 (7.0.x)
CVE-2017-5663 (In Apache Fineract 0.4.0-incubating, 0.5.0-incubating, and ...)
	NOT-FOR-US: Apache Fineract
CVE-2017-5662 (In Apache Batik before 1.9, files lying on the filesystem of the ...)
	{DLA-926-1}
	- batik 1.9-1 (bug #860566)
	[stretch] - batik <no-dsa> (Minor issue)
	[jessie] - batik <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/1
	NOTE: Upstream bug: https://issues.apache.org/jira/browse/BATIK-1139
	NOTE: Fixed by: http://svn.apache.org/r1743326
	NOTE: Similar issue to CVE-2015-0250
CVE-2017-5661 (In Apache FOP before 2.2, files lying on the filesystem of the server ...)
	{DSA-3864-1 DLA-927-1}
	- fop 1:2.1-6 (bug #860567)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/18/2
	NOTE: Upstream bug: https://issues.apache.org/jira/browse/FOP-2668
	NOTE: Fixed by: http://svn.apache.org/r1769967
	NOTE: Fixed by: http://svn.apache.org/r1769968 (fix for Java 6)
CVE-2017-5660 (There is a vulnerability in Apache Traffic Server (ATS) 6.2.0 and ...)
	{DSA-4128-1}
	- trafficserver 7.1.2+ds-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/apache/trafficserver/pull/1657
	NOTE: https://issues.apache.org/jira/browse/TS-4930
CVE-2017-5659 (Apache Traffic Server before 6.2.1 generates a coredump when there is ...)
	- trafficserver 7.0.0-1
	[wheezy] - trafficserver <not-affected> (PoC doesn't crash the server, fix too hard to backport)
	NOTE: https://issues.apache.org/jira/browse/TS-4507
	NOTE: reproducer in https://issues.apache.org/jira/browse/TS-4819 (dupe of above)
	NOTE: https://github.com/apache/trafficserver/pull/787/commits/85c021123fd94c4d97a6015484eb1d8054bec9eb
	NOTE: evaluate related backport to 6.2: https://github.com/apache/trafficserver/pull/1153
CVE-2017-5658
	RESERVED
CVE-2017-5657 (Several REST service endpoints of Apache Archiva are not protected ...)
	NOT-FOR-US: Apache Archiva
CVE-2017-5656 (Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of ...)
	NOT-FOR-US: Apache CXF
CVE-2017-5655 (In Ambari 2.2.2 through 2.4.2 and Ambari 2.5.0, sensitive data may be ...)
	NOT-FOR-US: Apache Ambari
CVE-2017-5654 (In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of ...)
	NOT-FOR-US: Apache Ambari
CVE-2017-5653 (JAX-RS XML Security streaming clients in Apache CXF before 3.1.11 and ...)
	NOT-FOR-US: Apache CXF
CVE-2017-5652 (During a routine security analysis, it was found that one of the ports ...)
	NOT-FOR-US: Impala
CVE-2017-5651 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.11-2 (bug #860071)
	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/21
	NOTE: Fixed by: http://svn.apache.org/r1788546 (8.5.x)
CVE-2017-5650 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M18 and 8.5.0 to 8.5.12, the ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.11-2 (bug #860070)
	[jessie] - tomcat8 <not-affected> (Only affects 8.5 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/22
	NOTE: Fixed by: http://svn.apache.org/r1788480 (8.5.x)
CVE-2017-5649 (Apache Geode before 1.1.1, when a cluster has enabled security by ...)
	NOT-FOR-US: Apache Geode
CVE-2017-5648 (While investigating bug 60718, it was noticed that some calls to ...)
	{DSA-3843-1 DSA-3842-1 DLA-924-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.11-2 (bug #860069)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 <not-affected> (Only affects 7.0 an later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/23
	NOTE: Fixed by: http://svn.apache.org/r1785775 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1785776 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1785777 (7.0.x)
CVE-2017-5647 (A bug in the handling of the pipelined requests in Apache Tomcat ...)
	{DSA-3843-1 DSA-3842-1 DLA-924-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.11-2 (bug #860068)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://www.openwall.com/lists/oss-security/2017/04/10/24
	NOTE: Fixed by: http://svn.apache.org/r1788932 (8.5.x)
	NOTE: Fixed by: http://svn.apache.org/r1788999 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789008 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789024 (6.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789155 (6.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1789856 (6.0.x)
CVE-2017-5646 (For versions of Apache Knox from 0.2.0 to 0.11.0 - an authenticated ...)
	NOT-FOR-US: Apache Knox
CVE-2017-5645 (In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or ...)
	- apache-log4j2 2.7-2 (bug #860489)
	[jessie] - apache-log4j2 <ignored> (Minor issue, no consumers of liblog4j2-java in Jessie)
	NOTE: https://issues.apache.org/jira/browse/LOG4J2-1863
	NOTE: Fixed by: https://git-wip-us.apache.org/repos/asf?p=logging-log4j2.git;h=5dcc19215827db29c993d0305ee2b0d8dd05939d
CVE-2017-5644 (Apache POI in versions prior to release 3.15 allows remote attackers ...)
	- libapache-poi-java <unfixed> (bug #858301)
	[stretch] - libapache-poi-java <no-dsa> (Minor issue)
	[jessie] - libapache-poi-java <no-dsa> (Minor issue)
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/20/9
CVE-2017-5643 (Apache Camel's Validation Component is vulnerable against SSRF via ...)
	NOT-FOR-US: Apache Camel
CVE-2017-5642 (During installation of Ambari 2.4.0 through 2.4.2, Ambari Server ...)
	NOT-FOR-US: Apache Ambari
CVE-2017-5641 (Previous versions of Apache Flex BlazeDS (4.7.2 and earlier) did not ...)
	NOT-FOR-US: Apache Flex BlazeDS
CVE-2017-5640 (It was noticed that a malicious process impersonating an Impala daemon ...)
	NOT-FOR-US: Impala
CVE-2017-5639
	RESERVED
CVE-2017-5638 (The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.3.5 - Struts 2.3.31, Struts 2.5 - Struts 2.5.10)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-045
CVE-2017-5637 (Two four letter word commands &quot;wchp/wchc&quot; are CPU intensive and could ...)
	{DSA-3871-1 DLA-986-1}
	- zookeeper 3.4.9-3 (bug #863811)
	NOTE: https://issues.apache.org/jira/browse/ZOOKEEPER-2693
CVE-2017-5636 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-5635 (In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster ...)
	NOT-FOR-US: Apache NiFi
CVE-2017-5634 (The Norwegian Air Shuttle (aka norwegian.com) airline kiosk allows ...)
	NOT-FOR-US: Norwegian
CVE-2017-5633 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: D-Link
CVE-2017-5632 (An issue was discovered on the ASUS RT-N56U Wireless Router with ...)
	NOT-FOR-US: Asus router
CVE-2017-5631 (An issue was discovered in KMCIS CaseAware. Reflected cross site ...)
	NOT-FOR-US: KMCIS CaseAware
CVE-2017-5630 (PECL in the download utility class in the Installer in PEAR Base System ...)
	- php5 <unfixed> (unimportant)
	- php-pear <unfixed> (unimportant)
	NOTE: https://pear.php.net/bugs/bug.php?id=21171
	NOTE: pear performs no kind of authentication/integrity checks for downloads, so an attacker can MITM freely anyway
CVE-2017-5629
	RESERVED
CVE-2017-5626 (OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5625 (In OxygenOS before 4.0.3 on OnePlus 3 and 3T devices, an unauthorized ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5624 (An issue was discovered in OxygenOS before 4.0.3 for OnePlus 3 and 3T. ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5623 (An issue was discovered in OxygenOS before 4.1.0 on OnePlus 3 and 3T ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5622 (With OxygenOS before 4.0.3, when a charger is connected to a ...)
	NOT-FOR-US: OxygenOS
CVE-2017-5621 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and ...)
	- zammad <itp> (bug #841355)
CVE-2017-5620 (An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, ...)
	- zammad <itp> (bug #841355)
CVE-2017-5619 (An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and ...)
	- zammad <itp> (bug #841355)
CVE-2017-5609 (SQL injection vulnerability in include/functions_entries.inc.php in ...)
	- serendipity <removed>
CVE-2017-5607 (Splunk Enterprise 5.0.x before 5.0.18, 6.0.x before 6.0.14, 6.1.x ...)
	NOT-FOR-US: Splunk
CVE-2017-5606 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	NOT-FOR-US: Xabber
CVE-2017-5605 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	NOT-FOR-US: Movim
CVE-2017-5604 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	- mcabber 1.0.4-1.1 (bug #854738)
	[jessie] - mcabber <not-affected> (XEP-0280: Message Carbons not implemented)
	[wheezy] - mcabber <not-affected> (XEP-0280: Message Carbons not implemented)
CVE-2017-5603 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	- jitsi <removed> (bug #854737)
CVE-2017-5602 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	- jappix <itp> (bug #619347)
CVE-2017-5601 (An error in the lha_read_file_header_1() function ...)
	{DLA-810-1}
	- libarchive 3.2.1-6 (bug #853278)
	[jessie] - libarchive <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/98dcbbf0bf4854bf987557e55e55fff7abbf3ea9
	NOTE: https://secunia.com/secunia_research/2017-3/
CVE-2016-10186 (An issue was discovered on the D-Link DWR-932B router. ...)
	NOT-FOR-US: D-Link
CVE-2016-10185 (An issue was discovered on the D-Link DWR-932B router. A secure_mode=no ...)
	NOT-FOR-US: D-Link
CVE-2016-10184 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows ...)
	NOT-FOR-US: D-Link
CVE-2016-10183 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows ...)
	NOT-FOR-US: D-Link
CVE-2016-10182 (An issue was discovered on the D-Link DWR-932B router. qmiweb allows ...)
	NOT-FOR-US: D-Link
CVE-2016-10181 (An issue was discovered on the D-Link DWR-932B router. qmiweb provides ...)
	NOT-FOR-US: D-Link
CVE-2016-10180 (An issue was discovered on the D-Link DWR-932B router. WPS PIN ...)
	NOT-FOR-US: D-Link
CVE-2016-10179 (An issue was discovered on the D-Link DWR-932B router. There is a ...)
	NOT-FOR-US: D-Link
CVE-2016-10178 (An issue was discovered on the D-Link DWR-932B router. HELODBG on port ...)
	NOT-FOR-US: D-Link
CVE-2016-10177 (An issue was discovered on the D-Link DWR-932B router. Undocumented ...)
	NOT-FOR-US: D-Link
CVE-2016-10176 (The NETGEAR WNR2000v5 router allows an administrator to perform ...)
	NOT-FOR-US: Netgear
CVE-2016-10175 (The NETGEAR WNR2000v5 router leaks its serial number when performing a ...)
	NOT-FOR-US: Netgear
CVE-2016-10174 (The NETGEAR WNR2000v5 router contains a buffer overflow in the ...)
	NOT-FOR-US: Netgear
CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending ...)
	NOT-FOR-US: Gentoo ebuilds dir permissions at install time
CVE-2017-5667 (The sdhci_sdma_transfer_multi_blocks function in hw/sd/sdhci.c in QEMU ...)
	- qemu 1:2.8+dfsg-3 (bug #853996)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06191.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417559
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/2
CVE-2017-5668 (bitlbee-libpurple before 3.5.1 allows remote attackers to cause a ...)
	- bitlbee 3.5.1-1 (bug #853282)
	[jessie] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
	[wheezy] - bitlbee <not-affected> (Incomplete fix for CVE-2016-10189 not applied)
	NOTE: https://bugs.bitlbee.org/ticket/1282
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441 (3.5.1)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
	NOTE: This CVE exists because of an incomplete fix for CVE-2016-10189
CVE-2016-10189 (BitlBee before 3.5 allows remote attackers to cause a denial of ...)
	{DSA-3853-1 DLA-832-1}
	- bitlbee 3.5-1
	NOTE: https://bugs.bitlbee.org/ticket/1282
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/701ab8129ba9ea64f569daedca9a8603abad740f (3.5)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
	NOTE: When fixing this CVE make sure to apply as well
	NOTE: https://github.com/bitlbee/bitlbee/commit/30d598ce7cd3f136ee9d7097f39fa9818a272441
	NOTE: to not open CVE-2017-5668
CVE-2016-10188 (Use-after-free vulnerability in bitlbee-libpurple before 3.5 allows ...)
	{DSA-3853-1 DLA-832-1}
	- bitlbee 3.5-1
	NOTE: https://bugs.bitlbee.org/ticket/1281
	NOTE: Fixed by: https://github.com/bitlbee/bitlbee/commit/ea902752503fc5b356d6513911081ec932d804f2 (3.5)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/30/4
CVE-2017-5940 (Firejail before 0.9.44.6 and 0.9.38.x LTS before 0.9.38.10 LTS does not ...)
	- firejail 0.9.44.6-1
	NOTE: Changelog mentions the new fix for CVE-2017-5180 in RELNOTES for 0.9.44.6
	NOTE: an needs series of commits after 0.9.44.4
	NOTE: https://github.com/netblue30/firejail/blob/0.9.44.6/RELNOTES
	NOTE: https://github.com/netblue30/firejail/commit/38d418505e9ee2d326557e5639e8da49c298858f (0.9.44.6)
	NOTE: https://github.com/netblue30/firejail/commit/b8a4ff9775318ca5e679183884a6a63f3da8f863 (0.9.44.6)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/4
CVE-2016-10187 (The E-book viewer in calibre before 2.75 allows remote attackers to ...)
	{DLA-859-1}
	- calibre 2.75.1+dfsg-1 (low; bug #853004)
	[jessie] - calibre <no-dsa> (Minor issue)
	NOTE: Upstream report: https://launchpad.net/bugs/1651728
	NOTE: Upstream fix: https://github.com/kovidgoyal/calibre/commit/3a89718664cb8cce0449d1758eee585ed0d0433c
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/29/8
CVE-2017-5899 (Directory traversal vulnerability in the setuid root helper binary in ...)
	- s-nail 14.8.16-1 (bug #852934)
	NOTE: https://www.mail-archive.com/s-nail-users@lists.sourceforge.net/msg00551.html
	NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f797c27efecad45af191c518b7f87fda32ada160
	NOTE: https://git.sdaoden.eu/cgit/s-nail.git/commit/?id=f2699449b66dd702a98925bd1b11153a6f7294bf
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/7
CVE-2017-5628 (An issue was discovered in Artifex Software, Inc. MuJS before ...)
	NOT-FOR-US: MuJS
CVE-2017-5627 (An issue was discovered in Artifex Software, Inc. MuJS before ...)
	NOT-FOR-US: MuJS
CVE-2017-5617 (The SVG Salamander (aka svgSalamander) library, when used in a web ...)
	{DSA-3781-1 DLA-816-1}
	- svgsalamander 1.1.1+dfsg-2 (bug #853134)
	NOTE: https://github.com/blackears/svgSalamander/issues/11
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/3
CVE-2017-5608 (Cross-site scripting (XSS) vulnerability in the image upload function ...)
	- piwigo <removed>
CVE-2017-5600 (The Data Warehouse component in NetApp OnCommand Insight before 7.2.3 ...)
	NOT-FOR-US: NetApp OnCommand Insight
CVE-2017-5599 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5598 (An issue was discovered in eClinicalWorks healow@work 8.0 build 8. This ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5612 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.2+dfsg-1 (bug #852767)
	NOTE: https://github.com/WordPress/WordPress/commit/4482f9207027de8f36630737ae085110896ea849
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5611 (SQL injection vulnerability in wp-includes/class-wp-query.php in ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.2+dfsg-1 (bug #852767)
	NOTE: https://github.com/WordPress/WordPress/commit/85384297a60900004e27e417eac56d24267054cb
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5610 (wp-admin/includes/class-wp-press-this.php in Press This in WordPress ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.2+dfsg-1 (bug #852767)
	NOTE: https://github.com/WordPress/WordPress/commit/21264a31e0849e6ff793a06a17de877dd88ea454
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/27/2
CVE-2017-5595 (A file disclosure and inclusion vulnerability exists in ...)
	{DLA-1145-1}
	- zoneminder 1.30.4+dfsg-1 (bug #854733)
	NOTE: Check https://github.com/ZoneMinder/ZoneMinder/commit/8b19fca9927cdec07cc9dd09bdcf2496a5ae69b3
CVE-2017-5594 (An issue was discovered in Pagekit CMS before 1.0.11. In this ...)
	NOT-FOR-US: Pagekit CMS
CVE-2017-5593 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	- psi-plus <not-affected> (vulnerable code not present, XEP-0280 not implemented)
CVE-2017-5592 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	- profanity 0.5.1-1 (bug #854735)
	[jessie] - profanity <not-affected> (Vulnerable code not present)
CVE-2017-5591 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	- sleekxmpp 1.3.1-6 (bug #854739)
	[jessie] - sleekxmpp <not-affected> (vulnerable code not present, XEP-0280 not implemented)
	[wheezy] - sleekxmpp <not-affected> (vulnerable code not present, XEP-0280 not implemented)
	- slixmpp 1.2.2-1.1 (bug #854740)
CVE-2017-5590 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	NOT-FOR-US: ChatSecure / Zom
CVE-2017-5589 (An incorrect implementation of &quot;XEP-0280: Message Carbons&quot; in multiple ...)
	NOT-FOR-US: yaxim / Bruno
CVE-2016-10173 (Directory traversal vulnerability in the minitar before 0.6 and ...)
	{DSA-3778-1 DLA-808-1}
	- ruby-minitar 0.5.4-3.1 (bug #853075)
	- ruby-archive-tar-minitar <removed> (bug #853249)
	NOTE: https://github.com/halostatue/minitar/issues/16
	NOTE: https://github.com/halostatue/minitar/commit/e25205ecbb6277ae8a3df1e6a306d7ed4458b6e4
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
CVE-2016-10172 (The read_new_config_info function in open_utils.c in Wavpack before ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561951/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10171 (The unreorder_channels function in cli/wvunpack.c in Wavpack before ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561939/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10170 (The WriteCaffHeader function in cli/caff.c in Wavpack before 5.1.0 ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <not-affected> (Vulnerable code not present)
	[wheezy] - wavpack <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35561921/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10169 (The read_code function in read_words.c in Wavpack before 5.1.0 allows ...)
	- wavpack 5.0.0-2 (bug #853076)
	[jessie] - wavpack <no-dsa> (Minor issue)
	[wheezy] - wavpack <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/wavpack/mailman/message/35557889/
	NOTE: Fixed by: https://github.com/dbry/WavPack/commit/4bc05fc490b66ef2d45b1de26abf1455b486b0dc (5.1.0)
CVE-2016-10166 (Integer underflow in the _gdContributionsAlloc function in ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/60bfb401ad5a4a8ae995dcd36372fe15c71e1a35
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10167 (The gdImageCreateFromGd2Ctx function in gd_gd2.c in the GD Graphics ...)
	{DSA-3777-1 DLA-804-1}
	- php7.1 7.1.1-1 (unimportant)
	- php7.0 7.0.15-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73868
	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/fe9ed49dafa993e3af96b6a5a589efeea9bfb36f
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2016-10168 (Integer overflow in gd_io.c in the GD Graphics Library (aka libgd) ...)
	{DSA-3777-1 DLA-804-1}
	- php7.1 7.1.1-1 (unimportant)
	- php7.0 7.0.15-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.30+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73869
	NOTE: Fixed in PHP 7.1.1, 7.0.15, 5.6.30
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/69d2fd2c597ffc0c217de1238b9bf4d4bceba8e6
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/26/1
CVE-2017-5588
	RESERVED
CVE-2017-5587
	RESERVED
CVE-2017-5586 (OpenText Documentum D2 (formerly EMC Documentum D2) 4.x allows remote ...)
	NOT-FOR-US: OpenText Documentum D2
CVE-2017-5585 (OpenText Documentum Content Server (formerly EMC Documentum Content ...)
	NOT-FOR-US: OpenText Documentum Content Server
CVE-2017-5584 (Cross-site scripting (XSS) vulnerability in the Management Web ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2017-5583 (The Management Web Interface in Palo Alto Networks PAN-OS before ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2017-5582
	RESERVED
CVE-2017-6852 (Heap-based buffer overflow in the jpc_dec_decodepkt function in ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/114
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/10
CVE-2017-6850 (The jp2_cdef_destroy function in jp2_cod.c in JasPer before 2.0.13 ...)
	- jasper <removed> (unimportant)
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/112
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/8
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-6851 (The jas_matrix_bindsub function in jas_seq.c in JasPer 2.0.10 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/113
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/25/9
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5618 (GNU screen before 4.5.1 allows local users to modify arbitrary files ...)
	- screen 4.5.0-3 (bug #852484)
	[stretch] - screen <not-affected> (Vulnerable code not present/never migrated to stretch)
	[jessie] - screen <not-affected> (Vulnerable code not present)
	[wheezy] - screen <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/screen-devel/2017-01/msg00025.html
	NOTE: https://savannah.gnu.org/bugs/?50142
	NOTE: Introduced in (screen-v4): http://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v4&id=5460f5d28c01a9a58e021eb1dffef2965e629d58
	NOTE: Introduced in (master): http://git.savannah.gnu.org/cgit/screen.git/commit/?id=c575c40c9bd7653470639da32e06faed0a9b2ec4
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/24/10
CVE-2017-5597 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the DHCPv6 dissector ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.4+gcc3dc1b-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-02.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13345
CVE-2017-5596 (In Wireshark 2.2.0 to 2.2.3 and 2.0.0 to 2.0.9, the ASTERIX dissector ...)
	{DSA-3811-1 DLA-858-1}
	- wireshark 2.2.4+gcc3dc1b-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2017-01.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=13344
CVE-2016-10165 (The Type_MLU_Read function in cmstypes.c in Little CMS (aka lcms2) ...)
	{DSA-3774-1 DLA-803-1}
	- lcms2 2.8-4 (bug #852627)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367357
	NOTE: https://github.com/mm2/Little-CMS/commit/5ca71a7bc18b6897ab21d815d15e218e204581e2
CVE-2016-10164 (Multiple integer overflows in libXpm before 3.5.12, when a program ...)
	{DSA-3772-1 DLA-801-1}
	- libxpm 1:3.5.12-1
	NOTE: Fixed by: https://cgit.freedesktop.org/xorg/lib/libXpm/commit/?id=d1167418f0fd02a27f617ec5afd6db053afbe185
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/22/2
CVE-2016-10163 (Memory leak in the vrend_renderer_context_create_internal function in ...)
	- virglrenderer 0.6.0-1 (bug #852603)
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=747a293ff6055203e529f083896b823e22523fe7 (0.6.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415944
CVE-2017-5581 (Buffer overflow in the ModifiablePixelBuffer::fillRect function in ...)
	- tigervnc 1.7.0+dfsg-3 (bug #852213)
	NOTE: https://github.com/TigerVNC/tigervnc/pull/399
	NOTE: https://github.com/TigerVNC/tigervnc/commit/18c020124ff1b2441f714da2017f63dba50720ba
CVE-2017-5580 (The parse_instruction function in gallium/auxiliary/tgsi/tgsi_text.c ...)
	- virglrenderer 0.6.0-1 (bug #852604)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415986
	NOTE: https://cgit.freedesktop.org/virglrenderer/commit/?id=28894a30a17a84529be102b21118e55d6c9f23fa (0.6.0)
	NOTE: https://lists.freedesktop.org/archives/virglrenderer-devel/2017-January/000105.html
CVE-2017-5579 (Memory leak in the serial_exit_core function in hw/char/serial.c in ...)
	- qemu 1:2.8+dfsg-3 (bug #853002)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=8409dc884a201bf74b30a9d232b6bbdd00cb7e2b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1416157
CVE-2017-5578 (Memory leak in the virtio_gpu_resource_attach_backing function in ...)
	- qemu 1:2.10.0-1 (unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=204f01b30975923c64006f8067f0937b91eea68b (v2.9.0-rc0)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=62232bf48456bda4058ceae05851bc58c1032338 (v2.4.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415795
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 upload reverts
	NOTE: enable virtio gpu (virglrenderer) and opengl support
CVE-2017-5577 (The vc4_get_bcl function in drivers/gpu/drm/vc4/vc4_gem.c in the ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/6b8ac63847bc2f958dd93c09edc941a0118992d9
	NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1)
CVE-2017-5576 (Integer overflow in the vc4_get_bcl function in ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/0f2ff82e11c86c05d051cae32b58226392d33bbf
	NOTE: Introduced by: https://git.kernel.org/linus/d5b1a78a772f1e31a94f8babfa964152ec5e9aa5 (4.5-rc1)
CVE-2017-5575 (SQL injection vulnerability in inc/lib/Options.class.php in GeniXCMS ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5574 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5573 (An issue was discovered in Linux Foundation xapi in Citrix XenServer ...)
	NOT-FOR-US: Citrix
CVE-2017-5572 (An issue was discovered in Linux Foundation xapi in Citrix XenServer ...)
	NOT-FOR-US: Citrix
CVE-2017-5571 (Open redirect vulnerability in the lmadmin component in Flexera ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2017-5570 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5569 (An issue was discovered in eClinicalWorks Patient Portal 7.0 build 13. ...)
	NOT-FOR-US: eClinicalWorks
CVE-2017-5568
	RESERVED
CVE-2017-5567 (Code injection vulnerability in Avast Premier 12.3 (and earlier), ...)
	NOT-FOR-US: Avast
CVE-2017-5566 (Code injection vulnerability in AVG Ultimate 17.1 (and earlier), AVG ...)
	NOT-FOR-US: AVG
CVE-2017-5565 (Code injection vulnerability in Trend Micro Maximum Security 11.0 (and ...)
	NOT-FOR-US: Trend Micro
CVE-2017-5564
	RESERVED
CVE-2017-5563 (LibTIFF version 4.0.7 is vulnerable to a heap-based buffer over-read in ...)
	- tiff <unfixed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2664
	NOTE: bmp2tiff utility removed in 4.0.6-3 and 4.0.3-12.3+deb8u2
CVE-2017-5562
	RESERVED
CVE-2017-5561
	RESERVED
CVE-2017-5560
	RESERVED
CVE-2017-5559
	RESERVED
CVE-2017-5558
	RESERVED
CVE-2017-5557
	RESERVED
CVE-2017-5556 (The ConvertToPDF plugin in Foxit Reader before 8.2 and PhantomPDF ...)
	NOT-FOR-US: Foxit Reader
CVE-2017-5555
	RESERVED
CVE-2017-5554 (An issue was discovered in ABOOT in OnePlus 3 and 3T OxygenOS before ...)
	NOT-FOR-US: OnePlus 3 / 3T OxygenOS
CVE-2017-5553 (Cross-site scripting (XSS) vulnerability in ...)
	- b2evolution <removed>
CVE-2017-5545 (The main function in plistutil.c in libimobiledevice libplist through ...)
	{DLA-811-1}
	- libplist 1.12+git+1+e37ca00-0.1 (low; bug #852385)
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libplist/issues/87
	NOTE: Fixed by: https://github.com/libimobiledevice/libplist/commit/7391a506352c009fe044dead7baad9e22dd279ee
CVE-2017-5544 (An issue was discovered on FiberHome Fengine S5800 switches V210R240. ...)
	NOT-FOR-US: FiberHome switches
CVE-2017-5543 (includes/classes/ia.core.users.php in Subrion CMS 4.0.5 allows remote ...)
	NOT-FOR-US: Subrion CMS
CVE-2017-5542 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-5541 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Symphony CMS
CVE-2017-5540
	RESERVED
CVE-2017-5539 (The patch for directory traversal (CVE-2017-5480) in b2evolution ...)
	- b2evolution <removed>
CVE-2017-5536 (The GridServer Broker, and GridServer Director components of TIBCO ...)
	NOT-FOR-US: TIBCO GridServer
CVE-2017-5535 (The GridServer Broker, GridServer Driver, and GridServer Engine ...)
	NOT-FOR-US: TIBCO GridServer
CVE-2017-5534 (The tibbr user profiles components of tibbr Community, and tibbr ...)
	NOT-FOR-US: tibbr
CVE-2017-5533 (A vulnerability in the server content cache of TIBCO JasperReports ...)
	- jasperreports <undetermined> (bug #884131)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: http://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017
CVE-2017-5532 (A vulnerability in the report renderer component of TIBCO ...)
	- jasperreports <undetermined> (bug #884131)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532
CVE-2017-5531 (Deployments of TIBCO Managed File Transfer Command Center versions ...)
	NOT-FOR-US: TIBCO
CVE-2017-5530 (The tibbr web server components of tibbr Community, and tibbr ...)
	NOT-FOR-US: tibbr
CVE-2017-5529 (JasperReports library components contain an information disclosure ...)
	- jasperreports <undetermined> (bug #880467)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017-0
CVE-2017-5528 (Multiple JasperReports Server components contain vulnerabilities ...)
	- jasperreports <undetermined> (bug #880467)
	[wheezy] - jasperreports <end-of-life> (cannot be supported due to lack of information)
	NOTE: https://www.tibco.com/support/advisories/2017/06/tibco-security-advisory-june-28-2017-tibco-jasperreports-server-2017
CVE-2017-5527 (TIBCO Spotfire Server 7.0.X before 7.0.2, 7.5.x before 7.5.1, 7.6.x ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2016-10162 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP 7.0.x ...)
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	NOTE: PHP Bug: http://bugs.php.net/73831
	NOTE: Fixed in 7.0.15, 7.1.1
CVE-2016-10161 (The object_common1 function in ext/standard/var_unserializer.c in PHP ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73825
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10160 (Off-by-one error in the phar_parse_pharfile function in ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73768
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10159 (Integer overflow in the phar_parse_pharfile function in ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73764
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10158 (The exif_convert_any_to_int function in ext/exif/exif.c in PHP before ...)
	{DSA-3783-1 DLA-818-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: http://bugs.php.net/73737
	NOTE: Fixed in 5.6.30, 7.0.15, 7.1.1
CVE-2016-10157 (Akamai NetSession 1.9.3.1 is vulnerable to DLL Hijacking: it tries to ...)
	NOT-FOR-US: Akamai NetSession
CVE-2016-10156 (A flaw in systemd v228 in /src/basic/fs-util.c caused world writable ...)
	- systemd 229-1
	[jessie] - systemd <not-affected> (Vulnerability introduced in v228)
	[wheezy] - systemd <not-affected> (Vulnerability introduced in v228)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1020601
	NOTE: Fixed by: https://github.com/systemd/systemd/commit/06eeacb6fe029804f296b065b3ce91e796e1cd0e (v229)
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/ee735086f8670be1591fa9593e80dd60163a7a2f (v228)
CVE-2017-5616 (Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5615 (cgiemail and cgiecho allow remote attackers to inject HTTP headers via ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5614 (Open redirect vulnerability in cgiemail and cgiecho allows remote ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2017-5613 (Format string vulnerability in cgiemail and cgiecho allows remote ...)
	{DLA-869-1}
	- cgiemail <removed> (bug #852031)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/20/6
CVE-2016-10155 (Memory leak in hw/watchdog/wdt_i6300esb.c in QEMU (aka Quick Emulator) ...)
	- qemu 1:2.8+dfsg-2 (low; bug #852232)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-12/msg03104.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415199
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=eb7a20a3616085d46aa6b4b4224e15587ec67e6e
CVE-2016-10154 (The smbhash function in fs/cifs/smbencrypt.c in the Linux kernel 4.9.x ...)
	- linux 4.9.2-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/06deeec77a5a689cc94b21a8a91a76e42176685d (v4.10-rc1)
CVE-2016-10153 (The crypto scatterlist API in the Linux kernel 4.9.x before 4.9.6 ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/a45f795c65b479b4ba107b6ccde29b896d51ee98 (v4.10-rc1)
CVE-2016-10152 (The read_config_file function in lib/hesiod.c in Hesiod 3.2.1 falls ...)
	{DLA-796-1}
	- hesiod <unfixed> (low; bug #852093)
	[stretch] - hesiod <no-dsa> (Minor issue)
	[jessie] - hesiod <no-dsa> (Minor issue)
	NOTE: https://github.com/achernya/hesiod/pull/10
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332493
CVE-2016-10151 (The hesiod_init function in lib/hesiod.c in Hesiod 3.2.1 compares EUID ...)
	{DLA-796-1}
	- hesiod <unfixed> (low; bug #852094)
	[stretch] - hesiod <no-dsa> (Minor issue)
	[jessie] - hesiod <no-dsa> (Minor issue)
	NOTE: https://github.com/achernya/hesiod/pull/9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332508
CVE-2016-10150 (Use-after-free vulnerability in the kvm_ioctl_create_device function ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/a0f1d21c1ccb1da66629627a74059dd7f5ac9c61 (v4.9-rc8)
	NOTE: Introduced by: https://git.kernel.org/linus/a28ebea2adc4a2bef5989a5a181ec238f59fbcad (v4.8-rc2)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414506
CVE-2016-10148 (The wp_ajax_update_plugin function in ...)
	- wordpress 4.6.1+dfsg-1
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: https://core.trac.wordpress.org/ticket/37490
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2017-5552 (Memory leak in the virgl_resource_attach_backing function in ...)
	- qemu 1:2.10.0-1 (bug #852119; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg00154.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1415281
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=33243031dad02d161225ba99d782616da133f689 (v2.9.0-rc0)
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
CVE-2017-5551 (The simple_set_acl function in fs/posix_acl.c in the Linux kernel ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux 3.2.84-1
	NOTE: Backported fix for CVE-2016-7097 already covered this CVE for wheezy
	NOTE: Fixed by: https://git.kernel.org/linus/497de07d89c1410d76a15bec2bb41f24a2a89f31 (4.10-rc4)
CVE-2017-5550 (Off-by-one error in the pipe_advance function in lib/iov_iter.c in the ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9)
	[wheezy] - linux <not-affected> (Introduced in 4.9)
	NOTE: Fixed by: https://git.kernel.org/linus/b9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb (4.10-rc4)
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/241699cd72a8489c9446ae3910ddd243e9b9061b (4.9-rc1)
CVE-2017-5549 (The klsi_105_get_line_state function in ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/146cc8a17a3b4996f6805ee5c080e7101277c410 (4.10-rc4)
CVE-2017-5548 (drivers/net/ieee802154/atusb.c in the Linux kernel 4.9.x before 4.9.6 ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	[wheezy] - linux <not-affected> (Introduced in 4.9 in combination with VMAP_STACK)
	NOTE: Fixed by: https://git.kernel.org/linus/05a974efa4bdf6e2a150e3f27dc6fcf0a9ad5655
CVE-2017-5547 (drivers/hid/hid-corsair.c in the Linux kernel 4.9.x before 4.9.6 ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.4-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/6d104af38b570d37aa32a5803b04c354f8ed513d
CVE-2017-5546 (The freelist-randomization feature in mm/slab.c in the Linux kernel ...)
	- linux 4.9.6-1
	[jessie] - linux <not-affected> (freelist randomisation introduced in 4.7)
	[wheezy] - linux <not-affected> (freelist randomisation introduced in 4.7)
	NOTE: Fixed by: https://git.kernel.org/linus/c4e490cf148e85ead0d1b1c2caaba833f1d5b29f (v4.10-rc4)
CVE-2017-5538 (The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c ...)
	NOT-FOR-US: Samsung Exynos
CVE-2017-5524 (Plone 4.x through 4.3.11 and 5.x through 5.0.6 allow remote attackers ...)
	NOT-FOR-US: Plone
CVE-2017-5537 (The password reset form in Weblate before 2.10.1 provides different ...)
	- weblate <itp> (bug #745661)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/18/11
CVE-2017-5526 (Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows ...)
	- qemu 1:2.8+dfsg-2 (bug #851910)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01742.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1414209
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da
	NOTE: Sound device hotplug not supported by libvirt
CVE-2017-5525 (Memory leak in hw/audio/ac97.c in QEMU (aka Quick Emulator) allows ...)
	- qemu 1:2.8+dfsg-2 (bug #852021)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2017-01/msg01740.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=12351a91da97b414eec8cdb09f1d9f41e535a401
	NOTE: Sound device hotplug not supported by libvirt
CVE-2017-5523
	RESERVED
CVE-2017-5522 (Stack-based buffer overflow in MapServer before 6.0.6, 6.2.x before ...)
	{DSA-3766-1 DLA-790-1}
	- mapserver 7.0.4-1
	NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2017-January/015007.html
	NOTE: https://github.com/mapserver/mapserver/commit/e52a436c0e1c5e9f7ef13428dba83194a800f4df
CVE-2017-2578 (In Moodle 3.x, there is XSS in the assignment submission page. ...)
	- moodle 2.7.18+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=345915
CVE-2017-2576 (In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in ...)
	- moodle 2.7.18+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=345912
CVE-2017-5521 (An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, ...)
	NOT-FOR-US: NETGEAR
CVE-2017-5520 (The media rename feature in GeniXCMS through 0.0.8 does not consider ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5519 (SQL injection vulnerability in Posts.class.php in GeniXCMS through ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5518 (The media-file upload feature in GeniXCMS through 0.0.8 allows remote ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5517 (SQL injection vulnerability in author.control.php in GeniXCMS through ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5516 (Multiple cross-site scripting (XSS) vulnerabilities in the user forms ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5515 (Cross-site scripting (XSS) vulnerability in the user prompt function in ...)
	NOT-FOR-US: GenixCMS
CVE-2017-5514
	RESERVED
CVE-2017-5513
	RESERVED
CVE-2017-5512
	RESERVED
CVE-2017-5497
	RESERVED
CVE-2017-5496 (Sawmill Enterprise 8.7.9 allows remote attackers to gain login access ...)
	NOT-FOR-US: Sawmill Enterprise
CVE-2017-5495 (All versions of Quagga, 0.93 through 1.1.0, are vulnerable to an ...)
	- quagga 1.1.1-1 (bug #852454)
	[jessie] - quagga <no-dsa> (Minor issue)
	[wheezy] - quagga <no-dsa> (Minor issue)
	NOTE: http://savannah.nongnu.org/forum/forum.php?forum_id=8783
	NOTE: http://mirror.easyname.at/nongnu//quagga/quagga-1.1.1.changelog.txt
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=b7ceefea77a246fe5c1dcd1b91bf6079d1b97c02
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=7d66284a5817a1613b1e4d64a0775ec04fdf8c01
CVE-2017-5494 (Multiple cross-site scripting (XSS) vulnerabilities in the file types ...)
	- b2evolution <removed>
CVE-2017-5486 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5485 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5484 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5483 (The SNMP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5482 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5481 (Trend Micro OfficeScan 11.0 before SP1 CP 6325 and XG before CP 1352 ...)
	NOT-FOR-US: Trend Micro
CVE-2017-5480 (Directory traversal vulnerability in inc/files/files.ctrl.php in ...)
	- b2evolution <removed>
CVE-2017-5479
	RESERVED
CVE-2017-5478
	RESERVED
CVE-2017-5477
	RESERVED
CVE-2017-5476 (Serendipity through 2.0.5 allows CSRF for the installation of an event ...)
	- serendipity <removed>
CVE-2017-5475 (comment.php in Serendipity through 2.0.5 allows CSRF in deleting any ...)
	- serendipity <removed>
CVE-2017-5474 (Open redirect vulnerability in comment.php in Serendipity through 2.0.5 ...)
	- serendipity <removed>
CVE-2017-5473 (Cross-site request forgery (CSRF) vulnerability in ntopng through 2.4 ...)
	- ntopng 2.4+dfsg1-3 (bug #852109)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: https://github.com/ntop/ntopng/commit/1b2ceac8f578a246af6351c4f476e3102cdf21b3
	NOTE: https://github.com/ntop/ntopng/commit/f91fbe3d94c8346884271838ae3406ae633f6f15
CVE-2017-5472
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5472
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5472
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5472
CVE-2017-5471
	RESERVED
	- firefox 54.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5471
CVE-2017-5470
	RESERVED
	{DSA-3918-1 DSA-3881-1 DLA-1007-1 DLA-991-1}
	- firefox 54.0-1
	- firefox-esr 52.2.0esr-1
	- icedove 1:52.2.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-15/#CVE-2017-5470
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-16/#CVE-2017-5470
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-17/#CVE-2017-5470
CVE-2017-5469
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox-esr 45.9.0esr-1
	- firefox 52.0.1-1
CVE-2017-5468
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5467
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5466
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5465
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5464
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5463
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2017-5462
	RESERVED
	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
	[experimental] - nss 2:3.30-1
	- nss 2:3.26.2-1.1 (bug #862958)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5462
	NOTE: https://hg.mozilla.org/projects/nss/rev/7248d38b76e5
CVE-2017-5461 (Mozilla Network Security Services (NSS) before 3.21.4, 3.22.x through ...)
	{DSA-3872-1 DSA-3831-1 DLA-946-1 DLA-906-1}
	- firefox 52.0.1-1
	[experimental] - nss 2:3.30.1-1
	- nss 2:3.26.2-1.1 (bug #862958)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1344380
	NOTE: https://hg.mozilla.org/projects/nss/rev/77a5bb81dbaa
CVE-2017-5460
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5459
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5458
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5457
	RESERVED
CVE-2017-5456
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5455
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5454
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5453
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5452
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2017-5451
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5450
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5449
	RESERVED
	- firefox 52.0.1-1
CVE-2017-5448
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5447
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5446
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5445
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5444
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5443
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5442
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5441
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5440
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5439
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5438
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5437
	REJECTED
CVE-2017-5436
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5435
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5434
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5433
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5432
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox 52.0.1-1
	- firefox-esr 45.9.0esr-1
CVE-2017-5431
	RESERVED
CVE-2017-5430
	RESERVED
	- firefox 52.0.1-1
	- firefox-esr <not-affected> (Only affects ESR52 and Firefox)
CVE-2017-5429
	RESERVED
	{DSA-3831-1 DLA-906-1}
	- firefox-esr 45.9.0esr-1
	- firefox 52.0.1-1
CVE-2017-5428
	RESERVED
	- firefox-esr <not-affected> (Only affects 52 ESR, which isn't packaged yet except experimental where it's fixed)
	- firefox 52.0.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-08/#CVE-2017-5428
CVE-2017-5427
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5427
CVE-2017-5426
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5426
CVE-2017-5425
	RESERVED
	- firefox <not-affected> (Only Firefox on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5425
CVE-2017-5424
	RESERVED
CVE-2017-5423
	RESERVED
CVE-2017-5422
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5422
CVE-2017-5421
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5421
CVE-2017-5420
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5420
CVE-2017-5419
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419
CVE-2017-5418
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5418
CVE-2017-5417
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5417
CVE-2017-5416
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5416
CVE-2017-5415
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5415
CVE-2017-5414
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5414
CVE-2017-5413
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5413
CVE-2017-5412
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5412
CVE-2017-5411
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5411
CVE-2017-5410
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5410
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5410
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5410
CVE-2017-5409
	RESERVED
	- firefox <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5409
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5409
CVE-2017-5408
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5408
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5408
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5408
CVE-2017-5407
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5407
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5407
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5407
CVE-2017-5406
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5406
CVE-2017-5405
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5405
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5405
CVE-2017-5404
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5404
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5404
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5404
CVE-2017-5403
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5403
CVE-2017-5402
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5402
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5402
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5402
CVE-2017-5401
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5401
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5401
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5401
CVE-2017-5400
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5400
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5400
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5400
CVE-2017-5399
	RESERVED
	- firefox 52.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5399
CVE-2017-5398
	RESERVED
	{DSA-3832-1 DSA-3805-1 DLA-896-1 DLA-852-1}
	- firefox 52.0-1
	- firefox-esr 45.8.0esr-1
	- icedove 1:45.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5398
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-06/#CVE-2017-5398
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-07/#CVE-2017-5398
CVE-2017-5397
	RESERVED
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/#CVE-2017-5397
CVE-2017-5396
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5396
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5396
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5396
CVE-2017-5395
	RESERVED
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5395
CVE-2017-5394
	RESERVED
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5394
CVE-2017-5393
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5393
CVE-2017-5392
	RESERVED
	- firefox <not-affected> (Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5392
CVE-2017-5391
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5391
CVE-2017-5390
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5390
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5390
CVE-2017-5389
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5389
CVE-2017-5388
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5388
CVE-2017-5387
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5387
CVE-2017-5386
	RESERVED
	{DSA-3771-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5386
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5386
CVE-2017-5385
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5385
CVE-2017-5384
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5384
CVE-2017-5383
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5383
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5383
CVE-2017-5382
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5382
CVE-2017-5381
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5381
CVE-2017-5380
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5380
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5380
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5380
CVE-2017-5379
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5379
CVE-2017-5378
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5378
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5378
CVE-2017-5377
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5377
CVE-2017-5376
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5376
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5376
CVE-2017-5375
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5375
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5375
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5375
CVE-2017-5374
	RESERVED
	- firefox 51.0-1
	- firefox-esr <not-affected> (Does not affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5374
CVE-2017-5373
	RESERVED
	{DSA-3832-1 DSA-3771-1 DLA-896-1 DLA-800-1}
	- firefox 51.0-1
	- firefox-esr 45.7.0esr-1
	- icedove 1:45.7.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-01/#CVE-2017-5373
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-02/#CVE-2017-5373
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2017-03/#CVE-2017-5373
CVE-2017-5372 (The function msp (aka MSPRuntimeInterface) in the P4 SERVERCORE ...)
	NOT-FOR-US: SAP
CVE-2017-5371 (Odata Server in SAP Adaptive Server Enterprise (ASE) 16 allows remote ...)
	NOT-FOR-US: SAP
CVE-2017-5370
	RESERVED
CVE-2017-5369
	RESERVED
CVE-2017-5368 (ZoneMinder v1.30 and v1.29, an open-source CCTV server web application, ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854733)
	[wheezy] - zoneminder <no-dsa> (Too intrusive to backport)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1822
CVE-2017-5367 (Multiple reflected XSS vulnerabilities exist within form and link input ...)
	- zoneminder 1.30.4+dfsg-1 (bug #854733)
	[wheezy] - zoneminder <no-dsa> (Minor issue)
CVE-2017-5366
	RESERVED
CVE-2017-5365
	RESERVED
CVE-2017-5364 (Memory Corruption Vulnerability in Foxit PDF Toolkit v1.3 allows an ...)
	NOT-FOR-US: Foxit PDF Toolkit
CVE-2017-5363
	RESERVED
CVE-2017-5362
	RESERVED
CVE-2017-5361 (Request Tracker (RT) 4.x before 4.0.25, 4.2.x before 4.2.14, and 4.4.x ...)
	{DSA-3883-1 DSA-3882-1 DLA-988-1 DLA-987-1}
	- request-tracker4 4.4.1-4
	- rt-authen-externalauth <removed>
	NOTE: https://github.com/bestpractical/rt-authen-externalauth/commit/436255c04b4881bb6d8eec9a57b8593033d863a9
CVE-2017-5360
	RESERVED
CVE-2017-5359 (EasyCom SQL iPlug allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: EasyCom
CVE-2017-5358 (Stack-based buffer overflows in php_Easycom5_3_0.dll in EasyCom for ...)
	NOT-FOR-US: EasyCom
CVE-2016-10147 (crypto/mcryptd.c in the Linux kernel before 4.8.15 allows local users ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/48a992727d82cb7db076fa15d372178743b1f4cd (v4.9)
CVE-2016-10143 (A vulnerability in Tiki Wiki CMS 15.2 could allow a remote attacker to ...)
	- tikiwiki <removed>
CVE-2016-10142 (An issue was discovered in the IPv6 protocol specification, related to ...)
	NOTE: Generic IPv6 issue
CVE-2016-10139 (An issue was discovered on BLU R1 HD devices with Shanghai Adups ...)
	NOT-FOR-US: BLU
CVE-2016-10138 (An issue was discovered on BLU Advance 5.0 and BLU R1 HD devices with ...)
	NOT-FOR-US: BLU
CVE-2016-10137 (An issue was discovered on BLU R1 HD devices with Shanghai Adups ...)
	NOT-FOR-US: BLU
CVE-2016-10136 (An issue was discovered on BLU R1 HD devices with Shanghai Adups ...)
	NOT-FOR-US: BLU
CVE-2016-10135 (An issue was discovered on LG devices using the MTK chipset with ...)
	NOT-FOR-US: LG
CVE-2017-5505 (The jas_matrix_asl function in jas_seq.c in JasPer 1.900.27 allows ...)
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jas_matrix_asl-jas_seq-c
	NOTE: https://github.com/mdadams/jasper/issues/88
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5504 (The jpc_undo_roi function in libjasper/jpc/jpc_dec.c in JasPer ...)
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-read-in-jpc_undo_roi-jpc_dec-c
	NOTE: https://github.com/mdadams/jasper/issues/89
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5503 (The dec_clnpass function in libjasper/jpc/jpc_t1dec.c in JasPer ...)
	- jasper <not-affected> (Vulnerable code introduced later)
	NOTE: https://blogs.gentoo.org/ago/2017/01/16/jasper-invalid-memory-write-in-dec_clnpass-jpc_t1dec-c
	NOTE: https://github.com/mdadams/jasper/issues/90
CVE-2017-5502 (libjasper/jp2/jp2_dec.c in JasPer 1.900.17 allows remote attackers to ...)
	- jasper <removed> (unimportant)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00030-jasper-leftshift-jp2_dec_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/76
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2017-5501 (Integer overflow in libjasper/jpc/jpc_tsfb.c in JasPer 1.900.17 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00022-jasper-signedintoverflow-jpc_tsfb_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/70
	NOTE: Only crashes with debug builds using ubsan
CVE-2017-5500 (libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows remote attackers to ...)
	- jasper <removed> (unimportant)
	NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00019-jasper-leftshift-jpc_dec_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/64
CVE-2017-5499 (Integer overflow in libjasper/jpc/jpc_dec.c in JasPer 1.900.17 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00018-jasper-signedintoverflow-jpc_dec_c
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/63
	NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service
CVE-2017-5498 (libjasper/include/jasper/jas_math.h in JasPer 1.900.17 allows remote ...)
	- jasper <removed> (unimportant)
	NOTE: Triggers an assert. Not suitable for code injection, hardly denial of service
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00017-jasper-leftshift-jas_math_h
	NOTE: http://blogs.gentoo.org/ago/2017/01/16/jasper-multiple-crashes-with-ubsan/
	NOTE: https://github.com/mdadams/jasper/issues/62
CVE-2017-5506 (Double free vulnerability in magick/profile.c in ImageMagick allows ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851383)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/354
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6235f1f7a9f7b0f83b197f6cd0073dbb6602d0fb
CVE-2017-5507 (Memory leak in coders/mpc.c in ImageMagick before 6.9.7-4 and 7.x ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851382)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4493d9ca1124564da17f9b628ef9d0f1a6be9738
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5508 (Heap-based buffer overflow in the PushQuantumPixel function in ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851381)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31161
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/379e21cd32483df6e128147af3bc4ce1f82eb9c4
CVE-2016-10146 (Multiple memory leaks in the caption and label handling code in ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.0+dfsg-2 (bug #851380)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aeff00de228bc5a158c2a975ab47845d8a1db456
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10140 (Information disclosure and authentication bypass vulnerability exists ...)
	{DLA-806-1}
	- zoneminder 1.30.4+dfsg-1 (bug #851710)
	NOTE: https://github.com/ZoneMinder/ZoneMinder/pull/1697
	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/6361f143878ce00659f64ce42593951d773e4e63
	NOTE: https://github.com/ZoneMinder/ZoneMinder/commit/aa0a4d1f5ad2c493f2bed175991e92c466ac3dc4
CVE-2017-5509 (coders/psd.c in ImageMagick allows remote attackers to have ...)
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851377)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/350
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5510 (coders/psd.c in ImageMagick allows remote attackers to have ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851376)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/348
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e87af64b1ff1635a32d9b6162f1b0e260fb54ed9
CVE-2017-5511 (coders/psd.c in ImageMagick allows remote attackers to have ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851374)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/347
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7d65a814ac76bd04760072c33e452371692ee790
CVE-2016-10144 (coders/ipl.c in ImageMagick allows remote attackers to have unspecific ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851485)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/97566cf2806c0a5a86e884c96831a0c3b1ec6c20
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2016-10145 (Off-by-one error in coders/wpg.c in ImageMagick allows remote ...)
	{DSA-3799-1 DLA-807-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #851483)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/d23beebe7b1179fb75db1e85fbca3100e49593d9
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/16/6
CVE-2017-5487 (wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php in ...)
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	[jessie] - wordpress <not-affected> (vulnerable code not present)
	[wheezy] - wordpress <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8715
	NOTE: https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
CVE-2017-5488 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8716
	NOTE: https://github.com/WordPress/WordPress/blob/c9ea1de1441bb3bda133bf72d513ca9de66566c2/wp-admin/update-core.php
CVE-2017-5489 (Cross-site request forgery (CSRF) vulnerability in WordPress before ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8717
CVE-2017-5490 (Cross-site scripting (XSS) vulnerability in the theme-name fallback ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8718
	NOTE: https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
CVE-2017-5491 (wp-mail.php in WordPress before 4.7.1 might allow remote attackers to ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8719
	NOTE: https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
CVE-2017-5492 (Cross-site request forgery (CSRF) vulnerability in the widget-editing ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8720
	NOTE: https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
CVE-2017-5493 (wp-includes/ms-functions.php in the Multisite WordPress API in ...)
	{DSA-3779-1 DLA-813-1}
	- wordpress 4.7.1+dfsg-1 (bug #851310)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/14/1
	NOTE: https://wpvulndb.com/vulnerabilities/8721
	NOTE: https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
CVE-2017-5356 (Irssi before 0.8.21 allows remote attackers to cause a denial of ...)
	{DLA-1217-1}
	- irssi 0.8.21-1 (low)
	[jessie] - irssi 0.8.17-1+deb8u3
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://blog.fuzzing-project.org/55-Fuzzing-Irssi-with-Perl-Scripts.html
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5355
	RESERVED
CVE-2017-5354
	RESERVED
CVE-2017-5353
	RESERVED
CVE-2017-5352
	RESERVED
CVE-2017-5351 (Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software ...)
	NOT-FOR-US: Samsung
CVE-2017-5350 (Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow ...)
	NOT-FOR-US: Samsung
CVE-2017-5349
	RESERVED
CVE-2017-5348
	RESERVED
CVE-2017-5347 (SQL injection vulnerability in inc/mod/newsletter/options.php in ...)
	NOT-FOR-US: GeniXMS
CVE-2017-5346 (SQL injection vulnerability in ...)
	NOT-FOR-US: GeniXMS
CVE-2017-5345 (SQL injection vulnerability in ...)
	NOT-FOR-US: GeniXMS
CVE-2017-5344 (An issue was discovered in dotCMS through 3.6.1. The ...)
	NOT-FOR-US: dotCMS
CVE-2017-5343
	RESERVED
CVE-2017-5342 (In tcpdump before 4.9.0, a bug in multiple protocol parsers (Geneve, ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5341 (The OTV parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-10141 (An integer overflow vulnerability was observed in the regemit function ...)
	NOT-FOR-US: MuJS
CVE-2016-10133 (Heap-based buffer overflow in the js_stackoverflow function in jsrun.c ...)
	NOT-FOR-US: MuJS
CVE-2016-10132 (regexp.c in Artifex Software, Inc. MuJS allows attackers to cause a ...)
	NOT-FOR-US: MuJS
CVE-2016-10131 (system/libraries/Email.php in CodeIgniter before 3.1.3 allows remote ...)
	NOT-FOR-US: CodeIgniter
CVE-2017-5357 (regex.c in GNU ed before 1.14.1 allows attackers to cause a denial of ...)
	- ed <not-affected> (Vulnerable code not present, cf #851159)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/5
	NOTE: The issue is only present from 1.14 onwards, and prior to 1.14.1 since upstream
	NOTE: changed a malloc'ed buffer for a static one.
	NOTE: https://lists.gnu.org/archive/html/bug-ed/2017-01/msg00001.html
CVE-2017-5329 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows local ...)
	NOT-FOR-US: Palo Alto Networks Terminal Services Agent
CVE-2017-5328 (Palo Alto Networks Terminal Services Agent before 7.0.7 allows ...)
	NOT-FOR-US: Palo Alto Networks Terminal Services Agent
CVE-2017-5327
	RESERVED
CVE-2017-5326
	RESERVED
CVE-2017-5325
	RESERVED
CVE-2017-5324
	RESERVED
CVE-2017-5323
	RESERVED
CVE-2017-5322
	RESERVED
CVE-2017-5321
	RESERVED
CVE-2017-5320
	RESERVED
CVE-2017-5319
	RESERVED
CVE-2017-5318
	RESERVED
CVE-2017-5317
	RESERVED
CVE-2017-5316
	RESERVED
CVE-2017-5315
	RESERVED
CVE-2017-5314
	RESERVED
CVE-2017-5313
	RESERVED
CVE-2017-5312
	RESERVED
CVE-2017-5311
	RESERVED
CVE-2017-5310
	RESERVED
CVE-2017-5309
	RESERVED
CVE-2017-5308
	RESERVED
CVE-2017-5307
	RESERVED
CVE-2017-5306
	RESERVED
CVE-2017-5305
	RESERVED
CVE-2017-5304
	RESERVED
CVE-2017-5303
	RESERVED
CVE-2017-5302
	RESERVED
CVE-2017-5301
	RESERVED
CVE-2017-5300
	RESERVED
CVE-2017-5299
	RESERVED
CVE-2017-5298
	RESERVED
CVE-2017-5297
	RESERVED
CVE-2017-5296
	RESERVED
CVE-2017-5295
	RESERVED
CVE-2017-5294
	RESERVED
CVE-2017-5293
	RESERVED
CVE-2017-5292
	RESERVED
CVE-2017-5291
	RESERVED
CVE-2017-5290
	RESERVED
CVE-2017-5289
	RESERVED
CVE-2017-5288
	RESERVED
CVE-2017-5287
	RESERVED
CVE-2017-5286
	RESERVED
CVE-2017-5285
	RESERVED
CVE-2017-5284
	RESERVED
CVE-2017-5283
	RESERVED
CVE-2017-5282
	RESERVED
CVE-2017-5281
	RESERVED
CVE-2017-5280
	RESERVED
CVE-2017-5279
	RESERVED
CVE-2017-5278
	RESERVED
CVE-2017-5277
	RESERVED
CVE-2017-5276
	RESERVED
CVE-2017-5275
	RESERVED
CVE-2017-5274
	RESERVED
CVE-2017-5273
	RESERVED
CVE-2017-5272
	RESERVED
CVE-2017-5271
	RESERVED
CVE-2017-5270
	RESERVED
CVE-2017-5269
	RESERVED
CVE-2017-5268
	RESERVED
CVE-2017-5267
	RESERVED
CVE-2017-5266
	RESERVED
CVE-2017-5265
	RESERVED
CVE-2017-5264 (Versions of Nexpose prior to 6.4.66 fail to adequately validate the ...)
	NOT-FOR-US: Nexpose
CVE-2017-5263 (Versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware lack ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5262 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5261 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5260 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5259 (In versions 4.3.2-R4 and prior of Cambium Networks cnPilot firmware, ...)
	NOT-FOR-US: Cambium Networks cnPilot firmware
CVE-2017-5258 (In version 3.5 and prior of Cambium Networks ePMP firmware, an ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5257 (In version 3.5 and prior of Cambium Networks ePMP firmware, an ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5256 (In version 3.5 and prior of Cambium Networks ePMP firmware, all ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5255 (In version 3.5 and prior of Cambium Networks ePMP firmware, a lack of ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5254 (In version 3.5 and prior of Cambium Networks ePMP firmware, the ...)
	NOT-FOR-US: Cambium Networks ePMP firmware
CVE-2017-5253
	RESERVED
CVE-2017-5252
	RESERVED
CVE-2017-5251 (In version 1012 and prior of Insteon's Insteon Hub, the radio ...)
	NOT-FOR-US: Insteon
CVE-2017-5250 (In version 1.9.7 and prior of Insteon's Insteon for Hub Android app, ...)
	NOT-FOR-US: Insteon
CVE-2017-5249 (In version 6.1.0.19 and prior of Wink Labs's Wink - Smart Home Android ...)
	NOT-FOR-US: Wink
CVE-2017-5248
	RESERVED
CVE-2017-5247 (Biscom Secure File Transfer is vulnerable to cross-site scripting in ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5246 (Biscom Secure File Transfer is vulnerable to AngularJS expression ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5245
	REJECTED
CVE-2017-5244 (Routes used to stop running Metasploit tasks (either particular ones ...)
	NOT-FOR-US: Metasploit
CVE-2017-5243 (The default SSH configuration in Rapid7 Nexpose hardware appliances ...)
	NOT-FOR-US: Rapid7 Nexpose hardware appliances
CVE-2017-5242
	RESERVED
CVE-2017-5241 (Biscom Secure File Transfer version 5.1.1015 (and possibly prior) is ...)
	NOT-FOR-US: Biscom Secure File Transfer
CVE-2017-5240 (Editions of Rapid7 AppSpider Pro prior to version 6.14.060 contain a ...)
	NOT-FOR-US: Rapid7 AppSpider Pro
CVE-2017-5239 (Due to a lack of standard encryption when transmitting sensitive ...)
	NOT-FOR-US: Eview GPS trackers
CVE-2017-5238 (Due to a lack of bounds checking, several input configuration fields ...)
	NOT-FOR-US: Eview GPS trackers
CVE-2017-5237 (Due to a lack of authentication, an unauthenticated user who knows the ...)
	NOT-FOR-US: Eview GPS trackers
CVE-2017-5236 (Editions of Rapid7 AppSpider Pro installers prior to version 6.14.060 ...)
	NOT-FOR-US: Rapid7 AppSpider Pro
CVE-2017-5235 (Rapid7 Metasploit Pro installers prior to version 4.13.0-2017022101 ...)
	NOT-FOR-US: Rapid7
CVE-2017-5234 (Rapid7 Insight Collector installers prior to version 1.0.16 contain a ...)
	NOT-FOR-US: Rapid7
CVE-2017-5233 (Rapid7 AppSpider Pro installers prior to version 6.14.053 contain a ...)
	NOT-FOR-US: Rapid7
CVE-2017-5232 (All editions of Rapid7 Nexpose installers prior to version 6.4.24 ...)
	NOT-FOR-US: Rapid7
CVE-2017-5231 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...)
	NOT-FOR-US: Rapid7
CVE-2017-5230 (The Java keystore in all versions and editions of Rapid7 Nexpose prior ...)
	NOT-FOR-US: Rapid7
CVE-2017-5229 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...)
	NOT-FOR-US: Rapid7
CVE-2017-5228 (All editions of Rapid7 Metasploit prior to version 4.13.0-2017020701 ...)
	NOT-FOR-US: Rapid7
CVE-2017-5227 (QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain ...)
	NOT-FOR-US: QNAP
CVE-2017-5225 (LibTIFF version 4.0.7 is vulnerable to a heap buffer overflow in the ...)
	{DSA-3844-1 DLA-795-1}
	- tiff 4.0.7-5 (bug #851297)
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/5c080298d59efa53264d7248bbe3a04660db6ef7
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2656
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2657
CVE-2017-5224
	RESERVED
CVE-2017-5223 (An issue was discovered in PHPMailer before 5.2.22. PHPMailer's msgHTML ...)
	{DLA-817-1}
	- libphp-phpmailer 5.2.14+dfsg-2.3 (bug #853232)
	[jessie] - libphp-phpmailer <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/ad4cb09682682da2217799a0c521d4cdc6753402 (v5.2.22)
	NOTE: http://kalilinux.co/2017/01/12/phpmailer-cve-2017-5223-local-information-disclosure-vulnerability-analysis/
CVE-2017-5222
	RESERVED
CVE-2017-5221
	RESERVED
CVE-2017-5220
	RESERVED
CVE-2017-5219 (An issue was discovered in SageCRM 7.x before 7.3 SP3. The Component ...)
	NOT-FOR-US: SageCRM
CVE-2017-5218 (A SQL Injection issue was discovered in SageCRM 7.x before 7.3 SP3. The ...)
	NOT-FOR-US: SageCRM
CVE-2017-5217 (Installing a zero-permission Android application on certain Samsung ...)
	NOT-FOR-US: Samsung
CVE-2017-5216 (Stack-based buffer overflow vulnerability in Netop Remote Control ...)
	NOT-FOR-US: Netop Remote Control
CVE-2017-5215 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
	NOT-FOR-US: Joomla extension
CVE-2017-5214 (The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 ...)
	NOT-FOR-US: Joomla extension
CVE-2017-5213
	RESERVED
CVE-2017-5212
	RESERVED
CVE-2017-5211
	RESERVED
CVE-2017-5210
	RESERVED
CVE-2017-5209 (The base64decode function in base64.c in libimobiledevice libplist ...)
	{DLA-811-1}
	- libplist 1.12+git+1+e37ca00-0.1 (low; bug #851196)
	[jessie] - libplist <no-dsa> (Minor issue)
	NOTE: Upstream bug: https://github.com/libimobiledevice/libplist/issues/84
	NOTE: https://github.com/libimobiledevice/libplist/commit/3a55ddd3c4c11ce75a86afbefd085d8d397ff957
CVE-2017-5205 (The ISAKMP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5204 (The IPv6 parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5203 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5202 (The ISO CLNS parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2017-5201 (NetApp Clustered Data ONTAP before 8.3.2P8 and 9.0 before P2 allow ...)
	NOT-FOR-US: NetApp
CVE-2017-5200 (Salt-api in SaltStack Salt before 2015.8.13, 2016.3.x before 2016.3.5, ...)
	- salt 2016.11.2+ds-1
	[jessie] - salt <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/saltstack/salt/compare/c0e5a1171d7ce2ba8747a971c024632e0d96d848~1...97b0f64923bc5382531b931625267a3c30d2f17e
CVE-2017-5339
	REJECTED
CVE-2017-5338
	REJECTED
CVE-2016-10130 (The http_connect function in transports/http.c in libgit2 before ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <not-affected> (Vulnerable code not present)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/9a64e62f0f20c9cf9b2e1609f037060eb2d8eb22 (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/b5c6a1b407b7f8b952bded2789593b68b1876211 (v0.24.6)
CVE-2016-10129 (The Git Smart Protocol support in libgit2 before 0.24.6 and 0.25.x ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/2fdef641fd0dd2828bd948234ae86de75221a11a (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/84d30d569ada986f3eef527cbdb932643c2dd037 (v0.24.6)
CVE-2016-10128 (Buffer overflow in the git_pkt_parse_line function in ...)
	- libgit2 0.25.1+really0.24.6-1 (bug #851406)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860990)
	NOTE: https://github.com/libgit2/libgit2/commit/66e3774d279672ee51c3b54545a79d20d1ada834 (v0.25.1)
	NOTE: https://github.com/libgit2/libgit2/commit/4ac39c76c0153d1ee6889a0984c39e97731684b2 (v0.24.6)
CVE-2016-10126 (Splunk Web in Splunk Enterprise 5.0.x before 5.0.17, 6.0.x before ...)
	NOT-FOR-US: Splunk
CVE-2016-10125 (D-Link DGS-1100 devices with Rev.B firmware 1.01.018 have a hardcoded ...)
	NOT-FOR-US: D-Link
CVE-2016-10127 (PySAML2 allows remote attackers to conduct XML external entity (XXE) ...)
	- python-pysaml2 <unfixed> (low; bug #859135)
	[stretch] - python-pysaml2 <no-dsa> (Minor issue)
	[jessie] - python-pysaml2 <no-dsa> (Minor issue)
	NOTE: https://github.com/rohe/pysaml2/issues/366
	NOTE: A proper fix for this issue would be to fix the underlying issue in src:libxml2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1411794#c12
CVE-2016-10149 (XML External Entity (XXE) vulnerability in PySAML2 4.4.0 and earlier ...)
	{DSA-3759-1}
	- python-pysaml2 3.0.0-5 (bug #850716)
	NOTE: NOTE: https://github.com/rohe/pysaml2/pull/379
	NOTE: https://github.com/rohe/pysaml2/commit/6e09a25d9b4b7aa7a506853210a9a14100b8bc9b
CVE-2017-XXXX [multiple new security issues]
	- w3m 0.5.3-34 (bug #850432)
	[jessie] - w3m 0.5.3-19+deb8u2
	[wheezy] - w3m <no-dsa> (Minor issues)
CVE-2016-10134 (SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before ...)
	{DSA-3802-1}
	- zabbix 1:3.0.4+dfsg-1 (bug #850936)
	NOTE: https://support.zabbix.com/browse/ZBX-11023
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/12/4
CVE-2017-5337 (Multiple heap-based buffer overflows in the read_attribute function in ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
	NOTE: https://gitlab.com/gnutls/gnutls/commit/94fcf1645ea17223237aaf8d19132e004afddc1a
CVE-2017-5336 (Stack-based buffer overflow in the cdk_pk_get_keyid function in ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
	NOTE: https://gitlab.com/gnutls/gnutls/commit/5140422e0d7319a8e2fe07f02cbcafc4d6538732
CVE-2017-5335 (The stream reading functions in lib/opencdk/read-packet.c in GnuTLS ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	- gnutls26 <removed>
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: OpenPGP-related issue
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-2
	NOTE: https://gitlab.com/gnutls/gnutls/commit/49be4f7b82eba2363bb8d4090950dad976a77a3a
CVE-2017-5334 (Double free vulnerability in the gnutls_x509_ext_import_proxy function ...)
	- gnutls28 3.5.8-1
	[jessie] - gnutls28 3.3.8-6+deb8u5
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2017-1
	NOTE: https://gitlab.com/gnutls/gnutls/commit/c5aaa488a3d6df712dc8dff23a049133cab5ec1b
CVE-2017-5330 (ark before 16.12.1 might allow remote attackers to execute arbitrary ...)
	- ark 4:16.08.3-2 (bug #850874)
	[jessie] - ark <not-affected> (Vulnerable code introduced later)
	[wheezy] - ark <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065
	NOTE: "Open File" action introduced in  https://cgit.kde.org/ark.git/commit/?id=f1cf10f25af245823f81b8ff457a04c7593dede7 (v15.11.80)
CVE-2017-5226 (When executing a program via the bubblewrap sandbox, the nonpriv ...)
	- bubblewrap 0.1.5-2 (bug #850702)
	NOTE: https://github.com/projectatomic/bubblewrap/issues/142
CVE-2017-5207 (Firejail before 0.9.44.4, when running a bandwidth command, allows ...)
	- firejail 0.9.44.4-1 (bug #850528)
	NOTE: https://github.com/netblue30/firejail/issues/1023
	NOTE: Fixed by: https://github.com/netblue30/firejail/commit/5d43fdcd215203868d440ffc42036f5f5ffc89fc
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/07/3
CVE-2017-5206 (Firejail before 0.9.44.4, when running on a Linux kernel before 4.8, ...)
	- firejail 0.9.44.4-1 (bug #850558)
	NOTE: Fixed by: https://github.com/netblue30/firejail/commit/6b8dba29d73257311564ee7f27b9b14758cc693e
CVE-2017-5199 (The editbanner feature in SolarWinds LEM (aka SIEM) through 6.3.1 ...)
	NOT-FOR-US: SolarWinds LEM
CVE-2017-5198 (SolarWinds LEM (aka SIEM) before 6.3.1 has an incorrect sudo ...)
	NOT-FOR-US: SolarWinds LEM
CVE-2017-5197 (There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. ...)
	NOT-FOR-US: SilverStripe
CVE-2017-5192 (When using the local_batch client from salt-api in SaltStack Salt ...)
	- salt 2016.11.2+ds-1
	[jessie] - salt <not-affected> (Vulnerable code not present)
CVE-2017-5191 (An XSS vulnerability on the /NAGErrors URI in NetIQ Access Manager 4.2 ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-5190 (NetIQ Access Manager 4.2 before SP3 HF1 and 4.3 before SP1 HF1, when ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-5189 (NetIQ iManager before 3.0.3 delivered a SSL private key in a Java ...)
	NOT-FOR-US: NetIQ iManager
CVE-2017-5188 (The bs_worker code in open build service before 20170320 followed ...)
	- open-build-service <unfixed> (low)
	[stretch] - open-build-service <no-dsa> (Minor issue)
CVE-2017-5187 (A Cross-Site Request Forgery (CWE-352) vulnerability in Directory ...)
	NOT-FOR-US: Micro Focus
CVE-2017-5186 (Novell iManager 2.7 before SP7 Patch 9, NetIQ iManager 3.x before ...)
	NOT-FOR-US: Novell iManager
CVE-2017-5185 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2017-5184 (A vulnerability was discovered in NetIQ Sentinel Server 8.0 before ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2017-5183 (NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2017-5182 (Remote Manager in Open Enterprise Server (OES) allows unauthenticated ...)
	NOT-FOR-US: Open Enterprise Server
CVE-2017-5181
	REJECTED
CVE-2017-5196 (Irssi 0.8.18 before 0.8.21 allows remote attackers to cause a denial ...)
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi <not-affected> (Affects only 0.8.18 and later)
	[wheezy] - irssi <not-affected> (Affects only 0.8.18 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5195 (Irssi 0.8.17 before 0.8.21 allows remote attackers to cause a denial ...)
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi 0.8.17-1+deb8u3
	[wheezy] - irssi <not-affected> (Affects only 0.8.17 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5194 (Use-after-free vulnerability in Irssi before 0.8.21 allows remote ...)
	{DLA-1217-1}
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi 0.8.17-1+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5193 (The nickcmp function in Irssi before 0.8.21 allows remote attackers to ...)
	{DLA-1217-1}
	- irssi 0.8.21-1 (bug #850403)
	[jessie] - irssi 0.8.17-1+deb8u3
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/2
	NOTE: https://github.com/irssi/irssi/commit/6c6c42e3d1b49d90aacc0b67f8540471cae02a1d
	NOTE: https://irssi.org/security/irssi_sa_2017_01.txt
CVE-2017-5179 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
	NOT-FOR-US: Nessus
CVE-2017-5178 (An issue was discovered in Schneider Electric Tableau Server/Desktop ...)
	NOT-FOR-US: Schneider
CVE-2017-5177 (A Stack Buffer Overflow issue was discovered in VIPA Controls WinPLC7 ...)
	NOT-FOR-US: VIPA Controls WinPLC7
CVE-2017-5176 (A DLL Hijack issue was discovered in Rockwell Automation Connected ...)
	NOT-FOR-US: Rockwell Automation Connected Components Workbench
CVE-2017-5175 (Advantech WebAccess 8.1 and earlier contains a DLL hijacking ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-5174 (An Authentication Bypass issue was discovered in Geutebruck IP Camera ...)
	NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250
CVE-2017-5173 (An Improper Neutralization of Special Elements (in an OS command) issue ...)
	NOT-FOR-US: Geutebruck IP Camera G-Cam/EFD-2250
CVE-2017-5172
	RESERVED
CVE-2017-5171
	RESERVED
CVE-2017-5170 (An Uncontrolled Search Path Element issue was discovered in Moxa ...)
	NOT-FOR-US: Moxa
CVE-2017-5169 (An issue was discovered in Hanwha Techwin Smart Security Manager ...)
	NOT-FOR-US: Hanwha Techwin
CVE-2017-5168 (An issue was discovered in Hanwha Techwin Smart Security Manager ...)
	NOT-FOR-US: Hanwha Techwin
CVE-2017-5167 (An issue was discovered in BINOM3 Universal Multifunctional Electric ...)
	NOT-FOR-US: BINOM3
CVE-2017-5166 (An issue was discovered in BINOM3 Universal Multifunctional Electric ...)
	NOT-FOR-US: BINOM3
CVE-2017-5165 (An issue was discovered in BINOM3 Universal Multifunctional Electric ...)
	NOT-FOR-US: BINOM3
CVE-2017-5164 (An issue was discovered in BINOM3 Universal Multifunctional Electric ...)
	NOT-FOR-US: BINOM3
CVE-2017-5163 (An issue was discovered in Belden Hirschmann GECKO Lite Managed switch, ...)
	NOT-FOR-US: Belden Hirschmann
CVE-2017-5162 (An issue was discovered in BINOM3 Universal Multifunctional Electric ...)
	NOT-FOR-US: BINOM3
CVE-2017-5161 (An issue was discovered in Sielco Sistemi Winlog Lite SCADA Software, ...)
	NOT-FOR-US: Sielco Sistemi
CVE-2017-5160 (An Inadequate Encryption Strength issue was discovered in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-5159 (An issue was discovered on Phoenix Contact mGuard devices that have ...)
	NOT-FOR-US: Phoenix Contact mGuard
CVE-2017-5158 (An Information Exposure issue was discovered in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-5157 (An issue was discovered in Schneider Electric homeLYnk Controller, ...)
	NOT-FOR-US: Schneider
CVE-2017-5156 (A Cross-Site Request Forgery issue was discovered in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2017-5155 (An issue was discovered in Schneider Electric Wonderware Historian 2014 ...)
	NOT-FOR-US: Schneider
CVE-2017-5154 (An issue was discovered in Advantech WebAccess Version 8.1. To be able ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-5153 (An issue was discovered in OSIsoft PI Coresight 2016 R2 and earlier ...)
	NOT-FOR-US: OSIsoft PI Coresight
CVE-2017-5152 (An issue was discovered in Advantech WebAccess Version 8.1. By ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2017-5151 (An issue was discovered in VideoInsight Web Client Version 6.3.5.11 and ...)
	NOT-FOR-US: VideoInsight Web Client
CVE-2017-5150
	RESERVED
CVE-2017-5149 (An issue was discovered in St. Jude Medical Merlin@home, versions prior ...)
	NOT-FOR-US: St. Jude Medical Merlin@home
CVE-2017-5148
	RESERVED
CVE-2017-5147 (An Uncontrolled Search Path Element issue was discovered in AzeoTech ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2017-5146 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware ...)
	NOT-FOR-US: Carlo Gavazzi
CVE-2017-5145 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware ...)
	NOT-FOR-US: Carlo Gavazzi
CVE-2017-5144 (An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware ...)
	NOT-FOR-US: Carlo Gavazzi
CVE-2017-5143 (An issue was discovered in Honeywell XL Web II controller XL1000C500 ...)
	NOT-FOR-US: Honeywell
CVE-2017-5142 (An issue was discovered in Honeywell XL Web II controller XL1000C500 ...)
	NOT-FOR-US: Honeywell
CVE-2017-5141 (An issue was discovered in Honeywell XL Web II controller XL1000C500 ...)
	NOT-FOR-US: Honeywell
CVE-2017-5140 (An issue was discovered in Honeywell XL Web II controller XL1000C500 ...)
	NOT-FOR-US: Honeywell
CVE-2017-5139 (An issue was discovered in Honeywell XL Web II controller XL1000C500 ...)
	NOT-FOR-US: Honeywell
CVE-2017-5138
	RESERVED
CVE-2017-5137 (An issue was discovered on SendQuick Entera and Avera devices before ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2017-5136 (An issue was discovered on SendQuick Entera and Avera devices before ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10124 (An issue was discovered in Linux Containers (LXC) before 2016-02-22. ...)
	- lxc 1:2.0.0-1
	[jessie] - lxc <no-dsa> (Minor issue)
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: https://github.com/lxc/lxc/commit/e986ea3dfa4a2957f71ae9bfaed406dd6e1ffff6
	NOTE: https://github.com/lxc/lxc/commit/5eacdc3dbd0e45abf3cc90cf0216a7f8ee560abf (lxc-2.0.0.rc2)
CVE-2016-10123 (Firejail allows --chroot when seccomp is not supported, which might ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/a23ac1bf390fa4c3db4ea31e6ee6100a9c511d59 (0.9.38-rc1)
CVE-2016-10122 (Firejail does not properly clean environment variables, which allows ...)
	- firejail 0.9.44.2-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/3b81e1f2c331644ced87d26a943b22eed6242b8f
	NOTE: https://github.com/netblue30/firejail/commit/72bc0e145c67da24e555d868086953148c52b5fc
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/e847207df28e181a8f590ade825b5f06d4fadf17 (0.9.44.2)
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/18f6e9dc9b304f7aca291c3edce5122562b1e36c (0.9.44.2)
CVE-2016-10121 (Firejail uses weak permissions for /dev/shm/firejail and possibly ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/1cab02f5ae3c90c01fae4d1c16381820b757a3a6 (0.9.38)
CVE-2016-10120 (Firejail uses 0777 permissions when mounting (1) /dev, (2) /dev/shm, ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/cd0ecfc7a7b30abde20db6dea505cd8c58e7c046 (0.9.38-rc1)
CVE-2016-10119 (Firejail uses 0777 permissions when mounting /tmp, which allows local ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/aa28ac9e09557b833f194f594e2940919d940d1f (0.9.38)
CVE-2016-10118 (Firejail allows local users to truncate /etc/resolv.conf via a chroot ...)
	- firejail 0.9.44.2-1 (low)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/6144229605177764b7f3f3450c1a47f56595dc9e
	NOTE: In 0.9.44-bugfixes: https://github.com/netblue30/firejail/commit/8b5b444c766b8d0592346decc6ed4a6d345e4f67 (0.9.44.2)
CVE-2016-10117 (Firejail does not restrict access to --tmpfs, which allows local users ...)
	- firejail 0.9.38-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/05/4
	NOTE: https://github.com/netblue30/firejail/commit/678cd1495457318dad39178bb646ba1b96332ddb (0.9.38-rc1)
CVE-2016-10116 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10115 (NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q ...)
	NOT-FOR-US: NETGEAR
CVE-2016-10114 (SQL injection vulnerability in the &quot;aWeb Cart Watching System for ...)
	NOT-FOR-US: Joomla extension
CVE-2016-10113
	RESERVED
CVE-2016-10112 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
	NOT-FOR-US: WordPress plugin woocommerce
CVE-2016-10111
	RESERVED
CVE-2016-10110
	RESERVED
CVE-2017-5180 (Firejail before 0.9.44.4 and 0.9.38.x LTS before 0.9.38.8 LTS does not ...)
	- firejail 0.9.44.2-3 (bug #850160)
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/04/1
	NOTE: https://github.com/netblue30/firejail/issues/1020
CVE-2017-5135 (Certain Technicolor devices have an SNMP access-control bypass, ...)
	NOT-FOR-US: Technicolor
CVE-2017-5134
	RESERVED
CVE-2017-5133 (Off-by-one read/write on the heap in Blink in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5132 (Inappropriate implementation in V8 in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5131 (An integer overflow in Skia in Google Chrome prior to 62.0.3202.62 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5130 (An integer overflow in xmlmemory.c in libxml2 before 2.9.5, as used in ...)
	{DLA-1188-1}
	- libxml2 2.9.4+dfsg1-5.1 (bug #880000)
	[stretch] - libxml2 <no-dsa> (Minor issue)
	[jessie] - libxml2 <no-dsa> (Minor issue)
	- chromium-browser 62.0.3202.75-1 (unimportant)
	NOTE: chromium-browser uses system libxml2.
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=722079 (not public)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=783026 (not public)
	NOTE: xmlMemoryStrdup is only for debugging with excpetion in xmlint when invoked
	NOTE: with --maxmem. Similar issue for xmlMallocLoc and xmlReallocLoc.
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=897dffbae322b46b83f99a607d527058a72c51ed
	NOTE: Needs follow up: https://git.gnome.org/browse/libxml2/commit/?id=ed48d65b4d6c5cec7be035ad5eebeba873b4b955
CVE-2017-5129 (A use after free in WebAudio in Blink in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5128 (Heap buffer overflow in Blink in Google Chrome prior to 62.0.3202.62 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5127 (Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5126 (A use after free in PDFium in Google Chrome prior to 62.0.3202.62 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5125 (Heap buffer overflow in Skia in Google Chrome prior to 62.0.3202.62 ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5124 (Incorrect application of sandboxing in Blink in Google Chrome prior to ...)
	{DSA-4020-1}
	- chromium-browser 62.0.3202.75-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5123 [waitid() not calling access_ok()]
	RESERVED
	- linux 4.13.4-2
	[stretch] - linux <not-affected> (Vulnerable code not present)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/96ca579a1ecc943b75beba58bebb0356f6cc4b51
CVE-2017-5122 (Inappropriate use of table size handling in V8 in Google Chrome prior ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5121 (Inappropriate use of JIT optimisation in V8 in Google Chrome prior to ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5120 (Inappropriate use of www mismatch redirects in browser navigation in ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5119 (Use of an uninitialized value in Skia in Google Chrome prior to ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5118 (Blink in Google Chrome prior to 61.0.3163.79 for Mac, Windows, and ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5117 (Use of an uninitialized value in Skia in Google Chrome prior to ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5116 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Mac, ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5115 (Type confusion in V8 in Google Chrome prior to 61.0.3163.79 for Windows ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5114 (Inappropriate use of partition alloc in PDFium in Google Chrome prior ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5113 (Math overflow in Skia in Google Chrome prior to 61.0.3163.79 for Mac, ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5112 (Heap buffer overflow in WebGL in Google Chrome prior to 61.0.3163.79 ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5111 (A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for ...)
	{DSA-3985-1}
	- chromium-browser 61.0.3163.100-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5110 (Inappropriate implementation of the web payments API on blob: and data: ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5109 (Inappropriate implementation of unload handler handling in permission ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5108 (Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5107 (A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5106 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5105 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5104 (Inappropriate implementation in interstitials in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5103 (Use of an uninitialized value in Skia in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5102 (Use of an uninitialized value in Skia in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5101 (Inappropriate implementation in Omnibox in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5100 (A use after free in Apps in Google Chrome prior to 60.0.3112.78 for ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5099 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5098 (A use after free in V8 in Google Chrome prior to 60.0.3112.78 for Mac, ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5097 (Insufficient validation of untrusted input in Skia in Google Chrome ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5096 (Insufficient policy enforcement during navigation between different ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2017-5095 (Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5094 (Type confusion in extensions JavaScript bindings in Google Chrome prior ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5093 (Inappropriate implementation in modal dialog handling in Blink in ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5092 (Insufficient validation of untrusted input in PPAPI Plugins in Google ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5091 (A use after free in IndexedDB in Google Chrome prior to 60.0.3112.78 ...)
	{DSA-3926-1}
	- chromium-browser 60.0.3112.78-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5090 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	- chromium-browser <not-affected> (Chrome on Mac)
CVE-2017-5089 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	{DSA-3926-1}
	- chromium-browser 59.0.3071.104-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5088 (Insufficient validation of untrusted input in V8 in Google Chrome prior ...)
	{DSA-3926-1}
	- chromium-browser 59.0.3071.104-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5087 (A use after free in Blink in Google Chrome prior to 59.0.3071.104 for ...)
	{DSA-3926-1}
	- chromium-browser 59.0.3071.104-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5086 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5085 (Inappropriate implementation in Bookmarks in Google Chrome prior to 59 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5084 (Inappropriate implementation in image-burner in Google Chrome OS prior ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5083 (Inappropriate implementation in Blink in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5082 (Failure to take advantage of available mitigations in credit card ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5081 (Lack of verification of an extension's locale folder in Google Chrome ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5080 (A use after free in credit card autofill in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5079 (Inappropriate implementation in Blink in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5078 (Insufficient validation of untrusted input in Blink's mailto: handling ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5077 (Insufficient validation of untrusted input in Skia in Google Chrome ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5076 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5075 (Inappropriate implementation in CSP reporting in Blink in Google Chrome ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5074 (A use after free in Chrome Apps in Google Chrome prior to 59.0.3071.86 ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5073 (Use after free in print preview in Blink in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5072 (Inappropriate implementation in Omnibox in Google Chrome prior to ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5071 (Insufficient validation of untrusted input in V8 in Google Chrome prior ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5070 (Type confusion in V8 in Google Chrome prior to 59.0.3071.86 for Linux, ...)
	- chromium-browser 59.0.3071.86-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5069 (Incorrect MIME type of XSS-Protection reports in Blink in Google Chrome ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5068 (Incorrect handling of picture ID in WebRTC in Google Chrome prior to ...)
	- chromium-browser 58.0.3029.96-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5067 (An insufficient watchdog timer in navigation in Google Chrome prior to ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5066 (Insufficient consistency checks in signature handling in the networking ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5065 (Lack of an appropriate action on page navigation in Blink in Google ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5064 (Incorrect handling of DOM changes in Blink in Google Chrome prior to ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5063 (A numeric overflow in Skia in Google Chrome prior to 58.0.3029.81 for ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5062 (A use after free in Chrome Apps in Google Chrome prior to 58.0.3029.81 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5061 (A race condition in navigation in Google Chrome prior to 58.0.3029.81 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5060 (Insufficient Policy Enforcement in Omnibox in Google Chrome prior to ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5059 (Type confusion in Blink in Google Chrome prior to 58.0.3029.81 for ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5058 (A use after free in PrintPreview in Google Chrome prior to 58.0.3029.81 ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5057 (Type confusion in PDFium in Google Chrome prior to 58.0.3029.81 for ...)
	- chromium-browser 58.0.3029.81-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5056 (A use after free in Blink in Google Chrome prior to 57.0.2987.133 for ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5055 (A use after free in printing in Google Chrome prior to 57.0.2987.133 ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5054 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5053 (An out-of-bounds read in V8 in Google Chrome prior to 57.0.2987.133 for ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5052 (An incorrect assumption about block structure in Blink in Google Chrome ...)
	- chromium-browser 57.0.2987.133-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5051 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5050 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5049 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5048 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5047 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...)
	- chromium-browser 57.0.2987.98-1
	[jessie] - chromium-browser <end-of-life> (End of life, see DSA 4020)
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://codereview.chromium.org/2654913002
CVE-2017-5046 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5045 (XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5044 (Heap buffer overflow in filter processing in Skia in Google Chrome ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5043 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5042 (Cast in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5041 (Google Chrome prior to 57.0.2987.100 incorrectly handled back-forward ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5040 (V8 in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5039 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5038 (Chrome Apps in Google Chrome prior to 57.0.2987.98 for Linux, Windows, ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5037 (An integer overflow in FFmpeg in Google Chrome prior to 57.0.2987.98 ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5036 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5035 (Google Chrome prior to 57.0.2987.98 for Windows and Mac had a race ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5034 (A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5033 (Blink in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5032 (PDFium in Google Chrome prior to 57.0.2987.98 for Windows could be made ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5031 (A use after free in ANGLE in Google Chrome prior to 57.0.2987.98 for ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5030 (Incorrect handling of complex species in V8 in Google Chrome prior to ...)
	{DSA-3810-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5029 (The xsltAddTextString function in transform.c in libxslt 1.1.29, as ...)
	{DSA-3810-1 DLA-866-1}
	- chromium-browser 57.0.2987.98-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libxslt 1.1.29-2.1 (bug #858546)
	[jessie] - libxslt 1.1.28-2+deb8u3
	NOTE: Upstream fix in libxslt: https://git.gnome.org/browse/libxslt/commit/?id=08ab2774b870de1c7b5a48693df75e8154addae5
CVE-2017-5028
	RESERVED
CVE-2017-5027 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5026 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, failed ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5025 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2.4-1
CVE-2017-5024 (FFmpeg in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2.4-1
CVE-2017-5023 (Type confusion in Histogram in Google Chrome prior to 56.0.2924.76 for ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5022 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5021 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5020 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5019 (A use after free in Google Chrome prior to 56.0.2924.76 for Linux, ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5018 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5017 (Interactions with the OS in Google Chrome prior to 56.0.2924.76 for Mac ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5016 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5015 (Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5014 (Heap buffer overflow during image processing in Skia in Google Chrome ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5013 (Google Chrome prior to 56.0.2924.76 for Linux incorrectly handled new ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5012 (A heap buffer overflow in V8 in Google Chrome prior to 56.0.2924.76 for ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2017-5011 (Google Chrome prior to 56.0.2924.76 for Windows insufficiently ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5010 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5009 (WebRTC in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5008 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5007 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5006 (Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and ...)
	{DSA-3776-1}
	- chromium-browser 56.0.2924.76-3
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-5005 (Stack-based buffer overflow in Quick Heal Internet Security 10.1.0.316 ...)
	NOT-FOR-US: Quickheal
CVE-2016-10108 (Unauthenticated Remote Command injection as root occurs in the Western ...)
	NOT-FOR-US: Western Digital MyCloud NAS
CVE-2016-10107 (Unauthenticated Remote Command injection as root occurs in the Western ...)
	NOT-FOR-US: Western Digital MyCloud NAS
CVE-2016-10106 (Directory traversal vulnerability in scgi-bin/platform.cgi on NETGEAR ...)
	NOT-FOR-US: NETGEAR devices
CVE-2016-10105 (admin/plugin.php in Piwigo through 2.8.3 doesn't validate the sections ...)
	- piwigo <removed>
CVE-2016-10104 (Information Disclosure can occur in sshProfiles.jsd in Hitek Software's ...)
	NOT-FOR-US: Hitek
CVE-2016-10103 (Information Disclosure can occur in encryptionProfiles.jsd in Hitek ...)
	NOT-FOR-US: Hitek
CVE-2016-10102 (hitek.jar in Hitek Software's Automize uses weak encryption when ...)
	NOT-FOR-US: Hitek
CVE-2016-10101 (Information Disclosure can occur in Hitek Software's Automize 10.x and ...)
	NOT-FOR-US: Hitek
CVE-2016-10100 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate ...)
	- borgbackup 1.0.9-1
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2016-10099 (Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic ...)
	- borgbackup 1.0.9-1
	NOTE: https://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
CVE-2017-5333
	RESERVED
	{DSA-3765-1 DLA-789-1}
	- icoutils 0.31.1-1
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
	NOTE: CVE for "the separate vulnerability fixed by the introduction of the "size >= sizeof(uint16_t)*2" test in
	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a"
	NOTE: http://seclists.org/oss-sec/2017/q1/56
CVE-2017-5332
	RESERVED
	{DSA-3765-1 DLA-789-1}
	- icoutils 0.31.1-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1249276
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=1a108713ac26215c7568353f6e02e727e6d4b24a
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
	NOTE: CVE for "all of 1aa9f28f7bcbdfff6a84a15ac8d9a87559b1596a and also the index correction in
	NOTE: 1a108713ac26215c7568353f6e02e727e6d4b24a."
CVE-2017-5331 [make check_offset more stringent]
	RESERVED
	{DSA-3765-1 DLA-789-1}
	- icoutils 0.31.1-1
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=4fbe9222fd79ee31b7ec031b0be070a9a400d1d3
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/10/4
CVE-2017-5208 (Integer overflow in the wrestool program in icoutils before 0.31.1 ...)
	{DSA-3756-1 DLA-789-1}
	- icoutils 0.31.0-4 (bug #850017)
	NOTE: Fixed by: http://git.savannah.gnu.org/cgit/icoutils.git/commit/?id=0d569f458f306b88f60156d60c9cf058125cf173
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/08/1
CVE-2017-5340 (Zend/zend_hash.c in PHP before 7.0.15 and 7.1.x before 7.1.1 mishandles ...)
	- php7.1 7.1.1-1 (bug #852022)
	- php7.0 7.0.15-1 (bug #850158)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73832
	NOTE: Fixed in PHP 7.1.1, 7.0.15
CVE-2016-10109 (Use-after-free vulnerability in pcsc-lite before 1.8.20 allows a ...)
	{DSA-3752-1 DLA-778-1}
	- pcsc-lite 1.8.20-1
	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=697fe05967af7ea215bcd5d5774be587780c9e22
	NOTE: https://anonscm.debian.org/cgit/pcsclite/PCSC.git/commit/?id=3aaab9d998b5deb16a246cc7517e44144d281d3b
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/03/2
CVE-2016-10098 (An issue was discovered on SendQuick Entera and Avera devices before ...)
	NOT-FOR-US: SendQuick Entera and Avera devices
CVE-2016-10097 (XML External Entity (XXE) Vulnerability in ...)
	NOT-FOR-US: OpenAM
CVE-2016-10096 (SQL injection vulnerability in register.php in GeniXCMS before 1.0.0 ...)
	NOT-FOR-US: GenixCMS
CVE-2016-10090
	RESERVED
CVE-2016-10086 (RESTful web services in CA Service Desk Manager 12.9 and CA Service ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2017-5004 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all ...)
	NOT-FOR-US: RSA Identity Governance and Lifecycle
CVE-2017-5003 (EMC RSA Identity Governance and Lifecycle versions 7.0.1, 7.0.2 (all ...)
	NOT-FOR-US: RSA Identity Governance and Lifecycle
CVE-2017-5002 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-5001 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-5000 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-4999 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-4998 (EMC RSA Archer 5.4.1.3, 5.5.3.1, 5.5.2.3, 5.5.2, 5.5.1.3.1, 5.5.1.1 is ...)
	NOT-FOR-US: EMC
CVE-2017-4997 (EMC VASA Provider Virtual Appliance versions 8.3.x and prior has an ...)
	NOT-FOR-US: EMC
CVE-2017-4996
	RESERVED
CVE-2017-4995 (An issue was discovered in Pivotal Spring Security 4.2.0.RELEASE ...)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2017-4995
CVE-2017-4994 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4993
	REJECTED
CVE-2017-4992 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4991 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4990 (In EMC Avamar Server Software 7.4.1-58, 7.4.0-242, 7.3.1-125, ...)
	NOT-FOR-US: EMC
CVE-2017-4989 (In EMC Avamar Server Software 7.3.1-125, 7.3.0-233, 7.3.0-226, ...)
	NOT-FOR-US: EMC
CVE-2017-4988 (EMC Isilon OneFS 8.0.1.0, 8.0.0 - 8.0.0.3, 7.2.0 - 7.2.1.4, 7.1.x is ...)
	NOT-FOR-US: EMC
CVE-2017-4987 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
	NOT-FOR-US: EMC
CVE-2017-4986 (EMC ESRS VE 3.18 or earlier contains Authentication Bypass that could ...)
	NOT-FOR-US: EMC
CVE-2017-4985 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
	NOT-FOR-US: EMC
CVE-2017-4984 (In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions ...)
	NOT-FOR-US: EMC
CVE-2017-4983 (EMC Data Domain OS 5.2 through 5.7 before 5.7.3.0 and 6.0 before ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2017-4982 (EMC Mainframe Enablers ResourcePak Base versions 7.6.0, 8.0.0, and ...)
	NOT-FOR-US: EMC Mainframe
CVE-2017-4981 (EMC RSA BSAFE Cert-C before 2.9.0.5 contains a potential improper ...)
	NOT-FOR-US: EMC
CVE-2017-4980 (EMC Isilon OneFS is affected by a path traversal vulnerability that may ...)
	NOT-FOR-US: EMC
CVE-2017-4979 (EMC Isilon OneFS 8.0.1.0, OneFS 8.0.0.0 - 8.0.0.2, OneFS 7.2.1.0 - ...)
	NOT-FOR-US: EMC
CVE-2017-4978 (EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 ...)
	NOT-FOR-US: EMC
CVE-2017-4977 (EMC RSA Archer Security Operations Management with RSA Unified ...)
	NOT-FOR-US: EMC
CVE-2017-4976 (EMC ESRS Policy Manager prior to 6.8 contains an undocumented account ...)
	NOT-FOR-US: EMC
CVE-2017-4975 (An issue was discovered in Pivotal PCF Tile Generator versions prior to ...)
	NOT-FOR-US: Pivotal PCF Tile Generator
CVE-2017-4974 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4973 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4972 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4971 (An issue was discovered in Pivotal Spring Web Flow through 2.4.4. ...)
	NOT-FOR-US: Spring Web Flow
CVE-2017-4970 (An issue was discovered in Cloud Foundry Foundation cf-release v255 and ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4969 (The Cloud Controller in Cloud Foundry cf-release versions prior to v255 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4968
	REJECTED
CVE-2017-4967 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
	- rabbitmq-server 3.6.10-1 (low; bug #863586)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4966 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
	- rabbitmq-server 3.6.10-1 (low; bug #863586)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/2371633f99ad0d293899384f078872ff9e9f3e10 (rabbitmq_v3_6_9)
	NOTE: Introduced by: https://github.com/rabbitmq/rabbitmq-management/commit/ced47b0bdca862a58e8f31833643e948655f8368 (rabbitmq_v3_4_0)
CVE-2017-4965 (An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x ...)
	- rabbitmq-server 3.6.10-1 (low; bug #863586)
	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
CVE-2017-4964 (Cloud Foundry Foundation BOSH Azure CPI v22 could potentially allow a ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4963 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4962
	REJECTED
CVE-2017-4961 (An issue was discovered in Cloud Foundry Foundation BOSH Release 261.x ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4960 (An issue was discovered in Cloud Foundry release v247 through v252, UAA ...)
	NOT-FOR-US: Cloud Foundry
CVE-2017-4959 (An issue was discovered in Pivotal PCF Elastic Runtime 1.8.x versions ...)
	NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2017-4958
	REJECTED
CVE-2017-4957
	REJECTED
CVE-2017-4956
	REJECTED
CVE-2017-4955 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...)
	NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2016-10095 (Stack-based buffer overflow in the _TIFFVGetField function in ...)
	{DLA-984-1 DLA-983-1}
	- tiff 4.0.8-2 (bug #850316)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: This is a duplicate of CVE-2015-7554, both were reported against tiffsplit
	NOTE: While the _TIFFVGetField function is a generic function, CVE IDs seem to be
	NOTE: assigned per tool using it, so CVE-2015-7554/CVE-2016-10095 refers to the
	NOTE: tiffsplit tool
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2625
	NOTE: Fixes as per http://bugzilla.maptools.org/show_bug.cgi?id=2580
CVE-2016-10094 (Off-by-one error in the t2p_readwrite_pdf_image_tile function in ...)
	{DSA-3762-1}
	- tiff 4.0.7-4
	[wheezy] - tiff <not-affected> (vulnerable code introduced later)
	- tiff3 <not-affected> (vulnerable code introduced later)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2640
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/c7153361a4041260719b340f73f2f76b0969235c
CVE-2016-10093 (Integer overflow in tools/tiffcp.c in LibTIFF 4.0.7 allows remote ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2610
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/787c0ee906430b772f33ca50b97b8b5ca070faec
CVE-2016-10092 (Heap-based buffer overflow in the readContigStripsIntoBuffer function ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-2
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (libtiff-tools not shipped by this source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2620
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/9657bbe3cdce4aaa90e07d50c1c70ae52da0ba6a
CVE-2016-10091 (Multiple stack-based buffer overflows in unrtf 0.21.9 allow remote ...)
	- unrtf 0.21.9-clean-3 (bug #849705)
	[jessie] - unrtf 0.21.5-3+deb8u1
	[wheezy] - unrtf <no-dsa> (Minor issue)
	NOTE: http://hg.savannah.gnu.org/hgweb/unrtf/rev/3b16893a6406
CVE-2016-10085 (admin/languages.php in Piwigo through 2.8.3 allows remote authenticated ...)
	- piwigo <removed>
CVE-2016-10084 (admin/batch_manager.php in Piwigo through 2.8.3 allows remote ...)
	- piwigo <removed>
CVE-2016-10083 (Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo ...)
	- piwigo <removed>
CVE-2016-10082 (include/functions_installer.inc.php in Serendipity through 2.0.5 is ...)
	- serendipity <removed>
CVE-2016-10081 (/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote ...)
	- shutter 0.93.1-1.3 (bug #849777)
	[jessie] - shutter 0.92-0.1+deb8u2
	[wheezy] - shutter <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/shutter/+bug/1652600
CVE-2016-10080
	RESERVED
CVE-2016-10079 (SAPlpd through 7400.3.11.33 in SAP GUI 7.40 on Windows has a Denial of ...)
	NOT-FOR-US: SAPlpd
CVE-2016-10078
	RESERVED
CVE-2016-10077
	RESERVED
CVE-2016-10076
	RESERVED
CVE-2017-4954
	RESERVED
CVE-2017-4953
	RESERVED
CVE-2017-4952 (VMware Xenon 1.x prior to 1.5.7, 1.5.4, 1.3.7, and 1.1.0 contains an ...)
	NOT-FOR-US: VMware Xenon
CVE-2017-4951 (VMware AirWatch Console (9.2.x before 9.2.2 and 9.1.x before 9.1.5) ...)
	NOT-FOR-US: VMware AirWatch Console
CVE-2017-4950 (VMware Workstation and Fusion contain an integer overflow ...)
	NOT-FOR-US: VMware
CVE-2017-4949 (VMware Workstation and Fusion contain a use-after-free vulnerability ...)
	NOT-FOR-US: VMware
CVE-2017-4948 (VMware Workstation (14.x before 14.1.0 and 12.x) and Horizon View ...)
	NOT-FOR-US: VMware
CVE-2017-4947 (VMware Realize Automation (7.3 and 7.2) and vSphere Integrated ...)
	NOT-FOR-US: VMware Realize Automation
CVE-2017-4946 (The VMware V4H and V4PA desktop agents (6.x before 6.5.1) contain a ...)
	NOT-FOR-US: VMware
CVE-2017-4945 (VMware Workstation (14.x and 12.x) and Fusion (10.x and 8.x) contain a ...)
	NOT-FOR-US: VMware
CVE-2017-4944
	RESERVED
CVE-2017-4943 (VMware vCenter Server Appliance (vCSA) (6.5 before 6.5 U1d) contains a ...)
	NOT-FOR-US: VMware
CVE-2017-4942 (VMware AirWatch Console (AWC) contains a Broken Access Control ...)
	NOT-FOR-US: VMware
CVE-2017-4941 (VMware ESXi (6.0 before ESXi600-201711101-SG, 5.5 ...)
	NOT-FOR-US: VMware
CVE-2017-4940 (The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, ...)
	NOT-FOR-US: VMware
CVE-2017-4939 (VMware Workstation (12.x before 12.5.8) installer contains a DLL ...)
	NOT-FOR-US: VMware
CVE-2017-4938 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
	NOT-FOR-US: VMware
CVE-2017-4937 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)
	NOT-FOR-US: VMware
CVE-2017-4936 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)
	NOT-FOR-US: VMware
CVE-2017-4935 (VMware Workstation (12.x before 12.5.8) and Horizon View Client for ...)
	NOT-FOR-US: VMware
CVE-2017-4934 (VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) ...)
	NOT-FOR-US: VMware
CVE-2017-4933 (VMware ESXi (6.5 before ESXi650-201710401-BG), Workstation (12.x ...)
	NOT-FOR-US: VMware
CVE-2017-4932 (VMware AirWatch Launcher for Android prior to 3.2.2 contains a ...)
	NOT-FOR-US: VMware
CVE-2017-4931 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...)
	NOT-FOR-US: VMware
CVE-2017-4930 (VMware AirWatch Console 9.x prior to 9.2.0 contains a vulnerability ...)
	NOT-FOR-US: VMware
CVE-2017-4929 (VMware NSX Edge (6.2.x before 6.2.9 and 6.3.x before 6.3.5) contains a ...)
	NOT-FOR-US: VMware
CVE-2017-4928 (The flash-based vSphere Web Client (6.0 prior to 6.0 U3c and 5.5 prior ...)
	NOT-FOR-US: VMware
CVE-2017-4927 (VMware vCenter Server (6.5 prior to 6.5 U1 and 6.0 prior to 6.0 U3c) ...)
	NOT-FOR-US: VMware
CVE-2017-4926 (VMware vCenter Server (6.5 prior to 6.5 U1) contains a vulnerability ...)
	NOT-FOR-US: VMware
CVE-2017-4925 (VMware ESXi 6.5 without patch ESXi650-201707101-SG, ESXi 6.0 without ...)
	NOT-FOR-US: VMware
CVE-2017-4924 (VMware ESXi (ESXi 6.5 without patch ESXi650-201707101-SG), Workstation ...)
	NOT-FOR-US: VMware
CVE-2017-4923 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information ...)
	NOT-FOR-US: VMware
CVE-2017-4922 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an information ...)
	NOT-FOR-US: VMware
CVE-2017-4921 (VMware vCenter Server (6.5 prior to 6.5 U1) contains an insecure ...)
	NOT-FOR-US: VMware
CVE-2017-4920 (The implementation of the OSPF protocol in VMware NSX-V Edge 6.2.x ...)
	NOT-FOR-US: VMware
CVE-2017-4919 (VMware vCenter Server 5.5, 6.0, 6.5 allows vSphere users with certain, ...)
	NOT-FOR-US: VMware vCenter Server
CVE-2017-4918 (VMware Horizon View Client (2.x, 3.x and 4.x prior to 4.5.0) contains ...)
	NOT-FOR-US: VMware
CVE-2017-4917 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...)
	NOT-FOR-US: VMware
CVE-2017-4916 (VMware Workstation Pro/Player contains a NULL pointer dereference ...)
	NOT-FOR-US: VMware
CVE-2017-4915 (VMware Workstation Pro/Player contains an insecure library loading ...)
	NOT-FOR-US: VMware
CVE-2017-4914 (VMware vSphere Data Protection (VDP) 6.1.x, 6.0.x, 5.8.x, and 5.5.x ...)
	NOT-FOR-US: VMware
CVE-2017-4913 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4912 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4911 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4910 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4909 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4908 (VMware Workstation (12.x prior to 12.5.3) and Horizon View Client (4.x ...)
	NOT-FOR-US: VMware
CVE-2017-4907 (VMware Unified Access Gateway (2.5.x, 2.7.x, 2.8.x prior to 2.8.1) and ...)
	NOT-FOR-US: VMware
CVE-2017-4906
	RESERVED
CVE-2017-4905 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...)
	NOT-FOR-US: VMware
CVE-2017-4904 (The XHCI controller in VMware ESXi 6.5 without patch ...)
	NOT-FOR-US: VMware
CVE-2017-4903 (VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without ...)
	NOT-FOR-US: VMware
CVE-2017-4902 (VMware ESXi 6.5 without patch ESXi650-201703410-SG and 5.5 without ...)
	NOT-FOR-US: VMware
CVE-2017-4901 (The drag-and-drop (DnD) function in VMware Workstation 12.x before ...)
	NOT-FOR-US: VMware
CVE-2017-4900 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a NULL ...)
	NOT-FOR-US: VMware
CVE-2017-4899 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a security ...)
	NOT-FOR-US: VMware
CVE-2017-4898 (VMware Workstation Pro/Player 12.x before 12.5.3 contains a DLL ...)
	NOT-FOR-US: VMware
CVE-2017-4897 (VMware Horizon DaaS before 7.0.0 contains a vulnerability that exists ...)
	NOT-FOR-US: VMware Horizon DaaS
CVE-2017-4896 (Airwatch Inbox for Android contains a vulnerability that may allow a ...)
	NOT-FOR-US: Airwatch Inbox for Android
CVE-2017-4895 (Airwatch Agent for Android contains a vulnerability that may allow a ...)
	NOT-FOR-US: Airwatch Inbox for Android
CVE-2017-4894
	REJECTED
CVE-2017-4893
	REJECTED
CVE-2017-4892
	REJECTED
CVE-2017-4891
	REJECTED
CVE-2017-4890
	REJECTED
CVE-2017-4889
	REJECTED
CVE-2017-4888
	REJECTED
CVE-2017-4887
	REJECTED
CVE-2017-4886
	REJECTED
CVE-2017-4885
	REJECTED
CVE-2017-4884
	REJECTED
CVE-2017-4883
	REJECTED
CVE-2017-4882
	REJECTED
CVE-2017-4881
	REJECTED
CVE-2017-4880
	REJECTED
CVE-2017-4879
	REJECTED
CVE-2017-4878
	REJECTED
CVE-2017-4877
	REJECTED
CVE-2017-4876
	REJECTED
CVE-2017-4875
	REJECTED
CVE-2017-4874
	REJECTED
CVE-2017-4873
	REJECTED
CVE-2017-4872
	REJECTED
CVE-2017-4871
	REJECTED
CVE-2017-4870
	REJECTED
CVE-2017-4869
	REJECTED
CVE-2017-4868
	REJECTED
CVE-2017-4867
	REJECTED
CVE-2017-4866
	REJECTED
CVE-2017-4865
	REJECTED
CVE-2017-4864
	REJECTED
CVE-2017-4863
	REJECTED
CVE-2017-4862
	REJECTED
CVE-2017-4861
	REJECTED
CVE-2017-4860
	REJECTED
CVE-2017-4859
	REJECTED
CVE-2017-4858
	REJECTED
CVE-2017-4857
	REJECTED
CVE-2017-4856
	REJECTED
CVE-2017-4855
	REJECTED
CVE-2017-4854
	REJECTED
CVE-2017-4853
	REJECTED
CVE-2017-4852
	REJECTED
CVE-2017-4851
	REJECTED
CVE-2017-4850
	REJECTED
CVE-2017-4849
	REJECTED
CVE-2017-4848
	REJECTED
CVE-2017-4847
	REJECTED
CVE-2017-4846
	REJECTED
CVE-2017-4845
	REJECTED
CVE-2017-4844
	REJECTED
CVE-2017-4843
	REJECTED
CVE-2017-4842
	REJECTED
CVE-2017-4841
	REJECTED
CVE-2017-4840
	REJECTED
CVE-2017-4839
	REJECTED
CVE-2017-4838
	REJECTED
CVE-2017-4837
	REJECTED
CVE-2017-4836
	REJECTED
CVE-2017-4835
	REJECTED
CVE-2017-4834
	REJECTED
CVE-2017-4833
	REJECTED
CVE-2017-4832
	REJECTED
CVE-2017-4831
	REJECTED
CVE-2017-4830
	REJECTED
CVE-2017-4829
	REJECTED
CVE-2017-4828
	REJECTED
CVE-2017-4827
	REJECTED
CVE-2017-4826
	REJECTED
CVE-2017-4825
	REJECTED
CVE-2017-4824
	REJECTED
CVE-2017-4823
	REJECTED
CVE-2017-4822
	REJECTED
CVE-2017-4821
	REJECTED
CVE-2017-4820
	REJECTED
CVE-2017-4819
	REJECTED
CVE-2017-4818
	REJECTED
CVE-2017-4817
	REJECTED
CVE-2017-4816
	REJECTED
CVE-2017-4815
	REJECTED
CVE-2017-4814
	REJECTED
CVE-2017-4813
	REJECTED
CVE-2017-4812
	REJECTED
CVE-2017-4811
	REJECTED
CVE-2017-4810
	REJECTED
CVE-2017-4809
	REJECTED
CVE-2017-4808
	REJECTED
CVE-2017-4807
	REJECTED
CVE-2017-4806
	REJECTED
CVE-2017-4805
	REJECTED
CVE-2017-4804
	REJECTED
CVE-2017-4803
	REJECTED
CVE-2017-4802
	REJECTED
CVE-2017-4801
	REJECTED
CVE-2017-4800
	REJECTED
CVE-2017-4799
	REJECTED
CVE-2017-4798
	REJECTED
CVE-2017-4797
	REJECTED
CVE-2017-4796
	REJECTED
CVE-2017-4795
	REJECTED
CVE-2017-4794
	REJECTED
CVE-2017-4793
	REJECTED
CVE-2017-4792
	REJECTED
CVE-2017-4791
	REJECTED
CVE-2017-4790
	REJECTED
CVE-2017-4789
	REJECTED
CVE-2017-4788
	REJECTED
CVE-2017-4787
	REJECTED
CVE-2017-4786
	REJECTED
CVE-2017-4785
	REJECTED
CVE-2017-4784
	REJECTED
CVE-2017-4783
	REJECTED
CVE-2017-4782
	REJECTED
CVE-2017-4781
	REJECTED
CVE-2017-4780
	REJECTED
CVE-2017-4779
	REJECTED
CVE-2017-4778
	REJECTED
CVE-2017-4777
	REJECTED
CVE-2017-4776
	REJECTED
CVE-2017-4775
	REJECTED
CVE-2017-4774
	REJECTED
CVE-2017-4773
	REJECTED
CVE-2017-4772
	REJECTED
CVE-2017-4771
	REJECTED
CVE-2017-4770
	REJECTED
CVE-2017-4769
	REJECTED
CVE-2017-4768
	REJECTED
CVE-2017-4767
	REJECTED
CVE-2017-4766
	REJECTED
CVE-2017-4765
	REJECTED
CVE-2017-4764
	REJECTED
CVE-2017-4763
	REJECTED
CVE-2017-4762
	REJECTED
CVE-2017-4761
	REJECTED
CVE-2017-4760
	REJECTED
CVE-2017-4759
	REJECTED
CVE-2017-4758
	REJECTED
CVE-2017-4757
	REJECTED
CVE-2017-4756
	REJECTED
CVE-2017-4755
	REJECTED
CVE-2017-4754
	REJECTED
CVE-2017-4753
	REJECTED
CVE-2017-4752
	REJECTED
CVE-2017-4751
	REJECTED
CVE-2017-4750
	REJECTED
CVE-2017-4749
	REJECTED
CVE-2017-4748
	REJECTED
CVE-2017-4747
	REJECTED
CVE-2017-4746
	REJECTED
CVE-2017-4745
	REJECTED
CVE-2017-4744
	REJECTED
CVE-2017-4743
	REJECTED
CVE-2017-4742
	REJECTED
CVE-2017-4741
	REJECTED
CVE-2017-4740
	REJECTED
CVE-2017-4739
	REJECTED
CVE-2017-4738
	REJECTED
CVE-2017-4737
	REJECTED
CVE-2017-4736
	REJECTED
CVE-2017-4735
	REJECTED
CVE-2017-4734
	REJECTED
CVE-2017-4733
	REJECTED
CVE-2017-4732
	REJECTED
CVE-2017-4731
	REJECTED
CVE-2017-4730
	REJECTED
CVE-2017-4729
	REJECTED
CVE-2017-4728
	REJECTED
CVE-2017-4727
	REJECTED
CVE-2017-4726
	REJECTED
CVE-2017-4725
	REJECTED
CVE-2017-4724
	REJECTED
CVE-2017-4723
	REJECTED
CVE-2017-4722
	REJECTED
CVE-2017-4721
	REJECTED
CVE-2017-4720
	REJECTED
CVE-2017-4719
	REJECTED
CVE-2017-4718
	REJECTED
CVE-2017-4717
	REJECTED
CVE-2017-4716
	REJECTED
CVE-2017-4715
	REJECTED
CVE-2017-4714
	REJECTED
CVE-2017-4713
	REJECTED
CVE-2017-4712
	REJECTED
CVE-2017-4711
	REJECTED
CVE-2017-4710
	REJECTED
CVE-2017-4709
	REJECTED
CVE-2017-4708
	REJECTED
CVE-2017-4707
	REJECTED
CVE-2017-4706
	REJECTED
CVE-2017-4705
	REJECTED
CVE-2017-4704
	REJECTED
CVE-2017-4703
	REJECTED
CVE-2017-4702
	REJECTED
CVE-2017-4701
	REJECTED
CVE-2017-4700
	REJECTED
CVE-2017-4699
	REJECTED
CVE-2017-4698
	REJECTED
CVE-2017-4697
	REJECTED
CVE-2017-4696
	REJECTED
CVE-2017-4695
	REJECTED
CVE-2017-4694
	REJECTED
CVE-2017-4693
	REJECTED
CVE-2017-4692
	REJECTED
CVE-2017-4691
	REJECTED
CVE-2017-4690
	REJECTED
CVE-2017-4689
	REJECTED
CVE-2017-4688
	REJECTED
CVE-2017-4687
	REJECTED
CVE-2017-4686
	REJECTED
CVE-2017-4685
	REJECTED
CVE-2017-4684
	REJECTED
CVE-2017-4683
	REJECTED
CVE-2017-4682
	REJECTED
CVE-2017-4681
	REJECTED
CVE-2017-4680
	REJECTED
CVE-2017-4679
	REJECTED
CVE-2017-4678
	REJECTED
CVE-2017-4677
	REJECTED
CVE-2017-4676
	REJECTED
CVE-2017-4675
	REJECTED
CVE-2017-4674
	REJECTED
CVE-2017-4673
	REJECTED
CVE-2017-4672
	REJECTED
CVE-2017-4671
	REJECTED
CVE-2017-4670
	REJECTED
CVE-2017-4669
	REJECTED
CVE-2017-4668
	REJECTED
CVE-2017-4667
	REJECTED
CVE-2017-4666
	REJECTED
CVE-2017-4665
	REJECTED
CVE-2017-4664
	REJECTED
CVE-2017-4663
	REJECTED
CVE-2017-4662
	REJECTED
CVE-2017-4661
	REJECTED
CVE-2017-4660
	REJECTED
CVE-2017-4659
	REJECTED
CVE-2017-4658
	REJECTED
CVE-2017-4657
	REJECTED
CVE-2017-4656
	REJECTED
CVE-2017-4655
	REJECTED
CVE-2017-4654
	REJECTED
CVE-2017-4653
	REJECTED
CVE-2017-4652
	REJECTED
CVE-2017-4651
	REJECTED
CVE-2017-4650
	REJECTED
CVE-2017-4649
	REJECTED
CVE-2017-4648
	REJECTED
CVE-2017-4647
	REJECTED
CVE-2017-4646
	REJECTED
CVE-2017-4645
	REJECTED
CVE-2017-4644
	REJECTED
CVE-2017-4643
	REJECTED
CVE-2017-4642
	REJECTED
CVE-2017-4641
	REJECTED
CVE-2017-4640
	REJECTED
CVE-2017-4639
	REJECTED
CVE-2017-4638
	REJECTED
CVE-2017-4637
	REJECTED
CVE-2017-4636
	REJECTED
CVE-2017-4635
	REJECTED
CVE-2017-4634
	REJECTED
CVE-2017-4633
	REJECTED
CVE-2017-4632
	REJECTED
CVE-2017-4631
	REJECTED
CVE-2017-4630
	REJECTED
CVE-2017-4629
	REJECTED
CVE-2017-4628
	REJECTED
CVE-2017-4627
	REJECTED
CVE-2017-4626
	REJECTED
CVE-2017-4625
	REJECTED
CVE-2017-4624
	REJECTED
CVE-2017-4623
	REJECTED
CVE-2017-4622
	REJECTED
CVE-2017-4621
	REJECTED
CVE-2017-4620
	REJECTED
CVE-2017-4619
	REJECTED
CVE-2017-4618
	REJECTED
CVE-2017-4617
	REJECTED
CVE-2017-4616
	REJECTED
CVE-2017-4615
	REJECTED
CVE-2017-4614
	REJECTED
CVE-2017-4613
	REJECTED
CVE-2017-4612
	REJECTED
CVE-2017-4611
	REJECTED
CVE-2017-4610
	REJECTED
CVE-2017-4609
	REJECTED
CVE-2017-4608
	REJECTED
CVE-2017-4607
	REJECTED
CVE-2017-4606
	REJECTED
CVE-2017-4605
	REJECTED
CVE-2017-4604
	REJECTED
CVE-2017-4603
	REJECTED
CVE-2017-4602
	REJECTED
CVE-2017-4601
	REJECTED
CVE-2017-4600
	REJECTED
CVE-2017-4599
	REJECTED
CVE-2017-4598
	REJECTED
CVE-2017-4597
	REJECTED
CVE-2017-4596
	REJECTED
CVE-2017-4595
	REJECTED
CVE-2017-4594
	REJECTED
CVE-2017-4593
	REJECTED
CVE-2017-4592
	REJECTED
CVE-2017-4591
	REJECTED
CVE-2017-4590
	REJECTED
CVE-2017-4589
	REJECTED
CVE-2017-4588
	REJECTED
CVE-2017-4587
	REJECTED
CVE-2017-4586
	REJECTED
CVE-2017-4585
	REJECTED
CVE-2017-4584
	REJECTED
CVE-2017-4583
	REJECTED
CVE-2017-4582
	REJECTED
CVE-2017-4581
	REJECTED
CVE-2017-4580
	REJECTED
CVE-2017-4579
	REJECTED
CVE-2017-4578
	REJECTED
CVE-2017-4577
	REJECTED
CVE-2017-4576
	REJECTED
CVE-2017-4575
	REJECTED
CVE-2017-4574
	REJECTED
CVE-2017-4573
	REJECTED
CVE-2017-4572
	REJECTED
CVE-2017-4571
	REJECTED
CVE-2017-4570
	REJECTED
CVE-2017-4569
	REJECTED
CVE-2017-4568
	REJECTED
CVE-2017-4567
	REJECTED
CVE-2017-4566
	REJECTED
CVE-2017-4565
	REJECTED
CVE-2017-4564
	REJECTED
CVE-2017-4563
	REJECTED
CVE-2017-4562
	REJECTED
CVE-2017-4561
	REJECTED
CVE-2017-4560
	REJECTED
CVE-2017-4559
	REJECTED
CVE-2017-4558
	REJECTED
CVE-2017-4557
	REJECTED
CVE-2017-4556
	REJECTED
CVE-2017-4555
	REJECTED
CVE-2017-4554
	REJECTED
CVE-2017-4553
	REJECTED
CVE-2017-4552
	REJECTED
CVE-2017-4551
	REJECTED
CVE-2017-4550
	REJECTED
CVE-2017-4549
	REJECTED
CVE-2017-4548
	REJECTED
CVE-2017-4547
	REJECTED
CVE-2017-4546
	REJECTED
CVE-2017-4545
	REJECTED
CVE-2017-4544
	REJECTED
CVE-2017-4543
	REJECTED
CVE-2017-4542
	REJECTED
CVE-2017-4541
	REJECTED
CVE-2017-4540
	REJECTED
CVE-2017-4539
	REJECTED
CVE-2017-4538
	REJECTED
CVE-2017-4537
	REJECTED
CVE-2017-4536
	REJECTED
CVE-2017-4535
	REJECTED
CVE-2017-4534
	REJECTED
CVE-2017-4533
	REJECTED
CVE-2017-4532
	REJECTED
CVE-2017-4531
	REJECTED
CVE-2017-4530
	REJECTED
CVE-2017-4529
	REJECTED
CVE-2017-4528
	REJECTED
CVE-2017-4527
	REJECTED
CVE-2017-4526
	REJECTED
CVE-2017-4525
	REJECTED
CVE-2017-4524
	REJECTED
CVE-2017-4523
	REJECTED
CVE-2017-4522
	REJECTED
CVE-2017-4521
	REJECTED
CVE-2017-4520
	REJECTED
CVE-2017-4519
	REJECTED
CVE-2017-4518
	REJECTED
CVE-2017-4517
	REJECTED
CVE-2017-4516
	REJECTED
CVE-2017-4515
	REJECTED
CVE-2017-4514
	REJECTED
CVE-2017-4513
	REJECTED
CVE-2017-4512
	REJECTED
CVE-2017-4511
	REJECTED
CVE-2017-4510
	REJECTED
CVE-2017-4509
	REJECTED
CVE-2017-4508
	REJECTED
CVE-2017-4507
	REJECTED
CVE-2017-4506
	REJECTED
CVE-2017-4505
	REJECTED
CVE-2017-4504
	REJECTED
CVE-2017-4503
	REJECTED
CVE-2017-4502
	REJECTED
CVE-2017-4501
	REJECTED
CVE-2017-4500
	REJECTED
CVE-2017-4499
	REJECTED
CVE-2017-4498
	REJECTED
CVE-2017-4497
	REJECTED
CVE-2017-4496
	REJECTED
CVE-2017-4495
	REJECTED
CVE-2017-4494
	REJECTED
CVE-2017-4493
	REJECTED
CVE-2017-4492
	REJECTED
CVE-2017-4491
	REJECTED
CVE-2017-4490
	REJECTED
CVE-2017-4489
	REJECTED
CVE-2017-4488
	REJECTED
CVE-2017-4487
	REJECTED
CVE-2017-4486
	REJECTED
CVE-2017-4485
	REJECTED
CVE-2017-4484
	REJECTED
CVE-2017-4483
	REJECTED
CVE-2017-4482
	REJECTED
CVE-2017-4481
	REJECTED
CVE-2017-4480
	REJECTED
CVE-2017-4479
	REJECTED
CVE-2017-4478
	REJECTED
CVE-2017-4477
	REJECTED
CVE-2017-4476
	REJECTED
CVE-2017-4475
	REJECTED
CVE-2017-4474
	REJECTED
CVE-2017-4473
	REJECTED
CVE-2017-4472
	REJECTED
CVE-2017-4471
	REJECTED
CVE-2017-4470
	REJECTED
CVE-2017-4469
	REJECTED
CVE-2017-4468
	REJECTED
CVE-2017-4467
	REJECTED
CVE-2017-4466
	REJECTED
CVE-2017-4465
	REJECTED
CVE-2017-4464
	REJECTED
CVE-2017-4463
	REJECTED
CVE-2017-4462
	REJECTED
CVE-2017-4461
	REJECTED
CVE-2017-4460
	REJECTED
CVE-2017-4459
	REJECTED
CVE-2017-4458
	REJECTED
CVE-2017-4457
	REJECTED
CVE-2017-4456
	REJECTED
CVE-2017-4455
	REJECTED
CVE-2017-4454
	REJECTED
CVE-2017-4453
	REJECTED
CVE-2017-4452
	REJECTED
CVE-2017-4451
	REJECTED
CVE-2017-4450
	REJECTED
CVE-2017-4449
	REJECTED
CVE-2017-4448
	REJECTED
CVE-2017-4447
	REJECTED
CVE-2017-4446
	REJECTED
CVE-2017-4445
	REJECTED
CVE-2017-4444
	REJECTED
CVE-2017-4443
	REJECTED
CVE-2017-4442
	REJECTED
CVE-2017-4441
	REJECTED
CVE-2017-4440
	REJECTED
CVE-2017-4439
	REJECTED
CVE-2017-4438
	REJECTED
CVE-2017-4437
	REJECTED
CVE-2017-4436
	REJECTED
CVE-2017-4435
	REJECTED
CVE-2017-4434
	REJECTED
CVE-2017-4433
	REJECTED
CVE-2017-4432
	REJECTED
CVE-2017-4431
	REJECTED
CVE-2017-4430
	REJECTED
CVE-2017-4429
	REJECTED
CVE-2017-4428
	REJECTED
CVE-2017-4427
	REJECTED
CVE-2017-4426
	REJECTED
CVE-2017-4425
	REJECTED
CVE-2017-4424
	REJECTED
CVE-2017-4423
	REJECTED
CVE-2017-4422
	REJECTED
CVE-2017-4421
	REJECTED
CVE-2017-4420
	REJECTED
CVE-2017-4419
	REJECTED
CVE-2017-4418
	REJECTED
CVE-2017-4417
	REJECTED
CVE-2017-4416
	REJECTED
CVE-2017-4415
	REJECTED
CVE-2017-4414
	REJECTED
CVE-2017-4413
	REJECTED
CVE-2017-4412
	REJECTED
CVE-2017-4411
	REJECTED
CVE-2017-4410
	REJECTED
CVE-2017-4409
	REJECTED
CVE-2017-4408
	REJECTED
CVE-2017-4407
	REJECTED
CVE-2017-4406
	REJECTED
CVE-2017-4405
	REJECTED
CVE-2017-4404
	REJECTED
CVE-2017-4403
	REJECTED
CVE-2017-4402
	REJECTED
CVE-2017-4401
	REJECTED
CVE-2017-4400
	REJECTED
CVE-2017-4399
	REJECTED
CVE-2017-4398
	REJECTED
CVE-2017-4397
	REJECTED
CVE-2017-4396
	REJECTED
CVE-2017-4395
	REJECTED
CVE-2017-4394
	REJECTED
CVE-2017-4393
	REJECTED
CVE-2017-4392
	REJECTED
CVE-2017-4391
	REJECTED
CVE-2017-4390
	REJECTED
CVE-2017-4389
	REJECTED
CVE-2017-4388
	REJECTED
CVE-2017-4387
	REJECTED
CVE-2017-4386
	REJECTED
CVE-2017-4385
	REJECTED
CVE-2017-4384
	REJECTED
CVE-2017-4383
	REJECTED
CVE-2017-4382
	REJECTED
CVE-2017-4381
	REJECTED
CVE-2017-4380
	REJECTED
CVE-2017-4379
	REJECTED
CVE-2017-4378
	REJECTED
CVE-2017-4377
	REJECTED
CVE-2017-4376
	REJECTED
CVE-2017-4375
	REJECTED
CVE-2017-4374
	REJECTED
CVE-2017-4373
	REJECTED
CVE-2017-4372
	REJECTED
CVE-2017-4371
	REJECTED
CVE-2017-4370
	REJECTED
CVE-2017-4369
	REJECTED
CVE-2017-4368
	REJECTED
CVE-2017-4367
	REJECTED
CVE-2017-4366
	REJECTED
CVE-2017-4365
	REJECTED
CVE-2017-4364
	REJECTED
CVE-2017-4363
	REJECTED
CVE-2017-4362
	REJECTED
CVE-2017-4361
	REJECTED
CVE-2017-4360
	REJECTED
CVE-2017-4359
	REJECTED
CVE-2017-4358
	REJECTED
CVE-2017-4357
	REJECTED
CVE-2017-4356
	REJECTED
CVE-2017-4355
	REJECTED
CVE-2017-4354
	REJECTED
CVE-2017-4353
	REJECTED
CVE-2017-4352
	REJECTED
CVE-2017-4351
	REJECTED
CVE-2017-4350
	REJECTED
CVE-2017-4349
	REJECTED
CVE-2017-4348
	REJECTED
CVE-2017-4347
	REJECTED
CVE-2017-4346
	REJECTED
CVE-2017-4345
	REJECTED
CVE-2017-4344
	REJECTED
CVE-2017-4343
	REJECTED
CVE-2017-4342
	REJECTED
CVE-2017-4341
	REJECTED
CVE-2017-4340
	REJECTED
CVE-2017-4339
	REJECTED
CVE-2017-4338
	REJECTED
CVE-2017-4337
	REJECTED
CVE-2017-4336
	REJECTED
CVE-2017-4335
	REJECTED
CVE-2017-4334
	REJECTED
CVE-2017-4333
	REJECTED
CVE-2017-4332
	REJECTED
CVE-2017-4331
	REJECTED
CVE-2017-4330
	REJECTED
CVE-2017-4329
	REJECTED
CVE-2017-4328
	REJECTED
CVE-2017-4327
	REJECTED
CVE-2017-4326
	REJECTED
CVE-2017-4325
	REJECTED
CVE-2017-4324
	REJECTED
CVE-2017-4323
	REJECTED
CVE-2017-4322
	REJECTED
CVE-2017-4321
	REJECTED
CVE-2017-4320
	REJECTED
CVE-2017-4319
	REJECTED
CVE-2017-4318
	REJECTED
CVE-2017-4317
	REJECTED
CVE-2017-4316
	REJECTED
CVE-2017-4315
	REJECTED
CVE-2017-4314
	REJECTED
CVE-2017-4313
	REJECTED
CVE-2017-4312
	REJECTED
CVE-2017-4311
	REJECTED
CVE-2017-4310
	REJECTED
CVE-2017-4309
	REJECTED
CVE-2017-4308
	REJECTED
CVE-2017-4307
	REJECTED
CVE-2017-4306
	REJECTED
CVE-2017-4305
	REJECTED
CVE-2017-4304
	REJECTED
CVE-2017-4303
	REJECTED
CVE-2017-4302
	REJECTED
CVE-2017-4301
	REJECTED
CVE-2017-4300
	REJECTED
CVE-2017-4299
	REJECTED
CVE-2017-4298
	REJECTED
CVE-2017-4297
	REJECTED
CVE-2017-4296
	REJECTED
CVE-2017-4295
	REJECTED
CVE-2017-4294
	REJECTED
CVE-2017-4293
	REJECTED
CVE-2017-4292
	REJECTED
CVE-2017-4291
	REJECTED
CVE-2017-4290
	REJECTED
CVE-2017-4289
	REJECTED
CVE-2017-4288
	REJECTED
CVE-2017-4287
	REJECTED
CVE-2017-4286
	REJECTED
CVE-2017-4285
	REJECTED
CVE-2017-4284
	REJECTED
CVE-2017-4283
	REJECTED
CVE-2017-4282
	REJECTED
CVE-2017-4281
	REJECTED
CVE-2017-4280
	REJECTED
CVE-2017-4279
	REJECTED
CVE-2017-4278
	REJECTED
CVE-2017-4277
	REJECTED
CVE-2017-4276
	REJECTED
CVE-2017-4275
	REJECTED
CVE-2017-4274
	REJECTED
CVE-2017-4273
	REJECTED
CVE-2017-4272
	REJECTED
CVE-2017-4271
	REJECTED
CVE-2017-4270
	REJECTED
CVE-2017-4269
	REJECTED
CVE-2017-4268
	REJECTED
CVE-2017-4267
	REJECTED
CVE-2017-4266
	REJECTED
CVE-2017-4265
	REJECTED
CVE-2017-4264
	REJECTED
CVE-2017-4263
	REJECTED
CVE-2017-4262
	REJECTED
CVE-2017-4261
	REJECTED
CVE-2017-4260
	REJECTED
CVE-2017-4259
	REJECTED
CVE-2017-4258
	REJECTED
CVE-2017-4257
	REJECTED
CVE-2017-4256
	REJECTED
CVE-2017-4255
	REJECTED
CVE-2017-4254
	REJECTED
CVE-2017-4253
	REJECTED
CVE-2017-4252
	REJECTED
CVE-2017-4251
	REJECTED
CVE-2017-4250
	REJECTED
CVE-2017-4249
	REJECTED
CVE-2017-4248
	REJECTED
CVE-2017-4247
	REJECTED
CVE-2017-4246
	REJECTED
CVE-2017-4245
	REJECTED
CVE-2017-4244
	REJECTED
CVE-2017-4243
	REJECTED
CVE-2017-4242
	REJECTED
CVE-2017-4241
	REJECTED
CVE-2017-4240
	REJECTED
CVE-2017-4239
	REJECTED
CVE-2017-4238
	REJECTED
CVE-2017-4237
	REJECTED
CVE-2017-4236
	REJECTED
CVE-2017-4235
	REJECTED
CVE-2017-4234
	REJECTED
CVE-2017-4233
	REJECTED
CVE-2017-4232
	REJECTED
CVE-2017-4231
	REJECTED
CVE-2017-4230
	REJECTED
CVE-2017-4229
	REJECTED
CVE-2017-4228
	REJECTED
CVE-2017-4227
	REJECTED
CVE-2017-4226
	REJECTED
CVE-2017-4225
	REJECTED
CVE-2017-4224
	REJECTED
CVE-2017-4223
	REJECTED
CVE-2017-4222
	REJECTED
CVE-2017-4221
	REJECTED
CVE-2017-4220
	REJECTED
CVE-2017-4219
	REJECTED
CVE-2017-4218
	REJECTED
CVE-2017-4217
	REJECTED
CVE-2017-4216
	REJECTED
CVE-2017-4215
	REJECTED
CVE-2017-4214
	REJECTED
CVE-2017-4213
	REJECTED
CVE-2017-4212
	REJECTED
CVE-2017-4211
	REJECTED
CVE-2017-4210
	REJECTED
CVE-2017-4209
	REJECTED
CVE-2017-4208
	REJECTED
CVE-2017-4207
	REJECTED
CVE-2017-4206
	REJECTED
CVE-2017-4205
	REJECTED
CVE-2017-4204
	REJECTED
CVE-2017-4203
	REJECTED
CVE-2017-4202
	REJECTED
CVE-2017-4201
	REJECTED
CVE-2017-4200
	REJECTED
CVE-2017-4199
	REJECTED
CVE-2017-4198
	REJECTED
CVE-2017-4197
	REJECTED
CVE-2017-4196
	REJECTED
CVE-2017-4195
	REJECTED
CVE-2017-4194
	REJECTED
CVE-2017-4193
	REJECTED
CVE-2017-4192
	REJECTED
CVE-2017-4191
	REJECTED
CVE-2017-4190
	REJECTED
CVE-2017-4189
	REJECTED
CVE-2017-4188
	REJECTED
CVE-2017-4187
	REJECTED
CVE-2017-4186
	REJECTED
CVE-2017-4185
	REJECTED
CVE-2017-4184
	REJECTED
CVE-2017-4183
	REJECTED
CVE-2017-4182
	REJECTED
CVE-2017-4181
	REJECTED
CVE-2017-4180
	REJECTED
CVE-2017-4179
	REJECTED
CVE-2017-4178
	REJECTED
CVE-2017-4177
	REJECTED
CVE-2017-4176
	REJECTED
CVE-2017-4175
	REJECTED
CVE-2017-4174
	REJECTED
CVE-2017-4173
	REJECTED
CVE-2017-4172
	REJECTED
CVE-2017-4171
	REJECTED
CVE-2017-4170
	REJECTED
CVE-2017-4169
	REJECTED
CVE-2017-4168
	REJECTED
CVE-2017-4167
	REJECTED
CVE-2017-4166
	REJECTED
CVE-2017-4165
	REJECTED
CVE-2017-4164
	REJECTED
CVE-2017-4163
	REJECTED
CVE-2017-4162
	REJECTED
CVE-2017-4161
	REJECTED
CVE-2017-4160
	REJECTED
CVE-2017-4159
	REJECTED
CVE-2017-4158
	REJECTED
CVE-2017-4157
	REJECTED
CVE-2017-4156
	REJECTED
CVE-2017-4155
	REJECTED
CVE-2017-4154
	REJECTED
CVE-2017-4153
	REJECTED
CVE-2017-4152
	REJECTED
CVE-2017-4151
	REJECTED
CVE-2017-4150
	REJECTED
CVE-2017-4149
	REJECTED
CVE-2017-4148
	REJECTED
CVE-2017-4147
	REJECTED
CVE-2017-4146
	REJECTED
CVE-2017-4145
	REJECTED
CVE-2017-4144
	REJECTED
CVE-2017-4143
	REJECTED
CVE-2017-4142
	REJECTED
CVE-2017-4141
	REJECTED
CVE-2017-4140
	REJECTED
CVE-2017-4139
	REJECTED
CVE-2017-4138
	REJECTED
CVE-2017-4137
	REJECTED
CVE-2017-4136
	REJECTED
CVE-2017-4135
	REJECTED
CVE-2017-4134
	REJECTED
CVE-2017-4133
	REJECTED
CVE-2017-4132
	REJECTED
CVE-2017-4131
	REJECTED
CVE-2017-4130
	REJECTED
CVE-2017-4129
	REJECTED
CVE-2017-4128
	REJECTED
CVE-2017-4127
	REJECTED
CVE-2017-4126
	REJECTED
CVE-2017-4125
	REJECTED
CVE-2017-4124
	REJECTED
CVE-2017-4123
	REJECTED
CVE-2017-4122
	REJECTED
CVE-2017-4121
	REJECTED
CVE-2017-4120
	REJECTED
CVE-2017-4119
	REJECTED
CVE-2017-4118
	REJECTED
CVE-2017-4117
	REJECTED
CVE-2017-4116
	REJECTED
CVE-2017-4115
	REJECTED
CVE-2017-4114
	REJECTED
CVE-2017-4113
	REJECTED
CVE-2017-4112
	REJECTED
CVE-2017-4111
	REJECTED
CVE-2017-4110
	REJECTED
CVE-2017-4109
	REJECTED
CVE-2017-4108
	REJECTED
CVE-2017-4107
	REJECTED
CVE-2017-4106
	REJECTED
CVE-2017-4105
	REJECTED
CVE-2017-4104
	REJECTED
CVE-2017-4103
	REJECTED
CVE-2017-4102
	REJECTED
CVE-2017-4101
	REJECTED
CVE-2017-4100
	REJECTED
CVE-2017-4099
	REJECTED
CVE-2017-4098
	REJECTED
CVE-2017-4097
	REJECTED
CVE-2017-4096
	REJECTED
CVE-2017-4095
	REJECTED
CVE-2017-4094
	REJECTED
CVE-2017-4093
	REJECTED
CVE-2017-4092
	REJECTED
CVE-2017-4091
	REJECTED
CVE-2017-4090
	REJECTED
CVE-2017-4089
	REJECTED
CVE-2017-4088
	REJECTED
CVE-2017-4087
	REJECTED
CVE-2017-4086
	REJECTED
CVE-2017-4085
	REJECTED
CVE-2017-4084
	REJECTED
CVE-2017-4083
	REJECTED
CVE-2017-4082
	REJECTED
CVE-2017-4081
	REJECTED
CVE-2017-4080
	REJECTED
CVE-2017-4079
	REJECTED
CVE-2017-4078
	REJECTED
CVE-2017-4077
	REJECTED
CVE-2017-4076
	REJECTED
CVE-2017-4075
	REJECTED
CVE-2017-4074
	REJECTED
CVE-2017-4073
	REJECTED
CVE-2017-4072
	REJECTED
CVE-2017-4071
	REJECTED
CVE-2017-4070
	REJECTED
CVE-2017-4069
	REJECTED
CVE-2017-4068
	REJECTED
CVE-2017-4067
	REJECTED
CVE-2017-4066
	REJECTED
CVE-2017-4065
	REJECTED
CVE-2017-4064
	REJECTED
CVE-2017-4063
	REJECTED
CVE-2017-4062
	REJECTED
CVE-2017-4061
	REJECTED
CVE-2017-4060
	REJECTED
CVE-2017-4059
	REJECTED
CVE-2017-4058
	REJECTED
CVE-2017-4057 (Privilege Escalation vulnerability in the web interface in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2017-4056
	REJECTED
CVE-2017-4055 (Exploitation of Authentication vulnerability in the web interface in ...)
	NOT-FOR-US: McAfee
CVE-2017-4054 (Command Injection vulnerability in the web interface in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2017-4053 (Command Injection vulnerability in the web interface in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2017-4052 (Authentication Bypass vulnerability in the web interface in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2017-4051
	RESERVED
CVE-2017-4050
	RESERVED
CVE-2017-4049
	REJECTED
CVE-2017-4048
	REJECTED
CVE-2017-4047
	REJECTED
CVE-2017-4046
	REJECTED
CVE-2017-4045
	REJECTED
CVE-2017-4044
	REJECTED
CVE-2017-4043
	REJECTED
CVE-2017-4042
	REJECTED
CVE-2017-4041
	REJECTED
CVE-2017-4040
	REJECTED
CVE-2017-4039
	REJECTED
CVE-2017-4038
	REJECTED
CVE-2017-4037
	REJECTED
CVE-2017-4036
	RESERVED
CVE-2017-4035
	REJECTED
CVE-2017-4034
	REJECTED
CVE-2017-4033
	REJECTED
CVE-2017-4032
	REJECTED
CVE-2017-4031
	REJECTED
CVE-2017-4030
	REJECTED
CVE-2017-4029
	REJECTED
CVE-2017-4028 (Maliciously misconfigured registry vulnerability in all Microsoft ...)
	NOT-FOR-US: MacAfee
CVE-2017-4027
	REJECTED
CVE-2017-4026
	REJECTED
CVE-2017-4025
	REJECTED
CVE-2017-4024
	REJECTED
CVE-2017-4023
	REJECTED
CVE-2017-4022
	REJECTED
CVE-2017-4021
	REJECTED
CVE-2017-4020
	REJECTED
CVE-2017-4019
	REJECTED
CVE-2017-4018
	REJECTED
CVE-2017-4017 (User Name Disclosure in the server in McAfee Network Data Loss ...)
	NOT-FOR-US: McAfee
CVE-2017-4016 (Web Server method disclosure in the server in McAfee Network Data Loss ...)
	NOT-FOR-US: McAfee
CVE-2017-4015 (Clickjacking vulnerability in the server in McAfee Network Data Loss ...)
	NOT-FOR-US: McAfee
CVE-2017-4014 (Session Side jacking vulnerability in the server in McAfee Network ...)
	NOT-FOR-US: McAfee
CVE-2017-4013 (Banner Disclosure in the server in McAfee Network Data Loss Prevention ...)
	NOT-FOR-US: McAfee
CVE-2017-4012 (Privilege Escalation vulnerability in the server in McAfee Network ...)
	NOT-FOR-US: McAfee
CVE-2017-4011 (Embedding Script (XSS) in HTTP Headers vulnerability in the server in ...)
	NOT-FOR-US: McAfee
CVE-2017-4010
	REJECTED
CVE-2017-4009
	REJECTED
CVE-2017-4008
	REJECTED
CVE-2017-4007
	REJECTED
CVE-2017-4006
	REJECTED
CVE-2017-4005
	REJECTED
CVE-2017-4004
	REJECTED
CVE-2017-4003
	REJECTED
CVE-2017-4002
	REJECTED
CVE-2017-4001
	REJECTED
CVE-2017-4000
	REJECTED
CVE-2017-3999
	REJECTED
CVE-2017-3998
	REJECTED
CVE-2017-3997
	REJECTED
CVE-2017-3996
	RESERVED
CVE-2017-3995
	REJECTED
CVE-2017-3994
	REJECTED
CVE-2017-3993
	REJECTED
CVE-2017-3992
	REJECTED
CVE-2017-3991
	REJECTED
CVE-2017-3990
	REJECTED
CVE-2017-3989
	RESERVED
CVE-2017-3988
	RESERVED
CVE-2017-3987
	REJECTED
CVE-2017-3986
	REJECTED
CVE-2017-3985
	REJECTED
CVE-2017-3984
	REJECTED
CVE-2017-3983
	REJECTED
CVE-2017-3982
	REJECTED
CVE-2017-3981
	REJECTED
CVE-2017-3980 (A directory traversal vulnerability in the ePO Extension in McAfee ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2017-3979
	REJECTED
CVE-2017-3978
	REJECTED
CVE-2017-3977
	REJECTED
CVE-2017-3976
	REJECTED
CVE-2017-3975
	REJECTED
CVE-2017-3974
	REJECTED
CVE-2017-3973
	REJECTED
CVE-2017-3972 (Infrastructure-based foot printing vulnerability in the web interface ...)
	NOT-FOR-US: McAfee
CVE-2017-3971 (Cryptanalysis vulnerability in the web interface in McAfee Network ...)
	NOT-FOR-US: McAfee
CVE-2017-3970
	RESERVED
CVE-2017-3969 (Abuse of communication channels vulnerability in the server in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2017-3968
	RESERVED
CVE-2017-3967 (Target influence via framing vulnerability in the web interface in ...)
	NOT-FOR-US: McAfee
CVE-2017-3966 (Exploitation of session variables, resource IDs and other trusted ...)
	NOT-FOR-US: McAfee
CVE-2017-3965 (Cross-Site Request Forgery (CSRF) (aka Session Riding) vulnerability ...)
	NOT-FOR-US: McAfee
CVE-2017-3964 (Reflective Cross-Site Scripting (XSS) vulnerability in the web ...)
	NOT-FOR-US: McAfee
CVE-2017-3963
	REJECTED
CVE-2017-3962
	RESERVED
CVE-2017-3961
	RESERVED
CVE-2017-3960
	RESERVED
CVE-2017-3959
	REJECTED
CVE-2017-3958
	REJECTED
CVE-2017-3957
	REJECTED
CVE-2017-3956
	REJECTED
CVE-2017-3955
	REJECTED
CVE-2017-3954
	REJECTED
CVE-2017-3953
	REJECTED
CVE-2017-3952
	REJECTED
CVE-2017-3951
	REJECTED
CVE-2017-3950
	REJECTED
CVE-2017-3949
	REJECTED
CVE-2017-3948 (Cross Site Scripting (XSS) in IMG Tags in the ePO extension in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2017-3947
	REJECTED
CVE-2017-3946
	REJECTED
CVE-2017-3945
	REJECTED
CVE-2017-3944
	REJECTED
CVE-2017-3943
	REJECTED
CVE-2017-3942
	REJECTED
CVE-2017-3941
	REJECTED
CVE-2017-3940
	REJECTED
CVE-2017-3939
	REJECTED
CVE-2017-3938
	REJECTED
CVE-2017-3937
	RESERVED
CVE-2017-3936
	RESERVED
CVE-2017-3935 (Network Data Loss Prevention is vulnerable to MIME type sniffing which ...)
	NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3934 (Missing HTTP Strict Transport Security state information vulnerability ...)
	NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3933 (Embedding Script (XSS) in HTTP Headers vulnerability in McAfee Network ...)
	NOT-FOR-US: McAfee Network Data Loss Prevention
CVE-2017-3932
	RESERVED
CVE-2017-3931
	REJECTED
CVE-2017-3930
	REJECTED
CVE-2017-3929
	REJECTED
CVE-2017-3928
	RESERVED
CVE-2017-3927
	RESERVED
CVE-2017-3926
	RESERVED
CVE-2017-3925
	RESERVED
CVE-2017-3924
	RESERVED
CVE-2017-3923
	RESERVED
CVE-2017-3922
	RESERVED
CVE-2017-3921
	RESERVED
CVE-2017-3920
	RESERVED
CVE-2017-3919
	RESERVED
CVE-2017-3918
	RESERVED
CVE-2017-3917
	RESERVED
CVE-2017-3916
	RESERVED
CVE-2017-3915
	RESERVED
CVE-2017-3914
	RESERVED
CVE-2017-3913
	RESERVED
CVE-2017-3912
	RESERVED
CVE-2017-3911
	RESERVED
CVE-2017-3910
	RESERVED
CVE-2017-3909
	RESERVED
CVE-2017-3908
	RESERVED
CVE-2017-3907
	RESERVED
CVE-2017-3906
	RESERVED
CVE-2017-3905
	RESERVED
CVE-2017-3904
	RESERVED
CVE-2017-3903
	RESERVED
CVE-2017-3902 (Cross-site scripting (XSS) vulnerability in the Web user interface ...)
	NOT-FOR-US: Intel Security ePO
CVE-2017-3901
	RESERVED
CVE-2017-3900
	RESERVED
CVE-2017-3899 (SQL injection vulnerability in Intel Security Advanced Threat Defense ...)
	NOT-FOR-US: Intel antivirus
CVE-2017-3898 (A man-in-the-middle attack vulnerability in the non-certificate-based ...)
	NOT-FOR-US: McAfee
CVE-2017-3897 (A Code Injection vulnerability in the non-certificate-based ...)
	NOT-FOR-US: McAfee
CVE-2017-3896 (Unvalidated parameter vulnerability in the remote log viewing ...)
	NOT-FOR-US: Intel McAfee
CVE-2017-3895
	REJECTED
CVE-2016-10087 (The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before ...)
	- libpng1.6 1.6.27-1 (bug #849799)
	- libpng <removed>
	[jessie] - libpng 1.2.50-2+deb8u3
	[wheezy] - libpng <no-dsa> (Minor issue)
	NOTE: Fixed in 1.0.67, 1.2.57, 1.4.20, 1.5.28, 1.6.27
	NOTE: https://sourceforge.net/p/libpng/code/ci/243d4e5f3fe71740d52a53cf3dd77cc83a3430ba
	NOTE: https://sourceforge.net/p/libpng/code/ci/812768d7a9c973452222d454634496b25ed415eb (libpng16)
	NOTE: https://sourceforge.net/p/libpng/code/ci/794a15fad6add4d636369d0b46f603a02995b2e2/ (libpng12)
CVE-2016-10075 (The tqdm._version module in tqdm versions 4.4.1 and 4.10 allows local ...)
	- tqdm 4.11.2-1 (bug #849632)
	NOTE: https://github.com/tqdm/tqdm/issues/328
CVE-2016-10074 (The mail transport (aka Swift_Transport_MailTransport) in Swift Mailer ...)
	{DSA-3769-1 DLA-792-1}
	- libphp-swiftmailer 5.4.2-1.1 (bug #849626)
	NOTE: https://legalhackers.com/advisories/SwiftMailer-Exploit-Remote-Code-Exec-CVE-2016-10074-Vuln.html
	NOTE: https://github.com/swiftmailer/swiftmailer/issues/844
	NOTE: Fixed by https://github.com/swiftmailer/swiftmailer/commit/e6ccf40d856af9598b76eb313b215eed25ae9e86
CVE-2016-10073 (The from method in library/core/class.email.php in Vanilla Forums ...)
	NOT-FOR-US: Vanilla Forums
CVE-2016-10072 (** DISPUTED ** WampServer 3.0.6 has two files called 'wampmanager.exe' ...)
	NOT-FOR-US: WampServer
CVE-2016-10044 (The aio_mount function in fs/aio.c in the Linux kernel before 4.7.7 ...)
	- linux 4.7.8-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux <no-dsa> (Changes required are too invasive)
CVE-2016-10043 (An issue was discovered in Radisys MRF Web Panel (SWMS) 9.0.1. The ...)
	NOT-FOR-US: Radisys MRF Web Panel
CVE-2016-10042 (Authorization Bypass in the Web interface of Arcadyan SLT-00 Star* (aka ...)
	NOT-FOR-US: Arcadyan SLT-00 Star* devices
CVE-2016-10041 (An issue was discovered in Sprecher Automation SPRECON-E Service ...)
	NOT-FOR-US: Sprecher Automation SPRECON-E Service
CVE-2016-10040 (Stack-based buffer overflow in QXmlSimpleReader in Qt 4.8.5 allows ...)
	- qt4-x11 <unfixed> (bug #851058)
	[stretch] - qt4-x11 <ignored> (Minor issue)
	[jessie] - qt4-x11 <ignored> (Minor issue)
	[wheezy] - qt4-x11 <ignored> (Minor issue)
	- qtbase-opensource-src <unfixed> (bug #850954)
	[stretch] - qtbase-opensource-src <ignored> (Minor issue)
	[jessie] - qtbase-opensource-src <ignored> (Minor issue)
	NOTE: CVE assignment specific to http://www.openwall.com/lists/oss-security/2016/12/24/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/24/1
CVE-2016-10039 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10038 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10037 (Directory traversal in /connectors/index.php in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2016-10036 (Unrestricted file upload vulnerability in ui/artifact/upload in JFrog ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2016-10035
	RESERVED
CVE-2016-10034 (The setFrom function in the Sendmail adapter in the zend-mail ...)
	- zendframework <not-affected> (Vulnerable code not present in ZF1, cf. #850215)
	NOTE: https://framework.zend.com/security/advisory/ZF2016-04
	NOTE: https://github.com/zendframework/zendframework/commit/7c1e89815f5a9c016f4b8088e59b07cb2bf99dc0
	NOTE: http://legalhackers.com/advisories/ZendFramework-Exploit-ZendMail-Remote-Code-Exec-CVE-2016-10034-Vuln.html
CVE-2014-9914 (Race condition in the ip4_datagram_release_cb function in ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
CVE-2016-10045 (The isMail transport in PHPMailer before 5.2.20 might allow remote ...)
	- libphp-phpmailer <not-affected> (Incomplete fix not applied)
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
CVE-2016-10033 (The mailSend function in the isMail transport in PHPMailer before ...)
	{DSA-3750-1 DLA-770-1}
	- libphp-phpmailer 5.2.14+dfsg-2.1 (bug #849365)
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
	NOTE: Fixed by: https://github.com/PHPMailer/PHPMailer/commit/4835657cd639fbd09afd33307cef164edf807cdc#diff-ace81e501931d8763b49f2410cf3094dR1449
	NOTE: Fix potentially incomplete, cf http://www.openwall.com/lists/oss-security/2016/12/28/1
	NOTE: When updating libphp-phpmailer for CVE-2016-10033 make sure to apply the
	NOTE: complete patch to not make libphp-phpmailer affected by CVE-2016-10045.
	NOTE: https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
	NOTE: Needs followup: https://github.com/PHPMailer/PHPMailer/commit/9743ff5c7ee16e8d49187bd2e11149afb9485eae
	NOTE: Another followup: https://github.com/PHPMailer/PHPMailer/commit/833c35fe39715c3d01934508987e97af1fbc1ba0
CVE-2016-10032
	RESERVED
CVE-2016-10031 (** DISPUTED ** WampServer 3.0.6 installs two services called ...)
	NOT-FOR-US: WampServer
CVE-2016-10030 (The _prolog_error function in slurmd/req.c in Slurm before 15.08.13, ...)
	{DLA-921-1}
	- slurm-llnl 16.05.8-1 (bug #850491)
	[jessie] - slurm-llnl 14.03.9-5+deb8u1
	NOTE: https://www.schedmd.com/news.php?id=178
	NOTE: https://github.com/SchedMD/slurm/commit/92362a92fffe60187df61f99ab11c249d44120ee
CVE-2017-3894 (A stored cross site scripting vulnerability in the Management Console ...)
	NOT-FOR-US: BlackBerry
CVE-2017-3893 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, the ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-3892 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-3891 (In BlackBerry QNX Software Development Platform (SDP) 6.6.0, an ...)
	NOT-FOR-US: BlackBerry QNX Software Development Platform (SDP)
CVE-2017-3890 (A reflected cross-site scripting vulnerability in the BlackBerry ...)
	NOT-FOR-US: BlackBerry
CVE-2017-3889 (A vulnerability in the web interface of the Cisco Registered Envelope ...)
	NOT-FOR-US: Cisco
CVE-2017-3888 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3887 (A vulnerability in the detection engine that handles Secure Sockets ...)
	NOT-FOR-US: Cisco
CVE-2017-3886 (A vulnerability in the Cisco Unified Communications Manager web ...)
	NOT-FOR-US: Cisco
CVE-2017-3885 (A vulnerability in the detection engine reassembly of Secure Sockets ...)
	NOT-FOR-US: Cisco
CVE-2017-3884 (A vulnerability in the web interface of Cisco Prime Infrastructure and ...)
	NOT-FOR-US: Cisco
CVE-2017-3883 (A vulnerability in the authentication, authorization, and accounting ...)
	NOT-FOR-US: Cisco
CVE-2017-3882 (A vulnerability in the Universal Plug-and-Play (UPnP) implementation in ...)
	NOT-FOR-US: Cisco
CVE-2017-3881 (A vulnerability in the Cisco Cluster Management Protocol (CMP) ...)
	NOT-FOR-US: Cisco
CVE-2017-3880 (An Authentication Bypass vulnerability in Cisco WebEx Meetings Server ...)
	NOT-FOR-US: Cisco
CVE-2017-3879 (A Denial of Service vulnerability in the remote login functionality for ...)
	NOT-FOR-US: Cisco
CVE-2017-3878 (A Denial of Service vulnerability in the Telnet remote login ...)
	NOT-FOR-US: Cisco
CVE-2017-3877 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-3876 (A vulnerability in the Event Management Service daemon (emsd) of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3875 (An Access-Control Filtering Mechanisms Bypass vulnerability in certain ...)
	NOT-FOR-US: Cisco
CVE-2017-3874 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-3873 (A vulnerability in the Plug-and-Play (PnP) subsystem of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3872 (A cross-site scripting (XSS) filter bypass vulnerability in the ...)
	NOT-FOR-US: Cisco
CVE-2017-3871 (A RADIUS Secret Disclosure vulnerability in the web network management ...)
	NOT-FOR-US: Cisco
CVE-2017-3870 (A vulnerability in the URL filtering feature of Cisco AsyncOS Software ...)
	NOT-FOR-US: Cisco
CVE-2017-3869 (An API Credentials Management vulnerability in the APIs for Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-3868 (A vulnerability in the web-based management interface of Cisco UCS ...)
	NOT-FOR-US: Cisco
CVE-2017-3867 (A vulnerability in the Border Gateway Protocol (BGP) Bidirectional ...)
	NOT-FOR-US: Cisco
CVE-2017-3866 (A vulnerability in the web framework code of Cisco Prime Service ...)
	NOT-FOR-US: Cisco
CVE-2017-3865 (A vulnerability in the IPsec component of Cisco StarOS for Cisco ASR ...)
	NOT-FOR-US: Cisco
CVE-2017-3864 (A vulnerability in the DHCP client implementation of Cisco IOS (12.2, ...)
	NOT-FOR-US: Cisco
CVE-2017-3863 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
	NOT-FOR-US: Cisco
CVE-2017-3862 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
	NOT-FOR-US: Cisco
CVE-2017-3861 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
	NOT-FOR-US: Cisco
CVE-2017-3860 (Multiple vulnerabilities in the EnergyWise module of Cisco IOS (12.2 ...)
	NOT-FOR-US: Cisco
CVE-2017-3859 (A vulnerability in the DHCP code for the Zero Touch Provisioning ...)
	NOT-FOR-US: Cisco
CVE-2017-3858 (A vulnerability in the web framework of Cisco IOS XE Software could ...)
	NOT-FOR-US: Cisco
CVE-2017-3857 (A vulnerability in the Layer 2 Tunneling Protocol (L2TP) parsing ...)
	NOT-FOR-US: Cisco
CVE-2017-3856 (A vulnerability in the web user interface of Cisco IOS XE 3.1 through ...)
	NOT-FOR-US: Cisco
CVE-2017-3855
	RESERVED
CVE-2017-3854 (A vulnerability in the mesh code of Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2017-3853 (A vulnerability in the Data-in-Motion (DMo) process installed with the ...)
	NOT-FOR-US: Cisco
CVE-2017-3852 (A vulnerability in the Cisco application-hosting framework (CAF) ...)
	NOT-FOR-US: Cisco
CVE-2017-3851 (A Directory Traversal vulnerability in the web framework code of the ...)
	NOT-FOR-US: Cisco
CVE-2017-3850 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
	NOT-FOR-US: Cisco
CVE-2017-3849 (A vulnerability in the Autonomic Networking Infrastructure (ANI) ...)
	NOT-FOR-US: Cisco
CVE-2017-3848 (A vulnerability in the HTTP web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3847 (A vulnerability in the web framework of Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2017-3846 (A vulnerability in the Client Manager Server of Cisco Workload ...)
	NOT-FOR-US: Cisco
CVE-2017-3845 (A vulnerability in the web-based management interface of Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-3844 (A vulnerability in exporting functions of the user interface for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3843 (A vulnerability in the file download functions for Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2017-3842 (A vulnerability in the web-based management interface of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3841 (A vulnerability in the web interface of the Cisco Secure Access Control ...)
	NOT-FOR-US: Cisco
CVE-2017-3840 (A vulnerability in the web interface of the Cisco Secure Access Control ...)
	NOT-FOR-US: Cisco
CVE-2017-3839 (An XML External Entity vulnerability in the web-based user interface of ...)
	NOT-FOR-US: Cisco
CVE-2017-3838 (A vulnerability in Cisco Secure Access Control System (ACS) could allow ...)
	NOT-FOR-US: Cisco
CVE-2017-3837 (An HTTP Packet Processing vulnerability in the Web Bridge interface of ...)
	NOT-FOR-US: Cisco
CVE-2017-3836 (A vulnerability in the web framework Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-3835 (A vulnerability in the sponsor portal of Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco
CVE-2017-3834 (A vulnerability in Cisco Aironet 1830 Series and Cisco Aironet 1850 ...)
	NOT-FOR-US: Cisco
CVE-2017-3833 (A vulnerability in the web framework of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2017-3832 (A vulnerability in the web management interface of Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2017-3831 (A vulnerability in the web-based GUI of Cisco Mobility Express 1800 ...)
	NOT-FOR-US: Cisco
CVE-2017-3830 (A vulnerability in an internal API of the Cisco Meeting Server (CMS) ...)
	NOT-FOR-US: Cisco
CVE-2017-3829 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3828 (A vulnerability in the web-based management interface of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3827 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...)
	NOT-FOR-US: Cisco
CVE-2017-3826 (A vulnerability in the Stream Control Transmission Protocol (SCTP) ...)
	NOT-FOR-US: Cisco
CVE-2017-3825 (A vulnerability in the ICMP ingress packet processing of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3824 (A vulnerability in the handling of list headers in Cisco cBR Series ...)
	NOT-FOR-US: Cisco
CVE-2017-3823 (An issue was discovered in the Cisco WebEx Extension before 1.0.7 on ...)
	NOT-FOR-US: Cisco
CVE-2017-3822 (A vulnerability in the logging subsystem of the Cisco Firepower Threat ...)
	NOT-FOR-US: Cisco Firepower Threat Defense
CVE-2017-3821 (A vulnerability in the serviceability page of Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2017-3820 (A vulnerability in Simple Network Management Protocol (SNMP) functions ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2017-3819 (A privilege escalation vulnerability in the Secure Shell (SSH) ...)
	NOT-FOR-US: Cisco
CVE-2017-3818 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...)
	NOT-FOR-US: Cisco Email Security Appliances
CVE-2017-3817 (A vulnerability in the role-based resource checking functionality of ...)
	NOT-FOR-US: Cisco
CVE-2017-3816
	RESERVED
CVE-2017-3815 (An API Privilege vulnerability in Cisco TelePresence Server Software ...)
	NOT-FOR-US: Cisco
CVE-2017-3814 (A vulnerability in Cisco Firepower System Software could allow an ...)
	NOT-FOR-US: Cisco Firepower System Software
CVE-2017-3813 (A vulnerability in the Start Before Logon (SBL) module of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3812 (A vulnerability in the implementation of Common Industrial Protocol ...)
	NOT-FOR-US: Cisco Industrial Ethernet 2000 Series Switches
CVE-2017-3811 (An XML External Entity vulnerability in Cisco WebEx Meetings Server ...)
	NOT-FOR-US: Cisco
CVE-2017-3810 (A vulnerability in the web framework of Cisco Prime Service Catalog ...)
	NOT-FOR-US: Cisco Prime Service Catalog
CVE-2017-3809 (A vulnerability in the Policy deployment module of the Cisco Firepower ...)
	NOT-FOR-US: Cisco Firepower Management Center
CVE-2017-3808 (A vulnerability in the Session Initiation Protocol (SIP) UDP throttling ...)
	NOT-FOR-US: Cisco
CVE-2017-3807 (A vulnerability in Common Internet Filesystem (CIFS) code in the ...)
	NOT-FOR-US: Cisco
CVE-2017-3806 (A vulnerability in CLI command processing in the Cisco Firepower 4100 ...)
	NOT-FOR-US: Cisco Firepower
CVE-2017-3805 (A vulnerability in the web-based management interface of Cisco IOS and ...)
	NOT-FOR-US: Cisco IOS
CVE-2017-3804 (A vulnerability in Intermediate System-to-Intermediate System (IS-IS) ...)
	NOT-FOR-US: Cisco
CVE-2017-3803 (A vulnerability in the Cisco IOS Software forwarding queue of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2017-3802 (A vulnerability in Cisco Unified Communications Manager could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3801 (A vulnerability in the web-based GUI of Cisco UCS Director 6.0.0.0 and ...)
	NOT-FOR-US: Cisco
CVE-2017-3800 (A vulnerability in the content scanning engine of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco Email Security Appliance
CVE-2017-3799 (A vulnerability in a URL parameter of Cisco WebEx Meeting Center could ...)
	NOT-FOR-US: Cisco
CVE-2017-3798 (A cross-site scripting (XSS) filter bypass vulnerability in the ...)
	NOT-FOR-US: Cisco
CVE-2017-3797 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3796 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3795 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3794 (A vulnerability in Cisco WebEx Meetings Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3793 (A vulnerability in the TCP normalizer of Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2017-3792 (A vulnerability in a proprietary device driver in the kernel of Cisco ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2017-3791 (A vulnerability in the web-based GUI of Cisco Prime Home could allow an ...)
	NOT-FOR-US: Cisco
CVE-2017-3790 (A vulnerability in the received packet parser of Cisco Expressway ...)
	NOT-FOR-US: Cisco Expressway
CVE-2016-5103
	REJECTED
CVE-2016-10027 (Race condition in the XMPP library in Smack before 4.1.9, when the ...)
	- libsmack-java <itp> (bug #640873)
CVE-2016-10023
	REJECTED
CVE-2016-10022
	REJECTED
CVE-2016-10021
	REJECTED
CVE-2016-10020
	REJECTED
CVE-2016-10019
	REJECTED
CVE-2016-10018
	REJECTED
CVE-2016-10017
	REJECTED
CVE-2016-10016
	REJECTED
CVE-2016-10015
	REJECTED
CVE-2016-10014
	REJECTED
CVE-2016-9645 (The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in ...)
	- ikiwiki 3.20161229
	[jessie] - ikiwiki <not-affected> (Incomplete fix for CVE-2016-10026 not applied)
	[wheezy] - ikiwiki <not-affected> (Incomplete fix for CVE-2016-10026 not applied)
	NOTE: https://ikiwiki.info/security/#cve-2016-9645
CVE-2016-10026 (ikiwiki 3.20161219 does not properly check if a revision changes the ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20161219
	NOTE: http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
	NOTE: Fix: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=9cada49ed6ad24556dbe9861ad5b0a9f526167f9
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/7
	NOTE: When fixing this issue make sure to apply the complete correct fix to
	NOTE: not open ikiwiki to be vulnerable for CVE-2016-9645.
CVE-2016-10025 (VMFUNC emulation in Xen 4.6.x through 4.8.x on x86 systems using AMD ...)
	- xen 4.8.0-1
	[jessie] - xen <not-affected> (Vulnerable code introduced later)
	[wheezy] - xen <not-affected> (Vulnerable code introduced later)
	NOTE: https://xenbits.xen.org/xsa/advisory-203.html
CVE-2016-10024 (Xen through 4.8.x allows local x86 PV guest OS kernel administrators ...)
	{DSA-3847-1 DLA-783-1}
	- xen 4.8.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-202.html
CVE-2016-10028 (The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in ...)
	- qemu <unfixed> (bug #849798; unimportant)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg01903.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/1
	NOTE: Marked as unimportant, since 1:2.8+dfsg-2 reverted the support for
	NOTE: virtio gpu (virglrenderer) and opengl, but the affected code is
	NOTE: still present.
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=abd7f08b2353f43274b785db8c7224f082ef4d31 (v2.9.0-rc0)
CVE-2016-10029 (The virtio_gpu_set_scanout function in QEMU (aka Quick Emulator) built ...)
	- qemu 1:2.7+dfsg-1
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=acfc4846508a02cc4c83aa27799fd7 (v2.7.0-rc0)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2fe760554eb3769d70f608a158474f (v2.7.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/2
CVE-2017-3789
	REJECTED
CVE-2017-3788
	REJECTED
CVE-2017-3787
	REJECTED
CVE-2017-3786
	REJECTED
CVE-2017-3785
	REJECTED
CVE-2017-3784
	REJECTED
CVE-2017-3783
	REJECTED
CVE-2017-3782
	REJECTED
CVE-2017-3781
	REJECTED
CVE-2017-3780
	REJECTED
CVE-2017-3779
	REJECTED
CVE-2017-3778
	REJECTED
CVE-2017-3777
	REJECTED
CVE-2017-3776 (Lenovo Help Android mobile app versions earlier than 6.1.2.0327 ...)
	NOT-FOR-US: Lenovo Help Android mobile app
CVE-2017-3775 (Some Lenovo System x server BIOS/UEFI versions, when Secure Boot mode ...)
	NOT-FOR-US: Lenovo
CVE-2017-3774 (A stack overflow vulnerability was discovered within the web ...)
	NOT-FOR-US: IBM
CVE-2017-3773
	REJECTED
CVE-2017-3772
	RESERVED
CVE-2017-3771 (System boot process is not adequately secured In Lenovo E95 and ...)
	NOT-FOR-US: Lenovo
CVE-2017-3770 (Privilege escalation vulnerability in LXCA versions earlier than 1.3.2 ...)
	NOT-FOR-US: Lenovo LXCA
CVE-2017-3769
	RESERVED
CVE-2017-3768 (An unprivileged attacker with connectivity to the IMM2 could cause a ...)
	NOT-FOR-US: IBM System x / IMM2
CVE-2017-3767 (A local privilege escalation vulnerability was identified in the ...)
	NOT-FOR-US: Lenovo
CVE-2017-3766
	RESERVED
CVE-2017-3765 (In Enterprise Networking Operating System (ENOS) in Lenovo and IBM ...)
	NOT-FOR-US: IBM RackSwitch and BladeCenter products
CVE-2017-3764 (A vulnerability was identified in Lenovo XClarity Administrator (LXCA) ...)
	NOT-FOR-US: Lenovo XClarity Administrator
CVE-2017-3763 (An attacker who obtains access to the location where the LXCA file ...)
	NOT-FOR-US: Lenovo LXCA
CVE-2017-3762 (Sensitive data stored by Lenovo Fingerprint Manager Pro, version ...)
	NOT-FOR-US: Lenovo Fingerprint Manager Pro
CVE-2017-3761 (The Lenovo Service Framework Android application executes some system ...)
	NOT-FOR-US: Lenovo
CVE-2017-3760 (The Lenovo Service Framework Android application uses a set of ...)
	NOT-FOR-US: Lenovo
CVE-2017-3759 (The Lenovo Service Framework Android application accepts some ...)
	NOT-FOR-US: Lenovo
CVE-2017-3758 (Improper access controls on several Android components in the Lenovo ...)
	NOT-FOR-US: Lenovo
CVE-2017-3757 (An unquoted service path vulnerability was identified in the driver ...)
	NOT-FOR-US: Lenovo
CVE-2017-3756 (A privilege escalation vulnerability was identified in Lenovo Active ...)
	NOT-FOR-US: Lenovo
CVE-2017-3755
	RESERVED
CVE-2017-3754 (Some Lenovo brand notebook systems do not have write protections ...)
	NOT-FOR-US: Lenovo
CVE-2017-3753 (A vulnerability has been identified in some Lenovo products that use ...)
	NOT-FOR-US: Lenovo
CVE-2017-3752 (An industry-wide vulnerability has been identified in the ...)
	NOT-FOR-US: Lenovo
CVE-2017-3751 (An unquoted service path vulnerability was identified in the driver ...)
	NOT-FOR-US: driver for the ThinkPad Compact USB Keyboard with TrackPoint
CVE-2017-3750 (On Lenovo VIBE mobile phones, the Lenovo Security Android application ...)
	NOT-FOR-US: Lenovo
CVE-2017-3749 (On Lenovo VIBE mobile phones, the Idea Friend Android application ...)
	NOT-FOR-US: Lenovo
CVE-2017-3748 (On Lenovo VIBE mobile phones, improper access controls on the ...)
	NOT-FOR-US: Lenovo
CVE-2017-3747 (Privilege escalation vulnerability in Lenovo Nerve Center for Windows ...)
	NOT-FOR-US: Lenovo
CVE-2017-3746 (ThinkPad USB 3.0 Ethernet Adapter (part number 4X90E51405) driver, ...)
	NOT-FOR-US: Lenovo
CVE-2017-3745 (In Lenovo XClarity Administrator (LXCA) before 1.3.0, if service data ...)
	NOT-FOR-US: Lenovo
CVE-2017-3744 (In the IMM2 firmware of Lenovo System x servers, remote commands ...)
	NOT-FOR-US: Lenovo
CVE-2017-3743 (If multiple users are concurrently logged into a single system where ...)
	NOT-FOR-US: Lenovo
CVE-2017-3742 (In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and ...)
	NOT-FOR-US: Lenovo
CVE-2017-3741 (In the Lenovo Power Management driver before 1.67.12.24, a local user ...)
	NOT-FOR-US: Lenovo
CVE-2017-3740 (In Lenovo Active Protection System before 1.82.0.14, an attacker with ...)
	NOT-FOR-US: Lenovo
CVE-2017-3739
	REJECTED
CVE-2017-3738 (There is an overflow bug in the AVX2 Montgomery multiplication ...)
	{DSA-4065-1}
	- openssl 1.1.0h-1 (low)
	[stretch] - openssl 1.1.0f-3+deb9u2
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	- openssl1.0 1.0.2n-1 (low)
	NOTE: https://www.openssl.org/news/secadv/20171207.txt
	NOTE: OpenSSL_1_1_0-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=e502cc86df9dafded1694fceb3228ee34d11c11a
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=ca51bafc1a88d8b8348f5fd97adc5d6ca93f8e76
CVE-2017-3737 (OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an &quot;error ...)
	{DSA-4065-1}
	- openssl 1.1.0b-2
	[jessie] - openssl <not-affected> (Issue introduced in 1.0.2b)
	[wheezy] - openssl <not-affected> (Issue introduced in 1.0.2b)
	- openssl1.0 1.0.2n-1
	NOTE: Not fully correct tracking, the issue just does not affect OpenSSL 1.1.0
	NOTE: thus mark as fixed in the first 1.1.0 version which entered unstable.
	NOTE: https://www.openssl.org/news/secadv/20171207.txt
	NOTE: OpenSSL_1_0_2-stable: https://git.openssl.org/?p=openssl.git;a=commit;h=898fb884b706aaeb283de4812340bb0bde8476dc
	NOTE: 1.0.2b introduced a hardening mechanism designed to protect against bugs
	NOTE: in application code. This CVE applies to the hardening mechanism being
	NOTE: incomplete. OpenSSL versions older than 1.0.2b don't have the hardening
	NOTE: mechanism at all.
	NOTE: Hardening mechanism introduced in:
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e4f77bf1833245d2b6aa4ce6a16c85e1cdf78589
CVE-2017-3736 (There is a carry propagating bug in the x86_64 Montgomery squaring ...)
	{DSA-4017-1}
	- openssl 1.1.0g-1
	[stretch] - openssl 1.1.0f-3+deb9u1
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	- openssl1.0 1.0.2m-1
	NOTE: https://www.openssl.org/news/secadv/20171102.txt
	NOTE: Fix for 1.0.2: https://git.openssl.org/?p=openssl.git;a=commit;h=38d600147331d36e74174ebbd4008b63188b321b
	NOTE: Fix for 1.1.0: https://git.openssl.org/?p=openssl.git;a=commit;h=4443cf7aa0099e5ce615c18cee249fff77fb0871
CVE-2017-3735 (While parsing an IPAddressFamily extension in an X.509 certificate, it ...)
	{DSA-4018-1 DSA-4017-1 DLA-1157-1}
	- openssl 1.1.0g-1
	- openssl1.0 1.0.2m-1
	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=31c8b265591a0aaa462a1f3eb5770661aaac67db
	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=068b963bb7afc57f5bdd723de0dd15e7795d5822
CVE-2017-3734
	REJECTED
CVE-2017-3733 (During a renegotiation handshake if the Encrypt-Then-Mac extension is ...)
	- openssl 1.1.0e-1
	[jessie] - openssl <not-affected> (Only affects 1.1)
	[wheezy] - openssl <not-affected> (Only affects 1.1)
	- openssl1.0 <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20170216.txt
CVE-2017-3732 (There is a carry propagating bug in the x86_64 Montgomery squaring ...)
	- openssl 1.1.0d-1
	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	- openssl1.0 1.0.2k-1
	NOTE: https://www.openssl.org/news/secadv/20170126.txt
CVE-2017-3731 (If an SSL/TLS server or client is running on a 32-bit host, and a ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.1.0d-1
	- openssl1.0 1.0.2k-1
	NOTE: https://www.openssl.org/news/secadv/20170126.txt
	NOTE: Fix for 1.0.2: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=51d009043670a627d6abe66894126851cf3690e9
	NOTE: Fix for 1.1.0: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f3a7e57c92b2c9b87dc4b2997f2ebda6781300d0
	NOTE: and https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=00d965474b22b54e4275232bc71ee0c699c5cd21
CVE-2017-3730 (In OpenSSL 1.1.0 before 1.1.0d, if a malicious server supplies bad ...)
	- openssl 1.1.0d-1
	[jessie] - openssl <not-affected> (Only affects OpenSSL 1.1)
	[wheezy] - openssl <not-affected> (Only affects OpenSSL 1.1)
	- openssl1.0 <not-affected> (Only affects OpenSSL 1.1)
	NOTE: https://www.openssl.org/news/secadv/20170126.txt
CVE-2016-9999
	RESERVED
CVE-2016-9996
	REJECTED
CVE-2016-9995
	REJECTED
CVE-2016-9994 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2016-9993 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2016-9992 (IBM Kenexa LCMS Premier on Cloud 9.0, and 10.0.0 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2016-9991 (IBM Sterling Order Management 9.2 through 9.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9990 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-9989 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2016-9988 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2016-9987 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2016-9986 (IBM Jazz Foundation Reporting Service (JRS) 5.0 and 6.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2016-9985 (IBM Cognos Server 10.1.1 and 10.2 stores highly sensitive information ...)
	NOT-FOR-US: IBM
CVE-2016-9984 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-9983 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-9982 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-9981 (IBM AppScan Enterprise Edition 9.0 contains an unspecified ...)
	NOT-FOR-US: IBM
CVE-2016-9980 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9979 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9978 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-9977 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-9976 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-9975 (IBM Jazz for Service Management 1.1.2.1 and 1.1.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9974
	RESERVED
CVE-2016-9973 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-9972 (IBM QRadar 7.2 and 7.3 could allow a remote attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-9971
	RESERVED
CVE-2016-9970
	RESERVED
CVE-2016-9969
	RESERVED
CVE-2016-9968
	RESERVED
CVE-2016-9967 (Lack of appropriate exception handling in some receivers of the Telecom ...)
	NOT-FOR-US: Samsung
CVE-2016-9966 (Lack of appropriate exception handling in some receivers of the Telecom ...)
	NOT-FOR-US: Samsung
CVE-2016-9965 (Lack of appropriate exception handling in some receivers of the Telecom ...)
	NOT-FOR-US: Samsung
CVE-2016-9962 (RunC allowed additional container processes via 'runc exec' to be ...)
	- docker.io 1.13.1~ds1-2 (bug #850952)
	- runc 0.1.1+dfsg1-2 (bug #850951)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=1012568
	NOTE: https://github.com/docker/docker/compare/v1.12.5...v1.12.6
	NOTE: https://github.com/opencontainers/runc/commit/50a19c6ff828c58e5dab13830bd3dacde268afe5
CVE-2016-9954 (The backtrack compilation code in the Irregex package (aka IrRegular ...)
	- chicken 4.12.0-0.2 (low; bug #851278)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/18
	NOTE: https://github.com/ashinn/irregex/commit/a16ffc86eca15fca9e40607d41de3cea9cf868f1
	NOTE: For chicken vulnerable code in ./irregex-core.scm
CVE-2016-9953 (The verify_certificate function in lib/vtls/schannel.c in libcurl ...)
	- curl <not-affected> (Windows CE specific issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221C.html
CVE-2016-9952 (The verify_certificate function in lib/vtls/schannel.c in libcurl ...)
	- curl <not-affected> (Windows CE specific issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221B.html
CVE-2016-10008 (SQL injection vulnerability in the &quot;Content Types &gt; Content Types&quot; ...)
	NOT-FOR-US: dotCMS
CVE-2016-10007 (SQL injection vulnerability in the &quot;Marketing &gt; Forms&quot; screen in ...)
	NOT-FOR-US: dotCMS
CVE-2016-10006 (In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input ...)
	NOT-FOR-US: OWASP AntiSamy
CVE-2016-10005 (Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2016-10004
	RESERVED
CVE-2016-10001
	RESERVED
CVE-2016-10000
	RESERVED
CVE-2016-10013 (Xen through 4.8.x allows local 64-bit x86 HVM guest OS users to gain ...)
	{DSA-3847-1 DLA-783-1}
	- xen 4.8.0-1 (bug #848713)
	NOTE: https://xenbits.xen.org/xsa/advisory-204.html
CVE-2016-10012 (The shared memory manager (associated with pre-authentication ...)
	- openssh 1:7.4p1-1 (low; bug #848717)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.c.diff?r1=1.165&r2=1.166
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/monitor.h.diff?r1=1.19&r2=1.20
CVE-2016-10011 (authfile.c in sshd in OpenSSH before 7.4 does not properly consider ...)
	- openssh 1:7.4p1-1 (low; bug #848716)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/authfile.c.diff?r1=1.121&r2=1.122
CVE-2016-10010 (sshd in OpenSSH before 7.4, when privilege separation is not used, ...)
	- openssh 1:7.4p1-1 (unimportant; bug #848715)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/serverloop.c.diff?r1=1.188&r2=1.189
	NOTE: Privilege separation is enabled in the Debian package
CVE-2016-10009 (Untrusted search path vulnerability in ssh-agent.c in ssh-agent in ...)
	- openssh 1:7.4p1-1 (low; bug #848714)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: Fixed in upstream 7.4: https://www.openssh.com/txt/release-7.4
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-agent.c.diff?r1=1.214&r2=1.215
CVE-2016-9998 (SPIP 3.1.x suffer from a Reflected Cross Site Scripting Vulnerability ...)
	{DLA-760-1}
	- spip 3.1.4-2 (bug #848641)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2016-9997 (SPIP 3.1.x suffers from a Reflected Cross Site Scripting Vulnerability ...)
	{DLA-760-1}
	- spip 3.1.4-2 (bug #848641)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23288
CVE-2015-8980 [Arbitrary code execution in select_string, ngettext and npgettext count parameter]
	RESERVED
	- php-gettext 1.0.12-0.1 (bug #851770)
	[jessie] - php-gettext <no-dsa> (Minor issue)
	[wheezy] - php-gettext <no-dsa> (Minor issue)
	- phpmyadmin 4:4.6.6-1 (unimportant)
	NOTE: For phpmyadmin, unimportant, since embeds lib but does not use in exploitable way
	NOTE: http://seclists.org/fulldisclosure/2016/Aug/76
	NOTE: Upstream patch: https://bazaar.launchpad.net/~danilo/php-gettext/trunk/revision/61
CVE-2015-8979 (Stack-based buffer overflow in the parsePresentationContext function ...)
	{DSA-3749-1 DLA-755-1}
	- dcmtk 3.6.1~20160216-2 (bug #848830)
	NOTE: 3.6.1~20160216-2 is the first version in unstable containing the fix
	NOTE: http://zeroscience.mk/en/vulnerabilities/ZSL-2016-5384.php
	NOTE: Fixed by: https://github.com/commontk/DCMTK/commit/1b6bb76
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/2
CVE-2016-10003 (Incorrect HTTP Request header comparison in Squid HTTP Proxy 3.5.0.1 ...)
	- squid3 3.5.23-1 (bug #848491)
	[jessie] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
	[wheezy] - squid3 <not-affected> (Does not affect Squid versions before 3.5.0.1)
	NOTE: Marked as not-affected, vulnerable vulnerability not present due to
	NOTE: the collapsed_forwarding directive beeing added in 3.5.0.1 only
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_10.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14956.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch (for squid-3.5 excluding 3.5.22)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14127.patch (for squid 3.5.22 only)
	NOTE: Vulnerable Squid Versions:
	NOTE: 3.5.0.1 up to and including 3.5.22
	NOTE: 4.0.1 up to and including 4.0.16
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-10002 (Incorrect processing of responses to If-None-Modified HTTP conditional ...)
	{DSA-3745-1 DLA-763-1}
	- squid3 3.5.23-1 (bug #848493)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_11.txt
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4169
	NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_11.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/SQUID-2016_11.patch
	NOTE: Vulnerable squid versions:
	NOTE: 3.1.10 up to and including 3.1.23
	NOTE: 3.2.0.3 up to and including 3.5.22
	NOTE: 4.0.1 up to and including 4.0.16
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/17/1
CVE-2016-582384
	REJECTED
CVE-2016-9964 (redirect() in bottle.py in bottle 0.12.10 doesn't filter a &quot;\r\n&quot; ...)
	{DSA-3743-1 DLA-761-1}
	- python-bottle 0.12.11-1 (bug #848392)
	NOTE: Upstream bug: https://github.com/bottlepy/bottle/issues/913
	NOTE: Upstream patch: https://github.com/bottlepy/bottle/commit/6d7e13da0f998820800ecb3fe9ccee4189aefb54
CVE-2016-9963 (Exim before 4.87.1 might allow remote attackers to obtain the private ...)
	{DSA-3747-1 DLA-762-1}
	- exim4 4.88~RC6-2
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1996
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/16/1
	NOTE: https://exim.org/static/doc/CVE-2016-9963.txt
CVE-2016-9961 (game-music-emu before 0.6.1 mishandles unspecified integer values. ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9960 (game-music-emu before 0.6.1 allows local users to cause a denial of ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9959 (game-music-emu before 0.6.1 allows remote attackers to generate out of ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9958 (game-music-emu before 0.6.1 allows remote attackers to write to ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9957 (Stack-based buffer overflow in game-music-emu before 0.6.1. ...)
	{DSA-3735-1 DLA-750-1}
	- game-music-emu 0.6.0-4 (bug #848071)
	NOTE: http://scarybeastsecurity.blogspot.de/2016/12/redux-compromising-linux-using-snes.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/1
CVE-2016-9956 (The route manager in FlightGear before 2016.4.4 allows remote ...)
	{DSA-3742-1}
	- flightgear 1:2016.4.3+dfsg-1 (bug #848114)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/11
CVE-2016-9951 (An issue was discovered in Apport before 2.20.4. A malicious Apport ...)
	[experimental] - apport 2.20.4-1 (bug #848213)
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, as we have an explicit (bug) reference for apport
	NOTE: https://bugs.launchpad.net/apport/+bug/1648806
	NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/
CVE-2016-9950 (An issue was discovered in Apport before 2.20.4. There is a path ...)
	[experimental] - apport 2.20.4-1 (bug #848213)
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, as we have an explicit (bug) reference for apport
	NOTE: https://bugs.launchpad.net/apport/+bug/1648806
	NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/
CVE-2016-9949 (An issue was discovered in Apport before 2.20.4. In apport/ui.py, ...)
	[experimental] - apport 2.20.4-1 (bug #848213)
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, as we have an explicit (bug) reference for apport
	NOTE: https://bugs.launchpad.net/apport/+bug/1648806
	NOTE: https://donncha.is/2016/12/compromising-ubuntu-desktop/
CVE-2016-9948
	RESERVED
CVE-2016-9947
	RESERVED
CVE-2016-9946
	RESERVED
CVE-2016-9945
	RESERVED
CVE-2016-9944
	RESERVED
CVE-2016-9943
	RESERVED
CVE-2016-9942 (Heap-based buffer overflow in ultra.c in LibVNCClient in LibVNCServer ...)
	{DSA-3753-1 DLA-777-1}
	- libvncserver 0.9.11+dfsg-1 (bug #850008)
	NOTE: https://github.com/LibVNC/libvncserver/pull/137
	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5fff4353f66427b467eb29e5fdc1da4f2be028bb
CVE-2016-9941 (Heap-based buffer overflow in rfbproto.c in LibVNCClient in ...)
	{DSA-3753-1 DLA-777-1}
	- libvncserver 0.9.11+dfsg-1 (bug #850007)
	NOTE: https://github.com/LibVNC/libvncserver/pull/137
	NOTE: https://github.com/LibVNC/libvncserver/pull/137/commits/5418e8007c248bf9668d22a8c1fa9528149b69f2
CVE-2016-9940
	RESERVED
CVE-2016-9955 (The SimpleSAML_XML_Validator class constructor in SimpleSAMLphp before ...)
	{DLA-1298-1}
	- simplesamlphp 1.14.11-1 (low)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201612-02
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/a2326d75dd14accaac162dd2cb30aaefcc1f9205
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/14/7
CVE-2016-9939 (Crypto++ (aka cryptopp and libcrypto++) 5.6.4 contained a bug in its ...)
	{DSA-3748-1 DLA-766-1}
	- libcrypto++ 5.6.4-5 (bug #848009)
	NOTE: https://github.com/weidai11/cryptopp/issues/346
CVE-2016-9932 (CMPXCHG8B emulation in Xen 3.3.x through 4.7.x on x86 systems allows ...)
	{DSA-3847-1 DLA-964-1}
	- xen 4.8.0~rc3-1 (bug #848081)
	NOTE: https://xenbits.xen.org/xsa/advisory-200.html
CVE-2016-9931
	RESERVED
CVE-2016-9930
	RESERVED
CVE-2016-9929
	RESERVED
CVE-2016-9927
	RESERVED
CVE-2016-9926
	RESERVED
CVE-2016-9925
	RESERVED
CVE-2016-9924 (Zimbra Collaboration Suite (ZCS) before 8.7.4 allows remote attackers ...)
	NOT-FOR-US: Zimbra
CVE-2016-9936 (The unserialize implementation in ext/standard/var.c in PHP 7.x before ...)
	- php7.0 7.0.14-1
	NOTE: Fixed in PHP 7.0.14 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72978
	NOTE: Fixed by: https://github.com/php/php-src/commit/b2af4e8868726a040234de113436c6e4f6372d17
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9935 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
	{DSA-3737-1 DLA-818-1}
	- php7.0 7.0.14-1
	- php5 <removed>
	NOTE: Fixed in PHP 5.6.29 and 7.0.14
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73631
	NOTE: Fixed by: https://github.com/php/php-src/commit/66fd44209d5ffcb9b3d1bc1b9fd8e35b485040c0
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9934 (ext/wddx/wddx.c in PHP before 5.6.28 and 7.x before 7.0.13 allows ...)
	{DSA-3732-1 DLA-818-1}
	- php7.0 7.0.13-1
	- php5 <removed>
	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73331
	NOTE: Fixed by: https://github.com/php/php-src/commit/6045de69c7dedcba3eadf7c4bba424b19c81d00d
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9933 (Stack consumption vulnerability in the gdImageFillToBorder function in ...)
	{DSA-3751-1 DSA-3732-1 DLA-758-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #849038)
	NOTE: This problem could be seen as a programmer fault but the fix is easy and
	NOTE: the effect is rather dramatic so it should be fixed anyway.
	NOTE: https://github.com/libgd/libgd/commit/77f619d48259383628c3ec4654b1ad578e9eb40e (gd-2.2.2)
	NOTE: Scope of CVE is only the missing "color < 0" test in older versions.
	NOTE: GD release info: https://libgd.github.io/release-2.2.2.html
	- php7.0 7.0.13-1 (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Fixed in PHP 5.6.28, 7.0.13 and 7.1.0
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72696
	NOTE: Fixed by: https://github.com/php/php-src/commit/863d37ea66d5c960db08d6f4a2cbd2518f0f80d1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/12/2
CVE-2016-9937 (An issue was discovered in Asterisk Open Source 13.12.x and 13.13.x ...)
	- asterisk <not-affected> (Introduced in 13.12.0 but fixed with first version to unstable based on 13.12.1)
	NOTE: Vulnerability introduced in 13.12.0, but the first upload to unstable
	NOTE: versioned as 1:13.12.1~dfsg-1 via opus.patch removed the offending
	NOTE: function. Thus Debian was never vulnerable.
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-008.html
	NOTE: Cf. https://bugs.debian.org/847666
CVE-2016-9938 (An issue was discovered in Asterisk Open Source 11.x before 11.25.1, ...)
	- asterisk 1:13.13.1~dfsg-1 (bug #847668)
	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u2
	[wheezy] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-009.html
	NOTE: Only applicable if a proxy is in use.
CVE-2016-9923 (Quick Emulator (Qemu) built with the 'chardev' backend support is ...)
	- qemu 1:2.8+dfsg-1 (bug #847957)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05597.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a4afa548fc6dd9842ed86639b4d37d4d1c4ad480 (v2.8.0-rc0)
CVE-2016-9922 (The cirrus_do_copy function in hw/display/cirrus_vga.c in QEMU (aka ...)
	{DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847960)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
	NOTE: CVE for the "blit pitch values" issue.
	NOTE: Should be fixed along with CVE-2014-8106
CVE-2016-9921 (Quick emulator (Qemu) built with the Cirrus CLGD 54xx VGA Emulator ...)
	{DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847960)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-12/msg00442.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1334398
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4299b90e9ba9ce5ca9024572804ba751aa1a7e70 (v2.8.0-rc3)
	NOTE: CVE for the "'cirrus_get_bpp' returns zero(0), which could lead to a divide by zero" issue.
CVE-2016-9918 (In BlueZ 5.42, an out-of-bounds read was identified in &quot;packet_hexdump&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
CVE-2016-9917 (In BlueZ 5.42, a buffer overflow was observed in &quot;read_n&quot; function in ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9906
	REJECTED
CVE-2016-9905
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox <not-affected> (Only affects Firefox 45 ESR series)
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9905
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9905
CVE-2016-9904
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9904
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9904
CVE-2016-9903
	RESERVED
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9903
CVE-2016-9902
	RESERVED
	{DSA-3734-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9902
CVE-2016-9901
	RESERVED
	{DSA-3734-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9901
CVE-2016-9900
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9900
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9900
CVE-2016-9899
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9899
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9899
CVE-2016-9898
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9898
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9898
CVE-2016-9897
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9897
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9897
CVE-2016-9896
	RESERVED
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9896
CVE-2016-9895
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9895
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9895
CVE-2016-9894
	RESERVED
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9894
CVE-2016-9893
	RESERVED
	{DSA-3757-1 DSA-3734-1 DLA-782-1 DLA-743-1}
	- firefox 50.1.0-1
	- firefox-esr 45.6.0esr-1
	- icedove 1:45.6.0-2
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/#CVE-2016-9893
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/#CVE-2016-9893
CVE-2017-3729
	RESERVED
CVE-2017-3728
	RESERVED
CVE-2017-3727
	RESERVED
CVE-2017-3726
	RESERVED
CVE-2017-3725
	RESERVED
CVE-2017-3724
	RESERVED
CVE-2017-3723
	RESERVED
CVE-2017-3722
	RESERVED
CVE-2017-3721
	RESERVED
CVE-2017-3720
	RESERVED
CVE-2017-3719
	RESERVED
CVE-2017-3718
	RESERVED
CVE-2017-3717
	RESERVED
CVE-2017-3716
	RESERVED
CVE-2017-3715
	RESERVED
CVE-2017-3714
	RESERVED
CVE-2017-3713
	RESERVED
CVE-2017-3712
	RESERVED
CVE-2017-3711
	RESERVED
CVE-2017-3710
	RESERVED
CVE-2017-3709
	RESERVED
CVE-2017-3708
	RESERVED
CVE-2017-3707
	RESERVED
CVE-2017-3706
	RESERVED
CVE-2017-3705
	RESERVED
CVE-2017-3704
	RESERVED
CVE-2017-3703
	RESERVED
CVE-2017-3702
	RESERVED
CVE-2017-3701
	RESERVED
CVE-2017-3700
	RESERVED
CVE-2017-3699
	RESERVED
CVE-2017-3698
	RESERVED
CVE-2017-3697
	RESERVED
CVE-2017-3696
	RESERVED
CVE-2017-3695
	RESERVED
CVE-2017-3694
	RESERVED
CVE-2017-3693
	RESERVED
CVE-2017-3692
	RESERVED
CVE-2017-3691
	RESERVED
CVE-2017-3690
	RESERVED
CVE-2017-3689
	RESERVED
CVE-2017-3688
	RESERVED
CVE-2017-3687
	RESERVED
CVE-2017-3686
	RESERVED
CVE-2017-3685
	RESERVED
CVE-2017-3684
	RESERVED
CVE-2017-3683
	RESERVED
CVE-2017-3682
	RESERVED
CVE-2017-3681
	RESERVED
CVE-2017-3680
	RESERVED
CVE-2017-3679
	RESERVED
CVE-2017-3678
	RESERVED
CVE-2017-3677
	RESERVED
CVE-2017-3676
	RESERVED
CVE-2017-3675
	RESERVED
CVE-2017-3674
	RESERVED
CVE-2017-3673
	RESERVED
CVE-2017-3672
	RESERVED
CVE-2017-3671
	RESERVED
CVE-2017-3670
	RESERVED
CVE-2017-3669
	RESERVED
CVE-2017-3668
	RESERVED
CVE-2017-3667
	RESERVED
CVE-2017-3666
	RESERVED
CVE-2017-3665
	RESERVED
CVE-2017-3664
	RESERVED
CVE-2017-3663
	RESERVED
CVE-2017-3662
	RESERVED
CVE-2017-3661
	RESERVED
CVE-2017-3660
	RESERVED
CVE-2017-3659
	RESERVED
CVE-2017-3658
	RESERVED
CVE-2017-3657
	RESERVED
CVE-2017-3656
	RESERVED
CVE-2017-3655
	RESERVED
CVE-2017-3654
	RESERVED
CVE-2017-3653 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.26-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3652 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3651 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3650 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3649 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3648 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3647 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3646 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3645 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3644 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3643 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3642 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3641 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.26-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3640 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3639 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3638 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3637 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3636 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3955-1 DSA-3944-1 DSA-3922-1 DLA-1043-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.26-1
	- mariadb-10.0 <removed>
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3635 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	{DSA-3922-1 DLA-1043-1}
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <removed> (bug #868788)
CVE-2017-3634 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3633 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3632 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Oracle Solaris
CVE-2017-3631 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3630 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3629 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3628
	RESERVED
CVE-2017-3627
	RESERVED
CVE-2017-3626 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2017-3625 (Vulnerability in the Oracle WebCenter Content component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3624
	RESERVED
CVE-2017-3623 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3622 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3621 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Solaris
CVE-2017-3620 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3619 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3618 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3617 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3616 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3615 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3614 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3613 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3612 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3611 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3610 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3609 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3608 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3607 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3606 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3605 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3604 (Vulnerability in the Data Store component of Oracle Berkeley DB. The ...)
	NOT-FOR-US: Oracle
CVE-2017-3603 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3602 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3601 (Vulnerability in the Oracle API Gateway component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3600 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3834-1 DLA-916-1}
	- mariadb-10.1 <not-affected> (Fixed before initial upload to Debian)
	- mariadb-10.0 10.0.28-1
	[jessie] - mariadb-10.0 10.0.28-0+deb8u1
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
	NOTE: https://blog.tarq.io/cve-2016-5483-backdooring-mysqldump-backups/
	NOTE: Affected according to blogpost: MySQL all versions, MariaDB <= 5.5.52 and < 10.1
	NOTE: Per MariaDB Security fixed with the following three commits:
	NOTE: https://github.com/MariaDB/server/commit/5a43a31ee81bc181eeb5ef2bf0704befa6e0594d
	NOTE: https://github.com/MariaDB/server/commit/01b39b7b0730102b88d8ea43ec719a75e9316a1e
	NOTE: https://github.com/MariaDB/server/commit/383007c75d6ef5043fa5781956a6a02b24e2b79e
CVE-2017-3599 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (ONly affects MySQL 5.6 and 5.7)
CVE-2017-3598 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3597 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3596 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3595 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3594 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3593 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3592 (Vulnerability in the Oracle Payables component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3591 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3590 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	- mysql-connector-python 2.1.6-1 (bug #861511)
	[jessie] - mysql-connector-python <no-dsa> (Minor issue)
	[wheezy] - mysql-connector-python <postponed> (Minor issue, can be fixed along in a future update)
CVE-2017-3589 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	{DSA-3857-1 DLA-945-1}
	- mysql-connector-java 5.1.42-1
CVE-2017-3588 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2017-3587 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3586 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	{DSA-3857-1 DLA-945-1}
	- mysql-connector-java 5.1.42-1
CVE-2017-3585 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Solaris
CVE-2017-3584 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Solaris
CVE-2017-3583 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2017-3582 (Vulnerability in the Oracle SuperCluster Specific Software component ...)
	NOT-FOR-US: Solaris
CVE-2017-3581 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3580 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Solaris
CVE-2017-3579 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2017-3578 (Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of ...)
	NOT-FOR-US: Solaris
CVE-2017-3577 (Vulnerability in the PeopleSoft Enterprise CS Campus Community ...)
	NOT-FOR-US: Oracle
CVE-2017-3576 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3575 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3574 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-3573 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-3572 (Vulnerability in the Oracle Commerce Guided Search / Oracle Commerce ...)
	NOT-FOR-US: Oracle
CVE-2017-3571 (Vulnerability in the PeopleSoft Enterprise SCM eBill Payment component ...)
	NOT-FOR-US: Oracle
CVE-2017-3570 (Vulnerability in the PeopleSoft Enterprise FSCM component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3569 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-3568 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-3567 (Vulnerability in the OJVM component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-3566
	RESERVED
CVE-2017-3565 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3564 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3563 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3562 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3561 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3560 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-3559 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3558 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3557 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3556 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3555 (Vulnerability in the Oracle iReceivables component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3554 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3553 (Vulnerability in the Oracle Identity Manager component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3552 (Vulnerability in the Oracle Hospitality OPERA 5 Property Services ...)
	NOT-FOR-US: Oracle
CVE-2017-3551 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3550 (Vulnerability in the Oracle Customer Interaction History component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3549 (Vulnerability in the Oracle Scripting component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3548 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3547 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3546 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3545 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3544 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3543 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3542 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3541 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3540 (Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3539 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3538 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.16-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3537 (Vulnerability in the Oracle Real-Time Scheduler component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3536 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3535 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3534 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3533 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3532 (Vulnerability in the Oracle Retail Warehouse Management System ...)
	NOT-FOR-US: Oracle
CVE-2017-3531 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3530 (Vulnerability in the Oracle Transportation Manager component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3529 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.20-1 (bug #868798)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3528 (Vulnerability in the Oracle Applications Framework component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3527 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3526 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3525 (Vulnerability in the PeopleSoft Enterprise SCM Service Procurement ...)
	NOT-FOR-US: Oracle
CVE-2017-3524 (Vulnerability in the PeopleSoft Enterprise SCM Strategic Sourcing ...)
	NOT-FOR-US: Oracle
CVE-2017-3523 (Vulnerability in the MySQL Connectors component of Oracle MySQL ...)
	{DSA-3840-1 DLA-945-1}
	- mysql-connector-java 5.1.41-1
	NOTE: https://www.computest.nl/advisories/CT-2017-0425_MySQL-Connector-J.txt
CVE-2017-3522 (Vulnerability in the PeopleSoft Enterprise SCM eSupplier Connection ...)
	NOT-FOR-US: Oracle
CVE-2017-3521 (Vulnerability in the PeopleSoft Enterprise SCM Purchasing component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3520 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3519 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3518 (Vulnerability in the Enterprise Manager Base Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3517 (Vulnerability in the JD Edwards EnterpriseOne Tools component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3516 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3515 (Vulnerability in the Oracle User Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3514 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (Windows builds only)
	- openjdk-7 <not-affected> (Windows builds only)
	NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/95fd1952637b
CVE-2017-3513 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.20-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3512 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (MacOSX builds only)
	- openjdk-7 <not-affected> (MacOSX builds only)
	NOTE: Upstream commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c878d0baff4a
CVE-2017-3511 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3510 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3509 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3858-1 DLA-954-1}
	- openjdk-8 8u131-b11-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3508 (Vulnerability in the Primavera Gateway component of Oracle Primavera ...)
	NOT-FOR-US: Oracle
CVE-2017-3507 (Vulnerability in the Oracle Service Bus component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3506 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3505 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3504 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3503 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle
CVE-2017-3502 (Vulnerability in the PeopleSoft Enterprise FIN Receivables component ...)
	NOT-FOR-US: Oracle
CVE-2017-3501 (Vulnerability in the Primavera Unifier component of Oracle Primavera ...)
	NOT-FOR-US: Oracle
CVE-2017-3500 (Vulnerability in the Primavera Gateway component of Oracle Primavera ...)
	NOT-FOR-US: Oracle
CVE-2017-3499 (Vulnerability in the Oracle Social Network component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3498 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3497 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3496 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3495 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3494 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3493 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3492 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3491 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3490 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3489 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3488 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3487 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3486 (Vulnerability in the SQL*Plus component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-3485 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3484 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3483 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle
CVE-2017-3482 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3481 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3480 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3479 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3478 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3477 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3476 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3475 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3474 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3473 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3472 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3471 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3470 (Vulnerability in the Oracle Communications Security Gateway component ...)
	NOT-FOR-US: Oracle
CVE-2017-3469 (Vulnerability in the MySQL Workbench component of Oracle MySQL ...)
	- mysql-workbench 6.3.10+dfsg-1 (low; bug #861487)
	[stretch] - mysql-workbench <no-dsa> (Minor issue)
	[jessie] - mysql-workbench <no-dsa> (Minor issue)
	[wheezy] - mysql-workbench <no-dsa> (Minor issue)
CVE-2017-3468 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3467 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3466
	RESERVED
CVE-2017-3465 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3464 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3463 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3462 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3461 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3460 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3459 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3458 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3457 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3456 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3455 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3454 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3453 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3452 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
CVE-2017-3451 (Vulnerability in the Oracle Retail Open Commerce Platform component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3450 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3449
	RESERVED
CVE-2017-3448
	RESERVED
CVE-2017-3447
	REJECTED
CVE-2017-3446 (Vulnerability in the Oracle Trade Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3445 (Vulnerability in the Oracle Trade Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3444 (Vulnerability in the Oracle Trade Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3443 (Vulnerability in the Oracle Common Applications component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3442 (Vulnerability in the Oracle Customer Interaction History component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3441 (Vulnerability in the Oracle Customer Interaction History component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3440 (Vulnerability in the Oracle Customer Interaction History component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3439 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3438 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3437 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3436 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3435 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3434 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3433 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3432 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3431 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3430 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3429 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3428 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3427 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3426 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3425 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3424 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3423 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3422 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3421 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3420 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3419 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3418 (Vulnerability in the Oracle CRM Technical Foundation component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3417 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3416 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3415 (Vulnerability in the Oracle Universal Work Queue component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3414 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3413 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3412 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3411 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3410 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3409 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3408 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3407 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3406 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3405 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3404 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3403 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3402 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3401 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3400 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3399 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3398 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3397 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3396 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3395 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3394 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3393 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3392 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3391 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3390 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3389 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3388 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3387 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3386 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3385 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3384 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3383 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3382 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3381 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3380 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3379 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3378 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3377 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3376 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3375 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3374 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3373 (Vulnerability in the Oracle Advanced Outbound Telephony component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3372 (Vulnerability in the Oracle Interaction Blending component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3371 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3370 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3369 (Vulnerability in the Oracle iSupport component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3368 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3367 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3366 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3365 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3364 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3363 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3362 (Vulnerability in the Oracle Knowledge Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3361 (Vulnerability in the Oracle Installed Base component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3360 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3359 (Vulnerability in the Oracle Customer Intelligence component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3358 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3357 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3356 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3355 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3354 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3353 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3352 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3351 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3350 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3349 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3348 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3347 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3346 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3345 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3344 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3343 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3342 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3341 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3340 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3339 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3338 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3337 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3336 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3335 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3334 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3333 (Vulnerability in the Oracle Marketing component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3332 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3331 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3330 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel
CVE-2017-3329 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3328 (Vulnerability in the Oracle Common Applications component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3327 (Vulnerability in the Oracle Common Applications component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3326 (Vulnerability in the Oracle Common Applications component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3325 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel
CVE-2017-3324 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle Primavera
CVE-2017-3323 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
	NOT-FOR-US: MySQL Cluster
CVE-2017-3322 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
	NOT-FOR-US: MySQL Cluster
CVE-2017-3321 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
	NOT-FOR-US: MySQL Cluster
CVE-2017-3320 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3319 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3318 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3317 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3316 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3315 (Vulnerability in the PeopleSoft Enterprise HCM ePerformance component ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3314 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3313 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3809-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3312 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3311 (Vulnerability in the Application Testing Suite component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3310 (Vulnerability in the OJVM component of Oracle Database Server. ...)
	NOT-FOR-US: Oracle
CVE-2017-3309 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3308 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3944-1 DSA-3834-1 DLA-916-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 5.7.18-1 (bug #860547)
	- mysql-5.5 <removed> (bug #860544)
CVE-2017-3307 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2017-3306 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2017-3305 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3834-1 DLA-916-1}
	- mysql-5.7 <not-affected> (Fixed before the initial release to Debian)
	- mysql-5.5 <removed> (bug #860544)
	NOTE: The issue arises because of an improper fix for the issue known under
	NOTE: the name BACKRONYM. The CVE CVE-2015-3152 though is explicitly only
	NOTE: assigned for MariaDB and Percona, thus Oracle MySQL products are not
	NOTE: tracked below that CVE. Later, Oracle tried to address the corresonding
	NOTE: issue as well in 5.5 (in 5.5.49) and 5.6 (5.6.30) series resulting in
	NOTE: opening CVE-2017-3305.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1217506#c22
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/17/4
CVE-2017-3304 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
	- mysql-cluster <itp> (bug #833356)
CVE-2017-3303 (Vulnerability in the Oracle XML Gateway component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3302 (Crash in libmysqlclient.so in Oracle MySQL before 5.6.21 and 5.7.x ...)
	{DSA-3834-1 DSA-3809-1 DLA-916-1 DLA-819-1}
	- mariadb-10.1 10.1.23-1
	- mariadb-10.0 <removed>
	- mysql-5.7 <not-affected> (Fixed before initial release in Debian)
	- mysql-5.6 <not-affected> (Fixed before initial release in Debian)
	- mysql-5.5 <removed> (bug #854713; bug #860544)
	NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4797ea0b772d5f4c5889bc552424132806f46e93
	NOTE: Fixed in Oracle MySQL 5.6.21, 5.7.5
	NOTE: https://bugs.mysql.com/bug.php?id=70429
	NOTE: https://bugs.mysql.com/bug.php?id=63363
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/28/1
CVE-2017-3301 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3300 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3299 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3298 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3297 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3296 (Vulnerability in the Oracle Commerce Platform component of Oracle ...)
	NOT-FOR-US: Oracle Commerce
CVE-2017-3295 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3294 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3293 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3292 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2017-3291 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3290 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2017-3289 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2017-3288 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3287 (Vulnerability in the Oracle iStore component of Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2017-3286 (Vulnerability in the Oracle Applications DBA component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3285 (Vulnerability in the Oracle Service Fulfillment Manager component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3284 (Vulnerability in the Oracle Service Fulfillment Manager component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3283 (Vulnerability in the Oracle Partner Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3282 (Vulnerability in the Oracle Partner Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3281 (Vulnerability in the Oracle Partner Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3280 (Vulnerability in the Oracle Partner Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3279 (Vulnerability in the Oracle Leads Management component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3278 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3277 (Vulnerability in the Oracle Applications Manager component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3276 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2017-3275 (Vulnerability in the Oracle Email Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3274 (Vulnerability in the Oracle Email Center component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3273 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3272 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3271 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3270 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3269 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3268 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3267 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3266 (Vulnerability in the Oracle Outside In Technology component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2017-3265 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3264 (Vulnerability in the Siebel UI Framework component of Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel
CVE-2017-3263 (Vulnerability in the Primavera P6 Enterprise Project Portfolio ...)
	NOT-FOR-US: Oracle Primavera
CVE-2017-3262 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2017-3261 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3260 (Vulnerability in the Java SE component of Oracle Java SE ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2017-3259 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2017-3258 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3257 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1}
	- mariadb-10.2 <removed> (bug #884065)
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2017-3256 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3255 (Vulnerability in the Oracle JDeveloper component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3254 (Vulnerability in the Oracle Retail Invoice Matching component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3253 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3252 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3251 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2017-3250 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-3249 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-3248 (Vulnerability in the Oracle WebLogic Server component of Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2017-3247 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2017-3246 (Vulnerability in the Oracle Application Object Library component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3245 (Vulnerability in the Oracle FLEXCUBE Direct Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3244 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3243 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3242 (Vulnerability in the Oracle VM Server for Sparc component of Oracle ...)
	NOT-FOR-US: Solaris
CVE-2017-3241 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3240 (Vulnerability in the RDBMS Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2017-3239 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2017-3238 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	{DSA-3770-1 DSA-3767-1 DLA-797-1}
	- mariadb-10.1 10.1.21-1 (bug #851759)
	- mariadb-10.0 <removed> (bug #851755)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <removed> (bug #851233)
CVE-2017-3237 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3236 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3235 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2017-3234 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3233 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3232 (Vulnerability in the Automatic Service Request (ASR) component of ...)
	NOT-FOR-US: Oracle
CVE-2017-3231 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2017-3230 (Vulnerability in the Oracle Fusion Middleware MapViewer component of ...)
	NOT-FOR-US: Oracle
CVE-2016-9892 (The esets_daemon service in ESET Endpoint Antivirus for macOS before ...)
	NOT-FOR-US: ESET
CVE-2016-9891 (Cross-site scripting (XSS) vulnerability in admin/media.php and ...)
	- dotclear <removed>
CVE-2016-9890
	RESERVED
CVE-2016-9889 (Some forms with the parameter geo_zoomlevel_to_found_location in Tiki ...)
	NOT-FOR-US: Tiki Wiki
CVE-2016-9888 (An error within the &quot;tar_directory_for_file()&quot; function ...)
	{DLA-740-1}
	- libgsf 1.14.41-1
	[jessie] - libgsf <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/GNOME/libgsf/commit/95a8351a75758cf10b3bf6abae0b6b461f90d9e5
CVE-2016-9887
	RESERVED
CVE-2016-9886
	REJECTED
CVE-2016-9885 (An issue was discovered in Pivotal GemFire for PCF 1.6.x versions prior ...)
	NOT-FOR-US: Pivotal GemFire for PCF
CVE-2016-9884
	REJECTED
CVE-2016-9883
	REJECTED
CVE-2016-9882 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry Foundation cf-release
CVE-2016-9881
	REJECTED
CVE-2016-9880 (The GemFire broker for Cloud Foundry 1.6.x before 1.6.5 and 1.7.x ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-9879 (An issue was discovered in Pivotal Spring Security before 3.2.10, 4.1.x ...)
	- libspring-security-java <itp> (bug #582181)
	NOTE: https://pivotal.io/security/cve-2016-9879
CVE-2016-9878 (An issue was discovered in Pivotal Spring Framework before 3.2.18, ...)
	- libspring-java 4.3.5-1 (bug #849167)
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2016-9878
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/e2d6e709c3c65a4951eb096843ee75d5200cfcad (4.3.x branch)
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/43bf008fbcd0d7945e2fcd5e30039bc4d74c7a98 (4.2.x branch)
	NOTE: Fixed by: https://github.com/spring-projects/spring-framework/commit/a7dc48534ea501525f11369d369178a60c2f47d0 (3.2.x branch)
	NOTE: https://jira.spring.io/browse/SPR-14946
CVE-2016-9877 (An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x ...)
	{DSA-3761-1}
	- rabbitmq-server 3.6.6-1 (bug #849849)
	[wheezy] - rabbitmq-server <not-affected> (Vulnerable code introduced later)
	NOTE: https://pivotal.io/security/cve-2016-9877
	NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/issues/96
	NOTE: https://github.com/rabbitmq/rabbitmq-mqtt/pull/98
CVE-2016-9876
	REJECTED
CVE-2016-9875
	REJECTED
CVE-2016-9874
	REJECTED
CVE-2016-9873 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has a ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-9872 (EMC Documentum D2 version 4.5 and EMC Documentum D2 version 4.6 has ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-9871 (EMC Isilon OneFS 7.2.1.0 - 7.2.1.3, EMC Isilon OneFS 7.2.0.x, EMC ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-9870 (EMC Isilon OneFS 8.0.0.0, EMC Isilon OneFS 7.2.1.0 - 7.2.1.2, EMC ...)
	NOT-FOR-US: EMC
CVE-2016-9869 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9868 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9867 (An issue was discovered in EMC ScaleIO versions before 2.0.1.1. A ...)
	NOT-FOR-US: EMC ScaleIO
CVE-2016-9919 (The icmp6_send function in net/ipv6/icmp.c in the Linux kernel through ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=189851
	NOTE: Fixed by: https://git.kernel.org/linus/79dc7e3f1cd323be4c81aa1a94faa1b3ed987fb2 (v4.9-rc8)
CVE-2016-9912 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator ...)
	- qemu 1:2.8+dfsg-1 (bug #847391)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05043.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/12
CVE-2016-9916 (Memory leak in hw/9pfs/9p-proxy.c in QEMU (aka Quick Emulator) allows ...)
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue, virtfs-proxy-helper not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, virtfs-proxy-helper not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=898ae90a44551d25b8e956fd87372d303c82fe68 (v2.8.0-rc2)
	NOTE: Proxy filesystem driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=4c793dda22213a7aba8e4d9a814e8f368a5f8bf7 (v1.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9915 (Memory leak in hw/9pfs/9p-handle.c in QEMU (aka Quick Emulator) allows ...)
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (handle driver not included during compilation)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (handle driver not included during compilation)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=971f406b77a6eb84e0ad27dcc416b663765aee30 (v2.8.0-rc2)
	NOTE: handle based fs driver introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=5f5422258e1f50f871bafcc5bfb2b498f414a310 (v1.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
	NOTE: proxy driver not included during compilation in wheezy, see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9914 (Memory leak in hw/9pfs/9p.c in QEMU (aka Quick Emulator) allows local ...)
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (proxy and handle drivers not included during compilation)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (proxy and handle drivers not included during compilation)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=702dbcc274e2ca43be20ba64c758c0ca57dab91d (v2.8.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
	NOTE: proxy and handle drivers not included during compilation in wheezy, so the cleanup function is never implemented:
	NOTE: see debian-lts ML: https://lists.debian.org/debian-lts/2016/12/msg00136.html
CVE-2016-9913 (Memory leak in the v9fs_device_unrealize_common function in ...)
	- qemu 1:2.8+dfsg-1 (bug #847496)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg03278.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=4774718e5c194026ba5ee7a28d9be49be3080e42 (v2.8.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/11
CVE-2016-9911 (Quick Emulator (Qemu) built with the USB EHCI Emulation support is ...)
	{DLA-765-1 DLA-764-1}
	- qemu 1:2.8+dfsg-1 (bug #847951)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=791f97758e223de3290592d169f (v2.8.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/10
CVE-2016-9907 (Quick Emulator (Qemu) built with the USB redirector usb-guest support ...)
	- qemu 1:2.8+dfsg-1 (bug #847953)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg01379.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=07b026fd82d6cf11baf7d7c603c4f5f6070b35bf
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/3
	NOTE: Leakage introduced after 1.2.50: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3f6e1b106abcf6b8cf487ac8f8e5fc2fd86776
CVE-2016-9908 (Quick Emulator (Qemu) built with the Virtio GPU Device emulator ...)
	- qemu 1:2.8+dfsg-1 (bug #847400)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00059.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/2
CVE-2017-3229
	RESERVED
CVE-2017-3228
	RESERVED
CVE-2017-3227
	RESERVED
CVE-2017-3226
	RESERVED
	- u-boot <unfixed> (unimportant)
	[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
	NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
	NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove
	NOTE: it in future versions.
	NOTE: https://www.kb.cert.org/vuls/id/166743
	NOTE: Negligable security impact
CVE-2017-3225
	RESERVED
	- u-boot <unfixed> (unimportant)
	[wheezy] - u-boot <not-affected> (Vulnerable code do not exist)
	NOTE: jessie+ no built targets use ENV_AES by default, but fw_printenv/fw_setenv
	NOTE: in u-boot-tools supports it. Upstream has deprecated it and plans to remove
	NOTE: it in future versions.
	NOTE: https://www.kb.cert.org/vuls/id/166743
	NOTE: Negligable security impact
CVE-2017-3224 [OSPF implementation improperly determines LSA recency (VU#793496)]
	RESERVED
	- quagga <unfixed> (low; bug #871617)
	[stretch] - quagga <no-dsa> (Minor issue)
	[jessie] - quagga <no-dsa> (Minor issue)
	[wheezy] - quagga <no-dsa> (Minor issue)
	NOTE: http://www.kb.cert.org/vuls/id/793496
CVE-2017-3223
	RESERVED
CVE-2017-3222 (Hard-coded credentials in AmosConnect 8 allow remote attackers to gain ...)
	NOT-FOR-US: AmosConnect
CVE-2017-3221 (Blind SQL injection in Inmarsat AmosConnect 8 login form allows remote ...)
	NOT-FOR-US: AmosConnect
CVE-2017-3220
	RESERVED
CVE-2017-3219 (Acronis True Image up to and including version 2017 Build 8053 ...)
	NOT-FOR-US: Acronis True Image
CVE-2017-3218 (Samsung Magician 5.0 fails to validate TLS certificates for HTTPS ...)
	NOT-FOR-US: Samsung
CVE-2017-3217
	RESERVED
CVE-2017-3216 (WiMAX routers based on the MediaTek SDK (libmtk) that use a custom ...)
	NOT-FOR-US: WiMAX routers
CVE-2017-3215 (The Milwaukee ONE-KEY Android mobile application uses bearer tokens ...)
	NOT-FOR-US: Milwaukee ONE-KEY Android mobile application
CVE-2017-3214 (The Milwaukee ONE-KEY Android mobile application stores the master ...)
	NOT-FOR-US: Milwaukee ONE-KEY Android mobile application
CVE-2017-3213 (The Think Mutual Bank Mobile Banking app 3.1.5 for iOS does not verify ...)
	NOT-FOR-US: Think Mutual Bank Mobile Banking app
CVE-2017-3212 (The Space Coast Credit Union Mobile app 2.2 for iOS and 2.1.0.1104 for ...)
	NOT-FOR-US: Space Coast Credit Union Mobile app
CVE-2017-3211
	RESERVED
CVE-2017-3210
	RESERVED
CVE-2017-3209
	RESERVED
CVE-2017-3208
	RESERVED
CVE-2017-3207
	RESERVED
CVE-2017-3206
	RESERVED
CVE-2017-3205
	RESERVED
CVE-2017-3204 (The Go SSH library (x/crypto/ssh) by default does not verify host ...)
	- golang-go.crypto 1:0.0~git20170407.0.55a552f+REALLY.0.0~git20161012.0.5f31782-1 (bug #859655)
	[jessie] - golang-go.crypto <no-dsa> (In jessie no rdeps using SSH, that version doesn't even support host key validation)
	NOTE: https://github.com/golang/crypto/commit/e4e2799dd7aab89f583e1d898300d96367750991
	NOTE: https://github.com/golang/go/issues/19767
CVE-2017-3203
	RESERVED
CVE-2017-3202
	RESERVED
CVE-2017-3201
	RESERVED
CVE-2017-3200
	RESERVED
CVE-2017-3199
	RESERVED
CVE-2017-3198
	RESERVED
CVE-2017-3197
	RESERVED
CVE-2017-3196 (PCAUSA Rawether framework does not properly validate BPF data, ...)
	NOT-FOR-US: PCAUSA Rawether
CVE-2017-3195 (Commvault Edge Communication Service (cvd) prior to version 11 SP7 or ...)
	NOT-FOR-US: Commvault Edge Communication Service
CVE-2017-3194 (Pandora iOS app prior to version 8.3.2 fails to properly validate SSL ...)
	NOT-FOR-US: Pandora iOS app
CVE-2017-3193 (Multiple D-Link devices including the DIR-850L firmware versions ...)
	NOT-FOR-US: D-Link
CVE-2017-3192 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...)
	NOT-FOR-US: D-Link
CVE-2017-3191 (D-Link DIR-130 firmware version 1.23 and DIR-330 firmware version 1.12 ...)
	NOT-FOR-US: D-Link
CVE-2017-3190 (Flash Seats Mobile App for Android version 1.7.9 and earlier and for ...)
	NOT-FOR-US: Flash Seats Mobile App
CVE-2017-3189
	RESERVED
CVE-2017-3188
	RESERVED
CVE-2017-3187
	RESERVED
CVE-2017-3186 (ACTi cameras including the D, B, I, and E series using firmware ...)
	NOT-FOR-US: ACTi cameras
CVE-2017-3185 (ACTi cameras including the D, B, I, and E series using firmware ...)
	NOT-FOR-US: ACTi cameras
CVE-2017-3184 (ACTi cameras including the D, B, I, and E series using firmware ...)
	NOT-FOR-US: ACTi cameras
CVE-2017-3183
	RESERVED
CVE-2017-3182
	RESERVED
CVE-2017-3181
	RESERVED
CVE-2017-3180
	RESERVED
CVE-2017-3179
	RESERVED
CVE-2017-3178
	RESERVED
CVE-2017-3177
	RESERVED
CVE-2017-3176
	RESERVED
CVE-2017-3175
	RESERVED
CVE-2017-3174
	RESERVED
CVE-2017-3173
	RESERVED
CVE-2017-3172
	RESERVED
CVE-2017-3171
	RESERVED
CVE-2017-3170
	RESERVED
CVE-2017-3169 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-3168
	REJECTED
CVE-2017-3167 (In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of ...)
	{DSA-3896-1 DLA-1009-1}
	- apache2 2.4.25-4
CVE-2017-3166 (In Apache Hadoop versions 2.6.1 to 2.6.5, 2.7.0 to 2.7.3, and ...)
	- hadoop <itp> (bug #793644)
CVE-2017-3165 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2017-3164
	RESERVED
CVE-2017-3163 (When using the Index Replication feature, Apache Solr nodes can pull ...)
	{DSA-4124-1 DLA-1046-1}
	- lucene-solr 3.6.2+dfsg-11 (bug #867712)
	NOTE: https://issues.apache.org/jira/browse/SOLR-10031
	NOTE: https://github.com/apache/lucene-solr/commit/ae789c252687dc8a18bfdb677f2e6cd14570e4db
CVE-2017-3162 (HDFS clients interact with a servlet on the DataNode to browse the ...)
	- hadoop <itp> (bug #793644)
CVE-2017-3161 (The HDFS web UI in Apache Hadoop before 2.7.0 is vulnerable to a ...)
	- hadoop <itp> (bug #793644)
CVE-2017-3160 (After the Android platform is added to Cordova the first time, or ...)
	NOT-FOR-US: Apache Cordova
CVE-2017-3159 (Apache Camel's camel-snakeyaml component is vulnerable to Java object ...)
	NOT-FOR-US: Apache Camel
CVE-2017-3158 (A race condition in Guacamole's terminal emulator in versions 0.9.5 ...)
	- guacamole-client <unfixed> (bug #891798)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <no-dsa> (Minor issue)
	- guacamole <removed>
	[wheezy] - guacamole <not-affected> (Version not vulnerable)
CVE-2017-3157 (By exploiting the way Apache OpenOffice before 4.1.4 renders embedded ...)
	{DSA-3792-1 DLA-910-1}
	- libreoffice 1:5.2.3-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2017-3157/
CVE-2017-3156 (The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to ...)
	NOT-FOR-US: Apache CXF
CVE-2017-3155 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3154 (Error responses from Apache Atlas versions 0.6.0-incubating and ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3153 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3152 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3151 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating were found ...)
	NOT-FOR-US: Apache Atlas
CVE-2017-3150 (Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating use ...)
	NOT-FOR-US: Apache Atlas
CVE-2016-9920 (steps/mail/sendmail.inc in Roundcube before 1.1.7 and 1.2.x before ...)
	{DLA-737-1}
	- roundcube 1.2.3+dfsg.1-1 (bug #847287)
	NOTE: https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/f84233785ddeed01445fc855f3ae1e8a62f167e1
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/aa6bf38843f51a0fc7205acc98a7b84f3c4c9c4f
CVE-2016-9910 (The serializer in html5lib before 0.99999999 might allow remote ...)
	- html5lib 0.999999999-1
	[jessie] - html5lib <no-dsa> (Minor issue)
	[wheezy] - html5lib <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2016-9909 (The serializer in html5lib before 0.99999999 might allow remote ...)
	- html5lib 0.999999999-1
	[jessie] - html5lib <no-dsa> (Minor issue)
	[wheezy] - html5lib <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/html5lib/html5lib-python/commit/9b8d8eb5afbc066b7fac9390f5ec75e5e8a7cab7
	NOTE: https://www.sourceclear.com/registry/security/cross-site-scripting-xss-/python/sid-3068
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/06/5
CVE-2017-3149
	RESERVED
CVE-2017-3148
	RESERVED
CVE-2017-3147
	RESERVED
CVE-2017-3146
	RESERVED
CVE-2017-3145 [Improper fetch cleanup sequencing in the resolver can cause named to crash]
	RESERVED
	{DSA-4089-1 DLA-1255-1}
	- bind9 1:9.11.2.P1-1
	NOTE: https://kb.isc.org/article/AA-01542
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=053b51c4dbd28f6e4de71ce4268a6f606025d76d
	NOTE: Fixed by (9.10.6-P1): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=55baf7d7e25c0e6444cb7e415f14d9e0819b5508
CVE-2017-3144 [dhcp: omapi code doesn't free socket descriptors when empty message is received allowing denial-of-service]
	RESERVED
	{DSA-4133-1}
	- isc-dhcp 4.3.5-3.1 (bug #887413)
	[wheezy] - isc-dhcp <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1522918
	NOTE: https://bugs.isc.org/Public/Bug/Display.html?id=46767
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=1a6b62fe17a42b00fa234d06b6dfde3d03451894
	NOTE: Fixes for 4.3.6p1: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commit;h=99a25aedea02d9c259cb8fabf4be700fb32571a3
CVE-2017-3143 [An error in TSIG authentication can permit unauthorized dynamic updates]
	RESERVED
	{DSA-3904-1 DLA-1025-1}
	- bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564)
	NOTE: https://kb.isc.org/article/AA-01503
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
CVE-2017-3142 [An error in TSIG authentication can permit unauthorized zone transfers]
	RESERVED
	{DSA-3904-1 DLA-1025-1}
	- bind9 1:9.10.3.dfsg.P4-12.4 (bug #866564)
	NOTE: https://kb.isc.org/article/AA-01504
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=581c1526ab0f74a177980da9ff0514f795ed8669
CVE-2017-3141
	RESERVED
	- bind9 <not-affected> (Affects only Windows systems)
	NOTE: https://kb.isc.org/article/AA-01496
CVE-2017-3140 [An error processing RPZ rules can cause named to loop endlessly after handling a query]
	RESERVED
	- bind9 <not-affected> (Upstream change #4377 not backported/included)
	NOTE: https://kb.isc.org/article/AA-01495
	NOTE: Fixed by (master): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=2648c49be78568ba9f4123d22122f2a649e2e1b7
	NOTE: Introduced by: https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=aabcb1fde0ca255ff30f0a5c10cbd39f798cc5b7
	NOTE: CVE-2017-3140 is introduced by the upstream change #4377
	NOTE: http://www.openwall.com/lists/oss-security/2017/06/14/4
CVE-2017-3139
	RESERVED
	- bind9 <not-affected> (RHEL6 specific)
CVE-2017-3138 [named exits with a REQUIRE assertion failure if it receives a null command string on its control channel]
	RESERVED
	{DSA-3854-1 DLA-957-1}
	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860226)
	NOTE: https://kb.isc.org/article/AA-01471
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=a636604b20cc0aaabc8edbb7595f7c1c820b7610
	NOTE: In practice for any Debian version applying this commit is merely
	NOTE: hardening, since the feature to allow only a subset of "read only"
	NOTE: commands was added only in 9.11.0 and before existing commands permitted
	NOTE: over the control channel were already be given to cause the server to stop.
	NOTE: The CVE-2017-3138 is barely an issue in practice anyway.
CVE-2017-3137 [A response packet can cause a resolver to terminate when processing an answer containing a CNAME or DNAME]
	RESERVED
	{DSA-3854-1 DLA-957-1}
	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860225)
	NOTE: https://kb.isc.org/article/AA-01466
	NOTE: Additional information for backporting patch: http://www.openwall.com/lists/oss-security/2017/04/17/5
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=69fd759b4aa02047e42e5cf4227f8257c4547988
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=6841d7b854c15df9ec56cab38da201b315bbcabb (reimplentation)
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=7ab9e8e00775782d474522a5b2bffba8daefefa5 (regression fix)
CVE-2017-3136 [An error handling synthesized records could cause an assertion failure when using DNS64 with "break-dnssec yes;"]
	RESERVED
	{DSA-3854-1 DLA-957-1}
	- bind9 1:9.10.3.dfsg.P4-12.3 (bug #860224)
	NOTE: https://kb.isc.org/article/AA-01465
	NOTE: Fixed by (9.10.x): https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=764240ca07ab1b796226d5402ccd9fbfa77ec32a
CVE-2017-3135 [Assertion failure when using DNS64 and RPZ can lead to crash]
	RESERVED
	{DSA-3795-1 DLA-843-1}
	- bind9 1:9.10.3.dfsg.P4-12 (bug #855520)
	NOTE: https://kb.isc.org/article/AA-01453
	NOTE: Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434
CVE-2017-3134 (An escalation of privilege vulnerability in Fortinet FortiWLC-SD ...)
	NOT-FOR-US: Fortinet FortiWLC-SD
CVE-2017-3133 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3132 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3131 (A Cross-Site Scripting vulnerability in Fortinet FortiOS versions ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3130 (An information disclosure vulnerability in Fortinet FortiOS 5.6.0, ...)
	NOT-FOR-US: Fortinet
CVE-2017-3129 (A Cross-Site Scripting vulnerability in Fortinet FortiWeb versions ...)
	NOT-FOR-US: Fortinet FortiWeb
CVE-2017-3128 (A stored XSS (Cross-Site-Scripting) vulnerability in Fortinet FortiOS ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2017-3127 (A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 ...)
	NOT-FOR-US: Fortinet
CVE-2017-3126 (An Open Redirect vulnerability in Fortinet FortiAnalyzer 5.4.0 through ...)
	NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2017-3125 (An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and ...)
	NOT-FOR-US: FortiMail
CVE-2017-3124 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3123 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3122 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3121 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3120 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3119 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3118 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3117 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3116 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3115 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3114 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-3113 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3112 (An issue was discovered in Adobe Flash Player 27.0.0.183 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-3111 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. ...)
	NOT-FOR-US: Adobe
CVE-2017-3110 (Adobe Experience Manager 6.1 and earlier has a sensitive data exposure ...)
	NOT-FOR-US: Adobe
CVE-2017-3109 (An issue was discovered in Adobe Experience Manager 6.3, 6.2, 6.1, 6.0. ...)
	NOT-FOR-US: Adobe
CVE-2017-3108 (Adobe Experience Manager 6.2 and earlier has a malicious file ...)
	NOT-FOR-US: Adobe
CVE-2017-3107 (Adobe Experience Manager 6.3 and earlier has a misconfiguration ...)
	NOT-FOR-US: Adobe
CVE-2017-3106 (Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3105 (Adobe RoboHelp has an Open Redirect vulnerability. This affects ...)
	NOT-FOR-US: Adobe
CVE-2017-3104 (Adobe RoboHelp has a cross-site scripting (XSS) vulnerability. This ...)
	NOT-FOR-US: Adobe
CVE-2017-3103 (Adobe Connect versions 9.6.1 and earlier have a stored cross-site ...)
	NOT-FOR-US: Adobe Connect
CVE-2017-3102 (Adobe Connect versions 9.6.1 and earlier have a reflected cross-site ...)
	NOT-FOR-US: Adobe Connect
CVE-2017-3101 (Adobe Connect versions 9.6.1 and earlier have a clickjacking ...)
	NOT-FOR-US: Adobe Connect
CVE-2017-3100 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3099 (Adobe Flash Player versions 26.0.0.131 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3098 (Adobe Captivate versions 9 and earlier have a remote code execution ...)
	NOT-FOR-US: Adobe
CVE-2017-3097 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...)
	NOT-FOR-US: Adobe
CVE-2017-3096 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3095 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3094 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3093 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3092 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...)
	NOT-FOR-US: Adobe
CVE-2017-3091 (Adobe Digital Editions 4.5.4 and earlier versions 4.5.4 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2017-3090 (Adobe Digital Editions versions 4.5.4 and earlier contain an insecure ...)
	NOT-FOR-US: Adobe
CVE-2017-3089 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3088 (Adobe Digital Editions versions 4.5.4 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3087 (Adobe Captivate versions 9 and earlier have an information disclosure ...)
	NOT-FOR-US: Adobe
CVE-2017-3086 (Adobe Shockwave versions 12.2.8.198 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-3085 (Adobe Flash Player versions 26.0.0.137 and earlier have a security ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3084 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3083 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3082 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3081 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3080 (Adobe Flash Player versions 26.0.0.131 and earlier have a security ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3079 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3078 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3077 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3076 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3075 (Adobe Flash Player versions 25.0.0.171 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3074 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3073 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3072 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3071 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3070 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3069 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3068 (Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3067 (Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an ...)
	NOT-FOR-US: Adobe
CVE-2017-3066 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and ...)
	NOT-FOR-US: Adobe
CVE-2017-3065 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3064 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3063 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3062 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3061 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3060 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3059 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3058 (Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3057 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3056 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3055 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3054 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3053 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3052 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3051 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3050 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3049 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3048 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3047 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3046 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3045 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3044 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3043 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3042 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3041 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3040 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3039 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3038 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3037 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3036 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3035 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3034 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3033 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3032 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3031 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3030 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3029 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3028 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3027 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3026 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3025 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3024 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3023 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3022 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3021 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3020 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3019 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3018 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3017 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3016 (Adobe Acrobat Reader 2017.009.20058 and earlier, 2017.008.30051 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3015 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3014 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3013 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3012 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3011 (Adobe Acrobat Reader versions 11.0.19 and earlier, 15.006.30280 and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-3010 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe
CVE-2017-3009 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe
CVE-2017-3008 (Adobe ColdFusion 2016 Update 3 and earlier, ColdFusion 11 update 11 and ...)
	NOT-FOR-US: Adobe
CVE-2017-3007 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability in the ...)
	NOT-FOR-US: Adobe Thor
CVE-2017-3006 (Adobe Thor versions 3.9.5.353 and earlier have a vulnerability related ...)
	NOT-FOR-US: Adobe Thor
CVE-2017-3005 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2017-3004 (Adobe Photoshop versions CC 2017 (18.0.1) and earlier, CC 2015.5.1 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2017-3003 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3002 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3001 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-3000 (Adobe Flash Player versions 24.0.0.221 and earlier have a vulnerability ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2999 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2998 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2997 (Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2996 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2995 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2994 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2993 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2992 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2991 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2990 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2989 (Adobe Campaign versions Build 8770 and earlier have an input validation ...)
	NOT-FOR-US: Adobe
CVE-2017-2988 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2987 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2986 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2985 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2984 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2983 (Adobe Shockwave versions 12.2.7.197 and earlier have an insecure ...)
	NOT-FOR-US: Adobe
CVE-2017-2982 (Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2981 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2980 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2979 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2978 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2977 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2976 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2975 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2974 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2973 (Adobe Digital Editions versions 4.5.3 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe
CVE-2017-2972 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2971 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2970 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2969 (Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site ...)
	NOT-FOR-US: Adobe
CVE-2017-2968 (Adobe Campaign versions 16.4 Build 8724 and earlier have a code ...)
	NOT-FOR-US: Adobe
CVE-2017-2967 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2966 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2965 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2964 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2963 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2962 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2961 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2960 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2959 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2958 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2957 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2956 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2955 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2954 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2953 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2952 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2951 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2950 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2949 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2948 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2947 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2946 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2945 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2944 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2943 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2942 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2941 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2940 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2939 (Adobe Acrobat Reader versions 15.020.20042 and earlier, 15.006.30244 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2017-2938 (Adobe Flash Player versions 24.0.0.186 and earlier have a security ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2937 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2936 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2935 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2934 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2933 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2932 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2931 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2930 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2929 (Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a ...)
	NOT-FOR-US: Adobe Acrobat Chrome extension
CVE-2017-2928 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2927 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2926 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2017-2925 (Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-9839 (In MapServer before 7.0.3, OGR driver error messages are too verbose ...)
	{DLA-734-1}
	- mapserver 7.0.3-1
	[jessie] - mapserver 6.4.1-5+deb8u1
	NOTE: https://lists.osgeo.org/pipermail/mapserver-dev/2016-December/014979.html
	NOTE: https://github.com/mapserver/mapserver/pull/4928
	NOTE: https://github.com/mapserver/mapserver/pull/5356
CVE-2016-9838 (An issue was discovered in components/com_users/models/registration.php ...)
	NOT-FOR-US: Joomla
CVE-2016-9837 (An issue was discovered in ...)
	NOT-FOR-US: Joomla
CVE-2016-9836 (The file scanning mechanism of JFilterInput::isFileSafe() in Joomla! ...)
	NOT-FOR-US: Joomla
CVE-2016-9835 (Directory traversal vulnerability in file &quot;jcss.php&quot; in Zikula 1.3.x ...)
	NOT-FOR-US: Zikula
CVE-2016-9834 (An XSS vulnerability allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Sophos
CVE-2016-9833
	RESERVED
CVE-2016-9832 (PricewaterhouseCoopers (PwC) ACE-ABAP 8.10.304 for SAP Security allows ...)
	NOT-FOR-US: ACE-ABAP
CVE-2016-9805
	RESERVED
CVE-2016-9796 (Alcatel-Lucent OmniVista 8770 2.0 through 3.0 exposes different ORBs ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2016-9795 (The casrvc program in CA Common Services, as used in CA Client ...)
	NOT-FOR-US: CA Common Services
CVE-2016-9792
	REJECTED
CVE-2016-9791
	REJECTED
CVE-2016-9790
	REJECTED
CVE-2016-9789
	REJECTED
CVE-2016-9788
	REJECTED
CVE-2016-9787
	REJECTED
CVE-2016-9786
	REJECTED
CVE-2016-9785
	REJECTED
CVE-2016-9784
	REJECTED
CVE-2016-9783
	REJECTED
CVE-2016-9782
	REJECTED
CVE-2016-9781
	REJECTED
CVE-2016-9780
	REJECTED
CVE-2016-9779
	REJECTED
CVE-2016-9778 [An error handling certain queries using the nxdomain-redirect feature could cause a REQUIRE assertion failure in db.c]
	RESERVED
	- bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition and 9.11.x)
	NOTE: https://kb.isc.org/article/AA-01442/0
CVE-2016-9771
	REJECTED
CVE-2016-9770
	REJECTED
CVE-2016-9769
	REJECTED
CVE-2016-9768
	REJECTED
CVE-2016-9767
	REJECTED
CVE-2016-9766
	REJECTED
CVE-2016-9765
	REJECTED
CVE-2016-9764
	REJECTED
CVE-2016-9763
	REJECTED
CVE-2016-9762
	REJECTED
CVE-2016-9761
	REJECTED
CVE-2016-9760
	REJECTED
CVE-2016-9759
	REJECTED
CVE-2016-9758
	REJECTED
CVE-2016-9757 (In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user ...)
	NOT-FOR-US: Rapid7 Nexpose
CVE-2016-9846 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator ...)
	- qemu 1:2.8+dfsg-1 (bug #847382)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg00029.html
CVE-2016-9845 (QEMU (aka Quick Emulator) built with the Virtio GPU Device emulator ...)
	- qemu 1:2.8+dfsg-1 (bug #847381)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2016-11/msg00019.html
CVE-2016-9843 (The crc32_big function in crc32.c in zlib 1.2.8 might allow ...)
	- zlib 1:1.2.8.dfsg-3 (bug #847275)
	[jessie] - zlib <no-dsa> (Minor issue)
	[wheezy] - zlib <no-dsa> (Minor issue)
	NOTE: https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9842 (The inflateMark function in inflate.c in zlib 1.2.8 might allow ...)
	- zlib 1:1.2.8.dfsg-3 (bug #847274)
	[jessie] - zlib <no-dsa> (Minor issue)
	[wheezy] - zlib <no-dsa> (Minor issue)
	NOTE: https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9841 (inffast.c in zlib 1.2.8 might allow context-dependent attackers to ...)
	- zlib 1:1.2.8.dfsg-4 (bug #847270)
	[jessie] - zlib <no-dsa> (Minor issue)
	[wheezy] - zlib <no-dsa> (Minor issue)
	NOTE: https://github.com/madler/zlib/commit/9aaec95e82117c1cb0f9624264c3618fc380cecb
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9840 (inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ...)
	- zlib 1:1.2.8.dfsg-3 (bug #847270)
	[jessie] - zlib <no-dsa> (Minor issue)
	[wheezy] - zlib <no-dsa> (Minor issue)
	NOTE: https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0
	NOTE: Report: https://wiki.mozilla.org/images/0/09/Zlib-report.pdf
CVE-2016-9844 (Buffer overflow in the zi_short function in zipinfo.c in Info-Zip ...)
	{DLA-741-1}
	- unzip 6.0-21 (bug #847486)
	[jessie] - unzip 6.0-16+deb8u3
	NOTE: https://launchpad.net/bugs/1643750
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/05/13
	NOTE: Proposed patch in http://www.openwall.com/lists/oss-security/2016/12/05/19
CVE-2014-9913 (Buffer overflow in the list_files function in list.c in Info-Zip UnZip ...)
	{DLA-741-1}
	- unzip 6.0-21 (bug #847485)
	[jessie] - unzip 6.0-16+deb8u3
	NOTE: Upstream bug: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
	NOTE: Same reproducer as in https://bugs.launchpad.net/ubuntu/+source/unzip/+bug/1643750
	NOTE: can be used to verify a fix (which trigger the issue in unzip -l but crash
	NOTE: in different areas of the unzip codebase)
	NOTE: http://www.openwall.com/lists/oss-security/2014/11/03/5
CVE-2016-XXXX [tiffcrop: divide-by-zero in readSeparateStripsIntoBuffer when BitsPerSample is missing]
	- tiff 4.0.7-2 (unimportant; bug #846838)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2619
CVE-2016-9831 (Heap-based buffer overflow in the parseSWF_RGBA function in parser.c ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_rgba-parser-c
CVE-2016-9830 (The MagickRealloc function in memory.c in Graphicsmagick 1.3.25 allows ...)
	{DSA-3746-1}
	- graphicsmagick 1.3.25-6 (bug #847055)
	[wheezy] - graphicsmagick <no-dsa> (fix too intrusive, depends on jan 15th magickresources changes)
	NOTE: upstream patch requires major refactor from jan 2015, see https://lists.debian.org/87inpe4wgu.fsf@curie.anarc.at
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/graphicsmagick-memory-allocation-failure-in-magickrealloc-memory-c
	NOTE: POC: https://github.com/asarubbo/poc/blob/master/00096-graphicsmagick-memalloc-MagickRealloc
CVE-2016-9829 (Heap-based buffer overflow in the parseSWF_DEFINEFONT function in ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c
CVE-2016-9828 (The dumpBuffer function in read.c in the listswf tool in libming 0.4.7 ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-null-pointer-dereference-in-dumpbuffer-read-c
CVE-2016-9827 (The _iprintf function in outputtxt.c in the listswf tool in libming ...)
	{DLA-799-1}
	- ming <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-_iprintf-outputtxt-c
CVE-2016-9826 (libavcodec/ituh263dec.c in libav 11.8 allows remote attackers to cause ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00041-libav-leftshift-ituh263dec_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=985
CVE-2016-9825 (libswscale/utils.c in libav 11.8 allows remote attackers to cause a ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00040-libav-leftshift-utils_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=984
CVE-2016-9824 (Integer overflow in libswscale/x86/swscale.c in libav 11.8 allows ...)
	- libav <removed>
	[jessie] - libav <no-dsa> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00039-libav-signedintoverflow-swscale_c
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=983
CVE-2016-9823 (libavcodec/x86/mpegvideo.c in libav 11.8 allows remote attackers to ...)
	- libav <removed>
	[jessie] - libav <no-dsa> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00038-libav-uint8_t64-outofbounds-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=982
CVE-2016-9822 (Integer overflow in libavcodec/mpeg12dec.c in libav 11.8 allows remote ...)
	{DSA-3833-1 DLA-791-1}
	- libav <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9)
CVE-2016-9821 (Integer overflow in libavcodec/mpegvideo_parser.c in libav 11.8 allows ...)
	{DSA-3833-1 DLA-791-1}
	- libav <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00037-libav-signedintoverflow-mpegvideo_parser
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=981
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=9f0193c778175cea3fb43f17acf9b90b4d862d33 (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=15e1af0006354d6bbf0e433c5d1e8ef13c93d6d0 (pre 11.9)
CVE-2016-9820 (libavcodec/mpegvideo_motion.c in libav 11.8 allows remote attackers to ...)
	{DLA-791-1}
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
CVE-2016-9819 (libavcodec/mpegvideo.c in libav 11.8 allows remote attackers to cause ...)
	{DLA-791-1}
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/libav-multiple-crashes-from-the-undefined-behavior-sanitizer
	NOTE: https://github.com/asarubbo/poc/blob/master/00036-libav-leftshift-mpegvideo
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=980
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e17bcfbecc268ba00cb55025095d70b1025e6c7d (pre 11.9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f106f74206e69e9056130da8bddffc39f3878ac3 (pre 11.9)
CVE-2016-9818 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-4.patch
CVE-2016-9817 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-3.patch
	NOTE: or https://xenbits.xen.org/xsa/xsa201-3-4.7.patch
CVE-2016-9816 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-2.patch
CVE-2016-9815 (Xen through 4.7.x allows local ARM guest OS users to cause a denial of ...)
	- xen 4.8.0-1
	[jessie] - xen <ignored> (Minor issue)
	[wheezy] - xen <not-affected> (ARM support introduced in 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-201.html
	NOTE: CVE for fix via patch https://xenbits.xen.org/xsa/xsa201-1.patch
CVE-2016-9814 (The validateSignature method in the SAML2\Utils class in SimpleSAMLphp ...)
	{DLA-1298-1}
	- simplesamlphp 1.14.10-1 (low)
	[jessie] - simplesamlphp <no-dsa> (Minor issue)
	NOTE: https://simplesamlphp.org/security/201612-01
	NOTE: https://github.com/simplesamlphp/saml2/pull/81
	NOTE: https://github.com/simplesamlphp/saml2/commit/7008b0916426212c1cc2fc238b38ab9ebff0748c
	NOTE: only exploitable in hard to achieve conditions
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/03/5
CVE-2017-2924 (An exploitable heap-based buffer overflow vulnerability exists in the ...)
	{DSA-3976-1 DLA-1098-1}
	- freexl 1.0.4-1 (bug #875691)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0431
	NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
CVE-2017-2923 (An exploitable heap based buffer overflow vulnerability exists in the ...)
	{DSA-3976-1 DLA-1098-1}
	- freexl 1.0.4-1 (bug #875690)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0430
	NOTE: https://www.gaia-gis.it/fossil/freexl/ci/40c17539ea56f0d8
CVE-2017-2922 (An exploitable memory corruption vulnerability exists in the Websocket ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2921 (An exploitable memory corruption vulnerability exists in the Websocket ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2920 (An memory corruption vulnerability exists in the .SVG parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-2919 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0426
CVE-2017-2918 (An exploitable integer overflow exists in the Image loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: :https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0425
CVE-2017-2917 (An exploitable vulnerability exists in the notifications functionality ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2916 (An exploitable vulnerability exists in the /api/CONFIG/restore ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2915 (An exploitable vulnerability exists in the WiFi configuration ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2914 (An exploitable authentication bypass vulnerability exists in the API ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2913 (An exploitable vulnerability exists in the filtering functionality of ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2912 (An exploitable vulnerability exists in the remote control ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2911 (An exploitable vulnerability exists in the remote control ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2910
	RESERVED
CVE-2017-2909 (An infinite loop programming error exists in the DNS server ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2908 (An exploitable integer overflow exists in the thumbnail functionality ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/07aed404cfb2759f97c60b9f64d8a9392dabaf1a
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0415
CVE-2017-2907 (An exploitable integer overflow exists in the animation playing ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0414
CVE-2017-2906 (An exploitable integer overflow exists in the animation playing ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0413
CVE-2017-2905 (An exploitable integer overflow exists in the bmp loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0412
CVE-2017-2904 (An exploitable integer overflow exists in the RADIANCE loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0411
CVE-2017-2903 (An exploitable integer overflow exists in the DPX loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0410
CVE-2017-2902 (An exploitable integer overflow exists in the DPX loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0409
CVE-2017-2901 (An exploitable integer overflow exists in the IRIS loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/829916f4e57a2d1580ff3b625f6bb909b9144a20
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0408
CVE-2017-2900 (An exploitable integer overflow exists in the PNG loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0407
CVE-2017-2899 (An exploitable integer overflow exists in the TIFF loading ...)
	- blender 2.79.a+dfsg0-1
	[wheezy] - blender <ignored> (Vulnerable but not ignored)
	NOTE: https://git.blender.org/gitweb/gitweb.cgi/blender.git/commit/d30cc1ea0b9ba64d8a1e22105528b6cb8077692c
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0406
CVE-2017-2898 (An exploitable vulnerability exists in the signature verification of ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2897 (An exploitable out-of-bounds write vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0404
CVE-2017-2896 (An exploitable out-of-bounds write vulnerability exists in the ...)
	{DSA-4173-1}
	- r-cran-readxl 1.0.0-2 (bug #895564)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0403
CVE-2017-2895 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2894 (An exploitable stack buffer overflow vulnerability exists in the MQTT ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2893 (An exploitable NULL pointer dereference vulnerability exists in the ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2892 (An exploitable arbitrary memory read vulnerability exists in the MQTT ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2891 (An exploitable use-after-free vulnerability exists in the HTTP server ...)
	- smplayer <unfixed> (bug #898943)
	[stretch] - smplayer <not-affected> (Vulnerable code not present)
	[jessie] - smplayer <not-affected> (Vulnerable code not present)
	[wheezy] - smplayer <not-affected> (Vulnerable code not present)
CVE-2017-2890 (An exploitable vulnerability exists in the /api/CONFIG/restore ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2889 (An exploitable Denial of Service vulnerability exists in the API ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2888 (An exploitable integer overflow vulnerability exists when creating a ...)
	- libsdl2 2.0.6+dfsg1-4 (bug #878264)
	[stretch] - libsdl2 <no-dsa> (Minor issue)
	[jessie] - libsdl2 <no-dsa> (Minor issue)
	- libsdl1.2 <not-affected> (Issue not present, SDL_CreateRGBSurface contains further check for too large width or height)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0395
	NOTE: https://hg.libsdl.org/SDL/rev/7e0f1498ddb5
	NOTE: https://hg.libsdl.org/SDL/rev/81a4950907a0
CVE-2017-2887 (An exploitable buffer overflow vulnerability exists in the XCF ...)
	{DSA-4184-1 DSA-4177-1 DLA-1134-1}
	- libsdl2-image 2.0.1+dfsg-4 (bug #878266)
	- sdl-image1.2 1.2.12-7 (bug #878267)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0394
	NOTE: https://hg.libsdl.org/SDL_image/rev/318484db0705
CVE-2017-2886 (A memory corruption vulnerability exists in the .PSD parsing ...)
	NOT-FOR-US: ACDSee Ultimate
CVE-2017-2885 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	{DSA-3929-1}
	- libsoup2.4 2.56.1-1 (bug #871650)
	[wheezy] - libsoup2.4 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=785774
CVE-2017-2884 (An exploitable vulnerability exists in the user photo update ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2883 (An exploitable vulnerability exists in the database update ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2882 (An exploitable vulnerability exists in the servers update ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2881 (An exploitable vulnerability exists in the torlist update ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2880 (An memory corruption vulnerability exists in the .GIF parsing ...)
	NOT-FOR-US: Computerinsel Photoline
CVE-2017-2879
	RESERVED
CVE-2017-2878
	RESERVED
CVE-2017-2877
	RESERVED
CVE-2017-2876
	RESERVED
CVE-2017-2875
	RESERVED
CVE-2017-2874
	RESERVED
CVE-2017-2873
	RESERVED
CVE-2017-2872
	RESERVED
CVE-2017-2871 (Insufficient security checks exist in the recovery procedure used by ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2870 (An exploitable integer overflow vulnerability exists in the ...)
	- gdk-pixbuf 2.36.10-1 (unimportant; bug #873787)
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=31a6cff3dfc6944aad4612a9668b8ad39122e48b
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770986
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780269
	NOTE: Built with GCC in Debian, which doesn't remove the check
CVE-2017-2869 (An exploitable code execution vulnerability exists in the OpenProducer ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2868 (An exploitable code execution vulnerability exists in the ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2867 (An exploitable code execution vulnerability exists in the ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2866 (An exploitable vulnerability exists in the /api/CONFIG/backup ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2865 (An exploitable vulnerability exists in the firmware update ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2864 (An exploitable vulnerability exists in the generation of ...)
	NOT-FOR-US: Circle with Disney
CVE-2017-2863 (An out-of-bounds write vulnerability exists in the PDF parsing ...)
	NOT-FOR-US: Iceni Infix
CVE-2017-2862 (An exploitable heap overflow vulnerability exists in the ...)
	{DSA-3978-1 DLA-1100-1}
	- gdk-pixbuf 2.36.10-1 (bug #874552)
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=c2a40a92fe3df4111ed9da51fe3368c079b86926
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6dd89e126a277460faafc1f679db44ccf78446fb
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=784866
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0366
CVE-2017-2861 (An exploitable Denial of Service vulnerability exists in the use of a ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2860
	RESERVED
CVE-2017-2859
	RESERVED
CVE-2017-2858
	RESERVED
CVE-2017-2857
	RESERVED
CVE-2017-2856
	RESERVED
CVE-2017-2855
	RESERVED
CVE-2017-2854
	RESERVED
CVE-2017-2853 (An exploitable Code Execution vulnerability exists in the ...)
	NOT-FOR-US: Natus Xltek NeuroWorks
CVE-2017-2852
	RESERVED
CVE-2017-2851 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2850 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2849 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2848 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2847 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2846 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2845 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2844 (In the web management interface in Foscam C1 Indoor HD cameras with ...)
	NOT-FOR-US: Foscam C1 Indoor HD cameras
CVE-2017-2843 (In the web management interface in Foscam C1 Indoor HD Camera running ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2842 (In the web management interface in Foscam C1 Indoor HD Camera running ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2841 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2840 (A buffer overflow vulnerability exists in the ISO parsing ...)
	NOT-FOR-US: EZB Systems UltraISO
CVE-2017-2839 (An exploitable denial of service vulnerability exists within the ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0341
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2838 (An exploitable denial of service vulnerability exists within the ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0340
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2837 (An exploitable denial of service vulnerability exists within the ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0339
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2836 (An exploitable denial of service vulnerability exists within the ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0338
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2835 (An exploitable code execution vulnerability exists in the RDP receive ...)
	{DSA-3923-1 DLA-1095-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0337
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2834 (An exploitable code execution vulnerability exists in the ...)
	{DSA-3923-1}
	- freerdp 1.1.0~git20140921.1.440916e+dfsg1-14 (bug #869880)
	[wheezy] - freerdp <not-affected> (vulnerable code not present)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0336
	NOTE: http://blog.talosintelligence.com/2017/07/vulnerbility-spotlight-freerdp-multiple.html
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/03ab68318966c3a22935a02838daaea7b7fbe96c (1.1)
CVE-2017-2833 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2832 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2831 (An exploitable buffer overflow vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2830 (An exploitable buffer overflow vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2829 (An exploitable directory traversal vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2828 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2827 (An exploitable command injection vulnerability exists in the web ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2826 (An information disclosure vulnerability exists in the iConfig proxy ...)
	- zabbix <unfixed> (low)
	[stretch] - zabbix <ignored> (Minor issue, workaround exists)
	[jessie] - zabbix <ignored> (Minor issue, workaround exists)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0327
	NOTE: Relates to the information disclosure as mentioned in
	NOTE: https://support.zabbix.com/browse/ZBX-12076
	NOTE: Workaround for Zabbix 3.0 exists: https://www.zabbix.com/documentation/3.0/manual/distributed_monitoring/proxies#configuration
	NOTE: using encyrpted connections with the proxy.
CVE-2017-2825 (In the trapper functionality of Zabbix Server 2.4.x, specifically ...)
	{DSA-3937-1}
	- zabbix 1:3.0.7+dfsg-3 (bug #863584)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0326/
	NOTE: https://support.zabbix.com/browse/ZBX-12076
CVE-2017-2824 (An exploitable code execution vulnerability exists in the trapper ...)
	{DSA-3937-1}
	- zabbix 1:3.0.7+dfsg-3 (bug #863584)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0325/
	NOTE: https://support.zabbix.com/browse/ZBX-12075
CVE-2017-2823 (A use-after-free vulnerability exists in the .ISO parsing ...)
	NOT-FOR-US: PowerISO
CVE-2017-2822 (An exploitable code execution vulnerability exists in the image ...)
	NOT-FOR-US: Lexmark
CVE-2017-2821 (An exploitable use-after-free exists in the PDF parsing functionality ...)
	NOT-FOR-US: Lexmark
CVE-2017-2820 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
	- poppler <unfixed> (unimportant)
	NOTE: Debian uses openjpeg for processing JPEG 2000 images, this advisory is
	NOTE: against Ubuntu, which disables openjpeg due to being in universe
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0321
CVE-2017-2819 (An exploitable heap-based buffer overflow exists in the Hangul Word ...)
	NOT-FOR-US: Hancom Thinkfree Office NEO
CVE-2017-2818 (An exploitable heap overflow vulnerability exists in the image ...)
	- poppler <unfixed> (unimportant)
	NOTE: Debian links against libjpeg which is unaffected
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2817 (A stack buffer overflow vulnerability exists in the ISO parsing ...)
	NOT-FOR-US: PowerISO
CVE-2017-2816 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
	{DLA-1192-1}
	- libofx 1:0.9.11-4 (bug #875801)
	[stretch] - libofx 1:0.9.10-2+deb9u1
	[jessie] - libofx 1:0.9.10-1+deb8u1
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0317
	NOTE: https://github.com/libofx/libofx/commit/a70934eea95c76a7737b83773bffe8738935082d
	NOTE: https://github.com/libofx/libofx/issues/9
CVE-2017-2815 (An exploitable XML entity injection vulnerability exists in OpenFire ...)
	NOT-FOR-US: OpenFire User Import Export Plugin
CVE-2017-2814 (An exploitable heap overflow vulnerability exists in the image ...)
	- poppler <unfixed> (unimportant)
	NOTE: Debian links against libjpeg which is unaffected
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0319
CVE-2017-2813 (An exploitable integer overflow vulnerability exists in the JPEG 2000 ...)
	NOT-FOR-US: IrfanView
CVE-2017-2812 (A code execution vulnerability exists in the kdu_buffered_expand ...)
	NOT-FOR-US: Kakadu
CVE-2017-2811 (A code execution vulnerability exists in the Kakadu SDK 7.9's parsing ...)
	NOT-FOR-US: Kakadu
CVE-2017-2810 (An exploitable vulnerability exists in the Databook loading ...)
	- python-tablib 0.9.11-3 (bug #864818)
	[stretch] - python-tablib 0.9.11-2+deb8u1
	[jessie] - python-tablib 0.9.11-2+deb8u1
	NOTE: Fixed by: https://github.com/kennethreitz/tablib/commit/69abfc3ada5d754cb152119c0b4777043657cb6e
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0307
CVE-2017-2809 (An exploitable vulnerability exists in the yaml loading functionality ...)
	NOT-FOR-US: Ansible Vault
CVE-2017-2808 (An exploitable use-after-free vulnerability exists in the account ...)
	- ledger <unfixed> (low; bug #876659)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0304
CVE-2017-2807 (An exploitable buffer overflow vulnerability exists in the tag parsing ...)
	- ledger <unfixed> (low; bug #876660)
	[stretch] - ledger <no-dsa> (Minor issue)
	[jessie] - ledger <no-dsa> (Minor issue)
	[wheezy] - ledger <no-dsa> (Minor issue)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0303
CVE-2017-2806 (An exploitable arbitrary read exists in the XLS parsing of the Lexmark ...)
	NOT-FOR-US: Lexmark Perspective Document Filters conversion functionality
CVE-2017-2805 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Foscam C1 Indoor HD Camera
CVE-2017-2804 (A remote out of bound write vulnerability exists in the TIFF parsing ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2017-2803 (A remote out of bound write vulnerability exists in the TIFF parsing ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2017-2802 (An exploitable dll hijacking vulnerability exists in the ...)
	NOT-FOR-US: Dell
CVE-2017-2801 (A programming error exists in a way Randombit Botan cryptographic ...)
	{DSA-3939-1 DLA-915-1}
	- botan1.10 1.10.16-1 (bug #860072)
	NOTE: https://github.com/randombit/botan/commit/c927101675e5f63fc0bdd93c5a4825adc54323b4 (1.10.16)
	NOTE: Bug introduced in 1.6.0 or earlier, fixed in 2.1.0 and 1.10.16
CVE-2017-2800 (A specially crafted x509 certificate can cause a single out of bounds ...)
	- wolfssl 3.12.0+dfsg-1 (bug #862154)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2017-0293/
CVE-2017-2799 (An exploitable heap corruption vulnerability exists in the AddSst ...)
	NOT-FOR-US: Antenna House DMC HTMLFilter
CVE-2017-2798 (An exploitable heap corruption vulnerability exists in the ...)
	NOT-FOR-US: Antenna House DMC HTMLFilter
CVE-2017-2797 (An exploitable heap overflow vulnerability exists in the ...)
	NOT-FOR-US: AntennaHouse
CVE-2017-2796
	RESERVED
CVE-2017-2795
	RESERVED
CVE-2017-2794 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: AntennaHouse
CVE-2017-2793 (An exploitable heap corruption vulnerability exists in the ...)
	NOT-FOR-US: AntennaHouse
CVE-2017-2792
	RESERVED
CVE-2017-2791 (JustSystems Ichitaro 2016 Trial contains a vulnerability that exists ...)
	NOT-FOR-US: JustSystems Ichitaro 2016 Trial
CVE-2017-2790 (When processing a record type of 0x3c from a Workbook stream from an ...)
	NOT-FOR-US: JustSystems Ichitaro Office
CVE-2017-2789 (When copying filedata into a buffer, JustSystems Ichitaro Office 2016 ...)
	NOT-FOR-US: JustSystems Ichitaro Office 2016 Trial
CVE-2017-2788 (A buffer overflows exists in the psnotifyd application of the Pharos ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2787 (A buffer overflows exists in the psnotifyd application of the Pharos ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2786 (A denial of service vulnerability exists in the psnotifyd application ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2785 (An exploitable buffer overflow exists in the psnotifyd application of ...)
	NOT-FOR-US: Pharos PopUp Printer Client
CVE-2017-2784 (An exploitable free of a stack pointer vulnerability exists in the ...)
	- mbedtls 2.4.2-1 (bug #857560)
	- polarssl <removed> (bug #857561)
	[jessie] - polarssl 1.3.9-2.1+deb8u2
	[wheezy] - polarssl <not-affected> (Vulnerable code not present)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2017-01
	NOTE: Wheezy do not have any elliptic curve functionality. Jessie is affected however.
CVE-2017-2783 (An exploitable heap corruption vulnerability exists in the ...)
	NOT-FOR-US: AntennaHouse
CVE-2017-2782 (An integer overflow vulnerability exists in the X509 certificate ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0278
CVE-2017-2781 (An exploitable heap buffer overflow vulnerability exists in the X509 ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0277
CVE-2017-2780 (An exploitable heap buffer overflow vulnerability exists in the X509 ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://talosintelligence.com/vulnerability_reports/TALOS-2017-0276
CVE-2017-2779 (An exploitable memory corruption vulnerability exists in the RSRC ...)
	NOT-FOR-US: Labview
CVE-2017-2778
	RESERVED
CVE-2017-2777
	RESERVED
CVE-2017-2776
	RESERVED
CVE-2017-2775 (An exploitable memory corruption vulnerability exists in the ...)
	NOT-FOR-US: Labview
CVE-2017-2774
	REJECTED
CVE-2017-2773 (An issue was discovered in Pivotal PCF Elastic Runtime 1.6.x versions ...)
	NOT-FOR-US: Pivotal PCF Elastic Runtime
CVE-2017-2772
	REJECTED
CVE-2017-2771
	REJECTED
CVE-2017-2770
	REJECTED
CVE-2017-2769
	REJECTED
CVE-2017-2768 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...)
	NOT-FOR-US: EMC Network Configuration Manager
CVE-2017-2767 (EMC Network Configuration Manager (NCM) 9.3.x, EMC Network ...)
	NOT-FOR-US: EMC Network Configuration Manager
CVE-2017-2766 (EMC Documentum eRoom version 7.4.4, EMC Documentum eRoom version 7.4.4 ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2017-2765 (EMC Isilon InsightIQ 4.1.0, 4.0.1, 4.0.0, 3.2.2, 3.2.1, 3.2.0, 3.1.1, ...)
	NOT-FOR-US: EMC Isilon InsightIQ
CVE-2017-2764
	RESERVED
CVE-2017-2763
	RESERVED
CVE-2017-2762
	RESERVED
CVE-2017-2761
	RESERVED
CVE-2017-2760
	RESERVED
CVE-2017-2759
	RESERVED
CVE-2017-2758
	RESERVED
CVE-2017-2757
	RESERVED
CVE-2017-2756
	RESERVED
CVE-2017-2755
	RESERVED
CVE-2017-2754
	RESERVED
CVE-2017-2753
	RESERVED
CVE-2017-2752
	RESERVED
CVE-2017-2751
	RESERVED
CVE-2017-2750 (Insufficient Solution DLL Signature Validation allows potential ...)
	NOT-FOR-US: HP printers
CVE-2017-2749
	RESERVED
CVE-2017-2748
	RESERVED
CVE-2017-2747 (HP has identified a potential security vulnerability before ...)
	NOT-FOR-US: HP printers
CVE-2017-2746 (Potential security vulnerabilities have been identified with HP ...)
	NOT-FOR-US: HP JetAdvantage Security Manager
CVE-2017-2745 (Potential security vulnerabilities have been identified with HP ...)
	NOT-FOR-US: HP JetAdvantage Security Manager
CVE-2017-2744 (The vulnerability allows attacker to extract binaries into protected ...)
	NOT-FOR-US: HP Support Assistant
CVE-2017-2743 (HP has identified a potential security vulnerability with HP ...)
	NOT-FOR-US: HP printers
CVE-2017-2742 (A potential security vulnerability has been identified with HP Web ...)
	NOT-FOR-US: HP Web JetAdmin
CVE-2017-2741 (A potential security vulnerability has been identified with HP ...)
	NOT-FOR-US: HP printers
CVE-2017-2740 (A potential security vulnerability has been identified with the ...)
	NOT-FOR-US: HP ThinPro
CVE-2017-2739 (The upgrade package of Huawei Vmall APP Earlier than HwVmall 1.5.3.0 ...)
	NOT-FOR-US: Huawei
CVE-2017-2738 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-2737 (VCM5010 with software versions earlier before V100R002C50SPC100 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-2736 (VCM5010 with software versions earlier before V100R002C50SPC100 has a ...)
	NOT-FOR-US: Huawei
CVE-2017-2735 (TIT-AL00 smartphones with software versions earlier before ...)
	NOT-FOR-US: Huawei
CVE-2017-2734 (P9 Plus smartphones with software versions earlier before ...)
	NOT-FOR-US: Huawei
CVE-2017-2733 (Honor 6X smartphones with software versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-2732 (Huawei Hilink APP Versions earlier before 5.0.25.306 has an ...)
	NOT-FOR-US: Huawei
CVE-2017-2731 (The vibrator service in P9 Plus smart phones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2017-2730 (HUAWEI HiLink APP (for IOS) versions earlier before 5.0.25.306 and ...)
	NOT-FOR-US: Huawei
CVE-2017-2729 (The boot loaders in Honor 5A smart phones with software Versions ...)
	NOT-FOR-US: Huawei
CVE-2017-2728 (Some Huawei mobile phones Honor 6X Berlin-L22C636B150 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2727 (Huawei P9 smart phones with software versions earlier before ...)
	NOT-FOR-US: Huawei
CVE-2017-2726 (Bastet in P10 Plus and P10 smart phones with software earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-2725 (Bastet in P10 Plus and P10 smart phones with software earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-2724 (Bastet in P10 Plus and P10 smart phones with software earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-2723 (The Files APP 7.1.1.308 and earlier versions in some Huawei mobile ...)
	NOT-FOR-US: Huawei
CVE-2017-2722 (DP300 V500R002C00,TE60 with software V100R001C01, V100R001C10, ...)
	NOT-FOR-US: Huawei
CVE-2017-2721 (Some Huawei smart phones with software ...)
	NOT-FOR-US: Huawei
CVE-2017-2720 (FusionSphere OpenStack V100R006C00 has an information exposure ...)
	NOT-FOR-US: Huawei
CVE-2017-2719 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ...)
	NOT-FOR-US: Huawei
CVE-2017-2718 (FusionSphere OpenStack with software V100R006C00 and V100R006C10RC2 ...)
	NOT-FOR-US: Huawei
CVE-2017-2717 (honor 8 Pro with software Duke-L09C10B120 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2716 (The camerafs driver in Mate 9 Versions earlier than MHA-AL00BC00B173 ...)
	NOT-FOR-US: Huawei
CVE-2017-2715 (The Files APP 7.1.1.309 and earlier versions in some Huawei mobile ...)
	NOT-FOR-US: Huawei
CVE-2017-2714 (The GaussDB in FusionSphere OpenStack V100R005C10SPC705 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2713 (HUAWEI P9 smartphones with software versions earlier before ...)
	NOT-FOR-US: Huawei
CVE-2017-2712 (S3300 V100R006C05 have an Ethernet in the First Mile (EFM) flapping ...)
	NOT-FOR-US: Huawei
CVE-2017-2711 (P9 Plus smartphones with software earlier than VIE-AL10C00B352 ...)
	NOT-FOR-US: Huawei
CVE-2017-2710 (BTV-W09C229B002CUSTC229D005,BTV-W09C233B029, earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-2709 (HiGame with software earlier than 7.3.0 versions, SkyTone with ...)
	NOT-FOR-US: Huawei
CVE-2017-2708 (The 'Find Phone' function in Nice smartphones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2017-2707 (Mate 9 smartphones with software MHA-AL00AC00B125 have a privilege ...)
	NOT-FOR-US: Huawei
CVE-2017-2706 (Mate 9 smartphones with software MHA-AL00AC00B125 have a directory ...)
	NOT-FOR-US: Huawei
CVE-2017-2705 (Huawei P9 smartphones with software versions earlier before ...)
	NOT-FOR-US: Huawei
CVE-2017-2704 (Smarthome 1.0.2.364 and earlier versions,HiAPP 7.3.0.303 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2703 (Phone Finder in versions earlier before MHA-AL00BC00B156,Versions ...)
	NOT-FOR-US: Huawei
CVE-2017-2702 (Phone Finder in versions earlier before MHA-AL00C00B170 can be bypass. ...)
	NOT-FOR-US: Huawei
CVE-2017-2701 (Mate 9 with software MHA-AL00AC00B125 has a denial of service (DoS) ...)
	NOT-FOR-US: Huawei
CVE-2017-2700 (AC6005 with software V200R006C10, AC6605 with software V200R006C10 ...)
	NOT-FOR-US: Huawei
CVE-2017-2699 (The Huawei Themes APP in versions earlier than PLK-UL00C17B385, ...)
	NOT-FOR-US: Huawei
CVE-2017-2698 (The ddr_devfreq driver in versions earlier than GRA-UL00C00B197 has ...)
	NOT-FOR-US: Huawei
CVE-2017-2697 (The goldeneye driver in NMO-L31C432B120 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2696 (The emerg_data driver in CAM-L21C10B130 and earlier versions, ...)
	NOT-FOR-US: Huawei
CVE-2017-2695 (TIT-AL00C583B211 has a directory traversal vulnerability which allows ...)
	NOT-FOR-US: Huawei
CVE-2017-2694 (The AlarmService component in HwVmall with software earlier than ...)
	NOT-FOR-US: Huawei
CVE-2017-2693 (ALE-L02C635B140 and earlier versions,ALE-L02C636B140 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2692 (The Keyguard application in ALE-L02C635B140 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2691 (Huawei P9 versions earlier before EVA-AL10C00B373, versions earlier ...)
	NOT-FOR-US: Huawei
CVE-2017-2690 (SoftCo with software V200R003C20,eSpace U1910 with software ...)
	NOT-FOR-US: Huawei
CVE-2017-2689 (Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to ...)
	NOT-FOR-US: Siemens
CVE-2017-2688 (The integrated web server in Siemens RUGGEDCOM ROX I (all versions) at ...)
	NOT-FOR-US: Siemens
CVE-2017-2687 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability in the ...)
	NOT-FOR-US: Siemens
CVE-2017-2686 (Siemens RUGGEDCOM ROX I (all versions) contain a vulnerability that ...)
	NOT-FOR-US: Siemens
CVE-2017-2685 (Siemens SINUMERIK Integrate Operate Clients between 2.0.3.00.016 ...)
	NOT-FOR-US: Siemens
CVE-2017-2684 (Siemens SIMATIC Logon prior to V1.5 SP3 Update 2 could allow an ...)
	NOT-FOR-US: Siemens
CVE-2017-2683 (A non-privileged user of the Siemens web application RUGGEDCOM NMS &lt; ...)
	NOT-FOR-US: Siemens
CVE-2017-2682 (The Siemens web application RUGGEDCOM NMS &lt; V1.2 on port 8080/TCP and ...)
	NOT-FOR-US: Siemens
CVE-2017-2681 (A vulnerability has been identified in SIMATIC CP 343-1 Std (All ...)
	NOT-FOR-US: Siemens
CVE-2017-2680 (SIEMENS SIMATIC CP 343-1 Std, CP 343-1 Lean (All versions), SIMATIC CP ...)
	NOT-FOR-US: Siemens
CVE-2017-2679
	RESERVED
CVE-2017-2678
	RESERVED
CVE-2017-2677
	RESERVED
CVE-2017-2676
	RESERVED
CVE-2017-2675 (Little Snitch version 3.0 through 3.7.3 suffer from a local privilege ...)
	NOT-FOR-US: Little Snitch
CVE-2017-2674
	RESERVED
	NOT-FOR-US: Red Hat business central
CVE-2017-2673 [federated user gets wrong role]
	RESERVED
	- keystone 2:10.0.0-9 (bug #861189)
	[jessie] - keystone <not-affected> (Vulnerable code not present)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1677723
CVE-2017-2672
	RESERVED
	- foreman <itp> (bug #663101)
CVE-2017-2671 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel ...)
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/24/6
	NOTE: Fixed by: https://git.kernel.org/linus/43a6684519ab0a6c52024b5e25322476cabad893
CVE-2017-2670
	RESERVED
	{DSA-3906-1}
	- undertow 1.4.18-1 (bug #864405)
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/9bfe9fbbb595d51157b61693f072895f7dbadd1d
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1035
CVE-2017-2669 [auth: Do not double-expand key in passdb dict when authenticating]
	RESERVED
	- dovecot 1:2.2.27-3 (bug #860049)
	[jessie] - dovecot <not-affected> (Vulnerable code not present)
	[wheezy] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/dovecot/core/commit/000030feb7a30f193197f1aab8a7b04a26b42735
	NOTE: Introduced by: https://github.com/dovecot/core/commit/a3783f8a3c9cd816b51e77a922f82301512fcf22
CVE-2017-2668 [Remote crash via crafted LDAP messages]
	RESERVED
	- 389-ds-base 1.3.5.17-1 (bug #860125)
	NOTE: CentOS fix: https://git.centos.org/raw/rpms!389-ds-base!/c9e5dad69e2b497f118efac56f43cc6c74b6a695/SOURCES!0072-fix-for-cve-2017-2668-simple-return-text-if-suffix-n.patch
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1436575
CVE-2017-2667 (Hammer CLI, a CLI utility for Foreman, before version 0.10.0, did not ...)
	- foreman <itp> (bug #663101)
CVE-2017-2666
	RESERVED
	{DSA-3906-1}
	- undertow 1.4.18-1 (bug #864405)
	NOTE: https://issues.jboss.org/browse/UNDERTOW-1101
	NOTE: Fixed by https://github.com/undertow-io/undertow/commit/1e72647818c9fb31b693a953b1ae595a6c82eb7f
CVE-2017-2665
	RESERVED
	NOT-FOR-US: Red Hat Storage / skyring
CVE-2017-2664
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-2663
	RESERVED
	NOT-FOR-US: candlepin / subscription-manager
CVE-2017-2662
	RESERVED
	- foreman <itp> (bug #663101)
CVE-2017-2661 (ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site ...)
	- pcs 0.9.155+dfsg-2 (bug #858379)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1428948
	NOTE: https://github.com/ClusterLabs/pcs/commit/1874a769b5720ae5430f10c6cedd234430bc703f
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/23/2
CVE-2017-2660
	RESERVED
CVE-2017-2659
	RESERVED
CVE-2017-2658
	RESERVED
	NOT-FOR-US: JBoss BPMS
CVE-2017-2657
	RESERVED
CVE-2017-2656
	REJECTED
CVE-2017-2655
	REJECTED
CVE-2017-2654
	RESERVED
CVE-2017-2653
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2017-2652
	RESERVED
CVE-2017-2651
	RESERVED
	NOT-FOR-US: jenkins-mailer-plugin
CVE-2017-2650
	RESERVED
CVE-2017-2649
	RESERVED
CVE-2017-2648
	RESERVED
	NOT-FOR-US: jenkins-ssh-slaves-plugin
CVE-2017-2647 (The KEYS subsystem in the Linux kernel before 3.18 allows local users ...)
	{DLA-922-1}
	- linux 4.0.2-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/c06cfb08b88dfbe13be44a69ae2fdc3a7c902d81 (v3.18-rc1)
CVE-2017-2646
	RESERVED
	NOT-FOR-US: Keycloak
CVE-2017-2645 (In Moodle 3.x, XSS can occur via attachments to evidence of prior ...)
	- moodle <not-affected> (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4)
	NOTE: https://tracker.moodle.org/browse/MDL-57597
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57597
CVE-2017-2644 (In Moodle 3.x, XSS can occur via evidence of prior learning. ...)
	- moodle <not-affected> (Only affects 3.2 to 3.2.1 and 3.1 to 3.1.4)
	NOTE: https://tracker.moodle.org/browse/MDL-57596
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57596
CVE-2017-2643 (In Moodle 3.2.x, global search displays user names for unauthenticated ...)
	- moodle <not-affected> (Only affects 3.2 to 3.2.1)
	NOTE: https://tracker.moodle.org/browse/MDL-56526
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-56526
CVE-2017-2642 (Moodle 3.x has user fullname disclosure on the user preferences page. ...)
	- moodle <removed>
	NOTE: https://moodle.org/mod/forum/discuss.php?d=355554
CVE-2017-2641 (In Moodle 2.x and 3.x, SQL injection can occur via user preferences. ...)
	- moodle 2.7.19+dfsg-1
	NOTE: https://tracker.moodle.org/browse/MDL-58010
	NOTE: https://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-58010
CVE-2017-2640 [Out-of-bounds write when stripping xml]
	RESERVED
	{DSA-3806-1 DLA-853-1}
	- pidgin 2.12.0-1 (bug #859159)
	NOTE: https://www.pidgin.im/news/security/?id=109
	NOTE: https://bitbucket.org/pidgin/main/commits/b2fc9e774cb9
CVE-2017-2639
	RESERVED
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-2638
	RESERVED
	NOT-FOR-US: infinispan
CVE-2017-2637
	RESERVED
	NOT-FOR-US: Red Hat OpenStack Platform director
CVE-2017-2636 (Race condition in drivers/tty/n_hdlc.c in the Linux kernel through ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.9.16-1
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/07/6
	NOTE: Fixed by: https://git.kernel.org/linus/82f2341c94d270421f383641b7cd670e474db56b (v4.11-rc2)
	NOTE: https://a13xp0p0v.github.io/2017/03/24/CVE-2017-2636.html
CVE-2017-2635 [Null pointer dereference when updating storage size on empty drives]
	RESERVED
	- libvirt 3.0.0-3 (bug #856313)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c5f6151390ff0a8e65014172bb8c0a8d312c3353 (v3.0.0-rc1)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c3de387380f6057ee0e46cd9f2f0a092e8070875 (v3.1.0-rc1)
CVE-2017-2634 [dccp: crash while sending ipv6 reset packet]
	RESERVED
	- linux <not-affected> (Fixed before initial rename to src:linux)
	NOTE: Fixed by: https://git.kernel.org/linus/f53dc67c5e7babafe239b93a11678b0e05bead51 (2.6.25-rc1)
CVE-2017-2633 [VNC: memory corruption due to unchecked resolution limit]
	RESERVED
	- qemu 2.1+dfsg-1
	[wheezy] - qemu <postponed> (Can be fixed along when more severe issues are being fixed)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <postponed> (Can be fixed along when more severe issues are being fixed)
	NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commitdiff;h=bea60dd7679364493a0d7f5b54316c767cf894ef
	NOTE: Upstream patch: http://git.qemu-project.org/?p=qemu.git;a=commit;h=9f64916da20eea67121d544698676295bbb105a7
CVE-2017-2632
	RESERVED
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2017-2631
	RESERVED
CVE-2017-2630 [nbd: oob stack write in client routine drop_sync]
	RESERVED
	- qemu 1:2.8+dfsg-3 (bug #855227)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.8.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.8.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg01246.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1422415
CVE-2017-2629 [SSL_VERIFYSTATUS ignored]
	RESERVED
	- curl 7.52.1-3
	[jessie] - curl <not-affected> (Vulnerable code introduced later)
	[wheezy] - curl <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/curl/curl/commit/ca6ea6d9be5102a2246dff6e17b3ee9ad4ec64d0
	NOTE: Patch: https://curl.haxx.se/CVE-2017-2629.patch
	NOTE: https://curl.haxx.se/docs/adv_20170222.html
CVE-2017-2628 (curl, as shipped in Red Hat Enterprise Linux 6 before version ...)
	- curl <not-affected> (Red Hat specific backport issue)
CVE-2017-2627 [openstack-tripleo-common: sudoers file is too permissive]
	RESERVED
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1421917
	NOT-FOR-US: RHEL packaging flaw for openstack
CVE-2017-2626 [Weak Entropy Usage in Session Keys in libICE]
	RESERVED
	- libice 2:1.0.9-2 (bug #856400)
	[jessie] - libice <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
	[wheezy] - libice <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2625 [Weak entropy usage for session keys in libxdm]
	RESERVED
	- libxdmcp 1:1.1.2-2 (bug #856399)
	[jessie] - libxdmcp <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
	[wheezy] - libxdmcp <no-dsa> (Minor issue, can be fixed in a point update or next DSA)
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2624 [Timing attack against MIT Cookie]
	RESERVED
	{DLA-1186-1}
	- xorg-server 2:1.19.2-1 (low; bug #856398)
	[jessie] - xorg-server 2:1.16.4-1+deb8u2
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2017-001-xorg/
CVE-2017-2623
	RESERVED
	NOT-FOR-US: Red Hat rpm-ostree
CVE-2017-2622 [openstack-mistral: /var/log/mistral/ is world readable]
	RESERVED
	- mistral <undetermined>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420992
	NOTE: tracing the installation shows that mkdir -p /var/log/mistral
	NOTE: is executed, which depending on the umask might end in wrong
	NOTE: permissions. But for Debian the final permissions seem to end
	NOTE: to 0750, despite, owned by mistral:adm. Thus might need more
	NOTE: investigation to determine the affected status.
CVE-2017-2621 [/var/log/heat/ is world readable]
	RESERVED
	- heat <not-affected> (heat-common postinst chmod's 0750 /var/log/heat)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1420990
CVE-2017-2620 [display: cirrus: out-of-bounds access issue while in cirrus_bitblt_cputovideo]
	RESERVED
	{DLA-1270-1 DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (bug #855791)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-209.html
	NOTE: Qemu upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2017-02/msg04700.html
CVE-2017-2619 (Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a ...)
	{DSA-3816-1 DLA-894-1}
	- samba 2:4.5.6+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2017-2619.html
CVE-2017-2618 [selinux: fix off-by-one in setprocattr]
	RESERVED
	{DSA-3791-1}
	- linux 4.9.10-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/0c461cb727d146c9ef2d3e86214f498b78b7d125
CVE-2017-2617
	RESERVED
	NOT-FOR-US: hawtio
CVE-2017-2616 [Sending SIGKILL to other processes with root privileges via su]
	RESERVED
	{DSA-3793-1 DLA-838-1}
	- shadow 1:4.4-4 (bug #855943)
	NOTE: https://github.com/shadow-maint/shadow/commit/08fd4b69e84364677a10e519ccb25b71710ee686
	- util-linux 2.29.2-1 (unimportant)
	NOTE: https://github.com/karelzak/util-linux/commit/dffab154d29a288aa171ff50263ecc8f2e14a891
	- coreutils 8.20-1 (unimportant)
	NOTE: Coreutils: Removed from source in https://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=928dd737
	NOTE: and not installed by default since 2007.
CVE-2017-2615 [display: cirrus: oob access while doing bitblt copy backward mode]
	RESERVED
	{DLA-845-1 DLA-842-1}
	- qemu 1:2.8+dfsg-3 (low; bug #854731)
	NOTE: Introduced with: http://git.qemu.org/?p=qemu.git;a=commit;h=d3532a0db02296e687711b8cdc7791924efccea0 (which was the fix for CVE-2014-8106)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=62d4c6bd5263bb8413a06c80144fc678df6dfb64
CVE-2017-2614
	RESERVED
	NOT-FOR-US: Red Hat ovirt-aaa-jdbc-tool tools
CVE-2017-2613 (jenkins before versions 2.44, 2.32.2 is vulnerable to a user creation ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2612 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2611 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an insufficient ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2610 (jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2609
	RESERVED
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2608 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a remote code ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2607
	RESERVED
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2606 (Jenkins before versions 2.44, 2.32.2 is vulnerable to an information ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2605
	REJECTED
CVE-2017-2604 (In Jenkins before versions 2.44, 2.32.2 low privilege users were able ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2603 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a user data leak ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2602 (jenkins before versions 2.44, 2.32.2 is vulnerable to an improper ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2601 (Jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2600 (In jenkins before versions 2.44, 2.32.2 node monitor data could be ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2599 (Jenkins before versions 2.44 and 2.32.2 is vulnerable to an ...)
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2598
	RESERVED
	- jenkins <removed>
	NOTE: https://jenkins.io/security/advisory/2017-02-01/
CVE-2017-2597
	RESERVED
CVE-2017-2596 (The nested_vmx_check_vmptr function in arch/x86/kvm/vmx.c in the Linux ...)
	{DSA-3791-1}
	- linux 4.9.13-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://www.spinics.net/lists/kvm/msg144319.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1417812
CVE-2017-2595
	RESERVED
	- wildfly <itp> (bug #752018)
CVE-2017-2594 (hawtio before versions 2.0-beta-1, 2.0-beta-2 2.0-m1, 2.0-m2, 2.0-m3, ...)
	NOT-FOR-US: hawtio
CVE-2017-2593
	RESERVED
CVE-2017-2592 (python-oslo-middleware before versions 3.8.1, 3.19.1, 3.23.1 is ...)
	- python-oslo.middleware 3.19.0-3 (bug #852742)
	NOTE: https://launchpad.net/bugs/1628031
CVE-2017-2591 (389-ds-base before version 1.3.6 is vulnerable to an improperly NULL ...)
	- 389-ds-base 1.3.5.15-2 (bug #851769)
	[jessie] - 389-ds-base <not-affected> (Only affects 1.3.4.0 and later)
	NOTE: https://fedorahosted.org/389/changeset/ffda694dd622b31277da07be76d3469fad86150f/
CVE-2017-2590 [Insufficient permission check for ca-del, ca-disable and ca-enable commands]
	RESERVED
	- freeipa <not-affected> (ca plugin introduced in 4.4)
	NOTE: https://pagure.io/freeipa/issue/6713
	NOTE: Fixed by (master): https://pagure.io/freeipa/c/b81ac59640f0b76fa9f53cf8be441f085a7089c4?branch=master
	NOTE: Fixed by (ipa-4.4): https://pagure.io/freeipa/c/1aa314c79648c442473f19344387bfe11ec2141b?branch=ipa-4-4
CVE-2017-2589
	RESERVED
	NOT-FOR-US: hawtio
CVE-2017-2588
	RESERVED
CVE-2017-2587
	RESERVED
	- netpbm-free <not-affected> (vulnerable code not present)
	NOTE: Debian uses an old fork of netpbm
	NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
CVE-2017-2586
	RESERVED
	- netpbm-free <not-affected> (vulnerable code not present)
	NOTE: Debian uses an old fork of netpbm
	NOTE: Fixed by http://pkgs.fedoraproject.org/cgit/rpms/netpbm.git/commit/?id=c16a8b893ed77fc3f6f2b382d0d47d03621ed328
CVE-2017-2585 (Red Hat Keycloak before version 2.5.1 has an implementation of HMAC ...)
	NOT-FOR-US: Keycloak
CVE-2017-2584 (arch/x86/kvm/emulate.c in the Linux kernel through 4.9.3 allows local ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
	NOTE: Upstream patch: https://www.spinics.net/lists/kvm/msg143571.html
	NOTE: Fixed by: https://git.kernel.org/linus/129a72a0d3c8e139a04512325384fe5ac119e74d
CVE-2017-2583 (The load_segment_descriptor implementation in arch/x86/kvm/emulate.c ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.6-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/33ab91103b3415e12457e3104f0e4517ce12d0f3
CVE-2017-2582
	RESERVED
	NOT-FOR-US: Keycloak
CVE-2017-2581
	RESERVED
	- netpbm-free <undetermined> (bug #854978)
	NOTE: Debian uses an old fork of netpbm
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
CVE-2017-2580
	RESERVED
	- netpbm-free <undetermined> (bug #854978)
	NOTE: Debian uses an old fork of netpbm
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
CVE-2017-2579
	RESERVED
	- netpbm-free <undetermined> (bug #854978)
	NOTE: Debian uses an old fork of netpbm
	NOTE: http://www.openwall.com/lists/oss-security/2017/02/05/7
CVE-2017-2577
	REJECTED
CVE-2017-2575 [NULL pointer dereference in image_alloc]
	RESERVED
	NOT-FOR-US: libbpg
CVE-2017-2574
	RESERVED
CVE-2017-2573
	RESERVED
CVE-2017-2572
	RESERVED
CVE-2017-2571
	RESERVED
CVE-2017-2570
	RESERVED
CVE-2017-2569
	RESERVED
CVE-2017-2568
	RESERVED
CVE-2017-2567
	RESERVED
CVE-2017-2566
	RESERVED
CVE-2017-2565
	RESERVED
CVE-2017-2564
	RESERVED
CVE-2017-2563
	RESERVED
CVE-2017-2562
	RESERVED
CVE-2017-2561
	RESERVED
CVE-2017-2560
	RESERVED
CVE-2017-2559
	RESERVED
CVE-2017-2558
	RESERVED
CVE-2017-2557
	RESERVED
CVE-2017-2556
	RESERVED
CVE-2017-2555
	RESERVED
CVE-2017-2554
	RESERVED
CVE-2017-2553
	RESERVED
CVE-2017-2552
	RESERVED
CVE-2017-2551 (Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows ...)
	NOT-FOR-US: Wordpress plugin BackWPup
CVE-2017-2550 (Vulnerability in Easy Joomla Backup v3.2.4. The software creates a ...)
	NOT-FOR-US: Easy Joomla Backup
CVE-2017-2549 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2548 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2547 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2546 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2545 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2544 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2543 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2542 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2541 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2540 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2539 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2538 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.4-1 (unimportant)
	[stretch] - webkit2gtk 2.16.6-0+deb9u1
	NOTE: Not covered by security support
CVE-2017-2537 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2536 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2535 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2534 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2533 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2532
	RESERVED
CVE-2017-2531 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2530 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2529
	RESERVED
CVE-2017-2528 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2527 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2526 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2525 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2524 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2523 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2522 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2521 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2520 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- sqlite3 3.16.2-1
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=384
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5694101458518016
	NOTE: Fixed by: https://www.sqlite.org/src/info/2dc7eeb5b4d2eaf1
CVE-2017-2519 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- sqlite3 3.16.0-1
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=288
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=6739028850245632
	NOTE: Fixed by: https://www.sqlite.org/src/info/d08b72c38ff6fae6
CVE-2017-2518 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- sqlite3 3.15.2-1
	[jessie] - sqlite3 <no-dsa> (Minor issue)
	[wheezy] - sqlite3 <no-dsa> (Minor issue)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=199
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=4603622180519936
	NOTE: Fixed by: https://www.sqlite.org/src/info/0a98c8d76ac86412
CVE-2017-2517 (An issue was discovered in certain Apple products. iOS before 10.3.3 ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2516 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2515 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2514 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2513 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- sqlite3 3.15.2-1
	[jessie] - sqlite3 <not-affected> (Vulnerable code not present)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=171
	NOTE: https://clusterfuzz-external.appspot.com/testcase?key=5770842466156544
	NOTE: Fixed by: https://www.sqlite.org/src/info/c5dbc599b910c02a
CVE-2017-2512 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2511 (An issue was discovered in certain Apple products. Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2510 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2509 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2508 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2507 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2506 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2505 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2504 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2503 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2502 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2501 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2500 (An issue was discovered in certain Apple products. Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2499 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2498 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2497 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2496 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	- webkit2gtk 2.16.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2495 (An issue was discovered in certain Apple products. iOS before 10.3.2 ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2494 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2493 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2492 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2491 (Use after free vulnerability in the String.replace method ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2490 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2489 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple involving Intel Graphics Driver
CVE-2017-2488
	RESERVED
CVE-2017-2487 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving FontParser component
CVE-2017-2486 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2485 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Security component
CVE-2017-2484 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Phone component
CVE-2017-2483 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2482 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2481 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2480 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2479 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2478 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2477 (An issue was discovered in certain Apple products. macOS before ...)
	- libxslt <undetermined>
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2017-2476 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2475 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2474 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2473 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2472 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2471 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2470 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2469 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2468 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2467 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving ImageIO component
CVE-2017-2466 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2465 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2464 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2463 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2462 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2461 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving CoreText component
CVE-2017-2460 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2459 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2458 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2457 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2456 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2455 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2454 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2453 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple Safari
CVE-2017-2452 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple Siri
CVE-2017-2451 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Security component
CVE-2017-2450 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving CoreText component
CVE-2017-2449 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple invovling Bluetooth component
CVE-2017-2448 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Keychain component
CVE-2017-2447 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2446 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2445 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2444 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving CoreGraphics component
CVE-2017-2443 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple involving Intel Graphics Driver
CVE-2017-2442 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2441 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple libc++abi component
CVE-2017-2440 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving Kernel component
CVE-2017-2439 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving FontParser component
CVE-2017-2438 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple involving AppleRAID component
CVE-2017-2437 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple involving IOFireWireAVC component
CVE-2017-2436 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple involving IOFireWireAVC component
CVE-2017-2435 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving CoreText component
CVE-2017-2434 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving HomeKit component
CVE-2017-2433 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2432 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple involving ImageIO component
CVE-2017-2431 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2430 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2429 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2428 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2427 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2426 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2425 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2424 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2423 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2422 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2421 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2420 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2419 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2418 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2417 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2416 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2415 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2414 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2413 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2412 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2411
	RESERVED
CVE-2017-2410 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2409 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2408 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2407 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2406 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2405 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2404 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2403 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2402 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2401 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2400 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2399 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2398 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2397 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2396 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2395 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2394 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2393 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2392 (An issue was discovered in certain Apple products. Safari before 10.1 ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2391 (An issue was discovered in certain Apple products. Pages before 6.1, ...)
	NOT-FOR-US: Apple
CVE-2017-2390 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2017-2389 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2388 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2387 (The Apple Music (aka com.apple.android.music) application before 2.0 ...)
	NOT-FOR-US: Apple Music application for Android
CVE-2017-2386 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2385 (An issue was discovered in certain Apple products. Safari before 10.1 ...)
	NOT-FOR-US: Apple
CVE-2017-2384 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2383 (An issue was discovered in certain Apple products. iCloud before 6.2 ...)
	NOT-FOR-US: Apple
CVE-2017-2382 (An issue was discovered in certain Apple products. macOS Server before ...)
	NOT-FOR-US: Apple
CVE-2017-2381 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple, that's likely just a broken sudo config
CVE-2017-2380 (An issue was discovered in certain Apple products.  iOS before 10.3 ...)
	NOT-FOR-US: Apple
CVE-2017-2379 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Apple
CVE-2017-2378 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium/webkitgtk, the Chrome sec team will know and fix
CVE-2017-2377 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2376 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkit2gtk 2.16.3-2 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2375
	RESERVED
CVE-2017-2374 (An issue was discovered in certain Apple products. GarageBand before ...)
	NOT-FOR-US: Apple
CVE-2017-2373 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2372 (An issue was discovered in certain Apple products. GarageBand before ...)
	NOT-FOR-US: Apple
CVE-2017-2371 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2370 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	NOT-FOR-US: Apple
CVE-2017-2369 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2368 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	NOT-FOR-US: Apple
CVE-2017-2367 (An issue was discovered in certain Apple products. iOS before 10.3 is ...)
	- webkitgtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2366 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2365 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2364 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2363 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2362 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2361 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2360 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	NOT-FOR-US: Apple
CVE-2017-2359 (An issue was discovered in certain Apple products. Safari before ...)
	NOT-FOR-US: Apple
CVE-2017-2358 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2357 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2356 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2355 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2354 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2353 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2017-2352 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	NOT-FOR-US: Apple
CVE-2017-2351 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	NOT-FOR-US: Apple
CVE-2017-2350 (An issue was discovered in certain Apple products. iOS before 10.2.1 ...)
	- webkit2gtk 2.14.4-1 (unimportant)
	NOTE: Not covered by security support
CVE-2017-2349 (A command injection vulnerability in the IDP feature of Juniper ...)
	NOT-FOR-US: Juniper
CVE-2017-2348 (The Juniper Enhanced jdhcpd daemon may experience high CPU ...)
	NOT-FOR-US: Juniper
CVE-2017-2347 (A denial of service vulnerability in rpd daemon of Juniper Networks ...)
	NOT-FOR-US: Juniper
CVE-2017-2346 (An MS-MPC or MS-MIC Service PIC may crash when large fragmented ...)
	NOT-FOR-US: Juniper
CVE-2017-2345 (On Junos OS devices with SNMP enabled, a network based attacker with ...)
	NOT-FOR-US: Juniper
CVE-2017-2344 (A routine within an internal Junos OS sockets library is vulnerable to ...)
	NOT-FOR-US: Juniper
CVE-2017-2343 (The Integrated User Firewall (UserFW) feature was introduced in Junos ...)
	NOT-FOR-US: Juniper
CVE-2017-2342 (MACsec feature on Juniper Networks Junos OS 15.1X49 prior to ...)
	NOT-FOR-US: Juniper
CVE-2017-2341 (An insufficient authentication vulnerability on platforms where Junos ...)
	NOT-FOR-US: Juniper
CVE-2017-2340 (On Juniper Networks Junos OS 15.1 releases from 15.1R3 to 15.1R4, 16.1 ...)
	NOT-FOR-US: Juniper
CVE-2017-2339 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
	NOT-FOR-US: Juniper
CVE-2017-2338 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
	NOT-FOR-US: Juniper
CVE-2017-2337 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
	NOT-FOR-US: Juniper
CVE-2017-2336 (A reflected cross site scripting vulnerability in NetScreen WebUI of ...)
	NOT-FOR-US: Juniper
CVE-2017-2335 (A persistent cross site scripting vulnerability in NetScreen WebUI of ...)
	NOT-FOR-US: Juniper
CVE-2017-2334 (An information leak vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2333 (A persistent denial of service vulnerability in Juniper Networks ...)
	NOT-FOR-US: Juniper
CVE-2017-2332 (An insufficient authentication vulnerability in Juniper Networks ...)
	NOT-FOR-US: Juniper
CVE-2017-2331 (A firewall bypass vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2330 (A denial of service vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2329 (An insufficient authentication vulnerability in Juniper Networks ...)
	NOT-FOR-US: Juniper
CVE-2017-2328 (An information leak vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2327 (A denial of service vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2326 (An information disclosure vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2325 (A buffer overflow vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2324 (A command injection vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2323 (A denial of service vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2322 (A denial of service vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2321 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
	NOT-FOR-US: Juniper
CVE-2017-2320 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
	NOT-FOR-US: Juniper
CVE-2017-2319 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
	NOT-FOR-US: Juniper
CVE-2017-2318 (A vulnerability in Juniper Networks NorthStar Controller Application ...)
	NOT-FOR-US: Juniper
CVE-2017-2317 (A denial of service vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2316 (A buffer overflow vulnerability in Juniper Networks NorthStar ...)
	NOT-FOR-US: Juniper
CVE-2017-2315 (On Juniper Networks EX Series Ethernet Switches running affected Junos ...)
	NOT-FOR-US: Juniper
CVE-2017-2314 (Receipt of a malformed BGP OPEN message may cause the routing protocol ...)
	NOT-FOR-US: Juniper
CVE-2017-2313 (Juniper Networks devices running affected Junos OS versions may be ...)
	NOT-FOR-US: Juniper
CVE-2017-2312 (On Juniper Networks devices running Junos OS affected versions and ...)
	NOT-FOR-US: Juniper
CVE-2017-2311 (On Juniper Networks Junos Space versions prior to 16.1R1, an ...)
	NOT-FOR-US: Juniper
CVE-2017-2310 (A firewall bypass vulnerability in the host based firewall of Juniper ...)
	NOT-FOR-US: Juniper
CVE-2017-2309 (On Juniper Networks Junos Space versions prior to 16.1R1 when ...)
	NOT-FOR-US: Juniper
CVE-2017-2308 (An XML External Entity Injection vulnerability in Juniper Networks ...)
	NOT-FOR-US: Juniper
CVE-2017-2307 (A reflected cross site scripting vulnerability in the administrative ...)
	NOT-FOR-US: Juniper
CVE-2017-2306 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an ...)
	NOT-FOR-US: Juniper
CVE-2017-2305 (On Juniper Networks Junos Space versions prior to 16.1R1, due to an ...)
	NOT-FOR-US: Juniper
CVE-2017-2304 (Juniper Networks QFX3500, QFX3600, QFX5100, QFX5200, EX4300 and EX4600 ...)
	NOT-FOR-US: Juniper
CVE-2017-2303 (On Juniper Networks products or platforms running Junos OS 12.1X46 ...)
	NOT-FOR-US: Juniper
CVE-2017-2302 (On Juniper Networks products or platforms running Junos OS 12.1X46 ...)
	NOT-FOR-US: Juniper
CVE-2017-2301 (On Juniper Networks products or platforms running Junos OS 11.4 prior ...)
	NOT-FOR-US: Juniper
CVE-2017-2300 (On Juniper Networks SRX Series Services Gateways chassis clusters ...)
	NOT-FOR-US: Juniper
CVE-2017-2299 (Versions of the puppetlabs-apache module prior to 1.11.1 and 2.1.0 ...)
	- puppet-module-puppetlabs-apache <unfixed> (bug #875983)
	[stretch] - puppet-module-puppetlabs-apache <no-dsa> (Minor issue)
	[jessie] - puppet-module-puppetlabs-apache <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/CVE-2017-2299
	NOTE: https://github.com/puppetlabs/puppetlabs-apache/commit/7bb35c2293c12ce52329a4391fe1f20389efef06
CVE-2017-2298 (The mcollective-sshkey-security plugin before 0.5.1 for Puppet uses a ...)
	NOT-FOR-US: mcollective-sshkey-security plugin
CVE-2017-2297 (Puppet Enterprise versions prior to 2016.4.5 and 2017.2.1 did not ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2017-2296 (In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2017-2295 (Versions of Puppet prior to 4.10.1 will deserialize data off the wire ...)
	{DSA-3862-1 DLA-1012-1}
	- puppet 4.8.2-5 (bug #863212)
	NOTE: https://puppet.com/security/cve/cve-2017-2295
	NOTE: https://github.com/puppetlabs/puppet/commit/06d8c51367ca932b9da5d9b01958cfc0adf0f2ea
CVE-2017-2294 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 failed to ...)
	- puppet <not-affected> (Doesn't affect Puppet as shipped in Debian)
	NOTE: Puppet as shipped in Debian doesn't provide puppetdb yet
CVE-2017-2293 (Versions of Puppet Enterprise prior to 2016.4.5 or 2017.2.1 shipped ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2017-2292 (Versions of MCollective prior to 2.10.4 deserialized YAML from agents ...)
	- mcollective 2.12.0+dfsg-1 (bug #866711)
	[jessie] - mcollective <no-dsa> (Minor issue)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/cve-2017-2292
	NOTE: https://github.com/puppetlabs/marionette-collective/commit/e0e741889f5adeb8f75387037106b0d28a9099b0
CVE-2017-2291
	RESERVED
CVE-2017-2290 (On Windows installations of the mcollective-puppet-agent plugin, ...)
	NOT-FOR-US: mcollective-puppet-agent plugin on Windows
CVE-2017-2289 (Untrusted search path vulnerability in Installer of Qua station ...)
	NOT-FOR-US: Installer of Qua station connection tool for Windows
CVE-2017-2288 (Untrusted search path vulnerability in LhaForge Ver.1.6.5 and earlier ...)
	NOT-FOR-US: LhaForge
CVE-2017-2287 (Untrusted search path vulnerability in NFC Port Software remover ...)
	NOT-FOR-US: NFC Port Software remover
CVE-2017-2286 (Untrusted search path vulnerability in NFC Port Software Version ...)
	NOT-FOR-US: NFC Port Software
CVE-2017-2285 (Cross-site scripting vulnerability in Simple Custom CSS and JS prior ...)
	NOT-FOR-US: Simple Custom CSS and JS
CVE-2017-2284 (Cross-site scripting vulnerability in Popup Maker prior to version ...)
	NOT-FOR-US: Popup Maker
CVE-2017-2283 (WN-G300R3 firmware version 1.0.2 and earlier uses hardcoded ...)
	NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2282 (Buffer overflow in WN-AX1167GR firmware version 3.00 and earlier ...)
	NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2281 (WN-AX1167GR firmware version 3.00 and earlier allows an attacker to ...)
	NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2280 (WN-AX1167GR firmware version 3.00 and earlier uses hardcoded ...)
	NOT-FOR-US: WN-AX1167GR firmware
CVE-2017-2279 (Untrusted search path vulnerability in Tween Ver1.6.6.0 and earlier ...)
	NOT-FOR-US: Tween
CVE-2017-2278 (The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB ...)
	NOT-FOR-US: RBB SPEED TEST App
CVE-2017-2277 (WG-C10 v3.0.79 and earlier allows an attacker to bypass access ...)
	NOT-FOR-US: WG-C10
CVE-2017-2276 (Buffer overflow in WG-C10 v3.0.79 and earlier allows an attacker to ...)
	NOT-FOR-US: WG-C10
CVE-2017-2275 (WG-C10 v3.0.79 and earlier allows an attacker to execute arbitrary OS ...)
	NOT-FOR-US: WG-C10
CVE-2017-2274 (Cross-site scripting vulnerability in WMR-433 firmware Ver.1.02 and ...)
	NOT-FOR-US: WMR-433* firmware
CVE-2017-2273 (Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware ...)
	NOT-FOR-US: WMR-433* firmware
CVE-2017-2272 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
	NOT-FOR-US: AttacheCase
CVE-2017-2271 (Untrusted search path vulnerability in Self-extracting encrypted files ...)
	NOT-FOR-US: AttacheCase
CVE-2017-2270 (Untrusted search path vulnerability in Encrypted files in ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2269 (Untrusted search path vulnerability in FileCapsule Deluxe Portable ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2268 (Untrusted search path vulnerability in Encrypted files in ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2267 (Untrusted search path vulnerability in FileCapsule Deluxe Portable ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2266 (Untrusted search path vulnerability in Encrypted files in ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2265 (Untrusted search path vulnerability in FileCapsule Deluxe Portable ...)
	NOT-FOR-US: FileCapsule Deluxe Portable
CVE-2017-2264
	RESERVED
CVE-2017-2263
	RESERVED
CVE-2017-2262
	RESERVED
CVE-2017-2261
	RESERVED
CVE-2017-2260
	RESERVED
CVE-2017-2259
	RESERVED
CVE-2017-2258 (Directory traversal vulnerability in Cybozu Garoon 4.2.4 to 4.2.5 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2257 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2256 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.5 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2255 (Cross-site scripting vulnerability in Cybozu Garoon 3.7.0 to 4.2.5 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2254 (Cybozu Garoon 3.5.0 to 4.2.5 allows an attacker to cause a denial of ...)
	NOT-FOR-US: Cybozu
CVE-2017-2253 (Untrusted search path vulnerability in Installer of Yahoo! Toolbar ...)
	NOT-FOR-US: Installer of Yahoo! Toolbar (for Internet explorer)
CVE-2017-2252 (Untrusted search path vulnerability in self-extracting archive files ...)
	NOT-FOR-US: File Compact
CVE-2017-2251
	RESERVED
CVE-2017-2250
	RESERVED
CVE-2017-2249 (Untrusted search path vulnerability in Self-extracting archive files ...)
	NOT-FOR-US: Lhaz+
CVE-2017-2248 (Untrusted search path vulnerability in Installer of Lhaz+ version ...)
	NOT-FOR-US: Lhaz+
CVE-2017-2247 (Untrusted search path vulnerability in Self-extracting archive files ...)
	NOT-FOR-US: Lhaz
CVE-2017-2246 (Untrusted search path vulnerability in Installer of Lhaz version 2.4.0 ...)
	NOT-FOR-US: Lhaz
CVE-2017-2245 (Directory traversal vulnerability in Shortcodes Ultimate prior to ...)
	NOT-FOR-US: Shortcodes Ultimate
CVE-2017-2244 (Cross-site request forgery (CSRF) vulnerability in MFC-J960DWN ...)
	NOT-FOR-US: MFC-J960DWN firmware
CVE-2017-2243 (Cross-site scripting vulnerability in Responsive Lightbox prior to ...)
	NOT-FOR-US: Responsive Lightbox
CVE-2017-2242 (Untrusted search path vulnerability in Flets Setsuzoku Tool for ...)
	NOT-FOR-US: Flets Setsuzoku Tool for Windows
CVE-2017-2241 (SQL injection vulnerability in the AssetView for MacOS Ver.9.2.0 and ...)
	NOT-FOR-US: AssetView for MacOS
CVE-2017-2240 (Directory traversal vulnerability in AssetView for MacOS Ver.9.2.0 and ...)
	NOT-FOR-US: AssetView for MacOS
CVE-2017-2239 (Marp versions v0.0.10 and earlier may allow an attacker to access ...)
	NOT-FOR-US: Marp
CVE-2017-2238 (Cross-site request forgery (CSRF) vulnerability in Toshiba Home ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A
CVE-2017-2237 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2236 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2235 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2234 (Toshiba Home gateway HEM-GW16A firmware HEM-GW16A-FW-V1.2.0 and ...)
	NOT-FOR-US: Toshiba Home gateway HEM-GW16A firmware
CVE-2017-2233 (Untrusted search path vulnerability in Installer of PDF Digital ...)
	NOT-FOR-US: PDF Digital Signature Plugin
CVE-2017-2232 (Untrusted search path vulnerability in Installer of Shinseiyo Sogo ...)
	NOT-FOR-US: Installer of Shinseiyo Sogo Soft
CVE-2017-2231 (Untrusted search path vulnerability in The installer of MLIT ...)
	NOT-FOR-US: installer of MLIT DenshiSeikabutsuSakuseiShienKensa system
CVE-2017-2230 (Untrusted search path vulnerability in Douro Kouji Kanseizutou Check ...)
	NOT-FOR-US: Douro Kouji Kanseizutou Check Program
CVE-2017-2229 (Untrusted search path vulnerability in Douroshisetu Kihon Data Sakusei ...)
	NOT-FOR-US: Douroshisetu Kihon Data Sakusei System
CVE-2017-2228 (Untrusted search path vulnerability in Teikihoukokusho Sakuseishien ...)
	NOT-FOR-US: Teikihoukokusho Sakuseishien Tool
CVE-2017-2227 (Untrusted search path vulnerability in The installer of Charamin OMP ...)
	NOT-FOR-US: installer of Charamin OMP
CVE-2017-2226 (Untrusted search path vulnerability in Setup file of advance ...)
	NOT-FOR-US: e-Tax
CVE-2017-2225 (Untrusted search path vulnerability in EbidSettingChecker.exe (version ...)
	NOT-FOR-US: EbidSettingChecker.exe
CVE-2017-2224 (Cross-site scripting vulnerability in Event Calendar WD prior to ...)
	NOT-FOR-US: Event Calendar WD
CVE-2017-2223 (Cross-site request forgery (CSRF) vulnerability in TS-WPTCAM, ...)
	NOT-FOR-US: TS-WPTCAM
CVE-2017-2222 (Cross-site scripting vulnerability in WP-Members prior to version ...)
	NOT-FOR-US: WP-Members
CVE-2017-2221 (Untrusted search path vulnerability in Installer of Baidu IME ...)
	NOT-FOR-US: Installer of Baidu IME
CVE-2017-2220 (Untrusted search path vulnerability in Installer of CASL II simulator ...)
	NOT-FOR-US: Installer of CASL II simulator
CVE-2017-2219 (Untrusted search path vulnerability in the [Simeji for Windows] ...)
	NOT-FOR-US: Simeji
CVE-2017-2218 (Untrusted search path vulnerability in Installer of QuickTime for ...)
	NOT-FOR-US: Installer of QuickTime for Windows
CVE-2017-2217 (Open redirect vulnerability in WordPress Download Manager prior to ...)
	NOT-FOR-US: WordPress Download Manager
CVE-2017-2216 (Cross-site scripting vulnerability in WordPress Download Manager prior ...)
	NOT-FOR-US: WordPress Download Manager
CVE-2017-2215 (Untrusted search path vulnerability in Installer of &quot;Setup file of ...)
	NOT-FOR-US: Installer of "Setup file of advance preparation"
CVE-2017-2214 (Untrusted search path vulnerability in AppCheck and AppCheck Pro prior ...)
	NOT-FOR-US: AppCheck
CVE-2017-2213 (Untrusted search path vulnerability in SemiDynaEXE ...)
	NOT-FOR-US: SemiDynaEXE
CVE-2017-2212 (Untrusted search path vulnerability in TKY2JGD (TKY2JGD1379.EXE) ver. ...)
	NOT-FOR-US: TKY2JGD
CVE-2017-2211 (Untrusted search path vulnerability in PatchJGD (Hyoko) ...)
	NOT-FOR-US: PatchJGD
CVE-2017-2210 (Untrusted search path vulnerability in PatchJGD (PatchJGD101.EXE) ver. ...)
	NOT-FOR-US: PatchJGD
CVE-2017-2209 (Untrusted search path vulnerability in the installer of Houkokusyo ...)
	NOT-FOR-US: Houkokusyo Sakusei Shien Tool
CVE-2017-2208 (Untrusted search path vulnerability in Installer of Electronic ...)
	NOT-FOR-US: Installer of Electronic tendering and bid opening system
CVE-2017-2207 (Untrusted search path vulnerability in the installer of SaAT Personal ...)
	NOT-FOR-US: SaAT Personal
CVE-2017-2206 (Untrusted search path vulnerability in the installer of SaAT Netizen ...)
	NOT-FOR-US: SaAT Netizen
CVE-2017-2205
	RESERVED
CVE-2017-2204
	RESERVED
CVE-2017-2203
	RESERVED
CVE-2017-2202
	RESERVED
CVE-2017-2201
	RESERVED
CVE-2017-2200
	RESERVED
CVE-2017-2199
	RESERVED
CVE-2017-2198
	RESERVED
CVE-2017-2197
	RESERVED
CVE-2017-2196
	RESERVED
CVE-2017-2195 (SQL injection vulnerability in the Multi Feed Reader prior to version ...)
	NOT-FOR-US: Multi Feed Reader plugin for wordpress
CVE-2017-2194 (Cross-site scripting vulnerability in Source code security studying ...)
	NOT-FOR-US: iCodeChecker
CVE-2017-2193 (Untrusted search path vulnerability in the installer of Tera Term 4.94 ...)
	NOT-FOR-US: Tera Term
CVE-2017-2192 (Untrusted search path vulnerability in RW-5100 tool to verify ...)
	NOT-FOR-US: RW5100 installer
CVE-2017-2191 (Untrusted search path vulnerability in RW-5100 driver installer for ...)
	NOT-FOR-US: RW5100 installer
CVE-2017-2190 (Untrusted search path vulnerability in RW-4040 tool to verify ...)
	NOT-FOR-US: RW4040
CVE-2017-2189 (Untrusted search path vulnerability in RW-4040 driver installer for ...)
	NOT-FOR-US: RW4040
CVE-2017-2188 (Untrusted search path vulnerability in Installer of Denshinouhin Check ...)
	NOT-FOR-US: Installer of Denshinouhin Check System
CVE-2017-2187 (Cross-site scripting vulnerability in WP Live Chat Support prior to ...)
	NOT-FOR-US: WP Live Chat
CVE-2017-2186 (HOME SPOT CUBE2 firmware V101 and earlier allows an attacker to bypass ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2185 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2184 (Buffer overflow in HOME SPOT CUBE2 firmware V101 and earlier allows an ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2183 (HOME SPOT CUBE2 firmware V101 and earlier allows authenticated ...)
	NOT-FOR-US: HOME SPOT CUBE2 firmware
CVE-2017-2182 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2181 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2180 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2179 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool
CVE-2017-2178 (Untrusted search path vulnerability in Installer of electronic ...)
	NOT-FOR-US: electronic tendering and bid opening system
CVE-2017-2177 (Untrusted search path vulnerability in Installer of Shogyo Touki ...)
	NOT-FOR-US: Shogyo Touki Denshi Ninsho
CVE-2017-2176 (Untrusted search path vulnerability in screensaver installers ...)
	NOT-FOR-US: screensaver installers for Windows
CVE-2017-2175 (Untrusted search path vulnerability in Empirical Project Monitor - ...)
	NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2174 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
	NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2173 (Cross-site scripting vulnerability in Empirical Project Monitor - ...)
	NOT-FOR-US: Empirical Project Monitor - eXtended
CVE-2017-2172 (Cross-site scripting vulnerability in Cybozu KUNAI for Android 3.0.0 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2171 (Cross-site scripting vulnerability in Captcha prior to version 4.3.0, ...)
	NOT-FOR-US: WordPress plugins provided by BestWebSoft
CVE-2017-2170
	RESERVED
CVE-2017-2169 (Cross-site scripting vulnerability in MaxButtons prior to version 6.19 ...)
	NOT-FOR-US: MaxButtons plugin for WordPress
CVE-2017-2168 (Cross-site scripting vulnerability in WP Booking System Free version ...)
	NOT-FOR-US: WP Booking System
CVE-2017-2167 (Untrusted search path vulnerability in Installer for PrimeDrive ...)
	NOT-FOR-US: PrimeDrive
CVE-2017-2166 (Open redirect vulnerability in GroupSession version 4.7.0 and earlier ...)
	NOT-FOR-US: GroupSession
CVE-2017-2165 (GroupSession versions 4.6.4 and earlier allows remote authenticated ...)
	NOT-FOR-US: GroupSession
CVE-2017-2164 (Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 ...)
	NOT-FOR-US: SOY CMS
CVE-2017-2163 (Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 ...)
	NOT-FOR-US: SOY CMS
CVE-2017-2162 (FlashAirTM SDHC Memory Card (SD-WE Series &lt;W-03&gt;) V3.00.02 and earlier ...)
	NOT-FOR-US: FlashAirTM
CVE-2017-2161 (FlashAirTM SDHC Memory Card (SD-WE Series &lt;W-03&gt;) V3.00.02 and earlier ...)
	NOT-FOR-US: FlashAirTM
CVE-2017-2160
	RESERVED
CVE-2017-2159
	RESERVED
CVE-2017-2158 (Improper verification when expanding ZIP64 archives in Lhaplus ...)
	NOT-FOR-US: Lhaplus
CVE-2017-2157 (Untrusted search path vulnerability in installers for The Public ...)
	NOT-FOR-US: The Public Certification Service
CVE-2017-2156 (Untrusted search path vulnerability in Vivaldi installer for Windows ...)
	NOT-FOR-US: Vivaldi installer Windows
CVE-2017-2155 (Buffer overflow in Hoozin Viewer 2, 3, 4.1.5.15 and earlier, 5.1.2.13 ...)
	NOT-FOR-US: Hoozin Viewer
CVE-2017-2154 (Untrusted search path vulnerability in Hanako 2017, Hanako 2016, ...)
	NOT-FOR-US: Booking Calendar
CVE-2017-2153 (SEIL/x86 Fuji 1.70 to 5.62, SEIL/BPV4 5.00 to 5.62, SEIL/X1 1.30 to ...)
	NOT-FOR-US: SEIL
CVE-2017-2152 (WNC01WH firmware 1.0.0.9 and earlier allows authenticated attackers to ...)
	NOT-FOR-US: WNC01WH firmware
CVE-2017-2151 (Cross-site scripting vulnerability in Booking Calendar version 7.1 and ...)
	NOT-FOR-US: Booking Calendar
CVE-2017-2150 (Directory traversal vulnerability in Booking Calendar version 7.0 and ...)
	NOT-FOR-US: Booking Calendar
CVE-2017-2149 (Untrusted search path vulnerability in installers of the software for ...)
	NOT-FOR-US: installers of the software for SDHC/SDXC Memory Cards
CVE-2017-2148 (Cross-site scripting vulnerability in WN-AC1167GR firmware version ...)
	NOT-FOR-US: WN-AC1167GR firmware
CVE-2017-2147 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
	NOT-FOR-US: WP Statistics
CVE-2017-2146 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.4 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2017-2145 (Session fixation vulnerability in Cybozu Garoon 4.0.0 to 4.2.4 allows ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2017-2144 (Cybozu Garoon 3.0.0 to 4.2.4 may allow an attacker to lock another ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2017-2143 (CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor ...)
	NOT-FOR-US: CS-Cart
CVE-2017-2142 (Buffer overflow in WN-G300R3 firmware Ver.1.03 and earlier allows ...)
	NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2141 (WN-G300R3 firmware 1.03 and earlier allows attackers with ...)
	NOT-FOR-US: WN-G300R3 firmware
CVE-2017-2140 (Tablacus Explorer 17.3.30 and earlier allows arbitrary scripts to be ...)
	NOT-FOR-US: Tablacus Explorer
CVE-2017-2139 (CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), ...)
	NOT-FOR-US: CS-Cart
CVE-2017-2138 (Cross-site request forgery (CSRF) vulnerability in CS-Cart Japanese ...)
	NOT-FOR-US: CS-Cart
CVE-2017-2137 (ProSAFE Plus Configuration Utility prior to 2.3.29 allows remote ...)
	NOT-FOR-US: ProSAFE Plus Configuration Utility
CVE-2017-2136 (Cross-site scripting vulnerability in WP Statistics version 12.0.4 and ...)
	NOT-FOR-US: WP Statistics
CVE-2017-2135 (Cross-site scripting vulnerability in WP Statistics version 12.0.1 and ...)
	NOT-FOR-US: WP Statistics
CVE-2017-2134 (Cross-site scripting vulnerability in ASSETBASE 8.0 and earlier allows ...)
	NOT-FOR-US: ASSETBASE
CVE-2017-2133 (SQL injection vulnerability in Panasonic KX-HJB1000 Home unit devices ...)
	NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices
CVE-2017-2132 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or ...)
	NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices
CVE-2017-2131 (Panasonic KX-HJB1000 Home unit devices with firmware GHX1YG 14.50 or ...)
	NOT-FOR-US: Panasonic KX-HJB1000 Home unit devices
CVE-2017-2130 (Untrusted search path vulnerability in the installer of PhishWall ...)
	NOT-FOR-US: installer of PhishWall Client Internet Explorer
CVE-2017-2129
	RESERVED
CVE-2017-2128 (Security guide for website operators allows remote attackers to ...)
	NOT-FOR-US: Security guide for website operators
CVE-2017-2127 (Cross-site scripting vulnerability in YOP Poll versions prior to 5.8.1 ...)
	NOT-FOR-US: YOP Poll
CVE-2017-2126 (WAPM-1166D firmware Ver.1.2.7 and earlier, WAPM-APG600H firmware ...)
	NOT-FOR-US: WAPM-* firmware
CVE-2017-2125 (Privilege escalation vulnerability in CentreCOM AR260S V2 remote ...)
	NOT-FOR-US: CentreCOM AR260S
CVE-2017-2124 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
	NOT-FOR-US: OneThird CMS
CVE-2017-2123 (Cross-site scripting vulnerability in OneThird CMS v1.73 Heaven's Door ...)
	NOT-FOR-US: OneThird CMS
CVE-2017-2122 (Cross-site scripting vulnerability in Nessus versions 6.8.0, 6.8.1, ...)
	NOT-FOR-US: Nessus
CVE-2017-2121
	RESERVED
CVE-2017-2120 (SQL injection vulnerability in the WBCE CMS 1.1.10 and earlier allows ...)
	NOT-FOR-US: WBCE CMS
CVE-2017-2119 (Directory traversal vulnerability in WBCE CMS 1.1.10 and earlier ...)
	NOT-FOR-US: WBCE CMS
CVE-2017-2118 (Cross-site scripting vulnerability in WBCE CMS 1.1.10 and earlier ...)
	NOT-FOR-US: WBCE CMS
CVE-2017-2117 (Directory traversal vulnerability in CubeCart versions prior to 6.1.5 ...)
	NOT-FOR-US: CubeCart
CVE-2017-2116 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers ...)
	NOT-FOR-US: Cybozu
CVE-2017-2115 (Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers ...)
	NOT-FOR-US: Cybozu
CVE-2017-2114 (Cross-site scripting vulnerability in Cybozu Office 10.0.0 to 10.5.0 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2113 (Buffer overflow in TS-WPTCAM firmware version 1.18 and earlier, ...)
	NOT-FOR-US: firmware in network cameras by I-O DATA
CVE-2017-2112 (TS-WPTCAM firmware version 1.18 and earlier, TS-WPTCAM2 firmware ...)
	NOT-FOR-US: firmware in network cameras by I-O DATA
CVE-2017-2111 (HTTP header injection vulnerability in TS-WPTCAM firmware version 1.18 ...)
	NOT-FOR-US: firmware in network cameras by I-O DATA
CVE-2017-2110 (The Access CX App for Android prior to 2.0.0.1 and for iOS prior to ...)
	NOT-FOR-US: CX App for Android
CVE-2017-2109 (Cybozu KUNAI for Android 3.0.4 to 3.0.5.1 allow remote attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2017-2108 (Untrusted search path vulnerability in PrimeDrive Desktop Application ...)
	NOT-FOR-US: PrimeDrive Desktop Application
CVE-2017-2107 (Untrusted search path vulnerability in Self-extracting archive files ...)
	NOT-FOR-US: 7-ZIP32.DLL
CVE-2017-2106 (Multiple cross-site scripting vulnerabilities in Webmin versions prior ...)
	NOT-FOR-US: Webmin
CVE-2017-2105 (The TVer App for Android 3.2.7 and earlier does not verify X.509 ...)
	NOT-FOR-US: TVer App for Android
CVE-2017-2104 (The Business LaLa Call App for Android 1.4.7 and earlier does not ...)
	NOT-FOR-US: Business LaLa Call App for Android
CVE-2017-2103 (The LaLa Call App for Android 2.4.7 and earlier does not verify X.509 ...)
	NOT-FOR-US: LaLa Call App for Android
CVE-2017-2102 (Cross-site request forgery (CSRF) vulnerability in Hands-on ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2101 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2100 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2099 (Hands-on Vulnerability Learning Tool &quot;AppGoat&quot; for Web Application ...)
	NOT-FOR-US: Hands-on Vulnerability Learning Tool "AppGoat" for Web Application
CVE-2017-2098 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...)
	NOT-FOR-US: CubeCart
CVE-2017-2097 (Cross-site request forgery (CSRF) vulnerability in Knowledge versions ...)
	NOT-FOR-US: Knowledge
CVE-2017-2096 (smalruby-editor v0.4.0 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: smalruby-editor
CVE-2017-2095 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2017-2094 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2017-2093 (Cybozu Garoon 3.0.0 to 4.2.3 allow remote attackers to obtain tokens ...)
	NOT-FOR-US: Cybozu
CVE-2017-2092 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.3 ...)
	NOT-FOR-US: Cybozu
CVE-2017-2091 (Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2017-2090 (Directory traversal vulnerability in CubeCart versions prior to 6.1.4 ...)
	NOT-FOR-US: CubeCart
CVE-2017-2089
	REJECTED
CVE-2017-2088
	REJECTED
CVE-2017-2087
	REJECTED
CVE-2017-2086
	REJECTED
CVE-2017-2085
	REJECTED
CVE-2017-2084
	REJECTED
CVE-2017-2083
	REJECTED
CVE-2017-2082
	REJECTED
CVE-2017-2081
	REJECTED
CVE-2017-2080
	REJECTED
CVE-2017-2079
	REJECTED
CVE-2017-2078
	REJECTED
CVE-2017-2077
	REJECTED
CVE-2017-2076
	REJECTED
CVE-2017-2075
	REJECTED
CVE-2017-2074
	REJECTED
CVE-2017-2073
	REJECTED
CVE-2017-2072
	REJECTED
CVE-2017-2071
	REJECTED
CVE-2017-2070
	REJECTED
CVE-2017-2069
	REJECTED
CVE-2017-2068
	REJECTED
CVE-2017-2067
	REJECTED
CVE-2017-2066
	REJECTED
CVE-2017-2065
	REJECTED
CVE-2017-2064
	REJECTED
CVE-2017-2063
	REJECTED
CVE-2017-2062
	REJECTED
CVE-2017-2061
	REJECTED
CVE-2017-2060
	REJECTED
CVE-2017-2059
	REJECTED
CVE-2017-2058
	REJECTED
CVE-2017-2057
	REJECTED
CVE-2017-2056
	REJECTED
CVE-2017-2055
	REJECTED
CVE-2017-2054
	REJECTED
CVE-2017-2053
	REJECTED
CVE-2017-2052
	REJECTED
CVE-2017-2051
	REJECTED
CVE-2017-2050
	REJECTED
CVE-2017-2049
	REJECTED
CVE-2017-2048
	REJECTED
CVE-2017-2047
	REJECTED
CVE-2017-2046
	REJECTED
CVE-2017-2045
	REJECTED
CVE-2017-2044
	REJECTED
CVE-2017-2043
	REJECTED
CVE-2017-2042
	REJECTED
CVE-2017-2041
	REJECTED
CVE-2017-2040
	REJECTED
CVE-2017-2039
	REJECTED
CVE-2017-2038
	REJECTED
CVE-2017-2037
	REJECTED
CVE-2017-2036
	REJECTED
CVE-2017-2035
	REJECTED
CVE-2017-2034
	REJECTED
CVE-2017-2033
	REJECTED
CVE-2017-2032
	REJECTED
CVE-2017-2031
	REJECTED
CVE-2017-2030
	REJECTED
CVE-2017-2029
	REJECTED
CVE-2017-2028
	REJECTED
CVE-2017-2027
	REJECTED
CVE-2017-2026
	REJECTED
CVE-2017-2025
	REJECTED
CVE-2017-2024
	REJECTED
CVE-2017-2023
	REJECTED
CVE-2017-2022
	REJECTED
CVE-2017-2021
	REJECTED
CVE-2017-2020
	REJECTED
CVE-2017-2019
	REJECTED
CVE-2017-2018
	REJECTED
CVE-2017-2017
	REJECTED
CVE-2017-2016
	REJECTED
CVE-2017-2015
	REJECTED
CVE-2017-2014
	REJECTED
CVE-2017-2013
	REJECTED
CVE-2017-2012
	REJECTED
CVE-2017-2011
	REJECTED
CVE-2017-2010
	REJECTED
CVE-2017-2009
	REJECTED
CVE-2017-2008
	REJECTED
CVE-2017-2007
	REJECTED
CVE-2017-2006
	REJECTED
CVE-2017-2005
	REJECTED
CVE-2017-2004
	REJECTED
CVE-2017-2003
	REJECTED
CVE-2017-2002
	REJECTED
CVE-2017-2001
	REJECTED
CVE-2017-2000
	REJECTED
CVE-2017-1999
	REJECTED
CVE-2017-1998
	REJECTED
CVE-2017-1997
	REJECTED
CVE-2017-1996
	REJECTED
CVE-2017-1995
	REJECTED
CVE-2017-1994
	REJECTED
CVE-2017-1993
	REJECTED
CVE-2017-1992
	REJECTED
CVE-2017-1991
	REJECTED
CVE-2017-1990
	REJECTED
CVE-2017-1989
	REJECTED
CVE-2017-1988
	REJECTED
CVE-2017-1987
	REJECTED
CVE-2017-1986
	REJECTED
CVE-2017-1985
	REJECTED
CVE-2017-1984
	REJECTED
CVE-2017-1983
	REJECTED
CVE-2017-1982
	REJECTED
CVE-2017-1981
	REJECTED
CVE-2017-1980
	REJECTED
CVE-2017-1979
	REJECTED
CVE-2017-1978
	REJECTED
CVE-2017-1977
	REJECTED
CVE-2017-1976
	REJECTED
CVE-2017-1975
	REJECTED
CVE-2017-1974
	REJECTED
CVE-2017-1973
	REJECTED
CVE-2017-1972
	REJECTED
CVE-2017-1971
	REJECTED
CVE-2017-1970
	REJECTED
CVE-2017-1969
	REJECTED
CVE-2017-1968
	REJECTED
CVE-2017-1967
	REJECTED
CVE-2017-1966
	REJECTED
CVE-2017-1965
	REJECTED
CVE-2017-1964
	REJECTED
CVE-2017-1963
	REJECTED
CVE-2017-1962
	REJECTED
CVE-2017-1961
	REJECTED
CVE-2017-1960
	REJECTED
CVE-2017-1959
	REJECTED
CVE-2017-1958
	REJECTED
CVE-2017-1957
	REJECTED
CVE-2017-1956
	REJECTED
CVE-2017-1955
	REJECTED
CVE-2017-1954
	REJECTED
CVE-2017-1953
	REJECTED
CVE-2017-1952
	REJECTED
CVE-2017-1951
	REJECTED
CVE-2017-1950
	REJECTED
CVE-2017-1949
	REJECTED
CVE-2017-1948
	REJECTED
CVE-2017-1947
	REJECTED
CVE-2017-1946
	REJECTED
CVE-2017-1945
	REJECTED
CVE-2017-1944
	REJECTED
CVE-2017-1943
	REJECTED
CVE-2017-1942
	REJECTED
CVE-2017-1941
	REJECTED
CVE-2017-1940
	REJECTED
CVE-2017-1939
	REJECTED
CVE-2017-1938
	REJECTED
CVE-2017-1937
	REJECTED
CVE-2017-1936
	REJECTED
CVE-2017-1935
	REJECTED
CVE-2017-1934
	REJECTED
CVE-2017-1933
	REJECTED
CVE-2017-1932
	REJECTED
CVE-2017-1931
	REJECTED
CVE-2017-1930
	REJECTED
CVE-2017-1929
	REJECTED
CVE-2017-1928
	REJECTED
CVE-2017-1927
	REJECTED
CVE-2017-1926
	REJECTED
CVE-2017-1925
	REJECTED
CVE-2017-1924
	REJECTED
CVE-2017-1923
	REJECTED
CVE-2017-1922
	REJECTED
CVE-2017-1921
	REJECTED
CVE-2017-1920
	REJECTED
CVE-2017-1919
	REJECTED
CVE-2017-1918
	REJECTED
CVE-2017-1917
	REJECTED
CVE-2017-1916
	REJECTED
CVE-2017-1915
	REJECTED
CVE-2017-1914
	REJECTED
CVE-2017-1913
	REJECTED
CVE-2017-1912
	REJECTED
CVE-2017-1911
	REJECTED
CVE-2017-1910
	REJECTED
CVE-2017-1909
	REJECTED
CVE-2017-1908
	REJECTED
CVE-2017-1907
	REJECTED
CVE-2017-1906
	REJECTED
CVE-2017-1905
	REJECTED
CVE-2017-1904
	REJECTED
CVE-2017-1903
	REJECTED
CVE-2017-1902
	REJECTED
CVE-2017-1901
	REJECTED
CVE-2017-1900
	REJECTED
CVE-2017-1899
	REJECTED
CVE-2017-1898
	REJECTED
CVE-2017-1897
	REJECTED
CVE-2017-1896
	REJECTED
CVE-2017-1895
	REJECTED
CVE-2017-1894
	REJECTED
CVE-2017-1893
	REJECTED
CVE-2017-1892
	REJECTED
CVE-2017-1891
	REJECTED
CVE-2017-1890
	REJECTED
CVE-2017-1889
	REJECTED
CVE-2017-1888
	REJECTED
CVE-2017-1887
	REJECTED
CVE-2017-1886
	REJECTED
CVE-2017-1885
	REJECTED
CVE-2017-1884
	REJECTED
CVE-2017-1883
	REJECTED
CVE-2017-1882
	REJECTED
CVE-2017-1881
	REJECTED
CVE-2017-1880
	REJECTED
CVE-2017-1879
	REJECTED
CVE-2017-1878
	REJECTED
CVE-2017-1877
	REJECTED
CVE-2017-1876
	REJECTED
CVE-2017-1875
	REJECTED
CVE-2017-1874
	REJECTED
CVE-2017-1873
	REJECTED
CVE-2017-1872
	REJECTED
CVE-2017-1871
	REJECTED
CVE-2017-1870
	REJECTED
CVE-2017-1869
	REJECTED
CVE-2017-1868
	REJECTED
CVE-2017-1867
	REJECTED
CVE-2017-1866
	REJECTED
CVE-2017-1865
	REJECTED
CVE-2017-1864
	REJECTED
CVE-2017-1863
	REJECTED
CVE-2017-1862
	REJECTED
CVE-2017-1861
	REJECTED
CVE-2017-1860
	REJECTED
CVE-2017-1859
	REJECTED
CVE-2017-1858
	REJECTED
CVE-2017-1857
	REJECTED
CVE-2017-1856
	REJECTED
CVE-2017-1855
	REJECTED
CVE-2017-1854
	REJECTED
CVE-2017-1853
	REJECTED
CVE-2017-1852
	REJECTED
CVE-2017-1851
	REJECTED
CVE-2017-1850
	REJECTED
CVE-2017-1849
	REJECTED
CVE-2017-1848
	REJECTED
CVE-2017-1847
	REJECTED
CVE-2017-1846
	REJECTED
CVE-2017-1845
	REJECTED
CVE-2017-1844
	REJECTED
CVE-2017-1843
	REJECTED
CVE-2017-1842
	REJECTED
CVE-2017-1841
	REJECTED
CVE-2017-1840
	REJECTED
CVE-2017-1839
	REJECTED
CVE-2017-1838
	REJECTED
CVE-2017-1837
	REJECTED
CVE-2017-1836
	REJECTED
CVE-2017-1835
	REJECTED
CVE-2017-1834
	REJECTED
CVE-2017-1833
	REJECTED
CVE-2017-1832
	REJECTED
CVE-2017-1831
	REJECTED
CVE-2017-1830
	REJECTED
CVE-2017-1829
	REJECTED
CVE-2017-1828
	REJECTED
CVE-2017-1827
	REJECTED
CVE-2017-1826
	REJECTED
CVE-2017-1825
	REJECTED
CVE-2017-1824
	REJECTED
CVE-2017-1823
	REJECTED
CVE-2017-1822
	REJECTED
CVE-2017-1821
	REJECTED
CVE-2017-1820
	REJECTED
CVE-2017-1819
	REJECTED
CVE-2017-1818
	REJECTED
CVE-2017-1817
	REJECTED
CVE-2017-1816
	REJECTED
CVE-2017-1815
	REJECTED
CVE-2017-1814
	REJECTED
CVE-2017-1813
	REJECTED
CVE-2017-1812
	REJECTED
CVE-2017-1811
	REJECTED
CVE-2017-1810
	RESERVED
CVE-2017-1809
	RESERVED
CVE-2017-1808
	RESERVED
CVE-2017-1807
	RESERVED
CVE-2017-1806
	RESERVED
CVE-2017-1805
	RESERVED
CVE-2017-1804
	RESERVED
CVE-2017-1803
	RESERVED
CVE-2017-1802
	RESERVED
CVE-2017-1801
	RESERVED
CVE-2017-1800
	RESERVED
CVE-2017-1799
	RESERVED
CVE-2017-1798
	RESERVED
CVE-2017-1797
	RESERVED
CVE-2017-1796
	RESERVED
CVE-2017-1795
	RESERVED
CVE-2017-1794
	RESERVED
CVE-2017-1793
	RESERVED
CVE-2017-1792
	RESERVED
CVE-2017-1791
	RESERVED
CVE-2017-1790 (IBM DOORS Next Generation (DNG/RRC) 5.0, 5.0.1, 5.0.2, and 6.0 through ...)
	NOT-FOR-US: IBM DOORS Next Generation
CVE-2017-1789 (IBM Tivoli Monitoring V6 6.2.3 and 6.3.0 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1788 (IBM WebSphere Application Server 9 installations using Form Login ...)
	NOT-FOR-US: IBM
CVE-2017-1787 (IBM Publishing Engine 2.1.2 and 6.0.5 contains an undisclosed ...)
	NOT-FOR-US: IBM Publishing Engine
CVE-2017-1786 (IBM WebSphere MQ 8.0 through 8.0.0.8 and 9.0 through 9.0.4 under ...)
	NOT-FOR-US: IBM
CVE-2017-1785 (IBM API Connect 5.0.7 and 5.0.8 could allow an authenticated remote ...)
	NOT-FOR-US: IBM API Connect
CVE-2017-1784 (IBM Cognos Analytics 11.0 could produce results in temporary files ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2017-1783 (IBM Cognos Analytics 11.0 could allow a local user to change ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2017-1782
	RESERVED
CVE-2017-1781
	RESERVED
CVE-2017-1780
	RESERVED
CVE-2017-1779 (IBM Cognos Analytics 11.0 could store cached credentials locally that ...)
	NOT-FOR-US: IBM Cognos Analytics
CVE-2017-1778
	RESERVED
CVE-2017-1777
	RESERVED
CVE-2017-1776
	RESERVED
CVE-2017-1775
	RESERVED
CVE-2017-1774 (IBM Security Guardium Big Data Intelligence (SonarG) 3.1 discloses ...)
	NOT-FOR-US: IBM Security Guardium Big Data Intelligence
CVE-2017-1773 (IBM DataPower Gateways 7.1, 7,2, 7.5, and 7.6 could allow an attacker ...)
	NOT-FOR-US: IBM DataPower Gateways
CVE-2017-1772 (IBM Worklight (IBM MobileFirst Platform Foundation 6.3, 7.0, 7.1, and ...)
	NOT-FOR-US: IBM
CVE-2017-1771
	RESERVED
CVE-2017-1770
	RESERVED
CVE-2017-1769 (IBM Business Process Manager 8.6 is vulnerable to cross-site request ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2017-1768
	RESERVED
CVE-2017-1767 (IBM Business Process Manager 8.6 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1766 (Due to incorrect authorization in IBM Business Process Manager 8.6 an ...)
	NOT-FOR-US: IBM
CVE-2017-1765 (IBM Business Process Manager 8.6 could allow an authenticated user ...)
	NOT-FOR-US: IBM
CVE-2017-1764 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2, ...)
	NOT-FOR-US: IBM
CVE-2017-1763
	RESERVED
CVE-2017-1762 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2017-1761 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 is vulnerable to ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1760 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow a local user to crash ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1759
	RESERVED
CVE-2017-1758 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
	NOT-FOR-US: IBM Financial Transaction Manager for ACH Services for Multi-Platform
CVE-2017-1757 (IBM Security Guardium 10.0 is vulnerable to SQL injection. A remote ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1756 (IBM Business Process Manager 8.6 allows web pages to be stored locally ...)
	NOT-FOR-US: IBM
CVE-2017-1755
	RESERVED
CVE-2017-1754
	RESERVED
CVE-2017-1753
	RESERVED
CVE-2017-1752
	RESERVED
CVE-2017-1751 (IBM Robotic Process Automation with Automation Anywhere 10.0.0 is ...)
	NOT-FOR-US: IBM Robotic Process Automation with Automation Anywhere
CVE-2017-1750 (IBM Jazz Reporting Service (JRS) 5.0 through 5.0.2 and 6.0 through ...)
	NOT-FOR-US: IBM Jazz Reporting Service
CVE-2017-1749
	RESERVED
CVE-2017-1748
	RESERVED
CVE-2017-1747 (A specially crafted message could cause a denial of service in IBM ...)
	NOT-FOR-US: IBM
CVE-2017-1746 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is ...)
	NOT-FOR-US: IBM Jazz for Service Management
CVE-2017-1745
	RESERVED
CVE-2017-1744
	RESERVED
CVE-2017-1743 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
	NOT-FOR-US: IBM
CVE-2017-1742
	RESERVED
CVE-2017-1741 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a ...)
	NOT-FOR-US: IBM
CVE-2017-1740 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2017-1739 (IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, and 7.0.1 is ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2017-1738
	RESERVED
CVE-2017-1737
	RESERVED
CVE-2017-1736
	RESERVED
CVE-2017-1735
	RESERVED
CVE-2017-1734 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
	NOT-FOR-US: IBM
CVE-2017-1733 (IBM QRadar 7.3 stores potentially sensitive information in log files ...)
	NOT-FOR-US: IBM
CVE-2017-1732
	RESERVED
CVE-2017-1731 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1730
	RESERVED
CVE-2017-1729
	RESERVED
CVE-2017-1728
	RESERVED
CVE-2017-1727 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 discloses sensitive ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1726
	RESERVED
CVE-2017-1725 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
	NOT-FOR-US: IBM
CVE-2017-1724 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1723 (IBM Security QRadar SIEM 7.2 and 7.3 could allow a remote attacker to ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1722 (IBM Security QRadar SIEM 7.2 and 7.3 is vulnerable to SQL injection. A ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1721 (IBM Security QRadar SIEM 7.2 and 7.3 could allow an unauthenticated ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2017-1720 (IBM Notes 8.5 and 9.0 could allow a local attacker to execute ...)
	NOT-FOR-US: IBM Notes
CVE-2017-1719
	RESERVED
CVE-2017-1718
	RESERVED
CVE-2017-1717
	RESERVED
CVE-2017-1716 (IBM Tivoli Workload Scheduler 8.6.0, 9.1.0, and 9.2.0 could disclose ...)
	NOT-FOR-US: IBM Tivoli Workload Scheduler
CVE-2017-1715
	RESERVED
CVE-2017-1714 (IBM Notes and Domino NSD 8.5 and 9.0 could allow an authenticated ...)
	NOT-FOR-US: IBM Notes and Domino NSD
CVE-2017-1713
	RESERVED
CVE-2017-1712
	RESERVED
CVE-2017-1711 (IBM iNotes 8.5 and 9.0 SUService can be misguided into running ...)
	NOT-FOR-US: IBM iNotes
CVE-2017-1710 (A vulnerability in the Service Assistant GUI in IBM Storwize V7000 ...)
	NOT-FOR-US: IBM
CVE-2017-1709
	RESERVED
CVE-2017-1708
	RESERVED
CVE-2017-1707
	RESERVED
CVE-2017-1706
	RESERVED
CVE-2017-1705 (IBM Security Privileged Identity Manager 2.1.0 contains left-over, ...)
	NOT-FOR-US: IBM
CVE-2017-1704
	RESERVED
CVE-2017-1703
	RESERVED
CVE-2017-1702
	RESERVED
CVE-2017-1701 (IBM Team Concert (RTC) 5.0, 5.0.1, 5.0.2, 6.0, 6.0.1, 6.0.2, 6.0.3, ...)
	NOT-FOR-US: IBM
CVE-2017-1700 (IBM Jazz Team Server affecting the following IBM Rational Products: ...)
	NOT-FOR-US: IBM
CVE-2017-1699 (IBM MQ Managed File Transfer Agent 8.0 and 9.0 sets insecure ...)
	NOT-FOR-US: IBM MQ Managed File Transfer Agent
CVE-2017-1698 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could reveal sensitive ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1697
	RESERVED
CVE-2017-1696 (IBM QRadar 7.2 and 7.3 could allow a remote authenticated attacker to ...)
	NOT-FOR-US: IBM QRadar
CVE-2017-1695
	RESERVED
CVE-2017-1694 (IBM Integration Bus 9.0 and 10.0 transmits user credentials in plain ...)
	NOT-FOR-US: IBM Integration Bus
CVE-2017-1693 (IBM Integration Bus 9.0 and 10.0 could allow an attacker that has ...)
	NOT-FOR-US: IBM Integration Bus
CVE-2017-1692 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability ...)
	NOT-FOR-US: IBM AIX
CVE-2017-1691
	RESERVED
CVE-2017-1690
	RESERVED
CVE-2017-1689 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1688 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1687
	RESERVED
CVE-2017-1686
	RESERVED
CVE-2017-1685
	RESERVED
CVE-2017-1684
	RESERVED
CVE-2017-1683 (IBM Connections Engagement Center 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Connections Engagement Center
CVE-2017-1682 (IBM Connections 4.0, 4.5, 5.0, 5.5, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM Connections
CVE-2017-1681 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2017-1680
	RESERVED
CVE-2017-1679
	RESERVED
CVE-2017-1678 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1677 (IBM Data Server Driver for JDBC and SQLJ (IBM DB2 for Linux, UNIX and ...)
	NOT-FOR-US: IBM
CVE-2017-1676
	RESERVED
CVE-2017-1675
	RESERVED
CVE-2017-1674
	RESERVED
CVE-2017-1673 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1672 (IBM Tivoli Key Lifecycle Manager 2.6 and 2.7 is vulnerable to ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1671 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1670 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1669 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 stores sensitive ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1668 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1667
	RESERVED
CVE-2017-1666 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to a ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1665 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1664 (IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 uses weaker than ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2017-1663
	RESERVED
CVE-2017-1662
	RESERVED
CVE-2017-1661
	RESERVED
CVE-2017-1660
	RESERVED
CVE-2017-1659
	RESERVED
CVE-2017-1658
	RESERVED
CVE-2017-1657
	RESERVED
CVE-2017-1656
	RESERVED
CVE-2017-1655 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2017-1654 (IBM Spectrum Scale 4.1.1 and 4.2.0 - 4.2.3 could allow a local ...)
	NOT-FOR-US: IBM
CVE-2017-1653 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM Jazz Foundation
CVE-2017-1652
	RESERVED
CVE-2017-1651
	RESERVED
CVE-2017-1650 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1649
	RESERVED
CVE-2017-1648
	RESERVED
CVE-2017-1647
	RESERVED
CVE-2017-1646
	RESERVED
CVE-2017-1645
	RESERVED
CVE-2017-1644
	RESERVED
CVE-2017-1643
	RESERVED
CVE-2017-1642
	RESERVED
CVE-2017-1641
	RESERVED
CVE-2017-1640
	RESERVED
CVE-2017-1639
	RESERVED
CVE-2017-1638
	RESERVED
CVE-2017-1637
	RESERVED
CVE-2017-1636
	RESERVED
CVE-2017-1635 (IBM Tivoli Monitoring V6 6.2.2.x could allow a remote attacker to ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2017-1634
	RESERVED
CVE-2017-1633
	RESERVED
CVE-2017-1632 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1631 (IBM Jazz for Service Management (IBM Tivoli Components 1.1.3) is ...)
	NOT-FOR-US: IBM Jazz for Service Management
CVE-2017-1630
	RESERVED
CVE-2017-1629 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2017-1628 (IBM Business Process Manager 8.6.0.0 allows authenticated users to ...)
	NOT-FOR-US: IBM
CVE-2017-1627
	RESERVED
CVE-2017-1626
	RESERVED
CVE-2017-1625 (IBM Pulse for QRadar 1.0.0 - 1.0.3 discloses sensitive information to ...)
	NOT-FOR-US: IBM
CVE-2017-1624 (IBM QRadar 7.3 and 7.3.1 specifies permissions for a security-critical ...)
	NOT-FOR-US: IBM
CVE-2017-1623 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM QRadar
CVE-2017-1622
	RESERVED
CVE-2017-1621
	RESERVED
CVE-2017-1620
	RESERVED
CVE-2017-1619
	RESERVED
CVE-2017-1618
	RESERVED
CVE-2017-1617
	RESERVED
CVE-2017-1616
	RESERVED
CVE-2017-1615
	RESERVED
CVE-2017-1614
	RESERVED
CVE-2017-1613 (IBM Connections 6.0 could allow an unauthenticated remote attacker to ...)
	NOT-FOR-US: IBM Connections
CVE-2017-1612 (IBM WebSphere MQ 7.0, 7.1, 7.5, 8.0, and 9.0 service trace module ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1611
	RESERVED
CVE-2017-1610
	RESERVED
CVE-2017-1609
	RESERVED
CVE-2017-1608
	RESERVED
CVE-2017-1607 (IBM DOORS Next Generation (DNG/RRC) 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1606 (IBM Financial Transaction Manager (FTM) for Multi-Platform (MP) ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2017-1605
	RESERVED
CVE-2017-1604 (IBM Maximo Anywhere 7.5 and 7.6 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Maximo Anywhere
CVE-2017-1603
	RESERVED
CVE-2017-1602 (IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and ...)
	NOT-FOR-US: IBM
CVE-2017-1601 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1600 (IBM Security Guardium 10.0 Database Activity Monitor is vulnerable to ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1599
	RESERVED
CVE-2017-1598 (IBM Security Guardium 10.0 Database Activity Monitor uses weaker than ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1597
	RESERVED
CVE-2017-1596 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1595 (IBM Security Guardium 10.0 Database Activity Monitor could allow a ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1594
	RESERVED
CVE-2017-1593 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1592
	RESERVED
CVE-2017-1591 (IBM WebSphere DataPower Appliances 7.0.0 through 7.6 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1590
	RESERVED
CVE-2017-1589
	RESERVED
CVE-2017-1588
	RESERVED
CVE-2017-1587
	RESERVED
CVE-2017-1586
	RESERVED
CVE-2017-1585
	RESERVED
CVE-2017-1584
	RESERVED
CVE-2017-1583 (IBM WebSphere Application Server (IBM Liberty for Java for Bluemix ...)
	NOT-FOR-US: IBM
CVE-2017-1582
	RESERVED
CVE-2017-1581
	RESERVED
CVE-2017-1580
	RESERVED
CVE-2017-1579
	RESERVED
CVE-2017-1578
	RESERVED
CVE-2017-1577 (IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2017-1576
	RESERVED
CVE-2017-1575
	RESERVED
CVE-2017-1574
	RESERVED
CVE-2017-1573
	RESERVED
CVE-2017-1572
	RESERVED
CVE-2017-1571 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, ...)
	NOT-FOR-US: IBM
CVE-2017-1570 (IBM Jazz Foundation products could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2017-1569 (IBM WebSphere Commerce 7.0 and 8.0 contains an unspecified ...)
	NOT-FOR-US: IBM
CVE-2017-1568
	RESERVED
CVE-2017-1567 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1566
	RESERVED
CVE-2017-1565
	RESERVED
CVE-2017-1564
	RESERVED
CVE-2017-1563 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1562
	RESERVED
CVE-2017-1561
	RESERVED
CVE-2017-1560 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1559
	RESERVED
CVE-2017-1558 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2017-1557 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user with ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2017-1556 (IBM API Connect 5.0.7.0 through 5.0.7.2 is vulnerable to a regular ...)
	NOT-FOR-US: IBM
CVE-2017-1555 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2017-1554 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2017-1553 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1552 (IBM Infosphere BigInsights 4.2.0 and 4.2.5 is vulnerable to link ...)
	NOT-FOR-US: IBM
CVE-2017-1551 (IBM API Connect 5.0.0.0 through 5.0.7.2 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2017-1550 (IBM Sterling File Gateway 2.2 could allow an authenticated user to ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1549 (IBM Sterling File Gateway 2.2 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1548 (IBM Sterling File Gateway 2.2 could allow a remote attacker to ...)
	NOT-FOR-US: IBM Sterling File Gateway
CVE-2017-1547
	RESERVED
CVE-2017-1546 (IBM DOORS Next Generation (DNG/RRC) 4.07, 5.0, and 6.0 is vulnerable ...)
	NOT-FOR-US: IBM DOORS Next Generation
CVE-2017-1545 (IBM Doors Web Access 9.5 and 9.6 could allow an attacker with physical ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1544
	RESERVED
CVE-2017-1543
	RESERVED
CVE-2017-1542
	RESERVED
CVE-2017-1541 (A flaw in the AIX 5.3, 6.1, 7.1, and 7.2 JRE/SDK installp and updatep ...)
	NOT-FOR-US: IBM
CVE-2017-1540 (IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1539 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1538 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
	NOT-FOR-US: IBM
CVE-2017-1537
	RESERVED
CVE-2017-1536 (IBM Support Tools for Lotus WCM (IBM WebSphere Portal 7.0, 8.0, 8.5 ...)
	NOT-FOR-US: IBM Support Tools for Lotus WCM
CVE-2017-1535 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1534 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 could allow a ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1533 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1532 (IBM DOORS 9.5 and 9.6 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM DOORS
CVE-2017-1531 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1530 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1529
	RESERVED
CVE-2017-1528
	RESERVED
CVE-2017-1527 (IBM Business Process Manager 7.5, 8.0, and 8.5 is vulnerable to a XML ...)
	NOT-FOR-US: IBM
CVE-2017-1526
	RESERVED
CVE-2017-1525
	RESERVED
CVE-2017-1524 (IBM Jazz Foundation (IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2017-1523 (IBM InfoSphere Master Data Management - Collaborative Edition 11.5 ...)
	NOT-FOR-US: IBM
CVE-2017-1522 (IBM Content Navigator &amp; CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1521 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1520 (IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorized ...)
	NOT-FOR-US: IBM
CVE-2017-1519 (IBM DB2 10.5 and 11.1 contains a denial of service vulnerability. A ...)
	NOT-FOR-US: IBM
CVE-2017-1518
	RESERVED
CVE-2017-1517
	RESERVED
CVE-2017-1516 (IBM Doors Web Access 9.5 and 9.6 could allow a remote attacker to ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1515 (IBM Doors Web Access 9.5 and 9.6 could allow an authenticated user to ...)
	NOT-FOR-US: IBM Doors Web Access
CVE-2017-1514
	RESERVED
CVE-2017-1513
	RESERVED
CVE-2017-1512
	RESERVED
CVE-2017-1511
	RESERVED
CVE-2017-1510
	RESERVED
CVE-2017-1509
	RESERVED
CVE-2017-1508 (IBM Informix Dynamic Server 12.1 could allow a local user logged in ...)
	NOT-FOR-US: IBM
CVE-2017-1507 (IBM Jazz Foundation Products could disclose sensitive information ...)
	NOT-FOR-US: IBM Jazz Foundation Products
CVE-2017-1506 (IBM Cognos TM1 10.2 and 10.2.2 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Cognos TM1
CVE-2017-1505
	RESERVED
CVE-2017-1504 (IBM WebSphere Application Server version 9.0.0.4 could provide weaker ...)
	NOT-FOR-US: IBM
CVE-2017-1503 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2017-1502 (IBM Content Navigator &amp; CMIS 2.0.3, 3.0.0, and 3.0.1 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1501 (IBM WebSphere Application Server 8.0, 8.5, and 9.0 could provide ...)
	NOT-FOR-US: IBM
CVE-2017-1500 (A Reflected Cross Site Scripting (XSS) vulnerability exists in the ...)
	NOT-FOR-US: IBM
CVE-2017-1499 (IBM Maximo Asset Management 7.5 and 7.6 could allow a remote attacker ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2017-1498 (IBM Connections 5.5 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1497 (IBM Sterling File Gateway 2.2 could allow an unauthorized user to view ...)
	NOT-FOR-US: IBM
CVE-2017-1496 (IBM Sterling B2B Integrator Standard Edition 5.2.x is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1495 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...)
	NOT-FOR-US: IBM
CVE-2017-1494 (IBM Business Process Manager 8.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2017-1493 (IBM UrbanCode Deploy (UCD) 6.1 and 6.2 could allow an authenticated ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2017-1492
	RESERVED
CVE-2017-1491 (IBM QRadar Network Security 5.4 supports interaction between multiple ...)
	NOT-FOR-US: IBM
CVE-2017-1490 (An unspecified vulnerability in the Lifecycle Query Engine of Jazz ...)
	NOT-FOR-US: IBM
CVE-2017-1489 (IBM Security Access Manager 6.1, 7.0, 8.0, and 9.0 e-community ...)
	NOT-FOR-US: IBM
CVE-2017-1488
	RESERVED
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-1487 (IBM Sterling File Gateway 2.2 could allow an authenticated attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1486 (IBM Cognos Business Intelligence 10.2, 10.2.1, 10.2.1.1, and 10.2.2 is ...)
	NOT-FOR-US: IBM
CVE-2017-1485 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1484 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
	NOT-FOR-US: IBM
CVE-2017-1483 (IBM Security Identity Manager Adapters 6.0 and 7.0 does not perform an ...)
	NOT-FOR-US: IBM
CVE-2017-1482 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1481 (IBM Sterling B2B Integrator Standard Edition 5.2 allows a user to view ...)
	NOT-FOR-US: IBM
CVE-2017-1480
	RESERVED
CVE-2017-1479
	RESERVED
CVE-2017-1478 (IBM Security Access Manager Appliance 9.0.0 allows web pages to be ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1477 (IBM Security Access Manager Appliance 9.0.3 is vulnerable to a XML ...)
	NOT-FOR-US: IBM
CVE-2017-1476
	RESERVED
CVE-2017-1475
	RESERVED
CVE-2017-1474
	RESERVED
CVE-2017-1473 (IBM Security Access Manager Appliance 8.0.0 through 8.0.1.6 and 9.0.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1472
	RESERVED
CVE-2017-1471
	RESERVED
CVE-2017-1470
	RESERVED
CVE-2017-1469 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...)
	NOT-FOR-US: IBM
CVE-2017-1468 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 could allow a ...)
	NOT-FOR-US: IBM
CVE-2017-1467 (A network layer security vulnerability in InfoSphere Information ...)
	NOT-FOR-US: IBM
CVE-2017-1466
	RESERVED
CVE-2017-1465 (IBM TRIRIGA 3.2, 3.3, 3.4, and 3.5 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1464
	RESERVED
CVE-2017-1463
	RESERVED
CVE-2017-1462 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM Rhapsody DM
CVE-2017-1461 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1460 (IBM i OSPF 6.1, 7.1, 7.2, and 7.3 is vulnerable when a rogue router ...)
	NOT-FOR-US: IBM
CVE-2017-1459 (IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies ...)
	NOT-FOR-US: IBM Security Access Manager Appliance
CVE-2017-1458 (IBM QRadar Network Security 5.4 is vulnerable to a XML External Entity ...)
	NOT-FOR-US: IBM
CVE-2017-1457 (IBM QRadar Network Security 5.4 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2017-1456
	RESERVED
CVE-2017-1455
	RESERVED
CVE-2017-1454
	RESERVED
CVE-2017-1453 (IBM Security Access Manager Appliance 9.0.3 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2017-1452 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1451 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1450 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1449 (IBM Emptoris Sourcing 9.5 - 10.1.3 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1448 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could ...)
	NOT-FOR-US: IBM
CVE-2017-1447 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1446 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1445 (IBM Emptoris Spend Analysis 9.5.0.0 through 10.1.1 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1444 (IBM Emptoris Sourcing 9.5 - 10.1.3 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1443 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1442 (IBM Emptoris Services Procurement 10.0.0.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1441 (IBM Emptoris Services Procurement 10.0.0.5 could allow a local user to ...)
	NOT-FOR-US: IBM
CVE-2017-1440 (IBM Emptoris Services Procurement 10.0.0.5 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2017-1439 (IBM DB2 for Linux, UNIX and Windows 9.7, 10,1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1438 (IBM DB2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1437
	RESERVED
CVE-2017-1436
	RESERVED
CVE-2017-1435
	RESERVED
CVE-2017-1434 (IBM DB2 for Linux, UNIX and Windows 11.1 (includes DB2 Connect Server) ...)
	NOT-FOR-US: IBM
CVE-2017-1433 (IBM WebSphere MQ 7.5, 8.0, and 9.0 could allow an authenticated user ...)
	NOT-FOR-US: IBM
CVE-2017-1432
	RESERVED
CVE-2017-1431 (IBM InfoSphere Streams 4.0, 4.1, and 4.2 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1430
	RESERVED
CVE-2017-1429 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1428 (IBM Cognos Analytics 11.0 could allow a remote attacker to hijack the ...)
	NOT-FOR-US: IBM
CVE-2017-1427 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1426
	RESERVED
CVE-2017-1425 (IBM Business Process Manager 8.0.1.1 and 8.5.7 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1424 (IBM Business Process Manager 8.5.7 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1423 (IBM WebSphere Portal 8.5 and 9.0 exposes backend server URLs that are ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2017-1422 (IBM MaaS360 DTM all versions up to 3.81 does not perform proper ...)
	NOT-FOR-US: IBM
CVE-2017-1421 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM iNotes
CVE-2017-1420
	RESERVED
CVE-2017-1419
	RESERVED
CVE-2017-1418
	RESERVED
CVE-2017-1417
	RESERVED
CVE-2017-1416
	RESERVED
CVE-2017-1415
	RESERVED
CVE-2017-1414
	RESERVED
CVE-2017-1413
	RESERVED
CVE-2017-1412
	RESERVED
CVE-2017-1411
	RESERVED
CVE-2017-1410
	RESERVED
CVE-2017-1409
	RESERVED
CVE-2017-1408
	RESERVED
CVE-2017-1407 (IBM Security Identity Manager Virtual Appliance 6.0 and 7.0 could ...)
	NOT-FOR-US: IBM
CVE-2017-1406
	RESERVED
CVE-2017-1405
	RESERVED
CVE-2017-1404
	RESERVED
CVE-2017-1403
	RESERVED
CVE-2017-1402
	RESERVED
CVE-2017-1401
	RESERVED
CVE-2017-1400
	RESERVED
CVE-2017-1399
	RESERVED
CVE-2017-1398 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
	NOT-FOR-US: IBM
CVE-2017-1397
	RESERVED
CVE-2017-1396
	RESERVED
CVE-2017-1395
	RESERVED
CVE-2017-1394
	RESERVED
CVE-2017-1393
	RESERVED
CVE-2017-1392
	RESERVED
CVE-2017-1391
	RESERVED
CVE-2017-1390
	RESERVED
CVE-2017-1389
	RESERVED
CVE-2017-1388
	RESERVED
CVE-2017-1387
	RESERVED
CVE-2017-1386 (IBM API Connect 5.0.0.0 could allow a user to bypass policy ...)
	NOT-FOR-US: IBM
CVE-2017-1385
	RESERVED
CVE-2017-1384
	RESERVED
CVE-2017-1383 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1382 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 might create ...)
	NOT-FOR-US: IBM
CVE-2017-1381 (IBM WebSphere Application Server Proxy Server or On-demand-router ...)
	NOT-FOR-US: IBM
CVE-2017-1380 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2017-1379 (IBM API Connect 5.0.0.0 could allow a remote attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2017-1378 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...)
	NOT-FOR-US: IBM
CVE-2017-1377 (IBM Runbook Automation reveals sensitive information in error messages ...)
	NOT-FOR-US: IBM
CVE-2017-1376 (A flaw in the IBM J9 VM class verifier allows untrusted code to ...)
	NOT-FOR-US: IBM JDK
CVE-2017-1375 (IBM System Storage Storwize V7000 Unified (V7000U) 1.5 and 1.6 uses ...)
	NOT-FOR-US: IBM
CVE-2017-1374 (Sensitive data can be exposed in the IBM TRIRIGA Application Platform ...)
	NOT-FOR-US: IBM
CVE-2017-1373 (Reports executed in the IBM TRIRIGA Application Platform 3.3, 3.4, and ...)
	NOT-FOR-US: IBM
CVE-2017-1372 (IBM TRIRIGA Application Platform 3.3, 3.4, and 3.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1371 (Builder tools running in the IBM TRIRIGA Application Platform 3.3, ...)
	NOT-FOR-US: IBM
CVE-2017-1370 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive ...)
	NOT-FOR-US: IBM
CVE-2017-1369 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1368
	RESERVED
CVE-2017-1367
	RESERVED
CVE-2017-1366
	RESERVED
CVE-2017-1365 (IBM Team Concert (RTC including IBM Rational Collaborative Lifecycle ...)
	NOT-FOR-US: IBM Team Concert
CVE-2017-1364 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1363 (IBM Team Concert (RTC) is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1362 (IBM Security Identity Manager Adapters 6.0 and 7.0 stores user ...)
	NOT-FOR-US: IBM
CVE-2017-1361
	RESERVED
CVE-2017-1360
	RESERVED
CVE-2017-1359 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1358
	RESERVED
CVE-2017-1357 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2017-1356 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2017-1355 (IBM Atlas eDiscovery Process Management 6.0.3 stores sensitive ...)
	NOT-FOR-US: IBM
CVE-2017-1354 (IBM Atlas eDiscovery Process Management 6.0.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1353 (IBM Atlas eDiscovery Process Management 6.0.3 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1352 (IBM Maximo Asset Management 7.5 and 7.6 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2017-1351
	RESERVED
CVE-2017-1350
	RESERVED
CVE-2017-1349 (IBM Sterling B2B Integrator Standard Edition 5.2 stores potentially ...)
	NOT-FOR-US: IBM
CVE-2017-1348 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1347 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2017-1346 (IBM Business Process Manager 7.5, 8.0, and 8.5 temporarily stores ...)
	NOT-FOR-US: IBM
CVE-2017-1345 (IBM Insights Foundation for Energy 2.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1344
	RESERVED
CVE-2017-1343
	RESERVED
CVE-2017-1342 (IBM Insights Foundation for Energy 2.0 could reveal sensitive ...)
	NOT-FOR-US: IBM
CVE-2017-1341 (IBM WebSphere MQ 8.0 and 9.0 could allow, under special circumstances, ...)
	NOT-FOR-US: IBM
CVE-2017-1340 (IBM Jazz Reporting Service (JRS) 6.0.4 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2017-1339 (IBM Spectrum Protect 7.1 and 8.1 (formerly Tivoli Storage Manager) ...)
	NOT-FOR-US: IBM
CVE-2017-1338 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1337 (IBM WebSphere MQ 9.0.1 and 9.0.2 Java/JMS application can incorrectly ...)
	NOT-FOR-US: IBM
CVE-2017-1336 (IBM Infosphere BigInsights 4.2.0 could allow an attacker to inject ...)
	NOT-FOR-US: IBM
CVE-2017-1335 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1334 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1333 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1332 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1331 (IBM Content Navigator 2.0.3 and 3.0.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1330
	RESERVED
CVE-2017-1329
	RESERVED
CVE-2017-1328 (IBM API Connect 5.0.0.0 - 5.0.6.0 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1327 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1326 (IBM Sterling File Gateway does not properly restrict user requests ...)
	NOT-FOR-US: IBM
CVE-2017-1325 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1324 (IBM RELM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1323
	RESERVED
CVE-2017-1322 (IBM API Connect 5.0.6.0 is vulnerable to an XML External Entity ...)
	NOT-FOR-US: IBM
CVE-2017-1321 (IBM InfoSphere Information Server 9.1, 11.3, and 11.5 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1320 (IBM Tivoli Federated Identity Manager 6.2 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1319 (IBM Tivoli Federated Identity Manager 6.2 is affected by a ...)
	NOT-FOR-US: IBM
CVE-2017-1318 (IBM MQ Appliance 8.0 and 9.0 could allow an authenticated messaging ...)
	NOT-FOR-US: IBM
CVE-2017-1317
	RESERVED
CVE-2017-1316
	RESERVED
CVE-2017-1315
	RESERVED
CVE-2017-1314
	RESERVED
CVE-2017-1313
	RESERVED
CVE-2017-1312
	RESERVED
CVE-2017-1311 (IBM Insights Foundation for Energy 2.0 is vulnerable to SQL injection. ...)
	NOT-FOR-US: IBM
CVE-2017-1310 (IBM Informix Dynamic Server 12.1 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2017-1309 (IBM InfoSphere Master Data Management Server 11.0 - 11.6 stores user ...)
	NOT-FOR-US: IBM
CVE-2017-1308 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0 ...)
	NOT-FOR-US: IBM
CVE-2017-1307
	RESERVED
CVE-2017-1306
	RESERVED
CVE-2017-1305 (IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1304 (IBM has identified a vulnerability with IBM Spectrum Scale/GPFS ...)
	NOT-FOR-US: IBM
CVE-2017-1303 (IBM WebSphere Portal and Web Content Manager 7.0, 8.0, 8.5, and 9.0 is ...)
	NOT-FOR-US: IBM
CVE-2017-1302 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow a local ...)
	NOT-FOR-US: IBM
CVE-2017-1301 (IBM Spectrum Protect 7.1 and 8.1 could allow a local attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1300 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1299
	RESERVED
CVE-2017-1298
	REJECTED
CVE-2017-1297 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1296
	RESERVED
CVE-2017-1295 (IBM RSA DM contains unspecified vulnerability in CLM Applications with ...)
	NOT-FOR-US: IBM
CVE-2017-1294
	RESERVED
CVE-2017-1293
	RESERVED
CVE-2017-1292 (IBM Maximo Asset Management 7.5 and 7.6 generates error messages that ...)
	NOT-FOR-US: IBM
CVE-2017-1291 (IBM Maximo Asset Management 7.5 and 7.6 is vulnerable to HTTP response ...)
	NOT-FOR-US: IBM
CVE-2017-1290 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1289 (IBM SDK, Java Technology Edition is vulnerable XML External Entity ...)
	NOT-FOR-US: IBM JDK
CVE-2017-1288
	RESERVED
CVE-2017-1287 (IBM Rhapsody DM 5.0 and 6.0 could allow a remote attacker to conduct ...)
	NOT-FOR-US: IBM
CVE-2017-1286
	RESERVED
CVE-2017-1285 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow an authenticated user ...)
	NOT-FOR-US: IBM
CVE-2017-1284 (IBM WebSphere MQ 9.0.1 and 9.0.2 could allow a local user with ability ...)
	NOT-FOR-US: IBM
CVE-2017-1283 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2017-1282 (IBM Content Navigator &amp; CMIS 2.0 and 3.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1281
	RESERVED
CVE-2017-1280
	RESERVED
CVE-2017-1279 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2017-1278 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1277
	RESERVED
CVE-2017-1276 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1275
	RESERVED
CVE-2017-1274 (IBM Domino 8.5.3, and 9.0 is vulnerable to a stack based overflow in ...)
	NOT-FOR-US: IBM
CVE-2017-1273
	RESERVED
CVE-2017-1272
	RESERVED
CVE-2017-1271 (IBM Security Guardium 9.0, 9.1, and 9.5 supports interaction between ...)
	NOT-FOR-US: IBM
CVE-2017-1270 (IBM Security Guardium 10.0 does not renew a session variable after a ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1269 (IBM Security Guardium 10.0 and 10.1 is vulnerable to SQL injection. A ...)
	NOT-FOR-US: IBM
CVE-2017-1268
	RESERVED
CVE-2017-1267 (IBM Security Guardium 10.0 and 10.1 processes patches, image backups ...)
	NOT-FOR-US: IBM
CVE-2017-1266 (IBM Security Guardium 10.0 specifies permissions for a ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1265
	RESERVED
CVE-2017-1264 (IBM Security Guardium 10.0 does not prove or insufficiently proves ...)
	NOT-FOR-US: IBM
CVE-2017-1263
	RESERVED
CVE-2017-1262 (IBM Security Guardium 10.0 is vulnerable to HTTP response splitting ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1261 (IBM Security Guardium 10.0 stores potentially sensitive information in ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1260
	RESERVED
CVE-2017-1259
	RESERVED
CVE-2017-1258 (IBM Security Guardium 10.0 and 10.1 does not perform an authentication ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1257 (IBM Security Guardium 10.0 discloses sensitive information to ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1256 (IBM Security Guardium 10.0, 10.1 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1255 (IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 uses ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1254 (IBM Security Guardium 10.0 is vulnerable to a XML External Entity ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1253 (IBM Security Guardium 10.0 could allow a remote authenticated attacker ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2017-1252
	RESERVED
CVE-2017-1251 (An undisclosed vulnerability in CLM applications may result in some ...)
	NOT-FOR-US: IBM
CVE-2017-1250
	RESERVED
CVE-2017-1249 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2017-1248
	RESERVED
CVE-2017-1247 (IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1246
	RESERVED
CVE-2017-1245 (IBM Rational Software Architect Design Manager 5.0 and 6.0 is ...)
	NOT-FOR-US: IBM
CVE-2017-1244
	RESERVED
CVE-2017-1243
	RESERVED
CVE-2017-1242
	RESERVED
CVE-2017-1241 (An unspecified vulnerability in IBM Jazz Foundation based applications ...)
	NOT-FOR-US: IBM
CVE-2017-1240 (IBM Rhapsody DM products could reveal sensitive information in HTTP ...)
	NOT-FOR-US: IBM
CVE-2017-1239
	RESERVED
CVE-2017-1238
	RESERVED
CVE-2017-1237
	RESERVED
CVE-2017-1236 (IBM WebSphere MQ 9.0.2 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2017-1235 (IBM WebSphere MQ 8.0 could allow an authenticated user to cause a ...)
	NOT-FOR-US: IBM
CVE-2017-1234 (IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1233 (IBM Remote Control v9 could allow a local user to use the component to ...)
	NOT-FOR-US: IBM Remote Control
CVE-2017-1232 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1231
	RESERVED
CVE-2017-1230 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) uses ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1229 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) could allow a ...)
	NOT-FOR-US: IBM
CVE-2017-1228 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) could ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1227 (IBM Tivoli Endpoint Manager could allow a unauthorized user to consume ...)
	NOT-FOR-US: IBM
CVE-2017-1226 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1225 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) stores ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1224 (IBM Tivoli Endpoint Manager uses weaker than expected cryptographic ...)
	NOT-FOR-US: IBM
CVE-2017-1223 (IBM Tivoli Endpoint Manager could allow a remote attacker to conduct ...)
	NOT-FOR-US: IBM
CVE-2017-1222 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) does not ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1221 (IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require ...)
	NOT-FOR-US: IBM
CVE-2017-1220 (IBM Tivoli Endpoint Manager (IBM BigFix Platform 9.2 and 9.5) ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2017-1219 (IBM Tivoli Endpoint Manager is vulnerable to a XML External Entity ...)
	NOT-FOR-US: IBM
CVE-2017-1218 (IBM Tivoli Endpoint Manager is vulnerable to cross-site request ...)
	NOT-FOR-US: IBM
CVE-2017-1217 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1216
	RESERVED
CVE-2017-1215
	RESERVED
CVE-2017-1214 (IBM iNotes 8.5 and 9.0 could allow a remote attacker to send a ...)
	NOT-FOR-US: IBM
CVE-2017-1213
	RESERVED
CVE-2017-1212 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1211 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1210 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1209 (IBM Daeja ViewONE Professional, Standard &amp; Virtual 4.1.5.1 and 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2017-1208 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1207 (IBM WebSphere Message Broker stores user credentials in plain in clear ...)
	NOT-FOR-US: IBM
CVE-2017-1206
	RESERVED
CVE-2017-1205 (IBM Platform LSF 10.1 contains an unspecified vulnerability that could ...)
	NOT-FOR-US: IBM
CVE-2017-1204 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 contains ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2017-1203 (IBM Tivoli Endpoint Manager (for Lifecycle/Power/Patch) Platform and ...)
	NOT-FOR-US: IBM
CVE-2017-1202
	RESERVED
CVE-2017-1201 (IBM BigFix Compliance Analytics 1.9.79 (TEMA SUAv1 SCA SCM) stores ...)
	NOT-FOR-US: IBM
CVE-2017-1200
	RESERVED
CVE-2017-1199 (IBM InfoSphere Master Data Management Server 10.0, 11.0, 11.3, 11.4, ...)
	NOT-FOR-US: IBM
CVE-2017-1198
	RESERVED
CVE-2017-1197 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) uses an inadequate account ...)
	NOT-FOR-US: IBM
CVE-2017-1196 (IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require ...)
	NOT-FOR-US: IBM
CVE-2017-1195 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 could allow ...)
	NOT-FOR-US: IBM
CVE-2017-1194 (IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2017-1193 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow user to ...)
	NOT-FOR-US: IBM
CVE-2017-1192 (IBM Sterling B2B Integrator 5.2 is vulnerable to an XML External ...)
	NOT-FOR-US: IBM
CVE-2017-1191 (An undisclosed vulnerability in CLM applications (including IBM ...)
	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2017-1190 (IBM Emptoris Strategic Supply Management Platform 10.x and 10.1 could ...)
	NOT-FOR-US: IBM
CVE-2017-1189 (IBM WebSphere Portal and Web Content Manager 6.1, 7.0, and 8.0 is ...)
	NOT-FOR-US: IBM
CVE-2017-1188
	RESERVED
CVE-2017-1187
	RESERVED
CVE-2017-1186
	RESERVED
CVE-2017-1185
	RESERVED
CVE-2017-1184
	RESERVED
CVE-2017-1183 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...)
	NOT-FOR-US: IBM
CVE-2017-1182 (IBM Tivoli Monitoring Portal v6 could allow a local (network adjacent) ...)
	NOT-FOR-US: Oracle Primavera
CVE-2017-1181 (IBM Tivoli Monitoring Portal V6 client could allow a local attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1180 (The IBM TRIRIGA Document Manager contains a vulnerability that could ...)
	NOT-FOR-US: IBM TRIRIGA Document Manager
CVE-2017-1179 (IBM BigFix Compliance Analytics 1.9.79 uses weaker than expected ...)
	NOT-FOR-US: IBM
CVE-2017-1178 (IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable ...)
	NOT-FOR-US: IBM
CVE-2017-1177
	RESERVED
CVE-2017-1176 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local user ...)
	NOT-FOR-US: IBM
CVE-2017-1175 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2017-1174 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to SQL ...)
	NOT-FOR-US: IBM
CVE-2017-1173
	RESERVED
CVE-2017-1172
	RESERVED
CVE-2017-1171 (The IBM TRIRIGA Application Platform 3.3, 3,4, and 3,5 contain a ...)
	NOT-FOR-US: IBM
CVE-2017-1170 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
	NOT-FOR-US: IBM
CVE-2017-1169 (IBM DOORS next Generation (DNG/RRC) is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1168 (IBM Rational Engineering Lifecycle Manager 4.0, 5.0, and 6.0 is ...)
	NOT-FOR-US: IBM
CVE-2017-1167
	RESERVED
CVE-2017-1166
	RESERVED
CVE-2017-1165
	RESERVED
CVE-2017-1164 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1163
	RESERVED
CVE-2017-1162 (IBM QRadar 7.2 and 7.3 discloses sensitive information to unauthorized ...)
	NOT-FOR-US: IBM
CVE-2017-1161 (IBM API Connect 5.0.6.0 could allow a remote attacker to execute ...)
	NOT-FOR-US: IBM
CVE-2017-1160 (IBM Financial Transaction Manager for ACH Services for Multi-Platform ...)
	NOT-FOR-US: IBM
CVE-2017-1159 (IBM Business Process Manager 8.0 and 8.5 could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2017-1158
	RESERVED
CVE-2017-1157 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1156 (IBM WebSphere Portal 8.5 and 9.0 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2017-1155 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
	NOT-FOR-US: IBM
CVE-2017-1154 (IBM Algorithmics One-Algo Risk Application 4.9.1, 5.0, and 5.1.0 could ...)
	NOT-FOR-US: IBM
CVE-2017-1153 (IBM TRIRIGA Report Manager 3.2 through 3.5 contains a vulnerability ...)
	NOT-FOR-US: IBM
CVE-2017-1152 (IBM Financial Transaction Manager 3.0.1 and 3.0.2 does not properly ...)
	NOT-FOR-US: IBM
CVE-2017-1151 (IBM WebSphere Application Server 8.0, 8.5, 8.5.5, and 9.0 using OpenID ...)
	NOT-FOR-US: IBM
CVE-2017-1150 (IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) ...)
	NOT-FOR-US: IBM
CVE-2017-1149 (IBM UrbanCode Deploy (UCD) 6.0, 6.1, and 6.2 is vulnerable to a denial ...)
	NOT-FOR-US: IBM
CVE-2017-1148 (IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry ...)
	NOT-FOR-US: IBM
CVE-2017-1147 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1146 (IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1145 (IBM WebSphere MQ 8.0.0.6 does not properly terminate channel agents ...)
	NOT-FOR-US: IBM
CVE-2017-1144 (IBM WebSphere Message Broker could allow a local user with specialized ...)
	NOT-FOR-US: IBM
CVE-2017-1143 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2017-1142 (IBM Kenexa LCMS Premier on Cloud 9.x and 10.0 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2017-1141 (IBM Insights Foundation for Energy 1.0, 1.5, and 1.6 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1140 (IBM Business Process Manager 8.0 and 8.5 are vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1139
	RESERVED
CVE-2017-1138
	RESERVED
CVE-2017-1137 (IBM WebSphere Application Server 8.0 and 8.5.5 could provide weaker ...)
	NOT-FOR-US: IBM
CVE-2017-1136
	RESERVED
CVE-2017-1135
	RESERVED
CVE-2017-1134 (IBM Reliable Scalable Cluster Technology could allow a local user to ...)
	NOT-FOR-US: IBM
CVE-2017-1133 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2017-1132 (IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1131 (IBM Sterling B2B Integrator Standard Edition 5.2 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1130 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user ...)
	NOT-FOR-US: IBM
CVE-2017-1129 (IBM Notes 8.5 and 9.0 is vulnerable to a denial of service. If a user ...)
	NOT-FOR-US: IBM
CVE-2017-1128 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1127 (IBM Rational DOORS Next Generation 4.0, 5.0 and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1126 (IBM WebSphere Message Broker (IBM Integration Bus 9.0 and 10.0) could ...)
	NOT-FOR-US: IBM
CVE-2017-1125 (IBM Cognos Analytics 10.1 and 10.2 could allow a local user to craft a ...)
	NOT-FOR-US: IBM
CVE-2017-1124 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow a local ...)
	NOT-FOR-US: IBM
CVE-2017-1123
	RESERVED
CVE-2017-1122 (IBM Security Guardium 8.2, 9.0, and 10.0 contains a vulnerability that ...)
	NOT-FOR-US: IBM
CVE-2017-1121 (IBM WebSphere Application Server 7.0, 8.0, and 9.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1120 (IBM WebSphere Portal 8.5 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2017-1119
	RESERVED
CVE-2017-1118 (IBM WebSphere MQ Internet Pass-Thru 2.0 and 2.1 could allow n attacker ...)
	NOT-FOR-US: IBM
CVE-2017-1117 (IBM WebSphere MQ 8.0 and 9.0 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2017-1116 (IBM Campaign 8.6, 9.0, 9.1, 9.1.1, 9.1.2, and 10.0 contains excessive ...)
	NOT-FOR-US: IBM
CVE-2017-1115
	RESERVED
CVE-2017-1114
	RESERVED
CVE-2017-1113 (IBM Rational Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1112
	RESERVED
CVE-2017-1111
	RESERVED
CVE-2017-1110 (IBM Curam Social Program Management 6.0, 6.1, 6.2, and 7.0 contains an ...)
	NOT-FOR-US: IBM
CVE-2017-1109
	RESERVED
CVE-2017-1108
	RESERVED
CVE-2017-1107
	RESERVED
CVE-2017-1106 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1105 (IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 ...)
	NOT-FOR-US: IBM
CVE-2017-1104 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1103 (IBM Team Concert (RTC) is vulnerable to a denial of service, caused by ...)
	NOT-FOR-US: IBM
CVE-2017-1102 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1101 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1100 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1099 (IBM Jazz Foundation could expose potentially sensitive information to ...)
	NOT-FOR-US: IBM
CVE-2017-1098 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1097 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
	NOT-FOR-US: IBM
CVE-2017-1096 (IBM Jazz Reporting Service (JRS) 5.0 and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2017-1095
	RESERVED
CVE-2017-1094
	RESERVED
CVE-2017-1093 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to exploit a ...)
	NOT-FOR-US: IBM AIX
CVE-2017-1092 (IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an ...)
	NOT-FOR-US: IBM
CVE-2017-1091
	RESERVED
CVE-2017-1090
	RESERVED
CVE-2017-1089
	RESERVED
CVE-2017-1088 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: kfreebsd not covered by security support
CVE-2017-1087 (In FreeBSD 10.x before 10.4-STABLE, 10.4-RELEASE-p3, and ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: kfreebsd not covered by security support
CVE-2017-1086 (In FreeBSD before 11.1-STABLE, 11.1-RELEASE-p4, 11.0-RELEASE-p15, ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: kfreebsd not covered by security support
CVE-2017-1085
	RESERVED
CVE-2017-1084
	RESERVED
CVE-2017-1083
	RESERVED
CVE-2017-1082
	RESERVED
CVE-2017-1081 (In FreeBSD before 11.0-STABLE, 11.0-RELEASE-p10, 10.3-STABLE, and ...)
	- kfreebsd-10 <unfixed> (unimportant)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-17:04.ipfilter.asc
	NOTE: kfreebsd not covered by security support
CVE-2017-1080
	RESERVED
CVE-2017-1079
	RESERVED
CVE-2017-1078
	RESERVED
CVE-2017-1077
	RESERVED
CVE-2017-1076
	RESERVED
CVE-2017-1075
	RESERVED
CVE-2017-1074
	RESERVED
CVE-2017-1073
	RESERVED
CVE-2017-1072
	RESERVED
CVE-2017-1071
	RESERVED
CVE-2017-1070
	RESERVED
CVE-2017-1069
	RESERVED
CVE-2017-1068
	RESERVED
CVE-2017-1067
	RESERVED
CVE-2017-1066
	RESERVED
CVE-2017-1065
	RESERVED
CVE-2017-1064
	RESERVED
CVE-2017-1063
	RESERVED
CVE-2017-1062
	RESERVED
CVE-2017-1061
	RESERVED
CVE-2017-1060
	RESERVED
CVE-2017-1059
	RESERVED
CVE-2017-1058
	RESERVED
CVE-2017-1057
	RESERVED
CVE-2017-1056
	RESERVED
CVE-2017-1055
	RESERVED
CVE-2017-1054
	RESERVED
CVE-2017-1053
	RESERVED
CVE-2017-1052
	RESERVED
CVE-2017-1051
	RESERVED
CVE-2017-1050
	RESERVED
CVE-2017-1049
	RESERVED
CVE-2017-1048
	RESERVED
CVE-2017-1047
	RESERVED
CVE-2017-1046
	RESERVED
CVE-2017-1045
	RESERVED
CVE-2017-1044
	RESERVED
CVE-2017-1043
	RESERVED
CVE-2017-1042
	RESERVED
CVE-2017-1041
	RESERVED
CVE-2017-1040
	RESERVED
CVE-2017-1039
	RESERVED
CVE-2017-1038
	RESERVED
CVE-2017-1037
	RESERVED
CVE-2017-1036
	RESERVED
CVE-2017-1035
	RESERVED
CVE-2017-1034
	RESERVED
CVE-2017-1033
	RESERVED
CVE-2017-1032
	RESERVED
CVE-2017-1031
	RESERVED
CVE-2017-1030
	RESERVED
CVE-2017-1029
	RESERVED
CVE-2017-1028
	RESERVED
CVE-2017-1027
	RESERVED
CVE-2017-1026
	RESERVED
CVE-2017-1025
	RESERVED
CVE-2017-1024
	RESERVED
CVE-2017-1023
	RESERVED
CVE-2017-1022
	RESERVED
CVE-2017-1021
	RESERVED
CVE-2017-1020
	RESERVED
CVE-2017-1019
	RESERVED
CVE-2017-1018
	RESERVED
CVE-2017-1017
	RESERVED
CVE-2017-1016
	RESERVED
CVE-2017-1015
	RESERVED
CVE-2017-1014
	RESERVED
CVE-2017-1013
	RESERVED
CVE-2017-1012
	RESERVED
CVE-2017-1011
	RESERVED
CVE-2017-1010
	RESERVED
CVE-2017-1009
	RESERVED
CVE-2017-1008
	RESERVED
CVE-2017-1007
	RESERVED
CVE-2017-1006
	RESERVED
CVE-2017-1005
	RESERVED
CVE-2017-1004
	RESERVED
CVE-2017-1003
	RESERVED
CVE-2017-1002
	RESERVED
CVE-2017-1001
	RESERVED
CVE-2017-1000
	RESERVED
CVE-2017-0999
	RESERVED
CVE-2017-0998
	RESERVED
CVE-2017-0997
	RESERVED
CVE-2017-0996
	RESERVED
CVE-2017-0995
	RESERVED
CVE-2017-0994
	RESERVED
CVE-2017-0993
	RESERVED
CVE-2017-0992
	RESERVED
CVE-2017-0991
	RESERVED
CVE-2017-0990
	RESERVED
CVE-2017-0989
	RESERVED
CVE-2017-0988
	RESERVED
CVE-2017-0987
	RESERVED
CVE-2017-0986
	RESERVED
CVE-2017-0985
	RESERVED
CVE-2017-0984
	RESERVED
CVE-2017-0983
	RESERVED
CVE-2017-0982
	RESERVED
CVE-2017-0981
	RESERVED
CVE-2017-0980
	RESERVED
CVE-2017-0979
	RESERVED
CVE-2017-0978
	RESERVED
CVE-2017-0977
	RESERVED
CVE-2017-0976
	RESERVED
CVE-2017-0975
	RESERVED
CVE-2017-0974
	RESERVED
CVE-2017-0973
	RESERVED
CVE-2017-0972
	RESERVED
CVE-2017-0971
	RESERVED
CVE-2017-0970
	RESERVED
CVE-2017-0969
	RESERVED
CVE-2017-0968
	RESERVED
CVE-2017-0967
	RESERVED
CVE-2017-0966
	RESERVED
CVE-2017-0965
	RESERVED
CVE-2017-0964
	RESERVED
CVE-2017-0963
	RESERVED
CVE-2017-0962
	RESERVED
CVE-2017-0961
	RESERVED
CVE-2017-0960
	RESERVED
CVE-2017-0959
	RESERVED
CVE-2017-0958
	RESERVED
CVE-2017-0957
	RESERVED
CVE-2017-0956
	RESERVED
CVE-2017-0955
	RESERVED
CVE-2017-0954
	RESERVED
CVE-2017-0953
	RESERVED
CVE-2017-0952
	RESERVED
CVE-2017-0951
	RESERVED
CVE-2017-0950
	RESERVED
CVE-2017-0949
	RESERVED
CVE-2017-0948
	RESERVED
CVE-2017-0947
	RESERVED
CVE-2017-0946
	RESERVED
CVE-2017-0945
	RESERVED
CVE-2017-0944
	RESERVED
CVE-2017-0943
	RESERVED
CVE-2017-0942
	RESERVED
CVE-2017-0941
	RESERVED
CVE-2017-0940
	RESERVED
CVE-2017-0939
	RESERVED
CVE-2017-0938
	RESERVED
CVE-2017-0937
	RESERVED
CVE-2017-0936 (Nextcloud Server before 11.0.7 and 12.0.5 suffers from an ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0935 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0934 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from an ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0933 (Ubiquiti Networks EdgeOS version 1.9.1 and prior suffer from a ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0932 (Ubiquiti Networks EdgeOS version 1.9.1.1 and prior suffer from an ...)
	NOT-FOR-US: Ubiquiti Networks EdgeOS
CVE-2017-0931
	RESERVED
CVE-2017-0930
	RESERVED
CVE-2017-0929
	RESERVED
CVE-2017-0928
	RESERVED
CVE-2017-0927 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0926 (Gitlab Community Edition version 10.3 is vulnerable to an improper ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0925 (Gitlab Enterprise Edition version 10.1.0 is vulnerable to an ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0924 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...)
	- gitlab 10.5.5+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 9.0 and later)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0923 (Gitlab Community Edition version 9.1 is vulnerable to lack of input ...)
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	[stretch] - gitlab <not-affected> (Doesn't affect 8.x)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0922 (Gitlab Enterprise Edition version 10.3 is vulnerable to an ...)
	- gitlab 10.5.5+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 9.1 and later)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0921
	RESERVED
CVE-2017-0920 (GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and ...)
	- gitlab 10.5.5+dfsg-1
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0919
	RESERVED
CVE-2017-0918 (Gitlab Community Edition version 10.3 is vulnerable to a path ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0917 (Gitlab Community Edition version 10.2.4 is vulnerable to lack of input ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0916 (Gitlab Community Edition version 10.3 is vulnerable to a lack of input ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/commit/7fc0a6fc096768a5604d6dd24d7d952e53300c82
CVE-2017-0915 (Gitlab Community Edition version 10.2.4 is vulnerable to a lack of ...)
	{DSA-4145-1}
	- gitlab 10.5.5+dfsg-1 (bug #888508)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0914 (Gitlab Community and Enterprise Editions version 10.1, 10.2, and ...)
	- gitlab 10.5.5+dfsg-1
	[stretch] - gitlab <not-affected> (Only affects 9.4 and later)
	NOTE: https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/
CVE-2017-0913
	RESERVED
CVE-2017-0912
	RESERVED
CVE-2017-0911 (Twitter Kit for iOS versions 3.0 to 3.2.1 is vulnerable to a callback ...)
	NOT-FOR-US: Twitter Kit for iOS
CVE-2017-0910 (In Zulip Server before 1.7.1, on a server with multiple realms, a ...)
	- zulip-server <itp> (bug #800052)
CVE-2017-0909 (The private_address_check ruby gem before 0.4.1 is vulnerable to a ...)
	NOT-FOR-US: private_address_check ruby gem
CVE-2017-0908
	REJECTED
CVE-2017-0907 (The Recurly Client .NET Library before 1.0.1, 1.1.10, 1.2.8, 1.3.2, ...)
	NOT-FOR-US: Recurly Client .NET Library
CVE-2017-0906 (The Recurly Client Python Library before 2.0.5, 2.1.16, 2.2.22, 2.3.1, ...)
	NOT-FOR-US: Recurly Client Python Library
CVE-2017-0905 (The Recurly Client Ruby Library before 2.0.13, 2.1.11, 2.2.5, 2.3.10, ...)
	NOT-FOR-US: Recurly Client Ruby Library
CVE-2017-0904 (The private_address_check ruby gem before 0.4.0 is vulnerable to a ...)
	NOT-FOR-US: private_address_check ruby gem
CVE-2017-0903 (RubyGems versions between 2.0.0 and 2.6.13 are vulnerable to a ...)
	{DSA-4031-1}
	- ruby2.3 2.3.5-1 (bug #879231)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2017/10/10/2
	NOTE: https://justi.cz/security/2017/10/07/rubygems-org-rce.html
	NOTE: Fixed by: https://github.com/rubygems/rubygems/commit/510b1638ac9bba3ceb7a5d73135dafff9e5bab49
CVE-2017-0902 (RubyGems version 2.6.12 and earlier is vulnerable to a DNS hijacking ...)
	{DSA-3966-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <not-affected> (Vulnerable code introduced later)
	- rubygems <removed>
	[wheezy] - rubygems <not-affected> (Vulnerable code introduced later)
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0901 (RubyGems version 2.6.12 and earlier fails to validate specification ...)
	{DSA-3966-1 DLA-1114-1 DLA-1112-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0900 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
	{DSA-3966-1 DLA-1114-1 DLA-1112-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #873802)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- rubygems <removed>
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
CVE-2017-0899 (RubyGems version 2.6.12 and earlier is vulnerable to maliciously ...)
	{DSA-3966-1 DLA-1114-1}
	- ruby2.3 2.3.3-1+deb9u1 (unimportant; bug #873802)
	- ruby2.1 <removed> (unimportant)
	- ruby1.9.1 <removed> (unimportant)
	- rubygems <removed> (unimportant)
	NOTE: https://www.ruby-lang.org/en/news/2017/08/29/multiple-vulnerabilities-in-rubygems/
	NOTE: http://blog.rubygems.org/2017/08/27/2.6.13-released.html
	NOTE: For Ruby 2.3.4: https://bugs.ruby-lang.org/attachments/download/6691/rubygems-2613-ruby23.patch
	NOTE: For Ruby 2.2.7: https://bugs.ruby-lang.org/attachments/download/6690/rubygems-2613-ruby22.patch
	NOTE: Not considered a vulnerability per se, if this affects a terminal emulator it's a bug there
CVE-2017-0898 (Ruby before 2.4.2, 2.3.5, and 2.2.8 is vulnerable to a malicious ...)
	{DSA-4031-1 DLA-1114-1 DLA-1113-1}
	- ruby2.3 2.3.5-1 (bug #875936)
	- ruby2.1 <removed>
	- ruby1.9.1 <removed>
	- ruby1.8 <removed>
	NOTE: https://github.com/mruby/mruby/issues/3722
	NOTE: https://www.ruby-lang.org/en/news/2017/09/14/sprintf-buffer-underrun-cve-2017-0898/
	NOTE: https://bugs.ruby-lang.org/issues/13499
CVE-2017-0897 (ExpressionEngine version 2.x &lt; 2.11.8 and version 3.x &lt; 3.5.5 create ...)
	NOT-FOR-US: ExpressionEngine
CVE-2017-0896 (Zulip Server 1.5.1 and below suffer from an error in the ...)
	- zulip-server <itp> (bug #800052)
CVE-2017-0895 (Nextcloud Server before 10.0.4 and 11.0.2 are vulnerable to disclosure ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0894 (Nextcloud Server before 11.0.3 is vulnerable to disclosure of valid ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0893 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are shipping a ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0892 (Nextcloud Server before 11.0.3 is vulnerable to an improper session ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0891 (Nextcloud Server before 9.0.58 and 10.0.5 and 11.0.3 are vulnerable to ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0890 (Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0889 (Paperclip ruby gem version 3.1.4 and later suffers from a Server-SIde ...)
	NOT-FOR-US: paperclip ruby gem
CVE-2017-0888 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0886 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a Denial of ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0885 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0884 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0883 (Nextcloud Server before 9.0.55 and 10.0.2 suffers from a permission ...)
	- nextcloud <itp> (bug #835086)
CVE-2017-0882 (Multiple versions of GitLab expose sensitive user credentials when ...)
	- gitlab 8.13.11+dfsg-7 (bug #858410)
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/29661
	NOTE: https://about.gitlab.com/2017/03/20/gitlab-8-dot-17-dot-4-security-release/
CVE-2017-0881 (An error in the implementation of an autosubscribe feature in the ...)
	NOT-FOR-US: Zulip
CVE-2016-9754 (The ring_buffer_resize function in kernel/trace/ring_buffer.c in the ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/59643d1535eb220668692a5359de22545af579f6 (v4.7-rc1)
CVE-2016-9753
	RESERVED
CVE-2016-9752 (In Serendipity before 2.0.5, an attacker can bypass SSRF protection by ...)
	- serendipity <removed>
CVE-2016-9751 (Cross-site scripting (XSS) vulnerability in the search results front ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2016-9750 (IBM QRadar 7.2 and 7.3 stores user credentials in plain in clear text ...)
	NOT-FOR-US: IBM
CVE-2016-9749
	RESERVED
CVE-2016-9748 (IBM Rational DOORS Next Generation 5.0 and 6.0 discloses sensitive ...)
	NOT-FOR-US: IBM
CVE-2016-9747 (IBM RELM 4.0, 5.0 and 6.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-9746 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-9745
	RESERVED
CVE-2016-9744
	RESERVED
CVE-2016-9743
	RESERVED
CVE-2016-9742
	RESERVED
CVE-2016-9741
	RESERVED
CVE-2016-9740 (IBM QRadar 7.2 could allow a remote attacker to consume all resources ...)
	NOT-FOR-US: IBM
CVE-2016-9739 (IBM Security Identity Manager Virtual Appliance stores user ...)
	NOT-FOR-US: IBM
CVE-2016-9738 (IBM QRadar 7.2 and 7.3 does not require that users should have strong ...)
	NOT-FOR-US: IBM
CVE-2016-9737 (IBM TRIRIGA 3.3, 3.4, and 3.5 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-9736 (IBM WebSphere Application Server using malformed SOAP requests could ...)
	NOT-FOR-US: IBM
CVE-2016-9735 (IBM Jazz Foundation could allow an authenticated user to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-9734
	RESERVED
CVE-2016-9733 (IBM Team Concert (RTC) 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-9732 (IBM Curam Social Program Management 6.0, 6.1, 6.2 and 7.0 is ...)
	NOT-FOR-US: IBM
CVE-2016-9731 (IBM Business Process Manager is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-9730 (IBM QRadar Incident Forensics 7.2 is vulnerable to cross-site request ...)
	NOT-FOR-US: IBM
CVE-2016-9729 (IBM QRadar 7.2 does not perform an authentication check for a critical ...)
	NOT-FOR-US: IBM
CVE-2016-9728 (IBM Qradar 7.2 is vulnerable to SQL injection. A remote attacker could ...)
	NOT-FOR-US: IBM
CVE-2016-9727 (IBM QRadar 7.2 could allow a remote authenticated attacker to execute ...)
	NOT-FOR-US: IBM
CVE-2016-9726 (IBM QRadar Incident Forensics 7.2 could allow a remote authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-9725 (IBM QRadar Incident Forensics 7.2 allows for Cross-Origin Resource ...)
	NOT-FOR-US: IBM
CVE-2016-9724 (IBM QRadar 7.2 is vulnerable to a denial of service, caused by an XML ...)
	NOT-FOR-US: IBM
CVE-2016-9723 (IBM QRadar 7.2 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-9722 (IBM QRadar 7.2 and 7.3 specifies permissions for a security-critical ...)
	NOT-FOR-US: IBM QRadar
CVE-2016-9721
	RESERVED
CVE-2016-9720 (IBM QRadar 7.2 discloses sensitive information to unauthorized users. ...)
	NOT-FOR-US: IBM
CVE-2016-9719 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, ...)
	NOT-FOR-US: IBM
CVE-2016-9718 (IBM InfoSphere Master Data Management Server 10.1. 11.0. 11.3, 11.4, ...)
	NOT-FOR-US: IBM
CVE-2016-9717 (HTTP Parameter Override is identified in the IBM Infosphere Master ...)
	NOT-FOR-US: IBM
CVE-2016-9716 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, ...)
	NOT-FOR-US: IBM
CVE-2016-9715 (IBM InfoSphere Master Data Management Server 11.0, 11.3, 11.4, 11.5, ...)
	NOT-FOR-US: IBM
CVE-2016-9714 (IBM InfoSphere Master Data Management Server 10.1, 11.0, 11.3, 11.4, ...)
	NOT-FOR-US: IBM
CVE-2016-9713
	RESERVED
CVE-2016-9712
	RESERVED
CVE-2016-9711 (IBM Predictive Solutions Foundation (IBM Cognos Analytics 11.0) ...)
	NOT-FOR-US: IBM
CVE-2016-9710 (IBM Predictive Solutions Foundation (formerly PMQ) could allow a ...)
	NOT-FOR-US: IBM
CVE-2016-9709
	RESERVED
CVE-2016-9708
	RESERVED
CVE-2016-9707 (IBM Jazz Foundation is vulnerable to a denial of service, caused by an ...)
	NOT-FOR-US: IBM
CVE-2016-9706 (IBM Integration Bus 9.0 and 10.0 and WebSphere Message Broker SOAP ...)
	NOT-FOR-US: IBM
CVE-2016-9705
	RESERVED
CVE-2016-9704 (IBM Security Identity Manager Virtual Appliance is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9703 (IBM Security Identity Manager Virtual Appliance does not invalidate ...)
	NOT-FOR-US: IBM
CVE-2016-9702
	RESERVED
CVE-2016-9701 (IBM Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-9700 (IBM Jazz Foundation could allow an authenticated attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-9699
	RESERVED
CVE-2016-9698 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to a denial of ...)
	NOT-FOR-US: IBM
CVE-2016-9697 (An unspecified vulnerability in IBM Rhapsody DM 4.0, 5.0, and 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-9696 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. A ...)
	NOT-FOR-US: IBM
CVE-2016-9695
	RESERVED
CVE-2016-9694 (IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-9693 (IBM Business Process Manager 7.5, 8.0, and 8.5 has a file download ...)
	NOT-FOR-US: IBM
CVE-2016-9692 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-9691 (IBM WebSphere Cast Iron Solution 7.0.0 and 7.5.0.0 is vulnerable to a ...)
	NOT-FOR-US: IBM
CVE-2016-9690
	REJECTED
CVE-2016-9689
	REJECTED
CVE-2016-9688
	REJECTED
CVE-2016-9687
	REJECTED
CVE-2016-9686 (The Puppet Communications Protocol (PCP) Broker incorrectly validates ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2017-0880 (A denial of service vulnerability in the Android media framework ...)
	- skia <itp> (bug #818180)
CVE-2017-0879 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0878 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0877 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0876 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0875
	RESERVED
CVE-2017-0874 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0873 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0872 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0871 (An elevation of privilege vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0870 (An elevation of privilege vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0869 (NVIDIA driver contains an integer overflow vulnerability which could ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-0868
	RESERVED
CVE-2017-0867
	RESERVED
CVE-2017-0866 (An elevation of privilege vulnerability in the Direct rendering ...)
	NOT-FOR-US: NVIDIA components for Android
CVE-2017-0865 (An elevation of privilege vulnerability in the MediaTek soc driver. ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0864 (An elevation of privilege vulnerability in the MediaTek ioctl ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0863 (An elevation of privilege vulnerability in the Upstream kernel video ...)
	NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
CVE-2017-0862 (An elevation of privilege vulnerability in the Upstream kernel kernel. ...)
	NOT-FOR-US: Android driver (proprietary, not part of upstream kernel)
CVE-2017-0861 (Use-after-free vulnerability in the snd_pcm_info function in the ALSA ...)
	{DSA-4187-1 DLA-1369-1}
	- linux 4.13.4-1
	[stretch] - linux 4.9.80-1
	NOTE: https://git.kernel.org/linus/362bca57f5d78220f8b5907b875961af9436e229
	NOTE: UAF actually already removed in https://git.kernel.org/linus/e11f0f90a626f93899687b1cc909ee37dd6c5809
CVE-2017-0860 (An elevation of privilege vulnerability in the Android system ...)
	NOT-FOR-US: Android
CVE-2017-0859 (Another vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android media framework
CVE-2017-0858 (Another vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android media framework
CVE-2017-0857 (Another vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android media framework
CVE-2017-0856
	RESERVED
CVE-2017-0855 (In MPEG4Extractor.cpp, there are several places where functions return ...)
	NOT-FOR-US: Android media framework
CVE-2017-0854 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0853 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0852 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0851 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0850 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0849 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0848 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0847 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0846 (An information disclosure vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0845 (A denial of service vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0844
	RESERVED
CVE-2017-0843 (An elevation of privilege vulnerability in the MediaTek ccci. Product: ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2017-0842 (An elevation of privilege vulnerability in the Android system ...)
	NOT-FOR-US: Fluoride Bluetooth stack in Android
CVE-2017-0841 (A remote code execution vulnerability in the Android system ...)
	- android-platform-system-core <unfixed> (unimportant)
	NOTE: Fixed by https://android.googlesource.com/platform/system/core/+/47efc676c849e3abf32001d66e2d6eb887e83c48%5E!/
CVE-2017-0840 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0839 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0838 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0837 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0836 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0835 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0834 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0833 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0832 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0831 (An elevation of privilege vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0830 (An elevation of privilege vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0829 (An elevation of privilege vulnerability in the Motorola bootloader. ...)
	NOT-FOR-US: Motorola bootloader
CVE-2017-0828 (An elevation of privilege vulnerability in the Huawei bootloader. ...)
	NOT-FOR-US: Huawei bootloader
CVE-2017-0827 (An elevation of privilege vulnerability in the MediaTek soc driver. ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0826 (An elevation of privilege vulnerability in the HTC bootloader. ...)
	NOT-FOR-US: HTC bootloader
CVE-2017-0825 (An information disclosure vulnerability in the Broadcom wifi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0824 (An elevation of privilege vulnerability in the Broadcom wifi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0823 (An information disclosure vulnerability in the Android system (rild). ...)
	NOT-FOR-US: Android (rild)
CVE-2017-0822 (An elevation of privilege vulnerability in the Android system ...)
	- android-framework-23 <unfixed> (unimportant)
	NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a
CVE-2017-0821
	RESERVED
CVE-2017-0820 (A vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android media framework
CVE-2017-0819 (A vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android media framework
CVE-2017-0818 (A vulnerability in the Android media framework (n/a). Product: ...)
	NOT-FOR-US: Android media framework
CVE-2017-0817 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0816 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0815 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0814 (An information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0813 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0812 (An elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0811 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0810 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0809 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0808 (An information disclosure vulnerability in the Android framework (file ...)
	NOT-FOR-US: Android
CVE-2017-0807 (An elevation of privilege vulnerability in the Android framework (ui ...)
	NOT-FOR-US: Android
CVE-2017-0806 (An elevation of privilege vulnerability in the Android framework ...)
	NOT-FOR-US: Android
CVE-2017-0805 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0804 (A elevation of privilege vulnerability in the MediaTek mmc driver. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0803 (A elevation of privilege vulnerability in the MediaTek accessory ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0802 (A elevation of privilege vulnerability in the MediaTek kernel. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0801 (A elevation of privilege vulnerability in the MediaTek libmtkomxvdec. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0800 (A elevation of privilege vulnerability in the MediaTek teei. Product: ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0799 (A elevation of privilege vulnerability in the MediaTek lastbus. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0798 (A elevation of privilege vulnerability in the MediaTek kernel. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0797 (A elevation of privilege vulnerability in the MediaTek accessory ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0796 (A elevation of privilege vulnerability in the MediaTek auxadc driver. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0795 (A elevation of privilege vulnerability in the MediaTek accessory ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0794 (A elevation of privilege vulnerability in the Upstream kernel scsi ...)
	NOT-FOR-US: Android kernel on Nexus (probably)
	NOTE: https://source.android.com/security/bulletin/2017-09-01 doesn't link a public patch, so probably related to some binary-only component on Nexus
CVE-2017-0793 (A information disclosure vulnerability in the N/A memory subsystem. ...)
	NOT-FOR-US: Imagetech driver for Android
CVE-2017-0792 (A information disclosure vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0791 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0790 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0789 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0788 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0787 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0786 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	- linux 4.13.4-2
	[stretch] - linux 4.9.65-1
	[jessie] - linux 3.16.51-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/17df6453d4be17910456e99c5a85025aa1b7a246 (v4.14-rc4)
CVE-2017-0785 (A information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0784 (A elevation of privilege vulnerability in the Android system (nfc). ...)
	NOT-FOR-US: Android
CVE-2017-0783 (A information disclosure vulnerability in the Android system ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0782 (A remote code execution vulnerability in the Android system ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0781 (A remote code execution vulnerability in the Android system ...)
	NOT-FOR-US: Android
	NOTE: https://www.armis.com/blueborne/
CVE-2017-0780 (A denial of service vulnerability in the Android runtime (android ...)
	NOT-FOR-US: Android messaging
CVE-2017-0779 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0778 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0777 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0776 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0775 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0774 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0773 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0772 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0771 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0770 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0769 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0768 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0767 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0766 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0765 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0764 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0763 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0762 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0761 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0760 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0759 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0758 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0757 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0756 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android Media Framework
CVE-2017-0755 (A elevation of privilege vulnerability in the Android libraries ...)
	NOT-FOR-US: Android
CVE-2017-0754
	RESERVED
CVE-2017-0753 (A remote code execution vulnerability in the Android libraries ...)
	NOT-FOR-US: Android (libgdx)
CVE-2017-0752 (A elevation of privilege vulnerability in the Android framework ...)
	- android-framework-23 <unfixed> (unimportant)
	NOTE: Fixed by https://android.googlesource.com/platform/frameworks/base/+/6ca2eccdbbd4f11698bd5312812b4d171ff3c8ce%5E%21/
CVE-2017-0751 (An elevation of privilege vulnerability in the Qualcomm QCE driver. ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-0750 (A elevation of privilege vulnerability in the Upstream Linux file ...)
	- linux <not-affected> (Android-specific change)
	NOTE: https://source.android.com/security/bulletin/2017-08-01
CVE-2017-0749 (A elevation of privilege vulnerability in the Upstream Linux linux ...)
	- linux <not-affected> (Android-specific change)
	NOTE: https://source.android.com/security/bulletin/2017-08-01
CVE-2017-0748 (An information disclosure vulnerability in the Qualcomm audio driver. ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-0747 (A elevation of privilege vulnerability in the Qualcomm proprietary ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0746 (A elevation of privilege vulnerability in the Qualcomm ipa driver. ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0745 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: libstagefright
CVE-2017-0744 (An elevation of privilege vulnerability in the NVIDIA firmware ...)
	NOT-FOR-US: Google drivers for Android
CVE-2017-0743
	RESERVED
CVE-2017-0742 (A elevation of privilege vulnerability in the MediaTek video driver. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0741 (A elevation of privilege vulnerability in the MediaTek gpu driver. ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0740 (A remote code execution vulnerability in the Broadcom networking ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0739 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0738 (A information disclosure vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0737 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: libstagefright
CVE-2017-0736 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0735 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0734 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0733 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0732 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: libstagefright
CVE-2017-0731 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: libstagefright
CVE-2017-0730 (A denial of service vulnerability in the Android media framework (h264 ...)
	NOT-FOR-US: Android media framework
CVE-2017-0729 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0728 (A denial of service vulnerability in the Android media framework (hevc ...)
	NOT-FOR-US: Android media framework
CVE-2017-0727 (A elevation of privilege vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0726 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: libstagefright
CVE-2017-0725 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0724 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0723 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0722 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: libstagefright
CVE-2017-0721 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0720 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0719 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0718 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0717
	RESERVED
CVE-2017-0716 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0715 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0714 (A remote code execution vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0713 (A remote code execution vulnerability in the Android libraries ...)
	NOT-FOR-US: Android
CVE-2017-0712 (A elevation of privilege vulnerability in the Android framework (wi-fi ...)
	NOT-FOR-US: Android
CVE-2017-0711 (A elevation of privilege vulnerability in the MediaTek networking ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0710 (A elevation of privilege vulnerability in the Upstream Linux tcb. ...)
	NOT-FOR-US: Android Trusted Computing Base
CVE-2017-0709 (A information disclosure vulnerability in the HTC sensor hub driver. ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0708 (A information disclosure vulnerability in the HTC sound driver. ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0707 (A elevation of privilege vulnerability in the HTC led driver. Product: ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0706 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0705 (A elevation of privilege vulnerability in the Broadcom wi-fi driver. ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0704 (A elevation of privilege vulnerability in the Android system ui. ...)
	NOT-FOR-US: Android
CVE-2017-0703 (A elevation of privilege vulnerability in the Android system ui. ...)
	NOT-FOR-US: Android
CVE-2017-0702 (A remote code execution vulnerability in the Android system ui. ...)
	NOT-FOR-US: Android
CVE-2017-0701 (A remote code execution vulnerability in the Android system ui. ...)
	NOT-FOR-US: Android
CVE-2017-0700 (A remote code execution vulnerability in the Android system ui. ...)
	NOT-FOR-US: Android
CVE-2017-0699 (A information disclosure vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0698 (A information disclosure vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0697 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0696 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0695 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0694 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0693 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0692 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0691 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0690 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0689 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0688 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0687 (A denial of service vulnerability in the Android media framework ...)
	NOT-FOR-US: Android media framework
CVE-2017-0686 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0685 (A denial of service vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0684 (A elevation of privilege vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0683 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0682 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0681 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0680 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0679 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0678 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0677 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0676 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0675 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0674 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0673 (A remote code execution vulnerability in the Android media framework. ...)
	NOT-FOR-US: Android media framework
CVE-2017-0672 (A denial of service vulnerability in the Android libraries. Product: ...)
	NOT-FOR-US: Android
CVE-2017-0671 (A remote code execution vulnerability in the Android libraries. ...)
	NOT-FOR-US: Android
	NOTE: Not publicly available
CVE-2017-0670 (A denial of service vulnerability in the Android framework. Product: ...)
	NOT-FOR-US: Android
CVE-2017-0669 (A information disclosure vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-0668 (A information disclosure vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-0667 (A elevation of privilege vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-0666 (A elevation of privilege vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-0665 (A elevation of privilege vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-0664 (A elevation of privilege vulnerability in the Android framework. ...)
	NOT-FOR-US: Android
CVE-2017-0663 (A remote code execution vulnerability in libxml2 could enable an ...)
	{DSA-3952-1 DLA-1060-1}
	- libxml2 2.9.4+dfsg1-3.1 (bug #870870)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=780228 (not yet public)
	NOTE: https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=92b9e8c8b3787068565a1820ba575d042f9eec66
CVE-2017-0662
	RESERVED
CVE-2017-0661
	RESERVED
CVE-2017-0660
	RESERVED
CVE-2017-0659
	RESERVED
CVE-2017-0658
	RESERVED
CVE-2017-0657
	RESERVED
CVE-2017-0656
	RESERVED
CVE-2017-0655
	RESERVED
CVE-2017-0654
	RESERVED
CVE-2017-0653
	RESERVED
CVE-2017-0652
	RESERVED
CVE-2017-0651 (An information disclosure vulnerability in the kernel ION subsystem ...)
	NOT-FOR-US: Android
CVE-2017-0650 (An information disclosure vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0649 (An elevation of privilege vulnerability in the MediaTek sound driver ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0648 (An elevation of privilege vulnerability in the kernel FIQ debugger ...)
	NOT-FOR-US: Android
CVE-2017-0647 (An information disclosure vulnerability in libziparchive could enable ...)
	- android-platform-system-core 1:7.0.0+r33-2 (unimportant; bug #867229)
	[jessie] - android-platform-system-core <not-affected> (Vulnerable code not present)
	NOTE: No impact on SDK usage
CVE-2017-0646 (An information disclosure vulnerability in Bluetooth component could ...)
	NOT-FOR-US: Android
CVE-2017-0645 (An elevation of privilege vulnerability in Bluetooth could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0644 (A remote denial of service vulnerability in Mediaserver could enable ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0643 (A remote denial of service vulnerability in Mediaserver could enable ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0642 (A remote denial of service vulnerability in libhevc in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0641 (A remote denial of service vulnerability in libvpx in Mediaserver ...)
	- libvpx <unfixed> (unimportant; bug #871931)
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb
	NOTE: Debian builds configures with --size-limit=16384x16384, Android lowered
	NOTE: the limit to something more aligned for smart phones
CVE-2017-0640 (A remote denial of service vulnerability in Mediaserver could enable ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0639 (An information disclosure vulnerability in Bluetooth component could ...)
	NOT-FOR-US: Android
CVE-2017-0638 (A remote code execution vulnerability in System UI component could ...)
	NOT-FOR-US: Android
CVE-2017-0637 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0636 (An elevation of privilege vulnerability in the MediaTek command queue ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0635 (A remote denial of service vulnerability in HevcUtils.cpp in ...)
	NOT-FOR-US: libstagefright
CVE-2017-0634 (An information disclosure vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0633 (An information disclosure vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0632 (An information disclosure vulnerability in the Qualcomm sound codec ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0631 (An information disclosure vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0630 (An information disclosure vulnerability in the kernel trace subsystem ...)
	NOT-FOR-US: Android kernel
CVE-2017-0629 (An information disclosure vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0628 (An information disclosure vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0627 (An information disclosure vulnerability in the kernel UVC driver could ...)
	NOT-FOR-US: Android kernel
CVE-2017-0626 (An information disclosure vulnerability in the Qualcomm crypto engine ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0625 (An information disclosure vulnerability in the MediaTek command queue ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0624 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0623 (An elevation of privilege vulnerability in the HTC bootloader could ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0622 (An elevation of privilege vulnerability in the Goodix touchscreen ...)
	NOT-FOR-US: Goodix driver for Android
CVE-2017-0621 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0620 (An elevation of privilege vulnerability in the Qualcomm Secure Channel ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0619 (An elevation of privilege vulnerability in the Qualcomm pin controller ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0618 (An elevation of privilege vulnerability in the MediaTek command queue ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0617 (An elevation of privilege vulnerability in the MediaTek video driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0616 (An elevation of privilege vulnerability in the MediaTek system ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0615 (An elevation of privilege vulnerability in the MediaTek power driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0614 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0613 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0612 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0611 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0610 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0609 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0608 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0607 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0606 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0605
	REJECTED
CVE-2017-0604 (An elevation of privilege vulnerability in the kernel Qualcomm power ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0603 (A denial of service vulnerability in libstagefright in Mediaserver ...)
	NOT-FOR-US: libstagefright
CVE-2017-0602 (An information disclosure vulnerability in Bluetooth could allow a ...)
	NOT-FOR-US: Android
CVE-2017-0601 (An Elevation of Privilege vulnerability in Bluetooth could potentially ...)
	NOT-FOR-US: Android
CVE-2017-0600 (A remote denial of service vulnerability in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2017-0599 (A remote denial of service vulnerability in libhevc in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0598 (An information disclosure vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0597 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0596 (An elevation of privilege vulnerability in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2017-0595 (An elevation of privilege vulnerability in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2017-0594 (An elevation of privilege vulnerability in ...)
	NOT-FOR-US: libstagefright
CVE-2017-0593 (An elevation of privilege vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0592 (A remote code execution vulnerability in FLACExtractor.cpp in ...)
	NOT-FOR-US: Android
CVE-2017-0591 (A remote code execution vulnerability in libavc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0590 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0589 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0588 (A remote code execution vulnerability in id3/ID3.cpp in libstagefright ...)
	NOT-FOR-US: libstagefright
CVE-2017-0587 (A remote code execution vulnerability in libmpeg2 in Mediaserver could ...)
	NOT-FOR-US: libstagefright
CVE-2017-0586 (An information disclosure vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0585 (An information disclosure vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0584 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0583 (An elevation of privilege vulnerability in the Qualcomm CP access ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0582 (An elevation of privilege vulnerability in the HTC OEM fastboot ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0581 (An elevation of privilege vulnerability in the Synaptics Touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0580 (An elevation of privilege vulnerability in the Synaptics Touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0579 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0578 (An elevation of privilege vulnerability in the DTS sound driver could ...)
	NOT-FOR-US: DTS driver for Android
CVE-2017-0577 (An elevation of privilege vulnerability in the HTC touchscreen driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0576 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0575 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0574 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0573 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0572 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0571 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0570 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0569 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0568 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0567 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0566 (An elevation of privilege vulnerability in the MediaTek camera driver ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0565 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0564 (An elevation of privilege vulnerability in the kernel ION subsystem ...)
	NOT-FOR-US: Android ION subsystem
	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
	NOTE: patch has been made available it's likely some closed-source addon
CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0561 (A remote code execution vulnerability in the Broadcom Wi-Fi firmware ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0560 (An information disclosure vulnerability in the factory reset process ...)
	NOT-FOR-US: Android
CVE-2017-0559 (An information disclosure vulnerability in libskia could enable a ...)
	- skia <itp> (bug #818180)
CVE-2017-0558 (An information disclosure vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0557 (An information disclosure vulnerability in libmpeg2 in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0556 (An information disclosure vulnerability in libmpeg2 in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0555 (An information disclosure vulnerability in libavc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver/ libavc
CVE-2017-0554 (An elevation of privilege vulnerability in the Telephony component ...)
	NOT-FOR-US: Android
CVE-2017-0553 (An elevation of privilege vulnerability in libnl could enable a local ...)
	{DLA-892-1 DLA-891-1}
	- libnl3 3.2.27-2 (unimportant; bug #859948)
	- libnl <removed> (unimportant)
	NOTE: Fixed by: http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb
	NOTE: Fix via Android: https://android.googlesource.com/platform/external/libnl/+/f83d9c1c67b6be69a96995e384f50b572b667df0
	NOTE: Not a security issue by itself, the upstream patch protects against API misuse,
	NOTE: this still requires missing input validation in the application using libnl
CVE-2017-0552 (A remote denial of service vulnerability in libavc in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0551 (A remote denial of service vulnerability in libavc in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0550 (A remote denial of service vulnerability in libavc in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0549 (A remote denial of service vulnerability in libavc in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0548 (A remote denial of service vulnerability in libskia could enable an ...)
	- skia <itp> (bug #818180)
CVE-2017-0547 (An information disclosure vulnerability in libmedia in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0546 (An elevation of privilege vulnerability in SurfaceFlinger could enable ...)
	NOT-FOR-US: Android
CVE-2017-0545 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0544 (An elevation of privilege vulnerability in CameraBase could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0543 (A remote code execution vulnerability in libavc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver/ libavc
CVE-2017-0542 (A remote code execution vulnerability in libavc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver/ libavc
CVE-2017-0541 (A remote code execution vulnerability in sonivox in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0540 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0539 (A remote code execution vulnerability in libhevc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0538 (A remote code execution vulnerability in libavc in Mediaserver could ...)
	NOT-FOR-US: Android Mediaserver / libavc
CVE-2017-0537 (An information disclosure vulnerability in the kernel USB gadget ...)
	NOT-FOR-US: Nvidia driver for Android
	NOTE: https://source.android.com/security/bulletin/2017-03-01.html
	NOTE: Android bulletin lists as affecting only Pixel C (Tegra X1) and Tegra USB gadget mode is not in mainline Linux
CVE-2017-0536 (An information disclosure vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0535 (An information disclosure vulnerability in the HTC sound codec driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0534 (An information disclosure vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0533 (An information disclosure vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0532 (An information disclosure vulnerability in the MediaTek video codec ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0531 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0530
	RESERVED
CVE-2017-0529 (An information disclosure vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0528 (An elevation of privilege vulnerability in the kernel security ...)
	NOT-FOR-US: Android bulletin lists as affecting only Pixel and Pixel XL (Qualcomm Snapdragon) so probably relates to Qualcomm driver
	NOTE: https://source.android.com/security/bulletin/2017-03-01.html
CVE-2017-0527 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0526 (An elevation of privilege vulnerability in the HTC Sensor Hub Driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0525 (An elevation of privilege vulnerability in the Qualcomm IPA driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0524 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0523 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0522 (An elevation of privilege vulnerability in a MediaTek APK could enable ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0521 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0520 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0519 (An elevation of privilege vulnerability in the Qualcomm fingerprint ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0518 (An elevation of privilege vulnerability in the Qualcomm fingerprint ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0517 (An elevation of privilege vulnerability in the MediaTek hardware ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0516 (An elevation of privilege vulnerability in the Qualcomm input hardware ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0515
	RESERVED
CVE-2017-0514
	RESERVED
CVE-2017-0513
	RESERVED
CVE-2017-0512
	RESERVED
CVE-2017-0511
	RESERVED
CVE-2017-0510 (An elevation of privilege vulnerability in the kernel FIQ debugger ...)
	- linux <not-affected> (Android-specific patch)
CVE-2017-0509 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0508 (An elevation of privilege vulnerability in the kernel ION subsystem ...)
	NOT-FOR-US: Android ION subsystem
	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
	NOTE: patch has been made available it's likely some closed-source addon
CVE-2017-0507 (An elevation of privilege vulnerability in the kernel ION subsystem ...)
	NOT-FOR-US: Android ION subsystem
	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
	NOTE: patch has been made available it's likely some closed-source addon
CVE-2017-0506 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0505 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0504 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0503 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0502 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0501 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0500 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2017-0499 (A denial of service vulnerability in Audioserver could enable a local ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0498 (A denial of service vulnerability in Setup Wizard could allow a local ...)
	NOT-FOR-US: Android
CVE-2017-0497 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0496 (A denial of service vulnerability in Setup Wizard could allow a local ...)
	NOT-FOR-US: Android
CVE-2017-0495 (An information disclosure vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0494 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0493 (An information disclosure vulnerability in File-Based Encryption could ...)
	NOT-FOR-US: Android
CVE-2017-0492 (An elevation of privilege vulnerability in the System UI could enable ...)
	NOT-FOR-US: Android
CVE-2017-0491 (An elevation of privilege vulnerability in Package Manager could ...)
	NOT-FOR-US: Android
CVE-2017-0490 (An elevation of privilege vulnerability in Wi-Fi could enable a local ...)
	NOT-FOR-US: Android
CVE-2017-0489 (An elevation of privilege vulnerability in Location Manager could ...)
	NOT-FOR-US: Android
CVE-2017-0488 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0487 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0486 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0485 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0484 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0483 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0482 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0481 (An elevation of privilege vulnerability in NFC could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0480 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0479 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0478 (A remote code execution vulnerability in the Framesequence library ...)
	NOT-FOR-US: Framesequence library
CVE-2017-0477 (A remote code execution vulnerability in libgdx could enable an ...)
	- libgdx <itp> (bug #686673)
CVE-2017-0476 (A remote code execution vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0475 (An elevation of privilege vulnerability in the recovery verifier could ...)
	NOT-FOR-US: Android
CVE-2017-0474 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0473 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0472 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0471 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0470 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0469 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0468 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0467 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0466 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0465 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0464 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0463 (An elevation of privilege vulnerability in the Qualcomm networking ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0462 (An elevation of privilege vulnerability in the Qualcomm Seemp driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0461 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0460 (An elevation of privilege vulnerability in the Qualcomm networking ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0459 (An information disclosure vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0458 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0457 (An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0456 (An elevation of privilege vulnerability in the Qualcomm IPA driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0455 (An information disclosure vulnerability in the Qualcomm bootloader ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0454 (An elevation of privilege vulnerability in the Qualcomm audio driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0453 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0452 (An information disclosure vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0451 (An information disclosure vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0450 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0449 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0448 (An information disclosure vulnerability in the NVIDIA video driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0447 (An elevation of privilege vulnerability in the HTC touchscreen driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0446 (An elevation of privilege vulnerability in the HTC touchscreen driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0445 (An elevation of privilege vulnerability in the HTC touchscreen driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2017-0444 (An elevation of privilege vulnerability in the Realtek sound driver ...)
	NOT-FOR-US: Realtek driver for Android
CVE-2017-0443 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0442 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0441 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0440 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0439 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0438 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0437 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0436 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0435 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2017-0434 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0433 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2017-0432 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2017-0431 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2017-0430 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2017-0429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file system ...)
	NOT-FOR-US: Unspecified Android filesystem, apparently not in mainline
	NOTE: https://source.android.com/security/bulletin/2017-02-01.html
	NOTE: Android bulletin lists all recent devices as affected.
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2017-0426 (An information disclosure vulnerability in the Filesystem could enable ...)
	NOT-FOR-US: Android filesystem layout
CVE-2017-0425 (An information disclosure vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0424 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0423 (An elevation of privilege vulnerability in Bluetooth could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0422 (A denial of service vulnerability in Bionic DNS could enable a remote ...)
	NOT-FOR-US: Android
CVE-2017-0421 (An information disclosure vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0420 (An information disclosure vulnerability in AOSP Mail could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0419 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0418 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0417 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0416 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0415 (An elevation of privilege vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0414 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0413 (An information disclosure vulnerability in AOSP Messaging could enable ...)
	NOT-FOR-US: Android
CVE-2017-0412 (An elevation of privilege vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0411 (An elevation of privilege vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0410 (An elevation of privilege vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0409 (A remote code execution vulnerability in libstagefright could enable ...)
	NOT-FOR-US: libstagefright
CVE-2017-0408 (A remote code execution vulnerability in libgdx could enable an ...)
	- libgdx <itp> (bug #686673)
CVE-2017-0407 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0406 (A remote code execution vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0405 (A remote code execution vulnerability in Surfaceflinger could enable ...)
	NOT-FOR-US: Android
CVE-2017-0404 (An elevation of privilege vulnerability in the kernel sound subsystem ...)
	- linux <not-affected> (Android-specific sound system)
CVE-2017-0403 (An elevation of privilege vulnerability in the kernel performance ...)
	- linux <not-affected> (Android-specific performance subsystem)
CVE-2017-0402 (An information disclosure vulnerability in ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0401 (An information disclosure vulnerability in ...)
	NOT-FOR-US: Android Qualcomm audio post processor
CVE-2017-0400 (An information disclosure vulnerability in ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0399 (An information disclosure vulnerability in ...)
	NOT-FOR-US: Android Qualcomm audio post processor
CVE-2017-0398 (An information disclosure vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0397 (An information disclosure vulnerability in id3/ID3.cpp in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0396 (An information disclosure vulnerability in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0395 (An elevation of privilege vulnerability in Contacts could enable a ...)
	NOT-FOR-US: Android Contacts
CVE-2017-0394 (A denial of service vulnerability in Telephony could enable a remote ...)
	NOT-FOR-US: Android Telephony
CVE-2017-0393 (A denial of service vulnerability in libvpx in Mediaserver could ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minor issue)
	[wheezy] - libvpx <no-dsa> (Minor issue)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: The wheezy source is confirmed (by code inspection) to be vulnerable.
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc
CVE-2017-0392 (A denial of service vulnerability in VBRISeeker.cpp in libstagefright ...)
	NOT-FOR-US: libstagefright
CVE-2017-0391 (A denial of service vulnerability in decoder/ihevcd_decode.c in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0390 (A denial of service vulnerability in Tremolo/dpen.s in Mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0389 (A denial of service vulnerability in core networking could enable a ...)
	NOT-FOR-US: Android
CVE-2017-0388 (An elevation of privilege vulnerability in the External Storage ...)
	NOT-FOR-US: Android
CVE-2017-0387 (An elevation of privilege vulnerability in Mediaserver could enable a ...)
	NOT-FOR-US: Android Mediaserver
CVE-2017-0386 (An elevation of privilege vulnerability in the libnl library could ...)
	- libnl3 <not-affected> (Specific to Android's use of libnl)
	NOTE: https://github.com/thom311/libnl/issues/124
CVE-2017-0385 (An elevation of privilege vulnerability in Audioserver could enable a ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0384 (An elevation of privilege vulnerability in ...)
	NOT-FOR-US: Android Audioserver
CVE-2017-0383 (An elevation of privilege vulnerability in the Framework APIs could ...)
	NOT-FOR-US: Android
CVE-2017-0382 (A remote code execution vulnerability in the Framesequence library ...)
	NOT-FOR-US: Android
CVE-2017-0381 (An information disclosure vulnerability in silk/NLSF_stabilize.c in ...)
	{DLA-793-1}
	- opus 1.2~alpha2-1 (bug #851612)
	[jessie] - opus <ignored> (Minor issue, https://bugs.debian.org/851612#10)
	NOTE: Fixed by: https://github.com/xiph/opus/commit/79e8f527b0344b0897a65be35e77f7885bd99409 (v1.2-alpha)
	NOTE: https://git.xiph.org/?p=opus.git;a=commitdiff;h=70a3d641b
CVE-2016-9804 (In BlueZ 5.42, a buffer overflow was observed in &quot;commands_dump&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9803 (In BlueZ 5.42, an out-of-bounds read was observed in &quot;le_meta_ev_dump&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9802 (In BlueZ 5.42, a buffer over-read was identified in &quot;l2cap_packet&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
CVE-2016-9801 (In BlueZ 5.42, a buffer overflow was observed in &quot;set_ext_ctrl&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9800 (In BlueZ 5.42, a buffer overflow was observed in &quot;pin_code_reply_dump&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9799 (In BlueZ 5.42, a buffer overflow was observed in &quot;pklg_read_hci&quot; ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68898.html
CVE-2016-9798 (In BlueZ 5.42, a use-after-free was identified in &quot;conf_opt&quot; function ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9797 (In BlueZ 5.42, a buffer over-read was observed in &quot;l2cap_dump&quot; function ...)
	- bluez <unfixed> (bug #847837)
	[stretch] - bluez <no-dsa> (Minor issue)
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: https://www.spinics.net/lists/linux-bluetooth/msg68892.html
CVE-2016-9794 (Race condition in the snd_pcm_period_elapsed function in ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: https://patchwork.kernel.org/patch/8752621/
	NOTE: Fixed by: https://git.kernel.org/linus/3aa02cb664c5fb1042958c8d1aa8c35055a2ebc4 (v4.7-rc1)
	NOTE: http://seclists.org/oss-sec/2016/q4/576
CVE-2016-9793 (The sock_setsockopt function in net/core/sock.c in the Linux kernel ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/b98b0bc8c431e3ceb4b26b0dfc8db509518fb290
CVE-2016-9775 (The postrm script in the tomcat6 package before 6.0.45+dfsg-1~deb7u3 ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.5.8-2 (bug #845385)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9774 (The postinst script in the tomcat6 package before 6.0.45+dfsg-1~deb7u4 ...)
	{DSA-3739-1 DSA-3738-1 DLA-753-1 DLA-746-1}
	- tomcat8 8.5.8-2 (bug #845393)
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/5
CVE-2016-9777 (KVM in the Linux kernel before 4.8.12, when I/O APIC is enabled, does ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400804
	NOTE: Fixed by: https://git.kernel.org/linus/81cdb259fb6d8c1c4ecfeea389ff5a73c07f5755 (v4.9-rc7)
	NOTE: Introduced in: https://git.kernel.org/linus/af1bae5497b98cb99d6b0492e6981f060420a00c (v4.8-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/02/2
CVE-2016-9776 (QEMU (aka Quick Emulator) built with the ColdFire Fast Ethernet ...)
	- qemu 1:2.8+dfsg-1 (bug #846797)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Coldfire is not emulated by kvm)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-11/msg05324.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400829
CVE-2016-9756 (arch/x86/kvm/emulate.c in the Linux kernel before 4.8.12 does not ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1400468
	NOTE: Fixed by: https://git.kernel.org/linus/2117d5398c81554fbf803f5fd1dc55eb78216c0c
CVE-2016-9755 (The netfilter subsystem in the Linux kernel before 4.9 mishandles IPv6 ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b57da0630c9fd36ed7a20fc0f98dc82cc0777fa (v4.9-rc8)
	NOTE: https://groups.google.com/forum/#!topic/syzkaller/GFbGpX7nTEo
CVE-2016-9684 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is ...)
	NOT-FOR-US: SonicWall
CVE-2016-9683 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is ...)
	NOT-FOR-US: SonicWall
CVE-2016-9682 (The SonicWall Secure Remote Access server (version 8.1.0.2-14sv) is ...)
	NOT-FOR-US: SonicWall
CVE-2016-9681 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...)
	- serendipity <removed>
CVE-2016-9680 (Citrix Provisioning Services before 7.12 allows attackers to obtain ...)
	NOT-FOR-US: Citrix
CVE-2016-9679 (Citrix Provisioning Services before 7.12 allows attackers to execute ...)
	NOT-FOR-US: Citrix
CVE-2016-9678 (Use-after-free vulnerability in Citrix Provisioning Services before ...)
	NOT-FOR-US: Citrix
CVE-2016-9677 (Citrix Provisioning Services before 7.12 allows attackers to obtain ...)
	NOT-FOR-US: Citrix
CVE-2016-9676 (Buffer overflow in Citrix Provisioning Services before 7.12 allows ...)
	NOT-FOR-US: Citrix
CVE-2016-9674
	REJECTED
CVE-2016-9673
	REJECTED
CVE-2016-9672
	REJECTED
CVE-2016-9671
	REJECTED
CVE-2016-9670
	REJECTED
CVE-2016-9669
	REJECTED
CVE-2016-9668
	REJECTED
CVE-2016-9667
	REJECTED
CVE-2016-9666
	REJECTED
CVE-2016-9665
	REJECTED
CVE-2016-9664
	REJECTED
CVE-2016-9663
	REJECTED
CVE-2016-9662
	REJECTED
CVE-2016-9661
	REJECTED
CVE-2016-9660
	REJECTED
CVE-2016-9659
	REJECTED
CVE-2016-9658
	REJECTED
CVE-2016-9657
	REJECTED
CVE-2016-9656
	REJECTED
CVE-2016-9655
	REJECTED
CVE-2016-9654
	REJECTED
CVE-2016-9653
	REJECTED
CVE-2016-9652
	RESERVED
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-9651
	RESERVED
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-9650 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2017-0380 (The rend_service_intro_established function in or/rendservice.c in Tor ...)
	{DSA-3993-1}
	- tor 0.3.1.7-1 (bug #876221)
	[jessie] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
	[wheezy] - tor <not-affected> (Issue introduced in 0.2.7.2-alpha)
	NOTE: https://trac.torproject.org/projects/tor/ticket/23490
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=09ea89764a4d3a907808ed7d4fe42abfe64bd486
CVE-2017-0379 (Libgcrypt before 1.8.1 does not properly consider Curve25519 ...)
	{DSA-3959-1}
	- libgcrypt20 1.7.9-1 (bug #873383)
	[jessie] - libgcrypt20 <not-affected> (Vulnerable code not present, no Curve25519 support)
	- libgcrypt11 <not-affected> (Vulnerable code not present, no Curve25519 support)
	NOTE: https://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commitdiff;h=da780c8183cccc8f533c8ace8211ac2cb2bdee7b
	NOTE: https://eprint.iacr.org/2017/806
CVE-2017-0378 (XSS exists in the login_form function in views/helpers.php in Phamm ...)
	- phamm <unfixed> (bug #868988)
	[stretch] - phamm <no-dsa> (Minor issue)
	[jessie] - phamm <no-dsa> (Minor issue)
	[wheezy] - phamm <no-dsa> (Minor issue)
	NOTE: https://github.com/lota/phamm/issues/21
	NOTE: https://github.com/lota/phamm/commit/331bdbf0e79632385495fa62e087a6b4cf78857e
CVE-2017-0377 (Tor 0.3.x before 0.3.0.9 has a guard-selection algorithm that only ...)
	- tor <not-affected> (Affects only 0.3.x series)
	NOTE: https://trac.torproject.org/projects/tor/ticket/22753
	NOTE: https://blog.torproject.org/blog/tor-0309-released-security-update-clients
CVE-2017-0376 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of ...)
	{DSA-3877-1 DLA-982-1}
	- tor 0.2.9.11-1 (bug #864424)
	NOTE: https://trac.torproject.org/22494
	NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=56a7c5bc15e0447203a491c1ee37de9939ad1dcd
	NOTE: Introduced in 0.2.2.1-alpha; fixed in 0.2.4.29, 0.2.5.14, 0.2.6.12, 0.2.7.8, 0.2.8.14, 0.2.9.11 0.3.0.8, 0.3.1.3-alpha
CVE-2017-0375 (The hidden-service feature in Tor before 0.3.0.8 allows a denial of ...)
	- tor <not-affected> (Introduced in 0.3.0.1-alpha)
	NOTE: https://trac.torproject.org/22493
	NOTE: Fixed by: https://gitweb.torproject.org/tor.git/commit/?id=79b59a2dfcb68897ee89d98587d09e55f07e68d7
	NOTE: Introduced in 0.3.0.1-alpha; fixed in 0.3.0.8, 0.3.1.3-alpha
CVE-2017-0374 (lib/Config/Model.pm in Config-Model (aka libconfig-model-perl) before ...)
	- libconfig-model-perl 2.097-2
	[jessie] - libconfig-model-perl <no-dsa> (Minor issue)
	[wheezy] - libconfig-model-perl <no-dsa> (Minor issue. Perl itself has to fix this and this can not be done easily)
	NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=0de8471e5a8958ad37446dfcd0362a269e3ec573
CVE-2017-0373 (The gen_class_pod implementation in ...)
	- libconfig-model-perl 2.097-2
	[jessie] - libconfig-model-perl <no-dsa> (Minor issue)
	[wheezy] - libconfig-model-perl <not-affected> (Vulnerable code do not exist)
	NOTE: https://anonscm.debian.org/cgit/pkg-perl/packages/libconfig-model-perl.git/commit/?h=stretch&id=e7e5dd1a650939a0e021d1d5b311dbb3c4884773
CVE-2017-0372 (Parameters injection in the SyntaxHighlight extension of Mediawiki ...)
	- mediawiki 1:1.27.3-1 (bug #861585)
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T158689
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000209.html
CVE-2017-0371
	RESERVED
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T68404
CVE-2017-0370 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T48143
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0369 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T108138
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0368 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T156184
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0367 (Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://phabricator.wikimedia.org/T161453
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0366 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T151735
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0365 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T144845
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0364 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T122209
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0363 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 has a flaw where ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T109140
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0362 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw where the ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T150044
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0361 (Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains an information ...)
	- mediawiki 1:1.27.2-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://phabricator.wikimedia.org/T125177
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-April/000207.html
CVE-2017-0360 (file_open in Tryton 3.x and 4.x through 4.2.2 allows remote ...)
	{DSA-3826-1 DLA-882-1}
	- tryton-server 4.2.1-2
	NOTE: Fixed by: http://hg.tryton.org/trytond?cmd=changeset;node=472510fdc6f8 (4.2.x)
CVE-2017-0359 (diffoscope before 77 writes to arbitrary locations on disk based on ...)
	- diffoscope 77 (bug #854723)
CVE-2017-0358 (Jann Horn of Google Project Zero discovered that NTFS-3G, a read-write ...)
	{DSA-3780-1 DLA-815-1}
	- ntfs-3g 1:2016.2.22AR.1-4
	NOTE: PoC http://www.openwall.com/lists/oss-security/2017/02/04/1
CVE-2017-0357 (A heap-overflow flaw exists in the -tr loader of iucode-tool starting ...)
	- iucode-tool 2.1.1-1
	[jessie] - iucode-tool <not-affected> (Vulnerable code not present)
	[wheezy] - iucode-tool <not-affected> (Vulnerable code not present)
	NOTE: https://gitlab.com/iucode-tool/iucode-tool/issues/3
CVE-2017-0356 (A flaw, similar to to CVE-2016-9646, exists in ikiwiki before ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20170111
	NOTE: https://ikiwiki.info/security/#cve-2017-0356
CVE-2016-9772 (OpenAFS 1.6.19 and earlier allows remote attackers to obtain sensitive ...)
	{DLA-733-1}
	- openafs 1.6.20-1 (bug #846922)
	[jessie] - openafs 1.6.9-2+deb8u6
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-003.txt
	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003-master.patch (master)
	NOTE: Upstream patch: https://www.openafs.org/pages/security/openafs-sa-2016-003.patch
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/01/12
CVE-2016-9685 (Multiple memory leaks in error paths in fs/xfs/xfs_attr_list.c in the ...)
	- linux 4.5.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/2e83b79b2d6c78bf1b4aa227938a214dcbddc83f (v4.6-rc1)
CVE-2016-9649
	REJECTED
CVE-2016-9648
	REJECTED
CVE-2016-9647
	REJECTED
CVE-2016-9646 (ikiwiki before 3.20161229 incorrectly called the ...)
	{DSA-3760-1 DLA-812-1}
	- ikiwiki 3.20161229
	NOTE: https://ikiwiki.info/security/#cve-2016-9646
CVE-2016-9643 (The regex code in Webkit 2.4.11 allows remote attackers to cause a ...)
	- webkitgtk 2.14.6-1 (unimportant)
	NOTE: Not covered by security support
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/26/2
CVE-2016-9642 (JavaScriptCore in WebKit allows attackers to cause a denial of service ...)
	- webkitgtk <unfixed> (unimportant)
	NOTE: Not covered by security support
CVE-2016-9641
	RESERVED
CVE-2016-9640
	RESERVED
CVE-2017-0355 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0354 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0353 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0352 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...)
	- nvidia-graphics-drivers 375.66-1 (bug #863515)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Only affects later driver series)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Only affects later driver series)
CVE-2017-0351 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...)
	- nvidia-graphics-drivers 375.66-1 (bug #863515)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Only affects later driver series)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Only affects later driver series)
CVE-2017-0350 (All versions of the NVIDIA GPU Display Driver contain a vulnerability ...)
	- nvidia-graphics-drivers 375.66-1 (bug #863515)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <end-of-life> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx <not-affected> (Only affects later driver series)
	- nvidia-graphics-drivers-legacy-304xx <not-affected> (Only affects later driver series)
CVE-2017-0349 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0348 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0347 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0346 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0345 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0344 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0343 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0342 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0341 (All versions of the NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2017-0340 (An elevation of privilege vulnerability in the NVIDIA Libnvparser ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0339 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0338 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0337 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0336 (An information disclosure vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0335 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0334 (An information disclosure vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0333 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0332 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0331 (An elevation of privilege vulnerability in the NVIDIA video driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0330 (An information disclosure vulnerability in the NVIDIA crypto driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0329 (An elevation of privilege vulnerability in the NVIDIA boot and power ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0328 (An information disclosure vulnerability in the NVIDIA crypto driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0327 (An elevation of privilege vulnerability in the NVIDIA crypto driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0326 (An information disclosure vulnerability in the NVIDIA Video Driver due ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0325 (An elevation of privilege vulnerability in the NVIDIA I2C HID driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0324 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0323 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0322 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0321 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0320 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0319 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0318 (All versions of NVIDIA Linux GPU Display Driver contain a ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0317 (All versions of NVIDIA GPU and GeForce Experience installer contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0316 (In GeForce Experience (GFE) 3.x before 3.10.0.55, NVIDIA Installer ...)
	NOT-FOR-US: NVIDIA Installer Framework
CVE-2017-0315 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0314 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0313 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0312 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0311 (NVIDIA GPU Display Driver R378 contains a vulnerability in the kernel ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0310 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0309 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
	- nvidia-graphics-drivers 375.39-1 (bug #855277)
	[jessie] - nvidia-graphics-drivers 340.102-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.102-1 (bug #855278)
	- nvidia-graphics-drivers-legacy-304xx 304.135-2 (bug #855279)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.135-1
CVE-2017-0308 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2017-0307 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2017-0306 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-9638 (In BMC Patrol before 9.13.10.02, the binary &quot;listguests64&quot; is ...)
	NOT-FOR-US: BMC Patrol
CVE-2016-9637 (The (1) ioport_read and (2) ioport_write functions in Xen, when qemu ...)
	{DLA-1270-1}
	- qemu <not-affected> (Vulnerability specific to Xen)
	- qemu-kvm <not-affected> (Vulnerability specific to Xen)
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-199.html
CVE-2016-9620
	REJECTED
CVE-2016-9619
	REJECTED
CVE-2016-9618
	REJECTED
CVE-2016-9617
	REJECTED
CVE-2016-9616
	REJECTED
CVE-2016-9615
	REJECTED
CVE-2016-9614
	REJECTED
CVE-2016-9613
	REJECTED
CVE-2016-9612
	REJECTED
CVE-2016-9611
	REJECTED
CVE-2016-9610
	REJECTED
CVE-2016-9609
	REJECTED
CVE-2016-9608
	REJECTED
CVE-2016-9607
	REJECTED
CVE-2016-9606 (JBoss RESTEasy before version 3.1.2 could be forced into parsing a ...)
	- resteasy 3.1.4-1 (bug #851430)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-9605 [Cross site scripting in profile page]
	RESERVED
	- cobbler <removed> (bug #858844)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1433950
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1399333
CVE-2016-9604
	RESERVED
	{DLA-922-1}
	- linux 4.9.25-1
	[jessie] - linux 3.16.43-1
	NOTE: Fixed by: https://git.kernel.org/linus/ee8f844e3c5a73b999edf733df1c529d6503ec2f
CVE-2016-9603 [cirrus: heap buffer overflow via vnc connection]
	RESERVED
	{DLA-1270-1 DLA-1035-1 DLA-939-1}
	- qemu 1:2.8+dfsg-4 (bug #857744)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-211.html
	NOTE: http://www.openwall.com/lists/oss-security/2017/03/14/2
	NOTE: Upstream patch http://git.qemu-project.org/?p=qemu.git;a=commit;h=50628d3479e4f9aa97e323506856e394fe7ad7a6
CVE-2016-9602 (Qemu before version 2.9 is vulnerable to an improper link following ...)
	{DLA-1035-1 DLA-965-1}
	- qemu 1:2.8+dfsg-3 (bug #853006)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1413929
	NOTE: The original proposed patch does not fix the issue, cf.
	NOTE: http://www.openwall.com/lists/oss-security/2017/01/17/14
	NOTE: Upstream patchset: https://lists.gnu.org/archive/html/qemu-devel/2017-01/msg06225.html
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=1035
	NOTE: If fixing this issue for older suites, then make sure not to open the
	NOTE: CVE-2017-7471 vulnerability and apply as well 9c6b899f7a46893ab3b671e341a2234e9c0c060e
	NOTE: See further details in the CVE-2017-7471 tracker entry.
CVE-2016-9601 (ghostscript before version 9.21 is vulnerable to a heap based buffer ...)
	{DSA-3817-1 DLA-874-1}
	- jbig2dec 0.13-4 (bug #850497)
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=697457
	NOTE: Patch: http://git.ghostscript.com/?p=jbig2dec.git;a=commitdiff;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-9600 (JasPer before version 2.0.10 is vulnerable to a null pointer ...)
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/109
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/a632c6b54bd4ffc3bebab420e00b7e7688aa3846
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-9599 (puppet-tripleo before versions 5.5.0, 6.2.0 is vulnerable to an ...)
	NOT-FOR-US: puppet-tripleo
CVE-2016-9598 [out-of-bounds read]
	RESERVED
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9597 [stack overflow before detecting invalid XML file]
	RESERVED
	- libxml2 <not-affected> (Red Hat specific security regressions)
CVE-2016-9596 [stack exhaustion while parsing xml files in recovery mode]
	RESERVED
	- libxml2 <not-affected> (Red Hat specific security regressions)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769658
CVE-2016-9595
	RESERVED
	NOT-FOR-US: Katello
CVE-2016-9594 (curl before version 7.52.1 is vulnerable to an uninitialized random ...)
	- curl <not-affected> (Only affects 7.52.0)
	NOTE: https://curl.haxx.se/docs/adv_20161223.html
CVE-2016-9593 (foreman-debug before version 1.15.0 is vulnerable to a flaw in ...)
	- foreman <itp> (bug #663101)
CVE-2016-9592 (openshift before versions 3.3.1.11, 3.2.1.23, 3.4 is vulnerable to a ...)
	NOT-FOR-US: OpenShift
CVE-2016-9591 (JasPer before version 2.0.12 is vulnerable to a use-after-free in the ...)
	{DSA-3827-1 DLA-920-1}
	- jasper <removed>
	NOTE: https://github.com/mdadams/jasper/issues/105
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/03fe49ab96bf65fea784cdc256507ea88267fc7c
CVE-2016-9590 (puppet-swift before versions 8.2.1, 9.4.4 is vulnerable to an ...)
	- puppet-module-swift 9.4.4-1 (bug #851293)
CVE-2016-9589 (Undertow in Red Hat wildfly before version 11.0.0.Beta1 is vulnerable ...)
	NOT-FOR-US: Red Hat specific use of undertow in Wildfly
CVE-2016-9588 (arch/x86/kvm/vmx.c in the Linux kernel through 4.9 mismanages the #BP ...)
	{DSA-3804-1 DLA-849-1}
	- linux 4.8.15-2
	NOTE: https://www.spinics.net/lists/kvm/msg142495.html
	NOTE: Fixed by: https://git.kernel.org/linus/ef85b67385436ddc1998f45f1d6a210f935b3388
CVE-2016-9587 (Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper ...)
	- ansible 2.2.0.0-3 (bug #850846)
	[jessie] - ansible <not-affected> (Vulnerable code not present, way ssh commands was reworked in 2.x branch)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/ec84ff6de6eca9224bf3f22b752bb8da806611ed (v2.2.1.0-0.3.rc3)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/eb8c26c105e8457b86324b64a13fac37d8862d47 (v2.2.1.0-0.4.rc4)
	NOTE: Fixed by: https://github.com/ansible/ansible/commit/cc4634a5e73c06c6b4581f11171289ca9228391e (v2.2.1.0-0.4.rc4)
	NOTE: Fix in 2.2.0.0-2 only partially addressed the issues, and needed a follow-up, 2.2.0.0-3
CVE-2016-9586 (curl before version 7.52.0 is vulnerable to a buffer overflow when ...)
	{DLA-767-1}
	- curl 7.52.1-1 (bug #848958)
	[jessie] - curl <no-dsa> (Minor issue)
	NOTE: https://curl.haxx.se/docs/adv_20161221A.html
	NOTE: Fixed by: https://github.com/curl/curl/commit/3ab3c16db6a5674f53cf23d56512a405fde0b2c9
	NOTE: There are no known vulnerable applications but as this is a
	NOTE: library it should be fixed as we do not know the full impact.
CVE-2016-9585 (Red Hat JBoss EAP version 5 is vulnerable to a deserialization of ...)
	NOT-FOR-US: JMX endpoint of Red Hat JBoss EAP 5
CVE-2016-9584 (libical allows remote attackers to cause a denial of service ...)
	{DLA-959-1}
	- libical3 3.0.1-1
	- libical <unfixed> (bug #852034)
	[stretch] - libical <no-dsa> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/15/5
	NOTE: Upstream ticket: https://github.com/libical/libical/issues/253
CVE-2016-9583 [Out of bounds heap read in jpc_pi_nextpcrl()]
	RESERVED
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/103
	NOTE: Fixed by https://github.com/mdadams/jasper/commit/99a50593254d1b53002719bbecfc946c84b23d27
	NOTE: The issue exists due to an overflow check which is not present
	NOTE: in Wheezy and Jessie. However it makes sense to implement this check.
	NOTE: This can be done when more important issues are found [wheezy].
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-9582
	REJECTED
CVE-2016-9581 [infinite loop in tiftoimage resulting into heap buffer overflow in convert_32s_C1P1]
	RESERVED
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/872
	NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
	NOTE: not built into the binary packages
CVE-2016-9580 [integer overflow in tiftoimage resulting into heap buffer overflow]
	RESERVED
	- openjpeg2 <unfixed> (unimportant)
	NOTE: https://github.com/uclouvain/openjpeg/issues/871
	NOTE: Fixed by: https://github.com/szukw000/openjpeg/commit/cadff5fb6e73398de26a92e96d3d7cac893af255
	NOTE: not built into the binary packages
CVE-2016-9579 [RGW server DoS via request with invalid HTTP Origin header]
	RESERVED
	- ceph 10.2.5-2 (bug #849048)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/18187
CVE-2016-9578
	RESERVED
	{DSA-3790-1 DLA-825-1}
	- spice 0.12.8-2.1 (bug #854336)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=1c6517973095a67c8cb57f3550fc1298404ab556 (0.12.x)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=f66dc643635518e53dfbe5262f814a64eec54e4a (0.12.x)
CVE-2016-9577
	RESERVED
	{DSA-3790-1 DLA-825-1}
	- spice 0.12.8-2.1 (bug #854336)
	NOTE: Fixed by: https://cgit.freedesktop.org/spice/spice/commit/?h=0.12&id=5f96b596353d73bdf4bb3cd2de61e48a7fd5b4c3 (0.12.x)
CVE-2016-10088 (The sg implementation in the Linux kernel through 4.9 does not ...)
	{DLA-772-1}
	- linux 4.8.15-2
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/128394eff343fc6d2f32172f03e24829539c5835 (v4.10-rc1)
CVE-2016-9576 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: https://marc.info/?l=linux-scsi&m=148010092224801&w=2
	NOTE: https://gist.githubusercontent.com/dvyukov/80cd94b4e4c288f16ee4c787d404118b/raw/10536069562444da51b758bb39655b514ff93b45/gistfile1.txt
	NOTE: Fixed by: https://git.kernel.org/linus/a0ac402cfcdc904f9772e1762b3fda112dcc56a0 (v4.9)
CVE-2016-9575 (Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not ...)
	- freeipa 4.4.4-1 (bug #849950)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1395311
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=fec4c32ff15
	NOTE: https://fedorahosted.org/freeipa/ticket/6560
CVE-2016-9574 [Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA]
	RESERVED
	- nss 2:3.25-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1320695
	NOTE: The CVE is specific to the segfault resulting from the reproducing steps
	NOTE: as per buzilla entry, and https://bugzilla.redhat.com/show_bug.cgi?id=1397482
	NOTE: https://hg.mozilla.org/projects/nss/rev/7385cd821735
CVE-2016-9573
	RESERVED
	{DSA-3768-1}
	- openjpeg2 2.1.2-1.1 (bug #851422)
	NOTE: https://github.com/uclouvain/openjpeg/issues/863
	NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9572
	RESERVED
	{DSA-3768-1}
	- openjpeg2 2.1.2-1.1 (bug #851422)
	NOTE: https://github.com/uclouvain/openjpeg/issues/863
	NOTE: https://github.com/szukw000/openjpeg/commit/7b28bd2b723df6be09fe7791eba33147c1c47d0d
CVE-2016-9571
	REJECTED
CVE-2016-9570 (cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9569 (The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9568 (A security design issue can allow an unprivileged user to interact ...)
	NOT-FOR-US: Carbon Black
CVE-2016-9567 (The mDNIe system service on Samsung Mobile S7 devices with M(6.0) ...)
	NOT-FOR-US: Samsung
CVE-2016-9566 (base/logging.c in Nagios Core before 4.2.4 allows local users with ...)
	{DLA-751-1}
	- nagios3 <removed>
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://github.com/NagiosEnterprises/nagioscore/commit/c29557dec91eba2306f5fb11b8da4474ba63f8c4
	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Root-PrivEsc-CVE-2016-9566.html
	NOTE: nagios < 3.5 is not vulnerable through the regular logfile, but through the debug logfile
	- icinga 1.13.4-1
	[jessie] - icinga <no-dsa> (Minor issue)
	[wheezy] - icinga <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.com/issues/13709
	NOTE: https://github.com/Icinga/icinga-core/commit/a0eb8471673b6b1e9b37e1b7b91151aa00bedb65
	NOTE: https://github.com/Icinga/icinga-core/commit/e0f55bc9b17ef1db9aed7393fc34576a5b9501f0
CVE-2016-9565 (MagpieRSS, as used in the front-end component in Nagios Core before ...)
	{DLA-751-1}
	- nagios3 3.5.1-1
	NOTE: https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
	NOTE: The RSS feed and call-home was removed in src:nagios3 3.5.1-1 where the affected
	NOTE: function was removed.
	NOTE: The scope of the CVE is specific to Nagios.
	NOTE: impact lessened by the hardened permissions in Debian: files can be extracted, but no backdoor can be installed as the web root is not writable
CVE-2016-9564 (Buffer overflow in send_redirect() in Boa Webserver 0.92r allows ...)
	- boa <not-affected> (the vuln was removed in 0.93.14)
	NOTE: http://www.ljcusack.io/cve-2016-9564-stack-based-buffer-overflow-in-boa-0-dot-92r
CVE-2016-9563 (BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated ...)
	NOT-FOR-US: SAP
CVE-2016-9562 (SAP NetWeaver AS JAVA 7.4 allows remote attackers to cause a Denial of ...)
	NOT-FOR-US: SAP
CVE-2016-9561 (The che_configure function in libavcodec/aacdec_template.c in FFmpeg ...)
	- ffmpeg 7:3.2.4-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/1
	NOTE: non-issue, legitimate media file. If a server application uses libav* on untrusted media
	NOTE: files, it needs to set resource limits
CVE-2016-9554 (The Sophos Web Appliance Remote / Secure Web Gateway server (version ...)
	NOT-FOR-US: Sophos
CVE-2016-9553 (The Sophos Web Appliance (version 4.2.1.3) is vulnerable to two Remote ...)
	NOT-FOR-US: Sophos
CVE-2016-9552
	RESERVED
CVE-2016-9551
	RESERVED
CVE-2016-9550
	RESERVED
CVE-2016-9549
	RESERVED
CVE-2016-9548
	RESERVED
CVE-2016-9547
	RESERVED
CVE-2016-9546
	RESERVED
CVE-2016-9545
	RESERVED
CVE-2016-9544
	RESERVED
CVE-2016-9543
	RESERVED
CVE-2016-9542
	RESERVED
CVE-2016-9541
	RESERVED
CVE-2016-9531
	REJECTED
CVE-2016-9530
	REJECTED
CVE-2016-9529
	REJECTED
CVE-2016-9528
	REJECTED
CVE-2016-9527
	REJECTED
CVE-2016-9526
	REJECTED
CVE-2016-9525
	REJECTED
CVE-2016-9524
	REJECTED
CVE-2016-9523
	REJECTED
CVE-2016-9522
	REJECTED
CVE-2016-9521
	REJECTED
CVE-2016-9520
	REJECTED
CVE-2016-9519
	REJECTED
CVE-2016-9518
	REJECTED
CVE-2016-9517
	REJECTED
CVE-2016-9516
	REJECTED
CVE-2016-9515
	REJECTED
CVE-2016-9514
	REJECTED
CVE-2016-9513
	REJECTED
CVE-2016-9512
	REJECTED
CVE-2016-9511
	REJECTED
CVE-2016-9510
	REJECTED
CVE-2016-9509
	REJECTED
CVE-2016-9508
	REJECTED
CVE-2016-9507
	REJECTED
CVE-2016-9506
	REJECTED
CVE-2016-9505
	REJECTED
CVE-2016-9504
	REJECTED
CVE-2016-9503
	REJECTED
CVE-2016-9502
	REJECTED
CVE-2016-9501
	REJECTED
CVE-2016-9500
	RESERVED
CVE-2016-9499
	RESERVED
CVE-2016-9498
	RESERVED
CVE-2016-9497
	RESERVED
CVE-2016-9496
	RESERVED
CVE-2016-9495
	RESERVED
CVE-2016-9494
	RESERVED
CVE-2016-9493
	RESERVED
CVE-2016-9492
	RESERVED
CVE-2016-9491
	RESERVED
CVE-2016-9490
	RESERVED
CVE-2016-9489
	RESERVED
CVE-2016-9488
	RESERVED
CVE-2016-9487
	RESERVED
CVE-2016-9486
	RESERVED
CVE-2016-9485
	RESERVED
CVE-2016-9484
	RESERVED
CVE-2016-9483
	RESERVED
CVE-2016-9482
	RESERVED
CVE-2014-9912 (The get_icu_disp_value_src_php function in ...)
	- php5 5.6.0+dfsg-1
	[wheezy] - php5 5.4.34-0+deb7u1
	NOTE: Fixed in 5.6.0, 5.5.14, 5.4.30, 5.3.29
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=67397
	NOTE: Upstream patch: https://bugs.php.net/patch-display.php?bug_id=67397&patch=bug67397-patch&revision=latest
	NOTE: PHP workaround for CVE-2014-9911 in icu
CVE-2016-4412 (An issue was discovered in phpMyAdmin. A user can be tricked into ...)
	{DLA-757-1}
	- phpmyadmin 4:4.1.7-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-57/
	NOTE: may affect wheezy only.
CVE-2016-9847 (An issue was discovered in phpMyAdmin. When the user does not specify ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-58/
	NOTE: Debian packaging generates blowfish secret
CVE-2016-9848 (An issue was discovered in phpMyAdmin. phpinfo (phpinfo.php) shows PHP ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-59/
	NOTE: disabled by default, debugging setting required
CVE-2016-9849 (An issue was discovered in phpMyAdmin. It is possible to bypass ...)
	{DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-60/
CVE-2016-9850 (An issue was discovered in phpMyAdmin. Username matching for the ...)
	{DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-61/
CVE-2016-9851 (An issue was discovered in phpMyAdmin. With a crafted request ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-62/
CVE-2016-9852 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9853 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9854 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9855 (An issue was discovered in phpMyAdmin. By calling some scripts that ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-63/
	NOTE: path disclosure not relevant in Debian
CVE-2016-9856 (An XSS issue was discovered in phpMyAdmin because of an improper fix ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
CVE-2016-9857 (An issue was discovered in phpMyAdmin. XSS is possible because of a ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-64/
CVE-2016-9858 (An issue was discovered in phpMyAdmin. With a crafted request ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9859 (An issue was discovered in phpMyAdmin. With a crafted request ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9860 (An issue was discovered in phpMyAdmin. An unauthenticated user can ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-65/
CVE-2016-9861 (An issue was discovered in phpMyAdmin. Due to the limitation in URL ...)
	{DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-66/
CVE-2016-9862 (An issue was discovered in phpMyAdmin. With a crafted login request it ...)
	- phpmyadmin 4:4.6.5.1-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-67/
CVE-2016-9863 (An issue was discovered in phpMyAdmin. With a very large request to ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-68/
CVE-2016-9864 (An issue was discovered in phpMyAdmin. With a crafted username or a ...)
	{DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-69/
CVE-2016-9865 (An issue was discovered in phpMyAdmin. Due to a bug in serialized ...)
	{DLA-757-1}
	- phpmyadmin 4:4.6.5.1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-70/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/17b34be (RELEASE_4_6_5)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1fc004d (MAINT_4_4_15)
CVE-2016-9866 (An issue was discovered in phpMyAdmin. When the arg_separator is ...)
	- phpmyadmin 4:4.6.5.1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-71/
	NOTE: unlikely PHP configuration required, unclear impact
CVE-2014-9911 (Stack-based buffer overflow in the ures_getByKeyWithFallback function ...)
	{DSA-3725-1 DLA-744-1}
	- icu 55.1-3
	NOTE: http://bugs.icu-project.org/trac/ticket/10891
	NOTE: Fixed by: http://bugs.icu-project.org/trac/changeset/35699
	NOTE: The patch addressing CVE-2014-9911 is applied in 54.1 , but the
	NOTE: first fixed package version uploaded to unstable is 55.1-3 .
CVE-2016-9639 (Salt before 2015.8.11 allows deleted minions to read or write to ...)
	- salt 2016.3.0+ds-1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/25/2
CVE-2016-9813 (The _parse_pat function in the mpegts parser in GStreamer before ...)
	{DSA-3818-1}
	- gst-plugins-bad1.0 1.10.2-1 (low)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775120
CVE-2016-9812 (The gst_mpegts_section_new function in the mpegts decoder in GStreamer ...)
	{DSA-3818-1}
	- gst-plugins-bad1.0 1.10.2-1 (low)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code introduced in 1.1.1 of 1.0 series)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=775048
CVE-2016-9811 (The windows_icon_typefind function in gst-plugins-base in GStreamer ...)
	{DSA-3819-1 DLA-735-1}
	- gst-plugins-base1.0 1.10.2-1
	- gst-plugins-base0.10 <removed>
	[jessie] - gst-plugins-base0.10 <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774902
CVE-2016-9810 (The gst_decode_chain_free_internal function in the flxdex decoder in ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774897
CVE-2016-9809 (Off-by-one error in the gst_h264_parse_set_caps function in GStreamer ...)
	{DSA-3818-1 DLA-736-1}
	- gst-plugins-bad1.0 1.10.2-1
	- gst-plugins-bad0.10 <removed>
	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774896
CVE-2016-9808 (The FLIC decoder in GStreamer before 1.10.2 allows remote attackers to ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
	NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
	NOTE: https://scarybeastsecurity.blogspot.dk/2016/11/0day-poc-incorrect-fix-for-gstreamer.html
CVE-2016-9807 (The flx_decode_chunks function in gst/flx/gstflxdec.c in GStreamer ...)
	- gst-plugins-good1.0 1.10.1-2
	[jessie] - gst-plugins-good1.0 1.4.4-2+deb8u2
	- gst-plugins-good0.10 <removed>
	[jessie] - gst-plugins-good0.10 0.10.31-3+nmu4+deb8u2
	[wheezy] - gst-plugins-good0.10 0.10.31-3+nmu1+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774859
	NOTE: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9806 (Race condition in the netlink_dump function in ...)
	- linux 4.6.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	NOTE: Fixed by: https://git.kernel.org/linus/92964c79b357efd980812c4de5c1fd2ec8bb5520 (v4.7-rc1)
CVE-2016-9636 (Heap-based buffer overflow in the flx_decode_delta_fli function in ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9635 (Heap-based buffer overflow in the flx_decode_delta_fli function in ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9634 (Heap-based buffer overflow in the flx_decode_delta_fli function in ...)
	{DSA-3724-1 DSA-3723-1 DLA-727-1}
	- gst-plugins-good1.0 1.10.1-2 (bug #845375)
	- gst-plugins-good0.10 <removed>
	NOTE: https://scarybeastsecurity.blogspot.ch/2016/11/0day-exploit-advancing-exploitation.html
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=774834
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=bf43f44fcfada5ec4a3ce60cb374340486fe9fac
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=fec77de8cbb0c8192b77aff2e563705ba421f2f2
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=45dcd0b9ccf33ed85cdafeb871a3781f5be57fd9
	NOTE: Fixed by (later followed up): https://cgit.freedesktop.org/gstreamer/gst-plugins-good/commit/?id=153a8ae752c90d07190ef45803422a4f71ea8bff
CVE-2016-9633 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/23
CVE-2016-9632 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/43
CVE-2016-9631 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/42
CVE-2016-9630 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/41
CVE-2016-9629 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/40
CVE-2016-9628 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/39
CVE-2016-9627 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/38
	NOTE: https://github.com/tats/w3m/commit/0c3f5d0e0d9269ad47b8f4b061d7818993913189
CVE-2016-9626 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/37
CVE-2016-9625 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/36
CVE-2016-9624 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/35
CVE-2016-9623 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/33
CVE-2016-9622 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/32
CVE-2016-9621
	REJECTED
CVE-2016-9560 (Stack-based buffer overflow in the jpc_tsfb_getbands2 function in ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed>
	NOTE: https://blogs.gentoo.org/ago/2016/11/20/jasper-stack-based-buffer-overflow-in-jpc_tsfb_getbands2-jpc_tsfb-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/1abc2e5a401a4bf1d5ca4df91358ce5df111f495
CVE-2016-9558 ((1) libdwarf/dwarf_leb.c and (2) dwarfdump/print_frames.c in libdwarf ...)
	- dwarfutils 20161124-1 (bug #845408)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/11/19/libdwarf-negation-overflow-in-dwarf_leb-c
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/4f19e1050cd8e9ddf2cb6caa061ff2fec4c9b5f9/#diff-5
CVE-2016-9557 (Integer overflow in jas_image.c in JasPer before 1.900.25 allows ...)
	- jasper <removed>
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (the fix is too invasive)
	NOTE: https://blogs.gentoo.org/ago/2016/11/19/jasper-signed-integer-overflow-in-jas_image-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
CVE-2016-9555 (The sctp_sf_ootb function in net/sctp/sm_statefuns.c in the Linux ...)
	{DLA-772-1}
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/bf911e985d6bbaa328c20c3e05f4eb03de11fdd6 (4.9-rc4)
CVE-2016-9481 (In framework/modules/core/controllers/expCommentController.php of ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9480 (libdwarf 2016-10-21 allows context-dependent attackers to obtain ...)
	- dwarfutils 20161124-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201611-006
	NOTE: https://sourceforge.net/p/libdwarf/bugs/5/
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/5dd64de047cd5ec479fb11fe7ff2692fd819e5e5/
	NOTE: The code has substantially changed in libdwarf/dwarf_util.c from older
	NOTE: versions, but there  seem to be still back then an unchecked dereference
	NOTE: of val_ptr.
CVE-2016-9479 (The &quot;lost password&quot; functionality in b2evolution before 6.7.9 allows ...)
	- b2evolution <removed>
CVE-2016-9478
	REJECTED
CVE-2016-9477
	REJECTED
CVE-2016-9476
	REJECTED
CVE-2016-9475
	REJECTED
CVE-2016-9474
	REJECTED
CVE-2016-9473 (Brave Browser iOS before 1.2.18 and Brave Browser Android 1.9.56 and ...)
	- brave-browser <itp> (bug #864795)
CVE-2016-9472 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected XSS. The ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9471 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Special Element ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9470 (Revive Adserver before 3.2.5 and 4.0.0 suffers from Reflected File ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9469 (Multiple versions of GitLab expose a dangerous method to any ...)
	- gitlab 8.13.6+dfsg2-2 (bug #847157)
	NOTE: https://about.gitlab.com/2016/12/05/cve-2016-9469/
	NOTE: https://gitlab.com/gitlab-org/gitlab-ce/issues/25064
CVE-2016-9468 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9467 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9466 (Nextcloud Server before 10.0.1 &amp; ownCloud Server before 9.0.6 and ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9465 (Nextcloud Server before 10.0.1 &amp; ownCloud Server before 9.0.6 and 9.1.2 ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9464 (Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9463 (Nextcloud Server before 9.0.54 and 10.0.1 &amp; ownCloud Server before ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9462 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are not ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9461 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are not ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9460 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9459 (Nextcloud Server before 9.0.52 &amp; ownCloud Server before 9.0.4 are ...)
	- nextcloud <itp> (bug #835086)
CVE-2016-9458
	REJECTED
CVE-2016-9457 (Revive Adserver before 3.2.3 suffers from Reflected XSS. ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9456 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9455 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9454 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9444 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851062)
	NOTE: https://kb.isc.org/article/AA-01441/0
CVE-2016-9928 [MCabber before 1.0.4 allows remote attackers to modify the roster and intercept messages via a crafted roster-push IQ stanza]
	RESERVED
	{DLA-724-1}
	- mcabber 0.10.2-1.1 (bug #845258)
	[jessie] - mcabber <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/McKael/mcabber-crew/commits/6e1ead98930d7dd0a520ad17c720ae4908429033/raw
	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/09/5
CVE-2016-XXXX [Rorster vulnerability similar to CVE-2015-8688]
	- slixmpp 1.2.2-1
	NOTE: Similar issue for mcabber as for gajim in CVE-2015-8688 (but should get a seprate CVE)
CVE-2016-XXXX [TOCTOU race condition in initscript on chown'ing JVM_TMP temporary directory]
	- tomcat8 8.0.38-1 (bug #840685)
	[jessie] - tomcat8 8.0.14-1+deb8u4
	NOTE: Workaround entry for DSA-3720-1 since no CVE assinged
	- tomcat7 7.0.72-3 (bug #841655)
	[jessie] - tomcat7 7.0.56-3+deb8u5
	[wheezy] - tomcat7 7.0.28-4+deb7u7
	NOTE: Workaround entry for DSA-3721-1 since no CVE assinged
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
CVE-2016-10071 (coders/mat.c in ImageMagick before 6.9.4-0 allows remote attackers to ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f3b483e8b054c50149912523b4773687e18afe25
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10070 (Heap-based buffer overflow in the CalcMinMax function in coders/mat.c ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845246)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/131
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b173a352397877775c51c9a0e9d59eb6ce24c455
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10069 (coders/mat.c in ImageMagick before 6.9.4-5 allows remote attackers to ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845244)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8a370f9ab120faf182aa160900ba692ba8e2bcf0
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9559 (coders/tiff.c in ImageMagick before 7.0.3.7 allows remote attackers to ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845243)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1c795ce9fe1d6feac8bc36c2e6c5ba7110b671b1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b61d35eaccc0a7ddeff8a1c3abfcd0a43ccf210b (master)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/298
CVE-2016-9773 (Heap-based buffer overflow in the IsPixelGray function in ...)
	- imagemagick <not-affected> (Affects only the ImageMagick-7 branch, cf. NOTE)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e8c2ed53fcb54a34b3a6185b2584f26cf6874a3
	NOTE: https://blogs.gentoo.org/ago/2016/12/01/imagemagick-heap-based-buffer-overflow-in-ispixelgray-pixel-accessor-h-incomplete-fix-for-cve-2016-9556/
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/312
	NOTE: Upstream statement: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=31045
CVE-2016-9556 (The IsPixelGray function in MagickCore/pixel-accessor.h in ImageMagick ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845242)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/301
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/174de08d7c81ce147689f3b1c73fadd6bf1c023c
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ce98a7acbcfca7f0a178f4b1e7b957e419e0cc99 (master)
CVE-2016-10068 (The MSL interpreter in ImageMagick before 6.9.6-4 allows remote ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845241)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30797
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/56d6e20de489113617cbbddaf41e92600a34db22
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10058 (Memory leak in the ReadPSDLayers function in coders/psd.c in ...)
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #845239)
	[jessie] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
	[wheezy] - imagemagick <not-affected> (Vulnerable code using layer_info[i].info introduced later)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4ec444f4eab88cf4bec664fafcf9cab50bc5ff6a
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10067 (magick/memory.c in ImageMagick before 6.9.4-5 allows remote attackers ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10066 (Buffer overflow in the ReadVIFFImage function in coders/viff.c in ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845213)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0474237508f39c4f783208123431815f1ededb76
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10065 (The ReadVIFFImage function in coders/viff.c in ImageMagick before ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845212)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/129
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/134463b926fa965571aa4febd61b810be5e7da05
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1545183
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10064 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845202)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f8877abac8e568b2f339cca70c2c3c1b6eaec288
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10063 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.5-1 allows ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845198)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2bb6941a2d557f26a2f2049ade466e118eeaab91
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10062 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick does not ...)
	{DSA-3799-1 DLA-868-1}
	- imagemagick 8:6.9.7.4+dfsg-1 (bug #849439)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/352
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
	NOTE: CVE is for the fwrite issue in ReadGROUP4Image. This was
	NOTE: specifically noted at the beginning of issues/196, but not fixed in
	NOTE: either of these commits 933e96f01a8c889c7bf5ffd30020e86a02a046e7 nor
	NOTE: 4e914bbe371433f0590cefdf3bd5f3a5710069f9 upstream. It is not the same
	NOTE: as the fputc issue in ReadGROUP4Image.
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/41e955984b034777903cfa61e500a0b922eb9cbd
CVE-2016-10061 (The ReadGROUP4Image function in coders/tiff.c in ImageMagick before ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4e914bbe371433f0590cefdf3bd5f3a5710069f9
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10060 (The ConcatenateImages function in MagickWand/magick-cli.c in ...)
	{DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845196)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/933e96f01a8c889c7bf5ffd30020e86a02a046e7
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/196
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10059 (Buffer overflow in coders/tiff.c in ImageMagick before 6.9.4-1 allows ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #845195)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/58cf5bf4fade82e3b510e8f3463a967278a3e410
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-9448 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote ...)
	- tiff <not-affected> (Vulnerable code introduced by fix for CVE-2016-9297)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2593
	NOTE: Regression introduced by previous fix done on 2016-11-11 for CVE-2016-9297
CVE-2016-9421 (Cross-site scripting (XSS) vulnerability in the Users module in the ...)
	NOT-FOR-US: MyBB
CVE-2016-9420 (MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before ...)
	NOT-FOR-US: MyBB
CVE-2016-9419 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9418 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge ...)
	NOT-FOR-US: MyBB
CVE-2016-9417 (The fetch_remote_file function in MyBB (aka MyBulletinBoard) before ...)
	NOT-FOR-US: MyBB
CVE-2016-9416 (SQL injection vulnerability in the users data handler in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2016-9415 (MyBB (aka MyBulletinBoard) before 1.8.8 on Windows and MyBB Merge ...)
	NOT-FOR-US: MyBB
CVE-2016-9414 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...)
	NOT-FOR-US: MyBB
CVE-2016-9413 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
	NOT-FOR-US: MyBB
CVE-2016-9412 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...)
	NOT-FOR-US: MyBB
CVE-2016-9411 (The Admin control panel in MyBB (aka MyBulletinBoard) before 1.8.7 and ...)
	NOT-FOR-US: MyBB
CVE-2016-9410 (MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge System before ...)
	NOT-FOR-US: MyBB
CVE-2016-9409 (Cross-site scripting (XSS) vulnerability in the Admin control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9408 (Cross-site scripting (XSS) vulnerability in the Mod control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9407 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2016-9406 (Cross-site scripting (XSS) vulnerability in the User control panel in ...)
	NOT-FOR-US: MyBB
CVE-2016-9405 (Cross-site scripting (XSS) vulnerability in member validation in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2016-9404 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2016-9403 (newreply.php in MyBB (aka MyBulletinBoard) before 1.8.7 and MyBB Merge ...)
	NOT-FOR-US: MyBB
CVE-2016-9402 (SQL injection vulnerability in the moderation tool in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2016-9386 (The x86 emulator in Xen does not properly treat x86 NULL segments as ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845663)
	NOTE: https://xenbits.xen.org/xsa/advisory-191.html
CVE-2016-9385 (The x86 segment base write emulation functionality in Xen 4.4.x ...)
	{DSA-3729-1}
	- xen 4.8.0-1 (bug #845665)
	[wheezy] - xen <not-affected> (Only affects Xen >= 4.4)
	NOTE: https://xenbits.xen.org/xsa/advisory-193.html
CVE-2016-9384 (Xen 4.7 allows local guest OS users to obtain sensitive host ...)
	- xen 4.8.0-1 (bug #845667)
	[jessie] - xen <not-affected> (Only affects Xen >= 4.7)
	[wheezy] - xen <not-affected> (Only affects Xen >= 4.7)
	NOTE: https://xenbits.xen.org/xsa/advisory-194.html
CVE-2016-9383 (Xen, when running on a 64-bit hypervisor, allows local x86 guest OS ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845668)
	NOTE: https://xenbits.xen.org/xsa/advisory-195.html
CVE-2016-9382 (Xen 4.0.x through 4.7.x mishandle x86 task switches to VM86 mode, ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845664)
	NOTE: https://xenbits.xen.org/xsa/advisory-192.html
CVE-2016-9381 (Race condition in QEMU in Xen allows local x86 HVM guest OS ...)
	{DLA-720-1}
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://xenbits.xen.org/xsa/advisory-197.html
CVE-2016-9380 (The pygrub boot loader emulator in Xen, when nul-delimited output ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845670)
	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
CVE-2016-9379 (The pygrub boot loader emulator in Xen, when S-expression output ...)
	{DSA-3729-1 DLA-720-1}
	- xen 4.8.0-1 (bug #845670)
	NOTE: https://xenbits.xen.org/xsa/advisory-198.html
CVE-2016-9378 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...)
	- xen 4.8.0-1 (bug #845669)
	[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
	[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
	NOTE: https://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9377 (Xen 4.5.x through 4.7.x on AMD systems without the NRip feature, when ...)
	- xen 4.8.0-1 (bug #845669)
	[jessie] - xen <not-affected> (Only 4.5 onwards vulnerable)
	[wheezy] - xen <not-affected> (Only 4.5 onwards vulnerable)
	NOTE: https://xenbits.xen.org/xsa/advisory-196.html
CVE-2016-9371 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9370
	REJECTED
CVE-2016-9369 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9368 (An issue was discovered in Eaton xComfort Ethernet Communication ...)
	NOT-FOR-US: Eaton xComfort Ethernet Communication Interface
CVE-2016-9367 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9366 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9365 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9364 (An issue was discovered in Fidelix FX-20 series controllers, versions ...)
	NOT-FOR-US: Moxa
CVE-2016-9363 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9362 (An issue was discovered in WAGO 750-8202/PFC200 prior to FW04 (released ...)
	NOT-FOR-US: WAGO
CVE-2016-9361 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9360 (An issue was discovered in General Electric (GE) Proficy HMI/SCADA iFIX ...)
	NOT-FOR-US: General Electric
CVE-2016-9359
	REJECTED
CVE-2016-9358 (A Hard-Coded Passwords issue was discovered in Marel Food Processing ...)
	NOT-FOR-US: Marel
CVE-2016-9357 (An issue was discovered in certain legacy Eaton ePDUs -- the affected ...)
	NOT-FOR-US: legacy Eaton ePDUs
CVE-2016-9356 (An issue was discovered in Moxa DACenter Versions 1.4 and older. The ...)
	NOT-FOR-US: Moxa
CVE-2016-9355 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris ...)
	NOT-FOR-US: Alaris 8015 Point of Care
CVE-2016-9354 (An issue was discovered in Moxa DACenter Versions 1.4 and older. A ...)
	NOT-FOR-US: Moxa
CVE-2016-9353 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9352
	REJECTED
CVE-2016-9351 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9350
	REJECTED
CVE-2016-9349 (An issue was discovered in Advantech SUISAccess Server Version 3.0 and ...)
	NOT-FOR-US: Advantech SUISAccess Server
CVE-2016-9348 (An issue was discovered in Moxa NPort 5110 versions prior to 2.6, ...)
	NOT-FOR-US: Moxa
CVE-2016-9347 (An issue was discovered in Emerson SE4801T0X Redundant Wireless I/O ...)
	NOT-FOR-US: Emerson
CVE-2016-9346 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...)
	NOT-FOR-US: Moxa
CVE-2016-9345 (An issue was discovered in Emerson DeltaV Easy Security Management ...)
	NOT-FOR-US: Emerson
CVE-2016-9344 (An issue was discovered in Moxa MiiNePort E1 versions prior to 1.8, E2 ...)
	NOT-FOR-US: Moxa
CVE-2016-9343 (An issue was discovered in Rockwell Automation Logix5000 Programmable ...)
	NOT-FOR-US: Rockwell
CVE-2016-9342
	REJECTED
CVE-2016-9341
	REJECTED
CVE-2016-9340
	REJECTED
CVE-2016-9339 (An issue was discovered in INTERSCHALT Maritime Systems VDR G4e ...)
	NOT-FOR-US: INTERSCHALT Maritime Systems
CVE-2016-9338 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix ...)
	NOT-FOR-US: Rockwell
CVE-2016-9337 (An issue was discovered in Tesla Motors Model S automobile, all ...)
	NOT-FOR-US: Tesla car
CVE-2016-9336
	REJECTED
CVE-2016-9335 (A hard-coded cryptographic key vulnerability was identified in Red ...)
	NOT-FOR-US: Red Lion Controls Sixnet-Managed Industrial Switches
CVE-2016-9334 (An issue was discovered in Rockwell Automation Allen-Bradley MicroLogix ...)
	NOT-FOR-US: Rockwell
CVE-2016-9333 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-9332 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2015-8978 (In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, ...)
	{DLA-723-1}
	- libsoap-lite-perl 1.19-1
	[jessie] - libsoap-lite-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/redhotpenguin/soaplite/pull/21
	NOTE: https://github.com/redhotpenguin/soaplite/commit/6942fe0d281be1c32c5117605f9c4e8d44f51124
CVE-2015-8977 (MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x before 1.8.6 and ...)
	NOT-FOR-US: MyBB
CVE-2015-8976 (Cross-site scripting (XSS) vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2015-8975 (Cross-site scripting (XSS) vulnerability in the error handler in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2015-8974 (SQL injection vulnerability in the Group Promotions module in the ...)
	NOT-FOR-US: MyBB
CVE-2015-8973 (xmlhttp.php in MyBB (aka MyBulletinBoard) before 1.6.18 and 1.8.x ...)
	NOT-FOR-US: MyBB
CVE-2016-9453 (The t2p_readwrite_pdf_image_tile function in LibTIFF allows remote ...)
	{DSA-3762-1}
	- tiff 4.0.6-3
	[wheezy] - tiff 4.0.2-6+deb7u7
	NOTE: CVE-2016-9453 for wheezy fixed via CVE-2016-5652
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2579
	NOTE: https://github.com/vadz/libtiff/commit/d2955714a4a0b8ca10941550cfbf64c7e111fbf1
	NOTE: For unstable this fix was included in the fix for TALOS-CAN-0187 / CVE-2016-5652
	NOTE: and included in patches/09-CVE-2016-5652.patch
	NOTE: Problem not reproducible in wheezy with 4.0.2-6+deb7u7, in jessie with 4.0.3-12.3+deb8u1, in both cases I get this output (but no segfault or error with valgrind):
	NOTE: TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in ascending order.
	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 1 (0x1) encountered.
	NOTE: TIFFReadDirectory: Warning, Unknown field with tag 3 (0x3) encountered.
	NOTE: TIFFReadDirectory: IO error during reading of "BitsPerSample".
	NOTE: tiff2pdf: Can't open input file ./CVE-2016-9453.tiff for reading.
CVE-2016-9446 (The vmnc decoder in the gstreamer does not initialize the render ...)
	{DSA-3717-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	- gst-plugins-bad1.0 1.10.1-1
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9445 (Integer overflow in the vmnc decoder in the gstreamer allows remote ...)
	{DSA-3717-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	- gst-plugins-bad1.0 1.10.1-1
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=774533
	NOTE: Fixed by: https://cgit.freedesktop.org/gstreamer/gst-plugins-bad/commit/?id=4cb1bcf1422bbcd79c0f683edb7ee85e3f7a31fe
CVE-2016-9452 (The transliterate mechanism in Drupal 8.x before 8.2.3 allows remote ...)
	- drupal8 <itp> (bug #756305)
	- drupal7 <not-affected> (Only affects Drupal 8)
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9451 (Confirmation forms in Drupal 7.x before 7.52 make it easier for remote ...)
	{DSA-3718-1 DLA-715-1}
	- drupal7 7.52-1
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9450 (The user password reset form in Drupal 8.x before 8.2.3 allows remote ...)
	- drupal8 <itp> (bug #756305)
	- drupal7 <not-affected> (Only affects Drupal 8)
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9449 (The taxonomy module in Drupal 7.x before 7.52 and 8.x before 8.2.3 ...)
	{DSA-3718-1 DLA-715-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.52-1
	NOTE: https://www.drupal.org/SA-CORE-2016-005
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/18/8
CVE-2016-9443 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/28
CVE-2016-9442 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/commit/d43527cfa0dbb3ccefec4a6f7b32c1434739aa29
CVE-2016-9441 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/24
CVE-2016-9440 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/22
CVE-2016-9439 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-33 (bug #844726)
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/20
CVE-2016-9438 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/18
CVE-2016-9437 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/17
CVE-2016-9436 (parsetagx.c in w3m before 0.5.3+git20161009 does not properly ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/16
	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9435 (The HTMLtagproc1 function in file.c in w3m before 0.5.3+git20161009 ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/16
	NOTE: Fixed by: https://github.com/tats/w3m/commit/33509cc81ec5f2ba44eb6fd98bd5c1b5873e46bd
CVE-2016-9434 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/15
CVE-2016-9433 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/14
CVE-2016-9432 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/13
CVE-2016-9431 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/10
CVE-2016-9430 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/7
CVE-2016-9429 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/29
CVE-2016-9428 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/26
CVE-2016-9427 (Integer overflow vulnerability in bdwgc before 2016-09-27 allows ...)
	{DLA-721-1}
	[experimental] - libgc 1:7.4.4-1
	- libgc <unfixed> (bug #844771)
	[stretch] - libgc <no-dsa> (Minor issue)
	[jessie] - libgc <no-dsa> (Minor issue)
	NOTE: https://github.com/ivmai/bdwgc/issues/135
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/4e1a6f9d8f2a49403bbd00b8c8e5324048fb84d4
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/7292c02fac2066d39dd1bcc37d1a7054fd1e32ee
	NOTE: Fixed by https://github.com/ivmai/bdwgc/commit/552ad0834672fed86ada6430150ef9ebdd3f54d7
CVE-2016-9426 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/25
CVE-2016-9425 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/21
CVE-2016-9424 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/12
CVE-2016-9423 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/9
CVE-2016-9422 (An issue was discovered in the Tatsuya Kinoshita w3m fork before ...)
	- w3m 0.5.3-30
	[jessie] - w3m 0.5.3-19+deb8u1
	[wheezy] - w3m <no-dsa> (Minor issue)
	NOTE: https://github.com/tats/w3m/issues/8
CVE-2016-9401 (popd in bash might allow local users to bypass the restricted shell ...)
	- bash 4.4-3 (bug #844727)
	[jessie] - bash <no-dsa> (Minor issue)
	[wheezy] - bash <no-dsa> (Minor issue)
	NOTE: Upstream bash considers this issue only to be a bug.
	NOTE: Proposed patch: https://lists.gnu.org/archive/html/bug-bash/2016-11/msg00116.html
	NOTE: Fixed by (4.4): https://ftp.gnu.org/pub/gnu/bash/bash-4.4-patches/bash44-006
CVE-2016-9399 (The calcstepsizes function in jpc_dec.c in JasPer 1.900.22 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00044-jasper-assert-calcstepsizes
	NOTE: Negligable security impact
CVE-2016-9398 (The jpc_floorlog2 function in jpc_math.c in JasPer before 1.900.17 ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00023-jasper-assert-jpc_floorlog2
	NOTE: Negligable security impact
CVE-2016-9397 (The jpc_dequantize function in jpc_dec.c in JasPer 1.900.13 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00010-jasper-assert-jpc_dequantize
	NOTE: Negligable security impact
CVE-2016-9396 (The JPC_NOMINALGAIN function in jpc/jpc_t1cod.c in JasPer through ...)
	- jasper <removed> (unimportant)
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00004-jasper-assert-JPC_NOMINALGAIN
	NOTE: Negligable security impact
CVE-2016-9395 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.25 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/d42b2388f7f8e0332c846675133acea151fc557a
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00043-jasper-assert-jas_matrix_t
	NOTE: Negligable security impact
CVE-2016-9394 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.17 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00016-jasper-assert-jas_matrix_t
	NOTE: Negligable security impact
CVE-2016-9393 (The jpc_pi_nextrpcl function in jpc_t2cod.c in JasPer before 1.900.17 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00013-jasper-assert-jpc_pi_nextrpcl
	NOTE: Negligable security impact
CVE-2016-9392 (The calcstepsizes function in jpc_dec.c in JasPer before 1.900.17 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/f7038068550fba0e41e1d0c355787f1dcd5bf330
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00012-jasper-assert-calcstepsizes
	NOTE: Negligable security impact
CVE-2016-9391 (The jpc_bitstream_getbits function in jpc_bs.c in JasPer before 2.0.10 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/1e84674d95353c64e5c4c0e7232ae86fd6ea813b
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00014-jasper-assert-jpc_bitstream_getbits
	NOTE: Negligable security impact
CVE-2016-9390 (The jas_seq2d_create function in jas_seq.c in JasPer before 1.900.14 ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/ba2b9d000660313af7b692542afbd374c5685865
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00007-jasper-assert-jas_matrix_t
	NOTE: Negligable security impact
CVE-2016-9389 (The jpc_irct and jpc_iict functions in jpc_mct.c in JasPer before ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/dee11ec440d7908d1daf69f40a3324b27cf213ba
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00006-jasper-assert-jpc_irct
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00008-jasper-assert-jpc_iict
	NOTE: Negligable security impact
CVE-2016-9388 (The ras_getcmap function in ras_dec.c in JasPer before 1.900.14 allows ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/411a4068f8c464e883358bf403a3e25158863823
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00005-jasper-assert-ras_getcmap
	NOTE: Negligable security impact
CVE-2016-9387 (Integer overflow in the jpc_dec_process_siz function in ...)
	- jasper <removed> (unimportant)
	NOTE: Fix: https://github.com/mdadams/jasper/commit/d91198abd00fc435a397fe6bad906a4c1748e9cf
	NOTE: Testcase: https://github.com/asarubbo/poc/blob/master/00003-jasper-assert-jas_matrix_t
	NOTE: Negligable security impact
CVE-2016-9372 (In Wireshark 2.2.0 to 2.2.1, the Profinet I/O dissector could loop ...)
	- wireshark 2.2.2+g9c5aae3-1
	[jessie] - wireshark <not-affected> (Only affects 2.2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.2.x)
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-58.html
CVE-2016-9373 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DCERPC dissector ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-61.html
CVE-2016-9374 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the AllJoyn dissector ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-59.html
CVE-2016-9375 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the DTN dissector could ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-62.html
CVE-2016-9376 (In Wireshark 2.2.0 to 2.2.1 and 2.0.0 to 2.0.7, the OpenFlow dissector ...)
	{DSA-3719-1 DLA-714-1}
	- wireshark 2.2.2+g9c5aae3-1
	NOTE: https://www.wireshark.org/docs/relnotes/wireshark-2.2.2.html
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-60.html
CVE-2016-9331
	REJECTED
CVE-2016-9330
	REJECTED
CVE-2016-9329
	REJECTED
CVE-2016-9328
	REJECTED
CVE-2016-9327
	REJECTED
CVE-2016-9326
	REJECTED
CVE-2016-9325
	REJECTED
CVE-2016-9324
	REJECTED
CVE-2016-9323
	REJECTED
CVE-2016-9322
	REJECTED
CVE-2016-9400 (The CClient::ProcessServerPacket method in engine/client/client.cpp in ...)
	- teeworlds 0.6.4+dfsg-1 (bug #844546)
	[jessie] - teeworlds <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - teeworlds <end-of-life> (Games are not supported in Wheezy)
	NOTE: https://www.teeworlds.com/?page=news&id=12086
	NOTE: https://github.com/teeworlds/teeworlds/commit/ff254722a2683867fcb3e67569ffd36226c4bc62 (0.6.4-release)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/8
CVE-2016-9321
	RESERVED
CVE-2016-9320
	RESERVED
CVE-2016-9319 (There is Missing SSL Certificate Validation in the Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9318 (libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and ...)
	- libxml2 <unfixed> (bug #844581)
	[stretch] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[jessie] - libxml2 <ignored> (Minor issue; intrusive to backport)
	[wheezy] - libxml2 <no-dsa> (Minor issue)
	NOTE: Upstream Bug: https://bugzilla.gnome.org/show_bug.cgi?id=772726
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=2304078555896cf1638c628f50326aeef6f0e0d0
	NOTE: The patch introduces a new option that can be specified if this
	NOTE: behaviour is wanted. Not enforced by default.
	NOTE: The option though was reverted in https://git.gnome.org/browse/libxml2/commit/?id=030b1f7a27c22f9237eddca49ec5e620b6258d7d
	NOTE: New proposed/commited fix: https://git.gnome.org/browse/libxml2/commit/?id=ad88b54f1a28a8565964a370b5d387927b633c0d
CVE-2016-9317 (The gdImageCreate function in the GD Graphics Library (aka libgd) ...)
	{DSA-3777-1 DLA-804-1}
	- libgd2 2.2.4-1
	NOTE: https://github.com/libgd/libgd/commit/6944ea10cb730d5071620439c6c2e823e6caeff1
	NOTE: https://github.com/libgd/libgd/issues/340
CVE-2016-9316 (Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9315 (Privilege Escalation Vulnerability in ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9314 (Sensitive Information Disclosure in ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9313 (security/keys/big_key.c in the Linux kernel before 4.8.7 mishandles ...)
	- linux 4.8.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/7df3e59c3d1df4f87fe874c7956ef7a3d2f4d5fb (v4.9-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/13100a72f40f5748a04017e0ab3df4cf27c809ef (v4.7-rc1)
CVE-2016-9312 (ntpd in NTP before 4.2.8p9, when running on Windows, allows remote ...)
	- ntp <not-affected> (Only ntpd on Windows)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3110
	NOTE: Only relevant for ntpd on Windows, but fixed source-wise in 1:4.2.8p9+dfsg-1
CVE-2016-9311 (ntpd in NTP before 4.2.8p9, when the trap service is enabled, allows ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, not vulnerable by default)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3119
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0204/
	NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction.
CVE-2016-9310 (The control mode (mode 6) functionality in ntpd in NTP before 4.2.8p9 ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, not vulnerable by default)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3118
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0203/
	NOTE: Only affects configurations that do not have "restrict noquery", Debian's default config does have that restriction.
CVE-2016-9309
	RESERVED
CVE-2016-9308
	RESERVED
CVE-2016-9307 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
	NOT-FOR-US: Autodesk
CVE-2016-9306 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
	NOT-FOR-US: Autodesk
CVE-2016-9305 (Improper handling in the Autodesk FBX-SDK before 2017.1 of type ...)
	NOT-FOR-US: Autodesk
CVE-2016-9304 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
	NOT-FOR-US: Autodesk
CVE-2016-9303 (Multiple buffer overflows in the Autodesk FBX-SDK before 2017.1 can ...)
	NOT-FOR-US: Autodesk
CVE-2016-9295
	RESERVED
CVE-2016-9293
	RESERVED
CVE-2016-9292
	RESERVED
CVE-2016-9291
	RESERVED
CVE-2016-9290
	RESERVED
CVE-2016-9289
	RESERVED
CVE-2016-9288 (In framework/modules/navigation/controllers/navigationController.php in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9287 (In /framework/modules/notfound/controllers/notfoundController.php of ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9286 (framework/modules/users/controllers/usersController.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9285 (framework/modules/addressbook/controllers/addressController.php in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9284 (getUsersByJSON in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9283 (SQL Injection in framework/core/subsystems/expRouter.php in Exponent ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9282 (SQL Injection in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9281
	RESERVED
CVE-2016-9280
	RESERVED
CVE-2016-9277 (Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note ...)
	NOT-FOR-US: Samsung
CVE-2016-9274 (Untrusted search path vulnerability in Git 1.x for Windows allows local ...)
	NOT-FOR-US: Git-for-Windows (Git fork containing Windows-specific patches)
CVE-2016-9272 (A Blind SQL Injection Vulnerability in Exponent CMS through 2.4.0, with ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9271
	RESERVED
CVE-2016-9270
	RESERVED
CVE-2016-9269 (Remote Command Execution in com.trend.iwss.gui.servlet.ManagePatches in ...)
	NOT-FOR-US: Trend Micro
CVE-2016-9268 (Unrestricted file upload vulnerability in the Blog appearance in the ...)
	- dotclear <removed>
	NOTE: http://dev.dotclear.org/2.0/changeset/445e9ff79a1fa81033591761d6a340e219d159b2
	NOTE: http://dev.dotclear.org/2.0/ticket/2214
CVE-2016-9267
	RESERVED
CVE-2016-9263 (WordPress through 4.8.2, when domain-based flashmediaelement.swf ...)
	{DLA-1151-1}
	- wordpress 4.1+dfsg-1
	NOTE: https://opnsec.com/2017/10/cve-2016-9263-unpatched-xsf-vulnerability-in-wordpress/
	NOTE: flashmediaelement.swf removed from source tree starting in 4.1+dfsg-1
CVE-2016-9447 (The ROM mappings in the NSF decoder in gstreamer 0.10.x allow remote ...)
	{DSA-3713-1 DLA-712-1}
	- gst-plugins-bad0.10 <removed>
	NOTE: http://scarybeastsecurity.blogspot.de/2016/11/0day-exploit-compromising-linux-desktop.html
CVE-2016-9299 (The remoting module in Jenkins before 2.32 and LTS before 2.19.3 ...)
	- jenkins <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/4
CVE-2016-9298 (Heap overflow in the WaveletDenoiseImage function in MagickCore/fx.c ...)
	- imagemagick 8:6.9.6.5+dfsg-1 (bug #844211)
	[jessie] - imagemagick <not-affected> (Vulnerable code not present)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/296
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/13/1
CVE-2016-9300
	REJECTED
CVE-2016-9301
	REJECTED
CVE-2016-9302
	REJECTED
CVE-2016-9297 (The TIFFFetchNormalTag function in LibTiff 4.0.6 allows remote ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844226)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2590
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/12/2
	NOTE: Patch https://github.com/vadz/libtiff/commit/30c9234c7fd0dd5e8b1e83ad44370c875a0270ed
	NOTE: Reproducible with valgrind in wheezy with 4.0.2-6+deb7u7
	NOTE: Reproducible with valgrind in jessie with 4.0.3-12.3+deb8u1
	NOTE: When fixing this CVE make sure to make the fix complete and not
	NOTE: introduce CVE-2016-9448 / http://bugzilla.maptools.org/show_bug.cgi?id=2593
	NOTE: Fix in 4.0.7 is complete.
	NOTE: Patch CVE-2016-9448: https://github.com/vadz/libtiff/commit/89406285f318ffad27af4b200204394b2ee6ba5e
CVE-2016-9540 (tools/tiffcp.c in libtiff 4.0.6 has an out-of-bounds write on tiled ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/5ad9d8016fbb60109302d558f7edb2cb2a3bb8e3
CVE-2016-9539 (tools/tiffcrop.c in libtiff 4.0.6 has an out-of-bounds read in ...)
	- tiff 4.0.7-1 (unimportant)
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/ae9365db1b271b62b35ce018eac8799b1d5e8a53
	NOTE: Crash in CLI tool, no security impact
CVE-2016-9538 (tools/tiffcrop.c in libtiff 4.0.6 reads an undefined buffer in ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/43c0b81a818640429317c80fea1e66771e85024b#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9537 (tools/tiffcrop.c in libtiff 4.0.6 has out-of-bounds write ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-c8b4b355f9b5c06d585b23138e1c185f
CVE-2016-9536 (tools/tiff2pdf.c in libtiff 4.0.6 has out-of-bounds write ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <not-affected> (tiff3 not shipping tools)
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5173a9b3b48146e4fd86d7b9b346115e
CVE-2016-9535 (tif_predict.h and tif_predict.c in libtiff 4.0.6 have assertions that ...)
	{DSA-3844-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1
	NOTE: https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33
CVE-2016-9534 (tif_write.c in libtiff 4.0.6 has an issue in the error code path of ...)
	{DSA-3762-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-5be5ce02d0dea67050d5b2a10102d1ba
CVE-2016-9533 (tif_pixarlog.c in libtiff 4.0.6 has out-of-bounds write vulnerabilities ...)
	{DSA-3762-1 DLA-880-1 DLA-795-1}
	- tiff 4.0.7-1
	- tiff3 <removed>
	NOTE: https://github.com/vadz/libtiff/commit/83a4b92815ea04969d494416eaae3d4c6b338e4a#diff-bdc795f6afeb9558c1012b3cfae729ef
CVE-2016-9532 (Integer overflow in the writeBufferToSeparateStrips function in ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844057)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Tools not shipped by tiff3)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2592
	NOTE: Patch: https://github.com/vadz/libtiff/commit/21d39de1002a5e69caa0574b2cc05d795d6fbfad
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/11/14
CVE-2016-9296 (A null pointer dereference bug affects the 16.02 and many old versions ...)
	- p7zip 16.02+dfsg-2 (unimportant; bug #844344)
	[jessie] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
	[wheezy] - p7zip <not-affected> (Vulnerable code with potential NULL pointer dereference introduced later)
	NOTE: https://sourceforge.net/p/p7zip/bugs/185/
	NOTE: no security impact
CVE-2016-9294 (Artifex Software, Inc. MuJS before ...)
	NOT-FOR-US: MuJS
CVE-2016-9279 (Use-after-free vulnerability in the Samsung Exynos fimg2d driver for ...)
	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9278 (The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, ...)
	NOT-FOR-US: Samsung Exynos fimg2d driver for Android
CVE-2016-9276 (The dwarf_get_aranges_list function in dwarf_arrange.c in Libdwarf ...)
	- dwarfutils 20161124-1 (bug #844011)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-dwarf_get_aranges_list-dwarf_arange-c
	NOTE: Same commit as for CVE-2016-9275. Needs the dwarf_arange.c part of the commit.
CVE-2016-9275 (Heap-based buffer overflow in the _dwarf_skim_forms function in ...)
	- dwarfutils 20161124-1 (bug #844012)
	[jessie] - dwarfutils <not-affected> (Vulnerable code not present)
	[wheezy] - dwarfutils <not-affected> (Vulnerable code not present)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c
	NOTE: Same commit as for CVE-2016-9276. Needs the dwarf_macro5.c part of the commit.
CVE-2016-9273 (tiffsplit in libtiff 4.0.6 allows remote attackers to cause a denial ...)
	{DSA-3762-1 DLA-716-1}
	- tiff 4.0.7-1 (bug #844013)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Unreproducible)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2587
	NOTE: Patch: https://github.com/vadz/libtiff/commit/d651abc097d91fac57f33b5f9447d0a9183f58e7
	NOTE: Can be reproduced with valgrind in wheezy with libtiff 4.0.2-6+deb7u7
	NOTE: Can be reproduced with valgrind in jessie with libtiff 4.0.3-12.3+deb8u1
CVE-2016-9261 (Cross-site scripting (XSS) vulnerability in Tenable Log Correlation ...)
	NOT-FOR-US: Tenable Log Correlation Engine
CVE-2016-9260 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9 ...)
	NOT-FOR-US: Nessus
CVE-2016-9259 (Cross-site scripting (XSS) vulnerability in Tenable Nessus before ...)
	NOT-FOR-US: Nessus
CVE-2017-0305 (F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an ...)
	NOT-FOR-US: F5
CVE-2017-0304 (A SQL injection vulnerability exists in the BIG-IP AFM management UI ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2017-0303 (In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link ...)
	NOT-FOR-US: F5
CVE-2017-0302 (In F5 BIG-IP APM 12.0.0 through 12.1.2 and 13.0.0, an authenticated ...)
	NOT-FOR-US: F5
CVE-2017-0301 (In F5 BIG-IP APM software versions 11.5.0, 11.5.1, 11.5.2, 11.5.3, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-9266 (listmp3.c in libming 0.4.7 allows remote attackers to unspecified ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
	NOTE: https://github.com/libming/libming/issues/53
CVE-2016-9265 (The printMP3Headers function in listmp3.c in Libming 0.4.7 allows ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list
	NOTE: https://github.com/libming/libming/issues/52
CVE-2016-9264 (Buffer overflow in the printMP3Headers function in listmp3.c in ...)
	{DLA-799-1}
	- ming <removed> (bug #843928)
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/libming-listmp3-global-buffer-overflow-in-printmp3headers-listmp3-c
	NOTE: https://github.com/libming/libming/issues/51
CVE-2016-9262 (Multiple integer overflows in the (1) jas_realloc function in ...)
	- jasper <removed>
	[jessie] - jasper <not-affected> (Vulnerable code introduced later)
	[wheezy] - jasper <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/634ce8e8a5accc0fa05dd2c20d42b4749d4b2735
	NOTE: The use-afer-free seems to be introduced in a version later tha 1.900.1 but the
	NOTE: CVE is assigned for everything fixed in the above commit, a such seems till
	NOTE: present in the 1.900.1 based versions. Still ok to mark as not-affected
	NOTE: https://blogs.gentoo.org/ago/2016/11/07/jasper-use-after-free-in-jas_realloc-jas_malloc-c
CVE-2016-9258
	RESERVED
CVE-2016-9257 (In F5 BIG-IP APM 12.0.0 through 12.1.2, non-authenticated users may be ...)
	NOT-FOR-US: F5
CVE-2016-9256 (In F5 BIG-IP 12.1.0 through 12.1.2, permissions enforced by iControl ...)
	NOT-FOR-US: F5
CVE-2016-9255
	RESERVED
CVE-2016-9254
	RESERVED
CVE-2016-9253 (In F5 BIG-IP 12.1.0 through 12.1.2, specific websocket traffic ...)
	NOT-FOR-US: F5
CVE-2016-9252 (The Traffic Management Microkernel (TMM) in F5 BIG-IP before 11.5.4 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-9251 (In F5 BIG-IP 12.0.0 through 12.1.2, an authenticated attacker may be ...)
	NOT-FOR-US: F5
CVE-2016-9250 (In F5 BIG-IP 11.2.1, 11.4.0 through 11.6.1, and 12.0.0 through 12.1.2, ...)
	NOT-FOR-US: F5
CVE-2016-9249 (An undisclosed traffic pattern received by a BIG-IP Virtual Server ...)
	NOT-FOR-US: F5
CVE-2016-9248
	RESERVED
CVE-2016-9247 (Under certain conditions for BIG-IP systems using a virtual server ...)
	NOT-FOR-US: F5
CVE-2016-9246
	RESERVED
CVE-2016-9245 (In F5 BIG-IP systems 12.1.0 - 12.1.2, malicious requests made to ...)
	NOT-FOR-US: F5
CVE-2016-9244 (A BIG-IP virtual server configured with a Client SSL profile that has ...)
	NOT-FOR-US: F5 TLS stack
	NOTE: https://ticketbleed.com/
CVE-2016-9243 (HKDF in cryptography before 1.5.2 returns an empty byte-string if used ...)
	- python-cryptography 1.5.3-1
	[jessie] - python-cryptography 0.6.1-1+deb8u1
	NOTE: Upstream bug: https://github.com/pyca/cryptography/issues/3211
	NOTE: Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/08/6
CVE-2016-9242 (Multiple SQL injection vulnerabilities in the update method in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9241
	REJECTED
CVE-2016-9240
	REJECTED
CVE-2016-9239
	REJECTED
CVE-2016-9238
	REJECTED
CVE-2016-9237
	REJECTED
CVE-2016-9236
	REJECTED
CVE-2016-9235
	REJECTED
CVE-2016-9234
	REJECTED
CVE-2016-9233
	REJECTED
CVE-2016-9232
	REJECTED
CVE-2016-9231
	REJECTED
CVE-2016-9230
	REJECTED
CVE-2016-9229
	REJECTED
CVE-2016-9228
	REJECTED
CVE-2016-9227
	REJECTED
CVE-2016-9226
	REJECTED
CVE-2016-9225 (A vulnerability in the data plane IP fragment handler of the Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-9224 (A vulnerability in the Cisco Jabber Guest Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2016-9223 (A vulnerability in the Docker Engine configuration of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9222 (A vulnerability in the web-based management interface of Cisco NetFlow ...)
	NOT-FOR-US: Cisco
CVE-2016-9221 (A Denial of Service Vulnerability in 802.11 ingress connection ...)
	NOT-FOR-US: Cisco
CVE-2016-9220 (A Denial of Service Vulnerability in 802.11 ingress packet processing ...)
	NOT-FOR-US: Cisco
CVE-2016-9219 (A vulnerability with IPv6 UDP ingress packet processing in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9218 (A vulnerability in Cisco Hybrid Meeting Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2016-9217 (A vulnerability in Cisco Intercloud Fabric for Business and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9216 (An IKE Packet Parsing Denial of Service Vulnerability in the ipsecmgr ...)
	NOT-FOR-US: Cisco ASR 5000
CVE-2016-9215 (A vulnerability in Cisco IOS XR Software could allow an authenticated, ...)
	NOT-FOR-US: Cisco
CVE-2016-9214 (Cisco Identity Services Engine (ISE) contains a vulnerability that ...)
	NOT-FOR-US: Cisco
CVE-2016-9213
	REJECTED
CVE-2016-9212 (A vulnerability in the Decrypt for End-User Notification configuration ...)
	NOT-FOR-US: Cisco
CVE-2016-9211 (A vulnerability in TCP port management in Cisco ONS 15454 Series ...)
	NOT-FOR-US: Cisco
CVE-2016-9210 (A vulnerability in the Cisco Unified Reporting upload tool accessed via ...)
	NOT-FOR-US: Cisco
CVE-2016-9209 (A vulnerability in TCP processing in Cisco FirePOWER system software ...)
	NOT-FOR-US: Cisco
CVE-2016-9208 (A vulnerability in the File Management Utility, the Download File form, ...)
	NOT-FOR-US: Cisco
CVE-2016-9207 (A vulnerability in the HTTP traffic server component of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9206 (A vulnerability in the ccmadmin page of Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2016-9205 (A vulnerability in the HTTP 2.0 request handling code of Cisco IOS XR ...)
	NOT-FOR-US: Cisco
CVE-2016-9204 (A vulnerability in the Cisco Intercloud Fabric (ICF) Director could ...)
	NOT-FOR-US: Cisco
CVE-2016-9203 (A vulnerability in the Internet Key Exchange Version 2 (IKEv2) feature ...)
	NOT-FOR-US: Cisco
CVE-2016-9202 (A vulnerability in the web-based management interface of Cisco Email ...)
	NOT-FOR-US: Cisco
CVE-2016-9201 (A vulnerability in the Zone-Based Firewall feature of Cisco IOS and ...)
	NOT-FOR-US: Cisco
CVE-2016-9200 (A vulnerability in the web framework code of Cisco Prime Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2016-9199 (A vulnerability in the Cisco application-hosting framework (CAF) of ...)
	NOT-FOR-US: Cisco
CVE-2016-9198 (A vulnerability in the Active Directory integration component of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-9197 (A vulnerability in the CLI command parser of the Cisco Mobility Express ...)
	NOT-FOR-US: Cisco
CVE-2016-9196 (A vulnerability in login authentication management in Cisco Aironet ...)
	NOT-FOR-US: Cisco
CVE-2016-9195 (A vulnerability in RADIUS Change of Authorization (CoA) request ...)
	NOT-FOR-US: Cisco
CVE-2016-9194 (A vulnerability in 802.11 Wireless Multimedia Extensions (WME) action ...)
	NOT-FOR-US: Cisco
CVE-2016-9193 (A vulnerability in the malicious file detection and blocking features ...)
	NOT-FOR-US: Cisco
CVE-2016-9192 (A vulnerability in Cisco AnyConnect Secure Mobility Client for Windows ...)
	NOT-FOR-US: Cisco
CVE-2015-8972 (Stack-based buffer overflow in the ValidateMove function in ...)
	- gnuchess 6.2.4-1 (unimportant)
	NOTE: Built with hardening flags, no security impact
	NOTE: http://lists.gnu.org/archive/html/bug-gnu-chess/2015-10/msg00002.html
	NOTE: http://svn.savannah.gnu.org/viewvc?view=rev&root=chess&revision=134
CVE-2015-8971 (Terminology 0.7.0 allows remote attackers to execute arbitrary ...)
	{DSA-3712-1}
	- terminology 0.7.0-2 (bug #843434)
	NOTE: https://git.enlightenment.org/apps/terminology.git/commit/?id=b80bedc7c21ecffe99d8d142930db696eebdd6a5
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/04/12
CVE-2016-9191 (The cgroup offline implementation in the Linux kernel through 4.8.11 ...)
	{DSA-3791-1}
	- linux 4.9.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/93362fa47fe98b62e4a34ab408c4a418432e7939 (v4.10-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/f0c3b5093addc8bfe9fe3a5b01acb7ec7969eafa (v3.11-rc1)
CVE-2016-9190 (Pillow before 3.3.2 allows context-dependent attackers to execute ...)
	{DSA-3710-1 DLA-705-1}
	- pillow 3.4.2-1
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/issues/2105
	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/5d8a0be45aad78c5a22c8d099118ee26ef8144af
CVE-2016-9189 (Pillow before 3.3.2 allows context-dependent attackers to obtain ...)
	{DSA-3710-1 DLA-705-1}
	- pillow 3.4.2-1
	- python-imaging <removed>
	NOTE: https://github.com/python-pillow/Pillow/issues/2105
	NOTE: https://github.com/python-pillow/Pillow/pull/2146/commits/c50ebe6459a131a1ea8ca531f10da616d3ceaa0f
CVE-2016-9188 (Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9187 (Unrestricted file upload vulnerability in the double extension support ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9186 (Unrestricted file upload vulnerability in the &quot;legacy course files&quot; and ...)
	NOTE: Moodle upstream does not believe it is a security vulnerability and the reporter
	NOTE: did not followed up on requests from upstream to provide clarification, cf. #851405
CVE-2016-9185 (In OpenStack Heat, by launching a new Heat stack with a local URL an ...)
	- heat 1:7.0.0-2 (bug #843232)
	[jessie] - heat <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ossa/+bug/1606500
CVE-2016-9184 (In /framework/modules/core/controllers/expHTMLEditorController.php of ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9183 (In /framework/modules/ecommerce/controllers/orderController.php of ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9182 (Exponent CMS 2.4 uses PHP reflection to call a method of a controller ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9177 (Directory traversal vulnerability in Spark 2.5 allows remote attackers ...)
	NOT-FOR-US: Spark (sparkjava)
CVE-2016-9176 (Stack buffer overflow in the send.exe and receive.exe components of ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-9175
	REJECTED
CVE-2016-9174
	REJECTED
CVE-2016-9173
	REJECTED
CVE-2016-9172
	REJECTED
CVE-2016-9171
	REJECTED
CVE-2016-9170
	REJECTED
CVE-2016-9169 (A reflected XSS vulnerability exists in the web console of the Document ...)
	NOT-FOR-US: Novell
CVE-2016-9168 (A missing X-Frame-Options header in the NDS Utility Monitor in NDSD in ...)
	NOT-FOR-US: Novell
CVE-2016-9167 (NDSD in Novell eDirectory before 9.0.2 did not calculate ACLs on LDAP ...)
	NOT-FOR-US: Novell
CVE-2016-9166
	RESERVED
CVE-2016-9165 (The get_sessions servlet in CA Unified Infrastructure Management ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9164 (Directory traversal vulnerability in diag.jsp file in CA Unified ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-9163
	REJECTED
CVE-2016-9162
	REJECTED
CVE-2016-9161
	REJECTED
CVE-2016-9160 (A vulnerability in SIEMENS SIMATIC WinCC (All versions &lt; SIMATIC WinCC ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2016-9159 (A vulnerability has been identified in SIMATIC S7-300 CPU family, ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2016-9158 (A vulnerability has been identified in SIMATIC S7-300 CPU family, ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2016-9157 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-9156 (A vulnerability in Siemens SICAM PAS (all versions before V8.09) could ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-9155 (The following SIEMENS branded IP Camera Models CCMW3025, CVMW3025-IR, ...)
	NOT-FOR-US: Siemens
CVE-2016-9154 (Siemens Desigo PX Web modules PXA40-W0, PXA40-W1, PXA40-W2 for Desigo ...)
	NOT-FOR-US: Siemens Desigo PX
CVE-2016-9153
	RESERVED
CVE-2016-9152 (Cross-site scripting (XSS) vulnerability in ecrire/exec/plonger.php in ...)
	{DLA-738-1}
	- spip 3.1.4-2 (bug #847156)
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23290
CVE-2016-9151 (Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9150 (Buffer overflow in the management web interface in Palo Alto Networks ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9149 (The Addresses Object parser in Palo Alto Networks PAN-OS before ...)
	NOT-FOR-US: PAN-OS
CVE-2016-9148 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2016-9147 (named in ISC BIND 9.9.9-P4, 9.9.9-S6, 9.10.4-P4, and 9.11.0-P1 allows ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851063)
	NOTE: https://kb.isc.org/article/AA-01440/0
CVE-2015-8969 (git-fastclone before 1.0.5 passes user modifiable strings directly to a ...)
	NOT-FOR-US: git-fastclone
CVE-2015-8968 (git-fastclone before 1.0.1 permits arbitrary shell command execution ...)
	NOT-FOR-US: git-fastclone
CVE-2015-8970 (crypto/algif_skcipher.c in the Linux kernel before 4.4.2 does not ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1386286
	NOTE: Fixed by: https://git.kernel.org/linus/dd504589577d8e8e70f51f997ad487a4cb6c026f (v4.5-rc1)
	NOTE: Followed by a complete set of related upstrema commits. See kernel-sec
	NOTE: triage for details.
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/6
CVE-2016-9179 (lynx: It was found that Lynx doesn't parse the authority component of ...)
	{DLA-719-1}
	- lynx 2.8.9dev11-1 (bug #843258)
	- lynx-cur <removed>
	[jessie] - lynx-cur <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/4
	NOTE: Slight mitigation and documentation improvement was done in 2.8.9dev.10 upstream
	NOTE: the uplaod to unstable as 2.8.9dev10-1
CVE-2016-9644 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the ...)
	- linux <not-affected> (Vulnerable code not present)
	NOTE: No incorrect backport of CVE-2016-9178 done in Debian
	NOTE: This is only an issue if 1c109fabbd51863475cd12ac206bdd249aee35af
	NOTE: (added in 4.8) is backported without also backporting
	NOTE: 548acf19234dbda5a52d5a8e7e205af46e9da840 (added in 4.6), as such
	NOTE: src:linux was never affected. 1c109fabbd5 also wasn't backported to
	NOTE: the 3.2 and 3.16 LTS series
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/03/2
CVE-2016-9178 (The __get_user_asm_ex macro in arch/x86/include/asm/uaccess.h in the ...)
	{DLA-772-1}
	- linux 4.7.5-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/1c109fabbd51863475cd12ac206bdd249aee35af (4.8-rc7)
	NOTE: If this issue is fixed for older versions be careful to not open same issue as CVE-2016-9644
CVE-2016-9146
	RESERVED
CVE-2016-9145
	REJECTED
CVE-2016-9144
	REJECTED
CVE-2016-9143
	REJECTED
CVE-2016-9142
	REJECTED
CVE-2016-9141
	REJECTED
CVE-2016-9181 (perl-Image-Info: When parsing an SVG file, external entity expansion ...)
	- libimage-info-perl 1.39-1 (bug #842891)
	[jessie] - libimage-info-perl <no-dsa> (Minor issue)
	[wheezy] - libimage-info-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118099
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379556
	NOTE: Upstream commit: https://github.com/eserte/image-info/commit/781625b643bc05ba92127a4554de7910f3f2f8e6
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
	NOTE: Older versions of libimage-info-perl only can use XML::Simple.
	NOTE: Controlling XXE processing behavior in XML::Simple is not really
	NOTE: possible (see https://rt.cpan.org/Ticket/Display.html?id=83794),
	NOTE: so as a workaround the underlying SAX parser is fixed to
	NOTE: XML::SAX::PurePerl which is uncapable of processing external entities
	NOTE: but unfortunately it is also a slow parser.
CVE-2016-9180 (perl-XML-Twig: The option to `expand_external_ents`, documented as ...)
	- libxml-twig-perl <unfixed> (low; bug #842893)
	[stretch] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
	[jessie] - libxml-twig-perl <no-dsa> (Minor issue; can be fixed via point release)
	[wheezy] - libxml-twig-perl <no-dsa> (Minor issue, new flag would require changes to applications too, not worth the effort)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=118097
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1379553
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/02/1
	NOTE: Release 3.50 adds a no_xxe flag which will fail to parse files with external entities.
	NOTE: 2016-12-13: The corresponding changes is not in the public git repository yet: https://github.com/mirod/xmltwig/commits/master
CVE-2016-9136 (Artifex Software, Inc. MuJS before ...)
	NOT-FOR-US: MuJS
CVE-2016-9135 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9134 (Exponent CMS 2.3.9 suffers from a SQL injection vulnerability in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9133
	RESERVED
CVE-2016-9132 (In Botan 1.8.0 through 1.11.33, when decoding BER data an integer ...)
	{DLA-786-1}
	- botan1.10 1.10.14-1
	[jessie] - botan1.10 <ignored> (Minor issue, not believed to be exploitable in practice)
	NOTE: Fixed in 1.10.14 and 1.11.34, all prior versions affected.
	NOTE: Fixed by: https://github.com/randombit/botan/commit/987ad747db6d0d7e36f840398f3cf02e2fbfd90f
CVE-2016-9131 (named in ISC BIND 9.x before 9.9.9-P5, 9.10.x before 9.10.4-P5, and ...)
	{DSA-3758-1 DLA-805-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #851065)
	NOTE: https://kb.isc.org/article/AA-01439/0
CVE-2016-9130 (Revive Adserver before 3.2.3 suffers from Persistent XSS. A vector for ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9129 (Revive Adserver before 3.2.3 suffers from Information Exposure Through ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9128 (Revive Adserver before 3.2.3 suffers from reflected XSS. The ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9127 (Revive Adserver before 3.2.3 suffers from Cross-Site Request Forgery ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9126 (Revive Adserver before 3.2.3 suffers from persistent XSS. Usernames are ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9125 (Revive Adserver before 3.2.3 suffers from session fixation, by ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9124 (Revive Adserver before 3.2.3 suffers from Improper Restriction of ...)
	NOT-FOR-US: Revive Adserver
CVE-2016-9123 (go-jose before 1.0.5 suffers from a CBC-HMAC integer overflow on 32-bit ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9122 (go-jose before 1.0.4 suffers from multiple signatures exploitation. ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9121 (go-jose before 1.0.4 suffers from an invalid curve attack for the ...)
	- golang-gopkg-square-go-jose.v1 1.0.5-1
CVE-2016-9140 [RCE]
	RESERVED
	- zabbix 1:3.0.6+dfsg-1 (bug #842702; unimportant)
	NOTE: https://www.exploit-db.com/exploits/39937/
	NOTE: Claimed to be not a vulnerability but a superadmin using a feature
	NOTE: as intended. 1:3.0.6+dfsg-1 improved the API script.execute validation.
CVE-2016-9139 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-787-1}
	- otrs2 5.0.14-1 (bug #843091)
	[jessie] - otrs2 <ignored> (Minor issue)
	NOTE: https://www.otrs.com/security-advisory-2016-02-security-update-otrs/
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/5
	NOTE: upstream fix likely https://github.com/OTRS/otrs/commit/6578a8bcf82529461302291ab3fcb500363b005a
CVE-2016-9120 (Race condition in the ion_ioctl function in ...)
	- linux 4.6.1-1 (unimportant)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/9590232bb4f4cc824f3425a6e1349afbe6d6d2b7 (v4.6-rc1)
CVE-2016-9119 (Cross-site scripting (XSS) vulnerability in the link dialogue in GUI ...)
	{DSA-3715-1 DLA-717-1}
	- moin 1.9.9-1 (bug #844338)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/3bddf075fdbd
CVE-2016-9118 (Heap Buffer Overflow (WRITE of size 4) in function pnmtoimage of ...)
	{DSA-4013-1}
	- openjpeg2 2.1.2-1.2 (bug #844557)
	NOTE: https://github.com/uclouvain/openjpeg/issues/861
	NOTE: https://github.com/uclouvain/openjpeg/commit/c22cbd8bdf8ff2ae372f94391a4be2d322b36b41
CVE-2016-9117 (NULL Pointer Access in function imagetopnm of convert.c(jp2):1289 in ...)
	- openjpeg2 <unfixed> (unimportant; bug #844556)
	NOTE: https://github.com/uclouvain/openjpeg/issues/860
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9116 (NULL Pointer Access in function imagetopnm of convert.c:2226(jp2) in ...)
	- openjpeg2 <unfixed> (unimportant; bug #844555)
	NOTE: https://github.com/uclouvain/openjpeg/issues/859
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9115 (Heap Buffer Over-read in function imagetotga of convert.c(jp2):942 in ...)
	- openjpeg2 <unfixed> (unimportant; bug #844554)
	NOTE: https://github.com/uclouvain/openjpeg/issues/858
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9114 (There is a NULL Pointer Access in function imagetopnm of ...)
	- openjpeg2 <unfixed> (unimportant; bug #844553)
	NOTE: https://github.com/uclouvain/openjpeg/issues/857
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9113 (There is a NULL pointer dereference in function imagetobmp of ...)
	- openjpeg2 <unfixed> (unimportant; bug #844552)
	NOTE: https://github.com/uclouvain/openjpeg/issues/856
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2016-9112 (Floating Point Exception (aka FPE or divide by zero) in ...)
	- openjpeg2 2.1.2-1.2 (bug #844551)
	[stretch] - openjpeg2 <no-dsa> (Minor issue)
	[jessie] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: https://github.com/uclouvain/openjpeg/commit/d27ccf01c68a31ad62b33d2dc1ba2bb1eeaafe7b
	NOTE: https://github.com/uclouvain/openjpeg/issues/855
CVE-2016-9111 (Incorrect access control mechanisms in Citrix Receiver Desktop Lock ...)
	NOT-FOR-US: Citrix
CVE-2016-9110
	RESERVED
CVE-2016-9100 (Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.13, ASG 6.7 ...)
	NOT-FOR-US: Symantec
CVE-2016-9099 (Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 prior to 6.7.2.1, ...)
	NOT-FOR-US: Symantec
CVE-2016-9098
	REJECTED
CVE-2016-9097 (The Symantec Advanced Secure Gateway (ASG) 6.6 prior to 6.6.5.8, ...)
	NOT-FOR-US: Symantec
CVE-2016-9096
	REJECTED
CVE-2016-9095
	REJECTED
CVE-2016-9094 (Symantec Endpoint Protection clients place detected malware in ...)
	NOT-FOR-US: Symantec
CVE-2016-9093 (A version of the SymEvent Driver that shipped with Symantec Endpoint ...)
	NOT-FOR-US: Symantec
CVE-2016-9092 (The Symantec Content Analysis (CA) 1.3, 2.x prior to 2.2.1.1, and Mail ...)
	NOT-FOR-US: Symantec
CVE-2016-9091 (Blue Coat Advanced Secure Gateway (ASG) 6.6 before 6.6.5.4 and Content ...)
	NOT-FOR-US: Blue Coat Advanced Secure Gateway
CVE-2016-9090
	RESERVED
CVE-2016-9089
	RESERVED
CVE-2015-8967 (arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local ...)
	- linux 4.0.2-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/c623b33b4e9599c6ac5076f7db7369eb9869aa04 (v4.0-rc1)
	NOTE: Missing security mitigation, not a vulnerability per se
CVE-2015-8966 (arch/arm/kernel/sys_oabi-compat.c in the Linux kernel before 4.4 ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/76cc404bfdc0d419c720de4daaf2584542734f42 (v4.4-rc8)
CVE-2016-9109 (Artifex Software MuJS allows attackers to cause a denial of service ...)
	NOT-FOR-US: MuJS
CVE-2016-9108 (Integer overflow in the js_regcomp function in regexp.c in Artifex ...)
	NOT-FOR-US: MuJS
CVE-2016-9107 (The OTR plugin for Gajim sends information in cleartext when using ...)
	- gajim-otr <itp> (bug #722130)
	NOTE: Upstream bug: https://trac-plugins.gajim.org/ticket/145
	NOTE: Upstream fix: https://trac-plugins.gajim.org/changeset/c7c2e519ed63377bc943dd01c4661b0fe49321ae
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/30/2
CVE-2014-9910 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Android Broadcom driver
CVE-2014-9909 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Android Broadcom driver
CVE-2016-9106 (Memory leak in the v9fs_write function in hw/9pfs/9p.c in QEMU (aka ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02623.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/4
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fdfcc9aeea1492f4b819a24c94dfb678145b1bf9
CVE-2016-9105 (Memory leak in the v9fs_link function in hw/9pfs/9p.c in QEMU (aka ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02608.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/3
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=4c1586787ff43c9acd18a56c12d720e3e6be9f7c
CVE-2016-9104 (Multiple integer overflows in the (1) v9fs_xattr_read and (2) ...)
	{DLA-698-1 DLA-689-1}
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu 1:2.8+dfsg-1 (bug #842463)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02942.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/2
CVE-2016-9103 (The v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU (aka Quick ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01790.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/28/1
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=eb687602853b4ae656e9236ee4222609f3a6887d
CVE-2016-9102 (Memory leak in the v9fs_xattrcreate function in hw/9pfs/9p.c in QEMU ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842463)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01861.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389550
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/15
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff55e94d23ae94c8628b0115320157c763eb3e06
CVE-2016-9101 (Memory leak in hw/net/eepro100.c in QEMU (aka Quick Emulator) allows ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #842455)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg03024.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1389538
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/14
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=2634ab7fe29b3f75d0865b719caf8f310d634aae (v2.8.0-rc0)
CVE-2016-9088
	RESERVED
CVE-2016-9087 (SQL injection vulnerability in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9086 (GitLab versions 8.9.x and above contain a critical security flaw in the ...)
	- gitlab 8.13.3+dfsg1-2 (bug #843519)
	NOTE: https://hackerone.com/reports/178152
	NOTE: https://about.gitlab.com/2016/11/02/cve-2016-9086-patches/
CVE-2016-9081 (Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, ...)
	NOT-FOR-US: Joomla
CVE-2016-9080
	RESERVED
	- firefox 50.1.0-1
	- firefox-esr <not-affected> (Only affects Firefox 50.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-94/#CVE-2016-9080
CVE-2016-9079 [SVG Animation Remote Code Execution]
	RESERVED
	{DSA-3730-1 DSA-3728-1 DLA-752-1 DLA-730-1}
	- firefox 50.0.2-1
	- firefox-esr 45.5.1esr-1
	- icedove 1:45.5.1-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079
CVE-2016-9078 [data: URL can inherit wrong origin after an HTTP redirect]
	RESERVED
	- firefox 50.0.2-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-91/
CVE-2016-9077
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9076
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9075
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9074 [existing mitigation of timing side-channel attacks insufficient]
	RESERVED
	{DSA-3730-1 DSA-3716-1 DLA-759-1 DLA-752-1}
	- nss 2:3.26.2-1
	[jessie] - nss <no-dsa> (Minor issue, can be fixed in point release or future DSA)
	NOTE: Fixed by (3_26_BRANCH): https://hg.mozilla.org/projects/nss/rev/d38536fcc726 (3.26.1)
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-90/#CVE-2016-9074
CVE-2016-9073
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9072
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Windows 64bit)
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9071
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9070
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9069
	RESERVED
	- firefox 50.0-1
CVE-2016-9068
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9067
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-9066
	RESERVED
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-9065
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9064
	RESERVED
	{DSA-3716-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
CVE-2016-9063
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
	- expat 2.2.0-2
	[jessie] - expat 2.1.0-6+deb8u4
	[wheezy] - expat <no-dsa> (Minor issue)
	NOTE: Expat upstream fix: https://github.com/libexpat/libexpat/commit/d4f735b88d9932bd5039df2335eefdd0723dbe20
CVE-2016-9062
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9061
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-9060
	REJECTED
CVE-2016-9059
	REJECTED
CVE-2016-9058
	REJECTED
CVE-2016-9057
	REJECTED
CVE-2016-9056
	REJECTED
CVE-2016-9055
	REJECTED
CVE-2016-9054 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9053 (An exploitable out-of-bounds indexing vulnerability exists within the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9052 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9051 (An exploitable out-of-bounds write vulnerability exists in the batch ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9050 (An exploitable out-of-bounds read vulnerability exists in the client ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9049 (An exploitable denial-of-service vulnerability exists in the ...)
	NOT-FOR-US: Aerospike Database
CVE-2016-9048
	RESERVED
CVE-2016-9047
	RESERVED
CVE-2016-9046
	RESERVED
CVE-2016-9045
	RESERVED
CVE-2016-9044
	RESERVED
CVE-2016-9043 (An out of bound write vulnerability exists in the EMF parsing ...)
	NOT-FOR-US: CorelDRAW X8
CVE-2016-9042
	RESERVED
	- ntp 1:4.2.8p10+dfsg-1
	[jessie] - ntp <not-affected> (Doesn't use the affected upstream patch)
	[wheezy] - ntp <not-affected> (Doesn't use the affected upstream patch)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0260/
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3361
	NOTE: This vulnerability affects the upstream fix for CVE-2015-8138, but Debian
	NOTE: jessie and wheezy use a less invasive patch by Miroslav Lichvar
	NOTE: of Red Hat, as available here:
	NOTE: http://pkgs.fedoraproject.org/cgit/rpms/ntp.git/tree/ntp-4.2.6p5-cve-2015-8138.patch?h=f24
CVE-2016-9041
	REJECTED
CVE-2016-9040
	RESERVED
CVE-2016-9039 (An exploitable denial of service exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent
CVE-2016-9038 (An exploitable double fetch vulnerability exists in the SboxDrv.sys ...)
	NOT-FOR-US: Invincea-X
CVE-2016-9037 (An exploitable out-of-bounds array access vulnerability exists in the ...)
	- tarantool 1.7.2.385.g952d79e-1
	[jessie] - tarantool <not-affected> (Vulnerable code not present)
	[wheezy] - tarantool <not-affected> (Not vulnerable)
	NOTE: https://github.com/tarantool/tarantool/issues/1992
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0255/
CVE-2016-9036 (An exploitable incorrect return value vulnerability exists in the ...)
	- msgpuck 1.0.3-1.1 (bug #849212)
	NOTE: https://github.com/rtsisyk/msgpuck/issues/12
	- tarantool 1.7.2.385.g952d79e-1
	[jessie] - tarantool <not-affected> (Vulnerable code not present)
	[wheezy] - tarantool <not-affected> (Not vulnerable)
	NOTE: https://github.com/tarantool/tarantool/issues/1991
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0254/
CVE-2016-9035 (An exploitable buffer overflow exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9034 (An exploitable buffer overflow exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9033 (An exploitable buffer overflow exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9032 (An exploitable buffer overflow exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9031 (An exploitable integer overflow exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-9085 (Multiple integer overflows in libwebp allows attackers to have ...)
	- libwebp <unfixed> (unimportant; bug #842714)
	[wheezy] - libwebp <not-affected> (vulnerable code not present)
	NOTE: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83
	NOTE: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private)
	NOTE: For libwebp only in examples, but other projects seem to use the gifdec.c
	NOTE: Origin of the file seems to be from libav
	NOTE: 0.5.1-3 claims the upload fixed CVE-2016-8888 and CVE-2016-9085 but the taken patches
	NOTE: look different, needs further investigation before marking as fixed
CVE-2016-9084 (drivers/vfio/pci/vfio_pci_intrs.c in the Linux kernel through 4.8.11 ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.kernel.org/patch/9373631/
	NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9083 (drivers/vfio/pci/vfio_pci.c in the Linux kernel through 4.8.11 allows ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://patchwork.kernel.org/patch/9373631/
	NOTE: Fixed by: https://git.kernel.org/linus/05692d7005a364add85c6e25a6c4447ce08f913a (v4.9-rc4)
CVE-2016-9082 (Integer overflow in the write_png function in cairo 1.14.6 allows ...)
	{DLA-688-1}
	- cairo 1.14.6-1.1 (bug #842289)
	[jessie] - cairo 1.14.0-2.1+deb8u2
	NOTE: Upstream bug: https://bugs.freedesktop.org/show_bug.cgi?id=98165
	NOTE: Proposed patch upstream: https://bugs.freedesktop.org/attachment.cgi?id=127421
CVE-2016-9030
	RESERVED
CVE-2016-9029
	RESERVED
CVE-2016-9028 (Unauthorized redirect vulnerability in Citrix NetScaler ADC before 10.1 ...)
	NOT-FOR-US: Citrix
CVE-2016-9027
	RESERVED
CVE-2016-9026
	RESERVED
CVE-2016-9025
	RESERVED
CVE-2016-9024
	RESERVED
CVE-2016-9023
	RESERVED
CVE-2016-9022
	RESERVED
CVE-2016-9021
	RESERVED
CVE-2016-9020 (SQL injection vulnerability in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9019 (SQL injection vulnerability in the activate_address function in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-9018 (Improper handling of a repeating VRAT chunk in qcpfformat.dll allows ...)
	NOT-FOR-US: RealPlayer
CVE-2016-9017 (Artifex Software, Inc. MuJS before ...)
	NOT-FOR-US: MuJS
CVE-2016-9015 (Versions 1.17 and 1.18 of the Python urllib3 library suffer from a ...)
	- python-urllib3 <not-affected> (Issue only present in 1.17 and 1.18 releases)
CVE-2016-9014 (Django before 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x ...)
	{DSA-3835-1 DLA-706-1}
	- python-django 1:1.10.3-1 (bug #842856)
	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
	NOTE: https://github.com/django/django/commit/7fe2d8d940fdddd1a02c4754008a27060c4a03e9
CVE-2016-9013 (Django 1.8.x before 1.8.16, 1.9.x before 1.9.11, and 1.10.x before ...)
	{DSA-3835-1}
	- python-django 1:1.10.3-1 (bug #842856)
	[wheezy] - python-django <no-dsa> (Minor issue; specific to Oracle)
	NOTE: https://www.djangoproject.com/weblog/2016/nov/01/security-releases/
	NOTE: https://github.com/django/django/commit/da7910d4834726eca596af0a830762fa5fb2dfd9
CVE-2016-9012 (CloudVision Portal (CVP) before 2016.1.2.1 allows remote authenticated ...)
	NOT-FOR-US: CloudVision Portal
CVE-2016-9010 (IBM WebSphere Message Broker 9.0 and 10.0 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-9009 (IBM WebSphere MQ 8.0 could allow an authenticated user with authority ...)
	NOT-FOR-US: IBM
CVE-2016-9008 (IBM UrbanCode Deploy could allow a malicious user to access the Agent ...)
	NOT-FOR-US: IBM
CVE-2016-9007
	RESERVED
CVE-2016-9006 (IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-9005 (IBM System Storage TS3100-TS3200 Tape Library could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-9004
	RESERVED
CVE-2016-9003
	RESERVED
CVE-2016-9002
	RESERVED
CVE-2016-9001
	RESERVED
CVE-2016-9000 (IBM InfoSphere DataStage is vulnerable to cross-frame scripting, ...)
	NOT-FOR-US: IBM
CVE-2016-8999 (IBM InfoSphere Information Server contains a Path-relative stylesheet ...)
	NOT-FOR-US: IBM
CVE-2016-8998 (IBM Tivoli Storage Manager Server 7.1 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-8997
	RESERVED
CVE-2016-8996
	RESERVED
CVE-2016-8995
	RESERVED
CVE-2016-8994
	RESERVED
CVE-2016-8993
	RESERVED
CVE-2016-8992
	RESERVED
CVE-2016-8991
	RESERVED
CVE-2016-8990
	RESERVED
CVE-2016-8989
	RESERVED
CVE-2016-8988
	RESERVED
CVE-2016-8987 (IBM Maximo Asset Management 7.1, 7.5, and 7.6 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-8986 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...)
	NOT-FOR-US: IBM
CVE-2016-8985
	RESERVED
CVE-2016-8984
	RESERVED
CVE-2016-8983
	RESERVED
CVE-2016-8982 (IBM InfoSphere Information Server stores sensitive information in URL ...)
	NOT-FOR-US: IBM
CVE-2016-8981 (IBM BigFix Inventory v9 allows web pages to be stored locally which ...)
	NOT-FOR-US: IBM
CVE-2016-8980 (IBM BigFix Inventory v9 is vulnerable to a denial of service, caused ...)
	NOT-FOR-US: IBM
CVE-2016-8979
	RESERVED
CVE-2016-8978
	RESERVED
CVE-2016-8977 (IBM BigFix Inventory v9 could disclose sensitive information to an ...)
	NOT-FOR-US: IBM
CVE-2016-8976
	RESERVED
CVE-2016-8975 (IBM Rhapsody DM 5.0 and 6.0 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-8974 (IBM Rhapsody DM 4.0, 5.0 and 6.0 is vulnerable to a denial of service, ...)
	NOT-FOR-US: IBM
CVE-2016-8973 (IBM Rhapsody DM 4.0, 5.0 and 6.0 contains an undisclosed vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-8972 (IBM AIX 6.1, 7.1, and 7.2 could allow a local user to gain root ...)
	NOT-FOR-US: IBM
CVE-2016-8971 (IBM WebSphere MQ 8.0 could allow an authenticated user with queue ...)
	NOT-FOR-US: IBM
CVE-2016-8970
	RESERVED
CVE-2016-8969
	RESERVED
CVE-2016-8968 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-8967 (IBM BigFix Inventory v9 9.2 stores user credentials in plain in clear ...)
	NOT-FOR-US: IBM
CVE-2016-8966 (IBM BigFix Inventory v9 could allow a remote attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-8965
	RESERVED
CVE-2016-8964 (IBM BigFix Inventory v9 9.2 uses an inadequate account lockout setting ...)
	NOT-FOR-US: IBM
CVE-2016-8963 (IBM BigFix Inventory v9 stores potentially sensitive information in ...)
	NOT-FOR-US: IBM
CVE-2016-8962 (IBM BigFix Inventory 9.2 does not require that users should have ...)
	NOT-FOR-US: IBM
CVE-2016-8961 (IBM BigFix Inventory v9 could allow a remote attacker to conduct ...)
	NOT-FOR-US: IBM
CVE-2016-8960 (IBM Cognos Business Intelligence 10.2 could allow a user with lower ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2016-8959
	RESERVED
CVE-2016-8958
	RESERVED
CVE-2016-8957
	RESERVED
CVE-2016-8956
	RESERVED
CVE-2016-8955
	RESERVED
CVE-2016-8954 (IBM dashDB Local uses hard-coded credentials that could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8953 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8952 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
	NOT-FOR-US: IBM
CVE-2016-8951 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
	NOT-FOR-US: IBM
CVE-2016-8950 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8949 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x could ...)
	NOT-FOR-US: IBM
CVE-2016-8948 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8947 (IBM Emptoris Sourcing 9.5.x through 10.1.x could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8946 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8945
	RESERVED
CVE-2016-8944 (IBM AIX 7.1 and 7.2 allows a local user to open a file with a ...)
	NOT-FOR-US: IBM
CVE-2016-8943 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8942 (IBM Tivoli Storage Productivity Center could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-8941 (IBM Tivoli Storage Productivity Center is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8940 (IBM Tivoli Storage Manager (IBM Spectrum Protect) 6.1, 6.2, 6.3, and ...)
	NOT-FOR-US: IBM
CVE-2016-8939 (IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) ...)
	NOT-FOR-US: IBM
CVE-2016-8938 (IBM UrbanCode Deploy could allow a user to execute code using a ...)
	NOT-FOR-US: IBM
CVE-2016-8937 (The IBM Tivoli Storage Manager (IBM Spectrum Protect 7.1 and 8.1) ...)
	NOT-FOR-US: IBM
CVE-2016-8936 (IBM Social Rendering Templates for Digital Data Connector is ...)
	NOT-FOR-US: IBM
CVE-2016-8935 (IBM Kenexa LMS on Cloud 13.1, 13.2, 13.2.2, 13.2.3, 13.2.4 and 14.0.0 ...)
	NOT-FOR-US: IBM
CVE-2016-8934 (IBM WebSphere Application Server is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8933 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse ...)
	NOT-FOR-US: IBM
CVE-2016-8932 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload ...)
	NOT-FOR-US: IBM
CVE-2016-8931 (IBM Kenexa LMS on Cloud could allow a remote attacker to upload ...)
	NOT-FOR-US: IBM
CVE-2016-8930 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
	NOT-FOR-US: IBM
CVE-2016-8929 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
	NOT-FOR-US: IBM
CVE-2016-8928 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
	NOT-FOR-US: IBM
CVE-2016-8927 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 is ...)
	NOT-FOR-US: IBM
CVE-2016-8926 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
	NOT-FOR-US: IBM
CVE-2016-8925 (IBM Tivoli Application Dependency Discovery Manager 7.2.2 and 7.3 ...)
	NOT-FOR-US: IBM
CVE-2016-8924 (IBM Maximo Asset Management 7.1, 7.5 and 7.6 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8923 (IBM Curam Social Program Management 5.2, 6.0, and 7.0 contains a ...)
	NOT-FOR-US: IBM
CVE-2016-8922 (Exphox WebRadar is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: Exphox WebRadar
CVE-2016-8921 (IBM FileNet WorkPlace XT could allow a remote attacker to upload ...)
	NOT-FOR-US: IBM
CVE-2016-8920 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-8919 (IBM WebSphere Application Server may be vulnerable to a denial of ...)
	NOT-FOR-US: IBM
CVE-2016-8918 (IBM Integration Bus, under non default configurations, could allow a ...)
	NOT-FOR-US: IBM
CVE-2016-8917 (IBM Sterling Order Management 9.2 - 9.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-8916 (IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password ...)
	NOT-FOR-US: IBM
CVE-2016-8915 (IBM WebSphere MQ 8.0 could allow an authenticated user with access to ...)
	NOT-FOR-US: IBM
CVE-2016-8914
	RESERVED
CVE-2016-8913 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-8912 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 stores potentially ...)
	NOT-FOR-US: IBM
CVE-2016-8911 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-9016 (Firejail 0.9.38.4 allows local users to execute arbitrary commands ...)
	- firejail 0.9.44-1
	NOTE: https://github.com/netblue30/firejail/commit/46dc2b34f1fbbc4597b4ff9f6a3cb28b2d500d1b
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/25/3
CVE-2016-9011 (The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote ...)
	{DLA-694-1}
	- libwmf 0.2.8.4-10.6 (bug #842090)
	[jessie] - libwmf 0.2.8.4-10.3+deb8u2
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/9
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/libwmf-memory-allocation-failure-in-wmf_malloc-api-c
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00015-libwmf-memalloc-wmf_malloc
	NOTE: Proposed patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?att=1;bug=842090;filename=libwmf-0.2.8.4-CVE-2016-9011-debian.patch;msg=10
CVE-2016-8908 (SQL injection vulnerability in the &quot;Site Browser &gt; HTML pages&quot; screen ...)
	NOT-FOR-US: dotCMS
CVE-2016-8907 (SQL injection vulnerability in the &quot;Content Types &gt; Content Types&quot; ...)
	NOT-FOR-US: dotCMS
CVE-2016-8906 (SQL injection vulnerability in the &quot;Site Browser &gt; Links pages&quot; screen ...)
	NOT-FOR-US: dotCMS
CVE-2016-8905 (SQL injection vulnerability in the JSONTags servlet in dotCMS before ...)
	NOT-FOR-US: dotCMS
CVE-2016-8904 (SQL injection vulnerability in the &quot;Site Browser &gt; Containers pages&quot; ...)
	NOT-FOR-US: dotCMS
CVE-2016-8903 (SQL injection vulnerability in the &quot;Site Browser &gt; Templates pages&quot; ...)
	NOT-FOR-US: dotCMS
CVE-2016-8902 (SQL injection vulnerability in the categoriesServlet servlet in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-8901
	RESERVED
CVE-2016-8900
	RESERVED
CVE-2016-8899
	RESERVED
CVE-2016-8898
	RESERVED
CVE-2016-8897
	RESERVED
CVE-2016-8896
	RESERVED
CVE-2016-8895
	RESERVED
CVE-2016-8894
	RESERVED
CVE-2016-8893
	RESERVED
CVE-2016-8892
	RESERVED
CVE-2016-8891
	RESERVED
CVE-2016-8890
	RESERVED
CVE-2016-8889 (In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 ...)
	NOT-FOR-US: Bitcoin Knots
CVE-2016-8888
	RESERVED
CVE-2016-8879 (The thumbnail shell extension plugin (FoxitThumbnailHndlr_x86.dll) in ...)
	NOT-FOR-US: Foxit
CVE-2016-8878 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-8877 (Heap buffer overflow (Out-of-Bounds write) vulnerability in Foxit ...)
	NOT-FOR-US: Foxit
CVE-2016-8876 (Out-of-Bounds read vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-8875 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 8.1 on ...)
	NOT-FOR-US: Foxit
CVE-2016-8874
	RESERVED
CVE-2016-8873
	RESERVED
CVE-2016-8872
	RESERVED
CVE-2016-8871 (In Botan 1.11.29 through 1.11.32, RSA decryption with certain padding ...)
	- botan1.10 <not-affected> (Only affects 1.11.29 through 1.11.32)
CVE-2016-8870 (The register method in the UsersModelRegistration class in ...)
	NOT-FOR-US: Joomla
CVE-2016-8869 (The register method in the UsersModelRegistration class in ...)
	NOT-FOR-US: Joomla
CVE-2016-8868
	RESERVED
CVE-2016-8867 (Docker Engine 1.12.2 enabled ambient capabilities with misconfigured ...)
	- docker.io <not-affected> (Not built from/with a runc with "ambient capabilities")
	- runc <not-affected> ("ambient capabilities" introduced later, cf bug #853240)
	NOTE: https://github.com/docker/docker/issues/27590
	NOTE: docker: https://github.com/docker/docker/pull/27610/commits/d60a3418d0268745dff38947bc8c929fbd24f837 (1.12.3)
	NOTE: runc: https://github.com/opencontainers/runc/commit/a83f5bac28554fa0fd49bc1559a3c79f5907348f
	NOTE: docker.io not directly affected but will need to be updated to include new runc version
	NOTE: runc: "ambient capabilities" functionality added upstream with https://github.com/opencontainers/runc/pull/1086
	NOTE: and later changes.
	NOTE: The actual fix seem to be to revert the commit which introduced ambient capabilities
	NOTE: in runc.
CVE-2016-8865
	RESERVED
CVE-2016-8864 (named in ISC BIND 9.x before 9.9.9-P4, 9.10.x before 9.10.4-P4, and ...)
	{DSA-3703-1 DLA-696-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #842858)
	NOTE: https://kb.isc.org/article/AA-01434
	NOTE: upstream fix https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=8bd0c12d53bea6f299e92d20ee0a23b16a7f65bc
CVE-2016-8863 (Heap-based buffer overflow in the create_url_list function in ...)
	{DSA-3736-1 DLA-748-1 DLA-747-1}
	- libupnp 1:1.6.19+git20160116-1.2 (bug #842093)
	- libupnp4 <removed>
	NOTE: https://sourceforge.net/p/pupnp/bugs/133/
	NOTE: Patch: https://sourceforge.net/p/pupnp/bugs/_discuss/thread/f2781a77/d8a2/attachment/0001-Fix-out-of-bound-access-in-create_url_list-CVE-2016-.patch
CVE-2016-8861
	RESERVED
CVE-2016-8857
	RESERVED
CVE-2016-8856 (Foxit Reader for Mac 2.1.0.0804 and earlier and Foxit Reader for Linux ...)
	NOT-FOR-US: Foxit
CVE-2016-8855 (Cross-Site Scripting (XSS) in &quot;/sitecore/client/Applications/List ...)
	NOT-FOR-US: Sitecore Experience Platform
CVE-2016-8854
	REJECTED
CVE-2016-8853
	REJECTED
CVE-2016-8852
	REJECTED
CVE-2016-8851
	REJECTED
CVE-2016-8850
	REJECTED
CVE-2016-8849
	REJECTED
CVE-2016-8848
	REJECTED
CVE-2016-8847
	REJECTED
CVE-2016-8846
	REJECTED
CVE-2016-8845
	REJECTED
CVE-2016-8844
	REJECTED
CVE-2016-8843
	REJECTED
CVE-2016-8842
	REJECTED
CVE-2016-8841
	REJECTED
CVE-2016-8840
	REJECTED
CVE-2016-8839
	REJECTED
CVE-2016-8838
	REJECTED
CVE-2016-8837
	REJECTED
CVE-2016-8836
	REJECTED
CVE-2016-8835
	REJECTED
CVE-2016-8834
	REJECTED
CVE-2016-8833
	REJECTED
CVE-2016-8832
	REJECTED
CVE-2016-8831
	REJECTED
CVE-2016-8830
	REJECTED
CVE-2016-8829
	REJECTED
CVE-2016-8828
	REJECTED
CVE-2016-8827 (NVIDIA GeForce Experience 3.x before GFE 3.1.0.52 contains a ...)
	NOT-FOR-US: NVIDIA GeForce Experience
CVE-2016-8826 (All versions of NVIDIA GPU Display Driver contain a vulnerability in ...)
	- nvidia-graphics-drivers 375.26-1 (bug #848195)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.101-1 (bug #848196)
	- nvidia-graphics-drivers-legacy-304xx 304.134-1 (bug #848197)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4278
CVE-2016-8825 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8824 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8823 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8822 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8821 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8820 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8819 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8818 (All versions of NVIDIA Windows GPU Display contain a vulnerability in ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8817 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8816 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8815 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8814 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8813 (All versions of NVIDIA Windows GPU Display Driver contain a ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8812 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA GeForce ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8811 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8810 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8809 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8808 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8807 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8806 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8805 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-8804
	RESERVED
CVE-2016-8803 (The maintenance module in Huawei FusionStorage V100R003C30U1 allows ...)
	NOT-FOR-US: Huawei
CVE-2016-8802 (The security policy processing module in Huawei Secospace USG6300 with ...)
	NOT-FOR-US: Huawei
CVE-2016-8801 (Huawei OceanStor 5600 V3 with V300R003C00C10 and earlier versions ...)
	NOT-FOR-US: Huawei
CVE-2016-8800
	REJECTED
CVE-2016-8799
	REJECTED
CVE-2016-8798 (Huawei USG5500 with software V300R001C00 and V300R001C00 allows ...)
	NOT-FOR-US: Huawei
CVE-2016-8797 (Huawei AR3200 with software V200R007C00, V200R005C32, V200R005C20; ...)
	NOT-FOR-US: Huawei
CVE-2016-8796 (Huawei USG9520 V300R001C01, USG9560 V300R001C01, and USG9580 ...)
	NOT-FOR-US: Huawei
CVE-2016-8795 (Huawei CloudEngine 12800 with software V100R002C00, V100R003C00, ...)
	NOT-FOR-US: Huawei
CVE-2016-8794 (Huawei Mate 8 phones with software Versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8793 (Huawei Mate 8 phones with software Versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8792 (Huawei Mate 8 phones with software Versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8791 (Huawei Mate 8 phones with software Versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8790 (Huawei CloudEngine 5800 with software before V200R001C00SPC700, ...)
	NOT-FOR-US: Huawei
CVE-2016-8789 (Huawei eSpace Integrated Access Device (IAD) with software ...)
	NOT-FOR-US: Huawei
CVE-2016-8788
	REJECTED
CVE-2016-8787
	REJECTED
CVE-2016-8786 (Huawei S12700 V200R005C00, V200R006C00, V200R007C00, V200R008C00, ...)
	NOT-FOR-US: Huawei
CVE-2016-8785 (Huawei S12700 V200R007C00, V200R008C00, S5700 V200R007C00, S7700 ...)
	NOT-FOR-US: Huawei
CVE-2016-8784 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, ...)
	NOT-FOR-US: Huawei
CVE-2016-8783 (Touchscreen drive in Huawei H60 (Honor 6) Versions earlier than ...)
	NOT-FOR-US: Huawei
CVE-2016-8782 (Huawei CloudEngine 12800 V100R003C00, V100R003C10, V100R005C00, ...)
	NOT-FOR-US: Huawei
CVE-2016-8781 (Huawei Secospace USG6300 with software V500R001C20 and ...)
	NOT-FOR-US: Huawei
CVE-2016-8780 (Huawei CloudEngine 6800 V100R006C00, CloudEngine 7800 V100R006C00, ...)
	NOT-FOR-US: Huawei
CVE-2016-8779 (Huawei FusionAccess with software V100R005C10 and V100R005C20 could ...)
	NOT-FOR-US: Huawei
CVE-2016-8778
	REJECTED
CVE-2016-8777
	REJECTED
CVE-2016-8776 (Huawei P9 phones with software ...)
	NOT-FOR-US: Huawei
CVE-2016-8775 (Touch Panel (TP) driver in Huawei NEM phones with software Versions ...)
	NOT-FOR-US: Huawei
CVE-2016-8774 (The HIFI driver in Huawei Mate 8 phones with software versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8773 (Huawei S5300 with software V200R003C00, V200R007C00, V200R008C00, ...)
	NOT-FOR-US: Huawei
CVE-2016-8772
	REJECTED
CVE-2016-8771
	REJECTED
CVE-2016-8770
	REJECTED
CVE-2016-8769 (Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted ...)
	NOT-FOR-US: Huawei
CVE-2016-8768 (Huawei Honor 6, Honor 6 Plus, Honor 7 phones with software versions ...)
	NOT-FOR-US: Huawei
CVE-2016-8767
	RESERVED
CVE-2016-8766
	REJECTED
CVE-2016-8765
	REJECTED
CVE-2016-8764 (The TrustZone driver in Huawei P9 phones with software Versions ...)
	NOT-FOR-US: Huawei
CVE-2016-8763 (The TrustZone driver in Huawei P9 phones with software Versions earlier ...)
	NOT-FOR-US: Huawei
CVE-2016-8762 (The TrustZone driver in Huawei P9 phones with software Versions earlier ...)
	NOT-FOR-US: Huawei
CVE-2016-8761 (Video driver in Huawei P9 phones with software versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8760 (Touchscreen driver in Huawei P9 phones with software versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8759 (Video driver in Huawei P9 phones with software versions before ...)
	NOT-FOR-US: Huawei
CVE-2016-8758 (ION memory management module in Huawei Mate8 phones with software ...)
	NOT-FOR-US: Huawei
CVE-2016-8757 (ION memory management module in Huawei P9 phones with software ...)
	NOT-FOR-US: Huawei
CVE-2016-8756 (ION memory management module in Huawei Mate 8 phones with software ...)
	NOT-FOR-US: Huawei
CVE-2016-8755
	REJECTED
CVE-2016-8754 (Huawei OceanStor 5600 V3 V300R003C00 has a hardcoded SSH key ...)
	NOT-FOR-US: Huawei
CVE-2016-8753
	REJECTED
CVE-2016-8752 (Apache Atlas versions 0.6.0 (incubating), 0.7.0 (incubating), and ...)
	NOT-FOR-US: Apache Atlas
CVE-2016-8751 (Apache Ranger before 0.6.is vulnerable to a Stored Cross-Site ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-8750 (Apache Karaf prior to 4.0.8 used the LDAPLoginModule to authenticate ...)
	- apache-karaf <itp> (bug #881297)
CVE-2016-8749 (Apache Camel's Jackson and JacksonXML unmarshalling operation are ...)
	NOT-FOR-US: Apache Camel
CVE-2016-8748 (In Apache NiFi before 1.0.1 and 1.1.x before 1.1.1, there is a ...)
	NOT-FOR-US: Apache NiFi
CVE-2016-8747 (An information disclosure issue was discovered in Apache Tomcat 8.5.7 ...)
	- tomcat8 8.5.9-1
	[jessie] - tomcat8 <not-affected> (Only affects 8.5.7 to 8.5.9)
	NOTE: http://svn.apache.org/r1774166
CVE-2016-8746 (Apache Ranger before 0.6.3 policy engine incorrectly matches paths in ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-8745 (A bug in the error handling of the send file code for the NIO HTTP ...)
	{DSA-3755-1 DSA-3754-1 DLA-779-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.5.9-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=60409
	NOTE: Fixed by: http://svn.apache.org/r1777469 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1777471 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1777472 (6.0.x)
CVE-2016-8744 (Apache Brooklyn uses the SnakeYAML library for parsing YAML inputs. ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2016-8743 (Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was ...)
	{DSA-3796-1 DLA-841-2 DLA-841-1}
	- apache2 2.4.25-1
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: https://httpd.apache.org/security/vulnerabilities_24.html
	NOTE: The fix is not fully backwards compatible so upstream have
	NOTE: created a new option to control this behaviour. This means that
	NOTE: if this is fixed the security advisory need to mention this.
	NOTE: The fix is invasive and should require some extra testing before reaching
	NOTE: stable and old-stable.
	NOTE: Affects: 2.2.0 to 2.4.23.
	NOTE: Fixed in 2.4.25.
	NOTE: For 2.2 preparation is done in http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x-merge-http-strict/
CVE-2016-8742 (The Windows installer that the Apache CouchDB team provides was ...)
	NOT-FOR-US: Windows installer for Apache CouchDB
CVE-2016-8741 (The Apache Qpid Broker for Java can be configured to use different so ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-8740 (The mod_http2 module in the Apache HTTP Server 2.4.17 through 2.4.23, ...)
	- apache2 2.4.25-1 (bug #847124)
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
CVE-2016-8739 (The JAX-RS module in Apache CXF prior to 3.0.12 and 3.1.x prior to ...)
	NOT-FOR-US: Apache CXF
CVE-2016-8738 (In Apache Struts 2.5 through 2.5.5, if an application allows entering ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
	NOTE: https://struts.apache.org/docs/s2-044.html
CVE-2016-8737 (In Apache Brooklyn before 0.10.0, the REST server is vulnerable to ...)
	NOT-FOR-US: Apache Brooklyn
CVE-2016-8736 (Apache Openmeetings before 3.1.2 is vulnerable to Remote Code ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-8735 (Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.39-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: Fixed by: http://svn.apache.org/r1767656 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767676 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767684 (6.0.x)
CVE-2016-8734 (Subversion's mod_dontdothat module and HTTP clients 1.4.0 through ...)
	- subversion 1.9.5-1 (low)
	[jessie] - subversion 1.8.10-6+deb8u5
	[wheezy] - subversion <no-dsa> (Minor issue, binary packages not affected since built against Neon as HTTP library)
	NOTE: Above wheezy entry workarounded; binary packages not affected (since in wheezy build against Neon as HTTP
	NOTE: library), though source is. (unimporant) for individual lines is not supported, thus workaround by marking
	NOTE: as no-dsa.
	NOTE: https://subversion.apache.org/security/CVE-2016-8734-advisory.txt
CVE-2016-8733 (An exploitable integer overflow exists in the Joyent SmartOS ...)
	NOT-FOR-US: Joyent SmartOS
CVE-2016-8732 (Multiple security flaws exists in InvProtectDrv.sys which is a part of ...)
	NOT-FOR-US: Invincea Dell Protected Workspace
CVE-2016-8731 (Hard-coded FTP credentials (r:r) are included in the Foscam C1 running ...)
	NOT-FOR-US: Foscam C1
CVE-2016-8730 (An of bound write / memory corruption vulnerability exists in the GIF ...)
	NOT-FOR-US: Core PHOTO-PAINT X8
CVE-2016-8729 (An exploitable memory corruption vulnerability exists in the JBIG2 ...)
	{DSA-3817-1 DLA-874-1}
	- jbig2dec 0.13-4 (bug #863886)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0243
	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=698438
	NOTE: http://git.ghostscript.com/?p=jbig2dec.git;h=e698d5c11d27212aa1098bc5b1673a3378563092
CVE-2016-8728 (An exploitable heap out of bounds write vulnerability exists in the ...)
	- mupdf <not-affected> (Vulnerable code introduced in 1.10, cf. #863545)
	NOTE: https://www.talosintelligence.com/vulnerability_reports/TALOS-2016-0242%20
CVE-2016-8727 (An exploitable information disclosure vulnerability exists in the Web ...)
	NOT-FOR-US: Moxa
CVE-2016-8726 (An exploitable null pointer dereference vulnerability exists in the ...)
	NOT-FOR-US: Moxa
CVE-2016-8725 (An exploitable information disclosure vulnerability exists in the Web ...)
	NOT-FOR-US: Moxa
CVE-2016-8724 (An exploitable information disclosure vulnerability exists in the ...)
	NOT-FOR-US: Moxa
CVE-2016-8723 (An exploitable null pointer dereference exists in the Web Application ...)
	NOT-FOR-US: Moxa
CVE-2016-8722 (An exploitable Information Disclosure vulnerability exists in the Web ...)
	NOT-FOR-US: Moxa
CVE-2016-8721 (An exploitable OS Command Injection vulnerability exists in the web ...)
	NOT-FOR-US: Moxa
CVE-2016-8720 (An exploitable HTTP Header Injection vulnerability exists in the Web ...)
	NOT-FOR-US: Moxa
CVE-2016-8719 (An exploitable reflected Cross-Site Scripting vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2016-8718 (An exploitable Cross-Site Request Forgery vulnerability exists in the ...)
	NOT-FOR-US: Moxa
CVE-2016-8717 (An exploitable Use of Hard-coded Credentials vulnerability exists in ...)
	NOT-FOR-US: Moxa
CVE-2016-8716 (An exploitable Cleartext Transmission of Password vulnerability exists ...)
	NOT-FOR-US: Moxa
CVE-2016-8715 (An exploitable heap corruption vulnerability exists in the loadTrailer ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8714 (An exploitable buffer overflow vulnerability exists in the ...)
	{DSA-3813-1 DLA-861-1}
	- r-base 3.3.3-1 (bug #857466)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0227/
CVE-2016-8713 (A remote out of bound write / memory corruption vulnerability exists ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8712 (An exploitable nonce reuse vulnerability exists in the Web Application ...)
	NOT-FOR-US: Moxa
CVE-2016-8711 (A potential remote code execution vulnerability exists in the PDF ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8710 (An exploitable heap write out of bounds vulnerability exists in the ...)
	- ffmpeg <not-affected> (Vulnerable code wasn't part of ffmpeg according to upstream)
	NOTE: The libbpg library is not packaged in Debian but seem embedded in ffmpeg
	NOTE: http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0223/
CVE-2016-8709 (A remote out of bound write / memory corruption vulnerability exists ...)
	NOT-FOR-US: Nitro Pro
CVE-2016-8708
	REJECTED
CVE-2016-8707 (An exploitable out of bounds write exists in the handling of ...)
	{DSA-3799-1 DLA-756-1}
	- imagemagick 8:6.9.7.0+dfsg-2 (bug #848139)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0216/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5fd9ab1b70b2edd06de8efb606e04482cb9a2f0 (7.0.3-9)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/fde5f55af94f189f16958535a9c22b439d71ac93 (6.9.6-7)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/e5dc6d628a1c6049dc95adcea5e49aaa7ef2c778 (6.9.6-7)
CVE-2016-8706 (An integer overflow in process_bin_sasl_auth function in Memcached, ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842814)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0221/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8705 (Multiple integer overflows in process_bin_update function in ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842812)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0220/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-8704 (An integer overflow in the process_bin_append_prepend function in ...)
	{DSA-3704-1 DLA-701-1}
	- memcached 1.4.33-1 (bug #842811)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0219/
	NOTE: upstream fix https://github.com/memcached/memcached/commit/bd578fc34b96abe0f8d99c1409814a09f51ee71c
CVE-2016-1000036
	RESERVED
CVE-2016-1000035
	RESERVED
CVE-2016-1000034
	RESERVED
CVE-2016-1000032 (TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a ...)
	NOT-FOR-US: TGCaptcha2
CVE-2016-8910 (The rtl8139_cplus_transmit function in hw/net/rtl8139.c in QEMU (aka ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #841955)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg05495.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/2
CVE-2016-8909 (The intel_hda_xfer function in hw/audio/intel-hda.c in QEMU (aka Quick ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #841950)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg04717.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/1
CVE-2016-XXXX [Privilege escalation possible to other user than root]
	- bash <unfixed> (unimportant; bug #841856)
	NOTE: This is strongly related to the problem described in CVE-2016-7543 and the correction
	NOTE: is very similar.
	NOTE: https://lists.gnu.org/archive/html/bug-bash/2015-12/msg00112.html
CVE-2016-10249 (Integer overflow in the jpc_dec_tiledecode function in jpc_dec.c in ...)
	{DSA-3827-1 DLA-739-1}
	- jasper <removed>
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/988f8365f7d8ad8073b6786e433d34c553ecf568 (version-1.900.12)
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-heap-based-buffer-overflow-in-jpc_dec_tiledecode-jpc_dec-c/
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00001-jasper-heapoverflow-jpc_dec_tiledecode
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/23/7
CVE-2016-10250 (The jp2_colr_destroy function in jp2_cod.c in JasPer before 1.900.13 ...)
	- jasper <not-affected> (Incomplete fix for CVE-206-8887 not applied)
	NOTE: Reproducer: https://github.com/asarubbo/poc/blob/master/00002-jasper-NULLptr-jp2_colr_destroy
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
CVE-2016-8887 (The jp2_colr_destroy function in libjasper/jp2/jp2_cod.c in JasPer ...)
	{DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/e24bdc716c3327b067c551bc6cfb97fd2370358d (version-1.900.10)
	NOTE: When fixing this issue look at the followup report
	NOTE: https://blogs.gentoo.org/ago/2016/10/23/jasper-null-pointer-dereference-in-jp2_colr_destroy-jp2_cod-c-incomplete-fix-for-cve-2016-8887
	NOTE: and include the fix to not make jasper vulnerable to the incomplete fix.
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8886 (The jas_malloc function in libjasper/base/jas_malloc.c in JasPer ...)
	- jasper <removed> (low)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-memory-allocation-failure-in-jas_malloc-jas_malloc-c
CVE-2016-XXXX [sendmail: Privilege escalation from group smmsp to root]
	- sendmail 8.15.2-7 (bug #841257)
	[jessie] - sendmail 8.14.4-8+deb8u2
	[wheezy] - sendmail <no-dsa> (Minor issue)
	NOTE: no unprivileged user should be in smmsp group and there is no known vulnerability to gain smmsp group membership
CVE-2016-8885 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...)
	- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8884 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer 1.900.5 ...)
	- jasper <not-affected> (Incomplete fix for CVE-2016-8690 not applied)
	NOTE: https://blogs.gentoo.org/ago/2016/10/18/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c-incomplete-fix-for-cve-2016-8690
CVE-2016-8883 (The jpc_dec_tiledecode function in jpc_dec.c in JasPer before 1.900.8 ...)
	{DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/32
	NOTE: https://github.com/mdadams/jasper/commit/33cc2cfa51a8d0fc3116d16cc1d8fc581b3f9e8d
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8882 (The jpc_dec_tilefini function in libjasper/jpc/jpc_dec.c in JasPer ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant)
	NOTE: https://github.com/mdadams/jasper/issues/30
	NOTE: https://github.com/mdadams/jasper/commit/69a1439a5381e42b06ec6a06ed2675eb793babee (version-1.900.8)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8881
	REJECTED
CVE-2016-8880
	REJECTED
CVE-2016-8866 (The AcquireMagickMemory function in MagickCore/memory.c in ...)
	{DLA-756-1}
	- imagemagick <not-affected>
	NOTE: For incomplete fix of CVE-2016-8862
	NOTE: https://blogs.gentoo.org/ago/2016/10/20/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c-incomplete-fix-for-cve-2016-8862/
	NOTE: This is not a real problem in imagemagick but caused by the "observer" (the address sanitizer), cf.
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255 .
CVE-2016-8859 (Multiple integer overflows in the TRE library and musl libc allow ...)
	{DLA-687-1}
	- tre 0.8.0-5 (bug #842169)
	[jessie] - tre 0.8.0-4+deb8u1
	- musl 1.1.15-2 (bug #842171)
	[jessie] - musl 1.1.5-2+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/19/1
	NOTE: other issues may still be present in tre after this: https://github.com/laurikari/tre/issues/37
	NOTE: musl patch: http://git.musl-libc.org/cgit/musl/commit/?id=c3edc06d1e1360f3570db9155d6b318ae0d0f0f7, not released yet
CVE-2016-8858 (** DISPUTED ** The kex_input_kexinit function in kex.c in OpenSSH 6.x ...)
	- openssh 1:7.3p1-2 (bug #841884)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c?rev=1.127&content-type=text/x-cvsweb-markup
	NOTE: Only thing the attacker could do here is self-dos own connection
CVE-2016-8862 (The AcquireMagickMemory function in MagickCore/memory.c in ImageMagick ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.6+dfsg-1 (bug #845634)
	NOTE: https://blogs.gentoo.org/ago/2016/10/17/imagemagick-memory-allocation-failure-in-acquiremagickmemory-memory-c/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/aea6c6507f55632829e6432f8177a084a57c9fcc
	NOTE: The initial patch was initiall meant to be incomplete and resulted in CVE-2016-8866. So when fixing
	NOTE: this CVE make sure to fix it completely to not open up CVE-2016-8866.
	NOTE: The "incomplete fix" though is not a real problem, cf. https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30908#p140255
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/17/4
CVE-2016-8860 (Tor before 0.2.8.9 and 0.2.9.x before 0.2.9.4-alpha had internal ...)
	{DSA-3694-1 DLA-663-1}
	- tor 0.2.8.9-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/20384
	NOTE: https://blog.torproject.org/blog/tor-0289-released-important-fixes
	NOTE: https://gitweb.torproject.org/tor.git/commit/?id=3cea86eb2fbb65949673eb4ba8ebb695c87a57ce
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/11
CVE-2016-9138 (PHP through 5.6.27 and 7.x through 7.0.12 mishandles property ...)
	{DSA-3732-1}
	- php7.0 7.0.12-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/01/7
CVE-2016-9137 (Use-after-free vulnerability in the CURLFile implementation in ...)
	{DSA-3698-1}
	- php7.0 7.0.12-1
	- php5 <removed>
	[wheezy] - php5 <not-affected> (Vulnerable code not present in version 5.4.45)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73147
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0e6fe3a4c96be2d3e88389a5776f878021b4c59f
	NOTE: NOTE: Fixed in 7.0.12, 5.6.27
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/18/1
CVE-2016-8673 (Cross-site request forgery (CSRF) vulnerability in the integrated web ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8672 (The integrated web server on Siemens SIMATIC CP 343-1 Advanced prior to ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2005-4900 (SHA-1 is not collision resistant, which makes it easier for ...)
	NOT-FOR-US: Generic protocol issue
CVE-2005-4899
	RESERVED
CVE-2005-4898
	RESERVED
CVE-2005-4897
	RESERVED
CVE-2005-4896
	RESERVED
CVE-2016-6911 (The dynamicGetbuf function in the GD Graphics Library (aka libgd) ...)
	{DSA-3693-1 DLA-665-1}
	- libgd2 2.2.3-87-gd0fec80-2 (bug #840806)
	NOTE: Corresponds to the 0020-Fix-invalid-read-in-gdImageCreateFromTiffPtr.patch patch
	NOTE: https://github.com/libgd/libgd/commit/4859d69e07504d4b0a4bdf9bcb4d9e3769ca35ae
CVE-2016-8703 (Heap-based buffer overflow in the bm_readbody_bmp function in ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8702 (Heap-based buffer overflow in the bm_readbody_bmp function in ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8701 (Heap-based buffer overflow in the bm_readbody_bmp function in ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8700 (Heap-based buffer overflow in the bm_readbody_bmp function in ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8699 (Heap-based buffer overflow in the bm_readbody_bmp function in ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8698 (Heap-based buffer overflow in the bm_readbody_bmp function in ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiplesix-heap-based-buffer-overflow-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8697 (The bm_new function in bitmap.h in potrace before 1.13 allows remote ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-divide-by-zero-in-bm_new-bitmap-h/
CVE-2016-8696 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8695 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8694 (The bm_readbody_bmp function in bitmap_io.c in potrace before 1.13 ...)
	{DLA-675-1}
	- potrace 1.13-1
	[jessie] - potrace 1.12-1+deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/08/potrace-multiple-three-null-pointer-dereference-in-bm_readbody_bmp-bitmap_io-c/
CVE-2016-8693 (Double free vulnerability in the mem_close function in jas_stream.c in ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (bug #841110)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-double-free-in-mem_close-jas_stream-c/
	NOTE: https://github.com/mdadams/jasper/commit/44a524e367597af58d6265ae2014468b334d0309
CVE-2016-8692 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant; bug #841111)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8691 (The jpc_dec_process_siz function in libjasper/jpc/jpc_dec.c in JasPer ...)
	{DSA-3785-1 DLA-739-1}
	- jasper <removed> (unimportant; bug #841111)
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-divide-by-zero-in-jpc_dec_process_siz-jpc_dec-c/
	NOTE: Fixed by: https://github.com/mdadams/jasper/commit/d8c2604cd438c41ec72aff52c16ebd8183068020 (version-1.900.4)
	NOTE: Not suitable for code injection, hardly denial of service
CVE-2016-8690 (The bmp_getdata function in libjasper/bmp/bmp_dec.c in JasPer before ...)
	- jasper <removed> (low; bug #841112)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	NOTE: CVE ID for the first and fifth items of http://www.openwall.com/lists/oss-security/2016/08/23/6 post
	NOTE: https://blogs.gentoo.org/ago/2016/10/16/jasper-two-null-pointer-dereference-in-bmp_getdata-bmp_dec-c/
	NOTE: The original fix is incomplete resulting in two follow ups CVE-2016-8884 and
	NOTE: CVE-2016-8885.
CVE-2016-8689 (The read_Header function in archive_read_support_format_7zip.c in ...)
	{DLA-661-1}
	- libarchive 3.2.1-5 (bug #840934)
	[jessie] - libarchive <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-read_header-archive_read_support_format_7zip-c/
	NOTE: https://github.com/libarchive/libarchive/issues/761
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/7f17c791dcfd8c0416e2cd2485b19410e47ef126
CVE-2016-8688 (The mtree bidder in libarchive 3.2.1 does not keep track of line sizes ...)
	{DLA-661-1}
	- libarchive 3.2.1-5 (bug #840935)
	[jessie] - libarchive <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-detect_form-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-memory-corruptionunknown-crash-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-heap-based-buffer-overflow-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-bid_entry-archive_read_support_format_mtree-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-use-after-free-in-detect_form-archive_read_support_format_mtree-c/
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/eec077f52bfa2d3f7103b4b74d52572ba8a15aca
CVE-2016-8687 (Stack-based buffer overflow in the safe_fprintf function in tar/util.c ...)
	{DLA-661-1}
	- libarchive 3.2.1-5 (bug #840936)
	[jessie] - libarchive <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://blogs.gentoo.org/ago/2016/09/11/libarchive-bsdtar-stack-based-buffer-overflow-in-bsdtar_expand_char-util-c/
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e37b620fe8f14535d737e89a4dcabaed4517bf1a
	NOTE: https://github.com/libarchive/libarchive/issues/767
CVE-2016-8678 (The IsPixelMonochrome function in MagickCore/pixel-accessor.h in ...)
	- imagemagick <unfixed> (unimportant; bug #845204)
	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-heap-based-buffer-overflow-in-ispixelmonochrome-pixel-accessor-h/
	NOTE: unimportant: Only an issue with a QuantumDepth=64 build, thus not affecting the binary packages
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/272
CVE-2016-8677 (The AcquireQuantumPixels function in MagickCore/quantum.c in ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-1 (bug #845206)
	NOTE: https://blogs.gentoo.org/ago/2016/10/07/imagemagick-memory-allocate-failure-in-acquirequantumpixels-quantum-c/
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/6e48aa92ff4e6e95424300ecd52a9ea453c19c60
CVE-2016-8676 (The get_vlc2 function in get_bits.h in Libav 11.9 allows remote ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
CVE-2016-8675 (The get_vlc2 function in get_bits.h in Libav before 11.9 allows remote ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/libav-null-pointer-dereference-in-get_vlc2_get_bits_h/
	NOTE: Fixed by: https://github.com/libav/libav/commit/e5b019725f53b79159931d3a7317107cbbfd0860
	NOTE: Cf. CVE-2016-8676 as well which remain unfixed after e5b019725f53b79159931d3a7317107cbbfd0860
CVE-2016-8674 (The pdf_to_num function in pdf-object.c in MuPDF before 1.10 allows ...)
	{DSA-3797-1}
	- mupdf 1.9a+ds1-2 (bug #840957)
	[wheezy] - mupdf <not-affected> (Crash is not reproducible with reprocuder. Needs clarification from upstream.)
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=1e03c06456d997435019fb3526fa2d4be7dbc6ec
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697015
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697019
CVE-2016-8670 (Integer signedness error in the dynamicGetbuf function in gd_io_dp.c ...)
	{DSA-3693-1 DLA-665-1}
	- libgd2 2.2.3-87-gd0fec80-1 (bug #840805)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73280
	NOTE: https://github.com/libgd/libgd/commit/53110871935244816bbb9d131da0bccff734bfe9
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/15/1
CVE-2016-8671 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not ...)
	- matrixssl <not-affected> (Incomplete fix for CVE-2016-6887 not applied)
	NOTE: https://blog.fuzzing-project.org/54-Update-on-MatrixSSL-miscalculation-incomplete-fix-for-CVE-2016-6887.html
CVE-2016-8669 (The serial_update_parameters function in hw/char/serial.c in QEMU (aka ...)
	{DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840945)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02461.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384909
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3592fe0c919cf27a81d8e9f9b4f269553418bb01
CVE-2016-8668 (The rocker_io_writel function in hw/net/rocker/rocker.c in QEMU (aka ...)
	- qemu 1:2.8+dfsg-1 (bug #840948)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.4.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02501.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384896
CVE-2016-8667 (The rc4030_write function in hw/dma/rc4030.c in QEMU (aka Quick ...)
	- qemu 1:2.8+dfsg-4 (bug #840950)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Code only affects mips platform)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg02577.html
CVE-2016-8665
	REJECTED
CVE-2016-8664
	REJECTED
CVE-2016-8663
	REJECTED
CVE-2016-8662
	REJECTED
CVE-2016-8661 (Little Snitch version 3.0 through 3.6.1 suffer from a buffer overflow ...)
	NOT-FOR-US: Little Snitch
CVE-2016-8657
	RESERVED
	NOT-FOR-US: Red Hat JBoss; jbossas Red Hat configuration file permissions and init script
CVE-2016-8656
	RESERVED
	NOT-FOR-US: Red Hat JBoss; jbossas init script
CVE-2016-8655 (Race condition in net/packet/af_packet.c in the Linux kernel through ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: http://seclists.org/oss-sec/2016/q4/607
	NOTE: Introduced by: https://git.kernel.org/linus/f6fb8f100b807378fda19e83e5ac6828b638603a (v3.2-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/84ac7260236a49c79eede91617700174c2c19b0c (v4.9-rc8)
	NOTE: Non-privileged user namespaces disabled by default, only exploitable by arbitrary user if sysctl kernel.unprivileged_userns_clone=1
CVE-2016-8654 [Heap-based buffer overflow in QMFB code in JPC codec]
	RESERVED
	{DSA-3785-1 DLA-739-1}
	- jasper <removed>
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/93
	NOTE: Upstream bug: https://github.com/mdadams/jasper/issues/94
	NOTE: https://github.com/mdadams/jasper/commit/4a59cfaf9ab3d48fca4a15c0d2674bf7138e3d1a
CVE-2016-8653
	RESERVED
	NOT-FOR-US: JMX endpoint of Red Hat JBoss Fuse 6 and Red Hat A-MQ 6
CVE-2016-8652 (The auth component in Dovecot before 2.2.27, when auth-policy is ...)
	- dovecot 1:2.2.27-1 (bug #846605)
	[jessie] - dovecot <not-affected> (Only affects 2.2.25 up and including 2.2.26.1)
	[wheezy] - dovecot <not-affected> (Only affects 2.2.25 up and including 2.2.26.1)
CVE-2016-8651
	RESERVED
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-8650 (The mpi_powm function in lib/mpi/mpi-pow.c in the Linux kernel through ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: http://seclists.org/fulldisclosure/2016/Nov/76
	NOTE: Proposed fix: https://lkml.org/lkml/2016/11/23/477
	NOTE: Fixed by: https://git.kernel.org/linus/f5527fffff3f002b0a6b376163613b82f69de073
	NOTE: Introduced by https://git.kernel.org/linus/cdec9cb5167ab1113ba9c58e395f664d9d3f9acb (v3.3-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343162 (not yet opened)
CVE-2016-8649 (lxc-attach in LXC before 1.0.9 and 2.x before 2.0.6 allows an attacker ...)
	- lxc 1:2.0.6-1 (bug #845465)
	[jessie] - lxc 1:1.0.6-6+deb8u5
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/lxc/lxc/commit/81f466d05f2a89cb4f122ef7f593ff3f279b165c
	NOTE: Details: https://launchpad.net/bugs/1639345
	NOTE: To be complete this needs as well changes to src:linux
CVE-2016-8648
	RESERVED
	NOT-FOR-US: Karaf container uses by Red Hat products
CVE-2016-8647 [in some circumstances the mysql_user module may fail to correctly change a password]
	RESERVED
	- ansible 2.2.0.0-4 (bug #844691)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5388
CVE-2016-8646 (The hash_accept function in crypto/algif_hash.c in the Linux kernel ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: https://lkml.org/lkml/2016/10/12/198
	NOTE: Fixed by: https://git.kernel.org/linus/4afa5f9617927453ac04b24b584f6c718dfb4f45 (v4.4-rc2)
CVE-2016-8645 (The TCP stack in the Linux kernel before 4.8.10 mishandles skb ...)
	{DLA-772-1}
	- linux 4.8.11-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/ac6e780070e30e4c35bd395acfe9191e6268bdd3 (v4.9-rc6)
CVE-2016-8644 (In Moodle 2.x and 3.x, the capability to view course notes is checked ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343277
CVE-2016-8643 (In Moodle 2.x and 3.x, non-admin site managers may accidentally edit ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343276
CVE-2016-8642 (In Moodle 2.x and 3.x, the question engine allows access to files that ...)
	- moodle 2.7.17+dfsg-1
	NOTE: https://moodle.org/mod/forum/discuss.php?d=343275
CVE-2016-10089 (Nagios 4.3.2 and earlier allows local users to gain root privileges ...)
	- nagios3 <not-affected> (Vulnerable code not present)
	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8641
	RESERVED
	- nagios3 <not-affected> (Vulnerable code not present)
	NOTE: Flaw in upstream damon-init.in. Debian package installs an own init-skript.
CVE-2016-8640
	RESERVED
	- pycsw 2.0.2+dfsg-1
	NOTE: https://github.com/geopython/pycsw/pull/474/files
	NOTE: https://patch-diff.githubusercontent.com/raw/geopython/pycsw/pull/474.patch
CVE-2016-8639
	RESERVED
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/15037
	NOTE: https://github.com/theforeman/foreman/pull/3523
CVE-2016-8638 (A vulnerability in ipsilon 2.0 before 2.0.2, 1.2 before 1.2.1, 1.1 ...)
	- ipsilon <itp> (bug #826838)
	NOTE: https://ipsilon-project.org/advisory/CVE-2016-8638.txt
	NOTE: https://pagure.io/ipsilon/c/511fa8b7001c2f9a42301aa1d4b85aaf170a461c
CVE-2016-8637 [dracut creates world readble initramfs when early cpio is used]
	RESERVED
	- dracut 044+189-1 (low; bug #843697)
	[jessie] - dracut <no-dsa> (Minor issue)
	[wheezy] - dracut <not-affected> (Introduced in 030 upstream)
	NOTE: Fixed by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=0db98910a11c12a454eac4c8e86dc7a7bbc764a4
	NOTE: Introduced by: http://git.kernel.org/cgit/boot/dracut/dracut.git/commit/?id=5f2c30d9bcd614d546d5c55c6897e33f88b9ab90 (030)
CVE-2016-8636 (Integer overflow in the mem_check_range function in ...)
	- linux 4.9.10-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fix https://github.com/torvalds/linux/commit/647bf3d8a8e5777319da92af672289b2a6c4dc66
CVE-2016-8635 [small-subgroups attack flaw]
	RESERVED
	- nss 2:3.25-1
	NOTE: Patch as applied in CentOS (but contains other changes):
	NOTE: https://git.centos.org/blob/rpms!nss!/aada6b10b73091276397404059605d13e7548462/SOURCES!moz-1314604.patch
	NOTE: Further info: https://bugzilla.redhat.com/show_bug.cgi?id=1391818
	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1314604
CVE-2016-8634
	RESERVED
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/17195
CVE-2016-8633 (drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain ...)
	{DLA-772-1}
	- linux 4.8.7-1
	[jessie] - linux 3.16.39-1
	NOTE: https://git.kernel.org/linus/667121ace9dbafb368618dbabcf07901c962ddac
	NOTE: https://eyalitkin.wordpress.com/2016/11/06/cve-publication-cve-2016-8633/
CVE-2016-8632 (The tipc_msg_build function in net/tipc/msg.c in the Linux kernel ...)
	- linux 4.8.15-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.17-rc1)
	NOTE: https://www.mail-archive.com/netdev@vger.kernel.org/msg133205.html
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3de81b758853f0b29c61e246679d20b513c4cfec (v4.9-rc8)
CVE-2016-8631
	RESERVED
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-8630 (The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux ...)
	- linux 4.8.7-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/d9092f52d7e61dd1557f2db2400ddb430e85937e (v4.9-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
CVE-2016-8629 (Red Hat Keycloak before version 2.4.0 did not correctly check ...)
	NOT-FOR-US: Keycloak
CVE-2016-8628
	RESERVED
	- ansible 2.2.0.0-1 (bug #842985)
	[jessie] - ansible <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: Fixed upstream in v2.2.0.0-1
	NOTE: Needs an attacker to compromise a controlled server.
CVE-2016-8627 (admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-8626 [RGW Denial of Service by sending POST object with null conditions]
	RESERVED
	- ceph 10.2.5-1 (bug #844200)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/17635
CVE-2016-8625
	RESERVED
	- curl 7.51.0-1
	[jessie] - curl <no-dsa> (the fix is too invasive)
	[wheezy] - curl <no-dsa> (the fix is too invasive)
	NOTE: https://github.com/curl/curl/commit/9c91ec778104ae3b744b39444d544e82d5ee9ece
	NOTE: https://curl.haxx.se/docs/adv_20161102K.html
	NOTE: https://curl.haxx.se/CVE-2016-8625.patch
CVE-2016-8624
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/3bb273db7e40ebc284cff45f3ce3f0475c8339c2
	NOTE: https://curl.haxx.se/docs/adv_20161102J.html
	NOTE: https://curl.haxx.se/CVE-2016-8624.patch
CVE-2016-8623
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/c5be3d7267c725dbd093ff3a883e07ee8cf2a1d5
	NOTE: https://curl.haxx.se/docs/adv_20161102I.html
	NOTE: https://curl.haxx.se/CVE-2016-8623.patch
CVE-2016-8622
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/53e71e47d6b81650d26ec33a58d0dca24c7ffb2c
	NOTE: https://curl.haxx.se/docs/adv_20161102H.html
	NOTE: https://curl.haxx.se/CVE-2016-8622.patch
CVE-2016-8621
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/96a80b5a262fb6dd2ddcea7987296f3b9a405618
	NOTE: https://curl.haxx.se/docs/adv_20161102G.html
	NOTE: https://curl.haxx.se/CVE-2016-8621.patch
CVE-2016-8620
	RESERVED
	{DSA-3705-1}
	- curl 7.51.0-1
	[wheezy] - curl <not-affected> (Vulnerable code introduced in 7.34.0)
	NOTE: https://github.com/curl/curl/commit/fbb5f1aa0326d485d5a7ac643b48481897ca667f
	NOTE: https://curl.haxx.se/docs/adv_20161102F.html
	NOTE: https://curl.haxx.se/CVE-2016-8620.patch
CVE-2016-8619
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/3d6460edeee21d7d790ec570d0887bed1f4366dd
	NOTE: https://curl.haxx.se/docs/adv_20161102E.html
	NOTE: https://curl.haxx.se/CVE-2016-8619.patch
CVE-2016-8618
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/8732ec40db652c53fa58cd13e2acb8eab6e40874
	NOTE: https://curl.haxx.se/docs/adv_20161102D.html
	NOTE: https://curl.haxx.se/CVE-2016-8618.patch
CVE-2016-8617
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/efd24d57426bd77c9b5860e6b297904703750412
	NOTE: https://curl.haxx.se/docs/adv_20161102C.html
	NOTE: https://curl.haxx.se/CVE-2016-8617.patch
CVE-2016-8616
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/b3ee26c5df75d97f6895e6ec4538894ebaf76e48
	NOTE: https://curl.haxx.se/docs/adv_20161102B.html
	NOTE: https://curl.haxx.se/CVE-2016-8616.patch
CVE-2016-8615
	RESERVED
	{DSA-3705-1 DLA-711-1}
	- curl 7.51.0-1
	NOTE: https://github.com/curl/curl/commit/cff89bc088b7884098ea0c5378bbda3d49c437bc
	NOTE: https://curl.haxx.se/docs/adv_20161102A.html
	NOTE: https://curl.haxx.se/CVE-2016-8615.patch
CVE-2016-8614
	RESERVED
	- ansible 2.2.0.0-1 (bug #842984)
	[jessie] - ansible <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: Fixed upstream in v2.2.0.0-1
	NOTE: https://github.com/ansible/ansible-modules-core/issues/5237
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5353
	NOTE: https://github.com/ansible/ansible-modules-core/pull/5357
CVE-2016-8613
	RESERVED
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/17066/
	NOTE: https://github.com/theforeman/foreman_remote_execution/pull/208
CVE-2016-8612 (Apache HTTP Server mod_cluster before version httpd 2.4.23 is ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-8611 [Glance Image service v1 and v2 api image-create vulnerability]
	RESERVED
	- glance <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/27/16
CVE-2016-8610 (A denial of service flaw was found in OpenSSL 0.9.8, 1.0.1, 1.0.2 ...)
	{DSA-3773-1 DLA-814-1}
	- openssl 1.0.2j-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/24/3
	NOTE: Fixed by: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=af58be768ebb690f78530f796e92b8ae5c9a4401
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1384743 mentions countermeasures in gnutls
	NOTE: https://gitlab.com/gnutls/gnutls/commit/1ffb827e45721ef56982d0ffd5c5de52376c428e
CVE-2016-8609
	RESERVED
	NOT-FOR-US: Keycloak
CVE-2016-8608
	RESERVED
	NOT-FOR-US: JBoss BPMS
CVE-2016-8607
	RESERVED
CVE-2016-8604
	RESERVED
CVE-2016-8603
	RESERVED
CVE-2016-8600 (In dotCMS 3.2.1, attacker can load captcha once, fill it with correct ...)
	NOT-FOR-US: dotCMS
CVE-2016-8599
	RESERVED
CVE-2016-8598 (Buffer overflow in the zmq interface in csp_if_zmqhub.c in the libcsp ...)
	- libcsp <unfixed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8597 (Buffer overflow in the csp_sfp_recv_fp in csp_sfp.c in the libcsp ...)
	- libcsp <unfixed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8596 (Buffer overflow in the csp_can_process_frame in csp_if_can.c in the ...)
	- libcsp <unfixed> (bug #843012)
	NOTE: https://github.com/GomSpace/libcsp/pull/81/commits/4435fbed4090ff3cd090a61517430fe8a3924cd8
CVE-2016-8595 (The gsm_parse function in libavcodec/gsm_parser.c in FFmpeg before ...)
	- ffmpeg 7:3.1.5-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/08/2
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/987690799dd86433bf98b897aaa4c8d93ade646d
CVE-2016-8594
	RESERVED
CVE-2016-8666 (The IP stack in the Linux kernel before 4.6 allows remote attackers to ...)
	- linux 4.6.1-1
	[jessie] - linux 3.6.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/fac8e0f579695a3ecbc4d3cac369139d7f819971
	NOTE: Introduced by: htttps://git.kernel.org/linus/bf5a755f5e9186406bbf50f4087100af5bd68e40
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/13/11
CVE-2016-8660 (The XFS subsystem in the Linux kernel through 4.8.2 allows local users ...)
	- linux <unfixed> (low)
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2016-8659 (Bubblewrap before 0.1.3 sets the PR_SET_DUMPABLE flag, which might ...)
	- bubblewrap 0.1.2-2 (bug #840605)
	NOTE: https://github.com/projectatomic/bubblewrap/issues/107
CVE-2016-8658 (Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in ...)
	- linux 4.7.5-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/ded89912156b1a47d940a0c954c43afbabd0c42c (v4.8-rc8)
CVE-2016-8606 (The REPL server (--listen) in GNU Guile 2.0.12 allows an attacker to ...)
	{DLA-666-1}
	- guile-2.0 2.0.13+1-1 (low; bug #840555)
	[jessie] - guile-2.0 2.0.11+1-9+deb8u1
	- guile-1.8 <not-affected> (repl server introduced in 2.0)
	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=08c021916dbd3a235a9f9cc33df4c418c0724e03
CVE-2016-8605 (The mkdir procedure of GNU Guile temporarily changed the process' ...)
	{DLA-666-1}
	- guile-2.0 2.0.13+1-1 (low; bug #840556)
	[jessie] - guile-2.0 2.0.11+1-9+deb8u1
	- guile-1.8 <removed> (low; bug #841494)
	[jessie] - guile-1.8 <no-dsa> (Minor issue)
	[wheezy] - guile-1.8 <no-dsa> (Minor issue)
	NOTE: http://bugs.gnu.org/24659
	NOTE: Patch: http://git.savannah.gnu.org/cgit/guile.git/commit/?h=stable-2.0&id=245608911698adb3472803856019bdd5670b6614
CVE-2016-8593 (Directory traversal vulnerability in upload.cgi in Trend Micro Threat ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8592 (log_query_system.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8591 (log_query.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 and ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8590 (log_query_dlp.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8589 (log_query_dae.cgi in Trend Micro Threat Discovery Appliance 2.6.1062r1 ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8588 (The hotfix_upload.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8587 (dlp_policy_upload.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8586 (detected_potential_files.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8585 (admin_sys_time.cgi in Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8584 (Trend Micro Threat Discovery Appliance 2.6.1062r1 and earlier uses ...)
	NOT-FOR-US: Trend Micro
CVE-2016-8583 (Multiple GET parameters in the vulnerability scan scheduler of ...)
	NOT-FOR-US: AlienVault
CVE-2016-8582 (A vulnerability exists in gauge.php of AlienVault OSSIM and USM before ...)
	NOT-FOR-US: AlienVault
CVE-2016-8581 (A persistent XSS vulnerability exists in the User-Agent header of the ...)
	NOT-FOR-US: AlienVault
CVE-2016-8580 (PHP object injection vulnerabilities exist in multiple widget files in ...)
	NOT-FOR-US: AlienVault
CVE-2016-8579 (docker2aci &lt;= 0.12.3 has an infinite loop when handling local images ...)
	- golang-github-appc-docker2aci 0.12.3+dfsg-2 (bug #840711)
	NOTE: https://github.com/appc/docker2aci/issues/203
	NOTE: https://github.com/lucab/docker2aci/commit/54331ec7020e102935c31096f336d31f6400064f
CVE-2016-8575 (The Q.933 parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-8574 (The FRF.15 parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-8573
	RESERVED
CVE-2016-8572
	RESERVED
CVE-2016-8571
	RESERVED
CVE-2016-8570
	RESERVED
CVE-2016-8567 (An issue was discovered in Siemens SICAM PAS before 8.00. A factory ...)
	NOT-FOR-US: Siemens
CVE-2016-8566 (An issue was discovered in Siemens SICAM PAS before 8.00. Because of ...)
	NOT-FOR-US: Siemens
CVE-2016-8565 (Siemens Automation License Manager (ALM) before 5.3 SP3 allows remote ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8564 (SQL injection vulnerability in Siemens Automation License Manager ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8563 (Siemens Automation License Manager (ALM) before 5.3 SP3 Update 1 ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2016-8562 (Siemens SIMATIC CP 1543-1 before 2.0.28, when SNMPv3 write access or ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8561 (Siemens SIMATIC CP 1543-1 before 2.0.28 allows remote authenticated ...)
	NOT-FOR-US: Siemens SIMATIC CP
CVE-2016-8560
	REJECTED
CVE-2016-8559
	REJECTED
CVE-2016-8558
	REJECTED
CVE-2016-8557
	REJECTED
CVE-2016-8556
	REJECTED
CVE-2016-8555
	REJECTED
CVE-2016-8554
	REJECTED
CVE-2016-8553
	REJECTED
CVE-2016-8552
	REJECTED
CVE-2016-8551
	REJECTED
CVE-2016-8550
	REJECTED
CVE-2016-8549
	REJECTED
CVE-2016-8548
	REJECTED
CVE-2016-8547
	REJECTED
CVE-2016-8546
	REJECTED
CVE-2016-8545
	REJECTED
CVE-2016-8544
	REJECTED
CVE-2016-8543
	REJECTED
CVE-2016-8542
	REJECTED
CVE-2016-8541
	REJECTED
CVE-2016-8540
	REJECTED
CVE-2016-8539
	REJECTED
CVE-2016-8538
	REJECTED
CVE-2016-8537
	REJECTED
CVE-2016-8536
	REJECTED
CVE-2016-8535 (A remote HTTP parameter Pollution vulnerability in HPE Matrix ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8534 (A remote privilege elevation vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8533 (A remote priviledge escalation vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8532 (A cross site scripting vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8531 (A remote information disclosure vulnerability in HPE Matrix Operating ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-8530 (A remote denial of service vulnerability in HPE iMC PLAT version v7.2 ...)
	NOT-FOR-US: HPE iMC PLAT
CVE-2016-8529 (A Remote Arbitrary Command Execution vulnerability in HPE StoreVirtual ...)
	NOT-FOR-US: HPE StoreVirtual
CVE-2016-8528 (A Remote Escalation of Privilege vulnerability in HPE Helion ...)
	NOT-FOR-US: HPE Helion Eucalyptus
CVE-2016-8527
	RESERVED
CVE-2016-8526
	RESERVED
CVE-2016-8525 (A Remote Disclosure of Information vulnerability in HPE iMC PLAT ...)
	NOT-FOR-US: HPE iMC PLAT
CVE-2016-8524
	REJECTED
CVE-2016-8523 (A Remote Arbitrary Code Execution vulnerability in HPE Smart Storage ...)
	NOT-FOR-US: HP Smart Storage Administrator
CVE-2016-8522 (A cross-site scripting vulnerability in HPE Diagnostics version 9.24 ...)
	NOT-FOR-US: HPE Diagnostics
CVE-2016-8521 (A Remote click jacking vulnerability in HPE Diagnostics version 9.24 ...)
	NOT-FOR-US: HPE Diagnostics
CVE-2016-8520 (HPE Helion Eucalyptus v4.3.0 and earlier does not correctly check IAM ...)
	- eucalyptus <removed>
CVE-2016-8519 (A remote code execution vulnerability in HPE Operations Orchestration ...)
	NOT-FOR-US: HPE Operations Orchestration
CVE-2016-8518 (A remote denial of service vulnerability in HPE Systems Insight ...)
	NOT-FOR-US: HPE
CVE-2016-8517 (A cross site scripting vulnerability in HPE Systems Insight Manager in ...)
	NOT-FOR-US: HPE
CVE-2016-8516 (A remote denial of service vulnerability in HPE Systems Insight ...)
	NOT-FOR-US: HPE
CVE-2016-8515 (A remote malicious file upload vulnerability in HPE Version Control ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8514 (A remote information disclosure in HPE Version Control Repository ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8513 (A Cross-Site Request Forgery (CSRF) vulnerability in HPE Version ...)
	NOT-FOR-US: HPE Version Control Repository Manager
CVE-2016-8512 (A Remote Code Execution vulnerability in all versions of HPE ...)
	NOT-FOR-US: HPE
CVE-2016-8511 (A Remote Code Execution vulnerability in HPE Network Automation using ...)
	NOT-FOR-US: HPE
CVE-2016-8510
	REJECTED
CVE-2016-8509
	REJECTED
CVE-2016-8508 (Yandex Browser for desktop before 17.1.1.227 does not show Protect ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8507 (Yandex Browser for iOS before 16.10.0.2357 does not properly restrict ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8506 (XSS in Yandex Browser Translator in Yandex browser for desktop for ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8505 (XSS in Yandex Browser BookReader in Yandex browser for desktop for ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8504 (CSRF of synchronization form in Yandex Browser for desktop before ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8503 (Yandex Protect Anti-phishing warning in Yandex Browser for desktop ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8502 (Yandex Protect Anti-phishing warning in Yandex Browser for desktop ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8501 (Security WiFi bypass in Yandex Browser from version 15.10 to 15.12 ...)
	NOT-FOR-US: Yandex Browser
CVE-2016-8500
	REJECTED
CVE-2016-8499
	REJECTED
CVE-2016-8498
	REJECTED
CVE-2016-8497
	REJECTED
CVE-2016-8496
	REJECTED
CVE-2016-8495 (An improper certificate validation vulnerability in Fortinet ...)
	NOT-FOR-US: FortiManager
CVE-2016-8494 (Insufficient verification of uploaded files allows attackers with ...)
	NOT-FOR-US: Fortiguard
CVE-2016-8493 (In FortiClientWindows 5.4.1 and 5.4.2, an attacker may escalate ...)
	NOT-FOR-US: Fortiguard
CVE-2016-8492 (The implementation of an ANSI X9.31 RNG in Fortinet FortiGate allows ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-8491 (The presence of a hardcoded account named 'core' in Fortinet FortiWLC ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2015-8965 (Rogue Wave JViews before 8.8 patch 21 and 8.9 before patch 1 allows ...)
	NOT-FOR-US: Rogue Wave JViews
CVE-2016-XXXX [dbus format string vulnerability]
	- dbus 1.10.12-1
	[jessie] - dbus 1.8.22-0+deb8u1
	[wheezy] - dbus <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=98157
	NOTE: Versions affected: dbus >= 1.4.0
	NOTE: Fixed in: dbus >= 1.11.6, 1.10.x >= 1.10.12, 1.8.x >= 1.8.22
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/10/9
	NOTE: In Debian CVE-2015-0245 was already fixed, and this issue is
	NOTE: not believed to be exploitable in practice, because the relevant
	NOTE: message is ignored unless it comes from the owner of the bus name
	NOTE: org.freedesktop.systemd1. On the system bus, this bus name is only
	NOTE: allowed to be owned by uid 0; it is intended to be owned by systemd,
	NOTE: and no mechanism is currently known by which an attacker who does not
	NOTE: already have root privileges could induce systemd to send messages
	NOTE: that would trigger the format string vulnerability.
CVE-2016-8686 (The bm_new function in bitmap.h in potrace 1.13 allows remote ...)
	- potrace 1.14-1 (low; bug #850595)
	[stretch] - potrace <no-dsa> (Minor issue)
	[jessie] - potrace <no-dsa> (Minor issue)
	[wheezy] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-memory-allocation-failure
	NOTE: http://potrace.sourceforge.net/ChangeLog claims that it's fixed in 1.14
	NOTE: but see https://lists.debian.org/debian-lts/2017/05/msg00032.html
CVE-2016-8685 (The findnext function in decompose.c in potrace 1.13 allows remote ...)
	{DLA-889-1}
	- potrace 1.13-3 (bug #843861)
	[jessie] - potrace <no-dsa> (Minor issue)
	NOTE: https://blogs.gentoo.org/ago/2016/08/29/potrace-invalid-memory-access-in-findnext-decompose-c/
CVE-2016-8684 (The MagickMalloc function in magick/memory.c in GraphicsMagick 1.3.25 ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-magickmalloc-memory-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/c53725cb5449
CVE-2016-8683 (The ReadPCXImage function in coders/pcx.c in GraphicsMagick 1.3.25 ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-memory-allocation-failure-in-readpcximage-pcx-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/b9edafd479b9
CVE-2016-8682 (The ReadSCTImage function in coders/sct.c in GraphicsMagick 1.3.25 ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-5
	NOTE: https://blogs.gentoo.org/ago/2016/09/15/graphicsmagick-stack-based-buffer-overflow-in-readsctimage-sct-c/
	NOTE: Fixed by: http://hg.code.sf.net/p/graphicsmagick/code/rev/0a0dfa81906d
CVE-2016-8679 (The _dwarf_get_size_of_val function in libdwarf/dwarf_util.c in ...)
	- dwarfutils 20161001-2 (bug #840958)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/11
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
	NOTE: Same fix as CVE-2016-8681 but different issue
CVE-2016-8680 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf ...)
	- dwarfutils 20161001-2 (bug #840960)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/12
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/268c1f18d1d28612af3b72d7c670076b1b88e51c/tree/libdwarf/dwarf_util.c?diff=0b28b923c3bd9827d1d904feed2abadde4fa5de2
CVE-2016-8681 (The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf ...)
	- dwarfutils 20161001-2 (bug #840961)
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/2d14a7792889e33bc542c28d0f3792964c46214f/#diff-13
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/efe48cad0693d6994d9a7b561e1c3833b073a624/#diff-2
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/08/13
CVE-2016-8602 (The .sethalftone5 function in psi/zht2.c in Ghostscript before 9.21 ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #840451)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=697203
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f5c7555c30393e64ec1f5ab0dfae5b55b3b3fc78
CVE-2016-8601
	REJECTED
CVE-2016-8578 (The v9fs_iov_vunmarshal function in fsdev/9p-iov-marshal.c in QEMU ...)
	{DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840340)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07143.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ba42ebb863ab7d40adc79298422ed9596df8f73a
CVE-2016-8577 (Memory leak in the v9fs_read function in hw/9pfs/9p.c in QEMU (aka ...)
	{DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840341)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07127.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e95c9a493a5a8d6f969e86c9f19f80ffe6587e19
CVE-2016-8576 (The xhci_ring_fetch function in hw/usb/hcd-xhci.c in QEMU (aka Quick ...)
	{DLA-679-1 DLA-678-1}
	- qemu 1:2.8+dfsg-1 (bug #840343)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg01265.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=05f43d44e4bc26611ce25fd7d726e483f73363ce
CVE-2016-8569 (The git_oid_nfmt function in commit.c in libgit2 before 0.24.3 allows ...)
	- libgit2 0.24.2-2 (bug #840227)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860989)
	NOTE: https://github.com/libgit2/libgit2/issues/3937
CVE-2016-8568 (The git_commit_message function in oid.c in libgit2 before 0.24.3 ...)
	- libgit2 0.24.5-1 (bug #840227)
	[jessie] - libgit2 <no-dsa> (Minor issue)
	[experimental] - cargo 0.17.0-1~exp1
	- cargo 0.17.0-1 (bug #860989)
	NOTE: https://github.com/libgit2/libgit2/issues/3936
CVE-2016-8490
	RESERVED
CVE-2016-8489
	RESERVED
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8488 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8487 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8486 (An information disclosure vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8485 (An information disclosure vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8484 (An elevation of privilege vulnerability in Qualcomm closed source ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-8483 (An information disclosure vulnerability in the Qualcomm power driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8482 (An elevation of privilege vulnerability in the NVIDIA GPU driver. ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8481 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8480 (An elevation of privilege vulnerability in the Qualcomm Secure ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8479 (An elevation of privilege vulnerability in the Qualcomm GPU driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8478 (An information disclosure vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8477 (An information disclosure vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8476 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8475 (An information disclosure vulnerability in the HTC input driver could ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-8474 (An information disclosure vulnerability in the STMicroelectronics ...)
	NOT-FOR-US: STMicroelectronics driver for Android
CVE-2016-8473 (An information disclosure vulnerability in the STMicroelectronics ...)
	NOT-FOR-US: STMicroelectronics driver for Android
CVE-2016-8472 (An information disclosure vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8471 (An information disclosure vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8470 (An information disclosure vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8469 (An information disclosure vulnerability in the camera driver could ...)
	NOT-FOR-US: camera driver for Android
CVE-2016-8468 (An elevation of privilege vulnerability in Binder could enable a local ...)
	NOT-FOR-US: Android Binder
CVE-2016-8467 (An elevation of privilege vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8466 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8465 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8464 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8463 (A denial of service vulnerability in the Qualcomm FUSE file system ...)
	NOT-FOR-US: Qualcomm file system for Android
CVE-2016-8462 (An information disclosure vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8461 (An information disclosure vulnerability in the bootloader could enable ...)
	NOT-FOR-US: Android bootloader
CVE-2016-8460 (An information disclosure vulnerability in the NVIDIA video driver ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8459 (Possible buffer overflow in storage subsystem. Bad parameters as part ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8458 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8457 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8456 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8455 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8454 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8453 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-8452 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8451 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8450 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8449 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8448 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8447 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8446 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8445 (An elevation of privilege vulnerability in MediaTek components, ...)
	NOT-FOR-US: MediaTek component for Android
CVE-2016-8444 (An elevation of privilege vulnerability in the Qualcomm camera could ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8443 (Possible unauthorized memory access in the hypervisor. Incorrect ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8442 (Possible unauthorized memory access in the hypervisor. Lack of input ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8441 (Possible buffer overflow in the hypervisor. Inappropriate usage of a ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8440 (Possible buffer overflow in SMMU system call. Improper input ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8439 (Possible buffer overflow in trust zone access control API. Buffer ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8438 (Integer overflow leading to a TOCTOU condition in hypervisor PIL. An ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8437 (Improper input validation in Access Control APIs. Access control API ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8436 (An elevation of privilege vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8435 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8434 (An elevation of privilege vulnerability in the Qualcomm GPU driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8433 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-8432 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8431 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8430 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8429 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8427 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8426 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8425 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8424 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-8423 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-8422 (An elevation of privilege vulnerability in the Qualcomm bootloader ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-8421 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8420 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8419 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8418 (A remote code execution vulnerability in the Qualcomm crypto driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8417 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8416 (An information disclosure vulnerability in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8415 (An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8414 (An information disclosure vulnerability in the Qualcomm Secure ...)
	NOT-FOR-US: Qualcomm Secure Execution Environment Communicator
CVE-2016-8413 (An information disclosure vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8412 (An elevation of privilege vulnerability in the Qualcomm camera could ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8411 (Buffer overflow vulnerability while processing QMI QOS TLVs. Product: ...)
	NOT-FOR-US: Android
CVE-2016-8410 (An information disclosure vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8409 (An information disclosure vulnerability in the NVIDIA video driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8408 (An information disclosure vulnerability in the NVIDIA video driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8407 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8406 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8405 (An information disclosure vulnerability in kernel components including ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.9.6-1
	NOTE: Fixed by: https://git.kernel.org/linus/2dc705a9930b4806250fbf5a76e55266e59389f2
CVE-2016-8404 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8403 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8402 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8401 (An information disclosure vulnerability in kernel components including ...)
	- linux <not-affected> (Android-specific Linux components)
CVE-2016-8400 (An information disclosure vulnerability in the NVIDIA librm library ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8399 (An elevation of privilege vulnerability in the kernel networking ...)
	{DLA-772-1}
	- linux 4.8.15-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/0eab121ef8750a5c8637d51534d5e9143fb0633f
CVE-2016-8398 (Unauthenticated messages processed by the UE. Certain NAS messages are ...)
	NOT-FOR-US: Qualcomm component for Android
CVE-2016-8397 (An information disclosure vulnerability in the NVIDIA video driver ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8396 (An information disclosure vulnerability in the MediaTek video driver ...)
	NOT-FOR-US: Mediatek driver for Android
CVE-2016-8395 (A denial of service vulnerability in the NVIDIA camera driver could ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-8394 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8393 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-8392 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-8391 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-1000246
	RESERVED
CVE-2017-1000245 (The SSH Plugin stores credentials which allow jobs to access remote ...)
	NOT-FOR-US: Jenkins SSH plugin
CVE-2016-7979 (Ghostscript before 9.21 might allow remote attackers to bypass the ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #839846)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697190
	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697190#c0
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=875a0095f37626a721c7ff57d606a0f95af03913
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/19
CVE-2016-7978 (Use-after-free vulnerability in Ghostscript 9.20 might allow remote ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (bug #839845)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697179
	NOTE: Reproducer: http://bugs.ghostscript.com/show_bug.cgi?id=697179#c0
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6f749c0c44e7b9e09737b9f29edf29925a34f0cf
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7977 (Ghostscript before 9.21 might allow remote attackers to bypass the ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (high; bug #839841)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697169
	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/29/28
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=8abd22010eb4db0fb1b10e430d5f5d83e015ef70
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2016-7976 (The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (high; bug #839260)
	NOTE: Upstream bug: http://bugs.ghostscript.com/show_bug.cgi?id=697178
	NOTE: Reproducer: http://www.openwall.com/lists/oss-security/2016/09/30/8
	NOTE: Patch: http://git.ghostscript.com/?p=ghostpdl.git;h=6d444c273da5499a4cd72f21cb6d4c9a5256807d
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/05/7
CVE-2015-8964 (The tty_set_termios_ldisc function in drivers/tty/tty_ldisc.c in the ...)
	{DLA-772-1}
	- linux 4.5.1-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/dd42bf1197144ede075a9d4793123f7689e164bc (v4.5-rc1)
CVE-2015-8963 (Race condition in kernel/events/core.c in the Linux kernel before 4.4 ...)
	{DLA-772-1}
	- linux 4.4.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/12ca6ad2e3a896256f086497a7c7406a547ee373 (v4.4)
CVE-2015-8962 (Double free vulnerability in the sg_common_write function in ...)
	{DLA-772-1}
	- linux 4.4.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/f3951a3709ff50990bf3e188c27d346792103432 (v4.4-rc1)
CVE-2015-8961 (The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux ...)
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/6934da9238da947628be83635e365df41064b09b (v4.4-rc5)
CVE-2014-9908
	RESERVED
CVE-2016-1000247 [mpg123 memory overread]
	{DLA-655-1}
	- mpg123 1.23.8-1 (low; bug #838960)
	[jessie] - mpg123 1.20.1-2+deb8u1
	NOTE: http://mpg123.org/bugs/240
CVE-2016-XXXX [nspr, nss: unprotected environment variables]
	- nspr 2:4.12-1 (low)
	[jessie] - nspr 2:4.12-1+debu8u1
	[wheezy] - nspr 2:4.12-1+deb7u1
	NOTE: Workaround entry for DSA-3687-1/DLA-676-1 until CVE is assigned
	- nss 2:3.23-1 (low)
	[jessie] - nss 2:3.26-1+debu8u1
	[wheezy] - nss 2:3.26-1+debu7u1
	NOTE: Workaround entry for DSA-3688-1/DLA-677-1 until CVE is assigned
	NOTE: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.22.1_release_notes
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/10/02/4
CVE-2016-8390
	RESERVED
CVE-2016-8389 (An exploitable integer-overflow vulnerability exists within Iceni ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8388 (An exploitable arbitrary heap-overwrite vulnerability exists within ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8387 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8386 (An exploitable heap-based buffer overflow exists in Iceni Argus. When ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8385 (An exploitable uninitialized variable vulnerability which leads to a ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8384 (An exploitable heap corruption vulnerability exists in the DHFSummary ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8383 (An exploitable heap corruption vulnerability exists in the ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8382 (An exploitable heap corruption vulnerability exists in the ...)
	NOT-FOR-US: AntennaHouse
CVE-2016-8381
	RESERVED
CVE-2016-8380 (The web server in Phoenix Contact ILC PLCs allows access to read and ...)
	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8379 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...)
	NOT-FOR-US: Moxa
CVE-2016-8378 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8377 (An issue was discovered in Fatek Automation PLC WinProladder Version ...)
	NOT-FOR-US: Fatek
CVE-2016-8376 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona AB WebDatorCentral
CVE-2016-8375 (An issue was discovered in Becton, Dickinson and Company (BD) Alaris ...)
	NOT-FOR-US: Alaris 8015 Point of Care
CVE-2016-8374 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO ...)
	NOT-FOR-US: Schneider
CVE-2016-8373
	RESERVED
CVE-2016-8372 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...)
	NOT-FOR-US: Moxa
CVE-2016-8371 (The web server in Phoenix Contact ILC PLCs can be accessed without ...)
	NOT-FOR-US: web server in Phoenix Contact ILC PLCs
CVE-2016-8370 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ...)
	NOT-FOR-US: Mitsubishi
CVE-2016-8369 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8368 (An issue was discovered in Mitsubishi Electric Automation MELSEC-Q ...)
	NOT-FOR-US: Mitsubishi
CVE-2016-8367 (An issue was discovered in Schneider Electric Magelis HMI Magelis GTO ...)
	NOT-FOR-US: Schneider
CVE-2016-8366 (Webvisit in Phoenix Contact ILC PLCs offers a password macro to ...)
	NOT-FOR-US: Phoenix Contact ILC PLCs
CVE-2016-8365 (OSIsoft PI System software (Applications using PI Asset Framework (AF) ...)
	NOT-FOR-US: OSIsoft PI
CVE-2016-8364 (An issue was discovered in IBHsoftec S7-SoftPLC prior to 4.12b. Object ...)
	NOT-FOR-US: IBHsoftec
CVE-2016-8363 (An issue was discovered in Moxa OnCell OnCellG3470A-LTE, ...)
	NOT-FOR-US: Moxa
CVE-2016-8362 (An issue was discovered in Moxa OnCell OnCellG3470A-LTE, ...)
	NOT-FOR-US: Moxa
CVE-2016-8361 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8360 (An issue was discovered in Moxa SoftCMS versions prior to Version 1.6. ...)
	NOT-FOR-US: Moxa
CVE-2016-8359 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...)
	NOT-FOR-US: Moxa
CVE-2016-8358 (An issue was discovered in Smiths-Medical CADD-Solis Medication Safety ...)
	NOT-FOR-US: Smiths-Medical
CVE-2016-8357 (An issue was discovered in Lynxspring JENEsys BAS Bridge versions 1.1.8 ...)
	NOT-FOR-US: Lynxspring
CVE-2016-8356 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona
CVE-2016-8355 (An issue was discovered in Smiths-Medical CADD-Solis Medication Safety ...)
	NOT-FOR-US: Smiths-Medical
CVE-2016-8354 (An issue was discovered in Schneider Electric Unity PRO prior to V11.1. ...)
	NOT-FOR-US: Schneider
CVE-2016-8353 (An issue was discovered in OSIsoft PI Web API 2015 R2 (Version 1.5.1). ...)
	NOT-FOR-US: OSISoft PI Web API
CVE-2016-8352 (An issue was discovered in Schneider Electric ConneXium firewalls ...)
	NOT-FOR-US: Schneider
CVE-2016-8351
	RESERVED
CVE-2016-8350 (An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 ...)
	NOT-FOR-US: Moxa
CVE-2016-8349
	REJECTED
CVE-2016-8348 (An XML External Entity (XXE) issue was discovered in Emerson Liebert ...)
	NOT-FOR-US: Emerson
CVE-2016-8347 (An issue was discovered in Kabona AB WebDatorCentral (WDC) application ...)
	NOT-FOR-US: Kabona
CVE-2016-8346 (An issue was discovered in Moxa EDR-810 Industrial Secure Router. By ...)
	NOT-FOR-US: Moxa
CVE-2016-8345
	REJECTED
CVE-2016-8344 (An issue was discovered in Honeywell Experion Process Knowledge System ...)
	NOT-FOR-US: Honeywell
CVE-2016-8343 (Directory traversal vulnerability in INDAS Web SCADA before 3 allows ...)
	NOT-FOR-US: INDAS Web SCADA
CVE-2016-8342
	REJECTED
CVE-2016-8341 (An issue was discovered in Ecava IntegraXor Version 5.0.413.0. The ...)
	NOT-FOR-US: Ecava
CVE-2016-8340
	RESERVED
CVE-2016-8339 (A buffer overflow in Redis 3.2.x prior to 3.2.4 causes arbitrary code ...)
	- redis 3:3.2.4-1
	[jessie] - redis <not-affected> (Vulnerable code introduced later)
	[wheezy] - redis <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/antirez/redis/commit/6d9f8e2462fc2c426d48c941edeb78e5df7d2977
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0206/
	NOTE: CLIENT_MASTER introduced within 3.2-rc1
CVE-2016-8338
	REJECTED
CVE-2016-8337
	RESERVED
CVE-2016-8336
	RESERVED
CVE-2016-8335 (An exploitable stack based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8334 (A large out-of-bounds read on the heap vulnerability in Foxit PDF ...)
	NOT-FOR-US: Foxit PDF
CVE-2016-8333 (An exploitable stack-based buffer overflow vulnerability exists in the ...)
	NOT-FOR-US: Iceni Argus
CVE-2016-8332 (A buffer overflow in OpenJPEG 2.1.1 causes arbitrary code execution ...)
	{DSA-3768-1}
	- openjpeg2 2.1.2-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0193/
	NOTE: https://github.com/uclouvain/openjpeg/pull/820
CVE-2016-8331 (An exploitable remote code execution vulnerability exists in the ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	- tiff3 <removed>
	[jessie] - tiff 4.0.3-12.3+deb8u2
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0190/
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
	NOTE: From the backtrace shared in the report, we can see that the crash is triggered though the thumbnail tool which has been dropped upstream.
CVE-2016-8330 (Vulnerability in the Solaris component of Oracle Sun Systems Products ...)
	NOT-FOR-US: Solaris
CVE-2016-8329 (Vulnerability in the PeopleSoft Enterprise PeopleTools component of ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-8328 (Vulnerability in the Java SE component of Oracle Java SE ...)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2016-8327 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8326
	RESERVED
CVE-2016-8325 (Vulnerability in the Oracle One-to-One Fulfillment component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-8324 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8323 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8322 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8321
	REJECTED
CVE-2016-8320 (Vulnerability in the Oracle FLEXCUBE Enterprise Limits and Collateral ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8319 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8318 (Vulnerability in the MySQL Server component of Oracle MySQL ...)
	- mysql-5.7 5.7.17-1 (bug #851235)
	- mysql-5.6 5.6.35-1 (bug #851234)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8317 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8316 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8315 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8314 (Vulnerability in the Oracle FLEXCUBE Core Banking component of Oracle ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8313 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8312 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8311 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8310 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8309 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8308 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8307 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8306 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8305 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8304 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8303 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8302 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8301 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8300 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8299 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8298 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8297 (Vulnerability in the Oracle FLEXCUBE Universal Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8296 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8295 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8294 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8293 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8292 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8291 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-8290 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8289 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8288 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8287 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8286 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-8285 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle
CVE-2016-8284 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-8283 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-8282 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-8281 (Unspecified vulnerability in the Oracle Platform Security for Java ...)
	NOT-FOR-US: Oracle
CVE-2016-1000244
	RESERVED
CVE-2016-1000243
	RESERVED
CVE-2016-7553 (The buf.pl script before 2.20 in Irssi before 0.8.20 uses weak ...)
	{DLA-722-1}
	- irssi 0.8.20-2 (bug #838762)
	[jessie] - irssi 0.8.17-1+deb8u2
	NOTE: Fixed by: https://github.com/irssi/scripts.irssi.org/commit/f1b1eb154baa684fad5d65bf4dff79c8ded8b65a
	NOTE: https://irssi.org/2016/09/22/buf.pl-update/
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/24/1
CVE-2016-1000242
	RESERVED
CVE-2016-1000241
	RESERVED
CVE-2016-1000240
	RESERVED
CVE-2016-1000239
	RESERVED
CVE-2016-1000238
	RESERVED
CVE-2016-1000237
	RESERVED
CVE-2016-1000236
	RESERVED
	- node-cookie-signature <unfixed> (unimportant; bug #838618)
	NOTE: https://nodesecurity.io/advisories/134
	NOTE: https://github.com/tj/node-cookie-signature/commit/39791081692e9e14aa62855369e1c7f80fbfd50e
	NOTE: nodejs not covered by security support
CVE-2016-1000235
	RESERVED
CVE-2016-1000234
	RESERVED
CVE-2016-1000233
	RESERVED
CVE-2016-1000232
	RESERVED
	NOT-FOR-US: nodejs tough-cookie
	NOTE: https://nodesecurity.io/advisories/130
CVE-2016-1000231
	RESERVED
CVE-2016-1000230
	RESERVED
CVE-2016-1000229
	RESERVED
	NOT-FOR-US: nodejs swagger-ui
	NOTE: https://github.com/swagger-api/swagger-ui/issues/1865
CVE-2016-1000228
	RESERVED
CVE-2016-1000227
	RESERVED
CVE-2016-1000226
	RESERVED
CVE-2016-1000225
	RESERVED
CVE-2016-1000224
	RESERVED
CVE-2016-1000223
	RESERVED
CVE-2016-1000031 (Apache Commons FileUpload before 1.3.3 DiskFileItem File Manipulation ...)
	- libcommons-fileupload-java <unfixed> (unimportant)
	NOTE: https://www.tenable.com/security/research/tra-2016-12
	NOTE: Marked as unimportant since even though the CVE is assigned for Apache Commons FileUpload
	NOTE: Apache say that issue needs to be fixed in any vendor/product using Apache Commons FileUpload
	NOTE: DiskFileItem as described in the given advisory.
	NOTE: Thus we are not going to diverge from Apache upstream here.
CVE-2016-7466 (Memory leak in the usb_xhci_exit function in hw/usb/hcd-xhci.c in QEMU ...)
	- qemu 1:2.7+dfsg-1 (bug #838687)
	[jessie] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	[wheezy] - qemu <no-dsa> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Minor issue, needs qemu monitor access to unplug nec-xhci controller)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg02773.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=b53dd4495ced2432a0b652ea895e651d07336f7e
	NOTE: The usb_xhci_exit and thus the patched code was introduced in:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=53c30545fb34c43c84d62ea1c2b0dc6b53303c34 (v2.2.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/19/8
CVE-2016-8280 (Directory traversal vulnerability in Huawei eSight before ...)
	NOT-FOR-US: Huawei eSight UMS
CVE-2016-8279 (The video driver in Huawei Mate S smartphones with software CRR-TL00 ...)
	NOT-FOR-US: Huawei
CVE-2016-8278 (Huawei USG9520, USG9560, and USG9580 unified security gateways with ...)
	NOT-FOR-US: Huawei Firewalls
CVE-2016-8277 (Huawei USG9520, USG9560, and USG9580 unified security gateways with ...)
	NOT-FOR-US: Huawei Firewalls
CVE-2016-8276 (Buffer overflow in the Point-to-Point Protocol over Ethernet (PPPoE) ...)
	NOT-FOR-US: Huawei
CVE-2016-8275 (Huawei AnyOffice V200R006C00 could allow an authenticated, remote ...)
	NOT-FOR-US: Huawei
CVE-2016-8274 (Huawei PC client software HiSuite 4.0.5.300_OVE has a dynamic link ...)
	NOT-FOR-US: Huawei
CVE-2016-8273 (Huawei PC client software HiSuite 4.0.5.300_OVE uses insecure HTTP for ...)
	NOT-FOR-US: Huawei
CVE-2016-8272 (Huawei PC client software HiSuite 4.0.5.300_OVE has an information ...)
	NOT-FOR-US: Huawei
CVE-2016-8271 (Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an ...)
	NOT-FOR-US: Huawei
CVE-2016-8270
	REJECTED
CVE-2016-8269
	REJECTED
CVE-2016-8268
	REJECTED
CVE-2016-8267
	REJECTED
CVE-2016-8266
	REJECTED
CVE-2016-8265
	REJECTED
CVE-2016-8264
	REJECTED
CVE-2016-8263
	REJECTED
CVE-2016-8262
	REJECTED
CVE-2016-8261
	REJECTED
CVE-2016-8260
	REJECTED
CVE-2016-8259
	REJECTED
CVE-2016-8258
	REJECTED
CVE-2016-8257
	REJECTED
CVE-2016-8256
	REJECTED
CVE-2016-8255
	REJECTED
CVE-2016-8254
	REJECTED
CVE-2016-8253
	REJECTED
CVE-2016-8252
	REJECTED
CVE-2016-8251
	REJECTED
CVE-2016-8250
	REJECTED
CVE-2016-8249
	REJECTED
CVE-2016-8248
	REJECTED
CVE-2016-8247
	REJECTED
CVE-2016-8246
	REJECTED
CVE-2016-8245
	REJECTED
CVE-2016-8244
	REJECTED
CVE-2016-8243
	REJECTED
CVE-2016-8242
	REJECTED
CVE-2016-8241
	REJECTED
CVE-2016-8240
	REJECTED
CVE-2016-8239
	REJECTED
CVE-2016-8238
	REJECTED
CVE-2016-8237 (Remote code execution in Lenovo Updates (not Lenovo System Update) ...)
	NOT-FOR-US: Lenovo
CVE-2016-8236 (Reset to default settings may occur in Lenovo ThinkServer TSM RD350, ...)
	NOT-FOR-US: Lenovo
CVE-2016-8235 (Privilege escalation in Lenovo Customer Care Software Development Kit ...)
	NOT-FOR-US: Lenovo
CVE-2016-8234
	REJECTED
CVE-2016-8233 (Log files generated by Lenovo XClarity Administrator (LXCA) versions ...)
	NOT-FOR-US: Lenovo
CVE-2016-8232 (Document Object Model-(DOM) based cross-site scripting vulnerability ...)
	NOT-FOR-US: Lenovo
CVE-2016-8231 (In Lenovo Service Bridge before version 4, a bug found in the ...)
	NOT-FOR-US: Lenovo
CVE-2016-8230 (In Lenovo Service Bridge before version 4, an insecure HTTP connection ...)
	NOT-FOR-US: Lenovo
CVE-2016-8229 (A cross-site request forgery vulnerability in Lenovo Service Bridge ...)
	NOT-FOR-US: Lenovo
CVE-2016-8228 (In Lenovo Service Bridge before version 4, a user with local ...)
	NOT-FOR-US: Lenovo
CVE-2016-8227 (Privilege escalation vulnerability in Lenovo Transition application ...)
	NOT-FOR-US: Lenovo
CVE-2016-8226 (The BIOS in Lenovo System X M5, M6, and X6 systems allows ...)
	NOT-FOR-US: Lenovo
CVE-2016-8225 (Unquoted service path vulnerability in Lenovo Edge and Lenovo Slim USB ...)
	NOT-FOR-US: Lenovo
CVE-2016-8224 (A vulnerability has been identified in some Lenovo Notebook and ...)
	NOT-FOR-US: Lenovo
CVE-2016-8223 (During an internal security review, Lenovo identified a local ...)
	NOT-FOR-US: Lenovo
CVE-2016-8222 (A vulnerability has been identified in a signed kernel driver for the ...)
	NOT-FOR-US: Lenovo
CVE-2016-8221 (Privilege Escalation in Lenovo XClarity Administrator earlier than ...)
	NOT-FOR-US: Lenovo
CVE-2016-7423 (The mptsas_process_scsi_io_request function in QEMU (aka Quick ...)
	- qemu 1:2.7+dfsg-1 (bug #838145)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03604.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376776
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/5
	NOTE: LSI SAS1068 (mptsas) device support added in
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=670e56d3ed2918b3861d9216f2c0540d9e9ae0d5
CVE-2016-7422 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka ...)
	- qemu 1:2.7+dfsg-1 (bug #838146)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03546.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376755
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/4
CVE-2016-7421 (The pvscsi_ring_pop_req_descr function in hw/scsi/vmw_pvscsi.c in QEMU ...)
	- qemu 1:2.7+dfsg-1 (bug #838147)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after 1.5)
	- qemu-kvm <not-affected> (Vulnerable code not present, introduced after 1.5)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg03609.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1376731
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/3
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=d251157ac1928191af851d199a9ff255d330bec9
CVE-2016-8220 (Pivotal Gemfire for PCF, versions 1.6.x prior to 1.6.5.0 and 1.7.x ...)
	NOT-FOR-US: Pivotal
CVE-2016-8219 (An issue was discovered in Cloud Foundry Foundation cf-release versions ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-8218 (An issue was discovered in Cloud Foundry Foundation routing-release ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-8217 (EMC RSA BSAFE Crypto-J versions prior to 6.2.2 has a PKCS#12 Timing ...)
	NOT-FOR-US: EMC RSA
CVE-2016-8216 (EMC Data Domain OS (DD OS) 5.4 all versions, EMC Data Domain OS (DD OS) ...)
	NOT-FOR-US: EMC
CVE-2016-8215 (EMC RSA Security Analytics 10.5.3 and 10.6.2 contains fixes for a ...)
	NOT-FOR-US: RSA Security Analytics
CVE-2016-8214 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-8213 (EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-8212 (An issue was discovered in EMC RSA BSAFE Crypto-J versions prior to ...)
	NOT-FOR-US: EMC RSA
CVE-2016-8211 (EMC Data Protection Advisor 6.1.x, EMC Data Protection Advisor 6.2, EMC ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2016-8210
	RESERVED
CVE-2016-8209 (Improper checks for unusual or exceptional conditions in Brocade ...)
	NOT-FOR-US: Brocade
CVE-2016-8208
	RESERVED
CVE-2016-8207 (A Directory Traversal vulnerability in CliMonitorReportServlet in the ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8206 (A Directory Traversal vulnerability in servlet SoftwareImageUpload in ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8205 (A Directory Traversal vulnerability in DashboardFileReceiveServlet in ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8204 (A Directory Traversal vulnerability in FileReceiveServlet in the ...)
	NOT-FOR-US: Brocade Network Advisor
CVE-2016-8203 (A memory corruption in the IPsec code path of Brocade NetIron OS on ...)
	NOT-FOR-US: Brocade
CVE-2016-8202 (A privilege escalation vulnerability in Brocade Fibre Channel SAN ...)
	NOT-FOR-US: Brocade
CVE-2016-8201 (A CSRF vulnerability in Brocade Virtual Traffic Manager versions ...)
	NOT-FOR-US: Brocade
CVE-2016-7444 (The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS ...)
	- gnutls28 3.5.3-4
	[jessie] - gnutls28 3.3.8-6+deb8u4
	NOTE: https://gnutls.org/security.html#GNUTLS-SA-2016-3
	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2016-September/008146.html
	NOTE: Upstream fix: https://gitlab.com/gnutls/gnutls/commit/964632f37dfdfb914ebc5e49db4fa29af35b1de9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374266
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/18/3
CVE-2017-0300 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0299 (The kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0298 (A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0297 (The kernel in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0296 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0295 (Microsoft Windows 10 1607 and 1703, and Windows Server 2016 allow an ...)
	NOT-FOR-US: Microsoft
CVE-2017-0294 (Microsoft Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0293 (Microsoft Windows PDF Library in Windows Server 2008 R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0292 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0291 (Windows PDF in Windows 8.1, Windows Server 2012 Gold and R2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0290 (The Microsoft Malware Protection Engine running on Microsoft Forefront ...)
	NOT-FOR-US: Microsoft
CVE-2017-0289 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0288 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0287 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0286 (Graphics in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0285 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0284 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0283 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0282 (Uniscribe in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0281 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-0280 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
	NOT-FOR-US: Microsoft
CVE-2017-0279 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0278 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0277 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0276 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0275 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0274 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0273 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
	NOT-FOR-US: Microsoft
CVE-2017-0272 (The Microsoft Server Message Block 1.0 (SMBv1) server on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0271 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0270 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0269 (The Microsoft Server Message Block 1.0 (SMBv1) allows denial of ...)
	NOT-FOR-US: Microsoft
CVE-2017-0268 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0267 (Microsoft Server Message Block 1.0 (SMBv1) allows an information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0266 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0265 (Microsoft PowerPoint for Mac 2011 allows a remote code execution ...)
	NOT-FOR-US: Microsoft
CVE-2017-0264 (Microsoft PowerPoint for Mac 2011 allows a remote code execution ...)
	NOT-FOR-US: Microsoft
CVE-2017-0263 (The kernel-mode drivers in Microsoft Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0262 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0261 (Microsoft Office 2010 SP2, Office 2013 SP1, and Office 2016 allow a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0260 (A remote code execution vulnerability exists in Microsoft Office when ...)
	NOT-FOR-US: Microsoft
CVE-2017-0259 (The Windows kernel in Microsoft Windows 8.1, Windows Server 2012 R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0258 (The Windows kernel in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0257
	RESERVED
CVE-2017-0256 (A spoofing vulnerability exists when the ASP.NET Core fails to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0255 (Microsoft SharePoint Foundation 2013 SP1 allows an elevation of ...)
	NOT-FOR-US: Microsoft
CVE-2017-0254 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-0253
	RESERVED
CVE-2017-0252 (A remote code execution vulnerability exists in Microsoft Chakra Core ...)
	NOT-FOR-US: Microsoft
CVE-2017-0251
	RESERVED
CVE-2017-0250 (Microsoft JET Database Engine in Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0249 (An elevation of privilege vulnerability exists when the ASP.NET Core ...)
	NOT-FOR-US: Microsoft
CVE-2017-0248 (Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0247 (A denial of service vulnerability exists when the ASP.NET Core fails ...)
	NOT-FOR-US: Microsoft
CVE-2017-0246 (The Graphics Component in the kernel-mode drivers in Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-0245 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0244 (The kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0243 (Microsoft Office allows a remote code execution vulnerability due to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0242 (An information disclosure vulnerability exists in the way some ActiveX ...)
	NOT-FOR-US: Microsoft
CVE-2017-0241 (An elevation of privilege vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2017-0240 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0239
	RESERVED
CVE-2017-0238 (A remote code execution vulnerability exists in Microsoft browsers in ...)
	NOT-FOR-US: Microsoft
CVE-2017-0237
	RESERVED
CVE-2017-0236 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0235 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0234 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0233 (An elevation of privilege vulnerability exists in Microsoft Edge that ...)
	NOT-FOR-US: Microsoft
CVE-2017-0232
	RESERVED
CVE-2017-0231 (A spoofing vulnerability exists when Microsoft browsers render ...)
	NOT-FOR-US: Microsoft
CVE-2017-0230 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0229 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0228 (A remote code execution vulnerability exists in Microsoft browsers in ...)
	NOT-FOR-US: Microsoft
CVE-2017-0227 (A remote code execution vulnerability exists in Microsoft Edge in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0226 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2017-0225
	RESERVED
CVE-2017-0224 (A remote code execution vulnerability exists in the way JavaScript ...)
	NOT-FOR-US: Microsoft
CVE-2017-0223 (A remote code execution vulnerability exists in Microsoft Chakra Core ...)
	NOT-FOR-US: Microsoft
CVE-2017-0222 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2017-0221 (A vulnerability exists when Microsoft Edge improperly accesses objects ...)
	NOT-FOR-US: Microsoft
CVE-2017-0220 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0219 (Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0218 (Microsoft Windows 10 Gold, Windows 10 1511, Windows 10 1607, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0217
	RESERVED
CVE-2017-0216 (Microsoft Windows 10 1511, Windows 10 1607, and Windows Server 2016 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0215 (Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0214 (Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0213 (Windows COM Aggregate Marshaler in Microsoft Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0212 (Windows Hyper-V allows an elevation of privilege vulnerability when ...)
	NOT-FOR-US: Microsoft
CVE-2017-0211 (An elevation of privilege vulnerability exists in Windows 10, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0210 (An elevation of privilege vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2017-0209
	RESERVED
CVE-2017-0208 (An information disclosure vulnerability exists in Microsoft Edge when ...)
	NOT-FOR-US: Microsoft
CVE-2017-0207 (Microsoft Outlook for Mac 2011 allows remote attackers to spoof web ...)
	NOT-FOR-US: Microsoft
CVE-2017-0206
	RESERVED
CVE-2017-0205 (A remote code execution vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2017-0204 (Microsoft Outlook 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0203 (A vulnerability exists in Microsoft Edge when the Edge Content ...)
	NOT-FOR-US: Microsoft
CVE-2017-0202 (A remote code execution vulnerability exists when Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2017-0201 (A remote code execution vulnerability exists in Internet Explorer in ...)
	NOT-FOR-US: Microsoft
CVE-2017-0200 (A remote code execution vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2017-0199 (Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-0198
	RESERVED
CVE-2017-0197 (Microsoft OneNote 2007 SP3 and Microsoft OneNote 2010 SP2 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0196 (An information disclosure vulnerability in Microsoft scripting engine ...)
	NOT-FOR-US: Microsoft
CVE-2017-0195 (Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0194 (Microsoft Excel 2007 SP3, Microsoft Excel 2010 SP2, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-0193 (Windows Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0192 (The Adobe Type Manager Font Driver (ATMFD.dll) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0191 (A denial of service vulnerability exists in the way that Windows 7, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0190 (The GDI component in Microsoft Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0189 (An elevation of privilege vulnerability exists in Windows 10 when the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0188 (A Win32k information disclosure vulnerability exists in Windows 8.1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0187
	RESERVED
CVE-2017-0186 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0185 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0184 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0183 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0182 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0181 (A remote code execution vulnerability exists when Windows Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0180 (A remote code execution vulnerability exists when Windows Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0179 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0178 (A denial of service vulnerability exists when Microsoft Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0177
	RESERVED
CVE-2017-0176 (A buffer overflow in Smart Card authentication code in gpkcsp.dll in ...)
	NOT-FOR-US: Microsoft
CVE-2017-0175 (The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0174 (Windows NetBIOS in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0173 (Microsoft Windows 10 1607 and Windows Server 2016 allow an attacker to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0172
	RESERVED
CVE-2017-0171 (Windows DNS Server allows a denial of service vulnerability when ...)
	NOT-FOR-US: Microsoft
CVE-2017-0170 (Windows Performance Monitor in Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0169 (An information disclosure vulnerability exists when Windows Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0168 (An information disclosure vulnerability exists when the Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0167 (An information disclosure vulnerability exists in Windows 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0166 (An elevation of privilege vulnerability exists in Windows when LDAP ...)
	NOT-FOR-US: Microsoft
CVE-2017-0165 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0164 (A denial of service vulnerability exists in Windows 10 1607 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0163 (A remote code execution vulnerability exists when Windows Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0162 (A remote code execution vulnerability exists when Windows Hyper-V ...)
	NOT-FOR-US: Microsoft
CVE-2017-0161 (The Windows NetBT Session Services component on Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0160 (Microsoft .NET Framework 2.0, 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0159 (A security feature bypass vulnerability exists in Windows 10 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0158 (An elevation of privilege vulnerability exists when Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0157
	RESERVED
CVE-2017-0156 (An elevation of privilege vulnerability exists in Windows 7, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0155 (The Graphics component in the kernel in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0154 (Microsoft Internet Explorer 11 on Windows 10, 1511, and 1606 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0153
	RESERVED
CVE-2017-0152 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0151 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0150 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0149 (Microsoft Internet Explorer 9 through 11 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0148 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0147 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0146 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0145 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0144 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0143 (The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0142
	RESERVED
CVE-2017-0141 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0140 (Microsoft Edge allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0139
	RESERVED
CVE-2017-0138 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0137 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0136 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0135 (Microsoft Edge allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0134 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0133 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0132 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0131 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0130 (The scripting engine in Microsoft Internet Explorer 9 through 11 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0129 (Microsoft Lync for Mac 2011 fails to properly validate certificates, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0128 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0127 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0126 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0125 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0124 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0123 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0122 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0121 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0120 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0119 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0118 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0117 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0116 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0115 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0114 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0113 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0112 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0111 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0110 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2017-0109 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0108 (The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0107 (Microsoft SharePoint Server fails to sanitize crafted web requests, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0106 (Microsoft Excel 2007 SP3, Microsoft Outlook 2010 SP2, Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0105 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2017-0104 (The iSNS Server service in Microsoft Windows Server 2008 SP2 and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0103 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0102 (Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0101 (The kernel-mode drivers in Transaction Manager in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0100 (A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0099 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0098 (Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607; and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0097 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0096 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0095 (Hyper-V in Microsoft Windows 10 Gold, 1511, and 1607 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0094 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0093 (A remote code execution vulnerability in Microsoft Edge exists in the ...)
	NOT-FOR-US: Microsoft
CVE-2017-0092 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0091 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0090 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0089 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0088 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0087 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0086 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0085 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0084 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0083 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0082 (The kernel-mode drivers in Microsoft Windows 10 Gold and 1511 allow ...)
	NOT-FOR-US: Microsoft
CVE-2017-0081 (The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0080 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0079 (The kernel-mode drivers in Windows 8.1; Windows Server 2012 R2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0078 (The kernel-mode drivers in Microsoft Windows 8.1; Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0077 (The kernel-mode drivers in Windows Server 2008 SP2 and R2 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0076 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0075 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0074 (Hyper-V in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0073 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0072 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0071 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0070 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0069 (Microsoft Edge allows remote attackers to spoof web content via a ...)
	NOT-FOR-US: Microsoft
CVE-2017-0068 (Browsers in Microsoft Edge allow remote attackers to obtain sensitive ...)
	NOT-FOR-US: Microsoft
CVE-2017-0067 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0066 (Microsoft Edge allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0065 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0064 (A security feature bypass vulnerability exists in Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2017-0063 (The Color Management Module (ICM32.dll) memory handling functionality ...)
	NOT-FOR-US: Microsoft
CVE-2017-0062 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0061 (The Color Management Module (ICM32.dll) memory handling functionality ...)
	NOT-FOR-US: Microsoft
CVE-2017-0060 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0059 (Microsoft Internet Explorer 9 through 11 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0058 (A Win32k information disclosure vulnerability exists in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0057 (DNS client in Microsoft Windows 8.1; Windows Server 2012 R2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0056 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-0055 (Microsoft Internet Information Server (IIS) in Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0054
	RESERVED
CVE-2017-0053 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0052 (Microsoft Office Compatibility Pack SP3, Excel 2007 SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0051 (Microsoft Windows 10 1607 and Windows Server 2016 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0050 (The kernel API in Microsoft Windows Vista SP2; Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0049 (The VBScript engine in Microsoft Internet Explorer 11 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0048
	RESERVED
CVE-2017-0047 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0046
	RESERVED
CVE-2017-0045 (Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0044
	RESERVED
CVE-2017-0043 (Active Directory Federation Services in Microsoft Windows 10 1607, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0042 (Windows Media Player in Microsoft Windows 8.1; Windows Server 2012 R2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0041
	RESERVED
CVE-2017-0040 (The scripting engine in Microsoft Internet Explorer 9 through 11 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0039 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle dynamic link ...)
	NOT-FOR-US: Microsoft
CVE-2017-0038 (gdi32.dll in Graphics Device Interface (GDI) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0037 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge have a type ...)
	NOT-FOR-US: Microsoft
CVE-2017-0036
	RESERVED
CVE-2017-0035 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0034 (A remote code execution vulnerability exists when Microsoft Edge ...)
	NOT-FOR-US: Microsoft
CVE-2017-0033 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0032 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0031 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Word 2007 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0030 (Microsoft Office 2010 SP2, Office Compatibility Pack SP3, Office Web ...)
	NOT-FOR-US: Microsoft
CVE-2017-0029 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 RT SP1, and Word ...)
	NOT-FOR-US: Microsoft
CVE-2017-0028 (A remote code execution vulnerability exists when Microsoft scripting ...)
	NOT-FOR-US: Microsoft
CVE-2017-0027 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 RT SP1, Excel ...)
	NOT-FOR-US: Microsoft
CVE-2017-0026 (The kernel-mode drivers in Microsoft Windows 10 Gold, 1511, and 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0025 (The kernel-mode drivers in Microsoft Windows Vista; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2017-0024 (The kernel-mode drivers in Microsoft Windows 10 1607 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0023 (The PDF library in Microsoft Edge; Windows 8.1; Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2017-0022 (Microsoft XML Core Services (MSXML) in Windows 10 Gold, 1511, and ...)
	NOT-FOR-US: Microsoft
CVE-2017-0021 (Hyper-V in Microsoft Windows 10 1607 and Windows Server 2016 does not ...)
	NOT-FOR-US: Microsoft
CVE-2017-0020 (Microsoft Excel 2016, Excel 2010 SP2, Excel 2013 RT SP1, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2017-0019 (Microsoft Word 2016 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Microsoft
CVE-2017-0018 (Microsoft Internet Explorer 10 and 11 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0017 (The RegEx class in the XSS filter in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0016 (Microsoft Windows 10 Gold, 1511, and 1607; Windows 8.1; Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2017-0015 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0014 (The Windows Graphics Component in Microsoft Office 2010 SP2; Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0013
	RESERVED
CVE-2017-0012 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0011 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Microsoft
CVE-2017-0010 (A remote code execution vulnerability exists in the way affected ...)
	NOT-FOR-US: Microsoft
CVE-2017-0009 (Microsoft Internet Explorer 9 through 11 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0008 (Microsoft Internet Explorer 9 through 11 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2017-0007 (Device Guard in Microsoft Windows 10 Gold, 1511, 1607, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2017-0006 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2017-0005 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2017-0004 (The Local Security Authority Subsystem Service (LSASS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2017-0003 (Microsoft Word 2016 and SharePoint Enterprise Server 2016 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2017-0002 (Microsoft Edge allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Microsoft
CVE-2017-0001 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2016-8200
	RESERVED
CVE-2016-8199
	RESERVED
CVE-2016-8198
	RESERVED
CVE-2016-8197
	RESERVED
CVE-2016-8196
	RESERVED
CVE-2016-8195
	RESERVED
CVE-2016-8194
	RESERVED
CVE-2016-8193
	RESERVED
CVE-2016-8192
	RESERVED
CVE-2016-8191
	RESERVED
CVE-2016-8190
	RESERVED
CVE-2016-8189
	RESERVED
CVE-2016-8188
	RESERVED
CVE-2016-8187
	RESERVED
CVE-2016-8186
	RESERVED
CVE-2016-8185
	RESERVED
CVE-2016-8184
	RESERVED
CVE-2016-8183
	RESERVED
CVE-2016-8182
	RESERVED
CVE-2016-8181
	RESERVED
CVE-2016-8180
	RESERVED
CVE-2016-8179
	RESERVED
CVE-2016-8178
	RESERVED
CVE-2016-8177
	RESERVED
CVE-2016-8176
	RESERVED
CVE-2016-8175
	RESERVED
CVE-2016-8174
	RESERVED
CVE-2016-8173
	RESERVED
CVE-2016-8172
	RESERVED
CVE-2016-8171
	RESERVED
CVE-2016-8170
	RESERVED
CVE-2016-8169
	RESERVED
CVE-2016-8168
	RESERVED
CVE-2016-8167
	RESERVED
CVE-2016-8166
	RESERVED
CVE-2016-8165
	RESERVED
CVE-2016-8164
	RESERVED
CVE-2016-8163
	RESERVED
CVE-2016-8162
	RESERVED
CVE-2016-8161
	RESERVED
CVE-2016-8160
	RESERVED
CVE-2016-8159
	RESERVED
CVE-2016-8158
	RESERVED
CVE-2016-8157
	RESERVED
CVE-2016-8156
	RESERVED
CVE-2016-8155
	RESERVED
CVE-2016-8154
	RESERVED
CVE-2016-8153
	RESERVED
CVE-2016-8152
	RESERVED
CVE-2016-8151
	RESERVED
CVE-2016-8150
	RESERVED
CVE-2016-8149
	RESERVED
CVE-2016-8148
	RESERVED
CVE-2016-8147
	RESERVED
CVE-2016-8146
	RESERVED
CVE-2016-8145
	RESERVED
CVE-2016-8144
	RESERVED
CVE-2016-8143
	RESERVED
CVE-2016-8142
	RESERVED
CVE-2016-8141
	RESERVED
CVE-2016-8140
	RESERVED
CVE-2016-8139
	RESERVED
CVE-2016-8138
	RESERVED
CVE-2016-8137
	RESERVED
CVE-2016-8136
	RESERVED
CVE-2016-8135
	RESERVED
CVE-2016-8134
	RESERVED
CVE-2016-8133
	RESERVED
CVE-2016-8132
	RESERVED
CVE-2016-8131
	RESERVED
CVE-2016-8130
	RESERVED
CVE-2016-8129
	RESERVED
CVE-2016-8128
	RESERVED
CVE-2016-8127
	RESERVED
CVE-2016-8126
	RESERVED
CVE-2016-8125
	RESERVED
CVE-2016-8124
	RESERVED
CVE-2016-8123
	RESERVED
CVE-2016-8122
	RESERVED
CVE-2016-8121
	RESERVED
CVE-2016-8120
	RESERVED
CVE-2016-8119
	RESERVED
CVE-2016-8118
	RESERVED
CVE-2016-8117
	RESERVED
CVE-2016-8116
	RESERVED
CVE-2016-8115
	RESERVED
CVE-2016-8114
	RESERVED
CVE-2016-8113
	RESERVED
CVE-2016-8112
	RESERVED
CVE-2016-8111
	RESERVED
CVE-2016-8110
	RESERVED
CVE-2016-8109
	RESERVED
CVE-2016-8108
	RESERVED
CVE-2016-8107
	RESERVED
CVE-2016-8106 (A Denial of Service in Intel Ethernet Controller's X710/XL710 with ...)
	NOT-FOR-US: Intel driver
CVE-2016-8105 (Drivers for the Intel Ethernet Controller X710 and Intel Ethernet ...)
	NOT-FOR-US: Intel driver
CVE-2016-8104 (Buffer overflow in Intel PROSet/Wireless Software and Drivers in ...)
	NOT-FOR-US: Intel driver
CVE-2016-8103 (SMM call out in all Intel Branded NUC Kits allows a local privileged ...)
	NOT-FOR-US: Intel driver
CVE-2016-8102 (Unquoted service path vulnerability in Intel Wireless Bluetooth ...)
	NOT-FOR-US: Intel driver
CVE-2016-8101 (The updater subsystem in Intel SSD Toolbox before 3.3.7 allows local ...)
	NOT-FOR-US: Intel SSD Toolbox
CVE-2016-8100 (Intel Integrated Performance Primitives (aka IPP) Cryptography before ...)
	NOT-FOR-US: Intel
CVE-2016-8099
	REJECTED
CVE-2016-8098
	REJECTED
CVE-2016-8097
	REJECTED
CVE-2016-8096
	REJECTED
CVE-2016-8095
	REJECTED
CVE-2016-8094
	REJECTED
CVE-2016-8093
	REJECTED
CVE-2016-8092
	REJECTED
CVE-2016-8091
	REJECTED
CVE-2016-8090
	REJECTED
CVE-2016-8089
	REJECTED
CVE-2016-8088
	REJECTED
CVE-2016-8087
	REJECTED
CVE-2016-8086
	REJECTED
CVE-2016-8085
	REJECTED
CVE-2016-8084
	REJECTED
CVE-2016-8083
	REJECTED
CVE-2016-8082
	REJECTED
CVE-2016-8081
	REJECTED
CVE-2016-8080
	REJECTED
CVE-2016-8079
	REJECTED
CVE-2016-8078
	REJECTED
CVE-2016-8077
	REJECTED
CVE-2016-8076
	REJECTED
CVE-2016-8075
	REJECTED
CVE-2016-8074
	REJECTED
CVE-2016-8073
	REJECTED
CVE-2016-8072
	REJECTED
CVE-2016-8071
	REJECTED
CVE-2016-8070
	REJECTED
CVE-2016-8069
	REJECTED
CVE-2016-8068
	REJECTED
CVE-2016-8067
	REJECTED
CVE-2016-8066
	REJECTED
CVE-2016-8065
	REJECTED
CVE-2016-8064
	REJECTED
CVE-2016-8063
	REJECTED
CVE-2016-8062
	REJECTED
CVE-2016-8061
	REJECTED
CVE-2016-8060
	REJECTED
CVE-2016-8059
	REJECTED
CVE-2016-8058
	REJECTED
CVE-2016-8057
	REJECTED
CVE-2016-8056
	REJECTED
CVE-2016-8055
	REJECTED
CVE-2016-8054
	REJECTED
CVE-2016-8053
	REJECTED
CVE-2016-8052
	REJECTED
CVE-2016-8051
	REJECTED
CVE-2016-8050
	REJECTED
CVE-2016-8049
	RESERVED
CVE-2016-8048
	RESERVED
CVE-2016-8047
	RESERVED
CVE-2016-8046
	RESERVED
CVE-2016-8045
	RESERVED
CVE-2016-8044
	RESERVED
CVE-2016-8043
	RESERVED
CVE-2016-8042
	RESERVED
CVE-2016-8041
	RESERVED
CVE-2016-8040
	RESERVED
CVE-2016-8039
	REJECTED
CVE-2016-8038
	REJECTED
CVE-2016-8037
	REJECTED
CVE-2016-8036
	REJECTED
CVE-2016-8035
	REJECTED
CVE-2016-8034
	REJECTED
CVE-2016-8033
	REJECTED
CVE-2016-8032 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...)
	NOT-FOR-US: Intel Security Anti-Virus
CVE-2016-8031 (Software Integrity Attacks vulnerability in Intel Security Anti-Virus ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8030 (A memory corruption vulnerability in Scriptscan COM Object in McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8029
	REJECTED
CVE-2016-8028
	RESERVED
CVE-2016-8027 (SQL injection vulnerability in core services in Intel Security McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8026 (Arbitrary command execution vulnerability in Intel Security McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8025 (SQL injection vulnerability in Intel Security VirusScan Enterprise ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8024 (Improper neutralization of CRLF sequences in HTTP headers ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8023 (Authentication bypass by assumed-immutable data vulnerability in Intel ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8022 (Authentication bypass by spoofing vulnerability in Intel Security ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8021 (Improper verification of cryptographic signature vulnerability in ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8020 (Improper control of generation of code vulnerability in Intel Security ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8019 (Cross-site scripting (XSS) vulnerability in attributes in Intel ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8018 (Cross-site request forgery (CSRF) vulnerability in Intel Security ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8017 (Special element injection vulnerability in Intel Security VirusScan ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8016 (Information exposure in Intel Security VirusScan Enterprise Linux ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8015
	RESERVED
CVE-2016-8014
	RESERVED
CVE-2016-8013
	RESERVED
CVE-2016-8012 (Access control vulnerability in Intel Security Data Loss Prevention ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8011 (Cross-site scripting vulnerability in Intel Security McAfee Endpoint ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8010 (Application protections bypass vulnerability in Intel Security McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8009 (Privilege escalation vulnerability in Intel Security McAfee ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8008 (Privilege escalation vulnerability in Windows 7 and Windows 10 in ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8007 (Authentication bypass vulnerability in McAfee Host Intrusion ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8006 (Authentication bypass vulnerability in Enterprise Security Manager ...)
	NOT-FOR-US: Intel Security McAfee Security Information and Event Management
CVE-2016-8005 (File extension filtering vulnerability in Intel Security McAfee Email ...)
	NOT-FOR-US: Intel antivirus
CVE-2016-8004
	RESERVED
CVE-2016-8003
	RESERVED
CVE-2016-8002
	REJECTED
CVE-2016-8001
	RESERVED
CVE-2016-7999 (ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/78
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7998 (The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/76
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23186 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23189 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23192 (3.0)
	NOTE: reproducible in Jessie (3.0.17-2+deb8u2)
CVE-2016-7997 (The WPG format reader in GraphicsMagick 1.3.25 and earlier allows ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.25-4
	NOTE: patch for this and CVE-2016-7996 at: http://openwall.com/lists/oss-security/2016/10/07/4
CVE-2016-7996 (Heap-based buffer overflow in the WPG format reader in GraphicsMagick ...)
	{DSA-3746-1 DLA-683-1}
	- graphicsmagick 1.3.21-2
	NOTE: The patch addressing CVE-2016-7996 applied is in 1.3.25-4, but in
	NOTE: the experimental upload 1.3.20-4 and later uploaded to unstable as
	NOTE: 1.3.21-2 the build is done with --with-quantum-depth=16 switching
	NOTE: away from the default with QuantumDepth=8
	NOTE: patch for this and CVE-2016-7997 at: http://openwall.com/lists/oss-security/2016/10/07/4
CVE-2016-7995 (Memory leak in the ehci_process_itd function in hw/usb/hcd-ehci.c in ...)
	- qemu 1:2.8+dfsg-1 (bug #840236)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in v2.6.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg06609.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1382668
	NOTE: Vulnerable code introduced in 49d925ce50383a286278143c05511d30ec41a36e
	NOTE: Though this commit fixed an OOB read access issue which might need
	NOTE: potentially a new separate CVE id if it does not have one yet.
CVE-2016-7994 (Memory leak in the virtio_gpu_resource_create_2d function in ...)
	- qemu 1:2.8+dfsg-1 (bug #840228)
	[jessie] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.4.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg04129.html
CVE-2016-7993 (A bug in util-print.c:relts_print() in tcpdump before 4.9.0 could cause ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7992 (The Classical IP over ATM parser in tcpdump before 4.9.0 has a buffer ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7991 (On Samsung Galaxy S4 through S7 devices, the &quot;omacp&quot; app ignores ...)
	NOT-FOR-US: Samsung
CVE-2016-7990 (On Samsung Galaxy S4 through S7 devices, an integer overflow condition ...)
	NOT-FOR-US: Samsung
CVE-2016-7989 (On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS ...)
	NOT-FOR-US: Samsung
CVE-2016-7988 (On Samsung Galaxy S4 through S7 devices, absence of permissions on the ...)
	NOT-FOR-US: Samsung
CVE-2016-7987 (An issue was discovered in Siemens ETA4 firmware (all versions prior to ...)
	NOT-FOR-US: Siemens
CVE-2016-7986 (The GeoNetworking parser in tcpdump before 4.9.0 has a buffer overflow ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7985 (The CALM FAST parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7984 (The TFTP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7983 (The BOOTP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7982 (Directory traversal vulnerability in ecrire/exec/valider_xml.php in ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/73
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23180 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23182 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23184 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23185 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23188 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23191 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23187 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23190 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23193 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23206 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23207 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23208 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7981 (Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/68
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1.x)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0.x)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7980 (Cross-site request forgery (CSRF) vulnerability in ...)
	{DLA-695-1}
	- spip 3.1.3-1
	[jessie] - spip 3.0.17-2+deb8u3
	NOTE: http://seclists.org/fulldisclosure/2016/Oct/67
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23200 (master)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23201 (3.1)
	NOTE: https://core.spip.net/projects/spip/repository/revisions/23202 (3.0)
	NOTE: reproducible in Wheezy (2.1.17-1+deb7u5) and Jessie (3.0.17-2+deb8u2)
CVE-2016-7975 (The TCP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7974 (The IP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7973 (The AppleTalk parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7972 (The check_allocations function in libass/ass_shaper.c in libass before ...)
	{DLA-668-1}
	- libass 0.13.4-1
	[jessie] - libass <no-dsa> (Minor issue)
	NOTE: https://github.com/libass/libass/pull/240/commits/aa54e0b59200a994d50a346b5d7ac818ebcf2d4b
CVE-2016-7971
	REJECTED
CVE-2016-7970 (Buffer overflow in the calc_coeff function in libass/ass_blur.c in ...)
	- libass 0.13.4-1
	[jessie] - libass <not-affected> (Vulnerable code introduced later)
	[wheezy] - libass <not-affected> (Vulnerable code first introduced in July 2015)
	NOTE: Fixed by: https://github.com/libass/libass/pull/240/commits/08e754612019ed84d1db0d1fc4f5798248decd75
	NOTE: Vulnerable function calc_coeff introduced in: https://github.com/libass/libass/commit/d787615845d78d8f8e6d1a4ffc3dc3eecd8a92f6 (0.13.0)
CVE-2016-7969 (The wrap_lines_smart function in ass_render.c in libass before 0.13.4 ...)
	{DLA-668-1}
	- libass 0.13.4-1
	[jessie] - libass <no-dsa> (Minor issue)
	NOTE: https://github.com/libass/libass/pull/240/commits/b72b283b936a600c730e00875d7d067bded3fc26
CVE-2016-7968 (KMail since version 5.3.0 used a QWebEngine based viewer that had ...)
	- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
	NOTE: https://www.kde.org/info/security/advisory-20161006-3.txt
	NOTE: Would by fixed by: https://cgit.kde.org/messagelib.git/commit/?id=f601f9ffb706f7d3a5893b04f067a1f75da62c99
	NOTE: and building with Qt 5.7.0.
	NOTE: Following patches partly sanitize mails but still make it possible to inject code:
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=3503b75e9c79c3861e182588a0737baf165abd23 (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=a8744798dfdf8e41dd6a378e48662c66302b0019 (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=77976584a4ed2797437a2423704abdd7ece7834a (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=fb1be09360c812d24355076da544030a67b736fc (v16.08.2)
	NOTE: https://cgit.kde.org/messagelib.git/commit/?id=0402c17a8ead92188971cb604d905b3072d56a73 (v16.08.2)
	NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
	NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7967 (KMail since version 5.3.0 used a QWebEngine based viewer that had ...)
	- kf5-messagelib <not-affected> (Doesn't use qtwebengine, see bug #853241)
	NOTE: https://www.kde.org/info/security/advisory-20161006-2.txt
	NOTE: Fixed by: https://cgit.kde.org/messagelib.git/commit/?id=dfc6a86f1b25f1da04b8f1df5320fcdd7085bcc1 (16.11.80)
	NOTE: The issue is mitigated with the fixes applied for CVE-2016-7966, and a
	NOTE: user protected from this CVE by only viewing plain text mails.
CVE-2016-7966 (Through a malicious URL that contained a quote character it was ...)
	{DSA-3697-1 DLA-673-1}
	- kdepimlibs 4:4.14.10-7 (bug #840546)
	- kcoreaddons 5.26.0-3 (bug #840547)
	NOTE: https://www.kde.org/info/security/advisory-20161006-1.txt
CVE-2016-7965 (DokuWiki 2016-06-26a and older uses $_SERVER[HTTP_HOST] instead of the ...)
	- dokuwiki <unfixed> (bug #844732)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1709
CVE-2016-7964 (The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php ...)
	- dokuwiki <unfixed> (bug #844731)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1708
CVE-2016-7963
	RESERVED
CVE-2016-7962
	RESERVED
CVE-2016-7961
	RESERVED
CVE-2016-7960 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 uses an improper format ...)
	NOT-FOR-US: Siemens
CVE-2016-7959 (Siemens SIMATIC STEP 7 (TIA Portal) before 14 improperly stores ...)
	NOT-FOR-US: Siemens
CVE-2016-7958 (In Wireshark 2.2.0, the NCP dissector could crash, triggered by packet ...)
	- wireshark 2.2.1+ga6fbd27-1
	[jessie] - wireshark <not-affected> (Introduced with "Add checkAPI calls to CMake")
	[wheezy] - wireshark <not-affected> (Introduced with "Add checkAPI calls to CMake")
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12945
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67597cb2457fb843fa97d3f2c87b82dad6f0de07
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-57.html
CVE-2016-7957 (In Wireshark 2.2.0, the Bluetooth L2CAP dissector could crash, ...)
	- wireshark 2.2.1+ga6fbd27-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12825
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=355b56b1c6c545072ac0c1225730b526c6749f0a
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-56.html
CVE-2016-7956
	RESERVED
CVE-2016-7955 (The logcheck function in session.inc in AlienVault OSSIM before 5.3.1, ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2016-7954 (Bundler 1.x might allow remote attackers to inject arbitrary Ruby code ...)
	- bundler <unfixed> (bug #842504)
	[stretch] - bundler <ignored> (Minor issue, too intrusive to backport)
	[jessie] - bundler <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - bundler <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: http://www.openwall.com/lists/oss-security/2016/10/04/5
	NOTE: There is no plan (yet) from upstream to address this for bundler 1.x
	NOTE: due to lockfile format.
CVE-2016-7953 (Buffer underflow in X.org libXvMC before 1.0.10 allows remote X ...)
	{DLA-671-1}
	- libxvmc 2:1.0.10-1 (low; bug #840445)
	[jessie] - libxvmc 2:1.0.8-2+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXvMC/commit/?id=2cd95e7da8367cccdcdd5c9b160012d1dec5cbdb
CVE-2016-7952 (X.org libXtst before 1.2.3 allows remote X servers to cause a denial ...)
	{DLA-686-1}
	- libxtst 2:1.2.3-1 (low; bug #840444)
	[jessie] - libxtst 2:1.2.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7951 (Multiple integer overflows in X.org libXtst before 1.2.3 allow remote ...)
	{DLA-686-1}
	- libxtst 2:1.2.3-1 (low; bug #840444)
	[jessie] - libxtst 2:1.2.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXtst/commit/?id=9556ad67af3129ec4a7a4f4b54a0d59701beeae3
CVE-2016-7950 (The XRenderQueryFilters function in X.org libXrender before 0.9.10 ...)
	{DLA-664-1}
	- libxrender 1:0.9.10-1 (low; bug #840443)
	[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point release)
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=8fad00b0b647ee662ce4737ca15be033b7a21714
CVE-2016-7949 (Multiple buffer overflows in the (1) XvQueryAdaptors and (2) ...)
	{DLA-664-1}
	- libxrender 1:0.9.10-1 (low; bug #840443)
	[jessie] - libxrender <no-dsa> (Minor issue, will be fixed in a point release)
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrender/commit/?id=9362c7ddd1af3b168953d0737877bc52d79c94f4
CVE-2016-7948 (X.org libXrandr before 1.5.1 allows remote X servers to trigger ...)
	{DLA-660-1}
	- libxrandr 2:1.5.1-1 (low; bug #840441)
	[jessie] - libxrandr 2:1.4.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7947 (Multiple integer overflows in X.org libXrandr before 1.5.1 allow ...)
	{DLA-660-1}
	- libxrandr 2:1.5.1-1 (low; bug #840441)
	[jessie] - libxrandr 2:1.4.2-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXrandr/commit/?id=a0df3e1c7728205e5c7650b2e6dce684139254a6
CVE-2016-7946 (X.org libXi before 1.7.7 allows remote X servers to cause a denial of ...)
	{DLA-685-1}
	- libxi 2:1.7.8-1 (low; bug #840440)
	[jessie] - libxi 2:1.7.4-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7945 (Multiple integer overflows in X.org libXi before 1.7.7 allow remote X ...)
	{DLA-685-1}
	- libxi 2:1.7.8-1 (low; bug #840440)
	[jessie] - libxi 2:1.7.4-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXi/commit/?id=19a9cd607de73947fcfb104682f203ffe4e1f4e5
	NOTE: Regression: https://bugs.freedesktop.org/98204
CVE-2016-7944 (Integer overflow in X.org libXfixes before 5.0.3 on 32-bit platforms ...)
	{DLA-654-1}
	- libxfixes 1:5.0.3-1 (low; bug #840442)
	[jessie] - libxfixes 1:5.0.1-2+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfixes/commit/?id=61c1039ee23a2d1de712843bed3480654d7ef42e
CVE-2016-7943 (The XListFonts function in X.org libX11 before 1.6.4 might allow ...)
	{DLA-684-1}
	- libx11 2:1.6.4-1 (low; bug #840439)
	[jessie] - libx11 2:1.6.2-3+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8c29f1607a31dac0911e45a0dd3d74173822b3c9
CVE-2016-7942 (The XGetImage function in X.org libX11 before 1.6.4 might allow remote ...)
	{DLA-684-1}
	- libx11 2:1.6.4-1 (low; bug #840439)
	[jessie] - libx11 2:1.6.2-3+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=8ea762f94f4c942d898fdeb590a1630c83235c17
CVE-2016-7941
	RESERVED
CVE-2016-7940 (The STP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7939 (The GRE parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7938 (The ZeroMQ parser in tcpdump before 4.9.0 has an integer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7937 (The VAT parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7936 (The UDP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7935 (The RTP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7934 (The RTCP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7933 (The PPP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7932 (The PIM parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7931 (The MPLS parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7930 (The LLC/SNAP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7929 (The Juniper PPPoE ATM parser in tcpdump before 4.9.0 has a buffer ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7928 (The IPComp parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7927 (The IEEE 802.11 parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7926 (The Ethernet parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7925 (The compressed SLIP parser in tcpdump before 4.9.0 has a buffer ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7924 (The ATM parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7923 (The ARP parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7922 (The AH parser in tcpdump before 4.9.0 has a buffer overflow in ...)
	{DSA-3775-1 DLA-809-1}
	- tcpdump 4.9.0-1
CVE-2016-7920
	RESERVED
CVE-2016-7919 (** DISPUTED ** Moodle 3.1.2 allows remote attackers to obtain ...)
	NOTE: Disputed moodle non-issue
CVE-2016-7918
	RESERVED
CVE-2016-7917 (The nfnetlink_rcv_batch function in net/netfilter/nfnetlink.c in the ...)
	- linux 4.5.1-1 (low)
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/c58d6c93680f28ac58984af61d0a7ebf4319c241 (v4.5-rc6)
CVE-2016-7916 (Race condition in the environ_read function in fs/proc/base.c in the ...)
	- linux 4.5.4-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/8148a73c9901a8794a50f950083c00ccf97d43b3 (v4.6-rc7)
CVE-2016-7915 (The hid_input_field function in drivers/hid/hid-core.c in the Linux ...)
	{DLA-772-1}
	- linux 4.6.1-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/50220dead1650609206efe91f0cc116132d59b3f (v4.6-rc1)
CVE-2016-7914 (The assoc_array_insert_into_terminal_node function in ...)
	- linux 4.5.3-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2 (v4.6-rc4)
CVE-2016-7913 (The xc2028_set_config function in drivers/media/tuners/tuner-xc2028.c ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/8dfbcc4351a0b6d2f2d77f367552f48ffefafe18 (v4.6-rc1)
CVE-2016-7912 (Use-after-free vulnerability in the ffs_user_copy_worker function in ...)
	- linux 4.5.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/38740a5b87d53ceb89eb2c970150f6e94e00373a (v4.6-rc5)
CVE-2016-7911 (Race condition in the get_task_ioprio function in block/ioprio.c in ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/8ba8682107ee2ca3347354e018865d8e1967c5f4 (v4.7-rc7)
CVE-2016-7910 (Use-after-free vulnerability in the disk_seqf_stop function in ...)
	{DLA-772-1}
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	NOTE: Fixed by: https://git.kernel.org/linus/77da160530dd1dc94f6ae15a981f24e5f0021e84 (v4.8-rc1)
CVE-2016-7909 (The pcnet_rdra_addr function in hw/net/pcnet.c in QEMU (aka Quick ...)
	{DLA-698-1 DLA-689-1}
	- qemu 1:2.8+dfsg-1 (bug #839834)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg07942.html
CVE-2016-7908 (The mcf_fec_do_tx function in hw/net/mcf_fec.c in QEMU (aka Quick ...)
	{DLA-653-1 DLA-652-1}
	- qemu 1:2.8+dfsg-1 (bug #839835)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05557.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=070c4b92b8cd5390889716677a0b92444d6e087a
CVE-2016-7907 (The imx_fec_do_tx function in hw/net/imx_fec.c in QEMU (aka Quick ...)
	- qemu 1:2.8+dfsg-3 (bug #839986)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	- qemu-kvm <not-affected> (Vulnerable code introduced after v2.5.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg05556.html
	NOTE: i.MX Fast Ethernet Controller emulation introduced in v2.5.0-rc0 with
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fcbd8018e645f3ab1ef9af94dc88a0d3272926d3 (v2.5.0-rc0)
CVE-2016-7906 (magick/attribute.c in ImageMagick 7.0.3-2 allows remote attackers to ...)
	{DSA-3726-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840435)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/281
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d63a3c5729df59f183e9e110d5d8385d17caaad0
CVE-2016-7905 (The read_gab2_sub function in libavformat/avidec.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/622ccbd8ab894e3ac6cdf607e3d4f39e406786e9 (n3.1.4)
CVE-2016-7904 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2016-7903 (Dotclear before 2.10.3, when the Host header is not part of the web ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/bb06343f4247
CVE-2016-7902 (Unrestricted file upload vulnerability in the fileUnzip-&gt;unzip method ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/a9db771a5a70
CVE-2016-7901
	REJECTED
CVE-2016-7900
	REJECTED
CVE-2016-7899
	REJECTED
CVE-2016-7898
	REJECTED
CVE-2016-7897
	REJECTED
CVE-2016-7896
	REJECTED
CVE-2016-7895
	REJECTED
CVE-2016-7894
	REJECTED
CVE-2016-7893
	REJECTED
CVE-2016-7892 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7891 (Adobe RoboHelp version 2015.0.3 and earlier, RoboHelp 11 and earlier ...)
	NOT-FOR-US: Adobe
CVE-2016-7890 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7889 (Adobe Digital Editions versions 4.5.2 and earlier has an issue with ...)
	NOT-FOR-US: Adobe
CVE-2016-7888 (Adobe Digital Editions versions 4.5.2 and earlier has an important ...)
	NOT-FOR-US: Adobe
CVE-2016-7887 (Adobe ColdFusion Builder versions 2016 update 2 and earlier, 3.0.3 and ...)
	NOT-FOR-US: Adobe
CVE-2016-7886 (Adobe InDesign version 11.4.1 and earlier, Adobe InDesign Server 11.0.0 ...)
	NOT-FOR-US: Adobe
CVE-2016-7885 (Adobe Experience Manager versions 6.2 and earlier have a vulnerability ...)
	NOT-FOR-US: Adobe
CVE-2016-7884 (Adobe Experience Manager versions 6.1 and earlier have an input ...)
	NOT-FOR-US: Adobe
CVE-2016-7883 (Adobe Experience Manager version 6.2 has an input validation issue in ...)
	NOT-FOR-US: Adobe
CVE-2016-7882 (Adobe Experience Manager versions 6.2 and earlier have an input ...)
	NOT-FOR-US: Adobe
CVE-2016-7881 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7880 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7879 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7878 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7877 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7876 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7875 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7874 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7873 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7872 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7871 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7870 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7869 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7868 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7867 (Adobe Flash Player versions 23.0.0.207 and earlier, 11.2.202.644 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7866 (Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory ...)
	NOT-FOR-US: Adobe Animate
CVE-2016-7865 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7864 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7863 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7862 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7861 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7860 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7859 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7858 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7857 (Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7856 (Adobe DNG Converter versions 9.7 and earlier have an exploitable memory ...)
	NOT-FOR-US: Adobe DNG Converter
CVE-2016-7855 (Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7854 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7853 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7852 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7851 (Adobe Connect version 9.5.6 and earlier does not adequately validate ...)
	NOT-FOR-US: Adobe
CVE-2016-7850
	REJECTED
CVE-2016-7849
	REJECTED
CVE-2016-7848
	REJECTED
CVE-2016-7847
	REJECTED
CVE-2016-7846
	REJECTED
CVE-2016-7845 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to upload ...)
	NOT-FOR-US: GigaCC OFFICE
CVE-2016-7844 (GigaCC OFFICE ver.2.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: GigaCC OFFICE
CVE-2016-7843 (Directory traversal vulnerability in AttacheCase for Java 0.60 and ...)
	NOT-FOR-US: AttacheCase
CVE-2016-7842 (Directory traversal vulnerability in AttacheCase 2.8.2.8 and earlier ...)
	NOT-FOR-US: AttacheCase
CVE-2016-7841 (Cross-site scripting vulnerability in Olive Diary DX allows remote ...)
	NOT-FOR-US: Olive Diary DX
CVE-2016-7840 (Cross-site scripting vulnerability in WEB SCHEDULE allows remote ...)
	NOT-FOR-US: WEB SCHEDULE
CVE-2016-7839 (Cross-site scripting vulnerability in Olive Blog allows remote ...)
	NOT-FOR-US: Olive Blog
CVE-2016-7838 (Untrusted search path vulnerability in WinSparkle versions prior to ...)
	NOT-FOR-US: WinSparkle
CVE-2016-7837 (Buffer overflow in BlueZ 5.41 and earlier allows an attacker to ...)
	- bluez 5.43-1
	[jessie] - bluez <no-dsa> (Minor issue)
	[wheezy] - bluez <no-dsa> (Minor issue)
	NOTE: Fixed by: http://git.kernel.org/cgit/bluetooth/bluez.git/commit/?id=8514068150759c1d6a46d4605d2351babfde1601 (5.42)
CVE-2016-7836 (SKYSEA Client View Ver.11.221.03 and earlier allows remote code ...)
	NOT-FOR-US: SKYSEA Client View
CVE-2016-7835 (Use-after-free vulnerability in H2O allows remote attackers to cause a ...)
	NOT-FOR-US: H2O
CVE-2016-7834 (SONY SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, ...)
	NOT-FOR-US: SONY
CVE-2016-7833 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Cybozu
CVE-2016-7832 (Cybozu Dezie 8.0.0 to 8.1.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Cybozu
CVE-2016-7831 (Sleipnir 4 Black Edition for Mac 4.5.3 and earlier and Sleipnir 4 for ...)
	NOT-FOR-US: Sleipnir
CVE-2016-7830 (Sony PCS-XG100, PCS-XG100S, PCS-XG100C, PCS-XG77, PCS-XG77S, PCS-XG77C ...)
	NOT-FOR-US: Sony
CVE-2016-7829
	REJECTED
CVE-2016-7828
	REJECTED
CVE-2016-7827
	REJECTED
CVE-2016-7826 (Directory traversal vulnerability in Buffalo WNC01WH devices with ...)
	NOT-FOR-US: Buffalo
CVE-2016-7825 (Directory traversal vulnerability in Buffalo WNC01WH devices with ...)
	NOT-FOR-US: Buffalo
CVE-2016-7824 (Buffalo NC01WH devices with firmware version 1.0.0.8 and earlier ...)
	NOT-FOR-US: Buffalo
CVE-2016-7823 (Cross-site scripting vulnerability in Buffalo WNC01WH devices with ...)
	NOT-FOR-US: Buffalo
CVE-2016-7822 (Cross-site request forgery (CSRF) vulnerability in Buffalo WNC01WH ...)
	NOT-FOR-US: Buffalo
CVE-2016-7821 (Buffalo WNC01WH devices with firmware version 1.0.0.8 and earlier ...)
	NOT-FOR-US: Buffalo
CVE-2016-7820 (Buffer overflow in I-O DATA DEVICE TS-WRLP firmware version 1.01.02 ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7819 (I-O DATA DEVICE TS-WRLP firmware version 1.01.02 and earlier and ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7818 (Untrusted search path vulnerability in Installers for Specification ...)
	NOT-FOR-US: Untrusted search path vulnerability in various installers
CVE-2016-7817 (Cross-site scripting vulnerability in Simple keitai chat 2.0 and ...)
	NOT-FOR-US: Simple keitai chat
CVE-2016-7816 (The Cybozu kintone mobile for Android 1.0.6 and earlier does not ...)
	NOT-FOR-US: Cybozu
CVE-2016-7815 (Remote Service Manager 3.0.0 to 3.1.4 fails to verify client ...)
	NOT-FOR-US: Remote Service Manager provided by Cybozu
CVE-2016-7814 (I-O DATA DEVICE TS-WRLP firmware version 1.00.01 and earlier and ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7813 (Cross-site scripting vulnerability in DERAEMON-CMS version 0.8.9 and ...)
	NOT-FOR-US: DERAEMON-CMS
CVE-2016-7812 (The Bank of Tokyo-Mitsubishi UFJ, Ltd. App for Android ver5.3.1, ...)
	NOT-FOR-US: Bank of Tokyo-Mitsubishi UFJ, Ltd. App
CVE-2016-7811 (Corega CG-WLR300NX firmware Ver. 1.20 and earlier allows an attacker ...)
	NOT-FOR-US: Corega
CVE-2016-7810 (Cross-site scripting vulnerability in Corega CG-WLR300NX firmware Ver. ...)
	NOT-FOR-US: Corega
CVE-2016-7809 (Cross-site request forgery (CSRF) vulnerability in Corega CG-WLR300NX ...)
	NOT-FOR-US: Corega
CVE-2016-7808 (Cross-site scripting vulnerability in Corega CG-WLBARGMH and ...)
	NOT-FOR-US: Corega
CVE-2016-7807 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7806 (I-O DATA DEVICE WFS-SR01 firmware version 1.10 and earlier allow ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2016-7805 (The mobiGate App for Android version 2.2.1.2 and earlier and mobiGate ...)
	NOT-FOR-US: mobiGate App
CVE-2016-7804 (Untrusted search path vulnerability in 7 Zip for Windows 16.02 and ...)
	NOT-FOR-US: 7 Zip for Windows
CVE-2016-7803 (SQL injection vulnerability in the Cybozu Garoon 3.0.0 to 4.2.2 allows ...)
	NOT-FOR-US: Cybozu
CVE-2016-7802 (Directory traversal vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 ...)
	NOT-FOR-US: Cybozu
CVE-2016-7801 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote attackers to bypass access ...)
	NOT-FOR-US: Cybozu
CVE-2016-7800 (Integer underflow in the parse8BIM function in coders/meta.c in ...)
	{DSA-3746-1 DLA-651-1}
	- graphicsmagick 1.3.25-3
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/5c7b6d6094a25e99c57f8b18343914ebfd8213ef/
CVE-2016-7799 (MagickCore/profile.c in ImageMagick before 7.0.3-2 allows remote ...)
	{DSA-3726-1 DLA-756-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #840437)
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/280
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a7bb158b7bedd1449a34432feb3a67c8f1873bfa
CVE-2016-7798 (The openssl gem for Ruby uses the same initialization vector (IV) in ...)
	{DSA-3966-1}
	- ruby2.3 2.3.3-1+deb9u1 (bug #842432)
	- ruby2.1 <removed> (bug #842544)
	[jessie] - ruby2.1 <no-dsa> (Minor issue)
	NOTE: https://github.com/ruby/openssl/issues/49
	NOTE: https://github.com/ruby/openssl/commit/8108e0a6db133f3375608303fdd2083eb5115062
	- ruby-attr-encrypted 3.0.1-2
	NOTE: https://github.com/attr-encrypted/attr_encrypted/issues/203
	- ruby-encryptor 3.0.0-1
	NOTE: https://github.com/attr-encrypted/encryptor/pull/22
CVE-2016-7797 (Pacemaker before 1.1.15, when using pacemaker remote, might allow ...)
	- pacemaker 1.1.15~rc3-1
	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced after 1.1.10)
	NOTE: http://bugs.clusterlabs.org/show_bug.cgi?id=5269
	NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/5ec24a2642bd0854b884d1a9b51d12371373b410 (Pacemaker-1.1.15-rc1)
	NOTE: Vulnerable code introduced in: https://github.com/ClusterLabs/pacemaker/commit/87f40917feb5109f827d83765c924acbbd824379 (Pacemaker-1.1.12-rc1)
CVE-2016-7796 (The manager_dispatch_notify_fd function in systemd allows local users ...)
	{DLA-659-1}
	- systemd 231-9 (bug #839607)
	[jessie] - systemd 215-17+deb8u6
	NOTE: https://github.com/systemd/systemd/issues/4234#issuecomment-250441246
	NOTE: Fixed by: https://github.com/systemd/systemd/pull/4240
CVE-2016-7795 (The manager_invoke_notify_message function in systemd 231 and earlier ...)
	- systemd 231-9 (bug #839171)
	[jessie] - systemd <not-affected> (Introduced in 219)
	[wheezy] - systemd <not-affected> (Introduced in 219)
	NOTE: https://github.com/systemd/systemd/issues/4234
	NOTE: https://github.com/systemd/systemd/commit/531ac2b2349da02acc9c382849758e07eb92b020
	NOTE: Originally fixed in 231-8 but caused a regression fixed in 231-9
	NOTE: https://www.agwa.name/blog/post/how_to_crash_systemd_in_one_tweet
CVE-2016-7794 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to ...)
	- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7793 (sociomantic-tsunami git-hub before 0.10.3 allows remote attackers to ...)
	- git-hub 0.10.2-2 (bug #839284)
CVE-2016-7792 (Ubiquiti Networks UniFi 5.2.7 does not restrict access to the ...)
	NOT-FOR-US: Ubiquiti Networks UniFi
CVE-2016-7791 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7790 (Exponent CMS 2.3.9 suffers from a remote code execution vulnerability ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7789 (SQL injection vulnerability in framework/core/models/expConfig.php in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7788 (SQL injection vulnerability in framework/modules/users/models/user.php ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7787 (A maliciously crafted command line for kdesu can result in the user ...)
	- kde-cli-tools 4:5.8.0-1 (bug #839865)
	- kde-runtime 4:16.08.3-2 (bug #842498)
	[jessie] - kde-runtime <no-dsa> (Minor issue)
	[wheezy] - kde-runtime <not-affected> (Unicode string terminator is not interpreted)
	- kdesudo <removed> (bug #843790)
	[stretch] - kdesudo <no-dsa> (Minor issue)
	[jessie] - kdesudo <no-dsa> (Minor issue)
	[wheezy] - kdesudo <not-affected> (Unicode string terminator is not interpreted)
	NOTE: https://www.kde.org/info/security/advisory-20160930-1.txt
	NOTE: https://github.com/KDE/kde-cli-tools/commit/5eda179a099ba68a20dc21dc0da63e85a565a171
	NOTE: For kde-cli-tools fixed in 5.7.5 upstream
	NOTE: kde-runtime's affected binary is /usr/lib/kde4/libexec/kdesu-distrib/kdesu
	NOTE: kdesudo's affected binary is /usr/bin/kdesudo
CVE-2016-7786 (Sophos Cyberoam UTM CR25iNG 10.6.3 MR-5 allows remote authenticated ...)
	NOT-FOR-US: Sophos
CVE-2016-7785 (The avi_read_seek function in libavformat/avidec.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/c8c5f66b42edc37474baa5cb51460cbf6f33075b (n3.1.4)
CVE-2016-7784 (SQL injection vulnerability in the getSection function in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7783 (SQL injection vulnerability in framework/core/models/expRecord.php in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7782 (SQL injection vulnerability in framework/core/models/expConfig.php in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7781 (SQL injection vulnerability in ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7780 (SQL injection vulnerability in cron/find_help.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7779
	RESERVED
CVE-2016-7778
	RESERVED
CVE-2016-7777 (Xen 4.7.x and earlier does not properly honor CR0.TS and CR0.EM, which ...)
	{DSA-3729-1 DLA-699-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-190.html
CVE-2016-7776
	RESERVED
CVE-2016-7775
	REJECTED
CVE-2016-7774
	REJECTED
CVE-2016-7773
	REJECTED
CVE-2016-7772
	REJECTED
CVE-2016-7771
	REJECTED
CVE-2016-7770
	REJECTED
CVE-2016-7769
	REJECTED
CVE-2016-7768
	REJECTED
CVE-2016-7767
	REJECTED
CVE-2016-7766
	REJECTED
CVE-2016-7765 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7764
	REJECTED
CVE-2016-7763
	REJECTED
CVE-2016-7762 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7761 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7760
	REJECTED
CVE-2016-7759 (An issue was discovered in certain Apple products. iOS before 10 is ...)
	NOT-FOR-US: Apple
CVE-2016-7758
	REJECTED
CVE-2016-7757
	REJECTED
CVE-2016-7756
	REJECTED
CVE-2016-7755
	REJECTED
CVE-2016-7754
	REJECTED
CVE-2016-7753
	REJECTED
CVE-2016-7752
	REJECTED
CVE-2016-7751
	REJECTED
CVE-2016-7750
	REJECTED
CVE-2016-7749
	REJECTED
CVE-2016-7748
	REJECTED
CVE-2016-7747
	REJECTED
CVE-2016-7746
	REJECTED
CVE-2016-7745
	REJECTED
CVE-2016-7744
	REJECTED
CVE-2016-7743
	REJECTED
CVE-2016-7742 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7741
	REJECTED
CVE-2016-7740
	REJECTED
CVE-2016-7739
	REJECTED
CVE-2016-7738
	REJECTED
CVE-2016-7737
	REJECTED
CVE-2016-7736
	REJECTED
CVE-2016-7735
	REJECTED
CVE-2016-7734
	REJECTED
CVE-2016-7733
	REJECTED
CVE-2016-7732
	REJECTED
CVE-2016-7731
	REJECTED
CVE-2016-7730
	REJECTED
CVE-2016-7729
	REJECTED
CVE-2016-7728
	REJECTED
CVE-2016-7727
	REJECTED
CVE-2016-7726
	REJECTED
CVE-2016-7725
	REJECTED
CVE-2016-7724
	REJECTED
CVE-2016-7723
	REJECTED
CVE-2016-7722
	REJECTED
CVE-2016-7721
	REJECTED
CVE-2016-7720
	REJECTED
CVE-2016-7719
	REJECTED
CVE-2016-7718
	REJECTED
CVE-2016-7717
	REJECTED
CVE-2016-7716
	REJECTED
CVE-2016-7715
	REJECTED
CVE-2016-7714 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7713
	REJECTED
CVE-2016-7712
	REJECTED
CVE-2016-7711
	REJECTED
CVE-2016-7710
	REJECTED
CVE-2016-7709
	REJECTED
CVE-2016-7708
	REJECTED
CVE-2016-7707
	REJECTED
CVE-2016-7706
	REJECTED
CVE-2016-7705
	REJECTED
CVE-2016-7704
	RESERVED
CVE-2016-7703
	REJECTED
CVE-2016-7702
	REJECTED
CVE-2016-7701
	REJECTED
CVE-2016-7700
	REJECTED
CVE-2016-7699
	REJECTED
CVE-2016-7698
	REJECTED
CVE-2016-7697
	REJECTED
CVE-2016-7696
	REJECTED
CVE-2016-7695
	REJECTED
CVE-2016-7694
	REJECTED
CVE-2016-7693
	REJECTED
CVE-2016-7692
	REJECTED
CVE-2016-7691
	REJECTED
CVE-2016-7690
	REJECTED
CVE-2016-7689
	REJECTED
CVE-2016-7688
	REJECTED
CVE-2016-7687
	REJECTED
CVE-2016-7686
	REJECTED
CVE-2016-7685
	REJECTED
CVE-2016-7684
	REJECTED
CVE-2016-7683
	REJECTED
CVE-2016-7682
	REJECTED
CVE-2016-7681
	REJECTED
CVE-2016-7680
	REJECTED
CVE-2016-7679
	REJECTED
CVE-2016-7678
	REJECTED
CVE-2016-7677
	REJECTED
CVE-2016-7676
	REJECTED
CVE-2016-7675
	REJECTED
CVE-2016-7674
	REJECTED
CVE-2016-7673
	REJECTED
CVE-2016-7672
	REJECTED
CVE-2016-7671
	REJECTED
CVE-2016-7670
	REJECTED
CVE-2016-7669
	REJECTED
CVE-2016-7668
	REJECTED
CVE-2016-7667 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7666 (An issue was discovered in certain Apple products. Transporter before ...)
	NOT-FOR-US: Apple
CVE-2016-7665 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7664 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7663 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7662 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7661 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7660 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7659 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7658 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7657 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7656 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7655 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7654 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7653 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7652 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7651 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7650 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7649 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7648 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7647
	REJECTED
CVE-2016-7646 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7645 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7644 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7643 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7642 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7641 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7640 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7639 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7638 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7637 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7636 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7635 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7634 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7633 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7632 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7631
	REJECTED
CVE-2016-7630 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7629 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7628 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7627 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7626 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7625 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7624 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7623 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7622 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7621 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7620 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7619 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7618 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7617 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7616 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7615 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7614 (An issue was discovered in certain Apple products. iCloud before 6.1 ...)
	NOT-FOR-US: Apple
CVE-2016-7613 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-7612 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7611 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7610 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7609 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7608 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7607 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7606 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7605 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7604 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7603 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7602 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7601 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7600 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7599 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7598 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7597 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7596 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7595 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7594 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7593
	REJECTED
CVE-2016-7592 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7591 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7590
	REJECTED
CVE-2016-7589 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7588 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-7587 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7586 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-7585 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-7584 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-7583 (An issue was discovered in certain Apple products. iCloud before 6.0.1 ...)
	NOT-FOR-US: Apple
CVE-2016-7582 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-7581 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-7580 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-7579 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-7578 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-7577 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-7576
	RESERVED
CVE-2016-7574
	RESERVED
CVE-2016-7573
	RESERVED
CVE-2016-7572 (The system.temporary route in Drupal 8.x before 8.1.10 does not ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7571 (Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7570 (Drupal 8.x before 8.1.10 does not properly check for &quot;Administer ...)
	- drupal7 <not-affected> (Only affects Drupal 8)
CVE-2016-7569 (Directory traversal vulnerability in docker2aci before 0.13.0 allows ...)
	- golang-github-appc-docker2aci 0.14.0+dfsg-1 (bug #839282)
	NOTE: https://github.com/appc/docker2aci/issues/201
CVE-2016-7568 (Integer overflow in the gdImageWebpCtx function in gd_webp.c in the GD ...)
	{DSA-3693-1}
	- libgd2 2.2.3-87-gd0fec80-1 (bug #839659)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: libgd bug: https://github.com/libgd/libgd/issues/308
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/2806adfdc27a94d333199345394d7c302952b95f
	- php7.0 7.0.12-1 (unimportant)
	- php5 <removed> (unimportant)
	[jessie] - php5 5.6.27+dfsg-0+deb8u1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73003
	NOTE: https://github.com/php/php-src/commit/c18263e0e0769faee96a5d0ee04b750c442783c6
CVE-2016-7567 (Buffer overflow in the SLPFoldWhiteSpace function in ...)
	- openslp-dfsg <not-affected> (Only affects openslp 2)
	NOTE: https://sourceforge.net/p/openslp/mercurial/ci/34fb3aa5e6b4997fa21cb614e480de36da5dbc9a/
CVE-2016-7566
	RESERVED
CVE-2016-7565 (install/index.php in Exponent CMS 2.3.9 allows remote attackers to ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7564 (Heap-based buffer overflow in the Fp_toString function in jsfunction.c ...)
	NOT-FOR-US: MuJS
CVE-2016-7563 (The chartorune function in Artifex Software MuJS allows attackers to ...)
	NOT-FOR-US: MuJS
CVE-2016-7562 (The ff_draw_pc_font function in libavcodec/cga_data.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/496267f8e9ec218351e4359e1fde48722d4fc804 (n3.1.4)
CVE-2016-7561 (Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-7560 (The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, ...)
	NOT-FOR-US: Fortinet FortiWLC
CVE-2016-7559
	RESERVED
CVE-2016-7558
	RESERVED
CVE-2016-7557
	RESERVED
CVE-2016-7556
	RESERVED
CVE-2016-7555 (The avi_read_header function in libavformat/avidec.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/8834e080c20d3d23c3ffe779371359f9b9b835ec (n3.1.4)
CVE-2016-7554
	REJECTED
CVE-2016-7552 (On the Trend Micro Threat Discovery Appliance 2.6.1062r1, directory ...)
	NOT-FOR-US: Trend Micro Threat Discovery Appliance
CVE-2016-7549 (Google Chrome before 53.0.2785.113 does not ensure that the recipient ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-7548
	RESERVED
CVE-2016-7547 (A command execution flaw on the Trend Micro Threat Discovery Appliance ...)
	NOT-FOR-US: Trend Micro Threat Discovery Appliance
CVE-2016-7546
	RESERVED
CVE-2016-7545 (SELinux policycoreutils allows local users to execute arbitrary ...)
	{DLA-638-1}
	- policycoreutils 2.5-3 (bug #838599)
	[jessie] - policycoreutils <not-affected> ("sandbox" executable not packaged in this version)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378577
	NOTE: Upstream mailing list discussion: https://marc.info/?t=147463464400001&r=1&w=2
	NOTE: Upstream fix: https://github.com/SELinuxProject/selinux/commit/acca96a135a4d2a028ba9b636886af99c0915379
	NOTE: Marked as exception as not-affected, although the source is affected but the built
	NOTE: binary packages do not contain the sandbox binary. We cannot use 'unimportant'
	NOTE: severity here since the unstable version builts a binary package which contains it.
CVE-2016-7544 (Crypto++ 5.6.4 incorrectly uses Microsoft's stack-based _malloca and ...)
	- libcrypto++ <not-affected> (Vulnerable code intorduced in 5.6.4, only affects Windows and Microsoft compilers)
CVE-2016-7543 (Bash before 4.4 allows local users to execute arbitrary commands with ...)
	{DLA-680-1}
	- bash 4.4-1
	[jessie] - bash 4.3-11+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/9
	NOTE: Default shell is dash which is not vulnerable, but bash in Jessie and
	NOTE: Wheezy are affected.
	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-048
CVE-2016-7542 (A read-only administrator on Fortinet devices with FortiOS 5.2.x ...)
	NOT-FOR-US: FortiOS
CVE-2016-7541 (Long lived sessions in Fortinet FortiGate devices with FortiOS 5.x ...)
	NOT-FOR-US: FortiOS
CVE-2016-7512
	RESERVED
CVE-2016-7511 (Integer overflow in the dwarf_die_deliv.c in libdwarf 20160613 allows ...)
	{DLA-635-1}
	- dwarfutils 20160923-1 (bug #838757)
	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://sourceforge.net/p/libdwarf/bugs/3/
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-002
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
	NOTE: found.
CVE-2016-7510 (The read_line_table_program function in ...)
	{DLA-635-1}
	- dwarfutils 20160923-1 (bug #838756)
	[jessie] - dwarfutils <no-dsa> (Minor issue, can be fixed in point release)
	NOTE: https://sourceforge.net/p/libdwarf/bugs/4/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1377015
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-004
	NOTE: Fixed by: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: See though notes for CVE-2016-7410, the 3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: seem to be the ultimate fix upstream, introducing commit should as well still be
	NOTE: found.
CVE-2016-7509 (Cross-site scripting (XSS) vulnerability in GLPI 0.90.4 allows remote ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7508 (Multiple SQL injection vulnerabilities in GLPI 0.90.4 allow an ...)
	- glpi <removed> (unimportant)
	NOTE: https://github.com/glpi-project/glpi/issues/1047
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7507 (Cross-Site Request Forgery (CSRF) vulnerability in GLPI 0.90.4 allows ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2016-7506 (An out-of-bounds read vulnerability was observed in Sp_replace_regexp ...)
	NOT-FOR-US: MuJS
CVE-2016-7505 (A buffer overflow vulnerability was observed in divby function of ...)
	NOT-FOR-US: MuJS
CVE-2016-7504 (A use-after-free vulnerability was observed in Rp_toString function of ...)
	NOT-FOR-US: MuJS
CVE-2016-7503
	RESERVED
CVE-2016-7502 (The cavs_idct8_add_c function in libavcodec/cavsdsp.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/9d738e6968757d4e70c8e07e0b720ac0004accc4 (n3.1.4)
CVE-2016-7501
	RESERVED
	NOT-FOR-US: Oracle
CVE-2016-7500
	RESERVED
CVE-2016-7499 (The sbr_make_f_master function in aacsbr.c in Libav 11.7 allows remote ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/21/libav-divide-by-zero-in-sbr_make_f_master-aacsbr-c/
CVE-2016-7498 (OpenStack Compute (nova) 13.0.0 does not properly delete instances ...)
	- nova 2:13.1.0-1
	[jessie] - nova <not-affected> (Vulnerable code (re)introduced later)
	[wheezy] - nova <not-affected> (Vulnerable code (re)introduced later)
	NOTE: Relates to OSSA-2015-017 (CVE-2015-3280) which was previously fixed
	NOTE: and then reintroduced with 13.0.0 and refixed in 13.1.0.
CVE-2016-7497
	REJECTED
CVE-2016-7496
	REJECTED
CVE-2016-7495
	REJECTED
CVE-2016-7494
	REJECTED
CVE-2016-7493
	REJECTED
CVE-2016-7492
	REJECTED
CVE-2016-7491
	REJECTED
CVE-2016-7490 (The installation script studioexpressinstall for Teradata Studio ...)
	NOT-FOR-US: Teradata Studio Express
CVE-2016-7489 (Teradata Virtual Machine Community Edition v15.10's perl script ...)
	NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7488 (Teradata Virtual Machine Community Edition v15.10 has insecure file ...)
	NOT-FOR-US: Teradata Virtual Machine Community Edition
CVE-2016-7487
	REJECTED
CVE-2016-7486
	REJECTED
CVE-2016-7485
	REJECTED
CVE-2016-7484
	REJECTED
CVE-2016-7483
	REJECTED
CVE-2016-7482
	REJECTED
CVE-2016-7481
	REJECTED
CVE-2016-7480 (The SplObjectStorage unserialize implementation in ...)
	- php7.0 7.0.12-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73257
	NOTE: Fixed in 7.0.12
CVE-2016-7479 (In all versions of PHP 7, during the unserialization process, resizing ...)
	{DSA-3783-1 DLA-875-1}
	- php7.1 7.1.1-1
	- php7.0 7.0.15-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72610
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73092
	NOTE: Fixed in 7.0.15
	NOTE: PHP 5.x/7.x: http://git.php.net/?p=php-src.git;a=commit;h=0426b916df396a23e5c34514e4f2f0627efdcdf0
	NOTE: PHP 7.x: http://git.php.net/?p=php-src.git;a=commit;h=b47c49d7a00bc34d7e0f3d72732f66e904da6fa7
	NOTE: The change is in 5.6+, even though the property table issue only affects
	NOTE: PHP 7, because this also prevents a wide range of other __wakeup() based
	NOTE: attacks.
CVE-2016-7478 (Zend/zend_exceptions.c in PHP, possibly 5.x before 5.6.28 and 7.x ...)
	{DSA-3732-1 DLA-875-1}
	- php7.1 <not-affected> (Fixed before initial upload to Debian)
	- php7.0 7.0.13-1
	- php5 <removed>
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73093
	NOTE: Patch for 5.6.x: http://git.php.net/?p=php-src.git;a=commit;h=40e7baab3c90001beee4c8f0ed0ef79ad18ee0d6 (5.6.28)
	NOTE: backported patch for 5.4: https://lists.debian.org/87efysy07p.fsf@curie.anarc.at
CVE-2016-7477 (The ff_put_pixels8_xy2_mmx function in rnd_template.c in Libav 11.7 ...)
	- libav <removed> (unimportant)
	NOTE: https://blogs.gentoo.org/ago/2016/09/20/libav-null-pointer-dereference-in-ff_put_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7476 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7475
	RESERVED
CVE-2016-7474 (In some cases the MCPD binary cache in F5 BIG-IP devices may allow a ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7473
	RESERVED
CVE-2016-7472 (F5 BIG-IP ASM version 12.1.0 - 12.1.1 may allow remote attackers to ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-7471
	RESERVED
CVE-2016-7470
	RESERVED
CVE-2016-7469 (A stored cross-site scripting (XSS) vulnerability in the Configuration ...)
	NOT-FOR-US: BIG-IP
CVE-2016-7468 (An unauthenticated remote attacker may be able to disrupt services on ...)
	NOT-FOR-US: F5
CVE-2016-7467 (The TMM SSO plugin in F5 BIG-IP APM 12.0.0 - 12.1.1, 11.6.0 - 11.6.1 ...)
	NOT-FOR-US: F5
CVE-2016-7465
	REJECTED
CVE-2016-7464
	REJECTED
CVE-2016-7463 (Cross-site scripting (XSS) vulnerability in the Host Client in VMware ...)
	NOT-FOR-US: VMware
CVE-2016-7462 (The Suite REST API in VMware vRealize Operations (aka vROps) 6.x ...)
	NOT-FOR-US: VMware
CVE-2016-7461 (The drag-and-drop (aka DnD) function in VMware Workstation Pro 12.x ...)
	NOT-FOR-US: VMware
CVE-2016-7460 (The Single Sign-On feature in VMware vCenter Server 5.5 before U3e and ...)
	NOT-FOR-US: VMware
CVE-2016-7459 (VMware vCenter Server 5.5 before U3e and 6.0 before U2a allows remote ...)
	NOT-FOR-US: VMware
CVE-2016-7458 (VMware vSphere Client 5.5 before U3e and 6.0 before U2a allows remote ...)
	NOT-FOR-US: VMware
CVE-2016-7457 (VMware vRealize Operations (aka vROps) 6.x before 6.4.0 allows remote ...)
	NOT-FOR-US: VMware
CVE-2016-7456 (VMware vSphere Data Protection (VDP) 5.5.x though 6.1.x has an SSH ...)
	NOT-FOR-US: VMware
CVE-2016-7455
	RESERVED
CVE-2016-7454 (CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) ...)
	NOT-FOR-US: Technicolor TC dpc3941T
CVE-2016-7453 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7452 (The Pixidou Image Editor in Exponent CMS prior to v2.3.9 patch 2 could ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7451
	RESERVED
CVE-2016-7450 (The ff_log2_16bit_c function in libavutil/intmath.h in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ac8ac46641adef208485baebc3734463bf0bd266 (n3.1.4)
CVE-2016-7449 (The TIFFGetField function in coders/tiff.c in GraphicsMagick 1.3.24 ...)
	{DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: The scope of the CVE is for all of these reported TIFF problems.
	NOTE: The ultimate vulnerability was use of:
	NOTE: strlcpy(attribute,text,Min(sizeof(attribute),(count+1)));
	NOTE: three times in coders/tiff.c, where strlcpy is not an appropriate
	NOTE: function choice for this type of scenario of untrusted-data copying.
	NOTE: http://hg.code.sf.net/p/graphicsmagick/code/rev/eb58028dacf5
	NOTE: https://blogs.gentoo.org/ago/2016/08/23/graphicsmagick-two-heap-based-buffer-overflow-in-readtiffimage-tiff-c/
	NOTE: https://blogs.gentoo.org/ago/2016/09/07/graphicsmagick-null-pointer-dereference-in-magickstrlcpy-utility-c/
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/eb58028dacf5
CVE-2016-7448 (The Utah RLE reader in GraphicsMagick before 1.3.25 allows remote ...)
	{DLA-683-1}
	- graphicsmagick 1.3.25-1
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/30043afadb10
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d972c761b55d
CVE-2016-7447 (Heap-based buffer overflow in the EscapeParenthesis function in ...)
	{DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/d580e3c3c034
CVE-2016-7446 (Buffer overflow in the MVG and SVG rendering code in GraphicsMagick ...)
	{DLA-651-1}
	- graphicsmagick 1.3.25-1
	NOTE: For the http://www.graphicsmagick.org/NEWS.html#september-5-2016 case
	NOTE: which remained present in the 1.3.24 release (and was not fixed until 1.3.25)
	NOTE: Fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/6071b5820215
CVE-2016-7445 (convert.c in OpenJPEG before 2.1.2 allows remote attackers to cause a ...)
	- openjpeg2 2.1.2-1 (unimportant; bug #838690)
	NOTE: https://github.com/uclouvain/openjpeg/issues/843
	NOTE: PoC: https://github.com/STARLABSEC/pocs/raw/master/openjpeg-nullptr-github-issue-842.ppm
	NOTE: No code injection, function only exposed in the CLI tool
CVE-2017-7443 (apt-cacher before 1.7.15 and apt-cacher-ng before 3.4 allow HTTP ...)
	{DLA-873-1}
	- apt-cacher-ng 3-1 (bug #858833)
	[buster] - apt-cacher-ng 2-2
	[stretch] - apt-cacher-ng 2-2
	[jessie] - apt-cacher-ng <no-dsa> (Minor issue)
	[wheezy] - apt-cacher-ng <no-dsa> (Minor issue)
	- apt-cacher 1.7.15 (bug #858739)
	[buster] - apt-cacher 1.7.13+deb9u1
	[stretch] - apt-cacher 1.7.13+deb9u1
	[jessie] - apt-cacher 1.7.10+deb8u1
CVE-2016-7442 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
	NOT-FOR-US: Sophos UTM
CVE-2016-7441
	RESERVED
CVE-2016-7440 (The C software implementation of AES Encryption and Decryption in ...)
	{DSA-3711-1 DSA-3706-1 DLA-708-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.16-1 (bug #841163)
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed> (bug #841050)
	NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7439 (The C software implementation of RSA in wolfSSL (formerly CyaSSL) ...)
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7438 (The C software implementation of ECC in wolfSSL (formerly CyaSSL) ...)
	- wolfssl 3.9.10+dfsg-1
CVE-2016-7437 (SAP Netweaver 7.40 improperly logs (1) DUI and (2) DUJ events in the ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-7436
	RESERVED
CVE-2016-7435 (The (1) SCTC_REFRESH_EXPORT_TAB_COMP, (2) SCTC_REFRESH_CHECK_ENV, and ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-7434 (The read_mru_list function in NTP before 4.2.8p9 allows remote ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, vulnerable code not present)
	[wheezy] - ntp <not-affected> (mrulist introduced in ntp-4.2.7p22, vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3082
	NOTE: Only possible to trigger from hosts in allow mrulist query.
CVE-2016-7433 (NTP before 4.2.8p9 does not properly perform the initial sync ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code introduced in ntp-4.2.7p385)
	[wheezy] - ntp <not-affected> (Vulnerable code introduced in ntp-4.2.7p385)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3067
	NOTE: Although the CVE is only for the issue introduced by the fix for
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2085, he root-distance calculation
	NOTE: itself in general is incorrect in all version of ntp-4 until ntp-4.2.8p9
CVE-2016-7432
	RESERVED
CVE-2016-7431 (NTP before 4.2.8p9 allows remote attackers to bypass the origin ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code introduced later)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3102
CVE-2016-7430
	RESERVED
CVE-2016-7429 (NTP before 4.2.8p9 changes the peer structure to the interface it ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue, only possible if rp_filter is 0)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3072
CVE-2016-7428 (ntpd in NTP before 4.2.8p9 allows remote attackers to cause a denial ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3113
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0130/
	NOTE: The fixes for CVE-2015-7973 have added several new integrity checks on incoming
	NOTE: broadcast mode packets and issue got introduced with code changes to fix that
	NOTE: issue.
CVE-2016-7427 (The broadcast mode replay prevention functionality in ntpd in NTP ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <not-affected> (Vulnerable code not present)
	[wheezy] - ntp <not-affected> (Vulnerable code not present)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3114
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0131/
	NOTE: The fixes for CVE-2015-7973 have added several new integrity checks on incoming
	NOTE: broadcast mode packets and issue got introduced with code changes to fix that
	NOTE: issue.
CVE-2016-7426 (NTP before 4.2.8p9 rate limits responses received from the configured ...)
	- ntp 1:4.2.8p9+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3071
CVE-2016-7425 (The arcmsr_iop_message_xfer function in ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: http://marc.info/?l=linux-scsi&m=147394713328707&w=2
	NOTE: Upstream commit: https://git.kernel.org/linus/7bc2b55a5c030685b399bb65b6baa9ccc3d1f167
CVE-2016-7424 (The put_no_rnd_pixels8_xy2_mmx function in x86/rnd_template.c in libav ...)
	{DSA-3685-1 DLA-780-1}
	- libav <removed>
	- ffmpeg <not-affected> (Fixed before introduction into the archive)
	NOTE: Fixed by: https://git.libav.org/?p=libav.git;a=commit;h=136f55207521f0b03194ef5b55ba70f1635d6aee
	NOTE: https://blogs.gentoo.org/ago/2016/09/17/libav-null-pointer-dereference-in-put_no_rnd_pixels8_xy2_mmx-rnd_template-c/
CVE-2016-7420 (Crypto++ (aka cryptopp) through 5.6.4 does not document the ...)
	- libcrypto++ <unfixed> (unimportant)
	NOTE: https://github.com/weidai11/cryptopp/issues/277
	NOTE: The scope of this CVE is the documentation bug, lacking treatment of
	NOTE: -DNDEBUG and Static Initialization
	NOTE: Documentation added in https://github.com/weidai11/cryptopp/commit/553049ba297d89d9e8fbf2204acb40a8a53f5cd6
CVE-2016-7419 (Cross-site scripting (XSS) vulnerability in share.js in the gallery ...)
	- nextcloud <itp> (bug #835086)
	- owncloud <not-affected> (Vulnerable code introduced later)
	NOTE: up to version which was removed, not included, as the vulnerable code was
	NOTE: introduced later in a migration of the Gallery app to a new sharing endpoint
	NOTE: where a parameter changed from an interger to a string value, and that value
	NOTE: not beeing sanitized.
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-011
	NOTE: https://github.com/owncloud/gallery/commit/6933d27afe518967bd1b60e6a7eacd88288929fc
	NOTE: https://hackerone.com/reports/145355
CVE-2016-7418 (The php_wddx_push_element function in ext/wddx/wddx.c in PHP before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73065
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/c4cca4c20e75359c9a13a1f9a36cb7b4e9601d29?w=1
	NOTE: The scope of this CVE also includes all of the "other four similar issues"
	NOTE: in the "[2016-09-12 06:44 UTC]" comment.
CVE-2016-7417 (ext/spl/spl_array.c in PHP before 5.6.26 and 7.x before 7.0.11 ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73029
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/ecb7f58a069be0dec4a6131b6351a761f808f22e?w=1
CVE-2016-7416 (ext/intl/msgformat/msgformat_format.c in PHP before 5.6.26 and 7.x ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
CVE-2016-7415 (Stack-based buffer overflow in the Locale class in common/locid.cpp in ...)
	{DSA-3725-1 DLA-744-1}
	[experimental] - icu 58.1-1
	- icu 57.1-5 (bug #838694)
	NOTE: Related code in http://source.icu-project.org/repos/icu/icu/trunk/source/common/locid.cpp file
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73007
	NOTE: PHP fix: https://github.com/php/php-src/commit/6d55ba265637d6adf0ba7e9c9ef11187d1ec2f5b?w=1
	NOTE: Upstream bug: http://bugs.icu-project.org/trac/ticket/12745
CVE-2016-7414 (The ZIP signature-verification feature in PHP before 5.6.26 and 7.x ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72928
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/0bfb970f43acd1e81d11be1154805f86655f15d5?w=1
CVE-2016-7413 (Use-after-free vulnerability in the wddx_stack_destroy function in ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72860
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/b88393f08a558eec14964a55d3c680fe67407712?w=1
CVE-2016-7412 (ext/mysqlnd/mysqlnd_wireprotocol.c in PHP before 5.6.26 and 7.x before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.11-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72293
	NOTE: Fixed in 7.0.11, 5.6.26
	NOTE: https://github.com/php/php-src/commit/28f80baf3c53e267c9ce46a2a0fadbb981585132?w=1
CVE-2016-7411 (ext/standard/var_unserializer.re in PHP before 5.6.26 mishandles ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 <not-affected> (Only affects 5.x)
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=73052
	NOTE: Fixed in 5.6.26
	NOTE: https://github.com/php/php-src/commit/6a7cc8ff85827fa9ac715b3a83c2d9147f33cd43?w=1
CVE-2016-7410 (The _dwarf_read_loc_section function in dwarf_loc.c in libdwarf ...)
	- dwarfutils 20160923-1 (bug #838019)
	[jessie] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
	[wheezy] - dwarfutils <not-affected> (Vulnerable code introduced in later version)
	NOTE: https://www.prevanders.net/dwarfbug.html#DW201609-003
	NOTE: http://seclists.org/oss-sec/2016/q3/490
	NOTE: Initial addressed upstream in refactoring in:
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/e12f6c0b69c20f58dccc4505309cf7f974c34dc2
	NOTE: with final fix/follow up: https://sourceforge.net/p/libdwarf/code/ci/3767305debcba8bd7e1c483ae48c509d25399252
	NOTE: Introduced by (as confirmed by upstream): https://sourceforge.net/p/libdwarf/code/ci/b446e23dc21704ccd3b76d8945aaf39e4aca8c27
CVE-2016-7409 (The dbclient and server in Dropbear SSH before 2016.74, when compiled ...)
	- dropbear 2016.74-1 (unimportant)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/6a14b1f6dc04
	NOTE: Not an issue for the the Debian binary package since we do not
	NOTE: compile with DEBUG_TRACE.
CVE-2016-7408 (The dbclient in Dropbear SSH before 2016.74 allows remote attackers to ...)
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	[wheezy] - dropbear <not-affected> (Vulnerable code not present)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/eed9376a4ad6
CVE-2016-7407 (The dropbearconvert command in Dropbear SSH before 2016.74 allows ...)
	{DLA-634-1}
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/34e6127ef02e
CVE-2016-7406 (Format string vulnerability in Dropbear SSH before 2016.74 allows ...)
	{DLA-634-1}
	- dropbear 2016.74-1
	[jessie] - dropbear 2014.65-1+deb8u1
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/b66a483f3dcb
CVE-2016-7404 [Magnum created instances have full API access to creating user's OpenStack account]
	RESERVED
	- magnum 3.1.1-5 (bug #863547)
	NOTE: https://git.openstack.org/cgit/openstack/magnum/commit/?id=0bb0d6486d6771ee21bbf897a091b1aa59e01b22
CVE-2016-7403
	RESERVED
CVE-2016-7402 (SAP ASE 16.0 SP02 PL03 and prior versions allow attackers who own ...)
	NOT-FOR-US: SAP ASE
CVE-2016-7401 (The cookie parsing code in Django before 1.8.15 and 1.9.x before ...)
	{DSA-3678-1 DLA-649-1}
	- python-django 1:1.10-1 (low)
	NOTE: https://www.djangoproject.com/weblog/2016/sep/26/security-releases/
CVE-2016-7400 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.4.0 ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7399 (scripts/license.pl in Veritas NetBackup Appliance 2.6.0.x through ...)
	NOT-FOR-US: Veritas NetBackup Applianc
CVE-2016-7398
	RESERVED
CVE-2016-7397 (The Frontend component in Sophos UTM with firmware 9.405-5 and earlier ...)
	NOT-FOR-US: Sophos UTM
CVE-2016-7396
	RESERVED
CVE-2016-7395 (SkPath.cpp in Skia, as used in Google Chrome before 53.0.2785.89 on ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.92-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-7394 (tiki wiki cms groupware &lt;=15.2 has a xss vulnerability, allow ...)
	- tikiwiki <removed>
	NOTE: https://sourceforge.net/p/tikiwiki/code/59653/
CVE-2016-7391 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7390 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7389 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU ...)
	- nvidia-graphics-drivers 367.57-1 (bug #846331)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
	- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7388 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7387 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7386 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7385 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7384 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7383 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7382 (For the NVIDIA Quadro, NVS, GeForce, and Tesla products, NVIDIA GPU ...)
	- nvidia-graphics-drivers 367.57-1 (bug #846331)
	[jessie] - nvidia-graphics-drivers 340.101-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.98-1 (bug #846332)
	- nvidia-graphics-drivers-legacy-304xx 304.132-1 (bug #846333)
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.134-0~deb8u1
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/4246
CVE-2016-7381 (For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU ...)
	NOT-FOR-US: Nvidia Windows driver
CVE-2016-7380
	RESERVED
CVE-2016-7379
	RESERVED
CVE-2016-7378
	RESERVED
CVE-2016-7377
	RESERVED
CVE-2016-7376
	RESERVED
CVE-2016-7375
	RESERVED
CVE-2016-7374
	RESERVED
CVE-2016-7373
	RESERVED
CVE-2016-7372
	RESERVED
CVE-2016-7371
	RESERVED
CVE-2016-7370
	RESERVED
CVE-2016-7369
	RESERVED
CVE-2016-7368
	RESERVED
CVE-2016-7367
	REJECTED
CVE-2016-7366
	REJECTED
CVE-2016-7365
	REJECTED
CVE-2016-7364
	REJECTED
CVE-2016-7363
	REJECTED
CVE-2016-7362
	REJECTED
CVE-2016-7361
	REJECTED
CVE-2016-7360
	REJECTED
CVE-2016-7359
	REJECTED
CVE-2016-7358
	REJECTED
CVE-2016-7357
	REJECTED
CVE-2016-7356
	REJECTED
CVE-2016-7355
	REJECTED
CVE-2016-7354
	REJECTED
CVE-2016-7353
	REJECTED
CVE-2016-7352
	REJECTED
CVE-2016-7351
	REJECTED
CVE-2016-7350
	REJECTED
CVE-2016-7349
	REJECTED
CVE-2016-7348
	REJECTED
CVE-2016-7347
	REJECTED
CVE-2016-7346
	REJECTED
CVE-2016-7345
	REJECTED
CVE-2016-7344
	REJECTED
CVE-2016-7343
	REJECTED
CVE-2016-7342
	REJECTED
CVE-2016-7341
	REJECTED
CVE-2016-7340
	REJECTED
CVE-2016-7339
	REJECTED
CVE-2016-7338
	REJECTED
CVE-2016-7337
	REJECTED
CVE-2016-7336
	REJECTED
CVE-2016-7335
	REJECTED
CVE-2016-7334
	REJECTED
CVE-2016-7333
	REJECTED
CVE-2016-7332
	REJECTED
CVE-2016-7331
	REJECTED
CVE-2016-7330
	REJECTED
CVE-2016-7329
	REJECTED
CVE-2016-7328
	REJECTED
CVE-2016-7327
	REJECTED
CVE-2016-7326
	REJECTED
CVE-2016-7325
	REJECTED
CVE-2016-7324
	REJECTED
CVE-2016-7323
	REJECTED
CVE-2016-7322
	REJECTED
CVE-2016-7321
	REJECTED
CVE-2016-7320
	REJECTED
CVE-2016-7319
	REJECTED
CVE-2016-7318
	REJECTED
CVE-2016-7317
	REJECTED
CVE-2016-7316
	REJECTED
CVE-2016-7315
	REJECTED
CVE-2016-7314
	REJECTED
CVE-2016-7313
	REJECTED
CVE-2016-7312
	REJECTED
CVE-2016-7311
	REJECTED
CVE-2016-7310
	REJECTED
CVE-2016-7309
	REJECTED
CVE-2016-7308
	REJECTED
CVE-2016-7307
	REJECTED
CVE-2016-7306
	REJECTED
CVE-2016-7305
	REJECTED
CVE-2016-7304
	REJECTED
CVE-2016-7303
	REJECTED
CVE-2016-7302
	REJECTED
CVE-2016-7301
	REJECTED
CVE-2016-7300 (Untrusted search path vulnerability in Microsoft Auto Updater for Mac ...)
	NOT-FOR-US: Microsoft Auto Updater for Mac
CVE-2016-7299
	REJECTED
CVE-2016-7298 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Viewer, Office for ...)
	NOT-FOR-US: Microsoft
CVE-2016-7297 (The scripting engines in Microsoft Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7296 (The scripting engines in Microsoft Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7295 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-7294
	REJECTED
CVE-2016-7293
	REJECTED
CVE-2016-7292 (The Installer in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7291 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-7290 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-7289 (Microsoft Publisher 2010 SP2 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-7288 (The scripting engines in Microsoft Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7287 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-7286 (The scripting engines in Microsoft Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7285
	REJECTED
CVE-2016-7284 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7283 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7282 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2016-7281 (The Web Workers implementation in Microsoft Internet Explorer 10 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-7280 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-7279 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-7278 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7277 (Microsoft Office 2016 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2016-7276 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-7275 (Microsoft Office 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 mishandles ...)
	NOT-FOR-US: Microsoft
CVE-2016-7274 (Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7273 (The Graphics component in Microsoft Windows 10 Gold, 1511, and 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7272 (The Graphics component in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7271 (The Secure Kernel Mode implementation in Microsoft Windows 10 Gold, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7270 (The Data Provider for SQL Server in Microsoft .NET Framework 4.6.2 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2016-7269
	REJECTED
CVE-2016-7268 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-7267 (Microsoft Excel 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 misparses ...)
	NOT-FOR-US: Microsoft
CVE-2016-7266 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7265 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7264 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, Excel Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7263 (Microsoft Excel for Mac 2011 and Excel 2016 for Mac allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7262 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7261
	REJECTED
CVE-2016-7260 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7259 (The Graphics Component in the kernel-mode drivers in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7258 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 and Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7257 (The GDI component in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-7256 (atmfd.dll in the Windows font library in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7255 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7254 (Microsoft SQL Server 2012 SP2 and 2012 SP3 does not properly perform a ...)
	NOT-FOR-US: Microsoft
CVE-2016-7253 (The agent in Microsoft SQL Server 2012 SP2, 2012 SP3, 2014 SP1, 2014 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7252 (Microsoft SQL Server 2016 mishandles the FILESTREAM path, which allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-7251 (Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-7250 (Microsoft SQL Server 2014 SP1, 2014 SP2, and 2016 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2016-7249 (Microsoft SQL Server 2016 does not properly perform a cast of an ...)
	NOT-FOR-US: Microsoft
CVE-2016-7248 (Microsoft Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7247 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2016-7246 (The kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7245 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-7244 (Microsoft Office 2007 SP3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2016-7243 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7242 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7241 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7240 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7239 (The RegEx class in the XSS filter in Microsoft Internet Explorer 9 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7238 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7237 (Local Security Authority Subsystem Service (LSASS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-7236 (Microsoft Excel 2010 SP2, Excel for Mac 2011, Excel 2016 for Mac, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7235 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7234 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7233 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7232 (Microsoft Word 2007, Office 2010 SP2, Word 2010 SP2, Word for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2016-7231 (Microsoft Excel 2007 SP3, Excel for Mac 2011, Office Compatibility ...)
	NOT-FOR-US: Microsoft
CVE-2016-7230 (Microsoft PowerPoint 2010 SP2, PowerPoint Viewer, and Office Web Apps ...)
	NOT-FOR-US: Microsoft
CVE-2016-7229 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7228 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7227 (The scripting engines in Microsoft Internet Explorer 9 through 11 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7226 (Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7225 (Virtual Hard Disk Driver in Windows 10 Gold, 1511, and 1607 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7224 (Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7223 (Virtual Hard Disk Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7222 (Task Scheduler in Microsoft Windows 10 Gold, 1511, and 1607 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7221 (Input Method Editor (IME) in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-7220 (Virtual Secure Mode in Microsoft Windows 10 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2016-7219 (The Crypto driver in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7218 (Bowser.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7217 (Media Foundation in Microsoft Windows 8.1, Windows Server 2012 Gold ...)
	NOT-FOR-US: Microsoft
CVE-2016-7216 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7215 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7214 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7213 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7212 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-7211 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7210 (atmfd.dll in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7209 (Microsoft Edge allows remote attackers to spoof web content via a ...)
	NOT-FOR-US: Mircosoft
CVE-2016-7208 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7207
	REJECTED
CVE-2016-7206 (Cross-site scripting (XSS) vulnerability in Microsoft Edge allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-7205 (Animation Manager in Microsoft Windows Server 2008 R2 SP1, Windows 7 ...)
	NOT-FOR-US: Microsoft
CVE-2016-7204 (Microsoft Edge allows remote attackers to access arbitrary &quot;My ...)
	NOT-FOR-US: Microsoft
CVE-2016-7203 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7202 (The scripting engines in Microsoft Internet Explorer 9 through 11 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-7201 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7200 (The Chakra JavaScript scripting engine in Microsoft Edge allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7199 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-7198 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-7197
	REJECTED
CVE-2016-7196 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-7195 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-7194 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7193 (Microsoft Word 2007 SP2, Office 2010 SP2, Word 2013 SP1, Word 2013 RT ...)
	NOT-FOR-US: Microsoft
CVE-2016-7192
	REJECTED
CVE-2016-7191 (The Microsoft Azure Active Directory Passport (aka Passport-Azure-AD) ...)
	NOT-FOR-US: Microsoft Azure Active Directory Passport
CVE-2016-7190 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7189 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-7188 (The Standard Collector Service in Windows Diagnostics Hub in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-7187
	REJECTED
CVE-2016-7186
	REJECTED
CVE-2016-7185 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7184 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-7183
	REJECTED
CVE-2016-7182 (The Graphics component in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-7181 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-7393 (Stack-based buffer overflow in the aac_sync function in aac_parser.c ...)
	{DLA-644-1}
	- ffmpeg 7:2.4-1
	- libav <removed>
	[jessie] - libav 6:11.6-1~deb8u1
	NOTE: https://blogs.gentoo.org/ago/2016/08/20/libav-stack-based-buffer-overflow-in-aac_sync-aac_parser-c/
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=fb1473080223a634b8ac2cca48a632d037a0a69d
CVE-2016-7392 (Heap-based buffer overflow in the pstoedit_suffix_table_init function ...)
	{DLA-621-1}
	- autotrace 0.31.1-17 (bug #837599)
	NOTE: https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/
	NOTE: Also reproducible with valgrind
CVE-2016-7180 (epan/dissectors/packet-ipmi-trace.c in the IPMI trace dissector in ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5213496250aceff086404c568e3718ebc0060934
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-55.html
	NOTE: https://code.wireshark.org/review/17289
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7179 (Stack-based buffer overflow in ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=3b97fbddc23c065727b0147aab52a27c4aadffe7
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-54.html
	NOTE: https://code.wireshark.org/review/17095
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7178 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=315bba7c645b75af24215c6303d187b188610bba
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-53.html
	NOTE: https://code.wireshark.org/review/17094
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7177 (epan/dissectors/packet-catapult-dct2000.c in the Catapult DCT2000 ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e37b271c473e1cbd01d62ebe1f3b011fc9fe638
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-52.html
	NOTE: https://code.wireshark.org/review/17096
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7176 (epan/dissectors/packet-h225.c in the H.225 dissector in Wireshark 2.x ...)
	{DSA-3671-1 DLA-632-1}
	- wireshark 2.2.0~rc1+g438c022-1
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6d8261994bb928b7e80e3a2478a3d939ea1ef373
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-51.html
	NOTE: https://code.wireshark.org/review/16852
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-7175 (epan/dissectors/packet-qnet6.c in the QNX6 QNET dissector in Wireshark ...)
	- wireshark 2.2.0~rc1+g438c022-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1396f6ad555178f6b81cc1a65f9cb37b2d99aebf
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-50.html
	NOTE: https://code.wireshark.org/review/16965
	NOTE: Affected versions: 2.0.0 to 2.0.5
	NOTE: Fixed versions: 2.0.6
CVE-2016-1000222 (Logstash prior to version 2.1.2, the CSV output can be attacked via ...)
	- logstash <itp> (bug #664841)
CVE-2016-1000221 (Logstash prior to version 2.3.4, Elasticsearch Output plugin would log ...)
	- logstash <itp> (bug #664841)
CVE-2016-1000220 (Kibana before 4.5.4 and 4.1.11 are vulnerable to an XSS attack that ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000219 (Kibana before 4.5.4 and 4.1.11 when a custom output is configured for ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000217 (Zotpress plugin for WordPress SQLi in zp_get_account() ...)
	NOT-FOR-US: WordPress plugin zotpress
CVE-2016-1000216 (Ruckus Wireless H500 web management interface authenticated command ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000215 (Ruckus Wireless H500 web management interface denial of service ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000214 (Ruckus Wireless H500 web management interface authentication bypass ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2016-1000213 (Ruckus Wireless H500 web management interface CSRF ...)
	NOT-FOR-US: Ruckus Wireless H500
CVE-2010-5328 (include/linux/init_task.h in the Linux kernel before 2.6.35 does not ...)
	- linux <not-affected> (Fixed before the src:linux-2.6 -> src:linux rename)
	- linux-2.6 2.6.37-1
CVE-2010-5327 (Liferay Portal through 6.2.10 allows remote authenticated users to ...)
	NOT-FOR-US: Liferay Portal
CVE-2016-7551 (chain_sip in Asterisk Open Source 11.x before 11.23.1 and 13.x 13.11.1 ...)
	{DSA-3700-1 DLA-781-1}
	- asterisk 1:13.11.2~dfsg-1 (bug #838832)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-007.html
CVE-2016-7550 [AST-2016-006]
	RESERVED
	- asterisk 1:13.11.2~dfsg-1 (bug #838833)
	[jessie] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
	[wheezy] - asterisk <not-affected> (Issue introduced in 13.10.0 release)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-006.html
CVE-2016-7174
	RESERVED
CVE-2016-7173
	RESERVED
CVE-2016-7172 (NetApp Snap Creator Framework before 4.3.1 discloses sensitive ...)
	NOT-FOR-US: NetApp
CVE-2016-7171 (NetApp Plug-in for Symantec NetBackup prior to version 2.0.1 makes use ...)
	NOT-FOR-US: NetApp
CVE-2016-7170 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU (aka ...)
	{DLA-653-1 DLA-652-1}
	- qemu 1:2.8+dfsg-1 (bug #837316)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg01764.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=167d97a3def77ee2dbf6e908b0ecbfe2103977db
CVE-2016-7169 (Directory traversal vulnerability in the File_Upload_Upgrader class in ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.6.1+dfsg-1
	NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
	NOTE: Fixed in 4.6.1 release upstream
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38524
CVE-2016-7168 (Cross-site scripting (XSS) vulnerability in the media_handle_upload ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.6.1+dfsg-1
	NOTE: https://wordpress.org/news/2016/09/wordpress-4-6-1-security-and-maintenance-release/
	NOTE: Fixed in 4.6.1 release upstream
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/38538
CVE-2016-7167 (Multiple integer overflows in the (1) curl_escape, (2) ...)
	{DLA-625-1}
	- curl 7.51.0-1 (bug #837945)
	[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA)
	NOTE: Upstream advisory: https://curl.haxx.se/docs/adv_20160914.html
	NOTE: Upstream patch: https://curl.haxx.se/CVE-2016-7167.patch
	NOTE: Affected versions: libcurl 7.11.1 to and including 7.50.2
	NOTE: Not affected versions: libcurl < 7.11.1 and libcurl >= 7.50.3
CVE-2016-7165 (A vulnerability has been identified in Primary Setup Tool (PST), ...)
	NOT-FOR-US: Microsoft
CVE-2016-7162 (The _g_file_remove_directory function in file-utils.c in File Roller ...)
	- file-roller 3.20.3-1
	[jessie] - file-roller <no-dsa> (Minor issue)
	[wheezy] - file-roller <not-affected> (Vulnerable code introduced in 3.5.4)
	NOTE: Ubuntu Bug: https://launchpad.net/bugs/1171236
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554
	NOTE: Introduced by: https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec (3.5.4)
	NOTE: Fixed by: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5 (3.20.3)
CVE-2016-7161 (Heap-based buffer overflow in the .receive callback of ...)
	{DLA-653-1 DLA-652-1}
	- qemu 1:2.7+dfsg-1 (bug #838850)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a0d1cbdacff5df4ded16b753b38fdd9da6092968 (2.7.0-rc3)
	NOTE: http://patchwork.ozlabs.org/patch/657076/
CVE-2016-7160 (A vulnerability on Samsung Mobile M(6.0) devices exists because ...)
	NOT-FOR-US: Samsumg
CVE-2016-7159
	RESERVED
CVE-2016-7158
	RESERVED
CVE-2016-7405 (The qstr method in the PDO driver in the ADOdb Library for PHP before ...)
	{DLA-620-1}
	- libphp-adodb 5.20.6-1 (bug #837211)
	[jessie] - libphp-adodb 5.15-1+deb8u1
	NOTE: https://github.com/ADOdb/ADOdb/issues/226
	NOTE: https://github.com/ADOdb/ADOdb/commit/bd9eca9
	NOTE: Issue only with the PDO driver and only if queries built by inlining
	NOTE: the quoted string (not recommended).
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/07/8
CVE-2016-7154 (Use-after-free vulnerability in the FIFO event channel code in Xen ...)
	{DSA-3663-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (Versions 4.3 and earlier are not vulnerable)
	NOTE: http://xenbits.xen.org/xsa/advisory-188.html
	NOTE: Only affects Xen 4.4, as workaround it is marked as fixed in the first xen version entering unstable
	NOTE: after the 4.4 series.
CVE-2016-7166 (libarchive before 3.2.0 does not limit the number of recursive ...)
	{DSA-3677-1 DLA-617-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/660
	NOTE: (with reproducer) https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=207362
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/6e06b1c89dd0d16f74894eac4cfc1327a06ee4a0
	NOTE: Fix improved by: https://github.com/libarchive/libarchive/commit/37649d274867edd2dd25d8a3057c3b6cd81ce83e
CVE-2016-7164 (The construct function in puff.cpp in Libtorrent 1.1.0 allows remote ...)
	- libtorrent-rasterbar 1.1.1-1 (bug #837338)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <not-affected> (Vulnerable code not present, reproducer does not crash)
	NOTE: https://github.com/arvidn/libtorrent/issues/1021
	NOTE: https://github.com/arvidn/libtorrent/pull/1022
	NOTE: https://github.com/arvidn/libtorrent/commit/debf3c6e3688aab8394fe5c47737625faffe6f9e
	NOTE: Fixed upstream in 1.1.1.
CVE-2016-7163 (Integer overflow in the opj_pi_create_decode function in pi.c in ...)
	{DSA-3665-1}
	- openjpeg2 2.1.2-1 (bug #837604)
	NOTE: https://github.com/uclouvain/openjpeg/commit/c16bc057ba3f125051c9966cf1f5b68a05681de4
	NOTE: https://github.com/uclouvain/openjpeg/commit/ef01f18dfc6780b776d0674ed3e7415c6ef54d24
CVE-2016-7153 (The HTTP/2 protocol does not consider the role of the TCP congestion ...)
	NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7152 (The HTTPS protocol does not consider the role of the TCP congestion ...)
	NOTE: CVE assigned for the HTTP/2 protocol issue
CVE-2016-7151
	RESERVED
CVE-2016-7150 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and ...)
	NOT-FOR-US: b2evolution
CVE-2016-7149 (Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and ...)
	NOT-FOR-US: b2evolution
CVE-2016-7148 (MoinMoin 1.9.8 allows remote attackers to conduct &quot;JavaScript ...)
	{DSA-3715-1}
	- moin 1.9.9-1 (bug #844341)
	[wheezy] - moin <not-affected> (vulnerable code not present)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/eceb70c41ecc
	NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7147 (Cross-site scripting (XSS) vulnerability in the manage_findResult ...)
	NOT-FOR-US: Plone
CVE-2016-7146 (MoinMoin 1.9.8 allows remote attackers to conduct &quot;JavaScript ...)
	{DSA-3715-1 DLA-717-1}
	- moin 1.9.9-1 (bug #844340)
	NOTE: Fixed by: http://hg.moinmo.in/moin/1.9/rev/1563d6db198c
	NOTE: https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
CVE-2016-7122 (The avi_read_nikon function in libavformat/avidec.c in FFmpeg before ...)
	- ffmpeg 7:3.1.4-1 (bug #840434)
	NOTE: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/ed38046c5c2e3b310980be32287179895c83e0d8 (n3.1.4)
CVE-2016-7121
	RESERVED
CVE-2016-7155 (hw/scsi/vmw_pvscsi.c in QEMU (aka Quick Emulator) allows local guest ...)
	- qemu 1:2.6+dfsg-3.1 (bug #837174)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00050.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373462
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/2
	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7156 (The pvscsi_convert_sglist function in hw/scsi/vmw_pvscsi.c in QEMU ...)
	- qemu 1:2.6+dfsg-3.1 (bug #837339)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-09/msg00772.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373478
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/3
	NOTE: Vulnerable code introduced after version 1.5: http://wiki.qemu.org/ChangeLog/1.5
CVE-2016-7157 (The (1) mptsas_config_manufacturing_1 and (2) mptsas_config_ioc_0 ...)
	- qemu 1:2.6+dfsg-3.1 (bug #837603)
	[jessie] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced after v2.6)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04295.html
	NOTE: Upstream patches: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg04296.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/06/4
	NOTE: Vulnerable code introduced after version 2.6: http://wiki.qemu.org/ChangeLog/2.6
CVE-2016-7140 (Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in ...)
	NOT-FOR-US: Plone
CVE-2016-7139 (Cross-site scripting (XSS) vulnerability in an unspecified page ...)
	NOT-FOR-US: Plone
CVE-2016-7138 (Cross-site scripting (XSS) vulnerability in the URL checking ...)
	NOT-FOR-US: Plone
CVE-2016-7137 (Multiple open redirect vulnerabilities in Plone CMS 5.x through 5.0.6, ...)
	NOT-FOR-US: Plone
CVE-2016-7136 (z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows ...)
	NOT-FOR-US: Plone
CVE-2016-7135 (Directory traversal vulnerability in Plone CMS 5.x through 5.0.6 and ...)
	NOT-FOR-US: Plone
CVE-2016-7141 (curl and libcurl before 7.50.2, when built with NSS and the ...)
	{DLA-616-1}
	- curl 7.51.0-1 (bug #836918)
	[jessie] - curl <no-dsa> (Minor issue, can be fixed in point release or next DSA; affects only NSS backend)
	NOTE: Only affects libcurl3-nss
	NOTE: http://seclists.org/oss-sec/2016/q3/419
	NOTE: https://curl.haxx.se/docs/adv_20160907.html
CVE-2016-7145 (The m_authenticate function in ircd/m_authenticate.c in nefarious2 ...)
	NOT-FOR-US: Nefarious 2
CVE-2016-7144 (The m_authenticate function in modules/m_sasl.c in UnrealIRCd before ...)
	- unrealircd <itp> (bug #515130)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
	NOTE: unrealircd reportedly vulnerable, and ircd-seven reportedly not vulnerable
CVE-2016-7143 (The m_authenticate function in modules/m_sasl.c in Charybdis before ...)
	{DSA-3661-1}
	- charybdis 3.5.3-1 (bug #836714)
	[wheezy] - charybdis <no-dsa> (unsupported)
	NOTE: charybdis patch: https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7142 (The m_sasl module in InspIRCd before 2.0.23, when used with a service ...)
	{DSA-3662-1}
	- inspircd 2.0.23-1 (bug #836706)
	[wheezy] - inspircd <end-of-life> (not supported in Wheezy)
	NOTE: http://www.inspircd.org/2016/09/03/v2023-released.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/04/3
CVE-2016-7120
	RESERVED
CVE-2016-7134 (ext/curl/interface.c in PHP 7.x before 7.0.10 does not work around a ...)
	- php7.0 7.0.10-1
	- php5 <not-affected> (Only affects PHP 7)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72674
	NOTE: Fixed in 7.0.10
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/72dbb7f416160f490c4e9987040989a10ad431c7?w=1
CVE-2016-7133 (Zend/zend_alloc.c in PHP 7.x before 7.0.10, when open_basedir is ...)
	- php7.0 7.0.10-1
	- php5 <not-affected> (Only affects PHP 7)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72742
	NOTE: Fixed in 7.0.10
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/c2a13ced4272f2e65d2773e2ea6ca11c1ce4a911?w=1
CVE-2016-7132 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72799
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
	NOTE: commit is about the pop issue in 72799.
CVE-2016-7131 (ext/wddx/wddx.c in PHP before 5.6.25 and 7.x before 7.0.10 allows ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72790
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/a14fdb9746262549bbbb96abb87338bacd147e1b?w=1
	NOTE: Cf. as well https://bugs.php.net/bug.php?id=72799
	NOTE: 72790 and 72799 are associated with the same commit. Not all of the
	NOTE: commit is about the pop issue in 72799.
CVE-2016-7130 (The php_wddx_pop_element function in ext/wddx/wddx.c in PHP before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72750
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/698a691724c0a949295991e5df091ce16f899e02?w=1
CVE-2016-7129 (The php_wddx_process_data function in ext/wddx/wddx.c in PHP before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72749
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/426aeb2808955ee3d3f52e0cfb102834cdb836a5?w=1
CVE-2016-7128 (The exif_process_IFD_in_TIFF function in ext/exif/exif.c in PHP before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72627
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/6dbb1ee46b5f4725cc6519abf91e512a2a10dfed?w=1
CVE-2016-7127 (The imagegammacorrect function in ext/gd/gd.c in PHP before 5.6.25 and ...)
	{DSA-3689-1}
	- libgd2 <not-affected> (gamma correction is only implemented in PHP)
	- php7.0 7.0.10-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72730
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/1bd103df00f49cf4d4ade2cfe3f456ac058a4eae?w=1
CVE-2016-7126 (The imagetruecolortopalette function in ext/gd/gd.c in PHP before ...)
	{DSA-3689-1}
	- libgd2 <not-affected> (libgd upstream not affected, overflow2 function check prevents the issue)
	- php7.0 7.0.10-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72697
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/b6f13a5ef9d6280cf984826a5de012a32c396cd4?w=1
CVE-2016-7125 (ext/session/session.c in PHP before 5.6.25 and 7.x before 7.0.10 skips ...)
	{DSA-3689-1 DLA-628-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72681
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/8763c6090d627d8bb0ee1d030c30e58f406be9ce?w=1
	NOTE: Scope of CVE also includes the "The similar issue also exist in session php_binary
	NOTE: handler" part of 72681.
CVE-2016-7124 (ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before ...)
	{DSA-3689-1 DLA-749-1}
	- php7.0 7.0.10-1
	- php5 5.6.26+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72663
	NOTE: Fixed in 7.0.10, 5.6.25
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/02/5
	NOTE: https://github.com/php/php-src/commit/20ce2fe8e3c211a42fee05a461a5881be9a8790e?w=1
CVE-2016-7123 (Cross-site request forgery (CSRF) vulnerability in the admin web ...)
	- mailman 2.1.15-1
	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841/comments/8
	NOTE: https://bugs.launchpad.net/mailman/+bug/775294
CVE-2016-7119 (Cross-site scripting (XSS) vulnerability in the user-profile biography ...)
	NOT-FOR-US: DotNetNuke
CVE-2016-7117 (Use-after-free vulnerability in the __sys_recvmmsg function in ...)
	- linux 4.5.2-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/34b88a68f26a75e4fded796f1a49c40f82234b7d (4.6-rc1)
CVE-2016-7115 (Buffer overflow in the handle_packet function in mactelnet.c in the ...)
	{DLA-639-1}
	- mactelnet 0.4.4-4 (bug #836320)
	[jessie] - mactelnet <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://github.com/haakonnessjoen/MAC-Telnet/commit/b69d11727d4f0f8cf719c79e3fb700f55ca03e9a
CVE-2016-7114 (A vulnerability has been identified in Firmware variant PROFINET IO ...)
	NOT-FOR-US: Siemens
CVE-2016-7113 (A vulnerability has been identified in Firmware variant PROFINET IO ...)
	NOT-FOR-US: Siemens
CVE-2016-7112 (A vulnerability has been identified in Firmware variant PROFINET IO ...)
	NOT-FOR-US: Siemens
CVE-2015-8960 (The TLS protocol 1.2 and earlier supports the rsa_fixed_dh, ...)
	NOTE: Vulnerability "in the TLS documentation", not assigned to a specific source/implentation
	NOTE: https://www.usenix.org/system/files/conference/woot15/woot15-paper-hlauschek.pdf
CVE-2015-8956 (The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.2.1-1
	NOTE: Fixed by: https://git.kernel.org/linus/951b6a0717db97ce420547222647bcc40bf1eacd (4.2-rc1)
CVE-2015-8955 (arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/8fff105e13041e49b82f92eef034f363a6b1c071 (4.1-rc1)
CVE-2016-10057 (Buffer overflow in the WriteGROUP4Image function in coders/tiff.c in ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10056 (Buffer overflow in the sixel_decode function in coders/sixel.c in ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10055 (Buffer overflow in the WritePDBImage function in coders/pdb.c in ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10054 (Buffer overflow in the WriteMAPImage function in coders/map.c in ...)
	{DSA-3675-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836172)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/10b3823a7619ed22d42764733eb052c4159bc8c1
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10053 (The WriteTIFFImage function in coders/tiff.c in ImageMagick before ...)
	{DSA-3675-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836171)
	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/f983dcdf9c178e0cbc49608a78713c5669aa1bb5
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-7118 (fs/fcntl.c in the &quot;aufs 3.2.x+setfl-debian&quot; patch in the linux-image ...)
	{DLA-609-1}
	- linux <not-affected>
	NOTE: Bit of complicated tracking information. For jessie the affected version is not in any yet
	NOTE: released version, thus should be n/a. wheezy OTOH, has already the issue in a released version. Issue then was fixed in 3.2.81-2 in DLA-609-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/31/1
CVE-2016-7116 (Directory traversal vulnerability in hw/9pfs/9p.c in QEMU (aka Quick ...)
	{DLA-619-1 DLA-618-1}
	- qemu 1:2.6+dfsg-3.1 (bug #836502)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=56f101ecce0eafd09e2daf1c4eeb1377d6959261
	NOTE: May as well need: http://git.qemu.org/?p=qemu.git;a=commit;h=fff39a7ad09da07ef490de05c92c91f22f8002f2
CVE-2016-7110 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7109 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 allows ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7108 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7107 (Huawei Unified Maintenance Audit (UMA) before V200R001C00SPC200 SPH206 ...)
	NOT-FOR-US: Huawei UMA
CVE-2016-7106
	RESERVED
CVE-2016-7105
	RESERVED
CVE-2016-7104
	RESERVED
CVE-2016-7102 (ownCloud Desktop before 2.2.3 allows local users to execute arbitrary ...)
	NOT-FOR-US: ownCloud Desktop
CVE-2016-7101 (The SGI coder in ImageMagick before 7.0.2-10 allows remote attackers ...)
	{DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #836776)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u5
CVE-2016-7100
	RESERVED
CVE-2016-7099 (The tls.checkServerIdentity function in Node.js 0.10.x before 0.10.47, ...)
	- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
	NOTE: https://nodejs.org/en/blog/vulnerability/september-2016-security-releases/
	NOTE: 0.10.x: https://github.com/nodejs/node/commit/0d7e21ee7bcc79046f898f8c202d2ec87d23d711
	NOTE: 4.x: https://github.com/nodejs/node/commit/3ff82deb2c3bd580d64be75dbafe460393c952fb
CVE-2016-7096
	RESERVED
CVE-2016-7095 (Exponent CMS before 2.3.9 is vulnerable to an attacker uploading a ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-7111 (MantisBT before 1.3.1 and 2.x before 2.0.0-beta.2 uses a weak Content ...)
	- mantis <not-affected> (Vulnerable code introduced in 1.3.0-rc.2)
	NOTE: https://github.com/mantisbt/mantisbt/commit/b3511d2feb47eaee41feb5f69cf3c8a2c9acd229
	NOTE: https://mantisbt.org/bugs/view.php?id=21263
CVE-2016-7103 (Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 ...)
	- jqueryui 1.12.1+dfsg-1
	[jessie] - jqueryui <no-dsa> (Minor issue)
	[wheezy] - jqueryui <no-dsa> (Minor issue)
	NOTE: https://nodesecurity.io/advisories/127
	NOTE: https://github.com/jquery/jquery-ui/pull/1622
	NOTE: https://github.com/jquery/jquery-ui/pull/1632
	NOTE: https://github.com/jquery/api.jqueryui.com/issues/281
CVE-2016-7094 (Buffer overflow in Xen 4.7.x and earlier allows local x86 HVM guest OS ...)
	{DSA-3663-1 DLA-614-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-187.html
CVE-2016-7093 (Xen 4.5.3, 4.6.3, and 4.7.x allow local HVM guest OS administrators to ...)
	- xen <not-affected> (Affects only 4.7.0 and later; 4.6.3 and 4.5.3)
	NOTE: http://xenbits.xen.org/xsa/advisory-186.html
CVE-2016-7092 (The get_page_from_l3e function in arch/x86/mm.c in Xen allows local ...)
	{DSA-3663-1 DLA-614-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-185.html
CVE-2016-7090 (The integrated web server on Siemens SCALANCE M-800 and S615 modules ...)
	NOT-FOR-US: Siemens
CVE-2016-7098 (Race condition in wget 1.17 and earlier, when used in recursive or ...)
	- wget 1.18-4 (low; bug #836503)
	[jessie] - wget <no-dsa> (Minor issue)
	[wheezy] - wget <no-dsa> (Minor issue)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=9ffb64ba6a8121909b01e984deddce8d096c498d
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=690c47e3b18c099843cdf557a0425d701fca4957
CVE-2016-7097 (The filesystem implementation in the Linux kernel through 4.8.2 ...)
	{DLA-772-1}
	- linux 4.7.8-1
	[jessie] - linux 3.16.39-1
	NOTE: http://www.spinics.net/lists/linux-fsdevel/msg98328.html
	NOTE: http://marc.info/?l=linux-fsdevel&m=147162313630259&w=2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1368938
	NOTE: Fixed by: https://git.kernel.org/linus/073931017b49d9458aa351605b43a7e34598caef
CVE-2016-7091 (sudo: It was discovered that the default sudo configuration on Red Hat ...)
	- sudo <not-affected> (Debian not including INPUTRC in /etc/sudoers)
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1339935
	NOTE: The scope of this CVE is the entire 'INPUTRC should
	NOTE: not be included in "env_keep" at all, or else somehow restricted'
	NOTE: problem, which has both the information disclosure and segmentation
	NOTE: fault outcomes.
	NOTE: Debian does not include INPUTRC by default in /etc/sudoers
CVE-2016-7089 (WatchGuard RapidStream appliances allow local users to gain privileges ...)
	NOT-FOR-US: WatchGuard
CVE-2016-7088
	RESERVED
CVE-2016-7087 (Directory traversal vulnerability in the Connection Server in VMware ...)
	NOT-FOR-US: VMware
CVE-2016-7086 (The installer in VMware Workstation Pro 12.x before 12.5.0 and VMware ...)
	NOT-FOR-US: VMware
CVE-2016-7085 (Untrusted search path vulnerability in the installer in VMware ...)
	NOT-FOR-US: VMware
CVE-2016-7084 (tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware ...)
	NOT-FOR-US: VMware
CVE-2016-7083 (VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation ...)
	NOT-FOR-US: VMware
CVE-2016-7082 (VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation ...)
	NOT-FOR-US: VMware
CVE-2016-7081 (Multiple heap-based buffer overflows in VMware Workstation Pro 12.x ...)
	NOT-FOR-US: VMware
CVE-2016-7080 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
	NOT-FOR-US: VMware
CVE-2016-7079 (The graphic acceleration functions in VMware Tools 9.x and 10.x before ...)
	NOT-FOR-US: VMware
CVE-2016-7078
	RESERVED
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/16982
CVE-2016-7077
	RESERVED
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/16971
CVE-2016-7076 [noexec bypass via wordexp()]
	RESERVED
	{DLA-707-1}
	- sudo 1.8.18p1-1 (bug #842507)
	[jessie] - sudo <no-dsa> (Minor issue)
	NOTE: https://www.sudo.ws/alerts/noexec_wordexp.html
	NOTE: https://www.sudo.ws/repos/sudo/rev/e7d09243e51b
	NOTE: https://www.sudo.ws/repos/sudo/rev/7b8357b0a358
	NOTE: https://www.sudo.ws/repos/sudo/rev/167a518d8129
	NOTE: Might need as well: https://bugzilla.sudo.ws/show_bug.cgi?id=761
CVE-2016-7075
	RESERVED
	- kubernetes 1.5.5+dfsg-1 (bug #795652)
	NOTE: https://github.com/kubernetes/kubernetes/issues/34517
CVE-2016-7074
	RESERVED
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7073
	RESERVED
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	[jessie] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	[wheezy] - pdns-recursor <not-affected> (Only >= 4.0.0 affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-04/
CVE-2016-7072
	RESERVED
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-03/
CVE-2016-7071
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-7070
	RESERVED
CVE-2016-7069 [Crafted backend responses can cause a denial of service]
	RESERVED
	- dnsdist 1.2.0-1 (low; bug #872854)
	[stretch] - dnsdist 1.1.0-2+deb9u1
	NOTE: https://dnsdist.org/security-advisories/powerdns-advisory-for-dnsdist-2017-01.html
	NOTE: https://downloads.powerdns.com/patches/2017-01
CVE-2016-7068
	RESERVED
	{DSA-3764-1 DSA-3763-1 DLA-798-1 DLA-788-1}
	- pdns 4.0.2-1
	- pdns-recursor 4.0.4-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
CVE-2016-7067 [CSRF]
	RESERVED
	{DLA-732-1}
	- monit 1:5.20.0-1
	[jessie] - monit <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/tildeslash/monit/commits/c6ec3820e627f85417053e6336de2987f2d863e3?at=master
	NOTE: Although configured only on localhost, the httpd service is started by
	NOTE: default and accessible.
CVE-2016-7066
	RESERVED
	NOT-FOR-US: admin-cli / jboss-cli in Red Hat
CVE-2016-7065 (The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) ...)
	NOT-FOR-US: Red Hat JBoss EAP
CVE-2016-7064
	RESERVED
CVE-2016-7063
	RESERVED
CVE-2016-7062 (rhscon-ceph in Red Hat Storage Console 2 x86_64 and Red Hat Storage ...)
	NOT-FOR-US: Red Hat rhscon-core
CVE-2016-7061
	RESERVED
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2016-7060 (The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does ...)
	NOT-FOR-US: Red Hat QCI
CVE-2016-7059
	REJECTED
CVE-2016-7058
	REJECTED
CVE-2016-7057
	REJECTED
CVE-2016-7056 [ECDSA P-256 timing attack key recovery]
	RESERVED
	{DSA-3773-1 DLA-814-1}
	- openssl 1.0.2a-1
	- openssl1.0 <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://eprint.iacr.org/2016/1195.pdf
	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=f54be179aa4cbbd944728771d7d59ed588158a12
	NOTE: Fixed by: https://git.openssl.org/?p=openssl.git;a=commit;h=8aed2a7548362e88e84a7feb795a3a97e8395008 (OpenSSL_1_0_2-beta3)
CVE-2016-7055 (There is a carry propagating bug in the Broadwell-specific Montgomery ...)
	- openssl 1.1.0c-1 (low)
	[jessie] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2 and 1.1.0)
	- openssl1.0 1.0.2k-1 (low)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=2fac86d9abeaa643677d1ffd0a139239fdf9406a
CVE-2016-7054 (In OpenSSL 1.1.0 before 1.1.0c, TLS connections using ...)
	- openssl 1.1.0c-1
	[jessie] - openssl <not-affected> (Only affects 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
	- openssl1.0 <not-affected> (Only affects 1.1.0)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
CVE-2016-7053 (In OpenSSL 1.1.0 before 1.1.0c, applications parsing invalid CMS ...)
	- openssl 1.1.0c-1
	[jessie] - openssl <not-affected> (Only affects 1.1.0)
	[wheezy] - openssl <not-affected> (Only affects 1.1.0)
	- openssl1.0 <not-affected> (Only affects 1.1.0)
	NOTE: https://www.openssl.org/news/secadv/20161110.txt
CVE-2016-7052 (crypto/x509/x509_vfy.c in OpenSSL 1.0.2i allows remote attackers to ...)
	- openssl 1.0.2j-1
	[jessie] - openssl <not-affected> (Introduced in 1.0.2i)
	[wheezy] - openssl <not-affected> (Introduced in 1.0.2i)
	NOTE: https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-7051 (XmlMapper in the Jackson XML dataformat component (aka ...)
	- jackson-dataformat-xml 2.8.5-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378673#c7
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/issues/211
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/eeff2c312e9d4caa8c9f27b8f740c7529d00524a (2.7.8)
CVE-2016-7050 (SerializableProvider in RESTEasy in Red Hat Enterprise Linux Desktop ...)
	- resteasy 3.0.18-1
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <not-affected> (Fixed before initial release to Debian)
	NOTE: The SerializableProvider has been disabled by default in 3.0.17
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1378613
CVE-2016-7049
	RESERVED
CVE-2016-7048
	RESERVED
	NOT-FOR-US: interactive installer used in EnterpriseDB-supplied PostgreSQL packages
CVE-2016-7047
	RESERVED
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-7046 (Red Hat JBoss Enterprise Application Platform (EAP) 7, when operating ...)
	- undertow 1.4.3-1 (bug #838600)
	NOTE: https://github.com/undertow-io/undertow/commit/c518b5a1784061d807efedcef0a03fcd35a53de2
CVE-2016-7045 (The format_send_to_gui function in the format parsing code in Irssi ...)
	{DSA-3672-1}
	- irssi 0.8.20-1
	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
	NOTE: http://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7044 (The unformat_24bit_color function in the format parsing code in Irssi ...)
	{DSA-3672-1}
	- irssi 0.8.20-1
	[wheezy] - irssi <not-affected> (Introduced in 0.8.17-beta)
	NOTE: http://irssi.org/security/irssi_sa_2016.txt
CVE-2016-7043
	RESERVED
CVE-2016-7042 (The proc_keys_show function in security/keys/proc.c in the Linux ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373966
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1373499
	NOTE: https://git.kernel.org/linus/03dab869b7b239c4e013ec82aea22e181e441cfc
CVE-2016-7041
	RESERVED
	NOT-FOR-US: JBoss Drolls Workbench
CVE-2016-7040 (Red Hat CloudForms Management Engine 4.1 does not properly handle ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-7039 (The IP stack in the Linux kernel through 4.8.2 allows remote attackers ...)
	- linux 4.7.8-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fcd91dd449867c6bfe56a81cabba76b829fd05cd
	NOTE: Introduced by: https://git.kernel.org/linus/9b174d88c257150562b0101fcc6cb6c3cb74275c (v4.0-rc1)
	NOTE: Intorduced by: https://git.kernel.org/linus/66e5133f19e901a044fa5eaeeb6ecff4545839e5 (v4.2-rc1)
CVE-2016-7038 (In Moodle 2.x and 3.x, web service tokens are not invalidated when the ...)
	- moodle 2.7.16+dfsg-1
CVE-2016-7037 (The verify function in Encryption/Symmetric.php in Malcolm Fell jwt ...)
	NOT-FOR-US: Malcolm Fell jwt
CVE-2016-7036 (python-jose before 1.3.2 allows attackers to have unspecified impact ...)
	NOT-FOR-US: Python jose
CVE-2016-7035 [improper IPC guarding]
	RESERVED
	- pacemaker 1.1.15-3 (bug #843041)
	[wheezy] - pacemaker <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/ClusterLabs/pacemaker/pull/1166/commits/5a20855d6054ebaae590c09262b328d957cc1fc2
CVE-2016-7034 (The dashbuilder in Red Hat JBoss BPM Suite 6.3.2 does not properly ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-7033 (Multiple cross-site scripting (XSS) vulnerabilities in the admin pages ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-7032 (sudo_noexec.so in Sudo before 1.8.15 on Linux might allow local users ...)
	{DLA-707-1}
	- sudo 1.8.15-1
	[jessie] - sudo <no-dsa> (Minor issue)
	NOTE: https://www.sudo.ws/alerts/noexec_bypass.html
	NOTE: This CVE is for the bypass via system() and popen(). The wordpexp() bypass
	NOTE: is tracked under CVE-2016-7076.
	NOTE: https://www.sudo.ws/devel.html#1.8.15rc1
	NOTE: https://www.sudo.ws/repos/sudo/rev/58a5c06b5257
	NOTE: https://www.sudo.ws/repos/sudo/rev/a826cd7787e9
CVE-2016-7031 (The RGW code in Ceph before 10.0.1, when authenticated-read ACL is ...)
	- ceph 10.2.5-1 (bug #838026)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/13207
	NOTE: https://github.com/ceph/ceph/pull/6057
	NOTE: https://github.com/ceph/ceph/pull/11045
CVE-2016-7030 (FreeIPA uses a default password policy that locks an account after 5 ...)
	- freeipa 4.4.4-1 (bug #849970)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1370493
	NOTE: https://fedorahosted.org/freeipa/ticket/6561
	NOTE: Upstream patch: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=6f1d92746
	NOTE: Additional dependency: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=73f33569c
CVE-2016-7029
	RESERVED
CVE-2016-7027
	REJECTED
CVE-2016-7026
	REJECTED
CVE-2016-7025
	REJECTED
CVE-2016-7024
	REJECTED
CVE-2016-7023
	REJECTED
CVE-2016-7022
	REJECTED
CVE-2016-7021
	REJECTED
CVE-2016-7020 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-7019 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7018 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7017 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7016 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7015 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7014 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7013 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7012 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7011 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7010 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7009 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7008 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7007 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7006 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7005 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7004 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7003 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7002 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7001 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-7000 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6999 (Integer overflow in Adobe Reader and Acrobat before 11.0.18, Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2016-6998 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6997 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6996 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6995 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6994 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
	NOT-FOR-US: Adobe
CVE-2016-6993 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6992 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6991
	REJECTED
CVE-2016-6990 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6989 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6988 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 ...)
	NOT-FOR-US: Adobe
CVE-2016-6986 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6985 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6984 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6983 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6982 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-6981 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.382 ...)
	NOT-FOR-US: Adobe
CVE-2016-6980 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-6979 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6978 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6977 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6976 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6975 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6974 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6973 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6972 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6971 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6970 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6969 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6968 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6967 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6966 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6965 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6964 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6963 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6962 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6961 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6960 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6959 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6958 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6957 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6956 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6955 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6954 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6953 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6952 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6951 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6950 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6949 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6948 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6947 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6946 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6945 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6944 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6943 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6942 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6941 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6940 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6939 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.18, ...)
	NOT-FOR-US: Adobe
CVE-2016-6938 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-6937 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-6936 (Adobe AIR SDK &amp; Compiler before 23.0.0.257 on Windows does not support ...)
	NOT-FOR-US: Adobe
CVE-2016-6935 (Unquoted Windows search path vulnerability in Adobe Creative Cloud ...)
	NOT-FOR-US: Adobe
CVE-2016-6934 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle ...)
	NOT-FOR-US: Adobe
CVE-2016-6933 (Adobe Experience Manager Forms versions 6.2 and earlier, LiveCycle ...)
	NOT-FOR-US: Adobe
CVE-2016-6932 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6931 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6930 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6929 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6928
	REJECTED
CVE-2016-6927 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6926 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6925 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6924 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6923 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6922 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6921 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-6920 (Heap-based buffer overflow in the decode_block function in ...)
	- ffmpeg 7:3.1.3-1
	- libav <not-affected>
	NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6919
	RESERVED
CVE-2016-6918
	RESERVED
CVE-2016-6917 (Buffer overflow in nvhost_job.c in the NVIDIA video driver for ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6916 (Integer overflow in nvhost_job.c in the NVIDIA video driver for ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6915 (Stack-based buffer overflow in nvhost_job.c in the NVIDIA video driver ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6914 (Ubiquiti UniFi Video before 3.8.0 for Windows uses weak permissions ...)
	NOT-FOR-US: Ubiquiti UniFi Video
CVE-2016-6913 (Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before ...)
	NOT-FOR-US: OSSIM
CVE-2016-6912 (Double free vulnerability in the gdImageWebPtr function in the GD ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/libgd/libgd/commit/a49feeae76d41959d85ee733925a4cf40bac61b2
CVE-2016-6910 (The non-existent notification listener vulnerability was introduced in ...)
	NOT-FOR-US: Android build by Samsung
CVE-2016-6909 (Buffer overflow in the Cookie parser in Fortinet FortiOS 4.x before ...)
	NOT-FOR-US: Fortinet
CVE-2016-6908 (Characters from languages are such as Arabic, Hebrew are displayed ...)
	NOT-FOR-US: Opera
CVE-2016-6907
	RESERVED
CVE-2016-6906 (The read_image_tga function in gd_tga.c in the GD Graphics Library ...)
	{DSA-3777-1}
	- libgd2 2.2.4-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/fb0e0cce0b9f25389ab56604c3547351617e1415
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/58b6dde319c301b0eae27d12e2a659e067d80558
CVE-2016-6904 (Versions of VASA Provider for Clustered Data ONTAP prior to 7.0P1 ...)
	NOT-FOR-US: NetAPP
CVE-2016-6901 (Format string vulnerability in Huawei AR100, AR120, AR150, AR200, ...)
	NOT-FOR-US: Huawei Routers
CVE-2016-6900 (The Intelligent Baseboard Management Controller (iBMC) in Huawei ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6899 (The Intelligent Baseboard Management Controller (iBMC) in Huawei ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6898 (XML external entity (XXE) vulnerability in the Hyper Management Module ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6895
	REJECTED
CVE-2016-6894 (Arista EOS 4.15 before 4.15.8M, 4.16 before 4.16.7M, and 4.17 before ...)
	NOT-FOR-US: Arista EOS
CVE-2016-6892 (The x509FreeExtensions function in MatrixSSL before 3.8.6 allows ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6891 (MatrixSSL before 3.8.6 allows remote attackers to cause a denial of ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6890 (Heap-based buffer overflow in MatrixSSL before 3.8.6 allows remote ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: https://www.kb.cert.org/vuls/id/396440
CVE-2016-6889
	RESERVED
CVE-2016-6881 (The zlib_refill function in libavformat/swfdec.c in FFmpeg before ...)
	- ffmpeg 7:3.1.3-1 (unimportant)
	- libav <not-affected>
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/26/6
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/4770eac6
	NOTE: Vulnerable code not present in any Libav version.
CVE-2016-6902 (lshell 0.9.16 allows remote authenticated users to break out of a ...)
	- lshell <removed> (bug #834949)
	[wheezy] - lshell <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ghantoos/lshell/issues/147
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
	NOTE: As for 2016-08-23 https://github.com/ghantoos/lshell/issues/147#issuecomment-241366750 ist still
	NOTE: as well under the scope of CVE-2016-6902, until "there is further vendor followup
	NOTE: about issues/147" and possibly a new/additional CVE assignment.
CVE-2016-6903 (lshell 0.9.16 allows remote authenticated users to break out of a ...)
	- lshell <removed> (bug #834946)
	[wheezy] - lshell <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ghantoos/lshell/issues/149
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/22/15
CVE-2016-6897 (Cross-site request forgery (CSRF) vulnerability in the ...)
	- wordpress 4.6.1+dfsg-1 (bug #837090)
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: http://seclists.org/oss-sec/2016/q3/347
	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-6896 (Directory traversal vulnerability in the wp_ajax_update_plugin ...)
	- wordpress 4.6.1+dfsg-1 (bug #837090)
	[jessie] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	[wheezy] - wordpress <not-affected> (wp_ajax_update_plugin function introduced in 4.2)
	NOTE: http://seclists.org/oss-sec/2016/q3/347
	NOTE: https://sumofpwn.nl/advisory/2016/path_traversal_vulnerability_in_wordpress_core_ajax_handlers.html
	NOTE: https://core.trac.wordpress.org/changeset/38168
CVE-2016-6893 (Cross-site request forgery (CSRF) vulnerability in the user options ...)
	{DSA-3668-1 DLA-608-1}
	- mailman 1:2.1.23-1 (bug #835970)
	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000225.html
	NOTE: https://bugs.launchpad.net/mailman/+bug/1614841
	NOTE: https://mail.python.org/pipermail/mailman-announce/2016-August/000226.html
CVE-2016-6880
	RESERVED
CVE-2016-6879 (The X509_Certificate::allowed_usage function in botan 1.11.x before ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.31
CVE-2016-6878 (The Curve25519 code in botan before 1.11.31, on systems without a ...)
	- botan1.10 <not-affected> (Introduced in 1.11.12)
	NOTE: Introduced in 1.11.12, fixed in 1.11.31
CVE-2016-6877 (** DISPUTED ** Citrix XenMobile Server before 10.5.0.24 allows ...)
	NOT-FOR-US: Citrix
CVE-2016-6876 (The RESOLV::lookup iRule command in F5 BIG-IP LTM, APM, ASM, and Link ...)
	NOT-FOR-US: F5
CVE-2016-6869
	RESERVED
CVE-2016-6868
	RESERVED
CVE-2016-6867
	RESERVED
CVE-2016-6865
	RESERVED
CVE-2016-6864
	RESERVED
CVE-2016-6863
	RESERVED
CVE-2016-6862
	RESERVED
CVE-2016-6861
	RESERVED
CVE-2016-6860
	RESERVED
CVE-2016-6859 (Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6858 (Cross-site scripting (XSS) vulnerability in the Create Employee ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6857 (Cross-site scripting (XSS) vulnerability in the Create Catalogue ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6856 (Cross-site scripting (XSS) vulnerability in the Inbox Search feature ...)
	NOT-FOR-US: SAP Hybris
CVE-2016-6855 (Eye of GNOME (aka eog) 3.16.5, 3.17.x, 3.18.x before 3.18.3, 3.19.x, ...)
	{DLA-605-1}
	- eog 3.20.4-1
	[jessie] - eog <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=770143
	NOTE: https://git.gnome.org/browse/eog/commit/?id=e99a8c00f959652fe7c10e2fa5a3a7a5c25e6af4
CVE-2016-6854 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6853 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6852 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6851 (An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6850 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6849
	RESERVED
CVE-2016-6848 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6847 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6846 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6845 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6844 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6843 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6842 (An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-6841
	RESERVED
CVE-2016-6840 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Huawei
CVE-2016-6839 (CRLF injection vulnerability in Huawei FusionAccess before V100R006C00 ...)
	NOT-FOR-US: Huawei FusionAccess
CVE-2016-6838 (Huawei X6800 and XH620 V3 servers with software before ...)
	NOT-FOR-US: Huawei FusionServer
CVE-2016-6829 (The trove service user in (1) Openstack deployment (aka ...)
	NOT-FOR-US: Crowbar Framework
CVE-2016-6827 (Huawei FusionCompute before V100R005C10CP7002 stores cleartext AES ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2016-6826 (Huawei AnyMail before 2.6.0301.0060 allows remote attackers to cause a ...)
	NOT-FOR-US: Huawei AnyMail
CVE-2016-6825 (Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before ...)
	NOT-FOR-US: Huawei FusionServer Node
CVE-2016-6824 (Huawei AC6003, AC6005, AC6605, and ACU2 access controllers with ...)
	NOT-FOR-US: Huawei Campus Switch
CVE-2016-6888 (Integer overflow in the net_tx_pkt_init function in ...)
	- qemu 1:2.6+dfsg-3.1 (bug #834902)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg03176.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=47882fa4975bf0b58dd74474329fdd7154e8f04c
CVE-2016-6875 (Infinite recursion in wddx in Facebook HHVM before 3.15.0 allows ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/1888810e77b446a79a7674784d5f139fcfa605e2
CVE-2016-6874 (The array_*_recursive functions in Facebook HHVM before 3.15.0 allows ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/05e706d98f748f609b19d8697e490eaab5007d69
CVE-2016-6873 (Self recursion in compact in Facebook HHVM before 3.15.0 allows ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/e264f04ae825a5d97758130cf8eec99862517e7e
CVE-2016-6872 (Integer overflow in StringUtil::implode in Facebook HHVM before 3.15.0 ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/2c9a8fcc73a151608634d3e712973d192027c271
CVE-2016-6871 (Integer overflow in bcmath in Facebook HHVM before 3.15.0 allows ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/c00fc9d3003eb06226b58b6a48555f1456ee2475
CVE-2016-6870 (Out-of-bounds write in the (1) mb_detect_encoding, (2) mb_send_mail, ...)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://github.com/facebook/hhvm/commit/365abe807cab2d60dc9ec307292a06181f77a9c2
CVE-2016-6866 (slock allows attackers to bypass the screen lock via vectors involving ...)
	{DLA-598-1}
	- suckless-tools 41-1
	[jessie] - suckless-tools 40-1+deb8u2
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/18/22
	NOTE: http://s1m0n.dft-labs.eu/files/slock/
	NOTE: Starting with 41-1 slock.c got patched to use PAM, cf. #739629
	NOTE: and with the patch readpw(dpy, pws) is not called anymore, and
	NOTE: thus in readpw, not calling crypt(passwd, pws) with a possibly
	NOTE: empty pws.
CVE-2016-6837 (Cross-site scripting (XSS) vulnerability in MantisBT Filter API in ...)
	- mantis <removed>
	[wheezy] - mantis <end-of-life> (unsupported)
	NOTE: https://mantisbt.org/bugs/view.php?id=21611
	NOTE: https://github.com/mantisbt/mantisbt/commit/7086c2d8b4b20ac14013b36761ac04f0abf21a4e
CVE-2016-6832 (Heap-based buffer overflow in the ff_audio_resample function in ...)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://blogs.gentoo.org/ago/2016/08/07/libav-heap-based-buffer-overflow-in-ff_audio_resample-resample-c/
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=0ac8ff618c5e6d878c547a8877e714ed728950ce
	NOTE: Claimed to not affect ffmpeg
CVE-2016-6831 (The &quot;process-execute&quot; and &quot;process-spawn&quot; procedures did not free ...)
	{DLA-643-1}
	- chicken 4.12.0-0.2 (bug #834845)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: Fixed in the same upstream patch which is provided for CVE-2016-6830
CVE-2016-6830 (The &quot;process-execute&quot; and &quot;process-spawn&quot; procedures in CHICKEN Scheme ...)
	{DLA-643-1}
	- chicken 4.12.0-0.2 (bug #834845)
	[stretch] - chicken <no-dsa> (Minor issue)
	[jessie] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2016-08/msg00001.html
	NOTE: https://lists.nongnu.org/archive/html/chicken-hackers/2016-07/txtSWHYeFeG0R.txt
	NOTE: http://bugs.call-cc.org/ticket/1308
CVE-2016-6828 (The tcp_check_send_head function in include/net/tcp.h in the Linux ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/bb1fceca22492109be12640d49f5ea5a544c6bb4
CVE-2016-6822
	RESERVED
CVE-2016-6821
	RESERVED
CVE-2016-6820 (MetroCluster Tiebreaker for clustered Data ONTAP in versions before ...)
	NOT-FOR-US: MetroCluster Tiebreaker
CVE-2016-6819
	RESERVED
CVE-2016-6818 (SQL injection vulnerability in SAP Business Intelligence platform ...)
	NOT-FOR-US: SAP
CVE-2016-6817 (The HTTP/2 header parser in Apache Tomcat 9.0.0.M1 to 9.0.0.M11 and ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 <not-affected> (Only affects 9.x and 8.5.x)
	- tomcat7 <not-affected> (Only affects 9.x and 8.5.x)
	- tomcat6 <not-affected> (Only affects 9.x and 8.5.x)
CVE-2016-6816 (The code in Apache Tomcat 9.0.0.M1 to 9.0.0.M11, 8.5.0 to 8.5.6, ...)
	{DSA-3739-1 DSA-3738-1 DLA-729-1 DLA-728-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.39-1
	- tomcat7 7.0.72-3
	NOTE: Since 7.0.72-3, src:tomcat7 only builds the Servlet API
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: Fixed by: http://svn.apache.org/r1767653 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767675 (7.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1767683 (6.0.x)
CVE-2016-6815 (In Apache Ranger before 0.6.2, users with &quot;keyadmin&quot; role should not ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-6814 (When an application with unsupported Codehaus versions of Groovy from ...)
	{DLA-794-1}
	- groovy 2.4.8-1 (bug #851408)
	[jessie] - groovy 1.8.6-4+deb8u2
	- groovy2 <removed>
	[jessie] - groovy2 2.2.2+dfsg-3+deb8u2
CVE-2016-6813 (Apache CloudStack 4.1 to 4.8.1.0 and 4.9.0.0 contain an API call ...)
	NOT-FOR-US: Apache CloudStack
CVE-2016-6812 (The HTTP transport module in Apache CXF prior to 3.0.12 and 3.1.x ...)
	NOT-FOR-US: Apache CXF
CVE-2016-6811 (In Apache Hadoop 2.x before 2.7.4, a user who can escalate to yarn ...)
	- hadoop <itp> (bug #793644)
	NOTE: http://www.openwall.com/lists/oss-security/2018/05/01/2
CVE-2016-6810 (In Apache ActiveMQ 5.x before 5.14.2, an instance of a cross-site ...)
	- activemq 5.14.2+dfsg-1 (unimportant)
	NOTE: Admin console not enabled in the Debian package, see #702670
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-6810-announcement.txt
	NOTE: http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000245.html
	NOTE: https://jvn.jp/en/jp/JVN78980598/index.html
CVE-2016-6809 (Apache Tika before 1.14 allows Java code execution for serialized ...)
	- tika <not-affected> (Matlab file parser introduced in 1.6)
	NOTE: http://seclists.org/bugtraq/2016/Nov/40
CVE-2016-6808 (Buffer overflow in Apache Tomcat Connectors (mod_jk) before 1.2.42. ...)
	- libapache-mod-jk <not-affected> (Windows/IIS vhost handling specific issue)
	NOTE: Fixed by: http://svn.apache.org/r1762057
	NOTE: https://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.42
	NOTE: This is though only Windows/IIS specific, thus marked as not-affected, cf. #840000
CVE-2016-6807 (Custom commands may be executed on Ambari Agent (2.4.x, before 2.4.2) ...)
	NOT-FOR-US: Ambari Agent
CVE-2016-6806 (Apache Wicket 6.x before 6.25.0, 7.x before 7.5.0, and 8.0.0-M1 ...)
	NOT-FOR-US: Apache Wicket
CVE-2016-6805 (Apache Ignite before 1.9 allows man-in-the-middle attackers to read ...)
	NOT-FOR-US: Apache Ignite
CVE-2016-6804 (The Apache OpenOffice installer (versions prior to 4.1.3, including ...)
	NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6803 (An installer defect known as an &quot;unquoted Windows search path ...)
	NOT-FOR-US: Apache OpenOffice installer for Windows
CVE-2016-6802 (Apache Shiro before 1.3.2 allows attackers to bypass intended servlet ...)
	- shiro 1.3.2-1
	[jessie] - shiro <no-dsa> (Minor issue)
CVE-2016-6801 (Cross-site request forgery (CSRF) vulnerability in the CSRF ...)
	{DSA-3679-1 DLA-629-1}
	- jackrabbit 2.12.4-1 (bug #838204)
	NOTE: http://svn.apache.org/r1758791 (2.4.x)
	NOTE: http://svn.apache.org/r1758771 (2.6.x)
	NOTE: http://svn.apache.org/r1758764 (2.8.x)
CVE-2016-6800 (The default configuration of the OFBiz framework offers a blog ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-6799 (Product: Apache Cordova Android 5.2.2 and earlier. The application ...)
	NOT-FOR-US: Apache Cordova
CVE-2016-6798 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
	NOT-FOR-US: Apache Sling
CVE-2016-6797 (The ResourceLinkFactory implementation in Apache Tomcat 9.0.0.M1 to ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842666)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/wrku5orwxfpt5mzl?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1757273 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1757275 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1757285 (6.0.x)
CVE-2016-6796 (A malicious web application running on Apache Tomcat 9.0.0.M1 to ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842665)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/hynaeawxxhpvvctu?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1758494 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1758495 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758496 (6.0.x)
CVE-2016-6795 (In the Convention plugin in Apache Struts 2.3.20 through 2.3.30, it is ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life> (no longer supported)
	NOTE: https://struts.apache.org/docs/s2-042.html
CVE-2016-6794 (When a SecurityManager is configured, a web application's ability to ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842664)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/zk7w6yly5mviocci?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1754727 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1754728 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1754733 (6.0.x)
CVE-2016-6793 (The DiskFileItem class in Apache Wicket 6.x before 6.25.0 and 1.5.x ...)
	NOT-FOR-US: Apache Wicket
CVE-2015-8954 (The MemcmpLowercase function in Suricata before 2.0.6 improperly ...)
	- suricata 2.0.6-1 (bug #777523)
	[wheezy] - suricata <no-dsa> (Minor issue)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1364
CVE-2015-8953 (fs/overlayfs/copy_up.c in the Linux kernel before 4.2.6 uses an ...)
	- linux 4.2.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/ab79efab0a0ba01a74df782eb7fa44b044dae8b5 (v4.3)
CVE-2015-8952 (The mbcache feature in the ext2 and ext4 filesystem implementations in ...)
	- linux 4.6.1-1 (low)
	[jessie] - linux <ignored> (Minor issue and too intrusive to backport, workaround exists with the no_mbcache mount flag)
	[wheezy] - linux <no-dsa> (Minor issue and too intrusive to backport)
	NOTE: https://git.kernel.org/linus/f9a61eb4e2471c56a63cd804c7474128138c38ac (v4.6-rc1)
	NOTE: https://git.kernel.org/linus/82939d7999dfc1f1998c4b1c12e2f19edbdff272 (v4.6-rc1)
	NOTE: https://git.kernel.org/linus/be0726d33cb8f411945884664924bed3cb8c70ee (v4.6-rc1)
CVE-2015-8951 (Multiple use-after-free vulnerabilities in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6823 (Integer overflow in the BMP coder in ImageMagick before 7.0.2-10 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834504)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4cc6ec8a4197d4c008577127736bf7985d632323
CVE-2016-10052 (Buffer overflow in the WriteProfile function in coders/jpeg.c in ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834501)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9e187b73a8a1290bb0e1a1c878f8be1917aa8742
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6792
	RESERVED
CVE-2016-6791 (An elevation of privilege vulnerability in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6790 (An elevation of privilege vulnerability in the NVIDIA libomx library ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6789 (An elevation of privilege vulnerability in the NVIDIA libomx library ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6788 (An elevation of privilege vulnerability in the MediaTek I2C driver ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6787 (kernel/events/core.c in the performance subsystem in the Linux kernel ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6786 (kernel/events/core.c in the performance subsystem in the Linux kernel ...)
	{DSA-3791-1 DLA-833-1}
	- linux 4.0.2-1
	NOTE: Fixed by: https://git.kernel.org/linus/f63a8daa5812afef4f06c962351687e1ff9ccb2b (v4.0-rc1)
CVE-2016-6785 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6784 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6783 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6782 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6781 (An elevation of privilege vulnerability in the MediaTek driver could ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-6780 (An elevation of privilege vulnerability in the HTC sound codec driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6779 (An elevation of privilege vulnerability in the HTC sound codec driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6778 (An elevation of privilege vulnerability in the HTC sound codec driver ...)
	NOT-FOR-US: HTC driver for Android
CVE-2016-6777 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6776 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6775 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6774 (An information disclosure vulnerability in Package Manager could ...)
	NOT-FOR-US: Android
CVE-2016-6773 (An information disclosure vulnerability in the ih264d decoder in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6772 (An elevation of privilege vulnerability in Wi-Fi could enable a local ...)
	NOT-FOR-US: Android
CVE-2016-6771 (An elevation of privilege vulnerability in Telephony could enable a ...)
	NOT-FOR-US: Android
CVE-2016-6770 (An elevation of privilege vulnerability in the Framework API could ...)
	NOT-FOR-US: Android
CVE-2016-6769 (An elevation of privilege vulnerability in Smart Lock could enable a ...)
	NOT-FOR-US: Android
CVE-2016-6768 (A remote code execution vulnerability in the Framesequence library ...)
	NOT-FOR-US: Android
CVE-2016-6767 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6766 (A denial of service vulnerability in libmedia and libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2016-6765 (A denial of service vulnerability in libstagefright in Mediaserver ...)
	NOT-FOR-US: libstagefright
CVE-2016-6764 (A denial of service vulnerability in Mediaserver could enable an ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6763 (A denial of service vulnerability in Telephony could enable a local ...)
	NOT-FOR-US: Android
CVE-2016-6762 (An elevation of privilege vulnerability in the libziparchive library ...)
	- android-platform-system-core 1:7.0.0+r1-1
	[jessie] - android-platform-system-core <not-affected> (Vulnerable code not present)
CVE-2016-6761 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6760 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6759 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6758 (An elevation of privilege vulnerability in Qualcomm media codecs could ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6757 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6756 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6755 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6754 (A remote code execution vulnerability in Webview in Android 5.0.x ...)
	NOT-FOR-US: Webview for Android
CVE-2016-6753 (An information disclosure vulnerability in kernel components, ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-11-01.html
CVE-2016-6752 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6751 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6750 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6749 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6748 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6747 (A denial of service vulnerability in Mediaserver in Android before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6746 (An information disclosure vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6745 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6744 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6743 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6742 (An elevation of privilege vulnerability in the Synaptics touchscreen ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-6741 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6740 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6739 (An elevation of privilege vulnerability in the Qualcomm camera driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6738 (An elevation of privilege vulnerability in the Qualcomm crypto engine ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6737 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6736 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6735 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6734 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6733 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6732 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6731 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6730 (An elevation of privilege vulnerability in the NVIDIA GPU driver in ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6729 (An elevation of privilege vulnerability in the Qualcomm bootloader in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6728 (An elevation of privilege vulnerability in the kernel ION subsystem in ...)
	NOT-FOR-US: Rowhammer hardware vulnerability on Android devices
	NOTE: https://www.vusec.net/projects/drammer/
CVE-2016-6727 (The Qualcomm GPS subsystem in Android on Android One devices allows ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6726 (Unspecified vulnerability in Qualcomm components in Android on Nexus 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6725 (A remote code execution vulnerability in the Qualcomm crypto driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6724 (A denial of service vulnerability in the Input Manager Service in ...)
	NOT-FOR-US: Android
CVE-2016-6723 (A denial of service vulnerability in Proxy Auto Config in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-6722 (An information disclosure vulnerability in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2016-6721 (An information disclosure vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6720 (An information disclosure vulnerability in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2016-6719 (An elevation of privilege vulnerability in the Bluetooth component in ...)
	NOT-FOR-US: Android
CVE-2016-6718 (An elevation of privilege vulnerability in the Account Manager Service ...)
	NOT-FOR-US: Android
CVE-2016-6717 (An elevation of privilege vulnerability in Mediaserver in Android 4.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6716 (An elevation of privilege vulnerability in the AOSP Launcher in ...)
	NOT-FOR-US: Android
CVE-2016-6715 (An elevation of privilege vulnerability in the Framework APIs in ...)
	NOT-FOR-US: Android
CVE-2016-6714 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6713 (A remote denial of service vulnerability in Mediaserver in Android 6.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6712 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minpr issue)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/fdb1b40e7bb147c07bda988c9501ad223795d12d
CVE-2016-6711 (A remote denial of service vulnerability in libvpx in Mediaserver in ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minpr issue)
	[wheezy] - libvpx <no-dsa> (Minor issue)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: Wheezy is confirmed (by code inspection) to have vulnerable source.
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693
CVE-2016-6710 (An information disclosure vulnerability in the download manager in ...)
	NOT-FOR-US: Android
CVE-2016-6709 (An information disclosure vulnerability in Conscrypt and BoringSSL in ...)
	NOT-FOR-US: Android
CVE-2016-6708 (An elevation of privilege in the System UI in Android 7.0 before ...)
	NOT-FOR-US: Android
CVE-2016-6707 (An elevation of privilege vulnerability in System Server in Android ...)
	NOT-FOR-US: Android
CVE-2016-6706 (An elevation of privilege vulnerability in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2016-6705 (An elevation of privilege vulnerability in Mediaserver in Android ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6704 (An elevation of privilege vulnerability in Mediaserver in Android 4.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-6703 (A remote code execution vulnerability in an Android runtime library in ...)
	NOT-FOR-US: Android
CVE-2016-6702 (A remote code execution vulnerability in libjpeg in Android 4.x before ...)
	- libjpeg-turbo <not-affected> (Android-specific patch, jpeg_open_backing_store in standard releases is just a stub)
CVE-2016-6701 (A remote code execution vulnerability in libskia in Android 7.0 before ...)
	- skia <itp> (bug #818180)
CVE-2016-6700 (An elevation of privilege vulnerability in libzipfile in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-6699 (A remote code execution vulnerability in libstagefright in Mediaserver ...)
	NOT-FOR-US: libstagefright
CVE-2016-6698 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6697
	RESERVED
CVE-2016-6696 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6695 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6694 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6693 (sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6692 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6691 (service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6690 (The sound driver in the kernel in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Sound driver for Android
CVE-2016-6689 (Binder in the kernel in Android before 2016-10-05 on Nexus devices ...)
	NOT-FOR-US: Android Binder
CVE-2016-6688 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6687 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6686 (The NVIDIA profiler in Android before 2016-10-05 on Nexus 9 devices ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6685 (The kernel in Android before 2016-10-05 on Nexus 6P devices allows ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6684 (The kernel in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6683 (The kernel in Android before 2016-10-05 on Nexus devices allows ...)
	NOT-FOR-US: Android kernel for Nexus devices
CVE-2016-6682 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6681 (drivers/misc/qcom/qdsp6v2/audio_utils.c in a Qualcomm QDSP6v2 driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6680 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6679 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6678 (The Motorola USBNet driver in Android before 2016-10-05 on Nexus 6 ...)
	NOT-FOR-US: Motorola driver for Android
CVE-2016-6677 (The NVIDIA GPU driver in Android before 2016-10-05 on Nexus 9 devices ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6676 (Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6675 (Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-6674 (system_server in Android before 2016-10-05 on Nexus devices allows ...)
	- android <itp> (bug #459219)
CVE-2016-6673 (The NVIDIA camera driver in Android before 2016-10-05 on Nexus 9 ...)
	NOT-FOR-US: Nvidia driver for Android
CVE-2016-6672 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2015-8950 (arch/arm64/mm/dma-mapping.c in the Linux kernel before 4.0.3, as used ...)
	- linux 4.0.4-1
	[jessie] - linux 3.16.7-ckt17-1
	[wheezy] - linux <not-affected> (Vulnerable code not present; arm64 introduced in 3.7)
	NOTE: Fixed by: https://git.kernel.org/linus/6829e274a623187c24f7cfc0e3d35f25d087fcc5 (4.1-rc2)
CVE-2016-10051 (Use-after-free vulnerability in the ReadPWPImage function in ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #834183)
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30245
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ecc03a2518c2b7dd375fde3a040fdae0bdf6a521
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6833 (Use-after-free vulnerability in the vmxnet3_io_bar0_write function in ...)
	- qemu 1:2.6+dfsg-3.1 (bug #834904)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=6c352ca9b4ee3e1e286ea9e8434bd8e69ac7d0d8
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01602.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/12/1
CVE-2016-6834 (The net_tx_pkt_do_sw_fragmentation function in hw/net/net_tx_pkt.c in ...)
	- qemu 1:2.6+dfsg-3.1 (bug #834905)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, packet abstraction introduced in 1.5)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ead315e43ea0c2ca3491209c6c8db8ce3f2bbe05
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg01601.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/8
CVE-2016-6835 (The vmxnet_tx_pkt_parse_headers function in hw/net/vmxnet_tx_pkt.c in ...)
	- qemu 1:2.6+dfsg-3.1 (bug #835031)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-stable/2016-08/msg00077.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/7
CVE-2016-6836 (The vmxnet3_complete_packet function in hw/net/vmxnet3.c in QEMU (aka ...)
	- qemu 1:2.6+dfsg-3.1 (bug #834944)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present, vmxnet3 introduced in 1.5)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-08/msg02108.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1366369
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/11/5
CVE-2016-6671 (The raw_decode function in libavcodec/rawdec.c in FFmpeg before 3.1.2 ...)
	- ffmpeg 7:3.1.2-1
CVE-2016-6670 (Huawei S7700, S9300, S9700, and S12700 devices with software before ...)
	NOT-FOR-US: Huawei
CVE-2016-6669 (Buffer overflow in the Authentication, Authorization and Accounting ...)
	NOT-FOR-US: Huawei
CVE-2016-6668 (The Atlassian Hipchat Integration Plugin for Bitbucket Server 6.26.0 ...)
	NOT-FOR-US: Atlassian Hipchat Integration Plugin for Bitbucket Server
CVE-2016-6667 (NetApp OnCommand Unified Manager for Clustered Data ONTAP 6.3 through ...)
	NOT-FOR-US: NetApp
CVE-2016-6666
	RESERVED
CVE-2016-6665
	RESERVED
CVE-2016-6664 (mysqld_safe in Oracle MySQL through 5.5.51, 5.6.x through 5.6.32, and ...)
	{DSA-3770-1}
	- mariadb-10.1 10.1.21-1 (bug #849435; bug #851759)
	- mariadb-10.0 <removed> (bug #842895; bug #851755)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: http://legalhackers.com/advisories/MySQL-Maria-Percona-RootPrivEsc-CVE-2016-6664-5617-Exploit.html
	NOTE: Possible fixed by: https://github.com/MariaDB/server/commit/684a165f28b3718160a3e4c5ebd18a465d85e97c
	NOTE: https://mariadb.com/blog/update-security-vulnerabilities-cve-2016-6663-and-cve-2016-6664-related-mariadb-server
CVE-2016-6663 (Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed by: https://github.com/MariaDB/server/commit/347eeefbfc658c8531878218487d729f4e020805
	NOTE: Fixed by: https://github.com/mysql/mysql-server/commit/4e5473862e6852b0f3802b0cd0c6fa10b5253291
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
	NOTE: Fixed in Oracle MySQL: 5.5.52, 5.6.33, and 5.7.15.
	NOTE: http://legalhackers.com/advisories/MySQL-MariaDB-PerconaDB-PrivEsc-Race-CVE-2016-6663-OCVE-2016-5616-Exploit.html
CVE-2016-6662 (Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through ...)
	{DSA-3666-1 DLA-624-1}
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1
	- mysql-5.5 <removed>
	NOTE: This will likely be split by MITRE, unclear what precisely maps to CVE-2016-6662
	NOTE: As well unclear which commits from https://bugzilla.redhat.com/show_bug.cgi?id=1375198#c5 are associated
	NOTE: yet to which CVE; those will unlikely made public before the next Oracle CPU.
	NOTE: https://marc.info/?l=oss-security&m=147367658314062&w=2
	NOTE: http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=998309
	NOTE: Fixed in upstream Oracle MySQL 5.5.52, 5.6.33 and 5.7.15
	NOTE: MariaDB: https://jira.mariadb.org/browse/MDEV-10465
	NOTE: Fixed in upstream MariaDB  5.5.51, 10.0.27, 10.1.17
	NOTE: PerconaDB: https://www.percona.com/blog/2016/09/12/database-affected-cve-2016-6662/
	NOTE: Although Oracle mentions this CVE only to be fixed in 5.5.53 this is not
	NOTE: true for src:mysql-5.5 as in Debian and other Linux distributions, so
	NOTE: this CVE should not be listed for a DSA/DLA based on 5.5.53, cf #841050
CVE-2016-6661
	RESERVED
CVE-2016-6660
	REJECTED
CVE-2016-6659 (Cloud Foundry before 248; UAA 2.x before 2.7.4.12, 3.x before 3.6.5, ...)
	NOT-FOR-US: Pivotal
CVE-2016-6658 (Applications in cf-release before 245 can be configured and pushed ...)
	NOT-FOR-US: cf-release
CVE-2016-6657 (An open redirect vulnerability has been detected with some Pivotal ...)
	NOT-FOR-US: Pivotal
CVE-2016-6656 (An issue was discovered in Pivotal Greenplum before 4.3.10.0. Creation ...)
	NOT-FOR-US: Pivotal
CVE-2016-6655 (An issue was discovered in Cloud Foundry Foundation Cloud Foundry ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-6654
	REJECTED
CVE-2016-6653 (The MariaDB audit_plugin component in Pivotal Cloud Foundry (PCF) ...)
	NOT-FOR-US: Pivotal
CVE-2016-6652 (SQL injection vulnerability in Pivotal Spring Data JPA before 1.9.6 ...)
	NOT-FOR-US: Pivotal Spring Data
CVE-2016-6651 (The UAA /oauth/token endpoint in Pivotal Cloud Foundry (PCF) before ...)
	NOT-FOR-US: Pivotal
CVE-2016-6650 (EMC RecoverPoint versions prior to 5.0 and EMC RecoverPoint for Virtual ...)
	NOT-FOR-US: EMC
CVE-2016-6649 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for ...)
	NOT-FOR-US: EMC
CVE-2016-6648 (EMC RecoverPoint versions before 4.4.1.1 and EMC RecoverPoint for ...)
	NOT-FOR-US: EMC
CVE-2016-6647 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 ...)
	NOT-FOR-US: EMC
CVE-2016-6646 (The vApp Managers web application in EMC Unisphere for VMAX Virtual ...)
	NOT-FOR-US: VMAX
CVE-2016-6645 (The vApp Managers web application in EMC Unisphere for VMAX Virtual ...)
	NOT-FOR-US: VMAX
CVE-2016-6644 (EMC Documentum D2 4.5 before patch 15 and 4.6 before patch 03 allows ...)
	NOT-FOR-US: EMC
CVE-2016-6643 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
	NOT-FOR-US: EMC
CVE-2016-6642 (Cross-site request forgery (CSRF) vulnerability in EMC ViPR SRM before ...)
	NOT-FOR-US: EMC
CVE-2016-6641 (Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 3.7.2 ...)
	NOT-FOR-US: EMC
CVE-2016-6640
	REJECTED
CVE-2016-6639 (Cloud Foundry PHP Buildpack (aka php-buildpack) before 4.3.18 and PHP ...)
	NOT-FOR-US: Pivotal
CVE-2016-6638
	REJECTED
CVE-2016-6637 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pivotal ...)
	NOT-FOR-US: Pivotal
CVE-2016-6636 (The OAuth authorization implementation in Pivotal Cloud Foundry (PCF) ...)
	NOT-FOR-US: Pivotal
CVE-2016-1000038
	RESERVED
CVE-2016-10050 (Heap-based buffer overflow in the ReadRLEImage function in ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833744)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/73fb0aac5b958521e1511e179ecc0ad49f70ebaf
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10049 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833743)
	[wheezy] - imagemagick <not-affected> (Vulnerability likely introduced in a version after 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3e9165285eda6e1bb71172031d3048b51bb443a4
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=29710
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10048 (Directory traversal vulnerability in magick/module.c in ImageMagick ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.5.7+dfsg-1 (bug #833735)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10047 (Memory leak in the NewXMLTree function in magick/xml-tree.c in ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833732)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present in version 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc6080f1321fd21e86ef916195cc110b05d9effb
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-10046 (Heap-based buffer overflow in the DrawImage function in magick/draw.c ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833730)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/989f9f88ea6db09b99d25586e912c921c0da8d3f
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2016-6887 (The pstm_exptmod function in MatrixSSL 3.8.6 and earlier does not ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6886 (The pstm_reverse function in MatrixSSL before 3.8.4 allows remote ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6885 (The pstm_exptmod function in MatrixSSL before 3.8.4 allows remote ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6884 (TLS cipher suites with CBC mode in TLS 1.1 and 1.2 in MatrixSSL before ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6883 (MatrixSSL before 3.8.3 configured with RSA Cipher Suites allows remote ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
	NOTE: Fixed in 3.8.3 https://github.com/matrixssl/matrixssl/blob/master/doc/CHANGES.md#changes-in-383
	NOTE: https://robotattack.org/
CVE-2016-6882 (MatrixSSL before 3.8.7, when the DHE_RSA based cipher suite is ...)
	- matrixssl <removed>
	[wheezy] - matrixssl <end-of-life> (not supported in Wheezy)
CVE-2016-6635 (Cross-site request forgery (CSRF) vulnerability in the ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: https://github.com/WordPress/WordPress/commit/9b7a7754133c50b82bd9d976fb5b24094f658aab
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37143
CVE-2016-6634 (Cross-site scripting (XSS) vulnerability in the network settings page ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: http://codex.wordpress.org/Version_4.5
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37124
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/cb2b3ed3c7d68f6505bfb5c90257e6aaa3e5fcb9
CVE-2016-6633 (An issue was discovered in phpMyAdmin. phpMyAdmin can be used to ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: dbase extension not available in Debian
CVE-2016-6632 (An issue was discovered in phpMyAdmin where, under certain conditions, ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-55/
CVE-2016-6631 (An issue was discovered in phpMyAdmin. A user can execute a remote ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-54/
CVE-2016-6630 (An issue was discovered in phpMyAdmin. An authenticated user can ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-53/
CVE-2016-6629 (An issue was discovered in phpMyAdmin involving the ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-52/
CVE-2016-6628 (An issue was discovered in phpMyAdmin. An attacker may be able to ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-51/
CVE-2016-6627 (An issue was discovered in phpMyAdmin. An attacker can determine the ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Not critical enough)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-50/
CVE-2016-6626 (An issue was discovered in phpMyAdmin. An attacker could redirect a ...)
	{DLA-757-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-49/
CVE-2016-6625 (An issue was discovered in phpMyAdmin. An attacker can determine ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-48/
	NOTE: The solution is to remove a configuration option. This option
	NOTE: is by default disabled so a default installation is not
	NOTE: vulnerable. It should be fairly obvious that enabling phpinfo
	NOTE: printing can show more information than what should be used in
	NOTE: a production environment. This is the motivation that it is not
	NOTE: solved for wheezy.
CVE-2016-6624 (An issue was discovered in phpMyAdmin involving improper enforcement ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-47/
CVE-2016-6623 (An issue was discovered in phpMyAdmin. An authorized user can cause a ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-46/
CVE-2016-6622 (An issue was discovered in phpMyAdmin. An unauthenticated user is able ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-45/
CVE-2016-6621 (The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before ...)
	{DLA-834-1}
	- phpmyadmin 4:4.6.6-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-44/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/issues/12481
CVE-2016-6620 (An issue was discovered in phpMyAdmin. Some data is passed to the PHP ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-43/
CVE-2016-6619 (An issue was discovered in phpMyAdmin. In the user interface ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-42/
CVE-2016-6618 (An issue was discovered in phpMyAdmin. The transformation feature ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-41/
CVE-2016-6617 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6616 (An issue was discovered in phpMyAdmin. In the &quot;User group&quot; and ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.4.x onward)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-39/
CVE-2016-6615 (XSS issues were discovered in phpMyAdmin. This affects navigation pane ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-38/
CVE-2016-6614 (An issue was discovered in phpMyAdmin involving the %u username ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-37/
CVE-2016-6613 (An issue was discovered in phpMyAdmin. A user can specially craft a ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-36/
CVE-2016-6612 (An issue was discovered in phpMyAdmin. A user can exploit the LOAD ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-35/
CVE-2016-6611 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-34/
CVE-2016-6610 (A full path disclosure vulnerability was discovered in phpMyAdmin ...)
	- phpmyadmin 4:4.6.4+dfsg1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-33/
	NOTE: Not relevant to packaged version in Debian
CVE-2016-6609 (An issue was discovered in phpMyAdmin. A specially crafted database ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-32/
CVE-2016-6608 (XSS issues were discovered in phpMyAdmin. This affects the database ...)
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <not-affected> (Only affects 4.6.x)
	[wheezy] - phpmyadmin <not-affected> (Only affects 4.6.x)
CVE-2016-6607 (XSS issues were discovered in phpMyAdmin. This affects Zoom search ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-30/
CVE-2016-6606 (An issue was discovered in cookie encryption in phpMyAdmin. The ...)
	{DLA-626-1}
	- phpmyadmin 4:4.6.4+dfsg1-1
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-29/
CVE-2016-6605 (Impala in CDH 5.2.0 through 5.7.2 and 5.8.0 allows remote attackers to ...)
	NOT-FOR-US: Impala
CVE-2016-6604 (NULL pointer dereference in Samsung Exynos fimg2d driver for Android ...)
	NOT-FOR-US: Samsung
CVE-2016-7513 (Off-by-one error in magick/cache.c in ImageMagick allows remote ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832455)
	[wheezy] - imagemagick <not-affected> (Affected code does not exist in version 6.7.7.10)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a54fe0e8600eaf3dc6fe717d3c0398001507f723
CVE-2016-7514 (The ReadPSDChannelPixels function in coders/psd.c in ImageMagick ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832457)
	NOTE: https://bugs.launchpad.net/bugs/1533442
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/83
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/198fffab4daf8aea88badd9c629350e5b26ec32f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6f1879d498bcc5cce12fe0c5decb8dbc0f608e5d
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/e14fd0a2801f73bdc123baf4fbab97dec55919eb
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/280215b9936d145dd5ee91403738ccce1333cab1
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7515 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832461)
	NOTE: https://bugs.launchpad.net/bugs/1533445
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/2ad6d33493750a28a5a655d319a8e0b16c392de1
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8957 (Buffer overflow in ImageMagick before 6.9.0-4 Beta allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832464)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26838
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/78f82d9d1c2944725a279acd573a22168dc6e22a
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bd96074b254c6607a0f7731e59f923ad19d5a46d
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/450bd716ed3b9186dd10f9e60f630a3d9eeea2a4
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8958 (coders/sun.c in ImageMagick before 6.9.0-4 Beta allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832465)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26857
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b8f17d08b7418204bf8a05a5c24e87b2fc395b75
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/1aa0c6dab6dcef4d9bc3571866ae1c1ddbec7d8f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/6b4aff0f117b978502ee5bcd6e753c17aec5a961
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/8ea44b48a182dd46d018f4b4f09a5e2ee9638105
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7516 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533452
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/77
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7517 (The EncodeImage function in coders/pict.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533449
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/80
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7518 (The ReadSUNImage function in coders/sun.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533447
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/81
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7519 (The ReadRLEImage function in coders/rle.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832467)
	NOTE: https://bugs.launchpad.net/bugs/1533445
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/82
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7520 (Heap-based buffer overflow in coders/hdr.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832469)
	NOTE: https://bugs.launchpad.net/bugs/1537213
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/90
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/14e606db148d6ebcaae20f1e1d6d71903ca4a556
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7521 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832474)
	NOTE: https://bugs.launchpad.net/bugs/1537418
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/92
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/30eec879c8b446b0ea9a3bb0da1a441cc8482bc4
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7522 (The ReadPSDImage function in MagickCore/locale.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832475)
	NOTE: https://bugs.launchpad.net/bugs/1537419
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/93
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4b1b9c0522628887195bad3a6723f7000b0c9a58
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7523 [meta file out of bound access]
	RESERVED
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
	NOTE: https://bugs.launchpad.net/bugs/1537420
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/94
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7524
	RESERVED
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832478)
	NOTE: https://bugs.launchpad.net/bugs/1537422
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/96
CVE-2016-7525 (Heap-based buffer overflow in coders/psd.c in ImageMagick allows ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832480)
	[wheezy] - imagemagick <not-affected> (The affected function, GetPSDRowSize, does not exist in version 6.7.7.10)
	NOTE: https://bugs.launchpad.net/bugs/1537424
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/98
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5f16640725b1225e6337c62526e6577f0f88edb8
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7526 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
	NOTE: https://bugs.launchpad.net/bugs/1539050
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/102
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b6ae2f9e0ab13343c0281732d479757a8e8979c7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d9b2209a69ee90d8df81fb124eb66f593eb9f599
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7527 (coders/wpg.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832482)
	NOTE: https://bugs.launchpad.net/bugs/1542115
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/122
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a251039393f423c7858e63cab6aa98d17b8b7a41
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7528 (The ReadVIFFImage function in coders/viff.c in ImageMagick allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832483)
	NOTE: https://bugs.launchpad.net/bugs/1537425
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/99
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/ca0c886abd6d3ef335eb74150cd23b89ebd17135
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7529 (coders/xcf.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832504)
	NOTE: https://bugs.launchpad.net/bugs/1539051
	NOTE: https://bugs.launchpad.net/bugs/1539052
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/104
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/103
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/a2e1064f288a353bc5fef7f79ccb7683759e775c
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7530 (The quantum handling code in ImageMagick allows remote attackers to ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832506)
	NOTE: https://bugs.launchpad.net/bugs/1539067
	NOTE: https://bugs.launchpad.net/bugs/1539053
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/105
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/63346f34f9d19179599b5b256e5e8d3dda46435c
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/c4e63ad30bc42da691f2b5f82a24516dd6b4dc70
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/110
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/b5ed738f8060266bf4ae521f7e3ed145aa4498a3
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7531 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832633)
	NOTE: https://bugs.launchpad.net/bugs/1539061
	NOTE: https://bugs.launchpad.net/bugs/1542112
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/107
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7532 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832776)
	NOTE: https://bugs.launchpad.net/bugs/1539066
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/109
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7533 (The ReadWPGImage function in coders/wpg.c in ImageMagick allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832780)
	NOTE: https://bugs.launchpad.net/bugs/1542114
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/120
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/bef1e4f637d8f665bc133a9c6d30df08d983bc3a
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7534 (The generic decoder in ImageMagick allows remote attackers to cause a ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832785)
	NOTE: https://bugs.launchpad.net/bugs/1542785
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/126
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/430403b0029b37decf216d57f810899cab2317dd
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7535 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832787)
	NOTE: https://bugs.launchpad.net/bugs/1545180
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/128
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7536 (magick/profile.c in ImageMagick allows remote attackers to cause a ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832789)
	NOTE: https://bugs.launchpad.net/bugs/1545367
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/130
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/478cce544fdf1de882d78381768458f397964453
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7537 (MagickCore/memory.c in ImageMagick allows remote attackers to cause a ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832791)
	NOTE: https://bugs.launchpad.net/bugs/1553366
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/143
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/424d40ebfcde48bb872eba75179d3d73704fdf1f
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7538 (coders/psd.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832793)
	NOTE: https://bugs.launchpad.net/bugs/1556273
	NOTE: https://github.com/ImageMagick/ImageMagick/issues/148
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/53c1dcd34bed85181b901bfce1a2322f85a59472
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2015-8959 (coders/dds.c in ImageMagick before 6.9.0-4 Beta allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832944)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26861
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/3ab016764c7f787829d9065440d86f5609765110
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/9b428b7af688fe319320aed15f2b94281d1e37b4
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2014-9907 (coders/dds.c in ImageMagick allows remote attackers to cause a denial ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832942)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/21eae25a8db5fdcd112dbcfcd9e5c37e32d32e2f
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d7325bac173492b358417a0ad49fabad44447d52
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/504ada82b6fa38a30c846c1c29116af7290decb2
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7539 (Memory leak in AcquireVirtualMemory in ImageMagick before 7 allows ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833101)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/4e81ce8b07219c69a9aeccb0f7f7b927ca6db74c
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=2&t=28946
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-7540 (coders/rgf.c in ImageMagick before 6.9.4-10 allows remote attackers to ...)
	{DSA-3652-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #827643)
	[wheezy] - imagemagick <not-affected> (RGF coder is not present in version 6.7.7.10)
	NOTE: https://bugs.launchpad.net/bugs/1594060
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/223
	NOTE: http://www.openwall.com/lists/oss-security/2016/08/07/1
CVE-2016-6603 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 allows remote attackers to ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6602 (ZOHO WebNMS Framework 5.2 and 5.2 SP1 use a weak obfuscation algorithm ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6601 (Directory traversal vulnerability in the file download functionality ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6600 (Directory traversal vulnerability in the file upload functionality in ...)
	NOT-FOR-US: ZOHO WebNMS
CVE-2016-6599 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...)
	NOT-FOR-US: BMC Track-It!
CVE-2016-6598 (BMC Track-It! 11.4 before Hotfix 3 exposes an unauthenticated .NET ...)
	NOT-FOR-US: BMC Track-It!
CVE-2016-6597 (Sophos EAS Proxy before 6.2.0 for Sophos Mobile Control, when Lotus ...)
	NOT-FOR-US: Sophos EAS Proxy
	NOTE: https://www.pallas.com/advisories/sophos_eas_open_reverse_proxy_vulnerability
CVE-2016-6596
	RESERVED
CVE-2016-6594 (Blue Coat Advanced Secure Gateway 6.6, CacheFlow 3.4, ProxySG 6.5 and ...)
	NOT-FOR-US: Blue Coat
CVE-2016-6593
	RESERVED
	NOT-FOR-US: Symantec VIP Access
CVE-2016-6592
	RESERVED
CVE-2016-6591
	RESERVED
CVE-2016-6590
	RESERVED
CVE-2016-6589
	RESERVED
CVE-2016-6588
	RESERVED
CVE-2016-6587
	RESERVED
CVE-2016-6586
	RESERVED
CVE-2016-6585
	RESERVED
CVE-2016-6584
	RESERVED
CVE-2016-6583
	RESERVED
CVE-2016-6582 (The Doorkeeper gem before 4.2.0 for Ruby might allow remote attackers ...)
	- ruby-doorkeeper 4.2.0-3 (bug #834843)
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/commit/fb938051777a3c9cb071e96fc66458f8f615bd53
	NOTE: https://github.com/doorkeeper-gem/doorkeeper/issues/875
CVE-2016-6579
	REJECTED
CVE-2016-6578
	RESERVED
CVE-2016-6577
	RESERVED
CVE-2016-6576
	RESERVED
CVE-2016-6575
	RESERVED
CVE-2016-6574
	RESERVED
CVE-2016-6573
	RESERVED
CVE-2016-6572
	RESERVED
CVE-2016-6571
	RESERVED
CVE-2016-6570
	RESERVED
CVE-2016-6569
	RESERVED
CVE-2016-6568
	RESERVED
CVE-2016-6567
	RESERVED
CVE-2016-6566
	RESERVED
CVE-2016-6565
	RESERVED
CVE-2016-6564
	RESERVED
CVE-2016-6563
	RESERVED
CVE-2016-6562
	RESERVED
CVE-2016-6561 (illumos smbsrv NULL pointer dereference allows system crash. ...)
	NOT-FOR-US: illumos
CVE-2016-6560 (illumos osnet-incorporation bcopy() and bzero() implementations make ...)
	NOT-FOR-US: illumos
CVE-2016-6559
	RESERVED
CVE-2016-6558
	RESERVED
CVE-2016-6557
	RESERVED
CVE-2016-6556
	RESERVED
CVE-2016-6555
	RESERVED
CVE-2016-6554
	RESERVED
CVE-2016-6553
	RESERVED
CVE-2016-6552
	RESERVED
CVE-2016-6551
	RESERVED
CVE-2016-6550 (The U by BB&amp;T app 1.5.4 and earlier for iOS does not properly verify ...)
	NOT-FOR-US: BB&T
CVE-2016-6549
	RESERVED
CVE-2016-6548
	RESERVED
CVE-2016-6547
	RESERVED
CVE-2016-6546
	RESERVED
CVE-2016-6545
	RESERVED
CVE-2016-6544
	RESERVED
CVE-2016-6543
	RESERVED
CVE-2016-6542
	RESERVED
CVE-2016-6541
	RESERVED
CVE-2016-6540
	RESERVED
CVE-2016-6539
	RESERVED
CVE-2016-6538
	RESERVED
CVE-2016-6537 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l store ...)
	NOT-FOR-US: AVer
CVE-2016-6536 (The /setup URI on AVer Information EH6108H+ devices with firmware ...)
	NOT-FOR-US: AVer
CVE-2016-6535 (AVer Information EH6108H+ devices with firmware X9.03.24.00.07l have ...)
	NOT-FOR-US: AVer
CVE-2016-6534 (Opmantek NMIS before 4.3.7c has command injection via man, finger, ...)
	NOT-FOR-US: Opmantek NMIS
CVE-2016-6533
	RESERVED
CVE-2016-6532 (DEXIS Imaging Suite 10 has a hardcoded password for the sa account, ...)
	NOT-FOR-US: DEXIS
CVE-2016-6531 (** DISPUTED ** Open Dental 16.1 and earlier has a hardcoded MySQL root ...)
	NOT-FOR-US: Open Dental
CVE-2016-6530 (Dentsply Sirona (formerly Schick) CDR Dicom 5 and earlier has default ...)
	NOT-FOR-US: Dentsply Sirona
CVE-2016-6529
	RESERVED
CVE-2016-6528
	RESERVED
CVE-2016-6524
	RESERVED
CVE-2008-7318
	RESERVED
CVE-2008-7317
	RESERVED
CVE-2016-6527 (The SmartCall Activity component in Telecom application on Samsung ...)
	NOT-FOR-US: Samsung
	NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6526 (The SpamCall Activity component in Telecom application on Samsung Note ...)
	NOT-FOR-US: Samsung
	NOTE: http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016
CVE-2016-6595 (** DISPUTED ** The SwarmKit toolkit 1.12.0 for Docker allows remote ...)
	- docker.io <not-affected> (Only affects Docker 1.12)
	NOTE: http://seclists.org/oss-sec/2016/q3/198
CVE-2016-6581 (A HTTP/2 implementation built using any version of the Python HPACK ...)
	- python-hpack 2.3.0-1 (bug #833467)
	NOTE: https://github.com/python-hyper/hpack/pull/56
CVE-2016-6580 (A HTTP/2 implementation built using any version of the Python priority ...)
	NOT-FOR-US: Python Priority
	NOTE: https://github.com/python-hyper/priority/pull/23
CVE-2016-6519 (Cross-site scripting (XSS) vulnerability in the &quot;Shares&quot; overview in ...)
	- manila-ui 2.5.1-0 (bug #838017)
CVE-2016-6518 (Memory leak in Huawei S9300, S5300, S5700, S6700, S7700, S9700, and ...)
	NOT-FOR-US: Huawei
CVE-2016-6517 (Directory traversal vulnerability in Liferay 5.1.0 allows remote ...)
	NOT-FOR-US: Liferay
CVE-2016-6515 (The auth_password function in auth-passwd.c in sshd in OpenSSH before ...)
	{DLA-594-1}
	- openssh 1:7.3p1-1 (bug #833823)
	[jessie] - openssh <no-dsa> (Minor issue; can be included in future DSA or via point release)
	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=fcd135c9df440bcd2d5870405ad3311743d78d97
CVE-2016-6514
	RESERVED
CVE-2016-6502
	RESERVED
CVE-2016-6501 (JFrog Artifactory before 4.11 allows remote attackers to execute ...)
	NOT-FOR-US: JFrog Artifactory
CVE-2016-6500 (Unspecified methods in the RACF Connector component before 1.1.1.0 in ...)
	NOT-FOR-US: ForgeRock
CVE-2016-6499
	RESERVED
CVE-2016-6498
	RESERVED
CVE-2016-6497 (main/java/org/apache/directory/groovyldap/LDAP.java in the Groovy LDAP ...)
	NOT-FOR-US: Groovy LDAP extension
CVE-2016-6496 (The LDAP directory connector in Atlassian Crowd before 2.8.8 and 2.9.x ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2016-6525 (Heap-based buffer overflow in the pdf_load_mesh_params function in ...)
	{DSA-3655-1 DLA-589-1}
	- mupdf 1.9a+ds1-1.2 (bug #833417)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696954
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=39b0f07dd960f34e7e6bf230ffc3d87c41ef0f2e
CVE-2016-6523 (Multiple cross-site scripting (XSS) vulnerabilities in the media ...)
	- dotclear <removed>
	NOTE: Fixed by: https://hg.dotclear.org/dotclear/rev/40d0207e520d
CVE-2016-6522 (Integer overflow in the uvm_map_isavail function in uvm/uvm_map.c in ...)
	NOT-FOR-US: OpenBSD
CVE-2016-6521 (Cross-site request forgery (CSRF) vulnerability in Grails console (aka ...)
	- grails <itp> (bug #473213)
CVE-2016-6520 (Buffer overflow in MagickCore/enhance.c in ImageMagick before 7.0.2-7 ...)
	- imagemagick <not-affected> (Only affects imagemagick 7, which isn't packaged yet, bug #833485)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/76401e172ea3a55182be2b8e2aca4d07270f6da6
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=30259&p=136359#p136359
CVE-2016-6516 (Race condition in the ioctl_file_dedupe_range function in fs/ioctl.c ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/54dbc15172375641ef03399e8f911d7165eb90fb (v4.5-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/10eec60ce79187686e052092e5383c99b4420a20
CVE-2016-6495 (NetApp Data ONTAP before 8.2.4P5, when operating in 7-Mode, allows ...)
	NOT-FOR-US: NetApp
CVE-2016-6493 (Citrix XenApp 6.x before 6.5 HRP07 and 7.x before 7.9 and Citrix ...)
	NOT-FOR-US: Citrix
CVE-2016-XXXX [bruteforcable challenge responses in unprotected logfile]
	- mongodb 1:2.6.12-1 (bug #833087)
	[jessie] - mongodb 1:2.4.10-5+deb8u1
	[wheezy] - mongodb 1:2.0.6-1.1+deb7u1
	NOTE: Fixed in experimental 1:2.6.11-1, first version in unstable 1:2.6.12-1
	NOTE: https://jira.mongodb.org/browse/SERVER-9476
	NOTE: Fixed by: https://github.com/mongodb/mongo/commit/f85ceb17b37210eef71e8113162c41368bfd5c12
CVE-2016-6492 (The MT6573FDVT_SetRegHW function in camera_fdvt.c in the MediaTek ...)
	NOT-FOR-US: Out of tree driver from https://github.com/jawad6233/MT6795.kernel
CVE-2016-6488
	RESERVED
CVE-2016-6487
	RESERVED
CVE-2016-6486 (Siemens SINEMA Server uses weak permissions for the application ...)
	NOT-FOR-US: Siemens Sinema Server
	NOTE: http://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-321174.pdf
CVE-2016-6494 (The client in MongoDB uses world-readable permissions on .dbshell ...)
	{DLA-588-1}
	- mongodb 1:2.6.12-3 (bug #832908)
	[jessie] - mongodb 1:2.4.10-5+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/29/4
CVE-2016-6491 (Buffer overflow in the Get8BIMProperty function in ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833099)
	NOTE: Fixed by: https://github.com/ImageMagick/ImageMagick/commit/dd84447b63a71fa8c3f47071b09454efc667767b
CVE-2016-6489 (The RSA and DSA decryption code in Nettle makes it easier for ...)
	{DLA-593-1}
	- nettle 3.3-1 (bug #832983)
	[jessie] - nettle 2.7.1-5+deb8u2
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003093.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/3fe1d6549765ecfb24f0b80b2ed086fdc818bff3
	NOTE: Original patch had some unintended side effects: https://lists.lysator.liu.se/pipermail/nettle-bugs/2016/003104.html
	NOTE: Cf. http://www.openwall.com/lists/oss-security/2016/07/30/2
	NOTE: Additionally needed: https://git.lysator.liu.se/nettle/nettle/commit/52b9223126b3f997c00d399166c006ae28669068
	NOTE: GnuTLS needs an update when/before src:nettle is fixed to continue working with patched src:nettle for CVE-2016-6489
	NOTE: but not a vulnerability in GnuTLS. Needs https://gitlab.com/gnutls/gnutls/commit/186dc9c2012003587a38d7f4d03edd8da5fe989f
CVE-2016-6485 (The __construct function in Framework/Encryption/Crypt.php in Magento ...)
	NOT-FOR-US: Magento
CVE-2016-6484 (CRLF injection vulnerability in Infoblox Network Automation NetMRI ...)
	NOT-FOR-US: Infoblox Network Automation NetMR
CVE-2016-6513 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark 2.x ...)
	- wireshark 2.0.5+ga3be9c6-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-49.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12663
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=347f071f1b9180563c28b0f3d0627b91eb456c72
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6512 (epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an ...)
	- wireshark 2.0.5+ga3be9c6-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: Affects 2.0.0 to 2.0.4, fixed in 2.0.5.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-48.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12661
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2193bea3212d74e2a907152055e27d409b59485e
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6511 (epan/proto.c in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-47.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12659
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56706427f53cc64793870bf072c2c06248ae88f3
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6510 (Off-by-one error in epan/dissectors/packet-rlc.c in the RLC dissector ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-46.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12664
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=47a5fa850b388fcf4ea762073806f01b459820fe
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6509 (epan/dissectors/packet-ldss.c in the LDSS dissector in Wireshark ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-45.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12662
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5a469ddc893f7c1912d0e15cc73bd3011e6cc2fb
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6508 (epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.12.x ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-44.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12660
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=6cf9616df68a4db7e436bb77392586ff9ad84feb
	NOTE: Affects  2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6507 (epan/dissectors/packet-mmse.c in the MMSE dissector in Wireshark ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-43.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12624
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b5a10743258bd016c07ebf6479137fda3d172a0f
	NOTE: Affects 1.12.0 to 1.12.12, fixed 1.12.13
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6506 (epan/dissectors/packet-wsp.c in the WSP dissector in Wireshark 1.12.x ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-42.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12594
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a9d5256890c9189c7461bfce6ed6edce5d861499
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12 , fixed in 2.0.5, 1.12.13
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6505 (epan/dissectors/packet-packetbb.c in the PacketBB dissector in ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0.5+ga3be9c6-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-41.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12577
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=94e97e45cf614c7bb8fe90c23df52910246b2c95
	NOTE: Affects 2.0.0 to 2.0.4, 1.12.0 to 1.12.12, fixed in 2.0.5, 1.12.13.
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6504 (epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark ...)
	{DSA-3648-1 DLA-595-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-40.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12576
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9eacbb4d48df647648127b9258f9e5aeeb0c7d99
	NOTE: Affects 1.12.0 to 1.12.12, fixed in 1.12.13.
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6503 (The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit ...)
	- wireshark <not-affected> (Only affects Wireshark on Windows)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-39.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12495
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=581a17af40b84ef0c9e7f41ed0795af345b61ce1
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/3
CVE-2016-6490 (The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka ...)
	- qemu 1:2.6+dfsg-3.1 (bug #832767)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Issue introduced later)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Issue introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-07/msg06246.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=3b3b0628217e2726069990ff9942a5d6d9816bd7 (v2.6.0-rc0)
CVE-2016-6483 (The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, ...)
	NOT-FOR-US: vBulletin
CVE-2016-6482
	RESERVED
CVE-2016-6481
	RESERVED
CVE-2013-7459 (Heap-based buffer overflow in the ALGnew function in block_templace.c ...)
	{DLA-773-1}
	- python-crypto 2.6.1-7 (bug #849495)
	[jessie] - python-crypto 2.6.1-5+deb8u1
	NOTE: https://github.com/dlitz/pycrypto/issues/176
	NOTE: Fixed by: https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
	NOTE: All users of pycrypto's AES module in Debian that allow the mode
	NOTE: of operation to be specified from outside check for ECB explicitly
	NOTE: and  create the objects without specifying an IV.
CVE-2013-7458 (linenoise, as used in Redis before 3.2.3, uses world-readable ...)
	{DSA-3634-1 DLA-577-1}
	- redis 2:3.2.1-4 (bug #832460)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/28/1
CVE-2016-6480 (Race condition in the ioctl_send_fib function in ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fa00c437eef8dc2e7b25f8cd868cfa405fcc2bb3
CVE-2016-6478
	RESERVED
CVE-2016-6477
	RESERVED
CVE-2016-6476
	RESERVED
CVE-2016-6475
	RESERVED
CVE-2016-6474 (A vulnerability in the implementation of X.509 Version 3 for SSH ...)
	NOT-FOR-US: Cisco
CVE-2016-6473 (A vulnerability in Cisco IOS on Catalyst Switches and Nexus 9300 Series ...)
	NOT-FOR-US: Cisco
CVE-2016-6472 (A vulnerability in several parameters of the ccmivr page of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6471 (A vulnerability in the web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6470 (A vulnerability in the installation procedure of the Cisco Hybrid Media ...)
	NOT-FOR-US: Cisco
CVE-2016-6469 (A vulnerability in HTTP URL parsing of Cisco AsyncOS for Cisco Web ...)
	NOT-FOR-US: Cisco
CVE-2016-6468 (A vulnerability in the web-based management interface of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6467 (A vulnerability in IPv6 packet fragment reassembly of StarOS for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6466 (A vulnerability in the IPsec component of StarOS for Cisco ASR 5000 ...)
	NOT-FOR-US: Cisco
CVE-2016-6465 (A vulnerability in the content filtering functionality of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6464 (A vulnerability in the web management interface of the Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-6463 (A vulnerability in the email filtering functionality of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6462 (A vulnerability in the email filtering functionality of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6461 (A vulnerability in the HTTP web-based management interface of the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6460 (A vulnerability in the FTP Representational State Transfer Application ...)
	NOT-FOR-US: Cisco
CVE-2016-6459 (Cisco TelePresence endpoints running either CE or TC software contain a ...)
	NOT-FOR-US: Cisco
CVE-2016-6458 (A vulnerability in the content filtering functionality of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6457 (A vulnerability in the Cisco Nexus 9000 Series Platform Leaf Switches ...)
	NOT-FOR-US: Cisco
CVE-2016-6456
	RESERVED
CVE-2016-6455 (A vulnerability in the Slowpath of StarOS for Cisco ASR 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2016-6454 (A cross-site request forgery (CSRF) vulnerability in the web interface ...)
	NOT-FOR-US: Cisco
CVE-2016-6453 (A vulnerability in the web framework code of Cisco Identity Services ...)
	NOT-FOR-US: Cisco
CVE-2016-6452 (A vulnerability in the web-based graphical user interface (GUI) of ...)
	NOT-FOR-US: Cisco
CVE-2016-6451 (Multiple vulnerabilities in the web framework code of the Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2016-6450 (A vulnerability in the package unbundle utility of Cisco IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2016-6449 (A vulnerability in the system management of certain FireAMP system ...)
	NOT-FOR-US: Cisco
CVE-2016-6448 (A vulnerability in the Session Description Protocol (SDP) parser of ...)
	NOT-FOR-US: Cisco
CVE-2016-6447 (A vulnerability in Cisco Meeting Server and Meeting App could allow an ...)
	NOT-FOR-US: Cisco Meeting Server and Meeting App
CVE-2016-6446 (A vulnerability in Web Bridge for Cisco Meeting Server could allow an ...)
	NOT-FOR-US: Cisco
CVE-2016-6445 (A vulnerability in the Extensible Messaging and Presence Protocol ...)
	NOT-FOR-US: Cisco
CVE-2016-6444 (A vulnerability in Cisco Meeting Server could allow an unauthenticated, ...)
	NOT-FOR-US: Cisco
CVE-2016-6443 (A vulnerability in the Cisco Prime Infrastructure and Evolved ...)
	NOT-FOR-US: Cisco
CVE-2016-6442 (A vulnerability in Cisco Finesse Agent and Supervisor Desktop Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6441 (A vulnerability in the Transaction Language 1 (TL1) code of Cisco ASR ...)
	NOT-FOR-US: Cisco ASR 900 Series Aggregation Services Routers
CVE-2016-6440 (The Cisco Unified Communications Manager (CUCM) may be vulnerable to ...)
	NOT-FOR-US: Cisco
CVE-2016-6439 (A vulnerability in the detection engine reassembly of HTTP packets for ...)
	NOT-FOR-US: Cisco
CVE-2016-6438 (A vulnerability in Cisco IOS XE Software running on Cisco cBR-8 ...)
	NOT-FOR-US: Cisco
CVE-2016-6437 (A vulnerability in the SSL session cache management of Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2016-6436 (Cross-site scripting (XSS) vulnerability in HostScan Engine 3.0.08062 ...)
	NOT-FOR-US: Cisco
CVE-2016-6435 (The web console in Cisco Firepower Management Center 6.0.1 allows ...)
	NOT-FOR-US: Cisco
CVE-2016-6434 (Cisco Firepower Management Center 6.0.1 has hardcoded database ...)
	NOT-FOR-US: Cisco
CVE-2016-6433 (The Threat Management Console in Cisco Firepower Management Center ...)
	NOT-FOR-US: Cisco
CVE-2016-6432 (A vulnerability in the Identity Firewall feature of Cisco ASA Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6431 (A vulnerability in the local Certificate Authority (CA) feature of ...)
	NOT-FOR-US: Cisco
CVE-2016-6430 (A vulnerability in the command-line interface of the Cisco IP ...)
	NOT-FOR-US: Cisco
CVE-2016-6429 (A vulnerability in the web framework code of the Cisco IP ...)
	NOT-FOR-US: Cisco
CVE-2016-6428 (Cisco IOS XR 6.1.1 allows local users to execute arbitrary OS commands ...)
	NOT-FOR-US: Cisco
CVE-2016-6427 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-6426 (The j_spring_security_switch_user function in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-6425 (Cross-site scripting (XSS) vulnerability in Cisco Unified Intelligence ...)
	NOT-FOR-US: Cisco
CVE-2016-6424 (The DHCP Relay implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2016-6423 (The IKEv2 client and initiator implementations in Cisco IOS 15.5(3)M ...)
	NOT-FOR-US: Cisco
CVE-2016-6422 (Cisco IOS 12.2(33)SXJ9 on Supervisor Engine 32 and 720 modules for ...)
	NOT-FOR-US: Cisco
CVE-2016-6421 (Cisco IOS XR 5.2.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2016-6420 (Cisco FireSIGHT System Software 4.10.3 through 5.4.0 in Firepower ...)
	NOT-FOR-US: Cisco
CVE-2016-6419 (SQL injection vulnerability in Cisco Firepower Management Center ...)
	NOT-FOR-US: Cisco
CVE-2016-6418 (Cross-site scripting (XSS) vulnerability in Cisco Videoscape ...)
	NOT-FOR-US: Cisco
CVE-2016-6417 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2016-6416 (The FTP service in Cisco AsyncOS on Email Security Appliance (ESA) ...)
	NOT-FOR-US: Cisco
CVE-2016-6415 (The server IKEv1 implementation in Cisco IOS 12.2 through 12.4 and ...)
	NOT-FOR-US: Cisco
CVE-2016-6414 (iox in Cisco IOS, possibly 15.6 and earlier, and IOS XE, possibly 3.18 ...)
	NOT-FOR-US: Cisco
CVE-2016-6413 (The installation procedure on Cisco Application Policy Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2016-6412 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6411 (Cisco Firepower Management Center and FireSIGHT System Software 6.0.1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6410 (The Cisco Application-hosting Framework (CAF) component in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6409 (The Data in Motion (DMo) component in Cisco IOS 15.6(1)T and IOS XE, ...)
	NOT-FOR-US: Cisco
CVE-2016-6408 (Cisco Prime Home 5.2.0 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Cisco
CVE-2016-6407 (Cisco AsyncOS through 9.5.0-444 on Web Security Appliance (WSA) ...)
	NOT-FOR-US: Cisco
CVE-2016-6406 (Cisco IronPort AsyncOS 9.1.2-023, 9.1.2-028, 9.1.2-036, 9.7.2-046, ...)
	NOT-FOR-US: Cisco
CVE-2016-6405 (Cisco Fog Director 1.0(0) for IOx allows remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2016-6404 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6403 (The Data in Motion (DMo) application in Cisco IOS 15.6(1)T and IOS XE, ...)
	NOT-FOR-US: Cisco
CVE-2016-6402 (UCS Manager and UCS 6200 Fabric Interconnects in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-6401 (Cisco Carrier Routing System (CRS) 5.1 and 5.1.4, as used in CRS ...)
	NOT-FOR-US: Cisco
CVE-2016-6400
	RESERVED
CVE-2016-6399 (Cisco ACE30 Application Control Engine Module through A5 3.3 and ACE ...)
	NOT-FOR-US: Cisco
CVE-2016-6398 (The PPTP server in Cisco IOS 15.5(3)M does not properly initialize ...)
	NOT-FOR-US: Cisco
CVE-2016-6397 (A vulnerability in the interdevice communications interface of the ...)
	NOT-FOR-US: Cisco
CVE-2016-6396 (Cisco Firepower Management Center before 6.1 and FireSIGHT System ...)
	NOT-FOR-US: Cisco
CVE-2016-6395 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Cisco
CVE-2016-6394 (Session fixation vulnerability in Cisco Firepower Management Center ...)
	NOT-FOR-US: Cisco
CVE-2016-6393 (The AAA service in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 ...)
	NOT-FOR-US: Cisco
CVE-2016-6392 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.1 through 3.9 allow ...)
	NOT-FOR-US: Cisco
CVE-2016-6391 (Cisco IOS 12.2 and 15.0 through 15.3 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2016-6390
	REJECTED
CVE-2016-6389
	REJECTED
CVE-2016-6388
	REJECTED
CVE-2016-6387
	REJECTED
CVE-2016-6386 (Cisco IOS XE 3.1 through 3.17 and 16.1 on 64-bit platforms allows ...)
	NOT-FOR-US: Cisco
CVE-2016-6385 (Memory leak in the Smart Install client implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.6 and IOS XE 3.1 ...)
	NOT-FOR-US: Cisco
CVE-2016-6383
	REJECTED
CVE-2016-6382 (Cisco IOS 15.2 through 15.6 and IOS XE 3.6 through 3.17 and 16.1 allow ...)
	NOT-FOR-US: Cisco
CVE-2016-6381 (Cisco IOS 12.4 and 15.0 through 15.6 and IOS XE 3.1 through 3.18 and ...)
	NOT-FOR-US: Cisco
CVE-2016-6380 (The DNS forwarder in Cisco IOS 12.0 through 12.4 and 15.0 through 15.6 ...)
	NOT-FOR-US: Cisco
CVE-2016-6379 (Cisco IOS 12.2 and IOS XE 3.14 through 3.16 and 16.1 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2016-6378 (Cisco IOS XE 3.1 through 3.17 and 16.1 through 16.2 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-6377 (Media Origination System Suite Software 2.6 and earlier in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6376 (The Adaptive Wireless Intrusion Prevention System (wIPS) feature on ...)
	NOT-FOR-US: Cisco
CVE-2016-6375 (Cisco Wireless LAN Controller (WLC) devices before 8.0.140.0, 8.1.x ...)
	NOT-FOR-US: Cisco
CVE-2016-6374 (Cisco Cloud Services Platform (CSP) 2100 2.0 allows remote attackers ...)
	NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6373 (The web-based GUI in Cisco Cloud Services Platform (CSP) 2100 2.0 ...)
	NOT-FOR-US: Cisco Cloud Services Platform 2100
CVE-2016-6372 (A vulnerability in the email message and content filtering for ...)
	NOT-FOR-US: Cisco
CVE-2016-6371 (Directory traversal vulnerability in the web interface in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2016-6370 (Directory traversal vulnerability in the web interface in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2016-6369 (Cisco AnyConnect Secure Mobility Client before 4.2.05015 and 4.3.x ...)
	NOT-FOR-US: Cisco
CVE-2016-6368 (A vulnerability in the detection engine parsing of Pragmatic General ...)
	NOT-FOR-US: Cisco
CVE-2016-6367 (Cisco Adaptive Security Appliance (ASA) Software before 8.4(1) on ASA ...)
	NOT-FOR-US: Cisco
CVE-2016-6366 (Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software ...)
	NOT-FOR-US: Cisco
CVE-2016-6365 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2016-6364 (The User Data Services (UDS) API implementation in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-6363 (The rate-limit feature in the 802.11 protocol implementation on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6362 (Cisco Aironet 1800, 2800, and 3800 devices with software before ...)
	NOT-FOR-US: Cisco
CVE-2016-6361 (The Aggregated MAC Protocol Data Unit (AMPDU) implementation on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-6360 (A vulnerability in Advanced Malware Protection (AMP) for Cisco Email ...)
	NOT-FOR-US: Cisco
CVE-2016-6359 (Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway ...)
	NOT-FOR-US: Cisco
CVE-2016-6358 (A vulnerability in local FTP to the Cisco Email Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2016-6357 (A vulnerability in the configured security policies, including drop ...)
	NOT-FOR-US: Cisco
CVE-2016-6356 (A vulnerability in the email message filtering feature of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2016-6355 (Memory leak in Cisco IOS XR 5.1.x through 5.1.3, 5.2.x through 5.2.5, ...)
	NOT-FOR-US: Cisco
CVE-2016-6353
	RESERVED
CVE-2016-6348 (JacksonJsonpInterceptor in RESTEasy might allow remote attackers to ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6347 (Cross-site scripting (XSS) vulnerability in the default exception ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6346 (RESTEasy enables GZIPInterceptor, which allows remote attackers to ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6345 (RESTEasy allows remote authenticated users to obtain sensitive ...)
	- resteasy <unfixed> (low; bug #837170)
	[jessie] - resteasy <no-dsa> (Minor issue)
	- resteasy3.0 <undetermined>
CVE-2016-6344 (Red Hat JBoss BPM Suite 6.3.x does not include the HTTPOnly flag in a ...)
	NOT-FOR-US: Red Hat JBoss bpm Suite
CVE-2016-6343
	RESERVED
	NOT-FOR-US: JBoss BPMS
CVE-2016-6342 (elog 3.1.1 allows remote attackers to post data as any username in the ...)
	- elog 3.1.2-1-1 (bug #836505)
	[jessie] - elog 2.9.2+2014.05.11git44800a7-2+deb8u1
	NOTE: https://bitbucket.org/ritt/elog/commits/2f6a300572bd6048351af8c45394ae62230c83d9
	NOTE: https://bitbucket.org/ritt/elog/commits/9ca611aca2b1860efac15f806bf907cc2e6f870a/
CVE-2016-6341 (oVirt Engine before 4.0.3 does not include DWH_DB_PASSWORD in the list ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6340 (The kickstart file in Red Hat QuickStart Cloud Installer (QCI) forces ...)
	NOT-FOR-US: Red Hat QCI
CVE-2016-6339
	REJECTED
CVE-2016-6338 (ovirt-engine-webadmin, as used in Red Hat Enterprise Virtualization ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6337 (MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6336 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6335 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6334 (Cross-site scripting (XSS) vulnerability in the ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6333 (Cross-site scripting (XSS) vulnerability in the CSS user subpage ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6332 (MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before ...)
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	- mediawiki 1:1.27.1-1
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6331 (ApiParse in MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x ...)
	- mediawiki 1:1.27.1-1
	[wheezy] - mediawiki <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html
CVE-2016-6330 (The server in Red Hat JBoss Operations Network (JON), when SSL ...)
	NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-6329 (OpenVPN, when using a 64-bit block cipher, makes it easier for remote ...)
	- openvpn <unfixed> (unimportant)
	NOTE: https://community.openvpn.net/openvpn/wiki/SWEET32
	NOTE: This is a generic cryptographic weakness, not a vulnerability in OpenVPN per se
CVE-2016-6328
	RESERVED
	- libexif 0.6.21-2.1 (bug #873022)
	[stretch] - libexif <no-dsa> (Minor issue)
	[jessie] - libexif <no-dsa> (Minor issue)
	[wheezy] - libexif <no-dsa> (Minor issue)
	NOTE: http://libexif.cvs.sourceforge.net/viewvc/libexif/libexif/libexif/pentax/mnote-pentax-entry.c?r1=1.26&r2=1.27
CVE-2016-6327 (drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1 ...)
	- linux 4.6.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/51093254bf879bc9ce96590400a87897c7498463 (4.6-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/3e4f574857eebce60bb56d7524f3f9eaa2a126d0 (v3.8-rc1)
CVE-2016-6326
	RESERVED
CVE-2016-6325 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 5 through 7, ...)
	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1367447
CVE-2016-6324
	RESERVED
CVE-2016-6323 (The makecontext function in the GNU C Library (aka glibc or libc6) ...)
	- glibc 2.24-1 (bug #834752)
	[jessie] - glibc 2.19-18+deb8u6
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20435
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617
CVE-2016-6322 (Red Hat QuickStart Cloud Installer (QCI) uses world-readable ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6321 (Directory traversal vulnerability in the safer_name_suffix function in ...)
	{DSA-3702-1 DLA-690-1}
	- tar 1.29b-1.1 (bug #842339)
	NOTE: https://sintonen.fi/advisories/tar-extract-pathname-bypass.txt
	NOTE: POC in https://sintonen.fi/advisories/tar-poc.tar (etc/shadow should not be extracted when asking for etc/motd)
	NOTE: Proposed patch by Antoine Beaupre: https://lists.debian.org/debian-lts/2016/10/msg00206.html
	NOTE: Proposed patch upstream: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7340f67b9860ea0531c1450e5aa261c50f67165d
CVE-2016-6320 (Cross-site scripting (XSS) vulnerability in ...)
	- foreman <itp> (bug #663101)
CVE-2016-6319 (Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb ...)
	- foreman <itp> (bug #663101)
CVE-2016-6318 (Stack-based buffer overflow in the FascistGecosUser function in ...)
	{DLA-599-1}
	- cracklib2 2.9.2-2 (bug #834502)
	[jessie] - cracklib2 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=1188599
	NOTE: In Debian compiled with CPPFLAGS="-D_FORTIFY_SOURCE=2" so, at most application crash
CVE-2016-6317 (Action Record in Ruby on Rails 4.2.x before 4.2.7.1 does not properly ...)
	- rails 2:4.2.7.1-1 (bug #834154)
	[jessie] - rails <not-affected> (Vulnerable code not present, introduced in 4.2)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package and introduced in 4.2 anyway)
CVE-2016-6316 (Cross-site scripting (XSS) vulnerability in Action View in Ruby on ...)
	{DSA-3651-1 DLA-604-1}
	- rails 2:4.2.7.1-1 (low; bug #834155)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-actionpack-3.2 <removed>
	NOTE: https://github.com/rails/rails/commit/4bcccf5ecd81a6272479537911b7d9760c5be164
CVE-2016-6315
	RESERVED
CVE-2016-6314
	RESERVED
CVE-2016-6313 (The mixing functions in the random number generator in Libgcrypt ...)
	{DSA-3650-1 DSA-3649-1 DLA-602-1 DLA-600-1}
	- gnupg2 <not-affected> (Uses system libgcrypt)
	- gnupg1 1.4.21-1 (bug #834894)
	- gnupg <removed> (bug #834893)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=e23eec8c9a602eee0a09851a54db0f5d611f125c
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=c6dbfe89903d0c8191cf50ecf1abb3c8458b427a
	- libgcrypt20 1.7.3-1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=2f62103b4bb6d6f9ce806e01afb7fdc58aa33513 (1.7)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=8dd45ad957b54b939c288a68720137386c7f6501 (1.7)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=190b0429b70eb4a3573377e95755d9cc13c38461 (1.6)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=c748f87436d693f092a4484571a3cc7f650b5c81 (1.6)
	- libgcrypt11 <removed>
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=98980e2fd29ad62903c78fa6521489fce651cdda
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=6199cd963d1fba86e0b7b9e2de4b6c00b945193a
	NOTE: https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
CVE-2016-6312 (The mod_dontdothat component of the mod_dav_svn Apache module in ...)
	- apr-util <not-affected> (RHEL-5.11 specific regression)
CVE-2016-6311 (Get requests in JBoss Enterprise Application Platform (EAP) 7 ...)
	NOT-FOR-US: WildFly / Red Hat JBoss EAP
CVE-2016-6310 (oVirt Engine discloses the ENGINE_HTTPS_PKI_TRUST_STORE_PASSWORD in ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-6309 (statem/statem.c in OpenSSL 1.1.0a does not consider memory-block ...)
	[experimental] - openssl 1.1.0b-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20160926.txt
CVE-2016-6308 (statem/statem_dtls.c in the DTLS implementation in OpenSSL 1.1.0 ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=48c054fec3506417b2598837b8062aae7114c200
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6307 (The state-machine implementation in OpenSSL 1.1.0 before 1.1.0a ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=c1ef7c971d0bbf117c3c80f65b5875e2e7b024b1
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
CVE-2016-6306 (The certificate parser in OpenSSL before 1.0.1u and 1.0.2 before ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=ff553f837172ecb2b5c8eca257ec3c5619a4b299
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6305 (The ssl3_read_bytes function in record/rec_layer_s3.c in OpenSSL 1.1.0 ...)
	[experimental] - openssl 1.1.0a-1
	- openssl <not-affected> (Only affects 1.1)
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.1.0a
CVE-2016-6304 (Multiple memory leaks in t1_lib.c in OpenSSL before 1.0.1u, 1.0.2 ...)
	{DSA-3673-1 DLA-637-1}
	[experimental] - openssl 1.1.0a-1
	- openssl 1.0.2i-1
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.1.0a, 1.0.2i, 1.0.1u
CVE-2016-6303 (Integer overflow in the MDC2_Update function in crypto/mdc2/mdc2dgst.c ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=55d83bf7c10c7b205fffa23fa7c3977491e56c07
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6302 (The tls_decrypt_ticket function in ssl/t1_lib.c in OpenSSL before ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=e97763c92c655dcf4af2860b3abd2bc4c8a267f9
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-6301 (The recv_and_process_client_pkt function in networking/ntpd.c in ...)
	- busybox 1:1.27.2-1 (unimportant; bug #833442)
	NOTE: NTP server not enabled by default in debian/config/pkg/* via CONFIG_NTPD
	NOTE: Fixed by: https://git.busybox.net/busybox/commit/?id=150dc7a2b483b8338a3e185c478b4b23ee884e71
CVE-2016-6300
	REJECTED
CVE-2016-6299 (The scm plug-in in mock might allow attackers to bypass the intended ...)
	- mock 1.3.2-1 (bug #850320)
	[jessie] - mock <not-affected> (Parsing is done before, after temporarily dropping super-user privileges at startup)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1375490
	NOTE: https://github.com/rpm-software-management/mock/commit/8b02f43beadacf6911200b48d94e39e891a41da9 (mock-1.2.21)
CVE-2016-6298 (The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in ...)
	- python-jwcrypto 0.3.2-1
	NOTE: https://github.com/latchset/jwcrypto/issues/65
	NOTE: https://github.com/latchset/jwcrypto/pull/66
	NOTE: https://github.com/latchset/jwcrypto/commit/eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba
	NOTE: Code moved around in git, for 0.3.2 it is in jwe.py
CVE-2016-6354 (Heap-based buffer overflow in the yy_get_next_buffer function in Flex ...)
	{DSA-3653-2 DSA-3653-1}
	- flex 2.6.1-1 (bug #832768)
	[wheezy] - flex <not-affected> (Issue introduced with 2.5.36)
	NOTE: Intorduced by: https://github.com/westes/flex/commit/9ba3187a537d6a58d345f2874d06087fd4050399 (flex-2-5-36)
	NOTE: Fixed by: https://github.com/westes/flex/commit/a5cbe929ac3255d371e698f62dc256afe7006466 (v2.6.1)
CVE-2016-6351 (The esp_do_dma function in hw/scsi/esp.c in QEMU (aka Quick Emulator), ...)
	{DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-3.1 (bug #832621)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=926cde5f3e4d2504ed161ed0cb771ac7cad6fd11 (v2.7.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=cc96677469388bad3d66479379735cf75db069e3 (v2.7.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/25/14
	NOTE: According to maintainer the fix relies on the fix for CVE-2016-4439
CVE-2016-6350 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service ...)
	NOT-FOR-US: OpenBSD
CVE-2016-6349 (The machinectl command in oci-register-machine allows local users to ...)
	NOT-FOR-US: oci-register-machine
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/26/5
	NOTE: Requirement is that docker containers would register themselves to
	NOTE: to systemd-machined by oci-register-machine (not packaged in Debian,
	NOTE: and https://github.com/projectatomic/docker/commit/a307e90141ba31b378bc31bb7720ed141f47cd9b
	NOTE: not applied to docker.io).
	NOTE: https://github.com/systemd/systemd/issues/3815
	NOTE: The problem as well only arises with docker fork in RedHat, not with upstream docker
	NOTE: https://github.com/projectatomic/oci-register-machine/pull/22
CVE-2016-6287 (The &quot;http-client&quot; egg always used a HTTP_PROXY environment variable to ...)
	NOT-FOR-US: Addons for Chicken
CVE-2016-6286 (The &quot;spiffy-cgi-handlers&quot; egg would convert a nonexistent &quot;Proxy&quot; ...)
	NOT-FOR-US: Addons for Chicken
CVE-2016-6285 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2016-6284
	RESERVED
CVE-2016-6283 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-6282
	RESERVED
CVE-2016-6281
	RESERVED
CVE-2016-6280
	RESERVED
CVE-2016-6279
	RESERVED
CVE-2016-6278
	RESERVED
CVE-2016-6277 (NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 ...)
	NOT-FOR-US: Netgear routers
CVE-2016-6276 (Citrix Linux Virtual Delivery Agent (aka VDA, formerly Linux Virtual ...)
	NOT-FOR-US: Citrix
CVE-2016-6275
	RESERVED
CVE-2016-6274
	RESERVED
CVE-2016-6273 (The lmadmin component in Flexera FlexNet Publisher (aka Flex License ...)
	NOT-FOR-US: Flexera
CVE-2016-6272 (XPath injection vulnerability in Epic MyChart allows remote attackers ...)
	NOT-FOR-US: EPIC MyChart
CVE-2016-6297 (Integer overflow in the php_stream_zip_opener function in ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72520
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=81406c0c1d45f75fcc7972ed974d2597abb0b9e9
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6296 (Integer signedness error in the simplestring_addn function in ...)
	{DSA-3631-1 DLA-628-1 DLA-569-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72606
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=e6c48213c22ed50b2b987b479fcc1ac709394caa
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
	- xmlrpc-epi 0.54.2-1.2 (bug #832959)
	[jessie] - xmlrpc-epi <no-dsa> (Can be fixed via point release, nothing depending on it in stable)
	NOTE: In stretch/sid php7.0 is using the system library not the embedded one.
CVE-2016-6295 (ext/snmp/snmp.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72479
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=cab1c3b3708eead315e033359d07049b23b147a3
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6294 (The locale_accept_from_http function in ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72533
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=aa82e99ed8003c01f1ef4f0940e56b85c5b032d4
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6293 (The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in ...)
	{DSA-3725-1 DLA-615-1}
	- icu 57.1-4
	NOTE: http://bugs.icu-project.org/trac/changeset/39109
	NOTE: http://bugs.icu-project.org/trac/ticket/12652
	NOTE: And possibly needs some more follow-up fixes, cf. with upstream changes
	NOTE: around/later than changeset 39109.
CVE-2016-6292 (The exif_process_user_comment function in ext/exif/exif.c in PHP ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72618
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=41131cd41d2fd2e0c2f332a27988df75659c42e4
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6291 (The exif_process_IFD_in_MAKERNOTE function in ext/exif/exif.c in PHP ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72603
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=eebcbd5de38a0f1c2876035402cb770e37476519
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6290 (ext/session/session.c in PHP before 5.5.38, 5.6.x before 5.6.24, and ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72562
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=3798eb6fd5dddb211b01d41495072fd9858d4e32
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6289 (Integer overflow in the virtual_file_ex function in ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/72513
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=0218acb7e756a469099c4ccfb22bce6c2bd1ef87
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-6271 (The Bzrtp library (aka libbzrtp) 1.0.x before 1.0.4 allows ...)
	- bzrtp 1.0.2-1.2 (bug #859277)
	NOTE: Fixed by: https://github.com/BelledonneCommunications/bzrtp/commit/bbb1e6e2f467ee4bd7b9a8c800e4f07343d7d99b
CVE-2016-6270 (The handle_certificate function in ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6269 (Multiple directory traversal vulnerabilities in Trend Micro Smart ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6268 (Trend Micro Smart Protection Server 2.5 before build 2200, 2.6 before ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6267 (SnmpUtils in Trend Micro Smart Protection Server 2.5 before build ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6266 (ccca_ajaxhandler.php in Trend Micro Smart Protection Server 2.5 before ...)
	NOT-FOR-US: Trend Micro
CVE-2016-6260
	RESERVED
CVE-2016-6259 (Xen 4.5.x through 4.7.x do not implement Supervisor Mode Access ...)
	- xen 4.8.0~rc3-1
	[jessie] - xen <not-affected> (Only affects 4.5 and later)
	[wheezy] - xen <not-affected> (Only affects 4.5 and later)
	NOTE: http://xenbits.xen.org/xsa/advisory-183.html
CVE-2016-6258 (The PV pagetable code in arch/x86/mm.c in Xen 4.7.x and earlier allows ...)
	{DSA-3633-1 DLA-571-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-182.html
CVE-2016-6257 (The firmware in Lenovo Ultraslim dongles, as used with Lenovo Liteon ...)
	NOT-FOR-US: Lenovo
CVE-2016-6256 (SAP Business One for Android 1.2.3 allows remote attackers to conduct ...)
	NOT-FOR-US: SAP
CVE-2016-6254 (Heap-based buffer overflow in the parse_packet function in network.c ...)
	{DSA-3636-1 DLA-575-1}
	- collectd 5.5.2-1 (bug #832507)
	NOTE: https://github.com/collectd/collectd/commit/b589096f907052b3a4da2b9ccc9b0e2e888dfc18
	NOTE: https://github.com/collectd/collectd/commit/8b4fed9940e02138b7e273e56863df03d1a39ef7
CVE-2016-6253 (mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, ...)
	NOT-FOR-US: mail.local in NetBSD
CVE-2016-1000218 (Kibana Reporting plugin version 2.4.0 is vulnerable to a CSRF ...)
	- kibana <itp> (bug #700337)
CVE-2016-1000212 [Mitigation for HTTPoxy vulnerability]
	{DSA-3642-1 DLA-583-1}
	- lighttpd 1.4.43-1 (bug #832571)
	NOTE: https://redmine.lighttpd.net/projects/lighttpd/repository/revisions/779c133c16f9af168b004dce7a2a64f16c1cb3a4/diff
	NOTE: CVE assigned for the mitigation to identify the fix. But it is not a vulnerability in lighttpd itself.
CVE-2016-1000211
	RESERVED
CVE-2016-1000210
	RESERVED
CVE-2016-1000209
	RESERVED
CVE-2016-1000208
	RESERVED
CVE-2016-1000207
	RESERVED
CVE-2016-1000206
	RESERVED
CVE-2016-1000205
	RESERVED
CVE-2016-1000204
	RESERVED
CVE-2016-1000203
	RESERVED
CVE-2016-1000202
	RESERVED
CVE-2016-1000201
	RESERVED
CVE-2016-1000200
	RESERVED
CVE-2016-1000199
	RESERVED
CVE-2016-1000198
	RESERVED
CVE-2016-1000197
	RESERVED
CVE-2016-1000196
	RESERVED
CVE-2016-1000195
	RESERVED
CVE-2016-1000194
	RESERVED
CVE-2016-1000193
	RESERVED
CVE-2016-1000192
	RESERVED
CVE-2016-1000191
	RESERVED
CVE-2016-1000190
	RESERVED
CVE-2016-1000189
	RESERVED
CVE-2016-1000188
	RESERVED
CVE-2016-1000187
	RESERVED
CVE-2016-1000186
	RESERVED
CVE-2016-1000185
	RESERVED
CVE-2016-1000184
	RESERVED
CVE-2016-1000183
	RESERVED
CVE-2016-1000182
	RESERVED
CVE-2016-1000181
	RESERVED
CVE-2016-1000180
	RESERVED
CVE-2016-1000179
	RESERVED
CVE-2016-1000178
	RESERVED
CVE-2016-1000177
	RESERVED
CVE-2016-1000176
	RESERVED
CVE-2016-1000175
	RESERVED
CVE-2016-1000174
	RESERVED
CVE-2016-1000173
	RESERVED
CVE-2016-1000172
	RESERVED
CVE-2016-1000171
	RESERVED
CVE-2016-1000170
	RESERVED
CVE-2016-1000169
	RESERVED
CVE-2016-1000168
	RESERVED
CVE-2016-1000167
	RESERVED
CVE-2016-1000166
	RESERVED
CVE-2016-1000165
	RESERVED
CVE-2016-1000164
	RESERVED
CVE-2016-1000163
	RESERVED
CVE-2016-1000162
	RESERVED
CVE-2016-1000161
	RESERVED
CVE-2016-1000160
	RESERVED
CVE-2016-1000159
	RESERVED
CVE-2016-1000158
	RESERVED
CVE-2016-1000157
	RESERVED
CVE-2016-1000156 (Mailcwp remote file upload vulnerability incomplete fix v1.100 ...)
	NOT-FOR-US: WordPress plugin mailcwp
CVE-2016-1000155 (Reflected XSS in wordpress plugin wpsolr-search-engine v7.6 ...)
	NOT-FOR-US: Wordpress plugin wpsolr-search-engine
CVE-2016-1000154 (Reflected XSS in wordpress plugin whizz v1.0.7 ...)
	NOT-FOR-US: Wordpress plugin whizz
CVE-2016-1000153 (Reflected XSS in wordpress plugin tidio-gallery v1.1 ...)
	NOT-FOR-US: Wordpress plugin tidio-gallery
CVE-2016-1000152 (Reflected XSS in wordpress plugin tidio-form v1.0 ...)
	NOT-FOR-US: Wordpress plugin tidio-form
CVE-2016-1000151 (Reflected XSS in wordpress plugin tera-charts v1.0 ...)
	NOT-FOR-US: Wordpress plugin tera-charts
CVE-2016-1000150 (Reflected XSS in wordpress plugin simplified-content v1.0.0 ...)
	NOT-FOR-US: Wordpress plugin simplified-content
CVE-2016-1000149 (Reflected XSS in wordpress plugin simpel-reserveren v3.5.2 ...)
	NOT-FOR-US: Wordpress plugin simpel-reserveren
CVE-2016-1000148 (Reflected XSS in wordpress plugin s3-video v0.983 ...)
	NOT-FOR-US: Wordpress plugin s3-video
CVE-2016-1000147 (Reflected XSS in wordpress plugin recipes-writer v1.0.4 ...)
	NOT-FOR-US: Wordpress plugin recipes-writer
CVE-2016-1000146 (Reflected XSS in wordpress plugin pondol-formmail v1.1 ...)
	NOT-FOR-US: Wordpress plugin pondol-formmail
CVE-2016-1000145 (Reflected XSS in wordpress plugin pondol-carousel v1.0 ...)
	NOT-FOR-US: Wordpress plugin pondol-carousel
CVE-2016-1000144 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
	NOT-FOR-US: Wordpress plugin photoxhibit
CVE-2016-1000143 (Reflected XSS in wordpress plugin photoxhibit v2.1.8 ...)
	NOT-FOR-US: Wordpress plugin photoxhibit
CVE-2016-1000142 (Reflected XSS in wordpress plugin parsi-font v4.2.5 ...)
	NOT-FOR-US: Wordpress plugin parsi-font
CVE-2016-1000141 (Reflected XSS in wordpress plugin page-layout-builder v1.9.3 ...)
	NOT-FOR-US: Wordpress plugin page-layout-builder
CVE-2016-1000140 (Reflected XSS in wordpress plugin new-year-firework v1.1.9 ...)
	NOT-FOR-US: Wordpress plugin new-year-firework
CVE-2016-1000139 (Reflected XSS in wordpress plugin infusionsoft v1.5.11 ...)
	NOT-FOR-US: Wordpress plugin infusionsoft
CVE-2016-1000138 (Reflected XSS in wordpress plugin indexisto v1.0.5 ...)
	NOT-FOR-US: Wordpress plugin indexisto
CVE-2016-1000137 (Reflected XSS in wordpress plugin hero-maps-pro v2.1.0 ...)
	NOT-FOR-US: Wordpress plugin hero-maps-pro
CVE-2016-1000136 (Reflected XSS in wordpress plugin heat-trackr v1.0 ...)
	NOT-FOR-US: Wordpress plugin heat-trackr
CVE-2016-1000135 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
	NOT-FOR-US: Wordpress plugin hdw-tube
CVE-2016-1000134 (Reflected XSS in wordpress plugin hdw-tube v1.2 ...)
	NOT-FOR-US: Wordpress plugin hdw-tube
CVE-2016-1000133 (Reflected XSS in wordpress plugin forget-about-shortcode-buttons ...)
	NOT-FOR-US: Wordpress plugin forget-about-shortcode-buttons
CVE-2016-1000132 (Reflected XSS in wordpress plugin enhanced-tooltipglossary v3.2.8 ...)
	NOT-FOR-US: Wordpress plugin enhanced-tooltipglossary
CVE-2016-1000131 (Reflected XSS in wordpress plugin e-search v1.0 ...)
	NOT-FOR-US: Wordpress plugin e-search
CVE-2016-1000130 (Reflected XSS in wordpress plugin e-search v1.0 ...)
	NOT-FOR-US: Wordpress plugin e-search
CVE-2016-1000129 (Reflected XSS in wordpress plugin defa-online-image-protector v3.3 ...)
	NOT-FOR-US: Wordpress plugin defa-online-image-protector
CVE-2016-1000128 (Reflected XSS in wordpress plugin anti-plagiarism v3.60 ...)
	NOT-FOR-US: Wordpress plugin anti-plagiarism
CVE-2016-1000127 (Reflected XSS in wordpress plugin ajax-random-post v2.00 ...)
	NOT-FOR-US: Wordpress plugin ajax-random-post
CVE-2016-1000126 (Reflected XSS in wordpress plugin admin-font-editor v1.8 ...)
	NOT-FOR-US: Wordpress plugin admin-font-editor
CVE-2016-1000125 (Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla ...)
	NOT-FOR-US: Joomla component Huge-IT Catalog
CVE-2016-1000124 (Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin ...)
	NOT-FOR-US: Joomla component Huge-IT Portfolio Gallery
CVE-2016-1000123 (Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for ...)
	NOT-FOR-US: Joomla component Huge-IT Video Gallery
CVE-2016-1000122 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
	NOT-FOR-US: Joomla extension Huge IT Joomla Slider
CVE-2016-1000121 (XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension ...)
	NOT-FOR-US: Joomla extension Huge IT Joomla Slider
CVE-2016-1000120 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
	NOT-FOR-US: Joomla extension Huge IT catalog
CVE-2016-1000119 (SQLi and XSS in Huge IT catalog extension v1.0.4 for Joomla ...)
	NOT-FOR-US: Joomla extension Huge IT catalog
CVE-2016-1000118 (XSS &amp; SQLi in HugeIT slideshow v1.0.4 ...)
	NOT-FOR-US: Joomla extension HugeIT slideshow
CVE-2016-1000117 (XSS &amp; SQLi in HugeIT slideshow v1.0.4 ...)
	NOT-FOR-US: Joomla extension HugeIT slideshow
CVE-2016-1000116 (Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS ...)
	NOT-FOR-US: Joomla extension Huge-IT Portfolio Gallery manager
CVE-2016-1000115 (Huge-IT Portfolio Gallery manager v1.1.0 SQL Injection and XSS ...)
	NOT-FOR-US: Joomla extension Huge-IT Portfolio Gallery manager
CVE-2016-1000114 (XSS in huge IT gallery v1.1.5 for Joomla ...)
	NOT-FOR-US: Joomla extension huge IT gallery
CVE-2016-1000113 (XSS and SQLi in huge IT gallery v1.1.5 for Joomla ...)
	NOT-FOR-US: Joomla extension huge IT gallery
CVE-2016-1000112 (Unauthenticated remote .jpg file upload in contus-video-comments v1.0 ...)
	NOT-FOR-US: WordPress plugin contus-video-comments
CVE-2016-6265 (Use-after-free vulnerability in the pdf_load_xref function in ...)
	{DSA-3655-1}
	- mupdf 1.9a+ds1-1.1 (bug #832031)
	[wheezy] - mupdf <not-affected> (vulnerable code not present, no segfault)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696941
	NOTE: Fixed by: http://git.ghostscript.com/?p=mupdf.git;h=fa1936405b6a84e5c9bb440912c23d532772f958
	NOTE: Possibly introduced with: http://git.ghostscript.com/?p=mupdf.git;h=e767bd783d91ae88cd79da19e79afb2c36bcf32a (1.7-rc1)
	NOTE: Although the e767bd783d91ae88cd79da19e79afb2c36bcf32a introduced the solid xrefs,
	NOTE: that part of the code went trough several iterations before it settled down, and
	NOTE: thus the issue could possibly be presend already before. The code in 1.5-1 looks
	NOTE: quite similar, although the reproducer does not lead to a heap-use-after-free in
	NOTE: the 1.5-1 case.
CVE-2016-6264 (Integer signedness error in libc/string/arm/memset.S in uClibc and ...)
	{DLA-561-1}
	- uclibc-ng <itp> (bug #811275)
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: http://repo.or.cz/uclibc-ng.git/commit/e3848e3dd64a8d6437531488fe341354bc02eaed
	NOTE: http://mailman.uclibc-ng.org/pipermail/devel/2016-July/001067.html
	NOTE: Fixed in 1.0.16 of uClibc-ng
CVE-2016-6263 (The stringprep_utf8_nfkc_normalize function in lib/nfkc.c in libidn ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
	NOTE: Test / Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=1fbee57ef3c72db2206dd87e4162108b2f425555 (libidn-1-33)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2015-8949 (Use-after-free vulnerability in the my_login function in DBD::mysql ...)
	{DSA-3635-1 DLA-576-1}
	- libdbd-mysql-perl 4.035-1
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/45
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
CVE-2015-8948 (idn in GNU libidn before 1.33 might allow remote attackers to obtain ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=570e68886c41c2e765e6218cb317d9a9a447a041 (libidn-1-33)
	NOTE: When fixing this issue, the followup fix http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60
	NOTE: is required to fix the problem. (Resultet in followup CVE, CVE-2016-6262
	NOTE: if not applied completely).
CVE-2016-6262 (idn in libidn before 1.33 might allow remote attackers to obtain ...)
	- libidn <not-affected> (Incomplete fix for CVE-2015-8948 not applied)
	NOTE: Follow-up fix for CVE-2015-8948: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=5e3cb9c7b5bf0ce665b9d68f5ddf095af5c9ba60 (libidn-1-33)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6261 (The idna_to_ascii_4i function in lib/idna.c in libidn before 1.33 ...)
	{DSA-3658-1 DLA-582-1}
	- libidn 1.33-1
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2016-07/msg00009.html
	NOTE: Test: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=9a1a7e15d0706634971364493fbb06e77e74726c (libidn-1-33)
	NOTE: Fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=f20ce1128fb7f4d33297eee307dddaf0f92ac72d (libidn-1-33)
	NOTE: Follow-up memory leak fix: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=11abd0e02c16f9e0b6944aea4ef0f2df44b42dd4 (libidn-1-33)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/6
CVE-2016-6249 (F5 BIG-IP 12.0.0 and 11.5.0 - 11.6.1 REST requests which timeout ...)
	NOT-FOR-US: F5
CVE-2016-1000037
	RESERVED
	- pagure <itp> (bug #829046)
CVE-2016-1000030 [X.509 Certificates Improperly Imported]
	RESERVED
	- pidgin 2.11.0-1 (unimportant)
	[jessie] - pidgin 2.11.0-0+deb8u1
	NOTE: http://www.pidgin.im/news/security/?id=91
	NOTE: https://bitbucket.org/pidgin/main/commits/d6fc1ce76ffe
	NOTE: Furthermore pidgin in Debian is not compiled to use GnuTLS (--enable-gnutls=no)
CVE-2016-XXXX [insecure default PATH]
	- dietlibc 0.34~cvs20160606-2 (bug #832169)
	[jessie] - dietlibc 0.33~cvs20120325-6+deb8u1
	[wheezy] - dietlibc 0.33~cvs20120325-4+deb7u1
	NOTE: Workaround entry for DLA-557-1 until CVE is assigned
	NOTE: Following reverse dependencies need to be recompiled: minit (wheezy, jessie),
	NOTE: util-vserver (jessie, sid), mksh (sid, experimental)
	NOTE: http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
CVE-2016-6250 (Integer overflow in the ISO9660 writer in libarchive before 3.2.1 ...)
	{DSA-3677-1 DLA-554-1}
	- libarchive 3.2.1-1 (low)
	NOTE: https://github.com/libarchive/libarchive/issues/711
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3014e19820ea53c15c90f9d447ca3e668a0b76c6 (v3.2.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/20/1
CVE-2016-6252 (Integer overflow in shadow 4.2.1 allows local users to gain privileges ...)
	{DSA-3793-1}
	- shadow 1:4.4-1 (bug #832170)
	[wheezy] - shadow <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/shadow-maint/shadow/issues/27
	NOTE: Fixed by: https://github.com/shadow-maint/shadow/commit/1d5a926cc2d6078d23a96222b1ef3e558724dad1 (4.3.1)
CVE-2016-6251
	REJECTED
CVE-2016-6248
	RESERVED
CVE-2016-1000029
	RESERVED
CVE-2016-1000028
	RESERVED
CVE-2016-6247 (OpenBSD 5.8 and 5.9 allows certain local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6246 (OpenBSD 5.8 and 5.9 allows certain local users with kern.usermount ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6245 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6244 (The sys_thrsigdivert function in kern/kern_sig.c in the OpenBSD kernel ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6243 (thrsleep in kern/kern_synch.c in OpenBSD 5.8 and 5.9 allows local ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6242 (OpenBSD 5.8 and 5.9 allows local users to cause a denial of service ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6241 (Integer overflow in the amap_alloc1 function in OpenBSD 5.8 and 5.9 ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6240 (Integer truncation error in the amap_alloc function in OpenBSD 5.8 and ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6239 (The mmap extension __MAP_NOFAULT in OpenBSD 5.8 and 5.9 allows ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2016-6238 (The write_ujpg function in lepton/jpgcoder.cc in Dropbox lepton 1.0 ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6237 (The build_huffcodes function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6236 (The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6235 (The setup_imginfo_jpg function in lepton/jpgcoder.cc in Dropbox lepton ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6234 (The process_file function in lepton/jpgcoder.cc in Dropbox lepton 1.0 ...)
	- lepton 1.2.1-1 (bug #831814)
CVE-2016-6231 (Kaspersky Safe Browser iOS before 1.7.0 does not verify X.509 ...)
	NOT-FOR-US: Kaspersky
CVE-2016-6230
	RESERVED
CVE-2016-6229
	RESERVED
CVE-2016-6228
	RESERVED
CVE-2016-6227
	RESERVED
CVE-2016-6226
	RESERVED
CVE-2016-6225 (xbcrypt in Percona XtraBackup before 2.3.6 and 2.4.x before 2.4.5 does ...)
	- percona-xtrabackup <unfixed> (bug #851244)
	[jessie] - percona-xtrabackup <no-dsa> (Minor issue)
	NOTE: https://www.percona.com/blog/2017/01/12/cve-2016-6225-percona-xtrabackup-encryption-iv-not-set-properly
	NOTE: https://github.com/percona/percona-xtrabackup/pull/266
	NOTE: https://github.com/percona/percona-xtrabackup/pull/267
CVE-2016-6222
	RESERVED
CVE-2016-6221
	RESERVED
CVE-2016-6220 (Information Disclosure vulnerability in the Dashboard and Error Pages ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2016-6219
	RESERVED
CVE-2016-6218
	RESERVED
CVE-2016-1000110
	RESERVED
	- python3.5 3.5.2-3 (unimportant)
	- python3.4 <removed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python2.7 2.7.12-2 (unimportant)
	- python2.6 <removed> (unimportant)
	NOTE: https://bugs.python.org/issue27568
	NOTE: No part of Python does set HTTP_PROXY based on a Proxy: header, the Python bug
	NOTE: just provides a hardening to discard HTTP_PROXY if it thinks a Python script is
	NOTE: running as a CGI script
CVE-2016-1000109
	RESERVED
	- hhvm 3.12.11+dfsg-1 (unimportant)
CVE-2016-1000107
	RESERVED
	- erlang <unfixed> (unimportant)
	NOTE: https://bugs.erlang.org/browse/ERL-198
	NOTE: No part of Erlang does set HTTP_PROXY based on a Proxy: header, just hardening
CVE-2016-1000106
	REJECTED
CVE-2016-1000105
	RESERVED
	- nginx <not-affected> (nginx doesn't support CGI)
CVE-2016-1000103
	RESERVED
CVE-2016-1000102
	REJECTED
CVE-2016-1000027
	RESERVED
	- libspring-java 4.2.7-1 (unimportant)
	NOTE: https://www.tenable.com/security/research/tra-2016-20
	NOTE: This is not a vulnerability in Spring itself, just how applications are using it
CVE-2016-6255 (Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers ...)
	{DSA-3736-1 DLA-597-1}
	- libupnp 1:1.6.19+git20160116-1.1 (bug #831857)
	NOTE: https://twitter.com/mjg59/status/755062278513319936
	NOTE: Proposed fix: https://github.com/mjg59/pupnp-code/commit/be0a01bdb83395d9f3a5ea09c1308a4f1a972cbd
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/18/13
CVE-2016-6233 (The (1) order and (2) group methods in Zend_Db_Select in the Zend ...)
	- zendframework 1.12.19+dfsg-1
	[jessie] - zendframework <not-affected> (introduced after 1.12.9)
	[wheezy] - zendframework <not-affected> (introduced after 1.12.9)
	NOTE: http://framework.zend.com/security/advisory/ZF2016-02
	NOTE: https://github.com/zendframework/zf1/commit/bf3f40605be3d8f136a07ae991079a7dcb34d967
CVE-2016-6232 (Directory traversal vulnerability in KArchive before 5.24, as used in ...)
	{DSA-3643-1 DLA-570-1}
	- karchive 5.24.0-1
	- kde4libs 4:4.14.22-2 (bug #832620)
	NOTE: The fix for 4:4.14.22-1 was incomplete, cf.
	NOTE: https://lists.debian.org/debian-lts/2016/07/msg00144.html
	NOTE: Fix: https://git.reviewboard.kde.org/r/128185/
CVE-2016-6217 (Cross-site scripting (XSS) vulnerability in Sophos PureMessage for ...)
	NOT-FOR-US: Sophos
CVE-2016-6216
	RESERVED
CVE-2016-6215
	RESERVED
CVE-2016-6212 (The Views module 7.x-3.x before 7.x-3.14 in Drupal 7.x and the Views ...)
	- drupal8 <itp> (bug #756305)
CVE-2016-6210 (sshd in OpenSSH before 7.3, when SHA256 or SHA512 are used for user ...)
	{DSA-3626-1 DLA-578-1}
	- openssh 1:7.2p2-6 (bug #831902)
	NOTE: http://seclists.org/fulldisclosure/2016/Jul/51
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
	NOTE: Suggested to cherry-pick as well: https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
	NOTE: otherwise the mitigiation isn't very effective for systems with a locked root account.
CVE-2016-6208
	RESERVED
CVE-2016-6207 (Integer overflow in the _gdContributionsAlloc function in ...)
	{DSA-3630-1}
	- libgd2 2.2.2-43-g22cba39-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/0dd40abd6d5b3e53a6b745dd4d6cf94b70010989
	NOTE: https://github.com/libgd/libgd/commit/d325888a9fe3c9681e4a9aad576de2c5cd5df2ef
	NOTE: https://github.com/libgd/libgd/commit/ff9113c80a32205d45205d3ea30965b25480e0fb
	NOTE: https://github.com/libgd/libgd/commit/f60ec7a546499f9446063a4dbe755be9523d8232
	NOTE: https://github.com/libgd/libgd/commit/7a28c235890c95e6010e7b0d0f7c7369367168ef
	- php7.0 7.0.9-1 (unimportant)
	- php5 5.6.24+dfsg-1 (unimportant)
	[jessie] - php5 5.6.24+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72558
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-6209 (Cross-site scripting (XSS) vulnerability in Nagios. ...)
	- nagios3 <removed> (bug #831698)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	- icinga <not-affected> (Vulnerable code not present)
	NOTE: http://seclists.org/fulldisclosure/2016/Jun/20
CVE-2016-6206 (Huawei AR3200 routers with software before V200R007C00SPC600 allow ...)
	NOT-FOR-US: Huawei
CVE-2016-6205
	RESERVED
CVE-2016-6204 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
	NOT-FOR-US: Siemens
CVE-2016-6203
	RESERVED
CVE-2016-6202
	RESERVED
CVE-2016-6201 (Cross-site scripting (XSS) vulnerability in Ektron Content Management ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2016-6200
	RESERVED
CVE-2016-6199 (ObjectSocketWrapper.java in Gradle 2.12 allows remote attackers to ...)
	- gradle 2.13-1
	[jessie] - gradle <ignored> (Minor issue)
	NOTE: Starting from 2.13-1 it uses commons-collections:commons-collections:3.2.2
	NOTE: https://philwantsfish.github.io/security/java-deserialization-github
	NOTE: https://discuss.gradle.org/t/a-security-issue-about-gradle-rce/17726
	NOTE: ObjectSocketWrapper only used by Gradle UI, which was removed in current releases (4.x)
CVE-2016-6196
	RESERVED
CVE-2016-6195 (SQL injection vulnerability in forumrunner/includes/moderation.php in ...)
	NOT-FOR-US: vBulletin
CVE-2016-6194
	RESERVED
CVE-2016-6193 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with ...)
	NOT-FOR-US: Huawei
CVE-2016-6192 (Buffer overflow in the Wi-Fi driver in Huawei P8 smartphones with ...)
	NOT-FOR-US: Huawei
CVE-2016-1000026
	RESERVED
CVE-2016-1000025
	RESERVED
	- node-ws <unfixed> (unimportant)
	NOTE: https://nodesecurity.io/advisories/120
	NOTE: https://github.com/nodejs/node/issues/7388
	NOTE: nodejs not covered by security support
CVE-2016-1000024
	RESERVED
CVE-2016-1000022
	RESERVED
	- node-negotiator <unfixed> (unimportant)
	NOTE: https://nodesecurity.io/advisories/106
	NOTE: https://github.com/distributedweaknessfiling/DWF-Database/commit/5e607a0cad2769db2be5aafc4d9b1ec49bd7bbbc
	NOTE: nodejs not covered by security support
CVE-2016-1000021
	RESERVED
	- node-cli <unfixed> (unimportant)
	NOTE: https://nodesecurity.io/advisories/95
	NOTE: nodejs not covered by security support
CVE-2016-1000020
	RESERVED
CVE-2016-1000019
	RESERVED
CVE-2016-1000018
	RESERVED
CVE-2016-1000017
	RESERVED
CVE-2016-1000016
	RESERVED
CVE-2016-1000015
	RESERVED
CVE-2016-1000014
	REJECTED
CVE-2016-1000013
	RESERVED
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/101
	NOTE: nodejs not covered by security support
CVE-2016-1000012
	RESERVED
CVE-2016-1000011
	RESERVED
CVE-2016-1000010
	RESERVED
CVE-2016-6905 (The read_image_tga function in gd_tga.c in the GD Graphics Library ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/248
	NOTE: https://github.com/libgd/libgd/pull/251
	NOTE: https://github.com/libgd/libgd/commit/5a3f19e962b507560c9206965087db4dc0ad107f
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/3c2b605d72e8b080dace1d98a6e50b46c1d12186
	NOTE: followed by: https://github.com/libgd/libgd/commit/01c61f8ab110a77ae64b5ca67c244c728c506f03
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/12/4
CVE-2016-6352 (The OneLine32 function in io-ico.c in gdk-pixbuf before 2.35.3 allows ...)
	- gdk-pixbuf 2.35.4-1 (bug #832496)
	[jessie] - gdk-pixbuf <no-dsa> (Minor issue, can be fixed along in a future DSA)
	[wheezy] - gdk-pixbuf <not-affected> (Fails with ENOMEM, no crash)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/11
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=769170
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=88af50a864195da1a4f7bda5f02539704fbda599
CVE-2016-6224 (ecryptfs-setup-swap in eCryptfs does not prevent the unencrypted swap ...)
	- ecryptfs-utils <not-affected> (Broken code not present; incomplete fix for CVE-2015-8946 not applied)
	NOTE: Actually due to an incomplete fix of LP#1447282
	NOTE: https://launchpad.net/bugs/1597154
	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/882
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2015-8947 (hb-ot-layout-gpos-table.hh in HarfBuzz before 1.0.5 allows remote ...)
	- harfbuzz 1.2.6-1
	[jessie] - harfbuzz <no-dsa> (Minor issue, can be fixed via a DSA)
	NOTE: https://cgit.freedesktop.org/harfbuzz/commit/?id=f96664974774bfeb237a7274f512f64aaafb201e (1.0.5)
CVE-2015-8946 (ecryptfs-setup-swap in eCryptfs before 111 does not prevent the ...)
	- ecryptfs-utils 111-1
	[jessie] - ecryptfs-utils <no-dsa> (Minor issue)
	[wheezy] - ecryptfs-utils <no-dsa> (Only happens if using systemd v207 onward)
	NOTE: https://launchpad.net/bugs/1447282
	NOTE: Fixed by: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/857
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/2
CVE-2016-6214 (gd_tga.c in the GD Graphics Library (aka libgd) before 2.2.3 allows ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/247#issuecomment-232084241
	NOTE: https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
	NOTE: Different issue than CVE-2016-6132
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/5
CVE-2016-6223 (The TIFFReadRawStrip1 and TIFFReadRawTile1 functions in tif_read.c in ...)
	{DSA-3762-1 DLA-693-1 DLA-610-1}
	- tiff 4.0.6-2 (bug #842270)
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/3
	NOTE: Upstream patch: https://github.com/vadz/libtiff/commit/0ba5d8814a17a64bdb8d9035f4c533f3f3f4b496
CVE-2016-1000023
	RESERVED
	- node-minimatch <unfixed> (unimportant)
	NOTE: https://nodesecurity.io/advisories/118
	NOTE: https://github.com/isaacs/minimatch/commit/6944abf9e0694bd22fd9dad293faa40c2bc8a955
	NOTE: libv8 is not covered by security support
CVE-2016-6213 (fs/namespace.c in the Linux kernel before 4.9 does not restrict how ...)
	- linux 4.8.11-1
	[jessie] - linux 3.16.43-1
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: https://lkml.org/lkml/2016/8/28/269
	NOTE: Fixed by: https://git.kernel.org/linus/d29216842a85c7970c536108e093963f02714498 (v4.9-rc1)
CVE-2016-6186 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-3622-1 DLA-555-1}
	- python-django 1:1.9.8-1 (bug #831799)
	NOTE: https://www.djangoproject.com/weblog/2016/jul/18/security-releases/
CVE-2016-1000009 (TP-LINK lost control of two domains, www.tplinklogin.net and ...)
	NOT-FOR-US: TP-LINK
CVE-2016-XXXX [Insecure use of /tmp]
	- leptonlib 1.73-5 (unimportant; bug #830660)
	NOTE: Neutralised by kernel hardening
CVE-2016-6198 (The filesystem layer in the Linux kernel before 4.5.5 proceeds with ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/54d5ca871e72f2bb172ec9323497f01cd5091ec7 (v4.6)
	NOTE: https://git.kernel.org/linus/9409e22acdfc9153f88d9b1ed2bd2a5b34d2d3ca (v4.6)
CVE-2016-6197 (fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the ...)
	- linux 4.6.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/11f3710417d026ea2f4fcf362d866342c5274185 (v4.6-rc1)
CVE-2016-6191 (Multiple cross-site scripting (XSS) vulnerabilities in the View Raw ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://sogo.nu/bugs/view.php?id=3718
	NOTE: http://github.com/inverse-inc/sogo/commit/64ce3c9c22fd9a28caabf11e76216cd53d0245aa (SOGo-3.1.3)
CVE-2016-6190 (SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
	NOTE: https://sogo.nu/bugs/view.php?id=3696
CVE-2016-6189 (Incomplete blacklist in SOGo before 2.3.12 and 3.x before 3.1.1 allows ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: Fix SOGo v2: https://github.com/inverse-inc/sogo/commit/717f45f640a2866b76a8984139391fae64339225 (SOGo-2.3.12)
	NOTE: Fix SOGo v3: https://github.com/inverse-inc/sogo/commit/875a4aca3218340fd4d3141950c82c2ff45b343d (SOGo-3.1.1)
	NOTE: https://sogo.nu/bugs/view.php?id=3695
CVE-2016-6188 (Memory leak in SOGo 2.3.7 allows remote attackers to cause a denial of ...)
	- sogo 3.2.4-0.2
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: http://github.com/inverse-inc/sogo/commit/32bb1456e23a32c7f45079c3985bf732dd0d276d (SOGo-2.3.9)
	NOTE: https://sogo.nu/bugs/view.php?id=3510
CVE-2016-6187 (The apparmor_setprocattr function in security/apparmor/lsm.c in the ...)
	- linux 4.6.4-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/bb646cdb12e75d82258c2f2e7746d5952d3e321a (v4.5-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/30a46a4647fd1df9cf52e43bf467f0d9265096ca (v4.7-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/09/1
CVE-2016-XXXX [GNUTLS-SA-2016-2: certificate verification issue]
	- gnutls28 3.4.14-1 (unimportant)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-2
	NOTE: Unimportant since Debian's binary packages are not built
	NOTE: with --with-default-trust-store-pkcs11=
CVE-2016-6184 (The Camera driver in Huawei Honor 4C smartphones with software ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6183 (The Camera driver in Huawei Honor 4C smartphones with software ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6182 (The Camera driver in Huawei Honor 4C smartphones with software ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6181 (The Camera driver in Huawei Honor 4C smartphones with software ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6180 (The Camera driver in Huawei Honor 4C smartphones with software ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6179 (The WiFi driver in Huawei Honor 6 smartphones with software H60-L01 ...)
	NOT-FOR-US: Huawei Honor
CVE-2016-6178 (Huawei NE40E and CX600 devices with software before V800R007SPH017; ...)
	NOT-FOR-US: Huawei
CVE-2016-6177 (The Huawei OceanStor 5800 V300R003C00 has an integer overflow ...)
	NOT-FOR-US: Huawei
CVE-2016-6176
	RESERVED
CVE-2016-6185 (The XSLoader::load method in XSLoader in Perl does not properly locate ...)
	{DSA-3628-1 DLA-565-1}
	- perl 5.22.2-2 (bug #829578)
CVE-2016-6175 (Eval injection vulnerability in php-gettext 1.0.12 and earlier allows ...)
	- php-gettext <unfixed> (bug #851771)
	[stretch] - php-gettext <no-dsa> (Minor issue)
	[jessie] - php-gettext <no-dsa> (Minor issue)
	[wheezy] - php-gettext <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/php-gettext/+bug/1606184
	NOTE: https://kmkz-web-blog.blogspot.cz/2016/07/advisory-cve-2016-6175.html
CVE-2016-6174 (applications/core/modules/front/system/content.php in Invision Power ...)
	NOT-FOR-US: Inivision
CVE-2016-6169 (Heap-based buffer overflow in Foxit Reader and PhantomPDF 7.3.4.311 ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-6168 (Use-after-free vulnerability in Foxit Reader and PhantomPDF 7.3.4.311 ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-6167 (Multiple untrusted search path vulnerabilities in Putty beta 0.67 ...)
	- putty <not-affected> (Windows-specific)
CVE-2016-6166
	RESERVED
CVE-2016-6165
	RESERVED
CVE-2016-6164 (Integer overflow in the mov_build_index function in libavformat/mov.c ...)
	- ffmpeg 7:3.1.1-1
	NOTE: http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=8a3221cc67a516dfc1700bdae3566ec52c7ee823
CVE-2016-1000101
	REJECTED
CVE-2016-1000100
	REJECTED
CVE-2016-1000008
	RESERVED
CVE-2016-1000006
	RESERVED
	- hhvm 3.12.11+dfsg-1
CVE-2016-1000005
	RESERVED
	- hhvm 3.12.11+dfsg-1
CVE-2016-1000004
	RESERVED
	- hhvm 3.12.11+dfsg-1
CVE-2016-6173 (NSD before 4.1.11 allows remote DNS master servers to cause a denial ...)
	- nsd <unfixed> (unimportant; bug #830806)
	NOTE: https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=790
	NOTE: Not considered a security issue due to trust relationship, see #830806
CVE-2016-6172 (PowerDNS (aka pdns) Authoritative Server before 4.0.1 allows remote ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.1-1 (bug #830808)
	NOTE: https://github.com/PowerDNS/pdns/issues/4128
	NOTE: Master: https://github.com/PowerDNS/pdns/pull/4133
	NOTE: 3.4.x: https://github.com/PowerDNS/pdns/pull/4134
CVE-2016-6171 (Knot DNS before 2.3.0 allows remote DNS servers to cause a denial of ...)
	- knot 2.3.0-1 (bug #830809)
	[jessie] - knot <no-dsa> (Minor issue)
	NOTE: https://gitlab.labs.nic.cz/labs/knot/merge_requests/541
	NOTE: https://gitlab.labs.nic.cz/labs/knot/issues/464
CVE-2016-6170 (ISC BIND through 9.9.9-P1, 9.10.x through 9.10.4-P1, and 9.11.x ...)
	- bind9 1:9.10.6+dfsg-1 (unimportant; bug #830810)
	NOTE: Not fixed upstream, proposed patches below are unofficial:
	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.10.3-xfer-limit-0.0.1.patch
	NOTE: Fixed by https://github.com/sischkg/xfer-limit/blob/master/bind-9.9.9-P1-xfer-limit-0.0.1.patch
	NOTE: Negligable security impact
CVE-2016-6163 (The rsvg_pattern_fix_fallback function in rsvg-paint_server.c in ...)
	- librsvg 2.40.9-2
	[jessie] - librsvg <no-dsa> (Minor issue)
	[wheezy] - librsvg <not-affected> (vulnerable code not present, no segfault)
	NOTE: Fixed by: https://git.gnome.org/browse/librsvg/commit/?id=0035e95118a60c0cd3949c2300472d805e16a022 (2.40.7)
	NOTE: Reproducer attached in http://seclists.org/oss-sec/2016/q3/7
CVE-2016-6162 (net/core/skbuff.c in the Linux kernel 4.7-rc6 allows local users to ...)
	- linux <not-affected> (Vulnerable code introduced in 4.7-rc1)
CVE-2016-6161 (The output function in gd_gif_out.c in the GD Graphics Library (aka ...)
	{DSA-3619-1 DLA-563-1}
	- libgd2 2.2.1-1
	NOTE: https://github.com/libgd/libgd/issues/209
	NOTE: https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)
CVE-2016-6159 (The management interface of Huawei WS331a routers with software before ...)
	NOT-FOR-US: Huawei
CVE-2016-6158 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
	NOT-FOR-US: Huawei
CVE-2016-6157
	RESERVED
CVE-2016-6156 (Race condition in the ec_device_ioctl_xcmd function in ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/096cdc6f52225835ff503f987a0d68ef770bb78e
	NOTE: Introduced by: https://git.kernel.org/linus/a841178445bb72a3d566b4e6ab9d19e9b002eb47 (v4.2-rc1)
CVE-2016-6155
	RESERVED
CVE-2016-6154
	RESERVED
CVE-2016-6152 (CA eHealth 6.2.x and 6.3.x before 6.3.2.13 allows remote authenticated ...)
	NOT-FOR-US: eHealth
CVE-2016-6151 (CA eHealth 6.2.x allows remote authenticated users to cause a denial ...)
	NOT-FOR-US: eHealth
CVE-2016-6150 (The multi-tenant database container feature in SAP HANA does not ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6149 (SAP HANA SPS09 1.00.091.00.14186593 allows local users to obtain ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6148 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to cause a ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6147 (An unspecified interface in SAP TREX 7.10 Revision 63 allows remote ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6146 (The NameServer in SAP TREX 7.10 Revision 63 allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2016-6145 (The SQL interface in SAP HANA DB 1.00.091.00.1418659308 provides ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6144 (The SQL interface in SAP HANA before Revision 102 does not limit the ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6143 (SAP HANA DB 1.00.73.00.389160 allows remote attackers to execute ...)
	NOT-FOR-US: SAP HANA
CVE-2016-6142 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2016-6141
	RESERVED
CVE-2016-6140 (SAP TREX 7.10 Revision 63 allows remote attackers to write to ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6139 (SAP TREX 7.10 Revision 63 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6138 (Directory traversal vulnerability in SAP TREX 7.10 Revision 63 allows ...)
	NOT-FOR-US: SAP TREX
CVE-2016-6137 (An unspecified function in SAP TREX 7.10 Revision 63 allows remote ...)
	NOT-FOR-US: SAP
CVE-2016-6136 (Race condition in the audit_log_single_execve_arg function in ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120681
	NOTE: https://github.com/linux-audit/audit-kernel/issues/18
	NOTE: Fixed by: https://git.kernel.org/linus/43761473c254b45883a64441dd0bc85a42f3645c (4.8-rc1)
CVE-2016-6135
	RESERVED
CVE-2016-6134
	RESERVED
CVE-2016-1000007 (Pagure 2.2.1 XSS in raw file endpoint ...)
	- pagure <itp> (bug #829046)
	NOTE: https://pagure.io/pagure/c/070d63983fe5daef92005ea33d3b8c693c224c77
CVE-2016-6160 (tcprewrite in tcpreplay before 4.1.2 allows remote attackers to cause ...)
	{DLA-544-1}
	- tcpreplay 3.4.4-3 (bug #829350)
	[jessie] - tcpreplay 3.4.4-2+deb8u1
CVE-2016-6133 (Cross-site scripting (XSS) vulnerability in Ektron Content Management ...)
	NOT-FOR-US: Ektron
CVE-2016-6153 (os_unix.c in SQLite before 3.13.0 improperly implements the temporary ...)
	{DLA-543-1}
	- sqlite3 3.13.0-1
	[jessie] - sqlite3 3.8.7.1-1+deb8u2
	NOTE: http://www.sqlite.org/cgi/src/info/67985761aa93fb61
	NOTE: http://www.sqlite.org/cgi/src/info/b38fe522cfc971b3
	NOTE: and possibly http://www.sqlite.org/cgi/src/info/614bb709d34e1148
	NOTE: https://www.korelogic.com/Resources/Advisories/KL-001-2016-003.txt
CVE-2016-6129 (The rsa_verify_hash_ex function in rsa_verify_hash.c in LibTomCrypt, ...)
	{DLA-612-1}
	- libtomcrypt 1.17-8 (bug #837042)
	[jessie] - libtomcrypt <no-dsa> (Minor issue)
	NOTE: https://github.com/OP-TEE/optee_os/commit/30d13250c390c4f56adefdcd3b64b7cc672f9fe2
	NOTE: libtomcrypt ship the corresponding patch in
	NOTE: https://github.com/libtom/libtomcrypt/commit/5eb9743410ce4657e9d54fef26a2ee31a1b5dd09
	NOTE: The CVE is originally assigend to OP-TEE, but the underlying issue seems to be in
	NOTE: libtomcrypt, thus keep that source package as well for now associated.
CVE-2016-6127 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
	{DSA-3882-1 DLA-987-1}
	- request-tracker4 4.4.1-4
CVE-2016-6126 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-6125 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6124 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-6123 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6122 (IBM Kenexa LMS on Cloud 13.1 and 13.2 - 13.2.4 discloses answers to ...)
	NOT-FOR-US: IBM
CVE-2016-6121 (IBM Emptoris Supplier Lifecycle Management 10.0.x and 10.1.x is ...)
	NOT-FOR-US: IBM
CVE-2016-6120
	RESERVED
CVE-2016-6119
	RESERVED
CVE-2016-6118 (IBM Emptoris Supplier Lifecycle Management 10.1.0.x is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6117 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 can be deployed with ...)
	NOT-FOR-US: IBM
CVE-2016-6116 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-6115 (IBM General Parallel File System is vulnerable to a buffer overflow. A ...)
	NOT-FOR-US: IBM
CVE-2016-6114 (IBM Emptoris Sourcing 9.5.x through 10.1.x is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6113 (IBM Verse is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-6112 (IBM Distributed Marketing and Marketing Platform 8.6, 9.0, 9.1, and ...)
	NOT-FOR-US: IBM
CVE-2016-6111 (IBM Curam Social Program Management 6.0 and 7.0 are vulnerable to a ...)
	NOT-FOR-US: IBM
CVE-2016-6110 (IBM Tivoli Storage Manager discloses unencrypted login credentials to ...)
	NOT-FOR-US: IBM
CVE-2016-6109
	RESERVED
CVE-2016-6108
	RESERVED
CVE-2016-6107
	RESERVED
CVE-2016-6106
	RESERVED
CVE-2016-6105 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 do not perform an ...)
	NOT-FOR-US: IBM
CVE-2016-6104 (IBM Tivoli Key Lifecycle Manager 2.5, and 2.6 could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-6103 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6102 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 stores sensitive ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2016-6101
	RESERVED
CVE-2016-6100 (IBM Disposal and Governance Management for IT and IBM Global Retention ...)
	NOT-FOR-US: IBM
CVE-2016-6099 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 discloses sensitive ...)
	NOT-FOR-US: IBM
CVE-2016-6098 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 specifies ...)
	NOT-FOR-US: IBM
CVE-2016-6097 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 allows web pages ...)
	NOT-FOR-US: IBM
CVE-2016-6096 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6095 (IBM Tivoli Key Lifecycle Manager 2.5 and 2.6 uses an inadequate ...)
	NOT-FOR-US: IBM
CVE-2016-6094 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an ...)
	NOT-FOR-US: IBM
CVE-2016-6093 (IBM Tivoli Key Lifecycle Manager does not require that users should ...)
	NOT-FOR-US: IBM
CVE-2016-6092 (IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 stores user ...)
	NOT-FOR-US: IBM
CVE-2016-6091
	REJECTED
CVE-2016-6090 (IBM WebSphere Commerce contains an unspecified vulnerability that ...)
	NOT-FOR-US: IBM
CVE-2016-6089 (IBM WebSphere MQ 9.0.0.1 and 9.0.2 could allow a local user to write ...)
	NOT-FOR-US: IBM
CVE-2016-6088
	RESERVED
CVE-2016-6087 (IBM Domino 8.5 and 9.0 could allow an attacker to steal credentials ...)
	NOT-FOR-US: IBM
CVE-2016-6086
	RESERVED
CVE-2016-6085 (IBM BigFix Platform could allow an attacker on the local network to ...)
	NOT-FOR-US: IBM
CVE-2016-6084 (IBM BigFix Platform could allow an attacker on the local network to ...)
	NOT-FOR-US: IBM
CVE-2016-6083 (IBM Tivoli Monitoring V6 could allow an unauthenticated user to access ...)
	NOT-FOR-US: IBM
CVE-2016-6082 (IBM BigFix Platform could allow a remote attacker to execute arbitrary ...)
	NOT-FOR-US: IBM
CVE-2016-6081
	RESERVED
CVE-2016-6080 (The WebAdmin context for WebSphere Message Broker allows directory ...)
	NOT-FOR-US: IBM
CVE-2016-6079 (IBM AIX 5.3, 6.1, 7.1, and 7.2 contains an unspecified vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-6078
	RESERVED
CVE-2016-6077 (IBM Cognos Disclosure Management 10.2 could allow a malicious attacker ...)
	NOT-FOR-US: IBM
CVE-2016-6076
	RESERVED
CVE-2016-6075
	RESERVED
CVE-2016-6074
	RESERVED
CVE-2016-6073
	RESERVED
CVE-2016-6072 (IBM Maximo Asset Management is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-6071
	RESERVED
CVE-2016-6070
	RESERVED
CVE-2016-6069
	RESERVED
CVE-2016-6068 (IBM UrbanCode Deploy could allow an authenticated user with access to ...)
	NOT-FOR-US: IBM
CVE-2016-6067
	RESERVED
CVE-2016-6066
	RESERVED
CVE-2016-6065 (IBM Security Guardium Database Activity Monitor appliance could allow ...)
	NOT-FOR-US: IBM
CVE-2016-6064
	RESERVED
CVE-2016-6063
	RESERVED
CVE-2016-6062 (IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6061 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-6060 (An undisclosed vulnerability in IBM Rational DOORS Next Generation ...)
	NOT-FOR-US: IBM
CVE-2016-6059 (IBM InfoSphere Information Server is vulnerable to a denial of ...)
	NOT-FOR-US: IBM
CVE-2016-6058
	RESERVED
CVE-2016-6057
	RESERVED
CVE-2016-6056 (IBM Call Center for Commerce 9.3 and 9.4 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM Call Center for Commerce
CVE-2016-6055 (IBM Rational DOORS Next Generation 4.0, 5.0, and 6.0 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6054 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-6053
	RESERVED
CVE-2016-6052
	RESERVED
CVE-2016-6051
	RESERVED
CVE-2016-6050
	RESERVED
CVE-2016-6049
	RESERVED
CVE-2016-6048
	RESERVED
CVE-2016-6047 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6046 (IBM Tivoli Storage Manager Operations Center is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6045 (IBM Tivoli Storage Manager Operations Center is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6044 (IBM Tivoli Storage Manager Operations Center could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-6043 (Tivoli Storage Manager Operations Center could allow a local user to ...)
	NOT-FOR-US: IBM
CVE-2016-6042 (IBM AppScan Enterprise Edition could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-6041
	RESERVED
CVE-2016-6040 (IBM Jazz Foundation could allow an authenticated user to take over a ...)
	NOT-FOR-US: IBM
CVE-2016-6039 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6038 (Directory traversal vulnerability in Eclipse Help in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2016-6037 (IBM Rational Team Concert (RTC) is vulnerable to HTML injection. A ...)
	NOT-FOR-US: IBM
CVE-2016-6036 (IBM Rational Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6035 (IBM Rational Quality Manager is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-6034 (IBM Tivoli Storage Manager for Virtual Environments (VMware) could ...)
	NOT-FOR-US: IBM
CVE-2016-6033 (IBM Tivoli Storage Manager for Virtual Environments 7.1 (VMware) is ...)
	NOT-FOR-US: IBM
CVE-2016-6032 (IBM Rational Team Concert 4.0, 5.0 and 6.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-6031 (IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6030 (IBM Jazz Foundation is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-6029 (IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 could ...)
	NOT-FOR-US: IBM
CVE-2016-6028 (IBM Jazz technology based products might allow an attacker to view ...)
	NOT-FOR-US: IBM
CVE-2016-6027 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...)
	NOT-FOR-US: IBM
CVE-2016-6026 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...)
	NOT-FOR-US: IBM
CVE-2016-6025 (The Configuration Manager in IBM Sterling Secure Proxy (SSP) 3.4.2 ...)
	NOT-FOR-US: IBM
CVE-2016-6024 (IBM Jazz technology based products might divulge information that ...)
	NOT-FOR-US: IBM
CVE-2016-6023 (Directory traversal vulnerability in the Configuration Manager in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-6022 (IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-6021 (IBM Emptoris Strategic Supply Management Platform 10.0 and 10.1 is ...)
	NOT-FOR-US: IBM
CVE-2016-6020 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-6019 (IBM Emptoris Strategic Supply Management Platform 10.0.0.x through ...)
	NOT-FOR-US: IBM
CVE-2016-6018 (IBM Emptoris Contract Management 10.0 and 10.1 reveals detailed error ...)
	NOT-FOR-US: IBM
CVE-2016-6017
	RESERVED
CVE-2016-6016
	RESERVED
CVE-2016-6015
	RESERVED
CVE-2016-6014
	RESERVED
CVE-2016-6013
	RESERVED
CVE-2016-6012
	RESERVED
CVE-2016-6011
	RESERVED
CVE-2016-6010
	RESERVED
CVE-2016-6009
	RESERVED
CVE-2016-6008
	RESERVED
CVE-2016-6007
	RESERVED
CVE-2016-6006
	RESERVED
CVE-2016-6005
	RESERVED
CVE-2016-6004
	RESERVED
CVE-2016-6003
	RESERVED
CVE-2016-6002
	RESERVED
CVE-2016-6001 (IBM Forms Experience Builder could be susceptible to a server-side ...)
	NOT-FOR-US: IBM
CVE-2016-6000 (IBM TRIRIGA Application Platform is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5999
	RESERVED
CVE-2016-5998
	RESERVED
CVE-2016-5997 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5996 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5995 (Untrusted search path vulnerability in IBM DB2 9.7 through FP11, 10.1 ...)
	NOT-FOR-US: IBM
CVE-2016-5994 (IBM InfoSphere Information Server contains a vulnerability that would ...)
	NOT-FOR-US: IBM
CVE-2016-5993
	RESERVED
CVE-2016-5992 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 ...)
	NOT-FOR-US: IBM
CVE-2016-5991 (IBM Sterling Connect:Direct 4.5.00, 4.5.01, 4.6.0 before 4.6.0.6 ...)
	NOT-FOR-US: IBM
CVE-2016-5990 (IBM Security Privileged Identity Manager Virtual Appliance allows an ...)
	NOT-FOR-US: IBM
CVE-2016-5989
	RESERVED
CVE-2016-5988 (IBM Security Privileged Identity Manager Virtual Appliance could ...)
	NOT-FOR-US: IBM
CVE-2016-5987 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5 before 7.5.0.10 ...)
	NOT-FOR-US: IBM
CVE-2016-5986 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.x ...)
	NOT-FOR-US: IBM
CVE-2016-5985 (The IBM Tivoli Storage Manager (IBM Spectrum Protect) AIX client is ...)
	NOT-FOR-US: IBM
CVE-2016-5984 (IBM InfoSphere Information Server is vulnerable to cross-frame ...)
	NOT-FOR-US: IBM
CVE-2016-5983 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.43, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-5982
	RESERVED
CVE-2016-5981 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace XT ...)
	NOT-FOR-US: IBM
CVE-2016-5980 (IBM TRIRIGA Application Platform is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5979 (IBM Distributed Marketing 8.6, 9.0, and 10.0 could allow a privileged ...)
	NOT-FOR-US: IBM
CVE-2016-5978 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...)
	NOT-FOR-US: IBM
CVE-2016-5977 (Open redirect vulnerability in the web portal in IBM Tealeaf Customer ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5976 (The web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-5975 (Cross-site scripting (XSS) vulnerability in the Web UI in the web ...)
	NOT-FOR-US: IBM
CVE-2016-5974 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
	NOT-FOR-US: IBM
CVE-2016-5973
	RESERVED
CVE-2016-5972 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5971 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5970 (Directory traversal vulnerability in IBM Security Privileged Identity ...)
	NOT-FOR-US: IBM Security Privileged Identity Manager
CVE-2016-5969
	RESERVED
CVE-2016-5968 (The Replay Server in IBM Tealeaf Customer Experience 8.x before ...)
	NOT-FOR-US: IBM
CVE-2016-5967 (The installation component in IBM Rational Asset Analyzer (RAA) 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-5966 (IBM Security Privileged Identity Manager Virtual Appliance could allow ...)
	NOT-FOR-US: IBM
CVE-2016-5965
	RESERVED
CVE-2016-5964 (IBM Security Privileged Identity Manager Virtual Appliance version ...)
	NOT-FOR-US: IBM
CVE-2016-5963 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM
CVE-2016-5962
	RESERVED
CVE-2016-5961
	RESERVED
CVE-2016-5960 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores user ...)
	NOT-FOR-US: IBM
CVE-2016-5959 (IBM Security Privileged Identity Manager 2.0.2 and 2.1.0 stores ...)
	NOT-FOR-US: IBM
CVE-2016-5958 (IBM Security Privileged Identity Manager could allow a remote attacker ...)
	NOT-FOR-US: IBM
CVE-2016-5957 (IBM Security Privileged Identity Manager (ISPIM) Virtual Appliance 2.x ...)
	NOT-FOR-US: IBM
CVE-2016-5956
	RESERVED
CVE-2016-5955 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next ...)
	NOT-FOR-US: IBM
CVE-2016-5954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2016-5953 (IBM Sterling Order Management transmits the session identifier within ...)
	NOT-FOR-US: IBM
CVE-2016-5952 (IBM Kenexa LCMS Premier on Cloud is vulnerable to SQL injection. A ...)
	NOT-FOR-US: IBM
CVE-2016-5951 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5950 (IBM Kenexa LCMS Premier on Cloud stores user credentials in plain in ...)
	NOT-FOR-US: IBM
CVE-2016-5949 (IBM Kenexa LCMS Premier on Cloud could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2016-5948 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5947 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ...)
	NOT-FOR-US: IBM
CVE-2016-5946 (Directory traversal vulnerability in IBM Spectrum Control (formerly ...)
	NOT-FOR-US: IBM
CVE-2016-5945 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ...)
	NOT-FOR-US: IBM
CVE-2016-5944 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Spectrum ...)
	NOT-FOR-US: IBM
CVE-2016-5943 (IBM Spectrum Control (formerly Tivoli Storage Productivity Center) ...)
	NOT-FOR-US: IBM
CVE-2016-5942 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-5941 (IBM Kenexa LMS on Cloud could allow a remote attacker to traverse ...)
	NOT-FOR-US: IBM
CVE-2016-5940 (IBM Kenexa LMS on Cloud is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-5939 (IBM Kenexa LMS on Cloud is vulnerable to SQL injection. A remote ...)
	NOT-FOR-US: IBM
CVE-2016-5938 (IBM Kenexa LMS on Cloud allows web pages to be stored locally which ...)
	NOT-FOR-US: IBM
CVE-2016-5937 (IBM Kenexa LCMS Premier on Cloud is vulnerable to cross-site request ...)
	NOT-FOR-US: IBM
CVE-2016-5936
	RESERVED
CVE-2016-5935 (IBM Jazz for Service Management could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-5934 (IBM Tivoli Storage Manager FastBack installer could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-5933 (IBM Tivoli Monitoring 6.2 and 6.3 is vulnerable to possible host ...)
	NOT-FOR-US: IBM
CVE-2016-5932 (IBM Connections 4.0, 4.5, 5.0, and 5.5 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5931
	RESERVED
CVE-2016-5930
	RESERVED
CVE-2016-5929
	RESERVED
CVE-2016-5928
	RESERVED
CVE-2016-5927 (IBM Tivoli Storage Manager for Space Management (aka Spectrum Protect ...)
	NOT-FOR-US: IBM
CVE-2016-5926
	RESERVED
CVE-2016-5925
	RESERVED
CVE-2016-5924
	RESERVED
CVE-2016-5923
	RESERVED
CVE-2016-5922
	RESERVED
CVE-2016-5921
	RESERVED
CVE-2016-5920 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-5919 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 uses ...)
	NOT-FOR-US: IBM
CVE-2016-5918 (IBM Tivoli Storage Manager HSM for Windows displays the encrypted ...)
	NOT-FOR-US: IBM
CVE-2016-5917
	RESERVED
CVE-2016-5916
	RESERVED
CVE-2016-5915
	RESERVED
CVE-2016-5914
	RESERVED
CVE-2016-5913
	RESERVED
CVE-2016-5912
	RESERVED
CVE-2016-5911
	RESERVED
CVE-2016-5910
	RESERVED
CVE-2016-5909
	RESERVED
CVE-2016-5908
	RESERVED
CVE-2016-5907
	RESERVED
CVE-2016-5906
	RESERVED
CVE-2016-5905 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2016-5904
	RESERVED
CVE-2016-5903
	RESERVED
CVE-2016-5902 (IBM Maximo Asset Management is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-5901 (Cross-site scripting (XSS) vulnerability in a test page in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-5900 (IBM Tealeaf Customer Experience on Cloud Network Capture Add-On could ...)
	NOT-FOR-US: IBM
CVE-2016-5899 (IBM Jazz Reporting Service (JRS) is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5898 (IBM Jazz Reporting Service (JRS) could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-5897 (IBM Jazz Reporting Service (JRS) is vulnerable to HTML injection. A ...)
	NOT-FOR-US: IBM
CVE-2016-5896 (IBM Maximo Asset Management could disclose sensitive information from ...)
	NOT-FOR-US: IBM
CVE-2016-5895
	RESERVED
CVE-2016-5894 (IBM WebSphere Commerce Enterprise, Professional, Express, and ...)
	NOT-FOR-US: IBM
CVE-2016-5893 (IBM Sterling B2B Integrator Standard Edition 5.2 allows web pages to ...)
	NOT-FOR-US: IBM
CVE-2016-5892 (Cross-site scripting (XSS) vulnerability in IBM 10x, as used in ...)
	NOT-FOR-US: IBM
CVE-2016-5891
	RESERVED
CVE-2016-5890 (IBM Sterling B2B Integrator 5.2 before 5020500_14 and 5.2 06 before ...)
	NOT-FOR-US: IBM
CVE-2016-5889 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5888 (IBM Interact 8.6, 9.0, 9.1, and 10.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-5887
	RESERVED
CVE-2016-5886
	RESERVED
CVE-2016-5885
	RESERVED
CVE-2016-5884 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-5883 (IBM iNotes 8.5 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-5882 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-5881 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-5880 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-5879 (MQCLI on IBM MQ Appliance M2000 and M2001 devices allows local users ...)
	NOT-FOR-US: IBM
CVE-2016-5878 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 before ...)
	NOT-FOR-US: IBM
CVE-2016-5877
	RESERVED
CVE-2016-6132 (The gdImageCreateFromTgaCtx function in the GD Graphics Library (aka ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829694)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/issues/247
	NOTE: https://github.com/libgd/libgd/commit/ead349e99868303b37f5e6e9d9d680c9dc71ff8d
CVE-2016-6131 (The demangler in GNU Libiberty allows remote attackers to cause a ...)
	{DLA-552-1}
	- libiberty 20161017-1 (low; bug #840889)
	[jessie] - libiberty <no-dsa> (Minor issue)
	- ht 2.1.0+repack1-2 (low)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71696
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=239143
CVE-2016-6130 (Race condition in the sclp_ctl_ioctl_sccb function in ...)
	{DSA-3616-1}
	- linux 4.6.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/532c34b5fbf1687df63b3fcd5b2846312ac943c6
CVE-2016-6128 (The gdImageCropThreshold function in gd_crop.c in the GD Graphics ...)
	{DSA-3619-1}
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829062)
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/compare/3fe0a7128bac5000fdcfab888bd2a75ec0c9447d...fd623025505e87bba7ec8555eeb72dae4fb0afd
	NOTE: Crop support introduced in https://github.com/libgd/libgd/commit/f67452e1f82f1c2496e0859d638172bee74b43a0 (gd-2.1.0-alpha1)
	- php7.0 7.0.9-1 (unimportant)
	- php5 5.6.26+dfsg-1 (unimportant)
	[jessie] - php5 5.6.26+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72494
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2016-5876 (ownCloud server before 8.2.6 and 9.x before 9.0.3, when the gallery ...)
	- owncloud <removed>
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-010
CVE-2016-5875
	REJECTED
CVE-2016-5874 (Siemens SIMATIC NET PC-Software before 13 SP2 allows remote attackers ...)
	NOT-FOR-US: Siemens
CVE-2016-5872 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5871 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5870 (The msm_ipc_router_close function in net/ipc_router/ipc_router_socket.c ...)
	- linux <not-affected> (Qualcomm-specific kernel patch)
CVE-2016-5869
	RESERVED
CVE-2016-5868 (drivers/net/ethernet/msm/rndis_ipa.c in the Qualcomm networking driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5867 (In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5866
	RESERVED
CVE-2016-5865
	RESERVED
CVE-2016-5864 (In an audio driver function in all Qualcomm products with Android for ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5863 (In an ioctl handler in all Qualcomm products with Android for MSM, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5862 (When a control related to codec is issued from userspace in all ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5861 (In a display driver in all Qualcomm products with Android for MSM, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5860 (In an audio driver in all Qualcomm products with Android for MSM, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5859 (In a sound driver in all Qualcomm products with Android for MSM, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5858 (In an ioctl handler in all Qualcomm products with Android for MSM, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5857 (The Qualcomm SPCom driver in Android before 7.0 allows local users to ...)
	NOTE: Red Hat seem to have typoed the CVE, which should be CVE-2016-5875, asked to confirm
CVE-2016-5856 (Drivers/soc/qcom/spcom.c in the Qualcomm SPCom driver in the Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5855 (In a driver in all Qualcomm products with Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5854 (In a driver in all Qualcomm products with Android for MSM, Firefox OS ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5853 (In an audio driver in all Qualcomm products with Android releases from ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5852 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-5850 (Cross-site scripting (XSS) vulnerability in the volume backup service ...)
	NOT-FOR-US: Huawei
CVE-2016-5873 (Buffer overflow in the HTTP URL parsing functions in pecl_http before ...)
	- php-pecl-http 3.0.1-0.1
	[jessie] - php-pecl-http <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=71719
	NOTE: https://github.com/m6w6/ext-http/commit/3724cd76a28be1d6049b5537232e97ac567ae1f5/def
CVE-2016-5851 (python-docx before 0.8.6 allows context-dependent attackers to conduct ...)
	NOT-FOR-US: python-docx
CVE-2016-5849 (Siemens SICAM PAS through 8.07 allows local users to obtain sensitive ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-5848 (Siemens SICAM PAS before 8.07 does not properly restrict password data ...)
	NOT-FOR-US: Siemens SICAM PAS
CVE-2016-5847 (SAP SAPCAR allows local users to change the permissions of arbitrary ...)
	NOT-FOR-US: SAP SAPCAR
CVE-2016-5846
	RESERVED
CVE-2016-5845 (SAP SAPCAR does not check the return value of file operations when ...)
	NOT-FOR-US: SAP SAPCAR
CVE-2016-5843 (Multiple SQL injection vulnerabilities in the FAQ package 2.x before ...)
	NOT-FOR-US: OTRS addon
CVE-2016-5840 (hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, ...)
	NOT-FOR-US: Trend Micro Deep Discovery Inspector
CVE-2016-5831
	RESERVED
CVE-2016-5830
	RESERVED
CVE-2016-5822 (Huawei Oceanstor 5800 before V300R002C10SPC100 allows remote attackers ...)
	NOT-FOR-US: Huawei
CVE-2016-5821 (Huawei HiSuite before 4.0.4.204_ove (Out of China) and before ...)
	NOT-FOR-US: Huawei HiSuite
CVE-2016-5820
	REJECTED
CVE-2016-5819
	RESERVED
CVE-2016-5818 (An issue was discovered in Schneider Electric PowerLogic PM8ECC device ...)
	NOT-FOR-US: Schneider
CVE-2016-5817 (SQL injection vulnerability in news pages in Cargotec Navis WebAccess ...)
	NOT-FOR-US: Cargotec
CVE-2016-5816 (A Use of Hard-Coded Cryptographic Key issue was discovered in ...)
	NOT-FOR-US: Westermo
CVE-2016-5815 (An issue was discovered on Schneider Electric IONXXXX series power ...)
	NOT-FOR-US: Schneider
CVE-2016-5814 (Buffer overflow in Rockwell Automation RSLogix Micro Starter Lite, ...)
	NOT-FOR-US: Rockwell
CVE-2016-5813 (An issue was discovered in Visonic PowerLink2, all versions prior to ...)
	NOT-FOR-US: Visonic PowerLink
CVE-2016-5812 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and ...)
	NOT-FOR-US: Moxa
CVE-2016-5811 (An issue was discovered in Visonic PowerLink2, all versions prior to ...)
	NOT-FOR-US: Visonic PowerLink
CVE-2016-5810 (upAdminPg.asp in Advantech WebAccess before 8.1_20160519 allows remote ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-5809 (An issue was discovered on Schneider Electric IONXXXX series power ...)
	NOT-FOR-US: Schneider
CVE-2016-5808
	REJECTED
CVE-2016-5807 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5806
	REJECTED
CVE-2016-5805 (An issue was discovered in Delta Electronics WPLSoft, Versions prior to ...)
	NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5804 (Moxa MGate MB3180 before 1.8, MGate MB3280 before 2.7, MGate MB3480 ...)
	NOT-FOR-US: Moxa
CVE-2016-5803 (An issue was discovered in CA Unified Infrastructure Management Version ...)
	NOT-FOR-US: CA Unified Infrastructure Management
CVE-2016-5802 (An issue was discovered in Delta Electronics WPLSoft, Versions prior to ...)
	NOT-FOR-US: Delta Electronics WPLSoft
CVE-2016-5801 (An issue was discovered in OmniMetrix OmniView, Version 1.2. ...)
	NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5800
	RESERVED
CVE-2016-5799 (Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and ...)
	NOT-FOR-US: Moxa
CVE-2016-5798 (An issue was discovered in Fatek Automation PM Designer V3 Version ...)
	NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5797 (Tollgrade LightHouse SMS before 5.1 patch 3 provides different error ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5796 (An issue was discovered in Fatek Automation PM Designer V3 Version ...)
	NOT-FOR-US: Fatek Automation PM Designer
CVE-2016-5795 (An XXE issue was discovered in Automated Logic Corporation (ALC) ...)
	NOT-FOR-US: Automated Logic Corporation (ALC)
CVE-2016-5794
	REJECTED
CVE-2016-5793 (Unquoted Windows search path vulnerability in Moxa Active OPC Server ...)
	NOT-FOR-US: Moxa
CVE-2016-5792 (SQL injection vulnerability in Moxa SoftCMS before 1.5 allows remote ...)
	NOT-FOR-US: Moxa
CVE-2016-5791 (An Improper Authentication issue was discovered in JanTek JTC-200, all ...)
	NOT-FOR-US: JanTek JTC-200
CVE-2016-5790 (Tollgrade LightHouse SMS before 5.1 patch 3 allows remote attackers to ...)
	NOT-FOR-US: Tollgrade
CVE-2016-5789 (A Cross-site Request Forgery issue was discovered in JanTek JTC-200, ...)
	NOT-FOR-US: JanTek JTC-200
CVE-2016-5788 (General Electric (GE) Bently Nevada 3500/22M USB with firmware before ...)
	NOT-FOR-US: General Electric (GE) Bently Nevada
CVE-2016-5787 (General Electric (GE) Digital Proficy HMI/SCADA - CIMPLICITY before ...)
	NOT-FOR-US: CIMPLICITY
CVE-2016-5786 (An issue was discovered in OmniMetrix OmniView, Version 1.2. The ...)
	NOT-FOR-US: OmniMetrix OmniView
CVE-2016-5785
	RESERVED
CVE-2016-5784
	RESERVED
CVE-2016-5783
	RESERVED
CVE-2016-5782 (An issue was discovered in Locus Energy LGate prior to 1.05H, LGate 50, ...)
	NOT-FOR-US: Locus Energy LGate
CVE-2016-5781 (Stack-based buffer overflow in WECON LeviStudio allows remote ...)
	NOT-FOR-US: LeviStudio
CVE-2016-5780
	RESERVED
CVE-2016-5779
	RESERVED
CVE-2016-5778
	RESERVED
CVE-2016-5777
	RESERVED
CVE-2016-5776
	RESERVED
CVE-2016-5775
	RESERVED
CVE-2016-5774 (The HTTPS server in Blue Coat PacketShaper S-Series 11.5.x before ...)
	NOT-FOR-US: Blue Coat
CVE-2016-5765 (Administrative Server in Micro Focus Host Access Management and ...)
	NOT-FOR-US: Micro Focus
CVE-2016-5764 (Micro Focus Rumba FTP 4.X client buffer overflow makes it possible to ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-5763 (Vulnerability in Novell Open Enterprise Server (OES2015 SP1 before ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2016-5762 (Integer overflow in the Post Office Agent in Novell GroupWise before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5761 (Cross-site scripting (XSS) vulnerability in Novell GroupWise before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5760 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Novell GroupWise
CVE-2016-5759 (The mkdumprd script called &quot;dracut&quot; in the current working directory ...)
	NOT-FOR-US: SuSE-specific Dracut script mkdumprd
CVE-2016-5758 (A cross site request forgery protection mechanism in NetIQ Access ...)
	NOT-FOR-US: NetIQ
CVE-2016-5757 (iManager Admin Console in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix ...)
	NOT-FOR-US: NetIQ
CVE-2016-5756 (Multiple components of the web tools in NetIQ Access Manager 4.1 before ...)
	NOT-FOR-US: NetIQ
CVE-2016-5755 (NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 ...)
	NOT-FOR-US: NetIQ
CVE-2016-5754 (Presence of a .htaccess file could leak information in NetIQ Access ...)
	NOT-FOR-US: NetIQ
CVE-2016-5753
	RESERVED
CVE-2016-5752 (The SAML2 implementation in Identity Server in NetIQ Access Manager 4.1 ...)
	NOT-FOR-US: NetIQ
CVE-2016-5751 (An unfiltered finalizer target URL in the SAML processing feature in ...)
	NOT-FOR-US: NetIQ
CVE-2016-5750 (The certificate upload feature in iManager in NetIQ Access Manager 4.1 ...)
	NOT-FOR-US: NetIQ
CVE-2016-5749 (NetIQ Access Manager 4.1 before 4.1.2 HF 1 and 4.2 before 4.2.2 was ...)
	NOT-FOR-US: NetIQ
CVE-2016-5748 (External Entity Processing (XXE) vulnerability in the &quot;risk score&quot; ...)
	NOT-FOR-US: NetIQ
CVE-2016-5747 (A security vulnerability in cookie handling in the http stack ...)
	NOT-FOR-US: Novell
CVE-2016-5746 (libstorage, libstorage-ng, and yast-storage improperly store ...)
	NOT-FOR-US: libstorage
CVE-2016-5745 (F5 BIG-IP LTM systems 11.x before 11.2.1 HF16, 11.3.x, 11.4.x before ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8945 (openshift-node in OpenShift Origin 1.1.6 and earlier improperly stores ...)
	NOT-FOR-US: OpenShift
CVE-2015-8944 (The ioresources_init function in kernel/resource.c in the Linux kernel ...)
	- linux <not-affected> (Android-specific patch, /proc/iomem is root-restricted already)
CVE-2015-8943 (drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8942 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8941 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8940 (Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8939 (drivers/video/msm/mdp4_util.c in the Qualcomm components in Android ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8938 (The MSM camera driver in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific patch)
CVE-2015-8937 (drivers/char/diag/diagchar_core.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific patch)
CVE-2014-9906 (Use-after-free vulnerability in DBD::mysql before 4.029 allows ...)
	{DSA-3635-1 DLA-576-1}
	- libdbd-mysql-perl 4.033-1
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=97625
	NOTE: https://github.com/perl5-dbi/DBD-mysql/pull/27
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
CVE-2014-9905 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...)
	- sogo 2.2.5-1
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://github.com/inverse-inc/sogo/commit/1a7fc2a0e90a19dfb1fce292ae5ff53aa513ade9 (SOGo-2.2.0)
	NOTE: https://github.com/inverse-inc/sogo/commit/80a09407652ec04e8c9fb6cb48e1029e69a15765 (SOGo-2.2.0)
	NOTE: https://github.com/inverse-inc/sogo/commit/3a5e44e7eb8b390b67a8f8a83030b49606956501 (SOGo-2.2.0)
	NOTE: https://github.com/inverse-inc/sogo/commit/c94595ea7f0f843c2d7abf25df039b2bbe707625 (SOGo-2.2.0)
	NOTE: https://sogo.nu/bugs/view.php?id=2598
CVE-2014-9904 (The snd_compress_check_input function in sound/core/compress_offload.c ...)
	{DSA-3616-1}
	- linux 4.0.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: 4.0.2-1 the first version in unstable after 3.17-rc1
	NOTE: Fixed by: https://git.kernel.org/linus/6217e5ede23285ddfee10d2e4ba0cc2d4c046205 (3.17-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
CVE-2014-9903 (The sched_read_attr function in kernel/sched/core.c in the Linux ...)
	- linux <not-affected>
	NOTE: vulnerable code between 3.14-rc1 and 3.14-rc4
CVE-2014-9902 (Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9901 (The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9900 (The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel ...)
	- linux <unfixed> (unimportant)
CVE-2014-9899 (drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9898 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9897 (sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9896 (drivers/char/adsprpc.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9895 (drivers/media/media-device.c in the Linux kernel before 3.11, as used ...)
	{DLA-833-1}
	- linux 3.11.5-1
CVE-2014-9894 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9893 (drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9892 (The snd_compr_tstamp function in sound/core/compress_offload.c in the ...)
	- linux <unfixed> (unimportant)
	NOTE: Not considered a security issue/invalid issue by the Debian kernel team
CVE-2014-9891 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9890 (Off-by-one error in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9889 (drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9888 (arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM ...)
	{DLA-833-1}
	- linux 3.13.4-1
CVE-2014-9887 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9886 (arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9885 (Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9884 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9883 (Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9882 (Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9881 (drivers/media/radio/radio-iris.c in the Qualcomm components in Android ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9880 (drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9879 (The mdss mdp3 driver in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9878 (drivers/mmc/card/mmc_block_test.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9877 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9876 (drivers/char/diag/diagfwd.c in the Qualcomm components in Android ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9875 (drivers/char/diag/diag_dci.c in the Qualcomm components in Android ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9874 (Buffer overflow in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9873 (Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9872 (The diag driver in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9871 (Multiple buffer overflows in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9870 (The Linux kernel before 3.11 on ARM platforms, as used in Android ...)
	- linux 3.11.5-1
	[wheezy] - linux <no-dsa> (Minor issue, hardly a security impact, cf. kernel-sec)
CVE-2014-9869 (drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9868 (drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9867 (drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9866 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9865 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9864 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific driver)
CVE-2014-9863 (Integer underflow in the diag driver in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific driver)
CVE-2016-5844 (Integer overflow in the ISO parser in libarchive before 3.2.1 allows ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: Upstream ticket: https://github.com/libarchive/libarchive/issues/717
	NOTE: Upstream fix: https://github.com/libarchive/libarchive/commit/3ad08e01b4d253c66ae56414886089684155af22 (v3.2.1)
CVE-2016-5842 (MagickCore/property.c in ImageMagick before 7.0.2-1 allows remote ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5842.jpg
CVE-2016-5841 (Integer overflow in MagickCore/profile.c in ImageMagick before 7.0.2-1 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #831034)
	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/06/23/1
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/d8ab7f046587f2e9f734b687ba7e6e10147c294b
	NOTE: Reproducer http://bugs.fi/media/afl/imagemagick/CVE-2016-5841.jpg
CVE-2016-5829 (Multiple heap-based buffer overflows in the hiddev_ioctl_usage ...)
	{DSA-3616-1 DLA-609-1}
	- linux 4.6.3-1
	NOTE: Fixed by: https://git.kernel.org/linus/93a2001bdfd5376c3dc2158653034c20392d15c5
CVE-2016-5828 (The start_thread function in arch/powerpc/kernel/process.c in the ...)
	{DSA-3616-1}
	- linux 4.6.3-1
	[wheezy] - linux <not-affected> (Introduced in v3.10-rc1)
	NOTE: https://patchwork.ozlabs.org/patch/636776/
	NOTE: Introduced in https://git.kernel.org/linus/bc2a9408fa65195288b41751016c36fd00a75a85 (v3.10-rc1)
CVE-2016-5827 (The icaltime_from_string function in libical 0.47 and 1.0 allows ...)
	- libical <unfixed>
	[stretch] - libical <no-dsa> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281043
	NOTE: This issue fixed by the commits referenced via https://github.com/libical/libical/issues/251
	NOTE: https://github.com/libical/libical/commit/38757abb495ea6cb40faa5418052278bf75040f7
	NOTE: https://github.com/libical/libical/commit/04d84749e53db08c71ed0ce8b6ba5c11082743cd
	NOTE: https://github.com/libical/libical/commit/830d9530817516377c2bc3b532798ce2c6b4765a
CVE-2016-5826 (The parser_get_next_char function in libical 0.47 and 1.0 allows ...)
	- libical <unfixed>
	[stretch] - libical <no-dsa> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1281041
CVE-2016-5825 (The icalparser_parse_string function in libical 0.47 and 1.0 allows ...)
	- libical <unfixed>
	[stretch] - libical <no-dsa> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	[wheezy] - libical <no-dsa> (Low prio according to upstream)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1280832
CVE-2016-5824 (libical 1.0 allows remote attackers to cause a denial of service ...)
	{DLA-959-1}
	- libical <unfixed> (bug #860451)
	[stretch] - libical <no-dsa> (Minor issue)
	[jessie] - libical <no-dsa> (Minor issue)
	NOTE: Original report: https://github.com/libical/libical/issues/235
	NOTE: Reopened at: https://bugzilla.mozilla.org/show_bug.cgi?id=1275400
	NOTE: Reproducer: https://bugzilla.mozilla.org/attachment.cgi?id=8757553
	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/286
	NOTE: Related upstream ticket: https://github.com/libical/libical/issues/251
	NOTE: Whilst the upstream commits in issues/251 fix the issue of #251 itself
	NOTE: they do not fix the bugzilla.mozilla.org case 1275400 which was assigned
	NOTE: in http://www.openwall.com/lists/oss-security/2016/06/25/4
CVE-2016-5823 (The icalproperty_new_clone function in libical 0.47 and 1.0 allows ...)
	- libical 1.0-1
	[wheezy] - libical <no-dsa> (Only possible denial of service, not severe enough to solve)
	NOTE: possibly correct upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1275787
	NOTE: Exact fixing commit unfortunately not bisected, need more investigation
CVE-2016-5744 (Siemens SIMATIC WinCC 7.0 through SP3 and 7.2 allows remote attackers ...)
	NOT-FOR-US: Siemens
CVE-2016-5743 (Siemens SIMATIC WinCC before 7.3 Update 10 and 7.4 before Update 1, ...)
	NOT-FOR-US: Siemens
CVE-2016-5839 (WordPress before 4.5.3 allows remote attackers to bypass the ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/ticket/37111
	NOTE: https://core.trac.wordpress.org/changeset/37818
CVE-2016-5838 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://core.trac.wordpress.org/changeset/37762/
	NOTE: https://core.trac.wordpress.org/ticket/37047
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5837 (WordPress before 4.5.3 allows remote attackers to bypass intended ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Upstream bug: https://core.trac.wordpress.org/ticket/36379
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37781
CVE-2016-5836 (The oEmbed protocol implementation in WordPress before 4.5.3 allows ...)
	{DLA-633-1}
	- wordpress 4.5.3+dfsg-1
	[jessie] - wordpress <no-dsa> (Minor issue; can be included in next DSA or point release)
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Upstream ticket: https://core.trac.wordpress.org/ticket/36767
	NOTE: Fixed by (Branch 4.4): https://core.trac.wordpress.org/changeset/37798
CVE-2016-5835 (WordPress before 4.5.3 allows remote attackers to obtain sensitive ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/changeset/37800
CVE-2016-5834 (Cross-site scripting (XSS) vulnerability in the wp_get_attachment_link ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: https://core.trac.wordpress.org/changeset/37790/
CVE-2016-5833 (Cross-site scripting (XSS) vulnerability in the column_title function ...)
	- wordpress 4.5.3+dfsg-1
	[jessie] - wordpress <not-affected> (vulnerable code not present)
	[wheezy] - wordpress <not-affected> (vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
CVE-2016-5832 (The customizer in WordPress before 4.5.3 allows remote attackers to ...)
	{DSA-3639-1 DLA-568-1}
	- wordpress 4.5.3+dfsg-1
	NOTE: https://wordpress.org/news/2016/06/wordpress-4-5-3/
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37773/
CVE-2016-5773 (php_zip.c in the zip extension in PHP before 5.5.37, 5.6.x before ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72434
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=f6aef68089221c5ea047d4a74224ee3deead99a6
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5772 (Double free vulnerability in the php_wddx_process_data function in ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72340
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5771 (spl_array.c in the SPL extension in PHP before 5.5.37 and 5.6.x before ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 <not-affected> (Does not affect PHP 7.x)
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72433
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a44c89e8af7c2410f4bfc5e097be2a5d0639a60c
	NOTE: Fixed in 5.5.37, 5.6.23
CVE-2016-5770 (Integer overflow in the SplFileObject::fread function in ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72262
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7245bff300d3fa8bacbef7897ff080a6f1c23eba
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5769 (Multiple integer overflows in mcrypt.c in the mcrypt extension in PHP ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72455
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=6c5211a0cef0cc2854eaa387e0eb036e012904d0
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5768 (Double free vulnerability in the _php_mb_regex_ereg_replace_exec ...)
	{DSA-3618-1 DLA-628-1}
	- php7.0 7.0.8-1
	- php5 5.6.23+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72402
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5b597a2e5b28e2d5a52fc1be13f425f08f47cb62
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
CVE-2016-5767 (Integer overflow in the gdImageCreate function in gd.c in the GD ...)
	- php7.0 7.0.8-1 (unimportant)
	- php5 5.6.23+dfsg-1 (unimportant)
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72446
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c395c6e5d7e8df37a21265ff76e48fe75ceb5ae6
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
	- libgd2 2.0.34~rc1-1
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/cfee163a5e848fc3e3fb1d05a30d7557cdd36457 (GD_2_0_34RC1)
CVE-2016-5766 (Integer overflow in the _gd2GetHeader function in gd_gd2.c in the GD ...)
	{DSA-3619-1 DLA-534-1}
	- php7.0 7.0.8-1 (unimportant)
	- php5 5.6.23+dfsg-1 (unimportant)
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72339
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=7722455726bec8c53458a32851d2a87982cf0eac
	NOTE: Fixed in 5.5.37, 5.6.23, 7.0.8
	- libgd2 2.2.2-29-g3c2b605-1 (bug #829014)
	NOTE: https://github.com/libgd/libgd/issues/243
	NOTE: https://github.com/libgd/libgd/commit/aba3db8ba159465ecec1089027a24835a6da9cc0
CVE-2016-5741
	RESERVED
CVE-2016-5740 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-5739 (The Transformation implementation in phpMyAdmin 4.0.x before ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1
CVE-2016-5738
	RESERVED
CVE-2016-5736 (The default configuration of the IPsec IKE peer listener in F5 BIG-IP ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5735 (Integer overflow in the rwpng_read_image24_libpng function in rwpng.c ...)
	{DLA-966-1}
	- pngquant 2.5.0-2 (bug #863469)
	[jessie] - pngquant <no-dsa> (Minor issue)
	NOTE: https://github.com/pornel/pngquant/commit/b7c217680cda02dddced245d237ebe8c383be285
CVE-2016-5734 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in jessie)
	[wheezy] - phpmyadmin <no-dsa> (Vulnerable only with a php version earlier than the one in wheezy)
CVE-2016-5733 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1
CVE-2016-5732 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5731 (Cross-site scripting (XSS) vulnerability in examples/openid.php in ...)
	{DSA-3627-1 DLA-551-1}
	- phpmyadmin 4:4.6.3-1 (low)
CVE-2016-5730 (phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x before 4.4.15.7, and 4.6.x ...)
	- phpmyadmin 4:4.6.3-1 (unimportant)
	NOTE: path disclosure irrelevant in Debian
CVE-2016-5742 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...)
	{DLA-532-1}
	- movabletype-opensource <removed>
	NOTE: https://movabletype.org/news/2016/06/movable_type_626_and_613_released.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/06/22/3
	NOTE: https://github.com/movabletype/movabletype/commit/42113544e7d8ebf6064b7b01b921734b667a1682
CVE-2016-5737 (The Gerrit configuration in the Openstack Puppet module for Gerrit ...)
	NOT-FOR-US: Openstack-infra puppet-gerrit module
CVE-2016-5729 (Lenovo BIOS EFI Driver allows local administrators to execute ...)
	NOT-FOR-US: Lenovo
CVE-2016-5728 (Race condition in the vop_ioctl function in ...)
	{DSA-3616-1}
	- linux 4.6.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/linus/9bf292bfca94694a721449e3fd752493856710f6 (v4.7-rc1)
	NOTE: Introduced in: https://git.kernel.org/linus/f69bcbf3b4c4b333dcd7a48eaf868bf0c88edab5 (v3.13-rc1)
CVE-2015-8936 (Cross-site scripting (XSS) vulnerability in squidGuard.cgi in ...)
	{DLA-524-1}
	- squidguard 1.5-5 (unimportant)
	NOTE: Only affects an example script
	NOTE: Fix applied: 16_XSS-security-bugfix.patch in 1.5-5
	NOTE: http://www.openwall.com/lists/oss-security/2016/06/20/2
CVE-2016-5725 (Directory traversal vulnerability in JCraft JSch before 0.1.54 on ...)
	{DLA-611-1}
	- jsch 0.1.54-1 (low)
	[jessie] - jsch <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/jsch/mailman/message/35318093/
CVE-2016-5724
	RESERVED
CVE-2016-5723 (Huawei FusionInsight HD before V100R002C60SPC200 allows local users to ...)
	NOT-FOR-US: Huawei
CVE-2016-5722 (Huawei OceanStor 5300 V3, 5500 V3, 5600 V3, 5800 V3, 6800 V3, 18800 ...)
	NOT-FOR-US: OceanStor
CVE-2016-5721 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra
CVE-2016-5720 (Multiple untrusted search path vulnerabilities in Microsoft Skype ...)
	NOT-FOR-US: Skype
CVE-2016-5719
	RESERVED
CVE-2016-5718
	RESERVED
CVE-2016-5717
	RESERVED
CVE-2016-5716 (The console in Puppet Enterprise 2015.x and 2016.x prior to 2016.4.0 ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5715 (Open redirect vulnerability in the Console in Puppet Enterprise 2015.x ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2016-5714 (Puppet Enterprise 2015.3.3 and 2016.x before 2016.4.0, and Puppet ...)
	- puppet 4.8.0-1
	[jessie] - puppet <not-affected> (Vulnerable code introduced later)
	[wheezy] - puppet <not-affected> (Vulnerable code introduced later)
	NOTE: https://puppet.com/security/cve/pxp-agent-oct-2016
	NOTE: triaged away in Ubuntu: "Default configurations of FOSS Puppet Agent are not vulnerable."
	NOTE: gentoo released a fix: https://security.gentoo.org/glsa/201710-12
	NOTE: rosetta stone for puppet version numbers: https://puppet.com/docs/puppet/4.10/about_agent.html
CVE-2016-5713 (Versions of Puppet Agent prior to 1.6.0 included a version of the ...)
	- puppet 4.7.0-1
	[jessie] - puppet <not-affected> (Vulnerable code introduced later)
	[wheezy] - puppet <not-affected> (Vulnerable code introduced later)
	NOTE: Puppet Agent 1.3.0 (puppet: 4.3.0) - 1.5.x affected
	NOTE: Resolved in Puppet Agent 1.6.0 (4.6.0)
	NOTE: https://puppet.com/security/cve/cve-2016-5713
CVE-2016-5712
	RESERVED
CVE-2016-5711 (NetApp Virtual Storage Console for VMware vSphere before 6.2.1 uses a ...)
	NOT-FOR-US: NetApp
CVE-2016-5710
	RESERVED
CVE-2016-5709 (SolarWinds Virtualization Manager 6.3.1 and earlier uses weak ...)
	NOT-FOR-US: SolarWinds
CVE-2016-5708
	RESERVED
CVE-2016-5707
	RESERVED
CVE-2016-5706 (js/get_scripts.js.php in phpMyAdmin 4.0.x before 4.0.10.16, 4.4.x ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5705 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5704 (Cross-site scripting (XSS) vulnerability in the table-structure page ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5703 (SQL injection vulnerability in libraries/central_columns.lib.php in ...)
	- phpmyadmin 4:4.6.3-1
	[jessie] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2016-5702 (phpMyAdmin 4.6.x before 4.6.3, when the environment lacks a PHP_SELF ...)
	- phpmyadmin 4:4.6.3-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5701 (setup/frames/index.inc.php in phpMyAdmin 4.0.10.x before 4.0.10.16, ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.3-1
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
CVE-2016-5700 (Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5698
	RESERVED
CVE-2016-5697 (Ruby-saml before 1.3.0 allows attackers to perform XML signature ...)
	- ruby-saml 1.3.0-1 (bug #828076)
	NOTE: https://github.com/onelogin/ruby-saml/commit/a571f52171e6bfd87db59822d1d9e8c38fb3b995
CVE-2016-5695
	RESERVED
CVE-2016-5694
	RESERVED
CVE-2016-5693
	RESERVED
CVE-2016-5692
	RESERVED
CVE-2016-5686 (Johnson &amp; Johnson Animas OneTouch Ping devices mishandle ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5685 (Dell iDRAC7 and iDRAC8 devices with firmware before 2.40.40.40 allow ...)
	NOT-FOR-US: Dell
CVE-2016-5684 (An exploitable out-of-bounds write vulnerability exists in the XMP ...)
	{DSA-3692-1 DLA-647-1}
	- freeimage 3.17.0+ds1-3 (bug #839827)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0189/
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.17&r2=1.18
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginXPM.cpp?r1=1.18&r2=1.19
CVE-2016-5683 (ReadyDesk 9.1 allows local users to determine cleartext SQL Server ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5682 (Swagger-UI before 2.2.1 has XSS via the Default field in the ...)
	NOT-FOR-US: Swagger-UI
CVE-2016-5681 (Stack-based buffer overflow in dws/api/Login on D-Link DIR-850L B1 ...)
	NOT-FOR-US: D-Link
CVE-2016-5680 (Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5679 (cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5678 (NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5677 (NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5676 (cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5675 (handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5674 (__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, ...)
	NOT-FOR-US: NUUO and NETGEAR NAS devices
CVE-2016-5673 (UltraVNC Repeater before 1300 does not restrict destination IP ...)
	NOT-FOR-US: UltraVNC
CVE-2016-5672 (Intel Crosswalk before 19.49.514.5, 20.x before 20.50.533.11, 21.x ...)
	- crosswalk <itp> (bug #775876)
CVE-2016-5671 (Multiple cross-site request forgery (CSRF) vulnerabilities on Crestron ...)
	NOT-FOR-US: Creston
CVE-2016-5670 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
	NOT-FOR-US: Creston
CVE-2016-5669 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
	NOT-FOR-US: Creston
CVE-2016-5668 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
	NOT-FOR-US: Creston
CVE-2016-5667 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
	NOT-FOR-US: Creston
CVE-2016-5666 (Crestron Electronics DM-TXRX-100-STR devices with firmware before ...)
	NOT-FOR-US: Creston
CVE-2016-5665
	RESERVED
CVE-2016-5664 (Directory traversal vulnerability on Accellion Kiteworks appliances ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5663 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5662 (Accellion Kiteworks appliances before kw2016.03.00 use setuid-root ...)
	NOT-FOR-US: Accellion Kiteworks
CVE-2016-5661 (Accela Civic Platform Citizen Access portal relies on the client to ...)
	NOT-FOR-US: Accela
CVE-2016-5660 (Cross-site scripting (XSS) vulnerability in AttachmentsList.aspx in ...)
	NOT-FOR-US: Accela
CVE-2016-5659
	RESERVED
CVE-2016-5658
	RESERVED
CVE-2016-5657
	RESERVED
	NOT-FOR-US: Apache Archiva
CVE-2016-5656
	RESERVED
CVE-2016-5655 (Misys FusionCapital Opics Plus does not verify X.509 certificates from ...)
	NOT-FOR-US: Misys
CVE-2016-5654 (Misys FusionCapital Opics Plus allows remote authenticated users to ...)
	NOT-FOR-US: Misys
CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital Opics ...)
	NOT-FOR-US: Misys
CVE-2016-5652 (An exploitable heap-based buffer overflow exists in the handling of ...)
	{DSA-3762-1 DLA-693-1}
	- tiff 4.0.6-3 (bug #842361)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0187/
	NOTE: https://github.com/vadz/libtiff/commit/b5d6803f0898e931cf772d3d0755704ab8488e63
CVE-2016-5651
	RESERVED
CVE-2016-5650 (ZModo ZP-NE14-S and ZP-IBH-13W devices do not enforce a WPA2 ...)
	NOT-FOR-US: ZModo
CVE-2016-5649
	RESERVED
CVE-2016-5648 (Acer Portal app before 3.9.4.2000 for Android does not properly ...)
	NOT-FOR-US: Acer Portal Android application
CVE-2016-5647 (The igdkmd64 module in the Intel Graphics Driver through 15.33.42.435, ...)
	NOT-FOR-US: Intel Windows drivers
CVE-2016-5646 (An exploitable heap overflow vulnerability exists in the Compound ...)
	NOT-FOR-US: Lexmark
CVE-2016-5645 (Rockwell Automation MicroLogix 1400 PLC 1766-L32BWA, 1766-L32AWA, ...)
	NOT-FOR-US: Rockwell
CVE-2016-5644
	RESERVED
CVE-2016-5643
	RESERVED
CVE-2016-5642 (Opmantek NMIS before 8.5.12G has XSS via SNMP. ...)
	NOT-FOR-US: Opmantek NMIS
CVE-2016-5641
	RESERVED
CVE-2016-5640 (Directory traversal vulnerability in cgi-bin/rftest.cgi on Crestron ...)
	NOT-FOR-US: Creston
CVE-2016-5639 (Directory traversal vulnerability in cgi-bin/login.cgi on Crestron ...)
	NOT-FOR-US: Creston
CVE-2016-5638
	RESERVED
CVE-2016-5637 (The restore_tqb_pixels function in libbpg 0.9.5 through 0.9.7 ...)
	NOTE: https://www.kb.cert.org/vuls/id/123799
	NOTE: No further information provided, but this is very likely a dupe of CVE-2016-8710
CVE-2016-1000003 (Mirror Manager version 0.7.2 and older is vulnerable to remote code ...)
	NOT-FOR-US: Fedora Mirror Manager
CVE-2016-5727 (LogInOut.php in Simple Machines Forum (SMF) 2.1 allows remote ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2016-5726 (Packages.php in Simple Machines Forum (SMF) 2.1 allows remote ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2016-5691 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833044)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5690 (The ReadDCMImage function in DCM reader in ImageMagick before 6.9.4-5 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833043)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
CVE-2016-5689 (The DCM reader in ImageMagick before 6.9.4-5 and 7.x before 7.0.1-7 ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833042)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5511ef530576ed18fd636baa3bb4eda3d667665d
	NOTE: Will be fixed in a 6.9.4-3 based version
CVE-2016-5688 (The WPG parser in ImageMagick before 6.9.4-4 and 7.x before 7.0.1-5, ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #833003)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/fc43974d34318c834fbf78570ca1a3764ed8c7d7
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/aecd0ada163a4d6c769cec178955d5f3e9316f2f
CVE-2016-5687 (The VerticalFilter function in the DDS coder in ImageMagick before ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832890)
	NOTE: https://blog.fuzzing-project.org/46-Various-invalid-memory-reads-in-ImageMagick-WPG,-DDS,-DCM.html
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0b7172f2ba2c9e664d4df148e7d6e14a50edb57a
CVE-2016-5699 (CRLF injection vulnerability in the HTTPConnection.putheader function ...)
	{DLA-522-1}
	- python3.5 <not-affected> (Fixed with initial upload to Debian)
	- python3.4 3.4.4~rc1-1
	[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
	- python2.7 2.7.10~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: https://bugs.python.org/issue22928
	NOTE: Fixed in 3.4 / 3.5: revision 94952: https://hg.python.org/cpython/rev/bf3e1c9b80e9
	NOTE: Fixed in 2.7: revision 94951: https://hg.python.org/cpython/rev/1c45047c5102
CVE-2016-5635 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5634 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5633 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5632 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5631 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5630 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and ...)
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5629 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5628 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5627 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5626 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5625 (Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-5624 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier allows ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-5623 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5622 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5621 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5620 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5619 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5618 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5617
	REJECTED
CVE-2016-5616
	REJECTED
CVE-2016-5615 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-5614 (Vulnerability in the Oracle FLEXCUBE Private Banking component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5613 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5612 (Unspecified vulnerability in Oracle MySQL 5.5.50 and earlier, 5.6.31 ...)
	- mariadb-10.0 10.0.27-1
	[jessie] - mariadb-10.0 10.0.27-0+deb8u1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
CVE-2016-5611 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5610 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5609 (Unspecified vulnerability in Oracle MySQL 5.6.31 and earlier and ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5608 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5607 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5606 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-5605 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.4-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5604 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-5603 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-5602 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5601 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5600 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services ...)
	NOT-FOR-US: Oracle
CVE-2016-5599 (Unspecified vulnerability in the Oracle Advanced Supply Chain Planning ...)
	NOT-FOR-US: Oracle
CVE-2016-5598 (Unspecified vulnerability in the MySQL Connector component 2.1.3 and ...)
	- mysql-connector-python 2.1.5-1 (bug #841677)
	[jessie] - mysql-connector-python <not-affected> (Vulnerable code not present)
	[wheezy] - mysql-connector-python <not-affected> (Only the Python 3 code is affected which is not shipped in binary package)
	NOTE: https://blog.qualys.com/laws-of-vulnerabilities/2016/10/18/oracle-october-2016-critical-patch-update
CVE-2016-5597 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5596 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-5595 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-5594 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-5593 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-5592 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-5591 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-5590 (Vulnerability in the MySQL Enterprise Monitor component of Oracle ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-5589 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-5588 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-5587 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-5586 (Unspecified vulnerability in the Oracle Email Center component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5585 (Unspecified vulnerability in the Oracle Interaction Center ...)
	NOT-FOR-US: Oracle
CVE-2016-5584 (Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 ...)
	{DSA-3711-1 DSA-3706-1 DLA-708-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.16-1 (bug #841163)
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed> (bug #841050)
	NOTE: Fixed in MariaDB 5.5.53, MariaDB 10.0.28
CVE-2016-5583 (Unspecified vulnerability in the Oracle One-to-One Fulfillment ...)
	NOT-FOR-US: Oracle
CVE-2016-5582 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5581 (Unspecified vulnerability in the Oracle iRecruitment component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5580 (Unspecified vulnerability in the Secure Global Desktop component in ...)
	NOT-FOR-US: Secure Global Desktop
CVE-2016-5579 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-5578 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-5577 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-5576 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-5575 (Unspecified vulnerability in the Oracle Common Applications Calendar ...)
	NOT-FOR-US: Oracle
CVE-2016-5574 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-5573 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5572 (Unspecified vulnerability in the Kernel PDB component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5571 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5570 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5569 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
	NOT-FOR-US: Oracle
CVE-2016-5568 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 ...)
	- openjdk-8 <not-affected> (Only affects Windows)
	- openjdk-7 <not-affected> (Only affects Windows)
	- openjdk-6 <not-affected> (Only affects Windows)
CVE-2016-5567 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5566 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2016-5565 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property ...)
	NOT-FOR-US: Oracle
CVE-2016-5564 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property ...)
	NOT-FOR-US: Oracle
CVE-2016-5563 (Unspecified vulnerability in the Oracle Hospitality OPERA 5 Property ...)
	NOT-FOR-US: Oracle
CVE-2016-5562 (Unspecified vulnerability in the Oracle iProcurement component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5561 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2016-5560 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2016-5559 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-5558 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-5557 (Unspecified vulnerability in the Oracle Advanced Pricing component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5556 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
	- openjdk-8 <not-affected> (specific to Oracle Java)
CVE-2016-5555 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2016-5554 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5553 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-5552 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5551 (Vulnerability in the Solaris Cluster component of Oracle Sun Systems ...)
	NOT-FOR-US: Solaris
CVE-2016-5550
	REJECTED
CVE-2016-5549 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	- openjdk-8 8u121-b13-1
	- openjdk-7 <not-affected> (In the Debian package, the code is removed during build time)
CVE-2016-5548 (Vulnerability in the Java SE, Java SE Embedded component of Oracle ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5547 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
CVE-2016-5546 (Vulnerability in the Java SE, Java SE Embedded, JRockit component of ...)
	{DSA-3782-1 DLA-821-1}
	- openjdk-8 8u121-b13-1
	[experimental] - openjdk-7 7u121-2.6.8-2
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5545 (Vulnerability in the Oracle VM VirtualBox component of Oracle ...)
	- virtualbox 5.1.14-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5544 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-5543 (Unspecified vulnerability in the Oracle FLEXCUBE Enterprise Limits and ...)
	NOT-FOR-US: Oracle
CVE-2016-5542 (Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and ...)
	{DSA-3707-1 DLA-704-1}
	- openjdk-8 8u111-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-2
	- openjdk-7 <removed>
	NOTE: #841692 tracks openjdk-7
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life>
CVE-2016-5541 (Vulnerability in the MySQL Cluster component of Oracle MySQL ...)
	NOT-FOR-US: MySQL Cluster
CVE-2016-5540 (Unspecified vulnerability in the Oracle Retail Xstore Payment ...)
	NOT-FOR-US: Oracle
CVE-2016-5539 (Unspecified vulnerability in the Oracle Retail Xstore Payment ...)
	NOT-FOR-US: Oracle
CVE-2016-5538 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5537 (Unspecified vulnerability in the NetBeans component in Oracle Fusion ...)
	[experimental] - netbeans 8.2+dfsg1-1
	- netbeans <unfixed> (bug #852029)
	[stretch] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
	[wheezy] - netbeans <ignored> (No details about affected code, backport of Netbeans 8.2 too intrusive)
CVE-2016-5536 (Unspecified vulnerability in the Oracle Platform Security for Java ...)
	NOT-FOR-US: Oracle
CVE-2016-5535 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5534 (Unspecified vulnerability in the Siebel Apps - Customer Order ...)
	NOT-FOR-US: Oracle Siebel
CVE-2016-5533 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-5532 (Unspecified vulnerability in the Oracle Shipping Execution component ...)
	NOT-FOR-US: Oracle
CVE-2016-5531 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5530 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2016-5528 (Vulnerability in the Oracle GlassFish Server component of Oracle ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2016-5527 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5525 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5524 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5523 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5522 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5521 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5520
	REJECTED
CVE-2016-5519 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Vulnerable code not included, see bug #853998)
CVE-2016-5518 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle
CVE-2016-5517 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5516 (Unspecified vulnerability in the Kernel PDB component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5515 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5514 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5513 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5512 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5511 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5510 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5509 (Vulnerability in the Oracle FLEXCUBE Investor Servicing component of ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-5508 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Solaris
CVE-2016-5507 (Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
CVE-2016-5506 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5505 (Unspecified vulnerability in the RDBMS Programmable Interface ...)
	NOT-FOR-US: Oracle
CVE-2016-5504 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
	NOT-FOR-US: Oracle
CVE-2016-5503 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)
	NOT-FOR-US: Oracle
CVE-2016-5502 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-5501 (Unspecified vulnerability in the Oracle VM VirtualBox component before ...)
	- virtualbox 5.1.8-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-5500 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5499 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5498 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5497 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5496
	REJECTED
CVE-2016-5495 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5494
	REJECTED
CVE-2016-5493 (Unspecified vulnerability in the Oracle FLEXCUBE Private Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-5492 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)
	NOT-FOR-US: Oracle
CVE-2016-5491 (Unspecified vulnerability in the Oracle Commerce Service Center ...)
	NOT-FOR-US: Oracle
CVE-2016-5490 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-5489 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5488 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-5487 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-5486 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)
	NOT-FOR-US: Oracle
CVE-2016-5485
	REJECTED
CVE-2016-5484
	REJECTED
CVE-2016-5483
	REJECTED
CVE-2016-5482 (Unspecified vulnerability in the Oracle Commerce Guided Search ...)
	NOT-FOR-US: Oracle
CVE-2016-5481 (Unspecified vulnerability in the Sun ZFS Storage Appliance Kit (AK) ...)
	NOT-FOR-US: Oracle
CVE-2016-5480 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2016-5479 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-5478
	REJECTED
CVE-2016-5477 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-5476 (Unspecified vulnerability in the Oracle Retail Integration Bus ...)
	NOT-FOR-US: Oracle
CVE-2016-5475 (Unspecified vulnerability in the Oracle Retail Service Backbone ...)
	NOT-FOR-US: Oracle
CVE-2016-5474 (Unspecified vulnerability in the Oracle Retail Service Backbone ...)
	NOT-FOR-US: Oracle
CVE-2016-5473 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-5472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-5471 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-5470 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-5469 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Oracle
CVE-2016-5468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5467 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...)
	NOT-FOR-US: Oracle
CVE-2016-5466 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5465 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-5464 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5463 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5462 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5461 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5460 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5459 (Unspecified vulnerability in the Siebel Core - Common Components ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5458 (Unspecified vulnerability in the Oracle Communications EAGLE ...)
	NOT-FOR-US: Oracle
CVE-2016-5457 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5456 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5455 (Unspecified vulnerability in the Oracle Communications Messaging ...)
	NOT-FOR-US: Oracle
CVE-2016-5454 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Oracle
CVE-2016-5453 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5452 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Oracle
CVE-2016-5451 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5450 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-5449 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5448 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5447 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5446 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5445 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-5444 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.30-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.49-0+deb8u1
	[wheezy] - mysql-5.5 5.5.49-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5443 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5442 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5441 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5440 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5439 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5438
	REJECTED
CVE-2016-5437 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5436 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-5435 (Memory leak in Huawei IPS Module, NGFW Module, NIP6300, NIP6600, and ...)
	NOT-FOR-US: Huawei
CVE-2016-6211 (The User module in Drupal 7.x before 7.44 allows remote authenticated ...)
	{DSA-3604-1 DLA-550-1}
	- drupal7 7.44-1
	NOTE: https://www.drupal.org/SA-CORE-2016-002
	NOTE: http://www.openwall.com/lists/oss-security/2016/07/13/4
	NOTE: https://gist.github.com/lamby/4697fea399f3f01ca6de3ce9ed79fce7 tarball diff
	NOTE: https://gist.github.com/lamby/dbeda4d49f48a32aa0dd4b3ed7f06a13 filtered diff
CVE-2016-5636 (Integer overflow in the get_data function in zipimport.c in CPython ...)
	{DLA-522-1}
	- python3.5 3.5.2~rc1-1
	- python3.4 <removed>
	[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
	- python2.7 2.7.12~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: https://bugs.python.org/issue26171
CVE-2016-5433 (Citrix iOS Receiver before 7.0 allows attackers to cause TLS ...)
	NOT-FOR-US: Citrix
CVE-2016-5434 (libalpm, as used in pacman 5.0.1, allows remote attackers to cause a ...)
	NOT-FOR-US: libalpm (Arch Linux Package Management (ALPM) library)
CVE-2016-5432 (The ovirt-engine-provisiondb utility in Red Hat Enterprise ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-5431
	RESERVED
CVE-2016-5430 (The RSA 1.5 algorithm implementation in the JOSE_JWE class in JWE.php ...)
	NOT-FOR-US: jose-php
CVE-2016-5429 (jose-php before 2.2.1 does not use constant-time operations for HMAC ...)
	NOT-FOR-US: jose-php
CVE-2016-5428
	RESERVED
CVE-2016-5427 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.0~alpha1-1
	NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5426 (PowerDNS (aka pdns) Authoritative Server before 3.4.10 allows remote ...)
	{DSA-3664-1 DLA-627-1}
	- pdns 4.0.0~alpha1-1
	NOTE: Only affects PowerDNS Authoritative Server up to and including 3.4.9, 4.x not affected
	NOTE: Added workaround to mark first 4.x version in unstable as fixed.
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-01/
	NOTE: https://github.com/PowerDNS/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3
CVE-2016-5425 (The Tomcat package on Red Hat Enterprise Linux (RHEL) 7, Fedora, ...)
	- tomcat8 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat7 <not-affected> (Red Hat and derivatives packaging specific)
	- tomcat6 <not-affected> (Red Hat and derivatives packaging specific)
	NOTE: http://legalhackers.com/advisories/Tomcat-RedHat-Pkgs-Root-PrivEsc-Exploit-CVE-2016-5425.html
CVE-2016-5424 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, ...)
	{DSA-3646-1 DLA-592-1}
	- postgresql-9.5 9.5.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=fcd15f13581f6d75c63d213220d5a94889206c1b
	NOTE: https://www.postgresql.org/about/news/1688/
CVE-2016-5423 (PostgreSQL before 9.1.23, 9.2.x before 9.2.18, 9.3.x before 9.3.14, ...)
	{DSA-3646-1 DLA-592-1}
	- postgresql-9.5 9.5.4-1
	- postgresql-9.4 <removed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=f0c7b789ab12fbc8248b671c7882dd96ac932ef4
	NOTE: https://www.postgresql.org/about/news/1688/
CVE-2016-5422 (The web console in Red Hat JBoss Operations Network (JON) before 3.3.7 ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2016-5421 (Use-after-free vulnerability in libcurl before 7.50.1 allows attackers ...)
	{DSA-3638-1}
	- curl 7.50.1-1
	[wheezy] - curl <not-affected> (introduced in 7.32.0)
	NOTE: https://curl.haxx.se/docs/adv_20160803C.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5421.patch
CVE-2016-5420 (curl and libcurl before 7.50.1 do not check the client certificate ...)
	{DSA-3638-1 DLA-586-1}
	- curl 7.50.1-1
	NOTE: https://curl.haxx.se/docs/adv_20160803B.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5420.patch
	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5419 (curl and libcurl before 7.50.1 do not prevent TLS session resumption ...)
	{DSA-3638-1 DLA-586-1}
	- curl 7.50.1-1
	NOTE: https://curl.haxx.se/docs/adv_20160803A.html
	NOTE: Fixed by https://curl.haxx.se/CVE-2016-5419.patch
	NOTE: Wheezy: vulnerable code is in lib/sslgen.c
CVE-2016-5418 (The sandboxing code in libarchive 3.2.0 and earlier mishandles ...)
	{DSA-3677-1 DLA-657-1}
	- libarchive 3.2.1-4 (bug #837714)
	NOTE: Centos patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418.patch;jsessionid=1dexz8h9qdewibih5aonbu3
	NOTE: Centos additional patch: https://git.centos.org/blob/rpms!libarchive.git/9952851f8b327a8c93d26a5873c190c1fb09ae6c/SOURCES!libarchive-3.1.2-CVE-2016-5418-variation.patch;jsessionid=1dexz8h9qdewibih5aonbu3
	NOTE: Fixed by (for #744): https://github.com/libarchive/libarchive/commit/1fa9c7bf90f0862036a99896b0501c381584451a
	NOTE: Fixed by (for #745 and #746): https://github.com/libarchive/libarchive/commit/dfd6b54ce33960e420fb206d8872fb759b577ad9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1362601, relates to upstream bugs #744, #745 and #746
	NOTE: https://github.com/libarchive/libarchive/issues/743 (umbrella report)
	NOTE: https://github.com/libarchive/libarchive/issues/744
	NOTE: https://github.com/libarchive/libarchive/issues/745
	NOTE: https://github.com/libarchive/libarchive/issues/746
	NOTE: Testcase: https://github.com/libarchive/libarchive/commit/063ea3ea3fcb569a380b2ebe9c9ddd8bd6ce0d49
	NOTE: Fix for testcase: https://github.com/libarchive/libarchive/commit/50952acd22df3326c49771f5e5ba48630899468c
CVE-2016-5417 (Memory leak in the __res_vinit function in the IPv6 name server ...)
	- glibc 2.22-4 (bug #833302)
	[jessie] - glibc <not-affected> (Introduced in 2.22)
	- eglibc <not-affected> (Introduced in 2.22)
	NOTE: Introduced by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=2212c1420c92a33b0e0bd9a34938c9814a56c0f7 (glibc-2.22)
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5e7fdabd7df1fc6c56d104e61390bf5a6b526c38 (glibc-2.24)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19257
CVE-2016-5416 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...)
	- 389-ds-base <unfixed> (bug #834233)
	[stretch] - 389-ds-base <no-dsa> (Minor issue)
	[jessie] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: https://fedorahosted.org/389/ticket/48852
	NOTE: Potentially related: https://fedorahosted.org/389/ticket/48354
CVE-2016-5415
	RESERVED
CVE-2016-5414 (FreeIPA 4.4.0 allows remote attackers to request an arbitrary SAN name ...)
	- freeipa <not-affected> (Vulnerable code introduced in the 4.4.0 release)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1360757
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=25ed36fda14b30d6a50746a536939e3b428993cb
CVE-2016-5413
	RESERVED
CVE-2016-5412 (arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through ...)
	- linux 4.7.2-1
	[jessie] - linux 3.16.39-1
	[wheezy] - linux <not-affected> (Transactional memory not supported)
	NOTE: https://marc.info/?l=kvm&m=146968629127349&w=2
	NOTE: https://git.kernel.org/linus/93d17397e4e2182fdaad503e2f9da46202c0f1c3 (v4.8-rc1)
CVE-2016-5411 (/var/lib/ovirt-engine/setup/engine-DC-config.py in Red Hat QuickStart ...)
	NOT-FOR-US: ovirt engine
CVE-2016-5410 (firewalld.py in firewalld before 0.4.3.3 allows local users to bypass ...)
	- firewalld 0.4.3.3-1 (bug #834529)
	[jessie] - firewalld <ignored> (Minor issue)
	NOTE: Introduced by: https://github.com/t-woerner/firewalld/commit/6b9867cd5c5e2c83adeec42666521a420e59ef11
CVE-2016-5409 (Red Hat OpenShift Enterprise 2 does not include the HTTPOnly flag in a ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-5408 (Stack-based buffer overflow in the munge_other_line function in ...)
	{DLA-556-1}
	- squid3 <not-affected> (Incomplete fix for CVE-2016-4051 not applied)
	NOTE: CVE is specific for the incomplete fix of CVE-2016-4051 as applied
	NOTE: by some vendors.
CVE-2016-5407 (The (1) XvQueryAdaptors and (2) XvQueryEncodings functions in X.org ...)
	{DLA-667-1}
	- libxv 2:1.0.11-1 (low; bug #840438)
	[jessie] - libxv 2:1.0.10-1+deb8u1
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXv/commit/?id=d9da580b46a28ab497de2e94fdc7b9ff953dab17
CVE-2016-5406 (The domain controller in Red Hat JBoss Enterprise Application Platform ...)
	NOT-FOR-US: JBoss EAP
CVE-2016-5405 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...)
	- 389-ds-base 1.3.5.15-1 (bug #842121)
CVE-2016-5404 (The cert_revoke command in FreeIPA does not check for the &quot;revoke ...)
	- freeipa 4.3.2-5 (bug #835131)
	NOTE: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=cf74584d0f772f3f5eccc1d30c001e4212a104fd (master)
	NOTE: https://fedorahosted.org/freeipa/ticket/6232
CVE-2016-5403 (The virtqueue_pop function in hw/virtio/virtio.c in QEMU allows local ...)
	{DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-3.1 (bug #832619)
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed in future DSA or point release)
	- qemu-kvm <removed>
CVE-2016-5402
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-5401 (Cross-site request forgery (CSRF) vulnerability in Red Hat JBoss BRMS ...)
	NOT-FOR-US: JBoss BPMS business-central
CVE-2016-5400 (Memory leak in the airspy_probe function in ...)
	- linux 4.7.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/aa93d1fee85c890a34f2510a310e55ee76a27848 (4.7)
CVE-2016-5399 (The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x ...)
	{DSA-3631-1 DLA-628-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72613
	NOTE: Partial fixes in 7.0.9, 5.6.24, 5.5.38
	NOTE: CVE is assigned for the issue in PHP in adequate error handling in the
	NOTE: bzread() function. Disputed by PHP upstream, which considers that the
	NOTE: underlying bzip2 library is at fault.
CVE-2016-5398 (Cross-site scripting (XSS) vulnerability in Business Process Editor in ...)
	NOT-FOR-US: JBoss BPMS
CVE-2016-5397 (The Apache Thrift Go client library exposed the potential during code ...)
	- thrift-compiler <unfixed> (unimportant; bug #894577)
	[experimental] - thrift 0.10.0-1 (unimportant)
	NOTE: https://issues.apache.org/jira/browse/THRIFT-3893
	NOTE: https://github.com/apache/thrift/commit/2007783e874d524a46b818598a45078448ecc53e
	NOTE: Fixed in 0.10.0 upstream, and in experimental src:thrift/0.10.0-1 is present
	NOTE: src:thrift only present in experimental
	NOTE: Go bindings only enabled in 0.9.3-2 (not yet in unstable)
	NOTE: Only ever affected src:thrift in experimental, and fixed in src:thrift/0.10.0-1
	NOTE: so any future upload of thrift to unstable can mark this item as <not-affected>
	NOTE: (fixed before the initial upload to Debian unstable)
CVE-2016-5396 (Apache Traffic Server 6.0.0 to 6.2.0 are affected by an HPACK Bomb ...)
	- trafficserver 7.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/TS-5019
CVE-2016-5395 (Cross-site scripting (XSS) vulnerability in the create user ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-5394 (In the XSS Protection API module before 1.0.12 in Apache Sling, the ...)
	NOT-FOR-US: Apache Sling
CVE-2016-5393 (In Apache Hadoop 2.6.x before 2.6.5 and 2.7.x before 2.7.3, a remote ...)
	- hadoop <itp> (bug #793644)
CVE-2016-5392 (The API server in Kubernetes, as used in Red Hat OpenShift Enterprise ...)
	NOT-FOR-US: OpenShift
CVE-2016-5391 (libreswan before 3.18 allows remote attackers to cause a denial of ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2016-5391/CVE-2016-5391.txt
CVE-2016-5390 (Foreman before 1.11.4 and 1.12.x before 1.12.1 allow remote ...)
	- foreman <itp> (bug #663101)
CVE-2016-5696 (net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly ...)
	{DSA-3659-1 DLA-609-1}
	- linux 4.7.2-1
	NOTE: Introduced by: https://github.com/torvalds/linux/commit/282f23c6ee343126156dd41218b22ece96d747e3
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/75ff39ccc1bd5d3c455b6822ab09e533c551f758
CVE-2016-5389
	REJECTED
CVE-2016-5388 (Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI ...)
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.37-1 (unimportant)
	- tomcat7 7.0.72-1 (unimportant)
	- tomcat6 6.0.41-3 (unimportant)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: No part of Tomcat does set HTTP_PROXY based on a Proxy: header, upstream plans
	NOTE: some hardening to discard HTTP_PROXY in the future
	NOTE: This CVE was special since not assigned to a vulnerability but for a mitigation
	NOTE: thus marking as fixed for 8.0.37 and 7.0.71 (upstream) and with according
	NOTE: versions in Debian.
	NOTE: https://svn.apache.org/r1756941 (8.0.x)
	NOTE: https://svn.apache.org/r1756942 (7.0.x)
CVE-2016-1000111
	RESERVED
	- twisted <unfixed> (unimportant)
	[wheezy] - twisted <not-affected> (For wheezy affected file twcgi.py is in src:twisted-web)
	- twisted-web <removed>
	[wheezy] - twisted-web <no-dsa> (Minor issue)
	NOTE: https://twistedmatrix.com/trac/ticket/8623
	NOTE: https://github.com/twisted/twisted/commit/bcac75e6180c9eee4337322c109eb5d1cac51165
	NOTE: No part of Twisted does set HTTP_PROXY based on a Proxy: header, upstream plans
	NOTE: to drop related CGI code in future release
CVE-2016-1000108
	RESERVED
	- yaws 2.0.3-2 (bug #832433)
	[jessie] - yaws 1.98-4+deb8u1
	[wheezy] - yaws <no-dsa> (Minor issue; can be fixed along with a future DSA)
	NOTE: https://github.com/klacke/yaws/commit/9d8fb070e782c95821c90d0ca7372fc6d7316c78#diff-54053c47eb173a90c26ed19bd9d106c1
CVE-2016-1000104
	RESERVED
	NOTE: libapache2-mod-fcgid does not set HTTP_PROXY based on Proxy: header unless
	NOTE: explicitly configured so and mitigations for Apache in CVE-2016-5387 prevent
	NOTE: exploitation anyway
CVE-2016-5387 (The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 ...)
	{DSA-3623-1 DLA-553-1}
	- apache2 2.4.23-2
	NOTE: https://www.apache.org/security/asf-httpoxy-response.txt
	NOTE: https://httpoxy.org
CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...)
	- golang <unfixed> (unimportant)
	NOTE: No part of Go does set HTTP_PROXY based on a Proxy: header, 1.6.3 and 1.7
	NOTE: provide hardening to discard HTTP_PROXY
CVE-2016-5385 (PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 ...)
	{DSA-3631-1 DLA-749-1}
	- php7.0 7.0.9-1
	- php5 5.6.24+dfsg-1
	NOTE: PHP Bug: https://bugs.php.net/bug.php?id=72573
	NOTE: Fixed in 7.0.9, 5.6.24, 5.5.38
CVE-2016-5384 (fontconfig before 2.12.1 does not validate offsets, which allows local ...)
	{DSA-3644-1 DLA-587-1}
	- fontconfig 2.11.0-6.5 (bug #833570)
	NOTE: https://lists.freedesktop.org/archives/fontconfig/2016-August/005792.html
	NOTE: Fixed by: https://cgit.freedesktop.org/fontconfig/commit/?id=7a4a5bd7897d216f0794ca9dbce0a4a5c9d14940 (2.12.1)
CVE-2016-5383 (The web UI in Red Hat CloudForms 4.1 allows remote authenticated users ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-5382
	RESERVED
CVE-2016-5381
	RESERVED
CVE-2016-5380
	RESERVED
CVE-2016-5379
	RESERVED
CVE-2016-5378
	RESERVED
CVE-2016-5377
	RESERVED
CVE-2016-5376
	RESERVED
CVE-2016-5375
	RESERVED
CVE-2016-5374 (NetApp Data ONTAP 9.0 and 9.1 before 9.1P1 allows remote authenticated ...)
	NOT-FOR-US: NetApp
CVE-2016-5373
	RESERVED
CVE-2016-5372 (Cross-site request forgery (CSRF) vulnerability in NetApp Snap Creator ...)
	NOT-FOR-US: NetApp
CVE-2016-5371
	RESERVED
CVE-2016-5370
	RESERVED
CVE-2016-5369
	RESERVED
CVE-2016-5368 (Memory leak in Huawei AR3200 before V200R007C00SPC900 allows remote ...)
	NOT-FOR-US: Huawei
CVE-2016-5367 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow ...)
	NOT-FOR-US: Huawei
CVE-2016-5366 (Huawei Honor WS851 routers with software 1.1.21.1 and earlier allow ...)
	NOT-FOR-US: Huawei
CVE-2016-5365 (Stack-based buffer overflow in Huawei Honor WS851 routers with ...)
	NOT-FOR-US: Huawei
CVE-2016-5364 (Cross-site scripting (XSS) vulnerability in ...)
	{DLA-512-1}
	- mantis <removed>
	NOTE: http://github.com/mantisbt/mantisbt/commit/5068df2d (1.2.x)
	NOTE: https://mantisbt.org/bugs/view.php?id=20956
CVE-2016-5363 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5362 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1558658
CVE-2016-5349 (The high level operating systems (HLOS) was not providing sufficient ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5348 (The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
	NOT-FOR-US: Android
CVE-2016-5347 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5346
	RESERVED
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-5345 (Buffer overflow in the Qualcomm radio driver in Android before ...)
	NOT-FOR-US: Qualcomm radio driver for Android
CVE-2016-5344 (Multiple integer overflows in the MDSS driver for the Linux kernel ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5343 (drivers/soc/qcom/qdsp6v2/voice_svc.c in the QDSP6v2 Voice Service ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5342 (Heap-based buffer overflow in the wcnss_wlan_write function in ...)
	- linux <not-affected> (Android-specific kernel patch)
CVE-2016-5341 (The GPS component in Android before 2016-12-05 allows ...)
	NOT-FOR-US: Android
CVE-2016-5340 (The is_ashmem_file function in drivers/staging/android/ashmem.c in a ...)
	- linux <not-affected> (Android-specific kernel patch, is_ashmem_file/put_ashmem_file not present in mainline kernel)
CVE-2016-5339
	RESERVED
CVE-2014-9862 (Integer signedness error in bspatch.c in bspatch in bsdiff, as used in ...)
	{DLA-697-1}
	- bsdiff 4.3-17
	[jessie] - bsdiff <no-dsa> (Minor issue; can be fixed via point release)
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=372525
CVE-2016-5361 (programs/pluto/ikev1.c in libreswan before 3.17 retransmits in ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: Possibly the CVE should be rejected: http://www.openwall.com/lists/oss-security/2016/06/13/1
	NOTE: MITRE has not assigned the CVE to the protocol flaw, but specific to libreswan, but as
	NOTE: Huzaifa Sidhpurwala <huzaifas@redhat.com> pointed out that is not a libreswan issue, rather
	NOTE: the protocol is flawed.
CVE-2016-5360 (HAproxy 1.6.x before 1.6.6, when a deny comes from a reqdeny rule, ...)
	- haproxy 1.6.5-2 (bug #826869)
	[jessie] - haproxy <not-affected> (Issue introduced in 1.6.0)
	NOTE: Fixed by: http://git.haproxy.org/?p=haproxy-1.6.git;a=commit;h=60f01f8c89e4fb2723d5a9f2046286e699567e0b
CVE-2016-5338 (The (1) esp_reg_read and (2) esp_reg_write functions in hw/scsi/esp.c ...)
	- qemu 1:2.6+dfsg-2 (bug #827024)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343323
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01507.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ff589551c8e8e9e95e211b9d8daafb4ed39f1aec
CVE-2016-5337 (The megasas_ctrl_get_info function in hw/scsi/megasas.c in QEMU allows ...)
	- qemu 1:2.6+dfsg-2 (bug #827026)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1343909
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg01969.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=844864fbae66935951529408831c2f22367a57b6
CVE-2016-5336 (VMware vRealize Automation 7.0.x before 7.1 allows remote attackers to ...)
	NOT-FOR-US: VMware
CVE-2016-5335 (VMware Identity Manager 2.x before 2.7 and vRealize Automation 7.0.x ...)
	NOT-FOR-US: VMware
CVE-2016-5334 (VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x ...)
	NOT-FOR-US: VMware
CVE-2016-5333 (VMware Photos OS OVA 1.0 before 2016-08-14 has a default SSH public ...)
	NOT-FOR-US: VMware
CVE-2016-5332 (Directory traversal vulnerability in VMware vRealize Log Insight 2.x ...)
	NOT-FOR-US: vRealize Log Insight
CVE-2016-5331 (CRLF injection vulnerability in VMware vCenter Server 6.0 before U2 ...)
	NOT-FOR-US: VMware
CVE-2016-5330 (Untrusted search path vulnerability in the HGFS (aka Shared Folders) ...)
	NOT-FOR-US: VMware
CVE-2016-5329 (VMware Fusion 8.x before 8.5 on OS X, when System Integrity Protection ...)
	NOT-FOR-US: VMware
CVE-2016-5328 (VMware Tools 9.x and 10.x before 10.1.0 on OS X, when System Integrity ...)
	NOT-FOR-US: VMware
CVE-2016-5327
	RESERVED
CVE-2016-5326
	RESERVED
CVE-2016-5325 (CRLF injection vulnerability in the ServerResponse#writeHead function ...)
	- nodejs 4.6.0~dfsg-1 (bug #839714; unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/june-2016-security-releases/
CVE-2016-5359 (epan/dissectors/packet-wbxml.c in the WBXML dissector in Wireshark ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0
	NOTE: Only affects 1.12, marking 2.0 as fixed
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-38.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12408
	NOTE: https://github.com/wireshark/wireshark/commit/b8e0d416898bb975a02c1b55883342edc5b4c9c0
CVE-2016-5358 (epan/dissectors/packet-pktap.c in the Ethernet dissector in Wireshark ...)
	- wireshark 2.0.4+gdd7746e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0)
	[wheezy] - wireshark <not-affected> (Only affects 2.0)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-37.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12440
	NOTE: https://github.com/wireshark/wireshark/commit/2c13e97d656c1c0ac4d76eb9d307664aae0e0cf7
CVE-2016-5357 (wiretap/netscreen.c in the NetScreen file parser in Wireshark 1.12.x ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-36.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12396
	NOTE: https://github.com/wireshark/wireshark/commit/11edc83b98a61e890d7bb01855389d40e984ea82
	NOTE: https://github.com/wireshark/wireshark/commit/6a140eca7b78b230f1f90a739a32257476513c78
CVE-2016-5356 (wiretap/cosine.c in the CoSine file parser in Wireshark 1.12.x before ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-35.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12395
	NOTE: https://github.com/wireshark/wireshark/commit/a66628e425db725df1ac52a3c573a03357060ddd
	NOTE: https://github.com/wireshark/wireshark/commit/f5ec0afb766f19519ea9623152cca3bbe2229500
CVE-2016-5355 (wiretap/toshiba.c in the Toshiba file parser in Wireshark 1.12.x ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-34.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12394
	NOTE: https://github.com/wireshark/wireshark/commit/3270dfac43da861c714df76513456b46765ff47f
	NOTE: https://github.com/wireshark/wireshark/commit/5efb45231671baa2db2011d8f67f9d6e72bc455b
CVE-2016-5354 (The USB subsystem in Wireshark 1.12.x before 1.12.12 and 2.x before ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-33.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12356
	NOTE: https://github.com/wireshark/wireshark/commit/2cb5985bf47bdc8bea78d28483ed224abdd33dc6
CVE-2016-5353 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-32.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12191
	NOTE: https://github.com/wireshark/wireshark/commit/7d7190695ce2ff269fdffb04e87139995cde21f4
CVE-2016-5352 (epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 2.x ...)
	- wireshark 2.0.4+gdd7746e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0)
	[wheezy] - wireshark <not-affected> (Only affects 2.0)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-31.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12175
	NOTE: https://github.com/wireshark/wireshark/commit/b6d838eebf4456192360654092e5587c5207f185
CVE-2016-5351 (epan/crypt/airpdcap.c in the IEEE 802.11 dissector in Wireshark 1.12.x ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-30.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11585
	NOTE: https://github.com/wireshark/wireshark/commit/9b0b20b8d5f8c9f7839d58ff6c5900f7e19283b4
CVE-2016-5350 (epan/dissectors/packet-dcerpc-spoolss.c in the SPOOLS component in ...)
	{DSA-3615-1 DLA-538-1}
	- wireshark 2.0.4+gdd7746e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-29.html
	NOTE: https://github.com/wireshark/wireshark/commit/b4d16b4495b732888e12baf5b8a7e9bf2665e22b
CVE-2016-5324
	RESERVED
CVE-2016-5323 (The _TIFFFax3fillruns function in libtiff before 4.0.6 allows remote ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2559#c3
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2559
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=659
	NOTE: No security impact, just a crash in a CLI tool
CVE-2016-5322 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2560
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=658
CVE-2016-5321 (The DumpModeDecode function in libtiff 4.0.6 and earlier allows ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2
	- tiff3 <removed>
	NOTE: Upstream fix http://bugzilla.maptools.org/show_bug.cgi?id=2558#c2
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2558
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=657
CVE-2016-5320
	REJECTED
CVE-2016-5317 (Buffer overflow in the PixarLogDecode function in libtiff.so in the ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2557
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=653
	NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5316 (Out-of-bounds read in the PixarLogCleanup function in tif_pixarlog.c ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2556
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=656
	NOTE: Upstream marked this duplicate of bug http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5315 (The setByteArray function in tif_dir.c in libtiff 4.0.6 and earlier ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=655
	NOTE: Possible duplicate with PixarLogDecode() issue
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2555#c2
	NOTE: Upstream marked this duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2554
CVE-2016-5314 (Buffer overflow in the PixarLogDecode function in tif_pixarlog.c in ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.6-2 (bug #830700)
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2554
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=654
	NOTE: Upstream fix https://github.com/vadz/libtiff/commit/391e77fcd217e78b2c51342ac3ddb7100ecacdd2
CVE-2016-5313 (Symantec Web Gateway (SWG) before 5.2.5 allows remote authenticated ...)
	NOT-FOR-US: Symantec
CVE-2016-5312 (Directory traversal vulnerability in the charting component in ...)
	NOT-FOR-US: Symantec
CVE-2016-5311
	RESERVED
CVE-2016-5310 (The RAR file parser component in the AntiVirus Decomposer engine in ...)
	NOT-FOR-US: Symantec
CVE-2016-5309 (The RAR file parser component in the AntiVirus Decomposer engine in ...)
	NOT-FOR-US: Symantec
CVE-2016-5308 (The Client Intrusion Detection System (CIDS) driver before 15.0.6 in ...)
	NOT-FOR-US: Norton
CVE-2016-5307 (Directory traversal vulnerability in Symantec Endpoint Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-5306 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 does ...)
	NOT-FOR-US: Symantec
CVE-2016-5305 (Multiple cross-site scripting (XSS) vulnerabilities in management ...)
	NOT-FOR-US: Symantec
CVE-2016-5304 (Open redirect vulnerability in a report-routing component in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2016-5303 (Cross-site scripting (XSS) vulnerability in the Horde Text Filter API ...)
	- php-horde-text-filter 2.3.5-1 (bug #837150)
	[jessie] - php-horde-text-filter <no-dsa> (Minor issue)
CVE-2016-5302 (Citrix XenServer 7.0 before Hotfix XS70E003, when a deployment has ...)
	NOT-FOR-US: Citrix
CVE-2015-8935 (The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x ...)
	- php5 5.6.6+dfsg-1
	[wheezy] - php5 5.4.38-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=68978
	NOTE: https://github.com/php/php-src/commit/996faf964bba1aec06b153b370a7f20d3dd2bb8b
	NOTE: Fixed in 5.6.6, 5.5.22 and 5.4.38
CVE-2015-8934 (The copy_from_lzss_window function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: https://github.com/libarchive/libarchive/issues/521
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/603454ec03040c29bd051fcc749e3c1433c11a8e (v3.2.1)
CVE-2015-8933 (Integer overflow in the archive_read_format_tar_skip function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/548
	NOTE: https://github.com/libarchive/libarchive/issues/582
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3c7a6dc6694d9b26400d2bd672e04d09ed8a4276 (v3.1.900a)
CVE-2015-8932 (The compress_bidder_init function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/547
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/f0b1dbbc325a2d922015eee402b72edd422cb9ea (v3.1.900a)
	NOTE: and part of https://github.com/libarchive/libarchive/commit/55ce98e829eda3a4356c2be64a778d8740c2cf6c (v3.1.900a)
	NOTE: and https://github.com/libarchive/libarchive/commit/618618c8a6be453f79e0bdbdeab6e1dd8bf429b3 (v3.1.900a)
	NOTE: Part of the problematic code was introduced with commit bf4f6ec64ef3edefbc41172692868fb8df514805
	NOTE: to fix https://github.com/libarchive/libarchive/issues/356
CVE-2015-8931 (Multiple integer overflows in the (1) get_time_t_max and (2) ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/539
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b31744df71084a8734f97199e42418f55d08c6c5 (v3.1.900a)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/c0c52e9aaafb0860c4151c5374372051e9354301 (v3.1.900a)
CVE-2015-8930 (bsdtar in libarchive before 3.2.0 allows remote attackers to cause a ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/522
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/39fc59391b7cf2a007bffce280c1e3e66674258f (v3.1.900a)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/01cfbca4fdae1492a8a09c001b61bbca46f869f2 (v3.1.900a)
CVE-2015-8929 (Memory leak in the __archive_read_get_extract function in ...)
	- libarchive 3.2.0-2
	[jessie] - libarchive <not-affected> (Introduced in 3.2.0)
	[wheezy] - libarchive <not-affected> (Introduced in 3.2.0)
	NOTE: https://github.com/libarchive/libarchive/issues/517
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/d24e79e8f9547ae475a3a0c9516e079a14010838
CVE-2015-8928 (The process_add_entry function in archive_read_support_format_mtree.c ...)
	{DSA-3657-1}
	- libarchive 3.2.0-2
	[wheezy] - libarchive <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libarchive/libarchive/issues/550
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/64d5628
CVE-2015-8927 (The trad_enc_decrypt_update function in ...)
	- libarchive 3.2.0-2
	[jessie] - libarchive <not-affected> (vulnerable code not present)
	[wheezy] - libarchive <not-affected> (vulnerable code not present)
	NOTE: https://github.com/libarchive/libarchive/issues/523
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/eff35d4
CVE-2015-8926 (The archive_read_format_rar_read_data function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/518
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/aab73938
CVE-2015-8925 (The readline function in archive_read_support_format_mtree.c in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/516
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1e18cbb71
CVE-2015-8924 (The archive_read_format_tar_read_header function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/515
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/bb9b157
CVE-2015-8923 (The process_extra function in libarchive before 3.2.0 uses the size ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/514
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/9e0689c
CVE-2015-8922 (The read_CodersInfo function in archive_read_support_format_7zip.c in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/513
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/d094dc
CVE-2015-8921 (The ae_strtofflags function in archive_entry.c in libarchive before ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/512
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/1cbc76f
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/05a875fdb876e7a2f56a2937f756927cbed919e0
CVE-2015-8920 (The _ar_read_header function in archive_read_support_format_ar.c in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/511
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/97f964e
CVE-2015-8919 (The lha_read_file_extended_header function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/510
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/e8a2e4d
CVE-2015-8918 (The archive_string_append function in archive_string.c in libarchive ...)
	- libarchive <not-affected> (Vulnerable code not in a released version)
	NOTE: Introduced in  https://github.com/libarchive/libarchive/commit/cf8e67ffc8a2227b63fc6d3d1569b0214f160f54
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/b6ba56037f0da44efebfa271cc4b1a736a74c62f
	NOTE: https://github.com/libarchive/libarchive/issues/506
CVE-2015-8917 (bsdtar in libarchive before 3.2.0 allows remote attackers to cause a ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.0-2
	NOTE: https://github.com/libarchive/libarchive/issues/505
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
CVE-2015-8916 (bsdtar in libarchive before 3.2.0 returns a success code without ...)
	{DSA-3657-1}
	- libarchive 3.2.0-2
	[wheezy] - libarchive <not-affected> (no segfault, not reproducible with reproducer)
	NOTE: https://github.com/libarchive/libarchive/issues/504
	NOTE: Fixed by https://github.com/libarchive/libarchive/commit/b2e2abb
CVE-2015-8915 (bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a ...)
	{DLA-617-1}
	- libarchive 3.2.0-2 (low; bug #784213)
	[jessie] - libarchive <no-dsa> (Minor issue; can potentially be included in future DSA)
	[squeeze] - libarchive <no-dsa> (Minor issue)
	NOTE: https://github.com/libarchive/libarchive/issues/503
	NOTE: https://github.com/libarchive/libarchive/issues/502 (duplicate of https://github.com/libarchive/libarchive/issues/503)
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e6c9668f3202215ddb71617b41c19b6f05acf008
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/3865cf2bcb0eebc1baef28a7841b1cadae6e0f7c
CVE-2015-8914 (The IPTables firewall in OpenStack Neutron before 7.0.4 and 8.0.0 ...)
	- neutron 2:8.1.2-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/bugs/1502933
CVE-2015-8913
	REJECTED
CVE-2015-8912
	REJECTED
CVE-2015-8911
	REJECTED
CVE-2015-8910
	REJECTED
CVE-2015-8909
	REJECTED
CVE-2015-8908
	REJECTED
CVE-2015-8907
	REJECTED
CVE-2015-8906
	REJECTED
CVE-2015-8905
	REJECTED
CVE-2015-8904
	REJECTED
CVE-2015-1000013 (Remote file upload vulnerability in wordpress plugin csv2wpec-coupon ...)
	NOT-FOR-US: WordPress plugin csv2wpec-coupon
CVE-2015-1000012 (Local File Inclusion Vulnerability in mypixs v0.3 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin mypixs
CVE-2015-1000011 (Blind SQL Injection in wordpress plugin dukapress v2.5.9 ...)
	NOT-FOR-US: WordPress plugin dukapress
CVE-2015-1000010 (Remote file download in simple-image-manipulator v1.0 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin simple-image-manipulator
CVE-2015-1000009 (Open proxy in Wordpress plugin google-adsense-and-hotel-booking v1.05 ...)
	NOT-FOR-US: WordPress plugin google-adsense-and-hotel-booking
CVE-2015-1000008 (Path Disclosure Vulnerability in wordpress plugin MP3-jPlayer v2.3.2 ...)
	NOT-FOR-US: WordPress plugin MP3-jPlayer
CVE-2015-1000007 (Remote file download vulnerability in wptf-image-gallery v1.03 ...)
	NOT-FOR-US: WordPress plugin wptf-image-gallery
CVE-2015-1000006 (Remote file download vulnerability in recent-backups v0.7 wordpress ...)
	NOT-FOR-US: WordPress plugin recent-backups
CVE-2015-1000005 (Remote file download vulnerability in candidate-application-form v1.0 ...)
	NOT-FOR-US: WordPress plugin candidate-application-form
CVE-2015-1000004 (XSS in filedownload v1.4 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin filedownload
CVE-2015-1000003 (Blind SQL Injection in filedownload v1.4 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin filedownload
CVE-2015-1000002 (Open Proxy in filedownload v1.4 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin filedownload
CVE-2015-1000001 (Remote file upload vulnerability in fast-image-adder v1.1 Wordpress ...)
	NOT-FOR-US: WordPress plugin fast-image-adder
CVE-2015-1000000 (Remote file upload vulnerability in mailcwp v1.99 wordpress plugin ...)
	NOT-FOR-US: WordPress plugin mailcwp
CVE-2016-5299
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5298
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Android)
CVE-2016-5297
	RESERVED
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5296
	RESERVED
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5295
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Windows)
CVE-2016-5294
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
	- icedove <not-affected> (Only affects Thunderbird on Windows)
CVE-2016-5293
	RESERVED
	- firefox <not-affected> (Only affects Firefox on Windows)
	- firefox-esr <not-affected> (Only affects Firefox on Windows)
CVE-2016-5292
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5291
	RESERVED
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5290
	RESERVED
	{DSA-3730-1 DSA-3716-1 DLA-752-1 DLA-730-1}
	- firefox 50.0-1
	- firefox-esr 45.5.0esr-1
	- icedove 1:45.5.0-1
CVE-2016-5289
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox 45 ESR release)
CVE-2016-5288 [Web content can read cache entries]
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox releases < 48)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1310183 (not yet public)
CVE-2016-5287 [Crash in nsTArray_base]
	RESERVED
	- firefox 50.0-1
	- firefox-esr <not-affected> (Does not affect Firefox releases < 49)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1309823
CVE-2016-5286
	RESERVED
CVE-2016-5285
	RESERVED
	- nss 2:3.25-1
	NOTE: Fixed by https://hg.mozilla.org/projects/nss/rev/45c047d18ac4
	NOTE: Upstream bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1306103
CVE-2016-5284 (Mozilla Firefox before 49.0 and Firefox ESR 45.x before 45.4 rely on ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5283 (Mozilla Firefox before 49.0 allows remote attackers to bypass the Same ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5282 (Mozilla Firefox before 49.0 does not properly restrict the scheme in ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5281 (Use-after-free vulnerability in the DOMSVGLength class in Mozilla ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5280 (Use-after-free vulnerability in the ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5279 (Mozilla Firefox before 49.0 allows user-assisted remote attackers to ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5278 (Heap-based buffer overflow in the nsBMPEncoder::AddImageFrame function ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5277 (Use-after-free vulnerability in the nsRefreshDriver::Tick function in ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5276 (Use-after-free vulnerability in the ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5275 (Buffer overflow in the ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5274 (Use-after-free vulnerability in the nsFrameManager::CaptureFrameState ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5273 (The mozilla::a11y::HyperTextAccessible::GetChildOffset function in the ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5272 (The nsImageGeometryMixin class in Mozilla Firefox before 49.0 and ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5271 (The PropertyProvider::GetSpacingInternal function in Mozilla Firefox ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5270 (Heap-based buffer overflow in the ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-5269
	RESERVED
CVE-2016-5268 (Mozilla Firefox before 48.0 does not properly set the LINKABLE and ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-83/
CVE-2016-5267 (Mozilla Firefox before 48.0 on Android allows remote attackers to ...)
	- firefox <not-affected> (Android-specific)
	- firefox-esr <not-affected> (Android-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-82/
CVE-2016-5266 (Mozilla Firefox before 48.0 does not properly restrict drag-and-drop ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-81/
CVE-2016-5265 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allow ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-80/
CVE-2016-5264 (Use-after-free vulnerability in the ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-79/
CVE-2016-5263 (The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-78/
CVE-2016-5262 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-76/
CVE-2016-5261 (Integer overflow in the WebSocketChannel class in the WebSockets ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 48.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: For Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2016-75/
	NOTE: For Firefox https://www.mozilla.org/security/advisories/mfsa2016-86/
CVE-2016-5260 (Mozilla Firefox before 48.0 mishandles changes from 'INPUT ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-74/
CVE-2016-5259 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-73/
CVE-2016-5258 (Use-after-free vulnerability in the WebRTC socket thread in Mozilla ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-72/
CVE-2016-5257 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3690-1 DSA-3674-1 DLA-658-1 DLA-636-1}
	- firefox 49.0-1
	- firefox-esr 45.4.0esr-1
	- icedove 1:45.4.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-85/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVE-2016-5256 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
CVE-2016-5255 (Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-71/
CVE-2016-5254 (Use-after-free vulnerability in the nsXULPopupManager::KeyDown ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-70/
CVE-2016-5253 (The Updater in Mozilla Firefox before 48.0 on Windows allows local ...)
	- firefox <not-affected> (Only affects Windows)
	- firefox-esr <not-affected> (Only affects Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-69/
CVE-2016-5252 (Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-67/
CVE-2016-5251 (Mozilla Firefox before 48.0 allows remote attackers to spoof the ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-66/
CVE-2016-5250 (Mozilla Firefox before 48.0 allows remote attackers to obtain ...)
	{DSA-3674-1 DLA-636-1}
	- firefox 48.0-1
	- firefox-esr 45.4.0esr-1
	NOTE: For Firefox: https://www.mozilla.org/en-US/security/advisories/mfsa2016-84/
	NOTE: For Firefox ESR: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
CVE-2016-5249 (Lenovo Solution Center (LSC) before 3.3.003 allows local users to ...)
	NOT-FOR-US: Lenovo
CVE-2016-5248 (The StopProxy command in LSC.Services.SystemService in Lenovo Solution ...)
	NOT-FOR-US: Lenovo
CVE-2016-5247 (The BIOS for Lenovo ThinkCentre E93, M6500t/s, M6600, M6600q, ...)
	NOT-FOR-US: Lenovo
CVE-2016-5246
	RESERVED
CVE-2016-5245
	RESERVED
CVE-2016-4456 (The &quot;GNUTLS_KEYLOGFILE&quot; environment variable in gnutls 3.4.12 allows ...)
	- gnutls28 3.4.13-1
	[jessie] - gnutls28 <not-affected> (Introduced in 3.4.12)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2016-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/06/07/2
CVE-2016-1000002
	RESERVED
	- gdm3 <unfixed> (low; bug #849432)
	[stretch] - gdm3 <ignored> (Minor issue)
	[jessie] - gdm3 <ignored> (Minor issue)
	[wheezy] - gdm3 <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1391126
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=753678
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=776051
CVE-2014-9861
	RESERVED
CVE-2014-9860
	RESERVED
CVE-2014-9859
	RESERVED
CVE-2014-9858
	RESERVED
CVE-2014-9857
	RESERVED
CVE-2014-9856
	RESERVED
CVE-2014-9855
	RESERVED
CVE-2016-5319 (Heap-based buffer overflow in tif_packbits.c in libtiff 4.0.6 and ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #842046)
	- tiff3 <removed>
	[jessie] - tiff 4.0.3-12.3+deb8u2
	[wheezy] - tiff3 <not-affected> (tools like bmp2tiff not shipped by tiff3 source package)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2562
	NOTE: Reproducer http://bugzilla.maptools.org/attachment.cgi?id=652
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: No patch available. Marked as wontfix by upstream.
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-5318 (Stack-based buffer overflow in the _TIFFVGetField function in libtiff ...)
	{DLA-693-1 DLA-692-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed>
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
	NOTE: _TIFFVGetField isn't specific to thumbnail tool, there's http://bugzilla.maptools.org/show_bug.cgi?id=2580 to enhance that,
	NOTE: but treating this bug (as related to thumbmail) as fixed.
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2561
	NOTE: This seems a duplicate of CVE-2015-7554 ( http://bugzilla.maptools.org/show_bug.cgi?id=2564 ). At the very least, a generic fix for CVE-2015-7554 would also fix this one as the illegal write is at the exact same location in the code.
	NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=671
	NOTE: With 4.0.6-2 (sid), I get a segfault.
	NOTE: With 4.0.3-12.3+deb8u1 (jessie), I get a segfault.
	NOTE: With 3.9.6-11+deb7u1 (wheezy), I get a failure: MissingRequired: ../CVE-2016-5318.tiff: TIFF directory is missing required "StripOffsets" field.
CVE-2016-5301 (The parse_chunk_header function in libtorrent before 1.1.1 allows ...)
	{DLA-511-1}
	- libtorrent-rasterbar 1.1.0-1 (bug #826380)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	NOTE: https://github.com/arvidn/libtorrent/issues/780
	NOTE: https://github.com/arvidn/libtorrent/pull/782
CVE-2016-5300 (The XML parser in Expat does not use sufficient entropy for hash ...)
	{DSA-3597-1 DLA-508-1}
	- expat 2.1.1-3
CVE-2016-5244 (The rds_inc_info_copy function in net/rds/recv.c in the Linux kernel ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/4116def2337991b39919f3b448326e21c40e0dbb
CVE-2016-5243 (The tipc_nl_compat_link_dump function in net/tipc/netlink_compat.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/5d2be1422e02ccd697ccfcd45c85b4a26e6178e2
CVE-2016-5242 (The p2m_teardown function in arch/arm/p2m.c in Xen 4.4.x through 4.6.x ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <not-affected> (arm not supported)
	NOTE: http://xenbits.xen.org/xsa/advisory-181.html
CVE-2016-5241 (magick/render.c in GraphicsMagick before 1.3.24 allows remote ...)
	{DLA-547-1}
	- graphicsmagick 1.3.24-1
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/8d175c4edfe7
CVE-2016-5240 (The DrawDashPolygon function in magick/render.c in GraphicsMagick ...)
	{DSA-3746-1 DLA-547-1}
	- graphicsmagick 1.3.24-1
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ddc999ec896c
	NOTE: DLA-547-1 didn't fix this properly
CVE-2016-5237 (Valve Steam 3.42.16.13 uses weak permissions for the files in the ...)
	NOT-FOR-US: Valve Steam
CVE-2016-5236
	RESERVED
CVE-2016-5235
	RESERVED
CVE-2014-9803 (arch/arm64/include/asm/pgtable.h in the Linux kernel before ...)
	- linux <not-affected> (Vulnerable code never present, introduced and fixed in 3.16 development cycle)
	NOTE: Introduced by: https://git.kernel.org/linus/bc07c2c6e9ed125d362af0214b6313dca180cb08 (v3.16-rc1)
	NOTE: Fixed by (revert of commit): https://git.kernel.org/linus/5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830 (v3.16-rc1)
CVE-2014-9804 (vision.c in ImageMagick allows remote attackers to cause a denial of ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later)
CVE-2014-9805 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9806 (ImageMagick allows remote attackers to cause a denial of service (file ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9807 (The pdb coder in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9808 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9809 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9810 (The dpx file handler in ImageMagick allows remote attackers to cause a ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9811 (The xwd file handler in ImageMagick allows remote attackers to cause a ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9812 (ImageMagick allows remote attackers to cause a denial of service (NULL ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9813 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9814 (ImageMagick allows remote attackers to cause a denial of service (NULL ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9815 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9816 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9817 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9818 (ImageMagick allows remote attackers to cause a denial of service ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9819 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9820 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9821 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9822 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9823 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9824 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9825 (Heap-based buffer overflow in ImageMagick allows remote attackers to ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9826 (ImageMagick allows remote attackers to have unspecified impact via ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <no-dsa> (No apparent security impact)
CVE-2014-9827 (coders/xpm.c in ImageMagick allows remote attackers to have ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
CVE-2014-9828 (coders/psd.c in ImageMagick allows remote attackers to have ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9829 (coders/sun.c in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9830 (coders/sun.c in ImageMagick allows remote attackers to have ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9831 (coders/wpg.c in ImageMagick allows remote attackers to have ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9832 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9833 (Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9834 (Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9835 (Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9836 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9837 (coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9838 (magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9839 (magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9840 (ImageMagick 6.8.9-9 allows remote attackers to cause a denial of ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9841 (The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 ...)
	{DLA-960-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9842 (Memory leak in the ReadPSDLayers function in coders/psd.c in ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Leak in a code path that does not exist in this version)
CVE-2014-9843 (The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9844 (The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9845 (The ReadDIBImage function in coders/dib.c in ImageMagick allows remote ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9846 (Buffer overflow in the ReadRLEImage function in coders/rle.c in ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9847 (The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9848 (Memory leak in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9849 (The png coder in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9850 (Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (Affected section of code not present in wheezy; examine diff introduced by commit 2257d1eadd02d89d225fce21013a1219d221dc7d with context of 20)
	NOTE: patch supposed to be https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=2257d1eadd02d89d225fce21013a1219d221dc7d
CVE-2014-9851 (ImageMagick 6.8.9.9 allows remote attackers to cause a denial of ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	NOTE: https://anonscm.debian.org/cgit/collab-maint/imagemagick.git/patch/?id=33b2d377b94eb738011bc7d5e90ca0a16ce4d471
CVE-2014-9852 (distribute-cache.c in ImageMagick re-uses objects after they have been ...)
	- imagemagick 8:6.8.9.9-4 (bug #773834)
	[wheezy] - imagemagick <not-affected> (distribute-cache.c does not exist in 6.7.7.10)
CVE-2014-9853 (Memory leak in coders/rle.c in ImageMagick allows remote attackers to ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2014-9854 (coders/tiff.c in ImageMagick allows remote attackers to cause a denial ...)
	{DLA-731-1}
	- imagemagick 8:6.8.9.9-4 (bug #773834)
CVE-2016-XXXX [doesn't remove metadata in embedded images in PDFs]
	- mat 0.6.1-3 (bug #826101)
	[jessie] - mat 0.5.2-3+deb8u1
	[wheezy] - mat 0.3.2-1+deb7u1
	NOTE: Workaround entry for DLA-650-1/DSA-3708-1 until/if CVE is assigned
	NOTE: https://0xacab.org/mat/mat/issues/11067
	NOTE: Patch in 0.6.1-3 disabled PDF support
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/06/02/5
CVE-2016-5239 (The gnuplot delegate functionality in ImageMagick before 6.9.4-0 and ...)
	{DSA-3580-1 DLA-486-1 DLA-484-1}
	- graphicsmagick 1.3.24-1
	- imagemagick 8:6.9.6.2+dfsg-2
	NOTE: http://git.imagemagick.org/repos/ImageMagick/commit/70a2cf326ed32bedee144b961005c63846541a16
CVE-2016-5238 (The get_cmd function in hw/scsi/esp.c in QEMU might allow local guest ...)
	- qemu 1:2.6+dfsg-3 (bug #826152)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1341931
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-06/msg00150.html
CVE-2016-5234 (Buffer overflow in Huawei VP9660, VP9650, and VP9630 multipoint ...)
	NOT-FOR-US: Huawei
CVE-2016-5233 (Huawei Mate 8 smartphones with software NXT-AL10 before ...)
	NOT-FOR-US: Huawei
CVE-2016-5232 (Buffer overflow in Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL ...)
	NOT-FOR-US: Huawei
CVE-2016-5231 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
	NOT-FOR-US: Huawei
CVE-2016-5230 (Huawei Mate8 NXT-AL before NXT-AL10C00B182, NXT-CL before ...)
	NOT-FOR-US: Huawei
CVE-2016-5229 (Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not ...)
	NOT-FOR-US: Atlassian
CVE-2016-5228 (Stack-based buffer overflow in the PlayMacro function in ...)
	NOT-FOR-US: Rumba
CVE-2016-5227
	RESERVED
CVE-2016-5226 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5225 (Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5224 (A timing attack on denormalized floating point arithmetic in SVG ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5223 (Integer overflow in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5222 (Incorrect handling of invalid URLs in Google Chrome prior to ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5221 (Type confusion in libGLESv2 in ANGLE in Google Chrome prior to ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5220 (PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5219 (A heap use after free in V8 in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5218 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5217 (The extensions API in Google Chrome prior to 55.0.2883.75 for Mac, ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5216 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5215 (A use after free in webaudio in Google Chrome prior to 55.0.2883.75 ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5214 (Google Chrome prior to 55.0.2883.75 for Windows mishandled downloaded ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5213 (A use after free in V8 in Google Chrome prior to 55.0.2883.75 for Mac, ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5212 (Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5211 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5210 (Heap buffer overflow during TIFF image parsing in PDFium in Google ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5209 (Bad casting in bitmap manipulation in Blink in Google Chrome prior to ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5208 (Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5207 (In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5206 (The PDF plugin in Google Chrome prior to 55.0.2883.75 for Mac, Windows ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5205 (Blink in Google Chrome prior to 55.0.2883.75 for Linux, Windows and ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5204 (Leaking of an SVG shadow tree leading to corruption of the DOM tree in ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5203 (A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for ...)
	{DSA-3731-1}
	- chromium-browser 55.0.2883.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5202 [various fixes from internal audits]
	RESERVED
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5201 (A leak of privateClass in the extensions API in Google Chrome prior to ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5200 (V8 in Google Chrome prior to 54.0.2840.98 for Mac, and 54.0.2840.99 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5199 (An off by one error resulting in an allocation of zero size in FFmpeg ...)
	{DSA-3731-1}
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- ffmpeg 7:3.2-1
	- libav <undetermined>
	NOTE: https://chromium-review.googlesource.com/383956
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/347cb14b7cba7560e53f4434b419b9d8800253e7
CVE-2016-5198 (V8 in Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5197 (The content view client in Google Chrome prior to 54.0.2840.85 for ...)
	- chromium-browser <not-affected> (Only affects Chrome on Android)
CVE-2016-5196 (The content renderer client in Google Chrome prior to 54.0.2840.85 for ...)
	- chromium-browser <not-affected> (Only affects Chrome on Android)
CVE-2016-5195 (Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before ...)
	{DSA-3696-1 DLA-670-1}
	- linux 4.7.8-1
	NOTE: https://github.com/dirtycow/dirtycow.github.io/wiki/VulnerabilityDetails
	NOTE: Fixed by: https://git.kernel.org/linus/19be0eaffa3ac7d8eb6784ad9bdbc7d67ed8e619
CVE-2016-5194
	RESERVED
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5193 (Google Chrome prior to 54.0 for iOS had insufficient validation of URLs ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5192 (Blink in Google Chrome prior to 54.0.2840.59 for Windows missed a CORS ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5191 (Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5190 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5189 (Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5188 (Multiple issues in Blink in Google Chrome prior to 54.0.2840.59 for ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5187 (Google Chrome prior to 54.0.2840.85 for Android incorrectly handled ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5186 (Devtools in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5185 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5184 (PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5183 (A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5182 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5181 (Blink in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and ...)
	{DSA-3731-1}
	- chromium-browser 54.0.2840.101-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5180 (Heap-based buffer overflow in the ares_create_query function in c-ares ...)
	{DSA-3682-1 DLA-648-1}
	- c-ares 1.12.0-1 (medium; bug #839151)
	NOTE: https://c-ares.haxx.se/adv_20160929.html
	NOTE: https://c-ares.haxx.se/CVE-2016-5180.patch
CVE-2016-5179 (Chrome OS before 53.0.2785.144 allows remote attackers to execute ...)
	NOT-FOR-US: Chrome OS
CVE-2016-5178 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3683-1}
	- chromium-browser 53.0.2785.143-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5177 (Use-after-free vulnerability in V8 in Google Chrome before ...)
	{DSA-3683-1}
	- chromium-browser 53.0.2785.143-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5176 (Google Chrome before 53.0.2785.113 allows remote attackers to bypass ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5175 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5174 (browser/ui/cocoa/browser_window_controller_private.mm in Google Chrome ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5173 (The extensions subsystem in Google Chrome before 53.0.2785.113 does ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5172 (The parser in Google V8, as used in Google Chrome before ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5171 (WebKit/Source/bindings/templates/interface.cpp in Blink, as used in ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5170 (WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as ...)
	{DSA-3667-1}
	- chromium-browser 53.0.2785.113-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5169 (Format string vulnerability in Google Chrome OS before 53.0.2785.103 ...)
	NOT-FOR-US: Google Chrome OS
CVE-2016-5168 (Skia, as used in Google Chrome before 50.0.2661.94, allows remote ...)
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- skia <itp> (bug #818180)
CVE-2016-5167 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5166 (The download implementation in Google Chrome before 53.0.2785.89 on ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5165 (Cross-site scripting (XSS) vulnerability in the Developer Tools (aka ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5164 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5163 (The bidirectional-text implementation in Google Chrome before ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5162 (The AllowCrossRendererResourceLoad function in ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5161 (The EditingStyle::mergeStyle function in ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5160 (The AllowCrossRendererResourceLoad function in ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5159 (Multiple integer overflows in OpenJPEG, as used in PDFium in Google ...)
	{DSA-3768-1 DSA-3660-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
CVE-2016-5158 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c ...)
	{DSA-3660-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/9a07ccb3d0f076388e4da684a3bfd4327125c721
	NOTE: https://github.com/uclouvain/openjpeg/issues/854
CVE-2016-5157 (Heap-based buffer overflow in the opj_dwt_interleave_v function in ...)
	{DSA-3660-1}
	- openjpeg2 2.1.2-1
	[jessie] - openjpeg2 2.1.0-2+deb8u3
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/08/8
	NOTE: https://github.com/uclouvain/openjpeg/pull/823
CVE-2016-5156 (extensions/renderer/event_bindings.cc in the event bindings in Google ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5155 (Google Chrome before 53.0.2785.89 on Windows and OS X and before ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5154 (Multiple heap-based buffer overflows in PDFium, as used in Google ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5153 (The Web Animations implementation in Blink, as used in Google Chrome ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5152 (Integer overflow in the opj_tcd_get_decoded_tile_size function in ...)
	{DSA-4013-1 DSA-3660-1}
	- openjpeg2 2.1.2-1.2
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://github.com/uclouvain/openjpeg/commit/3fbe71369019df0b47c7a2be4fab8c05768f2f32
	NOTE: https://github.com/uclouvain/openjpeg/issues/854
CVE-2016-5151 (PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5150 (WebKit/Source/bindings/modules/v8/V8BindingForModules.cpp in Blink, as ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5149 (The extensions subsystem in Google Chrome before 53.0.2785.89 on ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5148 (Cross-site scripting (XSS) vulnerability in Blink, as used in Google ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5147 (Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS ...)
	{DSA-3660-1}
	- chromium-browser 53.0.2785.89-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5146 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5145 (Blink, as used in Google Chrome before 52.0.2743.116, does not ensure ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5144 (The Developer Tools (aka DevTools) subsystem in Blink, as used in ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5143 (The Developer Tools (aka DevTools) subsystem in Blink, as used in ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5142 (The Web Cryptography API (aka WebCrypto) implementation in Blink, as ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5141 (Blink, as used in Google Chrome before 52.0.2743.116, allows remote ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5140 (Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in ...)
	{DSA-3645-1}
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5139 (Multiple integer overflows in the opj_tcd_init_tile function in tcd.c ...)
	{DSA-3645-1}
	- openjpeg2 2.1.2-1
	- chromium-browser 52.0.2743.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Fixed in Google with: https://pdfium.googlesource.com/pdfium.git/+/2f6d1480a1be2b1f82c94219c2d99e67d7e0660d
	NOTE: https://github.com/uclouvain/openjpeg/pull/819
CVE-2016-5138 (Integer overflow in the kbasep_vinstr_attach_client function in ...)
	- chromium-browser <not-affected> (Chrome on Chrome OS)
CVE-2016-5137 (The CSPSource::schemeMatches function in ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5136 (Use-after-free vulnerability in ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5135 (WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5134 (net/proxy/proxy_service.cc in the Proxy Auto-Config (PAC) feature in ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5133 (Google Chrome before 52.0.2743.82 mishandles origin information during ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5132 (The Service Workers subsystem in Google Chrome before 52.0.2743.82 ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5131 (Use-after-free vulnerability in libxml2 through 2.9.4, as used in ...)
	{DSA-3744-1 DSA-3637-1 DLA-691-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libxml2 2.9.4+dfsg1-2.1 (bug #840554)
	NOTE: Google fix: https://codereview.chromium.org/2127493002
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=9ab01a277d71f54d3143c2cf333c5c2e9aaedd9e
	NOTE: Requisite for the test: https://git.gnome.org/browse/libxml2/commit/?id=a005199330b86dada19d162cae15ef9bdcb6baa8
CVE-2016-5130 (content/renderer/history_controller.cc in Google Chrome before ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5129 (Google V8 before 5.2.361.32, as used in Google Chrome before ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-5128 (objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-5127 (Use-after-free vulnerability in ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2015-8899 (Dnsmasq before 2.76 allows remote servers to cause a denial of service ...)
	- dnsmasq 2.76-1
	[jessie] - dnsmasq <not-affected> (Vulnerable code introduced later)
	[wheezy] - dnsmasq <not-affected> (Vulnerable code introduced later)
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
	NOTE: Fixed by: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87 (v2.76rc1)
	NOTE: Introduced by: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=cbc652423403e3cef00e00240f6beef713142246 (v2.73rc1)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1581181
CVE-2015-8898 (The WriteImages function in magick/constitute.c in ImageMagick before ...)
	- imagemagick 8:6.8.9.9-7
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: https://github.com/ImageMagick/ImageMagick/pull/34
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/5b4bebaa91849c592a8448bc353ab25a54ff8c44
CVE-2015-8897 (The SpliceImage function in MagickCore/transform.c in ImageMagick ...)
	- imagemagick 8:6.8.9.9-7
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=28466
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/7b1cf5784b5bcd85aa9293ecf56769f68c037231
CVE-2015-8896 (Integer truncation issue in coders/pict.c in ImageMagick before ...)
	{DLA-353-1}
	- imagemagick 8:6.8.9.9-7 (bug #806441)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1448803
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2015-8895 (Integer overflow in coders/icon.c in ImageMagick 6.9.1-3 and later ...)
	{DLA-353-1}
	- imagemagick 8:6.8.9.9-7 (bug #806441)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1459747
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/0f6fc2d5bf8f500820c3dbcf0d23ee14f2d9f734
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
	NOTE: The issue is only exploitable on 32 bit architectures.
CVE-2015-8894 (Double free vulnerability in coders/tga.c in ImageMagick 7.0.0 and ...)
	- imagemagick 8:6.8.9.9-6 (bug #806442; bug #799524)
	[jessie] - imagemagick <not-affected> (Can't reproduce crash with file)
	[wheezy] - imagemagick <not-affected> (Can't reproduce crash with file)
	[squeeze] - imagemagick <not-affected> (Can't reproduce crash with file)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/imagemagick/+bug/1490362
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/4f68e9661518463fca523c9726bb5d940a2aa6d8
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/07/2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/4
	NOTE: The problem can only be triggered with recent versions of ImageMagick (8:6.9.1.2-1 in experimental is vulnerable, 8:6.8.9.9-6 in sid is not vulnerable, older versions are not vulnerable)
CVE-2015-8893 (app/aboot/aboot.c in the Qualcomm bootloader in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8892 (platform/msm_shared/boot_verifier.c in the Qualcomm components in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8891 (Multiple integer overflows in app/aboot/aboot.c in the Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8890 (platform/msm_shared/partition_parser.c in the Qualcomm components in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8889 (The aboot implementation in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2015-8888 (Integer overflow in app/aboot/aboot.c in the Qualcomm components in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9802 (Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9801 (Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9800 (Integer overflow in lib/heap/heap.c in the Qualcomm components in ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9799 (The makefile in the Qualcomm components in Android before 2016-07-05 ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9798 (platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9797
	REJECTED
CVE-2014-9796 (app/aboot/aboot.c in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9795 (app/aboot/aboot.c in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9794
	REJECTED
CVE-2014-9793 (platform/msm_shared/mmc.c in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9792 (arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9791
	REJECTED
CVE-2014-9790 (drivers/mmc/core/debugfs.c in the Qualcomm components in Android ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2014-9789 (The (1) alloc and (2) free APIs in ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9788 (Multiple buffer overflows in the voice drivers in the Qualcomm ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9787 (Integer overflow in drivers/misc/qseecom.c in the Qualcomm components ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9786 (Heap-based buffer overflow in ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9785 (drivers/misc/qseecom.c in the Qualcomm components in Android before ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9784 (Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9783 (drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9782 (drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9781 (Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9780 (drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9779 (arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9778 (The vid_dec_set_h264_mv_buffers function in ...)
	- linux <not-affected> (Android-specific)
CVE-2014-9777 (The vid_dec_set_meta_buffers function in ...)
	- linux <not-affected> (Android-specific)
CVE-2013-7457 (Unspecified vulnerability in the Qualcomm components in Android before ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-5125
	REJECTED
CVE-2016-5124 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-5123
	RESERVED
CVE-2016-5122
	RESERVED
CVE-2016-5121
	RESERVED
CVE-2016-5120
	RESERVED
CVE-2016-5119 (The automatic update feature in KeePass 2.33 and earlier allows ...)
	- keepass2 2.18+dfsg-1
	NOTE: autoupdate dialog disabled in Debian via patch, but basically not-affected
CVE-2016-5113
	RESERVED
CVE-2016-5112
	RESERVED
CVE-2016-5111
	RESERVED
CVE-2016-5110
	RESERVED
CVE-2016-5109 (Citrix Worx Home for iOS before 10.3.6 and XenMobile MDX Toolkit for ...)
	NOT-FOR-US: Citrix
CVE-2015-8887
	RESERVED
CVE-2015-8886
	RESERVED
CVE-2015-8885
	RESERVED
CVE-2015-8884
	RESERVED
CVE-2015-8883
	RESERVED
CVE-2015-8882
	RESERVED
CVE-2015-8881
	RESERVED
CVE-2016-5126 (Heap-based buffer overflow in the iscsi_aio_ioctl function in ...)
	- qemu 1:2.6+dfsg-2 (bug #826151)
	[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a future update)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-block/2016-05/msg00779.html
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a6b3167fa0e825aebb5a7cd8b437b6d41584a196
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1340924
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/30/6
CVE-2016-XXXX [CSRF protection for POST requests]
	- postfixadmin 2.93-2 (bug #825151)
	[jessie] - postfixadmin <no-dsa> (Minor issue)
	[wheezy] - postfixadmin <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2016/May/59
	NOTE: https://sourceforge.net/p/postfixadmin/bugs/372/
	NOTE: Fixed by: https://sourceforge.net/p/postfixadmin/code/1842
CVE-2016-5118 (The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ...)
	{DSA-3746-1 DSA-3591-1 DLA-502-1 DLA-500-1}
	- imagemagick 8:6.8.9.9-7.1 (bug #825799)
	- graphicsmagick 1.3.24-1 (bug #825800)
	NOTE: fixed by http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/ae3928faa858
	NOTE: patch available at http://www.openwall.com/lists/oss-security/2016/05/29/7
CVE-2016-5116 (gd_xbm.c in the GD Graphics Library (aka libgd) before 2.2.0, as used ...)
	{DSA-3619-1}
	- libgd2 2.2.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/libgd/libgd/commit/4dc1a2d7931017d3625f2d7cff70a17ce58b53b4 (gd-2.2.0)
	NOTE: Introduced by: https://github.com/libgd/libgd/commit/decf4407d41230fc54dea8058bf887a2696fd4c2 (gd-2.1.0-alpha1)
	NOTE: https://github.com/libgd/libgd/issues/211
	- php5 <removed> (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72115
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/29/3
CVE-2016-5115 (The avcodec_decode_audio4 function in libavcodec in libavformat ...)
	- libav <removed> (low)
	[jessie] - libav <no-dsa> (Minor issue)
	[wheezy] - libav <ignored> (Minor issue)
	NOTE: This is an issue in ffmpeg/libav, which is fixed in stretch's ffmpeg, but it's unclear when it was fixed exactly
	NOTE: https://trac.mplayerhq.hu/ticket/2298
CVE-2016-5102 (Buffer overflow in the readgifimage function in gif2tiff.c in the ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff-tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2552
	NOTE: confirmed this still crashes with latest CVS, version v4.0.6
	NOTE: also confirmed this crashes v4.0.2 in wheezy
	NOTE: Upstream will remove gif2tiff from 4.0.7 release
	NOTE: No patch available. Marked as wontfix by upstream
	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-5102.gif
	NOTE: gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-5101 (Unspecified vulnerability in Opera Mail before 2016-02-16 on Windows ...)
	NOT-FOR-US: Opera
CVE-2016-5100 (Froxlor before 0.9.35 uses the PHP rand function for random number ...)
	NOT-FOR-US: Froxlor
CVE-2016-5099 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 4.4.x before ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.6.2-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-16/
CVE-2016-5098 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
	- phpmyadmin <not-affected> (Only affected git versions but not released versions, cf. PMASA-2016-15)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-15/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/d2dc9481d2af25b035778c67eaf0bfd2d2c59dd8
CVE-2016-5097 (phpMyAdmin before 4.6.2 places tokens in query strings and does not ...)
	- phpmyadmin 4:4.6.2-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <no-dsa> (Minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-14/
CVE-2016-5092 (Directory traversal vulnerability in Fortinet FortiWeb before 5.5.3 ...)
	NOT-FOR-US: Fortinet
CVE-2016-5108 (Buffer overflow in the DecodeAdpcmImaQT function in ...)
	{DSA-3598-1}
	- vlc 2.2.3-2 (bug #825728)
	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
	NOTE: Details: http://www.openwall.com/lists/oss-security/2016/05/27/3
	NOTE: https://git.videolan.org/?p=vlc.git;a=commit;h=458ed62bbeb9d1bddf7b8df104e14936408a3db9
CVE-2016-5090
	RESERVED
CVE-2016-5089
	RESERVED
CVE-2016-5088
	RESERVED
CVE-2016-5087 (Alertus Desktop Notification before 2.9.31.1710 on OS X uses weak ...)
	NOT-FOR-US: Alertus
CVE-2016-5086 (Johnson &amp; Johnson Animas OneTouch Ping devices allow remote attackers ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5085 (Johnson &amp; Johnson Animas OneTouch Ping devices do not properly ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5084 (Johnson &amp; Johnson Animas OneTouch Ping devices do not use encryption ...)
	NOT-FOR-US: Animas OneTouch Ping
CVE-2016-5083
	RESERVED
CVE-2016-5082
	RESERVED
CVE-2016-5081 (ZModo ZP-NE14-S and ZP-IBH-13W devices have a hardcoded root password, ...)
	NOT-FOR-US: ZModo
CVE-2016-5080 (Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in ...)
	NOT-FOR-US: Objective Systems Inc. ASN1C compiler
	NOTE: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
CVE-2016-5079
	RESERVED
CVE-2016-5078 (Paessler PRTG before 16.2.24.4045 has XSS via SNMP. ...)
	NOT-FOR-US: Paessler PRTG
CVE-2016-5077 (Netikus EventSentry before 3.2.1.44 has XSS via SNMP. ...)
	NOT-FOR-US: Netikus EventSentry
CVE-2016-5076 (CloudView NMS before 2.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5075 (CloudView NMS before 2.10a has XSS via a TELNET login. ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5074 (CloudView NMS before 2.10a has a format string issue exploitable over ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5073 (CloudView NMS before 2.10a has XSS via SNMP. ...)
	NOT-FOR-US: CloudView NMS
CVE-2016-5072 (OXID eShop before 2016-06-13 allows remote attackers to execute ...)
	NOT-FOR-US: OXID eShop
CVE-2016-5071 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 execute the ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5070 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 store ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5069 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 use guessable ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5068 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 do not require ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5067 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow Hayes AT ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5066 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 have weak ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5065 (Sierra Wireless GX 440 devices with ALEOS firmware 4.3.2 allow ...)
	NOT-FOR-US: Sierra Wireless GX 440 devices with ALEOS firmware
CVE-2016-5064
	RESERVED
CVE-2016-5063 (The RSCD agent in BMC Server Automation before 8.6 SP1 Patch 2 and 8.7 ...)
	NOT-FOR-US: BMC Server Automation
CVE-2016-5062 (The web server in Aternity before 9.0.1 does not require ...)
	NOT-FOR-US: Aternity
CVE-2016-5061 (Multiple cross-site scripting (XSS) vulnerabilities in the web server ...)
	NOT-FOR-US: Aternity
CVE-2016-5060 (Multiple cross-site scripting (XSS) vulnerabilities in nGrinder before ...)
	NOT-FOR-US: nGrinder
CVE-2016-5059 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 allows attackers to ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5058 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 allows Zigbee ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5057 (OSRAM SYLVANIA Osram Lightify Pro through 2016-07-26 does not use SSL ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5056 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 uses only 8 hex ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5055 (OSRAM SYLVANIA Osram Lightify Pro before 2016-07-26 has XSS in the ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Pro
CVE-2016-5054 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 allows Zigbee ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5053 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 allows remote ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5052 (OSRAM SYLVANIA Osram Lightify Home through 2016-07-26 does not use SSL ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5051 (OSRAM SYLVANIA Osram Lightify Home before 2016-07-26 stores a PSK in ...)
	NOT-FOR-US: OSRAM SYLVANIA Osram Lightify Home
CVE-2016-5050 (Unrestricted file upload vulnerability in chat/sendfile.aspx in ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5049 (Directory traversal vulnerability in chat/openattach.aspx in ReadyDesk ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5048 (SQL injection vulnerability in chat/staff/default.aspx in ReadyDesk ...)
	NOT-FOR-US: ReadyDesk
CVE-2016-5047 (NetApp OnCommand System Manager 8.3.x before 8.3.2P5 allows remote ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5046
	RESERVED
CVE-2016-5045 (NetApp OnCommand System Manager before 9.0 allows remote attackers to ...)
	NOT-FOR-US: NetApp OnCommand System Manager
CVE-2016-5025 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
	NOT-FOR-US: NVIDIA Quadro, NVS, and GeForce product
CVE-2016-5024 (Virtual servers in F5 BIG-IP systems 11.6.1 before 11.6.1 HF1 and ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5023 (Virtual servers in F5 BIG-IP systems 11.2.1 HF11 through HF15, 11.4.1 ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5022 (F5 BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.x before ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-5021 (The iControl REST service in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5020 (F5 BIG-IP before 12.0.0 HF3 allows remote authenticated users to ...)
	NOT-FOR-US: BIG-IP
CVE-2016-5019 (CoreResponseStateManager in Apache MyFaces Trinidad 1.0.0 through ...)
	NOT-FOR-US: Apache MyFaces Trinidad
CVE-2016-5018 (In Apache Tomcat 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842663)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/lixw6iyojoxwfizv?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1754901 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1754902 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1754904
CVE-2016-5017 (Buffer overflow in the C cli shell in Apache Zookeeper before 3.4.9 ...)
	{DLA-630-1}
	- zookeeper 3.4.9-1
	[jessie] - zookeeper 3.4.5+dfsg-2+deb8u1
	NOTE: The C cli shell is intended as a sample/example of how to use the C
	NOTE: client interface, not as a production tool
	NOTE: https://zookeeper.apache.org/security.html#CVE-2016-5017
	NOTE: Fixed by https://git-wip-us.apache.org/repos/asf?p=zookeeper.git;a=commitdiff;h=27ecf981a15554dc8e64a28630af7a5c9e2bdf4f
CVE-2016-5016 (Pivotal Cloud Foundry 239 and earlier, UAA (aka User Account and ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-5015
	RESERVED
CVE-2016-5014 (In Moodle 2.x and 3.x, an unenrolled user still receives event monitor ...)
	- moodle <not-affected> (Only affects 2.8 and later)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=336699
CVE-2016-5013 (In Moodle 2.x and 3.x, text injection can occur in email headers, ...)
	- moodle 2.7.15+dfsg-1
CVE-2016-5012 (In Moodle 3.x, glossary search displays entries without checking user ...)
	- moodle <not-affected> (Only affects 3.1)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=336697
CVE-2016-5011 (The parse_dos_extended function in partitions/dos.c in the libblkid ...)
	- util-linux 2.28.1-1 (bug #830802)
	[jessie] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=7164a1c34d18831ac61c6744ad14ce916d389b3f
	NOTE: https://git.kernel.org/cgit/utils/util-linux/util-linux.git/commit/?id=50d1594c2e6142a3b51d2143c74027480df082e0
CVE-2016-5010 (coders/tiff.c in ImageMagick before 6.9.5-3 allows remote attackers to ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832968)
	NOTE: Fixed by: http://git.imagemagick.org/repos/ImageMagick/commit/c20de102cc57f3739a8870f79e728e3b0bea18c0
CVE-2016-5009 (The handle_command function in mon/Monitor.cc in Ceph allows remote ...)
	- ceph 10.2.5-1 (bug #829661)
	[jessie] - ceph 0.80.7-2+deb8u2
	NOTE: http://tracker.ceph.com/issues/16297
	NOTE: https://github.com/ceph/ceph/pull/9700
	NOTE: https://github.com/ceph/ceph/commit/957ece7e95d8f8746191fd9629622d4457d690d6
CVE-2016-5008 (libvirt before 2.0.0 improperly disables password checking when the ...)
	{DSA-3613-1 DLA-541-1}
	- libvirt 2.0.0-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1180092
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=bb848feec0f3f10e92dd8e5231ae7aa89b5598f3 (v2.0.0)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=f32441c69bf450d6ac593c3acd621c37e120cdaf (v1.2.9-maint)
	NOTE: http://security.libvirt.org/2016/0001.html
CVE-2016-5007 (Both Spring Security 3.2.x, 4.0.x, 4.1.0 and the Spring Framework ...)
	- libspring-java 4.3.2-1
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <not-affected> (Vulnerable code not present)
	NOTE: https://pivotal.io/security/cve-2016-5007
	NOTE: https://github.com/spring-projects/spring-framework/commit/a30ab3 (v4.3.1.RELEASE)
	NOTE: https://github.com/spring-projects/spring-security/commit/e4c13e
	NOTE: Upstream bug: https://github.com/spring-projects/spring-security/issues/3964
	NOTE: Mitigations exists in https://pivotal.io/security/cve-2016-5007
	NOTE: Other (already unsupported) versions are affected as well by the issue
CVE-2016-5006 (The Cloud Controller in Cloud Foundry before 239 logs user-provided ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-5005 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.3.9 and ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5004 (The Content-Encoding HTTP header feature in ws-xmlrpc 3.1.3 as used in ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5003 (The Apache XML-RPC (aka ws-xmlrpc) library 3.1.3, as used in Apache ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5002 (XML external entity (XXE) vulnerability in the Apache XML-RPC (aka ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-5001 (This is an information disclosure vulnerability in Apache Hadoop ...)
	- hadoop <itp> (bug #793644)
CVE-2016-5000 (The XLSX2CSV example in Apache POI before 3.14 allows remote attackers ...)
	- libapache-poi-java <unfixed> (unimportant)
	NOTE: Versions affected: POI 3.5-3.13; Fixed in 3.14
	NOTE: XLSX2CSV example is not installed
CVE-2016-4999 (SQL injection vulnerability in the getStringParameterSQL method in ...)
	NOT-FOR-US: JBoss dashbuilder
CVE-2016-4998 (The IPT_SO_SET_REPLACE setsockopt implementation in the netfilter ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4997 (The compat IPT_SO_SET_REPLACE and IP6T_SO_SET_REPLACE setsockopt ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <no-dsa> (Only exploitable by privileged user; too many changes to backport)
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-4996 (discovery-debug in Foreman before 6.2 when the ssh service has been ...)
	- foreman <itp> (bug #663101)
CVE-2016-4995 (Foreman before 1.11.4 and 1.12.x before 1.12.1 does not properly ...)
	- foreman <itp> (bug #663101)
CVE-2016-4994 (Use-after-free vulnerability in the xcf_load_image function in ...)
	{DSA-3612-1 DLA-525-1}
	- gimp 2.8.16-2.2 (bug #828179)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=767873
CVE-2016-4993 (CRLF injection vulnerability in the Undertow web server in WildFly ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2016-4992 (389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, ...)
	- 389-ds-base 1.3.5.13-1
	[jessie] - 389-ds-base <no-dsa> (Minor issue)
	NOTE: http://directory.fedoraproject.org/docs/389ds/releases/release-1-3-5-13.html
CVE-2016-4991
	RESERVED
CVE-2016-4990
	REJECTED
CVE-2016-4989 (setroubleshoot allows local users to bypass an intended container ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4988 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4987 (Directory traversal vulnerability in the Image Gallery plugin before ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4986 (Directory traversal vulnerability in the TAP plugin before 1.25 in ...)
	NOT-FOR-US: Jenkins plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-06-20
CVE-2016-4985 (The ironic-api service in OpenStack Ironic before 4.2.5 (Liberty) and ...)
	- ironic 1:5.1.2-1 (bug #827886)
	NOTE: Affects >=2014.2, >=4.0.0 <=4.2.4, >=4.3.0 <=5.1.1
CVE-2016-4984 (/usr/libexec/openldap/generate-server-cert.sh in openldap-servers sets ...)
	- openldap <not-affected> (Red Hat-specific)
CVE-2016-4983
	RESERVED
	- dovecot <not-affected> (Specific to Red Hat packaging)
CVE-2016-4982 (authd sets weak permissions for /etc/ident.key, which allows local ...)
	NOT-FOR-US: authd
CVE-2016-4981
	RESERVED
CVE-2016-4980
	RESERVED
	NOT-FOR-US: Red Hat xguest kiosk mode
CVE-2016-4979 (The Apache HTTP Server 2.4.18 through 2.4.20, when mod_http2 and ...)
	- apache2 2.4.23-1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: Upstream fix: https://svn.apache.org/r1750779
CVE-2016-4978 (The getObject method of the javax.jms.ObjectMessage class in the (1) ...)
	NOT-FOR-US: ApacheMQ Artemis
CVE-2016-4977 (When processing authorization requests using the whitelabel views in ...)
	NOT-FOR-US: Spring Security OAuth
CVE-2016-4976 (Apache Ambari 2.x before 2.4.0 includes KDC administrator passwords on ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-4975
	RESERVED
CVE-2016-4974 (Apache Qpid AMQP 0-x JMS client before 6.0.4 and JMS (AMQP 1.0) before ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-4973 (Binaries compiled against targets that use the libssp library in GCC ...)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324759
	- gcc-6 <not-affected> (Uses glibc-internal SSP)
	- gcc-5 <not-affected> (Uses glibc-internal SSP)
	- gcc-4.9 <not-affected> (Uses glibc-internal SSP)
	- gcc-mingw-w64 <unfixed> (unimportant; bug #848704)
	- mingw32 <removed>
	[wheezy] - mingw32 <no-dsa> (Minor issue)
	NOTE: Missing security feature, not a direct vulnerability
CVE-2016-4972 (OpenStack Murano before 1.0.3 (liberty) and 2.x before 2.0.1 (mitaka), ...)
	- murano 1:2.0.1-1 (bug #828062)
	NOTE: Affects: Murano: <=2015.1.1; <=1.0.2; ==2.0.0
	- murano-dashboard 1:2.0.0-5 (bug #828064)
	NOTE: Affects: Murano-dashboard: <=2015.1.1; <=1.0.2; ==2.0.0
	- python-muranoclient 0.8.3-4 (bug #828063)
	NOTE: Affects: Python-muranoclient: <=0.7.2; >=0.8.0<=0.8.4
CVE-2016-4971 (GNU wget before 1.18 allows remote servers to write to arbitrary files ...)
	{DLA-536-1}
	- wget 1.18-1 (bug #827003)
	[jessie] - wget 1.16-1+deb8u1
	NOTE: http://lists.gnu.org/archive/html/info-gnu/2016-06/msg00004.html
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=e996e322ffd42aaa051602da182d03178d0f13e1 (v1.18)
CVE-2016-4970 (handler/ssl/OpenSslEngine.java in Netty 4.0.x before 4.0.37.Final and ...)
	- netty 1:4.0.37-1 (bug #827620)
	[jessie] - netty <not-affected> (Vulnerable code not present)
	[wheezy] - netty <not-affected> (Vulnerable code not present)
	NOTE: Versions affected: Netty 4.0.0.Final - 4.0.36.Final and 4.1.0.Final
CVE-2016-4969 (Cross-site scripting (XSS) vulnerability in Fortinet FortiWan ...)
	NOT-FOR-US: Fortinet
CVE-2016-4968 (The linkreport/tmp/admin_global page in Fortinet FortiWan (formerly ...)
	NOT-FOR-US: Fortinet
CVE-2016-4967 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2016-4966 (The diagnosis_control.php page in Fortinet FortiWan (formerly ...)
	NOT-FOR-US: Fortinet
CVE-2016-4965 (Fortinet FortiWan (formerly AscernLink) before 4.2.5 allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2016-XXXX [AST-2016-005]
	- asterisk 1:13.8.2~dfsg-1
	[jessie] - asterisk <not-affected> (Only affects 13.x)
	[wheezy] - asterisk <not-affected> (Only affects 13.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-005.html
CVE-2016-5107 (The megasas_lookup_frame function in QEMU, when built with MegaRAID ...)
	- qemu 1:2.6+dfsg-2 (bug #825616)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04424.html
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336461
CVE-2016-5106 (The megasas_dcmd_set_properties function in hw/scsi/megasas.c in QEMU, ...)
	- qemu 1:2.6+dfsg-2 (bug #825615)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04340.html
CVE-2016-5105 (The megasas_dcmd_cfg_read function in hw/scsi/megasas.c in QEMU, when ...)
	- qemu 1:2.6+dfsg-2 (bug #825614)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Introduced after: http://git.qemu.org/?p=qemu.git;a=commit;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04419.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1339583
CVE-2016-5104 (The socket_create function in common/socket.c in libimobiledevice and ...)
	- libimobiledevice 1.2.0+dfsg-3 (bug #825553)
	[jessie] - libimobiledevice <no-dsa> (Minor issue)
	[wheezy] - libimobiledevice <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libimobiledevice/libimobiledevice/commit/df1f5c4d70d0c19ad40072f5246ca457e7f9849e
	- libusbmuxd 1.0.10-3 (bug #825554)
	[jessie] - libusbmuxd <no-dsa> (Minor issue)
	NOTE: https://github.com/libimobiledevice/libusbmuxd/commit/4397b3376dc4e4cb1c991d0aed61ce6482614196
CVE-2016-4552 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
	- roundcube 1.2.0+dfsg.1-1
	[wheezy] - roundcube <not-affected> (vulnerable code not present)
	NOTE: https://github.com/roundcube/roundcubemail/issues/5240
	NOTE: https://github.com/roundcube/roundcubemail/pull/5241
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/8
CVE-2016-5096 (Integer overflow in the fread function in ext/standard/file.c in PHP ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72114
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5095 (Integer overflow in the php_escape_html_entities_ex function in ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
	NOTE: For the additional issue reported in the "[2016-05-17 12:55 UTC]" comment
CVE-2016-5094 (Integer overflow in the php_html_entities function in ...)
	{DSA-3602-1 DLA-533-1}
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72135
	NOTE: Fixed in 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5093 (The get_icu_value_internal function in ...)
	{DSA-3602-1 DLA-533-1}
	- php7.0 7.0.7-1
	- php5 5.6.22+dfsg-1
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72241
	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2013-7456 (gd_interpolation.c in the GD Graphics Library (aka libgd) before ...)
	{DSA-3602-1 DSA-3587-1}
	- libgd2 2.1.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/4f65a3e4eedaffa1efcf9ee1eb08f0b504fbc31a (gd-2.1.1)
	- php7.0 7.0.7-1 (unimportant)
	- php5 5.6.22+dfsg-1 (unimportant)
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=72227
	NOTE: Fixed in 7.0.7, 5.6.22, 5.5.36
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/25/3
CVE-2016-5091 (Extbase in TYPO3 4.3.0 before 6.2.24, 7.x before 7.6.8, and 8.1.1 ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-5044 (The WRITE_UNALIGNED function in dwarf_elf_access.c in libdwarf before ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5043 (The dwarf_dealloc function in libdwarf before 20160923 allows remote ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5042 (The dwarf_get_aranges_list function in libdwarf before 20160923 allows ...)
	{DLA-669-1}
	- dwarfutils 20160507-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5041 (dwarf_macro5.c in libdwarf before 20160923 allows remote attackers to ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5040 (libdwarf before 20160923 allows remote attackers to cause a denial of ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/98a3da1e8237fe0d45b67ef77f3fa5ed9ff0215f/
CVE-2016-5039 (The get_attr_value function in libdwarf before 20160923 allows remote ...)
	{DLA-669-1}
	- dwarfutils 20160507-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/eb1472afac95031d0c9dd8c11d527b865fe7deb8/
CVE-2016-5038 (The dwarf_get_macro_startend_file function in dwarf_macro5.c in ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5037 (The _dwarf_load_section function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/b6ec2dfd850929821626ea63fb0a752076a3c08a/
CVE-2016-5036 (The dump_block function in print_sections.c in libdwarf before ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5035 (The _dwarf_read_line_table_header function in ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/82d8e007851805af0dcaaff41f49a2d48473334b/
CVE-2016-5034 (dwarf_elf_access.c in libdwarf before 20160923 allows remote attackers ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/10ca310f64368dc083efacac87732c02ef560a92/
CVE-2016-5033 (The print_exprloc_content function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5032 (The dwarf_get_xu_hash_entry function in libdwarf before 20160923 ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5031 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/ac6673e32f3443a5d36c2217cb814000930b2c54/
CVE-2016-5030 (The _dwarf_calculate_info_section_end_ptr function in libdwarf before ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/6fa3f710ee6f21bba7966b963033a91d77c952bd/
CVE-2016-5029 (The create_fullest_file_path function in libdwarf before 20160923 ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/acae971371daa23a19358bc62204007d258fbc5e/
CVE-2016-5028 (The print_frame_inst_bytes function in libdwarf before 20160923 allows ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://sourceforge.net/p/libdwarf/code/ci/a55b958926cc67f89a512ed30bb5a22b0adb10f4/
CVE-2016-5027 (dwarf_form.c in libdwarf 20160115 allows remote attackers to cause a ...)
	- dwarfutils 20160507+git20160523.9086738-1
	[jessie] - dwarfutils <no-dsa> (Minor issue)
	[wheezy] - dwarfutils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1330237
CVE-2016-5026 (hs.py in OnionShare before 0.9.1 allows local users to modify the ...)
	- onionshare 0.8.1-2 (unimportant)
	[jessie] - onionshare <not-affected> (Vulnerable code not present)
	NOTE: Neutralised by kernel hardening (also contrib and non-free not supported)
CVE-2016-4963 (The libxl device-handling in Xen through 4.6.x allows local guest OS ...)
	- xen 4.8.0~rc3-1
	[jessie] - xen <ignored> (Minor issue, too intrusive to backport)
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport, libvirt doesn't have libxl driver enabled)
	NOTE: http://xenbits.xen.org/xsa/advisory-178.html
CVE-2016-4962 (The libxl device-handling in Xen 4.6.x and earlier allows local OS ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1
	[wheezy] - xen <no-dsa> (Too intrusive to backport, libvirt doesn't have libxl driver enabled)
	NOTE: http://xenbits.xen.org/xsa/advisory-175.html
CVE-2016-4961 (For the NVIDIA Quadro, NVS, and GeForce products, improper ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4960 (For the NVIDIA Quadro, NVS, and GeForce products, the NVIDIA ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4959 (For the NVIDIA Quadro, NVS, and GeForce products, there is a Remote ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-4958
	RESERVED
CVE-2016-4957 (ntpd in NTP before 4.2.8p8 allows remote attackers to cause a denial ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3046
CVE-2016-4956 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1548 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3042
CVE-2016-4955 (ntpd in NTP 4.x before 4.2.8p8, when autokey is enabled, allows remote ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3043
CVE-2016-4954 (The process_packet function in ntp_proto.c in ntpd in NTP 4.x before ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3044
CVE-2016-4953 (ntpd in NTP 4.x before 4.2.8p8 allows remote attackers to cause a ...)
	- ntp 1:4.2.8p8+dfsg-1
	[jessie] - ntp <not-affected> (Upstream fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
	[wheezy] - ntp <not-affected> (Fix for CVE-2016-1547 or CVE-2015-7979 wasn't backported)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2016_ntp_4_2_8p8_NTP_Securi
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug3045
CVE-2016-5117 (OpenNTPD before 6.0p1 does not validate the CN for HTTPS constraint ...)
	- openntpd 1:6.0p1-1 (bug #825856; unimportant)
	[jessie] - openntpd <not-affected> (Vulnerable code introduced later)
	[wheezy] - openntpd <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/23/2
	NOTE: Authenticated TLS "contraints" introduced in 2015-03-24 OpenNTPD 5.7p4
	NOTE: Option is not enabled at buildtime.
CVE-2016-4964 (The mptsas_fetch_requests function in hw/scsi/mptsas.c in QEMU (aka ...)
	- qemu 1:2.6+dfsg-2 (bug #825207)
	[jessie] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
	[wheezy] - qemu <not-affected> (LSI SAS1068 (mptsas) device support added later)
	- qemu-kvm <not-affected> (LSI SAS1068 (mptsas) device support added later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg04027.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=e351b82611293683c4cabe4b69b7552bde5d4e2a (v2.6.0-rc0)
CVE-2016-4950 (Cloudera Manager 5.5 and earlier allows remote attackers to enumerate ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4949 (Cloudera Manager 5.5 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4948 (Multiple cross-site scripting (XSS) vulnerabilities in Cloudera ...)
	NOT-FOR-US: Cloudera Manager
CVE-2016-4947 (Cloudera HUE 3.9.0 and earlier allows remote attackers to enumerate ...)
	NOT-FOR-US: Cloudera HUE
CVE-2016-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE ...)
	NOT-FOR-US: Cloudera HUE
CVE-2016-4945 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Citrix NetScaler Gateway
CVE-2015-8880 (Double free vulnerability in the format printer in PHP 7.x before ...)
	- php7.0 7.0.1-1
CVE-2015-8879 (The odbc_bindcols function in ext/odbc/php_odbc.c in PHP before 5.6.12 ...)
	{DLA-499-1}
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	- php7.0 7.0.0-1
	NOTE: Fixed in PHP 5.6.12, 7.0.0
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=69975
CVE-2015-8878 (main/php_open_temporary_file.c in PHP before 5.5.28 and 5.6.x before ...)
	{DLA-499-1}
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	NOTE: Fixed in PHP 5.6.12, 5.5.28
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=70002
CVE-2015-8877 (The gdImageScaleTwoPass function in gd_interpolation.c in the GD ...)
	{DSA-3587-1}
	- libgd2 2.2.1-1
	[wheezy] - libgd2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/libgd/libgd/commit/4751b606fa38edc456d627140898a7ec679fcc24 (gd-2.2.0)
	NOTE: https://github.com/libgd/libgd/issues/173
	- php5 5.6.12+dfsg-1 (unimportant)
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	- php7.0 7.0.0-1 (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=70064
	NOTE: Fixed in PHP 5.6.12, 7.0.0
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2015-8876 (Zend/zend_exceptions.c in PHP before 5.4.44, 5.5.x before 5.5.28, and ...)
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	- php7.0 7.0.0-1
	NOTE: Fixed in PHP 7.0.0, 5.6.12, 5.5.28, 5.4.44
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=70121
CVE-2016-XXXX [mediawiki issues from 1.26.3, 1.25.6 and 1.23.14]
	- mediawiki 1:1.27.0-1
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-May/000188.html
CVE-2016-4952 (QEMU (aka Quick Emulator), when built with VMWARE PVSCSI paravirtual ...)
	- qemu 1:2.6+dfsg-2 (bug #825210)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
	- qemu-kvm <not-affected> (VMWare PVSCSI paravirtual device implementation introduced later)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03774.html
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=881d588a98bf0dce98ddb65c15aa0854c0ac41ed (v1.5.0-rc0)
CVE-2016-4951 (The tipc_nl_publ_dump function in net/tipc/socket.c in the Linux ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Introduced in 3.19)
	[wheezy] - linux <not-affected> (Introduced in 3.19)
	NOTE: http://lists.openwall.net/netdev/2016/05/14/28
	NOTE: Fixed by: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
	NOTE: Introduced by: https://git.kernel.org/linus/1a1a143daf84db95dd7212086042004a3abb7bc2 (v3.19-rc1)
CVE-2016-4944
	RESERVED
CVE-2016-4943
	RESERVED
CVE-2016-4942
	RESERVED
CVE-2016-4941
	REJECTED
CVE-2016-4940
	REJECTED
CVE-2016-4939
	REJECTED
CVE-2016-4938
	REJECTED
CVE-2016-4937
	REJECTED
CVE-2016-4936
	REJECTED
CVE-2016-4935
	REJECTED
CVE-2016-4934
	REJECTED
CVE-2016-4933
	REJECTED
CVE-2016-4932
	REJECTED
CVE-2016-4931 (XML entity injection in Junos Space before 15.2R2 allows attackers to ...)
	NOT-FOR-US: Juniper
CVE-2016-4930 (Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 ...)
	NOT-FOR-US: Juniper
CVE-2016-4929 (Command injection vulnerability in Junos Space before 15.2R2 allows ...)
	NOT-FOR-US: Juniper
CVE-2016-4928 (Cross site request forgery vulnerability in Junos Space before 15.2R2 ...)
	NOT-FOR-US: Juniper
CVE-2016-4927 (Insufficient validation of SSH keys in Junos Space before 15.2R2 ...)
	NOT-FOR-US: Juniper
CVE-2016-4926 (Insufficient authentication vulnerability in Junos Space before 15.2R2 ...)
	NOT-FOR-US: Juniper
CVE-2016-4925 (Receipt of a specifically malformed IPv6 packet processed by the ...)
	NOT-FOR-US: Juniper
CVE-2016-4924 (An incorrect permissions vulnerability in Juniper Networks Junos OS on ...)
	NOT-FOR-US: Juniper
CVE-2016-4923 (Insufficient cross site scripting protection in J-Web component in ...)
	NOT-FOR-US: Juniper
CVE-2016-4922 (Certain combinations of Junos OS CLI commands and arguments have been ...)
	NOT-FOR-US: Juniper
CVE-2016-4921 (By flooding a Juniper Networks router running Junos OS with specially ...)
	NOT-FOR-US: Juniper
CVE-2016-4920
	RESERVED
CVE-2016-4919
	RESERVED
CVE-2016-4918
	RESERVED
CVE-2016-4917
	RESERVED
CVE-2016-4916
	RESERVED
CVE-2016-4915
	RESERVED
CVE-2016-4914
	RESERVED
CVE-2016-1000001 (flask-oidc version 0.1.2 and earlier is vulnerable to an open redirect ...)
	NOT-FOR-US: flask-oidc
CVE-2016-1000000 (Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter ...)
	NOT-FOR-US: Ipswitch
CVE-2016-4910 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4909 (Cross-site request forgery (CSRF) vulnerability in Cybozu Garoon 3.0.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4908 (Cybozu Garoon 3.0.0 to 4.2.2 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4907 (Cybozu Garoon 3.0.0 to 4.2.2 allow remote attackers to obtain CSRF ...)
	NOT-FOR-US: Cybozu
CVE-2016-4906 (Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.2.2 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4905 (SQL injection vulnerability in the WP-OliveCart versions prior to ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4904 (Cross-site request forgery (CSRF) vulnerability in WP-OliveCart ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4903 (Cross-site scripting vulnerability in WP-OliveCart versions prior to ...)
	NOT-FOR-US: WP-OliveCart
CVE-2016-4902 (Untrusted search path vulnerability in The Public Certification ...)
	NOT-FOR-US: Public Certification Service for Individuals
CVE-2016-4901 (Untrusted search path vulnerability in The installer of e-Tax Software ...)
	NOT-FOR-US: e-Tax
CVE-2016-4900 (Untrusted search path vulnerability in Evernote for Windows versions ...)
	NOT-FOR-US: Evernote
CVE-2016-4899 (The datamover module in the Linux version of NovaBACKUP DataCenter ...)
	NOT-FOR-US: NovaBACKUP
CVE-2016-4898 (The datamover module in the Linux version of NovaBACKUP DataCenter ...)
	NOT-FOR-US: NovaBACKUP
CVE-2016-4897 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Usermin
CVE-2016-4896 (SetsucoCMS all versions does not properly manage sessions, which ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4895 (SetsucoCMS all versions allows remote authenticated attackers to ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4894 (SetsucoCMS all versions allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4893 (SQL injection vulnerability in the SetsucoCMS all versions allows ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4892 (Cross-site scripting vulnerability in SetsucoCMS all versions allows ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4891 (Cross-site request forgery (CSRF) vulnerability in SetsucoCMS all ...)
	NOT-FOR-US: SetucoCMS
CVE-2016-4890 (ZOHO ManageEngine ServiceDesk Plus before 9.2 uses an insecure method ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4889 (ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4888 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2016-4887 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-4886 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-4885 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-4884 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-4883 (Cross-site scripting vulnerability in baserCMS version 3.0.10 and ...)
	NOT-FOR-US: baserCMS
CVE-2016-4882 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
	NOT-FOR-US: baserCMS
CVE-2016-4881 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-4880 (Cross-site scripting vulnerability in baserCMS plugin Blog version ...)
	NOT-FOR-US: baserCMS
CVE-2016-4879 (Cross-site request forgery (CSRF) vulnerability in baserCMS plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-4878 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
	NOT-FOR-US: baserCMS
CVE-2016-4877 (Cross-site scripting vulnerability in baserCMS plugin Mail version ...)
	NOT-FOR-US: baserCMS
CVE-2016-4876 (Cross-site request forgery (CSRF) vulnerability in baserCMS version ...)
	NOT-FOR-US: baserCMS
CVE-2016-4875 (Multiple cross-site scripting (XSS) vulnerabilities in the IVYWE (1) ...)
	NOT-FOR-US: IVYWE
CVE-2016-4874 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct ...)
	NOT-FOR-US: Cybozu
CVE-2016-4873 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4872 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4871 (Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Cybozu
CVE-2016-4870 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4869 (Cybozu Office 9.0.0 to 10.4.0 allow remote attackers to obtain session ...)
	NOT-FOR-US: Cybozu
CVE-2016-4868 (Email header injection vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4867 (Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to ...)
	NOT-FOR-US: Cybozu
CVE-2016-4866 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4865 (Cross-site scripting vulnerability in Cybozu Office 9.0.0 to 10.4.0 ...)
	NOT-FOR-US: Cybozu
CVE-2016-4864 (H2O versions 2.0.3 and earlier and 2.1.0-beta2 and earlier allows ...)
	NOT-FOR-US: H2O
CVE-2016-4863 (The Toshiba FlashAir SD-WD/WC series Class 6 model with firmware ...)
	NOT-FOR-US: Toshiba FlashAir
CVE-2016-4862 (Twigmo bundled with CS-Cart 4.3.9 and earlier and Twigmo bundled with ...)
	NOT-FOR-US: Twigmo
CVE-2016-4861 (The (1) order and (2) group methods in Zend_Db_Select in the Zend ...)
	{DLA-646-1}
	- zendframework 1.12.20+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2016-03
	NOTE: This security fix can be considered an improvement of the previous ZF2016-02
	NOTE: and ZF2014-04 advisories.
	NOTE: Fixed by: https://github.com/zendframework/zf1/commit/b1c71dd94296d9000127720c85a7ea9e3b35af4b (1.12.20)
CVE-2016-4860 (Yokogawa STARDOM FCN/FCJ controller R1.01 through R4.01 does not ...)
	NOT-FOR-US: Yokogawa STARDOM
CVE-2016-4859 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.3, ...)
	NOT-FOR-US: Splunk
CVE-2016-4858 (Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to ...)
	NOT-FOR-US: Splunk
CVE-2016-4857 (Open redirect vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, ...)
	NOT-FOR-US: Splunk
CVE-2016-4856 (Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to ...)
	NOT-FOR-US: Splunk
CVE-2016-4855 (Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 ...)
	{DLA-620-1}
	- libphp-adodb 5.20.6-1 (unimportant; bug #837418)
	[jessie] - libphp-adodb 5.15-1+deb8u1
	NOTE: https://github.com/ADOdb/ADOdb/issues/274
	NOTE: https://jvn.jp/en/jp/JVN48237713/
	NOTE: https://github.com/ADOdb/ADOdb/commit/ecb93d8c1
	NOTE: Vulnerable file is shipped as an example only
CVE-2016-4854 (Cross-site request forgery (CSRF) vulnerability in L-04D firmware ...)
	NOT-FOR-US: L-04D firmware
CVE-2016-4853 (AKABEi SOFT2 games allow remote attackers to execute arbitrary OS ...)
	NOT-FOR-US: AKABEi SOFT2
CVE-2016-4852 (YoruFukurou (NightOwl) before 2.85 relies on support for emoji ...)
	NOT-FOR-US: YoruFukurou
CVE-2016-4851 (Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat ...)
	NOT-FOR-US: Let's PHP! simple chat
CVE-2016-4850 (LINE for Windows before 4.8.3 allows man-in-the-middle attackers to ...)
	NOT-FOR-US: LINE for Windows
CVE-2016-4849 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog IVYWE ...)
	NOT-FOR-US: Geeklog
CVE-2016-4848 (Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 ...)
	NOT-FOR-US: ClipBucket
CVE-2016-4847 (Cross-site scripting (XSS) vulnerability in site/search.php in OSSEC ...)
	NOT-FOR-US: OSSEC Web UI
CVE-2016-4846 (Untrusted search path vulnerability in the installer of PhishWall ...)
	NOT-FOR-US: PhishWall Client Internet Explorer
CVE-2016-4845 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4844 (Cybozu Mailwise before 5.4.0 allows remote attackers to conduct ...)
	NOT-FOR-US: Cybozu
CVE-2016-4843 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Cybozu
CVE-2016-4842 (Cybozu Mailwise before 5.4.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Cybozu
CVE-2016-4841 (Cybozu Mailwise before 5.4.0 allows remote attackers to inject ...)
	NOT-FOR-US: Cybozu
CVE-2016-4840 (Coordinate Plus App for Android 1.0.2 and earlier and Coordinate Plus ...)
	NOT-FOR-US: Coordinate Plus App for Android
CVE-2016-4839 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for ...)
	NOT-FOR-US: Money Forward
CVE-2016-4838 (The Android Apps Money Forward (prior to v7.18.0), Money Forward for ...)
	NOT-FOR-US: Money Forward
CVE-2016-4837 (SQL injection vulnerability in the Seed Coupon plugin before 1.6 for ...)
	NOT-FOR-US: EC-CUBE
CVE-2016-4836
	REJECTED
CVE-2016-4835
	REJECTED
CVE-2016-4834 (modules/Users/actions/Save.php in Vtiger CRM 6.4.0 and earlier does ...)
	NOT-FOR-US: Vtiger
CVE-2016-4833 (Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin ...)
	NOT-FOR-US: Nofollow Links plugin for WordPress
CVE-2016-4832 (WAON &quot;Service Application&quot; for Android 1.4.1 and earlier does not ...)
	NOT-FOR-US: WAON "Service Application" for Android
CVE-2016-4831 (Untrusted search path vulnerability in LINE and LINE Installer 4.7.0 ...)
	NOT-FOR-US: LINE
CVE-2016-4830 (Sushiro App for iOS 2.1.16 and earlier and Sushiro App for Android ...)
	NOT-FOR-US: Sushiro App
CVE-2016-4829 (DMM Movie Player App for Android before 1.2.1, and DMM Movie Player ...)
	NOT-FOR-US: DMM Movie Player App
CVE-2016-4828 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4827 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4826 (Cross-site scripting (XSS) vulnerability in the Collne Welcart ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4825 (The Collne Welcart e-Commerce plugin before 1.8.3 for WordPress allows ...)
	NOT-FOR-US: Collne Welcart e-Commerce plugin for WordPress
CVE-2016-4824 (The Wi-Fi Protected Setup (WPS) implementation on Corega CG-WLR300GNV ...)
	NOT-FOR-US: Corega
CVE-2016-4823 (Corega CG-WLBARAGM devices allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Corega
CVE-2016-4822 (Corega CG-WLBARGL devices allow remote authenticated users to execute ...)
	NOT-FOR-US: Corega
CVE-2016-4821 (I-O DATA DEVICE ETX-R devices allow remote attackers to cause a denial ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4820 (Cross-site request forgery (CSRF) vulnerability on I-O DATA DEVICE ...)
	NOT-FOR-US: I-O DATA
CVE-2016-4819 (The printfDx function in Takumi Yamada DX Library for Borland C++ ...)
	NOT-FOR-US: Borland
CVE-2016-4818 (DMMFX Trade for Android 1.5.0 and earlier, DMMFX DEMO Trade for ...)
	NOT-FOR-US: DMMFX
CVE-2016-4817 (lib/http2/connection.c in H2O before 1.7.3 and 2.x before 2.0.0-beta5 ...)
	NOT-FOR-US: H2O
CVE-2016-4816 (BUFFALO WZR-600DHP3 devices with firmware 2.16 and earlier and ...)
	NOT-FOR-US: BUFFALO
CVE-2016-4815 (Directory traversal vulnerability on BUFFALO WZR-600DHP3 devices with ...)
	NOT-FOR-US: BUFFALO
CVE-2016-4814 (Directory traversal vulnerability in kml2jsonp.php in Geospatial ...)
	NOT-FOR-US: Old_GSI_Maps
CVE-2016-4813 (NetCommons 2.4.2.1 and earlier allows remote authenticated secretariat ...)
	NOT-FOR-US: NetCommons
CVE-2016-4812 (Cross-site scripting (XSS) vulnerability in the Markdown on Save ...)
	NOT-FOR-US: Markdown on Save Improved plugin for WordPress
CVE-2016-4811 (The NTT Broadband Platform Japan Connected-free Wi-Fi application ...)
	NOT-FOR-US: NTT
CVE-2016-4810 (Citrix Studio before 7.6.1000, Citrix XenDesktop 7.x before 7.6 LTSR ...)
	NOT-FOR-US: Citrix
CVE-2016-4913 (The get_rock_ridge_filename function in fs/isofs/rock.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: Fixed by: https://git.kernel.org/linus/99d825822eade8d827a1817357cbf3f889a552d6 (v4.6)
CVE-2016-4912 (The _xrealloc function in xlsp_xmalloc.c in OpenSLP 2.0.0 allows ...)
	- openslp-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Issue present only in OpenSLP 2.x where the return from malloc isn't checked.
CVE-2016-4911 (The Fernet Token Provider in OpenStack Identity (Keystone) 9.0.x ...)
	- keystone 2:9.0.0-2 (bug #824683)
	[jessie] - keystone <not-affected> (affects only 9.0.0)
	[wheezy] - keystone <not-affected> (affects only 9.0.0)
	NOTE: https://launchpad.net/bugs/1577558
CVE-2016-4809 (The archive_read_format_cpio_read_header function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: https://github.com/libarchive/libarchive/issues/705
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/fd7e0c02e272913a0a8b6d492c7260dfca0b1408 (v3.2.1)
CVE-2016-10321 (web2py before 2.14.6 does not properly check if a host is denied before ...)
	- web2py <removed> (bug #860038)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585#issuecomment-284317919
	NOTE: https://github.com/web2py/web2py/commit/944d8bd8f3c5cf8ae296fc03d149056c65358426
CVE-2016-4808 (Web2py versions 2.14.5 and below was affected by CSRF (Cross Site ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/commit/4bd002aee978813bc664cf186ef38ff4e8bbe1cd
CVE-2016-4807 (Web2py versions 2.14.5 and below was affected by Reflected XSS ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/commit/51c3b633fe7ad647bc3013e899c1e3a910362dd1
CVE-2016-4806 (Web2py versions 2.14.5 and below was affected by Local File Inclusion ...)
	- web2py <removed> (bug #856127)
	[jessie] - web2py <ignored> (Minor issue; issue in web admin interface which has no need to be used in production)
	[wheezy] - web2py <no-dsa> (Minor issue; issue in web admin interface which has no need to be used in production)
	NOTE: https://github.com/web2py/web2py/issues/1585
	NOTE: https://github.com/web2py/web2py/issues/1316
	NOTE: https://github.com/web2py/web2py/commit/1b42fe65472930668435007cfcb077207051ba34
CVE-2016-4803 (CRLF injection vulnerability in the send email functionality in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-4802 (Multiple untrusted search path vulnerabilities in cURL and libcurl ...)
	- curl <not-affected> (Windows only)
CVE-2016-4801
	RESERVED
CVE-2016-4800 (The path normalization mechanism in PathResource class in Eclipse ...)
	- jetty9 <not-affected> (Only affects Jetty >= 9.3.0, Jetty <= 9.3.8)
	- jetty8 <not-affected> (Only affects 9.3.x)
	- jetty <not-affected> (Only affects 9.3.x)
	NOTE: http://www.ocert.org/advisories/ocert-2016-001.html
CVE-2015-8874 (Stack consumption vulnerability in GD in PHP before 5.6.12 allows ...)
	{DSA-3587-1 DLA-482-1}
	- libgd2 2.2.1-1 (bug #824627)
	NOTE: https://github.com/libgd/libgd/commit/38241013cc048af7c03daf6e9a75b4f42bffb200
	- php5 5.6.12+dfsg-1 (unimportant)
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	- php7.0 7.0.0-1 (unimportant)
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=66387
	NOTE: Fixed in 5.6.12, 7.0.0
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
CVE-2015-8873 (Stack consumption vulnerability in Zend/zend_exceptions.c in PHP ...)
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=69793
CVE-2016-4805 (Use-after-free vulnerability in drivers/net/ppp/ppp_generic.c in the ...)
	{DSA-3607-1}
	- linux 4.5.2-1
	[wheezy] - linux 3.2.81-1
	NOTE: Fixed by: https://git.kernel.org/linus/1f461dcdd296eecedaffffc6bae2bfa90bd7eb89 (v4.6-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/273ec51dd7ceaa76e038875d85061ec856d8905e (v2.6.30)
CVE-2016-4804 (The read_boot function in boot.c in dosfstools before 4.0 allows ...)
	{DLA-474-1}
	- dosfstools 4.0-1
	[jessie] - dosfstools <no-dsa> (Minor issue)
	NOTE: https://github.com/dosfstools/dosfstools/issues/25
	NOTE: https://github.com/dosfstools/dosfstools/issues/26
	NOTE: https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
CVE-2016-4799
	RESERVED
CVE-2016-4798
	RESERVED
CVE-2016-4795
	RESERVED
CVE-2016-4793 (The clientIp function in CakePHP 3.2.4 and earlier allows remote ...)
	{DLA-835-1}
	- cakephp 2.8.3-1
	[jessie] - cakephp <no-dsa> (Minor issue)
	NOTE: http://legalhackers.com/advisories/CakePHP-IP-Spoofing-Vulnerability.txt
	NOTE: https://bakery.cakephp.org/2016/03/13/cakephp_2613_2711_282_3017_3112_325_released.html
	NOTE: Fixed by https://github.com/cakephp/cakephp/commit/48af49ddde16c8b99edb701f1c31283455b2b0b6
CVE-2016-4792 (Pulse Connect Secure (PCS) 8.2 before 8.2r1 allows remote attackers to ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4791 (The administrative user interface in Pulse Connect Secure (PCS) 8.2 ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4790 (Cross-site scripting (XSS) vulnerability in the administrative user ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4789 (Cross-site scripting (XSS) vulnerability in the system configuration ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4788 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4787 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-4786 (Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r3, 8.0 ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2014-9776
	RESERVED
CVE-2014-9775
	RESERVED
CVE-2014-9774
	RESERVED
CVE-2010-5326 (The Invoker Servlet on SAP NetWeaver Application Server Java ...)
	NOT-FOR-US: SAP
CVE-2016-4785 (A vulnerability has been identified in Firmware variant PROFINET IO ...)
	NOT-FOR-US: Siemens
CVE-2016-4784 (A vulnerability has been identified in firmware variant PROFINET IO ...)
	NOT-FOR-US: Siemens
CVE-2016-4783 (Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before ...)
	NOT-FOR-US: Lenovo
CVE-2016-4782 (Lenovo SHAREit before 3.5.98_ww on Android before 4.2 allows remote ...)
	NOT-FOR-US: Lenovo
CVE-2016-4781 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-4780 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4779 (Apple Type Services (ATS) in Apple OS X before 10.12 allows remote ...)
	NOT-FOR-US: Apple
CVE-2016-4778 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4777 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4776 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4775 (The kernel in Apple OS X before 10.12, tvOS before 10, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2016-4774 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4773 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4772 (The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4771 (The kernel in Apple iOS before 10 and OS X before 10.12 allows local ...)
	NOT-FOR-US: Apple
CVE-2016-4770
	REJECTED
CVE-2016-4769 (WebKit in Apple iTunes before 12.5.1 on Windows and Safari before 10 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4768 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4767 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4766 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4765 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4764 (An issue was discovered in certain Apple products. iOS before 10 is ...)
	NOT-FOR-US: Apple
CVE-2016-4763 (WKWebView in WebKit in Apple iOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4762 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, iCloud ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4761
	RESERVED
CVE-2016-4760 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4759 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4758 (WebKit in Apple iOS before 10, iTunes before 12.5.1 on Windows, and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4757
	REJECTED
CVE-2016-4756
	REJECTED
CVE-2016-4755 (Terminal in Apple OS X before 10.12 uses weak permissions for the ...)
	NOT-FOR-US: Apple
CVE-2016-4754 (ServerDocs Server in Apple OS X Server before 5.2 supports the RC4 ...)
	NOT-FOR-US: Apple
CVE-2016-4753 (Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2016-4752 (The SecKeyDeriveFromPassword function in Apple OS X before 10.12 does ...)
	NOT-FOR-US: Apple
CVE-2016-4751 (The Safari Tabs component in Apple Safari before 10 allows remote ...)
	NOT-FOR-US: Apple
CVE-2016-4750 (S2 Camera in Apple iOS before 10 and OS X before 10.12 allows ...)
	NOT-FOR-US: Apple
CVE-2016-4749 (Printing UIKit in Apple iOS before 10 mishandles environment ...)
	NOT-FOR-US: Apple
CVE-2016-4748 (Perl in Apple OS X before 10.12 allows local users to bypass the ...)
	NOT-FOR-US: Apple
CVE-2016-4747 (Mail in Apple iOS before 10 mishandles certificates, which makes it ...)
	NOT-FOR-US: Apple
CVE-2016-4746 (The Keyboards component in Apple iOS before 10 does not properly use a ...)
	NOT-FOR-US: Apple
CVE-2016-4745 (The Kerberos 5 (aka krb5) PAM module in Apple OS X before 10.12 does ...)
	NOT-FOR-US: Apple
CVE-2016-4744
	REJECTED
CVE-2016-4743 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-4742 (NSSecureTextField in Apple OS X before 10.12 does not enable Secure ...)
	NOT-FOR-US: Apple
CVE-2016-4741 (The Assets component in Apple iOS before 10 allows man-in-the-middle ...)
	NOT-FOR-US: Apple
CVE-2016-4740 (Apple iOS before 10, when Handoff for Messages is used, does not ...)
	NOT-FOR-US: Apple
CVE-2016-4739 (mDNSResponder in Apple OS X before 10.12, when VMnet.framework is ...)
	NOT-FOR-US: Apple
CVE-2016-4738 (libxslt in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
	{DSA-3709-1 DLA-700-1}
	- libxslt 1.1.29-2 (bug #842570)
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=eb1030de31165b68487f288308f9d1810fed6880
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=619006
CVE-2016-4737 (WebKit in Apple iOS before 10, Safari before 10, tvOS before 10, and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4736 (libarchive in Apple OS X before 10.12 allows remote attackers to cause ...)
	NOT-FOR-US: Apple / libarchive
	NOTE: Possibly Apple-specific, but noone really knows and Apple doesn't cooperate
CVE-2016-4735 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4734 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4733 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4732
	REJECTED
CVE-2016-4731 (WebKit in Apple iOS before 10 and Safari before 10 allows remote ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4730 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4729 (WebKit in Apple iOS before 10 and Safari before 10 allows remote ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4728 (WebKit in Apple iOS before 10, tvOS before 10, iTunes before 12.5.1 on ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4727 (IOThunderboltFamily in Apple OS X before 10.12 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4726 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-4725 (IOAcceleratorFamily in Apple iOS before 10, OS X before 10.12, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-4724 (IOAcceleratorFamily in Apple iOS before 10 and OS X before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-4723 (Intel Graphics Driver in Apple OS X before 10.12 allows attackers to ...)
	NOT-FOR-US: Intel driver for OS X
CVE-2016-4722 (The IDS - Connectivity component in Apple iOS before 10 and OS X ...)
	NOT-FOR-US: Apple
CVE-2016-4721 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4720
	REJECTED
CVE-2016-4719 (The GeoServices component in Apple iOS before 10 and watchOS before 3 ...)
	NOT-FOR-US: Apple
CVE-2016-4718 (Buffer overflow in FontParser in Apple iOS before 10, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-4717 (The File Bookmark component in Apple OS X before 10.12 mishandles ...)
	NOT-FOR-US: Apple
CVE-2016-4716 (diskutil in DiskArbitration in Apple OS X before 10.12 allows local ...)
	NOT-FOR-US: Apple
CVE-2016-4715 (The Date &amp; Time Pref Pane component in Apple OS X before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-4714
	REJECTED
CVE-2016-4713 (CoreDisplay in Apple OS X before 10.12 allows attackers to view ...)
	NOT-FOR-US: Apple
CVE-2016-4712 (CoreCrypto in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4711 (CCrypt in corecrypto in CommonCrypto in Apple iOS before 10 and OS X ...)
	NOT-FOR-US: Apple
CVE-2016-4710 (WindowServer in Apple OS X before 10.12 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4709 (WindowServer in Apple OS X before 10.12 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4708 (CFNetwork in Apple iOS before 10, OS X before 10.12, tvOS before 10, ...)
	NOT-FOR-US: Apple
CVE-2016-4707 (CFNetwork in Apple iOS before 10 and OS X before 10.12 mishandles ...)
	NOT-FOR-US: Apple
CVE-2016-4706 (cd9660 in Apple OS X before 10.12 allows local users to cause a denial ...)
	NOT-FOR-US: Apple
CVE-2016-4705 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
	NOT-FOR-US: Apple
CVE-2016-4704 (otool in Apple Xcode before 8 allows local users to gain privileges or ...)
	NOT-FOR-US: Apple
CVE-2016-4703 (Bluetooth in Apple OS X before 10.12 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4702 (Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and ...)
	NOT-FOR-US: Apple
CVE-2016-4701 (Application Firewall in Apple OS X before 10.12 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2016-4700 (AppleUUC in Apple OS X before 10.12 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4699 (AppleUUC in Apple OS X before 10.12 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4698 (AppleMobileFileIntegrity in Apple iOS before 10 and OS X before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-4697 (Apple HSSPI Support in Apple OS X before 10.12 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4696 (AppleEFIRuntime in Apple OS X before 10.12 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4695
	REJECTED
CVE-2016-4694 (The Apache HTTP Server in Apple OS X before 10.12 and OS X Server ...)
	NOT-FOR-US: Apple CVE assignment to the equivalent of CVE-2016-5387
CVE-2016-4693 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-4692 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	- webkit2gtk 2.14.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-4691 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-4690 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-4689 (An issue was discovered in certain Apple products. iOS before 10.2 is ...)
	NOT-FOR-US: Apple
CVE-2016-4688 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4687
	REJECTED
CVE-2016-4686 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4685 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4684
	REJECTED
CVE-2016-4683 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4682 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-4681 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4680 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4679 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4678 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4677 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4676
	RESERVED
CVE-2016-4675 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4674 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4673 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4672
	REJECTED
CVE-2016-4671 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4670 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4669 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4668
	REJECTED
CVE-2016-4667 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4666 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4665 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4664 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4663 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4662 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4661 (An issue was discovered in certain Apple products. macOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4660 (An issue was discovered in certain Apple products. iOS before 10.1 is ...)
	NOT-FOR-US: Apple
CVE-2016-4659
	REJECTED
CVE-2016-4658 (xpointer.c in libxml2 before 2.9.5 (as used in Apple iOS before 10, OS ...)
	{DSA-3744-1 DLA-691-1}
	- libxml2 2.9.4+dfsg1-2.1 (bug #840553)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=c1d1f7121194036608bf555f08d3062a36fd344b
CVE-2016-4657 (WebKit in Apple iOS before 9.3.5 allows remote attackers to execute ...)
	- webkitgtk <unfixed> (unimportant)
	NOTE: https://www.youtube.com/watch?v=xkdPjbaLngE
	NOTE: Not covered by security support
CVE-2016-4656 (The kernel in Apple iOS before 9.3.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4655 (The kernel in Apple iOS before 9.3.5 allows attackers to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4654 (IOMobileFrameBuffer in Apple iOS before 9.3.4 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4653 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4652 (CoreGraphics in Apple OS X before 10.11.6 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4651 (Cross-site scripting (XSS) vulnerability in the WebKit JavaScript ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4650 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 9.3.2, ...)
	NOT-FOR-US: Apple
CVE-2016-4649 (Audio in Apple OS X before 10.11.6 allows local users to cause a ...)
	NOT-FOR-US: Apple
CVE-2016-4648 (Audio in Apple OS X before 10.11.6 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-4647 (Audio in Apple OS X before 10.11.6 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2016-4646 (Audio in Apple OS X before 10.11.6 mishandles a size value, which ...)
	NOT-FOR-US: Apple
CVE-2016-4645 (CFNetwork in Apple OS X before 10.11.6 uses weak permissions for ...)
	NOT-FOR-US: Apple
CVE-2016-4644
	RESERVED
CVE-2016-4643
	RESERVED
CVE-2016-4642
	RESERVED
CVE-2016-4641 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4640 (Login Window in Apple OS X before 10.11.6 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4639 (Login Window in Apple OS X before 10.11.6 does not properly initialize ...)
	NOT-FOR-US: Apple
CVE-2016-4638 (Login Window in Apple OS X before 10.11.6 allows attackers to gain ...)
	NOT-FOR-US: Apple
CVE-2016-4637 (CoreGraphics in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-4636
	REJECTED
CVE-2016-4635 (FaceTime in Apple iOS before 9.3.3 and OS X before 10.11.6 allows ...)
	NOT-FOR-US: Apple
CVE-2016-4634 (The Graphics Drivers subsystem in Apple OS X before 10.11.6 allows ...)
	NOT-FOR-US: Apple
CVE-2016-4633 (Intel Graphics Driver in Apple OS X before 10.11.6 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4632 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4631 (ImageIO in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4630 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4629 (ImageIO in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4628 (IOAcceleratorFamily in Apple iOS before 9.3.3 and watchOS before 2.2.2 ...)
	NOT-FOR-US: Apple
CVE-2016-4627 (IOAcceleratorFamily in Apple iOS before 9.3.3, tvOS before 9.2.2, and ...)
	NOT-FOR-US: Apple
CVE-2016-4626 (IOHIDFamily in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-4625 (Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 ...)
	NOT-FOR-US: Apple
CVE-2016-4624 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4623 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4622 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4621 (libc++abi in Apple OS X before 10.11.6 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-4620 (The Sandbox Profiles component in Apple iOS before 10 does not ...)
	NOT-FOR-US: Apple
CVE-2016-4619
	REJECTED
CVE-2016-4618 (Cross-site scripting (XSS) vulnerability in Safari Reader in Apple iOS ...)
	NOT-FOR-US: Apple
CVE-2016-4617 (An issue was discovered in certain Apple products. macOS before 10.12 ...)
	NOT-FOR-US: Apple
CVE-2016-4616 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4615 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4614 (libxml2 in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4613 (An issue was discovered in certain Apple products. Safari before ...)
	NOT-FOR-US: Apple
CVE-2016-4612
	REJECTED
CVE-2016-4611 (WebKit in Apple iOS before 10, Safari before 10, and tvOS before 10 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4610 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	- libxslt <undetermined>
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4609 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	- libxslt <undetermined>
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4608 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	- libxslt <undetermined>
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4607 (libxslt in Apple iOS before 9.3.3, OS X before 10.11.6, iTunes before ...)
	- libxslt <undetermined>
	NOTE: contacted Apple for more information, but no reply for quite a while
CVE-2016-4606
	RESERVED
CVE-2016-4605 (Calendar in Apple iOS before 9.3.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple
CVE-2016-4604 (Safari in Apple iOS before 9.3.3 allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple
CVE-2016-4603 (Web Media in Apple iOS before 9.3.3 allows attackers to bypass the ...)
	NOT-FOR-US: Apple
CVE-2016-4602 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4601 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4600 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4599 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4598 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4597 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4596 (QuickTime in Apple OS X before 10.11.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-4595 (Safari Login AutoFill in Apple OS X before 10.11.6 allows physically ...)
	NOT-FOR-US: Apple
CVE-2016-4594 (The Sandbox Profiles component in Apple iOS before 9.3.3, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-4593 (The Siri Contacts component in Apple iOS before 9.3.3 allows ...)
	NOT-FOR-US: Apple
CVE-2016-4592 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4591 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4590 (WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles ...)
	- webkit2gtk 2.12.4-1 (unimportant)
CVE-2016-4589 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4588 (WebKit in Apple tvOS before 9.2.2 allows remote attackers to execute ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4587 (WebKit in Apple iOS before 9.3.3 and tvOS before 9.2.2 allows remote ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4586 (WebKit in Apple Safari before 9.1.2 and tvOS before 9.2.2 allows ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4585 (Cross-site scripting (XSS) vulnerability in the WebKit Page Loading ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4584 (The WebKit Page Loading implementation in Apple iOS before 9.3.3, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4583 (WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-4582 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-4580 (The x25_negotiate_facilities function in net/x25/x25_facilities.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: Fixed by: https://git.kernel.org/linus/79e48650320e6fba48369fccf13fd045315b19b8 (v4.6)
CVE-2016-4577 (Buffer overflow in the Smart DNS functionality in the Huawei NGFW ...)
	NOT-FOR-US: Huawei
CVE-2016-4576 (Buffer overflow in the Application Specific Packet Filtering (ASPF) ...)
	NOT-FOR-US: Huawei
CVE-2016-4575 (Cross-site scripting (XSS) vulnerability in the email APP in Huawei ...)
	NOT-FOR-US: Huawei
CVE-2016-4796 (Heap-based buffer overflow in the color_cmyk_to_rgb in common/color.c ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code not present)
	[wheezy] - openjpeg <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/uclouvain/openjpeg/commit/162f6199c0cd3ec1c6c6dc65e41b2faab92b2d91
CVE-2016-4797 (Divide-by-zero vulnerability in the opj_tcd_init_tile function in ...)
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c
	NOTE: CVE-2016-4797 exists because of an incorrect fix for CVE-2014-7947
CVE-2016-4794 (Use-after-free vulnerability in mm/percpu.c in the Linux kernel ...)
	- linux 4.6.2-2
	[jessie] - linux <not-affected> (Introduced in v3.18-rc1)
	[wheezy] - linux <not-affected> (Introduced in v3.18-rc1)
	NOTE: https://git.kernel.org/linus/4f996e234dad488e5d9ba0858bc1bae12eff82c3
	NOTE: https://git.kernel.org/linus/6710e594f71ccaad8101bc64321152af7cd9ea28
CVE-2016-4573 (Fortinet FortiSwitch FSW-108D-POE, FSW-124D, FSW-124D-POE, ...)
	NOT-FOR-US: Fortinet
CVE-2016-4581 (fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse ...)
	{DSA-3607-1}
	- linux 4.5.4-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/5ec0811d30378ae104f250bfc9b3640242d81e3f (v4.6-rc7)
	NOTE: Introduced by: https://git.kernel.org/linus/f2ebb3a921c1ca1e2ddd9242e95a1989a50c4c68 (v3.15-rc1)
CVE-2016-4579 (Libksba before 1.3.4 allows remote attackers to cause a denial of ...)
	{DLA-470-1}
	- libksba 1.3.4-3
	[jessie] - libksba 1.3.2-1+deb8u1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=a7eed17a0b2a1c09ef986f3b4b323cd31cea2b64
CVE-2016-4572
	RESERVED
CVE-2016-4574 (Off-by-one error in the append_utf8_value function in the DN decoder ...)
	- libksba 1.3.4-3
	[jessie] - libksba <not-affected> (Incomplete fix not applied)
	[wheezy] - libksba <not-affected> (Incomplete fix not applied)
	NOTE: Fixed by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=6be61daac047d8e6aa941eb103f8e71a1d4e3c75
	NOTE: Introduced by: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2016-4578 (sound/core/timer.c in the Linux kernel through 4.6 does not initialize ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: https://github.com/torvalds/linux/commit/9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6
	NOTE: https://github.com/torvalds/linux/commit/e4ec8cc8039a7063e24204299b462bd1383184a5
CVE-2016-4569 (The snd_timer_user_params function in sound/core/timer.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: http://comments.gmane.org/gmane.linux.kernel/2214250
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e
CVE-2016-4564 (The DrawImage function in MagickCore/draw.c in ImageMagick before ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832888)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4563 (The TraceStrokePolygon function in MagickCore/draw.c in ImageMagick ...)
	{DSA-3652-1 DLA-517-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832887)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4562 (The DrawDashPolygon function in MagickCore/draw.c in ImageMagick ...)
	{DSA-3652-1 DLA-731-1}
	- imagemagick 8:6.9.6.2+dfsg-2 (bug #832885)
	NOTE: https://github.com/ImageMagick/ImageMagick/commit/726812fa2fa7ce16bcf58f6e115f65427a1c0950
CVE-2016-4560 (Untrusted search path vulnerability in Flexera InstallAnywhere allows ...)
	NOT-FOR-US: Flexera
CVE-2016-4559
	RESERVED
CVE-2016-4567 (Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as ...)
	- mediaelement <unfixed> (unimportant; bug #823649)
	NOTE: https://core.trac.wordpress.org/changeset/37370
	NOTE: Fixed by: https://github.com/johndyer/mediaelement/commit/34834eef8ac830b9145df169ec22016a4350f06e
	NOTE: Vulnerable code present, but Flash Player disabled in Debian
	NOTE: See 0004-Deactivate-Flash-and-Silverlight.patch
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4566 (Cross-site scripting (XSS) vulnerability in plupload.flash.swf in ...)
	- wordpress 4.5.2+dfsg-1 (bug #823640)
	[jessie] - wordpress <not-affected> (Vulnerable code not present)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/05/wordpress-4-5-2/
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37382
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/2
CVE-2016-4568 (drivers/media/v4l2-core/videobuf2-v4l2.c in the Linux kernel before ...)
	- linux 4.5.3-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in 4.4)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 4.4)
	NOTE: Fixed by: https://git.kernel.org/linus/2c1f6951a8a82e6de0d82b1158b5e493fc6c54ab (v4.6-rc6)
	NOTE: Introduced by: https://git.kernel.org/linus/b0e0e1f83de31aa0428c38b692c590cc0ecd3f03 (v4.4-rc1)
CVE-2016-4565 (The InfiniBand (aka IB) stack in the Linux kernel before 4.5.3 ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.3-1
	NOTE: Fixed by: https://git.kernel.org/linus/e6bd18f57aad1a2d1ef40e646d03ed0f2515c9e3 (v4.6-rc6)
CVE-2016-4551 (The (1) SAP_BASIS and (2) SAP_ABA components 7.00 SP Level 0031 in SAP ...)
	NOT-FOR-US: SAP
CVE-2016-4550
	RESERVED
CVE-2016-4549
	RESERVED
CVE-2016-4548
	RESERVED
CVE-2016-4545 (Virtual servers in F5 BIG-IP 11.5.4, when SSL profiles are enabled, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-4561 (Cross-site scripting (XSS) vulnerability in the cgierror function in ...)
	{DSA-3571-1 DLA-463-1}
	- ikiwiki 3.20160506
	NOTE: http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/8
CVE-2016-4547 (Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow ...)
	NOT-FOR-US: Samsung Android component
CVE-2016-4546 (Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users ...)
	NOT-FOR-US: Samsung Android component
CVE-2016-4570 (The mxmlDelete function in mxml-node.c in mxml 2.9, 2.7, and possibly ...)
	- mxml 2.9-1 (bug #825855)
	[jessie] - mxml <no-dsa> (Minor issue)
	[wheezy] - mxml <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
CVE-2016-4571 (The mxml_write_node function in mxml-file.c in mxml 2.9, 2.7, and ...)
	- mxml 2.9-2 (bug #825855)
	[jessie] - mxml <no-dsa> (Minor issue)
	[wheezy] - mxml <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/07/8
CVE-2016-4558 (The BPF subsystem in the Linux kernel before 4.5.5 mishandles ...)
	- linux 4.5.3-1
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: Fixed by: https://git.kernel.org/linus/92117d8443bc5afacc8d5ba82e541946310f106e
	NOTE: Introduced by: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc(v4.4-rc1)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=809
CVE-2016-4557 (The replace_map_fd_with_map_ptr function in kernel/bpf/verifier.c in ...)
	- linux 4.5.3-1 (bug #823603)
	[jessie] - linux <not-affected> (Issue introduced later)
	[wheezy] - linux <not-affected> (Issue introduced later)
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=808
	NOTE: Fixed by: https://git.kernel.org/linus/8358b02bf67d3a5d8a825070e1aa73f25fb2e4c7 (v4.6-rc6)
	NOTE: Introduced by: https://git.kernel.org/linus/0246e64d9a5fcd4805198de59b9b5cf1f974eb41 (v3.18-rc1)
	NOTE: Exploitable since: https://git.kernel.org/linus/1be7f75d1668d6296b80bf35dcf6762393530afc (v4.4-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/06/4
CVE-2016-4556 (Double free vulnerability in Esi.cc in Squid 3.x before 3.5.18 and 4.x ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
CVE-2016-4555 (client_side_request.cc in Squid 3.x before 3.5.18 and 4.x before ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	[wheezy] - squid3 <not-affected> (3.1 not vulnerable)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_9.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_9.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_9.patch
CVE-2016-4554 (mime_header.cc in Squid before 3.5.18 allows remote attackers to ...)
	{DSA-3625-1 DLA-558-1 DLA-478-1}
	- squid3 3.5.19-1 (bug #823968)
	- squid <removed>
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_8.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.1/changesets/squid-3.1-10496.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11842.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12698.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13236.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14038.patch
	NOTE: Regression and fix: http://bugs.squid-cache.org/show_bug.cgi?id=4515
	NOTE: Complete patch for 3.4 branch: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_8.patch
CVE-2016-4553 (client_side.cc in Squid before 3.5.18 and 4.x before 4.0.10 does not ...)
	{DSA-3625-1}
	- squid3 3.5.19-1 (bug #823968)
	[wheezy] - squid3 <not-affected> (issue introduced by CVE-2009-0801 fix, not applied in wheezy)
	- squid <not-affected> (Does not affect 2.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_7.txt
	NOTE: Fix for 3.5.x: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14039.patch
	NOTE: Fix for 3.5 relies on SBuf.
	NOTE: Fix for 3.4.x: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13240.patch
CVE-2016-4535 (Integer signedness error in the AV engine before DAT 8145, as used in ...)
	NOT-FOR-US: McAfee / AV engine
CVE-2016-4534 (The McAfee VirusScan Console (mcconsol.exe) in McAfee VirusScan ...)
	NOT-FOR-US: McAfee VirusScan Console
CVE-2016-4533 (Heap-based buffer overflow in WECON LeviStudio allows remote attackers ...)
	NOT-FOR-US: LeviStudio
CVE-2016-4532 (Directory traversal vulnerability in the WAP interface in Trihedral ...)
	NOT-FOR-US: Trihedral
CVE-2016-4531 (Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not ...)
	NOT-FOR-US: Rockwell
CVE-2016-4530 (OSIsoft PI SQL Data Access Server (aka OLE DB) 2016 1.5 allows remote ...)
	NOT-FOR-US: OSISoft
CVE-2016-4529 (An unspecified ActiveX control in Schneider Electric SoMachine HVAC ...)
	NOT-FOR-US: Schneider
CVE-2016-4528 (Buffer overflow in Advantech WebAccess before 8.1_20160519 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-4527 (ABB PCM600 before 2.7 improperly stores PCM600 authentication ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4526 (ABB DataManagerPro 1.x before 1.7.1 allows local users to gain ...)
	NOT-FOR-US: ABB DataManagerPro
CVE-2016-4525 (Unspecified ActiveX controls in Advantech WebAccess before ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2016-4524 (ABB PCM600 before 2.7 improperly stores OPC Server IEC61850 passwords ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4523 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
	NOT-FOR-US: Trihedral
CVE-2016-4522 (SQL injection vulnerability in Rockwell Automation FactoryTalk ...)
	NOT-FOR-US: Rockwell
CVE-2016-4521 (Sixnet BT-5xxx and BT-6xxx M2M devices before 3.8.21 and 3.9.x before ...)
	NOT-FOR-US: Sixnet
CVE-2016-4520 (Schneider Electric Pelco Digital Sentry Video Management System with ...)
	NOT-FOR-US: Schneider
CVE-2016-4519 (Stack-based buffer overflow in Unitronics VisiLogic OPLC IDE before ...)
	NOT-FOR-US: Unitronics VisiLogic
CVE-2016-4518 (OSIsoft PI AF Server before 2016 2.8.0 allows remote authenticated ...)
	NOT-FOR-US: OSIsoft PI AF Server
CVE-2016-4517
	RESERVED
CVE-2016-4516 (ABB PCM600 before 2.7 improperly stores the main application password ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4515
	REJECTED
CVE-2016-4514 (Moxa PT-7728 devices with software 3.4 build 15081113 allow remote ...)
	NOT-FOR-US: Moxa
CVE-2016-4513 (Cross-site scripting (XSS) vulnerability in the Schneider Electric ...)
	NOT-FOR-US: Schneider
CVE-2016-4512 (Stack-based buffer overflow in ELCSimulator in Eaton ELCSoft 2.4.01 ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2016-4511 (ABB PCM600 before 2.7 uses an improper hash algorithm for the main ...)
	NOT-FOR-US: ABB PCM600
CVE-2016-4510 (The WAP interface in Trihedral VTScada (formerly VTS) 8.x through 11.x ...)
	NOT-FOR-US: Trihedral VTScada
CVE-2016-4509 (Heap-based buffer overflow in elcsoft.exe in Eaton ELCSoft 2.4.01 and ...)
	NOT-FOR-US: Eaton ELCSoft
CVE-2016-4508 (Cross-site scripting (XSS) vulnerability in Rexroth Bosch ...)
	NOT-FOR-US: Rexroth Bosch
CVE-2016-4507 (SQL injection vulnerability in Rexroth Bosch BLADEcontrol-WebVIS 3.0.2 ...)
	NOT-FOR-US: Rexroth Bosch
CVE-2016-4506 (Cross-site request forgery (CSRF) vulnerability on Resource Data ...)
	NOT-FOR-US: Resource Data Management
CVE-2016-4505 (Resource Data Management (RDM) Intuitive 650 TDB Controller devices ...)
	NOT-FOR-US: Resource Data Management
CVE-2016-4504 (A Cross-Site Request Forgery issue was discovered in Meteocontrol ...)
	NOT-FOR-US: Meteocontrol WEB'log
CVE-2016-4503 (Moxa Device Server Web Console 5232-N allows remote attackers to ...)
	NOT-FOR-US: Moxa
CVE-2016-4502 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
	NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4501 (Environmental Systems Corporation (ESC) 8832 Data Controller 3.02 and ...)
	NOT-FOR-US: Environmental Systems Corporation
CVE-2016-4500 (Moxa UC-7408 LX-Plus devices allow remote authenticated users to write ...)
	NOT-FOR-US: Moxa
CVE-2016-4499 (Heap-based buffer overflow in Panasonic FPWIN Pro 5.x through 7.x ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4498 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 accesses an ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4497 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4496 (Panasonic FPWIN Pro 5.x through 7.x before 7.130 allows local users to ...)
	NOT-FOR-US: Panasonic FPWIN Pro
CVE-2016-4495 (KMC Controls BAC-5051E devices with firmware before E0.2.0.2 allow ...)
	NOT-FOR-US: KMC
CVE-2016-4494 (Cross-site request forgery (CSRF) vulnerability on KMC Controls ...)
	NOT-FOR-US: KMC
CVE-2016-4493 (The demangle_template_value_parm and do_hpacc_template_literal ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4492 (Buffer overflow in the do_type function in cplus-dem.c in libiberty ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70926
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=238313
CVE-2016-4491 (The d_print_comp function in cp-demangle.c in libiberty allows remote ...)
	- binutils 2.28-3 (low)
	[jessie] - binutils <ignored> (Minor issue)
	[wheezy] - binutils <no-dsa> (Minor issue)
	- libiberty 20170627-1 (low)
	[stretch] - libiberty <ignored> (Minor issue)
	[jessie] - libiberty <ignored> (Minor issue)
	[wheezy] - libiberty <ignored> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70909
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-05/msg00105.html
	NOTE: https://gcc.gnu.org/viewcvs?rev=247056&root=gcc&view=rev
CVE-2016-4490 (Integer overflow in cp-demangle.c in libiberty allows remote attackers ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70498
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=235767
CVE-2016-4489 (Integer overflow in the gnu_special function in libiberty allows ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70492
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234828
CVE-2016-4488 (Use-after-free vulnerability in libiberty allows remote attackers to ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
CVE-2016-4487 (Use-after-free vulnerability in libiberty allows remote attackers to ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=70481
	NOTE: https://gcc.gnu.org/ml/gcc-patches/2016-03/msg01687.html
CVE-2016-4539 (The xml_parse_into_struct function in ext/xml/xml.c in PHP before ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=72099
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=dccda88f27a084bcbbb30198ace12b4e7ae961cc
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/7290b3bbcaa1e10a8d807fab3242204e9ec3a015
CVE-2016-4537 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72093
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4538 (The bcpowmod function in ext/bcmath/bcmath.c in PHP before 5.5.35, ...)
	{DSA-3602-1 DLA-628-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72093
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=d650063a0457aec56364e4005a636dc6c401f9cd
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4540 (The grapheme_stripos function in ext/intl/grapheme/grapheme_string.c ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72061
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4541 (The grapheme_strpos function in ext/intl/grapheme/grapheme_string.c in ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72061
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=fd9689745c44341b1bd6af4756f324be8abba2fb
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4542 (The exif_process_IFD_TAG function in ext/exif/exif.c in PHP before ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4543 (The exif_process_IFD_in_JPEG function in ext/exif/exif.c in PHP before ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4544 (The exif_process_TIFF_in_JPEG function in ext/exif/exif.c in PHP ...)
	{DSA-3602-1 DLA-499-1}
	- php7.0 7.0.6-1
	- php5 5.6.21+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=72094
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=082aecfc3a753ad03be82cf14f03ac065723ec92
	NOTE: Fixed in 7.0.6, 5.6.21, 5.5.35
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/21
CVE-2016-4536 (The client in OpenAFS before 1.6.17 does not properly initialize the ...)
	{DLA-493-1}
	- openafs 1.6.17-1
	[jessie] - openafs 1.6.9-2+deb8u6
	NOTE: https://www.openafs.org/pages/security/OPENAFS-SA-2016-002.txt
CVE-2016-4486 (The rtnl_fill_link_ifmap function in net/core/rtnetlink.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: https://git.kernel.org/linus/5f8e44741f9f216e33736ea4ec65ca9ac03036e6
CVE-2016-4485 (The llc_cmsg_rcv function in net/llc/af_llc.c in the Linux kernel ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.4-1
	NOTE: https://git.kernel.org/linus/b8670c09f37bdf2847cc44f36511a53afc6161fd
CVE-2016-4484 (The Debian initrd script for the cryptsetup package 2:1.7.3-2 and ...)
	- cryptsetup 2:1.7.3-2 (unimportant)
	NOTE: http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
	NOTE: Negligable security impact
	NOTE: in #860981 claimed to still be unresolved as per 2:1.7.3-3
CVE-2016-4481
	RESERVED
CVE-2016-4480 (The guest_walk_tables function in arch/x86/mm/guest_walk.c in Xen ...)
	{DSA-3633-1 DLA-571-1}
	- xen 4.8.0~rc3-1
	NOTE: http://xenbits.xen.org/xsa/advisory-176.html
CVE-2016-4479
	RESERVED
CVE-2016-4475 (The (1) Organization and (2) Locations APIs and UIs in Foreman before ...)
	- foreman <itp> (bug #663101)
CVE-2016-4474 (The image build process for the overcloud images in Red Hat OpenStack ...)
	NOT-FOR-US: Red Hat OpenStack Overcloud image
CVE-2016-4473 (/ext/phar/phar_object.c in PHP 7.0.7 and 5.6.x allows remote attackers ...)
	{DLA-628-1}
	- php5 5.6.23+dfsg-1
	[jessie] - php5 5.6.23+dfsg-0+deb8u1
	NOTE: The issue was introduced as part CVE-2015-6833, which was applied upstream
	NOTE: in versions 5.4.44, 5.5.28, and 5.6.12.
	NOTE: https://bugs.php.net/bug.php?id=72321
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d144590d38fa321b46b8e199c754006318985c84
	NOTE: Fixed in 5.6.23
CVE-2016-4472 (The overflow protection in Expat is removed by compilers with certain ...)
	{DSA-3582-1 DLA-483-1}
	- expat 2.1.1-2
	NOTE: https://sourceforge.net/p/expat/code_git/ci/f0bec73b018caa07d3e75ec8dd967f3785d71bde/tree/expat/lib/xmlparse.c?diff=a238d7ea7a715ef3850c4cbdd86aeda7077b6bbc
CVE-2016-4471 (ManageIQ in CloudForms before 4.1 allows remote authenticated users to ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-4470 (The key_reject_and_link function in security/keys/key.c in the Linux ...)
	{DSA-3607-1 DLA-609-1}
	- linux 4.6.2-2
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/38327424b40bcebe2de92d07312c89360ac9229a
CVE-2016-4469 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
	NOT-FOR-US: Apache Archiva
CVE-2016-4468 (SQL injection vulnerability in Pivotal Cloud Foundry (PCF) before 238; ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-4467 (The C client and C-based client bindings in the Apache Qpid Proton ...)
	- qpid-proton <not-affected> (Windows-specific)
CVE-2016-4466
	RESERVED
CVE-2016-4465 (The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1 and 2.5)
	NOTE: https://struts.apache.org/docs/s2-041.html
CVE-2016-4464 (The application plugins in Apache CXF Fediz 1.2.x before 1.2.3 and ...)
	NOT-FOR-US: Apache CXF
CVE-2016-4463 (Stack-based buffer overflow in Apache Xerces-C++ before 3.1.4 allows ...)
	{DSA-3610-1 DLA-535-1}
	- xerces-c 3.1.3+debian-2.1 (bug #828990)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.txt
CVE-2016-4462 (By manipulating the URL parameter externalLoginKey, a malicious, ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-4461 (Apache Struts 2.x before 2.3.29 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present, CVE for incomplete fix for CVE-2016-0785)
CVE-2016-4460 (Apache Pony Mail 0.6c through 0.8b allows remote attackers to bypass ...)
	NOT-FOR-US: Apache Pony Mail
CVE-2016-4459 (Stack-based buffer overflow in native/mod_manager/node.c in ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-4458
	RESERVED
CVE-2016-4457 (CloudForms Management Engine before 5.8 includes a default SSL/TLS ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2016-4455 (The Subscription Manager package (aka subscription-manager) before ...)
	NOT-FOR-US: Red Hat Subscription Manager
CVE-2016-4454 (The vmsvga_fifo_read_raw function in hw/display/vmware_vga.c in QEMU ...)
	- qemu 1:2.6+dfsg-3
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05271.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336429
CVE-2016-4453 (The vmsvga_fifo_run function in hw/display/vmware_vga.c in QEMU allows ...)
	- qemu 1:2.6+dfsg-3
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg05270.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1336650
CVE-2016-4452
	RESERVED
CVE-2016-4451 (The (1) Organization and (2) Locations APIs in Foreman before 1.11.3 ...)
	- foreman <itp> (bug #663101)
CVE-2016-4450 (os/unix/ngx_files.c in nginx before 1.10.1 and 1.11.x before 1.11.1 ...)
	{DSA-3592-1}
	- nginx 1.10.1-1 (bug #825960)
	[wheezy] - nginx <not-affected> (Introduced in 1.3.9)
CVE-2016-4449 (XML external entity (XXE) vulnerability in the ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761430
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=b1d34de46a11323fccffa9fadeb33be670d602f5 (v2.9.4)
CVE-2016-4448 (Format string vulnerability in libxml2 before 2.9.4 allows attackers ...)
	- libxml2 2.9.4+dfsg1-1 (bug #829718)
	[jessie] - libxml2 <ignored> (Minor impact; too intrusive to backport)
	[wheezy] - libxml2 <no-dsa> (Minor impact; too intrusive to backport)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=761029
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=4472c3a5a5b516aaf59b89be602fbce52756c3e9 (v2.9.4)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=502f6a6d08b08c04b3ddfb1cd21b2f699c1b7f5b (v2.9.4)
CVE-2016-4447 (The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759573
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=00906759053986b8079985644172085f74331f83 (v2.9.4)
CVE-2016-4446 (The allow_execstack plugin for setroubleshoot allows local users to ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4445 (The fix_lookup_id function in sealert in setroubleshoot before 3.2.23 ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4444 (The allow_execmod plugin for setroubleshoot before 3.2.23 allows local ...)
	NOT-FOR-US: setroubleshoot
CVE-2016-4443 (Red Hat Enterprise Virtualization (RHEV) Manager 3.6 allows local ...)
	NOT-FOR-US: org.ovirt.engine-root / engine-setup (Red Hat)
CVE-2016-4442 (The rack-mini-profiler gem before 0.10.1 for Ruby allows remote ...)
	NOT-FOR-US: rack-mini-profiler gem
CVE-2016-4441 (The get_cmd function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
	- qemu 1:2.6+dfsg-2 (bug #824856)
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along with a future DSA)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03274.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337505
CVE-2016-4440 (arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3 mishandles the ...)
	- linux 4.5.5-1
	[jessie] - linux <not-affected> (Introduced in 4.5)
	[wheezy] - linux <not-affected> (Introduced in 4.5)
	NOTE: Upstream patch: https://github.com/torvalds/linux/commit/3ce424e45411cf5a13105e0386b6ecf6eeb4f66f
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337806
	NOTE: http://comments.gmane.org/gmane.comp.emulators.kvm.devel/152100
CVE-2016-4439 (The esp_reg_write function in hw/scsi/esp.c in the 53C9X Fast SCSI ...)
	{DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-2 (bug #824856)
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-05/msg03273.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1337502
CVE-2016-4438 (The REST plugin in Apache Struts 2 2.3.20 through 2.3.28.1 allows ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-037.html
CVE-2016-4437 (Apache Shiro before 1.2.5, when a cipher key has not been configured ...)
	- shiro 1.2.5-1 (bug #826653)
	[jessie] - shiro <no-dsa> (Minor issue)
CVE-2016-4436 (Apache Struts 2 before 2.3.29 and 2.5.x before 2.5.1 allow attackers ...)
	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-035.html
CVE-2016-4435 (An endpoint of the Agent running on the BOSH Director VM with stemcell ...)
	NOT-FOR-US: BOSH
CVE-2016-4434 (Apache Tika before 1.13 does not properly initialize the XML parser or ...)
	- tika <unfixed> (bug #825501)
	[jessie] - tika <no-dsa> (Minor issue, no standard alone package, just a reverse dependency of jmeter)
CVE-2016-4433 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-039.html
CVE-2016-4432 (The AMQP 0-8, 0-9, 0-91, and 0-10 connection handling in Apache Qpid ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-4431 (Apache Struts 2 2.3.20 through 2.3.28.1 allows remote attackers to ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-040.html
CVE-2016-4430 (Apache Struts 2 2.3.20 through 2.3.28.1 mishandles token validation, ...)
	- libstruts1.2-java <not-affected> (Only affects 2.3.20 to 2.3.28.1)
	NOTE: https://struts.apache.org/docs/s2-038.html
CVE-2016-4429 (Stack-based buffer overflow in the clntudp_call function in ...)
	- glibc 2.22-10
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20112
	- libtirpc 0.2.5-1.1 (bug #840347)
	[jessie] - libtirpc <no-dsa> (Minor issue)
	[wheezy] - libtirpc <no-dsa> (Minor issue)
CVE-2016-4428 (Cross-site scripting (XSS) vulnerability in OpenStack Dashboard ...)
	{DSA-3617-1 DLA-520-1}
	- horizon 3:9.0.1-2 (bug #828967)
	NOTE: https://bugs.launchpad.net/bugs/1567673
CVE-2016-4427
	RESERVED
CVE-2016-4426
	RESERVED
CVE-2016-4424
	RESERVED
CVE-2016-4423 (The attemptAuthentication function in ...)
	{DSA-3588-1}
	- symfony 2.8.6+dfsg-1
	NOTE: https://github.com/symfony/symfony/pull/18733
	NOTE: https://symfony.com/blog/cve-2016-4423-large-username-storage-in-session
CVE-2015-8872 (The set_fat function in fat.c in dosfstools before 4.0 might allow ...)
	{DLA-474-1}
	- dosfstools 4.0-1
	[jessie] - dosfstools <no-dsa> (Minor issue)
	NOTE: https://github.com/dosfstools/dosfstools/issues/12
	NOTE: https://github.com/dosfstools/dosfstools/commit/07908124838afcc99c577d1d3e84cef2dbd39cb7
CVE-2015-8870 (Integer overflow in tools/bmp2tiff.c in LibTIFF before 4.0.4 allows ...)
	- tiff 4.0.3-12
	[wheezy] - tiff 4.0.2-6+deb7u4
	NOTE: Fixed already with the patch applied in 4.0.3-12 in unstable for the
	NOTE: CVE-2014-9330 issue.
	- tiff3 <not-affected> (libtiff-tools not shipped in tiff3)
CVE-2013-7455 (Double free vulnerability in the DefaultICCintents function in ...)
	- lcms2 2.6-1
	[wheezy] - lcms2 <not-affected> (vulnerable code not present, no cmsPipelineFree(Lut); in Error:-part)
	NOTE: https://www.kb.cert.org/vuls/id/369800
	NOTE: https://github.com/mm2/Little-CMS/commit/fefaaa43c382eee632ea3ad0cfa915335140e1db#diff-189a94f0a7a47efdd43f5567e27a973b
CVE-2016-XXXX [XSS]
	- dotclear <removed>
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/05/04/9
CVE-2016-4482 (The proc_connectinfo function in drivers/usb/core/devio.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.5-1
	NOTE: http://www.spinics.net/lists/linux-usb/msg140243.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/04/2
	NOTE: Fixed by: https://github.com/torvalds/linux/commit/681fef8380eb818c0b845fca5d2ab1dcbab114ee
CVE-2016-4483 (The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #823405)
	NOTE: Minor issue, only when using libxml2 using recovery mode
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=c97750d11bb8b6f3303e7131fe526a61ac65bcfd (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=766414
CVE-2016-4477 (wpa_supplicant 0.4.0 through 2.5 does not reject \n and \r characters ...)
	{DLA-473-1}
	- wpa 2.3-2.4 (bug #823411)
	[jessie] - wpa 2.3-1+deb8u4
	NOTE: http://w1.fi/security/2016-1/
CVE-2016-4476 (hostapd 0.6.7 through 2.5 and wpa_supplicant 0.6.7 through 2.5 do not ...)
	{DLA-473-1}
	- wpa 2.3-2.4 (bug #823411)
	[jessie] - wpa 2.3-1+deb8u4
	NOTE: http://w1.fi/security/2016-1/
CVE-2016-4413
	RESERVED
CVE-2016-4411
	RESERVED
CVE-2016-4410
	RESERVED
CVE-2016-4409
	RESERVED
CVE-2016-4408
	RESERVED
CVE-2016-4407 (The DSA algorithm implementation in SAP SAPCRYPTOLIB 5.555.38 does not ...)
	NOT-FOR-US: SAP
CVE-2016-4406
	RESERVED
	NOT-FOR-US: HPE iLO
CVE-2016-4405
	RESERVED
CVE-2016-4404
	RESERVED
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4403
	RESERVED
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4402
	RESERVED
	NOT-FOR-US: HPE KeyView using Filter SDK
CVE-2016-4401
	RESERVED
CVE-2016-4400
	RESERVED
CVE-2016-4399
	RESERVED
CVE-2016-4398
	RESERVED
CVE-2016-4397
	RESERVED
CVE-2016-4396 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4395 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4394 (HPE System Management Homepage before v7.6 allows remote attackers to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4393 (HPE System Management Homepage before v7.6 allows &quot;remote ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-4392
	RESERVED
CVE-2016-4391
	RESERVED
CVE-2016-4390 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4389 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4388 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4387 (The Filter SDK in HPE KeyView 10.18 through 10.24 allows remote ...)
	NOT-FOR-US: HPE KeyView
CVE-2016-4386 (HPE Network Automation Software 10.10 allows local users to write to ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-4385 (The RMI service in HP Network Automation Software 9.1x, 9.2x, 10.0x ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-4384 (HPE Performance Center before 12.50 and LoadRunner before 12.50 allow ...)
	NOT-FOR-US: HPE Performance Center
CVE-2016-4383 (The glance-manage db in all versions of HPE Helion Openstack Glance ...)
	- glance <unfixed> (unimportant; bug #868185)
	NOTE: https://bugs.launchpad.net/glance/+bug/1593799/
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0075
	NOTE: No code fix, documented shortcoming
CVE-2016-4382 (HPE Performance Center 11.52, 12.00, 12.01, 12.20, and 12.50 allows ...)
	NOT-FOR-US: HPE Performance Center
CVE-2016-4381 (HPE XP7 Command View Advanced Edition (CVAE) Suite 6.x through 8.x ...)
	NOT-FOR-US: HPE
CVE-2016-4380 (Cross-site scripting (XSS) vulnerability in the AdminUI in HPE ...)
	NOT-FOR-US: HPE
CVE-2016-4379 (The TLS implementation in HPE Integrated Lights-Out 3 (aka iLO3) ...)
	NOT-FOR-US: HPE
CVE-2016-4378 (The (1) Device Manager, (2) Tiered Storage Manager, (3) Replication ...)
	NOT-FOR-US: HPE
CVE-2016-4377 (HPE Smart Update in Storage Sizing Tool before 13.0, Converged ...)
	NOT-FOR-US: HPE
CVE-2016-4376 (HPE FOS before 7.4.1d and 8.x before 8.0.1 on StoreFabric B switches ...)
	NOT-FOR-US: HPE
CVE-2016-4375 (Multiple unspecified vulnerabilities in HPE Integrated Lights-Out 3 ...)
	NOT-FOR-US: HPE
CVE-2016-4374 (HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 ...)
	NOT-FOR-US: HPE
CVE-2016-4373 (The AdminUI in HPE Operations Manager (OM) before 9.21.130 on Linux, ...)
	NOT-FOR-US: HPE
CVE-2016-4372 (HPE iMC PLAT before 7.2 E0403P04, iMC EAD before 7.2 E0405P05, iMC APM ...)
	NOT-FOR-US: HPE
CVE-2016-4371 (HPE Service Manager Software 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, ...)
	NOT-FOR-US: HPE Service Manager
CVE-2016-4370 (HPE Project and Portfolio Management Center (PPM) 9.2x and 9.3x before ...)
	NOT-FOR-US: HPE Project and Portfolio Management Center
CVE-2016-4369 (HPE Discovery and Dependency Mapping Inventory (DDMi) 9.30, 9.31, ...)
	NOT-FOR-US: HPE Discovery and Dependency Mapping Inventory
CVE-2016-4368 (HPE Universal CMDB 10.0 through 10.21, Universal CMDB Configuration ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-4367 (The Universal Discovery component in HPE Universal CMDB 10.0, 10.01, ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-4366 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-4365 (HPE Insight Control server deployment allows remote attackers to ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4364 (HPE Insight Control server deployment allows local users to gain ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4363 (HPE Insight Control server deployment allows remote attackers to ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4362 (HPE Insight Control server deployment allows remote authenticated ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-4361 (HPE LoadRunner 11.52 through patch 3, 12.00 through patch 1, 12.01 ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4360 (web/admin/data.js in the Performance Center Virtual Table Server (VTS) ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4359 (Stack-based buffer overflow in mchan.dll in the agent in HPE ...)
	NOT-FOR-US: HPE LoadRunner
CVE-2016-4358 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-4357 (HPE Matrix Operating Environment before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-4351 (SQL injection vulnerability in the authentication functionality in ...)
	NOT-FOR-US: Trend Micro
CVE-2016-4350 (Multiple SQL injection vulnerabilities in the Web Services web server ...)
	NOT-FOR-US: SolarWinds Storage Resource Monitor
CVE-2014-9773 (modules/chanserv/flags.c in Atheme before 7.2.7 allows remote ...)
	- atheme-services 7.0.7-2
	[jessie] - atheme-services <not-affected> (Vulnerable code introduced later)
	NOTE: https://github.com/atheme/atheme/issues/397
	NOTE: Fixed by: https://github.com/atheme/atheme/commit/c597156adc60a45b5f827793cd420945f47bc03b
	NOTE: Introduced in: https://github.com/atheme/atheme/commit/5c734f28068cf47b9b450af4dcf37195734b15be
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2016-4478 (Buffer overflow in the xmlrpc_char_encode function in ...)
	{DSA-3586-1}
	- atheme-services 7.0.7-2
	NOTE: https://github.com/atheme/atheme/commit/87580d767868360d2fed503980129504da84b63e
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/02/2
CVE-2016-4425 (Jansson 2.7 and earlier allows context-dependent attackers to cause a ...)
	{DSA-3577-1 DLA-471-1}
	- jansson 2.7-5 (bug #823238)
	NOTE: https://github.com/akheron/jansson/issues/282
	NOTE: https://github.com/akheron/jansson/pull/284
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/5
CVE-2016-4422 (The pam_sm_authenticate function in pam_sshauth.c in libpam-sshauth ...)
	{DSA-3567-1}
	- libpam-sshauth 0.4.1-2
	NOTE: Introduced in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/93/src/pam_sshauth.c
	NOTE: Fixed in: https://bazaar.launchpad.net/~ltsp-upstream/ltsp/libpam-sshauth/revision/114
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/01/2
CVE-2016-4414 (The onReadyRead function in core/coreauthhandler.cpp in Quassel before ...)
	- quassel 1:0.12.4-2 (bug #826402)
	[jessie] - quassel 1:0.10.0-2.3+deb8u3
	[wheezy] - quassel <not-affected> (Vulnerable code introduced with 0.10.0)
	NOTE: https://github.com/quassel/quassel/blob/f64ac93/src/core/coreauthhandler.cpp#L100
	NOTE: Introduced by: https://github.com/quassel/quassel/commit/d1bf207 (0.10.0)
	NOTE: Fixed by: https://github.com/quassel/quassel/commit/e67887343c433cc35bc26ad6a9392588f427e746 (0.12.4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/30/2
CVE-2016-4349 (Untrusted search path vulnerability in Cisco WebEx Productivity Tools ...)
	NOT-FOR-US: Cisco
CVE-2016-4352 (Integer overflow in the demuxer function in libmpdemux/demux_gif.c in ...)
	{DLA-458-1 DLA-457-1}
	- mplayer 2:1.3.0-2 (bug #823723)
	- mplayer2 <removed> (low)
	[jessie] - mplayer2 <no-dsa> (Minor issue)
	NOTE: https://trac.mplayerhq.hu/ticket/2295
	NOTE: Fixed in Revision r37857 upstream
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/3
CVE-2015-8869 (OCaml before 4.03.0 does not properly handle sign extensions, which ...)
	{DLA-466-1}
	- ocaml 4.02.3-9 (bug #824139)
	[jessie] - ocaml <no-dsa> (Minor issue; can be fixed via point release and sheduling binNMUs there)
	NOTE: https://github.com/ocaml/ocaml/commit/659615c7b100a89eafe6253e7a5b9d84d0e8df74#diff-a97df53e3ebc59bb457191b496c90762
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/1
	NOTE: Ocaml applications using the patched functions need to be recompiled with the
	NOTE: fixed ocaml version.
CVE-2016-4341 (NetApp Clustered Data ONTAP before 8.3.2P7 allows remote attackers to ...)
	NOT-FOR-US: NetApp
CVE-2016-4339
	RESERVED
CVE-2016-4338 (The mysql user parameter configuration script ...)
	- zabbix 1:3.0.3+dfsg-1 (bug #823329)
	[jessie] - zabbix 1:2.2.7+dfsg-2+deb8u1
	NOTE: http://seclists.org/bugtraq/2016/May/11
	NOTE: https://support.zabbix.com/browse/ZBX-10741
CVE-2016-4337 (SQL injection vulnerability in the mgr.login.php file in Ktools.net ...)
	NOT-FOR-US: Photostore
CVE-2016-4336 (An exploitable out-of-bounds write exists in the Bzip2 parsing of the ...)
	NOT-FOR-US: Lexmark Document Filters
CVE-2016-4335 (An exploitable buffer overflow exists in the XLS parsing of the ...)
	NOT-FOR-US: Lexmark Document Filters
CVE-2016-4334 (Jive before 2016.3.1 has an open redirect from the external-link.jspa ...)
	NOT-FOR-US: Jive
CVE-2016-4333 (The HDF5 1.8.16 library allocating space for the array using a value ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0179/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/73640612aad91d3f04e4d8f1ea71d42acbc85f6e
CVE-2016-4332 (The library's failure to check if certain message types support a ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0178/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1d50d498a0affbbd6e088b524fd495ea95dea88
CVE-2016-4331 (When decoding data out of a dataset encoded with the H5Z_NBIT ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0177/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/e1c4ec3d541eecda78b3afcb1a0fa071c4b52afa
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/43ec23616697ce0ea3f99e40900fec55fe9107ef
CVE-2016-4330 (In the HDF5 1.8.16 library's failure to check if the number of ...)
	{DSA-3727-1 DLA-771-1}
	- hdf5 1.10.0-patch1+docs-1 (bug #845301)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0176/
	NOTE: Fixed by: https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/commits/2e7e1899d3d7131bcbad65233ba713f6b79e2d69
CVE-2016-4329 (A local denial of service vulnerability exists in window broadcast ...)
	NOT-FOR-US: Kaspersky
CVE-2016-4328 (MEDHOST Perioperative Information Management System (aka PIMS or ...)
	NOT-FOR-US: MEDHOST Perioperative Information Management System
CVE-2016-4327 (Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server ...)
	NOT-FOR-US: WSO2 SOA Enablement Server
CVE-2016-4326 (The Chef Manage (formerly opscode-manage) add-on before 1.12.0 for ...)
	NOT-FOR-US: Chef Manage addon
CVE-2016-4325 (Lantronix xPrintServer devices with firmware before 5.0.1-65 have ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2016-4324 (Use-after-free vulnerability in LibreOffice before 5.1.4 allows remote ...)
	{DSA-3608-1 DLA-581-1}
	- libreoffice 1:5.1.4~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-4324/
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0126/
CVE-2016-4323 (A directory traversal exists in the handling of the MXIT protocol in ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0128/
	NOTE: http://www.pidgin.im/news/security/?id=97
CVE-2016-4322 (BMC BladeLogic Server Automation (BSA) before 8.7 Patch 3 allows ...)
	NOT-FOR-US: BMC
CVE-2016-4321
	RESERVED
CVE-2016-4320 (Atlassian Bitbucket Server before 4.7.1 allows remote attackers to read ...)
	NOT-FOR-US: Atlassian Bitbucket Server
CVE-2016-4319 (Atlassian JIRA Server before 7.1.9 has CSRF in auditing/settings. ...)
	NOT-FOR-US: Atlassian JIRA Server
CVE-2016-4318 (Atlassian JIRA Server before 7.1.9 has XSS in ...)
	NOT-FOR-US: Atlassian JIRA Server
CVE-2016-4317 (Atlassian Confluence Server before 5.9.11 has XSS on the ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2016-4316 (Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4315 (Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4314 (Directory traversal vulnerability in the LogViewer Admin Service in ...)
	NOT-FOR-US: WSO2 Carbon
CVE-2016-4313 (Directory traversal vulnerability in unzip/extract feature in ...)
	{DLA-596-1}
	- extplorer <removed>
CVE-2016-4312 (XML external entity (XXE) vulnerability in the XACML flow feature in ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2016-4311 (Cross-site request forgery (CSRF) vulnerability in the XACML flow ...)
	NOT-FOR-US: WSO2 Identity Server
CVE-2016-4310
	RESERVED
CVE-2016-4309 (Session fixation vulnerability in Symphony CMS 2.6.7, when ...)
	NOT-FOR-US: Symphony CMS
CVE-2016-4308
	RESERVED
CVE-2016-4307 (A denial of service vulnerability exists in the IOCTL handling ...)
	NOT-FOR-US: Kaspersky Internet Security KL1 driver
CVE-2016-4306 (Multiple information leaks exist in various IOCTL handlers of the ...)
	NOT-FOR-US: Kaspersky Internet Security KLDISK driver
CVE-2016-4305 (A denial of service vulnerability exists in the syscall filtering ...)
	NOT-FOR-US: Kaspersky Internet Security KLIF driver
CVE-2016-4304 (A denial of service vulnerability exists in the syscall filtering ...)
	NOT-FOR-US: Kaspersky Internet Security KLIF driver
CVE-2016-4303 (The parse_string function in cjson.c in the cJSON library mishandles ...)
	- iperf3 3.1.3-1 (bug #827116)
	[jessie] - iperf3 <no-dsa> (Minor issue)
	NOTE: https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc
	NOTE: https://github.com/esnet/iperf/commit/f01a9ca8f7e878e438a53687dabe30b7f7222912 (3.1.x)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0164/
CVE-2016-4302 (Heap-based buffer overflow in the parse_codes function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0154/
	NOTE: https://github.com/libarchive/libarchive/issues/719
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/05caadc7eedbef471ac9610809ba683f0c698700 (v3.2.1)
CVE-2016-4301 (Stack-based buffer overflow in the parse_device function in ...)
	- libarchive 3.2.1-1
	[jessie] - libarchive <not-affected> (Introduced in 3.2.0)
	[wheezy] - libarchive <not-affected> (Introduced in 3.2.0)
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0153/
	NOTE: https://github.com/libarchive/libarchive/pull/715
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/ecdac4d50db0cf5a0c630ba077729aaa6c5a2dd2
CVE-2016-4300 (Integer overflow in the read_SubStreamsInfo function in ...)
	{DSA-3657-1 DLA-554-1}
	- libarchive 3.2.1-1
	NOTE: http://blog.talosintel.com/2016/06/the-poisoned-archives.html
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0152/
	NOTE: https://github.com/libarchive/libarchive/issues/718
	NOTE: Requirement: https://github.com/libarchive/libarchive/commit/3d469df8eaace8297a27ce62befa295c0fdc5a3a
	NOTE: Fixed by: https://github.com/libarchive/libarchive/commit/e79ef306afe332faf22e9b442a2c6b59cb175573 (v3.2.1)
	NOTE: Notice introduction of UMAX_ENTRY with 3d469df8eaace8297a27ce62befa295c0fdc5a3a
	NOTE: Libarchive 3.1.2 and lower has a much smaller "UMAX_ENTRY", which is hardcoded
	NOTE: in various places before 3d469df8eaace8297a27ce62befa295c0fdc5a3a and has value
	NOTE: 1000000, making exploitation more difficult but not impossible.
CVE-2016-4299
	RESERVED
CVE-2016-4298 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4297
	RESERVED
CVE-2016-4296 (When opening a Hangul Hcell Document (.cell) and processing a record ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4295 (When opening a Hangul Hcell Document (.cell) and processing a ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4294 (When opening a Hangul Hcell Document (.cell) and processing a property ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4293 (Multiple heap-based buffer overflows in the (1) ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4292 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4291 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4290 (When opening a Hangul HShow Document (.hpt) and processing a structure ...)
	NOT-FOR-US: Hancom Office
CVE-2016-4289
	RESERVED
CVE-2016-4288 (A local privilege escalation vulnerability exists in BlueStacks App ...)
	NOT-FOR-US: BlueStacks
CVE-2016-4287 (Integer overflow in Adobe Flash Player before 18.0.0.375 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4286 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4285 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4284 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4283 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4282 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4281 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4280 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4279 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4278 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4277 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4276 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4275 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4274 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4273 (Adobe Flash Player before 18.0.0.382 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4272 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.375 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4271 (Adobe Flash Player before 18.0.0.375 and 19.x through 23.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4270 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4269 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4268 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4267 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4266 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4265 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4264 (The Office Open XML (OOXML) feature in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-4263 (Use-after-free vulnerability in Adobe Digital Editions before 4.5.2 ...)
	NOT-FOR-US: Adobe
CVE-2016-4262 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4261 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4260 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4259 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4258 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4257 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4256 (Adobe Digital Editions before 4.5.2 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-4255 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-4254 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4253 (The Backup functionality in Adobe Experience Manager 5.6.1, 6.0, 6.1, ...)
	NOT-FOR-US: Adobe
CVE-2016-4252 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4251 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4250 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4249 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.366 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4248 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4247 (Race condition in Adobe Flash Player before 18.0.0.366 and 19.x ...)
	NOT-FOR-US: Adobe
CVE-2016-4246 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4245 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4244 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4243 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4242 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4241 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4240 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4239 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4238 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4237 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4236 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4235 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4234 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4233 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4232 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4231 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4230 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4229 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4228 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4227 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4226 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4225 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4224 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4223 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4222 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4221 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4220 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4219 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4218 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4217 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4216 (XMPCore in Adobe XMP Toolkit for Java before 5.1.3 allows remote ...)
	NOT-FOR-US: Adobe
CVE-2016-4215 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4214 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4213 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4212 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4211 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4210 (Integer overflow in Adobe Reader and Acrobat before 11.0.17, Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2016-4209 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.17, ...)
	NOT-FOR-US: Adobe
CVE-2016-4208 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4207 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4206 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4205 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4204 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4203 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4202 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4201 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4200 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4199 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4198 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4197 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4196 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4195 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4194 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4193 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4192 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4191 (Adobe Reader and Acrobat before 11.0.17, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4190 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4189 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4188 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4187 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4186 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4185 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4184 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4183 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4182 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4181 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4180 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4179 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4178 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4177 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4176 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4175 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4174 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4173 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 ...)
	NOT-FOR-US: Adobe
CVE-2016-4172 (Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4171 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4170 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...)
	NOT-FOR-US: Adobe
CVE-2016-4169 (Adobe Experience Manager 6.0, 6.1, and 6.2 allow attackers to obtain ...)
	NOT-FOR-US: Adobe
CVE-2016-4168 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...)
	NOT-FOR-US: Adobe
CVE-2016-4167 (Adobe DNG Software Development Kit (SDK) before 1.4 2016 allows ...)
	NOT-FOR-US: Adobe
CVE-2016-4166 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4165 (The extension manager in Adobe Brackets before 1.7 allows attackers to ...)
	NOT-FOR-US: Adobe
CVE-2016-4164 (Cross-site scripting (XSS) vulnerability in Adobe Brackets before 1.7 ...)
	NOT-FOR-US: Adobe
CVE-2016-4163 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4162 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4161 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4160 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4159 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-4158 (Unquoted Windows search path vulnerability in Adobe Creative Cloud ...)
	NOT-FOR-US: Adobe
CVE-2016-4157 (Untrusted search path vulnerability in the installer in Adobe Creative ...)
	NOT-FOR-US: Adobe
CVE-2016-4156 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4155 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4154 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4153 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4152 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4151 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4150 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4149 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4148 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4147 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4146 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4145 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4144 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4143 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4142 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4141 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4140 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4139 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4138 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4137 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4136 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4135 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4134 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4133 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4132 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4131 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4130 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4129 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4128 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4127 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4126 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4125 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4124 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4123 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4122 (Unspecified vulnerability in Adobe Flash Player 21.0.0.242 and ...)
	NOT-FOR-US: Adobe
CVE-2016-4121 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 ...)
	NOT-FOR-US: Adobe
CVE-2016-4120 (Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-4119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-4118 (Untrusted search path vulnerability in the installer in Adobe Connect ...)
	NOT-FOR-US: Adobe
CVE-2016-4117 (Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4116 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4115 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4114 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4113 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4112 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4111 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4110 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4109 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4108 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-4107 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4106 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4105 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4104 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4103 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4102 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4101 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4100 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4099 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4098 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4097 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4096 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4095 (Adobe Reader and Acrobat before 11.0.18, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4094 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4092 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4091 (Heap-based buffer overflow in Adobe Reader and Acrobat before 11.0.16, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4090 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4089 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-4340 (The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 ...)
	- gitlab 8.8.2+dfsg-1 (bug #823290)
	NOTE: https://about.gitlab.com/2016/05/02/cve-2016-4340-patches/
CVE-2016-4087 (Huawei S12700 switches with software before V200R008C00SPC500 and ...)
	NOT-FOR-US: Huawei
CVE-2016-4086 (Huawei HiSuite (In China) before 4.0.4.301 and (Out of China) before ...)
	NOT-FOR-US: Huawei HiSuite Device Manager
CVE-2016-4075 (Opera Mini 13 and Opera Stable 36 allow remote attackers to spoof the ...)
	NOT-FOR-US: Opera
CVE-2016-4067
	RESERVED
CVE-2016-4066 (Cross-site request forgery (CSRF) vulnerability in Fortinet FortiWeb ...)
	NOT-FOR-US: Fortinet
CVE-2016-4065 (The ConvertToPDF plugin in Foxit Reader and PhantomPDF before 7.3.4 on ...)
	NOT-FOR-US: Foxit
CVE-2016-4064 (Use-after-free vulnerability in the XFA forms handling functionality ...)
	NOT-FOR-US: Foxit
CVE-2016-4063 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-4062 (Foxit Reader and PhantomPDF before 7.3.4 on Windows improperly report ...)
	NOT-FOR-US: Foxit
CVE-2016-4061 (Foxit Reader and PhantomPDF before 7.3.4 on Windows allow remote ...)
	NOT-FOR-US: Foxit
CVE-2016-4060 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-4059 (Use-after-free vulnerability in Foxit Reader and PhantomPDF before ...)
	NOT-FOR-US: Foxit
CVE-2016-4074 (The jv_dump_term function in jq 1.5 allows remote attackers to cause a ...)
	- jq 1.5+dfsg-1.1 (low; bug #822456)
	[jessie] - jq 1.4-2.1+deb8u1
	NOTE: https://github.com/stedolan/jq/issues/1136
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/24/3
CVE-2016-4069 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
	{DLA-613-1}
	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4957
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
	NOTE: https://github.com/roundcube/roundcubemail/commit/4a408843b0ef816daf70a472a02b78cd6073a4d5
	NOTE: https://github.com/roundcube/roundcubemail/commit/699af1e5206ed9114322adaa3c25c1c969640a53 (release-1.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
CVE-2016-4068 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
	{DLA-537-1}
	- roundcube 1.2.1+dfsg.1-1
	NOTE: https://github.com/roundcube/roundcubemail/issues/5398
	NOTE: https://github.com/roundcube/roundcubemail/commit/a1fdb205f824dee7fd42dda739f207abc85ce158
CVE-2015-8864 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
	{DLA-537-1}
	- roundcube 1.1.5+dfsg.1-1 (bug #822333)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4949
	NOTE: https://github.com/roundcube/roundcubemail/wiki/Changelog#release-115
	NOTE: https://github.com/roundcube/roundcubemail/commit/40d7342dd9c9bd2a1d613edc848ed95a4d71aa18
	NOTE: https://github.com/roundcube/roundcubemail/commit/7bbefdb63b12e2344cf1cb87aeb6e3933b4063e0 (release-1.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/3
	NOTE: https://lists.debian.org/debian-lts/2016/06/msg00159.html
CVE-2016-4085 (Stack-based buffer overflow in epan/dissectors/packet-ncp2222.inc in ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.0~rc2+g74e5b56-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-28.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=12293
	NOTE: Doesn't affect 2.x series
CVE-2016-4084 (Integer signedness error in epan/dissectors/packet-mswsp.c in the ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4083 (epan/dissectors/packet-mswsp.c in the MS-WSP dissector in Wireshark ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-27.html
CVE-2016-4082 (epan/dissectors/packet-gsm_cbch.c in the GSM CBCH dissector in ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-26.html
CVE-2016-4006 (epan/proto.c in Wireshark 1.12.x before 1.12.11 and 2.0.x before 2.0.3 ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-25.html
CVE-2016-4081 (epan/dissectors/packet-iax2.c in the IAX2 dissector in Wireshark ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-24.html
CVE-2016-4080 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-23.html
CVE-2016-4079 (epan/dissectors/packet-pktc.c in the PKTC dissector in Wireshark ...)
	{DSA-3585-1 DLA-497-1}
	- wireshark 2.0.3+geed34f0-1 (low)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-22.html
CVE-2016-4078 (The IEEE 802.11 dissector in Wireshark 1.12.x before 1.12.11 and 2.0.x ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (vulnerable code not present)
	[wheezy] - wireshark <not-affected> (vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-21.html
	NOTE: Upstream lists 1.12.x affected, I have contacted them for clarification
CVE-2016-4077 (epan/reassemble.c in TShark in Wireshark 2.0.x before 2.0.3 relies on ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-20.html
CVE-2016-4076 (epan/dissectors/packet-ncp2222.inc in the NCP dissector in Wireshark ...)
	- wireshark 2.0.3+geed34f0-1 (low)
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-19.html
CVE-2016-4058 (Cross-site scripting (XSS) vulnerability in Huawei Policy Center ...)
	NOT-FOR-US: Huawei
CVE-2016-4057 (Huawei FusionCompute before V100R005C10SPC700 allows remote ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2016-6479
	REJECTED
CVE-2016-4055 (The duration function in the moment package before 2.11.2 for Node.js ...)
	- node-moment 2.13.0+ds-1 (unimportant)
	NOTE: https://github.com/moment/moment/pull/2939
	NOTE: https://nodesecurity.io/advisories/55
	NOTE: nodejs not covered by security support
CVE-2016-4050
	REJECTED
CVE-2016-4049 (The bgp_dump_routes_func function in bgpd/bgp_dump.c in Quagga does ...)
	{DSA-3654-1 DLA-601-1}
	- quagga 1.0.20160315-2 (bug #822787)
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-January/014699.html
	NOTE: https://lists.quagga.net/pipermail/quagga-dev/2016-April/015241.html
CVE-2016-4048 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4047 (An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4046 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4045 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-8862 (mustache package before 2.2.1 for Node.js allows remote attackers to ...)
	- mustache.js <unfixed> (unimportant)
	NOTE: node-handlebars only in experimental for now, fixed in 4.0.0
	NOTE: libv8 is not covered by security support
CVE-2015-8861 (The handlebars package before 4.0.0 for Node.js allows remote ...)
	- mustache.js <unfixed> (unimportant)
	NOTE: node-handlebars only in experimental for now, fixed in 4.0.0
	NOTE: libv8 is not covered by security support
CVE-2015-8860 (The tar package before 2.0.0 for Node.js allows remote attackers to ...)
	- node-tar <unfixed> (unimportant)
	NOTE: libv8 is not covered by security support
CVE-2015-8859 (The send package before 0.11.1 for Node.js allows attackers to obtain ...)
	- node-send <unfixed> (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/56
CVE-2015-8858 (The uglify-js package before 2.6.0 for Node.js allows attackers to ...)
	- uglifyjs <unfixed> (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/48
CVE-2015-8854 (The marked package before 0.3.4 for Node.js allows attackers to cause ...)
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/marked_redos
	NOTE: https://github.com/chjj/marked/issues/497
	NOTE: libv8 is not covered by security support
CVE-2014-9772 (The validator package before 2.0.0 for Node.js allows remote attackers ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7454 (The validator module before 1.1.0 for Node.js allows remote attackers ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7453 (The validator module before 1.1.0 for Node.js allows remote attackers ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7452 (The validator module before 1.1.0 for Node.js allows remote attackers ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2013-7451 (The validator module before 1.1.0 for Node.js allows remote attackers ...)
	- validator.js <not-affected> (Fixed before initial release)
CVE-2015-8866 (ext/libxml/libxml.c in PHP before 5.5.22 and 5.6.x before 5.6.6, when ...)
	{DLA-499-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=64938
	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1509817
	NOTE: http://framework.zend.com/security/advisory/ZF2015-06 -> Relation to CVE-2015-5161
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=de31324c221c1791b26350ba106cc26bad23ace9
	NOTE: Fixed in 5.6.6, 5.5.22
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2015-8867 (The openssl_random_pseudo_bytes function in ext/openssl/openssl.c in ...)
	- php7.0 7.0.0-1
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=70014
	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1534203
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=16023f3e3b9c06cf677c3c980e8d574e4c162827
	NOTE: Fixed in 7.0.0, 5.6.12, 5.5.28, 5.5.44
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/21/8
CVE-2016-4056 (Cross-site scripting (XSS) vulnerability in the Backend component in ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
CVE-2016-4054 (Buffer overflow in Squid 3.x before 3.5.17 and 4.x before 4.0.9 allows ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4053 (Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4052 (Multiple stack-based buffer overflows in Squid 3.x before 3.5.17 and ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <not-affected> (Squid 2.x are not vulnerable)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/squid-3.2-11841.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/squid-3.3-12697.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13235.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14034.patch (Squid 3.5)
CVE-2016-4051 (Buffer overflow in cachemgr.cgi in Squid 2.x, 3.x before 3.5.17, and ...)
	{DSA-3625-1 DLA-478-1}
	- squid3 3.5.17-1
	- squid <removed>
	[wheezy] - squid <not-affected> (cachemgr.cgi not installed. squid-cgi binary package built from squid3)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_5.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.2/changesets/SQUID-2016_5.patch (Squid 3.2)
	NOTE: http://www.squid-cache.org/Versions/v3/3.3/changesets/SQUID-2016_5.patch (Squid 3.3)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/SQUID-2016_5.patch (Squid 3.4)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_5.patch (Squid 3.5)
	NOTE: Fixed in wheezy by DLA-556-1, c.f. CVE-2016-5408
CVE-2016-4044
	RESERVED
CVE-2016-4043 (Chameleon (five.pt) in Plone 5.0rc1 through 5.1a1 allows remote ...)
	NOT-FOR-US: Plone
CVE-2016-4042 (Plone 3.3 through 5.1a1 allows remote attackers to obtain information ...)
	NOT-FOR-US: Plone
CVE-2016-4041 (Plone 4.0 through 5.1a1 does not have security declarations for ...)
	NOT-FOR-US: Plone
CVE-2016-4040 (SQL injection vulnerability in the Workflow Screen in dotCMS before ...)
	NOT-FOR-US: dotCMS
CVE-2015-8853 (The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in ...)
	- perl 5.22.1-1 (bug #821848)
	[jessie] - perl 5.20.2-3+deb8u5
	[wheezy] - perl <no-dsa> (Minor issue)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=123562
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/20/5
CVE-2015-8863 (Off-by-one error in the tokenadd function in jv_parse.c in jq allows ...)
	- jq 1.5+dfsg-1.1 (low; bug #802231)
	[jessie] - jq 1.4-2.1+deb8u1
	NOTE: https://github.com/stedolan/jq/issues/995
	NOTE: https://github.com/stedolan/jq/commit/8eb1367ca44e772963e704a700ef72ae2e12babd
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/23/1
CVE-2016-4039
	RESERVED
CVE-2016-4036 (The quagga package before 0.99.23-2.6.1 in openSUSE and SUSE Linux ...)
	{DSA-3654-1 DLA-601-1}
	- quagga 1.0.20160315-2 (bug #835223)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=770619
	NOTE: World readable files in /etc/quagga as well in Debian
CVE-2016-3955 (The usbip_recv_xbuff function in drivers/usb/usbip/usbip_common.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: Upstream commit: https://git.kernel.org/linus/b348d7dddb6c4fbfc810b7a0626e8ec9e29f7cbb (v4.6-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/19/1
CVE-2016-4038 (Array index error in the msm_sensor_config function in ...)
	NOT-FOR-US: Samsung Android driver
CVE-2016-4035
	RESERVED
CVE-2016-4034
	RESERVED
CVE-2016-4033
	RESERVED
CVE-2016-4032 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build ...)
	NOT-FOR-US: Samsung
CVE-2016-4031 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build ...)
	NOT-FOR-US: Samsung
CVE-2016-4037 (The ehci_advance_state function in hw/usb/hcd-ehci.c in QEMU allows ...)
	- qemu 1:2.6+dfsg-1 (bug #822344)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg02691.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325129
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/18/3
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=1ae3f2f178087711f9591350abad133525ba93f2 (v2.6.0-rc3)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a49923d2837d20510d645d3758f1ad87c32d0730 (v2.6.0-rc3)
CVE-2016-4030 (Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build ...)
	NOT-FOR-US: Samsung
CVE-2016-4029 (WordPress before 4.5 does not consider octal and hexadecimal IP ...)
	{DSA-3681-1 DLA-633-1}
	- wordpress 4.5+dfsg-1
	NOTE: Fixed by: https://core.trac.wordpress.org/changeset/37115
	NOTE: Fixed by: https://github.com/WordPress/WordPress/commit/af9f0520875eda686fd13a427fd3914d7aded049
	NOTE: Release notes: https://codex.wordpress.org/Version_4.5
CVE-2016-4028 (An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4027 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4026 (An issue was discovered in Open-Xchange OX App Suite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-4025 (Avast Internet Security v11.x.x, Pro Antivirus v11.x.x, Premier ...)
	NOT-FOR-US: Avast
CVE-2016-4023
	RESERVED
CVE-2016-4022
	RESERVED
CVE-2016-4021 (The read_binary function in buffer.c in pgpdump before 0.30 allows ...)
	{DLA-768-1}
	- pgpdump 0.31-0.1 (bug #773747)
	[jessie] - pgpdump 0.28-1+deb8u1
	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2016-030.txt
	NOTE: https://github.com/kazu-yamamoto/pgpdump/pull/16
CVE-2016-4019 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
	NOT-FOR-US: Zimbra
CVE-2016-4018 (The Data Provisioning Agent (aka DP Agent) in SAP HANA does not ...)
	NOT-FOR-US: SAP
CVE-2016-4017 (The Data Provisioning Agent (aka DP Agent) in SAP HANA allows remote ...)
	NOT-FOR-US: SAP
CVE-2016-4016 (Cross-site scripting (XSS) vulnerability in SAP Manufacturing ...)
	NOT-FOR-US: SAP
CVE-2016-4015 (The Enqueue Server in SAP NetWeaver JAVA AS 7.1 through 7.4 allows ...)
	NOT-FOR-US: SAP
CVE-2016-4014 (XML external entity (XXE) vulnerability in the UDDI component in SAP ...)
	NOT-FOR-US: SAP
CVE-2016-XXXX [ZF2016-01: Potential Insufficient Entropy Vulnerability in ZF1]
	- zendframework 1.12.18+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u6
	[wheezy] - zendframework 1.11.13-1.1+deb7u6
	NOTE: http://framework.zend.com/security/advisory/ZF2016-01
CVE-2016-4013
	RESERVED
CVE-2016-4012
	RESERVED
CVE-2016-4011
	RESERVED
CVE-2016-4010 (Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP ...)
	NOT-FOR-US: Magento
	NOTE: https://magento.com/security/patches/magento-206-security-update
	NOTE: http://www.netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
CVE-2016-4007 (Multiple unspecified vulnerabilities in the obs-service-extract_file ...)
	NOT-FOR-US: obs-service-extract_file
CVE-2015-8850
	RESERVED
CVE-2015-8849
	RESERVED
CVE-2015-8848
	RESERVED
CVE-2015-8847
	RESERVED
CVE-2015-8846
	RESERVED
CVE-2015-8843 (The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit ...)
	NOT-FOR-US: Foxit Reader
CVE-2016-4024 (Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #821732)
	NOTE: Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/14/5
CVE-2016-4005 (The Huawei Hilink App application before 3.19.2 for Android does not ...)
	NOT-FOR-US: Huawei
CVE-2016-4004 (Directory traversal vulnerability in Dell OpenManage Server ...)
	NOT-FOR-US: Dell
CVE-2016-4003 (Cross-site scripting (XSS) vulnerability in the URLDecoder function in ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/docs/s2-028.html
CVE-2016-4020 (The patch_instruction function in hw/i386/kvmvapic.c in QEMU does not ...)
	{DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-2 (bug #821062)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01118.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1313686
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/13/6
CVE-2015-8851
	RESERVED
	- node-uuid <unfixed> (unimportant)
	NOTE: https://github.com/broofa/node-uuid/issues/108
	NOTE: https://github.com/broofa/node-uuid/issues/118
	NOTE: https://github.com/broofa/node-uuid/issues/122
	NOTE: https://github.com/broofa/node-uuid/commit/672f3834ed02c798aa021c618d0a5666c8da000d
	NOTE: nodejs not covered by security support
CVE-2015-8844 (The signal implementation in the Linux kernel before 4.3.5 on powerpc ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
	NOTE: Upstream commit: https://git.kernel.org/linus/d2b9d2a5ad5ef04ff978c9923d19730cb05efd55 (v4.4-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/2b0a576d15e0e14751f00f9c87e46bad27f217e7 (v3.9-rc1)
CVE-2015-8845 (The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326540
	NOTE: Upstream commit: https://git.kernel.org/linus/7f821fc9c77a9b01fe7b1d6e72717b33d8d64142 (v4.4-rc3)
	NOTE: Introduced by: https://git.kernel.org/linus/fb09692e71f13af7298eb603a1975850b1c7a8d8 (v3.9-rc1)
CVE-2016-4000 (Jython before 2.7.1rc1 allows attackers to execute arbitrary code via ...)
	{DSA-3893-1 DLA-989-1}
	- jython 2.5.3-17 (bug #864859)
	NOTE: http://bugs.jython.org/issue2454
	NOTE: https://hg.python.org/jython/rev/d06e29d100c0
CVE-2016-3999 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra
CVE-2016-3998 (NetApp AltaVault 4.1 and earlier allows man-in-the-middle attackers to ...)
	NOT-FOR-US: NetApp AltaVault
CVE-2016-3997 (NetApp Clustered Data ONTAP allows man-in-the-middle attackers to ...)
	NOT-FOR-US: NetApp Clustered Data ONTAP
CVE-2016-XXXX [auth bypass]
	- brltty <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=967436
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/04/12/4
	NOTE: Introduced in: https://github.com/brltty/brltty/commit/e62b3c925d03239a372d425fb87b2cac65d8ef19
	NOTE: Fixed by: https://github.com/brltty/brltty/commit/74affe7d1401f2b43ad32e18cb78704d22604ad7
CVE-2015-8868 (Heap-based buffer overflow in the ...)
	{DSA-3563-1 DLA-446-1}
	- poppler 0.38.0-3 (bug #822578)
	NOTE: https://cgit.freedesktop.org/poppler/poppler/commit/?id=b3425dd3261679958cd56c0f71995c15d2124433
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93476
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/12/1
CVE-2016-3996 (ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly ...)
	NOT-FOR-US: Samsung
CVE-2016-3991 (Heap-based buffer overflow in the loadImage function in the tiffcrop ...)
	{DSA-3762-1 DLA-610-1 DLA-606-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2543
	NOTE: Reproducer http://bugs.fi/media/afl/libtiff/CVE-2016-3991.tif
CVE-2016-3990 (Heap-based buffer overflow in the horizontalDifference8 function in ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.7-1 (bug #836570)
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2544
CVE-2016-3989 (The NTP time-server interface on Meinberg IMS-LANTIME M3000, ...)
	NOT-FOR-US: Meinberg
CVE-2016-3988 (Multiple stack-based buffer overflows in the NTP time-server interface ...)
	NOT-FOR-US: Meinberg
CVE-2016-3987 (The HTTP server in Trend Micro Password Manager allows remote web ...)
	NOT-FOR-US: Trend Micro
CVE-2016-3986 (Avast allows remote attackers to cause a denial of service (memory ...)
	NOT-FOR-US: Avast
CVE-2016-3985 (The Terminal Services Remote Desktop Protocol (RDP) client session ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2016-3984 (The McAfee VirusScan Console (mcconsol.exe) in McAfee Active Response ...)
	NOT-FOR-US: McAfee
CVE-2016-3983 (McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow ...)
	NOT-FOR-US: McAfee
CVE-2016-3980 (The Java Startup Framework (aka jstart) in SAP JAVA AS 7.2 through 7.4 ...)
	NOT-FOR-US: SAP
CVE-2016-3979 (Internet Communication Manager (aka ICMAN or ICM) in SAP JAVA AS 7.2 ...)
	NOT-FOR-US: SAP
CVE-2016-3978 (The Web User Interface (WebUI) in FortiOS 5.0.x before 5.0.13, 5.2.x ...)
	NOT-FOR-US: FortiOS
CVE-2015-8841 (Heap-based buffer overflow in the Archive support module in ESET NOD32 ...)
	NOT-FOR-US: ESET NOD32
CVE-2016-4002 (Buffer overflow in the mipsnet_receive function in hw/net/mipsnet.c in ...)
	- qemu 1:2.6+dfsg-2 (bug #821061)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1326082
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01131.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/6
CVE-2016-4001 (Buffer overflow in the stellaris_enet_receive function in ...)
	- qemu 1:2.6+dfsg-1 (bug #821038)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1325884
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-04/msg01334.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=3a15cc0e1ee7168db0782133d2607a6bfa422d66 (v2.6.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/4
CVE-2016-4008 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
	{DSA-3568-1 DLA-495-1}
	- libtasn1-6 4.8-1
	- libtasn1-3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/3
	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=f435825c0f527a8e52e6ffbc3ad0bc60531d537e
	NOTE: http://git.savannah.gnu.org/cgit/libtasn1.git/commit/?id=a6e0a0b58f5cdaf4e9beca5bce69c09808cbb625
CVE-2011-5326 (imlib2 before 1.4.9 allows remote attackers to cause a denial of ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #639414)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/5
CVE-2016-3995 (The timing attack protection in Rijndael::Enc::ProcessAndXorBlock and ...)
	- libcrypto++ 5.6.3-6
	[jessie] - libcrypto++ 5.6.1-6+deb8u2
	[wheezy] - libcrypto++ 5.6.1-6+deb7u2
	NOTE: https://github.com/weidai11/cryptopp/issues/146
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/10/6
	NOTE: Initial upload in 5.6.3-5 was incomplete
CVE-2016-3994 (The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #785369)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/6
CVE-2016-4070 (** DISPUTED ** Integer overflow in the php_raw_url_encode function in ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71798
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=95433e8e339dbb6b5d5541473c1661db6ba2c451
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/ea6ff01f6c31f1615a935ef96622d623a6277d37
CVE-2016-4071 (Format string vulnerability in the php_snmp_error function in ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71704
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6e25966544fb1d2f3d7596e060ce9c9269bbdcf8
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4072 (The Phar extension in PHP before 5.5.34, 5.6.x before 5.6.20, and 7.x ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71860
	NOTE: https://gist.github.com/smalyshev/80b5c2909832872f2ba2
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1e9b175204e3286d64dfd6c9f09151c31b5e099a
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-4073 (Multiple integer overflows in the mbfl_strcut function in ...)
	{DSA-3560-1 DLA-499-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	NOTE: Fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: https://bugs.php.net/bug.php?id=71906
	NOTE: https://gist.github.com/smalyshev/d8355c96a657cc5dba70
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=64f42c73efc58e88671ad76b6b6bc8e2b62713e1
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
CVE-2016-3976 (Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through ...)
	NOT-FOR-US: SAP
CVE-2016-3975 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 ...)
	NOT-FOR-US: SAP
CVE-2016-3974 (XML external entity (XXE) vulnerability in the Configuration Wizard in ...)
	NOT-FOR-US: SAP
CVE-2016-3973 (The chat feature in the Real-Time Collaboration (RTC) services 7.3 and ...)
	NOT-FOR-US: SAP
CVE-2016-3972 (Directory traversal vulnerability in the dotTailLogServlet in dotCMS ...)
	NOT-FOR-US: dotCMS
CVE-2016-3971 (Cross-site scripting (XSS) vulnerability in lucene_search.jsp in ...)
	NOT-FOR-US: dotCMS
CVE-2016-3970
	RESERVED
CVE-2015-8840 (The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does ...)
	NOT-FOR-US: SAP
CVE-2014-9771 (Integer overflow in imlib2 before 1.4.7 allows remote attackers to ...)
	{DSA-3555-1}
	- imlib2 1.4.7-1 (bug #820206)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f299
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1324774
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/3
CVE-2014-9770 (tmpfiles.d/systemd.conf in systemd before 214 uses weak permissions ...)
	- systemd 215-1
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
	NOTE: Fixed by (for volatile journals): https://github.com/systemd/systemd/commit/176f2acf8dee45fee832fd2ab07243f63783a238 (v214)
CVE-2015-8842 (tmpfiles.d/systemd.conf in systemd before 229 uses weak permissions ...)
	- systemd 215-1 (bug #825059)
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972612
	NOTE: Introduced by: https://github.com/systemd/systemd/commit/a606871da508995f5ede113a8fc6538afd98966c (v213)
	NOTE: Fixed by (for current persistent journal): https://github.com/systemd/systemd/commit/afae249efa4774c6676738ac5de6aeb4daf4889f (v229)
	NOTE: Starting with 215 Debian no longer ships tmpfiles.d/systemd.conf, so the fixup upstream added as
	NOTE: afae249efa4774c6676738ac5de6aeb4daf4889f for persistent journals is not needed for the packaged
	NOTE: version. Anyone using a custom config needs to ensure proper permissions.
CVE-2016-7921
	REJECTED
CVE-2016-3982 (Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in ...)
	{DSA-3546-1}
	- optipng 0.7.6-1
	NOTE: https://sourceforge.net/p/optipng/bugs/57/
CVE-2016-3981 (Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c ...)
	{DSA-3546-1}
	- optipng 0.7.6-1
	NOTE: https://sourceforge.net/p/optipng/bugs/56/
CVE-2016-3977 (Heap-based buffer overflow in util/gif2rgb.c in gif2rgb in giflib ...)
	- giflib 5.1.4-0.3 (bug #820526)
	[jessie] - giflib <no-dsa> (Minor issue)
	[wheezy] - giflib <no-dsa> (minor issue)
	NOTE: https://sourceforge.net/p/giflib/bugs/87/
	NOTE: https://sourceforge.net/p/giflib/code/ci/ea8dbc5786862a3e16a5acfa3d24e2c2f608cd88/
CVE-2016-3969 (Cross-site scripting (XSS) vulnerability in McAfee Email Gateway (MEG) ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2016-3968 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Cyberoam ...)
	NOT-FOR-US: Sophos
CVE-2016-3967
	RESERVED
CVE-2016-3966
	RESERVED
CVE-2016-3965
	RESERVED
CVE-2016-3964
	RESERVED
CVE-2016-3963 (Siemens SCALANCE S613 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Siemens
CVE-2016-3992 (cronic before 3 allows local users to write to arbitrary files via a ...)
	- cronic 3-1 (bug #820331)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/4
CVE-2016-3962 (Stack-based buffer overflow in the NTP time-server interface on ...)
	NOT-FOR-US: Meinberg
CVE-2016-3961 (Xen and the Linux kernel through 4.5.x do not properly suppress ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: http://xenbits.xen.org/xsa/advisory-174.html
	NOTE: Fixed by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=103f6112f253017d7062cd74d17f4a514ed4485c
CVE-2016-3960 (Integer overflow in the x86 shadow pagetable code in Xen allows local ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-173.html
CVE-2016-3957 (The secure_load function in gluon/utils.py in web2py before 2.14.2 ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3956 (The CLI in npm before 2.15.1 and 3.x before 3.8.3, as used in Node.js ...)
	- npm <unfixed> (bug #850322)
	[jessie] - npm <no-dsa> (Minor issue)
	NOTE: https://github.com/npm/npm/issues/8380
	NOTE: https://github.com/npm/npm/commit/fea8cc92cee02c720b58f95f14d315507ccad401 (2.15.1)
	NOTE: https://github.com/npm/npm/commit/f67ecad59e99a03e5aad8e93cd1a086ae087cb29 (3.8.3)
CVE-2016-3954 (web2py before 2.14.2 allows remote attackers to obtain the ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3953 (The sample web application in web2py before 2.14.2 might allow remote ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3952 (web2py before 2.14.1, when using the standalone version, allows remote ...)
	- web2py <removed> (bug #891220)
	[jessie] - web2py <not-affected> (Vulnerable code not present)
	[wheezy] - web2py <not-affected> (Vulnerable code not present)
CVE-2016-3951 (Double free vulnerability in drivers/net/usb/cdc_ncm.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: https://git.kernel.org/linus/4d06dd537f95683aba3651098ae288b7cbff8274 (v4.5)
	NOTE: https://git.kernel.org/linus/1666984c8625b3db19a9abc298931d35ab7bc64b (v4.5)
	NOTE: https://www.spinics.net/lists/netdev/msg367669.html
CVE-2016-3950 (Huawei AR3200 routers with software before V200R006C10SPC300 allow ...)
	NOT-FOR-US: Huawei AR3200 routers
CVE-2016-3949 (Siemens SIMATIC S7-300 Profinet-enabled CPU devices with firmware ...)
	NOT-FOR-US: Siemens
CVE-2016-3959 (The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x ...)
	- golang 2:1.6.1-1 (bug #820369)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://golang.org/cl/21533
CVE-2016-3958 (Untrusted search path vulnerability in Go before 1.5.4 and 1.6.x ...)
	- golang <not-affected> (Only affects Go on Windows)
	NOTE: https://golang.org/cl/21428
CVE-2016-3946 (SAP Console (aka SAPConsole) 7.30 allows local users to discover SAP ...)
	NOT-FOR-US: SAP
CVE-2016-3945 (Multiple integer overflows in the (1) cvt_by_strip and (2) cvt_by_tile ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.7-1
	- tiff3 <removed> (unimportant)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2545
CVE-2015-8865 (The file_check_mem function in funcs.c in file before 5.23, as used in ...)
	{DSA-3560-1 DLA-499-1 DLA-460-1}
	- php7.0 7.0.5-1
	- php5 5.6.20+dfsg-1
	- file 1:5.24-1 (bug #827377)
	[jessie] - file 1:5.22+15-2+deb8u2
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: http://bugs.gw.com/view.php?id=522
	NOTE: https://github.com/file/file/commit/6713ca45e7757297381f4b4cdb9cf5e624a9ad36
	NOTE: https://bugs.php.net/bug.php?id=71527
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=fe13566c93f118a15a96320a546c7878fd0cfc5e
	NOTE: PHP fixed in 7.0.5, 5.6.20, 5.5.34
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/11/7
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/4e614ba041e24af8351afbb49c92444c0850f23b
CVE-2016-3993 (Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c ...)
	{DSA-3555-1}
	- imlib2 1.4.8-1 (bug #819818)
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/09/5
CVE-2012-XXXX [Option -localhost seems to fail to restrict ipv6 access]
	- x11vnc <unfixed> (bug #672435)
	[stretch] - x11vnc <ignored> (Minor issue; workaround exits)
	[jessie] - x11vnc <ignored> (Minor issue; workaround exits)
	[wheezy] - x11vnc <ignored> (Minor issue; workaround exits)
CVE-2016-3948 (Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds ...)
	- squid3 3.5.16-1 (bug #819784)
	[jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	- squid <removed>
	[wheezy] - squid <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14016.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_4.txt
CVE-2016-3947 (Heap-based buffer overflow in the Icmp6::Recv function in ...)
	- squid3 3.5.16-1 (bug #819783)
	[jessie] - squid3 <no-dsa> (Minor issue)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	- squid <removed>
	[wheezy] - squid <no-dsa> (Minor issue)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_3.txt
CVE-2016-3944 (UpdateAgent in Lenovo Accelerator Application allows man-in-the-middle ...)
	NOT-FOR-US: Lenovo
CVE-2016-3943 (Panda Endpoint Administration Agent before 7.50.00, as used in Panda ...)
	NOT-FOR-US: Panda
CVE-2016-3942
	RESERVED
CVE-2016-3940 (The Synaptics touchscreen driver in Android before 2016-10-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-3939 (drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3938 (drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3937 (The MediaTek video driver in Android before 2016-10-05 allows ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3936 (The MediaTek video driver in Android before 2016-10-05 allows ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3935 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3934 (drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3933 (mediaserver in Android before 2016-10-05 on Nexus 9 and Pixel C ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3932 (mediaserver in Android before 2016-10-05 allows attackers to gain ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3931 (drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3930 (The NVIDIA MMC test driver in Android before 2016-10-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3929 (Unspecified vulnerability in a Qualcomm component in Android before ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3928 (The MediaTek video driver in Android before 2016-10-05 allows ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3927 (Unspecified vulnerability in a Qualcomm component in Android before ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3926 (Unspecified vulnerability in a Qualcomm component in Android before ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3925 (server/wifi/anqp/ANQPFactory.java in Android 6.x before 2016-10-01 and ...)
	NOT-FOR-US: Android
CVE-2016-3924 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3923 (The Accessibility services in Android 7.0 before 2016-10-01 mishandle ...)
	NOT-FOR-US: Android
CVE-2016-3922 (libril/RilSapSocket.cpp in Telephony in Android 6.x before 2016-10-01 ...)
	NOT-FOR-US: Android Telephony
CVE-2016-3921 (libsysutils/src/FrameworkListener.cpp in Framework Listener in Android ...)
	- android-platform-system-core <not-affected> (libsysutils not included, bug #858177)
CVE-2016-3920 (id3/ID3.cpp in libstagefright in mediaserver in Android 5.0.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-3919
	REJECTED
CVE-2016-3918 (email/provider/AttachmentProvider.java in AOSP Mail in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-3917 (The fingerprint login feature in Android 6.0.1 before 2016-10-01 and ...)
	NOT-FOR-US: Android
CVE-2016-3916 (camera/src/camera_metadata.c in the Camera service in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-3915 (camera/src/camera_metadata.c in the Camera service in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-3914 (Race condition in providers/telephony/MmsProvider.java in Telephony in ...)
	NOT-FOR-US: Android Telephony
CVE-2016-3913 (media/libmediaplayerservice/MediaPlayerService.cpp in mediaserver in ...)
	NOT-FOR-US: Android
CVE-2016-3912 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
	NOT-FOR-US: Android
CVE-2016-3911 (core/java/android/os/Process.java in Zygote in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-3910 (services/soundtrigger/SoundTriggerHwService.cpp in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3909 (The SoftMPEG4 component in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: libstagefright
CVE-2016-3908 (The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 ...)
	NOT-FOR-US: Android
CVE-2016-3907 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-3906 (An information disclosure vulnerability in Qualcomm components ...)
	NOT-FOR-US: Qualcomm components for Android
CVE-2016-3905 (CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3904 (An elevation of privilege vulnerability in the Qualcomm bus driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3903 (drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3902 (drivers/platform/msm/ipa/ipa_qmi_service.c in the Qualcomm IPA driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3901 (Multiple integer overflows in drivers/crypto/msm/qcedev.c in the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3900 (cmds/servicemanager/service_manager.c in ServiceManager in Android ...)
	NOT-FOR-US: Android
CVE-2016-3899 (OMXCodec.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-3898 (Telephony in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x ...)
	NOT-FOR-US: Android
CVE-2016-3897 (The WifiEnterpriseConfig class in net/wifi/WifiEnterpriseConfig.java ...)
	NOT-FOR-US: Android
CVE-2016-3896 (AOSP Mail in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-3895 (Integer overflow in the Region::unflatten function in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3894 (The Qualcomm DMA component in Android before 2016-09-05 on Nexus 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3893 (The wcdcal_hwdep_ioctl_shared function in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3892 (The Qualcomm SPMI driver in Android before 2016-09-05 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3891
	RESERVED
CVE-2016-3890 (The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp ...)
	- android-platform-system-core 1:6.0.1+r43-1
	[jessie] - android-platform-system-core <no-dsa> (Minor issue)
CVE-2016-3889 (Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows ...)
	NOT-FOR-US: Android
CVE-2016-3888 (internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android
CVE-2016-3887 (providers/settings/SettingsProvider.java in Android 7.0 before ...)
	NOT-FOR-US: Android
CVE-2016-3886 (systemui/statusbar/phone/QuickStatusBarHeader.java in the System UI ...)
	NOT-FOR-US: Android
CVE-2016-3885 (debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, ...)
	- android-platform-system-core <not-affected> (debugged not provided, see bug #858177)
CVE-2016-3884 (server/notification/NotificationManagerService.java in the ...)
	NOT-FOR-US: Android
CVE-2016-3883 (internal/telephony/SMSDispatcher.java in Telephony in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-3882 (Off-by-one error in server/wifi/anqp/VenueNameElement.java in Wi-Fi in ...)
	NOT-FOR-US: Android
CVE-2016-3881 (The decoder_peek_si_internal function in vp9/vp9_dx_iface.c in libvpx ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <ignored> (Minor issue)
	[wheezy] - libvpx <not-affected> (Vulnerable source not present)
	NOTE: probably fixed earlier, but this was the version checked
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da
CVE-2016-3880 (Multiple buffer overflows in rtsp/ASessionDescription.cpp in ...)
	NOT-FOR-US: libstagefright
CVE-2016-3879 (arm-wt-22k/lib_src/eas_mdls.c in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3878 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-09-01 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3877 (Unspecified vulnerability in Android before 2016-09-01 has unknown ...)
	NOT-FOR-US: Android
CVE-2016-3876 (providers/settings/SettingsProvider.java in Android 6.x before ...)
	NOT-FOR-US: Android
CVE-2016-3875 (server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 ...)
	NOT-FOR-US: Android
CVE-2016-3874 (CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3873 (The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3872 (Buffer overflow in codecs/on2/dec/SoftVPX.cpp in libstagefright in ...)
	NOT-FOR-US: libstagefright
CVE-2016-3871 (Multiple buffer overflows in codecs/mp3dec/SoftMP3.cpp in ...)
	NOT-FOR-US: libstagefright
CVE-2016-3870 (omx/SimpleSoftOMXComponent.cpp in libstagefright in mediaserver in ...)
	NOT-FOR-US: libstagefright
CVE-2016-3869 (The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-3868 (The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3867 (The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3866 (The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3865 (The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus ...)
	NOT-FOR-US: Synaptics driver for Android
CVE-2016-3864 (The Qualcomm radio interface layer in Android before 2016-09-05 on ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3863 (Multiple stack-based buffer overflows in the AVCC reassembly ...)
	NOT-FOR-US: libstagefright
CVE-2016-3862 (media/ExifInterface.java in mediaserver in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: libstagefright
CVE-2016-3861 (LibUtils in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
	- android-platform-system-core 1:7.0.0+r1-4  (unimportant; bug #858177)
	NOTE: Not running as a privileged process in SDK
CVE-2016-3860 (sound/soc/msm/qdsp6v2/audio_calibration.c in the Qualcomm sound driver ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3859 (The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3858 (Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3857 (The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices ...)
	{DLA-609-1}
	- linux 4.7.2-1 (unimportant)
	NOTE: Fixed by: https://git.kernel.org/linus/7de249964f5578e67b99699c5f0b405738d820a2 (v4.8-rc2)
	NOTE: CONFIG_OABI_COMPAT disabled in 3.13.4-1, cf. #728975
CVE-2016-3856 (netd in Android before 2016-08-05 mishandles tethering and stdio ...)
	NOT-FOR-US: Android
CVE-2016-3855 (drivers/thermal/supply_lm_core.c in the Qualcomm components in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3854 (drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3853 (Google Play services in Android before 2016-08-05 on Nexus devices ...)
	NOT-FOR-US: Android
CVE-2016-3852 (The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3851 (The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X ...)
	NOT-FOR-US: LG bootloader for Android
CVE-2016-3850 (Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in ...)
	NOT-FOR-US: Qualcomm bootloader for Android
CVE-2016-3849 (The ION driver in Android before 2016-08-05 on Pixel C devices allows ...)
	NOT-FOR-US: ION driver for Android
CVE-2016-3848 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3847 (The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3846 (The Serial Peripheral Interface driver in Android before 2016-08-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3845 (The video driver in the kernel in Android before 2016-08-05 on Nexus 5 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3844 (mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3843 (Android before 2016-08-05 does not properly restrict code execution in ...)
	NOT-FOR-US: Android
CVE-2016-3842 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3841 (The IPv6 stack in the Linux kernel before 4.3.3 mishandles options ...)
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	NOTE: Fixed by: https://git.kernel.org/linus/45f6fad84cc305103b28d73482b344d7f5b76f39 (v4.4-rc4)
CVE-2016-3840 (Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-3839 (Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-3838 (Android 6.x before 2016-08-01 allows attackers to cause a denial of ...)
	NOT-FOR-US: Android
CVE-2016-3837 (service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android ...)
	NOT-FOR-US: Android
CVE-2016-3836 (The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before ...)
	NOT-FOR-US: Android
CVE-2016-3835 (The secure-session feature in the mm-video-v4l2 venc component in ...)
	NOT-FOR-US: Android
CVE-2016-3834 (The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-3833 (The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-3832 (The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, ...)
	NOT-FOR-US: Android
CVE-2016-3831 (The telephony component in Android 4.x before 4.4.4, 5.0.x before ...)
	NOT-FOR-US: Android
CVE-2016-3830 (codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: libstagefright
CVE-2016-3829 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3828 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3827 (codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in ...)
	NOT-FOR-US: libstagefright
CVE-2016-3826 (services/audioflinger/Effects.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3825 (mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3824 (omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: libstagefright
CVE-2016-3823 (The secure-session feature in the mm-video-v4l2 venc component in ...)
	NOT-FOR-US: Android
CVE-2016-3822 (exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android ...)
	{DSA-3825-1 DLA-864-1}
	- jhead 1:3.00-4 (bug #858213)
CVE-2016-3821 (libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3820 (The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3819 (Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in ...)
	NOT-FOR-US: libstagefright
CVE-2016-3818 (libc in Android 4.x before 4.4.4 allows remote attackers to cause a ...)
	NOT-FOR-US: Android libc
CVE-2016-3817
	REJECTED
CVE-2016-3816 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3815 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3814 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3813 (The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3812 (The MediaTek video codec driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3811 (The kernel video driver in Android before 2016-07-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3810 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3809 (The networking component in Android before 2016-07-05 on Android One, ...)
	NOT-FOR-US: Android
CVE-2016-3808 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3807 (The serial peripheral interface driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android
CVE-2016-3806 (The MediaTek display driver in Android before 2016-07-05 on Android ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3805 (The MediaTek power management driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3804 (The MediaTek power management driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3803 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3802 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3801 (The MediaTek GPS driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3800 (The MediaTek video driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3799 (The MediaTek video driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3798 (The MediaTek hardware sensor driver in Android before 2016-07-05 on ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3797 (The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3796 (The MediaTek power driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3795 (The MediaTek power driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-3794
	REJECTED
CVE-2016-3793 (The NVIDIA camera driver in Android before 2016-07-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-3792 (CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-3791
	REJECTED
CVE-2016-3790
	REJECTED
CVE-2016-3789
	REJECTED
CVE-2016-3788
	REJECTED
CVE-2016-3787
	REJECTED
CVE-2016-3786
	REJECTED
CVE-2016-3785
	REJECTED
CVE-2016-3784
	REJECTED
CVE-2016-3783
	REJECTED
CVE-2016-3782
	REJECTED
CVE-2016-3781
	REJECTED
CVE-2016-3780
	REJECTED
CVE-2016-3779
	REJECTED
CVE-2016-3778
	REJECTED
CVE-2016-3777
	REJECTED
CVE-2016-3776
	REJECTED
CVE-2016-3775 (The kernel filesystem implementation in Android before 2016-07-05 on ...)
	NOT-FOR-US: Android kernel
	NOTE: https://source.android.com/security/bulletin/2016-07-01.html
	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.
CVE-2016-3774 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3773 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3772 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3771 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3770 (The MediaTek drivers in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3769 (The NVIDIA video driver in Android before 2016-07-05 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA drivers for Android
CVE-2016-3768 (The Qualcomm performance component in Android before 2016-07-05 on ...)
	NOT-FOR-US: Qualcomm drivers for Android
CVE-2016-3767 (The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One ...)
	NOT-FOR-US: MediaTek drivers for Android
CVE-2016-3766 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-3765 (decoder/impeg2d_bitstream.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3764 (media/libmediaplayerservice/MetadataRetrieverClient.cpp in mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3763 (net/PacProxySelector.java in the Proxy Auto-Config (PAC) feature in ...)
	NOT-FOR-US: Android
CVE-2016-3762 (The sockets subsystem in Android 5.0.x before 5.0.2, 5.1.x before ...)
	NOT-FOR-US: Android SELinux policy
CVE-2016-3761 (NfcService.java in NFC in Android 4.x before 4.4.4, 5.0.x before ...)
	NOT-FOR-US: Android
CVE-2016-3760 (Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x ...)
	NOT-FOR-US: Android
CVE-2016-3759 (The Framework APIs in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-3758 (Multiple buffer overflows in libdex/OptInvocation.cpp in ...)
	- android-platform-dalvik 6.0.1+r55-1
CVE-2016-3757 (The print_maps function in toolbox/lsof.c in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: toolbox
CVE-2016-3756 (Tremolo/res012.c in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3755 (decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3754 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3753 (mediaserver in Android 4.x before 4.4.4 allows remote attackers to ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3752 (internal/app/ChooserActivity.java in the ChooserTarget service in ...)
	NOT-FOR-US: Android
CVE-2016-3751 (Unspecified vulnerability in libpng before 1.6.20, as used in Android ...)
	NOT-FOR-US: Specific CVE assignment for libpng "fork" used on Android
CVE-2016-3750 (libs/binder/Parcel.cpp in the Parcels Framework APIs in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-3749 (server/LockSettingsService.java in LockSettingsService in Android 6.x ...)
	NOT-FOR-US: Android
CVE-2016-3748 (The sockets subsystem in Android 6.x before 2016-07-01 allows ...)
	NOT-FOR-US: Android SELinux policy
CVE-2016-3747 (Use-after-free vulnerability in the mm-video-v4l2 venc component in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3746 (Use-after-free vulnerability in the mm-video-v4l2 vdec component in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3745 (Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3744 (Buffer overflow in the create_pbuf function in btif/src/btif_hh.c in ...)
	NOT-FOR-US: Android
CVE-2016-3743 (decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-07-01 ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3742 (decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3741 (The H.264 decoder in mediaserver in Android 6.x before 2016-07-01 does ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-3740 (Heap-based buffer overflow in the CreateFXPDFConvertor function in ...)
	NOT-FOR-US: Foxit
CVE-2016-3739 (The (1) mbed_connect_step1 function in lib/vtls/mbedtls.c and (2) ...)
	- curl 7.50.1-1 (unimportant)
	NOTE: only relevant when built with mbedTLS/PolarSSL
	NOTE: Source-wise fixed in 7.49.0
CVE-2016-3738 (Red Hat OpenShift Enterprise 3.2 does not properly restrict access to ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2016-3737 (The server in Red Hat JBoss Operations Network (JON) before 3.3.6 ...)
	NOT-FOR-US: Red Hat / JBoss Operations Network server
CVE-2016-3736
	RESERVED
CVE-2016-3735
	RESERVED
CVE-2016-3734 (Cross-site request forgery (CSRF) vulnerability in markposts.php in ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53755
CVE-2016-3733 (The &quot;restore teacher&quot; feature in Moodle 3.0 through 3.0.3, 2.9 through ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
CVE-2016-3732 (The capability check to access other badges in Moodle 3.0 through ...)
	- moodle <not-affected> (Does only affect 2.8 and newer)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53589
CVE-2016-3731 (Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, and 2.8 through 2.8.11 ...)
	- moodle <not-affected> (Does only affect 2.8 and newer)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53696
CVE-2016-3730
	RESERVED
CVE-2016-3729 (The user editing form in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, ...)
	- moodle 2.7.14+dfsg-1
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53954
CVE-2016-3728 (Eval injection vulnerability in tftp_api.rb in the TFTP module in the ...)
	- foreman <itp> (bug #663101)
CVE-2016-3727 (The API URL computer/(master)/api/xml in Jenkins before 2.3 and LTS ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3726 (Multiple open redirect vulnerabilities in Jenkins before 2.3 and LTS ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3725 (Jenkins before 2.3 and LTS before 1.651.2 allows remote authenticated ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3724 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3723 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3722 (Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3721 (Jenkins before 2.3 and LTS before 1.651.2 might allow remote ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-05-11
CVE-2016-3720 (XML external entity (XXE) vulnerability in XmlMapper in the Data ...)
	- jackson-dataformat-xml 2.7.4-1 (bug #823703)
	NOTE: https://github.com/FasterXML/jackson-dataformat-xml/commit/f0f19a4c924d9db9a1e2830434061c8640092cc0 (2.7.4)
CVE-2016-3719
	REJECTED
CVE-2016-3718 (The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x ...)
	{DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3717 (The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
	{DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3716 (The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 ...)
	{DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3715 (The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before ...)
	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
CVE-2016-3714 (The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, ...)
	{DSA-3746-1 DSA-3580-1 DLA-486-1 DLA-484-1}
	- imagemagick 8:6.9.6.2+dfsg-2
	NOTE: Workaround: https://bugzilla.redhat.com/show_bug.cgi?id=1332492#c3
	NOTE: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
	NOTE: Original upstream applied patches are incomplete and still to be finished
	NOTE: https://imagetragick.com/
	NOTE: notice how the workaround differs between the three refs above
	NOTE: PLT format removed with: https://github.com/ImageMagick/ImageMagick/commit/e87116ab2bd070c47943d4118a18c8f3a47461e2
	- graphicsmagick 1.3.24-1
	NOTE: https://sourceforge.net/p/graphicsmagick/mailman/message/35072963/
	NOTE: https://sourceforge.net/p/graphicsmagick/code/ci/45998a25992d1142df201d8cf024b6c948b40748/
CVE-2016-3713 (The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel ...)
	- linux 4.5.4-1
	[jessie] - linux <not-affected> (Introduced in v4.2-rc1)
	[wheezy] - linux <not-affected> (Introduced in v4.2-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/910a6aae4e2e45855efc4a268e43eed2d8445575 (v4.2-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1332139
CVE-2016-3712 (Integer overflow in the VGA module in QEMU allows local guest OS users ...)
	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
	- qemu 1:2.6+dfsg-1 (bug #823830)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (default configuration not vulnerable)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3711 (HAproxy in Red Hat OpenShift Enterprise 3.2 and OpenShift Origin ...)
	NOT-FOR-US: OpenShift
CVE-2016-3710 (The VGA module in QEMU improperly performs bounds checking on banked ...)
	{DSA-3573-1 DLA-571-1 DLA-540-1 DLA-539-1}
	- qemu 1:2.6+dfsg-1 (bug #823830)
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (default configuration not vulnerable)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-179.html
	NOTE: mitigation: run HVM in stubdomains, PV, default video card not vulnerable, i386-only
CVE-2016-3709
	RESERVED
CVE-2016-3708 (Red Hat OpenShift Enterprise 3.2, when multi-tenant SDN is enabled and ...)
	NOT-FOR-US: OpenShiftEnterprise / Red Hat
CVE-2016-3707 (The icmp_check_sysrq function in net/ipv4/icmp.c in the kernel.org ...)
	- linux 3.15~rc5-1~exp1 (unimportant)
	NOTE: This is not really fixed in 3.15, but depends on the rt feature set patches applied
	NOTE: more details in kernel-sec repository.
	NOTE: https://lwn.net/Articles/448790/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1327484
CVE-2016-3706 (Stack-based buffer overflow in the getaddrinfo function in ...)
	{DLA-494-1}
	- glibc 2.22-8
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=20010
CVE-2016-3705 (The (1) xmlParserEntityCheck and (2) xmlParseAttValueComplex functions ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #823414)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8f30bdff69edac9075f4663ce3b56b0c52d48ce6 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=765207
CVE-2016-3704 (Pulp before 2.8.5 uses bash's $RANDOM in an unsafe way to generate ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3703 (Red Hat OpenShift Enterprise 3.2 and 3.1 do not properly validate the ...)
	NOT-FOR-US: OpenShift
CVE-2016-3702 (Padding oracle flaw in CloudForms Management Engine (aka CFME) 5 ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2016-3701
	RESERVED
CVE-2016-3700
	RESERVED
CVE-2016-3699 (The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat ...)
	- linux <not-affected> (Fixed before we first included the securelevel patchset)
	NOTE: https://github.com/mjg59/linux/commit/a4a5ed2835e8ea042868b7401dced3f517cafa76
	NOTE: securelevel patchset added in 4.5.1-1
CVE-2016-3698 (libndp before 1.6, as used in NetworkManager, does not properly ...)
	{DSA-3581-1}
	- libndp 1.6-1 (bug #824545)
	NOTE: https://github.com/jpirko/libndp/commit/a4892df306e0532487f1634ba6d4c6d4bb381c7f
	NOTE: https://github.com/jpirko/libndp/commit/2af9a55b38b55abbf05fd116ec097d4029115839
CVE-2016-3697 (libcontainer/user/user.go in runC before 0.1.0, as used in Docker ...)
	- docker.io <not-affected> (Vulnerable code not present)
	NOTE: Affected file not present, but docker.io probably needs to be rebuild with fixed runc
	- runc 0.1.0+dfsg-1
	NOTE: https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091 (runc, v0.1.0)
	NOTE: https://github.com/docker/docker/commit/da38ac6c79fe902ed0687afc73d731c95c6d491a (docker)
CVE-2016-3696 (The pulp-qpid-ssl-cfg script in Pulp before 2.8.5 allows local users ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3695 (The einj_error_inject function in drivers/acpi/apei/einj.c in the ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2016-3694 (Multiple SQL injection vulnerabilities in modified eCommerce ...)
	NOT-FOR-US: eCommerce Shopsoftware
CVE-2016-3693 (The Safemode gem before 1.2.4 for Ruby, when initialized with a ...)
	- foreman <itp> (bug #663101)
CVE-2016-3692
	RESERVED
CVE-2016-3691 (Routes in Kallithea before 0.3.2 allows remote attackers to bypass the ...)
	- kallithea <itp> (bug #689573)
CVE-2016-3690 (The PooledInvokerServlet in JBoss EAP 4.x and 5.x allows remote ...)
	NOT-FOR-US: PooledInvokerServlet
CVE-2016-3941 (Buffer overflow in the AStreamPeekStream function in input/stream.c in ...)
	- vlc 2.2.0-1
	[wheezy] - vlc <end-of-life> (Unsupported in -lts)
	NOTE: https://bugs.launchpad.net/bugs/1533633
	NOTE: It is unclear when this was fixed exactly, marking the version in jessie as fixed for now
CVE-2016-3688 (SQL injection vulnerability in dotCMS before 3.5 allows remote ...)
	NOT-FOR-US: dotCMS
CVE-2016-3687 (Open redirect vulnerability in F5 BIG-IP APM 11.2.1, 11.4.x, 11.5.x, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-3686 (The Single Sign-On (SSO) feature in F5 BIG-IP APM 11.x before 11.6.0 ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2016-3685 (SAP Download Manager 2.1.142 and earlier generates an encryption key ...)
	NOT-FOR-US: SAP Download Manager
CVE-2016-3684 (SAP Download Manager 2.1.142 and earlier uses a hardcoded encryption ...)
	NOT-FOR-US: SAP Download Manager
CVE-2016-3683
	RESERVED
CVE-2016-3689 (The ims_pcu_parse_cdc_data function in drivers/input/misc/ims-pcu.c in ...)
	- linux 4.5.1-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/linus/a0ad220c96692eda76b2e3fd7279f3dcd1d8a8ff (v4.6-rc1)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971628
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320060
CVE-2016-3682
	REJECTED
CVE-2016-3681 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...)
	NOT-FOR-US: Huawei
CVE-2016-3680 (Buffer overflow in the Wi-Fi driver in Huawei Mate 8 NXT-AL before ...)
	NOT-FOR-US: Huawei
CVE-2016-3679 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.33, ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-3678 (Huawei Quidway S9700, S5700, S5300, S9300, and S7700 switches with ...)
	NOT-FOR-US: Huawei
CVE-2016-3677 (The Huawei Wear App application before 15.0.0.307 for Android does not ...)
	NOT-FOR-US: Huawei
CVE-2016-3676 (Huawei E3276s USB modems with software before ...)
	NOT-FOR-US: Huawei
CVE-2016-3675 (SQL injection vulnerability in Huawei Policy Center with software ...)
	NOT-FOR-US: Huawei
CVE-2016-3673
	REJECTED
CVE-2016-3672 (The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: http://hmarco.org/bugs/CVE-2016-3672-Unlimiting-the-stack-not-longer-disables-ASLR.html
	NOTE: Upstream fix: https://git.kernel.org/linus/8b8addf891de8a00e4d39fc32f93f7c5eb8feceb (v4.6-rc1)
CVE-2014-9769 (pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to ...)
	- pcre3 2:8.38-1 (bug #819050)
	[jessie] - pcre3 2:8.35-3.3+deb8u4
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1475 (8.36)
	NOTE: Introduced in: http://vcs.pcre.org/pcre?view=revision&revision=1434 (8.35)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/26/1
CVE-2016-3674 (Multiple XML external entity (XXE) vulnerabilities in the (1) ...)
	{DSA-3575-1 DLA-504-1}
	- libxstream-java 1.4.9-1 (bug #819455)
	NOTE: http://x-stream.github.io/changes.html#1.4.9
CVE-2016-3671
	RESERVED
CVE-2016-3670 (Cross-site scripting (XSS) vulnerability in users.jsp in the Profile ...)
	NOT-FOR-US: Liferay
CVE-2016-3669
	RESERVED
CVE-2016-3668
	RESERVED
CVE-2016-3667
	RESERVED
CVE-2016-3666
	RESERVED
CVE-2016-3665
	RESERVED
CVE-2016-3664 (Trend Micro Mobile Security for iOS before 3.2.1188 does not verify ...)
	NOT-FOR-US: Trend Micro
CVE-2016-3663
	RESERVED
CVE-2016-3662
	RESERVED
CVE-2015-8839 (Multiple race conditions in the ext4 filesystem implementation in the ...)
	- linux 4.5.1-1
	NOTE: https://git.kernel.org/linus/ea3d7209ca01da209cda6f0dea8be9cc4b7a933b (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/17048e8a083fec7ad841d88ef0812707fbc7e39f (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/32ebffd3bbb4162da5ff88f9a35dd32d0a28ea70 (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/011278485ecc3cd2a3954b5d4c73101d919bf1fa (v4.5-rc1)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=972174
CVE-2015-8838 (ext/mysqlnd/mysqlnd.c in PHP before 5.4.43, 5.5.x before 5.5.27, and ...)
	- php5 5.6.11+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: Fixed in 5.6.11, 5.5.27, 5.4.43
	NOTE: https://bugs.php.net/bug.php?id=69669
CVE-2015-8834 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...)
	{DSA-3639-1 DLA-633-1}
	- wordpress 4.2.2+dfsg-1
	NOTE: https://wordpress.org/news/2015/05/wordpress-4-2-2/
	NOTE: Follow-up patch from 4.2.1 -> 4.2.2 for wp-includes/wp-db.php seems not applied
	NOTE: This looks like a required patch: https://github.com/WordPress/WordPress/commit/a3a76fe665dfb62508a66542390a93445f1f7a59
	NOTE: Changes in wp-includes/wp-db.php: https://github.com/WordPress/WordPress/commit/db8f915ee6c236ee2f39e76781bf42367e3f1490
	NOTE: https://core.trac.wordpress.org/changeset/32387/
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32391
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32395
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32423
	NOTE: Wheezy: https://core.trac.wordpress.org/changeset/32435
CVE-2016-3661
	RESERVED
CVE-2016-3660
	RESERVED
CVE-2016-3659 (SQL injection vulnerability in graph_view.php in Cacti 0.8.8.g allows ...)
	{DLA-560-1}
	- cacti 0.8.8h+ds1-1 (bug #820521)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://bugs.cacti.net/view.php?id=2673
	NOTE: Requires authenticated user
CVE-2016-3658 (The TIFFWriteDirectoryTagLongLong8Array function in tif_dirwrite.c in ...)
	{DSA-3844-1 DLA-969-1}
	- tiff 4.0.6-3 (low)
	- tiff3 <removed> (low)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2546
	NOTE: Duplicate of http://bugzilla.maptools.org/show_bug.cgi?id=2500
CVE-2016-3657 (Buffer overflow in the GlobalProtect Portal in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3656 (The GlobalProtect Portal in Palo Alto Networks PAN-OS before 5.0.18, ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3655 (The management web interface in Palo Alto Networks PAN-OS before ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3654 (The device management command line interface (CLI) in Palo Alto ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-3653 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3652 (Multiple cross-site scripting (XSS) vulnerabilities in management ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3651 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3650 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3649 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3648 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3647 (Symantec Endpoint Protection Manager (SEPM) 12.1 before RU6 MP5 allows ...)
	NOT-FOR-US: Symantec Endpoint Protection Manager
CVE-2016-3646 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-3645 (Integer overflow in the TNEF unpacker in the AntiVirus Decomposer ...)
	NOT-FOR-US: Symantec
CVE-2016-3644 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-3643 (SolarWinds Virtualization Manager 6.3.1 and earlier allow local users ...)
	NOT-FOR-US: SolarWinds Virtualization Manager
CVE-2016-3642 (The RMI service in SolarWinds Virtualization Manager 6.3.1 and earlier ...)
	NOT-FOR-US: SolarWinds Virtualization Manager
CVE-2016-3641
	RESERVED
CVE-2016-3640 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
	NOT-FOR-US: SAP HANA
CVE-2016-3639 (SAP HANA DB 1.00.091.00.1418659308 allows remote attackers to obtain ...)
	NOT-FOR-US: SAP HANA
CVE-2016-3638 (SAP SLD Registration Program (aka SLDREG) allows local users to cause ...)
	NOT-FOR-US: SAP SLD
CVE-2016-3637
	RESERVED
CVE-2016-3636
	RESERVED
CVE-2016-3635 (SAP Netweaver 7.4 allows remote authenticated users to bypass an ...)
	NOT-FOR-US: SAP Netweaver
CVE-2016-3634 (The tagCompare function in tif_dirinfo.c in the thumbnail tool in ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2547
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3633 (The setrow function in the thumbnail tool in LibTIFF 4.0.6 and earlier ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #842046)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2548
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3632 (The _TIFFVGetField function in tif_dirinfo.c in LibTIFF 4.0.6 and ...)
	{DLA-693-1}
	- tiff 4.0.6-3
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2549
	NOTE: Upstream will remove thumbnail from 4.0.7 release
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3631 (The (1) cpStrips and (2) cpTiles functions in the thumbnail tool in ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (bug #820366)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: src:tiff3: built binary packages do not contain the TIFF tools
	NOTE: No patch available. Issue marked as wontfix by upstream.
	NOTE: thumbnail(1) was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3630 (The binary delta decoder in Mercurial before 3.7.3 allows remote ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/b6ed2505d6cf (1/2)
	NOTE: https://selenic.com/repo/hg-stable/rev/b9714d958e89 (2/2)
CVE-2016-3629
	REJECTED
CVE-2016-3628 (Buffer overflow in tibemsd in the server in TIBCO Enterprise Message ...)
	NOT-FOR-US: TIBCO
CVE-2016-3626
	RESERVED
CVE-2016-3625 (tif_read.c in the tiff2bw tool in LibTIFF 4.0.6 and earlier allows ...)
	- tiff 4.0.3-1
	[wheezy] - tiff <not-affected> (Can't reproduce)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2566
	NOTE: Not reproducible with jessie and above, marking the version in jessie as fixed
	NOTE: CVE probably should/needs to be rejected, since upstream is as well unable to
	NOTE: reproduce the issue. Might have been a problem on reporter from id=2566
CVE-2016-3624 (The cvtClump function in the rgb2ycbcr tool in LibTIFF 4.0.6 and ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.6-3
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2568
	NOTE: Upstream marked this duplicate of bug 2569
CVE-2016-3623 (The rgb2ycbcr tool in LibTIFF 4.0.6 and earlier allows remote ...)
	{DSA-3762-1 DLA-795-1 DLA-610-1}
	- tiff 4.0.6-3 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2569
	NOTE: No security impact, just triggers a crash in a CLI tool
CVE-2016-3622 (The fpAcc function in tif_predict.c in the tiff2rgba tool in LibTIFF ...)
	{DSA-3762-1 DLA-795-1}
	- tiff 4.0.7-1 (low; bug #820365)
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/4
	NOTE: Fixed by: https://github.com/vadz/libtiff/commit/92d966a5fcfbdca67957c8c5c47b467aa650b286
CVE-2016-3621 (The LZWEncode function in tif_lzw.c in the bmp2tiff tool in LibTIFF ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820364)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2565
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/3
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3620 (The ZIPEncode function in tif_zip.c in the bmp2tiff tool in LibTIFF ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820363)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2570
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/2
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3619 (The DumpModeEncode function in tif_dumpmode.c in the bmp2tiff tool in ...)
	{DLA-693-1}
	- tiff 4.0.6-3 (low; bug #820362)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <not-affected> (tiff tools not built)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2567
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/07/1
	NOTE: Utility bmp2tiff has been removed from upstream LibTIFF
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3618
	RESERVED
CVE-2016-3617
	RESERVED
CVE-2016-3616 (The cjpeg utility in libjpeg allows remote attackers to cause a denial ...)
	- libjpeg-turbo 1:1.4.2-1
	[jessie] - libjpeg-turbo <no-dsa> (Minor issue)
	NOTE: libjpeg-turbo: Fixed by: https://github.com/libjpeg-turbo/libjpeg-turbo/commit/6709e4a0cfa44d4f54ee8ad05753d4aa9260cb91 (1.4.2)
	- libjpeg6b <unfixed> (unimportant)
	NOTE: unimportant, since cjpeg not installed in binary package in any suite having src:libjpeg6b
	- libjpeg8 <unfixed>
	[wheezy] - libjpeg8 <no-dsa> (Minor issue)
	NOTE: cjpeg in src:libjpeg8 vulnerable, but not installed in binary package since 8d1-2
	- libjpeg9 1:9b-2 (bug #819969)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319661
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1318509
CVE-2016-3627 (The xmlStringGetNodeList function in tree.c in libxml2 2.9.3 and ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #819006)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bdd66182ef53fe1f7209ab6535fda56366bd7ac9 (v2.9.4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/21/3
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=762100
CVE-2016-3615 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3614 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3613 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle
CVE-2016-3612 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 5.0.22-dfsg-1
	[jessie] - virtualbox <not-affected> (Only affects 5.x)
	[wheezy] - virtualbox <not-affected> (Only affects 5.x)
CVE-2016-3611 (Unspecified vulnerability in the Oracle Retail Order Broker component ...)
	NOT-FOR-US: Oracle
CVE-2016-3610 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3609 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3608 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-3607 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-3606 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3605
	REJECTED
CVE-2016-3604
	REJECTED
CVE-2016-3603
	REJECTED
CVE-2016-3602
	REJECTED
CVE-2016-3601
	REJECTED
CVE-2016-3600
	REJECTED
CVE-2016-3599
	REJECTED
CVE-2016-3598 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
CVE-2016-3597 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 5.1.4-dfsg-1
	[jessie] - virtualbox <not-affected> (Only affects 5.x)
	[wheezy] - virtualbox <not-affected> (Only affects 5.x)
CVE-2016-3596 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3595 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3594 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3593 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3592 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3591 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3590 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3589 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-3588 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3587 (Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded ...)
	- openjdk-8 8u102-b14-1
CVE-2016-3586 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3585 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-3584 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Oracle
CVE-2016-3583 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3582 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3581 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3580 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3579 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3578 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3577 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3576 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3575 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3574 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3573 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3572 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3571 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3570 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
	NOT-FOR-US: Oracle
CVE-2016-3569 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3568 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3567 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3566 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle
CVE-2016-3565 (Unspecified vulnerability in the Oracle Retail Order Broker component ...)
	NOT-FOR-US: Oracle
CVE-2016-3564 (Unspecified vulnerability in the Oracle TopLink component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3563 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-3562 (Unspecified vulnerability in the RDBMS Security and SQL*Plus ...)
	NOT-FOR-US: Oracle
CVE-2016-3561 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3560 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3559 (Unspecified vulnerability in the Oracle Email Center component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3558 (Unspecified vulnerability in the Oracle Email Center component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3557 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3556 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3555 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3554 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3553 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3552 (Unspecified vulnerability in Oracle Java SE 8u92 allows local users to ...)
	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2016-3551 (Unspecified vulnerability in the Oracle Web Services component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3550 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 and ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3549 (Unspecified vulnerability in the Oracle E-Business Suite Secure ...)
	NOT-FOR-US: Oracle
CVE-2016-3548 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3547 (Unspecified vulnerability in the Oracle One-to-One Fulfillment ...)
	NOT-FOR-US: Oracle
CVE-2016-3546 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-3545 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-3544 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-3543 (Unspecified vulnerability in the Oracle Common Applications Calendar ...)
	NOT-FOR-US: Oracle
CVE-2016-3542 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-3541 (Unspecified vulnerability in the Oracle Common Applications Calendar ...)
	NOT-FOR-US: Oracle
CVE-2016-3540 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-3539 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3538 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3537 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3536 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3535 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-3534 (Unspecified vulnerability in the Oracle Installed Base component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3533 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-3532 (Unspecified vulnerability in the Oracle Advanced Inbound Telephony ...)
	NOT-FOR-US: Oracle
CVE-2016-3531 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3530 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3529 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3528 (Unspecified vulnerability in the Oracle Internet Expenses component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3527 (Unspecified vulnerability in the Oracle Demand Planning component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3526 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3525 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2016-3524 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle
CVE-2016-3523 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
	NOT-FOR-US: Oracle
CVE-2016-3522 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
	NOT-FOR-US: Oracle
CVE-2016-3521 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3520 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-3519 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3518 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3517 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3516 (Unspecified vulnerability in the Oracle Enterprise Communications ...)
	NOT-FOR-US: Oracle
CVE-2016-3515 (Unspecified vulnerability in the Oracle Enterprise Communications ...)
	NOT-FOR-US: Oracle
CVE-2016-3514 (Unspecified vulnerability in the Oracle Enterprise Communications ...)
	NOT-FOR-US: Oracle
CVE-2016-3513 (Unspecified vulnerability in the Oracle Communications Operations ...)
	NOT-FOR-US: Oracle
CVE-2016-3512 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-3511 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3509 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3508 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3507 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3506 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3505 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3504 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3503 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92 ...)
	- openjdk-8 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-7 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-6 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2016-3502 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3501 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3500 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3499 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3498 (Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 allows ...)
	- openjfx 8u102-b14-1 (bug #832419)
CVE-2016-3497 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Oracle
CVE-2016-3496 (Unspecified vulnerability in the Enterprise Manager for Fusion ...)
	NOT-FOR-US: Oracle
CVE-2016-3495 (Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows ...)
	- mysql-5.7 5.7.15-1
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
CVE-2016-3494 (Unspecified vulnerability in the Enterprise Manager Ops Center ...)
	NOT-FOR-US: Oracle
CVE-2016-3493 (Unspecified vulnerability in the Hyperion Financial Reporting ...)
	NOT-FOR-US: Oracle
CVE-2016-3492 (Unspecified vulnerability in Oracle MySQL 5.5.51 and earlier, 5.6.32 ...)
	{DSA-3711-1}
	- mariadb-10.0 10.0.28-1
	- mysql-5.7 5.7.15-1
	- mysql-5.6 5.6.34-1 (bug #841049)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.52-0+deb8u1
	[wheezy] - mysql-5.5 5.5.52-0+deb7u1
	NOTE: Fixed in MariaDB 5.5.52, MariaDB 10.1.18, MariaDB 10.0.28
CVE-2016-3491 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-3490 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2016-3489 (Unspecified vulnerability in the Data Pump Import component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3488 (Unspecified vulnerability in the DB Sharding component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3487 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3486 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3485 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
	- openjdk-8 <not-affected> (Windows-specific)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-6 <not-affected> (Windows-specific)
CVE-2016-3484 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3483 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-3482 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3481 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-3480 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3479 (Unspecified vulnerability in the Portable Clusterware component in ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3478 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-3477 (Unspecified vulnerability in Oracle MySQL 5.5.49 and earlier, 5.6.30 ...)
	{DSA-3632-1 DSA-3624-1 DLA-567-1}
	- mariadb-10.0 10.0.26-1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3476 (Unspecified vulnerability in the Oracle Knowledge component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3475 (Unspecified vulnerability in the Oracle Knowledge component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3474 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3473 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3472 (Unspecified vulnerability in the Siebel Engineering - Installer and ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3471 (Unspecified vulnerability in Oracle MySQL 5.5.45 and earlier and ...)
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	- mysql-5.6 5.6.28-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.46-0+deb8u1
	[wheezy] - mysql-5.5 5.5.46-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3470 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2016-3469 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3468 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle
CVE-2016-3467 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3466 (Unspecified vulnerability in the Oracle Field Service component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3465 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-3464 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-3463 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle
CVE-2016-3462 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-3461 (Unspecified vulnerability in the MySQL Enterprise Monitor component in ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-3460 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3459 (Unspecified vulnerability in Oracle MySQL 5.6.30 and earlier and ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.34-1 (bug #831844)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3458 (Unspecified vulnerability in Oracle Java SE 6u115, 7u101, and 8u92; ...)
	{DSA-3641-1 DLA-579-1}
	- openjdk-8 8u102-b14-1
	[experimental] - openjdk-7 7u111-2.6.7-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy)
CVE-2016-3457 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3456 (Unspecified vulnerability in the Oracle Complex Maintenance, Repair, ...)
	NOT-FOR-US: Oracle
CVE-2016-3455 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-3454 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2016-3453 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-3452 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	- mariadb-10.0 10.0.25-1
	[jessie] - mariadb-10.0 10.0.25-0+deb8u1
	- mysql-5.6 5.6.30-1
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.49-0+deb8u1
	[wheezy] - mysql-5.5 5.5.49-0+deb7u1
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3451 (Unspecified vulnerability in the ILOM component in Oracle Sun Systems ...)
	NOT-FOR-US: Oracle
CVE-2016-3450 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2016-3449 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2016-3448 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database
CVE-2016-3447 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2016-3446 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-3445 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3444 (Unspecified vulnerability in the Oracle Retail Integration Bus ...)
	NOT-FOR-US: Oracle
CVE-2016-3443 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2016-3442 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3441 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-3440 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3439 (Unspecified vulnerability in the Oracle CRM Wireless component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3438 (Unspecified vulnerability in the Oracle Configurator component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3437 (Unspecified vulnerability in the Oracle CRM Wireless component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3436 (Unspecified vulnerability in the Oracle Common Applications Calendar ...)
	NOT-FOR-US: Oracle
CVE-2016-3435 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3434 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-3433 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-3432 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2016-3431 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3430
	RESERVED
CVE-2016-3429 (Unspecified vulnerability in the Oracle Retail Xstore Point of Service ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-3428 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle
CVE-2016-3427 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3426 (Unspecified vulnerability in Oracle Java SE 8u77 and Java SE Embedded ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3425 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-3424 (Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html#AppendixMSQL
CVE-2016-3423 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3422 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2016-3421 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3420 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-3419 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-3418 (Unspecified vulnerability in the DataStore component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-3417 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-3416 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-3415 (Zimbra Collaboration before 8.7.0 allows remote attackers to conduct ...)
	NOT-FOR-US: Zimbra
CVE-2016-3414 (Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 ...)
	NOT-FOR-US: Zimbra
CVE-2016-3413 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
	NOT-FOR-US: Zimbra
CVE-2016-3412 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra
CVE-2016-3411 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration ...)
	NOT-FOR-US: Zimbra
CVE-2016-3410 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra
CVE-2016-3409 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration ...)
	NOT-FOR-US: Zimbra
CVE-2016-3408 (Cross-site scripting (XSS) vulnerability in Zimbra Collaboration ...)
	NOT-FOR-US: Zimbra
CVE-2016-3407 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra
CVE-2016-3406 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra
CVE-2016-3405 (Multiple unspecified vulnerabilities in Zimbra Collaboration before ...)
	NOT-FOR-US: Zimbra
CVE-2016-3404 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
	NOT-FOR-US: Zimbra
CVE-2016-3403 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Zimbra
CVE-2016-3402 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
	NOT-FOR-US: Zimbra
CVE-2016-3401 (Unspecified vulnerability in Zimbra Collaboration before 8.7.0 allows ...)
	NOT-FOR-US: Zimbra
CVE-2016-3400 (NetApp Data ONTAP 8.1 and 8.2, when operating in 7-Mode, allows ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2016-3399
	RESERVED
CVE-2016-3398
	RESERVED
CVE-2014-9768 (** DISPUTED ** IBM Tivoli NetView Access Services (NVAS) allows remote ...)
	NOT-FOR-US: Tivoli
CVE-2016-3397
	REJECTED
CVE-2016-3396 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3395
	REJECTED
CVE-2016-3394
	REJECTED
CVE-2016-3393 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3392 (The Edge Content Security Policy feature in Microsoft Edge does not ...)
	NOT-FOR-US: Microsoft
CVE-2016-3391 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3390 (The scripting engines in Microsoft Internet Explorer 11 and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-3389 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3388 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not ...)
	NOT-FOR-US: Microsoft
CVE-2016-3387 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not ...)
	NOT-FOR-US: Microsoft
CVE-2016-3386 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3385 (The scripting engine in Microsoft Internet Explorer 9 through 11 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3384 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3383 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3382 (The scripting engines in Microsoft Internet Explorer 9 through 11 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3381 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3380
	REJECTED
CVE-2016-3379 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3378 (Open redirect vulnerability in Microsoft Exchange Server 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3377 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3376 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3375 (The OLE Automation mechanism and VBScript scripting engine in ...)
	NOT-FOR-US: Microsoft
CVE-2016-3374 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3373 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3372 (The kernel API in Microsoft Windows Vista SP2 and Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3371 (The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3370 (The PDF library in Microsoft Edge, Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3369 (Microsoft Windows 10 Gold and 1511 allows attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2016-3368 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3367 (StringBuilder in Microsoft Silverlight 5 before 5.1.50709.0 does not ...)
	NOT-FOR-US: Microsoft
CVE-2016-3366 (Microsoft Outlook 2007 SP3, Outlook 2010 SP2, Outlook 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3365 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3364 (Microsoft Visio 2016 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Microsoft
CVE-2016-3363 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3362 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3361 (Microsoft Excel 2010 SP2 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2016-3360 (Microsoft PowerPoint 2007 SP3, PowerPoint 2010 SP2, PowerPoint 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3359 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft
CVE-2016-3358 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3357 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-3356 (The Graphics Device Interface (GDI) in Microsoft Windows 10 1607 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3355 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3354 (The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3353 (Microsoft Internet Explorer 9 through 11 mishandles .url files from ...)
	NOT-FOR-US: Microsoft
CVE-2016-3352 (Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3351 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3350 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3349 (The kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3348 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3347
	REJECTED
CVE-2016-3346 (Microsoft Windows 10 Gold, 1511, and 1607 does not properly enforce ...)
	NOT-FOR-US: Microsoft
CVE-2016-3345 (The SMBv1 server in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3344 (The Secure Kernel Mode feature in Microsoft Windows 10 Gold and 1511 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3343 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3342 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3341 (The kernel-mode drivers in Transaction Manager in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3340 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3339
	REJECTED
CVE-2016-3338 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3337
	REJECTED
CVE-2016-3336
	REJECTED
CVE-2016-3335 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3334 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3333 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3332 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3331 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3330 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-3329 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3328
	REJECTED
CVE-2016-3327 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3326 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3325 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3324 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3323
	REJECTED
CVE-2016-3322 (Microsoft Internet Explorer 11 and Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3321 (Microsoft Internet Explorer 10 and 11 load different files for ...)
	NOT-FOR-US: Microsoft
CVE-2016-3320 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2016-3319 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3318 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3317 (Microsoft Office 2010 SP2, Word 2007 SP3, Word 2010 SP2, Word for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2016-3316 (Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3315 (Microsoft OneNote 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, 2016, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3314
	REJECTED
CVE-2016-3313 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3312 (ActiveSyncProvider in Microsoft Windows 10 Gold and 1511 allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3311 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3310 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3309 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3308 (The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3307
	REJECTED
CVE-2016-3306 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3305 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3304 (The Windows font library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3303 (The Windows font library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3302 (Microsoft Windows 8.1, Windows Server 2012 R2, Windows RT 8.1, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3301 (The Windows font library in Microsoft Windows Vista SP2; Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3300 (The Netlogon service in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3299 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3298 (Microsoft Internet Explorer 9 through 11 and the Internet Messaging ...)
	NOT-FOR-US: Microsoft
CVE-2016-3297 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3296 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3295 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3294 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-3293 (Microsoft Internet Explorer 9 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3292 (Microsoft Internet Explorer 10 and 11 mishandles integrity settings ...)
	NOT-FOR-US: Microsoft
CVE-2016-3291 (Microsoft Internet Explorer 11 and Microsoft Edge mishandle ...)
	NOT-FOR-US: Microsoft
CVE-2016-3290 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-3289 (Microsoft Internet Explorer 11 and Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3288 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-3287 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2016-3286 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3285
	REJECTED
CVE-2016-3284 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3283 (Microsoft Word Viewer allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2016-3282 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3281 (Microsoft Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT ...)
	NOT-FOR-US: Microsoft
CVE-2016-3280 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3279 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word ...)
	NOT-FOR-US: Microsoft
CVE-2016-3278 (Microsoft Outlook 2010 SP2, 2013 SP1, 2013 RT SP1, and 2016 allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3277 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3276 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3275
	REJECTED
CVE-2016-3274 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3273 (The XSS Filter in Microsoft Internet Explorer 9 through 11 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3272 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3271 (The VBScript engine in Microsoft Edge allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3270 (The Graphics component in the kernel in Microsoft Windows Vista SP2; ...)
	NOT-FOR-US: Microsoft
CVE-2016-3269 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3268
	REJECTED
CVE-2016-3267 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3266 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3265 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3264 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-3263 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3262 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3261 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2016-3260 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
	NOT-FOR-US: Microsoft
CVE-2016-3259 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
	NOT-FOR-US: Microsoft
CVE-2016-3258 (Race condition in the kernel in Microsoft Windows 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3257
	REJECTED
CVE-2016-3256 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2016-3255 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3254 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3253
	REJECTED
CVE-2016-3252 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3251 (The GDI component in the kernel-mode drivers in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3250 (The kernel-mode drivers in Microsoft Windows Server 2012 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3249 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3248 (The Microsoft (1) JScript 9, (2) VBScript, and (3) Chakra JavaScript ...)
	NOT-FOR-US: Microsoft
CVE-2016-3247 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-3246 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-3245 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3244 (Microsoft Edge allows remote attackers to bypass the ASLR protection ...)
	NOT-FOR-US: Microsoft
CVE-2016-3243 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3242 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3241 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3240 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3239 (The Print Spooler service in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3238 (The Print Spooler service in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3237 (Kerberos in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-3236 (The Web Proxy Auto Discovery (WPAD) protocol implementation in ...)
	NOT-FOR-US: Microsoft
CVE-2016-3235 (Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2013 SP1, Visio 2016, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3234 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-3233 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility ...)
	NOT-FOR-US: Microsoft
CVE-2016-3232 (The Virtual PCI (VPCI) virtual service provider in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3231 (The Standard Collector service in Windows Diagnostics Hub mishandles ...)
	NOT-FOR-US: Microsoft
CVE-2016-3230 (The Search component in Microsoft Windows 7, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3229
	REJECTED
CVE-2016-3228 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3227 (Use-after-free vulnerability in the DNS Server component in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-3226 (Active Directory in Microsoft Windows Server 2008 R2 SP1 and Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3225 (The SMB server component in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3224
	REJECTED
CVE-2016-3223 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3222 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-3221 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3220 (atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3219 (The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows ...)
	NOT-FOR-US: Microsoft
CVE-2016-3218 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-3217
	REJECTED
CVE-2016-3216 (GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-3215 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3214 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3213 (The Web Proxy Auto Discovery (WPAD) protocol implementation in ...)
	NOT-FOR-US: Microsoft
CVE-2016-3212 (The XSS Filter in Microsoft Internet Explorer 9 through 11 does not ...)
	NOT-FOR-US: Microsoft
CVE-2016-3211 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-3210 (The Microsoft (1) JScript and (2) VBScript engines, as used in ...)
	NOT-FOR-US: Microsoft
CVE-2016-3209 (Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-3208
	REJECTED
CVE-2016-3207 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3206 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3205 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-3204 (The Microsoft (1) JScript 5.8 and 9 and (2) VBScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3203 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3202 (The Microsoft (1) Chakra JavaScript, (2) JScript, and (3) VBScript ...)
	NOT-FOR-US: Microsoft
CVE-2016-3201 (Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 ...)
	NOT-FOR-US: Microsoft
CVE-2016-3200
	REJECTED
CVE-2016-3199 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-3198 (Microsoft Edge allows remote attackers to bypass the Content Security ...)
	NOT-FOR-US: Microsoft
CVE-2016-3196 (Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x ...)
	NOT-FOR-US: Fortinet
CVE-2016-3195 (Cross-site scripting (XSS) vulnerability in the Web-UI in Fortinet ...)
	NOT-FOR-US: Fortinet
CVE-2016-3194 (Cross-site scripting (XSS) vulnerability in the address added page in ...)
	NOT-FOR-US: Fortinet
CVE-2016-3193 (Cross-site scripting (XSS) vulnerability in the appliance ...)
	NOT-FOR-US: Fortinet
CVE-2016-3192
	RESERVED
CVE-2016-3190 (The fill_xrgb32_lerp_opaque_spans function in cairo-image-compositor.c ...)
	- cairo 1.14.2-2
	[jessie] - cairo 1.14.0-2.1+deb8u1
	[wheezy] - cairo <no-dsa> (Minor issue)
	NOTE: https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934
CVE-2016-3189 (Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows ...)
	- bzip2 1.0.6-8.1 (low; bug #827744)
	[jessie] - bzip2 <no-dsa> (Minor issue)
	[wheezy] - bzip2 <no-dsa> (Minor issue)
CVE-2016-3188 (The _prepopulate_request_walk function in the Prepopulate module ...)
	NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3187 (The Prepopulate module 7.x-2.x before 7.x-2.1 for Drupal allows remote ...)
	NOT-FOR-US: Prepopulate module for Drupal
CVE-2016-3186 (Buffer overflow in the readextension function in gif2tiff.c in LibTIFF ...)
	{DLA-693-1 DLA-610-1}
	- tiff 4.0.6-3 (bug #819972)
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff3 <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319666
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1319503
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2536
	NOTE: Proposed patch from Red Hat: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff
	NOTE: gif2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2016-3185 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...)
	- php7.0 7.0.4-1
	NOTE: https://bugs.php.net/bug.php?id=71610
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=eaf4e77190d402ea014207e9a7d5da1a4f3727ba
	NOTE: http://php.net/ChangeLog-7.php#7.0.4
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69
	NOTE: https://bugs.php.net/bug.php?id=70081
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
CVE-2016-3184
	RESERVED
CVE-2016-3180 (Tor Browser Launcher (aka torbrowser-launcher) before 0.2.4, during ...)
	- torbrowser-launcher 0.2.4-1
	[jessie] - torbrowser-launcher 0.1.9-1+deb8u3
	NOTE: https://github.com/micahflee/torbrowser-launcher/issues/229
CVE-2016-3177 (Multiple use-after-free and double-free vulnerabilities in gifcolor.c ...)
	- giflib <unfixed> (unimportant)
	NOTE: https://sourceforge.net/p/giflib/bugs/83/
	NOTE: Issue only in gifcolor utility, not installed into giflib-tools
CVE-2016-3176 (Salt before 2015.5.10 and 2015.8.x before 2015.8.8, when PAM external ...)
	- salt 2015.8.8+ds-1 (bug #819184)
	[jessie] - salt <no-dsa> (Minor issue; external_auth not by default usable)
	NOTE: external_auth seems not usable by default under Jessie due to the
	NOTE: permissions on /var/run/salt/master.
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.8.html
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.5.10.html
	NOTE: https://github.com/saltstack/salt/pull/31826/commits/d73f70ebb289142e4f692359fe741a54f5d2ad65
	NOTE: Fixed in 2015.5.10/2015.8.8 upstream
CVE-2016-3175
	RESERVED
CVE-2016-3174 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-3173 (An issue was discovered in Open-Xchange OX AppSuite before 7.8.0-rev27. ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-3161 (For the NVIDIA Quadro, NVS, and GeForce products, GFE GameStream and ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2016-3160
	RESERVED
CVE-2016-3159 (The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
	NOTE: CVE-2016-3159 is for the code change which is applicable for later
	NOTE: versions only, but which must always be combined with the code change
	NOTE: for CVE-2016-3158.  Ie for the first hunk in xsa172.patch, which
	NOTE: patches the function fpu_fxrstor.
CVE-2016-3158 (The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly ...)
	{DSA-3554-1 DLA-571-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	NOTE: http://xenbits.xen.org/xsa/advisory-172.html
	NOTE: CVE-2016-3158 is for the code change which is required for all
	NOTE: versions (but which is sufficient only on Xen 4.3.x, and insufficient
	NOTE: on later versions).  Ie for the second hunk in xsa172.patch (the only
	NOTE: hunk in xsa172-4.3.patch), which patches the function xrstor.
CVE-2016-3157 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	NOTE: http://xenbits.xen.org/xsa/advisory-171.html
	NOTE: https://git.kernel.org/linus/b7a584598aea7ca73140cb87b40319944dd3393f
CVE-2016-3155 (Siemens APOGEE Insight uses weak permissions for the application ...)
	NOT-FOR-US: Siemens APOGEE Insight
CVE-2016-XXXX [use-after-free in unserialisation]
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/fd456ffad5d164c1563dc8bd97bcc2f200ff6f69
CVE-2016-6288 (The php_url_parse_ex function in ext/standard/url.c in PHP before ...)
	{DLA-533-1}
	- hhvm 3.12.1+dfsg-1
	- php5 5.6.15+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70480
	NOTE: https://github.com/facebook/hhvm/commit/3fa7e73055855c409d48e8aa1dc416a76d3dd764
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=629e4da7cc8b174acdeab84969cbfc606a019b31
CVE-2014-9767 (Directory traversal vulnerability in the ZipArchive::extractTo ...)
	- hhvm 3.12.1+dfsg-1
	- php5 5.6.13+dfsg-1
	[jessie] - php5 5.6.13+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=70350
	NOTE: https://bugs.php.net/bug.php?id=67996
	NOTE: https://github.com/facebook/hhvm/commit/65c95a01541dd2fbc9c978ac53bed235b5376686
CVE-2016-3152 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 allow ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3151 (Directory traversal vulnerability in the wallpaper parsing ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3150 (Cross-site scripting (XSS) vulnerability in wallpaper.php in the Base ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3149 (Barco ClickShare CSC-1 devices with firmware before 01.09.03 and CSM-1 ...)
	NOT-FOR-US: Barco ClickShare
CVE-2016-3148
	RESERVED
CVE-2016-3147 (Buffer overflow in the collector.exe listener of the Landesk ...)
	NOT-FOR-US: Landesk Management Suite
CVE-2016-3146
	RESERVED
CVE-2016-3145 (Lexmark printers with firmware ATL before ATL.021.063, CB before ...)
	NOT-FOR-US: Lexmark printers
CVE-2016-3144 (Cross-site scripting (XSS) vulnerability in the Block Class module ...)
	NOT-FOR-US: Drupal Block Class module
CVE-2016-3143
	RESERVED
CVE-2016-3156 (The IPv4 implementation in the Linux kernel before 4.5.2 mishandles ...)
	{DSA-3607-1}
	- linux 4.5.1-1
	[wheezy] - linux <not-affected> (Not a security issue since containers are not supported)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/3
CVE-2016-3133
	RESERVED
CVE-2016-3132 (Double free vulnerability in the SplDoublyLinkedList::offsetSet ...)
	- php7.0 7.0.6-1
	NOTE: https://bugs.php.net/bug.php?id=71735
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=28a6ed9f9a36b9c517e4a8a429baf4dd382fc5d5
CVE-2016-3131
	RESERVED
CVE-2016-3130 (An information disclosure vulnerability in the Core and Management ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3129 (A remote shell execution vulnerability in the BlackBerry Good ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3128 (A spoofing vulnerability in the Core of BlackBerry Enterprise Server ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3127 (An information disclosure vulnerability in the logging implementation ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3126 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: BlackBerry
CVE-2016-3123
	RESERVED
CVE-2016-3122
	RESERVED
CVE-2016-3121
	RESERVED
CVE-2016-3120 (The validate_as_request function in kdc_util.c in the Key Distribution ...)
	{DLA-1265-1}
	- krb5 1.14.3+dfsg-1 (bug #832572)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/commit/93b4a6306a0026cf1cc31ac4bd8a49ba5d034ba7
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8458
CVE-2016-3119 (The process_db_args function in ...)
	{DLA-1265-1}
	- krb5 1.14.2+dfsg-1 (bug #819468)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	NOTE: https://github.com/krb5/krb5/commit/08c642c09c38a9c6454ab43a9b53b2a89b9eef99
CVE-2016-3118 (CRLF injection vulnerability in CA API Gateway (formerly Layer7 API ...)
	NOT-FOR-US: CA API Gateway
CVE-2016-3117
	RESERVED
CVE-2016-3114 (Kallithea before 0.3.2 allows remote authenticated users to edit or ...)
	- kallithea <itp> (bug #689573)
CVE-2016-3113 (Cross-site scripting (XSS) vulnerability in ovirt-engine allows remote ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-3112 (client/consumer/cli.py in Pulp before 2.8.3 writes consumer private ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3111 (pulp.spec in the installation process for Pulp 2.8.3 generates the RSA ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3110 (mod_cluster, as used in Red Hat JBoss Web Server 2.1, allows remote ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2016-3109 (The backend/Login/load/ script in Shopware before 5.1.5 allows remote ...)
	NOT-FOR-US: Shopware
CVE-2016-3108 (The pulp-gen-nodes-certificate script in Pulp before 2.8.3 allows ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3107 (The Node certificate in Pulp before 2.8.3 contains the private key, ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3106 (Pulp before 2.8.3 creates a temporary directory during CA key ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3105 (The convert extension in Mercurial before 3.8 might allow ...)
	{DSA-3570-1 DLA-459-1}
	- mercurial 3.8.1-1
	NOTE: https://selenic.com/hg/rev/a56296f55a5e
CVE-2016-3104 (mongod in MongoDB 2.6, when using 2.4-style users, and 2.4 allow ...)
	- mongodb 1:3.2.11-1
	[jessie] - mongodb <no-dsa> (Minor issue)
	[wheezy] - mongodb <no-dsa> (Minor issue)
	NOTE: https://jira.mongodb.org/browse/SERVER-24378
	NOTE: Marking as fixed with the first 3.x based version in unstable
	NOTE: This issue though affect only 2.4 (and possibly older), or 2.6
	NOTE: installations, but only in circumstances where they first had a
	NOTE: MongoDB 2.4 installation with authentication enabled, upgraded
	NOTE: to 2.6, and did not complete a full upgrade
CVE-2016-3103
	RESERVED
CVE-2016-3102 (The Script Security plugin before 1.18.1 in Jenkins might allow remote ...)
	- jenkins <removed>
CVE-2016-3101 (Cross-site scripting (XSS) vulnerability in the Extra Columns plugin ...)
	- jenkins <removed>
CVE-2016-3100 (kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for ...)
	- kinit 5.23.0-1 (bug #827476)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=358593
	NOTE: https://bugs.kde.org/show_bug.cgi?id=363140
	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=dece8fd89979cd1a86c03bcaceef6e9221e8d8cd
	NOTE: https://quickgit.kde.org/?p=kinit.git&a=commitdiff&h=72f3702dbe6cf15c06dc13da2c99c864e9022a58
CVE-2016-3099 (mod_ns in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux ...)
	- libapache2-mod-nss 1.0.14-1 (bug #822461)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2016-3098
	RESERVED
CVE-2016-3097 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat ...)
	NOT-FOR-US: spacewalk-java
CVE-2016-3096 (The create_script function in the lxc_container module in Ansible ...)
	- ansible 2.0.1.0-2 (bug #819676)
	[jessie] - ansible <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1322925
	NOTE: https://sources.debian.org/src/ansible/2.0.1.0-1/lib/ansible/modules/extras/cloud/lxc/lxc_container.py/?hl=523#L523
CVE-2016-3095 (server/bin/pulp-gen-ca-certificate in Pulp before 2.8.2 allows local ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2016-3094 (PlainSaslServer.java in Apache Qpid Java before 6.0.3, when the broker ...)
	- qpid-java <itp> (bug #840131)
CVE-2016-3093 (Apache Struts 2.0.0 through 2.3.24.1 does not properly cache method ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-034.html
CVE-2016-3092 (The MultipartStream class in Apache Commons Fileupload before 1.3.2, ...)
	{DSA-3614-1 DSA-3611-1 DSA-3609-1 DLA-529-1 DLA-528-1}
	- libcommons-fileupload-java 1.3.2-1
	- tomcat7 7.0.70-1
	- tomcat8 8.0.36-1
	- tomcat9 <itp> (bug #802312)
	NOTE: Fixed by https://svn.apache.org/r1743480
	NOTE: Upstream advisory http://markmail.org/message/oyxfv73jb2g7rjg3
	NOTE: https://mail-archives.us.apache.org/mod_mbox/www-announce/201606.mbox/%3C6223ece6-2b41-ef4f-22f9-d3481e492832@apache.org%3E
CVE-2016-3091 (Cloud Foundry Diego 0.1468.0 through 0.1470.0 allows remote attackers ...)
	NOT-FOR-US: Cloud Foundry Diego
CVE-2016-3090 (The TextParseUtil.translateVariables method in Apache Struts 2.x ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <end-of-life>
	NOTE: https://struts.apache.org/docs/s2-027.html
CVE-2016-3089 (Cross-site scripting (XSS) vulnerability in the SWF panel in Apache ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-3088 (The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 ...)
	- activemq 5.14.0+dfsg-1
	[jessie] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
	[wheezy] - activemq <not-affected> (file server was only enabled in 5.13.2+dfsg-2)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2016-3088-announcement.txt
CVE-2016-3087 (Apache Struts 2.3.20.x before 2.3.20.3, 2.3.24.x before 2.3.24.3, and ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-033.html
CVE-2016-3086 (The YARN NodeManager in Apache Hadoop 2.6.x before 2.6.5 and 2.7.x ...)
	- hadoop <itp> (bug #793644)
CVE-2016-3085 (Apache CloudStack 4.5.x before 4.5.2.1, 4.6.x before 4.6.2.1, 4.7.x ...)
	NOT-FOR-US: Apache CloudStack
CVE-2016-3084 (The UAA reset password flow in Cloud Foundry release v236 and earlier ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-3083 (Apache Hive (JDBC + HiveServer2) implements SSL for plain TCP and HTTP ...)
	NOT-FOR-US: Apache Hive
CVE-2016-3082 (XSLTResult in Apache Struts 2.x before 2.3.20.2, 2.3.24.x before ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-031.html
CVE-2016-3081 (Apache Struts 2.x before 2.3.20.2, 2.3.24.x before 2.3.24.2, and ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2.x)
	NOTE: https://struts.apache.org/docs/s2-032.html
CVE-2016-3080 (Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk / spacewalk-monitoring
CVE-2016-3079 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2016-3078 (Multiple integer overflows in php_zip.c in the zip extension in PHP ...)
	- php7.0 7.0.6-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/28/1
	NOTE: Fixed in 7.0.6
	NOTE: https://bugs.php.net/bug.php?id=71923
CVE-2016-3077 (The VersionMapper.fromKernelVersionString method in oVirt Engine ...)
	NOT-FOR-US: ovirt-engine
CVE-2016-3076 (Heap-based buffer overflow in the j2k_encode_entry function in Pillow ...)
	- pillow <unfixed> (unimportant)
	- python-imaging <removed> (unimportant)
	NOTE: https://github.com/python-pillow/Pillow/commit/a1f244343df389cf15cdfff80327594821097295 (3.1.2)
	NOTE: Marked as unimportant since source vulnerable but in Debian we do
	NOTE: not built against openjpeg by default
CVE-2016-3075 (Stack-based buffer overflow in the nss_dns implementation of the ...)
	{DLA-494-1}
	- glibc 2.22-6
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed via point release)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19879
CVE-2016-3074 (Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or ...)
	{DSA-3602-1 DSA-3556-1}
	- libgd2 2.1.1-4.1 (bug #822242)
	- php5 5.6.21+dfsg-1 (unimportant)
	- php7.0 7.0.6-1 (unimportant)
	- hhvm 3.12.11+dfsg-1 (unimportant)
	NOTE: HHVM implements additional sanity checks, not directly epxloitable
	NOTE: PoC: https://github.com/dyntopia/exploits/tree/master/CVE-2016-3074
	NOTE: Upstream fix: https://github.com/libgd/libgd/commit/2bb97f407c1145c850416a3bfbcc8cf124e68a19
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd
	NOTE: PHP bug: https://bugs.php.net/bug.php?id=71912
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/29a6487d648d1593e1e2fa615d9b3a844756ddc3
CVE-2016-3073
	REJECTED
CVE-2016-3072 (Multiple SQL injection vulnerabilities in the scoped_search function ...)
	NOT-FOR-US: Katello
CVE-2016-3071 (Libreswan 3.16 might allow remote attackers to cause a denial of ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://lists.libreswan.org/pipermail/swan-announce/2016/000019.html
CVE-2016-3070 (The trace_writeback_dirty_page implementation in ...)
	{DSA-3607-1}
	- linux 4.4.2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1306851
	NOTE: https://git.kernel.org/linus/42cb14b110a5698ccf26ce59c4441722605a3743 (v4.4-rc1)
CVE-2016-3069 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/197eed39e3d5 (1/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/cdda7b96afff (2/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/b732e7f2aba4 (3/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/80cac1de6aea (4/5)
	NOTE: https://selenic.com/repo/hg-stable/rev/ae279d4a19e9 (5/5)
CVE-2016-3068 (Mercurial before 3.7.3 allows remote attackers to execute arbitrary ...)
	{DSA-3542-1}
	- mercurial 3.7.3-1 (bug #819504)
	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_3.7.3_.282016-3-29.29
	NOTE: https://selenic.com/repo/hg-stable/rev/34d43cb85de8
CVE-2016-3067 (Cygwin before 2.5.0 does not properly handle updating permissions when ...)
	NOT-FOR-US: Cygwin
CVE-2016-3066 (The spice-gtk widget allows remote authenticated users to obtain ...)
	- spice-gtk <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1320263
	NOTE: Hardly a security issue per se, but a design limitation/risky feature
	NOTE: It's up to applications using spice-gtk to use it as appropriate
CVE-2016-3065 (The (1) brin_page_type and (2) brin_metapage_info functions in the ...)
	- postgresql-9.5 9.5.2-1
	- postgresql-9.4 <not-affected> (Only affects 9.5.x)
	- postgresql-9.1 <not-affected> (Only affects 9.5.x)
	- postgresql-8.4 <not-affected> (Only affects 9.5.x)
	NOTE: http://www.postgresql.org/about/news/1656/
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=bf78a6f107949fdfb513d1b45e30cefe04e09e4f
CVE-2016-XXXX [fscanf format string security bug in flashrom layout code]
	- flashrom 0.9.9+r1954-1 (unimportant)
	[wheezy] - flashrom <no-dsa> (Minor issue)
	NOTE: https://www.flashrom.org/pipermail/flashrom/2016-March/014523.html
	NOTE: Neutralised by hardening
CVE-2016-3183 (The sycc422_t_rgb function in common/color.c in OpenJPEG before 2.1.1 ...)
	- openjpeg2 2.1.1-1 (low; bug #818399)
	[jessie] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/14
	NOTE: https://github.com/uclouvain/openjpeg/issues/726
CVE-2016-3182 [Heap Corruption in opj_free function]
	RESERVED
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/13
	NOTE: https://github.com/uclouvain/openjpeg/issues/725
CVE-2016-3181 [Out-Of-Bounds Read in opj_tcd_free_tile function]
	RESERVED
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <not-affected> (Vulnerable code not yet present in 2.1.0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/14/12
	NOTE: https://github.com/uclouvain/openjpeg/issues/724
CVE-2016-3140 (The digi_port_init function in drivers/usb/serial/digi_acceleport.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/61
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283378
	NOTE: https://marc.info/?l=linux-usb&m=145796765030590&w=2
CVE-2016-3139 (The wacom_probe function in drivers/input/tablet/wacom_sys.c in the ...)
	- linux 4.0.2-1 (low)
	[jessie] - linux <ignored> (Minor issue)
	[wheezy] - linux <no-dsa> (Minor issue)
	NOTE: http://seclists.org/bugtraq/2016/Mar/60
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283375
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283377
CVE-2016-3138 (The acm_probe function in drivers/usb/class/cdc-acm.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/54
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283366
	NOTE: http://marc.info/?l=linux-usb&m=145803342320160&w=2
CVE-2016-3137 (drivers/usb/serial/cypress_m8.c in the Linux kernel before 4.5.1 ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/55
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283368
CVE-2016-3136 (The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: http://seclists.org/bugtraq/2016/Mar/57
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283370
CVE-2016-3125 (The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 ...)
	- proftpd-dfsg 1.3.5b-1 (bug #818492)
	[jessie] - proftpd-dfsg 1.3.5-1.1+deb8u2
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4230
	NOTE: Fixed in 1.3.6rc2, 1.3.5b.
CVE-2016-3064 (NetApp Clustered Data ONTAP before 8.2.4P4 and 8.3.x before 8.3.2P2 ...)
	NOT-FOR-US: NetApp
CVE-2016-3063 (Multiple functions in NetApp OnCommand System Manager before 8.3.2 do ...)
	NOT-FOR-US: NetApp
CVE-2016-3062 (The mov_read_dref function in libavformat/mov.c in Libav before 11.7 ...)
	{DSA-3603-1 DLA-515-1}
	- libav <removed>
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=7e01d48cfd168c3dfc663f03a3b6a98e0ecba328
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=5fdcbc4a7cd81114a9f47bcb3040ca510bd6360d (11.7)
	NOTE: https://bugzilla.libav.org/show_bug.cgi?id=929
	- ffmpeg 7:2.4.1-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/689e59b7ffed34eba6159dcc78e87133862e3746 (n0.11)
CVE-2016-3061
	RESERVED
CVE-2016-3060 (Payments Director in IBM Financial Transaction Manager (FTM) for ACH ...)
	NOT-FOR-US: IBM
CVE-2016-3059 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
	NOT-FOR-US: IBM
CVE-2016-3058
	RESERVED
CVE-2016-3057 (Cross-site scripting (XSS) vulnerability in IBM Sterling B2B ...)
	NOT-FOR-US: IBM
CVE-2016-3056 (Cross-site scripting (XSS) vulnerability in Business Space in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3055 (IBM FileNet Workplace 4.0.2 before 4.0.2.14 LA012 allows remote ...)
	NOT-FOR-US: IBM
CVE-2016-3054 (Cross-site scripting (XSS) vulnerability in IBM FileNet Workplace ...)
	NOT-FOR-US: IBM
CVE-2016-3053 (IBM AIX contains an unspecified vulnerability that would allow a ...)
	NOT-FOR-US: IBM
CVE-2016-3052 (Under non-standard configurations, IBM WebSphere MQ might send ...)
	NOT-FOR-US: IBM
CVE-2016-3051 (IBM Security Access Manager for Web 9.0.0 could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3050
	RESERVED
CVE-2016-3049 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to HTML ...)
	NOT-FOR-US: IBM
CVE-2016-3048 (IBM OpenPages GRC Platform 7.1, 7.2, and 7.3 is vulnerable to ...)
	NOT-FOR-US: IBM
CVE-2016-3047 (Open redirect vulnerability in IBM FileNet Workplace 4.0.2 through ...)
	NOT-FOR-US: IBM
CVE-2016-3046 (IBM Security Access Manager for Web is vulnerable to SQL injection. A ...)
	NOT-FOR-US: IBM
CVE-2016-3045 (IBM Security Access Manager for Web stores sensitive information in ...)
	NOT-FOR-US: IBM
CVE-2016-3044 (The Linux kernel component in IBM PowerKVM 2.1 before 2.1.1.3-65.10 ...)
	- linux 4.4.6-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: https://www-01.ibm.com/support/docview.wss?uid=isg3T1023969
	NOTE: http://www.securityfocus.com/bid/92123/info
CVE-2016-3043 (IBM Security Access Manager for Web could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-3042 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3041
	RESERVED
CVE-2016-3040 (IBM WebSphere Application Server (WAS) Liberty, as used in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3039 (IBM Traveler 8.x and 9.x before 9.0.1.12 allows remote authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3038 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to cross-site scripting. ...)
	NOT-FOR-US: IBM
CVE-2016-3037 (IBM Cognos TM1 10.1 and 10.2 provides a service to return the victim's ...)
	NOT-FOR-US: IBM
CVE-2016-3036 (IBM Cognos TM1 10.1 and 10.2 is vulnerable to a denial of service, ...)
	NOT-FOR-US: IBM
CVE-2016-3035 (IBM AppScan Source could reveal some sensitive information through the ...)
	NOT-FOR-US: IBM
CVE-2016-3034 (IBM AppScan Source uses a one-way hash without salt to encrypt highly ...)
	NOT-FOR-US: IBM
CVE-2016-3033 (IBM AppScan Source 8.7 through 9.0.3.3 allows remote authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3032 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-3031 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-3030
	RESERVED
CVE-2016-3029 (IBM Security Access Manager for Web is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-3028 (IBM Security Access Manager for Web 7.0 before IF2 and 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-3027 (IBM Security Access Manager for Web is vulnerable to a denial of ...)
	NOT-FOR-US: IBM
CVE-2016-3026
	RESERVED
CVE-2016-3025 (IBM Security Access Manager for Mobile 8.x before 8.0.1.4 IF3 and ...)
	NOT-FOR-US: IBM
CVE-2016-3024 (IBM Security Access Manager for Web allows web pages to be stored ...)
	NOT-FOR-US: IBM
CVE-2016-3023 (IBM Security Access Manager for Web could allow an unauthenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3022 (IBM Security Access Manager for Web could allow an authenticated user ...)
	NOT-FOR-US: IBM
CVE-2016-3021 (IBM Security Access Manager for Web could allow an authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-3020 (IBM Security Access Manager for Web 7.0.0, 8.0.0, and 9.0.0 could ...)
	NOT-FOR-US: IBM
CVE-2016-3019 (IBM Security Access Manager for Web 9.0.0 uses weaker than expected ...)
	NOT-FOR-US: IBM
CVE-2016-3018 (IBM Security Access Manager for Web is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-3017 (IBM Security Access Manager for Web could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-3016 (IBM Security Access Manager for Web processes patches, image backups ...)
	NOT-FOR-US: IBM
CVE-2016-3015 (IBM Cognos Analytics 11.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-3014 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-3013 (IBM WebSphere MQ 8.0 could allow an authenticated user to crash the MQ ...)
	NOT-FOR-US: IBM
CVE-2016-3012 (IBM API Connect (aka APIConnect) before 5.0.3.0 with NPM before 2.2.8 ...)
	NOT-FOR-US: IBM
CVE-2016-3011
	RESERVED
CVE-2016-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3009 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3008 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3007 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.x ...)
	NOT-FOR-US: IBM
CVE-2016-3006 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3005 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3004 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-3003 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3002 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 ...)
	NOT-FOR-US: IBM
CVE-2016-3001 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-3000 (The help service in IBM Connections 4.x through 4.5 CR5, 5.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-2999 (IBM Connections 4.x through 4.5 CR5, 5.0 before CR4, and 5.5 before ...)
	NOT-FOR-US: IBM
CVE-2016-2998 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2997 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2996 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when ...)
	NOT-FOR-US: IBM
CVE-2016-2995 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2994 (Cross-site scripting (XSS) vulnerability in IBM UrbanCode Deploy 6.2.x ...)
	NOT-FOR-US: IBM
CVE-2016-2993
	RESERVED
CVE-2016-2992 (IBM Infosphere BigInsights is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2991 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM
CVE-2016-2990
	RESERVED
CVE-2016-2989 (Open redirect vulnerability in the Connections Portlets component 5.x ...)
	NOT-FOR-US: IBM
CVE-2016-2988 (IBM Tivoli Storage Manger for Virtual Environments: Data Protection ...)
	NOT-FOR-US: IBM
CVE-2016-2987 (An undisclosed vulnerability in CLM applications may result in some ...)
	NOT-FOR-US: IBM
CVE-2016-2986 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2985 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
	NOT-FOR-US: IBM
CVE-2016-2984 (IBM Spectrum Scale 4.1.1.x before 4.1.1.8 and 4.2.x before 4.2.0.4 and ...)
	NOT-FOR-US: IBM
CVE-2016-2983 (IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2016-2982
	RESERVED
CVE-2016-2981 (An undisclosed vulnerability in the CLM applications in IBM Jazz Team ...)
	NOT-FOR-US: IBM
CVE-2016-2980 (The Sametime WebPlayer 8.5.2 and 9.0 is vulnerable to a script ...)
	NOT-FOR-US: IBM
CVE-2016-2979 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-2978 (IBM Sametime 8.5.2 and 9.0 could store potentially sensitive ...)
	NOT-FOR-US: IBM
CVE-2016-2977 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a malicious user ...)
	NOT-FOR-US: IBM
CVE-2016-2976 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting ...)
	NOT-FOR-US: IBM
CVE-2016-2975 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2974 (IBM Sametime Connect 8.5.2 and 9.0, after uninstalling the Sametime ...)
	NOT-FOR-US: IBM
CVE-2016-2973 (IBM Sametime Media Services 8.5.2 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-2972 (IBM Sametime Meeting Server 8.5.2 and 9.0 could store credentials of ...)
	NOT-FOR-US: IBM
CVE-2016-2971 (IBM Sametime Media Services 8.5.2 and 9.0 can disclose sensitive ...)
	NOT-FOR-US: IBM
CVE-2016-2970 (IBM Sametime 8.5 and 9.0 meetings server may provide detailed ...)
	NOT-FOR-US: IBM
CVE-2016-2969 (IBM Sametime Meeting Server 8.5.2 and 9.0 may send replies that ...)
	NOT-FOR-US: IBM
CVE-2016-2968 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.7 allows ...)
	NOT-FOR-US: IBM
CVE-2016-2967 (IBM Sametime 8.5.2 and 9.0 is vulnerable to cross-site scripting. This ...)
	NOT-FOR-US: IBM
CVE-2016-2966 (IBM Sametime 8.5.1 and 9.0 could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2016-2965 (IBM Sametime Meeting Server 8.5.2 and 9.0 is vulnerable to cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-2964 (IBM Sametime 8.5.2 and 9.0 under certain conditions provides an error ...)
	NOT-FOR-US: IBM
CVE-2016-2963 (Cross-site request forgery (CSRF) vulnerability in IBM BigFix Remote ...)
	NOT-FOR-US: IBM
CVE-2016-2962
	RESERVED
CVE-2016-2961 (The integration server in IBM Integration Bus 9 before 9.0.0.6 and 10 ...)
	NOT-FOR-US: IBM
CVE-2016-2960 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.43, 8.0.0.x ...)
	NOT-FOR-US: IBM
CVE-2016-2959 (IBM Sametime Meeting Server 8.5.2 and 9.0 could allow a meeting room ...)
	NOT-FOR-US: IBM
CVE-2016-2958 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 ...)
	NOT-FOR-US: IBM
CVE-2016-2957 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 ...)
	NOT-FOR-US: IBM
CVE-2016-2956 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2955 (Cross-site scripting (XSS) vulnerability in IBM Connections 5.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-2954 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2953 (IBM Connections 4.0 through CR4, 4.5 through CR5, and 5.0 before CR4 ...)
	NOT-FOR-US: IBM
CVE-2016-2952 (IBM BigFix Remote Control before 9.1.3 does not enable the HSTS ...)
	NOT-FOR-US: IBM
CVE-2016-2951 (IBM BigFix Remote Control before 9.1.3 does not properly set the ...)
	NOT-FOR-US: IBM
CVE-2016-2950 (SQL injection vulnerability in IBM BigFix Remote Control before 9.1.3 ...)
	NOT-FOR-US: IBM
CVE-2016-2949 (IBM BigFix Remote Control before 9.1.3 allows local users to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-2948 (IBM BigFix Remote Control before 9.1.3 allows local users to discover ...)
	NOT-FOR-US: IBM
CVE-2016-2947 (IBM Rational Collaborative Lifecycle Management 4.0 before 4.0.7 ...)
	NOT-FOR-US: IBM
CVE-2016-2946 (Stack-based buffer overflow in the ax Shared Libraries in the Agent in ...)
	NOT-FOR-US: IBM
CVE-2016-2945 (The API Discovery implementation in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM
CVE-2016-2944 (IBM BigFix Remote Control before 9.1.3 does not properly restrict ...)
	NOT-FOR-US: IBM
CVE-2016-2943 (IBM BigFix Remote Control before 9.1.3 allows local users to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-2942 (IBM UrbanCode Deploy could allow an authenticated attacker with ...)
	NOT-FOR-US: IBM
CVE-2016-2941 (IBM UrbanCode Deploy creates temporary files during step execution ...)
	NOT-FOR-US: IBM
CVE-2016-2940 (Multiple unspecified vulnerabilities in IBM BigFix Remote Control ...)
	NOT-FOR-US: IBM
CVE-2016-2939 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-2938 (IBM iNotes is vulnerable to cross-site scripting. This vulnerability ...)
	NOT-FOR-US: IBM
CVE-2016-2937 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to ...)
	NOT-FOR-US: IBM
CVE-2016-2936 (IBM BigFix Remote Control before 9.1.3 uses cleartext storage for ...)
	NOT-FOR-US: IBM
CVE-2016-2935 (The broker application in IBM BigFix Remote Control before 9.1.3 ...)
	NOT-FOR-US: IBM
CVE-2016-2934 (Cross-site scripting (XSS) vulnerability in IBM BigFix Remote Control ...)
	NOT-FOR-US: IBM
CVE-2016-2933 (Directory traversal vulnerability in IBM BigFix Remote Control before ...)
	NOT-FOR-US: IBM
CVE-2016-2932 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to ...)
	NOT-FOR-US: IBM
CVE-2016-2931 (IBM BigFix Remote Control before 9.1.3 allows remote attackers to ...)
	NOT-FOR-US: IBM
CVE-2016-2930 (IBM BigFix Remote Control 9.1.3 could allow a remote attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-2929 (IBM BigFix Remote Control before 9.1.3 does not properly restrict ...)
	NOT-FOR-US: IBM
CVE-2016-2928 (IBM BigFix Remote Control before 9.1.3 allows remote authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-2927 (IBM BigFix Remote Control before 9.1.3 does not properly restrict the ...)
	NOT-FOR-US: IBM
CVE-2016-2926 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2925 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM
CVE-2016-2924 (IBM Infosphere BigInsights is vulnerable to cross-site scripting, ...)
	NOT-FOR-US: IBM
CVE-2016-2923 (IBM WebSphere Application Server (WAS) 8.5 through 8.5.5.9 Liberty ...)
	NOT-FOR-US: IBM
CVE-2016-2922
	RESERVED
CVE-2016-2921
	RESERVED
CVE-2016-2920
	RESERVED
CVE-2016-2919
	RESERVED
CVE-2016-2918
	RESERVED
CVE-2016-2917 (The notifications component in IBM TRIRIGA Applications 10.4 and 10.5 ...)
	NOT-FOR-US: IBM
CVE-2016-2916
	RESERVED
CVE-2016-2915
	RESERVED
CVE-2016-2914 (Unrestricted file upload vulnerability in the Document Builder in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2913
	RESERVED
CVE-2016-2912 (Cross-site scripting (XSS) vulnerability in the Document Builder in ...)
	NOT-FOR-US: IBM
CVE-2016-2911
	RESERVED
CVE-2016-2910
	RESERVED
CVE-2016-2909
	RESERVED
CVE-2016-2908 (IBM Single Sign On for Bluemix could allow a remote attacker to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-2907
	RESERVED
CVE-2016-2906
	RESERVED
CVE-2016-2905
	RESERVED
CVE-2016-2904
	RESERVED
CVE-2016-2903
	RESERVED
CVE-2016-2902
	RESERVED
CVE-2016-2901 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: IBM
CVE-2016-2900
	RESERVED
CVE-2016-2899
	RESERVED
CVE-2016-2898
	RESERVED
CVE-2016-2897
	RESERVED
CVE-2016-2896
	RESERVED
CVE-2016-2895
	RESERVED
CVE-2016-2894 (IBM Spectrum Protect (formerly Tivoli Storage Manager) 5.5 through 6.3 ...)
	NOT-FOR-US: IBM
CVE-2016-2893
	RESERVED
CVE-2016-2892
	RESERVED
CVE-2016-2891
	RESERVED
CVE-2016-2890
	RESERVED
CVE-2016-2889 (Cross-site request forgery (CSRF) vulnerability in the Report Builder ...)
	NOT-FOR-US: IBM
CVE-2016-2888 (Cross-site scripting (XSS) vulnerability in the Report Builder and ...)
	NOT-FOR-US: IBM
CVE-2016-2887 (IBM IMS Enterprise Suite Data Provider before 3.2.0.1 for Microsoft ...)
	NOT-FOR-US: IBM
CVE-2016-2886
	RESERVED
CVE-2016-2885
	RESERVED
CVE-2016-2884 (Cross-site request forgery (CSRF) vulnerability in IBM Forms ...)
	NOT-FOR-US: IBM
CVE-2016-2883 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application ...)
	NOT-FOR-US: IBM
CVE-2016-2882 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM
CVE-2016-2881 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 and ...)
	NOT-FOR-US: IBM
CVE-2016-2880 (IBM QRadar 7.2 stores the encryption key used to encrypt the service ...)
	NOT-FOR-US: IBM
CVE-2016-2879 (IBM QRadar 7.2 uses outdated hashing algorithms to hash certain ...)
	NOT-FOR-US: IBM
CVE-2016-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2877 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses weak ...)
	NOT-FOR-US: IBM
CVE-2016-2876 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 executes ...)
	NOT-FOR-US: IBM
CVE-2016-2875 (IBM Security QRadar SIEM 7.1.x and 7.2.x before 7.2.7 allows remote ...)
	NOT-FOR-US: IBM
CVE-2016-2874 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 ...)
	NOT-FOR-US: IBM
CVE-2016-2873 (SQL injection vulnerability in IBM QRadar SIEM 7.1 before MR2 Patch 13 ...)
	NOT-FOR-US: IBM
CVE-2016-2872 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...)
	NOT-FOR-US: IBM
CVE-2016-2871 (IBM QRadar SIEM 7.1 before MR2 Patch 13 and 7.2 before 7.2.7 uses ...)
	NOT-FOR-US: IBM
CVE-2016-2870 (Buffer overflow in the CLI on IBM WebSphere DataPower XC10 appliances ...)
	NOT-FOR-US: IBM
CVE-2016-2869 (Multiple cross-site scripting (XSS) vulnerabilities in the UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2016-2868 (IBM Security QRadar SIEM 7.2.x before 7.2.7 allows remote ...)
	NOT-FOR-US: IBM
CVE-2016-2867 (IBM InfoSphere Streams before 4.0.1.2 and IBM Streams before 4.1.1.1 ...)
	NOT-FOR-US: IBM
CVE-2016-2866 (An unspecified vulnerability in IBM Jazz Team Server may disclose some ...)
	NOT-FOR-US: IBM
CVE-2016-2865 (The GIT Integration component in IBM Rational Team Concert (RTC) 5.x ...)
	NOT-FOR-US: IBM
CVE-2016-2864 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-2863 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2016-2862 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2016-2861 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3, 7.1.1 before ...)
	NOT-FOR-US: IBM
CVE-2016-2860 (The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 ...)
	{DSA-3569-1 DLA-493-1}
	- openafs 1.6.17-1
	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=396240cf070a806b91fea81131d034e1399af1e0
	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132822 (currently not public)
CVE-2016-3154 (The encoder_contexte_ajax function in ecrire/inc/filtres.php in SPIP ...)
	{DSA-3518-1}
	- spip 3.0.22-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22903
CVE-2016-3153 (SPIP 2.x before 2.1.19, 3.0.x before 3.0.22, and 3.1.x before 3.1.1 ...)
	{DSA-3518-1}
	- spip 3.0.22-1
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/15/2
	NOTE: patch https://core.spip.net/projects/spip/repository/revisions/22911
CVE-2016-XXXX [Cross-site scripting (XSS) vulnerability in cgit's "txt2html" filter]
	- cgit 0.12.0.git2.7.0-1
	[jessie] - cgit 0.10.2.git2.0.1-3+deb8u1
	NOTE: https://git.zx2c4.com/cgit/commit/filters/html-converters/txt2html?id=13c2d3df0440ce04273de3149631a9bd97490c6e
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/03/05/8
CVE-2016-3172 (SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier ...)
	{DLA-560-1}
	- cacti 0.8.8g+ds1-2 (bug #818647)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://bugs.cacti.net/view.php?id=2667
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/13
	NOTE: Requires authenticated user
CVE-2016-3116 (CRLF injection vulnerability in Dropbear SSH before 2016.72 allows ...)
	- dropbear 2016.72-1
	[jessie] - dropbear 2014.65-1+deb8u1
	[wheezy] - dropbear <no-dsa> (Minor issue)
	NOTE: https://matt.ucc.asn.au/dropbear/CHANGES
	NOTE: Fixed in 2016.72 upstream
CVE-2016-3115 (Multiple CRLF injection vulnerabilities in session.c in sshd in ...)
	- openssh 1:7.2p2-1
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://www.openssh.com/txt/x11fwd.adv
	NOTE: Portable OpenSSH 7.2p2 contains a fix for this vulnerability.
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/8
	NOTE: Upstream fix: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&sortby=date&f=h
CVE-2016-3134 (The netfilter subsystem in the Linux kernel through 4.5.2 does not ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1
	[wheezy] - linux <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=758
	NOTE: https://patchwork.ozlabs.org/patch/595575/
	NOTE: http://marc.info/?l=netfilter-devel&m=145757134822741&w=2
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/4
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
	NOTE: Non-privileged user namespaces disabled by default, only vulnerable with sysctl kernel.unprivileged_userns_clone=1
CVE-2016-3135 (Integer overflow in the xt_alloc_table_info function in ...)
	- linux 4.4.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://marc.info/?l=netfilter-devel&m=145757136822750&w=2
	NOTE: https://patchwork.ozlabs.org/patch/595576/
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/7
CVE-2015-8835 (The make_http_soap_request function in ext/soap/php_http.c in PHP ...)
	- php5 5.6.12+dfsg-1
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	[wheezy] - php5 5.4.44-0+deb7u1
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=c96d08b27226193dd51f2b50e84272235c6aaa69
	NOTE: https://bugs.php.net/bug.php?id=70081
	NOTE: Fixed in 5.6.12, 5.5.28, 5.4.44
	NOTE: CVE assignment is for "The first problem" section of Bug 70081
CVE-2015-8833 (Use-after-free vulnerability in the create_smp_dialog function in ...)
	{DSA-3528-1}
	- pidgin-otr 4.0.2-1
	[wheezy] - pidgin-otr <not-affected> (Vulnerable code not present)
	NOTE: https://blog.fuzzing-project.org/39-Heap-use-after-free-in-Pidgin-OTR-plugin.html
	NOTE: https://bugs.otr.im/issues/88
	NOTE: https://bugs.otr.im/issues/128
	NOTE: Fixed by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/aaf551b9dd5cbba8c4abaa3d4dc7ead860efef94
	NOTE: Introduced by: https://bugs.otr.im/projects/pidgin-otr/repository/revisions/c276bfa786bef8a4572a37d5633cf40f480d3ae0
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/09/8
CVE-2016-2859
	REJECTED
CVE-2016-3124 (The sanitycheck module in SimpleSAMLphp before 1.14.1 allows remote ...)
	- simplesamlphp 1.14.1-1 (unimportant; bug #817162)
	NOTE: https://simplesamlphp.org/security/201603-01
	NOTE: Fixed upstream in 1.14.1
	NOTE: https://github.com/simplesamlphp/simplesamlphp/commit/952027dd7f794ff4b2d4f5eddf549c5b5070fa38
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/08/4
	NOTE: Not treated as a security issue, many components in Debian reveal the release in use
CVE-2016-2855 (The Huawei Mobile Broadband HL Service 22.001.25.00.03 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2016-2852
	RESERVED
CVE-2016-2851 (Integer overflow in proto.c in libotr before 4.1.1 on 64-bit platforms ...)
	{DSA-3512-1}
	- libotr 4.1.1-1 (bug #817799)
	NOTE: https://lists.cypherpunks.ca/pipermail/otr-announce/2016-March/000062.html
	NOTE: https://www.x41-dsec.de/lab/advisories/x41-2016-001-libotr/
CVE-2016-2850 (Botan 1.11.x before 1.11.29 does not enforce TLS policy for (1) ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.29
CVE-2016-2849 (Botan before 1.10.13 and 1.11.x before 1.11.29 do not use a ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.13-1 (bug #822698)
	NOTE: http://botan.randombit.net/security.html
	NOTE: Introduced in 1.7.15, fixed in 1.10.13 and 1.11.29
	NOTE: FIX https://github.com/randombit/botan/commit/bcf13fa153a11b3e0ad54e2af6962441cea3adf1
CVE-2016-2848 (ISC BIND 9.1.0 through 9.8.4-P2 and 9.9.0 through 9.9.2-P2 allows ...)
	{DLA-672-1}
	- bind9 1:9.9.3.dfsg.P2-1 (bug #839051)
	NOTE: https://kb.isc.org/article/AA-01433
	NOTE: Fixed by https://source.isc.org/cgi-bin/gitweb.cgi?p=bind9.git;a=commitdiff;h=4adf97c32fcca7d00e5756607fd045f2aab9c3d4
CVE-2016-2846 (Siemens SIMATIC S7-1200 CPU devices before 4.0 allow remote attackers ...)
	NOT-FOR-US: Siemens SIMATIC S7-1200 CPU devices
CVE-2016-2845 (The Content Security Policy (CSP) implementation in Blink, as used in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2844 (WebKit/Source/core/layout/LayoutBlock.cpp in Blink, as used in Google ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-2843 (Multiple unspecified vulnerabilities in Google V8 before 4.9.385.26, ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-3178 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
	{DLA-454-1}
	- minissdpd 1.2.20130907-3.2 (bug #816759)
	[jessie] - minissdpd 1.2.20130907-3+deb8u1
	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
	NOTE: https://github.com/miniupnp/miniupnp/commit/b238cade9a173c6f751a34acf8ccff838a62aa47
CVE-2016-3179 (The processRequest function in minissdpd.c in MiniSSDPd 1.2.20130907-3 ...)
	{DLA-454-1}
	- minissdpd 1.2.20130907-3.2 (bug #816759)
	[jessie] - minissdpd 1.2.20130907-3+deb8u1
	NOTE: https://speirofr.appspot.com/files/advisory/SPADV-2016-02.md
	NOTE: https://github.com/miniupnp/miniupnp/commit/140ee8d2204b383279f854802b27bdb41c1d5d1a
CVE-2016-2842 (The doapr_outch function in crypto/bio/b_print.c in OpenSSL 1.0.1 ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: split from CVE-2016-0799
CVE-2016-3142 (The phar_parse_zipfile function in zip.c in the PHAR extension in PHP ...)
	{DLA-818-1}
	- php5 5.6.19+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	NOTE: https://bugs.php.net/bug.php?id=71498
	NOTE: Fixed in 5.5.33, 5.6.19
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/2
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=a6fdc5bb27b20d889de0cd29318b3968aabb57bd
CVE-2016-3141 (Use-after-free vulnerability in wddx.c in the WDDX extension in PHP ...)
	{DLA-818-1}
	- php5 5.6.19+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	NOTE: https://bugs.php.net/bug.php?id=71587
	NOTE: Fixed in 5.5.33, 5.6.19
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/10/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/13/1
CVE-2016-2858 (QEMU, when built with the Pseudo Random Number Generator (PRNG) ...)
	- qemu 1:2.6+dfsg-1 (bug #817183)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: http://git.qemu.org/?p=qemu.git;a=commit;h=60253ed1e6ec6d8e5ef2efe7bf755f475dce9956 (v2.6.0-rc0)
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commit;h=a9b7b2ad7b075dba5495271706670e5c6b1304bc (v1.3.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1314676
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/04/1
CVE-2015-8832 (Multiple incomplete blacklist vulnerabilities in ...)
	- dotclear <removed> (bug #815979)
	NOTE: https://hg.dotclear.org/dotclear/rev/198580bc3d80
	NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
	NOTE: Fixed upstream in 2.8.2
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2015-8831 (Cross-site scripting (XSS) vulnerability in admin/comments.php in ...)
	- dotclear <removed> (bug #815979)
	NOTE: https://hg.dotclear.org/dotclear/rev/65e65154dadf
	NOTE: https://dotclear.org/blog/post/2015/10/25/Dotclear-2.8.2
	NOTE: Fixed upstream in 2.8.2
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/05/4
CVE-2016-8000
	REJECTED
CVE-2016-2840 (An issue was discovered in Open-Xchange Server 6 / OX AppSuite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2016-2857 (The net_checksum_calculate function in net/checksum.c in QEMU allows ...)
	{DLA-574-1 DLA-573-1}
	- qemu 1:2.6+dfsg-1 (bug #817182)
	[jessie] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=362786f14a753d8a5256ef97d7c10ed576d6572b (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296567
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/9
CVE-2016-2854 (The aufs module for the Linux kernel 3.x and 4.x does not properly ...)
	- linux 3.18-1~exp1
	[jessie] - linux <ignored> (Not exploitable in default configuration)
	[wheezy] - linux <not-affected> (Vulnerable code is not present)
	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
	NOTE: This depends on a user namespace creator being able to mount aufs.
	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
	NOTE: wheezy: User namespaces are non-functional.
CVE-2016-2853 (The aufs module for the Linux kernel 3.x and 4.x does not properly ...)
	- linux 3.18-1~exp1
	[jessie] - linux <ignored> (Not exploitable in default configuration)
	[wheezy] - linux <not-affected> (Vulnerable code is not present)
	NOTE: http://www.halfdog.net/Security/2016/AufsPrivilegeEscalationInUserNamespaces/
	NOTE: https://sourceforge.net/p/aufs/mailman/message/34864744/
	NOTE: This depends on a user namespace creator being able to mount aufs.
	NOTE: jessie: Unprivileged users are not allowed to create user namespaces by default; aufs is not allowed to be mounted from a new user namespace by default.
	NOTE: wheezy: User namespaces are non-functional.
CVE-2016-2839 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 on Linux ...)
	- firefox <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
	- firefox-esr <not-affected> (Uses gstreamer-ffmpeg/libav 1.0)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-65/
	NOTE: Related patches https://hg.mozilla.org/mozilla-central/log?rev=Bug+1275339
CVE-2016-2838 (Heap-based buffer overflow in the nsBidi::BracketData::AddOpening ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-64/
CVE-2016-2837 (Heap-based buffer overflow in the ClearKey Content Decryption Module ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-77/
CVE-2016-2836 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3686-1 DSA-3640-1 DLA-640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	- icedove 1:45.3.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
CVE-2016-2835 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- firefox 48.0-1
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- icedove <not-affected> (Doesn't apply to Thunderbird ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-62/
CVE-2016-2834 (Mozilla Network Security Services (NSS) before 3.23, as used in ...)
	{DSA-3688-1 DLA-527-1}
	- nss 2:3.23-1
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-61/
CVE-2016-2833 (Mozilla Firefox before 47.0 ignores Content Security Policy (CSP) ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2832 (Mozilla Firefox before 47.0 allows remote attackers to discover the ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2831 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 do not ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2830 (Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 preserve ...)
	{DSA-3640-1 DLA-585-1}
	- firefox 48.0-1
	- firefox-esr 45.3.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-63/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1342897
CVE-2016-2829 (Mozilla Firefox before 47.0 allows remote attackers to spoof ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2828 (Use-after-free vulnerability in Mozilla Firefox before 47.0 and ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2827 (The mozilla::net::IsValidReferrerPolicy function in Mozilla Firefox ...)
	- firefox 49.0-1
	- firefox-esr <not-affected> (Doesn't affect ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-86/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-87/
CVE-2016-2826 (The maintenance service in Mozilla Firefox before 47.0 and Firefox ESR ...)
	- firefox-esr <not-affected> (Only affects Windows)
	- firefox <not-affected> (Only affects Windows)
CVE-2016-2825 (Mozilla Firefox before 47.0 allows remote attackers to bypass the Same ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2824 (The TSymbolTableLevel class in ANGLE, as used in Mozilla Firefox ...)
	- firefox-esr <not-affected> (Only affects Windows)
	- firefox <not-affected> (Only affects Windows)
CVE-2016-2823
	RESERVED
CVE-2016-2822 (Mozilla Firefox before 47.0 and Firefox ESR 45.x before 45.2 allow ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2821 (Use-after-free vulnerability in the mozilla::dom::Element class in ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2820 (The Firefox Health Reports (aka FHR or about:healthreport) feature in ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-48/
CVE-2016-2819 (Heap-based buffer overflow in Mozilla Firefox before 47.0 and Firefox ...)
	{DSA-3600-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
CVE-2016-2818 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3647-1 DSA-3600-1 DLA-572-1 DLA-521-1}
	- firefox-esr 45.2.0esr-1
	- firefox 47.0-1
	- icedove 1:45.2.0-1
CVE-2016-2817 (The WebExtension sandbox feature in ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-46/
CVE-2016-2816 (Mozilla Firefox before 46.0 allows remote attackers to bypass the ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-45/
CVE-2016-2815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- firefox-esr <not-affected> (Doesn't apply to Firefox ESR)
	- firefox 47.0-1
CVE-2016-2814 (Heap-based buffer overflow in the ...)
	{DSA-3559-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-44/
CVE-2016-2813 (Mozilla Firefox before 46.0 on Android does not properly restrict ...)
	- iceweasel <not-affected> (Only Firefox on Android)
	- firefox-esr <not-affected> (Only Firefox on Android)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-43/
CVE-2016-2812 (Race condition in the get implementation in the ServiceWorkerManager ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
CVE-2016-2811 (Use-after-free vulnerability in the ServiceWorkerInfo class in the ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-42/
CVE-2016-2810 (Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to ...)
	- iceweasel <not-affected> (Only Firefox on Android)
	- firefox-esr <not-affected> (Only Firefox on Android)
	- firefox <not-affected> (Only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-41/
CVE-2016-2809 (The Mozilla Maintenance Service updater in Mozilla Firefox before 46.0 ...)
	- iceweasel <not-affected> (Only Firefox on Windows)
	- firefox-esr <not-affected> (Only Firefox on Windows)
	- firefox <not-affected> (Only Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-40/
CVE-2016-2808 (The watch implementation in the JavaScript engine in Mozilla Firefox ...)
	{DSA-3559-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-47/
CVE-2016-2807 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3576-1 DSA-3559-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2806 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3601-1 DLA-519-1}
	- iceweasel <not-affected> (Only Firefox 45.x)
	- firefox-esr 45.1.0esr-1
	- firefox 46.0-1
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2805 (Unspecified vulnerability in the browser engine in Mozilla Firefox ESR ...)
	{DSA-3576-1 DSA-3559-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr <not-affected> (Only affects Firefox ESR 38.x)
	- firefox <not-affected> (Only affects Firefox ESR 38.x)
	- icedove 1:45.1.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2804 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only Firefox 46)
	- firefox-esr <not-affected> (Only Firefox 46)
	- firefox 46.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-39/
CVE-2016-2803 (Cross-site scripting (XSS) vulnerability in the dependency graphs in ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
CVE-2016-2802 (The graphite2::TtfUtil::CmapSubtable4NextCodepoint function in ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2801 (The graphite2::TtfUtil::CmapSubtable12Lookup function in TtfUtil.cpp ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2800 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2799 (Heap-based buffer overflow in the graphite2::Slot::setAttr function in ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2798 (The graphite2::GlyphCache::Loader::Loader function in Graphite 2 ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2797 (The graphite2::TtfUtil::CmapSubtable12Lookup function in Graphite 2 ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2796 (Heap-based buffer overflow in the graphite2::vm::Machine::Code::Code ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2795 (The graphite2::FileFace::get_table_fn function in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2794 (The graphite2::TtfUtil::CmapSubtable12NextCodepoint function in ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2793 (CachedCmap.cpp in Graphite 2 before 1.3.6, as used in Mozilla Firefox ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2792 (The graphite2::Slot::getAttr function in Slot.cpp in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2791 (The graphite2::GlyphCache::glyph function in Graphite 2 before 1.3.6, ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2790 (The graphite2::TtfUtil::GetTableInfo function in Graphite 2 before ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-2789 (Cross-site scripting (XSS) vulnerability in the Web User Interface in ...)
	NOT-FOR-US: Citrix
CVE-2015-8829
	REJECTED
CVE-2015-8828
	REJECTED
CVE-2015-8827
	REJECTED
CVE-2015-8826
	REJECTED
CVE-2015-8825
	REJECTED
CVE-2015-8824
	REJECTED
CVE-2015-8823 (Use-after-free vulnerability in the TextField object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8822 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8821 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8820 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8819
	RESERVED
CVE-2016-2841 (The ne2000_receive function in the NE2000 NIC emulation support ...)
	- qemu 1:2.6+dfsg-1 (bug #817181)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=415ab35a441eca767d033a2702223e785b9d5190 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303106
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/02/8
CVE-2016-2788 (MCollective 2.7.0 and 2.8.x before 2.8.9, as used in Puppet ...)
	- mcollective 2.12.0+dfsg-1 (bug #850968)
	[jessie] - mcollective <no-dsa> (Minor issue)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: https://puppet.com/security/cve/cve-2016-2788
	NOTE: https://github.com/puppetlabs/marionette-collective/commit/4918a0f136aea04452b48a1ba29eb9aabcf5c97d
CVE-2016-2787 (The Puppet Communications Protocol in Puppet Enterprise 2015.3.x ...)
	- puppet <not-affected> (Specific to Puppet Enterprise)
CVE-2016-2786 (The pxp-agent component in Puppet Enterprise 2015.3.x before 2015.3.3 ...)
	- puppet <not-affected> (pxp-agent not packaged in Debian)
	NOTE: https://puppet.com/security/cve/cve-2016-2786
CVE-2016-2785 (Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before ...)
	- puppet <not-affected> (Vulnerable code only in 4.x)
	NOTE: https://puppet.com/security/cve/cve-2016-2785
	NOTE: https://github.com/puppetlabs/puppet/pull/4921/commits/8d2ce797db265720f0a20d1d46ee2757b4e4f6b2
CVE-2016-2784 (CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty ...)
	NOT-FOR-US: CMS Made Simple
CVE-2015-8818 (The cpu_physical_memory_write_rom_internal function in exec.c in QEMU ...)
	- qemu 1:2.4+dfsg-1a
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=b242e0e0e2969c044a318e56f7988bbd84de1f63 (v2.4.0-rc0)
CVE-2015-8817 (QEMU (aka Quick Emulator) built to use 'address_space_translate' to ...)
	- qemu 1:2.4+dfsg-1a
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along with a future DSA)
	[wheezy] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	[squeeze] - qemu <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	- qemu-kvm <not-affected> (Affects Qemu versions >= 1.6.0 and <= 2.3.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/01/10
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c3c1bb99d1c11978d9ce94d1bdcf0705378c1459 (v2.3.0-rc1)
	NOTE: https://lists.gnu.org/archive/html/qemu-stable/2016-01/msg00060.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=23820dbfc79d1c9dce090b4c555994f2bb6a69b3 (v2.4.0-rc0)
CVE-2016-2783 (Avaya Fabric Connect Virtual Services Platform (VSP) Operating System ...)
	NOT-FOR-US: Avaya
CVE-2016-2780 (Untrusted search path vulnerability in Huawei UTPS before ...)
	NOT-FOR-US: Huawei UTPS
CVE-2016-2778
	RESERVED
CVE-2016-2777
	REJECTED
CVE-2016-2776 (buffer.c in named in ISC BIND 9 before 9.9.9-P3, 9.10.x before ...)
	{DSA-3680-1 DLA-645-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #839010)
	NOTE: https://kb.isc.org/article/AA-01419
CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...)
	{DSA-3680-1 DLA-645-1}
	[experimental] - bind9 1:9.10.4-P5-1
	- bind9 1:9.10.3.dfsg.P4-11 (bug #831796)
	NOTE: https://kb.isc.org/article/AA-01393/74/CVE-2016-2775
CVE-2016-2774 (ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 ...)
	- isc-dhcp 4.3.4-1 (bug #817158)
	[jessie] - isc-dhcp <no-dsa> (Minor issue)
	[wheezy] - isc-dhcp <no-dsa> (Minor issue)
	NOTE: https://kb.isc.org/article/AA-01354
	NOTE: https://source.isc.org/cgi-bin/gitweb.cgi?p=dhcp.git;a=commitdiff;h=0b209ea5cc333255e055113fa2ad636dda681a21
CVE-2016-2773
	REJECTED
CVE-2016-2772
	REJECTED
CVE-2016-2771
	REJECTED
CVE-2016-2770
	REJECTED
CVE-2016-2769
	REJECTED
CVE-2016-2768
	REJECTED
CVE-2016-2767
	REJECTED
CVE-2016-2766
	REJECTED
CVE-2016-2765
	REJECTED
CVE-2016-2764
	REJECTED
CVE-2016-2763
	REJECTED
CVE-2016-2762
	REJECTED
CVE-2016-2761
	REJECTED
CVE-2016-2760
	REJECTED
CVE-2016-2759
	REJECTED
CVE-2016-2758
	REJECTED
CVE-2016-2757
	REJECTED
CVE-2016-2756
	REJECTED
CVE-2016-2755
	REJECTED
CVE-2016-2754
	REJECTED
CVE-2016-2753
	REJECTED
CVE-2016-2752
	REJECTED
CVE-2016-2751
	REJECTED
CVE-2016-2750
	REJECTED
CVE-2016-2749
	REJECTED
CVE-2016-2748
	REJECTED
CVE-2016-2747
	REJECTED
CVE-2016-2746
	REJECTED
CVE-2016-2745
	REJECTED
CVE-2016-2744
	REJECTED
CVE-2016-2743
	REJECTED
CVE-2016-2742
	REJECTED
CVE-2016-2741
	REJECTED
CVE-2016-2740
	REJECTED
CVE-2016-2739
	REJECTED
CVE-2016-2738
	REJECTED
CVE-2016-2737
	REJECTED
CVE-2016-2736
	REJECTED
CVE-2016-2735
	REJECTED
CVE-2016-2734
	REJECTED
CVE-2016-2733
	REJECTED
CVE-2016-2732
	REJECTED
CVE-2016-2731
	REJECTED
CVE-2016-2730
	REJECTED
CVE-2016-2729
	REJECTED
CVE-2016-2728
	REJECTED
CVE-2016-2727
	REJECTED
CVE-2016-2726
	REJECTED
CVE-2016-2725
	REJECTED
CVE-2016-2724
	REJECTED
CVE-2016-2723
	REJECTED
CVE-2016-2722
	REJECTED
CVE-2016-2721
	REJECTED
CVE-2016-2720
	REJECTED
CVE-2016-2719
	REJECTED
CVE-2016-2718
	REJECTED
CVE-2016-2717
	REJECTED
CVE-2016-2716
	REJECTED
CVE-2016-2715
	REJECTED
CVE-2016-2714
	REJECTED
CVE-2016-2713
	REJECTED
CVE-2016-2712
	REJECTED
CVE-2016-2711
	REJECTED
CVE-2016-2710
	REJECTED
CVE-2016-2709
	REJECTED
CVE-2016-2708
	REJECTED
CVE-2016-2707
	REJECTED
CVE-2016-2706
	REJECTED
CVE-2016-2705
	REJECTED
CVE-2016-2704
	REJECTED
CVE-2016-2703
	REJECTED
CVE-2016-2702
	REJECTED
CVE-2016-2701
	REJECTED
CVE-2016-2700
	REJECTED
CVE-2016-2699
	REJECTED
CVE-2016-2698
	REJECTED
CVE-2016-2697
	REJECTED
CVE-2016-2696
	REJECTED
CVE-2016-2695
	REJECTED
CVE-2016-2694
	REJECTED
CVE-2016-2693
	REJECTED
CVE-2016-2692
	REJECTED
CVE-2016-2691
	REJECTED
CVE-2016-2690
	REJECTED
CVE-2016-2689
	REJECTED
CVE-2016-2688
	REJECTED
CVE-2016-2687
	REJECTED
CVE-2016-2686
	REJECTED
CVE-2016-2685
	REJECTED
CVE-2016-2684
	REJECTED
CVE-2016-2683
	REJECTED
CVE-2016-2682
	REJECTED
CVE-2016-2681
	REJECTED
CVE-2016-2680
	REJECTED
CVE-2016-2679
	REJECTED
CVE-2016-2678
	REJECTED
CVE-2016-2677
	REJECTED
CVE-2016-2676
	REJECTED
CVE-2016-2675
	REJECTED
CVE-2016-2674
	REJECTED
CVE-2016-2673
	REJECTED
CVE-2016-2672
	REJECTED
CVE-2016-2671
	REJECTED
CVE-2016-2670
	REJECTED
CVE-2016-2669
	REJECTED
CVE-2016-2668
	REJECTED
CVE-2016-2667
	REJECTED
CVE-2016-2666
	REJECTED
CVE-2016-2665
	REJECTED
CVE-2016-2664
	REJECTED
CVE-2016-2663
	REJECTED
CVE-2016-2662
	REJECTED
CVE-2016-2661
	REJECTED
CVE-2016-2660
	REJECTED
CVE-2016-2659
	REJECTED
CVE-2016-2658
	REJECTED
CVE-2016-2657
	REJECTED
CVE-2016-2656
	REJECTED
CVE-2016-2655
	REJECTED
CVE-2016-2654
	REJECTED
CVE-2016-2653
	REJECTED
CVE-2016-2652
	REJECTED
CVE-2016-2651
	REJECTED
CVE-2016-2650
	REJECTED
CVE-2016-2649
	REJECTED
CVE-2016-2648
	REJECTED
CVE-2016-2647
	REJECTED
CVE-2016-2646
	REJECTED
CVE-2016-2645
	REJECTED
CVE-2016-2644
	REJECTED
CVE-2016-2643
	REJECTED
CVE-2016-2642
	REJECTED
CVE-2016-2641
	REJECTED
CVE-2016-2640
	REJECTED
CVE-2016-2639
	REJECTED
CVE-2016-2638
	REJECTED
CVE-2016-2637
	REJECTED
CVE-2016-2636
	REJECTED
CVE-2016-2635
	REJECTED
CVE-2016-2634
	REJECTED
CVE-2016-2633
	REJECTED
CVE-2016-2632
	REJECTED
CVE-2016-2631
	REJECTED
CVE-2016-2630
	REJECTED
CVE-2016-2629
	REJECTED
CVE-2016-2628
	REJECTED
CVE-2016-2627
	REJECTED
CVE-2016-2626
	REJECTED
CVE-2016-2625
	REJECTED
CVE-2016-2624
	REJECTED
CVE-2016-2623
	REJECTED
CVE-2016-2622
	REJECTED
CVE-2016-2621
	REJECTED
CVE-2016-2620
	REJECTED
CVE-2016-2619
	REJECTED
CVE-2016-2618
	REJECTED
CVE-2016-2617
	REJECTED
CVE-2016-2616
	REJECTED
CVE-2016-2615
	REJECTED
CVE-2016-2614
	REJECTED
CVE-2016-2613
	REJECTED
CVE-2016-2612
	REJECTED
CVE-2016-2611
	REJECTED
CVE-2016-2610
	REJECTED
CVE-2016-2609
	REJECTED
CVE-2016-2608
	REJECTED
CVE-2016-2607
	REJECTED
CVE-2016-2606
	REJECTED
CVE-2016-2605
	REJECTED
CVE-2016-2604
	REJECTED
CVE-2016-2603
	REJECTED
CVE-2016-2602
	REJECTED
CVE-2016-2601
	REJECTED
CVE-2016-2600
	REJECTED
CVE-2016-2599
	REJECTED
CVE-2016-2598
	REJECTED
CVE-2016-2597
	REJECTED
CVE-2016-2596
	REJECTED
CVE-2016-2595
	REJECTED
CVE-2016-2594
	REJECTED
CVE-2016-2593
	REJECTED
CVE-2016-2592
	REJECTED
CVE-2016-2591
	REJECTED
CVE-2016-2590
	REJECTED
CVE-2016-2589
	REJECTED
CVE-2016-2588
	REJECTED
CVE-2016-2587
	REJECTED
CVE-2016-2586
	REJECTED
CVE-2016-2585
	REJECTED
CVE-2016-2584
	REJECTED
CVE-2016-2583
	REJECTED
CVE-2016-2582
	REJECTED
CVE-2016-2581
	REJECTED
CVE-2016-2580
	REJECTED
CVE-2016-2579
	REJECTED
CVE-2016-2578
	REJECTED
CVE-2016-2577
	REJECTED
CVE-2016-2576
	REJECTED
CVE-2016-2575
	REJECTED
CVE-2016-2574
	REJECTED
CVE-2015-8852 (Varnish 3.x before 3.0.7, when used in certain stacked installations, ...)
	{DSA-3553-1}
	- varnish 4.0.0-1 (bug #783510)
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/16/1
	NOTE: fixed in 3.0.7 upstream, mark as fixed with first 4.x version in unstable
	NOTE: 4.x not affected
CVE-2016-XXXX [unsafe use of /tmp]
	- wine <unfixed> (unimportant; bug #816034)
	- wine-development <unfixed> (unimportant; bug #816034)
	NOTE: Negligable security impact
CVE-2016-XXXX [remote memory disclosure]
	- node-ws 1.0.1+ds1.e6ddaae4-1 (unimportant)
	NOTE: fixed in 1.0.1
	NOTE: https://nodesecurity.io/advisories/67
	NOTE: nodejs not covered by security support
CVE-2016-2782 (The treo_attach function in drivers/usb/serial/visor.c in the Linux ...)
	- linux 4.4.2-1
	[jessie] - linux 3.16.7-ckt25-1
	[wheezy] - linux 3.2.78-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cac9b50b0d75a1d50d6c056ff65c005f3224c8e0 (v4.5-rc2)
CVE-2016-2781 (chroot in GNU coreutils, when used with --userspec, allows local users ...)
	- coreutils <unfixed> (bug #816320)
	[stretch] - coreutils <ignored> (Minor issue)
	[jessie] - coreutils <ignored> (Minor issue)
	[wheezy] - coreutils <ignored> (Minor issue)
	NOTE: Restricting ioctl on the kernel side seems the better approach, but rejected by Linux upstream
	NOTE: Fixing this issue via setsid() would introduce regressions:
	NOTE: https://www.kernel.org/pub/linux/utils/util-linux/v2.28/v2.28-ReleaseNotes
CVE-2016-2779 (runuser in util-linux allows local users to escape to the parent ...)
	- util-linux <unfixed> (bug #815922)
	[stretch] - util-linux <no-dsa> (Minor issue)
	[jessie] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <not-affected> (runuser[.c] not yet present)
	[squeeze] - util-linux <not-affected> (runuser[.c] not yet present)
	NOTE: Restricting ioctl on the kernel side seems the better approach, patches have been posted to kernel-hardening list
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/27/1
	NOTE: https://marc.info/?l=util-linux-ng&m=145694736107128&w=2
CVE-2016-XXXX [Partial SMAP bypass on 64-bit Linux kernels]
	- linux 4.4.4-1
	[jessie] - linux 3.16.7-ckt25-2+deb8u1
	[wheezy] - linux <not-affected> (Introduced in 3.10)
	- linux-2.6 <not-affected> (Introduced in 3.10)
	NOTE: Introduced by: https://git.kernel.org/linus/63bcff2a307b9bcc712a8251eb27df8b2e117967 (v3.10-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/3d44d51bd339766f0178f0cf2e8d048b4a4872aa (v4.5-rc6)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/26/6
CVE-2016-7575
	REJECTED
CVE-2016-2573
	RESERVED
CVE-2016-2567 (secfilter in the Samsung kernel for Android on SM-N9005 build ...)
	NOT-FOR-US: Samsung
CVE-2016-2566 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) ...)
	NOT-FOR-US: Samsung
CVE-2016-2565 (Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) ...)
	NOT-FOR-US: Samsung
CVE-2016-2564 (Invision Power Services (IPS) Community Suite before 4.1.9 makes ...)
	NOT-FOR-US: Invision Power Services
CVE-2016-2563 (Stack-based buffer overflow in the SCP command-line utility in PuTTY ...)
	- putty 0.67-1 (bug #816921)
	[jessie] - putty <no-dsa> (Minor issue)
	[wheezy] - putty <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-pscp-sink-sscanf.html
	NOTE: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=bc6c15ab5f636e05b7e91883f0031a7e06117947
	NOTE: https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-2563
CVE-2016-2562 (The checkHTTP function in libraries/Config.class.php in phpMyAdmin ...)
	- phpmyadmin 4:4.5.5.1-1 (unimportant)
	[jessie] - phpmyadmin <not-affected>
	[wheezy] - phpmyadmin <not-affected>
	NOTE: vulnerabilty is only in the test suite
CVE-2016-2561 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-3627-1}
	- phpmyadmin 4:4.5.5.1-1
	[wheezy] - phpmyadmin <not-affected>
CVE-2016-2560 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.5.1-1 (low)
	NOTE: 7ddce5e39a4e12cd351732955394bc7055c280eb: file not present, vulnerability not found in wheezy
	NOTE: 0667ea8ac7519d7e642eade2686dc393d5faeae3: vulnerability present in 3.4.3.1, but code mysteriously not found in wheezy
	NOTE: fe3be9f4b9edd54dc39919e7dfeaaf4a67c1cf83: vulnerability introduced in 052fd61f (3.5.1)
	NOTE: b8f1e0f325f8f32bd82af64111d8c2e9055a363c and 73c8245a3d1893a710447957e28dcfb18d9b47ad present in wheezy and later, patch in lists.debian.org/87lh4fpyap.fsf@angela.anarcat.ath.cx
CVE-2016-2559 (Cross-site scripting (XSS) vulnerability in the format function in ...)
	- phpmyadmin 4:4.5.5.1-1 (low)
	[jessie] - phpmyadmin <not-affected>
	[wheezy] - phpmyadmin <not-affected>
CVE-2016-2572 (http.cc in Squid 4.x before 4.0.7 relies on the HTTP status code after ...)
	- squid3 <not-affected> (Only affects 4.x)
	- squid <not-affected> (Only affects 4.x)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
CVE-2016-2571 (http.cc in Squid 3.x before 3.5.15 and 4.x before 4.0.7 proceeds with ...)
	{DSA-3522-1 DLA-445-1}
	- squid3 3.5.15-1 (bug #816011)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13990.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14548.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2570 (The Edge Side Includes (ESI) parser in Squid 3.x before 3.5.15 and 4.x ...)
	- squid3 3.5.15-1 (bug #816011)
	[jessie] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
	[wheezy] - squid3 <no-dsa> (Minor issue, needs substantial backporting; too intrusive to backport)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13993.patch
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=3870
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14549.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
	NOTE: It's maybe too instrusive to fix in 3.1 (squeeze and wheezy).
CVE-2016-2569 (Squid 3.x before 3.5.15 and 4.x before 4.0.7 does not properly append ...)
	- squid3 3.5.15-1 (bug #816011)
	[jessie] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	[wheezy] - squid3 <no-dsa> (Minor issue; needs substantial backporting; too intrusive to backport)
	- squid <not-affected> (Vulnerable code not present)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_2.txt
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13991.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13998.patch
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13999.patch
	NOTE: http://www.squid-cache.org/Versions/v4/changesets/squid-4-14552.patch
	NOTE: Upstream confirmed it does not affect squid 2.7.x
CVE-2016-2568 (pkexec, when used with --user nonpriv, allows local users to escape to ...)
	- policykit-1 <unfixed> (bug #816062; bug #812512)
	[stretch] - policykit-1 <ignored> (Minor issue)
	[jessie] - policykit-1 <ignored> (Minor issue)
	[wheezy] - policykit-1 <ignored> (Minor issue)
	NOTE: Restricting ioctl on the kernel side seems the better approach
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300746
CVE-2016-2558 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2557 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2556 (The Escape interface in the Kernel Mode Driver layer in the NVIDIA GPU ...)
	NOT-FOR-US: NVIDIA Windows drivers
CVE-2016-2555 (SQL injection vulnerability in include/lib/mysql_connect.inc.php in ...)
	NOT-FOR-US: ATutor
CVE-2016-2553
	REJECTED
CVE-2016-2552
	RESERVED
CVE-2016-2551
	RESERVED
CVE-2016-3191 (The compile_branch function in pcre_compile.c in PCRE 8.x before 8.39 ...)
	{DLA-441-1}
	- pcre3 2:8.38-2 (bug #815921)
	[jessie] - pcre3 2:8.35-3.3+deb8u3
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	- pcre2 10.21-1 (bug #815920)
	NOTE: pcre3: http://vcs.pcre.org/pcre?view=revision&revision=1631
	NOTE: pcre2: http://vcs.pcre.org/pcre2?view=revision&revision=489
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1791
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1311503
CVE-2016-3162 (The File module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allows ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3163 (The XML-RPC system in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3164 (Drupal 6.x before 6.38, 7.x before 7.43, and 8.x before 8.0.4 might ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3165 (The Form API in Drupal 6.x before 6.38 ignores access restrictions on ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3166 (CRLF injection vulnerability in the drupal_set_header function in ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3167 (Open redirect vulnerability in the drupal_goto function in Drupal 6.x ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3168 (The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3169 (The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows ...)
	{DSA-3498-1}
	- drupal7 7.43-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3170 (The &quot;have you forgotten your password&quot; links in the User module in ...)
	{DSA-3498-1}
	- drupal8 <itp> (bug #756305)
	- drupal7 7.43-1
	- drupal6 <not-affected> (Only affects Drupal 7.x and Drupal 8.x)
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-3171 (Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before ...)
	- drupal7 <not-affected> (Only affects Drupal 6)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2016-001
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/24/19
CVE-2016-2541 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)
	- audacity 2.1.2-1 (unimportant)
	[jessie] - audacity <not-affected> (Vulnerable code not present)
	[wheezy] - audacity <not-affected> (vulnerable code not present)
	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
	NOTE: https://github.com/audacity/audacity/commit/85026f98958a8dcc09188be24a8db0385988e23f
	NOTE: Crash in desktop application, no security impact
CVE-2016-2540 (Audacity before 2.1.2 allows remote attackers to cause a denial of ...)
	{DLA-1277-1}
	- audacity 2.1.2-1 (unimportant)
	NOTE: http://wiki.audacityteam.org/wiki/Release_Notes_2.1.2
	NOTE: https://github.com/audacity/audacity/commit/407c1dc4b209111e4dbb3eec88f333aa8f69094c
	NOTE: https://github.com/audacity/audacity/commit/b5f2046286b266b10f87b764faa1586aee9c23ea
	NOTE: Crash in desktop application, no security impact
CVE-2016-2539 (Cross-site request forgery (CSRF) vulnerability in install_modules.php ...)
	NOT-FOR-US: ATutor
CVE-2016-2550 (The Linux kernel before 4.5 allows local users to bypass ...)
	{DSA-3503-1}
	- linux 4.4.4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/415e3d3e90ce9e18727e8843ae343eda5a58fad6 (v4.5-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1)
	NOTE: Technically wheezy-security and squeeze-lts are not affected by this CVE since the fix for
	NOTE: addressing CVE-2013-4312 was not applied.
CVE-2016-2549 (sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2ba1fe7a06d3624f9a7586d672b55f08f7c670f3 (v4.5-rc1)
CVE-2016-2548 (sound/core/timer.c in the Linux kernel before 4.4.1 retains certain ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2547 (sound/core/timer.c in the Linux kernel before 4.4.1 employs a locking ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5a663aa426f4884c71cd8580adae73f33570f0d (v4.5-rc1)
CVE-2016-2546 (sound/core/timer.c in the Linux kernel before 4.4.1 uses an incorrect ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede (v4.5-rc1)
CVE-2016-2545 (The snd_timer_interrupt function in sound/core/timer.c in the Linux ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee8413b01045c74340aa13ad5bdf905de32be736 (v4.5-rc1)
CVE-2016-2544 (Race condition in the queue_delete function in ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3 (v4.5-rc1)
CVE-2016-2543 (The snd_seq_ioctl_remove_events function in ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=030e2c78d3a91dd0d27fef37e91950dde333eba1 (v4.5-rc1)
CVE-2016-2542 (Untrusted search path vulnerability in Flexera InstallShield through ...)
	NOT-FOR-US: Flexera InstallShield
CVE-2016-2537 (The is-my-json-valid package before 2.12.4 for Node.js has an ...)
	NOT-FOR-US: is-my-json-valid package for Node.js
CVE-2016-2536 (Multiple use-after-free vulnerabilities in SAP 3D Visual Enterprise ...)
	NOT-FOR-US: SAP
CVE-2016-2535
	RESERVED
CVE-2016-2534
	RESERVED
CVE-2016-4421 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-18.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4420 (The NFS dissector in Wireshark 2.x before 2.0.2 allows remote ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-17.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4419 (epan/dissectors/packet-spice.c in the SPICE dissector in Wireshark 2.x ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-16.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4418 (epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-15.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4417 (Off-by-one error in epan/dissectors/packet-gsm_abis_oml.c in the GSM ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-14.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-4416 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-13.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-4415 (wiretap/vwr.c in the Ixia IxVeriWave file parser in Wireshark 2.x ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-12.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2532 (The dissect_llrp_parameters function in epan/dissectors/packet-llrp.c ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-11.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2531 (Off-by-one error in epan/dissectors/packet-rsl.c in the RSL dissector ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2530 (The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-10.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2529 (The iseries_check_file_type function in wiretap/iseries.c in the ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-09.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2528 (The dissect_nhdr_extopt function in epan/dissectors/packet-lbmc.c in ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-08.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2527 (wiretap/nettrace_3gpp_32_423.c in the 3GPP TS 32.423 Trace file parser ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-07.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2526 (epan/dissectors/packet-hiqnet.c in the HiQnet dissector in Wireshark ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-06.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2525 (epan/dissectors/packet-http2.c in the HTTP/2 dissector in Wireshark ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-05.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2524 (epan/dissectors/packet-x509af.c in the X.509AF dissector in Wireshark ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.0.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-04.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2523 (The dnp3_al_process_object function in epan/dissectors/packet-dnp.c in ...)
	{DSA-3516-1}
	- wireshark 2.0.2+ga16e22e-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-03.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2522 (The dissect_ber_constrained_bitstring function in ...)
	- wireshark 2.0.2+ga16e22e-1
	[jessie] - wireshark <not-affected> (Only affects 2.0.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.0.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.0.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-02.html
	NOTE: Affected versions: 2.0.0 to 2.0.1
	NOTE: Fixed versions: 2.0.2
CVE-2016-2521 (Untrusted search path vulnerability in the WiresharkApplication class ...)
	- wireshark <not-affected> (Windows-specific)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2016-01.html
	NOTE: Affected versions: 2.0.0 to 2.0.1, 1.12.0 to 1.12.9
	NOTE: Fixed versions: 2.0.2, 1.12.10
CVE-2016-2520
	RESERVED
CVE-2016-2519 (ntpd in NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2518 (The MATCH_ASSOC function in NTP before version 4.2.8p9 and 4.3.x ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2517 (NTP before 4.2.8p7 and 4.3.x before 4.3.92 allows remote attackers to ...)
	- ntp 1:4.2.8p7+dfsg-1 (unimportant)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
	NOTE: not a security issue, anyone with the privileges for remote configuration can
	NOTE: cause trouble anyway
CVE-2016-2516 (NTP before 4.2.8p7 and 4.3.x before 4.3.92, when mode7 is enabled, ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-2514
	RESERVED
CVE-2016-2513 (The password hasher in contrib/auth/hashers.py in Django before 1.8.10 ...)
	{DSA-3544-1}
	- python-django 1.9.4-1 (bug #816434)
	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2512 (The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x ...)
	{DSA-3544-1}
	- python-django 1.9.4-1 (bug #816434)
	NOTE: https://www.djangoproject.com/weblog/2016/mar/01/security-releases/
CVE-2016-2538 (Multiple integer overflows in the USB Net device emulator ...)
	- qemu 1:2.6+dfsg-1 (bug #815680)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-02/msg03658.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303120
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=fe3c546c5ff2a6210f9a4d8561cc64051ca8603e (v2.6.0-rc0)
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=6c9f886ceae5b998dc2b9af2bf77666941689bce (v0.10.0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/3
CVE-2016-2515 (Hawk before 3.1.3 and 4.x before 4.1.1 allow remote attackers to cause ...)
	NOT-FOR-US: NodeJS Hawk
CVE-2016-2511 (Cross-site scripting (XSS) vulnerability in WebSVN 2.3.3 and earlier ...)
	{DSA-3490-1 DLA-428-1}
	- websvn <removed>
CVE-2016-2509 (The password-sync feature on Belden Hirschmann Classic Platform ...)
	NOT-FOR-US: Belden Hirschmann Classic Platform switches
CVE-2016-2508 (media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2507 (Integer overflow in codecs/on2/h264dec/source/h264bsd_storage.c in ...)
	NOT-FOR-US: libstagefright
CVE-2016-2506 (DRMExtractor.cpp in libstagefright in mediaserver in Android 4.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2505 (mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2504 (The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2503 (The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2502 (drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2501 (The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2500 (Activity Manager in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-2499 (AudioSource.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-2498 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2497 (services/core/java/com/android/server/pm/PackageManagerService.java in ...)
	NOT-FOR-US: Android
CVE-2016-2496 (The Framework UI permission-dialog implementation in Android 6.x ...)
	NOT-FOR-US: Android
CVE-2016-2495 (SampleTable.cpp in libstagefright in mediaserver in Android 4.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-2494 (Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2493 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-2492 (The MediaTek power-management driver in Android before 2016-06-01 on ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-2491 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2490 (The NVIDIA camera driver in Android before 2016-06-01 on Nexus 9 ...)
	NOT-FOR-US: NVIDIA driver for Android
CVE-2016-2489 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2488 (The Qualcomm camera driver in Android before 2016-06-01 on Nexus 5, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2487 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2486 (mp3dec/SoftMP3.cpp in libstagefright in mediaserver in Android 4.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2485 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2484 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-2483 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2482 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2481 (The mm-video-v4l2 venc component in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2480 (The mm-video-v4l2 vidc component in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2479 (The mm-video-v4l2 vdec component in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2478 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2477 (mm-video-v4l2/vidc/vdec/src/omx_vdec_msm8974.cpp in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2476 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-2475 (The Broadcom Wi-Fi driver in Android before 2016-06-01 on Nexus 5, ...)
	NOT-FOR-US: Broadcom driver for Android
CVE-2016-2474 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 5X ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2473 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2472 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2471 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2470 (The Qualcomm Wi-Fi driver in Android before 2016-06-01 on Nexus 7 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2469 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5, 6, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2468 (The Qualcomm GPU driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2467 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 5 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2466 (The Qualcomm sound driver in Android before 2016-06-01 on Nexus 6 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2465 (The Qualcomm video driver in Android before 2016-06-01 on Nexus 5, 5X, ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2464 (libvpx in libwebm in mediaserver in Android 4.x before 4.4.4, 5.0.x ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <not-affected> (libwebm not yet present)
	[wheezy] - libvpx <not-affected> (libwebm not yet present)
	NOTE: probably fixed earlier, but this was the version checked
CVE-2016-2463 (Multiple integer overflows in the h264dec component in libstagefright ...)
	NOT-FOR-US: libstagefright
CVE-2016-2462 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 ...)
	NOT-FOR-US: Android
CVE-2016-2461 (OpenSSLCipher.java in Conscrypt in Android 6.x before 2016-05-01 ...)
	NOT-FOR-US: Android
CVE-2016-2460 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-2459 (mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x ...)
	NOT-FOR-US: Android
CVE-2016-2458 (The compose functionality in AOSP Mail in Android 5.0.x before 5.0.2, ...)
	NOT-FOR-US: Android
CVE-2016-2457 (server/pm/UserManagerService.java in Wi-Fi in Android 5.0.x before ...)
	NOT-FOR-US: Android
CVE-2016-2456 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One ...)
	NOT-FOR-US: Android
CVE-2016-2455
	REJECTED
CVE-2016-2454 (The Qualcomm hardware video codec in Android before 2016-05-01 on ...)
	NOT-FOR-US: Android
CVE-2016-2453 (The MediaTek Wi-Fi driver in Android before 2016-05-01 on Android One ...)
	NOT-FOR-US: Android
CVE-2016-2452 (codecs/amrnb/dec/SoftAMR.cpp in libstagefright in mediaserver in ...)
	NOT-FOR-US: Android
CVE-2016-2451 (codecs/on2/dec/SoftVPX.cpp in libstagefright in mediaserver in Android ...)
	NOT-FOR-US: Android
CVE-2016-2450 (codecs/on2/enc/SoftVPXEncoder.cpp in libstagefright in mediaserver in ...)
	NOT-FOR-US: Android
CVE-2016-2449 (services/camera/libcameraservice/device3/Camera3Device.cpp in ...)
	NOT-FOR-US: Android
CVE-2016-2448 (media/libmediaplayerservice/nuplayer/NuPlayerStreamListener.cpp in ...)
	NOT-FOR-US: Android
CVE-2016-2447
	REJECTED
CVE-2016-2446 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2445 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2444 (The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2443 (The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and ...)
	NOT-FOR-US: Android
CVE-2016-2442 (The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, ...)
	NOT-FOR-US: Android
CVE-2016-2441 (The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, ...)
	NOT-FOR-US: Android
CVE-2016-2440 (libs/binder/IPCThreadState.cpp in Binder in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android
CVE-2016-2439 (Buffer overflow in btif/src/btif_dm.c in Bluetooth in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-2438
	REJECTED
CVE-2016-2437 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2436 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2435 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2434 (The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 ...)
	NOT-FOR-US: Android
CVE-2016-2433 (The Broadcom Wi-Fi driver for Android, as used by BlackBerry ...)
	NOT-FOR-US: Broadcom Wi-Fi driver for Android
CVE-2016-2432 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
	NOT-FOR-US: Android
CVE-2016-2431 (The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus ...)
	NOT-FOR-US: Android
CVE-2016-2430 (libbacktrace/Backtrace.cpp in debuggerd in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android
CVE-2016-2429 (libFLAC/stream_decoder.c in mediaserver in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android
CVE-2016-2428 (libAACdec/src/aacdec_drc.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-2427 (** DISPUTED ** The AES-GCM specification in RFC 5084, as used in ...)
	NOT-FOR-US: Android
CVE-2016-2426 (server/content/ContentService.java in the Framework component in ...)
	NOT-FOR-US: Android
CVE-2016-2425 (mail/compose/ComposeActivity.java in AOSP Mail in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-2424 (server/content/SyncStorageEngine.java in SyncStorageEngine in Android ...)
	NOT-FOR-US: Android
CVE-2016-2423 (server/telecom/CallsManager.java in Telephony in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-2422 (Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before ...)
	NOT-FOR-US: Android
CVE-2016-2421 (Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 ...)
	NOT-FOR-US: Android
CVE-2016-2420 (rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the ...)
	NOT-FOR-US: Android
CVE-2016-2419 (media/libmedia/IDrm.cpp in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android
CVE-2016-2418 (media/libmedia/IOMX.cpp in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android
CVE-2016-2417 (media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android
CVE-2016-2416 (libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-2415 (exchange/eas/EasAutoDiscover.java in the Autodiscover implementation ...)
	NOT-FOR-US: Android
CVE-2016-2414 (The Minikin library in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, ...)
	NOT-FOR-US: Android
CVE-2016-2413 (media/libmedia/IOMX.cpp in mediaserver in Android 5.0.x before 5.0.2, ...)
	NOT-FOR-US: Android
CVE-2016-2412 (include/core/SkPostConfig.h in Skia, as used in System_server in ...)
	NOT-FOR-US: Android
CVE-2016-2411 (A Qualcomm Power Management kernel driver in Android 6.x before ...)
	NOT-FOR-US: Android
CVE-2016-2410 (A Qualcomm video kernel driver in Android 6.x before 2016-04-01 allows ...)
	NOT-FOR-US: Android
CVE-2016-2409 (A Texas Instruments (TI) haptic kernel driver in Android 6.x before ...)
	NOT-FOR-US: Android
CVE-2016-2408 (An unspecified client-side component in Pulse Secure Desktop Client ...)
	NOT-FOR-US: Pulse Secure Desktop Client
CVE-2016-2407
	REJECTED
CVE-2016-2406 (The permission control module in Huawei Document Security Management ...)
	NOT-FOR-US: Huawei
CVE-2016-2405 (Huawei Policy Center with software before V100R003C10SPC020 allows ...)
	NOT-FOR-US: Huawei
CVE-2016-2404 (Huawei switches S5700, S6700, S7700, S9700 with software ...)
	NOT-FOR-US: Huawei
CVE-2016-2403 (Symfony before 2.8.6 and 3.x before 3.0.6 allows remote attackers to ...)
	- symfony 2.8.6+dfsg-1
	[jessie] - symfony <not-affected> (Vulnerable code not present)
	NOTE: http://symfony.com/blog/cve-2016-2403-unauthorized-access-on-a-misconfigured-ldap-server-when-using-an-empty-password
CVE-2013-7450 (Pulp before 2.3.0 uses the same the same certificate authority key and ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2013-7448 (Directory traversal vulnerability in wiki.c in didiwiki allows remote ...)
	{DSA-3485-1 DLA-424-1}
	- didiwiki 0.5-12 (bug #815111)
	NOTE: https://github.com/OpenedHand/didiwiki/pull/1/files
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/19/4
CVE-2016-2510 (BeanShell (bsh) before 2.0b6, when included on the classpath by an ...)
	{DSA-3504-1 DLA-443-1}
	- bsh 2.0b4-16
	NOTE: https://github.com/beanshell/beanshell/releases/tag/2.0b6
	NOTE: https://github.com/beanshell/beanshell/commit/7c68fde2d6fc65e362f20863d868c112a90a9b49
	NOTE: https://github.com/beanshell/beanshell/commit/1ccc66bb693d4e46a34a904db8eeff07808d2ced
CVE-2016-2402 (OkHttp before 2.7.4 and 3.x before 3.1.2 allows man-in-the-middle ...)
	NOT-FOR-US: OkHttp
CVE-2016-2401
	RESERVED
CVE-2016-2400
	RESERVED
CVE-2016-2399 (Integer overflow in the quicktime_read_pascal function in libquicktime ...)
	{DSA-3800-1 DLA-844-1}
	- libquicktime 2:1.2.4-10 (bug #855099)
	NOTE: PoC: http://www.nemux.org/2016/02/23/libquicktime-1-2-4/
CVE-2016-2398 (Comcast XFINITY Home Security System does not properly maintain ...)
	NOT-FOR-US: XFINITY
CVE-2016-2397 (The cliserver implementation in Dell SonicWALL GMS, Analyzer, and UMA ...)
	NOT-FOR-US: Dell
CVE-2016-2396 (The GMS ViewPoint (GMSVP) web application in Dell SonicWALL GMS, ...)
	NOT-FOR-US: Dell
CVE-2016-2395
	RESERVED
CVE-2016-2394
	RESERVED
CVE-2016-2393 (Lenovo Fingerprint Manager before 8.01.57 and Touch Fingerprint before ...)
	NOT-FOR-US: Lenovo
CVE-2016-2389 (Directory traversal vulnerability in the GetFileList function in the ...)
	NOT-FOR-US: SAP
CVE-2016-2388 (The Universal Worklist Configuration in SAP NetWeaver 7.4 allows ...)
	NOT-FOR-US: SAP
CVE-2016-2387 (Multiple cross-site scripting (XSS) vulnerabilities in the Java Proxy ...)
	NOT-FOR-US: SAP
CVE-2016-2386 (SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE ...)
	NOT-FOR-US: SAP
CVE-2015-8857 (The uglify-js package before 2.4.24 for Node.js does not properly ...)
	- uglifyjs <unfixed> (unimportant)
	NOTE: fixed in 2.4.24
	NOTE: https://zyan.scripts.mit.edu/blog/backdooring-js/
	NOTE: https://github.com/mishoo/UglifyJS2/issues/751
	NOTE: https://nodesecurity.io/advisories/39
	NOTE: nodejs not covered by security support
CVE-2015-XXXX [root path disclosure]
	- node-send <unfixed> (unimportant)
	NOTE: fixed in 0.11.1
	NOTE: https://github.com/pillarjs/send/pull/70
	NOTE: https://github.com/expressjs/serve-static/blob/master/HISTORY.md#181--2015-01-20
	NOTE: https://nodesecurity.io/advisories/56
	NOTE: nodejs not covered by security support
CVE-2015-XXXX [handlebars: quoteless attributes in templates can lead to content injection]
	- libjs-handlebars <unfixed> (unimportant)
	- ruby-handlebars-assets <unfixed> (unimportant)
	NOTE: fixed in 4.0.0
	NOTE: https://blog.srcclr.com/handlebars_vulnerability_research_findings/
	NOTE: https://github.com/wycats/handlebars.js/pull/1083
	NOTE: https://nodesecurity.io/advisories/61
	NOTE: Security hardening, not a vulnerability
CVE-2015-XXXX [quoteless attributes in templates can lead to content injection]
	- mustache.js <unfixed> (unimportant)
	NOTE: fixed in 2.2.1
	NOTE: https://github.com/janl/mustache.js/commit/378bcca8a5cfe4058f294a3dbb78e8755e8e0da5
	NOTE: https://nodesecurity.io/advisories/62
	NOTE: Security hardening, not a vulnerability
CVE-2015-XXXX [SQL injection due to unescaped object keys]
	- node-mysql 2.0.0~alpha8-1 (unimportant)
	NOTE: https://github.com/felixge/node-mysql/issues/342
	NOTE: https://nodesecurity.io/advisories/66
	NOTE: nodejs not covered by security support
CVE-2015-8830 (Integer overflow in the aio_setup_single_vector function in fs/aio.c ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.7-ckt20-1+deb8u4
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/linus/4c185ce06dca14f5cea192f5a2c981ef50663f2b (v4.1-rc1)
CVE-2015-8816 (The hub_activate function in drivers/usb/core/hub.c in the Linux ...)
	{DSA-3503-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/e50293ef9775c5f1cf3fcc093037dd6a8c5684ea (v4.4-rc6)
CVE-2015-8815 (Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before ...)
	NOT-FOR-US: Umbraco
CVE-2015-8814 (Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery ...)
	NOT-FOR-US: Umbraco
CVE-2016-2392 (The is_rndis function in the USB Net device emulator ...)
	- qemu 1:2.6+dfsg-1 (bug #815008)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=80eecda8e5d09c442c24307f340840a5b70ea3b9 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302299
CVE-2016-2391 (The ohci_bus_start function in the USB OHCI emulation support ...)
	- qemu 1:2.6+dfsg-1 (bug #815009)
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=fa1298c2d623522eda7b4f1f721fcb935abb7360 (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1304794
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/16/2
CVE-2016-2390 (The FwdState::connectedToPeer method in FwdState.cc in Squid before ...)
	- squid <removed> (unimportant)
	- squid3 3.5.14-1 (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2016_1.txt
	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2016-2382
	RESERVED
CVE-2016-2381 (Perl might allow context-dependent attackers to bypass the taint ...)
	{DSA-3501-1}
	- perl 5.22.1-8
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076
CVE-2016-2380 (An information leak exists in the handling of the MXIT protocol in ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0123/
	NOTE: http://www.pidgin.im/news/security/?id=96
	NOTE: https://bitbucket.org/pidgin/main/commits/8172584fd640
CVE-2016-2379 (The Mxit protocol uses weak encryption when encrypting user passwords, ...)
	NOTE: Mentioned at http://www.pidgin.im/news/security/?id=96 without further details
CVE-2016-2378 (A buffer overflow vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0120/
	NOTE: http://www.pidgin.im/news/security/?id=94
	NOTE: https://bitbucket.org/pidgin/main/commits/06278419c703
CVE-2016-2377 (A buffer overflow vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0119/
	NOTE: http://www.pidgin.im/news/security/?id=93
	NOTE: https://bitbucket.org/pidgin/main/commits/0f94ef13ab37
CVE-2016-2376 (A buffer overflow vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0118/
	NOTE: http://www.pidgin.im/news/security/?id=92
	NOTE: https://bitbucket.org/pidgin/main/commits/19f89eda8587
CVE-2016-2375 (An exploitable out-of-bounds read exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0143/
	NOTE: http://www.pidgin.im/news/security/?id=108
	NOTE: https://bitbucket.org/pidgin/main/commits/b786e9814536
CVE-2016-2374 (An exploitable memory corruption vulnerability exists in the handling ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0142/
	NOTE: http://www.pidgin.im/news/security/?id=107
	NOTE: https://bitbucket.org/pidgin/main/commits/f6c08d962618
CVE-2016-2373 (A denial of service vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0141/
	NOTE: http://www.pidgin.im/news/security/?id=106
	NOTE: https://bitbucket.org/pidgin/main/commits/e6159ad42c4c
CVE-2016-2372 (An information leak exists in the handling of the MXIT protocol in ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0140/
	NOTE: http://www.pidgin.im/news/security/?id=105
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2371 (An out-of-bounds write vulnerability exists in the handling of the ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0139/
	NOTE: http://www.pidgin.im/news/security/?id=104
	NOTE: https://bitbucket.org/pidgin/main/commits/f0287378203fbf496a9890bf273d96adefb93b74
CVE-2016-2370 (A denial of service vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0138/
	NOTE: http://www.pidgin.im/news/security/?id=103
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2369 (A NULL pointer dereference vulnerability exists in the handling of the ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0137/
	NOTE: http://www.pidgin.im/news/security/?id=102
CVE-2016-2368 (Multiple memory corruption vulnerabilities exist in the handling of ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0136/
	NOTE: http://www.pidgin.im/news/security/?id=101
	NOTE: https://bitbucket.org/pidgin/main/commits/60f95045db42
	NOTE: https://bitbucket.org/pidgin/main/commits/f6efc254e947
CVE-2016-2367 (An information leak exists in the handling of the MXIT protocol in ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0135/
	NOTE: http://www.pidgin.im/news/security/?id=100
	NOTE: https://bitbucket.org/pidgin/main/commits/5e3601f8bde4
	NOTE: https://bitbucket.org/pidgin/main/commits/1c5197a66760
	NOTE: https://bitbucket.org/pidgin/main/commits/648f667a679c
CVE-2016-2366 (A denial of service vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0134/
	NOTE: http://www.pidgin.im/news/security/?id=99
	NOTE: https://bitbucket.org/pidgin/main/commits/abdc3025f6b8
CVE-2016-2365 (A denial of service vulnerability exists in the handling of the MXIT ...)
	{DSA-3620-1 DLA-542-1}
	- pidgin 2.11.0-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0133/
	NOTE: http://www.pidgin.im/news/security/?id=98
	NOTE: https://bitbucket.org/pidgin/main/commits/1c4acc6977a8686ad980e5b820327c9c47dbeaca
CVE-2016-2364 (The Chrome HUDweb plugin before 2016-05-05 for Fonality (previously ...)
	NOT-FOR-US: Fonality
CVE-2016-2363 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
	NOT-FOR-US: Fonality
CVE-2016-2362 (Fonality (previously trixbox Pro) 12.6 through 14.1i before 2016-06-01 ...)
	NOT-FOR-US: Fonality
CVE-2016-2361
	RESERVED
CVE-2016-2360
	RESERVED
CVE-2016-2359
	RESERVED
CVE-2016-2358
	RESERVED
CVE-2016-2357
	RESERVED
CVE-2016-2356
	RESERVED
CVE-2016-2355 (SQL injection vulnerability in the REST API in dotCMS before 3.3.2 ...)
	NOT-FOR-US: dotCMS
CVE-2016-2354 (The Bluetooth functionality in Lemur Vehicle Monitors BlueDriver ...)
	NOT-FOR-US: Lemur Vehicle Monitors BlueDriver
CVE-2016-2353 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows ...)
	NOT-FOR-US: Accellion
CVE-2016-2352 (The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows ...)
	NOT-FOR-US: Accellion
CVE-2016-2351 (SQL injection vulnerability in home/seos/courier/security_key2.api on ...)
	NOT-FOR-US: Accellion
CVE-2016-2350 (Multiple cross-site scripting (XSS) vulnerabilities on the Accellion ...)
	NOT-FOR-US: Accellion
CVE-2016-2349 (Remedy AR System Server in BMC Remedy 8.1 SP 2, 9.0, 9.0 SP 1, and 9.1 ...)
	NOT-FOR-US: BMC
CVE-2016-2348
	RESERVED
CVE-2016-2347 (Integer underflow in the decode_level3_header function in ...)
	{DSA-3540-1}
	- lhasa 0.3.1-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0095/
CVE-2016-2346 (Allround Automations PL/SQL Developer 11 before 11.0.6 relies on ...)
	NOT-FOR-US: Allround Automations
CVE-2016-2345 (Stack-based buffer overflow in dwrcs.exe in the dwmrcs daemon in ...)
	NOT-FOR-US: SolarWinds DameWare Mini Remote Control
CVE-2016-2344 (Stack-based buffer overflow in manager.exe in Backburner Manager in ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2016-2343 (Patterson Dental Eaglesoft 17 has a hardcoded password of sql for the ...)
	NOT-FOR-US: Patterson Dental Eaglesoft 17
CVE-2016-2342 (The bgp_nlri_parse_vpnv4 function in bgp_mplsvpn.c in the VPNv4 NLRI ...)
	{DSA-3532-1}
	- quagga 1.0.20160315-1 (bug #819179)
	NOTE: http://git.savannah.gnu.org/cgit/quagga.git/commit/?id=a3bc7e9400b214a0f078fdb19596ba54214a1442
	NOTE: https://www.kb.cert.org/vuls/id/270232
CVE-2016-2341
	RESERVED
CVE-2016-2340 (The AMF framework in Granite Data Services 3.1.1-SNAPSHOT allows ...)
	NOT-FOR-US: Granite
CVE-2016-2339 (An exploitable heap overflow vulnerability exists in the ...)
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed> (bug #851161)
	[jessie] - ruby2.1 <no-dsa> (Minor issue)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0034/
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/bcc2421b4938fc1d9f5f3fb6ef2320571b27af42
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/de577357e80fa15f5cf13a81aa3decc783ea929e
	NOTE: Fixed by: https://github.com/ruby/ruby/commit/4977af3c3d54d27167bfc237f1b2802c40bddc10
CVE-2016-2338
	RESERVED
CVE-2016-2337 (Type confusion exists in _cancel_eval Ruby's TclTkIp class method. ...)
	- ruby2.3 2.3.0-1
	- ruby2.1 <removed> (bug #851161)
	[jessie] - ruby2.1 <no-dsa> (Minor problem, only exploitable when used with Tcl/Tk8.6 and later)
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0031/
	NOTE: https://github.com/ruby/ruby/commit/a2b8925a94a672235ca6a16e584bf09026a957ab
CVE-2016-2336 (Type confusion exists in two methods of Ruby's WIN32OLE class, ...)
	- ruby2.3 <not-affected> (Windows-specific)
	- ruby2.1 <not-affected> (Windows-specific)
	NOTE: Vulnerable win32ole ruby extension not included in binary packages, specific to Windows
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0029/
CVE-2016-2335 (The CInArchive::ReadFileItem method in Archive/Udf/UdfIn.cpp in 7zip ...)
	{DSA-3599-1 DLA-510-1}
	- p7zip 15.14.1+dfsg-2 (bug #824160)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0094/
CVE-2016-2334 (Heap-based buffer overflow in the ...)
	- p7zip 15.14.1+dfsg-2 (bug #824160)
	[jessie] - p7zip <not-affected> (Introduced in 9.32)
	[wheezy] - p7zip <not-affected> (Introduced in 9.32)
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0093/
	NOTE: https://twitter.com/_Icewall/status/739731922998448129
CVE-2016-2333 (SysLINK SL-1000 Machine-to-Machine (M2M) Modular Gateway devices with ...)
	NOT-FOR-US: SysLINK
CVE-2016-2332 (flu.cgi in the web interface on SysLINK SL-1000 Machine-to-Machine ...)
	NOT-FOR-US: SysLINK
CVE-2016-2331 (The web interface on SysLINK SL-1000 Machine-to-Machine (M2M) Modular ...)
	NOT-FOR-US: SysLINK
CVE-2016-2385 (Heap-based buffer overflow in the encode_msg function in encode_msg.c ...)
	{DSA-3535-1}
	- kamailio 4.3.4-2 (bug #815178)
	NOTE: https://github.com/kamailio/kamailio/commit/f50c9c853e7809810099c970780c30b0765b0643
	NOTE: https://census-labs.com/news/2016/03/30/kamailio-seas-heap-overflow/
CVE-2016-2384 (Double free vulnerability in the snd_usbmidi_create function in ...)
	{DSA-3503-1 DLA-439-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/07d86ca93db7e5cdf4743564d98292042ec21af7 (v4.5-rc4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/2
	NOTE: https://xairy.github.io/blog/2016/cve-2016-2384
CVE-2016-2383 (The adjust_branches function in kernel/bpf/verifier.c in the Linux ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/a1b14d27ed0965838350f1377ff97c93ee383492 (v4.5-rc4)
	NOTE: Introduced by: https://git.kernel.org/linus/9bac3d6d548e5cc925570b263f35b70a00a00ffd (v4.1-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/14/1
CVE-2016-XXXX [exec functions ignore length but look for NULL termination]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71039
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305494
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=c527549e899bf211aac7d8ab5ceb1bdfedf07f14
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-10712 (In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71323
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305523
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=6297a117d77fa3a0df2e21ca926a92c231819cd5
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [Integer overflow in iptcembed()]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71459
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305518
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=54c210d2ea9b8539edcde1888b1104b96b38e886
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/381702ffbfdae170ba3fff97d6cc1b9c69666854
CVE-2016-4348 (The _rsvg_css_normalize_font_size function in librsvg 2.40.2 allows ...)
	{DSA-3584-1 DLA-477-1}
	- librsvg 2.40.12-1
	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=d1c9191949747f6dcfd207831d15dd4ba00e31f2 (2.40.12)
CVE-2016-4347
	REJECTED
CVE-2016-4346 (Integer overflow in the str_pad function in ext/standard/string.c in ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
	NOTE: Reproducer: second test script 2.php in upstream bugreport
CVE-2016-4345 (Integer overflow in the php_filter_encode_url function in ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
CVE-2016-4344 (Integer overflow in the xml_utf8_encode function in ext/xml/xml.c in ...)
	- php7.0 7.0.4-1
	- php5 <not-affected> (Only affects PHP7.x)
	NOTE: https://bugs.php.net/bug.php?id=71637
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=57b997ebf99e0eb9a073e0dafd2ab100bd4a112d
CVE-2016-4343 (The phar_make_dirstream function in ext/phar/dirstream.c in PHP before ...)
	{DLA-499-1}
	- php7.0 7.0.3-1
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.18+dfsg-0+deb8u1
	NOTE: https://bugs.php.net/bug.php?id=71331
	NOTE: Fixed in 7.0.3, 5.6.18
CVE-2016-4342 (ext/phar/phar_object.c in PHP before 5.5.32, 5.6.x before 5.6.18, and ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	[squeeze] - php5 5.3.3.1-7+squeeze29
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71354
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305536
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=13ad4d3e971807f9a58ab5933182907dc2958539
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [NULL Pointer Dereference in phar_tar_setupmetadata()]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=71391
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305540
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1c1b8b69982375700d4b011eb89ea48b66dbd5aa
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-2554 (Stack-based buffer overflow in ext/phar/tar.c in PHP before 5.5.32, ...)
	{DLA-818-1}
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 <no-dsa> (Minor issue, can be fixed in next update round)
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71488
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305543
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=07c7df68bd68bbe706371fccc77c814ebb335d9e
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/22/5
CVE-2016-XXXX [Type confusion vulnerability in WDDX packet deserialization]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	NOTE: https://bugs.php.net/bug.php?id=71335
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305559
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=285cd3417fb61597345b829f5f573707bbdcd484
	NOTE: Fixed in 5.6.18, 5.5.32, 7.0.3
CVE-2016-XXXX [Crash on bad SOAP request]
	- php5 5.6.18+dfsg-1
	[jessie] - php5 5.6.19+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u7
	- php5.6 5.6.18+dfsg-1
	- php7.0 7.0.3-1
	[squeeze] - php5 5.3.3.1-7+squeeze29
	NOTE: temporary workaround until CVE assigned to explitly tag for squeeze
	NOTE: https://bugs.php.net/bug.php?id=70979
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1305551
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4308c868f94df1f2b99e80038ba5ea1076d919a7
	NOTE: Fixed in 5.6.18, 7.0.3
CVE-2016-2330 (libavcodec/gif.c in FFmpeg before 2.8.6 does not properly calculate a ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Libav not affected according to upstream)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=03d83ba34b2070878909eae18dfac0f519503777
CVE-2016-2329 (libavcodec/tiff.c in FFmpeg before 2.8.6 does not properly validate ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Vulnerable code not present in any Libav version)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=89f464e9c229006e16f6bb5403c5529fdd0a9edd
CVE-2016-2328 (libswscale/swscale_unscaled.c in FFmpeg before 2.8.6 does not validate ...)
	- ffmpeg 2.8.6-1
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ad3b6fa7d83db7de951ed891649af93a47e74be5
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=757248ea3cd917a7755cb15f817a9b1f15578718
CVE-2016-2327 (libavcodec/pngenc.c in FFmpeg before 2.8.5 uses incorrect line sizes ...)
	- ffmpeg 2.8.5-1
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f4c3e4b92212d98f5b9ca2dee13e076effe9589
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ec9c5ce8a753175244da971fed9f1e25aef7971
CVE-2016-2326 (Integer overflow in the asf_write_packet function in ...)
	{DSA-3506-1}
	- ffmpeg 2.8.5-1
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7c0b84d89911b2035161f5ef51aafbfcc84aa9e2
CVE-2016-2325
	RESERVED
CVE-2016-2324 (Integer overflow in Git before 2.7.4 allows remote attackers to ...)
	{DSA-3521-1}
	- git 1:2.8.0~rc3-1 (bug #818318)
	NOTE: Removal of path_name: https://github.com/git/git/commit/9831e92bfa833ee9c0ce464bbc2f941ae6c2698d (v2.8.0-rc0)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/2
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=971328#c4
	- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2323
	RESERVED
CVE-2016-2322
	RESERVED
CVE-2016-2321
	RESERVED
CVE-2016-2320
	RESERVED
CVE-2016-2319
	RESERVED
CVE-2016-2315 (revision.c in git before 2.7.4 uses an incorrect integer data type, ...)
	{DSA-3521-1}
	- git 1:2.7.0-1 (bug #818318)
	NOTE: https://github.com/git/git/commit/34fa79a6cde56d6d428ab0d3160cb094ebad3305 (v2.7.0-rc0)
	- cgit <not-affected> (path_name function from embedded git is not called)
CVE-2016-2314 (GlobespanVirata ftpd 1.0, as used on Huawei SmartAX MT882 devices ...)
	NOT-FOR-US: Huawei
CVE-2016-2318 (GraphicsMagick 1.3.23 allows remote attackers to cause a denial of ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.24-1 (bug #814732)
	NOTE: Fixed by: http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/e797bb0aec31
CVE-2016-2317 (Multiple buffer overflows in GraphicsMagick 1.3.23 allow remote ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.24-1 (bug #814732)
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/98394eb235a6
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/52b59d2ef4a1
	NOTE: FIX http://hg.graphicsmagick.org/hg/GraphicsMagick/rev/44ed8318ba6a
CVE-2016-2311 (Black Box AlertWerks ServSensor with firmware before SP473, AlertWerks ...)
	NOT-FOR-US: AlertWerks
CVE-2016-2310 (General Electric (GE) Multilink ML800, ML1200, ML1600, and ML2400 ...)
	NOT-FOR-US: GE Multilink devices
CVE-2016-2309 (iRZ RUH2 before 2b does not validate firmware patches, which allows ...)
	NOT-FOR-US: iRZ RUH2
CVE-2016-2308 (American Auto-Matrix Aspect-Nexus Building Automation Front-End ...)
	NOT-FOR-US: American Auto-Matrix
CVE-2016-2307 (American Auto-Matrix Aspect-Nexus Building Automation Front-End ...)
	NOT-FOR-US: American Auto-Matrix
CVE-2016-2306 (The HMI web server in Ecava IntegraXor before 5.0 build 4522 allows ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2305 (Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2304 (Ecava IntegraXor before 5.0 build 4522 does not include the HTTPOnly ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2303 (CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2302 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2301 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2300 (Ecava IntegraXor before 5.0 build 4522 allows remote attackers to ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2299 (SQL injection vulnerability in Ecava IntegraXor before 5.0 build 4522 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2016-2298 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2297 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited allows ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2296 (Meteocontrol WEB'log Basic 100, Light, Pro, and Pro Unlimited does not ...)
	NOT-FOR-US: Meteocontrol
CVE-2016-2295 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, ...)
	NOT-FOR-US: Moxa
CVE-2016-2294 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
	NOT-FOR-US: Acuvim
CVE-2016-2293 (The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and ...)
	NOT-FOR-US: Acuvim
CVE-2016-2292 (Stack-based buffer overflow in Pro-face GP-Pro EX EX-ED before ...)
	NOT-FOR-US: Pro-face
CVE-2016-2291 (Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV before 4.05.000, ...)
	NOT-FOR-US: Pro-face
CVE-2016-2290 (Heap-based buffer overflow in Pro-face GP-Pro EX EX-ED before ...)
	NOT-FOR-US: Pro-face
CVE-2016-2289 (Directory traversal vulnerability in ICONICS WebHMI 9 and earlier ...)
	NOT-FOR-US: ICONICS WebHMI
	NOT-FOR-US: ICONICS
CVE-2016-2288 (Cogent DataHub before 7.3.10 allows local users to gain privileges by ...)
	NOT-FOR-US: Cogent DataHub
CVE-2016-2287 (Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR ...)
	NOT-FOR-US: XZERES
CVE-2016-2286 (Moxa MiiNePort_E1_4641 devices with firmware 1.1.10 Build 09120714, ...)
	NOT-FOR-US: Moxa
CVE-2016-2285 (Cross-site request forgery (CSRF) vulnerability on Moxa ...)
	NOT-FOR-US: Moxa
CVE-2016-2284
	REJECTED
CVE-2016-2283 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
	NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2282 (Moxa ioLogik E2200 devices before 3.12 and ioAdmin Configuration ...)
	NOT-FOR-US: Moxa ioLogik E2200 devices
CVE-2016-2281 (Untrusted search path vulnerability in ABB Panel Builder 800 5.1 ...)
	NOT-FOR-US: ABB Panel Builder
CVE-2016-2280 (Buffer overflow in RDISERVER in Honeywell Uniformance Process History ...)
	NOT-FOR-US: Honeywell
CVE-2016-2279 (Cross-site scripting (XSS) vulnerability in the web server in Rockwell ...)
	NOT-FOR-US: CompactLogix
CVE-2016-2278 (Schneider Electric Struxureware Building Operations Automation Server ...)
	NOT-FOR-US: Schneider Electric
CVE-2016-2277 (IAB.exe in Rockwell Automation Integrated Architecture Builder (IAB) ...)
	NOT-FOR-US: Rockwell
CVE-2016-2276
	REJECTED
CVE-2016-2275 (The web interface on Advantech/B+B SmartWorx VESP211-EU devices with ...)
	NOT-FOR-US: SmartWorx
CVE-2016-2274 (An issue was discovered in Adcon Telemetry A850 Telemetry Gateway Base ...)
	NOT-FOR-US: Adcon
CVE-2016-2273
	REJECTED
CVE-2016-2272 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
	NOT-FOR-US: Eaton Lighting
CVE-2016-2271 (VMX in Xen 4.6.x and earlier, when using an Intel or Cyrix CPU, allows ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-170.html
CVE-2016-2270 (Xen 4.6.x and earlier allows local guest administrators to cause a ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-154.html
CVE-2016-2269
	RESERVED
CVE-2016-2268 (Dell SecureWorks app before 2.1 for iOS does not validate SSL ...)
	NOT-FOR-US: Dell
CVE-2016-2267
	REJECTED
CVE-2016-2266
	REJECTED
CVE-2016-2265
	REJECTED
CVE-2016-2264
	REJECTED
CVE-2016-2263
	REJECTED
CVE-2016-2262
	REJECTED
CVE-2016-2261
	REJECTED
CVE-2016-2260
	REJECTED
CVE-2016-2259
	REJECTED
CVE-2016-2258
	REJECTED
CVE-2016-2257
	REJECTED
CVE-2016-2256
	REJECTED
CVE-2016-2255
	REJECTED
CVE-2016-2254
	REJECTED
CVE-2016-2253
	REJECTED
CVE-2016-2252
	REJECTED
CVE-2016-2251
	REJECTED
CVE-2016-2250
	REJECTED
CVE-2016-2249
	REJECTED
CVE-2016-2248
	REJECTED
CVE-2016-2247
	REJECTED
CVE-2016-2246 (HP ThinPro 4.4 through 6.1 mishandles the keyboard layout control ...)
	NOT-FOR-US: HP ThinPro
CVE-2016-2245 (HP Support Assistant before 8.1.52.1 allows remote attackers to bypass ...)
	NOT-FOR-US: HP Support Assistant
CVE-2016-2244 (HP LaserJet printers and MFPs and OfficeJet Enterprise printers with ...)
	NOT-FOR-US: HP LaserJet Printers
CVE-2016-2243 (Sure Start on HP Commercial PCs 2015 allows local users to cause a ...)
	NOT-FOR-US: HP Commercial PCs with Sure Start
CVE-2015-8813 (The Page_Load function in ...)
	NOT-FOR-US: Umbraco
CVE-2015-8812 (drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5 ...)
	{DSA-3503-1 DLA-439-1}
	- linux 4.4.2-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/11/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1303532
	NOTE: Fixed by: https://git.kernel.org/linus/67f1aee6f45059fd6b0f5b0ecb2c97ad0451f6b3 (v4.5-rc1)
	NOTE: Introduced by: https://git.kernel.org/linus/04b5d028f50ff05a8f9ae049ee71f8fdfcf1f5de (v2.6.30-rc2)
CVE-2016-2313 (auth_login.php in Cacti before 0.8.8g allows remote authenticated ...)
	{DLA-560-1}
	- cacti 0.8.8g+ds1-1 (bug #814353)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u5
	NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8g/docs/CHANGELOG?revision=7788&view=markup
	NOTE: http://bugs.cacti.net/view.php?id=2656
	NOTE: Upstream fix: http://svn.cacti.net/viewvc?view=rev&revision=7770
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=965930
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/09/3
	NOTE: Only exploitable in non default setup
CVE-2016-2312 (Turning all screens off in Plasma-workspace and kscreenlocker while ...)
	- plasma-workspace 4:5.4.3-2 (bug #814355)
	NOTE: Affects plasma-workspace < 5.5.0, kscreenlocker < 5.5.5
	NOTE: kscreenlocker is only in experimental
	NOTE: https://www.kde.org/info/security/advisory-20160209-1.txt
	NOTE: https://bugs.kde.org/show_bug.cgi?id=358125
	NOTE: https://bugzilla.opensuse.org/show_bug.cgi?id=964548
CVE-2016-XXXX [Stack corruption from crafted pattern]
	- pcre3 2:8.39-1 (bug #827564)
	[jessie] - pcre3 <no-dsa> (Minor issue)
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	- pcre2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1780
	NOTE: Possibly introduced after http://vcs.pcre.org/pcre?view=revision&revision=1266
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1638 (8.39)
CVE-2016-2242 (Exponent CMS 2.x before 2.3.7 Patch 3 allows remote attackers to ...)
	NOT-FOR-US: Exponent CMS
CVE-2016-2241
	RESERVED
CVE-2016-2240
	RESERVED
CVE-2016-2239
	RESERVED
CVE-2016-2238
	RESERVED
CVE-2016-2237
	RESERVED
CVE-2016-2236
	RESERVED
CVE-2016-2235
	RESERVED
CVE-2016-2234
	RESERVED
CVE-2016-2233 (Stack-based buffer overflow in the inbound_cap_ls function in ...)
	- hexchat 2.12.0-1 (low)
	[jessie] - hexchat <no-dsa> (Minor issue, requires connection to a malicious server)
	NOTE: https://www.exploit-db.com/exploits/39657/
	NOTE: https://github.com/hexchat/hexchat/issues/1934
	NOTE: https://github.com/hexchat/hexchat/commit/4e061a43b3453a9856d34250c3913175c45afe9d
CVE-2016-2231 (The Windows-based Host Interface Program (WHIP) service on Huawei ...)
	NOT-FOR-US: Huawei
CVE-2016-2230 (OpenELEC and RasPlex devices have a hardcoded password for the root ...)
	NOT-FOR-US: OpenELEC/ResPlex
CVE-2016-2229
	RESERVED
CVE-2016-2227
	RESERVED
CVE-2016-2226 (Integer overflow in the string_appends function in cplus-dem.c in ...)
	{DLA-552-1}
	- ht 2.1.0+repack1-1 (low; bug #840358)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	- binutils 2.27.51.20161102-1 (low)
	[jessie] - binutils <ignored> (Minor issue)
	- libiberty 20161011-1 (low; bug #840360)
	[jessie] - libiberty <no-dsa> (Minor issue)
	[wheezy] - libiberty <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=69687
	NOTE: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=234829
CVE-2015-8811
	RESERVED
CVE-2015-8810
	RESERVED
CVE-2015-8809
	RESERVED
CVE-2014-9766 (Integer overflow in the create_bits function in pixman-bits-image.c in ...)
	{DSA-3525-1 DLA-429-1}
	- pixman 0.32.6-1
	NOTE: https://lists.freedesktop.org/archives/pixman/2014-April/003244.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=972647
CVE-2014-9765 (Buffer overflow in the main_get_appheader function in xdelta3-main.h ...)
	{DSA-3484-1 DLA-417-1}
	- xdelta3 3.0.8-dfsg-1.1 (bug #814067)
	NOTE: https://github.com/jmacd/xdelta-devel/commit/ef93ff74203e030073b898c05e8b4860b5d09ef2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/08/1
CVE-2017-6100 (tcpdf before 6.2.0 uploads files from the server generating PDF-files ...)
	- tcpdf 6.2.12+dfsg2-1 (bug #814030)
	[jessie] - tcpdf 6.0.093+dfsg-1+deb8u1
	NOTE: https://sourceforge.net/p/tcpdf/bugs/1005/
CVE-2015-8808 (The DecodeImage function in coders/gif.c in GraphicsMagick 1.3.18 ...)
	{DSA-3746-1 DLA-484-1}
	- graphicsmagick 1.3.21-2
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/1
	NOTE: http://hg.graphicsmagick.org/hg/GraphicsMagick?cmd=changeset;node=8e8fa353f53
CVE-2016-2223
	RESERVED
CVE-2016-2220
	RESERVED
CVE-2016-2219 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2016-2218
	RESERVED
CVE-2016-2224 (The __decode_dotted function in libc/inet/resolv.c in uClibc-ng before ...)
	{DLA-561-1}
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: http://repo.or.cz/uclibc-ng.git/commit/d9c3a16dcab57d6b56225b9a67e9119cc9e2e4ac
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2225 (The __read_etc_hosts_r function in libc/inet/resolv.c in uClibc-ng ...)
	{DLA-561-1}
	- uclibc <unfixed> (unimportant)
	NOTE: Just for cross-compiling, not used for actual packages
	NOTE: http://repo.or.cz/uclibc-ng.git/commit/6932f2282ba0578d6ca2f21eead920d6b78bc93c
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/05/2
CVE-2016-2216 (The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 ...)
	- nodejs 4.3.0~dfsg-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2016-2215
	RESERVED
CVE-2016-2214 (Cross-site scripting (XSS) vulnerability in an unspecified portal ...)
	NOT-FOR-US: Huawei
CVE-2016-2212 (The getOrderByStatusUrlKey function in the Mage_Rss_Helper_Order class ...)
	NOT-FOR-US: Magento
CVE-2016-2211 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-2210 (Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in ...)
	NOT-FOR-US: Symantec
CVE-2016-2209 (Buffer overflow in Dec2SS.dll in the AntiVirus Decomposer engine in ...)
	NOT-FOR-US: Symantec
CVE-2016-2208 (The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 ...)
	NOT-FOR-US: Symantec
CVE-2016-2207 (The AntiVirus Decomposer engine in Symantec Advanced Threat Protection ...)
	NOT-FOR-US: Symantec
CVE-2016-2206 (The management console in Symantec Workspace Streaming (SWS) 7.5.x ...)
	NOT-FOR-US: Symantec
CVE-2016-2205 (Directory traversal vulnerability in the file-download configuration ...)
	NOT-FOR-US: Symantec
CVE-2016-2204 (The management console on Symantec Messaging Gateway (SMG) Appliance ...)
	NOT-FOR-US: Symantec
CVE-2016-2203 (The management console on Symantec Messaging Gateway (SMG) Appliance ...)
	NOT-FOR-US: Symantec
CVE-2016-2202 (The Inventory Solution component in the Management Agent in the client ...)
	NOT-FOR-US: Symantec
CVE-2016-2201 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
	NOTE: Siemens SIMATIC
CVE-2016-2200 (Siemens SIMATIC S7-1500 CPU devices before 1.8.3 allow remote ...)
	NOTE: Siemens SIMATIC
CVE-2015-8802
	REJECTED
CVE-2015-8801 (Race condition in the client in Symantec Endpoint Protection (SEP) ...)
	NOT-FOR-US: Symantec
CVE-2015-8800 (Symantec Embedded Security: Critical System Protection (SES:CSP) 1.0.x ...)
	NOT-FOR-US: Symantec
CVE-2015-8799 (Directory traversal vulnerability in the Management Server in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2015-8798 (Directory traversal vulnerability in the Management Server in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2016-4009 (Integer overflow in the ImagingResampleHorizontal function in ...)
	- pillow 3.1.1-1
	[jessie] - pillow <not-affected>
	- python-imaging <removed>
	[wheezy] - python-imaging <not-affected>
	[squeeze] - python-imaging <not-affected>
	NOTE: https://github.com/python-pillow/Pillow/commit/4e0d9b0b9740d258ade40cce248c93777362ac1e
	NOTE: Upstream confirmed that versions prior 2.7 are not vulnerable.
	NOTE: https://github.com/python-pillow/Pillow/pull/1714
	NOTE: https://github.com/python-pillow/Pillow/issues/1737
CVE-2016-2232 (Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and 13.x before ...)
	{DSA-3700-1}
	- asterisk 1:13.7.2~dfsg-1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-003.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25603
	NOTE: issue was introduced in 2006 with commit 0f5e4e47, so squeeze and previous also vulnerable
	NOTE: patch for 11 / jessie: https://code.asterisk.org/code/changelog/asterisk?cs=da2573a3779425654543d6ac4c4dd6871ce16720
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2016-2316 (chan_sip in Asterisk Open Source 1.8.x, 11.x before 11.21.1, 12.x, and ...)
	{DSA-3700-1}
	- asterisk 1:13.7.2~dfsg-1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2016-002.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-25397
	NOTE: issue introduced in ~2008 with the SIP timer support implementation (https://issues.asterisk.org/jira/browse/ASTERISK-4257 https://issues.asterisk.org/jira/browse/ASTERISK-5187), so squeeze also vulnerable
	NOTE: patch for jessie / 11: https://code.asterisk.org/code/changelog/asterisk?cs=882e85388295eac8eebd0b82e71a9af0a769b41f
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2015-8807 (Cross-site scripting (XSS) vulnerability in the _renderVarInput_number ...)
	{DSA-3496-1}
	- php-horde-core 2.22.4+debian0-1 (bug #813590)
	NOTE: https://github.com/horde/horde/commit/11d74fa5a22fe626c5e5a010b703cd46a136f253
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-2228 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-3497-1}
	- php-horde 5.2.9+debian0-1 (bug #813573)
	NOTE: https://bugs.horde.org/ticket/14213
	NOTE: http://lists.horde.org/archives/announce/2016/001140.html
	NOTE: https://github.com/horde/horde/commit/f03301cf6edcca57121a15e80014c4d0f29d99a0
	NOTE: https://github.com/horde/horde/commit/ab07a1b447de34e13983b4d7ceb18b58c3a358d8
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/06/4
CVE-2016-7028
	REJECTED
CVE-2016-2199 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Enterprise Manager in McAfee Vulnerability Manager
CVE-2016-2213 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
	- ffmpeg 7:2.8.6-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0aada30510d809bccfd539a90ea37b61188f2cb4
CVE-2016-2196 (Heap-based buffer overflow in the P-521 reduction function in Botan ...)
	- botan1.10 <not-affected> (Introduced in 1.11.10)
	NOTE: Introduced in 1.11.10, fixed in 1.11.27
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2195 (Integer overflow in the PointGFp constructor in Botan before 1.10.11 ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.12-1
	NOTE: Introduced in 1.9.18, fixed in 1.11.27 and 1.10.11
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2194 (The ressol function in Botan before 1.10.11 and 1.11.x before 1.11.27 ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.12-1
	NOTE: Introduced in 1.7.15, fixed in 1.11.27 and 1.10.11
	NOTE: http://botan.randombit.net/security.html
CVE-2016-2193 (PostgreSQL before 9.5.x before 9.5.2 does not properly maintain ...)
	- postgresql-9.5 9.5.2-1
	- postgresql-9.4 <not-affected> (Only affects 9.5.x)
	- postgresql-9.1 <not-affected> (Only affects 9.5.x)
	- postgresql-8.4 <not-affected> (Only affects 9.5.x)
	NOTE: http://www.postgresql.org/about/news/1656/
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
CVE-2016-2192 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users to ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue)
CVE-2016-2191 (The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before ...)
	{DSA-3546-1}
	- optipng 0.7.6-1 (bug #820068)
	NOTE: https://sourceforge.net/p/optipng/bugs/59/
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/04/2
CVE-2016-2190 (Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2189
	REJECTED
CVE-2016-2188 (The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the ...)
	{DLA-922-1}
	- linux 4.9.16-1
	[jessie] - linux 3.16.43-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317018
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283390
	NOTE: http://seclists.org/bugtraq/2016/Mar/87
	NOTE: http://marc.info/?l=linux-usb&m=145796659429788&w=2
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ec0ef3a82125efc36173062a50624550a900ae0
	NOTE: From kernel-sec triaging: the above commits only handles the case where there
	NOTE: are zero endpoints, but not the case where there are some endpoints but none of the expected type.
	NOTE: Fixed by: https://git.kernel.org/linus/b7321e81fc369abe353cf094d4f0dc2fe11ab95f (v4.11-rc2)
CVE-2016-2187 (The gtco_probe function in drivers/input/tablet/gtco.c in the Linux ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.2-1
	NOTE: Upstream commit: https://git.kernel.org/linus/162f98dea487206d9ab79fc12ed64700667a894d (v4.6-rc5)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317017
CVE-2016-2186 (The powermate_probe function in drivers/input/misc/powermate.c in the ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317015
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283384
	NOTE: http://seclists.org/bugtraq/2016/Mar/85
	NOTE: http://marc.info/?l=linux-usb&m=145796479528669&w=2
CVE-2016-2185 (The ati_remote2_probe function in drivers/input/misc/ati_remote2.c in ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317014
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283362
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283363
CVE-2016-2184 (The create_fixed_stream_quirk function in sound/usb/quirks.c in the ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.5.1-1 (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1317012
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283355
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283358
CVE-2016-2183 (The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec ...)
	NOTE: Generic protocol issue
	NOTE: The CVE is assigned for the protocol flaw in the DES/3DES cipher, used as a part of the SSL/TLS protocol.
	NOTE: What was done in OpenSSL: https://www.openssl.org/blog/blog/2016/08/24/sweet32/
	NOTE: Python issue: https://bugs.python.org/issue27850
CVE-2016-2182 (The BN_bn2dec function in crypto/bn/bn_print.c in OpenSSL before 1.1.0 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=07bed46f332fce8c1d157689a2cdf915a982ae34
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=099e2968ed3c7d256cda048995626664082b1b30
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2181 (The Anti-Replay feature in the DTLS implementation in OpenSSL before ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=1fb9fdc3027b27d8eb6a1e6a846435b070980770
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2180 (The TS_OBJ_print_bio function in crypto/ts/ts_lib.c in the X.509 ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=0ed26acce328ec16a3aa635f1ca37365e8c7403a
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2179 (The DTLS implementation in OpenSSL before 1.1.0 does not properly ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=f5c7f5dfbaf0d2f7d946d0fe86f08e6bcb36ed0d
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2178 (The dsa_sign_setup function in crypto/dsa/dsa_ossl.c in OpenSSL ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1 (low)
	NOTE: Fixed in master branch in https://git.openssl.org/?p=openssl.git;a=commit;h=399944622df7bd81af62e67ea967c470534090e2
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2177 (OpenSSL through 1.0.2h incorrectly uses pointer arithmetic for ...)
	{DSA-3673-1 DLA-637-1}
	- openssl 1.0.2i-1 (low)
	NOTE: Fixed in 1.0.2 branch in https://git.openssl.org/?p=openssl.git;a=commit;h=a004e72b95835136d3f1ea90517f706c24c03da7
	NOTE: https://www.openssl.org/blog/blog/2016/06/27/undefined-pointer-arithmetic/
	NOTE: https://www.openssl.org/news/secadv/20160922.txt
	NOTE: Fixed in 1.0.2i, 1.0.1u
CVE-2016-2176 (The X509_NAME_oneline function in crypto/x509/x509_obj.c in OpenSSL ...)
	- openssl <not-affected> (Only applies to EBCDIC systems)
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ea96ad5a206b7b5f25dad230333e8ff032df3219
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2175 (Apache PDFBox before 1.8.12 and 2.x before 2.0.1 does not properly ...)
	{DSA-3606-1 DLA-505-1}
	- libpdfbox-java 1:1.8.12-1
	NOTE: Fixed on upstream 1.8 branch in https://svn.apache.org/viewvc?view=revision&revision=1739564
	NOTE: Fixed on upstream 2.0 branch in https://svn.apache.org/viewvc?view=revision&revision=1739565
CVE-2016-2174 (SQL injection vulnerability in the policy admin tool in Apache Ranger ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-2173 (org.springframework.core.serializer.DefaultDeserializer in Spring AMQP ...)
	NOT-FOR-US: Spring AMQP
CVE-2016-2172
	REJECTED
CVE-2016-2171 (The User Manager service in Apache Jetspeed before 2.3.1 does not ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-2170 (Apache OFBiz 12.04.x before 12.04.06 and 13.07.x before 13.07.03 allow ...)
	NOT-FOR-US: Apache OFBiz
CVE-2016-2169 (Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-2168 (The req_check_access function in the mod_authz_svn module in the httpd ...)
	{DSA-3561-1 DLA-448-1}
	- subversion 1.9.4-1
	NOTE: https://subversion.apache.org/security/CVE-2016-2168-advisory.txt
CVE-2016-2167 (The canonicalize_username function in svnserve/cyrus_auth.c in Apache ...)
	{DSA-3561-1 DLA-448-1}
	- subversion 1.9.4-1
	NOTE: https://subversion.apache.org/security/CVE-2016-2167-advisory.txt
CVE-2016-2166 (The (1) proton.reactor.Connector, (2) proton.reactor.Container, and ...)
	- qpid-proton <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/PROTON-1157
	NOTE: http://qpid.apache.org/releases/qpid-proton-0.12.1/
	NOTE: Affects Qpid Proton python API starting at 0.9 up to and including 0.12.0
CVE-2016-2165 (The Loggregator Traffic Controller endpoints in cf-release v231 and ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-2164 (The (1) FileService.importFileByInternalUserId and (2) ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-2163 (Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-2162 (Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale ...)
	- libstruts1.2-java <not-affected> (Only affects 2.0.0 to 2.3.24.1)
	NOTE: http://struts.apache.org/docs/s2-030.html
CVE-2016-2161 (In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to ...)
	{DSA-3796-1}
	- apache2 2.4.25-1
	[wheezy] - apache2 <not-affected> (Vulnerable code introduced in 2.4.x)
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: Fixed by: https://svn.apache.org/r1772919
	NOTE: Affects: 2.4.1 to 2.4.23
	NOTE: Fixed in 2.4.25
CVE-2016-2160 (Red Hat OpenShift Enterprise 3.2 and OpenShift Origin allow remote ...)
	NOT-FOR-US: OpenShift
CVE-2016-2159 (The save_submission function in mod/assign/externallib.php in Moodle ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2158 (lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2157 (Cross-site request forgery (CSRF) vulnerability in ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2156 (calendar/externallib.php in Moodle through 2.6.11, 2.7.x before ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2155 (The grade-reporting feature in Singleview (aka Single View) in Moodle ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2016-2154 (admin/tool/monitor/lib.php in Event Monitor in Moodle 2.8.x before ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2016-2153 (Cross-site scripting (XSS) vulnerability in the advanced-search ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2152 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2151 (user/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x ...)
	- moodle 2.7.13+dfsg-1
CVE-2016-2150 (SPICE allows local guest OS users to read from or write to arbitrary ...)
	{DSA-3596-1 DLA-531-1}
	- spice 0.12.6-4.1 (bug #826584)
CVE-2016-2149 (Red Hat OpenShift Enterprise 3.2 allows remote authenticated users to ...)
	NOT-FOR-US: OpenShift
CVE-2016-2148 (Heap-based buffer overflow in the DHCP client (udhcpc) in BusyBox ...)
	- busybox 1:1.27.2-1 (bug #818497)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://git.busybox.net/busybox/commit/?id=352f79acbd759c14399e39baef21fc4ffe180ac2
CVE-2016-2147 (Integer overflow in the DHCP client (udhcpc) in BusyBox before 1.25.0 ...)
	- busybox 1:1.27.2-1 (bug #818499)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	NOTE: https://git.busybox.net/busybox/commit/?id=d474ffc68290e0a83651c4432eeabfa62cd51e87
CVE-2016-2146 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does ...)
	- libapache2-mod-auth-mellon 0.12.0-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2145 (The am_read_post_data function in mod_auth_mellon before 0.11.1 does ...)
	- libapache2-mod-auth-mellon 0.12.0-1
	[jessie] - libapache2-mod-auth-mellon <no-dsa> (Minor issue)
CVE-2016-2144
	REJECTED
CVE-2016-2143 (The fork implementation in the Linux kernel before 4.5 on s390 ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.4.6-1
	[wheezy] - linux <no-dsa> (Architecture not supported in Wheezy LTS)
	NOTE: Fixed by: https://git.kernel.org/linus/3446c13b268af86391d06611327006b059b8bab1 (v4.5)
	NOTE: Introduced in: https://git.kernel.org/linus/6252d702c5311ce916caf75ed82e5c8245171c92 (v2.6.25-rc1)
CVE-2016-2142 (Red Hat OpenShift Enterprise 3.1 uses world-readable permissions on ...)
	NOT-FOR-US: OpenShift
CVE-2016-2141 (JGroups before 4.0 does not require the proper headers for the ENCRYPT ...)
	- libjgroups-java <unfixed> (low; bug #867493)
	[stretch] - libjgroups-java <no-dsa> (Minor issue)
	[jessie] - libjgroups-java <no-dsa> (Minor issue)
	[wheezy] - libjgroups-java <no-dsa> (Minor issue, only used as build dependency)
CVE-2016-2140 (The libvirt driver in OpenStack Compute (Nova) before 2015.1.4 (kilo) ...)
	- nova 2:13.0.0-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Affects: <=2015.1.3, >=12.0.0 <=12.0.2
CVE-2016-2139
	RESERVED
CVE-2016-2138
	RESERVED
CVE-2016-2137
	REJECTED
CVE-2016-2136
	REJECTED
CVE-2016-2135
	REJECTED
CVE-2016-2134
	REJECTED
CVE-2016-2133
	REJECTED
CVE-2016-2132
	REJECTED
CVE-2016-2131
	REJECTED
CVE-2016-2130
	REJECTED
CVE-2016-2129
	REJECTED
CVE-2016-2128
	REJECTED
CVE-2016-2127
	REJECTED
CVE-2016-2126 (Samba version 4.0.0 up to 4.5.2 is vulnerable to privilege elevation ...)
	{DSA-3740-1}
	- samba 2:4.5.2+dfsg-2
	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2126.html
CVE-2016-2125 [Unconditional privilege delegation to Kerberos servers in trusted realms]
	RESERVED
	{DSA-3740-1 DLA-776-1}
	- samba 2:4.5.2+dfsg-2
	NOTE: https://www.samba.org/samba/security/CVE-2016-2125.html
	NOTE: Patch (with some more) here: https://download.samba.org/pub/samba/patches/security/samba-4.3.12-security-20016-12-19.patch
CVE-2016-2124
	RESERVED
CVE-2016-2123 [Samba NDR Parsing ndr_pull_dnsp_name Heap-based Buffer Overflow Remote Code Execution Vulnerability]
	RESERVED
	{DSA-3740-1}
	- samba 2:4.5.2+dfsg-2
	[wheezy] - samba <not-affected> (Affects only Samba 4.0.0 to 4.5.2)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2123.html
CVE-2016-2122
	RESERVED
CVE-2016-2121 [weak permissions on sensitive files]
	RESERVED
	- redis 3:3.2.5-2 (bug #842987)
	[jessie] - redis <no-dsa> (Minor issue)
	[wheezy] - redis <no-dsa> (minor issue, details see #842987)
	NOTE: Might be Red Hat-specific, needs investigation
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1374700
CVE-2016-2120 [Crafted zone record can cause a denial of service]
	RESERVED
	{DSA-3764-1 DLA-798-1}
	- pdns 4.0.2-1
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2016-05/
CVE-2016-2119 (libcli/smb/smbXcli_base.c in Samba 4.x before 4.2.14, 4.3.x before ...)
	{DSA-3740-1}
	- samba 2:4.4.5+dfsg-1 (bug #830195)
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2119.html
	NOTE: Affects Samba 4.0.0 to 4.4.4
CVE-2016-2118 (The MS-SAMR and MS-LSAD protocol implementations in Samba 3.x and 4.x ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2118.html
	NOTE: http://badlock.org/
CVE-2016-2117 (The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in ...)
	{DSA-3607-1}
	- linux 4.5.2-1
	[wheezy] - linux <not-affected> (Issue introduced with v3.10-rc1)
	NOTE: Introduced in https://git.kernel.org/linus/ec5f061564238892005257c83565a0b58ec79295 (v3.10-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/16/7
CVE-2016-2116 (Memory leak in the jas_iccprof_createfrombuf function in JasPer ...)
	{DSA-3508-1}
	- jasper <removed> (bug #816626)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-2115 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2115.html
CVE-2016-2114 (The SMB1 protocol implementation in Samba 4.x before 4.2.11, 4.3.x ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2114.html
CVE-2016-2113 (Samba 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before 4.4.2 ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	[wheezy] - samba <not-affected> (Affects Samba 4.0.0 to 4.4.0)
	NOTE: https://www.samba.org/samba/security/CVE-2016-2113.html
CVE-2016-2112 (The bundled LDAP client library in Samba 3.x and 4.x before 4.2.11, ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2112.html
CVE-2016-2111 (The NETLOGON service in Samba 3.x and 4.x before 4.2.11, 4.3.x before ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2111.html
CVE-2016-2110 (The NTLMSSP authentication implementation in Samba 3.x and 4.x before ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2016-2110.html
CVE-2016-2109 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in the ASN.1 ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=c62981390d6cf9e3d612c489b8b77c2913b25807
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2108 (The ASN.1 implementation in OpenSSL before 1.0.1o and 1.0.2 before ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2c-1
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2107 (The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2106 (Integer overflow in the EVP_EncryptUpdate function in ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=3f3582139fbb259a1c3cbb0a25236500a409bf26
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2105 (Integer overflow in the EVP_EncodeUpdate function in ...)
	{DSA-3566-1 DLA-456-1}
	- openssl 1.0.2h-1
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ee1e3cac2e83abc77bcc8ff98729ca1e10fcc920
	NOTE: https://www.openssl.org/news/secadv/20160503.txt
CVE-2016-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2016-2103 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2016-2102 (HAProxy statistics in openstack-tripleo-image-elements are ...)
	- tripleo-image-elements <not-affected> (Configuration not found in Debian's version)
CVE-2016-2101
	RESERVED
CVE-2016-2100 (Foreman before 1.10.3 and 1.11.0 before 1.11.0-RC2 allow remote ...)
	- foreman <itp> (bug #663101)
CVE-2016-2099 (Use-after-free vulnerability in validators/DTD/DTDScanner.cpp in ...)
	{DSA-3579-1 DLA-467-1}
	- xerces-c 3.1.3+debian-2 (bug #823863)
	NOTE: https://issues.apache.org/jira/browse/XERCESC-2066
CVE-2016-2098 (Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and ...)
	{DSA-3509-1 DLA-604-1}
	- rails 2:4.2.5.2-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x, 4.2.x
	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2, 4.2.5.2
CVE-2016-2097 (Directory traversal vulnerability in Action View in Ruby on Rails ...)
	{DSA-3509-1 DLA-604-1}
	- rails 2:4.2.5.2-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	NOTE: Versions Affected: 3.2.x, 4.0.x, 4.1.x
	NOTE: Not affected: 4.2+
	NOTE: Fixed Versions: 3.2.22.2, 4.1.14.2
CVE-2016-2096
	RESERVED
CVE-2016-2095
	RESERVED
CVE-2016-2094 (The HTTPS NIO Connector allows remote attackers to cause a denial of ...)
	NOT-FOR-US: JBoss EAP
CVE-2016-2093
	RESERVED
CVE-2015-8806 (dict.c in libxml2 allows remote attackers to cause a denial of service ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #813613)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749115
	NOTE: Same fix as CVE-2016-1839 seems to resolve the issue
CVE-2015-8805 (The ecc_256_modq function in ecc-256.c in Nettle before 3.2 does not ...)
	- nettle 3.2-1 (bug #813679)
	[jessie] - nettle 2.7.1-5+deb8u1
	[wheezy] - nettle <not-affected> (Vulnerable code not present)
	[squeeze] - nettle <not-affected> (Vulnerable code not present)
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
CVE-2015-8804 (x86_64/ecc-384-modp.asm in Nettle before 3.2 does not properly handle ...)
	- nettle 3.2-1 (bug #813679)
	[jessie] - nettle 2.7.1-5+deb8u1
	[wheezy] - nettle <not-affected> (Vulnerable code not present)
	[squeeze] - nettle <not-affected> (Vulnerable code not present)
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003024.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/fa269b6ad06dd13c901dbd84a12e52b918a09cd7
CVE-2015-8803 (The ecc_256_modp function in ecc-256.c in Nettle before 3.2 does not ...)
	- nettle 3.2-1 (bug #813679)
	[jessie] - nettle 2.7.1-5+deb8u1
	[wheezy] - nettle <not-affected> (Vulnerable code not present)
	[squeeze] - nettle <not-affected> (Vulnerable code not present)
	NOTE: https://lists.lysator.liu.se/pipermail/nettle-bugs/2015/003028.html
	NOTE: https://git.lysator.liu.se/nettle/nettle/commit/c71d2c9d20eeebb985e3872e4550137209e3ce4d
CVE-2015-8797 (Cross-site scripting (XSS) vulnerability in ...)
	- lucene-solr <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-7949
CVE-2015-8796 (Cross-site scripting (XSS) vulnerability in ...)
	- lucene-solr <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-7920
CVE-2015-8795 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin UI in ...)
	- lucene-solr <not-affected> (Vulnerable code not present)
	NOTE: https://issues.apache.org/jira/browse/SOLR-7346
CVE-2015-8794 (Absolute path traversal vulnerability in ...)
	- roundcube 1.1.2+dfsg.1-1
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://www.scip.ch/en/?vuldb.80732
	NOTE: http://web.archive.org/web/20160329044745/http://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released
	NOTE: http://trac.roundcube.net/ticket/1490379
CVE-2015-8793 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
	- roundcube 1.1.2+dfsg.1-1
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://web.archive.org/web/20160329044745/http://roundcube.net/news/2015/06/05/updates-1.1.2-and-1.0.6-released
	NOTE: http://www.scip.ch/en/?vuldb.80731
	NOTE: http://trac.roundcube.net/ticket/1490417 - mentions 1.0 not vulnerable, verified code not present in squeeze
	NOTE: http://web.archive.org/web/20150627125240/http://trac.roundcube.net:80/changeset/b782815dac/github
CVE-2015-8791 (The EbmlElement::ReadCodedSizeValue function in libEBML before 1.3.3 ...)
	{DSA-3538-1 DLA-438-1}
	- libebml 1.3.3-1
	NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libebml/commit/24e5cd7c666b1ddd85619d60486db0a5481c1b90
CVE-2015-8790 (The EbmlUnicodeString::UpdateFromUTF8 function in libEBML before 1.3.3 ...)
	{DSA-3538-1 DLA-438-1}
	- libebml 1.3.3-1
	NOTE: https://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libebml/commit/ababb64e0c792ad2a314245233db0833ba12036b
CVE-2016-2533 (Buffer overflow in the ImagingPcdDecode function in PcdDecode.c in ...)
	{DSA-3499-1 DLA-422-1}
	- pillow 3.1.1-1
	- python-imaging <removed>
	[wheezy] - python-imaging 1.1.7-4+deb7u2
	NOTE: https://github.com/python-pillow/Pillow/pull/1706
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/5
	NOTE: https://github.com/python-pillow/Pillow/commit/ae453aa18b66af54e7ff716f4ccb33adca60afd4
CVE-2016-2221 (Open redirect vulnerability in the wp_validate_redirect function in ...)
	{DSA-3472-1 DLA-418-1}
	- wordpress 4.4.2+dfsg-1 (bug #813697)
	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36444
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2222 (The wp_http_validate_url function in wp-includes/http.php in WordPress ...)
	{DSA-3472-1 DLA-418-1}
	- wordpress 4.4.2+dfsg-1 (bug #813697)
	NOTE: https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36435
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/04/4
CVE-2016-2217 (The OpenSSL address implementation in Socat 1.7.3.0 and 2.0.0-b8 does ...)
	- socat 1.7.3.1-1 (bug #813536)
	[jessie] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	[wheezy] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	[squeeze] - socat <not-affected> (Broken 1024bit DH parameter generated in 1.7.3.0)
	NOTE: The issues is about "In the OpenSSL address implementation the hard coded 1024 bit DH
	NOTE: p parameter was not prime.". Upstream has generated new parametes (and made it 2048
	NOTE: bit long.
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/01/4
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv7.html
CVE-2015-XXXX [Type Confusion Vulnerability in PHP_to_XMLRPC_worker()]
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u4
	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f3c1863aa2721343245b63ac7bd68cfdc3dd41f3
	NOTE: https://bugs.php.net/bug.php?id=70728
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-XXXX [Session WDDX Packet Deserialization Type Confusion Vulnerability]
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u4
	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=1785d2b805f64eaaacf98c14c9e13107bf085ab1
	NOTE: https://bugs.php.net/bug.php?id=70741
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2015-XXXX [Use-after-free in WDDX Packet Deserialization]
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[wheezy] - php5 5.4.45-0+deb7u4
	NOTE: Workaround entry for DLA-533-1 until CVE is assigned
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=366f9505a4aae98ef2f4ca39a838f628a324b746
	NOTE: https://bugs.php.net/bug.php?id=70661
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/03/3
CVE-2016-5114 (sapi/fpm/fpm/fpm_log.c in PHP before 5.5.31, 5.6.x before 5.6.17, and ...)
	{DLA-628-1}
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.17+dfsg-0+deb8u1
	[squeeze] - php5 <not-affected> (vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=70755
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=2721a0148649e07ed74468f097a28899741eb58f
	NOTE: http://seclists.org/bugtraq/2016/Jan/117
	NOTE: http://www.openwall.com/lists/oss-security/2016/02/02/4
CVE-2016-3197
	REJECTED
CVE-2016-2092
	RESERVED
CVE-2016-2198 (QEMU (aka Quick Emulator) built with the USB EHCI emulation support is ...)
	- qemu 1:2.6+dfsg-1 (bug #813193)
	[jessie] - qemu <no-dsa> (Minor issue; Can be fixed along with a future DSA)
	[wheezy] - qemu <not-affected> (Introduced after v1.2.0)
	[squeeze] - qemu <not-affected> (Introduced after v1.2.0)
	- qemu-kvm <not-affected> (Introduced after v1.2.0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=dff0367cf66f489aa772320fa2937a8cac1ca30d (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1301643
CVE-2016-2197 (QEMU (aka Quick Emulator) built with an IDE AHCI emulation support is ...)
	- qemu 1:2.6+dfsg-1 (bug #813194)
	[jessie] - qemu <not-affected> (Vulnerable code introduced later)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=99b4cb71069f109b79b27bc629fc0cf0886dbc4b (v2.6.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1302057
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/29/2
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=fc3d8e1138cd0c843d6fd75272633a31be6554ef (v2.3.0-rc2)
CVE-2016-2088 (resolver.c in named in ISC BIND 9.10.x before 9.10.3-P4, when DNS ...)
	- bind9 <not-affected> (Introduced in Bind 9.10)
	NOTE: https://kb.isc.org/article/AA-01351
CVE-2016-2087 (Directory traversal vulnerability in the client in HexChat 2.11.0 ...)
	{DLA-1050-1}
	- xchat 2.8.8-10
	[jessie] - xchat <no-dsa> (Minor issue)
	- hexchat 2.12.4-4 (bug #852275)
	[stretch] - hexchat <no-dsa> (Minor issue)
	[jessie] - hexchat <no-dsa> (Minor issue)
	NOTE: https://www.exploit-db.com/exploits/39656/
	NOTE: https://github.com/hexchat/hexchat/issues/1933
	NOTE: https://github.com/hexchat/hexchat/commit/15600f405f2d5bda6ccf0dd73957395716e0d4d3
	NOTE: Would be included in upstream source since the upload 2.12.3-0.1 to unstable but the
	NOTE: Debian packaging reverts the 15600f405f2d5bda6ccf0dd73957395716e0d4d3 commit
	NOTE: The Debian packagging drops the revert in 2.12.4-4 to not diverge from upstream.
CVE-2016-2086 (Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before ...)
	- nodejs 4.3.0~dfsg-1 (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodejs.org/en/blog/vulnerability/february-2016-security-releases/
CVE-2015-8792 (The KaxInternalBlock::ReadData function in libMatroska before 1.4.4 ...)
	{DSA-3526-1 DLA-420-1}
	- libmatroska 1.4.4-1
	NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libmatroska/commit/0a2d3e3644a7453b6513db2f9bc270f77943573f
CVE-2015-8789 (Use-after-free vulnerability in the EbmlMaster::Read function in ...)
	{DSA-3538-1}
	- libebml 1.3.3-1
	[squeeze] - libebml <not-affected> (Vulnerable code not present)
	NOTE: http://lists.matroska.org/pipermail/matroska-users/2015-October/006985.html
	NOTE: https://github.com/Matroska-Org/libebml/commit/88409e2a94dd3b40ff81d08bf6d92f486d036b24
CVE-2015-8788
	RESERVED
CVE-2016-2091 (The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf ...)
	{DLA-669-1}
	- dwarfutils 20160507-1 (bug #813148)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/3
	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/9565964f26966d8391fe2cfa8e6e8e59278c5f91
CVE-2016-2090 (Off-by-one vulnerability in the fgetwln function in libbsd before ...)
	- libbsd 0.8.2-1
	[jessie] - libbsd <no-dsa> (Minor issue)
	[wheezy] - libbsd <not-affected> (Vulnerable code not present)
	[squeeze] - libbsd <not-affected> (Vulnerable code not present)
	NOTE: Not used anywhere in Debian according to codesearch.debian.net
	NOTE: https://blog.fuzzing-project.org/36-Heap-buffer-overflow-in-fgetwln-function-of-libbsd.html
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=93881
	NOTE: Fixed by: http://cgit.freedesktop.org/libbsd/commit/?id=c8f0723d2b4520bdd6b9eb7c3e7976de726d7ff7 (0.8.2)
	NOTE: Introduced by: http://cgit.freedesktop.org/libbsd/commit/?id=a97ce513e031b29a47965b740be14fb9a84277fc (0.5.0)
CVE-2016-2089 (The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows ...)
	{DSA-3508-1}
	- jasper <removed> (bug #812978)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: https://github.com/mdadams/jasper/commit/c87ad330a8b8d6e5eb0065675601fdfae08ebaab
CVE-2016-2085 (The evm_verify_hmac function in security/integrity/evm/evm_main.c in ...)
	- linux 4.4.2-1 (unimportant)
	[jessie] - linux 3.16.7-ckt25-1
	- linux-2.6 <removed> (unimportant)
	NOTE: EVM is not enabled
	NOTE: https://git.kernel.org/linus/613317bd212c585c20796c10afe5daaa95d4b0a1 (v4.5-rc4)
CVE-2016-2084 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-2083
	REJECTED
CVE-2016-2082 (Cross-site request forgery (CSRF) vulnerability in VMware vRealize Log ...)
	NOT-FOR-US: VMware
CVE-2016-2081 (Cross-site scripting (XSS) vulnerability in VMware vRealize Log ...)
	NOT-FOR-US: VMware
CVE-2016-2080
	REJECTED
CVE-2016-2079 (VMware NSX Edge 6.1 before 6.1.7 and 6.2 before 6.2.3 and vCNS Edge ...)
	NOT-FOR-US: VMware
CVE-2016-2078 (Cross-site scripting (XSS) vulnerability in the Web Client in VMware ...)
	NOT-FOR-US: VMware
CVE-2016-2077 (VMware Workstation 11.x before 11.1.3 and VMware Player 7.x before ...)
	NOT-FOR-US: VMware
CVE-2016-2076 (Client Integration Plugin (CIP) in VMware vCenter Server 5.5 U3a, U3b, ...)
	NOT-FOR-US: VMware
CVE-2016-2075 (Cross-site scripting (XSS) vulnerability in VMware vRealize Business ...)
	NOT-FOR-US: VMware vRealize Business Advanced and Enterprise
CVE-2016-2074 (Buffer overflow in lib/flow.c in ovs-vswitchd in Open vSwitch 2.2.x ...)
	{DSA-3533-1}
	- openvswitch 2.3.0+git20140819-4
	[wheezy] - openvswitch <not-affected> (Affects only 2.2.x and later)
	NOTE: http://openvswitch.org/pipermail/announce/2016-March/000082.html
CVE-2016-2072 (The Administrative Web Interface in Citrix NetScaler Application ...)
	NOT-FOR-US: Citrix
CVE-2016-2071 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
	NOT-FOR-US: Citrix
CVE-2015-8787 (The nf_nat_redirect_ipv4 function in net/netfilter/nf_nat_redirect.c ...)
	- linux 4.3.5-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.19-rc1)
	- linux-2.6 <not-affected> (Vulnerable code introduced in v3.19-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300731
	NOTE: https://lkml.org/lkml/2015/12/2/618
	NOTE: Introduced by: https://git.kernel.org/linus/8b13eddfdf04cbfa561725cfc42d6868fe896f56 (v3.19-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/94f9cd81436c85d8c3a318ba92e236ede73752fc (v4.4-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/27/6
CVE-2015-8786 (The Management plugin in RabbitMQ before 3.6.1 allows remote ...)
	- rabbitmq-server 3.6.5-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <not-affected> (lengths_age or lengths_incr parameters are not present)
	NOTE: https://github.com/rabbitmq/rabbitmq-management/issues/97
CVE-2016-XXXX [out of bound read and write issues]
	- giflib 5.1.4-0.1 (bug #820594)
	[jessie] - giflib <no-dsa> (Minor issue)
	[wheezy] - giflib <no-dsa> (Minor issue)
	[squeeze] - giflib <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/giflib/bugs/82/
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/26/5
	NOTE: http://sourceforge.net/p/giflib/code/ci/4cc68b315ff9a378aef6664e1be6b2144ad4a5e6/
CVE-2016-2073 (The htmlParseNameComplex function in HTMLparser.c in libxml2 allows ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1 (bug #812807)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/6
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/26/8 has details
	NOTE: Same fix as CVE-2016-1839 and CVE-2015-8806
CVE-2016-2070 (The tcp_cwnd_reduction function in net/ipv4/tcp_input.c in the Linux ...)
	- linux 4.3.5-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream commit: https://git.kernel.org/linus/8b8a321ff72c785ed5e8b4cf6eda20b35d427390 (v4.4)
	NOTE: Introduced by: https://git.kernel.org/linus/3759824da87b30ce7a35b4873b62b0ba38905ef5 (v4.3-rc1)
CVE-2016-2068 (The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2067 (drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2066 (Integer signedness error in the MSM QDSP6 audio driver for the Linux ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2065 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2064 (sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2063 (Stack-based buffer overflow in the supply_lm_input_write function in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2062 (The adreno_perfcounter_query_group function in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2061 (Integer signedness error in the MSM V4L2 video driver for the Linux ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-2060 (server/TetherController.cpp in the tethering controller in netd, as ...)
	NOT-FOR-US: Android
CVE-2016-2059 (The msm_ipc_router_bind_control_port function in ...)
	NOT-FOR-US: Android drivers
CVE-2016-2058 (Multiple cross-site scripting (XSS) vulnerabilities in Xymon 4.1.x, ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2057 (lib/xymond_ipc.c in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 use ...)
	{DSA-3495-1}
	- xymon 4.3.25-1
	[wheezy] - xymon <not-affected> (vulnerable code not present)
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2056 (xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2055 (xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2054 (Multiple buffer overflows in xymond/xymond.c in xymond in Xymon 4.1.x, ...)
	{DSA-3495-1 DLA-488-1}
	- xymon 4.3.25-1
	NOTE: http://lists.xymon.com/pipermail/xymon/2016-February/042986.html
CVE-2016-2052 (Multiple unspecified vulnerabilities in HarfBuzz before 1.0.6, as used ...)
	- harfbuzz 1.2.6-1
	[jessie] - harfbuzz <not-affected> (Vulnerable code not present)
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: https://code.google.com/p/chromium/issues/detail?id=544270
	NOTE: https://github.com/behdad/harfbuzz/commit/63ef0b41dc48d6112d1918c1b1de9de8ea90adb5
CVE-2016-2051 (Multiple unspecified vulnerabilities in Google V8 before 4.8.271.17, ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-2048 (Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, ...)
	- python-django 1.9.2-1 (bug #813448)
	[jessie] - python-django <not-affected> (Only affects 1.9)
	[wheezy] - python-django <not-affected> (Only affects 1.9)
	[squeeze] - python-django <not-affected> (Only affects 1.9)
	NOTE: https://www.djangoproject.com/weblog/2016/feb/01/releases-192-and-189/
CVE-2016-2046 (Cross-site scripting (XSS) vulnerability in the UserPortal page in ...)
	NOT-FOR-US: SOPHOS
CVE-2016-2045 (Cross-site scripting (XSS) vulnerability in the SQL editor in ...)
	{DLA-481-1}
	- phpmyadmin 4:4.5.4-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-9/
CVE-2016-2044 (libraries/sql-parser/autoload.php in the SQL parser in phpMyAdmin ...)
	- phpmyadmin 4:4.5.4-1
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-8/
	NOTE: vulnerability introduced in 4.5.0.1 / 718ef31
CVE-2016-2043 (Cross-site scripting (XSS) vulnerability in the goToFinish1NF function ...)
	- phpmyadmin 4:4.5.4-1
	[jessie] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-7/
	NOTE: vulnerability introduced in 4.3.3 / 1e971f3
CVE-2016-2042 (phpMyAdmin 4.4.x before 4.4.15.3 and 4.5.x before 4.5.4 allows remote ...)
	- phpmyadmin 4:4.5.4-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: introduced as part of the CVE-2016-2039 fix
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-6/
	NOTE: path disclosure not relevant on Debian
CVE-2016-2041 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x ...)
	{DSA-3627-1 DLA-481-1 DLA-406-1}
	- phpmyadmin 4:4.5.4-1
	NOTE: squeeze patch backport trivial to wheezy
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-5/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456c1cecf46428c
CVE-2016-2040 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.4-1
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-3/
CVE-2016-2039 (libraries/session.inc.php in phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x ...)
	{DSA-3627-1 DLA-481-1 DLA-406-1}
	- phpmyadmin 4:4.5.4-1
	NOTE: squeeze patch was actually incorrect and probably not functional: libraries/phpseclib/Crypt/Random.php needs some engine (e.g. AES) to work
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-2/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd is not sufficient: one needs 29b297f to import more bits from phpseclib or simply import all of phpseclib.
	NOTE: such a fix needs to avoid introducing a new vulnerability as well, upstream introduced CVE-2016-2042 as part of this
CVE-2016-2038 (phpMyAdmin 4.0.x before 4.0.10.13, 4.4.x before 4.4.15.3, and 4.5.x ...)
	{DLA-481-1}
	- phpmyadmin 4:4.5.4-1 (unimportant)
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-1/
	NOTE: path disclosure not relevant on Debian
CVE-2016-2036 (The getURL function in drivers/secfilter/urlparser.c in secfilter in ...)
	NOT-FOR-US: Samsung
CVE-2015-8780 (Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a ...)
	NOT-FOR-US: Samsung
CVE-2016-2069 (Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1 ...)
	{DSA-3503-1 DLA-412-1}
	- linux 4.3.5-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/25/1
	NOTE: https://git.kernel.org/linus/71b3c126e61177eb693423f2e18a1914205b165e (v4.5-rc1)
	NOTE: https://git.kernel.org/linus/4eaffdd5a5fe6ff9f95e1ab4de1ac904d5e0fa8b (v4.5-rc1)
CVE-2016-2053 (The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux ...)
	- linux 4.3.1-1
	[jessie] - linux 3.16.7-ckt25-2
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300237
	NOTE: Introduced in https://git.kernel.org/linus/3d167d68e3805ee45ed2e8412fc03ed919c54c24 (v3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f (v4.3-rc1)
CVE-2015-8783 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8782 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522
	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8781 (tif_luv.c in libtiff allows attackers to cause a denial of service ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2522#0
	NOTE: Commit: https://github.com/vadz/libtiff/commit/aaab5c3c9d2a2c6984f23ccbc79702610439bc65
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/3
CVE-2015-8784 (The NeXTDecode function in tif_next.c in LibTIFF allows remote ...)
	{DSA-3467-1 DLA-880-1 DLA-405-1}
	- tiff 4.0.6-1
	- tiff3 <removed>
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2508
	NOTE: Can be reproduced with tiff compiled with AddressSanitizer
	NOTE: and the same reproducer file http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
	NOTE: Commit: https://github.com/vadz/libtiff/commit/b18012dae552f85dcc5c57d3bf4e997a15b1cc1c
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/4
CVE-2016-2049 (examples/consumer/common.php in JanRain PHP OpenID library (aka ...)
	- php-openid <unfixed> (unimportant)
	NOTE: sample code only, actual vulnerable code not shipped in package
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/2
	NOTE: https://github.com/openid/php-openid/issues/128
CVE-2016-2047 (The ssl_verify_server_cert function in sql-common/client.c in MariaDB ...)
	{DSA-3557-1 DSA-3453-1 DLA-447-1}
	- mariadb-10.0 10.0.23-1
	NOTE: https://mariadb.atlassian.net/browse/MDEV-9212
	NOTE: https://github.com/MariaDB/server/commit/f0d774d48416bb06063184380b684380ca005a41
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	[squeeze] - mysql-5.5 <no-dsa> (will be fixed along with an upcoming Oracle CPU)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-2035
	REJECTED
CVE-2016-2034 (SQL injection vulnerability in ClearPass Policy Manager 6.5.x through ...)
	NOT-FOR-US: ClearPass Policy Manager
CVE-2016-2033
	RESERVED
CVE-2016-2032
	RESERVED
CVE-2016-2031
	RESERVED
CVE-2016-2030 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2029 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2028 (HPE Matrix Operating Environment before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2027 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2026 (HPE Matrix Operating Environment before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Matrix Operating Environment
CVE-2016-2025 (HPE Service Manager 9.30, 9.31, 9.32, 9.33, 9.34, 9.35, 9.40, and 9.41 ...)
	NOT-FOR-US: HPE
CVE-2016-2024 (HPE Insight Control before 7.5.1 allow remote attackers to obtain ...)
	NOT-FOR-US: HPE Insight Control
CVE-2016-2023 (HPE RESTful Interface Tool 1.40 allows local users to obtain sensitive ...)
	NOT-FOR-US: HPE
CVE-2016-2022 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2021 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2020 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2019 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2018 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote attackers ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2017 (HPE Systems Insight Manager (SIM) before 7.5.1 allows remote ...)
	NOT-FOR-US: HPE Systems Insight Manager
CVE-2016-2016 (Base-VxFS-50 B.05.00.01 through B.05.00.02, Base-VxFS-501 B.05.01.0 ...)
	NOT-FOR-US: HPE
CVE-2016-2015 (HPE System Management Homepage before 7.5.5 allows local users to ...)
	NOT-FOR-US: HPE
CVE-2016-2014 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
	NOT-FOR-US: HPE
CVE-2016-2013 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
	NOT-FOR-US: HPE
CVE-2016-2012 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
	NOT-FOR-US: HPE
CVE-2016-2011 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
	NOT-FOR-US: HPE
CVE-2016-2010 (Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i ...)
	NOT-FOR-US: HPE
CVE-2016-2009 (HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and ...)
	NOT-FOR-US: HPE
CVE-2016-2008 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2007 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2006 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2005 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2004 (HPE Data Protector before 7.03_108, 8.x before 8.15, and 9.x before ...)
	NOT-FOR-US: HPE Data Protector
CVE-2016-2003 (HPE P9000 Command View Advanced Edition Software (CVAE) 7.x and 8.x ...)
	NOT-FOR-US: HPE P9000 Command View Advanced Edition Software
CVE-2016-2002 (The validateAdminConfig handler in the Analytics Management Console in ...)
	NOT-FOR-US: HPE Vertica
CVE-2016-2001 (HPE Universal CMDB Foundation 10.0, 10.01, 10.10, 10.11, and 10.20 ...)
	NOT-FOR-US: HPE Universal CMDB
CVE-2016-2000 (HPE Asset Manager 9.40, 9.41, and 9.50 and Asset Manager CloudSystem ...)
	NOT-FOR-US: HPE Asset Manager
CVE-2016-1999 (The server in HP Release Control 9.13, 9.20, and 9.21 allows remote ...)
	NOT-FOR-US: HP Release Control
CVE-2016-1998 (HPE Service Manager (SM) 9.3x before 9.35 P4 and 9.4x before 9.41.P2 ...)
	NOT-FOR-US: HPE Service Manager
CVE-2016-1997 (HPE Operations Orchestration 10.x before 10.51 and Operations ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2016-1996 (HPE System Management Homepage before 7.5.4 allows local users to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1995 (HPE System Management Homepage before 7.5.4 allows remote attackers to ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1994 (HPE System Management Homepage before 7.5.4 allows remote ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1993 (HPE System Management Homepage before 7.5.4 allows remote ...)
	NOT-FOR-US: HPE System Management Homepage
CVE-2016-1992 (HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1991 (HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1990 (HPE ArcSight ESM 5.x before 5.6, 6.0, 6.5.x before 6.5C SP1 Patch 2, ...)
	NOT-FOR-US: HPE ArcSight ESM
CVE-2016-1989 (HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-1988 (HPE Network Automation 9.22 through 9.22.02 and 10.x before 10.00.02 ...)
	NOT-FOR-US: HPE Network Automation
CVE-2016-1987 (HPE IPFilter A.11.31.18.21 on HP-UX, when a certain keep-state ...)
	NOT-FOR-US: HP-UX IPFilter
CVE-2016-1986 (HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers ...)
	NOT-FOR-US: HP CDA
CVE-2016-1985 (HPE Operations Manager 8.x and 9.0 on Windows allows remote attackers ...)
	NOT-FOR-US: HPE Operations Manager
CVE-2016-1984 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
	NOT-FOR-US: Harman AMX devices
CVE-2016-1980
	RESERVED
CVE-2016-1979 (Use-after-free vulnerability in the ...)
	{DSA-3688-1 DSA-3576-1 DLA-480-1 DLA-472-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	- icedove 38.8.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-36/
	- nss 2:3.21-1
CVE-2016-1978 (Use-after-free vulnerability in the ssl3_HandleECDHServerKeyExchange ...)
	{DSA-3688-1 DLA-480-1}
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: Marked as fixed in 44.0-1 which would be the version fixing
	NOTE: the issue while using the bundled nss version. iceweasel for
	NOTE: unstable though used the system library.
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-15/
	- nss 2:3.21-1
CVE-2016-1977 (The Machine::Code::decoder::analysis::set_ref function in Graphite 2 ...)
	{DSA-3520-1 DSA-3515-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-37/
	- graphite2 1.3.6-1
CVE-2016-1976 (Use-after-free vulnerability in the DesktopDisplayDevice class in the ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1975 (Multiple race conditions in dom/media/systemservices/CamerasChild.cpp ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1974 (The nsScannerString::AppendUnicodeTo function in Mozilla Firefox ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-34/
CVE-2016-1973 (Race condition in the GetStaticInstance function in the WebRTC ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-33/
CVE-2016-1972 (Race condition in libvpx in Mozilla Firefox before 45.0 on Windows ...)
	- iceweasel <not-affected> (Windows-specific)
	- libvpx <not-affected> (Windows-specific)
CVE-2016-1971 (The I420VideoFrame::CreateFrame function in the WebRTC implementation ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1970 (Integer underflow in the srtp_unprotect function in the WebRTC ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2016-1969 (The setAttr function in Graphite 2 before 1.3.6, as used in Mozilla ...)
	{DSA-3515-1 DSA-3477-1}
	- graphite2 1.3.6-1
	- iceweasel <removed>
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-38/
CVE-2016-1968 (Integer underflow in Brotli, as used in Mozilla Firefox before 45.0, ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-30/
	- brotli 0.3.0+dfsg-3 (bug #817233)
	NOTE: https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
CVE-2016-1967 (Mozilla Firefox before 45.0 does not properly restrict the ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-29/
CVE-2016-1966 (The nsNPObjWrapper::GetNewOrUsed function in ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-31/
CVE-2016-1965 (Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 mishandle ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-28/
CVE-2016-1964 (Use-after-free vulnerability in the AtomicBaseIncDec function in ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-27/
CVE-2016-1963 (The FileReader class in Mozilla Firefox before 45.0 allows local users ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-26/
CVE-2016-1962 (Use-after-free vulnerability in the ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-25/
CVE-2016-1961 (Use-after-free vulnerability in the nsHTMLDocument::SetBody function ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-24/
CVE-2016-1960 (Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-23/
CVE-2016-1959 (The ServiceWorkerManager class in Mozilla Firefox before 45.0 allows ...)
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- iceweasel <removed>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-22/
CVE-2016-1958 (browser/base/content/browser.js in Mozilla Firefox before 45.0 and ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-21/
CVE-2016-1957 (Memory leak in libstagefright in Mozilla Firefox before 45.0 and ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-20/
CVE-2016-1956 (Mozilla Firefox before 45.0 on Linux, when an Intel video driver is ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-19/
CVE-2016-1955 (Mozilla Firefox before 45.0 allows remote attackers to bypass the Same ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-18/
CVE-2016-1954 (The nsCSPContext::SendReports function in ...)
	{DSA-3520-1 DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-17/
CVE-2016-1953 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 44.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 44.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1952 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3510-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-16/
CVE-2016-1951 (Multiple integer overflows in io/prprf.c in Mozilla Netscape Portable ...)
	{DSA-3687-1 DLA-513-1}
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- nspr 2:4.12-1
	[jessie] - nspr <no-dsa> (Minor issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1174015
	NOTE: https://groups.google.com/forum/#!topic/mozilla.dev.tech.nspr/dV4MyMsg6jw
	NOTE: Upstream commit: https://hg.mozilla.org/projects/nspr/rev/96381e3aaae2
CVE-2016-1950 (Heap-based buffer overflow in Mozilla Network Security Services (NSS) ...)
	{DSA-3688-1 DSA-3520-1 DSA-3510-1 DLA-480-1}
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	- icedove 38.7.0-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-35/
	- nss 2:3.23-1
	NOTE: NSS fixed in 3.21.1
CVE-2016-1949 (Mozilla Firefox before 44.0.2 does not properly restrict the ...)
	- iceweasel <removed>
	- firefox-esr 45.0esr-1
	- firefox 45.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-13/
CVE-2016-1948 (Mozilla Firefox before 44.0 on Android does not ensure that HTTPS is ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-12/
CVE-2016-1947 (Mozilla Firefox 43.x mishandles attempts to connect to the Application ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-11/
CVE-2016-1946 (The MoofParser::Metadata function in binding/MoofParser.cpp in ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1945 (The nsZipArchive function in Mozilla Firefox before 44.0 might allow ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1944 (The Buffer11::NativeBuffer11::map function in ANGLE, as used in ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-10/
CVE-2016-1943 (Mozilla Firefox before 44.0 on Android allows remote attackers to ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1942 (Mozilla Firefox before 44.0 allows user-assisted remote attackers to ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-09/
CVE-2016-1941 (The file-download dialog in Mozilla Firefox before 44.0 on OS X ...)
	- iceweasel <not-affected> (Affects only Firefox on OS X)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-08/
CVE-2016-1940 (Mozilla Firefox before 44.0 on Android allows remote attackers to ...)
	- iceweasel <not-affected> (Affects Firefox for Android only)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-05/
CVE-2016-1939 (Mozilla Firefox before 44.0 stores cookies with names containing ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
CVE-2016-1938 (The s_mp_div function in lib/freebl/mpi/mpi.c in Mozilla Network ...)
	{DSA-3688-1 DLA-480-1 DLA-427-1}
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: Marked as fixed in 44.0-1 which would be the version fixing
	NOTE: the issue while using the bundled nss version. iceweasel for
	NOTE: unstable though used the system library.
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-07/
	- nss 2:3.21-1
	NOTE: https://hg.mozilla.org/projects/nss/rev/a555bf0fc23a
	NOTE: https://hg.mozilla.org/projects/nss/rev/608645309ab9
	NOTE: https://hg.mozilla.org/projects/nss/rev/cfd0ad4726cb
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1190248 (not yet public)
CVE-2016-1937 (The protocol-handler dialog in Mozilla Firefox before 44.0 allows ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-06/
CVE-2016-1936
	RESERVED
CVE-2016-1935 (Buffer overflow in the BufferSubData function in Mozilla Firefox ...)
	{DSA-3491-1 DSA-3457-1}
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-03/
CVE-2016-1934
	RESERVED
CVE-2016-1933 (Integer overflow in the image-deinterlacing functionality in Mozilla ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/
CVE-2016-1932
	RESERVED
CVE-2016-1931 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1930 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3491-1 DSA-3457-1}
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-01/
CVE-2016-1929 (The XS engine in SAP HANA allows remote attackers to spoof log entries ...)
	NOT-FOR-US: SAP
CVE-2016-1928 (Buffer overflow in the XS engine (hdbxsengine) in SAP HANA allows ...)
	NOT-FOR-US: SAP
CVE-2016-1927 (The suggestPassword function in js/functions.js in phpMyAdmin 4.0.x ...)
	{DSA-3627-1 DLA-481-1}
	- phpmyadmin 4:4.5.4-1
	[squeeze] - phpmyadmin <no-dsa> (minor issue)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2016-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
CVE-2016-1983 (The client_host function in parsers.c in Privoxy before 3.0.24 allows ...)
	{DSA-3460-1 DLA-398-1}
	- privoxy 3.0.24-1
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.302&r2=1.303
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2016-1982 (The remove_chunked_transfer_coding function in filters.c in Privoxy ...)
	{DSA-3460-1 DLA-398-1}
	- privoxy 3.0.24-1
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/filters.c?r1=1.196&r2=1.197
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/21/4
CVE-2015-XXXX [buffer overflows in init_cups]
	- cups-filters 1.6.0-1 (unimportant)
	- foomatic-filters <unfixed> (unimportant)
	[jessie] - foomatic-filters <no-dsa> (Minor issue)
	[wheezy] - foomatic-filters <no-dsa> (Minor issue)
	[squeeze] - foomatic-filters 4.0.5-6+squeeze2+deb6u13
	NOTE: workaround entry for DLA-399-1 until/if CVE assigned
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1336
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7431
	NOTE: Doesn't cross any security boundary
CVE-2016-1926 (Cross-site scripting (XSS) vulnerability in the charts module in ...)
	NOT-FOR-US: Greenbone Security Assistant
CVE-2016-1921
	RESERVED
CVE-2016-1918 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1917 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1916 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1915 (Multiple cross-site scripting (XSS) vulnerabilities in BlackBerry ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1914 (Multiple SQL injection vulnerabilities in the ...)
	NOT-FOR-US: BlackBerry
CVE-2016-1913 (Multiple cross-site scripting (XSS) vulnerabilities in the Redhen ...)
	NOT-FOR-US: Redhen module for Drupal
CVE-2016-1912 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
	- dolibarr 3.5.8+dfsg1-1 (bug #812496)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/4341
CVE-2016-1911 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2016-1910 (The User Management Engine (UME) in SAP NetWeaver 7.4 allows attackers ...)
	NOT-FOR-US: SAP
CVE-2016-1909 (Fortinet FortiAnalyzer before 5.0.12 and 5.2.x before 5.2.5; ...)
	NOT-FOR-US: FortiOS
CVE-2015-8775
	RESERVED
CVE-2015-8774
	RESERVED
CVE-2015-8773 (Stack-based buffer overflow in McPvDrv.sys 4.6.111.0 in McAfee File ...)
	NOT-FOR-US: McAfee
CVE-2015-8772 (McPvDrv.sys 4.6.111.0 in McAfee File Lock 5.x in McAfee Total ...)
	NOT-FOR-US: McAfee
CVE-2016-1981 (QEMU (aka Quick Emulator) built with the e1000 NIC emulation support ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-5 (bug #812307)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg03454.html
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7c23b8920329180f48b8a147b629d8837709d201 (v0.10.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298570
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/10
CVE-2016-2037 (The cpio_safer_name_suffix function in util.c in cpio 2.11 allows ...)
	{DSA-3483-1 DLA-415-1}
	- cpio 2.11+dfsg-5 (bug #812401)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/4
	NOTE: To reproduce and uncover the issue with unstable version compile with ASAN
	NOTE: Patch: https://lists.gnu.org/archive/html/bug-cpio/2016-01/msg00005.html
CVE-2016-2050 (The get_abbrev_array_info function in libdwarf-20151114 allows remote ...)
	{DLA-669-1}
	- dwarfutils 20160507+git20160523.9086738-1 (unimportant)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/19/9
	NOTE: Fixed by http://sourceforge.net/p/libdwarf/code/ci/a05f5e2ae6a5f34daa566975894fc2803d6ec684
	NOTE: Reasoning for "unimportant" severity: The affected source code is present
	NOTE: in dwarfdump/, but in the binary package is installed dwarfdump2/ .
	NOTE: dwarfdump2 (the C++ implentation) has been abandoned again by upstream in
	NOTE: fawour of the C version.
CVE-2016-XXXX [Multiple minor security issues]
	- imagemagick 8:6.8.9.9-7 (bug #811308)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[wheezy] - imagemagick 8:6.7.7.10-5+deb7u4
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/02/22/4
CVE-2016-1925 (Integer underflow in header.c in lha allows remote attackers to have ...)
	- lha <removed> (unimportant)
	NOTE: Non-free not supported
CVE-2016-1924 (The opj_tgt_reset function in OpenJpeg 2016.1.18 allows remote ...)
	{DSA-3665-1}
	- openjpeg2 2.1.1-1 (bug #818399)
	NOTE: https://github.com/uclouvain/openjpeg/commit/1a8318f6c24623189ecb65e049267c6f2e005c0e
CVE-2016-1923 (Heap-based buffer overflow in the opj_j2k_update_image_data function ...)
	- openjpeg2 2.1.1-1 (bug #818399)
	[jessie] - openjpeg2 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2016-1920 (Samsung KNOX 1.0.0 uses the shared certificate on Android, which ...)
	NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1919 (Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which ...)
	NOT-FOR-US: KNOX 1.0 / Android 4.3
CVE-2016-1902 (The nextBytes function in the SecureRandom class in Symfony before ...)
	{DSA-3588-1}
	- symfony 2.7.9+dfsg-1
	NOTE: http://symfony.com/blog/cve-2016-1902-securerandom-s-fallback-not-secure-when-openssl-fails
	NOTE: https://github.com/symfony/symfony/pull/17359
CVE-2016-1906 (Openshift allows remote attackers to gain privileges by updating a ...)
	- kubernetes <not-affected> (Openshift Specific)
	NOTE: https://github.com/openshift/origin/issues/6556
	NOTE: https://github.com/openshift/origin/pull/6576
CVE-2016-1905 (The API server in Kubernetes does not properly check admission ...)
	- kubernetes <not-affected> (Fixed before the initial release in Debian, 1.2.0)
	NOTE: https://github.com/kubernetes/kubernetes/issues/19479
	NOTE: https://github.com/kubernetes/kubernetes/pull/19481
CVE-2016-1904 (Multiple integer overflows in ext/standard/exec.c in PHP 7.x before ...)
	- php5 <not-affected> (Vulnerable code not present)
	- php5.6 <not-affected> (Vulnerable code not present)
	NOTE: Already using safe_emalloc() in php_escape_shell_cmd()
	- php7.0 7.0.2-1
	NOTE: https://bugs.php.net/bug.php?id=71270
	NOTE: https://github.com/php/php-src/commit/2871c70efaaaa0f102557a17c727fd4d5204dd4b
CVE-2016-1903 (The gdImageRotateInterpolated function in ...)
	- php5 5.6.17+dfsg-1
	[jessie] - php5 5.6.14+dfsg-0+deb8u1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present, check in gdImageRotate() already available)
	- php5.6 5.6.17+dfsg-1
	- php7.0 7.0.2-1
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=70976
	NOTE: https://git.php.net/?p=php-src.git;a=commit;h=4b8394dd78571826ac66a69dc240c623f31d78f8
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/f91abcc3b156823688c54158fc4fa36d87570afe
CVE-2016-1901 (Integer overflow in the authenticate_post function in CGit before 0.12 ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=4458abf64172a62b92810c2293450106e6dfc763 (v0.12)
CVE-2016-1900 (CRLF injection vulnerability in the cgit_print_http_headers function ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=513b3863d999f91b47d7e9f26710390db55f9463 (v0.12)
CVE-2016-1899 (CRLF injection vulnerability in the ui-blob handler in CGit before ...)
	{DSA-3545-1}
	- cgit 0.11.2.git2.3.2-1.1 (bug #812411)
	NOTE: http://git.zx2c4.com/cgit/commit/?id=1c581a072651524f3b0d91f33e22a42c4166dd96 (v0.12)
CVE-2016-1896 (Race condition in the initialization process on Lexmark printers with ...)
	NOT-FOR-US: Firmware in Lexmark printers
CVE-2016-1895 (NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote ...)
	NOT-FOR-US: NetApp
CVE-2016-1894 (NetApp OnCommand Workflow Automation before 3.1P2 allows remote ...)
	NOT-FOR-US: NetApp
CVE-2016-1893
	RESERVED
CVE-2016-1892
	RESERVED
CVE-2016-1891
	RESERVED
CVE-2016-1890
	RESERVED
CVE-2016-1889 (Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, ...)
	NOT-FOR-US: bhyve hypervisor for FreeBSD
CVE-2016-1888 (The telnetd service in FreeBSD 9.3, 10.1, 10.2, 10.3, and 11.0 allows ...)
	NOT-FOR-US: telnetd in FreeBSD
CVE-2016-1887 (Integer signedness error in the sockargs function in ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #824605)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1886 (Integer signedness error in the genkbd_commonioctl function in ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #824604)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1885 (Integer signedness error in the amd64_set_ldt function in ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant; bug #818426)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1884
	RESERVED
CVE-2016-1883 (The issetugid system call in the Linux compatibility layer in FreeBSD ...)
	- kfreebsd-10 10.3~svn300087-1 (unimportant)
	- kfreebsd-9 <removed> (unimportant)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2016-1882 (FreeBSD 9.3 before p33, 10.1 before p26, and 10.2 before p9 allow ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811280)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1881 (The kernel in FreeBSD 9.3, 10.1, and 10.2 allows local users to cause ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811279)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1880 (The Linux compatibility layer in the kernel in FreeBSD 9.3, 10.1, and ...)
	- kfreebsd-10 10.3~svn296373-1 (unimportant; bug #811278)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1879 (The Stream Control Transmission Protocol (SCTP) module in FreeBSD 9.3 ...)
	- kfreebsd-10 <unfixed> (unimportant; bug #811277)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
CVE-2016-1878
	RESERVED
CVE-2016-1877
	RESERVED
CVE-2016-1876 (The backend service process in Lenovo Solution Center (aka LSC) before ...)
	NOT-FOR-US: Lenovo
CVE-2016-1875
	RESERVED
CVE-2016-1874
	RESERVED
CVE-2016-1873
	RESERVED
CVE-2016-1872
	RESERVED
CVE-2016-1871
	RESERVED
CVE-2016-1870
	RESERVED
CVE-2016-1869
	RESERVED
CVE-2016-1868
	RESERVED
CVE-2016-1866 (Salt 2015.8.x before 2015.8.4 does not properly handle clear messages ...)
	- salt 2015.8.5+ds-1
	[jessie] - salt <not-affected> (affects only the 2015.8.x releases of Salt)
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.5.html
CVE-2016-1865 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1864 (The XSS auditor in WebKit, as used in Apple iOS before 9.3 and Safari ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1863 (The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1862 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1861 (The NVIDIA Graphics Drivers subsystem in Apple OS X before 10.11.5 ...)
	NOT-FOR-US: Apple
CVE-2016-1860 (Intel Graphics Driver in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1859 (The WebKit Canvas implementation in Apple iOS before 9.3.2, Safari ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1858 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1857 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
	- webkitgtk 2.12.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-1856 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
	- webkitgtk 2.12.3-1 (unimportant)
	NOTE: Not covered by security support
CVE-2016-1855 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1854 (WebKit, as used in Apple iOS before 9.3.2, Safari before 9.1.1, and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1853 (Tcl in Apple OS X before 10.11.5 allows remote attackers to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-1852 (Siri in Apple iOS before 9.3.2 does not block data detectors within ...)
	NOT-FOR-US: Apple
CVE-2016-1851 (The Screen Lock feature in Apple OS X before 10.11.5 mishandles ...)
	NOT-FOR-US: Apple
CVE-2016-1850 (SceneKit in Apple OS X before 10.11.5 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1849 (The &quot;Clear History and Website Data&quot; feature in Apple Safari before ...)
	NOT-FOR-US: Apple
CVE-2016-1848 (QuickTime in Apple OS X before 10.11.5 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1847 (OpenGL, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-1846 (The nvCommandQueue::GetHandleIndex method in the NVIDIA Graphics ...)
	NOT-FOR-US: Apple
CVE-2016-1845
	REJECTED
CVE-2016-1844 (The Messages component in Apple OS X before 10.11.5 mishandles roster ...)
	NOT-FOR-US: Apple
CVE-2016-1843 (The Messages component in Apple OS X before 10.11.5 mishandles ...)
	NOT-FOR-US: Apple
CVE-2016-1842 (MapKit in Apple iOS before 9.3.2, OS X before 10.11.5, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2016-1841 (libxslt, as used in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
	- libxslt 1.1.29-1
	[jessie] - libxslt 1.1.28-2+deb8u1
	[wheezy] - libxslt 1.1.26-14.1+deb7u1
	NOTE: upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=758291
	NOTE: upstream commit: https://git.gnome.org/browse/libxslt/commit/?id=fc1ff481fd01e9a65a921c542fed68d8c965e8a3
CVE-2016-1840 (Heap-based buffer overflow in the xmlFAParsePosCharGroup function in ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=cbb271655cadeb8dbb258a64701d9a3a0c4835b4 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=757711
CVE-2016-1839 (The xmlDictAddString function in libxml2 before 2.9.4, as used in ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a820dbeac29d330bae4be05d9ecd939ad6b4aa33 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758605
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=637
CVE-2016-1838 (The xmlPArserPrintFileContextInternal function in libxml2 before ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=db07dd613e461df93dde7902c6505629bf0734e9 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758588
	NOTE: https://bugs.chromium.org/p/project-zero/issues/detail?id=639
CVE-2016-1837 (Multiple use-after-free vulnerabilities in the (1) ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=11ed4a7a90d5ce156a18980a4ad4e53e77384852 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=760263
CVE-2016-1836 (Use-after-free vulnerability in the xmlDictComputeFastKey function in ...)
	{DSA-3593-1}
	- libxml2 2.9.3+dfsg1-1.1
	[wheezy] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=45752d2c334b50016666d8f0ec3691e2d680f0a0 (v2.9.4)
	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=dcc19503193c71596278a252064a8ce66331b3cd (v2.9.2)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759398
	NOTE: Regression applies to Jessie, since fix backported as 0007-Fix-a-parsing-bug-on-non-ascii-element-and-CR-LF-usa.patch
CVE-2016-1835 (Use-after-free vulnerability in the xmlSAX2AttributeNs function in ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=38eae571111db3b43ffdeb05487c9f60551906fb (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759020
CVE-2016-1834 (Heap-based buffer overflow in the xmlStrncat function in libxml2 ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=8fbbf5513d609c1770b391b99e33314cd0742704 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=763071
CVE-2016-1833 (The htmlCurrentChar function in libxml2 before 2.9.4, as used in Apple ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=0bcd05c5cd83dec3406c8f68b769b1d610c72f76 (v2.9.4)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758606
CVE-2016-1832 (libc in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1831 (The kernel in Apple iOS before 9.3.2 and OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1830 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1829 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1828 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1827 (The kernel in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1826 (Integer overflow in the dtrace implementation in the kernel in Apple ...)
	NOT-FOR-US: Apple
CVE-2016-1825 (IOHIDFamily in Apple OS X before 10.11.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1824 (IOHIDFamily in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-1823 (The IOHIDDevice::handleReportWithTime function in Apple iOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1822 (IOFireWireFamily in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1821 (IOAudioFamily in Apple OS X before 10.11.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1820 (Buffer overflow in IOAudioFamily in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1819 (Use-after-free vulnerability in the ...)
	NOT-FOR-US: Apple
CVE-2016-1818 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, ...)
	NOT-FOR-US: Apple
CVE-2016-1817 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, ...)
	NOT-FOR-US: Apple
CVE-2016-1816 (IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1815 (IOAcceleratorFamily in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1814 (IOAcceleratorFamily in Apple iOS before 9.3.2, OS X before 10.11.5, ...)
	NOT-FOR-US: Apple
CVE-2016-1813 (The IOAccelSharedUserClient2::page_off_resource method in Apple iOS ...)
	NOT-FOR-US: Apple
CVE-2016-1812 (Buffer overflow in Intel Graphics Driver in Apple OS X before 10.11.5 ...)
	NOT-FOR-US: Apple
CVE-2016-1811 (ImageIO in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1810 (The Graphics Drivers subsystem in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1809 (Disk Utility in Apple OS X before 10.11.5 uses incorrect encryption ...)
	NOT-FOR-US: Apple
CVE-2016-1808 (The Disk Images subsystem in Apple iOS before 9.3.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1807 (Race condition in the Disk Images subsystem in Apple iOS before 9.3.2, ...)
	NOT-FOR-US: Apple
CVE-2016-1806 (Crash Reporter in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1805 (CoreStorage in Apple OS X before 10.11.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1804 (The Multi-Touch subsystem in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1803 (CoreCapture in Apple iOS before 9.3.2, OS X before 10.11.5, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-1802 (CCCrypt in CommonCrypto in Apple iOS before 9.3.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1801 (The CFNetwork Proxies subsystem in Apple iOS before 9.3.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1800 (Captive Network Assistant in Apple OS X before 10.11.5 mishandles a ...)
	NOT-FOR-US: Apple
CVE-2016-1799 (Audio in Apple OS X before 10.11.5 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1798 (Audio in Apple OS X before 10.11.5 allows attackers to cause a denial ...)
	NOT-FOR-US: Apple
CVE-2016-1797 (Apple Type Services (ATS) in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1796 (Apple Type Services (ATS) in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1795 (AppleGraphicsPowerManagement in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1794 (The AppleGraphicsControlClient::checkArguments method in ...)
	NOT-FOR-US: Apple
CVE-2016-1793 (AppleGraphicsDeviceControlClient in Apple OS X before 10.11.5 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1792 (The AMD subsystem in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1791 (The AMD subsystem in Apple OS X before 10.11.5 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1790 (Buffer overflow in the Accessibility component in Apple iOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1789 (Apple iBooks Author before 2.4.1 allows remote attackers to read ...)
	NOT-FOR-US: Apple
CVE-2016-1788 (Messages in Apple iOS before 9.3, OS X before 10.11.4, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2016-1787 (Wiki Server in Apple OS X Server before 5.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1786 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1785 (The Page Loading implementation in WebKit in Apple iOS before 9.3 and ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1784 (The History implementation in WebKit in Apple iOS before 9.3, Safari ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1783 (WebKit in Apple iOS before 9.3, Safari before 9.1, and tvOS before 9.2 ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1782 (WebKit in Apple iOS before 9.3 and Safari before 9.1 does not properly ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1781 (WebKit in Apple iOS before 9.3 and Safari before 9.1 mishandles ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1780 (WebKit in Apple iOS before 9.3 does not prevent hidden web views from ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1779 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1778 (WebKit in Apple iOS before 9.3 and Safari before 9.1 allows remote ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1777 (Web Server in Apple OS X Server before 5.1 supports the RC4 algorithm, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1776 (Web Server in Apple OS X Server before 5.1 does not properly restrict ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2016-1775 (TrueTypeScaler in Apple iOS before 9.3, OS X before 10.11.4, tvOS ...)
	NOT-FOR-US: Apple
CVE-2016-1774 (The Time Machine server in Server App in Apple OS X Server before 5.1 ...)
	NOT-FOR-US: Apple
CVE-2016-1773 (The code-signing subsystem in Apple OS X before 10.11.4 does not ...)
	NOT-FOR-US: Apple
CVE-2016-1772 (The Top Sites feature in Apple Safari before 9.1 mishandles cookie ...)
	NOT-FOR-US: Apple
CVE-2016-1771 (The Downloads feature in Apple Safari before 9.1 mishandles file ...)
	NOT-FOR-US: Apple
CVE-2016-1770 (The Reminders component in Apple OS X before 10.11.4 allows attackers ...)
	NOT-FOR-US: Apple
CVE-2016-1769 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1768 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1767 (QuickTime in Apple OS X before 10.11.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2016-1766 (The Profiles component in Apple iOS before 9.3 does not properly ...)
	NOT-FOR-US: Apple
CVE-2016-1765 (otool in Apple Xcode before 7.3 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2016-1764 (The Content Security Policy (CSP) implementation in Messages in Apple ...)
	NOT-FOR-US: Apple
CVE-2016-1763 (Messages in Apple iOS before 9.3 does not ensure that an auto-fill ...)
	NOT-FOR-US: Apple
CVE-2016-1762 (The xmlNextChar function in libxml2 before 2.9.4 allows remote ...)
	{DSA-3593-1 DLA-503-1}
	- libxml2 2.9.3+dfsg1-1.1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7a94612aa3b16779e2c74e1fa353b5d9786c602
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=759671
CVE-2016-1761 (libxml2 in Apple iOS before 9.3, OS X before 10.11.4, and watchOS ...)
	NOT-FOR-US: No public details available, probably Apple specific libxml2 changes
	NOTE: Marking as NFU since a regular libxml2 security issue would have trickled down
	NOTE: via libxml upstream
CVE-2016-1760 (The XPC Services API in LaunchServices in Apple iOS before 9.3 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1759 (The kernel in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1758 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1757 (Race condition in the kernel in Apple iOS before 9.3 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1756 (The kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows ...)
	NOT-FOR-US: Apple
CVE-2016-1755 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1754 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1753 (Multiple integer overflows in the kernel in Apple iOS before 9.3, OS X ...)
	NOT-FOR-US: Apple
CVE-2016-1752 (The kernel in Apple iOS before 9.3, OS X before 10.11.4, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1751 (The kernel in Apple iOS before 9.3, tvOS before 9.2, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2016-1750 (Use-after-free vulnerability in the kernel in Apple iOS before 9.3, OS ...)
	NOT-FOR-US: Apple
CVE-2016-1749 (IOUSBFamily in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1748 (IOHIDFamily in Apple iOS before 9.3, OS X before 10.11.4, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1747 (IOGraphics in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1746 (IOGraphics in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1745 (IOFireWireFamily in Apple OS X before 10.11.4 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2016-1744 (The Intel driver in the Graphics Drivers subsystem in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2016-1743 (The Intel driver in the Graphics Drivers subsystem in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2016-1742 (Untrusted search path vulnerability in the installer in Apple iTunes ...)
	NOT-FOR-US: Apple
CVE-2016-1741 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X ...)
	NOT-FOR-US: Apple / NVIDIA
CVE-2016-1740 (FontParser in Apple iOS before 9.3, OS X before 10.11.4, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2016-1739
	REJECTED
CVE-2016-1738 (dyld in Apple OS X before 10.11.4 allows attackers to bypass a ...)
	NOT-FOR-US: Apple
CVE-2016-1737 (Carbon in Apple OS X before 10.11.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1736 (Bluetooth in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1735 (Bluetooth in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1734 (AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 ...)
	NOT-FOR-US: Apple
CVE-2016-1733 (AppleRAID in Apple OS X before 10.11.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2016-1732 (AppleRAID in Apple OS X before 10.11.4 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2016-1731 (Apple Software Update before 2.2 on Windows does not use HTTPS, which ...)
	NOT-FOR-US: Apple
CVE-2016-1730 (WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1729 (Untrusted search path vulnerability in OSA Scripts in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2016-1728 (The Cascading Style Sheets (CSS) implementation in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1727 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1726 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1725 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1724 (WebKit, as used in Apple iOS before 9.2.1, Safari before 9.0.3, and ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1723 (WebKit, as used in Apple iOS before 9.2.1 and Safari before 9.0.3, ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1722 (syslog in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1721 (The kernel in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1720 (IOKit in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1719 (The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1718 (The IOAcceleratorFamily2 interface in IOAcceleratorFamily in Apple OS ...)
	NOT-FOR-US: Apple iOS
CVE-2016-1717 (The Disk Images component in Apple iOS before 9.2.1, OS X before ...)
	NOT-FOR-US: Apple
CVE-2016-1716 (AppleGraphicsPowerManagement in Apple OS X before 10.11.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2016-1908 (The client in OpenSSH before 7.2 mishandles failed cookie generation ...)
	- openssh 1:7.2p1-1
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://anongit.mindrot.org/openssh.git/commit/?id=ed4ce82dbfa8a3a3c8ea6fa0db113c71e234416c
	NOTE: which needs to be applied after: https://anongit.mindrot.org/openssh.git/commit/?id=f98a09cacff7baad8748c9aa217afd155a4d493f
	NOTE: Background information on X11 SECURITY extension and SSH: https://thejh.net/written-stuff/openssh-6.8-xsecurity
	NOTE: https://lists.mindrot.org/pipermail/openssh-unix-dev/2016-January/034684.html
	NOTE: Red Hat Bugzilla entry: https://bugzilla.redhat.com/show_bug.cgi?id=1298741
	NOTE: vulnerability is partly due to /etc/X11/Xsession.d/35x11-common_xhost-local introduced in x11-common in 1:7.6+9 (wheezy and up)
	NOTE: https://lists.debian.org/debian-lts/2016/01/msg00029.html
	NOTE: Upstream announce: http://www.openssh.com/txt/release-7.2
CVE-2016-1907 (The ssh_packet_read_poll2 function in packet.c in OpenSSH before 7.1p2 ...)
	- openssh 1:7.1p2-1
	[jessie] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
	[wheezy] - openssh <not-affected> (Vulnerable code not present; Introduced in OpenSSH 6.8)
	[squeeze] - openssh <not-affected> (Issue introduced in OpenSSH 6.8)
	NOTE: Fixed by: https://anongit.mindrot.org/openssh.git/commit/?id=2fecfd486bdba9f51b3a789277bb0733ca36e1c0
	NOTE: Introduced by: https://anongit.mindrot.org/openssh.git/commit/packet.c?id=091c302829210c41e7f57c3f094c7b9c054306f0 (V_6_8_P1)
CVE-2016-1898 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
	{DSA-3506-1}
	- ffmpeg 7:2.8.5-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://habrahabr.ru/company/mailru/blog/274855
	NOTE: Fixed in 2.8.5 upstream
CVE-2016-1897 (FFmpeg 2.x allows remote attackers to conduct cross-origin attacks and ...)
	{DSA-3506-1}
	- ffmpeg 7:2.8.5-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://habrahabr.ru/company/mailru/blog/274855
	NOTE: Fixed in 2.8.5 upstream
CVE-2016-1867 (The jpc_pi_nextcprl function in JasPer 1.900.1 allows remote attackers ...)
	{DSA-3785-1}
	- jasper <removed> (bug #811023)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
CVE-2016-1715 (The swin.sys kernel driver in McAfee Application Control (MAC) 6.1.0 ...)
	NOT-FOR-US: swin.sys kernel driver in McAfee Application Control
CVE-2016-1713 (Unrestricted file upload vulnerability in the ...)
	NOT-FOR-US: vTiger
CVE-2016-1712 (Palo Alto Networks PAN-OS before 5.0.19, 5.1.x before 5.1.12, 6.0.x ...)
	NOT-FOR-US: Palo Alto Networks
CVE-2015-8779 (Stack-based buffer overflow in the catopen function in the GNU C ...)
	{DSA-3481-1 DSA-3480-1 DLA-411-1}
	- glibc 2.21-7 (bug #812455)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17905#c0
CVE-2015-8778 (Integer overflow in the GNU C Library (aka glibc or libc6) before 2.23 ...)
	{DSA-3481-1 DSA-3480-1 DLA-411-1}
	- glibc 2.21-8 (bug #812441)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18240
CVE-2015-8776 (The strftime function in the GNU C Library (aka glibc or libc6) before ...)
	{DSA-3481-1 DSA-3480-1 DLA-411-1}
	- glibc 2.21-7 (bug #812445)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18985
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=d36c75fc0d44deec29635dd239b0fbd206ca49b7
CVE-2015-8771 (The generate_smb_nt_hash function in include/functions.inc in GOsa ...)
	{DLA-562-1 DLA-408-1}
	- gosa 2.7.4+reloaded2-6
	[jessie] - gosa 2.7.4+reloaded2-1+deb8u2
	NOTE: https://github.com/gosa-project/gosa-core/commit/a67a047cba2cdae8bccb0f0e2bc6d3eb45cfcbc8
CVE-2015-8770 (Directory traversal vulnerability in the set_skin function in ...)
	{DSA-3541-1 DLA-392-1}
	- roundcube 1.1.4+dfsg.1-1
	NOTE: http://web.archive.org/web/20160329044421/http://roundcube.net/news/2015/12/26/updates-1.1.4-and-1.0.8-released
	NOTE: https://github.com/roundcube/roundcubemail/commit/10e5192a2b1bc90ec137f5e69d0aa072c1210d6d
CVE-2015-8769 (SQL injection vulnerability in Joomla! 3.x before 3.4.7 allows ...)
	NOT-FOR-US: Joomla
CVE-2016-1711 (WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1710 (The ChromeClientImpl::createWindow method in ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1709 (Heap-based buffer overflow in the ByteArray::Get method in ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1708 (The Chrome Web Store inline-installation implementation in the ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1707 (ios/web/web_state/ui/crw_web_controller.mm in Google Chrome before ...)
	{DSA-3637-1}
	- chromium-browser <not-affected> (Only affects chromium-browser on iOS)
CVE-2016-1706 (The PPAPI implementation in Google Chrome before 52.0.2743.82 does not ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1705 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1704 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3637-1}
	- chromium-browser 52.0.2743.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1703 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1702 (The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1701 (The Autofill implementation in Google Chrome before 51.0.2704.79 ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1700 (extensions/renderer/runtime_custom_bindings.cc in Google Chrome before ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1699 (WebKit/Source/devtools/front_end/devtools.js in the Developer Tools ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1698 (The createCustomType function in ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1697 (The FrameLoader::startLoad function in ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1696 (The extensions subsystem in Google Chrome before 51.0.2704.79 does not ...)
	{DSA-3594-1}
	- chromium-browser 51.0.2704.79-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1695 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1694 (browser/browsing_data/browsing_data_remover.cc in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1693 (browser/safe_browsing/srt_field_trial_win.cc in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1692 (WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1691 (Skia, as used in Google Chrome before 51.0.2704.63, mishandles ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1690 (The Autofill implementation in Google Chrome before 51.0.2704.63 ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1689 (Heap-based buffer overflow in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1688 (The regexp (aka regular expression) implementation in Google V8 before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1687 (The renderer implementation in Google Chrome before 51.0.2704.63 does ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1686 (The CPDF_DIBSource::CreateDecoder function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1685 (core/fxge/ge/fx_ge_text.cpp in PDFium, as used in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1684 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before ...)
	{DSA-3605-1 DSA-3590-1 DLA-514-1}
	- libxslt 1.1.29-1
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=91d0540ac9beaa86719a05b749219a69baa0dd8d (v1.1.29-rc1)
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583171
CVE-2016-1683 (numbers.c in libxslt before 1.1.29, as used in Google Chrome before ...)
	{DSA-3605-1 DSA-3590-1 DLA-514-1}
	- libxslt 1.1.29-1
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=d182d8f6ba3071503d96ce17395c9d55871f0242 (v1.1.29-rc1)
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: Chromium bug report: https://code.google.com/p/chromium/issues/detail?id=583156
CVE-2016-1682 (The ServiceWorkerContainer::registerServiceWorkerImpl function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1681 (Heap-based buffer overflow in the opj_j2k_read_SPCod_SPCoc function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	NOTE: http://blog.talosintel.com/2016/06/pdfium.html
CVE-2016-1680 (Use-after-free vulnerability in ports/SkFontHost_FreeType.cpp in Skia, ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1679 (The ToV8Value function in content/child/v8_value_converter_impl.cc in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1678 (objects.cc in Google V8 before 5.0.71.32, as used in Google Chrome ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1677 (uri.js in Google V8 before 5.1.281.26, as used in Google Chrome before ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1676 (extensions/renderer/resources/binding.js in the extension bindings in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1675 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1674 (The extensions subsystem in Google Chrome before 51.0.2704.63 allows ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1673 (Blink, as used in Google Chrome before 51.0.2704.63, allows remote ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1672 (The ModuleSystem::RequireForJsInner function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1671 (Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2016-1670 (Race condition in the ResourceDispatcherHostImpl::BeginRequest ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1669 (The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	- nodejs 4.4.6~dfsg-1 (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1668 (The forEachForBinding function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1667 (The TreeScope::adoptIfNeeded function in ...)
	{DSA-3590-1}
	- chromium-browser 51.0.2704.63-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1666 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1665 (The JSGenericLowering class in compiler/js-generic-lowering.cc in ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1664 (The HistoryController::UpdateForCommit function in ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1663 (The SerializedScriptValue::transferArrayBuffers function in ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1662 (extensions/renderer/gc_callback.cc in Google Chrome before ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1661 (Blink, as used in Google Chrome before 50.0.2661.94, does not ensure ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1660 (Blink, as used in Google Chrome before 50.0.2661.94, mishandles ...)
	{DSA-3564-1}
	- chromium-browser 50.0.2661.94-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1659 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1658 (The Extensions subsystem in Google Chrome before 50.0.2661.75 ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1657 (The WebContentsImpl::FocusLocationBarByDefault function in ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1656 (The download implementation in Google Chrome before 50.0.2661.75 on ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2016-1655 (Google Chrome before 50.0.2661.75 does not properly consider that ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1654 (The media subsystem in Google Chrome before 50.0.2661.75 does not ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1653 (The LoadBuffer implementation in Google V8, as used in Google Chrome ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1652 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1651 (fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome ...)
	{DSA-3549-1}
	- chromium-browser 50.0.2661.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1650 (The PageCaptureSaveAsMHTMLFunction::ReturnFailure function in ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1649 (The Program::getUniformInternal function in Program.cpp in libANGLE, ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1648 (Use-after-free vulnerability in the GetLoadTimes function in ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1647 (Use-after-free vulnerability in the RenderWidgetHostImpl::Destroy ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1646 (The Array.prototype.concat implementation in builtins.cc in Google V8, ...)
	{DSA-3531-1}
	- chromium-browser 49.0.2623.108-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2016-1645 (Multiple integer signedness errors in the opj_j2k_update_image_data ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1644 (WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1643 (The ImageInputType::ensurePrimaryContent function in ...)
	{DSA-3513-1}
	- chromium-browser 49.0.2623.87-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
CVE-2016-1642 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1641 (Use-after-free vulnerability in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1640 (The Web Store inline-installer implementation in the Extensions UI in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1639 (Use-after-free vulnerability in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1638 (extensions/renderer/resources/platform_app.js in the Extensions ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1637 (The SkATan2_255 function in effects/gradients/SkSweepGradient.cpp in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1636 (The PendingScript::notifyFinished function in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1635 (extensions/renderer/render_frame_observer_natives.cc in Google Chrome ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1634 (Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1633 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1632 (The Extensions subsystem in Google Chrome before 49.0.2623.75 does not ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1631 (The PPB_Flash_MessageLoop_Impl::InternalRun function in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1630 (The ContainerNode::parserRemoveChild function in ...)
	{DSA-3507-1}
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1629 (Google Chrome before 48.0.2564.116 allows remote attackers to bypass ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1628 (pi.c in OpenJPEG, as used in PDFium in Google Chrome before ...)
	{DSA-4013-1 DSA-3486-1}
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
	- openjpeg2 2.1.2-1.2
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
	NOTE: https://github.com/uclouvain/openjpeg/issues/850
	NOTE: https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586
CVE-2016-1627 (The Developer Tools (aka DevTools) subsystem in Google Chrome before ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1626 (The opj_pi_update_decode_poc function in pi.c in OpenJPEG, as used in ...)
	{DSA-3486-1}
	- openjpeg <removed>
	[jessie] - openjpeg <not-affected> (Vulnerable code introduced later)
	[wheezy] - openjpeg <not-affected> (Vulnerable code introduced later)
	- openjpeg2 2.1.2-1.2
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: openjpeg2 fixed in google by https://pdfium.googlesource.com/pdfium.git/+/76c995796f95fd4c54c5f11d2a04392f16478619%5E%21/#F2
	NOTE: https://github.com/uclouvain/openjpeg/issues/850
	NOTE: https://github.com/uclouvain/openjpeg/commit/11445eddad7e7fa5b273d1c83c91011c44e5d586
CVE-2016-1625 (The Chrome Instant feature in Google Chrome before 48.0.2564.109 does ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1624 (Integer underflow in the ProcessCommandsInternal function in ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- brotli 0.3.0+dfsg-3 (bug #817233)
	NOTE: https://codereview.chromium.org/1662313002
	NOTE: https://codereview.chromium.org/1662313002/diff/1/third_party/brotli/dec/decode.c
	NOTE: Same fix/change as for CVE-2016-1968
CVE-2016-1623 (The DOM implementation in Google Chrome before 48.0.2564.109 does not ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1622 (The Extensions subsystem in Google Chrome before 48.0.2564.109 does ...)
	{DSA-3486-1}
	- chromium-browser 48.0.2564.116-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1621 (libvpx in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 ...)
	- libvpx 1.6.1-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present, libwebm not yet included)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present, libwebm not yet included)
	NOTE: https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d%5E!/#F1
	NOTE: probably fixed earlier than this version, but this was the version checked
CVE-2016-1620 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1619 (Multiple integer overflows in the (1) sycc422_to_rgb and (2) ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1618 (Blink, as used in Google Chrome before 48.0.2564.82, does not ensure ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1617 (The CSPSource::schemeMatches function in ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1616 (The CustomButton::AcceleratorPressed function in ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1615 (The Omnibox implementation in Google Chrome before 48.0.2564.82 allows ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1614 (The UnacceleratedImageBufferSurface class in ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1613 (Multiple use-after-free vulnerabilities in the formfiller ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1612 (The LoadIC::UpdateCaches function in ic/ic.cc in Google V8, as used in ...)
	{DSA-3456-1}
	- chromium-browser 48.0.2564.82-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2016-1611 (Novell Filr 1.2 before Hot Patch 6 and 2.0 before Hot Patch 2 uses ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1610 (Directory traversal vulnerability in the email-template feature in ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1609 (Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1608 (vaconfig/time in Novell Filr before 1.2 Security Update 3 and 2.0 ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1607 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Novell Filr
CVE-2016-1606 (Multiple stack-based buffer overflows in COM objects in Micro Focus ...)
	NOT-FOR-US: Micro Focus Rumba
CVE-2016-1605 (Directory traversal vulnerability in the ReportViewServlet servlet in ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2016-1604
	RESERVED
CVE-2016-1603 (An information leak in the NetIQ IDM ServiceNow Driver before 1.0.0.1 ...)
	NOT-FOR-US: NetIQ
CVE-2016-1602 (A code injection in the supportconfig data collection tool in ...)
	NOT-FOR-US: SLES support tool
CVE-2016-1601 (yast2-users before 3.1.47, as used in SUSE Linux Enterprise 12 SP1, ...)
	NOT-FOR-US: yast2-users / SuSE YAST
CVE-2016-1600
	RESERVED
CVE-2016-1599 (Cross-site scripting (XSS) vulnerability in NetIQ Self Service ...)
	NOT-FOR-US: NetIQ Self Service Password Reset
CVE-2016-1598 (XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows ...)
	NOT-FOR-US: NetIQ IDM
CVE-2016-1597 (A logged-in user in NetIQ Access Governance Suite 6.0 through 6.4 could ...)
	NOT-FOR-US: NetIQ
CVE-2016-1596 (Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1595 (LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1594 (Micro Focus Novell Service Desk before 7.2 allows remote authenticated ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1593 (Directory traversal vulnerability in the import users feature in Micro ...)
	NOT-FOR-US: Micro Focus
CVE-2016-1592 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote ...)
	NOT-FOR-US: NetIQ Designer
CVE-2016-1591
	REJECTED
CVE-2016-1590
	REJECTED
CVE-2016-1589
	REJECTED
CVE-2016-1588
	REJECTED
CVE-2016-1587
	RESERVED
CVE-2016-1586
	RESERVED
CVE-2016-1585
	RESERVED
CVE-2016-1584
	RESERVED
CVE-2016-1583 (The ecryptfs_privileged_open function in fs/ecryptfs/kthread.c in the ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.6.2-1
CVE-2016-1582 (LXD before 2.0.2 does not properly set permissions when switching an ...)
	- lxd <itp> (bug #768073)
CVE-2016-1581 (LXD before 2.0.2 uses world-readable permissions for ...)
	- lxd <itp> (bug #768073)
CVE-2016-1580 (The setup_snappy_os_mounts function in the ubuntu-core-launcher ...)
	NOT-FOR-US: ubuntu-core-launcher
CVE-2016-1579
	RESERVED
CVE-2016-1578 (Use-after-free vulnerability in Oxide allows remote attackers to cause ...)
	NOT-FOR-US: Oxide
CVE-2016-1577 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
	{DSA-3508-1}
	- jasper <removed> (bug #816625)
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/03/12
CVE-2016-1576 (The overlayfs implementation in the Linux kernel through 4.5.2 does ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1535150
	NOTE: http://www.halfdog.net/Security/2016/OverlayfsOverFusePrivilegeEscalation/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
CVE-2016-1575 (The overlayfs implementation in the Linux kernel through 4.5.2 does ...)
	- linux 4.5.1-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1534961
	NOTE: http://www.halfdog.net/Security/2016/UserNamespaceOverlayfsXattrSetgidPrivilegeEscalation/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9f57ebcba563e0cd532926cab83c92bb4d79360
CVE-2016-1574
	REJECTED
CVE-2016-1573
	RESERVED
CVE-2016-1572 (mount.ecryptfs_private.c in eCryptfs-utils does not validate mount ...)
	{DSA-3450-1 DLA-397-1}
	- ecryptfs-utils 106-2
	NOTE: https://bugs.launchpad.net/ecryptfs/+bug/1530566
	NOTE: https://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/870
CVE-2016-1571 (The paging_invlpg function in include/asm-x86/paging.h in Xen 3.3.x ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-168.html
CVE-2016-1570 (The PV superpage functionality in arch/x86/mm.c in Xen 3.4.0, 3.4.1, ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-167.html
CVE-2016-1567 (chrony before 1.31.2 and 2.x before 2.2.1 do not verify peer ...)
	{DLA-742-1 DLA-414-1}
	- chrony 2.2.1-1 (low; bug #812923)
	[jessie] - chrony 1.30-2+deb8u2
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0071/
	NOTE: http://chrony.tuxfamily.org/news.html#_20_jan_2016_chrony_2_2_1_and_chrony_1_31_2_released
	NOTE: Fix for 2.x http://git.tuxfamily.org/chrony/chrony.git/commit/?id=a78bf9725a7b481ebff0e0c321294ba767f2c1d8
	NOTE: Fix for 1.x http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=df46e5ca5d70be1c0ae037f96b4b038362703832
CVE-2016-1566 (Cross-site scripting (XSS) vulnerability in the file browser in ...)
	- guacamole-client <unfixed> (bug #859136)
	[stretch] - guacamole-client <no-dsa> (Minor issue)
	[jessie] - guacamole-client <not-affected> (Vulnerable code not present)
	- guacamole <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/glyptodon/guacamole-client/commit/7da13129c432d1c0a577342a9bf23ca2bde9c367
CVE-2016-1565 (Cross-site scripting (XSS) vulnerability in the Field Group module ...)
	NOT-FOR-US: Field Group module for Drupal
CVE-2015-8768 (click/install.py in click does not require files in package filesystem ...)
	NOT-FOR-US: Click package manager
	NOTE: http://www.ubuntu.com/usn/usn-2771-1/
CVE-2015-8766 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Symphony CMS
CVE-2015-8765 (Intel McAfee ePolicy Orchestrator (ePO) 4.6.9 and earlier, 5.0.x, ...)
	NOT-FOR-US: McAfee
CVE-2015-8761 (The Values module 7.x-1.x before 7.x-1.2 for Drupal does not properly ...)
	NOT-FOR-US: Values module for Drupal
CVE-2015-8760 (The Flvplayer component in TYPO3 6.2.x before 6.2.16 allows remote ...)
	NOT-FOR-US: Typo3
CVE-2015-8759 (Cross-site scripting (XSS) vulnerability in the typoLink function in ...)
	NOT-FOR-US: Typo3
CVE-2015-8758 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: Typo3
CVE-2015-8757 (Cross-site scripting (XSS) vulnerability in the Extension Manager in ...)
	NOT-FOR-US: Typo3
CVE-2015-8756 (Cross-site scripting (XSS) vulnerability in the search result view in ...)
	NOT-FOR-US: Typo3
CVE-2015-8755 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: Typo3
CVE-2015-8754 (The Mollom module 6.x-2.7 before 6.x-2.15 for Drupal allows remote ...)
	NOT-FOR-US: Mollom module for Drupal
CVE-2015-8753 (SAP Afaria 7.0.6001.5 allows remote attackers to bypass authorization ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-8752
	REJECTED
CVE-2016-1714 (The (1) fw_cfg_write and (2) fw_cfg_read functions in ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-4
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1296060
	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00428.html
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/7
	NOTE: fw_cfg support for guest-side data writes removed in 2.4 (1:2.4+dfsg-1a)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=023e3148567ac898c7258138f8e86c3c2bb40d07 (v2.4.0-rc0)
	NOTE: fw_cfg_read removed in: http://git.qemu.org/?p=qemu.git;a=commit;h=6c8d56a2e95712a6206a2671d2b04b2e59cabc0b
CVE-2015-8767 (net/sctp/sm_sideeffect.c in the Linux kernel before 4.3 does not ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.1-1
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/635682a14427d241bab7bbdeebb48a7d7b91638e (v4.3-rc4)
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/11/4
CVE-2016-1569 (FireBird 2.5.5 allows remote authenticated users to cause a denial of ...)
	- firebird2.5 2.5.5.26952.ds4-3 (bug #810599)
	[jessie] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	[wheezy] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	[squeeze] - firebird2.5 <not-affected> (Issue introduced in 2.5.5)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-5068
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/10/2
CVE-2016-1568 (Use-after-free vulnerability in hw/ide/ahci.c in QEMU, when built with ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #810527)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg01184.html
	NOTE: ahci emulation added in: http://git.qemu.org/?p=qemu.git;a=commit;h=f6ad2e32f8d833c7f1c75dc084a84a8f02704d64 (v0.14.0-rc0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288532
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/09/1
CVE-2016-1563 (NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 ...)
	NOT-FOR-US: NetApp
CVE-2016-1562 (The REST API in the DTE Energy Insight application before 1.7.8 for ...)
	NOT-FOR-US: DTE Energy Insight
CVE-2016-1561 (ExaGrid appliances with firmware before 4.8 P26 have a default SSH ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2016-1560 (ExaGrid appliances with firmware before 4.8 P26 have a default ...)
	NOT-FOR-US: ExaGrid appliances
CVE-2016-1559 (D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ...)
	NOT-FOR-US: D-Link
CVE-2016-1558 (Buffer overflow in D-Link DAP-2310 2.06 and earlier, DAP-2330 1.06 and ...)
	NOT-FOR-US: D-Link
CVE-2016-1557 (Netgear WNAP320, WNDAP350, and WNDAP360 before 3.5.5.0 reveal wireless ...)
	NOT-FOR-US: Netgear
CVE-2016-1556 (Information disclosure in Netgear WN604 before 3.3.3; WNAP210, ...)
	NOT-FOR-US: Netgear
CVE-2016-1555 ((1) boardData102.php, (2) boardData103.php, (3) boardDataJP.php, (4) ...)
	NOT-FOR-US: Netgear
CVE-2016-1554
	RESERVED
CVE-2016-1553
	RESERVED
CVE-2016-1552
	RESERVED
	- hhvm 3.12.1+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/979b5b312ffbd56126c52f3dcb6cf8fcab89664f
	NOTE: https://github.com/facebook/hhvm/commit/604689e1565ea6361f9d81f839cd56bdda3b45ed
	NOTE: https://github.com/facebook/hhvm/commit/f21dccdde582c61d5a9b52dd821bcb1f08169d28
CVE-2016-1551 (ntpd in NTP 4.2.8p3 and NTPsec ...)
	- ntp <not-affected> (Does not affect Linux or FreeBSD)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1550 (An exploitable vulnerability exists in the message authentication ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1549 (A malicious authenticated peer can create arbitrarily-many ephemeral ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#February_2018_ntp_4_2_8p11_NTP_S
	NOTE: additional significant protection went into ntp-4.2.8p11.
CVE-2016-1548 (An attacker can spoof a packet from a legitimate ntpd server with an ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1547 (An off-path attacker can cause a preemptible client association to be ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2016-1546 (The Apache HTTP Server 2.4.17 and 2.4.18, when mod_http2 is enabled, ...)
	- apache2 2.4.20-1
	[jessie] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: HTTP/2 support introduced in 2.4.17
	NOTE: Upstream commit: http://svn.apache.org/viewvc?view=revision&revision=1733727
	NOTE: Upsteam backport for 2.4.x: http://svn.apache.org/viewvc?view=revision&revision=1734413
CVE-2016-1545
	RESERVED
CVE-2016-1544 [out of memory error due to unlimited incoming HTTP header fields]
	RESERVED
	- nghttp2 1.7.1-1
	[jessie] - nghttp2 <no-dsa> (Minor issue)
	NOTE: Fix spread across multiple commits: https://github.com/tatsuhiro-t/nghttp2/compare/v1.7.0...v1.7.1
	NOTE: Commits between 1.7.0 and 1.7.1 seem almost limited to this issue, cf.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1308461#c3
CVE-2016-1543 (The RPC API in the RSCD agent in BMC BladeLogic Server Automation ...)
	NOT-FOR-US: BMC
CVE-2016-1542 (The RPC API in RSCD agent in BMC BladeLogic Server Automation (BSA) ...)
	NOT-FOR-US: BMC
CVE-2016-1541 (Heap-based buffer overflow in the zip_read_mac_metadata function in ...)
	{DSA-3574-1}
	[experimental] - libarchive 3.2.0-1
	- libarchive 3.1.2-11.1 (bug #823893)
	[wheezy] - libarchive <not-affected> (Vulnerable code not present)
	NOTE: keeping the experimental tracking version as well since maintainer said not to merge NMU changelog
	NOTE: http://www.kb.cert.org/vuls/id/862384
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0155/
	NOTE: https://github.com/libarchive/libarchive/commit/d0331e8e5b05b475f20b1f3101fe1ad772d7e7e7 (v3.2.0)
	NOTE: Feature added in https://github.com/libarchive/libarchive/commit/1399a59680fa2dfca68764468ed0bcaa0331fde7
CVE-2016-1540
	RESERVED
CVE-2016-1539
	RESERVED
CVE-2016-1538
	RESERVED
CVE-2016-1537
	RESERVED
CVE-2016-1536
	RESERVED
CVE-2016-1535
	RESERVED
CVE-2016-1534
	RESERVED
CVE-2016-1533
	RESERVED
CVE-2016-1532
	RESERVED
CVE-2016-1531 (Exim before 4.86.2, when installed setuid root, allows local users to ...)
	{DSA-3517-1}
	- exim4 4.86.2-1
	NOTE: https://lists.exim.org/lurker/message/20160302.191005.a72d8433.en.html
CVE-2016-1530
	RESERVED
CVE-2016-1529
	RESERVED
CVE-2016-1528
	RESERVED
CVE-2016-1527
	RESERVED
CVE-2016-1526 (The TtfUtil:LocaLookup function in TtfUtil.cpp in Libgraphite in ...)
	{DSA-3491-1 DSA-3479-1 DSA-3477-1}
	- graphite2 1.3.5-1
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
	NOTE: Talos Blog mentions this CVE, but it is not listed in
	NOTE: http://talosintel.com/vulnerability-reports/
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1525 (Directory traversal vulnerability in data/config/image.do in NETGEAR ...)
	NOT-FOR-US: NETGEAR Management System NMS300
CVE-2016-1524 (Multiple unrestricted file upload vulnerabilities in NETGEAR ...)
	NOT-FOR-US: NETGEAR Management System NMS300
CVE-2016-1523 (The SillMap::readFace function in FeatureMap.cpp in Libgraphite in ...)
	{DSA-3491-1 DSA-3479-1 DSA-3477-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0059/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
	- iceweasel 44.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-14/
CVE-2016-1522 (Code.cpp in Libgraphite in Graphite 2 1.2.4, as used in Mozilla ...)
	{DSA-3479-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0057/
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0060/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1521 (The directrun function in directmachine.cpp in Libgraphite in Graphite ...)
	{DSA-3479-1}
	- graphite2 1.3.5-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0058/
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0061/
	NOTE: http://blog.talosintel.com/2016/02/vulnerability-spotlight-libgraphite.html
CVE-2016-1520 (The Grandstream Wave app 1.0.1.26 and earlier for Android does not use ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1519 (The com.softphone.common package in the Grandstream Wave app 1.0.1.26 ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1518 (The auto-provisioning mechanism in the Grandstream Wave app 1.0.1.26 ...)
	NOT-FOR-US: Grandstream Wave app
CVE-2016-1517 (OpenCV 3.0.0 allows remote attackers to cause a denial of service ...)
	- opencv <unfixed> (bug #872043)
	[wheezy] - opencv <no-dsa> (Minor issue)
	NOTE: https://arxiv.org/pdf/1701.04739.pdf
	NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1516 (OpenCV 3.0.0 has a double free issue that allows attackers to execute ...)
	{DLA-1117-1}
	- opencv <unfixed> (bug #872043)
	NOTE: https://arxiv.org/pdf/1701.04739.pdf
	NOTE: https://github.com/opencv/opencv/issues/5956
CVE-2016-1515
	REJECTED
CVE-2016-1514
	REJECTED
CVE-2016-1513 (The Impress tool in Apache OpenOffice 4.1.2 and earlier allows remote ...)
	{DLA-591-1}
	- libreoffice 1:4.3.3-1
	NOTE: http://www.openoffice.org/security/cves/CVE-2016-1513.html
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0051/
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=fd64d444b730f6cb7216dac8f6e3f9
	NOTE: https://cgit.freedesktop.org/libreoffice/core/commit/?id=adbdac2dd6799789a45cd3b6ca48919889a8b64d (origin/libreoffice-4-3-3)
	NOTE: Fixed at least in 4.3.3 based version, maybe alredy earlier.
CVE-2016-1512
	RESERVED
CVE-2016-1511
	RESERVED
CVE-2016-1510
	RESERVED
CVE-2016-1509
	RESERVED
CVE-2016-1508
	RESERVED
CVE-2016-1507
	RESERVED
CVE-2016-1506
	RESERVED
CVE-2016-1502 (NetApp SnapCenter Server 1.0 and 1.0P1 allows remote attackers to ...)
	NOT-FOR-US: NetApp
CVE-2016-1497 (The Configuration utility in F5 BIG-IP systems 11.0.x, 11.1.x, 11.2.x ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2016-1496 (The graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
	NOT-FOR-US: Huawei
CVE-2016-1495 (Integer overflow in the graphics drivers in Huawei Mate S smartphones ...)
	NOT-FOR-US: Huawei
CVE-2016-1564 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-3444-1}
	- wordpress 4.4.1+dfsg-1 (bug #810325)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
	NOTE: https://core.trac.wordpress.org/changeset/36185
	NOTE: https://wpvulndb.com/vulnerabilities/8358
	NOTE: https://twitter.com/brutelogic/status/685105483397619713
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/08/3
CVE-2015-XXXX [use after free / double free]
	- lighttpd 1.4.39-1
	[jessie] - lighttpd <not-affected> (Regression introduced in 1.4.36)
	[wheezy] - lighttpd <not-affected> (Regression introduced in 1.4.36)
	[squeeze] - lighttpd <not-affected> (Regression introduced in 1.4.36)
	NOTE: http://redmine.lighttpd.net/issues/2700
	NOTE: Introduced in 1.4.36: http://web.archive.org/web/20150906061055/http://redmine.lighttpd.net/projects/lighttpd/repository/revisions/2976
CVE-2016-1503 (dhcpcd before 6.10.0, as used in Android 4.x before 4.4.4, 5.0.x ...)
	- dhcpcd5 6.10.1-1 (bug #810621)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
	- dhcpcd <not-affected> (Vulnerable code not present)
	NOTE: https://dev.marples.name/rDHC1475a702df74b120db847991bc011e3441a045b8
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-1504 (dhcpcd before 6.10.0 allows remote attackers to cause a denial of ...)
	- dhcpcd5 6.10.1-1 (bug #810620)
	[jessie] - dhcpcd5 <not-affected> (Vulnerable code not present)
	[wheezy] - dhcpcd5 <not-affected> (Vulnerable code not present)
	- dhcpcd <not-affected> (Vulnerable code not present)
	[squeeze] - dhcpcd <not-affected> (Vulnerable code not present)
	NOTE: https://dev.marples.name/rDHC33c03b26c01201152774ef92e7b773281b8d8443
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/07/3
	NOTE: dhcpcd 3.2.3-<rev> in squeeze and wheezy differ very much from dhcpcd5 in later Debian versions.
CVE-2016-XXXX [Missing normalization]
	- ruby-rack-attack 4.3.1-1
	NOTE: https://github.com/kickstarter/rack-attack/commit/76c2e3143099d938883ae5654527b47e9e6a8977
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/07/1
CVE-2016-1501 (ownCloud Server before 8.0.9 and 8.1.x before 8.1.4 allow remote ...)
	- owncloud 7.0.12~dfsg-2
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-004
CVE-2016-1500 (ownCloud Server before 7.0.12, 8.0.x before 8.0.10, 8.1.x before ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-1
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-003
CVE-2016-1499 (ownCloud Server before 8.0.10, 8.1.x before 8.1.5, and 8.2.x before ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-2
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-002
CVE-2016-1498 (Cross-site scripting (XSS) vulnerability in the OCS discovery provider ...)
	[experimental] - owncloud 8.2.2~dfsg-1
	- owncloud 7.0.12~dfsg-1
	[jessie] - owncloud 7.0.4+dfsg-4~deb8u4
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2016-001
CVE-2016-1493 (Intel Driver Update Utility before 2.4 retrieves driver updates in ...)
	NOT-FOR-US: Intel Driver Update Utility
CVE-2016-1492 (The Wifi hotspot in Lenovo SHAREit before 3.5.48_ww for Android, when ...)
	NOT-FOR-US: Lenovo
CVE-2016-1491 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows, when ...)
	NOT-FOR-US: Lenovo
CVE-2016-1490 (The Wifi hotspot in Lenovo SHAREit before 3.2.0 for Windows allows ...)
	NOT-FOR-US: Lenovo
CVE-2016-1489 (Lenovo SHAREit before 3.2.0 for Windows and SHAREit before 3.5.48_ww ...)
	NOT-FOR-US: Lenovo
CVE-2016-1488 (Cross-site scripting (XSS) vulnerability in the login form in the ...)
	NOT-FOR-US: Siemens
CVE-2016-1487
	RESERVED
CVE-2016-1486 (A vulnerability in the email attachment scanning functionality of the ...)
	NOT-FOR-US: Siemens OZW OZW672
CVE-2016-1485 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services ...)
	NOT-FOR-US: Cisco
CVE-2016-1484 (Cisco WebEx Meetings Server 2.6 allows remote attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-2016-1483 (Cisco WebEx Meetings Server 2.6 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2016-1482 (Cisco WebEx Meetings Server 2.6 allows remote attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-2016-1481 (A vulnerability in the email message filtering feature of Cisco AsyncOS ...)
	NOT-FOR-US: Cisco
CVE-2016-1480 (A vulnerability in the Multipurpose Internet Mail Extensions (MIME) ...)
	NOT-FOR-US: Cisco
CVE-2016-1479 (Cisco IP Phone 8800 devices with software 11.0(1) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1478 (Cisco IOS 15.5(3)S3, 15.6(1)S2, 15.6(2)S1, and 15.6(2)T1 does not ...)
	NOT-FOR-US: Cisco
CVE-2016-1477 (Cisco Connected Streaming Analytics 1.1.1 allows remote authenticated ...)
	NOT-FOR-US: Cisco
CVE-2016-1476 (Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 ...)
	NOT-FOR-US: Cisco
CVE-2016-1475
	RESERVED
CVE-2016-1474 (Cisco Prime Infrastructure 2.2(2) does not properly restrict use of ...)
	NOT-FOR-US: Cisco
CVE-2016-1473 (Cisco Small Business 220 devices with firmware before 1.0.1.1 have a ...)
	NOT-FOR-US: Cisco
CVE-2016-1472 (The web-based management interface on Cisco Small Business 220 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1471 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Cisco
CVE-2016-1470 (Cross-site request forgery (CSRF) vulnerability in the web-based ...)
	NOT-FOR-US: Cisco
CVE-2016-1469 (The HTTP framework on Cisco SPA300, SPA500, and SPA51x devices allows ...)
	NOT-FOR-US: Cisco
CVE-2016-1468 (The administrative web interface in Cisco TelePresence Video ...)
	NOT-FOR-US: Cisco
CVE-2016-1467 (Cisco Videoscape Session Resource Manager (VSRM) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1466 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) ...)
	NOT-FOR-US: Cisco
CVE-2016-1465 (Cisco Nexus 1000v Application Virtual Switch (AVS) devices before ...)
	NOT-FOR-US: Cisco
CVE-2016-1464 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, ...)
	NOT-FOR-US: Cisco
CVE-2016-1463 (Cisco FireSIGHT System Software 5.3.0, 5.3.1, 5.4.0, 6.0, and 6.0.1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1462 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Cisco
CVE-2016-1461 (Cisco AsyncOS on Email Security Appliance (ESA) devices through ...)
	NOT-FOR-US: Cisco
CVE-2016-1460 (Cisco Wireless LAN Controller (WLC) devices 7.4(121.0) and ...)
	NOT-FOR-US: Cisco
CVE-2016-1459 (Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 ...)
	NOT-FOR-US: Cisco
CVE-2016-1458 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2016-1457 (The web-based GUI in Cisco Firepower Management Center 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2016-1456 (The CLI in Cisco IOS XR 6.x through 6.0.1 allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2016-1455 (Cisco NX-OS before 7.0(3)I2(2e) and 7.0(3)I4 before 7.0(3)I4(1) has an ...)
	NOT-FOR-US: Cisco
CVE-2016-1454 (Cisco NX-OS 4.0 through 7.3 and 11.0 through 11.2 on 1000v, 2000, ...)
	NOT-FOR-US: Cisco
CVE-2016-1453 (Buffer overflow in the Overlay Transport Virtualization (OTV) GRE ...)
	NOT-FOR-US: Cisco
CVE-2016-1452 (Cisco ASR 5000 devices with software 18.3 through 20.0.0 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1451 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Cisco
CVE-2016-1450 (Cisco WebEx Meetings Server 2.6 allows remote authenticated users to ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1449 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meetings ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1448 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1447 (Cross-site scripting (XSS) vulnerability in the administrator ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1446 (SQL injection vulnerability in Cisco WebEx Meetings Server 2.6 allows ...)
	NOT-FOR-US: Cisco WebEx
CVE-2016-1445 (Cisco Adaptive Security Appliance (ASA) Software 8.2 through 9.4.3.3 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1444 (The Mobile and Remote Access (MRA) component in Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2016-1443 (The virtual network stack on Cisco AMP Threat Grid Appliance devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1442 (The administrative web interface in Cisco Prime Infrastructure (PI) ...)
	NOT-FOR-US: Cisco
CVE-2016-1441 (Cisco Cloud Network Automation Provisioner (CNAP) 1.0(0) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-1440 (The proxy process on Cisco Web Security Appliance (WSA) devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1439 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2016-1438 (Cisco AsyncOS 9.7.0-125 on Email Security Appliance (ESA) devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1437 (SQL injection vulnerability in the SQL database in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2016-1436 (The General Packet Radio Switching Tunneling Protocol 1 (aka GTPv1) ...)
	NOT-FOR-US: Cisco
CVE-2016-1435 (Cisco 8800 phones with software 11.0(1) do not properly enforce ...)
	NOT-FOR-US: Cisco
CVE-2016-1434 (The license-certificate upload functionality on Cisco 8800 phones with ...)
	NOT-FOR-US: Cisco
CVE-2016-1433 (Cisco IOS XR 6.0 and 6.0.1 on NCS 6000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1432 (Cisco IOS XE 3.15S and 3.16S on cBR-8 Converged Broadband Router ...)
	NOT-FOR-US: Cisco
CVE-2016-1431 (Cross-site scripting (XSS) vulnerability in Cisco Firepower Management ...)
	NOT-FOR-US: Cisco
CVE-2016-1430 (Cisco RV180 and RV180W devices allow remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2016-1429 (Directory traversal vulnerability in the web interface on Cisco RV180 ...)
	NOT-FOR-US: Cisco
CVE-2016-1428 (Double free vulnerability in Cisco IOS XE 3.15S, 3.16S, and 3.17S ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1427 (The System Configuration Protocol (SCP) core messaging interface in ...)
	NOT-FOR-US: Cisco Prime Network Registrar
CVE-2016-1426 (Cisco IOS XR 5.x through 5.2.5 on NCS 6000 devices allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1425 (Cisco IOS 15.0(2)SG5, 15.1(2)SG3, 15.2(1)E, 15.3(3)S, and 15.4(1.13)S ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1424 (Cisco IOS 15.2(1)T1.11 and 15.2(2)TST allows remote attackers to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1423 (A vulnerability in the display of email messages in the Messages in ...)
	NOT-FOR-US: Cisco ESA
CVE-2016-1422
	RESERVED
CVE-2016-1421 (The web application on Cisco IP 8800 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1420 (The installation component on Cisco Application Policy Infrastructure ...)
	NOT-FOR-US: Cisco
CVE-2016-1419 (Cisco Access Point devices with software 8.2(102.43) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1418 (Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, ...)
	NOT-FOR-US: Cisco
CVE-2016-1417 (Untrusted search path vulnerability in Snort 2.9.7.0-WIN32 allows ...)
	NOT-FOR-US: Cisco
CVE-2016-1416 (Cisco Prime Collaboration Provisioning 10.6 SP2 (aka 10.6.0.10602) ...)
	NOT-FOR-US: Cisco Prime
CVE-2016-1415 (Cisco WebEx Meetings Player T29.10, when WRF file support is enabled, ...)
	NOT-FOR-US: Cisco
CVE-2016-1414
	RESERVED
CVE-2016-1413 (The web interface in Cisco Firepower Management Center 5.4.0 through ...)
	NOT-FOR-US: Cisco
CVE-2016-1412
	RESERVED
CVE-2016-1411 (A vulnerability in the update functionality of Cisco AsyncOS Software ...)
	NOT-FOR-US: Cisco
CVE-2016-1410 (Cisco WebEx Meeting Center Original Release Base allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1409 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	NOT-FOR-US: Cisco
CVE-2016-1408 (Cisco Prime Infrastructure 1.2 through 3.1 and Evolved Programmable ...)
	NOT-FOR-US: Cisco
CVE-2016-1407 (Cisco IOS XR through 5.3.2 mishandles Local Packet Transport Services ...)
	NOT-FOR-US: Cisco
CVE-2016-1406 (The API web interface in Cisco Prime Infrastructure before 3.1 and ...)
	NOT-FOR-US: Cisco
CVE-2016-1405 (libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...)
	- clamav 0.99+dfsg-1
CVE-2016-1404 (Cisco UCS Invicta 4.3, 4.5, and 5.0.1 on Invicta appliances and ...)
	NOT-FOR-US: Cisco
CVE-2016-1403 (CISCO IP 8800 phones with software 11.0.1 and earlier allow local ...)
	NOT-FOR-US: Cisco
CVE-2016-1402 (The Active Directory (AD) integration component in Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2016-1401 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2016-1400 (Cisco TelePresence Video Communications Server (VCS) X8.x before ...)
	NOT-FOR-US: Cisco
CVE-2016-1399 (The packet-processing microcode in Cisco IOS 15.2(2)EA, 15.2(2)EA1, ...)
	NOT-FOR-US: Cisco
CVE-2016-1398 (Buffer overflow in the web-based management interface on Cisco RV110W ...)
	NOT-FOR-US: Cisco
CVE-2016-1397 (Buffer overflow in the web-based management interface on Cisco RV110W ...)
	NOT-FOR-US: Cisco
CVE-2016-1396 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Cisco
CVE-2016-1395 (The web-based management interface on Cisco RV110W devices with ...)
	NOT-FOR-US: Cisco
CVE-2016-1394 (Cisco Firepower System Software 6.0.0 through 6.1.0 has a hardcoded ...)
	NOT-FOR-US: Cisco Firepower System Software
CVE-2016-1393 (SQL injection vulnerability in Cisco Cloud Network Automation ...)
	NOT-FOR-US: Cisco
CVE-2016-1392 (Open redirect vulnerability in Cisco Prime Collaboration Assurance ...)
	NOT-FOR-US: Cisco
CVE-2016-1391 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
	NOT-FOR-US: Cisco
CVE-2016-1390 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
	NOT-FOR-US: Cisco
CVE-2016-1389 (Open redirect vulnerability in Cisco WebEx Meetings Server (CWMS) 2.6 ...)
	NOT-FOR-US: Cisco
CVE-2016-1388 (Cisco Prime Network Analysis Module (NAM) before 6.1(1) ...)
	NOT-FOR-US: Cisco
CVE-2016-1387 (The XML API in TelePresence Codec (TC) 7.2.0, 7.2.1, 7.3.0, 7.3.1, ...)
	NOT-FOR-US: Cisco
CVE-2016-1386 (The API in Cisco Application Policy Infrastructure Controller ...)
	NOT-FOR-US: Cisco
CVE-2016-1385 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1384 (The NTP implementation in Cisco IOS 15.1 and 15.5 and IOS XE 3.2 ...)
	NOT-FOR-US: Cisco
CVE-2016-1383 (Memory leak in Cisco AsyncOS through 8.8 on Web Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2016-1382 (Cisco AsyncOS before 8.5.3-069 and 8.6 through 8.8 on Web Security ...)
	NOT-FOR-US: Cisco
CVE-2016-1381 (Memory leak in Cisco AsyncOS 8.5 through 9.0 before 9.0.1-162 on Web ...)
	NOT-FOR-US: Cisco
CVE-2016-1380 (Cisco AsyncOS 8.0 before 8.0.6-119 on Web Security Appliance (WSA) ...)
	NOT-FOR-US: Cisco
CVE-2016-1379 (Cisco Adaptive Security Appliance (ASA) Software 9.0 through 9.5.1 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1378 (Cisco IOS before 15.2(2)E1 on Catalyst switches allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1377 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
	NOT-FOR-US: Cisco
CVE-2016-1376 (Cisco IOS XR 4.2.3, 4.3.0, 4.3.4, and 5.3.1 on ASR 9000 devices allows ...)
	NOT-FOR-US: Cisco
CVE-2016-1375 (Cross-site scripting (XSS) vulnerability in Cisco IP Interoperability ...)
	NOT-FOR-US: Cisco
CVE-2016-1374 (The web framework in Cisco Unified Computing System (UCS) Performance ...)
	NOT-FOR-US: Cisco
CVE-2016-1373 (The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), ...)
	NOT-FOR-US: Cisco
CVE-2016-1372 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to ...)
	{DLA-546-1}
	- clamav 0.99.2+dfsg-1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1371 (ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to ...)
	{DLA-546-1}
	- clamav 0.99.2+dfsg-1
	[jessie] - clamav 0.99.2+dfsg-0+deb8u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11514
	NOTE: https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
CVE-2016-1370 (Cisco Prime Network Analysis Module (NAM) before 6.2(1-b) ...)
	NOT-FOR-US: Cisco
CVE-2016-1369 (The Adaptive Security Appliance (ASA) 5585-X FirePOWER Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2016-1368 (Cisco FirePOWER System Software 5.3.x through 5.3.0.6 and 5.4.x ...)
	NOT-FOR-US: Cisco
CVE-2016-1367 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2016-1366 (The SCP and SFTP modules in Cisco IOS XR 5.0.0 through 5.2.5 on ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2016-1365 (The Grapevine update process in Cisco Application Policy ...)
	NOT-FOR-US: Cisco
CVE-2016-1364 (Cisco Wireless LAN Controller (WLC) Software 7.4 before 7.4.130.0(MD) ...)
	NOT-FOR-US: Cisco
CVE-2016-1363 (Buffer overflow in the redirection functionality in Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2016-1362 (Cisco AireOS 4.1 through 7.4.120.0, 7.5.x, and 7.6.100.0 on Wireless ...)
	NOT-FOR-US: Cisco
CVE-2016-1361 (Cisco IOS XR through 4.3.2 on Gigabit Switch Router (GSR) 12000 ...)
	NOT-FOR-US: Cisco
CVE-2016-1360 (Cisco Prime LAN Management Solution (LMS) through 4.2.5 uses the same ...)
	NOT-FOR-US: Cisco
CVE-2016-1359 (Cisco Prime Infrastructure 3.0 allows remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2016-1358 (Cisco Prime Infrastructure 2.2, 3.0, and 3.1(0.0) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1357 (The password-management administration component in Cisco Policy Suite ...)
	NOT-FOR-US: Cisco
CVE-2016-1356 (Cisco FireSIGHT System Software 6.1.0 does not use a constant-time ...)
	NOT-FOR-US: Cisco
CVE-2016-1355 (Cross-site scripting (XSS) vulnerability in the Device Management UI ...)
	NOT-FOR-US: Cisco
CVE-2016-1354 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-1353 (The TCP implementation in Cisco Videoscape Distribution Suite for ...)
	NOT-FOR-US: Cisco Videoscape Distribution Suite
CVE-2016-1352 (Cisco Unified Computing System (UCS) Central Software 1.3(1b) and ...)
	NOT-FOR-US: Cisco
CVE-2016-1351 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2016-1350 (Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2016-1349 (The Smart Install client implementation in Cisco IOS 12.2, 15.0, and ...)
	NOT-FOR-US: Cisco
CVE-2016-1348 (Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1347 (The Wide Area Application Services (WAAS) Express implementation in ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1346 (The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on ...)
	NOT-FOR-US: Cisco
CVE-2016-1345 (Cisco FireSIGHT System Software 5.4.0 through 6.0.1 and ASA with ...)
	NOT-FOR-US: Cisco Firepower
CVE-2016-1344 (The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1343 (The XML parser in Cisco Information Server (CIS) 6.2 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1342 (The device login page in Cisco FirePOWER Management Center 5.3 through ...)
	NOT-FOR-US: Cisco
CVE-2016-1341 (Cisco NX-OS 7.0(1)N1(1), 7.0(1)N1(3), and 7.0(4)N1(1) on Nexus 2000 ...)
	NOT-FOR-US: Cisco
CVE-2016-1340 (Heap-based buffer overflow in Cisco Unified Computing System (UCS) ...)
	NOT-FOR-US: Cisco
CVE-2016-1339 (Cisco Unified Computing System (UCS) Platform Emulator 2.5(2)TS4, ...)
	NOT-FOR-US: Cisco
CVE-2016-1338 (Cisco TelePresence Video Communication Server (VCS) X8.5.1 and X8.5.2 ...)
	NOT-FOR-US: Cisco
CVE-2016-1337 (Cisco EPC3928 devices allow remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cisco
CVE-2016-1336 (goform/Docsis_system on Cisco EPC3928 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1335 (The SSH implementation in Cisco StarOS before 19.3.M0.62771 and 20.x ...)
	NOT-FOR-US: Cisco StarOS
CVE-2016-1334 (Cisco Small Business 500 Wireless Access Point devices with firmware ...)
	NOT-FOR-US: Cisco
CVE-2016-1333 (Cisco IOS 15.5(3)M and 15.6(1)T0a on Cisco 1000 Connected Grid routers ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1332
	REJECTED
CVE-2016-1331 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
	NOT-FOR-US: Cisco Emergency Responder
CVE-2016-1330 (Cisco IOS 15.2(4)E on Industrial Ethernet 2000 devices allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2016-1329 (Cisco NX-OS 6.0(2)U6(1) through 6.0(2)U6(5) on Nexus 3000 devices and ...)
	NOT-FOR-US: Cisco Nexus
CVE-2016-1328 (goform/WClientMACList on Cisco EPC3928 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2016-1327 (Buffer overflow in the web server on Cisco DPC2203 and EPC2203 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1326 (The administration interface on Cisco DPQ3925 devices with firmware r1 ...)
	NOT-FOR-US: Cisco
CVE-2016-1325 (The administration interface on Cisco DPC3939B and DPC3941 devices ...)
	NOT-FOR-US: Cisco
CVE-2016-1324 (The REST interface in Cisco Spark 2015-06 allows remote attackers to ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1323 (The REST interface in Cisco Spark 2015-06 allows remote authenticated ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1322 (The REST interface in Cisco Spark 2015-07-04 allows remote attackers ...)
	NOT-FOR-US: Cisco Spark
CVE-2016-1321 (Cisco Universal Small Cell devices with firmware R2.12 through R3.5 ...)
	NOT-FOR-US: Cisco
CVE-2016-1320 (The CLI in Cisco Prime Collaboration 9.0 and 11.0 allows local users ...)
	NOT-FOR-US: Cisco
CVE-2016-1319 (Cisco Unified Communications Manager (aka CallManager) ...)
	NOT-FOR-US: Cisco
CVE-2016-1318 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...)
	NOT-FOR-US: Cisco
CVE-2016-1317 (Cisco Unified Communications Manager 11.5(0.98000.480) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1316 (Cisco TelePresence Video Communication Server (VCS) X8.1 through X8.7, ...)
	NOT-FOR-US: Cisco
CVE-2016-1315 (The proxy engine in Cisco Advanced Malware Protection (AMP), when used ...)
	NOT-FOR-US: Cisco
CVE-2016-1314 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-1313 (Cisco UCS Invicta C3124SA Appliance 4.3.1 through 5.0.1, UCS Invicta ...)
	NOT-FOR-US: Cisco
CVE-2016-1312 (The HTTPS inspection engine in the Content Security and Control ...)
	NOT-FOR-US: Cisco
CVE-2016-1311 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2016-1310 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
	NOT-FOR-US: Cisco
CVE-2016-1309 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2016-1308 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2016-1307 (The Openfire server in Cisco Finesse Desktop 10.5(1) and 11.0(1) and ...)
	NOT-FOR-US: Cisco
CVE-2016-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Fog ...)
	NOT-FOR-US: Cisco
CVE-2016-1305 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...)
	NOT-FOR-US: Cisco
CVE-2016-1304 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
	NOT-FOR-US: Cisco
CVE-2016-1303 (The web GUI on Cisco Small Business 500 devices 1.2.0.92 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1302 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
	NOT-FOR-US: Cisco
CVE-2016-1301 (The RBAC implementation in Cisco ASA-CX Content-Aware Security ...)
	NOT-FOR-US: Cisco
CVE-2016-1300 (Cross-site scripting (XSS) vulnerability in Cisco Unity Connection ...)
	NOT-FOR-US: Cisco
CVE-2016-1299 (The web-management GUI implementation on Cisco Small Business SG300 ...)
	NOT-FOR-US: Cisco
CVE-2016-1298 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2016-1297 (The Device Manager GUI in Cisco Application Control Engine (ACE) 4710 ...)
	NOT-FOR-US: Cisco
CVE-2016-1296 (The proxy engine on Cisco Web Security Appliance (WSA) devices with ...)
	NOT-FOR-US: Cisco
CVE-2016-1295 (Cisco Adaptive Security Appliance (ASA) Software 8.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2016-1294 (Cross-site scripting (XSS) vulnerability in the Management Center in ...)
	NOT-FOR-US: Cisco
CVE-2016-1293 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...)
	NOT-FOR-US: Cisco
CVE-2016-1292
	RESERVED
CVE-2016-1291 (Cisco Prime Infrastructure 1.2.0 through 2.2(2) and Cisco Evolved ...)
	NOT-FOR-US: Cisco
CVE-2016-1290 (The web API in Cisco Prime Infrastructure 1.2.0 through 2.2(2) and ...)
	NOT-FOR-US: Cisco
CVE-2016-1289 (The API in Cisco Prime Infrastructure 1.2 through 3.0 and Evolved ...)
	NOT-FOR-US: Cisco Prime
CVE-2016-1288 (The HTTPS Proxy feature in Cisco AsyncOS before 8.5.3-051 and 9.x ...)
	NOT-FOR-US: Cisco Web Security Appliance
CVE-2016-1287 (Buffer overflow in the IKEv1 and IKEv2 implementations in Cisco ASA ...)
	NOT-FOR-US: Cisco ASA
CVE-2016-1286 (named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 ...)
	{DSA-3511-1}
	- bind9 1:9.10.3.dfsg.P4-6
	NOTE: https://kb.isc.org/article/AA-01353
CVE-2016-1285 (named in ISC BIND 9.x before 9.9.8-P4 and 9.10.x before 9.10.3-P4 does ...)
	{DSA-3511-1}
	- bind9 1:9.10.3.dfsg.P4-6
	NOTE: https://kb.isc.org/article/AA-01352
CVE-2016-1284 (rdataset.c in ISC BIND 9 Supported Preview Edition 9.9.8-S before ...)
	- bind9 <not-affected> (Only Supported Preview Edition/Subscription Edition)
	NOTE: https://kb.isc.org/article/AA-01348
CVE-2016-1505 (The filesystem storage backend in Radicale before 1.1 on Windows ...)
	- radicale <not-affected> (Only an issue on MS Windows)
CVE-2015-8764 (Off-by-one error in the EAP-PWD module in FreeRADIUS 3.0 through ...)
	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
	NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8763 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote ...)
	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
	NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8762 (The EAP-PWD module in FreeRADIUS 3.0 through 3.0.8 allows remote ...)
	- freeradius <not-affected> (Affects 3.0 up to 3.0.8)
	NOTE: http://freeradius.org/security.html#eap-pwd-2015
CVE-2015-8751
	RESERVED
	- jasper 1.900.1-5.1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294039
	NOTE: In 1.900.1-5.1 this issue was fixed as part of the patch for CVE-2008-3520
	NOTE: like other distribution did.
CVE-2015-8750 (libdwarf 20151114 and earlier allows remote attackers to cause a ...)
	{DLA-669-1 DLA-388-1}
	- dwarfutils 20160507-1 (bug #813182)
	[jessie] - dwarfutils 20120410-2+deb8u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1294264
	NOTE: https://github.com/tomhughes/libdwarf/commit/11750a2838e52953013e3114ef27b3c7b1780697
CVE-2015-8749 (The volume_utils._parse_volume_info function in OpenStack Compute ...)
	- nova 2:13.0.0~rc3-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1516765
	NOTE: Affects: >= 2014.2 <= 2015.1.2, ==12.0.0
CVE-2015-8748 (Radicale before 1.1 allows remote authenticated users to bypass ...)
	{DSA-3462-1 DLA-403-1}
	- radicale 1.1.1-1 (bug #809920)
CVE-2015-8747 (The multifilesystem storage backend in Radicale before 1.1 allows ...)
	{DSA-3462-1 DLA-403-1}
	- radicale 1.1.1-1 (bug #809920)
CVE-2015-8746 (fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2 ...)
	- linux 4.3.1-1
	[jessie] - linux 3.16.7-ckt20-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1295802
	NOTE: Fixed by: https://git.kernel.org/linus/18e3b739fdc826481c6a1335ce0c5b19b3d415da (v4.3-rc1)
	NOTE: Fixed as well in v3.16.7-ckt18 (commit: 6a64d8c4c07c176abee384803f28fa1507963369)
	NOTE: Introduced by: https://git.kernel.org/linus/ec011fe847347b40c60fdb5085f65227762e2e08 (v3.13-rc1)
CVE-2016-1494 (The verify function in the RSA package for Python (Python-RSA) before ...)
	- python-rsa 3.2.3-1.1 (bug #809980)
	[jessie] - python-rsa 3.1.4-1+deb8u1
	NOTE: proposed fix: https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff
	NOTE: https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/
CVE-2015-8604 (SQL injection vulnerability in the host_new_graphs function in ...)
	{DSA-3494-1 DLA-386-1}
	- cacti 0.8.8f+ds1-4
	NOTE: http://bugs.cacti.net/view.php?id=2652
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/8
CVE-2016-1282
	RESERVED
CVE-2016-1281 (Untrusted search path vulnerability in the installer for TrueCrypt 7.2 ...)
	NOT-FOR-US: Truecrypt
CVE-2015-8742 (The dissect_CPMSetBindings function in epan/dissectors/packet-mswsp.c ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-60.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11931
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d48b0eff28c995947ac3f8d842ddd9b50dd5798d
CVE-2015-8741 (The dissect_ppi function in epan/dissectors/packet-ppi.c in the PPI ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2290eba5cb25f927f9142680193ac1158d35506e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11876
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-59.html
CVE-2015-8740 (The dissect_tds7_colmetadata_token function in ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e78093f69f1e95df919bbe644baa06c7e4e720c0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11846
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-58.html
CVE-2015-8739 (The ipmi_fmt_udpport function in epan/dissectors/packet-ipmi.c in the ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=96bf82ced0b58c7a4c2a6c300efeebe4f05c0ff4
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11831
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-57.html
CVE-2015-8738 (The s7comm_decode_ud_cpu_szl_subfunc function in ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=858c3f0079f987833fb22eba2c361d1a88ba4103
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11823
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-56.html
CVE-2015-8737 (The mp2t_open function in wiretap/mp2t.c in the MP2T file parser in ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=e3fc691368af60bbbaec9e038ee6a6d3b7707955
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11821
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-55.html
CVE-2015-8736 (The mp2t_find_next_pcr function in wiretap/mp2t.c in the MP2T file ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=baa3eab78b422616a92ee38551c1b1510dca4ccb
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11820
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-54.html
CVE-2015-8735 (The get_value function in epan/dissectors/packet-btatt.c in the ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83bad0215dae54e77d34f8b187900125f672366e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11817
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-53.html
CVE-2015-8734 (The dissect_nwp function in epan/dissectors/packet-nwp.c in the NWP ...)
	- wireshark 2.0.1+g59ea380-1
	[jessie] - wireshark <not-affected> (Only affects 2.x)
	[wheezy] - wireshark <not-affected> (Only affects 2.x)
	[squeeze] - wireshark <not-affected> (Only affects 2.x)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9b2c889abe0219fc162659e106c5b95deb6268f3
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11726
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-52.html
CVE-2015-8733 (The ngsniffer_process_record function in wiretap/ngsniffer.c in the ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=53a3e53fce30523d11ab3df319fba7b75d63076f
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11827
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-51.html
CVE-2015-8732 (The dissect_zcl_pwr_prof_pwrprofstatersp function in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb0c034f6e4cdbf5ae36dd9ba8e2743630b7bd38
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=9352616ec9742f2ed3d2802d0c8c100d51ca410b
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11830
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-50.html
CVE-2015-8731 (The dissct_rsl_ipaccess_msg function in epan/dissectors/packet-rsl.c ...)
	{DSA-3516-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2930d3105c3ff2bfb1278b34ad10e2e71c3b8fb0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11829
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-49.html
	NOTE: fix released in 2.0.1 is incomplete, but the rest is tracked under CVE-2016-2530
CVE-2015-8730 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d2644aef369af0667220b5bd69996915b29d753d
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11815
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-48.html
CVE-2015-8729 (The ascend_seek function in wiretap/ascendtext.c in the Ascend file ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=338da1c0ea0b2f8595d3a7b6d6c9548f7da3e27b
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11794
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-47.html
CVE-2015-8728 (The Mobile Identity parser in (1) epan/dissectors/packet-ansi_a.c in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=15edc8d714b11dcff3a04e5d00b8db9adfdb81ed
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11797
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-46.html
CVE-2015-8727 (The dissect_rsvp_common function in epan/dissectors/packet-rsvp.c in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=56baca60271379cb97f6a4a6bf72eb526e8b52d0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11793
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-45.html
CVE-2015-8726 (wiretap/vwr.c in the VeriWave file parser in Wireshark 1.12.x before ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b8fa3d463c1bdd9b84c897441e7a5c8ad1f0f292
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=185911de7d337246044c8e99da2f5b4bac74c0d5
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11791
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11789
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-44.html
CVE-2015-8725 (The dissect_diameter_base_framed_ipv6_prefix function in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=aaa28a9d39158ca1033bbd3372cf423abbf4f202
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11792
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-43.html
CVE-2015-8724 (The AirPDcapDecryptWPABroadcastKey function in epan/crypt/airpdcap.c ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=83f2818118ae255db949bb3a4b3a26ebd1c5f7c5
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11826
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html
	NOTE: Not suitable for code injection
CVE-2015-8723 (The AirPDcapPacketProcess function in epan/crypt/airpdcap.c in the ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark 1.8.2-5wheezy18
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b283181c63cb28bc6f58d80315eccca6650da0
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11790
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-42.html
CVE-2015-8722 (epan/dissectors/packet-sctp.c in the SCTP dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2259bf8a827088081bef101f98e4983de8aa8099
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=1b32d505a59475d51d9b2bed5f0869d2d154e8b6
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11767
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-41.html
CVE-2015-8721 (Buffer overflow in the tvb_uncompress function in epan/tvbuff_zlib.c ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=cec0593ae6c3bca65eff65741c2a10f3de3e0afe
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11548
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-40.html
CVE-2015-8720 (The dissect_ber_GeneralizedTime function in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=921bb07115fbffc081ec56a5022b4a9d58db6d39
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-39.html
CVE-2015-8719 (The dissect_dns_answer function in epan/dissectors/packet-dns.c in the ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=30651ab18b42e666f57ea239e58f3ff3a5e9c4ad
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10988
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-38.html
CVE-2015-8718 (Double free vulnerability in epan/dissectors/packet-nlm.c in the NLM ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=81dfe6d450ada42d12f20ac26a6d8ae2302df37e
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-37.html
CVE-2015-8717 (The dissect_sdp function in epan/dissectors/packet-sdp.c in the SDP ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ddd92b6f8f587325b9e14598658626f3a007c5c
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-36.html
CVE-2015-8716 (The init_t38_info_conv function in epan/dissectors/packet-t38.c in the ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=eb6ccb1b0c4ad02b828652c3fe6e8d51c30a315e
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9887
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-35.html
CVE-2015-8715 (epan/dissectors/packet-alljoyn.c in the AllJoyn dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40caff2d1fb08262c84aaaa8ac584baa8866dd7c
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11607
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-34.html
CVE-2015-8714 (The dissect_dcom_OBJREF function in epan/dissectors/packet-dcom.c in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=d34267d0503a67235bf259fd2f2f2d2bb8b18cf5
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11610
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-33.html
CVE-2015-8713 (epan/dissectors/packet-umts_fp.c in the UMTS FP dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=67b6d4f7e6f2117b40957fd51518aa2a3e659002
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11606
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html
CVE-2015-8712 (The dissect_hsdsch_channel_info function in ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2ae329a47b7f0ac94089c23e79c6b8bc18ba80ea
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-32.html
CVE-2015-8711 (epan/dissectors/packet-nbap.c in the NBAP dissector in Wireshark ...)
	{DSA-3505-1}
	- wireshark 2.0.1+g59ea380-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5bf565690ad9f0771196d8fa237aa37fae3bb7cc
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=5b4ada17723ed8af7e85cb48d537437ed614e417
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=23379ae3624df82c170f48e5bb3250a97ec61c13
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11841
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11835
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11602
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-31.html
CVE-2015-8707 (Password reset tokens in Magento CE before 1.9.2.2, and Magento EE ...)
	NOT-FOR-US: Magento
CVE-2015-8744 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=a7278b36fcab9af469563bd7b9dadebe2ae25e48 (v2.5.0-rc0)
	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8745 (QEMU (aka Quick Emulator) built with a VMWARE VMXNET3 paravirtual NIC ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code introduced later)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commit;h=c6048f849c7e3f009786df76206e895a69de032c (v2.5.0-rc0)
	NOTE: VMXNET3 device implementation introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=786fd2b0f87baded8c9e55307b99719eea3e016e (v1.5.0-rc0)
CVE-2015-8743 (QEMU (aka Quick Emulator) built with the NE2000 device emulation ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #810519)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1264929
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg00050.html
	NOTE: Introduced by (at least after): http://git.qemu.org/?p=qemu.git;a=commit;h=69b910399a3c40620a5213adaeb14a37366d97ac
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/04/1
CVE-2014-9764 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...)
	{DSA-3537-1 DLA-401-1}
	- imlib2 1.4.7-1
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=1f9b0b32728803a1578e658cd0955df773e34f49
CVE-2014-9763 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...)
	{DSA-3537-1 DLA-401-1}
	- imlib2 1.4.7-1
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=c21beaf1780cf3ca291735ae7d58a3dde63277a2
CVE-2014-9762 (imlib2 before 1.4.7 allows remote attackers to cause a denial of ...)
	{DSA-3537-1 DLA-401-1}
	- imlib2 1.4.7-1
	NOTE: https://git.enlightenment.org/legacy/imlib2.git/commit/?h=v1.4.7&id=39641e74a560982fbf93f29bf96b37d27803cb56
CVE-2014-9761 (Multiple stack-based buffer overflows in the GNU C Library (aka glibc ...)
	{DLA-411-1}
	- glibc 2.23-1 (bug #813187)
	[jessie] - glibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16962
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=e02cabecf0d025ec4f4ddee290bdf7aadb873bb3
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=8f5e8b01a1da2a207228f2072c934fa5918554b8
	NOTE: Fixed for 2.23 upstream
CVE-2014-9760 (Cross-site scripting (XSS) vulnerability in the displayLogin function ...)
	- gosa 2.7.4+reloaded1-5
	[wheezy] - gosa 2.7.4-4.3~deb7u2
	[squeeze] - gosa 2.6.11-3+squeeze4
	NOTE: Fixed in 2.7.4+reloaded1-3 with follow-up fix in 2.7.4+reloaded1-5
	NOTE: https://github.com/gosa-project/gosa-core/commit/e35b990464a2c2cf64d6833a217ed944876e7732
CVE-2014-9759 (Incomplete blacklist vulnerability in the config_is_private function ...)
	- mantis <not-affected> (Affects >= 1.3.0-beta.1)
	NOTE: http://github.com/mantisbt/mantisbt/commit/7927c275
	NOTE: https://sourceforge.net/p/mantisbt/mailman/message/32948048/
	NOTE: https://mantisbt.org/bugs/view.php?id=20277
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/02/1
CVE-2016-1283 (The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles ...)
	- pcre3 2:8.38-3.1 (bug #809706)
	[jessie] - pcre3 2:8.35-3.3+deb8u3
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Introduced after http://vcs.pcre.org/pcre?view=revision&revision=1361
	- pcre2 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1767
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1636
CVE-2016-1280 (PKId in Juniper Junos OS before 12.1X44-D52, 12.1X46 before ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1279 (J-Web in Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1278 (Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1277 (Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D40, ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1276 (Juniper Junos OS before 12.1X46-D50, 12.1X47 before 12.1X47-D23, ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1275 (Juniper Junos OS before 13.3R9, 14.1R6 before 14.1R6-S1, and 14.1 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1274 (Juniper Junos OS 14.1X53 before 14.1X53-D30 on QFX Series switches ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1273 (Juniper Junos OS before 13.2X51-D40, 14.x before 14.1X53-D30, and 15.x ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1272
	RESERVED
CVE-2016-1271 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, 12.3 ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1270 (The rpd daemon in Juniper Junos OS before 12.1X44-D60, 12.1X46 before ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1269 (Juniper Junos OS before 12.1X44-D60, 12.1X46 before 12.1X46-D40, ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1268 (The administrative web services interface in Juniper ScreenOS before ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2016-1267 (Race condition in the RPC functionality in Juniper Junos OS before ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1266
	RESERVED
CVE-2016-1265 (A remote unauthenticated network based attacker with access to Junos ...)
	NOT-FOR-US: Juniper
CVE-2016-1264 (Race condition in the Op command in Juniper Junos OS before ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1263 (Juniper Junos OS before 12.1X46-D45, 12.1X46-D50, 12.1X47 before ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2016-1262 (Juniper Junos OS before 12.1X46-D45, 12.1X47 before 12.1X47-D30, ...)
	NOT-FOR-US: Juniper
CVE-2016-1261 (J-Web does not validate certain input that may lead to cross-site ...)
	NOT-FOR-US: Juniper
CVE-2016-1260 (Juniper Junos OS before 13.2X51-D36, 14.1X53 before 14.1X53-D25, and ...)
	NOT-FOR-US: Juniper
CVE-2016-1259
	RESERVED
CVE-2016-1258 (Embedthis Appweb, as used in J-Web in Juniper Junos OS before ...)
	NOT-FOR-US: Juniper
CVE-2016-1257 (The Routing Engine in Juniper Junos OS 13.2R5 through 13.2R8, 13.3R1 ...)
	NOT-FOR-US: Juniper
CVE-2016-1256 (Juniper Junos OS before 12.1X44-D55, 12.1X46 before 12.1X46-D40, ...)
	NOT-FOR-US: Juniper
CVE-2015-8706
	RESERVED
CVE-2015-8705 (buffer.c in named in ISC BIND 9.10.x before 9.10.3-P3, when debug ...)
	- bind9 <not-affected> (Only affects 9.10.0->9.10.3-P2)
	NOTE: https://kb.isc.org/article/AA-01336
CVE-2015-8704 (apl_42.c in ISC BIND 9.x before 9.9.8-P3, 9.9.x, and 9.10.x before ...)
	{DSA-3449-1 DLA-396-1}
	- bind9 1:9.10.3.dfsg.P4-6 (bug #812077)
	NOTE: https://kb.isc.org/article/AA-01335
CVE-2015-8703 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE and ZXV10 ...)
	NOT-FOR-US: ZTE router
CVE-2015-8702 (The DNS::GetResult function in dns.cpp in InspIRCd before 2.0.19 ...)
	{DSA-3527-1 DLA-384-1}
	- inspircd 2.0.20-1
	NOTE: https://github.com/inspircd/inspircd/commit/6058483d9fbc1b904d5ae7cfea47bfcde5c5b559
	NOTE: http://www.inspircd.org/2015/04/16/v2019-released.html
CVE-2015-8701 (QEMU (aka Quick Emulator) built with the Rocker switch emulation ...)
	- qemu 1:2.5+dfsg-3 (bug #809313)
	[jessie] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced after qemu 2.3)
	- qemu-kvm <not-affected> (Vulnerable code introduced after qemu 2.3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/28/6
CVE-2015-8700
	RESERVED
CVE-2015-8699 (Multiple cross-site scripting (XSS) vulnerabilities in CA Release ...)
	NOT-FOR-US: CA Release Automation
CVE-2016-1255 (The pg_ctlcluster script in postgresql-common package in Debian wheezy ...)
	{DLA-774-1}
	- postgresql-common 178
	[jessie] - postgresql-common 165+deb8u2
	NOTE: Fix: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=c8989206ec360f199400c74f129f7b4cb878c1ee
	NOTE: Testsuite update: https://anonscm.debian.org/cgit/pkg-postgresql/postgresql-common.git/commit/?id=30f0e4200cfc358b4536bf5d1f6c48abb779d438
CVE-2016-1254 (Tor before 0.2.8.12 might allow remote attackers to cause a denial of ...)
	{DSA-3741-1 DLA-754-1}
	- tor 0.2.9.8-2 (bug #848847)
	NOTE: https://blog.torproject.org/blog/tor-02812-released
	NOTE: https://trac.torproject.org/projects/tor/ticket/21018
CVE-2016-1253 (The most package in Debian wheezy before 5.0.0a-2.2, in Debian jessie ...)
	{DLA-745-1}
	- most 5.0.0a-3 (bug #848132)
	[jessie] - most 5.0.0a-2.3+deb8u1
CVE-2016-1252 (The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable ...)
	{DSA-3733-1}
	- apt 1.4~beta2
	[wheezy] - apt <not-affected> (Issue introduced in apt >= 0.9.8)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1647467
CVE-2016-1251 (There is a vulnerability of type use-after-free affecting DBD::mysql ...)
	- libdbd-mysql-perl 4.041-1
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
	NOTE: Only an issue with mysql_server_prepare=1
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1 (4.041)
CVE-2016-1250
	REJECTED
CVE-2016-1249 (The DBD::mysql module before 4.039 for Perl, when using server-side ...)
	- libdbd-mysql-perl 4.039-1 (bug #844475)
	[jessie] - libdbd-mysql-perl <no-dsa> (Minor issue)
	[wheezy] - libdbd-mysql-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe (4.039)
	NOTE: http://www.openwall.com/lists/oss-security/2016/11/16/1
CVE-2016-1248 (vim before patch 8.0.0056 does not properly validate values for the ...)
	{DSA-3722-1 DLA-718-1}
	- vim 2:8.0.0095-1
	- neovim 0.1.6-4
	NOTE: Fixed by: https://github.com/vim/vim/commit/d0b5138ba4bccff8a744c99836041ef6322ed39a
	NOTE: Fixed by (neovim): https://github.com/neovim/neovim/commit/4fad66fbe637818b6b3d6bc5d21923ba72795040
CVE-2016-1247 (The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx ...)
	{DSA-3701-1}
	- nginx 1.10.2-1 (bug #842295)
	[wheezy] - nginx <not-affected> (Introduced by the fix for CVE-2013-0337, not applied)
	NOTE: Issue introduced with the Debian specific fix for CVE-2013-0337 / #701112
	NOTE: http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
CVE-2016-1246 (Buffer overflow in the DBD::mysql module before 4.037 for Perl allows ...)
	{DSA-3684-1 DLA-656-1}
	- libdbd-mysql-perl 4.037-1 (low)
	NOTE: https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 (4.037)
CVE-2016-1245 (It was discovered that the zebra daemon in Quagga before 1.0.20161017 ...)
	{DSA-3695-1 DLA-662-1}
	- quagga 1.0.20160315-3 (bug #841162)
	NOTE: Fixed by: https://github.com/Quagga/quagga/commit/cfb1fae25f8c092e0d17073eaf7bd428ce1cd546
	NOTE: https://lists.quagga.net/pipermail/quagga-users/2016-October/014478.html
CVE-2016-1244 (The extractTree function in unADF allows remote attackers to execute ...)
	{DSA-3676-1 DLA-631-1}
	- unadf 0.7.11a-4 (bug #838248)
CVE-2016-1243 (Stack-based buffer overflow in the extractTree function in unADF ...)
	{DSA-3676-1 DLA-631-1}
	- unadf 0.7.11a-4 (bug #838248)
CVE-2016-1242 (file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before ...)
	{DSA-3656-1 DLA-607-1}
	- tryton-server 4.0.4-1
CVE-2016-1241 (Tryton 3.x before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, ...)
	{DSA-3656-1}
	- tryton-server 4.0.4-1
	[wheezy] - tryton-server <not-affected> (password_hash field introduced in 3.2 series)
CVE-2016-1240 (The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 ...)
	{DSA-3670-1 DSA-3669-1 DLA-623-1 DLA-622-1}
	- tomcat8 8.0.36-3
	- tomcat7 7.0.70-3
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
CVE-2016-1239 [loads arbitrary code from the current untrusted directory]
	RESERVED
	- duck 0.10
	[jessie] - duck 0.7+deb8u1
	NOTE: https://anonscm.debian.org/cgit/collab-maint/duck.git/commit/?id=b43b5bbf07973c54b8f1c581a941f4facc97177a (0.10)
CVE-2016-1238 ((1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) ...)
	{DSA-3628-1 DLA-584-1 DLA-565-1}
	- perl 5.22.2-3
	- libsys-syslog-perl <removed>
	[jessie] - libsys-syslog-perl 0.33-1+deb8u1
	NOTE: http://article.gmane.org/gmane.comp.lang.perl.perl5.porters/160507
	NOTE: Although more modules and scripts are affected by similar issue and mentioned
	NOTE: in the DSA/DLA, the CVE is for src:perl (and libsys-syslog-perl beeing dual-lived)
	NOTE: and thus not adding more source packages here.
CVE-2016-1237 (nfsd in the Linux kernel through 4.6.3 allows local users to bypass ...)
	{DSA-3607-1}
	- linux 4.6.2-2
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/4ac7249ea5a0ceef9f8269f63f33cc873c3fac61 (v3.14-rc1)
	NOTE: Prerequisite: https://git.kernel.org/linus/485e71e8fb6356c08c7fc6bcce4bf02c9a9a663f
	NOTE: Fixed by: https://git.kernel.org/linus/999653786df6954a31044528ac3f7a5dadca08f4
CVE-2016-1236 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	{DSA-3572-1 DLA-462-1}
	- websvn <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/05/22
CVE-2016-1235 (The oarsh script in OAR before 2.5.7 allows remote authenticated users ...)
	{DSA-3543-1}
	- oar 2.5.7-1 (bug #819952)
	NOTE: https://raw.githubusercontent.com/oar-team/oar/ce77ffed620fdce94881c9b35064507777c24a1c/debian/patches/004-fix-oarsh-security-issue
CVE-2016-1234 (Stack-based buffer overflow in the glob implementation in GNU C ...)
	{DLA-494-1}
	- glibc 2.22-8
	[jessie] - glibc 2.19-18+deb8u5
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Minor issue, can be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=19779
CVE-2016-1233 (An unspecified udev rule in the Debian fuse package in jessie before ...)
	{DSA-3451-1}
	- fuse 2.9.5-1
	[wheezy] - fuse <not-affected> (Problematic permissions via udev rule not set)
	[squeeze] - fuse <not-affected> (Problematic permissions via udev rule not set)
CVE-2016-1232 (The mod_dialback module in Prosody before 0.9.9 does not properly ...)
	{DSA-3439-1 DLA-391-1}
	- prosody 0.9.9-1
	NOTE: https://prosody.im/security/advisory_20160108-2/
CVE-2016-1231 (Directory traversal vulnerability in the HTTP file-serving module ...)
	{DSA-3439-1}
	- prosody 0.9.9-1
	[squeeze] - prosody <not-affected> (Vulnerable code not present)
	NOTE: https://prosody.im/security/advisory_20160108-1/
CVE-2016-1230 (Cross-site scripting (XSS) vulnerability in NTT PC Communications ...)
	NOT-FOR-US: NTT
CVE-2016-1229 (Cross-site scripting (XSS) vulnerability in HumHub 0.20.0-beta.1 ...)
	NOT-FOR-US: HumHub
CVE-2016-1228 (Cross-site request forgery (CSRF) vulnerability on NTT EAST Hikari ...)
	NOT-FOR-US: NTT
CVE-2016-1227 (NTT EAST Hikari Denwa routers with firmware PR-400MI, RT-400MI, and ...)
	NOT-FOR-US: NTT
CVE-2016-1226 (Cross-site scripting (XSS) vulnerability in Trend Micro Internet ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1225 (Trend Micro Internet Security 8 and 10 allows remote attackers to read ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1224 (CRLF injection vulnerability in Trend Micro Worry-Free Business ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1223 (Directory traversal vulnerability in Trend Micro Office Scan 11.0, ...)
	NOT-FOR-US: Trend Micro
CVE-2016-1222 (Cross-site scripting (XSS) vulnerability in Kobe Beauty ...)
	NOT-FOR-US: Kobe Beauty
CVE-2016-1221 (Jetstar App for iOS before 3.0.0 does not verify X.509 certificates ...)
	NOT-FOR-US: Jetstar App
CVE-2016-1220 (Cybozu Garoon before 4.2.2 does not properly restrict access. ...)
	NOT-FOR-US: Cybozu
CVE-2016-1219 (Cybozu Garoon before 4.2.2 allows remote attackers to bypass login ...)
	NOT-FOR-US: Cybozu
CVE-2016-1218 (SQL injection vulnerability in Cybozu Garoon before 4.2.2. ...)
	NOT-FOR-US: Cybozu
CVE-2016-1217 (Cross-site scripting (XSS) vulnerability in the &quot;Check available ...)
	NOT-FOR-US: Cybozu
CVE-2016-1216 (Cross-site scripting (XSS) vulnerability in the &quot;New appointment&quot; ...)
	NOT-FOR-US: Cybozu
CVE-2016-1215 (Cross-site scripting (XSS) vulnerability in the &quot;User details&quot; ...)
	NOT-FOR-US: Cybozu
CVE-2016-1214 (Cross-site scripting (XSS) vulnerability in the &quot;Response request&quot; ...)
	NOT-FOR-US: Cybozu
CVE-2016-1213 (The &quot;Scheduler&quot; function in Cybozu Garoon before 4.2.2 allows remote ...)
	NOT-FOR-US: Cybozu
CVE-2016-1212 (Directory traversal vulnerability in futomi MP Form Mail CGI ...)
	NOT-FOR-US: futomi MP Form Mail CGI Professional Edition
CVE-2016-1211 (Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List ...)
	NOT-FOR-US: Epoch Web Mailing List
CVE-2016-1210 (The 105 BANK app 1.0 and 1.1 for Android and 1.0 for iOS does not ...)
	NOT-FOR-US: 105 BANK app
CVE-2016-1209 (The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-1208 (The server in Apple FileMaker before 14.0.4 on OS X allows remote ...)
	NOT-FOR-US: Apple FileMaker
CVE-2016-1207 (Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R ...)
	NOT-FOR-US: I-O DATA
CVE-2016-1206 (The WPS implementation on I-O DATA DEVICE WN-GDN/R3, WN-GDN/R3-C, ...)
	NOT-FOR-US: I-O DATA
CVE-2016-1205 (Cross-site scripting (XSS) vulnerability in the shiro8 (1) ...)
	NOT-FOR-US: EC-CUBE plugin
CVE-2016-1204
	RESERVED
CVE-2016-1203
	RESERVED
CVE-2016-1202 (Untrusted search path vulnerability in Atom Electron before 0.33.5 ...)
	NOT-FOR-US: Atom Electron
CVE-2016-1201 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE ...)
	NOT-FOR-US: LOCKON
CVE-2016-1200 (The management screen in LOCKON EC-CUBE 3.0.7 through 3.0.9 allows ...)
	NOT-FOR-US: LOCKON
CVE-2016-1199 (The login page in the management screen in LOCKON EC-CUBE 3.0.0 ...)
	NOT-FOR-US: LOCKON
CVE-2016-1198 (Photopt for Android before 2.0.1 does not verify SSL certificates. ...)
	NOT-FOR-US: Photopt for Android
CVE-2016-1197 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.x before ...)
	NOT-FOR-US: Cybozu
CVE-2016-1196 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
	NOT-FOR-US: Cybozu
CVE-2016-1195 (Open redirect vulnerability in Cybozu Garoon 3.x and 4.x before 4.2.1 ...)
	NOT-FOR-US: Cybozu
CVE-2016-1194 (Cybozu Garoon before 4.2.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cybozu
CVE-2016-1193 (Cybozu Garoon 3.7 through 4.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Cybozu
CVE-2016-1192 (Directory traversal vulnerability in the logging implementation in ...)
	NOT-FOR-US: Cybozu
CVE-2016-1191 (Directory traversal vulnerability in the Files function in Cybozu ...)
	NOT-FOR-US: Cybozu
CVE-2016-1190 (Cybozu Garoon 3.1 through 4.2 allows remote authenticated users to ...)
	NOT-FOR-US: Cybozu
CVE-2016-1189 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
	NOT-FOR-US: Cybozu
CVE-2016-1188 (Cybozu Garoon 3.x and 4.x before 4.2.1 allows remote authenticated ...)
	NOT-FOR-US: Cybozu
CVE-2016-1187 (Cybozu KUNAI for iPhone 2.0.3 through 3.1.5 and for Android 2.1.2 ...)
	NOT-FOR-US: Cybozu
CVE-2016-1186 (Kintone mobile for Android 1.0.0 through 1.0.5 does not verify SSL ...)
	NOT-FOR-US: Kintone mobile for Android
CVE-2016-1185 (The Cybozu kintone mobile application 1.x before 1.0.6 for Android ...)
	NOT-FOR-US: Cybozu
CVE-2016-1184 (Tokyo Star bank App for Android before 1.4 and Tokyo Star bank App for ...)
	NOT-FOR-US: Tokyo Star bank App for Android
CVE-2016-1183 (NTT Data TERASOLUNA Server Framework for Java(WEB) 2.0.0.1 through ...)
	NOT-FOR-US: NTT
CVE-2016-1182 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 does not ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
	NOTE: https://jvn.jp/en/jp/JVN65044642/
	NOTE: Two conditions must be met to exploit this vulnerability
	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
	NOTE: condition two can be fixed by the following patch:
	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1181 (ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <no-dsa> (basically fixed in CVE-2015-0899)
	NOTE: https://jvn.jp/en/jp/JVN03188560/
	NOTE: Two conditions must be met to exploit this vulnerability
	NOTE: condition one is already fixed in CVE-2015-0899, so everything is fine
	NOTE: condition two can be fixed by the following patch:
	NOTE: https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	NOTE: but as this completely deactivates multipart requests, this should not be generally applied
CVE-2016-1180 (Cross-site scripting (XSS) vulnerability in the Cyber-Will ...)
	NOT-FOR-US: Cyber-Will Social-button Premium plugin
CVE-2016-1179 (Cross-site scripting (XSS) vulnerability in the standard template of ...)
	NOT-FOR-US: appleple a-blog cms
CVE-2016-1178 (The session management of the comment functionality in appleple a-blog ...)
	NOT-FOR-US: appleple a-blog cms
CVE-2016-1177 (The management screen in Falcon WisePoint 4.3.1 and earlier and ...)
	NOT-FOR-US: Falcon WisePoint
CVE-2016-1176 (Buffer overflow in the ActiveX control in Sharp EVA Animeter allows ...)
	NOT-FOR-US: Sharp EVA Animeter
CVE-2016-1175 (Cross-site request forgery (CSRF) vulnerability in AQUOS Photo Player ...)
	NOT-FOR-US: AQUOS Photo Player
CVE-2016-1174 (Cross-site request forgery (CSRF) vulnerability in the Menubook plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1173 (Cross-site scripting (XSS) vulnerability in the Menubook plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1172 (Cross-site request forgery (CSRF) vulnerability in the Recruit plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1171 (Cross-site scripting (XSS) vulnerability in the Recruit plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1170 (Cross-site request forgery (CSRF) vulnerability in the Casebook plugin ...)
	NOT-FOR-US: baserCMS
CVE-2016-1169 (Cross-site scripting (XSS) vulnerability in the Casebook plugin before ...)
	NOT-FOR-US: baserCMS
CVE-2016-1168 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WF800HP ...)
	NOT-FOR-US: NEC
CVE-2016-1167 (Cross-site request forgery (CSRF) vulnerability on NEC Aterm WG300HP ...)
	NOT-FOR-US: NEC
CVE-2016-1166
	REJECTED
CVE-2016-1165
	REJECTED
CVE-2016-1164
	REJECTED
CVE-2016-1163
	REJECTED
CVE-2016-1162
	REJECTED
CVE-2016-1161 (Cross-site request forgery (CSRF) vulnerability in ManageEngine ...)
	NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2016-1160 (Cross-site scripting (XSS) vulnerability in the WP Favorite Posts ...)
	NOT-FOR-US: WP Favorite Posts plugin for WordPress
CVE-2016-1159
	RESERVED
CVE-2016-1158 (Cross-site request forgery (CSRF) vulnerability on Corega CG-WLBARGMH ...)
	NOT-FOR-US: Corega
CVE-2016-1157 (Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* ...)
	NOT-FOR-US: Log-Chat
CVE-2016-1156 (LINE 4.3.0.724 and earlier on Windows and 4.3.1 and earlier on OS X ...)
	NOT-FOR-US: LINE
CVE-2016-1155 (HTTP header injection vulnerability in the URLConnection class in ...)
	NOT-FOR-US: Android
CVE-2016-1154 (SQL injection vulnerability in the Help plug-in 1.3.5 and earlier in ...)
	NOT-FOR-US: Cuore EC-CUBE
CVE-2016-1153 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1152 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1151 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cybozu ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1150 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1149 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2016-1148 (Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL ...)
	NOT-FOR-US: Akerun
CVE-2016-1147
	REJECTED
CVE-2016-1146
	REJECTED
CVE-2016-1145 (Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER ...)
	NOT-FOR-US: NEC EXPRESSCLUSTER
CVE-2016-1144 (Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM ...)
	NOT-FOR-US: High Income
CVE-2016-1143 (Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before ...)
	NOT-FOR-US: Vine MV
CVE-2016-1142 (Seeds acmailer before 3.8.21 and 3.9.x before 3.9.15 Beta allows ...)
	NOT-FOR-US: Seeds acmailer
CVE-2016-1141 (KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1140 (KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1139 (Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1138 (CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1137 (Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1136 (Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE ...)
	NOT-FOR-US: KDDI HOME SPOT CUBE
CVE-2016-1135 (Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices ...)
	NOT-FOR-US: BUFFALO
CVE-2016-1134 (Cross-site request forgery (CSRF) vulnerability on BUFFALO BHR-4GRV2 ...)
	NOT-FOR-US: BUFFALO
CVE-2016-1133 (CRLF injection vulnerability in the on_req function in ...)
	NOT-FOR-US: H2O
CVE-2016-1132 (Shoplat App for iOS 1.10.00 through 1.18.00 does not properly verify ...)
	NOT-FOR-US: Shoplat App
CVE-2016-1131 (Buffer overflow in the CL_vsprintf function in Takumi Yamada DX ...)
	NOT-FOR-US: Takumi Yamada
CVE-2015-8698 (CA Release Automation (formerly LISA Release Automation) 5.0.2 before ...)
	NOT-FOR-US: CA Release Automation
CVE-2015-8696
	RESERVED
CVE-2015-8695
	RESERVED
CVE-2015-8694
	RESERVED
CVE-2015-8693
	RESERVED
CVE-2015-8692
	RESERVED
CVE-2015-8691
	RESERVED
CVE-2015-8690
	RESERVED
CVE-2015-8689
	RESERVED
CVE-2015-8688 (Gajim before 0.16.5 allows remote attackers to modify the roster and ...)
	{DSA-3492-1 DLA-413-1}
	- gajim 0.16.5-0.1 (bug #809900)
	NOTE: http://gultsch.de/gajim_roster_push_and_message_interception.html
	NOTE: https://trac.gajim.org/changeset/af78b7c068904d78c5dfb802826aae99f26a8947/
CVE-2015-8687 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...)
	NOT-FOR-US: Alcatel
CVE-2015-8686
	RESERVED
CVE-2015-8685 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
	- dolibarr 3.5.8+dfsg1-1 (bug #812449)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/4291
	NOTE: https://github.com/GPCsolutions/dolibarr/commit/0d3181324c816bdf664ca5e1548dfe8eb05c54f8
CVE-2015-8684 (Exponent CMS before 2.3.7 does not properly restrict the types of ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-8682 (The Video0 driver in Huawei P8 smartphones with software GRA-UL00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8681 (The ovisp driver in Huawei P8 smartphones with software GRA-TL00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8680 (The Graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8679 (The Maxim_smartpa_dev driver in Huawei P8 smartphones with software ...)
	NOT-FOR-US: Huawei
CVE-2015-8678 (The ION driver in Huawei P8 smartphones with software GRA-TL00 before ...)
	NOT-FOR-US: ION driver in Huawei P8 smartphones
CVE-2015-8677 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, and S6300EI Campus ...)
	NOT-FOR-US: Huawei
CVE-2015-8676 (Memory leak in Huawei S5300EI, S5300SI, S5310HI, S6300EI/ S2350EI, and ...)
	NOT-FOR-US: Huawei
CVE-2015-8675 (Huawei S5300 Campus Series switches with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-8674
	REJECTED
CVE-2015-8673 (Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing ...)
	NOT-FOR-US: Huawei
CVE-2015-8672 (The presentation transmission permission management mechanism in Huawei ...)
	NOT-FOR-US: Huawei
CVE-2015-8671 (Huawei LogCenter V100R001C10 could allow an authenticated attacker to ...)
	NOT-FOR-US: Huawei
CVE-2015-8670 (Huawei LogCenter V100R001C10 could allow an authenticated attacker to ...)
	NOT-FOR-US: Huawei
CVE-2015-8667 (Cross-site scripting (XSS) vulnerability in Reset Your Password module ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-8664 (Integer overflow in the WebCursor::Deserialize function in ...)
	- chromium-browser 47.0.2526.111-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8663 (The ff_get_buffer function in libavcodec/utils.c in FFmpeg before ...)
	- ffmpeg 7:2.8.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=abee0a1c60612e8638640a8a3738fffb65e16dbf
CVE-2015-8662 (The ff_dwt_decode function in libavcodec/jpeg2000dwt.c in FFmpeg ...)
	- ffmpeg 7:2.8.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=75422280fbcdfbe9dc56bde5525b4d8b280f1bc5
CVE-2015-8661 (The h264_slice_header_init function in libavcodec/h264_slice.c in ...)
	- ffmpeg 7:2.8.3-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4ea4d2f438c9a7eba37980c9a87be4b34943e4d5
CVE-2015-8658 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8657 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8656 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8655 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8654 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8653 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8652 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8651 (Integer overflow in Adobe Flash Player before 18.0.0.324 and 19.x and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8650 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8649 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8648 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8647 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8646 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8645 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8644 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8643 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8642 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8641 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8640 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8639 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8638 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8637
	REJECTED
CVE-2015-8636 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8635 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8634 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8633
	RESERVED
CVE-2015-8632
	RESERVED
CVE-2015-8631 (Multiple memory leaks in kadmin/server/server_stubs.c in kadmind in ...)
	{DSA-3466-1 DLA-423-1}
	- krb5 1.13.2+dfsg-5 (bug #813126)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/83ed75feba32e46f736fcce0d96a0445f29b96c2
CVE-2015-8630 (The (1) kadm5_create_principal_3 and (2) kadm5_modify_principal ...)
	- krb5 1.13.2+dfsg-5 (bug #813127)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u2
	[wheezy] - krb5 <not-affected> (Vulnerability introduced in 1.12)
	[squeeze] - krb5 <not-affected> (Vulnerability introduced in 1.12)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/b863de7fbf080b15e347a736fdda0a82d42f4f6b
	NOTE: Introduced by: https://github.com/krb5/krb5/commit/0780e46fc13dbafa177525164997cd204cc50b51 (krb5-1.12-alpha1)
CVE-2015-8629 (The xdr_nullstring function in lib/kadm5/kadm_rpc_xdr.c in kadmind in ...)
	{DSA-3466-1 DLA-423-1}
	- krb5 1.13.2+dfsg-5 (bug #813296)
	NOTE: Fixed by: https://github.com/krb5/krb5/commit/df17a1224a3406f57477bcd372c61e04c0e5a5bb
CVE-2015-8620 (Heap-based buffer overflow in the Avast virtualization driver ...)
	NOT-FOR-US: Avast
CVE-2015-8669 (libraries/config/messages.inc.php in phpMyAdmin 4.0.x before ...)
	- phpmyadmin 4:4.5.3.1-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://www.phpmyadmin.net/security/PMASA-2015-6/
	NOTE: non-issue for Debian-packaged version
CVE-2015-8668 (Heap-based buffer overflow in the PackBitsPreEncode function in ...)
	{DLA-693-1}
	[jessie] - tiff 4.0.3-12.3+deb8u2
	- tiff 4.0.6-3 (bug #842046)
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Does not ship libtiff tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563
	NOTE: Red Hat say it's only OOB read: https://bugzilla.redhat.com/show_bug.cgi?id=1294425#c1
	NOTE: Red Hat's patch is partially incorrect according to upstream
	NOTE: Issue was also marked as wontfix, because bmp2tiff utility has been removed
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2563#c4
	NOTE: Reproducer file here: http://bugzilla.maptools.org/attachment.cgi?id=677
	NOTE: bmp2tiff was removed in 4.0.6-3 and DSA 3762, marking as fixed although technically still present in the source package
CVE-2015-8683 (The putcontig8bitCIELab function in tif_getimage.c in LibTIFF 4.0.6 ...)
	{DSA-3467-1 DLA-610-1 DLA-402-1}
	- tiff 4.0.6-1 (bug #809021)
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/25/1
	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8665 (tif_getimage.c in LibTIFF 4.0.6 allows remote attackers to cause a ...)
	{DSA-3467-1 DLA-610-1 DLA-402-1}
	- tiff 4.0.6-1 (bug #808968)
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/2
	NOTE: https://github.com/vadz/libtiff/commit/f94a29a822f5528d2334592760fbb7938f15eb55
CVE-2015-8666 (Heap-based buffer overflow in QEMU, when built with the ...)
	- qemu 1:2.5+dfsg-1
	[jessie] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d9a3b33d2c9f996537b7f1d0246dee2d0120cefb (v2.5.0-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283722
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/24/1
	NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=23910d3f669d46073b403876e30a7314599633af
CVE-2016-1130 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1129 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1128 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1127 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1126 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1125 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1124 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1123 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1122 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1121 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1120 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1119 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1118 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1117 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1116 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1115 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 ...)
	NOT-FOR-US: Adobe
CVE-2016-1114 (Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 ...)
	NOT-FOR-US: Adobe
CVE-2016-1113 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe
CVE-2016-1112 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1111 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1110 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1109 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1108 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1107 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1106 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1105 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1104 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1103 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1102 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1101 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1100 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1099 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1098 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1097 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1096 (Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1095 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1094 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1093 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1092 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1091 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-1090 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1089 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-1088 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1087 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1086 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1085 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1084 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1083 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1082 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1081 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1080 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1079 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1078 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1077 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1076 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1075 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1074 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1073 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1072 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1071 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1070 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1069 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1068 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1067 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1066 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1065 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1064 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1063 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1062 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1061 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1060 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1059 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1058 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1057 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1056 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1055 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1054 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1053 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1052 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1051 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1050 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1049 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1048 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1047 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1046 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1045 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1044 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1043 (Integer overflow in Adobe Reader and Acrobat before 11.0.16, Acrobat ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1042 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1041 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1040 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1039 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1038 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1037 (Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2016-1036 (Cross-site scripting (XSS) vulnerability in Adobe Analytics ...)
	NOT-FOR-US: Adobe
CVE-2016-1035 (Adobe RoboHelp Server 9 before 9.0.1 mishandles SQL queries, which ...)
	NOT-FOR-US: Adobe
CVE-2016-1034 (The Sync Process in the JavaScript API for Creative Cloud Libraries in ...)
	NOT-FOR-US: Adobe
CVE-2016-1033 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1032 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1031 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1030 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1029 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1028 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1027 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1026 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1025 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1024 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1023 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1022 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1021 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1020 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1019 (Adobe Flash Player 21.0.0.197 and earlier allows remote attackers to ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1018 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.343 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1017 (Use-after-free vulnerability in the LoadVars.decode function in Adobe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1016 (Use-after-free vulnerability in the Transform object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1015 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1014 (Untrusted search path vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1013 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1012 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1011 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1010 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1009 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1008 (Untrusted search path vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-1007 (Adobe Reader and Acrobat before 11.0.15, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-1006 (Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1005 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1004
	REJECTED
CVE-2016-1003
	REJECTED
CVE-2016-1002 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1001 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-1000 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0999 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0998 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0997 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0996 (Use-after-free vulnerability in the setInterval method in Adobe Flash ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0995 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0994 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0993 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0992 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0991 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0990 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0989 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0988 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0987 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0986 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0985 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0984 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
	NOT-FOR-US: Adobe
CVE-2016-0983 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
	NOT-FOR-US: Adobe
CVE-2016-0982 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
	NOT-FOR-US: Adobe
CVE-2016-0981 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0980 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0979 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0978 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0977 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0976 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0975 (Use-after-free vulnerability in the instanceof function in Adobe Flash ...)
	NOT-FOR-US: Adobe
CVE-2016-0974 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 ...)
	NOT-FOR-US: Adobe
CVE-2016-0973 (Use-after-free vulnerability in the URLRequest object implementation ...)
	NOT-FOR-US: Adobe
CVE-2016-0972 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0971 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and ...)
	NOT-FOR-US: Adobe
CVE-2016-0970 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0969 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0968 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0967 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0966 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0965 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0964 (Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe
CVE-2016-0963 (Integer overflow in Adobe Flash Player before 18.0.0.333 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0962 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0961 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0960 (Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0959 (Use after free vulnerability in Adobe Flash Player Desktop Runtime ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2016-0958 (Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0 might allow remote ...)
	NOT-FOR-US: Adobe
CVE-2016-0957 (Dispatcher before 4.1.5 in Adobe Experience Manager 5.6.1, 6.0.0, and ...)
	NOT-FOR-US: Adobe
CVE-2016-0956 (The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe ...)
	NOT-FOR-US: Apache Sling
CVE-2016-0955 (Cross-site scripting (XSS) vulnerability in Adobe Experience Manager ...)
	NOT-FOR-US: Adobe
CVE-2016-0954 (Adobe Digital Editions before 4.5.1 allows attackers to execute ...)
	NOT-FOR-US: Adobe
CVE-2016-0953 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
	NOT-FOR-US: Adobe
CVE-2016-0952 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
	NOT-FOR-US: Adobe
CVE-2016-0951 (Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before ...)
	NOT-FOR-US: Adobe
CVE-2016-0950 (Adobe Connect before 9.5.2 allows remote attackers to spoof the user ...)
	NOT-FOR-US: Adobe
CVE-2016-0949 (Adobe Connect before 9.5.2 allows remote attackers to have an ...)
	NOT-FOR-US: Adobe
CVE-2016-0948 (Cross-site request forgery (CSRF) vulnerability in Adobe Connect ...)
	NOT-FOR-US: Adobe
CVE-2016-0947 (Untrusted search path vulnerability in Adobe Download Manager, as used ...)
	NOT-FOR-US: Adobe
CVE-2016-0946 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0945 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0944 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0943 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0942 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0941 (Use-after-free vulnerability in the Search object implementation in ...)
	NOT-FOR-US: Adobe
CVE-2016-0940 (Use-after-free vulnerability in Adobe Reader and Acrobat before ...)
	NOT-FOR-US: Adobe
CVE-2016-0939 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0938 (The AcroForm plugin in Adobe Reader and Acrobat before 11.0.14, ...)
	NOT-FOR-US: Adobe
CVE-2016-0937 (Use-after-free vulnerability in the OCG object implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2016-0936 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0935 (Double free vulnerability in Adobe Reader and Acrobat before 11.0.14, ...)
	NOT-FOR-US: Adobe
CVE-2016-0934 (Use-after-free vulnerability in AGM.dll in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2016-0933 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2016-0932 (Use-after-free vulnerability in the Doc object implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2016-0931 (Adobe Reader and Acrobat before 11.0.14, Acrobat and Acrobat Reader DC ...)
	NOT-FOR-US: Adobe
CVE-2015-8660 (The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel ...)
	- linux 4.3.3-3
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=acff81ec2c79492b180fade3c2894425cd35a545 (v4.4-rc4)
	NOTE: OverlayFS introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9be9d5e76e34872f0c37d72e25bc27fe9e2c54c (v3.18-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/23/5
CVE-2015-8659 (The idle stream handling in nghttp2 before 1.6.0 allows attackers to ...)
	- nghttp2 1.6.0-1
	[jessie] - nghttp2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://nghttp2.org/blog/2015/12/23/nghttp2-v1-6-0/
	NOTE: Fixed by: https://github.com/tatsuhiro-t/nghttp2/commit/f8c30d022982d089fb90543c0cd5628b161d065d
	NOTE: Introduced at least after: https://github.com/tatsuhiro-t/nghttp2/commit/b2fb888363c08e98aae0638db62cdf7d164ea1d1
CVE-2015-8628 (The (1) Special:MyPage, (2) Special:MyTalk, (3) ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T109724
CVE-2015-8627 (MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T97897
CVE-2015-8626 (The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T115522
CVE-2015-8625 (MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, ...)
	- mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://phabricator.wikimedia.org/T118032
CVE-2015-8624 (The User::matchEditToken function in includes/User.php in MediaWiki ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T119309
CVE-2015-8623 (The User::matchEditToken function in includes/User.php in MediaWiki ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php
CVE-2015-8622 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, ...)
	- mediawiki 1:1.25.5-1 (low)
	[wheezy] - mediawiki <no-dsa> (Minor issue)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T117899
CVE-2015-8621 (t-coffee before 11.00.8cbe486-2 allows local users to write to ...)
	- t-coffee 11.00.8cbe486-2 (low; bug #751579)
	[jessie] - t-coffee <no-dsa> (Minor issue)
	[wheezy] - t-coffee <no-dsa> (Minor issue)
	[squeeze] - t-coffee <not-affected> (version in Squeeze uses system() and umask is handled correctly by sh (as opposed to later versions that use mkdir()))
CVE-2015-8617 (Format string vulnerability in the zend_throw_or_error function in ...)
	- php7.0 7.0.1-1
	NOTE: https://bugs.php.net/bug.php?id=71105
	NOTE: https://github.com/php/php-src/commit/b101a6bbd4f2181c360bd38e7683df4a03cba83e (php-7.0.2RC1)
CVE-2015-8616 (Use-after-free vulnerability in the Collator::sortWithSortKeys ...)
	- php7.0 7.0.1-1
	NOTE: https://bugs.php.net/bug.php?id=71020
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/22/4
CVE-2015-8697 (stalin 0.11-5 allows local users to write to arbitrary files. ...)
	- stalin <unfixed> (unimportant; bug #808730)
	[squeeze] - stalin <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/27/1
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-8708 (Stack-based buffer overflow in the conv_euctojis function in ...)
	- claws-mail 3.13.1-1.1 (bug #811048)
	[jessie] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied)
	[wheezy] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied)
	[squeeze] - claws-mail <not-affected> (Incomplete fix for CVE-2015-8614 not applied; instead all fixed included in DLA-383-1)
	- macopix <not-affected> (Incomplete fix not applied)
CVE-2015-8614 (Multiple stack-based buffer overflows in the (1) conv_jistoeuc, (2) ...)
	{DSA-3452-1 DLA-383-1}
	- claws-mail 3.13.1-1
	- macopix 1.7.4-6
	[jessie] - macopix <no-dsa> (Minor issue)
	[wheezy] - macopix <no-dsa> (Minor issue)
	NOTE: http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82 (3.13.1)
	NOTE: http://git.claws-mail.org/?p=claws.git;a=commitdiff;h=e3ffcb455e0376053451ce968e6c71ef37708222 (not yet in tagged release)
	NOTE: Upstream patch is broken - first comparison uses wrong operator and others appear
	NOTE: to assume wrong maximum character length.
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3557
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3584
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=569010
CVE-2015-8611 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, Link Controller, and ...)
	NOT-FOR-US: BIG-IP
CVE-2015-8613 (Stack-based buffer overflow in the megasas_ctrl_get_info function in ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-3 (bug #809232)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg03737.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284008
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/7
	NOTE: LSI Megaraid SAS HBA emulation introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e8f943c3bcc2a578bfd30b825f2ebaf345c63a09 (v1.2.0-rc0)
CVE-2015-8618 (The Int.Exp Montgomery code in the math/big library in Go 1.5.x before ...)
	- golang 2:1.5.3-1 (bug #809168)
	[jessie] - golang <not-affected> (Introduced in 1.5 release)
	[wheezy] - golang <not-affected> (Introduced in 1.5 release)
	NOTE: https://go-review.googlesource.com/#/c/17672/
	NOTE: Introduced in 1.5 release. Fixed in 1.5.3 upstream.
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/21/6
CVE-2015-8615 (The hvm_set_callback_via function in arch/x86/hvm/irq.c in Xen 4.6 ...)
	{DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[jessie] - xen <not-affected> (Only affects 4.6)
	[wheezy] - xen <not-affected> (Only affects 4.6)
	[squeeze] - xen <not-affected> (Only affects 4.6)
	NOTE: http://xenbits.xen.org/xsa/advisory-169.html
CVE-2015-8619 (The Human Monitor Interface support in QEMU allows remote attackers to ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-5 (bug #809237)
	[wheezy] - qemu <not-affected> (Issue introduced afer 1.2)
	[squeeze] - qemu <not-affected> (Issue introduced afer 1.2)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Introduced after 1.2)
	NOTE: According maintainer in https://bugs.debian.org/809237#17 introduced after 1.2
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02930.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283926
CVE-2016-1922 (QEMU (aka Quick Emulator) built with the TPR optimization for 32-bit ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-4 (bug #811201)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2016-01/msg02812.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283934
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/16/1
	NOTE: Possibly introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=4917cf44326a1bda2fd7f27303aff7a25ad86518 (v1.6.0-rc0)
	NOTE: kvmapic introduced after 1.0.50 (http://git.qemu.org/?p=qemu.git;a=commit;h=e5ad936b0fd7dfd7fd7908be6f9f1ca88f63b96b)
CVE-2016-0930 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0929 (The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0928 (Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0927 (Cross-site scripting (XSS) vulnerability in Pivotal Cloud Foundry ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0926 (Cross-site scripting (XSS) vulnerability in Apps Manager in Pivotal ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0925 (Cross-site scripting (XSS) vulnerability in the Case Management ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication
CVE-2016-0924
	REJECTED
CVE-2016-0923 (The client in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before ...)
	NOT-FOR-US: RSA BSAFE Micro Edition Suite
CVE-2016-0922 (EMC ViPR SRM before 3.7.2 does not restrict the number of ...)
	NOT-FOR-US: EMC ViPR SRM
CVE-2016-0921 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0920 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0919 (EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2016-0918 (EMC RSA Identity Management and Governance before 6.8.1 P25 and 6.9.x ...)
	NOT-FOR-US: EMC RSA Identity Governance and Lifecycle
CVE-2016-0917 (The SMB service in EMC VNXe (VNXe3200 Operating Environment prior to ...)
	NOT-FOR-US: EMC VNX
CVE-2016-0916 (EMC NetWorker 8.2.1.x and 8.2.2.x before 8.2.2.6 and 9.x before ...)
	NOT-FOR-US: EMC NetWorker
CVE-2016-0915 (The Self-Service Portal in EMC RSA Authentication Manager (AM) Prime ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2016-0914 (EMC Documentum WebTop 6.8 before Patch 13 and 6.8.1 before Patch 02, ...)
	NOT-FOR-US: EMC Documentum WebTop and WebTop Clients
CVE-2016-0913 (The client in EMC Replication Manager (RM) before ...)
	NOT-FOR-US: EMC
CVE-2016-0912 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 allows remote ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0911 (EMC Data Domain OS 5.4 through 5.7 before 5.7.2.0 has a default ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0910 (EMC Data Domain OS 5.5 before 5.5.4.0, 5.6 before 5.6.1.004, and 5.7 ...)
	NOT-FOR-US: EMC Data Domain OS
CVE-2016-0909 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) versions ...)
	NOT-FOR-US: EMC
CVE-2016-0908 (EMC Isilon OneFS 7.1.x before 7.1.1.9 and 7.2.x before 7.2.1.2 allows ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-0907 (EMC Isilon OneFS 7.1.x and 7.2.x before 7.2.1.3 and 8.0.x before ...)
	NOT-FOR-US: EMC Isilon
CVE-2016-0906 (The web-restore interface in Avamar Data Store (ADS) and Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0905 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0904 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0903 (Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) in EMC Avamar ...)
	NOT-FOR-US: EMC Avamar
CVE-2016-0902 (CRLF injection vulnerability in EMC RSA Authentication Manager before ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0901 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0900 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Manager
CVE-2016-0899 (EMC RSA Archer GRC 5.5.x before 5.5.3.4 allows remote authenticated ...)
	NOT-FOR-US: RSA Archer GRC Platform
CVE-2016-0898 (MySQL for PCF tiles 1.7.x before 1.7.10 were discovered to log the AWS ...)
	NOT-FOR-US: MySQL for PCF tiles
CVE-2016-0897 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.17 and 1.7.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0896 (Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0895 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers ...)
	NOT-FOR-US: EMC
CVE-2016-0894 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote ...)
	NOT-FOR-US: EMC
CVE-2016-0893 (EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote ...)
	NOT-FOR-US: EMC
CVE-2016-0892 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss ...)
	NOT-FOR-US: EMC
CVE-2016-0891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: EMC ViPR SRM
CVE-2016-0890 (EMC PowerPath Virtual (Management) Appliance 2.0, EMC PowerPath Virtual ...)
	NOT-FOR-US: EMC
CVE-2016-0889 (An HTTP servlet in vApp Manager in EMC Unisphere for VMAX Virtual ...)
	NOT-FOR-US: EMC
CVE-2016-0888 (EMC Documentum D2 before 4.6 lacks intended ACLs for configuration ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2016-0887 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x and 4.1.x before 4.1.5, ...)
	NOT-FOR-US: EMC
CVE-2016-0886 (EMC Documentum xCP 2.1 before patch 24 and 2.2 before patch 12 allows ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0885
	REJECTED
CVE-2016-0884
	REJECTED
CVE-2016-0883 (Pivotal Cloud Foundry (PCF) Ops Manager before 1.5.14 and 1.6.x before ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0882 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows ...)
	NOT-FOR-US: EMC Documentum
CVE-2016-0881 (EMC Documentum xCP 2.1 before patch 23 and 2.2 before patch 11 allows ...)
	NOT-FOR-US: EMC Documentum
CVE-2015-8610
	RESERVED
CVE-2015-8609
	RESERVED
CVE-2015-8608 (The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow ...)
	- perl <not-affected> (Only affects Perl on Windows)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126755
CVE-2015-8607 (The canonpath function in the File::Spec module in PathTools before ...)
	{DSA-3441-1}
	- perl 5.22.1-4 (bug #810719)
	[wheezy] - perl <not-affected> (Introduced in 5.20.0)
	[squeeze] - perl <not-affected> (Introduced in 5.20.0)
	- libfile-spec-perl <removed>
	[wheezy] - libfile-spec-perl <not-affected> (Introduced in 3.47)
	[squeeze] - libfile-spec-perl <not-affected> (Introduced in 3.47)
	NOTE: http://perl5.git.perl.org/perl.git/commit/130509aa42a87eef258fab0182ee2c7ad16baa8b
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=126862
CVE-2015-8606 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
	NOT-FOR-US: SilverStripe
CVE-2015-8605 (ISC DHCP 4.x before 4.1-ESV-R12-P1, 4.2.x, and 4.3.x before 4.3.3-P1 ...)
	{DSA-3442-1 DLA-385-2 DLA-385-1}
	- isc-dhcp 4.3.3-7 (bug #810875)
	NOTE: https://kb.isc.org/article/AA-01334
CVE-2015-8603 (Cross-site scripting (XSS) vulnerability in Serendipity before 2.0.3 ...)
	- serendipity <removed>
CVE-2015-8602 (The Token Insert Entity module 7.x-1.x before 7.x-1.1 for Drupal does ...)
	NOT-FOR-US: Token Insert Entity module for Drupal
CVE-2015-8601 (The Chat Room module 7.x-2.x before 7.x-2.2 for Drupal does not ...)
	NOT-FOR-US: Chat Room module for Drupal
CVE-2015-8600 (The SysAdminWebTool servlets in SAP Mobile Platform allow remote ...)
	NOT-FOR-US: SAP
CVE-2015-8599
	RESERVED
CVE-2015-8598
	RESERVED
CVE-2015-8597 (Open redirect vulnerability in Blue Coat ProxySG 6.5 before 6.5.8.8 ...)
	NOT-FOR-US: Blue Coat
CVE-2015-8596 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8595 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8594 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8593 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8592 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-8612 (The EnableNetwork method in the Network class in ...)
	{DSA-3427-1}
	- blueman 2.0.3-1
	[squeeze] - blueman <not-affected> (vulnerable code not present)
	NOTE: https://twitter.com/thegrugq/status/677809527882813440
	NOTE: https://github.com/blueman-project/blueman/commit/a3845bbed5fdddf14daec436b7e74f62719a71c1
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/18/6
CVE-2015-8709 (** DISPUTED ** kernel/ptrace.c in the Linux kernel through 4.4.1 ...)
	- linux 4.3.3-3
	[jessie] - linux 3.16.7-ckt20-1+deb8u2
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/17/12
	NOTE: https://lkml.org/lkml/2015/12/12/259
CVE-2016-0880
	REJECTED
CVE-2016-0879 (Moxa Secure Router EDR-G903 devices before 3.4.12 do not delete copies ...)
	NOT-FOR-US: Moxa
CVE-2016-0878 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...)
	NOT-FOR-US: Moxa
CVE-2016-0877 (Memory leak on Moxa Secure Router EDR-G903 devices before 3.4.12 ...)
	NOT-FOR-US: Moxa
CVE-2016-0876 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...)
	NOT-FOR-US: Moxa
CVE-2016-0875 (Moxa Secure Router EDR-G903 devices before 3.4.12 allow remote ...)
	NOT-FOR-US: Moxa
CVE-2016-0874
	RESERVED
CVE-2016-0873
	RESERVED
CVE-2016-0872 (A Plaintext Storage of a Password issue was discovered in Kabona AB ...)
	NOT-FOR-US: Kabona AB WebDatorCentral
CVE-2016-0871 (Eaton Lighting EG2 Web Control 4.04P and earlier allows remote ...)
	NOT-FOR-US: Eaton Lighting EG2 Web Control
CVE-2016-0870 (The web server in Trane Tracer SC 4.2.1134 and earlier allows remote ...)
	NOT-FOR-US: Trane Tracer
CVE-2016-0869 (Heap-based buffer overflow in MICROSYS PROMOTIC before 8.3.11 allows ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2016-0868 (Stack-based buffer overflow on Rockwell Automation Allen-Bradley ...)
	NOT-FOR-US: MicroLogix
CVE-2016-0867 (CAREL PlantVisorEnhanced allows remote attackers to bypass intended ...)
	NOT-FOR-US: CAREL
CVE-2016-0866 (Cross-site scripting (XSS) vulnerability in Tollgrade SmartGrid ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0865 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0864 (Tollgrade SmartGrid LightHouse Sensor Management System (SMS) Software ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0863 (Cross-site request forgery (CSRF) vulnerability in Tollgrade SmartGrid ...)
	NOT-FOR-US: Tollgrade
CVE-2016-0862 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter ...)
	NOT-FOR-US: General Electric devices
CVE-2016-0861 (General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter ...)
	NOT-FOR-US: General Electric devices
CVE-2016-0860 (Buffer overflow in the BwpAlarm subsystem in Advantech WebAccess ...)
	NOT-FOR-US: BwpAlarm
CVE-2016-0859 (Integer overflow in the Kernel service in Advantech WebAccess before ...)
	NOT-FOR-US: Advantech
CVE-2016-0858 (Race condition in Advantech WebAccess before 8.1 allows remote ...)
	NOT-FOR-US: Advantech
CVE-2016-0857 (Multiple heap-based buffer overflows in Advantech WebAccess before 8.1 ...)
	NOT-FOR-US: Advantech
CVE-2016-0856 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
	NOT-FOR-US: Advantech
CVE-2016-0855 (Directory traversal vulnerability in Advantech WebAccess before 8.1 ...)
	NOT-FOR-US: Advantech
CVE-2016-0854 (Unrestricted file upload vulnerability in the uploadImageCommon ...)
	NOT-FOR-US: Advantech
CVE-2016-0853 (Advantech WebAccess before 8.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Advantech
CVE-2016-0852 (Advantech WebAccess before 8.1 allows remote attackers to bypass an ...)
	NOT-FOR-US: Advantech
CVE-2016-0851 (Advantech WebAccess before 8.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Advantech
CVE-2016-0850 (The PORCHE_PAIRING_CONFLICT feature in Bluetooth in Android 4.x before ...)
	NOT-FOR-US: Android
CVE-2016-0849 (Multiple integer overflows in minzip/SysUtil.c in the Recovery ...)
	NOT-FOR-US: Android
CVE-2016-0848 (Race condition in Download Manager in Android 4.x before 4.4.4, 5.0.x ...)
	NOT-FOR-US: Android
CVE-2016-0847 (The Telecom Component in Android 5.0.x before 5.0.2, 5.1.x before ...)
	NOT-FOR-US: Android
CVE-2016-0846 (libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x ...)
	NOT-FOR-US: Android
CVE-2016-0845
	REJECTED
CVE-2016-0844 (The Qualcomm RF driver in Android 6.x before 2016-04-01 does not ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0843 (The Qualcomm ARM processor performance-event manager in Android 4.x ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0842 (The H.264 decoder in libstagefright in Android 6.x before 2016-04-01 ...)
	NOT-FOR-US: libstagefright
CVE-2016-0841 (media/libmedia/mediametadataretriever.cpp in mediaserver in Android ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0840 (Multiple stack-based buffer underflows in decoder/ih264d_parse_cavlc.c ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0839 (post_proc/volume_listener.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0838 (Sonivox in mediaserver in Android 4.x before 4.4.4, 5.0.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0837 (MPEG4Extractor.cpp in libstagefright in mediaserver in Android 4.x ...)
	NOT-FOR-US: libstagefright
CVE-2016-0836 (Stack-based buffer overflow in decoder/impeg2d_vld.c in mediaserver in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0835 (decoder/impeg2d_dec_hdr.c in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0834 (An unspecified media codec in mediaserver in Android 6.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0833 (Android allows users to cause a denial of service. ...)
	NOT-FOR-US: Android
CVE-2016-0832 (Setup Wizard in Android 5.1.x before LMY49H and 6.x before 2016-03-01 ...)
	NOT-FOR-US: Android
CVE-2016-0831 (The getDeviceIdForPhone function in ...)
	NOT-FOR-US: Android
CVE-2016-0830 (btif_config.c in Bluetooth in Android 6.x before 2016-03-01 allows ...)
	NOT-FOR-US: Android
CVE-2016-0829 (The BnGraphicBufferProducer::onTransact function in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0828 (The BnGraphicBufferConsumer::onTransact function in ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0827 (Multiple integer overflows in libeffects in mediaserver in Android 4.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0826 (libcameraservice in mediaserver in Android 4.x before 4.4.4, 5.x ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0825 (The Widevine Trusted Application in Android 6.0.1 before 2016-03-01 ...)
	NOT-FOR-US: Android
CVE-2016-0824 (libmpeg2 in libstagefright in Android 6.x before 2016-03-01 allows ...)
	NOT-FOR-US: libstagefright
CVE-2016-0823 (The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel ...)
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
	NOTE: Upstream patch: https://git.kernel.org/linus/ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce (v4.0-rc5)
	NOTE: https://googleprojectzero.blogspot.cz/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
CVE-2016-0822 (The MediaTek connectivity kernel driver in Android 6.0.1 before ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-0821 (The LIST_POISON feature in include/linux/poison.h in the Linux kernel ...)
	{DSA-3607-1 DLA-516-1}
	- linux 4.3.1-1
	NOTE: Upstream patch: https://git.kernel.org/linus/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf (v4.3-rc1)
CVE-2016-0820 (The MediaTek Wi-Fi kernel driver in Android 6.0.1 before 2016-03-01 ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2016-0819 (The Qualcomm performance component in Android 4.x before 4.4.4, 5.x ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2016-0818 (The caching functionality in the TrustManagerImpl class in ...)
	NOT-FOR-US: Android
CVE-2016-0817
	RESERVED
CVE-2016-0816 (mediaserver in Android 6.x before 2016-03-01 allows remote attackers ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0815 (The MPEG4Source::fragmentedRead function in MPEG4Extractor.cpp in ...)
	NOT-FOR-US: libstagefright
CVE-2016-0814
	RESERVED
CVE-2016-0813 (packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java ...)
	NOT-FOR-US: Android
CVE-2016-0812 (The interceptKeyBeforeDispatching function in ...)
	NOT-FOR-US: Android
CVE-2016-0811 (Integer overflow in the BnCrypto::onTransact function in ...)
	NOT-FOR-US: Android
CVE-2016-0810 (media/libmedia/SoundPool.cpp in mediaserver in Android 4.x before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2016-0809 (Use-after-free vulnerability in the wifi_cleanup function in ...)
	NOT-FOR-US: Android
CVE-2016-0808 (Integer overflow in the getCoverageFormat12 function in ...)
	NOT-FOR-US: Android
CVE-2016-0807 (The get_build_id function in elf_utils.cpp in Debuggerd in Android 6.x ...)
	- android-platform-system-core 1:7.0.0+r1-1 (unimportant)
	NOTE: debuggerd not included, see bug #858177
CVE-2016-0806 (The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android drivers
CVE-2016-0805 (The performance event manager for Qualcomm ARM processors in Android ...)
	NOT-FOR-US: Android drivers
CVE-2016-0804 (The NuPlayer::GenericSource::notifyPreparedAndCleanup function in ...)
	NOT-FOR-US: Android
CVE-2016-0803 (libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before ...)
	NOT-FOR-US: libstagefright
CVE-2016-0802 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android drivers
CVE-2016-0801 (The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, ...)
	NOT-FOR-US: Android drivers
CVE-2016-0800 (The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before ...)
	- openssl 1.0.0c-2
	- nss 3.13
	NOTE: openssl 1.0.0c-2 dropped SSLv2 support
	NOTE: NSS disabled SSLv2 by default in 3.13
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: https://www.drownattack.com/
	NOTE: GNUTLS never implemented SSLv2
	NOTE: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
CVE-2016-0799 (The fmtstr function in crypto/bio/b_print.c in OpenSSL 1.0.1 before ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=a801bf263849a2ef773e5bc0c86438cbba720835
	NOTE: https://guidovranken.wordpress.com/2016/02/27/openssl-cve-2016-0799-heap-corruption-via-bio_printf/
CVE-2016-0798 (Memory leak in the SRP_VBASE_get_by_user implementation in OpenSSL ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=59a908f1e8380412a81392c468b83bf6071beb2a
CVE-2016-0797 (Multiple integer overflows in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=99ba9fd02fd481eb971023a3a0a251a37eb87e4c
CVE-2016-0796
	RESERVED
CVE-2016-0795 (LibreOffice before 5.0.5 allows remote attackers to cause a denial of ...)
	{DSA-3482-1}
	- libreoffice 1:5.0.5~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0795/
CVE-2016-0794 (The lwp filter in LibreOffice before 5.0.4 allows remote attackers to ...)
	{DSA-3482-1}
	- libreoffice 1:5.0.5~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2016-0794/
CVE-2016-0793 (Incomplete blacklist vulnerability in the servlet filter restriction ...)
	NOT-FOR-US: WildFly / Red Hat JBoss EAP
CVE-2016-0792 (Multiple unspecified API endpoints in Jenkins before 1.650 and LTS ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0791 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0790 (Jenkins before 1.650 and LTS before 1.642.2 do not use a constant-time ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0789 (CRLF injection vulnerability in the CLI command documentation in ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0788 (The remoting module in Jenkins before 1.650 and LTS before 1.642.2 ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2016-02-24
CVE-2016-0787 (The diffie_hellman_sha256 function in kex.c in libssh2 before 1.7.0 ...)
	{DSA-3487-1 DLA-426-1}
	- libssh2 1.5.0-2.1 (bug #815662)
	NOTE: Upstream fix: https://github.com/libssh2/libssh2/commit/ca5222ea819cc5ed797860070b4c6c1aeeb28420
	NOTE: Upstream patch only fixes DH SHA-256 key exchange type, not DH SHA-1
CVE-2016-0786
	RESERVED
CVE-2016-0785 (Apache Struts 2.x before 2.3.28 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Only 2.0.0 to 2.3.28.1)
	NOTE: http://struts.apache.org/docs/s2-029.html
CVE-2016-0784 (Directory traversal vulnerability in the Import/Export System Backups ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-0783 (The sendHashByUser function in Apache OpenMeetings before 3.1.1 ...)
	NOT-FOR-US: Apache OpenMeetings
CVE-2016-0782 (The administration web console in Apache ActiveMQ 5.x before 5.11.4, ...)
	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0782-announcement.txt
CVE-2016-0781 (The UAA OAuth approval pages in Cloud Foundry v208 to v231, ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0780 (It was discovered that cf-release v231 and lower, Pivotal Cloud ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0779 (The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x ...)
	NOT-FOR-US: Apache TomEE
CVE-2016-0778 (The (1) roaming_read and (2) roaming_write functions in ...)
	{DSA-3446-1 DLA-387-1}
	- openssh 1:7.1p2-1
	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0777 (The resend_bytes function in roaming_common.c in the client in OpenSSH ...)
	{DSA-3446-1 DLA-387-1}
	- openssh 1:7.1p2-1 (bug #810984)
	NOTE: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
CVE-2016-0776
	REJECTED
CVE-2016-0775 (Buffer overflow in the ImagingFliDecode function in ...)
	{DSA-3499-1 DLA-422-1}
	- pillow 3.1.1-1 (bug #813909)
	- python-imaging <removed>
	[wheezy] - python-imaging 1.1.7-4+deb7u2
	NOTE: https://github.com/python-pillow/Pillow/commit/bcaaf97f4ff25b3b5b9e8efeda364e17e80858ec (3.1.1)
CVE-2016-0774 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a ...)
	{DLA-439-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://rhn.redhat.com/errata/RHSA-2016-0103.html
	NOTE: The upstream fix for 3.16 was correct, but wheezy had a incomplete backport
CVE-2016-0773 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, ...)
	{DSA-3476-1 DSA-3475-1 DLA-432-1}
	- postgresql-9.5 9.5.1-1
	- postgresql-9.4 <unfixed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	NOTE: http://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=3bb3f42f3749d40b8d4de65871e8d828b18d4a45
CVE-2016-0772 (The smtplib library in CPython (aka Python) before 2.7.12, 3.x before ...)
	{DLA-871-1 DLA-522-1}
	- python3.5 3.5.2~rc1-1
	- python3.4 <removed>
	[jessie] - python3.4 <no-dsa> (Will be fixed via a point release)
	- python3.2 <removed>
	- python2.7 2.7.12~rc1-1
	[jessie] - python2.7 2.7.9-2+deb8u1
	NOTE: 3.4 branch: https://hg.python.org/cpython/rev/d590114c2394
	NOTE: 2.7 branch: https://hg.python.org/cpython/rev/b3ce713fb9be
CVE-2016-0771 (The internal DNS server in Samba 4.x before 4.1.23, 4.2.x before ...)
	{DSA-3514-1}
	- samba 2:4.3.6+dfsg-1
	[wheezy] - samba <not-affected> (Vulnerable code not present)
	[squeeze] - samba <not-affected> (Vulnerable code not present)
	NOTE: https://www.samba.org/samba/security/CVE-2016-0771.html
CVE-2016-0770 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0769 (Multiple SQL injection vulnerabilities in eshop-orders.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0768 (PostgreSQL PL/Java after 9.0 does not honor access controls on large ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue on undocumented API that got later removed)
CVE-2016-0767 (PostgreSQL PL/Java before 1.5.0 allows remote authenticated users with ...)
	- postgresql-pljava <removed>
	[wheezy] - postgresql-pljava <no-dsa> (Minor issue)
CVE-2016-0766 (PostgreSQL before 9.1.20, 9.2.x before 9.2.15, 9.3.x before 9.3.11, ...)
	{DSA-3476-1 DSA-3475-1}
	- postgresql-9.5 9.5.1
	- postgresql-9.4 <unfixed>
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
CVE-2016-0765 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2016-0764 (Race condition in Network Manager before 1.0.12 as packaged in Red Hat ...)
	- network-manager 1.1.91-1 (bug #820354)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	NOTE: Upstream fix: https://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=60b7ed3bdc3941a3b7c56824fba4b7291e79041f (1.2-beta2)
	NOTE: Fixed in 1.0.12 for the 1.0.x branch: https://cgit.freedesktop.org/NetworkManager/NetworkManager/tree/NEWS?h=1.0.12
CVE-2016-0763 (The setGlobalContext method in ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0762 (The Realm implementations in Apache Tomcat versions 9.0.0.M1 to ...)
	{DSA-3721-1 DSA-3720-1 DLA-729-1 DLA-728-1}
	- tomcat8 8.0.37-1 (low)
	- tomcat7 7.0.72-1 (low; bug #842662)
	- tomcat6 6.0.41-3 (low)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs in Jessie
	NOTE: http://markmail.org/message/pzuk6hauzljnm4r7?q=list:org.apache.tomcat.announce/
	NOTE: Fixed by: http://svn.apache.org/r1758501 (8.0.x)
	NOTE: Fixed by: http://svn.apache.org/r1758502 (7.0.x)
	NOTE: Fixed by: https://svn.apache.org/viewvc?view=revision&revision=1758506 (6.0.x)
CVE-2016-0761 (Cloud Foundry Garden-Linux versions prior to v0.333.0 and Elastic ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0760 (Multiple incomplete blacklist vulnerabilities in Apache Sentry before ...)
	NOT-FOR-US: Apache Hive
CVE-2016-0759
	REJECTED
CVE-2016-0758 (Integer overflow in lib/asn1_decoder.c in the Linux kernel before 4.6 ...)
	- linux 4.5.4-1
	[jessie] - linux 3.16.36-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v3.10-rc1)
	NOTE: https://lkml.org/lkml/2016/5/12/270
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1300257
	NOTE: Fixed by: https://git.kernel.org/linus/23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa
	NOTE: Introduced by: https://git.kernel.org/linus/42d5ec27f873c654a68f7f865dcd7737513e9508 (v3.10-rc1)
CVE-2016-0757 (OpenStack Image Service (Glance) before 2015.1.3 (kilo) and 11.0.x ...)
	- glance 2:12.0.0-1
	[jessie] - glance <no-dsa> (Minor issue)
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: <=2015.1.2, >=11.0.0 <= 11.0.1
	NOTE: https://bugs.launchpad.net/bugs/1525915
CVE-2016-0756 (The generate_dialback function in the mod_dialback module in Prosody ...)
	{DSA-3463-1 DLA-407-1}
	- prosody 0.9.10-1
	NOTE: http://blog.prosody.im/prosody-0-9-10-released/
	NOTE: https://prosody.im/security/advisory_20160127/
	NOTE: Upstream fix https://github.com/bjc/prosody/commit/8708def4f55e61acdd5b2c762d420ab40da0d015
CVE-2016-0755 (The ConnectionExists function in lib/url.c in libcurl before 7.47.0 ...)
	{DSA-3455-1}
	- curl 7.47.0-1
	[wheezy] - curl <no-dsa> (Too intrusive to backport)
	NOTE: http://curl.haxx.se/docs/adv_20160127A.html
CVE-2016-0754 (cURL before 7.47.0 on Windows allows attackers to write to arbitrary ...)
	- curl <not-affected> (Windows only)
	NOTE: http://curl.haxx.se/docs/adv_20160127B.html
CVE-2016-0753 (Active Model in Ruby on Rails 4.1.x before 4.1.14.1, 4.2.x before ...)
	{DSA-3464-1 DLA-642-1 DLA-641-1 DLA-498-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-activerecord-3.2 <removed>
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activesupport-3.2 <removed>
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life>
	- ruby-activemodel-3.2 <removed>
CVE-2016-0752 (Directory traversal vulnerability in Action View in Ruby on Rails ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0751 (actionpack/lib/action_dispatch/http/mime_type.rb in Action Pack in ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2016-0750
	RESERVED
	NOT-FOR-US: Infinispan
CVE-2016-0749 (The smartcard interaction in SPICE allows remote attackers to cause a ...)
	{DSA-3596-1}
	- spice 0.12.6-4.1 (bug #826585)
	[wheezy] - spice <not-affected> (Vulnerable code not present. Configured with --disable-smartcard)
CVE-2016-0748
	RESERVED
CVE-2016-0747 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 does not ...)
	{DSA-3473-1}
	- nginx 1.9.10-1 (bug #812806)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/4016e6b1da4fbf9c45963211791be124cd7ffb8f (release-1.9.10)
	NOTE: https://github.com/nginx/nginx/commit/fe89d99796d42b86816e17d9c87ab16964768024 (release-1.9.10)
CVE-2016-0746 (Use-after-free vulnerability in the resolver in nginx 0.6.18 through ...)
	{DSA-3473-1}
	- nginx 1.9.10-1 (bug #812806)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/4b581a7c21e4328d059bf400a059c0458fc9f806 (release-1.9.10)
	NOTE: https://github.com/nginx/nginx/commit/a3d42258d97ebd0b638c20976654d3edfbaf943f (release-1.9.10)
CVE-2016-0745
	RESERVED
CVE-2016-0744
	RESERVED
CVE-2016-0743
	RESERVED
CVE-2016-0742 (The resolver in nginx before 1.8.1 and 1.9.x before 1.9.10 allows ...)
	{DSA-3473-1 DLA-404-1}
	- nginx 1.9.10-1 (bug #812806)
	NOTE: http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html
	NOTE: https://github.com/nginx/nginx/commit/c44fd4e837f979912749a5a19490ccb9b46398d3 (release-1.9.10)
CVE-2016-0741 (slapd/connection.c in 389 Directory Server (formerly Fedora Directory ...)
	- 389-ds-base 1.3.4.8-1
	[jessie] - 389-ds-base <not-affected> (Only affects 1.3.4 and up)
	NOTE: https://fedorahosted.org/389/ticket/48412
CVE-2016-0740 (Buffer overflow in the ImagingLibTiffDecode function in ...)
	{DSA-3499-1}
	- pillow 3.1.1-1 (bug #813905)
	- python-imaging <not-affected> (Vulnerable code introduce in 2.0.0)
	NOTE: Issue when linked against libtiff >= 4.0.0
	NOTE: Fixed by: https://github.com/python-pillow/Pillow/commit/6dcbf5bd96b717c58d7b642949da8d323099928e (3.1.1)
	NOTE: Introduced by: https://github.com/python-pillow/Pillow/commit/e782fe721e0156de9636e78cd881d9f9e7e6ce50 (2.0.0)
CVE-2016-0739 (libssh before 0.7.3 improperly truncates ephemeral secrets generated ...)
	{DSA-3488-1 DLA-425-1}
	- libssh 0.6.3-4.3 (bug #815663)
	NOTE: Upstream fix: https://git.libssh.org/projects/libssh.git/commit/?h=v0-7&id=f8d0026c65fc8a55748ae481758e2cf376c26c86
CVE-2016-0738 (OpenStack Object Storage (Swift) before 2.3.1 (Kilo), 2.4.x, and 2.5.x ...)
	- swift 2.5.0-3 (bug #812984)
	[jessie] - swift <not-affected> (Vulnerable code not present)
	[wheezy] - swift <not-affected> (Vulnerable code not present)
	NOTE: Swift: >=2.2.1 <= 2.3.0, >= 2.4.0 <= 2.5.0
CVE-2016-0737 (OpenStack Object Storage (Swift) before 2.4.0 does not properly close ...)
	- swift 2.4.0-1
	[jessie] - swift <not-affected> (Vulnerable code not present)
	[wheezy] - swift <not-affected> (Vulnerable code not present)
	NOTE: Swift: >=2.2.1 <= 2.3.0
CVE-2016-0736 (In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was ...)
	{DSA-3796-1}
	- apache2 2.4.25-1
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: https://lists.apache.org/thread.html/139862b41c0dfd5e6e00ad89c00119f9faf0dd41a2f927da9c9a4076@%3Cannounce.httpd.apache.org%3E
	NOTE: Fixed by: https://svn.apache.org/r1772812
	NOTE: Affects: 2.4.1 to 2.4.23
	NOTE: Fixed in 2.4.25
CVE-2016-0735 (Apache Ranger 0.5.x before 0.5.2 allows remote authenticated users to ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-0734 (The web-based administration console in Apache ActiveMQ 5.x before ...)
	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
	NOTE: https://activemq.apache.org/security-advisories.data/CVE-2016-0734-announcement.txt
CVE-2016-0733 (The Admin UI in Apache Ranger before 0.5.1 does not properly handle ...)
	NOT-FOR-US: Apache Ranger
CVE-2016-0732 (The identity zones feature in Pivotal Cloud Foundry 208 through 229; ...)
	NOT-FOR-US: Pivotal Cloud Foundry
CVE-2016-0731 (The File Browser View in Apache Ambari before 2.2.1 allows remote ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-0730
	REJECTED
CVE-2016-0729 (Multiple buffer overflows in (1) internal/XMLReader.cpp, (2) ...)
	{DSA-3493-1 DLA-433-1}
	- xerces-c 3.1.3+debian-1 (bug #815907)
	NOTE: http://xerces.apache.org/xerces-c/secadv/CVE-2016-0729.txt
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1727978
CVE-2016-0728 (The join_session_keyring function in security/keys/process_keys.c in ...)
	{DSA-3448-1}
	- linux 4.3.3-6
	[wheezy] - linux <not-affected> (Introduced in v3.8-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.8-rc1)
	NOTE: Upstream commit: https://git.kernel.org/linus/23567fd052a9abb6d67fe8e7a9ccdd9800a540f2
	NOTE: Introduced in https://git.kernel.org/linus/3a50597de8635cd05133bd12c95681c82fe7b878 (v3.8-rc1)
	NOTE: http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
CVE-2016-0727 (The crontab script in the ntp package before ...)
	- ntp 1:4.2.8p9+dfsg-2 (low; bug #839998)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/1528050
	NOTE: http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
	NOTE: Originally addressed in 1:4.2.8p8+dfsg-1.1, then refixed in 1:4.2.8p9+dfsg-2
CVE-2016-0726 (The Fedora Nagios package uses &quot;nagiosadmin&quot; as the default password ...)
	- nagios3 <not-affected> (Specific to Fedora installation)
CVE-2016-0725 (Cross-site scripting (XSS) vulnerability in the search_pagination ...)
	- moodle <not-affected> (Only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 2.8 to 2.8.9)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552
CVE-2016-0724 (The (1) core_enrol_get_course_enrolment_methods and (2) ...)
	- moodle 2.7.12+dfsg-1 (bug #811344)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52072
CVE-2016-0723 (Race condition in the tty_ioctl function in drivers/tty/tty_io.c in ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.3-6
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: http://lkml.iu.edu/hypermail/linux/kernel/1511.3/03045.html
	NOTE: https://git.kernel.org/linus/5c17c861a357e9458001f021a7afa7aab9937439 (v4.5-rc2)
CVE-2016-0722
	REJECTED
CVE-2016-0721 (Session fixation vulnerability in pcsd in pcs before 0.9.157. ...)
	- pcs 0.9.149-1
	NOTE: https://github.com/feist/pcs/commit/bc6ad9086857559db57f4e3e6de66762291c0774 (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/e9b28833d54a47ec441f6dbad0db96e1fc662a5b (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/acdbbe8307e6f4a36b2c7754765e732e43fe8d17 (0.9.149)
CVE-2016-0720 (Cross-site request forgery (CSRF) vulnerability in pcsd web UI in pcs ...)
	- pcs 0.9.149-1
	NOTE: https://github.com/feist/pcs/commit/3360ecd318f7631bf5826d99a20bf4b29d86dc9c (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/d49435de20f71bd0816c42b445ed484dd21fbe96 (0.9.149)
	NOTE: https://github.com/feist/pcs/commit/b9e7f061788c3b86a0c67d2d4158f067ec5eb625 (0.9.149)
CVE-2016-0719
	REJECTED
CVE-2016-0718 (Expat allows context-dependent attackers to cause a denial of service ...)
	{DSA-3582-1 DLA-483-1}
	- expat 2.1.1-2
	- firefox 48.0-1 (unimportant)
	- firefox-esr <not-affected> (Doesn't affect Firefox ESR)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-68/
	NOTE: Firefox links dynamically against expat
CVE-2016-0717
	REJECTED
CVE-2016-0716
	REJECTED
CVE-2016-0715
	RESERVED
CVE-2016-0714 (The session-persistence implementation in Apache Tomcat 6.x before ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0713 (Gorouter in Cloud Foundry cf-release v141 through v228 allows ...)
	NOT-FOR-US: Cloud Foundry
CVE-2016-0712 (Cross-site scripting (XSS) vulnerability in Apache Jetspeed before ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0711 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0710 (Multiple SQL injection vulnerabilities in the User Manager service in ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0709 (Directory traversal vulnerability in the Import/Export function in the ...)
	NOT-FOR-US: Apache Jetspeed
CVE-2016-0708
	RESERVED
CVE-2016-0707 (The agent in Apache Ambari before 2.1.2 uses weak permissions for the ...)
	NOT-FOR-US: Apache Ambari
CVE-2016-0706 (Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.31, ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.68, 8.0.32, 9.0.0.M3
CVE-2016-0705 (Double free vulnerability in the dsa_priv_decode function in ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
	NOTE: Fixed in master in https://git.openssl.org/?p=openssl.git;a=commit;h=ab4a81f69ec88d06c9d8de15326b9296d7f498ed
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0704 (An oracle protection mechanism in the get_client_master_key function ...)
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0703 (The get_client_master_key function in s2_srvr.c in the SSLv2 ...)
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
CVE-2016-0702 (The MOD_EXP_CTIME_COPY_FROM_PREBUF function in crypto/bn/bn_exp.c in ...)
	{DSA-3500-1}
	- openssl 1.0.2g-1
	NOTE: https://www.openssl.org/news/secadv/20160301.txt
	NOTE: https://cachebleed.info
CVE-2016-0701 (The DH_check_pub_key function in crypto/dh/dh_check.c in OpenSSL 1.0.2 ...)
	- openssl 1.0.2f-2
	[jessie] - openssl <not-affected> (Only affects 1.0.2)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2)
	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
CVE-2015-8591
	REJECTED
CVE-2015-8590
	REJECTED
CVE-2015-8589
	REJECTED
CVE-2015-8588
	REJECTED
CVE-2015-8587
	REJECTED
CVE-2015-8586
	REJECTED
CVE-2015-8585
	REJECTED
CVE-2015-8584
	REJECTED
CVE-2015-8583
	REJECTED
CVE-2015-8582
	REJECTED
CVE-2015-8581
	REJECTED
CVE-2015-8580 (Multiple use-after-free vulnerabilities in the (1) Print method and ...)
	NOT-FOR-US: Foxit
CVE-2015-8579 (Kaspersky Total Security 2015 15.0.2.361 allocates memory with Read, ...)
	NOT-FOR-US: Kaspersky
CVE-2015-8578 (AVG Internet Security 2015 allocates memory with Read, Write, Execute ...)
	NOT-FOR-US: AVG
CVE-2015-8577 (The Buffer Overflow Protection (BOP) feature in McAfee VirusScan ...)
	NOT-FOR-US: McAfee
CVE-2015-8576
	REJECTED
CVE-2015-8574
	REJECTED
CVE-2015-8573
	REJECTED
CVE-2015-XXXX [XSA-166: ioreq handling possibly susceptible to multiple read issue]
	- xen 4.8.0~rc3-1
	[jessie] - xen 4.4.1-9+deb8u4
	[wheezy] - xen 4.1.6.lts1-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-166.html
CVE-2015-8572 (Multiple buffer overflows in Autodesk Design Review (ADR) before 2013 ...)
	NOT-FOR-US: Autodesk
CVE-2015-8571 (Integer overflow in Autodesk Design Review (ADR) before 2013 Hotfix 2 ...)
	NOT-FOR-US: Autodesk
CVE-2015-8570 (The password reset functionality in Lepide Active Directory Self ...)
	NOT-FOR-US: Lepide
CVE-2015-8575 (The sco_sock_bind function in net/bluetooth/sco.c in the Linux kernel ...)
	{DSA-3434-1 DLA-378-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5233252fce714053f0151680933571a2da9cbfb4 (v4.4-rc6)
CVE-2015-8566 (The Session package 1.x before 1.3.1 for Joomla! Framework allows ...)
	NOT-FOR-US: Session package for Joomla
CVE-2015-8565 (Directory traversal vulnerability in Joomla! 3.2.0 through 3.3.x and ...)
	NOT-FOR-US: Joomla
CVE-2015-8564 (Directory traversal vulnerability in Joomla! 3.4.x before 3.4.6 allows ...)
	NOT-FOR-US: Joomla
CVE-2015-8563 (Cross-site request forgery (CSRF) vulnerability in the com_templates ...)
	NOT-FOR-US: Joomla
CVE-2015-8562 (Joomla! 1.5.x, 2.x, and 3.x before 3.4.6 allow remote attackers to ...)
	NOT-FOR-US: Joomla
CVE-2015-8561 (The F1BookView ActiveX control in F1 Bookview in Schneider Electric ...)
	NOT-FOR-US: F1BookView
CVE-2015-8555 (Xen 4.6.x, 4.5.x, 4.4.x, 4.3.x, and earlier do not initialize x86 FPU ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-165.html
CVE-2015-8554 (Buffer overflow in hw/pt-msi.c in Xen 4.6.x and earlier, when using ...)
	{DLA-479-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-164.html
CVE-2015-8553 (Xen allows guest OS users to obtain sensitive information from ...)
	- linux <unfixed>
	[stretch] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
	[jessie] - linux <ignored> (Intrusive; breaks qemu as used in Jessie; cf. kernel-sec for more details)
	[wheezy] - linux <ignored> (Intrusive; breaks qemu as used in Wheezy; cf. kernel-sec for more details)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	NOTE: CVE for the incomplete patches from XSA-120 and supplied in
	NOTE: XSA-120 v5+ addendum patch.
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1289128#c2
	NOTE: http://xenbits.xen.org/xsa/advisory-120.html
	NOTE: Patch is discussed in http://thread.gmane.org/gmane.comp.emulators.xen.devel/140440/focus=140441
	NOTE: and http://thread.gmane.org/gmane.linux.kernel/1924087/focus=1924088
CVE-2015-8552 (The PCI backend driver in Xen, when running on an x86 system and using ...)
	{DSA-3434-1}
	[experimental] - linux 4.4~rc6-1~exp1
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-157.html
	NOTE: https://git.kernel.org/linus/56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d
	NOTE: https://git.kernel.org/linus/5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9
	NOTE: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
	NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
	NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
CVE-2015-8551 (The PCI backend driver in Xen, when running on an x86 system and using ...)
	{DSA-3434-1}
	[experimental] - linux 4.4~rc6-1~exp1
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-157.html
	NOTE: https://git.kernel.org/linus/56441f3c8e5bd45aab10dd9f8c505dd4bec03b0d
	NOTE: https://git.kernel.org/linus/5e0ce1455c09dd61d029b8ad45d82e1ac0b6c4c9
	NOTE: https://git.kernel.org/linus/a396f3a210c3a61e94d6b87ec05a75d0be2a60d0
	NOTE: https://git.kernel.org/linus/7cfb905b9638982862f0331b36ccaaca5d383b49
	NOTE: https://git.kernel.org/linus/408fb0e5aa7fda0059db282ff58c3b2a4278baa0
CVE-2015-8550 (Xen, when used on a system providing PV backends, allows local guest ...)
	{DSA-3519-1 DSA-3471-1 DSA-3434-1 DLA-479-1}
	[experimental] - linux 4.4~rc6-1~exp1
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Xen not supported in Squeeze LTS)
	- qemu 1:2.5+dfsg-2 (bug #809229)
	[wheezy] - qemu <not-affected> (vulnerable code not present)
	[squeeze] - qemu <not-affected> (vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (vulnerable code not present)
	[squeeze] - qemu-kvm <not-affected> (vulnerable code not present)
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Unsupported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-155.html
	NOTE: https://git.kernel.org/linus/454d5d882c7e412b840e3c99010fe81a9862f6fb
	NOTE: https://git.kernel.org/linus/0f589967a73f1f30ab4ac4dd9ce0bb399b4d6357
	NOTE: https://git.kernel.org/linus/68a33bfd8403e4e22847165d149823a2e0e67c9c
	NOTE: https://git.kernel.org/linus/1f13d75ccb806260079e0679d55d9253e370ec8a
	NOTE: https://git.kernel.org/linus/18779149101c0dd43ded43669ae2a92d21b6f9cb
	NOTE: https://git.kernel.org/linus/be69746ec12f35b484707da505c6c76ff06f97dc
	NOTE: https://git.kernel.org/linus/8135cf8b092723dbfcc611fe6fdcb3a36c9951c5
CVE-2015-8549
	RESERVED
CVE-2015-8569 (The (1) pptp_bind and (2) pptp_connect functions in ...)
	{DSA-3434-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/7
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=09ccfd238e5a0e670d8178cf50180ea81ae09ae1 (v4.4-rc6)
	NOTE: pptp_{connect,bind} introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=00959ade36acadc00e757f87060bf6e4501d545f (v2.6.37-rc1)
	NOTE: https://lkml.org/lkml/2015/12/14/252
CVE-2015-8568 (Memory leak in QEMU, when built with a VMWARE VMXNET3 paravirtual NIC ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-3 (bug #808145)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8567 (Memory leak in net/vmxnet3.c in QEMU allows remote attackers to cause ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-3 (bug #808145)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-12/msg02299.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/15/4
CVE-2015-8559 (The knife bootstrap command in chef leaks the validator.pem private ...)
	- chef <unfixed> (bug #809670)
	[stretch] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	[jessie] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	[wheezy] - chef <ignored> (Minor issue; workaround using validatorless bootstrapping)
	NOTE: https://github.com/chef/chef/issues/3871
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/10
	NOTE: Workaround: use validatorless bootstrapping
CVE-2015-8558 (The ehci_process_itd function in hw/usb/hcd-ehci.c in QEMU allows ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-2 (bug #808144)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=156a2e4dbffa85997636a7a39ef12da6f1b40254
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/9
CVE-2015-8557 (The FontManager._get_nix_font_path function in formatters/img.py in ...)
	{DSA-3445-1 DLA-369-1}
	- pygments 2.0.1+dfsg-2 (bug #802828)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1276321
	NOTE: https://bitbucket.org/birkenfeld/pygments-main/commits/0036ab1c99e256298094505e5e92f
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/6
CVE-2015-8548 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8546
	RESERVED
CVE-2015-8545
	RESERVED
CVE-2015-8544 (NetApp SnapDrive for Windows before 7.0.2P4, 7.0.3, and 7.1 before ...)
	NOT-FOR-US: NetApp
CVE-2015-8542 (An issue was discovered in Open-Xchange Guard before 2.2.0-rev8. The ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-8556 (Local privilege escalation vulnerability in the Gentoo QEMU package ...)
	- qemu <not-affected> (Issue specific to virtfs-proxy-helper in Gentoo installed suid)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/14/5
CVE-2015-8785 (The fuse_fill_write_pages function in fs/fuse/file.c in the Linux ...)
	{DSA-3503-1 DLA-412-1}
	- linux 4.3.5-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ca8138f014a913f98e6ef40e939868e1e9ea876 (v4.4-rc5)
	NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ea9b9907b82a09bd1a708004454f7065de77c5b0 (v2.6.26-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1290642
	NOTE: http://www.openwall.com/lists/oss-security/2016/01/24/1
CVE-2015-XXXX [remotely triggerable crash]
	- ruby-eventmachine 1.0.7-1 (bug #678512; bug #696015)
	[jessie] - ruby-eventmachine 1.0.3-6+deb8u1
	[wheezy] - ruby-eventmachine 0.12.10-3+deb7u1
	NOTE: Workaround entry for DLA-549-1 until CVE assigned
	NOTE: https://github.com/eventmachine/eventmachine/issues/501#issuecomment-37307556
CVE-2015-8560 (Incomplete blacklist vulnerability in util.c in foomatic-rip in ...)
	{DSA-3429-1 DSA-3419-1 DLA-371-1}
	- cups-filters 1.4.0-1 (bug #807930)
	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
	- foomatic-filters 4.0.17-7 (bug #807993)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7419
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/13/2
CVE-2015-9097 (The mail gem before 2.5.5 for Ruby (aka A Really Ruby Mail Library) is ...)
	{DLA-489-1}
	- ruby-mail 2.6.1+dfsg1-1
	NOTE: https://github.com/mikel/mail/commit/72befdc4dab3e6e288ce226a7da2aa474cf5be83
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/12/11/3
	NOTE: Fixed in 2.6.0
	NOTE: "Note that, this patch might not be complete ..." https://bugzilla.redhat.com/show_bug.cgi?id=1293598
CVE-2015-8547 (The CoreUserInputHandler::doMode function in ...)
	- quassel 1:0.12.2-3 (bug #807801)
	[jessie] - quassel 1:0.10.0-2.3+deb8u2
	[wheezy] - quassel <not-affected> (Vulnerable code not present)
	[squeeze] - quassel <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/quassel/quassel/commit/b8edbda019eeb99da8663193e224efc9d1265dc7
	NOTE: Support for oping a whole channel with /op * was only added in
	NOTE: https://github.com/quassel/quassel/commit/7ecbc1bf921880f7b03af779de7d9611853a0d46 (0.10-beta1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/12/1
CVE-2015-8541
	RESERVED
CVE-2016-0700 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0699 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0698 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0697 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-0696 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0695 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0694 (Unspecified vulnerability in the DataStore component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0693 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.3 allows ...)
	NOT-FOR-US: Solaris
CVE-2016-0692 (Unspecified vulnerability in the DataStore component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0691 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0690 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0689 (Unspecified vulnerability in the DataStore component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0688 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0687 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0686 (Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77 and ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u91-b14-1
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
CVE-2016-0685 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0684 (Unspecified vulnerability in the Oracle Retail MICROS ARS POS ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-0683 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0682 (Unspecified vulnerability in the DataStore component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (later closed source releases)
CVE-2016-0681 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0680 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
	NOT-FOR-US: Oracle
CVE-2016-0679 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0678 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 5.0.18-dfsg-1
	[jessie] - virtualbox <end-of-life> (DSA-3699-1)
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
CVE-2016-0677 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0676 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2016-0675 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0674 (Unspecified vulnerability in the Siebel Core - Common Components ...)
	NOT-FOR-US: Siebel
CVE-2016-0673 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Siebel
CVE-2016-0672 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2016-0671 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0670
	REJECTED
CVE-2016-0669 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows local ...)
	NOT-FOR-US: Solaris
CVE-2016-0668 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...)
	{DSA-3595-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0667 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0666 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0665 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0664
	REJECTED
CVE-2016-0663 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0662 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0661 (Unspecified vulnerability in Oracle MySQL 5.6.28 and earlier and ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0660
	REJECTED
CVE-2016-0659 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0658 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0657 (Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0656 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0655 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and ...)
	{DSA-3595-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and MySQL 5.7)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0654 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0653 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0652 (Unspecified vulnerability in Oracle MySQL 5.7.10 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0651 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier allows ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.47-0+deb8u1
	[wheezy] - mysql-5.5 5.5.47-0+deb7u1
	- mariadb-10.0 10.0.23-1
	[jessie] - mariadb-10.0 10.0.23-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0650 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0649 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0648 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0647 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0646 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0645
	REJECTED
CVE-2016-0644 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0643 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.25-1 (bug #823325)
	NOTE: Fixed in MariaDB 10.0.25
	NOTE: https://mariadb.com/kb/en/mariadb/mariadb-10025-release-notes/
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0642 (Unspecified vulnerability in Oracle MySQL 5.5.48 and earlier, 5.6.29 ...)
	{DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.23-1
	[jessie] - mariadb-10.0 10.0.23-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0641 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0640 (Unspecified vulnerability in Oracle MySQL 5.5.47 and earlier, 5.6.28 ...)
	{DSA-3595-1 DSA-3557-1 DLA-447-1}
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <removed> (bug #821100)
	- mariadb-10.0 10.0.24-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0639 (Unspecified vulnerability in Oracle MySQL 5.6.29 and earlier and ...)
	- mysql-5.6 5.6.30-1 (bug #821094)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6 and 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2016-2881694.html
CVE-2016-0638 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0637
	REJECTED
CVE-2016-0636 (Unspecified vulnerability in Oracle Java SE 7u97, 8u73, and 8u74 ...)
	{DSA-3558-1 DLA-451-1}
	- openjdk-8 8u77-b03-1
	[experimental] - openjdk-7 7u95-2.6.4-3
	- openjdk-7 <removed>
	- openjdk-6 <removed>
	[wheezy] - openjdk-6 <end-of-life> (Not supported in Wheezy LTS)
	NOTE: http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0636-2949497.html
	NOTE: https://blogs.oracle.com/security/entry/security_alert_cve_2016_0636
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/c44179bce874
CVE-2016-0635 (Unspecified vulnerability in the Enterprise Manager Ops Center ...)
	NOT-FOR-US: MySQL Enterprise Monitor
CVE-2016-0634 (The expansion of '\h' in the prompt string in bash 4.3 allows remote ...)
	- bash 4.4-1 (unimportant)
	[jessie] - bash 4.3-11+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2016/09/16/8
	NOTE: https://bugs.launchpad.net/ubuntu/+source/bash/+bug/1507025
	NOTE: Fixed bin Bash upstream bash-4.4
	NOTE: This doesn't cross any reasonable security boundaries, an attacker with the
	NOTE: ability to modify the hostname in an arbitrary manner is in the position to
	NOTE: exploit various other system components anyway
	NOTE: Fixed by (4.3): https://ftp.gnu.org/pub/gnu/bash/bash-4.3-patches/bash43-047
CVE-2016-0633
	REJECTED
CVE-2016-0632
	REJECTED
CVE-2016-0631
	REJECTED
CVE-2016-0630
	REJECTED
CVE-2016-0629
	REJECTED
CVE-2016-0628
	REJECTED
CVE-2016-0627
	REJECTED
CVE-2016-0626
	REJECTED
CVE-2016-0625
	REJECTED
CVE-2016-0624
	REJECTED
CVE-2016-0623 (Unspecified vulnerability in Oracle Sun Solaris 11.3 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2016-0622
	REJECTED
CVE-2016-0621
	REJECTED
CVE-2016-0620
	REJECTED
CVE-2016-0619
	REJECTED
CVE-2016-0618 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2016-0617 (Unspecified vulnerability in the kernel-uek component in Oracle Linux ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced later)
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by: https://git.kernel.org/linus/1bfad99ab42569807d0ca1698449cae5e8c0334a (v4.3-rc1)
	NOTE: Fixed by: https://git.kernel.org/linus/9aacdd354d197ad64685941b36d28ea20ab88757 (v4.5-rc1)
CVE-2016-0616 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0615
	REJECTED
CVE-2016-0614 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0613
	REJECTED
CVE-2016-0612
	REJECTED
CVE-2016-0611 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0610 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0609 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0608 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0607 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0606 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0605 (Unspecified vulnerability in Oracle MySQL 5.6.26 and earlier allows ...)
	- mysql-5.6 5.6.27-1
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0604
	REJECTED
CVE-2016-0603 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
	- openjdk-8 <not-affected> (Java on Windows)
	- openjdk-7 <not-affected> (Java on Windows)
	- openjdk-6 <not-affected> (Java on Windows)
CVE-2016-0602 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox <not-affected> (VirtualBox Windows Installer component)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0601 (Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0600 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0599 (Unspecified vulnerability in Oracle MySQL 5.7.9 allows remote ...)
	- mysql-5.6 <not-affected> (Only affects MySQL 5.7)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.7)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0598 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0597 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0596 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier and ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0595 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier allows ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0594 (Unspecified vulnerability in Oracle MySQL 5.6.21 and earlier allows ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0593
	REJECTED
CVE-2016-0592 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3454-1}
	- virtualbox 5.0.14-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0591 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-0590 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Order ...)
	NOT-FOR-US: Oracle
CVE-2016-0589 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-0588 (Unspecified vulnerability in the Oracle General Ledger component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0587 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2016-0586 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-0585 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-0584 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0583 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0582 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0581 (Unspecified vulnerability in the Oracle Approvals Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-0580 (Unspecified vulnerability in the Oracle Report Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0579 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0578 (Unspecified vulnerability in the Oracle CRM Technology Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0577 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0576 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-0575 (Unspecified vulnerability in the Oracle Learning Management component ...)
	NOT-FOR-US: Oracle
CVE-2016-0574 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0573 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0572 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0571 (Unspecified vulnerability in the Oracle Balanced Scorecard component ...)
	NOT-FOR-US: Oracle
CVE-2016-0570 (Unspecified vulnerability in the Oracle HCM Configuration Workbench ...)
	NOT-FOR-US: Oracle
CVE-2016-0569 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0568 (Unspecified vulnerability in the Oracle Email Center component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0567 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0566 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0565 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0564 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0563 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0562 (Unspecified vulnerability in the Oracle Common Applications component ...)
	NOT-FOR-US: Oracle
CVE-2016-0561 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0560 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0559 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0558 (Unspecified vulnerability in the Oracle Service Contracts component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0557 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-0556 (Unspecified vulnerability in the Oracle Advanced Collections component ...)
	NOT-FOR-US: Oracle
CVE-2016-0555 (Unspecified vulnerability in the Oracle CADView-3D component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0554 (Unspecified vulnerability in the Oracle Interaction Center ...)
	NOT-FOR-US: Oracle
CVE-2016-0553 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0552 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0551 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0550 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0549 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0548 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0547 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0546 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0545 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0544 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0543 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0542 (Unspecified vulnerability in the Oracle Field Service component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0541 (Unspecified vulnerability in the Oracle Configurator component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0540 (Unspecified vulnerability in the Oracle Configurator component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0539 (Unspecified vulnerability in the Oracle Report Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0538 (Unspecified vulnerability in the Oracle Financial Consolidation Hub ...)
	NOT-FOR-US: Oracle
CVE-2016-0537 (Unspecified vulnerability in the Oracle Human Resources component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0536 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0535 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
	NOT-FOR-US: Oracle
CVE-2016-0534 (Unspecified vulnerability in the Oracle Project Contracts component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0533 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0532 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0531 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2016-0530 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-0529 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-0528 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-0527 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2016-0526 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0525 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0524 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle
CVE-2016-0523 (Unspecified vulnerability in the Oracle Interaction Blending component ...)
	NOT-FOR-US: Oracle
CVE-2016-0522 (Unspecified vulnerability in the Oracle Retail Open Commerce Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0521 (Unspecified vulnerability in the Oracle iProcurement component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0520 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2016-0519 (Unspecified vulnerability in the Oracle iReceivables component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0518 (Unspecified vulnerability in the Oracle Human Resources component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0517 (Unspecified vulnerability in the Oracle Human Resources component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0516 (Unspecified vulnerability in the Oracle Quality component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0515 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0514 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0513 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle
CVE-2016-0512 (Unspecified vulnerability in the Oracle Human Resources component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0511 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0510 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0509 (Unspecified vulnerability in the Oracle Internet Expenses component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0508 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0507 (Unspecified vulnerability in the Oracle iReceivables component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0506 (Unspecified vulnerability in the Oracle Retail Order Management System ...)
	NOT-FOR-US: Oracle
CVE-2016-0505 (Unspecified vulnerability in Oracle MySQL 5.5.46 and earlier, 5.6.27 ...)
	{DSA-3459-1 DSA-3453-1 DLA-409-1}
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <removed> (bug #811428)
	- mariadb-10.0 10.0.23-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0504 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0503 (Unspecified vulnerability in Oracle MySQL 5.6.27 and earlier and 5.7.9 ...)
	- mysql-5.6 5.6.28-1 (bug #811443)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0502 (Unspecified vulnerability in Oracle MySQL 5.5.31 and earlier and ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 5.5.33+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before the initial release in Debian, 10.0.4)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2016-0501 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle
CVE-2016-0500 (Unspecified vulnerability in the Oracle Retail Order Broker Cloud ...)
	NOT-FOR-US: Oracle
CVE-2016-0499 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2016-0498 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle
CVE-2016-0497 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle
CVE-2016-0496 (Unspecified vulnerability in the MICROS CWDirect component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0495 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3454-1}
	- virtualbox 5.0.14-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2016-0494 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
	{DSA-3725-1 DSA-3465-1 DSA-3458-1 DLA-545-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
	NOTE: Upstream commit for OpenJDK: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/f556d4c82ef1
	- icu 57.1-4
	NOTE: ICU not directly affected by CVE-2016-0494 itself since original patch for
	NOTE: CVE-2015-4844 was not yet applied. CVE-2016-0494 was introduced as part of
	NOTE: the CVE-2015-4844 fix. To avoid confusion with the DSA text in DSA-3725-1
	NOTE: threat this CVE separately as affected src:icu despite beeing for the
	NOTE: incomplete fix for CVE-2015-4844
CVE-2016-0493 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0492 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0491 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0490 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0489 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0488 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0487 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0486 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0485 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0484 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0483 (Unspecified vulnerability in Oracle Java SE 6u105, 7u91, and 8u66; ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299441#c2
CVE-2016-0482 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0481 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0480 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0479 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0478 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0477 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0476 (Unspecified vulnerability in the Oracle Application Testing Suite ...)
	NOT-FOR-US: Oracle
CVE-2016-0475 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
	- openjdk-8 8u72-b15-1
CVE-2016-0474 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0473 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0472 (Unspecified vulnerability in the XDB - XML Database component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0471 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0470 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0469 (Unspecified vulnerability in the Oracle Retail MICROS C2 component in ...)
	NOT-FOR-US: Oracle Retail
CVE-2016-0468 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2016-0467 (Unspecified vulnerability in the Security component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2016-0466 (Unspecified vulnerability in the Java SE, Java SE Embedded, and ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <unfixed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299385#c4
CVE-2016-0465 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0464 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0463 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0462 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0461 (Unspecified vulnerability in the XDB - XML Database component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0459 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2016-0458 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0457 (Unspecified vulnerability in the Application Mgmt Pack for E-Business ...)
	NOT-FOR-US: Oracle
CVE-2016-0456 (Unspecified vulnerability in the Application Mgmt Pack for E-Business ...)
	NOT-FOR-US: Oracle
CVE-2016-0455 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0454 (Unspecified vulnerability in the Oracle Mobile Application Servlet ...)
	NOT-FOR-US: Oracle
CVE-2016-0453 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-0452 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0451 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0450 (Unspecified vulnerability in the Oracle GoldenGate component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0449 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0448 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1299385#c4
CVE-2016-0447 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0446 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0445 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0444 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0443 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0442 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0441 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2016-0440 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2016-0439 (Unspecified vulnerability in the Web Cache component in Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2016-0438 (Unspecified vulnerability in the Oracle Retail Point-of-Service ...)
	NOT-FOR-US: Oracle
CVE-2016-0437 (Unspecified vulnerability in the Oracle Retail Point-of-Service ...)
	NOT-FOR-US: Oracle
CVE-2016-0436 (Unspecified vulnerability in the Oracle Retail Point-of-Service ...)
	NOT-FOR-US: Oracle
CVE-2016-0435 (Unspecified vulnerability in the Oracle Retail Point-of-Service ...)
	NOT-FOR-US: Oracle
CVE-2016-0434 (Unspecified vulnerability in the Oracle Retail Point-of-Service ...)
	NOT-FOR-US: Oracle
CVE-2016-0433 (Unspecified vulnerability in the Web Cache component in Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2016-0432 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2016-0431 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0430 (Unspecified vulnerability in the Web Cache component in Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2016-0429 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle
CVE-2016-0428 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0427 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0426 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0425 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2016-0424 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2016-0423 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2016-0422 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2016-0421 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2016-0420 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2016-0419 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0418 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0417 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0416 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2016-0415 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0413 (Unspecified vulnerability in the Oracle Identity Federation component ...)
	NOT-FOR-US: Oracle
CVE-2016-0412 (Unspecified vulnerability in the PeopleSoft Enterprise SCM ...)
	NOT-FOR-US: Oracle
CVE-2016-0411 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2016-0410
	REJECTED
CVE-2016-0409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Global ...)
	NOT-FOR-US: Oracle
CVE-2016-0408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2016-0407 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle
	NOT-FOR-US: PeopleSoft
CVE-2016-0406 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2016-0405 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2016-0404 (Unspecified vulnerability in the Oracle Identity Federation component ...)
	NOT-FOR-US: Oracle
CVE-2016-0403 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2016-0402 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
	{DSA-3465-1 DSA-3458-1 DLA-410-1}
	- openjdk-8 8u72-b15-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298957#c2
CVE-2016-0401 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle
CVE-2015-8536
	RESERVED
CVE-2015-8535
	RESERVED
CVE-2015-8534
	RESERVED
CVE-2015-8540 (Integer underflow in the png_check_keyword function in pngwutil.c in ...)
	{DSA-3443-1 DLA-375-1}
	- libpng <removed> (bug #807694)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/10/6
	NOTE: https://sourceforge.net/p/libpng/bugs/244/
	NOTE: http://sourceforge.net/p/libpng/code/ci/d9006f683c641793252d92254a75ae9b815b42ed/
	NOTE: Fixed in 1.0.66, 1.2.56, 1.4.19, and 1.5.26
CVE-2015-8543 (The networking implementation in the Linux kernel through 4.3.3, as ...)
	{DLA-378-1}
	- linux 4.3.3-1
	[jessie] - linux 3.16.7-ckt20-1+deb8u1
	[wheezy] - linux 3.2.73-2+deb7u2
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/3
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=79462ad02e861803b3840cc782248c7359451cd9 (v4.4-rc6)
CVE-2015-8539 (The KEYS subsystem in the Linux kernel before 4.4 allows local users ...)
	- linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=096fe9eaea40a17e125569f9e657e34cdb6d73bd (v4.4-rc3)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=146aa8b1453bd8f1ff2304ffb71b4ee0eb9acdcc (v4.4-rc1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1284450
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/1
CVE-2016-0400 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0399 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2016-0398 (IBM Cognos Analytics (CA) 11.0 before 11.0.2 allows remote attackers ...)
	NOT-FOR-US: IBM
CVE-2016-0397 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) ...)
	NOT-FOR-US: IBM
CVE-2016-0396 (IBM Tivoli Endpoint Manager could allow a user under special ...)
	NOT-FOR-US: IBM
CVE-2016-0395
	RESERVED
CVE-2016-0394 (IBM Integration Bus and WebSphere Message broker sets incorrect ...)
	NOT-FOR-US: IBM
CVE-2016-0393 (IBM Maximo Asset Management 7.5 before 7.5.0.10-TIV-MBS-IFIX002 and ...)
	NOT-FOR-US: IBM
CVE-2016-0392 (IBM General Parallel File System (GPFS) in GPFS Storage Server 2.0.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0391 (The IBM Watson Developer Cloud services on Bluemix platforms do not ...)
	NOT-FOR-US: IBM
CVE-2016-0390 (Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One ...)
	NOT-FOR-US: IBM
CVE-2016-0389 (Admin Center in IBM WebSphere Application Server (WAS) 8.5.5.2 through ...)
	NOT-FOR-US: IBM
CVE-2016-0388
	RESERVED
CVE-2016-0387 (Cross-site scripting (XSS) vulnerability in IBM TRIRIGA Application ...)
	NOT-FOR-US: IBM
CVE-2016-0386 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...)
	NOT-FOR-US: IBM
CVE-2016-0385 (Buffer overflow in IBM WebSphere Application Server (WAS) 7.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-0384
	RESERVED
CVE-2016-0383
	RESERVED
CVE-2016-0382 (The IBM Tealeaf Consumer Experience 8.7, 8.8, and 9.0 portal exposes ...)
	NOT-FOR-US: IBM
CVE-2016-0381 (IBM Cognos TM1 10.2.2 before FP5, when the host/pmhub/pm/admin ...)
	NOT-FOR-US: IBM
CVE-2016-0380 (IBM Sterling Connect:Direct for Unix 4.1.0 before 4.1.0.4 iFix073 and ...)
	NOT-FOR-US: IBM
CVE-2016-0379 (IBM WebSphere MQ 7.5 before 7.5.0.7 and 8.0 before 8.0.0.5 mishandles ...)
	NOT-FOR-US: IBM
CVE-2016-0378 (IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3, when ...)
	NOT-FOR-US: IBM
CVE-2016-0377 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM
CVE-2016-0376 (The com.ibm.rmi.io.SunSerializableFactory class in IBM SDK, Java ...)
	NOT-FOR-US: IBM
CVE-2016-0375 (JMS Client in IBM MessageSight 1.1.x through 1.1.0.1, 1.2.x through ...)
	NOT-FOR-US: IBM
CVE-2016-0374 (The builder tools in IBM TRIRIGA Application Platform 3.3 before ...)
	NOT-FOR-US: IBM
CVE-2016-0373
	RESERVED
CVE-2016-0372 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
	NOT-FOR-US: IBM
CVE-2016-0371 (The Tivoli Storage Manager (TSM) password may be displayed in plain ...)
	NOT-FOR-US: IBM
CVE-2016-0370 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
	NOT-FOR-US: IBM
CVE-2016-0369 (XML external entity (XXE) vulnerability in IBM Forms Experience ...)
	NOT-FOR-US: IBM Forms Experience Builder
CVE-2016-0368
	RESERVED
CVE-2016-0367 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0366 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0365 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
	NOT-FOR-US: IBM
CVE-2016-0364 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
	NOT-FOR-US: IBM
CVE-2016-0363 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM SDK, Java ...)
	NOT-FOR-US: IBM JDK
CVE-2016-0362 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM
CVE-2016-0361 (IBM General Parallel File System (GPFS) 3.5 before 3.5.0.29 efix 6 and ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2016-0360 (IBM Websphere MQ JMS 7.0.1, 7.1, 7.5, 8.0, and 9.0 client provides ...)
	NOT-FOR-US: IBM
CVE-2016-0359 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM
CVE-2016-0358 (IBM Sametime 8.5.2 and 9.0 could allow an unauthorized authenticated ...)
	NOT-FOR-US: IBM
CVE-2016-0357 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0356 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-0355 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-0354 (IBM Sametime Enterprise Meeting Server 8.5.2 and 9.0 could allow an ...)
	NOT-FOR-US: IBM
CVE-2016-0353 (IBM Security Privileged Identity Manager 2.0 before 2.0.2 FP8, when ...)
	NOT-FOR-US: IBM
CVE-2016-0352
	RESERVED
CVE-2016-0351 (IBM Security Identity Manager Virtual Appliance 7.0.x before ...)
	NOT-FOR-US: IBM Security Identity Manager Virtual Appliance
CVE-2016-0350 (Cross-site scripting (XSS) vulnerability in the Report Builder and ...)
	NOT-FOR-US: IBM
CVE-2016-0349 (IBM Business Process Manager 8.5.6 through 8.5.6.2 and 8.5.7 before ...)
	NOT-FOR-US: IBM
CVE-2016-0348 (Cross-site request forgery (CSRF) vulnerability in IBM TRIRIGA ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0347
	RESERVED
CVE-2016-0346 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
	NOT-FOR-US: IBM
CVE-2016-0345 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0344 (Cross-site scripting (XSS) vulnerability in the My Reports component ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0343 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0342 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0341 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
	NOT-FOR-US: IBM
CVE-2016-0340 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0339 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0338 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0337
	RESERVED
CVE-2016-0336 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0335 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0334
	RESERVED
CVE-2016-0333
	RESERVED
CVE-2016-0332 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0331 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
	NOT-FOR-US: IBM
CVE-2016-0330 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM
CVE-2016-0329 (Open redirect vulnerability in IBM Emptoris Sourcing 10.0.0.x before ...)
	NOT-FOR-US: IBM
CVE-2016-0328 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
	NOT-FOR-US: IBM
CVE-2016-0327 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0326 (IBM Rational Quality Manager (RQM) and Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0325 (IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, ...)
	NOT-FOR-US: IBM
CVE-2016-0324 (IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through ...)
	NOT-FOR-US: IBM Security Identity Manager
CVE-2016-0323 (The Auto-Scaling agent in Liberty for Java in IBM Bluemix before ...)
	NOT-FOR-US: IBM
CVE-2016-0322 (Cross-site scripting (XSS) vulnerability in IBM Connections 4.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0321 (IBM Personal Communications (aka PCOMM) 6.x before 6.0.17 and 12.x ...)
	NOT-FOR-US: IBM
CVE-2016-0320 (IBM UrbanCode Deploy could allow an authenticated user to modify Ucd ...)
	NOT-FOR-US: IBM
CVE-2016-0319 (The XML parser in Lifecycle Query Engine (LQE) in IBM Jazz Reporting ...)
	NOT-FOR-US: IBM
CVE-2016-0318 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and ...)
	NOT-FOR-US: IBM
CVE-2016-0317 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service 6.0 and ...)
	NOT-FOR-US: IBM
CVE-2016-0316 (Cross-site scripting (XSS) vulnerability in Lifecycle Query Engine ...)
	NOT-FOR-US: IBM
CVE-2016-0315 (The Report Builder and Data Collection Component (DCC) in IBM Jazz ...)
	NOT-FOR-US: IBM
CVE-2016-0314 (The Report Builder and Data Collection Component (DCC) in IBM Jazz ...)
	NOT-FOR-US: IBM
CVE-2016-0313 (Cross-site scripting (XSS) vulnerability in the Report Builder and ...)
	NOT-FOR-US: IBM
CVE-2016-0312 (IBM TRIRIGA Application Platform before 3.3.2 allows remote attackers ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0311 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2016-0310 (IBM Connections 5.5 and earlier is vulnerable to possible host header ...)
	NOT-FOR-US: IBM
CVE-2016-0309
	RESERVED
CVE-2016-0308 (IBM Connections 5.5 and earlier is vulnerable to possible link ...)
	NOT-FOR-US: IBM
CVE-2016-0307 (IBM Connections 5.5 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: IBM
CVE-2016-0306 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.41, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2016-0305 (IBM Connections is vulnerable to cross-site scripting, caused by ...)
	NOT-FOR-US: IBM
CVE-2016-0304 (The Java Console in IBM Domino 8.5.x before 8.5.3 FP6 IF13 and 9.x ...)
	NOT-FOR-US: IBM
CVE-2016-0303 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2016-0302
	RESERVED
CVE-2016-0301 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
	NOT-FOR-US: IBM
CVE-2016-0300 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2016-0299 (IBM TRIRIGA Application Platform 3.3 before 3.3.2.6, 3.4 before ...)
	NOT-FOR-US: IBM
CVE-2016-0298 (Directory traversal vulnerability in IBM Security Guardium Database ...)
	NOT-FOR-US: IBM
CVE-2016-0297 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) could ...)
	NOT-FOR-US: IBM
CVE-2016-0296 (IBM Tivoli Endpoint Manager - Mobile Device Management (MDM) stores ...)
	NOT-FOR-US: IBM
CVE-2016-0295 (Cross-site request forgery (CSRF) vulnerability in the IBM BigFix ...)
	NOT-FOR-US: IBM
CVE-2016-0294
	RESERVED
CVE-2016-0293 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform ...)
	NOT-FOR-US: IBM
CVE-2016-0292 (WebReports in IBM BigFix Platform (formerly Tivoli Endpoint Manager) ...)
	NOT-FOR-US: IBM
CVE-2016-0291 (IBM BigFix Platform 9.0, 9.1 before 9.1.8, and 9.2 before 9.2.8 allow ...)
	NOT-FOR-US: IBM
CVE-2016-0290
	RESERVED
CVE-2016-0289 (shiprec.xml in the SHIPREC application in IBM Maximo Asset Management ...)
	NOT-FOR-US: IBM
CVE-2016-0288 (IBM Security AppScan Standard 8.7.x, 8.8.x, and 9.x before 9.0.3.2 and ...)
	NOT-FOR-US: IBM
CVE-2016-0287 (IBM i Access 7.1 on Windows allows local users to discover registry ...)
	NOT-FOR-US: IBM
CVE-2016-0286 (IBM Tivoli Business Service Manager 6.1.0 before 6.1.0-TIV-BSM-FP0004 ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2016-0285 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0284 (The XML parser in IBM Rational Collaborative Lifecycle Management ...)
	NOT-FOR-US: IBM
CVE-2016-0283 (Cross-site scripting (XSS) vulnerability in the OpenID Connect (OIDC) ...)
	NOT-FOR-US: IBM
CVE-2016-0282 (Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 ...)
	NOT-FOR-US: IBM
CVE-2016-0281 (The mustendd driver in IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x, ...)
	NOT-FOR-US: IBM
CVE-2016-0280 (Cross-site scripting (XSS) vulnerability in IBM Information Server ...)
	NOT-FOR-US: IBM
CVE-2016-0279 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
	NOT-FOR-US: IBM
CVE-2016-0278 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
	NOT-FOR-US: IBM
CVE-2016-0277 (Heap-based buffer overflow in the KeyView PDF filter in IBM Domino ...)
	NOT-FOR-US: IBM
CVE-2016-0276 (IBM Financial Transaction Manager (FTM) for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0275 (IBM Financial Transaction Manager (FTM) for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0274 (IBM Financial Transaction Manager (FTM) for ACH Services for ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0273 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2016-0272 (Cross-site request forgery (CSRF) vulnerability in IBM Financial ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0271 (The agents in IBM UrbanCode Deploy 6.x before 6.0.1.14, 6.1.x before ...)
	NOT-FOR-US: IBM
CVE-2016-0270 (IBM Domino 9.0.1 Fix Pack 3 Interim Fix 2 through 9.0.1 Fix Pack 5 ...)
	NOT-FOR-US: IBM
CVE-2016-0269 (Cross-site scripting (XSS) vulnerability in IBM BigFix Platform 9.x ...)
	NOT-FOR-US: IBM
CVE-2016-0268 (XML external entity (XXE) vulnerability in IBM Financial Transaction ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0267 (IBM UrbanCode Deploy 6.0.x before 6.0.1.13, 6.1.x before 6.1.3.3, and ...)
	NOT-FOR-US: IBM
CVE-2016-0266 (IBM AIX 5.3, 6.1, 7.1, and 7.2 and VIOS 2.2.x do not default to the ...)
	NOT-FOR-US: IBM
CVE-2016-0265 (IBM Campaign is vulnerable to cross-site scripting, caused by improper ...)
	NOT-FOR-US: IBM
CVE-2016-0264 (Buffer overflow in the Java Virtual Machine (JVM) in IBM SDK, Java ...)
	NOT-FOR-US: IBM JDK
CVE-2016-0263 (IBM Spectrum Scale 4.1 before 4.1.1.5 and 4.2 before 4.2.0.2 and ...)
	NOT-FOR-US: IBM
CVE-2016-0262 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2016-0261 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
	NOT-FOR-US: IBM
CVE-2016-0260 (Memory leak in queue-manager agents in IBM WebSphere MQ 8.x before ...)
	NOT-FOR-US: IBM
CVE-2016-0259 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2016-0258
	RESERVED
CVE-2016-0257
	RESERVED
CVE-2016-0256
	RESERVED
CVE-2016-0255 (IBM Marketing Platform 9.1 and 10.0 is vulnerable to stored cross-site ...)
	NOT-FOR-US: IBM
CVE-2016-0254 (IBM Cognos Business Intelligence 10.1 and 10.2 is vulnerable to a ...)
	NOT-FOR-US: IBM
CVE-2016-0253 (Cross-site scripting (XSS) vulnerability in IBM Financial Transaction ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2016-0252 (IBM Control Center 6.x before 6.0.0.1 iFix06 and Sterling Control ...)
	NOT-FOR-US: IBM
CVE-2016-0251
	RESERVED
CVE-2016-0250 (XML external entity (XXE) vulnerability in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM
CVE-2016-0249 (SQL injection vulnerability in IBM Security Guardium Database Activity ...)
	NOT-FOR-US: IBM
CVE-2016-0248 (IBM Security Guardium 9.0 before p700 and 10.0 before p100 allows ...)
	NOT-FOR-US: IBM
CVE-2016-0247 (IBM Security Guardium 8.2 before p310, 9.x through 9.5 before p700, ...)
	NOT-FOR-US: IBM
CVE-2016-0246 (Cross-site scripting (XSS) vulnerability in IBM Security Guardium 8.2 ...)
	NOT-FOR-US: IBM
CVE-2016-0245 (The XML parser in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and ...)
	NOT-FOR-US: IBM
CVE-2016-0244 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM
CVE-2016-0243 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM
CVE-2016-0242 (IBM Security Guardium 10.x through 10.1 before p100 allows remote ...)
	NOT-FOR-US: IBM
CVE-2016-0241 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
	NOT-FOR-US: IBM
CVE-2016-0240 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
	NOT-FOR-US: IBM
CVE-2016-0239 (IBM Security Guardium Database Activity Monitor 9.x through 9.5 before ...)
	NOT-FOR-US: IBM
CVE-2016-0238 (IBM Security Guardium 9.0, 9.1, 9.5, 10.0, and 10.1 transmits ...)
	NOT-FOR-US: IBM
CVE-2016-0237 (IBM Security Guardium Database Activity Monitor 10 allows local users ...)
	NOT-FOR-US: IBM
CVE-2016-0236 (IBM Security Guardium Database Activity Monitor 8.2 before p310, 9.x ...)
	NOT-FOR-US: IBM
CVE-2016-0235 (IBM Security Guardium Database Activity Monitor 10 allows local users ...)
	NOT-FOR-US: IBM
CVE-2016-0234
	RESERVED
CVE-2016-0233 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, ...)
	NOT-FOR-US: IBM
CVE-2016-0232 (IBM Financial Transaction Manager (FTM) for ACH Services, Check ...)
	NOT-FOR-US: IBM
CVE-2016-0231 (IBM Financial Transaction Manager (FTM) for ACH Services, Check ...)
	NOT-FOR-US: IBM
CVE-2016-0230 (IBM Power Hardware Management Console (HMC) 7.3 through 7.3.0 SP7, 7.9 ...)
	NOT-FOR-US: IBM
CVE-2016-0229 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform ...)
	NOT-FOR-US: IBM
CVE-2016-0228 (IBM Marketing Platform 10.0 could allow a remote attacker to conduct ...)
	NOT-FOR-US: IBM
CVE-2016-0227 (Cross-site scripting (XSS) vulnerability in the document-list control ...)
	NOT-FOR-US: IBM
CVE-2016-0226 (The client implementation in IBM Informix Dynamic Server 11.70.xCn on ...)
	NOT-FOR-US: IBM
CVE-2016-0225 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 ...)
	NOT-FOR-US: IBM
CVE-2016-0224 (SQL injection vulnerability in IBM Marketing Platform 8.5.x, 8.6.x, ...)
	NOT-FOR-US: IBM
CVE-2016-0223 (Cross-site scripting (XSS) vulnerability in the Webform Framework API ...)
	NOT-FOR-US: IBM Forms Server
CVE-2016-0222 (IBM Maximo Asset Management 7.6 before 7.6.0.3 IFIX001 allows remote ...)
	NOT-FOR-US: IBM
CVE-2016-0221 (Cross-site scripting (XSS) vulnerability in IBM Cognos TM1, as used in ...)
	NOT-FOR-US: IBM
CVE-2016-0220
	RESERVED
CVE-2016-0219 (XML external entity (XXE) vulnerability in IBM Rational Team Concert ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2016-0218 (IBM Cognos Business Intelligence and IBM Cognos Analytics are ...)
	NOT-FOR-US: IBM
CVE-2016-0217 (IBM Cognos Business Intelligence and IBM Cognos Analytics are ...)
	NOT-FOR-US: IBM
CVE-2016-0216 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0215 (IBM DB2 9.7, 10.1 before FP6, and 10.5 before FP8 on AIX, Linux, HP, ...)
	NOT-FOR-US: IBM DB2
CVE-2016-0214 (IBM Tivoli Endpoint Manager could allow a remote attacker to upload ...)
	NOT-FOR-US: IBM
CVE-2016-0213 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0212 (Stack-based buffer overflow in IBM Tivoli Storage Manager FastBack 5.5 ...)
	NOT-FOR-US: IBM
CVE-2016-0211 (IBM DB2 9.7 through FP11, 9.8, 10.1 through FP5, and 10.5 through FP7 ...)
	NOT-FOR-US: IBM
CVE-2016-0210 (IBM Sterling B2B Integrator Standard Edition could allow a remote ...)
	NOT-FOR-US: IBM
CVE-2016-0209 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM
CVE-2016-0208 (IBM WebSphere Commerce 6.x through 6.0.0.11, 7.x through 7.0.0.9, and ...)
	NOT-FOR-US: IBM
CVE-2016-0207 (IBM Algorithmics One-Algo Risk Application (ARA) 4.9.1 through 5.1.0 ...)
	NOT-FOR-US: IBM Algorithmics One-Algo Risk Application
CVE-2016-0206 (IBM Cloud Orchestrator could allow a local authenticated attacker to ...)
	NOT-FOR-US: IBM
CVE-2016-0205
	RESERVED
CVE-2016-0204 (Open redirect vulnerability in IBM Cloud Orchestrator 2.4.x before ...)
	NOT-FOR-US: IBM
CVE-2016-0203 (A vulnerability has been identified in the IBM Cloud Orchestrator task ...)
	NOT-FOR-US: IBM
CVE-2016-0202 (A vulnerability has been identified in tasks, backend object generated ...)
	NOT-FOR-US: IBM
CVE-2016-0201 (GSKit in IBM Security Network Protection 5.3.1 before 5.3.1.7 and ...)
	NOT-FOR-US: IBM
CVE-2015-8538 (dwarf_leb.c in libdwarf allows attackers to cause a denial of service ...)
	{DLA-669-1}
	- dwarfutils 20160507-1 (bug #807817)
	[jessie] - dwarfutils 20120410-2+deb8u1
	[squeeze] - dwarfutils <not-affected> (No segfault with provided test case)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1289385
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/09/2
	NOTE: http://sourceforge.net/p/libdwarf/code/ci/da724a0bc5eec8e9ec0b0cb0c238a80e34466459/
CVE-2015-8533
	REJECTED
CVE-2015-8532
	REJECTED
CVE-2015-8531 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
	NOT-FOR-US: IBM
CVE-2015-8530 (Stack-based buffer overflow in the Initialize function in an ActiveX ...)
	NOT-FOR-US: IBM
CVE-2015-8529
	RESERVED
CVE-2015-8528
	REJECTED
CVE-2015-8527
	REJECTED
CVE-2015-8526
	REJECTED
CVE-2015-8525
	REJECTED
CVE-2015-8524 (Cross-site scripting (XSS) vulnerability in Process Portal in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-8523 (The server in IBM Tivoli Storage Manager FastBack 5.5.x and 6.x before ...)
	NOT-FOR-US: IBM
CVE-2015-8522 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
	NOT-FOR-US: IBM
CVE-2015-8521 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
	NOT-FOR-US: IBM
CVE-2015-8520 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
	NOT-FOR-US: IBM
CVE-2015-8519 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
	NOT-FOR-US: IBM
CVE-2015-8518
	RESERVED
CVE-2015-8517
	REJECTED
CVE-2015-8516
	REJECTED
CVE-2015-8515
	REJECTED
CVE-2015-8514
	REJECTED
CVE-2015-8513
	REJECTED
CVE-2015-8512 (The lockscreen feature in Mozilla Firefox OS before 2.5 does not ...)
	NOT-FOR-US: Firefox OS
CVE-2015-8511 (Race condition in the lockscreen feature in Mozilla Firefox OS before ...)
	NOT-FOR-US: Firefox OS
CVE-2015-8510 (Cross-site scripting (XSS) vulnerability in the internationalization ...)
	NOT-FOR-US: Firefox OS
CVE-2015-8509 (Template.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and ...)
	- bugzilla4 <itp> (bug #669643)
CVE-2015-8508 (Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in ...)
	- bugzilla4 <itp> (bug #669643)
CVE-2015-8507 (mediaserver in Android 6.0 before 2015-12-01 allows remote attackers ...)
	- android <itp> (bug #459219)
CVE-2015-8506 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
	- android <itp> (bug #459219)
CVE-2015-8505 (mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to ...)
	- android <itp> (bug #459219)
CVE-2015-8503
	RESERVED
CVE-2015-8502
	REJECTED
CVE-2015-8501
	REJECTED
CVE-2015-8500
	REJECTED
CVE-2015-8499
	REJECTED
CVE-2015-8498
	REJECTED
CVE-2015-8497
	REJECTED
CVE-2015-8496
	REJECTED
CVE-2015-8495
	REJECTED
CVE-2015-8494
	REJECTED
CVE-2015-8493
	REJECTED
CVE-2015-8492
	REJECTED
CVE-2015-8491
	REJECTED
CVE-2015-8490
	REJECTED
CVE-2015-8489 (customapp in Cybozu Office 9.9.0 through 10.3.0 allows remote ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8488 (Cybozu Office 10.3.0 allows remote attackers to read image files via a ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8487 (Cybozu Office 9.0.0 through 10.3 allows remote attackers to discover ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8486 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8485 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8484 (Cybozu Office 9.9.0 through 10.3.0 allows remote authenticated users ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8483 (Open redirect vulnerability in Cybozu Office 10.2.0 through 10.3.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-8482 (Blue Coat Unified Agent before 4.6.2 does not prevent modification of ...)
	NOT-FOR-US: Blue Coat Unified Agent
CVE-2015-8481 (Atlassian JIRA Software 7.0.3, JIRA Core 7.0.3, and the bundled JIRA ...)
	NOT-FOR-US: Atlassian
CVE-2015-8504 (Qemu, when built with VNC display driver support, allows remote ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #808130)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Fixed by http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4c65fed8bdf96780735dbdb92a8bd0d6b6526cc3 (v2.5.0-rc3)
	NOTE: Issue possibly introduced after http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cec5487990bf3f1f22b3fcb871978255e92ae0d (v0.10.0)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/4
CVE-2016-0200 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0199 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0198 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0197 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the ...)
	NOT-FOR-US: Microsoft
CVE-2016-0196 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0195 (The Imaging Component in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0194 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0193 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0192 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-0191 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0190 (Volume Manager Driver in Microsoft Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0189 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as ...)
	NOT-FOR-US: Microsoft
CVE-2016-0188 (The User Mode Code Integrity (UMCI) implementation in Device Guard in ...)
	NOT-FOR-US: Microsoft
CVE-2016-0187 (The Microsoft (1) JScript 5.8 and (2) VBScript 5.8 engines, as used in ...)
	NOT-FOR-US: Microsoft
CVE-2016-0186 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0185 (Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0184 (Use-after-free vulnerability in GDI in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0183 (The Windows font library in Microsoft Office 2010 SP2, Word 2010 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0182 (Windows Journal in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0181 (Microsoft Windows 10 Gold and 1511 allows local users to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2016-0180 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0179 (Windows Shell in Microsoft Windows 8.1, Windows Server 2012 R2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0178 (The RPC NDR Engine in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0177
	REJECTED
CVE-2016-0176 (dxgkrnl.sys in the DirectX Graphics kernel subsystem in the ...)
	NOT-FOR-US: Microsoft
CVE-2016-0175 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0174 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0173 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0172
	REJECTED
CVE-2016-0171 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0170 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0169 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0168 (GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0167 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0166 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0165 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0164 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0163
	REJECTED
CVE-2016-0162 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0161 (Microsoft Edge allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0160 (Microsoft Internet Explorer 11 mishandles DLL loading, which allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0159 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0158 (Microsoft Edge allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0157 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0156 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0155 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft Edge
CVE-2016-0154 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2016-0153 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0152 (Internet Information Services (IIS) in Microsoft Windows Vista SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0151 (The Client-Server Run-time Subsystem (CSRSS) in Microsoft Windows 8.1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0150 (HTTP.sys in Microsoft Windows 10 Gold and 1511 allows remote attackers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0149 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0148 (Microsoft .NET Framework 4.6 and 4.6.1 mishandles library loading, ...)
	NOT-FOR-US: Microsoft .NET
CVE-2016-0147 (Microsoft XML Core Services 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2016-0146
	REJECTED
CVE-2016-0145 (The font library in Microsoft Windows Vista SP2; Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0144
	REJECTED
CVE-2016-0143 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0142 (Video Control in Microsoft Windows Vista SP2, Windows 7 SP1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0141 (The Visual Basic macros in Microsoft Office 2007 SP3, 2010 SP2, 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0140 (Microsoft Office 2007 SP3, Office 2010 SP2, Word Automation Services ...)
	NOT-FOR-US: Microsoft
CVE-2016-0139 (Microsoft Excel 2010 SP2, Word for Mac 2011, and Excel Viewer allow ...)
	NOT-FOR-US: Microsoft Excel
CVE-2016-0138 (Microsoft Exchange Server 2007 SP3, 2010 SP3, 2013 SP1, 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0137 (The Click-to-Run (C2R) implementation in Microsoft Office 2013 SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0136 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft Excel
CVE-2016-0135 (The Secondary Logon Service in Microsoft Windows 10 Gold and 1511 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0134 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0133 (The USB Mass Storage Class driver in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0132 (Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0131
	REJECTED
CVE-2016-0130 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-0129 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-0128 (The SAM and LSAD protocol implementations in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft Windows
CVE-2016-0127 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft Word
CVE-2016-0126 (Microsoft Office 2013 SP1, 2013 RT SP1, and 2016 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0125 (Microsoft Edge mishandles the Referer policy, which allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0124 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-0123 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-0122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0121 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0120 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0119
	REJECTED
CVE-2016-0118 (The PDF library in Microsoft Windows 10 Gold and 1511 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0117 (The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0116 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-0115
	REJECTED
CVE-2016-0114 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0113 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0112 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0111 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-0110 (Microsoft Internet Explorer 10 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-0109 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0108 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0107 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0106 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0105 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-0104 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0103 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0102 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0101 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0100 (Microsoft Windows Vista SP2 and Server 2008 SP2 mishandle library ...)
	NOT-FOR-US: Microsoft
CVE-2016-0099 (The Secondary Logon Service in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0098 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8.1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0097
	REJECTED
CVE-2016-0096 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0095 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0094 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0093 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0092 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0091 (OLE in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0090 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0089 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0088 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0087 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0086
	REJECTED
CVE-2016-0085
	REJECTED
CVE-2016-0084 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2016-0083
	REJECTED
CVE-2016-0082
	REJECTED
CVE-2016-0081
	REJECTED
CVE-2016-0080 (Microsoft Edge mishandles exceptions during window-message dispatch ...)
	NOT-FOR-US: Microsoft
CVE-2016-0079 (The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local ...)
	NOT-FOR-US: Microsoft
CVE-2016-0078
	REJECTED
CVE-2016-0077 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge misparse ...)
	NOT-FOR-US: Microsoft
CVE-2016-0076
	REJECTED
CVE-2016-0075 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0074
	REJECTED
CVE-2016-0073 (The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0072 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0071 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0070 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0069 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0068 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0067 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0066
	REJECTED
CVE-2016-0065
	REJECTED
CVE-2016-0064 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2016-0063 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0062 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0061 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-0060 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2016-0059 (The Hyperlink Object Library in Microsoft Internet Explorer 9 through ...)
	NOT-FOR-US: Microsoft
CVE-2016-0058 (Buffer overflow in the PDF Library in Microsoft Windows 8.1, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0057 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2016 does not ...)
	NOT-FOR-US: Microsoft
CVE-2016-0056 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0055 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2016-0054 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0053 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0052 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0051 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0050 (Network Policy Server (NPS) in Microsoft Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0049 (Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0048 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2016-0047 (WinForms in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0046 (Windows Reader in Microsoft Windows 8.1, Windows Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0045
	REJECTED
CVE-2016-0044 (Sync Framework in Microsoft Windows 8.1, Windows Server 2012 R2, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0043
	REJECTED
CVE-2016-0042 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0041 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0040 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0039 (Cross-site scripting (XSS) vulnerability in SharePoint Server in ...)
	NOT-FOR-US: Microsoft
CVE-2016-0038 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0037 (The forms-based authentication implementation in Active Directory ...)
	NOT-FOR-US: Microsoft
CVE-2016-0036 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0035 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0034 (Microsoft Silverlight 5 before 5.1.41212.0 mishandles negative offsets ...)
	NOT-FOR-US: Microsoft
CVE-2016-0033 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, and 4.6.1 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0032 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2016-0031 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2016-0030 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2016-0029 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2016-0028 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0027
	REJECTED
CVE-2016-0026 (The Common Log File System (CLFS) driver in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2016-0025 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0024 (The Chakra JavaScript engine in Microsoft Edge allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2016-0023
	REJECTED
CVE-2016-0022 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0021 (Microsoft InfoPath 2007 SP3, 2010 SP2, and 2013 SP1 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2016-0020 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0019 (The Remote Desktop Protocol (RDP) service implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2016-0018 (Microsoft Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0017
	REJECTED
CVE-2016-0016 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0015 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2016-0014 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0013
	REJECTED
CVE-2016-0012 (Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio ...)
	NOT-FOR-US: Microsoft
CVE-2016-0011 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0010 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
	NOT-FOR-US: Microsoft
CVE-2016-0009 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2016-0008 (The graphics device interface in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0007 (The sandbox implementation in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0006 (The sandbox implementation in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2016-0005 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2016-0004
	REJECTED
CVE-2016-0003 (Microsoft Edge allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: Microsoft
CVE-2016-0002 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsoft
CVE-2016-0001
	REJECTED
CVE-2015-8480 (The VideoFramePool::PoolImpl::CreateFrame function in ...)
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8479 (Use-after-free vulnerability in the ...)
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8478 (Multiple unspecified vulnerabilities in Google V8 before 4.7.80.23, as ...)
	- chromium-browser 47.0.2526-73-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-8475
	RESERVED
CVE-2015-8471
	RESERVED
	NOT-FOR-US: ATutor
CVE-2015-8470 (The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not ...)
	NOT-FOR-US: Puppet Enterprise
CVE-2015-8469
	RESERVED
CVE-2015-8468
	RESERVED
CVE-2015-8467 (The samldb_check_user_account_control_acl function in ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	NOTE: https://www.samba.org/samba/security/CVE-2015-8467.html
CVE-2015-8466 (Swift3 before 1.9 allows remote attackers to conduct replay attacks ...)
	{DSA-3583-1}
	- swift-plugin-s3 1.9-1 (bug #822688)
CVE-2014-9758 (Cross-site scripting (XSS) vulnerability in Magento E-Commerce ...)
	NOT-FOR-US: Magento
CVE-2015-XXXX [uses non-random tempdir /tmp/tmprepo.0/.git/]
	- git-repair 1.20151215-1 (unimportant; bug #807341)
	NOTE: Non-exploitable on release archs due to kernel hardening
CVE-2015-8537 (app/views/journals/index.builder in Redmine before 2.6.9, 3.0.x before ...)
	{DSA-3529-1}
	- redmine 3.2.0-1 (bug #807826)
	[squeeze] - redmine <not-affected> (Vulnerable code not present in 1.0.1)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/21419 (private)
	NOTE: https://github.com/redmine/redmine/commit/7e423fb4538247d59e01958c48b491f196a1de56
	NOTE: upstream fixed in 2.6.9, 3.0.6 and 3.1.3
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/08/8
CVE-2016-1000033 (Shotwell version 0.22.0 (and possibly other versions) is vulnerable to ...)
	- shotwell 0.22.0-3 (low; bug #807110)
	[jessie] - shotwell <no-dsa> (Minor issue)
	[wheezy] - shotwell <no-dsa> (Minor issue)
	[squeeze] - shotwell <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=754488
CVE-2015-8476 (Multiple CRLF injection vulnerabilities in PHPMailer before 5.2.14 ...)
	{DSA-3416-1 DLA-363-1}
	- libphp-phpmailer 5.2.14+dfsg-1 (bug #807265)
	NOTE: https://github.com/PHPMailer/PHPMailer/commit/6687a96a18b8f12148881e4ddde795ae477284b0 (v5.2.14)
CVE-2015-8474 (Open redirect vulnerability in the valid_back_url function in ...)
	{DSA-3529-1}
	- redmine 3.2.0-1 (bug #807272)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: http://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/19577 (private)
	NOTE: commit: https://github.com/redmine/redmine/commit/032f2c9be6520d9d1a1608aa4f1d5d1f184f2472
	NOTE: upstream fixed in 2.6.7, 3.0.5 and 3.1.1
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/04/1
	NOTE: depends on the CVE-2014-1985 fix first
CVE-2015-8473 (The Issues API in Redmine before 2.6.8, 3.0.x before 3.0.6, and 3.1.x ...)
	{DSA-3529-1}
	- redmine 3.2.0-1 (bug #807345)
	[squeeze] - redmine <not-affected> (code dates from the API changes introduced in 735a83c, part of 1.1)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
	NOTE: https://www.redmine.org/issues/21136
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/7
	NOTE: https://github.com/redmine/redmine/commit/8d8f612fa368a72c56b63f7ce6b7e98cab9feb22
CVE-2015-8465
	RESERVED
CVE-2015-8464
	RESERVED
CVE-2015-8463
	RESERVED
CVE-2015-8462
	RESERVED
CVE-2015-8461 (Race condition in resolver.c in named in ISC BIND 9.9.8 before ...)
	- bind9 <not-affected> (Only affects 9.9.8 -> 9.9.8-P1, 9.9.8-S1 -> 9.9.8-S2, 9.10.3 -> 9.10.3-P1)
	NOTE: https://kb.isc.org/article/AA-01319
CVE-2015-8460 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8459 (Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8458 (Heap-based buffer overflow in AGM.dll in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-8457 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8456 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8455 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8454 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8453 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8452 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8451 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8450 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8449 (Use-after-free vulnerability in the MovieClip object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8448 (Use-after-free vulnerability in the DisplacementMapFilter object ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8447 (Use-after-free vulnerability in the Color object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8446 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8445 (Integer overflow in the Shader filter implementation in Adobe Flash ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8444 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8443 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8442 (Use-after-free vulnerability in the MovieClip object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8441 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8440 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8439 (The SharedObject object implementation in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8438 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.268 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8437 (Use-after-free vulnerability in the Selection object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8436 (Use-after-free vulnerability in the PrintJob object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8435 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8434 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8433 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8432 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8431 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8430 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8429 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8428 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8427 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8426 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8425 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8424 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8423 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8422 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8421 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8420 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8419 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8418 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8417 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8416 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8415 (Buffer overflow in Adobe Flash Player before 18.0.0.268 and 19.x and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8414 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8413 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8412 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8411 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8410 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8409 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8408 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8407 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8406 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8405 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8404 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8403 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8402 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8401 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8399 (Atlassian Confluence before 5.8.17 allows remote authenticated users ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2015-8398 (Cross-site scripting (XSS) vulnerability in Atlassian Confluence ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2015-8397 (The JPEGLSCodec::DecodeExtent function in ...)
	- gdcm 2.6.2-1
	[jessie] - gdcm 2.4.4-3+deb8u1
	[wheezy] - gdcm <not-affected> (Vulnerable code not present)
	[squeeze] - gdcm <not-affected> (Vulnerable code not present)
	NOTE: http://census-labs.com/news/2016/01/11/gdcm-out-bounds-read-jpeglscodec-decodeextent/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e547b1ded3fd21e0b0ad149f13045aa12d4b9b7c/
CVE-2015-8396 (Integer overflow in the ImageRegionReader::ReadIntoBuffer function in ...)
	- gdcm 2.6.2-1
	[jessie] - gdcm 2.4.4-3+deb8u1
	[wheezy] - gdcm <no-dsa> (Minor issue)
	[squeeze] - gdcm <not-affected> (Vulnerable code not present)
	NOTE: http://census-labs.com/news/2016/01/11/gdcm-buffer-overflow-imageregionreaderreadintobuffer/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/0f6f82052484774d072784f32105cecc79c45c19/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/92cd6d7fe0d01c61cf68ac4ef65ef388ee252415/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/9cbca25ff7f20c432b61eb9f4cae43a946502b66/
	NOTE: http://sourceforge.net/p/gdcm/gdcm/ci/e0dd1114c82d372dd905c029ddbee4e81ed01a89/
CVE-2012-6704 (The sock_setsockopt function in net/core/sock.c in the Linux kernel ...)
	{DLA-772-1}
	- linux 3.8.11-1
	NOTE: Fixed by: https://git.kernel.org/linus/82981930125abfd39d7c8378a9cfdf5e1be2002b (v3.5-rc1)
CVE-2012-6703 (Integer overflow in the snd_compr_allocate_buffer function in ...)
	- linux 3.8.11-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/linus/b35cc8225845112a616e3a2266d2fde5ab13d3ab (3.7-rc1)
CVE-2012-6702 (Expat, when used in a parser that has not called XML_SetHashSalt or ...)
	{DSA-3597-1 DLA-508-1}
	- expat 2.1.1-3
CVE-2012-6701 (Integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows ...)
	- linux <not-affected> (Fixed in v3.2.19; which was before src:linux rename)
	- linux-2.6 3.2.19-1
	NOTE: https://git.kernel.org/linus/a70b52ec1aaeaf60f4739edb1b422827cb6f3893 (v3.5-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=07343eab681bf8c22a2b31d978569a5f65253171 (v3.2.19)
CVE-2012-6700 (The decode_search function in dhcp.c in dhcpcd 3.x does not properly ...)
	{DSA-3534-1 DLA-362-1}
	- dhcpcd <removed>
	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2012-6699 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP ...)
	{DSA-3534-1}
	- dhcpcd <removed>
	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2012-6698 (The decode_search function in dhcp.c in dhcpcd 3.x allows remote DHCP ...)
	{DSA-3534-1 DLA-362-1}
	- dhcpcd <removed>
	NOTE: https://launchpadlibrarian.net/228152582/dhcp.c.patch
	NOTE: original ubuntu bug: https://bugs.launchpad.net/ubuntu/+source/dhcpcd/+bug/1517226
CVE-2015-8379 (CakePHP 2.x and 3.x before 3.1.5 might allow remote attackers to ...)
	- cakephp 2.8.0-1 (bug #832316)
	[jessie] - cakephp <no-dsa> (Minor issue)
	[wheezy] - cakephp <not-affected> (vulnerable code not present)
	NOTE: http://karmainsecurity.com/KIS-2016-01
	NOTE: https://github.com/cakephp/cakephp/commit/0f818a23a876c01429196bf7623e1e94a50230f0
CVE-2015-8400 (The HTTPS fallback implementation in Shell In A Box (aka shellinabox) ...)
	- shellinabox 2.19
	[jessie] - shellinabox <no-dsa> (Minor issue)
	[wheezy] - shellinabox <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/02/6
CVE-2015-8377 (SQL injection vulnerability in the host_new_graphs_save function in ...)
	{DSA-3494-1 DLA-374-1}
	- cacti 0.8.8f+ds1-4
	NOTE: http://bugs.cacti.net/view.php?id=2655
	NOTE: http://seclists.org/fulldisclosure/2015/Dec/att-57/cacti_sqli%281%29.txt
CVE-2015-XXXX [Avoid unbounded SFTP extended attribute key/values]
	- proftpd-dfsg 1.3.5b-1
	[jessie] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
	[wheezy] - proftpd-dfsg <no-dsa> (Minor issue; can be fixed in point release)
	[squeeze] - proftpd-dfsg <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4210
	NOTE: https://github.com/proftpd/proftpd/pull/171
CVE-2015-8376 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...)
	NOT-FOR-US: Microsoft
CVE-2015-8373 (The kea-dhcp4 and kea-dhcp6 servers 0.9.2 and 1.0.0-beta in ISC Kea, ...)
	- isc-kea <not-affected> (Fixed before the initial version uploaded to Debian)
CVE-2015-8372
	RESERVED
CVE-2015-8371 [Composer Cache Injection vulnerability]
	RESERVED
	- composer 1.0.0~alpha11-3
	NOTE: http://flyingmana.de/blog_en/2016/02/14/composer_cache_injection_vulnerability_cve_2015_8371.html
CVE-2015-8370 (Multiple integer underflows in Grub2 1.98 through 2.02 allow ...)
	{DSA-3421-1 DLA-368-1}
	- grub2 2.02~beta2-33 (bug #807614)
	NOTE: https://twitter.com/lostinsecurity/status/674925944524640257
	NOTE: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
CVE-2015-8369 (SQL injection vulnerability in include/top_graph_header.php in Cacti ...)
	{DSA-3423-1 DLA-374-1}
	- cacti 0.8.8f+ds1-3 (bug #807599)
	NOTE: http://bugs.cacti.net/view.php?id=2646
CVE-2015-8378 (In KeePassX before 0.4.4, a cleartext copy of password data is created ...)
	- keepassx 0.4.3+dfsg-1 (bug #791858)
	[jessie] - keepassx 0.4.3+dfsg-0.1+deb8u1
	[wheezy] - keepassx <no-dsa> (Minor issue)
	[squeeze] - keepassx <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/30/4
CVE-2015-8375 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. ...)
	NOT-FOR-US: PHP-Fusion
CVE-2015-8368 (ntopng (aka ntop) before 2.2 allows remote authenticated users to ...)
	- ntopng 2.2+dfsg1-1 (bug #816190)
	[jessie] - ntopng <no-dsa> (Minor issue)
	NOTE: fixed upstream in 2.2
	NOTE: https://www.exploit-db.com/exploits/38836/
	NOTE: https://github.com/ntop/ntopng/commit/2e0620be3410f5e22c9aa47e261bc5a12be692c6
CVE-2015-8367 [Memory objects are not intialized properly]
	RESERVED
	- libraw 0.17.1-1 (bug #806809)
	[jessie] - libraw 0.16.0-9+deb8u2
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	[squeeze] - libraw <not-affected> (Vulnerable code not present)
	- dcraw <not-affected> (Vulnerable code not present)
	- kodi <not-affected> (Vulnerable code not present)
	- darktable 2.0.0-1
	[jessie] - darktable <not-affected> (Vulnerable code not present)
	[wheezy] - darktable <not-affected> (Vulnerable code not present)
	[squeeze] - darktable <not-affected> (Vulnerable code not present)
	- ufraw <not-affected> (Vulnerable code not present)
	- rawtherapee <not-affected> (Vulnerable code not present)
	- exactimage <not-affected> (Vulnerable code not present)
	- xbmc <not-affected>
	[jessie] - xbmc <not-affected> (Transitional dummy package)
	[wheezy] - xbmc <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
	NOTE: Introduced by: https://github.com/LibRaw/LibRaw/commit/7b1430c76a19c93f3cc755bb2ff9bda0ba9b4082 (0.15.0)
CVE-2015-8366 [Index overflow in smal_decode_segment]
	RESERVED
	- libraw 0.17.1-1 (bug #806809)
	[jessie] - libraw 0.16.0-9+deb8u2
	[wheezy] - libraw <not-affected> (Vulnerable code not present)
	[squeeze] - libraw <not-affected> (Vulnerable code not present)
	- dcraw <unfixed> (bug #864168)
	[stretch] - dcraw <no-dsa> (Minor issue)
	[jessie] - dcraw <no-dsa> (Minor issue)
	[wheezy] - dcraw <not-affected> (Vulnerable code not present)
	[squeeze] - dcraw <not-affected> (Vulnerable code not present)
	- kodi <not-affected> (Vulnerable code not present)
	- darktable 2.0.0-1
	[jessie] - darktable <not-affected> (Vulnerable code not present)
	[wheezy] - darktable <not-affected> (Vulnerable code not present)
	[squeeze] - darktable <not-affected> (Vulnerable code not present)
	- ufraw 0.20-4 (bug #818882)
	[jessie] - ufraw <no-dsa> (Minor issue)
	[wheezy] - ufraw <not-affected> (Vulnerable code not present)
	[squeeze] - ufraw <not-affected> (Vulnerable code not present)
	- rawtherapee 4.2.1241-2
	[jessie] - rawtherapee 4.2-1+deb8u2
	[wheezy] - rawtherapee <not-affected> (Vulnerable code not present)
	[squeeze] - rawtherapee <not-affected> (Vulnerable code not present)
	- exactimage 0.9.1-13
	[jessie] - exactimage 0.8.9-7+deb8u2
	[wheezy] - exactimage <not-affected> (Vulnerable code not present)
	[squeeze] - exactimage <not-affected> (Vulnerable code not present)
	NOTE: exactimage: smal_decode_segment inside dcraw.h not dcraw.c
	- xbmc <not-affected>
	[jessie] - xbmc <not-affected> (Transitional dummy package)
	[wheezy] - xbmc <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/89d065424f09b788f443734d44857289489ca9e2
CVE-2015-8365 (The smka_decode_frame function in libavcodec/smacker.c in FFmpeg ...)
	{DSA-4012-1 DLA-1142-1}
	- ffmpeg 7:2.8.3-1 (bug #806519)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4a9af07a49295e014b059c1ab624c40345af5892
	NOTE: fix for the libav 11.9 branch: https://git.libav.org/?p=libav.git;a=commit;h=v11.9-5-g88762a0
	NOTE: fix for the libav 0.8 branch: https://git.libav.org/?p=libav.git;a=commit;h=9fba59f471725e5235d5378e795ebf8b59472817
CVE-2015-8364 (Integer overflow in the ff_ivi_init_planes function in ...)
	- ffmpeg 7:2.8.3-1 (bug #806519)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=df91aa034b82b77a3c4e01791f4a2b2ff6c82066
CVE-2015-8363 (The jpeg2000_read_main_headers function in libavcodec/jpeg2000dec.c in ...)
	- ffmpeg 7:2.8.3-1 (bug #806519)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=44a7f17d0b20e6f8d836b2957e3e357b639f19a2
CVE-2015-8362 (The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices ...)
	NOT-FOR-US: Harman AMX
CVE-2015-8361 (Multiple unspecified services in Atlassian Bamboo before 5.9.9 and ...)
	NOT-FOR-US: Atlassian
CVE-2015-8360 (An unspecified resource in Atlassian Bamboo before 5.9.9 and 5.10.x ...)
	NOT-FOR-US: Atlassian
CVE-2015-8359
	RESERVED
CVE-2015-8358 (Directory traversal vulnerability in the bitrix.mpbuilder module ...)
	NOT-FOR-US: Bitrix
CVE-2015-8357 (Directory traversal vulnerability in the bitrix.xscan module before ...)
	NOT-FOR-US: Bitrix
CVE-2015-8356 (Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 ...)
	NOT-FOR-US: Bitrix
CVE-2015-8355 (Multiple SQL injection vulnerabilities in the orion.extfeedbackform ...)
	NOT-FOR-US: Bitrix
CVE-2015-8354 (Cross-site scripting (XSS) vulnerability in the Ultimate Member ...)
	NOT-FOR-US: WordPress plugin ultimate-member
CVE-2015-8353 (Cross-site scripting (XSS) vulnerability in the Role Scoper plugin ...)
	NOT-FOR-US: WordPress plugin role-scoper
CVE-2015-8352 (Directory traversal vulnerability in Zen Cart 1.5.4 allows remote ...)
	NOT-FOR-US: Zen Cart
CVE-2015-8351 (PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin ...)
	NOT-FOR-US: WordPress plugin gwolle-gb
CVE-2015-8350 (Multiple cross-site scripting (XSS) vulnerabilities in the Calls to ...)
	NOT-FOR-US: WordPress plugin cta
CVE-2015-8349 (Cross-site scripting (XSS) vulnerability in SourceBans before 2.0 ...)
	NOT-FOR-US: SourceBeans
CVE-2015-8348
	RESERVED
CVE-2015-8347
	RESERVED
CVE-2015-8344
	RESERVED
CVE-2015-8343
	RESERVED
CVE-2015-8342
	REJECTED
CVE-2015-8341 (The libxl toolstack library in Xen 4.1.x through 4.6.x does not ...)
	{DSA-3519-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-160.html
CVE-2015-8340 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8339 (The memory_exchange function in common/memory.c in Xen 3.2.x through ...)
	{DSA-3519-1 DLA-479-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-159.html
CVE-2015-8338 (Xen 4.6.x and earlier does not properly enforce limits on page order ...)
	{DSA-3633-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[wheezy] - xen <not-affected> (Only affects Xen on arm)
	[squeeze] - xen <not-affected> (Only affects Xen on arm)
	NOTE: http://xenbits.xen.org/xsa/advisory-158.html
CVE-2014-9757 (The Ignite Realtime Smack XMPP API, as used in Atlassian Bamboo before ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2015-8374 (fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles ...)
	- linux 4.2.6-2
	[jessie] - linux 3.16.7-ckt20-1+deb8u1
	[wheezy] - linux 3.2.78-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0305cd5f7fca85dae392b9ba85b116896eb7c1c7 (v4.4-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/27/2
	NOTE: CVE assignment for the vulnerability with the impact of "User B now
	NOTE: gets to see the 1000 bytes that user A truncated from its file before
	NOTE: it made its file world readable"
CVE-2015-8337 (The HIFI driver in Huawei P8 phones with software GRA-TL00 before ...)
	NOT-FOR-US: Huawei
CVE-2015-8336 (Huawei FusionCompute with software before V100R005C10SPC700 allows ...)
	NOT-FOR-US: Huawei FusionCompute
CVE-2015-8335 (Huawei VCN500 with software before V100R002C00SPC201 logs passwords in ...)
	NOT-FOR-US: Huawei
CVE-2015-8334 (SQL injection vulnerability in the Operation and Maintenance Unit ...)
	NOT-FOR-US: Huawei
CVE-2015-8333 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with ...)
	NOT-FOR-US: Huawei
CVE-2015-8332 (Huawei Video Content Management (VCM) before V100R001C10SPC001 does ...)
	NOT-FOR-US: Huawei
CVE-2015-8331 (The Operation and Maintenance Unit (OMU) in Huawei VCN500 with ...)
	NOT-FOR-US: Huawei
CVE-2015-8330 (The PCo agent in SAP Plant Connectivity (PCo) allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2015-8329 (SAP Manufacturing Integration and Intelligence (aka MII, formerly ...)
	NOT-FOR-US: SAP
CVE-2015-8328 (Unspecified vulnerability in the NVAPI support layer in the NVIDIA GPU ...)
	- nvidia-graphics-drivers <not-affected> (Windows only)
CVE-2015-8327 (Incomplete blacklist vulnerability in util.c in foomatic-rip in ...)
	{DSA-3429-1 DSA-3411-1 DLA-365-1}
	- cups-filters 1.2.0-1
	[wheezy] - cups-filters <not-affected> (Vulnerable code not present; introduced in 1.0.42)
	- foomatic-filters 4.0.17-7 (bug #806886)
CVE-2015-8325 (The do_setup_env function in session.c in sshd in OpenSSH through ...)
	{DSA-3550-1}
	- openssh 1:7.2p2-3
	NOTE: Upstream fix: https://anongit.mindrot.org/openssh.git/commit/?id=85bdcd7c92fe7ff133bbc4e10a65c91810f88755
CVE-2015-XXXX [RCE in gitlab-shell 2.6.6-2.6.7]
	- gitlab-shell <not-affected> (Only affects version 2.6.6-2.6.7)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/11/25/5
CVE-2015-8345 (The eepro100 emulator in QEMU qemu-kvm blank allows local guest users ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #806373)
	[jessie] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[wheezy] - qemu <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[jessie] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, can be fixed along in a later DSA)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-10/msg03911.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/3
CVE-2015-8346 (app/views/timelog/_form.html.erb in Redmine before 2.6.8, 3.0.x before ...)
	{DSA-3529-1 DLA-351-1}
	- redmine 3.2.0-1 (bug #806376)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_3_0
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/21150 (private)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/25/1
	NOTE: Commit: https://github.com/redmine/redmine/commit/945a091c94a9ed651f61e225fa8646479478e9d4
	NOTE: Commit: https://github.com/redmine/redmine/commit/c096dde88ff02872ba35edc4dc403c80a7867b5c
	NOTE: For squeeze, the bug is in app/views/timelog/edit.rhtml
	NOTE: upstream fixed in 2.6.8, 3.0.6 and 3.1.2
CVE-2015-XXXX [Insecure permissions for backup directory]
	- dbconfig-common 1.8.58 (bug #805638)
	[jessie] - dbconfig-common 1.8.47+nmu3+deb8u1
	[wheezy] - dbconfig-common 1.8.47+nmu1+deb7u1
	[squeeze] - dbconfig-common 1.8.46+squeeze.1
	NOTE: Workaround entry for DLA-390-1 (since no CVE for this issue)
CVE-2015-8323
	RESERVED
CVE-2015-8322 (NetApp OnCommand System Manager 8.3.x before 8.3.2 allows remote ...)
	NOT-FOR-US: NetApp
CVE-2015-8326 (The IPTables-Parse module before 1.6 for Perl allows local users to ...)
	- libiptables-parse-perl 1.6-1
	[jessie] - libiptables-parse-perl 1.1-1+deb8u1
	[wheezy] - libiptables-parse-perl 1.1-1+deb7u1
	[squeeze] - libiptables-parse-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/mtrmac/IPTables-Parse/commit/b400b976d81140f6971132e94eb7657b5b0a2b87
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/24/6
CVE-2015-8381 (The compile_regex function in pcre_compile.c in PCRE before 8.38 and ...)
	- pcre3 2:8.38-1 (bug #796762; bug #795539)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1672
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/24/1
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1667
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/05/3
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1250943
CVE-2015-8380 (The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a ...)
	- pcre3 2:8.38-1 (bug #806467)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: For wheezy: same code looks present around patched lines, though the
	NOTE: reproducer does not lead to a crash, and just gives
	NOTE: "Matched, but too many substrings"
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 8.38 upstream
	- pcre2 <not-affected>
	NOTE: Commit: http://vcs.pcre.org/pcre?view=revision&revision=1565
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1637
	NOTE: https://blog.fuzzing-project.org/29-Heap-Overflow-in-PCRE.html
CVE-2015-8321
	RESERVED
CVE-2015-8319 (Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones ...)
	NOT-FOR-US: Huawei
CVE-2015-8318 (Heap-based buffer overflow in the HIFI driver in Huawei P8 smartphones ...)
	NOT-FOR-US: Huawei
CVE-2015-8315 (The ms package before 0.7.1 for Node.js allows attackers to cause a ...)
	- node-ms <not-affected> (Fixed before initial upload to Debian)
CVE-2015-8314
	RESERVED
CVE-2015-8313 [fail to check the first byte of the padding in CBC modes]
	RESERVED
	{DSA-3408-1 DLA-364-1}
	- gnutls28 <not-affected> (Vulnerable code not present)
	- gnutls26 <removed>
	NOTE: https://blog.hboeck.de/archives/877-A-little-POODLE-left-in-GnuTLS-old-versions.html
CVE-2015-8312 (Off-by-one error in afs_pioctl.c in OpenAFS before 1.6.16 might allow ...)
	{DSA-3569-1 DLA-493-1}
	- openafs 1.6.17-1
	NOTE: http://git.openafs.org/?p=openafs.git;a=commitdiff;h=2ef863720da4d9f368aaca0461c672a3008195ca
	NOTE: http://rt.central.org/rt/Ticket/Display.html?id=132256
CVE-2015-8311
	RESERVED
CVE-2015-8310 (Cross-site scripting (XSS) vulnerability in Cherry Music before 0.36.0 ...)
	NOT-FOR-US: Cherry Music
CVE-2015-8309 (Directory traversal vulnerability in Cherry Music before 0.36.0 allows ...)
	NOT-FOR-US: Cherry Music
CVE-2015-8307 (The Graphics driver in Huawei P8 smartphones with software GRA-TL00 ...)
	NOT-FOR-US: Huawei
CVE-2015-8306 (Buffer overflow in the HIFI driver in Huawei P8 phones with software ...)
	NOT-FOR-US: Huawei
CVE-2015-8305 (Huawei Sophia-L10 smartphones with software before P7-L10C900B852 ...)
	NOT-FOR-US: Huawei
CVE-2015-8304 (Integer overflow in Huawei P7 phones with software before P7-L07 ...)
	NOT-FOR-US: Huawei
CVE-2015-8303 (Huawei Document Security Management (DSM) with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-8302
	RESERVED
CVE-2015-8301
	RESERVED
CVE-2015-8324 (The ext4 implementation in the Linux kernel before 2.6.34 does not ...)
	{DLA-360-1}
	- linux 2.6.37-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/23/2
	NOTE: https://bugs.openvz.org/browse/OVZ-6541
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1267261
	NOTE: Commit fixing the issue: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=744692dc059845b2a3022119871846e74d4f6e11 (v2.6.34-rc1)
CVE-2015-8320 (Apache Cordova-Android before 3.7.0 improperly generates random values ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-8316 (Array index error in LightDM (aka Light Display Manager) 1.14.3, ...)
	- lightdm 1.16.6-1
	[jessie] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
	[wheezy] - lightdm <not-affected> (Affects 1.14.x, 1.16.x and development 1.17.x)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/21/2
	NOTE: https://bugs.launchpad.net/lightdm/+bug/15168
	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.14/revision/2166 (1.14.x)
	NOTE: https://bazaar.launchpad.net/~lightdm-team/lightdm/1.16/revision/2207 (1.16.x)
CVE-2015-8300 (Polycom BToE Connector before 3.0.0 uses weak permissions (Everyone: ...)
	NOT-FOR-US: Polycom BToE Connector
CVE-2015-8299 (Buffer overflow in the Group messages monitor (Falcon) in KNX ETS ...)
	NOT-FOR-US: Falcon
CVE-2015-8298
	RESERVED
CVE-2015-8297
	REJECTED
CVE-2015-8296
	REJECTED
CVE-2015-8295
	REJECTED
CVE-2015-8294
	REJECTED
CVE-2015-8293
	REJECTED
CVE-2015-8292
	REJECTED
CVE-2015-8291
	REJECTED
CVE-2015-8290
	REJECTED
CVE-2015-8289 (The password-recovery feature on NETGEAR D3600 devices with firmware ...)
	NOT-FOR-US: Netgear routers
CVE-2015-8288 (NETGEAR D3600 devices with firmware 1.0.0.49 and D6000 devices with ...)
	NOT-FOR-US: Netgear routers
CVE-2015-8287 (Swann SRNVW-470LCD devices with firmware through 0114 and SWNVW-470CAM ...)
	NOT-FOR-US: Swann
CVE-2015-8286 (Zhuhai RaySharp firmware has a hardcoded root password, which makes it ...)
	NOT-FOR-US: Zhuhai RaySharp
CVE-2015-8285 (The webssx.sys driver in QuickHeal 16.00 allows remote attackers to ...)
	NOT-FOR-US: QuickHeal
CVE-2015-8284 (SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to ...)
	NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8283 (Directory traversal vulnerability in configure_manage.php in SeaWell ...)
	NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8282 (SeaWell Networks Spectrum SDC 02.05.00 has a default password of ...)
	NOT-FOR-US: SeaWell Networks Spectrum
CVE-2015-8281 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to ...)
	NOT-FOR-US: Samsung
CVE-2015-8280 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote ...)
	NOT-FOR-US: Samsung
CVE-2015-8279 (Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote ...)
	NOT-FOR-US: Samsung
CVE-2015-8278
	RESERVED
CVE-2015-8277 (Multiple buffer overflows in (1) lmgrd and (2) Vendor Daemon in ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2015-8276 (LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow ...)
	NOT-FOR-US: LVRTC eParakstitajs
CVE-2015-8275 (LVRTC eParakstitajs 3.0 (1.3.0) and edoc-libraries-2.5.4_01 allow ...)
	NOT-FOR-US: LVRTC eParakstitajs
CVE-2015-8274
	RESERVED
CVE-2015-8273
	RESERVED
CVE-2015-8272 (RTMPDump 2.4 allows remote attackers to trigger a denial of service ...)
	{DSA-3850-1 DLA-917-1}
	- rtmpdump 2.4+20151223.gitfa8646d.1-1
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0068/
	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
	NOTE: to missing upstream source import the fixes are really only present in
	NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8271 (The AMF3CD_AddProp function in amf.c in RTMPDump 2.4 allows remote ...)
	{DSA-3850-1 DLA-917-1}
	- rtmpdump 2.4+20151223.gitfa8646d.1-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0067/
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/530f9bb2a02a78c1198fb2bf0293a12d225e4691
	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
	NOTE: to missing upstream source import the fixes are really only present in
	NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8270 (The AMF3ReadString function in amf.c in RTMPDump 2.4 allows remote ...)
	{DSA-3850-1 DLA-917-1}
	- rtmpdump 2.4+20151223.gitfa8646d.1-1
	NOTE: http://www.talosintelligence.com/reports/TALOS-2016-0066/
	NOTE: http://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e
	NOTE: Correct Debian version would have been 2.4+20151223.gitfa8646d-1 but due
	NOTE: to missing upstream source import the fixes are really only present in
	NOTE: 2.4+20151223.gitfa8646d.1-1
CVE-2015-8269 (The API on Fisher-Price Smart Toy Bear devices allows remote attackers ...)
	NOT-FOR-US: Fisher-Price
CVE-2015-8268 (The up.time agent in Idera Uptime Infrastructure Monitor 7.5 and 7.6 ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-8267 (The PasswordReset.Controllers.ResetController.ChangePasswordIndex ...)
	NOT-FOR-US: Dovestones
CVE-2015-8266
	RESERVED
CVE-2015-8265 (Huawei Mobile WiFi E5151 routers with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-8264 (Untrusted search path vulnerability in F-Secure Online Scanner allows ...)
	NOT-FOR-US: F-Secure Online Scanner
CVE-2015-8263 (NETGEAR WNR1000v3 devices with firmware 1.0.2.68 use the same source ...)
	NOT-FOR-US: NETGEAR
CVE-2015-8262 (Buffalo WZR-600DHP2 devices with firmware 2.09, 2.13, and 2.16 use an ...)
	NOT-FOR-US: BUFFALO
CVE-2015-8261 (The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold ...)
	NOT-FOR-US: Ipswitch
CVE-2015-8260
	RESERVED
CVE-2015-8259
	RESERVED
CVE-2015-8258 (AXIS Communications products with firmware through 5.80.x allow remote ...)
	NOT-FOR-US: AXIS Communications
CVE-2015-8257 (The devtools.sh script in AXIS network cameras allows remote ...)
	NOT-FOR-US: Axis network cameras
CVE-2015-8256 (Multiple cross-site scripting (XSS) vulnerabilities in Axis network ...)
	NOT-FOR-US: Axis network cameras
CVE-2015-8255 (AXIS Communications products allow CSRF, as demonstrated by ...)
	NOT-FOR-US: AXIS Communications
CVE-2015-8254 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
	NOT-FOR-US: Frontel
CVE-2015-8253 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
	NOT-FOR-US: Frontel
CVE-2015-8252 (The Frontel protocol before 3 on RSI Video Technologies Videofied ...)
	NOT-FOR-US: Frontel
CVE-2015-8251 (OpenStage 60 and OpenScape Desk Phone IP 55G SIP V3, OpenStage 15, ...)
	NOT-FOR-US: OpenStage
CVE-2015-8250
	RESERVED
CVE-2015-8249 (The FileUploadServlet class in ManageEngine Desktop Central 9 before ...)
	NOT-FOR-US: ManageEngine Desktop Central
CVE-2015-8248
	REJECTED
CVE-2015-8247 (Cross-site scripting (XSS) vulnerability in synnefoclient in Synnefo ...)
	NOT-FOR-US: Synnefo
CVE-2015-8246
	RESERVED
CVE-2015-8245
	RESERVED
CVE-2015-8244
	RESERVED
CVE-2015-XXXX [ZF2015-09: Potential Information Disclosure and Insufficient Entropy vulnerability in Zend/Captcha/Word]
	- zendframework 1.12.17+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u5
	[wheezy] - zendframework 1.11.13-1.1+deb7u5
	[squeeze] - zendframework <no-dsa> (Minor issue)
	NOTE: security hardening
	NOTE: http://framework.zend.com/security/advisory/ZF2015-09
	NOTE: https://github.com/zendframework/zf1/commit/4a41392f89bf510a8ab801eacb117fe7ea25b575
CVE-2009-5149 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
	NOT-FOR-US: Arris hardware
CVE-2015-XXXX [Missing bounds checking and verification of data type causes segfault]
	- libmaxminddb 1.1.5-1 (bug #805657)
	NOTE: https://github.com/maxmind/libmaxminddb/commit/51255f113fe3c7b63ffe957636a7656a3ff9d1ff
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283919
CVE-2015-8308 (LXDM before 0.5.2 did not start X server with -auth, which allows ...)
	- lxdm 0.5.3-1 (bug #805659)
	NOTE: http://git.lxde.org/gitweb/?p=lxde/lxdm.git;a=commitdiff;h=e8f387089e241360bdc6955d3e479450722dcea3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268900
	NOTE: http://advisories.mageia.org/MGASA-2015-0411.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/20/2
CVE-2015-8243
	RESERVED
CVE-2015-8240 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, AAM, AFM, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8238
	RESERVED
CVE-2015-8237
	RESERVED
CVE-2015-8236 (Arista EOS before 4.11.12, 4.12 before 4.12.11, 4.13 before 4.13.14M, ...)
	NOT-FOR-US: Arista EOS
CVE-2015-8235 (Directory traversal vulnerability in Spiffy before 5.4. ...)
	- chicken 4.10.0-1
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
CVE-2015-8233 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
	NOT-FOR-US: Drupal theme
CVE-2015-8232 (The UC Profile module 6.x-1.x before 6.x-1.3 for Drupal does not ...)
	NOT-FOR-US: Drupal theme
CVE-2015-8231 (Huawei eSpace 7910 and 7950 IP phones with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-8230 (Memory leak in Huawei eSpace 8950 IP phones with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-8229 (Huawei eSpace U2980 unified gateway with software before V100R001C10 ...)
	NOT-FOR-US: Huawai
CVE-2015-8228 (Directory traversal vulnerability in the SFTP server in Huawei AR 120, ...)
	NOT-FOR-US: Huawai
CVE-2015-8227 (The built-in web server in Huawei VP9660 multi-point control unit with ...)
	NOT-FOR-US: Huawai
CVE-2015-8226 (The Joint Photographic Experts Group Processing Unit (JPU) driver in ...)
	NOT-FOR-US: Huawei
CVE-2015-8225 (The Joint Photographic Experts Group Processing Unit (JPU) driver in ...)
	NOT-FOR-US: Huawei
CVE-2015-8224 (Huawei P8 before GRA-CL00C92B210, before GRA-L09C432B200, before ...)
	NOT-FOR-US: Huawei
CVE-2015-8223 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B85, and ...)
	NOT-FOR-US: Huawei
CVE-2015-8222 (The lxd-unix.socket systemd unit file in the Ubuntu lxd package before ...)
	- lxd <itp> (bug #768073)
CVE-2015-8221 (Integer overflow in Google Picasa before 3.9.140 Build 259 allows ...)
	NOT-FOR-US: Google Picasa
CVE-2015-8220 (Stack-based buffer overflow in the URI handler in DWRCC.exe in ...)
	NOT-FOR-US: SolarWinds remote control
CVE-2015-8242 (The xmlSAX2TextNode function in SAX2.c in the push interface in the ...)
	- libxml2 2.9.3+dfsg1-1 (bug #805146)
	[jessie] - libxml2 <not-affected> (Vulnerable code introduced later)
	[wheezy] - libxml2 <not-affected> (Vulnerable code introduced later)
	[squeeze] - libxml2 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756372
	NOTE: Introduced by: https://git.gnome.org/browse/libxml2/commit/?id=826bc320206f70fccd2941a77d363e95e8076898 (v2.9.2-rc1)
	NOTE: Fixed by: https://git.gnome.org/browse/libxml2/commit/?id=8fb4a770075628d6441fb17a1e435100e2f3b1a2 (v2.9.3)
CVE-2015-8241 (The xmlNextChar function in libxml2 2.9.2 does not properly check the ...)
	{DSA-3430-1 DLA-355-1}
	- libxml2 2.9.3+dfsg1-1 (bug #806384)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756263
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=ab2b9a93ff19cedde7befbf2fcc48c6e352b6cbe
	NOTE: Introduced/Uncovered by https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (fix for CVE-2015-7941)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/17/5
CVE-2015-8239 (The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 ...)
	- sudo 1.8.17p1-1 (bug #805563)
	[jessie] - sudo <no-dsa> (Minor issue)
	[wheezy] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
	[squeeze] - sudo <not-affected> (Command digests are only supported by version 1.8.7 or higher)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/10/2
CVE-2015-8234 (The image signature algorithm in OpenStack Glance 11.0.0 allows remote ...)
	- glance <unfixed> (unimportant)
CVE-2015-8219 (The init_tile function in libavcodec/jpeg2000dec.c in FFmpeg before ...)
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=43492ff3ab68a343c1264801baa1d5a02de10167
CVE-2015-8218 (The decode_uncompressed function in libavcodec/faxcompr.c in FFmpeg ...)
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable feature not present)
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d4a731b84a08f0f3839eaaaf82e97d8d9c67da46
	NOTE: Vulnerability affects G3{1, 2}D code extensions feature, which is not present
	NOTE: in libav 0.8 and 9. branches: https://lists.debian.org/debian-lts/2017/12/msg00011.html
	NOTE: 11.x features G3 support, but the vulnerable code was introduced later
CVE-2015-8217 (The ff_hevc_parse_sps function in libavcodec/hevc_ps.c in FFmpeg ...)
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=93f30f825c08477fe8f76be00539e96014cc83c8
CVE-2015-8216 (The ljpeg_decode_yuv_scan function in libavcodec/mjpegdec.c in FFmpeg ...)
	- ffmpeg 7:2.8.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	NOTE: https://git.videolan.org/?p=ffmpeg.git;a=commit;h=d24888ef19ba38b787b11d1ee091a3d94920c76a
CVE-2015-8215 (net/ipv6/addrconf.c in the IPv6 stack in the Linux kernel before 4.0 ...)
	{DSA-3364-1 DLA-310-1}
	- linux 4.0.2-1
	- linux-2.6 <removed>
	NOTE: Patch for the kernel to harden against invalid MTUs: http://article.gmane.org/gmane.linux.network/351269
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=77751427a1ff25b27d47a4c36b12c3c8667855ac (v4.0-rc3)
CVE-2015-8214 (Siemens SIMATIC CP 343-1 Advanced devices before 3.0.44, CP 343-1 Lean ...)
	NOT-FOR-US: Siemens
CVE-2015-8213 (The get_format function in utils/formats.py in Django before 1.7.x ...)
	{DSA-3404-1 DLA-349-1}
	- python-django 1.8.7-1
	NOTE: https://github.com/django/django/commit/316bc3fc9437c5960c24baceb93c73f1939711e4 (master)
	NOTE: https://github.com/django/django/commit/8a01c6b53169ee079cb21ac5919fdafcc8c5e172 (1.7.x)
	NOTE: https://www.djangoproject.com/weblog/2015/nov/24/security-releases-issued/
CVE-2015-8212 (CGI handling flaw in bozohttpd in NetBSD 6.0 through 6.0.6, 6.1 ...)
	{DLA-490-1}
	- bozohttpd <removed>
	NOTE: FIX http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.79&r2=1.80&only_with_tag=MAIN
	NOTE: http://ftp.NetBSD.org/pub/NetBSD/security/advisories/NetBSD-SA2016-005.txt.asc
	NOTE: http://www.eterna.com.au/bozohttpd/CHANGES
	NOTE: http://www.eterna.com.au/bozohttpd/bozohttpd-20160415.tar.bz2
CVE-2015-8211
	REJECTED
CVE-2015-8210
	REJECTED
CVE-2015-8209
	REJECTED
CVE-2015-8208
	REJECTED
CVE-2015-8207
	REJECTED
CVE-2015-8206
	REJECTED
CVE-2015-8205
	REJECTED
CVE-2015-8204
	REJECTED
CVE-2015-8203
	REJECTED
CVE-2015-8202
	REJECTED
CVE-2015-8201
	REJECTED
CVE-2015-8200
	REJECTED
CVE-2015-8199
	REJECTED
CVE-2015-8198
	REJECTED
CVE-2015-8197
	REJECTED
CVE-2015-8196
	REJECTED
CVE-2015-8195
	REJECTED
CVE-2015-8194
	REJECTED
CVE-2015-8193
	REJECTED
CVE-2015-8192
	REJECTED
CVE-2015-8191
	REJECTED
CVE-2015-8190
	REJECTED
CVE-2015-8189
	REJECTED
CVE-2015-8188
	REJECTED
CVE-2015-8187
	REJECTED
CVE-2015-8186
	REJECTED
CVE-2015-8185
	REJECTED
CVE-2015-8184
	REJECTED
CVE-2015-8183
	REJECTED
CVE-2015-8182
	REJECTED
CVE-2015-8181
	REJECTED
CVE-2015-8180
	REJECTED
CVE-2015-8179
	REJECTED
CVE-2015-8178
	REJECTED
CVE-2015-8177
	REJECTED
CVE-2015-8175
	RESERVED
CVE-2015-8174
	RESERVED
CVE-2015-8173
	RESERVED
CVE-2015-8172
	RESERVED
CVE-2015-8171
	RESERVED
CVE-2015-8170
	RESERVED
CVE-2015-8169
	RESERVED
CVE-2015-8168
	RESERVED
CVE-2015-8167
	RESERVED
CVE-2015-8166
	RESERVED
CVE-2015-8165
	RESERVED
CVE-2015-8164
	RESERVED
CVE-2015-8163
	RESERVED
CVE-2015-8162
	RESERVED
CVE-2015-8161
	RESERVED
CVE-2015-8160
	RESERVED
CVE-2015-8159
	RESERVED
CVE-2015-8158 (The getresponse function in ntpq in NTP versions before 4.2.8p9 and ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2948
CVE-2015-8157 (SQL injection vulnerability in the Management Server in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2015-8156 (Unquoted Windows search path vulnerability in EEDService in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2015-8155
	REJECTED
CVE-2015-8154 (The SysPlant.sys driver in the Application and Device Control (ADC) ...)
	NOT-FOR-US: Symantec
CVE-2015-8153 (SQL injection vulnerability in Symantec Endpoint Protection Manager ...)
	NOT-FOR-US: Symantec
CVE-2015-8152 (Cross-site request forgery (CSRF) vulnerability in Symantec Endpoint ...)
	NOT-FOR-US: Symantec
CVE-2015-8151 (Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows ...)
	NOT-FOR-US: Symantec
CVE-2015-8150 (Symantec Encryption Management Server (SEMS) 3.3.2 before MP12 allows ...)
	NOT-FOR-US: Symantec
CVE-2015-8149 (The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 ...)
	NOT-FOR-US: Symantec
CVE-2015-8148 (The LDAP service in Symantec Encryption Management Server (SEMS) 3.3.2 ...)
	NOT-FOR-US: Symantec
CVE-2015-8145
	RESERVED
CVE-2015-8144
	RESERVED
CVE-2015-8143
	RESERVED
CVE-2015-8142
	RESERVED
CVE-2015-8141
	RESERVED
CVE-2015-8140 (The ntpq protocol in NTP before 4.2.8p7 allows remote attackers to ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and mitigation exists)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2947
	NOTE: Mitigated in 4.2.8p6
CVE-2015-8139 (ntpq in NTP before 4.2.8p7 allows remote attackers to obtain origin ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue, no code fix by upstream and mitigation exists)
	[wheezy] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2946
	NOTE: Mitigated in 4.2.8p6
CVE-2015-8138 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://www.talosintel.com/reports/TALOS-2016-0077/
	NOTE: https://github.com/ntp-project/ntp/commit/880191b72409a1965712999d248d70e6f7163af8
	NOTE: The upstream fix for this issue is reported to be incomplete:
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2945#c7
	NOTE: http://lists.ntp.org/pipermail/hackers/2016-January/007406.html
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#April_2016_NTP_4_2_8p7_Security
CVE-2015-8137
	RESERVED
CVE-2015-8136
	RESERVED
CVE-2015-8135
	REJECTED
CVE-2015-8134
	REJECTED
CVE-2015-8133
	REJECTED
CVE-2015-8132
	REJECTED
CVE-2015-8131 (Cross-site request forgery (CSRF) vulnerability in Elasticsearch ...)
	- kibana <itp> (bug #700337)
CVE-2015-8130
	RESERVED
CVE-2015-8129
	RESERVED
CVE-2015-8128
	RESERVED
CVE-2015-8127
	RESERVED
CVE-2013-7447 (Integer overflow in the gdk_cairo_set_source_pixbuf function in ...)
	{DLA-419-1}
	- gtk+2.0 2.24.30-1.1 (bug #799275)
	[jessie] - gtk+2.0 2.24.25-3+deb8u1
	[wheezy] - gtk+2.0 <no-dsa> (Minor issue; can be fixed via wheezy-pu)
	- gtk+3.0 3.10.7-1 (bug #818090)
	[wheezy] - gtk+3.0 3.4.2-7+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=703220
	NOTE: Fixed by: https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
CVE-2013-7446 (Use-after-free vulnerability in net/unix/af_unix.c in the Linux kernel ...)
	{DSA-3426-1 DLA-360-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273845
	NOTE: https://groups.google.com/forum/#!topic/syzkaller/3twDUI4Cpm8
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/18/9
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec0d215f9420564fc8286dcf93d2d068bb53a07e (v2.6.26-rc9)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7d267278a9ece963d77eefec61630223fce08c6c (v4.4-rc4)
CVE-2015-8317 (The xmlParseXMLDecl function in parser.c in libxml2 before 2.9.3 ...)
	{DSA-3430-1 DLA-355-1}
	- libxml2 2.9.2+zdfsg1-4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751631
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=709a952110e98621c9b78c4f26462a9d8333102e
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=751603
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9aa37588ee78a06ca1379a9d9356eab16686099c
CVE-2015-XXXX [Kernel: Unprivileged user can freeze journald]
	- linux <unfixed> (unimportant)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/systemd/systemd/issues/1822
	NOTE: Issue in Linux related to unprivileged CLONE_NEWUSER affecting systemd, but we disable unprivileged use by default
CVE-2015-8125 (Symfony 2.3.x before 2.3.35, 2.6.x before 2.6.12, and 2.7.x before ...)
	{DSA-3402-1}
	- symfony 2.7.7+dfsg-1
	NOTE: http://symfony.com/blog/cve-2015-8125-potential-remote-timing-attack-vulnerability-in-security-remember-me-service
	NOTE: https://github.com/symfony/symfony/pull/16630
CVE-2015-8124 (Session fixation vulnerability in the &quot;Remember Me&quot; login feature in ...)
	{DSA-3402-1}
	- symfony 2.7.7+dfsg-1
	NOTE: http://symfony.com/blog/cve-2015-8124-session-fixation-in-the-remember-me-login-feature
	NOTE: https://github.com/symfony/symfony/pull/16631
CVE-2015-8123
	RESERVED
CVE-2015-8122
	RESERVED
CVE-2015-8121
	RESERVED
CVE-2015-8120
	RESERVED
CVE-2015-8119
	RESERVED
CVE-2015-8118
	RESERVED
CVE-2015-8117
	RESERVED
CVE-2015-8116
	RESERVED
CVE-2015-8115
	RESERVED
CVE-2015-8114
	RESERVED
CVE-2015-8113 (Untrusted search path vulnerability in the client in Symantec Endpoint ...)
	NOT-FOR-US: Symantec
CVE-2015-8112
	RESERVED
CVE-2015-8111
	RESERVED
CVE-2015-8110 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
	NOT-FOR-US: Lenovo
CVE-2015-8109 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
	NOT-FOR-US: Lenovo
CVE-2015-8108 (The management interface in LenovoEMC EZ Media &amp; Backup (hm3), ...)
	NOT-FOR-US: LenovoEMC
CVE-2015-8107 (Format string vulnerability in GNU a2ps 4.14 allows remote attackers ...)
	- a2ps 1:4.14-1.2
	[wheezy] - a2ps <no-dsa> (Minor issue)
	[squeeze] - a2ps <no-dsa> (Minor issue)
CVE-2015-8106 (Format string vulnerability in the CmdKeywords function in funct1.c in ...)
	- latex2rtf 2.3.10-1 (unimportant; bug #805398)
	[wheezy] - latex2rtf <not-affected> (Vulnerable code introduced later)
	[squeeze] - latex2rtf <not-affected> (Vulnerable code introduced later)
	NOTE: keywords command support introduced in http://sourceforge.net/p/latex2rtf/code/1152
	NOTE: http://sourceforge.net/p/latex2rtf/code/1152/tree//trunk/funct1.c?diff=50900fed34309d3c639c868f:1151
	NOTE: latex2rtf compiled with -D_FORTIFY_SOURCE=2
	NOTE: Rendered non-exploitable by toolchain hardening
CVE-2015-8472 (Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, ...)
	{DSA-3443-1 DLA-410-1 DLA-375-1}
	- libpng <removed> (bug #807112)
	- libpng1.6 1.6.20-1 (bug #807112)
	NOTE: Fixed in 1.6.20, 1.5.25, 1.4.18, 1.2.55, and 1.0.65
	NOTE: https://github.com/glennrp/libpng/commit/7e1ca9ceba4e64259863efdd98bab9b55bdc0b9c
	NOTE: https://github.com/glennrp/libpng/commit/4488a96126bbefda51d07835411d8e847a88b2b7
	NOTE: https://github.com/glennrp/libpng/commit/ad224c6907e8a274f2679eae4c2e3085fdc7e8c8
CVE-2015-8126 (Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE ...)
	{DSA-3507-1 DSA-3399-1 DLA-410-1 DLA-343-1}
	- libpng 1.2.54-1 (bug #805113)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/12/2
	NOTE: Fixed in 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64
	NOTE: The original patch was incomplete, cf.
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/03/6
	NOTE: and fixed in new upstream versions 1.6.20, 1.5.25,
	NOTE: 1.4.18, 1.2.55, and 1.0.65
	- chromium-browser 49.0.2623.75-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-8105 (Cross-site scripting (XSS) vulnerability in program/js/app.js in ...)
	- roundcube 1.1.3+dfsg.1-1
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/roundcube/roundcubemail/issues/4900
	NOTE: Fixed by: https://github.com/roundcube/roundcubemail/commit/dd7db217979d6960f53b6544cf053d8c0db8c416
CVE-2015-XXXX [directory traversal in servefile]
	- servefile 0.4.4-1
	[jessie] - servefile <no-dsa> (Minor issue)
	[wheezy] - servefile <no-dsa> (Minor issue)
	NOTE: https://github.com/sebageek/servefile/commit/cd7eee21be3602ab6118a23eec8e2628d1a6488c
CVE-2015-8102
	RESERVED
CVE-2015-8101
	RESERVED
CVE-2015-8099 (F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8098 (F5 BIG-IP APM 11.4.1 before 11.4.1 HF9, 11.5.x before 11.5.3, and ...)
	NOT-FOR-US: BIG-IP
CVE-2015-8097
	RESERVED
CVE-2015-8096 (Integer overflow in Google Picasa 3.9.140 Build 239 and Build 248 ...)
	NOT-FOR-US: Google Picasa
CVE-2015-8095 (The recycle bin feature in the Monster Menus module 7.x-1.21 before ...)
	NOT-FOR-US: Monster Menus module for Drupal
CVE-2015-8094
	RESERVED
CVE-2015-8093
	RESERVED
CVE-2015-8092
	RESERVED
CVE-2015-8091
	REJECTED
CVE-2015-8090 (The Web Server component in TIBCO LogLogic Unity before 1.1.1 allows ...)
	NOT-FOR-US: TIBCO
CVE-2015-8104 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
	{DSA-3454-1 DSA-3426-1 DSA-3414-1 DLA-479-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-156.html
	NOTE: Upstream patch: https://lkml.org/lkml/2015/11/10/218
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbdb967af3d54993f5814f1cee0ed311a055377d
	- virtualbox 5.0.10-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2015-8100 (The net-snmp package in OpenBSD through 5.8 uses 0644 permissions for ...)
	- net-snmp <not-affected> (Specific to packaging in OpenBSD)
CVE-2015-8089 (The GPU driver in Huawei P7 phones with software P7-L00 before ...)
	NOT-FOR-US: Huawei
CVE-2015-8088 (Heap-based buffer overflow in the HIFI driver in Huawei Mate 7 phones ...)
	NOT-FOR-US: Huawei
CVE-2015-8087 (Huawei NE20E-S, NE40E-M, and NE40E-M2 routers with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-8086 (Huawei AR routers with software before V200R007C00SPC100; Quidway ...)
	NOT-FOR-US: Huawei
CVE-2015-8085 (Huawei AR routers with software before V200R007C00SPC100; Quidway ...)
	NOT-FOR-US: Huawei
CVE-2015-8084 (Huawei USG5500, USG2100, USG2200, and USG5100 unified security ...)
	NOT-FOR-US: Huawei
CVE-2015-8083 (An unspecified module in Huawei eSpace U1910, U1911, U1930, U1960, ...)
	NOT-FOR-US: Huawei
CVE-2015-8082 (The Login Disable module 6.x-1.x before 6.x-1.1 and 7.x-1.x before ...)
	NOT-FOR-US: Login Disable module for Drupal
CVE-2015-8081 (The Field as Block module 7.x-1.x before 7.x-1.4 for Drupal might ...)
	NOT-FOR-US: Field as Block module for Drupal
CVE-2015-8103 (The Jenkins CLI subsystem in Jenkins before 1.638 and LTS before ...)
	- jenkins <removed> (bug #804522)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-7501 (Red Hat JBoss A-MQ 6.x; BPM Suite (BPMS) 6.x; BRMS 6.x and 5.x; Data ...)
	- libcommons-collections3-java 3.2.2-1 (unimportant)
	[jessie] - libcommons-collections3-java 3.2.1-7+deb8u1
	[wheezy] - libcommons-collections3-java 3.2.1-5+deb7u1
	[squeeze] - libcommons-collections3-java 3.2.1-4+deb6u1
	NOTE: workaround entry to associate the squeeze-lts, wheezy- and jessie-security fixes with the
	NOTE: corresponding entry with unstable and the hardening change.
	- libcommons-collections4-java <unfixed> (unimportant)
	NOTE: severity unimportant since this is a hardening change, actual vulnerability relies in specific
	NOTE: https://issues.apache.org/jira/browse/COLLECTIONS-580
	NOTE: No CVE is expected to be assigned, cf http://www.openwall.com/lists/oss-security/2015/11/17/19
	NOTE: Patches for 3.2.x:
	NOTE: https://github.com/apache/commons-collections/commit/1642b00d67b96de87cad44223efb9ab5b4fb7be5
	NOTE: https://github.com/apache/commons-collections/commit/5ec476b0b756852db865b2e442180f091f8209ee
	NOTE: https://github.com/apache/commons-collections/commit/bce4d022f27a723fa0e0b7484dcbf0afa2dd210a
	NOTE: https://github.com/apache/commons-collections/commit/d9a00134f16d685bea11b2b12de824845e6473e3
	NOTE: Patches for 4.x:
	NOTE: https://github.com/apache/commons-collections/commit/e585cd0433ae4cfbc56e58572b9869bd0c86b611
	NOTE: https://github.com/apache/commons-collections/commit/da1a5fe00d79e1840b7e52317933e9eb56e88246
	NOTE: https://github.com/apache/commons-collections/commit/3eee44cf63b1ebb0da6925e98b3dcc6ef1e4d610
	NOTE: https://github.com/apache/commons-collections/commit/78d47d4d098ab814a7a00a0b1c81646b27f050cf
	NOTE: https://github.com/apache/commons-collections/commit/b2b8f4adc557e4ef1ee2fe5e0ab46866c06ec55b
CVE-2015-8079 (qt5-qtwebkit before 5.4 records private browsing URLs to its favicon ...)
	- qtwebkit <unfixed> (unimportant)
	NOTE: qtwebkit not covered by security support
CVE-2015-8080 (Integer overflow in the getnum function in lua_struct.c in Redis 2.8.x ...)
	{DSA-3412-1}
	- redis 2:3.0.5-4 (bug #804419)
	[wheezy] - redis <not-affected> (Vulnerable code not present)
	[squeeze] - redis <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/antirez/redis/issues/2855
CVE-2015-8078 (Integer overflow in the index_urlfetch function in imap/index.c in ...)
	- cyrus-imapd-2.4 2.4.18-4 (bug #804182)
	[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=6fb6a272171f49c79ba6ab7c6403eb25b39ec1b2
CVE-2015-8077 (Integer overflow in the index_urlfetch function in imap/index.c in ...)
	- cyrus-imapd-2.4 2.4.18-4 (bug #804182)
	[jessie] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	[wheezy] - cyrus-imapd-2.4 <not-affected> (Incomplete patch for CVE-2015-8076 not applied)
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=745e161c834f1eb6d62fc14477f51dae799e1e08
CVE-2015-8074 (mediaserver in Android before 5.1.1 LMY48X allows remote attackers to ...)
	NOT-FOR-US: Android
CVE-2015-8073 (mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote ...)
	NOT-FOR-US: Android
CVE-2015-8072 (mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 ...)
	NOT-FOR-US: Android
CVE-2015-8071 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8070 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8069 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8068 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8067 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8066 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8065 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8064 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8063 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8062 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8061 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8060 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8059 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8058 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8057 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8056 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8055 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8054
	RESERVED
CVE-2015-8053 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2015-8052 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2015-8051 (The Adobe Premiere Clip app before 1.2.1 for iOS mishandles ...)
	NOT-FOR-US: Adobe Pemiere Clip
CVE-2015-8050 (Use-after-free vulnerability in the MovieClip object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8049 (Use-after-free vulnerability in the TextField object implementation in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8048 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8047 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8046 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8045 (Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8044 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8043 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8042 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-8040 (The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2015-8039 (Samsung SmartViewer allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2015-8038 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
	NOT-FOR-US: Fortinet
CVE-2015-8037 (Multiple cross-site scripting (XSS) vulnerabilities in the Graphical ...)
	NOT-FOR-US: Fortinet
CVE-2015-8036 (Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x ...)
	{DSA-3468-1}
	- mbedtls <not-affected> (Fixed before the initial release to Debian)
	[experimental] - polarssl 1.3.14-0.1
	- polarssl <unfixed>
	[wheezy] - polarssl <not-affected> (Vulnerable code introduced later)
	[squeeze] - polarssl <not-affected> (Vulnerable code introduced later)
	NOTE: support for session tickets added in 1.3.0.
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-8034 (The state.sls function in Salt before 2015.8.3 uses weak permissions ...)
	- salt 2015.8.3+ds-1 (bug #807356)
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: For jessie: /var/cache/salt/minion is created with restricted permissions on
	NOTE: first start of salt-minion in verify_env mitigating the issue, cf.
	NOTE: https://sources.debian.org/src/salt/2014.1.13%2Bds-3/salt/utils/verify.py/#L207
	NOTE: https://github.com/cachedout/salt/commit/097838ec0c52b1e96f7f761e5fb3cd7e79808741
	NOTE: https://github.com/saltstack/salt/issues/28455
CVE-2014-9755 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...)
	NOT-FOR-US: Viprinet
CVE-2014-9754 (The hardware VPN client in Viprinet MultichannelVPN Router 300 version ...)
	NOT-FOR-US: Viprinet
CVE-2015-8075
	REJECTED
CVE-2015-8033
	RESERVED
CVE-2015-8032
	RESERVED
CVE-2015-8035 (The xz_decomp function in xzlib.c in libxml2 2.9.1 does not properly ...)
	{DSA-3430-1}
	- libxml2 2.9.3+dfsg1-1 (bug #803942)
	[squeeze] - libxml2 <not-affected> (No LZMA/XZ support in version 2.7.8)
	NOTE: Upstream patch: https://git.gnome.org/browse/libxml2/commit/?id=f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (v2.9.3)
	NOTE: You can use "xmllint --version" to verify if libxml2 is compiled with "Lzma" support.
	NOTE: sid's 2.9.2+zdfsg1-4 claims to have "Lzma" support but it's broken in fact...
	NOTE: so it barfs on the problematic file (parser error : Start tag expected,
	NOTE: '<' not found) even though it does not have the fix yet. The next upstream
	NOTE: release will fix this issue and will restore XZ support.
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/02/2
CVE-2015-7984 (Multiple cross-site request forgery (CSRF) vulnerabilities in Horde ...)
	{DSA-3391-1}
	- php-horde 5.2.8+debian0-1 (bug #803641)
	NOTE: https://www.htbridge.com/advisory/HTB23272
	NOTE: https://github.com/horde/horde/commit/a199d74932c902844514b2a83d21e7e221257dae
	NOTE: http://lists.horde.org/archives/dev/Week-of-Mon-20141201/028821.html
CVE-2015-8031
	RESERVED
CVE-2015-8030 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2015-8029 (SAP 3D Visual Enterprise Viewer (VEV) allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2015-8028 (Multiple buffer overflows in SAP 3D Visual Enterprise Viewer (VEV) ...)
	NOT-FOR-US: SAP
CVE-2015-8027 (Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 ...)
	- nodejs 4.2.3~dfsg-1 (bug #806385)
	[jessie] - nodejs <not-affected> (0.10 series not affected)
	NOTE: https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
CVE-2015-8024 (McAfee Enterprise Security Manager (ESM), Enterprise Security ...)
	NOT-FOR-US: McAfee
CVE-2015-8023 (The server implementation of the EAP-MSCHAPv2 protocol in the ...)
	{DSA-3398-1 DLA-345-1}
	- strongswan 5.3.3-3
	NOTE: https://www.strongswan.org/blog/2015/11/16/strongswan-vulnerability-%28cve-2015-8023%29.html
CVE-2015-8022 (The Configuration utility in F5 BIG-IP LTM, Analytics, APM, ASM, GTM, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8021 (Incomplete blacklist vulnerability in the Configuration utility in F5 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-8020 (Clustered Data ONTAP versions 8.0, 8.3.1, and 8.3.2 contain a default ...)
	NOT-FOR-US: Clustered Data ONTAP
CVE-2015-8018
	RESERVED
CVE-2015-8017
	RESERVED
CVE-2015-8016
	RESERVED
CVE-2015-8015
	RESERVED
CVE-2015-8014
	RESERVED
CVE-2015-8009 (The MWOAuthDataStore::lookup_token function in Extension:OAuth for ...)
	NOT-FOR-US: Mediawiki extension OAuth
CVE-2015-8008 (The OAuth extension for MediaWiki improperly negotiates a new client ...)
	NOT-FOR-US: Mediawiki extension OAuth
CVE-2015-8007 (The Echo extension for MediWiki does not properly implement the ...)
	NOT-FOR-US: Mediawiki extension Echo
CVE-2015-8006 (Cross-site scripting (XSS) vulnerability in the PageTriage toolbar in ...)
	NOT-FOR-US: Mediawiki extension PageTriage
CVE-2015-XXXX [iptables-persistent minor local info leak]
	- iptables-persistent 1.0.4 (low; bug #764645)
	[jessie] - iptables-persistent 1.0.3+deb8u1
	[wheezy] - iptables-persistent 0.5.7+deb7u1
	[squeeze] - iptables-persistent <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2016/01/05/5
CVE-2015-XXXX
	- cinnamon-settings-daemon 2.8.3-1 (low)
	[jessie] - cinnamon-settings-daemon 2.2.4.repack-7+deb8u1
	NOTE: https://github.com/linuxmint/cinnamon-settings-daemon/commit/ac5e0be8c1817616dbdb056b6881cfc4660f57a8
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/28/3
CVE-2015-8025 (driver/subprocs.c in XScreenSaver before 5.34 does not properly ...)
	{DSA-3438-1 DLA-338-1}
	- xscreensaver 5.34-1 (bug #802914)
	NOTE: http://pkgs.fedoraproject.org/cgit/xscreensaver.git/plain/xscreensaver-5.33-0002-Modify-sigchld_hander-in_signal_hander_p-mechanism.patch?id=b57f59f3482fedf70ce7a3541094e2512290139f
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1274452
CVE-2015-8005 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T108616
CVE-2015-8004 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T95589
CVE-2015-8003 (MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T91850
CVE-2015-8002 (The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T91205
CVE-2015-8001 (The chunked upload API (ApiUpload) in MediaWiki before 1.23.11, 1.24.x ...)
	- mediawiki 1:1.25.5-1
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T91203
CVE-2015-8000 (db.c in named in ISC BIND 9.x before 9.9.8-P2 and 9.10.x before ...)
	{DSA-3420-1 DLA-370-1}
	- bind9 1:9.9.5.dfsg-12.1 (bug #808081)
	NOTE: https://kb.isc.org/article/AA-01317
CVE-2015-7999 (Multiple SQL injection vulnerabilities in the Administration Web UI ...)
	NOT-FOR-US: Citrix
CVE-2015-7998 (The administration UI in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix
CVE-2015-7997 (Multiple cross-site scripting (XSS) vulnerabilities in the Nitro API ...)
	NOT-FOR-US: Citrix
CVE-2015-7996 (The Nitro API in Citrix NetScaler Application Delivery Controller ...)
	NOT-FOR-US: Citrix
CVE-2015-7994 (The SQL interface in SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7993 (The Extended Application Services (aka XS or XS Engine) in SAP HANA DB ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7992 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7991 (The Web Dispatcher service in SAP HANA DB 1.00.73.00.389160 ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7988 (The handle_regservice_request function in mDNSResponder before ...)
	NOT-FOR-US: mDNSResponder
CVE-2015-7987 (Multiple buffer overflows in mDNSResponder before 625.41.2 allow ...)
	NOT-FOR-US: mDNSResponder
CVE-2015-7986 (The index server (hdbindexserver) in SAP HANA 1.00.095 allows remote ...)
	NOT-FOR-US: SAP
CVE-2015-7985 (Valve Steam 2.10.91.91 uses weak permissions (Users: read and write) ...)
	- steam <not-affected> (specific to the steam installor on windows)
CVE-2015-8019 (The skb_copy_and_csum_datagram_iovec function in net/core/datagram.c ...)
	- linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/11
	NOTE: Only for all stable kernels before v3.19 which have backported commit
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=89c22d8c3b278212eef6a8cc66b570bc840a6f5a
	NOTE: but are lacking the ioviter conversion.
CVE-2015-7983
	RESERVED
CVE-2015-7982
	RESERVED
CVE-2015-7980 (Cross-site scripting (XSS) vulnerability in the Compass Rose module ...)
	NOT-FOR-US: Drupal addon Compass Rose
CVE-2015-7990 (Race condition in the rds_sendmsg function in net/rds/sendmsg.c in the ...)
	{DSA-3396-1 DLA-360-1}
	- linux 4.2.6-1
	- linux-2.6 <removed>
	NOTE: https://lkml.org/lkml/2015/10/16/530
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/5
CVE-2015-7979 (NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote attackers to ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2942
	NOTE: https://github.com/ntp-project/ntp/commit/fe46889f7baa75fc8e6c0fcde87706d396ce1461
CVE-2015-7978 (NTP before 4.2.8p6 and 4.3.0 before 4.3.90 allows a remote attackers ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2940
	NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
CVE-2015-7977 (ntpd in NTP before 4.2.8p6 and 4.3.x before 4.3.90 allows remote ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2939
	NOTE: https://github.com/ntp-project/ntp/commit/8a0c765f3c47633fa262356b0818788d1cf249b1
CVE-2015-7976 (The ntpq saveconfig command in NTP 4.1.2, 4.2.x before 4.2.8p6, 4.3, ...)
	- ntp 1:4.2.8p7+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue, mitigation exists)
	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2938
	NOTE: https://github.com/ntp-project/ntp/commit/3680c2e4d5f88905ce062c7b43305d610a2c9796
	NOTE: https://github.com/ntp-project/ntp/commit/7fe04606062ed674db3b9553d32dedad29504d61
CVE-2015-7975 (The nextvar function in NTP before 4.2.8p6 and 4.3.x before 4.3.90 ...)
	- ntp 1:4.2.8p7+dfsg-1
	[jessie] - ntp <not-affected> (Introduced in 4.2.8)
	[wheezy] - ntp <not-affected> (Introduced in 4.2.8)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2937
CVE-2015-7974 (NTP 4.x before 4.2.8p6 and 4.3.x before 4.3.90 do not verify peer ...)
	{DSA-3629-1 DLA-559-1}
	- ntp 1:4.2.8p7+dfsg-1 (low)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2936
CVE-2015-7973 (NTP before 4.2.8p6 and 4.3.x before 4.3.90, when configured in ...)
	- ntp 1:4.2.8p7+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
	[wheezy] - ntp <no-dsa> (Minor issue, can be fixed along in a future update)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#January_2016_NTP_4_2_8p6_Securit
	NOTE: http://support.ntp.org/bin/view/Main/NtpBug2935
CVE-2015-7972 (The (1) libxl_set_memory_target function in tools/libxl/libxl.c and ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-153.html
CVE-2015-7971 (Xen 3.2.x through 4.6.x does not limit the number of printk console ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-152.html
CVE-2015-7970 (The p2m_pod_emergency_sweep function in arch/x86/mm/p2m-pod.c in Xen ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-150.html
CVE-2015-7969 (Multiple memory leaks in Xen 4.0 through 4.6.x allow local guest ...)
	{DSA-3414-1 DLA-479-1}
	- xen 4.6.0-1
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-149.html
	NOTE: http://xenbits.xen.org/xsa/advisory-151.html
CVE-2015-7968
	RESERVED
CVE-2015-7967 (SafeNet Authentication Service for Citrix Web Interface Agent uses a ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7966 (SafeNet Authentication Service Windows Logon Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7965 (SafeNet Authentication Service Windows Logon Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7964 (SafeNet Authentication Service for NPS Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7963 (SafeNet Authentication Service for AD FS Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7962 (SafeNet Authentication Service for Outlook Web App Agent uses a weak ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7961 (SafeNet Authentication Service Remote Web Workplace Agent uses a weak ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7960
	REJECTED
CVE-2015-7959
	REJECTED
CVE-2015-7958
	REJECTED
CVE-2015-7957
	REJECTED
CVE-2015-7956
	REJECTED
CVE-2015-7955
	RESERVED
CVE-2015-7954
	RESERVED
CVE-2015-7953
	RESERVED
CVE-2015-7952
	RESERVED
CVE-2015-7951
	RESERVED
CVE-2015-7950
	RESERVED
CVE-2015-7949
	RESERVED
CVE-2015-7948
	RESERVED
CVE-2015-7947
	RESERVED
CVE-2015-7946
	RESERVED
CVE-2015-7945 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti ...)
	{DSA-3431-1}
	- ganeti 2.15.2-1 (bug #809538)
	[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
	NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=09fb8fc73c5fe33756cc63036d121b3d6dfa3f64
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6e94ad76446904961744f9b0826414a5e4120693
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6d44be24c50944fc35de7a490bc836938a82e1df
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=6f9ba80f8312d5607da70841f698c49000a31126
CVE-2015-7944 (The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti ...)
	{DSA-3431-1}
	- ganeti 2.15.2-1 (bug #809537)
	[squeeze] - ganeti <end-of-life> (Depends on KVM/Xen, unsupported in Squeeze LTS)
	NOTE: http://www.ocert.org/advisories/ocert-2015-012.html
	NOTE: http://git.ganeti.org/?p=ganeti.git;a=commit;h=201fcb916b8164c78f4ed8e0c9cfc0227a78684c
CVE-2015-XXXX [busybox: pointer misuse unziping files]
	- busybox 1:1.27.2-1 (bug #803097)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox 1:1.17.1-8+deb6u11
	NOTE: workaround entry for DLA-337-1 until/if CVE assigned
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/25/3
	NOTE: http://git.busybox.net/busybox/commit/?id=1de25a6e87e0e627aa34298105a3d17c60a1f44e
CVE-2015-7995 (The xsltStylePreCompute function in preproc.c in libxslt 1.1.28 does ...)
	{DSA-3605-1 DLA-514-1}
	- libxslt 1.1.28-2.1 (bug #802971)
	[squeeze] - libxslt <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1257962
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/27/10
	NOTE: https://git.gnome.org/browse/libxslt/commit/?id=7ca19df892ca22d9314e95d59ce2abdeff46b617 (v1.1.29-rc1)
CVE-2015-8982 (Integer overflow in the strxfrm function in the GNU C Library (aka ...)
	- glibc 2.21-1 (bug #803927)
	[jessie] - glibc 2.19-18+deb8u2
	[wheezy] - eglibc 2.13-38+deb7u9
	- eglibc <removed>
	[squeeze] - eglibc 2.11.3-4+deb6u8
	NOTE: workaround entry for DLA-350-1 until/if CVE assigned
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16009
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=0f9e585480ed
	NOTE: http://openwall.com/lists/oss-security/2015/09/08/2
CVE-2015-8026 (Heap-based buffer overflow in the verify_vbr_checksum function in ...)
	- exfat-utils 1.2.1-1
	[jessie] - exfat-utils 1.1.0-2+deb8u1
	[wheezy] - exfat-utils 0.9.7-2+deb7u1
	- fuse-exfat 1.2.1-1
	[jessie] - fuse-exfat 1.1.0-2+deb8u1
	[wheezy] - fuse-exfat 0.9.7-2+deb7u1
	NOTE: https://github.com/relan/exfat/issues/5
	NOTE: https://crashes.fuzzing-project.org/exfatfsck-heap-overflow-write-verify_vbr_checksum
	NOTE: https://github.com/relan/exfat/commit/2e86ae5f81da11f11673d0546efb525af02b7786
CVE-2015-XXXX [Endlees loop issue]
	- exfat-utils 1.2.1-1
	[jessie] - exfat-utils 1.1.0-2+deb8u1
	[wheezy] - exfat-utils 0.9.7-2+deb7u1
	- fuse-exfat 1.2.1-1
	[jessie] - fuse-exfat 1.1.0-2+deb8u1
	[wheezy] - fuse-exfat 0.9.7-2+deb7u1
	NOTE: https://github.com/relan/exfat/issues/6
	NOTE: https://crashes.fuzzing-project.org/exfatfsck-endless-loop
	NOTE: https://github.com/relan/exfat/commit/35a1f77f9be2d8b21731f758baba4334935bf18b
	NOTE: will possibly not get a CVE, cf. http://www.openwall.com/lists/oss-security/2015/10/29/13
CVE-2015-8010 (Cross-site scripting (XSS) vulnerability in the Classic-UI with the ...)
	- icinga 1.13.3-3 (bug #803432)
	[jessie] - icinga <no-dsa> (Minor issue)
	[wheezy] - icinga <no-dsa> (Minor issue)
	[squeeze] - icinga <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://dev.icinga.org/issues/593 in 1.3.
	NOTE: Upstream issue: https://dev.icinga.org/issues/10453
	NOTE: Upstream fix: https://dev.icinga.org/projects/icinga-core/repository/revisions/5c816f5d9352c373e9dadb95b63612a96cf96dff
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/23/15
CVE-2015-7981 (The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before ...)
	{DSA-3399-1 DLA-343-1}
	- libpng 1.2.54-1 (bug #803078)
	NOTE: http://sourceforge.net/p/libpng/bugs/241/
	NOTE: http://sourceforge.net/p/libpng/code/ci/fbf0f024346ca0a4ffc64b082a95c6b6bb6d29c4/
CVE-2015-7939 (Heap-based buffer overflow in Unitronics VisiLogic OPLC IDE before ...)
	NOT-FOR-US: Unitronics
CVE-2015-7938 (Advantech EKI-132x devices with firmware before 2015-12-31 allow ...)
	NOT-FOR-US: Advantech
CVE-2015-7937 (Stack-based buffer overflow in the GoAhead Web Server on Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-7936 (Cross-site request forgery (CSRF) vulnerability in Motorola Solutions ...)
	NOT-FOR-US: Motorola Solutions MOSCAD IP Gateway
CVE-2015-7935 (Motorola Solutions MOSCAD IP Gateway allows remote attackers to read ...)
	NOT-FOR-US: Motorola Solutions MOSCAD IP Gateway
CVE-2015-7934 (The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station ...)
	NOT-FOR-US: Adcon
CVE-2015-7933
	RESERVED
CVE-2015-7932 (Adcon Telemetry A840 Telemetry Gateway Base Station allows remote ...)
	NOT-FOR-US: Adcon
CVE-2015-7931 (The Java client in Adcon Telemetry A840 Telemetry Gateway Base Station ...)
	NOT-FOR-US: Adcon
CVE-2015-7930 (Adcon Telemetry A840 Telemetry Gateway Base Station has hardcoded ...)
	NOT-FOR-US: Adcon
CVE-2015-7929 (eWON devices with firmware through 10.1s0 support unspecified GET ...)
	NOT-FOR-US: eWON devices
CVE-2015-7928 (eWON devices with firmware before 10.1s0 do not have an off ...)
	NOT-FOR-US: eWON devices
CVE-2015-7927 (Cross-site scripting (XSS) vulnerability on eWON devices with firmware ...)
	NOT-FOR-US: eWON devices
CVE-2015-7926 (eWON devices with firmware before 10.1s0 omit RBAC for I/O server ...)
	NOT-FOR-US: eWON devices
CVE-2015-7925 (Cross-site request forgery (CSRF) vulnerability on eWON devices with ...)
	NOT-FOR-US: eWON devices
CVE-2015-7924 (eWON devices with firmware before 10.1s0 do not trigger the discarding ...)
	NOT-FOR-US: eWON devices
CVE-2015-7923 (Westermo WeOS before 4.19.0 uses the same SSL private key across ...)
	NOT-FOR-US: Westermo
CVE-2015-7922
	REJECTED
CVE-2015-7921 (The FTP server in Pro-face GP-Pro EX EX-ED before 4.05.000, PFXEXEDV ...)
	NOT-FOR-US: Pro-face GP-Pro EX EX-ED
CVE-2015-7920
	REJECTED
CVE-2015-7919 (SearchBlox 8.3 before 8.3.1 allows remote attackers to write to the ...)
	NOT-FOR-US: SearchBlox
CVE-2015-7918 (Multiple buffer overflows in the F1BookView ActiveX control in F1 ...)
	NOT-FOR-US: F1BookView
CVE-2015-7917 (Untrusted search path vulnerability in Open Automation OPC Systems.NET ...)
	NOT-FOR-US: Open Automation OPC Systems.NET
CVE-2015-7916 (Cross-site scripting (XSS) vulnerability in Sauter EY-WS505F0x0 ...)
	NOT-FOR-US: Sauter
CVE-2015-7915 (Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 sends cleartext ...)
	NOT-FOR-US: Sauter
CVE-2015-7914 (Sauter EY-WS505F0x0 moduWeb Vision before 1.6.0 allows remote ...)
	NOT-FOR-US: Sauter
CVE-2015-7913 (ag_server_service.exe in the AggreGate Server Service in Tibbo ...)
	NOT-FOR-US: AggreGate
CVE-2015-7912 (The Ice Faces servlet in ag_server_service.exe in the AggreGate Server ...)
	NOT-FOR-US: AggreGate
CVE-2015-7911 (Saia Burgess PCD1.M0xx0, PCD1.M2xx0, PCD2.M5xx0, PCD3.Mxx60, ...)
	NOT-FOR-US: Saia Burgess devices
CVE-2015-7910 (Exemys Telemetry Web Server relies on an HTTP Location header to ...)
	NOT-FOR-US: Exemys
CVE-2015-7909 (Stack-based buffer overflow in Hospira Communication Engine (CE) ...)
	NOT-FOR-US: Hospira
CVE-2015-7908 (Honeywell Midas gas detectors before 1.13b3 and Midas Black gas ...)
	NOT-FOR-US: Honeywell Midas gas detectors and Midas Black gas detectors
CVE-2015-7907 (Directory traversal vulnerability in the web server on Honeywell Midas ...)
	NOT-FOR-US: Honeywell Midas gas detectors and Midas Black gas detectors
CVE-2015-7906 (LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices ...)
	NOT-FOR-US: LOYTEC LIP-3ECTB 6.0.1, LINX-100, LVIS-3E100, and LIP-ME201 devices
CVE-2015-7905 (Unitronics VisiLogic OPLC IDE before 9.8.02 allows remote attackers to ...)
	NOT-FOR-US: Unitronics
CVE-2015-7904 (Unrestricted file upload vulnerability in Infinite Automation Mango ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7903 (SQL injection vulnerability in Infinite Automation Mango Automation ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7902 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7901 (Infinite Automation Mango Automation 2.5.x and 2.6.x through 2.6.0 ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7900 (Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 ...)
	NOT-FOR-US: Mango Automation
CVE-2015-7898 (Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a ...)
	NOT-FOR-US: Samsung
CVE-2015-7897 (The media scanning functionality in the face recognition library in ...)
	NOT-FOR-US: Samsung
CVE-2015-7896 (LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows ...)
	NOT-FOR-US: Samsung
CVE-2015-7895 (Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a ...)
	NOT-FOR-US: Samsung
CVE-2015-7894 (The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V ...)
	NOT-FOR-US: Samsung
CVE-2015-7893 (SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, ...)
	NOT-FOR-US: Samsung
CVE-2015-7892
	RESERVED
CVE-2015-7891 (Race condition in the ioctl implementation in the Samsung Graphics 2D ...)
	NOT-FOR-US: Samsung Graphics 2D driver on Samsung devices with Android
CVE-2015-7890
	RESERVED
CVE-2015-7889 (The SecEmailComposer/EmailComposer application in the Samsung S6 Edge ...)
	NOT-FOR-US: Samsung
CVE-2015-7888 (Directory traversal vulnerability in the WifiHs20UtilityService on the ...)
	NOT-FOR-US: WifiHs20UtilityService on Samsung S6 Edge LRX22G.G925VVRU1AOE2
CVE-2015-7887 (NetApp SnapCenter Server 1.0 allows remote authenticated users to list ...)
	NOT-FOR-US: NetApp SnapCenter Server
CVE-2015-7886 (NetApp Data ONTAP before 8.2.4P1, when 7-Mode and HTTP access are ...)
	NOT-FOR-US: NetApp
CVE-2015-7899 (The com_content component in Joomla! 3.x before 3.4.5 does not ...)
	NOT-FOR-US: Joomla
CVE-2015-7883
	RESERVED
CVE-2015-7882
	RESERVED
CVE-2015-7881 (The Colorbox module 7.x-2.x before 7.x-2.10 for Drupal allows remote ...)
	NOT-FOR-US: Colorbox module for Drupal
CVE-2015-7880 (The Entity Registration module 7.x-1.x before 7.x-1.5 for Drupal ...)
	NOT-FOR-US: Entity Registration module for Drupal
CVE-2015-7879 (Cross-site scripting (XSS) vulnerability in the Stickynote module 7.x ...)
	NOT-FOR-US: Stickynote module for Drupal
CVE-2015-7878 (Cross-site scripting (XSS) vulnerability in the Taxonomy Find module ...)
	NOT-FOR-US: Taxonomy Find module for Drupal
CVE-2015-7877 (Multiple SQL injection vulnerabilities in the User Dashboard module ...)
	NOT-FOR-US: User Dashboard module for Drupal
CVE-2015-7876 (The escapeLike function in sqlsrv/database.inc in the Drupal 7 driver ...)
	NOT-FOR-US: Driver for SQL Server and SQL Azure module for Drupal
CVE-2015-7875 (ctools 6.x-1.x before 6.x-1.14 and 7.x-1.x before 7.x-1.8 in Drupal ...)
	NOT-FOR-US: Ctools module for Drupal
CVE-2015-7874
	RESERVED
CVE-2015-7873 (The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 ...)
	{DSA-3382-1}
	- phpmyadmin 4:4.5.1-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-7943 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
	{DLA-548-1}
	- drupal7 7.41-1
	[jessie] - drupal7 7.32-1+deb8u9
	NOTE: https://www.drupal.org/SA-CORE-2015-004
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/21/6
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=9f72251c9291b5613acb9ca4ea7a51b4739e3f93
CVE-2015-7885 (The dgnc_mgmt_ioctl function in drivers/staging/dgnc/dgnc_mgmt.c in ...)
	- linux 4.4.2-1 (unimportant)
	NOTE: dgnc driver not built
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=4b6184336ebb5c8dc1eae7f7ab46ee608a748b05
CVE-2015-7884 (The vivid_fb_ioctl function in ...)
	- linux 4.2.6-1
	[jessie] - linux <not-affected> (Vulnerable code not present)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eda98796aff0d9bf41094b06811f5def3b4c333c (v4.4-rc1)
CVE-2015-7871 (Crypto-NAK packets in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/aa44b5835d69d8ee031736bb8ee2730a514edb7d
CVE-2015-7870
	RESERVED
CVE-2015-7869 (Multiple integer overflows in the kernel mode driver for the NVIDIA ...)
	- nvidia-graphics-drivers 352.63-1 (bug #805917)
	[jessie] - nvidia-graphics-drivers 340.96-1
	[wheezy] - nvidia-graphics-drivers 304.131-1
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-340xx 340.96-1 (bug #805919)
	- nvidia-graphics-drivers-legacy-304xx 304.131-2 (bug #805918)
	[jessie] - nvidia-graphics-drivers-legacy-304xx <no-dsa> (Non-free not supported)
CVE-2015-7868
	RESERVED
CVE-2015-7867
	RESERVED
CVE-2015-7866 (Unquoted Windows search path vulnerability in the Smart Maximize ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2015-7865 (nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA ...)
	NOT-FOR-US: NVIDIA drivers for Windows
CVE-2015-7864
	RESERVED
CVE-2015-7863 (The default configuration of Persistent Accelerite Radia Client ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7862 (Persistent Accelerite Radia Client Automation (formerly HP Client ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7861 (Persistent Accelerite Radia Client Automation (formerly HP Client ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7860 (Stack-based buffer overflow in the agent in Persistent Accelerite ...)
	NOT-FOR-US: Persistent Accelerite Radia
CVE-2015-7859 (The com_contenthistory component in Joomla! 3.2 before 3.4.5 does not ...)
	NOT-FOR-US: Joomla
CVE-2015-7858 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2015-7857 (SQL injection vulnerability in the getListQuery function in ...)
	NOT-FOR-US: Joomla
CVE-2015-7856 (OpenNMS has a default password of rtc for the rtc account, which makes ...)
	NOT-FOR-US: OpenNMS
CVE-2015-7855 (The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/ba716a464ecb20618560075f2e4e1051e5b6f24f
CVE-2015-7854 (Buffer overflow in the password management functionality in NTP 4.2.x ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/1bb401576f412532d8cdcca5509b85ad29605913
CVE-2015-7853 (The datalen parameter in the refclock driver in NTP 4.2.x before ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.8p1-beta3)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/8482b536f9494a5d45196ab5b7e13040f5940261
CVE-2015-7852 (ntpq in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/07a5b8141e354a998a52994c3c9cd547927e56ce
CVE-2015-7851
	RESERVED
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <no-dsa> (Vulnerability only affects VMS)
	[wheezy] - ntp <no-dsa> (Vulnerability only affects VMS)
	[squeeze] - ntp <no-dsa> (Vulnerability only affects VMS)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/184516e143ce4448ddb5b9876dd372008cc779f6
CVE-2015-7850 (ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/bb928ef08eec020ef6008f3a140702ccc0536b8e
CVE-2015-7849 (Use-after-free vulnerability in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p262)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/9c22e66c8f2be6aa0c846f0d9804db20f93c105d
CVE-2015-7848 (An integer overflow can occur in NTP-dev.4.3.70 leading to an ...)
	- ntp 1:4.2.8p4+dfsg-1
	[jessie] - ntp <not-affected> (Bug introduced in 4.2.7p131)
	[wheezy] - ntp <not-affected> (Bug introduced in 4.2.7p131)
	[squeeze] - ntp <not-affected> (Bug introduced in 4.2.7p131)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/c04c3d3d940dfe1a53132925c4f51aef017d2e0f
CVE-2015-7847 (Huawei MBB (Mobile Broadband) product E3272s with software versions ...)
	NOT-FOR-US: Huawei
CVE-2015-7846 (Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, ...)
	NOT-FOR-US: Huawei
CVE-2015-7845 (The exception handling mechanism in the CLI Module in Huawei eSpace ...)
	NOT-FOR-US: Huawei
CVE-2015-7844 (Huawei FusionAccess with software V100R005C10,V100R005C20 could allow ...)
	NOT-FOR-US: Huawei
CVE-2015-7843 (The management interface on Huawei FusionServer rack servers RH2288 V3 ...)
	NOT-FOR-US: Huawei
CVE-2015-7842 (Huawei FusionServer rack servers RH2288 V3 with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-7841 (The login page of the server on Huawei FusionServer rack servers ...)
	NOT-FOR-US: Huawei
CVE-2015-7872 (The key_gc_unused_keys function in security/keys/gc.c in the Linux ...)
	{DSA-3396-1}
	- linux 4.2.5-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272371
	NOTE: Prerequisite for Fedora patches: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=94c4554ba07adbdde396748ee7ae01e86cf2d8d7
	NOTE: Patches from Fedora: http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?id=d76d5fe34b5c151ad83761160998b1075729b541
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61 (v4.3-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/20/5
CVE-2015-8013 (s2k.js in OpenPGP.js will decrypt arbitrary messages regardless of ...)
	- libjs-openpgp <itp> (bug #787774)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/7
CVE-2015-7840 (The command line management console (CMC) in SolarWinds Log and Event ...)
	NOT-FOR-US: SolarWinds
CVE-2015-7839 (SolarWinds Log and Event Manager (LEM) allows remote attackers to ...)
	NOT-FOR-US: SolarWinds
CVE-2015-7838 (ProcessFileUpload.jsp in SolarWinds Storage Manager before 6.2 allows ...)
	NOT-FOR-US: SolarWinds
CVE-2015-7837 (The Linux kernel, as used in Red Hat Enterprise Linux 7, kernel-rt, ...)
	- linux 4.5.1-1 (unimportant)
	NOTE: secureboot not yet supported in the Debian package in 4.3
	NOTE: https://github.com/mjg59/linux/commit/4b2b64d5a6ebc84214755ebccd599baef7c1b798
	NOTE: Fix is included in 4.5.1-1 with the patches/features/all/securelevel/kexec-uefi-copy-secure_boot-flag-in-boot-params-acro.patch
CVE-2015-7836 (Siemens RUGGEDCOM ROS before 4.2.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Siemens
CVE-2015-7835 (The mod_l2_entry function in arch/x86/mm.c in Xen 3.4 through 4.6.x ...)
	{DSA-3390-1}
	- xen 4.6.0-1
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-148.html
CVE-2015-7834 (Multiple unspecified vulnerabilities in Google V8 before 4.6.85.23, as ...)
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life> (Not supported in Wheezy)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-7833 (The usbvision driver in the Linux kernel package 3.10.0-123.20.1.el7 ...)
	{DSA-3426-1 DSA-3396-1 DLA-360-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	NOTE: http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=588afcc1c0e45358159090d95bf7b246fb67565
	NOTE: http://git.linuxtv.org/cgit.cgi/media_tree.git/commit?id=fa52bd506f274b7619955917abfde355e3d19ff
	NOTE: initial fix missed a second needed commit.
CVE-2015-7832
	RESERVED
CVE-2015-7831
	RESERVED
CVE-2015-7829 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-7828 (SAP HANA Database 1.00 SPS10 and earlier do not require ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7827 (Botan before 1.10.13 and 1.11.x before 1.11.22 make it easier for ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.13-1 (bug #817932)
	NOTE: Fixed in 1.11.22 and 1.10.13. Affected all previous versions.
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7826 (botan 1.11.x before 1.11.22 improperly handles wildcard matching ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.22
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7825 (botan before 1.11.22 improperly validates certificate paths, which ...)
	- botan1.10 <not-affected> (Introduced in 1.11.6)
	NOTE: Introduced in 1.11.6, fixed in 1.11.22
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7824 (botan 1.11.x before 1.11.22 makes it easier for remote attackers to ...)
	- botan1.10 <not-affected> (Introduced in 1.11.0)
	NOTE: Introduced in 1.11.0, fixed in 1.11.22
	NOTE: http://botan.randombit.net/security.html
CVE-2015-7823 (Open redirect vulnerability in CMSPages/GetDocLink.ashx in Kentico CMS ...)
	NOT-FOR-US: Kentico CMS
CVE-2015-7822 (Multiple cross-site scripting (XSS) vulnerabilities in Kentico CMS 8.2 ...)
	NOT-FOR-US: Kentico CMS
CVE-2015-7821
	RESERVED
CVE-2015-7820 (Race condition in the administration-panel web service in IBM System ...)
	NOT-FOR-US: IBM
CVE-2015-7819 (The DB service in IBM System Networking Switch Center (SNSC) before ...)
	NOT-FOR-US: IBM
CVE-2015-7818 (The administration-panel web service in IBM System Networking Switch ...)
	NOT-FOR-US: IBM
CVE-2015-7817 (Race condition in the administration-panel web service in IBM System ...)
	NOT-FOR-US: IBM
CVE-2015-7816 (The DisplayTopKeywords function in plugins/Referrers/Controller.php in ...)
	- piwik <itp> (bug #448532)
CVE-2015-7815 (Directory traversal vulnerability in core/ViewDataTable/Factory.php in ...)
	- piwik <itp> (bug #448532)
CVE-2015-7814 (Race condition in the relinquish_memory function in arch/arm/domain.c ...)
	{DSA-3414-1}
	- xen 4.6.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-147.html
	[wheezy] - xen <not-affected> (arm not yet supported)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
CVE-2015-7813 (Xen 4.4.x, 4.5.x, and 4.6.x does not limit the number of printk ...)
	{DSA-3414-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (arm not yet supported)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-146.html
CVE-2015-7812 (The hypercall_create_continuation function in arch/arm/domain.c in Xen ...)
	{DSA-3414-1}
	- xen 4.6.0-1
	[wheezy] - xen <not-affected> (arm not yet supported)
	[squeeze] - xen <end-of-life> (not supported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-145.html
CVE-2013-7445 (The Direct Rendering Manager (DRM) subsystem in the Linux kernel ...)
	- linux <unfixed>
	[stretch] - linux <ignored> (Minor issue, requires invasive changes)
	[jessie] - linux <ignored> (Minor issue, requires invasive changes)
	[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
	- linux-2.6 <removed>
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=60533
CVE-2015-8011 [lldpd: buffer overflow when handling management address TLV]
	RESERVED
	- lldpd 0.7.19-1
	[jessie] - lldpd 0.7.11-2+deb8u1
	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/vincentbernat/lldpd/commit/dd4f16e7e816f2165fba76e3d162cd8d2978dcb2
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/16/2
CVE-2015-8012 [lldpd: asserts triggered by malformed packets]
	RESERVED
	- lldpd 0.7.19-1
	[jessie] - lldpd 0.7.11-2+deb8u1
	[wheezy] - lldpd <not-affected> (Vulnerable code not present)
	[squeeze] - lldpd <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/vincentbernat/lldpd/commit/793526f8884455f43daecd0a2c46772388417a00
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/18/2
CVE-2015-XXXX [cakephp: XML class SSRF vulnerability]
	- cakephp 2.6.7-1 (bug #832283)
	[jessie] - cakephp <no-dsa> (Minor issue)
	[wheezy] - cakephp 1.3.15-1+deb7u1
	[squeeze] - cakephp 1.3.2-1.1+deb6u11
	NOTE: Workaround entry for DLA-333-1 and DLA-566-1 until/if CVE assigned
	NOTE: http://seclists.org/fulldisclosure/2015/Oct/70
	NOTE: https://github.com/cakephp/cakephp/releases/tag/2.6.6
CVE-2015-7830 (The pcapng_read_if_descr_block function in wiretap/pcapng.c in the ...)
	{DSA-3505-1}
	- wireshark 1.12.8+g5b6e543-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-30.html
CVE-2015-7811
	RESERVED
CVE-2015-7810
	RESERVED
	- libbluray 1:0.9.1-1 (low)
	[jessie] - libbluray <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - libbluray <no-dsa> (Minor issue)
	NOTE: CVE was assigned specific to the Fedora packages, cf.
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/12/7
	NOTE: Salvatored asked if Debian needs a separate CVE:
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/13/6
	NOTE: No reply, so we'll just use the same ID
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959434
CVE-2015-7808 (The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 ...)
	NOT-FOR-US: vBulletin
CVE-2015-7807
	RESERVED
CVE-2015-7806 (Eval injection vulnerability in the fm_saveHelperGatherItems function ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-7805 (Heap-based buffer overflow in libsndfile 1.0.25 allows remote ...)
	{DLA-928-1 DLA-356-1}
	- libsndfile 1.0.25-10 (bug #804445)
	[jessie] - libsndfile 1.0.25-9.1+deb8u1
	NOTE: http://www.nemux.org/2015/10/13/libsndfile-1-0-25-heap-overflow/
	NOTE: https://www.exploit-db.com/exploits/38447/
CVE-2015-7802 (gifread.c in gif2png, as used in OptiPNG before 0.7.6, allows remote ...)
	- optipng 0.7.6-1 (unimportant; bug #801700)
	NOTE: Not a security flaw as the under-read does not depend on input
CVE-2015-7801 (Use-after-free vulnerability in OptiPNG 0.6.4 allows remote attackers ...)
	{DLA-332-1}
	- optipng 0.7.5-1
	[wheezy] - optipng 0.6.4-1+deb7u1
CVE-2015-7800
	RESERVED
CVE-2015-7799 (The slhc_init function in drivers/net/slip/slhc.c in the Linux kernel ...)
	{DSA-3426-1 DLA-360-1}
	- linux 4.2.6-2
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/android/issues/detail?id=187973
	NOTE: DoS, requires access to /dev/ppp which is root-only by default
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0baa57d8dc32db78369d8b5176ef56c5e2e18ab3
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4ab42d78e37a294ac7bc56901d563c642e03c4ae
CVE-2015-7798 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7797 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7796 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7795 (Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 ...)
	NOT-FOR-US: Cybozu Office
CVE-2015-7794 (Corega CG-WLNCM4G devices provide an open DNS resolver, which allows ...)
	NOT-FOR-US: Corega
CVE-2015-7793 (Corega CG-WLBARAGM devices provide an open proxy service, which allows ...)
	NOT-FOR-US: Corega
CVE-2015-7792 (Corega CG-WLBARGS devices allow remote attackers to perform ...)
	NOT-FOR-US: Corega
CVE-2015-7791 (Multiple SQL injection vulnerabilities in admin.php in the Collne ...)
	NOT-FOR-US: Collne Welcart plugin for WordPress
CVE-2015-7790 (Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL ...)
	NOT-FOR-US: ASUS
CVE-2015-7789 (ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow ...)
	NOT-FOR-US: ASUS
CVE-2015-7788 (ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow ...)
	NOT-FOR-US: ASUS
CVE-2015-7787 (ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allow ...)
	NOT-FOR-US: ASUS
CVE-2015-7786 (Cross-site scripting (XSS) vulnerability in the NTT DATA Smart ...)
	NOT-FOR-US: NTT DATA
CVE-2015-7785 (GANMA! App for iOS does not verify SSL certificates. ...)
	NOT-FOR-US: GANMA! App for iOS
CVE-2015-7784 (SQL injection vulnerability in the BOKUBLOCK (1) ...)
	NOT-FOR-US: BOKUBLOCK
CVE-2015-7783 (Cross-site scripting (XSS) vulnerability in Let's PHP! p++BBS before ...)
	NOT-FOR-US: p++BBS
CVE-2015-7782 (Cross-site scripting (XSS) vulnerability in Let's PHP! Frame ...)
	NOT-FOR-US: Let's PHP!
CVE-2015-7781 (ManageEngine Firewall Analyzer before 8.0 does not restrict access ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2015-7780 (Directory traversal vulnerability in ManageEngine Firewall Analyzer ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2015-7779
	REJECTED
CVE-2015-7778 (Gurunavi App for iOS before 6.0.0 does not verify SSL certificates ...)
	NOT-FOR-US: Gurunavi App for iOS
CVE-2015-7777 (Cross-site scripting (XSS) vulnerability in index.php in JosephErnest ...)
	NOT-FOR-US: JosephErnest Void
CVE-2015-7776 (Cybozu Garoon 3.x and 4.x before 4.2.0 does not properly restrict ...)
	NOT-FOR-US: Cybozu
CVE-2015-7775 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 4.0.3 allows ...)
	NOT-FOR-US: Cybozu
CVE-2015-7774 (PC-EGG pWebManager before 3.3.10, and before 2.2.2 for PHP 4.x, allows ...)
	NOT-FOR-US: PC-EGG
CVE-2015-7773 (Unrestricted file upload vulnerability in the Panel component in ...)
	NOT-FOR-US: Bastian Allgeier Kirby
CVE-2015-7772 (Cross-site scripting (XSS) vulnerability in the runtime engine in the ...)
	NOT-FOR-US: Newphoria
CVE-2015-7771 (Cross-site scripting (XSS) vulnerability in the runtime engine in the ...)
	NOT-FOR-US: Newphoria
CVE-2015-7770 (Dell SonicWall TotalSecure TZ 100 devices with firmware before ...)
	NOT-FOR-US: Dell
CVE-2015-7769 (baserCMS 3.0.2 through 3.0.8 allows remote authenticated users to ...)
	NOT-FOR-US: baserCMS
CVE-2015-7768 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote ...)
	NOT-FOR-US: Konica Minolta
CVE-2015-7767 (Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote ...)
	NOT-FOR-US: Konica Minolta
CVE-2015-7766 (PGSQL:SubmitQuery.do in ZOHO ManageEngine OpManager 11.6, 11.5, and ...)
	NOT-FOR-US: ZOHO
CVE-2015-7765 (ZOHO ManageEngine OpManager 11.5 build 11600 and earlier uses a ...)
	NOT-FOR-US: ZOHO
CVE-2015-7809 (The displayBlock function Template.php in Sensio Labs Twig before ...)
	{DSA-3343-1}
	- twig 1.20.0-1
	NOTE: http://symfony.com/blog/security-release-twig-1-20-0
CVE-2015-7804 (Off-by-one error in the phar_parse_zipfile function in ext/phar/zip.c ...)
	{DSA-3380-1 DLA-341-1}
	- php5 5.6.14+dfsg-1 (medium)
	NOTE: https://bugs.php.net/bug.php?id=70433
CVE-2015-7803 (The phar_get_entry_data function in ext/phar/util.c in PHP before ...)
	{DSA-3380-1 DLA-341-1}
	- php5 5.6.14+dfsg-1 (low)
	NOTE: https://bugs.php.net/bug.php?id=69720
CVE-2015-7764 (Lemur 0.1.4 does not use sufficient entropy in its IV when encrypting ...)
	- lemur <itp> (bug #809533)
CVE-2015-7763 (rx/rx.c in OpenAFS 1.5.75 through 1.5.78, 1.6.x before 1.6.15, and ...)
	{DSA-3387-1 DLA-342-1}
	- openafs 1.6.15-1
	NOTE: https://www.openafs.org/security
CVE-2015-7762 (rx/rx.c in OpenAFS before 1.6.15 and 1.7.x before 1.7.33 does not ...)
	{DSA-3387-1 DLA-342-1}
	- openafs 1.6.15-1
	NOTE: https://www.openafs.org/security
CVE-2015-7761 (Mail in Apple OS X before 10.11 does not properly recognize user ...)
	NOT-FOR-US: Apple
CVE-2015-7760 (libxpc in launchd in Apple OS X before 10.11 does not restrict the ...)
	NOT-FOR-US: Apple
CVE-2015-7759 (BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, Link Controller, and PEM ...)
	NOT-FOR-US: BIG-IP
CVE-2015-7757
	REJECTED
CVE-2015-7756 (The encryption implementation in Juniper ScreenOS 6.2.0r15 through ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2015-7755 (Juniper ScreenOS 6.2.0r15 through 6.2.0r18, 6.3.0r12 before 6.3.0r12b, ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2015-7754 (Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and ...)
	NOT-FOR-US: Juniper
CVE-2015-7753
	RESERVED
CVE-2015-7752 (The SSH server in Juniper Junos OS before 12.1X44-D50, 12.1X46 before ...)
	NOT-FOR-US: Juniper
CVE-2015-7751 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, ...)
	NOT-FOR-US: Juniper
CVE-2015-7750 (The L2TP packet processing functionality in Juniper Netscreen and ...)
	NOT-FOR-US: Juniper
CVE-2015-7749 (The PFE daemon in Juniper vSRX virtual firewalls with Junos OS before ...)
	NOT-FOR-US: Juniper
CVE-2015-7748 (Juniper chassis with Trio (Trinity) chipset line cards and Junos OS ...)
	NOT-FOR-US: Juniper
CVE-2015-7746 (NetApp Data ONTAP before 8.2.4, when operating in 7-Mode, allows ...)
	NOT-FOR-US: NetApp
CVE-2015-7745
	RESERVED
CVE-2015-7744 (wolfSSL (formerly CyaSSL) before 3.6.8 does not properly handle faults ...)
	- wolfssl 3.9.10+dfsg-1
	- mysql-5.6 5.6.27-1
	- mysql-5.5 5.5.46-0+deb8u1
	[jessie] - mysql-5.5 5.5.46-0+deb8u1
	[wheezy] - mysql-5.5 5.5.46-0+deb7u1
	[squeeze] - mysql-5.5 5.5.46-0+deb6u1
	- mariadb-10.0 10.0.22-1
	[jessie] - mariadb-10.0 10.0.22-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixMSQL
CVE-2015-7743 (XML external entity vulnerability in PRTG Network Monitor before ...)
	NOT-FOR-US: PRTG Network Monitor
CVE-2015-7742
	RESERVED
CVE-2015-7741
	RESERVED
CVE-2015-7739
	RESERVED
CVE-2015-7738
	RESERVED
CVE-2015-7737
	RESERVED
CVE-2015-7736
	RESERVED
CVE-2015-7735
	RESERVED
CVE-2015-7734
	RESERVED
CVE-2015-7733
	RESERVED
CVE-2015-7732 (The Avira Mobile Security app before 1.5.11 for iOS sends sensitive ...)
	NOT-FOR-US: Avira Mobile Security app
CVE-2015-7731
	RESERVED
CVE-2015-7730 (SAP BusinessObjects BI Platform 4.1, BusinessObjects Edge 4.0, and ...)
	NOT-FOR-US: SAP BusinessObjects
CVE-2015-7729 (Eval injection in test-net.xsjs in the Web-based Development Workbench ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7728 (Cross-site scripting (XSS) vulnerability in user creation in the ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7727 (Multiple SQL injection vulnerabilities in the Web-based Development ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7726 (Cross-site scripting (XSS) vulnerability in role deletion in the ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7725 (Multiple SQL injection vulnerabilities in the Web-based Development ...)
	NOT-FOR-US: SAP HANA
CVE-2015-7724 (AMD fglrx-driver before 15.9 allows local users to gain privileges via ...)
	- fglrx-driver 1:15.9-1 (bug #803517)
	[jessie] - fglrx-driver <no-dsa> (Non-free not supported)
	[wheezy] - fglrx-driver <no-dsa> (non-free not supported)
	[squeeze] - fglrx-driver <no-dsa> (non-free not supported)
	NOTE: http://seclists.org/fulldisclosure/2015/Oct/103
CVE-2015-7723 (AMD fglrx-driver before 15.7 allows local users to gain privileges via ...)
	- fglrx-driver 1:15.7-1 (bug #803517)
	[jessie] - fglrx-driver <no-dsa> (Non-free not supported)
	[wheezy] - fglrx-driver <no-dsa> (non-free not supported)
	[squeeze] - fglrx-driver <no-dsa> (non-free not supported)
	NOTE: http://seclists.org/fulldisclosure/2015/Oct/104
CVE-2015-7722
	RESERVED
CVE-2015-7721
	RESERVED
CVE-2015-7720
	RESERVED
CVE-2015-7719
	RESERVED
CVE-2015-7718 (mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-7717 (mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-7716 (libstagefright in Android 5.x before 5.1.1 LMY48T allows remote ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-7715 (Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL ...)
	NOT-FOR-US: Realtyna RPL for Joomla!
CVE-2015-7714 (Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) ...)
	NOT-FOR-US: Realtyna RPL for Joomla!
CVE-2015-7712 (Multiple eval injection vulnerabilities in ...)
	NOT-FOR-US: ATutor
CVE-2015-7711 (Cross-site scripting (XSS) vulnerability in popuphelp.php in ATutor ...)
	NOT-FOR-US: ATutor
CVE-2015-7710
	RESERVED
CVE-2015-7709 (The arkeiad daemon in the Arkeia Backup Agent in Western Digital ...)
	NOT-FOR-US: Western Digital
CVE-2015-7708 (Cross-site scripting (XSS) vulnerability in 4images 1.7.11 and earlier ...)
	NOT-FOR-US: 4images
CVE-2015-7707 (Ignite Realtime Openfire 3.10.2 allows remote authenticated users to ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2015-7706 (Multiple cross-site scripting (XSS) vulnerabilities in Secure Data ...)
	NOT-FOR-US: Secure Data Space
CVE-2014-9756 (The psf_fwrite function in file_io.c in libsndfile allows attackers to ...)
	{DLA-928-1 DLA-356-1}
	- libsndfile 1.0.25-10 (bug #804447)
	[jessie] - libsndfile 1.0.25-9.1+deb8u1
	NOTE: https://github.com/erikd/libsndfile/commit/725c7dbb95bfaf8b4bb7b04820e3a00cceea9ce6
CVE-2014-9753
	RESERVED
CVE-2014-9752 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: ATutor
CVE-2015-7758 (Gummi 0.6.5 allows local users to write to arbitrary files via a ...)
	- gummi 0.6.5-6 (bug #756432)
	[jessie] - gummi 0.6.5-3+deb8u1
	[wheezy] - gummi 0.6.3-1.2+deb7u2
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/4
CVE-2008-7316 (mm/filemap.c in the Linux kernel before 2.6.25 allows local users to ...)
	- linux <not-affected> (Issue fixed before the src:linux-2.6 rename)
	- linux-2.6 2.6.25-1
	NOTE: https://git.kernel.org/linus/124d3b7041f9a0ca7c43a6293e1cae4576c32fd5 (v2.6.25-rc1)
CVE-2008-7315 (UI-Dialog 1.09 and earlier allows remote attackers to execute ...)
	- libui-dialog-perl <unfixed> (bug #496448)
	[jessie] - libui-dialog-perl <no-dsa> (Minor issue)
	[wheezy] - libui-dialog-perl <no-dsa> (Minor issue)
	[squeeze] - libui-dialog-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=107364
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/08/2
CVE-2015-7740 (Huawei P7 before P7-L00C17B851, P7-L05C00B851, and P7-L09C92B851 and ...)
	NOT-FOR-US: ARM Mali GPU driver
CVE-2015-7545 (The (1) git-remote-ext and (2) unspecified other remote helper ...)
	{DSA-3435-1}
	- git 1:2.6.1-1
	[squeeze] - git <not-affected> (git 1.7.2 did not have git-remote-ext yet)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/1
CVE-2015-7747 [When changing both sample format and number of channels, data gets corrupted; if new sample format smaller than old, possible buffer overflow]
	RESERVED
	- audiofile 0.3.6-3 (bug #801102)
	[jessie] - audiofile 0.3.6-2+deb8u1
	[wheezy] - audiofile <no-dsa> (Minor issue)
	[squeeze] - audiofile <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/06/2
CVE-2015-7705 (The rate limiting feature in NTP 4.x before 4.2.8p4 and 4.3.x before ...)
	- ntp 1:4.2.8p4+dfsg-3
	[jessie] - ntp <no-dsa> (Default config not affected)
	[wheezy] - ntp <no-dsa> (Default config not affected)
	[squeeze] - ntp <no-dsa> (Default config not affected)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/21d57dc336dbe9a975baca5ce5ae4da5b71ff123
	NOTE: https://github.com/ntp-project/ntp/commit/492758c3d0690d3ccf7130fabfcf670997f12f7b
	NOTE: Original fix was reported broken, then fixed in http://bugs.ntp.org/show_bug.cgi?id=2952 (4.2.8p7)
	NOTE: Original upsteam bug: http://support.ntp.org/bin/view/Main/NtpBug2901
CVE-2015-7704 (The ntpd client in NTP 4.x before 4.2.8p4 and 4.3.x before 4.3.77 ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-3
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: Original ntp fix applied in 1:4.2.8p4+dfsg-1for CVE-2015-7704 is apparently broken
	NOTE: http://lists.ntp.org/pipermail/pool/2015-October/007631.html
CVE-2015-7703 (The &quot;pidfile&quot; or &quot;driftfile&quot; directives in NTP ntpd 4.2.x before ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/5dea6ff160c7e8f7cb038619ccccd28c3a8df637
	NOTE: https://github.com/ntp-project/ntp/commit/cdae0f1369ade98dc7ae912a0f1953b6e533cb88
CVE-2015-7702 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/c4cd4aaf418f57f7225708a93bf48afb2bc9c1da
CVE-2015-7701 (Memory leak in the CRYPTO_ASSOC function in ntpd in NTP 4.2.x before ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: https://github.com/ntp-project/ntp/commit/d7cd5e186034340402f1393e0813c7d2b14ea6ca
	NOTE: https://github.com/ntp-project/ntp/commit/79604d925e4477247eee202155215e7865293809
CVE-2015-7700 (Double-free vulnerability in the sPLT chunk structure and png.c in ...)
	- pngcrush <unfixed> (bug #874109)
	[stretch] - pngcrush <no-dsa> (Minor issue)
	[jessie] - pngcrush <no-dsa> (Minor issue)
	[wheezy] - pngcrush <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/pmt/code/ci/e8ae5a842e86324f0bee91f4d98245fddb8ea5dd (1.7.87)
CVE-2015-7697 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
	{DSA-3386-1 DLA-330-1}
	- unzip 6.0-19 (bug #802160)
CVE-2015-7696 (Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of ...)
	{DSA-3386-1 DLA-330-1}
	- unzip 6.0-19 (bug #802162)
CVE-2015-7695 (The PDO adapters in Zend Framework before 1.12.16 do not filer null ...)
	{DSA-3369-1 DLA-326-1}
	- zendframework 1.12.16+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-08
	NOTE: https://github.com/zendframework/zf1/commit/2ac9c30f73ec2e6235c602bed745749a551b4fe2
CVE-2015-7694
	RESERVED
CVE-2015-7693
	RESERVED
CVE-2015-7692 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: Fixed upstream together with CVE-2015-7702
CVE-2015-7691 (The crypto_xmit function in ntpd in NTP 4.2.x before 4.2.8p4, and ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-1
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#October_2015_NTP_Security_Vulner
	NOTE: Fixed upstream together with CVE-2015-7702
CVE-2015-7690
	RESERVED
CVE-2015-7689
	RESERVED
CVE-2015-7688
	RESERVED
CVE-2015-7685 (GLPI before 0.85.3 allows remote authenticated users to create ...)
	- glpi <removed> (unimportant)
	NOTE: https://forge.glpi-project.org/issues/5218
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2015-7684 (Unrestricted file upload in GLPI before 0.85.3 allows remote ...)
	- glpi <removed> (unimportant)
	NOTE: https://forge.glpi-project.org/issues/5217
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2015-7683 (Absolute path traversal vulnerability in Font.php in the Font plugin ...)
	NOT-FOR-US: Font plugin for WordPress
CVE-2015-7682 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: Pie Register plugin for WordPress
CVE-2015-7681
	REJECTED
CVE-2015-7680 (Ipswitch MOVEit DMZ before 8.2 provides different error messages for ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7679 (Cross-site scripting (XSS) vulnerability in Ipswitch MOVEit Mobile ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7678 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ipswitch ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7677 (The MOVEitISAPI service in Ipswitch MOVEit DMZ before 8.2 provides ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7676 (Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7675 (The &quot;Send as attachment&quot; feature in Ipswitch MOVEit DMZ before 8.2 and ...)
	NOT-FOR-US: MOVEit File Transfer web- and mobile application
CVE-2015-7672 (Cross-site scripting (XSS) vulnerability in Centreon 2.6.1. ...)
	NOT-FOR-US: Centreon
CVE-2014-9751 (The read_network_packet function in ntp_io.c in ntpd in NTP 4.x before ...)
	{DSA-3154-1 DLA-149-1}
	- ntp 1:4.2.6.p5+dfsg-4
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2672 (not yet public)
CVE-2014-9750 (ntp_crypto.c in ntpd in NTP 4.x before 4.2.8p1, when Autokey ...)
	{DSA-3154-2 DSA-3154-1 DLA-149-1}
	- ntp 1:4.2.6.p5+dfsg-5
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2671
CVE-2014-9749 (Squid 3.4.4 through 3.4.11 and 3.5.0.1 through 3.5.1, when Digest ...)
	- squid <not-affected> (related code not present in 2.7.X)
	- squid3 3.4.8-6 (bug #776464)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	NOTE: http://bugs.squid-cache.org/show_bug.cgi?id=4066
	NOTE: http://bazaar.launchpad.net/~squid/squid/3.4/revision/13211 (Squid 3.4)
	NOTE: http://bazaar.launchpad.net/~squid/squid/3.5/revision/13735 (Squid 3.5)
CVE-2014-9748
	RESERVED
	- libuv 1.7.4-1 (unimportant)
	- nodejs 4.0.0~dfsg-1 (unimportant)
	NOTE: Only affects Windows
CVE-2015-7713 (OpenStack Compute (Nova) before 2014.2.4 (juno) and 2015.1.x before ...)
	- nova 1:12.0.0-2
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/05/10
CVE-2015-XXXX [Remotely triggerable buffer overflow in OpenSMTPD]
	- opensmtpd 5.7.3p1-1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/10/04/2
	NOTE: Fixed with 5.7.3 upstream release
CVE-2015-7687 (Use-after-free vulnerability in OpenSMTPD before 5.7.2 allows remote ...)
	- opensmtpd 5.7.3p1-1 (bug #800787)
CVE-2015-7686 (Algorithmic complexity vulnerability in Address.pm in the ...)
	- libemail-address-perl <unfixed> (bug #868170; unimportant)
	[jessie] - libemail-address-perl <no-dsa> (Minor issue)
	[wheezy] - libemail-address-perl <no-dsa> (Minor issue)
	[squeeze] - libemail-address-perl <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
	NOTE: Possibility of DoS vs. usability issue for Email::Address
CVE-2015-7671
	RESERVED
CVE-2015-7670 (Multiple SQL injection vulnerabilities in includes/update.php in the ...)
	NOT-FOR-US: Support Ticket System plugin for WordPress
CVE-2015-7669 (Multiple directory traversal vulnerabilities in (1) ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-7668 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-7667 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: ResAds plugin for WordPress
CVE-2015-7666 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: Payment Form for PayPal Pro plugin for WordPress
CVE-2015-7664
	RESERVED
CVE-2015-7663 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7662 (Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7661 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7660 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7659 (Adobe Flash Player before 18.0.0.261 and 19.x before 19.0.0.245 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7658 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7657 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7656 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7655 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7654 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7653 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7652 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7651 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.261 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7650 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe Reader
CVE-2015-7649 (Adobe Shockwave Player before 12.2.1.171 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2015-7648 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7647 (Adobe Flash Player before 18.0.0.255 and 19.x before 19.0.0.226 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7646
	RESERVED
CVE-2015-7645 (Adobe Flash Player 18.x through 18.0.0.252 and 19.x through 19.0.0.207 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7644 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7643 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7642 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7641 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7640 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7639 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7638 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7637 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7636 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7635 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7634 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7633 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7632 (Buffer overflow in Adobe Flash Player before 18.0.0.252 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7631 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7630 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7629 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7628 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7627 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7626 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7625 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-7624 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-7623 (The ANAuthenticateResource method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-7622 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-7621 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-7620 (The ANSendForBrowserReview method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-7619 (The ANShareFile2 method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-7618 (The CBAutoConfigCommentRepository method in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2015-7617 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-7616 (The ANVerifyComments method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-7615 (Use-after-free vulnerability in a SaveAs feature in Adobe Reader and ...)
	NOT-FOR-US: Adobe
CVE-2015-7614 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-7612 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: McAfee
CVE-2015-7665 (Tails before 1.7 includes the wget program but does not prevent ...)
	NOT-FOR-US: wget as used in Tails
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/10
CVE-2015-7613 (Race condition in the IPC object implementation in the Linux kernel ...)
	{DSA-3372-1 DLA-325-1}
	- linux 4.2.3-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9a532277938798b53178d5a66af6e2915cb27cf (v4.3-rc4)
CVE-2015-7610
	RESERVED
CVE-2015-7609
	RESERVED
CVE-2015-7608
	RESERVED
CVE-2015-7607
	RESERVED
CVE-2015-7606
	RESERVED
CVE-2015-7605
	RESERVED
CVE-2015-7673 (io-tga.c in gdk-pixbuf before 2.32.0 uses heap memory after its ...)
	{DSA-3378-1 DLA-434-1}
	- gdk-pixbuf 2.32.0-1
	- gtk+2.0 2.21.5-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/3
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e
	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-8875 (Multiple integer overflows in the (1) pixops_composite_nearest, (2) ...)
	{DSA-3589-1 DLA-450-1}
	- gdk-pixbuf 2.34.0-1
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
	NOTE: http://www.openwall.com/lists/oss-security/2016/05/12/3
CVE-2015-7674 (Integer overflow in the pixops_scale_nearest function in ...)
	{DSA-3378-1 DLA-450-1 DLA-434-1}
	- gdk-pixbuf 2.32.1-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/01/4
	NOTE: Fix for CVE-2015-7674: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa (2.32.1)
	NOTE: Additional hardening against further overflows (but not part of the CVE assignment): https://git.gnome.org/browse/gdk-pixbuf/commit/?id=dbfe8f70471864818bf458a39c8a99640895bd22 (2.33.1)
	NOTE: The CVE is only assigned for the overflow in the pixops_scale_nearest function.
	- gtk+2.0 2.21.5-1
	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-XXXX [trivial hash complexity DoS attack]
	- php5 <removed> (bug #800564)
	[jessie] - php5 <ignored> (Too intrusive to backport)
	[wheezy] - php5 <no-dsa> (Too intrusive to backport)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.php.net/bug.php?id=70644
	NOTE: https://github.com/bk2204/php-hash-dos
CVE-2015-7698 (icewind1991 SMB before 1.0.3 allows remote authenticated users to ...)
	- php-smb 1.0.3a-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-017
CVE-2015-7699 (The files_external app in ownCloud Server before 7.0.9, 8.0.x before ...)
	{DSA-3373-1}
	- owncloud 7.0.9~dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-018
	NOTE: https://github.com/owncloud/core/commit/b05e178bbf884b120d1106e6a28f35aa50d6d06f
CVE-2015-7611 (Apache James Server 2.3.2, when configured with file-based user ...)
	NOT-FOR-US: Apache James
CVE-2015-7604 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk
CVE-2015-7603 (Directory traversal vulnerability in Konica Minolta FTP Utility 1.0 ...)
	NOT-FOR-US: Konica Minolta FTP Utility
CVE-2015-7602 (Directory traversal vulnerability in BisonWare BisonFTP 3.5 allows ...)
	NOT-FOR-US: BisonWare BisonFTP
CVE-2015-7601 (Directory traversal vulnerability in PCMan's FTP Server 2.0.7 allows ...)
	NOT-FOR-US: PCMan's FTP Server
CVE-2015-7600 (Cisco VPN Client 5.x through 5.0.07.0440 uses weak permissions for ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2015-7599 (Integer overflow in the _authenticate function in svc_auth.c in Wind ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2015-7598 (SafeNet Authentication Service TokenValidator Proxy Agent uses a weak ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7597 (SafeNet Authentication Service IIS Agent uses a weak ACL for ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7596 (SafeNet Authentication Service End User Software Tools for Windows ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2015-7595
	REJECTED
CVE-2015-7594
	REJECTED
CVE-2015-7593
	REJECTED
CVE-2015-7592
	REJECTED
CVE-2015-7591
	REJECTED
CVE-2015-7590
	REJECTED
CVE-2015-7589
	REJECTED
CVE-2015-7588
	REJECTED
CVE-2015-7587
	REJECTED
CVE-2015-7586
	REJECTED
CVE-2015-7585
	REJECTED
CVE-2015-7584
	REJECTED
CVE-2015-7583
	REJECTED
CVE-2015-7582
	REJECTED
CVE-2015-7581 (actionpack/lib/action_dispatch/routing/route_set.rb in Action Pack in ...)
	{DSA-3464-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	[wheezy] - ruby-actionpack-3.2 <not-affected> (Vulnerable code not present)
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
CVE-2015-7580 (Cross-site scripting (XSS) vulnerability in ...)
	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7579 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer ...)
	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7578 (Cross-site scripting (XSS) vulnerability in the rails-html-sanitizer ...)
	- ruby-rails-html-sanitizer 1.0.3-1 (bug #812814)
CVE-2015-7577 (activerecord/lib/active_record/nested_attributes.rb in Active Record ...)
	{DSA-3464-1 DLA-496-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-activerecord-3.2 <removed>
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
CVE-2015-7576 (The http_basic_authenticate_with method in ...)
	{DSA-3464-1 DLA-604-1}
	- rails 2:4.2.5.1-1
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	[squeeze] - rails <end-of-life> (Not supported in Squeeze LTS)
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- ruby-activesupport-3.2 <removed>
	[wheezy] - ruby-activesupport-3.2 <not-affected> (Vulnerable code not present)
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life>
	NOTE: https://github.com/rails/rails/commit/a6fa3960c3a149e83eb2ff057be4472a82958e3d
CVE-2015-7575 (Mozilla Network Security Services (NSS) before 3.20.2, as used in ...)
	{DSA-3688-1 DSA-3491-1 DSA-3465-1 DSA-3458-1 DSA-3457-1 DSA-3437-1 DSA-3436-1 DLA-410-1}
	- iceweasel 43.0.2-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.6.0-1
	[squeeze] - icedove <end-of-life>
	- nss 2:3.21-1
	[squeeze] - nss <not-affected> (only affects nss post 2012-07-26)
	[wheezy] - nss <not-affected> (TLS 1.2 not supported in 3.14, only 3.15.1 and above)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-150/
	NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=660286
	NOTE: NSS upstream fix is actually in 3.20.2: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes
	NOTE: NSS patch: https://hg.mozilla.org/projects/nss/raw-rev/891676aa0d85
	- openssl 1.0.1f-1
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: OpenSSL fix: https://git.openssl.org/?p=openssl.git;a=commit;h=5e1ff664f95ab4c9176b3e86b5111e5777bad61a
	- openjdk-8 7u95-2.6.4-1
	- openjdk-7 7u95-2.6.4-1
	- openjdk-6 <removed>
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1ad1d1b46fef
	- gnutls28 3.3.15-1
	[jessie] - gnutls28 3.3.8-6+deb8u3
	- gnutls26 <removed>
	[squeeze] - gnutls26 <not-affected> (TLS1.2 not supported)
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2015-2
	NOTE: http://lists.gnutls.org/pipermail/gnutls-devel/2015-April/007572.html
	NOTE: https://gitlab.com/gnutls/gnutls/commit/7d9d5c61f8445dc9e9ca47bb575c77cef17da17a
	NOTE: https://gitlab.com/gnutls/gnutls/commit/0e3fc7881d37246fc2d51dc404cad95b205c0e1e
	NOTE: https://gitlab.com/gnutls/gnutls/commit/6822a37947d4e38c45b1afc0121cda35ba897182
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/05/8
	NOTE: http://www.mitls.org/pages/attacks/SLOTH
CVE-2015-7574
	REJECTED
CVE-2015-7573
	REJECTED
CVE-2015-7572
	REJECTED
CVE-2015-7571 (Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7570 (Multiple server-side request forgery (SSRF) vulnerabilities in Yeager ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7569 (SQL injection vulnerability in &quot;yeager/y.php/tab_USERLIST&quot; in Yeager ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7568 (SQL injection vulnerability in the password recovery feature in Yeager ...)
	NOT-FOR-US: Yeager CMS
CVE-2015-7567
	RESERVED
	NOT-FOR-US: Yeager CMS
CVE-2015-7566 (The clie_5_attach function in drivers/usb/serial/visor.c in the Linux ...)
	{DSA-3448-1 DLA-412-1}
	- linux 4.3.3-6
	[wheezy] - linux 3.2.73-2+deb7u3
	- linux-2.6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1283371 (not (yet) public)
	NOTE: Proposed upstream patch: http://marc.info/?l=linux-usb&m=145260786729359&w=2
CVE-2015-7565 (Cross-site scripting (XSS) vulnerability in Ember.js 1.8.x through ...)
	NOT-FOR-US: ember.js
CVE-2015-7564 (Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier ...)
	NOT-FOR-US: TeamPass
CVE-2015-7563 (Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and ...)
	NOT-FOR-US: TeamPass
CVE-2015-7562 (Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 ...)
	NOT-FOR-US: TeamPass
CVE-2015-7561 (Kubernetes in OpenShift3 allows remote authenticated users to use the ...)
	NOT-FOR-US: OpenShift
CVE-2015-7560 (The SMB1 implementation in smbd in Samba 3.x and 4.x before 4.1.23, ...)
	{DSA-3514-1}
	- samba 2:4.3.6+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-7560.html
CVE-2015-7559 [DoS in client via shutdown command]
	RESERVED
	{DLA-913-1}
	- activemq 5.14.3-3 (bug #860866)
	[jessie] - activemq 5.6.0+dfsg1-4+deb8u3
	NOTE: Upstream commit: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=b8fc78e
	NOTE: https://issues.apache.org/jira/browse/AMQ-6470
CVE-2015-7558 (librsvg before 2.40.12 allows context-dependent attackers to cause a ...)
	{DSA-3584-1 DLA-477-1}
	- librsvg 2.40.12-1
	[squeeze] - librsvg <no-dsa> (Too intrusive to backport)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1268243
	NOTE: https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61 (2.40.12)
CVE-2015-7557 (The _rsvg_node_poly_build_path function in rsvg-shapes.c in librsvg ...)
	{DLA-395-1}
	- librsvg 2.40.9-2
	[jessie] - librsvg 2.40.5-1+deb8u1
	[wheezy] - librsvg 2.36.1-2+deb7u1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=738050 (not public accessible)
	NOTE: https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df (2.40.7)
CVE-2015-7556
	RESERVED
CVE-2015-7555 (Heap-based buffer overflow in giffix.c in giffix in giflib 5.1.1 ...)
	{DLA-389-1}
	- giflib 5.1.2-0.1 (bug #808704)
	[jessie] - giflib 4.1.6-11+deb8u1
	[wheezy] - giflib 4.1.6-10+deb7u1
	NOTE: Upstream fix http://sourceforge.net/p/giflib/code/ci/179510be300bf11115e37528d79619b53c884a63
CVE-2015-7554 (The _TIFFVGetField function in tif_dir.c in libtiff 4.0.6 allows ...)
	{DLA-693-1 DLA-692-1}
	- tiff 4.0.7-7 (bug #809066; bug #842043; bug #850316)
	[jessie] - tiff 4.0.3-12.3+deb8u4
	- tiff3 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/12/26/7
	NOTE: SUSE seem to have a fix (disputed): https://bugzilla.novell.com/show_bug.cgi?id=960341
	NOTE: Reproducer file here: https://bugzilla.novell.com/attachment.cgi?id=665389
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2564
	NOTE: partially fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2564#c2
	NOTE: --
	NOTE: The problem is present in tiff3 3.9.6-11+deb7u1 on wheezy (the problematic code
	NOTE: gets executed under gdb), however for some reason this does not lead to a segfault.
CVE-2015-7553 (Race condition in the kernel in Red Hat Enterprise Linux 7, kernel-rt ...)
	- linux <not-affected> (RHEL-specific backport bug)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1288934
	NOTE: Related to an incomplete RHEL backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8ac2bde2a4a05c38e2bd733bea94507cb1461e06
CVE-2015-7552 (Heap-based buffer overflow in the gdk_pixbuf_flip function in ...)
	{DSA-3589-1 DLA-501-1}
	- gdk-pixbuf 2.32.0-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=958963
	NOTE: This was fixed by one of the commits between 2.31.6 and 2.32.0.
	NOTE: Fixed by: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f68cb78a5277f169b9531e6998c00c7976594e4 (2.31.7)
CVE-2015-7551 (The Fiddle::Handle implementation in ext/fiddle/handle.c in Ruby ...)
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	[squeeze] - ruby1.9.1 <not-affected> (DL already fixed with CVE-2009-5147, Fiddle does not have vulnerable code)
	- ruby2.0 <removed>
	- ruby2.1 <removed> (bug #796344)
	[jessie] - ruby2.1 2.1.5-2+deb8u3
	- ruby2.2 2.2.4-1 (bug #796551)
	NOTE: https://www.ruby-lang.org/en/news/2015/12/16/unsafe-tainted-string-usage-in-fiddle-and-dl-cve-2015-7551/
CVE-2015-7550 (The keyctl_read_key function in security/keys/keyctl.c in the Linux ...)
	{DSA-3434-1 DLA-378-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/b4a1b4f5047e4f54e194681125c74c0aa64d637d (v4.4-rc8)
CVE-2015-7549 (The MSI-X MMIO support in hw/pci/msix.c in QEMU (aka Quick Emulator) ...)
	{DSA-3471-1}
	- qemu 1:2.5+dfsg-1 (bug #808131)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=43b11a91dd861a946b231b89b7542856ade23d1b (v2.5.0-rc0)
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d35e428c8400f9ddc07e5a15ff19622c869b9ba0 (v1.2.0-rc0)
CVE-2015-7548 (OpenStack Compute (Nova) before 2015.1.3 (kilo) and 12.0.x before ...)
	- nova 2:13.0.0~rc3-1
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Affects: Nova: <=2015.1.2, ==12.0.0
	NOTE: https://bugs.launchpad.net/bugs/1524274
CVE-2015-7547 (Multiple stack-based buffer overflows in the (1) send_dg and (2) ...)
	{DSA-3481-1 DSA-3480-1 DLA-416-1}
	- glibc 2.21-8
	- eglibc <removed>
	NOTE: https://googleonlinesecurity.blogspot.cz/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html
	NOTE: https://sourceware.org/ml/libc-alpha/2016-02/msg00416.html
CVE-2015-7546 (The identity service in OpenStack Identity (Keystone) before 2015.1.3 ...)
	- keystone 2:9.0.0~rc2-1
	[jessie] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
	[wheezy] - keystone <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
	- python-keystonemiddleware 3.0.0-1
	[jessie] - python-keystonemiddleware <no-dsa> (Too intrusive to backport, needs to switch to different token provider)
	NOTE: https://wiki.openstack.org/wiki/OSSN/OSSN-0062
	NOTE: Keystone: <= 2015.1.2, >= 8.0.0 <= 8.0.1
	NOTE: Keystonemiddleware: >= 1.5.0 <= 1.5.3, >= 1.6.0 <= 2.3.2
CVE-2015-7544 (redhat-support-plugin-rhev in Red Hat Enterprise Virtualization ...)
	NOT-FOR-US: redhat-support-plugin-rhev
CVE-2015-7543 (aRts 1.5.10 and kdelibs3 3.5.10 and earlier do not properly create ...)
	{DLA-367-1 DLA-366-1}
	- kde4libs <not-affected> (Fixed before the first release in Debian)
	- kdelibs <removed>
	- arts <removed>
	NOTE: https://quickgit.kde.org/?p=kdelibs.git&a=blobdiff&h=8c0f6401271c495c68e340e06b09239eb755ce5e&hp=45b72f0d5c3421b571e9515497352a0a9942a075&hb=cc5515ed7ce8884c9b18169158ba29ab2f7a3db7&f=kinit%2Flnusertemp.c
CVE-2015-7542 [libgwenhywfar uses outdated bundled CA certificates]
	RESERVED
	{DLA-469-1}
	- libgwenhywfar 4.12.0beta-3 (bug #748955; medium)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1272503
	NOTE: Debian packaging fix: http://source.lenk.info/git/pkg-libgwenhywfar.git/commitdiff/86dacaae3a233f6ca3b420e0bfdb12eb5ef40b91
CVE-2015-7541 (The initialize method in the Histogram class in ...)
	NOT-FOR-US: colorscore gem for Ruby
CVE-2015-7540 (The LDAP server in the AD domain controller in Samba 4.x before 4.1.22 ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.1.21)
	NOTE: https://www.samba.org/samba/security/CVE-2015-7540.html
CVE-2015-7539 (The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 ...)
	- jenkins <removed>
CVE-2015-7538 (Jenkins before 1.640 and LTS before 1.625.2 allow remote attackers to ...)
	- jenkins <removed>
CVE-2015-7537 (Cross-site request forgery (CSRF) vulnerability in Jenkins before ...)
	- jenkins <removed>
CVE-2015-7536 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.640 and ...)
	- jenkins <removed>
CVE-2015-7535
	REJECTED
CVE-2015-7534
	REJECTED
CVE-2015-7533
	REJECTED
CVE-2015-7532
	REJECTED
CVE-2015-7531
	REJECTED
CVE-2015-7530
	REJECTED
CVE-2015-7529 (sosreport in SoS 3.x allows local users to obtain sensitive ...)
	- sosreport 3.2+git276-g7da50d6-3 (unimportant)
	NOTE: Neutralised by kernel hardening
CVE-2015-7528 (Kubernetes before 1.2.0-alpha.5 allows remote attackers to read ...)
	- kubernetes <not-affected> (Fixed before initial release to archive)
	NOTE: https://github.com/kubernetes/kubernetes/pull/17886
CVE-2015-7527 (lib/core.php in the Cool Video Gallery plugin 1.9 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin cool-video-gallery
CVE-2015-7526
	REJECTED
CVE-2015-7525
	REJECTED
CVE-2015-7524
	REJECTED
CVE-2015-7523
	REJECTED
CVE-2015-7522
	REJECTED
CVE-2015-7521 (The authorization framework in Apache Hive 1.0.0, 1.0.1, 1.1.0, 1.1.1, ...)
	NOT-FOR-US: Apache Hive
CVE-2015-7520 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: Apache Wicket
CVE-2015-7519 (agent/Core/Controller/SendRequest.cpp in Phusion Passenger before ...)
	{DLA-394-1}
	- passenger 5.0.22-1 (bug #807354)
	- ruby-passenger <removed> (bug #864651)
	[jessie] - ruby-passenger <no-dsa> (Minor issue)
	[wheezy] - ruby-passenger <no-dsa> (Minor issue)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=956281
	NOTE: https://github.com/phusion/passenger/commit/c04590871ca0878d4d3ac1220c5a554b049056b4 (4.x)
	NOTE: https://github.com/phusion/passenger/commit/ddb8ecc4ebf260e4967f57f271d4f5761abeac3e (5.x)
CVE-2015-7518 (Multiple cross-site scripting (XSS) vulnerabilities in information ...)
	- foreman <itp> (bug #663101)
CVE-2015-7517 (Multiple SQL injection vulnerabilities in the Double Opt-In for ...)
	NOT-FOR-US: Double Opt-In for Download plugin for WordPress
CVE-2015-7516 (ONOS before 1.5.0 when using the ifwd app allows remote attackers to ...)
	NOT-FOR-US: Onos
CVE-2015-7515 (The aiptek_probe function in drivers/input/tablet/aiptek.c in the ...)
	{DSA-3607-1}
	- linux 4.4.2-1
	[wheezy] - linux 3.2.81-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1285326
	NOTE: https://os-s.net/advisories/OSS-2016-05_aiptek.pdf
	NOTE: Upstream commit: https://git.kernel.org/linus/8e20cf2bce122ce9262d6034ee5d5b76fbb92f96 (v4.4-rc6)
CVE-2015-7514 (OpenStack Ironic 4.2.0 through 4.2.1 does not &quot;clean&quot; the disk after ...)
	- ironic 1:4.2.2-1 (bug #807269)
CVE-2015-7513 (arch/x86/kvm/x86.c in the Linux kernel before 4.4 does not reset the ...)
	{DSA-3434-1}
	- linux 4.3.3-3
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/linus/0185604c2d82c560dab2f2933a18f797e74ab5a8 (v4.4-rc7)
CVE-2015-7512 (Buffer overflow in the pcnet_receive function in hw/net/pcnet.c in ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #806741)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06341.html
CVE-2015-7511 (Libgcrypt before 1.6.5 does not properly perform elliptic-point curve ...)
	{DSA-3478-1 DSA-3474-1}
	- libgcrypt20 1.6.5-2
	- libgcrypt11 <removed>
	[squeeze] - libgcrypt11 <not-affected> (Vulnerable code not present)
	NOTE: http://www.cs.tau.ac.IL/~tromer/ecdh/
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=fcbb9fcc2e6983ea61bf565b6ee2e29816b8cd57 (LIBGCRYPT-1-5-BRANCH)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=de7db12fa04016e12dffb2b678632f45eba15ec4 (libgcrypt-1.6.5)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=28eb424e4427b320ec1c9c4ce56af25d495230bd (libgcrypt-1.6.5)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=88e1358962e902ff1cbec8d53ba3eee46407851a (master)
CVE-2015-7510 (Stack-based buffer overflow in the getpwnam and getgrnam functions of ...)
	- systemd 229-1
	[jessie] - systemd <not-affected> (Vulnerable code introduced later, v223)
	[wheezy] - systemd <not-affected> (Vulnerable code introduced later, v223)
	NOTE: https://github.com/systemd/systemd/commit/cb31827d62066a04b02111df3052949fda4b6888 (v229)
	NOTE: https://github.com/systemd/systemd/issues/2002
CVE-2015-7509 (fs/ext4/namei.c in the Linux kernel before 3.7 allows physically ...)
	- linux 3.8-1~experimental.1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1259222
	NOTE: https://git.kernel.org/linus/c9b92530a723ac5ef8e352885a1862b18f31b2f5
	NOTE: https://git.kernel.org/linus/0e9a9a1ad619e7e987815d20262d36a2f95717ca
CVE-2015-7508 [heap overflow]
	RESERVED
	- libnsbmp <removed>
	[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=041df43bbe273b0829132b0b17d89a69da2927d4
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7507 [out-of-bounds read]
	RESERVED
	- libnsbmp <removed>
	[squeeze] - libnsbmp <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsbmp.git/commit/?id=49427b52ba41a1813e3822301612e2e170107efd
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7506 [out-of-bounds read]
	RESERVED
	- libnsgif <removed>
	[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=088fa0819f1aeaf212a95caf7393a38c1640b5f0
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7505 [stack overflow]
	RESERVED
	- libnsgif <removed>
	[squeeze] - libnsgif <no-dsa> (Library not used anywhere in Debian)
	NOTE: http://source.netsurf-browser.org/libnsgif.git/commit/?id=a268d2c15252ac58c19f1b19771822c66bcf73b2
	- netsurf 3.2+dfsg-3 (bug #810491)
	[jessie] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
	[wheezy] - netsurf <no-dsa> (netsurf already relies only entirely unsupported mozjs)
CVE-2015-7504 (Heap-based buffer overflow in the pcnet_receive function in ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.5+dfsg-1 (bug #806742)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-11/msg06342.html
	NOTE: Xen not affected in wheezy, CVE covered by XSA-162: https://marc.info/?l=oss-security&m=144888089404618&w=2
CVE-2015-7503 (Zend Framework before 2.4.9, zend-framework/zend-crypt 2.4.x before ...)
	NOT-FOR-US: php-zend-crypt
	NOTE: http://framework.zend.com/security/advisory/ZF2015-10
CVE-2015-7502 (Red Hat CloudForms 3.2 Management Engine (CFME) 5.4.4 and CloudForms ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2015-7500 (The xmlParseMisc function in parser.c in libxml2 before 2.9.3 allows ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=f1063fdbe7fa66332bbb76874101c2a7b51b519f (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756525 (upstream bug not yet open)
CVE-2015-7499 (Heap-based buffer overflow in the xmlGROW function in parser.c in ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=28cd9cb747a94483f4aea7f0968d202c20bb4cfc (v2.9.3)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=35bcb1d758ed70aa7b257c9c3b3ff55e54e3d0da (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756479 (upstream bug not yet open)
CVE-2015-7498 (Heap-based buffer overflow in the xmlParseXmlDecl function in parser.c ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=afd27c21f6b36e22682b7da20d726bce2dcb2f43 (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756527 (upstream bug not yet open)
CVE-2015-7497 (Heap-based buffer overflow in the xmlDictComputeFastQKey function in ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=6360a31a84efe69d155ed96306b9a931a40beab9 (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756528 (upstream bug not yet open)
CVE-2015-7496 (GNOME Display Manager (gdm) before 3.18.2 allows physically proximate ...)
	- gdm3 3.18.2-1
	[jessie] - gdm3  <not-affected> (Vulnerable code not present, unreproducible)
	[wheezy] - gdm3  <not-affected> (Vulnerable code not present, unreproducible)
	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=758032
	NOTE: https://git.gnome.org/browse/gdm/commit/?id=5ac2246
	NOTE: https://git.gnome.org/browse/gdm/commit/?id=05e5fc2
CVE-2015-7495
	RESERVED
CVE-2015-7494 (A vulnerability has been identified in IBM Cloud Orchestrator ...)
	NOT-FOR-US: IBM
CVE-2015-7493 (IBM InfoSphere Information Server could allow a local user under ...)
	NOT-FOR-US: IBM
CVE-2015-7492 (Cross-site scripting (XSS) vulnerability in Reference Data Management ...)
	NOT-FOR-US: IBM
CVE-2015-7491 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
	NOT-FOR-US: IBM
CVE-2015-7490 (IBM InfoSphere Information Server 8.5 through FP3, 8.7 through FP2, ...)
	NOT-FOR-US: IBM
CVE-2015-7489 (IBM SPSS Statistics 22.0.0.2 before IF10 and 23.0.0.2 before IF7 uses ...)
	NOT-FOR-US: IBM
CVE-2015-7488 (IBM Spectrum Scale 4.1.1.x before 4.1.1.4 and 4.2.x before 4.2.0.1, in ...)
	NOT-FOR-US: IBM
CVE-2015-7487 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
	NOT-FOR-US: IBM
CVE-2015-7486 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7485 (Cross-site scripting (XSS) vulnerability in IBM Rational Engineering ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7484 (IBM Rational Engineering Lifecycle Manager 3.0 before 3.0.1.6 iFix7 ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7483
	RESERVED
CVE-2015-7482
	RESERVED
CVE-2015-7481
	RESERVED
CVE-2015-7480
	RESERVED
CVE-2015-7479
	RESERVED
CVE-2015-7478
	RESERVED
CVE-2015-7477
	RESERVED
CVE-2015-7476
	RESERVED
CVE-2015-7475
	RESERVED
CVE-2015-7474 (Cross-site scripting (XSS) vulnerability in Jazz Foundation in IBM ...)
	NOT-FOR-US: IBM Rational Engineering Lifecycle Manager
CVE-2015-7473 (runmqsc in IBM WebSphere MQ 8.x before 8.0.0.5 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7472 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2015-7471 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2015-7470 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before ...)
	NOT-FOR-US: IBM
CVE-2015-7469 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before ...)
	NOT-FOR-US: IBM
CVE-2015-7468 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before ...)
	NOT-FOR-US: IBM
CVE-2015-7467 (Cross-site scripting (XSS) vulnerability in Report Builder in IBM Jazz ...)
	NOT-FOR-US: IBM
CVE-2015-7466 (Lifecycle Query Engine (LQE) in IBM Jazz Reporting Service (JRS) 6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7465 (Cross-site request forgery (CSRF) vulnerability in Lifecycle Query ...)
	NOT-FOR-US: IBM
CVE-2015-7464 (Report Builder in IBM Jazz Reporting Service (JRS) 5.x before ...)
	NOT-FOR-US: IBM
CVE-2015-7463 (IBM Business Process Manager 7.5.x, 8.0.x, 8.5.0, 8.5.5, and 8.5.6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7462 (IBM WebSphere MQ 8.0.0.4 on IBM i platforms allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7461 (XML external entity (XXE) vulnerability in IBM Connections 3.0.1.1 and ...)
	NOT-FOR-US: IBM
CVE-2015-7460 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...)
	NOT-FOR-US: IBM
CVE-2015-7459 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...)
	NOT-FOR-US: IBM
CVE-2015-7458 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 ...)
	NOT-FOR-US: IBM
CVE-2015-7457 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x ...)
	NOT-FOR-US: IBM
CVE-2015-7456 (IBM Spectrum Scale 4.1.1 before 4.1.1.4, and 4.2.0.0, allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-7455 (IBM WebSphere Portal 7.x through 7.0.0.2 CF29, 8.0.x before 8.0.0.1 ...)
	NOT-FOR-US: IBM
CVE-2015-7454 (Business Space in IBM WebSphere Process Server 6.1.2.0 through 7.0.0.5 ...)
	NOT-FOR-US: IBM
CVE-2015-7453 (Cross-site scripting (XSS) vulnerability in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2015-7452 (IBM Maximo Asset Management 7.5 before 7.5.0.9 FP9 and 7.6 before ...)
	NOT-FOR-US: IBM
CVE-2015-7451 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2015-7450 (Serialized-object interfaces in certain IBM analytics, business ...)
	NOT-FOR-US: IBM
CVE-2015-7449 (IBM Rational Collaborative Lifecycle Management (CLM) 4.0.x before ...)
	NOT-FOR-US: IBM
CVE-2015-7448 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
	NOT-FOR-US: IBM
CVE-2015-7447 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2015-7446 (Cross-site request forgery (CSRF) vulnerability in IBM Flash System ...)
	NOT-FOR-US: IBM
CVE-2015-7445 (IBM Multi-Enterprise Integration Gateway 1.0 through 1.0.0.1 and B2B ...)
	NOT-FOR-US: IBM
CVE-2015-7444 (The Update Installer in IBM WebSphere Commerce Enterprise 7.0.0.8 and ...)
	NOT-FOR-US: IBM
CVE-2015-7443
	RESERVED
CVE-2015-7442 (consoleinst.sh in IBM Installation Manager before 1.7.4.4 and 1.8.x ...)
	NOT-FOR-US: IBM
CVE-2015-7441 (Remote Artifact Loader (RAL) in IBM WebSphere Process Server 7 and ...)
	NOT-FOR-US: IBM
CVE-2015-7440 (IBM Rational Collaborative Lifecycle Management (CLM) 3.0.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-7439 (Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect ...)
	NOT-FOR-US: IBM
CVE-2015-7438 (IBM Sterling B2B Integrator 5.2 allows local users to obtain sensitive ...)
	NOT-FOR-US: IBM
CVE-2015-7437 (Queue Watcher in IBM Sterling B2B Integrator 5.2 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7436 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, ...)
	NOT-FOR-US: IBM
CVE-2015-7435 (IBM Tivoli Common Reporting (TCR) 2.1 before IF14, 2.1.1 before IF22, ...)
	NOT-FOR-US: IBM
CVE-2015-7434 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7433 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7432 (IBM Capacity Management Analytics 2.1.0.0 allows local users to ...)
	NOT-FOR-US: IBM
CVE-2015-7431 (Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-7430 (The Hadoop connector 1.1.1, 2.4, 2.5, and 2.7.0-0 before 2.7.0-3 for ...)
	NOT-FOR-US: IBM
CVE-2015-7429 (The Data Protection extension in the VMware GUI in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-7428 (Open redirect vulnerability in IBM WebSphere Portal 8.0.x before ...)
	NOT-FOR-US: IBM
CVE-2015-7427 (IBM DataPower Gateway appliances with firmware 6.x before 6.0.0.17, ...)
	NOT-FOR-US: IBM
CVE-2015-7426 (The Data Protection extension in the VMware GUI in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-7425 (The Data Protection component in the VMware vSphere GUI in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-7424 (IBM InfoSphere Master Data Management (MDM) - Collaborative Edition ...)
	NOT-FOR-US: IBM
CVE-2015-7423 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
	NOT-FOR-US: IBM
CVE-2015-7422 (Buffer overflow in IBM i Access 7.1 on Windows allows local users to ...)
	NOT-FOR-US: IBM i Access
CVE-2015-7421 (Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before ...)
	NOT-FOR-US: IBM
CVE-2015-7420 (Unspecified vulnerability in GSKit on IBM MQ M2000 appliances before ...)
	NOT-FOR-US: IBM
CVE-2015-7419 (IBM WebSphere Portal 8.0.0.1 before CF19 and 8.5.0 before CF09 allows ...)
	NOT-FOR-US: IBM
CVE-2015-7418 (IBM WebSphere eXtreme Scale and the WebSphere DataPower XC10 Appliance ...)
	NOT-FOR-US: IBM
CVE-2015-7417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-7416 (AFP Workbench Viewer in IBM i Access 7.1 on Windows allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-7415 (Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode ...)
	NOT-FOR-US: IBM
CVE-2015-7414 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-7413 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM
CVE-2015-7412 (The GatewayScript modules on IBM DataPower Gateways with software ...)
	NOT-FOR-US: IBM
CVE-2015-7411 (The portal client in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, ...)
	NOT-FOR-US: IBM
CVE-2015-7410 (The Health Check tool in IBM Sterling B2B Integrator 5.2 does not ...)
	NOT-FOR-US: IBM
CVE-2015-7409 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
	NOT-FOR-US: IBM
CVE-2015-7408 (The server in IBM Spectrum Protect (aka Tivoli Storage Manager) 5.5 ...)
	NOT-FOR-US: IBM
CVE-2015-7407 (Cross-site request forgery (CSRF) vulnerability in Lotus Mashups in ...)
	NOT-FOR-US: IBM
CVE-2015-7406
	RESERVED
CVE-2015-7405
	RESERVED
CVE-2015-7404 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
	NOT-FOR-US: IBM
CVE-2015-7403 (IBM Spectrum Scale 4.1.1.x before 4.1.1.3 and General Parallel File ...)
	NOT-FOR-US: IBM
CVE-2015-7402 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
	NOT-FOR-US: IBM
CVE-2015-7401 (IBM Curam Social Program Management 6.1.x before 6.1.1.1 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-7400 (The Lotus Mashups component in IBM Mashup Center 3.0.0.1 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-7399 (IBM WebSphere Message Broker 7 before 7.0.0.8 and 8 before 8.0.0.6 and ...)
	NOT-FOR-US: IBM
CVE-2015-7398 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract ...)
	NOT-FOR-US: IBM
CVE-2015-7397 (Multiple open redirect vulnerabilities in the Aurora starter store in ...)
	NOT-FOR-US: IBM
CVE-2015-7396 (The Scheduler in IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 ...)
	NOT-FOR-US: IBM
CVE-2015-7395 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-7394 (The datastor kernel module in F5 BIG-IP Analytics, APM, ASM, Link ...)
	NOT-FOR-US: BIG-IQ
CVE-2015-7393 (dcoep in BIG-IP LTM, Analytics, APM, ASM, and Link Controller 11.2.0 ...)
	NOT-FOR-US: BIG-IP
CVE-2015-7392 (Heap-based buffer overflow in the parse_string function in ...)
	- freeswitch <itp> (bug #389591)
CVE-2015-7391 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2015-7390 (SQL injection vulnerability in TestLink before 1.9.14 allows remote ...)
	NOT-FOR-US: TestLink
CVE-2015-7389
	RESERVED
CVE-2015-7388
	RESERVED
CVE-2015-7387 (ZOHO ManageEngine EventLog Analyzer 10.6 build 10060 and earlier ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2015-7386 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Gallery - Photo Albums - Portfolio plugin for WordPress
CVE-2015-7385 (Cross-site scripting (XSS) vulnerability in Open-Xchange OX Guard ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-7384 (Node.js 4.0.0, 4.1.0, and 4.1.1 allows remote attackers to cause a ...)
	- nodejs 4.1.1~dfsg-3 (bug #800580)
	[jessie] - nodejs <not-affected> (Vulnerability not present)
	NOTE: https://groups.google.com/forum/#!topic/nodejs-sec/fSNEQiuof6I
CVE-2015-8076 (The index_urlfetch function in index.c in Cyrus IMAP 2.3.x before ...)
	- cyrus-imapd-2.4 2.4.17+nocaldav-2
	[jessie] - cyrus-imapd-2.4 2.4.17+nocaldav-0~deb8u1
	[wheezy] - cyrus-imapd-2.4 <no-dsa> (Minor issue; can be fixed alone in a future DLA)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/29/2
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=07de4ff1bf2fa340b9d77b8e7de8d43d47a33921
	NOTE: https://cyrus.foundation/cyrus-imapd/commit/?id=c21e179c1f6b968fe69bebe079176714e511587b
CVE-2015-7383 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7382 (SQL injection vulnerability in install.php in Web Reference Database ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7381 (Multiple PHP remote file inclusion vulnerabilities in install.php in ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-7380
	RESERVED
CVE-2015-7379
	RESERVED
CVE-2015-7378 (Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the ...)
	NOT-FOR-US: Panda Security
CVE-2015-7377 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Pie Register plugin for WordPress
CVE-2015-7376
	RESERVED
CVE-2015-7375 (Schneider Electric InduSoft Web Studio before 8.0 allows remote ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-7374 (The Remote Agent component in Schneider Electric InduSoft Web Studio ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-7373 (Cross-site scripting (XSS) vulnerability in the &quot;magic-macros&quot; feature ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7372 (Directory traversal vulnerability in delivery-dev/al.php in Revive ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7371 (Revive Adserver before 3.2.2 does not restrict access to run-mpe.php, ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7370 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7369 (The default Flash cross-domain policy (crossdomain.xml) in Revive ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7368 (Revive Adserver before 3.2.2 does not send the appropriate ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7367 (Revive Adserver before 3.2.2 allows remote attackers to perform ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7366 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7365 (Cross-site scripting (XSS) vulnerability in the plugin upgrade form in ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7364 (The HTML_Quickform library, as used in Revive Adserver before 3.2.2, ...)
	NOT-FOR-US: Revive Adserver
CVE-2015-7363 (Cross-site scripting (XSS) vulnerability in the advanced settings page ...)
	NOT-FOR-US: Fortinet
CVE-2015-7362 (Fortinet FortiClient Linux SSLVPN before build 2313, when installed on ...)
	NOT-FOR-US: Fortinet
CVE-2015-7361 (FortiOS 5.2.3, when configured to use High Availability (HA) and the ...)
	NOT-FOR-US: FortiOS
CVE-2015-7360 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
	NOT-FOR-US: Fortinet
CVE-2015-XXXX [DoS]
	- libemail-address-perl 1.908-1
	[jessie] - libemail-address-perl <ignored> (Minor issue vs. usability impact of module)
	[wheezy] - libemail-address-perl <ignored> (Minor issue vs. usability impact of module)
	[squeeze] - libemail-address-perl 1.889-2+deb6u2
	NOTE: workaround entry for DLA-320-1 until/if CVE assigned
	NOTE: For the denial of service issue as of 1.908 as mitigation default value
	NOTE: for nestable comments set to deep level 1.
	NOTE: https://github.com/rjbs/Email-Address/commit/3056b7da4fffbce9ad92f9799fffc587ab40303d
	NOTE: No CVE will be assigned for behaviour change between 1.907 and 1.908
	NOTE: See CVE-2015-7686 for the underlying CWE-407 ("Algorithmic Complexity")
	NOTE: issue still present in 1.908
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/02/13
CVE-2015-7359 (The (1) IsVolumeAccessibleByCurrentUser and (2) MountDevice methods in ...)
	NOT-FOR-US: TrueCrypt
CVE-2015-7358 (The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt ...)
	NOT-FOR-US: TrueCrypt
CVE-2015-7357 (Cross-site scripting (XSS) vulnerability in the uDesign (aka U-Design) ...)
	NOT-FOR-US: uDesign
CVE-2015-7356
	RESERVED
CVE-2015-7355
	RESERVED
CVE-2015-7354
	RESERVED
CVE-2015-7353
	RESERVED
CVE-2015-7352
	RESERVED
CVE-2015-7351
	RESERVED
CVE-2015-7350
	RESERVED
CVE-2015-7349 (Cross-site scripting (XSS) vulnerability in the sample feedback.inc ...)
	NOT-FOR-US: Citrix
CVE-2015-7348 (Cross-site scripting (XSS) vulnerability in zTree 3.5.19.1 and ...)
	NOT-FOR-US: zTree
CVE-2015-7347 (Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages ...)
	NOT-FOR-US: ZCMS
CVE-2015-7346 (SQL injection vulnerability in ZCMS 1.1. ...)
	NOT-FOR-US: ZCMS
CVE-2015-7345
	RESERVED
CVE-2015-7344
	RESERVED
CVE-2015-7343
	RESERVED
CVE-2015-7342
	RESERVED
CVE-2015-7341
	RESERVED
CVE-2015-7340
	RESERVED
CVE-2015-7339
	RESERVED
CVE-2015-7338
	RESERVED
CVE-2015-7336
	RESERVED
CVE-2015-7335
	RESERVED
CVE-2015-7334
	RESERVED
CVE-2015-7333
	RESERVED
CVE-2015-7332
	RESERVED
CVE-2015-7331 (The mcollective-puppet-agent plugin before 1.11.1 for Puppet allows ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: https://puppet.com/security/cve/cve-2015-7331
CVE-2015-7330 (Puppet Enterprise 2015.3 before 2015.3.1 allows remote attackers to ...)
	NOT-FOR-US: Puppet Enterprise (Puppet Communications Protocol broker)
CVE-2015-7329
	RESERVED
CVE-2015-7328 (Puppet Server in Puppet Enterprise before 3.8.x before 3.8.3 and ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2015-7327 (Mozilla Firefox before 41.0 does not properly restrict the ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-114/
CVE-2015-7326 (XML External Entity (XXE) vulnerability in Milton Webdav before ...)
	NOT-FOR-US: Milton Webdav
CVE-2015-7325
	RESERVED
CVE-2015-7324 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: StackIdeas Komento component for Joomla!
CVE-2015-7323 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2015-7322 (The Secure Meeting (Pulse Collaboration) in Pulse Connect Secure ...)
	NOT-FOR-US: Pulse Connect Secure
CVE-2015-7321
	RESERVED
CVE-2015-7320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2015-7319 (SQL injection vulnerability in ...)
	NOT-FOR-US: Appointment Booking Calendar plugin for WordPress
CVE-2015-7318 (Plone 3.3.0 through 3.3.6 allows remote attackers to inject headers ...)
	NOT-FOR-US: Plone
CVE-2015-7317 (Kupu 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, ...)
	NOT-FOR-US: Plone
CVE-2015-7316 (Cross-site scripting (XSS) vulnerability in Plone 3.3.0 through 3.3.6, ...)
	NOT-FOR-US: Plone
CVE-2015-7315 (Plone 3.3.0 through 3.3.6, 4.0.0 through 4.0.10, 4.1.0 through 4.1.6, ...)
	NOT-FOR-US: Plone
CVE-2015-7310 (McAfee Enterprise Security Manager (ESM), Enterprise Security ...)
	NOT-FOR-US: McAfee
CVE-2015-7309 (The theme editor in Bolt before 2.2.5 does not check the file ...)
	NOT-FOR-US: Bolt CMS
CVE-2015-7314 (The Precious module in gollum before 4.0.1 allows remote attackers to ...)
	NOT-FOR-US: Gollum wiki
CVE-2015-7308
	RESERVED
CVE-2015-7307 (Cross-site scripting (XSS) vulnerability in the CMS Updater module ...)
	NOT-FOR-US: CMS Updater module for Drupal
CVE-2015-7306 (The CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal does not ...)
	NOT-FOR-US: CMS Updater module for Drupal
CVE-2015-7305 (The Scald module 7.x-1.x before 7.x-1.5 for Drupal does not properly ...)
	NOT-FOR-US: Scald module for Drupal
CVE-2015-7304 (Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x ...)
	NOT-FOR-US: amoCRM module for Drupal
CVE-2015-7303 (Use-after-free vulnerability in the Update Manager service in Avira ...)
	NOT-FOR-US: Avira
CVE-2015-7302
	RESERVED
CVE-2015-7301
	RESERVED
CVE-2015-7300
	RESERVED
CVE-2015-7299 (SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 ...)
	NOT-FOR-US: K2
CVE-2015-7298 (ownCloud Desktop Client before 2.0.1, when compiled with a Qt release ...)
	- owncloud-client 2.0.0+dfsg-1
	[jessie] - owncloud-client <not-affected> (not compiled with a Qt release greater than 5.3.x)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-016
CVE-2015-7297 (SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2015-XXXX [Privilege escalation via core-gui]
	- core-network <removed> (bug #799756)
	NOTE: http://pf.itd.nrl.navy.mil/pipermail/core-users/2015-August/001837.html
CVE-2015-7313 (LibTIFF allows remote attackers to cause a denial of service (memory ...)
	- tiff 4.0.7-1 (bug #800124)
	[jessie] - tiff <ignored> (Minor issue)
	[wheezy] - tiff <no-dsa> (Minor issue)
	[squeeze] - tiff <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
	- tiff3 <removed>
	[wheezy] - tiff3 <not-affected> (Can't reproduce the issue, file is rejected with "Integer overflow in TIFFVStripSize" and "cannot handle zero strip size.")
	NOTE: Test file here: https://marc.info/?l=oss-security&m=144284777006804&q=p6
	NOTE: Reproduce with "ltrace -e realloc tiffdither /tmp/oom.tif /dev/null"
	NOTE: at the end you see "libtiff.so.5->realloc(0, 1636178024)"
CVE-2015-7311 (libxl in Xen 4.1.x through 4.6.x does not properly handle the readonly ...)
	{DSA-3414-1}
	- xen 4.8.0~rc3-1 (bug #823620)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <not-affected> (Only affects 4.1 and later)
	NOTE: http://xenbits.xen.org/xsa/advisory-142.html
CVE-2015-7296 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
	NOT-FOR-US: Securifi Almond devices
CVE-2015-7294 (ldapauth-fork before 2.3.3 allows remote attackers to perform LDAP ...)
	NOT-FOR-US: NodeJS ldapauth
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/4
	NOTE: https://github.com/vesse/node-ldapauth-fork/issues/21
	NOTE: https://github.com/vesse/node-ldapauth-fork/commit/3feea43e243698bcaeffa904a7324f4d96df60e4
	NOTE: https://nodesecurity.io/advisories/19
CVE-2015-7293 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zope ...)
	NOT-FOR-US: Zope Management Interface
CVE-2015-7292 (Stack-based buffer overflow in the havok_write function in ...)
	NOT-FOR-US: Amazon Fire OS
CVE-2015-7291 (Cross-site request forgery (CSRF) vulnerability in adv_pwd_cgi in the ...)
	NOT-FOR-US: Arris
CVE-2015-7290 (Cross-site scripting (XSS) vulnerability in adv_pwd_cgi in the web ...)
	NOT-FOR-US: Arris
CVE-2015-7289 (Arris DG860A, TG862A, and TG862G devices with firmware ...)
	NOT-FOR-US: Arris
CVE-2015-7288 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7287 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 use ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7286 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 rely ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7285 (CSL DualCom GPRS CS2300-R devices with firmware 1.25 through 3.53 do ...)
	NOT-FOR-US: CSL DualCom
CVE-2015-7284 (Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N ...)
	NOT-FOR-US: ZyXEL
CVE-2015-7283 (The web administration interface on ZyXEL NBG-418N devices with ...)
	NOT-FOR-US: ZyXEL
CVE-2015-7282 (ReadyNet WRT300N-DD devices with firmware 1.0.26 use the same source ...)
	NOT-FOR-US: ReadyNet
CVE-2015-7281 (Cross-site request forgery (CSRF) vulnerability on ReadyNet WRT300N-DD ...)
	NOT-FOR-US: ReadyNet
CVE-2015-7280 (The web administration interface on ReadyNet WRT300N-DD devices with ...)
	NOT-FOR-US: ReadyNet
CVE-2015-7279 (Amped Wireless R10000 devices with firmware 2.5.2.11 use an improper ...)
	NOT-FOR-US: Amped Wireless
CVE-2015-7278 (Cross-site request forgery (CSRF) vulnerability on Amped Wireless ...)
	NOT-FOR-US: Amped Wireless
CVE-2015-7277 (The web administration interface on Amped Wireless R10000 devices with ...)
	NOT-FOR-US: Amped Wireless
CVE-2015-7276
	RESERVED
CVE-2015-7275 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.85 and 7/8 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7274 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 allows ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7273 (Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7272 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7271 (Dell Integrated Remote Access Controller (iDRAC) 7/8 before 2.21.21.21 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7270 (Dell Integrated Remote Access Controller (iDRAC) 6 before 2.80 and 7/8 ...)
	NOT-FOR-US: Dell iDRAC
CVE-2015-7269 (Seagate ST500LT015 hard disk drives, when operating in eDrive mode on ...)
	NOT-FOR-US: Seagate ST500LT015 hard disk drives
CVE-2015-7268 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 ...)
	NOT-FOR-US: Samsung
CVE-2015-7267 (Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 ...)
	NOT-FOR-US: Samsung
CVE-2015-7266
	RESERVED
CVE-2015-7265 (Facebook Proxygen before 2015-11-09 mismanages HTTPMessage.request ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2015-7264 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 truncates a ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2015-7263 (The SPDY/2 codec in Facebook Proxygen before 2015-11-09 allows remote ...)
	NOT-FOR-US: Facebook Proxygen
CVE-2015-7262 (QNAP iArtist Lite before 1.4.54, as distributed with QNAP Signage ...)
	NOT-FOR-US: QNAP
CVE-2015-7261 (The FTP service in QNAP iArtist Lite before 1.4.54, as distributed ...)
	NOT-FOR-US: QNAP
CVE-2015-7260 (Liebert MultiLink Automated Shutdown v4.2.4 allows local users to gain ...)
	NOT-FOR-US: Liebert MultiLink Automated Shutdown
CVE-2015-7259 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
	NOT-FOR-US: ZTE modems
CVE-2015-7258 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
	NOT-FOR-US: ZTE modems
CVE-2015-7257 (ZTE ADSL ZXV10 W300 modems W300V2.1.0f_ER7_PE_O57 and ...)
	NOT-FOR-US: ZTE modems
CVE-2015-7256 (ZyXEL NWA1100-N, NWA1100-NH, NWA1121-NI, NWA1123-AC, and NWA1123-NI ...)
	NOT-FOR-US: ZyXEL
CVE-2015-7255 (ZTE OX-330P, ZXHN H108N, W300V1.0.0S_ZRD_TR1_D68, HG110, ...)
	NOT-FOR-US: ZTE
CVE-2015-7254 (Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s ...)
	NOT-FOR-US: Huawei
CVE-2015-7253 (The Web Console in Commvault Edge Server 10 R2 allows remote attackers ...)
	NOT-FOR-US: Commvault Edge Server
CVE-2015-7252 (Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ...)
	NOT-FOR-US: ZTE router
CVE-2015-7251 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE have a ...)
	NOT-FOR-US: ZTE router
CVE-2015-7250 (Absolute path traversal vulnerability in cgi-bin/webproc on ZTE ZXHN ...)
	NOT-FOR-US: ZTE router
CVE-2015-7249 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow ...)
	NOT-FOR-US: ZTE router
CVE-2015-7248 (ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allow ...)
	NOT-FOR-US: ZTE router
CVE-2015-7247 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or ...)
	NOT-FOR-US: D-Link
CVE-2015-7246 (D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or ...)
	NOT-FOR-US: D-Link
CVE-2015-7245 (Directory traversal vulnerability in D-Link DVG-N5402SP with firmware ...)
	NOT-FOR-US: D-Link
CVE-2015-7244 (The default configuration of the server in MobaXterm before 8.3 has a ...)
	NOT-FOR-US: MobaXterm
CVE-2015-7243 (Buffer overflow in Boxoft WAV to MP3 Converter allows remote attackers ...)
	NOT-FOR-US: Boxoft
CVE-2015-7242 (Cross-site scripting (XSS) vulnerability in the Push-Service-Mails ...)
	NOT-FOR-US: AVM
CVE-2015-7241 (XML External Entity (XXE) vulnerability in SAP Netweaver before 7.01. ...)
	NOT-FOR-US: SAP Netweaver
CVE-2015-7240
	RESERVED
CVE-2015-7239 (SQL injection vulnerability in the BP_FIND_JOBS_WITH_PROGRAM function ...)
	NOT-FOR-US: J2EE
CVE-2015-7238 (The Secondary server in Threat Intelligence Exchange (TIE) before ...)
	NOT-FOR-US: TIE
CVE-2015-7237 (Directory traversal vulnerability in the remote log viewing ...)
	NOT-FOR-US: McAfee
CVE-2015-7235 (Multiple SQL injection vulnerabilities in dex_reservations.php in the ...)
	NOT-FOR-US: CP Reservation Calendar plugin for WordPress
CVE-2015-7234 (The OSF module 7.x-3.x before 7.x-3.1 for Drupal, when the OSF ...)
	NOT-FOR-US: OSF module for Drupal
CVE-2015-7233 (Cross-site request forgery (CSRF) vulnerability in the OSF module ...)
	NOT-FOR-US: OSF module for Drupal
CVE-2015-7232 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: OSF module for Drupal
CVE-2015-7231 (The Commerce Commonwealth (CBA) module 7.x-1.x before 7.x-1.5 for ...)
	NOT-FOR-US: The Commerce Commonwealth module for Drupal
CVE-2015-7230 (The Workbench Email module 7.x-3.x before 7.x-3.4 for Drupal allows ...)
	NOT-FOR-US: Workbench Email module for Drupal
CVE-2015-7229 (The Twitter module 6.x-5.x before 6.x-5.2, 7.x-5.x before 7.x-5.9, and ...)
	NOT-FOR-US: Twitter module for Drupal
CVE-2015-7228 (The RESTful module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
	NOT-FOR-US: RESTful module for Drupal
CVE-2015-7227 (The Fieldable Panels Panes module 7.x-1.x before 7.x-1.7 for Drupal ...)
	NOT-FOR-US: Fieldable Panels Panes module for Drupal
CVE-2015-7226 (The Administration Views module 7.x-1.x before 7.x-1.5 for Drupal ...)
	NOT-FOR-US: Administration Views module for Drupal
CVE-2015-7224 (puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass ...)
	- puppet-module-puppetlabs-mysql 3.6.1-1
	[jessie] - puppet-module-puppetlabs-mysql <not-affected> (Vulnerable code not present)
CVE-2015-7295 (hw/virtio/virtio.c in the Virtual Network Device (virtio-net) support ...)
	{DSA-3471-1 DSA-3470-1 DSA-3469-1}
	- qemu 1:2.4+dfsg-4 (bug #799452)
	[jessie] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
	[wheezy] - qemu <no-dsa> (Minor issue; can be fixed along in a later DSA)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm <no-dsa> (Minor issue; can be fixed along in a later DSA)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/18/5
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04729.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04730.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg04731.html
CVE-2015-7223 (The WebExtension APIs in Mozilla Firefox before 43.0 allow remote ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-148/
CVE-2015-7222 (Integer underflow in the Metadata::setData function in MetaData.cpp in ...)
	{DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/
	NOTE: Probably specific to Android
CVE-2015-7221 (Buffer overflow in the nsDeque::GrowCapacity function in ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
CVE-2015-7220 (Buffer overflow in the XDRBuffer::grow function in js/src/vm/Xdr.cpp ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
CVE-2015-7219 (The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
CVE-2015-7218 (The HTTP/2 implementation in Mozilla Firefox before 43.0 allows remote ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-142/
CVE-2015-7217 (The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux ...)
	- iceweasel <not-affected> (Iceweasel in Debian uses the system copy of gdk-pixbuf)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
CVE-2015-7216 (The gdk-pixbuf configuration in Mozilla Firefox before 43.0 on Linux ...)
	- iceweasel <not-affected> (Iceweasel in Debian uses the system copy of gdk-pixbuf)
	NOTE: Disabled in src:gdk-pixbuf in 2.31.7-1
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-143/
CVE-2015-7215 (The importScripts function in the Web Workers API implementation in ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-140/
CVE-2015-7214 (Mozilla Firefox before 43.0 and Firefox ESR 38.x before 38.5 allow ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-149/
CVE-2015-7213 (Integer overflow in the MPEG4Extractor::readMetaData function in ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-146/
CVE-2015-7212 (Integer overflow in the ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-139/
CVE-2015-7211 (Mozilla Firefox before 43.0 mishandles the # (number sign) character ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-141/
CVE-2015-7210 (Use-after-free vulnerability in Mozilla Firefox before 43.0 and ...)
	{DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-138/
CVE-2015-7209
	REJECTED
CVE-2015-7208 (Mozilla Firefox before 43.0 stores cookies containing vertical tab ...)
	- iceweasel 44.0-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 43.x)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 43.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2016-04/
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-137/
CVE-2015-7207 (Mozilla Firefox before 43.0 does not properly restrict the ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-136/
CVE-2015-7206
	REJECTED
CVE-2015-7205 (Integer underflow in the RTPReceiverVideo::ParseRtpPacket function in ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-145/
CVE-2015-7204 (Mozilla Firefox before 43.0 does not properly store the properties of ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-135/
CVE-2015-7203 (Buffer overflow in the DirectWriteFontInfo::LoadFontFamilyData ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-144/
CVE-2015-7202 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
CVE-2015-7201 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3432-1 DSA-3422-1}
	- iceweasel 38.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-134/
CVE-2015-7200 (The CryptoKey interface implementation in Mozilla Firefox before 42.0 ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7199 (The (1) AddWeightedPathSegLists and (2) ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7198 (Buffer overflow in the rx::TextureStorage11 class in ANGLE, as used in ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-131/
CVE-2015-7197 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-132/
CVE-2015-7196 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4, when a ...)
	{DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-130/
CVE-2015-7195 (The URL parsing implementation in Mozilla Firefox before 42.0 ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-129/
CVE-2015-7194 (Buffer underflow in libjar in Mozilla Firefox before 42.0 and Firefox ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-128/
CVE-2015-7193 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-127/
CVE-2015-7192 (The accessibility-tools feature in Mozilla Firefox before 42.0 on OS X ...)
	- iceweasel <not-affected> (Only affects Firefox on MacOS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-126/
CVE-2015-7191 (Mozilla Firefox before 42.0 on Android improperly restricts URL ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-125/
CVE-2015-7190 (The Search feature in Mozilla Firefox before 42.0 on Android through ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-124/
CVE-2015-7189 (Race condition in the JPEGEncoder function in Mozilla Firefox before ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-123/
CVE-2015-7188 (Mozilla Firefox before 42.0 and Firefox ESR 38.x before 38.4 allow ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-122/
CVE-2015-7187 (The Add-on SDK in Mozilla Firefox before 42.0 misinterprets a &quot;script: ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-121/
CVE-2015-7186 (Mozilla Firefox before 42.0 on Android allows user-assisted remote ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-120/
CVE-2015-7185 (Mozilla Firefox before 42.0 on Android does not ensure that the ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-119/
CVE-2015-7184 (The fetch API implementation in Mozilla Firefox before 41.0.2 does not ...)
	- iceweasel <not-affected> (Affects only Firefox later than 38)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/
CVE-2015-7183 (Integer overflow in the PL_ARENA_ALLOCATE implementation in Netscape ...)
	{DSA-3406-1 DSA-3393-1 DLA-344-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- nspr 2:4.10.10-1
	- icedove 31.7.0-1~deb8u1
	[squeeze] - icedove <end-of-life>
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
	- virtualbox 5.0.10-dfsg-1
	[jessie] - virtualbox 4.3.36-dfsg-1+deb8u1
	[wheezy] - virtualbox <no-dsa> (Minor issue, will be fixed when included in next CPU)
	NOTE: VirtualBox fixed: 4.0.36, 4.1.44, 4.2.36, 4.3.34,  5.0.10
	NOTE: http://hg.mozilla.org/projects/nspr/rev/c9c965b2b19c
	NOTE: http://hg.mozilla.org/projects/nspr/rev/bd8fb4498fa6
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
	NOTE: Icedove, virtualbox(-ose)? have embedded copies of nspr.
	NOTE: Fixes impact macros PL_ARENA_ALLOCATE and PL_ARENA_GROW, other packages need to be recompiled:
	NOTE: jss (on wheezy/jessie) according to codesearch.debian.net
CVE-2015-7182 (Heap-based buffer overflow in the ASN.1 decoder in Mozilla Network ...)
	{DSA-3688-1 DSA-3410-1 DSA-3393-1 DLA-480-1 DLA-354-1}
	- nss 2:3.20.1-1
	NOTE: http://hg.mozilla.org/projects/nss/rev/4dc247276e58
	NOTE: http://hg.mozilla.org/projects/nss/rev/534aca7a5bca
	NOTE: http://hg.mozilla.org/projects/nss/rev/b4feb2cb0ed6
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
	NOTE: Patch for wheezy/jessie: https://lists.debian.org/debian-lts/2015/11/msg00098.html
CVE-2015-7181 (The sec_asn1d_parse_leaf function in Mozilla Network Security Services ...)
	{DSA-3688-1 DSA-3410-1 DSA-3393-1 DLA-480-1 DLA-354-1}
	- nss 2:3.20.1-1
	NOTE: http://hg.mozilla.org/projects/nss/rev/8ac7f47eecbb
	NOTE: http://hg.mozilla.org/projects/nss/rev/25cb033147fd
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-133/
	NOTE: Patch for wheezy/jessie: https://lists.debian.org/debian-lts/2015/11/msg00098.html
CVE-2015-7180 (The ReadbackResultWriterD3D11::Run function in Mozilla Firefox before ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7179 (The VertexBufferInterface::reserveVertexSpace function in libGLES in ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
CVE-2015-7178 (The ProgramBinary::linkAttributes function in libGLES in ANGLE, as ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-113/
CVE-2015-7177 (The InitTextures function in Mozilla Firefox before 41.0 and Firefox ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7176 (The AnimationThread function in Mozilla Firefox before 41.0 and ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7175 (The XULContentSinkImpl::AddText function in Mozilla Firefox before ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7174 (The nsAttrAndChildArray::GrowBy function in Mozilla Firefox before ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-7173
	REJECTED
CVE-2015-7172
	REJECTED
CVE-2015-7171
	REJECTED
CVE-2015-7170
	REJECTED
CVE-2015-7169
	REJECTED
CVE-2015-7168
	REJECTED
CVE-2015-7167
	REJECTED
CVE-2015-7166
	REJECTED
CVE-2015-7165
	REJECTED
CVE-2015-7164
	REJECTED
CVE-2015-7163
	REJECTED
CVE-2015-7162
	REJECTED
CVE-2015-7161
	REJECTED
CVE-2015-7160
	REJECTED
CVE-2015-7159
	REJECTED
CVE-2015-7158
	REJECTED
CVE-2015-7157
	REJECTED
CVE-2015-7156
	REJECTED
CVE-2015-7155
	REJECTED
CVE-2015-7154
	REJECTED
CVE-2015-7153
	REJECTED
CVE-2015-7152
	REJECTED
CVE-2015-7151
	REJECTED
CVE-2015-7150
	REJECTED
CVE-2015-7149
	REJECTED
CVE-2015-7148
	REJECTED
CVE-2015-7147
	REJECTED
CVE-2015-7146
	REJECTED
CVE-2015-7145
	REJECTED
CVE-2015-7144
	REJECTED
CVE-2015-7143
	REJECTED
CVE-2015-7142
	REJECTED
CVE-2015-7141
	REJECTED
CVE-2015-7140
	REJECTED
CVE-2015-7139
	REJECTED
CVE-2015-7138
	REJECTED
CVE-2015-7137
	REJECTED
CVE-2015-7136
	REJECTED
CVE-2015-7135
	REJECTED
CVE-2015-7134
	REJECTED
CVE-2015-7133
	REJECTED
CVE-2015-7132
	REJECTED
CVE-2015-7131
	REJECTED
CVE-2015-7130
	REJECTED
CVE-2015-7129
	REJECTED
CVE-2015-7128
	REJECTED
CVE-2015-7127
	REJECTED
CVE-2015-7126
	REJECTED
CVE-2015-7125
	REJECTED
CVE-2015-7124
	REJECTED
CVE-2015-7123
	REJECTED
CVE-2015-7122
	REJECTED
CVE-2015-7121
	REJECTED
CVE-2015-7120
	REJECTED
CVE-2015-7119
	REJECTED
CVE-2015-7118
	RESERVED
CVE-2015-7117 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7116 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2015-7115 (libxml2 in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
	NOT-FOR-US: Possibly Apple-specific CVE ID for libxml2
CVE-2015-7114
	REJECTED
CVE-2015-7113 (The LaunchServices component in Apple iOS before 9.2 and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-7112 (The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS ...)
	NOT-FOR-US: Apple
CVE-2015-7111 (The IOHIDFamily API in Apple iOS before 9.2, OS X before 10.11.2, tvOS ...)
	NOT-FOR-US: Apple
CVE-2015-7110 (The Disk Images component in Apple OS X before 10.11.2 and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7109 (IOAcceleratorFamily in Apple OS X before 10.11.2 and tvOS before 9.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7108 (The Bluetooth HCI interface in Apple OS X before 10.11.2 allows local ...)
	NOT-FOR-US: Apple
CVE-2015-7107 (QuickLook in Apple iOS before 9.2 and OS X before 10.11.2 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7106 (The Intel Graphics Driver component in Apple OS X before 10.11.2 ...)
	NOT-FOR-US: Apple
CVE-2015-7105 (CoreGraphics in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7104 (WebKit in Apple Safari before 9.0.2 and tvOS before 9.1 allows remote ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-7103 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7102 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7101 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7100 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7099 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7098 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	- webkit2gtk 2.10.5-1 (unimportant)
CVE-2015-7097 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7096 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	- webkit2gtk 2.10.5-1 (unimportant)
CVE-2015-7095 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7094 (CFNetwork HTTPProtocol in Apple iOS before 9.2 and OS X before 10.11.2 ...)
	NOT-FOR-US: Apple
CVE-2015-7093 (Safari in Apple iOS before 9.2 allows remote attackers to spoof a URL ...)
	NOT-FOR-US: Apple
CVE-2015-7092 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7091 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7090 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7089 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7088 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7087 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7086 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7085 (Apple QuickTime before 7.7.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-7084 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7083 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7082 (Multiple unspecified vulnerabilities in Git before 2.5.4, as used in ...)
	NOT-FOR-US: Apple-specific git extension for Xcode
CVE-2015-7081 (iBooks in Apple iOS before 9.2 and OS X before 10.11.2 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-7080 (Siri in Apple iOS before 9.2 allows physically proximate attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-7079 (dyld in Apple iOS before 9.2 and tvOS before 9.1 mishandles segment ...)
	NOT-FOR-US: Apple
CVE-2015-7078 (Use-after-free vulnerability in Hypervisor in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-7077 (The Intel Graphics Driver component in Apple OS X before 10.11.2 ...)
	NOT-FOR-US: Apple
CVE-2015-7076 (The Intel Graphics Driver component in Apple OS X before 10.11.2 ...)
	NOT-FOR-US: Apple
CVE-2015-7075 (CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, tvOS ...)
	NOT-FOR-US: Apple
CVE-2015-7074 (CoreMedia Playback in Apple iOS before 9.2, OS X before 10.11.2, and ...)
	NOT-FOR-US: Apple
CVE-2015-7073 (Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7072 (dyld in Apple iOS before 9.2, tvOS before 9.1, and watchOS before 2.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7071 (The File Bookmark component in Apple OS X before 10.11.2 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7070 (Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7069 (Mobile Replayer in GPUTools Framework in Apple iOS before 9.2 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7068 (IOKit SCSI in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7067 (IOThunderboltFamily in Apple OS X before 10.11.2 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2015-7066 (OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, ...)
	NOT-FOR-US: Apple
CVE-2015-7065 (OpenGL in Apple iOS before 9.2, OS X before 10.11.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7064 (OpenGL in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, ...)
	NOT-FOR-US: Apple
CVE-2015-7063 (The kernel loader in EFI in Apple OS X before 10.11.2 allows local ...)
	NOT-FOR-US: Apple
CVE-2015-7062 (Apple OS X before 10.11.2 and tvOS before 9.1 allow local users to ...)
	NOT-FOR-US: Apple
CVE-2015-7061 (The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7060 (The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7059 (The ASN.1 decoder in Apple OS X before 10.11.2, tvOS before 9.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7058 (Apple iOS before 9.2, OS X before 10.11.2, and tvOS before 9.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7057 (otools in Apple Xcode before 7.2 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-7056 (IDE SCM in Apple Xcode before 7.2 does not recognize .gitignore files, ...)
	NOT-FOR-US: Apple
CVE-2015-7055 (AppleMobileFileIntegrity in Apple iOS before 9.2 and tvOS before 9.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7054 (zlib in the Compression component in Apple iOS before 9.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-7053 (ImageIO in Apple iOS before 9.2, OS X before 10.11.2, tvOS before 9.1, ...)
	NOT-FOR-US: Apple
CVE-2015-7052 (kext tools in Apple OS X before 10.11.2 mishandles kernel-extension ...)
	NOT-FOR-US: Apple
CVE-2015-7051 (MobileStorageMounter in Apple iOS before 9.2 and tvOS before 9.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7050 (WebKit in Apple iOS before 9.2 and Safari before 9.0.2 misparses ...)
	NOT-FOR-US: Apple
CVE-2015-7049 (otools in Apple Xcode before 7.2 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-7048 (WebKit in Apple iOS before 9.2, Safari before 9.0.2, and tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7047 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7046 (The Sandbox feature in xnu in Apple iOS before 9.2, OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-7045 (Keychain Access in Apple OS X before 10.11.2 and tvOS before 9.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7044 (The System Integrity Protection feature in Apple OS X before 10.11.2 ...)
	NOT-FOR-US: Apple
CVE-2015-7043 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7042 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7041 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7040 (The kernel in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7039 (Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, ...)
	NOT-FOR-US: Apple
CVE-2015-7038 (Buffer overflow in libc in Apple iOS before 9.2, OS X before 10.11.2, ...)
	NOT-FOR-US: Apple
CVE-2015-7037 (Directory traversal vulnerability in Mobile Backup in Photos in Apple ...)
	NOT-FOR-US: Apple
CVE-2015-7036 (The fts3_tokenizer function in SQLite, as used in Apple iOS before 8.4 ...)
	NOT-FOR-US: Apple
CVE-2015-7035 (Apple Mac EFI before 2015-002, as used in OS X before 10.11.1 and ...)
	NOT-FOR-US: Apple
CVE-2015-7034 (The Apple iWork application before 2.6 for iOS and Apple Pages before ...)
	NOT-FOR-US: Apple
CVE-2015-7033 (The Apple iWork application before 2.6 for iOS, Apple Keynote before ...)
	NOT-FOR-US: Apple
CVE-2015-7032 (The Apple iWork application before 2.6 for iOS, Apple Keynote before ...)
	NOT-FOR-US: Apple
CVE-2015-7031 (The Web Service component in Apple OS X Server before 5.0.15 omits an ...)
	NOT-FOR-US: Apple
CVE-2015-7030 (The Swift implementation in Apple Xcode before 7.1 mishandles type ...)
	NOT-FOR-US: Apple
CVE-2015-7029 (Apple AirPort Base Station Firmware before 7.6.7 and 7.7.x before ...)
	NOT-FOR-US: Apple
CVE-2015-7028
	REJECTED
CVE-2015-7027
	REJECTED
CVE-2015-7026
	REJECTED
CVE-2015-7025
	REJECTED
CVE-2015-7024 (Untrusted search path vulnerability in Apple OS X before 10.11.1 ...)
	NOT-FOR-US: Apple
CVE-2015-7023 (CFNetwork in Apple iOS before 9.1 and OS X before 10.11.1 does not ...)
	NOT-FOR-US: Apple
CVE-2015-7022 (The Telephony subsystem in Apple iOS before 9.1 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-7021 (The Graphics Drivers subsystem in Apple OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7020 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2015-7019 (The NVIDIA driver in the Graphics Drivers subsystem in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2015-7018 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7017 (CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes ...)
	NOT-FOR-US: Apple
CVE-2015-7016 (The MCX Application Restrictions component in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-7015 (Heap-based buffer overflow in the DNS client library in configd in ...)
	NOT-FOR-US: Apple
CVE-2015-7014 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7013 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-7012 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7011 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-7010 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7009 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7008 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-7007 (Script Editor in Apple OS X before 10.11.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-7006 (Directory traversal vulnerability in the BOM (aka Bill of Materials) ...)
	NOT-FOR-US: Apple
CVE-2015-7005 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-7004 (The kernel in Apple iOS before 9.1 allows attackers to cause a denial ...)
	NOT-FOR-US: Apple
CVE-2015-7003 (coreaudiod in Audio in Apple OS X before 10.11.1 does not initialize ...)
	NOT-FOR-US: Apple
CVE-2015-7002 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-7001 (AppSandbox in Apple iOS before 9.2, OS X before 10.11.2, tvOS before ...)
	NOT-FOR-US: Apple
CVE-2015-7000 (Notification Center in Apple iOS before 9.1 mishandles changes to ...)
	NOT-FOR-US: Apple
CVE-2015-6999 (The OCSP client in Apple iOS before 9.1 does not check for certificate ...)
	NOT-FOR-US: Apple
CVE-2015-6998
	REJECTED
CVE-2015-6997 (The X.509 certificate-trust implementation in Apple iOS before 9.1 ...)
	NOT-FOR-US: Apple
CVE-2015-6996 (IOAcceleratorFamily in Apple iOS before 9.1, OS X before 10.11.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-6995 (The Disk Images component in Apple iOS before 9.1 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-6994 (The kernel in Apple iOS before 9.1 and OS X before 10.11.1 mishandles ...)
	NOT-FOR-US: Apple
CVE-2015-6993 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-6992 (CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes ...)
	NOT-FOR-US: Apple
CVE-2015-6991 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-6990 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-6989 (Grand Central Dispatch in Apple iOS before 9.1, OS X before 10.11.1, ...)
	NOT-FOR-US: Apple
CVE-2015-6988 (The kernel in Apple iOS before 9.1 and OS X before 10.11.1 does not ...)
	NOT-FOR-US: Apple
CVE-2015-6987 (The File Bookmark component in Apple OS X before 10.11.1 allows local ...)
	NOT-FOR-US: Apple
CVE-2015-6986 (com.apple.driver.AppleVXD393 in the Graphics Driver subsystem in Apple ...)
	NOT-FOR-US: Apple
CVE-2015-6985 (Apple Type Services (ATS) in Apple OS X before 10.11.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-6984 (libarchive in Apple OS X before 10.11.1 allows attackers to write to ...)
	NOT-FOR-US: Apple
CVE-2015-6983 (Double free vulnerability in Apple iOS before 9.1 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-6982 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-6981 (WebKit, as used in Apple iOS before 9.1, allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-6980 (Directory Utility in Apple OS X before 10.11.1 mishandles ...)
	NOT-FOR-US: Apple
CVE-2015-6979 (GasGauge in Apple iOS before 9.1 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Apple
CVE-2015-6978 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-6977 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-6976 (FontParser in Apple iOS before 9.1 and OS X before 10.11.1 allows ...)
	NOT-FOR-US: Apple
CVE-2015-6975 (CoreText in Apple iOS before 9.1, OS X before 10.11.1, and iTunes ...)
	NOT-FOR-US: Apple
CVE-2015-6974 (IOHIDFamily in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-6973 (Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite ...)
	NOT-FOR-US: Openfire
CVE-2015-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
	NOT-FOR-US: Openfire
CVE-2015-6971 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
	NOT-FOR-US: Lenovo
CVE-2015-6970
	RESERVED
CVE-2015-6969 (Cross-site scripting (XSS) vulnerability in js/2k11.min.js in the 2k11 ...)
	- serendipity <removed>
CVE-2015-6968 (Multiple incomplete blacklist vulnerabilities in the ...)
	- serendipity <removed>
CVE-2015-6967 (Unrestricted file upload vulnerability in the My Image plugin in ...)
	NOT-FOR-US: Nibbleblog
CVE-2015-6966 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Nibbleblog
CVE-2015-6965 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Contact Form Generator plugin for WordPress
CVE-2015-6964
	RESERVED
CVE-2015-6963
	REJECTED
CVE-2015-6962 (SQL injection vulnerability in the web application in Farol allows ...)
	NOT-FOR-US: Farol
CVE-2015-7236 (Use-after-free vulnerability in xprt_set_caller in rpcb_svc_com.c in ...)
	{DSA-3366-1 DLA-311-1}
	- rpcbind 0.2.1-6.1 (bug #799307)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=946204
	NOTE: http://www.spinics.net/lists/linux-nfs/msg53045.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/17/1
CVE-2015-6961 (Open redirect vulnerability in gluon/tools.py in Web2py 2.9.11 allows ...)
	- web2py 2.12.3-1
	[jessie] - web2py <ignored> (Minor issue)
	[wheezy] - web2py <no-dsa> (Minor issue)
	NOTE: Fixed by: https://github.com/web2py/web2py/commit/e31a099cb3456fef471886339653430ae59056b0 (R-2.12.1)
	NOTE: https://github.com/web2py/web2py/issues/731
CVE-2015-6960
	RESERVED
CVE-2015-6959 (Cross-site scripting (XSS) vulnerability in Vindula 1.9. ...)
	NOT-FOR-US: Vindula
CVE-2015-6958
	RESERVED
CVE-2015-6957
	RESERVED
CVE-2015-6956
	RESERVED
CVE-2015-6955
	RESERVED
CVE-2015-6954
	RESERVED
CVE-2015-6953
	RESERVED
CVE-2015-6952
	RESERVED
CVE-2015-6951
	RESERVED
CVE-2015-6950
	RESERVED
CVE-2015-6949 (Stack-based buffer overflow in the ASUS TM-AC1900 router allows remote ...)
	NOT-FOR-US: ASUS TM-AC1900 router
CVE-2015-6948 (Heap-based buffer overflow in the Microsoft Word document conversion ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2015-6947
	REJECTED
CVE-2015-6946 (Multiple stack-based buffer overflows in the Reprise License Manager ...)
	NOT-FOR-US: Borland AccuRev
CVE-2015-6945 (Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador ...)
	NOT-FOR-US: JSP/MySQL Administrador Web 1
CVE-2015-6944 (Cross-site request forgery (CSRF) vulnerability in JSP/MySQL ...)
	NOT-FOR-US: JSP/MySQL Administrador Web 1
CVE-2015-6943 (SQL injection vulnerability in the serendipity_checkCommentToken ...)
	- serendipity <removed>
CVE-2015-6942 (Cross-site scripting (XSS) vulnerability in Coremail XT3.0 allows ...)
	NOT-FOR-US: Coremail
CVE-2015-6941 (win_useradd, salt-cloud and the Linode driver in salt 2015.5.x before ...)
	- salt 2015.8.1+ds-1
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://docs.saltstack.com/en/latest/topics/releases/2015.8.1.html
	NOTE: https://github.com/twangboy/salt/commit/c0689e32154c41f59840ae10ffc5fbfa30618710
CVE-2015-6940 (The GetResource servlet in Pentaho Business Analytics (BA) Suite ...)
	NOT-FOR-US: Pentaho
CVE-2015-7989 (Cross-site scripting (XSS) vulnerability in the user list table in ...)
	{DSA-3383-1 DSA-3375-1 DLA-321-1}
	- wordpress 4.3.1+dfsg-1 (bug #799140)
	NOTE: https://github.com/WordPress/WordPress/commit/f91a5fd10ea7245e5b41e288624819a37adf290a
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/26/7
CVE-2015-7337 (The editor in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x ...)
	- ipython <not-affected> (Affects versions 3.0 to 3.2.1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/16/3
CVE-2015-7940 (The Bouncy Castle Java library before 1.51 does not validate a point ...)
	{DSA-3417-1 DLA-361-1}
	- bouncycastle 1.51-1 (bug #802671)
	NOTE: https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html
	NOTE: Commits: https://github.com/bcgit/bc-java/commit/5cb2f05
	NOTE: Possibly needed to include as well: https://github.com/bcgit/bc-java/commit/e25e94a
	NOTE: Peter Dettman <peter.dettman@bouncycastle.org> offered to assist if backporting fails and to review the result.
CVE-2015-6939 (Cross-site scripting (XSS) vulnerability in the login module in ...)
	NOT-FOR-US: Joomla
CVE-2015-6936
	RESERVED
CVE-2015-6935
	REJECTED
CVE-2015-6934 (Serialized-object interfaces in VMware vRealize Orchestrator 6.x, ...)
	NOT-FOR-US: VMware
CVE-2015-6933 (The VMware Tools HGFS (aka Shared Folders) implementation in VMware ...)
	NOT-FOR-US: VMware
CVE-2015-6932 (VMware vCenter Server 5.5 before u3 and 6.0 before u1 does not verify ...)
	NOT-FOR-US: VMware
CVE-2015-6931 (Cross-site scripting (XSS) vulnerability in the vSphere Web Client in ...)
	NOT-FOR-US: VMware
CVE-2015-8871 (Use-after-free vulnerability in the opj_j2k_write_mco function in ...)
	{DSA-3665-1}
	- openjpeg2 2.1.1-1 (bug #800149)
	- openjpeg <not-affected> (Vulnerable code not present; opj_j2k_write_mco function)
	NOTE: https://github.com/uclouvain/openjpeg/commit/940100c28ae28931722290794889cf84a92c5f6f
	NOTE: https://github.com/uclouvain/openjpeg/issues/563
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1263359
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/15/4
CVE-2015-6930
	RESERVED
CVE-2015-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia Networks ...)
	NOT-FOR-US: Nokia
CVE-2015-6928 (classes/admin.class.php in CubeCart 5.2.12 through 5.2.16 and 6.x ...)
	NOT-FOR-US: CubeCart
CVE-2015-6926 (The OpenID Single Sign-On authentication functionality in OXID eShop ...)
	NOT-FOR-US: OXID eShop
CVE-2015-6925 (wolfSSL (formerly CyaSSL) before 3.6.8 allows remote attackers to ...)
	- wolfssl 3.9.10+dfsg-1 (bug #801120)
CVE-2015-6924
	RESERVED
CVE-2015-6923 (The ndvbs module in VBox Communications Satellite Express Protocol ...)
	NOT-FOR-US: VBox Communications Satellite Express Protocol
CVE-2015-6922
	RESERVED
CVE-2015-6921 (Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab ...)
	NOT-FOR-US: Zendesk Feedback Tab for Drupal
CVE-2015-6920 (Cross-site scripting (XSS) vulnerability in js/window.php in the ...)
	NOT-FOR-US: sourceAFRICA plugin for WordPress
CVE-2015-6919 (Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) ...)
	NOT-FOR-US: googleSearch (CSE) component for Joomla!
CVE-2015-6918 (salt before 2015.5.5 leaks git usernames and passwords to the log. ...)
	- salt 2015.8.1+ds-1 (bug #803182)
	[jessie] - salt <no-dsa> (Minor issue)
	NOTE: https://github.com/saltstack/salt/commit/28aa9b105804ff433d8f663b2f9b804f2b75495a
	NOTE: Fix https://github.com/saltstack/salt/pull/26486 builds on
	NOTE: https://github.com/saltstack/salt/pull/26483
CVE-2015-6917
	RESERVED
CVE-2015-6916
	RESERVED
CVE-2015-6915 (SQL injection vulnerability in Montala Limited ResourceSpace 7.3.7009 ...)
	NOT-FOR-US: Montala Limited ResourceSpace
CVE-2015-6914 (Absolute path traversal vulnerability in SiteFactory CMS 5.5.9 allows ...)
	NOT-FOR-US: SiteFactory CMS
CVE-2015-6913 (Cross-site scripting (XSS) vulnerability in the &quot;Create download task ...)
	NOT-FOR-US: Synology Download Station
CVE-2015-6912 (Synology Video Station before 1.5-0763 allows remote attackers to ...)
	NOT-FOR-US: Synology Video Station
CVE-2015-6911 (SQL injection vulnerability in Synology Video Station before 1.5-0763 ...)
	NOT-FOR-US: Synology Video Station
CVE-2015-6910 (SQL injection vulnerability in Synology Video Station before 1.5-0757 ...)
	NOT-FOR-US: Synology Video Station
CVE-2015-6909 (Cross-site scripting (XSS) vulnerability in the &quot;Create download task ...)
	NOT-FOR-US: Synology Download Station
CVE-2015-6907
	RESERVED
CVE-2015-6906
	REJECTED
CVE-2015-6905
	REJECTED
CVE-2015-6904
	REJECTED
CVE-2015-6903
	REJECTED
CVE-2015-6902
	REJECTED
CVE-2015-6901
	REJECTED
CVE-2015-6900
	REJECTED
CVE-2015-6899
	REJECTED
CVE-2015-6898
	REJECTED
CVE-2015-6897
	REJECTED
CVE-2015-6896
	REJECTED
CVE-2015-6895
	REJECTED
CVE-2015-6894
	REJECTED
CVE-2015-6893
	REJECTED
CVE-2015-6892
	REJECTED
CVE-2015-6891
	REJECTED
CVE-2015-6890
	REJECTED
CVE-2015-6889
	REJECTED
CVE-2015-6888
	REJECTED
CVE-2015-6887
	REJECTED
CVE-2015-6886
	REJECTED
CVE-2015-6885
	REJECTED
CVE-2015-6884
	REJECTED
CVE-2015-6883
	REJECTED
CVE-2015-6882
	REJECTED
CVE-2015-6881
	REJECTED
CVE-2015-6880
	REJECTED
CVE-2015-6879
	REJECTED
CVE-2015-6878
	REJECTED
CVE-2015-6877
	REJECTED
CVE-2015-6876
	REJECTED
CVE-2015-6875
	REJECTED
CVE-2015-6874
	REJECTED
CVE-2015-6873
	REJECTED
CVE-2015-6872
	REJECTED
CVE-2015-6871
	REJECTED
CVE-2015-6870
	REJECTED
CVE-2015-6869
	REJECTED
CVE-2015-6868
	REJECTED
CVE-2015-6867 (The vertica-udx-zygote process in HP Vertica 7.1.1 UDx does not ...)
	NOT-FOR-US: HP Vertica
CVE-2015-6866
	REJECTED
CVE-2015-6865
	REJECTED
CVE-2015-6864 (HPE ArcSight Logger before 6.1P1 allows remote authenticated users to ...)
	NOT-FOR-US: HPE ArcSight Logger
CVE-2015-6863 (HPE ArcSight Logger before 6.1P1 allows remote attackers to execute ...)
	NOT-FOR-US: HPE ArcSight Logger
CVE-2015-6862 (HPE UCMDB Browser before 4.02 allows remote attackers to obtain ...)
	NOT-FOR-US: HPE UCMDB Browser
CVE-2015-6861 (HPE Helion Eucalyptus 3.4.0 through 4.2.0 allows remote authenticated ...)
	NOT-FOR-US: HPE Helion Eucalyptus
CVE-2015-6860 (HPE Network Switches with software 15.16.x and 15.17.x allow local ...)
	NOT-FOR-US: HPE Network Switches
CVE-2015-6859 (HPE Network Switches with software 15.16.x and 15.17.x allow local ...)
	NOT-FOR-US: HPE Network Switches
CVE-2015-6858 (HP Insight Control server provisioning before 7.5.0 RabbitMQ allows ...)
	NOT-FOR-US: HP Insight Control
CVE-2015-6857 (Unspecified vulnerability in Virtual Table Server (VTS) in HP ...)
	NOT-FOR-US: HP Performance Center
CVE-2015-6856 (Dell Pre-Boot Authentication Driver (PBADRV.sys) 1.0.1.5 allows local ...)
	NOT-FOR-US: Dell
CVE-2015-6854 (The non-Domino web agents in CA Single Sign-On (aka SSO, formerly ...)
	NOT-FOR-US: CA Single Sign-On
CVE-2015-6853 (The Domino web agent in CA Single Sign-On (aka SSO, formerly ...)
	NOT-FOR-US: CA Single Sign-On
CVE-2015-6852 (Directory traversal vulnerability in the API in EMC Secure Remote ...)
	NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-6851 (EMC RSA SecurID Web Agent before 8.0 allows physically proximate ...)
	NOT-FOR-US: RSA SecurID
CVE-2015-6850 (EMC VPLEX GeoSynchrony 5.4 SP1 before P3 and 5.5 before Patch 1 has a ...)
	NOT-FOR-US: EMC VPLEX
CVE-2015-6849 (EMC NetWorker before 8.0.4.5, 8.1.x before 8.1.3.6, 8.2.x before ...)
	NOT-FOR-US: EMC
CVE-2015-6848 (EMC Isilon OneFS 7.1.x before 7.1.1.5, 7.2.0.x before 7.2.0.3, and ...)
	NOT-FOR-US: EMC
CVE-2015-6847 (The default configuration of EMC VPLEX GeoSynchrony 5.4 SP1 before P3 ...)
	NOT-FOR-US: EMC VPLEX
CVE-2015-6846 (EMC SourceOne Email Supervisor before 7.2 uses hardcoded encryption ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6845 (EMC SourceOne Email Supervisor before 7.2 does not properly employ ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6844 (Cross-site scripting (XSS) vulnerability in Reviewer in EMC SourceOne ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6843 (Reviewer in EMC SourceOne Email Supervisor before 7.2 does not ...)
	NOT-FOR-US: EMC SourceOne
CVE-2015-6842
	RESERVED
CVE-2015-6841
	RESERVED
CVE-2015-6840
	RESERVED
CVE-2015-6937 (The __rds_conn_create function in net/rds/connection.c in the Linux ...)
	{DSA-3364-1 DLA-310-1}
	- linux 4.2.1-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=74e98eb085889b0d2d4908f59f6e00026063014f (v4.3-rc1)
CVE-2015-6908 (The ber_get_next function in libraries/liblber/io.c in OpenLDAP 2.4.42 ...)
	{DSA-3356-1 DLA-309-1}
	- openldap 2.4.42+dfsg-2 (bug #798622)
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=6fe51a9ab04fd28bbc171da3cf12f1c1040d6629
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=8240;selectid=8240
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/2
CVE-2015-7312 (Multiple race conditions in the Advanced Union Filesystem (aufs) ...)
	- linux 4.2.1-1 (bug #796036)
	[jessie] - linux 3.16.7-ckt11-1+deb8u4
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/3
	NOTE: http://sourceforge.net/p/aufs/mailman/message/34449209/
	NOTE: For Linux kernel with aufs aufs3-mmap.patch or aufs4-mmap.patch mmap patch
CVE-2014-9745 (The parse_encoding function in type1/t1load.c in FreeType before 2.5.3 ...)
	{DSA-3370-1 DLA-319-1}
	- freetype 2.6-1 (bug #798620)
	NOTE: https://launchpad.net/bugs/1492124
	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
	NOTE: https://savannah.nongnu.org/bugs/?41590
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=df14e6c0b9592cbb24d5381dfc6106b14f915e75 (VER-2-5-3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9746 (The (1) t1_parse_font_matrix function in type1/t1load.c, (2) ...)
	{DSA-3370-1 DLA-319-1}
	- freetype 2.6-1 (bug #798619)
	NOTE: https://launchpad.net/bugs/1449225
	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
	NOTE: https://savannah.nongnu.org/bugs/?41309
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2014-9747 (The t42_parse_encoding function in type42/t42parse.c in FreeType ...)
	{DSA-3370-1 DLA-319-1}
	- freetype 2.6-1 (bug #798619)
	NOTE: https://launchpad.net/bugs/1449225
	NOTE: http://www.ubuntu.com/usn/usn-2739-1/
	NOTE: https://savannah.nongnu.org/bugs/?41309
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=8b281f83e8516535756f92dbf90940ac44bd45e1 (VER-2-5-3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/11/4
CVE-2015-6855 (hw/ide/core.c in QEMU does not properly restrict the commands accepted ...)
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-2
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/10/1
	NOTE: Fix commit: http://git.qemu.org/?p=qemu.git;a=commit;h=d9033e1d3aa666c5071580617a57bd853c5d794a
	NOTE: exec_cmd introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=7cff87ff6ab117799e32e42c2e4dc4c0588e583a
	NOTE: cmd_table introduced in http://git.qemu.org/?p=qemu.git;a=commit;h=844505b12e722d9ba7060480e766351fc6313501
CVE-2015-6927 (vzctl before 4.9.4 determines the virtual environment (VE) layout ...)
	{DSA-3357-1}
	- vzctl 4.9.4-1
	[wheezy] - vzctl <not-affected> (Vulnerability not present)
	[squeeze] - vzctl <not-affected> (Vulnerability not present)
	NOTE: https://tracker.debian.org/news/711965
	NOTE: https://src.openvz.org/projects/OVZL/repos/vzctl/commits/9e98ea630ac0e88b44e3e23c878a5166aeb74e1c
	NOTE: https://plus.google.com/+OpenVZorg/posts/gidyrouNi7D
	NOTE: https://wiki.openvz.org/Download/vzctl/4.9.4
CVE-2015-6839 (The parse function in MSA vot.Ar 3.1 does not check whether a ...)
	NOT-FOR-US: MSA vot.Ar
CVE-2015-6829 (Multiple SQL injection vulnerabilities in the getip function in ...)
	NOT-FOR-US: getip function in wp-limit-login-attempts.php in the WP Limit Login Attempts plugin for WordPress
CVE-2015-6828 (The tweet_info function in class/__functions.php in the SecureMoz ...)
	NOT-FOR-US: SecureMoz plugin
CVE-2015-6827 (Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger ...)
	NOT-FOR-US: Auto-Exchanger
CVE-2015-6826 (The ff_rv34_decode_init_thread_copy function in libavcodec/rv34.c in ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6825 (The ff_frame_thread_init function in libavcodec/pthread_frame.c in ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
CVE-2015-6824 (The sws_init_context function in libswscale/utils.c in FFmpeg before ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6823 (The allocate_buffers function in libavcodec/alac.c in FFmpeg before ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6822 (The destroy_buffers function in libavcodec/sanm.c in FFmpeg before ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6821 (The ff_mpv_common_init function in libavcodec/mpegvideo.c in FFmpeg ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6820 (The ff_sbr_apply function in libavcodec/aacsbr.c in FFmpeg before ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6819 (Multiple integer underflows in the ff_mjpeg_decode_frame function in ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present in any Libav version)
CVE-2015-6818 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFmpeg before ...)
	- ffmpeg 7:2.7.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
CVE-2015-6814
	RESERVED
CVE-2015-6813
	RESERVED
CVE-2015-6812 (Invision Power Services IPS Community Suite (aka Invision Power Board, ...)
	NOT-FOR-US: Invision Power Services IPS Community Suite
CVE-2015-6811 (SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP ...)
	NOT-FOR-US: Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS
CVE-2015-6810 (Cross-site scripting (XSS) vulnerability in Invision Power Services ...)
	NOT-FOR-US: Invision Power Services IPS Community Suite
CVE-2015-6809 (Multiple cross-site scripting (XSS) vulnerabilities in BEdita before ...)
	NOT-FOR-US: BEdita
CVE-2015-6808 (Cross-site scripting (XSS) vulnerability in the Spotlight module ...)
	NOT-FOR-US: Spotlight module for Drupal
CVE-2015-6807 (Cross-site scripting (XSS) vulnerability in the Mass Contact module ...)
	NOT-FOR-US: Mass Contact module for Drupal
CVE-2015-6805 (Cross-site scripting (XSS) vulnerability in the MDC Private Message ...)
	NOT-FOR-US: MDC Private Message plugin for WordPress
CVE-2015-6830 (libraries/plugins/auth/AuthenticationCookie.class.php in phpMyAdmin ...)
	{DSA-3382-1}
	- phpmyadmin 4:4.4.14.1-1 (low)
	[jessie] - phpmyadmin <no-dsa> (Minor issue)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-XXXX [hardening for RSA-CRT leak]
	- libgcrypt11 <removed>
	[wheezy] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
	[squeeze] - libgcrypt11 <no-dsa> (Minor issue; additional hardening)
	- libgcrypt20 1.6.4-3
	[jessie] - libgcrypt20 <no-dsa> (Minor issue; additional hardening)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libgcrypt.git;a=commit;h=b85c8d6645039fc9d403791750510e439731d479
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/08/5
	NOTE: Thread on oss-security to clarify if this should be CVE-2015-5738 or a new CVE
CVE-2015-6838 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	- hhvm 3.12.1+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69782
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
	NOTE: https://github.com/facebook/hhvm/commit/f358ec0e905df41feaa9dc75f4dee814cfe5a60a
CVE-2015-6837 (The xsl_ext_function_php function in ext/xsl/xsltprocessor.c in PHP ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69782
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6836 (The SoapClient __call method in ext/soap/soap.c in PHP before 5.4.45, ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70388
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6835 (The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, ...)
	{DSA-3358-1}
	- php5 5.6.13+dfsg-1
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.php.net/bug.php?id=70219
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-6834 (Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x ...)
	{DSA-3358-1 DLA-341-1}
	- php5 5.6.13+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70172
	NOTE: https://bugs.php.net/bug.php?id=70365
	NOTE: https://bugs.php.net/bug.php?id=70366
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/07/5
	NOTE: Fixed in 5.5.45 and 5.6.13
CVE-2015-7225 (Tinfoil Devise-two-factor before 2.0.0 does not strictly follow ...)
	- ruby-devise-two-factor 2.0.0-1 (bug #798466)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/06/2
CVE-2015-8777 (The process_envvars function in elf/rtld.c in the GNU C Library (aka ...)
	{DSA-3480-1 DLA-316-1}
	- glibc 2.21-1 (bug #798316; bug #801691)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed>
	[squeeze] - eglibc 2.11.3-4+deb6u7
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/05/8
	NOTE: Upstream bug https://sourceware.org/bugzilla/show_bug.cgi?id=18928
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7
CVE-2015-6815 [Qemu: net: e1000 infinite loop issue]
	RESERVED
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-2 (bug #798101)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/4
	NOTE: Upstream fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg01199.html
CVE-2015-6816 (ganglia-web before 3.7.1 allows remote attackers to bypass ...)
	- ganglia-web <unfixed> (unimportant; bug #798213)
	- ganglia 3.6.0-1 (unimportant)
	[squeeze] - ganglia <not-affected> (affected code not present)
	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/2
	NOTE: https://github.com/ganglia/ganglia-web/issues/267
CVE-2015-6817 (PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows ...)
	- pgbouncer 1.6.1-1
	[jessie] - pgbouncer <not-affected> (Introduced in 1.6)
	[wheezy] - pgbouncer <not-affected> (Introduced in 1.6)
	[squeeze] - pgbouncer <not-affected> (Introduced in 1.6)
	NOTE: http://web.archive.org/web/20150905195759/http://pgbouncer.github.io/2015/09/pgbouncer-1-6-1/
	NOTE: https://github.com/pgbouncer/pgbouncer/issues/69
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/04/3
CVE-2015-XXXX [val_dane_check: usage DANE-TA(2) may bypass cert validation entirely]
	[experimental] - dnsval 2.1-1
	- dnsval 2.0-2 (bug #797470)
	[jessie] - dnsval <no-dsa> (Should possibly be removed in a stable-proposed-update from Jessie)
	NOTE: Removal in jessie would need as well update to irssi and kamailio
	NOTE: dnsval/2.0-2 only disables/let val_dane_check fail on usage 2 because not implemented correctly
CVE-2015-XXXX [Memory corruption]
	- libvncserver 0.9.8-1
	[squeeze] - libvncserver 0.9.7-2+deb6u2
	NOTE: workaround entry for DLA-380-1 until/if CVE assigned
	NOTE: https://github.com/LibVNC/libvncserver/commit/804335f9d296440bb708ca844f5d89b58b50b0c6
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/09/03/8
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=706087#c1 notes that the fix breaks ABI
CVE-2015-6938 (Cross-site scripting (XSS) vulnerability in the file browser in ...)
	- ipython 2.4.1-1 (low; bug #798886)
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <no-dsa> (Minor issue)
	[squeeze] - ipython <not-affected> (Vulnerable code not present)
	NOTE: Affected versions: 0.12 <= x <= 4.0
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/02/3
CVE-2015-6804
	RESERVED
CVE-2015-6803
	RESERVED
CVE-2015-6802
	RESERVED
CVE-2015-6801
	RESERVED
CVE-2015-6800
	RESERVED
CVE-2015-6799
	RESERVED
CVE-2015-6798
	RESERVED
CVE-2015-6797
	RESERVED
CVE-2015-6796
	RESERVED
CVE-2015-6795
	RESERVED
CVE-2015-6794
	RESERVED
CVE-2015-6793
	RESERVED
CVE-2015-6792 (The MIDI subsystem in Google Chrome before 47.0.2526.106 does not ...)
	{DSA-3456-1}
	- chromium-browser 47.0.2526.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.de/2015/12/stable-channel-update_15.html
CVE-2015-6791 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6790 (The WebPageSerializerImpl::openTagToString function in ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6789 (Race condition in the MutationObserver implementation in Blink, as ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6788 (The ObjectBackedNativeHandler class in ...)
	{DSA-3418-1}
	- chromium-browser 47.0.2526.80-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6787 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6786 (The CSPSourceList::matches function in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6785 (The CSPSource::hostMatches function in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6784 (The page serializer in Google Chrome before 47.0.2526.73 mishandles ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6783 (The FindStartOffsetOfFileInZipFile function in crazy_linker_zip.cpp in ...)
	- chromium-browser <not-affected> (android only)
CVE-2015-6782 (The Document::open function in WebKit/Source/core/dom/Document.cpp in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6781 (Integer overflow in the FontData::Bound function in data/font_data.cc ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6780 (Use-after-free vulnerability in the Infobars implementation in Google ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6779 (PDFium, as used in Google Chrome before 47.0.2526.73, does not ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6778 (The CJBig2_SymbolDict class in fxcodec/jbig2/JBig2_SymbolDict.cpp in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6777 (Use-after-free vulnerability in the ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6776 (The opj_dwt_decode_1* functions in dwt.c in OpenJPEG, as used in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6775 (fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6774 (Use-after-free vulnerability in the GetLoadTimes function in ...)
	{DSA-3415-1}
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6773 (The convolution implementation in Skia, as used in Google Chrome ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6772 (The DOM implementation in Blink, as used in Google Chrome before ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6771 (js/array.js in Google V8, as used in Google Chrome before ...)
	{DSA-3415-1}
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6770 (The DOM implementation in Google Chrome before 47.0.2526.73 allows ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6769 (The provisional-load commit implementation in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6768 (The DOM implementation in Google Chrome before 47.0.2526.73 allows ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6767 (Use-after-free vulnerability in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6766 (Use-after-free vulnerability in the AppCache implementation in Google ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6765 (Use-after-free vulnerability in ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6764 (The BasicJsonStringifier::SerializeJSArray function in ...)
	{DSA-3415-1}
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
	- nodejs 4.2.3~dfsg-1 (bug #806385)
	[jessie] - nodejs <not-affected> (0.10 series not affected)
	NOTE: https://nodejs.org/en/blog/vulnerability/cve-2015-8027_cve-2015-6764/
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6763 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6762 (The CSSFontFaceSrcValue::fetch function in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6761 (The update_dimensions function in libavcodec/vp8.c in FFmpeg through ...)
	{DSA-3376-1}
	- ffmpeg 7:2.8.1-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <undetermined>
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	- chromium-browser 44.0.2403.157-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=447860
	NOTE: https://code.google.com/p/chromium/issues/detail?id=532967
	NOTE: Starting with 44.0.2403.157-1 chromium uses the ffmpeg system copy
	NOTE: It looks like this relates to multithreaded decoding of VPx codecs, which is not implemented in the squeeze version. But I'm not sure as the second bug report is still private.
CVE-2015-6760 (The Image11::map function in renderer/d3d/d3d11/Image11.cpp in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6759 (The shouldTreatAsUniqueOrigin function in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6758 (The CPDF_Document::GetPage function in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6757 (Use-after-free vulnerability in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6756 (Use-after-free vulnerability in the CPDFSDK_PageView implementation in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6755 (The ContainerNode::parserInsertBefore function in ...)
	{DSA-3376-1}
	- chromium-browser 46.0.2490.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6754 (Cross-site scripting (XSS) vulnerability in the administration ...)
	NOT-FOR-US: Drupal Path Breadcrumbs module
CVE-2015-6753 (Multiple cross-site scripting (XSS) vulnerabilities in the Quick Edit ...)
	NOT-FOR-US: Drupal Quick Edit module
CVE-2015-6752 (Cross-site scripting (XSS) vulnerability in the Search API ...)
	NOT-FOR-US: Drupal Search API Autocomplete module
CVE-2015-6751 (Multiple cross-site scripting (XSS) vulnerabilities in the Time ...)
	NOT-FOR-US: Drupal Time Tracker module
CVE-2015-6750 (Buffer overflow in Ricoh DL FTP Server 1.1.0.6 and earlier allows ...)
	NOT-FOR-US: Ricoh DL FTP Server
CVE-2015-6747 (Basware Banking (Maksuliikenne) 8.90.07.X does not properly prevent ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6746 (Basware Banking (Maksuliikenne) before 8.90.07.X stores private keys ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6745 (Basware Banking (Maksuliikenne) 8.90.07.X relies on the client to ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6744 (Basware Banking (Maksuliikenne) before 8.90.07.X relies on the client ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6743 (Basware Banking (Maksuliikenne) 8.90.07.X uses a hardcoded password ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6742 (Basware Banking (Maksuliikenne) before 8.90.07.X uses a hardcoded ...)
	NOT-FOR-US: Basware Banking
CVE-2015-6723 (The ANTrustPropagateAll method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6806 (The MScrollV function in ansi.c in GNU screen 4.3.1 and earlier does ...)
	{DSA-3352-1 DLA-305-1}
	- screen 4.3.1-2 (bug #797624)
	NOTE: https://savannah.gnu.org/bugs/?45713
	NOTE: http://www.openwall.com/lists/oss-security/2015/09/01/1
CVE-2015-6749 (Buffer overflow in the aiff_open function in oggenc/audio.c in ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-7 (bug #797461)
	[jessie] - vorbis-tools 1.4.0-6+deb8u1
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/29/1
	NOTE: https://trac.xiph.org/ticket/2212
CVE-2015-6741
	RESERVED
CVE-2015-6740
	RESERVED
CVE-2015-6739
	RESERVED
CVE-2015-6738
	RESERVED
CVE-2015-6748 (Cross-site scripting (XSS) vulnerability in jsoup before 1.8.3. ...)
	- jsoup 1.8.3-1 (bug #797275)
	[jessie] - jsoup <no-dsa> (Minor issue)
	[wheezy] - jsoup <no-dsa> (Minor issue)
	NOTE: https://github.com/jhy/jsoup/pull/582
	NOTE: https://hibernate.atlassian.net/browse/HV-1012
	NOTE: https://issues.jboss.org/browse/WFLY-5223
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/28/3
CVE-2015-6726
	RESERVED
CVE-2015-6725 (The ANSendForSharedReview method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6724 (The ANSendForApproval method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-5723 (Doctrine Annotations before 1.2.7, Cache before 1.3.2 and 1.4.x before ...)
	{DSA-3369-1}
	- php-doctrine-annotations 1.2.7-1 (low)
	[jessie] - php-doctrine-annotations 1.2.1-1+deb8u1
	- php-doctrine-cache 1.4.2-1 (low)
	[jessie] - php-doctrine-cache 1.3.1-1+deb8u1
	[experimental] - php-doctrine-common 2.5.1-1
	- php-doctrine-common 2.4.3-1 (low)
	[jessie] - php-doctrine-common 2.4.2-2+deb8u1
	[experimental] - doctrine 2.5.1+dfsg-1
	- doctrine 2.4.8-1 (low)
	[jessie] - doctrine 2.4.6-1+deb8u1
	[wheezy] - doctrine <no-dsa> (Minor issue)
	[squeeze] - doctrine <no-dsa> (Minor issue)
	[experimental] - aws-sdk-for-php 3.2.1-1
	- aws-sdk-for-php <not-affected> (Vulnerable code not present)
	- php-doctrine-bundle 1.5.2-1 (low)
	- zendframework 1.12.16+dfsg-1 (low)
	[squeeze] - zendframework <not-affected> (No unsafe permissions found in cache functions)
	NOTE: Review of zendframework 1.10.6 in Squeeze found no usage of default unsafe permission except in library/Zend/Search/Lucene/Storage/Directory/Filesystem.php but which is unlikely to cause a security issue.
	NOTE: http://www.doctrine-project.org/2015/08/31/security_misconfiguration_vulnerability_in_various_doctrine_projects.html
	NOTE: https://github.com/aws/aws-sdk-php/releases/tag/3.2.1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-07
CVE-2015-6722 (The CBSharedReviewStatusDialog method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6721 (The CBSharedReviewSecurityDialog method in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2015-6720 (The ANRunSharedReviewEmailStep method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6719 (The CBSharedReviewCloseDialog method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6718 (The CBSharedReviewIfOfflineDialog method in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2015-6717 (The DynamicAnnotStore method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6716 (The ANSendForFormDistribution method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6715 (The Function apply implementation in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6714 (The Function bind implementation in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6713 (The Function call implementation in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6712 (The ANSendApprovalToAuthorEnabled method in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2015-6711 (The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6710 (The CBBBRInit method in Adobe Reader and Acrobat 10.x before 10.1.16 ...)
	NOT-FOR-US: Adobe
CVE-2015-6709 (The CBBBRInvite method in Adobe Reader and Acrobat 10.x before 10.1.16 ...)
	NOT-FOR-US: Adobe
CVE-2015-6708 (The ANStartApproval method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6707 (The ANSendForReview method in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6706 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6705 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6704 (The animations property implementation in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe
CVE-2015-6703 (The loadFlashMovie function in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6702 (The createSquareMesh function in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6701 (The ambientIlluminationColor property implementation in Adobe Reader ...)
	NOT-FOR-US: Adobe
CVE-2015-6700 (The setBackground function in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6699 (The addForegroundSprite function in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6698 (Heap-based buffer overflow in the AcroForm implementation in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2015-6697 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6696 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6695 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6694 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6693 (The signatureSetSeedValue method in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2015-6692 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.16 and ...)
	NOT-FOR-US: Adobe
CVE-2015-6691 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6690 (Use-after-free vulnerability in the popUpMenuEx method in Adobe Reader ...)
	NOT-FOR-US: Adobe
CVE-2015-6689 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6688 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6687 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6686 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6685 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-6684 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6683 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-6682 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6681 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2015-6680 (Adobe Shockwave Player before 12.2.0.162 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2015-6679 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6678 (Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6677 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6676 (Buffer overflow in Adobe Flash Player before 18.0.0.241 and 19.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-6675 (Siemens RUGGEDCOM ROS 3.8.0 through 4.1.x permanently enables the IP ...)
	NOT-FOR-US: Siemens RUGGEDCOM ROS
CVE-2015-6672 (Cross-site scripting (XSS) vulnerability in the Administrative Web ...)
	NOT-FOR-US: Citrix
CVE-2015-6671 (Open edX edx-platform before 2015-08-25 requires use of the database ...)
	NOT-FOR-US: Open edX
CVE-2015-6670 (ownCloud Server before 7.0.8, 8.0.x before 8.0.6, and 8.1.x before ...)
	{DSA-3373-1}
	- owncloud 7.0.8~dfsg-1
	[experimental] - owncloud-calendar 0.7.3-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-015
	NOTE: https://github.com/owncloud/calendar/commit/4e0306adb13b19919e90857eaf7681303cd45414
CVE-2015-6669
	RESERVED
CVE-2015-6668 (The Job Manager plugin before 0.7.25 allows remote attackers to read ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-6667
	RESERVED
CVE-2015-6664 (XML external entity (XXE) vulnerability in the application import ...)
	NOT-FOR-US: SAP Mobile Platform
CVE-2015-6663 (Cross-site scripting (XSS) vulnerability in the Client form in the ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-6662 (XML external entity (XXE) vulnerability in SAP NetWeaver Portal 7.4 ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-6657
	RESERVED
CVE-2015-6656
	RESERVED
CVE-2014-9744 (Memory leak in PolarSSL before 1.3.9 allows remote attackers to cause ...)
	- polarssl 1.3.9-1
	[wheezy] - polarssl <not-affected> (Affects only 1.3.x series)
	[squeeze] - polarssl <not-affected> (Affects only 1.3.x series)
CVE-2015-6666
	REJECTED
CVE-2015-6655 (Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 ...)
	NOT-FOR-US: Pligg CMS
CVE-2015-6654 (The xenmem_add_to_physmap_one function in arch/arm/mm.c in Xen 4.5.x, ...)
	{DSA-3414-1}
	- xen 4.8.0~rc3-1 (bug #823620; bug #800128)
	[wheezy] - xen <not-affected> (Xen on arm not yet supported)
	[squeeze] - xen <not-affected> (Xen on arm not yet supported)
	NOTE: http://xenbits.xen.org/xsa/advisory-141.html
CVE-2015-6653
	REJECTED
CVE-2015-6652
	REJECTED
CVE-2015-6651
	REJECTED
CVE-2015-6650
	REJECTED
CVE-2015-6649
	REJECTED
CVE-2015-6648
	RESERVED
CVE-2015-6647 (The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 ...)
	NOT-FOR-US: Android
CVE-2015-6646 (The System V IPC implementation in the kernel in Android before 6.0 ...)
	NOT-FOR-US: Android
	NOTE: https://source.android.com/security/bulletin/2016-01-01.html
	NOTE: This doesn't represent a specific kernel vulnerability. Android does not need and did not apply resource limits to System V IPC.
CVE-2015-6645 (SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
	NOT-FOR-US: Android
CVE-2015-6644 (Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
	{DSA-3829-1 DLA-893-1}
	- bouncycastle 1.54-1
	NOTE: https://source.android.com/security/bulletin/2016-01-01.html#information_disclosure_vulnerability_in_bouncy_castle
	NOTE: https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f
	NOTE: Fixed differently upstream https://github.com/bcgit/bc-java/issues/177#issuecomment-290671336
CVE-2015-6643 (Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before ...)
	NOT-FOR-US: Android
CVE-2015-6642 (The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 ...)
	NOT-FOR-US: Qualcomm driver for Android
	NOTE: https://www.codeaurora.org/projects/security-advisories/information-disclosure-vulnerability-kernel-ipc-router-module-cve-2015-6642
CVE-2015-6641 (Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to ...)
	NOT-FOR-US: Android
CVE-2015-6640 (The prctl_set_vma_anon_name function in kernel/sys.c in Android before ...)
	NOT-FOR-US: Android kernel extension
	NOTE: https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15
CVE-2015-6639 (The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 ...)
	NOT-FOR-US: Android
CVE-2015-6638 (The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F ...)
	NOT-FOR-US: Imagination driver for Android
CVE-2015-6637 (The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 ...)
	NOT-FOR-US: MediaTek driver for Android
CVE-2015-6636 (mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before ...)
	NOT-FOR-US: Android Mediaserver
CVE-2015-6635
	RESERVED
CVE-2015-6634 (The display drivers in Android before 5.1.1 LMY48Z allow remote ...)
	NOT-FOR-US: Android
CVE-2015-6633 (The display drivers in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: Android
CVE-2015-6632 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: libstagefright
CVE-2015-6631 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: libstagefright
CVE-2015-6630 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
	NOT-FOR-US: Android
CVE-2015-6629 (Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain ...)
	NOT-FOR-US: Android
CVE-2015-6628 (Media Framework in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: Android
CVE-2015-6627 (The Audio component in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: Android
CVE-2015-6626 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: libstagefright
CVE-2015-6625 (System Server in Android 6.0 before 2015-12-01 allows attackers to ...)
	NOT-FOR-US: Android
CVE-2015-6624 (System Server in Android 6.0 before 2015-12-01 allows attackers to ...)
	NOT-FOR-US: Android
CVE-2015-6623 (Wi-Fi in Android 6.0 before 2015-12-01 allows attackers to gain ...)
	NOT-FOR-US: Android
CVE-2015-6622 (The Native Frameworks Library in Android before 5.1.1 LMY48Z and 6.0 ...)
	NOT-FOR-US: Android
CVE-2015-6621 (SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
	NOT-FOR-US: Android
CVE-2015-6620 (libstagefright in Android before 5.1.1 LMY48Z and 6.0 before ...)
	NOT-FOR-US: libstagefright
CVE-2015-6619 (The kernel in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
	- linux <not-affected> (Appears to be caused by a flawed backport of O_TMPFILE feature)
	NOTE: https://android.googlesource.com/device%2Fhtc%2Fflounder-kernel/+/25d3e5d71865a7c0324423fad87aaabb70e82ee4
CVE-2015-6618 (Bluetooth in Android 4.4 and 5.x before 5.1.1 LMY48Z allows ...)
	NOT-FOR-US: Android
CVE-2015-6617 (Skia, as used in Android before 5.1.1 LMY48Z and 6.0 before ...)
	- skia <itp> (bug #818180)
CVE-2015-6616 (mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6615
	RESERVED
CVE-2015-6614 (Telephony in Android 5.x before 5.1.1 LMY48X allows attackers to gain ...)
	NOT-FOR-US: Android
CVE-2015-6613 (Bluetooth in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
	NOT-FOR-US: Android
CVE-2015-6612 (libmedia in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
	NOT-FOR-US: Android
CVE-2015-6611 (mediaserver in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6610 (libstagefright in Android before 5.1.1 LMY48X and 6.0 before ...)
	NOT-FOR-US: libstagefright
CVE-2015-6609 (libutils in Android before 5.1.1 LMY48X and 6.0 before 2015-11-01 ...)
	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
CVE-2015-6608 (mediaserver in Android 5.x before 5.1.1 LMY48X and 6.0 before ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6607 (SQLite before 3.8.9, as used in Android before 5.1.1 LMY48T, allows ...)
	NOT-FOR-US: Android
	NOTE: The change simply rebased sqlite to 3.8.9, which seems to have happened
	NOTE: for CVE-2015-3414, CVE-2015-3415 and CVE-2015-3416, but no new sqlite issue
CVE-2015-6606 (The Secure Element Evaluation Kit (aka SEEK or SmartCard API) plugin ...)
	NOT-FOR-US: Android
CVE-2015-6605 (mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6604 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6603 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6602 (libutils in Android through 5.1.1 LMY48M allows remote attackers to ...)
	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
CVE-2015-6601 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6600 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6599 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6598 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6597
	RESERVED
CVE-2015-6596 (mediaserver in Android before 5.1.1 LMY48T allows attackers to gain ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-6595
	RESERVED
CVE-2015-6594
	RESERVED
CVE-2015-6592 (Huawei UAP2105 before V300R012C00SPC160(BootRom) does not require ...)
	NOT-FOR-US: Huawei
CVE-2015-6591
	RESERVED
CVE-2015-6590
	RESERVED
CVE-2015-6589
	RESERVED
CVE-2015-6588 (Cross-site scripting (XSS) vulnerability in login-fsp.html in MODX ...)
	NOT-FOR-US: MODX Revolution
CVE-2015-6587 (The vlserver in OpenAFS before 1.6.13 allows remote authenticated ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-006.txt
CVE-2015-6586 (The mDNS module in Huawei WLAN AC6005, AC6605, and ACU2 devices with ...)
	NOT-FOR-US: Huawei
CVE-2015-6585 (hwpapp.dll in Hangul Word Processor allows remote attackers to execute ...)
	NOT-FOR-US: Hangul Word Processor
CVE-2015-6584 (Cross-site scripting (XSS) vulnerability in the DataTables plugin ...)
	- datatables.js 1.10.9+dfsg-1
	NOTE: http://www.securityfocus.com/archive/1/archive/1/536437/100/0/threaded
	NOTE: https://www.netsparker.com/cve-2015-6384-xss-vulnerability-identified-in-datatables/
	NOTE: https://github.com/DataTables/DataTables/issues/602
	NOTE: https://github.com/DataTables/DataTablesSrc/commit/ccf86dc5982bd8e16d
	NOTE: https://nodesecurity.io/advisories/5
CVE-2015-6583 (Google Chrome before 45.0.2454.85 does not display a location bar for ...)
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6582 (The decompose function in platform/transforms/TransformationMatrix.cpp ...)
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6581 (Double free vulnerability in the ...)
	{DSA-3665-1}
	- openjpeg <not-affected> (Vulnerable code not present, function opj_j2k_copy_default_tcp_and_create_tcd)
	- openjpeg2 2.1.1-1 (bug #800453)
	NOTE: Openjpeg2 fix: https://github.com/uclouvain/openjpeg/commit/0fa5a17c98c4b8f9ee2286f4f0a50cf52a5fccb0
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6580 (Multiple unspecified vulnerabilities in Google V8 before 4.5.103.29, ...)
	- chromium-browser 45.0.2454.85-1
	[jessie] - chromium-browser 45.0.2454.85-1~deb8u1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-6579
	RESERVED
CVE-2015-6578
	RESERVED
CVE-2015-6577
	RESERVED
CVE-2015-6576 (Bamboo 2.2 before 5.8.5 and 5.9.x before 5.9.7 allows remote attackers ...)
	NOT-FOR-US: Atlassian Bamboo
CVE-2015-6575 (SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I does ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-6574 (The SNAP Lite component in certain SISCO MMS-EASE and AX-S4 ICCP ...)
	NOT-FOR-US: SISCO MMS-EASE
CVE-2015-6573
	RESERVED
CVE-2015-6572
	RESERVED
CVE-2015-6571
	RESERVED
CVE-2015-6570
	RESERVED
CVE-2015-6569 (Race condition in the LoadBalancer module in the Atlassian Floodlight ...)
	NOT-FOR-US: Atlassian
CVE-2015-6568 (Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code ...)
	NOT-FOR-US: Wolf CMS
CVE-2015-6567 (Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code ...)
	NOT-FOR-US: Wolf CMS
CVE-2015-6566 (zarafa-autorespond in Zarafa Collaboration Platform (ZCP) before 7.2.1 ...)
	- zarafa <itp> (bug #658433)
CVE-2015-6562
	RESERVED
CVE-2015-6561
	RESERVED
CVE-2015-6560
	RESERVED
CVE-2015-6559
	RESERVED
CVE-2015-6558
	RESERVED
CVE-2015-6557 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
	NOT-FOR-US: IBM
CVE-2015-6556 (EACommunicatorSrv.exe in the Framework Service in the client in ...)
	NOT-FOR-US: Symantec
CVE-2015-6555 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
	NOT-FOR-US: Symantec
CVE-2015-6554 (Symantec Endpoint Protection Manager (SEPM) 12.1 before 12.1-RU6-MP3 ...)
	NOT-FOR-US: Symantec
CVE-2015-6553
	REJECTED
CVE-2015-6552 (The management-services protocol implementation in Veritas NetBackup ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2015-6551 (Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2015-6550 (bpcd in Veritas NetBackup 7.x through 7.5.0.7, 7.6.0.x through ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2015-6549 (Cross-site scripting (XSS) vulnerability in an application console in ...)
	NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2015-6548 (Multiple SQL injection vulnerabilities in a PHP script in the ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-6547 (The management console on Symantec Web Gateway (SWG) appliances with ...)
	NOT-FOR-US: Semantec Web Gateway
CVE-2015-6546 (The vCMP host in F5 BIG-IP Analytics, APM, ASM, GTM, Link Controller, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-6545 (Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb ...)
	NOT-FOR-US: Cerb
CVE-2015-6544 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Combodo
CVE-2015-6543
	RESERVED
CVE-2015-6542
	REJECTED
CVE-2015-6541 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail ...)
	NOT-FOR-US: Zimbra
CVE-2015-6540 (Cross-site scripting (XSS) vulnerability in Intellect Design Arena ...)
	NOT-FOR-US: Intellect Design Arena Intellect Core banking
CVE-2015-6539
	RESERVED
CVE-2015-6538 (The login page in Epiphany Cardio Server 3.3, 4.0, and 4.1 mishandles ...)
	NOT-FOR-US: Epiphany Cardio Server
CVE-2015-6537 (SQL injection vulnerability in the login page in Epiphany Cardio ...)
	NOT-FOR-US: Epiphany Cardio Server
CVE-2015-6536
	RESERVED
CVE-2015-6535 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: YouTube Embed plugin for WordPress
CVE-2015-6534
	RESERVED
CVE-2015-6533
	RESERVED
CVE-2015-6532
	RESERVED
CVE-2015-6531 (Palo Alto Networks Panorama VM Appliance with PAN-OS before 6.0.1 ...)
	NOT-FOR-US: Palo Alto Networks Panorama VM Appliance
CVE-2015-6530 (Cross-site scripting (XSS) vulnerability in OpenText Secure MFT 2013 ...)
	NOT-FOR-US: OpenText Secure MFT 2013
CVE-2015-6529 (Multiple cross-site scripting (XSS) vulnerabilities in phpipam 1.1.010 ...)
	- phpipam <itp> (bug #731713)
CVE-2015-6528 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-6525 (Multiple integer overflows in the evbuffer API in Libevent 2.0.x ...)
	{DSA-3119-1}
	- libevent 2.0.21-stable-2
	[squeeze] - libevent <not-affected> (Only for issues in 2.0.x and 2.1.x)
	NOTE: Split from CVE-2014-6272
CVE-2015-6524 (The LDAPLoginModule implementation in the Java Authentication and ...)
	- activemq 5.6.0+dfsg1-4 (low)
	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
CVE-2015-6523 (Cross-site request forgery (CSRF) vulnerability in the Portfolio ...)
	NOT-FOR-US: Portfolio plugin for WordPress
CVE-2015-6522 (SQL injection vulnerability in the WP Symposium plugin before 15.8 for ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2015-6661 (Drupal 6.x before 6.37 and 7.x before 7.39 allows remote attackers to ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6660 (The Form API in Drupal 6.x before 6.37 and 7.x before 7.39 does not ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6659 (SQL injection vulnerability in the SQL comment filtering system in the ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6658 (Cross-site scripting (XSS) vulnerability in the Autocomplete system in ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6665 (Cross-site scripting (XSS) vulnerability in the Ajax handler in Drupal ...)
	{DSA-3346-1}
	- drupal7 7.39-1
	NOTE: https://www.drupal.org/SA-CORE-2015-003
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/21/5
CVE-2015-6673 (Use-after-free vulnerability in Decoder.cpp in libpgf before 6.15.32. ...)
	- libpgf 6.14.12-3.2 (bug #798032)
	[jessie] - libpgf <no-dsa> (Minor issue, can be fixed via a point release)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/14
	NOTE: Details on the CVE assignment: http://www.openwall.com/lists/oss-security/2015/08/25/9
	NOTE: https://sourceforge.net/p/libpgf/code/147/
	NOTE: https://sourceforge.net/p/libpgf/code/148/
CVE-2015-6527 (The php_str_replace_in_subject function in ext/standard/string.c in ...)
	- php5 <not-affected> (Specific to PHP 7)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6aeee47b2cd47915ccfa3b41433a3f57aea24dd5
	NOTE: https://bugs.php.net/bug.php?id=70140
CVE-2015-6521 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor LMS ...)
	NOT-FOR-US: ATutor
CVE-2015-6519 (SQL injection vulnerability in Arab Portal 3 allows remote attackers ...)
	NOT-FOR-US: Arab Portal 3
CVE-2015-6518 (Multiple cross-site scripting (XSS) vulnerabilities in phpLiteAdmin ...)
	- phpliteadmin <not-affected> (Fixed before initial upload)
CVE-2015-6517 (Cross-site request forgery (CSRF) vulnerability in phpLiteAdmin 1.1 ...)
	- phpliteadmin <not-affected> (Fixed before initial upload)
CVE-2015-6516 (SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier ...)
	NOT-FOR-US: cygnux.org sysPass
CVE-2015-6515 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk
CVE-2015-6514 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk ...)
	NOT-FOR-US: Splunk Enterprise
CVE-2015-6513 (Multiple SQL injection vulnerabilities in the J2Store (com_j2store) ...)
	NOT-FOR-US: Joomla extension com_j2store
CVE-2015-6512 (SQL injection vulnerability in the get_messages function in ...)
	NOT-FOR-US: FreiChat
CVE-2015-6511 (Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 ...)
	NOT-FOR-US: pfSense
CVE-2015-6510 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...)
	NOT-FOR-US: pfSense
CVE-2015-6509 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...)
	NOT-FOR-US: pfSense
CVE-2015-6508 (Cross-site scripting (XSS) vulnerability in pfSense before 2.2.3 ...)
	NOT-FOR-US: pfSense
CVE-2015-6507 (The hdbsql client 1.00.091.00 Build 1418659308-1530 in SAP HANA allows ...)
	NOT-FOR-US: SAP
CVE-2015-6833 (Directory traversal vulnerability in the PharData class in PHP before ...)
	{DSA-3344-1 DLA-341-1}
	- php5 5.6.12+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70019
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
	NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6831 (Multiple use-after-free vulnerabilities in SPL in PHP before 5.4.44, ...)
	{DSA-3344-1 DLA-341-1}
	- php5 5.6.12+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70169
	NOTE: https://bugs.php.net/bug.php?id=70168
	NOTE: https://bugs.php.net/bug.php?id=70166
	NOTE: https://bugs.php.net/bug.php?id=70155
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
	NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6832 (Use-after-free vulnerability in the SPL unserialize implementation in ...)
	{DSA-3344-1 DLA-341-1}
	- php5 5.6.12+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=70068
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/19/3
	NOTE: Fixed upstream in 5.4.44 and 5.6.12
CVE-2015-6505
	RESERVED
CVE-2015-6504
	RESERVED
CVE-2015-6503
	RESERVED
CVE-2015-6502 (Cross-site scripting (XSS) vulnerability in the console in Puppet ...)
	NOT-FOR-US: Puppet Enterprise
CVE-2015-6501 (Open redirect vulnerability in the Console in Puppet Enterprise before ...)
	- puppet <not-affected> (Limited to Puppet Enterprise)
CVE-2015-6500 (Directory traversal vulnerability in ownCloud Server before 8.0.6 and ...)
	{DSA-3373-1}
	- owncloud 7.0.10~dfsg-2 (bug #800126)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-014
	NOTE: https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2015-048.txt
	NOTE: https://github.com/owncloud/core/commit/9f8c0a3a8d14f1c127b2034faa14d8d309f962e9
CVE-2015-6499
	RESERVED
CVE-2015-6498 (Alcatel-Lucent Home Device Manager before 4.1.10, 4.2.x before 4.2.2 ...)
	NOT-FOR-US: Alcatel-Lucent Home Device Manager
CVE-2015-6497
	RESERVED
CVE-2015-6495
	RESERVED
CVE-2015-6494 (Cross-site scripting (XSS) vulnerability in Infinite Automation Mango ...)
	NOT-FOR-US: Infinite Automation Mango Automation
CVE-2015-6493 (Cross-site request forgery (CSRF) vulnerability in Infinite Automation ...)
	NOT-FOR-US: Infinite Automation Mango Automation
CVE-2015-6492 (Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6491 (Allen-Bradley MicroLogix 1100 devices before B FRN 15.000 and 1400 ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6490 (Stack-based buffer overflow on Allen-Bradley MicroLogix 1100 devices ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6489
	RESERVED
CVE-2015-6488 (Cross-site scripting (XSS) vulnerability in the web server on ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6487
	REJECTED
CVE-2015-6486 (SQL injection vulnerability on Allen-Bradley MicroLogix 1100 devices ...)
	NOT-FOR-US: Allen-Bradley MicroLogix
CVE-2015-6485 (Schneider Electric Telvent Sage 2300 RTUs with firmware before ...)
	NOT-FOR-US: Schneider
CVE-2015-6484 (3S-Smart CODESYS Gateway Server before 2.3.9.48 allows remote ...)
	NOT-FOR-US: 3S-Smart CODESYS
CVE-2015-6483
	RESERVED
CVE-2015-6482 (Runtime Toolkit before 2.4.7.48 in 3S-Smart CODESYS before 2.3.9.48 ...)
	NOT-FOR-US: 3S-Smart CODESYS
CVE-2015-6481 (The login function in the RequestController class in Moxa OnCell ...)
	NOT-FOR-US: Moxa
CVE-2015-6480 (The MessageBrokerServlet servlet in Moxa OnCell Central Manager before ...)
	NOT-FOR-US: Moxa
CVE-2015-6479 (ACEmanager in Sierra Wireless ALEOS 4.4.2 and earlier on ES440, ES450, ...)
	NOT-FOR-US: Sierra Wireless ALEOS
CVE-2015-6478 (Unitronics VisiLogic OPLC IDE before 9.8.02 does not properly restrict ...)
	NOT-FOR-US: Unitronics VisiLogic OPLC IDE
CVE-2015-6477 (Multiple cross-site scripting (XSS) vulnerabilities in the Wind Farm ...)
	NOT-FOR-US: Nordex Control
CVE-2015-6476 (Advantech EKI-122x-BE devices with firmware before 1.65, EKI-132x ...)
	NOT-FOR-US: Advantech EKI-122x-BE devices
CVE-2015-6475 (Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ...)
	NOT-FOR-US: ServeMaster
CVE-2015-6474 (IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers ...)
	NOT-FOR-US: ServeMaster
CVE-2015-6473 (WAGO IO 750-849 01.01.27 and WAGO IO 750-881 01.02.05 do not contain ...)
	NOT-FOR-US: WAGO IO
CVE-2015-6472 (WAGO IO 750-849 01.01.27 and 01.02.05, WAGO IO 750-881, and WAGO IO ...)
	NOT-FOR-US: WAGO IO
CVE-2015-6471 (Eaton Cooper Power Systems ProView 4.x and 5.x before 5.1 on Form 6 ...)
	NOT-FOR-US: Eaton Cooper Power Systems ProView
CVE-2015-6470 (Resource Data Management Data Manager before 2.2 allows remote ...)
	NOT-FOR-US: Resource Data Manager
CVE-2015-6469 (The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ ...)
	NOT-FOR-US: ServerMaster
CVE-2015-6468 (Cross-site request forgery (CSRF) vulnerability in Resource Data ...)
	NOT-FOR-US: Resource Data Manager
CVE-2015-6467 (Advantech WebAccess before 8.1 allows remote attackers to execute ...)
	NOT-FOR-US: Advantech
CVE-2015-6466 (Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature ...)
	NOT-FOR-US: Moxa switches
CVE-2015-6465 (The GoAhead web server on Moxa EDS-405A and EDS-408A switches with ...)
	NOT-FOR-US: Moxa switches
CVE-2015-6464 (The administrative web interface on Moxa EDS-405A and EDS-408A ...)
	NOT-FOR-US: Moxa switches
CVE-2015-6463 (CodeWrights HART Comm DTM components, as used with Endress+Hauser ...)
	NOT-FOR-US: CodeWrights HART Comm DTM components
CVE-2015-6462
	RESERVED
CVE-2015-6461
	RESERVED
CVE-2015-6460 (Multiple heap-based buffer overflows in 3S-Smart CODESYS Gateway ...)
	NOT-FOR-US: CODESYS Gateway Server
CVE-2015-6459 (Absolute path traversal vulnerability in the download feature in ...)
	NOT-FOR-US: FileDownloadServlet
CVE-2015-6458
	RESERVED
CVE-2015-6457
	RESERVED
CVE-2015-6456 (GE Digital Energy MDS PulseNET and MDS PulseNET Enterprise before ...)
	NOT-FOR-US: PulseNET
CVE-2015-6455
	REJECTED
CVE-2015-6454 (Everest PeakHMI before 8.7.0.2, when the video server is used, allows ...)
	NOT-FOR-US: PeakHMI
CVE-2015-6453
	REJECTED
CVE-2015-6452
	REJECTED
CVE-2015-6451
	REJECTED
CVE-2015-6450
	REJECTED
CVE-2015-6449
	REJECTED
CVE-2015-6448
	REJECTED
CVE-2015-6447
	REJECTED
CVE-2015-6446
	REJECTED
CVE-2015-6445
	REJECTED
CVE-2015-6444
	REJECTED
CVE-2015-6443
	REJECTED
CVE-2015-6442
	REJECTED
CVE-2015-6441
	REJECTED
CVE-2015-6440
	REJECTED
CVE-2015-6439
	REJECTED
CVE-2015-6438
	REJECTED
CVE-2015-6437
	REJECTED
CVE-2015-6436
	REJECTED
CVE-2015-6435 (An unspecified CGI script in Cisco FX-OS before 1.1.2 on Firepower ...)
	NOT-FOR-US: Cisco
CVE-2015-6434 (Cisco Prime Infrastructure does not properly restrict use of IFRAME ...)
	NOT-FOR-US: Cisco
CVE-2015-6433 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2015-6432 (Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, ...)
	NOT-FOR-US: Cisco
CVE-2015-6431 (Cisco IOS XE 16.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2015-6430
	RESERVED
CVE-2015-6429 (The IKEv1 state machine in Cisco IOS 15.4 through 15.6 and IOS XE 3.15 ...)
	NOT-FOR-US: Cisco
CVE-2015-6428 (Cisco DPQ3925 devices with EDVA r1 Base allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-6427 (Cisco FireSIGHT Management Center allows remote attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-2015-6426 (Cisco Prime Network Services Controller 3.0 allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2015-6425 (The WebApplications Identity Management subsystem in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2015-6424 (The boot manager in Cisco Application Policy Infrastructure Controller ...)
	NOT-FOR-US: Cisco
CVE-2015-6423 (The DCERPC Inspection implementation in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2015-6422 (The self-service application in Cisco Unified Communications Domain ...)
	NOT-FOR-US: Cisco
CVE-2015-6421 (cifs-ao in the CIFS optimization functionality on Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2015-6420 (Serialized-object interfaces in certain Cisco Collaboration and Social ...)
	NOT-FOR-US: Cisco
CVE-2015-6419 (Cisco FireSIGHT Management Center with software 4.10.3, 5.2.0, 5.3.0, ...)
	NOT-FOR-US: Cisco
CVE-2015-6418 (The random-number generator on Cisco Small Business RV routers 4.x and ...)
	NOT-FOR-US: Cisco
CVE-2015-6417 (Cisco Videoscape Distribution Suite Service Manager (VDS-SM) 3.4.0 and ...)
	NOT-FOR-US: Cisco
CVE-2015-6416 (Cross-site scripting (XSS) vulnerability in Cisco Unified Email ...)
	NOT-FOR-US: Cisco
CVE-2015-6415 (Cisco Unified Computing System (UCS) 2.2(3f)A on Fabric Interconnect ...)
	NOT-FOR-US: Cisco
CVE-2015-6414 (Cisco TelePresence Video Communication Server (VCS) X8.6 uses the same ...)
	NOT-FOR-US: Cisco
CVE-2015-6413 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.6 ...)
	NOT-FOR-US: Cisco
CVE-2015-6412 (Cisco Modular Encoding Platform D9036 Software before 02.04.70 has ...)
	NOT-FOR-US: Cisco
CVE-2015-6411 (Cisco FirePOWER Management Center 5.4.1.3, 6.0.0, and 6.0.1 provides ...)
	NOT-FOR-US: Cisco
CVE-2015-6410 (The Mobile and Remote Access (MRA) services implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-6409 (Cisco Jabber 10.6.x, 11.0.x, and 11.1.x on Windows allows ...)
	NOT-FOR-US: Cisco
CVE-2015-6408 (Cross-site request forgery (CSRF) vulnerability in Cisco Unity ...)
	NOT-FOR-US: Cisco
CVE-2015-6407 (Cisco Emergency Responder 10.5(3.10000.9) allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-6406 (Directory traversal vulnerability in the Tools menu in Cisco Emergency ...)
	NOT-FOR-US: Cisco
CVE-2015-6405 (Cross-site request forgery (CSRF) vulnerability in Cisco Emergency ...)
	NOT-FOR-US: Cisco
CVE-2015-6404 (Cisco Hosted Collaboration Mediation Fulfillment 10.6(3) does not use ...)
	NOT-FOR-US: Cisco
CVE-2015-6403 (The TFTP implementation on Cisco Small Business SPA30x, SPA50x, SPA51x ...)
	NOT-FOR-US: Cisco
CVE-2015-6402 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2015-6401 (Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2015-6400 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency ...)
	NOT-FOR-US: Cisco
CVE-2015-6399 (The Supervisor 1.0.0.0 and 1.0.0.1 in Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2015-6398 (Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode ...)
	NOT-FOR-US: Cisco
CVE-2015-6397 (Cisco RV110W, RV130W, and RV215W devices have an incorrect RBAC ...)
	NOT-FOR-US: Cisco
CVE-2015-6396 (The CLI command parser on Cisco RV110W, RV130W, and RV215W devices ...)
	NOT-FOR-US: Cisco
CVE-2015-6395 (Cisco Prime Service Catalog 10.0, 10.0(R2), 10.1, and 11.0 does not ...)
	NOT-FOR-US: Cisco
CVE-2015-6394 (The kernel in Cisco NX-OS 5.2(9)N1(1) on Nexus 5000 devices allows ...)
	NOT-FOR-US: Cisco
CVE-2015-6393 (Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, ...)
	NOT-FOR-US: Cisco
CVE-2015-6392 (Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, ...)
	NOT-FOR-US: Cisco
CVE-2015-6391 (Cisco Unified SIP 3905 phones allow remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2015-6390 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2015-6389 (Cisco Prime Collaboration Assurance before 11.0 has a hardcoded cmuser ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-6388 (Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows ...)
	NOT-FOR-US: Cisco
CVE-2015-6387 (Cross-site scripting (XSS) vulnerability in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2015-6386 (The passthrough FTP feature on Cisco Web Security Appliance (WSA) ...)
	NOT-FOR-US: Cisco
CVE-2015-6385 (The publish-event event-manager feature in Cisco IOS 15.5(2)S and ...)
	NOT-FOR-US: Cisco
CVE-2015-6384 (The Cisco WebEx Meetings application before 8.5.1 for Android ...)
	NOT-FOR-US: Cisco
CVE-2015-6383 (Cisco IOS XE 15.4(3)S on ASR 1000 devices improperly loads software ...)
	NOT-FOR-US: Cisco
CVE-2015-6382 (Cisco ASR 5000 devices with software 16.0(900) allow remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2015-6381
	RESERVED
CVE-2015-6380 (An unspecified script in the web interface in Cisco Firepower ...)
	NOT-FOR-US: Cisco
CVE-2015-6379 (The XML parser in the management interface in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2015-6378 (Cross-site request forgery (CSRF) vulnerability on Cisco DPQ3925 ...)
	NOT-FOR-US: Cisco
CVE-2015-6377 (Cisco Virtual Topology System (VTS) 2.0(0) and 2.0(1) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-6376 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-6375 (The debug-logging (aka debug cns) feature in Cisco Networking Services ...)
	NOT-FOR-US: Cisco
CVE-2015-6374 (The web interface in Cisco Firepower Extensible Operating System ...)
	NOT-FOR-US: Cisco
CVE-2015-6373 (Cross-site request forgery (CSRF) vulnerability in Cisco Firepower ...)
	NOT-FOR-US: Cisco
CVE-2015-6372 (Cross-site scripting (XSS) vulnerability in the web-based management ...)
	NOT-FOR-US: Cisco
CVE-2015-6371 (Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower ...)
	NOT-FOR-US: Cisco
CVE-2015-6370 (The Management I/O (MIO) component in Cisco Firepower Extensible ...)
	NOT-FOR-US: Cisco
CVE-2015-6369 (The USB driver in Cisco Firepower Extensible Operating System ...)
	NOT-FOR-US: Cisco
CVE-2015-6368 (Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower ...)
	NOT-FOR-US: Cisco
CVE-2015-6367 (Cisco Aironet 1800 devices with software 8.1(131.0) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2015-6366 (Cisco IOS 15.2(04)M6 and 15.4(03)S lets physical-interface ACLs ...)
	NOT-FOR-US: Cisco
CVE-2015-6365 (Cisco IOS 15.2(04)M and 15.4(03)M lets physical-interface ACLs ...)
	NOT-FOR-US: Cisco
CVE-2015-6364 (Cisco Content Delivery System Manager Software 3.2 on Videoscape ...)
	NOT-FOR-US: Cisco
CVE-2015-6363 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco
CVE-2015-6362 (The web GUI in Cisco Connected Grid Network Management System (CG-NMS) ...)
	NOT-FOR-US: Cisco
CVE-2015-6361 (The administrative web interface on Cisco DPC3939 (XB3) devices with ...)
	NOT-FOR-US: Cisco
CVE-2015-6360 (The encryption-processing feature in Cisco libSRTP before 1.5.3 allows ...)
	{DSA-3539-1 DLA-393-1}
	[experimental] - srtp 1.5.3~dfsg-1
	- srtp 1.4.5~20130609~dfsg-1.2 (bug #807698)
	NOTE: Fix: https://github.com/cisco/libsrtp/commit/704a31774db0dd941094fd2b47c21638b8dc3de2
	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be95365fbb4788b688cab7af61c65b7989055fb4
	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/be06686c8e98cc7bd934e10abb6f5e971d03f8ee
	NOTE: Fixup: https://github.com/cisco/libsrtp/commit/cdc69f2acde796a4152a250f869271298abc233f
CVE-2015-6359 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6358 (Multiple Cisco embedded devices use hardcoded X.509 certificates and ...)
	NOT-FOR-US: Cisco
CVE-2015-6357 (The rule-update feature in Cisco FireSIGHT Management Center (MC) 5.2 ...)
	NOT-FOR-US: Cisco FireSIGHT
CVE-2015-6356 (Cross-site scripting (XSS) vulnerability in the WeChat page in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-6355 (The web interface in Cisco Unified Computing System (UCS) 2.2(5b)A on ...)
	NOT-FOR-US: Cisco
CVE-2015-6354 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight ...)
	NOT-FOR-US: Cisco
CVE-2015-6353 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSight ...)
	NOT-FOR-US: Cisco
CVE-2015-6352 (Cisco Unified Communications Domain Manager before 10.6(1) provides ...)
	NOT-FOR-US: Cisco
CVE-2015-6351 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
	NOT-FOR-US: Cisco
CVE-2015-6350 (SQL injection vulnerability in the web framework in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2015-6349 (Cross-site scripting (XSS) vulnerability in the web interface in the ...)
	NOT-FOR-US: Cisco
CVE-2015-6348 (The report-generation web interface in the Solution Engine in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-6347 (The Solution Engine in Cisco Secure Access Control Server (ACS) ...)
	NOT-FOR-US: Cisco
CVE-2015-6346 (Cross-site scripting (XSS) vulnerability in Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2015-6345 (SQL injection vulnerability in the Solution Engine in Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2015-6344 (The web-based GUI in Cisco Adaptive Security Appliance (ASA) CX ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-6343 (The SIP implementation in Cisco IOS 15.5(3)M on Cisco Unified Border ...)
	NOT-FOR-US: Cisco
CVE-2015-6342
	REJECTED
CVE-2015-6341 (The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices ...)
	NOT-FOR-US: Cisco
CVE-2015-6340 (The Proxy Mobile IPv6 (PMIPv6) component in the CDMA implementation on ...)
	NOT-FOR-US: Cisco
CVE-2015-6339
	REJECTED
CVE-2015-6338
	REJECTED
CVE-2015-6337 (Cross-site scripting (XSS) vulnerability in Cisco Application Policy ...)
	NOT-FOR-US: Cisco
CVE-2015-6336 (Cisco Aironet 1800 devices with software 7.2, 7.3, 7.4, 8.1(112.3), ...)
	NOT-FOR-US: Cisco
CVE-2015-6335 (The policy implementation in Cisco FireSIGHT Management Center ...)
	NOT-FOR-US: Cisco
CVE-2015-6334 (Cisco ASR 5000 and 5500 devices with software 18.0.0.57828 and ...)
	NOT-FOR-US: Cisco
CVE-2015-6333 (Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows ...)
	NOT-FOR-US: Cisco
CVE-2015-6332 (Cisco Prime Infrastructure 2.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2015-6331 (SQL injection vulnerability in the web framework in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2015-6330 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2015-6329 (SQL injection vulnerability in Cisco Prime Collaboration Provisioning ...)
	NOT-FOR-US: Cisco
CVE-2015-6328 (The web framework in Cisco Prime Collaboration Assurance (PCA) 10.5(1) ...)
	NOT-FOR-US: Cisco
CVE-2015-6327 (The IKEv1 implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2015-6326 (Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before ...)
	NOT-FOR-US: Cisco
CVE-2015-6325 (Cisco Adaptive Security Appliance (ASA) software 7.2 and 8.2 before ...)
	NOT-FOR-US: Cisco
CVE-2015-6324 (The DHCPv6 relay implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2015-6323 (The Admin portal in Cisco Identity Services Engine (ISE) 1.1.x, 1.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2015-6322 (The IPC channel in Cisco AnyConnect Secure Mobility Client 2.0.0343 ...)
	NOT-FOR-US: Cisco
CVE-2015-6321 (Cisco AsyncOS before 8.5.7-042, 9.x before 9.1.0-032, 9.1.x before ...)
	NOT-FOR-US: Cisco
CVE-2015-6320 (The IP ingress packet handler on Cisco Aironet 1800 devices with ...)
	NOT-FOR-US: Cisco
CVE-2015-6319 (SQL injection vulnerability in the web-based management interface on ...)
	NOT-FOR-US: Cisco
CVE-2015-6318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.1 ...)
	NOT-FOR-US: Cisco
CVE-2015-6317 (Cisco Identity Services Engine (ISE) before 2.0 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-6316 (The default configuration of sshd_config in Cisco Mobility Services ...)
	NOT-FOR-US: Cisco
CVE-2015-6315 (Cisco Aironet 1850 access points with software 8.1(112.4) allow local ...)
	NOT-FOR-US: Cisco
CVE-2015-6314 (Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2015-6313 (Cisco TelePresence Server 4.1(2.29) through 4.2(4.17) on 7010; ...)
	NOT-FOR-US: Cisco
CVE-2015-6312 (Cisco TelePresence Server 3.1 on 7010, Mobility Services Engine (MSE) ...)
	NOT-FOR-US: Cisco
CVE-2015-6311 (Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0), ...)
	NOT-FOR-US: Cisco
CVE-2015-6310 (The REST interface in Cisco Unified Communications Manager IM and ...)
	NOT-FOR-US: Cisco
CVE-2015-6309 (Cisco Email Security Appliance (ESA) 8.5.6-106 and 9.6.0-042 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-6308 (Cisco NX-OS 6.0(2)U6(0.46) on N3K devices allows remote authenticated ...)
	NOT-FOR-US: Cisco
CVE-2015-6307 (Cisco FirePOWER (formerly Sourcefire) 7000 and 8000 devices with ...)
	NOT-FOR-US: Cisco
CVE-2015-6306 (Cisco AnyConnect Secure Mobility Client 4.1(8) on OS X and Linux does ...)
	NOT-FOR-US: Cisco
CVE-2015-6305 (Untrusted search path vulnerability in the ...)
	NOT-FOR-US: Cisco
CVE-2015-6304 (Cross-site request forgery (CSRF) vulnerability in Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-6303 (The Cisco Spark application 2015-07-04 for mobile operating systems ...)
	NOT-FOR-US: Cisco
CVE-2015-6302 (The RADIUS functionality on Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2015-6301 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2015-6300 (Cisco Secure Access Control Server (ACS) Solution Engine 5.7(0.15) ...)
	NOT-FOR-US: Cisco
CVE-2015-6299 (SQL injection vulnerability in the web interface in Cisco Unity ...)
	NOT-FOR-US: Cisco
CVE-2015-6298 (The admin web interface in Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x ...)
	NOT-FOR-US: Cisco
CVE-2015-6297 (The DHCPv6 server in Cisco IOS on ASR 9000 devices with software 5.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2015-6296 (Cisco Prime Network Registrar (CPNR) 8.1(3.3), 8.2(3), and 8.3(2) has ...)
	NOT-FOR-US: Cisco
CVE-2015-6295 (Cisco NX-OS 6.1(2)I3(4) and 7.0(3)I1(1) on Nexus 9000 (N9K) devices ...)
	NOT-FOR-US: Cisco
CVE-2015-6294 (Cisco IOS 15.2(3)E and earlier and IOS XE 3.6(2)E and earlier allow ...)
	NOT-FOR-US: Cisco
CVE-2015-6293 (Cisco AsyncOS 8.x before 8.0.8-113, 8.1.x and 8.5.x before 8.5.3-051, ...)
	NOT-FOR-US: Cisco
CVE-2015-6292 (The proxy-cache implementation in Cisco AsyncOS 8.0.x before ...)
	NOT-FOR-US: Cisco
CVE-2015-6291 (Cisco AsyncOS before 8.5.7-043, 9.x before 9.1.1-023, and 9.5.x and ...)
	NOT-FOR-US: Cisco
CVE-2015-6290 (Cisco Web Security Appliance (WSA) 8.0.7 allows remote HTTP servers to ...)
	NOT-FOR-US: Cisco
CVE-2015-6289 (Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and ...)
	NOT-FOR-US: Cisco
CVE-2015-6288 (Cisco Content Security Management Appliance (SMA) 7.8.0-000 does not ...)
	NOT-FOR-US: Cisco
CVE-2015-6287 (Cisco Web Security Appliance (WSA) 8.0.6-078 and 8.0.6-115 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-6286 (Cisco Application Visibility and Control (AVC) 15.3(3)JA, when ...)
	NOT-FOR-US: Cisco
CVE-2015-6285 (Format string vulnerability in Cisco Email Security Appliance (ESA) ...)
	NOT-FOR-US: Cisco Email Security Appliance
CVE-2015-6284 (Buffer overflow in the Conference Control Protocol API implementation ...)
	NOT-FOR-US: Cisco TelePresence Server
CVE-2015-6283
	REJECTED
CVE-2015-6282 (Cisco IOS XE 2.x and 3.x before 3.10.6S, 3.11.xS through 3.13.xS ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6281
	RESERVED
CVE-2015-6280 (The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6279 (The IPv6 snooping functionality in the first-hop security subsystem in ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6278 (The IPv6 snooping functionality in the first-hop security subsystem in ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6277 (The ARP implementation in Cisco NX-OS on Nexus 1000V devices for ...)
	NOT-FOR-US: Cisco
CVE-2015-6276 (Cisco TelePresence IX5000 8.0.3 stores a private key associated with ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-6275
	RESERVED
CVE-2015-6274 (The IPv4 implementation on Cisco ASR 1000 devices with software ...)
	NOT-FOR-US: Cisco ASR
CVE-2015-6273 (Cisco IOS XE before 3.1.2S on ASR 1000 devices mishandles the ...)
	NOT-FOR-US: Cisco
CVE-2015-6272 (Cisco IOS XE 2.1.0 through 2.2.3 and 2.3.0 on ASR 1000 devices, when ...)
	NOT-FOR-US: Cisco
CVE-2015-6271 (Cisco IOS XE 2.1.0 through 2.4.3 and 2.5.0 on ASR 1000 devices, when ...)
	NOT-FOR-US: Cisco
CVE-2015-6270 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2015-6269 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2015-6268 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2015-6267 (Cisco IOS XE before 2.2.3 on ASR 1000 devices allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2015-6266 (The guest portal in Cisco Identity Services Engine (ISE) 3300 ...)
	NOT-FOR-US: Cisco
CVE-2015-6265 (The CLI in Cisco Application Control Engine (ACE) 4700 A5 3.0 and ...)
	NOT-FOR-US: Cisco
CVE-2015-6264
	REJECTED
CVE-2015-6263 (The RADIUS client implementation in Cisco IOS 15.4(3)M2.2, when a ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-6262 (Cross-site request forgery (CSRF) vulnerability in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2015-6261 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
	NOT-FOR-US: Cisco
CVE-2015-6260 (Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not ...)
	NOT-FOR-US: Cisco
CVE-2015-6259 (The JavaServer Pages (JSP) component in Cisco Integrated Management ...)
	NOT-FOR-US: Cisco
CVE-2015-6258 (The Internet Access Point Protocol (IAPP) module on Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2015-6257
	RESERVED
CVE-2015-6256 (Cisco ASR 5000 devices with software 19.0.M0.60828 allow remote ...)
	NOT-FOR-US: Cisco Aggregation Services Router
CVE-2015-6255 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and ...)
	NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2015-6254 (The (1) Service Provider (SP) and (2) Identity Provider (IdP) in ...)
	NOT-FOR-US: PicketLink
CVE-2015-6253
	RESERVED
CVE-2014-9743 (Cross-site scripting (XSS) vulnerability in the httpd_HtmlError ...)
	- vlc 2.2.0~rc2-1
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - vlc <end-of-life> (Unsupported in wheezy-lts)
CVE-2015-6526 (The perf_callchain_user_64 function in arch/powerpc/perf/callchain.c ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.7-ckt11-1
	[wheezy] - linux 3.2.71-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/18/4
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a5cbce421a283e6aea3c4007f141735bf9da8c3 (v4.1-rc1)
CVE-2015-6252 (The vhost_dev_ioctl function in drivers/vhost/vhost.c in the Linux ...)
	{DSA-3364-1}
	- linux 4.1.5-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://lkml.org/lkml/2015/8/10/375
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7932c0bd7740f4cd2aa168d3ce0199e7af7d72d5 (v4.2-rc5)
CVE-2015-6239
	RESERVED
CVE-2015-6238 (Multiple cross-site scripting (XSS) vulnerabilities in the Google ...)
	NOT-FOR-US: Google Analyticator plugin for WordPress
CVE-2015-6237 (The RPC service in Tripwire (formerly nCircle) IP360 VnE Manager 7.2.2 ...)
	NOT-FOR-US: Tripwire IP360 VnE Manager
CVE-2015-6236
	REJECTED
CVE-2015-6235
	REJECTED
CVE-2015-6234
	REJECTED
CVE-2015-6233
	REJECTED
CVE-2015-6232
	REJECTED
CVE-2015-6231
	REJECTED
CVE-2015-6230
	REJECTED
CVE-2015-6229
	REJECTED
CVE-2015-6228
	REJECTED
CVE-2015-6227
	REJECTED
CVE-2015-6226
	REJECTED
CVE-2015-6225
	REJECTED
CVE-2015-6224
	REJECTED
CVE-2015-6223
	REJECTED
CVE-2015-6222
	REJECTED
CVE-2015-6221
	REJECTED
CVE-2015-6220
	REJECTED
CVE-2015-6219
	REJECTED
CVE-2015-6218
	REJECTED
CVE-2015-6217
	REJECTED
CVE-2015-6216
	REJECTED
CVE-2015-6215
	REJECTED
CVE-2015-6214
	REJECTED
CVE-2015-6213
	REJECTED
CVE-2015-6212
	REJECTED
CVE-2015-6211
	REJECTED
CVE-2015-6210
	REJECTED
CVE-2015-6209
	REJECTED
CVE-2015-6208
	REJECTED
CVE-2015-6207
	REJECTED
CVE-2015-6206
	REJECTED
CVE-2015-6205
	REJECTED
CVE-2015-6204
	REJECTED
CVE-2015-6203
	REJECTED
CVE-2015-6202
	REJECTED
CVE-2015-6201
	REJECTED
CVE-2015-6200
	REJECTED
CVE-2015-6199
	REJECTED
CVE-2015-6198
	REJECTED
CVE-2015-6197
	REJECTED
CVE-2015-6196
	REJECTED
CVE-2015-6195
	REJECTED
CVE-2015-6194
	REJECTED
CVE-2015-6193
	REJECTED
CVE-2015-6192
	REJECTED
CVE-2015-6191
	REJECTED
CVE-2015-6190
	REJECTED
CVE-2015-6189
	REJECTED
CVE-2015-6188
	REJECTED
CVE-2015-6187
	REJECTED
CVE-2015-6186
	REJECTED
CVE-2015-6185
	REJECTED
CVE-2015-6184 (The CAttrArray object implementation in Microsoft Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6183
	REJECTED
CVE-2015-6182
	REJECTED
CVE-2015-6181
	REJECTED
CVE-2015-6180
	REJECTED
CVE-2015-6179
	REJECTED
CVE-2015-6178
	REJECTED
CVE-2015-6177 (Microsoft Excel 2007 SP3, Office Compatibility Pack SP3, and Excel ...)
	NOT-FOR-US: Microsoft
CVE-2015-6176 (Microsoft Edge mishandles HTML attributes in HTTP responses, which ...)
	NOT-FOR-US: Microsoft
CVE-2015-6175 (The kernel in Microsoft Windows 10 Gold allows local users to gain ...)
	NOT-FOR-US: Microsoft
CVE-2015-6174 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2015-6173 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2015-6172 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6171 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2015-6170 (Microsoft Edge allows remote attackers to gain privileges via a ...)
	NOT-FOR-US: Microsoft
CVE-2015-6169 (Microsoft Edge misparses HTTP responses, which allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2015-6168 (Microsoft Edge allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft
CVE-2015-6167
	REJECTED
CVE-2015-6166 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6165 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6164 (Microsoft Internet Explorer 9 through 11 improperly implements a ...)
	NOT-FOR-US: Microsoft
CVE-2015-6163
	REJECTED
CVE-2015-6162 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6161 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2015-6160 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6159 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6158 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6157 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2015-6156 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6155 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6154 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2015-6153 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6152 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6151 (Microsoft Internet Explorer 8 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2015-6150 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6149 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6148 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2015-6147 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6146 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6145 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6144 (Microsoft Internet Explorer 8 through 11 and Microsoft Edge mishandle ...)
	NOT-FOR-US: Microsoft
CVE-2015-6143 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6142 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6141 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6140 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6139 (Microsoft Internet Explorer 11 and Microsoft Edge mishandle content ...)
	NOT-FOR-US: Microsoft
CVE-2015-6138 (Microsoft Internet Explorer 8 through 11 mishandles HTML attributes in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6137
	REJECTED
CVE-2015-6136 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsof
CVE-2015-6135 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsof
CVE-2015-6134 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsof
CVE-2015-6133 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsof
CVE-2015-6132 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsof
CVE-2015-6131 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Microsof
CVE-2015-6130 (Integer underflow in Uniscribe in Microsoft Windows 7 SP1 and Windows ...)
	NOT-FOR-US: Microsof
CVE-2015-6129
	REJECTED
CVE-2015-6128 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6127 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Windows Media Center
CVE-2015-6126 (Race condition in the Pragmatic General Multicast (PGM) protocol ...)
	NOT-FOR-US: Microsoft
CVE-2015-6125 (Use-after-free vulnerability in the DNS server in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6124 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6123 (Cross-site scripting (XSS) vulnerability in Microsoft Excel for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2015-6122 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Office ...)
	NOT-FOR-US: Microsoft
CVE-2015-6121
	REJECTED
CVE-2015-6120
	REJECTED
CVE-2015-6119
	REJECTED
CVE-2015-6118 (Microsoft Office 2007 SP3 and Office 2010 SP2 allow remote attackers ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-6117 (Microsoft SharePoint Server 2013 SP1 and SharePoint Foundation 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6116
	REJECTED
CVE-2015-6115 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 allows remote ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-6114 (Microsoft Silverlight 5 before 5.1.41105.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2015-6113 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6112 (SChannel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6111 (IPSec in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6110
	REJECTED
CVE-2015-6109 (The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6108 (The Windows font library in Microsoft Windows Vista SP2; Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6107 (The Windows font library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6106 (The Windows font library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6105
	REJECTED
CVE-2015-6104 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6103 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6102 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6101 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6100 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6099 (Cross-site scripting (XSS) vulnerability in ASP.NET in Microsoft .NET ...)
	NOT-FOR-US: Microsoft .NET
CVE-2015-6098 (Buffer overflow in the Network Driver Interface Standard (NDIS) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6097 (Heap-based buffer overflow in Windows Journal in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6096 (The XML DTD parser in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, ...)
	NOT-FOR-US: Microsoft .NET
CVE-2015-6095 (Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-6094 (Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel ...)
	NOT-FOR-US: Microsoft
CVE-2015-6093 (Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office ...)
	NOT-FOR-US: Microsoft
CVE-2015-6092 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6091 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6090
	REJECTED
CVE-2015-6089 (The Microsoft (1) VBScript and (2) JScript engines, as used in ...)
	NOT-FOR-US: Microsoft
CVE-2015-6088 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2015-6087 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6086 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6085 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6084 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6083 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6082 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6081 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6080 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6079 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6078 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft
CVE-2015-6077 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6076 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6075 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6074 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6073 (Microsoft Internet Explorer 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6072 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6071 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6070 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6069 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6068 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-6067
	REJECTED
CVE-2015-6066 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6065 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-6064 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-6063
	REJECTED
CVE-2015-6062
	REJECTED
CVE-2015-6061 (Cross-site scripting (XSS) vulnerability in Microsoft Skype for ...)
	NOT-FOR-US: Microsoft
CVE-2015-6060
	REJECTED
CVE-2015-6059 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6058 (Microsoft Edge mishandles HTML attributes in HTTP responses, which ...)
	NOT-FOR-US: Microsoft Edge
CVE-2015-6057 (Microsoft Edge allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Microsoft Edge
CVE-2015-6056 (The (1) JScript and (2) VBScript engines in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6055 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6054
	REJECTED
CVE-2015-6053 (Microsoft Internet Explorer 11 allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6052 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6050 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6049 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6048 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6047 (The broker EditWith feature in Microsoft Internet Explorer 8 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6045 (Use-after-free vulnerability in the CElement object implementation in ...)
	NOT-FOR-US: Microsoft
CVE-2015-6044 (Microsoft Internet Explorer 8 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6043
	REJECTED
CVE-2015-6042 (Use-after-free vulnerability in the CWindow object implementation in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-6041
	REJECTED
CVE-2015-6040 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011, Excel ...)
	NOT-FOR-US: Microsoft
CVE-2015-6039 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2015-6038 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-6037 (Cross-site scripting (XSS) vulnerability in Microsoft Excel Services ...)
	NOT-FOR-US: Microsoft
CVE-2015-6036 (QNAP Signage Station before 2.0.1 allows remote attackers to bypass ...)
	NOT-FOR-US: QNAP Signage Station
CVE-2015-6035 (Opsview before 2015-11-06 has XSS via SNMP. ...)
	NOT-FOR-US: Opsview
CVE-2015-6034 (EPSON Network Utility 4.10 uses weak permissions (Everyone: Full ...)
	NOT-FOR-US: Epson
CVE-2015-6033 (Qolsys IQ Panel (aka QOL) before 1.5.1 does not verify the digital ...)
	NOT-FOR-US: Qolsys IQ Panel
CVE-2015-6032 (Qolsys IQ Panel (aka QOL) before 1.5.1 has hardcoded cryptographic ...)
	NOT-FOR-US: Qolsys IQ Panel
CVE-2015-6031 (Buffer overflow in the IGDstartelt function in igd_desc_parse.c in the ...)
	{DSA-3379-1}
	- miniupnpc 1.9.20140610-2.1 (bug #802650)
	NOTE: http://talosintel.com/reports/TALOS-2015-0035/
	NOTE: https://github.com/miniupnp/miniupnp/commit/79cca974a4c2ab1199786732a67ff6d898051b78
CVE-2015-6030 (HP ArcSight Logger 6.0.0.7307.1, ArcSight Command Center 6.8.0.1896.0, ...)
	NOT-FOR-US: HP Arcsight Logger
CVE-2015-6029 (HP ArcSight Logger before 6.0 P2 does not limit attempts to ...)
	NOT-FOR-US: HP Arcsight Logger
CVE-2015-6028 (Castle Rock Computing SNMPc before 2015-12-17 has SQL injection via the ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2015-6027 (Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2015-6026
	RESERVED
CVE-2015-6025
	RESERVED
CVE-2015-6024 (ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with ...)
	NOT-FOR-US: Qolsys NetCommWireless
CVE-2015-6023 (ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with ...)
	NOT-FOR-US: Qolsys NetCommWireless
CVE-2015-6022 (Unrestricted file upload vulnerability in QNAP Signage Station before ...)
	NOT-FOR-US: QNAP Signage Station
CVE-2015-6021 (Spiceworks Desktop before 2015-12-01 has XSS via an SNMP response. ...)
	NOT-FOR-US: Spiceworks Desktop
CVE-2015-6020 (ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6019 (The management portal on ZyXEL PMG5318-B20A devices with firmware ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6018 (The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6017 (Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6016 (ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), ...)
	NOT-FOR-US: ZyXEL
CVE-2015-6015 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-6014 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-6013 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-6012 (Multiple open redirect vulnerabilities in Web Reference Database (aka ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6011 (Web Reference Database (aka refbase) through 0.9.6 and bleeding-edge ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6010 (Multiple cross-site scripting (XSS) vulnerabilities in Web Reference ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6009 (Multiple SQL injection vulnerabilities in Web Reference Database (aka ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6008 (install.php in Web Reference Database (aka refbase) through 0.9.6 ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6007 (Cross-site request forgery (CSRF) vulnerability in Web Reference ...)
	NOT-FOR-US: Web Reference Database (aka refbase)
CVE-2015-6006 (The AddUserFinding implementation in Medicomp MEDCIN Engine ...)
	NOT-FOR-US: Medicomp
CVE-2015-6005 (Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch ...)
	NOT-FOR-US: IPSwitch
CVE-2015-6004 (Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before ...)
	NOT-FOR-US: IPSwitch
CVE-2015-6003 (Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 ...)
	NOT-FOR-US: QNAP QTS
CVE-2015-6002
	RESERVED
CVE-2015-6001
	RESERVED
CVE-2015-6000
	RESERVED
CVE-2015-5999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: D-Link DIR-816L Wireless Router
CVE-2015-5998 (Impero Education Pro before 5105 relies on the ...)
	NOT-FOR-US: Impero Education Pro
CVE-2015-5997 (Impero Education Pro before 5105 uses a hardcoded CBC key and ...)
	NOT-FOR-US: Impero Education Pro
CVE-2015-5996 (Cross-site request forgery (CSRF) vulnerability on Mediabridge ...)
	NOT-FOR-US: Mediabridge Medialink devices
CVE-2015-5995 (Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and ...)
	NOT-FOR-US: Mediabridge Medialink devices
CVE-2015-5994 (The web management interface on Mediabridge Medialink MWN-WAPR300N ...)
	NOT-FOR-US: Mediabridge Medialink devices
CVE-2015-5993 (Buffer overflow in form2ping.cgi on Philippine Long Distance Telephone ...)
	NOT-FOR-US: SpeedSurf
CVE-2015-5992 (Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on ...)
	NOT-FOR-US: SpeedSurf
CVE-2015-5991 (Cross-site request forgery (CSRF) vulnerability in form2WlanSetup.cgi ...)
	NOT-FOR-US: SpeedSurf
CVE-2015-5990 (Cross-site request forgery (CSRF) vulnerability on Belkin F9K1102 2 ...)
	NOT-FOR-US: Belkin devices
CVE-2015-5989 (Belkin F9K1102 2 devices with firmware 2.10.17 rely on client-side ...)
	NOT-FOR-US: Belkin devices
CVE-2015-5988 (The web management interface on Belkin F9K1102 2 devices with firmware ...)
	NOT-FOR-US: Belkin devices
CVE-2015-5987 (Belkin F9K1102 2 devices with firmware 2.10.17 use an improper ...)
	NOT-FOR-US: Belkin devices
CVE-2015-6241 (The proto_tree_add_bytes_item function in epan/proto.c in the ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-21.html
CVE-2015-6242 (The wmem_block_split_free_chunk function in ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-22.html
CVE-2015-6243 (The dissector-table implementation in epan/packet.c in Wireshark ...)
	{DSA-3367-1 DLA-497-1}
	- wireshark 1.12.7+g7fc8978-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-23.html
CVE-2015-6244 (The dissect_zbee_secure function in ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-24.html
CVE-2015-6245 (epan/dissectors/packet-gsm_rlcmac.c in the GSM RLC/MAC dissector in ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-25.html
CVE-2015-6246 (The dissect_wa_payload function in epan/dissectors/packet-waveagent.c ...)
	{DSA-3367-1 DLA-497-1}
	- wireshark 1.12.7+g7fc8978-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-26.html
CVE-2015-6247 (The dissect_openflow_tablemod_v5 function in ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-27.html
CVE-2015-6248 (The ptvcursor_add function in the ptvcursor implementation in ...)
	{DSA-3367-1 DLA-497-1}
	- wireshark 1.12.7+g7fc8978-1
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-28.html
CVE-2015-6249 (The dissect_wccp2r1_address_table_info function in ...)
	{DSA-3367-1}
	- wireshark 1.12.7+g7fc8978-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-29.html
CVE-2015-6250 (simple-php-captcha before commit ...)
	NOT-FOR-US: simple-php-captcha
CVE-2015-5986 (openpgpkey_61.c in named in ISC BIND 9.9.7 before 9.9.7-P3 and 9.10.x ...)
	- bind9 <not-affected> (Vulnerable code present only since 9.9.7)
	NOTE: https://kb.isc.org/article/AA-01291
CVE-2015-6496 (conntrackd in conntrack-tools 1.4.2 and earlier does not ensure that ...)
	{DSA-3341-1 DLA-295-1}
	- conntrack 1:1.4.2-3 (bug #796103)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/14/4
	NOTE: http://bugzilla.netfilter.org/show_bug.cgi?id=910
	NOTE: https://git.netfilter.org/conntrack-tools/commit/?id=c392c159605956c7bd4a264ab4490e2b2704c0cd
CVE-2015-5985
	REJECTED
CVE-2015-5984
	REJECTED
CVE-2015-5983
	REJECTED
CVE-2015-5982
	REJECTED
CVE-2015-5981
	REJECTED
CVE-2015-5980
	REJECTED
CVE-2015-5979
	REJECTED
CVE-2015-5978
	REJECTED
CVE-2015-5977
	REJECTED
CVE-2015-5976
	REJECTED
CVE-2015-5975
	REJECTED
CVE-2015-5974
	REJECTED
CVE-2015-5973
	REJECTED
CVE-2015-5972
	REJECTED
CVE-2015-5971
	REJECTED
CVE-2015-5970 (The ChangePassword RPC method in Novell ZENworks Configuration ...)
	NOT-FOR-US: Novell
CVE-2015-5969 (The mysql-systemd-helper script in the mysql-community-server package ...)
	NOT-FOR-US: SuSE-specific mysql packaging bug
CVE-2015-5968 (Cross-site scripting (XSS) vulnerability in Novell Filr 1.2 before Hot ...)
	NOT-FOR-US: Novell
CVE-2015-5967
	REJECTED
CVE-2015-5966
	REJECTED
CVE-2015-5965 (The SSL-VPN feature in Fortinet FortiOS before 4.3.13 only checks the ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-6506 (Cross-site scripting (XSS) vulnerability in the cryptography interface ...)
	{DSA-3335-1}
	- request-tracker4 4.2.11-2
	[jessie] - request-tracker4 4.2.8-3+deb8u1
	[wheezy] - request-tracker4 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/bestpractical/rt/commit/36a461947b00b105336adb4997d1c7767d8484c4
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/13/8
CVE-2015-6565 (sshd in OpenSSH 6.8 and 6.9 uses world-writable permissions for TTY ...)
	- openssh <not-affected> (Vulnerable code introduce in V_6_8_P1)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=6f941396b6835ad18018845f515b0c4fe20be21a
	NOTE: Issue introduced with https://anongit.mindrot.org/openssh.git/commit/?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2 (V_6_8_P1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/12/1
CVE-2015-6563 (The monitor component in sshd in OpenSSH before 7.0 on non-OpenBSD ...)
	- openssh 1:6.9p1-1 (bug #795711)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6564 (Use-after-free vulnerability in the mm_answer_pam_free_ctx function in ...)
	- openssh 1:6.9p1-1 (bug #795711)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	[squeeze] - openssh <no-dsa> (Minor issue)
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?id=5e75f5198769056089fb06c4d738ab0e5abc66f7
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/9
CVE-2015-6737 (Cross-site scripting (XSS) vulnerability in the Widgets extension for ...)
	NOT-FOR-US: Widgets extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T88964
CVE-2015-6736 (The Quiz extension for MediaWiki allows remote attackers to cause a ...)
	NOT-FOR-US: Quiz extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T97083
CVE-2015-6735 (The reset functionality in the TimedMediaHandler extension for ...)
	NOT-FOR-US: TimedMediaHandler extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T100211
CVE-2015-6734 (Cross-site scripting (XSS) vulnerability in contrib/cssgen.php in the ...)
	- mediawiki-extensions <not-affected> (contrib directory not present)
	NOTE: https://phabricator.wikimedia.org/T108198
CVE-2015-6733 (GeSHi, as used in the SyntaxHighlight_GeSHi extension and MediaWiki ...)
	- mediawiki-extensions <not-affected> (contrib directory not present)
	NOTE: https://phabricator.wikimedia.org/T108198
CVE-2015-6732 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: SemanticForms extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T103391
	NOTE: https://phabricator.wikimedia.org/T103765
	NOTE: https://phabricator.wikimedia.org/T103765
CVE-2015-6731 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: SemanticForms extension for MediaWiki
	NOTE: https://phabricator.wikimedia.org/T103391
	NOTE: https://phabricator.wikimedia.org/T103765
	NOTE: https://phabricator.wikimedia.org/T103765
CVE-2015-6730 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T97391
CVE-2015-6729 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...)
	- mediawiki <not-affected> (Introduced in 1.21)
	NOTE: https://phabricator.wikimedia.org/T97391
CVE-2015-6728 (The ApiBase::getWatchlistUser function in MediaWiki before 1.23.10, ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T94116
CVE-2013-7444 (The Special:Contributions page in MediaWiki before 1.22.0 allows ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T106893
	NOTE: https://github.com/wikimedia/mediawiki/commit/dc2966bd05b69321300c63fd0bd78e7c78ecea6e
CVE-2015-6727 (The Special:DeletedContributions page in MediaWiki before 1.23.10, ...)
	- mediawiki 1:1.25.5-1 (bug #799096)
	[wheezy] - mediawiki <no-dsa> (Minor issues)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://phabricator.wikimedia.org/T106893
	NOTE: https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
CVE-2015-5964 (The (1) contrib.sessions.backends.base.SessionBase.flush and (2) ...)
	{DSA-3338-1 DLA-301-1}
	- python-django 1.7.10-1 (bug #796104)
	NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
CVE-2015-5963 (contrib.sessions.middleware.SessionMiddleware in Django 1.8.x before ...)
	{DSA-3338-1 DLA-301-1}
	- python-django 1.7.10-1 (bug #796104)
	NOTE: https://www.djangoproject.com/weblog/2015/aug/18/security-releases/
CVE-2015-5962 (Integer signedness error in the ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-5961 (The COPPA error page in the Accounts setup dialog in Mozilla Firefox ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-5960 (Mozilla Firefox OS before 2.2 allows physically proximate attackers to ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-6520 (IPPUSBXD before 1.22 listens on all interfaces, which allows remote ...)
	- ippusbxd 1.22-1 (bug #795162)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/11/1
	NOTE: https://github.com/tillkamppeter/ippusbxd/commit/46844402bca7a38fc224483ba6f0a93c4613203f
	NOTE: https://github.com/tillkamppeter/ippusbxd/commit/a632841f8e65d402e13e81921515f5a1e2736c82
CVE-2015-XXXX [publicfile-installer: insecure use of /tmp]
	- publicfile-installer 0.11-1 (bug #795062)
CVE-2015-XXXX [net/http: broken trailers don't close a server connection]
	- golang 2:1.4.3-1
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/issues/12027
	NOTE: https://github.com/golang/go/commit/26049f6f9171d1190f3bbe05ec304845cfe6399f
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/06/2
CVE-2015-6251 (Double free vulnerability in GnuTLS before 3.3.17 and 3.4.x before ...)
	{DSA-3334-1}
	- gnutls28 3.3.17-1 (bug #795068)
	- gnutls26 <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/10/1
	NOTE: https://gitlab.com/gnutls/gnutls/commit/272854367efc130fbd4f1a51840d80c630214e12
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-3
	NOTE: _gnutls_x509_dn_to_string() introduced in 3.1.10 via:
	NOTE: https://gitlab.com/gnutls/gnutls/commit/6be35136333b5d6289f23209cf896e741462909a
CVE-2015-5958 (phpFileManager 0.9.8 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: phpFileManager
CVE-2015-5956 (The sanitizeLocalUrl function in TYPO3 6.x before 6.2.15, 7.x before ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (not supported in squeeze-lts)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-009/
CVE-2015-5955 (ownCloud iOS app before 3.4.4 does not properly switch state between ...)
	NOT-FOR-US: ownCloud iOS app
CVE-2015-5954 (The virtual filesystem in ownCloud Server before 6.0.9, 7.0.x before ...)
	{DSA-3373-1}
	- owncloud 7.0.7~dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-011
CVE-2015-5953 (Cross-site scripting (XSS) vulnerability in the activity application ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-010
CVE-2015-5952
	RESERVED
CVE-2015-5951
	RESERVED
CVE-2015-5950 (The NVIDIA display driver R352 before 353.82 and R340 before 341.81 on ...)
	- nvidia-graphics-drivers 340.93-1 (bug #800566)
	[jessie] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx 304.128-5
	[jessie] - nvidia-graphics-drivers-legacy-304xx 304.128-1
CVE-2015-5949 (VideoLAN VLC media player 2.2.1 allows remote attackers to cause a ...)
	{DSA-3342-1}
	- vlc 2.2.1-3 (bug #796255)
	[wheezy] - vlc <not-affected> (Vulnerability introduced by later changes)
	[squeeze] - vlc <not-affected> (Vulnerability introduced by later changes)
	NOTE: https://git.videolan.org/?p=vlc/vlc-2.2.git;a=commitdiff;h=ce91452460a75d7424b165c4dc8db98114c3cbd9;hp=9e12195d3e4316278af1fa4bcb6a705ff27456fd
	NOTE: http://www.ocert.org/advisories/ocert-2015-009.html
CVE-2015-5948 (Race condition in SuiteCRM before 7.2.3 allows remote attackers to ...)
	NOT-FOR-US: SuiteCRM
CVE-2015-5947 (SuiteCRM before 7.2.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: SuiteCRM
CVE-2015-5946 (Incomplete blacklist vulnerability in SuiteCRM 7.2.2 allows remote ...)
	NOT-FOR-US: SugarCRM
CVE-2015-5945 (The Sandbox subsystem in Apple OS X before 10.11.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2015-5944 (CoreText in Apple OS X before 10.11.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-5943 (SecurityAgent in Apple OS X before 10.11.1 does not prevent synthetic ...)
	NOT-FOR-US: Apple
CVE-2015-5942 (FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-5941
	REJECTED
CVE-2015-5940 (The Accelerate Framework component in Apple iOS before 9.1 and OS X ...)
	NOT-FOR-US: Apple
CVE-2015-5939 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-5938 (ImageIO in Apple OS X before 10.11.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-5937 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-5936 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-5935 (ImageIO in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-5934 (Audio in Apple OS X before 10.11.1 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5933 (Audio in Apple OS X before 10.11.1 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5932 (The kernel in Apple OS X before 10.11.1 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5931 (WebKit, as used in Apple Safari before 9.0.1 and iTunes before 12.3.1, ...)
	NOT-FOR-US: Webkit as used by Apple
CVE-2015-5930 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-5929 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-5928 (WebKit, as used in Apple iOS before 9.1, Safari before 9.0.1, and ...)
	NOT-FOR-US: Apple
CVE-2015-5927 (FontParser in Apple iOS before 9.1, OS X before 10.11.1, and watchOS ...)
	NOT-FOR-US: Apple
CVE-2015-5926 (The CoreGraphics component in Apple iOS before 9.1, OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5925 (The CoreGraphics component in Apple iOS before 9.1, OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5924 (The OpenGL implementation in Apple iOS before 9.1 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5923 (Apple iOS before 9.0.2 does not properly restrict the options ...)
	NOT-FOR-US: Apple
CVE-2015-5922 (Unspecified vulnerability in International Components for Unicode ...)
	NOT-FOR-US: Apple
CVE-2015-5921 (WebKit in Apple iOS before 9 mishandles &quot;Content-Disposition: ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5920 (The Software Update component in Apple iTunes before 12.3 does not ...)
	NOT-FOR-US: Apple
CVE-2015-5919 (GasGauge in Apple watchOS before 2 allows local users to gain ...)
	NOT-FOR-US: Apple watchOS
CVE-2015-5918 (GasGauge in Apple watchOS before 2 allows local users to gain ...)
	NOT-FOR-US: Apple watchOS
CVE-2015-5917 (The glob implementation in tnftpd (formerly lukemftpd), as used in ...)
	NOT-FOR-US: Apple
CVE-2015-5916 (The Apple Pay component in Apple iOS before 9 allows remote terminals ...)
	NOT-FOR-US: Apple
CVE-2015-5915 (Apple OS X before 10.11 does not ensure that the keychain's lock state ...)
	NOT-FOR-US: Apple
CVE-2015-5914 (The EFI component in Apple OS X before 10.11 allows physically ...)
	NOT-FOR-US: Apple
CVE-2015-5913 (Heimdal, as used in Apple OS X before 10.11, allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2015-5912 (The CFNetwork FTPProtocol component in Apple iOS before 9 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5911 (Multiple unspecified vulnerabilities in Twisted in Wiki Server in ...)
	NOT-FOR-US: Apple
CVE-2015-5910 (IDE Xcode Server in Apple Xcode before 7.0 does not ensure that server ...)
	NOT-FOR-US: Apple
CVE-2015-5909 (IDE Xcode Server in Apple Xcode before 7.0 does not properly restrict ...)
	NOT-FOR-US: Apple
CVE-2015-5908
	REJECTED
CVE-2015-5907 (WebKit in Apple iOS before 9 allows man-in-the-middle attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5906 (The HTML form implementation in WebKit in Apple iOS before 9 does not ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5905 (Safari in Apple iOS before 9 allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple
CVE-2015-5904 (Safari in Apple iOS before 9 allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple
CVE-2015-5903 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-5902 (The debugging feature in the kernel in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5901 (The Secure Empty Trash feature in Finder in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5900 (The protected range register in the EFI component in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5899 (libpthread in the kernel in Apple iOS before 9 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2015-5898 (CFNetwork in Apple iOS before 9 relies on the hardware UID for its ...)
	NOT-FOR-US: Apple
CVE-2015-5897 (The Address Book framework in Apple OS X before 10.11 allows local ...)
	NOT-FOR-US: Apple
CVE-2015-5896 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-5895 (Multiple unspecified vulnerabilities in SQLite before 3.8.10.2, as ...)
	NOT-FOR-US: Apple
CVE-2015-5894 (The X.509 certificate-trust implementation in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5893 (SMBClient in SMB in Apple OS X before 10.11 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2015-5892 (Siri in Apple iOS before 9 allows physically proximate attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-5891 (The SMB implementation in the kernel in Apple OS X before 10.11 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5890 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5889 (rsh in the remote_cmds component in Apple OS X before 10.11 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5888 (The Install Framework Legacy component in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5887 (The TLS Handshake Protocol implementation in Secure Transport in Apple ...)
	NOT-FOR-US: Apple
CVE-2015-5886
	REJECTED
CVE-2015-5885 (The CFNetwork Cookies component in Apple iOS before 9 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5884 (The Mail Drop feature in Mail in Apple OS X before 10.11 mishandles ...)
	NOT-FOR-US: Apple
CVE-2015-5883 (The bidirectional text-display and text-selection implementations in ...)
	NOT-FOR-US: Apple
CVE-2015-5882 (The processor_set_tasks API implementation in Apple iOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-5881
	REJECTED
CVE-2015-5880 (CoreAnimation in Apple iOS before 9 allows attackers to bypass ...)
	NOT-FOR-US: Apple
CVE-2015-5879 (XNU in the kernel in Apple iOS before 9 does not properly validate the ...)
	NOT-FOR-US: Apple
CVE-2015-5878 (Notes in Apple OS X before 10.11 misparses links, which allows local ...)
	NOT-FOR-US: Apple
CVE-2015-5877 (The Intel Graphics Driver component in Apple OS X before 10.11 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5876 (dyld in Dev Tools in Apple iOS before 9 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5875 (Cross-site scripting (XSS) vulnerability in Notes in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-5874 (CoreText in Apple iOS before 9 and iTunes before 12.3 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5873 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5872 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5871 (IOGraphics in Apple OS X before 10.11 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5870 (The debugging interfaces in the kernel in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5869 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	NOT-FOR-US: Apple
CVE-2015-5868 (The kernel in Apple iOS before 9 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-5867 (IOHIDFamily in Apple iOS before 9 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5866 (IOHIDFamily in Apple OS X before 10.11 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5865 (IOGraphics in Apple OS X before 10.11 allows attackers to obtain ...)
	NOT-FOR-US: Apple
CVE-2015-5864 (IOAudioFamily in Apple OS X before 10.11 allows local users to obtain ...)
	NOT-FOR-US: Apple
CVE-2015-5863 (IOStorageFamily in Apple iOS before 9 does not properly initialize an ...)
	NOT-FOR-US: Apple
CVE-2015-5862 (The Audio component in Apple iOS before 9 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-5861 (SpringBoard in Apple iOS before 9 allows physically proximate ...)
	NOT-FOR-US: Apple
CVE-2015-5860 (The CFNetwork HTTPProtocol component in Apple iOS before 9 mishandles ...)
	NOT-FOR-US: Apple
CVE-2015-5859 (The CFNetwork HTTPProtocol component in Apple iOS before 9 and OS X ...)
	NOT-FOR-US: Apple
CVE-2015-5858 (The CFNetwork HTTPProtocol component in Apple iOS before 9 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5857 (Mail in Apple iOS before 9 allows remote attackers to use an ...)
	NOT-FOR-US: Apple
CVE-2015-5856 (The Application Store component in Apple iOS before 9 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5855 (Apple iOS before 9 allows attackers to discover the e-mail address of ...)
	NOT-FOR-US: Apple
CVE-2015-5854 (The backup implementation in Time Machine in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5853 (AirScan in Apple OS X before 10.11 allows man-in-the-middle attackers ...)
	NOT-FOR-US: Apple
CVE-2015-5852
	REJECTED
CVE-2015-5851 (The convenience initializer in the Multipeer Connectivity component in ...)
	NOT-FOR-US: Apple
CVE-2015-5850 (AppleKeyStore in Apple iOS before 9 allows physically proximate ...)
	NOT-FOR-US: Apple
CVE-2015-5849 (The filtering implementation in AppleEvents in Apple OS X before 10.11 ...)
	NOT-FOR-US: Apple
CVE-2015-5848 (IOAcceleratorFamily in Apple iOS before 9 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5847 (The Disk Images component in Apple iOS before 9 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2015-5846 (IOKit in the kernel in Apple iOS before 9 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5845 (IOKit in the kernel in Apple iOS before 9 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5844 (IOKit in the kernel in Apple iOS before 9 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5843 (IOMobileFrameBuffer in Apple iOS before 9 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-5842 (XNU in the kernel in Apple iOS before 9 does not properly initialize ...)
	NOT-FOR-US: Apple
CVE-2015-5841 (The CFNetwork Proxies component in Apple iOS before 9 does not ...)
	NOT-FOR-US: Apple
CVE-2015-5840 (The checkint division routines in removefile in Apple iOS before 9 ...)
	NOT-FOR-US: Apple
CVE-2015-5839 (dyld in Apple iOS before 9 allows attackers to bypass a code-signing ...)
	NOT-FOR-US: Apple
CVE-2015-5838 (SpringBoard in Apple iOS before 9 does not properly restrict access to ...)
	NOT-FOR-US: Apple
CVE-2015-5837 (PluginKit in Apple iOS before 9 allows attackers to bypass an intended ...)
	NOT-FOR-US: Apple
CVE-2015-5836 (Apple Online Store Kit in Apple OS X before 10.11 improperly validates ...)
	NOT-FOR-US: Apple
CVE-2015-5835 (Apple iOS before 9 allows attackers to obtain sensitive information ...)
	NOT-FOR-US: Apple
CVE-2015-5834 (IOAcceleratorFamily in Apple iOS before 9 allows attackers to obtain ...)
	NOT-FOR-US: Apple
CVE-2015-5833 (The Login Window component in Apple OS X before 10.11 does not ensure ...)
	NOT-FOR-US: Apple
CVE-2015-5832 (The iTunes Store component in Apple iOS before 9 does not properly ...)
	NOT-FOR-US: Apple
CVE-2015-5831 (NetworkExtension in the kernel in Apple iOS before 9 does not properly ...)
	NOT-FOR-US: Apple
CVE-2015-5830 (The Intel Graphics Driver component in Apple OS X before 10.11 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5829 (Data Detectors Engine in Apple iOS before 9 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-5828 (The API in the WebKit Plug-ins component in Apple Safari before 9 does ...)
	NOT-FOR-US: Apple Safari
CVE-2015-5827 (WebKit in Apple iOS before 9 allows remote attackers to bypass the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5826 (WebKit in Apple iOS before 9 does not properly select the cases in ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5825 (WebKit in Apple iOS before 9 does not properly restrict the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5824 (The NSURL implementation in the CFNetwork SSL component in Apple iOS ...)
	NOT-FOR-US: Apple
CVE-2015-5823 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5822 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5821 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5820 (WebKit in Apple iOS before 9 allows remote attackers to trigger a ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5819 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5818 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5817 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5816 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5815 (WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5814 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5813 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5812 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5811 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5810 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5809 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5808 (WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5807 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5806 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5805 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5804 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5803 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5802 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5801 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5800 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5799 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5798 (WebKit, as used in Apple iTunes before 12.3, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5797 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5796 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5795 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5794 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5793 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5792 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5791 (WebKit, as used in JavaScriptCore in Apple iOS before 9 and iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5790 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5789 (WebKit, as used in Apple iOS before 9 and iTunes before 12.3, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5788 (The WebKit Canvas implementation in Apple iOS before 9 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5787 (The kernel in Apple iOS before 8.4.1 does not properly restrict ...)
	NOT-FOR-US: Apple
CVE-2015-5786 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5785 (Apple QuickTime before 7.7.8 allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2015-5784 (runner in Install.framework in the Install Framework Legacy component ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5783 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5782 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5781 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5780 (The Safari Extensions implementation in Apple Safari before 9 does not ...)
	NOT-FOR-US: Apple
CVE-2015-5779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5778 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5777 (CoreMedia Playback in Apple iOS before 8.4.1 and OS X before 10.10.5 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5776 (Libinfo in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5775 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5774 (Buffer overflow in IOHIDFamily in Apple iOS before 8.4.1 and OS X ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5773 (QL Office in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5772 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.5 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5771 (Quartz Composer Framework in Apple OS X before 10.10.5 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5770 (MobileInstallation in Apple iOS before 8.4.1 does not ensure the ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5769 (The MSVDX driver in Apple iOS before 8.4.1 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5768 (AppleGraphicsControl in Apple OS X before 10.10.5 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5767 (The user interface in Safari in Apple iOS before 9 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5766 (Directory traversal vulnerability in Air Traffic in Apple iOS before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5765 (The user interface in Safari in Apple iOS before 9 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5764 (The user interface in Safari in Apple iOS before 9 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-5763 (ntfs in Apple OS X before 10.10.5 allows local users to gain ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5762
	RESERVED
CVE-2015-5761 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5760
	REJECTED
CVE-2015-5759 (WebKit in Apple iOS before 8.4.1 allows remote attackers to spoof ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-5758 (ImageIO in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5757 (libpthread in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple
CVE-2015-5756 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5755 (CoreText in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5754 (Race condition in runner in Install.framework in the Install Framework ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5753 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5752 (Backup in Apple iOS before 8.4.1 allows attackers to bypass intended ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5751 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5750 (Data Detectors Engine in Apple OS X before 10.10.5 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5749 (The Sandbox_profiles component in Apple iOS before 8.4.1 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5748 (The kernel in Apple OS X before 10.10.5 does not properly mount HFS ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5747 (The fasttrap driver in the kernel in Apple OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5746 (AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass ...)
	NOT-FOR-US: Apple OS X
CVE-2015-5744
	RESERVED
CVE-2015-5743
	RESERVED
CVE-2015-5742 (VeeamVixProxy in Veeam Backup &amp; Replication (B&amp;R) before 8.0 update 3 ...)
	NOT-FOR-US: Veeam
CVE-2015-5738 (The RSA-CRT implementation in the Cavium Software Development Kit ...)
	- openssl <not-affected> (OpenSSL upstream is not affected)
CVE-2015-5959 (Froxlor before 0.9.33.2 with the default configuration/setup might ...)
	- froxlor <itp> (bug #581792)
CVE-2015-5957 (Buffer overflow in the DumpSysVar function in var.c in Remind before ...)
	{DLA-289-1}
	- remind 03.01.15-1 (unimportant)
	NOTE: Non-exploitable starting with Wheezy due to D_FORTIFY_SOURCE
CVE-2015-5745 [buffer overflow in virtio-serial]
	RESERVED
	{DSA-3349-1 DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #795087)
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
	[squeeze] - qemu <not-affected> (Vulnerable code introduced later)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code introduced later)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/06/3
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=7882080388be5088e72c425b02223c02e6cb4295 (v2.4.0-rc3)
	NOTE: Introduced in: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=98b19252cf1bd97c54bc4613f3537c5ec0aae263 (v0.13.0-rc0)
	NOTE: Patch for wheezy needs change since uses iov_from_buf:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=dcf6f5e15ecee4f593eeacbe0591c1addc004d92
	NOTE: iov_* function changed in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=2278a69e7020d86a8c73a28474e7709d3e7d5081 (v1.2.0-rc0)
CVE-2015-5737 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, (4) ...)
	NOT-FOR-US: Fortinet
CVE-2015-5736 (The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows ...)
	NOT-FOR-US: Fortinet
CVE-2015-5735 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...)
	NOT-FOR-US: Fortinet
CVE-2015-5729 (The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, ...)
	NOT-FOR-US: Samsung
CVE-2015-5728
	RESERVED
CVE-2015-5727 (The BER decoder in Botan 1.10.x before 1.10.10 and 1.11.x before ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.10-1
	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
	NOTE: http://botan.randombit.net/security.html
CVE-2015-5726 (The BER decoder in Botan 0.10.x before 1.10.10 and 1.11.x before ...)
	{DSA-3565-1 DLA-449-1}
	- botan1.10 1.10.10-1
	NOTE: Fixed in 1.11.19 and 1.10.10, affected all previous versions of 1.10 and 1.11
	NOTE: http://botan.randombit.net/security.html
CVE-2015-5725 (SQL injection vulnerability in the offset method in the Active Record ...)
	NOT-FOR-US: CodeIgniter
CVE-2014-9742 (The Miller-Rabin primality check in Botan before 1.10.8 and 1.11.x ...)
	{DLA-449-1}
	- botan1.10 1.10.8-1
	NOTE: Introduced in 1.8.3, fixed in 1.10.8 and 1.11.9
	NOTE: http://botan.randombit.net/security.html
CVE-2015-5741 [other discoveries of security-relevant RFC 7230 violations]
	RESERVED
	- golang 2:1.4.2-4 (bug #795106)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
	NOTE: https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
CVE-2015-5740 (The net/http library in net/http/transfer.go in Go before 1.4.3 does ...)
	- golang 2:1.4.2-4 (bug #795106)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/commit/300d9a21583e7cf0149a778a0611e76ff7c6680f
	NOTE: https://github.com/golang/go/commit/143822585e32449860e624cace9d2e521deee62e
CVE-2015-5739 (The net/http library in net/textproto/reader.go in Go before 1.4.3 ...)
	- golang 2:1.4.2-4 (bug #795106)
	[jessie] - golang <no-dsa> (Minor issue)
	[wheezy] - golang <no-dsa> (Minor issue)
	NOTE: https://github.com/golang/go/commit/117ddcb83d7f42d6aa72241240af99ded81118e9
CVE-2015-5724
	RESERVED
CVE-2015-5722 (buffer.c in named in ISC BIND 9.x before 9.9.7-P3 and 9.10.x before ...)
	{DSA-3350-1 DLA-308-1}
	- bind9 1:9.9.5.dfsg-12
	NOTE: https://kb.isc.org/article/AA-01287
CVE-2015-5721 (Malware Information Sharing Platform (MISP) before 2.3.90 allows ...)
	NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5720 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5719 (app/Controller/TemplatesController.php in Malware Information Sharing ...)
	NOT-FOR-US: Malware Information Sharing Platform
CVE-2015-5718 (Stack-based buffer overflow in the handle_debug_network function in ...)
	NOT-FOR-US: Websense Content Gateway
CVE-2015-5734 (Cross-site scripting (XSS) vulnerability in the legacy theme preview ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33549
CVE-2015-5733 (Cross-site scripting (XSS) vulnerability in the ...)
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	[jessie] - wordpress 4.1+dfsg-1+deb8u1
	[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
	[squeeze] - wordpress 3.6.1+dfsg-1~deb6u6
	NOTE: For jessie and wheezy the fix was already contained
	NOTE: in a previous update. The the same was included in
	NOTE: the fix with cs32176_dashboard_esc_titles
	NOTE: but the issue apparently later reintroduced
	NOTE: https://core.trac.wordpress.org/changeset/33540
	NOTE: https://core.trac.wordpress.org/changeset/33541
CVE-2015-5732 (Cross-site scripting (XSS) vulnerability in the form function in the ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33529
CVE-2015-5731 (Cross-site request forgery (CSRF) vulnerability in wp-admin/post.php ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33542
	NOTE: https://core.trac.wordpress.org/changeset/33543
CVE-2015-5730 (The sanitize_widget_instance function in ...)
	{DSA-3332-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	[squeeze] - wordpress <not-affected> (Vulnerable code introduced later)
	[wheezy] - wordpress <not-affected> (Vulnerable code introduced later)
	NOTE: https://core.trac.wordpress.org/changeset/33535
	NOTE: https://core.trac.wordpress.org/changeset/33536
CVE-2015-5717 (The Siemens COMPAS Mobile application before 1.6 for Android does not ...)
	NOT-FOR-US: Siemens
CVE-2015-5716
	RESERVED
CVE-2015-5715 (The mw_editPost function in wp-includes/class-wp-xmlrpc-server.php in ...)
	{DSA-3383-1 DSA-3375-1 DLA-321-1}
	- wordpress 4.3.1+dfsg-1 (bug #799140)
	NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
	NOTE: https://github.com/WordPress/WordPress/commit/9c57f3a4291f2311ae05f22c10eedeb0f69337ab
CVE-2015-5714 (Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 ...)
	{DSA-3383-1 DSA-3375-1 DLA-321-1}
	- wordpress 4.3.1+dfsg-1 (bug #799140)
	NOTE: https://wordpress.org/news/2015/09/wordpress-4-3-1/
	NOTE: https://github.com/WordPress/WordPress/commit/f72b21af23da6b6d54208e5c1d65ececdaa109c8
CVE-2015-5713 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2015-5712 (Spotfire Parsing Library and Spotfire Security Filter in TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2015-5711 (TIBCO Managed File Transfer Internet Server before 7.2.5, Managed File ...)
	NOT-FOR-US: TIBCO
CVE-2015-5710
	RESERVED
CVE-2015-5709
	RESERVED
CVE-2015-5708
	RESERVED
CVE-2015-5703 (SQL injection vulnerability in the public key discovery API call in ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-8395 (PCRE before 8.38 mishandles certain references, which allows remote ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1594
	NOTE: related issue to CVE-2015-8384 and CVE-2015-8392
	NOTE: Same fix as used for CVE-2015-8381
CVE-2015-8394 (PCRE before 8.38 mishandles the (?(&lt;digits&gt;) and (?(R&lt;digits&gt;) ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1589
CVE-2015-8393 (pcregrep in PCRE before 8.38 mishandles the -q option for binary ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1586
CVE-2015-8392 (PCRE before 8.38 mishandles certain instances of the (?| substring, ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1585
	NOTE: related issue to CVE-2015-8384 and CVE-2015-8395
CVE-2015-8391 (The pcre_compile function in pcre_compile.c in PCRE before 8.38 ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1579
	NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=640
CVE-2015-8390 (PCRE before 8.38 mishandles the [: and \\ substrings in character ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1578
CVE-2015-8389 (PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code not present)
	[squeeze] - pcre3 <not-affected> (Vulnerable code not present)
	NOTE: Fixed in 8.38
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1577
	NOTE: First bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1440
	NOTE: Only after r1577 looks like there is another new issue (stack-buffer-underflow, READ of size 4 when running PoC)
CVE-2015-8388 (PCRE before 8.38 mishandles the /(?=di(?&lt;=(?1))|(?=(.))))/ pattern and ...)
	- pcre3 2:8.35-7
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1571
	NOTE: Fixed in 8.38
	NOTE: Different issue than CVE-2015-5073 but same fixing commit
CVE-2015-8387 (PCRE before 8.38 mishandles (?123) subroutine calls and related ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1563
CVE-2015-8386 (PCRE before 8.38 mishandles the interaction of lookbehind assertions ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed in 8.38
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1560
	NOTE: Reproducer fails starting from at least http://vcs.pcre.org/pcre?view=revision&revision=1379
	NOTE: but the patched code is as well already present in wheezy at least.
CVE-2015-8385 (PCRE before 8.38 mishandles the /(?|(\k'Pm')|(?'Pm'))/ pattern and ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: Fixed in 8.38
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1559
CVE-2015-8384 (PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\g{d}))/ pattern and ...)
	- pcre3 2:8.35-7.2
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
	NOTE: related issue to CVE-2015-8392 and CVE-2015-8395
	NOTE: Fixed in 8.38
	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1558
	NOTE: Same fixing commit as CVE-2015-3210 but different issues
CVE-2015-8383 (PCRE before 8.38 mishandles certain repeated conditional groups, which ...)
	- pcre3 2:8.38-1
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <not-affected> (vulnerable coded introduce in 8.34)
	[squeeze] - pcre3 <not-affected> (vulnerable code introduced in 8.34)
	NOTE: Fixed in 8.38
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/29/1
	NOTE: Fixed by http://vcs.pcre.org/pcre?view=revision&revision=1557
	NOTE: Introduced by/first bad commit: http://vcs.pcre.org/pcre?view=revision&revision=1365
CVE-2015-8382 (The match function in pcre_exec.c in PCRE before 8.37 mishandles the ...)
	- pcre3 2:8.35-7.2 (bug #794589)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: http://vcs.pcre.org/pcre/code/trunk/pcre_exec.c?r1=1502&r2=1510
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1537
	NOTE: Fixed upstream in upstream release pcre-8.37
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/04/2
CVE-2015-XXXX [more to CVE-2015-2059]
	- libidn 1.32-1
	[jessie] - libidn 1.29-1+deb8u1
	[wheezy] - libidn 1.25-2+deb7u1
	[squeeze] - libidn 1.15-2+deb6u2
	NOTE: Introduced by fix for CVE-2015-2059
	NOTE: https://lists.gnu.org/archive/html/help-libidn/2015-07/msg00026.html
	NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=58c721ac2dc96bccd737f3f544f3a22a50477bbf
	NOTE: Testcase: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=c261018477f971d274dee305d27f8bff4afd4238
	NOTE: squeeze-tagged entry as temporary workaround until CVE assigned for issue solved in DLA-291-1
CVE-2015-XXXX [Sidekiq::Web lacks CSRF protection]
	- ruby-sidekiq 3.4.2~dfsg-3
	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
	NOTE: https://github.com/mperham/sidekiq/pull/2422
	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/cf3c43b2410c4573e05ac119494e41115f4140ad
	NOTE: Fix released in sidekiq 3.4.2
	NOTE: Follow-up fix: https://github.com/mperham/sidekiq/commit/75a3524c919857aac16e0541b0cb107f48d00694
	NOTE: Follow-up commit not included in 3.4.2~dfsg-1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via job arguments display class in Sidekiq::Web]
	- ruby-sidekiq 3.4.2~dfsg-3
	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
	NOTE: https://github.com/mperham/sidekiq/pull/2309
	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/54766f336620ca0ce3b0b87a7a56382496e64b61
	NOTE: Fix released in sidekiq 3.4.0
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-XXXX [XSS via queue name in Sidekiq::Web]
	- ruby-sidekiq 3.4.2~dfsg-3
	[jessie] - ruby-sidekiq <no-dsa> (Minor issue)
	NOTE: https://github.com/mperham/sidekiq/issues/2330
	NOTE: Fixed by https://github.com/mperham/sidekiq/commit/2178d66b6686fbf4430223c34c184a64c9906828
	NOTE: Fix released in sidekiq 3.4.0
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/08/01/2
CVE-2015-5707 (Integer overflow in the sg_start_req function in drivers/scsi/sg.c in ...)
	{DSA-3329-1 DLA-310-1}
	- linux 4.1.3-1
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/6
	NOTE: Probably introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=10db10d144c0248f285242f79daf6b9de6b00a62 (v2.6.28-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81 (v4.1-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee (v4.1-rc1)
CVE-2015-5706 (Use-after-free vulnerability in the path_openat function in fs/namei.c ...)
	- linux 4.0.4-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u3
	[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/5
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=60545d0d4610b02e55f65d141c95b18ccf855b6e (v3.11-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0 (v4.1-rc3)
CVE-2014-9939 (ihex.c in GNU Binutils before 2.26 contains a stack buffer overflow ...)
	{DLA-552-1 DLA-324-1}
	- binutils 2.25.90.20151125-1
	[jessie] - binutils <ignored> (Minor issue)
	- gdb 7.10-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/31/6
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18750
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;a=commitdiff;h=7e27a9d5f22f9f7ead11738b1546d0b5c737266b
CVE-2015-5702
	RESERVED
CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2015-5705 (Argument injection vulnerability in devscripts before 2.15.7 allows ...)
	- devscripts 2.15.8 (bug #794365)
	[jessie] - devscripts <not-affected> (Vulnerable code not present)
	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
	[squeeze] - devscripts <not-affected> (Vulnerable code not present)
	NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
CVE-2015-5704 (scripts/licensecheck.pl in devscripts before 2.15.7 allows local users ...)
	- devscripts 2.15.7 (bug #794260)
	[jessie] - devscripts <not-affected> (Vulnerable code not present)
	[wheezy] - devscripts <not-affected> (Vulnerable code not present)
	[squeeze] - devscripts <not-affected> (Vulnerable code not present)
	NOTE: Introduced in https://anonscm.debian.org/cgit/collab-maint/devscripts.git/commit/?id=025ad4ea8ba92d32bd698a83149f782c17f78bf0 (v2.15.5)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/01/1
CVE-2015-5699 (The Switch Configuration Tools Backend (clcmd_server) in Cumulus Linux ...)
	NOT-FOR-US: Cumulus Linux
	NOTE: https://lists.cumulusnetworks.com/pipermail/cumulus-security-announce/2015-July/000002.html
CVE-2015-5698 (Cross-site request forgery (CSRF) vulnerability in the web server on ...)
	NOT-FOR-US: Siemens
CVE-2015-5696 (Dell Netvault Backup before 10.0.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Dell Netvault Backup
CVE-2015-5693 (The management console on Symantec Web Gateway (SWG) appliances with ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5692 (admin_messages.php in the management console on Symantec Web Gateway ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5691 (Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5690 (The management console on Symantec Web Gateway (SWG) appliances with ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2015-5689 (ghostexp.exe in Ghost Explorer Utility in Symantec Ghost Solutions ...)
	NOT-FOR-US: Symantec
CVE-2009-5148
	RESERVED
CVE-2015-5695 (Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo ...)
	[experimental] - designate 1:1.0.0~b2-1
	- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
	[jessie] - designate 2014.1-18+deb8u1
CVE-2015-5694 [does not enforce the DNS protocol limit concerning record set sizes]
	RESERVED
	[experimental] - designate 1:1.0.0~b2-1
	- designate 2015.1.0+2015.08.26.git34.9fa07c5798-1 (bug #796108)
	[jessie] - designate <not-affected> (Vulnerable code doesn't exist)
CVE-2015-5688 (Directory traversal vulnerability in lib/app/index.js in Geddy before ...)
	NOT-FOR-US: Geddy
	NOTE: https://github.com/geddy/geddy/issues/697
	NOTE: https://github.com/geddy/geddy/pull/699
	NOTE: https://nodesecurity.io/advisories/10
CVE-2015-5687 (system/session/drivers/cookie.php in Anchor CMS 0.9.x allows remote ...)
	NOT-FOR-US: Anchor CMS
CVE-2015-5686
	RESERVED
CVE-2015-5685 (The lazy_bdecode function in BitTorrent DHT bootstrap server ...)
	{DLA-312-1}
	- libtorrent-rasterbar 1.0.6-1 (bug #797046)
	[jessie] - libtorrent-rasterbar <no-dsa> (Minor issue)
	[wheezy] - libtorrent-rasterbar <no-dsa> (Minor issue)
	NOTE: Even though the CVE mentions BitTorrent DHT Bootstrap server, the vulnerable lazy_bdecode() function is effectively also available in libtorrent-rasterbar in all Debian releases.
	NOTE: Patch on libtorrent-rasterbar that has been applied in 1.0.6: https://github.com/arvidn/libtorrent/commit/d9945f6f50a8c967888cd9c2ebe65ffbe462056e
CVE-2015-5684
	RESERVED
CVE-2015-5683
	RESERVED
CVE-2015-5682 (upload.php in the Powerplay Gallery plugin 3.3 for WordPress allows ...)
	NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5681 (Unrestricted file upload vulnerability in upload.php in the Powerplay ...)
	NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5680
	RESERVED
CVE-2015-5679
	RESERVED
CVE-2015-5678
	RESERVED
CVE-2015-5677 (bsnmpd, as used in FreeBSD 9.3, 10.1, and 10.2, uses world-readable ...)
	NOT-FOR-US: bsnmpd
CVE-2015-5676
	RESERVED
CVE-2015-5675 (The sys_amd64 IRET Handler in the kernel in FreeBSD 9.3 and 10.1 ...)
	- kfreebsd-10 10.1~svn274115-10 (unimportant; bug #796996)
	NOTE: kfreebsd not covered by security support in Jessie
	- kfreebsd-9 <removed> (bug #796997)
	[wheezy] - kfreebsd-9 <end-of-life> (Unsupported in wheezy-lts)
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
CVE-2015-5674 (The routed daemon in FreeBSD 9.3 before 9.3-RELEASE-p22, 10.2-RC2 ...)
	NOT-FOR-US: routed daemon in FreeBSD
CVE-2015-5673 (eventapp/lib/gcloud.rb in the ISUCON5 qualifier portal (aka eventapp) ...)
	NOT-FOR-US: ISUCON5 qualifier portal
CVE-2015-5672 (TYPE-MOON Fate/stay night, Fate/hollow ataraxia, Witch on the Holy ...)
	NOT-FOR-US: TYPE-MOON
CVE-2015-5671 (Techno Project Japan Enisys Gw before 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5670 (Cross-site scripting (XSS) vulnerability in Techno Project Japan ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5669 (Techno Project Japan Enisys Gw before 1.4.1 allows remote ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5668 (SQL injection vulnerability in Techno Project Japan Enisys Gw before ...)
	NOT-FOR-US: Techno Project Japan Enisys Gw
CVE-2015-5667 (Cross-site scripting (XSS) vulnerability in the HTML-Scrubber module ...)
	{DLA-339-1}
	- libhtml-scrubber-perl 0.15-1 (bug #803943)
	[jessie] - libhtml-scrubber-perl 0.11-1+deb8u1
	[wheezy] - libhtml-scrubber-perl 0.09-1+deb7u1
	NOTE: Upstream fix: https://github.com/nigelm/html-scrubber/commit/e1978cc37867e85c06a84a4651745235010cd6cd
CVE-2015-5666 (ANA App for Android 3.1.1 and earlier, and ANA App for iOS 3.3.6 and ...)
	NOT-FOR-US: ANA App
CVE-2015-5665 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE ...)
	NOT-FOR-US: LOCKON
CVE-2015-5664 (Cross-site scripting (XSS) vulnerability in File Station in QNAP QTS ...)
	NOT-FOR-US: QNAP
CVE-2015-5663 (The file-execution functionality in WinRAR before 5.30 beta 5 allows ...)
	NOT-FOR-US: WinRAR
CVE-2015-5662 (Directory traversal vulnerability in Avast before 150918-0 allows ...)
	NOT-FOR-US: Avast
CVE-2015-5661 (The SAND STUDIO AirDroid application 1.1.0 and earlier for Android ...)
	NOT-FOR-US: SAND STUDIO AirDroid
CVE-2015-5660 (Cross-site request forgery (CSRF) vulnerability in eXtplorer before ...)
	{DLA-485-1}
	- extplorer <removed>
	NOTE: http://extplorer.net/news/18
	NOTE: http://extplorer.net/projects/extplorer/repository/diff?utf8=%E2%9C%93&rev=242&rev_to=241
CVE-2015-5659 (SQL injection vulnerability in Network Applied Communication ...)
	NOT-FOR-US: Network Applied Communication Laboratory Pref Shimane CMS
CVE-2015-5658
	REJECTED
CVE-2015-5657
	REJECTED
CVE-2015-5656
	REJECTED
CVE-2015-5655 (The Adways Party Track SDK before 1.6.6 for iOS does not verify X.509 ...)
	NOT-FOR-US: Adways Party Track SDK
CVE-2015-5654 (Cross-site scripting (XSS) vulnerability in Dojo Toolkit before 1.2 ...)
	- dojo <not-affected> (Fixed before the first version in Debian)
CVE-2015-5653 (Buffer overflow in Canary Labs Trend Web Server before 9.5.2 allows ...)
	NOT-FOR-US: Canary Labs Trend Web Server
CVE-2015-5652 (Untrusted search path vulnerability in python.exe in Python through ...)
	NOT-FOR-US: Python on Windows
CVE-2015-5651 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.8.1 ...)
	- dotclear <removed> (bug #815979)
	NOTE: http://dotclear.org/blog/post/2015/09/23/Dotclear-2.8.1
CVE-2015-5650 (Directory traversal vulnerability in AjaXplorer 2.0 allows remote ...)
	NOT-FOR-US: AjaXplorer
CVE-2015-5649 (Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 mishandles ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2015-5648 (SQL injection vulnerability in list.php in phpRechnung before 1.6.5 ...)
	NOT-FOR-US: phpRechnung
CVE-2015-5647 (The RSS Reader component in Cybozu Garoon 3.x through 3.7.5 and 4.x ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2015-5646 (Cybozu Garoon 3.x through 3.7.5 and 4.x through 4.0.3 allows remote ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2015-5645 (ICZ MATCHA SNS before 1.3.7 allows remote authenticated users to ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5644 (The installer in ICZ MATCHA SNS before 1.3.7 does not properly ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5643 (The installer in ICZ MATCHA INVOICE before 2.5.7 does not properly ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5642 (Multiple SQL injection vulnerabilities in ICZ MATCHA INVOICE before ...)
	NOT-FOR-US: ICZ MATCHA
CVE-2015-5641 (SQL injection vulnerability in baserCMS before 3.0.8 allows remote ...)
	NOT-FOR-US: baserCMS
CVE-2015-5640 (baserCMS before 3.0.8 allows remote authenticated users to modify ...)
	NOT-FOR-US: baserCMS
CVE-2015-5639 (niconico App for iOS before 6.38 does not verify SSL certificates ...)
	NOT-FOR-US: niconico App for iOS
CVE-2015-5638 (Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before ...)
	NOT-FOR-US: H2O
CVE-2015-5637 (The Newphoria Photon application before 1.2 for Android allows ...)
	NOT-FOR-US: Newphoria
CVE-2015-5636 (The Newphoria Reversi application before 1.0.3 for Android and before ...)
	NOT-FOR-US: Newphoria
CVE-2015-5635 (The Newphoria Koritore application before 1.1 for Android and before ...)
	NOT-FOR-US: Newphoria
CVE-2015-5634 (The Newphoria MEGAPHONE MUSIC application before 1.1 for Android and ...)
	NOT-FOR-US: Newphoria
CVE-2015-5633 (The Newphoria Auction Camera application for iOS and before 1.2 for ...)
	NOT-FOR-US: Newphoria
CVE-2015-5632 (The runtime engine in the Newphoria applican framework before 1.12.3 ...)
	NOT-FOR-US: Newphoria
CVE-2015-5631 (Cross-site request forgery (CSRF) vulnerability in the Remote UI on ...)
	NOT-FOR-US: Canon
CVE-2015-5630 (Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform ...)
	NOT-FOR-US: NTT
CVE-2015-5629 (The NTT Broadband Platform Japan Connected-free Wi-Fi application ...)
	NOT-FOR-US: NTT
CVE-2015-5628
	RESERVED
CVE-2015-5627
	RESERVED
CVE-2015-5626
	RESERVED
CVE-2015-5625 (Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 ...)
	NOT-FOR-US: OpenDocMan
CVE-2015-5624 (Buffer overflow in the ExecCall method in c2lv6.ocx in the FreeBit ...)
	NOT-FOR-US: FreeBit
CVE-2015-5697 (The get_bitmap_file function in drivers/md/md.c in the Linux kernel ...)
	{DSA-3329-1 DLA-310-1}
	- linux 4.1.3-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b6878d9e03043695dbf3fa1caa6dfc09db225b16 (v4.2-rc6)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/2
CVE-2015-5620
	RESERVED
CVE-2015-5619 (Logstash 1.4.x before 1.4.5 and 1.5.x before 1.5.4 with Lumberjack ...)
	- logstash <itp> (bug #664841)
CVE-2015-5618 (Chiyu BF-630 and BF-630W fingerprint access-control devices allow ...)
	NOT-FOR-US: Chiyu BF-630 and BF-630W fingerprint access-control devices
CVE-2015-5617
	RESERVED
CVE-2015-5616
	RESERVED
CVE-2015-5615
	REJECTED
CVE-2015-5614
	REJECTED
CVE-2015-5613 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...)
	NOT-FOR-US: October CMS
CVE-2015-5612 (Cross-site scripting (XSS) vulnerability in October CMS build 271 and ...)
	NOT-FOR-US: October CMS
CVE-2015-5623 (WordPress before 4.2.3 does not properly verify the edit_posts ...)
	{DSA-3328-1}
	- wordpress 4.2.3+dfsg-1
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/33357
CVE-2015-5622 (Cross-site scripting (XSS) vulnerability in WordPress before 4.2.3 ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.3+dfsg-1
	NOTE: https://core.trac.wordpress.org/changeset/33359
CVE-2015-5611 (Unspecified vulnerability in Uconnect before 15.26.1, as used in ...)
	NOT-FOR-US: Uconnect
CVE-2015-5610 (The RSM (aka RSMWinService) service in SolarWinds N-Able N-Central ...)
	NOT-FOR-US: SolarWinds
CVE-2015-5609 (Absolute path traversal vulnerability in the Image Export plugin 1.1 ...)
	NOT-FOR-US: Image Export plugin for WordPress
CVE-2015-5608 (Open redirect vulnerability in Joomla! CMS 3.0.0 through 3.4.1. ...)
	NOT-FOR-US: Joomla!
CVE-2015-5606
	RESERVED
CVE-2015-5605 (The regular-expression implementation in Google V8, as used in Google ...)
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-5604
	RESERVED
CVE-2015-5603 (The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows ...)
	NOT-FOR-US: HipChat plugin
CVE-2015-5602 (sudoedit in Sudo before 1.8.15 allows local users to gain privileges ...)
	{DSA-3440-1 DLA-382-1}
	- sudo 1.8.15-1.1 (bug #804149)
	NOTE: http://bugzilla.sudo.ws/show_bug.cgi?id=707
	NOTE: http://www.sudo.ws/repos/sudo/rev/9636fd256325
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1277426
	NOTE: https://bugs.launchpad.net/ubuntu/+source/sudo/+bug/1512781
CVE-2015-5601
	RESERVED
CVE-2015-5600 (The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH ...)
	{DLA-288-1}
	- openssh 1:6.9p1-1 (bug #793616)
	[jessie] - openssh <no-dsa> (Minor issue; not in default configurations)
	[wheezy] - openssh <no-dsa> (Minor issue; not in default configurations)
	NOTE: http://seclists.org/fulldisclosure/2015/Jul/92
	NOTE: Affects configurations that have KbdInteractiveAuthentication set
	NOTE: to yes. Default for KbdInteractiveAuthentication is to use whatever
	NOTE: value ChallengeResponseAuthentication is set to, which is 'no' in
	NOTE: default configurations in Debian.
CVE-2015-5599 (Multiple SQL injection vulnerabilities in upload.php in the Powerplay ...)
	NOT-FOR-US: Powerplay Gallery plugin for WordPress
CVE-2015-5598
	RESERVED
CVE-2015-5597
	RESERVED
CVE-2015-5596
	RESERVED
CVE-2015-5595
	RESERVED
	NOT-FOR-US: Zenphoto
CVE-2015-5594 (The sanitize_string function in ZenPhoto before 1.4.9 utilized the ...)
	NOT-FOR-US: Zenphoto
CVE-2015-5593
	RESERVED
	NOT-FOR-US: Zenphoto
CVE-2015-5592
	RESERVED
	NOT-FOR-US: Zenphoto
CVE-2015-5591
	RESERVED
	NOT-FOR-US: Zenphoto
CVE-2015-5588 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5587 (Stack-based buffer overflow in Adobe Flash Player before 18.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5586 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-5585
	REJECTED
CVE-2015-5584 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5583 (Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, ...)
	NOT-FOR-US: Adobe
CVE-2015-5582 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5581 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5580 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5579 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5578 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5577 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5576 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5575 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5574 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5573 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5572 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5571 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5570 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5569 (Adobe Flash Player before 18.0.0.252 and 19.x before 19.0.0.207 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5568 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5567 (Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5566 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5565 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5564 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5563 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5562 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5561 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5560 (Integer overflow in Adobe Flash Player before 18.0.0.232 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5559 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5558 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5557 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5556 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5555 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5554 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5553 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5552 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5551 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5550 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5549 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5548 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5547 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5546 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5545 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5544 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5543
	REJECTED
CVE-2015-5542
	REJECTED
CVE-2015-5541 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5540 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5539 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5538 (Multiple unspecified vulnerabilities in Citrix NetScaler Application ...)
	NOT-FOR-US: Citrix
CVE-2015-5537 (The SSL layer of the HTTPS service in Siemens RuggedCom ROS before ...)
	NOT-FOR-US: Siemens
CVE-2015-XXXX [integer overflow]
	- freexl 1.0.2-1
	[jessie] - freexl 1.0.0g-1+deb8u2
	[wheezy] - freexl 1.0.0b-1+deb7u2
	NOTE: For the issue fixed in DSA-3310-1 not yet CVEified
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/06/7
CVE-2015-XXXX [SQL Injection in host_templates.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2584
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in graph_templates.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2583
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in data_templates.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2582
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection in cdef.php]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2580
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection Vulnerability in data sources]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2579
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-XXXX [SQL Injection Vulnerability in graph items and graph template items]
	- cacti 0.8.8e+ds1-1
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	[squeeze] - cacti 0.8.7g-1+squeeze7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/07/18/4
	NOTE: http://bugs.cacti.net/view.php?id=2574
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-5590 (Stack-based buffer overflow in the phar_fix_filepath function in ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69923
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=6dedeb40db13971af45276f80b5375030aa7e76f
	NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5589 (The phar_convert_to_other function in ext/phar/phar_object.c in PHP ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69958
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=bf58162ddf970f63502837f366930e44d6a992cf
	NOTE: Fixed in 5.6.11, 5.4.43
CVE-2015-5536 (Belkin N300 Dual-Band Wi-Fi Range Extender with firmware before ...)
	NOT-FOR-US: Belkin router
CVE-2015-5535 (Cross-site scripting (XSS) vulnerability in the qTranslate plugin ...)
	NOT-FOR-US: qTranslate plugin for wordpress
CVE-2015-5534 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall ...)
	NOT-FOR-US: Oxwall
CVE-2015-5533 (SQL injection vulnerability in counter-options.php in the Count Per ...)
	NOT-FOR-US: WordPress plugin count-per-day
CVE-2015-5532 (Multiple cross-site scripting (XSS) vulnerabilities in the Paid ...)
	NOT-FOR-US: WordPress plugin paid-memberships-pro
CVE-2015-5530 (Multiple cross-site request forgery (CSRF) vulnerabilities in Free ...)
	NOT-FOR-US: Free Reprintables
CVE-2015-5529 (Multiple cross-site scripting (XSS) vulnerabilities in Free ...)
	NOT-FOR-US: Free Reprintables
CVE-2015-5528 (Cross-site scripting (XSS) vulnerability in the save_order function in ...)
	NOT-FOR-US: save_order function in class-floating-social-bar.php in the Floating Social Bar plugin for WordPress
CVE-2015-5527
	RESERVED
CVE-2015-5526
	RESERVED
CVE-2015-5525
	RESERVED
CVE-2015-5524
	RESERVED
CVE-2015-5531 (Directory traversal vulnerability in Elasticsearch before 1.6.1 allows ...)
	- elasticsearch 1.6.1+dfsg-1 (bug #792617)
	[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389)
	NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
CVE-2015-5521 (Cross-site scripting (XSS) vulnerability in BlackCat CMS 1.1.2 allows ...)
	NOT-FOR-US: BlackCat CMS
CVE-2015-5520 (Cross-site scripting (XSS) vulnerability in the Users module in ...)
	NOT-FOR-US: Orchard CMS
CVE-2015-5519 (Cross-site scripting (XSS) vulnerability in the applyConvolution demo ...)
	NOT-FOR-US: WideImage
CVE-2015-5518
	RESERVED
CVE-2015-5517
	RESERVED
CVE-2015-8176
	REJECTED
CVE-2015-5516 (Memory leak in the last hop kernel module in F5 BIG-IP LTM, GTM, and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-6240 (The chroot, jail, and zone connection plugins in ansible before 1.9.2 ...)
	- ansible 1.9.2+dfsg-1 (low)
	[jessie] - ansible <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/3
CVE-2015-5515 (The Views Bulk Operations (VBO) module 6.x-1.x and 7.x-3.x before ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5514 (Cross-site scripting (XSS) vulnerability in the Migrate module 7.x-2.x ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5513 (Cross-site scripting (XSS) vulnerability in the Shibboleth ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5512 (The me aliases module 6.x-2.x before 6.x-2.10 and 7.x-1.x before ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5511 (The HybridAuth Social Login module 7.x-2.x before 7.x-2.13 for Drupal ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5510 (Open redirect vulnerability in the Content Construction Kit (CCK) ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5509 (The Administration Views module 7.x-1.x before 7.x-1.4 for Drupal, ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5508 (Cross-site request forgery (CSRF) vulnerability in the XC NCIP ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5507 (Cross-site scripting (XSS) vulnerability in the Inline Entity Form ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5506 (The Apache Solr Real-Time module 7.x-1.x before 7.x-1.2 for Drupal ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5505 (The HTTP Strict Transport Security (HSTS) module 6.x-1.x before ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5504 (SQL injection vulnerability in the Novalnet Payment Module Ubercart ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5503 (Open redirect vulnerability in the Chamilo integration module 7.x-1.x ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5502 (The Storage API module 7.x-1.x before 7.x-1.8 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5501 (The Hostmaster (Aegir) module 6.x-2.x before 6.x-2.4 and 7.x-3.x ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5500 (Cross-site scripting (XSS) vulnerability in the Navigate module for ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5499 (The Navigate module for Drupal does not properly check permissions, ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5498 (The Shipwire API module 7.x-1.x before 7.x-1.03 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5497 (Cross-site scripting (XSS) vulnerability in the Web Links module ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5496 (The pass2pdf module for Drupal does not restrict access to generated ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5495 (Cross-site scripting (XSS) vulnerability in the Mobile sliding menu ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5494 (Cross-site scripting (XSS) vulnerability in the Webform Matrix ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5493 (The Entityform Block module 7.x-1.x before 7.x-1.3 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5492 (Cross-site scripting (XSS) vulnerability in the Video Consultation ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5491 (The Dynamic display block module 7.x-1.x before 7.x-1.1 for Drupal ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5490 (The _views_fetch_data method in includes/cache.inc in the Views module ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5489 (Cross-site scripting (XSS) vulnerability in the Smart Trim module ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5488 (Cross-site scripting (XSS) vulnerability in the MailChimp Signup ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5487 (Cross-site scripting (XSS) vulnerability in the Camtasia Relay module ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2015-5486
	RESERVED
CVE-2015-5485 (Cross-site scripting (XSS) vulnerability in the Event Import page ...)
	NOT-FOR-US: Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin for WordPress
CVE-2015-5484
	RESERVED
CVE-2015-5483
	RESERVED
CVE-2015-5482 (Directory traversal vulnerability in the GD bbPress Attachments plugin ...)
	NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5481 (Cross-site scripting (XSS) vulnerability in forms/panels.php in the GD ...)
	NOT-FOR-US: GD bbPress Attachments plugin for WordPress
CVE-2015-5480
	RESERVED
CVE-2015-5479 (The ff_h263_decode_mba function in libavcodec/ituh263dec.c in Libav ...)
	{DLA-644-1}
	- ffmpeg <not-affected> (Vulnerable code not present)
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed> (low)
	[jessie] - libav 6:11.6-1~deb8u1
	[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
	NOTE: Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=0a49a62f998747cfa564d98d36a459fe70d3299b
	NOTE: Fixed in libav 11.5
CVE-2015-5478
	RESERVED
CVE-2015-5477 (named in ISC BIND 9.x before 9.9.7-P2 and 9.10.x before 9.10.2-P3 ...)
	{DSA-3319-1 DLA-285-1}
	- bind9 1:9.9.5.dfsg-11 (bug #793903)
	NOTE: https://kb.isc.org/article/AA-01272/0
CVE-2015-5476
	RESERVED
CVE-2015-5475 (Multiple cross-site scripting (XSS) vulnerabilities in Request Tracker ...)
	{DSA-3335-1}
	- request-tracker4 4.2.11-2
	NOTE: https://github.com/bestpractical/rt/commit/67d517ba3421ba462e349c73207a627d137ef8ac (4.2.x)
	NOTE: https://github.com/bestpractical/rt/commit/4ec786bb4743f67a35a634c1bf43b13d3d3b39a9 (4.0.x)
CVE-2015-5474 (BitTorrent and uTorrent allow remote attackers to inject command line ...)
	NOT-FOR-US: uTorrent
CVE-2015-5473 (Multiple directory traversal vulnerabilities in Samsung SyncThru 6 ...)
	NOT-FOR-US: Samsung
CVE-2015-5472 (Absolute path traversal vulnerability in lib/download.php in the IBS ...)
	NOT-FOR-US: IBS Mappro plugin for WordPress
CVE-2015-5471 (Absolute path traversal vulnerability in include/user/download.php in ...)
	NOT-FOR-US: Swim Team plugin for WordPress
CVE-2015-5469 (Absolute path traversal vulnerability in the MDC YouTube Downloader ...)
	NOT-FOR-US: MDC YouTube Downloader plugin for WordPress
CVE-2015-5468 (Directory traversal vulnerability in the WP e-Commerce Shop Styling ...)
	NOT-FOR-US: Commerce Shop Styling plugin for WordPress
CVE-2015-5467
	RESERVED
CVE-2015-5466
	RESERVED
CVE-2015-5465 (Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver ...)
	NOT-FOR-US: Silicon Integrated Systems
CVE-2015-5464 (The Gemalto SafeNet Luna HSM allows remote authenticated users to ...)
	NOT-FOR-US: Gemalto
CVE-2015-5463
	RESERVED
CVE-2015-5462
	RESERVED
CVE-2015-5607 (Cross-site request forgery in the REST API in IPython 2 and 3. ...)
	- ipython 2.4.1-1 (bug #793123)
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <no-dsa> (Minor issue)
	[squeeze] - ipython <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ipython/ipython/commit/a05fe052a18810e92d9be8c1185952c13fe4e5b0 (2.x)
	NOTE: https://github.com/ipython/ipython/commit/1415a9710407e7c14900531813c15ba6165f0816 (3.x)
	NOTE: Affected versions: 0.12 <= version <= 3.2.0
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/12/4
CVE-2014-8878 (KDE KMail does not encrypt attachments in emails when &quot;automatic ...)
	- kdepim 4:4.14.5-1 (bug #791800)
	[jessie] - kdepim <no-dsa> (Minor issue)
	[wheezy] - kdepim <no-dsa> (Minor issue)
	[squeeze] - kdepim <not-affected> (Bogus condition not present)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=340312
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/15/5
CVE-2013-7443 (Buffer overflow in the skip-scan optimization in SQLite 3.8.2 allows ...)
	- sqlite3 3.8.3-1
	[wheezy] - sqlite3 <not-affected> (Vulnerable code introduced in 3.8.2)
	[squeeze] - sqlite3 <not-affected> (Vulnerable code introduced in 3.8.2)
	NOTE: Fixed by: https://www.sqlite.org/src/info/ac5852d6403c9c96
	NOTE: Introduced by: https://www.sqlite.org/src/info/b0bb975c0986fe01
	NOTE: https://www.sqlite.org/src/info/520070ec7fbaac
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/5
CVE-2015-5461 (Open redirect vulnerability in the Redirect function in ...)
	NOT-FOR-US: Redirect function in stageshow_redirect.php in the StageShow plugin for WordPress
CVE-2015-5460 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Snorby
CVE-2015-5459 (SQL injection vulnerability in the AdvanceSearch.class in ...)
	NOT-FOR-US: Password Manager Pro
CVE-2015-5458 (Session fixation vulnerability in fileupload.php in PivotX before ...)
	NOT-FOR-US: PivotX
CVE-2015-5457 (PivotX before 2.3.11 does not validate the new file extension when ...)
	NOT-FOR-US: PivotX
CVE-2015-5456 (Cross-site scripting (XSS) vulnerability in the form method in ...)
	NOT-FOR-US: PivotX
CVE-2015-5455 (Cross-site scripting (XSS) vulnerability in X-Cart 4.5.0 and earlier ...)
	NOT-FOR-US: X-cart
CVE-2015-5454 (Cross-site scripting (XSS) vulnerability in Nucleus CMS 3.65 allows ...)
	NOT-FOR-US: Nucleus CMS
CVE-2015-5453 (Watchguard XCS 9.2 and 10.0 before build 150522 allow remote ...)
	NOT-FOR-US: Watchguard XCS
CVE-2015-5452 (SQL injection vulnerability in Watchguard XCS 9.2 and 10.0 before ...)
	NOT-FOR-US: Watchguard XCS
CVE-2014-9741 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
	NOT-FOR-US: ArcGIS
CVE-2015-5451 (Cross-site request forgery (CSRF) vulnerability in HP Operations ...)
	NOT-FOR-US: HP Operations Orchestration Central
CVE-2015-5450
	REJECTED
CVE-2015-5449
	REJECTED
CVE-2015-5448 (HP Asset Manager 9.40 and 9.41 before 9.41.11103 P4-rev1 and 9.50 ...)
	NOT-FOR-US: HP Asset Manager
CVE-2015-5447 (Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system ...)
	NOT-FOR-US: HP StoreOnce Backup
CVE-2015-5446 (HP StoreOnce Backup system software before 3.13.1 allows remote ...)
	NOT-FOR-US: HP StoreOnce Backup
CVE-2015-5445 (Cross-site request forgery (CSRF) vulnerability in HP StoreOnce Backup ...)
	NOT-FOR-US: HP StoreOnce Backup
CVE-2015-5444 (Multiple cross-site scripting (XSS) vulnerabilities in HP Smart ...)
	NOT-FOR-US: SPS DAL
CVE-2015-5443 (HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 ...)
	NOT-FOR-US: HP
CVE-2015-5442 (Unspecified vulnerability in HP Software Update before 5.005.002.002 ...)
	NOT-FOR-US: HP Software Update
CVE-2015-5441 (Multiple cross-site scripting (XSS) vulnerabilities in HP ArcSight ...)
	NOT-FOR-US: HP Arcsight
CVE-2015-5440 (HP UCMDB 10.00 and 10.01 before 10.01CUP12, 10.10 and 10.11 before ...)
	NOT-FOR-US: HP UCMDB
CVE-2015-5439
	REJECTED
CVE-2015-5438
	REJECTED
CVE-2015-5437
	REJECTED
CVE-2015-5436
	REJECTED
CVE-2015-5435 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 3 ...)
	NOT-FOR-US: HP
CVE-2015-5434 (HPE Networking Products, originally branded as Comware 5, Comware 7, ...)
	NOT-FOR-US: HP H3C
CVE-2015-5433 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2015-5432 (HP Virtual Connect Enterprise Manager (VCEM) SDK before 7.5.0, as used ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2015-5431 (HP Matrix Operating Environment before 7.5.0 allows remote ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5430 (HP Matrix Operating Environment before 7.5.0 allows remote attackers ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5429 (HP Matrix Operating Environment before 7.5.0 allows remote attackers ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5428 (HP Matrix Operating Environment before 7.5.0 allows remote attackers ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5427 (HP Matrix Operating Environment before 7.5.0 allows remote attackers ...)
	NOT-FOR-US: HP Matrix Operating Environment
CVE-2015-5426 (Unspecified vulnerability in HP LoadRunner Controller before 12.50 ...)
	NOT-FOR-US: HP LoadRunner
CVE-2015-5425
	REJECTED
CVE-2015-5424 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5423 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5422 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5421 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5420 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5419 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5418 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5417 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5416 (Unspecified vulnerability in HP KeyView before 10.23.0.1 and 10.24.x ...)
	NOT-FOR-US: HP KeyView
CVE-2015-5415
	REJECTED
CVE-2015-5414
	REJECTED
CVE-2015-5413 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5412 (Cross-site request forgery (CSRF) vulnerability in HP Version Control ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5411 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5410 (HP Version Control Repository Manager (VCRM) before 7.5.0 allows ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5409 (Buffer overflow in HP Version Control Repository Manager (VCRM) before ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2015-5408 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView ...)
	NOT-FOR-US: HP CentralView Fraud Risk Management
CVE-2015-5407 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView ...)
	NOT-FOR-US: HP CentralView Fraud Risk Management
CVE-2015-5406 (HP CentralView Fraud Risk Management 11.1, 11.2, and 11.3; CentralView ...)
	NOT-FOR-US: HP CentralView Fraud Risk Management
CVE-2015-5405 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5404 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5403 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5402 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-5401 (Teradata Gateway before 15.00.03.02-1 and 15.10.x before 15.10.00.01-1 ...)
	NOT-FOR-US: Teradata
CVE-2015-5399 (Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows ...)
	NOT-FOR-US: PHPVibe
CVE-2015-5398
	RESERVED
CVE-2015-5397 (Cross-site request forgery (CSRF) vulnerability in Joomla! 3.2.0 ...)
	NOT-FOR-US: Joomla
CVE-2015-5396
	RESERVED
CVE-2015-5394
	RESERVED
CVE-2015-5393
	RESERVED
CVE-2015-5392
	RESERVED
CVE-2015-5391
	RESERVED
CVE-2015-5390
	RESERVED
CVE-2015-5389
	RESERVED
CVE-2015-5388
	RESERVED
CVE-2015-5387
	RESERVED
CVE-2015-5386 (Siemens SICAM MIC devices with firmware before 2404 allow remote ...)
	NOT-FOR-US: Siemens
CVE-2015-5385
	RESERVED
CVE-2015-5384
	RESERVED
CVE-2015-5379 (Cross-site scripting (XSS) vulnerability in actions.hsp in the Ajax ...)
	NOT-FOR-US: Axigen
CVE-2015-5378 (Logstash 1.5.x before 1.5.3 and 1.4.x before 1.4.4 allows remote ...)
	- logstash <itp> (bug #664841)
CVE-2015-5377 (** DISPUTED ** Elasticsearch before 1.6.1 allows remote attackers to ...)
	- elasticsearch 1.6.1+dfsg-1 (bug #792617)
	[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389)
	NOTE: https://www.elastic.co/blog/elasticsearch-1-7-0-and-1-6-1-released#security
CVE-2015-5376 (SQL injection vulnerability in the login form in GSI WiNPAT Portal ...)
	NOT-FOR-US: GSI WiNPAT Portal
CVE-2015-5375 (Cross-site scripting (XSS) vulnerability in unspecified dialogs for ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-5374 (A vulnerability has been identified in Firmware variant PROFINET IO ...)
	NOT-FOR-US: Siemens
CVE-2015-5373
	RESERVED
CVE-2015-5372 (The SAML 2.0 implementation in AdNovum nevisAuth 4.13.0.0 before ...)
	NOT-FOR-US: AdNovum nevisAuth
CVE-2015-5371 (The AuthenticationFilter class in SolarWinds Storage Manager allows ...)
	NOT-FOR-US: SolarWinds
CVE-2015-5370 (Samba 3.x and 4.x before 4.2.11, 4.3.x before 4.3.8, and 4.4.x before ...)
	{DSA-3548-1}
	- samba 2:4.3.7+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5370.html
CVE-2015-5369 (Pulse Connect Secure (aka PCS and formerly Juniper PCS) PSC6000, ...)
	NOT-FOR-US: Pulse Connect Secure / Juniper PCS
CVE-2015-5368 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before ...)
	NOT-FOR-US: HP
CVE-2015-5367 (The HP lt4112 LTE/HSPA+ Gobi 4G module with firmware before ...)
	NOT-FOR-US: HP
CVE-2014-9740 (Cross-site scripting (XSS) vulnerability in the Rules Link module ...)
	NOT-FOR-US: Rules Link module for Drupal
CVE-2014-9739 (Cross-site scripting (XSS) vulnerability in the Node Field module ...)
	NOT-FOR-US: Node Field module for Drupal
CVE-2014-9738 (Multiple cross-site scripting (XSS) vulnerabilities in the Tournament ...)
	NOT-FOR-US: Tournament module for Drupal
CVE-2014-9737 (Open redirect vulnerability in the Language Switcher Dropdown module ...)
	NOT-FOR-US: Language Switcher Dropdown module for Drupal
CVE-2014-9736 (GE Healthcare Centricity Clinical Archive Audit Trail Repository has a ...)
	NOT-FOR-US: GE Healthcare Centricity Clinical Archive Audit Trail Repository
CVE-2013-7442 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6695 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password ...)
	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6694 (GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1, and Server ...)
	NOT-FOR-US: GE Healthcare Centricity PACS Workstation
CVE-2012-6693 (GE Healthcare Centricity PACS 4.0 Server has a default password of (1) ...)
	NOT-FOR-US: GE Healthcare Centricity PACS
CVE-2011-5325 (Directory traversal vulnerability in the BusyBox implementation of tar ...)
	- busybox 1:1.27.2-1 (bug #802702)
	[stretch] - busybox <no-dsa> (Minor issue)
	[jessie] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2011-5324 (The TeraRecon server, as used in GE Healthcare Centricity PACS-IW ...)
	NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5323 (GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other ...)
	NOT-FOR-US: GE Healthcare Centricity PACS-IW
CVE-2011-5322 (GE Healthcare Centricity Analytics Server 1.1 has a default password ...)
	NOT-FOR-US: GE Healthcare Centricity Analytics Server
CVE-2015-8041 (Multiple integer overflows in the NDEF record parser in hostapd before ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #795740)
	- wpasupplicant <removed>
	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with CONFIG_WPS_NFC=y)
	- hostapd <removed>
	[squeeze] - hostapd <not-affected> (v0.7.0-v2.4 with CONFIG_WPS_NFC=y)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/08/3
	NOTE: http://w1.fi/security/2015-5/
CVE-2015-5395 (Cross-site request forgery (CSRF) vulnerability in SOGo before 3.1.0. ...)
	- sogo 3.2.4-0.2 (bug #796197)
	[wheezy] - sogo <end-of-life> (not supported in Wheezy LTS)
	NOTE: https://lists.debian.org/debian-lts/2016/05/msg00197.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/10
	NOTE: http://www.sogo.nu/bugs/view.php?id=3246
	NOTE: https://github.com/inverse-inc/sogo/commit/582baf2960969c73f98643e46cfb49432c30b711 (SOGo-3.1.0)
CVE-2015-5470 (The label decompression functionality in PowerDNS Recursor before ...)
	{DSA-3307-1 DSA-3306-1}
	- pdns 3.4.5-1
	[wheezy] - pdns <not-affected> (3.2 and up affected)
	[squeeze] - pdns <not-affected> (3.2 and up affected)
	- pdns-recursor 3.7.3-1
	[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
	[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/6
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
	NOTE: Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch
CVE-2015-5383 (Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain ...)
	- roundcube <not-affected> (protection is done in apache config in binary package)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
	NOTE: http://trac.roundcube.net/ticket/1490378
CVE-2015-5382 (program/steps/addressbook/photo.inc in Roundcube Webmail before 1.0.6 ...)
	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
	NOTE: http://trac.roundcube.net/ticket/1490379
CVE-2015-5381 (Cross-site scripting (XSS) vulnerability in program/include/rcmail.php ...)
	- roundcube 1.1.2+dfsg.1-1 (bug #791643)
	[wheezy] - roundcube <not-affected> (Vulnerable code not present)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/10
	NOTE: http://trac.roundcube.net/ticket/1490417
CVE-2015-5400 (Squid before 3.5.6 does not properly handle CONNECT method peer ...)
	{DSA-3327-1 DLA-286-1}
	- squid <removed>
	[wheezy] - squid <no-dsa> (Fix is hard to backport and default configuration is not affected)
	[squeeze] - squid <no-dsa> (Fix is hard to backport and default configuration is not affected)
	- squid3 3.5.6-1 (bug #793128)
	NOTE: http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-13856.patch (3.5)
	NOTE: http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13225.patch (3.4)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_2.txt
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/06/8
	NOTE: In squeeze's squid3 the code is structured differently but the bug still appears to be present.
	NOTE: For squid 2.x all versions are affected, cf. comment by upstream in
	NOTE: https://bugs.debian.org/793128#12
CVE-2015-5380 (The Utf8DecoderBase::WriteUtf16Slow function in unicode-decoder.cc in ...)
	- nodejs <not-affected> (Only affects 0.12.x)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/05/1
CVE-2015-5365 (Cross-site scripting (XSS) vulnerability in Zurmo CRM 3.0.2 allows ...)
	NOT-FOR-US: Zurmo CRM
CVE-2015-5363 (The SRX Network Security Daemon (nsd) in Juniper SRX Series services ...)
	NOT-FOR-US: Juniper
CVE-2015-5362 (The BFD daemon in Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 ...)
	NOT-FOR-US: Juniper
CVE-2015-5361
	RESERVED
CVE-2015-5360 (IPv6 sendd in Juniper Junos 12.1X44 before 12.1X44-D51, 12.1X46 before ...)
	NOT-FOR-US: Juniper
CVE-2015-5359 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...)
	NOT-FOR-US: Juniper
CVE-2015-5358 (Juniper Junos OS 12.1X44 before 12.1X44-D50, 12.1X46 before ...)
	NOT-FOR-US: Juniper
CVE-2015-5357 (The Juniper EX4600, QFX3500, QFX3600, and QFX5100 switches with Junos ...)
	NOT-FOR-US: Juniper
CVE-2015-5356 (Cross-site scripting (XSS) vulnerability in admin/filebrowser.php in ...)
	NOT-FOR-US: GetSimple CMS
CVE-2015-5355 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
	NOT-FOR-US: GetSimple CMS
CVE-2015-5354 (Open redirect vulnerability in Novius OS 5.0.1 (Elche) allows remote ...)
	NOT-FOR-US: Novius OS
CVE-2015-5353 (Directory traversal vulnerability in Novius OS 5.0.1 (Elche) allows ...)
	NOT-FOR-US: Novius OS
CVE-2015-5351 (The (1) Manager and (2) Host Manager applications in Apache Tomcat 7.x ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.32-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 7.0.68, 8.0.32, 9.0.0.M3
	NOTE: Upstream advisory does not make reference to 6.x but looking at the
	NOTE: upstream patches reveals that this issue is fixed since 6.0.45
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720661
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1720663
CVE-2015-5350 (In Garden versions 0.22.0-0.329.0, a vulnerability has been discovered ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-5349 (The CSV export in Apache LDAP Studio and Apache Directory Studio ...)
	NOT-FOR-US: Apache LDAP Studio and Apache Directory Studio
CVE-2015-5348 (Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x ...)
	NOT-FOR-US: Apache Camel
CVE-2015-5347 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Apache Wicket
CVE-2015-5346 (Session fixation vulnerability in Apache Tomcat 7.x before 7.0.66, 8.x ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.30-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	[squeeze] - tomcat6 <no-dsa> (Minor issue, very unlikely to exploit)
	NOTE: Fixed in 7.0.67, 8.0.30, 9.0.0.M3
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1713187
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1713185
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1723506
CVE-2015-5345 (The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat9 <itp> (bug #802312)
	- tomcat8 8.0.30-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.67, 8.0.30, 9.0.0.M3
CVE-2015-5344 (The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x ...)
	NOT-FOR-US: Apache Camel
CVE-2015-5343 (Integer overflow in util.c in mod_dav_svn in Apache Subversion 1.7.x, ...)
	{DSA-3424-1}
	- subversion 1.9.3-1
	[wheezy] - subversion <not-affected> (Vulnerable code not present)
	[squeeze] - subversion <not-affected> (Vulnerable code not present)
	NOTE: https://subversion.apache.org/security/CVE-2015-5343-advisory.txt
CVE-2015-5342 (The choice module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5341 (mod_scorm in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5340 (Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5339 (The core_enrol_get_enrolled_users web service in enrol/externallib.php ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5338 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5337 (Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5336 (Multiple cross-site scripting (XSS) vulnerabilities in the survey ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5335 (Cross-site request forgery (CSRF) vulnerability in ...)
	- moodle 2.7.11+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2015-5334
	RESERVED
	- libressl <itp> (bug #754513)
CVE-2015-5333
	RESERVED
	- libressl <itp> (bug #754513)
CVE-2015-5332 (Atto in Moodle 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allows remote ...)
	- moodle <not-affected> (Only affects 2.8 and later)
CVE-2015-5331 (Moodle 2.9.x before 2.9.3 does not properly check the contact list ...)
	- moodle <not-affected> (Only affects 2.9 and later)
CVE-2015-5330 (ldb before 1.1.24, as used in the AD LDAP server in Samba 4.x before ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	- ldb 2:1.1.24-1
	[jessie] - ldb 2:1.1.17-2+deb8u1
	[wheezy] - ldb <no-dsa> (Minor issue, only relevant in conjunction with Samba 4, which isn't in wheezy)
	[squeeze] - ldb <no-dsa> (Minor issue)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=1aef718f3cc175d90d40202a333042a38ba382b1 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=7bcac237656083e67bbac9b50be9b319bb2d7eb8 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=5f3c7541c2f10ac2174538288f6569af587d69f0 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=a561ae6294fa926bf3a15b9aaf3d18d25d5e971f (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=f07626d0297ed6bd21623409e1ea1ae1138d23a8 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=83f1d39cd9ab9b8b548602f9ee806a994fca9d0c (v4-1-stable)
	NOTE: https://www.samba.org/samba/security/CVE-2015-5330.html
	NOTE: Samba update needs as well fixed ldb
CVE-2015-5329 (The TripleO Heat templates (tripleo-heat-templates), as used in Red ...)
	- tripleo-heat-templates 5.2.0-1 (bug #851396)
CVE-2015-5328
	RESERVED
CVE-2015-5327 (Out-of-bounds memory read in the x509_decode_time function in ...)
	- linux <not-affected> (Only affected 4.3-rc1 onwards)
	- linux-2.6 <not-affected> (Only affected 4.3-rc1 onwards)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cc25b994acfbc901429da682d0f73c190e960206 (v4.4-rc1)
CVE-2015-5326 (Cross-site scripting (XSS) vulnerability in the slave overview page in ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5325 (Jenkins before 1.638 and LTS before 1.625.2 allow attackers to bypass ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5324 (Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5323 (Jenkins before 1.638 and LTS before 1.625.2 do not properly restrict ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5322 (Directory traversal vulnerability in Jenkins before 1.638 and LTS ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5321 (The sidepanel widgets in the CLI command overview and help pages in ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5320 (Jenkins before 1.638 and LTS before 1.625.2 do not properly verify the ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5319 (XML external entity (XXE) vulnerability in the create-job CLI command ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5318 (Jenkins before 1.638 and LTS before 1.625.2 uses a publicly accessible ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5317 (The Fingerprints pages in Jenkins before 1.638 and LTS before 1.625.2 ...)
	- jenkins <removed>
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11
CVE-2015-5316 (The eap_pwd_perform_confirm_exchange function in eap_peer/eap_pwd.c in ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804710)
	[wheezy] - wpa <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
	- wpasupplicant <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v2.3-v2.5 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-8/
	NOTE: https://w1.fi/security/2015-8/eap-pwd-unexpected-confirm.txt
	NOTE: https://w1.fi/security/2015-8/0001-EAP-pwd-peer-Fix-error-path-for-unexpected-Confirm-m.patch
CVE-2015-5315 (The eap_pwd_process function in eap_peer/eap_pwd.c in wpa_supplicant ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804708)
	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-7/
	NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-peer-Fix-last-fragment-length-validation.patch
CVE-2015-5314 (The eap_pwd_process function in eap_server/eap_server_pwd.c in hostapd ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804708)
	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-7/
	NOTE: https://w1.fi/security/2015-7/eap-pwd-missing-last-fragment-length-validation.txt
	NOTE: https://w1.fi/security/2015-7/0001-EAP-pwd-server-Fix-last-fragment-length-validation.patch
CVE-2015-5313 (Directory traversal vulnerability in the ...)
	- libvirt 1.3.0-1 (bug #808273)
	[jessie] - libvirt 1.2.9-9+deb8u2
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=034e47c338b13a95cf02106a3af912c1c5f818d7
	NOTE: Broken by: https://libvirt.org/git/?p=libvirt.git;a=commit;h=c930410bebae0a45889b992a7932c663b06cbbcd (v1.1.0-rc1)
	NOTE: http://security.libvirt.org/2015/0004.html
CVE-2015-5312 (The xmlStringLenDecodeEntities function in parser.c in libxml2 before ...)
	{DSA-3430-1 DLA-373-1}
	- libxml2 2.9.3+dfsg1-1
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=69030714cde66d525a8884bda01b9e8f0abf8e1e (v2.9.3)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756733 (upstream bug not yet open)
CVE-2015-5311 (PowerDNS (aka pdns) Authoritative Server 3.4.4 before 3.4.7 allows ...)
	- pdns 3.4.7-1
	[jessie] - pdns <not-affected> (Only 3.4.4 and later affected)
	[wheezy] - pdns <not-affected> (Only 3.4.4 and later affected)
	[squeeze] - pdns <not-affected> (Only 3.4.4 and later affected)
	- pdns-recursor <not-affected> (recursor not affected)
	NOTE: http://www.openwall.com/lists/oss-security/2015/11/09/3
CVE-2015-5310 (The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not ...)
	{DSA-3397-1}
	- wpa 2.3-2.3 (bug #804707)
	[wheezy] - wpa <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
	- wpasupplicant <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
	- hostapd <not-affected> (v2.0-v2.5 with CONFIG_WNM=y)
	NOTE: http://w1.fi/security/2015-6/
	NOTE: https://w1.fi/security/2015-6/0001-WNM-Ignore-Key-Data-in-WNM-Sleep-Mode-Response-frame.patch
	NOTE: https://w1.fi/security/2015-6/wpa_supplicant-unauthorized-wnm-sleep-mode-gtk-control.txt
CVE-2015-5309 (Integer overflow in the terminal emulator in PuTTY before 0.66 allows ...)
	{DSA-3409-1 DLA-347-1}
	- putty 0.66-1
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
	NOTE: http://tartarus.org/~simon-git/gitweb/?p=putty.git;a=commitdiff;h=6056396f77cafc7e40da4d09f1d6212408dcb065
CVE-2015-5308 (Multiple SQL injection vulnerabilities in cs_admin_users.php in the ...)
	NOT-FOR-US: wp-championship plugin for WordPress
CVE-2015-5307 (The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x ...)
	{DSA-3454-1 DSA-3414-1 DSA-3396-1 DLA-479-1}
	- linux 4.2.6-1
	- linux-2.6 <removed>
	- xen 4.8.0~rc3-1 (bug #823620)
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-156.html
	- virtualbox 5.0.10-dfsg-1
	[wheezy] - virtualbox <end-of-life> (DSA 3454)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html#AppendixOVIR
CVE-2015-5306 (OpenStack Ironic Inspector (aka ironic-inspector or ironic-discoverd), ...)
	- ironic-inspector 3.2.0-1
	NOTE: https://bugs.launchpad.net/ironic-inspector/+bug/1506419
CVE-2015-5305 (Directory traversal vulnerability in Kubernetes, as used in Red Hat ...)
	- kubernetes <not-affected> (Fixed before the initial release in Debian, 1.2.0)
	NOTE: https://github.com/kubernetes/kubernetes/pull/15975
CVE-2015-5304 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.4.5 does ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2015-5303 (The TripleO Heat templates (tripleo-heat-templates), when deployed via ...)
	- tripleo-heat-templates 5.2.0-1 (bug #851396)
CVE-2015-5302 (libreport 2.0.7 before 2.6.3 only saves changes to the first file when ...)
	NOT-FOR-US: abrt/libreport
CVE-2015-5301 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
	- ipsilon <itp> (bug #826838)
CVE-2015-5300 (The panic_gate check in NTP before 4.2.8p5 is only re-enabled after ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p4+dfsg-2
	NOTE: https://www.cs.bu.edu/~goldbe/NTPattack.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1271076
CVE-2015-5299 (The shadow_copy2_get_shadow_copy_data function in ...)
	{DSA-3433-1 DLA-379-1}
	- samba 2:4.1.22+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5299.html
CVE-2015-5298 [Google Login Plugin for Jenkins authentication bypass]
	RESERVED
	NOT-FOR-US: Plugin not packaged in Debian
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-10-12
CVE-2015-5297
	RESERVED
CVE-2015-5296 (Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, and 4.3.x before ...)
	{DSA-3433-1 DLA-379-1}
	- samba 2:4.1.22+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5296.html
CVE-2015-5295 (The template-validate command in OpenStack Orchestration API (Heat) ...)
	- heat 1:6.0.0~rc3-1
	[jessie] - heat <no-dsa> (Minor issue)
	NOTE: Affects: <=2015.1.2, ==5.0.0
CVE-2015-5294
	REJECTED
CVE-2015-5293 (Red Hat Enterprise Virtualization Manager 3.6 and earlier gives valid ...)
	NOT-FOR-US: RHEV
CVE-2015-5292 (Memory leak in the Privilege Attribute Certificate (PAC) responder ...)
	- sssd 1.13.1-1
	[jessie] - sssd <no-dsa> (Minor issue; responder not built)
	NOTE: binary package has the sssd_pac_plugin.so but the responder
	NOTE: part is not build.
	[wheezy] - sssd <not-affected> (vulnerable code not present)
	[squeeze] - sssd <not-affected> (vulnerable code not present)
	NOTE: https://fedorahosted.org/sssd/ticket/2803
	NOTE: https://fedorahosted.org/sssd/attachment/ticket/2803/0001-Fix-memory-leak-in-sssdpac_verify.patch
CVE-2015-5291 (Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed ...)
	{DSA-3468-1 DLA-331-1}
	- mbedtls <not-affected> (Fixed before the initial release to Debian)
	[experimental] - polarssl 1.3.14-0.1
	- polarssl <unfixed> (bug #801413)
	NOTE: https://tls.mbed.org/tech-updates/security-advisories/mbedtls-security-advisory-2015-01
CVE-2015-5290 [Remote denial of service using MONITOR command]
	RESERVED
	- charybdis 3.4.2-5
	[jessie] - charybdis 3.4.2-5~deb8u1
	[wheezy] - charybdis <no-dsa> (Minor issue)
	- ircd-ratbox <removed> (bug #805065)
	[jessie] - ircd-ratbox <no-dsa> (Minor issue)
	[wheezy] - ircd-ratbox <no-dsa> (Minor issue)
	[squeeze] - ircd-ratbox <no-dsa> (Slow leak; workaround is available)
	NOTE: http://elemental-ircd.com/security/e50b0d59-f3c5-4472-a3cd-e2e07731417c/
CVE-2015-5289 (Multiple stack-based buffer overflows in json parsing in PostgreSQL ...)
	{DSA-3374-1}
	- postgresql-9.4 9.4.5-1
	- postgresql-9.1 <not-affected> (no json datatype)
	- postgresql-8.4 <not-affected> (no json datatype)
CVE-2015-5288 (The crypt function in contrib/pgcrypto in PostgreSQL before 9.0.23, ...)
	{DSA-3475-1 DSA-3374-1 DLA-329-1}
	- postgresql-9.4 9.4.5-1
	- postgresql-9.1 <removed>
	[jessie] - postgresql-9.1 <not-affected> (postgresql-9.1 in jessie only provides PL/Perl)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
	[squeeze] - postgresql-8.4 <no-dsa> (minor issue)
CVE-2015-5287 (The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-5286 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
	- glance 1:11.0.0-1 (bug #800741)
	[jessie] - glance <not-affected> (Vulnerable code not present)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: jessie: According to confirmation via upstream the fix for CVE-2014-9623
	NOTE: was complete here so CVE-2015-5286 not affecting jessie.
	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
CVE-2015-5285 (CRLF injection vulnerability in Kallithea before 0.3 allows remote ...)
	- kallithea <itp> (bug #689573)
CVE-2015-5284 (ipa-kra-install in FreeIPA before 4.2.2 puts the CA agent certificate ...)
	- freeipa <not-affected> (Introduced in 4.2)
	NOTE: https://fedorahosted.org/freeipa/ticket/5347
	NOTE: Upstream commit: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=55a66ccba3e2181a50e7733b7476991975b7455f
CVE-2015-5283 (The sctp_init function in net/sctp/protocol.c in the Linux kernel ...)
	- linux 4.2.1-2
	[jessie] - linux 3.16.7-ckt11-1+deb8u5
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e2d61e0aed2b7c4ecb35844fe07e0b2b762dee4 (v4.3-rc3)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4db67e808640e3934d82ce61ee8e2e89fd877ba8 (v3.7-rc1)
CVE-2015-5282 (Cross-site scripting (XSS) vulnerability in Foreman 1.7.0 and after. ...)
	- foreman <itp> (bug #663101)
CVE-2015-5281 (The grub2 package before 2.02-0.29 in Red Hat Enterprise Linux (RHEL) ...)
	- grub2 <not-affected> (SecureBoot not yet supported)
CVE-2015-5280
	REJECTED
CVE-2015-5279 (Heap-based buffer overflow in the ne2000_receive function in ...)
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-3 (bug #799074)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03984.html
CVE-2015-5278 [net: avoid infinite loop when receiving packets]
	RESERVED
	{DSA-3362-1 DSA-3361-1}
	- qemu 1:2.4+dfsg-3 (bug #799073)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-09/msg03985.html
	NOTE: Possibly introduced around http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0ae045ae439ad83692ad039a554f7d62acf9de5c (v0.9.1)
CVE-2015-5277 (The get_contents function in nss_files/files-XXX.c in the Name Service ...)
	- glibc 2.21-1 (bug #799966)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed>
	[wheezy] - eglibc <not-affected> (Vulnerable code not present)
	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
CVE-2015-5276 (The std::random_device class in libstdc++ in the GNU Compiler ...)
	- gcc-5 5.3.0-1
	- gcc-4.9 4.9.3-5
	[jessie] - gcc-4.9 <no-dsa> (Minor issue)
	NOTE: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=65142
	NOTE: Upstream commit: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=227687
CVE-2015-5275
	REJECTED
CVE-2015-5274 (rubygem-openshift-origin-console in Red Hat OpenShift 2.2 allows ...)
	NOT-FOR-US: OpenShift
CVE-2015-5273 (The abrt-action-install-debuginfo-to-abrt-cache help program in ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-5272 (The Forum module in Moodle 2.7.x before 2.7.10 allows remote ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50576
CVE-2015-5271 (The TripleO Heat templates (tripleo-heat-templates) do not properly ...)
	- tripleo-heat-templates <not-affected> (Vulnerability introduced later)
	NOTE: Fixed by: https://github.com/openstack/tripleo-heat-templates/commit/1730d95acdbee7c7bbcfe1eba8a48ef2b0cc1476
	NOTE: Introduced by: https://github.com/openstack/tripleo-heat-templates/commit/65d64b6a52366f36955e5e48a29f4ef0ca2ff973 (0.8.2) [Puppet: Swift Overcloud Proxy/Storage support]
	NOTE: https://bugs.launchpad.net/tripleo/+bug/1494896
CVE-2015-5270
	REJECTED
CVE-2015-5269 (Cross-site scripting (XSS) vulnerability in group/overview.php in ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709
CVE-2015-5268 (The rating component in Moodle through 2.6.11, 2.7.x before 2.7.10, ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50173
CVE-2015-5267 (lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50860
CVE-2015-5266 (The enrol_meta_sync function in enrol/meta/locallib.php in Moodle ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50744
CVE-2015-5265 (The wiki component in Moodle through 2.6.11, 2.7.x before 2.7.10, ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48371
CVE-2015-5264 (The lesson module in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x ...)
	- moodle 2.7.10+dfsg-1 (bug #799634)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50516
CVE-2015-5263 (pulp-consumer-client 2.4.0 through 2.6.3 does not check the server's ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2015-5262 (http/conn/ssl/SSLConnectionSocketFactory.java in Apache HttpComponents ...)
	{DLA-322-1}
	- httpcomponents-client 4.3.6-1 (low)
	[jessie] - httpcomponents-client <no-dsa> (Minor issue)
	[squeeze] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
	[wheezy] - httpcomponents-client <not-affected> (Regression introduced in 4.3.0)
	- commons-httpclient 3.1-12 (bug #798650)
	[jessie] - commons-httpclient 3.1-11+deb8u1
	[wheezy] - commons-httpclient 3.1-10.2+deb7u2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1261538
	NOTE: https://issues.apache.org/jira/browse/HTTPCLIENT-1478 says it's really fixed in 4.3.6 and that 4.2.x did not have this bug.
	NOTE: Proposed patch for commons-httpclient: https://bugzilla.redhat.com/show_bug.cgi?id=1259892
	NOTE: Checked that both 4.0.1 (in Squeeze) and 4.1.1 (in Wheezy) have the call to set the timout before the SSL connection is opened.
	NOTE: Jessie's 4.3.5-2 is however missing the upstream patch: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.3.x/httpclient/src/main/java/org/apache/http/conn/ssl/SSLConnectionSocketFactory.java?r1=1560975&r2=1626784
CVE-2015-5261 (Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS ...)
	{DSA-3371-1}
	- spice 0.12.5-1.3 (bug #801091)
CVE-2015-5260 (Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS ...)
	{DSA-3371-1}
	- spice 0.12.5-1.3 (bug #801089)
CVE-2015-5259 (Integer overflow in the read_string function in ...)
	- subversion 1.9.3-1
	[jessie] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
	[wheezy] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
	[squeeze] - subversion <not-affected> (Only affects 1.9.0 through 1.9.2 (inclusive))
	NOTE: https://subversion.apache.org/security/CVE-2015-5259-advisory.txt
CVE-2015-5258 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: springframework-social
CVE-2015-5257 (drivers/usb/serial/whiteheat.c in the Linux kernel before 4.2.4 allows ...)
	{DSA-3372-1 DLA-325-1}
	- linux 4.2.1-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cbb4be652d374f64661137756b8f357a1827d6a4 (v4.3-rc3)
CVE-2015-5256 (Apache Cordova-Android before 4.1.0, when an application relies on a ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-5255 (Adobe BlazeDS, as used in ColdFusion 10 before Update 18 and 11 before ...)
	NOT-FOR-US: Adobe
CVE-2015-5254 (Apache ActiveMQ 5.x before 5.13.0 does not restrict the classes that ...)
	{DSA-3524-1}
	- activemq 5.13.2+dfsg-1 (bug #809733)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-5254-announcement.txt
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=6f03921b31d9fefeddb0f4fa63150ed1f94a14b1 (5.11.x)
	NOTE: https://git-wip-us.apache.org/repos/asf?p=activemq.git;h=73a0caf758f9e4916783a205c7e422b4db27905c (5.11.x)
	NOTE: Patch applied to Fedora (5.6.0 based version): http://pkgs.fedoraproject.org/cgit/activemq.git/diff/activemq-5.6.0-CVE-2015-5254.patch?id=e3ef8a1b62d10273a814090be9168aa3019ace72
	NOTE: https://issues.apache.org/jira/browse/AMQ-6013
CVE-2015-5253 (The SAML Web SSO module in Apache CXF before 2.7.18, 3.0.x before ...)
	NOT-FOR-US: Apache CXF
CVE-2015-5252 (vfs.c in smbd in Samba 3.x and 4.x before 4.1.22, 4.2.x before 4.2.7, ...)
	{DSA-3433-1 DLA-379-1}
	- samba 2:4.1.22+dfsg-1
	NOTE: https://www.samba.org/samba/security/CVE-2015-5252.html
CVE-2015-5251 (OpenStack Image Service (Glance) before 2014.2.4 (juno) and 2015.1.x ...)
	- glance 1:11.0.0-1 (bug #799931)
	[jessie] - glance 2014.1.3-12+deb8u1
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: <=2014.2.3, >=2015.1.0, <=2015.1.1
CVE-2015-5250 (The API server in OpenShift Origin 1.0.5 allows remote attackers to ...)
	NOT-FOR-US: OpenShift
CVE-2015-5249
	REJECTED
CVE-2015-5248 (Reflected file download vulnerability in Red Hat Feedhenry Enterprise ...)
	NOT-FOR-US: Red Hat Mobile
CVE-2015-5247 (The virStorageVolCreateXML API in libvirt 1.2.14 through 1.2.19 allows ...)
	- libvirt 1.2.20-1 (bug #799132)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced later)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: http://security.libvirt.org/2015/0003.html
	NOTE: Broken by https://libvirt.org/git/?p=libvirt.git;a=commit;h=155ca616eb231181f6978efc9e3a1eb0eb60af8a (v1.2.14-rc1)
	NOTE: and by https://libvirt.org/git/?p=libvirt.git;a=commit;h=7c2d65dde2595c07d56aad1e043f7b1836592d89 (v1.2.16-rc1)
CVE-2015-5246 (The LDAP Authentication functionality in Foreman might allow remote ...)
	- foreman <itp> (bug #663101)
CVE-2015-5245 (CRLF injection vulnerability in the Ceph Object Gateway (aka radosgw ...)
	[experimental] - ceph 0.94.3-1
	- ceph 0.80.10-1 (bug #798567)
	[jessie] - ceph 0.80.7-2+deb8u1
	NOTE: http://tracker.ceph.com/issues/12537
	NOTE: https://github.com/ceph/ceph/pull/5430
CVE-2015-5244 (The NSSCipherSuite option with ciphersuites enabled in mod_nss before ...)
	- libapache2-mod-nss 1.0.12-1 (bug #799464)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced in https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.0.11)
	NOTE: Fixed by https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=34e1ccecb4a7d5054dba2f92b403af9b6ae1e110 (1.0.12)
CVE-2015-5243
	RESERVED
CVE-2015-5242 (OpenStack Swift-on-File (aka Swiftonfile) does not properly restrict ...)
	NOT-FOR-US: swiftonfile
CVE-2015-5241 (After logging into the portal, the logout jsp page redirects the ...)
	NOT-FOR-US: Apache jUDDI
CVE-2015-5240 (Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before ...)
	- neutron 1:7.0.0-1
	[jessie] - neutron <no-dsa> (Minor issue)
	NOTE: versions through 2014.2.3 and 2015.1 versions through 2015.1.1
CVE-2015-5239 [Integer overflow in vnc_client_read() and protocol_client_msg()]
	RESERVED
	{DLA-574-1 DLA-573-1}
	- qemu 2.1+dfsg-1
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=f9a70e79391f6d7c2a912d785239ee8effc1922d (v2.1.0-rc0)
CVE-2015-5238
	RESERVED
CVE-2015-5237 (protobuf allows remote authenticated attackers to cause a heap-based ...)
	- protobuf <unfixed> (unimportant)
	NOTE: https://github.com/google/protobuf/issues/760
	NOTE: Upstream doesn't consider this a real issue in practice.
CVE-2015-5236
	RESERVED
CVE-2015-5235 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly ...)
	- icedtea-web 1.6.1-1 (bug #798467)
	[jessie] - icedtea-web 1.5.3-1
	[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5234 (IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly ...)
	- icedtea-web 1.6.1-1 (bug #798467)
	[jessie] - icedtea-web 1.5.3-1
	[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2015-5233 (Foreman before 1.8.4 and 1.9.x before 1.9.1 do not properly apply ...)
	- foreman <itp> (bug #663101)
CVE-2015-5232 (Race conditions in opa-fm before 10.4.0.0.196 and opa-ff before ...)
	NOT-FOR-US: OPA Fabric Manager and OPA tools and Fast Fabric
CVE-2015-5231 (The service daemon in CRIU does not properly restrict access to ...)
	- criu 1.8-2 (bug #797110)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1256728
CVE-2015-5230
	RESERVED
	{DSA-3347-1}
	- pdns 3.4.6-1
	[wheezy] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
	[squeeze] - pdns <not-affected> (Only affects 3.4.0-3.4.5)
	NOTE: https://downloads.powerdns.com/patches/2015-02/
CVE-2015-5229 (The calloc function in the glibc package in Red Hat Enterprise Linux ...)
	- glibc <not-affected> (RHEL-specific backport)
	- eglibc <not-affected> (RHEL-specific backport)
CVE-2015-5228 (The service daemon in CRIU creates log and dump files insecurely, ...)
	- criu 1.8-2 (bug #797111)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1255782
CVE-2015-5227 (The Landing Pages plugin before 1.9.2 for WordPress allows remote ...)
	NOT-FOR-US: Landing Pages plugin for WordPress
CVE-2015-5226
	REJECTED
CVE-2015-5225 (Buffer overflow in the vnc_refresh_server_surface function in the VNC ...)
	{DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #796465)
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced in 2.1.0)
	- qemu-kvm <not-affected> (Vulnerable code introduced in 2.1.0)
	NOTE: Fix: https://lists.gnu.org/archive/html/qemu-devel/2015-08/msg02495.html
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commit;h=bea60dd7679364493a0d7f5b (v2.1.0-rc0)
CVE-2015-5224 (The mkostemp function in login-utils in util-linux when used ...)
	[experimental] - util-linux 2.27~rc2-2
	- util-linux 2.27-1 (unimportant)
	NOTE: chfn/chsh not built in util-linux in Debian (--disable-chfn-chsh)
	NOTE: https://github.com/karelzak/util-linux/commit/bde91c85bdc77975155058276f99d2e0f5eab5a9 (v2.27-rc2)
CVE-2015-5223 (OpenStack Object Storage (Swift) before 2.4.0 allows attackers to ...)
	- swift 2.4.0-1 (bug #797032)
	[jessie] - swift 2.2.0-1+deb8u1
	[wheezy] - swift <no-dsa> (Minor issue)
CVE-2015-5222 (Red Hat OpenShift Enterprise 3.0.0.0 does not properly check ...)
	NOT-FOR-US: OpenShift
CVE-2015-5221 (Use-after-free vulnerability in the mif_process_cmpt function in ...)
	- jasper <removed> (bug #796253)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/20/4
CVE-2015-5220 (The Web Console in Red Hat Enterprise Application Platform (EAP) ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-5219 (The ULOGTOD function in ntp.d in SNTP before 4.2.7p366 does not ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: https://github.com/ntp-project/ntp/commit/5f295cd05c3c136d39f5b3e500a2d781bdbb59c8
CVE-2015-5218 (Buffer overflow in text-utils/colcrt.c in colcrt in util-linux before ...)
	- util-linux 2.27-1 (unimportant; bug #798067)
	NOTE: https://www.spinics.net/lists/util-linux-ng/msg11873.html
CVE-2015-5217 (providers/saml2/admin.py in the Identity Provider (IdP) server in ...)
	- ipsilon <itp> (bug #826838)
CVE-2015-5216
	RESERVED
	- ipsilon <itp> (bug #826838)
CVE-2015-5215
	RESERVED
	- ipsilon <itp> (bug #826838)
CVE-2015-5214 (LibreOffice before 4.4.6 and 5.x before 5.0.1 and Apache OpenOffice ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc2-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5214/
CVE-2015-5213 (Integer overflow in LibreOffice before 4.4.5 and Apache OpenOffice ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5213/
CVE-2015-5212 (Integer underflow in LibreOffice before 4.4.5 and Apache OpenOffice ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-5212/
CVE-2015-5211 (Under some situations, the Spring Framework 4.2.0 to 4.2.1, 4.0.0 to ...)
	- libspring-java 4.1.9-1
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://jira.spring.io/browse/SPR-13548
	NOTE: https://github.com/spring-projects/spring-framework/commit/2bd1da
	NOTE: https://github.com/spring-projects/spring-framework/commit/a95c3d
	NOTE: https://github.com/spring-projects/spring-framework/commit/03f547
	NOTE: https://pivotal.io/security/cve-2015-5211
CVE-2015-5210 (Open redirect vulnerability in Apache Ambari before 2.1.2 allows ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-5209 (Apache Struts 2.x before 2.3.24.1 allows remote attackers to ...)
	- libstruts1.2-java <removed>
	[wheezy] - libstruts1.2-java <not-affected> (Only affects versions >= 2.x)
	NOTE: https://struts.apache.org/docs/s2-026.html
CVE-2015-5208 (Apache Cordova iOS before 4.0.0 allows remote attackers to execute ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-5207 (Apache Cordova iOS before 4.0.0 might allow attackers to bypass a URL ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-5206 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
	- trafficserver 6.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
CVE-2015-5205
	REJECTED
CVE-2015-5204 (CRLF injection vulnerability in the Apache Cordova File Transfer ...)
	NOT-FOR-US: Apache Cordova Android File Transfer Plugin
CVE-2015-5203 (Double free vulnerability in the jasper_image_stop_load function in ...)
	- jasper <removed> (bug #796107)
	[jessie] - jasper <no-dsa> (Minor issue)
	[wheezy] - jasper <no-dsa> (Minor issue)
	[squeeze] - jasper <no-dsa> (Minor issue)
	NOTE: Analysis/More information: https://bugzilla.redhat.com/show_bug.cgi?id=1254242#c3
	NOTE: The patch http://sf.net/projects/mancha/files/sec/jasper-1.900.1_CVE-2015-5203.diff
	NOTE: breaks ABI.
CVE-2015-5202 (Red Hat Satellite 6 allows remote authenticated users with privileged ...)
	NOT-FOR-US: Satellite6
CVE-2015-5201
	RESERVED
	NOT-FOR-US: Red Hat vdms
CVE-2015-5200 (The trace functionality in libvdpau before 1.1.1, when used in a ...)
	{DSA-3355-1 DLA-306-1}
	- libvdpau 1.1.1-1 (bug #797895)
	NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
	NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
CVE-2015-5199 (Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 ...)
	{DSA-3355-1 DLA-306-1}
	- libvdpau 1.1.1-1 (bug #797895)
	NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
	NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
CVE-2015-5198 (libvdpau before 1.1.1, when used in a setuid or setgid application, ...)
	{DSA-3355-1 DLA-306-1}
	- libvdpau 1.1.1-1 (bug #797895)
	NOTE: http://lists.x.org/archives/xorg-announce/2015-August/002630.html
	NOTE: http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4
CVE-2015-5197
	REJECTED
CVE-2015-5196
	REJECTED
CVE-2015-5195 (ntp_openssl.m4 in ntpd in NTP before 4.2.7p112 allows remote attackers ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: https://github.com/ntp-project/ntp/commit/52e977d79a0c4ace997e5c74af429844da2f27be
CVE-2015-5194 (The log_config_command function in ntp_parser.y in ntpd in NTP before ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1 (low)
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: https://github.com/ntp-project/ntp/commit/553f2fa65865c31c5e3c48812cfd46176cffdd27
	NOTE: Fixed in 4.2.7p42
CVE-2015-5193
	REJECTED
CVE-2015-5192
	REJECTED
CVE-2015-5191 (VMware Tools prior to 10.0.9 contains multiple file system races in ...)
	- open-vm-tools 2:10.1.5-5055683-5 (low; bug #869633)
	[stretch] - open-vm-tools 2:10.1.5-5055683-4+deb9u1
	[jessie] - open-vm-tools <not-affected> (Vulnerable code not present)
	[wheezy] - open-vm-tools <not-affected> (Vulnerable code not present)
	NOTE: 9.10.x: https://github.com/vmware/open-vm-tools/commit/c1304ce8bfd9c0c33999e496bf7049d5c3d45821
	NOTE: 10.0.x: https://github.com/vmware/open-vm-tools/commit/b3068b04880eda4ca3e13f2d34fb8ce336ad1a4f
	NOTE: 10.1.x: https://github.com/vmware/open-vm-tools/commit/22e58289f71232310d30cf162b83b5151a937bac
CVE-2015-5190 (The pcsd web UI in PCS 0.9.139 and earlier allows remote authenticated ...)
	- pcs <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/feist/pcs/commit/634f6d93e4091946441f366e29859ed64a2c977a (0.9.144)
CVE-2015-5189 (Race condition in pcsd in PCS 0.9.139 and earlier uses a global ...)
	- pcs <not-affected> (Fixed before the initial release in Debian)
	NOTE: Patch in Fedora: http://pkgs.fedoraproject.org/cgit/rpms/pcs.git/plain/fixed-session-and-cookies-processing.patch?h=f22&id=c4b5ad398cb011cdf31374d37943b6593411ae65
	NOTE: Patch in CentOS 7 corresponding to RHSA-2015:1700: https://git.centos.org/blob/rpms!pcs/bafb6400d552c4d9e9cb46ddbe523e8f47e0de63/SOURCES!bz1253289-fixed-session-and-cookies-processing.patch
CVE-2015-5188 (Cross-site request forgery (CSRF) vulnerability in the Web Console ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-5187 (Candlepin allows remote attackers to obtain sensitive information by ...)
	NOT-FOR-US: candlepin / subscription-manager
CVE-2015-5186 (Audit before 2.4.4 in Linux does not sanitize escape characters in ...)
	- audit 1:2.4.4-1 (unimportant; bug #795457)
	NOTE: Hardening, not a vulnerability. This is treated as a vulnerability in terminal emulators
	NOTE: https://fedorahosted.org/audit/changeset/1122
CVE-2015-5185 (The lookupProviders function in providerMgr.c in sblim-sfcb 1.3.4 and ...)
	- sblim-sfcb <itp> (bug #754493)
CVE-2015-5184 (The Hawtio console in A-MQ allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5183 (The Hawtio console in A-MQ does not set HTTPOnly or Secure attributes ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5182 (Cross-site request forgery (CSRF) vulnerability in the jolokia API in ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5181 (The JBoss console in A-MQ allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: A-MQ's Hawtio console
CVE-2015-5180 (res_query in libresolv in glibc before 2.25 allows remote attackers to ...)
	- glibc 2.24-9 (low; bug #796106)
	[jessie] - glibc <no-dsa> (Minor issue, too intrusive to backport)
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	[squeeze] - eglibc <no-dsa> (Minor issue)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18784
	NOTE: Originally proposed for jessie 8.8, but breaks the NSS ABI so was retracted
CVE-2015-5179 (FreeIPA might display user data improperly via vectors involving ...)
	- freeipa <unfixed> (bug #795399)
	NOTE: https://fedorahosted.org/freeipa/ticket/5153
CVE-2015-5178 (The Management Console in Red Hat Enterprise Application Platform ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-5177 (Double free vulnerability in the SLPDKnownDAAdd function in ...)
	{DSA-3353-1 DLA-304-1}
	- openslp-dfsg 1.2.1-11 (bug #795429)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5177
CVE-2015-5176 (The PortletRequestDispatcher in PortletBridge, as used in Red Hat ...)
	NOT-FOR-US: PortletBridge component in JBoss Portal
CVE-2015-5175 (Application plugins in Apache CXF Fediz before 1.1.3 and 1.2.x before ...)
	NOT-FOR-US: Apache CXF Fediz
CVE-2015-5174 (Directory traversal vulnerability in RequestUtil.java in Apache Tomcat ...)
	{DSA-3609-1 DSA-3552-1 DSA-3530-1 DLA-435-1}
	- tomcat8 8.0.28-1
	- tomcat7 7.0.68-1
	- tomcat6 6.0.41-3
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	NOTE: Fixed in 6.0.45, 7.0.65, 8.0.27
CVE-2015-5173 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5172 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5171 (The password change functionality in Cloud Foundry Runtime cf-release ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5170 (Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and ...)
	NOT-FOR-US: Cloud Foundry Runtime cf-release
CVE-2015-5169 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
CVE-2015-5168 (Unspecified vulnerability in the HTTP/2 experimental feature in Apache ...)
	- trafficserver 6.0.0-1
	[wheezy] - trafficserver <not-affected> (Vulnerable code not present)
CVE-2015-5167 (The Policy Admin Tool in Apache Ranger before 0.5.1 allows remote ...)
	NOT-FOR-US: Apache Ranger
CVE-2015-5166 (Use-after-free vulnerability in QEMU in Xen 4.5.x and earlier does not ...)
	- qemu 1:2.4+dfsg-1a (bug #794611)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: pci_piix3_xen_ide_unplug introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=679f4f8b178e7c66fbc2f39c905374ee8663d5d8 (v1.0-rc0)
	NOTE: BlockDriverState converted to BlockBackend in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4be746345f13e99e468c60acbd3a355e8183e3ce (v2.2.0-rc0)
	NOTE: Fixed by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=6cd387833d05e8ad31829d97e474dc420625aed9 (v2.4.0-rc4)
	NOTE: http://xenbits.xen.org/xsa/advisory-139.html
CVE-2015-5165 (The C+ mode offload emulation in the RTL8139 network card device model ...)
	{DSA-3349-1 DSA-3348-1 DLA-479-1}
	- qemu 1:2.4+dfsg-1a (bug #794610)
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u9
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	- xen 4.4.0-1
	[wheezy] - xen <no-dsa> (Too intrusive to backport)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-140.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=39b8e7dcaf04cbdb926b478f825b160d852752b5
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d6812d60e7932de3cd0f602c0ee63dd3d09f1847
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e1c120a9c54872f8a538ff9129d928de4e865cbd
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=03247d43c577dfea8181cd40177ad5ba77c8db76
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=c6296ea88df040054ccd781f3945fe103f8c7c17
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=4240be45632db7831129f124bcf53c1223825b0f
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8357946b15f0a31f73dd691b7da95f29318ed310
CVE-2015-5164 (The Qpid server on Red Hat Satellite 6 does not properly restrict ...)
	NOT-FOR-US: Qpid server on Satellite6
CVE-2015-5163 (The import task action in OpenStack Image Service (Glance) 2015.1.x ...)
	- glance 2015.1.0-4 (bug #795453)
	[jessie] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
	[wheezy] - glance <not-affected> (Affects Glance 2015.1 versions trough 2015.1.1)
CVE-2015-5162 (The image parser in OpenStack Cinder 7.0.2 and 8.0.0 through 8.1.1; ...)
	- cinder 2:8.0.0-1
	[jessie] - cinder <no-dsa> (Minor issue)
	- glance 2:12.0.0-1 (low)
	[jessie] - glance <no-dsa> (Minor issue)
	[wheezy] - glance <end-of-life> (not supported in Wheezy)
	- nova 2:13.0.0-1 (low)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: Patches: http://www.openwall.com/lists/oss-security/2016/10/06/8
CVE-2015-5161 (The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework ...)
	{DSA-3340-1 DLA-302-1}
	- zendframework 1.12.14+dfsg-1
	- php-zend-xml 1.0.1-1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-06
	NOTE: Root issue already fixed in PHP 5.6.6, so this one is not relevant starting with Jessie
CVE-2015-5160 [Ceph id/key leaked in the process list]
	RESERVED
	- libvirt 2.2.0-1 (low; bug #796111)
	[jessie] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
	[wheezy] - libvirt <no-dsa> (Minor issue; needs changes first in QEMU)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
	NOTE: libvirt side fixed with: http://libvirt.org/git/?p=libvirt.git;a=commit;h=d53d465083edeb64cc7b78249c030734c0d91c6b
	NOTE: https://libvirt.org/git/?p=libvirt.git;a=commit;h=a1344f70a128921e7fe7213da7c1afbc962fba9c
	NOTE: and needs at least Qemu 2.6, which is satisfied in Stretch and later.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1182074 (not yet opened)
	NOTE: https://www.redhat.com/archives/libvir-list/2011-November/msg00853.html
	NOTE: Needs changes in QEMU for passing passwords. Affects at least iSCSI and rbd/ceph.
CVE-2015-5159
	RESERVED
	NOT-FOR-US: kdcproxy
CVE-2015-5158 (Stack-based buffer overflow in hw/scsi/scsi-bus.c in QEMU, when built ...)
	- qemu 1:2.4+dfsg-1a (bug #793388)
	[jessie] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2015-07/msg04558.html
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=1894df02811f6b79ea3ffbf1084599d96f316173 (v2.2.0-rc0)
CVE-2015-5157 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
	{DSA-3313-1}
	- linux 4.0.8-2
	[wheezy] - linux <not-affected> (Introduced in 3.3)
	- linux-2.6 <not-affected> (Introduced in 3.3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
	NOTE: Same fix as for CVE-2015-3290.
CVE-2015-5156 (The virtnet_probe function in drivers/net/virtio_net.c in the Linux ...)
	{DSA-3364-1 DLA-310-1}
	- linux 4.1.5-1
	- linux-2.6 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=143868216724068&w=2
CVE-2015-5155 [Packet with crafted "nextoffset" and "extid" values causes DoS]
	RESERVED
	- openslp-dfsg 1.2.1-8 (bug #623551)
	[squeeze] - openslp-dfsg 1.2.1-7.8+deb6u1
	NOTE: duplicate of CVE-2010-3609
CVE-2015-5154 (Heap-based buffer overflow in the IDE subsystem in QEMU, as used in ...)
	{DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #793811)
	[wheezy] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
	[squeeze] - qemu <not-affected> (Vulnerable code not present, introduced in 1.3)
	- qemu-kvm <not-affected> (Vulnerable code not present, introduced in 1.3)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code not present, introduced in 4.2)
	[squeeze] - xen <not-affected> (Vulnerable code not present, introduced in 4.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-138.html
	NOTE: qemu patches:
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=d2ff85854512574e7209f295e87b0835d5b032c6
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=cb72cba83021fa42719e73a5249c12096a4d1cfc
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=03441c3a4a42beb25460dd11592539030337d0f8
	NOTE: Introduced by: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=ce560dcf20c14194db5ef3b9fc1ea592d4e68109 (v1.3.0-rc0)
CVE-2015-5153 (Pulp does not remove permissions for named objects upon deletion, ...)
	NOT-FOR-US: Pulp (Red Hat)
CVE-2015-5152 (Foreman after 1.1 and before 1.9.0-RC1 does not redirect HTTP requests ...)
	- foreman <itp> (bug #663101)
CVE-2015-5151 (Cross-site scripting (XSS) vulnerability in the Slider Revolution ...)
	NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
CVE-2015-5150 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ...)
	NOT-FOR-US: Zoho ManageEngine SupportCenter Plus
CVE-2015-5149 (Directory traversal vulnerability in Zoho ManageEngine SupportCenter ...)
	NOT-FOR-US: Zoho ManageEngine SupportCenter Plus
CVE-2015-5148 (SQL injection vulnerability in LivelyCart 1.2.0 allows remote ...)
	NOT-FOR-US: LivelyCart
CVE-2015-5145 (validators.URLValidator in Django 1.8.x before 1.8.3 allows remote ...)
	- python-django <not-affected> (Vulnerable code not present)
	NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
CVE-2015-5144 (Django before 1.4.21, 1.5.x through 1.6.x, 1.7.x before 1.7.9, and ...)
	{DSA-3305-1 DLA-272-1}
	- python-django 1.7.9-1
	NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-5144 has split out patches
CVE-2015-5143 (The session backends in Django before 1.4.21, 1.5.x through 1.6.x, ...)
	{DSA-3305-1 DLA-272-1}
	- python-django 1.7.9-1
	NOTE: https://www.djangoproject.com/weblog/2015/jul/08/security-releases/
CVE-2015-5142
	RESERVED
CVE-2015-5141
	RESERVED
CVE-2015-5140
	RESERVED
CVE-2015-5139
	RESERVED
CVE-2015-5138
	RESERVED
CVE-2015-5137
	RESERVED
CVE-2015-5136
	RESERVED
CVE-2015-5135
	RESERVED
CVE-2015-5134 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5133 (Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5132 (Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5131 (Buffer overflow in Adobe Flash Player before 18.0.0.232 on Windows and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5130 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5129 (Heap-based buffer overflow in Adobe Flash Player before 18.0.0.232 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5128
	REJECTED
CVE-2015-5127 (Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5126
	REJECTED
CVE-2015-5125 (Adobe Flash Player before 18.0.0.232 on Windows and OS X and before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5124 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5123 (Use-after-free vulnerability in the BitmapData class in the ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5122 (Use-after-free vulnerability in the DisplayObject class in the ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5121 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute ...)
	NOT-FOR-US: Shockwave
CVE-2015-5120 (Adobe Shockwave Player before 12.1.9.159 allows attackers to execute ...)
	NOT-FOR-US: Shockwave
CVE-2015-5119 (Use-after-free vulnerability in the ByteArray class in the ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5118 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5117 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5116 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-5115 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5114 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5113 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5112
	REJECTED
CVE-2015-5111 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5110 (Stack-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5109 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5108 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5107 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5106 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5105 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5104 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5103 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5102 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5101 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5100 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5099 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5098 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5097 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5096 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5095 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5094 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5093 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.15 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5092 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5091 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5090 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5089 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5088 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5087 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5086 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5085 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-5084 (The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite ...)
	NOT-FOR-US: Siemens
CVE-2015-5083
	RESERVED
CVE-2015-5082 (Endian Firewall before 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: Endian Firewall
CVE-2015-5080 (The Management Interface in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix
CVE-2015-5079 (Directory traversal vulnerability in widgets/logs.php in BlackCat CMS ...)
	NOT-FOR-US: BlackCat CMS
CVE-2015-5078 (SQL injection vulnerability in the insert function in ...)
	- limesurvey <itp> (bug #472802)
CVE-2015-5077
	RESERVED
CVE-2015-5076 (Multiple cross-site scripting (XSS) vulnerabilities in X2Engine X2CRM ...)
	NOT-FOR-US: X2Engine
CVE-2015-5075 (Cross-site request forgery (CSRF) vulnerability in X2Engine X2CRM ...)
	NOT-FOR-US: X2Engine
CVE-2015-5074 (Incomplete blacklist vulnerability in the FileUploadsFilter class in ...)
	NOT-FOR-US: X2Engine
CVE-2015-5072
	RESERVED
CVE-2015-5071
	RESERVED
CVE-2014-9735 (The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for ...)
	NOT-FOR-US: WordPress plugins ThemePunch Slider Revolution (revslider) and Showbiz Pro
CVE-2014-9734 (Directory traversal vulnerability in the Slider Revolution (revslider) ...)
	NOT-FOR-US: Slider Revolution (revslider) plugin for WordPress
CVE-2015-5146 (ntpd in ntp before 4.2.8p3 with remote configuration enabled allows ...)
	{DSA-3388-1 DLA-335-1}
	- ntp 1:4.2.8p3+dfsg-1
	[jessie] - ntp <no-dsa> (Minor issue)
	[wheezy] - ntp <no-dsa> (Minor issue)
	[squeeze] - ntp <no-dsa> (Minor issue)
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#June_2015_NTP_Security_Vulnerabi
CVE-2015-5352 (The x11_open_helper function in channels.c in ssh in OpenSSH before ...)
	{DLA-288-1}
	- openssh 1:6.9p1-1 (bug #790798)
	[jessie] - openssh <no-dsa> (Minor issue)
	[wheezy] - openssh <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/01/7
	NOTE: https://anongit.mindrot.org/openssh.git/commit/?h=V_6_9&id=1bf477d3cdf1a864646d59820878783d42357a1d
CVE-2015-5147 (Stack-based buffer overflow in the header_anchor function in the HTML ...)
	- ruby-redcarpet <not-affected> (Affects v3.3.0 - v3.3.1)
	NOTE: https://github.com/vmg/redcarpet/commit/2cee777c1e5babe8a1e2683d31ea75cc4afe55fb
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/29/3
CVE-2015-5081 (Cross-site request forgery (CSRF) vulnerability in django CMS before ...)
	- python-django-cms <itp> (bug #516183)
CVE-2015-5073 (Heap-based buffer overflow in the find_fixedlength function in ...)
	- pcre3 2:8.35-7 (bug #790000)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1651
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1571 (8.38)
	NOTE: Introduced in http://vcs.pcre.org/pcre?view=revision&revision=454 (8.00)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/26/1
CVE-2015-5068 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 ...)
	NOT-FOR-US: SAP
CVE-2015-5067 (The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP ...)
	NOT-FOR-US: SAP
CVE-2015-5066 (Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-5065 (Absolute path traversal vulnerability in proxy.php in the google ...)
	NOT-FOR-US: Paypal Currency Converter Basic For WooCommerce plugin for WordPress
CVE-2015-5064 (Multiple cross-site scripting (XSS) vulnerabilities in MySql Lite ...)
	NOT-FOR-US: MySql Lite Administrator
CVE-2015-5063 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
	- silverstripe <itp> (bug #528461)
CVE-2015-5062 (Open redirect vulnerability in SilverStripe CMS &amp; Framework 3.1.13 ...)
	- silverstripe <itp> (bug #528461)
CVE-2015-5061 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2015-5060 (Cross-site scripting (XSS) vulnerability in anchor-cms before 0.9-dev. ...)
	NOT-FOR-US: anchor-cms
CVE-2015-5058 (Memory leak in the virtual server component in F5 Big-IP LTM, AAM, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-5056
	RESERVED
CVE-2015-5055
	RESERVED
CVE-2015-5054 (Open redirect vulnerability in Ellucian (formerly SunGard) Banner ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-5053 (The host memory mapping path feature in the NVIDIA GPU graphics driver ...)
	- nvidia-graphics-drivers 352.41-1
	[jessie] - nvidia-graphics-drivers <not-affected> (Only affects R352 and R346 Linux branches)
	[wheezy] - nvidia-graphics-drivers <not-affected> (Only affects R352 and R346 Linux branches)
CVE-2015-5052 (SQL injection vulnerability in Sefrengo before 1.6.5 beta2. ...)
	NOT-FOR-US: Sefrengo
CVE-2015-5051 (IBM Maximo Asset Management 7.5 before 7.5.0.8 IF6 and 7.6 before ...)
	NOT-FOR-US: IBM
CVE-2015-5050 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
	NOT-FOR-US: IBM
CVE-2015-5049 (SQL injection vulnerability in the API in IBM OpenPages GRC Platform ...)
	NOT-FOR-US: IBM
CVE-2015-5048
	RESERVED
CVE-2015-5047
	RESERVED
CVE-2015-5046
	RESERVED
CVE-2015-5045 (The Administration and Reporting tool in IBM Rational License Key ...)
	NOT-FOR-US: IBM
CVE-2015-5044 (The Flow Collector in IBM Security QRadar QFLOW 7.1.x before 7.1 MR2 ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-5043 (diag in IBM Security Guardium 8.2 before p6015, 9.0 before p6015, 9.1, ...)
	NOT-FOR-US: IBM Security Guardium
CVE-2015-5042 (IBM Emptoris Contract Management 9.5.0.x before 9.5.0.6 iFix15, ...)
	NOT-FOR-US: IBM
CVE-2015-5041 (The J9 JVM in IBM SDK, Java Technology Edition 6 before SR16 FP20, 6 ...)
	NOT-FOR-US: IBM JDK
CVE-2015-5040 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
	NOT-FOR-US: IBM Domino
CVE-2015-5039 (The Remote Client and change management integrations in IBM Rational ...)
	NOT-FOR-US: IBM
CVE-2015-5038 (IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before ...)
	NOT-FOR-US: IBM
CVE-2015-5037 (Cross-site request forgery (CSRF) vulnerability in IBM Connections 3.x ...)
	NOT-FOR-US: IBM
CVE-2015-5036 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before ...)
	NOT-FOR-US: IBM
CVE-2015-5035 (Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before ...)
	NOT-FOR-US: IBM
CVE-2015-5034
	RESERVED
CVE-2015-5033
	RESERVED
CVE-2015-5032
	RESERVED
CVE-2015-5031
	RESERVED
CVE-2015-5030
	RESERVED
CVE-2015-5029
	RESERVED
CVE-2015-5028
	RESERVED
CVE-2015-5027
	RESERVED
CVE-2015-5026
	RESERVED
CVE-2015-5025
	RESERVED
CVE-2015-5024 (IBM Emptoris Sourcing 10.0.2.0 before iFix6, 10.0.2.2 before iFix11, ...)
	NOT-FOR-US: IBM
CVE-2015-5023 (SQL injection vulnerability in IBM Curam Social Program Management 6.1 ...)
	NOT-FOR-US: IBM
CVE-2015-5022 (IBM Multi-Enterprise Integration Gateway 1.x through 1.0.0.1 and B2B ...)
	NOT-FOR-US: IBM
CVE-2015-5021 (IBM InfoSphere Information Server 11.3 and 11.5 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-5020 (The Big SQL component in IBM InfoSphere BigInsights 3.0, 3.0.0.1, ...)
	NOT-FOR-US: IBM
CVE-2015-5019 (IBM Sterling Integrator 5.1 before 5010004_8 and Sterling B2B ...)
	NOT-FOR-US: IBM
CVE-2015-5018 (IBM Security Access Manager for Web 7.0.0 before FP19 and 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2015-5017 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-5016 (IBM Maximo Asset Management 7.1, 7.5, and 7.6; Maximo Asset Management ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2015-5015 (IBM WebSphere Commerce Enterprise 7.0.0.9 and 8.x before Feature Pack ...)
	NOT-FOR-US: IBM
CVE-2015-5014 (IBM Cognos Disclosure Management (CDM) 10.1.x and 10.2.x before 10.2.4 ...)
	NOT-FOR-US: IBM
CVE-2015-5013 (The IBM Security Access Manager appliance includes configuration files ...)
	NOT-FOR-US: IBM
CVE-2015-5012 (The SSH implementation on IBM Security Access Manager for Web ...)
	NOT-FOR-US: IBM
CVE-2015-5011 (IBM WebSphere Message Broker 8 before 8.0.0.6 and Integration Bus 9 ...)
	NOT-FOR-US: IBM
CVE-2015-5010 (IBM Security Access Manager for Web 7.0 before 7.0.0 IF21, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2015-5009 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-5008 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM
CVE-2015-5007 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-5006 (IBM Java Security Components in IBM SDK, Java Technology Edition 8 ...)
	NOT-FOR-US: IBM JDK
CVE-2015-5005 (CSPOC in IBM PowerHA SystemMirror on AIX 6.1 and 7.1 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-5004 (The Edge Component Caching Proxy in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM
CVE-2015-5003 (The portal in IBM Tivoli Monitoring (ITM) 6.2.2 through FP9, 6.2.3 ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2015-5002 (Cross-site scripting (XSS) vulnerability in IBM Host On-Demand 11.0 ...)
	NOT-FOR-US: IBM
CVE-2015-5001 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-5000
	RESERVED
CVE-2015-4999
	RESERVED
CVE-2015-4998 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-4997 (IBM WebSphere Portal 8.5.0 before CF08 allows remote attackers to ...)
	NOT-FOR-US: IBM
CVE-2015-4996 (IBM Rational ClearQuest 7.1.x and 8.0.0.x before 8.0.0.17 and 8.0.1.x ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2015-4995
	RESERVED
CVE-2015-4994 (Buffer overflow in IBM Domino 8.5.1 through 8.5.3 before 8.5.3 FP6 ...)
	NOT-FOR-US: IBM
CVE-2015-4993 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4992 (IBM Sterling B2B Integrator 5.2 before 5020500_8 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-4991 (IBM SPSS Modeler 14.2 through FP3 IF027, 15 through FP3 IF015, 16 ...)
	NOT-FOR-US: IBM
CVE-2015-4990 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8818, 8.8 ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4989 (The portal in IBM Tealeaf Customer Experience before 8.7.1.8814, 8.8 ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4988 (Directory traversal vulnerability in the replay server in IBM Tealeaf ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4987 (The search and replay servers in IBM Tealeaf Customer Experience 8.0 ...)
	NOT-FOR-US: IBM Tealeaf Customer Experience
CVE-2015-4986
	RESERVED
CVE-2015-4985
	RESERVED
CVE-2015-4984
	RESERVED
CVE-2015-4983
	RESERVED
CVE-2015-4982
	RESERVED
CVE-2015-4981 (IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-4980 (Unspecified vulnerability in IBM WebSphere Commerce 7.0.0.6 through ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4979
	RESERVED
CVE-2015-4978
	RESERVED
CVE-2015-4977
	RESERVED
CVE-2015-4976
	RESERVED
CVE-2015-4975
	RESERVED
CVE-2015-4974 (IBM General Parallel File System (GPFS) 3.5.x before 3.5.0.27 and ...)
	NOT-FOR-US: IBM
CVE-2015-4973 (Cross-site scripting (XSS) vulnerability in IBM Multi-Enterprise ...)
	NOT-FOR-US: IBM
CVE-2015-4972
	RESERVED
CVE-2015-4971 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Strategic ...)
	NOT-FOR-US: IBM
CVE-2015-4970
	RESERVED
CVE-2015-4969
	RESERVED
CVE-2015-4968
	RESERVED
CVE-2015-4967 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
	NOT-FOR-US: IBM
CVE-2015-4966 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.9 ...)
	NOT-FOR-US: IBM
CVE-2015-4965 (maximouiweb/webmodule/webclient/utility/merlin.jsp in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2015-4964 (IBM UrbanCode Deploy 6.0 and 6.0.1.x before 6.0.1.10, 6.1.1.x before ...)
	NOT-FOR-US: IBM
CVE-2015-4963 (IBM Security Access Manager for Web 7.x before 7.0.0.16 and 8.x before ...)
	NOT-FOR-US: IBM
CVE-2015-4962 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2015-4961 (IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x ...)
	NOT-FOR-US: IBM
CVE-2015-4960 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, ...)
	NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2015-4959 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2015-4958 (IBM InfoSphere Master Data Management - Collaborative Edition 9.1, ...)
	NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2015-4957 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Security ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-4956 (The Web UI in IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-4955 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM
CVE-2015-4954 (IBM BigFix Remote Control before Interim Fix pack ...)
	NOT-FOR-US: IBM
CVE-2015-4953 (IBM BigFix Remote Control before Interim Fix pack ...)
	NOT-FOR-US: IBM
CVE-2015-4952 (The on-demand plugin in IBM Endpoint Manager for Remote Control 9.0.1 ...)
	NOT-FOR-US: IBM
CVE-2015-4951 (Client Acceptor Daemon (CAD) in the client in IBM Spectrum Protect ...)
	NOT-FOR-US: IBM Spectrum Protect
CVE-2015-4950 (The mailbox-restore feature in IBM Tivoli Storage Manager for Mail: ...)
	NOT-FOR-US: IBM
CVE-2015-4949 (IBM Tivoli Storage Manager for Databases: Data Protection for ...)
	NOT-FOR-US: IBM
CVE-2015-4948 (netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre ...)
	NOT-FOR-US: IBM
CVE-2015-4947 (Stack-based buffer overflow in the Administration Server in IBM HTTP ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4946 (Rational LifeCycle Project Administration in Jazz Team Server in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-4945 (Unspecified vulnerability in the IBM Maximo Anywhere application 7.5.1 ...)
	NOT-FOR-US: IBM
CVE-2015-4944 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2015-4943 (IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4942 (IBM WebSphere MQ Light 1.x before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4941 (IBM WebSphere MQ Light 1.x before 1.0.2 mishandles abbreviated TLS ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4940 (Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x ...)
	NOT-FOR-US: IBM
CVE-2015-4939 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Supplier ...)
	NOT-FOR-US: IBM
CVE-2015-4938 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-4937
	RESERVED
CVE-2015-4936 (Unspecified vulnerability in IBM WebSphere eXtreme Scale 8.6 through ...)
	NOT-FOR-US: IBM
CVE-2015-4935 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-4934 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-4933 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-4932 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-4931 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-4930 (IBM QRadar SIEM 7.1 MR2 before Patch 11 IF02 and 7.2.x before 7.2.5 ...)
	NOT-FOR-US: IBM QRadar SIEM
CVE-2015-4929 (IBM License Metric Tool 9 before 9.2.1.0 and Endpoint Manager for ...)
	NOT-FOR-US: IBM
CVE-2015-4928 (Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-4927 (The Reporting and Monitoring component in Tivoli Monitoring in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-4926 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2015-4925 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4924 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4923 (Unspecified vulnerability in the XML Developer's Kit for C component ...)
	NOT-FOR-US: Oracle
CVE-2015-4922 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2015-4921 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4920 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle
CVE-2015-4919 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2015-4918
	REJECTED
CVE-2015-4917 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4916 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4915 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle
CVE-2015-4914 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4913 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4912 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4911 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4910 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4909 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4908 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4907 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4906 (Unspecified vulnerability in Oracle Java SE 8u60 and JavaFX 2.2.85 ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4905 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4904 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4903 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4902 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60 ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4901 (Unspecified vulnerability in Oracle Java SE 8u60 allows remote ...)
	- openjfx 8u91-b14-1 (bug #823622)
CVE-2015-4900 (Unspecified vulnerability in the XDB - XML Database component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4899 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-4898 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2015-4897
	REJECTED
CVE-2015-4896 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3384-1}
	- virtualbox 5.0.8-dfsg-1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
CVE-2015-4895 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier ...)
	{DSA-3385-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4894 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4893 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4892 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4891 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4890 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4889
	REJECTED
CVE-2015-4888 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2015-4887 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle
CVE-2015-4886 (Unspecified vulnerability in the Oracle Report Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4885 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-4884 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2015-4883 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4882 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4881 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4880 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4879 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4878 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-4877 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-4876 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-4875 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-4874 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-4873 (Unspecified vulnerability in the Database Scheduler component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4872 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4871 (Unspecified vulnerability in Oracle Java SE 7u85 allows remote ...)
	{DSA-3401-1}
	- openjdk-7 7u91-2.6.3-1
CVE-2015-4870 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4869 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4868 (Unspecified vulnerability in Oracle Java SE 8u60 and Java SE Embedded ...)
	- openjdk-8 8u66-b17-1
CVE-2015-4867 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4866 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 10.0.19-1
	[jessie] - mariadb-10.0 10.0.20-0+deb8u1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
	NOTE: MariaDB: fixed in 10.0.18
CVE-2015-4865 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2015-4864 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed>
	[jessie] - mysql-5.5 5.5.44-0+deb8u1
	[wheezy] - mysql-5.5 5.5.44-0+deb7u1
	[squeeze] - mysql-5.5 5.5.46-0+deb6u1
CVE-2015-4863 (Unspecified vulnerability in the Portable Clusterware component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4862 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4861 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4860 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4859 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-4858 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4857 (Unspecified vulnerability in the RDBMS component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2015-4856 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 5.0.0-dfsg-1
	[jessie] - virtualbox 4.3.30-dfsg-1+deb8u1
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
CVE-2015-4855
	REJECTED
CVE-2015-4854 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2015-4853
	REJECTED
CVE-2015-4852 (The WLS Security component in Oracle WebLogic Server 10.3.6.0, ...)
	NOT-FOR-US: Oracle
CVE-2015-4851 (Unspecified vulnerability in the Oracle iSupplier Portal component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4850 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle
CVE-2015-4849 (Unspecified vulnerability in the Oracle Payments component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4848 (Unspecified vulnerability in the Oracle Configurator component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4847 (Unspecified vulnerability in the Oracle Configurator component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4846 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2015-4845 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2015-4844 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3725-1 DSA-3465-1 DSA-3381-1 DLA-545-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
	- icu 57.1-1.1
	NOTE: http://bugs.icu-project.org/trac/ticket/12020
	NOTE: For ICU note that the original fix causes additional problems:
	NOTE: https://ssl.icu-project.org/trac/ticket/12020#comment:4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1298906#c1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1273318
	NOTE: see also CVE-2016-0494, introduced in through the fix for this CVE.
	NOTE: Upstream commit for OpenJDK: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/dbb4e2bdfa9e
CVE-2015-4843 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4842 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4841 (Unspecified vulnerability in the Siebel Core - Server Framework ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2015-4840 (Unspecified vulnerability in Oracle Java SE 7u85 and 8u60, and Java SE ...)
	{DSA-3381-1}
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4839 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle
CVE-2015-4838 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4837 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4836 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier, ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4835 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4834 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4833 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4832 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2015-4831 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4830 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4829
	REJECTED
CVE-2015-4828 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...)
	NOT-FOR-US: Oracle
CVE-2015-4827 (Unspecified vulnerability in the Oracle Retail Open Commerce Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-4826 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4825 (Unspecified vulnerability in the PeopleSoft Enterprise FIN Expenses ...)
	NOT-FOR-US: Oracle
CVE-2015-4824 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-4823 (Unspecified vulnerability in the Hyperion Installation Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-4822 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4821 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle
CVE-2015-4820 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4819 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier, ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-4817 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4816 (Unspecified vulnerability in Oracle MySQL Server 5.5.44 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 <not-affected> (Only affects MySQL 5.5)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.21-3
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4815 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4814
	REJECTED
CVE-2015-4813 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3384-1}
	- virtualbox 5.0.8-dfsg-1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <end-of-life> (No longer supported in Squeeze LTS)
CVE-2015-4812 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4811 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4810 (Unspecified vulnerability in Oracle Java SE 7u85 and 8u60 allows local ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4809 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4808 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4807 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	- mysql-5.6 <not-affected> (Only on Windows plattform)
	- mysql-5.5 <not-affected> (Only on Windows plattform)
	- mariadb-10.0 <not-affected> (Only on Windows plattform)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4806 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4805 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4804 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2015-4803 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60; ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4802 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4801 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4800 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4799 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-4798 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2015-4797 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2015-4796 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4795 (Unspecified vulnerability in the Oracle Utilities Work and Asset ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2015-4794 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4793 (Unspecified vulnerability in the Oracle Communications Convergence ...)
	NOT-FOR-US: Oracle Communications Applications
CVE-2015-4792 (Unspecified vulnerability in Oracle MySQL Server 5.5.45 and earlier ...)
	{DSA-3385-1 DSA-3377-1 DLA-359-1}
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <removed> (bug #802564)
	- mariadb-10.0 10.0.22-1 (bug #802874)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4791 (Unspecified vulnerability in Oracle MySQL Server 5.6.26 and earlier ...)
	- mysql-5.6 <not-affected> (Only on Windows plattform)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4790 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4789 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4788 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4787 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4786 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4785 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4784 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4783 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4782 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4781 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4780 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4779 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4778 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4777 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4776 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4775 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4774 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4773 (Unspecified vulnerability in the Hyperion Common Security component in ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2015-4772 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4771 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4770 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-4769 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4768 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracal Supply Chain
CVE-2015-4767 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4766 (Unspecified vulnerability in Oracle MySQL Server 5.6.25 and earlier ...)
	- mysql-5.6 5.6.27-1 (bug #802563)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4765 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle Applications Manager
CVE-2015-4764 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4763 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-4762 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2015-4761 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4760 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
	{DSA-3339-1 DSA-3323-1 DSA-3316-1 DLA-303-1 DLA-283-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	- icu 52.1-10
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4759 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4758 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4757 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier ...)
	{DSA-3311-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 5.5.43-0+deb8u1
	NOTE: mysql-5.5 5.5.43 was not uploaded to unstable, bug migrated to unstable due to upload to jessie-security
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	[wheezy] - mysql-5.5 5.5.43-0+deb7u1
	- mariadb-10.0 10.0.19-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4756 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4755 (Unspecified vulnerability in the RDBMS Security component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4754 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-4753 (Unspecified vulnerability in the RDBMS Support Tools component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4752 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-4751 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4750 (Unspecified vulnerability in the Oracle VM Server for SPARC component ...)
	NOT-FOR-US: Oracle VM Server
CVE-2015-4749 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-4748 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-4747 (Unspecified vulnerability in the Oracle Event Processing component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4746 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-4745 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4744 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-4743 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4742 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-4741 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4740 (Unspecified vulnerability in the RDBMS Partitioning component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-4739 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4738 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Candidate ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2015-4737 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier, ...)
	{DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 <not-affected>
	NOTE: Possibly related to https://github.com/mysql/mysql-server/commit/c655515d
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
	NOTE: https://lists.launchpad.net/maria-developers/msg08985.html
	NOTE: https://mariadb.atlassian.net/browse/MDEV-8269
	NOTE: Marked as not-affected for MariaDB since Oracle has given no evidence of
	NOTE: affecting MariaDB to their developers.
CVE-2015-4736 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4735 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2015-4734 (Unspecified vulnerability in Oracle Java SE 6u101, 7u85 and 8u60, and ...)
	{DSA-3465-1 DSA-3381-1 DLA-346-1}
	- openjdk-6 <removed>
	- openjdk-7 7u85-2.6.1-6
	- openjdk-8 8u66-b17-1
CVE-2015-4733 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4732 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4731 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; Java ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-4730 (Unspecified vulnerability in Oracle MySQL 5.6.20 and earlier allows ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
CVE-2015-4729 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-4728 (Unspecified vulnerability in the Oracle Sourcing component in Oracle ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-4727 (Unspecified vulnerability in Oracle Virtualization Sun Ray Software ...)
	NOT-FOR-US: Oracle Virtulization
CVE-2015-4726 (PHP remote file inclusion vulnerability in ajax/myajaxphp.php in ...)
	NOT-FOR-US: AudioShare
CVE-2015-4725 (Cross-site scripting (XSS) vulnerability in forgot.php in AudioShare ...)
	NOT-FOR-US: AudioShare
CVE-2015-4724 (SQL injection vulnerability in Concrete5 5.7.3.1. ...)
	NOT-FOR-US: Concrete5
CVE-2015-4723
	RESERVED
CVE-2015-4722
	RESERVED
CVE-2015-4721 (Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 ...)
	NOT-FOR-US: Concrete5
CVE-2015-4720
	REJECTED
CVE-2015-4719
	RESERVED
CVE-2015-4718 (The external SMB storage driver in ownCloud Server before 6.0.8, 7.0.x ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-008
	NOTE: https://github.com/owncloud/core/commit/200e9d949783efbd57f39acedebc03924c1dfff4
CVE-2015-4717 (The filename sanitization component in ownCloud Server before 6.0.8, ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-007
	NOTE: https://github.com/owncloud/core/commit/5fa749cd9656ca6eab30bac0ef4e7625b8a8be2e
CVE-2015-4716 (Directory traversal vulnerability in the routing component in ownCloud ...)
	{DSA-3373-1}
	- owncloud 7.0.6+dfsg-1 (unimportant)
	NOTE: Specific to installations on Windows
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-006
CVE-2015-4715 [Mounted Dropbox storage allows "Dropbox.com" to access any file]
	RESERVED
	- php-dropbox 1.0.0-4 (unimportant)
	[jessie] - php-dropbox 1.0.0-3+deb8u1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-005
	NOTE: Only relevant if server runs PHP below 5.6.0
CVE-2015-4714 (Cross-site scripting (XSS) vulnerability in the DreamBox DM500-S ...)
	NOT-FOR-US: DreamBox DM500-S
CVE-2015-4713 (SQL injection vulnerability in ApPHP Hotel Site 3.x.x allows remote ...)
	NOT-FOR-US: ApPHP Hotel Site
CVE-2015-4712
	RESERVED
CVE-2015-4711
	RESERVED
CVE-2015-4710
	RESERVED
CVE-2015-4709
	RESERVED
CVE-2015-4708
	RESERVED
CVE-2015-4705
	RESERVED
CVE-2015-4702
	RESERVED
CVE-2015-4701
	RESERVED
CVE-2015-4699 (Cross-site scripting (XSS) vulnerability in the Splash Portal in ...)
	NOT-FOR-US: Cloud4Wi
CVE-2015-4698
	RESERVED
CVE-2015-4697 (Cross-site request forgery (CSRF) vulnerability in Google Analyticator ...)
	NOT-FOR-US: WordPress plugin google-analyticator
CVE-2015-4694 (Directory traversal vulnerability in download.php in the Zip ...)
	NOT-FOR-US: Zip Attachments plugin for WordPress
CVE-2015-4693
	RESERVED
CVE-2015-4691
	RESERVED
CVE-2015-4690
	RESERVED
CVE-2015-4689 (Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allows ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-4688 (Ellucian (formerly SunGard) Banner Student 8.5.1.2 through 8.7 allow ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-4687 (Cross-site scripting (XSS) vulnerability in Ellucian (formerly ...)
	NOT-FOR-US: Ellucian (formerly SunGard) Banner Student
CVE-2015-4686
	RESERVED
CVE-2015-4685 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4684 (Multiple directory traversal vulnerabilities in Polycom RealPresence ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4683 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4682 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4681 (Polycom RealPresence Resource Manager (aka RPRM) before 8.4 allows ...)
	NOT-FOR-US: Polycom RealPresence Resource Manager
CVE-2015-4679 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Airties RT-210
CVE-2015-4678 (SQL injection vulnerability in Persian Car CMS 1.0 allows remote ...)
	NOT-FOR-US: Persian Car CMS
CVE-2015-4677 (Cross-site request forgery (CSRF) vulnerability in FiverrScript (aka ...)
	NOT-FOR-US: FiverrScript
CVE-2015-4676 (SQL injection vulnerability in ticket.php in TickFa 1.x allows remote ...)
	NOT-FOR-US: TickFa
CVE-2015-4675 (Buffer overflow in the Tiny SRP library (aka TinySRP) allows remote ...)
	NOT-FOR-US: Tiny SRP
CVE-2015-5070 (The (1) filesystem::get_wml_location function in filesystem.cpp and ...)
	{DLA-297-1}
	[experimental] - wesnoth-1.13 1:1.13.1-1
	- wesnoth-1.12 1:1.12.4-1
	- wesnoth-1.10 <removed>
	[jessie] - wesnoth-1.10 1:1.10.7-2+deb8u1
	[wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
	- wesnoth-1.8 <removed>
	NOTE: https://github.com/wesnoth/wesnoth/commit/b2738ffb2fdd2550ececb74f76f75583c43c8b59
CVE-2015-5069 (The (1) filesystem::get_wml_location function in filesystem.cpp and ...)
	{DLA-297-1}
	[experimental] - wesnoth-1.13 1:1.13.1-1
	- wesnoth-1.12 1:1.12.4-1
	- wesnoth-1.10 <removed>
	[jessie] - wesnoth-1.10 1:1.10.7-2+deb8u1
	[wheezy] - wesnoth-1.10 1:1.10.3-3+deb7u2
	- wesnoth-1.8 <removed>
	NOTE: https://github.com/wesnoth/wesnoth/commit/f8914468182e8d0a1551b430c0879ba236fe4d6d
CVE-2015-5059 (The &quot;Project Documentation&quot; feature in MantisBT 1.2.19 and earlier, ...)
	- mantis <removed>
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/f39cf525 (1.2.x)
	NOTE: https://mantisbt.org/bugs/view.php?id=19873
CVE-2015-5057 (Cross-site scripting (XSS) vulnerability exists in the Wordpress admin ...)
	NOT-FOR-US: WordPress plugin broken-link-checker
CVE-2015-4707 (Cross-site scripting (XSS) vulnerability in IPython before 3.2 allows ...)
	- ipython 2.4.1-1 (bug #789824)
	[jessie] - ipython <no-dsa> (Minor issue)
	[wheezy] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
	[squeeze] - ipython <not-affected> (Problematic code introduced in rel-2.0.0)
	NOTE: https://github.com/ipython/ipython/commit/1fcc9943c000ab553ebc029db99ecbd0536960d6
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/22/4
CVE-2015-4706 (Cross-site scripting (XSS) vulnerability in IPython 3.x before 3.2 ...)
	- ipython <not-affected> (Only affects 3.x)
CVE-2015-4704 (Directory traversal vulnerability in the Download Zip Attachments ...)
	NOT-FOR-US: WordPress plugin download-zip-attachments
CVE-2015-4703 (Absolute path traversal vulnerability in mysqldump_download.php in the ...)
	NOT-FOR-US: WordPress plugin wp-instance-rename
CVE-2015-4700 (The bpf_int_jit_compile function in arch/x86/net/bpf_jit_comp.c in the ...)
	{DSA-3329-1}
	- linux 4.0.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in v3.0-rc1)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f7352bf21f8fd7ba3e2fcef9488756f188e12be (v4.1-rc6)
	NOTE: Introduced in: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0a14842f5a3c0e88a1e59fac5c3025db39721f74 (v3.0-rc1)
CVE-2015-4696 (Use-after-free vulnerability in libwmf 0.2.8.4 allows remote attackers ...)
	{DSA-3302-1 DLA-257-1}
	- libwmf 0.2.8.4-10.4 (bug #784192)
CVE-2015-4695 (meta.h in libwmf 0.2.8.4 allows remote attackers to cause a denial of ...)
	{DSA-3302-1 DLA-257-1}
	- libwmf 0.2.8.4-10.4 (bug #784205)
CVE-2015-4680 (FreeRADIUS 2.2.x before 2.2.8 and 3.0.x before 3.0.9 does not properly ...)
	{DLA-977-1}
	- freeradius 2.2.8+dfsg-0.1 (bug #789623)
	[jessie] - freeradius <no-dsa> (Minor issue)
	[squeeze] - freeradius <no-dsa> (Minor issue)
	NOTE: Recommended configuration is to use self-signed CAs for EAP-TLS methods.
	NOTE: See raddb/certs/README
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/5e698b407dcac2bc45cf03484bac4398109d25c3 (v2.x.x branch)
	NOTE: http://www.ocert.org/advisories/ocert-2015-008.html
CVE-2015-4674 (The autoupdate implementation in TimeDoctor Pro 1.4.72.3 on Windows ...)
	NOT-FOR-US: TimeDoctor Pro
CVE-2015-4673 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket ...)
	NOT-FOR-US: ClipBucket
CVE-2015-4672
	RESERVED
CVE-2015-4671 (Cross-site scripting (XSS) vulnerability in OpenCart before 2.1.0.2 ...)
	NOT-FOR-US: OpenCart
CVE-2015-4670 (Directory traversal vulnerability in the AjaxFileUpload control in ...)
	NOT-FOR-US: AjaxControlToolkit
CVE-2015-4669 (The MySQL &quot;root&quot; user in Xsuite 2.3.0 and 2.4.3.0 does not have a ...)
	NOT-FOR-US: Xsuite
CVE-2015-4668 (Open redirect vulnerability in Xsuite 2.3.0 and 2.4.3.0 allows remote ...)
	NOT-FOR-US: Xsuite
CVE-2015-4667 (Multiple hardcoded credentials in Xsuite 2.3.0 and 2.4.3.0. ...)
	NOT-FOR-US: Xsuite
CVE-2015-4666 (Directory traversal vulnerability in opm/read_sessionlog.php in ...)
	NOT-FOR-US: Xceedium Xsuite
CVE-2015-4665 (Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium ...)
	NOT-FOR-US: Xceedium Xsuite
CVE-2015-4664
	RESERVED
CVE-2015-4663
	RESERVED
	- hhvm 3.11.0+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/e282a459188a472e177b45ad2d2989289294df74
CVE-2015-4662
	RESERVED
CVE-2015-4661 (Cross-site scripting (XSS) vulnerability in Symphony CMS 2.6.2 allows ...)
	NOT-FOR-US: Symphony CMS
CVE-2015-4660 (Cross-site scripting (XSS) vulnerability in Enhanced SQL Portal ...)
	NOT-FOR-US: Enhanced SQL Portal
CVE-2015-4659 (Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and ...)
	NOT-FOR-US: ClickHeat
CVE-2015-4658 (Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm ...)
	NOT-FOR-US: Milw0rm Clone Script
CVE-2015-4657 (Cross-site scripting (XSS) vulnerability in Mailbird 2.0.16.0 and ...)
	NOT-FOR-US: Mailbird
CVE-2015-4656 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo ...)
	NOT-FOR-US: Synology Photo Station
CVE-2015-4655 (Cross-site scripting (XSS) vulnerability in Synology DiskStation ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2015-4654 (SQL injection vulnerability in the EQ Event Calendar component for ...)
	NOT-FOR-US: EQ Event Calendar component for Joomla!
CVE-2015-4653
	RESERVED
CVE-2015-4650 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-4649 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-4648 (Stack-based buffer overflow in the Ipropsapi.ipropsapiCtrl.1 ActiveX ...)
	NOT-FOR-US: Pansonic Security API
CVE-2015-4647 (Multiple stack-based buffer overflows in Ipropsapi in Panasonic ...)
	NOT-FOR-US: Pansonic Security API
CVE-2015-4641 (Directory traversal vulnerability in the SwiftKey language-pack update ...)
	NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2015-4640 (The SwiftKey language-pack update implementation on Samsung Galaxy S4, ...)
	NOT-FOR-US: SwiftKey language-pack update implementation on Samsung devices
CVE-2012-6692 (Cross-site scripting (XSS) vulnerability in js/wp-seo-metabox.js in ...)
	NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-4652 (epan/dissectors/packet-gsm_a_dtap.c in the GSM DTAP dissector in ...)
	{DSA-3294-1}
	- wireshark 1.12.6+gee1fce6-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-20.html
CVE-2015-4651 (The dissect_wccp2r1_address_table_info function in ...)
	{DSA-3294-1}
	- wireshark 1.12.6+gee1fce6-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-19.html
CVE-2015-4646 ((1) unsquash-1.c, (2) unsquash-2.c, (3) unsquash-3.c, and (4) ...)
	- squashfs-tools 1:4.3-2 (bug #793468)
	[jessie] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
CVE-2015-4645 (Integer overflow in the read_fragment_table_4 function in unsquash-4.c ...)
	- squashfs-tools 1:4.3-2 (bug #793467)
	[jessie] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
CVE-2015-4642 (The escapeshellarg function in ext/standard/exec.c in PHP before ...)
	- php5 <not-affected> (Windows specific)
	NOTE: https://bugs.php.net/bug.php?id=69646
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=d2ac264ffea5ca2e85640b6736e0c7cd4ee9a4a9
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4643 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
	NOTE: https://bugs.php.net/bug.php?id=69545#1431550655
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0765623d6991b62ffcd93ddb6be8a5203a2fa7e2
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4644 (The php_pgsql_meta_data function in pgsql.c in the PostgreSQL (aka ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: Fixed in 5.6.10 / 5.5.26 / 5.4.42
	NOTE: https://bugs.php.net/bug.php?id=69667
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=2cc4e69cc6d8dbc4b3568ad3dd583324a7c11d64
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/18/3
CVE-2015-4639 (Multiple cross-site request forgery (CSRF) vulnerabilities in Koha ...)
	NOT-FOR-US: Koha
CVE-2015-4638 (The FastL4 virtual server in F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ...)
	NOT-FOR-US: FastL4
CVE-2015-4637 (The REST API in F5 BIG-IQ Cloud, Device, and Security 4.4.0 and 4.5.0 ...)
	NOT-FOR-US: BIG-IQ
CVE-2015-4636
	RESERVED
CVE-2015-4635
	RESERVED
CVE-2015-4634 (SQL injection vulnerability in graphs.php in Cacti before 0.8.8e ...)
	{DSA-3312-1 DLA-278-1}
	- cacti 0.8.8e+ds1-1
	NOTE: http://bugs.cacti.net/view.php?id=2577
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
CVE-2015-4633
	RESERVED
CVE-2015-4632
	RESERVED
CVE-2015-4631
	RESERVED
CVE-2015-4630
	RESERVED
CVE-2015-4629 (Huawei E5756S before V200R002B146D23SP00C00 allows remote attackers to ...)
	NOT-FOR-US: Huawei
CVE-2015-4628 (SQL injection vulnerability in ...)
	- limesurvey <itp> (bug #472802)
CVE-2015-4627 (SQL injection vulnerability in Pragyan CMS 3.0. ...)
	NOT-FOR-US: Pragyan CMS
CVE-2015-4626 (B.A.S C2Box before 4.0.0 (r19171) relies on client-side validation, ...)
	NOT-FOR-US: B.A.S C2Box
CVE-2015-4624 (Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens. ...)
	NOT-FOR-US: Hak5 WiFi Pineapple
CVE-2015-4623
	RESERVED
CVE-2015-4622
	RESERVED
CVE-2015-4621
	RESERVED
CVE-2015-4620 (name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and ...)
	{DSA-3304-1 DLA-270-1}
	- bind9 1:9.9.5.dfsg-10 (bug #791715)
	NOTE: https://kb.isc.org/article/AA-01267
CVE-2015-4619 (Cross-site request forgery (CSRF) vulnerability in Spina before commit ...)
	NOT-FOR-US: Spina CMS
CVE-2015-4618
	RESERVED
CVE-2015-4617
	RESERVED
	NOT-FOR-US: WordPress plugin easy2map-photos
CVE-2015-4616 (Directory traversal vulnerability in includes/MapPinImageSave.php in ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-4615
	RESERVED
	NOT-FOR-US: WordPress plugin easy2map-photos
CVE-2015-4614 (Multiple SQL injection vulnerabilities in includes/Function.php in the ...)
	NOT-FOR-US: Easy2Map plugin for WordPress
CVE-2015-4613 (SQL injection vulnerability in the backend module in the Developer Log ...)
	NOT-FOR-US: TYPO3 extension devlog
CVE-2015-4612 (SQL injection vulnerability in the &quot;FAQ - Frequently Asked Questions&quot; ...)
	NOT-FOR-US: TYPO3 extension js_faq
CVE-2015-4611 (SQL injection vulnerability in the Smoelenboek (ncgov_smoelenboek) ...)
	NOT-FOR-US: TYPO3 extension ncgov_smoelenboek
CVE-2015-4610 (SQL injection vulnerability in the Store Locator (locator) extension ...)
	NOT-FOR-US: TYPO3 extension locator
CVE-2015-4609 (SQL injection vulnerability in the wt_directory extension before 1.4.2 ...)
	NOT-FOR-US: TYPO3 extension wt_directory
CVE-2015-4608 (Cross-site scripting (XSS) vulnerability in the BE User Log ...)
	NOT-FOR-US: TYPO3 extension beko_beuserlog
CVE-2015-4607 (Unrestricted file upload vulnerability in the Frontend User Upload ...)
	NOT-FOR-US: TYPO3 extension feupload
CVE-2015-4606 (Unrestricted file upload vulnerability in the Job Fair (jobfair) ...)
	NOT-FOR-US: TYPO3 extension jobfair
CVE-2015-4597
	RESERVED
CVE-2015-4596 (Lenovo Mouse Suite before 6.73 allows local users to run arbitrary ...)
	NOT-FOR-US: Lenovo
CVE-2015-4595
	RESERVED
CVE-2015-4594 (eClinicalWorks Population Health (CCMR) suffers from a session ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4593 (eClinicalWorks Population Health (CCMR) suffers from a cross-site ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4592 (eClinicalWorks Population Health (CCMR) suffers from an SQL injection ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4591 (eClinicalWorks Population Health (CCMR) suffers from a cross site ...)
	NOT-FOR-US: eClinicalWorks Population Health
CVE-2015-4590 (The extractFrom function in Internals/QuotedString.cpp in Arduino JSON ...)
	NOT-FOR-US: Arduino JSON
CVE-2015-4589
	RESERVED
CVE-2015-4587 (Cross-site scripting (XSS) vulnerability in the Alcatel-Lucent ...)
	NOT-FOR-US: Alcatel-Lucent CellPipe 7130 router
CVE-2015-4586 (Cross-site request forgery (CSRF) vulnerability in Alcatel-Lucent ...)
	NOT-FOR-US: Alcatel-Lucent CellPipe 7130 RG 5Ae.M2013 HOL
CVE-2015-4585
	RESERVED
CVE-2015-4584
	RESERVED
CVE-2015-4583
	RESERVED
CVE-2015-4582
	RESERVED
CVE-2015-4581
	RESERVED
CVE-2015-4580
	RESERVED
CVE-2015-4579
	RESERVED
CVE-2015-4578
	RESERVED
CVE-2015-4577
	RESERVED
CVE-2015-4576
	RESERVED
CVE-2015-4575
	RESERVED
CVE-2015-4574
	RESERVED
CVE-2015-4573
	RESERVED
CVE-2015-4572
	RESERVED
CVE-2015-4571
	RESERVED
CVE-2015-4570
	RESERVED
CVE-2015-4569
	RESERVED
CVE-2015-4568
	RESERVED
CVE-2015-4567
	RESERVED
CVE-2015-4566
	RESERVED
CVE-2015-4565
	RESERVED
CVE-2015-4564
	RESERVED
CVE-2015-4563
	RESERVED
CVE-2015-4562
	RESERVED
CVE-2015-4561
	RESERVED
CVE-2015-4560
	RESERVED
CVE-2015-4559 (Cross-site scripting (XSS) vulnerability in the product deployment ...)
	NOT-FOR-US: Intel McAfee ePolicy Orchestrator
CVE-2015-4558
	RESERVED
CVE-2015-4557 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: WordPress plugin nextend-twitter-connect
CVE-2015-4555 (Buffer overflow in the HTTP administrative interface in TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2015-4554 (Multiple unspecified vulnerabilities in TIBCO Spotfire Client and ...)
	NOT-FOR-US: TIBCO
CVE-2015-4553
	RESERVED
CVE-2015-4552 (Cross-site scripting (XSS) vulnerability in the quick edit function in ...)
	NOT-FOR-US: MyBB
CVE-2015-4551 (LibreOffice before 4.4.5 and Apache OpenOffice before 4.1.2 uses the ...)
	{DSA-3394-1}
	- libreoffice 1:5.0.1~rc1-1
	NOTE: https://www.libreoffice.org/about-us/security/advisories/cve-2015-4551/
CVE-2015-4550 (The Cavium cryptographic-module firmware on Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2015-4549
	RESERVED
CVE-2015-4548 (EMC RSA Web Threat Detection before 5.1 SP1 allows local users to ...)
	NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2015-4547 (EMC RSA Web Threat Detection before 5.1 SP1 stores a cleartext AnnoDB ...)
	NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2015-4546 (Directory traversal vulnerability in EMC RSA OneStep 6.9 before build ...)
	NOT-FOR-US: EMC RSA OneStep
CVE-2015-4545 (EMC Isilon OneFS 7.1 before 7.1.1.8, 7.2.0 before 7.2.0.4, and 7.2.1 ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2015-4544 (EMC Documentum Content Server before 7.1P20 and 7.2.x before 7.2P04 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4543 (EMC RSA Archer GRC 5.x before 5.5.3 uses cleartext for stored ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4542 (EMC RSA Archer GRC 5.x before 5.5.3 allows remote authenticated users ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4541 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2015-4540 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
	NOT-FOR-US: EMC RSA
CVE-2015-4539 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
	NOT-FOR-US: EMC RSA
CVE-2015-4538 (The XML parser in EMC Atmos before 2.2.3.426 and 2.3.x before 2.3.1.0 ...)
	NOT-FOR-US: EMC Atmos
CVE-2015-4537 (Lockbox in EMC Documentum D2 before 4.5 uses a hardcoded passphrase ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-4536 (EMC Documentum Content Server before 7.0 P20, 7.1 before P18, and 7.2 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4535 (Java Method Server (JMS) in EMC Documentum Content Server before ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4534 (Java Method Server (JMS) in EMC Documentum Content Server before ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4533 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4532 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4531 (EMC Documentum Content Server before 6.7SP1 P32, 6.7SP2 before P25, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4530 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2015-4529 (Open redirect vulnerability in EMC Documentum WebTop before 6.8P02, ...)
	NOT-FOR-US: EMC Documentum WebTop
CVE-2015-4528 (Cross-site scripting (XSS) vulnerability in EMC Documentum CenterStage ...)
	NOT-FOR-US: EMC Documentum CenterStage
CVE-2015-4527 (Directory traversal vulnerability in EMC Avamar Server 7.x before ...)
	NOT-FOR-US: EMC Avamar
CVE-2015-4526 (EMC RecoverPoint for Virtual Machines (VMs) 4.2 allows local users to ...)
	NOT-FOR-US: EMC RecoverPoint
CVE-2015-4525 (The log-gather implementation in the web administration interface in ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2015-4524 (Unrestricted file upload vulnerability in EMC Documentum WebTop 6.7SP1 ...)
	NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-4523 (Blue Coat Malware Analysis Appliance (MAA) before 4.2.5 and Malware ...)
	NOT-FOR-US: Blue Coat
CVE-2015-4522 (The nsUnicodeToUTF8::GetMaxLength function in Mozilla Firefox before ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-4521 (The ConvertDialogOptions function in Mozilla Firefox before 41.0 and ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-4520 (Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-111/
CVE-2015-4519 (Mozilla Firefox before 41.0 and Firefox ESR 38.x before 38.3 allow ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-110/
CVE-2015-4518 (The Reader View implementation in Mozilla Firefox before 42.0 has an ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-118/
CVE-2015-4517 (NetworkUtils.cpp in Mozilla Firefox before 41.0 and Firefox ESR 38.x ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-112/
CVE-2015-4516 (Mozilla Firefox before 41.0 allows remote attackers to bypass certain ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-109/
CVE-2015-4515 (Mozilla Firefox before 42.0, when NTLM v1 is enabled for HTTP ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-117/
CVE-2015-4514 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (ESR38 series not affected)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
CVE-2015-4513 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3410-1 DSA-3393-1}
	- iceweasel 38.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-116/
CVE-2015-4512 (gfx/2d/DataSurfaceHelpers.cpp in Mozilla Firefox before 41.0 on Linux ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-107/
CVE-2015-4511 (Heap-based buffer overflow in the nestegg_track_codec_data function in ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-105/
CVE-2015-4510 (Race condition in the WorkerPrivate::NotifyFeatures function in ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-104/
CVE-2015-4509 (Use-after-free vulnerability in the HTMLVideoElement interface in ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-106/
CVE-2015-4508 (Mozilla Firefox before 41.0, when reader mode is enabled, allows ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-103/
CVE-2015-4507 (The SavedStacks class in the JavaScript implementation in Mozilla ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-102/
CVE-2015-4506 (Buffer overflow in the vp9_init_context_buffers function in libvpx, as ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- libvpx 1.4.0-4 (unimportant)
	[squeeze] - libvpx <not-affected> (no vp9 support in this version)
	[wheezy] - libvpx <not-affected> (no vp9 support in this version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-101/
	NOTE: this is a duplicate of CVE-2015-1258, libvpx in google chrome
CVE-2015-4505 (updater.exe in Mozilla Firefox before 41.0 and Firefox ESR 38.x before ...)
	- iceweasel <not-affected> (Windows-specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-100/
CVE-2015-4504 (The lut_inverse_interp16 function in the QCMS library in Mozilla ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-98/
CVE-2015-4503 (The TCP Socket API implementation in Mozilla Firefox before 41.0 ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-97/
CVE-2015-4502 (js/src/proxy/Proxy.cpp in Mozilla Firefox before 41.0 mishandles ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-108/
CVE-2015-4501 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Affects only 40.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
CVE-2015-4500 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3365-1}
	- iceweasel 38.3.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-96/
CVE-2015-4499 (Util.pm in Bugzilla 2.x, 3.x, and 4.x before 4.2.15, 4.3.x and 4.4.x ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-4498 (The add-on installation feature in Mozilla Firefox before 40.0.3 and ...)
	{DSA-3345-1}
	- iceweasel 38.2.1esr-1
	[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-95
CVE-2015-4497 (Use-after-free vulnerability in the CanvasRenderingContext2D ...)
	{DSA-3345-1}
	- iceweasel 38.2.1esr-1
	[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-94/
CVE-2015-4496 (Multiple integer overflows in libstagefright in Mozilla Firefox before ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel 38.2.0esr-1~deb8u1
	[wheezy] - iceweasel 38.2.0esr-1~deb7u1
	[squeeze] - iceweasel <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-93/
CVE-2015-4495 (The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x ...)
	- iceweasel 38.1.1esr-1
	[jessie] - iceweasel <not-affected> (Only affects 38.x ESR and 39)
	[wheezy] - iceweasel <not-affected> (Only affects 38.x ESR and 39)
	[squeeze] - iceweasel <not-affected> (Only affects 38.x ESR and 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
	- pdf.js 1.1.366+dfsg-1
	[jessie] - pdf.js 1.0.907+dfsg-1+deb8u1
	NOTE: for jessie: xul-ext-pdf.js binary package build was removed
	NOTE: https://github.com/mozilla/pdf.js/commit/0b5330781c367fcbc997947adbf2bdcdf71f61bc
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1179262
CVE-2015-4494 (Mozilla Firefox OS before 2.2 does not require the wifi-manage ...)
	NOT-FOR-US: Firefox OS
CVE-2015-4493 (Heap-based buffer overflow in the stagefright::ESDS::parseESDescriptor ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4492 (Use-after-free vulnerability in the XMLHttpRequest::Open ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-92/
CVE-2015-4491 (Integer overflow in the make_filter_table function in pixops/pixops.c ...)
	{DSA-3337-2 DSA-3337-1 DLA-434-1}
	- gdk-pixbuf 2.31.7-1
	- gtk+2.0 2.21.5-1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=752297
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86ed5010c5a2be14f47b33bcf4ed3169a199
	NOTE: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=8dba67cb4f38d62a47757741ad41e3f245b4a32a
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/17/17
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
	NOTE: gtk+2.0 2.21.5-1 removed the embedded copy of gdk-pixbuf and build-depends on external gdk-pixbuf
CVE-2015-4490 (The nsCSPHostSrc::permits function in dom/security/nsCSPUtils.cpp in ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-91
CVE-2015-4489 (The nsTArray_Impl class in Mozilla Firefox before 40.0, Firefox ESR ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4488 (Use-after-free vulnerability in the StyleAnimationValue class in ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4487 (The nsTSubstring::ReplacePrep function in Mozilla Firefox before 40.0, ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-90/
CVE-2015-4486 (The decrease_ref_count function in libvpx in Mozilla Firefox before ...)
	- libvpx 1.4.0-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	[squeeze] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1177948 is restricted
CVE-2015-4485 (Heap-based buffer overflow in the resize_context_buffers function in ...)
	- libvpx 1.4.0-1
	[jessie] - libvpx <not-affected> (Vulnerable code not present)
	[wheezy] - libvpx <not-affected> (Vulnerable code not present)
	[squeeze] - libvpx <not-affected> (Vulnerable code not present)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-89/
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1178148 is restricted
CVE-2015-4484 (The js::jit::AssemblerX86Shared::lock_addl function in the JavaScript ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-87/
CVE-2015-4483 (Mozilla Firefox before 40.0 allows man-in-the-middle attackers to ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-86/
CVE-2015-4482 (mar_read.c in the Updater in Mozilla Firefox before 40.0 and Firefox ...)
	- iceweasel <not-affected> (Updater not used in Debian)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-85/
CVE-2015-4481 (Race condition in the Mozilla Maintenance Service in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-84/
CVE-2015-4480 (Integer overflow in the stagefright::SampleTable::isValid function in ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4479 (Multiple integer overflows in libstagefright in Mozilla Firefox before ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-83/
CVE-2015-4478 (Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 do not ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-82/
CVE-2015-4477 (Use-after-free vulnerability in the MediaStream playback feature in ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-81/
CVE-2015-4476 (Mozilla Firefox before 41.0 on Android allows user-assisted remote ...)
	- iceweasel <not-affected> (Affects only Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-99/
CVE-2015-4475 (The mozilla::AudioSink function in Mozilla Firefox before 40.0 and ...)
	{DSA-3333-1}
	- iceweasel 38.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-80/
CVE-2015-4474 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 39)
	- icedove <not-affected> (Only affects Firefox 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
CVE-2015-4473 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3410-1 DSA-3333-1}
	- iceweasel 38.2.0esr-1
	- icedove 38.3.0-1
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-79/
CVE-2015-4466
	RESERVED
CVE-2015-4465 (Cross-site scripting (XSS) vulnerability in the zM Ajax Login &amp; ...)
	NOT-FOR-US: WordPress plugin zM Ajax Login & Register
CVE-2015-4464 (Kguard Digital Video Recorder 104, 108, v2 does not have any ...)
	NOT-FOR-US: Kguard Digital Video Recorder
CVE-2015-4463 (The file_manager component in eFront CMS before 3.6.15.5 allows remote ...)
	NOT-FOR-US: eFront CMS
CVE-2015-4462 (Absolute path traversal vulnerability in the file_manager component of ...)
	NOT-FOR-US: eFront CMS
CVE-2015-4461 (Absolute path traversal vulnerability in eFront CMS 3.6.15.4 and ...)
	NOT-FOR-US: eFront CMS
CVE-2015-4460 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: C2Box
CVE-2015-4459
	RESERVED
CVE-2015-4458 (The TLS implementation in the Cavium cryptographic-module firmware, as ...)
	NOT-FOR-US: Cisco
CVE-2014-9733 (nw.js before 0.11.5 can simulate user input events in a normal frame, ...)
	NOT-FOR-US: nw.js
CVE-2015-4603 (The exception::getTraceAsString function in Zend/zend_exceptions.c in ...)
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69152 [2015-03-03 04:30 UTC]
CVE-2015-4602 (The __PHP_Incomplete_Class function in ext/standard/incomplete_class.c ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=fb83c76deec58f1fab17c350f04c9f042e5977d1
	NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4601 (PHP before 5.6.7 might allow remote attackers to cause a denial of ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
	NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4600 (The SoapClient implementation in PHP before 5.4.40, 5.5.x before ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=0c136a2abd49298b66acb0cad504f0f972f5bfe8
	NOTE: https://bugs.php.net/bug.php?id=69152
CVE-2015-4599 (The SoapFault::__toString method in ext/soap/soap.c in PHP before ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69152
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=51856a76f87ecb24fe1385342be43610fb6c86e4
CVE-2015-4598 (PHP before 5.4.42, 5.5.x before 5.5.26, and 5.6.x before 5.6.10 does ...)
	{DSA-3344-1 DLA-307-1}
	- php5 5.6.11+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69719
	NOTE: Fixed in 5.6.10 and 5.4.42 upstream
CVE-2015-4588 (Heap-based buffer overflow in the DecodeImage function in libwmf ...)
	{DSA-3302-1 DLA-253-1}
	- libwmf 0.2.8.4-10.4 (bug #787644)
CVE-2015-4556 (The string-translate* procedure in the data-structures unit in CHICKEN ...)
	- chicken 4.10.0-1 (bug #788833)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/15/1
CVE-2015-2967 (Cross-site scripting (XSS) vulnerability in settings.php in Cacti ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	[squeeze] - cacti 0.8.7g-1+squeeze6
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7718
	NOTE: http://jvn.jp/en/jp/JVN78187936/
	NOTE: Fixed upstream in 0.8.8d
CVE-2015-4457
	RESERVED
CVE-2015-4456 (ownCloud Desktop Client before 1.8.2 does not call ...)
	{DSA-3363-1}
	- owncloud-client 1.8.4+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-009
CVE-2015-4455 (Unrestricted file upload vulnerability in includes/upload.php in the ...)
	NOT-FOR-US: WordPress plugin aviary-image-editor-add-on-for-gravity-forms
CVE-2015-4454 (SQL injection vulnerability in the get_hash_graph_template function in ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7720
	NOTE: http://bugs.cacti.net/view.php?id=2572
	NOTE: Fixed upstream in 0.8.8d
CVE-2015-4453 (interface/globals.php in OpenEMR 2.x, 3.x, and 4.x before 4.2.0 patch ...)
	NOT-FOR-US: OpenEMR
CVE-2015-4452 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4451 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4450 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4449 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4448 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4447 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4446 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4445 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4444 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4443 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4442
	REJECTED
CVE-2015-4441 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4440
	REJECTED
CVE-2015-4439
	REJECTED
CVE-2015-4438 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4437
	REJECTED
CVE-2015-4436
	REJECTED
CVE-2015-4435 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-4434
	REJECTED
CVE-2015-4433 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4432 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4431 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4430 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4429 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4428 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-4427 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Ektron CMS
CVE-2015-4426 (SQL injection vulnerability in pimcore before build 3473 allows remote ...)
	NOT-FOR-US: pimcore
CVE-2015-4425 (Directory traversal vulnerability in pimcore before build 3473 allows ...)
	NOT-FOR-US: pimcore
CVE-2015-4424
	RESERVED
CVE-2015-4423
	RESERVED
CVE-2015-4422 (The TEEOS module in Huawei Mate 7 (Mate7-TL10) smartphones before ...)
	NOT-FOR-US: TEEOS module in Huawei Mate 7
CVE-2015-4421 (The tzdriver module in Huawei Mate 7 (Mate7-TL10) smartphones before ...)
	NOT-FOR-US: tzdriver module in Huawei Mate 7
CVE-2015-4420 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 ...)
	NOT-FOR-US: Opsview
CVE-2015-4419
	RESERVED
CVE-2015-4418 (Zoho NetFlow Analyzer build 10250 and earlier does not have an off ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-4417
	RESERVED
CVE-2015-4416
	RESERVED
CVE-2015-4415 (Multiple directory traversal vulnerabilities in func.php in Magnifica ...)
	NOT-FOR-US: Magnifica Webscripts Anima Gallery
CVE-2015-4414 (Directory traversal vulnerability in download_audio.php in the SE ...)
	NOT-FOR-US: WordPress plugin se-html5-album-audio-player
CVE-2015-4413 (Cross-site scripting (XSS) vulnerability in the new_fb_sign_button ...)
	NOT-FOR-US: WordPress plugin nextend-facebook-connect
CVE-2015-4409 (Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 ...)
	NOT-FOR-US: Hikvision
CVE-2015-4408 (Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 ...)
	NOT-FOR-US: Hikvision
CVE-2015-4407 (Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 ...)
	NOT-FOR-US: Hikvision
CVE-2015-4406
	RESERVED
CVE-2015-4405
	RESERVED
CVE-2015-4404
	RESERVED
CVE-2015-4403
	RESERVED
CVE-2015-4402
	RESERVED
CVE-2015-4401
	RESERVED
CVE-2015-4400 (Ring (formerly DoorBot) video doorbells allow remote attackers to ...)
	NOT-FOR-US: Ring video doorbells
CVE-2015-4399
	RESERVED
CVE-2015-4398 (Open redirect vulnerability in the Chaos tool suite (ctools) module ...)
	NOT-FOR-US: Drupal module Chaos tool suite
CVE-2015-4397 (Cross-site request forgery (CSRF) vulnerability in the Node Template ...)
	NOT-FOR-US: Drupal module Node Template
CVE-2015-4396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal module Keyword Research
CVE-2015-4395 (The HybridAuth Social Login module 7.x-2.x before 7.x-2.10 for Drupal ...)
	NOT-FOR-US: Drupal module HybridAuth Social Login
CVE-2015-4394 (The Services module 7.x-3.x before 7.x-3.12 for Drupal allows remote ...)
	NOT-FOR-US: Drupal module Services
CVE-2015-4393 (The resource/endpoint for uploading files in the Services module ...)
	NOT-FOR-US: Drupal module Services
CVE-2015-4392 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...)
	NOT-FOR-US: Drupal module Display Suite
CVE-2015-4391 (Cross-site request forgery (CSRF) vulnerability in the CiviCRM private ...)
	NOT-FOR-US: Drupal module CiviCRM
CVE-2015-4390 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
	NOT-FOR-US: Drupal module User Import
CVE-2015-4389 (The Open Graph Importer (og_tag_importer) 7.x-1.x for Drupal does not ...)
	NOT-FOR-US: Drupal module Open Graph Importer
CVE-2015-4388 (Cross-site scripting (XSS) vulnerability in the Current Search Links ...)
	NOT-FOR-US: Drupal module Current Search Links
CVE-2015-4387 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Password Policy
CVE-2015-4386 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: Drupal module EntityBulkDelete
CVE-2015-4385 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Imagefield Info
CVE-2015-4384 (Cross-site scripting (XSS) vulnerability in the Ubercart Webform ...)
	NOT-FOR-US: Drupal module Ubercart Webform Checkout Pane
CVE-2015-4383 (Cross-site request forgery (CSRF) vulnerability in the Decisions ...)
	NOT-FOR-US: Drupal module Decisions
CVE-2015-4382 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal module Invoice
CVE-2015-4381 (Cross-site scripting (XSS) vulnerability in the Invoice module 6.x-1.x ...)
	NOT-FOR-US: Drupal module Invoice
CVE-2015-4380 (Cross-site scripting (XSS) vulnerability in the Linear Case module ...)
	NOT-FOR-US: Drupal module Linear Case
CVE-2015-4379 (Cross-site request forgery (CSRF) vulnerability in the Webform ...)
	NOT-FOR-US: Drupal module Webform Multiple File Upload
CVE-2015-4378 (Cross-site scripting (XSS) vulnerability in the Crumbs module 7.x-2.x ...)
	NOT-FOR-US: Drupal module Crumbs
CVE-2015-4377 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Petition
CVE-2015-4376 (Cross-site scripting (XSS) vulnerability in the Profile2 Privacy ...)
	NOT-FOR-US: Drupal module Profile2 Privacy
CVE-2015-4375 (The Chaos tool suite (ctools) module 7.x-1.x before 7.x-1.7 for Drupal ...)
	NOT-FOR-US: Drupal module Chaos tool suite
CVE-2015-4374 (Cross-site scripting (XSS) vulnerability in the Webform module before ...)
	NOT-FOR-US: Webform module for Drupal
CVE-2015-4373 (Cross-site scripting (XSS) vulnerability in the OG tabs module before ...)
	NOT-FOR-US: Drupal module OG tabs
CVE-2015-4372 (Cross-site scripting (XSS) vulnerability in the Image Title module ...)
	NOT-FOR-US: Drupal module Image Title
CVE-2015-4371 (Open redirect vulnerability in the Perfecto module before 7.x-1.2 for ...)
	NOT-FOR-US: Drupal module Perfecto
CVE-2015-4370 (Cross-site scripting (XSS) vulnerability in the Site Documentation ...)
	NOT-FOR-US: Drupal module Site Documentation
CVE-2015-4369 (Cross-site scripting (XSS) vulnerability in the Trick Question module ...)
	NOT-FOR-US: Drupal module Trick Question
CVE-2015-4368 (The Commerce Ogone module 7.x-1.x before 7.x-1.5 for Drupal allows ...)
	NOT-FOR-US: Drupal module Commerce Ogone
CVE-2015-4367 (Cross-site scripting (XSS) vulnerability in the Simple Subscription ...)
	NOT-FOR-US: Drupal module Simple Subscription
CVE-2015-4366 (Cross-site scripting (XSS) vulnerability in the Mover module 6.x-1.0 ...)
	NOT-FOR-US: Drupal module Mover
CVE-2015-4365 (Cross-site scripting (XSS) vulnerability in the Taxonomy Accordion ...)
	NOT-FOR-US: Drupal module Taxonomy Accordion
CVE-2015-4364 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Drupal module Campaign Monitor
CVE-2015-4363 (Open redirect vulnerability in the finder_form_goto function in the ...)
	NOT-FOR-US: Drupal module Finder
CVE-2015-4362 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Drupal module Tracking Code
CVE-2015-4361 (Cross-site request forgery (CSRF) vulnerability in the Registration ...)
	NOT-FOR-US: Drupal Module Registration codes
CVE-2015-4360 (Cross-site request forgery (CSRF) vulnerability in the Registration ...)
	NOT-FOR-US: Drupal Module Registration codes
CVE-2015-4359 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Drupal Module Registration codes
CVE-2015-4358 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Drupal module Ubercart Display Coupons
CVE-2015-4357 (Cross-site scripting (XSS) vulnerability in the Webform module before ...)
	NOT-FOR-US: Drupal module Webform
CVE-2015-4356 (Cross-site scripting (XSS) vulnerability in the view-based webform ...)
	NOT-FOR-US: Drupal module Webform
CVE-2015-4355 (Cross-site request forgery (CSRF) vulnerability in the Watchdog ...)
	NOT-FOR-US: Drupal module Watchdog Aggregator
CVE-2015-4354 (Cross-site scripting (XSS) vulnerability in the Ubercart Webform ...)
	NOT-FOR-US: Drupal module Ubercart Webform Integration
CVE-2015-4353 (Cross-site request forgery (CSRF) vulnerability in the Custom Sitemap ...)
	NOT-FOR-US: Drupal module Custom Sitemap
CVE-2015-4352 (Cross-site request forgery (CSRF) vulnerability in the Spider Video ...)
	NOT-FOR-US: Drupal module Spider Video Player
CVE-2015-4351 (The Spider Video Player module for Drupal allows remote authenticated ...)
	NOT-FOR-US: Drupal module Spider Video Player
CVE-2015-4350 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal Module Spider Catalog
CVE-2015-4349 (Cross-site request forgery (CSRF) vulnerability in the Spider Contacts ...)
	NOT-FOR-US: Drupal Module Spider Catalog
CVE-2015-4348 (SQL injection vulnerability in the Spider Contacts module for Drupal ...)
	NOT-FOR-US: Drupal module Spider Contacts
CVE-2015-4347 (Cross-site scripting (XSS) vulnerability in the inLinks Integration ...)
	NOT-FOR-US: Drupal module inLinks Integration
CVE-2015-4346 (Cross-site scripting (XSS) vulnerability in the SMS Framework module ...)
	NOT-FOR-US: Drupal module SMS Framework
CVE-2015-4345 (The RESTWS Basic Auth submodule in the RESTful Web Services module ...)
	NOT-FOR-US: Drupal module RESTful Web Services
CVE-2015-4344 (The Services Basic Authentication module 7.x-1.x through 7.x-1.3 for ...)
	NOT-FOR-US: Drupal module Services Basic Authentication
CVE-2015-4343
	RESERVED
CVE-2015-4342 (SQL injection vulnerability in Cacti before 0.8.8d allows remote ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	NOTE: Original report: http://seclists.org/fulldisclosure/2015/Jun/19
	NOTE: Upstream bug: http://bugs.cacti.net/view.php?id=2571 (not yet accessible)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7719
	NOTE: Fixed upstream in 0.8.8d
CVE-2015-4341
	RESERVED
CVE-2015-4340
	RESERVED
CVE-2015-4339
	RESERVED
CVE-2015-4334 (The default configuration of SGOS in Blue Coat ProxySG before ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2015-4333
	RESERVED
CVE-2015-4332
	RESERVED
CVE-2015-4331 (Cisco Prime Infrastructure (PI) 1.4(0.45) and earlier, when AAA ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2015-4330 (A local file script in Cisco TelePresence Video Communication Server ...)
	NOT-FOR-US: Cisco
CVE-2015-4329 (The administrator web interface in Cisco TelePresence Video ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4328 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4327 (The CLI in Cisco TelePresence Video Communication Server (VCS) ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4326
	RESERVED
CVE-2015-4325 (The process-management implementation in Cisco TelePresence Video ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-4324 (Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware ...)
	NOT-FOR-US: Cisco
CVE-2015-4323 (Buffer overflow in Cisco NX-OS on Nexus 1000V devices for VMware ...)
	NOT-FOR-US: Cisco
CVE-2015-4322 (Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, ...)
	NOT-FOR-US: Cisco
CVE-2015-4321 (The Unicast Reverse Path Forwarding (uRPF) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-4320 (The Configuration Log File component in Cisco TelePresence Video ...)
	NOT-FOR-US: Cisco
CVE-2015-4319 (The password-change feature in the administrative web interface in ...)
	NOT-FOR-US: Cisco
CVE-2015-4318 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
	NOT-FOR-US: Cisco
CVE-2015-4317 (Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 ...)
	NOT-FOR-US: Cisco
CVE-2015-4316 (The Mobile and Remote Access (MRA) endpoint-validation feature in ...)
	NOT-FOR-US: Cisco
CVE-2015-4315 (The Call Policy Configuration page in Cisco TelePresence Video ...)
	NOT-FOR-US: Cisco
CVE-2015-4314 (The System Snapshot feature in Cisco TelePresence Video Communication ...)
	NOT-FOR-US: Cisco
CVE-2015-4313
	RESERVED
CVE-2015-4312
	RESERVED
CVE-2015-4311
	RESERVED
CVE-2015-4310 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse ...)
	NOT-FOR-US: Cisco
CVE-2015-4309
	RESERVED
CVE-2015-4308 (The webGUI configuration-export feature in Cisco Edge Bluebird ...)
	NOT-FOR-US: Cisco
CVE-2015-4307 (The web framework in Cisco Prime Collaboration Provisioning before ...)
	NOT-FOR-US: Cisco Prime Collaboration Provisioning
CVE-2015-4306 (The web framework in Cisco Prime Collaboration Assurance before ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4305 (The web framework in Cisco Prime Collaboration Assurance before ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4304 (The web framework in Cisco Prime Collaboration Assurance before ...)
	NOT-FOR-US: Cisco Prime Collaboration Assurance
CVE-2015-4303 (Cisco TelePresence Video Communication Server (VCS) X8.5.2 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-4302 (The web interface in Cisco FireSIGHT Management Center 5.3.1.4 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-4301 (Cisco NX-OS on Nexus 9000 devices 11.1(1c) allows remote authenticated ...)
	NOT-FOR-US: Cisco
CVE-2015-4300
	REJECTED
CVE-2015-4299 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) improperly ...)
	NOT-FOR-US: Cisco
CVE-2015-4298 (Cisco Unified Web and E-Mail Interaction Manager 9.0(2) and 11.0(1) ...)
	NOT-FOR-US: Cisco
CVE-2015-4297 (Open redirect vulnerability in Cisco WebEx Node for Media Convergence ...)
	NOT-FOR-US: Cisco
CVE-2015-4296 (Nexus Data Broker (NDB) on Cisco Nexus 3000 devices with software ...)
	NOT-FOR-US: Cisco
CVE-2015-4295 (The Prime Collaboration Deployment component in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2015-4294 (Cross-site scripting (XSS) vulnerability in Cisco IM and Presence ...)
	NOT-FOR-US: Cisco
CVE-2015-4293 (The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier ...)
	NOT-FOR-US: Cisco
CVE-2015-4292 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2015-4291 (Cisco IOS XE 2.x before 2.4.3 and 2.5.x before 2.5.1 on ASR 1000 ...)
	NOT-FOR-US: Cisco
CVE-2015-4290 (The kernel extension in Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2015-4289 (Directory traversal vulnerability in Cisco AnyConnect Secure Mobility ...)
	NOT-FOR-US: Cisco
CVE-2015-4288 (The LDAP implementation on the Cisco Web Security Appliance (WSA) ...)
	NOT-FOR-US: Cisco
CVE-2015-4287 (Cisco Firepower Extensible Operating System 1.1(1.86) on Firepower ...)
	NOT-FOR-US: Cisco
CVE-2015-4286 (The web framework in Cisco UCS Central Software 1.3(0.99) allows ...)
	NOT-FOR-US: Cisco
CVE-2015-4285 (The Local Packet Transport Services (LPTS) implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2015-4284 (The Concurrent Data Management Replication process in Cisco IOS XR ...)
	NOT-FOR-US: Cisco
CVE-2015-4283 (Cisco Videoscape Policy Resource Manager (PRM) 3.5.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-4282 (Cisco Mobility Services Engine (MSE) through 8.0.120.7 uses weak ...)
	NOT-FOR-US: Cisco
CVE-2015-4281 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2015-4280 (Cisco Prime Collaboration Assurance 10.0 allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4279 (The Manager component in Cisco Unified Computing System (UCS) 2.2(3b) ...)
	NOT-FOR-US: Cisco
CVE-2015-4278 (Cisco Email Security Appliance (ESA) devices with software 8.5.6-106 ...)
	NOT-FOR-US: Cisco
CVE-2015-4277 (The global-configuration implementation on Cisco ASR 9000 devices with ...)
	NOT-FOR-US: Cisco
CVE-2015-4276 (Cisco WebEx Meetings Server 2.5MR1 allows remote authenticated users ...)
	NOT-FOR-US: Cisco
CVE-2015-4275 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 ...)
	NOT-FOR-US: Cisco
CVE-2015-4274 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco
CVE-2015-4273 (The Packet Data Network Gateway (aka PGW) component on Cisco ASR 5000 ...)
	NOT-FOR-US: Cisco
CVE-2015-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the ccmivr page ...)
	NOT-FOR-US: Cisco
CVE-2015-4271 (Cisco TelePresence TC before 7.3.4 on Integrator C devices allows ...)
	NOT-FOR-US: Cisco
CVE-2015-4270 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2015-4269 (The Tomcat throttling feature in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2015-4268 (Multiple cross-site scripting (XSS) vulnerabilities in the Infra Admin ...)
	NOT-FOR-US: Cisco
CVE-2015-4267 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco
CVE-2015-4266 (The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), ...)
	NOT-FOR-US: Cisco
CVE-2015-4265 (Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2015-4264
	RESERVED
CVE-2015-4263 (The Control and Provisioning functionality in Cisco Mobility Services ...)
	NOT-FOR-US: Cisco
CVE-2015-4262 (The password-change feature in Cisco Unified MeetingPlace Web ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-4261
	REJECTED
CVE-2015-4260 (Cross-site scripting (XSS) vulnerability in Cisco Hosted Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2015-4259 (The Integrated Management Controller on Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2015-4258 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4257 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4256 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4255 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4254 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4253 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4252 (Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2015-4251
	REJECTED
CVE-2015-4250
	REJECTED
CVE-2015-4249
	REJECTED
CVE-2015-4248
	REJECTED
CVE-2015-4247
	REJECTED
CVE-2015-4246
	REJECTED
CVE-2015-4245
	REJECTED
CVE-2015-4244 (The boot implementation on Cisco ASR 5000 and 5500 devices with ...)
	NOT-FOR-US: Cisco
CVE-2015-4243 (The PPPoE establishment implementation in Cisco IOS XE 3.5.0S on ASR ...)
	NOT-FOR-US: Cisco
CVE-2015-4242 (Cross-site request forgery (CSRF) vulnerability in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2015-4241 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-4240 (Cisco IP Communicator 8.6(4) allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2015-4239 (Cisco Adaptive Security Appliance (ASA) Software 9.3(2.243) and ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-4238 (The SNMP implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-4237 (The CLI parser in Cisco NX-OS 4.1(2)E1(1), 6.2(11b), 6.2(12), ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4236 (Cisco AsyncOS on Email Security Appliance (ESA) devices with software ...)
	NOT-FOR-US: Cisco
CVE-2015-4235 (Cisco Application Policy Infrastructure Controller (APIC) devices with ...)
	NOT-FOR-US: Cisco Application Policy Infrastructure Controller
CVE-2015-4234 (Cisco NX-OS 6.0(2) and 6.2(2) on Nexus devices has an improper OS ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4233 (SQL injection vulnerability in Cisco Unified MeetingPlace 8.6(1.2) ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-4232 (Cisco NX-OS 6.2(10) on Nexus and MDS 9000 devices allows local users ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4231 (The Python interpreter in Cisco NX-OS 6.2(8a) on Nexus 7000 devices ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-4230 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4229 (The web framework in Cisco Unified Communications Domain Manager ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-4228 (Cisco Digital Content Manager (DCM) 15.0.0 might allow remote ad ...)
	NOT-FOR-US: Cisco Digital Content Manager
CVE-2015-4227 (Memory leak in Cisco Headend System Release allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4226 (The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) ...)
	NOT-FOR-US: Cisco
CVE-2015-4225 (Cisco Application Policy Infrastructure Controller (APIC) 1.0(1.110a) ...)
	NOT-FOR-US: Cisco
CVE-2015-4224 (Cisco Wireless LAN Controller (WLC) devices with software 7.0(240.0) ...)
	NOT-FOR-US: Cisco
CVE-2015-4223 (Cisco IOS XR 5.1.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2015-4222 (SQL injection vulnerability in Cisco Unified Communications Manager IM ...)
	NOT-FOR-US: Cisco
CVE-2015-4221 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) ...)
	NOT-FOR-US: Cisco
CVE-2015-4220 (Cross-site scripting (XSS) vulnerability in Cisco Unified Presence ...)
	NOT-FOR-US: Cisco
CVE-2015-4219 (Cisco Secure Access Control System before 5.4(0.46.2) and 5.5 before ...)
	NOT-FOR-US: Cisco
CVE-2015-4218 (The web-based user interface in Cisco Jabber through 9.6(3) and 9.7 ...)
	NOT-FOR-US: Cisco Jabber
CVE-2015-4217 (The remote-support feature on Cisco Web Security Virtual Appliance ...)
	NOT-FOR-US: Cisco
CVE-2015-4216 (The remote-support feature on Cisco Web Security Virtual Appliance ...)
	NOT-FOR-US: Cisco
CVE-2015-4215 (Cisco Wireless LAN Controller (WLC) devices with software 7.5(102.0) ...)
	NOT-FOR-US: Cisco
CVE-2015-4214 (Cisco Unified MeetingPlace 8.6(1.2) and 8.6(1.9) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-4213 (Cisco NX-OS 1.1(1g) on Nexus 9000 devices allows remote authenticated ...)
	NOT-FOR-US: Cisco
CVE-2015-4212 (Cisco WebEx Meeting Center allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cisco
CVE-2015-4211 (Cisco AnyConnect Secure Mobility Client 3.1(60) on Windows does not ...)
	NOT-FOR-US: Cisco
CVE-2015-4210 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Meeting Center ...)
	NOT-FOR-US: Cisco
CVE-2015-4209 (Cisco WebEx Meeting Center does not properly determine authorization ...)
	NOT-FOR-US: Cisco
CVE-2015-4208 (Cisco WebEx Meeting Center does not properly restrict the content of ...)
	NOT-FOR-US: Cisco
CVE-2015-4207 (Cisco WebEx Meeting Center places a meeting's access number in a URL, ...)
	NOT-FOR-US: Cisco
CVE-2015-4206 (Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-4205 (Cisco IOS XR 5.3.1 on ASR 9000 devices allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4204 (Memory leak in Cisco IOS 12.2 in the Performance Routing Engine (PRE) ...)
	NOT-FOR-US: Cisco
CVE-2015-4203 (Race condition in Cisco IOS 12.2SCH in the Performance Routing Engine ...)
	NOT-FOR-US: Cisco
CVE-2015-4202 (Cisco IOS 12.2SCH on uBR10000 router Cable Modem Termination Systems ...)
	NOT-FOR-US: Cisco
CVE-2015-4201 (The Gateway General Packet Radio Service Support Node (GGSN) component ...)
	NOT-FOR-US: Cisco
CVE-2015-4200 (Memory leak in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-4199 (Race condition in the IPv6-to-IPv4 functionality in Cisco IOS 15.3S in ...)
	NOT-FOR-US: Cisco
CVE-2015-4198 (Cross-site scripting (XSS) vulnerability in the web framework on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-4197 (Cisco NX-OS 5.2(5) on Nexus 7000 devices allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-4196 (Platform Software before 4.4.5 in Cisco Unified Communications Domain ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-4195 (Cisco IOS XR 5.1.1.K9SEC allows remote authenticated users to cause a ...)
	NOT-FOR-US: Cisco
CVE-2015-4194 (The web-based administrative interface in Cisco WebEx Meeting Center ...)
	NOT-FOR-US: Cisco
CVE-2015-4193
	RESERVED
CVE-2015-4192
	RESERVED
CVE-2015-4191 (Cisco IOS XR 5.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2015-4190 (Cisco Cloud Portal in Cisco Prime Service Catalog 9.4.1_vortex on ...)
	NOT-FOR-US: Cisco
CVE-2015-4189 (Cross-site request forgery (CSRF) vulnerability in Cisco Data Center ...)
	NOT-FOR-US: Cisco
CVE-2015-4188 (SQL injection vulnerability in the Manager interface in Cisco Prime ...)
	NOT-FOR-US: Cisco
CVE-2015-4187
	RESERVED
CVE-2015-4186 (The diagnostics subsystem in the administrative web interface on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-4185 (The TCL interpreter in Cisco IOS 15.2 does not properly maintain the ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-4184 (The anti-spam scanner on Cisco Email Security Appliance (ESA) devices ...)
	NOT-FOR-US: Cisco Email Security Appliance
CVE-2015-4183 (Cisco UCS Central Software 1.2(1a) allows local users to gain ...)
	NOT-FOR-US: Cisco
CVE-2015-4182 (The administrative web interface in Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2015-4181 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-4180 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-4175
	RESERVED
CVE-2015-4174 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
	NOT-FOR-US: Siemens Climatix BACnet/IP communication module
CVE-2015-4173 (Unquoted Windows search path vulnerability in the autorun value in ...)
	NOT-FOR-US: Dell SonicWall NetExtender
CVE-2010-5325 (Heap-based buffer overflow in the unhtmlify function in foomatic-rip ...)
	- foomatic-filters 4.0.5-6
	- cups-filters <not-affected> (Vulnerable code not present)
	NOTE: cups-filters 1.0.42 introduced foomatic-rip filter which already was fixed.
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=515
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1218297
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic/foomatic-filters/revision/239 (HEAD)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/foomatic-4.0/foomatic-filters/revision/225 (4.0.x branch)
CVE-2010-5324 (Directory traversal vulnerability in UploadServlet in the Remote ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-4692 (The kvm_apic_has_events function in arch/x86/kvm/lapic.h in the Linux ...)
	- linux 4.0.8-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u3
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/10/6
	NOTE: Vulnerable function introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=66450a21f99636af4fafac2afd33f1a40631bc3a (v3.10-rc1)
CVE-2015-4625 (Integer overflow in the authentication_agent_new_cookie function in ...)
	[experimental] - policykit-1 0.113-1
	- policykit-1 0.105-12 (low; bug #796134)
	[jessie] - policykit-1 0.105-15~deb8u1
	[wheezy] - policykit-1 <no-dsa> (Minor issue)
	[squeeze] - policykit-1 <no-dsa> (Minor issue)
	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000419.html
	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-June/000425.html
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90837
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=90832
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/08/3
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=ea544ffc18405237ccd95d28d7f45afef49aca17
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=493aa5dc1d278ab9097110c1262f5229bbaf1766
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=fb5076b7c05d01a532d593a4079a29cf2d63a228
CVE-2015-4412 (BSON injection vulnerability in the legal? function in BSON ...)
	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
	NOTE: Originating from  https://github.com/mongodb/bson-ruby/commit/21141c78d99f23d5f34d32010557ef19d0f77203#diff-8c8558c185bbb548ccb5a6d6ac4bfee5L219
CVE-2015-4411 [ruby-bson: DoS and possible injection, with bernerdschaefer 2012-04-17 commit]
	RESERVED
	- ruby-bson <not-affected> (corresponding change in ruby-bson not present)
	NOTE: https://github.com/mongoid/moped/commit/dd5a7c14b5d2e466f7875d079af71ad19774609b#diff-3b93602f64c2fe46d38efd9f73ef5358R24
CVE-2015-4410 [ruby-bson: DoS and possible injection]
	RESERVED
	- ruby-bson 1.10.0-2 (bug #787951)
	[jessie] - ruby-bson 1.10.0-1+deb8u1
	NOTE: "original" implementation of legal? using ^[0-9a-f]{24}$ regular expression
	NOTE: Fix: https://github.com/mongodb/mongo-ruby-driver/commit/bb544c2f6fd62940f04ddc1abeeaa3f23c1a9ade (1.x-stable)
	NOTE: http://sakurity.com/blog/2015/06/04/mongo_ruby_regexp.html
	NOTE: https://sources.debian.org/src/ruby-bson/1.10.0-1/lib/bson/types/object_id.rb/#L54
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/06/1
CVE-2015-4338 (Static code injection vulnerability in the XCloner plugin 3.1.2 for ...)
	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4337 (Cross-site scripting (XSS) vulnerability in the XCloner plugin 3.1.2 ...)
	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4336 (cloner.functions.php in the XCloner plugin 3.1.2 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin xclonerbackupandrestore
CVE-2015-4335 (Redis before 2.8.21 and 3.x before 3.0.2 allows remote attackers to ...)
	{DSA-3279-1}
	- redis 2:3.0.2-1
	[wheezy] - redis <not-affected> (Lua support introduced in version 2.6.0)
	[squeeze] - redis <not-affected> (Lua support introduced in version 2.6.0)
	NOTE: http://benmmurphy.github.io/blog/2015/06/04/redis-eval-lua-sandbox-escape/
	NOTE: Patch: https://github.com/antirez/redis/commit/fdf9d455098f54f7666c702ae464e6ea21e25411
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/05/3
CVE-2015-XXXX [Null pointer access in inflatehd tool]
	- nghttp2 <unfixed> (unimportant)
	NOTE: Upstream report: https://github.com/tatsuhiro-t/nghttp2/issues/235
	NOTE: Git commit: https://github.com/tatsuhiro-t/nghttp2/commit/3572e7c6343cb85fc21f5667a7ed0902cf5305cf
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/03/20
	NOTE: inflatehd not installed into the Debian binary packages
CVE-2015-5523 (The ParseValue function in lexer.c in tidy before 4.9.31 allows remote ...)
	{DSA-3309-1 DLA-273-1}
	- tidy 20091223cvs-1.5 (bug #792571)
	NOTE: https://github.com/htacg/tidy-html5/issues/217#issuecomment-108565501
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-5522 (Heap-based buffer overflow in the ParseValue function in lexer.c in ...)
	{DSA-3309-1 DLA-273-1}
	- tidy 20091223cvs-1.5 (bug #792571)
	NOTE: https://github.com/htacg/tidy-html5/issues/217
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/04/2
CVE-2015-6593
	REJECTED
CVE-2015-4179 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin codestyling-localization
CVE-2015-4176 (fs/namespace.c in the Linux kernel before 4.0.2 does not properly ...)
	- linux <not-affected> (Introducing commit was applied to 4.0.2 but e0c9c0afd2fc958ffa34b697972721d81df8a56f as well backported into 4.0.2)
	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e0c9c0afd2fc958ffa34b697972721d81df8a56f (v4.1-rc1)
CVE-2015-4172
	RESERVED
CVE-2015-4171 (strongSwan 4.3.0 through 5.x before 5.3.2 and strongSwan VPN Client ...)
	{DSA-3282-1 DLA-244-1}
	- strongswan 5.3.1-1
	NOTE: https://www.strongswan.org/blog/2015/06/08/strongswan-vulnerability-(cve-2015-4171).html
CVE-2015-4169
	RESERVED
CVE-2015-4168
	RESERVED
CVE-2015-4166 (Cloudera Key Trustee Server before 5.4.3 does not store keys ...)
	NOT-FOR-US: Cloudera
CVE-2015-4165 (The snapshot API in Elasticsearch before 1.6.0 when another ...)
	- elasticsearch 1.6.0+dfsg-1 (bug #788471)
	[jessie] - elasticsearch <end-of-life> (No longer supported, see DSA 3389)
	NOTE: https://github.com/elastic/elasticsearch/issues/11068
	NOTE: https://github.com/elastic/elasticsearch/pull/11284
	NOTE: https://github.com/imotov/elasticsearch/commit/f5cfb2a1869d1a52930cbd3138278a6e2c1b22e6
CVE-2015-4164 (The compat_iret function in Xen 3.1 through 4.5 iterates the wrong way ...)
	{DSA-3286-1}
	- xen 4.6.0-1 (bug #795721)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-136.html
CVE-2015-4163 (GNTTABOP_swap_grant_ref in Xen 4.2 through 4.5 does not check the ...)
	{DSA-3286-1}
	- xen 4.6.0-1 (bug #795721)
	[wheezy] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
	[squeeze] - xen <not-affected> (Xen 4.2 onwards are vulnerable)
	NOTE: http://xenbits.xen.org/xsa/advisory-134.html
CVE-2015-4162 (XML external entity (XXE) vulnerability in the management interface in ...)
	NOT-FOR-US: PAN-OS
CVE-2015-4161 (SAP Afaria does not properly restrict access to unspecified ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-4160 (SQL injection vulnerability in SAP ASE Database Platform allows remote ...)
	NOT-FOR-US: SAP ASE Database Platform
CVE-2015-4159 (SQL injection vulnerability in SAP HANA Web-based Development ...)
	NOT-FOR-US: SAP HANA
CVE-2015-4158 (SAP ABAP &amp; Java Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SAP ABAP & Java Server
CVE-2015-4157 (SAP Content Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SAP Content Server
CVE-2015-4156 (GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) ...)
	- parallel 20161222-1 (unimportant; bug #787954)
	NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
	NOTE: https://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-4155 (GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) ...)
	- parallel 20161222-1 (unimportant; bug #787954)
	NOTE: https://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-4154
	RESERVED
CVE-2015-4153 (Directory traversal vulnerability in the zM Ajax Login &amp; Register ...)
	NOT-FOR-US: WordPress plugin zm-ajax-login-register
CVE-2015-4152 (Directory traversal vulnerability in the file output plugin in ...)
	- logstash <itp> (bug #664841)
CVE-2015-4151
	RESERVED
CVE-2015-4150
	RESERVED
CVE-2015-4149
	RESERVED
CVE-2015-4138 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-4137 (SQL injection vulnerability in related.php in Milw0rm Clone Script 1.0 ...)
	NOT-FOR-US: Milw0rm Clone Script
CVE-2015-4136
	RESERVED
CVE-2014-9727 (AVM Fritz!Box allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: AVM Fritz!Box
CVE-2014-9731 (The UDF filesystem implementation in the Linux kernel before 3.18.2 ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/03/4
CVE-2015-5366 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux ...)
	{DSA-3313-1 DLA-310-1}
	- linux 4.0.7-1
	[wheezy] - linux 3.2.68-1+deb7u3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
	NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-5364 (The (1) udp_recvmsg and (2) udpv6_recvmsg functions in the Linux ...)
	{DSA-3313-1 DLA-310-1}
	- linux 4.0.7-1
	[wheezy] - linux 3.2.68-1+deb7u3
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0 (v4.1-rc7)
	NOTE: http://web.archive.org/web/20160309082241/https://twitter.com/grsecurity/status/605854034260426753
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/30/13
CVE-2015-XXXX [uudecode: stack out of bounds read access]
	- sharutils <unfixed> (unimportant)
	NOTE: Negligable security impact
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/02/8
CVE-2014-9730 (The udf_pc_to_char function in fs/udf/symlink.c in the Linux kernel ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9729 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2014-9728 (The UDF filesystem implementation in the Linux kernel before 3.18.2 ...)
	{DLA-246-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.68-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e159332b9af4b04d882dbcfe1bb0117f0a6d4b58 (v3.19-rc3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e237ec37ec154564f8690c5bd1795339955eeef9 (v3.19-rc3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a1d47b262952a45aae62bd49cfaf33dd76c11a2c (v3.19-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/7
CVE-2015-4167 (The udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
	{DSA-3313-1 DSA-3290-1 DLA-246-1}
	- linux 4.0.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23b133bdc452aa441fcb9b82cbf6dd05cfd342d0 (v4.0-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/02/6
CVE-2015-4140 (Cross-site request forgery (CSRF) vulnerability in the WP Smiley ...)
	NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4139 (Cross-site scripting (XSS) vulnerability in smilies4wp.php in the WP ...)
	NOT-FOR-US: WordPress plugin wp-smiley
CVE-2015-4135 (Cross-site scripting (XSS) vulnerability in goto.php in phpwind 8.7 ...)
	NOT-FOR-US: PHPWind
CVE-2015-4134 (Open redirect vulnerability in goto.php in phpwind 8.7 allows remote ...)
	NOT-FOR-US: PHPWind
CVE-2015-4133 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: ReFlex Gallery plugin for WordPress
CVE-2015-4132 (Multiple cross-site scripting (XSS) vulnerabilities in Aruba Networks ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-4131
	RESERVED
CVE-2015-4130 [command-injection]
	RESERVED
	NOT-FOR-US: NodeJS ungit
	NOTE: https://github.com/FredrikNoren/ungit/issues/486
	NOTE: https://nodesecurity.io/advisories/40
CVE-2015-4129 (SQL injection vulnerability in Subrion CMS before 3.3.3 allows remote ...)
	NOT-FOR-US: Subrion CMS
CVE-2015-4128
	RESERVED
CVE-2015-4127 (Cross-site scripting (XSS) vulnerability in the church_admin plugin ...)
	NOT-FOR-US: church_admin plugin for WordPress
CVE-2015-4178 (The fs_pin implementation in the Linux kernel before 4.0.5 does not ...)
	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
	NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
	NOTE: 4.0.2-1
	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=820f9f147dcce2602eefd9b575bbbd9ea14f0953 (v4.1-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4177 (The collect_mounts function in fs/namespace.c in the Linux kernel ...)
	- linux <not-affected> (Commit was applied to 4.0.2 as well but fixed in Debian by two subsequent commits)
	NOTE: Debian both applies "mnt: Fail collect_mounts when applied to unmounted mounts"
	NOTE: and "fs_pin: Allow for the possibility that m_list or s_list go unused." in
	NOTE: 4.0.2-1
	- linux-2.6 <not-affected> (Introduced and fixed in 4.1-rc1 upstream)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ce07d891a0891d3c0d0c2d73d577490486b809e1 (v4.1-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cd4a40174b71acd021877341684d8bb1dc8ea4ae (v4.1-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/29/5
CVE-2015-4126
	RESERVED
CVE-2015-4125
	RESERVED
CVE-2015-4124
	RESERVED
CVE-2015-4123
	RESERVED
CVE-2015-4122
	RESERVED
CVE-2015-4121
	RESERVED
CVE-2015-4120
	RESERVED
CVE-2015-4119 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ISPConfig
CVE-2015-4118 (SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig ...)
	NOT-FOR-US: ISPConfig
CVE-2015-4117 (Vesta Control Panel before 0.9.8-14 allows remote authenticated users ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2015-4116 (Use-after-free vulnerability in the spl_ptr_heap_insert function in ...)
	- php5 5.6.11+dfsg-1 (unimportant)
	[jessie] - php5 5.6.12+dfsg-0+deb8u1
	NOTE: https://bugs.php.net/bug.php?id=69737
	NOTE: Fixed in 5.6.11, 5.5.27
	NOTE: Not treated as security issue, only triggerable with malformed PHP code
CVE-2015-4115
	RESERVED
CVE-2015-4114
	RESERVED
CVE-2015-4113
	RESERVED
CVE-2015-4112 (The Management Console in BlackBerry Enterprise Server (BES) 12 before ...)
	NOT-FOR-US: BlackBerry
CVE-2015-4111 (mc_demux_mp4_ds.ax in an unspecified third-party codec demux in ...)
	NOT-FOR-US: BlackBerry
CVE-2015-4110
	RESERVED
CVE-2015-4109 (Multiple SQL injection vulnerabilities in the ratings module in the ...)
	NOT-FOR-US: WordPress plugin users-ultra
CVE-2015-4108 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wing FTP ...)
	NOT-FOR-US: Wing FTP Server
CVE-2015-4107
	RESERVED
CVE-2015-4106 (QEMU does not properly restrict write access to the PCI config space ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-131.html
CVE-2015-4105 (Xen 3.3.x through 4.5.x enables logging for PCI MSI-X pass-through ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-130.html
CVE-2015-4104 (Xen 3.3.x through 4.5.x does not properly restrict access to PCI MSI ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-129.html
CVE-2015-4103 (Xen 3.3.x through 4.5.x does not properly restrict write access to the ...)
	{DSA-3286-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5 (bug #787547)
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-128.html
CVE-2015-4102
	RESERVED
CVE-2015-4101
	RESERVED
CVE-2015-4100 (Puppet Enterprise 3.7.x and 3.8.0 might allow remote authenticated ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: https://puppet.com/security/cve/CVE-2015-4100
CVE-2015-4099
	RESERVED
CVE-2015-4098
	RESERVED
CVE-2015-4097
	RESERVED
CVE-2015-4096
	RESERVED
CVE-2015-4095
	RESERVED
CVE-2015-4094 (The Thycotic Password Manager Secret Server application through 2.3 ...)
	NOT-FOR-US: Thycotic Password Manager Secret Server application for iOS
CVE-2015-4093 (Cross-site scripting (XSS) vulnerability in Elasticsearch Kibana 4.x ...)
	- kibana <itp> (bug #700337)
CVE-2015-4092 (Buffer overflow in the XComms process in SAP Afaria 7.00.6620.2 SP5 ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-4091 (XML external entity (XXE) vulnerability in SAP NetWeaver AS Java 7.4 ...)
	NOT-FOR-US: SAP NetWeaver AS Java
CVE-2015-4090
	RESERVED
CVE-2015-4089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-4088
	RESERVED
CVE-2015-4087
	RESERVED
CVE-2007-6758
	RESERVED
CVE-2015-4086
	RESERVED
CVE-2015-4084 (Cross-site scripting (XSS) vulnerability in the Free Counter plugin ...)
	NOT-FOR-US: Free Counter plugin for WordPress
CVE-2015-4083
	RESERVED
CVE-2015-4081
	RESERVED
CVE-2015-4080 (The Kankun Smart Socket device and mobile application uses a hardcoded ...)
	NOT-FOR-US: Kankun Smart Socket device and mobile application
CVE-2015-4079
	RESERVED
CVE-2015-4078 (Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include ...)
	NOT-FOR-US: Cloudera
CVE-2015-4077 (The (1) mdare64_48.sys, (2) mdare32_48.sys, (3) mdare32_52.sys, and (4) ...)
	NOT-FOR-US: Fortinet
CVE-2015-4076
	RESERVED
CVE-2015-4075 (The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4074 (Directory traversal vulnerability in the Helpdesk Pro plugin before ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4073 (Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4072 (Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk ...)
	NOT-FOR-US: Joomla! plugin
CVE-2015-4071 (The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote ...)
	NOT-FOR-US: Helpdesk Pro Plugin for Joomla!
CVE-2015-4070 (Open redirect vulnerability in the proxyimages function in ...)
	NOT-FOR-US: Wow Moodboard Lite
CVE-2015-4069 (The EdgeServiceImpl web service in Arcserve UDP before 5.0 Update 4 ...)
	NOT-FOR-US: EdgeServiceImpl web service in Arcserve UDP
CVE-2015-4068 (Directory traversal vulnerability in Arcserve UDP before 5.0 Update 4 ...)
	NOT-FOR-US: Arcserve UDP
CVE-2015-4067 (Integer overflow in the libnv6 module in Dell NetVault Backup before ...)
	NOT-FOR-US: Dell NetVault Backup
CVE-2015-4066 (Multiple SQL injection vulnerabilities in admin/handlers.php in the ...)
	NOT-FOR-US: GigPress plugin for WordPress
CVE-2015-4061
	RESERVED
CVE-2015-4060 (Heap-based buffer overflow in the TermProxy (WLTermProxyService.exe) ...)
	NOT-FOR-US: Wavelink ConnectPro
CVE-2015-4059 (Heap-based buffer overflow in the License Server (LicenseServer.exe) ...)
	NOT-FOR-US: Wavelink Terminal Emulation
CVE-2015-4058
	REJECTED
CVE-2015-4057 (The &quot;Plug-in for VMware vCenter&quot; in VCE Vision Intelligent Operations ...)
	NOT-FOR-US: VCE Vision Intelligent Operations
CVE-2015-4056 (The System Library in VCE Vision Intelligent Operations before 2.6.5 ...)
	NOT-FOR-US: VCE Vision Intelligent Operations
CVE-2015-4055
	RESERVED
CVE-2015-XXXX [hwclock(8) SUID privilege escalation]
	[experimental] - util-linux 2.27~rc1-1
	- util-linux 2.27-1 (unimportant; bug #786804)
	NOTE: hwclock is not installed suid in Debian
	NOTE: https://github.com/karelzak/util-linux/commit/687cc5d58942b24a9f4013c68876d8cbea907ab1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/26/10
CVE-2015-4082 (attic before 0.15 does not confirm unencrypted backups with the user, ...)
	- attic 0.16-1 (bug #787435)
	[jessie] - attic <no-dsa> (Minor issue)
	NOTE: https://github.com/jborg/attic/issues/271
	NOTE: https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/25/3
CVE-2015-4170 (Race condition in the ldsem_cmpxchg function in ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
	- linux-2.6 <not-affected> (commit 4898e640caf03fdbaf2122d5a33949bf3e4a5b34 not backported)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cf872776fc84128bb779ce2b83a37c884c3203ae (v3.13-rc5)
	NOTE: Affected code was introduced by the rewrite in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4898e640caf03fdbaf2122d5a33949bf3e4a5b34 (v3.11-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/26/1
CVE-2015-4065 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4064 (SQL injection vulnerability in modules/module.ab-testing.php in the ...)
	NOT-FOR-US: WordPress plugin landing-pages
CVE-2015-4063 (Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in ...)
	NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4062 (SQL injection vulnerability in includes/nsp_search.php in the ...)
	NOT-FOR-US: WordPress plugin newstatpress
CVE-2015-4052
	RESERVED
CVE-2015-4051 (Beckhoff IPC Diagnostics before 1.8 does not properly restrict access ...)
	NOT-FOR-US: Beckhoff IPC Diagnostics
CVE-2015-4050 (FragmentListener in the HttpKernel component in Symfony 2.3.19 through ...)
	{DSA-3276-1}
	- symfony 2.7.0~beta2+dfsg-2
	NOTE: https://github.com/fabpot/symfony/commit/d320d27699abcea12479cf608908fa91bcc133d4
	NOTE: http://symfony.com/blog/cve-2015-4050-esi-unauthorized-access
CVE-2014-9726
	RESERVED
CVE-2014-9725
	RESERVED
CVE-2014-9724
	RESERVED
CVE-2014-9723
	RESERVED
CVE-2014-9722
	RESERVED
CVE-2015-XXXX [XSS in group administration]
	- php-horde 5.2.5+debian0-1 (bug #785364)
	[jessie] - php-horde 5.2.1+debian0-2+deb8u1
	NOTE: https://github.com/horde/horde/commit/dae5277746abe613de0cacc004e95e9ed9d78220
CVE-2015-4053 (The admin command in ceph-deploy before 1.5.25 uses world-readable ...)
	- ceph-deploy <not-affected> (Fixed with initial upload to Debian)
	NOTE: http://tracker.ceph.com/issues/11694
CVE-2015-4049 (Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with ...)
	NOT-FOR-US: Unisys Libra
CVE-2015-4048
	RESERVED
CVE-2012-6691 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: osCMax
CVE-2015-4054 (PgBouncer before 1.5.5 allows remote attackers to cause a denial of ...)
	- pgbouncer 1.5.5-1
	[jessie] - pgbouncer 1.5.4-6+deb8u1
	[wheezy] - pgbouncer 1.5.2-4+deb7u1
	[squeeze] - pgbouncer <no-dsa> (Minor issue)
	NOTE: https://github.com/pgbouncer/pgbouncer/commit/edab5be6665b9e8de66c25ba527509b229468573 (master)
	NOTE: https://github.com/pgbouncer/pgbouncer/commit/74d6e5f7de5ec736f71204b7b422af7380c19ac5 (stable-1.5)
	NOTE: https://github.com/pgbouncer/pgbouncer/issues/42
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/21/2
CVE-2015-8147
	REJECTED
CVE-2015-8146
	REJECTED
CVE-2015-4046 (The asset discovery scanner in AlienVault OSSIM before 5.0.1 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2015-4045 (The sudoers file in the asset discovery scanner in AlienVault OSSIM ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2015-4044
	RESERVED
CVE-2015-4043
	RESERVED
CVE-2015-4040 (Directory traversal vulnerability in the configuration utility in F5 ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2015-4039
	RESERVED
	NOT-FOR-US: WordPress plugin WP Membership
CVE-2015-4038 (The WP Membership plugin 1.2.3 for WordPress allows remote ...)
	NOT-FOR-US: WordPress plugin WP Membership
CVE-2015-4037 (The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier ...)
	{DSA-3285-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-5
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=8b8f1c7e9ddb2e88a144638f6527bf70e32343e3
CVE-2015-4034 (The createFromParcel method in the ...)
	NOT-FOR-US: Samsung Galaxy S5
CVE-2015-4033 (Samsung SBeam allows remote attackers to read arbitrary images by ...)
	NOT-FOR-US: Samsung SBeam
CVE-2015-4032 (projectContents.jsp in the Developer tools in Visual Mining NetCharts ...)
	NOT-FOR-US: Visual Mining NetCharts Server
CVE-2015-4031 (Directory traversal vulnerability in saveFile.jsp in the development ...)
	NOT-FOR-US: Visual Mining NetChart
CVE-2015-4030
	RESERVED
CVE-2015-4029 (Cross-site scripting (XSS) vulnerability in the WebGUI in pfSense ...)
	NOT-FOR-US: pfSense
CVE-2015-4028
	RESERVED
CVE-2015-4027 (The AcuWVSSchedulerv10 service in Acunetix Web Vulnerability Scanner ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2013-7440 (The ssl.match_hostname function in CPython (aka Python) before 2.7.9 ...)
	- python3.4 3.4~b1-4
	- python3.3 3.3.3-1
	- python3.2 <removed>
	[wheezy] - python3.2 <no-dsa> (Minor issue, too intrusive to backport)
	- python3.1 <removed>
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python2.7 2.7.9-1
	[wheezy] - python2.7 <no-dsa> (Minor issue, too intrusive to backport)
	- python2.6 <removed>
	[wheezy] - python2.6 <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	NOTE: https://bugs.python.org/issue17997#msg194950
	NOTE: https://hg.python.org/cpython/rev/10d0edadbcdd
	NOTE: The CVE is only about refusing multiple wildcards. Backporting that part only is not so difficult.
CVE-2015-4047 (racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause ...)
	{DSA-3272-1 DLA-234-1}
	- ipsec-tools 1:0.8.2+20140711-3 (bug #785778)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/20/1
CVE-2015-4023
	RESERVED
CVE-2015-4020 (RubyGems 2.0.x before 2.0.17, 2.2.x before 2.2.5, and 2.4.x before 2.4.8 ...)
	- rubygems <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
	- libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6 and incomplete fix not applied)
	- ruby1.8 <not-affected> (Vulnerable code not present)
	- ruby1.9.1 <not-affected> (Bundles 1.8.23, vulnerable code introduced in later 1.9.1 versions; incomplete fix not applied)
	- ruby2.1 <not-affected> (Incomplete fix not applied)
	- ruby2.2 <not-affected> (Incomplete fix not applied)
	- jruby <not-affected> (Incomplete fix not applied)
	NOTE: Original patch https://github.com/rubygems/rubygems/commit/6bbee35
	NOTE: introduced another vulnerability, assigned CVE-2015-4020. This CVE
	NOTE: only applies if only 6bbee35 was applied without 5c7bfb5
	NOTE: https://github.com/rubygems/rubygems/commit/5c7bfb5
CVE-2015-4019
	RESERVED
CVE-2015-4018 (SQL injection vulnerability in feedwordpresssyndicationpage.class.php ...)
	NOT-FOR-US: FeedWordPress plugin for WordPress
CVE-2015-4016 (The client detection protocol in Valve Steam allows remote attackers ...)
	NOT-FOR-US: Related to non-free steam package.
	NOTE: The affected code is believed to be downloaded from Valve on startup.
	NOTE: http://store.steampowered.com/news/16801/
	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-15-233/
CVE-2015-4015
	RESERVED
CVE-2015-4014
	RESERVED
CVE-2015-4013
	RESERVED
CVE-2015-4012
	RESERVED
CVE-2015-4011
	RESERVED
CVE-2015-4042 [buffer overflow related to SIZE_MAX - lenb - 2 < lena test]
	RESERVED
	- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
	NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
	NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
CVE-2015-4041 [heap overflow; size calculation without properly considering the number of bytes occupied by multibyte characters]
	RESERVED
	- coreutils <not-affected> (Debian does not apply coreutils-i18n.patch)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=928749
	NOTE: https://github.com/pixelb/coreutils/commit/bea5e36cc876ed627bb5e0eca36fdfaa6465e940
	NOTE: http://pkgs.fedoraproject.org/cgit/coreutils.git/plain/coreutils-i18n.patch
CVE-2015-4035 (scripts/xzgrep.in in xzgrep 5.2.x before 5.2.0, before 5.0.0 does not ...)
	- xz-utils <not-affected> (Affects 4.999.9beta)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/7
CVE-2015-4010 (Cross-site request forgery (CSRF) vulnerability in the Encrypted ...)
	NOT-FOR-US: Encrypted Contact Form plugin for WordPress
CVE-2015-4009
	RESERVED
CVE-2015-4008
	RESERVED
CVE-2015-4007
	RESERVED
CVE-2015-4006
	RESERVED
CVE-2015-4005
	RESERVED
CVE-2015-4004 (The OZWPAN driver in the Linux kernel through 4.0.5 relies on an ...)
	- linux 4.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://lkml.org/lkml/2015/5/13/739
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
	NOTE: Driver was removed in Linux 4.3
CVE-2015-4003 (The oz_usb_handle_ep_data function in ...)
	- linux 4.1.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://lkml.org/lkml/2015/5/13/741
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=04bf464a5dfd9ade0dda918e44366c2c61fce80b (v4.1-rc7)
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4002 (drivers/staging/ozwpan/ozusbsvc1.c in the OZWPAN driver in the Linux ...)
	- linux 4.1.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://lkml.org/lkml/2015/5/13/740
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d114b9fe78c8d6fc6e70808c2092aa307c36dc8e (v4.1-rc7)
	NOTE: https://lkml.org/lkml/2015/5/13/742
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a59029bc218b48eff8b5d4dde5662fd79d3e1a8 (v4.1-rc7)
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4001 (Integer signedness error in the oz_hcd_get_desc_cnf function in ...)
	- linux 4.1.3-1 (unimportant)
	NOTE: ozwpan driver not built
	[wheezy] - linux <not-affected> (ozwpan driver not present)
	- linux-2.6 <not-affected> (ozwpan driver not present)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b1bb5b49373b61bf9d2c73a4d30058ba6f069e4c (v4.1-rc7)
	NOTE: https://lkml.org/lkml/2015/5/13/744
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2015-4000 (The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is ...)
	{DSA-3688-1 DSA-3339-1 DSA-3324-1 DSA-3316-1 DSA-3300-1 DSA-3287-1 DLA-507-1 DLA-303-1 DLA-247-1}
	- openssl 1.0.2b-1
	- nss 2:3.19.1-1
	[squeeze] - nss <no-dsa> (no point in switching min key size so close to EOL)
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	- icedove 38.1.0-1
	NOTE: CVE assigned specific to vulnerability in the TLS protocol that was
	NOTE: disclosed in section 3.2 of the
	NOTE: https://weakdh.org/imperfect-forward-secrecy.pdf paper.
	NOTE: Some links on the status of various implementations/protocols:
	NOTE: IKE/IPSEC: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
	NOTE: OpenSSL: https://www.openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/
	NOTE: OpenSSL 1.0.2b-1 limits it to 768 bit, future versions will increase the limit
	NOTE: GNUTLS: http://lists.gnutls.org/pipermail/gnutls-devel/2015-May/007597.html
	NOTE: NSS/iceweasel/icedove: https://www.mozilla.org/en-US/security/advisories/mfsa2015-70/
	NOTE: NSS patch increasing limit to 1023 bits: https://hg.mozilla.org/projects/nss/rev/ae72d76f8d24
CVE-2015-3999 (Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames ...)
	NOT-FOR-US: Piriform CCleaner
CVE-2015-3998 (Cross-site scripting (XSS) vulnerability in phpwhois 4.2.5, as used in ...)
	NOT-FOR-US: phpwhois component of adsense-click-fraud-monitoring wordpress plugin
CVE-2015-3997
	RESERVED
CVE-2015-3996 (The default AFSecurityPolicy.validatesDomainName configuration for ...)
	- owncloud <not-affected> (iOS-specific)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-012
CVE-2015-3995 (SAP HANA DB 1.00.73.00.389160 (NewDB100_REL) allows remote ...)
	NOT-FOR-US: SAP HANA DB
CVE-2015-3994 (The grant.xsfunc application in testApps/grantAccess/ in the XS Engine ...)
	NOT-FOR-US: SAP HANA DB
CVE-2015-3993 (Actian Matrix 5.1.x through 5.1.2.4 and 5.2.x through 5.2.0.1 allows ...)
	NOT-FOR-US: Actian Matrix
CVE-2015-3992
	RESERVED
CVE-2015-3991 (strongSwan 5.2.2 and 5.3.0 allows remote attackers to cause a denial ...)
	- strongswan 5.3.0-2
	[jessie] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
	[wheezy] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
	[squeeze] - strongswan <not-affected> (only affects 5.2.2+ and 5.3.0+)
	NOTE: http://www.strongswan.org/blog/2015/06/01/strongswan-vulnerability-(cve-2015-3991).html
CVE-2015-3990 (The GMS ViewPoint (GMSVP) web application in Dell Sonicwall GMS, ...)
	NOT-FOR-US: Dell
CVE-2015-3989 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
	NOT-FOR-US: concrete5
CVE-2014-9720
	RESERVED
	{DLA-475-1 DLA-279-1}
	- python-tornado 3.2.2-1
	NOTE: https://github.com/tornadoweb/tornado/commit/1c36307463b1e8affae100bf9386948e6c1b2308
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=930362
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222816
CVE-2014-9719
	RESERVED
CVE-2015-4026 (The pcntl_exec implementation in PHP before 5.4.41, 5.5.x before ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68598
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4025 (PHP before 5.4.41, 5.5.x before 5.5.25, and 5.6.x before 5.6.9 ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69418
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4024 (Algorithmic complexity vulnerability in the multipart_buffer_headers ...)
	{DSA-3280-1}
	- php5 5.6.9+dfsg-1
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.php.net/bug.php?id=69364
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
	- hhvm 3.11.0+dfsg-1
	NOTE: HHVM fix: https://github.com/facebook/hhvm/commit/6188457bd90ed2f3516e778dca8e91536d91802e
CVE-2015-4022 (Integer overflow in the ftp_genlist function in ext/ftp/ftp.c in PHP ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69545
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/18/2
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-4021 (The phar_parse_tarfile function in ext/phar/tar.c in PHP before ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69453
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c27f012b7a447e59d4a704688971cbfa7dddaa74
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/17/2 and http://www.openwall.com/lists/oss-security/2015/05/18/2
	NOTE: Fixed upstream in 5.4.41, 5.5.25, 5.6.9
CVE-2015-3987 (Multiple unquoted Windows search path vulnerabilities in the (1) ...)
	NOT-FOR-US: McAfee
CVE-2015-3986 (Cross-site request forgery (CSRF) vulnerability in the TheCartPress ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3985
	RESERVED
CVE-2015-3984
	RESERVED
CVE-2015-3983 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not include the ...)
	- pcs <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b (0.9.140)
CVE-2015-3982 (The session.flush function in the cached_db backend in Django 1.8.x ...)
	- python-django <not-affected> (Only affects 1.8 and development branch)
	NOTE: https://www.djangoproject.com/weblog/2015/may/20/security-release/
CVE-2015-3981 (SAP NetWeaver RFC SDK allows attackers to obtain sensitive information ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2015-3980 (SQL injection vulnerability in the Business Rules Framework ...)
	NOT-FOR-US: SAP CRM
CVE-2015-3979 (Unspecified vulnerability in the Business Rules Framework (CRM-BF-BRF) ...)
	NOT-FOR-US: SAP CRM
CVE-2015-3978 (SAP Sybase Unwired Platform Online Data Proxy allows local users to ...)
	NOT-FOR-US: SAP Sybase Unwired Platform Online Data Proxy
CVE-2015-3977 (Buffer overflow in Schneider Electric IMT25 Magnetic Flow DTM before ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-3976 (Cross-site scripting (XSS) vulnerability in GE Multilink ...)
	NOT-FOR-US: GE
CVE-2015-3975
	REJECTED
CVE-2015-3974 (EasyIO EasyIO-30P-SF controllers with firmware before 0.5.21 and 2.x ...)
	NOT-FOR-US: EasyIO EasyIO-30P-SF controllers
CVE-2015-3973 (Janitza UMG 508, 509, 511, 604, and 605 devices improperly generate ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3972 (The web interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3971 (The debug interface on Janitza UMG 508, 509, 511, 604, and 605 devices ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3970 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3969 (Janitza UMG 508, 509, 511, 604, and 605 devices allow remote attackers ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3968 (The FTP service on Janitza UMG 508, 509, 511, 604, and 605 devices has ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3967 (Cross-site request forgery (CSRF) vulnerability on Janitza UMG 508, ...)
	NOT-FOR-US: Janitza UMG devices
CVE-2015-3966 (The IPsec SA establishment process on Innominate mGuard devices with ...)
	NOT-FOR-US: Innominate mGuard
CVE-2015-3965
	RESERVED
CVE-2015-3964 (SMA Solar Sunny WebBox has hardcoded passwords, which makes it easier ...)
	NOT-FOR-US: SMA Solar Sunny WebBox
CVE-2015-3963 (Wind River VxWorks before 5.5.1, 6.5.x through 6.7.x before 6.7.1.1, ...)
	NOT-FOR-US: Wind River VxWorks as used on Schneider Electric devices
CVE-2015-3962 (Schneider Electric StruxureWare Building Expert MPM before 2.15 does ...)
	NOT-FOR-US: Schneider Electric StruxureWare
CVE-2015-3961 (The web-server component in MNS before 4.5.6 on Belden GarrettCom ...)
	NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3960 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
	NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3959 (The firmware in MNS before 4.5.6 on Belden GarrettCom Magnum 6K and ...)
	NOT-FOR-US: Belden GarrrettCom switches
CVE-2015-3958 (Hospira LifeCare PCA Infusion System 5.0 and earlier, and possibly ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-3957 (Hospira LifeCare PCA Infusion System before 7.0 stores private keys ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-3956
	RESERVED
CVE-2015-3955 (Stack-based buffer overflow in Hospira LifeCare PCA Infusion System ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-3954
	RESERVED
CVE-2015-3953
	RESERVED
CVE-2015-3952
	RESERVED
CVE-2015-3951 (RLE Nova-Wind Turbine HMI devices store cleartext credentials, which ...)
	NOT-FOR-US: RLE Nova-Wind Turbines
CVE-2015-3950 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
	NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-3949 (Sinapsi eSolar Light with firmware before 2.0.3970_schsl_2.2.85 allows ...)
	NOT-FOR-US: Sinapsi eSolar Light
CVE-2015-3948 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess before ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3947 (SQL injection vulnerability in Advantech WebAccess before 8.1 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3946 (Cross-site request forgery (CSRF) vulnerability in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3945
	REJECTED
CVE-2015-3944
	REJECTED
CVE-2015-3943 (Advantech WebAccess before 8.1 allows remote attackers to read ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2015-3942 (Multiple cross-site scripting (XSS) vulnerabilities in the web-server ...)
	NOT-FOR-US: Belden GarrettCom switches
CVE-2015-3941
	REJECTED
CVE-2015-3940 (Untrusted search path vulnerability in Schneider Electric Wonderware ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-3939 (Directory traversal vulnerability in the NC854 and NC856 modules for ...)
	NOT-FOR-US: IDS RTU 850C devices
CVE-2015-3938 (The HTTP application on Mitsubishi Electric MELSEC FX3G PLC devices ...)
	NOT-FOR-US: Mitsubishi Electric MELSEC devices
CVE-2015-3937
	RESERVED
CVE-2015-3936
	RESERVED
CVE-2015-3935 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
	- dolibarr 3.5.7+dfsg1-1 (bug #787762)
	[jessie] - dolibarr 3.5.5+dfsg1-1+deb8u1
	NOTE: https://github.com/Dolibarr/dolibarr/issues/2857
	NOTE: https://github.com/GPCsolutions/dolibarr/commit/a7f6bbd316e9b96216e9b2c7a065c9251c9a8907
CVE-2015-3934 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0_1.9.1 allow ...)
	NOT-FOR-US: Fiyo CMS
CVE-2015-3933 (Multiple SQL injection vulnerabilities in inc/lib/User.class.php in ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-3932 (Netlock Mokka before 2.7.8.1204 allows remote attackers to perform XML ...)
	NOT-FOR-US: Netlock Mokka
CVE-2015-3931 (Microsec e-Szigno before 3.2.7.12 allows remote attackers to perform ...)
	NOT-FOR-US: Microsec e-Szigno
CVE-2015-3930
	RESERVED
CVE-2015-3929
	RESERVED
CVE-2015-3928
	RESERVED
CVE-2015-3927
	RESERVED
CVE-2015-3926
	RESERVED
CVE-2015-3925
	RESERVED
CVE-2015-3924
	RESERVED
CVE-2015-3923 (Coppermine Photo Gallery before 1.5.36 allows remote attackers to ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3922 (Open redirect vulnerability in mode.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3921 (Cross-site scripting (XSS) vulnerability in contact.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2015-3920
	RESERVED
CVE-2015-3919
	REJECTED
CVE-2015-3918
	RESERVED
CVE-2015-3917
	RESERVED
CVE-2015-3916
	RESERVED
CVE-2015-3915
	RESERVED
CVE-2015-3914
	RESERVED
CVE-2015-3913 (The IP stack in multiple Huawei Campus series switch models allows ...)
	NOT-FOR-US: Huawei
CVE-2015-3912 (Huawei E355s Mobile WiFi with firmware before 22.158.45.02.625 and ...)
	NOT-FOR-US: Huawei
CVE-2015-3911 (Huawei E587 Mobile WiFi with firmware before 11.203.30.00.00 allows ...)
	NOT-FOR-US: Huawei
CVE-2015-3910 (Multiple unspecified vulnerabilities in Google V8 before 4.3.61.21, as ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-3909
	RESERVED
CVE-2015-3908 (Ansible before 1.9.2 does not verify that the server hostname matches ...)
	- ansible 1.9.2+dfsg-1 (low)
	[jessie] - ansible <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/14/4
CVE-2015-3907
	RESERVED
CVE-2015-3906 (The logcat_dump_text function in wiretap/logcat.c in the Android ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-18.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11188
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b3b1f7c3aa2233a147294bad833b748d38fba84d
CVE-2015-3904 (Multiple cross-site scripting (XSS) vulnerabilities in roomcloud.php ...)
	NOT-FOR-US: Roomcloud plugin for WordPress
CVE-2015-3901
	RESERVED
CVE-2015-3900 (RubyGems 2.0.x before 2.0.16, 2.2.x before 2.2.4, and 2.4.x before ...)
	- rubygems <not-affected> (Affects versions between 2.0 and 2.4.6)
	- libgems-ruby <not-affected> (Affects versions between 2.0 and 2.4.6)
	- ruby1.8 <not-affected> (Vulnerable code not present)
	- ruby1.9.1 <not-affected> (Bundles 1.8.23, vulnerable code introduced in later 1.9.1 versions)
	- ruby2.1 2.1.5-4 (bug #790119)
	[jessie] - ruby2.1 2.1.5-2+deb8u2
	- ruby2.2 2.2.2-3 (bug #790111)
	- jruby 1.7.20.1-2
	[jessie] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
	[wheezy] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
	[squeeze] - jruby <not-affected> (Vulnerable code introduced with 1.7.19)
	NOTE: https://github.com/rubygems/rubygems/commit/6bbee35
	NOTE: https://github.com/rubygems/rubygems/commit/5c7bfb5
	NOTE: http://blog.rubygems.org/2015/05/14/CVE-2015-3900.html
CVE-2015-3899
	RESERVED
CVE-2015-3898 (Multiple open redirect vulnerabilities in Bonita BPM Portal before ...)
	NOT-FOR-US: Bonita BPM Portal
CVE-2015-3897 (Directory traversal vulnerability in Bonita BPM Portal before 6.5.3 ...)
	NOT-FOR-US: Bonita BPM Portal
CVE-2015-3896
	RESERVED
CVE-2015-3895
	RESERVED
CVE-2015-3894
	RESERVED
CVE-2015-3893
	RESERVED
CVE-2015-3892
	RESERVED
CVE-2015-3891
	RESERVED
CVE-2015-3890 (Use-after-free vulnerability in Open Litespeed before 1.3.10. ...)
	NOT-FOR-US: Open Litespeed
CVE-2015-3889
	RESERVED
CVE-2015-3888 (Jolla Sailfish OS before 1.1.2.16 allows remote attackers to spoof ...)
	NOT-FOR-US: Jolla Sailfish OS
CVE-2015-3887 (Untrusted search path vulnerability in ProxyChains-NG before 4.9 ...)
	NOT-FOR-US: proxychains-ng
	NOTE: proxychains does not contain the vulnerable code
CVE-2015-3884 (Unrestricted file upload vulnerability in the (1) myAccount, (2) ...)
	NOT-FOR-US: qdPM
CVE-2015-3883 (Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow ...)
	NOT-FOR-US: qdPM
CVE-2015-3882 (qdPM 8.3 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: qdPM
CVE-2015-3881 (Information disclosure issue in qdPM 8.3 allows remote attackers to ...)
	NOT-FOR-US: qdPM
CVE-2015-3879 (Media Player Framework in Android before 5.1.1 LMY48T allows attackers ...)
	NOT-FOR-US: Media Player Framework in Android
CVE-2015-3878 (Media Projection in Android 5.x before 5.1.1 LMY48T and 6.0 before ...)
	NOT-FOR-US: Media Projection in Android
CVE-2015-3877 (Skia, as used in Android before 5.1.1 LMY48T, allows remote attackers ...)
	NOT-FOR-US: Skia, as used in Android
CVE-2015-3876 (libstagefright in Android through 5.1.1 LMY48M allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3875 (libutils in Android before 5.1.1 LMY48T allows remote attackers to ...)
	- android-platform-frameworks-native <unfixed> (unimportant; bug #806375)
CVE-2015-3874 (The Sonivox components in Android before 5.1.1 LMY48T allow remote ...)
	NOT-FOR-US: The Sonivox components in Android
CVE-2015-3873 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3872 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3871 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3870 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3869 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3868 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3867 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3866
	RESERVED
CVE-2015-3865 (The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers ...)
	NOT-FOR-US: The Runtime subsystem in Android
CVE-2015-3864 (Integer underflow in the MPEG4Extractor::parseChunk function in ...)
	NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3863 (Multiple integer overflows in the Blob class in keystore/keystore.cpp ...)
	NOT-FOR-US: Keystore in Android
CVE-2015-3862 (mediaserver in Android before 5.1.1 LMY48T allows attackers to cause a ...)
	NOT-FOR-US: mediaserver in Android
CVE-2015-3861 (Multiple integer overflows in the addVorbisCodecInfo function in ...)
	NOT-FOR-US: libstagefright in mediaserver in Android
CVE-2015-3860 (packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen ...)
	NOT-FOR-US: Lockscreen in Android
CVE-2015-3859
	RESERVED
CVE-2015-3858 (The checkDestination function in internal/telephony/SMSDispatcher.java ...)
	NOT-FOR-US: Android
CVE-2015-3857
	RESERVED
CVE-2015-3856
	RESERVED
CVE-2015-3855
	RESERVED
CVE-2015-3854 (packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java ...)
	NOT-FOR-US: Android
CVE-2015-3853
	RESERVED
CVE-2015-3852
	RESERVED
CVE-2015-3851
	RESERVED
CVE-2015-3850
	RESERVED
CVE-2015-3849 (The Region_createFromParcel function in ...)
	NOT-FOR-US: Region in Android
CVE-2015-3848
	RESERVED
CVE-2015-3847 (Bluetooth in Android before 5.1.1 LMY48T allows attackers to remove ...)
	NOT-FOR-US: Bluetooth in Android
CVE-2015-3846
	RESERVED
CVE-2015-3845 (The Parcel::appendFrom function in libs/binder/Parcel.cpp in Binder in ...)
	NOT-FOR-US: Binder in Android
CVE-2015-3844 (The getProcessRecordLocked method in ...)
	NOT-FOR-US: ActivityManager in Android
CVE-2015-3843 (The SIM Toolkit (STK) framework in Android before 5.1.1 LMY48I allows ...)
	NOT-FOR-US: SIM Toolkit (STK) framework in Android
CVE-2015-3842 (Multiple heap-based buffer overflows in libeffects in the Audio Policy ...)
	NOT-FOR-US: Android
CVE-2015-3841
	RESERVED
CVE-2015-3840 (The MessageStatusReceiver service in the AndroidManifest.XML in ...)
	NOT-FOR-US: MessageStatusReceiver in Android
CVE-2015-3839 (The updateMessageStatus function in Android 5.1.1 and earlier allows ...)
	NOT-FOR-US: Android
CVE-2015-3838
	RESERVED
CVE-2015-3837 (The OpenSSLX509Certificate class in ...)
	NOT-FOR-US: Android
CVE-2015-3836 (The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the ...)
	NOT-FOR-US: Sonivox DLS-to-EAS converter in Android
CVE-2015-3835 (Buffer overflow in the OMXNodeInstance::emptyBuffer function in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3834 (Multiple integer overflows in the BnHDCP::onTransact function in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3833 (The getRunningAppProcesses function in ...)
	NOT-FOR-US: Android
CVE-2015-3832 (Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3831 (Buffer overflow in the readAt function in BpMediaHTTPConnection in ...)
	NOT-FOR-US: mediaserver service in Android
CVE-2015-3830 (The stock Android browser address bar in all Android operating systems ...)
	NOT-FOR-US: Android
CVE-2015-3829 (Off-by-one error in the MPEG4Extractor::parseChunk function in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3828 (The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3827 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3826 (The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3825
	REJECTED
CVE-2015-3824 (The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3823 (libstagefright in Android before 5.1.1 LMY48T allows remote attackers ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-3822
	RESERVED
CVE-2015-3821
	RESERVED
CVE-2015-3820
	RESERVED
CVE-2015-3819
	RESERVED
CVE-2015-3818
	RESERVED
CVE-2015-3817
	RESERVED
CVE-2015-3816
	RESERVED
CVE-2015-3903 (libraries/Config.class.php in phpMyAdmin 4.0.x before 4.0.10.10, 4.2.x ...)
	{DSA-3382-1}
	- phpmyadmin 4:4.4.6.1-1 (unimportant)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2015-3902 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.4.6.1-1 (unimportant)
CVE-2015-4036 (Array index error in the tcm_vhost_make_tpg function in ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=59c816c1f24df0204e01851431d3bab3eb76719c (v4.0-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/4
CVE-2015-3988 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack ...)
	- horizon 2015.1.0-2 (bug #786741)
	[jessie] - horizon <not-affected> (Vulnerable code not present)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/9
CVE-2015-3886 (libinfinity before 0.6.6-1 does not validate expired SSL certificates, ...)
	- libinfinity 0.6.6-1 (bug #783601)
	[jessie] - libinfinity 0.6.6-1~deb8u1
	[wheezy] - libinfinity <not-affected> (vulnerable code not present)
	[squeeze] - libinfinity <not-affected> (vulnerable code not present)
	NOTE: https://github.com/gobby/libinfinity/commit/c97f870f5ae13112988d9f8ad464b4f679903706
	NOTE: https://github.com/gobby/gobby/issues/61
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/1
CVE-2015-3815 (The detect_version function in wiretap/logcat.c in the Android Logcat ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-18.html
CVE-2015-3814 (The (1) dissect_tfs_request and (2) dissect_tfs_response functions in ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-17.html
CVE-2015-3813 (The fragment_add_work function in epan/reassemble.c in the ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-16.html
CVE-2015-3812 (Multiple memory leaks in the x11_init_protocol function in ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-15.html
CVE-2015-3811 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
	{DSA-3277-1 DLA-241-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark 1.8.2-5wheezy16
	NOTE: add fixed version for wheezy directly in CVE list since CVE-2015-3811 the only fixed in DSA-3277-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-14.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10978
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=a6fc6aa0b4efc1a1c3d7a2e3b5189e888fb6ccc2
CVE-2015-3810 (epan/dissectors/packet-websocket.c in the WebSocket dissector in ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-13.html
CVE-2015-3809 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
CVE-2015-3808 (The dissect_lbmr_pser function in epan/dissectors/packet-lbmr.c in the ...)
	{DSA-3277-1}
	- wireshark 1.12.5+g5819e5b-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11036
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-12.html
CVE-2015-3807 (libxml2 in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple
CVE-2015-3806 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
	NOT-FOR-US: Apple
CVE-2015-3805 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3804 (FontParser in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple
CVE-2015-3803 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3802 (Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3801 (The document.cookie API implementation in the CFNetwork Cookies ...)
	NOT-FOR-US: Apple
CVE-2015-3800 (The DiskImages component in Apple iOS before 8.4.1 and OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3799 (The Apple ID OD plug-in in Apple OS X before 10.10.5 allows attackers ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3798 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-3797 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-3796 (The TRE library in Libc in Apple iOS before 8.4.1 and OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-3795 (libxpc in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple
CVE-2015-3794 (The Speech UI in Apple OS X before 10.10.5, when speech alerts are ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3793 (CFPreferences in Apple iOS before 8.4.1 allows attackers to bypass the ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3792 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime
CVE-2015-3791 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime
CVE-2015-3790 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime
CVE-2015-3789 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime
CVE-2015-3788 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime
CVE-2015-3787 (The Bluetooth subsystem in Apple OS X before 10.10.5 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3786 (The Bluetooth subsystem in Apple OS X before 10.10.5 does not properly ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3785 (The Telephony component in Apple OS X before 10.11, when the ...)
	NOT-FOR-US: Apple
CVE-2015-3784 (Office Viewer in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3783 (SceneKit in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3782 (CloudKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3781 (Cross-site scripting (XSS) vulnerability in Quick Look in Apple OS X ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3780 (The Bluetooth subsystem in Apple OS X before 10.10.5 allows attackers ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3779 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime
CVE-2015-3778 (bootp in Apple iOS before 8.4.1 and OS X before 10.10.5 allows remote ...)
	NOT-FOR-US: Apple
CVE-2015-3777 (Multiple buffer overflows in blued in the Bluetooth subsystem in Apple ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3776 (IOKit in Apple iOS before 8.4.1 and OS X before 10.10.5 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3775 (Apple OS X before 10.10.5 does not properly implement authentication, ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3774 (The Dictionary app in Apple OS X before 10.10.5 does not use HTTPS, ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3773 (The SMB client in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3772 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3771 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3770 (IOGraphics in Apple OS X before 10.10.5 allows attackers to execute ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3769 (IOFireWireFamily in Apple OS X before 10.10.5 allows local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3768 (Integer overflow in the kernel in Apple iOS before 8.4.1 and OS X ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3767 (udf in Apple OS X before 10.10.5 allows local users to gain privileges ...)
	NOT-FOR-US: Apple
CVE-2015-3766 (The kernel in Apple iOS before 8.4.1 and OS X before 10.10.5 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3765 (QuickTime 7 in Apple OS X before 10.10.5 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-3764 (Notification Center in Apple OS X before 10.10.5 does not properly ...)
	NOT-FOR-US: QuickTime
CVE-2015-3763 (Safari in Apple iOS before 8.4.1 does not limit the rate of JavaScript ...)
	NOT-FOR-US: Safari
CVE-2015-3762 (The Text Formats component in Apple OS X before 10.10.5, as used in ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3761 (The kernel in Apple OS X before 10.10.5 does not properly validate ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3760 (dyld in Apple OS X before 10.10.5 does not properly validate pathnames ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3759 (Location Framework in Apple iOS before 8.4.1 allows local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3758 (UIKit WebView in Apple iOS before 8.4.1 allows attackers to bypass an ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3757 (Apple OS X before 10.10.5 does not properly restrict access to the ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3756 (The Certificate UI in Apple iOS before 8.4.1 does not prevent X.509 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3755 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
	NOT-FOR-US: Safari
CVE-2015-3754 (The private-browsing implementation in WebKit in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3753 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3752 (The Content Security Policy implementation in WebKit in Apple Safari ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3751 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3750 (WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3749 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3748 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3747 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3746 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3745 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3744 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3743 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3742 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3741 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3740 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3739 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3738 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3737 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3736 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3735 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3734 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3733 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3732 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3731 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3730 (WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-3729 (Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as ...)
	NOT-FOR-US: Apple
CVE-2015-3728 (The WiFi Connectivity feature in Apple iOS before 8.4 allows remote ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3727 (WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before ...)
	NOT-FOR-US: Apple Safari
CVE-2015-3726 (The Telephony subsystem in Apple iOS before 8.4 allows physically ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3725 (MobileInstallation in Apple iOS before 8.4 does not ensure the ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3724 (CoreGraphics in Apple iOS before 8.4 allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3723 (CoreGraphics in Apple iOS before 8.4 allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3722 (Application Store in Apple iOS before 8.4 does not ensure the ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3721 (The kernel in Apple iOS before 8.4 and OS X before 10.10.4 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2015-3720 (The kernel in Apple OS X before 10.10.4 does not properly manage ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3719 (TrueTypeScaler in FontParser in Apple iOS before 8.4 and OS X before ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3718 (systemstatsd in the System Stats subsystem in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3717 (Multiple buffer overflows in the printf functionality in SQLite, as ...)
	NOT-FOR-US: sqlite as shipped in iOS
	NOTE: Fix for sqlite in iOS, upstream doesn't know whether it affects the standard
	NOTE: code base, but Apple would probably have submitted a patch if that were the case
	NOTE: sqlite-dev thread: https://groups.google.com/forum/#!topic/sqlite-dev/U7OjAbZO6LA
CVE-2015-3716 (Spotlight in Apple OS X before 10.10.4 allows attackers to execute ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3715 (The code-signing implementation in Apple OS X before 10.10.4 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3714 (Apple OS X before 10.10.4 does not properly consider custom resource ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3713 (QuickTime in Apple OS X before 10.10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3712 (The NVIDIA graphics driver in Apple OS X before 10.10.4 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3711 (The NTFS implementation in Apple OS X before 10.10.4 allows attackers ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3710 (Mail in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3709 (Race condition in kext tools in Apple OS X before 10.10.4 allows local ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3708 (kextd in kext tools in Apple OS X before 10.10.4 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3707 (The FireWire driver in IOFireWireFamily in Apple OS X before 10.10.4 ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3706 (IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3705 (IOAcceleratorFamily in Apple OS X before 10.10.4 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3704 (runner in Install.framework in the Install Framework Legacy subsystem ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3703 (ImageIO in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3702 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3701 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3700 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3699 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3698 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3697 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3696 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3695 (Buffer overflow in the Intel Graphics Driver in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3694 (FontParser in Apple iOS before 8.4 and OS X before 10.10.4 allows ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3693 (Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3692 (Apple Mac EFI before 2015-001, as used in OS X before 10.10.4 and ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3691 (The Monitor Control Command Set kernel extension in the Display ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3690 (The DiskImages subsystem in Apple iOS before 8.4 and OS X before ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3689 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3688 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3687 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3686 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3685 (CoreText in Apple iOS before 8.4 and OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3684 (The HTTPAuthentication implementation in CFNetwork in Apple iOS before ...)
	NOT-FOR-US: Apple iOS and Apple OS X
CVE-2015-3683 (The Bluetooth HCI interface implementation in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3682 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3681 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3680 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3679 (Apple Type Services (ATS) in Apple OS X before 10.10.4 allows remote ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3678 (AppleThunderboltEDMService in Apple OS X before 10.10.4 allows local ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3677 (The LZVN compression feature in AppleFSCompression in Apple OS X ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3676 (AppleGraphicsControl in Apple OS X before 10.10.4 allows attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3675 (The default configuration of the Apache HTTP Server on Apple OS X ...)
	- apache2 <not-affected> (default configuration on Apple OS X)
CVE-2015-3674 (afpserver in Apple OS X before 10.10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3673 (Admin Framework in Apple OS X before 10.10.4 does not properly ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3672 (Admin Framework in Apple OS X before 10.10.4 does not properly handle ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3671 (Admin Framework in Apple OS X before 10.10.4 does not properly verify ...)
	NOT-FOR-US: Apple OS X
CVE-2015-3670
	REJECTED
CVE-2015-3669 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3668 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3667 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3666 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3665 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3664 (QT Media Foundation in Apple QuickTime before 7.7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3663 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3662 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3661 (QT Media Foundation in Apple QuickTime before 7.7.7, as used in OS X ...)
	NOT-FOR-US: Apple QuickTime
CVE-2015-3660 (Cross-site scripting (XSS) vulnerability in the PDF functionality in ...)
	NOT-FOR-US: Apple WebKit
CVE-2015-3659 (The SQLite authorizer in the Storage functionality in WebKit in Apple ...)
	NOT-FOR-US: Apple WebKit
CVE-2015-3658 (The Page Loading functionality in WebKit in Apple Safari before 6.2.7, ...)
	NOT-FOR-US: Apple WebKit
CVE-2015-3657 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3656 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3655 (Cross-site request forgery (CSRF) vulnerability in Aruba Networks ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3654 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3653 (Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2015-3652
	RESERVED
CVE-2015-3651
	RESERVED
CVE-2015-3650 (vmware-vmx.exe in VMware Workstation 7.x through 10.x before 10.0.7 ...)
	NOT-FOR-US: VMware
CVE-2015-3649 (The open-uri-cached rubygem allows local users to execute arbitrary ...)
	NOT-FOR-US: open-uri-cached rubygem
CVE-2015-3648 (Directory traversal vulnerability in pages/setup.php in Montala ...)
	NOT-FOR-US: ResourceSpace
CVE-2015-3647 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WP Photo Album Plus (aka WPPA) plugin for WordPress
CVE-2015-3645
	RESERVED
CVE-2015-3644 (Stunnel 5.00 through 5.13, when using the redirect option, does not ...)
	{DSA-3299-1}
	- stunnel4 3:5.18-1 (bug #785352)
	[wheezy] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
	[squeeze] - stunnel4 <not-affected> (Affects 5.00 through 5.13 with specfic configurations)
	NOTE: https://www.stunnel.org/CVE-2015-3644.html
CVE-2015-3885 (Integer overflow in the ljpeg_start function in dcraw 7.00 and earlier ...)
	{DSA-3692-1 DLA-243-1 DLA-228-1}
	- dcraw 9.26-1 (bug #785019)
	[jessie] - dcraw <no-dsa> (Minor issue)
	[wheezy] - dcraw <no-dsa> (Minor issue)
	[squeeze] - dcraw <no-dsa> (Minor issue)
	- ufraw 0.20-3 (bug #786783)
	[jessie] - ufraw 0.20-2+deb8u1
	[wheezy] - ufraw <no-dsa> (Minor issue)
	[squeeze] - ufraw <no-dsa> (Minor issue)
	- libraw 0.16.2-1 (bug #786788)
	[jessie] - libraw 0.16.0-9+deb8u1
	[wheezy] - libraw 0.14.6-2+deb7u1
	[squeeze] - libraw <no-dsa> (Minor issue)
	- rawtherapee 4.2-2
	[jessie] - rawtherapee 4.2-1+deb8u1
	[wheezy] - rawtherapee 4.0.9-4+deb7u1
	[squeeze] - rawtherapee <no-dsa> (Minor issue)
	- rawstudio <removed>
	[wheezy] - rawstudio <no-dsa> (Minor issue)
	[squeeze] - rawstudio <no-dsa> (Minor issue)
	- xbmc 2:13.2+dfsg1-5 (bug #786688)
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	- kodi 16.0+dfsg1-1 (bug #792299)
	- exactimage 0.9.1-5 (bug #786785)
	[jessie] - exactimage 0.8.9-7+deb8u1
	[wheezy] - exactimage 0.8.5-5+deb7u4
	[squeeze] - exactimage <no-dsa> (Minor issue)
	- freeimage 3.15.4-6 (bug #786790)
	[wheezy] - freeimage <no-dsa> (Minor issue)
	[squeeze] - freeimage <no-dsa> (Minor issue)
	- darktable 1.6.7-1 (bug #786792)
	[jessie] - darktable 1.4.2-1+deb8u1
	[wheezy] - darktable <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2015-006.html
	NOTE: https://codesearch.debian.net/results/int%20CLASS%20ljpeg_start
	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
CVE-2015-3880 (Open redirect vulnerability in phpBB before 3.0.14 and 3.1.x before ...)
	- phpbb3 3.0.14-1
	[jessie] - phpbb3 3.0.12-5+deb8u1
	[wheezy] - phpbb3 3.0.10-4+deb7u3
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
	NOTE: https://wiki.phpbb.com/Release_Highlights/3.0.14
	NOTE: Patch: https://github.com/phpbb/phpbb/commit/1a3350619f428d9d69d196c52128727e27ef2f04
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/12/2
CVE-2015-XXXX [pdf2djvu: insecure use of /tmp when executing c44]
	- pdf2djvu 0.7.21-1 (bug #784889)
	[jessie] - pdf2djvu 0.7.17-4+deb8u1
	[wheezy] - pdf2djvu 0.7.12-2+deb7u1
	[squeeze] - pdf2djvu <no-dsa> (Minor issue)
	NOTE: https://bitbucket.org/jwilk/pdf2djvu/issue/103
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-XXXX [didjvu: insecure use of /tmp when executing c44]
	- didjvu 0.4-1 (bug #784888)
	[jessie] - didjvu 0.2.8-1+deb8u1
	[wheezy] - didjvu 0.2.3-2+deb7u1
	NOTE: https://bitbucket.org/jwilk/didjvu/issue/8
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/09/7
CVE-2015-4146 (The EAP-pwd peer implementation in hostapd and wpa_supplicant 1.0 ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0005-EAP-pwd-peer-Fix-asymmetric-fragmentation-behavior.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4145 (The EAP-pwd server and peer implementation in hostapd and ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4144 (The EAP-pwd server and peer implementation in hostapd and ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	[wheezy] - wpa <not-affected> (Vulnerable code introduced later)
	NOTE: support for fragmentation added in https://w1.fi/cgit/hostap/commit/?id=5ea93947ca67ba83529798b806a15b247cdb2e93
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0003-EAP-pwd-peer-Fix-Total-Length-parsing-for-fragment-r.patch
	NOTE: http://w1.fi/security/2015-4/0004-EAP-pwd-server-Fix-Total-Length-parsing-for-fragment.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4143 (The EAP-pwd server and peer implementation in hostapd and ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787371)
	- wpasupplicant <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	- hostapd <not-affected> (v1.0-v2.4 with CONFIG_EAP_PWD=y)
	NOTE: http://w1.fi/security/2015-4/
	NOTE: http://w1.fi/security/2015-4/eap-pwd-missing-payload-length-validation.txt
	NOTE: http://w1.fi/security/2015-4/0001-EAP-pwd-peer-Fix-payload-length-validation-for-Commi.patch
	NOTE: http://w1.fi/security/2015-4/0002-EAP-pwd-server-Fix-payload-length-validation-for-Com.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/5
CVE-2015-4142 (Integer underflow in the WMM Action frame parser in hostapd 0.5.5 ...)
	{DSA-3397-1 DLA-260-1}
	- wpa 2.3-2.2 (bug #787373)
	- wpasupplicant <removed>
	[squeeze] - wpasupplicant <not-affected> (0.7.0-v2.4 with with specific configurations)
	- hostapd <removed>
	NOTE: http://w1.fi/security/2015-3/
	NOTE: http://w1.fi/security/2015-3/integer-underflow-in-ap-mode-wmm-action-frame.txt
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/5
CVE-2015-4141 (The WPS UPnP function in hostapd, when using WPS AP, and ...)
	{DSA-3397-1}
	- wpa 2.3-2.2 (bug #787372)
	- wpasupplicant <removed> (unimportant)
	[squeeze] - wpasupplicant <not-affected> (Affects v0.7.0-v2.4 with CONFIG_WPS_ER=y in the build configuration)
	- hostapd <removed>
	[squeeze] - hostapd <not-affected> (Affects 0.7.0-v2.4 with CONFIG_WPS_UPNP=y in the build configuration and upnp_iface parameter on runtime)
	NOTE: http://w1.fi/security/2015-2/
	NOTE: http://w1.fi/security/2015-2/wps-upnp-http-chunked-transfer-encoding.txt
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/09/4
CVE-2015-XXXX [incorrect parsing of from header when assigning pgp keys]
	- semi 1.14.7~0.20120428-17 (bug #784712)
	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
	[wheezy] - semi <no-dsa> (Minor issue)
	[squeeze] - semi <no-dsa> (Minor issue)
	NOTE: http://thread.gmane.org/gmane.mail.wanderlust.general.japanese/9819
	NOTE: Fixed in https://github.com/wanderlust/semi/commit/9976269556c5bcc021e4edf1b0e1accd39929528
CVE-2015-XXXX [incorrect substring matching when assigning pgp keys]
	- semi 1.14.7~0.20120428-17 (bug #784712)
	[jessie] - semi 1.14.7~0.20120428-14+deb8u1
	[wheezy] - semi <no-dsa> (Minor issue)
	[squeeze] - semi <no-dsa> (Minor issue)
	NOTE: https://github.com/wanderlust/semi/issues/9
	NOTE: https://github.com/wanderlust/semi/commit/5c8466321d281d72850c298b9ebcd466b4b0160c
	NOTE: https://github.com/wanderlust/semi/commit/da44c8e0ea6baf5dac2b8debf86f720a541f31a5
	- mew 1:6.6-3
	[jessie] - mew 1:6.6-2+deb8u1
	[wheezy] - mew <no-dsa> (Minor issue)
	[squeeze] - mew <no-dsa> (Minor issue)
	- mew-beta 7.0.50~6.6+0.20150508-1
	[jessie] - mew-beta 7.0.50~6.6+0.20140902-1+deb8u1
	[wheezy] - mew-beta <no-dsa> (Minor issue)
	[squeeze] - mew-beta <no-dsa> (Minor issue)
CVE-2015-3429 (Cross-site scripting (XSS) vulnerability in example.html in Genericons ...)
	{DSA-3328-1}
	- wordpress 4.2.2+dfsg-1 (bug #784603)
	[wheezy] - wordpress <not-affected> (twentyfifteen theme not present)
	[squeeze] - wordpress <not-affected> (twentyfifteen theme not present)
	NOTE: https://wordpress.org/news/2015/05/wordpress-4-2-2/
	NOTE: https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/
	NOTE: The default theme twentyfifteen is not present in wheezy. Upstream has
	NOTE: commited https://core.trac.wordpress.org/changeset/32385 though which
	NOTE: will enericons example.html files if present. As the file was included
	NOTE: in other popular themes and plugins maybe it should as well be included
	NOTE: in an update for wordpress for wheezy?
CVE-2014-9721 (libzmq before 4.0.6 and 4.1.x before 4.1.1 allows remote attackers to ...)
	{DSA-3255-1}
	- zeromq3 4.0.5+dfsg-3 (bug #784366)
	NOTE: https://github.com/zeromq/libzmq/issues/1273
	NOTE: https://github.com/zeromq/zeromq4-x/commit/b6e3e0f601e2c1ec1f3aac880ed6a3fe63043e51
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/8
CVE-2015-3643 (usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before ...)
	NOT-FOR-US: usb-creator
CVE-2015-3642 (The TLS and DTLS processing functionality in Citrix NetScaler ...)
	NOT-FOR-US: Citrix
CVE-2015-3641
	RESERVED
CVE-2015-3640 (phpMyBackupPro 2.5 and earlier does not properly escape the &quot;.&quot; ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3639 (phpMyBackupPro 2.5 and earlier does not properly sanitize input ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3638 (phpMyBackupPro before 2.5 does not validate integer input, which ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3637 (SQL injection vulnerability in phpMyBackupPro when run in multi-user ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2015-3635
	RESERVED
CVE-2015-3634 (The SlideshowPluginSlideshowStylesheet::loadStylesheetByAJAX function ...)
	NOT-FOR-US: Slideshow plugin for Wordpress
CVE-2015-3633 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow ...)
	NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3632 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow ...)
	NOT-FOR-US: Foxit Reader, Enterprise Reader, PhantomPDF
CVE-2015-3631 (Docker Engine before 1.6.1 allows local users to set arbitrary Linux ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3630 (Docker Engine before 1.6.1 uses weak permissions for (1) /proc/asound, ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3629 (Libcontainer 1.6.0, as used in Docker Engine, allows local users to ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3628 (The iControl API in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, Link ...)
	NOT-FOR-US: F5
CVE-2015-3627 (Libcontainer and Docker Engine before 1.6.1 opens the file-descriptor ...)
	- docker.io 1.6.1+dfsg1-1 (bug #784726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/07/10
CVE-2015-3626 (Cross-site scripting (XSS) vulnerability in the DHCP Monitor page in the ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-3625 (The NVIDIA GPU driver for FreeBSD R352 before 352.09, 346 before ...)
	- nvidia-graphics-drivers <not-affected> (FreeBSD drivers in separate blobs/source)
CVE-2015-3624 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2015-3623 (XML external entity (XXE) vulnerability in QlikTech Qlikview before ...)
	NOT-FOR-US: QlikTech
CVE-2015-3621 (Untrusted search path vulnerability in SAP Enterprise Central ...)
	NOT-FOR-US: SAP ECC
CVE-2015-3620 (Cross-site scripting (XSS) vulnerability in the advanced dataset ...)
	NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2015-3619 (Cross-site scripting (XSS) vulnerability in assets/js/vm2admin.js in ...)
	NOT-FOR-US: Joomla addon
CVE-2015-3618 (Cross-site scripting (XSS) vulnerability in Nagios Business Process ...)
	NOT-FOR-US: Nagios Business Process Intelligence
CVE-2015-3617 (Fortinet FortiManager 5.0 before 5.0.11 and 5.2 before 5.2.2 allow ...)
	NOT-FOR-US: Fortinet
CVE-2015-3616 (SQL injection vulnerability in Fortinet FortiManager 5.0.x before ...)
	NOT-FOR-US: Fortinet
CVE-2015-3615 (Cross-site scripting (XSS) vulnerability in Fortinet FortiManager ...)
	NOT-FOR-US: Fortinet
CVE-2015-3614 (Fortinet FortiManager 5.0.x before 5.0.11, 5.2.x before 5.2.2 allows ...)
	NOT-FOR-US: Fortinet
CVE-2015-3613
	RESERVED
CVE-2015-3612
	RESERVED
CVE-2015-3611
	RESERVED
CVE-2015-3610 (The Siemens HomeControl for Room Automation application before 2.0.1 ...)
	NOT-FOR-US: Siemens HomeControl for Room Automation application for Android
CVE-2015-3609
	RESERVED
CVE-2015-3608
	RESERVED
CVE-2015-3607
	RESERVED
CVE-2015-3606
	RESERVED
CVE-2015-3605
	RESERVED
CVE-2015-3604
	RESERVED
CVE-2015-3603
	RESERVED
CVE-2015-3602
	RESERVED
CVE-2015-3601
	RESERVED
CVE-2015-3600
	RESERVED
CVE-2015-3599
	RESERVED
CVE-2015-3598
	RESERVED
CVE-2015-3597
	RESERVED
CVE-2015-3596
	RESERVED
CVE-2015-3595
	RESERVED
CVE-2015-3594
	RESERVED
CVE-2015-3593
	RESERVED
CVE-2015-3592
	RESERVED
CVE-2015-3591
	REJECTED
CVE-2015-3590
	RESERVED
CVE-2015-3589
	RESERVED
CVE-2015-3588
	RESERVED
CVE-2015-3587
	RESERVED
CVE-2015-3586
	RESERVED
CVE-2015-3585
	RESERVED
CVE-2015-3584
	RESERVED
CVE-2015-3583
	RESERVED
CVE-2015-3582
	RESERVED
CVE-2015-3581
	RESERVED
CVE-2015-3580
	RESERVED
CVE-2015-3579
	RESERVED
CVE-2015-3578
	RESERVED
CVE-2015-3577
	RESERVED
CVE-2015-3576
	RESERVED
CVE-2015-3575
	RESERVED
CVE-2015-3574
	RESERVED
CVE-2015-3573
	RESERVED
CVE-2015-3572
	REJECTED
CVE-2015-3571
	REJECTED
CVE-2015-3570
	RESERVED
CVE-2015-3569
	REJECTED
CVE-2015-3568
	RESERVED
CVE-2015-3567
	RESERVED
CVE-2015-3566
	RESERVED
CVE-2015-3565
	RESERVED
CVE-2015-3564
	RESERVED
CVE-2015-3563
	RESERVED
CVE-2015-3562
	RESERVED
CVE-2015-3561
	RESERVED
CVE-2015-3560
	RESERVED
CVE-2015-3559
	RESERVED
CVE-2015-3558
	RESERVED
CVE-2015-3557
	RESERVED
CVE-2015-3556
	RESERVED
CVE-2015-3555
	RESERVED
CVE-2015-3554
	RESERVED
CVE-2015-3553
	RESERVED
CVE-2015-3552
	RESERVED
CVE-2015-3551
	RESERVED
CVE-2015-3550
	RESERVED
CVE-2015-3549
	RESERVED
CVE-2015-3548
	RESERVED
CVE-2015-3547
	RESERVED
CVE-2015-3546
	RESERVED
CVE-2015-3545
	RESERVED
CVE-2015-3544
	RESERVED
CVE-2015-3543
	RESERVED
CVE-2015-3542
	RESERVED
CVE-2015-3541
	RESERVED
CVE-2015-3540
	RESERVED
CVE-2015-3539
	RESERVED
CVE-2015-3538
	RESERVED
CVE-2015-3537
	RESERVED
CVE-2015-3536
	RESERVED
CVE-2015-3535
	RESERVED
CVE-2015-3534
	RESERVED
CVE-2015-3533
	RESERVED
CVE-2015-3532
	RESERVED
CVE-2015-3531
	RESERVED
CVE-2015-3530
	RESERVED
CVE-2015-3529
	RESERVED
CVE-2015-3528
	RESERVED
CVE-2015-3527
	RESERVED
CVE-2015-3526
	RESERVED
CVE-2015-3525
	RESERVED
CVE-2015-3524
	RESERVED
CVE-2015-3523
	RESERVED
CVE-2015-3522
	RESERVED
CVE-2015-3521
	RESERVED
CVE-2015-3520
	RESERVED
CVE-2015-3519
	RESERVED
CVE-2015-3518
	RESERVED
CVE-2015-3517
	RESERVED
CVE-2015-3516
	RESERVED
CVE-2015-3515
	RESERVED
CVE-2015-3514
	RESERVED
CVE-2015-3513
	RESERVED
CVE-2015-3512
	RESERVED
CVE-2015-3511
	RESERVED
CVE-2015-3510
	RESERVED
CVE-2015-3509
	RESERVED
CVE-2015-3508
	RESERVED
CVE-2015-3507
	RESERVED
CVE-2015-3506
	RESERVED
CVE-2015-3505
	RESERVED
CVE-2015-3504
	RESERVED
CVE-2015-3503
	RESERVED
CVE-2015-3502
	RESERVED
CVE-2015-3501
	RESERVED
CVE-2015-3500
	RESERVED
CVE-2015-3499
	RESERVED
CVE-2015-3498
	RESERVED
CVE-2015-3497
	RESERVED
CVE-2015-3496
	RESERVED
CVE-2015-3495
	RESERVED
CVE-2015-3494
	RESERVED
CVE-2015-3493
	RESERVED
CVE-2015-3492
	RESERVED
CVE-2015-3491
	RESERVED
CVE-2015-3490
	RESERVED
CVE-2015-3489
	RESERVED
CVE-2015-3488
	RESERVED
CVE-2015-3487
	RESERVED
CVE-2015-3486
	RESERVED
CVE-2015-3485
	RESERVED
CVE-2015-3484
	RESERVED
CVE-2015-3483
	RESERVED
CVE-2015-3482
	RESERVED
CVE-2015-3481
	RESERVED
CVE-2015-3480
	RESERVED
CVE-2015-3479
	RESERVED
CVE-2015-3478
	RESERVED
CVE-2015-3477
	RESERVED
CVE-2015-3476
	RESERVED
CVE-2015-3475
	RESERVED
CVE-2015-3474
	RESERVED
CVE-2015-3473
	RESERVED
CVE-2015-3472
	RESERVED
CVE-2015-3471
	RESERVED
CVE-2015-3470
	RESERVED
CVE-2015-3469
	RESERVED
CVE-2015-3468
	RESERVED
CVE-2015-3467
	RESERVED
CVE-2015-3466
	RESERVED
CVE-2015-3465
	RESERVED
CVE-2015-3464
	RESERVED
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2015-3463
	RESERVED
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2015-3462
	RESERVED
CVE-2015-3461
	RESERVED
CVE-2015-3460
	RESERVED
CVE-2015-3905 (Buffer overflow in the set_cs_start function in t1disasm.c in t1utils ...)
	{DLA-256-1}
	- t1utils 1.38-4 (bug #779274)
	[wheezy] - t1utils <no-dsa> (Minor issue)
	NOTE: https://github.com/kohler/t1utils/issues/4
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/13/9
CVE-2015-XXXX [crashes on crafted upack packed file]
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a18af359decd270f5088e80e2ee2866c62e0843e
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/ed56f56c1f1529bda877ddd116ae7bc064667c73
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/3
CVE-2015-XXXX [crash during algorithmic detection on crafted PE file]
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/05/03/4
CVE-2015-XXXX [BUG/MAJOR: http: don't read past buffer's end in http_replace_value]
	- haproxy 1.5.12-1
	[jessie] - haproxy <no-dsa> (Minor issue)
	[squeeze] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=8e05ac2044c6523c867ceaaae1f10486370eec89
	NOTE: Introduced by: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=c9c2daf283011e9b9ab0af57629af47862e14e0e
CVE-2015-XXXX [BUG/MAJOR: http: prevent risk of reading past end with balance url_param]
	- haproxy 1.5.12-1
	[jessie] - haproxy <no-dsa> (Minor issue)
	[squeeze] - haproxy <not-affected> (Similar check was already present)
	NOTE: Upstream fix: http://git.haproxy.org/?p=haproxy-1.5.git;a=commit;h=522aab39753e8ed13786bc57b03ef7ae4ffe6c87
	NOTE: For squeeze, the above commit message implies that the fix does not need to be backported to version 1.4 and indeed, the code already contains a (different) check that limits the value of "len".
CVE-2015-4017 (Salt before 2014.7.6 does not verify certificates when connecting via ...)
	- salt <not-affected> (Vulnerable code not present in the version in Debian stable/unstable)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/02/1
CVE-2015-3646 (OpenStack Identity (Keystone) before 2014.1.5 and 2014.2.x before ...)
	- keystone 2015.1.0-1
	[jessie] - keystone <no-dsa> (Minor issue)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3
CVE-2015-3636 (The ping_unhash function in net/ipv4/ping.c in the Linux kernel before ...)
	{DSA-3290-1}
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt11-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a134f083e79fb4c3d0a925691e732c56911b4326 (v4.1-rc2)
	NOTE: https://lkml.org/lkml/2011/5/13/382
CVE-2015-3459 (The communication module on the Hospira LifeCare PCA Infusion System ...)
	NOT-FOR-US: Hospira Lifecare PCA
CVE-2015-3458 (The fetchView function in the Mage_Core_Block_Template_Zend class in ...)
	NOT-FOR-US: Magento
CVE-2015-3457 (Magento Community Edition (CE) 1.9.1.0 and Enterprise Edition (EE) ...)
	NOT-FOR-US: Magento
CVE-2015-3456 (The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and ...)
	{DSA-3274-1 DSA-3262-1 DSA-3259-1 DLA-268-1 DLA-249-1 DLA-248-1}
	- qemu 1:2.3+dfsg-3
	NOTE: qemu 1:2.3+dfsg-3 is  pending in the NEW queue
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u7
	- qemu-kvm <removed>
	[wheezy] - qemu-kvm 1.1.2+dfsg-6+deb7u7
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	- xen-qemu-dm-4.0 <removed>
	NOTE: http://xenbits.xen.org/xsa/advisory-133.html
	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
	- virtualbox 4.3.28-dfsg-1 (bug #785424)
	- virtualbox-ose <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/alert-cve-2015-3456-2542656.html
	NOTE: http://venom.crowdstrike.com/
CVE-2015-3454 (TelescopeJS before 0.15 leaks user bcrypt password hashes in websocket ...)
	NOT-FOR-US: TelescopeJS
CVE-2015-3453
	RESERVED
CVE-2015-3452
	RESERVED
CVE-2015-3450 (Heap-based buffer overflow in libaxl 0.6.9 allows attackers to cause a ...)
	NOT-FOR-US: libaxl
CVE-2015-3449 (The Windows client in SAP Afaria 7.0.6398.0 uses weak permissions ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-3448 (REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and ...)
	- ruby-rest-client 1.8.0-1
	[jessie] - ruby-rest-client <no-dsa> (Minor issue, logging not enabled by default)
	[wheezy] - ruby-rest-client <no-dsa> (Minor issue, logging not enabled by default)
	- librestclient-ruby <removed>
	[squeeze] - librestclient-ruby <no-dsa> (Minor issue, logging not enabled by default)
CVE-2015-3447 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Dell SonicWALL SonicOS
CVE-2015-3622 (The _asn1_extract_der_octet function in lib/decoding.c in GNU Libtasn1 ...)
	{DSA-3256-1}
	- libtasn1-6 4.4-3
	- libtasn1-3 <not-affected> (Introduced with 3.6)
	NOTE: https://blog.fuzzing-project.org/9-Heap-overflow-invalid-read-in-Libtasn1-TFPA-0052015.html
	NOTE: http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=f979435823a02f842c41d49cd41cc81f25b5d677
	NOTE: Introduced by http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=609d5c1366fb424f6150c4eed358d246e61cf204 (libtasn1_3_6)
	NOTE: DECR_LEN introduced in http://git.savannah.gnu.org/gitweb/?p=libtasn1.git;a=commitdiff;h=154909136c12cfa5c60732b7210827dfb1ec6aee (libtasn1_3_6)
CVE-2015-3455 (Squid 3.2.x before 3.2.14, 3.3.x before 3.3.14, 3.4.x before 3.4.13, ...)
	- squid <removed> (unimportant)
	- squid3 3.5.6-1 (unimportant)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2015_1.txt
	NOTE: Only affects custom builds with --enable-ssl (disabled for license purposes in Debian)
CVE-2015-3446 (The Framework Daemon in AlienVault Unified Security Management before ...)
	NOT-FOR-US: AlienVault Unified Security Management
CVE-2015-3445
	RESERVED
CVE-2015-3444
	RESERVED
CVE-2015-3443 (Cross-site scripting (XSS) vulnerability in the basic dashboard in ...)
	NOT-FOR-US: Thycotic Secret Server
CVE-2015-3442 (Soreco Xpert.Line 3.0 allows local users to spoof users and ...)
	NOT-FOR-US: Soreco
CVE-2015-3441 (The Parental Control panel in Genexis devices with DRGOS before 1.14.1 ...)
	NOT-FOR-US: Genexis devices
CVE-2015-3437
	RESERVED
CVE-2015-3436 (provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) ...)
	- zarafa <itp> (bug #658433)
CVE-2015-3435 (Samsung Security Manager (SSM) before 1.31 allows remote attackers to ...)
	NOT-FOR-US: Samsung Security Manager
CVE-2015-3434
	RESERVED
CVE-2015-3433
	RESERVED
CVE-2015-3432 (Multiple cross-site scripting (XSS) vulnerabilities in Pydio (formerly ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2015-3431 (Pydio (formerly AjaXplorer) before 6.0.7 allows remote attackers to ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2015-3430
	RESERVED
CVE-2015-3428
	RESERVED
CVE-2015-3426
	RESERVED
CVE-2015-3425
	RESERVED
CVE-2015-3424
	RESERVED
CVE-2015-3423
	RESERVED
CVE-2015-3422 (Cross-site scripting (XSS) vulnerability in SearchBlox before 8.2.1 ...)
	NOT-FOR-US: SearchBlox
CVE-2015-3421 (The eshop_checkout function in checkout.php in the Wordpress Eshop ...)
	NOT-FOR-US: Wordpress Eshop
CVE-2015-3419 (vBulletin 5.x through 5.1.6 allows remote authenticated users to ...)
	NOT-FOR-US: vBulletin
CVE-2015-3413
	RESERVED
	- hhvm 3.11.0+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/02a7a8f086c9181002fca0f0d9cef42963fdf46a
CVE-2015-3412 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=52b93f0cfd3cba7ff98cc5198df6ca4f23865f80
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=4435b9142ff9813845d5c97ab29a5d637bedb257
	NOTE: https://bugs.php.net/bug.php?id=69353
CVE-2015-3411 (PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x before 5.6.8 does ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69353
CVE-2015-3410
	RESERVED
CVE-2015-3427 (Quassel before 0.12.2 does not properly re-initialize the database ...)
	{DSA-3258-1}
	- quassel 1:0.10.0-2.4 (bug #783926)
	[wheezy] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
	[squeeze] - quassel <not-affected> (incomplete fix for CVE-2013-4422 not applied)
	NOTE: https://github.com/quassel/quassel/commit/6605882f41331c80f7ac3a6992650a702ec71283
	NOTE: http://quassel-irc.org/node/120
CVE-2015-3420 (The ssl-proxy-openssl.c function in Dovecot before 2.2.17, when SSLv3 ...)
	- dovecot 1:2.2.13-12 (bug #783649)
	[jessie] - dovecot 1:2.2.13-12~deb8u1
	[wheezy] - dovecot <not-affected> (Problematic patch introducing the issue not applied)
	[squeeze] - dovecot <not-affected> (Vulnerable code not present & not reproducible)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/3
	NOTE: Patch: http://web.archive.org/web/20150907231530/http://hg.dovecot.org/dovecot-2.2/rev/86f535375750
	NOTE: Segfault reproducible if using openssl/1.0.2a-1 from sid.
	NOTE: http://dovecot.org/pipermail/dovecot/2015-April/100579.html
	NOTE: It is openssl crashing but because dovecot ignores an erlier
	NOTE: returned error from dovecot, related to openssl bug:
	NOTE: https://rt.openssl.org/Ticket/Display.html?id=3818&user=guest&pass=guest
	NOTE: Possibly introduced due to http://web.archive.org/web/20150121182933/http://hg.dovecot.org:80/dovecot-2.2/rev/09d3c9c6f0ad
CVE-2015-3440 (Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in ...)
	{DSA-3250-1 DLA-236-1}
	- wordpress 4.2.1+dfsg-1 (bug #783554)
	NOTE: http://klikki.fi/adv/wordpress2.html
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-2-1/
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/27/4
	NOTE: https://core.trac.wordpress.org/changeset/32299
CVE-2015-XXXX [Some plugins were vulnerable to an SQL injection vulnerability]
	- wordpress 4.2+dfsg-1 (bug #783347)
	[jessie] - wordpress 4.1+dfsg-1+deb8u1
	[wheezy] - wordpress 3.6.1+dfsg-1~deb7u6
	[squeeze] - wordpress 3.6.1+dfsg-1~deb6u6
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
	NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
CVE-2015-XXXX [files with invalid or unsafe names could be uploaded]
	- wordpress 4.2+dfsg-1 (bug #783347)
	[jessie] - wordpress 4.1+dfsg-1+deb8u1
	[wheezy] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
	[squeeze] - wordpress <not-affected> (File upload vulnerability only in WordPress 4.1 and higher)
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/26/2
	NOTE: To be decided: http://www.openwall.com/lists/oss-security/2015/04/28/7
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/06/10/11
CVE-2015-3439 (Cross-site scripting (XSS) vulnerability in the Ephox (formerly ...)
	{DSA-3250-1 DLA-236-1}
	- wordpress 4.2+dfsg-1 (bug #783347)
	NOTE: http://codex.wordpress.org/Version_4.1.2
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-3438 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...)
	{DSA-3250-1 DLA-236-1}
	- wordpress 4.2+dfsg-1 (bug #783347)
	NOTE: http://codex.wordpress.org/Version_4.1.2
	NOTE: https://wordpress.org/news/2015/04/wordpress-4-1-2/
CVE-2015-3451 (The _clone function in XML::LibXML before 2.0119 does not properly set ...)
	{DSA-3243-1 DLA-214-1}
	- libxml-libxml-perl 2.0116+dfsg-2 (bug #783443)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/25/2
	NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/5962fd067580767777e94640b129ae8930a68a30
	NOTE: https://bitbucket.org/shlomif/perl-xml-libxml/commits/915f1dbaf21c5f3c21d7c519c70fd93859e47152
CVE-2015-3418 (The ProcPutImage function in dix/dispatch.c in X.Org Server (aka ...)
	{DLA-120-2}
	- xorg-server 2:1.16.4-1 (bug #774308)
	[wheezy] - xorg-server 2:1.12.4-6+deb7u6
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=dc777c346d5d452a53b13b917c45f6a1bad2f20b
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=928520 (not public yet)
CVE-2015-3417 (Use-after-free vulnerability in the ff_h264_free_tables function in ...)
	{DSA-3288-1}
	- ffmpeg 7:2.6.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e8714f6f93d1a32f4e4655209960afcf4c185214
CVE-2015-3404 (The Certify module before 6.x-2.3 for Drupal does not properly perform ...)
	NOT-FOR-US: Certify module for Drupal
CVE-2015-3403
	RESERVED
CVE-2015-3402
	RESERVED
CVE-2015-3401
	RESERVED
CVE-2015-3399
	RESERVED
CVE-2015-3398
	RESERVED
CVE-2015-3397 (Cross-site scripting (XSS) vulnerability in Yii Framework before 2.0.4 ...)
	- yii <itp> (bug #597899)
CVE-2015-3396
	RESERVED
CVE-2015-3395 (The msrle_decode_pal4 function in msrledec.c in Libav before 10.7 and ...)
	{DSA-3288-1}
	- ffmpeg 7:2.6.2-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav 6:11.4-1
	[wheezy] - libav <not-affected>
	- chromium-browser <not-affected>
	NOTE: Patch in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/f7e1367f58263593e6cee3c282f7277d7ee9d553
	NOTE: Patch in libav: https://git.libav.org/?p=libav.git;a=commit;h=5ecabd3c54b7c802522dc338838c9a4c2dc42948
CVE-2015-3394
	RESERVED
CVE-2015-3393 (Open redirect vulnerability in the Commerce WeDeal module before ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3392 (Cross-site scripting (XSS) vulnerability in the Ajax Timeline module ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3391 (The Path Breadcrumbs module before 7.x-3.2 for Drupal allows remote ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3390 (Cross-site scripting (XSS) vulnerability in the Facebook Album Fetcher ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3389 (Cross-site scripting (XSS) vulnerability in the Download counts report ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3388 (Cross-site request forgery (CSRF) vulnerability in the Commerce ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3387 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3386 (Cross-site scripting (XSS) vulnerability in the Node Access Product ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3385 (Cross-site scripting (XSS) vulnerability in the Taxonomy Path module ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3384 (Cross-site scripting (XSS) vulnerability in the Bank Account Listing ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3383 (Open redirect vulnerability in the Node basket module for Drupal ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3382 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3381 (Cross-site scripting (XSS) vulnerability in the Node basket module for ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal addon
CVE-2015-3379 (The Views module before 6.x-2.18, 6.x-3.x before 6.x-3.2, and 7.x-3.x ...)
	NOT-FOR-US: Drupal Views module
CVE-2015-3378 (Open redirect vulnerability in the Views module before 6.x-2.18, ...)
	NOT-FOR-US: Drupal Views module
CVE-2015-3377
	RESERVED
CVE-2015-3376 (Cross-site scripting (XSS) vulnerability in the Quizzler module before ...)
	NOT-FOR-US: Quizzler module for Drupal
CVE-2015-3375 (Cross-site request forgery (CSRF) vulnerability in the Shibboleth ...)
	NOT-FOR-US: Shibboleth Authentication module for Drupal
CVE-2015-3374 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Corner module fro Drupal
CVE-2015-3373 (The Amazon AWS module before 7.x-1.3 for Drupal uses the base URL and ...)
	NOT-FOR-US: Amazon AWS module for Drupal
CVE-2015-3372 (Cross-site scripting (XSS) vulnerability in the Node Invite module ...)
	NOT-FOR-US: Node Invite module for Drupal
CVE-2015-3371 (Open redirect vulnerability in the Node Invite module before 6.x-2.5 ...)
	NOT-FOR-US: Node Invite module for Drupal
CVE-2015-3370 (Cross-site request forgery (CSRF) vulnerability in the Node Invite ...)
	NOT-FOR-US: Node Invite module for Drupal
CVE-2015-3369 (Cross-site scripting (XSS) vulnerability in the Taxonews module before ...)
	NOT-FOR-US: Taxonews module for Drupal
CVE-2015-3368 (Cross-site scripting (XSS) vulnerability in the administration user ...)
	NOT-FOR-US: Classified Ads module for Drupal
CVE-2015-3367 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Ptterns module for Drupal
CVE-2015-3366 (Cross-site request forgery (CSRF) vulnerability in the Alfresco module ...)
	NOT-FOR-US: Alfresco module for Drupal
CVE-2015-3365 (Cross-site scripting (XSS) vulnerability in the nodeauthor module for ...)
	NOT-FOR-US: nodeauthor module for Drupal
CVE-2015-3364 (Cross-site scripting (XSS) vulnerability in the Content Analysis ...)
	NOT-FOR-US: Content Analysis module for Drupal
CVE-2015-3363 (Cross-site request forgery (CSRF) vulnerability in the Contact Form ...)
	NOT-FOR-US: Contact Forms Fields module for Drupal
CVE-2015-3362 (Cross-site scripting (XSS) vulnerability in the Video module before ...)
	NOT-FOR-US: Video module for Drupal
CVE-2015-3361 (Cross-site scripting (XSS) vulnerability in the Linkit module before ...)
	NOT-FOR-US: Linkit module for Drupal
CVE-2015-3360 (Cross-site scripting (XSS) vulnerability in the Term Merge module ...)
	NOT-FOR-US: Term Merge module for Drupal
CVE-2015-3359 (Multiple cross-site scripting (XSS) vulnerabilities in the Room ...)
	NOT-FOR-US: Room Reservations module for Drupal
CVE-2015-3358 (Multiple open redirect vulnerabilities in the Tadaa! module before ...)
	NOT-FOR-US: Tadaa! module for Drupal
CVE-2015-3357 (Cross-site scripting (XSS) vulnerability in the Wishlist module before ...)
	NOT-FOR-US: Wishlist module for Drupal
CVE-2015-3356 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Tadaa! module for Drupal
CVE-2015-3355 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Batch Jobs module for Drupal
CVE-2015-3354 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...)
	NOT-FOR-US: Drupal module Wishlist
CVE-2015-3353 (Cross-site scripting (XSS) vulnerability in the Field Display Label ...)
	NOT-FOR-US: Field Display Label module for Drupal
CVE-2015-3352 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal module Jammer
CVE-2015-3351 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Log ...)
	NOT-FOR-US: Log Watcher module for Drupal
CVE-2015-3350 (Cross-site request forgery (CSRF) vulnerability in the Todo Filter ...)
	NOT-FOR-US: Drupal module Todo Filter
CVE-2015-3349 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Htaccess module for Drupal
CVE-2015-3348 (Cross-site scripting (XSS) vulnerability in the Cloudwords for ...)
	NOT-FOR-US: Cloudwords for Multilingual Drupal module for Drupal
CVE-2015-3347 (Cross-site request forgery (CSRF) vulnerability in the Cloudwords for ...)
	NOT-FOR-US: Cloudwords for Multilingual Drupal module for Drupal
CVE-2015-3346 (SQL injection vulnerability in the WikiWiki module before 6.x-1.2 for ...)
	NOT-FOR-US: WikiWiki module for Drupal
CVE-2015-3345 (SQL injection vulnerability in the PHPlist Integration Module before ...)
	NOT-FOR-US: Drupal module PHPlist
CVE-2015-3344 (Cross-site scripting (XSS) vulnerability in the Course module 6.x-1.x ...)
	NOT-FOR-US: Drupal module Course
CVE-2015-3343 (Cross-site request forgery (CSRF) vulnerability in the OPAC module ...)
	NOT-FOR-US: OPAC module for Drupal
CVE-2015-3342 (Open redirect vulnerability in the Ubercart Currency Conversion module ...)
	NOT-FOR-US: Ubercart Currency Conversion module for Drupal
CVE-2015-3341
	RESERVED
CVE-2015-3400 (sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the ...)
	- zfs-linux <not-affected> (Specific to packages on archive.zfsonlinux.org repositories)
	NOTE: Issue with ZFS on Linux Debian packages specific as published in the archive.zfsonlinux.org repositories
	NOTE: https://github.com/zfsonlinux/zfs/issues/3319
CVE-2015-3338
	RESERVED
CVE-2015-3337 (Directory traversal vulnerability in Elasticsearch before 1.4.5 and ...)
	{DSA-3241-1}
	- elasticsearch 1.0.3+dfsg-7
	NOTE: https://www.elastic.co/blog/elasticsearch-1-5-2-and-1-4-5-released
CVE-2015-3336 (Google Chrome before 42.0.2311.90 does not always ask the user before ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-3335 (The NaClSandbox::InitializeLayerTwoSandbox function in ...)
	- chromium-browser <not-affected> (native client support not built)
CVE-2015-3334 (browser/ui/website_settings/website_settings.cc in Google Chrome ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-3333 (Multiple unspecified vulnerabilities in Google V8 before 4.2.77.14, as ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-3340 (Xen 4.2.x through 4.5.x does not initialize certain fields, which ...)
	{DSA-3414-1}
	- xen 4.6.0-1 (unimportant; bug #784011)
	[wheezy] - xen 4.1.4-3+deb7u8
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-132.html
CVE-2015-4605 (The mcopy function in softmagic.c in file 5.x, as used in the Fileinfo ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1 (bug #783099)
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	- file <not-affected> (Not reproducible with file, see #783108)
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
	NOTE: https://bugs.php.net/bug.php?id=68819
CVE-2015-4604 (The mget function in softmagic.c in file 5.x, as used in the Fileinfo ...)
	{DLA-307-1}
	- php5 5.6.9+dfsg-1 (bug #783099)
	[jessie] - php5 5.6.9+dfsg-0+deb8u1
	[wheezy] - php5 5.4.41-0+deb7u1
	- file <not-affected> (Not reproducible with file, see #783108)
	NOTE: https://git.php.net/?p=php-src.git;a=commitdiff;h=f938112c495b0d26572435c0be73ac0bfe642ecd
	NOTE: https://bugs.php.net/bug.php?id=68819
CVE-2015-3339 (Race condition in the prepare_binprm function in fs/exec.c in the ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-3
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b01fc86b9f425899f8a3a8fc1c47d73c2c20543
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/20/1
CVE-2015-7942 (The xmlParseConditionalSections function in parser.c in libxml2 does ...)
	{DSA-3430-1 DLA-334-1}
	- libxml2 2.9.3+dfsg1-1 (bug #802827)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980#c8
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=756456#c0
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=bd0526e66a56e75a18da8c15c4750db8f801c52d
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=41ac9049a27f52e7a1f3b341f8714149fc88d450
CVE-2015-7941 (libxml2 2.9.2 does not properly stop parsing invalid input, which ...)
	{DSA-3430-1 DLA-266-1}
	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #783010)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=744980
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/19/5
	NOTE: http://www.openwall.com/lists/oss-security/2015/10/22/5
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=a7dfab7411cbf545f359dd3157e5df1eb0e7ce31 (v2.9.3)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=9b8512337d14c8ddf662fcb98b0135f225a1c489 (v2.9.3)
CVE-2015-8710 (The htmlParseComment function in HTMLparser.c in libxml2 allows ...)
	{DSA-3430-1 DLA-266-1}
	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (bug #782985)
	NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/19/4
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=746048
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=e724879d964d774df9b7969fc846605aa1bac54c
CVE-2015-3328
	RESERVED
CVE-2015-3327
	RESERVED
CVE-2015-3326 (Trend Micro ScanMail for Microsoft Exchange (SMEX) 10.2 before Hot Fix ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2015-3325 (SQL injection vulnerability in forum.php in the WP Symposium plugin ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2015-3324 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
	NOT-FOR-US: ThinkServer
CVE-2015-3323 (The ThinkServer System Manager (TSM) Baseboard Management Controller ...)
	NOT-FOR-US: ThinkServer
CVE-2015-3322 (Lenovo ThinkServer RD350, RD450, RD550, RD650, and TD350 servers ...)
	NOT-FOR-US: ThinkServer
CVE-2015-3321 (Services and files in Lenovo Fingerprint Manager before 8.01.42 have ...)
	NOT-FOR-US: Lenovo
CVE-2015-3320 (Lenovo USB Enhanced Performance Keyboard software before 2.0.2.2 ...)
	NOT-FOR-US: Lenovo USB Enhanced Performance Keyboard software
CVE-2014-9717 (fs/namespace.c in the Linux kernel before 4.0.2 processes MNT_DETACH ...)
	- linux 4.0.2-1 (low)
	[jessie] - linux <ignored> (Too intrusive to backport)
	[wheezy] - linux <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
	- linux-2.6 <not-affected> (user namespaces known broken before 3.5, see kernel-sec info)
	NOTE: https://groups.google.com/forum/#!topic/linux.kernel/HnegnbXk0Vs
	NOTE: Proposed fixes: http://www.spinics.net/lists/linux-containers/msg30786.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/4
	NOTE: CVE assignement for issue in http://marc.info/?l=linux-kernel&m=141271552117745&w=2
CVE-2015-3330 (The php_handler function in sapi/apache2handler/sapi_apache2.c in PHP ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.7+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69218
	NOTE: https://bugs.php.net/bug.php?id=68486
	NOTE: Fixed by: http://git.php.net/?p=php-src.git;a=commit;h=809610f5ea38a83b284e1125d1fff129bdd615e7
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/17/3
	NOTE: For details on scope of the CVE assignment: http://www.openwall.com/lists/oss-security/2015/04/17/7
CVE-2015-3319 (Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly ...)
	NOT-FOR-US: Hotspot Express hotEx Billing Manager
CVE-2015-3318 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
	NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3317 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
	NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3316 (CA Common Services, as used in CA Client Automation r12.5 SP01, r12.8, ...)
	NOT-FOR-US: CA Common Services in ca.com products
CVE-2015-3314 (SQL injection vulnerability in WordPress Tune Library plugin before ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-3313 (SQL injection vulnerability in WordPress Community Events plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-3312
	RESERVED
CVE-2015-3311
	RESERVED
CVE-2015-3307 (The phar_parse_metadata function in ext/phar/phar.c in PHP before ...)
	{DSA-3280-1 DLA-307-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69443
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
CVE-2015-3329 (Multiple stack-based buffer overflows in the phar_set_inode function ...)
	{DSA-3280-1 DLA-212-1}
	- php5 5.6.9+dfsg-1
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f59b67ae50064560d7bfcdb0d6a8ab284179053c
	NOTE: https://bugs.php.net/bug.php?id=69441
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/16/22
	NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-3315 (Automatic Bug Reporting Tool (ABRT) allows local users to read, change ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3309 [incomplete fix for CVE-2015-3297]
	RESERVED
	- etherpad-lite <itp> (bug #576998)
CVE-2015-3308 (Double free vulnerability in lib/x509/x509_ext.c in GnuTLS before ...)
	[experimental] - gnutls28 3.3.14-1
	- gnutls28 3.3.8-7 (bug #782776)
	[jessie] - gnutls28 3.3.8-6+deb8u1
	- gnutls26 <not-affected> (Introduced in 3.3.0)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/d6972be33264ecc49a86cd0958209cd7363af1e9
	NOTE: https://gitlab.com/gnutls/gnutls/commit/053ae65403216acdb0a4e78b25ad66ee9f444f02
CVE-2015-3305
	RESERVED
CVE-2015-3304
	RESERVED
CVE-2015-3303
	RESERVED
CVE-2015-3302 (The TheCartPress eCommerce Shopping Cart (aka The Professional ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart
CVE-2015-3301 (Directory traversal vulnerability in the TheCartPress eCommerce ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress
CVE-2015-3299 (Cross-site scripting (XSS) vulnerability in the Floating Social Bar ...)
	NOT-FOR-US: Wordpress plugin
CVE-2015-3298
	RESERVED
CVE-2015-3296 (Multiple cross-site scripting (XSS) vulnerabilities in NodeBB before ...)
	NOT-FOR-US: NodeBB
CVE-2015-3295 (markdown-it before 4.1.0 does not block data: URLs. ...)
	- ruby-rails-assets-markdown-it 4.2.1-1
CVE-2015-3294 (The tcp_request function in Dnsmasq before 2.73rc4 does not properly ...)
	{DSA-3251-1 DLA-225-1}
	- dnsmasq 2.72-3.1 (bug #783459)
	NOTE: http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html
	NOTE: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
CVE-2015-3293 (FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain ...)
	NOT-FOR-US: FortiMail
CVE-2015-3292 (The installer in NetApp OnCommand Workflow Automation before 2.2.1P1 ...)
	NOT-FOR-US: NetApp OnCommand Workflow Automation
CVE-2015-3291 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
	{DSA-3313-1}
	- linux 4.0.8-2
	[wheezy] - linux <not-affected> (Present since 3.3)
	- linux-2.6 <not-affected> (Present since 3.3)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a27507ca2d796cfa8d907de31ad730359c8a6d06 (prerequisite)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=810bc075f78ff2c221536eb3008eac6a492dba2d
	NOTE: Introduced around 3.3-rc1: (https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3f3c8b8c4b2a34776c3470142a7c8baafcda6eb0)
CVE-2015-3290 (arch/x86/entry/entry_64.S in the Linux kernel before 4.1.6 on the ...)
	{DSA-3313-1}
	- linux 4.0.8-2
	[wheezy] - linux <not-affected> (Introduced in 3.13)
	- linux-2.6 <not-affected> (Introduced in 3.13)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9d05041679904b12c12421cbcf9cb5f4860a8d7b (prerequisite)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e181bb58143cb4a2e8f01c281b0816cd0e4798e (prerequisite)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a
CVE-2015-3289 (OpenStack Glance before 2015.1.1 (kilo) allows remote authenticated ...)
	- glance 2015.1.0-4 (bug #793896)
	[jessie] - glance <not-affected> (Vulnerable code introduced later)
	[wheezy] - glance <not-affected> (Vulnerable code introduced later)
CVE-2015-3288 (mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous ...)
	- linux 4.2-1
	[jessie] - linux 3.16.7-ckt17-1
	[wheezy] - linux 3.2.71-1
	NOTE: https://git.kernel.org/linus/6b7339f4c31ad69c8e9c0b2859276e22cf72176d (v4.2-rc2)
CVE-2015-3287
	REJECTED
CVE-2015-3286 (Buffer overflow in the Solaris kernel extension in OpenAFS before ...)
	- openafs <not-affected> (The Solaris kernel extension in versions through 1.6.12)
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-005.txt
CVE-2015-3285 (The pioctl for the OSD FS command in OpenAFS before 1.6.13 uses the ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-004.txt
CVE-2015-3284 (pioctls in OpenAFS 1.6.x before 1.6.13 allows local users to read ...)
	{DSA-3320-1}
	- openafs 1.6.13-1
	[squeeze] - openafs <not-affected> (Only 1.6.0 trough 1.6.12)
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-003.txt
CVE-2015-3283 (OpenAFS before 1.6.13 allows remote attackers to spoof bos commands ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-002.txt
CVE-2015-3282 (vos in OpenAFS before 1.6.13, when updating VLDB entries, allows ...)
	{DSA-3320-1 DLA-342-1}
	- openafs 1.6.13-1
	NOTE: http://www.openafs.org/pages/security/OPENAFS-SA-2015-001.txt
CVE-2015-3281 (The buffer_slow_realign function in HAProxy 1.5.x before 1.5.14 and ...)
	{DSA-3301-1}
	- haproxy 1.5.14-1
	[squeeze] - haproxy <not-affected> (Affects 1.5.x and 1.6-dev only)
	NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=7ec765568883b2d4e5a2796adbeb492a22ec9bd4 (1.5.x)
CVE-2015-3280 (OpenStack Compute (nova) before 2014.2.4 (juno) and 2015.1.x before ...)
	- nova 1:12.0.0-2 (low; bug #798883)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <not-affected> (Affected code introduced later)
	NOTE: 2014.2 versions through 2014.2.3, and 2015.1 versions through 2015.1.1
CVE-2015-3279 (Integer overflow in filter/texttopdf.c in texttopdf in cups-filters ...)
	{DSA-3303-1 DLA-314-1}
	- cups-filters 1.0.71-1
	- cups 1.5.0-16
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7365
CVE-2015-3278 (The cipherstring parsing code in nss_compat_ossl while in ...)
	NOT-FOR-US: nss_compat_ossl (OpenSSL to NSS Porting Library)
CVE-2015-3277 (The mod_nss module before 1.0.11 in Fedora allows remote attackers to ...)
	- libapache2-mod-nss <unfixed> (bug #795657)
	[stretch] - libapache2-mod-nss <no-dsa> (Minor issue)
	[jessie] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	[wheezy] - libapache2-mod-nss <not-affected> (Vulnerability introduced in 1.0.11)
	NOTE: Introduced by https://pagure.io/mod_nss/c/2d1650900f4d47dc43400d826c0f7e1a7c5229b8 (1.10.11)
CVE-2015-3276 (The nss_parse_ciphers function in libraries/libldap/tls_m.c in ...)
	- openldap <unfixed> (unimportant)
	NOTE: Debian builds with GNUTLS, not NSS
CVE-2015-3275 (Multiple cross-site scripting (XSS) vulnerabilities in the SCORM ...)
	- moodle 2.7.9+dfsg-1 (bug #792242)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
CVE-2015-3274 (Cross-site scripting (XSS) vulnerability in the user_get_user_details ...)
	- moodle 2.7.9+dfsg-1 (bug #792242)
	[squeeze] - moodle <not-affected> (Only similar function looks like the fixed version)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
CVE-2015-3273 (mod/forum/post.php in Moodle 2.9.x before 2.9.1 does not consider the ...)
	- moodle <not-affected> (Affects only 2.9)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50220
CVE-2015-3272 (Open redirect vulnerability in the clean_param function in ...)
	- moodle 2.7.9+dfsg-1 (bug #792242)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
CVE-2015-3271 (Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow ...)
	- tika <not-affected> (The server isn't shipped in the Debian package)
	NOTE: https://marc.info/?l=oss-security&m=143948566828051&w=2
CVE-2015-3270 (Apache Ambari before 2.0.2 or 2.1.x before 2.1.1 allows remote ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-3269 (Apache Flex BlazeDS, as used in flex-messaging-core.jar in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2015-3268 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Apache OFBiz
CVE-2015-3267 (Cross-site scripting (XSS) vulnerability in the 404 error page in Red ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2015-3266
	RESERVED
CVE-2015-3265
	RESERVED
CVE-2015-3264
	RESERVED
CVE-2015-3263
	RESERVED
CVE-2015-3262
	RESERVED
CVE-2015-3261
	RESERVED
CVE-2015-3260
	RESERVED
CVE-2015-3259 (Stack-based buffer overflow in the xl command line utility in Xen ...)
	{DSA-3414-1}
	- xen 4.6.0-1 (low; bug #795721)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <not-affected> (xl not shipped in Squeeze)
	NOTE: http://xenbits.xen.org/xsa/advisory-137.html
CVE-2015-3258 (Heap-based buffer overflow in the WriteProlog function in ...)
	{DSA-3303-1 DLA-314-1}
	- cups-filters 1.0.70-1
	- cups 1.5.0-16
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1235385
CVE-2015-3257 (Zend/Diactoros/Uri::filterPath in zend-diactoros before 1.0.4 does not ...)
	NOT-FOR-US: zend-diactoros
	NOTE: https://framework.zend.com/security/advisory/ZF2015-05
CVE-2015-3256 (PolicyKit (aka polkit) before 0.113 allows local users to cause a ...)
	- policykit-1 <not-affected> (The Policykit versions which rely on Javascript/Spidermonkey haven't been uploaded to unstable)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=69501
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=910262#c75
CVE-2015-3255 (The polkit_backend_action_pool_init function in ...)
	[experimental] - policykit-1 0.113-1
	- policykit-1 0.105-12 (bug #796134)
	[jessie] - policykit-1 0.105-15~deb8u1
	[wheezy] - policykit-1 <no-dsa> (Minor issue)
	[squeeze] - policykit-1 <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/polkit/commit/?id=9f5e0c731784003bd4d6fc75ab739ff8b2ea269f
CVE-2015-3254 (The client libraries in Apache Thrift before 0.9.3 might allow remote ...)
	- thrift-compiler <not-affected> (Vulnerable code not present)
	NOTE: Affects src:thrift, which is only in experimental. The issue is fixed upstream in 0.9.3
	NOTE: so any future upload of thrift to unstable can mark this item as <not-affected> (fixed
	NOTE: before the initial upload to Debian unstable)
CVE-2015-3253 (The MethodClosure class in runtime/MethodClosure.java in Apache Groovy ...)
	{DLA-274-1}
	- groovy 2.4.6-1 (bug #793397)
	[jessie] - groovy 1.8.6-4+deb8u1
	[wheezy] - groovy 1.8.6-1+deb7u1
	- groovy2 2.2.2+dfsg-5 (bug #793398)
	[jessie] - groovy2 2.2.2+dfsg-3+deb8u1
CVE-2015-3252 (Apache CloudStack before 4.5.2 does not properly preserve VNC ...)
	NOT-FOR-US: Apache CloudStack
CVE-2015-3251 (Apache CloudStack before 4.5.2 might allow remote authenticated ...)
	NOT-FOR-US: Apache CloudStack
CVE-2015-3250 (Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct ...)
	- apache-directory-api 1.0.0~M20-3 (bug #791957)
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/07/5
CVE-2015-3249 (The HTTP/2 experimental feature in Apache Traffic Server 5.3.x before ...)
	- trafficserver 5.3.1-1
	[wheezy] - trafficserver <not-affected> (HTTP2 support does not exist)
	NOTE: http://mail-archives.us.apache.org/mod_mbox/www-announce/201507.mbox/%3CCABF6JR37mWzDmXDqRQwRUXiojBZrhidndnsY1ZgmcZv-o7-a+g@mail.gmail.com%3E
CVE-2015-3248 (openhpi/Makefile.am in OpenHPI before 3.6.0 uses world-writable ...)
	- openhpi <not-affected> (Only affects RPM packaging, in Debian directory is not world-writable, bug #789543)
CVE-2015-3247 (Race condition in the worker_update_monitors_config function in SPICE ...)
	{DSA-3354-1}
	- spice 0.12.5-1.2 (bug #797976)
	[wheezy] - spice <not-affected> (monitors_config support introduced in 0.11.3)
	NOTE: Referenced Bug with Details from Red Hat is currently private
	NOTE: Patch: https://git.centos.org/blob/rpms!spice.git/11e32f6dd156a3c4847da29d989837437e973ccc/SOURCES!0038-Avoid-race-conditions-reading-monitor-configs-from-g.patch
CVE-2015-3246 (libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the ...)
	{DLA-468-1}
	- libuser 1:0.62~dfsg-0.1 (bug #793465)
	[jessie] - libuser <no-dsa> (Minor issue)
CVE-2015-3245 (Incomplete blacklist vulnerability in the chfn function in libuser ...)
	{DLA-468-1}
	- libuser 1:0.62~dfsg-0.1 (bug #793465)
	[jessie] - libuser <no-dsa> (Minor issue)
	NOTE: initially attributed to usermode package, root-cause fixed in libuser instead
CVE-2015-3244 (The Portlet Bridge for JavaServer Faces in Red Hat JBoss Portal 6.2.0, ...)
	NOT-FOR-US: PortletBridge component of Red Hat JBoss Portal
CVE-2015-3243 (rsyslog uses weak permissions for generating log files, which allows ...)
	- rsyslog <unfixed> (unimportant)
	NOTE: The default for syslog is $FileCreateMode 0644 but the rsyslog.conf
	NOTE: provided by the Debian package sets $FileCreateMode 0640
CVE-2015-3242
	REJECTED
CVE-2015-3241 (OpenStack Compute (nova) 2015.1 through 2015.1.1, 2014.2.3, and ...)
	- nova 1:12.0.0-2 (bug #796109)
	[jessie] - nova <no-dsa> (Minor issue)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1387543
	NOTE: Affects: versions through 2014.1.4, and 2014.2 versions through 2014.2.3, and version 2015.1.0
	NOTE: https://git.openstack.org/cgit/openstack/nova/commit/?id=7ab75d5b0b75fc3426323bef19bf436a258b9707
CVE-2015-3240 (The pluto IKE daemon in libreswan before 3.15 and Openswan before ...)
	- openswan <removed>
	[squeeze] - openswan <end-of-life> (Not supported in Squeeze LTS)
	[wheezy] - openswan <end-of-life> (Not supported in Wheezy LTS)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2015-3240/
CVE-2015-3239 (Off-by-one error in the dwarf_to_unw_regnum function in ...)
	{DLA-271-1}
	- libunwind 1.1-4 (low; bug #790830)
	[jessie] - libunwind <no-dsa> (Minor issue)
	[wheezy] - libunwind <no-dsa> (Minor issue)
	- android-platform-external-libunwind 7.0.0+r1-4 (bug #849346)
	NOTE: http://savannah.nongnu.org/bugs/?45276 (private bug)
	NOTE: http://git.savannah.gnu.org/cgit/libunwind.git/commit/?id=396b6c7ab737e2bff244d640601c436a26260ca1
CVE-2015-3238 (The _unix_run_helper_binary function in the pam_unix module in ...)
	- pam 1.1.8-3.2 (bug #789986)
	[jessie] - pam 1.1.8-3.1+deb8u1
	[wheezy] - pam <no-dsa> (Minor issue e.g. in combination with enabled SELinux)
	[squeeze] - pam <no-dsa> (Minor issue e.g. in combination with enabled SELinux)
	NOTE: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=e89d4c97385ff8180e6e81e84c5aa745daf28a79
	NOTE: https://www.redhat.com/archives/pam-list/2015-June/msg00001.html
CVE-2015-3237 (The smb_request_state function in cURL and libcurl 7.40.0 through ...)
	- curl 7.43.0-1
	[jessie] - curl <not-affected> (Vulnerable code not present)
	[wheezy] - curl <not-affected> (Vulnerable code not present)
	[squeeze] - curl <not-affected> (Vulnerable code not present)
	NOTE: http://curl.haxx.se/docs/adv_20150617B.html
CVE-2015-3236 (cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic ...)
	- curl 7.43.0-1
	[jessie] - curl <not-affected> (Vulnerable code not present)
	[wheezy] - curl <not-affected> (Vulnerable code not present)
	[squeeze] - curl <not-affected> (Vulnerable code not present)
	NOTE: http://curl.haxx.se/docs/adv_20150617A.html
CVE-2015-3235 (Foreman before 1.9.0 allows remote authenticated users with the ...)
	- foreman <itp> (bug #663101)
CVE-2015-3234 (The OpenID module in Drupal 6.x before 6.36 and 7.x before 7.38 allows ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3233 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3232 (Open redirect vulnerability in the Field UI module in Drupal 7.x ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3231 (The Render cache system in Drupal 7.x before 7.38, when used to cache ...)
	{DSA-3291-1}
	- drupal7 7.38-1
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2015-002
CVE-2015-3230 (389 Directory Server (formerly Fedora Directory Server) before ...)
	- 389-ds-base 1.3.3.12-1 (bug #789202)
	NOTE: https://fedorahosted.org/389/ticket/48194
	NOTE: Regression if https://fedorahosted.org/389/ticket/47838 applied
CVE-2015-3229 (fedora-cloud-atomic.ks in spin-kickstarts allows remote attackers to ...)
	NOT-FOR-US: Fedora Atomic
CVE-2015-3228 (Integer overflow in the gs_heap_alloc_bytes function in ...)
	{DSA-3326-1 DLA-280-1}
	- ghostscript 9.15~dfsg-1 (bug #793489)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=696070
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=0c0b0859
	NOTE: File to reproduce segfault with ps2pdf: http://bugs.ghostscript.com/attachment.cgi?id=11776
CVE-2015-3227 (The (1) jdom.rb and (2) rexml.rb components in Active Support in Ruby ...)
	{DSA-3464-1 DLA-603-1}
	- rails 2:4.2.4-2 (bug #790487)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-activesupport-3.2 <removed>
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
CVE-2015-3226 (Cross-site scripting (XSS) vulnerability in json/encoding.rb in Active ...)
	{DSA-3464-1}
	- rails 2:4.2.4-2 (bug #790486)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - rails <not-affected> (Vulnerable code not present, is only a transitional package)
	- ruby-activesupport-3.2 <removed>
	[wheezy] - ruby-activesupport-3.2 <not-affected> (Vulnerable code not present)
	- ruby-activesupport-2.3 <removed>
	[wheezy] - ruby-activesupport-2.3 <end-of-life> (https://lists.debian.org/debian-security-announce/2014/msg00164.html)
CVE-2015-3225 (lib/rack/utils.rb in Rack before 1.5.4 and 1.6.x before 1.6.2, as used ...)
	{DSA-3322-1 DLA-254-1}
	- ruby-rack 1.5.2-4 (bug #789311)
	- ruby-rack1.4 <removed>
	- librack-ruby <removed>
	NOTE: http://seclists.org/oss-sec/2015/q2/729 has patches for 1.5 and 1.6
CVE-2015-3224 (request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x ...)
	NOT-FOR-US: Web Console Ruby Gem
CVE-2015-3223 (The ldb_wildcard_compare function in ldb_match.c in ldb before 1.1.24, ...)
	{DSA-3433-1}
	- samba 2:4.1.22+dfsg-1
	[wheezy] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	[squeeze] - samba <not-affected> (Only affects 4.0.0 to 4.3.2)
	- ldb 2:1.1.24-1
	[jessie] - ldb 2:1.1.17-2+deb8u1
	[wheezy] - ldb <no-dsa> (Minor issue, only relevant in conjunction with Samba 4, which isn't in wheezy)
	[squeeze] - ldb <no-dsa> (Minor issue)
	NOTE: https://www.samba.org/samba/security/CVE-2015-3223.html
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=fb456954f332c07a645226d59b3b00ec252f8b26 (v4-1-stable)
	NOTE: https://git.samba.org/?p=samba.git;a=commit;h=bb1b783ee9d7259cfc6a1fe882f22189747f8684 (v4-1-stable)
	NOTE: Samba update needs as well fixed ldb
CVE-2015-3222 (syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows ...)
	- ossec-hids <itp> (bug #361954)
CVE-2015-3221 (OpenStack Neutron before 2014.2.4 (juno) and 2015.1.x before 2015.1.1 ...)
	- neutron 2015.1.0+2015.06.24.git61.bdf194a0e1-1 (bug #789713)
	[jessie] - neutron <not-affected> (ipset code introduced in Juno)
	NOTE: https://bugs.launchpad.net/neutron/+bug/1461054/comments/18
	NOTE: 2014.2 versions through 2014.2.3 and 2015.1.0 version
CVE-2015-3220 (The tlslite library before 0.4.9 for Python allows remote attackers to ...)
	- tlslite <removed>
CVE-2015-3219 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack ...)
	{DSA-3617-1}
	- horizon 2015.1.0+2015.06.09.git15.e63af6c598-1 (bug #788306)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: 2014.2 versions through 2014.2.3 and version 2015.1.0
CVE-2015-3218 (The authentication_agent_new function in ...)
	[experimental] - policykit-1 0.113-1
	- policykit-1 0.105-11 (bug #787932)
	[jessie] - policykit-1 0.105-15~deb8u1
	[wheezy] - policykit-1 <no-dsa> (Minor issue)
	[squeeze] - policykit-1 <not-affected> (Vulnerable code introduced later)
	NOTE: http://lists.freedesktop.org/archives/polkit-devel/2015-May/000420.html
	NOTE: Patch: http://cgit.freedesktop.org/polkit/commit/?id=48e646918efb2bf0b3b505747655726d7869f31c
	NOTE: Introduced by: http://cgit.freedesktop.org/polkit/commit/?id=6eeb077bc90c9c7783360a526b2f04645b1b0848
CVE-2015-3217 (PCRE 7.8 and 8.32 through 8.37, and PCRE2 10.10 mishandle group empty ...)
	- pcre3 2:8.38-1 (bug #787641)
	[jessie] - pcre3 <no-dsa> (Minor issue)
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1638
	NOTE: Upstream fix: http://vcs.pcre.org/pcre?view=revision&revision=1566
	NOTE: More information: https://bugzilla.redhat.com/show_bug.cgi?id=1228283#c2
CVE-2015-3216 (Race condition in a certain Red Hat patch to the PRNG lock ...)
	- openssl <not-affected> (Affects Red Hat specific patch)
	NOTE: More information in https://bugzilla.redhat.com/show_bug.cgi?id=1225994
CVE-2015-3215 (The NetKVM Windows Virtio driver allows remote attackers to cause a ...)
	NOT-FOR-US: virtio Windows drivers
CVE-2015-3214 (The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and ...)
	{DSA-3348-1}
	- qemu 1:2.4+dfsg-1a (bug #795461)
	[wheezy] - qemu <not-affected> (Introduced in 1.3.0)
	[squeeze] - qemu <not-affected> (Introduced in 1.3.0)
	- qemu-kvm <not-affected> (Introduced in 1.3.0)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code introduced in 1.3.0, embedded version is 0.10.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235
	NOTE: Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0505bcdec8228d8de39ab1a02644e71999e7c052 (v1.3.0-rc0)
	- linux <not-affected> (Fixed before linux-2.6 -> linux rename, v2.6.33-rc8)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 (v2.6.33-rc8)
CVE-2015-3213 (The gesture handling code in Clutter before 1.16.2 allows physically ...)
	- clutter-1.0 1.18.0-1
	[wheezy] - clutter-1.0 <not-affected> (Vulnerable code introduced later)
	[squeeze] - clutter-1.0 <not-affected> (Vulnerable code was introduced past 1.12.0)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=749847
	NOTE: Introduced by: https://git.gnome.org/browse/clutter/commit/?id=abcf1d589f29ba7914d5648bb9814ad26c13cd83 (1.13.2)
	NOTE: Fixed by: https://git.gnome.org/browse/clutter/commit/?id=97724939c8de004d7fa230f3ff64862d957f93a9 (1.17.2)
CVE-2015-3212 (Race condition in net/sctp/socket.c in the Linux kernel before 4.1.2 ...)
	{DSA-3329-1}
	- linux 4.0.8-1
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: https://marc.info/?l=linux-netdev&m=143277436124732&w=2
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9f7d653b67aed2d92540fbb0a8adaf32fcf352ae (v3.1-rc1)
CVE-2015-3211 (php-fpm allows local users to write to or create arbitrary files via a ...)
	- php5 <not-affected> (Red Hat specific problem in the rpm package)
CVE-2015-3210 (Heap-based buffer overflow in PCRE 8.34 through 8.37 and PCRE2 10.10 ...)
	- pcre3 2:8.35-7.2 (bug #787433)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <not-affected> (Vulnerable code introduced later)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introduced later)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1636
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1558
	NOTE: Affected code refactored in: http://vcs.pcre.org/pcre?view=revision&revision=1359 (8.34)
	NOTE: Issue then introduced by: http://vcs.pcre.org/pcre?view=revision&revision=1361
CVE-2015-3209 (Heap-based buffer overflow in the PCNET controller in QEMU allows ...)
	{DSA-3286-1 DSA-3285-1 DSA-3284-1}
	- qemu 1:2.3+dfsg-6 (bug #788460)
	[wheezy] - qemu 1.1.2+dfsg-6a+deb7u8
	- qemu-kvm <removed>
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - qemu <end-of-life> (Not supported in Squeeze LTS)
	[squeeze] - qemu-kvm <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-135.html
CVE-2015-3208 (XML external entity (XXE) vulnerability in the XPath selector ...)
	NOT-FOR-US: HornetQ
CVE-2015-3207
	RESERVED
CVE-2015-3206 (The checkPassword function in python-kerberos does not authenticate ...)
	{DLA-265-2 DLA-265-1}
	- pykerberos 1.1.5-1 (bug #796195)
	[jessie] - pykerberos 1.1.5-0.1+deb8u1
	[wheezy] - pykerberos 1.1+svn4895-1+deb7u1
	NOTE: CVE originally assigned for python-kerberos, pykerberos is a fork of the
	NOTE: former.
	NOTE: KDC verification support in pykerberos added in https://github.com/02strich/pykerberos/commit/02d13860b25fab58e739f0e000bed0067b7c6f9c
	NOTE: Using the above code as is might break existing installations since a keytab is required to call krb5_verify_init_creds
CVE-2015-3205 (libmimedir allows remote attackers to execute arbitrary code via a VCF ...)
	- libmimedir <removed> (bug #789197)
	[jessie] - libmimedir <no-dsa> (Minor issue)
	[wheezy] - libmimedir <no-dsa> (Minor issue)
	[squeeze] - libmimedir <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1222251
CVE-2015-3204 (libreswan 3.9 through 3.12 allows remote attackers to cause a denial ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204.txt
	NOTE: https://libreswan.org/security/CVE-2015-3204/CVE-2015-3204-libreswan.patch
CVE-2015-3203 (Unrestricted file upload vulnerability in h5ai before 0.25.0 allows ...)
	NOT-FOR-US: h5ai
CVE-2015-3202 (fusermount in FUSE before 2.9.3-15 does not properly clear the ...)
	{DSA-3268-2 DSA-3268-1 DSA-3266-1 DLA-238-1 DLA-226-2 DLA-226-1}
	- fuse 2.9.3-16 (bug #786439)
	NOTE: Upstream fix: http://web.archive.org/web/20150529051222/http://sourceforge.net:80/p/fuse/fuse/ci/fe2d96
	- ntfs-3g 1:2014.2.15AR.3-3 (bug #786475)
	NOTE: ntfs-3g source wise affected but wheezy version uses --with-fuse=external
	NOTE: ntfs-3g is built with internal copy since 1:2013.1.13AR.3-2
CVE-2015-3201 (Thermostat before 2.0.0 uses world-readable permissions for the ...)
	NOT-FOR-US: thermostat
CVE-2015-3200 (mod_auth in lighttpd before 1.4.36 allows remote attackers to inject ...)
	- lighttpd 1.4.37-1 (low; bug #787132)
	[jessie] - lighttpd <no-dsa> (Minor issue)
	[wheezy] - lighttpd <no-dsa> (Minor issue)
	[squeeze] - lighttpd <no-dsa> (Minor issue)
	NOTE: http://jaanuskp.blogspot.com/2015/05/cve-2015-3200.html
	NOTE: http://redmine.lighttpd.net/issues/2646
CVE-2015-3199
	REJECTED
CVE-2015-3198 (The Undertow module of WildFly 9.x before 9.0.0.CR2 and 10.x before ...)
	NOT-FOR-US: Undertow module of WildFly / JBOSS
CVE-2015-3197 (ssl/s2_srvr.c in OpenSSL 1.0.1 before 1.0.1r and 1.0.2 before 1.0.2f ...)
	{DLA-421-1}
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
	NOTE: No MITM: https://bugzilla.redhat.com/show_bug.cgi?id=1301846#c3
CVE-2015-3196 (ssl/s3_clnt.c in OpenSSL 1.0.0 before 1.0.0t, 1.0.1 before 1.0.1p, and ...)
	{DSA-3413-1}
	- openssl 1.0.2d-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.0 to 1.0.2)
CVE-2015-3195 (The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in ...)
	{DSA-3413-1 DLA-358-1}
	- openssl 1.0.2e-1
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-3194 (crypto/rsa/rsa_ameth.c in OpenSSL 1.0.1 before 1.0.1q and 1.0.2 before ...)
	{DSA-3413-1}
	- openssl 1.0.2e-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.2)
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-3193 (The Montgomery squaring implementation in ...)
	- openssl 1.0.2e-1
	[jessie] - openssl <not-affected> (Only affects 1.0.2)
	[wheezy] - openssl <not-affected> (Only affects 1.0.2)
	[squeeze] - openssl <not-affected> (Only affects 1.0.2)
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-3192 (Pivotal Spring Framework before 3.2.14 and 4.x before 4.1.7 do not ...)
	- libspring-java 4.1.9-1 (low; bug #796137)
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://pivotal.io/security/cve-2015-3192
	NOTE: https://jira.spring.io/browse/SPR-13136
CVE-2015-3191 (With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-3190 (With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-3189 (With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-3188 (The UI daemon in Apache Storm 0.10.0 before 0.10.0-beta1 allows remote ...)
	NOT-FOR-US: Apache Storm
CVE-2015-3187 (The svn_repos_trace_node_locations function in Apache Subversion ...)
	{DSA-3331-1 DLA-293-1}
	- subversion 1.9.0-1
	NOTE: https://subversion.apache.org/security/CVE-2015-3187-advisory.txt
CVE-2015-3186 (Cross-site scripting (XSS) vulnerability in Apache Ambari before 2.1.0 ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-3185 (The ap_some_auth_required function in server/request.c in the Apache ...)
	{DSA-3325-1}
	- apache2 2.4.16-1
	[wheezy] - apache2 <not-affected> (Bug introduced during 2.4 development)
	[squeeze] - apache2 <not-affected> (Bug introduced during 2.4 development)
	NOTE: https://www.apache.org/dist/httpd/Announcement2.4.txt
	NOTE: http://web.archive.org/web/20150918024815/http://www.apache.org:80/dist/httpd/CHANGES_2.4.16
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1684525
	NOTE: Behavior changed in 2.4.x refactoring, API no longer usable in 2.4.x
CVE-2015-3184 (mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x ...)
	{DSA-3331-1}
	- subversion 1.9.0-1
	[wheezy] - subversion <not-affected> (1.6 does not build with apache 2.4)
	[squeeze] - subversion <not-affected> (1.6 does not build with apache 2.4)
	NOTE: https://subversion.apache.org/security/CVE-2015-3184-advisory.txt
	NOTE: subversion needs to be built with a fixed apache version
CVE-2015-3183 (The chunked transfer coding implementation in the Apache HTTP Server ...)
	{DSA-3325-1 DLA-284-1}
	- apache2 2.4.16-1
	NOTE: https://www.apache.org/dist/httpd/Announcement2.4.txt
	NOTE: http://web.archive.org/web/20150918024815/http://www.apache.org:80/dist/httpd/CHANGES_2.4.16
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1684515
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1687338 (2.2.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1687339 (2.2.x)
CVE-2015-3182 (epan/dissectors/packet-dec-dnart.c in the DECnet NSP/RT dissector in ...)
	- wireshark 1.12.0~rc1-1
	[jessie] - wireshark <not-affected> (Only affected 1.10.x)
	[wheezy] - wireshark <not-affected> (Only affected 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affected 1.10.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1219409
CVE-2015-3181 (files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3180 (lib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3179 (login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3178 (Cross-site scripting (XSS) vulnerability in the external_format_text ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3177 (Moodle 2.8.x before 2.8.6 does not consider the tool/monitor:subscribe ...)
	- moodle <not-affected> (Only affects versions 2.8 to 2.8.5)
CVE-2015-3176 (The account-confirmation feature in login/confirm.php in Moodle ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3175 (Multiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3174 (mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, ...)
	- moodle 2.7.8+dfsg-1 (bug #785591)
	[squeeze] - moodle <end-of-life> (Not supported in Squeeze LTS)
CVE-2015-3173
	RESERVED
CVE-2015-3172
	RESERVED
CVE-2015-3171 (sosreport 3.2 uses weak permissions for generated sosreport archives, ...)
	- sosreport 3.2-2 (bug #769521)
	NOTE: https://github.com/sosreport/sos/commit/d7759d3ddae5fe99a340c88a1d370d65cfa73fd6
	NOTE: https://github.com/sosreport/sos/issues/425
CVE-2015-3170 (selinux-policy when sysctl fs.protected_hardlinks are set to 0 allows ...)
	NOT-FOR-US: Red Hat specific issue with selinux-policy rpm package
CVE-2015-3169 (Cross-site scripting (XSS) vulnerability in askbot ...)
	- askbot <itp> (bug #687966)
CVE-2015-3168
	REJECTED
CVE-2015-3167
	RESERVED
	{DSA-3270-1 DSA-3269-1 DLA-227-1}
	- postgresql-9.4 9.4.2-1
	- postgresql-9.1 <removed>
	NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3166
	RESERVED
	{DSA-3270-1 DSA-3269-1 DLA-227-1}
	- postgresql-9.4 9.4.2-1
	- postgresql-9.1 <removed>
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3165 (Double free vulnerability in PostgreSQL before 9.0.20, 9.1.x before ...)
	{DSA-3270-1 DSA-3269-1 DLA-227-1}
	- postgresql-9.4 9.4.2-1
	- postgresql-9.1 <removed>
	NOTE: Since 9.1.1-2 src:postgresql-9.1 builds only postgresql-plperl-9.1, source-wise fixed
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl; EOL upstream)
CVE-2015-3164 (The authentication setup in XWayland 1.16.x and 1.17.x before 1.17.2 ...)
	- xorg-server 2:1.17.2-1 (bug #788410)
	[jessie] - xorg-server 2:1.16.4-1+deb8u2
	[wheezy] - xorg-server <not-affected> (XWayland not present)
	[squeeze] - xorg-server <not-affected> (XWayland not present)
	NOTE: http://lists.freedesktop.org/archives/wayland-devel/2015-June/022548.html
	NOTE: Patch 1/3: http://cgit.freedesktop.org/xorg/xserver/commit/?id=c4534a38b68aa07fb82318040dc8154fb48a9588
	NOTE: Patch 2/3: http://cgit.freedesktop.org/xorg/xserver/commit/?id=4b4b9086d02b80549981d205fb1f495edc373538
	NOTE: Patch 3/3: http://cgit.freedesktop.org/xorg/xserver/commit/?id=76636ac12f2d1dbdf7be08222f80e7505d53c451
CVE-2015-3163 (The admin pages for power types and key types in Beaker before 20.1 do ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3162 (Cross-site scripting (XSS) vulnerability in the edit comment dialog in ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3161 (The search bar code in bkr/server/widgets.py in Beaker before 20.1 ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3160 (XML external entity (XXE) vulnerability in bkr/server/jobs.py in ...)
	NOT-FOR-US: Beaker (toolset for managing test labs, not src:beaker in Debian)
CVE-2015-3159
	RESERVED
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3158 (The invokeNextValve function in ...)
	NOT-FOR-US: PicketLink
CVE-2015-3157
	REJECTED
CVE-2015-3156 (The _write_config function in ...)
	- openstack-trove <unfixed> (unimportant; bug #787654)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1216073#c1
	NOTE: partially fixed already in 2015.1~rc2-1, cf. #787654
	NOTE: will be completed during kilo release
CVE-2015-3155 (Foreman before 1.8.1 does not set the secure flag for the _session_id ...)
	- foreman <itp> (bug #663101)
CVE-2015-3154 [Potential CRLF injection attacks in mail and HTTP headers]
	RESERVED
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.12+dfsg-1
	[jessie] - zendframework 1.12.9+dfsg-2+deb8u1
	NOTE: http://framework.zend.com/security/advisory/ZF2015-04
CVE-2015-3153 (The default configuration for cURL and libcurl before 7.42.1 sends ...)
	{DSA-3240-1}
	- curl 7.42.1-1
	[wheezy] - curl <no-dsa> (Too intrusive to backport)
	[squeeze] - curl <no-dsa> (Too intrusive to backport)
	NOTE: http://curl.haxx.se/docs/adv_20150429.html
CVE-2015-3152 (Oracle MySQL before 5.7.3, Oracle MySQL Connector/C (aka ...)
	{DSA-3311-1}
	- mariadb-10.0 10.0.20-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: CVE was assigned explicitly only for MariaDB and Percona, but not Oracle MySQL
	NOTE: since Oracle is a CNA itself.
	NOTE: http://www.ocert.org/advisories/ocert-2015-003.html
	NOTE: http://mysqlblog.fivefarmers.com/2015/04/29/ssltls-in-5-6-and-5-5-ocert-advisory/
	NOTE: https://mariadb.atlassian.net/browse/MDEV-7937
CVE-2015-3151 [abrt: directory traversals in several D-Bus methods implemented by abrt-dbus]
	RESERVED
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3150 [abrt: abrt-dbus does not guard against crafted problem directory path arguments]
	RESERVED
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3149 (The Hotspot component in OpenJDK8 as packaged in Red Hat Enterprise ...)
	- openjdk-8 <not-affected> (defective patch not applied)
CVE-2015-3148 (cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use ...)
	{DSA-3232-1 DLA-211-1}
	- curl 7.42.0-1
	NOTE: http://curl.haxx.se/docs/adv_20150422B.html
CVE-2015-3147
	RESERVED
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3146 (The (1) SSH_MSG_NEWKEYS and (2) SSH_MSG_KEXDH_REPLY packet handlers in ...)
	- libssh 0.6.3-4.2 (bug #784404)
	[jessie] - libssh 0.6.3-4+deb8u1
	[wheezy] - libssh 0.5.4-1+deb7u3
	[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
	NOTE: https://www.libssh.org/2015/04/30/libssh-0-6-5-security-and-bugfix-release/
CVE-2015-3145 (The sanitize_cookie_path function in cURL and libcurl 7.31.0 through ...)
	- curl 7.42.0-1
	[jessie] - curl 7.38.0-4+deb8u1
	[wheezy] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
	[squeeze] - curl <not-affected> (Affects 7.31.0 to and including 7.41.0)
	NOTE: http://curl.haxx.se/docs/adv_20150422C.html
CVE-2015-3144 (The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 ...)
	- curl 7.42.0-1
	[jessie] - curl 7.38.0-4+deb8u1
	[wheezy] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
	[squeeze] - curl <not-affected> (Affects 7.37.0 to and including 7.41.0)
	NOTE: http://curl.haxx.se/docs/adv_20150422D.html
CVE-2015-3143 (cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM ...)
	{DSA-3232-1 DLA-211-1}
	- curl 7.42.0-1
	NOTE: http://curl.haxx.se/docs/adv_20150422A.html
CVE-2015-3142 (The kernel-invoked coredump processor in Automatic Bug Reporting Tool ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-3141 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Synametrics Technologies Xeams
CVE-2015-3140
	RESERVED
CVE-2015-3139
	RESERVED
CVE-2015-3138 (print-wb.c in tcpdump before 4.7.4 allows remote attackers to cause a ...)
	- tcpdump <not-affected> (Introduced in 4.7)
	NOTE: https://github.com/the-tcpdump-group/tcpdump/issues/446
	NOTE: Fixed by: https://github.com/the-tcpdump-group/tcpdump/commit/3ed82f4ed0095768529afc22b923c8f7171fff70
	NOTE: Introduced by: https://github.com/the-tcpdump-group/tcpdump/commit/3a3ec26085461998074b827b112d38e8f3246a86
CVE-2015-3137 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3136 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3135 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3134 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3133 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3132 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3131 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3130 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3129 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3128 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3127 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3126 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3125 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3124 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3123 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3122 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3121 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3120 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3119 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3118 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3117 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3116 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3115 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3114 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3113 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.296 and ...)
	NOT-FOR-US: Adobe Flash Player
	NOTE: https://helpx.adobe.com/security/products/flash-player/apsb15-14.html
CVE-2015-3112 (Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC ...)
	NOT-FOR-US: Adobe
CVE-2015-3111 (Heap-based buffer overflow in Adobe Photoshop CC before 16.0 (aka ...)
	NOT-FOR-US: Adobe
CVE-2015-3110 (Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and ...)
	NOT-FOR-US: Adobe
CVE-2015-3109 (Adobe Photoshop CC before 16.0 (aka 2015.0.0) allows attackers to ...)
	NOT-FOR-US: Adobe
CVE-2015-3108 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3107 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3106 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3105 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3104 (Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3103 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3102 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3101 (The Flash broker in Adobe Flash Player before 13.0.0.292 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3100 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3099 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3098 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3097 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3096 (Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3095 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2015-3094
	REJECTED
CVE-2015-3093 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3092 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3091 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3090 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3089 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3088 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.289 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3087 (Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3086 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3085 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3084 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3083 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3082 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3081 (Race condition in Adobe Flash Player before 13.0.0.289 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3080 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.289 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3079 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3078 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3077 (Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3076 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3075 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-3074 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3073 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3072 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3071 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3070 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3069 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3068 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3067 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3066 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3065 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3064 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3063 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3062 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3061 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3060 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3059 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-3058 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3057 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3056 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3055 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-3054 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-3053 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe
CVE-2015-3052 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3051 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3050 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3049 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3048 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.14 and ...)
	NOT-FOR-US: Adobe
CVE-2015-3047 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3046 (Adobe Reader and Acrobat 10.x before 10.1.14 and 11.x before 11.0.11 ...)
	NOT-FOR-US: Adobe
CVE-2015-3045
	REJECTED
CVE-2015-3044 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3043 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3042 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3041 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3040 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3039 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3038 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-3037
	RESERVED
CVE-2015-3036 (Stack-based buffer overflow in the run_init_sbus function in the ...)
	NOT-FOR-US: KCodes NetUSB module for the Linux kernel
CVE-2015-3035 (Directory traversal vulnerability in TP-LINK Archer C5 (1.2) with ...)
	NOT-FOR-US: TP-LINK Router
CVE-2015-3034
	RESERVED
CVE-2015-3033
	RESERVED
CVE-2015-3032
	RESERVED
CVE-2015-3031
	RESERVED
CVE-2015-3027 (Clang in LLVM, as used in Apple Xcode before 6.3, performs incorrect ...)
	NOT-FOR-US: Clang in LLVM as used in Apple Xcode
CVE-2015-3025
	RESERVED
CVE-2015-3024
	RESERVED
CVE-2015-3023
	RESERVED
CVE-2015-3022
	RESERVED
CVE-2015-3021
	RESERVED
CVE-2015-3020
	RESERVED
CVE-2015-3019
	RESERVED
CVE-2015-3018
	RESERVED
CVE-2015-3017
	RESERVED
CVE-2015-3016
	RESERVED
CVE-2015-3015
	RESERVED
CVE-2015-3014
	RESERVED
CVE-2015-3009
	RESERVED
CVE-2014-9716 (Cross-site scripting (XSS) vulnerability in WebODF before 0.5.4 allows ...)
	- owncloud <not-affected> (embedded partial copy doesn't contain the related code)
	- owncloud-documents <not-affected> (embedded partial copy doesn't contain the related code)
	- webodf <itp> (bug #727529)
CVE-2015-3416 (The sqlite3VXPrintf function in printf.c in SQLite before 3.8.9 does ...)
	{DSA-3252-2 DSA-3252-1}
	- sqlite3 3.8.9-1 (bug #783968)
	[squeeze] - sqlite3 <not-affected> (Can't reproduce the issue)
	NOTE: http://www.sqlite.org/src/info/c494171f77dc2e5e
	NOTE: http://seclists.org/bugtraq/2015/Apr/97
	NOTE: https://lists.debian.org/debian-lts/2015/06/msg00031.html
CVE-2015-3415 (The sqlite3VdbeExec function in vdbe.c in SQLite before 3.8.9 does not ...)
	{DSA-3252-1}
	- sqlite3 3.8.9-1 (bug #783968)
	[wheezy] - sqlite3 <not-affected> (Vulnerable code not present)
	[squeeze] - sqlite3 <not-affected> (Vulnerable code not present)
	NOTE: https://www.sqlite.org/src/info/02e3c88fbf6abdcf
	NOTE: http://seclists.org/bugtraq/2015/Apr/97
CVE-2015-3414 (SQLite before 3.8.9 does not properly implement the dequoting of ...)
	{DSA-3252-1}
	- sqlite3 3.8.9-1 (bug #783968)
	[wheezy] - sqlite3 <not-affected> (Can't reproduce the issue)
	[squeeze] - sqlite3 <not-affected> (Can't reproduce the issue)
	NOTE: https://www.sqlite.org/src/info/eddc05e7bb31fae7
	NOTE: http://seclists.org/bugtraq/2015/Apr/97
CVE-2015-3306 (The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read ...)
	{DSA-3263-1}
	- proftpd-dfsg 1.3.5-2 (bug #782781)
	[squeeze] - proftpd-dfsg <not-affected> (mod_copy not available in version 1.3.3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/15/2
	NOTE: https://github.com/proftpd/proftpd/pull/109
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=4169
	NOTE: https://cxsecurity.com/issue/WLB-2015040075
CVE-2015-3331 (The __driver_rfc4106_decrypt function in ...)
	{DSA-3237-1}
	- linux 3.16.7-ckt9-3 (bug #782561)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in v2.6.38-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/16
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ccfe8c3f7e52ae83155cb038753f4c75b774ca8a (v4.0-rc5)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0bd82f5f6355775fbaf7d3c664432ce1b862be1e (v2.6.38-rc1)
CVE-2015-3332 (A certain backport in the TCP Fast Open implementation for the Linux ...)
	- linux 3.16.7-ckt9-3 (bug #782515)
	[jessie] - linux 3.16.7-ckt9-3~deb8u1
	[wheezy] - linux <not-affected> (TCP Fast Open introduced in v3.6-rc1)
	- linux-2.6 <not-affected> (TCP Fast Open introduced in v3.6-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/14/14
	NOTE: http://thread.gmane.org/gmane.linux.network/359588
CVE-2016-4353 (ber-decoder.c in Libksba before 1.3.3 does not properly handle decoder ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=07116a314f4dcd4d96990bbd74db95a03a9f650a
CVE-2016-4355 (Multiple integer overflows in ber-decoder.c in Libksba before 1.3.3 ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4354 (ber-decoder.c in Libksba before 1.3.3 uses an incorrect integer data ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=aea7b6032865740478ca4b706850a5217f1c3887
CVE-2016-4356 (The append_utf8_value function in the DN decoder (dn.c) in Libksba ...)
	- libksba 1.3.3-1 (low)
	[jessie] - libksba 1.3.2-1+deb8u1
	[wheezy] - libksba <no-dsa> (Minor issue)
	[squeeze] - libksba <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/5
	NOTE: http://www.openwall.com/lists/oss-security/2016/04/29/5
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=243d12fdec66a4360fbb3e307a046b39b5b4ffc3
CVE-2015-3310 (Buffer overflow in the rc_mksid function in plugins/radius/util.c in ...)
	{DSA-3228-1 DLA-205-1}
	- ppp 2.4.6-3.1 (bug #782450)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/4
	NOTE: Patch: https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=17;filename=ppp_2.4.6-3.1-nmu.diff;att=1;bug=782450
CVE-2015-5621 (The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and ...)
	{DSA-4154-1 DLA-1317-1}
	- net-snmp 5.7.3+dfsg-1.1 (bug #788964)
	[squeeze] - net-snmp <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/13/1
	NOTE: Upstream patch: https://sourceforge.net/p/net-snmp/code/ci/f23bcd3ac6ddee5d0a48f9703007ccc738914791/
	NOTE: https://sourceforge.net/p/net-snmp/bugs/2615/ (currently not public)
CVE-2015-4085 (Directory traversal vulnerability in node/hooks/express/tests.js in ...)
	- etherpad-lite <itp> (bug #576998)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/11/10
CVE-2015-3297 (Directory traversal vulnerability in node/utils/Minify.js in Etherpad ...)
	- etherpad-lite <itp> (bug #576998)
CVE-2015-3010 (ceph-deploy before 1.5.23 uses weak permissions (644) for ...)
	- ceph-deploy <not-affected> (Fixed with initial upload to Debian)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/9
CVE-2015-3405 (ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 ...)
	{DSA-3223-1 DLA-192-1}
	- ntp 1:4.2.6.p5+dfsg-7
	NOTE: https://bugs.ntp.org/show_bug.cgi?id=2797
	NOTE: Patch: http://bk1.ntp.org/ntp-stable/?PAGE=patch&REV=55199296N2gFqH1Hm5GOnhrk9Ypygg
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/09/5
CVE-2015-3008 (Asterisk Open Source 1.8 before 1.8.32.3, 11.x before 11.17.1, 12.x ...)
	{DSA-3700-1 DLA-455-1}
	- asterisk 1:13.7.2~dfsg-1 (bug #782411)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2015-003.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24847
	NOTE: Patch: https://issues.asterisk.org/jira/secure/attachment/52082/asterisk-null-in-cn.patch
CVE-2015-3007 (The Juniper SRX Series services gateways with Junos OS 12.1X46 before ...)
	NOT-FOR-US: Juniper
CVE-2015-3006
	RESERVED
CVE-2015-3005 (Cross-site scripting (XSS) vulnerability in the Dynamic VPN in Juniper ...)
	NOT-FOR-US: Juniper
CVE-2015-3004 (J-Web in Juniper Junos 11.4 before 11.4R12, 12.1X44 before ...)
	NOT-FOR-US: Juniper
CVE-2015-3003 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
	NOT-FOR-US: Juniper
CVE-2015-3002 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D30, ...)
	NOT-FOR-US: Juniper
CVE-2015-3001 (SysAid Help Desk before 15.2 uses a hardcoded password of Password1 ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-3000 (SysAid Help Desk before 15.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2999 (Multiple SQL injection vulnerabilities in SysAid Help Desk before 15.2 ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2998 (SysAid Help Desk before 15.2 uses a hardcoded encryption key, which ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2997 (SysAid Help Desk before 15.2 allows remote attackers to obtain ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2996 (Multiple directory traversal vulnerabilities in SysAid Help Desk ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2995 (The RdsLogsEntry servlet in SysAid Help Desk before 15.2 does not ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2994 (Unrestricted file upload vulnerability in ChangePhoto.jsp in SysAid ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2993 (SysAid Help Desk before 15.2 does not properly restrict access to ...)
	NOT-FOR-US: SysAid Help Desk
CVE-2015-2992
	RESERVED
	- libstruts1.2-java <not-affected> (Affects 2.0.0 - 2.3.16.3)
CVE-2015-2991 (Buffer overflow in NScripter before 3.00 allows remote attackers to ...)
	NOT-FOR-US: NScripter
CVE-2015-2990 (Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO ...)
	NOT-FOR-US: desknet NEO
CVE-2015-2989 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
	NOT-FOR-US: LEMON-S
CVE-2015-2988 (Rakuten card App for iOS 5.2.0 through 5.2.4 does not verify SSL ...)
	NOT-FOR-US: Rakuten card App for iOS
CVE-2015-2987 (Type74 ED before 4.0 misuses 128-bit ECB encryption for small files, ...)
	NOT-FOR-US: Type74 ED
CVE-2015-2986 (Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji ...)
	NOT-FOR-US: hitSuji
CVE-2015-2985 (Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 ...)
	NOT-FOR-US: guide-park.com BBS
CVE-2015-2984 (I-O DATA DEVICE WN-G54/R2 routers with firmware before 1.03 and ...)
	NOT-FOR-US: I-O DATA
CVE-2015-2983 (Cross-site request forgery (CSRF) vulnerability in admin.php in PHP ...)
	NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2982 (Cross-site scripting (XSS) vulnerability in jquery.lightbox-0.5.min.js ...)
	NOT-FOR-US: Kobo Photo Gallery CMS
CVE-2015-2981 (The Yodobashi App for Android 1.2.1.0 and earlier does not verify ...)
	NOT-FOR-US: Yodobashi App for Android
CVE-2015-2980 (The Yodobashi application 1.2.1.0 and earlier for Android allows ...)
	NOT-FOR-US: Yodobashi application for Android
CVE-2015-2979 (Webservice-DIC yoyaku_v41 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webservice-DIC yoyaku_v41
CVE-2015-2978 (Webservice-DIC yoyaku_v41 allows remote attackers to bypass ...)
	NOT-FOR-US: Webservice-DIC yoyaku_v41
CVE-2015-2977 (Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary ...)
	NOT-FOR-US: Webservice-DIC yoyaku_v41
CVE-2015-2976 (Multiple cross-site scripting (XSS) vulnerabilities in Research ...)
	NOT-FOR-US: Research Artisan Lite
CVE-2015-2975 (Research Artisan Lite before 1.18 does not ensure that a user has ...)
	NOT-FOR-US: Research Artisan Lite
CVE-2015-2974 (LEMON-S PHP Gazou BBS plus before 2.36 allows remote attackers to ...)
	NOT-FOR-US: LEMON-S PHP Gazou BBS
CVE-2015-2973 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
	NOT-FOR-US: Welcart plugin for WordPress
CVE-2015-2972 (Multiple SQL injection vulnerabilities in Sysphonic Thetis before ...)
	NOT-FOR-US: Syshonic Thetis
CVE-2015-2971 (Directory traversal vulnerability in Seeds acmailer before 3.8.18 and ...)
	NOT-FOR-US: Seeds acmailer
CVE-2015-2970 (index.php in LEMON-S PHP Simple Oekaki BBS before 1.21 allows remote ...)
	NOT-FOR-US: Oekaki BBS
CVE-2015-2969 (Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP ...)
	NOT-FOR-US: Oekaki BBS
CVE-2015-2968
	RESERVED
CVE-2015-2966 (Directory traversal vulnerability in the Droidware UK Explorer+ File ...)
	NOT-FOR-US: Droidware UK Explorer+ File Manager application for Android
CVE-2015-2965 (Directory traversal vulnerability in osCommerce Japanese 2.2ms1j-R8 ...)
	NOT-FOR-US: osCommerce Japanese
CVE-2015-2964 (NAMSHI | JOSE 5.0.0 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: NAMSHI | JOSE
CVE-2015-2963 (The thoughtbot paperclip gem before 4.2.2 for Ruby does not consider ...)
	NOT-FOR-US: thoughtbot paperclip gem for ruby
CVE-2015-2962 (CGI RESCUE BloBee 1.20 and earlier allows remote attackers to write to ...)
	NOT-FOR-US: CGI RESCUE BloBee
CVE-2015-2961 (Cross-site request forgery (CSRF) vulnerability in Zoho NetFlow ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2960 (Cross-site scripting (XSS) vulnerability in Zoho NetFlow Analyzer ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2959 (Zoho NetFlow Analyzer build 10250 and earlier does not check for ...)
	NOT-FOR-US: Zoho NetFlow Analyzer
CVE-2015-2958 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2957 (Cross-site scripting (XSS) vulnerability in Igreks MilkyStep Light ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2956 (SQL injection vulnerability in Igreks MilkyStep Light 0.94 and earlier ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2955 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2954 (Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2953 (Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2952 (The user-information management functionality in Igreks MilkyStep ...)
	NOT-FOR-US: Igreks MilkyStep
CVE-2015-2951 (JWT.php in F21 JWT before 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PHP JWT aibrary
CVE-2015-2950 (Directory traversal vulnerability in the Brandon Bowles Open Explorer ...)
	NOT-FOR-US: Brandon Bowles Open Explorer application for Android
CVE-2015-2949 (Cross-site scripting (XSS) vulnerability in ZenPhoto20 1.1.3 and ...)
	NOT-FOR-US: ZenPhoto20
CVE-2015-2948 (Cross-site scripting (XSS) vulnerability in the image processor in ...)
	NOT-FOR-US: Zenphoto
CVE-2015-2947 (KanColleViewer versions 3.8.1 and earlier operates as an open proxy ...)
	NOT-FOR-US: KanColleViewer
CVE-2015-2946 (Stack-based buffer overflow in the Open CAD Format Council SXF common ...)
	NOT-FOR-US: Open CAD Format Council SXF common library
CVE-2015-2945 (mt-phpincgi.php in Hajime Fujimoto mt-phpincgi before 2015-05-15 does ...)
	NOT-FOR-US: Hajime Fujimoto mt-phpincgi
CVE-2015-2944 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Sling ...)
	NOT-FOR-US: Apache Sling
CVE-2015-2943 (Honda Moto LINC 1.6.1 does not verify SSL certificates. ...)
	NOT-FOR-US: Honda Moto LINC
CVE-2015-3026 (Icecast before 2.4.2, when a stream_auth handler is defined for URL ...)
	{DSA-3239-1}
	- icecast2 2.4.2-1 (bug #782120)
	[wheezy] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
	[squeeze] - icecast2 <not-affected> (stream_auth introduced in 2.3.3)
	NOTE: https://trac.xiph.org/ticket/2191
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/8
CVE-2014-9715 (include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem ...)
	{DSA-3237-1}
	- linux 3.14.5-1 (bug #741667)
	- linux-2.6 <not-affected> (Introduced in 3.6)
	NOTE: http://marc.info/?l=netfilter-devel&m=140112364215200&w=2
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=223b02d923ecd7c84cf9780bb3686f455d279279 (v3.15-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b423f6a40a0327f9d40bc8b97ce9be266f74368 (v3.6-rc5)
	NOTE: Introduced in 3.2.x in https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?id=cc1b75d796ad050c83c95733c4220aaa04fa1304 (v3.2.33)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/1
CVE-2013-7439 (Multiple off-by-one errors in the (1) MakeBigReq and (2) SetReqLen ...)
	{DSA-3224-1 DLA-199-1}
	- libx11 2:1.6.0-1
	NOTE: http://cgit.freedesktop.org/xorg/lib/libX11/commit/?id=39547d600a13713e15429f49768e54c3173c828d
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=56508
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/08/4
	NOTE: The following packages will be recompiled after the release of
	NOTE: the DSA for wheezy and the DLA for squeeze:
	NOTE: libxrender (1:0.9.7-1+deb7u2 / 0.9.6-1+squeeze1+build1)
	NOTE: libxi (TBD / 1.3-8+build1)
	NOTE: libxfixes (TBD / 4.0.5-1+squeeze1+build1)
	NOTE: libxrandr (TBD / 1.3.0-3+squeeze1+build1)
	NOTE: libsdl1.2 (TBD / 1.2.14-6.1+build1)
	NOTE: libxv (TBD / 1.0.5-1+squeeze1+build1)
	NOTE: libxp (TBD / 1.0.0.xsf1-2+squeeze1+build1)
	NOTE: libxext (TBD / 1.1.2-1+squeeze1+build1)
	NOTE: xserver-xorg-video-vmware (TBD / 11.0.1-2+build1)
	NOTE: cairo (TBD / 1.8.10-6+build1)
	NOTE: open-vm-tools (TBD / 8.4.2-261024-1+build1)
	NOTE: wine-gecko-1.4 (wheezy)
	NOTE: list completed by analyzing http://codesearch.debian.net/results/SetReqLen and http://codesearch.debian.net/results/MakeBigReq
CVE-2015-3030 (The web interface in McAfee Advanced Threat Defense (MATD) before ...)
	NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-3029 (The web interface in McAfee Advanced Threat Defense (MATD) before ...)
	NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-3028 (McAfee Advanced Threat Defense (MATD) before 3.4.4.63 allows remote ...)
	NOT-FOR-US: McAfee Advanced Threat Defense
CVE-2015-2930
	RESERVED
CVE-2015-2926 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: phpTrafficA
CVE-2014-9714 (Cross-site scripting (XSS) vulnerability in the ...)
	- hhvm 3.11.0+dfsg-1
	NOTE: https://github.com/facebook/hhvm/commit/324701c9fd31beb4f070f1b7ef78b115fbdfec34
CVE-2015-3406 [unsigned files interpreted as signed in some circumstances]
	RESERVED
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3407 (Module::Signature before 0.74 allows remote attackers to bypass ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: libtest-signature-perl needed to be updated
CVE-2015-3408 (Module::Signature before 0.74 allows remote attackers to execute ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/8a9164596fa5952d4fbcde5aa1c7d1c7bc85372f
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-3409 (Untrusted search path vulnerability in Module::Signature before 0.75 ...)
	{DSA-3261-1 DLA-264-1}
	- libmodule-signature-perl 0.78-1 (bug #783451)
	NOTE: Upstream fix: https://github.com/audreyt/module-signature/commit/c41e8885b862b9fce2719449bc9336f0bea658ef
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/07/1
	NOTE: Changes might needed in libtest-signature-perl, need further investigation
CVE-2015-2921
	RESERVED
CVE-2015-2920
	RESERVED
CVE-2015-2919
	RESERVED
CVE-2015-2918 (The Studio component in OrientDB Server Community Edition before ...)
	NOT-FOR-US: OrientDB
CVE-2015-2917 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2916 (Cross-site request forgery (CSRF) vulnerability on Securifi Almond ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2915 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2914 (Securifi Almond devices with firmware before AL1-R201EXP10-L304-W34 ...)
	NOT-FOR-US: Securifi Almond
CVE-2015-2913 (server/network/protocol/http/OHttpSessionManager.java in the Studio ...)
	NOT-FOR-US: OrientDB
CVE-2015-2912 (The JSONP endpoint in the Studio component in OrientDB Server ...)
	NOT-FOR-US: OrientDB
CVE-2015-2911
	RESERVED
CVE-2015-2910
	RESERVED
CVE-2015-2909
	RESERVED
CVE-2015-2908 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with ...)
	NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2907 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with ...)
	NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2906 (** DISPUTED ** Mobile Devices (aka MDI) C4 OBD-II dongles with ...)
	NOT-FOR-US: Mobile Devices (aka MDI) C4 OBD-II dongles
CVE-2015-2905 (Cross-site request forgery (CSRF) vulnerability on Actiontec GT784WN ...)
	NOT-FOR-US: Actiontec
CVE-2015-2904 (Actiontec GT784WN modems with firmware before NCS01-1.0.13 have ...)
	NOT-FOR-US: Actiontec
CVE-2015-2903 (The CWSAPI SOAP service in HP ArcSight SmartConnectors before 7.1.6 ...)
	NOT-FOR-US: HP ArcSight
CVE-2015-2902 (HP ArcSight SmartConnectors before 7.1.6 do not verify X.509 ...)
	NOT-FOR-US: HP ArcSight
CVE-2015-2901 (Multiple stack-based buffer overflows in Medicomp MEDCIN Engine ...)
	NOT-FOR-US: Medicomp
CVE-2015-2900 (The AddUserFinding add_userfinding2 function in Medicomp MEDCIN Engine ...)
	NOT-FOR-US: Medicomp
CVE-2015-2899 (Heap-based buffer overflow in the QualifierList ...)
	NOT-FOR-US: Medicomp
CVE-2015-2898 (Multiple stack-based buffer overflows in Medicomp MEDCIN Engine before ...)
	NOT-FOR-US: Medicomp
CVE-2015-2897 (Sierra Wireless ALEOS before 4.4.2 on AirLink ES, GX, and LS devices ...)
	NOT-FOR-US: Sierra Wireless ALEOS
CVE-2015-2896 (The up.time client in Idera Uptime Infrastructure Monitor through 7.6 ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-2895 (Buffer overflow in the up.time client in Idera Uptime Infrastructure ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-2894 (Format string vulnerability in the up.time client in Idera Uptime ...)
	NOT-FOR-US: Idera Uptime Infrastructure Monitor
CVE-2015-2893
	RESERVED
CVE-2015-2892
	RESERVED
CVE-2015-2891
	RESERVED
CVE-2015-2890 (The BIOS implementation on Dell Latitude, OptiPlex, Precision Mobile ...)
	NOT-FOR-US: BIOS implementations on Dell hardware with model-dependent firmware
CVE-2015-2889 (Summer Baby Zoom Wifi Monitor &amp; Internet Viewing System allows remote ...)
	NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
CVE-2015-2888 (Summer Baby Zoom Wifi Monitor &amp; Internet Viewing System allows remote ...)
	NOT-FOR-US: Summer Baby Zoom Wifi Monitor and Internet Viewing System
CVE-2015-2887 (iBaby M3S has a password of admin for the backdoor admin account. ...)
	NOT-FOR-US: iBaby M3S
CVE-2015-2886 (iBaby M6 allows remote attackers to obtain sensitive information, ...)
	NOT-FOR-US: iBaby M6
CVE-2015-2885 (Lens Peek-a-View has a password of 2601hx for the backdoor admin ...)
	NOT-FOR-US: Lens Peek-a-View
CVE-2015-2884 (Philips In.Sight B120/37 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Philips In.Sight B120/37
CVE-2015-2883 (Philips In.Sight B120/37 has XSS, related to the Weaved cloud web ...)
	NOT-FOR-US: Philips In.Sight B120/37
CVE-2015-2882 (Philips In.Sight B120/37 has a password of b120root for the backdoor ...)
	NOT-FOR-US: Philips In.Sight B120/37
CVE-2015-2881 (Gynoii has a password of guest for the backdoor guest account and a ...)
	NOT-FOR-US: Gynoii
CVE-2015-2880 (TRENDnet WiFi Baby Cam TV-IP743SIC has a password of admin for the ...)
	NOT-FOR-US: TRENDnet WiFi Baby Cam TV-IP743SIC
CVE-2015-2879
	RESERVED
CVE-2015-2878 (Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis ...)
	NOT-FOR-US: Hexis HawkEye
CVE-2015-2877 (** DISPUTED ** Kernel Samepage Merging (KSM) in the Linux kernel ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi
	NOTE: http://www.antoniobarresi.com/security/cloud/2015/07/30/cain/
	NOTE: Architectual limitation, workaround exists
CVE-2015-2876 (Unrestricted file upload vulnerability on Seagate GoFlex Satellite, ...)
	NOT-FOR-US: Seagate GoFlex
CVE-2015-2875 (Absolute path traversal vulnerability on Seagate GoFlex Satellite, ...)
	NOT-FOR-US: Seagate GoFlex
CVE-2015-2874 (Seagate GoFlex Satellite, Seagate Wireless Mobile Storage, Seagate ...)
	NOT-FOR-US: Seagate GoFlex
CVE-2015-2873 (Trend Micro Deep Discovery Inspector (DDI) on Deep Discovery Threat ...)
	NOT-FOR-US: Trend Micro
CVE-2015-2872 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2015-2871 (Chiyu BF-660C fingerprint access-control devices allow remote ...)
	NOT-FOR-US: Chiyu BF-660C fingerprint access-control devices
CVE-2015-2870 (Cross-site scripting (XSS) vulnerability on Chiyu BF-630, BF-630W, and ...)
	NOT-FOR-US: Chiyu fingerprint access-control devices
CVE-2015-2869 (The FileInfo plugin before 2.22 for Ghisler Total Commander allows ...)
	NOT-FOR-US: Ghisler Total Commander
CVE-2015-2868 (An exploitable remote code execution vulnerability exists in the Trane ...)
	NOT-FOR-US: Trane
CVE-2015-2867 (A design flaw in the Trane ComfortLink II SCC firmware version 2.0.2 ...)
	NOT-FOR-US: Trane
CVE-2015-2866 (SQL injection vulnerability on the Grandstream GXV3611_HD camera with ...)
	NOT-FOR-US: Grandstream camera
CVE-2015-2865
	REJECTED
CVE-2015-2864 (Retrospect and Retrospect Client before 10.0.2.119 on Windows, before ...)
	NOT-FOR-US: Retrospect Client
CVE-2015-2863 (Open redirect vulnerability in Kaseya Virtual System Administrator ...)
	NOT-FOR-US: Kaseya VSA
CVE-2015-2862 (Directory traversal vulnerability in Kaseya Virtual System ...)
	NOT-FOR-US: Kaseya VSA
CVE-2015-2861 (Cross-site request forgery (CSRF) vulnerability in Vesta Control Panel ...)
	NOT-FOR-US: Vesta Control Panel
CVE-2015-2860 (Directory traversal vulnerability in Avigilon Control Center (ACC) 4 ...)
	NOT-FOR-US: Avigilon Control Center
CVE-2015-2859 (Intel McAfee ePolicy Orchestrator (ePO) 4.x through 4.6.9 and 5.x ...)
	NOT-FOR-US: Intel McAfee ePolicy Orchestrator
CVE-2015-2858 (Datalex airline booking software before 2015-09-03 allows remote ...)
	NOT-FOR-US: Datalex airline booking software
CVE-2015-2857 (Accellion File Transfer Appliance before FTA_9_11_210 allows remote ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2015-2856 (Directory traversal vulnerability in the template function in ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2015-2855 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2854 (The WebUI component in Blue Coat SSL Visibility Appliance SV800, ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2853 (Session fixation vulnerability in the WebUI component in Blue Coat SSL ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2852 (Cross-site request forgery (CSRF) vulnerability in the WebUI component ...)
	NOT-FOR-US: Blue Coat SSL Visibility Appliance
CVE-2015-2851 (client_chown in the sync client in Synology Cloud Station 1.1-2291 ...)
	NOT-FOR-US: Synology Cloud Station
CVE-2015-2850 (Cross-site scripting (XSS) vulnerability in index-login.ant in the ...)
	NOT-FOR-US: ANTlabs
CVE-2015-2849 (SQL injection vulnerability in main.ant in the ANTlabs InnGate ...)
	NOT-FOR-US: ANTlabs
CVE-2015-2848 (Cross-site request forgery (CSRF) vulnerability in Honeywell Tuxedo ...)
	NOT-FOR-US: Honeywell Tuxedo Touch
CVE-2015-2847 (Honeywell Tuxedo Touch before 5.2.19.0_VA relies on client-side ...)
	NOT-FOR-US: Honeywell Tuxedo Touch
CVE-2015-2846 (BitTorrent Sync allows remote attackers to execute arbitrary commands ...)
	- btsync <itp> (bug #706639)
CVE-2015-2845 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2844 (The cpanel function in go_site.php in GoAutoDial GoAdmin CE before ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2843 (Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2842 (Unrestricted file upload vulnerability in go_audiostore.php in the ...)
	NOT-FOR-US: GoAutoDial GoAdmin CE
CVE-2015-2841 (Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2840 (Cross-site scripting (XSS) vulnerability in help/rt/large_search.html ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2839 (The Nitro API in Citrix NetScaler before 10.5 build 52.3nc uses an ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2838 (Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2015-2929 [Dos against tor client; client to crash with an assertion failure]
	RESERVED
	{DSA-3216-1 DLA-187-1}
	- tor 0.2.5.12-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/15601
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2928 [DoS against hidden services]
	RESERVED
	{DSA-3216-1 DLA-187-1}
	- tor 0.2.5.12-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/15600
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/06/5
CVE-2015-2837
	RESERVED
CVE-2015-2836
	RESERVED
CVE-2015-2835
	RESERVED
CVE-2015-2834
	RESERVED
CVE-2015-2833
	RESERVED
CVE-2015-2832
	RESERVED
CVE-2015-2927 (node 0.3.2 and URONode before 1.0.5r3 allows remote attackers to cause ...)
	- node <removed> (bug #777013)
	[jessie] - node <no-dsa> (Minor issue)
	[squeeze] - node <no-dsa> (Minor issue)
	[wheezy] - node <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/03/10
CVE-2015-XXXX [caja automounts USB flash drives and CD/DVD drives while session is locked]
	- caja 1.8.2-4 (bug #781608)
	[jessie] - caja 1.8.2-3+deb8u1
	NOTE: https://github.com/mate-desktop/caja/issues/398
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/03/12
CVE-2015-3013 (ownCloud Server before 5.0.19, 6.x before 6.0.7, and 7.x before 7.0.5 ...)
	{DSA-3244-1}
	[experimental] - owncloud 7.0.5+dfsg-1
	- owncloud 7.0.4+dfsg-3
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-004
CVE-2015-3012 (Multiple cross-site scripting (XSS) vulnerabilities in WebODF before ...)
	{DSA-3244-1}
	[experimental] - owncloud 7.0.5+dfsg-1
	- owncloud 7.0.4+dfsg-3
	- owncloud-documents <not-affected> (Fixed before initial release to Debian)
	- webodf <itp> (bug #727529)
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-002
CVE-2015-3011 (Multiple cross-site scripting (XSS) vulnerabilities in the contacts ...)
	{DSA-3244-1}
	[experimental] - owncloud 7.0.5+dfsg-1
	- owncloud 7.0.4+dfsg-3
	- ownclound-contacts <itp> (bug #779055)
	NOTE: owncloud-contacts fixed in 0.3.0.18+8.0.0+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2015-001
CVE-2015-8855 (The semver package before 4.3.2 for Node.js allows attackers to cause ...)
	- node-semver 5.3.0-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/semver_redos
	NOTE: https://github.com/npm/npm/releases/tag/v2.7.5
	NOTE: libv8 is not covered by security support
CVE-2015-2925 (The prepend_path function in fs/dcache.c in the Linux kernel before ...)
	{DLA-325-1}
	- linux 4.2.1-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u4
	[wheezy] - linux 3.2.68-1+deb7u5
	- linux-2.6 <removed>
	NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29173
	NOTE: http://permalink.gmane.org/gmane.linux.kernel.containers/29177
CVE-2015-2924 (The receive_ra function in rdisc/nm-lndp-rdisc.c in the Neighbor ...)
	- network-manager 1.0.2-1 (bug #783295)
	[jessie] - network-manager <no-dsa> (Minor issue)
	[wheezy] - network-manager <no-dsa> (Minor issue)
	[squeeze] - network-manager <no-dsa> (Minor issue)
CVE-2015-2923 [IPv6 Hop limit lowering via RA messages]
	RESERVED
	{DSA-3175-2}
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-4 (bug #782107)
	[jessie] - kfreebsd-10 <no-dsa> (kfreebsd not a release arch)
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://lists.freebsd.org/pipermail/freebsd-net/2015-April/041934.html
CVE-2015-2922 (The ndisc_router_discovery function in net/ipv6/ndisc.c in the ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a
CVE-2015-2829 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2015-2828 (CA Spectrum 9.2.x and 9.3.x before 9.3 H02 does not properly validate ...)
	NOT-FOR-US: CA Spectrum
CVE-2015-2827 (Cross-site scripting (XSS) vulnerability in CA Spectrum 9.2.x and ...)
	NOT-FOR-US: CA Spectrum
CVE-2015-2826 (WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote ...)
	NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2825 (Unrestricted file upload vulnerability in sam-ajax-admin.php in the ...)
	NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2824 (Multiple SQL injection vulnerabilities in the Simple Ads Manager ...)
	NOT-FOR-US: WordPress plugin simple-ads-manager
CVE-2015-2823 (Siemens SIMATIC HMI Basic Panels 2nd Generation before WinCC (TIA ...)
	NOT-FOR-US: Siemens
CVE-2015-2822 (Siemens SIMATIC HMI Comfort Panels before WinCC (TIA Portal) 13 SP1 ...)
	NOT-FOR-US: Siemens
CVE-2015-2821 (TYPO3 Neos 1.1.x before 1.1.3 and 1.2.x before 1.2.3 allows remote ...)
	NOT-FOR-US: TYPO3 Neos
CVE-2015-2820 (Buffer overflow in XcListener in SAP Afaria 7.0.6001.5 allows remote ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-2819 (SAP Sybase SQL Anywhere 11 and 16 allows remote attackers to cause a ...)
	NOT-FOR-US: SAP Sybase SQL Anywhere
CVE-2015-2818 (XML external entity (XXE) vulnerability in SAP Mobile Platform 3 ...)
	NOT-FOR-US: SAP Mobile Platform
CVE-2015-2817 (The SAP Management Console in SAP NetWeaver 7.40 allows remote ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2015-2816 (The XcListener in SAP Afaria 7.0.6001.5 does not properly restrict ...)
	NOT-FOR-US: SAP Afaria
CVE-2015-2815 (Buffer overflow in the C_SAPGPARAM function in the NetWeaver ...)
	NOT-FOR-US: NetWeaver Dispatcher in SAP KERNEL
CVE-2015-2814 (SAP EMR Unwired (com.sap.mobile.healthcare.emr.v2) and Clinical Task ...)
	NOT-FOR-US: SAP EMR Unwired and Clinical Task Tracker
CVE-2015-2813 (XML external entity (XXE) vulnerability in SAP Mobile Platform allows ...)
	NOT-FOR-US: SAP Mobile Platform
CVE-2015-2812 (XML external entity (XXE) vulnerability in XMLValidationComponent in ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2811 (XML external entity (XXE) vulnerability in ReportXmlViewer in SAP ...)
	NOT-FOR-US: SAP NetWeaver Portal
CVE-2015-2830 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=956421fbb74c3a6261903f3836c0740187cf038b (v4.0-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/02/1
CVE-2015-XXXX [Signature Bypass in several JSON Web Token Libraries]
	- pyjwt 1.3.0-1 (bug #781640)
	[jessie] - pyjwt 0.2.1-1+deb8u1
	NOTE: Added workaround item to reflect entry fixed status, remove once CVE assigned
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/04/01/4
	NOTE: https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
	NOTE: ruby-jwt not directly affected, see https://github.com/jwt/ruby-jwt/issues/76
CVE-2015-2810 (Integer overflow in the HwpApp::CHncSDS_Manager function in Hancom ...)
	NOT-FOR-US: Hancom Office Hwp
CVE-2015-2809 (The Multicast DNS (mDNS) responder in Synology DiskStation Manager ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2015-2808 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, does ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	NOTE: This CVE is specific to the design of the RC4 protocol and not to its
	NOTE: implementations.
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2807 (Cross-site scripting (XSS) vulnerability in js/window.php in the Navis ...)
	NOT-FOR-US: Navis DocumentCloud plugin for WordPress
CVE-2015-2831 (Buffer overflow in das_watchdog 0.9.0 allows local users to execute ...)
	{DSA-3221-1 DLA-194-1}
	- das-watchdog 0.9.0-3.1 (bug #781806)
	NOTE: Upstream commit: https://github.com/kmatheussen/das_watchdog/commit/bd20bb02e75e2c
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/8
CVE-2015-2805 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Alcatel-Lucent OmniSwitch
CVE-2015-2804 (The management web interface in Alcatel-Lucent OmniSwitch 6450, 6250, ...)
	NOT-FOR-US: Alcatel-Lucent OmniSwitch
CVE-2015-2803 (SQL injection vulnerability in mod1/index.php in the Akronymmanager ...)
	NOT-FOR-US: TYPO3 extension sb_akronymmanager
CVE-2015-2802
	RESERVED
CVE-2015-2801
	RESERVED
CVE-2015-2800 (The user authentication module in Huawei Campus switches S5700, S5300, ...)
	NOT-FOR-US: Huawei
CVE-2015-2799
	RESERVED
CVE-2015-2798 (SQL injection vulnerability in Joomla! Component Contact Form Maker ...)
	NOT-FOR-US: Joomla! extension
CVE-2015-2797 (Stack-based buffer overflow in AirTies Air 6372, 5760, 5750, 5650TT, ...)
	NOT-FOR-US: AirTies Air DSL modems
CVE-2015-2796 (Multiple cross-site scripting (XSS) vulnerabilities in Project-Pier ...)
	NOT-FOR-US: Project-Pier ProjectPier-Core
CVE-2015-2795
	RESERVED
CVE-2015-2794 (The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote ...)
	NOT-FOR-US: DotNetNuke
CVE-2015-2792 (The WPML plugin before 3.1.9 for WordPress does not properly handle ...)
	NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2791 (The &quot;menu sync&quot; function in the WPML plugin before 3.1.9 for WordPress ...)
	NOT-FOR-US: WPML plugin for WordPress
CVE-2015-2790 (Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1 allow ...)
	NOT-FOR-US: Foxit Reader, Enterprise Reader, and PhantomPDF
CVE-2015-2789 (Unquoted Windows search path vulnerability in the Foxit Cloud Safe ...)
	NOT-FOR-US: Foxit Reader
CVE-2015-XXXX [xdeb: disables apt's signature checks]
	- xdeb 0.6.7 (bug #781595)
	[wheezy] - xdeb <no-dsa> (Minor issue)
CVE-2015-2931 (Incomplete blacklist vulnerability in includes/upload/UploadBase.php ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2932 (Incomplete blacklist vulnerability in MediaWiki before 1.19.24, 1.2x ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2933 (Cross-site scripting (XSS) vulnerability in the Html class in ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2934 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2935 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2936 (MediaWiki 1.24.x before 1.24.2, when using PBKDF2 for password ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2937 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2938 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2939 (Cross-site scripting (XSS) vulnerability in the Scribunto extension ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2940 (Cross-site request forgery (CSRF) vulnerability in the CheckUser ...)
	- mediawiki 1:1.19.20+dfsg-2.3
	[wheezy] - mediawiki <end-of-life> (Not supported in Wheezy LTS)
	[squeeze] - mediawiki <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2941 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, ...)
	- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
	NOTE: HHVM not packaged in Debian
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2942 (MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before ...)
	- mediawiki 1:1.19.20+dfsg-2.3 (unimportant)
	NOTE: HHVM not packaged in Debian
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/01/1
CVE-2015-2786 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) before 1.8.4 ...)
	NOT-FOR-US: MyBB
CVE-2015-2784
	RESERVED
CVE-2015-2783 (ext/phar/phar.c in PHP before 5.4.40, 5.5.x before 5.5.24, and 5.6.x ...)
	{DSA-3280-1 DLA-212-1}
	- php5 5.6.9+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69324
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=17cbd0b5b78a7500f185b3781a2149881bfff8ae
	NOTE: Fixed in 5.6.8 and 5.4.40
CVE-2015-2781 (Cross-site scripting (XSS) vulnerability in cgi-bin/hotspotlogin.cgi ...)
	NOT-FOR-US: Hotspot Express hotEx Billing Manager
CVE-2015-2780 (Unrestricted file upload vulnerability in Berta CMS allows remote ...)
	NOT-FOR-US: Berta CMS
CVE-2015-2777
	RESERVED
CVE-2015-2775 (Directory traversal vulnerability in GNU Mailman before 2.1.20, when ...)
	{DSA-3214-1 DLA-186-1}
	- mailman 1:2.1.18-2 (bug #781626)
	NOTE: https://bugs.launchpad.net/mailman/+bug/1437145
	NOTE: https://mail.python.org/pipermail/mailman-developers/2015-March/024875.html
CVE-2015-2773 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2772 (SVM in Websense TRITON V-Series appliances before 8.0.0 allows ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2771 (The Mail Server in Websense TRITON AP-EMAIL and V-Series appliances ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL and V-Series appliances
CVE-2015-2770 (Cross-site request forgery (CSRF) vulnerability in the command line ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2015-2769 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2768 (Cross-site scripting (XSS) vulnerability in Websense TRITON AP-EMAIL ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2767 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2766 (The Personal Email Manager (PEM) in Websense TRITON AP-EMAIL before ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2765 (The Email Security Gateway in Websense TRITON AP-EMAIL before 8.0.0 ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2764 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
	NOT-FOR-US: Websense TRITON AP-DATA
CVE-2015-2763 (Unspecified vulnerability in Websense TRITON AP-EMAIL before 8.0.0 has ...)
	NOT-FOR-US: Websense TRITON AP-EMAIL
CVE-2015-2762 (Websense TRITON AP-WEB before 8.0.0 allows remote attackers to ...)
	NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2761 (Cross-site scripting (XSS) vulnerability in the Exceptions and ...)
	NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2760 (Cross-site scripting (XSS) vulnerability in the ePO extension in ...)
	NOT-FOR-US: McAfee
CVE-2015-2759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ePO ...)
	NOT-FOR-US: McAfee
CVE-2015-2758 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
	NOT-FOR-US: McAfee
CVE-2015-2757 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
	NOT-FOR-US: McAfee
CVE-2014-9712 (Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 ...)
	NOT-FOR-US: Websense TRITON V-Series appliances
CVE-2013-7438 (Multiple buffer overflows in pbm212030 allow remote attackers to cause ...)
	NOT-FOR-US: pbm2l2030
	NOTE: http://www.openprinting.org/driver/pbm2l2030/ (typo in the official CVE description)
CVE-2015-XXXX [crashes found with afl]
	- hp2xx 3.4.4-10 (low)
	[wheezy] - hp2xx 3.4.4-8+deb7u1
	[squeeze] - hp2xx <no-dsa> (Minor issue)
CVE-2015-2793 [cross-site scripting via openid_identifier]
	RESERVED
	- ikiwiki 3.20141016.2 (bug #781483)
	[wheezy] - ikiwiki 3.20120629.2
	[squeeze] - ikiwiki <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/5
CVE-2015-2806 (Stack-based buffer overflow in asn1_der_decoding in libtasn1 before ...)
	{DSA-3220-1 DLA-195-1}
	[experimental] - libtasn1-6 4.4-1
	- libtasn1-6 4.2-3
	- libtasn1-3 <removed>
	NOTE: https://gitlab.com/gnutls/libtasn1/commit/4d4f992826a4962790ecd0cce6fbba4a415ce149
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/4
	NOTE: Only in the asn1 definition parser, not in the asn1 parser itself
	NOTE: https://lists.gnu.org/archive/html/help-libtasn1/2015-01/msg00000.html
CVE-2013-7441 (The modern style negotiation in Network Block Device (nbd-server) ...)
	{DSA-3271-1}
	- nbd 1:3.4-1 (bug #781547)
	[squeeze] - nbd <not-affected> (Named export introduced in 2.9.17)
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/19/6
CVE-2015-2787 (Use-after-free vulnerability in the process_nested_data function in ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.7+dfsg-1
	NOTE: https://bugs.php.net/68976
CVE-2015-2782 (Buffer overflow in Open-source ARJ archiver 3.10.22 allows remote ...)
	{DSA-3213-1 DLA-188-1}
	- arj 3.10.22-13 (bug #774015)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/28/5
CVE-2015-2756 (QEMU, as used in Xen 3.3.x through 4.5.x, does not properly restrict ...)
	{DSA-3259-1 DLA-479-1}
	- xen 4.2.0~rc2-1 (bug #781620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	- qemu 1:2.3+dfsg-3
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: http://xenbits.xen.org/xsa/advisory-126.html
CVE-2015-2755 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AB ...)
	NOT-FOR-US: AB Google Map Travel (AB-MAP) plugin for WordPress
CVE-2015-2752 (The XEN_DOMCTL_memory_mapping hypercall in Xen 3.2.x through 4.5.x, ...)
	{DLA-479-1}
	- xen 4.4.1-9 (bug #781620)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-125.html
CVE-2015-2751 (Xen 4.3.x, 4.4.x, and 4.5.x, when using toolstack disaggregation, ...)
	- xen 4.4.1-9 (bug #781620)
	[wheezy] - xen <not-affected> (Affected functionality introduced in 4.2)
	[squeeze] - xen <not-affected> (Affected functionality introduced in 4.2)
	NOTE: http://xenbits.xen.org/xsa/advisory-127.html
CVE-2015-2748 (Websense TRITON AP-WEB before 8.0.0 does not properly restrict access ...)
	NOT-FOR-US: Websense TRITON AP-WEB
CVE-2015-2747 (Multiple cross-site scripting (XSS) vulnerabilities in the data loss ...)
	NOT-FOR-US: Websense Triton
CVE-2015-2746 (The network diagnostics tool (CommandLineServlet) in the Appliance ...)
	NOT-FOR-US: Websense TRITON
CVE-2010-5323 (Directory traversal vulnerability in UploadServlet in the Remote ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-2774 (Erlang/OTP before 18.0-rc1 does not properly check CBC padding bytes ...)
	- erlang 1:17.3-dfsg-4 (low; bug #781839)
	[squeeze] - erlang <no-dsa> (Minor issue)
	[wheezy] - erlang <no-dsa> (Minor issue)
	NOTE: http://www.erlang.org/news/85
	NOTE: CVE about "ssl: ... added padding check for TLS-1.0 due to the Poodle vulnerability."
	NOTE: https://github.com/erlang/otp/commit/e53c55dd0ab69982bc511396ccf8655d27c6d38c
CVE-2015-2745 (Multiple cross-site scripting (XSS) vulnerabilities in the Search app ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-2744 (Cross-site scripting (XSS) vulnerability in the Search app in Gaia in ...)
	NOT-FOR-US: Mozilla Firefox OS
CVE-2015-2743 (PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 ...)
	{DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
CVE-2015-2742 (Mozilla Firefox before 39.0 on OS X includes native key press ...)
	- iceweasel <not-affected> (OS X specific)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-68/
CVE-2015-2741 (Mozilla Firefox before 39.0, Firefox ESR 38.x before 38.1, and ...)
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	[jessie] - icedove <not-affected> (Only affects Thunderbird 38 and later)
	[wheezy] - icedove <not-affected> (Only affects Thunderbird 38 and later)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-67/
CVE-2015-2740 (Buffer overflow in the nsXMLHttpRequest::AppendToResponseText function ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2739 (The ArrayBufferBuilder::append function in Mozilla Firefox before ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2738 (The YCbCrImageDataDeserializer::ToDataSourceSurface function in the ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2737 (The rx::d3d11::SetBufferData function in the Direct3D 11 ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2736 (The nsZipArchive::BuildFileList function in Mozilla Firefox before ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2735 (nsZipArchive.cpp in Mozilla Firefox before 39.0, Firefox ESR 31.x ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2734 (The CairoTextureClientD3D9::BorrowDrawTarget function in the Direct3D ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-66/
CVE-2015-2733 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
CVE-2015-2732
	RESERVED
CVE-2015-2731 (Use-after-free vulnerability in the CSPService::ShouldLoad function in ...)
	{DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[jessie] - icedove <not-affected> (Does not affect 31.x ESR Thunderbird)
	[wheezy] - icedove <not-affected> (Does not affect 31.x ESR Thunderbird)
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-63/
CVE-2015-2730 (Mozilla Network Security Services (NSS) before 3.19.1, as used in ...)
	{DSA-3336-1 DLA-315-1}
	- nss 2:3.19.1-1
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-64/
	NOTE: https://hg.mozilla.org/projects/nss/rev/fc6870938172
	NOTE: https://hg.mozilla.org/projects/nss/rev/2c05e861ce07
CVE-2015-2729 (The AudioParamTimeline::AudioNodeInputValue function in the Web Audio ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-62/
CVE-2015-2728 (The IndexedDatabaseManager class in the IndexedDB implementation in ...)
	{DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-61/
CVE-2015-2727 (Mozilla Firefox 38.0 and Firefox ESR 38.0 allow user-assisted remote ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-60/
CVE-2015-2726 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 39)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 39)
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	[jessie] - icedove <not-affected> (Only affects Icedove 39)
	[wheezy] - icedove <not-affected> (Only affects Icedove 39)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
CVE-2015-2725 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	[jessie] - icedove <not-affected> (Only affects Icedove 38 and later)
	[wheezy] - icedove <not-affected> (Only affects Icedove 38 and later)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
CVE-2015-2724 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3324-1 DSA-3300-1}
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-59/
CVE-2015-2723
	REJECTED
CVE-2015-2722 (Use-after-free vulnerability in the CanonicalizeXPCOMParticipant ...)
	- iceweasel 38.1.0esr-1
	[jessie] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[wheezy] - iceweasel <not-affected> (Only affects Firefox 38 and later)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-65/
CVE-2015-2721 (Mozilla Network Security Services (NSS) before 3.19, as used in ...)
	{DSA-3336-1 DSA-3324-1 DSA-3300-1 DLA-315-1}
	- nss 2:3.19.1-1
	NOTE: NSS patch: https://hg.mozilla.org/projects/nss/rev/6b4770c76bc8
	NOTE: NSS testcase: https://hg.mozilla.org/projects/nss/rev/1865635f5df5
	- iceweasel 38.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 38.1.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-71/
CVE-2015-2720 (The update implementation in Mozilla Firefox before 38.0 on Windows ...)
	- iceweasel <not-affected> (Only affects Windows)
CVE-2015-2719
	RESERVED
CVE-2015-2718 (The WebChannel.jsm module in Mozilla Firefox before 38.0 allows remote ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2717 (Integer overflow in libstagefright in Mozilla Firefox before 38.0 ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2716 (Buffer overflow in the XML parser in Mozilla Firefox before 38.0, ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-54/
CVE-2015-2715 (Race condition in the nsThreadManager::RegisterCurrentThread function ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2714 (Mozilla Firefox before 38.0 on Android does not properly restrict ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2015-2713 (Use-after-free vulnerability in the SetBreaks function in Mozilla ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-51/
CVE-2015-2712 (The asm.js implementation in Mozilla Firefox before 38.0 does not ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2711 (Mozilla Firefox before 38.0 does not recognize a referrer policy ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
CVE-2015-2710 (Heap-based buffer overflow in the SVGTextFrame class in Mozilla ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-48/
CVE-2015-2709 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 38.0-1
	[jessie] - iceweasel <not-affected> (Only affects 37.x)
	[wheezy] - iceweasel <not-affected> (Only affects 37.x)
	[squeeze] - iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
CVE-2015-2708 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3264-1 DSA-3260-1}
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-46/
CVE-2015-2707
	RESERVED
CVE-2015-2706 (Race condition in the AsyncPaintWaitEvent::AsyncPaintWaitEvent ...)
	[experimental] - iceweasel 37.0.2-1
	- iceweasel <not-affected> (Only affects 37.x series)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-45/
CVE-2015-2705
	RESERVED
CVE-2015-2703 (Multiple cross-site scripting (XSS) vulnerabilities in Websense TRITON ...)
	NOT-FOR-US: Websense
CVE-2015-2702 (Cross-site scripting (XSS) vulnerability in the Message Log in the ...)
	NOT-FOR-US: Websense
CVE-2015-2701 (Cross-site request forgery (CSRF) vulnerability in CS-Cart 4.2.4 ...)
	NOT-FOR-US: CS-Cart
CVE-2014-9713 (The default slapd configuration in the Debian openldap package ...)
	{DSA-3209-1 DLA-203-1}
	- openldap 2.4.40-2 (bug #761406)
CVE-2014-9711 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Websense
CVE-2015-2700
	RESERVED
CVE-2015-2699
	RESERVED
CVE-2015-2698 (The iakerb_gss_export_sec_context function in lib/gssapi/krb5/iakerb.c ...)
	- krb5 1.13.2+dfsg-4
	[jessie] - krb5 <not-affected> (Only affected when applying original patch for CVE-2015-2696 only)
	[wheezy] - krb5 <not-affected> (Only affected when applying original patch for CVE-2015-2696 only)
	[squeeze] - krb5 <not-affected> (Vulnerable code not present)
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8273
	NOTE: https://github.com/krb5/krb5/commit/3db8dfec1ef50ddd78d6ba9503185995876a39fd
CVE-2015-2697 (The build_principal_va function in lib/krb5/krb/bld_princ.c in MIT ...)
	{DSA-3395-2 DSA-3395-1 DLA-340-1}
	- krb5 1.13.2+dfsg-3 (bug #803088)
	NOTE: https://github.com/krb5/krb5/commit/f0c094a1b745d91ef2f9a4eae2149aac026a5789
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8252
CVE-2015-2696 (lib/gssapi/krb5/iakerb.c in MIT Kerberos 5 (aka krb5) before 1.14 ...)
	{DSA-3395-1}
	- krb5 1.13.2+dfsg-3 (bug #803084)
	[squeeze] - krb5 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/krb5/krb5/commit/e04f0283516e80d2f93366e0d479d13c9b5c8c2a
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
CVE-2015-2695 (lib/gssapi/spnego/spnego_mech.c in MIT Kerberos 5 (aka krb5) before ...)
	{DSA-3395-1 DLA-340-1}
	- krb5 1.13.2+dfsg-3 (bug #803083)
	NOTE: https://github.com/krb5/krb5/commit/b51b33f2bc5d1497ddf5bd107f791c101695000d
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8244
CVE-2015-2694 (The kdcpreauth modules in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x ...)
	- krb5 1.12.1+dfsg-20 (bug #783557)
	[jessie] - krb5 1.12.1+dfsg-19+deb8u3
	[wheezy] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
	[squeeze] - krb5 <no-dsa> (Minor issue and can be fixed in a future DSA)
	NOTE: Upstream ticket: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8160
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/e3b5a5e5267818c97750b266df50b6a3d4649604
	NOTE: wheezy marked as no-dsa since OTP plugin not present. But the issue
	NOTE: might affect any out-of-tree plugins with similar bug as the OTP
	NOTE: has. Thus basicaly only krb5/1.12 is affected.
CVE-2015-2693
	RESERVED
CVE-2015-2692 (AdBlock before 2.21 allows remote attackers to block arbitrary ...)
	NOT-FOR-US: AdBlock
CVE-2015-2691
	RESERVED
CVE-2015-2690 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Digium Addons module for FreePBX
CVE-2015-2704 (realmd allows remote attackers to inject arbitrary configurations in ...)
	- realmd 0.16.0-1 (bug #781179)
	[jessie] - realmd <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=89207
CVE-2015-2776 (The parse_SST function in FreeXL before 1.0.0i allows remote attackers ...)
	{DSA-3208-1}
	[experimental] - freexl 1.0.1-1~exp1
	- freexl 1.0.0g-1+deb8u1 (bug #781228)
	NOTE: Reproducer: https://www.dropbox.com/s/gh61gzaf8jj30hj/freexl_6889d18b?dl=0
CVE-2015-2754 (FreeXL before 1.0.0i allows remote attackers to cause a denial of ...)
	{DSA-3208-1}
	[experimental] - freexl 1.0.1-1~exp1
	- freexl 1.0.0g-1+deb8u1 (bug #781228)
	NOTE: Reproducer: https://www.dropbox.com/s/66srfory903w6cl/freexl_d7273f72?dl=0
CVE-2015-2753 (FreeXL before 1.0.0i allows remote attackers to cause a denial of ...)
	{DSA-3208-1}
	[experimental] - freexl 1.0.1-1~exp1
	- freexl 1.0.0g-1+deb8u1 (bug #781228)
	NOTE: Reproducer: https://www.dropbox.com/s/3htzndywvtmomlx/freexl_9f74b0e8?dl=0
CVE-2015-2685
	RESERVED
CVE-2015-2683 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 ...)
	NOT-FOR-US: Citrix Command Center
CVE-2015-2682 (Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 ...)
	NOT-FOR-US: Citrix Command Center
CVE-2015-2681 (Multiple cross-site scripting (XSS) vulnerabilities in the ASUS RT-G32 ...)
	NOT-FOR-US: Asus
CVE-2015-2680 (Cross-site request forgery (CSRF) vulnerability in MetalGenix GeniXCMS ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2679 (Multiple SQL injection vulnerabilities in MetalGenix GeniXCMS before ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2678 (Multiple cross-site scripting (XSS) vulnerabilities in MetalGenix ...)
	NOT-FOR-US: MetalGenix GeniXCMS
CVE-2015-2677 (Multiple cross-site scripting (XSS) vulnerabilities in ocPortal before ...)
	- ocportal <itp> (bug #625865)
CVE-2015-2676 (Cross-site request forgery (CSRF) vulnerability in the ASUS RT-G32 ...)
	NOT-FOR-US: Asus
CVE-2015-2689 [Assertion failure in dns.c, possibly connected to UDP DoS attack]
	RESERVED
	{DSA-3203-1 DLA-178-1}
	- tor 0.2.5.11-1
	NOTE: https://bugs.torproject.org/14129
CVE-2015-2688 [relay could crash with an assertion]
	RESERVED
	{DSA-3203-1 DLA-178-1}
	- tor 0.2.5.11-1
	NOTE: https://trac.torproject.org/projects/tor/ticket/15083
CVE-2015-2687 (OpenStack Compute (nova) Icehouse, Juno and Havana when live migration ...)
	- nova 2014.1-1
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: This is no longer a security issue starting with icehouse, so marking 2014.1 as fixed
	NOTE: https://bugs.launchpad.net/nova/+bug/1419577
CVE-2015-2673 (The ec_ajax_update_option and ec_ajax_clear_all_taxrates functions in ...)
	NOT-FOR-US: WP EasyCart plugin for Wordpress
CVE-2015-2671
	RESERVED
CVE-2015-2670
	REJECTED
CVE-2015-2669
	RESERVED
CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
CVE-2015-2667 (Untrusted search path vulnerability in GNS3 1.2.3 allows local users ...)
	- gns3 <not-affected> (Windows specific)
CVE-2015-2665 (Cross-site scripting (XSS) vulnerability in Cacti before 0.8.8d allows ...)
	{DSA-3295-1 DLA-255-1}
	- cacti 0.8.8d+ds1-1
	NOTE: http://www.fortiguard.com/advisory/FG-VD-15-017/
	NOTE: http://bugs.cacti.net/view.php?id=2542 (bug is not yet accessible)
	NOTE: http://svn.cacti.net/viewvc/cacti/tags/0.8.8d/graphs.php?r1=7716&r2=7717&view=patch
CVE-2015-2664 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-2663 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2662 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Solaris DHCP (dhcpagent)
CVE-2015-2661 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2660 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2659 (Unspecified vulnerability in Oracle Java SE 8u45 and Java SE Embedded ...)
	- openjdk-6 <not-affected> (Only affects Java 8)
	- openjdk-7 <not-affected> (Only affects Java 8)
	- openjdk-8 8u66-b01-1
CVE-2015-2658 (Unspecified vulnerability in the Web Cache component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2657 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2656 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2655 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2654 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2653 (Unspecified vulnerability in the Oracle Commerce Guided Search / ...)
	NOT-FOR-US: Oracle Commerce
CVE-2015-2652 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2651 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Solaris Virtualized NIC Driver
CVE-2015-2650 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2649 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Seibel CRM
CVE-2015-2648 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2647 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2015-2646 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2015-2645 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2644 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2015-2643 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2642 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2641 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2640 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2639 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2638 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-2637 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
CVE-2015-2636 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2635 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2634 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2633 (Unspecified vulnerability in the Enterprise Manager Ops Center ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2015-2632 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
	{DSA-3725-1 DSA-3339-1 DSA-3316-1 DLA-545-1 DLA-381-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
	- icu 55.1-7
	NOTE: http://bugs.icu-project.org/trac/ticket/11865 (not yet public)
CVE-2015-2631 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Solaris (rmformat)
CVE-2015-2630 (Unspecified vulnerability in the Technology stack component in Oracle ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2629 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2628 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2627 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 ...)
	- openjdk-6 <not-affected> (Specific to Java client installer)
	- openjdk-7 <not-affected> (Specific to Java client installer)
	- openjdk-8 <not-affected> (Specific to Java client installer)
CVE-2015-2626 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2625 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45; ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of JSSE."
CVE-2015-2624 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2623 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-2622 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2621 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2620 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
	{DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	[jessie] - mariadb-10.0 10.0.20-0+deb8u1
	NOTE: Possibly related to https://github.com/mysql/mysql-server/commit/fdae90dd
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2619 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, JavaFX ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2015-2618 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2617 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2616 (Unspecified vulnerability in Oracle Sun Solaris 3.3 and 4.2 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2615 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2614 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Solaris (NVM Express Driver)
CVE-2015-2613 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45, and Java SE ...)
	{DSA-3339-1 DSA-3316-1}
	- openjdk-6 <not-affected> (Does not apply to OpenJDK 6.x, only 7.x and 8.x)
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-2612 (Unspecified vulnerability in the Siebel Core - Server OM Svcs ...)
	NOT-FOR-US: Oracle Seibel CMS
CVE-2015-2611 (Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier ...)
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <not-affected> (Only 5.6 series)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2610 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business
CVE-2015-2609 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Solaris (performance counters)
CVE-2015-2608 (Unspecified vulnerability in (1) the Oracle Communications Diameter ...)
	NOT-FOR-US: Oracle Communications Applications
CVE-2015-2607 (Unspecified vulnerability in the Oracle Commerce Guided Search / ...)
	NOT-FOR-US: Oracle Commerce
CVE-2015-2606 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2605 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2604 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2603 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2602 (Unspecified vulnerability in the Oracle Endeca Information Discovery ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2601 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client and server deployment of Java."
CVE-2015-2600 (Unspecified vulnerability in the Siebel Core - Server OM Svcs ...)
	NOT-FOR-US: Oracle Siebel CMS
CVE-2015-2599 (Unspecified vulnerability in the RDBMS Scheduler component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2598 (Unspecified vulnerability in the mobile app in Oracle Business ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2597 (Unspecified vulnerability in Oracle Java SE 7u80 and 8u45 allows local ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 <not-affected> (Specific to MacOS X)
	- openjdk-8 <not-affected> (Specific to MacOS X)
CVE-2015-2596 (Unspecified vulnerability in Oracle Java SE 7u80 allows remote ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
CVE-2015-2595 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2594 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3359-1 DLA-313-1}
	- virtualbox 4.3.30-dfsg-1 (bug #792446)
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Bridged networking over wifi is unlikely to be used in production and vulnerability is not a remote one)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixOVIR
	NOTE: "This issue affects Windows, Linux and Mac OS X hosts only when guests using bridged networking over Wifi."
CVE-2015-2593 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-2592 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2015-2591 (Unspecified vulnerability in the PeopleSoft Enterprise Portal - ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2590 (Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45, and ...)
	{DSA-3339-1 DSA-3316-1 DLA-303-1}
	[experimental] - openjdk-6 6b36-1.13.8-1
	- openjdk-6 <removed>
	- openjdk-7 7u79-2.5.6-1
	- openjdk-8 8u66-b01-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA
	NOTE: "Applies to client deployment of Java only. This vulnerability can be exploited only through sandboxed Java Web Start applications and sandboxed Java applets."
CVE-2015-2589 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Solaris
CVE-2015-2588 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-2587 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CMS
CVE-2015-2586 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2585 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-2584 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2015-2583 (Unspecified vulnerability in the Data Store component in Oracle ...)
	NOT-FOR-US: Oracle Berkeley DB (Unspecified vulnerability)
CVE-2015-2582 (Unspecified vulnerability in Oracle MySQL Server 5.5.43 and earlier ...)
	{DSA-3311-1 DSA-3308-1 DLA-359-1}
	- mysql-5.6 5.6.25-2
	- mysql-5.5 <removed> (bug #792445)
	- mariadb-10.0 10.0.20-1
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixMSQL
CVE-2015-2581 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2015-2580 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2579 (Unspecified vulnerability in the Oracle Health Sciences Argus Safety ...)
	NOT-FOR-US: Oracle
CVE-2015-2578 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2577 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2576 (Unspecified vulnerability in the MySQL Utilities component in Oracle ...)
	NOT-FOR-US: MySQL Utilities component of MySQL on Windows
CVE-2015-2575 (Unspecified vulnerability in the MySQL Connectors component in Oracle ...)
	{DSA-3621-1 DLA-526-1}
	- mysql-connector-java 5.1.37-1
CVE-2015-2574 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-2573 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2572 (Unspecified vulnerability in the Oracle Hyperion Smart View for Office ...)
	NOT-FOR-US: Oracle
CVE-2015-2571 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2570 (Unspecified vulnerability in the Oracle Demand Planning component in ...)
	NOT-FOR-US: Oracle
CVE-2015-2569
	REJECTED
CVE-2015-2568 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2567 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2566 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-2565 (Unspecified vulnerability in the Oracle Installed Base component in ...)
	NOT-FOR-US: Oracle
CVE-2015-2564 (SQL injection vulnerability in client-edit.php in ProjectSend ...)
	NOT-FOR-US: ProjectSend
CVE-2015-2563 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2015-2562 (Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD ...)
	NOT-FOR-US: Joomla component com_ecommercewd
CVE-2015-2561
	RESERVED
CVE-2015-2560 (Manage Engine Desktop Central 9 before build 90135 allows remote ...)
	NOT-FOR-US: Manage Engine Desktop Central
CVE-2015-2558 (Use-after-free vulnerability in Microsoft Excel 2007 SP3, Excel 2010 ...)
	NOT-FOR-US: Microsoft
CVE-2015-2557 (Buffer overflow in Microsoft Visio 2007 SP3 and 2010 SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2015-2556 (The InfoPath Forms Services component in Microsoft SharePoint Server ...)
	NOT-FOR-US: Microsoft
CVE-2015-2555 (Use-after-free vulnerability in Microsoft Excel 2010 SP2, Excel 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-2554 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2553 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2552 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2551
	REJECTED
CVE-2015-2550 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2549 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2548 (Use-after-free vulnerability in the Tablet Input Band in Windows Shell ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2547
	REJECTED
CVE-2015-2546 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2545 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2544 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft OWA
CVE-2015-2543 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft OWA
CVE-2015-2542 (Microsoft Internet Explorer 10 and 11 and Microsoft Edge allow remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2541 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2540
	REJECTED
CVE-2015-2539
	REJECTED
CVE-2015-2538
	REJECTED
CVE-2015-2537
	REJECTED
CVE-2015-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...)
	NOT-FOR-US: Microsoft Lync
CVE-2015-2535 (Active Directory in Microsoft Windows Server 2008 SP2 and R2 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2534 (Hyper-V in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2533
	REJECTED
CVE-2015-2532 (Cross-site scripting (XSS) vulnerability in Microsoft Lync Server 2013 ...)
	NOT-FOR-US: Microsoft Lync
CVE-2015-2531 (Cross-site scripting (XSS) vulnerability in the jQuery engine in ...)
	NOT-FOR-US: Microsoft Lync
CVE-2015-2530 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2529 (The kernel in Microsoft Windows 8.1, Windows Server 2012 R2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2528 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2527 (The process-initialization implementation in win32k.sys in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2526 (Microsoft .NET Framework 4.5, 4.5.1, 4.5.2, and 4.6 allows remote ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2525 (Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2524 (Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2523 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2522 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2015-2521 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2520 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2519 (Integer overflow in Windows Journal in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2518 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2517 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2516 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2515 (Use-after-free vulnerability in Windows Shell in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2514 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2513 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2512 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2511 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2510 (Buffer overflow in the Adobe Type Manager Library in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2509 (Windows Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2508 (The Adobe Type Manager Library in Microsoft Windows 10 allows local ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2507 (The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2506 (atmfd.dll in the Adobe Type Manager Library in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2505 (Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative ...)
	NOT-FOR-US: Microsoft Exchange
CVE-2015-2504 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2503 (Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote ...)
	NOT-FOR-US: Microsoft
CVE-2015-2502 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2501 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2500 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2499 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2498 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2497
	REJECTED
CVE-2015-2496
	REJECTED
CVE-2015-2495
	REJECTED
CVE-2015-2494 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2493 (The (1) VBScript and (2) JScript engines in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2492 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2491 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2490 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2489 (Microsoft Internet Explorer 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2488
	REJECTED
CVE-2015-2487 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2486 (Microsoft Internet Explorer 7 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2485 (Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2484 (Microsoft Internet Explorer 10 and 11 uses an incorrect flag during ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2483 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2482 (The Microsoft (1) VBScript 5.7 and 5.8 and (2) JScript 5.7 and 5.8 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2481 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2480 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2479 (The RyuJIT compiler in Microsoft .NET Framework 4.6 produces incorrect ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2015-2478 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2477 (Microsoft Office 2007 SP3, Office for Mac 2011, Office for Mac 2016, ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2476 (The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2475 (Cross-site scripting (XSS) vulnerability in uddi/search/frames.aspx in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2474 (Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2473 (Untrusted search path vulnerability in the client in Remote Desktop ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2472 (Remote Desktop Session Host (RDSH) in Remote Desktop Protocol (RDP) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2471 (Microsoft XML Core Services 3.0, 5.0, and 6.0 supports SSL 2.0, which ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2015-2470 (Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2469 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2468 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2467 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2466 (Microsoft Office 2007 SP3, 2010 SP2, 2013 SP1, and 2013 RT SP1 allows ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2465 (The Windows shell in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2464 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2463 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2462 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2461 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2460 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2459 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2458 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2457
	REJECTED
CVE-2015-2456 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2455 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2454 (The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2453 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2452 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2451 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2450 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2449 (Microsoft Internet Explorer 7 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2448 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2447 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2446 (Microsoft Internet Explorer 11 and Edge allow remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2445 (Microsoft Internet Explorer 10 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2444 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2443 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2442 (Microsoft Internet Explorer 8 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2441 (Microsoft Internet Explorer 7 through 11 and Edge allow remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2440 (Microsoft XML Core Services 3.0, 5.0, and 6.0 allows remote attackers ...)
	NOT-FOR-US: Mirosoft XML Core Services
CVE-2015-2439
	REJECTED
CVE-2015-2438
	REJECTED
CVE-2015-2437
	REJECTED
CVE-2015-2436
	REJECTED
CVE-2015-2435 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2434 (Microsoft XML Core Services 3.0 and 5.0 supports SSL 2.0, which makes ...)
	NOT-FOR-US: Mirosoft XML Core Services
CVE-2015-2433 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2432 (ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2431 (Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, ...)
	NOT-FOR-US: Mirosoft Office
CVE-2015-2430 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2429 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2428 (Object Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2427 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2015-2426 (Buffer underflow in atmfd.dll in the Windows Adobe Type Manager ...)
	NOT-FOR-US: Microsoft Adobe Type Manager Library
CVE-2015-2425 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2424 (Microsoft PowerPoint 2007 SP3, Word 2007 SP3, PowerPoint 2010 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2015-2423 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2422 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2421 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2420 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...)
	NOT-FOR-US: Microsoft System Center
CVE-2015-2419 (JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2418 (Race condition in Microsoft Malicious Software Removal Tool (MSRT) ...)
	NOT-FOR-US: Microsoft MSRT
CVE-2015-2417 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2416 (OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2415 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2414 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2413 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2412 (Microsoft Internet Explorer 10 and 11 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2411 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2410 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2409
	REJECTED
CVE-2015-2408 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2407
	REJECTED
CVE-2015-2406 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2405
	REJECTED
CVE-2015-2404 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2403 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2402 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2401 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2400
	REJECTED
CVE-2015-2399
	REJECTED
CVE-2015-2398 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2397 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2396
	REJECTED
CVE-2015-2395
	REJECTED
CVE-2015-2394
	REJECTED
CVE-2015-2393
	REJECTED
CVE-2015-2392
	REJECTED
CVE-2015-2391 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2390 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2389 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2388 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2387 (ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2386
	REJECTED
CVE-2015-2385 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2384 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2383 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-2382 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2381 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2380 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2379 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-2378 (Untrusted search path vulnerability in Microsoft Excel 2007 SP3, Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2377 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2376 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2375 (Microsoft Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2015-2374 (The Netlogon service in Microsoft Windows Server 2003 SP2 and R2 SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2373 (The Remote Desktop Protocol (RDP) server service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2372 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
	NOT-FOR-US: Microsoft VBScript
CVE-2015-2371 (The Windows Installer service in Microsoft Windows Server 2003 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2370 (The authentication implementation in the RPC subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2369 (Untrusted search path vulnerability in Windows Media Device Manager in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2368 (Untrusted search path vulnerability in Microsoft Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2367 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2366 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2365 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2364 (The graphics component in Microsoft Windows Server 2003 SP2 and R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2363 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2362 (Hyper-V in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 8, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2361 (Hyper-V in Microsoft Windows 8.1 and Windows Server 2012 R2 does not ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-2360 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-2359 (Cross-site scripting (XSS) vulnerability in the web applications in ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2015-2358
	RESERVED
CVE-2015-2357
	RESERVED
CVE-2015-2356
	RESERVED
CVE-2015-2355
	RESERVED
CVE-2015-2354
	RESERVED
CVE-2015-2353
	RESERVED
CVE-2015-2352 (The cache handler in MyBB (aka MyBulletinBoard) before 1.8.4 does not ...)
	NOT-FOR-US: MyBB
CVE-2015-2351 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2015-2350 (Cross-site request forgery (CSRF) vulnerability in MikroTik RouterOS ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2015-2349 (Cross-site scripting (XSS) vulnerability in defaultnewsletter.php in ...)
	NOT-FOR-US: SuperWebMailer
CVE-2014-9708 (Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote ...)
	NOT-FOR-US: Appweb Web Server
CVE-2014-9707 (EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2014-9710 (The Btrfs implementation in the Linux kernel before 3.19 does not ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <no-dsa> (btrfs in 3.2 is just a tech preview and not usable for production)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (btrfs in 2.6.32 is just a tech preview and not usable for production)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f5bc6b1e2d5a6f827bc860ef2dc5b6f365d1339 (v3.19-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/11
CVE-2014-9718 (The (1) BMDMA and (2) AHCI HBA interfaces in the IDE functionality in ...)
	{DSA-3259-1}
	- qemu 1:2.3+dfsg-1 (unimportant; bug #781250)
	[wheezy] - qemu <postponed> (Can be fixed along in later update)
	- qemu-kvm <removed> (unimportant)
	[wheezy] - qemu-kvm <postponed> (Can be fixed along in later update)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=3251bdcf1c67427d964517053c3d185b46e618e8 (v2.2.0-rc2)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/24/4
	NOTE: Per maintainer not a security issue:
	NOTE: Qemu either leaks memory or loops infinitely. Memory leakage can be easily
	NOTE: mitigated using some kind of resource limits in security-sensitive environments,
	NOTE: and looping can trivially be done inside the virtual machine just fine, achieving
	NOTE: the same effect
CVE-2015-2686 (net/socket.c in the Linux kernel 3.19 before 3.19.3 does not validate ...)
	- linux <not-affected> (Introduced in 3.19, never uploaded to unstable)
	- linux-2.6 <not-affected> (Introduced in 3.19, never uploaded to unstable)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea
CVE-2015-XXXX [Insufficient escaping in user manager allows XSS attack]
	- dokuwiki 0.0.20140929.d-1 (bug #780817)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
CVE-2015-6674 (Buffer underflow vulnerability in the Debian inspircd package before ...)
	{DSA-3226-1 DLA-276-1}
	- inspircd 2.0.16-1 (bug #780880)
	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6696 (inspircd in Debian before 2.0.7 does not properly handle unsigned ...)
	{DSA-3226-1 DLA-276-1}
	- inspircd 2.0.16-1 (bug #780880)
	NOTE: Correct fix: https://github.com/inspircd/inspircd/commit/ed28c1ba666b39581adb860bf51cdde43c84cc89
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2012-6697 (InspIRCd before 2.0.7 allows remote attackers to cause a denial of ...)
	{DSA-3226-1 DLA-276-1}
	- inspircd 2.0.16-1 (bug #780880)
	NOTE: https://github.com/inspircd/inspircd/commit/58c893e834ff20495d007709220881a3ff13f423
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/29/5
CVE-2015-2788 (Multiple stack-based buffer overflows in the ib_fill_isqlda function ...)
	{DSA-3219-1}
	- libdbd-firebird-perl 1.18-2 (bug #780925)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/30/4
CVE-2015-4148 (The do_soap_call function in ext/soap/soap.c in PHP before 5.4.39, ...)
	{DLA-307-1}
	- php5 5.6.7+dfsg-1
	[wheezy] - php5 5.4.39-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69085
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-4147 (The SoapClient::__call method in ext/soap/soap.c in PHP before 5.4.39, ...)
	{DLA-307-1}
	- php5 5.6.7+dfsg-1
	[wheezy] - php5 5.4.39-0+deb7u1
	NOTE: https://bugs.php.net/bug.php?id=69085
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/14
CVE-2015-2779 (Stack consumption vulnerability in the message splitting functionality ...)
	- quassel 1:0.10.0-2.3 (bug #781024)
	[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
	[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
CVE-2015-2778 (Quassel before 0.12-rc1 uses an incorrect data-type size when ...)
	- quassel 1:0.10.0-2.3 (bug #781024)
	[wheezy] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.8)
	[squeeze] - quassel <not-affected> (According to upstream issue isn't triggerable in 0.6)
	NOTE: https://github.com/quassel/quassel/commit/b5e38970ffd55e2dd9f706ce75af9a8d7730b1b8
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/20/12
CVE-2014-9706 (The build_index_from_tree function in index.py in Dulwich before 0.9.9 ...)
	{DSA-3206-1}
	- dulwich 0.10.1-1 (bug #780989)
	[jessie] - dulwich 0.9.7-3
	[squeeze] - dulwich <not-affected> (Repo.checkout (later renamed to build_index_from_tree) introduced past 0.6.1)
	NOTE: Patch: https://git.samba.org/?p=jelmer/dulwich.git;a=commitdiff;h=091638be3c89f46f42c3b1d57dc1504af5729176
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/21/1
CVE-2015-2348 (The move_uploaded_file implementation in ...)
	{DSA-3198-1 DLA-444-1}
	- php5 5.6.7+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=69207
CVE-2015-2347 (Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before ...)
	NOT-FOR-US: Huawei SEQ Analyst
CVE-2015-2346 (XML external entity (XXE) vulnerability in Huawei SEQ Analyst before ...)
	NOT-FOR-US: Huawei
CVE-2015-2345
	REJECTED
CVE-2015-2344 (Cross-site scripting (XSS) vulnerability in VMware vRealize Automation ...)
	NOT-FOR-US: VMware vRealize Automation
CVE-2015-2343
	REJECTED
CVE-2015-2342 (The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 ...)
	NOT-FOR-US: VMware
CVE-2015-2341 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.6, ...)
	NOT-FOR-US: VMware
CVE-2015-2340 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
	NOT-FOR-US: VMware
CVE-2015-2339 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
	NOT-FOR-US: VMware
CVE-2015-2338 (TPview.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
	NOT-FOR-US: VMware
CVE-2015-2337 (TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
	NOT-FOR-US: VMware
CVE-2015-2336 (TPView.dll in VMware Workstation 10.x before 10.0.6 and 11.x before ...)
	NOT-FOR-US: VMware
CVE-2015-2335 (A JSON library in MyBB (aka MyBulletinBoard) before 1.8.4 allows ...)
	NOT-FOR-US: MyBB
CVE-2015-2334 (Cross-site request forgery (CSRF) vulnerability in the Admin Control ...)
	NOT-FOR-US: MyBB
CVE-2015-2333 (Cross-site scripting (XSS) vulnerability in the MyCode editor in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2015-2332 (Cross-site scripting (XSS) vulnerability in member.php in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2015-2559 (Drupal 6.x before 6.35 and 7.x before 7.35 allows remote authenticated ...)
	{DSA-3200-1}
	- drupal7 7.32-1+deb8u2 (bug #780772)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-001
	NOTE: http://cgit.drupalcode.org/drupal/commit/?id=8e54eca05a65c6231b02510e1917af0c9191e549
CVE-2015-2750 (Open redirect vulnerability in URL-related API functions in Drupal 6.x ...)
	{DSA-3200-1}
	- drupal7 7.32-1+deb8u2 (bug #780772)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-001
	NOTE: http://cgit.drupalcode.org/drupal/commit/includes/menu.inc?h=6.x&id=8ffc5db3c0ab926f3d4b2cf8bc51714c8c0f3c93
	NOTE: http://cgit.drupalcode.org/drupal/commit/includes/common.inc?h=7.x&id=b44056d2f8e8c71d35c85ec5c2fb8f7c8a02d8a8
CVE-2015-2749 (Open redirect vulnerability in Drupal 6.x before 6.35 and 7.x before ...)
	{DSA-3200-1}
	- drupal7 7.32-1+deb8u2 (bug #780772)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2015-001
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/19/5
CVE-2015-2329 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
	NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2015-2328 (PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related ...)
	- mongodb <unfixed> (unimportant)
	NOTE: CVE for bundled version of pcre3 in mongodb
	NOTE: https://jira.mongodb.org/browse/SERVER-17252
	NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3
	- pcre3 2:8.35-7.2 (low)
	[jessie] - pcre3 2:8.35-3.3+deb8u2
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1515
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1498
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/4
CVE-2015-2327 (PCRE before 8.36 mishandles the /(((a\2)|(a*)\g&lt;-1&gt;))*/ pattern and ...)
	- mongodb <unfixed> (unimportant)
	NOTE: CVE for bundled version of pcre3 in mongodb
	NOTE: https://jira.mongodb.org/browse/SERVER-17252
	NOTE: Since 1:2.0.0-1 mongodb uses the system pcre3
	- pcre3 2:8.35-7.2 (low)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: https://bugs.exim.org/show_bug.cgi?id=1503
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1495
	NOTE: http://www.openwall.com/lists/oss-security/2015/05/31/5
CVE-2015-2326 [heap buffer overflow in pcre_compile2()]
	RESERVED
	- pcre3 2:8.35-7.2 (bug #783285)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	[wheezy] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
	[squeeze] - pcre3 <not-affected> (Vulnerable code introuced while refactoring between 8.33 and 8.36)
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1592
	NOTE: http://vcs.pcre.org/pcre?view=revision&revision=1529
	NOTE: Reproduced invalid read in pcre3/2:8.35-3.3
	NOTE: Issue introduced as a side effect of refactoring happened between 8.33 and 8.36
CVE-2015-2325 [heap buffer overflow in compile_branch()]
	RESERVED
	- pcre3 2:8.35-7.2 (unimportant; bug #781795)
	[jessie] - pcre3 2:8.35-3.3+deb8u1
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1591
	NOTE: Fixed by: http://vcs.pcre.org/pcre?view=revision&revision=1528
	NOTE: Reproducer leads to "Failed: internal error: previously-checked referenced subpattern not found at offset 17"
	NOTE: Upstream claims that it should though be the same bug:
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1591#c1
	NOTE: Comment from upstream: Probably every version since the support for forward referencing
	NOTE: was introduced is affected.
CVE-2015-2324 (Cross-site scripting (XSS) vulnerability in the filemanager in the ...)
	NOT-FOR-US: filemanager in the Photo Gallery plugin for WordPress
CVE-2015-2323 (FortiOS 5.0.x before 5.0.12 and 5.2.x before 5.2.4 supports anonymous, ...)
	NOT-FOR-US: FortiOS
CVE-2015-2322
	RESERVED
CVE-2015-2321 (Cross-site scripting (XSS) vulnerability in the Job Manager plugin ...)
	NOT-FOR-US: WordPress plugin job-mnager
CVE-2015-2317 (The utils.http.is_safe_url function in Django before 1.4.20, 1.5.x, ...)
	{DSA-3204-1 DLA-272-1}
	- python-django 1.7.7-1 (bug #780873)
	[squeeze] - python-django <no-dsa> (Minor issue, can wait next security upload)
	NOTE: https://github.com/django/django/commit/2342693b31f740a422abf7267c53b4e7bc487c1b (1.4.x)
	NOTE: https://github.com/django/django/commit/2a4113dbd532ce952308992633d802dc169a75f1 (1.7.x)
CVE-2015-2316 (The utils.html.strip_tags function in Django 1.6.x before 1.6.11, ...)
	- python-django 1.7.7-1 (bug #780874)
	[wheezy] - python-django <not-affected> (vulnerable code not present)
	[squeeze] - python-django <not-affected> (vulnerable code not present)
	NOTE: https://github.com/django/django/commit/e63363f8e075fa8d66326ad6a1cc3391cc95cd97 (1.7.x)
CVE-2015-2315 (Cross-site scripting (XSS) vulnerability in the WPML plugin before ...)
	NOT-FOR-US: WordPress plugin wpml
CVE-2015-2314 (SQL injection vulnerability in the WPML plugin before 3.1.9 for ...)
	NOT-FOR-US: WordPress plugin wpml
CVE-2012-6690
	RESERVED
CVE-2015-XXXX [nasal scripts can ready any file]
	- flightgear-data 3.0.0-3 (bug #780716)
CVE-2015-XXXX [permissive file access allowed from nasal]
	- flightgear 3.0.0-5 (bug #780712)
	[squeeze] - flightgear 1.9.1-1.1+deb6u11
	NOTE: workaround entry for DLA 318-1 until/if CVE assigned
CVE-2015-2666 (Stack-based buffer overflow in the get_matching_model_microcode ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <not-affected> (Introduced in 3.9)
	- linux-2.6 <not-affected> (Introduced in 3.9)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 (v4.0-rc1)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/7
CVE-2015-2684 (Shibboleth Service Provider (SP) before 2.5.4 allows remote ...)
	{DSA-3207-1 DLA-259-1}
	- shibboleth-sp2 2.5.3+dfsg-2
	NOTE: http://shibboleth.net/community/advisories/secadv_20150319.txt
CVE-2015-2672 (The xsave/xrstor implementation in arch/x86/include/asm/xsave.h in the ...)
	- linux <not-affected>
	- linux-2.6 <not-affected>
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f31a9f7c71691569359fa7fb8b0acaa44bce0324 (v3.17-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=06c8173eb92bbfc03a0fe8bb64315857d0badd06 (v4.0-rc3)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/6
CVE-2015-2331 (Integer overflow in the _zip_cdir_new function in zip_dirent.c in ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.7+dfsg-1 (bug #780713)
	- libzip 0.11.2-1.2 (bug #780756)
	[wheezy] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
	[squeeze] - libzip <not-affected> (Vulnerable code introduced with added Zip64 support in 0.11)
	NOTE: https://bugs.php.net/bug.php?id=69253
	NOTE: https://github.com/php/php-src/commit/ef8fc4b53d92fbfcd8ef1abbd6f2f5fe2c4a11e5
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/18/1
	NOTE: libzip patch: http://hg.nih.at/libzip/rev/9f11d54f692e
CVE-2015-2330 (Late TLS certificate verification in WebKitGTK+ prior to 2.6.6 allows ...)
	- webkitgtk 2.4.9-1 (unimportant)
	[jessie] - webkitgtk 2.4.9-1~deb8u1
	NOTE: Not covered by security support
CVE-2015-2309 [Unsafe methods in the Request class]
	RESERVED
	- symfony 2.3.21+dfsg-4
CVE-2015-2308 (Eval injection vulnerability in the HttpCache class in HttpKernel in ...)
	- symfony 2.3.21+dfsg-4
CVE-2015-2307
	RESERVED
CVE-2015-2306
	RESERVED
CVE-2015-2320 (The TLS stack in Mono before 3.12.1 allows remote attackers to have ...)
	{DSA-3202-1 DLA-176-1}
	- mono 3.2.8+dfsg-10 (bug #780751)
	NOTE: https://github.com/mono/mono/commit/b371da6b2d68b4cdd0f21d6342af6c42794f998b
CVE-2015-2319 (The TLS stack in Mono before 3.12.1 makes it easier for remote ...)
	{DSA-3202-1 DLA-176-1}
	- mono 3.2.8+dfsg-10 (bug #780751)
	NOTE: https://github.com/mono/mono/commit/9c38772f094168d8bfd5bc73bf8925cd04faad10
	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/728af6f96d1b8c976659
CVE-2015-2318 (The TLS stack in Mono before 3.12.1 allows man-in-the-middle attackers ...)
	{DSA-3202-1 DLA-176-1}
	- mono 3.2.8+dfsg-10 (bug #780751)
	NOTE: https://github.com/mono/mono/commit/1509226c41d74194c146deb173e752b8d3cdeec4
	NOTE: Patch for versions earlier than 3.4: https://gist.github.com/directhex/f8c6e67f551d8a608154
CVE-2015-2303
	REJECTED
CVE-2015-2302
	REJECTED
CVE-2015-2300
	RESERVED
CVE-2015-2299
	RESERVED
CVE-2015-2295 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: pfSense
CVE-2015-2294 (Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in ...)
	NOT-FOR-US: pfSense
CVE-2015-2293 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2292 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin wordpress-seo
CVE-2015-2291 ((1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the ...)
	NOT-FOR-US: Intel Ethernet diagnostics driver for Windows
CVE-2015-2290
	RESERVED
CVE-2015-2288
	RESERVED
CVE-2014-9704
	RESERVED
CVE-2014-9703
	RESERVED
CVE-2014-9702
	RESERVED
CVE-2014-9700
	RESERVED
CVE-2014-9699
	RESERVED
CVE-2014-9698
	RESERVED
CVE-2015-2313 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.2, when an ...)
	- capnproto 0.4.1-3 (bug #780568)
CVE-2015-2312 (Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x before 0.5.1.1 allows ...)
	- capnproto 0.4.1-3 (bug #780567)
CVE-2015-2311 (Integer underflow in Sandstorm Cap'n Proto before 0.4.1.1 and 0.5.x ...)
	- capnproto 0.4.1-3 (bug #780566)
CVE-2015-2310 (Integer overflow in layout.c++ in Sandstorm Cap'n Proto before 0.4.1.1 ...)
	- capnproto 0.4.1-3 (bug #780565)
CVE-2015-8856 (Cross-site scripting (XSS) vulnerability in the serve-index package ...)
	- node-serve-index <unfixed> (unimportant)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/serve-static-xss
	NOTE: https://github.com/expressjs/serve-index/issues/28
CVE-2015-8903 (The ReadVICARImage function in coders/vicar.c in ImageMagick 6.x ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6 (low)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
	NOTE: http://web.archive.org/web/20150428140926/http://trac.imagemagick.org/changeset/17856
CVE-2015-8902 (The ReadBlobByte function in coders/pdb.c in ImageMagick 6.x before ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6 (low)
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
	NOTE: http://web.archive.org/web/20150428145652/http://trac.imagemagick.org/changeset/17855
CVE-2015-8901 (ImageMagick 6.x before 6.9.0-5 Beta allows remote attackers to cause a ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
CVE-2015-8900 (The ReadHDRImage function in coders/hdr.c in ImageMagick 6.x and 7.x ...)
	{DLA-960-1}
	[experimental] - imagemagick 8:6.9.1.2-1
	- imagemagick 8:6.8.9.9-6
	[jessie] - imagemagick 8:6.8.9.9-5+deb8u1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/20/4
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
	NOTE: http://web.archive.org/web/20150501030131/http://trac.imagemagick.org/changeset/17845
	NOTE: http://web.archive.org/web/20150429001241/http://trac.imagemagick.org/changeset/17846
CVE-2015-XXXX [Incomplete fix for CVE-2014-7940]
	- icu 52.1-8 (bug #780503)
	[wheezy] - icu <not-affected> (Incomplete patch was never applied)
	[squeeze] - icu <not-affected> (Incomplete patch was never applied)
CVE-2014-9709 (The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used ...)
	{DSA-3215-1 DLA-189-1}
	- libgd2 2.1.0-5
	- php5 5.6.5+dfsg-1 (unimportant)
	- hhvm 3.12.11+dfsg-1 (bug #835032)
	NOTE: https://bugs.php.net/bug.php?id=68601
	NOTE: Fix in libgd2: https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
	NOTE: Also related: https://bitbucket.org/libgd/gd-libgd/commits/81e9a993f2893d651d225646378e3fd1b7465467
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=07b5896a1389c3e865cbd2fb353806b2cefe4f5c
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=5fc2fede9c7c963c950d8b96dcc0f7af88b4d695
	NOTE: Starting with 5.4.0-1 Debian uses the system copy of libgd, the embedded copy was fixed upstream in 5.6.5
	NOTE: Fix in HHVM: https://github.com/facebook/hhvm/commit/469990b43c294692493f15f8400560fe5d966a02
CVE-2009-5147 (DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel ...)
	{DLA-300-1 DLA-299-1}
	- ruby1.8 <removed>
	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed>
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	- ruby2.0 <removed>
	- ruby2.1 <removed> (bug #796344)
	[jessie] - ruby2.1 2.1.5-2+deb8u3
	- ruby2.2 <not-affected> (Does not contain DL, cf note and corresponding CVE-2015-7551)
	NOTE: https://github.com/ruby/ruby/commit/4600cf725a86ce31266153647ae5aa1197b1215b
	NOTE: Although the is upstream commit mentioned, the corresponding change does not
	NOTE: seem to be contained in e.g. latest 1.9.1 and 2.1. E.g.
	NOTE: https://sources.debian.org/src/ruby2.1/2.1.5-4/ext/dl/handle.c/#L120 does not
	NOTE: contain the change.
	NOTE: In https://github.com/ruby/ruby/commit/07308c4d30b8c5260e5366c8eed2abf054d86fe7
	NOTE: Discussion http://seclists.org/oss-sec/2015/q3/220
	NOTE: DL has been replaced in 2.2 with Fiddle which has the same problem according to maintainer.
CVE-2009-5146 [memory leak in hostname TLS extension]
	RESERVED
	- openssl 0.9.8k-1
	NOTE: Fixed by: https://github.com/openssl/openssl/commit/7587347bc48e7e8a1e800e48bb0a658f1557c424 (OpenSSL_0_9_8k)
	NOTE: Introduced by: https://github.com/openssl/openssl/commit/865a90eb4f0b0e3abbdd9dc2d3a4d57595575315 (OpenSSL_0_9_8f)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/16/4
CVE-2015-2298 (node/utils/ExportEtherpad.js in Etherpad 1.5.x before 1.5.2 might ...)
	- etherpad-lite <itp> (bug #576998)
	NOTE: https://github.com/ether/etherpad-lite/commit/a0fb65205c7d7ff95f00eb9fd88e93b300f30c3d
CVE-2015-2296 (The resolve_redirects function in sessions.py in requests 2.1.0 ...)
	- requests 2.4.3-6 (bug #780506)
	[wheezy] - requests <not-affected> (Vulnerable code introduced in 2.1.0)
	NOTE: https://github.com/kennethreitz/requests/commit/3bd8afbff29e50b38f889b2f688785a669b9aafc
CVE-2015-2289 (Cross-site scripting (XSS) vulnerability in ...)
	- serendipity <removed>
CVE-2015-2287
	RESERVED
CVE-2015-2286 (lms/templates/footer-edx-new.html in Open edX edx-platform before ...)
	NOT-FOR-US: Open edX
CVE-2015-2285 (The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart ...)
	- upstart <not-affected> (Vulnerable cron.daily script not present)
CVE-2014-9701 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.19 and ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fixed by https://github.com/mantisbt/mantisbt/commit/d95f070d (1.2.x)
	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/15022
	NOTE: https://www.mantisbt.org/bugs/view.php?id=19493
CVE-2014-9697 (Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote ...)
	NOT-FOR-US: Huawei
CVE-2014-9696 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 ...)
	NOT-FOR-US: Huawei
CVE-2014-9695 (The Hyper Module Management (HMM) software of Huawei Tecal E9000 ...)
	NOT-FOR-US: Huawei
CVE-2014-9694 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal ...)
	NOT-FOR-US: Huawei
CVE-2014-9693 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal ...)
	NOT-FOR-US: Huawei
CVE-2014-9692 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal ...)
	NOT-FOR-US: Huawei
CVE-2014-9691 (Huawei Tecal RH1288 V2 V100R002C00SPC107 and earlier versions, Tecal ...)
	NOT-FOR-US: Huawei
CVE-2014-9690 (Huawei home gateways WS318 with software V100R001C01B022 and earlier ...)
	NOT-FOR-US: Huawei
CVE-2011-5321 (The tty_open function in drivers/tty/tty_io.c in the Linux kernel ...)
	{DLA-246-1}
	- linux 3.2.20-1
	- linux-2.6 3.2.1-1
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c290f8358acaeffd8e0c551ddcc24d1206143376 (v3.2-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4a2b5fddd53b80efcb3266ee36e23b8de28e761a (v2.6.28-rc1)
	NOTE: 3.2.20-1 is the first version after the src:linux-2.6 -> src:linux rename.
CVE-2015-2284 (userlogin.jsp in SolarWinds Firewall Security Manager (FSM) before ...)
	NOT-FOR-US: SolarWinds Firewall Security Manager
CVE-2010-5322 (Cross-site scripting (XSS) vulnerability in ZeusCart 4.0 and earlier ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2674 (Restkit allows man-in-the-middle attackers to spoof TLS servers by ...)
	- python-restkit <unfixed> (bug #781813)
	[stretch] - python-restkit <ignored> (Minor issue)
	[jessie] - python-restkit <ignored> (Minor issue)
	[wheezy] - python-restkit <ignored> (Minor issue)
	[squeeze] - python-restkit <no-dsa> (Minor issue)
	NOTE: https://github.com/benoitc/restkit/issues/140
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/12/9
CVE-2015-2283
	RESERVED
CVE-2015-2282 (Stack-based buffer overflow in the LZC decompression implementation ...)
	NOT-FOR-US: SAP
CVE-2015-2281 (Stack-based buffer overflow in collectoragent.exe in Fortinet Single ...)
	NOT-FOR-US: Fortinet Single Sign On
CVE-2015-2280 (snwrite.cgi in AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network ...)
	NOT-FOR-US: AirLink101 SkyIPCam1620W Wireless N MPEG4 3GPP network camera
CVE-2015-2279 (cgi_test.cgi in AirLive BU-2015 with firmware 1.03.18, BU-3026 with ...)
	NOT-FOR-US: AirLive
CVE-2015-2278 (The LZH decompression implementation (CsObjectInt::BuildHufTree ...)
	NOT-FOR-US: SAP
CVE-2015-2277
	RESERVED
CVE-2015-2276
	RESERVED
CVE-2015-2275 (Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery ...)
	NOT-FOR-US: WoltLab Community Gallery
CVE-2015-2274
	RESERVED
CVE-2015-2273 (Cross-site scripting (XSS) vulnerability in ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
CVE-2015-2272 (login/token.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48691
CVE-2015-2271 (tag/user.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49084
CVE-2015-2270 (lib/moodlelib.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48804
CVE-2015-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144
CVE-2015-2268 (filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38466
CVE-2015-2267 (mdeploy.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49087
CVE-2015-2266 (message/index.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x ...)
	- moodle 2.7.7+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49204
CVE-2015-2264 (Multiple untrusted search path vulnerabilities in (1) ...)
	NOT-FOR-US: Telerik Analytics Monitor Library
CVE-2015-2263 (Cloudera Manager 4.x, 5.0.x before 5.0.6, 5.1.x before 5.1.5, 5.2.x ...)
	NOT-FOR-US: Cloudera
CVE-2015-2262
	RESERVED
CVE-2015-2261
	RESERVED
CVE-2015-2260
	RESERVED
CVE-2015-2259
	RESERVED
CVE-2015-2258
	RESERVED
CVE-2015-2257
	RESERVED
CVE-2015-2256
	RESERVED
CVE-2015-2255 (Huawei AR1220 routers with software before V200R005SPH006 allow remote ...)
	NOT-FOR-US: Huawei
CVE-2015-2254
	RESERVED
CVE-2015-2253 (The XML interface in Huawei OceanStor UDS devices with software ...)
	NOT-FOR-US: Huawei
CVE-2015-2252 (Huawei OceanStor UDS devices with software before V100R002C01SPC102 ...)
	NOT-FOR-US: Huawei
CVE-2015-2251 (The DeviceManager in Huawei OceanStor UDS devices with software before ...)
	NOT-FOR-US: Huawei
CVE-2015-2250 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
	NOT-FOR-US: concrete5
CVE-2015-2249
	RESERVED
CVE-2015-2248 (Cross-site request forgery (CSRF) vulnerability in the user portal in ...)
	NOT-FOR-US: Dell SonicWALL
CVE-2015-2247 (Unspecified vulnerability in Boosted Boards skateboards allows ...)
	NOT-FOR-US: Boosted Boards skateboards
CVE-2015-2246 (The MeWidget module on Huawei P7 smartphones with software P7-L10 ...)
	NOT-FOR-US: Huawei
CVE-2015-2245 (Huawei Ascend P7 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Huawei
CVE-2015-2244 (Multiple cross-site scripting (XSS) vulnerabilities in Webshop hun ...)
	NOT-FOR-US: Webshop hun
CVE-2015-2243 (Directory traversal vulnerability in Webshop hun 1.062S allows remote ...)
	NOT-FOR-US: Webshop hun
CVE-2015-2242 (Multiple SQL injection vulnerabilities in Webshop hun 1.062S allow ...)
	NOT-FOR-US: Webshop hun
CVE-2015-XXXX [several security vulnerabilities and network packets can terminate the connection]
	- armagetronad 0.2.8.3.2-4 (bug #780178)
	[wheezy] - armagetronad <no-dsa> (Minor issue)
	[squeeze] - armagetronad <no-dsa> (Minor issue)
CVE-2015-2301 (Use-after-free vulnerability in the phar_rename_archive function in ...)
	{DSA-3198-1 DLA-212-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68901
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=b2cf3f064b8f5efef89bb084521b61318c71781b
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2014-9705 (Heap-based buffer overflow in the enchant_broker_request_dict function ...)
	{DSA-3195-1 DLA-212-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68552
	NOTE: http://svn.php.net/viewvc/pecl/enchant/trunk/enchant.c?r1=317600&r2=335803
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/6
CVE-2015-2265 (The remove_bad_chars function in utils/cups-browsed.c in cups-filters ...)
	- cups-filters 1.0.61-5 (bug #780267)
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: https://bugs.linuxfoundation.org/show_bug.cgi?id=1265
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/09/5
CVE-2015-2241 (Cross-site scripting (XSS) vulnerability in the contents function in ...)
	- python-django 1.7.6-1
	[wheezy] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
	[squeeze] - python-django <not-affected> (Only affects 1.7.x and 1.8.x)
	NOTE: https://www.djangoproject.com/weblog/2015/mar/09/security-releases/
CVE-2015-2240
	RESERVED
CVE-2015-2239 (Google Chrome before 41.0.2272.76, when Instant Extended mode is used, ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-2238 (Multiple unspecified vulnerabilities in Google V8 before 4.1.0.21, as ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-2237 (Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) ...)
	NOT-FOR-US: Betster
CVE-2015-2236
	RESERVED
CVE-2015-2235
	REJECTED
CVE-2015-2234 (Race condition in Lenovo System Update (formerly ThinkVantage System ...)
	NOT-FOR-US: Lenovo System Update
CVE-2015-2233 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
	NOT-FOR-US: Lenovo System Update
CVE-2015-2232
	RESERVED
CVE-2015-2231
	RESERVED
CVE-2015-2230
	RESERVED
CVE-2015-2229
	RESERVED
CVE-2015-2228
	RESERVED
CVE-2015-2227
	RESERVED
CVE-2015-2226
	RESERVED
CVE-2015-2225
	RESERVED
CVE-2015-2224
	RESERVED
CVE-2015-2223 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
	NOT-FOR-US: Palo Alto Networks Traps
CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/0844d0cfe118b4041ed8e2ee49ff18bfbca8eaa5
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/26b19809fb3b940cb0fda0422d685fff02a53b5f
CVE-2015-2220 (Multiple cross-site scripting (XSS) vulnerabilities in the Ninja Forms ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2015-2219 (Lenovo System Update (formerly ThinkVantage System Update) before ...)
	NOT-FOR-US: Lenovo System Update
CVE-2015-2218 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin for WordPress
CVE-2015-2217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate PHP ...)
	NOT-FOR-US: myUPB
CVE-2015-2216 (SQL injection vulnerability in ecomm-sizes.php in the Photocrati theme ...)
	NOT-FOR-US: Photocrati theme for WordPress
CVE-2015-2215 (Open redirect vulnerability in the Services single sign-on server ...)
	NOT-FOR-US: Drupal module Services single sign-on server helper
CVE-2015-2214 (NetCat 5.01 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: NetCat CMS
CVE-2015-2213 (SQL injection vulnerability in the wp_untrash_post_comments function ...)
	{DSA-3383-1 DSA-3332-1 DLA-294-1}
	- wordpress 4.2.4+dfsg-1 (bug #794560)
	NOTE: https://core.trac.wordpress.org/changeset/33555
	NOTE: https://core.trac.wordpress.org/changeset/33556
CVE-2015-2212
	REJECTED
CVE-2015-2211
	RESERVED
CVE-2014-9689 (content/renderer/device_sensors/device_orientation_event_pump.cc in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-9688 (Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for ...)
	NOT-FOR-US: Ninja Forms plugin for WordPress
CVE-2011-5319 (content/renderer/device_sensors/device_motion_event_pump.cc in Google ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-XXXX [tcllib XSS]
	- tcllib 1.16-dfsg-2 (low; bug #780100)
	[wheezy] - tcllib 1.14-dfsg-3+deb7u1
	[squeeze] - tcllib <no-dsa> (Minor issue)
CVE-2015-2210 (The help window in Epicor CRS Retail Store before 3.2.03.01.008 allows ...)
	NOT-FOR-US: Epicor CRS Retail Store
CVE-2015-2209 (DLGuard 4.5 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: DLGuard
CVE-2015-2208 (The saveObject function in moadmin.php in phpMoAdmin 1.1.2 allows ...)
	NOT-FOR-US: phpMoAdmin
CVE-2015-2207
	RESERVED
CVE-2015-2206 (libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9, ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.4.4-1 (unimportant)
	NOTE: Hardening, not a concrete issue itself
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2015-1.php
CVE-2015-2205
	RESERVED
CVE-2015-2202
	RESERVED
CVE-2015-2201
	RESERVED
CVE-2015-2200
	RESERVED
CVE-2015-2199 (Multiple SQL injection vulnerabilities in the WonderPlugin Audio ...)
	NOT-FOR-US: WonderPlugin Audio Player plugin for WordPress
CVE-2015-2198 (Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php ...)
	NOT-FOR-US: Beehive Forum
CVE-2015-2197 (Cross-site scripting (XSS) vulnerability in the Entity API module ...)
	NOT-FOR-US: Entity module for Drupal
CVE-2015-2196 (SQL injection vulnerability in Spider Event Calendar 1.4.9 for ...)
	NOT-FOR-US: Spider Event Calender
CVE-2015-2195 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Media ...)
	NOT-FOR-US: WP Media Cleaner plugin for WordPress
CVE-2015-2194 (Unrestricted file upload vulnerability in the fusion_options function ...)
	NOT-FOR-US: fusion_options function in functions.php in the Fusion theme for WordPress
CVE-2015-2193
	RESERVED
CVE-2015-2675 (The OAuth implementation in librest before 0.7.93 incorrectly ...)
	- librest 0.7.92-3 (bug #780101)
	[wheezy] - librest <not-affected> (rest_proxy_call_get_url not yet used)
	[squeeze] - librest <not-affected> (rest_proxy_call_get_url not yet used)
	NOTE: Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=742644
	NOTE: Commit: https://git.gnome.org/browse/librest/commit/?id=b50ace7738ea038
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/04/6
CVE-2015-2204 (Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 ...)
	NOT-FOR-US: Evergreen library
CVE-2015-2203 (Evergreen 2.5.9, 2.6.7, and 2.7.4 allows remote authenticated users ...)
	NOT-FOR-US: Evergreen library
CVE-2013-7435 (The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before ...)
	NOT-FOR-US: Evergreen library
CVE-2015-2192 (Integer overflow in the dissect_osd2_cdb_continuation function in ...)
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11024
CVE-2015-2191 (Integer overflow in the dissect_tnef function in ...)
	{DSA-3210-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=11023
CVE-2015-2190 (epan/proto.c in Wireshark 1.12.x before 1.12.4 does not properly ...)
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10983
CVE-2015-2189 (Off-by-one error in the pcapng_read function in wiretap/pcapng.c in ...)
	{DSA-3210-1}
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10895
CVE-2015-2188 (epan/dissectors/packet-wcp.c in the WCP dissector in Wireshark 1.10.x ...)
	{DSA-3210-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10844
	NOTE: http://www.wireshark.org/security/wnpa-sec-2015-07.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=b204ff4846fe84b7789893c6b1d9afbdecac5b5d
CVE-2015-2187 (The dissect_atn_cpdlc_heur function in ...)
	- wireshark 1.12.1+g01b65bf-4 (bug #780372)
	[wheezy] - wireshark <not-affected> (Only affects 1.12.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.12.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9952
CVE-2015-2186 (The Ansible edxapp role in the Configuration Repo in edX allows remote ...)
	NOT-FOR-US: edX
CVE-2015-2185
	RESERVED
CVE-2015-2184 (ZeusCart 4 allows remote attackers to obtain configuration information ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2183 (Multiple SQL injection vulnerabilities in the administrative backend ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2182 (Multiple cross-site scripting (XSS) vulnerabilities in ZeusCart 4 ...)
	NOT-FOR-US: ZeusCart
CVE-2015-2181 (Multiple buffer overflows in the DBMail driver in the Password plugin ...)
	- roundcube 1.1.1+dfsg.1-2
	[wheezy] - roundcube <not-affected> (variable and chgdbmailusers.c does not exist)
	NOTE: http://trac.roundcube.net/ticket/1490261
	NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
	NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
CVE-2015-2180 (The DBMail driver in the Password plugin in Roundcube before 1.1.0 ...)
	- roundcube 1.1.1+dfsg.1-2
	[wheezy] - roundcube <not-affected> (dbmail driver does not exist)
	NOTE: http://trac.roundcube.net/ticket/1490261
	NOTE: http://advisories.mageia.org/MGASA-2015-0400.html
	NOTE: http://lists.opensuse.org/opensuse-updates/2015-07/msg00032.html
CVE-2015-2179
	RESERVED
CVE-2015-2178
	REJECTED
CVE-2015-2177 (Siemens SIMATIC S7-300 CPU devices allow remote attackers to cause a ...)
	NOT-FOR-US: Siemens
CVE-2015-2176
	RESERVED
CVE-2015-2175
	RESERVED
CVE-2015-2174
	RESERVED
CVE-2015-2173
	RESERVED
CVE-2009-5145 (Cross-site scripting (XSS) vulnerability in ZMI pages that use the ...)
	- zope2.12 2.12.10-1
CVE-2015-2171 (Middleware/SessionCookie.php in Slim before 2.6.0 allows remote ...)
	NOT-FOR-US: Slim PHP Framework
CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers to ...)
	{DLA-233-1}
	- clamav 0.98.7+dfsg-1
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
CVE-2015-2169 (Cross-site scripting (XSS) vulnerability in Zoho ManageEngine ...)
	NOT-FOR-US: Zoho ManageEngine AssetExplorer
CVE-2015-2168
	REJECTED
CVE-2015-2167 (Open redirect vulnerability in the 3PI Manager in Ericsson Drutt ...)
	NOT-FOR-US: Ericsson
CVE-2015-2166 (Directory traversal vulnerability in the Instance Monitor in Ericsson ...)
	NOT-FOR-US: Ericsson
CVE-2015-2165 (Multiple cross-site scripting (XSS) vulnerabilities in the Report ...)
	NOT-FOR-US: Ericsson
CVE-2015-2164
	RESERVED
CVE-2015-2163
	RESERVED
CVE-2015-2162
	RESERVED
CVE-2015-2161
	RESERVED
CVE-2015-2160
	RESERVED
CVE-2015-2159
	RESERVED
CVE-2015-2156 (Netty before 3.9.8.Final, 3.10.x before 3.10.3.Final, 4.0.x before ...)
	- netty3.1 <removed>
	[wheezy] - netty3.1 <no-dsa> (Minor issue)
	- netty 1:4.0.31-1 (bug #796114)
	[jessie] - netty <no-dsa> (Minor issue)
	[wheezy] - netty <no-dsa> (Minor issue)
	- netty-3.9 3.9.9.Final-1 (bug #793770)
	[jessie] - netty-3.9 <no-dsa> (Minor issue)
	- playframework <itp> (bug #646523)
	[squeeze] - netty <no-dsa> (Minor issue)
	NOTE: http://netty.io/news/2015/05/08/3-9-8-Final-and-3.html
	NOTE: https://www.playframework.com/security/vulnerability/CVE-2015-2156-HttpOnlyBypass
	NOTE: http://web.archive.org/web/20150925094949/http://engineering.linkedin.com/security/look-netty%E2%80%99s-recent-security-update-cve%C2%AD-2015%C2%AD-2156
	NOTE: https://github.com/slandelle/netty/commit/800555417e77029dcf8a31d7de44f27b5a8f79b8
CVE-2015-2155 (The force printer in tcpdump before 4.7.2 allows remote attackers to ...)
	{DSA-3193-1 DLA-174-1}
	- tcpdump 4.6.2-4
	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2154 (The osi_print_cksum function in print-isoclns.c in the ethernet ...)
	{DSA-3193-1 DLA-174-1}
	- tcpdump 4.6.2-4
	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2153 (The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer ...)
	{DSA-3193-1}
	- tcpdump 4.6.2-4
	[squeeze] - tcpdump <not-affected> (Vulnerable code not present)
	NOTE: http://www.ca.tcpdump.org/cve/0002-test-case-files-for-CVE-2015-2153-2154-2155.patch
CVE-2015-2152 (Xen 4.5.x and earlier enables certain default backends when emulating ...)
	- xen 4.4.1-9 (low; bug #780975)
	[wheezy] - xen <no-dsa> (Minor issue, xl not used in wheezy)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-119.html
CVE-2015-2151 (The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore ...)
	{DSA-3181-1}
	- xen 4.4.1-8 (bug #780227)
	[squeeze] - xen <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://xenbits.xen.org/xsa/advisory-123.html
CVE-2015-2150 (Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not ...)
	{DSA-3237-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <not-affected> (xen-pciback introduced in 3.1)
	NOTE: http://xenbits.xen.org/xsa/advisory-120.html
CVE-2015-2149 (Multiple cross-site scripting (XSS) vulnerabilities in the administrative ...)
	NOT-FOR-US: MyBB
CVE-2015-2148 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2147 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2146 (Multiple SQL injection vulnerabilities in Issuetracker phpBugTracker ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2145 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2144 (Multiple cross-site scripting (XSS) vulnerabilities in Issuetracker ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2143 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2142 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: phpBugTracker
CVE-2015-2141 (The InvertibleRWFunction::CalculateInverse function in rw.cpp in ...)
	{DSA-3296-1 DLA-262-1}
	- libcrypto++ 5.6.1-7
	NOTE: https://github.com/weidai11/cryptopp/commit/9425e16437439e68c7d96abef922167d68fafaff
	NOTE: https://eprint.iacr.org/2015/368
CVE-2015-2140 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-2139 (HP Systems Insight Manager (SIM) before 7.5.0, as used in HP Matrix ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2015-2138
	REJECTED
CVE-2015-2137 (Unspecified vulnerability in HP Operations Manager i (OMi) 9.22, 9.23, ...)
	NOT-FOR-US: HP Operations Manager i
CVE-2015-2136 (HP ArcSight Logger before 6.0 P2 allows remote authenticated users to ...)
	NOT-FOR-US: HP ArcSight
CVE-2015-2135 (Unspecified vulnerability in HP Intelligent Provisioning 1.00 through ...)
	NOT-FOR-US: HP Intelligent Provisioning
CVE-2015-2134 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2015-2133
	REJECTED
CVE-2015-2132 (Unspecified vulnerability in the execve system-call implementation in ...)
	NOT-FOR-US: HP HP-UX
CVE-2015-2131
	REJECTED
CVE-2015-2130
	REJECTED
CVE-2015-2129
	REJECTED
CVE-2015-2128
	REJECTED
CVE-2015-2127
	REJECTED
CVE-2015-2126 (Unspecified vulnerability in pppoec in HP HP-UX 11iv2 and 11iv3 allows ...)
	NOT-FOR-US: HP-UX (pppoec)
CVE-2015-2125 (Unspecified vulnerability in HP WebInspect 7.x through 10.4 before ...)
	NOT-FOR-US: HP WebInspect
CVE-2015-2124 (Unspecified vulnerability in Easy Setup Wizard in HP ThinPro Linux 4.1 ...)
	NOT-FOR-US: HP
CVE-2015-2123 (Unspecified vulnerability in HP NonStop Safeguard Security Software ...)
	NOT-FOR-US: HP NonStop Safeguard Security Software
CVE-2015-2122 (The REST layer on HP SDN VAN Controller devices 2.5 and earlier allows ...)
	NOT-FOR-US: HP
CVE-2015-2121 (HP Network Virtualization for LoadRunner and Performance Center 8.61 ...)
	NOT-FOR-US: HP
CVE-2015-2120 (Unspecified vulnerability in HP SiteScope 11.1x before 11.13, 11.2x ...)
	NOT-FOR-US: HP SiteScope
CVE-2015-2119
	REJECTED
CVE-2015-2118 (Unspecified vulnerability in the Secure Pull Print and Security Pull ...)
	NOT-FOR-US: HP Access Control Software
CVE-2015-2117 (HP TippingPoint Security Management System (SMS) and TippingPoint ...)
	NOT-FOR-US: HP TippingPoint
CVE-2015-2116 (Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 ...)
	NOT-FOR-US: HP
CVE-2015-2115 (Unspecified vulnerability in HP Capture and Route Software (HPCR) 1.3 ...)
	NOT-FOR-US: HP Capture and Route
CVE-2015-2114 (HP Support Solution Framework before 11.51.0049 allows remote ...)
	NOT-FOR-US: HP Support Solution Framework
CVE-2015-2113 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
	NOT-FOR-US: HP Thin Clients
CVE-2015-2112 (Unspecified vulnerability in HP Easy Deploy, as distributed standalone ...)
	NOT-FOR-US: HP Thin Clients
CVE-2015-2111 (Unspecified vulnerability in HP Intelligent Provisioning 1.40 through ...)
	NOT-FOR-US: HP Intelligent Provisioning
CVE-2015-2110 (Buffer overflow in HP LoadRunner 11.52 allows remote attackers to ...)
	NOT-FOR-US: HP LoadRunner
CVE-2015-2109 (Unspecified vulnerability in HP Operations Orchestration 10.x allows ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2015-2108 (Unspecified vulnerability in Powershell Operations in HP Operations ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2015-2107 (HP Operations Manager i Management Pack 1.x before 1.01 for SAP allows ...)
	NOT-FOR-US: HP Operations Manager
CVE-2015-2106 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...)
	NOT-FOR-US: HP Integrated Lights-Out
CVE-2015-2105
	RESERVED
CVE-2015-2104
	RESERVED
CVE-2015-2103 (Cross-site scripting (XSS) vulnerability in the admin-login panel ...)
	NOT-FOR-US: Cosmoshop
CVE-2015-2102 (SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 ...)
	NOT-FOR-US: ClipBucket
CVE-2015-2101 (Cross-site scripting (XSS) vulnerability in the Navigate bar in the ...)
	NOT-FOR-US: Navigate module for Drupal
CVE-2013-7434
	RESERVED
CVE-2015-XXXX [heap buffer overflow]
	- bibtool 2.57+ds-3 (bug #779573)
	[squeeze] - bibtool <no-dsa> (Minor issue)
	[wheezy] - bibtool <no-dsa> (Minor issue)
	NOTE: Upstream patch: https://github.com/ge-ne/bibtool/commit/c6ed92c556f28ca2c738972c647486f9e11424bf
CVE-2015-XXXX [dcerpc: exit()'s on malloc failure]
	- suricata 2.0.7-1
	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://github.com/inliniac/suricata/commit/89017d0b03bf715a3f4e11b612c6c7a23549304a
CVE-2015-XXXX [http uri parsing issue]
	- libhtp 1:0.5.25-1 (bug #783007)
	[squeeze] - libhtp <no-dsa> (Minor issue)
	NOTE: if libhtp gets updated to 0.5.17 in sid, it will conflict with suricata which ships the library too (see #783005)
	[wheezy] - libhtp <no-dsa> (Unusable in wheezy, planned for removal)
	- suricata 2.0.7-1
	[wheezy] - suricata <not-affected> (Uses system-wide libhtp)
	[squeeze] - suricata <not-affected> (Uses system-wide libhtp)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1391
	NOTE: https://github.com/OISF/libhtp/commit/1a6c9465fb641f81460392f622d1878d5e87fc00
	NOTE: Fixed in Libhtp 0.5.17 upstream
CVE-2015-XXXX [MATTA-2015-002: Enforce acceptable range for Diffie-Hellman server value]
	- putty 0.63-10
	[wheezy] - putty 0.62-9+deb7u2
	[squeeze] - putty 0.60+2010-02-20-1+squeeze3
	NOTE: temporary workaround until CVE assigned to explitly tag for wheezy+squeeze
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/27/4
	NOTE: http://advisories.mageia.org/MGASA-2015-0098.html
CVE-2015-2172 (DokuWiki before 2014-05-05d and before 2014-09-29c does not properly ...)
	- dokuwiki 0.0.20140929.d-1 (bug #779547)
	[jessie] - dokuwiki 0.0.20140505.a+dfsg-4
	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
	[wheezy] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: present since release_candidate_2013-10-28
	NOTE: https://github.com/splitbrain/dokuwiki/issues/1056
	NOTE: https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
CVE-2015-2158 (Off-by-one error in the pngcrush_measure_idat function in pngcrush.c ...)
	- pngcrush <not-affected> (Vulnerable code not present)
	NOTE: Introduced by http://sourceforge.net/p/pmt/code/ci/e1a36a9639e2db16494d90459c7c2b78677a20bf/ (1.7.83)
	NOTE: Fixed by: http://sourceforge.net/p/pmt/code/ci/a1ce646d00a400fd9ec321ab5cb522f40b7bdfe6/ (1.7.84)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/28/6
CVE-2015-2157 (The (1) ssh2_load_userkey and (2) ssh2_save_userkey functions in PuTTY ...)
	{DSA-3190-1 DLA-173-1}
	- putty 0.63-10 (bug #779488)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped-2.html
CVE-2015-2100
	RESERVED
CVE-2015-2099
	RESERVED
CVE-2015-2098
	RESERVED
CVE-2015-2097 (Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) ...)
	NOT-FOR-US: WESP SDK
CVE-2015-2096 (Use-after-free vulnerability in the Connect function in the ...)
	NOT-FOR-US: WebGate eDVR Manager
CVE-2015-2095 (Heap-based buffer overflow in the SetConnectInfo function in the ...)
	NOT-FOR-US: WebGate eDVR Manager
CVE-2015-2094 (Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 ...)
	NOT-FOR-US: WebGate WinRDS
CVE-2015-2093 (Stack-based buffer overflow in the Connect function in the WebGate ...)
	NOT-FOR-US: WebGate WEbEyeAudio ActiveX control
CVE-2015-2092 (The AnnotationX.AnnList.1 ActiveX control in Agilent Technologies ...)
	NOT-FOR-US: Agilent Technologies Feature Extraction
CVE-2015-2090 (SQL injection vulnerability in the ajax_survey function in ...)
	NOT-FOR-US: ajax_survey function in settings.php in the WordPress Survey and Poll plugin for WordPress
CVE-2015-2089 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin for WordPress
CVE-2015-2088 (Cross-site scripting (XSS) vulnerability in unspecified administration ...)
	NOT-FOR-US: Term Queue model for Drupal
CVE-2015-2087 (Unrestricted file upload vulnerability in the Avatar Uploader module ...)
	NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2015-2086 (Cross-site scripting (XSS) vulnerability in the live preview in the ...)
	NOT-FOR-US: Panopoly Magic module for Drupal
CVE-2014-9687 (eCryptfs 104 and earlier uses a default salt to encrypt the mount ...)
	- ecryptfs-utils 103-4 (bug #780385)
	[wheezy] - ecryptfs-utils <no-dsa> (Minor issue)
	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
	NOTE: http://bazaar.launchpad.net/~ecryptfs/ecryptfs/trunk/revision/839
CVE-2014-9686 (The Googlemaps plugin 3.2 and earlier for Joomla! allows remote ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7433 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7432 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7431 (Full path disclosure in the Googlemaps plugin before 3.1 for Joomla!. ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7430 (Cross-site scripting (XSS) vulnerability in the Googlemaps plugin ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7429 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2013-7428 (The Googlemaps plugin before 3.1 for Joomla! allows remote attackers ...)
	NOT-FOR-US: Googlemaps plugin for Joomla!
CVE-2015-2085
	RESERVED
CVE-2015-2084 (Cross-site request forgery (CSRF) vulnerability in the Easy Social ...)
	NOT-FOR-US: Easy Social Icons plugin for WordPress
CVE-2015-2083 (Cross-site request forgery (CSRF) vulnerability in Ilch CMS allows ...)
	NOT-FOR-US: Ilch CMS
CVE-2015-2082 (Cross-site scripting (XSS) vulnerability in Login.aspx in UNIT4 ...)
	NOT-FOR-US: UNIT4 Prosoft HRMS
CVE-2015-2081 (Datto ALTO and SIRIS devices allow Remote Code Execution via ...)
	NOT-FOR-US: Datto ALTO and SIRIS devices
CVE-2014-9685 (Multiple cross-site scripting (XSS) vulnerabilities in Vanilla Forums ...)
	NOT-FOR-US: Vanilla Forums
CVE-2015-8985 (The pop_fail_stack function in the GNU C Library (aka glibc or libc6) ...)
	- glibc <unfixed> (unimportant; bug #779392)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=21163
	NOTE: DoS via crafted regexps are not considered security issues by glibc upstream
CVE-2015-8984 (The fnmatch function in the GNU C Library (aka glibc or libc6) before ...)
	{DLA-316-1}
	- glibc 2.21-1 (bug #779587)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u9
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18032
	NOTE: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=4a28f4d55a6cc33474c0792fe93b5942d81bf185
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/5
CVE-2011-5320 (scanf and related functions in glibc before 2.15 allow local users to ...)
	{DLA-165-1}
	- glibc 2.15
	- eglibc 2.13-25 (bug #553206)
	NOTE: 2.15 ist the first version recieving the fix, mark with upstream version which should
	NOTE: be handled correctly then by the tracker.
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=13138
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/26/2
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0
	NOTE: CVE assigned specific to the https://sourceware.org/bugzilla/show_bug.cgi?id=13138#c4 issue
CVE-2015-2079
	RESERVED
CVE-2015-2078 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
	NOT-FOR-US: Lavasoft Ad-Aware Web Companion
CVE-2015-2077 (The SDK for Komodia Redirector with SSL Digestor, as used in Lavasoft ...)
	NOT-FOR-US: Lavasoft Ad-Aware Web Companion
CVE-2015-2076 (The Auditing service in SAP BusinessObjects Edge 4.0 allows remote ...)
	NOT-FOR-US: SAP
CVE-2015-2075 (SAP BusinessObjects Edge 4.0 allows remote attackers to delete audit ...)
	NOT-FOR-US: SAP
CVE-2015-2074
	RESERVED
CVE-2015-2073
	RESERVED
CVE-2015-2072 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA 73 ...)
	NOT-FOR-US: SAP
CVE-2015-2071 (Directory traversal vulnerability in cm/newui/blog/export.jsp in ...)
	NOT-FOR-US: eTouch SamePage Enterprise Edition
CVE-2015-2070 (SQL injection vulnerability in eTouch SamePage Enterprise Edition ...)
	NOT-FOR-US: eTouch SamePage Enterprise Edition
CVE-2015-2069 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
	NOT-FOR-US: WooCommerce plugin for WordPress
CVE-2015-2068 (Multiple cross-site scripting (XSS) vulnerabilities in the MAGMI (aka ...)
	NOT-FOR-US: Magento Server
CVE-2015-2067 (Directory traversal vulnerability in web/ajax_pluginconf.php in the ...)
	NOT-FOR-US: Magento Server
CVE-2015-2066 (SQL injection vulnerability in DLGuard 4.5 allows remote attackers to ...)
	NOT-FOR-US: DLGuard
CVE-2015-2065 (SQL injection vulnerability in videogalleryrss.php in the Apptha ...)
	NOT-FOR-US: Apptha WordPress Video Gallery (contus-video-gallery) plugin for WordPress
CVE-2015-2064 (Multiple cross-site scripting (XSS) vulnerabilities in DLGuard 5, 4.6, ...)
	NOT-FOR-US: DLGuard
CVE-2015-2080 (The exception handling code in Eclipse Jetty before 9.2.9.v20150224 ...)
	- jetty <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
	- jetty8 <not-affected> (Only affects 9.2.3.v20140905 through 9.2.8.v20150217)
	NOTE: http://dev.eclipse.org/mhonarc/lists/jetty-announce/msg00074.html
	NOTE: https://github.com/eclipse/jetty.project/blob/master/advisories/2015-02-24-httpparser-error-buffer-bleed.md
	NOTE: http://blog.gdssecurity.com/labs/2015/2/25/jetleak-vulnerability-remote-leakage-of-shared-buffers-in-je.html
CVE-2015-2062
	RESERVED
CVE-2015-2061 (Heap-based buffer overflow in the browser plugin for PTC Creo View ...)
	NOT-FOR-US: PTC Creo View
CVE-2015-2057
	RESERVED
CVE-2015-2056
	RESERVED
CVE-2015-2055 (Zhone GPON 2520 with firmware R4.0.2.566b allows remote attackers to ...)
	NOT-FOR-US: Zhone GPON 2520
CVE-2015-2054 (CRLF injection vulnerability in export.cfg in the web-based ...)
	NOT-FOR-US: Sierra Wireless AirCard
CVE-2015-2053 (The log viewer in McAfee Agent (MA) before 4.8.0 Patch 3 and 5.0.0, ...)
	NOT-FOR-US: McAfee
CVE-2015-2052 (Stack-based buffer overflow in the DIR-645 Wired/Wireless Router Rev. ...)
	NOT-FOR-US: DIR-645 Wired/Wireless Router Rev. Ax
CVE-2015-2051 (The D-Link DIR-645 Wired/Wireless Router Rev. Ax with firmware 1.04b12 ...)
	NOT-FOR-US: D-Link DIR-645 Wired/Wireless Router Rev. Ax
CVE-2015-2050 (D-Link DAP-1320 Rev Ax with firmware before 1.21b05 allows attackers ...)
	NOT-FOR-US: D-Link DAP-1320 Rev Ax
CVE-2015-2049 (Unrestricted file upload vulnerability in D-Link DCS-931L with ...)
	NOT-FOR-US: D-Link DCS-931L
CVE-2015-2048 (Cross-site request forgery (CSRF) vulnerability in D-Link DCS-931L ...)
	NOT-FOR-US: D-Link DCS-931L
CVE-2015-2045 (The HYPERVISOR_xen_version hypercall in Xen 3.2.x through 4.5.x does ...)
	{DSA-3181-1}
	- xen 4.4.1-8
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-122.html
CVE-2015-2044 (The emulation routines for unspecified X86 devices in Xen 3.2.x ...)
	{DSA-3181-1}
	- xen 4.4.1-8
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://xenbits.xen.org/xsa/advisory-121.html
CVE-2015-2043 (Multiple cross-site scripting (XSS) vulnerabilities in Visualware ...)
	NOT-FOR-US: Visualware
CVE-2015-2040 (Cross-site scripting (XSS) vulnerability in the Contact Form DB (aka ...)
	NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-2039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Acobot Live Chat & Contact Form plugin for WordPress
CVE-2015-8983 (Integer overflow in the _IO_wstr_overflow function in libio/wstrops.c ...)
	{DLA-316-1}
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u9
	- glibc 2.21-1 (bug #779587)
	[jessie] - glibc 2.19-18+deb8u2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17269
	NOTE: Fixed upstream in 2.22
	NOTE: Fixed by: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/22/15
CVE-2015-8477 (Cross-site scripting (XSS) vulnerability in Redmine before 2.6.2 ...)
	- redmine 3.0~20140825-5 (low)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://www.redmine.org/projects/redmine/wiki/Changelog_2_6
	NOTE: https://www.redmine.org/projects/redmine/wiki/Security_Advisories
	NOTE: https://www.redmine.org/issues/19117
	NOTE: https://github.com/redmine/redmine/commit/a1f40686ba43d121cbc8c095d2f8cc4095e70352#diff-847ef9328e260b1b93fd165d072b072d
CVE-2005-XXXX [more related to CVE-2005-4890]
	- shadow <unfixed> (unimportant; bug #628843)
	NOTE: only affects the su executable, so if you use sudo you're not affected
CVE-2015-2047 (The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through ...)
	{DSA-3164-1}
	- typo3-src 4.5.40+dfsg1-1 (bug #778870)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2015-001/
CVE-2015-2038
	RESERVED
CVE-2015-2037
	RESERVED
CVE-2015-2036
	RESERVED
CVE-2015-2033 (Anyterm Daemon in Infoblox Network Automation NetMRI before ...)
	NOT-FOR-US: Anyterm Daemon
CVE-2015-2032
	RESERVED
CVE-2015-2031 (Cross-site scripting (XSS) vulnerability in IBM WebSphere eXtreme ...)
	NOT-FOR-US: IBM
CVE-2015-2030 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-2029 (Session fixation vulnerability in IBM WebSphere eXtreme Scale 7.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-2028 (CRLF injection vulnerability in IBM WebSphere eXtreme Scale 7.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-2027 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-2026 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2015-2025 (IBM WebSphere eXtreme Scale 7.1.0 before 7.1.0.3 and 7.1.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-2024
	RESERVED
CVE-2015-2023 (Buffer overflow in IBM i Access 7.1 on Windows allows local users to ...)
	NOT-FOR-US: IBM i Access 7.1 on Windows
CVE-2015-2022
	RESERVED
CVE-2015-2021
	RESERVED
CVE-2015-2020 (The MyScript SDK before 1.3 for Android might allow attackers to ...)
	NOT-FOR-US: MyScript SDK
CVE-2015-2019 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-2018 (IBM Integration Bus 9 and 10 before 10.0.0.1 and WebSphere Message ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-2017 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-2016 (Unspecified vulnerability in IBM QRadar SIEM 7.1 MR2 before Patch 11 ...)
	NOT-FOR-US: IBM
CVE-2015-2015 (Cross-site scripting (XSS) vulnerability in pubnames.ntf (aka the ...)
	NOT-FOR-US: IBM Domino
CVE-2015-2014 (Open redirect vulnerability in the web server in IBM Domino 8.5 before ...)
	NOT-FOR-US: IBM Domino
CVE-2015-2013 (IBM WebSphere MQ 7.0.1 before 7.0.1.13 allows remote attackers to ...)
	NOT-FOR-US: IBM
CVE-2015-2012 (The MQXR service in WMQ Telemetry in IBM WebSphere MQ 7.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-2011 (The xmlrpc.cgi Webmin script in IBM QRadar SIEM 7.1 MR2 before Patch ...)
	NOT-FOR-US: IBM
CVE-2015-2010
	REJECTED
CVE-2015-2009 (Cross-site request forgery (CSRF) vulnerability in the xmlrpc.cgi ...)
	NOT-FOR-US: IBM
CVE-2015-2008 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2007 (Directory traversal vulnerability in IBM Security QRadar SIEM 7.2.x ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2006
	RESERVED
CVE-2015-2005 (IBM Security QRadar SIEM 7.1.x before 7.1 MR2 Patch 12 and 7.2.x ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2015-2004 (The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might ...)
	NOT-FOR-US: GraceNote GNSDK SDK
CVE-2015-2003 (The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might ...)
	NOT-FOR-US: PJSIP PJSUA2 SDK
CVE-2015-2002 (The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow ...)
	NOT-FOR-US: ESRI ArcGis Runtime SDK
CVE-2015-2001 (The MetaIO SDK before 6.0.2.1 for Android might allow attackers to ...)
	NOT-FOR-US: MetaIO SDK
CVE-2015-2000 (The Jumio SDK before 1.5.0 for Android might allow attackers to ...)
	NOT-FOR-US: Jumio SDK
CVE-2015-1999 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1998
	RESERVED
CVE-2015-1997 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1996 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1995 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1994 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1993 (IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 does ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1992 (IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, ...)
	NOT-FOR-US: IBM Systems Director
CVE-2015-1991
	RESERVED
CVE-2015-1990
	RESERVED
CVE-2015-1989 (SQL injection vulnerability in IBM Security QRadar Incident Forensics ...)
	NOT-FOR-US: IBM QRadar
CVE-2015-1988 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Storage Manger ...)
	NOT-FOR-US: IBM
CVE-2015-1987 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2015-1986 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
	NOT-FOR-US: IBM
CVE-2015-1985 (The queue manager on IBM MQ M2000 appliances before 8.0.0.4 allows ...)
	NOT-FOR-US: IBM MQ M2000 appliances
CVE-2015-1984 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
	NOT-FOR-US: IBM
CVE-2015-1983 (Cross-site scripting (XSS) vulnerability in the Projects page in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-1982 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
	NOT-FOR-US: IBM
CVE-2015-1981 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...)
	NOT-FOR-US: IBM
CVE-2015-1980 (IBM InfoSphere Master Data Management Collaborative Edition 9.1, 10.1, ...)
	NOT-FOR-US: IBM
CVE-2015-1979 (Multiple cross-site scripting (XSS) vulnerabilities in the Error ...)
	NOT-FOR-US: IBM
CVE-2015-1978 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Security ...)
	NOT-FOR-US: IBM
CVE-2015-1977 (Directory traversal vulnerability in the Web Administration tool in ...)
	NOT-FOR-US: IBM
CVE-2015-1976 (IBM Security Directory Server could allow an authenticated user to ...)
	NOT-FOR-US: IBM
CVE-2015-1975 (The web administration tool in IBM Tivoli Security Directory Server ...)
	NOT-FOR-US: IBM
CVE-2015-1974 (The web administration tool in IBM Tivoli Security Directory Server ...)
	NOT-FOR-US: IBM
CVE-2015-1973
	RESERVED
CVE-2015-1972 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-1971 (Unspecified vulnerability in Jazz Team Server in Jazz Foundation in ...)
	NOT-FOR-US: IBM
CVE-2015-1970 (The IBM WebSphere DataPower XC10 appliance 2.1 through 2.1.0.3 and 2.5 ...)
	NOT-FOR-US: IBM
CVE-2015-1969 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Common ...)
	NOT-FOR-US: IBM
CVE-2015-1968 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2015-1967 (MQ Explorer in IBM WebSphere MQ before 8.0.0.3 does not recognize the ...)
	NOT-FOR-US: IBM
CVE-2015-1966 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2015-1965 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1964 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1963 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1962 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1961 (The REST API in IBM Business Process Manager (BPM) 7.5.x through ...)
	NOT-FOR-US: IBM
CVE-2015-1960
	RESERVED
CVE-2015-1959 (IBM Tivoli Security Directory Server 6.0 before iFix 75, 6.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-1958 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2015-1957 (IBM WebSphere MQ 7.5.x before 7.5.0.6 and 8.0.x before 8.0.0.3 allows ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2015-1956 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2015-1955 (IBM MQ Light before 1.0.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2015-1954 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1953 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1952 (Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise ...)
	NOT-FOR-US: IBM
CVE-2015-1951 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-1950 (IBM PowerVC Standard Edition 1.2.2.1 through 1.2.2.2 does not require ...)
	NOT-FOR-US: IBM
CVE-2015-1949 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
	NOT-FOR-US: IBM
CVE-2015-1948 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1947 (Untrusted search path vulnerability in IBM InfoSphere BigInsights 3.0, ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2015-1946 (IBM WebSphere Application Server (WAS) 8.5 before 8.5.5.6, and ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1945 (Unspecified vulnerability in the Reference Data Management component ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2015-1944 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1943 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through ...)
	NOT-FOR-US: IBM
CVE-2015-1942 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
	NOT-FOR-US: IBM
CVE-2015-1941 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
	NOT-FOR-US: IBM
CVE-2015-1940
	RESERVED
CVE-2015-1939
	RESERVED
CVE-2015-1938 (The server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 ...)
	NOT-FOR-US: IBM
CVE-2015-1937 (IBM PowerVC 1.2.0.x through 1.2.0.4, 1.2.1.x through 1.2.1.2, and ...)
	NOT-FOR-US: IBM PowerVC
CVE-2015-1936 (The administrative console in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WAS
CVE-2015-1935 (The scalar-function implementation in IBM DB2 9.7 through FP10, 9.8 ...)
	NOT-FOR-US: IBM DB2
CVE-2015-1934 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-1933 (IBM Maximo Asset Management 7.1 through 7.1.1.13, 7.5.0 before 7.5.0.8 ...)
	NOT-FOR-US: IBM
CVE-2015-1932 (IBM WebSphere Application Server 7.x before 7.0.0.39, 8.0.x before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1931
	RESERVED
	NOT-FOR-US: IBM JDK
CVE-2015-1930 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1929 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1928 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2015-1927 (The default configuration of IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WAS
CVE-2015-1926 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle WebCenter Portal
CVE-2015-1925 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1924 (Stack-based buffer overflow in the server in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-1923 (Buffer overflow in the server in IBM Tivoli Storage Manager FastBack ...)
	NOT-FOR-US: IBM
CVE-2015-1922 (The Data Movement implementation in IBM DB2 9.7 through FP10, 9.8 ...)
	NOT-FOR-US: IBM DB2
CVE-2015-1921 (Open redirect vulnerability in IBM WebSphere Portal 8.0.0 before ...)
	NOT-FOR-US: IBM
CVE-2015-1920 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.47, 7.0 ...)
	NOT-FOR-US: IBM
CVE-2015-1919 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM
CVE-2015-1918
	RESERVED
CVE-2015-1917 (Cross-site scripting (XSS) vulnerability in the Active Content ...)
	NOT-FOR-US: IBM
CVE-2015-1916 (Unspecified vulnerability in IBM Java 8 before SR1 allows remote ...)
	NOT-FOR-US: IBM JDK
CVE-2015-1915 (The Endpoint Manager for Remote Control component in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1914 (IBM Java 7 R1 before SR3, 7 before SR9, 6 R1 before SR8 FP4, 6 before ...)
	NOT-FOR-US: IBM JDK
CVE-2015-1913 (Rational Test Control Panel in IBM Rational Test Workbench and ...)
	NOT-FOR-US: IBM
CVE-2015-1912
	RESERVED
CVE-2015-1911 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
	NOT-FOR-US: Sterling Order Management
CVE-2015-1910 (Cross-site scripting (XSS) vulnerability in the Reference Data ...)
	NOT-FOR-US: IBM
CVE-2015-1909 (The XML parser in the Reference Data Management component in the ...)
	NOT-FOR-US: IBM
CVE-2015-1908 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1907 (The Administration and Reporting Tool in IBM Rational License Key ...)
	NOT-FOR-US: IBM Rational License Key Server
CVE-2015-1906 (Cross-site scripting (XSS) vulnerability in the REST API in IBM ...)
	NOT-FOR-US: IBM BPM
CVE-2015-1905 (The REST API in IBM Business Process Manager (BPM) 7.5.x through ...)
	NOT-FOR-US: IBM BPM
CVE-2015-1904 (IBM Business Process Manager (BPM) 8.0.x through 8.0.1.3, 8.5.0 ...)
	NOT-FOR-US: IBM
CVE-2015-1903 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
	NOT-FOR-US: IBM
CVE-2015-1902 (Stack-based buffer overflow in IBM Domino 8.5 before 8.5.3 FP6 IF7 and ...)
	NOT-FOR-US: IBM
CVE-2015-1901 (The installer in IBM InfoSphere Information Server 8.5 through 11.3 ...)
	NOT-FOR-US: IBM
CVE-2015-1900 (IBM InfoSphere DataStage 8.1, 8.5, 8.7, 9.1, and 11.3 through 11.3.1.2 ...)
	NOT-FOR-US: IBM
CVE-2015-1899 (IBM WebSphere Portal 8.5 through CF05 allows remote attackers to cause ...)
	NOT-FOR-US: IBM
CVE-2015-1898 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1897 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1896 (Stack-based buffer overflow in the FastBackMount process in IBM Tivoli ...)
	NOT-FOR-US: IBM
CVE-2015-1895 (IBM InfoSphere Optim Workload Replay 2.x before 2.1.0.3 relies on ...)
	NOT-FOR-US: IBM
CVE-2015-1894 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
	NOT-FOR-US: IBM
CVE-2015-1893 (The IBM WebSphere DataPower XC10 appliance 2.1 before 2.1.0.3 allows ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-1892 (The Multicast DNS (mDNS) responder in IBM Security Access Manager for ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2015-1891
	RESERVED
CVE-2015-1890 (/usr/lpp/mmfs/bin/gpfs.snap in IBM General Parallel File System (GPFS) ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-1889 (The Big SQL component in IBM InfoSphere BigInsights 3.0 through ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2015-1888 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator ...)
	NOT-FOR-US: IBM
CVE-2015-1887 (IBM WebSphere Portal 7.0.0 through 7.0.0.2 CF29, 8.0.0 before 8.0.0.1 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1886 (The Remote Document Conversion Service (DCS) in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-1885 (WebSphereOauth20SP.ear in IBM WebSphere Application Server (WAS) 7.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1884 (Directory traversal vulnerability in IBM Business Process Manager ...)
	NOT-FOR-US: IBM
CVE-2015-1883 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...)
	NOT-FOR-US: IBM DB2
CVE-2015-1882 (Multiple race conditions in IBM WebSphere Application Server (WAS) 8.5 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-1880 (Cross-site scripting (XSS) vulnerability in the sslvpn login page in ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1879 (Cross-site scripting (XSS) vulnerability in the Google Doc Embedder ...)
	NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2015-2042 (net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 (v3.19)
	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3e5048495c8569bfdd552750e0315973c61e7c93 (v2.6.30-rc1)
CVE-2015-2041 (net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b8d9117ccb4f81b1244aafa7bc70ef8fa45fc49 (v3.19-rc7)
	NOTE: (earliest) introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=590232a7150674b2036291eaefce085f3f9659c8 (v2.6.14-rc3)
CVE-2015-2035 (SQL injection vulnerability in the administrative backend in Piwigo ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2015-2034 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2015-1878 (Thales nShield Connect hardware models 500, 1500, 6000, 500+, 1500+, ...)
	NOT-FOR-US: nShield Connect hardware models
CVE-2015-1876 (Directory traversal vulnerability in ES File Explorer 3.2.4.1. ...)
	NOT-FOR-US: ES File Explorer
CVE-2015-1875 (SQL injection vulnerability in a2billing/customer/iridium_threed.php ...)
	NOT-FOR-US: Elastix
CVE-2015-1874 (Cross-site request forgery (CSRF) vulnerability in the Contact Form DB ...)
	NOT-FOR-US: Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin for WordPress
CVE-2015-1873
	RESERVED
CVE-2015-1872 (The ff_mjpeg_decode_sof function in libavcodec/mjpegdec.c in FFmpeg ...)
	{DLA-644-1}
	- ffmpeg 7:2.5.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <removed>
	[jessie] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
	[wheezy] - libav <no-dsa> (Minor issue, can be fixed along in a future DSA)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=fabbfaa095660982cc0bc63242c459561fa37037
CVE-2015-1871
	RESERVED
CVE-2015-1870 (The event scripts in Automatic Bug Reporting Tool (ABRT) uses ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1869
	RESERVED
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1868 (The label decompression functionality in PowerDNS Recursor 3.5.x, ...)
	- pdns 3.4.4-1
	[jessie] - pdns 3.4.1-4+deb8u1
	[wheezy] - pdns <not-affected> (3.2 and up affected)
	[squeeze] - pdns <not-affected> (3.2 and up affected)
	- pdns-recursor 3.7.2-1
	[jessie] - pdns-recursor 3.6.2-2+deb8u1
	[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
	[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
	NOTE: https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/
CVE-2015-1867 (Pacemaker before 1.1.13 does not properly evaluate added nodes, which ...)
	- pacemaker <not-affected> (Vulnerable code not present)
	NOTE: Introduced by: https://github.com/ClusterLabs/pacemaker/commit/f242c1ef (Pacemaker-1.1.12-rc1)
	NOTE: Fixed by: https://github.com/ClusterLabs/pacemaker/commit/84ac07c (Pacemaker-1.1.13-rc2)
CVE-2015-1866 (Cross-site scripting (XSS) vulnerability in Ember.js 1.10.x before ...)
	NOT-FOR-US: ember.js
CVE-2015-1865 (fts.c in coreutils 8.4 allows local users to delete arbitrary files. ...)
	- coreutils 8.13-1 (low)
	[squeeze] - coreutils <no-dsa> (Minor issue)
	NOTE: relevant code changed between 8.5 and 8.13, see https://bugzilla.redhat.com/show_bug.cgi?id=1211300 for details
	NOTE: Issue reproduced in with 8.5 and confirmed to not work with 8.13-3.5
CVE-2015-1864 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- kallithea <itp> (bug #689573)
CVE-2015-1863 (Heap-based buffer overflow in wpa_supplicant 1.0 through 2.4 allows ...)
	{DSA-3233-1}
	- wpa 2.3-2 (bug #783148)
	- wpasupplicant <not-affected> (Vulnerable code present since v1.0)
	NOTE: http://w1.fi/security/2015-1/
	NOTE: Vulnerable are v1.0-v2.4 with CONFIG_P2P build option enabled
	NOTE: CONFIG_P2P enabled since 1.1-1 in debian/config/wpasupplicant/linux
	NOTE: Binary packages built for wheezy are not affected since WiFi P2P is disabled
CVE-2015-1862 (The crash reporting feature in Abrt allows local users to gain ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2015-1861
	RESERVED
CVE-2015-1860 (Multiple buffer overflows in gui/image/qgifhandler.cpp in the QtBase ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1859 (Multiple buffer overflows in plugins/imageformats/ico/qicohandler.cpp ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1858 (Multiple buffer overflows in gui/image/qbmphandler.cpp in the QtBase ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git155-g716fbae+dfsg-2 (bug #783133)
	[jessie] - qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u1
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #783134)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-April/000067.html
CVE-2015-1857 (The odl-mdsal-apidocs feature in OpenDaylight Helium allow remote ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1856 (OpenStack Object Storage (Swift) before 2.3.0, when allow_version is ...)
	- swift 2.2.0-2 (bug #783163)
	[jessie] - swift 2.2.0-1+deb8u1
	[wheezy] - swift <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1430645
CVE-2015-1855 [OpenSSL extension hostname matching implementation violates RFC 6125]
	RESERVED
	{DSA-3247-1 DSA-3246-1 DSA-3245-1 DLA-235-1 DLA-224-1}
	- ruby1.8 <removed>
	- ruby1.9.1 <removed>
	- ruby2.0 <removed>
	- ruby2.1 2.1.5-3
	- ruby2.2 2.2.2-1
	NOTE: https://bugs.ruby-lang.org/issues/9644
	NOTE: https://github.com/ruby/openssl/commit/e9a7bcb8bf2902f907c148a00bbcf21d3fa79596
CVE-2015-1854 (389 Directory Server before 1.3.3.10 allows attackers to bypass ...)
	- 389-ds-base 1.3.3.10-1 (bug #783923)
	NOTE: Patch applied to CentOS package: https://git.centos.org/raw/rpms!389-ds-base.git!/309aa9ee631432d72c845f70df2ce6475055423b/SOURCES!0062-CVE-2015-1854-389ds-base-access-control-bypass-with-.patch
CVE-2015-1853 [authentication doesn't protect symmetric associations against DoS attacks]
	RESERVED
	{DSA-3222-1 DLA-193-1}
	- chrony 1.30-2 (bug #782160)
	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=d856bd34c4862398411d29200520e3a3b1d4569e
CVE-2015-1852 (The s3_token middleware in OpenStack keystonemiddleware before 1.6.0 ...)
	- python-keystonemiddleware 1.5.0-2
	[jessie] - python-keystonemiddleware 1.0.0-3+deb8u1
	- python-keystoneclient 1:1.3.0-2 (bug #783164)
	NOTE: originally fixed in 1:0.10.1-3 but then 1:1.3.0-1 was uploaded without the fix
	[jessie] - python-keystoneclient 1:0.10.1-2+deb8u1
	[wheezy] - python-keystoneclient <not-affected> (s3_token middleware not present)
	NOTE: https://launchpad.net/bugs/1411063
CVE-2015-1851 (OpenStack Cinder before 2014.1.5 (icehouse), 2014.2.x before 2014.2.4 ...)
	{DSA-3292-1}
	- cinder 2015.1.0+2015.06.16.git26.9634b76ba5-1 (bug #788996)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231817
	NOTE: https://bugs.launchpad.net/cinder/+bug/1415087
CVE-2015-1850 [Host file disclosure through qcow2 backing file]
	RESERVED
	- nova <unfixed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2015/06/13/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1231816
	NOTE: According to https://bugs.launchpad.net/cinder/+bug/1415087 not exploitable
	NOTE: in nova, cinder covered by separate CVE ID CVE-2015-1851
CVE-2015-1849 (AdvancedLdapLodinMogule in Red Hat JBoss Enterprise Application ...)
	NOT-FOR-US: JBoss EAP
CVE-2015-1848 (The pcs daemon (pcsd) in PCS 0.9.137 and earlier does not set the ...)
	- pcs <not-affected> (Fixed before initial release to Debian)
	NOTE: https://github.com/feist/pcs/commit/898204596a779673c88097bbdbe2d7ed6ed0cc8b (0.9.140)
CVE-2015-1847 (Directory traversal vulnerability in the web request/response ...)
	NOT-FOR-US: Appserver.io
CVE-2015-1846 (unzoo allows remote attackers to cause a denial of service (infinite ...)
	- unzoo <removed>
CVE-2015-1845 (Buffer overflow in the EntrReadArch function in unzoo might allow ...)
	- unzoo <removed>
CVE-2015-1844 (Foreman before 1.7.5 allows remote authenticated users to bypass ...)
	- foreman <itp> (bug #663101)
CVE-2015-1843 (The Red Hat docker package before 1.5.0-28, when using the ...)
	- docker.io <not-affected> (RHEL specific problem)
CVE-2015-1842 (The puppet manifests in the Red Hat openstack-puppet-modules package ...)
	NOT-FOR-US: openstack-puppet-modules
CVE-2015-1841 (The Web Admin interface in Red Hat Enterprise Virtualization Manager ...)
	NOT-FOR-US: RHEV
CVE-2015-1840 (jquery_ujs.js in jquery-rails before 3.1.3 and 4.x before 4.0.4 and ...)
	- ruby-jquery-rails 4.0.4-1 (bug #790395)
	[jessie] - ruby-jquery-rails <no-dsa> (Minor issue)
	[wheezy] - ruby-jquery-rails <no-dsa> (Minor issue)
	NOTE: https://hackerone.com/reports/49935
	NOTE: https://groups.google.com/forum/#!msg/rubyonrails-security/XIZPbobuwaY/fqnzzpuOlA4J
	NOTE: https://nodesecurity.io/advisories/15
CVE-2015-1839 (modules/chef.py in SaltStack before 2014.7.4 does not properly handle ...)
	- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
	NOTE: https://github.com/saltstack/salt/commit/22d2f7a1ec93300c34e8c42d14ec39d51e610b5c
	NOTE: https://github.com/saltstack/salt/commit/b49d0d4b5ca5c6f31f03e2caf97cef1088eeed81
CVE-2015-1838 (modules/serverdensity_device.py in SaltStack before 2014.7.4 does not ...)
	- salt <not-affected> (Vulnerable code only present in experimental version; introduced in 2014.7.0)
	NOTE: https://github.com/saltstack/salt/commit/e11298d7155e9982749483ca5538e46090caef9c
CVE-2015-1837
	RESERVED
CVE-2015-1836 (Apache HBase 0.98 before 0.98.12.1, 1.0 before 1.0.1.1, and 1.1 before ...)
	NOT-FOR-US: Apache HBase
CVE-2015-1835 (Apache Cordova Android before 3.7.2 and 4.x before 4.0.2, when an ...)
	NOT-FOR-US: Apache Cordova
CVE-2015-1834 (A path traversal vulnerability was identified in the Cloud Foundry ...)
	NOT-FOR-US: Cloud Foundry
CVE-2015-1833 (XML external entity (XXE) vulnerability in Apache Jackrabbit before ...)
	{DSA-3298-1}
	- jackrabbit 2.10.1-1 (bug #787316)
	NOTE: https://issues.apache.org/jira/browse/JCR-3883
CVE-2015-1832 (XML external entity (XXE) vulnerability in the SqlXmlUtil code in ...)
	- derby 10.13.1.1-1
	NOTE: https://issues.apache.org/jira/browse/DERBY-6807
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1691461
	NOTE: Fixed in 10.12.1.1
CVE-2015-1831 (The default exclude patterns (excludeParams) in Apache Struts 2.3.20 ...)
	- libstruts1.2-java <not-affected> (Affects only 2.3.20)
	NOTE: https://struts.apache.org/docs/s2-024.html
CVE-2015-1830 (Directory traversal vulnerability in the fileserver upload/download ...)
	- activemq <not-affected> (Only affects activemq on Windows)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2015-1830-announcement.txt
CVE-2015-1829 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2015-1828 (The Ruby http gem before 0.7.3 does not verify hostnames in SSL ...)
	- ruby-http 1.0.2-2
	[jessie] - ruby-http <no-dsa> (Minor issue)
	NOTE: http.rb failed to call the `#post_connection_check` method on SSL connections.
	NOTE: This method implements hostname verification, and without it `http.rb` was
	NOTE: vulnerable to MitM attacks. The problem was corrected by calling
	NOTE: `#post_connection_check`.
	NOTE: Fixed by: https://github.com/httprb/http/commit/24626bfcdeda1084502575c3fbb6091c9e2815e0
CVE-2015-1827 (The get_user_grouplist function in the extdom plug-in in FreeIPA ...)
	- freeipa <not-affected> (Only affects 4.1, see bug #781224)
	NOTE: https://fedorahosted.org/freeipa/ticket/4908
CVE-2015-1826
	RESERVED
CVE-2015-1825
	RESERVED
CVE-2015-1824
	RESERVED
CVE-2015-1823
	RESERVED
CVE-2015-1822 (chrony before 1.31.1 does not initialize the last &quot;next&quot; pointer when ...)
	{DSA-3222-1 DLA-193-1}
	- chrony 1.30-2 (bug #782160)
	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=79eacdb7e694c7e6681b68006425df3faca51aec
CVE-2015-1821 (Heap-based buffer overflow in chrony before 1.31.1 allows remote ...)
	{DSA-3222-1 DLA-193-1}
	- chrony 1.30-2 (bug #782160)
	NOTE: Fix: http://git.tuxfamily.org/chrony/chrony.git/commit/?h=1.31-security&id=cf19042ecb656b8afec0cc4906e7dd3ea9266ac8
CVE-2015-1820 (REST client for Ruby (aka rest-client) before 1.8.0 allows remote ...)
	- ruby-rest-client 1.6.7-6 (bug #781238)
	[wheezy] - ruby-rest-client <no-dsa> (The correction introduces a dependency on a package not available in wheezy)
	- librestclient-ruby <removed>
	[wheezy] - librestclient-ruby <not-affected> (Vulnerability introduced in 1.6.1, wheezy has 1.6.0)
	[squeeze] - librestclient-ruby <not-affected> (Vulnerability introduced in 1.6.1, squeeze has 1.6.0)
	NOTE: https://github.com/rest-client/rest-client/issues/369
	NOTE: Patch: https://github.com/rest-client/rest-client/pull/365.patch (will need new dependency to ruby-http-cookie)
CVE-2015-1819 (The xmlreader in libxml allows remote attackers to cause a denial of ...)
	{DSA-3430-1 DLA-266-1}
	- libxml2 2.9.2+really2.9.1+dfsg1-0.1 (low; bug #782782)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=213f1fe0d76d30eaed6e5853057defc43e6df2c9
	NOTE: Concerns by Florian Weimer: https://bugzilla.gnome.org/show_bug.cgi?id=748278
CVE-2015-1818 (XML external entity (XXE) vulnerability in the dashbuilder import ...)
	NOT-FOR-US: JBoss dashbuilder
CVE-2015-1817 (Stack-based buffer overflow in the inet_pton function in ...)
	- musl 1.1.5-2 (bug #781497)
CVE-2015-1816 (Forman before 1.7.4 does not verify SSL certificates for LDAP ...)
	- foreman <itp> (bug #663101)
CVE-2015-1815 (The get_rpm_nvr_by_file_path_temporary function in util.py in ...)
	NOT-FOR-US: setroubleshoot
CVE-2015-1814 (The API token-issuing service in Jenkins before 1.606 and LTS before ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1813 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1812 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.606 and ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-03-23
CVE-2015-1811 [External entity processing in XML can reveal sensitive local files (SECURITY-167)]
	RESERVED
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1810 (The HudsonPrivateSecurityRealm class in Jenkins before 1.600 and LTS ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1809 [external entity injection via XPath (SECURITY-165)]
	RESERVED
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1808 (Jenkins before 1.600 and LTS before 1.596.1 allows remote ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1807 (Directory traversal vulnerability in Jenkins before 1.600 and LTS ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1806 (The combination filter Groovy script in Jenkins before 1.600 and LTS ...)
	- jenkins <removed> (bug #781223)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-02-27
CVE-2015-1805 (The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in ...)
	{DSA-3290-1 DLA-246-1}
	- linux 3.16.2-2
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f0d1bec9d58d4c038d0ac958c9af82be6eb18045 (v3.16-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=637b58c2887e5e57850865839cc75f59184b23d1 (v3.15-rc1)
CVE-2015-1804 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont ...)
	{DSA-3194-1 DLA-183-1}
	- libxfont 1:1.5.1-1
	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
CVE-2015-1803 (The bdfReadCharacters function in bitmap/bdfread.c in X.Org libXfont ...)
	{DSA-3194-1 DLA-183-1}
	- libxfont 1:1.5.1-1
	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
CVE-2015-1802 (The bdfReadProperties function in bitmap/bdfread.c in X.Org libXfont ...)
	{DSA-3194-1 DLA-183-1}
	- libxfont 1:1.5.1-1
	NOTE: http://lists.x.org/archives/xorg-announce/2015-March/002550.html
CVE-2015-1801 (The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 ...)
	NOT-FOR-US: Samsung
CVE-2015-1800 (The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 ...)
	NOT-FOR-US: Samsung
CVE-2015-1799 (The symmetric-key feature in the receive function in ntp_proto.c in ...)
	{DSA-3223-1 DLA-192-1}
	- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2781
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#Authentication_doesn_t_protect_s
CVE-2015-1798 (The symmetric-key feature in the receive function in ntp_proto.c in ...)
	{DSA-3223-1 DLA-192-1}
	- ntp 1:4.2.6.p5+dfsg-6 (bug #782095)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2779
	NOTE: http://support.ntp.org/bin/view/Main/SecurityNotice#ntpd_accepts_unauthenticated_pac
CVE-2015-1797
	REJECTED
CVE-2015-1796 (The PKIX trust engines in Shibboleth Identity Provider before 2.4.4 ...)
	- libopensaml2-java <removed> (bug #780383)
	[jessie] - libopensaml2-java <no-dsa> (Minor issue)
	NOTE: Only change between 2.6.4 and 2.6.5 seems http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/saml2/metadata/provider/AbstractReloadingMetadataProvider.java?r1=1656&r2=1680
	NOTE: http://shibboleth.net/community/advisories/secadv_20150225.txt
CVE-2015-1795 (Red Hat Gluster Storage RPM Package 3.2 allows local users to gain ...)
	- glusterfs <not-affected> (Vulnerable code specific to glusterfs.spec and not present in source in Debian)
CVE-2015-1794 (The ssl3_get_key_exchange function in ssl/s3_clnt.c in OpenSSL 1.0.2 ...)
	- openssl 1.0.2e-1
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: https://www.openssl.org/news/secadv/20151203.txt
CVE-2015-1793 (The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL ...)
	- openssl 1.0.2d-1
	[jessie] - openssl <not-affected> (Vulnerable code not present)
	[wheezy] - openssl <not-affected> (Vulnerable code not present)
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: http://openssl.org/news/secadv/20150709.txt
CVE-2015-1792 (The do_free_upto function in crypto/cms/cms_smime.c in OpenSSL before ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1791 (Race condition in the ssl3_get_new_session_ticket function in ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=98ece4eebfb6cd45cc8d550c6ac0022965071afc
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=dcad51bc13c9b716d9a66248bcc4038c071ff158
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=708cf593587e2fda67dae9782991ff9fccc781eb
CVE-2015-1790 (The PKCS7_dataDecodefunction in crypto/pkcs7/pk7_doit.c in OpenSSL ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1789 (The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.2b-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1788 (The BN_GF2m_mod_inv function in crypto/bn/bn_gf2m.c in OpenSSL before ...)
	{DSA-3287-1}
	- openssl 1.0.2b-1
	[squeeze] - openssl <not-affected> (Vulnerable code got introduced post 1.0.0)
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2015-1787 (The ssl3_get_client_key_exchange function in s3_srvr.c in OpenSSL ...)
	- openssl <not-affected> (Vulnerable version never in unstable)
	NOTE: did affect 1.0.2 (only in experimental) and 1.0.2a was uploaded to unstable
CVE-2015-1786 (Cross-site request forgery (CSRF) vulnerability in Zend/Validator/Csrf ...)
	- zendframework <not-affected> (the vulnerability was introduced specifically in the 2.3 series)
	NOTE: http://framework.zend.com/security/advisory/ZF2015-03
CVE-2015-1785
	RESERVED
CVE-2015-1784
	RESERVED
CVE-2015-1783 (The prefix variable in the get_or_define_ns function in Lasso before ...)
	- lasso 2.4.1-1
	[wheezy] - lasso <not-affected> (Vulnerable code introduced later)
	[squeeze] - lasso <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=6d854cef4211cdcdbc7446c978f23ab859847cdd (v2.4.1)
	NOTE: Introduced by: https://repos.entrouvert.org/lasso.git/commit/lasso/xml?id=154812b401e3845977b3a4892dbc5e5a0b9d03cf (v2.4.0)
CVE-2015-1782 (The kex_agree_methods function in libssh2 before 1.5.0 allows remote ...)
	{DSA-3182-1 DLA-171-1}
	- libssh2 1.4.3-4.1 (bug #780249)
	NOTE: http://www.libssh2.org/adv_20150311.html
CVE-2015-1781 (Buffer overflow in the gethostbyname_r and other unspecified NSS ...)
	{DSA-3480-1 DLA-230-1}
	[experimental] - glibc 2.21-0experimental1
	- glibc 2.19-20 (bug #796105)
	[jessie] - glibc 2.19-18+deb8u1
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=18287
	NOTE: Upstream commit: https://sourceware.org/git/?p=glibc.git;a=commit;h=2959eda9272a03386
CVE-2015-1780
	RESERVED
	NOT-FOR-US: oVirt Engine backend
CVE-2015-1779 (The VNC websocket frame decoder in QEMU allows remote attackers to ...)
	{DSA-3259-1}
	- qemu 1:2.3+dfsg-1 (bug #781250)
	[wheezy] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
	[squeeze] - qemu <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
	- qemu-kvm <not-affected> (Websocket protocol support introduced in v1.4.0-rc0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04894.html
	NOTE: Original patches have problem: https://lists.gnu.org/archive/html/qemu-devel/2015-03/msg04995.html
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=a2bebfd6e09d
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=2cdb5e142fb93
CVE-2015-1778 (The custom authentication realm used by karaf-tomcat's &quot;opendaylight&quot; ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1777 (rhnreg_ks in Red Hat Network Client Tools (aka rhn-client-tools) on ...)
	- rhn-client-tools <unfixed> (unimportant; bug #779817)
	NOTE: No security impact, this tool performs a registration at Red Hat Network,
	NOTE: which would fail, but no practical security impact
CVE-2015-1776 (Apache Hadoop 2.6.x encrypts intermediate data generated by a ...)
	- hadoop <itp> (bug #793644)
CVE-2015-1775 (Server-side request forgery (SSRF) vulnerability in the proxy endpoint ...)
	NOT-FOR-US: Apache Ambari
CVE-2015-1774 (The HWP filter in LibreOffice before 4.3.7 and 4.4.x before 4.4.2 and ...)
	{DSA-3236-1}
	- libreoffice 1:4.4.2-1
CVE-2015-1773 (Cross-site scripting (XSS) vulnerability in asdoc/templates/index.html ...)
	- flex-sdk <itp> (bug #602499)
CVE-2015-1772 (The LDAP implementation in HiveServer2 in Apache Hive before 1.0.1 and ...)
	NOT-FOR-US: Apache Hive
CVE-2015-1771 (Cross-site request forgery (CSRF) vulnerability in the web ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2015-1770 (Microsoft Office 2013 SP1 and 2013 RT SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1769 (Mount Manager in Microsoft Windows Vista SP2, Windows Server 2008 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1768 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1767 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1766 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1764 (The web applications in Microsoft Exchange Server 2013 SP1 and ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2015-1763 (Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2015-1762 (Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2015-1761 (Microsoft SQL Server 2008 SP3 and SP4, 2008 R2 SP2 and SP3, 2012 SP1 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2015-1760 (Microsoft Office Compatibility Pack SP3, Office 2010 SP2, Office 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1759 (Microsoft Office Compatibility Pack SP3 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1758 (Untrusted search path vulnerability in the LoadLibrary function in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1757 (Cross-site scripting (XSS) vulnerability in adfs/ls in Active ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1756 (Use-after-free vulnerability in Microsoft Common Controls in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1755 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1754 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1753 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1752 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1751 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1750 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1749
	REJECTED
CVE-2015-1748 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1747 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1746
	REJECTED
CVE-2015-1745 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1744 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1743 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1742 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1741 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1740 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1739 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1738 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1737 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1736 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1735 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1734
	REJECTED
CVE-2015-1733 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1732 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1731 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1730 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1729 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1728 (Microsoft Windows Media Player 10 through 12 allows remote attackers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1727 (Buffer overflow in the kernel-mode drivers in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1726 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1725 (Buffer overflow in the kernel-mode drivers in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1724 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1723 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1722 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1721 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1720 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1719 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2 and R2 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1718 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1717 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1716 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1715 (Microsoft Silverlight 5 before 5.1.40416.00 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-1714 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1713 (Microsoft Internet Explorer 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1712 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1711 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1710 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1709 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1708 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1707
	REJECTED
CVE-2015-1706 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1705 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1704 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1703 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1702 (The Service Control Manager (SCM) in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1701 (Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1700 (Microsoft SharePoint Server 2007 SP3, SharePoint Foundation 2010 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2015-1699 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1698 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1697 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1696 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1695 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1694 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1693
	REJECTED
CVE-2015-1692 (Microsoft Internet Explorer 7 through 11 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1691 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1690
	REJECTED
CVE-2015-1689 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1688 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1687 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1686 (The Microsoft (1) VBScript 5.6 through 5.8 and (2) JScript 5.6 through ...)
	NOT-FOR-US: Microsoft
CVE-2015-1685 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1684 (VBScript.dll in the Microsoft VBScript 5.6 through 5.8 engine, as used ...)
	NOT-FOR-US: Microsoft
CVE-2015-1683 (Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2015-1682 (Microsoft Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Word ...)
	NOT-FOR-US: Microsoft
CVE-2015-1681 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1680 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1679 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1678 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1677 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1676 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2015-1675 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1674 (The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1673 (The Windows Forms (aka WinForms) libraries in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2015-1672 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1671 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2015-1670 (The Windows DirectWrite library, as used in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2015-1669
	REJECTED
CVE-2015-1668 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1667 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1666 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1665 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1664
	REJECTED
CVE-2015-1663
	REJECTED
CVE-2015-1662 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1661 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1660 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1659 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1658 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1657 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1656
	REJECTED
CVE-2015-1655
	REJECTED
CVE-2015-1654
	REJECTED
CVE-2015-1653 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2015-1652 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1651 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Word Viewer, ...)
	NOT-FOR-US: Microsoft
CVE-2015-1650 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1649 (Use-after-free vulnerability in Microsoft Word 2007 SP3, Office 2010 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1648 (ASP.NET in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, ...)
	NOT-FOR-US: Microsoft
CVE-2015-1647 (Virtual Machine Manager (VMM) in Hyper-V in Microsoft Windows 8.1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1646 (Microsoft XML Core Services (aka MSXML) 3.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2015-1645 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1644 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1643 (Microsoft Windows Server 2003 R2, Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1642 (Microsoft Office 2007 SP3, 2010 SP2, and 2013 SP1 allows remote ...)
	NOT-FOR-US: Microsoft Office
CVE-2015-1641 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-1640 (Cross-site scripting (XSS) vulnerability in Microsoft Project Server ...)
	NOT-FOR-US: Microsoft
CVE-2015-1639 (Cross-site scripting (XSS) vulnerability in Microsoft Office for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2015-1638 (Microsoft Active Directory Federation Services (AD FS) 3.0 on Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-1637 (Schannel (aka Secure Channel) in Microsoft Windows Server 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2015-1636 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2015-1635 (HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-1634 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1633 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2015-1632 (Cross-site scripting (XSS) vulnerability in errorfe.aspx in Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2015-1631 (Microsoft Exchange Server 2013 SP1 and Cumulative Update 7 allows ...)
	NOT-FOR-US: Microsoft
CVE-2015-1630 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
	NOT-FOR-US: Microsoft
CVE-2015-1629 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
	NOT-FOR-US: Microsoft
CVE-2015-1628 (Cross-site scripting (XSS) vulnerability in Outlook Web App (OWA) in ...)
	NOT-FOR-US: Microsoft
CVE-2015-1627 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1626 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1625 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1624 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1623 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1622 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-1621 (Cross-site scripting (XSS) vulnerability in the Webform prepopulate ...)
	NOT-FOR-US: Webform module for Drupal
CVE-2015-1620
	RESERVED
CVE-2015-1619 (Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2015-1618 (The ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2015-1617 (Cross-site scripting (XSS) vulnerability in the ePO extension in ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2015-1616 (SQL injection vulnerability in the ePO extension in McAfee Data Loss ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2015-1615
	RESERVED
CVE-2015-1613 (RhodeCode before 2.2.7 allows remote authenticated users to obtain API ...)
	NOT-FOR-US: RhodeCode
CVE-2015-1612 (OpenFlow plugin for OpenDaylight before Helium SR3 allows remote ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1611 (OpenFlow plugin for OpenDaylight before Helium SR3 allows remote ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1610 (hosttracker in OpenDaylight l2switch allows remote attackers to change ...)
	NOT-FOR-US: OpenDaylight
CVE-2015-1609 (MongoDB before 2.4.13 and 2.6.x before 2.6.8 allows remote attackers ...)
	- mongodb 1:2.4.10-5 (bug #780129)
	[wheezy] - mongodb <not-affected> (BSONElement::validate() checks length, problematic code introduced later)
	[squeeze] - mongodb <not-affected> (BSONElement::validate() checks length (db/jsobj.cpp +589))
	NOTE: https://jira.mongodb.org/browse/SERVER-17264
	NOTE: Fast bson validate introduced with https://github.com/mongodb/mongo/commit/6889d1658136c753998b4a408dc8d1a3ec28e3b9 (r2.3.2)
CVE-2015-1608 (Topline Opportunity Form (aka XLS Opp form) before 2015-02-15 does not ...)
	NOT-FOR-US: Topline Opportunity Form
CVE-2015-1605 (Multiple SQL injection vulnerabilities in Dell ScriptLogic Asset ...)
	NOT-FOR-US: Dell ScriptLogic Asset Manager
CVE-2015-1602 (Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 ...)
	NOT-FOR-US: Siemens
CVE-2015-1601 (Siemens SIMATIC STEP 7 (TIA Portal) 12 and 13 before 13 SP1 Upd1 ...)
	NOT-FOR-US: Siemens
CVE-2015-1599 (The Siemens SPCanywhere application for iOS allows physically ...)
	NOT-FOR-US: Siemens SPCanywhere application for iOS
CVE-2015-1598 (The Siemens SPCanywhere application for Android does not properly ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1597 (The Siemens SPCanywhere application for Android does not use ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1596 (The Siemens SPCanywhere application for Android and iOS does not ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1595 (The Siemens SPCanywhere application for Android and iOS does not use ...)
	NOT-FOR-US: Siemens SPCanywhere application for Android
CVE-2015-1594 (Untrusted search path vulnerability in Siemens SIMATIC ProSave before ...)
	NOT-FOR-US: Siemens
CVE-2013-7427
	RESERVED
CVE-2012-6688
	RESERVED
CVE-2015-XXXX [incorrect memory management in Gtk2::Gdk::Display::list_devices]
	- libgtk2-perl 2:1.2492-4
	[wheezy] - libgtk2-perl 2:1.244-1+deb7u1
	[squeeze] - libgtk2-perl 2:1.222-1+deb6u1
	NOTE: wheezy/squeeze tagged entry as workaround/reminder for when CVE is assigned
	NOTE: CVE needs to be added to data/D[SL]A/list
	NOTE: https://mail.gnome.org/archives/gtk-perl-list/2015-January/msg00039.html
	NOTE: https://bugs.mageia.org/show_bug.cgi?id=15173
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/20/14
CVE-2015-XXXX [Linux ASLR mmap weakness: Reducing entropy by half]
	- linux 4.0.2-1
	[jessie] - linux 3.16.7-ckt17-1
	[wheezy] - linux 3.2.71-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (powerpc not supported in Squeeze LTS)
	NOTE: http://hmarco.org/bugs/linux-ASLR-reducing-mmap-by-half.html
	NOTE: arm64 affected from v3.7 to v3.18 (fixed in 3.16.7-ckt12)
	NOTE: powerpc affected from v2.6.30 to 3.2 (pending for 3.2.70)
	NOTE: Fix for arm64: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d6c763afab
	NOTE: Fix for ppc: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?fa8cbaaf5a68
CVE-2015-2060 [directory traversal; related to overlong utf-8 encoding for /]
	RESERVED
	- cabextract 1.6-1 (bug #778753)
	[jessie] - cabextract <no-dsa> (Minor issue)
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/18/3
	NOTE: Upstream commit: http://sourceforge.net/p/libmspack/code/217
	NOTE: CVE assigned for issue were path traversal occurs because the unpatched
	NOTE: code does neither of the following: 1) checking for slashes after decoding
	NOTE: 2) checking for ordinary slashes before decoding and prohibiting overlong
	NOTE: encodings
CVE-2015-2297 (nanohttp in libcsoap allows remote attackers to cause a denial of ...)
	- libcsoap <removed> (bug #778599)
	[squeeze] - libcsoap <no-dsa> (Minor issue)
	[wheezy] - libcsoap <no-dsa> (Minor issue)
	NOTE: CVE assigned only for the null pointer dereference, not all issues in
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/2
CVE-2014-9684 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through ...)
	- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: https://review.openstack.org/#/c/122427/
CVE-2014-9683 (Off-by-one error in the ecryptfs_decode_from_filename function in ...)
	{DSA-3170-1 DLA-246-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=942080643bce061c3dd9d5718d3b745dcb39a8bc (v3.19-rc1)
CVE-2013-7436 (noVNC before 0.5 does not set the secure flag for a cookie in an https ...)
	- novnc 1:0.4+dfsg+1+20131010+gitf68af8af3d-4 (bug #778618)
	[wheezy] - novnc <not-affected> (Only an issue in combination with later OpenStack components)
	NOTE: https://github.com/kanaka/noVNC/commit/ad941faddead705cd611921730054767a0b32dcd
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/17/1
CVE-2015-2091 (The authentication hook (mgs_hook_authz) in mod-gnutls 0.5.10 and ...)
	{DSA-3177-1 DLA-170-1}
	- mod-gnutls 0.6-1.3 (bug #578663)
	NOTE: https://github.com/airtower-luna/mod_gnutls/commit/5a8a32bbfb8a83fe6358c5c31c443325a7775fc2
CVE-2009-5144 (mod-gnutls does not validate client certificates when ...)
	- mod-gnutls 0.5.6-1 (bug #578663)
	NOTE: http://issues.outoforder.cc/view.php?id=93
CVE-2014-9682 (The dns-sync module before 0.1.1 for node.js allows context-dependent ...)
	NOT-FOR-US: node-dns-sync
CVE-2014-XXXX [more to CVE-2014-6585]
	[experimental] - icu 55.1-1
	- icu 52.1-10 (low; bug #778511)
	[jessie] - icu 52.1-8+deb8u2
	[wheezy] - icu 4.8.1.1-12+deb7u3
	[squeeze] - icu <not-affected> (All relevant changes already applied)
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37086
	NOTE: icu_4.4.1-8+squeeze3 already has the full patch except for the changes in source/layout/ContextualSubstSubtables.cpp which are commented out anyway... and the remaining if test is probably only meaningful when the backtrackClassArray call is uncommented.
CVE-2015-1614 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin image-metadata-cruncher
CVE-2015-1607 [memcpy with overlapping ranges, resulting from incorrect bitwise left shifts]
	RESERVED
	[experimental] - gnupg2 2.1.2-1
	- gnupg2 2.0.26-5 (bug #778577)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	[squeeze] - gnupg2 <no-dsa> (Minor issue)
	- gnupg 1.4.18-7 (bug #778652)
	[wheezy] - gnupg <no-dsa> (Too intrusive to backport; minor issue)
	[squeeze] - gnupg <no-dsa> (Too intrusive to backport; minor issue)
	NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=2183683bd633818dd031b090b5530951de76f392
CVE-2015-1606 [use after free resulting from failure to skip invalid packets]
	RESERVED
	{DSA-3184-1 DLA-175-1}
	[experimental] - gnupg2 2.1.2-1
	- gnupg2 2.0.26-5 (bug #778577)
	[wheezy] - gnupg2 <no-dsa> (Minor issue)
	[squeeze] - gnupg2 <no-dsa> (Minor issue)
	- gnupg 1.4.18-7 (bug #778652)
	[squeeze] - gnupg <no-dsa> (Minor issue)
	NOTE: https://blog.fuzzing-project.org/5-Multiple-issues-in-GnuPG-found-through-keyring-fuzzing-TFPA-0012015.html
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=f0f71a721ccd7ab9e40b8b6b028b59632c0cc648
CVE-2015-1604 (Unrestricted file upload vulnerability in asys/site/files.php in ...)
	NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1603 (Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems ...)
	NOT-FOR-US: Landsknecht Adminsystems
CVE-2015-1600 (Information disclosure vulnerability in Netatmo Indoor Module firmware ...)
	NOT-FOR-US: Netatmo Weather Station
CVE-2015-1588 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2015-1587 (Unrestricted file upload vulnerability in file_to_index.php in Maarch ...)
	NOT-FOR-US: Maarch LetterBox
CVE-2015-1586
	RESERVED
CVE-2015-1585 (Fat Free CRM before 0.13.6 allows remote attackers to conduct ...)
	NOT-FOR-US: Fat Free CRM
CVE-2015-1584
	RESERVED
CVE-2015-1583
	RESERVED
	NOT-FOR-US: ATutor
CVE-2015-1582 (Multiple cross-site scripting (XSS) vulnerabilities in the Spider ...)
	NOT-FOR-US: Spider Facebook plugin for WordPress
CVE-2015-1581 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Mobile Domain plugin for WordPress
CVE-2015-1580 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Redirection Page plugin for WordPress
CVE-2015-1579 (Directory traversal vulnerability in the Elegant Themes Divi theme for ...)
	NOT-FOR-US: Elegant Themes Divi theme for WordPress
CVE-2015-1578 (Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow ...)
	NOT-FOR-US: u5CMS
CVE-2015-1577 (Directory traversal vulnerability in u5admin/deletefile.php in u5CMS ...)
	NOT-FOR-US: u5CMS
CVE-2015-1576 (Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow ...)
	NOT-FOR-US: u5CMS
CVE-2015-1575 (Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before ...)
	NOT-FOR-US: u5CMS
CVE-2015-1574 (The Google Email application 4.2.2.0200 for Android allows remote ...)
	NOT-FOR-US: Google Email application for Android
CVE-2013-7425
	RESERVED
CVE-2014-9678 (FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers ...)
	NOT-FOR-US: FlexPaper
CVE-2014-9677 (Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in ...)
	NOT-FOR-US: FlexPaper
CVE-2015-1593 (The stack randomization feature in the Linux kernel before 3.19.1 on ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt7-1
	- linux-2.6 <removed>
	NOTE: http://hmarco.org/bugs/linux-ASLR-integer-overflow.html
	NOTE: https://lkml.org/lkml/2015/2/14/61
CVE-2015-1592 (Movable Type Pro, Open Source, and Advanced before 5.2.12 and Pro and ...)
	{DSA-3183-1}
	- movabletype-opensource <removed>
	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://movabletype.org/news/2015/02/movable_type_607_and_5212_released_to_close_security_vulnera.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/2
CVE-2015-1572 (Heap-based buffer overflow in closefs.c in the libext2fs library in ...)
	{DSA-3166-1 DLA-162-1}
	- e2fsprogs 1.42.12-1.1 (bug #778948)
	NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=49d0fe2a14f2a23da2fe299643379b8c1d37df73
CVE-2015-1571 (** DISPUTED ** The CAPWAP DTLS protocol implementation in Fortinet ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1570 (The Endpoint Control protocol implementation in Fortinet FortiClient ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2015-1569 (Fortinet FortiClient 5.2.028 for iOS does not validate certificates, ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer ...)
	{DSA-3195-1 DLA-444-1 DLA-233-1}
	- php5 5.6.6+dfsg-1 (low; bug #778389)
	- olsrd <not-affected> (only when building on Android, see bug #778390)
	- llvm-toolchain-3.4 <removed> (low; bug #778391)
	[jessie] - llvm-toolchain-3.4 <no-dsa> (Minor issue)
	- llvm-toolchain-3.5 1:3.5.2-2 (low; bug #778392)
	[jessie] - llvm-toolchain-3.5 <no-dsa> (Minor issue)
	- llvm-toolchain-3.6 1:3.6-1 (bug #778393)
	- llvm-toolchain-3.7 1:3.7~+rc3-1
	- llvm-toolchain-snapshot 1:3.8~svn245286-1 (bug #778394)
	- haskell-regex-posix <not-affected> (only when building on Windows, see bug #778395)
	- cups <not-affected> (Local regex copy only used when building on Windows, see #778396)
	- librcsb-core-wrapper 1.005-3 (bug #778397)
	- openrpt <unfixed> (unimportant; bug #778398)
	- z88dk <not-affected> (Local regex copy only used when building on Windows, see bug #778399)
	- newlib 2.0.0-1 (bug #778408)
	[squeeze] - newlib <no-dsa> (Minor issue)
	[wheezy] - newlib <no-dsa> (Minor issue)
	- yap 6.2.2-3 (low; bug #778410)
	[jessie] - yap <no-dsa> (Minor issue)
	[squeeze] - yap <no-dsa> (Minor issue)
	[wheezy] - yap <no-dsa> (Minor issue)
	- vnc4 4.1.1+X4.3.0+t-1 (unimportant; bug #778403)
	NOTE: affected code not built in vnc4, starting with 4.1.1+X4.3.0+t-1 it's a transitional package
	- sma <not-affected> (Local regex copy only used when building on Windows, see #778411)
	- clamav 0.98.7+dfsg-1 (unimportant; bug #778406)
	[jessie] - clamav 0.98.7+dfsg-0+deb8u1
	[wheezy] - clamav 0.98.7+dfsg-0+deb7u1
	[squeeze] - clamav 0.98.7+dfsg-0+deb6u1
	NOTE: Only exploitable through virusdb updates, which need to be trusted anywaya
	- knews <not-affected> (Uses system regex code, see #778401)
	- radare2 0.10.5+dfsg-1 (low; bug #778402)
	[jessie] - radare2 <no-dsa> (Minor issue)
	[wheezy] - radare2 <no-dsa> (Minor issue)
	- efl <not-affected> (Only used when building on Windows, see #778414)
	- ptlib <unfixed> (unimportant; bug #778404)
	NOTE: ptlib uses the regex code from glibc, local fallback code not used
	- alpine <not-affected> (alpine uses the regex code from glibc, local fallback code not used, bug #778413)
	- vigor 0.016-24 (unimportant; bug #778409)
	[wheezy] - vigor 0.016-19+deb7u1
	- nvi 1.81.6-13 (unimportant; bug #778412)
	NOTE: No security impact in nvi/vigor and openrpt
	NOTE: http://www.kb.cert.org/vuls/id/695940
	NOTE: https://guidovranken.wordpress.com/2015/02/04/full-disclosure-heap-overflow-in-h-spencers-regex-library-on-32-bit-systems/
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/16/8
CVE-2015-XXXX [insecure storage of password in the NUT-monitor app]
	- nut 2.7.2-2 (low; bug #777706)
	[wheezy] - nut <no-dsa> (Minor issue)
	[squeeze] - nut <no-dsa> (Minor issue)
CVE-2015-1881 (OpenStack Image Registry and Delivery Service (Glance) 2014.2 through ...)
	- glance <not-affected> (Only affects 2014.2.x releases, only present in experimental)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: https://review.openstack.org/#/c/156553
CVE-2015-1877 [command injection vulnerability]
	RESERVED
	{DSA-3165-1 DLA-217-1}
	- xdg-utils 1.1.0~rc1+git20111210-7.4 (bug #777722)
CVE-2015-1568 (Cross-site request forgery (CSRF) vulnerability in the GD Infinite ...)
	NOT-FOR-US: Drupal module GD Infinite Scroll
CVE-2015-1567 (Cross-site scripting (XSS) vulnerability in the admin page in the GD ...)
	NOT-FOR-US: Drupal module GD Infinite Scroll
CVE-2015-1566 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
	NOT-FOR-US: DotNetNuke
CVE-2015-1565 (Cross-site scripting (XSS) vulnerability in the online help in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2015-1564 (Cross-site scripting (XSS) vulnerability in style-underground/search ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2015-1562 (Multiple cross-site scripting (XSS) vulnerabilities in Saurus CMS ...)
	NOT-FOR-US: Saurus CMS
CVE-2015-1561 (The escape_command function in ...)
	NOT-FOR-US: Centreon
CVE-2015-1560 (SQL injection vulnerability in the isUserAdmin function in ...)
	NOT-FOR-US: Centreon
CVE-2015-1559 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Epignosis eFront
CVE-2015-1557
	RESERVED
CVE-2015-1556
	RESERVED
CVE-2015-1555 (Zend/Session/SessionManager in Zend Framework 2.2.x before 2.2.9, ...)
	- zendframework <not-affected> (Vulnerable code not present)
	NOTE: http://framework.zend.com/security/advisory/ZF2015-01
CVE-2015-1553
	RESERVED
CVE-2015-1552
	RESERVED
CVE-2015-1551 (Directory traversal vulnerability in Aruba Networks ClearPass Policy ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1550 (Directory traversal vulnerability in Aruba Networks ClearPass Policy ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1549
	RESERVED
CVE-2015-1548 (mini_httpd 1.21 and earlier allows remote attackers to obtain ...)
	- mini-httpd 1.21-1 (bug #778925)
	[squeeze] - mini-httpd <no-dsa> (Minor issue)
	[wheezy] - mini-httpd <no-dsa> (Minor issue)
CVE-2015-1544
	RESERVED
CVE-2015-1543
	RESERVED
CVE-2015-1542
	RESERVED
CVE-2015-1541 (The AppWidgetServiceImpl implementation in ...)
	NOT-FOR-US: Android
CVE-2015-1540
	RESERVED
CVE-2015-1539 (Multiple integer underflows in the ESDS::parseESDescriptor function in ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-1538 (Integer overflow in the SampleTable::setSampleToChunkParams function ...)
	NOT-FOR-US: libstagefright in Android
CVE-2015-1537 (Integer overflow in IHDCP.cpp in the media_server component in Android ...)
	NOT-FOR-US: Android
CVE-2015-1536 (Integer overflow in the Bitmap_createFromParcel function in ...)
	NOT-FOR-US: Android
CVE-2015-1535
	RESERVED
CVE-2015-1534
	RESERVED
CVE-2015-1533
	RESERVED
CVE-2015-1532
	RESERVED
CVE-2015-1531
	RESERVED
CVE-2015-1530
	RESERVED
CVE-2015-1529 (Integer overflow in soundtrigger/ISoundTriggerHwService.cpp in Android ...)
	NOT-FOR-US: Android
CVE-2015-1528 (Integer overflow in the native_handle_create function in ...)
	NOT-FOR-US: Android
CVE-2015-1527 (Integer overflow in IAudioPolicyService.cpp in Android allows local ...)
	NOT-FOR-US: Android
CVE-2015-1526 (The media_server component in Android allows remote attackers to cause ...)
	NOT-FOR-US: Android
CVE-2015-1525
	RESERVED
CVE-2015-1524
	RESERVED
CVE-2015-1523
	RESERVED
CVE-2015-1522 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not reject ...)
	- bro 2.3.2+dfsg-1
CVE-2015-1521 (analyzer/protocol/dnp3/DNP3.cc in Bro before 2.3.2 does not properly ...)
	- bro 2.3.2+dfsg-1
CVE-2015-1520
	RESERVED
CVE-2015-1519
	RESERVED
CVE-2015-1518 (SQL injection vulnerability in the search_post function in ...)
	NOT-FOR-US: Redaxscript
CVE-2015-1517 (SQL injection vulnerability in Piwigo before 2.7.4, when all filters ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2015-1516 (Cross-site scripting (XSS) vulnerability in Polycom RealPresence ...)
	NOT-FOR-US: Polycom
CVE-2015-1515 (The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 ...)
	NOT-FOR-US: SoftSphere
CVE-2015-1514 (Multiple SQL injection vulnerabilities in FancyFon FAMOC before 3.17.4 ...)
	NOT-FOR-US: FancyFon FAMOC
CVE-2015-1513 (SQL injection vulnerability in SIPhone Enterprise PBX allows remote ...)
	NOT-FOR-US: SIPhone Enterprise PBX
CVE-2015-1512 (Multiple cross-site scripting (XSS) vulnerabilities in FancyFon FAMOC ...)
	NOT-FOR-US: FancyFon FAMOC
CVE-2015-1511
	RESERVED
CVE-2015-1510
	RESERVED
CVE-2015-1509
	RESERVED
CVE-2015-1508
	RESERVED
CVE-2015-1507
	RESERVED
CVE-2015-1506
	RESERVED
CVE-2015-1505
	RESERVED
CVE-2015-1504
	RESERVED
CVE-2015-1503 (Multiple directory traversal vulnerabilities in IceWarp Mail Server ...)
	NOT-FOR-US: Icewarp mail server
CVE-2015-1502
	RESERVED
CVE-2015-1501 (The factory.loadExtensionFactory function in ...)
	NOT-FOR-US: SolarWinds
CVE-2015-1500 (Multiple stack-based buffer overflows in the ...)
	NOT-FOR-US: SolarWinds
CVE-2015-1499 (The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 ...)
	NOT-FOR-US: Samsung Security Manager
CVE-2015-1498 (Persistent Systems Radia Client Automation does not properly restrict ...)
	NOT-FOR-US: Persistent Systems Radia Client Automation
CVE-2015-1497 (radexecd.exe in Persistent Systems Radia Client Automation (RCA) 7.9, ...)
	NOT-FOR-US: Persistent Systems Radia Client Automation
CVE-2015-1496 (Motorola Scanner SDK uses weak permissions for (1) CoreScanner.exe, ...)
	NOT-FOR-US: Motorola Scanner SDK
CVE-2015-1495 (Multiple stack-based buffer overflows in Motorola Scanner SDK allow ...)
	NOT-FOR-US: Motorola Scanner SDK
CVE-2015-1494 (The FancyBox for WordPress plugin before 3.0.3 for WordPress does not ...)
	NOT-FOR-US: FancyBox plugin for WordPress
CVE-2015-1492 (Untrusted search path vulnerability in the client in Symantec Endpoint ...)
	NOT-FOR-US: Symantec
CVE-2015-1491 (SQL injection vulnerability in the management console in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2015-1490 (Directory traversal vulnerability in the management console in ...)
	NOT-FOR-US: Symantec
CVE-2015-1489 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
	NOT-FOR-US: Symantec
CVE-2015-1488 (An unspecified action handler in the management console in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2015-1487 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
	NOT-FOR-US: Symantec
CVE-2015-1486 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
	NOT-FOR-US: Symantec
CVE-2015-1485 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
CVE-2015-1484 (Unquoted Windows search path vulnerability in the agent in Symantec ...)
	NOT-FOR-US: Symantec Workspace Streaming
CVE-2015-1483 (Symantec NetBackup OpsCenter 7.6.0.2 through 7.6.1 on Linux and UNIX ...)
	NOT-FOR-US: Symantec NetBackup OpsCenter
CVE-2014-9676 (The seg_write_packet function in libavformat/segment.c in ffmpeg 2.1.4 ...)
	{DLA-464-1}
	- ffmpeg <not-affected> (Vulnerable code not present in a ffmpeg version in the archive)
	- libav 6:11.2-1
	NOTE: Patch in http://www.openwall.com/lists/oss-security/2015/01/04/10 seem to apply for libav
	NOTE: ffmpeg: https://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=169065fbfb3da1ab776379c333aebc54bb1f1bc4
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=b3f04657368a32a9903406395f865e230b1de348
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/04/10
CVE-2014-9675 (bdf/bdflib.c in FreeType before 2.5.4 identifies property names by ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2c4832d30939b45c05757f0a05128ce64c4cacc7
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=151
CVE-2014-9674 (The Mac_Read_POST_Resource function in base/ftobjs.c in FreeType ...)
	{DSA-3461-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=153
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=240c94a185cd8dae7d03059abec8a5662c35ecd3
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=cd4a5a26e591d01494567df9dec7f72d59551f6e
CVE-2014-9673 (Integer signedness error in the Mac_Read_POST_Resource function in ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=154
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=35252ae9aa1dd9343e9f4884e9ddb1fee10ef415
CVE-2014-9672 (Array index error in the parse_fond function in base/ftmac.c in ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=155
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=18a8f0d9943369449bc4de92d411c78fb08d616c
CVE-2014-9671 (Off-by-one error in the pcf_get_properties function in pcf/pcfread.c ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=157
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=0e2f5d518c60e2978f26400d110eff178fa7e3c3
CVE-2014-9670 (Multiple integer signedness errors in the pcf_get_encodings function ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=158
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=ef1eba75187adfac750f326b563fe543dd5ff4e6
CVE-2014-9669 (Multiple integer overflows in sfnt/ttcmap.c in FreeType before 2.5.4 ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=163
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=602040b1112c9f94d68e200be59ea7ac3d104565
CVE-2014-9668 (The woff_open_font function in sfnt/sfobjs.c in FreeType before 2.5.4 ...)
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (Vulnerable code not present)
	[squeeze] - freetype <not-affected> (Vulnerable code not present)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=164
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f46add13895337ece929b18bb8f036431b3fb538
CVE-2014-9667 (sfnt/ttload.c in FreeType before 2.5.4 proceeds with offset+length ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=166
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=677ddf4f1dc1b36cef7c7ddd59a14c508f4b1891
CVE-2014-9666 (The tt_sbit_decoder_init function in sfnt/ttsbit.c in FreeType before ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=167
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=257c270bd25e15890190a28a1456e7623bba4439
CVE-2014-9665 (The Load_SBit_Png function in sfnt/pngshim.c in FreeType before 2.5.4 ...)
	{DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (Vulnerable code not present)
	[squeeze] - freetype <not-affected> (Vulnerable code not present)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=168
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=54abd22891bd51ef8b533b24df53b3019b5cee81
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=b3500af717010137046ec4076d1e1c0641e33727
CVE-2014-9664 (FreeType before 2.5.4 does not check for the end of the data during ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=183
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=73be9f9ab67842cfbec36ee99e8d2301434c84ca
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=dd89710f0f643eb0f99a3830e0712d26c7642acd
CVE-2014-9663 (The tt_cmap4_validate function in sfnt/ttcmap.c in FreeType before ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=184
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9bd20b7304aae61de5d50ac359cf27132bafd4c1
CVE-2014-9662 (cff/cf2ft.c in FreeType before 2.5.4 does not validate the return ...)
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (Vulnerable code not present)
	[squeeze] - freetype <not-affected> (Vulnerable code not present)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=185
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=5f201ab5c24cb69bc96b724fd66e739928d6c5e2
CVE-2014-9661 (type42/t42parse.c in FreeType before 2.5.4 does not consider that ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=187
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=3788187e0c396952cd7d905c6c61f3ff8e84b2b4
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=42fcd6693ec7bd6ffc65ddc63e74287a65dda669
CVE-2014-9660 (The _bdf_parse_glyphs function in bdf/bdflib.c in FreeType before ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=188
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=af8346172a7b573715134f7a51e6c5c60fa7f2ab
CVE-2014-9659 (cff/cf2intrp.c in the CFF CharString interpreter in FreeType before ...)
	- freetype 2.5.2-3 (bug #777656)
	[wheezy] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
	[squeeze] - freetype <not-affected> (vulnerable code not present and thus incomplete fix not applied as well)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=190
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=2cdc4562f873237f1c77d43540537c7a721d3fd8
	NOTE: CVE due to incomplete fix for CVE-2014-2240
CVE-2014-9658 (The tt_face_load_kern function in sfnt/ttkern.c in FreeType before ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=194
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f70d9342e65cd2cb44e9f26b6d7edeedf191fc6c
CVE-2014-9657 (The tt_face_load_hdmx function in truetype/ttpload.c in FreeType ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=195
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=eca0f067068020870a429fe91f6329e499390d55
CVE-2014-9656 (The tt_sbit_decoder_load_image function in sfnt/ttsbit.c in FreeType ...)
	{DSA-3188-1 DLA-185-1}
	- freetype 2.5.2-3 (bug #777656)
	NOTE: http://code.google.com/p/google-security-research/issues/detail?id=196
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=f0292bb9920aa1dbfed5f53861e7c7a89b35833a
CVE-2014-9679 (Integer underflow in the cupsRasterReadPixels function in ...)
	{DSA-3172-1 DLA-159-1}
	[experimental] - cups 2.0.2-1
	- cups 1.7.5-11 (bug #778387)
	NOTE: Marked with [experimental] tag as the fix is only in experimental so far
	NOTE: Switch this to regular fixed version once the fix is in unstable
	NOTE: https://www.cups.org/strfiles.php/3438/str4551.patch
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/10/15
CVE-2015-1573 (The nft_flush_table function in net/netfilter/nf_tables_api.c in the ...)
	- linux <not-affected> (Vulnerable code introduced in v3.18-rc1, never in the archive outside of experimental)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/pablo/nf.git/commit/?id=a2f18db0c68fec96631c10cad9384c196e9008ac (v3.19-rc5)
	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9ac12ef099707f405d7478009564302d7ed8393 (v3.18-rc1)
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=91441
CVE-2015-2046 (Cross-site scripting (XSS) vulnerability in MantisBT 1.2.13 and later ...)
	- mantis <removed>
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: https://github.com/mantisbt/mantisbt/commit/6defeed5 (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=19301
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/10
	NOTE: CVE for specific portion of the original May 2014 adm_config_report.php discovery
	NOTE: that remains present in version 1.2.18 and 1.2.19
CVE-2015-XXXX [fails to detect silent driver failure to change MAC]
	- macchanger 1.7.0-5.3 (bug #774898)
	[wheezy] - macchanger <no-dsa> (Minor issue)
	[squeeze] - macchanger <no-dsa> (Minor issue)
CVE-2015-9101 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME ...)
	- lame 3.99.5+repack1-6 (bug #777161)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	[squeeze] - lame <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-9100 (The fill_buffer_resample function in util.c in libmp3lame.a in LAME ...)
	- lame 3.99.5+repack1-6 (bug #777160)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	[squeeze] - lame <no-dsa> (minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-9099 (The lame_init_params function in lame.c in libmp3lame.a in LAME 3.99.5 ...)
	- lame 3.99.5+repack1-6 (bug #775959)
	[wheezy] - lame 3.99.5+repack1-3+deb7u1
	[squeeze] - lame <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/8
CVE-2015-XXXX [denial of service under memory stress]
	- libhtp 1:0.5.25-1 (bug #777522)
	[squeeze] - libhtp <no-dsa> (Minor issue)
	[wheezy] - libhtp <no-dsa> (Minor issue)
	NOTE: https://github.com/inliniac/libhtp/commit/c7c03843cd6b1cbf44eb435d160ba53aec948828
CVE-2014-9681
	REJECTED
CVE-2014-9680 (sudo before 1.8.12 does not ensure that the TZ environment variable is ...)
	{DSA-3167-1 DLA-160-1}
	- sudo 1.8.12-1 (bug #772707)
	[jessie] - sudo 1.8.10p3-1+deb8u2
	NOTE: http://www.openwall.com/lists/oss-security/2014/10/15/24
	NOTE: http://www.sudo.ws/repos/sudo/rev/650ac6938b59 (1.8.x)
	NOTE: http://www.sudo.ws/repos/sudo/rev/ac1467f71ac0 (typos)
	NOTE: http://www.sudo.ws/repos/sudo/rev/91859f613b88 (description)
	NOTE: http://www.sudo.ws/repos/sudo/rev/579b02f0dbe0 (improved description)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/12
CVE-2015-2058 (c2s/c2s.c in Jabber Open Source Server 2.3.2 and earlier truncates ...)
	- jabberd2 2.3.3-1 (bug #779154)
	NOTE: https://github.com/jabberd2/jabberd2/issues/85
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/09/13
CVE-2015-2059 (The stringprep_utf8_to_ucs4 function in libin before 1.31, as used in ...)
	{DSA-3578-1 DLA-476-1 DLA-277-1}
	- libidn 1.31-1 (medium)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/23/25
	NOTE: Patch: http://git.savannah.gnu.org/cgit/libidn.git/commit/?id=2e97c2796581c27213962c77f5a8571a598f9a2e
	NOTE: This could be attributed to a misuse of a (poorly documented) API
	NOTE: but since upstream provided a patch it makes more sense to fix
	NOTE: only libidn instead of every application using it
CVE-2015-1545 (The deref_parseCtrl function in servers/slapd/overlays/deref.c in ...)
	{DSA-3209-1 DLA-203-1}
	- openldap 2.4.40-4 (bug #776988)
	[wheezy] - openldap <no-dsa> (Minor issue)
	[squeeze] - openldap <no-dsa> (Minor issue)
	NOTE: http://www.openldap.org/its/?findid=8027
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=c32e74763f77675b9e144126e375977ed6dc562c
CVE-2015-1546 (Double free vulnerability in the get_vrFilter function in ...)
	- openldap 2.4.40-4 (bug #776991)
	[wheezy] - openldap <not-affected> (Regression introduced in 2.4.40)
	[squeeze] - openldap <not-affected> (Regression introduced in 2.4.40)
	NOTE: http://www.openldap.org/its/?findid=8046
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=2f1a2dd329b91afe561cd06b872d09630d4edb6a
CVE-2014-XXXX [RPATH set to untrusted directory]
	[experimental] - noise <unfixed> (bug #759868)
CVE-2013-XXXX [TOCTOU race when expanding JAR files]
	- libbluray 0.7.0-1 (unimportant)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/06/9
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=959433
	NOTE: libbluray is only in wheezy and later and the issue is neutered by the kernel hardening for /tmp
	NOTE: Affected code removed in 0.7.0-1
CVE-2013-7437 (Multiple integer overflows in potrace 1.11 allow remote attackers to ...)
	{DLA-675-1}
	- potrace 1.12-1 (bug #778646)
	[squeeze] - potrace <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=955808
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/12
CVE-2015-2785 (The GIF encoder in Byzanz allows remote attackers to cause a denial of ...)
	- byzanz <unfixed> (low; bug #778261)
	[stretch] - byzanz <ignored> (Minor issue)
	[jessie] - byzanz <ignored> (Minor issue)
	[wheezy] - byzanz <ignored> (Minor issue)
	[squeeze] - byzanz <ignored> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=852481
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/11
CVE-2012-6689 (The netlink_sendmsg function in net/netlink/af_netlink.c in the Linux ...)
	{DLA-246-1}
	- linux 3.6.4-1
	[wheezy] - linux 3.2.30-1
	- linux-2.6 <removed>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=848949
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/13
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=20e1db19db5d6b9e4e83021595eab0dc8f107bef (v3.6-rc5)
CVE-2012-6687 (FastCGI (aka fcgi and libfcgi) 2.4.0 allows remote attackers to cause ...)
	{DLA-431-1 DLA-430-1}
	- libfcgi 2.4.0-8.3 (bug #681591)
	[wheezy] - libfcgi 2.4.0-8.1+deb7u1
	- libfcgi-perl 0.78-2 (bug #815840)
	[jessie] - libfcgi-perl 0.77-1+deb8u1
	[wheezy] - libfcgi-perl <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/4
CVE-2015-8837 (Stack-based buffer overflow in the isofs_real_readdir function in ...)
	{DSA-3551-1 DLA-323-1}
	- fuseiso 20070708-3.2 (bug #779047)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863091
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862211
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
CVE-2015-8836 (Integer overflow in the isofs_real_read_zf function in isofs.c in ...)
	{DSA-3551-1 DLA-323-1}
	- fuseiso 20070708-3.2 (bug #779047)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=863102
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=861358
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/06/7
CVE-2010-XXXX [crash when parsing overly long links]
	- lynx-cur 2.8.8dev.4-1
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/07/2
CVE-2015-1547 (The NeXTDecode function in tif_next.c in LibTIFF allows remote ...)
	{DSA-3273-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.1 (bug #777390)
	- tiff3 <removed>
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff5.tif
	NOTE: fix in https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-1547
	NOTE: is applied in 4.0.3-13 (but please recheck this)
	NOTE: Raphael Hertzog> I could not find a way to reliably use the above reproducer. No segfault. And valgrind on "xloadimage" spits lots of warnings about use of uninitialized values with a good file and with the reproducer.
	NOTE: Still this CVE has been added to DLA-221-1 because the patch used for CVE-2014-9655 seems to include the fix for this CVE.
CVE-2015-1482 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to ...)
	NOT-FOR-US: Ansible Tower
CVE-2015-1481 (Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization ...)
	NOT-FOR-US: Ansible Tower
CVE-2015-1480 (ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2015-1479 (SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ...)
	NOT-FOR-US: ZOHO ManageEngine ServiceDesk Plus
CVE-2015-1478 (Cross-site scripting (XSS) vulnerability in the CMSJunkie ...)
	NOT-FOR-US: Joomla! plugin CMSJunkie J-ClassifiedsManager
CVE-2015-1477 (SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager ...)
	NOT-FOR-US: Joomla! plugin CMSJunkie J-ClassifiedsManager
CVE-2015-1476 (Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor ...)
	NOT-FOR-US: xlinkerz ecommerceMajor
CVE-2015-1475 (Multiple cross-site scripting (XSS) vulnerabilities in my little forum ...)
	NOT-FOR-US: My Little Forum
CVE-2015-1474 (Multiple integer overflows in the GraphicBuffer::unflatten function in ...)
	NOT-FOR-US: Android
CVE-2015-1471 (SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 ...)
	NOT-FOR-US: Pragyan CMS
CVE-2015-1470
	RESERVED
CVE-2015-1469 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
	NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-1468
	RESERVED
CVE-2015-1467 (Multiple SQL injection vulnerabilities in Translations in Fork CMS ...)
	NOT-FOR-US: Fork CMS
CVE-2015-1466
	RESERVED
CVE-2015-1464 (RT (aka Request Tracker) before 4.0.23 and 4.2.x before 4.2.10 allows ...)
	{DSA-3176-1 DLA-158-1}
	- request-tracker4 4.2.8-3
	- request-tracker3.8 <removed>
CVE-2015-1463 (ClamAV before 0.98.6 allows remote attackers to cause a denial of ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/96ff19a19eba64bdf47f2f12ecdbc5ee331c09e2
CVE-2015-1462 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
CVE-2015-1461 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
CVE-2015-1460 (Huawei Quidway switches with firmware before V200R005C00SPC300 allows ...)
	NOT-FOR-US: Huawei Quidway switches
CVE-2015-1459 (Cross-site scripting (XSS) vulnerability in Fortinet ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1458 (Fortinet FortiAuthenticator 3.0.0 allows local users to bypass ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1457 (Fortinet FortiAuthenticator 3.0.0 allows local users to read arbitrary ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1456 (Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1455 (Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the ...)
	NOT-FOR-US: Fortinet FortiAuthenticator
CVE-2015-1454 (Blue Coat ProxyClient before 3.3.3.3 and 3.4.x before 3.4.4.10 and ...)
	NOT-FOR-US: Blue Coat ProxyClient and Unified Agent
CVE-2015-1453 (The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2015-1452 (The Control and Provisioning of Wireless Access Points (CAPWAP) daemon ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1451 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2015-1450 (SQL injection vulnerability in Restaurant Biller allows remote ...)
	NOT-FOR-US: Restaurant Biller
CVE-2015-1449 (Buffer overflow in the integrated web server on Siemens Ruggedcom ...)
	NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1448 (The integrated management service on Siemens Ruggedcom WIN51xx devices ...)
	NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1447
	RESERVED
CVE-2015-1446
	RESERVED
CVE-2015-1445 (HTTP header injection in the httpd package in fli4l before 3.10.1 and ...)
	NOT-FOR-US: fli4l
CVE-2015-1444 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: fli4l
CVE-2015-1443 (The httpd package in fli4l before 3.10.1 and 4.0 before 2015-01-30 ...)
	NOT-FOR-US: fli4l
CVE-2015-1442 (SQL injection vulnerability in views/zero_transact_user.php in the ...)
	NOT-FOR-US: ZeroCMS
CVE-2015-1440
	RESERVED
CVE-2015-1439
	RESERVED
CVE-2015-1438 (Heap-based buffer overflow in Panda Security Kernel Memory Access ...)
	NOT-FOR-US: Panda
CVE-2015-1437 (Multiple cross-site scripting (XSS) vulnerabilities in Asus RT-N10+ D1 ...)
	NOT-FOR-US: Asus RT-N10+ D1 router
CVE-2015-1436 (Cross-site scripting (XSS) vulnerability in the Easing Slider plugin ...)
	NOT-FOR-US: Easing Slider plugin for WordPress
CVE-2015-1435 (Cross-site scripting (XSS) vulnerability in my little forum before ...)
	NOT-FOR-US: Little forum
CVE-2015-1434 (Multiple SQL injection vulnerabilities in my little forum before 2.3.4 ...)
	NOT-FOR-US: Little forum
CVE-2015-1429 (Directory traversal vulnerability in Cybele Software Thinfinity Remote ...)
	NOT-FOR-US: Cybele Software Thinfinity Remote Desktop Workstation
CVE-2015-1428 (Multiple SQL injection vulnerabilities in Sefrengo before 1.6.2 allow ...)
	NOT-FOR-US: Sefrengo
CVE-2015-1427 (The Groovy scripting engine in Elasticsearch before 1.3.8 and 1.4.x ...)
	- elasticsearch <not-affected> (Affects 1.3.0-1.3.7 and 1.4.0-1.4.2, vulnerable code not present)
	NOTE: http://seclists.org/bugtraq/2015/Feb/92
	NOTE: Problem in the Groovy scripting engine.
CVE-2015-1426 (Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains ...)
	- facter 2.4.4-1 (bug #778265)
	[jessie] - facter <no-dsa> (Minor issue)
	[squeeze] - facter <not-affected> (Uses version 2008-02-01 of the EC2 API which does not expose security credentials)
	[wheezy] - facter <no-dsa> (Minor issue)
	NOTE: http://puppetlabs.com/security/cve/cve-2015-1426
	NOTE: https://tickets.puppetlabs.com/browse/FACT-800
	NOTE: The assessment for Squeeze being unaffected is based on the fact that the code accesses http://169.254.169.254/2008-02-01/meta-data/ and that http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html mentions the iam/security-credentials/role key as being introduced in version 2012-01-12.
CVE-2015-1493 (Directory traversal vulnerability in the min_get_slash_argument ...)
	- moodle 2.7.5+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git;a=commit;h=af9a7937cc085f96bdbc4724cadec6eeae0242fc
CVE-2015-XXXX [Invalid read in ensure_filepath]
	- libmspack 0.5-1
	- cabextract 1.4-5
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2015-XXXX [Invalid read in create_output_name]
	- libmspack 0.5-1
	- cabextract 1.4-5
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/02/03/12
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2014-9655 (The (1) putcontig8bitYCbCr21tile function in tif_getimage.c or (2) ...)
	{DSA-3273-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.1 (bug #777390)
	- tiff3 <removed>
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-1.tif
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/libtiff-cvs-2.tif
CVE-2014-9654 (The Regular Expressions package in International Components for ...)
	{DSA-3187-1 DLA-219-1}
	- icu 52.1-7.1 (bug #776719)
	NOTE: https://ssl.icu-project.org/trac/changeset/36801
	NOTE: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5
CVE-2014-9653 (readelf.c in file before 5.22, as used in the Fileinfo component in ...)
	{DSA-3196-1 DLA-204-1}
	- file 1:5.22+15-1 (bug #777585)
	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
	NOTE: http://bugs.gw.com/view.php?id=409
	NOTE: http://mx.gw.com/pipermail/file/2014/001649.html
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/04/13
CVE-2015-1465 (The IPv4 implementation in the Linux kernel before 3.18.8 does not ...)
	- linux 3.16.7-ckt7-1
	[wheezy] - linux <not-affected> (Introduced in 3.16)
	- linux-2.6 <not-affected> (Introduced in 3.16)
	NOTE: Upstream patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0 (v3.19-rc7)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/02/2
CVE-2015-1473 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka ...)
	{DSA-3169-1 DLA-165-1}
	- glibc 2.19-15 (bug #777197)
	- eglibc <removed>
	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
	NOTE: the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
CVE-2015-1472 (The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka ...)
	{DSA-3169-1 DLA-165-1}
	- glibc 2.19-15 (bug #777197)
	- eglibc <removed>
	[squeeze] - eglibc <not-affected> (Vulnerable code not present)
	NOTE: Bug: https://sourceware.org/bugzilla/show_bug.cgi?id=16618
	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5bd80bfe9ca0d955bfbbc002781bc7b01b6bcb06
	NOTE: This was introduced by https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=3f8cc204fdd0 (2.15),
	NOTE: the patch was backported into wheezy (patches/any/cvs-vfscanf.diff), but not squeeze
CVE-2015-XXXX [Infinite loop in patch]
	- patch 2.7.4-1 (low; bug #776271)
	[squeeze] - patch <no-dsa> (Minor issue)
	[wheezy] - patch <no-dsa> (Minor issue)
	NOTE: Different from CVE-2014-9637
CVE-2015-1441 (SQL injection vulnerability in Piwigo before 2.5.6, 2.6.x before ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
	NOTE: http://piwigo.org/releases/2.7.3
CVE-2015-1433 (program/lib/Roundcube/rcube_washtml.php in Roundcube before 1.0.5 does ...)
	{DLA-613-1}
	- roundcube 0.9.5+dfsg1-4.2 (low; bug #776700)
	[wheezy] - roundcube <no-dsa> (Minor issue)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2015-1432 (The message_options function in includes/ucp/ucp_pm_options.php in ...)
	- phpbb3 3.0.12-4 (low; bug #776699)
	[wheezy] - phpbb3 3.0.10-4+deb7u2
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
	NOTE: https://tracker.phpbb.com/browse/PHPBB3-13526
CVE-2015-1431 (Cross-site scripting (XSS) vulnerability in includes/startup.php in ...)
	- phpbb3 3.0.12-4 (low; bug #776699)
	[wheezy] - phpbb3 3.0.10-4+deb7u2
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
	NOTE: https://tracker.phpbb.com/browse/PHPBB3-13531
CVE-2015-1430 (Buffer overflow in xymon 4.3.17-1. ...)
	- xymon 4.3.17-5 (low; bug #776007)
	[squeeze] - xymon <not-affected> (Vulnerable code not present)
	[wheezy] - xymon <not-affected> (Vulnerable code not present)
	NOTE: Upstream patch: http://sourceforge.net/p/xymon/code/7483/
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/30/17
CVE-2015-1425
	RESERVED
CVE-2015-1424 (Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and ...)
	NOT-FOR-US: Gecko CMS
CVE-2015-1423 (Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow ...)
	NOT-FOR-US: Gecko CMS
CVE-2015-1422 (Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 ...)
	NOT-FOR-US: Gecko CMS
CVE-2015-XXXX [symlink directory traversal]
	- unrar-nonfree 1:5.2.7-0.1 (bug #774171)
	[wheezy] - unrar-nonfree 1:4.1.4-1+deb7u1
	[squeeze] - unrar-nonfree <no-dsa> (Non-free not supported)
CVE-2014-9983 (Directory Traversal exists in RAR 4.x and 5.x because an unpack ...)
	- rar 2:5.3.b2-1 (bug #774172)
	[jessie] - rar <no-dsa> (Non-free not supported)
	[wheezy] - rar <no-dsa> (Non-free not supported)
	[squeeze] - rar <no-dsa> (Not fixed upstream and license does not allow modification)
	NOTE: Version 5.21 upstream changes behaviour: by default rar skips symbolic links
	NOTE: symbolic links with absolute paths in link target when extracting.
CVE-2015-1589 (Directory traversal vulnerability in arCHMage 0.2.4 allows remote ...)
	- archmage 1:0.2.4-4 (bug #776164)
	[squeeze] - archmage <no-dsa> (Minor issue)
	[wheezy] - archmage <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/12/9
CVE-2015-1419 (Unspecified vulnerability in vsftpd 3.0.2 and earlier allows remote ...)
	- vsftpd 3.0.2-18 (unimportant; bug #776922)
	[jessie] - vsftpd 3.0.2-17+deb8u1
	NOTE: http://seclists.org/oss-sec/2015/q1/389
	NOTE: Not a real security feature according the manpage and upstream
CVE-2015-1418 (The do_ed_script function in pch.c in GNU patch through 2.7.6, and ...)
	NOT-FOR-US: patch as used in FreeBSD specifically
CVE-2018-1000156 (GNU Patch version 2.7.6 contains an input validation vulnerability ...)
	{DLA-1348-1}
	- patch 2.7.6-2 (bug #894993)
	[stretch] - patch <no-dsa> (Can be fixed via point release)
	[jessie] - patch <no-dsa> (Can be fixed via point release)
	NOTE: Upstream bug: https://savannah.gnu.org/bugs/?53566
	NOTE: https://rachelbythebay.com/w/2018/04/05/bangpatch/
	NOTE: https://twitter.com/kurtseifried/status/982028968877436928
	NOTE: This CVE is specifically for GNU patch and relates to CVE-2015-1418
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=123eaff0d5d1aebe128295959435b9ca5909c26d
	NOTE: Respective patch in FreeBSD: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:18.bsdpatch.asc
	NOTE: Respective patch in OpenBSD: https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig
	NOTE: wheezy patch adds a testcase
CVE-2015-1417 (The inet module in FreeBSD 10.2x before 10.2-PRERELEASE, ...)
	- kfreebsd-10 10.2-1 (unimportant)
	NOTE: kfreebsd not covered by security support in Jessie
CVE-2015-1416 (Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ...)
	- patch 2.5-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/08/02/6
	NOTE: CVE assignment applies as well to GNU patch before 2.3 and 2.2.5
CVE-2015-1415 (The bsdinstall installer in FreeBSD 10.x before 10.1 p9, when ...)
	NOT-FOR-US: FreeBSD installer
CVE-2015-1414 (Integer overflow in FreeBSD before 8.4 p24, 9.x before 9.3 p10. 10.0 ...)
	{DSA-3175-2 DSA-3175-1}
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-4 (bug #779195)
	- kfreebsd-9 <removed> (bug #779201)
	- kfreebsd-8 <removed> (bug #779202)
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:04.igmp.asc
CVE-2015-1413
	RESERVED
CVE-2015-1412
	RESERVED
CVE-2015-1411
	RESERVED
CVE-2015-1410
	RESERVED
CVE-2015-1409
	RESERVED
CVE-2015-1408
	RESERVED
CVE-2015-1407
	RESERVED
CVE-2015-1406
	RESERVED
CVE-2015-1400 (SQL injection vulnerability in search.php in NPDS Revolution 13 allows ...)
	NOT-FOR-US: NPDS Revolution
CVE-2015-1399 (PHP remote file inclusion vulnerability in the fetchView function in ...)
	NOT-FOR-US: Magento
CVE-2015-1398 (Multiple directory traversal vulnerabilities in Magento Community ...)
	NOT-FOR-US: Magento
CVE-2015-1397 (SQL injection vulnerability in the getCsvFile function in the ...)
	NOT-FOR-US: Magento
CVE-2015-1394
	RESERVED
	NOT-FOR-US: WordPress plugin photo-gallery
CVE-2015-1393 (SQL injection vulnerability in the Photo Gallery plugin before 1.2.11 ...)
	NOT-FOR-US: WordPress plugin photo-gallery
CVE-2015-1392 (Multiple SQL injection vulnerabilities in Aruba Networks ClearPass ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1391
	RESERVED
CVE-2015-1390
	RESERVED
CVE-2015-1389 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass ...)
	NOT-FOR-US: Aruba Networks CPPM
CVE-2015-1388 (The &quot;RAP console&quot; feature in ArubaOS 5.x through 6.2.x, 6.3.x before ...)
	NOT-FOR-US: ArubaOS
CVE-2015-1387
	RESERVED
CVE-2015-1385 (Cross-site scripting (XSS) vulnerability in the Blubrry PowerPress ...)
	NOT-FOR-US: WordPress plugin powerpress
CVE-2015-1384 (Cross-site scripting (XSS) vulnerability in the Banner Effect Header ...)
	NOT-FOR-US: Banner Effect Header plugin for WordPress
CVE-2015-1383 (Cross-site scripting (XSS) vulnerability in the geo search widget in ...)
	NOT-FOR-US: WordPress plugin geo-mashup
CVE-2015-1376 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...)
	NOT-FOR-US: WordPress plugin Pixabay Images
CVE-2015-1375 (pixabay-images.php in the Pixabay Images plugin before 2.4 for ...)
	NOT-FOR-US: WordPress plugin Pixabay Images
CVE-2015-1374 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1373 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1372 (SQL injection vulnerability in ferretCMS 1.0.4-alpha allows remote ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1371 (Unrestricted file upload vulnerability in ferretCMS 1.0.4-alpha allows ...)
	NOT-FOR-US: ferretCMS
CVE-2015-1368 (Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower ...)
	NOT-FOR-US: Ansible Tower
CVE-2015-1367 (SQL injection vulnerability in index.php in CatBot 0.4.2 allows remote ...)
	NOT-FOR-US: CatBot
CVE-2015-1366 (Cross-site scripting (XSS) vulnerability in pixabay-images.php in the ...)
	NOT-FOR-US: Wordpress plugin Pixabay Images
CVE-2015-1365 (Directory traversal vulnerability in pixabay-images.php in the Pixabay ...)
	NOT-FOR-US: Wordpress plugin Pixabay Images
CVE-2015-1364 (SQL injection vulnerability in the getProfile function in ...)
	NOT-FOR-US: Free Reprintables ArticleFR
CVE-2015-1363 (Cross-site scripting (XSS) vulnerability in Free Reprintables ...)
	NOT-FOR-US: ArticleFR
CVE-2015-1362 (Buffer overflow in the Customize 35mm tab in Two Pilots Exif Pilot ...)
	NOT-FOR-US: Exif Pilot
CVE-2015-1361 (platform/image-decoders/ImageFrame.h in Blink, as used in Google ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1360 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1359 (Multiple off-by-one errors in fpdfapi/fpdf_font/font_int.h in PDFium, ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1358 (The remote-management module in the (1) Multi Panels, (2) Comfort ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2015-1357 (Siemens Ruggedcom WIN51xx devices with firmware before SS4.4.4624.35, ...)
	NOT-FOR-US: Siemens Ruggedcom
CVE-2015-1356 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 determines a user's ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2015-1355 (Siemens SIMATIC STEP 7 (TIA Portal) before 13 SP1 uses a weak ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2014-9648 (components/navigation_interception/intercept_navigation_resource_throttle.cc ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2014-9647 (Use-after-free vulnerability in PDFium, as used in Google Chrome ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-9646 (Unquoted Windows search path vulnerability in the ...)
	- chromium-browser <not-affected> (Windows specific problem for chromium-browser)
CVE-2015-1563 (The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows ...)
	- xen 4.4.1-7 (low; bug #776319)
	[wheezy] - xen <not-affected> (Only affects 4.4 and later on arm)
	[squeeze] - xen <not-affected> (Only affects 4.4 and later on arm)
CVE-2015-1558 (Asterisk Open Source 12.x before 12.8.1 and 13.x before 13.1.1, when ...)
	- asterisk 1:13.1.0~dfsg-1.1 (bug #780601)
	[jessie] - asterisk <not-affected> (Only affects 12.x and 13.x)
	[wheezy] - asterisk <not-affected> (Only affects 12.x and 13.x)
	[squeeze] - asterisk <not-affected> (Only affects 12.x and 13.x)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24666
	NOTE: http://downloads.digium.com/pub/security/AST-2015-001.html
CVE-2013-7449 (The ssl_do_connect function in common/server.c in HexChat before ...)
	- xchat 2.8.8-10 (bug #776609)
	[jessie] - xchat <no-dsa> (Minor issue)
	[wheezy] - xchat <no-dsa> (Minor issue)
	[squeeze] - xchat <no-dsa> (Minor issue)
	- xchat-gnome <removed> (bug #829730)
	[wheezy] - xchat-gnome <no-dsa> (Minor issue)
	[squeeze] - xchat-gnome <no-dsa> (Minor issue)
	- hexchat 2.10.2-1 (bug #818009)
	[jessie] - hexchat 2.10.1-1+deb8u1
	NOTE: https://github.com/hexchat/hexchat/issues/524
	NOTE: https://github.com/hexchat/hexchat/commit/c9b63f7f9be01692b03fa15275135a4910a7e02d (v2.12.0)
	NOTE: https://github.com/hexchat/hexchat/commit/c99f2ba645d1f4d01d6d2bb0cc1238825e15c604 (v2.10.2)
CVE-2013-7426 (Insecure Temporary file vulnerability in /tmp/kamailio_fifo in ...)
	- kamailio 4.0.2-1 (bug #712083)
CVE-2013-7424 (The getaddrinfo function in glibc before 2.15, when compiled with ...)
	{DSA-3169-1 DLA-165-1}
	- glibc 2.15-1
	- eglibc 2.15-1
	NOTE: http://seclists.org/oss-sec/2015/q1/306
	NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=2e96f1c7
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=981942
CVE-2015-1421 (Use-after-free vulnerability in the sctp_assoc_update function in ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt4-3
	- linux-2.6 <removed>
	NOTE: Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=600ddd6825543962fb807884169e57b580dba208
CVE-2015-1420 (Race condition in the handle_to_path function in fs/fhandle.c in the ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt7-1
	- linux-2.6 <not-affected> (Introduced in 2.6.39)
	NOTE: http://marc.info/?l=linux-kernel&m=142247707318982&w=2
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=161f873b89136eb1e69477c847d5a5033239d9ba (v4.1-rc7)
CVE-2015-1405 (SQL injection vulnerability in the Content Rating Extbase extension ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1404 (Cross-site scripting (XSS) vulnerability in the Content Rating Extbase ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1403 (SQL injection vulnerability in the Content Rating extension 1.0.3 and ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1402 (Cross-site scripting (XSS) vulnerability in the Content Rating ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1401 (Improper Authentication vulnerability in the &quot;LDAP / SSO ...)
	NOT-FOR-US: typo3 extension
CVE-2015-1554 (kgb-bot 1.33-2 allows remote attackers to cause a denial of service ...)
	- kgb-bot <unfixed> (low; bug #776424)
	[stretch] - kgb-bot <ignored> (Minor issue)
	[jessie] - kgb-bot <ignored> (Minor issue)
	[wheezy] - kgb-bot <ignored> (Minor issue)
CVE-2015-1369 (SQL injection vulnerability in Sequelize before 2.0.0-rc7 for Node.js ...)
	NOT-FOR-US: sequelize
CVE-2015-1354
	RESERVED
CVE-2015-1349 (named in ISC BIND 9.7.0 through 9.9.6 before 9.9.6-P2 and 9.10.x ...)
	{DSA-3162-1 DLA-163-1}
	- bind9 1:9.9.5.dfsg-9 (low; bug #778733)
CVE-2015-1348 (Heap-based buffer overflow in Aruba Instant (IAP) with firmware before ...)
	NOT-FOR-US: Aruba Instant
CVE-2015-1347 (Cross-site scripting (XSS) vulnerability in client.inc.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2015-1344 (The do_write_pids function in lxcfs.c in LXCFS before 0.12 does not ...)
	- lxcfs <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1512854
CVE-2015-1343
	RESERVED
CVE-2015-1342 (LXCFS before 0.12 does not properly enforce directory escapes, which ...)
	- lxcfs <not-affected> (Fixed before initial upload to the archive)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/lxcfs/+bug/1508481
CVE-2015-1341
	RESERVED
CVE-2015-1340
	RESERVED
CVE-2015-1339 (Memory leak in the cuse_channel_release function in fs/fuse/cuse.c in ...)
	- linux 4.4.2-1
	[jessie] - linux <not-affected> (Vulnerable code introduced in v4.2-rc1)
	[wheezy] - linux <not-affected> (Vulnerable code introduced in v4.2-rc1)
	NOTE: Introduced in: https://git.kernel.org/linus/cc080e9e9be16ccf26135d366d7d2b65209f1d56 (v4.2-rc1)
	NOTE: Fixed in: https://git.kernel.org/linus/2c5816b4beccc8ba709144539f6fdd764f8fa49c (v4.4-rc5)
CVE-2015-1338 (kernel_crashdump in Apport before 2.19 allows local users to cause a ...)
	[experimental] - apport <unfixed>
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, as we have an explicit (bug) reference for apport
CVE-2015-1337 (Simple Streams (simplestreams) does not properly verify the GPG ...)
	NOT-FOR-US: simplestreams
CVE-2015-1336 (The daily mandb cleanup job in Man-db before 2.7.6.1-1 as packaged in ...)
	- man-db 2.7.6-1 (bug #840357)
	[jessie] - man-db <no-dsa> (Minor issue)
	[wheezy] - man-db <no-dsa> (Minor issue)
	[squeeze] - man-db <no-dsa> (Not exploitable in practice)
	NOTE: http://www.halfdog.net/Security/2015/MandbSymlinkLocalRootPrivilegeEscalation/
	NOTE: https://bugs.launchpad.net/ubuntu/+source/man-db/+bug/1482786
CVE-2015-1335 (lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local ...)
	{DSA-3400-1 DLA-442-1}
	- lxc 1:1.0.8-1 (bug #800471)
	[wheezy] - lxc <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1476662
	NOTE: https://github.com/lxc/lxc/commit/592fd47a6245508b79fe6ac819fe6d3b2c1289be
	NOTE: https://lists.linuxcontainers.org/pipermail/lxc-devel/2015-September/012434.html
CVE-2015-1334 (attach.c in LXC 1.1.2 and earlier uses the proc filesystem in a ...)
	{DSA-3317-1}
	- lxc 1:1.0.7-4 (bug #793298)
	[wheezy] - lxc <not-affected> (Affects 0.9.0 and higher)
	[squeeze] - lxc <not-affected> (Affects 0.9.0 and higher)
CVE-2015-1333 (Memory leak in the __key_link_end function in security/keys/keyring.c ...)
	- linux 4.1.3-1
	[jessie] - linux 3.16.7-ckt11-1+deb8u3
	[wheezy] - linux <not-affected> (Introduced in 3.13)
	- linux-2.6 <not-affected> (Introduced in 3.13)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=034faeb9ef390d58239e1dce748143f6b35a0d9b (v3.13-rc1)
CVE-2015-1332 (The oxide::JavaScriptDialogManager function in oxide-qt before 1.9.1 ...)
	NOT-FOR-US: oxide-qt
	NOTE: The JavaScriptDialogManager exists as well for chromium-browser, but this
	NOTE: CVE seem specific assigned for an issue in oxide::JavaScriptDialogManager
CVE-2015-1331 (lxclock.c in LXC 1.1.2 and earlier allows local users to create ...)
	{DSA-3317-1}
	- lxc 1:1.0.7-4 (bug #793298)
	[wheezy] - lxc <not-affected> (Affects 1.0.0 and higher)
	[squeeze] - lxc <not-affected> (Affects 1.0.0 and higher)
CVE-2015-1330 (unattended-upgrades before 0.86.1 does not properly authenticate ...)
	{DSA-3297-1 DLA-267-1}
	- unattended-upgrades 0.86.1
CVE-2015-1329 (Use-after-free vulnerability in oxide::qt::URLRequestDelegatedJob in ...)
	NOT-FOR-US: Oxide-QT
CVE-2015-1328 (The overlayfs implementation in the linux (aka Linux kernel) package ...)
	- linux <not-affected> (Ubuntu-specific flaw, overlayfs mounts restricted to privileged users in Debian)
	- linux-2.6 <not-affected> (Ubuntu-specific flaw, overlayfs mounts restricted to privileged users in Debian)
	NOTE: http://seclists.org/oss-sec/2015/q2/717
	NOTE: https://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1328.html
	NOTE: https://git.launchpad.net/~ubuntu-kernel/ubuntu/+source/linux/+git/vivid/commit/?id=78ec4549
CVE-2015-1327
	RESERVED
CVE-2015-1326 [arbitrary code execution or file overwrite when templates are loaded from /tmp]
	RESERVED
	- python-dbusmock 0.15.1-1 (bug #786858)
	[jessie] - python-dbusmock 0.11.4-1+deb8u1
	NOTE: https://bugs.launchpad.net/python-dbusmock/+bug/1453815
CVE-2015-1325 (Race condition in Apport before 2.17.2-0ubuntu1.1 as packaged in ...)
	[experimental] - apport 2.17.3-1
CVE-2015-1324 (Apport before 2.17.2-0ubuntu1.1 as packaged in Ubuntu 15.04, before ...)
	[experimental] - apport 2.17.3-1
CVE-2015-1323 (The simulate dbus method in aptdaemon before 1.1.1+bzr982-0ubuntu3.1 ...)
	{DLA-261-1}
	- aptdaemon 1.1.1+bzr982-1 (bug #789162)
	[jessie] - aptdaemon 1.1.1-4+deb8u1
	[wheezy] - aptdaemon 0.45-2+deb7u1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/aptdaemon/+bug/1449587
CVE-2015-1322 (Directory traversal vulnerability in the Ubuntu network-manager ...)
	- network-manager <not-affected> (Ubuntu specific patch)
	NOTE: http://www.ubuntu.com/usn/usn-2581-1
	NOTE: https://bazaar.launchpad.net/~phablet-team/network-manager/ofono-format-cleanup/view/head:/debian/patches/add_ofono_settings_support.patch
CVE-2015-1321 (Use-after-free vulnerability in the file picker implementation in ...)
	NOT-FOR-US: Oxide
CVE-2015-1320
	RESERVED
CVE-2015-1319 (The Unity Settings Daemon before 14.04.0+14.04.20150825-0ubuntu2 and ...)
	- unity <itp> (bug #609278)
CVE-2015-1318 (The crash reporting feature in Apport 2.13 through 2.17.x before ...)
	[experimental] - apport <unfixed>
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, as we have an explicit (bug) reference for apport
CVE-2015-1317 (Use-after-free vulnerability in Oxide before 1.5.6 and 1.6.x before ...)
	NOT-FOR-US: Oxide
CVE-2015-1316
	RESERVED
CVE-2015-1315 (Buffer overflow in the charset_to_intern function in unix/unix.c in ...)
	- unzip <not-affected> (*-unzip60-alt-iconv-utf8 patch not applied in Debian)
CVE-2015-1314 (The USAA Mobile Banking application before 7.10.1 for Android displays ...)
	NOT-FOR-US: USAA Mobile Banking application for Android
CVE-2015-1313
	RESERVED
CVE-2015-1312 (The Dealer Portal in SAP ERP does not properly restrict access, which ...)
	NOT-FOR-US: SAP
CVE-2015-1311 (The Extended Application Services (XS) in SAP HANA allows remote ...)
	NOT-FOR-US: SAP
CVE-2015-1310 (SQL injection vulnerability in SAP Adaptive Server Enterprise (Sybase ...)
	NOT-FOR-US: SAP
CVE-2015-1309 (XML external entity vulnerability in the Extended Computer Aided Test ...)
	NOT-FOR-US: SAP
CVE-2015-1305 (McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows ...)
	NOT-FOR-US: McAfee Data Loss Prevention Endpoint
CVE-2014-9643 (K7Sentry.sys in K7 Computing Ultimate Security, Anti-Virus Plus, and ...)
	NOT-FOR-US: K7 components for Windows
CVE-2014-9642 (bdagent.sys in BullGuard Antivirus, Internet Security, Premium ...)
	NOT-FOR-US: BullGuard components
CVE-2014-9641 (The tmeext.sys driver before 2.0.0.1015 in Trend Micro Antivirus Plus, ...)
	NOT-FOR-US: Trend Micro
CVE-2014-9633 (The bdisk.sys driver in COMODO Backup before 4.4.1.23 allows remote ...)
	NOT-FOR-US: COMODO Backup
CVE-2014-9632 (The TDI driver (avgtdix.sys) in AVG Internet Security before 2013.3495 ...)
	NOT-FOR-US: AVG
CVE-2015-1386 (Directory traversal vulnerability in unshield 1.0-1. ...)
	- unshield 1.4-1 (low; bug #776193)
	[jessie] - unshield <no-dsa> (Minor issue)
	[wheezy] - unshield <no-dsa> (Minor issue)
	[squeeze] - unshield <no-dsa> (Minor issue)
	NOTE: https://github.com/twogood/unshield/issues/42
CVE-2015-1382 (parsers.c in Privoxy before 3.0.23 allows remote attackers to cause a ...)
	{DSA-3145-1 DLA-142-1}
	- privoxy 3.0.21-7 (bug #776490)
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/parsers.c?r1=1.297&r2=1.298
CVE-2015-1381 (Multiple unspecified vulnerabilities in pcrs.c in Privoxy before ...)
	{DSA-3145-1 DLA-142-1}
	- privoxy 3.0.21-7 (bug #776490)
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/pcrs.c?r1=1.46&r2=1.47
CVE-2015-1380 (jcc.c in Privoxy before 3.0.23 allows remote attackers to cause a ...)
	- privoxy 3.0.21-7 (bug #776490)
	[wheezy] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
	[squeeze] - privoxy <not-affected> (Vulnerable code introduced in 3.0.20)
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/jcc.c?r1=1.433&r2=1.434
CVE-2015-1379 (The signal handler implementations in socat before 1.7.3.0 and ...)
	- socat 1.7.2.4-2 (bug #776234)
	[wheezy] - socat <no-dsa> (Minor issue)
	[squeeze] - socat <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/6
	NOTE: Upstream advisory: http://www.dest-unreach.org/socat/contrib/socat-secadv6.txt
CVE-2015-1378 (cmdlineopts.clp in grml-debootstrap in Debian 0.54, 0.68.x before ...)
	- grml-debootstrap 0.68.1 (low; bug #776502)
	[wheezy] - grml-debootstrap <no-dsa> (Minor issue)
	NOTE: https://github.com/grml/grml-debootstrap/issues/59
CVE-2015-1377 (The Read Mail module in Webmin 1.720 allows local users to read ...)
	NOT-FOR-US: Webmin
CVE-2015-1395 (Directory traversal vulnerability in GNU patch versions which support ...)
	- patch 2.7.3-1 (bug #775873)
	[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
	[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
	NOTE: Upstream report: https://savannah.gnu.org/bugs/?44059
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/2
CVE-2015-1370 (Incomplete blacklist vulnerability in marked 0.3.2 and earlier for ...)
	- node-marked 0.3.6+dfsg-1 (unimportant)
	NOTE: https://nodesecurity.io/advisories/marked_vbscript_injection
	NOTE: https://github.com/chjj/marked/issues/492
	NOTE: libv8 is not covered by security support
CVE-2013-7423 (The send_dg function in resolv/res_send.c in GNU C Library (aka glibc ...)
	{DLA-165-1}
	- glibc 2.19-1 (bug #722075)
	[wheezy] - eglibc 2.13-38+deb7u5
	- eglibc <removed>
	NOTE: Fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=f9d2d03254a58d92635a311a42253eeed5a40a47
	NOTE: Upstream report: https://sourceware.org/bugzilla/show_bug.cgi?id=15946
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/28/16
CVE-2013-7421 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
	NOTE: https://lkml.org/lkml/2013/3/4/70
	NOTE: https://plus.google.com/+MathiasKrause/posts/PqFCo4bfrWu
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5d26a105b5a7 (v3.19-rc1)
CVE-2014-9644 (The Crypto API in the Linux kernel before 3.18.5 allows local users to ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in v2.6.38-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4943ba16bbc2 (v3.19-rc1)
CVE-2014-9645 (The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 ...)
	- busybox 1:1.22.0-15 (low; bug #776186)
	[jessie] - busybox <no-dsa> (Minor issue)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
	NOTE: https://bugs.busybox.net/show_bug.cgi?id=7652
	NOTE: http://git.busybox.net/busybox/commit/?id=4e314faa0aecb66717418e9a47a4451aec59262b
CVE-2013-7422 (Integer underflow in regcomp.c in Perl before 5.20, as used in Apple ...)
	- perl 5.20.0-1 (bug #776046)
	[wheezy] - perl <no-dsa> (Minor issue)
	[squeeze] - perl <no-dsa> (Minor issue)
	NOTE: https://rt.perl.org/Public/Bug/Display.html?id=119505
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/23/9
CVE-2015-1304 (object-observe.js in Google V8, as used in Google Chrome before ...)
	{DSA-3376-1}
	- chromium-browser 45.0.2454.101-1
	[jessie] - chromium-browser <no-dsa> (minor issue)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-1303 (bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome ...)
	{DSA-3376-1}
	- chromium-browser 45.0.2454.101-1
	[jessie] - chromium-browser <no-dsa> (minor issue)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1302 (The PDF viewer in Google Chrome before 46.0.2490.86 does not properly ...)
	{DSA-3415-1}
	- chromium-browser 47.0.2526.73-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.de/2015/11/stable-channel-update.html
CVE-2015-1301 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1300 (The FrameFetchContext::updateTimingInfoForIFrameNavigation function in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1299 (Use-after-free vulnerability in the shared-timer implementation in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1298 (The RuntimeEventRouter::OnExtensionUninstalled function in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1297 (The WebRequest API implementation in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1296 (The UnescapeURLWithAdjustmentsImpl implementation in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1295 (Multiple use-after-free vulnerabilities in the PrintWebViewHelper ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1294 (Use-after-free vulnerability in the SkMatrix::invertNonIdentity ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1293 (The DOM implementation in Blink, as used in Google Chrome before ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1292 (The NavigatorServiceWorker::serviceWorker function in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1291 (The ContainerNode::parserRemoveChild function in ...)
	{DSA-3351-1}
	- chromium-browser 45.0.2454.85-1 (low)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1290 (The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and ...)
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-1289 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1288 (The Spellcheck API implementation in Google Chrome before 44.0.2403.89 ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1287 (Blink, as used in Google Chrome before 44.0.2403.89, enables a ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1286 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1285 (The XSSAuditor::canonicalize function in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1284 (The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1283 (Multiple integer overflows in the XML_GetBuffer function in Expat ...)
	{DSA-3318-1 DSA-3315-1 DLA-281-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- expat 2.1.0-7 (bug #793484)
	NOTE: Patch: https://hg.mozilla.org/releases/mozilla-esr31/rev/2f3e78643f5c
CVE-2015-1282 (Multiple use-after-free vulnerabilities in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1281 (core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1280 (SkPictureShader.cpp in Skia, as used in Google Chrome before ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1279 (Integer overflow in the CJBig2_Image::expand function in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1278 (content/browser/web_contents/web_contents_impl.cc in Google Chrome ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1277 (Use-after-free vulnerability in the accessibility implementation in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1276 (Use-after-free vulnerability in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1275 (Cross-site scripting (XSS) vulnerability in ...)
	- chromium-browser <not-affected> (Android-specific)
CVE-2015-1274 (Google Chrome before 44.0.2403.89 does not ensure that the auto-open ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1273 (Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1272 (Use-after-free vulnerability in the GPU process implementation in ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1271 (PDFium, as used in Google Chrome before 44.0.2403.89, does not ...)
	{DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1270 (The ucnv_io_getConverterName function in common/ucnv_io.cpp in ...)
	{DSA-3360-1 DSA-3315-1}
	- chromium-browser 44.0.2403.89-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 55.1-5 (bug #798647)
	[wheezy] - icu <not-affected> (code in ucnv_io_getConverterName not present, introduced in 49.x)
	[squeeze] - icu <not-affected> (code in ucnv_io_getConverterName not present, introduced in 49.x)
	NOTE: http://bugs.icu-project.org/trac/ticket/11696
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37486/
CVE-2015-1269 (The DecodeHSTSPreloadRaw function in ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1268 (bindings/scripts/v8_types.py in Blink, as used in Google Chrome before ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1267 (Blink, as used in Google Chrome before 43.0.2357.130, does not ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1266 (content/browser/webui/content_web_ui_controller_factory.cc in Google ...)
	{DSA-3315-1}
	- chromium-browser 43.0.2357.130-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1265 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1264 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1263 (The Spellcheck API implementation in Google Chrome before 43.0.2357.65 ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1262 (platform/fonts/shaping/HarfBuzzShaper.cpp in Blink, as used in Google ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1261 (android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1260 (Multiple use-after-free vulnerabilities in ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1259 (PDFium, as used in Google Chrome before 43.0.2357.65, does not ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1258 (Google Chrome before 43.0.2357.65 relies on libvpx code that was not ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libvpx 1.4.0-4 (unimportant)
	[wheezy] - libvpx <not-affected> (vp9 code introduced in 1.3.0)
	[squeeze] - libvpx <not-affected> (vp9 code not present in 0.9.1)
	NOTE: That's not a vulnerability in libvpx per se
	NOTE: 1.4.0-4 adds the workaround to configure with --size-limit=16384x16384
	NOTE: https://github.com/webmproject/libvpx/commit/943e43273b0a7369d07714e7fd2e19fecfb11c7c
CVE-2015-1257 (platform/graphics/filters/FEColorMatrix.cpp in the SVG implementation ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1256 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1255 (Use-after-free vulnerability in ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1254 (core/dom/Document.cpp in Blink, as used in Google Chrome before ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1253 (core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1252 (common/partial_circular_buffer.cc in Google Chrome before 43.0.2357.65 ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1251 (Use-after-free vulnerability in the SpeechRecognitionClient ...)
	{DSA-3267-1}
	- chromium-browser 43.0.2357.65-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1250 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3242-1}
	- chromium-browser 42.0.2311.135-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html
CVE-2015-1249 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1248 (The FileSystem API in Google Chrome before 40.0.2214.91 allows remote ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1247 (The SearchEngineTabHelper::OnPageHasOSDD function in ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1246 (Blink, as used in Google Chrome before 42.0.2311.90, allows remote ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1245 (Use-after-free vulnerability in the OpenPDFInReaderView::Update ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1244 (The URLRequest::GetHSTSRedirect function in url_request/url_request.cc ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1243 (Use-after-free vulnerability in the MutationObserver::disconnect ...)
	{DSA-3242-1}
	- chromium-browser 42.0.2311.135-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_28.html
CVE-2015-1242 (The ReduceTransitionElementsKind function in ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1241 (Google Chrome before 42.0.2311.90 does not properly consider the ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1240 (gpu/blink/webgraphicscontext3d_impl.cc in the WebGL implementation in ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1239 (Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG ...)
	- openjpeg2 2.1.1-1
	NOTE: https://bugs.chromium.org/p/chromium/issues/detail?id=430891
	NOTE: https://github.com/uclouvain/openjpeg/issues/477
	NOTE: The issue must have been fixed in one of the commits before or with
	NOTE: https://github.com/uclouvain/openjpeg/commit/2d24b6000d5611615e3e6d799e20d5fdbe4e2a1e
	NOTE: which corresponds to the r2997 commit as mentioned in the merge which
	NOTE: fixed the issue on Google/PDFium's side.
CVE-2015-1238 (Skia, as used in Google Chrome before 42.0.2311.90, allows remote ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1237 (Use-after-free vulnerability in the RenderFrameImpl::OnMessageReceived ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1236 (The MediaElementAudioSourceNode::process function in ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1235 (The ContainerNode::parserRemoveChild function in ...)
	{DSA-3238-1}
	- chromium-browser 42.0.2311.90-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1234 (Race condition in gpu/command_buffer/service/gles2_cmd_decoder.cc in ...)
	- chromium-browser 41.0.2272.118-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1233 (Google Chrome before 41.0.2272.118 does not properly handle the ...)
	- chromium-browser 41.0.2272.118-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1232 (Array index error in the MidiManagerUsb::DispatchSendMidiData function ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1231 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1230 (The getHiddenProperty function in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant)
	NOTE: libv8 not covered by security support
CVE-2015-1229 (net/http/proxy_client_socket.cc in Google Chrome before 41.0.2272.76 ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1228 (The RenderCounter::updateCounter function in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1227 (The DragImage::create function in platform/DragImage.cpp in Blink, as ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1226 (The DebuggerFunction::InitAgentHost function in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1225 (PDFium, as used in Google Chrome before 41.0.2272.76, allows remote ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1224 (The VpxVideoDecoder::VpxDecode function in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1223 (Multiple use-after-free vulnerabilities in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1222 (Multiple use-after-free vulnerabilities in the ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1221 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1220 (Use-after-free vulnerability in the GIFImageReader::parseData function ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1219 (Integer overflow in the SkMallocPixelRef::NewAllocate function in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1218 (Multiple use-after-free vulnerabilities in the DOM implementation in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1217 (The V8LazyEventListener::prepareListenerObject function in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1216 (Use-after-free vulnerability in the ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1215 (The filters implementation in Skia, as used in Google Chrome before ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1214 (Integer overflow in the SkAutoSTArray implementation in ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1213 (The SkBitmap::ReadRawPixels function in core/SkBitmap.cpp in the ...)
	- chromium-browser 41.0.2272.76-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1212 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1211 (The OriginCanAccessServiceWorkers function in ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1210 (The V8ThrowException::createDOMException function in ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1209 (Use-after-free vulnerability in the ...)
	- chromium-browser 40.0.2214.111-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2015-1208 (Integer underflow in the mov_read_default function in ...)
	- ffmpeg 7:2.5.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3ebd76a9c57558e284e94da367dd23b435e6a6d0
CVE-2015-1207 (Double-free vulnerability in libavformat/mov.c in FFMPEG in Google ...)
	- ffmpeg 7:2.6.1-1
	- libav <removed>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3859868c75313e318ebc5d0d33baada62d45dd75
CVE-2015-1206 (Heap-based buffer overflow in Google Chrome before M40 allows remote ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
CVE-2015-1204 (Cross-site scripting (XSS) vulnerability in the Save Filters ...)
	NOT-FOR-US: Save Filters functionality in the WP Slimstat plugin for WordPress
CVE-2015-1190
	RESERVED
CVE-2015-1189
	RESERVED
CVE-2015-1188 (The certificate verification functions in the HNDS service in Swisscom ...)
	NOT-FOR-US: Swisscom Centro Grande DSL router
CVE-2015-1187 (The ping tool in multiple D-Link and TRENDnet devices allow remote ...)
	NOT-FOR-US: D-Link
CVE-2015-1186
	RESERVED
CVE-2015-1185
	RESERVED
CVE-2015-1184
	RESERVED
CVE-2015-1183
	RESERVED
CVE-2015-1181
	RESERVED
CVE-2015-1180 (Cross-site scripting (XSS) vulnerability in the Web Reports in ...)
	NOT-FOR-US: EventSentry
CVE-2015-1179 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Mango Automation
CVE-2015-1178 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in ...)
	NOT-FOR-US: X-Cart
CVE-2015-1177 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.2. ...)
	NOT-FOR-US: Exponent CMS
CVE-2015-1176 (Cross-site scripting (XSS) vulnerability in upload/scp/tickets.php in ...)
	NOT-FOR-US: osTicket
CVE-2015-1174 (Session fixation vulnerability in Unit4 Polska TETA Web (formerly TETA ...)
	NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1173 (Unit4 Polska TETA Web (formerly TETA Galactica) 22.62.3.4 does not ...)
	NOT-FOR-US: Unit4 Polska TETA Web
CVE-2015-1172 (Unrestricted file upload vulnerability in admin/upload-file.php in the ...)
	NOT-FOR-US: WordPress theme holding_pattern
CVE-2015-1171 (Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) ...)
	NOT-FOR-US: SIM Card Editor
CVE-2015-1170 (The NVIDIA Display Driver R304 before 309.08, R340 before 341.44, R343 ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2015-1169 (Apereo Central Authentication Service (CAS) Server before 3.5.3 allows ...)
	NOT-FOR-US: Apereo Central Authentication Service
CVE-2015-1168
	RESERVED
CVE-2015-1167
	RESERVED
CVE-2015-1166
	RESERVED
CVE-2015-1165 (RT (aka Request Tracker) 3.8.8 through 4.x before 4.0.23 and 4.2.x ...)
	{DSA-3176-1 DLA-158-1}
	- request-tracker4 4.2.8-3
	- request-tracker3.8 <removed>
CVE-2015-1163
	RESERVED
CVE-2015-1162
	RESERVED
CVE-2015-1161
	RESERVED
CVE-2014-9631
	RESERVED
CVE-2014-9638 (oggenc in vorbis-tools 1.4.0 allows remote attackers to cause a denial ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-7 (unimportant; bug #776086)
	[jessie] - vorbis-tools 1.4.0-6+deb8u1
	- opus-tools 0.1.10-1 (unimportant; bug #780160)
	NOTE: https://trac.xiph.org/ticket/2137
	NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
	NOTE: No security impact
	NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
CVE-2014-9639 (Integer overflow in oggenc in vorbis-tools 1.4.0 allows remote ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-7 (low; bug #776086)
	[jessie] - vorbis-tools 1.4.0-6+deb8u1
	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
	- opus-tools 0.1.10-1 (bug #780160)
	[jessie] - opus-tools <no-dsa> (Minor issue)
	[wheezy] - opus-tools <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/ticket/2136
	NOTE: Fixed by: https://github.com/mark4o/opus-tools/commit/8c412e619b83eb6dd32191909cf6672e93e5802e
	NOTE: proposed patch: http://lists.xiph.org/pipermail/vorbis-dev/2015-February/020423.html
CVE-2014-9640 (oggenc/oggenc.c in vorbis-tools 1.4.0 allows remote attackers to cause ...)
	{DLA-1010-1 DLA-317-1}
	- vorbis-tools 1.4.0-6 (bug #771363)
	[squeeze] - vorbis-tools <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/ticket/2009
	NOTE: Upstream fix: https://trac.xiph.org/changeset/19117
CVE-2014-9649 (Cross-site scripting (XSS) vulnerability in the management plugin in ...)
	- rabbitmq-server 3.4.1-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
	NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2014-9650 (CRLF injection vulnerability in the management plugin in RabbitMQ ...)
	- rabbitmq-server 3.4.1-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
	NOTE: https://groups.google.com/forum/#!topic/rabbitmq-users/-3Z2FyGtXhs
	NOTE: Fixed by: https://github.com/rabbitmq/rabbitmq-management/commit/b5a5fc31bd49ad821a655ea9e2fe920d670a62ad
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/21/13
CVE-2015-1396 [(another) directory traversal via symlinks -- incomplete fix for CVE-2015-1196]
	RESERVED
	- patch 2.7.3-1 (bug #775901)
	[wheezy] - patch <not-affected> (Not affected by CVE-2015-1196 and no incomplete fix applied)
	[squeeze] - patch <not-affected>  (Not affected by CVE-2015-1196 and no incomplete fix applied)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/24/3
CVE-2015-1353
	REJECTED
CVE-2015-4471 (Off-by-one error in the lzxd_decompress function in lzxd.c in ...)
	- libmspack 0.5-1 (bug #775499)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2014-9732 (The cabd_extract function in cabd.c in libmspack before 0.5 does not ...)
	- libmspack 0.5-1 (bug #774665)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4470 (Off-by-one error in the inflate function in mszipd.c in libmspack ...)
	- libmspack 0.5-1 (bug #775498)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4472 (Off-by-one error in the READ_ENCINT macro in chmd.c in libmspack ...)
	- libmspack 0.5-1 (bug #775687)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-1591 (The kamailio build in kamailio before 4.2.0-2 process allows local ...)
	- kamailio 4.2.0-2 (bug #775681)
	NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-1590 (The kamcmd administrative utility and default configuration in ...)
	- kamailio 4.2.0-2 (bug #775681)
	NOTE: https://github.com/kamailio/kamailio/issues/48
CVE-2015-XXXX [insecure configuration permissions]
	- phabricator 0~git20150129-1 (bug #775479)
CVE-2014-9637 (GNU patch 2.7.2 and earlier allows remote attackers to cause a denial ...)
	- patch 2.7.1-7
	[wheezy] - patch <not-affected> (Vulnerability introduced later)
	[squeeze] - patch <not-affected> (Vulnerability introduced later)
	NOTE: https://savannah.gnu.org/bugs/?44051
	NOTE: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=0c08d7a902c6fdd49b704623a12d8d672ef18944
CVE-2015-XXXX [race condition between fur and fex_cleanup may create internal instead of external user]
	- fex 20150120-1 (low; bug #773751)
	[squeeze] - fex <no-dsa> (Minor issue as it does not affect default setups)
CVE-2015-XXXX [information leak in event device handling]
	- linux 3.16.7-ckt7-1
	[wheezy] - linux <not-affected> (Introduced in 3.11)
	- linux-2.6 <not-affected> (Introduced in 3.11)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7c4f56070fde2367766fa1fb04852599b5e1ad35 (v3.18-rc1)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=483180281f0ac60d1138710eb21f4b9961901294 (v3.11-rc1)
	NOTE: CVE Request: http://article.gmane.org/gmane.comp.security.oss.general/15457
CVE-2015-1346 (Multiple unspecified vulnerabilities in Google V8 before 3.30.33.15, ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2015-1345 (The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows ...)
	- grep 2.20-4.1 (low; bug #776039)
	[squeeze] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
	[wheezy] - grep <not-affected> (Issue introduced with v2.18-90-g73893ff)
	NOTE: http://bugs.gnu.org/19563
	NOTE: Upstream fix: http://git.sv.gnu.org/cgit/grep.git/commit/?id=83a95bd8c8561875b948cadd417c653dbe7ef2e2
CVE-2014-XXXX [formail: memory corruption]
	- procmail 3.22-24 (bug #769937)
	[wheezy] - procmail <no-dsa> (Minor issue)
	[squeeze] - procmail <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/01/21/9
CVE-2015-1182 (The asn1_get_sequence_of function in library/asn1parse.c in PolarSSL ...)
	{DSA-3136-1 DLA-144-1}
	- polarssl 1.3.9-2.1 (bug #775776)
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
CVE-2015-1175 (Cross-site scripting (XSS) vulnerability in blocklayered-ajax.php in ...)
	NOT-FOR-US: PrestaShop
CVE-2015-1160
	RESERVED
CVE-2015-1159 (Cross-site scripting (XSS) vulnerability in the cgi_puts function in ...)
	{DSA-3283-1 DLA-239-1}
	- cups 1.7.5-12
CVE-2015-1158 (The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 ...)
	{DSA-3283-1 DLA-239-1}
	- cups 1.7.5-12
CVE-2015-1157 (CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause ...)
	NOT-FOR-US: Apple iOS
CVE-2015-1156 (The page-loading implementation in WebKit, as used in Apple Safari ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1155 (The history implementation in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1154 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1153 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1152 (WebKit, as used in Apple Safari before 6.2.6, 7.x before 7.1.6, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1151 (Wiki Server in Apple OS X Server before 4.1 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-1150 (The Firewall component in Apple OS X Server before 4.1 uses an ...)
	NOT-FOR-US: Apple
CVE-2015-1149 (Integer overflow in the simulator in Swift in Apple Xcode before 6.3 ...)
	NOT-FOR-US: Apple Xcode
CVE-2015-1148 (Screen Sharing in Apple OS X before 10.10.3 stores the password of a ...)
	NOT-FOR-US: Apple
CVE-2015-1147 (Open Directory Client in Apple OS X before 10.10.3 sends unencrypted ...)
	NOT-FOR-US: Apple
CVE-2015-1146 (The Code Signing implementation in Apple OS X before 10.10.3 does not ...)
	NOT-FOR-US: Apple
CVE-2015-1145 (The Code Signing implementation in Apple OS X before 10.10.3 does not ...)
	NOT-FOR-US: Apple
CVE-2015-1144 (Buffer overflow in the UniformTypeIdentifiers component in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2015-1143 (LaunchServices in Apple OS X before 10.10.3 allows local users to gain ...)
	NOT-FOR-US: Apple
CVE-2015-1142 (LaunchServices in Apple OS X before 10.10.3 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2015-1141 (The mach_vm_read functionality in the kernel in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-1140 (Buffer overflow in IOHIDFamily in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1139 (ImageIO in Apple OS X before 10.10.3 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2015-1138 (Hypervisor in Apple OS X before 10.10.3 allows local users to cause a ...)
	NOT-FOR-US: Apple
CVE-2015-1137 (The NVIDIA graphics driver in Apple OS X before 10.10.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2015-1136 (Use-after-free vulnerability in CoreAnimation in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2015-1135 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1134 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1133 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1132 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1131 (fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: Apple
CVE-2015-1130 (The XPC implementation in Admin Framework in Apple OS X before 10.10.3 ...)
	NOT-FOR-US: Apple
CVE-2015-1129 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5 does ...)
	NOT-FOR-US: Apple Safari
CVE-2015-1128 (The private-browsing implementation in Apple Safari before 6.2.5, 7.x ...)
	NOT-FOR-US: Apple Safari
CVE-2015-1127 (The private-browsing implementation in WebKit in Apple Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2015-1126 (WebKit, as used in Apple iOS before 8.3 and Apple Safari before 6.2.5, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1125 (The touch-events implementation in WebKit in Apple iOS before 8.3 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1124 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1123 (WebKit, as used in Apple iOS before 8.3 and Apple TV before 7.2, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1122 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1121 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1120 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1119 (WebKit, as used in Apple iOS before 8.3, Apple TV before 7.2, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1118 (libnetcore in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: Apple
CVE-2015-1117 (The (1) setreuid and (2) setregid system-call implementations in the ...)
	NOT-FOR-US: iOS
CVE-2015-1116 (The UIKit View component in Apple iOS before 8.3 displays unblurred ...)
	NOT-FOR-US: iOS
CVE-2015-1115 (The Telephony component in Apple iOS before 8.3 allows attackers to ...)
	NOT-FOR-US: iOS
CVE-2015-1114 (The Sandbox Profiles component in Apple iOS before 8.3 and Apple TV ...)
	NOT-FOR-US: iOS
CVE-2015-1113 (The Sandbox Profiles component in Apple iOS before 8.3 allows ...)
	NOT-FOR-US: iOS
CVE-2015-1112 (Apple Safari before 6.2.5, 7.x before 7.1.5, and 8.x before 8.0.5, as ...)
	NOT-FOR-US: iOS
CVE-2015-1111 (Safari in Apple iOS before 8.3 does not delete Recently Closed Tabs ...)
	NOT-FOR-US: iOS
CVE-2015-1110 (The Podcasts component in Apple iOS before 8.3 and Apple TV before 7.2 ...)
	NOT-FOR-US: iOS
CVE-2015-1109 (NetworkExtension in Apple iOS before 8.3 stores credentials in VPN ...)
	NOT-FOR-US: iOS
CVE-2015-1108 (The Lock Screen component in Apple iOS before 8.3 does not properly ...)
	NOT-FOR-US: iOS
CVE-2015-1107 (The Lock Screen component in Apple iOS before 8.3 does not properly ...)
	NOT-FOR-US: iOS
CVE-2015-1106 (The QuickType feature in the Keyboards subsystem in Apple iOS before ...)
	NOT-FOR-US: iOS
CVE-2015-1105 (The TCP implementation in the kernel in Apple iOS before 8.3, Apple OS ...)
	NOT-FOR-US: iOS
CVE-2015-1104 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1103 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1102 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1101 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1100 (The kernel in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1099 (Race condition in the setreuid system-call implementation in the ...)
	NOT-FOR-US: iOS
CVE-2015-1098 (iWork in Apple iOS before 8.3 and Apple OS X before 10.10.3 allows ...)
	NOT-FOR-US: iOS
CVE-2015-1097 (IOMobileFramebuffer in Apple iOS before 8.3 and Apple TV before 7.2 ...)
	NOT-FOR-US: iOS
CVE-2015-1096 (IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1095 (IOHIDFamily in Apple iOS before 8.3, Apple OS X before 10.10.3, and ...)
	NOT-FOR-US: iOS
CVE-2015-1094 (IOAcceleratorFamily in Apple iOS before 8.3 and Apple TV before 7.2 ...)
	NOT-FOR-US: iOS
CVE-2015-1093 (FontParser in Apple iOS before 8.3 and Apple OS X before 10.10.3 ...)
	NOT-FOR-US: iOS
CVE-2015-1092 (NSXMLParser in Foundation in Apple iOS before 8.3 and Apple TV before ...)
	NOT-FOR-US: iOS
CVE-2015-1091 (The CFNetwork Session component in Apple iOS before 8.3 and Apple OS X ...)
	NOT-FOR-US: iOS
CVE-2015-1090 (CFNetwork in Apple iOS before 8.3 does not delete HTTP Strict ...)
	NOT-FOR-US: iOS
CVE-2015-1089 (CFNetwork in Apple iOS before 8.3 and Apple OS X before 10.10.3 does ...)
	NOT-FOR-US: iOS
CVE-2015-1088 (CFURL in Apple iOS before 8.3 and Apple OS X before 10.10.3 does not ...)
	NOT-FOR-US: iOS
CVE-2015-1087 (Directory traversal vulnerability in Backup in Apple iOS before 8.3 ...)
	NOT-FOR-US: iOS
CVE-2015-1086 (The Audio Drivers subsystem in Apple iOS before 8.3 and Apple TV ...)
	NOT-FOR-US: iOS
CVE-2015-1085 (AppleKeyStore in Apple iOS before 8.3 does not properly restrict a ...)
	NOT-FOR-US: iOS
CVE-2015-1084 (The user interface in WebKit, as used in Apple Safari before 6.2.4, ...)
	NOT-FOR-US: Safari
CVE-2015-1083 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1082 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1081 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1080 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1079 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1078 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1077 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1076 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1075 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1074 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1073 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1072 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1071 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1070 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1069 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1068 (WebKit, as used in Apple Safari before 6.2.4, 7.x before 7.1.4, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2015-1067 (Secure Transport in Apple iOS before 8.2, Apple OS X through 10.10.2, ...)
	NOT-FOR-US: Apple
CVE-2015-1066 (Off-by-one error in IOAcceleratorFamily in Apple OS X through 10.10.2 ...)
	NOT-FOR-US: Apple
CVE-2015-1065 (Multiple buffer overflows in iCloud Keychain in Apple iOS before 8.2 ...)
	NOT-FOR-US: Apple
CVE-2015-1064 (Springboard in Apple iOS before 8.2 allows physically proximate ...)
	NOT-FOR-US: Apple
CVE-2015-1063 (CoreTelephony in Apple iOS before 8.2 allows remote attackers to cause ...)
	NOT-FOR-US: Apple
CVE-2015-1062 (MobileStorageMounter in Apple iOS before 8.2 and Apple TV before 7.1 ...)
	NOT-FOR-US: Apple
CVE-2015-1061 (IOSurface in Apple iOS before 8.2, Apple OS X through 10.10.2, and ...)
	NOT-FOR-US: Apple
CVE-2015-1060 (Open redirect vulnerability in lib/Cake/Controller/Controller.php in ...)
	NOT-FOR-US: AdaptCMS
CVE-2015-1059 (Unrestricted file upload vulnerability in admin/files/add in AdaptCMS ...)
	NOT-FOR-US: AdaptCMS
CVE-2015-1058 (Multiple cross-site scripting (XSS) vulnerabilities in AdaptCMS 3.0.3 ...)
	NOT-FOR-US: AdaptCMS
CVE-2015-1057 (Cross-site scripting (XSS) vulnerability in usersettings.php in e107 ...)
	NOT-FOR-US: e107
CVE-2015-1056 (Cross-site scripting (XSS) vulnerability in Brother MFC-J4410DW ...)
	NOT-FOR-US: Brother printer
CVE-2015-1055 (SQL injection vulnerability in the Photo Gallery plugin 1.2.7 for ...)
	NOT-FOR-US: WordPress plugin Photo Gallery
CVE-2015-1054 (Cross-site scripting (XSS) vulnerability in the Games feature in ...)
	NOT-FOR-US: Crea8Social
CVE-2015-1053 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
	NOT-FOR-US: Croogo
CVE-2015-1052 (Cross-site scripting (XSS) vulnerability in the poll archive in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2015-1050 (Cross-site scripting (XSS) vulnerability in F5 BIG-IP Application ...)
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2015-1049 (The web server on Siemens SCALANCE X-200IRT switches with firmware ...)
	NOT-FOR-US: Siemens SCALANCE
CVE-2015-1205 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: See CVE-2014-9654 for the bug in src:icu
CVE-2015-1203 [stack allocation with an attacker-controlled size -- modules/access/ftp.c]
	RESERVED
	NOTE: VLC issue disputed by upstream, see bug #775866
CVE-2015-1202 [stack allocation with an attacker-controlled size -- modules/services_discovery/sap.c]
	RESERVED
	NOTE: VLC issue disputed by upstream, see bug #775866
CVE-2015-1201 (Privoxy before 3.0.22 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Bogus entry for Privoxy picked from Secunia
CVE-2014-9630 [Invalid memory access in rtp code]
	RESERVED
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/204291467724867b79735c0ee3aeb0dbc2200f97
CVE-2014-9629 [integer overflow with resultant buffer overflow]
	RESERVED
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/9bb0353a5c63a7f8c6fc853faa3df4b4df1f5eb5
CVE-2014-9628 [attacker-triggered zero-size malloc with resultant buffer overflow]
	RESERVED
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9627 [integer truncation on 32-bit platforms]
	RESERVED
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9626 [integer underflow]
	RESERVED
	{DSA-3150-1}
	- vlc 2.2.0~rc2-2 (bug #775866)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/2e7c7091a61aa5d07e7997b393d821e91f593c39
CVE-2014-9625 [Buffer overflow in updater]
	RESERVED
	- vlc <not-affected> (Update mechanism not enabled in the Debian package)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/videolan/vlc/commit/fbe2837bc80f155c001781041a54c58b5524fc14
CVE-2014-9623 (OpenStack Glance 2014.2.x through 2014.2.1, 2014.1.3, and earlier ...)
	- glance 2014.1.3-12 (bug #776580)
	[wheezy] - glance <no-dsa> (Minor issue)
	NOTE: Versions: up to 2014.1.3 and 2014.2 version up to 2014.2.1
CVE-2014-9619 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9618 (The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9617
	RESERVED
CVE-2014-9616 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9615
	RESERVED
CVE-2014-9614
	RESERVED
CVE-2014-9613
	RESERVED
CVE-2014-9612
	RESERVED
CVE-2014-9611 (Netsweeper before 4.0.5 allows remote attackers to bypass ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9610 (Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9609
	RESERVED
CVE-2014-9608
	RESERVED
CVE-2014-9607
	RESERVED
CVE-2014-9606
	RESERVED
CVE-2014-9605 (WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x ...)
	NOT-FOR-US: Netsweeper
CVE-2014-9604 (libavcodec/utvideodec.c in FFmpeg before 2.5.2 does not check for a ...)
	{DSA-3189-1}
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav 6:11.3-1 (bug #775593)
	NOTE: Applies to 0.8, but in different file (utvideo.c)
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0ce3a0f9d9523a9bcad4c6d451ca5bbd7a4f420d
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3881606240953b9275a247a1c98a567f3c44890f
CVE-2014-9603 (The vmd_decode function in libavcodec/vmdvideo.c in FFmpeg before ...)
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3030fb7e0d41836f8add6399e9a7c7b740b48bfd
CVE-2014-9602 (libavcodec/xface.h in FFmpeg before 2.5.2 establishes certain digits ...)
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
CVE-2014-9601 (Pillow before 2.7.0 allows remote attackers to cause a denial of ...)
	- pillow 2.6.1-2 (bug #776303)
	- python-imaging <removed>
	[wheezy] - python-imaging <no-dsa> (Minor issue)
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	NOTE: https://github.com/python-pillow/Pillow/commit/b3e09122e527ae554eb590741bbd7611d5710e40
	NOTE: http://web.archive.org/web/20150921104441/http://pillow.readthedocs.org:80/releasenotes/2.7.0.html#png-text-chunk-size-limits
CVE-2014-9600 (Untrusted search path vulnerability in Macroplant iExplorer 3.6.3.0 ...)
	NOT-FOR-US: Macroplant iExplorer
CVE-2014-9599 (Cross-site scripting (XSS) vulnerability in the filemanager in ...)
	- b2evolution <removed>
CVE-2014-9598 (The picture_Release function in misc/picture.c in VideoLAN VLC media ...)
	NOTE: https://trac.videolan.org/vlc/ticket/13390
	NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
	NOTE: This was originally reported for VLC; but upstream states that it is in libavcodec
	NOTE: This seems to be Windows-specific issue, the reported error couldn't be reproduced
	NOTE: with any ffmpeg release and libav/0.8.
CVE-2014-9597 (The picture_pool_Delete function in misc/picture_pool.c in VideoLAN ...)
	NOTE: https://trac.videolan.org/vlc/ticket/13389
	NOTE: http://seclists.org/fulldisclosure/2015/Jan/72
	NOTE: This was originally reported for VLC; but upstream states that it is in libavcodec
	NOTE: This seems to be Windows-specific issue, the reported error couldn't be reproduced
	NOTE: with any ffmpeg release and libav/0.8.
CVE-2014-9596 (Panasonic Arbitrator Back-End Server (BES) MK 2.0 VPU before 9.3.1 ...)
	NOT-FOR-US: Panasonic Arbitrator Back-End Server
CVE-2014-9595 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-9594 (Buffer overflow in the SAP NetWeaver Dispatcher in SAP Kernel 7.00 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-9593 (Apache CloudStack before 4.3.2 and 4.4.x before 4.4.2 allows remote ...)
	NOT-FOR-US: Apache CloudStack
CVE-2015-1308 (kde-workspace 4.2.0 and plasma-workspace before 5.1.95 allows remote ...)
	- kde-workspace 4:5.1.95-1
	[jessie] - kde-workspace <no-dsa> (Minor issue)
	[wheezy] - kde-workspace <no-dsa> (Minor issue)
CVE-2015-1307 (plasma-workspace before 5.1.95 allows remote attackers to obtain ...)
	NOT-FOR-US: KDE Plasma 5 desktop, not yet packaged
CVE-2015-1306 (The newsletter posting area in the web interface in Sympa 6.0.x before ...)
	{DSA-3134-1 DLA-148-1}
	- sympa 6.1.23~dfsg-2
	NOTE: https://www.sympa.org/security_advisories#security_breaches_in_newsletter_posting
CVE-2014-9624 (CAPTCHA bypass vulnerability in MantisBT before 1.2.19. ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream commit: https://github.com/mantisbt/mantisbt/commit/39a92726
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17984
CVE-2015-1051 (Open redirect vulnerability in the Context UI module in the Context ...)
	NOT-FOR-US: Drupal extension drupal7-context
CVE-2015-2304 (Absolute path traversal vulnerability in bsdcpio in libarchive 3.1.2 ...)
	{DSA-3180-1 DLA-166-1}
	- libarchive 3.1.2-11 (bug #778266)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/7
	NOTE: Patch: https://github.com/libarchive/libarchive/commit/59357157706d47c365b2227739e17daba3607526
CVE-2015-1200 (Race condition in pxz 4.999.99 Beta 3 uses weak file permissions for ...)
	- pxz 4.999.99~beta3+git659fc9b-3 (bug #775306)
CVE-2015-1199 (Directory traversal vulnerability in ppmd 10.1-5. ...)
	- ppmd <removed> (low; bug #775218)
	[jessie] - ppmd <no-dsa> (Minor issue)
	[wheezy] - ppmd <no-dsa> (Minor issue)
	[squeeze] - ppmd <no-dsa> (Minor issue)
CVE-2015-1195 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) ...)
	- glance 2014.1.3-11 (bug #775926)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: up to 2014.1.3 and 2014.2 versions up to 2014.2.1
CVE-2012-XXXX [Insufficient validation of USB device descriptors]
	- oss4 4.2-build2010-2 (bug #775662)
	[wheezy] - oss4 <no-dsa> (Minor issue)
	[squeeze] - oss4 <no-dsa> (Minor issue)
CVE-2015-1350 (The VFS subsystem in the Linux kernel 3.x provides an incomplete set ...)
	{DLA-772-1}
	- linux 4.8.11-1 (bug #770492)
	[jessie] - linux 3.16.39-1
	- linux-2.6 <removed>
	NOTE: Fixed by: https://git.kernel.org/linus/030b533c4fd4d2ec3402363323de4bb2983c9cee
CVE-2014-XXXX [TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS]
	- typo3-src 4.5.40+dfsg1-1 (bug #766502)
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-002/
CVE-2013-XXXX [lhasa: several directory traversal vulnerabilities]
	- lhasa 0.2.0-1
	[wheezy] - lhasa <no-dsa> (Minor issue)
CVE-2014-9636 (unzip 6.0 allows remote attackers to cause a denial of service ...)
	{DSA-3152-1 DLA-150-1}
	- unzip 6.0-15 (bug #776589)
	NOTE: http://seclists.org/oss-sec/2014/q4/489
	NOTE: http://seclists.org/oss-sec/2014/q4/507
	NOTE: http://www.info-zip.org/phpBB3/viewtopic.php?f=7&t=450
CVE-2014-9635 (Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie ...)
	- jenkins 1.565.3-3 (bug #769682)
CVE-2014-9634 (Jenkins before 1.586 does not set the secure flag on session cookies ...)
	- jenkins 1.565.3-3 (bug #769682)
CVE-2015-1164 (Open redirect vulnerability in the serve-static plugin before 1.7.2 ...)
	- node-serve-static 1.6.4-2 (unimportant; bug #775843)
	NOTE: libv8 is not covered by security support
	NOTE: https://nodesecurity.io/advisories/serve-static-open-redirect
	NOTE: https://github.com/expressjs/serve-static/issues/26
CVE-2015-1048 (Open redirect vulnerability in the integrated web server on Siemens ...)
	NOT-FOR-US: Siemens
CVE-2015-1047 (vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 ...)
	NOT-FOR-US: VMware vCenter
CVE-2015-1046
	REJECTED
CVE-2015-1045
	REJECTED
CVE-2015-1044 (vmware-authd (aka the Authorization process) in VMware Workstation ...)
	NOT-FOR-US: VMware
CVE-2015-1043 (The Host Guest File System (HGFS) in VMware Workstation 10.x before ...)
	NOT-FOR-US: VMware
CVE-2015-1041 (Cross-site scripting (XSS) vulnerability in e107_admin/filemanager.php ...)
	NOT-FOR-US: e107
CVE-2015-1040 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: BEdita
CVE-2015-1039 (Cross-site scripting (XSS) vulnerability in user/login.phtml in ...)
	NOT-FOR-US: zfcUser
CVE-2015-1037
	RESERVED
CVE-2015-1036
	RESERVED
CVE-2015-1035
	RESERVED
CVE-2015-1034
	RESERVED
CVE-2015-1033
	RESERVED
CVE-2015-1032 (Cross-site scripting (XSS) vulnerability in Kiwix before 0.9.1, when ...)
	- kiwix <removed>
	NOTE: actually RFP again, but was removed from the archive on 2014-09-25
	NOTE: See https://bugs.debian.org/763321
CVE-2015-1029 (The puppetlabs-stdlib module 2.1 through 3.0 and 4.1.0 through 4.5.x ...)
	- puppet-module-puppetlabs-stdlib 4.9.0-1 (bug #775535)
	[jessie] - puppet-module-puppetlabs-stdlib <not-affected> (The jessie version of facter is recent enough)
	NOTE: http://puppetlabs.com/security/cve/cve-2015-1029
	NOTE: http://lists.alioth.debian.org/pipermail/pkg-puppet-devel/2015-January/009318.html
CVE-2015-1028 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link router
CVE-2015-1027 (The version checking subroutine in percona-toolkit before 2.2.13 and ...)
	- percona-toolkit 2.2.13-1 (unimportant)
	[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
	- percona-xtrabackup <unfixed> (unimportant)
	NOTE: Automatic version check is disabled and inherently insecure (CVE-2014-2029)
	NOTE: Patch applied to OpenSUSE 13.1: https://build.opensuse.org/package/view_file/openSUSE:13.1:Update/xtrabackup/percona-xtrabackup-CVE-2015-1027.patch?expand=1
CVE-2015-1026 (Multiple cross-site scripting (XSS) vulnerabilities in ZOHO ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2015-1025
	RESERVED
CVE-2015-1024
	RESERVED
CVE-2015-1023
	RESERVED
CVE-2015-1022
	RESERVED
CVE-2015-1021
	RESERVED
CVE-2015-1020
	RESERVED
CVE-2015-1019
	RESERVED
CVE-2015-1018
	RESERVED
CVE-2015-1017
	RESERVED
CVE-2015-1016
	RESERVED
CVE-2015-1015 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, ...)
	NOT-FOR-US: Omron CX-One
CVE-2015-1014
	RESERVED
CVE-2015-1013 (OSIsoft PI AF 2.6 and 2.7 and PI SQL for AF 2.1.2.19 do not ensure ...)
	NOT-FOR-US: OSIsoft PI AF and OSIsoft PI SQL for AF
CVE-2015-1012
	RESERVED
CVE-2015-1011 (Hospira LifeCare PCA Infusion System before 7.0 has hardcoded ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2015-1010 (Rockwell Automation RSView32 7.60.00 (aka CPR9 SR4) and earlier does ...)
	NOT-FOR-US: Rockwell Automation RSView32
CVE-2015-1009 (Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-1008 (SQL injection vulnerability in Emerson AMS Device Manager before 13 ...)
	NOT-FOR-US: Emerson AMS Device Manager
CVE-2015-1007
	RESERVED
CVE-2015-1006
	RESERVED
CVE-2015-1005 (IniNet embeddedWebServer (aka eWebServer) before 2.02 for Windows CE ...)
	NOT-FOR-US: IniNet
CVE-2015-1004
	REJECTED
CVE-2015-1003 (Directory traversal vulnerability in IniNet embeddedWebServer (aka ...)
	NOT-FOR-US: IniNet
CVE-2015-1002 (IniNet embeddedWebServer (aka eWebServer) before 2.02 mishandles URL ...)
	NOT-FOR-US: IniNet
CVE-2015-1001 (Multiple stack-based buffer overflows in IniNet embeddedWebServer (aka ...)
	NOT-FOR-US: IniNet
CVE-2015-1000 (Stack-based buffer overflow in the OpenForIPCamTest method in the ...)
	NOT-FOR-US: SStreamVideo ActiveX control
CVE-2015-0999 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0998 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0997 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0996 (Schneider Electric InduSoft Web Studio before 7.1.3.4 SP3 Patch 4 and ...)
	NOT-FOR-US: Schneider Electric InduSoft Web Studio
CVE-2015-0995 (Inductive Automation Ignition 7.7.2 uses MD5 password hashes, which ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0994 (Inductive Automation Ignition 7.7.2 allows remote authenticated users ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0993 (Inductive Automation Ignition 7.7.2 does not terminate a session upon ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0992 (Inductive Automation Ignition 7.7.2 stores cleartext OPC Server ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0991 (Inductive Automation Ignition 7.7.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0990 (Untrusted search path vulnerability in Ecava IntegraXor SCADA Server ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2015-0989 (PACTware 4.1 SP3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: PACTware
CVE-2015-0988 (Omron CX-One CX-Programmer before 9.6 uses a reversible format for ...)
	NOT-FOR-US: Omron CX-One
CVE-2015-0987 (Omron CX-One CX-Programmer before 9.6, CJ2M PLC devices before 2.1, ...)
	NOT-FOR-US: Omron CX-One
CVE-2015-0986 (Multiple stack-based buffer overflows in Moxa VPort ActiveX SDK Plus ...)
	NOT-FOR-US: Moxa VPort ActiveX SDK Plus
CVE-2015-0985 (Cross-site request forgery (CSRF) vulnerability in XZERES 442SR OS on ...)
	NOT-FOR-US: XZERES 442SR (wind turbine)
CVE-2015-0984 (Directory traversal vulnerability in the FTP server on Honeywell Excel ...)
	NOT-FOR-US: Honeywell Excel Web
CVE-2015-0983
	REJECTED
CVE-2015-0982 (Buffer overflow in an unspecified DLL in Schneider Electric Pelco ...)
	NOT-FOR-US: Schneider Electric
CVE-2015-0981 (The SOAP web interface in SCADA Engine BACnet OPC Server before ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0980 (Format string vulnerability in BACnOPCServer.exe in the SOAP web ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0979 (Heap-based buffer overflow in the SOAP web interface in SCADA Engine ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2015-0978 (Multiple untrusted search path vulnerabilities in (1) ...)
	NOT-FOR-US: Elipse E3
CVE-2015-0977 (Network Vision IntraVue before 2.3.0a14 on Windows allows remote ...)
	NOT-FOR-US: IntraVue
CVE-2015-0976 (Cross-site scripting (XSS) vulnerability in Inductive Automation ...)
	NOT-FOR-US: Inductive Automation Ignition
CVE-2015-0975
	RESERVED
CVE-2015-0974 (Untrusted search path vulnerability in ZTE Datacard MF19 0V1.0.0B04 ...)
	NOT-FOR-US: ZTE Datacard MF19
CVE-2015-0972 (Pearson ProctorCache before 2015.1.17 uses the same hardcoded password ...)
	NOT-FOR-US: Pearson ProctorCache
CVE-2015-0971 (The DER parser in Suricata before 2.0.8 allows remote attackers to ...)
	{DSA-3254-1}
	- suricata 2.0.8-1
	[wheezy] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
	[squeeze] - suricata <not-affected> (ASN.1 parser for X509 certificates in DER format introduced in 1.3)
	NOTE: http://suricata-ids.org/2015/05/06/suricata-2-0-8-available/
	NOTE: Patch: https://github.com/inliniac/suricata/commit/fa73a0bb8f312fd0a95cc70f6b3ee4e4997bdba7
CVE-2015-0970 (Cross-site request forgery (CSRF) vulnerability in SearchBlox before ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0969 (SearchBlox before 8.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0968 (Unrestricted file upload vulnerability in admin/uploadImage.html in ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0967 (Multiple cross-site scripting (XSS) vulnerabilities in SearchBlox ...)
	NOT-FOR-US: SearchBlox
CVE-2015-0966
	RESERVED
CVE-2015-0965
	RESERVED
CVE-2015-0964
	RESERVED
CVE-2015-0963
	RESERVED
CVE-2015-0962 (Barracuda Web Filter 7.x and 8.x before 8.1.0.005, when SSL Inspection ...)
	NOT-FOR-US: Barracuda Web Filter
CVE-2015-0961 (Barracuda Web Filter before 8.1.0.005, when SSL Inspection is enabled, ...)
	NOT-FOR-US: Barracuda Web Filter
CVE-2015-0960
	RESERVED
CVE-2015-0959
	RESERVED
CVE-2015-0958
	RESERVED
CVE-2015-0957
	RESERVED
CVE-2015-0956
	RESERVED
CVE-2015-0955
	REJECTED
CVE-2015-0954
	RESERVED
CVE-2015-0953
	RESERVED
CVE-2015-0952
	RESERVED
CVE-2015-0951 (X-Cart before 5.1.11 allows remote authenticated users to read or ...)
	NOT-FOR-US: X-Cart
CVE-2015-0950 (Cross-site scripting (XSS) vulnerability in admin.php in X-Cart 5.1.6 ...)
	NOT-FOR-US: X-Cart
CVE-2015-0949
	RESERVED
CVE-2015-0948
	RESERVED
CVE-2015-0947
	RESERVED
CVE-2015-0946
	RESERVED
CVE-2015-0945
	RESERVED
CVE-2015-0944
	RESERVED
CVE-2015-0943 (Basware Banking (Maksuliikenne) before 9.10.0.0 does not encrypt ...)
	NOT-FOR-US: Basware Banking
CVE-2015-0942
	REJECTED
CVE-2015-0941 (The Inetc plugin for Nullsoft Scriptable Install System (NSIS), as ...)
	NOT-FOR-US: Nullsoft Scriptable Install System plugin Inetc
CVE-2015-0940
	RESERVED
CVE-2015-0939
	RESERVED
CVE-2015-0938 (search.php on the Blue Coat Malware Analysis appliance with software ...)
	NOT-FOR-US: Blue Coat
CVE-2015-0937 (Cross-site scripting (XSS) vulnerability in search.php on the Blue ...)
	NOT-FOR-US: Blue Coat
CVE-2015-0936 (Ceragon FibeAir IP-10 have a default SSH public key in the ...)
	NOT-FOR-US: Ceragon FibeAir IP-10
CVE-2015-0935 (Bomgar Remote Support before 15.1.1 allows remote attackers to execute ...)
	NOT-FOR-US: Bomgar Remote Support
CVE-2015-0934 (Common LaTeX Service Interface (CLSI) before 0.1.3, as used in ...)
	NOT-FOR-US: ShareLaTeX
CVE-2015-0933 (Absolute path traversal vulnerability in ShareLaTeX 0.1.3 and earlier, ...)
	NOT-FOR-US: ShareLaTeX
CVE-2015-0932 (The ANTlabs InnGate firmware on IG 3100, IG 3101, InnGate 3.00 E, ...)
	NOT-FOR-US: ANTlabs InnGate
CVE-2015-0931 (Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and ...)
	NOT-FOR-US: Ektron CMS
CVE-2015-0930 (The web interface on SerVision HVG Video Gateway devices with firmware ...)
	NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-0929 (time.htm in the web interface on SerVision HVG Video Gateway devices ...)
	NOT-FOR-US: SerVision HVG Video Gateway
CVE-2015-0928 (libhtp 0.5.15 allows remote attackers to cause a denial of service ...)
	- suricata 2.0.7-1
	[wheezy] - suricata <no-dsa> (Unusable in wheezy, planned for removal)
	[squeeze] - suricata <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1385
	NOTE: Commit: https://github.com/inliniac/suricata/commit/56196ace51395fcb2d8fc30d586e9ad782306d31
CVE-2015-0927
	RESERVED
CVE-2015-0926 (Labtech before 100.237 on Linux uses world-writable permissions for ...)
	NOT-FOR-US: Labtech
CVE-2015-0925 (The client in iPass Open Mobile before 2.4.5 on Windows allows remote ...)
	NOT-FOR-US: iPass Open Mobile
CVE-2015-0924 (Ceragon FibeAir IP-10 bridges have a default password for the root ...)
	NOT-FOR-US: Ceragon FiberAir IP-10 bridges
CVE-2015-0923 (The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron ...)
	NOT-FOR-US: Ektron CMS
CVE-2014-999999
	REJECTED
CVE-2014-99999
	REJECTED
CVE-2014-9999
	REJECTED
CVE-2014-9592
	REJECTED
CVE-2014-9591
	REJECTED
CVE-2014-9590
	REJECTED
CVE-2014-9589
	REJECTED
CVE-2014-9588
	REJECTED
CVE-2014-9586
	RESERVED
	- binpac 0.43-1
CVE-2014-72038
	REJECTED
CVE-2014-62771
	REJECTED
CVE-2014-59156
	REJECTED
CVE-2014-54321
	REJECTED
CVE-2014-456132
	REJECTED
CVE-2014-32537
	REJECTED
CVE-2014-123456
	REJECTED
CVE-2014-10042
	RESERVED
CVE-2014-10041
	RESERVED
CVE-2014-10040
	RESERVED
CVE-2014-10038 (SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and ...)
	NOT-FOR-US: DomPHP
CVE-2014-10037 (Directory traversal vulnerability in DomPHP 0.83 and earlier allows ...)
	NOT-FOR-US: DomPHP
CVE-2014-10036 (Cross-site scripting (XSS) vulnerability in JetBrains TeamCity before ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2014-10035 (Multiple cross-site scripting (XSS) vulnerabilities in the admin area ...)
	NOT-FOR-US: couponPHP
CVE-2014-10034 (Multiple SQL injection vulnerabilities in the admin area in couponPHP ...)
	NOT-FOR-US: couponPHP
CVE-2014-10033 (SQL injection vulnerability in the update_zone function in ...)
	NOT-FOR-US: osCommerce Online Merchant
CVE-2014-10032 (SQL injection vulnerability in news_popup.php in Taboada MacroNews 1.0 ...)
	NOT-FOR-US: Taboada MacroNews
CVE-2014-10031 (Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail ...)
	NOT-FOR-US: Qualcomm Eudora WorldMail
CVE-2014-10030 (Open redirect vulnerability in forums/login.php in FluxBB before ...)
	NOT-FOR-US: FluxBB
CVE-2014-10029 (SQL injection vulnerability in profile.php in FluxBB before 1.4.13 and ...)
	NOT-FOR-US: FluxBB
CVE-2014-10028 (Cross-site scripting (XSS) vulnerability in D-Link DAP-1360 router ...)
	NOT-FOR-US: D-Link DAP-1360 router
CVE-2014-10027 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link DAP-1360
CVE-2014-10026 (index.cgi in D-Link DAP-1360 with firmware 2.5.4 and earlier allows ...)
	NOT-FOR-US: D-Link DAP-1360
CVE-2014-10025 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link DAP-1360
CVE-2014-10024 (Multiple integer signedness errors in DirectShowDemuxFilter, as used ...)
	NOT-FOR-US: Divx Web Player, Divx Player and Divx plugins
CVE-2014-10023 (Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 ...)
	NOT-FOR-US: TopicsViewer
CVE-2014-10021 (Unrestricted file upload vulnerability in UploadHandler.php in the WP ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-10020 (SQL injection vulnerability in login.php in Simple e-document 1.31 ...)
	NOT-FOR-US: Simple e-document
CVE-2014-10019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10018 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Teracom T2-B-Gawv1.4U10Y-BI modem
CVE-2014-10017 (Multiple SQL injection vulnerabilities in the Welcart e-Commerce ...)
	NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10016 (Multiple cross-site scripting (XSS) vulnerabilities in the Welcart ...)
	NOT-FOR-US: Welcart e-Commerce plugin for WordPress
CVE-2014-10015 (SQL injection vulnerability in load-calendar.php in PHPJabbers Event ...)
	NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10014 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PHPJabbers Event Booking Calendar
CVE-2014-10013 (SQL injection vulnerability in the Another WordPress Classifieds ...)
	NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10012 (Cross-site scripting (XSS) vulnerability in the Another WordPress ...)
	NOT-FOR-US: Another WordPress Classifieds Plugin plugin for WordPress
CVE-2014-10011 (Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX ...)
	NOT-FOR-US: TRENDnet SecurView camera TV-IP422WN
CVE-2014-10010 (Directory traversal vulnerability in PHPJabbers Appointment Scheduler ...)
	NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-10009 (Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 ...)
	NOT-FOR-US: Stark CRM
CVE-2014-10008 (Multiple cross-site request forgery (CSRF) vulnerabilities in Stark ...)
	NOT-FOR-US: Stark CRM
CVE-2014-10007 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
	NOT-FOR-US: Maian Weblog
CVE-2014-10006 (Multiple cross-site request forgery (CSRF) vulnerabilities in Maian ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-10005 (Maian Uploader 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-100040
	RESERVED
CVE-2014-10004 (SQL injection vulnerability in admin/data_files/move.php in Maian ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-100039 (mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local ...)
	NOT-FOR-US: Malwarebytes Anti-Exploit
CVE-2014-100038 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
	NOT-FOR-US: Storytlr
CVE-2014-100037 (Cross-site scripting (XSS) vulnerability in Storytlr 1.3.dev and ...)
	NOT-FOR-US: Storytlr
CVE-2014-100036 (Cross-site scripting (XSS) vulnerability in FlatPress 1.0.2 allows ...)
	- flatpress <itp> (bug #466297)
CVE-2014-100035 (SQL injection vulnerability in the ticket grid in the admin interface ...)
	NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100034 (Cross-site scripting (XSS) vulnerability in the frontend interface in ...)
	NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100033 (Directory traversal vulnerability in LicensePal ArcticDesk before ...)
	NOT-FOR-US: LicensePal ArcticDesk
CVE-2014-100032 (Cross-site scripting (XSS) vulnerability in top.html in the Airties ...)
	NOT-FOR-US: Airties Air 6372 modem
CVE-2014-100031 (Multiple SQL injection vulnerabilities in Ganesha Digital Library ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2014-100030 (Cross-site scripting (XSS) vulnerability in module/search/function.php ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2014-10003 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
	NOT-FOR-US: Maian Uploader
CVE-2014-100029 (Multiple directory traversal vulnerabilities in class/session.php in ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2014-100028 (Cross-site scripting (XSS) vulnerability in /signup in WEBCrafted ...)
	NOT-FOR-US: WEBCrafted
CVE-2014-100027 (Cross-site scripting (XSS) vulnerability in the WP SlimStat plugin ...)
	NOT-FOR-US: WP SlimStat plugin for WordPress
CVE-2014-100026 (Cross-site scripting (XSS) vulnerability in readme.php in the April's ...)
	NOT-FOR-US: April's Super Functions Pack plugin for WordPress
CVE-2014-100025 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Savsoft Quiz
CVE-2014-100024 (Cross-site scripting (XSS) vulnerability in Seo Panel before 3.4.0 ...)
	NOT-FOR-US: Seo Panel
CVE-2014-100023 (Multiple cross-site scripting (XSS) vulnerabilities in question.php in ...)
	NOT-FOR-US: mTouch Quiz
CVE-2014-100022 (SQL injection vulnerability in question.php in the mTouch Quiz before ...)
	NOT-FOR-US: mTouch Quiz
CVE-2014-100021 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: OrangeHRM
CVE-2014-100020 (SQL injection vulnerability in ChangeEmail.php in iTechClassifieds ...)
	NOT-FOR-US: iTechClassifieds
CVE-2014-10002 (Unspecified vulnerability in JetBrains TeamCity before 8.1 allows ...)
	NOT-FOR-US: JetBrains TeamCity
CVE-2014-100019 (SQL injection vulnerability in the LTree converter in Pomm before ...)
	NOT-FOR-US: LTree converter in Pomm
CVE-2014-100018 (Cross-site scripting (XSS) vulnerability in the Unconfirmed plugin ...)
	NOT-FOR-US: Unconfirmed plugin for WordPress
CVE-2014-100017 (Cross-site scripting (XSS) vulnerability in canned_opr.php in ...)
	NOT-FOR-US: PhpOnlineChat
CVE-2014-100016 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Photocrati theme for WordPress
CVE-2014-100015 (Directory traversal vulnerability in pdmwService.exe in SolidWorks ...)
	NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100014 (Multiple stack-based buffer overflows in pdmwService.exe in SolidWorks ...)
	NOT-FOR-US: SolidWorks Workgroup PDM
CVE-2014-100013 (Multiple cross-site scripting (XSS) vulnerabilities in clientResponse ...)
	NOT-FOR-US: clientResponse
CVE-2014-100012 (SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote ...)
	NOT-FOR-US: Sendy
CVE-2014-100011 (SQL injection vulnerability in /send-to in Sendy 1.1.9.1 allows remote ...)
	NOT-FOR-US: Sendy
CVE-2014-100010 (Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows ...)
	NOT-FOR-US: ClanSphere
CVE-2014-10001 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PHPJabbers Appointment Scheduler
CVE-2014-100009 (The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) ...)
	NOT-FOR-US: JS MultiHotel
CVE-2014-100008 (Cross-site scripting (XSS) vulnerability in includes/delete_img.php in ...)
	NOT-FOR-US: JS MultiHotel
CVE-2014-100007 (Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin ...)
	NOT-FOR-US: HK Exif Tags plugin for WordPress
CVE-2014-100006 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: webtrees
CVE-2014-100005 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link DIR-600 router
CVE-2014-100004 (Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 ...)
	NOT-FOR-US: Sitecore CMS
CVE-2014-100003 (SQL injection vulnerability in ...)
	NOT-FOR-US: Code Futures YourMembers plugin for WordPress
CVE-2014-100002 (Directory traversal vulnerability in ManageEngine SupportCenter Plus ...)
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2014-100001 (Cross-site request forgery (CSRF) vulnerability in the SEO Plugin ...)
	NOT-FOR-US: SEO Plugin LiveOptim
CVE-2014-100000
	REJECTED
CVE-2014-10000
	REJECTED
CVE-2013-7420 (Buffer overflow in Hancom Office 2010 SE allows remote attackers to ...)
	NOT-FOR-US: Hancom Office 2010 SE
CVE-2015-XXXX [smime_keys: insecure use of /tmp]
	- mutt 1.5.24-1 (unimportant; bug #775199)
	NOTE: http://dev.mutt.org/hg/mutt/rev/babc30377614
	NOTE: Rendered non-exploitable by Linux hardening since wheezy
CVE-2015-XXXX [djvudigital: insecure use of /tmp]
	- djvulibre 3.5.27.1-3 (unimportant; bug #775193)
	[squeeze] - djvulibre <no-dsa> (Minor issue)
	NOTE: Originally was addressed in 3.5.27.1-1 but it was reintroduced
	NOTE: with the 3.5.27.1-2 upload, cf. https://bugs.debian.org/775193#17
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-5701 (mktexlsr revision 36855, and before revision 36626 as packaged in ...)
	- texlive-bin <not-affected> (Vulnerable code not reintroduced, patch mktexlsr-use-mktemp still applied)
	NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=36626&r2=36855
CVE-2015-5700 (mktexlsr revision 22855 through revision 36625 as packaged in texlive ...)
	- texlive-bin 2014.20140926.35254-5 (bug #775139)
	[wheezy] - texlive-bin <no-dsa> (Minor issue)
	[squeeze] - texlive-bin <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/04/23/22
	NOTE: http://www.openwall.com/lists/oss-security/2015/07/28/5
	NOTE: https://www.tug.org/svn/texlive/trunk/Build/source/texk/kpathsea/mktexlsr?r1=19613&r2=22885
CVE-2015-1196 (GNU patch 2.7.1 allows remote attackers to write to arbitrary files ...)
	- patch 2.7.1-7 (bug #775227)
	[wheezy] - patch <not-affected> (Support for git-style patches added in 2.7)
	[squeeze] - patch <not-affected> (Support for git-style patches added in 2.7)
CVE-2014-9651 (Buffer overflow in CHICKEN 4.9.0.x before 4.9.0.2, 4.9.x before 4.9.1, ...)
	- chicken 4.10.0-1 (bug #775346)
	[jessie] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/12/3
	NOTE: Patch: http://lists.nongnu.org/archive/html/chicken-hackers/2014-12/txt2UqAS9CtvH.txt
CVE-2015-1194 (pax 1:20140703 allows remote attackers to write to arbitrary files via ...)
	- pax 1:20160306-1 (low; bug #774716)
	[jessie] - pax <no-dsa> (Minor issue)
	[squeeze] - pax <no-dsa> (Minor issue)
	[wheezy] - pax <no-dsa> (Minor issue)
CVE-2015-1193 (Multiple directory traversal vulnerabilities in pax 1:20140703 allow ...)
	- pax 1:20160306-1 (low; bug #774716)
	[jessie] - pax <no-dsa> (Minor issue)
	[squeeze] - pax <no-dsa> (Minor issue)
	[wheezy] - pax <no-dsa> (Minor issue)
CVE-2015-1192 (Absolute path traversal vulnerability in kgb 1.0b4 allows remote ...)
	- kgb 1.0b4+ds-14 (bug #774989)
	[jessie] - kgb <no-dsa> (meant to be used as a local archiver)
	[wheezy] - kgb <no-dsa> (meant to be used as a local archiver)
	[squeeze] - kgb <no-dsa> (meant to be used as a local archiver)
CVE-2015-1191 (Multiple directory traversal vulnerabilities in pigz 2.3.1 allow ...)
	- pigz 2.3.1-2 (bug #774978)
	[squeeze] - pigz <no-dsa> (Minor issue)
	[wheezy] - pigz <no-dsa> (Minor issue)
	NOTE: https://github.com/madler/pigz/commit/fdad1406b3ec809f4954ff7cdf9e99eb18c2458f
CVE-2015-0973 (Buffer overflow in the png_read_IDAT_data function in pngrutil.c in ...)
	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
	- libpng1.6 1.6.16-1 (bug #773823)
	- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	- texlive-bin 2014.20140926.35254-6 (bug #775673)
	[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
	[wheezy] - texlive-bin <not-affected> (uses system libpng)
	NOTE: http://tfpwn.com/files/libpng_heap_overflow_1.6.15.txt
	NOTE: http://mid.gmane.org/Pine.LNX.4.64.1501101510150.31425@beijing.mitre.org
CVE-2015-0922 (McAfee ePolicy Orchestrator (ePO) before 4.6.9 and 5.x before 5.1.2 ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2015-0921 (XML external entity (XXE) vulnerability in the Server Task Log in ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2014-1155
	REJECTED
CVE-2014-1137
	REJECTED
CVE-2014-1004
	REJECTED
CVE-2013-7419 (Cross-site scripting (XSS) vulnerability in includes/refreshDate.php ...)
	NOT-FOR-US: Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin for WordPress
CVE-2015-2063 (Integer overflow in unace 1.2b allows remote attackers to cause a ...)
	{DSA-3178-1 DLA-164-1}
	- unace 1.2b-12 (bug #775003)
	NOTE: http://git.hadrons.org/?p=debian/pkgs/unace.git;a=commitdiff;h=319446f
CVE-2015-0920 (Cross-site request forgery (CSRF) vulnerability in the Banner Effect ...)
	NOT-FOR-US: Banner Effect Header plugin for WordPress
CVE-2015-0919 (Multiple SQL injection vulnerabilities in the administrative backend ...)
	NOT-FOR-US: Sefrengo
CVE-2015-0918 (Cross-site scripting (XSS) vulnerability in the administrative backend ...)
	NOT-FOR-US: Sefrengo
CVE-2015-0917 (Cross-site scripting (XSS) vulnerability in the backend in Kajona ...)
	NOT-FOR-US: Kajona
CVE-2015-0916 (SQL injection vulnerability in graph.php in Cacti before 0.8.6f allows ...)
	- cacti 0.8.6f-1
CVE-2015-0915 (Cross-site scripting (XSS) vulnerability in RAKUS MailDealer 11.2.1 ...)
	NOT-FOR-US: RAKUS MailDealer
CVE-2015-0914 (EasyCTF before 1.4 does not validate the session ID, which allows ...)
	NOT-FOR-US: EasyCTF
CVE-2015-0913 (Cross-site scripting (XSS) vulnerability in EasyCTF before 1.4 allows ...)
	NOT-FOR-US: EasyCTF
CVE-2015-0912 (EasyCTF before 1.4 allows remote authenticated users to write ...)
	NOT-FOR-US: EasyCTF
CVE-2015-0911 (Directory traversal vulnerability in TAGAWA Takao TransmitMail 1.0.11 ...)
	NOT-FOR-US: TAGAWA Takao TransmitMail
CVE-2015-0910 (Cross-site scripting (XSS) vulnerability in TAGAWA Takao TransmitMail ...)
	NOT-FOR-US: TAGAWA Takao TransmitMail
CVE-2015-0909
	RESERVED
CVE-2015-0908
	RESERVED
CVE-2015-0907 (Buffer overflow in Lhaplus before 1.70 allows remote attackers to ...)
	NOT-FOR-US: Lhaplus
CVE-2015-0906 (Directory traversal vulnerability in Lhaplus before 1.70 allows remote ...)
	NOT-FOR-US: Lhaplus
CVE-2015-0905 (Cross-site request forgery (CSRF) vulnerability in bBlog allows remote ...)
	NOT-FOR-US: bBlog
CVE-2015-0904 (The Restaurant Karaoke SHIDAX app 1.3.3 and earlier on Android does ...)
	NOT-FOR-US: Restaurant Karaoke SHIDAX app
CVE-2015-0903 (Buffer overflow in Saitoh Kikaku Maruo Editor 8.51 and earlier allows ...)
	NOT-FOR-US: Saitoh Kikaku Maruo Editor
CVE-2015-0902 (The Semper Fi All in One SEO Pack plugin before 2.2.6 for WordPress ...)
	NOT-FOR-US: WordPress plugin all-in-one-seo-pack
CVE-2015-0901 (Cross-site scripting (XSS) vulnerability in the duwasai flashy theme ...)
	NOT-FOR-US: WordPress duwasai flashy theme
CVE-2015-0900 (Cross-site scripting (XSS) vulnerability in schedule.cgi in Nishishi ...)
	NOT-FOR-US: Nishishi Factory
CVE-2015-0899 (The MultiPageValidator implementation in Apache Struts 1 1.1 through ...)
	{DSA-3536-1 DLA-292-1}
	- libstruts1.2-java <removed>
	NOTE: Patch in SuSE Bugzilla: https://bugzilla.novell.com/attachment.cgi?id=629559
	NOTE: Patch appplies cleanly to the Wheezy and Squeeze versions
CVE-2015-0898 (futomi CGI Cafe MP Form Mail CGI eCommerce before 2.0.12 on Windows ...)
	NOT-FOR-US: futomi CGI Cafe MP Form Mail CGI eCommerce
CVE-2015-0897
	RESERVED
CVE-2015-0896 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...)
	{DLA-453-1 DLA-296-1}
	- extplorer <removed> (bug #783231)
	NOTE: Upstream fixes: http://extplorer.net/projects/extplorer/repository/revisions/240
CVE-2015-0895 (Cross-site request forgery (CSRF) vulnerability in the All In One WP ...)
	NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0894 (SQL injection vulnerability in the All In One WP Security &amp; Firewall ...)
	NOT-FOR-US: All In One WP Security & Firewall plugin for WordPress
CVE-2015-0893 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
	NOT-FOR-US: Maroyaka
CVE-2015-0892 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
	NOT-FOR-US: Maroyaka
CVE-2015-0891 (Cross-site scripting (XSS) vulnerability in Maroyaka CGI Maroyaka ...)
	NOT-FOR-US: Maroyaka
CVE-2015-0890 (The BestWebSoft Google Captcha (aka reCAPTCHA) plugin before 1.13 for ...)
	NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2015-0889 (KENT-WEB Joyful Note before 5.3 allows remote attackers to delete ...)
	NOT-FOR-US: KENT-WEB Joyful Note
CVE-2015-0888 (KENT-WEB Clip Board before 4.1 allows remote attackers to delete ...)
	NOT-FOR-US: KENT-WEB Clip Board
CVE-2015-0887 (npppd in the PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 Fuji ...)
	NOT-FOR-US: SEIL routers
CVE-2015-0886 (Integer overflow in the crypt_raw method in the key-stretching ...)
	- libjbcrypt-java 0.4-1 (bug #780102)
	[jessie] - libjbcrypt-java <no-dsa> (Minor issue)
	[wheezy] - libjbcrypt-java <no-dsa> (Minor issue)
	[squeeze] - libjbcrypt-java <no-dsa> (Minor issue)
CVE-2015-0885 (checkpw 1.02 and earlier allows remote attackers to cause a denial of ...)
	{DSA-3192-1 DLA-191-1}
	- checkpw 1.02-1.1 (bug #780139)
CVE-2015-0884 (Unquoted Windows search path vulnerability in Toshiba Bluetooth Stack ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2015-0883 (SYNCK GRAPHICA Mailform Pro CGI 4.1.4 and 4.1.5, when the mailauth ...)
	NOT-FOR-US: Mailform Pro
CVE-2015-0882 (Multiple cross-site scripting (XSS) vulnerabilities in zencart-ja (aka ...)
	NOT-FOR-US: Zen Cart
CVE-2015-0881 (CRLF injection vulnerability in Squid before 3.1.1 allows remote ...)
	- squid <removed> (low)
	[squeeze] - squid <no-dsa> (Minor issue)
	[wheezy] - squid <no-dsa> (Minor issue)
	- squid3 3.1.1-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/01/2
	NOTE: Patch: http://www.squid-cache.org/Versions/v3/3.1/changesets/b9619.patch
	NOTE: https://jvn.jp/en/jp/JVN64455813/index.html
CVE-2015-0880 (Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote ...)
	NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0879 (CREAR AL-Mail32 before 1.13d allows remote attackers to cause a denial ...)
	NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0878 (Directory traversal vulnerability in CREAR AL-Mail32 before 1.13d ...)
	NOT-FOR-US: CREAR AL-Mail32
CVE-2015-0877 (Unrestricted file upload vulnerability in app/lib/mlf.pl in C-BOARD ...)
	NOT-FOR-US: C-BOARD Moyuku
CVE-2015-0876 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Saurus CMS
CVE-2015-0875 (The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for ...)
	NOT-FOR-US: Ogaki Kyoritsu Bank Smartphone Passbook application for Android
CVE-2015-0874 (Smartphone Passbook 1.0.0 does not verify X.509 certificates from SSL ...)
	NOT-FOR-US: Smartphone Passbook
CVE-2015-0873 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
	NOT-FOR-US: PerlTreeBBS
CVE-2015-0872
	REJECTED
CVE-2015-0871 (Cross-site scripting (XSS) vulnerability in Mrs. Shiromuku Perl CGI ...)
	NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(u1)GUESTBOOK
CVE-2015-0870 (Cross-site scripting (XSS) vulnerability in hb.cgi in Nishishi Factory ...)
	NOT-FOR-US: Nishishi Factory
CVE-2015-0869 (I-O DATA DEVICE NP-BBRM routers allow remote attackers to cause a ...)
	NOT-FOR-US: I-O DATA DEVICE NP-BBRM routers
CVE-2015-0868 (Unrestricted file upload vulnerability in Mrs. Shiromuku Perl CGI ...)
	NOT-FOR-US: Mrs. Shiromuku Perl CGI shiromuku(bu2)BBS
CVE-2015-0867 (Directory traversal vulnerability in SYNCK GRAPHICA Download Log CGI ...)
	NOT-FOR-US: SYNCK GRAPHICA Download Log CGI
CVE-2015-0866 (Multiple cross-site scripting (XSS) vulnerabilities in Zoho ...)
	NOT-FOR-US: ZOHO ManageEngine SupportCenter Plus
CVE-2015-0865
	RESERVED
CVE-2015-0864 (Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x ...)
	NOT-FOR-US: Samsung
CVE-2015-0863 (GALAXY Apps (aka Samsung Apps, Samsung Updates, or ...)
	NOT-FOR-US: Samsung GALAXY Apps
CVE-2015-0862 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	- rabbitmq-server 3.4.3-1
	[jessie] - rabbitmq-server <no-dsa> (Minor issue)
	[wheezy] - rabbitmq-server <no-dsa> (Minor issue)
	[squeeze] - rabbitmq-server <not-affected> (Management web UI not available in version 1.8.1)
CVE-2015-0861 (model/modelstorage.py in trytond 3.2.x before 3.2.10, 3.4.x before ...)
	{DSA-3425-1}
	- tryton-server 3.8.1-1
	[wheezy] - tryton-server <not-affected> (Version < 3.2)
	[squeeze] - tryton-server <not-affected> (Version < 3.2)
	NOTE: Mathias Behrle told us that affected versions are >= 3.2 and < 3.8.1
CVE-2015-0860 (Off-by-one error in the extracthalf function in dpkg-deb/extract.c in ...)
	{DSA-3407-1}
	- dpkg 1.18.4
	[squeeze] - dpkg <not-affected> (Vulnerable code not present)
CVE-2015-0859 (The Debian build procedure for the smokeping package in wheezy before ...)
	{DSA-3405-1}
	- smokeping 2.6.11-2
	[squeeze] - smokeping <not-affected> (Vulnerable code not present)
CVE-2015-0858 (Cool Projects TarDiff allows local users to write to arbitrary files ...)
	{DSA-3562-1 DLA-564-1}
	- tardiff 0.1-3
	NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
CVE-2015-0857 (Cool Projects TarDiff allows remote attackers to execute arbitrary ...)
	{DSA-3562-1 DLA-564-1}
	- tardiff 0.1-5
	NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=9bd6a07bc204472ac27242cea16f89943b43003a
	NOTE: Assignment is done for injection through file names and tar file name itself
	NOTE: First part was addressed in 0.1-3 but does not contain the fix for the tar
	NOTE: file name itself.
	NOTE: https://anonscm.debian.org/cgit/collab-maint/tardiff.git/commit/?id=a18e8df51511df276e61dbccdbe1714fc53af965
CVE-2015-0856 (daemon/Greeter.cpp in sddm before 0.13.0 does not properly disable the ...)
	- sddm 0.12.0-5 (bug #803336; low)
	NOTE: https://github.com/sddm/sddm/commit/4cfed6b0a625593
CVE-2015-0855 (The _mediaLibraryPlayCb function in mainwindow.py in pitivi before ...)
	- pitivi 0.95-1
	[jessie] - pitivi <no-dsa> (Minor issue)
	[squeeze] - pitivi <not-affected> (Vulnerable code not present (no os.system()))
	[wheezy] - pitivi <not-affected> (Vulnerable code not present (no os.system()))
	NOTE: https://git.gnome.org/browse/pitivi/commit/?id=45a4c84edb3b4343f199bba1c65502e3f49f5bb2 (RELEASE-0_95_0)
CVE-2015-0854 (App/HelperFunctions.pm in Shutter through 0.93.1 allows user-assisted ...)
	{DLA-769-1}
	- shutter 0.93.1-1 (low; bug #798862)
	[jessie] - shutter 0.92-0.1+deb8u1
	[squeeze] - shutter <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/shutter/+bug/1495163
CVE-2015-0853 (svn-workbench 1.6.2 and earlier on a system with xeyes installed ...)
	- svn-workbench 1.7.0-1 (low; bug #798863)
	[jessie] - svn-workbench <no-dsa> (Minor issue)
	[wheezy] - svn-workbench <no-dsa> (Minor issue)
	[squeeze] - svn-workbench <no-dsa> (Minor issue)
CVE-2015-0852 (Multiple integer underflows in PluginPCX.cpp in FreeImage 3.17.0 and ...)
	{DSA-3392-1 DLA-327-1}
	- freeimage 3.15.4-5 (bug #797165)
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.17&r2=1.18&pathrev=MAIN
	NOTE: http://freeimage.cvs.sourceforge.net/viewvc/freeimage/FreeImage/Source/FreeImage/PluginPCX.cpp?r1=1.18&r2=1.19&pathrev=MAIN
CVE-2015-0851 (XMLTooling-C before 1.5.5, as used in OpenSAML-C and Shibboleth ...)
	{DSA-3321-1 DLA-290-1}
	- xmltooling 1.5.6-1 (bug #793855)
	NOTE: http://shibboleth.net/community/advisories/secadv_20150721.txt
	NOTE: Patch: https://git.shibboleth.net/view/?p=cpp-xmltooling.git;a=commitdiff;h=2d795c731e6729309044607154978696a87fd900
	NOTE: Initial advisory was listing the wrong CVE, updated later
	NOTE: opensaml2 will need binNMUs/sourcefull upload (cf. #794851)
	NOTE: [squeeze] partially affected (util/XMLHelper.cpp XMLHelper::getAttrInt method not present) (1.3.3.x)
CVE-2015-0850 (The Git plugin for FusionForge before 6.0rc4 allows remote attackers ...)
	{DSA-3275-1}
	- fusionforge 6.0~rc4-1
	[squeeze] - fusionforge <not-affected> (Affects 5.3 and later)
	NOTE: https://scm.fusionforge.org/anonscm/gitweb?p=fusionforge/fusionforge.git;a=commitdiff;h=afcfe76f5195af4566ff3a8280714383fcdb5a67
	NOTE: https://fusionforge.org/forum/forum.php?forum_id=41
CVE-2015-0849 [predictable temporary file vulnerability]
	RESERVED
	- pycode-browser 1:1.0-1 (unimportant; bug #790365)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2015-0848 (Heap-based buffer overflow in libwmf 0.2.8.4 allows remote attackers ...)
	{DSA-3302-1 DLA-253-1}
	- libwmf 0.2.8.4-10.4 (bug #787644)
CVE-2015-0847 (nbd-server.c in Network Block Device (nbd-server) before 3.11 does not ...)
	{DSA-3271-1 DLA-223-1}
	- nbd 1:3.10-1 (bug #784657)
	NOTE: http://sourceforge.net/p/nbd/mailman/message/34091218/
CVE-2015-0846 (django-markupfield before 1.3.2 uses the default docutils ...)
	{DSA-3230-1 DLA-206-1}
	- django-markupfield 1.3.2-1
	NOTE: https://github.com/jamesturk/django-markupfield/commit/b45734ea1d206abc1ed2a90bdc779708066d49f3
CVE-2015-0845 (Format string vulnerability in Movable Type Pro, Open Source, and ...)
	{DSA-3227-1}
	- movabletype-opensource <removed>
	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://movabletype.org/news/2015/04/movable_type_608_and_5213_released_to_close_security_vulnera.html
CVE-2015-0844 (The WML/Lua API in Battle for Wesnoth 1.7.x through 1.11.x and 1.12.x ...)
	{DSA-3218-1 DLA-202-1}
	- wesnoth-1.12 1:1.12.2-1
	- wesnoth-1.10 1:1.10.7-2
	- wesnoth-1.8 <removed>
CVE-2015-0843 [Buffer overflows due to misuse of sprintf]
	RESERVED
	- yubiserver 0.6-1 (bug #796495)
	[jessie] - yubiserver <no-dsa> (Mitigated by toolchain hardening)
	[wheezy] - yubiserver <no-dsa> (Can be fixed via a point release)
CVE-2015-0842 [SQL injection issues (potential auth bypass)]
	RESERVED
	- yubiserver 0.6-1 (bug #796495)
	[jessie] - yubiserver <no-dsa> (Minor issue)
	[wheezy] - yubiserver <no-dsa> (Minor issue)
CVE-2015-0841 [off-by-one buffer overflow in Listener::checkActivity in libcapsinetwork/monopd]
	RESERVED
	- libcapsinetwork <removed> (bug #781044; unimportant)
	[experimental] - monopd 0.9.8-1
	- monopd <unfixed> (bug #781043; unimportant)
	NOTE: Not exploitable with dlmalloc
CVE-2015-0840 (The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x ...)
	{DSA-3217-1 DLA-220-1}
	- dpkg 1.17.25
	NOTE: Ubuntu fix for 1.15.x (version in squeeze): http://launchpadlibrarian.net/202647129/dpkg_1.15.5.6ubuntu4.9_1.15.5.6ubuntu4.10.diff.gz
CVE-2015-0839 (The hp-plugin utility in HP Linux Imaging and Printing (HPLIP) makes ...)
	{DLA-775-1}
	- hplip 3.15.11+repack0-1 (bug #787353; bug #796015)
	[jessie] - hplip 3.14.6-1+deb8u1
	[squeeze] - hplip <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2015/q2/581
	NOTE: https://bugs.launchpad.net/bugs/1432516
CVE-2015-0838 (Buffer overflow in the C implementation of the apply_delta function in ...)
	{DSA-3206-1 DLA-231-1}
	- dulwich 0.10.1-1 (bug #780958)
	[jessie] - dulwich 0.9.7-3
CVE-2015-0837 [data-dependent timing variations in modular exponentiation]
	RESERVED
	{DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
	- libgcrypt11 <removed>
	- libgcrypt20 1.6.3-2
	- gnupg 1.4.18-7
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=6cbc75e71295f23431c4ab95edc7573f2fc28476
CVE-2015-0836 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
CVE-2015-0835 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-11/
CVE-2015-0834 (The WebRTC subsystem in Mozilla Firefox before 36.0 recognizes turns: ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-15/
CVE-2015-0833 (Multiple untrusted search path vulnerabilities in updater.exe in ...)
	- iceweasel <not-affected> (Specific to Firefox on Windows)
	- icedove <not-affected> (Specific to Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-12/
CVE-2015-0832 (Mozilla Firefox before 36.0 does not properly recognize the ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-13/
CVE-2015-0831 (Use-after-free vulnerability in the ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-16/
CVE-2015-0830 (The WebGL implementation in Mozilla Firefox before 36.0 does not ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-14/
CVE-2015-0829 (Buffer overflow in libstagefright in Mozilla Firefox before 36.0 ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-17/
CVE-2015-0828 (Double free vulnerability in the nsXMLHttpRequest::GetResponse ...)
	- iceweasel <not-affected> (Doesn't affect the memory allocator used in the Debian builds)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-18/
CVE-2015-0827 (Heap-based buffer overflow in the mozilla::gfx::CopyRect function in ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-19/
CVE-2015-0826 (The nsTransformedTextRun::SetCapitalization function in Mozilla ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-20/
CVE-2015-0825 (Stack-based buffer underflow in the ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-21/
CVE-2015-0824 (The mozilla::layers::BufferTextureClient::AllocateForSurface function ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-22/
CVE-2015-0823 (Multiple use-after-free vulnerabilities in OpenType Sanitiser, as used ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-23/
CVE-2015-0822 (The Form Autocompletion feature in Mozilla Firefox before 36.0, ...)
	{DSA-3179-1 DSA-3174-1}
	- iceweasel 31.5.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.5.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-24/
CVE-2015-0821 (Mozilla Firefox before 36.0 allows user-assisted remote attackers to ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-25/
CVE-2015-0820 (Mozilla Firefox before 36.0 does not properly restrict transitions of ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-27/
CVE-2015-0819 (The UITour::onPageEvent function in Mozilla Firefox before 36.0 does ...)
	- iceweasel <not-affected> (Does not affect ESR version)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-26/
CVE-2015-0818 (Mozilla Firefox before 36.0.4, Firefox ESR 31.x before 31.5.3, and ...)
	{DSA-3201-1}
	- iceweasel 31.5.3esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-28/
CVE-2015-0817 (The asm.js implementation in Mozilla Firefox before 36.0.3, Firefox ...)
	{DSA-3201-1}
	- iceweasel 31.5.3esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-29/
CVE-2015-0816 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-33/
CVE-2015-0815 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
CVE-2015-0814 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (only affects Firefox 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-30/
CVE-2015-0813 (Use-after-free vulnerability in the AppendElements function in Mozilla ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-31/
CVE-2015-0812 (Mozilla Firefox before 37.0 does not require an HTTPS session for ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-32/
CVE-2015-0811 (The QCMS implementation in Mozilla Firefox before 37.0 allows remote ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-34/
CVE-2015-0810 (Mozilla Firefox before 37.0 on OS X does not ensure that the cursor is ...)
	- iceweasel <not-affected> (Only affects 37.x; only affects OS X systems)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-35/
CVE-2015-0809
	RESERVED
CVE-2015-0808 (The webrtc::VPMContentAnalysis::Release function in the WebRTC ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-36/
CVE-2015-0807 (The navigator.sendBeacon implementation in Mozilla Firefox before ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-37/
CVE-2015-0806 (The Off Main Thread Compositing (OMTC) implementation in Mozilla ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
CVE-2015-0805 (The Off Main Thread Compositing (OMTC) implementation in Mozilla ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-38/
CVE-2015-0804 (The HTMLSourceElement::BindToTree function in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
CVE-2015-0803 (The HTMLSourceElement::AfterSetAttr function in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-39/
CVE-2015-0802 (Mozilla Firefox before 37.0 relies on docshell type information ...)
	- iceweasel <not-affected> (Only affects 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-42/
CVE-2015-0801 (Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and ...)
	{DSA-3212-1 DSA-3211-1}
	- iceweasel 31.6.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.6.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-40/
CVE-2015-0800 (The PRNG implementation in the DNS resolver in Mozilla Firefox (aka ...)
	- iceweasel <not-affected> (Only affects 37.x; only on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
CVE-2015-0799 (The HTTP Alternative Services feature in Mozilla Firefox before 37.0.1 ...)
	- iceweasel <not-affected> (Only affects Firefox 37.x)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-44/
CVE-2015-0798 (The Reader mode feature in Mozilla Firefox before 37.0.1 on Android, ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-43/
CVE-2015-0797 (GStreamer before 1.4.5, as used in Mozilla Firefox before 38.0, ...)
	{DSA-3264-1 DSA-3260-1 DSA-3225-1}
	- gst-plugins-bad0.10 <removed> (bug #784220)
	[jessie] - gst-plugins-bad0.10 <no-dsa> (Minor impact compared to wheezy, no browser attack vector)
	[squeeze] - gst-plugins-bad0.10 <not-affected> (vulnerable code (gst/videoparsers/*) introduced later)
	- iceweasel 38.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.7.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-47/
CVE-2015-0796 (In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before ...)
	- open-build-service <not-affected> (Fixed before initial upload)
CVE-2015-0795 (Multiple stack-based buffer overflows in the SafeShellExecute method ...)
	NOT-FOR-US: NetIQ
CVE-2015-0794 (modules.d/90crypt/module-setup.sh in the dracut package before ...)
	- dracut <not-affected> (Vulnerable code not present)
	NOTE: http://lists.opensuse.org/opensuse-updates/2015-11/msg00098.html
	NOTE: http://lists.opensuse.org/opensuse-bugs/2015-06/msg02585.html
	NOTE: http://lists.opensuse.org/opensuse-bugs/2015-06/msg02580.html
	NOTE: This seem to be a SuSE specific issue. src:dracut does not contain unsafe
	NOTE: handling of a /tmp/dracut_block_uuid.map file in any checked version.
CVE-2015-0793
	REJECTED
CVE-2015-0792
	REJECTED
CVE-2015-0791
	REJECTED
CVE-2015-0790
	REJECTED
CVE-2015-0789
	REJECTED
CVE-2015-0788
	REJECTED
CVE-2015-0787 (XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote ...)
	NOT-FOR-US: NetIQ Designer for Identity Manager
CVE-2015-0786 (Stack-based buffer overflow in the logging functionality in the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0785 (com.novell.zenworks.inventory.rtr.actionclasses.wcreports in Novell ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0784 (Rtrlet.class in Novell ZENworks Configuration Management (ZCM) allows ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0783 (The FileViewer class in Novell ZENworks Configuration Management (ZCM) ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0782 (SQL injection vulnerability in the ScheduleQuery method of the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0781 (Directory traversal vulnerability in the doPost method of the Rtrlet ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0780 (SQL injection vulnerability in the GetReRequestData method of the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0779 (Directory traversal vulnerability in UploadServlet in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2015-0778 (osc before 0.151.0 allows remote attackers to execute arbitrary ...)
	- osc 0.149.0-2 (low; bug #780410)
	[wheezy] - osc 0.134.1-2+deb7u1
	[squeeze] - osc <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=901643
CVE-2015-0777 (drivers/xen/usbback/usbback.c in linux-2.6.18-xen-3.4.0 (aka the Xen ...)
	- linux <not-affected> (Addon Xen usbback patch not present)
	- linux-2.6 <not-affected> (Addon Xen usbback patch not present)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=917830
CVE-2015-0776 (telnetd in Cisco IOS XR 5.0.1 on Network Convergence System 6000 ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0775 (The banner (aka MOTD) implementation in Cisco NX-OS 4.1(2)E1(1f) on ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-0774 (Cross-site scripting (XSS) vulnerability in Cisco Application and ...)
	NOT-FOR-US: Cisco Application and Content Networking System
CVE-2015-0773 (Cisco FireSIGHT System Software 5.3.1.3 and 6.0.0 allows remote ...)
	NOT-FOR-US: Cisco FireSIGHT System Software
CVE-2015-0772 (Cisco TelePresence Video Communication Server (VCS) X8.5RC4 allows ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2015-0771 (The IKE implementation in the WS-IPSEC-3 service module in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0770 (CRLF injection vulnerability in Cisco TelePresence TC 6.x before 6.3.4 ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2015-0769 (Cisco IOS XR 4.0.1 through 4.2.0 for CRS-3 Carrier Routing System ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0768 (The Device Work Center (DWC) component in Cisco Prime Network Control ...)
	NOT-FOR-US: Cisco Prime Network Control System
CVE-2015-0767 (Cisco Edge 300 software 1.0 and 1.1 on Edge 340 devices allows local ...)
	NOT-FOR-US: Cisco
CVE-2015-0766 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Cisco
CVE-2015-0765 (Cisco ONS 15454 System Software 10.30 and 10.301 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-0764 (Cisco Unified MeetingPlace 8.6(1.9) allows remote attackers to read ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-0763 (Cisco Unified MeetingPlace 8.6(1.2) does not properly validate session ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-0762 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2015-0761 (Cisco AnyConnect Secure Mobility Client before 3.1(8009) and 4.x ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2015-0760 (The IKEv1 implementation in Cisco ASA Software 7.x, 8.0.x, 8.1.x, and ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0759 (Cross-site request forgery (CSRF) vulnerability in Cisco Headend ...)
	NOT-FOR-US: Cisco
CVE-2015-0758 (The web-based user interface in Cisco Unified MeetingPlace 8.6(1.9) ...)
	NOT-FOR-US: Cisco
CVE-2015-0757 (The web framework in Cisco Identity Services Engine (ISE) 1.2(1.901) ...)
	NOT-FOR-US: Cisco
CVE-2015-0756 (Cisco Wireless LAN Controller (WLC) devices with software 7.4(1.1) ...)
	NOT-FOR-US: Cisco
CVE-2015-0755 (The Posture module for Cisco Identity Services Engine (ISE), as ...)
	NOT-FOR-US: Cisco
CVE-2015-0754 (Cisco Finesse 10.5(1) allows remote authenticated users to obtain ...)
	NOT-FOR-US: Cisco
CVE-2015-0753 (SQL injection vulnerability in Cisco Unified Email Interaction Manager ...)
	NOT-FOR-US: Cisco
CVE-2015-0752 (Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video ...)
	NOT-FOR-US: Cisco
CVE-2015-0751 (Cisco IP Phone 7861, when firmware from Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2015-0750 (The administrative web interface in Cisco Hosted Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2015-0749
	RESERVED
CVE-2015-0748
	RESERVED
CVE-2015-0747 (Cisco Conductor for Videoscape 3.0 and Cisco Headend System Release ...)
	NOT-FOR-US: Cisco
CVE-2015-0746 (The REST API in Cisco Access Control Server (ACS) 5.5(0.46.2) allows ...)
	NOT-FOR-US: Cisco Access Control Server
CVE-2015-0745 (Cisco Headend System Release allows remote attackers to read temporary ...)
	NOT-FOR-US: Cisco
CVE-2015-0744 (Cisco DTA Control System (DTACS) 4.0.0.9 and Cisco Headend System ...)
	NOT-FOR-US: Cisco
CVE-2015-0743 (Cisco Headend System Release allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2015-0742 (The Protocol Independent Multicast (PIM) application in Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2015-0741 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0740 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2015-0739 (The Lights-Out Management (LOM) implementation in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco
CVE-2015-0738 (Cross-site scripting (XSS) vulnerability in the Web Tracking Report ...)
	NOT-FOR-US: Cisco
CVE-2015-0737 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco FireSIGHT ...)
	NOT-FOR-US: Cisco FireSIGHT System Software
CVE-2015-0736 (Cross-site request forgery (CSRF) vulnerability in Cisco MediaSense ...)
	NOT-FOR-US: Cisco
CVE-2015-0735 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2015-0734 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco Email ...)
	NOT-FOR-US: Cisco
CVE-2015-0733 (CRLF injection vulnerability in the HTTP Header Handler in Digital ...)
	NOT-FOR-US: Cisco
CVE-2015-0732 (Cross-site scripting (XSS) vulnerability in Cisco AsyncOS on the Web ...)
	NOT-FOR-US: Cisco
CVE-2015-0731 (The ISDN implementation in Cisco IOS 15.3S allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-0730 (The SMB module in Cisco Wide Area Application Services (WAAS) 6.0(1) ...)
	NOT-FOR-US: Cisco
CVE-2015-0729 (Cross-site scripting (XSS) vulnerability in Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2015-0728 (Cross-site scripting (XSS) vulnerability in Cisco Access Control ...)
	NOT-FOR-US: Cisco
CVE-2015-0727 (Cross-site scripting (XSS) vulnerability in the HTTP module in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0726 (The web administration interface on Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2015-0725 (Cisco Videoscape Distribution Suite Service Broker (aka VDS-SB), when ...)
	NOT-FOR-US: Cisco
CVE-2015-0724 (Multiple cross-site scripting (XSS) vulnerabilities in dncs 7.0.0.12 ...)
	NOT-FOR-US: Cisco
CVE-2015-0723 (The wireless web-authentication subsystem on Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco
CVE-2015-0722 (The network drivers in Cisco TelePresence T, Cisco TelePresence TE, ...)
	NOT-FOR-US: Cisco
CVE-2015-0721 (Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, ...)
	NOT-FOR-US: Cisco
CVE-2015-0720
	RESERVED
CVE-2015-0719
	RESERVED
CVE-2015-0718 (Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-0717 (Cisco Unified Communications Manager 10.0(1.10000.12) allows local ...)
	NOT-FOR-US: Cisco
CVE-2015-0716 (Cross-site request forgery (CSRF) vulnerability in the CUCReports page ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2015-0715 (SQL injection vulnerability in the administrative web interface in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2015-0714 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse ...)
	NOT-FOR-US: Cisco Finesse
CVE-2015-0713 (The web framework in Cisco TelePresence Advanced Media Gateway Series ...)
	NOT-FOR-US: Cisco
CVE-2015-0712 (The session-manager service in Cisco StarOS 12.0, 12.2(300), 14.0, and ...)
	NOT-FOR-US: Cisco StarOS
CVE-2015-0711 (The hamgr service in the IPv6 Proxy Mobile (PM) implementation in ...)
	NOT-FOR-US: Cisco StarOS
CVE-2015-0710 (The Overlay Transport Virtualization (OTV) implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2015-0709 (Cisco IOS 15.5S and IOS XE allow remote authenticated users to cause a ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0708 (Cisco IOS 15.4S, 15.4SN, and 15.5S and IOS XE 3.13S and 3.14S allow ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0707 (Cross-site scripting (XSS) vulnerability in Cisco FireSIGHT System ...)
	NOT-FOR-US: Cisco
CVE-2015-0706 (Open redirect vulnerability in Cisco FireSIGHT System Software ...)
	NOT-FOR-US: Cisco
CVE-2015-0705 (Cross-site request forgery (CSRF) vulnerability in the SOAP API ...)
	NOT-FOR-US: Cisco
CVE-2015-0704 (Multiple cross-site request forgery (CSRF) vulnerabilities in API ...)
	NOT-FOR-US: Cisco
CVE-2015-0703 (Cross-site scripting (XSS) vulnerability in the administrative web ...)
	NOT-FOR-US: Cisco
CVE-2015-0702 (Unrestricted file upload vulnerability in the Custom Prompts upload ...)
	NOT-FOR-US: Cisco
CVE-2015-0701 (Cisco UCS Central Software before 1.3(1a) allows remote attackers to ...)
	NOT-FOR-US: Cisco UCS
CVE-2015-0700 (Cross-site request forgery (CSRF) vulnerability in the Dashboard page ...)
	NOT-FOR-US: Cisco
CVE-2015-0699 (SQL injection vulnerability in the Interactive Voice Response (IVR) ...)
	NOT-FOR-US: Cisco
CVE-2015-0698 (Multiple cross-site scripting (XSS) vulnerabilities in filter search ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0697 (Open redirect vulnerability in the login page in Cisco TC Software ...)
	NOT-FOR-US: Cisco
CVE-2015-0696 (Cross-site scripting (XSS) vulnerability in the login page in Cisco TC ...)
	NOT-FOR-US: Cisco
CVE-2015-0695 (Cisco IOS XR 4.3.4 through 5.3.0 on ASR 9000 devices, when uRPF, PBR, ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0694 (Cisco ASR 9000 devices with software 5.3.0.BASE do not recognize that ...)
	NOT-FOR-US: Cisco
CVE-2015-0693 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0692 (Cisco Web Security Appliance (WSA) devices with software 8.5.0-ise-147 ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0691 (A certain Cisco JAR file, as distributed in Cache Cleaner in Cisco ...)
	NOT-FOR-US: Cisco Secure Desktop Cache Cleaner
CVE-2015-0690 (Cross-site scripting (XSS) vulnerability in the HTML help system on ...)
	NOT-FOR-US: Cisco
CVE-2015-0689 (Cisco Cloud Web Security before 3.0.1.7 allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-0688 (Cisco IOS XE 3.10.2S on an ASR 1000 device with an Embedded Services ...)
	NOT-FOR-US: Cisco
CVE-2015-0687 (The SNMP implementation in Cisco IOS 15.1(2)SG4 on Catalyst 4500 ...)
	NOT-FOR-US: Cisco
CVE-2015-0686 (The SNMP implementation in Cisco NX-OS 6.1(2)I2(3) on Nexus 9000 ...)
	NOT-FOR-US: Cisco
CVE-2015-0685 (Cisco IOS XE before 3.7.5S on ASR 1000 devices does not properly ...)
	NOT-FOR-US: Cisco
CVE-2015-0684 (SQL injection vulnerability in the Image Management component in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0683 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-0682 (Cisco Unified Communications Domain Manager 8.1(4) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-0681 (The TFTP server in Cisco IOS 12.2(44)SQ1, 12.2(33)XN1, 12.4(25e)JAM1, ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0680 (Cisco Unified Call Manager (CM) 9.1(2.1000.28) does not properly ...)
	NOT-FOR-US: Cisco
CVE-2015-0679 (The web-authentication functionality on Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2015-0678 (The virtualization layer in Cisco ASA FirePOWER Software before ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0677 (The XML parser in Cisco Adaptive Security Appliance (ASA) Software 8.4 ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0676 (The DNS implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0675 (The failover ipsec implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco ASA
CVE-2015-0674 (Cross-site scripting (XSS) vulnerability in the Alert Service of Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0673 (Cisco Mobility Services Engine (MSE) 8.0(110.0) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-0672 (The DHCPv4 server in Cisco IOS XR 5.2.2 on ASR 9000 devices allows ...)
	NOT-FOR-US: Cisco
CVE-2015-0671 (The DNS implementation in Cisco Videoscape Distribution Suite for ...)
	NOT-FOR-US: Cisco
CVE-2015-0670 (The default configuration of Cisco Small Business IP phones SPA 300 ...)
	NOT-FOR-US: Cisco
CVE-2015-0669 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0668 (Cross-site scripting (XSS) vulnerability in the administration portal ...)
	NOT-FOR-US: Cisco
CVE-2015-0667 (The Management Interface on Cisco Content Services Switch (CSS) 11500 ...)
	NOT-FOR-US: Cisco
CVE-2015-0666 (Directory traversal vulnerability in the fmserver servlet in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0665 (The Hostscan module in Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2015-0664 (The IPC channel in Cisco AnyConnect Secure Mobility Client 4.0(.00051) ...)
	NOT-FOR-US: Cisco
CVE-2015-0663 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier does ...)
	NOT-FOR-US: Cisco
CVE-2015-0662 (Cisco AnyConnect Secure Mobility Client 4.0(.00051) and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2015-0661 (The SNMPv2 implementation in Cisco IOS XR allows remote authenticated ...)
	NOT-FOR-US: Cisco
CVE-2015-0660 (Cisco Virtual TelePresence Server Software does not properly restrict ...)
	NOT-FOR-US: Cisco
CVE-2015-0659 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0658 (The DHCP implementation in the PowerOn Auto Provisioning (POAP) ...)
	NOT-FOR-US: Cisco
CVE-2015-0657 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco
CVE-2015-0656 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
	NOT-FOR-US: Cisco NAM
CVE-2015-0655 (Cross-site scripting (XSS) vulnerability in Unified Web Interaction ...)
	NOT-FOR-US: Cisco Unified Web
CVE-2015-0654 (Race condition in the TLS implementation in MainApp in the management ...)
	NOT-FOR-US: Cisco
CVE-2015-0653 (The management interface in Cisco TelePresence Video Communication ...)
	NOT-FOR-US: Cisco
CVE-2015-0652 (The Session Description Protocol (SDP) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0651 (Cross-site request forgery (CSRF) vulnerability in the web GUI in ...)
	NOT-FOR-US: Cisco
CVE-2015-0650 (The Service Discovery Gateway (aka mDNS Gateway) in Cisco IOS 12.2, ...)
	NOT-FOR-US: Cisco
CVE-2015-0649 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-0648 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-0647 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3 allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2015-0646 (Memory leak in the TCP input module in Cisco IOS 12.2, 12.4, 15.0, ...)
	NOT-FOR-US: Cisco
CVE-2015-0645 (The Layer 4 Redirect (L4R) feature in Cisco IOS XE 2.x and 3.x before ...)
	NOT-FOR-US: Cisco
CVE-2015-0644 (AppNav in Cisco IOS XE 3.8 through 3.10 before 3.10.3S, 3.11 before ...)
	NOT-FOR-US: Cisco
CVE-2015-0643 (Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2015-0642 (Cisco IOS 12.2, 12.4, 15.0, 15.1, 15.2, 15.3, and 15.4 and IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2015-0641 (Cisco IOS XE 2.x and 3.x before 3.9.0S, 3.10 before 3.10.0S, 3.11 ...)
	NOT-FOR-US: Cisco
CVE-2015-0640 (The high-speed logging (HSL) feature in Cisco IOS XE 2.x and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2015-0639 (The Common Flow Table (CFT) feature in Cisco IOS XE 3.6 and 3.7 before ...)
	NOT-FOR-US: Cisco
CVE-2015-0638 (Cisco IOS 12.2, 12.4, 15.0, 15.2, and 15.3, when a VRF interface is ...)
	NOT-FOR-US: Cisco
CVE-2015-0637 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0636 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0635 (The Autonomic Networking Infrastructure (ANI) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0634 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: Cisco
CVE-2015-0633 (The Integrated Management Controller (IMC) in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2015-0632 (Race condition in the Neighbor Discovery (ND) protocol implementation ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0631 (Race condition in the SSL implementation on Cisco Intrusion Prevention ...)
	NOT-FOR-US: Cisco IPS
CVE-2015-0630
	RESERVED
CVE-2015-0629
	RESERVED
CVE-2015-0628 (The proxy engine on Cisco Web Security Appliance (WSA) devices allows ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0627
	RESERVED
CVE-2015-0626 (The SOAP interface in Cisco Hosted Collaboration Solution (HCS) allows ...)
	NOT-FOR-US: Cisco HCS
CVE-2015-0625
	RESERVED
CVE-2015-0624 (The web framework in Cisco AsyncOS on Email Security Appliance (ESA), ...)
	NOT-FOR-US: Cisco
CVE-2015-0623 (Cross-site scripting (XSS) vulnerability in the Administrator report ...)
	NOT-FOR-US: Cisco WSA
CVE-2015-0622 (The Wireless Intrusion Detection (aka WIDS) functionality on Cisco ...)
	NOT-FOR-US: Cisco WLC
CVE-2015-0621 (Cisco TelePresence MCU devices with software 4.5(1.45) allow remote ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-0620 (The XML parser in Cisco TelePresence Management Suite (TMS) 14.3(.2) ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-0619 (Memory leak in the embedded web server in the WebVPN subsystem in ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-0618 (Cisco IOS XR 5.0.1 and 5.2.1 on Network Convergence System (NCS) 6000 ...)
	NOT-FOR-US: Cisco IOS
CVE-2015-0617 (Cisco ASR 5500 System Architecture Evolution (SAE) Gateway devices ...)
	NOT-FOR-US: Cisco
CVE-2015-0616 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0615 (The call-handling implementation in Cisco Unity Connection 8.5 before ...)
	NOT-FOR-US: Cisco
CVE-2015-0614 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0613 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0612 (The Connection Conversation Manager (aka CuCsMgr) process in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0611 (The administrative web-management portal in Cisco IX 8 (.0.1) and ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2015-0610 (Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T ...)
	NOT-FOR-US: Cisco
CVE-2015-0609 (Race condition in the Common Classification Engine (CCE) in the ...)
	NOT-FOR-US: Cisco
CVE-2015-0608 (Race condition in the Measurement, Aggregation, and Correlation Engine ...)
	NOT-FOR-US: Cisco
CVE-2015-0607 (The Authentication Proxy feature in Cisco IOS does not properly handle ...)
	NOT-FOR-US: Cisco
CVE-2015-0606 (The IOS Shell in Cisco IOS allows local users to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2015-0605 (The uuencode inspection engine in Cisco AsyncOS on Cisco Email ...)
	NOT-FOR-US: Cisco
CVE-2015-0604 (The web framework on Cisco Unified IP 9900 phones with firmware ...)
	NOT-FOR-US: Cisco
CVE-2015-0603 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier use ...)
	NOT-FOR-US: Cisco
CVE-2015-0602 (The mobility extension on Cisco Unified IP 9900 phones with firmware ...)
	NOT-FOR-US: Cisco
CVE-2015-0601 (Cisco Unified IP 9900 phones with firmware 9.4(.1) and earlier allow ...)
	NOT-FOR-US: Cisco
CVE-2015-0600 (The mobility extension on Cisco Unified IP 9900 phones with firmware ...)
	NOT-FOR-US: Cisco
CVE-2015-0599 (The web interface in Cisco Integrated Management Controller in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2015-0598 (The RADIUS implementation in Cisco IOS and IOS XE allows remote ...)
	NOT-FOR-US: Cisco
CVE-2015-0597 (The Forgot Password feature in Cisco WebEx Meetings Server 1.5(.1.131) ...)
	NOT-FOR-US: Cisco
CVE-2015-0596 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2015-0595 (The XMLAPI in Cisco WebEx Meetings Server 1.5(.1.131) and earlier ...)
	NOT-FOR-US: Cisco
CVE-2015-0594 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...)
	NOT-FOR-US: Cisco
CVE-2015-0593 (The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and ...)
	NOT-FOR-US: Cisco
CVE-2015-0592 (The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and ...)
	NOT-FOR-US: Cisco
CVE-2015-0591 (Cisco Unified Communications Domain Manager (UCDM) 10 allows remote ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-0590 (Cisco WebEx Meeting Center allows remote attackers to activate ...)
	NOT-FOR-US: Cisco WebEx
CVE-2015-0589 (The administrative web interface in Cisco WebEx Meetings Server 1.0 ...)
	NOT-FOR-US: Cisco
CVE-2015-0588 (Cross-site request forgery (CSRF) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2015-0587
	RESERVED
CVE-2015-0586 (The Network-Based Application Recognition (NBAR) protocol ...)
	NOT-FOR-US: Cisco
CVE-2015-0585
	RESERVED
CVE-2015-0584 (The image-upgrade implementation on Cisco Desktop Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2015-0583 (Cisco WebEx Meeting Center does not properly restrict the content of ...)
	NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2015-0582 (The High Availability (HA) subsystem in Cisco NX-OS on MDS 9000 ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2015-0581 (The XML parser in Cisco Prime Service Catalog before 10.1 allows ...)
	NOT-FOR-US: Cisco
CVE-2015-0580 (Multiple SQL injection vulnerabilities in the ACS View reporting ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2015-0579 (Cisco TelePresence Video Communication Server (VCS) and Cisco ...)
	NOT-FOR-US: Cisco TelePrecence Video Communication Server
CVE-2015-0578 (Cisco Adaptive Security Appliance (ASA) Software, when a DHCPv6 relay ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2015-0577 (Multiple cross-site scripting (XSS) vulnerabilities in the IronPort ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2015-0576 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0575 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0574 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0573 (drivers/media/platform/msm/broadcast/tsc.c in the TSC driver for the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0572 (Multiple race conditions in drivers/char/adsprpc.c and ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0571 (The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0570 (Stack-based buffer overflow in the SET_WPS_IE IOCTL implementation in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0569 (Heap-based buffer overflow in the private wireless extensions IOCTL ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0568 (Use-after-free vulnerability in the msm_set_crop function in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2015-0567
	RESERVED
CVE-2015-0566
	RESERVED
CVE-2015-0565
	RESERVED
CVE-2014-9585 (The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=fbe1bf140671619508dfa575d74a185ae53c5dbb
	NOTE: http://marc.info/?l=linux-kernel&m=141911002822659&w=2
CVE-2014-9583 (common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, ...)
	NOT-FOR-US: infosvr in ASUS WRT firmware
CVE-2014-9582 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Codiad
CVE-2014-9581 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Codiad
CVE-2014-9580 (Cross-site scripting (XSS) vulnerability in ProjectSend (formerly ...)
	NOT-FOR-US: ProjectSend
CVE-2014-9579 (VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9578 (VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9577 (VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9576 (VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9575 (VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9574 (Directory traversal vulnerability in install.php in FluxBB before ...)
	NOT-FOR-US: FluxBB
CVE-2014-9573 (SQL injection vulnerability in manage_user_page.php in MantisBT before ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/69c2d28d (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17940
CVE-2014-9572 (MantisBT before 1.2.19 and 1.3.x before 1.3.0-beta.2 does not properly ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/5571bcf9 (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17939
CVE-2014-9571 (Cross-site scripting (XSS) vulnerability in admin/install.php in ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream patch: http://github.com/mantisbt/mantisbt/commit/6d47c047 (1.2.x)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17938
CVE-2014-9570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin MyWebsiteAdvisor Simple Security
CVE-2014-9569 (Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2014-9568 (puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie ...)
	NOT-FOR-US: Puppet module rabbitmq
CVE-2014-9567 (Unrestricted file upload vulnerability in process-upload.php in ...)
	NOT-FOR-US: ProjectSend
CVE-2014-9566 (Multiple SQL injection vulnerabilities in the Manage Accounts page in ...)
	NOT-FOR-US: SolarWinds
CVE-2014-9565 (Cross-site request forgery (CSRF) vulnerability in IBM Flex System ...)
	NOT-FOR-US: IBM
CVE-2014-9564 (CRLF injection vulnerability in IBM Flex System EN6131 40Gb Ethernet ...)
	NOT-FOR-US: IBM
CVE-2014-9563 (CRLF injection vulnerability in the web-based management (WBM) ...)
	NOT-FOR-US:  Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone
CVE-2014-9562 (Cross-site scripting (XSS) vulnerability in display_dialog.php in M2 ...)
	NOT-FOR-US: M2 OptimalSite
CVE-2014-9561 (Cross-site scripting (XSS) vulnerability in redir_last_post_list.php ...)
	NOT-FOR-US: SoftBB
CVE-2014-9560 (SQL injection vulnerability in redir_last_post_list.php in SoftBB ...)
	NOT-FOR-US: SoftBB
CVE-2014-9559 (Cross-site scripting (XSS) vulnerability in SnipSnap 0.5.2a, 1.0b1, ...)
	NOT-FOR-US: SnipSnap
CVE-2014-9558 (Multiple SQL injection vulnerabilities in SmartCMS v.2. ...)
	NOT-FOR-US: SmartCMS
CVE-2014-9557 (Multiple cross-site scripting (XSS) vulnerabilities in SmartCMS v.2. ...)
	NOT-FOR-US: SmartCMS
CVE-2014-9555
	RESERVED
CVE-2014-9554
	RESERVED
CVE-2014-9553
	RESERVED
CVE-2014-9552
	RESERVED
CVE-2014-9551
	RESERVED
CVE-2014-9550
	RESERVED
CVE-2014-9549
	RESERVED
CVE-2014-9548
	RESERVED
CVE-2014-9547
	RESERVED
CVE-2014-9546
	RESERVED
CVE-2014-9545
	RESERVED
CVE-2014-9544
	RESERVED
CVE-2014-9543
	RESERVED
CVE-2014-9542
	RESERVED
CVE-2014-9541
	RESERVED
CVE-2014-9540
	RESERVED
CVE-2014-9539
	RESERVED
CVE-2014-9538
	RESERVED
CVE-2014-9537
	RESERVED
CVE-2014-9536
	RESERVED
CVE-2014-9535
	RESERVED
CVE-2014-9534
	RESERVED
CVE-2014-9533
	RESERVED
CVE-2014-9532
	RESERVED
CVE-2014-9531
	RESERVED
CVE-2014-9530
	RESERVED
CVE-2014-9528 (SQL injection vulnerability in the actionIndex function in ...)
	NOT-FOR-US: HumHub
CVE-2014-9527 (HSLFSlideShow in Apache POI before 3.11 allows remote attackers to ...)
	- libapache-poi-java 3.10.1-2 (low; bug #775171)
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
CVE-2015-1198 (Multiple directory traversal vulnerabilities in ha 0.999p+dfsg-5. ...)
	- ha <removed> (low; bug #774954)
	[squeeze] - ha <no-dsa> (Minor issue)
	[wheezy] - ha <no-dsa> (Minor issue)
CVE-2015-1352 (The build_tablename function in pgsql.c in the PostgreSQL (aka pgsql) ...)
	{DSA-3195-1}
	- php5 5.6.6+dfsg-2 (bug #777036)
	[squeeze] - php5 <not-affected> (vulnerable code (build_tablename()) introduced later)
	NOTE: https://bugs.php.net/bug.php?id=68741
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=124fb22a13fafa3648e4e15b4f207c7096d8155e
CVE-2015-1351 (Use-after-free vulnerability in the _zend_shared_memdup function in ...)
	- php5 5.6.6+dfsg-2 (bug #777033)
	[squeeze] - php5 <not-affected> (opcache introduced in 5.5)
	[wheezy] - php5 <not-affected> (opcache introduced in 5.5)
	NOTE: https://bugs.php.net/bug.php?id=68677
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=777c39f4042327eac4b63c7ee87dc1c7a09a3115
CVE-2015-XXXX [insecure keyring handling]
	- weboob 1.0-3 (low; bug #774838)
	[wheezy] - weboob <no-dsa> (Minor issue)
CVE-2015-1042 (The string_sanitize_url function in core/string_api.php in MantisBT ...)
	- mantis <removed> (bug #780875)
	[wheezy] - mantis <no-dsa> (Minor issue)
	[squeeze] - mantis <not-affected> (Incomplete fix not applied)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17997
	NOTE: http://github.com/mantisbt/mantisbt/commit/d95f070d
CVE-2015-1031 (Multiple use-after-free vulnerabilities in Privoxy before 3.0.22 allow ...)
	{DSA-3133-1 DLA-142-1}
	- privoxy 3.0.21-5 (bug #775167)
	NOTE: http://www.privoxy.org/announce.txt
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/list.c?view=patch&r1=1.31&r2=1.32&pathrev=v_3_0_22
CVE-2015-1030 (Memory leak in the rfc2553_connect_to function in jbsocket.c in ...)
	- privoxy 3.0.21-5 (bug #775167)
	[squeeze] - privoxy <not-affected> (Introduced in 3.0.21)
	[wheezy] - privoxy <not-affected> (Introduced in 3.0.21)
	NOTE: http://www.privoxy.org/announce.txt
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/cgisimple.c?view=patch&r1=1.130&r2=1.131&pathrev=v_3_0_22
CVE-2015-1197 (cpio 2.11, when using the --no-absolute-filenames option, allows local ...)
	- cpio 2.11+dfsg-4.1 (low; bug #774669)
	[wheezy] - cpio <no-dsa> (Minor issue)
	[squeeze] - cpio <no-dsa> (Minor issue)
	NOTE: Patch used in SUSE: https://bugzilla.suse.com/attachment.cgi?id=599460&action=diff
CVE-2015-4469 (The chmd_read_headers function in chmd.c in libmspack before 0.5 does ...)
	- libmspack 0.4-3 (bug #774726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4468 (Multiple integer overflows in the search_chunk function in chmd.c in ...)
	- libmspack 0.4-3 (bug #774726)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-4467 (The chmd_init_decomp function in chmd.c in libmspack before 0.5 does ...)
	- libmspack 0.4-3 (bug #774725)
	NOTE: http://www.openwall.com/lists/oss-security/2015/02/03/11
CVE-2015-XXXX [directory traversal]
	- arc <unfixed> (low; bug #774527)
	[stretch] - arc <ignored> (Minor issue)
	[jessie] - arc <ignored> (Minor issue)
	[wheezy] - arc <no-dsa> (Minor issue)
	[squeeze] - arc <no-dsa> (Minor issue)
CVE-2015-XXXX [saves unknown host's fingerprint in known_hosts without any prompt]
	- lftp 4.6.1-2 (low; bug #774769)
	[jessie] - lftp 4.6.0-1+deb8u1
	[squeeze] - lftp <no-dsa> (Minor issue)
	[wheezy] - lftp <no-dsa> (Minor issue)
	NOTE: CVE Request: http://www.openwall.com/lists/oss-security/2015/03/12/10
CVE-2014-9587 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	{DLA-613-1}
	- roundcube 1.1.1+dfsg.1-2 (bug #775576)
	[squeeze] - roundcube <no-dsa> (Minor issue)
	[wheezy] - roundcube <no-dsa> (Minor issue)
	NOTE: https://github.com/roundcube/roundcubemail/commit/376cbfd4f2dfcf455717409b70d9d056cbeb08b1
CVE-2015-0564 (Buffer underflow in the ssl_decrypt_record function in ...)
	{DSA-3141-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-05.html
CVE-2015-0563 (epan/dissectors/packet-smtp.c in the SMTP dissector in Wireshark ...)
	{DLA-198-1}
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.10)
	[wheezy] - wireshark <not-affected> (Only affected 1.10)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-04.html
CVE-2015-0562 (Multiple use-after-free vulnerabilities in ...)
	{DSA-3141-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-03.html
CVE-2015-0561 (asn1/lpp/lpp.cnf in the LPP dissector in Wireshark 1.10.x before ...)
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.8.9)
	[wheezy] - wireshark <not-affected> (Only affected 1.8.9)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-02.html
CVE-2015-0560 (The dissect_wccp2r1_address_table_info function in ...)
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.10)
	[wheezy] - wireshark <not-affected> (Only affected 1.10)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0559 (Multiple use-after-free vulnerabilities in ...)
	- wireshark 1.12.1+g01b65bf-3 (bug #776135)
	[squeeze] - wireshark <not-affected> (Only affected 1.10)
	[wheezy] - wireshark <not-affected> (Only affected 1.10)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2015-01.html
CVE-2015-0558
	RESERVED
CVE-2015-0555 (Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in ...)
	NOT-FOR-US: Samsung
CVE-2015-0554 (The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with ...)
	NOT-FOR-US: ADB router
CVE-2015-0553 (Cross-site scripting (XSS) vulnerability in admin/pages/modify.php in ...)
	NOT-FOR-US: WebsiteBaker
CVE-2014-9526 (Multiple cross-site scripting (XSS) vulnerabilities in concrete5 ...)
	NOT-FOR-US: concrete5
CVE-2014-9525 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Timed Popup (wp-timed-popup) plugin for WordPress
CVE-2014-9524 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Facebook Like Box (cardoza-facebook-like-box) plugin for WordPress
CVE-2014-9523 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Our ...)
	NOT-FOR-US: Our Team Showcase (our-team-enhanced) plugin for WordPress
CVE-2014-9522 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light ...)
	NOT-FOR-US: CMS Papoo Light
CVE-2014-9521 (Unrestricted file upload vulnerability in uploadScript.php in ...)
	NOT-FOR-US: InfiniteWP Admin Panel
CVE-2014-9520 (SQL injection vulnerability in execute.php in InfiniteWP Admin Panel ...)
	NOT-FOR-US: InfiniteWP Admin Panel
CVE-2014-9519 (SQL injection vulnerability in login.php in InfiniteWP Admin Panel ...)
	NOT-FOR-US: InfiniteWP Admin Panel
CVE-2014-9518 (Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router ...)
	NOT-FOR-US: login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01
CVE-2014-9517 (Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 ...)
	NOT-FOR-US: D-link IP camera DCS-2103
CVE-2014-9516 (Cross-site scripting (XSS) vulnerability in Social Microblogging PRO ...)
	NOT-FOR-US: Social Microblogging PRO
CVE-2014-9515 (Dozer improperly uses a reflection-based approach to type conversion, ...)
	NOT-FOR-US: Dozer
CVE-2014-9514 (Cross-site scripting (XSS) vulnerability in BMC Footprints Service ...)
	NOT-FOR-US: BMC
CVE-2014-9512 (rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...)
	- rsync 3.1.1-3 (low; bug #778333)
	[wheezy] - rsync <not-affected> (Affected sanitising functionality not yet present)
	[squeeze] - rsync <not-affected> (Affected sanitising functionality not yet present)
	NOTE: http://xteam.baidu.com/?p=169
CVE-2014-9511
	RESERVED
CVE-2014-9510 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	NOT-FOR-US: TP-Link TL-WR840N router
CVE-2014-9509 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x ...)
	- typo3-src <removed>
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Solution is to remove he configuration options config.prefixLocalAnchors
	NOTE: (and optionally also config.baseUrl) in favor of config.absRefPrefix
CVE-2014-9508 (The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x ...)
	- typo3-src 4.5.40+dfsg1-1 (bug #775105)
	[wheezy] - typo3-src <end-of-life> (See DSA 3314)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://review.typo3.org/#/c/35222/
	NOTE: https://review.typo3.org/gitweb?p=Packages/TYPO3.CMS.git;a=commitdiff;h=63ae7ddd11d284a121f23ce86282e3149bc16f96
CVE-2014-9505 (Cross-site scripting (XSS) vulnerability in the School Administration ...)
	NOT-FOR-US: School Administration module for Drupal
CVE-2014-9504 (The OG Subgroups module, when used with the Open Atrium module 7.x-2.x ...)
	NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9503 (The Discussions sub module in the Open Atrium module 7.x-2.x before ...)
	NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9502 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Open Atrium module for Drupal
CVE-2014-9501 (Cross-site scripting (XSS) vulnerability in the Poll Chart Block ...)
	NOT-FOR-US: Poll Chart Block module for Drupal
CVE-2014-9500 (Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x ...)
	NOT-FOR-US: Moip module for Drupal
CVE-2014-9499 (Cross-site scripting (XSS) vulnerability in the Godwin's Law module ...)
	NOT-FOR-US: Godwin's Law for Drupal
CVE-2014-9498 (Cross-site scripting (XSS) vulnerability in the Webform Invitation ...)
	NOT-FOR-US: Webform Invitation module for Drupal
CVE-2014-9492
	REJECTED
CVE-2014-9491 (The devzvol_readdir function in illumos does not check the return ...)
	NOT-FOR-US: illumos
CVE-2014-9490 (The numtok function in lib/raven/okjson.rb in the raven-ruby gem ...)
	NOT-FOR-US: raven ruby gem
CVE-2014-9488 (The is_utf8_well_formed function in GNU less before 475 allows remote ...)
	- less 481-1 (unimportant; bug #780247)
	NOTE: http://www.openwall.com/lists/oss-security/2015/03/10/14
	NOTE: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html
CVE-2014-9484
	RESERVED
CVE-2014-9473 (Unrestricted file upload vulnerability in lib_nonajax.php in the ...)
	NOT-FOR-US: formsII plugin for WordPress
CVE-2014-9472 (The email gateway in RT (aka Request Tracker) 3.0.0 through 4.x before ...)
	{DSA-3176-1 DLA-158-1}
	- request-tracker4 4.2.8-3
	- request-tracker3.8 <removed> (unimportant)
CVE-2014-9470
	RESERVED
CVE-2014-9469 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.4, 3.6.0, ...)
	NOT-FOR-US: vBulletin
CVE-2014-9468 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
	NOT-FOR-US: InstantASP InstantForum.NET
CVE-2014-9467
	RESERVED
CVE-2014-9466 (Open-Xchange (OX) AppSuite and Server before 7.4.2-rev42, 7.6.0 before ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-9464 (SQL injection vulnerability in Category.php in Microweber CMS 0.95 ...)
	NOT-FOR-US: Microweber CMS
CVE-2014-9463 (functions_vbseo_hook.php in the VBSEO module for vBulletin allows ...)
	NOT-FOR-US: vBulletin
CVE-2014-9462 (The _validaterepo function in sshpeer in Mercurial before 3.2.4 allows ...)
	{DSA-3257-1 DLA-237-1}
	- mercurial 3.4-1 (bug #783237)
	NOTE: http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
	NOTE: http://selenic.com/hg/rev/e3f30068d2eb
CVE-2014-9461 (Directory traversal vulnerability in models/Cart66.php in the Cart66 ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2014-9460 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WP-ViperGB plugin for WordPress
CVE-2014-9459 (Cross-site request forgery (CSRF) vulnerability in the AdminObserver ...)
	NOT-FOR-US: e107
CVE-2014-9458 (Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA ...)
	NOT-FOR-US: Hex-Rays IDA Pro
CVE-2014-9457 (SQL injection vulnerability in classes/mono_display.class.php in PMB ...)
	NOT-FOR-US: PMB
CVE-2014-9456 (Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have ...)
	NOT-FOR-US: NotePad++
CVE-2014-9455 (SQL injection vulnerability in showads.php in CTS Projects &amp; Software ...)
	NOT-FOR-US: CTS Projects & Software ClassAd
CVE-2014-9454 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Simple Sticky Footer plugin for WordPress
CVE-2014-9453 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Simple visitor stat plugin for WordPress
CVE-2014-9452 (Directory traversal vulnerability in VDG Security SENSE (formerly ...)
	NOT-FOR-US: VDG Security SENSE
CVE-2014-9451 (Multiple stack-based buffer overflows in the DIVA web service API ...)
	NOT-FOR-US: VDG Security SENS
CVE-2014-9448 (Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 ...)
	NOT-FOR-US: Mini-stream RM-MP3 Converter
CVE-2014-9445 (SQL injection vulnerability in incl/create.inc.php in Installatron GQ ...)
	NOT-FOR-US: GQ File Manager
CVE-2014-9444 (Cross-site scripting (XSS) vulnerability in the Frontend Uploader ...)
	NOT-FOR-US: Frontend Uploader plugin for WordPress
CVE-2014-9443 (Cross-site scripting (XSS) vulnerability in the Relevanssi plugin ...)
	NOT-FOR-US: Relevanssi plugin for WordPress
CVE-2014-9442 (SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2014-9441 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Lightbox Photo Gallery plugin for WordPress
CVE-2014-9440 (SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows ...)
	NOT-FOR-US: phpMyRecipes
CVE-2014-9439 (Cross-site scripting (XSS) vulnerability in Easy File Sharing Web ...)
	NOT-FOR-US: Easy File Sharing Web Server
CVE-2014-9438 (Cross-site request forgery (CSRF) vulnerability in the Moderator ...)
	NOT-FOR-US: vBulletin
CVE-2014-9437 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Sliding Social Icons plugin for WordPress
CVE-2014-9436 (Absolute path traversal vulnerability in SysAid On-Premise before ...)
	NOT-FOR-US: SysAid
CVE-2014-9435 (Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow ...)
	NOT-FOR-US: Absolut Engine
CVE-2014-9434 (Cross-site scripting (XSS) vulnerability in admin/managerrelated.php ...)
	NOT-FOR-US: Absolut Engine
CVE-2014-9431 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Smoothwall
CVE-2014-9430 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Smoothwall
CVE-2014-9429 (Multiple cross-site scripting (XSS) vulnerabilities in Smoothwall ...)
	NOT-FOR-US: Smoothwall
CVE-2013-7418 (cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 ...)
	NOT-FOR-US: IPCop
CVE-2013-7417 (Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in ...)
	NOT-FOR-US: IPCop
CVE-2011-5318 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: diafan.CMS
CVE-2011-5317 (Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS ...)
	NOT-FOR-US: WonderCMS
CVE-2011-5316 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...)
	NOT-FOR-US: Cambio
CVE-2011-5315 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...)
	NOT-FOR-US: whCMS
CVE-2011-5314 (templates/default/index.php in Redaxscript 0.3.2 allows remote ...)
	NOT-FOR-US: Redaxscript
CVE-2011-5313 (Multiple SQL injection vulnerabilities in includes/password.php in ...)
	NOT-FOR-US: Redaxscript
CVE-2011-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 ...)
	NOT-FOR-US: Gollos
CVE-2011-5311 (Cross-site request forgery (CSRF) vulnerability in pages.php in ...)
	NOT-FOR-US: Wikipad
CVE-2011-5310 (Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows ...)
	NOT-FOR-US: Wikipad
CVE-2011-5309 (Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 ...)
	NOT-FOR-US: Wikipad
CVE-2011-5308 (Multiple SQL injection vulnerabilities in cdnvote-post.php in the ...)
	NOT-FOR-US: cdnvote plugin for WordPress
CVE-2011-5307 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: PhotoSmash plugin for WordPress
CVE-2011-5306 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: CosmoShop ePRO
CVE-2011-5305 (Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO ...)
	NOT-FOR-US: CosmoShop ePRO
CVE-2011-5304 (Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead ...)
	NOT-FOR-US: Sodahead Polls plugin for WordPress
CVE-2011-5303 (Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 ...)
	NOT-FOR-US: Spitfire CMS
CVE-2011-5302 (Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php ...)
	NOT-FOR-US: PHPDug
CVE-2011-5301 (Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 ...)
	NOT-FOR-US: PHPDug
CVE-2011-5300 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: poMMo Aardvark
CVE-2011-5299 (Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark ...)
	NOT-FOR-US: poMMo Aardvark
CVE-2011-5298 (Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle ...)
	NOT-FOR-US: Argyle Social
CVE-2011-5297 (Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 ...)
	NOT-FOR-US: TTChat
CVE-2011-5296 (Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat ...)
	NOT-FOR-US: Happy Chat
CVE-2011-5295 (Buffer overflow in the Download method in a certain ActiveX control in ...)
	NOT-FOR-US: Gogago YouTube Video Converter
CVE-2011-5294 (The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in ...)
	NOT-FOR-US: Kofax e-Transactions Sender Sendbox
CVE-2011-5293 (The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX ...)
	NOT-FOR-US: ThreeDify Designer
CVE-2011-5292 (The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe ...)
	NOT-FOR-US: Easewe FTP OCX
CVE-2011-5291 (The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in ...)
	NOT-FOR-US: Ashampoo 3D CAD Professional
CVE-2011-5290 (The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control ...)
	NOT-FOR-US: IDrive Online Backup
CVE-2011-5289 (The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX ...)
	NOT-FOR-US: aTube Catcher
CVE-2011-5288 (Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX ...)
	NOT-FOR-US: ThreeDify Designer
CVE-2011-5287 (Multiple cross-site scripting (XSS) vulnerabilities in HESK before ...)
	NOT-FOR-US: HESK
CVE-2011-5286 (SQL injection vulnerability in social-slider-2/ajax.php in the Social ...)
	NOT-FOR-US: Social Slider plugin for WordPress
CVE-2011-5285 (Multiple cross-site scripting (XSS) vulnerabilities in BugFree 2.1.3 ...)
	NOT-FOR-US: BugFree
CVE-2011-5284 (Cross-site request forgery (CSRF) vulnerability in the web management ...)
	NOT-FOR-US: Smoothwall
CVE-2011-5283 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Smoothwall
CVE-2010-5321 (Memory leak in drivers/media/video/videobuf-core.c in the videobuf ...)
	- linux <unfixed> (unimportant; bug #827340)
	- linux-2.6 <removed> (unimportant)
	NOTE: Unclear, old report for Linux
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=620629#c0
	NOTE: https://bugzilla.kernel.org/show_bug.cgi?id=120571
CVE-2010-5320 (Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT ...)
	NOT-FOR-US: MemHT Portal
CVE-2010-5319 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat ...)
	NOT-FOR-US: Kandidat CMS
CVE-2010-5318 (The password-reset feature in as/index.php in SweetRice CMS before ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5317 (Multiple SQL injection vulnerabilities in index.php in SweetRice CMS ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5316 (Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice ...)
	NOT-FOR-US: SweetRice CMS
CVE-2010-5315 (Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita ...)
	NOT-FOR-US: BEdita
CVE-2010-5314 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: BEdita
CVE-2014-9507 (MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when ...)
	- mediawiki <not-affected> (There is no content handler in REL1_19)
	NOTE: Upstream bug https://phabricator.wikimedia.org/T72901
CVE-2014-9506 (MantisBT before 1.2.18 does not properly check permissions when ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=9885
CVE-2014-9584 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
	{DSA-3128-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/4e2024624e678f0ebb916e6192bd23c1f9fdf696 (v3.19-rc3)
CVE-2015-1038 (p7zip 9.20.1 allows remote attackers to write to arbitrary files via a ...)
	{DSA-3289-1 DLA-245-1}
	- p7zip 9.20.1~dfsg.1-4.2 (bug #774660)
	NOTE: Upstream bug: http://sourceforge.net/p/p7zip/bugs/147/
CVE-2014-10022 (Apache Traffic Server before 5.1.2 allows remote attackers to cause a ...)
	- trafficserver 5.2.0-1 (bug #778895)
	[wheezy] - trafficserver <not-affected> (Only affects 5.x)
	NOTE: https://issues.apache.org/jira/browse/TS-3223 (fixed in 5.1.2)
	NOTE: https://git-wip-us.apache.org/repos/asf?p=trafficserver.git;a=commit;h=8b5f0345dade6b2822d9b52c8ad12e63011a5c12
	NOTE: notes: https://issues.apache.org/jira/secure/ReleaseNote.jspa?version=12327089&styleName=Html&projectId=12310963
CVE-2014-XXXX [crashes on crafted ELF]
	- ht 2.1.0-1 (low; bug #773308)
	[jessie] - ht <no-dsa> (Minor issue)
	[wheezy] - ht <no-dsa> (Minor issue)
	[squeeze] - ht <no-dsa> (Minor issue)
CVE-2014-XXXX [insecure LUA default load path]
	- libquvi 0.4.1-3 (low; bug #774555)
	[wheezy] - libquvi <no-dsa> (Minor issue)
	[squeeze] - libquvi <no-dsa> (Minor issue)
CVE-2014-9489 (The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and ...)
	NOT-FOR-US: Gollum wiki
CVE-2014-9487 (The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9481
	RESERVED
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9480 (Cross-site scripting (XSS) vulnerability in the Hovercards extension ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9479 (Cross-site scripting (XSS) vulnerability in the preview in the ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9478 (Cross-site scripting (XSS) vulnerability in the preview in the ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9477 (Multiple cross-site scripting (XSS) vulnerabilities in the Listings ...)
	NOT-FOR-US: Mediawiki extension not packaged in src:mediawiki-extensions
CVE-2014-9450 (Multiple SQL injection vulnerabilities in chart_bar.php in the ...)
	- zabbix 1:2.2.7+dfsg-2 (bug #774750)
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://support.zabbix.com/browse/ZBX-8582
	NOTE: https://github.com/svn2github/zabbix/commit/984bd3bec2d6ca5a80104a5574d19b7f4d04f24b
CVE-2014-9449 (Buffer overflow in the RiffVideo::infoTagsHandler function in ...)
	- exiv2 0.24-4.1 (bug #773846)
	[wheezy] - exiv2 <not-affected> (Vulnerable code not present)
	[squeeze] - exiv2 <not-affected> (Vulnerable code not present)
	NOTE: http://dev.exiv2.org/issues/960
	NOTE: http://dev.exiv2.org/projects/exiv2/repository/diff?rev=3264&rev_to=3263
CVE-2014-9447 (Directory traversal vulnerability in the read_long_names function in ...)
	- elfutils 0.159-4.1 (bug #775536)
	[wheezy] - elfutils <no-dsa> (Minor issue)
	[squeeze] - elfutils <no-dsa> (Minor issue)
	NOTE: https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e
CVE-2015-0552 (Directory traversal vulnerability in the gcab_folder_extract function ...)
	- gcab 0.4-2 (bug #774580)
CVE-2015-XXXX [Zoo directory traversal]
	- zoo <removed> (low; bug #774453)
	[stretch] - zoo <no-dsa> (Minor issue)
	[jessie] - zoo <no-dsa> (Minor issue)
	[wheezy] - zoo <no-dsa> (Minor issue)
	[squeeze] - zoo <no-dsa> (Minor issue)
	NOTE: CVE Request: https://marc.info/?l=oss-security&m=142024361327375&w=2
CVE-2015-XXXX [buffer over-read]
	- arc <unfixed> (low; bug #774439)
	[stretch] - arc <ignored> (Minor issue)
	[jessie] - arc <ignored> (Minor issue)
	[wheezy] - arc <no-dsa> (Minor issue)
	[squeeze] - arc <no-dsa> (Minor issue)
CVE-2015-0557 (Open-source ARJ archiver 3.10.22 does not properly remove leading ...)
	{DSA-3213-1 DLA-188-1}
	- arj 3.10.22-13 (low; bug #774435)
CVE-2015-0556 (Open-source ARJ archiver 3.10.22 allows remote attackers to conduct ...)
	{DSA-3213-1 DLA-188-1}
	- arj 3.10.22-13 (low; bug #774434)
CVE-2014-9529 (Race condition in the key_gc_unused_keys function in ...)
	{DSA-3128-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://marc.info/?l=linux-kernel&m=141986398232547&w=2
	NOTE: http://marc.info/?l=linux-kernel&m=142047362307894&w=2
CVE-2014-9513 (Insecure use of temporary files in xbindkeys-config 0.1.3-2 allows ...)
	- xbindkeys-config <unfixed> (unimportant; bug #772473)
	[jessie] - xbindkeys-config <no-dsa> (Minor issue)
	[wheezy] - xbindkeys-config <no-dsa> (Minor issue)
	[squeeze] - xbindkeys-config <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since jessie
CVE-2014-9495 (Heap-based buffer overflow in the png_combine_row function in libpng ...)
	- libpng <not-affected> (Affects 1.5.x and 1.6.x series)
	- texlive-bin 2014.20140926.35254-4 (bug #773824)
	[squeeze] - texlive-bin <not-affected> (has a copy of libpng 1.2)
	[wheezy] - texlive-bin <not-affected> (uses system libpng)
	- libpng1.6 1.6.16-1 (bug #773823)
	- iceweasel <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	- icedove <not-affected> (squeeze used the system libpng, and later versions define their own limits)
	NOTE: http://sourceforge.net/p/png-mng/mailman/message/33173461/
CVE-2014-9465 (senddocument.php in Zarafa WebApp before 2.0 beta 3 and WebAccess in ...)
	- zarafa <itp> (bug #658433)
CVE-2014-9446 (Multiple cross-site scripting (XSS) vulnerabilities in the Staff ...)
	- koha <itp> (bug #702134)
CVE-2014-9433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Contenido CMS
CVE-2014-9432 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- serendipity <removed>
CVE-2014-XXXX [denial of service with specific packets]
	- libhtp 1:0.5.25-1 (bug #774897)
	[wheezy] - libhtp <no-dsa> (Minor issue)
	[squeeze] - libhtp <no-dsa> (Minor issue)
	NOTE: https://redmine.openinfosecfoundation.org/issues/1272
	NOTE: https://github.com/inliniac/libhtp/commit/4acebf251bb6c8343dd5f37f1b48cb38fec4fed4
	NOTE: CVE Request: http://seclists.org/oss-sec/2014/q4/1035
CVE-2014-9485 (Directory traversal vulnerability in the do_extract_currentfile ...)
	- minizip 1.1-5 (low; bug #774321)
CVE-2014-9426 (** DISPUTED ** The apprentice_load function in libmagic/apprentice.c ...)
	NOTE: Disputed PHP issue to be rejected, code wasn't present in squeeze/wheezy or file (PHP-specific)
CVE-2014-9423 (The svcauth_gss_accept_sec_context function in lib/rpc/svc_auth_gss.c ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-9422 (The check_rpcsec_auth function in kadmin/server/kadm_rpc_svc.c in ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-9421 (The auth_gssapi_unwrap_data function in lib/rpc/auth_gssapi_misc.c in ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-9418 (The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei ...)
	NOT-FOR-US: Huawei
CVE-2014-9417 (The Meeting component in Huawei eSpace Desktop before V100R001C03 ...)
	NOT-FOR-US: Huawei
CVE-2014-9416 (Multiple untrusted search path vulnerabilities in Huawei eSpace ...)
	NOT-FOR-US: Huawei
CVE-2014-9415 (Huawei eSpace Desktop before V100R001C03 allows local users to ...)
	NOT-FOR-US: Huawei
CVE-2014-9414 (The W3 Total Cache plugin before 0.9.4.1 for WordPress does not ...)
	NOT-FOR-US: WordPress plugin W3 Total Cache
CVE-2014-9413 (Multiple cross-site request forgery (CSRF) vulnerabilities in the IP ...)
	NOT-FOR-US: IP Ban (simple-ip-ban) plugin for WordPress
CVE-2014-9482 (Use-after-free vulnerability in dwarfdump in libdwarf 20130126 through ...)
	- dwarfutils <not-affected> (Vulnerable code introduced later, see bug #774530)
	NOTE: http://www.openwall.com/lists/oss-security/2014/12/31/3
CVE-2014-9427 (sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x ...)
	{DSA-3117-1}
	- php5 5.6.5+dfsg-1
	[squeeze] - php5 <not-affected> (Introduced in 5.4.1)
	NOTE: https://bugs.php.net/bug.php?id=68618
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=f9ad3086693fce680fbe246e4a45aa92edd2ac35
CVE-2014-XXXX [CRAM-MD5 authentication bypass]
	- dbmail <not-affected> (Only affects versions supporting cram-md5, so 3.0.0 and later)
	NOTE: http://blog.gmane.org/gmane.mail.imap.dbmail/day=20141219
CVE-2014-9483 (Emacs 24.4 allows remote attackers to bypass security restrictions. ...)
	- emacs24 24.5+1-1 (unimportant; bug #774090)
	- emacs23 <not-affected> (Only affects Emacs 24)
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=18939
	NOTE: Plain bug, security implications rather far-fetched
CVE-2014-9556 (Integer overflow in the qtmd_decompress function in libmspack 0.4 ...)
	- libmspack 0.4-2 (bug #773041)
	- cabextract 1.4-5 (bug #772891)
	[wheezy] - cabextract <no-dsa> (Minor issue)
	[squeeze] - cabextract <no-dsa> (Minor issue)
	NOTE: Starting with 1.4-5 cabextract uses the mspack system library
CVE-2012-6686
	RESERVED
	NOTE: To be REJECTED, see https://marc.info/?l=oss-security&m=142477834307260&w=2
CVE-2012-6685 [ruby-nokogiri XXE]
	RESERVED
	{DLA-229-1}
	- ruby-nokogiri 1.5.4-1 (low)
	- libnokogiri-ruby <removed>
	NOTE: https://github.com/sparklemotion/nokogiri/issues/693
	NOTE: Full fix requires fixing CVE-2014-0191 in libxml2 too.
CVE-2014-9428 (The batadv_frag_merge_packets function in ...)
	- linux 3.16.7-ckt4-1 (bug #774155)
	[wheezy] - linux <not-affected> (Introduced in 3.13)
	- linux-2.6 <not-affected> (Introduced in 3.13)
	NOTE: http://thread.gmane.org/gmane.linux.network/343494
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=610bfc6bc99bc83680d190ebc69359a05fc7f605 (v3.13-rc1)
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5b6698b0e4a37053de35cc24ee695b98a7eb712b
CVE-2014-9496 (The sd2_parse_rsrc_fork function in sd2.c in libsndfile allows ...)
	{DLA-928-1 DLA-356-1}
	- libsndfile 1.0.25-9.1 (low; bug #774162)
	[squeeze] - libsndfile <no-dsa> (Minor issue)
CVE-2014-XXXX [a2p: buffer overflow]
	- perl 5.22.0~rc2-1 (unimportant; bug #769606)
CVE-2014-9486
	REJECTED
CVE-2014-9497 (Buffer overflow in mpg123 before 1.18.0. ...)
	{DLA-655-1}
	- mpg123 1.18.0-1
	[squeeze] - mpg123 <not-affected> (Introduced in 1.14.1)
	NOTE: http://sourceforge.net/p/mpg123/bugs/201/
CVE-2015-0551 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum WebTop Client
CVE-2015-0550 (Directory traversal vulnerability in EMC Documentum Thumbnail Server ...)
	NOT-FOR-US: EMC Documentum Thumbnail Server
CVE-2015-0549 (Cross-site scripting (XSS) vulnerability in EMC Documentum D2 before ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0548 (The D2DownloadService.getDownloadUrls service method in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0547 (The D2CenterstageService.getComments service method in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0546 (EMC Unified Infrastructure Manager/Provisioning (UIM/P) 4.1 allows ...)
	NOT-FOR-US: EMC Unified Infrastructure Manager/Provisioning
CVE-2015-0545 (EMC Unisphere for VMAX 8.x before 8.0.3.4 sets up the Java Debugging ...)
	NOT-FOR-US: EMC Unisphere
CVE-2015-0544 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 ...)
	NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-0543 (EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 ...)
	NOT-FOR-US: EMC Secure Remote Services Virtual Edition
CVE-2015-0542 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC RSA ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0541 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Web Threat ...)
	NOT-FOR-US: RSA Web Threat Detection
CVE-2015-0540 (SQL injection vulnerability in the xAdmin interface in EMC Document ...)
	NOT-FOR-US: EMC Document Sciences xPression
CVE-2015-0539
	REJECTED
CVE-2015-0538 (ftagent.exe in EMC AutoStart 5.4.x and 5.5.x before 5.5.0.508 HF4 ...)
	NOT-FOR-US: EMC AutoStart
CVE-2015-0537 (Integer underflow in the base64-decoding implementation in EMC RSA ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0536 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0535 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0534 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0533 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.8 and 4.1.x ...)
	NOT-FOR-US: EMC RSA
CVE-2015-0532 (EMC RSA Identity Management and Governance (IMG) 6.9 before P04 and ...)
	NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2015-0531 (EMC SourceOne Email Management before 7.2 does not have a lockout ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2015-0530 (Buffer overflow in an unspecified function in nsr_render_log in EMC ...)
	NOT-FOR-US: EMC NetWorker
CVE-2015-0529 (EMC PowerPath Virtual Appliance (aka vApp) before 2.0 has default ...)
	NOT-FOR-US: EMC PowerPath Virtual Appliance
CVE-2015-0528 (The RPC daemon in EMC Isilon OneFS 6.5.x and 7.0.x before 7.0.2.13, ...)
	NOT-FOR-US: EMC Isilon OneFS
CVE-2015-0527 (EMC Documentum xCelerated Management System (xMS) 1.1 before P14 ...)
	NOT-FOR-US: EMC
CVE-2015-0526 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
	NOT-FOR-US: EMC RSA Validation Manager
CVE-2015-0525 (The Gateway Provisioning service in EMC Secure Remote Services Virtual ...)
	NOT-FOR-US: EMC
CVE-2015-0524 (SQL injection vulnerability in the Gateway Provisioning service in EMC ...)
	NOT-FOR-US: EMC
CVE-2015-0523 (EMC RSA Certificate Manager (RCM) before 6.9 build 558 and RSA ...)
	NOT-FOR-US: RSA
CVE-2015-0522 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate ...)
	NOT-FOR-US: RSA
CVE-2015-0521 (Cross-site scripting (XSS) vulnerability in EMC RSA Certificate ...)
	NOT-FOR-US: RSA
CVE-2015-0520
	REJECTED
CVE-2015-0519 (The InputAccel Database (IADB) installation process in EMC Captiva ...)
	NOT-FOR-US: EMC Captiva Capture
CVE-2015-0518 (The Properties service in the D2FS web-service component in EMC ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0517 (The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2015-0516 (Directory traversal vulnerability in EMC M&amp;R (aka Watch4Net) before ...)
	NOT-FOR-US: EMC
CVE-2015-0515 (Unrestricted file upload vulnerability in EMC M&amp;R (aka Watch4Net) ...)
	NOT-FOR-US: EMC
CVE-2015-0514 (EMC M&amp;R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might ...)
	NOT-FOR-US: EMC
CVE-2015-0513 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: EMC
CVE-2015-0512 (Open redirect vulnerability in EMC Unisphere Central before 4.0 allows ...)
	NOT-FOR-US: EMC
CVE-2015-0511 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0510 (Unspecified vulnerability in the Oracle Commerce Platform component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0509 (Unspecified vulnerability in the Oracle Hyperion BI+ component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0508 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0507 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0506 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0505 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0504 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2015-0503 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0502 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0501 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0500 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0499 (Unspecified vulnerability in Oracle MySQL Server 5.5.42 and earlier, ...)
	{DSA-3311-1 DSA-3229-1 DLA-359-1}
	- mysql-5.5 <removed> (bug #782645)
	[jessie] - mysql-5.5 5.5.43-0+deb8u1
	- mariadb-10.0 10.0.19-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0498 (Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0497 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...)
	NOT-FOR-US: Oracle
CVE-2015-0496 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-0495 (Unspecified vulnerability in the Oracle Commerce Guided Search / ...)
	NOT-FOR-US: Oracle
CVE-2015-0494 (Unspecified vulnerability in the Oracle Retail Central Office ...)
	NOT-FOR-US: Oracle
CVE-2015-0493 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-0492 (Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and JavaFX ...)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-8 <not-affected> (JavaFX not part of OpenJDK)
CVE-2015-0491 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0490 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle
CVE-2015-0489 (Unspecified vulnerability in the Application Management Pack for ...)
	NOT-FOR-US: Oracle
CVE-2015-0488 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
	NOTE: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/04cda5b7a3c1
CVE-2015-0487 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-0486 (Unspecified vulnerability in Oracle Java SE 8u40 allows remote ...)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0485 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Strategic ...)
	NOT-FOR-US: Oracle
CVE-2015-0484 (Unspecified vulnerability in Oracle Java SE 7u76 and 8u40, and Java FX ...)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-8 <not-affected> (JavaFX not part of OpenJDK)
CVE-2015-0483 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0482 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0481
	REJECTED
CVE-2015-0480 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-8 8u45-b14-1
	- openjdk-7 7u79-2.5.5-1 (bug #774953)
	- openjdk-6 6b35-1.13.7-1
	NOTE: http://www.openwall.com/lists/oss-security/2015/01/16/2
CVE-2015-0479 (Unspecified vulnerability in the XDK and XDB - XML Database component ...)
	NOT-FOR-US: Oracle
CVE-2015-0478 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0477 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0476 (Unspecified vulnerability in the SQL Trace Analyzer component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0475 (Unspecified vulnerability in the JD Edwards EnterpriseOne Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-0474 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle
CVE-2015-0473 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-0472 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-0471 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11.2 allows ...)
	NOT-FOR-US: Oracle
CVE-2015-0470 (Unspecified vulnerability in Oracle Java SE 8u40 allows remote ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0469 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0468 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2015-0467 (Unspecified vulnerability in the PeopleSoft Enterprise HCM Talent ...)
	NOT-FOR-US: PeopleSoft
CVE-2015-0466 (Unspecified vulnerability in the Oracle Retail Back Office component ...)
	NOT-FOR-US: Oracle
CVE-2015-0465 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0464 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0463 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0462 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0461 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0460 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	{DSA-3316-1 DSA-3235-1 DSA-3234-1 DLA-213-1}
	- openjdk-6 6b35-1.13.7-1
	- openjdk-7 7u79-2.5.5-1
	- openjdk-8 8u45-b14-1
CVE-2015-0459 (Unspecified vulnerability in Oracle Java SE 5.0u81, 6u91, 7u76, and ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0458 (Unspecified vulnerability in in Oracle Java SE 6u91, 7u76, and 8u40 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0457 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2015-0456 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0455 (Unspecified vulnerability in the XDB - XML Database component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0454
	REJECTED
CVE-2015-0453 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-0452 (Unspecified vulnerability in the Oracle VM Server for SPARC component ...)
	NOT-FOR-US: Oracle
CVE-2015-0451 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0449 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0448 (Unspecified vulnerability in Oracle Sun Solaris 11.2 allows local ...)
	NOT-FOR-US: Oracle
CVE-2015-0447 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle
CVE-2015-0446 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0445 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0444 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0443 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2015-0442
	REJECTED
CVE-2015-0441 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
	{DSA-3311-1 DSA-3229-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0440 (Unspecified vulnerability in the Oracle Knowledge component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0439 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0438 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0437 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote ...)
	- openjdk-8 8u40~b22-1
CVE-2015-0436 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle iLearning
CVE-2015-0435 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0434 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0433 (Unspecified vulnerability in Oracle MySQL Server 5.5.41 and earlier, ...)
	{DSA-3311-1 DSA-3229-1}
	- mysql-5.5 5.5.42-1
	- mariadb-10.0 10.0.17-1
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0432 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0431 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0430 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0429 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0428 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0427 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2015-0426 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2015-0425 (Unspecified vulnerability in the Oracle Enterprise Asset Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0424 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle Sun Systems Products Suite ILOM
CVE-2015-0423 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0422 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2015-0421 (Unspecified vulnerability in Oracle Java SE 8u25 allows local users to ...)
	- openjdk-8 8u40~b22-1
CVE-2015-0420 (Unspecified vulnerability in the Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0419 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0418 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3143-1 DLA-268-1}
	- virtualbox 4.3.2-dfsg-1 (low; bug #775888)
	- virtualbox-ose <removed> (low)
	NOTE: This only affects releases < 4.3, so marking the first 4.3 upload as the fixed version
	NOTE: Upstream patches in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888#30
CVE-2015-0417 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0416 (Unspecified vulnerability in the Oracle Agile PLM component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0415 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2015-0414 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0413 (Unspecified vulnerability in Oracle Java SE 7u72 and 8u25 allows local ...)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-8 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown
CVE-2015-0412 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0411 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0410 (Unspecified vulnerability in the Java SE, Java SE Embedded, JRockit ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0409 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier ...)
	- mysql-5.5 <not-affected> (Only MySQL 5.6)
	- mariadb-10.0 <not-affected> (Vulnerable code not present, see https://bugs.debian.org/775882#39)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
	NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0408 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0407 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0406 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0405 (Unspecified vulnerability in Oracle MySQL Server 5.6.22 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixMSQL
CVE-2015-0404 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2015-0403 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2015-0402 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
	NOT-FOR-US: Oracle
CVE-2015-0401 (Unspecified vulnerability in the Oracle Directory Server Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2015-0400 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
	- openjdk-6 <not-affected> (This only affects Java on Windows)
	- openjdk-7 <not-affected> (This only affects Java on Windows)
	- openjdk-8 <not-affected> (This only affects Java on Windows)
CVE-2015-0399 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2015-0398 (Unspecified vulnerability in the Siebel Life Sciences component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0397 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0396 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2015-0395 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2015-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-0393 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0392 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
	NOT-FOR-US: Oracle
CVE-2015-0391 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
	- mysql-5.5 5.5.39-1
	[wheezy] - mysql-5.5 5.5.40-0+wheezy1
	- mariadb-10.0 10.0.14-2
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0390 (Unspecified vulnerability in the MICROS Retail component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0389 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0388 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0387 (Unspecified vulnerability in the Siebel Core - Server OM Services ...)
	NOT-FOR-US: Oracle
CVE-2015-0386 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0385 (Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier ...)
	- mysql-5.5 <not-affected> (Only MySQL 5.6)
	- mariadb-10.0 <not-affected> (Vulnerable code not present, see https://bugs.debian.org/775882#39)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
	NOTE: For mariadb-10.0 not clear if affected
CVE-2015-0384 (Unspecified vulnerability in the Siebel Public Sector component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0383 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1 (bug #761683)
	- openjdk-8 8u40~b22-1
CVE-2015-0382 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0381 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0380 (Unspecified vulnerability in the Oracle Telecommunications Billing ...)
	NOT-FOR-US: Oracle
CVE-2015-0379 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2015-0378 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0377 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-3143-1 DLA-268-1}
	- virtualbox 4.3.2-dfsg-1 (bug #775888)
	- virtualbox-ose <removed>
	NOTE: According to http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html the 4.3
	NOTE: series is not affected, so marking the first 4.3 upload as fixed
	NOTE: Upstream patches in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775888#30
CVE-2015-0376 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0375 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2015-0374 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2015-0373 (Unspecified vulnerability in the OJVM component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2015-0372 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle
CVE-2015-0371 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0370 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0369 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0368 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2015-0367 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle
CVE-2015-0366 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0365 (Unspecified vulnerability in the Siebel Core - Server Infrastructure ...)
	NOT-FOR-US: Oracle
CVE-2015-0364 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0363 (Unspecified vulnerability in the Siebel Core EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2015-0362 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle
CVE-2015-0361 (Use-after-free vulnerability in Xen 4.2.x, 4.3.x, and 4.4.x allows ...)
	- xen 4.4.1-7 (bug #776319)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9425 (Double free vulnerability in the zend_ts_hash_graceful_destroy ...)
	- php5 <removed> (unimportant; bug #774154)
	NOTE: php5 binary packages not built with --with-maintainer-zts
CVE-2014-9424 (Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext ...)
	- libressl <itp> (bug #754513)
CVE-2014-9412 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-9411 (In all Qualcomm products with Android releases from CAF using the ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9410 (The vfe31_proc_general function in ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-9409
	RESERVED
CVE-2014-9408 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
	NOT-FOR-US: Ekahau Real-Time Location Tracking System
CVE-2014-9407 (Multiple cross-site request forgery (CSRF) vulnerabilities in Revive ...)
	NOT-FOR-US: Revive Adserver
CVE-2014-9406 (ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT ...)
	NOT-FOR-US: ARRIS Touchstone TG862G/CT Telephony Gateway
CVE-2014-9405
	RESERVED
CVE-2014-9404
	RESERVED
CVE-2014-9401 (Cross-site request forgery (CSRF) vulnerability in the WP Limit Posts ...)
	NOT-FOR-US: WP Limit Posts Automatically plugin for WordPress
CVE-2014-9400 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Wp ...)
	NOT-FOR-US: Wp Unique Article Header Image plugin for WordPress
CVE-2014-9399 (Cross-site request forgery (CSRF) vulnerability in the TweetScribe ...)
	NOT-FOR-US: TweetScribe plugin for WordPress
CVE-2014-9398 (Cross-site request forgery (CSRF) vulnerability in the Twitter ...)
	NOT-FOR-US: Twitter LiveBlog plugin for WordPress
CVE-2014-9397 (Cross-site request forgery (CSRF) vulnerability in the twimp-wp plugin ...)
	NOT-FOR-US: twimp-wp plugin for WordPress
CVE-2014-9396 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: SimpleFlickr plugin for WordPress
CVE-2014-9395 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Simplelife plugin for WordPress
CVE-2014-9394 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: PWGRandom plugin for WordPress
CVE-2014-9393 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Post ...)
	NOT-FOR-US: Post to Twitter plugin for WordPress
CVE-2014-9392 (Cross-site request forgery (CSRF) vulnerability in the PictoBrowser ...)
	NOT-FOR-US: PictoBrowser plugin for WordPress
CVE-2014-9391 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: gSlideShow plugin for WordPress
CVE-2014-9389 (Directory traversal vulnerability in Sonatype Nexus OSS and Pro before ...)
	NOT-FOR-US: Sonatype Nexus OSS and Pro
CVE-2014-9388 (bug_report.php in MantisBT before 1.2.18 allows remote attackers to ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17878
CVE-2014-9387 (SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the ...)
	NOT-FOR-US: SAP BussinessObjects Edge
CVE-2014-9386 (Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9385 (Cross-site request forgery (CSRF) vulnerability in Zenoss Core through ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9384
	RESERVED
CVE-2014-9383
	RESERVED
CVE-2014-9382
	RESERVED
CVE-2014-9375 (Directory traversal vulnerability in the LibraryFileUploadServlet ...)
	NOT-FOR-US: Lexmark
CVE-2014-9373 (Directory traversal vulnerability in the CollectorConfInfoServlet ...)
	NOT-FOR-US: ManageEngine NetFlow Analyzer
CVE-2014-9372 (Directory traversal vulnerability in the UploadAccountActivities ...)
	NOT-FOR-US: ManageEngine Password Manager Pro
CVE-2014-9371 (The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 ...)
	NOT-FOR-US: ManageEngine Desktop Central MSP
CVE-2014-9370
	RESERVED
CVE-2014-9369 (Siemens SPC controllers SPC4000, SPC5000, and SPC6000 before 3.6.0 ...)
	NOT-FOR-US: Siemens
CVE-2014-9368 (Cross-site request forgery (CSRF) vulnerability in the twitterDash ...)
	NOT-FOR-US: WordPress plugin twitterDash
CVE-2014-9367 (Incomplete blacklist vulnerability in the urlEncode function in ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9367
CVE-2014-9366
	RESERVED
CVE-2014-9493 (The V2 API in OpenStack Image Registry and Delivery Service (Glance) ...)
	- glance 2014.1.3-6 (bug #773836)
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
	NOTE: fixed in experimental with 2014.2.1-2
CVE-2014-XXXX
	- json-glib <unfixed> (unimportant; bug #772585)
	[squeeze] - json-glib <not-affected> (Tool not yet present)
	[wheezy] - json-glib <not-affected> (Tool not yet present)
	NOTE: Negligable security impact
CVE-2014-9475 (Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki ...)
	{DSA-3110-1}
	- mediawiki 1:1.19.20+dfsg-2.2 (bug #773654)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://phabricator.wikimedia.org/T76686 (still not public)
CVE-2014-9476 (MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before ...)
	- mediawiki <not-affected> (CORS support was added in 1.20)
	NOTE: https://phabricator.wikimedia.org/T77028
CVE-2014-9419 (The __switch_to function in arch/x86/kernel/process_64.c in the Linux ...)
	{DSA-3128-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too risky to backport)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=f647d7c155f069c1a068030255c300663516420e (v3.19-rc1)
CVE-2014-9420 (The rock_continue function in fs/isofs/rock.c in the Linux kernel ...)
	{DLA-155-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.65-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/f54e18f1b831c92f6512d2eedb224cd63d607d3d (v3.19-rc1)
CVE-2014-9390 [arbitrary command execution vulnerability on case-insensitive file systems]
	RESERVED
	{DLA-237-1}
	- git 1:2.1.4-1
	[wheezy] - git <no-dsa> (Minor issue)
	[squeeze] - git <no-dsa> (Minor issue)
	- libgit2 0.21.3-1 (bug #774048)
	[jessie] - libgit2 0.21.1-3
	- jgit 3.7.0-1 (bug #774050)
	[jessie] - jgit <no-dsa> (Minor issue)
	[wheezy] - jgit <no-dsa> (Minor issue)
	- mercurial 3.1.2-2 (bug #773640)
	[wheezy] - mercurial 2.2.2-4
	[squeeze] - mercurial <no-dsa> (Minor issue)
	- dulwich 0.10.1-1
	[jessie] - dulwich <no-dsa> (Minor issue)
	[wheezy] - dulwich <no-dsa> (Minor issue)
	[squeeze] - dulwich <no-dsa> (Minor issue)
CVE-2014-9376 (Integer underflow in Ettercap 0.8.1 allows remote attackers to cause a ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9377 (Heap-based buffer overflow in the nbns_spoof function in ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9378 (Ettercap 0.8.1 does not validate certain return values, which allows ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9379 (The radius_get_attribute function in dissectors/ec_radius.c in ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-9380 (The dissector_cvs function in dissectors/ec_cvs.c in Ettercap 0.8.1 ...)
	{DLA-126-1}
	- ettercap 1:0.8.1-3 (bug #773416)
	NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
CVE-2014-9381 (Integer signedness error in the dissector_cvs function in ...)
	{DLA-126-1}
	- ettercap 1:0.8.1-3 (bug #773416)
	NOTE: Patch for squeeze in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20
CVE-2014-9403 (The CWebAdminMod::ChanPage function in modules/webadmin.cpp in ZNC ...)
	- znc 1.2-4 (bug #744712)
	[wheezy] - znc <no-dsa> (Minor issue)
	[squeeze] - znc <no-dsa> (Minor issue)
	NOTE: https://github.com/znc/znc/issues/528
	NOTE: https://github.com/znc/znc/commit/8756be513ab6663dcd64087006b257ff34e8e487
CVE-2014-9620 (The ELF parser in file 5.08 through 5.21 allows remote attackers to ...)
	{DSA-3121-1}
	- file 1:5.21+15-1
	[squeeze] - file <not-affected> (Introduced in 5.08)
	- php5 <not-affected> (readelf.c not used and even removed in 5.4.36-0+deb7u3)
	NOTE: Report: http://mx.gw.com/pipermail/file/2014/001653.html
	NOTE: Fix: https://github.com/file/file/commit/ce90e05774dd77d86cfc8dfa6da57b32816841c4
	NOTE: Introduced by: https://github.com/file/file/commit/956a45ab1c54b11304b367056f41905e72a02380#diff-bc5c24ef9f39a5f4963ca28ecbc645b3L423
CVE-2014-9621 (The ELF parser in file 5.16 through 5.21 allows remote attackers to ...)
	- file 1:5.21+15-1
	[wheezy] - file <not-affected> (Introduced in 5.16)
	[squeeze] - file <not-affected> (Introduced in 5.16)
	- php5 5.6.5+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Report: http://mx.gw.com/pipermail/file/2014/001654.html
	NOTE: Fix: https://github.com/file/file/commit/65437cee25199dbd385fb35901bc0011e164276c
	NOTE: Introduced by: https://github.com/file/file/commit/c8451af8ab0c2e2a93ce93b9c68257d31576cc85 (5.16)
	NOTE: readelf.c has been removed in PHP in 5.6.5, see http://php.net/ChangeLog-5.php#5.6.5
CVE-2014-9494 (RabbitMQ before 3.4.0 allows remote attackers to bypass the ...)
	- rabbitmq-server 3.4.1-1 (bug #773134)
	[jessie] - rabbitmq-server 3.3.5-1.1
	[wheezy] - rabbitmq-server <not-affected> (does not have this access control mechanism)
	[squeeze] - rabbitmq-server <not-affected> (does not have this access control mechanism)
	NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a
	NOTE: http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
	NOTE: http://www.rabbitmq.com/release-notes/README-3.4.0.txt
CVE-2014-9652 (The mconvert function in softmagic.c in file before 5.21, as used in ...)
	{DSA-3126-1 DSA-3121-1 DLA-145-1}
	- file 1:5.21+15-1
	[squeeze] - file <not-affected> (The code was not vulnerable, confirmed with Valgrind on the test data submitted to upstream)
	[wheezy] - file 5.11-2+deb7u7
	- php5 5.6.5+dfsg-1
	[wheezy] - php5 5.4.36-0+deb7u3
	NOTE: http://bugs.gw.com/view.php?id=398
	NOTE: https://github.com/file/file/commit/59e63838913eee47f5c120a6c53d4565af638158
	NOTE: https://bugs.php.net/bug.php?id=68735
CVE-2014-9402 (The nss_dns implementation of getnetbyname in GNU C Library (aka ...)
	{DSA-3169-1 DLA-122-1}
	- glibc 2.19-14 (bug #775572)
	- eglibc <removed>
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17630
CVE-2014-XXXX [freetype: out of bounds write]
	- freetype 2.6-1 (unimportant; bug #773084)
	[wheezy] - freetype <not-affected> (introduced in freetype 2.5)
	[squeeze] - freetype <not-affected> (introduced in freetype 2.5)
	NOTE: The affected code isn't enabled in Debian, see #773084
CVE-2014-9364 (Cross-site scripting (XSS) vulnerability in the Unified Login form in ...)
	NOT-FOR-US: LoginToboggan Drupal Module
CVE-2014-9363 (Open redirect vulnerability in the path-based meta tag editing form in ...)
	NOT-FOR-US: Meta tags quick Drupal Module
CVE-2014-9362 (Cross-site scripting (XSS) vulnerability in the path-based meta tag ...)
	NOT-FOR-US: Meta tags quick Drupal module
CVE-2014-9361 (The LoginToboggan module 7.x-1.x before 7.x-1.4 for Drupal does not ...)
	NOT-FOR-US: LoginToboggan Drupal Module
CVE-2014-9360 (XML external entity (XXE) vulnerability in Scalix Web Access ...)
	NOT-FOR-US: Scalix Web Access
CVE-2014-9359
	RESERVED
CVE-2014-9358 (Docker before 1.3.3 does not properly validate image IDs, which allows ...)
	- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9357 (Docker 1.3.2 allows remote attackers to execute arbitrary code with ...)
	- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9356 [Path traversal during processing of absolute symlinks]
	RESERVED
	- docker.io 1.3.3~dfsg1-1 (bug #772909)
CVE-2014-9355 (Puppet Enterprise before 3.7.1 allows remote authenticated users to ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2014-9354 (NetApp OnCommand Balance before 4.2P3 allows local users to obtain ...)
	NOT-FOR-US: NetApp OnCommand Balance
CVE-2014-9353 (NetApp OnCommand Balance before 4.2P2 contains a &quot;default privileged ...)
	NOT-FOR-US: NetApp OnCommand Balance
CVE-2014-9352 (Cross-site scripting (XSS) vulnerability in the mail administration ...)
	NOT-FOR-US: Scalix Web Access
CVE-2014-9350 (TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build ...)
	NOT-FOR-US: TP-Link Router
CVE-2014-9349 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: RobotStats
CVE-2014-9348 (SQL injection vulnerability in the formulaireRobot function in ...)
	NOT-FOR-US: RobotStats
CVE-2014-9347 (SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 ...)
	NOT-FOR-US: phpMyRecipes
CVE-2014-9346 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Hierarchical Select Drupal Module
CVE-2014-9345 (SQL injection vulnerability in Guruperl.net Advertise With Pleasure! ...)
	NOT-FOR-US: AWP PRO
CVE-2014-9344 (Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before ...)
	NOT-FOR-US: Snowfox CMS
CVE-2014-9343 (Open redirect vulnerability in ...)
	NOT-FOR-US: Snowfox CMS
CVE-2014-9342 (Cross-site scripting (XSS) vulnerability in the tree view ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-9341 (Multiple cross-site request forgery (CSRF) vulnerabilities in the yURL ...)
	NOT-FOR-US: WordPress plugin yURL ReTwitt
CVE-2014-9340 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin wpCommentTwit
CVE-2014-9339 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin SPNbabble
CVE-2014-9338 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin O2Tweet
CVE-2014-9337 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin Mikiurl Wordpress Eklentisi
CVE-2014-9336 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin iTwitter
CVE-2014-9335 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin DandyID Services
CVE-2014-9334 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Bird ...)
	NOT-FOR-US: Bird Feeder plugin for WordPress
CVE-2014-9333
	RESERVED
CVE-2014-9332
	RESERVED
CVE-2014-9331 (Cross-site request forgery (CSRF) vulnerability in ZOHO ManageEngine ...)
	NOT-FOR-US: ZOHO ManageEngine Desktop Central
CVE-2014-9330 (Integer overflow in tif_packbits.c in bmp2tif in libtiff 4.0.3 allows ...)
	{DSA-3273-1 DLA-221-1}
	- tiff 4.0.3-12 (bug #773987)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2494
CVE-2014-9329
	RESERVED
CVE-2014-9328 (ClamAV before 0.98.6 allows remote attackers to have unspecified ...)
	{DLA-233-1}
	- clamav 0.98.6+dfsg-1
	[wheezy] - clamav 0.98.6+dfsg-0+deb7u1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d
CVE-2014-9327
	RESERVED
CVE-2014-9326 (The automatic signature update functionality in the (1) Phone Home ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-9325 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-9325
CVE-2014-9324 (The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x ...)
	{DSA-3124-1}
	- otrs2 3.3.9-3
	[squeeze] - otrs2 <not-affected> (Problematic module got introduced later)
	NOTE: https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/
	NOTE: Fix for 3.1.x: https://github.com/OTRS/otrs/commit/3058438a372db0d1a11c365d48a5fc7b1db24e90
CVE-2014-9322 (arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux 3.2.63-2+deb7u2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6  2.6.32-48squeeze9
CVE-2014-9321
	RESERVED
CVE-2014-9320
	RESERVED
	NOT-FOR-US: SAP Business Objects
CVE-2014-9319 (The ff_hevc_decode_nal_sps function in libavcodec/hevc_ps.c in FFMpeg ...)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=ea38e5a6b75706477898eb1e6582d667dbb9946c
CVE-2014-9318 (The raw_decode function in libavcodec/rawdec.c in FFMpeg before 2.1.6, ...)
	- libav <not-affected> (Vulnerable code not present, format not supported)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=1d3a3b9f8907625b361420d48fe05716859620ff
CVE-2014-9317 (The decode_ihdr_chunk function in libavcodec/pngdec.c in FFMpeg before ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=79ceaf827be0b070675d4cd0a55c3386542defd8
CVE-2014-9316 (The mjpeg_decode_app function in libavcodec/mjpegdec.c in FFMpeg ...)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	- ffmpeg 2.4.4-1
	[squeeze] - ffmpeg <end-of-life> (Not supported in Squeeze LTS)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0eecf40935b22644e6cd74c586057237ecfd6844
CVE-2014-9315
	RESERVED
CVE-2014-9314
	RESERVED
CVE-2014-9313
	RESERVED
CVE-2014-9312 (Unrestricted File Upload vulnerability in Photo Gallery 1.2.5. ...)
	NOT-FOR-US: Photo Gallery
CVE-2014-9311 (Cross-site scripting (XSS) vulnerability in admin.php in the ...)
	NOT-FOR-US: Shareaholic plugin for WordPress
CVE-2014-9310 (Cross-site scripting (XSS) vulnerability in the WordPress Backup to ...)
	NOT-FOR-US: WordPress Backup to Dropbox plugin for WordPress
CVE-2014-9309
	RESERVED
CVE-2014-9308 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: WordPress plugin WP EasyCart
CVE-2014-9307
	RESERVED
CVE-2014-9306
	RESERVED
CVE-2014-9305 (SQL injection vulnerability in the shortcodeProductsTable function in ...)
	NOT-FOR-US: shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin for WordPress
CVE-2014-9304 (Plex Media Server before 0.9.9.3 allows remote attackers to bypass the ...)
	NOT-FOR-US: Plex Media Server
CVE-2014-9303 (EntryPass N5200 Active Network Control Panel allows remote attackers ...)
	NOT-FOR-US: EntryPass
CVE-2014-9302 (Server-side request forgery (SSRF) vulnerability in the cmisbrowser ...)
	NOT-FOR-US: Alfresco Community Edition
CVE-2014-9301 (Server-side request forgery (SSRF) vulnerability in the proxy servlet ...)
	NOT-FOR-US: Alfreso Community Edition
CVE-2014-9300 (Cross-site request forgery (CSRF) vulnerability in the cmisbrowser ...)
	NOT-FOR-US: Alfreso Community Edition
CVE-2014-9299
	REJECTED
CVE-2014-9374 (Double free vulnerability in the WebSocket Server (res_http_websocket ...)
	- asterisk 1:13.1.0~dfsg-1 (bug #773230)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[wheezy] - asterisk <not-affected> (Web socket code not yet present)
	[squeeze] - asterisk <not-affected> (Web socket code not yet present)
	NOTE: http://downloads.digium.com/pub/security/AST-2014-019.html
CVE-2014-9323 (The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x ...)
	{DSA-3109-1 DLA-130-1 DLA-123-1}
	- firebird2.5 2.5.3.26778.ds4-5 (bug #772880)
	- firebird2.1 <removed>
	NOTE: http://sourceforge.net/p/firebird/code/60331
	NOTE: http://tracker.firebirdsql.org/browse/CORE-4630
CVE-2014-9298
	REJECTED
CVE-2014-9297
	REJECTED
CVE-2014-9296 (The receive function in ntp_proto.c in ntpd in NTP before 4.2.8 ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2670 (not yet open)
CVE-2014-9295 (Multiple stack-based buffer overflows in ntpd in NTP before 4.2.8 ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2667 (not yet open)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2668 (not yet open)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2669 (not yet open)
CVE-2014-9294 (util/ntp-keygen.c in ntp-keygen in NTP before 4.2.7p230 uses a weak ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2666 (not yet open)
CVE-2014-9293 (The config_auth function in ntpd in NTP before 4.2.7p11, when an auth ...)
	{DSA-3108-1 DLA-116-1}
	- ntp 1:4.2.6.p5+dfsg-3.2 (bug #773576)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=2665 (not yet open)
CVE-2014-9292 (Server-side request forgery (SSRF) vulnerability in proxy.php in the ...)
	NOT-FOR-US: jRSS WordPress Plugin
CVE-2014-9291
	REJECTED
CVE-2014-9290
	REJECTED
CVE-2014-9289
	REJECTED
CVE-2014-9288
	REJECTED
CVE-2014-9287
	REJECTED
CVE-2014-9286
	REJECTED
CVE-2014-9285
	REJECTED
CVE-2014-9284 (The Buffalo WHR-1166DHP 1.60 and earlier, WSR-600DHP 1.60 and earlier, ...)
	NOT-FOR-US: Buffalo routers
CVE-2014-9283 (The BestWebSoft Captcha plugin before 4.0.7 for WordPress allows ...)
	NOT-FOR-US: BestWebSoft plugin for WordPress
CVE-2014-9282 (Directory traversal vulnerability in the Speed Root Explorer ...)
	NOT-FOR-US: Speed Root Explorer
CVE-2014-9268 (The AdView.AdViewer.1 ActiveX control in Autodesk Design Review (ADR) ...)
	NOT-FOR-US: Autodesk Design Review
CVE-2014-9267 (Heap-based buffer overflow in the PTC IsoView ActiveX control allows ...)
	NOT-FOR-US: PTC IsoView
CVE-2014-9266 (The STWConfig ActiveX control in Samsung SmartViewer does not properly ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2014-9265 (Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ...)
	NOT-FOR-US: Samsung SmartViewer
CVE-2014-9264 (Stack-based buffer overflow in the .NET Data Provider in SAP SQL ...)
	NOT-FOR-US: SAP SQL Anywhere
CVE-2014-9263 (Multiple buffer overflows in the ...)
	NOT-FOR-US: 3S Pocketnet Tech VMS
CVE-2014-9262 (The Duplicator plugin in Wordpress before 0.5.10 allows remote ...)
	NOT-FOR-US: Duplicator plugin in Wordpress
CVE-2014-9261 (The sanitize function in Codoforum 2.5.1 does not properly implement ...)
	NOT-FOR-US: Codoforum
CVE-2014-9260 (The basic_settings function in the download manager plugin for ...)
	NOT-FOR-US: download manager plugin for WordPress
CVE-2014-9259
	RESERVED
CVE-2014-9258 (SQL injection vulnerability in ajax/getDropdownValue.php in GLPI ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-9257
	RESERVED
CVE-2014-9256
	RESERVED
CVE-2014-9255
	RESERVED
CVE-2014-9254 (bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect ...)
	NOT-FOR-US: MiniBB
CVE-2014-9253 (The default file type whitelist configuration in conf/mime.conf in the ...)
	- dokuwiki 0.0.20140929.d-1 (bug #773429)
	[jessie] - dokuwiki <no-dsa> (Minor issue)
	[wheezy] - dokuwiki <no-dsa> (Minor issue)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
	NOTE: https://github.com/splitbrain/dokuwiki/commit/778ddf6f2cd9ed38b9db2d73e823b8c21243a960
	NOTE: Advisory: http://security.szurek.pl/dokuwiki-20140929a-xss.html
CVE-2014-9252 (Zenoss Core through 5 Beta 3 stores cleartext passwords in the session ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9251 (Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9250 (Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9249 (The default configuration of Zenoss Core before 5 allows remote ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9248 (Zenoss Core through 5 Beta 3 does not require complex passwords, which ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9247 (Zenoss Core through 5 Beta 3 allows remote authenticated users to ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9246
	REJECTED
CVE-2014-9245 (Zenoss Core through 5 Beta 3 allows remote attackers to obtain ...)
	- zenoss <itp> (bug #361253)
CVE-2014-9244
	REJECTED
CVE-2014-9243 (Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker ...)
	NOT-FOR-US: WebsiteBaker
CVE-2014-9242 (SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker ...)
	NOT-FOR-US: WebsiteBaker
CVE-2014-9241 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2014-9240 (SQL injection vulnerability in member.php in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2014-9239 (SQL injection vulnerability in the IPS Connect service ...)
	NOT-FOR-US: Invision Power Board
CVE-2014-9238 (D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers ...)
	NOT-FOR-US: D-link DCS-2103
CVE-2014-9237 (SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote ...)
	NOT-FOR-US: Proticaret E-Commerce
CVE-2014-9236 (Cross-site scripting (XSS) vulnerability in php/edit_photos.php in ...)
	- zoph <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
	NOTE: https://github.com/jeroenrnl/zoph/issues/59
	NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9235 (Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes ...)
	- zoph <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/Nov/45
	NOTE: https://github.com/jeroenrnl/zoph/issues/59
	NOTE: The SQL injection and XSS claims appear to be mostly unfounded.
CVE-2014-9234 (Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link ...)
	NOT-FOR-US: D-link DCS-2103
CVE-2014-9233
	REJECTED
CVE-2014-9232
	REJECTED
CVE-2014-9231
	REJECTED
CVE-2014-9230 (Cross-site scripting (XSS) vulnerability in the administration console ...)
	NOT-FOR-US: Enforce Server in Symantec Data Loss Prevention
CVE-2014-9229 (Multiple SQL injection vulnerabilities in interface PHP scripts in the ...)
	NOT-FOR-US: Symantec
CVE-2014-9228 (sysplant.sys in the Manager component in Symantec Endpoint Protection ...)
	NOT-FOR-US: Symantec
CVE-2014-9227 (Multiple untrusted search path vulnerabilities in the Manager ...)
	NOT-FOR-US: Symantec
CVE-2014-9226 (The management server in Symantec Critical System Protection (SCSP) ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-9225 (The ajaxswing webui in the management server in Symantec Critical ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-9224 (Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-9223 (Multiple buffer overflows in AllegroSoft RomPager, as used in Huawei ...)
	NOT-FOR-US: RomPager
	NOTE: http://mis.fortunecook.ie/
CVE-2014-9222 (AllegroSoft RomPager 4.34 and earlier, as used in Huawei Home Gateway ...)
	NOT-FOR-US: RomPager
	NOTE: http://mis.fortunecook.ie/
CVE-2014-9221 (strongSwan 4.5.x through 5.2.x before 5.2.1 allows remote attackers to ...)
	{DSA-3118-1}
	- strongswan 5.2.1-5
	[squeeze] - strongswan <not-affected> (MODP_CUSTOM Diffie-Hellman group not implemented in 4.4.1)
CVE-2014-9217 (Graylog2 before 0.92 allows remote attackers to bypass LDAP ...)
	- graylog2 <itp> (bug #652273)
CVE-2014-9216
	RESERVED
CVE-2014-9215 (SQL injection vulnerability in the CheckEmail function in ...)
	NOT-FOR-US: PBBoard
CVE-2014-9214
	RESERVED
CVE-2014-9213
	RESERVED
CVE-2014-9212 (Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent ...)
	NOT-FOR-US: Altitude uAgent
CVE-2014-9211
	RESERVED
CVE-2014-9210
	REJECTED
CVE-2014-9209 (Untrusted search path vulnerability in the Clean Utility application ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2014-9208 (Multiple stack-based buffer overflows in unspecified DLL files in ...)
	NOT-FOR-US: Advantech
CVE-2014-9207 (Untrusted search path vulnerability in CmnView.exe in CIMON CmnView ...)
	NOT-FOR-US: CIMON CmnView
CVE-2014-9206 (Stack-based buffer overflow in Device Type Manager (DTM) 3.1.6 and ...)
	NOT-FOR-US: Schneider Electric Invensys
CVE-2014-9205 (Stack-based buffer overflow in the PmBase64Decode function in an ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2014-9204 (Stack-based buffer overflow in OPCTest.exe in Rockwell Automation ...)
	NOT-FOR-US: OPCTest.exe in Rockwell Automation RSLinx Classic
CVE-2014-9203 (Buffer overflow in the Field Device Tool (FDT) Frame application in ...)
	NOT-FOR-US: HART Device Type Manager (DTM) library
CVE-2014-9202 (Multiple stack-based buffer overflows in an unspecified DLL file in ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-9201 (Beckwith Electric M-6200 Digital Voltage Regulator Control with ...)
	NOT-FOR-US: Beckwith Electric digital voltage regulators
CVE-2014-9200 (Stack-based buffer overflow in an unspecified DLL file in a DTM ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9199 (The Clorius Controls Java web client before 01.00.0009g allows remote ...)
	NOT-FOR-US: Clorius Controls Java web client
CVE-2014-9198 (The FTP server on the Schneider Electric ETG3000 FactoryCast HMI ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9197 (The Schneider Electric ETG3000 FactoryCast HMI Gateway with firmware ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9196 (Eaton Cooper Power Systems ProView 4.0 and 5.0 before 5.0 11 on Form 6 ...)
	NOT-FOR-US: Eaton Cooper Power Systems
CVE-2014-9195 (Phoenix Contact ProConOs and MultiProg do not require authentication, ...)
	NOT-FOR-US: Phoenix Contact ProConOs and MultiProg
CVE-2014-9194 (Arbiter 1094B GPS Substation Clock allows remote attackers to cause a ...)
	NOT-FOR-US: Arbiter 1094B GPS Substation Clock
CVE-2014-9193 (Innominate mGuard with firmware before 7.6.6 and 8.x before 8.1.4 ...)
	NOT-FOR-US: Innominate mGuard
CVE-2014-9192 (Integer overflow in Trihedral Engineering VTScada (formerly VTS) 6.5 ...)
	NOT-FOR-US: Trihedral Engineering VTScada
CVE-2014-9191 (The CodeWrights HART Device Type Manager (DTM) library in Emerson HART ...)
	NOT-FOR-US: Emerson HART DTM
CVE-2014-9190 (Stack-based buffer overflow in Schneider Electric Wonderware InTouch ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-9189
	RESERVED
CVE-2014-9188 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-9187
	RESERVED
CVE-2014-9186
	RESERVED
CVE-2014-9185 (Static code injection vulnerability in install.php in Morfy CMS 1.05 ...)
	NOT-FOR-US: Morfy CMS
CVE-2014-9184 (ZTE ZXDSL 831CII allows remote attackers to bypass authentication via ...)
	NOT-FOR-US: ZTE ZXDSL Modem
CVE-2014-9183 (ZTE ZXDSL 831CII has a default password of admin for the admin ...)
	NOT-FOR-US: ZTE ZDSL Modem
CVE-2014-9182 (models/comment.php in Anchor CMS 0.9.2 and earlier allows remote ...)
	NOT-FOR-US: Anchor CMS
CVE-2014-9181 (Multiple directory traversal vulnerabilities in Plex Media Server ...)
	NOT-FOR-US: Plex Media Server
CVE-2014-9180 (Open redirect vulnerability in go.php in Eleanor CMS allows remote ...)
	NOT-FOR-US: Eleanor CMS
CVE-2014-9179 (Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket ...)
	NOT-FOR-US: SupportEzzy Ticket System plugin for WordPress
CVE-2014-9178 (Multiple SQL injection vulnerabilities in classes/ajax.php in the ...)
	NOT-FOR-US: Smarty Pants Plugin for WordPress
CVE-2014-9177 (The HTML5 MP3 Player with Playlist Free plugin before 2.7 for ...)
	NOT-FOR-US: Playlist Free WordPress Plugin
CVE-2014-9176 (Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy ...)
	NOT-FOR-US: InstaSqueeze Sexy Squeeze Pages plugin for WordPress
CVE-2014-9175 (SQL injection vulnerability in wpdatatables.php in the wpDataTables ...)
	NOT-FOR-US: wpDataTables WordPress Plugin
CVE-2014-9174 (Cross-site scripting (XSS) vulnerability in the Google Analytics by ...)
	NOT-FOR-US: Google Analytics by Yoast (google-analytics-for-wordpress) plugin for WordPress
CVE-2014-9173 (SQL injection vulnerability in view.php in the Google Doc Embedder ...)
	NOT-FOR-US: Google Doc Embedder plugin for WordPress
CVE-2014-9474 (Buffer overflow in the mpfr_strtofr function in GNU MPFR before ...)
	- mpfr4 3.1.2-2 (low; bug #772008)
	[squeeze] - mpfr4 <no-dsa> (Minor issue)
	[wheezy] - mpfr4 <no-dsa> (Minor issue)
	NOTE: https://gforge.inria.fr/scm/viewvc.php?view=rev&root=mpfr&revision=9243
CVE-2015-0360 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0359 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0358 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0357 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0356 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0355 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0354 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0353 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0352 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0351 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0350 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0349 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.281 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0348 (Buffer overflow in Adobe Flash Player before 13.0.0.281 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0347 (Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0346 (Double free vulnerability in Adobe Flash Player before 13.0.0.281 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0345 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2015-0344 (Cross-site scripting (XSS) vulnerability in the web app in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2015-0343 (Cross-site scripting (XSS) vulnerability in admin/home/homepage/search ...)
	NOT-FOR-US: Adobe
CVE-2015-0342 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0341 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.277 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0340 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0339 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0338 (Integer overflow in Adobe Flash Player before 13.0.0.277 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0337 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0336 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0335 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0334 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0333 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0332 (Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0331 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0330 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0329 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0328 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0327 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0326 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0325 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0324 (Buffer overflow in Adobe Flash Player before 13.0.0.269 and 14.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0323 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.269 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0322 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0321 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0320 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0319 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0318 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0317 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0316 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0315 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0314 (Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0313 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0312 (Double free vulnerability in Adobe Flash Player before 13.0.0.264 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0311 (Unspecified vulnerability in Adobe Flash Player through 13.0.0.262 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0310 (Adobe Flash Player before 13.0.0.262 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0309 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0308 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.260 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0307 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0306 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0305 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0304 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.260 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0303 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0302 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2015-0301 (Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9275 (UnRTF allows remote attackers to cause a denial of service ...)
	{DSA-3158-1 DLA-133-1}
	- unrtf 0.21.5-2 (bug #772811)
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00000.html
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00001.html
	NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/1df886f2e65f7c512a6217588ae8d94d4bcbc63d
	NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/3c7ff3f888de0f0d957fe67b6bd4bec9c0d475f3
CVE-2014-9274 (UnRTF allows remote attackers to cause a denial of service (crash) and ...)
	{DSA-3158-1 DLA-133-1}
	- unrtf 0.21.5-2 (bug #772811)
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html
	NOTE: https://lists.gnu.org/archive/html/bug-unrtf/2014-12/msg00000.html
	NOTE: Patch: https://bitbucket.org/medoc/unrtf-int/commits/b0cef89a170a66bc48f8dd288ce562ea8ca91f7a
CVE-2014-9278 (The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 ...)
	- openssh <not-affected> (patch not applied to Debian)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169843
	NOTE: Patch https://bugzilla.mindrot.org/show_bug.cgi?id=1867 from not applied in Debian
CVE-2014-9277 (The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki ...)
	{DSA-3100-1}
	- mediawiki 1:1.19.20+dfsg-2.1 (bug #772764)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71478
	NOTE: backported patches for 1.19:
	NOTE: https://gerrit.wikimedia.org/r/#/c/175725/
	NOTE: https://gerrit.wikimedia.org/r/#/c/175960/
CVE-2014-9276 (Cross-site request forgery (CSRF) vulnerability in the ...)
	- mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=71111
	NOTE: No special expand templates before 1.23.x but available as extension.
CVE-2014-9220 (SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2014-9219 (Cross-site scripting (XSS) vulnerability in the redirection feature in ...)
	- phpmyadmin 4:4.2.12-2 (bug #774194)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-18.php
CVE-2014-9218 (libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.2.12-2 (low; bug #774194)
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1ac863c7573d12012374d5d41e5c7dc5505ea6e1 (master)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-17.php
CVE-2014-9172
	REJECTED
CVE-2014-9171
	REJECTED
CVE-2014-9170
	REJECTED
CVE-2014-9169
	REJECTED
CVE-2014-9168
	REJECTED
CVE-2014-9167
	REJECTED
CVE-2014-9166 (Adobe ColdFusion 10 before Update 15 and 11 before Update 3 allows ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-9165 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-9164 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9163 (Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9162 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-9161 (CoolType.dll in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x ...)
	NOT-FOR-US: Adobe
CVE-2014-9160 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe
CVE-2014-9159 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-9158 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-9155 (Directory traversal vulnerability in the Avatar Uploader module ...)
	NOT-FOR-US: Avatar Uploader module for Drupal
CVE-2014-9154 (The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly ...)
	NOT-FOR-US: Notify module for Drupal
CVE-2014-9153 (Cross-site scripting (XSS) vulnerability in the Services module ...)
	NOT-FOR-US: Services module for Drupal
CVE-2014-9152 (The _user_resource_create function in the Services module 7.x-3.x ...)
	NOT-FOR-US: Services module for Drupal
CVE-2014-9151 (The Services module 7.x-3.x before 7.x-3.10 for Drupal does not ...)
	NOT-FOR-US: Services module for Drupal
CVE-2014-9150 (Race condition in the MoveFileEx call hook feature in Adobe Reader and ...)
	NOT-FOR-US: Adobe
CVE-2014-9149
	RESERVED
CVE-2014-9148 (Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9147 (Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9146 (Multiple cross-site scripting (XSS) vulnerabilities in Fiyo CMS ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9145 (Multiple SQL injection vulnerabilities in Fiyo CMS 2.0.1.8 allow ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-9144 (Technicolor Router TD5130 with firmware 2.05.C29GV allows remote ...)
	NOT-FOR-US: Technicolor routers
CVE-2014-9143 (Open redirect vulnerability in Technicolor Router TD5130 with firmware ...)
	NOT-FOR-US: Technicolor routers
CVE-2014-9142 (Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 ...)
	NOT-FOR-US: Technicolor routers
CVE-2014-9141 (The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier ...)
	NOT-FOR-US: Thomson Reuters Fixed Assets
CVE-2014-9139
	RESERVED
CVE-2014-9138
	RESERVED
CVE-2014-9137 (Huawei USG9500 with software V200R001C01SPC800 and earlier versions, ...)
	NOT-FOR-US: Huawei
CVE-2014-9136 (Huawei FusionManager with software V100R002C03 and V100R003C00 could ...)
	NOT-FOR-US: Huawei
CVE-2014-9135 (The PackageInstaller module in Huawei P7-L10 smartphones before ...)
	NOT-FOR-US: PackageInstaller module in Huawei P7-L10
CVE-2014-9134 (Unrestricted file upload vulnerability in Huawei Honor Cube Wireless ...)
	NOT-FOR-US: Huawei Wireless Router
CVE-2014-9133
	RESERVED
CVE-2014-9132
	RESERVED
CVE-2014-9131
	RESERVED
CVE-2014-9128
	RESERVED
CVE-2014-9127
	RESERVED
CVE-2014-9126
	RESERVED
CVE-2014-9125
	RESERVED
CVE-2014-9124
	RESERVED
CVE-2014-9123
	RESERVED
CVE-2014-9122
	RESERVED
CVE-2014-9121
	RESERVED
CVE-2014-9120 (Cross-site scripting (XSS) vulnerability in Subrion CMS before 3.2.3 ...)
	NOT-FOR-US: Subrion CMS
CVE-2014-9119 (Directory traversal vulnerability in download.php in the DB Backup ...)
	NOT-FOR-US: WordPress plugin db-backup
CVE-2014-9118 (The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 ...)
	NOT-FOR-US: ZHONE Router
CVE-2014-9115 (SQL injection vulnerability in the rate_picture function in ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-9113 (CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 ...)
	NOT-FOR-US: PFX Engagement
CVE-2014-9111
	RESERVED
CVE-2014-9110
	RESERVED
CVE-2014-9109
	RESERVED
CVE-2014-9108
	RESERVED
CVE-2014-9107
	RESERVED
CVE-2014-9106
	RESERVED
CVE-2014-9105
	RESERVED
CVE-2014-9104 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Desktop Client in OpenVPN Access Server
CVE-2014-9103 (Multiple cross-site scripting (XSS) vulnerabilities in the Kunena ...)
	NOT-FOR-US: Kunena component for Joomla!
CVE-2014-9102 (Multiple SQL injection vulnerabilities in the Kunena component before ...)
	NOT-FOR-US: Kunena component for Joomla!
CVE-2014-9101 (Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall 1.7.0 ...)
	NOT-FOR-US: Oxwall and SkaDate Lite
CVE-2014-9100 (Cross-site scripting (XSS) vulnerability in the WhyDoWork AdSense ...)
	NOT-FOR-US: WhyDoWork AdSense plugin for WordPress
CVE-2014-9099 (Cross-site request forgery (CSRF) vulnerability in the WhyDoWork ...)
	NOT-FOR-US: WhyDoWork AdSense plugin for WordPress
CVE-2014-9098 (Multiple cross-site scripting (XSS) vulnerabilities in the Apptha ...)
	NOT-FOR-US: Apptha WordPress Plugin
CVE-2014-9097 (Multiple SQL injection vulnerabilities in the Apptha WordPress Video ...)
	NOT-FOR-US: Apptha WordPress Plugin
CVE-2014-9096 (Multiple SQL injection vulnerabilities in recover.php in Pligg CMS ...)
	NOT-FOR-US: Pligg
CVE-2014-9095 (Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and ...)
	NOT-FOR-US: Raritan Power IQ
CVE-2014-9094 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Digital Zoom Studio (DZS) Video Gallery plugin for WordPress
CVE-2014-9088
	RESERVED
CVE-2014-9086
	RESERVED
CVE-2014-9085
	RESERVED
CVE-2014-9084
	RESERVED
CVE-2014-9083
	RESERVED
CVE-2014-9082
	RESERVED
CVE-2014-9081
	RESERVED
CVE-2014-9080
	RESERVED
CVE-2014-9079
	RESERVED
CVE-2014-9078
	RESERVED
CVE-2014-9077
	RESERVED
CVE-2014-9076
	RESERVED
CVE-2014-9075
	RESERVED
CVE-2014-9074
	RESERVED
CVE-2014-9073
	RESERVED
CVE-2014-9072
	RESERVED
CVE-2014-9071
	RESERVED
CVE-2014-9070
	RESERVED
CVE-2014-9069
	RESERVED
CVE-2014-9068
	RESERVED
CVE-2014-9067
	RESERVED
CVE-2014-9066 (Xen 4.4.x and earlier, when using a large number of VCPUs, does not ...)
	- xen <unfixed> (unimportant)
	NOTE: Architectual/design limitation, not treated as a security issue
CVE-2014-9065 (common/spinlock.c in Xen 4.4.x and earlier does not properly handle ...)
	- xen 4.4.1-6
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-9064
	RESERVED
CVE-2014-9063
	RESERVED
CVE-2014-9062
	RESERVED
CVE-2014-9061
	RESERVED
CVE-2014-9060 (The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47927
	NOTE: https://moodle.org/mod/forum/discuss.php?d=275165
CVE-2014-9058
	RESERVED
CVE-2014-9057 (SQL injection vulnerability in the XML-RPC interface in Movable Type ...)
	{DSA-3183-1}
	- movabletype-opensource <removed> (bug #774192)
	[squeeze] - movabletype-opensource <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://movabletype.org/news/2014/12/6.0.6.html
	NOTE: https://movabletype.org/documentation/appendices/release-notes/6.0.6.html
CVE-2014-9056
	RESERVED
CVE-2014-9055
	RESERVED
CVE-2014-9054
	RESERVED
CVE-2014-9053
	RESERVED
CVE-2014-9052
	RESERVED
CVE-2014-9051
	RESERVED
CVE-2014-9049 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-025
CVE-2014-9048 (The documents application in ownCloud Server 6.x before 6.0.6 and 7.x ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-024
CVE-2014-9047 (Multiple unspecified vulnerabilities in the preview system in ownCloud ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-026
CVE-2014-9046 (The OC_Util::getUrlContent function in ownCloud Server before 5.0.18, ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-023
CVE-2014-9045 (The FTP backend in user_external in ownCloud Server before 5.0.18 and ...)
	- owncloud 7~20140504+dfsg-1
	NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-022
CVE-2014-9044 (Asset Pipeline in ownCloud 7.x before 7.0.3 uses an MD5 hash of the ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-021
CVE-2014-9043 (The user_ldap (aka LDAP user and group backend) application in ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-020
CVE-2014-9042 (Cross-site scripting (XSS) vulnerability in the import functionality ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-028
CVE-2014-9041 (The import functionality in the bookmarks application in ownCloud ...)
	- owncloud 7.0.3+dfsg-1
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019
CVE-2014-9040
	RESERVED
CVE-2014-9029 (Multiple off-by-one errors in the (1) jpc_dec_cp_setfromcox and (2) ...)
	{DSA-3089-1 DLA-101-1}
	- jasper 1.900.1-debian1-2.2 (bug #772036)
CVE-2014-9027 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
	NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9026 (The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2014-9025 (The default checkout completion rule in the commerce_order module in ...)
	NOT-FOR-US: Drupal Commerce module for Drupal
CVE-2014-9024 (The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows ...)
	NOT-FOR-US: Protected Pages module for Drupal
CVE-2014-9023 (The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly ...)
	NOT-FOR-US: Twilio module for Drupal
CVE-2014-9022 (The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x ...)
	NOT-FOR-US: Webform Component Roles module for Drupal
CVE-2014-9021 (Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 ...)
	NOT-FOR-US: ZTE ZXDSL 831
CVE-2014-9020 (Cross-site scripting (XSS) vulnerability in the Quick Stats page ...)
	NOT-FOR-US: ZTE ZXDSL 831 and 831CII
CVE-2014-9019 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ...)
	NOT-FOR-US: ZTE ZXDSL 831CII
CVE-2014-9017 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...)
	NOT-FOR-US: OpenKM
CVE-2012-6684 (Cross-site scripting (XSS) vulnerability in the RedCloth library 4.2.9 ...)
	{DSA-3168-1 DLA-167-1}
	- ruby-redcloth 4.2.9-4 (bug #774748)
	- redcloth <removed>
	NOTE: http://co3k.org/blog/redcloth-unfixed-xss-en
CVE-2012-6683
	RESERVED
CVE-2012-6682 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DragonByte Technologies vBDownloads module for vBulletin
CVE-2012-6681
	RESERVED
CVE-2012-6680
	RESERVED
CVE-2012-6679
	RESERVED
CVE-2012-6678
	RESERVED
CVE-2012-6677
	RESERVED
CVE-2012-6676
	RESERVED
CVE-2012-6675
	RESERVED
CVE-2012-6674
	RESERVED
CVE-2012-6673
	RESERVED
CVE-2012-6672
	RESERVED
CVE-2012-6671 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: DragonByte Technologies Forumon RPG module for vBulletin
CVE-2012-6670 (Multiple cross-site scripting (XSS) vulnerabilities in the DragonByte ...)
	NOT-FOR-US: DragonByte Technologies vbActivity module for vBulletin
CVE-2012-6669
	RESERVED
CVE-2012-6668 (Multiple cross-site scripting (XSS) vulnerabilities in the Shout ...)
	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6667 (Cross-site scripting (XSS) vulnerability in vbshout.php in DragonByte ...)
	NOT-FOR-US: DragonByte Technologies vBShout module for vBulletin
CVE-2012-6666
	RESERVED
CVE-2010-5313 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 2.6.38 ...)
	- linux 2.6.38-1
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fc3a9157d314 (v2.6.38-rc1)
CVE-2014-9156 (The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not ...)
	NOT-FOR-US: Drupal module FileField
CVE-2014-9129 (Cross-site request forgery (CSRF) vulnerability in the CreativeMinds ...)
	NOT-FOR-US: WordPress plugin cm-download-manager
CVE-2014-8123 (Buffer overflow in the bGetPPS function in wordole.c in Antiword 0.37 ...)
	- antiword 0.37-5 (bug #771768)
	NOTE: http://www.openwall.com/lists/oss-security/2014/12/01/4
	NOTE: This actually was fixed long time ago in https://bugs.debian.org/407015
CVE-2014-8104 (OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before ...)
	{DSA-3084-1 DLA-98-1}
	- openvpn 2.3.4-5
	NOTE: https://github.com/OpenVPN/openvpn/commit/c5590a6821e37f3b29735f55eb0c2b9c0924138c
	NOTE: http://web.archive.org/web/20150514123219/https://forums.openvpn.net/topic17625.html
CVE-2014-9272 (The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/05378e00
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17297
CVE-2014-9281 (Cross-site scripting (XSS) vulnerability in admin/copy_field.php in ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/e5fc835a
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17876
CVE-2014-9271 (Cross-site scripting (XSS) vulnerability in file_download.php in ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17874
	NOTE: http://github.com/mantisbt/mantisbt/commit/9fb8cf36f
CVE-2014-9270 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/0bff06ec
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17583
CVE-2014-9269 (Cross-site scripting (XSS) vulnerability in helper_api.php in MantisBT ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/511564cc
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17890
CVE-2014-9280 (The current_user_get_bug_filter function in core/current_user_api.php ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/599364b2
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17875
CVE-2014-9279 (The print_test_result function in admin/upgrade_unattended.php in ...)
	- mantis <removed> (unimportant)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/0826cef8
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17877
	NOTE: unimportant, source affected but unrelevant for Debian, upgrade_unattended.php removed also in binary package
CVE-2014-9140 (Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump ...)
	{DSA-3086-1 DLA-102-1}
	- tcpdump 4.6.2-3
	NOTE: https://github.com/the-tcpdump-group/tcpdump/commit/0f95d441e4b5d7512cc5c326c8668a120e048eda
	NOTE: http://seclists.org/tcpdump/2014/q4/72
CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...)
	{DSA-3115-1 DSA-3103-1 DSA-3102-1 DLA-127-1 DLA-110-1 DLA-109-1}
	- libyaml 0.1.6-3 (bug #771366)
	- libyaml-libyaml-perl 0.41-6 (bug #771365)
	- pyyaml 3.11-2 (bug #772815)
	NOTE: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
	NOTE: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
	NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE
	NOTE: for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/
CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/7bb78e4581ff1092c811ea96582fe602624cdcdd
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17811
CVE-2014-9116 (The write_one_header function in mutt 1.5.23 does not properly handle ...)
	{DSA-3083-1 DLA-100-1}
	- mutt 1.5.23-2 (bug #771125)
	NOTE: Detailed analysis in https://bugzilla.redhat.com/show_bug.cgi?id=1168463#c4
	NOTE: Upstream bugreport: http://dev.mutt.org/trac/ticket/3716
CVE-2014-9114 (Blkid in util-linux before 2.26rc-1 allows local users to execute ...)
	- util-linux 2.25.2-4 (bug #771274)
	[squeeze] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2014/11/26/13
	NOTE: https://github.com/karelzak/util-linux/commit/89e90ae7b2826110ea28c1c0eb8e7c56c3907bdc
CVE-2014-9112 (Heap-based buffer overflow in the process_copy_in function in GNU Cpio ...)
	{DSA-3111-1 DLA-111-1}
	- cpio 2.11+dfsg-4 (bug #772793)
	NOTE: http://lcamtuf.coredump.cx/afl/vulns/lesspipe-cpio-bad-write.cpio
	NOTE: https://savannah.gnu.org/bugs/?43709
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=746f3ff6 (fix buffer overflow)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=54d1c42a (fix range checking of length of link name)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=58df4f1b (fixup of former commit)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=fd262d11 (fix null deref)
	NOTE: http://git.savannah.gnu.org/cgit/cpio.git/commit/?id=f6a8a2cb (fix test suite in former commit)
CVE-2014-9089 (Multiple SQL injection vulnerabilities in view_all_bug_page.php in ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17841
	NOTE: http://github.com/mantisbt/mantisbt/commit/b0021673
CVE-2014-9273 (lib/handle.c in Hivex before 1.3.11 allows local users to execute ...)
	- hivex 1.3.11-1 (low)
	[jessie] - hivex 1.3.10-2+deb8u1
	[wheezy] - hivex <no-dsa> (Minor issue)
	[squeeze] - hivex <no-dsa> (Minor issue)
	NOTE: https://github.com/libguestfs/hivex/commit/357f26fa64fd1d9ccac2331fe174a8ee9c607adb
	NOTE: https://github.com/libguestfs/hivex/commit/4bbdf555f88baeae0fa804a369a81a83908bd705
CVE-2014-9087 (Integer underflow in the ksba_oid_to_str function in Libksba before ...)
	{DSA-3078-1 DLA-141-1}
	- libksba 1.3.2-1 (bug #770972)
	- gnupg2 <not-affected> (Fixed before entering unstable; affected only 2.1 and betas)
	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q4/000359.html
	NOTE: Upstream commit: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=libksba.git;a=commit;h=f715b9e156dfa99ae829fc694e5a0abd23ef97d7
CVE-2014-9157 (Format string vulnerability in the yyerror function in ...)
	{DSA-3098-1 DLA-105-1}
	- graphviz 2.38.0-7 (bug #772648)
	NOTE: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
CVE-2014-9471 (The parse_datetime function in GNU coreutils allows remote attackers ...)
	- coreutils 8.23-1 (low)
	[wheezy] - coreutils <no-dsa> (Minor issue)
	[squeeze] - coreutils <no-dsa> (Minor issue)
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=16872
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=11;filename=date-tz-crash.patch;att=1;bug=16872
	NOTE: http://debbugs.gnu.org/cgi/bugreport.cgi?msg=19;filename=coreutils-date-crash.patch;att=1;bug=16872
CVE-2014-9365 (The HTTP clients in the (1) httplib, (2) urllib, (3) urllib2, and (4) ...)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Too intrusive to backport)
	- python2.6 <removed>
	[wheezy] - python2.6 <no-dsa> (Too intrusive to backport)
	[squeeze] - python2.6 <no-dsa> (Too intrusive to backport)
	- python2.7 2.7.9-1
	[wheezy] - python2.7 <no-dsa> (Too intrusive to backport)
	- python3.1 <removed>
	[squeeze] - python3.1 <no-dsa> (Too intrusive to backport)
	- python3.2 <removed>
	[wheezy] - python3.2 <no-dsa> (Too intrusive to backport)
	- python3.3 <removed>
	- python3.4 3.4.2-2
	[jessie] - python3.4 <no-dsa> (Backporting to stable would break existing applications)
	NOTE: http://bugs.python.org/issue22417
CVE-2014-9351 (engine/server/server.cpp in Teeworlds 0.6.x before 0.6.3 allows remote ...)
	- teeworlds 0.6.2+dfsg-2 (bug #770514)
	[wheezy] - teeworlds <no-dsa> (Minor issue)
	[squeeze] - teeworlds <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/teeworlds/teeworlds/commit/a766cb44bcffcdb0b88e776d01c5ee1323d44f85
	NOTE: https://www.teeworlds.com/?page=news&id=11200
CVE-2014-9093 (LibreOffice before 4.3.5 allows remote attackers to cause a denial of ...)
	{DSA-3163-1}
	- libreoffice 1:4.3.3-2 (bug #771163)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=86449
	NOTE: http://cgit.freedesktop.org/libreoffice/core/commit/?h=libreoffice-4-3&id=b4840d3632e4404bee4bd192a7db916cbad3a401
	NOTE: fixed in experimental with 1:4.4.0~beta1-1
CVE-2014-9092 (libjpeg-turbo before 1.3.1 allows remote attackers to cause a denial ...)
	- libjpeg-turbo 1:1.3.1-11 (bug #768369)
CVE-2014-9090 (The do_double_fault function in arch/x86/kernel/traps.c in the Linux ...)
	{DSA-3093-1 DLA-103-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6f442be2fb22be02cafa606f1769fa1e6f894441 (v3.18-rc6)
CVE-2014-9059 (lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
	NOTE: https://moodle.org/mod/forum/discuss.php?d=275146
CVE-2014-9050 (Heap-based buffer overflow in the cli_scanpe function in ...)
	{DLA-95-1}
	- clamav 0.98.5+dfsg-1 (bug #770985)
	[wheezy] - clamav 0.98.5+dfsg-0+deb7u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11155
	NOTE: Upstream commit: https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
CVE-2014-9039 (wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30431
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9038 (wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
	NOTE: Upstream patch: https://core.trac.wordpress.org/changeset/30444
CVE-2014-9037 (WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9036 (Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9035 (Cross-site scripting (XSS) vulnerability in Press This in WordPress ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9034 (wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
	NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30467
CVE-2014-9033 (Cross-site request forgery (CSRF) vulnerability in wp-login.php in ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
	NOTE: Upstream patch: http://core.trac.wordpress.org/changeset/30418
CVE-2014-9032 (Cross-site scripting (XSS) vulnerability in the media-playlists ...)
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	[wheezy] - wordpress <not-affected> (Affects 3.9, 3.9.1, 3.9.2, 4.0 only)
	[squeeze] - wordpress <not-affected> (Affects 3.9, 3.9.1, 3.9.2, 4.0 only)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9031 (Cross-site scripting (XSS) vulnerability in the wptexturize function ...)
	{DSA-3085-1 DLA-236-1}
	- wordpress 4.0.1+dfsg-1 (bug #770425)
	NOTE: https://wordpress.org/news/2014/11/wordpress-4-0-1/
CVE-2014-9028 (Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 ...)
	{DSA-3082-1 DLA-99-1}
	- flac 1.3.0-3 (bug #770918)
	NOTE: Upstream patches:
	NOTE: https://git.xiph.org/?p=flac.git;a=commit;h=fcf0ba06ae12ccd7c67cee3c8d948df15f946b85
	NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5a365996d739bdf4711af51d9c2c71c8a5e14660
CVE-2014-9014
	RESERVED
CVE-2014-9013
	RESERVED
CVE-2014-9012
	RESERVED
CVE-2014-9011
	RESERVED
CVE-2014-9010
	RESERVED
CVE-2014-9009
	RESERVED
CVE-2014-9008
	RESERVED
CVE-2014-9007
	RESERVED
CVE-2014-9006 (Monstra 3.0.1 and earlier uses a cookie to track how many login ...)
	NOT-FOR-US: Monstra
CVE-2014-9005 (Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 ...)
	NOT-FOR-US: vldPersonals
CVE-2014-9004 (Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 ...)
	NOT-FOR-US: vldPersonals
CVE-2014-9003 (Cross-site request forgery (CSRF) vulnerability in Lantronix ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2014-9002 (Lantronix xPrintServer does not properly restrict access to ips/, ...)
	NOT-FOR-US: Lantronix xPrintServer
CVE-2014-9001 (reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote ...)
	NOT-FOR-US: Incredible PBX
CVE-2014-9000 (Mule Enterprise Management Console (MMC) does not properly restrict ...)
	NOT-FOR-US: Mule Enterprise Management Console
CVE-2014-8999 (SQL injection vulnerability in htdocs/modules/system/admin.php in ...)
	NOT-FOR-US: XOOPS
CVE-2014-8998 (lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote ...)
	NOT-FOR-US: X7 Chat
CVE-2014-8997 (Unrestricted file upload vulnerability in the Photo functionality in ...)
	NOT-FOR-US: DigitalVidhya Digi Online Examination System
CVE-2014-8996 (Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog ...)
	NOT-FOR-US: Nibbleblog
CVE-2014-8995 (SQL injection vulnerability in Maarch LetterBox 2.8 allows remote ...)
	NOT-FOR-US: Maarch LetterBox
CVE-2014-8993 (Cross-site scripting (XSS) vulnerability in the backend in ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-8992 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MODX Revolution
CVE-2014-9030 (The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x ...)
	{DSA-3140-1}
	- xen 4.4.1-4 (low; bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-9015 (Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to ...)
	{DSA-3075-1}
	- drupal7 7.32-1+deb8u1 (bug #770469)
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2014-006
CVE-2014-9016 (The password hashing API in Drupal 7.x before 7.34 and the Secure ...)
	{DSA-3075-1}
	- drupal7 7.32-1+deb8u1 (bug #770469)
	- drupal6 <not-affected> (Only affects Drupal 7.x)
	NOTE: https://www.drupal.org/SA-CORE-2014-006
CVE-2014-9018 (Icecast before 2.4.1 transmits the output of the on-connect script, ...)
	- icecast2 2.4.0-1.1 (bug #770222)
	[wheezy] - icecast2 <no-dsa> (Minor issue)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/ticket/2089
CVE-2015-0300
	RESERVED
CVE-2015-0299 (Multiple cross-site scripting (XSS) vulnerabilities in Open Source ...)
	NOT-FOR-US: Open Source Point of Sale
CVE-2015-0298 (Cross-site scripting (XSS) vulnerability in the manager web interface ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2015-0297 (Red Hat JBoss Operations Network 3.3.1 does not properly restrict ...)
	NOT-FOR-US: RHQ
CVE-2015-0296 (The pre-install script in texlive 3.1.20140525_r34255.fc21 as packaged ...)
	- texlive-base <not-affected> (Specific to Red Hat packaging/postinst)
CVE-2015-0295 (The BMP decoder in QtGui in QT before 5.5 does not properly calculate ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.6+git64-g5dc8b2b+dfsg-3 (bug #779550)
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	[experimental] - qtbase-opensource-src 5.4.1+dfsg-2
	- qtbase-opensource-src 5.3.2+dfsg-5 (bug #779580)
	[jessie] - qtbase-opensource-src 5.3.2+dfsg-4+deb8u1
	NOTE: http://lists.qt-project.org/pipermail/announce/2015-February/000059.html
CVE-2015-0294 [certificate algorithm consistency checking issue]
	RESERVED
	{DSA-3191-1 DLA-180-1}
	- gnutls26 <removed>
	[experimental] - gnutls28 3.3.13-1
	- gnutls28 3.3.8-6 (bug #779428)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/6e76e9b9fa845b76b0b9a45f05f4b54a052578ff (gnutls_3_3_13)
CVE-2015-0293 (The SSLv2 implementation in OpenSSL before 0.9.8zf, 1.0.0 before ...)
	{DLA-177-1}
	- openssl 1.0.0c-2
	NOTE: 1.0.0c-2 dropped SSLv2 support
CVE-2015-0292 (Integer underflow in the EVP_DecodeUpdate function in ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1h-1
CVE-2015-0291 (The sigalgs implementation in t1_lib.c in OpenSSL 1.0.2 before 1.0.2a ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0290 (The multi-block feature in the ssl3_write_bytes function in s3_pkt.c ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0289 (The PKCS#7 implementation in OpenSSL before 0.9.8zf, 1.0.0 before ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
CVE-2015-0288 (The X509_to_X509_REQ function in crypto/x509/x509_req.c in OpenSSL ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=28a00bcd8e318da18031b2ac8778c64147cd54f9
CVE-2015-0287 (The ASN1_item_ex_d2i function in crypto/asn1/tasn_dec.c in OpenSSL ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
CVE-2015-0286 (The ASN1_TYPE_cmp function in crypto/asn1/a_type.c in OpenSSL before ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
CVE-2015-0285 (The ssl3_client_hello function in s3_clnt.c in OpenSSL 1.0.2 before ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e1b568dd2462f7cacf98f3d117936c34e2849a6b
CVE-2015-0284 (Cross-site scripting (XSS) vulnerability in spacewalk-java in ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2015-0283 (The slapi-nis plug-in before 0.54.2 does not properly reallocate ...)
	- slapi-nis 0.54.2-1 (bug #781346)
CVE-2015-0282 (GnuTLS before 3.1.0 does not verify that the RSA PKCS #1 signature ...)
	{DSA-3191-1 DLA-180-1}
	- gnutls26 <removed>
	- gnutls28 <not-affected> (Fixed in 3.1.0)
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2015-1
CVE-2015-0281
	RESERVED
CVE-2015-0280
	RESERVED
CVE-2015-0279 (JBoss RichFaces before 4.5.4 allows remote attackers to inject ...)
	NOT-FOR-US: RichFaces
CVE-2015-0278 (libuv before 0.10.34 does not properly drop group privileges, which ...)
	- libuv 0.10.28-6 (bug #779173)
	NOTE: https://github.com/libuv/libuv/commit/66ab38918c911bcff025562cf06237d7fedaba0c
	NOTE: https://github.com/libuv/libuv/pull/215
CVE-2015-0277 (The Service Provider (SP) in PicketLink before 2.7.0 does not ensure ...)
	NOT-FOR-US: PicketLink
CVE-2015-0276 (Cross-site request forgery (CSRF) vulnerability in Kallithea before ...)
	- kallithea <itp> (bug #689573)
CVE-2015-0275 (The ext4_zero_range function in fs/ext4/extents.c in the Linux kernel ...)
	- linux 3.16.7-ckt9-1
	[wheezy] - linux <not-affected> (Introduced in v3.15)
	- linux-2.6 <not-affected> (Introduced in v3.15)
	NOTE: Proposed upstream patch: http://www.spinics.net/lists/linux-ext4/msg47193.html
CVE-2015-0274 (The XFS implementation in the Linux kernel before 3.15 improperly uses ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Introduced in v3.11-rc1)
	- linux-2.6 <not-affected> (Introduced in v3.11-rc1)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8275cdd0e7ac550dcce2b3ef6d2fb3b808c1ae59 (v3.15-rc5)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e461fcb194172b3f709e0b478d2ac1bdac7ab9a3 (v3.11-rc1)
CVE-2015-0273 (Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP ...)
	{DSA-3195-1}
	- php5 5.6.6+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68942
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c377f1a715476934133f3254d1e0d4bf3743e2d2
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=71335e6ebabc1b12c057d8017fd811892ecdfd24
CVE-2015-0272 (GNOME NetworkManager allows remote attackers to cause a denial of ...)
	- network-manager 1.0.4-1
	[jessie] - network-manager <no-dsa> (Will be fixed on the kernel side)
	[wheezy] - network-manager <not-affected> (code introduced in 0.9.10)
	[squeeze] - network-manager <not-affected> (code introduced in 0.9.10)
	NOTE: Commit for NetworkManager: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=d5fc88e573fa58b93034b04d35a2454f5d28cad9 (1.2-beta1)
	NOTE: Issue introduced in 0.9.10 with http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?id=7d5779300450bc2602ba4f7f472ebfa58bea3571
CVE-2015-0271 (The log-viewing function in the Red Hat redhat-access-plugin before ...)
	- horizon <not-affected> (RedHat-specific plugin)
CVE-2015-0270 [Potential SQL injection in PostgreSQL Zend\Db adapter]
	RESERVED
	- zendframework <not-affected> (the vulnerability was introduced in the 2 series)
	- php-zend-db <not-affected> (Fixed before initial upload to the archive)
	NOTE: http://framework.zend.com/security/advisory/ZF2015-02
CVE-2015-0269 (Directory traversal vulnerability in Contao before 3.2.19, and 3.4.x ...)
	NOT-FOR-US: Contao
CVE-2015-0268 (The vgic_v2_to_sgi function in arch/arm/vgic-v2.c in Xen 4.5.x, when ...)
	- xen <not-affected> (Only affects 4.5)
	NOTE: http://xenbits.xen.org/xsa/advisory-117.html
CVE-2015-0267 (The Red Hat module-setup.sh script for kexec-tools, as distributed in ...)
	- kexec-tools <not-affected> (Vulnerable script not present in the Debian package)
CVE-2015-0266 (The Policy Admin Tool in Apache Ranger before 0.5.0 allows remote ...)
	NOT-FOR-US: Apache Ranger
CVE-2015-0265 (Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in ...)
	NOT-FOR-US: Apache Ranger
CVE-2015-0264 (Multiple XML external entity (XXE) vulnerabilities in ...)
	NOT-FOR-US: Apache Camel
CVE-2015-0263 (XML external entity (XXE) vulnerability in the XML converter setup in ...)
	NOT-FOR-US: Apache Camel
CVE-2015-0262
	REJECTED
CVE-2015-0261 (Integer signedness error in the mobility_opt_print function in the ...)
	{DSA-3193-1 DLA-174-1}
	- tcpdump 4.6.2-4
	NOTE: http://www.ca.tcpdump.org/cve/0003-test-case-for-cve2015-0261-corrupted-IPv6-mobility-h.patch
CVE-2015-0260 (RhodeCode before 2.2.7 and Kallithea 0.1 allows remote authenticated ...)
	- kallithea <itp> (bug #753975)
CVE-2015-0259 (OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, ...)
	- nova 2014.1.3-11 (bug #780250)
	[wheezy] - nova <not-affected> (Vulnerable code not present)
CVE-2015-0258
	RESERVED
CVE-2015-0257 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2015-0256
	RESERVED
CVE-2015-0255 (X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x ...)
	{DSA-3160-1 DLA-218-1}
	- xorg-server 2:1.16.4-1
CVE-2015-0254 (Apache Standard Taglibs before 1.2.3 allows remote attackers to ...)
	- jakarta-taglibs-standard 1.1.2-3 (bug #779621)
	[wheezy] - jakarta-taglibs-standard <no-dsa> (Minor issue)
	NOTE: https://bz.apache.org/bugzilla/show_bug.cgi?id=57560
CVE-2015-0253 (The read_request_line function in server/protocol.c in the Apache HTTP ...)
	- apache2 <not-affected> (Vulnerable version 2.4.11 never in Debian)
CVE-2015-0252 (internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote ...)
	{DSA-3199-1 DLA-181-1}
	- xerces-c 3.1.1-5.1 (bug #780827)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1667870
CVE-2015-0251 (The mod_dav_svn server in Subversion 1.5.0 through 1.7.19 and 1.8.0 ...)
	{DSA-3231-1 DLA-207-1}
	- subversion 1.8.10-6
	NOTE: https://subversion.apache.org/security/CVE-2015-0251-advisory.txt
CVE-2015-0250 (XML external entity (XXE) vulnerability in the SVG to (1) PNG and (2) ...)
	{DSA-3205-1 DLA-182-1}
	- batik 1.7+dfsg-5 (bug #780897)
	NOTE: https://issues.apache.org/jira/browse/BATIK-1018
	NOTE: https://issues.apache.org/jira/browse/BATIK-1113
	NOTE: Commit disabling external xml entities: https://svn.apache.org/viewvc/xmlgraphics/batik/trunk/sources/org/apache/batik/dom/util/SAXDocumentFactory.java?r1=662304&r2=1664335&diff_format=h
	NOTE: PoC: https://www.ernw.de/download/xxe_batik.tar.xz
CVE-2015-0249 (The weblog page template in Apache Roller 5.1 through 5.1.1 allows ...)
	NOT-FOR-US: Apache Roller
CVE-2015-0248 (The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 ...)
	{DSA-3231-1 DLA-207-1}
	- subversion 1.8.10-6
	NOTE: https://subversion.apache.org/security/CVE-2015-0248-advisory.txt
CVE-2015-0247 (Heap-based buffer overflow in openfs.c in the libext2fs library in ...)
	{DSA-3166-1 DLA-153-1}
	- e2fsprogs 1.42.12-1
	NOTE: https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?id=f66e6ce4
CVE-2015-0246
	REJECTED
CVE-2015-0245 (D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and ...)
	{DSA-3161-1}
	- dbus 1.8.16-1 (bug #777545)
	[squeeze] - dbus <not-affected> (affects 1.4 and above)
CVE-2015-0244
	RESERVED
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0243
	RESERVED
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0242
	RESERVED
	- postgresql-9.4 <not-affected> (Only affects PostgreSQL on Windows)
	- postgresql-9.1 <not-affected> (Only affects PostgreSQL on Windows)
CVE-2015-0241
	RESERVED
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2015-0240 (The Netlogon server implementation in smbd in Samba 3.5.x and 3.6.x ...)
	{DSA-3171-1 DLA-156-1}
	- samba 2:4.1.17+dfsg-1 (bug #779033)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: Server components removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2015-0240
CVE-2015-0239 (The em_sysenter function in arch/x86/kvm/emulate.c in the Linux kernel ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8c60435261deaefeb53ce3222d04d7d5bea81296
	NOTE: Fixed by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3747379accba8e95d70cec0eae0582c8c182050
	NOTE: http://permalink.gmane.org/gmane.linux.kernel.commits.head/502245
CVE-2015-0238 (selinux-policy as packaged in Red Hat OpenShift 2 allows attackers to ...)
	NOT-FOR-US: selinux-policy as shipped with Red Hat OpenShift 2
CVE-2015-0237 (Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores ...)
	NOT-FOR-US: Red Hat vdms
CVE-2015-0236 (libvirt before 1.2.12 allow remote authenticated users to obtain the ...)
	- libvirt 1.2.9-8 (bug #776065)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in v1.1.0-rc1)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v1.1.0-rc1)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=03c3c0c874c84dfa51ef17556062b095c6e1c0a3
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=b347c0c2a321ec5c20aae214927949832a288c5a
	NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=e341435e5090677c67a0d3d4ca0393102054841f (v1.1.0-rc1)
	NOTE: http://security.libvirt.org/2015/0001.html
CVE-2015-0235 (Heap-based buffer overflow in the __nss_hostname_digits_dots function ...)
	{DSA-3142-1 DLA-139-1}
	- eglibc <removed> (high; bug #776391)
	- glibc 2.18-1 (high)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=15014
CVE-2015-0234 (Multiple temporary file creation vulnerabilities in pki-core 10.2.0. ...)
	- dogtag-pki <unfixed> (unimportant)
	NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
CVE-2015-0233 (Multiple insecure Temporary File vulnerabilities in 389 Administration ...)
	- 389-admin 1.1.38-1 (unimportant)
	NOTE: Rendered unexploitable by /tmp hardening in Debian kernel
CVE-2015-0232 (The exif_process_unicode function in ext/exif/exif.c in PHP before ...)
	{DSA-3195-1 DLA-212-1}
	- php5 5.6.5+dfsg-1
	NOTE: https://bugs.php.net/patch-display.php?bug=68799&patch=bug68799fix&revision=1420966468
	NOTE: https://bugs.php.net/bug.php?id=68799
CVE-2015-0231 (Use-after-free vulnerability in the process_nested_data function in ...)
	{DSA-3195-1}
	- php5 5.6.5+dfsg-1
	[squeeze] - php5 <not-affected> (Broken patch for CVE-2014-8142 never applied)
	NOTE: https://bugs.php.net/bug.php?id=68710
	NOTE: Upstream fix: https://github.com/php/php-src/commit/b585a3aed7880a5fa5c18e2b838fc96f40e075bd
	NOTE: in unstable actually incomplete fix was not yet applied, so n/a but wheezy is
CVE-2015-0230
	RESERVED
CVE-2015-0229
	REJECTED
CVE-2015-0228 (The lua_websocket_read function in lua_request.c in the mod_lua module ...)
	- apache2 2.4.10-10 (low)
	[wheezy] - apache2 <not-affected> (no mod_lua in 2.2)
	[squeeze] - apache2 <not-affected> (no mod_lua in 2.2)
	NOTE: https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef
CVE-2015-0227 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote ...)
	- wss4j 1.6.15-2 (bug #777741)
	[wheezy] - wss4j <not-affected> (Vulnerable code not present)
	[squeeze] - wss4j <not-affected> (Vulnerable code not present)
CVE-2015-0226 (Apache WSS4J before 1.6.17 and 2.0.x before 2.0.2 improperly leaks ...)
	- wss4j 1.6.15-2 (bug #777741)
	[wheezy] - wss4j <not-affected> (Vulnerable code not present)
	[squeeze] - wss4j <not-affected> (Vulnerable code not present)
CVE-2015-0225 (The default configuration in Apache Cassandra 1.2.0 through 1.2.19, ...)
	- cassandra <itp> (bug #585905)
CVE-2015-0224 (qpidd in Apache Qpid 0.30 and earlier allows remote attackers to cause ...)
	- qpid-cpp <not-affected> (Incomplete fix for CVE-2015-0203 not applied)
	NOTE: CVE is for incomplete fix for CVE-2015-0203, which is not fixed in Debian
	NOTE: https://issues.apache.org/jira/browse/QPID-6310
CVE-2015-0223 (Unspecified vulnerability in Apache Qpid 0.30 and earlier allows ...)
	- qpid-cpp <removed> (bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/browse/QPID-6325
CVE-2015-0222 (ModelMultipleChoiceField in Django 1.6.x before 1.6.10 and 1.7.x ...)
	- python-django 1.7.1-1.1 (bug #775375)
	[wheezy] - python-django <not-affected> (1.4.x not affected)
	[squeeze] - python-django <not-affected> (1.2.x not affected)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0221 (The django.views.static.serve view in Django before 1.4.18, 1.6.x ...)
	{DSA-3151-1 DLA-143-1}
	- python-django 1.7.1-1.1 (bug #775375)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0220 (The django.util.http.is_safe_url function in Django before 1.4.18, ...)
	{DSA-3151-1 DLA-143-1}
	- python-django 1.7.1-1.1 (bug #775375)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0219 (Django before 1.4.18, 1.6.x before 1.6.10, and 1.7.x before 1.7.3 ...)
	{DSA-3151-1 DLA-143-1}
	- python-django 1.7.1-1.1 (bug #775375)
	NOTE: https://www.djangoproject.com/weblog/2015/jan/13/security/
CVE-2015-0218 (Cross-site request forgery (CSRF) vulnerability in ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278618#p1196684
CVE-2015-0217 (filter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278617#p1196683
CVE-2015-0216 (access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not ...)
	- moodle <not-affected> (Only affects 2.8.x)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278616#p1196682
CVE-2015-0215 (calendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278615#p1196681
CVE-2015-0214 (message/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278614#p1196680
CVE-2015-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278613#p1196679
CVE-2015-0212 (Cross-site scripting (XSS) vulnerability in course/pending.php in ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278612#p1196678
CVE-2015-0211 (mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=278611#p1196676
CVE-2015-0210 (wpa_supplicant 2.0-16 does not properly check certificate subject ...)
	NOTE: likely to be REJECTed
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0210
CVE-2015-0209 (Use-after-free vulnerability in the d2i_ECPrivateKey function in ...)
	{DSA-3197-1 DLA-177-1}
	- openssl 1.0.1k-2
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=1b4a8df38fc9ab3c089ca5765075ee53ec5bd66a
CVE-2015-0208 (The ASN.1 signature-verification implementation in the rsa_item_verify ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0207 (The dtls1_listen function in d1_lib.c in OpenSSL 1.0.2 before 1.0.2a ...)
	- openssl <not-affected> (Only affects 1.0.2, only in experimental)
CVE-2015-0206 (Memory leak in the dtls1_buffer_record function in d1_pkt.c in OpenSSL ...)
	{DSA-3125-1}
	- openssl 1.0.1k-1
	[squeeze] - openssl <not-affected> (Affects 1.0.1 and 1.0.0)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=04685bc949e90a877656cf5020b6d4f90a9636a6
CVE-2015-0205 (The ssl3_get_cert_verify function in s3_srvr.c in OpenSSL 1.0.0 before ...)
	{DSA-3125-1}
	- openssl 1.0.1k-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.1 and 1.0.0)
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=98a0f9660d374f58f79ee0efcc8c1672a805e8e8
CVE-2015-0204 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=37580f43b5a39f5f4e920d17273fab9713d3a744
CVE-2015-0203 (The qpidd broker in Apache Qpid 0.30 and earlier allows remote ...)
	- qpid-cpp <removed> (bug #775359)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2015-0202 (The mod_dav_svn server in Subversion 1.8.0 through 1.8.11 allows ...)
	- subversion 1.8.10-6
	[wheezy] - subversion <not-affected> (Vulnerability introduced with 1.8.0)
	[squeeze] - subversion <not-affected> (Vulnerability introduced with 1.8.0)
	NOTE: https://subversion.apache.org/security/CVE-2015-0202-advisory.txt
CVE-2015-0201 (The Java SockJS client in Pivotal Spring Framework 4.1.x before 4.1.5 ...)
	- libspring-java <not-affected> (Only affects Spring Framework 4.1.0 to 4.1.4)
CVE-2015-0200 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2015-0199 (The mmfslinux kernel module in IBM General Parallel File System (GPFS) ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-0198 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-0197 (IBM General Parallel File System (GPFS) 3.4 before 3.4.0.32, 3.5 ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2015-0196 (CRLF injection vulnerability in IBM WebSphere Commerce 6.0 through ...)
	NOT-FOR-US: IBM
CVE-2015-0195 (Cross-site scripting (XSS) vulnerability in IBM Content Template ...)
	NOT-FOR-US: IBM
CVE-2015-0194 (XML External Entity (XXE) vulnerability in IBM Sterling B2B Integrator ...)
	NOT-FOR-US: IBM
CVE-2015-0193 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0192 (Unspecified vulnerability in IBM Java 8 before SR1, 7 R1 before SR2 ...)
	NOT-FOR-US: IBM JDK
CVE-2015-0191
	REJECTED
CVE-2015-0190
	RESERVED
CVE-2015-0189 (The cluster repository manager in IBM WebSphere MQ 7.5 before 7.5.0.5 ...)
	NOT-FOR-US: IBM
CVE-2015-0188
	RESERVED
CVE-2015-0187
	RESERVED
CVE-2015-0186
	RESERVED
CVE-2015-0185
	RESERVED
CVE-2015-0184
	RESERVED
CVE-2015-0183
	RESERVED
CVE-2015-0182
	RESERVED
CVE-2015-0181
	RESERVED
CVE-2015-0180 (The Connector Migration Tool in IBM InfoSphere Information Server 8.1 ...)
	NOT-FOR-US: IBM
CVE-2015-0179 (Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 ...)
	NOT-FOR-US: IBM Domino
CVE-2015-0178 (The Java overlay feature in IBM Bluemix Liberty before ...)
	NOT-FOR-US: IBM Bluemix Liberty
CVE-2015-0177 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-0176 (Cross-site scripting (XSS) vulnerability in MQ XR WebSockets Listener ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2015-0175 (IBM WebSphere Application Server (WAS) 8.5 Liberty Profile before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-0174 (The SNMP implementation in IBM WebSphere Application Server (WAS) 8.5 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2015-0173 (The HTTP connection-management functionality in Internet Pass-Thru ...)
	NOT-FOR-US: IBM
CVE-2015-0172 (IBM Security SiteProtector System 3.0, 3.1.0 and 3.1.1 allows remote ...)
	NOT-FOR-US: IBM Security SiteProtector System
CVE-2015-0171 (Directory traversal vulnerability in IBM Security SiteProtector System ...)
	NOT-FOR-US: IBM
CVE-2015-0170 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-0169 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-0168 (Cross-site scripting (XSS) vulnerability in IBM Security SiteProtector ...)
	NOT-FOR-US: IBM
CVE-2015-0167 (Cross-site scripting (XSS) vulnerability in textAngular-sanitize.js in ...)
	NOT-FOR-US: textAngular
CVE-2015-0166
	REJECTED
CVE-2015-0165
	REJECTED
CVE-2015-0164
	REJECTED
CVE-2015-0163
	RESERVED
CVE-2015-0162 (IBM Security SiteProtector System 3.0, 3.1, and 3.1.1 allows local ...)
	NOT-FOR-US: IBM
CVE-2015-0161 (SQL injection vulnerability in IBM Security SiteProtector System 3.0 ...)
	NOT-FOR-US: IBM
CVE-2015-0160 (IBM Security SiteProtector System 3.0 before 3.0.0.7, 3.1 before ...)
	NOT-FOR-US: IBM
CVE-2015-0159
	REJECTED
CVE-2015-0158 (Cross-site scripting (XSS) vulnerability in the Coach NG framework in ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0157 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...)
	NOT-FOR-US: IBM DB2
CVE-2015-0156 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM
CVE-2015-0155
	RESERVED
CVE-2015-0154
	RESERVED
CVE-2015-0153 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
	NOT-FOR-US: D-Link
CVE-2015-0152 (D-Link DIR-815 devices with firmware before 2.07.B01 allow remote ...)
	NOT-FOR-US: D-Link
CVE-2015-0151 (Cross-site request forgery (CSRF) vulnerability in D-Link DIR-815 ...)
	NOT-FOR-US: D-Link
CVE-2015-0150 (The remote administration UI in D-Link DIR-815 devices with firmware ...)
	NOT-FOR-US: D-Link
CVE-2015-0149 (The developer portal in IBM API Management 3.0 before 3.0.4.1 does not ...)
	NOT-FOR-US: IBM API Management
CVE-2015-0148
	RESERVED
CVE-2015-0147
	RESERVED
CVE-2015-0146 (IBM Content Collector for Email 3.0 before ...)
	NOT-FOR-US: IBM Content Collector
CVE-2015-0145 (Cross-site request forgery (CSRF) vulnerability in IBM OpenPages GRC ...)
	NOT-FOR-US: IBM
CVE-2015-0144 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...)
	NOT-FOR-US: IBM
CVE-2015-0143 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, ...)
	NOT-FOR-US: IBM
CVE-2015-0142 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, ...)
	NOT-FOR-US: IBM
CVE-2015-0141 (IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, ...)
	NOT-FOR-US: IBM
CVE-2015-0140 (An unspecified ActiveX control in IBM SPSS Statistics 22.0 through FP1 ...)
	NOT-FOR-US: IBM
CVE-2015-0139 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2015-0138 (GSKit in IBM Tivoli Directory Server (ITDS) 6.0 before ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2015-0137 (IBM PowerVC Standard 1.2.0.x before 1.2.0.4 and 1.2.1.x before 1.2.2 ...)
	NOT-FOR-US: IBM PowerVC
CVE-2015-0136 (powervc-iso-import in IBM PowerVC 1.2.0.x before 1.2.0.4 and 1.2.1.x ...)
	NOT-FOR-US: IBM PowerVC
CVE-2015-0135 (IBM Domino 8.5 before 8.5.3 FP6 IF4 and 9.0 before 9.0.1 FP3 IF2 ...)
	NOT-FOR-US: IBM Domino
CVE-2015-0134 (Buffer overflow in the SSLv2 implementation in IBM Domino 8.5.x before ...)
	NOT-FOR-US: IBM
CVE-2015-0133 (IBM WebSphere Commerce 7.0 Feature Pack 4 through 8 allows remote ...)
	NOT-FOR-US: IBM
CVE-2015-0132 (The XML parser in IBM Rational DOORS Next Generation 4.x before 4.0.7 ...)
	NOT-FOR-US: IBM
CVE-2015-0131 (Cross-site scripting (XSS) vulnerability in IBM Leads 7.x, 8.1.0 ...)
	NOT-FOR-US: IBM
CVE-2015-0130 (Cross-site scripting (XSS) vulnerability in Jazz Team Server in Jazz ...)
	NOT-FOR-US: IBM
CVE-2015-0129 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0128 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0127 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, ...)
	NOT-FOR-US: IBM
CVE-2015-0126 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, ...)
	NOT-FOR-US: IBM
CVE-2015-0125 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Next ...)
	NOT-FOR-US: IBM Rational DOORS Next Generation
CVE-2015-0124 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2015-0123 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2015-0122 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2015-0121 (IBM Rational Requirements Composer 3.0 through 3.0.1.6 and 4.0 through ...)
	NOT-FOR-US: IBM
CVE-2015-0120 (Buffer overflow in the FastBackMount process in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM
CVE-2015-0119 (FastBack Mount in IBM Tivoli Storage Manager FastBack 6.1.x before ...)
	NOT-FOR-US: IBM Tivoli Storage Manager FastBack
CVE-2015-0118 (IBM WebSphere Message Broker Toolkit 7 before 7007 IF2 and 8 before ...)
	NOT-FOR-US: IBM
CVE-2015-0117 (The LDAP Server in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x ...)
	NOT-FOR-US: IBM Domino
CVE-2015-0116 (IBM Leads 7.x, 8.1.0 before 8.1.0.14, 8.2, 8.5.0 before 8.5.0.7.3, ...)
	NOT-FOR-US: IBM
CVE-2015-0115 (Cross-site request forgery (CSRF) vulnerability in IBM Leads 7.x, ...)
	NOT-FOR-US: IBM
CVE-2015-0114 (Stack-based buffer overflow in IBM V5R4, and IBM i Access for Windows ...)
	NOT-FOR-US: IBM
CVE-2015-0113 (The Jazz help system in IBM Rational Collaborative Lifecycle ...)
	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2015-0112 (Jazz Team Server in Jazz Foundation in IBM Rational Collaborative ...)
	NOT-FOR-US: IBM Rational
CVE-2015-0111
	RESERVED
CVE-2015-0110 (IBM Business Process Manager (aka BPM) 7.5.x, 8.0.x, and 8.5.x and ...)
	NOT-FOR-US: IBM
CVE-2015-0109 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2015-0108 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2015-0107 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...)
	NOT-FOR-US: IBM
CVE-2015-0106 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0105 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0104 (IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, ...)
	NOT-FOR-US: IBM
CVE-2015-0103 (Multiple cross-site scripting (XSS) vulnerabilities in the Process ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2015-0102
	RESERVED
CVE-2015-0101 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM
CVE-2015-0100 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0099 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0098 (Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0097 (Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel ...)
	NOT-FOR-US: Microsoft
CVE-2015-0096 (Untrusted search path vulnerability in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0095 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0094 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0093 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0092 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0091 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0090 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0089 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0088 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0087 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0086 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0085 (Use-after-free vulnerability in Microsoft Office 2007 SP3, Excel 2007 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0084 (The Task Scheduler in Microsoft Windows 7 SP1, Windows Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0083
	REJECTED
CVE-2015-0082
	REJECTED
CVE-2015-0081 (Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2015-0080 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2015-0079 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0078 (win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0077 (The kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0076 (The photo-decoder implementation in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2015-0075 (The kernel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2015-0074 (Adobe Font Driver in Microsoft Windows Server 2003 SP2, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2015-0073 (The Windows Registry Virtualization feature in the kernel in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2015-0072 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0071 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0070 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0069 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0068 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0067 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0066 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0065 (Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Word
CVE-2015-0064 (Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word ...)
	NOT-FOR-US: Microsoft
CVE-2015-0063 (Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel ...)
	NOT-FOR-US: Microsoft
CVE-2015-0062 (Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, ...)
	NOT-FOR-US: Microsoft
CVE-2015-0061 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2015-0060 (The font mapper in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2015-0059 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0058 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft
CVE-2015-0057 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0056 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0054 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0053 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0052 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0051 (Microsoft Internet Explorer 8 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0050 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0049 (Microsoft Internet Explorer 8 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0048 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0047
	REJECTED
CVE-2015-0046 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0045 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0044 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0043 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0042 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0041 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0040 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0039 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0038 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0037 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0036 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0035 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0034
	REJECTED
CVE-2015-0033
	REJECTED
CVE-2015-0032 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
	NOT-FOR-US: Microsoft
CVE-2015-0031 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0030 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0029 (Microsoft Internet Explorer 6 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0028 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0027 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0026 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0025 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0024
	REJECTED
CVE-2015-0023 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0022 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0021 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0020 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0019 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0018 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0017 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2015-0016 (Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0015 (Microsoft Windows Server 2003 SP2, Server 2008 SP2 and R2 SP1, and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0014 (Buffer overflow in the Telnet service in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0013
	REJECTED
CVE-2015-0012 (Microsoft System Center Virtual Machine Manager (VMM) 2012 R2 Update ...)
	NOT-FOR-US: Microsoft
CVE-2015-0011 (mrxdav.sys (aka the WebDAV driver) in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0010 (The CryptProtectMemory function in cng.sys (aka the Cryptography Next ...)
	NOT-FOR-US: Microsoft
CVE-2015-0009 (The Group Policy Security Configuration policy implementation in ...)
	NOT-FOR-US: Microsoft
CVE-2015-0008 (The UNC implementation in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0007
	REJECTED
CVE-2015-0006 (The Network Location Awareness (NLA) service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0005 (The NETLOGON service in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2015-0004 (The User Profile Service (aka ProfSvc) in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0003 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2015-0002 (The AhcVerifyAdminContext function in ahcache.sys in the Application ...)
	NOT-FOR-US: Microsoft Windows
CVE-2015-0001 (The Windows Error Reporting (WER) component in Microsoft Windows 8, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-8994 (The check_diskio plugin 3.2.6 and earlier for Nagios and Icinga allows ...)
	NOT-FOR-US: check_diskio nagios/icinga plugin
CVE-2014-8989 (The Linux kernel through 3.17.4 does not properly restrict dropping of ...)
	- linux 3.16.7-ckt4-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: http://thread.gmane.org/gmane.linux.man/7385/
CVE-2014-8986 (Cross-site scripting (XSS) vulnerability in the selection list in the ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/cabacdc291c251bfde0dc2a2c945c02cef41bf40
	NOTE: https://github.com/mantisbt/mantisbt/commit/e326b73a (1.2.x)
CVE-2014-8985 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-8984
	REJECTED
CVE-2014-8983
	REJECTED
CVE-2014-8982
	REJECTED
CVE-2014-8981
	REJECTED
CVE-2014-8980
	REJECTED
CVE-2014-8979
	REJECTED
CVE-2014-8978
	REJECTED
CVE-2014-8977
	REJECTED
CVE-2014-8976
	REJECTED
CVE-2014-8975
	REJECTED
CVE-2014-8974
	REJECTED
CVE-2014-8973
	REJECTED
CVE-2014-8972
	REJECTED
CVE-2014-8971
	REJECTED
CVE-2014-8970
	REJECTED
CVE-2014-8969
	REJECTED
CVE-2014-8968
	REJECTED
CVE-2014-8967 (Use-after-free vulnerability in Microsoft Internet Explorer allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-8966 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2014-8965
	RESERVED
CVE-2014-8964 (Heap-based buffer overflow in PCRE 8.36 and earlier allows remote ...)
	- pcre3 2:8.35-3.3 (bug #770478)
	[wheezy] - pcre3 <no-dsa> (Minor issue)
	[squeeze] - pcre3 <no-dsa> (Minor issue)
	NOTE: http://bugs.exim.org/show_bug.cgi?id=1546
	NOTE: http://www.exim.org/viewvc/pcre2?revision=154&view=revision
CVE-2014-8963
	RESERVED
CVE-2014-8962 (Stack-based buffer overflow in stream_decoder.c in libFLAC before ...)
	{DSA-3082-1 DLA-99-1}
	- flac 1.3.0-3 (bug #770918)
	NOTE: https://git.xiph.org/?p=flac.git;a=patch;h=5b3033a2b355068c11fe637e14ac742d273f076e
	NOTE: http://lists.xiph.org/pipermail/flac-dev/2014-November/005185.html
CVE-2014-8961 (Directory traversal vulnerability in libraries/error_report.lib.php in ...)
	- phpmyadmin 4:4.2.12-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-16.php
CVE-2014-8960 (Cross-site scripting (XSS) vulnerability in ...)
	- phpmyadmin 4:4.2.12-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-15.php
CVE-2014-8959 (Directory traversal vulnerability in ...)
	- phpmyadmin 4:4.2.12-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-14.php
CVE-2014-8958 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-3382-1 DLA-336-1}
	- phpmyadmin 4:4.2.12-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-13.php
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/42b64e12b5f596366f94ef72365fd69a019ba820 and
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/c7685e5acd3f8e722f4f374c6fa821590865b68d need
	NOTE: to be backported to 3.4
CVE-2014-8957 (Cross-site scripting (XSS) vulnerability in OpenKM before 6.4.19 ...)
	NOT-FOR-US: OpenKM
CVE-2014-8956 (Stack-based buffer overflow in the K7Sentry.sys kernel mode driver ...)
	NOT-FOR-US: K7 Computing
CVE-2014-8955 (Cross-site scripting (XSS) vulnerability in the Contact Form Clean and ...)
	NOT-FOR-US: WordPress plugin clean-and-simple-contact-form-by-meg-nicholas
CVE-2014-8954 (Multiple cross-site scripting (XSS) vulnerabilities in phpSound 1.0.5 ...)
	NOT-FOR-US: phpSound
CVE-2014-8953 (Multiple cross-site request forgery (CSRF) vulnerabilities in Php ...)
	NOT-FOR-US: Php Scriptlerim Who's Who
CVE-2014-8952 (Multiple unspecified vulnerabilities in Check Point Security Gateway ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2014-8951 (Unspecified vulnerability in Check Point Security Gateway R75, R76, ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2014-8950 (Unspecified vulnerability in Check Point Security Gateway R77 and ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2014-8949 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-8948 (Cross-site request forgery (CSRF) vulnerability in the iMember360 ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-8947
	RESERVED
CVE-2014-8946
	RESERVED
CVE-2014-8945
	RESERVED
CVE-2014-8944
	RESERVED
CVE-2014-8943
	RESERVED
CVE-2014-8942
	RESERVED
CVE-2014-8941
	RESERVED
CVE-2014-8940
	RESERVED
CVE-2014-8939
	RESERVED
CVE-2014-8938
	RESERVED
CVE-2014-8937
	RESERVED
CVE-2014-8936
	REJECTED
CVE-2014-8935
	REJECTED
CVE-2014-8934
	REJECTED
CVE-2014-8933
	REJECTED
CVE-2014-8932
	REJECTED
CVE-2014-8931
	REJECTED
CVE-2014-8930
	RESERVED
CVE-2014-8929
	REJECTED
CVE-2014-8928
	REJECTED
CVE-2014-8927 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License ...)
	NOT-FOR-US: IBM
CVE-2014-8926 (Common Inventory Technology (CIT) before 2.7.0.2050 in IBM License ...)
	NOT-FOR-US: IBM
CVE-2014-8925 (Cross-site request forgery (CSRF) vulnerability in ClearQuest Web in ...)
	NOT-FOR-US: IBM
CVE-2014-8924 (The server in IBM License Metric Tool 7.2.2 before IF15 and 7.5 before ...)
	NOT-FOR-US: IBM
CVE-2014-8923 (The (1) IBM Tivoli Identity Manager Active Directory adapter before ...)
	NOT-FOR-US: IBM
CVE-2014-8922
	RESERVED
CVE-2014-8921 (The IBM Notes Traveler Companion application 1.0 and 1.1 before ...)
	NOT-FOR-US: IBM Notes Traveler Companion
CVE-2014-8920 (Buffer overflow in the Data Transfer Program in IBM i Access 5770-XE1 ...)
	NOT-FOR-US: IBM
CVE-2014-8919
	RESERVED
CVE-2014-8918 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 does not ...)
	NOT-FOR-US: IBM
CVE-2014-8917 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: IBM
CVE-2014-8916 (Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform ...)
	NOT-FOR-US: IBM
CVE-2014-8915
	RESERVED
CVE-2014-8914 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-8913 (Cross-site scripting (XSS) vulnerability in the Process Portal in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-8912 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8911 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2014-8910 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 ...)
	NOT-FOR-US: IBM DB2
CVE-2014-8909 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8908
	RESERVED
CVE-2014-8907
	RESERVED
CVE-2014-8906
	RESERVED
CVE-2014-8905
	RESERVED
CVE-2014-8904 (lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows ...)
	NOT-FOR-US: IBM AIX, VIOS
CVE-2014-8903 (IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before ...)
	NOT-FOR-US: IBM
CVE-2014-8902 (Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-8901 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...)
	NOT-FOR-US: IBM
CVE-2014-8900 (Cross-site request forgery (CSRF) vulnerability in IBM UrbanCode ...)
	NOT-FOR-US: IBM
CVE-2014-8899 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
	NOT-FOR-US: IBM
CVE-2014-8898 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
	NOT-FOR-US: IBM
CVE-2014-8897 (Cross-site scripting (XSS) vulnerability in the Collaboration Server ...)
	NOT-FOR-US: IBM
CVE-2014-8896 (The Collaboration Server in IBM InfoSphere Master Data Management ...)
	NOT-FOR-US: IBM
CVE-2014-8895 (IBM TRIRIGA Application Platform 3.2.1.x, 3.3.2 before 3.3.2.3, and ...)
	NOT-FOR-US: IBM
CVE-2014-8894 (Open redirect vulnerability in IBM TRIRIGA Application Platform ...)
	NOT-FOR-US: IBM
CVE-2014-8893 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: IBM
CVE-2014-8892 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM ...)
	NOT-FOR-US: IBM Java
CVE-2014-8891 (Unspecified vulnerability in the Java Virtual Machine (JVM) in IBM ...)
	NOT-FOR-US: IBM Java
CVE-2014-8890 (IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 ...)
	NOT-FOR-US: IBM
CVE-2014-8889 (Dropbox SDK for Android before 1.6.2 might allow remote attackers to ...)
	NOT-FOR-US: Dropbox SDK for Android
CVE-2014-8888 (The remote administration interface in D-Link DIR-815 devices with ...)
	NOT-FOR-US: D-Link
CVE-2014-8887 (IBM Marketing Operations 7.x and 8.x before 8.5.0.7.2, 8.6.x before ...)
	NOT-FOR-US: IBM Marketing Operations
CVE-2014-8886 (AVM FRITZ!OS before 6.30 extracts the contents of firmware updates ...)
	NOT-FOR-US: AVM FRITZ!OS
CVE-2014-8885
	RESERVED
CVE-2014-8883
	RESERVED
CVE-2014-8882
	RESERVED
CVE-2014-8881
	RESERVED
CVE-2014-8880
	RESERVED
CVE-2014-8879
	RESERVED
CVE-2014-8877 (The alterSearchQuery function in ...)
	NOT-FOR-US: CreativeMinds CM Downloads Manager plugin for WordPress
CVE-2014-8876
	RESERVED
CVE-2014-8875 (The XML_RPC_cd function in lib/pear/XML/RPC.php in Revive Adserver ...)
	NOT-FOR-US: Revive Adserver
CVE-2014-8874 (The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses ...)
	NOT-FOR-US: TYPO3 Extension ke_questionnaire
CVE-2014-8873 (A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 ...)
	{DSA-3316-1 DSA-3235-1}
	- openjdk-8 8u45-b14-1 (high)
	- openjdk-7 7u79-2.5.5-1 (high)
	- openjdk-6 <removed> (high)
	[squeeze] - openjdk-6 <not-affected> (MIME type setting is harmless on squeeze)
	[wheezy] - openjdk-6 <not-affected> (MIME type setting is harmless on wheezy)
	[squeeze] - openjdk-7 <not-affected> (MIME type setting is harmless on this squeeze)
	[wheezy] - openjdk-7 <not-affected> (MIME type setting is harmless on wheezy)
	NOTE: Starting with mime-support 3.53, MimeType entries in desktop
	NOTE: files end up in /etc/mailcap, which introduces the user-initiated
	NOTE: code execution.
CVE-2014-8872 (Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 ...)
	NOT-FOR-US: AVM FRITZ!Box
CVE-2014-8871 (Directory traversal vulnerability in hybris Commerce software suite ...)
	NOT-FOR-US: hybris Commerce
CVE-2014-8870 (Open redirect vulnerability in mobiquo/smartbanner/welcome.php in the ...)
	NOT-FOR-US: Woltlab Burning Board plugin Tapatalk
CVE-2014-8869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Woltlab Burning Board plugin Tapatalk
CVE-2014-8868 (EntryPass N5200 Active Network Control Panel does not properly ...)
	NOT-FOR-US: EntryPass N5200
CVE-2014-8867 (The acceleration support for the &quot;REP MOVS&quot; instruction in Xen 4.4.x, ...)
	{DSA-3140-1}
	- xen 4.4.1-5 (bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8866 (The compatibility mode hypercall argument translation in Xen 3.3.x ...)
	{DSA-3140-1}
	- xen 4.4.1-5 (bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8865
	REJECTED
CVE-2014-8864
	REJECTED
CVE-2014-8863
	REJECTED
CVE-2014-8862
	REJECTED
CVE-2014-8861
	REJECTED
CVE-2014-8860
	REJECTED
CVE-2014-8859
	REJECTED
CVE-2014-8858
	REJECTED
CVE-2014-8857
	REJECTED
CVE-2014-8856
	REJECTED
CVE-2014-8855
	REJECTED
CVE-2014-8854
	REJECTED
CVE-2014-8853
	REJECTED
CVE-2014-8852
	REJECTED
CVE-2014-8851
	REJECTED
CVE-2014-8850
	REJECTED
CVE-2014-8849
	REJECTED
CVE-2014-8848
	REJECTED
CVE-2014-8847
	REJECTED
CVE-2014-8846
	REJECTED
CVE-2014-8845
	REJECTED
CVE-2014-8844
	REJECTED
CVE-2014-8843
	REJECTED
CVE-2014-8842
	RESERVED
CVE-2014-8841
	RESERVED
CVE-2014-8840 (The iTunes Store component in Apple iOS before 8.1.3 allows remote ...)
	NOT-FOR-US: Apple
CVE-2014-8839 (Spotlight in Apple OS X before 10.10.2 does not enforce the Mail &quot;Load ...)
	NOT-FOR-US: Apple
CVE-2014-8838 (The Security component in Apple OS X before 10.10.2 does not properly ...)
	NOT-FOR-US: Apple
CVE-2014-8837 (Multiple unspecified vulnerabilities in the Bluetooth driver in Apple ...)
	NOT-FOR-US: Apple
CVE-2014-8836 (The Bluetooth driver in Apple OS X before 10.10.2 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-8835 (The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 ...)
	NOT-FOR-US: Apple
CVE-2014-8834 (UserAccountUpdater in Apple OS X 10.10 before 10.10.2 stores a PDF ...)
	NOT-FOR-US: Apple
CVE-2014-8833 (SpotlightIndex in Apple OS X before 10.10.2 does not properly perform ...)
	NOT-FOR-US: Apple
CVE-2014-8832 (The indexing functionality in Spotlight in Apple OS X before 10.10.2 ...)
	NOT-FOR-US: Apple
CVE-2014-8831 (security_taskgate in Apple OS X before 10.10.2 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-8830 (Heap-based buffer overflow in SceneKit in Apple OS X before 10.10.2 ...)
	NOT-FOR-US: Apple
CVE-2014-8829 (SceneKit in Apple OS X before 10.10.2 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2014-8828 (Sandbox in Apple OS X before 10.10 allows attackers to write to the ...)
	NOT-FOR-US: Apple
CVE-2014-8827 (LoginWindow in Apple OS X before 10.10.2 does not transition to the ...)
	NOT-FOR-US: Apple
CVE-2014-8826 (LaunchServices in Apple OS X before 10.10.2 does not properly handle ...)
	NOT-FOR-US: Apple
CVE-2014-8825 (The kernel in Apple OS X before 10.10.2 does not properly perform ...)
	NOT-FOR-US: Apple
CVE-2014-8824 (The kernel in Apple OS X before 10.10.2 does not properly validate ...)
	NOT-FOR-US: Apple
CVE-2014-8823 (The IOUSBControllerUserClient::ReadRegister function in the IOUSB ...)
	NOT-FOR-US: Apple
CVE-2014-8822 (IOHIDFamily in Apple OS X before 10.10.2 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2014-8821 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...)
	NOT-FOR-US: Apple
CVE-2014-8820 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...)
	NOT-FOR-US: Apple
CVE-2014-8819 (The Intel Graphics Driver in Apple OS X before 10.10.2 allows local ...)
	NOT-FOR-US: Apple
CVE-2014-8818
	REJECTED
CVE-2014-8817 (coresymbolicationd in CoreSymbolication in Apple OS X before 10.10.2 ...)
	NOT-FOR-US: Apple
CVE-2014-8816 (CoreGraphics in Apple OS X before 10.10 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-8815
	RESERVED
CVE-2014-8814
	RESERVED
CVE-2014-8813
	RESERVED
CVE-2014-8812
	RESERVED
CVE-2014-8811
	RESERVED
CVE-2014-8810 (SQL injection vulnerability in ajax/mail_functions.php in the WP ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-8809 (Multiple cross-site scripting (XSS) vulnerabilities in the WP ...)
	NOT-FOR-US: WP Symposium plugin for WordPress
CVE-2014-8808
	RESERVED
CVE-2014-8807
	RESERVED
CVE-2014-8806
	RESERVED
CVE-2014-8805
	RESERVED
CVE-2014-8804
	RESERVED
CVE-2014-8803
	RESERVED
CVE-2014-8802 (The Pie Register plugin before 2.0.14 for WordPress does not properly ...)
	NOT-FOR-US: WordPress plugin Pie Register
CVE-2014-8801 (Directory traversal vulnerability in services/getfile.php in the Paid ...)
	NOT-FOR-US: Paid Memberships Pro plugin for WordPress
CVE-2014-8800 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Nextend Facebook Connect plugin for WordPress
CVE-2014-8799 (Directory traversal vulnerability in the dp_img_resize function in ...)
	NOT-FOR-US: dp_img_resize function in php/dp-functions.php in the DukaPress plugin for WordPress
CVE-2014-8798
	RESERVED
CVE-2014-8797
	RESERVED
CVE-2014-8796
	RESERVED
CVE-2014-8795
	RESERVED
CVE-2014-8794
	RESERVED
CVE-2014-8793 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Revive Adserver
CVE-2014-8792
	RESERVED
CVE-2014-8791 (project/register.php in Tuleap before 7.7, when ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-8790 (XML external entity (XXE) vulnerability in admin/api.php in GetSimple ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-8789 (GleamTech FileVista before 6.1 allows remote authenticated users to ...)
	NOT-FOR-US: GleamTech FileVista
CVE-2014-8788 (GleamTech FileVista before 6.1 allows remote authenticated users to ...)
	NOT-FOR-US: GleamTech FileVista
CVE-2014-8787
	RESERVED
CVE-2014-8786
	RESERVED
CVE-2014-8785
	RESERVED
CVE-2014-8784
	RESERVED
CVE-2014-8783
	RESERVED
CVE-2014-8782
	RESERVED
CVE-2014-8781
	RESERVED
CVE-2014-8780 (Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote ...)
	NOT-FOR-US: Jease
CVE-2014-8779 (Pexip Infinity before 8 uses the same SSH host keys across different ...)
	NOT-FOR-US: Pexip Infinity
CVE-2014-8778 (Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote ...)
	NOT-FOR-US: Checkmarx
CVE-2014-8777
	RESERVED
CVE-2014-8776
	RESERVED
CVE-2014-8775 (MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-8774 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODX ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-8773 (MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-8772 (Cross-site scripting (XSS) vulnerability in the search_controller in ...)
	NOT-FOR-US: X3 CMS
CVE-2014-8771 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: X3 CMS
CVE-2014-8770 (Unrestricted file upload vulnerability in magmi/web/magmi.php in the ...)
	NOT-FOR-US: Magento
CVE-2012-6665 (Directory traversal vulnerability in index.php in phpMoneyBooks 1.0.4 ...)
	NOT-FOR-US: phpMoneyBooks
CVE-2012-6664
	RESERVED
CVE-2012-6663
	RESERVED
CVE-2014-8988 (MantisBT before 1.2.18 allows remote authenticated users to bypass the ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/5f0b150b
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17742
CVE-2014-9622 (Eval injection vulnerability in xdg-utils 1.1.0 RC1, when no supported ...)
	{DSA-3131-1 DLA-217-1}
	- xdg-utils 1.1.0~rc1+git20111210-7.3 (bug #773085)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=66670
CVE-2014-8991 (pip 1.3 through 1.5.6 allows local users to cause a denial of service ...)
	- python-pip 1.5.6-4 (bug #725847)
	[wheezy] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
	[squeeze] - python-pip <not-affected> (Vulnerable code only in >= 1.3)
	NOTE: https://github.com/pypa/pip/pull/2122
CVE-2014-8987 (Cross-site scripting (XSS) vulnerability in the &quot;set configuration&quot; ...)
	- mantis <not-affected> (Vulnerable code introduced later)
	NOTE: Affected upstream versions >= 1.2.13, <= 1.2.17
	NOTE: https://github.com/mantisbt/mantisbt/commit/49c3d089
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17870
CVE-2014-8884 (Stack-based buffer overflow in the ...)
	{DSA-3093-1 DLA-118-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f2e323ec96077642d397bb1c355def536d489d16 (v3.18-rc1)
CVE-2014-8769 (tcpdump 3.8 through 4.6.2 might allow remote attackers to obtain ...)
	{DSA-3086-1 DLA-102-1}
	- tcpdump 4.6.2-2 (bug #770424)
	NOTE: http://www.securityfocus.com/archive/1/534009/30/0/threaded
CVE-2014-8768 (Multiple Integer underflows in the geonet_print function in tcpdump ...)
	- tcpdump 4.6.2-2 (bug #770415)
	[wheezy] - tcpdump <not-affected> (Vulnerable code added in 4.5.0)
	[squeeze] - tcpdump <not-affected> (Vulnerable code added in 4.5.0)
	NOTE: http://www.securityfocus.com/archive/1/534010/30/0/threaded
CVE-2014-8767 (Integer underflow in the olsr_print function in tcpdump 3.9.6 through ...)
	{DSA-3086-1 DLA-102-1}
	- tcpdump 4.6.2-2 (bug #770434)
	NOTE: http://www.securityfocus.com/archive/1/534011/30/0/threaded
CVE-2014-8742
	RESERVED
CVE-2014-8741
	RESERVED
CVE-2014-8740
	RESERVED
CVE-2014-8739
	RESERVED
CVE-2014-8736 (The Open Atrium Core module for Drupal before 7.x-2.22 allows remote ...)
	NOT-FOR-US: Drupal module Open Atrium Core
CVE-2014-8735 (The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before ...)
	NOT-FOR-US: Drupal module Bad Behavior
CVE-2014-8734 (The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal ...)
	NOT-FOR-US: Drupal module Organic Groups Menu
CVE-2014-8733 (Cloudera Manager 5.2.0, 5.2.1, and 5.3.0 stores the LDAP bind password ...)
	NOT-FOR-US: Cloudera Manager
CVE-2014-8730 (The SSL profiles component in F5 BIG-IP LTM, APM, and ASM 10.0.0 ...)
	NOT-FOR-US: SSL/TLS implementation error in F5 products (and historic NSS releases)
CVE-2014-8729
	RESERVED
CVE-2014-8728 (SQL injection vulnerability in the login page (login/login) in Subex ...)
	NOT-FOR-US: Subex
CVE-2014-8727 (Multiple directory traversal vulnerabilities in F5 BIG-IP before ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-8726
	RESERVED
CVE-2014-8725
	RESERVED
CVE-2014-8724 (Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin ...)
	NOT-FOR-US: W3 Total Cache plugin for WordPress
CVE-2014-8723 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-8722 (GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-8721
	RESERVED
CVE-2014-8720
	RESERVED
CVE-2014-8719
	RESERVED
CVE-2014-8718
	RESERVED
CVE-2014-8717
	RESERVED
CVE-2014-8715
	RESERVED
CVE-2014-8708 (Pluck CMS 4.7.2 allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: Pluck CMS
CVE-2014-8707 (Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 ...)
	NOT-FOR-US: Pluck CMS
CVE-2014-8706 (Pluck CMS 4.7.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Pluck CMS
CVE-2014-8705 (PHP remote file inclusion vulnerability in editInplace.php in Wonder ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8704 (Directory traversal vulnerability in index.php in Wonder CMS 2014 ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8703 (Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8702 (Wonder CMS 2014 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8701 (Wonder CMS 2014 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wonder CMS
CVE-2014-8700
	RESERVED
CVE-2014-8699
	RESERVED
CVE-2014-8698
	RESERVED
CVE-2014-8697
	RESERVED
CVE-2014-8696
	RESERVED
CVE-2014-8695
	RESERVED
CVE-2014-8694
	RESERVED
CVE-2014-8693
	RESERVED
CVE-2014-8692
	RESERVED
CVE-2014-8691
	RESERVED
CVE-2014-8690 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2014-8689
	RESERVED
CVE-2014-8688 (An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for ...)
	NOT-FOR-US: Telegram Messenger
CVE-2014-8687 (Seagate Business NAS devices with firmware before 2015.00322 allow ...)
	NOT-FOR-US: Seagate Business NAS devices
CVE-2014-8686 (CodeIgniter before 2.2.0 makes it easier for attackers to decode ...)
	NOT-FOR-US: CodeIgniter
CVE-2014-8685
	RESERVED
CVE-2014-8684 (CodeIgniter before 3.0 and Kohana 3.2.3 and earlier and 3.3.x through ...)
	NOT-FOR-US: CodeIgniter
CVE-2014-8683 (Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs ...)
	NOT-FOR-US: Go Git Service
CVE-2014-8682 (Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) ...)
	NOT-FOR-US: Go Git Service
CVE-2014-8681 (SQL injection vulnerability in the GetIssues function in ...)
	NOT-FOR-US: Go Git Service
CVE-2014-8680 (The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows ...)
	- bind9 <not-affected> (Only affects 9.10 to 9.11)
	NOTE: https://kb.isc.org/article/AA-01217/0
CVE-2014-8679
	RESERVED
CVE-2014-8678 (The ConfigSaveServlet servlet in ManageEngine OpUtils before build ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2014-8677 (The installation process for SOPlanning 1.32 and earlier allows remote ...)
	NOT-FOR-US: SOPlanning
CVE-2014-8676 (Directory traversal vulnerability in the file_get_contents function in ...)
	NOT-FOR-US: SOPlanning
CVE-2014-8675 (Soplanning 1.32 and earlier generates static links for sharing ICAL ...)
	NOT-FOR-US: SOPlanning
CVE-2014-8674
	RESERVED
CVE-2014-8673
	RESERVED
CVE-2014-8672 (Cross-site scripting (XSS) vulnerability in the RewardingYourself ...)
	NOT-FOR-US: RewardingYourself application for Android and BlackBerry
CVE-2014-8671 (Cross-site scripting (XSS) vulnerability in the GWT Mobile PhoneGap ...)
	NOT-FOR-US: GWT Mobile PhoneGap Showcase application for Android
CVE-2014-8670 (Open redirect vulnerability in go.php in vBulletin 4.2.1 allows remote ...)
	NOT-FOR-US: vBulletin
CVE-2014-8669 (The SAP Promotion Guidelines (CRM-MKT-MPL-TPM-PPG) module for SAP CRM ...)
	NOT-FOR-US: SAP
CVE-2014-8668 (SQL injection vulnerability in SAP Contract Accounting allows remote ...)
	NOT-FOR-US: SAP
CVE-2014-8667 (Cross-site scripting (XSS) vulnerability in SAP HANA Web-based ...)
	NOT-FOR-US: SAP
CVE-2014-8666 (The User &amp; Server configuration, InfoView refresh, user rights ...)
	NOT-FOR-US: SAP
CVE-2014-8665 (The SAP Business Intelligence Development Workbench allows remote ...)
	NOT-FOR-US: SAP
CVE-2014-8664 (SQL injection vulnerability in Product Safety (EHS-SAF) component in ...)
	NOT-FOR-US: SAP
CVE-2014-8663 (SQL injection vulnerability in Data Basis (BW-WHM-DBA) in SAP ...)
	NOT-FOR-US: SAP
CVE-2014-8662 (Unspecified vulnerability in SAP Payroll Process allows remote ...)
	NOT-FOR-US: SAP
CVE-2014-8661 (The SAP CRM Internet Sales module allows remote attackers to execute ...)
	NOT-FOR-US: SAP
CVE-2014-8660 (SAP Document Management Services allows local users to execute ...)
	NOT-FOR-US: SAP
CVE-2014-8659 (Directory traversal vulnerability in SAP Environment, Health, and ...)
	NOT-FOR-US: SAP
CVE-2014-8658 (Cross-site scripting (XSS) vulnerability in RefinedWiki Original Theme ...)
	NOT-FOR-US: Atlassian Confluence theme
CVE-2014-8657 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8656 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8655 (The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8654 (Multiple cross-site request forgery (CSRF) vulnerabilities in Compal ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8653 (Cross-site scripting (XSS) vulnerability in Compal Broadband Networks ...)
	NOT-FOR-US: Compal Gateways
CVE-2014-8652 (Elipse E3 3.x and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Elipse E3
CVE-2014-8649
	REJECTED
CVE-2014-8648
	REJECTED
CVE-2014-8647
	REJECTED
CVE-2014-8646
	REJECTED
CVE-2014-8645
	REJECTED
CVE-2014-8644
	RESERVED
CVE-2014-8643 (Mozilla Firefox before 35.0 on Windows allows remote attackers to ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-07.html
CVE-2014-8642 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not consider ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-08.html
CVE-2014-8641 (Use-after-free vulnerability in the WebRTC implementation in Mozilla ...)
	{DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-06.html
CVE-2014-8640 (The mozilla::dom::AudioParamTimeline::AudioNodeInputValue function in ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-05.html
CVE-2014-8639 (Mozilla Firefox before 35.0, Firefox ESR 31.x before 31.4, Thunderbird ...)
	{DSA-3132-1 DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-04.html
CVE-2014-8638 (The navigator.sendBeacon implementation in Mozilla Firefox before ...)
	{DSA-3132-1 DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-03.html
CVE-2014-8637 (Mozilla Firefox before 35.0 and SeaMonkey before 2.32 do not properly ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-02.html
CVE-2014-8636 (The XrayWrapper implementation in Mozilla Firefox before 35.0 and ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-09.html
CVE-2014-8635 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects versions > 31.x)
CVE-2014-8634 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3132-1 DSA-3127-1}
	- iceweasel 31.4.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.4.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2015/mfsa2015-01.html
CVE-2014-8633
	RESERVED
CVE-2014-8632 (The structured-clone implementation in Mozilla Firefox before 34.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
CVE-2014-8631 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
CVE-2014-8630 (Bugzilla before 4.0.16, 4.1.x and 4.2.x before 4.2.12, 4.3.x and 4.4.x ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1079065
CVE-2014-8629 (Cross-site scripting (XSS) vulnerability in the Page visualization ...)
	NOT-FOR-US: Pandora FMS
CVE-2014-8624
	RESERVED
CVE-2014-8623
	RESERVED
CVE-2014-8622 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
	NOT-FOR-US: Compfight plugin for WordPress
CVE-2014-8621 (SQL injection vulnerability in the Store Locator plugin 2.3 through ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8620
	RESERVED
CVE-2014-8619 (Cross-site scripting (XSS) vulnerability in the autolearn ...)
	NOT-FOR-US: Fortinet FortiWeb
CVE-2014-8618 (Cross-site scripting (XSS) vulnerability in the theme login page in ...)
	NOT-FOR-US: Fortinet FortiADC
CVE-2014-8617 (Cross-site scripting (XSS) vulnerability in the Web Action Quarantine ...)
	NOT-FOR-US: FortiMail
CVE-2014-8616 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2014-8615
	REJECTED
CVE-2014-8614
	REJECTED
CVE-2014-8613 (The sctp module in FreeBSD 10.1 before p5, 10.0 before p17, 9.3 before ...)
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-2 (bug #776416)
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 9.0-10+deb70.8
	NOTE: kfreebsd-9/9.0-10+deb70.8 disabled SCTP protocol
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://security.freebsd.org/advisories/FreeBSD-SA-15:03.sctp.asc
CVE-2014-8612 (Multiple array index errors in the Stream Control Transmission ...)
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-2 (bug #776415)
	- kfreebsd-9 <removed>
	[wheezy] - kfreebsd-9 9.0-10+deb70.8
	NOTE: kfreebsd-9/9.0-10+deb70.8 disabled SCTP protocol
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <not-affected> (kfreebsd-i386/amd64 not supported in Squeeze LTS)
	NOTE: https://security.FreeBSD.org/advisories/FreeBSD-SA-15:02.kmem.asc
CVE-2014-8611 (The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and ...)
	NOT-FOR-US: Apple
CVE-2014-8610 (AndroidManifest.xml in Android before 5.0.0 does not require the ...)
	NOT-FOR-US: Android
CVE-2014-8609 (The addAccount method in ...)
	NOT-FOR-US: Android
CVE-2014-8608 (The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) ...)
	NOT-FOR-US: K7 Computing
CVE-2014-8607 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! provides ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8606 (Directory traversal vulnerability in the XCloner plugin 3.1.1 for ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8605 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! stores ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8604 (The XCloner plugin 3.1.1 for WordPress and 3.5.1 for Joomla! returns ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8603 (cloner.functions.php in the XCloner plugin 3.1.1 for WordPress and ...)
	NOT-FOR-US: XCloner plugin for WordPress and Joomla!
CVE-2014-8602 (iterator.c in NLnet Labs Unbound before 1.5.1 does not limit ...)
	{DSA-3097-1 DLA-107-1}
	- unbound 1.4.22-3 (bug #772622)
	NOTE: http://www.unbound.net/pipermail/unbound-users/2014-December/003662.html
CVE-2014-8601 (PowerDNS Recursor before 3.6.2 does not limit delegation chaining, ...)
	{DSA-3096-1 DLA-104-1}
	- pdns-recursor 3.6.2-1
	NOTE: http://doc.powerdns.com/md/security/powerdns-advisory-2014-02/
	NOTE: Backported patches available at https://downloads.powerdns.com/patches/2014-02/
CVE-2014-8600 (Multiple cross-site scripting (XSS) vulnerabilities in KDE-Runtime ...)
	- kde-runtime 4:4.14.2-2 (bug #769632)
	[wheezy] - kde-runtime <no-dsa> (Minor issue)
	[squeeze] - kdebase-runtime <no-dsa> (Minor issue)
	- webkitkde 1.3.4-2 (unimportant)
	NOTE: webkitpart: http://quickgit.kde.org/?p=kwebkitpart.git&a=commit&h=641aa7c75631084260ae89aecbdb625e918c6689
	NOTE: kde-runtime: http://quickgit.kde.org/?p=kde-runtime.git&a=commit&h=d68703900edc8416fbcd2550cd336cbbb76decb9
	NOTE: Upstream advisory: https://www.kde.org/info/security/advisory-20141113-1.txt
	NOTE: webkit not covered by security support
CVE-2014-8599
	RESERVED
CVE-2014-8597
	RESERVED
CVE-2014-8596 (Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow ...)
	NOT-FOR-US: PHP-Fusion
CVE-2014-8595 (arch/x86/x86_emulate/x86_emulate.c in Xen 3.2.1 through 4.4.x does not ...)
	{DSA-3140-1}
	- xen 4.4.1-4 (bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8594 (The do_mmu_update function in arch/x86/mm.c in Xen 4.x through 4.4.x ...)
	{DSA-3140-1}
	- xen 4.4.1-4 (low; bug #770230)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-8593 (Multiple cross-site scripting (XSS) vulnerabilities in Allomani ...)
	NOT-FOR-US: Allomani Weblinks
CVE-2014-8587 (SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-8586 (SQL injection vulnerability in the CP Multi View Event Calendar plugin ...)
	NOT-FOR-US: WordPress plugin CP Multi View Event Calendar
CVE-2014-8585 (Directory traversal vulnerability in the WordPress Download Manager ...)
	NOT-FOR-US: WordPress plugin WordPress Download Manager
	NOTE: To be REJECTED
CVE-2014-8584 (Cross-site scripting (XSS) vulnerability in the Web Dorado Spider ...)
	NOT-FOR-US: WordPress plugin Web Dorado Spider Video Player (aka WordPress Video Player)
CVE-2013-7416 (canto_curses/guibase.py in Canto Curses before 0.9.0 allows remote ...)
	- canto <removed> (bug #731582)
	[wheezy] - canto <not-affected> (Vulnerable code not present)
	[squeeze] - canto <not-affected> (Vulnerable code not present)
CVE-2013-7415
	RESERVED
CVE-2013-7414
	RESERVED
CVE-2013-7413
	RESERVED
CVE-2013-7412
	RESERVED
CVE-2013-7411
	RESERVED
CVE-2013-7410
	RESERVED
CVE-2010-5312 (Cross-site scripting (XSS) vulnerability in jquery.ui.dialog.js in the ...)
	{DSA-3249-1 DLA-258-1}
	- jqueryui 1.10.1+dfsg-1
	- owncloud <not-affected> (embedded copy, bug #722500, of version 1.10.1, already fixed)
	NOTE: http://bugs.jqueryui.com/ticket/6016
	NOTE: https://github.com/jquery/jquery-ui/commit/7e9060c109b928769a664dbcc2c17bd21231b6f3
CVE-2010-5311
	RESERVED
CVE-2014-8738 (The _bfd_slurp_extended_name_table function in bfd/archive.c in GNU ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141124-1
	- binutils-mingw-w64 5.2
	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17533
	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=bb0d867169d7e9743d229804106a8fbcab7f3b3f
CVE-2014-8737 (Multiple directory traversal vulnerabilities in GNU binutils 2.24 and ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141124-1
	- binutils-mingw-w64 5.2
	NOTE: Upstream tracker: https://sourceware.org/bugzilla/show_bug.cgi?id=17552
	NOTE: Upstream patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42
CVE-2014-8732 (Cross-site scripting (XSS) vulnerability in phpMemcachedAdmin 1.2.2 ...)
	NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8731 (PHPMemcachedAdmin 1.2.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: phpMemcachedAdmin
CVE-2014-8716 (The JPEG decoder in ImageMagick before 6.8.9-9 allows local users to ...)
	{DLA-960-1 DLA-90-1}
	- imagemagick 8:6.8.9.9-3 (bug #768494)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26456
CVE-2014-8714 (The dissect_write_structured_field function in ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-23.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8713 (Stack-based buffer overflow in the build_expert_data function in ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8712 (The build_expert_data function in epan/dissectors/packet-ncp2222.inc ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-22.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8711 (Multiple integer overflows in epan/dissectors/packet-amqp.c in the ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-21.html
	NOTE: Versions 1.12.0 to 1.12.1, and 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8710 (The decompress_sigcomp_message function in epan/sigcomp-udvm.c in the ...)
	{DSA-3076-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-2 (bug #769410)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-20.html
	NOTE: Versions 1.10.0 to 1.10.10. It is fixed in versions 1.12.2 and 1.10.11.
CVE-2014-8709 (The ieee80211_fragment function in net/mac80211/tx.c in the Linux ...)
	{DLA-118-1}
	- linux 3.14.2-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f (v3.14-rc3)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2de8e0d999b8790861cd3749bec2236ccc1c8110 (v2.6.30-rc1)
CVE-2014-8650 [does not handle mutual authentication]
	RESERVED
	- python-requests-kerberos 0.5-2 (bug #768408)
	NOTE: https://github.com/requests/requests-kerberos/pull/36
	NOTE: request adding https://github.com/mkomitee/requests-kerberos/commit/9c1e08cc17bb6950455a85d33d391ecd2bce6eb6
CVE-2014-8628 (Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows ...)
	{DSA-3116-1 DLA-129-1}
	- polarssl 1.3.9-1
	NOTE: Cf. https://bugzilla.redhat.com/show_bug.cgi?id=1159845#c5 and following.
	NOTE: Patch for 1.2.x: https://github.com/polarssl/polarssl/commit/6b440389136afbcb0d831f880176c830bd3e0c7c
	NOTE: Version 1.2.11 also brings other security-relevant fixes. Maybe update to new upstream version?
CVE-2014-8627 (PolarSSL 1.3.8 does not properly negotiate the signature algorithm to ...)
	- polarssl 1.3.9-1
	[wheezy] - polarssl <not-affected> (Problem introduced in 1.3.8)
	[squeeze] - polarssl <not-affected> (Problem introduced in 1.3.8)
CVE-2014-8626 (Stack-based buffer overflow in the date_from_ISO8601 function in ...)
	- php5 5.2.9.dfsg.1-1
	NOTE: https://bugs.php.net/bug.php?id=45226
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c818d0d01341907fee82bdb81cab07b7d93bb9db
CVE-2014-8625 (Multiple format string vulnerabilities in the parse_error_msg function ...)
	- dpkg 1.17.22 (unimportant; bug #768485)
	[wheezy] - dpkg 1.16.16
	[squeeze] - dpkg <not-affected> (Regression introduced in 1.16.2)
	NOTE: Rendered non-exploitable by toolchain hardening
	NOTE: https://bugs.launchpad.net/ubuntu/+source/dpkg/+bug/1389135
	NOTE: Regression introduced with https://anonscm.debian.org/cgit/dpkg/dpkg.git/commit/?id=0b8652b226a7601dfd71471797d15168a7337242 (1.16.2)
CVE-2014-8598 (The XML Import/Export plugin in MantisBT 1.2.x does not restrict ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/80a15487
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17780
CVE-2014-8592 (Unspecified vulnerability in SAP Host Agent, as used in SAP NetWeaver ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-8591 (Unspecified vulnerability in SAP Internet Communication Manager (ICM), ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-8590 (XML external entity (XXE) vulnerability in the Web Service Navigator ...)
	NOT-FOR-US: SAP NetWeaver Application Server
CVE-2014-8589 (Integer overflow in SAP Network Interface Router (SAProuter) 40.4 ...)
	NOT-FOR-US: SAP Network Interface Router
CVE-2014-8588 (SQL injection vulnerability in metadata.xsjs in SAP HANA ...)
	NOT-FOR-US: SAP HANA
CVE-2014-8581
	RESERVED
CVE-2014-8580 (Citrix NetScaler Application Delivery Controller and NetScaler Gateway ...)
	NOT-FOR-US: Citrix Netscaler
CVE-2014-8579 (TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a ...)
	NOT-FOR-US: TRENDnet TEW-823DRU devices
CVE-2014-8578 (Cross-site scripting (XSS) vulnerability in the Groups panel in ...)
	- horizon 2014.1.1-3
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: this was split from CVE-2014-3475 by MITRE
CVE-2014-8577 (Multiple cross-site scripting (XSS) vulnerabilities in Croogo before ...)
	NOT-FOR-US: Croogo
CVE-2014-8576
	REJECTED
CVE-2014-8575
	REJECTED
CVE-2014-8574
	REJECTED
CVE-2014-8573
	REJECTED
CVE-2014-8572 (Huawei AC6605 with software V200R001C00; AC6605 with software ...)
	NOT-FOR-US: Huawei
CVE-2014-8571 (Apps on Huawei Ascend P6 mobile phones with software EDGE-U00 ...)
	NOT-FOR-US: Huawei
CVE-2014-8570 (Huawei S9300, S9303, S9306, S9312 with software V100R002; S7700, ...)
	NOT-FOR-US: Huawei
CVE-2014-8569
	RESERVED
CVE-2014-8568
	RESERVED
CVE-2014-8565
	REJECTED
CVE-2014-8564 (The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS ...)
	- gnutls28 3.3.8-4 (bug #769154)
	- gnutls26 <not-affected> (Vulnerable code not present; no support for ECC)
	NOTE: https://gitlab.com/gnutls/gnutls/commit/e821e1908686657a45c1b735f6d077b7a8493e2b (3.3.x branch)
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2014-5
	NOTE: in experimental fixed in 3.3.10-1
CVE-2014-8563
	RESERVED
CVE-2014-8560
	RESERVED
CVE-2014-8558 (JExperts Channel Platform 5.0.33_CCB allows remote authenticated users ...)
	NOT-FOR-US: JExperts Tecnologia Channel Software
CVE-2014-8557 (Multiple cross-site scripting (XSS) vulnerabilities in JExperts ...)
	NOT-FOR-US: JExperts Tecnologia Channel Software
CVE-2014-8556
	RESERVED
CVE-2014-8555 (Directory traversal vulnerability in report/reportViewAction.jsp in ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2014-8553 (The mci_account_get_array_by_id function in ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17243 (currently private)
	NOTE: https://github.com/mantisbt/mantisbt/commit/f779e3d4394a0638d822849863c4098421d911c5
CVE-2014-8552 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before ...)
	NOT-FOR-US: Siemens
CVE-2014-8551 (The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before ...)
	NOT-FOR-US: Siemens
CVE-2014-8550
	RESERVED
CVE-2014-8549 (libavcodec/on2avc.c in FFmpeg before 2.4.2 does not constrain the ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:11.2-1 (bug #773626)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=550f3e9df3410b3dd975e590042c0d83e20a8da3
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=cee4490b521fd0d02476d46aa2598af24fb8d686
CVE-2014-8548 (Off-by-one error in libavcodec/smc.c in FFmpeg before 2.4.2 allows ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=c727401aa9d62335e89d118a5b4e202edf39d905
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=d423dd72be451462c6fb1cbbe313bed0194001ab
CVE-2014-8547 (libavcodec/gifdec.c in FFmpeg before 2.4.2 does not properly compute ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8f1457864be8fb9653643519dea1c6492f1dde57
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=0b39ac6f54505a538c21fe49a626de94c518c903
CVE-2014-8546 (Integer underflow in libavcodec/cinepak.c in FFmpeg before 2.4.2 ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Vulnerable code not present, reproducer tested with 8, 11 and trunk)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e7e5114c506957f40aafd794e06de1a7e341e9d5
CVE-2014-8545 (libavcodec/pngdec.c in FFmpeg before 2.4.2 accepts the ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3e2b745020c2dbf0201fe7df3dad9e7e0b2e1bb6
CVE-2014-8544 (libavcodec/tiff.c in FFmpeg before 2.4.2 does not properly validate ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.3-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e1c0cfaa419aa5d320540d5a1b3f8fd9b82ab7e5
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=ae5e1f3d663a8c9a532d89e588cbc61f171c9186
CVE-2014-8543 (libavcodec/mmvideo.c in FFmpeg before 2.4.2 does not consider all ...)
	{DSA-3189-1}
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8b0e96e1f21b761ca15dbb470cd619a1ebf86c3e
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=17ba719d9ba30c970f65747f42d5fbb1e447ca28
CVE-2014-8542 (libavcodec/utils.c in FFmpeg before 2.4.2 omits a certain codec ID ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=105654e376a736d243aef4a1d121abebce912e6b
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=88626e5af8d006e67189bf10b96b982502a7e8ad
CVE-2014-8541 (libavcodec/mjpegdec.c in FFmpeg before 2.4.2 considers only dimension ...)
	- ffmpeg 7:2.4.3-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:11.2-1 (bug #773626)
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=5c378d6a6df8243f06c87962b873bd563e58cd39
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=809c3023b699c54c90511913d3b6140dd2436550
CVE-2014-8539 (Cross-site scripting (XSS) vulnerability in Simple Email Form 1.8.5 ...)
	NOT-FOR-US: Simple Email
CVE-2013-7409 (Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote ...)
	NOT-FOR-US: ALLPlayer
CVE-2014-8651 (The KDE Clock KCM policykit helper in kde-workspace before 4.11.14 and ...)
	- kde-workspace 4:4.11.13-2 (unimportant)
	NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/diff?rev=54d0bfb5effff9c8cf60da890b7728cbe36a454e&rev_to=fd2aa9deed44fad6107625ad7360157fea7296f6
	NOTE: On Debian changing the clock requires authentication, so it's not exploitable
	NOTE: in the standard setup
CVE-2014-8583 (mod_wsgi before 4.2.4 for Apache, when creating a daemon process ...)
	- mod-wsgi 4.2.7-1
	[wheezy] - mod-wsgi <no-dsa> (Minor issue)
	[squeeze] - mod-wsgi <no-dsa> (Minor issue)
	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/545354a80b9cc20d8b6916ca30542eab36c3b8bd
CVE-2014-8582 (FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point ...)
	NOT-FOR-US: FortiNet FortiADC-E
CVE-2014-8567 (The mod_auth_mellon module before 0.8.1 allows remote attackers to ...)
	- libapache2-mod-auth-mellon 0.9.0
CVE-2014-8566 (The mod_auth_mellon module before 0.8.1 allows remote attackers to ...)
	- libapache2-mod-auth-mellon 0.9.1
CVE-2014-8554 (SQL injection vulnerability in the mc_project_get_attachments function ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17812
	NOTE: http://github.com/mantisbt/mantisbt/commit/99ffb0af (1.2.x branch)
	NOTE: http://github.com/mantisbt/mantisbt/commit/5faf97ab (master)
CVE-2014-8540 (The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2014-8538 (The Hijab Modern (aka com.Aisyaidea.HijabModern) application 1.0 for ...)
	NOT-FOR-US: Hijab Modern (aka com.Aisyaidea.HijabModern) application for Android
CVE-2014-8537 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
	NOT-FOR-US: McAfee
CVE-2014-8536 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
	NOT-FOR-US: McAfee
CVE-2014-8535 (McAfee Network Data Loss Prevention (NDLP) before 9.2.2 allows local ...)
	NOT-FOR-US: McAfee
CVE-2014-8534 (Unspecified vulnerability in the login form in McAfee Network Data ...)
	NOT-FOR-US: McAfee
CVE-2014-8533 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote ...)
	NOT-FOR-US: McAfee
CVE-2014-8532 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
	NOT-FOR-US: McAfee
CVE-2014-8531 (The TLS/SSL Server in McAfee Network Data Loss Prevention (NDLP) ...)
	NOT-FOR-US: McAfee
CVE-2014-8530 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
	NOT-FOR-US: McAfee
CVE-2014-8529 (McAfee Network Data Loss Prevention (NDLP) before 9.3 stores the SSH ...)
	NOT-FOR-US: McAfee
CVE-2014-8528 (McAfee Network Data Loss Prevention (NDLP) before 9.3 logs session ...)
	NOT-FOR-US: McAfee
CVE-2014-8527 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local ...)
	NOT-FOR-US: McAfee
CVE-2014-8526 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows local ...)
	NOT-FOR-US: McAfee
CVE-2014-8525 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not include ...)
	NOT-FOR-US: McAfee
CVE-2014-8524 (McAfee Network Data Loss Prevention (NDLP) before 9.3 does not disable ...)
	NOT-FOR-US: McAfee
CVE-2014-8523 (Cross-site request forgery (CSRF) vulnerability in McAfee Network Data ...)
	NOT-FOR-US: McAfee
CVE-2014-8522 (The MySQL database in McAfee Network Data Loss Prevention (NDLP) ...)
	NOT-FOR-US: McAfee
CVE-2014-8521 (Cross-site scripting (XSS) vulnerability in McAfee Network Data Loss ...)
	NOT-FOR-US: McAfee
CVE-2014-8520 (McAfee Network Data Loss Prevention (NDLP) before 9.3 allows remote ...)
	NOT-FOR-US: McAfee
CVE-2014-8519 (Unspecified vulnerability in McAfee Network Data Loss Prevention ...)
	NOT-FOR-US: McAfee
CVE-2014-8518 (The (1) Removable Media and (2) CD and DVD encryption offsite access ...)
	NOT-FOR-US: McAfee
CVE-2014-8516
	RESERVED
CVE-2014-8515 (The web interface in BitTorrent allows remote attackers to execute ...)
	NOT-FOR-US: uTorrent
CVE-2014-8514 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8513 (Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8512 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8511 (Buffer overflow in an ActiveX control in Atx45.ocx in Schneider ...)
	NOT-FOR-US: Schneider Electric ProClima
CVE-2014-8510 (The AdminUI in Trend Micro InterScan Web Security Virtual Appliance ...)
	NOT-FOR-US: Trend Micro InterScan Web Security Virtual Appliance
CVE-2014-8509 (The lazy_bdecode function in BitTorrent bootstrap-dht (aka Bootstrap) ...)
	NOT-FOR-US: BitTorrent bootstrap-dht (aka Bootstrap)
CVE-2014-8508 (Cross-site scripting (XSS) vulnerability in s_network.asp in the Denon ...)
	NOT-FOR-US: Denon devices
CVE-2014-8507 (Multiple SQL injection vulnerabilities in the queryLastApp method in ...)
	NOT-FOR-US: Android
CVE-2014-8506 (Multiple SQL injection vulnerabilities in Etiko CMS allow remote ...)
	NOT-FOR-US: Etiko CMS
CVE-2014-8505 (Multiple cross-site scripting (XSS) vulnerabilities in Etiko CMS allow ...)
	NOT-FOR-US: Etiko CMS
CVE-2014-8504 (Stack-based buffer overflow in the srec_scan function in bfd/srec.c in ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: http://openwall.com/lists/oss-security/2014/10/27/4
	NOTE: http://openwall.com/lists/oss-security/2014/10/27/5
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c7
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510#c8
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=708d7d0d11f0f2d776171979aa3479e8e12a38a0
CVE-2014-8503 (Stack-based buffer overflow in the ihex_scan function in bfd/ihex.c in ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c33
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c34
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=0102ea8cec5fc509bba6c91df61b7ce23a799d32
CVE-2014-8502 (Heap-based buffer overflow in the pe_print_edata function in ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: See https://sourceware.org/bugzilla/show_bug.cgi?id=17512#c17
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=5a4b0ccc20ba30caef53b01bee2c0aaa5b855339
CVE-2014-8501 (The _bfd_XXi_swap_aouthdr_in function in bfd/peXXigen.c in GNU ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	- gdb <unfixed> (unimportant)
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=7e1e19887abd24aeb15066b141cdff5541e0ec8e
CVE-2014-8500 (ISC BIND 9.0.x through 9.8.x, 9.9.0 through 9.9.6, and 9.10.0 through ...)
	{DSA-3094-1 DLA-112-1}
	- bind9 1:9.9.5.dfsg-7 (bug #772610)
	NOTE: https://kb.isc.org/article/AA-01216/0
CVE-2014-8499 (Multiple SQL injection vulnerabilities in ManageEngine Password ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2014-8498 (SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2014-8497
	RESERVED
CVE-2014-8496 (Digicom DG-5514T ADSL router with firmware 3.2 generates predictable ...)
	NOT-FOR-US: Digicom Router
CVE-2014-8495 (Citrix XenMobile MDX Toolkit before 9.0.4, when used to wrap iOS 8 ...)
	NOT-FOR-US: Citrix XenMobile MDX Toolkit
CVE-2014-8494 (ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) ...)
	NOT-FOR-US: ESTsoft ALUpdate
CVE-2014-8493 (ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to ...)
	NOT-FOR-US: ZTE ZXHN H108L
CVE-2014-8492 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8491 (The Grand Flagallery plugin before 4.25 for WordPress allows remote ...)
	NOT-FOR-US: Grand Flagallery plugin for WordPress
CVE-2014-8490
	RESERVED
CVE-2014-8990 (default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote ...)
	{DSA-3130-1}
	- lsyncd 2.1.5-2 (low; bug #767227)
	[squeeze] - lsyncd <no-dsa> (Minor issue)
	NOTE: https://github.com/axkibe/lsyncd/issues/220
	NOTE: Upstream commit: https://github.com/creshal/lsyncd/commit/18f02ad013b41a72753912155ae2ba72f2a53e52
	NOTE: also required: https://github.com/axkibe/lsyncd/commit/e9ffda07f0145f50f2756f8ee3fb0775b455122b
	NOTE: the initial commit would be an incomplete fix and needs additional changes
CVE-2014-8559 (The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 ...)
	{DSA-3170-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <not-affected> (Introduced in 2.6.38)
	NOTE: References in http://www.openwall.com/lists/oss-security/2014/10/30/7
	NOTE: Upstream fix: https://git.kernel.org/linus/ca5358ef75fc69fee5322a38a340f5739d997c10 (v3.19-rc1)
	NOTE: Upstream fix: https://git.kernel.org/linus/946e51f2bf37f1656916eb75bd0742ba33983c28 (v3.19-rc1)
CVE-2014-8517 (The fetch_url function in usr.bin/ftp/fetch.c in tnftp, as used in ...)
	- tnftp 20130505-2 (low; bug #767171)
	[wheezy] - tnftp <no-dsa> (Minor issue)
	[squeeze] - tnftp <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2014/10/28/4
CVE-2014-9915 (Off-by-one error in ImageMagick before 6.6.0-4 allows remote attackers ...)
	- imagemagick 8:6.8.9.9-1 (bug #767240)
	[wheezy] - imagemagick <not-affected> (Vulnerable code not present)
	[squeeze] - imagemagick <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2016/12/20/3
CVE-2014-8355 (PCX parser code in ImageMagick before 6.8.9-9 allows remote attackers ...)
	{DLA-960-1 DLA-242-1}
	- imagemagick 8:6.8.9.9-1 (bug #767240)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: https://int21.de/cve/CVE-2014-8355-pcx-oob-heap-overflow.html
	- graphicsmagick 1.3.20-3+deb8u1 (bug #778238)
	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/graphicsmagick/code/ci/4426024497f9ed26cbadc5af5a5de55ac84796ff/ (graphicsmagick)
CVE-2014-8562 (DCM decode in ImageMagick before 6.8.9-9 allows remote attackers to ...)
	{DLA-960-1 DLA-242-1}
	- imagemagick 8:6.8.9.9-1 (bug #767240)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2014-8354 (The HorizontalFilter function in resize.c in ImageMagick before ...)
	{DLA-960-1 DLA-242-1}
	- imagemagick 8:6.8.9.9-1
	[squeeze] - imagemagick <no-dsa> (Minor issue)
	NOTE: https://int21.de/cve/CVE-2014-8354-oob-heap-overflow.html
CVE-2014-8561 [Remotely DOS: convert +profile regression enters infinite loop exhausting memory]
	RESERVED
	- imagemagick 8:6.8.9.9-1 (bug #764872)
	[wheezy] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
	[squeeze] - imagemagick <not-affected> (Vulnerable code introduced later; regression)
CVE-2014-8489 (Open redirect vulnerability in startSSO.ping in the SP Endpoints in ...)
	NOT-FOR-US: PingFederate SP Endpoints
CVE-2014-8488 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: yourls
CVE-2014-8487 (Kony Management (aka Enterprise Mobile Management or EMM) 1.2 and ...)
	NOT-FOR-US: Kony Management
CVE-2014-8486
	REJECTED
CVE-2014-8482
	RESERVED
CVE-2014-8479 (The FTP server on Siemens SCALANCE X-300 switches with firmware before ...)
	NOT-FOR-US: FTP server on Siemens SCALANCE X-300 switches
CVE-2014-8478 (The web server on Siemens SCALANCE X-300 switches with firmware before ...)
	NOT-FOR-US: web server on Siemens SCALANCE X-300 switches
CVE-2014-8477
	RESERVED
CVE-2014-8476 (The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not ...)
	{DSA-3070-1}
	[experimental] - kfreebsd-11 11.0~svn284956-1 (bug #768109)
	- kfreebsd-10 10.1~svn274115-1 (bug #768108)
	- kfreebsd-9 <removed> (bug #768104)
	- kfreebsd-8 <removed> (bug #768106)
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, can be fixed in a point release)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://security.FreeBSD.org/advisories/FreeBSD-SA-14:25.setlogin.asc
CVE-2014-8475 (FreeBSD 9.1, 9.2, and 10.0, when compiling OpenSSH with Kerberos ...)
	- openssh <not-affected> (freebsd-specific build system issue)
CVE-2014-8474 (CA Cloud Service Management (CSM) before Summer 2014 allows remote ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8473 (Cross-site request forgery (CSRF) vulnerability in CA Cloud Service ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8472 (CA Cloud Service Management (CSM) before Summer 2014 does not properly ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8471 (CA Cloud Service Management (CSM) before Summer 2014 allows remote ...)
	NOT-FOR-US: CA Cloud Service Management
CVE-2014-8470
	RESERVED
CVE-2014-8469 (Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in ...)
	NOT-FOR-US: PHPFox
CVE-2013-7408 (F5 BIG-IP Analytics 11.x before 11.4.0 uses a predictable session ...)
	NOT-FOR-US: F5 BIG-IP Analytics
CVE-2010-XXXX [insecure handling of /tmp files in debian/preinst]
	- riece 8.0.0-1.3 (unimportant; bug #601325)
	[squeeze] - riece <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-7401
	REJECTED
CVE-2014-8483 (The blowfishECB function in core/cipher.cpp in Quassel IRC 0.10.0 ...)
	{DSA-3068-1 DSA-3063-1 DLA-168-1}
	- quassel 0.10.0-2.1 (bug #766962)
	[squeeze] - quassel <not-affected> (Problematic code does not exist in 0.6.3-2+squeeze2)
	NOTE: https://github.com/quassel/quassel/commit/8b5ecd226f9208af3074b33d3b7cf5e14f55b138
	NOTE: http://bugs.quassel-irc.org/issues/1314
	- konversation 1.5-2 (bug #768191)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=210792
CVE-2014-8481 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...)
	- linux <not-affected> (Present in 3.17 with incomplete fix)
	- linux-2.6 <not-affected> (Present in 3.17 with incomplete fix)
	NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32
CVE-2014-8480 (The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem ...)
	- linux <not-affected> (Introduced in 3.17)
	- linux-2.6 <not-affected> (Introduced in 3.17)
	NOTE: The NULL pointer dereference was introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 (v3.17-rc1)
	NOTE: Fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5
CVE-2014-8485 (The setup_group function in bfd/elf.c in libbfd in GNU binutils 2.24 ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.90.20141104-1
	- binutils-mingw-w64 5.2
	NOTE: http://lcamtuf.blogspot.com.au/2014/10/psa-dont-run-strings-on-untrusted-files.html
	NOTE: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=493a33860c71cac998f1a56d6d87d6faa801fbaa
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17510
CVE-2014-8484 (The srec_scan function in bfd/srec.c in libdbfd in GNU binutils before ...)
	{DSA-3123-2 DSA-3123-1 DLA-184-1}
	- binutils 2.24.51.20140903-1
	- binutils-mingw-w64 5.2
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17509
	NOTE: Upstream commit: https://sourceware.org/git/?p=binutils-gdb.git;a=commit;h=bd25671c6f202c4a5108883caa2adb24ff6f361f
	NOTE: http://openwall.com/lists/oss-security/2014/10/23/5
CVE-2014-8468
	RESERVED
CVE-2014-8467
	RESERVED
CVE-2014-8466
	RESERVED
CVE-2014-8465
	RESERVED
CVE-2014-8464
	RESERVED
CVE-2014-8463
	RESERVED
CVE-2014-8462
	RESERVED
CVE-2014-8461 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8460 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8459 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8458 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8457 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8456 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8455 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8454 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8453 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8452 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8451 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8450 (Adobe Reader and Acrobat 10.x before 10.1.15 and 11.x before 11.0.12, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-8449 (Integer overflow in Adobe Reader and Acrobat 10.x before 10.1.13 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8448 (An unspecified JavaScript API in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8447 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8446 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8445 (Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-8444
	REJECTED
CVE-2014-8443 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.259 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8442 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8441 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8440 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8439 (Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8438 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8437 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-8436
	RESERVED
CVE-2014-8435
	RESERVED
CVE-2014-8434
	RESERVED
CVE-2014-8433
	RESERVED
CVE-2014-8432
	RESERVED
CVE-2014-8431
	RESERVED
CVE-2014-8430
	RESERVED
CVE-2014-8429 (Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats ...)
	NOT-FOR-US: xEpan CMS
CVE-2014-8428 (Privilege escalation vulnerability in Barracuda Load Balancer ...)
	NOT-FOR-US: Barracuda
CVE-2014-8427
	RESERVED
CVE-2014-8426 (Hard coded weak credentials in Barracuda Load Balancer 5.0.0.015. ...)
	NOT-FOR-US: Barracuda
CVE-2014-8425 (The management portal in ARRIS VAP2500 before FW08.41 allows remote ...)
	NOT-FOR-US: Management portal in ARRIS VAP2500
CVE-2014-8424 (ARRIS VAP2500 before FW08.41 does not properly validate passwords, ...)
	NOT-FOR-US: ARRIS VAP2500
CVE-2014-8423 (Unspecified vulnerability in the management portal in ARRIS VAP2500 ...)
	NOT-FOR-US: ARRIS VAP2500
CVE-2014-8422 (The web-based management (WBM) interface in Unify (former Siemens) ...)
	NOT-FOR-US:  Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone
CVE-2014-8421 (Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 ...)
	NOT-FOR-US:  Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone
CVE-2014-8420 (The ViewPoint web application in Dell SonicWALL Global Management ...)
	NOT-FOR-US: Dell SonicWALL
CVE-2014-8419 (Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read ...)
	NOT-FOR-US: Wibu-Systems CodeMeter Runtime
CVE-2014-8418 (The DB dialplan function in Asterisk Open Source 1.8.x before 1.8.32, ...)
	{DLA-455-1}
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24534
	NOTE: http://downloads.digium.com/pub/security/AST-2014-018.html
CVE-2014-8417 (ConfBridge in Asterisk 11.x before 11.14.1, 12.x before 12.7.1, and ...)
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[wheezy] - asterisk <not-affected> (Only affects 11.x, 12.x and 13.x)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24490
	NOTE: http://downloads.digium.com/pub/security/AST-2014-017.html
CVE-2014-8416 (Use-after-free vulnerability in the PJSIP channel driver in Asterisk ...)
	- asterisk 1:13.1.0~dfsg-1
	[jessie] - asterisk <not-affected> (PJSIP channel not available yet)
	[wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
	[squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
	NOTE: http://downloads.digium.com/pub/security/AST-2014-016.html
CVE-2014-8415 (Race condition in the chan_pjsip channel driver in Asterisk Open ...)
	- asterisk 1:13.1.0~dfsg-1
	[jessie] - asterisk <not-affected> (PJSIP channel not available yet)
	[wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
	[squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24471
	NOTE: http://downloads.digium.com/pub/security/AST-2014-015.html
CVE-2014-8414 (ConfBridge in Asterisk 11.x before 11.14.1 and Certified Asterisk 11.6 ...)
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[wheezy] - asterisk <not-affected> (Only affects 11.x)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24440
	NOTE: http://downloads.digium.com/pub/security/AST-2014-014.html
CVE-2014-8413 (The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 ...)
	- asterisk 1:13.1.0~dfsg-1
	[jessie] - asterisk <not-affected> (PJSIP channel not available yet)
	[wheezy] - asterisk <not-affected> (PJSIP channel not available yet)
	[squeeze] - asterisk <not-affected> (PJSIP channel not available yet)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24531
	NOTE: http://downloads.digium.com/pub/security/AST-2014-013.html
CVE-2014-8412 (The (1) VoIP channel drivers, (2) DUNDi, and (3) Asterisk Manager ...)
	{DLA-455-1}
	- asterisk 1:13.1.0~dfsg-1 (bug #771463)
	[jessie] - asterisk 1:11.13.1~dfsg-2
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24469
	NOTE: http://downloads.digium.com/pub/security/AST-2014-012.html
CVE-2014-8411
	RESERVED
CVE-2014-8410
	RESERVED
CVE-2014-8409
	RESERVED
CVE-2014-8408
	RESERVED
CVE-2014-8407
	RESERVED
CVE-2014-8406
	RESERVED
CVE-2014-8405
	RESERVED
CVE-2014-8404
	RESERVED
CVE-2014-8403
	RESERVED
CVE-2014-8402
	RESERVED
CVE-2014-8401
	RESERVED
CVE-2014-8400
	RESERVED
CVE-2014-8398 (Multiple untrusted search path vulnerabilities in Corel FastFlick ...)
	NOT-FOR-US: Corel FastFlick
CVE-2014-8397 (Untrusted search path vulnerability in Corel VideoStudio PRO X7 or ...)
	NOT-FOR-US: Corel
CVE-2014-8396 (Untrusted search path vulnerability in Corel PDF Fusion allows local ...)
	NOT-FOR-US: Corel PDF Fusion
CVE-2014-8395 (Untrusted search path vulnerability in Corel Painter 2015 allows local ...)
	NOT-FOR-US: Corel Painter
CVE-2014-8394 (Multiple untrusted search path vulnerabilities in Corel CAD 2014 allow ...)
	NOT-FOR-US: Corel CAD
CVE-2014-8393 (DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, ...)
	NOT-FOR-US: Corel
CVE-2014-8392
	RESERVED
CVE-2014-8391 (The Web interface in Sendio before 7.2.4 does not properly handle ...)
	NOT-FOR-US: Sendio
CVE-2014-8390 (Multiple buffer overflows in Schneider Electric VAMPSET before 2.2.168 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-8389 (cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 ...)
	NOT-FOR-US: AirLive
CVE-2014-8388 (Stack-based buffer overflow in Advantech WebAccess, formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-8387 (cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point ...)
	NOT-FOR-US: Advantech EKI-6340
CVE-2014-8386 (Multiple stack-based buffer overflows in Advantech AdamView 4.3 and ...)
	NOT-FOR-US: Advantech AdamView
CVE-2014-8385 (Buffer overflow on Advantech EKI-1200 gateways with firmware before ...)
	NOT-FOR-US: Advantech EKI-1200 gateways
CVE-2014-8384 (The InFocus IN3128HD projector with firmware 0.26 does not restrict ...)
	NOT-FOR-US: InFocus IN3128HD projector
CVE-2014-8383 (The InFocus IN3128HD projector with firmware 0.26 allows remote ...)
	NOT-FOR-US: InFocus IN3128HD projector
CVE-2014-8382
	RESERVED
CVE-2014-8381 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Megapolis.Portal Manager
CVE-2014-8380 (Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote ...)
	NOT-FOR-US: Splunk
CVE-2014-8379 (Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA ...)
	NOT-FOR-US: Drupal module Marketo MA
CVE-2014-8378 (Cross-site scripting (XSS) vulnerability in the TableField module ...)
	NOT-FOR-US: Drupal module TableField
CVE-2014-8377 (Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script ...)
	NOT-FOR-US: Webasyst Shop-Script
CVE-2014-8376 (Cross-site scripting (XSS) vulnerability in the context administration ...)
	NOT-FOR-US: Drupal module Site Banner
CVE-2014-8375 (SQL injection vulnerability in GBgallery.php in the GB Gallery ...)
	NOT-FOR-US: WordPress plugin GB Gallery Slideshow
CVE-2014-8374
	REJECTED
CVE-2014-8373 (The VMware Remote Console (VMRC) function in VMware vCloud Automation ...)
	NOT-FOR-US: VMware vCloud Automation Center
CVE-2014-8372 (AirWatch by VMware On-Premise 7.3.x before 7.3.3.0 (FP3) allows remote ...)
	NOT-FOR-US: VMware AirWatch
CVE-2014-8371 (VMware vCenter Server Appliance (vCSA) 5.5 before Update 2, 5.1 before ...)
	NOT-FOR-US: VMware vSphere
CVE-2014-8370 (VMware Workstation 10.x before 10.0.5, VMware Player 6.x before 6.0.5, ...)
	NOT-FOR-US: VMware
CVE-2014-8369 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
	{DSA-3093-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <not-affected> (Incomplete fix for CVE-2014-3601 was not applied)
	NOTE: Introduced by http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
	NOTE: Fixed by: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3d32e4dbe71374a6780eaf51d719d76f9a9bf22f
CVE-2014-8368 (The web interface in Aruba Networks AirWave before 7.7.14 and 8.x ...)
	NOT-FOR-US: Aruba Networks AirWave
CVE-2014-8367 (SQL injection vulnerability in Aruba Networks ClearPass Policy Manager ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-8366 (SQL injection vulnerability in openSIS 4.5 through 5.3 allows remote ...)
	NOT-FOR-US: openSIS
CVE-2014-8365 (Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact ...)
	NOT-FOR-US: Xornic Contact Us Form
CVE-2014-8364 (Cross-site scripting (XSS) vulnerability in ss_handler.php in the ...)
	NOT-FOR-US: WordPress plugin wpSS
CVE-2014-8363 (SQL injection vulnerability in ss_handler.php in the WordPress ...)
	NOT-FOR-US: WordPress plugin wpSS
CVE-2014-8362 (Vivint Sky Control Panel 1.1.1.9926 allows remote attackers to enable ...)
	NOT-FOR-US: Vivint Sky Control Panel
CVE-2014-8361 (The miniigd SOAP service in Realtek SDK allows remote attackers to ...)
	NOT-FOR-US: Realtek SDK
CVE-2014-8360 (Directory traversal vulnerability in inc/autoload.function.php in GLPI ...)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: original bug: https://forge.indepnet.net/issues/5101
	NOTE: followup: https://forge.indepnet.net/issues/5113
	NOTE: appears to be a generic autoloading abuse; possibly with
	NOTE: some use of simplepie being the attack vector
CVE-2014-8359 (Untrusted search path vulnerability in Huawei Mobile Partner for ...)
	NOT-FOR-US: Huawei Mobile Partner for Windows
CVE-2014-8358 (Huawei EC156, EC176, and EC177 USB Modem products with software before ...)
	NOT-FOR-US: Huawei
CVE-2014-8357 (backupsettings.html in the web administrative portal in Zhone zNID ...)
	NOT-FOR-US: ZHONE Router
CVE-2014-8356
	RESERVED
	NOT-FOR-US: ZHONE Router
CVE-2014-8353
	RESERVED
CVE-2014-8352 (Cross-site scripting (XSS) vulnerability in json.php in French ...)
	NOT-FOR-US: CookieViz
CVE-2014-8351 (SQL injection vulnerability in info.php in French National Commission ...)
	NOT-FOR-US: CookieViz
CVE-2014-8349 (Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise ...)
	NOT-FOR-US: Liferay Portal
CVE-2014-8348
	RESERVED
CVE-2014-8347
	RESERVED
CVE-2014-8346 (The Remote Controls feature on Samsung mobile devices does not ...)
	NOT-FOR-US: Samsung mobile devices
CVE-2014-8345
	RESERVED
CVE-2014-8344
	RESERVED
CVE-2014-8343
	RESERVED
CVE-2014-8342
	RESERVED
CVE-2014-8341
	RESERVED
CVE-2014-8340 (SQL injection vulnerability in Php/Functions/log_function.php in ...)
	NOT-FOR-US: phpTrafficA
CVE-2014-8339 (SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ...)
	NOT-FOR-US: Nuevolabs Nuevoplayer for clipshare
CVE-2014-8338
	RESERVED
CVE-2014-8337
	RESERVED
CVE-2014-8336 (The &quot;Sql Run Query&quot; panel in WP-DBManager (aka Database Manager) ...)
	NOT-FOR-US: WP-DBManager plugin for WordPress
CVE-2014-8335 ((1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager ...)
	NOT-FOR-US: WP-DBManager (aka Database Manager) plugin for WordPress
CVE-2014-8334 (The WP-DBManager (aka Database Manager) plugin before 2.7.2 for ...)
	NOT-FOR-US: WordPress plugin wp-dbmanager
CVE-2014-8332
	RESERVED
CVE-2014-8331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
	NOT-FOR-US: Huawei HiLink
CVE-2014-8330 (Cross-site scripting (XSS) vulnerability in EspoCRM allows remote ...)
	NOT-FOR-US: EspoCRM
CVE-2014-8329 (Schrack Technik microControl with firmware before 1.7.0 (937) stores ...)
	NOT-FOR-US: Schrack Technik microControl
CVE-2014-8324 (network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...)
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/88702a3ce4c28a973bf69023cd0312f412f6193e
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/16
CVE-2014-8323 (buddy-ng.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to ...)
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/da087238963c1239fdabd47dc1b65279605aca70
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/15
CVE-2014-8322 [tcp_test stack overflow]
	RESERVED
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/091b153f294b9b695b0b2831e65936438b550d7b
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/14
CVE-2014-8321 [GPS stack overflow]
	RESERVED
	- aircrack-ng 1:1.2-0~beta3-2 (bug #767979)
	NOTE: https://github.com/aircrack-ng/aircrack-ng/commit/ff70494dd389ba570dbdbf36f217c28d4381c6b5
	NOTE: https://github.com/aircrack-ng/aircrack-ng/pull/13
CVE-2014-8320 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...)
	NOT-FOR-US: Drupal module Custom Search
CVE-2014-8319 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Drupal module Easy Social
CVE-2014-8318 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...)
	NOT-FOR-US: Drupal module Webform
CVE-2014-8317 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...)
	NOT-FOR-US: Drupal module Webform Validation
CVE-2013-7407 (Cross-site request forgery (CSRF) vulnerability in the MRBS module for ...)
	NOT-FOR-US: Drupal module MRBS
CVE-2013-7406 (SQL injection vulnerability in the MRBS module for Drupal allows ...)
	NOT-FOR-US: Drupal module MRBS
CVE-2014-8350 (Smarty before 3.1.21 allows remote attackers to bypass the secure mode ...)
	{DLA-452-1}
	- smarty3 3.1.21-1 (bug #765920)
	- smarty <not-affected> (Only affects 3.x series)
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/smarty-php/smarty/commit/279bdbd3521cd717cae6a3ba48f1c3c6823f439d.patch
CVE-2014-8399 (The default configuration in systemd-shim 8 enables the Abandon ...)
	- systemd-shim 8-4
	NOTE: Fixed by: https://github.com/desrt/systemd-shim/commit/d2e91c118f6128875274a638007702d1cc665893
	NOTE: with version 8-4 systemd-shim does not ship anymore a dbus policy, see https://bugs.debian.org/765101
CVE-2014-8333 (The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows ...)
	- nova 2014.1.3-7
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	NOTE: versions affected up to to 2014.1.3
	NOTE: https://launchpad.net/bugs/1359138
	NOTE: https://review.openstack.org/125492
CVE-2014-8328
	RESERVED
	NOT-FOR-US: TYPO3 extension dce
CVE-2014-8327 (The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions ...)
	NOT-FOR-US: TYPO3 extension fal_sftp
CVE-2014-8326 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:4.2.10.1-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-12.php
CVE-2014-8325 (The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 ...)
	NOT-FOR-US: TYPO3 extension cal
CVE-2014-8316 (XML External Entity (XXE) vulnerability in polestar_xml.jsp in SAP ...)
	NOT-FOR-US: SAP BusinessObjects Explorer
CVE-2014-8315 (polestar_xml.jsp in SAP BusinessObjects Explorer 14.0.5 build 882 ...)
	NOT-FOR-US: SAP BusinessObjects Explorer
CVE-2014-8314 (Multiple cross-site scripting (XSS) vulnerabilities in SAP HANA ...)
	NOT-FOR-US: SAP HANA
CVE-2014-8313 (Eval injection in ide/core/base/server/net.xsjs in the Developer ...)
	NOT-FOR-US: SAP HANA
CVE-2014-8312 (Business Warehouse (BW) in SAP Netweaver AS ABAP 7.31 allows remote ...)
	NOT-FOR-US: SAP Netweaver AS ABAP
CVE-2014-8311 (SAP BusinessObjects Edge 4.0 allows remote attackers to obtain ...)
	NOT-FOR-US: SAP BusinessObjects Edge
CVE-2014-8310 (The CMS CORBA listener in SAP BusinessObjects BI Edge 4.0 allows ...)
	NOT-FOR-US: SAP BusinessObjects BI Edge
CVE-2014-8309 (SAP BusinessObjects 4.0 and BusinessObjects XI (BOXI) R2 and 3.1 ...)
	NOT-FOR-US: SAP
CVE-2014-8308 (Cross-site scripting (XSS) vulnerability in the Send to Inbox ...)
	NOT-FOR-US: SAP BusinessObjects BI EDGE
CVE-2014-8307 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: C97net Cart Engine
CVE-2014-8306 (SQL injection vulnerability in the sql_query function in cart.php in ...)
	NOT-FOR-US: C97net Cart Engine
CVE-2014-8305 (Open redirect vulnerability in the redir function in ...)
	NOT-FOR-US: C97net Cart Engine
CVE-2014-8304 (Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and ...)
	NOT-FOR-US: In-Portal
CVE-2014-8303 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk Web
CVE-2014-8302 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk Web
CVE-2014-8301 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk Web
CVE-2014-8300
	RESERVED
CVE-2014-8299
	RESERVED
CVE-2014-8298 (The NVIDIA Linux Discrete GPU drivers before R304.125, R331.x before ...)
	- nvidia-graphics-drivers 340.65-1
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-304xx 304.125-1
	- nvidia-graphics-drivers-legacy-173xx <removed> (bug #772973)
	[wheezy] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
	- nvidia-graphics-drivers-legacy-96xx <removed> (bug #772972)
	[wheezy] - nvidia-graphics-drivers-legacy-96xx <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers-legacy-96xx <no-dsa> (Non-free not supported)
CVE-2014-8297
	RESERVED
CVE-2014-8296 (Cross-site scripting (XSS) vulnerability in the Modal Frame API module ...)
	NOT-FOR-US: Drupal module Modal Frame API
CVE-2014-XXXX [freecad downloads and executes code]
	- freecad 0.14.3702+dfsg-3 (bug #764814)
	[squeeze] - freecad <not-affected> (Problematic code not present)
	NOTE: http://freecadweb.org/tracker/view.php?id=1785
CVE-2014-8295 (SQL injection vulnerability in joblogs.php in Bacula-Web 5.2.10 allows ...)
	NOT-FOR-US: Bacula-Web
	NOTE: Bacula-Web is not part of bacula itself and not ITP #656891
CVE-2014-8294 (Multiple SQL injection vulnerabilities in Voice Of Web AllMyGuests ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2014-8293 (Cross-site scripting (XSS) vulnerability in Voice Of Web AllMyGuests ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2014-8764 (DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP ...)
	{DSA-3059-1 DLA-79-1}
	- dokuwiki 0.0.20140929.a-1 (bug #766545)
	[jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545)
	NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8763 (DokuWiki before 2014-05-05b, when using Active Directory for LDAP ...)
	{DSA-3059-1 DLA-79-1}
	- dokuwiki 0.0.20140929.a-1 (bug #766545)
	[jessie] - dokuwiki <not-affected> (PHP 5.6 in jessie fixes this on the PHP level, see #766545)
	NOTE: Fix at PHP level: http://git.php.net/?p=php-src.git;a=commitdiff;h=ad1b9eef98df53adefa0c79c02e5dc1f2b928b8c
CVE-2014-8762 (The ajax_mediadiff function in DokuWiki before 2014-05-05a allows ...)
	{DSA-3059-1}
	- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
CVE-2014-8761 (inc/template.php in DokuWiki before 2014-05-05a only checks for access ...)
	{DSA-3059-1}
	- dokuwiki 0.0.20140505.a+dfsg-1 (bug #766545)
	[squeeze] - dokuwiki <not-affected> (Vulnerable code not present)
CVE-2014-8760 (ejabberd before 2.1.13 does not enforce the starttls_required setting ...)
	{DLA-881-1}
	- ejabberd 14.07-3 (low; bug #767535)
	[squeeze] - ejabberd <no-dsa> (Minor issue)
	NOTE: http://mail.jabber.org/pipermail/operators/2014-October/002438.html
	NOTE: Patch https://github.com/processone/ejabberd/commit/7bdc1151b
CVE-2014-8759
	RESERVED
CVE-2014-8758 (Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8757 (LG On-Screen Phone (OSP) before 4.3.010 allows remote attackers to ...)
	NOT-FOR-US: LG On-Screen Phone
CVE-2014-8756 (The NcrCtl4.NcrNet.1 control in Panasonic Network Camera Recorder ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2014-8755 (Panasonic Network Camera View 3 and 4 allows remote attackers to ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2014-8754 (Open redirect vulnerability in track-click.php in the Ad-Manager ...)
	NOT-FOR-US: WordPress plugin ad-manager-for-wp
CVE-2014-8753 (Multiple cross-site scripting (XSS) vulnerabilities in Cit-e-Net ...)
	NOT-FOR-US: Cit-e-Net
CVE-2014-8752 (Multiple cross-site scripting (XSS) vulnerabilities in view.php in ...)
	NOT-FOR-US: JCE-Tech PHP Video Script
CVE-2014-8751 (Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress ...)
	NOT-FOR-US: goYWP WebPress
CVE-2014-8749 (Server-side request forgery (SSRF) vulnerability in ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2014-8748 (Cross-site scripting (XSS) vulnerability in the Google Doubleclick for ...)
	NOT-FOR-US: Drupal module Google Doubleclick for Publishers
CVE-2014-8747 (Cross-site scripting (XSS) vulnerability in the Drupal Commons module ...)
	NOT-FOR-US: Drupal module Drupal Commons
CVE-2014-8746 (Cross-site scripting (XSS) vulnerability in the Skeleton theme 7.x-1.2 ...)
	NOT-FOR-US: Drupal theme Skeleton
CVE-2014-8745 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...)
	NOT-FOR-US: Drupal module Custom Search
CVE-2014-8744 (Cross-site scripting (XSS) vulnerability in the Nivo Slider module ...)
	NOT-FOR-US: Drupal module Nivo Slider
CVE-2014-8743 (Multiple cross-site scripting (XSS) vulnerabilities in the Maestro ...)
	NOT-FOR-US: Drupal module Maestro
CVE-2014-8292
	REJECTED
CVE-2014-8291
	REJECTED
CVE-2014-8290
	REJECTED
CVE-2014-8289
	REJECTED
CVE-2014-8288
	REJECTED
CVE-2014-8287
	REJECTED
CVE-2014-8286
	REJECTED
CVE-2014-8285
	REJECTED
CVE-2014-8284
	REJECTED
CVE-2014-8283
	REJECTED
CVE-2014-8282
	REJECTED
CVE-2014-8281
	REJECTED
CVE-2014-8280
	REJECTED
CVE-2014-8279
	REJECTED
CVE-2014-8278
	REJECTED
CVE-2014-8277
	REJECTED
CVE-2014-8276
	REJECTED
CVE-2014-8275 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=86edf13b1c97526c0cf63c37342aaa01f5442688
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=5951cc004b96cd681ffdf39d3fc9238a1ff597ae
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a8565530e27718760220df469f0a071c85b9e731
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=178c562a4621162dbe19a7c34fa2ad558684f40e
CVE-2014-8274
	RESERVED
CVE-2014-8273
	RESERVED
CVE-2014-8272 (The IPMI 1.5 functionality in Dell iDRAC6 modular before 3.65, iDRAC6 ...)
	NOT-FOR-US: Dell iDRAC6
CVE-2014-8271
	RESERVED
	NOT-FOR-US: uefi
CVE-2014-8270 (BMC Track-It! 11.3 allows remote attackers to gain privileges and ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-8269 (Multiple stack-based buffer overflows in (1) HWOPOSScale.ocx and (2) ...)
	NOT-FOR-US: Honeywell OPOS Suite
CVE-2014-8268 (QPR Portal before 2012.2.1 allows remote attackers to modify or delete ...)
	NOT-FOR-US: QPR Portal
CVE-2014-8267 (Cross-site scripting (XSS) vulnerability in QPR Portal 2014.1.1 and ...)
	NOT-FOR-US: QPR Portal
CVE-2014-8266 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: QPR Portal
CVE-2014-8265
	RESERVED
CVE-2014-8264
	RESERVED
CVE-2014-8263
	RESERVED
CVE-2014-8262
	RESERVED
CVE-2014-8261
	RESERVED
CVE-2014-8260
	RESERVED
CVE-2014-8259
	RESERVED
CVE-2014-8258
	RESERVED
CVE-2014-8257
	RESERVED
CVE-2014-8256
	RESERVED
CVE-2014-8255
	RESERVED
CVE-2014-8254
	RESERVED
CVE-2014-8253
	RESERVED
CVE-2014-8252
	RESERVED
CVE-2014-8251
	RESERVED
CVE-2014-8250
	RESERVED
CVE-2014-8249
	RESERVED
CVE-2014-8248 (SQL injection vulnerability in CA Release Automation (formerly iTKO ...)
	NOT-FOR-US: CA Release Automation
CVE-2014-8247 (Cross-site scripting (XSS) vulnerability in CA Release Automation ...)
	NOT-FOR-US: CA Release Automation
CVE-2014-8246 (Cross-site request forgery (CSRF) vulnerability in CA Release ...)
	NOT-FOR-US: CA Release Automation
CVE-2014-8245
	RESERVED
CVE-2014-8244 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...)
	NOT-FOR-US: Linksys SMART WiFi
CVE-2014-8243 (Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before ...)
	NOT-FOR-US: Linksys SMART WiFi
CVE-2014-8239
	REJECTED
CVE-2014-8238
	REJECTED
CVE-2014-8237
	REJECTED
CVE-2014-8236
	REJECTED
CVE-2014-8235
	REJECTED
CVE-2014-8234
	REJECTED
CVE-2014-8233
	REJECTED
CVE-2014-8232
	REJECTED
CVE-2014-8231
	REJECTED
CVE-2014-8230
	REJECTED
CVE-2014-8229
	REJECTED
CVE-2014-8228
	REJECTED
CVE-2014-8227
	REJECTED
CVE-2014-8226
	REJECTED
CVE-2014-8225
	REJECTED
CVE-2014-8224
	REJECTED
CVE-2014-8223
	REJECTED
CVE-2014-8222
	REJECTED
CVE-2014-8221
	REJECTED
CVE-2014-8220
	REJECTED
CVE-2014-8219
	REJECTED
CVE-2014-8218
	REJECTED
CVE-2014-8217
	REJECTED
CVE-2014-8216
	REJECTED
CVE-2014-8215
	REJECTED
CVE-2014-8214
	REJECTED
CVE-2014-8213
	REJECTED
CVE-2014-8212
	REJECTED
CVE-2014-8211
	REJECTED
CVE-2014-8210
	REJECTED
CVE-2014-8209
	REJECTED
CVE-2014-8208
	REJECTED
CVE-2014-8207
	REJECTED
CVE-2014-8206
	REJECTED
CVE-2014-8205
	REJECTED
CVE-2014-8204
	REJECTED
CVE-2014-8203
	REJECTED
CVE-2014-8202
	REJECTED
CVE-2014-8201
	REJECTED
CVE-2014-8200
	REJECTED
CVE-2014-8199
	REJECTED
CVE-2014-8198
	REJECTED
CVE-2014-8197
	REJECTED
CVE-2014-8196
	REJECTED
CVE-2014-8195
	REJECTED
CVE-2014-8194
	REJECTED
CVE-2014-8193
	REJECTED
CVE-2014-8192
	REJECTED
CVE-2014-8191
	REJECTED
CVE-2014-8190
	REJECTED
CVE-2014-8189
	REJECTED
CVE-2014-8188
	REJECTED
CVE-2014-8187
	REJECTED
CVE-2014-8186
	REJECTED
CVE-2014-8185
	REJECTED
CVE-2014-8184 [stack-based buffer overflow in findTable()]
	RESERVED
	- liblouis 2.6.2-1 (bug #880621)
	[jessie] - liblouis 2.5.3-3+deb8u1
	[wheezy] - liblouis <not-affected> (Vulnerable code introduced in 2.5.0)
	NOTE: https://github.com/liblouis/liblouis/issues/425
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701
	NOTE: Introduced by: https://github.com/liblouis/liblouis/commit/26ca8619a29951d6b4acf8b7a732a8b35e4e7bd3 (liblouis_2_5_0)
	NOTE: Fixed in merge: https://github.com/liblouis/liblouis/commit/dc97ef791a4fae9da11592c79f9f79e010596e0c#diff-7ade83431f79d2120c82012aee3b05c9L4524
	NOTE: CVE is for several buffer overflows in the findTable function, cf.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1492701#c7
CVE-2014-8183
	RESERVED
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8182 [crash in ldap_domain2hostlist when processing SRV records]
	RESERVED
	- openldap <not-affected> (Vulnerable code introduced in RHEL specific patch)
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=7027
	NOTE: Reference for upstream fix: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=blobdiff;f=libraries/libldap/dnssrv.c;h=de849e30d5b01ae855853c79e88fb06d7aea1137;hp=6d1bfa8e3c2b05ca5ed0ebebc00c3a30086bca95;hb=31995b535e10c45e698b62d39db998c51f799327;hpb=5de85b922aaa5bfa6eb53db6000adf01ebdb0736
	NOTE: and: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commitdiff;h=eef1ca007f60fdcb9b5368608e87dd0b2404bceb
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1095976#c26 claims this flaw was never in a OpenLDAP release
CVE-2014-8181 [scsi: do not fill dirty page content in the SG_IO buffer]
	RESERVED
	- linux <not-affected> (Specific to RHEL 7)
CVE-2014-8180 (MongoDB on Red Hat Satellite 6 allows local users to bypass ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8179
	RESERVED
	- docker.io 1.8.3~ds1-1
CVE-2014-8178
	RESERVED
	- docker.io 1.8.3~ds1-1
CVE-2014-8177 (The Red Hat gluster-swift package, as used in Red Hat Gluster Storage ...)
	NOT-FOR-US: gluster-swift
CVE-2014-8176 (The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before ...)
	{DSA-3287-1 DLA-247-1}
	- openssl 1.0.1h-1
	NOTE: http://openssl.org/news/secadv/20150611.txt
CVE-2014-8175 (Red Hat JBoss Fuse before 6.2.0 allows remote authenticated users to ...)
	NOT-FOR-US: JBoss Fuse
CVE-2014-8174 (eDeploy makes it easier for remote attackers to execute arbitrary code ...)
	- edeploy <itp> (bug #717664)
CVE-2014-8173 (The pmd_none_or_trans_huge_or_clear_bad function in ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (Introduced in 3.10 with 1998cc048901)
	- linux-2.6 <not-affected> (Introduced in 3.10 with 1998cc048901)
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee53664bda169f519ce3c6a22d378f0b946c8178 (v3.13-rc5)
CVE-2014-8172 (The filesystem implementation in the Linux kernel before 3.13 performs ...)
	- linux 3.13.4-1
	[wheezy] - linux <no-dsa> (Too intrusive to backport)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	NOTE: Upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=eee5cc2702929fd41cce28058dc6d6717f723f87 (v3.13-rc1)
CVE-2014-8171 (The memory resource controller (aka memcg) in the Linux kernel allows ...)
	- linux 3.12.6-1
	[wheezy] - linux <no-dsa> (Too difficult and risky to backport)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too difficult and risky to backport)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3812c8c8f3953921ef18544110dafc3505c1ac62 (v3.12-rc1)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4942642080ea82d99ab5b653abb9a12b7ba31f4a (v3.12-rc6)
CVE-2014-8170 (ovirt_safe_delete_config in ovirtfunctions.py and other unspecified ...)
	- ovirt-node <itp> (bug #502024)
CVE-2014-8169 (automount 5.0.8, when a program map uses certain interpreted ...)
	- autofs 5.0.8-2 (bug #779591)
	[wheezy] - autofs <not-affected> (Vulnerable code introduced in 5.0.8)
	- autofs5 <not-affected> (Vulnerable code introduced in 5.0.8)
CVE-2014-8168 (Red Hat Satellite 6 allows local users to access mongod and delete ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8167
	RESERVED
	NOT-FOR-US: Red Hat vdms and vdsclient
CVE-2014-8166 (The browsing feature in the server in CUPS does not filter ANSI escape ...)
	- cups <unfixed> (unimportant)
	NOTE: Patch: https://bugzilla.redhat.com/attachment.cgi?id=916761
	NOTE: Terminal emulators need to perform proper escaping
CVE-2014-8165 (scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the ...)
	- powerpc-utils <not-affected> (Vulnerable code not present)
	NOTE: http://sourceforge.net/p/powerpc-utils/mailman/message/32884230
CVE-2014-8164
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2014-8163 (Directory traversal vulnerability in the XMLRPC interface in Red Hat ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8162 (XML external entity (XXE) in the RPC interface in Spacewalk and Red ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-8161
	RESERVED
	{DSA-3155-1 DLA-152-1}
	- postgresql-9.4 9.4.1-1
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
CVE-2014-8160 (net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db29a9508a9246e77087c5531e45b2c88ec6988b (v3.18-rc1)
	NOTE: http://www.spinics.net/lists/netfilter-devel/msg33430.html
CVE-2014-8159 (The InfiniBand (IB) implementation in the Linux kernel package before ...)
	{DSA-3237-1 DLA-246-1}
	- linux 3.16.7-ckt9-1
	- linux-2.6 <removed>
CVE-2014-8158 (Multiple stack-based buffer overflows in jpc_qmfb.c in JasPer 1.900.1 ...)
	{DSA-3138-1 DLA-138-1}
	- jasper 1.900.1-debian1-2.4 (bug #775970)
	NOTE: http://www.ocert.org/advisories/ocert-2015-001.html
CVE-2014-8157 (Off-by-one error in the jpc_dec_process_sot function in JasPer 1.900.1 ...)
	{DSA-3138-1 DLA-138-1}
	- jasper 1.900.1-debian1-2.4 (bug #775970)
	NOTE: http://www.ocert.org/advisories/ocert-2015-001.html
CVE-2014-8156 (The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in ...)
	- fso-deviced 0.12.0-5
	[wheezy] - fso-deviced <no-dsa> (Minor issue)
	- fso-datad 0.12.0-3
	[wheezy] - fso-datad <no-dsa> (Minor issue)
	- fso-frameworkd 0.9.5.9+git20110512-5
	[wheezy] - fso-frameworkd <no-dsa> (Minor issue)
	[squeeze] - fso-frameworkd <no-dsa> (Minor issue)
	- fso-gsmd 0.12.0-4
	[wheezy] - fso-gsmd <no-dsa> (Minor issue)
	- fso-usaged 0.12.0-3
	[wheezy] - fso-usaged <no-dsa> (Minor issue)
	[squeeze] - fso-usaged <no-dsa> (Minor issue)
	- phonefsod 0.1+git20121018-2
	[wheezy] - phonefsod <no-dsa> (Minor issue)
	[squeeze] - phonefsod <no-dsa> (Minor issue)
CVE-2014-8155 (GnuTLS before 2.9.10 does not verify the activation and expiration ...)
	{DLA-180-1}
	- gnutls26 2.9.10-1
	- gnutls28 <not-affected> (Initial version 3.0.0-1 already contained the check based on 2.9.10)
	NOTE: Fixed by: https://gitlab.com/gnutls/gnutls/commit/897cbce62c0263a498088ac3e465aa5f05f8719c
CVE-2014-8154 (The Gst.MapInfo function in Vala 0.26.0 and 0.26.1 uses an incorrect ...)
	- vala-0.26 0.26.1-1.1 (bug #775913)
	- vala-0.16 <not-affected> (MapInfo not yet present)
	- vala-0.14 <not-affected> (MapInfo not yet present)
	- vala <not-affected> (MapInfo not yet present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=678663
	NOTE: https://git.gnome.org/browse/vala/commit/?id=3092537db65887e24a3d3e87a27caf9c5295e4f7
	NOTE: Binaries with buggy bindings package that use Gst.MapInfo() function
	NOTE: are affected as well and need to be rebuilt, shotwell, rygel, ...
CVE-2014-8153 (The L3 agent in OpenStack Neutron 2014.2.x before 2014.2.2, when using ...)
	- neutron <not-affected> (Affects neutron 2014.2 up to 2014.2.1)
CVE-2014-8152 (Apache Santuario XML Security for Java 2.0.x before 2.0.3 allows ...)
	- libxml-security-java <not-affected> (streaming XML Signature support introduced in 2.0.0)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1634334
	NOTE: http://santuario.apache.org/secadv.data/CVE-2014-8152.txt.asc
CVE-2014-8151 (The darwinssl_connect_step1 function in lib/vtls/curl_darwinssl.c in ...)
	- curl <not-affected> (Only relevant when building with darwinssl/Mac OS X)
	NOTE: http://curl.haxx.se/docs/adv_20150108A.html
CVE-2014-8150 (CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, ...)
	{DSA-3122-1 DLA-134-1}
	- curl 7.38.0-4
	NOTE: http://curl.haxx.se/docs/adv_20150108B.html
CVE-2014-8149 (OpenDaylight defense4all 1.1.0 and earlier allows remote authenticated ...)
	NOT-FOR-US: OpenDaylight
CVE-2014-8148 (The default D-Bus access control rule in Midgard2 10.05.7.1 allows ...)
	- midgard2-core <removed> (bug #774630)
CVE-2014-8147 (The resolveImplicitLevels function in common/ubidi.c in the Unicode ...)
	{DSA-3323-1}
	- icu 52.1-9 (bug #784773)
	[wheezy] - icu <not-affected> (Vulnerable code not present)
	[squeeze] - icu <not-affected> (Vulnerable code not present)
	- chromium-browser 42.0.2311.135-1
	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37080
CVE-2014-8146 (The resolveImplicitLevels function in common/ubidi.c in the Unicode ...)
	{DSA-3323-1}
	- icu 52.1-9 (bug #784773)
	[wheezy] - icu <not-affected> (Vulnerable code not present)
	[squeeze] - icu <not-affected> (Vulnerable code not present)
	- chromium-browser 42.0.2311.135-1
	[jessie] - chromium-browser 42.0.2311.135-1~deb8u1
	[wheezy] - chromium-browser <not-affected> (Vulnerable code not present)
	[squeeze] - chromium-browser <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Patch: http://bugs.icu-project.org/trac/changeset/37162
CVE-2014-8145 (Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 ...)
	{DSA-3112-1 DLA-128-1}
	- sox 14.4.1-5 (bug #773720)
CVE-2014-8144 (Cross-site request forgery (CSRF) vulnerability in doorkeeper before ...)
	NOT-FOR-US: doorkeeper OAuth provider
CVE-2014-8143 (Samba 4.0.x before 4.0.24, 4.1.x before 4.1.16, and 4.2.x before ...)
	- samba 2:4.1.17+dfsg-1 (bug #776993)
	[wheezy] - samba <not-affected> (Only affects 4.0 and later)
	[squeeze] - samba <not-affected> (Only affects 4.0 and later)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2014-8143
CVE-2014-8142 (Use-after-free vulnerability in the process_nested_data function in ...)
	{DSA-3117-1}
	- php5 5.6.5+dfsg-1 (unimportant)
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=630f9c33c23639de85c3fd306b209b538b73b4c9
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=53f129a44d3c4ec0fae57993b9ae2f6cb48973cc
	NOTE: Only affects an inherently insecure use case
CVE-2014-8141 [heap overflow in getZip64Data]
	RESERVED
	{DSA-3113-1 DLA-124-1}
	- unzip 6.0-13 (bug #773722)
CVE-2014-8140 [heap overflow in test_compr_eb]
	RESERVED
	{DSA-3113-1 DLA-124-1}
	- unzip 6.0-13 (bug #773722)
CVE-2014-8139 [CRC32 heap overflow]
	RESERVED
	{DSA-3113-1 DLA-150-1 DLA-124-1}
	- unzip 6.0-16 (bug #773722)
CVE-2014-8138 (Heap-based buffer overflow in the jp2_decode function in JasPer ...)
	{DSA-3106-1 DLA-121-1}
	- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8137 (Double free vulnerability in the jas_iccattrval_destroy function in ...)
	{DSA-3106-1 DLA-121-1}
	- jasper 1.900.1-debian1-2.3 (bug #773463)
CVE-2014-8136 (The (1) qemuDomainMigratePerform and (2) qemuDomainMigrateFinish2 ...)
	- libvirt 1.2.9-7 (bug #773856)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream commit: http://libvirt.org/git/?p=libvirt.git;a=commit;h=2bdcd29c713dfedd813c89f56ae98f6f3898313d (v1.2.11-rc2)
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=abf75aea247e (v1.1.0-rc1)
CVE-2014-8135 (The storageVolUpload function in storage/storage_driver.c in libvirt ...)
	- libvirt 1.2.9-7 (bug #773855)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=87b9437f8951f9d24f9a85c6bbfff0e54df8c984 (v1.2.11-rc1)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=4a85bf3e2fa703fdc14e8c49d5017ef04832a1d7 (v1.2.8-rc1)
CVE-2014-8134 (The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux ...)
	{DLA-155-1}
	- linux 3.16.7-ckt4-1
	[wheezy] - linux 3.2.65-1
	- linux-2.6 <removed>
	NOTE: http://www.spinics.net/lists/kvm/msg111458.html
CVE-2014-8133 (arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation ...)
	{DSA-3128-1 DLA-155-1}
	- linux 3.16.7-ckt4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/x86?id=41bdc78544b8a93a9c6814b8bbbfef966272abbe
CVE-2014-8132 (Double free vulnerability in the ssh_packet_kexinit function in kex.c ...)
	- libssh 0.6.3-4 (bug #773577)
	[wheezy] - libssh 0.5.4-1+deb7u3
	[squeeze] - libssh <not-affected> (Issue only present in versions > 0.5.1, squeeze has 0.4.5)
	NOTE: http://www.libssh.org/2014/12/19/libssh-0-6-4-security-and-bugfix-release/
	NOTE: Upstream patch: http://git.libssh.org/projects/libssh.git/commit/?id=c2aed4ca78030d9014a890cb4370e6dc8264823f
CVE-2014-8131 (The qemu implementation of virConnectGetAllDomainStats in libvirt ...)
	- libvirt 1.2.9-7 (bug #773858)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=d1bde8ed (v1.2.9-rc1)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commit;h=1f4831ee (v1.2.9-rc1)
	NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00551.html
	NOTE: https://www.redhat.com/archives/libvir-list/2014-December/msg00600.html
CVE-2014-8130 (The _TIFFmalloc function in tif_unix.c in LibTIFF 4.0.3 does not ...)
	- tiff <unfixed> (unimportant; bug #776185)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8130-LibTIFF-Division_By_Zero.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2483
	NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
CVE-2014-8129 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...)
	{DSA-3273-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.1 (bug #776185)
	- tiff3 <removed>
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8129-LibTIFF-Out-of-bounds_Reads_and_Writes.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2487 (tiff2pdf)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2488 (tiff2pdf)
	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
CVE-2014-8128 [out-of-bounds write]
	RESERVED
	{DSA-3273-1 DLA-693-1 DLA-610-1 DLA-221-1}
	- tiff 4.0.3-12.3 (bug #776185)
	- tiff3 <removed>
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8128-LibTIFF-Out-of-bounds_Writes.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2489 (thumbnail)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2490 (tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2491 (tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2492 (tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2493 (thumbnail and tiffcmp)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2495 (tiff2pdf)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2499 (thumbnail and tiffcmp) [not fixed yet in CVS HEAD]
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2501 (tiffdither)
	NOTE: The tiff3 source package doesn't build the TIFF tools, but most of these bugs are in the library
CVE-2014-8127 (LibTIFF 4.0.3 allows remote attackers to cause a denial of service ...)
	{DSA-3273-1}
	- tiff 4.0.6-3 (unimportant; bug #776185)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	NOTE: Advisory: http://www.conostix.com/pub/adv/CVE-2014-8127-LibTIFF-Out-of-bounds_Reads.txt
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2484 (thumbnail)
	NOTE: Fix https://github.com/vadz/libtiff/commit/3996fa0f84f4a8b7e65fe4b8f0681711022034ea
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2485 (tiff2bw)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2486 (tiff2rgba)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2496 (tiff2ps and tiffdither)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2497 (tiffmedian)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2500 (tiffset) [not fixed yet in CVS HEAD]
	NOTE: 4.0.3-12.1 fixes all issues except 2500
	NOTE: 2500 is fixed by upstream as per 2016-10-25
	NOTE: Crash in a frontend tool w/o potential for code injection, marked as unimportant
CVE-2014-8126 [mailx invocation enables code execution as condor user]
	RESERVED
	{DSA-3149-1}
	- condor 8.2.3~dfsg.1-6 (bug #775276)
	NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/tktview?tn=4764
	NOTE: https://htcondor-wiki.cs.wisc.edu/index.cgi/chngview?cn=41878
	NOTE: https://github.com/htcondor/htcondor/commit/e891cea9970496aac74caf72604475a2b7e6a0ca.patch
	NOTE: https://github.com/htcondor/htcondor/commit/aebc6b0492acdc8b21b39ba22e33661752c2c37d.patch
CVE-2014-8125 (XML external entity (XXE) vulnerability in Drools and jBPM before ...)
	NOT-FOR-US: jBPM
CVE-2014-8124 (OpenStack Dashboard (Horizon) before 2014.1.3 and 2014.2.x before ...)
	- horizon 2014.1.3-6 (bug #772710)
	[wheezy] - horizon <no-dsa> (Minor issue)
	- python-django-openstack-auth 1.1.6-5 (bug #772712)
	NOTE: up to 2014.1.3 and 2014.2 version up to 2014.2.1
CVE-2014-8122 (Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 ...)
	NOT-FOR-US: JBoss Weld
CVE-2014-8121 (DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS) in ...)
	{DSA-3480-1 DLA-316-1}
	- glibc 2.21-1 (low; bug #779587)
	[jessie] - glibc 2.19-18+deb8u2
	- eglibc <removed> (low)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	[squeeze] - eglibc <no-dsa> (Minor issue)
	NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=03d2730b44cc2236318fd978afa2651753666c55
CVE-2014-8120 (The agent in Thermostat before 1.0.6, when using unspecified ...)
	NOT-FOR-US: Thermostat Hotspot instrumentation
CVE-2014-8119 (The find_ifcfg_path function in netcf before 0.2.7 might allow ...)
	- netcf <not-affected> (suse and redhat driver are not built on Debian)
	NOTE: Issue is in the way the netcf's find_ifcfg_path() function processed
	NOTE: certain XPath expressions according to Red Hat bugzilla.
	NOTE: The fix consists in augeas getting a new API aug_escape_name which
	NOTE: netcf needs to use.
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1172176#c3
	NOTE: https://www.redhat.com/archives/augeas-devel/2014-December/msg00000.html
	NOTE: The affected code is only in drv_redhat.c and drv_suse.c and the Debian
	NOTE: build not affected.
CVE-2014-8118 (Integer overflow in RPM 4.12 and earlier allows remote attackers to ...)
	{DSA-3129-1 DLA-140-1}
	- rpm 4.11.3-1.1 (bug #773101)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1168715
CVE-2014-8117 (softmagic.c in file before 5.21 does not properly limit recursion, ...)
	{DSA-3121-1 DSA-2868-1 DLA-145-1 DLA-131-1}
	- file 1:5.21+15-1 (low; bug #773148)
	- php5 5.6.4+dfsg-2
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
	NOTE: https://github.com/file/file/commit/6f737ddfadb596d7d4a993f7ed2141ffd664a81c
	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
CVE-2014-8116 (The ELF parser (readelf.c) in file before 5.21 allows remote attackers ...)
	{DSA-3121-1 DLA-131-1}
	- file 1:5.21+15-1 (low; bug #773148)
	- php5 5.6.4+dfsg-2
	[wheezy] - php5 <not-affected> (Affected code not used in filemagic)
	[squeeze] - php5 <not-affected> (Affected code not used in filemagic)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-14:28.file.asc
	NOTE: https://github.com/file/file/commit/b4c01141e5367f247b84dcaf6aefbb4e741842b
	NOTE: https://github.com/file/file/commit/d7cdad007c507e6c79f51f058dd77fab70ceb9f6
	NOTE: Other commits needed as well: http://www.openwall.com/lists/oss-security/2014/12/16/2
CVE-2014-8115 (The default authorization constrains in KIE Workbench 6.0.x allows ...)
	NOT-FOR-US: KIE Workbench
CVE-2014-8114 (The UberFire Framework 0.3.x does not properly restrict paths, which ...)
	NOT-FOR-US: UberFire Framework
CVE-2014-8113
	RESERVED
CVE-2014-8112 (389 Directory Server 1.3.1.x, 1.3.2.x before 1.3.2.27, and 1.3.3.x ...)
	- 389-ds-base 1.3.3.5-4 (bug #779909)
CVE-2014-8111 (Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount ...)
	{DSA-3278-1 DLA-240-1}
	- libapache-mod-jk 1:1.2.40+svn150520-1 (bug #783233)
	NOTE: Fix: http://svn.apache.org/r1647017
CVE-2014-8110 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
	- activemq <not-affected> (Admin console not enabled in the Debian package, see #702670)
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-8110-announcement.txt
CVE-2014-8109 (mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and ...)
	- apache2 2.4.10-9
	[wheezy] - apache2 <not-affected> (mod_lua only in 2.4)
	[squeeze] - apache2 <not-affected> (mod_lua only in 2.4)
CVE-2014-8108 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.7.x ...)
	- subversion 1.8.10-5 (bug #773315)
	[wheezy] - subversion <not-affected> (Introduced in 1.7.0)
	[squeeze] - subversion <not-affected> (Introduced in 1.7.0)
	NOTE: http://subversion.apache.org/security/CVE-2014-8108-advisory.txt
CVE-2014-8107
	REJECTED
CVE-2014-8106 (Heap-based buffer overflow in the Cirrus VGA emulator ...)
	{DSA-3088-1 DSA-3087-1}
	- qemu 2.1+dfsg-9 (bug #772025)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	NOTE: https://lists.nongnu.org/archive/html/qemu-devel/2014-12/msg00508.html
CVE-2014-8105 (389 Directory Server before 1.3.2.27 and 1.3.3.x before 1.3.3.9 does ...)
	- 389-ds-base 1.3.3.5-4 (bug #779909)
CVE-2014-8103 (X.Org Server (aka xserver and xorg-server) 1.15.0 through 1.16.x ...)
	- xorg-server 2:1.16.2.901-1
	[wheezy] - xorg-server <not-affected> (Introduced in 1.15.0)
	[squeeze] - xorg-server <not-affected> (Introduced in 1.15.0)
CVE-2014-8102 (The SProcXFixesSelectSelectionInput function in the XFixes extension ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8101 (The RandR extension in XFree86 4.2.0, X.Org X Window System (aka X11 ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8100 (The Render extension in XFree86 4.0.1, X.Org X Window System (aka X11 ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8099 (The XVideo extension in XFree86 4.0.0, X.Org X Window System (aka X11 ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8098 (The GLX extension in XFree86 4.0, X.Org X Window System (aka X11 or X) ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8097 (The DBE extension in X.Org X Window System (aka X11 or X) X11R6.1 and ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8096 (The SProcXCMiscGetXIDList function in the XC-MISC extension in X.Org X ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8095 (The XInput extension in X.Org X Window System (aka X11 or X) X11R4 and ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8094 (Integer overflow in the ProcDRI2GetBuffers function in the DRI2 ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8093 (Multiple integer overflows in the GLX extension in XFree86 4.0, X.Org ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8092 (Multiple integer overflows in X.Org X Window System (aka X11 or X) ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8091 (X.Org X Window System (aka X11 and X) X11R5 and X.Org Server (aka ...)
	{DSA-3095-1 DLA-120-1}
	- xorg-server 2:1.16.2.901-1
CVE-2014-8090 (The REXML parser in Ruby 1.9.x before 1.9.3 patchlevel 551, 2.0.x ...)
	{DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1}
	- ruby1.8 <not-affected> (Incomplete fix never relesed for 1.9)
	- ruby1.9.1 <not-affected> (Incomplete fix never relesed for 1.9)
	- ruby2.0 <not-affected> (Incomplete fix never relesed for 1.9)
	- ruby2.1 2.1.5-1 (bug #770932)
	NOTE: For the incomplete fix for CVE-2014-8080
	NOTE: https://www.ruby-lang.org/en/news/2014/11/13/rexml-dos-cve-2014-8090/
CVE-2014-8087 (Cross-site scripting (XSS) vulnerability in the post highlights plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-8085 (Unrestricted file upload vulnerability in the CWebContact::doModel ...)
	NOT-FOR-US: OsClass
CVE-2014-8084 (Directory traversal vulnerability in ...)
	NOT-FOR-US: OsClass
CVE-2014-8083 (SQL injection vulnerability in the Search::setJsonAlert method in ...)
	NOT-FOR-US: OsClass
CVE-2014-8082 (lib/functions/database.class.php in TestLink before 1.9.13 allows ...)
	NOT-FOR-US: TestLink
CVE-2014-8081 (lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote ...)
	NOT-FOR-US: TestLink
CVE-2014-8080 (The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before ...)
	{DSA-3159-1 DSA-3157-1 DLA-200-1 DLA-88-1}
	- ruby1.8 <removed>
	- ruby1.9.1 <removed>
	- ruby2.0 <removed>
	- ruby2.1 2.1.4-1
	NOTE: https://www.ruby-lang.org/en/news/2014/10/27/rexml-dos-cve-2014-8080/
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi/?pathrev=48161
CVE-2014-8079 (Cross-site scripting (XSS) vulnerability in the MAYO theme 7.x-1.x ...)
	NOT-FOR-US: Drupal theme MAYO
CVE-2014-8078 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
	NOT-FOR-US: Drupal module Print
CVE-2014-8077 (Cross-site scripting (XSS) vulnerability in the NewsFlash theme ...)
	NOT-FOR-US: Drupal theme NewsFlash
CVE-2014-8076 (Cross-site scripting (XSS) vulnerability in the Professional theme 7.x ...)
	NOT-FOR-US: Drupal theme Professional
CVE-2014-8075 (Cross-site scripting (XSS) vulnerability in the Tribune module 6.x-1.x ...)
	NOT-FOR-US: Drupal theme Tribune
CVE-2014-8766 (Multiple SQL injection vulnerabilities in Allomani Weblinks 1.0 allow ...)
	NOT-FOR-US: Allomani Weblinks
CVE-2014-8765 (Multiple cross-site scripting (XSS) vulnerabilities in the Project ...)
	NOT-FOR-US: Drupal module Project Issue File Review
CVE-2014-8750 (Race condition in the VMware driver in OpenStack Compute (Nova) before ...)
	- nova <not-affected> (ESX driver not enabled in libvirt)
	NOTE: https://launchpad.net/bugs/1357372
CVE-2014-XXXX [rsync collision attack]
	- rsync 3.1.2-1 (low; bug #786423)
	[jessie] - rsync <no-dsa> (Minor issue, too instrusive to backport)
	[wheezy] - rsync <no-dsa> (Minor issue, too instrusive to backport)
	[squeeze] - rsync <no-dsa> (Minor issue, too instrusive to backport)
	NOTE: CVE-2014-8242 was only specific assigned for librsync but rsync has equivalent issue
	NOTE: https://github.com/therealmik/rsync-collision
	NOTE: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
	NOTE: https://lists.samba.org/archive/rsync/2015-May/030123.html
CVE-2014-8242 (librsync before 1.0.0 uses a truncated MD4 checksum to match blocks, ...)
	[experimental] - librsync 1.0.0-1~exp1
	- librsync <unfixed> (low; bug #776246)
	[stretch] - librsync <no-dsa> (Minor issue, too instrusive to backport)
	[jessie] - librsync <no-dsa> (Minor issue, too instrusive to backport)
	[wheezy] - librsync <no-dsa> (Minor issue, too instrusive to backport)
	[squeeze] - librsync <no-dsa> (Minor issue, too instrusive to backport)
CVE-2014-8241 (XRegion in TigerVNC allows remote VNC servers to cause a denial of ...)
	- tigervnc 1.7.0-2 (bug #849478)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151312
	NOTE: Patch applied in Red Hat https://bugzilla.redhat.com/attachment.cgi?id=946490
CVE-2014-8240 (Integer overflow in TigerVNC allows remote VNC servers to cause a ...)
	- tigervnc 1.7.0-1 (bug #849479)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1151307
	NOTE: Patch https://bugzilla.redhat.com/attachment.cgi?id=947578 is not applied
CVE-2014-8086 (Race condition in the ext4_file_write_iter function in fs/ext4/file.c ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: http://www.spinics.net/lists/linux-ext4/msg45683.html
CVE-2014-8089 [ZF2014-06: SQL injection vector when manually quoting values for sqlsrv extension, using null byte]
	RESERVED
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.9+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2014-06
CVE-2014-8088 (The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.9+dfsg-1
	NOTE: http://framework.zend.com/security/advisory/ZF2014-05
CVE-2014-8074 (Buffer overflow in the SetLogFile method in Foxit.FoxitPDFSDKProCtrl.5 ...)
	NOT-FOR-US: Foxit PDF SDK
CVE-2014-8073 (Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 ...)
	NOT-FOR-US: OpenMRS
CVE-2014-8072 (The administration module in OpenMRS 2.1 Standalone Edition allows ...)
	NOT-FOR-US: OpenMRS
CVE-2014-8071 (Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 ...)
	NOT-FOR-US: OpenMRS
CVE-2014-8070 (Open redirect vulnerability in YOOtheme Pagekit CMS 0.8.7 allows ...)
	NOT-FOR-US: YOOtheme Pagekit CMS
CVE-2014-8069 (Multiple cross-site scripting (XSS) vulnerabilities in YOOtheme ...)
	NOT-FOR-US: YOOtheme Pagekit CMS
CVE-2014-8068 (Adobe Digital Editions (DE) 4 does not use encryption for transmission ...)
	NOT-FOR-US: Adobe Digital Editions
CVE-2014-8067
	REJECTED
CVE-2014-8066
	REJECTED
CVE-2014-8065
	REJECTED
CVE-2014-8064
	REJECTED
CVE-2014-8063
	REJECTED
CVE-2014-8062
	REJECTED
CVE-2014-8061
	REJECTED
CVE-2014-8060
	REJECTED
CVE-2014-8059
	REJECTED
CVE-2014-8058
	REJECTED
CVE-2014-8057
	REJECTED
CVE-2014-8056
	REJECTED
CVE-2014-8055
	REJECTED
CVE-2014-8054
	REJECTED
CVE-2014-8053
	REJECTED
CVE-2014-8052
	REJECTED
CVE-2014-8051
	REJECTED
CVE-2014-8050
	REJECTED
CVE-2014-8049
	REJECTED
CVE-2014-8048
	REJECTED
CVE-2014-8047
	REJECTED
CVE-2014-8046
	REJECTED
CVE-2014-8045
	REJECTED
CVE-2014-8044
	REJECTED
CVE-2014-8043
	REJECTED
CVE-2014-8042
	REJECTED
CVE-2014-8041
	REJECTED
CVE-2014-8040
	REJECTED
CVE-2014-8039
	REJECTED
CVE-2014-8038
	REJECTED
CVE-2014-8037
	RESERVED
CVE-2014-8036 (The outlookpa component in Cisco WebEx Meetings Server does not ...)
	NOT-FOR-US: Cisco
CVE-2014-8035 (The web framework in Cisco WebEx Meetings Server produces different ...)
	NOT-FOR-US: Cisco
CVE-2014-8034 (Cisco WebEx Meetings Server 1.5 presents the same CAPTCHA challenge ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-8033 (The play/modules component in Cisco WebEx Meetings Server allows ...)
	NOT-FOR-US: Cisco
CVE-2014-8032 (The OutlookAction LI in Cisco WebEx Meetings Server allows remote ...)
	NOT-FOR-US: Cisco
CVE-2014-8031 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2014-8030 (Cross-site scripting (XSS) vulnerability in sendPwMail.do in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-8029 (Open redirect vulnerability in the web interface in Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2014-8028 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco
CVE-2014-8027 (The RBAC component in Cisco Secure Access Control System (ACS) allows ...)
	NOT-FOR-US: Cisco
CVE-2014-8026 (Cross-site scripting (XSS) vulnerability in the Guest Server in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-8025 (The API in the Guest Server in Cisco Jabber, when HTML5 is used, ...)
	NOT-FOR-US: Cisco
CVE-2014-8024 (The API in the Guest Server in Cisco Jabber, when the HTML5 CORS ...)
	NOT-FOR-US: Cisco
CVE-2014-8023 (Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, ...)
	NOT-FOR-US: Cisco
CVE-2014-8022 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Identity ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-8021 (Cross-site scripting (XSS) vulnerability in Cisco AnyConnect Secure ...)
	NOT-FOR-US: Cisco
CVE-2014-8020 (Cisco Unified Communication Domain Manager Platform Software allows ...)
	NOT-FOR-US: Cisco
CVE-2014-8019 (Directory traversal vulnerability in Cisco Enterprise Content Delivery ...)
	NOT-FOR-US: Cisco
CVE-2014-8018 (Multiple cross-site scripting (XSS) vulnerabilities in Business Voice ...)
	NOT-FOR-US: Cisco
CVE-2014-8017 (The periodic-backup feature in Cisco Identity Services Engine (ISE) ...)
	NOT-FOR-US: Cisco
CVE-2014-8016 (The Cisco IronPort Email Security Appliance (ESA) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2014-8015 (The Sponsor Portal in Cisco Identity Services Engine (ISE) allows ...)
	NOT-FOR-US: Cisco
CVE-2014-8014 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco
CVE-2014-8013 (The TACACS+ command-authorization implementation in Cisco NX-OS allows ...)
	NOT-FOR-US: Cisco
CVE-2014-8012 (Cross-site scripting (XSS) vulnerability in the WebVPN Portal Login ...)
	NOT-FOR-US: Cisco
CVE-2014-8011
	RESERVED
CVE-2014-8010 (The web framework in Cisco Unified Communications Domain Manager 8 ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-8009 (The Management subsystem in Cisco Unified Computing System 2.1(3f) and ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8008 (Absolute path traversal vulnerability in the Real-Time Monitoring Tool ...)
	NOT-FOR-US: Cisco
CVE-2014-8007 (Cisco Prime Infrastructure allows remote authenticated users to read ...)
	NOT-FOR-US: Cisco
CVE-2014-8006 (The Disaster Recovery (DRA) feature on the Cisco ISB8320-E ...)
	NOT-FOR-US: Cisco
CVE-2014-8005 (Race condition in the lighttpd module in Cisco IOS XR 5.1 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2014-8004 (Cisco IOS XR allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco
CVE-2014-8003 (Cisco Integrated Management Controller in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-8002 (Use-after-free vulnerability in decode_slice.cpp in Cisco OpenH264 ...)
	NOT-FOR-US: Cisco
CVE-2014-8001 (Buffer overflow in decode.cpp in Cisco OpenH264 1.2.0 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2014-8000 (Cisco Unified Communications Manager IM and Presence Service 9.1(1) ...)
	NOT-FOR-US: Cisco
CVE-2014-7999 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7998 (Cisco IOS on Aironet access points, when &quot;dot11 aaa authenticator&quot; ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-7997 (The DHCP implementation in Cisco IOS on Aironet access points does not ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-7996 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco
CVE-2014-7995 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7994 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7993 (Cisco-Meraki MS, MR, and MX devices with firmware before 2014-09-24 ...)
	NOT-FOR-US: Cisco-Meraki devices
CVE-2014-7992 (The DLSw implementation in Cisco IOS does not initialize packet ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-7991 (The Remote Mobile Access Subsystem in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2014-7990 (Cisco IOS XE 3.5E and earlier on WS-C3850, WS-C3860, and AIR-CT5760 ...)
	NOT-FOR-US: Cisco
CVE-2014-7989 (Cisco Unified Computing System on B-Series blade servers allows local ...)
	NOT-FOR-US: Cisco
CVE-2014-7988 (The Unified Messaging Service (UMS) in Cisco Unity Connection 10.5 and ...)
	NOT-FOR-US: Cisco
CVE-2014-7987 (Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 ...)
	NOT-FOR-US: EspoCRM
CVE-2014-7986 (install/index.php in EspoCRM before 2.6.0 allows remote attackers to ...)
	NOT-FOR-US: EspoCRM
CVE-2014-7985 (Directory traversal vulnerability in EspoCRM before 2.6.0 allows ...)
	NOT-FOR-US: EspoCRM
CVE-2014-7984 (Joomla! CMS 2.5.x before 2.5.19 and 3.x before 3.2.3 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2014-7983 (Cross-site scripting (XSS) vulnerability in com_contact in Joomla! CMS ...)
	NOT-FOR-US: Joomla component com_contact
CVE-2014-7982 (Cross-site scripting (XSS) vulnerability in Joomla! CMS 2.5.x before ...)
	NOT-FOR-US: Joomla
CVE-2014-7981 (SQL injection vulnerability in Joomla! CMS 3.1.x and 3.2.x before ...)
	NOT-FOR-US: Joomla
CVE-2014-7980 (Multiple cross-site scripting (XSS) vulnerabilities in template.php in ...)
	NOT-FOR-US: Drupal theme Zen
CVE-2014-7979 (Cross-site scripting (XSS) vulnerability in the SimpleCorp theme ...)
	NOT-FOR-US: Drupal theme SimpleCorp
CVE-2014-7978 (Cross-site scripting (XSS) vulnerability in the BlueMasters theme ...)
	NOT-FOR-US: Drupal theme BlueMasters
CVE-2014-7977
	RESERVED
CVE-2014-7976
	RESERVED
CVE-2014-7974
	RESERVED
CVE-2014-7973
	RESERVED
CVE-2014-7972
	RESERVED
CVE-2014-7971
	RESERVED
CVE-2014-7969
	RESERVED
CVE-2014-7966
	RESERVED
CVE-2014-7965
	RESERVED
CVE-2014-7964
	RESERVED
CVE-2014-7963
	RESERVED
CVE-2014-7962
	RESERVED
CVE-2014-7961
	RESERVED
CVE-2014-7959 (SQL injection vulnerability in admin/htaccess/bpsunlock.php in the ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2014-7958 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2014-7957 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Pods ...)
	NOT-FOR-US: WordPress plugin Pods
CVE-2014-7956 (Cross-site scripting (XSS) vulnerability in the Pods plugin before 2.5 ...)
	NOT-FOR-US: WordPress plugin Pods
CVE-2014-7955
	RESERVED
CVE-2014-7954 (Directory traversal vulnerability in the doSendObjectInfo method in ...)
	NOT-FOR-US: MtpServer class in Android
CVE-2014-7953 (Race condition in the bindBackupAgent method in the ...)
	NOT-FOR-US: Android
CVE-2014-7952 (The backup mechanism in the adb tool in Android might allow attackers ...)
	TODO: check
CVE-2014-7951
	RESERVED
CVE-2014-7950
	RESERVED
CVE-2014-7949
	RESERVED
CVE-2014-7948 (The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7947 (OpenJPEG before r2944, as used in PDFium in Google Chrome before ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- openjpeg2 2.1.1-1
	[jessie] - openjpeg2 <no-dsa> (Minor issue)
	NOTE: If backported to jessie, https://github.com/uclouvain/openjpeg/commit/8f9cc62b3f9a1da9712329ddcedb9750d585505c needs to be included
	- openjpeg <not-affected> (Vulnerable code not present)
CVE-2014-7946 (The RenderTable::simplifiedNormalFlowLayout function in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7945 (OpenJPEG before r2908, as used in PDFium in Google Chrome before ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7944 (The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7943 (Skia, as used in Google Chrome before 40.0.2214.91, allows remote ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7942 (The Fonts implementation in Google Chrome before 40.0.2214.91 does not ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7941 (The SelectionOwner::ProcessTarget function in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7940 (The collator implementation in i18n/ucol.cpp in International ...)
	{DSA-3187-1 DLA-219-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 52.1-7.1 (bug #776265)
CVE-2014-7939 (Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7938 (The Fonts implementation in Google Chrome before 40.0.2214.91 allows ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7937 (Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.4.2-1
	[squeeze] - ffmpeg <end-of-life>
	- libav <not-affected> (bug #785326; can't reproduce the issue)
	[jessie] - libav <not-affected> (Can't reproduce the issue)
	[wheezy] - libav <not-affected> (Can't reproduce the issue)
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=8c50704ebf1777bee76772c4835d9760b3721057
CVE-2014-7936 (Use-after-free vulnerability in the ZoomBubbleView::Close function in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7935 (Use-after-free vulnerability in browser/speech/tts_message_filter.cc ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7934 (Use-after-free vulnerability in the DOM implementation in Blink, as ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7933 (Use-after-free vulnerability in the matroska_read_seek function in ...)
	{DSA-3189-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.5.1-1
	[squeeze] - ffmpeg <end-of-life>
	- libav 6:11.3-1
	NOTE: ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
	NOTE: libav: https://git.libav.org/?p=libav.git;a=commit;h=490a3ebf36821b81f73e34ad3f554cb523dd2682
CVE-2014-7932 (Use-after-free vulnerability in the Element::detach function in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7931 (factory.cc in Google V8, as used in Google Chrome before 40.0.2214.91, ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7930 (Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7929 (Use-after-free vulnerability in the ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7928 (hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7927 (The SimplifiedLowering::DoLoadBuffer function in ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-7926 (The Regular Expressions package in International Components for ...)
	{DSA-3187-1 DLA-219-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 52.1-7.1 (bug #776265)
CVE-2014-7925 (Use-after-free vulnerability in the WebAudio implementation in Blink, ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7924 (Use-after-free vulnerability in the IndexedDB implementation in Google ...)
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7923 (The Regular Expressions package in International Components for ...)
	{DSA-3187-1 DLA-219-1}
	- chromium-browser 40.0.2214.91-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- icu 52.1-7.1 (bug #776265)
CVE-2014-7922 (The GoogleAuthUtil.getToken method in the Google Play services SDK ...)
	NOT-FOR-US: Google Play
CVE-2014-7921 (mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers ...)
	NOT-FOR-US: Android MediaServer
CVE-2014-7920 (mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to ...)
	NOT-FOR-US: Android MediaServer
CVE-2014-7919 (b/libs/gui/ISurfaceComposer.cpp in Android allows attackers to trigger ...)
	NOT-FOR-US: Android
CVE-2014-7918
	RESERVED
CVE-2014-7917 (Integer overflow in SampleTable.cpp in libstagefright in Android ...)
	NOT-FOR-US: libstagefright in Android
CVE-2014-7916 (Integer overflow in SampleTable.cpp in libstagefright in Android ...)
	NOT-FOR-US: libstagefright in Android
CVE-2014-7915 (Integer overflow in SampleTable.cpp in libstagefright in Android ...)
	NOT-FOR-US: libstagefright in Android
CVE-2014-7914
	RESERVED
CVE-2014-7913 (The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as ...)
	{DLA-506-1}
	- dhcpcd5 <unfixed> (unimportant; bug #846938)
	NOTE: https://dev.marples.name/rDHC93f3066bb0bc0974eab1943543205312a6b512ad
	NOTE: Not exploitable according to upstream, possibly limited to Bionic
CVE-2014-7912 (The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in ...)
	{DLA-506-1}
	- dhcpcd5 6.9.1-1
	[jessie] - dhcpcd5 <no-dsa> (Minor issue)
	NOTE: https://dev.marples.name/rDHCc204b018d1cfe740fb3179532070ae10fe34aaf3
CVE-2014-7911 (luni/src/main/java/java/io/ObjectInputStream.java in the ...)
	NOT-FOR-US: Android
CVE-2014-7910 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=433500 (private)
CVE-2014-7909 (effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=391001 (private)
CVE-2014-7908 (Multiple integer overflows in the CheckMov function in ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=425980 (private)
CVE-2014-7907 (Multiple use-after-free vulnerabilities in ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=424453 (private)
CVE-2014-7906 (Use-after-free vulnerability in the Pepper plugins in Google Chrome ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=423030 (private)
CVE-2014-7905 (Google Chrome before 39.0.2171.65 on Android does not prevent ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=421817 (private)
CVE-2014-7904 (Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=418161 (private)
CVE-2014-7903 (Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7902 (Use-after-free vulnerability in PDFium, as used in Google Chrome ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7901 (Integer overflow in the opj_t2_read_packet_data function in ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7900 (Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-7899 (Google Chrome before 38.0.2125.101 allows remote attackers to spoof ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
	NOTE: https://chromium.googlesource.com/chromium/src/+/5cfbddc9cc972f5133f26664dbf5810bb569cd04
CVE-2014-7898 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7897 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7896 (Multiple cross-site scripting (XSS) vulnerabilities in HP XP P9000 ...)
	NOT-FOR-US: HP
CVE-2014-7895 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7894 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7893 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7892 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7891 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7890 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7889 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7888 (The OLE Point of Sale (OPOS) drivers before 1.13.003 on HP Point of ...)
	NOT-FOR-US: The OLE Point of Sale (OPOS) drivers
CVE-2014-7887
	REJECTED
CVE-2014-7886
	RESERVED
	NOT-FOR-US: HP Network Automation
CVE-2014-7885 (Multiple unspecified vulnerabilities in HP ArcSight Enterprise ...)
	NOT-FOR-US: HP ArcSight
CVE-2014-7884 (Multiple unspecified vulnerabilities in HP ArcSight Logger before ...)
	NOT-FOR-US: HP ArcSight
CVE-2014-7883 (HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the ...)
	NOT-FOR-US: HP
CVE-2014-7882 (Unspecified vulnerability in HP SiteScope 11.1x and 11.2x allows ...)
	NOT-FOR-US: HP SiteScope
CVE-2014-7881 (Cross-site scripting (XSS) vulnerability in the server in HP Insight ...)
	NOT-FOR-US: HP Insight Control
CVE-2014-7880 (Multiple unspecified vulnerabilities in the POP implementation in HP ...)
	NOT-FOR-US: HP OpenVMS TCP/IP
CVE-2014-7879 (HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration ...)
	NOT-FOR-US: HP-UX
CVE-2014-7878 (The Application Lifecycle Service (ALS) in HP Helion Cloud Development ...)
	NOT-FOR-US: HP Helion Cloud Development Platform
CVE-2014-7877 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
	NOT-FOR-US: HP-UX
CVE-2014-7876 (Unspecified vulnerability in HP Integrated Lights-Out (iLO) firmware 2 ...)
	NOT-FOR-US: HP Integrated Lights-Out
CVE-2014-7875 (Unspecified vulnerability on the HP LaserJet CM3530 Multifunction ...)
	NOT-FOR-US: HP Color LaserJet Printers
CVE-2014-7874 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
	NOT-FOR-US: HP-UX running System Management Homepage
CVE-2014-7873
	RESERVED
CVE-2014-7872 (Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC ...)
	NOT-FOR-US: Comodo GeekBuddy
CVE-2014-7871 (SQL injection vulnerability in Open-Xchange (OX) AppSuite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-7870 (Cross-site scripting (XSS) vulnerability in the Custom Search module ...)
	NOT-FOR-US: Drupal module Custom Search
CVE-2014-7869 (Cross-site scripting (XSS) vulnerability in the configuration UI in ...)
	NOT-FOR-US: Drupal module Context Form Alteration
CVE-2014-7868 (Multiple SQL injection vulnerabilities in ZOHO ManageEngine OpManager ...)
	NOT-FOR-US: ZOHO
CVE-2014-7867 (SQL injection vulnerability in the ...)
	NOT-FOR-US: ZOHO
CVE-2014-7866 (Multiple directory traversal vulnerabilities in ZOHO ManageEngine ...)
	NOT-FOR-US: ZOHO
CVE-2014-7865
	REJECTED
CVE-2014-7864 (Multiple SQL injection vulnerabilities in the FailOverHelperServlet ...)
	NOT-FOR-US: ZOHO ManageEngine OpManager
CVE-2014-7863
	RESERVED
CVE-2014-7862 (The DCPluginServelet servlet in ManageEngine Desktop Central and ...)
	NOT-FOR-US: ManageEngine
CVE-2014-7861 (The IOHIDSecurePromptClient function in Apple OS X does not properly ...)
	NOT-FOR-US: Apple OS X
CVE-2011-5282
	RESERVED
CVE-2008-7314
	RESERVED
CVE-2014-7975 (The do_umount function in fs/namespace.c in the Linux kernel through ...)
	- linux 3.16.7-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/109312
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0ef3a56b1c466629cd0bf482b09c7b0e5a085bb5 (v3.18-rc1)
CVE-2014-7970 (The pivot_root implementation in fs/namespace.c in the Linux kernel ...)
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	- linux 3.16.7-1
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d0826019e529f21c84687521d03f60cd241ca7d
CVE-2014-7968 (VDSM allows remote attackers to cause a denial of service (connection ...)
	NOT-FOR-US: Red Hat vdsm
CVE-2014-7967 (Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2014-7960 (OpenStack Object Storage (Swift) before 2.2.0 allows remote ...)
	- swift 2.2.0-1
	[wheezy] - swift <no-dsa> (Minor issue)
	NOTE: affected version: all up to 2.1.0
CVE-2014-7860 (The web/web_file/fb_publish.php script in D-Link DNS-320L before ...)
	NOT-FOR-US: D-Link
CVE-2014-7859 (Stack-based buffer overflow in login_mgr.cgi in D-Link firmware ...)
	NOT-FOR-US: D-Link
CVE-2014-7858 (The check_login function in D-Link DNR-326 before 2.10 build 03 allows ...)
	NOT-FOR-US: D-Link
CVE-2014-7857 (D-Link DNS-320L firmware before 1.04b12, DNS-327L before 1.03b04 ...)
	NOT-FOR-US: D-Link
CVE-2014-7856
	RESERVED
CVE-2014-7855
	RESERVED
CVE-2014-7854
	RESERVED
CVE-2014-7853 (The JBoss Application Server (WildFly) JacORB subsystem in Red Hat ...)
	NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7852 (Cross-site scripting (XSS) vulnerability in JBoss RichFaces, as used ...)
	NOT-FOR-US: RichFaces
CVE-2014-7851 (oVirt 3.2.2 through 3.5.0 does not invalidate the restapi session ...)
	NOT-FOR-US: ovirt-engine-webadmin
CVE-2014-7850 (Cross-site scripting (XSS) vulnerability in the Web UI in FreeIPA 4.x ...)
	- freeipa <unfixed> (unimportant)
	NOTE: https://fedorahosted.org/freeipa/ticket/4742
	NOTE: Upstream commit: https://git.fedorahosted.org/cgit/freeipa.git/commit/?id=af9fd4dfe2c18e52127480c959c35ad37b566095
CVE-2014-7849 (The Role Based Access Control (RBAC) implementation in JBoss ...)
	NOT-FOR-US: JBoss AS/WildFly Domain Management
CVE-2014-7848 (lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47287
CVE-2014-7847 (iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47321
CVE-2014-7846 (tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47965
CVE-2014-7845 (The generate_password function in Moodle through 2.4.11, 2.5.x before ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47050
CVE-2014-7844
	RESERVED
	{DSA-3105-1 DSA-3104-1 DLA-114-1 DLA-113-1}
	- bsd-mailx 8.1.2-0.20141216cvs-1
	- heirloom-mailx 12.5-3.1 (bug #773417)
CVE-2014-7843 (The __clear_user function in arch/arm64/lib/clear_user.S in the Linux ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (arm64 support introduced in 3.7)
	- linux-2.6 <not-affected> (arm64 support introduced in 3.7)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1163744
	NOTE: Upstream patch proposal: https://lkml.org/lkml/2014/11/12/584
CVE-2014-7842 (Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux 3.2.65-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a2b9e6c1a35a (v3.18-rc1)
CVE-2014-7841 (The sctp_process_param function in net/sctp/sm_make_chunk.c in the ...)
	{DSA-3093-1 DLA-118-1}
	- linux 3.16.7-ckt2-1
	- linux-2.6 <removed>
	NOTE: Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40607cbe270a9e8360907cb1e62ddf0736e4864 (v3.18-rc5)
CVE-2014-7840 (The host_from_stream_offset function in arch_init.c in QEMU, when ...)
	- qemu 2.1+dfsg-8 (low; bug #769451)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	NOTE: http://thread.gmane.org/gmane.comp.emulators.qemu/306117
CVE-2014-7839 (DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the ...)
	- resteasy 3.0.6-2 (bug #770544)
	NOTE: https://issues.jboss.org/browse/RESTEASY-1130
CVE-2014-7838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
CVE-2014-7837 (mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47949
CVE-2014-7836 (Multiple cross-site request forgery (CSRF) vulnerabilities in the LTI ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47924
CVE-2014-7835 (webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47868
CVE-2014-7834 (mod/forum/externallib.php in Moodle 2.6.x before 2.6.6 and 2.7.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45303
CVE-2014-7833 (mod/data/edit.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47697
CVE-2014-7832 (mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47921
CVE-2014-7831 (lib/classes/grades_external.php in Moodle 2.7.x before 2.7.3 does not ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47766
CVE-2014-7830 (Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php ...)
	- moodle 2.7.5+dfsg-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
CVE-2014-7829 (Directory traversal vulnerability in ...)
	- rails 2:4.1.8-1 (bug #770934)
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <not-affected> (Only affects >= 3)
	- rails-3.2 <removed>
	- ruby-actionpack-3.2 <removed>
	[wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
	- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7828 (FreeIPA 4.0.x before 4.0.5 and 4.1.x before 4.1.1, when 2FA is ...)
	- freeipa 4.0.5-1 (bug #768294)
	NOTE: https://fedorahosted.org/freeipa/ticket/4690
CVE-2014-7827 (The org.jboss.security.plugins.mapping.JBossMappingManager ...)
	NOT-FOR-US: JBoss Security
CVE-2014-7826 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
	NOTE: Support for SOFT_DISABLE to syscall events was added in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d562aff93bfb530b0992141500a402d17081189d (v3.13-rc1)
CVE-2014-7825 (kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does ...)
	- linux 3.16.7-ckt2-1
	[wheezy] - linux <not-affected> (Affected feature not enabled)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Affected feature not enabled)
	NOTE: CONFIG_FTRACE_SYSCALL not enabled in squeeze
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=086ba77a6db00ed858ff07451bedee197df868c9 (v3.18-rc3)
CVE-2014-7824 (D-Bus 1.3.0 through 1.6.x before 1.6.26, 1.8.x before 1.8.10, and ...)
	{DSA-3099-1}
	- dbus 1.8.10-1
	[squeeze] - dbus <not-affected> (dbus 1.2.x does not support FD passing)
	NOTE: Since this CVE is only a complement for the fix to CVE-2014-3636, versions not affected by CVE-2014-3636 do not need the patch provided for this CVE.
CVE-2014-7823 (The virDomainGetXMLDesc API in Libvirt before 1.2.11 allows remote ...)
	- libvirt 1.2.9-4 (bug #769149)
	[wheezy] - libvirt <not-affected> (Introduced in v1.0.0)
	[squeeze] - libvirt <not-affected> (Introduced in v1.0.0)
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=28f8dfdcccd4c0f69063ef741545b37d8a7f7935 (v1.0.0)
	NOTE: Fixed by http://libvirt.org/git/?p=libvirt.git;a=commit;h=b1674ad5a97441b7e1bd5f5ebaff498ef2fbb11b
CVE-2014-7822 (The implementation of certain splice_write file operations in the ...)
	{DSA-3170-1 DLA-155-1}
	- linux 3.16.2-1
	- linux-2.6 <removed>
	NOTE: Upstream fixes: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d0207652cbe27d1f962050737848e5ad4671958 (v3.16-rc1)
CVE-2014-7821 (OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows ...)
	- neutron 2014.1.3-6 (bug #770431)
	NOTE: Versions up to 2014.1.3 and 2014.2
	NOTE: https://launchpad.net/bugs/1378450
CVE-2014-7820
	RESERVED
CVE-2014-7819 (Multiple directory traversal vulnerabilities in server.rb in Sprockets ...)
	- ruby-sprockets 2.12.3-1
	[wheezy] - ruby-sprockets <no-dsa> (Minor issue)
CVE-2014-7818 (Directory traversal vulnerability in ...)
	- rails 2:4.1.8-1 (bug #770934)
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <not-affected> (Only affects >= 3)
	- rails-3.2 <removed>
	- ruby-actionpack-3.2 <removed>
	[wheezy] - ruby-actionpack-3.2 <no-dsa> (Minor issue)
	- ruby-actionpack-2.3 <not-affected> (Only affects >= 3)
CVE-2014-7817 (The wordexp function in GNU C Library (aka glibc) 2.21 does not ...)
	{DSA-3142-1 DLA-97-1}
	- glibc 2.19-14 (bug #775572)
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Will be fixed through a point update)
	NOTE: https://sourceware.org/ml/libc-alpha/2014-11/msg00519.html
	NOTE: Git commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=a39208bd7fb76c1b01c127b4c61f9bfd915bfe7c
CVE-2014-7816 (Directory traversal vulnerability in JBoss Undertow 1.0.x before ...)
	- undertow <not-affected> (only when running on Windows)
CVE-2014-7815 (The set_pixel_format function in ui/vnc.c in QEMU allows remote ...)
	{DSA-3067-1 DSA-3066-1}
	- qemu 2.1+dfsg-7
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=e6908bfe8e07f2b452e78e677da1b45b1c0f6829
CVE-2014-7814 (SQL injection vulnerability in Red Hat CloudForms 3.1 Management ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-7813 (Red Hat CloudForms 3 Management Engine (CFME) allows remote ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-7812 (Cross-site scripting (XSS) vulnerability in Spacewalk and Red Hat ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7811 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
	NOT-FOR-US: Red Hat Satellite / Spacewalk
CVE-2014-7810 (The Expression Language (EL) implementation in Apache Tomcat 6.x ...)
	{DSA-3530-1 DSA-3447-1 DSA-3428-1 DLA-232-1}
	- tomcat6 6.0.41-3 (bug #787010)
	NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
	- tomcat7 7.0.61-1
	- tomcat8 8.0.21-2
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645366 (6.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1659538 (6.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1644019 (7.x)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1645644 (7.x)
CVE-2014-7809 (Apache Struts 2.0.0 through 2.3.x before 2.3.20 uses predictable ...)
	- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.3)
CVE-2014-7808 (Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2014-7807 (Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows ...)
	NOT-FOR-US: Apache CloudStack
CVE-2014-7806
	REJECTED
CVE-2014-7805
	REJECTED
CVE-2014-7804 (The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application ...)
	NOT-FOR-US: Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application for Android
CVE-2014-7803 (The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) ...)
	NOT-FOR-US: Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application for Android
CVE-2014-7802 (The Top Roller Coasters Europe 2 (aka ...)
	NOT-FOR-US: Top Roller Coasters Europe 2 (aka com.appaapps.top10tallesteuropeanrollercoasters2) application for Android
CVE-2014-7801
	REJECTED
CVE-2014-7800 (The Daily Green (aka it.opentt.blog.dailygreen) application 2014.07 ...)
	NOT-FOR-US: Daily Green (aka it.opentt.blog.dailygreen) application for Android
CVE-2014-7799 (The Squishy birds (aka com.tatmob.squishybirds) application 1.0.1 for ...)
	NOT-FOR-US: Squishy birds (aka com.tatmob.squishybirds) application for Android
CVE-2014-7798 (The Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) ...)
	NOT-FOR-US: Coca-Cola FM Brasil (aka com.enyetech.radio.coca_cola.fm_br) application for Android
CVE-2014-7797 (The Thai food (aka com.foods.thaifood) application 1.0 for Android ...)
	NOT-FOR-US: Thai food (aka com.foods.thaifood) application for Android
CVE-2014-7796 (The House365 Radio (aka com.nobexinc.wls_27853803.rc) application ...)
	NOT-FOR-US: House365 Radio (aka com.nobexinc.wls_27853803.rc) application for Android
CVE-2014-7795 (The Harpers Bazaar Art (aka com.itp.harpersart) application @7F080181 ...)
	NOT-FOR-US: Harpers Bazaar Art (aka com.itp.harpersart) application for Android
CVE-2014-7794 (The Knights of the Void (aka ...)
	NOT-FOR-US: Knights of the Void (aka me.narr8.android.serial.knights_of_the_void) application for Android
CVE-2014-7793 (The CB - Calciatori Brutti (aka com.calciatori.brutti) application 1.0 ...)
	NOT-FOR-US: CB - Calciatori Brutti (aka com.calciatori.brutti) application for Android
CVE-2014-7792
	REJECTED
CVE-2014-7791 (The Backyard Wrestling (aka com.wBackyardWrestling) application 0.1 ...)
	NOT-FOR-US: Backyard Wrestling (aka com.wBackyardWrestling) application for Android
CVE-2014-7790
	REJECTED
CVE-2014-7789 (The Zillion Muslims (aka com.zillionmuslims.src) application 1.1 for ...)
	NOT-FOR-US: Zillion Muslims (aka com.zillionmuslims.src) application for Android
CVE-2014-7788 (The Best Free Giveaways (aka com.wIphone5GiveAways) application 0.1 ...)
	NOT-FOR-US: Best Free Giveaways (aka com.wIphone5GiveAways) application for Android
CVE-2014-7787 (The iShuttle (aka com.synapse.ishuttle_user) application 1.0 for ...)
	NOT-FOR-US: iShuttle (aka com.synapse.ishuttle_user) application for Android
CVE-2014-7786 (The English Football Magazine (aka com.magzter.englishfootball) ...)
	NOT-FOR-US: English Football Magazine (aka com.magzter.englishfootball) application for Android
CVE-2014-7785 (The AAAA Discount Bail (aka ...)
	NOT-FOR-US: AAAA Discount Bail (aka com.onesolutionapps.aaaadiscountbailandroid) application for Android
CVE-2014-7784 (The Schon! Magazine (aka com.magzter.schonmagazine) application 3.0 ...)
	NOT-FOR-US: Schon! Magazine (aka com.magzter.schonmagazine) application for Android
CVE-2014-7783 (The Bill G. Bennett (aka com.billgbennett) application 1.0 for Android ...)
	NOT-FOR-US: Bill G. Bennett (aka com.billgbennett) application for Android
CVE-2014-7782 (The Macedonia Hacienda Hotel (aka ...)
	NOT-FOR-US: Macedonia Hacienda Hotel (aka appinventor.ai_orolimpio999.HotelMacedonia) application for Android
CVE-2014-7781 (The Marijuana Handbook Lite - Weed (aka ...)
	NOT-FOR-US: Marijuana Handbook Lite - Weed (aka com.fallacystudios.marijuanahandbooklite) application for Android
CVE-2014-7780 (The Pakistan Cricket News (aka ...)
	NOT-FOR-US: Pakistan Cricket News (aka com.conduit.app_cf18df8bdf454eb0a836e2d29886bc40.app) application for Android
CVE-2014-7779 (The Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) ...)
	NOT-FOR-US: Kuran'in Bilimsel Mucizeleri (aka com.wKurannBilimselMucizeleri) application for Android
CVE-2014-7778 (The Epc World (aka com.magzter.epcworld) application 3.1 for Android ...)
	NOT-FOR-US: Epc World (aka com.magzter.epcworld) application for Android
CVE-2014-7777 (The Slingshot Forum (aka com.tapatalk.theslingshotforumcom) ...)
	NOT-FOR-US: Slingshot Forum (aka com.tapatalk.theslingshotforumcom) application for Android
CVE-2014-7776 (The Kavita KS (aka com.snaplion.kavitaks) application 2.4 for Android ...)
	NOT-FOR-US: Kavita KS (aka com.snaplion.kavitaks) application for Android
CVE-2014-7775 (The Champak - Hindi (aka com.magzter.champakhindi) application 3.0.1 ...)
	NOT-FOR-US: Champak - Hindi (aka com.magzter.champakhindi) application for Android
CVE-2014-7774 (The Herbs &amp; Flowers Dictionary (aka com.wHerbsNFlowersDictionary) ...)
	NOT-FOR-US: Herbs & Flowers Dictionary (aka com.wHerbsNFlowersDictionary) application for Android
CVE-2014-7773 (The Cleveland Football STREAM (aka ...)
	NOT-FOR-US: Cleveland Football STREAM (aka com.appstronautme.clevelandfootballstream) application for Android
CVE-2014-7772 (The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for ...)
	NOT-FOR-US: MB Tickets (aka com.xcr.android.mbtickets) application for Android
CVE-2014-7771 (The World Tamil Bayan (aka com.wWorldTamilBayan) application 0.1 for ...)
	NOT-FOR-US: World Tamil Bayan (aka com.wWorldTamilBayan) application for Android
CVE-2014-7770 (The Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) ...)
	NOT-FOR-US: Lagu POP Indonesia (aka com.lagu.pop.indonesia.xygwphqpuomclljvaa) application for Android
CVE-2014-7769 (The Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) ...)
	NOT-FOR-US: Accurate Lending (aka com.soln.S7B193908AEA1937C7CBB4E889A46D3C0) application for Android
CVE-2014-7768 (The Analects of Confucius (aka com.azbc88881.lunyu) application 8.0 ...)
	NOT-FOR-US: Analects of Confucius (aka com.azbc88881.lunyu) application for Android
CVE-2014-7767 (The A+ (aka cn.xrzcm) application 1.0.1 for Android does not verify ...)
	NOT-FOR-US: A+ (aka cn.xrzcm) application for Android
CVE-2014-7766 (The 7 Habits Personal Development (aka ...)
	NOT-FOR-US: 7 Habits Personal Development (aka appinventor.ai_ingka_d_jiw.TheCompleteGuideToApplyingThe7HabitsInHolisticPersonalDevelopment) application for Android
CVE-2014-7765 (The Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) ...)
	NOT-FOR-US: Hundred Thousands Kid Book (aka it.tinytap.attsa.thousands) application for Android
CVE-2014-7764 (The Semper Invicta Fitness (aka com.semper.invicta.fitness) ...)
	NOT-FOR-US: Semper Invicta Fitness (aka com.semper.invicta.fitness) application for Android
CVE-2014-7763 (The Listen up! mirucho (aka jp.ameba.kiiteyo.android) application ...)
	NOT-FOR-US: Listen up! mirucho (aka jp.ameba.kiiteyo.android) application for Android
CVE-2014-7762 (The Bite it! (aka com.ASA1Touch.Bite_it) application 1.1.8 for Android ...)
	NOT-FOR-US: Bite it! (aka com.ASA1Touch.Bite_it) application for Android
CVE-2014-7761 (The Ink Cards (aka com.sincerely.android.ink) application 2.0.4 for ...)
	NOT-FOR-US: Ink Cards (aka com.sincerely.android.ink) application for Android
CVE-2014-7760 (The Health assistance service (aka net.nttcloud.ft.karada) application ...)
	NOT-FOR-US: Health assistance service (aka net.nttcloud.ft.karada) application for Android
CVE-2014-7759 (The Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application ...)
	NOT-FOR-US: Jazz Lovers Radio (aka com.nobexinc.wls_99273254.rc) application for Android
CVE-2014-7758 (The AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) ...)
	NOT-FOR-US: AMKAMAL Science Portfolio (aka com.wAMKAMALSciencePortfolio) application for Android
CVE-2014-7757 (The Awful Ninja Game (aka ...)
	NOT-FOR-US: Awful Ninja Game (aka com.absolutelyawfulapplications.awfulninjagame) application for Android
CVE-2014-7756 (The Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) ...)
	NOT-FOR-US: Radiohead fan (aka nl.jborsje.android.bandnews.radiohead) application for Android
CVE-2014-7755 (The eTopUpOnline (aka com.moremagic.etopup.client.android) application ...)
	NOT-FOR-US: eTopUpOnline (aka com.moremagic.etopup.client.android) application for Android
CVE-2014-7754 (The Condor S.E. (aka com.app_condorsoutheast.layout) application 1.399 ...)
	NOT-FOR-US: Condor S.E. (aka com.app_condorsoutheast.layout) application for Android
CVE-2014-7753 (The Circa News (aka cir.ca) application 2.1.3 for Android does not ...)
	NOT-FOR-US: Circa News (aka cir.ca) application for Android
CVE-2014-7752 (The NASIOC (aka net.endoftime.android.forumrunner.nasioc) application ...)
	NOT-FOR-US: NASIOC (aka net.endoftime.android.forumrunner.nasioc) application for Android
CVE-2014-7751 (The Recetas de Tragos (aka com.wRecetasdeTragos) application 0.1 for ...)
	NOT-FOR-US: Recetas de Tragos (aka com.wRecetasdeTragos) application for Android
CVE-2014-7750 (The Taster Magazine (aka com.magazinecloner.taster) application ...)
	NOT-FOR-US: Taster Magazine (aka com.magazinecloner.taster) application for Android
CVE-2014-7749 (The CamDictionary (aka com.intsig.camdict) application 2.3.0.20131118 ...)
	NOT-FOR-US: CamDictionary (aka com.intsig.camdict) application for Android
CVE-2014-7748 (The Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application ...)
	NOT-FOR-US: Garip Ve Ilginc Olaylar (aka com.wGaripveeIlgincOlay) application for Android
CVE-2014-7747
	REJECTED
CVE-2014-7746 (The Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) ...)
	NOT-FOR-US: Fusion Flowers - Weddings (aka com.triactivemedia.fusionweddings) application for Android
CVE-2014-7745 (The Flight Manager (aka com.flightmanager.view) application 4.0 for ...)
	NOT-FOR-US: Flight Manager (aka com.flightmanager.view) application for Android
CVE-2014-7744 (The Musulmanin.com (aka com.wSalyafiyailimurdjiya) application 0.1 for ...)
	NOT-FOR-US: Musulmanin.com (aka com.wSalyafiyailimurdjiya) application for Android
CVE-2014-7743 (The Humor Ironias y Realidades (aka com.wHumork) application ...)
	NOT-FOR-US: Humor Ironias y Realidades (aka com.wHumork) application for Android
CVE-2014-7742 (The Noticias del Vaticano (aka com.wNoticiasdelVaticano) application ...)
	NOT-FOR-US: Noticias del Vaticano (aka com.wNoticiasdelVaticano) application for Android
CVE-2014-7741 (The Healing Bookstore (aka com.wHealingBookstore) application 0.1 for ...)
	NOT-FOR-US: Healing Bookstore (aka com.wHealingBookstore) application for Android
CVE-2014-7740 (The Pony Magazine (aka com.triactivemedia.ponymagazine) application ...)
	NOT-FOR-US: Pony Magazine (aka com.triactivemedia.ponymagazine) application for Android
CVE-2014-7739 (The Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application 0.1 for ...)
	NOT-FOR-US: Anahi A Adopter FR (aka com.wAnahiAAdopterFR) application for Android
CVE-2014-7738
	REJECTED
CVE-2014-7737 (The FMAC : Federation Culinaire (aka com.fmac) application 1.0 for ...)
	NOT-FOR-US: FMAC : Federation Culinaire (aka com.fmac) application for Android
CVE-2014-7736
	REJECTED
CVE-2014-7735 (The Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) ...)
	NOT-FOR-US: Dr. Sheikh Adnan Ibrahim (aka com.amitaff.adnanIbrahim) application for Android
CVE-2014-7734 (The Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) ...)
	NOT-FOR-US: Reds Anytime Bail (aka com.onesolutionapps.redsanytimebailandroid) application for Android
CVE-2014-7733 (The Karaf Magazin (aka com.magzter.karafmagazin) application 3.0 for ...)
	NOT-FOR-US: Karaf Magazin (aka com.magzter.karafmagazin) application for Android
CVE-2014-7732
	REJECTED
CVE-2014-7731 (The Radio de la Cato (aka com.radio.de.la.cato) application 2.0 for ...)
	NOT-FOR-US: Radio de la Cato (aka com.radio.de.la.cato) application for Android
CVE-2014-7730
	REJECTED
CVE-2014-7729
	REJECTED
CVE-2014-7728 (The Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) ...)
	NOT-FOR-US: Logan Banner (aka com.soln.S8B5C1F53B8CBE06D5DE0A0E7E23DCDA7) application for Android
CVE-2014-7727 (The Dj Brad H (aka com.dreamstep.wDjBradH) application 0.90 for ...)
	NOT-FOR-US: Dj Brad H (aka com.dreamstep.wDjBradH) application for Android
CVE-2014-7726 (The Golosinas Simpson1 (aka com.wGolosinasSimpson1) application 0.1 ...)
	NOT-FOR-US: Golosinas Simpson1 (aka com.wGolosinasSimpson1) application for Android
CVE-2014-7725 (The Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) ...)
	NOT-FOR-US: Rally Albania Live 2014 (aka com.wRallyAlbaniaLIVE2014) application for Android
CVE-2014-7724 (The Chemssou Blink (aka com.chemssou.blink) application 1.0 for ...)
	NOT-FOR-US: Chemssou Blink (aka com.chemssou.blink) application for Android
CVE-2014-7723 (The Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application ...)
	NOT-FOR-US: Carnegie Mellon Silicon Valley (aka edu.cmu.sv.mobile) application for Android
CVE-2014-7722 (The Indian Jeweller (aka com.magzter.indianjeweller) application 3.0 ...)
	NOT-FOR-US: Indian Jeweller (aka com.magzter.indianjeweller) application for Android
CVE-2014-7721 (The President Clicker (aka com.flexymind.pclicker) application 1.0.4 ...)
	NOT-FOR-US: President Clicker (aka com.flexymind.pclicker) application for Android
CVE-2014-7720 (The Better Homes and Gardens Aus (aka ...)
	NOT-FOR-US: Better Homes and Gardens Aus (aka com.pacificmagazines.betterhomesandgardens) application for Android
CVE-2014-7719 (The BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application 1.13 ...)
	NOT-FOR-US: BASEBALL MANAGER K (aka com.cjenm.yagamkgoogle) application for Android
CVE-2014-7718 (The Travel+Leisure (aka com.magzter.travelleisure) application 3.0 for ...)
	NOT-FOR-US: Travel+Leisure (aka com.magzter.travelleisure) application for Android
CVE-2014-7717 (The Mills-Hazel Property Mgmt (aka ...)
	NOT-FOR-US: Mills-Hazel Property Mgmt (aka com.appexpress.millshazelpropertymanagement) application for Android
CVE-2014-7716 (The Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) ...)
	NOT-FOR-US: Ultimate Christian Radios (aka com.ngg.ultimatechristianradios) application for Android
CVE-2014-7715 (The GIGA HOBBY (aka com.innopage.store.gigahobby) application 1.0.6 ...)
	NOT-FOR-US: GIGA HOBBY (aka com.innopage.store.gigahobby) application for Android
CVE-2014-7714 (The ibon (aka tw.net.pic.mobi) application 3.2.1 for Android does not ...)
	NOT-FOR-US: ibon (aka tw.net.pic.mobi) application for Android
CVE-2014-7713 (The Skin&amp;Ink Magazine (aka com.triactivemedia.skinandink) application ...)
	NOT-FOR-US: Skin&Ink Magazine (aka com.triactivemedia.skinandink) application for Android
CVE-2014-7712 (The Tiket.com Hotel &amp; Flight (aka com.tiket.gits) application 1.1.2 ...)
	NOT-FOR-US: Tiket.com Hotel & Flight (aka com.tiket.gits) application for Android
CVE-2014-7711
	REJECTED
CVE-2014-7710 (The India Today Telugu (aka com.magzter.indiatoday.telugu) application ...)
	NOT-FOR-US: India Today Telugu (aka com.magzter.indiatoday.telugu) application for Android
CVE-2014-7709
	REJECTED
CVE-2014-7708 (The Raven - The Culture Lover (aka com.booksbyraven) application 1.60 ...)
	NOT-FOR-US: Raven - The Culture Lover (aka com.booksbyraven) application for Android
CVE-2014-7707 (The Outdoor Design And Living (aka ...)
	NOT-FOR-US: Outdoor Design And Living (aka com.pocketmagsau.outdoordesignandliving) application for Android
CVE-2014-7706
	REJECTED
CVE-2014-7705 (The Atkins Diet Free Shopping List (aka ...)
	NOT-FOR-US: Atkins Diet Free Shopping List (aka com.wAtkinsDietFreeShoppingList) application for Android
CVE-2014-7704
	REJECTED
CVE-2014-7703 (The Terrorizer Magazine (aka com.triactivemedia.terrorizer) ...)
	NOT-FOR-US: Terrorizer Magazine (aka com.triactivemedia.terrorizer) application for Android
CVE-2014-7702 (The ahtty (aka com.crevation.babylon.ahtty) application 1.97.16 for ...)
	NOT-FOR-US: ahtty (aka com.crevation.babylon.ahtty) application for Android
CVE-2014-7701 (The DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application ...)
	NOT-FOR-US: DoNotTrackMe - Mobile Privacy (aka com.abine.dnt) application for Android
CVE-2014-7700 (The Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application ...)
	NOT-FOR-US: Flying Fox (aka com.chillingo.slyfoxfree.android.aja) application for Android
CVE-2014-7699
	REJECTED
CVE-2014-7698 (The Xinhua International (aka org.xinhua.xnews_international) ...)
	NOT-FOR-US: Xinhua International (aka org.xinhua.xnews_international) application for Android
CVE-2014-7697 (The Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application ...)
	NOT-FOR-US: Eyvah! Bosandim ozgurum (aka com.wEyvahBosandimBlog) application for Android
CVE-2014-7696 (The Halftime Magazine (aka com.magzter.halftimemagazine) application ...)
	NOT-FOR-US: Halftime Magazine (aka com.magzter.halftimemagazine) application for Android
CVE-2014-7695 (The easaa Baoneng (aka com.easaa.baoneng) application 1.0 for Android ...)
	NOT-FOR-US: easaa Baoneng (aka com.easaa.baoneng) application for Android
CVE-2014-7694 (The Corvette Museum (aka com.app_corvettemuseum.layout) application ...)
	NOT-FOR-US: Corvette Museum (aka com.app_corvettemuseum.layout) application for Android
CVE-2014-7693 (The JusApp! (aka com.tapatalk.jusappcombrforum) application 3.7.5 for ...)
	NOT-FOR-US: JusApp! (aka com.tapatalk.jusappcombrforum) application for Android
CVE-2014-7692 (The Lent Experience (aka com.wLentExperience) application 0.1 for ...)
	NOT-FOR-US: Lent Experience (aka com.wLentExperience) application for Android
CVE-2014-7691 (The Life Story of Sheikh Mujib (aka com.wbongobondho) application 0.1 ...)
	NOT-FOR-US: Life Story of Sheikh Mujib (aka com.wbongobondho) application for Android
CVE-2014-7690 (The myfone Shopping (aka com.twm.pt.eccart) application 2.1.01.00.040 ...)
	NOT-FOR-US: myfone Shopping (aka com.twm.pt.eccart) application for Android
CVE-2014-7689 (The GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application 0.1 for ...)
	NOT-FOR-US: GzoneRC - The RC Hobby Hub (aka com.wGzoneRC) application for Android
CVE-2014-7688 (The Home Improvement (aka com.whomeimprovementapp) application 0.1 for ...)
	NOT-FOR-US: Home Improvement (aka com.whomeimprovementapp) application for Android
CVE-2014-7687
	REJECTED
CVE-2014-7686 (The So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) ...)
	NOT-FOR-US: So. Co. Business Partnership (aka com.ChamberMe.SCBPSOUTHERNCO) application for Android
CVE-2014-7685 (The Razer Comms - Gaming Messenger (aka com.razerzone.comms) ...)
	NOT-FOR-US: Razer Comms - Gaming Messenger (aka com.razerzone.comms) application for Android
CVE-2014-7684
	REJECTED
CVE-2014-7683 (The Free Canadian Author Previews (aka ...)
	NOT-FOR-US: Free Canadian Author Previews (aka com.booksellerscanada.authorpreview) application for Android
CVE-2014-7682 (The GR8! TV (aka com.magzter.greighttv) application 3.0 for Android ...)
	NOT-FOR-US: GR8! TV (aka com.magzter.greighttv) application for Android
CVE-2014-7681 (The VMware vForums 2014 (aka ...)
	NOT-FOR-US: VMware vForums 2014 (aka com.coreapps.android.followme.vmwarevforums) application for Android
CVE-2014-7680
	REJECTED
CVE-2014-7679
	REJECTED
CVE-2014-7678
	REJECTED
CVE-2014-7677 (The Scudetto (aka com.scudetto) application 2.7 for Android does not ...)
	NOT-FOR-US: Scudetto (aka com.scudetto) application for Android
CVE-2014-7676 (The Home Made Air Freshener (aka com.wHomeMadeAirFreshener) ...)
	NOT-FOR-US: Home Made Air Freshener (aka com.wHomeMadeAirFreshener) application for Android
CVE-2014-7675
	REJECTED
CVE-2014-7674 (The TicketOne.it (aka it.ticketone.mobile.app.Android) application 2.2 ...)
	NOT-FOR-US: TicketOne.it (aka it.ticketone.mobile.app.Android) application for Android
CVE-2014-7673
	REJECTED
CVE-2014-7672
	REJECTED
CVE-2014-7671 (The Tekno Apsis (aka com.teknoapsis) application 2.4 for Android does ...)
	NOT-FOR-US: Tekno Apsis (aka com.teknoapsis) application for Android
CVE-2014-7670 (The Motor Town: Machine Soul Free (aka com.alawar.motortownfree) ...)
	NOT-FOR-US: Motor Town: Machine Soul Free (aka com.alawar.motortownfree) application for Android
CVE-2014-7669
	REJECTED
CVE-2014-7668 (The Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application 1.4 for ...)
	NOT-FOR-US: Ads Free. Cz advert (aka cz.inzeratyzdarma.cz) application for Android
CVE-2014-7667 (The Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) ...)
	NOT-FOR-US: Coca-Cola FM Honduras (aka com.enyetech.radio.coca_cola.fm_hn) application for Android
CVE-2014-7666 (The American Waterfowler (aka com.magazinecloner.americanwaterfowler) ...)
	NOT-FOR-US: American Waterfowler (aka com.magazinecloner.americanwaterfowler) application for Android
CVE-2014-7665
	REJECTED
CVE-2014-7664 (The Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) ...)
	NOT-FOR-US: Bilingual Magic Ball Relajo (aka com.wBilingualMagicBallRelajo) application for Android
CVE-2014-7663 (The Right to the Nitty Gritty (aka com.wGoNittyGritty) application 0.1 ...)
	NOT-FOR-US: Right to the Nitty Gritty (aka com.wGoNittyGritty) application for Android
CVE-2014-7662
	REJECTED
CVE-2014-7661 (The Masquito Blogger (aka com.wmasquito) application 0.1 for Android ...)
	NOT-FOR-US: Masquito Blogger (aka com.wmasquito) application for Android
CVE-2014-7660 (The Gent Magazine (aka com.magzter.thegentmagazine) application 3.0 ...)
	NOT-FOR-US: Gent Magazine (aka com.magzter.thegentmagazine) application for Android
CVE-2014-7659 (The ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) ...)
	NOT-FOR-US: ExpeditersOnline.com Forum (aka com.quoord.tapatalkeo.activity) application for Android
CVE-2014-7658
	REJECTED
CVE-2014-7657
	REJECTED
CVE-2014-7656 (The Indian Management (aka com.magzter.indianmanagement) application ...)
	NOT-FOR-US: Indian Management (aka com.magzter.indianmanagement) application for Android
CVE-2014-7655 (The Dresden Transport Museum (aka de.appack.project.vmd) application ...)
	NOT-FOR-US: Dresden Transport Museum (aka de.appack.project.vmd) application for Android
CVE-2014-7654
	REJECTED
CVE-2014-7653
	REJECTED
CVE-2014-7652 (The Magicam Photo Magic Editor (aka mobi.magicam.editor) application ...)
	NOT-FOR-US: Magicam Photo Magic Editor (aka mobi.magicam.editor) application for Android
CVE-2014-7651
	REJECTED
CVE-2014-7650 (The JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application 1.0 ...)
	NOT-FOR-US: JJA- Juvenile Justice Act 1986 (aka com.felix.jja) application for Android
CVE-2014-7649 (The Classic Car Buyer (aka com.magazinecloner.carbuyer) application ...)
	NOT-FOR-US: Classic Car Buyer (aka com.magazinecloner.carbuyer) application for Android
CVE-2014-7648 (The SMARTalk (aka jp.co.fusioncom.smartalk.android) application 1.1 ...)
	NOT-FOR-US: SMARTalk (aka jp.co.fusioncom.smartalk.android) application for Android
CVE-2014-7647 (The BOOKING DISCOUNT (aka com.wmygoodhotelscom) application 0.1 for ...)
	NOT-FOR-US: BOOKING DISCOUNT (aka com.wmygoodhotelscom) application for Android
CVE-2014-7646 (The EMT-Paramedic Lite (aka com.wEMTparamedicLite) application 0.1 for ...)
	NOT-FOR-US: EMT-Paramedic Lite (aka com.wEMTparamedicLite) application for Android
CVE-2014-7645
	REJECTED
CVE-2014-7644 (The Go MSX MLS (aka ...)
	NOT-FOR-US: Go MSX MLS (aka com.doapps.android.realestate.RE_16b9c09c4d5b0e174208f35e7c49f9a0) application for Android
CVE-2014-7643 (The C.R. Group (aka com.c.r.group) application 1.0 for Android does ...)
	NOT-FOR-US: C.R. Group (aka com.c.r.group) application for Android
CVE-2014-7642 (The Pegasus Airlines (aka com.wPegasusAirlines) application ...)
	NOT-FOR-US: Pegasus Airlines (aka com.wPegasusAirlines) application for Android
CVE-2014-7641
	REJECTED
CVE-2014-7640 (The Hotel Room (aka com.wHotelRoom) application 0.1 for Android does ...)
	NOT-FOR-US: Hotel Room (aka com.wHotelRoom) application for Android
CVE-2014-7639
	REJECTED
CVE-2014-7638 (The Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application ...)
	NOT-FOR-US: Fabuestereo 88.1 FM (aka com.nobexinc.wls_27892411.rc) application for Android
CVE-2014-7637
	REJECTED
CVE-2014-7636 (The United Hawk Nation (aka com.united12thman) application 2.1 for ...)
	NOT-FOR-US: United Hawk Nation (aka com.united12thman) application for Android
CVE-2014-7635
	REJECTED
CVE-2014-7634 (The Adopt O Pet (aka com.wFindAPet) application 0.1 for Android does ...)
	NOT-FOR-US: Adopt O Pet (aka com.wFindAPet) application for Android
CVE-2014-7633 (The Dino Zoo (aka com.tappocket.dinozoostar) application 1.5 for ...)
	NOT-FOR-US: Dino Zoo (aka com.tappocket.dinozoostar) application for Android
CVE-2014-7632 (The news revolution - bahrain (aka com.news.revolution.BH) application ...)
	NOT-FOR-US: news revolution - bahrain (aka com.news.revolution.BH) application for Android
CVE-2014-7631 (The Villa Antonia (aka com.appbuilder.u7p5019) application 1 for ...)
	NOT-FOR-US: Villa Antonia (aka com.appbuilder.u7p5019) application for Android
CVE-2014-7630 (The Fling Gold (aka com.mbgames.fling.gold) application 1.1.3 for ...)
	NOT-FOR-US: Fling Gold (aka com.mbgames.fling.gold) application for Android
CVE-2014-7629 (The Yulman Stadium (aka com.dub.app.tulanestadium) application 1.4.25 ...)
	NOT-FOR-US: Yulman Stadium (aka com.dub.app.tulanestadium) application for Android
CVE-2014-7628 (The Acorn Comms (aka com.acorncomms.app) application 3.0 for Android ...)
	NOT-FOR-US: Acorn Comms (aka com.acorncomms.app) application for Android
CVE-2014-7627
	REJECTED
CVE-2014-7626 (The Atme (aka com.bedigital.atme) application 1.0.10 for Android does ...)
	NOT-FOR-US: Atme (aka com.bedigital.atme) application for Android
CVE-2014-7625
	REJECTED
CVE-2014-7624 (The Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) ...)
	NOT-FOR-US: Guess the Pixel Character Quiz (aka com.aiadp.pixelcQuiz) application for Android
CVE-2014-7623
	REJECTED
CVE-2014-7622 (The Affinity Mobile ATM Locator (aka ...)
	NOT-FOR-US: Affinity Mobile ATM Locator (aka com.collegemobile.affinity.locator) application for Android
CVE-2014-7621 (The EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application 1.1 ...)
	NOT-FOR-US: EIN Lookup (aka appinventor.ai_siwanuth.EINLookup) application for Android
CVE-2014-7620 (The Authors On Tour - Live! (aka com.appmakr.app122286) application 4 ...)
	NOT-FOR-US: Authors On Tour - Live! (aka com.appmakr.app122286) application for Android
CVE-2014-7619
	REJECTED
CVE-2014-7618 (The Interior Design (aka com.interior.design.mcreda) application 1.0 ...)
	NOT-FOR-US: Interior Design (aka com.interior.design.mcreda) application for Android
CVE-2014-7617 (The www.roads365.com (aka ydx.android) application 1.0.1 for Android ...)
	NOT-FOR-US: www.roads365.com (aka ydx.android) application for Android
CVE-2014-7616 (The Physics Forums (aka com.tapatalk.physicsforumscom) application ...)
	NOT-FOR-US: Physics Forums (aka com.tapatalk.physicsforumscom) application for Android
CVE-2014-7615
	REJECTED
CVE-2014-7614 (The Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application ...)
	NOT-FOR-US: Warrior Beach Retreat (aka com.wWarriorBeachRetreat) application for Android
CVE-2014-7613 (The WASPS Official Programmes (aka com.triactivemedia.wasps) ...)
	NOT-FOR-US: WASPS Official Programmes (aka com.triactivemedia.wasps) application for Android
CVE-2014-7612 (The e-Kiosk (aka com.ekioskreader.android.pdfviewer) application 1.74 ...)
	NOT-FOR-US: e-Kiosk (aka com.ekioskreader.android.pdfviewer) application for Android
CVE-2014-7611 (The Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) ...)
	NOT-FOR-US: Lost Temple (aka com.crazy.game.good.mengchenglu.templeI) application for Android
CVE-2014-7610 (The Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) ...)
	NOT-FOR-US: Kadinlar Kulubu KKMobileApp (aka com.tapatalk.kadinlarkulubucom) application for Android
CVE-2014-7609 (The iStunt 2 (aka com.miniclip.istunt2) application 1.1.2 for Android ...)
	NOT-FOR-US: iStunt 2 (aka com.miniclip.istunt2) application for Android
CVE-2014-7608 (The Carrier Enterprise HVAC Assist (aka com.es.CE) application 4.0 for ...)
	NOT-FOR-US: Carrier Enterprise HVAC Assist (aka com.es.CE) application for Android
CVE-2014-7607 (The Swamiji.tv (aka org.yidl.SwamijiTV) application 2.0 for Android ...)
	NOT-FOR-US: Swamiji.tv (aka org.yidl.SwamijiTV) application for Android
CVE-2014-7606 (The Concursive (aka com.concursive.app) application 2.1 for Android ...)
	NOT-FOR-US: Concursive (aka com.concursive.app) application for Android
CVE-2014-7605 (The Actors Key (aka ...)
	NOT-FOR-US: Actors Key (aka com.conduit.app_f83daeb6861b401bb103c33ea4210029.app) application for Android
CVE-2014-7604 (The Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) ...)
	NOT-FOR-US: Easy Tips For Glowing Skin (aka com.n.easytipsforglowingskin) application for Android
CVE-2014-7603 (The Gravey Design (aka com.dreamstep.wGraveyDesign) application ...)
	NOT-FOR-US: Gravey Design (aka com.dreamstep.wGraveyDesign) application for Android
CVE-2014-7602 (The FRONT (aka com.magazinecloner.front) application @7F08017A for ...)
	NOT-FOR-US: FRONT (aka com.magazinecloner.front) application for Android
CVE-2014-7601
	REJECTED
CVE-2014-7600
	REJECTED
CVE-2014-7599
	REJECTED
CVE-2014-7598 (The Poker Puzzle (aka com.sharpiq.pokerpuzzle) application 1.0.0 for ...)
	NOT-FOR-US: Poker Puzzle (aka com.sharpiq.pokerpuzzle) application for Android
CVE-2014-7597 (The Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) ...)
	NOT-FOR-US: Fabulas Infantiles (aka com.mobincube.android.sc_9I1A3) application for Android
CVE-2014-7596 (The Paramore (aka uk.co.pixelkicks.paramore) application 2.3.4 for ...)
	NOT-FOR-US: Paramore (aka uk.co.pixelkicks.paramore) application for Android
CVE-2014-7595 (The devada.co.uk (aka com.wdevadacouk) application 1.2 for Android ...)
	NOT-FOR-US: devada.co.uk (aka com.wdevadacouk) application for Android
CVE-2014-7594
	REJECTED
CVE-2014-7593 (The Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application 1.1 ...)
	NOT-FOR-US: Mr Whippet - Yorkshire Ice (aka com.appytimes.ice) application for Android
CVE-2014-7592 (The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) ...)
	NOT-FOR-US: FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application for Android
CVE-2014-7591 (The Demon (aka com.ireadercity.c24) application 3.0.2 for Android does ...)
	NOT-FOR-US: Demon (aka com.ireadercity.c24) application for Android
CVE-2014-7590 (The WebPromoExperts (aka ua.com.webpromoexperts) application 1.8 for ...)
	NOT-FOR-US: WebPromoExperts (aka ua.com.webpromoexperts) application for Android
CVE-2014-7589 (The Industrial and Commercial Bank of China (ICBC) Banking (aka ...)
	NOT-FOR-US: Industrial and Commercial Bank of China (ICBC) Banking (aka com.icbc.android) application for Android
CVE-2014-7588
	REJECTED
CVE-2014-7587 (The Blocked in Free (aka com.blueup.blocked) application 1.0 for ...)
	NOT-FOR-US: Blocked in Free (aka com.blueup.blocked) application for Android
CVE-2014-7586
	REJECTED
CVE-2014-7585 (The Biplane Forum (aka com.gcspublishing.biplaneforum) application ...)
	NOT-FOR-US: Biplane Forum (aka com.gcspublishing.biplaneforum) application for Android
CVE-2014-7584 (The ACN2GO (aka com.dataparadigm.acnmobile) application 1.7 for ...)
	NOT-FOR-US: ACN2GO (aka com.dataparadigm.acnmobile) application for Android
CVE-2014-7583
	REJECTED
CVE-2014-7582 (The Water Lateral Sizer (aka com.wWaterLateralSizer) application 1.2 ...)
	NOT-FOR-US: Water Lateral Sizer (aka com.wWaterLateralSizer) application for Android
CVE-2014-7581 (The Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) ...)
	NOT-FOR-US: Quotes of Travis Barker (aka com.celebrity_quotes.travisbarker) application for Android
CVE-2014-7580 (The Thailand Investor News (aka nudecreative.thaistock.set) ...)
	NOT-FOR-US: Thailand Investor News (aka nudecreative.thaistock.set) application for Android
CVE-2014-7579
	REJECTED
CVE-2014-7578 (The Bieber News Now (aka com.jbnews) application 12.0.5 for Android ...)
	NOT-FOR-US: Bieber News Now (aka com.jbnews) application for Android
CVE-2014-7577 (The B&amp;H Photo Video Pro Audio (aka com.bhphoto) application 2.5.1 for ...)
	NOT-FOR-US: B&H Photo Video Pro Audio (aka com.bhphoto) application for Android
CVE-2014-7576 (The Chien Binh Bakugan 2 LongTieng (aka ...)
	NOT-FOR-US: Chien Binh Bakugan 2 LongTieng (aka com.htv.chien.binh.bakugan.ii.hanh.trinh.moi.long.tieng) application for Android
CVE-2014-7575 (The eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) ...)
	NOT-FOR-US: eBiblio Andalucia (aka com.bqreaders.reader.ebiblioandalucia) application for Android
CVE-2014-7574
	REJECTED
CVE-2014-7573 (The droid Survey Offline Forms (aka com.contact.droidSURVEY) ...)
	NOT-FOR-US: droid Survey Offline Forms (aka com.contact.droidSURVEY) application for Android
CVE-2014-7572 (The Stoner's Handbook L- Bud Guide (aka ...)
	NOT-FOR-US: Stoner's Handbook L- Bud Guide (aka fallacystudios.stonershandbooklite) application for Android
CVE-2014-7571 (The Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) ...)
	NOT-FOR-US: Grey's Anatomy Fan (aka nl.jborsje.android.tvfan.greysanatomy) application for Android
CVE-2014-7570 (The Fire Equipments Screen lock (aka ...)
	NOT-FOR-US: Fire Equipments Screen lock (aka com.locktheworld.screen.lock.theme.FireEquipments) application for Android
CVE-2014-7569 (The Best Greatness Quotes (aka best.free.greatness.quotes.android.app) ...)
	NOT-FOR-US: Best Greatness Quotes (aka best.free.greatness.quotes.android.app) application for Android
CVE-2014-7568 (The Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) ...)
	NOT-FOR-US: Marcus Butler Unofficial (aka com.automon.ay.marcus.butler) application for Android
CVE-2014-7567 (The iMig 2012 (aka com.webges.imig) application 1.0.0 for Android does ...)
	NOT-FOR-US: iMig 2012 (aka com.webges.imig) application for Android
CVE-2014-7566 (The Stift Neuburg (aka de.appack.project.neuburg) application 1.1 for ...)
	NOT-FOR-US: Stift Neuburg (aka de.appack.project.neuburg) application for Android
CVE-2014-7565 (The Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application ...)
	NOT-FOR-US: Rando Noeux (aka com.gmteditions.NoeuxLesMinesDistrib) application for Android
CVE-2014-7564 (The Simple Car Care Tip and Advice (aka ...)
	NOT-FOR-US: Simple Car Care Tip and Advice (aka com.a1481542198504ee106f182c8a.a40350826a) application for Android
CVE-2014-7563 (The Tactical Force LLC (aka ...)
	NOT-FOR-US: Tactical Force LLC (aka com.conduit.app_69f61a8852b046f2846054b30c4032a7.app) application for Android
CVE-2014-7562 (The Health Advocate SmartHelp (aka com.healthadvocate.ui) application ...)
	NOT-FOR-US: Health Advocate SmartHelp (aka com.healthadvocate.ui) application for Android
CVE-2014-7561
	REJECTED
CVE-2014-7560 (The Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) ...)
	NOT-FOR-US: Fabasoft Cloud (aka com.fabasoft.android.cmis.folio_cloud) application for Android
CVE-2014-7559 (The InstaTalks (aka com.natrobit.instatalks) application 1.3.1 for ...)
	NOT-FOR-US: InstaTalks (aka com.natrobit.instatalks) application for Android
CVE-2014-7558 (The Everest Poker (aka com.wEverestPoker) application 0.1 for Android ...)
	NOT-FOR-US: Everest Poker (aka com.wEverestPoker) application for Android
CVE-2014-7557 (The zroadster.com (aka com.tapatalk.zroadstercomforum) application ...)
	NOT-FOR-US: zroadster.com (aka com.tapatalk.zroadstercomforum) application for Android
CVE-2014-7556
	REJECTED
CVE-2014-7555 (The Apparound BLEND (aka com.apparound.mobile.catalogo) application ...)
	NOT-FOR-US: Apparound BLEND (aka com.apparound.mobile.catalogo) application for Android
CVE-2014-7554 (The Bouqs - Flowers Simplified (aka com.bouqs.activity) application ...)
	NOT-FOR-US: Bouqs - Flowers Simplified (aka com.bouqs.activity) application for Android
CVE-2014-7553 (The GET NYCE Lightworks (aka com.wGETNYCE) application ...)
	NOT-FOR-US: GET NYCE Lightworks (aka com.wGETNYCE) application for Android
CVE-2014-7552 (The Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application ...)
	NOT-FOR-US: Zombie Diary (aka com.ezjoy.feelingtouch.zombiediary) application for Android
CVE-2014-7551 (The Noticias Bebes Beybies (aka com.beybies) application 1.0 for ...)
	NOT-FOR-US: Noticias Bebes Beybies (aka com.beybies) application for Android
CVE-2014-7550 (The basketball news &amp; videos (aka com.basketbal.news.caesar) ...)
	NOT-FOR-US: basketball news & videos (aka com.basketbal.news.caesar) application for Android
CVE-2014-7549
	REJECTED
CVE-2014-7548
	REJECTED
CVE-2014-7547 (The Texas Poker Unlimited Hold'em (aka ...)
	NOT-FOR-US: Texas Poker Unlimited Hold'em (aka com.fpinternet.texaspokerunlimitedholdem) application for Android
CVE-2014-7546 (The Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application ...)
	NOT-FOR-US: Buddhist Prayer (aka com.buddhist.prayer.mantra.sutra) application for Android
CVE-2014-7545
	REJECTED
CVE-2014-7544 (The Secret City - Motion Comic (aka ...)
	NOT-FOR-US: Secret City - Motion Comic (aka me.narr8.android.serial.the_secret_city) application for Android
CVE-2014-7543 (The Blood (aka com.sheridan.ash) application 2.1 for Android does not ...)
	NOT-FOR-US: Blood (aka com.sheridan.ash) application for Android
CVE-2014-7542 (The l'Informatiu (aka com.linformatiu.spm) application 2.0 for Android ...)
	NOT-FOR-US: l'Informatiu (aka com.linformatiu.spm) application for Android
CVE-2014-7541
	REJECTED
CVE-2014-7540
	REJECTED
CVE-2014-7539 (The Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application ...)
	NOT-FOR-US: Zhang Zhijun Taiwan Visit 2014-06-25 (aka com.zizizzi) application for Android
CVE-2014-7538 (The Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) ...)
	NOT-FOR-US: Headlines news India (aka com.dreamstep.wHEADLINESNEWSINDIA) application for Android
CVE-2014-7537
	REJECTED
CVE-2014-7536 (The Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) ...)
	NOT-FOR-US: Service Academy Forums (aka com.tapatalk.serviceacademyforumscom) application for Android
CVE-2014-7535 (The Classic Racer (aka com.triactivemedia.classicracer) application ...)
	NOT-FOR-US: Classic Racer (aka com.triactivemedia.classicracer) application for Android
CVE-2014-7534 (The Funny &amp; Interesting Things (aka com.wFunnyandInterestingThings) ...)
	NOT-FOR-US: Funny & Interesting Things (aka com.wFunnyandInterestingThings) application for Android
CVE-2014-7533 (The NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) ...)
	NOT-FOR-US: NotreDame Seguradora (aka br.com.notredame.mobile.NotreDame) application for Android
CVE-2014-7532 (The GES Agri Connect (aka com.wAgriConnect) application 0.1 for ...)
	NOT-FOR-US: GES Agri Connect (aka com.wAgriConnect) application for Android
CVE-2014-7531
	REJECTED
CVE-2014-7530 (The PRIX IMPORT (aka com.myapphone.android.myapppriximport) ...)
	NOT-FOR-US: PRIX IMPORT (aka com.myapphone.android.myapppriximport) application for Android
CVE-2014-7529 (The Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) ...)
	NOT-FOR-US: Bodyguard for Hire (aka com.dreamstep.wBodyGuardforHire) application for Android
CVE-2014-7528 (The Horsepower (aka com.apptive.android.apps.horsepower) application ...)
	NOT-FOR-US: Horsepower (aka com.apptive.android.apps.horsepower) application for Android
CVE-2014-7527 (The Savage Nation Mobile Web (aka com.wSavageNation) application ...)
	NOT-FOR-US: Savage Nation Mobile Web (aka com.wSavageNation) application for Android
CVE-2014-7526 (The Immunize Canada (aka ca.ohri.immunizeapp) application 1.0.1 for ...)
	NOT-FOR-US: Immunize Canada (aka ca.ohri.immunizeapp) application for Android
CVE-2014-7525 (The Domain Name Search &amp; Web Host (aka ...)
	NOT-FOR-US: Domain Name Search & Web Host (aka com.wDomainNameSearchandRegistration) application for Android
CVE-2014-7524 (The Bed and Breakfast (aka com.wbedandbreakfastapp) application 0.1 ...)
	NOT-FOR-US: Bed and Breakfast (aka com.wbedandbreakfastapp) application for Android
CVE-2014-7523 (The Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application ...)
	NOT-FOR-US: Radio Bethlehem RB2000 (aka com.Abuhadbah.rbl2000v2) application for Android
CVE-2014-7522 (The Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application 1.2 ...)
	NOT-FOR-US: Maccabi Pakal (aka com.ideomobile.pakalmaccabi) application for Android
CVE-2014-7521 (The Anderson Musaamil (aka com.app_andersonmusaamil.layout) ...)
	NOT-FOR-US: Anderson Musaamil (aka com.app_andersonmusaamil.layout) application for Android
CVE-2014-7520 (The Nova 92.1 FM (aka com.wNova921FM) application 1.0 for Android does ...)
	NOT-FOR-US: Nova 92.1 FM (aka com.wNova921FM) application for Android
CVE-2014-7519 (The Cycling Manager Game Cff (aka com.CyclingManagerGame) application ...)
	NOT-FOR-US: Cycling Manager Game Cff (aka com.CyclingManagerGame) application for Android
CVE-2014-7518 (The Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) ...)
	NOT-FOR-US: Bowl Expo 2014 (aka com.coreapps.android.followme.bowlexpo14) application for Android
CVE-2014-7517 (The Myanmar Movies HD (aka com.wmyanmarmoviesHD) application 0.1 for ...)
	NOT-FOR-US: Myanmar Movies HD (aka com.wmyanmarmoviesHD) application for Android
CVE-2014-7516 (The Central East LHIN News (aka com.wCentralEastLHINNews) application ...)
	NOT-FOR-US: Central East LHIN News (aka com.wCentralEastLHINNews) application for Android
CVE-2014-7515 (The Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) ...)
	NOT-FOR-US: Bail Bonds (aka com.onesolutionapps.chadlewisbailbondsandroid) application for Android
CVE-2014-7514
	REJECTED
CVE-2014-7513 (The Top Hangover Cures (aka com.TopHangoverCures) application 1.2 for ...)
	NOT-FOR-US: Top Hangover Cures (aka com.TopHangoverCures) application for Android
CVE-2014-7512
	REJECTED
CVE-2014-7511
	REJECTED
CVE-2014-7510 (The Graffit It (aka com.presenttechnologies.graffitit) application ...)
	NOT-FOR-US: Graffit It (aka com.presenttechnologies.graffitit) application for Android
CVE-2014-7509 (The A Very Short History of Japan (aka com.ireadercity.c51) ...)
	NOT-FOR-US: A Very Short History of Japan (aka com.ireadercity.c51) application for Android
CVE-2014-7508 (The Help For Doc (aka com.childrens.physician.relations) application ...)
	NOT-FOR-US: Help For Doc (aka com.childrens.physician.relations) application for Android
CVE-2014-7507 (The Hector Leal (aka ad.hector.leal.com) application 13/08/14 for ...)
	NOT-FOR-US: Hector Leal (aka ad.hector.leal.com) application for Android
CVE-2014-7506 (The Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) ...)
	NOT-FOR-US: Realtime Music Rank (aka com.blogspot.imapp.immusicrank2) application for Android
CVE-2014-7505 (The AppTalk (aka com.chatatami.apptalk) application 1.4.8 for Android ...)
	NOT-FOR-US: AppTalk (aka com.chatatami.apptalk) application for Android
CVE-2014-7504
	REJECTED
CVE-2014-7503
	REJECTED
CVE-2014-7502 (The Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) ...)
	NOT-FOR-US: Escucha elDiario.es (aka es.lacabradev.escuchaeldiario) application for Android
CVE-2014-7501 (The Translation Widget (aka com.wTranslationGadget) application 0.1 ...)
	NOT-FOR-US: Translation Widget (aka com.wTranslationGadget) application for Android
CVE-2014-7500
	REJECTED
CVE-2014-7499 (The Sword (aka com.ireadercity.c25) application 3.0.2 for Android does ...)
	NOT-FOR-US: Sword (aka com.ireadercity.c25) application for Android
CVE-2014-7498 (The Space Cinema (aka it.thespacecinema.android) application 2.0.6 for ...)
	NOT-FOR-US: Space Cinema (aka it.thespacecinema.android) application for Android
CVE-2014-7497 (The Portfolium (aka com.wPortfolium) application 0.1 for Android does ...)
	NOT-FOR-US: Portfolium (aka com.wPortfolium) application for Android
CVE-2014-7496
	REJECTED
CVE-2014-7495 (The LogosQuest - Beginnings (aka com.wLogosQuest) application 1.0 for ...)
	NOT-FOR-US: LogosQuest - Beginnings (aka com.wLogosQuest) application for Android
CVE-2014-7494 (The Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) ...)
	NOT-FOR-US: Kontan Kiosk (aka com.appsfoundry.scoopwl.id.kontankiosk) application for Android
CVE-2014-7493 (The 100 Books (aka com.ireadercity.c20) application 3.0.2 for Android ...)
	NOT-FOR-US: 100 Books (aka com.ireadercity.c20) application for Android
CVE-2014-7492 (The Secretos de belleza (aka ...)
	NOT-FOR-US: Secretos de belleza (aka com.rareartifact.secretosdebelleza83A55CB8) application for Android
CVE-2014-7491 (The Short Stories (aka com.ireadercity.c48) application 3.0.2 for ...)
	NOT-FOR-US: Short Stories (aka com.ireadercity.c48) application for Android
CVE-2014-7490 (The Menaka - Marathi (aka com.magzter.menakamarathi) application 3.0 ...)
	NOT-FOR-US: Menaka - Marathi (aka com.magzter.menakamarathi) application for Android
CVE-2014-7489
	REJECTED
CVE-2014-7488 (The Vineyard All In (aka com.wVineyardAllIn) application 0.1 for ...)
	NOT-FOR-US: Vineyard All In (aka com.wVineyardAllIn) application for Android
CVE-2014-7487 (The ADT Aesthetic Dentistry Today (aka ...)
	NOT-FOR-US: ADT Aesthetic Dentistry Today (aka com.magazinecloner.aestheticdentistry) application for Android
CVE-2014-7486 (The Mitsubishi Road Assist (aka com.agero.mitsubishi) application 1.0 ...)
	NOT-FOR-US: Mitsubishi Road Assist (aka com.agero.mitsubishi) application for Android
CVE-2014-7485 (The Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) ...)
	NOT-FOR-US: Not Lost Just Somewhere Else (aka it.tinytap.attsa.notlost) application for Android
CVE-2014-7484 (The Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) ...)
	NOT-FOR-US: Coca-Cola FM Guatemala (aka com.enyetech.radio.coca_cola.fm_gu) application for Android
CVE-2014-7483 (The Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) ...)
	NOT-FOR-US: Desire2Learn FUSION 2014 (aka com.desire2learn.fusion2012) application for Android
CVE-2014-7482
	REJECTED
CVE-2014-7481 (The ETG Hosting (aka com.etg.web.hosting) application 2.0 for Android ...)
	NOT-FOR-US: ETG Hosting (aka com.etg.web.hosting) application for Android
CVE-2014-7480
	REJECTED
CVE-2014-7479
	REJECTED
CVE-2014-7478 (The nashaplaneta.su (aka com.wNashaPlaneta) application 1.02 for ...)
	NOT-FOR-US: nashaplaneta.su (aka com.wNashaPlaneta) application for Android
CVE-2014-7477
	REJECTED
CVE-2014-7476 (The Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) ...)
	NOT-FOR-US: Healthy Lunch Diet Recipes (aka com.best.lunchdietrecipes) application for Android
CVE-2014-7475 (The Ionic View (aka com.ionic.viewapp) application 0.0.2 for Android ...)
	NOT-FOR-US: Ionic View (aka com.ionic.viewapp) application for Android
CVE-2014-7474
	REJECTED
CVE-2014-7473
	REJECTED
CVE-2014-7472 (The CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application ...)
	NOT-FOR-US: CSApp - Colegio San Agustin (aka com.goodbarber.csapp) application for Android
CVE-2014-7471 (The international-arbitration-attorney.com (aka ...)
	NOT-FOR-US: international-arbitration-attorney.com (aka com.w0f1d79a1010d819acbee876007d0bebc) application for Android
CVE-2014-7470 (The I Know the Movie (aka com.guilardi.jesaislefilm2) application ...)
	NOT-FOR-US: I Know the Movie (aka com.guilardi.jesaislefilm2) application for Android
CVE-2014-7469 (The Best Beginning (aka com.bbbeta) application 2.0 for Android does ...)
	NOT-FOR-US: Best Beginning (aka com.bbbeta) application for Android
CVE-2014-7468 (The AG Klettern Odenwald (aka de.appack.project.agko) application 1.2 ...)
	NOT-FOR-US: AG Klettern Odenwald (aka de.appack.project.agko) application for Android
CVE-2014-7467 (The HoneyBee Mag (aka com.magzter.honeybeemag) application 3.0 for ...)
	NOT-FOR-US: HoneyBee Mag (aka com.magzter.honeybeemag) application for Android
CVE-2014-7466 (The Live TV Browser (aka com.wHDSmartBrowser) application 2.0 for ...)
	NOT-FOR-US: Live TV Browser (aka com.wHDSmartBrowser) application for Android
CVE-2014-7465 (The PC Advisor (aka com.triactivemedia.pcadvisor) application ...)
	NOT-FOR-US: PC Advisor (aka com.triactivemedia.pcadvisor) application for Android
CVE-2014-7464 (The Magic Stamp (aka vn.avagame.apotatem) application 2.8 for Android ...)
	NOT-FOR-US: Magic Stamp (aka vn.avagame.apotatem) application for Android
CVE-2014-7463 (The IM5 Fans Planet (aka uk.co.pixelkicks.im5) application 2.3.1 for ...)
	NOT-FOR-US: IM5 Fans Planet (aka uk.co.pixelkicks.im5) application for Android
CVE-2014-7462 (The Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) ...)
	NOT-FOR-US: Fashion Story: Neon 90's (aka com.teamlava.fashionstory39) application for Android
CVE-2014-7461 (The A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application ...)
	NOT-FOR-US: A King Sperm by Dr. Seema Rao (aka com.wKingSperm) application for Android
CVE-2014-7460 (The Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) ...)
	NOT-FOR-US: Slots Heaven:FREE Slot Machine (aka com.twelvegigs.heaven.slots) application for Android
CVE-2014-7459 (The Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) ...)
	NOT-FOR-US: Press-Leader (aka com.soln.S95309F65AD59F99CFC2C710A517B0B7E) application for Android
CVE-2014-7458 (The BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) ...)
	NOT-FOR-US: BloomYou Valentine (aka com.bloomyouteam.bloomyou.valentine) application for Android
CVE-2014-7457 (The Electronics For You (aka com.magzter.electronicsforyou) ...)
	NOT-FOR-US: Electronics For You (aka com.magzter.electronicsforyou) application for Android
CVE-2014-7456 (The Digit Magazine (aka com.magzter.digitmagazine) application 3.01 ...)
	NOT-FOR-US: Digit Magazine (aka com.magzter.digitmagazine) application for Android
CVE-2014-7455 (The Zoella Unofficial (aka com.automon.ay.zoella) application 1.4.0.5 ...)
	NOT-FOR-US: Zoella Unofficial (aka com.automon.ay.zoella) application for Android
CVE-2014-7454 (The Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) ...)
	NOT-FOR-US: Detox Juicing Diet Recipes (aka com.wDetoxJuicingDietRecipes) application for Android
CVE-2014-7453
	REJECTED
CVE-2014-7452 (The Shaklee Product Catalog (aka com.wProductCatalog) application 2.0 ...)
	NOT-FOR-US: Shaklee Product Catalog (aka com.wProductCatalog) application for Android
CVE-2014-7451
	REJECTED
CVE-2014-7450 (The allnurses (aka com.tapatalk.allnursescom) application 3.4.10 for ...)
	NOT-FOR-US: allnurses (aka com.tapatalk.allnursescom) application for Android
CVE-2014-7449 (The My NGEMC Account (aka com.ngemc.smartapps) application 1.153.0034 ...)
	NOT-FOR-US: My NGEMC Account (aka com.ngemc.smartapps) application for Android
CVE-2014-7448 (The DealSide Institutional (aka com.magzter.dealsideinstitutional) ...)
	NOT-FOR-US: DealSide Institutional (aka com.magzter.dealsideinstitutional) application for Android
CVE-2014-7447 (The Dattch - The Lesbian App (aka com.dattch.dattch.app) application ...)
	NOT-FOR-US: Dattch - The Lesbian App (aka com.dattch.dattch.app) application for Android
CVE-2014-7446 (The Bilingual Magic Ball (aka com.wBilingualMagicBall) application 0.1 ...)
	NOT-FOR-US: Bilingual Magic Ball (aka com.wBilingualMagicBall) application for Android
CVE-2014-7445 (The LEGEND OF TRANCE (aka com.legendoftrance) application 1.0 for ...)
	NOT-FOR-US: LEGEND OF TRANCE (aka com.legendoftrance) application for Android
CVE-2014-7444 (The Baidu Navigation (aka com.baidu.navi) application 3.5.0 for ...)
	NOT-FOR-US: Baidu Navigation (aka com.baidu.navi) application for Android
CVE-2014-7443 (The Face Fun Photo Collage Maker 2 (aka ...)
	NOT-FOR-US: Face Fun Photo Collage Maker 2 (aka com.kauf.facefunphotocollagemaker2) application for Android
CVE-2014-7442
	REJECTED
CVE-2014-7441 (The Pakan Ken Tube (aka com.PakanKen) application 0.1 for Android does ...)
	NOT-FOR-US: Pakan Ken Tube (aka com.PakanKen) application for Android
CVE-2014-7440
	REJECTED
CVE-2014-7439 (The bene+ odmeny a slevy (aka cz.gemoney.bene.android) application ...)
	NOT-FOR-US: bene+ odmeny a slevy (aka cz.gemoney.bene.android) application for Android
CVE-2014-7438
	REJECTED
	NOT-FOR-US: pbm2l2030 printer driver
CVE-2014-7437 (The Love Horoscope Guide (aka com.charl.charlylovehoroscopes) ...)
	NOT-FOR-US: Love Horoscope Guide (aka com.charl.charlylovehoroscopes) application for Android
CVE-2014-7436 (The SOS recette (aka com.sos.recette) application 1.0 for Android does ...)
	NOT-FOR-US: SOS recette (aka com.sos.recette) application for Android
CVE-2014-7435 (The AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) ...)
	NOT-FOR-US: AJD Bail Bonds (aka com.onesolutionapps.ajdbailbondsandroid) application for Android
CVE-2014-7434 (The RTSinfo (aka ch.rts.rtsinfo) application 1.4.8 for Android does ...)
	NOT-FOR-US: RTSinfo (aka ch.rts.rtsinfo) application for Android
CVE-2014-7433 (The Student ID (aka com.computas.studentbevis) application 1.2 for ...)
	NOT-FOR-US: Student ID (aka com.computas.studentbevis) application for Android
CVE-2014-7432 (The CalculatorApp (aka com.intuit.alm.testandroidapp) application 4.0 ...)
	NOT-FOR-US: CalculatorApp (aka com.intuit.alm.testandroidapp) application for Android
CVE-2014-7431 (The Breeze Jersey (aka com.sc.breezeje.banking) application 1.0 for ...)
	NOT-FOR-US: Breeze Jersey (aka com.sc.breezeje.banking) application for Android
CVE-2014-7430 (The Flood-It (aka com.appspot.eoltek.flood) application 4.2 for ...)
	NOT-FOR-US: Flood-It (aka com.appspot.eoltek.flood) application for Android
CVE-2014-7429
	REJECTED
CVE-2014-7428 (The 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) ...)
	NOT-FOR-US: 7725.com Three Kingdoms (aka com.platform7725.youai.jiejian) application for Android
CVE-2014-7427 (The Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) ...)
	NOT-FOR-US: Hunting Trophy Whitetails (aka com.wHuntingTrophyWhitetails) application for Android
CVE-2014-7426
	REJECTED
CVE-2014-7425 (The Doodle Devil Free (aka com.joybits.doodledevil_free) application ...)
	NOT-FOR-US: Doodle Devil Free (aka com.joybits.doodledevil_free) application for Android
CVE-2014-7424 (The Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) ...)
	NOT-FOR-US: Quran Abu Bakr AshShatiri Free (aka com.wQuranAbuBakrFREE) application for Android
CVE-2014-7423 (The Youth Incorporated (aka com.magzter.youthincorporated) application ...)
	NOT-FOR-US: Youth Incorporated (aka com.magzter.youthincorporated) application for Android
CVE-2014-7422 (The HEA Mobile (aka com.homerelectric.smartapps) application ...)
	NOT-FOR-US: HEA Mobile (aka com.homerelectric.smartapps) application for Android
CVE-2014-7421 (The Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) ...)
	NOT-FOR-US: Revel in the Rideau Lakes (aka com.mytoursapp.android.app326) application for Android
CVE-2014-7420 (The Just Bureaucracy (aka com.magzter.justbureaucracy) application ...)
	NOT-FOR-US: Just Bureaucracy (aka com.magzter.justbureaucracy) application for Android
CVE-2014-7419 (The PokeCreator Lite (aka com.pokecreator.builderlite) application 1.1 ...)
	NOT-FOR-US: PokeCreator Lite (aka com.pokecreator.builderlite) application for Android
CVE-2014-7418 (The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application ...)
	NOT-FOR-US: BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application for Android
CVE-2014-7417 (The Real Academia de Bellas Artes (aka ...)
	NOT-FOR-US: Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application for Android
CVE-2014-7416 (The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) ...)
	NOT-FOR-US: Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application for Android
CVE-2014-7415 (The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for ...)
	NOT-FOR-US: Asylum! (aka com.nobexinc.wls_96362255.rc) application for Android
CVE-2014-7414 (The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for ...)
	NOT-FOR-US: CLEO Malaysia (aka com.magzter.cleomalaysia) application for Android
CVE-2014-7413 (The Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) ...)
	NOT-FOR-US: Rajendra Suriji (aka com.rajendrasuriji.nakodabhairav.com) application for Android
CVE-2014-7412
	REJECTED
CVE-2014-7411
	REJECTED
CVE-2014-7410 (The Aptallik Testi (aka com.wAptallikTesti) application 4.0 for ...)
	NOT-FOR-US: Aptallik Testi (aka com.wAptallikTesti) application for Android
CVE-2014-7409 (The Liburan Hemat (aka com.liburan.bro) application 1.0 for Android ...)
	NOT-FOR-US: Liburan Hemat (aka com.liburan.bro) application for Android
CVE-2014-7408 (The Gary Johnson for President '12 (aka com.GaryJohnson2012) ...)
	NOT-FOR-US: Gary Johnson for President '12 (aka com.GaryJohnson2012) application for Android
CVE-2014-7407 (The Game Day Tix (aka com.xcr.android.mygamedaytickets) application ...)
	NOT-FOR-US: Game Day Tix (aka com.xcr.android.mygamedaytickets) application for Android
CVE-2014-7406 (The Deakin University (aka ...)
	NOT-FOR-US: Deakin University (aka com.desire2learn.campuslife.deakin.edu.au.directory) application for Android
CVE-2014-7405 (The Belaire Family Orthodontics (aka com.app_bf.layout) application ...)
	NOT-FOR-US: Belaire Family Orthodontics (aka com.app_bf.layout) application for Android
CVE-2014-7404
	REJECTED
CVE-2014-7403 (The NZHondas.com (aka com.tapatalk.nzhondascom) application 3.6.14 for ...)
	NOT-FOR-US: NZHondas.com (aka com.tapatalk.nzhondascom) application for Android
CVE-2014-7400
	REJECTED
CVE-2014-7399 (The Suzanne Glathar (aka com.app_sglathar.layout) application 1.399 ...)
	NOT-FOR-US: Suzanne Glathar (aka com.app_sglathar.layout) application for Android
CVE-2014-7398 (The Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application 1.0 ...)
	NOT-FOR-US: Dil Bilgisi Kurallari (aka com.buronya.dilbilgisi) application for Android
CVE-2014-7397 (The ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application ...)
	NOT-FOR-US: ileri Gazetesi - Yozgat (aka com.byfes.ilerigazetesi) application for Android
CVE-2014-7396 (The PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application ...)
	NOT-FOR-US: PocketKnife Bravo Super (aka com.wPocketKnifeBravo) application for Android
CVE-2014-7395 (The USF BCM (aka com.appmakr.app193115) application 252847 for Android ...)
	NOT-FOR-US: USF BCM (aka com.appmakr.app193115) application for Android
CVE-2014-7394 (The www.alaaliwat.com (aka com.alaliwat.marsa) application 4.9 for ...)
	NOT-FOR-US: www.alaaliwat.com (aka com.alaliwat.marsa) application for Android
CVE-2014-7393 (The 100 Beauty Tips (aka com.ww100BeautyTipsApp) application 1.1 for ...)
	NOT-FOR-US: 100 Beauty Tips (aka com.ww100BeautyTipsApp) application for Android
CVE-2014-7392 (The Russian Federation Traffic Rules (aka com.russia.pdd) application ...)
	NOT-FOR-US: Russian Federation Traffic Rules (aka com.russia.pdd) application for Android
CVE-2014-7391 (The Synx addictive puzzle game (aka us.synx.mobile.play) application ...)
	NOT-FOR-US: Synx addictive puzzle game (aka us.synx.mobile.play) application for Android
CVE-2014-7390 (The Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) ...)
	NOT-FOR-US: Enchanted Fashion Crush (aka com.tabtale.springcrushbundleint) application for Android
CVE-2014-7389 (The Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application ...)
	NOT-FOR-US: Amnesia Groove (aka com.nobexinc.wls_88552576.rc) application for Android
CVE-2014-7388 (The Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) ...)
	NOT-FOR-US: Sunday Indian Oriya (aka com.magzter.thesundayindianoriya) application for Android
CVE-2014-7387 (The ACC Advocacy Action (aka com.acc.app.android.ui) application 2.0 ...)
	NOT-FOR-US: ACC Advocacy Action (aka com.acc.app.android.ui) application for Android
CVE-2014-7386
	REJECTED
CVE-2014-7385 (The Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) ...)
	NOT-FOR-US: Aperture Mobile Media (aka com.app_aperturemobilemedia.layout) application for Android
CVE-2014-7384 (The Joe's Lawn Service (aka com.appexpress.joeslawnservice) ...)
	NOT-FOR-US: Joe's Lawn Service (aka com.appexpress.joeslawnservice) application for Android
CVE-2014-7383
	REJECTED
CVE-2014-7382 (The Alternative Connection (aka com.wAlternativeConnection) ...)
	NOT-FOR-US: Alternative Connection (aka com.wAlternativeConnection) application for Android
CVE-2014-7381
	REJECTED
CVE-2014-7380 (The Cedar Kiosk (aka com.apps2you.cedarkiosk) application 1.1 for ...)
	NOT-FOR-US: Cedar Kiosk (aka com.apps2you.cedarkiosk) application for Android
CVE-2014-7379 (The Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) ...)
	NOT-FOR-US: Kiddie Kinderschoenen (aka nl.eigenwinkelapp.kiddiekinderschoenen) application for Android
CVE-2014-7378 (The Jobranco (aka com.jobranco) application 1.1 for Android does not ...)
	NOT-FOR-US: Jobranco (aka com.jobranco) application for Android
CVE-2014-7377
	REJECTED
CVE-2014-7376 (The Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) ...)
	NOT-FOR-US: Facebook Profits on Steroids (aka com.wFacebookProfitsonSteroids) application for Android
CVE-2014-7375 (The Childcare (aka com.app_macchildcare.layout) application 1.399 for ...)
	NOT-FOR-US: Childcare (aka com.app_macchildcare.layout) application for Android
CVE-2014-7374 (The SPIN - Motion Comic (aka me.narr8.android.serial.spin) application ...)
	NOT-FOR-US: SPIN - Motion Comic (aka me.narr8.android.serial.spin) application for Android
CVE-2014-7373 (The Inspire Weddings (aka com.magzter.inspireweddings) application 3.0 ...)
	NOT-FOR-US: Inspire Weddings (aka com.magzter.inspireweddings) application for Android
CVE-2014-7372 (The Mr.Sausage (aka com.app_mrsausage.layout) application 1.301 for ...)
	NOT-FOR-US: Mr.Sausage (aka com.app_mrsausage.layout) application for Android
CVE-2014-7371 (The Magic Balloonman Marty Boone (aka com.app_martyboone.layout) ...)
	NOT-FOR-US: Magic Balloonman Marty Boone (aka com.app_martyboone.layout) application for Android
CVE-2014-7370 (The Job MoBleeps (aka com.wJobMoBleeps) application 0.1 for Android ...)
	NOT-FOR-US: Job MoBleeps (aka com.wJobMoBleeps) application for Android
CVE-2014-7369 (The Il Brillo Parlante (aka com.wIlBrilloParlante) application 0.1 for ...)
	NOT-FOR-US: Il Brillo Parlante (aka com.wIlBrilloParlante) application for Android
CVE-2014-7368 (The Compassion Satisfaction (aka ...)
	NOT-FOR-US: Compassion Satisfaction (aka com.wCompassionSatisfactionWorkshopPresentation) application for Android
CVE-2014-7367 (The TuS 1947 Radis (aka com.tus1947radis) application 1.0 for Android ...)
	NOT-FOR-US: TuS 1947 Radis (aka com.tus1947radis) application for Android
CVE-2014-7366 (The Identity (aka com.magzter.identity) application 3.01 for Android ...)
	NOT-FOR-US: Identity (aka com.magzter.identity) application for Android
CVE-2014-7365
	REJECTED
CVE-2014-7364 (The Promotional Items (aka com.wPromotionalItems) application 0.1 for ...)
	NOT-FOR-US: Promotional Items (aka com.wPromotionalItems) application for Android
CVE-2014-7363
	REJECTED
CVE-2014-7362 (The Naranjas Con Tocados (aka com.NaranjasConTocados.com) application ...)
	NOT-FOR-US: Naranjas Con Tocados (aka com.NaranjasConTocados.com) application for Android
CVE-2014-7361 (The Harry's Pub (aka com.emunching.harryspub) application 1.0.0 for ...)
	NOT-FOR-US: Harry's Pub (aka com.emunching.harryspub) application for Android
CVE-2014-7360 (The How To Boil Eggs (aka com.appmakr.app842173) application 251333 ...)
	NOT-FOR-US: How To Boil Eggs (aka com.appmakr.app842173) application for Android
CVE-2014-7359 (The MAPA DA MINA (aka com.wMAPADAMINA) application 0.1 for Android ...)
	NOT-FOR-US: MAPA DA MINA (aka com.wMAPADAMINA) application for Android
CVE-2014-7358 (The Vermont Powder (aka com.concursive.vermontpowder) application 4.1 ...)
	NOT-FOR-US: Vermont Powder (aka com.concursive.vermontpowder) application for Android
CVE-2014-7357 (The Grandparenting is Great (aka com.app_gig.layout) application 1.400 ...)
	NOT-FOR-US: Grandparenting is Great (aka com.app_gig.layout) application for Android
CVE-2014-7356
	REJECTED
CVE-2014-7355
	REJECTED
CVE-2014-7354 (The Penumbra eMag (aka com.magzter.penumbraemag) application 3.0 for ...)
	NOT-FOR-US: Penumbra eMag (aka com.magzter.penumbraemag) application for Android
CVE-2014-7353 (The JAZAN 24 (aka com.jazan24.Mcreda) application 1.0 for Android does ...)
	NOT-FOR-US: JAZAN 24 (aka com.jazan24.Mcreda) application for Android
CVE-2014-7352 (The India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) ...)
	NOT-FOR-US: India's Anthem (aka appinventor.ai_opalfoxy83.India_Anthem) application for Android
CVE-2014-7351 (The GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) ...)
	NOT-FOR-US: GLOBAL MOVIE MAGAZINE (aka com.magzter.globalmoviemagazine) application for Android
CVE-2014-7350
	REJECTED
CVE-2014-7349
	REJECTED
CVE-2014-7348 (The HOT CARS (aka com.magzter.hotcars) application 3.0 for Android ...)
	NOT-FOR-US: HOT CARS (aka com.magzter.hotcars) application for Android
CVE-2014-7347
	REJECTED
CVE-2014-7346 (The Bespoke (aka com.magzter.bespoke) application 3.0 for Android does ...)
	NOT-FOR-US: Bespoke (aka com.magzter.bespoke) application for Android
CVE-2014-7345 (The DIYChatroom (aka com.tapatalk.diychatroomcom) application 3.4.0 ...)
	NOT-FOR-US: DIYChatroom (aka com.tapatalk.diychatroomcom) application for Android
CVE-2014-7344 (The Classic Arms &amp; Militaria (aka com.magazinecloner.classicarmsandm) ...)
	NOT-FOR-US: Classic Arms & Militaria (aka com.magazinecloner.classicarmsandm) application for Android
CVE-2014-7343
	REJECTED
CVE-2014-7342 (The Echo News (aka com.solo.report) 1.10 application (beta) for ...)
	NOT-FOR-US: Echo News (aka com.solo.report) 1.10 application for Android
CVE-2014-7341 (The SAsync (aka com.sasync.sasyncmap) application 1.2.0 for Android ...)
	NOT-FOR-US: SAsync (aka com.sasync.sasyncmap) application for Android
CVE-2014-7340 (The Old Bike Mart (aka com.magazinecloner.oldbike) application ...)
	NOT-FOR-US: Old Bike Mart (aka com.magazinecloner.oldbike) application for Android
CVE-2014-7339 (The Cuanto Conoces A un Amigo (aka ...)
	NOT-FOR-US: Cuanto Conoces A un Amigo (aka com.makeitpossible.CuantoConocesAunAmigo) application for Android
CVE-2014-7338 (The faailkhair (aka com.faailkhair.app) application 1.0 for Android ...)
	NOT-FOR-US: faailkhair (aka com.faailkhair.app) application for Android
CVE-2014-7337 (The Acorn Estate Agents (aka com.acorn.ea) application 3.1 for Android ...)
	NOT-FOR-US: Acorn Estate Agents (aka com.acorn.ea) application for Android
CVE-2014-7336 (The Taking Your Company Public (aka ...)
	NOT-FOR-US: Taking Your Company Public (aka biz.app4mobile.app_016e43d03ee54d1facd6c9532a00e724.app) application for Android
CVE-2014-7335 (The Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application ...)
	NOT-FOR-US: Liver Health - Hepatitis C (aka gov.nyc.dohmh.HepC) application for Android
CVE-2014-7334 (The Where Dallas (aka com.magzter.wheredallas) application 3.0.2 for ...)
	NOT-FOR-US: Where Dallas (aka com.magzter.wheredallas) application for Android
CVE-2014-7333 (The Aloha Guide (aka com.aloha.guide.japnese) application 1.3 for ...)
	NOT-FOR-US: Aloha Guide (aka com.aloha.guide.japnese) application for Android
CVE-2014-7332
	REJECTED
CVE-2014-7331 (The TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application ...)
	NOT-FOR-US: TodaysSeniorsNetwork (aka com.wTodaysSeniorsNetwork) application for Android
CVE-2014-7330 (The XtendCU Mobile (aka com.metova.cuae.xtend) application 1.0.28 for ...)
	NOT-FOR-US: XtendCU Mobile (aka com.metova.cuae.xtend) application for Android
CVE-2014-7329 (The Motoring Classics (aka com.aptusi.android.motoring) application ...)
	NOT-FOR-US: Motoring Classics (aka com.aptusi.android.motoring) application for Android
CVE-2014-7328 (The brain abundance info (aka com.wbrainabundance) application 0.1 for ...)
	NOT-FOR-US: brain abundance info (aka com.wbrainabundance) application for Android
CVE-2014-7327 (The Macau Business (aka com.magzter.macaubusiness) application 3.0 for ...)
	NOT-FOR-US: Macau Business (aka com.magzter.macaubusiness) application for Android
CVE-2014-7326 (The ETA Mobile (aka com.en2grate.etamobile) application 1.6.6 for ...)
	NOT-FOR-US: ETA Mobile (aka com.en2grate.etamobile) application for Android
CVE-2014-7325 (The Business Intelligence (aka com.magzter.businessintelligence) ...)
	NOT-FOR-US: Business Intelligence (aka com.magzter.businessintelligence) application for Android
CVE-2014-7324
	REJECTED
CVE-2014-7323 (The Dignity Dialogue (aka com.magzter.dignitydialogue) application 3.0 ...)
	NOT-FOR-US: Dignity Dialogue (aka com.magzter.dignitydialogue) application for Android
CVE-2014-7322
	REJECTED
CVE-2014-7321 (The Firenze map (aka com.wFirenzemap) application 0.1 for Android does ...)
	NOT-FOR-US: Firenze map (aka com.wFirenzemap) application for Android
CVE-2014-7320 (The SHIRAKABA (aka com.SHIRAKABA) application 1.0 for Android does not ...)
	NOT-FOR-US: SHIRAKABA (aka com.SHIRAKABA) application for Android
CVE-2014-7319
	REJECTED
CVE-2014-7318
	REJECTED
CVE-2014-7317 (The Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) ...)
	NOT-FOR-US: Aloha Bail Bonds (aka com.onesolutionapps.alohabailbondsandroid) application for Android
CVE-2014-7316 (The Safe Arrival (aka com.synrevoice.safearrival) application 1.2 for ...)
	NOT-FOR-US: Safe Arrival (aka com.synrevoice.safearrival) application for Android
CVE-2014-7315 (The Where Atlanta (aka com.magzter.whereatlanta) application 3.0.2 for ...)
	NOT-FOR-US: Where Atlanta (aka com.magzter.whereatlanta) application for Android
CVE-2014-7314 (The Intelligent SME (aka com.magzter.intelligentsme) application 3.0 ...)
	NOT-FOR-US: Intelligent SME (aka com.magzter.intelligentsme) application for Android
CVE-2014-7313 (The One You Fitness (aka com.app_oneyou.layout) application 1.399 for ...)
	NOT-FOR-US: One You Fitness (aka com.app_oneyou.layout) application for Android
CVE-2014-7312
	REJECTED
CVE-2014-7311
	REJECTED
CVE-2014-7310 (The Ali Visual (aka com.ali.visual) application 1.0 for Android does ...)
	NOT-FOR-US: Ali Visual (aka com.ali.visual) application for Android
CVE-2014-7309 (The Where2Stop-Cardlocks-Free (aka ...)
	NOT-FOR-US: Where2Stop-Cardlocks-Free (aka appinventor.ai_kidatheart99.Where2Stop_Cardlocks) application for Android
CVE-2014-7308
	REJECTED
CVE-2014-7307 (The ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) ...)
	NOT-FOR-US: ForoSocuellamos (aka com.forosocuellamos.tlcttbeukajwpeqreg) application for Android
CVE-2014-7306
	RESERVED
CVE-2014-7305
	RESERVED
CVE-2014-7304
	RESERVED
CVE-2014-7303
	RESERVED
CVE-2014-7302
	RESERVED
CVE-2014-7301
	RESERVED
CVE-2014-7299 (Unspecified vulnerability in administrative interfaces in ArubaOS ...)
	NOT-FOR-US: Aruba ArubaOS
CVE-2014-7298 (adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify ...)
	NOT-FOR-US: Centrify
CVE-2014-7297 (Unspecified vulnerability in the folder framework in the Enfold theme ...)
	NOT-FOR-US: folder framework in the Enfold theme for WordPress
CVE-2014-7296 (The default configuration in the accessibility engine in SpagoBI 5.0.0 ...)
	NOT-FOR-US: Spago
CVE-2014-7294 (Open redirect vulnerability in the logon page in NYU OpenSSO ...)
	NOT-FOR-US: Ex Libris Patron Directory Services
CVE-2014-7293 (Cross-site scripting (XSS) vulnerability in the logon page in NYU ...)
	NOT-FOR-US: NYU OpenSSO Integration for Ex Libris Patron Directory Services
CVE-2014-7292 (Open redirect vulnerability in the Click-Through feature in ...)
	NOT-FOR-US: Newtelligence dasBlog
CVE-2014-7291 (Multiple cross-site scripting (XSS) vulnerabilities in api_events.php ...)
	NOT-FOR-US: Springshare LibCal
CVE-2014-7290 (Multiple cross-site scripting (XSS) vulnerabilities in Atlas Systems ...)
	NOT-FOR-US: Atlas Systems Aeon
CVE-2014-7289 (SQL injection vulnerability in the management server in Symantec ...)
	NOT-FOR-US: Symantec Data Center Security
CVE-2014-7288 (Symantec PGP Universal Server and Encryption Management Server before ...)
	NOT-FOR-US: Symantec Encryption Management Server
CVE-2014-7287 (The key-management component in Symantec PGP Universal Server and ...)
	NOT-FOR-US: Symantec
CVE-2014-7286 (Buffer overflow in AClient in Symantec Deployment Solution 6.9 and ...)
	NOT-FOR-US: Symantec Deployment Solution
CVE-2014-7285 (The management console on the Symantec Web Gateway (SWG) appliance ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-7282
	RESERVED
CVE-2014-7281 (Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda ...)
	NOT-FOR-US: Tenda A32 Router
CVE-2014-7280 (Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 ...)
	NOT-FOR-US: Nessus Web UI
CVE-2014-7279 (The Konke Smart Plug K does not require authentication for TELNET ...)
	NOT-FOR-US: Konke Smart Plug K
CVE-2014-7284 (The net_get_random_once implementation in net/core/utils.c in the ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.13)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.13)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3d4405226d27b3a215e4d03cfa51f536244e5de7 (v3.15-rc7)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a48e42920ff38bc90bbf75143fff4555723d4540
	NOTE: http://secondlookforensics.com/ngro-linux-kernel-bug/
CVE-2014-7283 (The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.10 upstream)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.10 upstream)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c88547a8119e3b581318ab65e9b72f27f23e641d (v3.15-rc1)
	NOTE: http://marc.info/?l=linux-xfs&m=139590613002926&w=2
	NOTE: Reproducer: http://oss.sgi.com/cgi-bin/gitweb.cgi?p=xfs/cmds/xfstests.git;a=commitdiff;h=947ee8bd4b59770534297572b14c695e9c6e001e
CVE-2014-7295 (The (1) Special:Preferences and (2) Special:UserLogin pages in ...)
	{DSA-3046-1}
	- mediawiki 1:1.19.20+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-October/000163.html
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=70672
CVE-2014-7278 (The login page on the ZyXEL SBG-3300 Security Gateway with firmware ...)
	NOT-FOR-US: ZyXEL
CVE-2014-7277 (Cross-site scripting (XSS) vulnerability in the login page on the ...)
	NOT-FOR-US: ZyXEL
CVE-2014-7276
	RESERVED
CVE-2014-7275 (The POP3-over-SSL implementation in getmail 4.0.0 through 4.44.0 does ...)
	{DSA-3091-1 DLA-106-1}
	- getmail4 4.46.0-1 (bug #766670)
CVE-2014-7274 (The IMAP-over-SSL implementation in getmail 4.44.0 does not verify ...)
	{DSA-3091-1 DLA-106-1}
	- getmail4 4.46.0-1 (bug #766670)
CVE-2014-7273 (The IMAP-over-SSL implementation in getmail 4.0.0 through 4.43.0 does ...)
	{DSA-3091-1 DLA-106-1}
	- getmail4 4.44.0-1 (bug #766670)
CVE-2014-7272 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...)
	[experimental] - sddm 0.11.0-1
	- sddm 0.11.0-2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
CVE-2014-7271 (Simple Desktop Display Manager (SDDM) before 0.10.0 allows local users ...)
	[experimental] - sddm 0.11.0-1
	- sddm 0.11.0-2
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=897788
CVE-2014-7270 (Cross-site request forgery (CSRF) vulnerability on ASUS JAPAN RT-AC87U ...)
	NOT-FOR-US: ASUS routers
CVE-2014-7269 (ASUS JAPAN RT-AC87U routers with firmware 3.0.0.4.378.3754 and ...)
	NOT-FOR-US: ASUS routers
CVE-2014-7268 (Cross-site scripting (XSS) vulnerability in the data-export feature in ...)
	NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7267 (Cross-site scripting (XSS) vulnerability in the output-page generator ...)
	NOT-FOR-US: Ricksoft WBS Gantt-Chart add-on for JIRA
CVE-2014-7266 (Algorithmic complexity vulnerability in Cybozu Remote Service Manager ...)
	NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-7265 (Cross-site scripting (XSS) vulnerability in LinPHA allows remote ...)
	NOT-FOR-US: LinPHA
CVE-2014-7264 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- chyrp <itp> (bug #664739)
CVE-2014-7263 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7262 (Cross-site scripting (XSS) vulnerability in the Omake BBS component in ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7261 (Cross-site scripting (XSS) vulnerability in ULTRAPOP.JP i-HTTPD allows ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7260 (The Server Side Includes (SSI) implementation in the File Upload BBS ...)
	NOT-FOR-US: ULTRAPOP.JP i-HTTPD
CVE-2014-7259 (SQUARE ENIX Co., Ltd. Kaku-San-Sei Million Arthur before 2.25 for ...)
	NOT-FOR-US: SQUARE ENIX
CVE-2014-7258 (Cross-site scripting (XSS) vulnerability in KENT-WEB Clip Board 2.91 ...)
	NOT-FOR-US: KENT-WEB CLip Board
CVE-2014-7257
	RESERVED
CVE-2014-7256 (The (1) PPP Access Concentrator (PPPAC) and (2) Dial-Up Networking ...)
	NOT-FOR-US: SEIL Routers
CVE-2014-7255 (Internet Initiative Japan Inc. SEIL Series routers SEIL/X1 2.50 ...)
	NOT-FOR-US: SEIL Routers
CVE-2014-7254 (Unspecified vulnerability in ARROWS Me F-11D allows physically ...)
	NOT-FOR-US: Arrows Me
CVE-2014-7253 (FUJITSU F-12C, ARROWS Tab LTE F-01D, ARROWS Kiss F-03D, and REGZA ...)
	NOT-FOR-US: ARROWS
CVE-2014-7252 (Multiple unspecified vulnerabilities in the Syslink driver for Texas ...)
	NOT-FOR-US: ARROWS
CVE-2014-7251 (XML external entity (XXE) vulnerability in the WebHMI server in ...)
	NOT-FOR-US: Yokogawa
CVE-2014-7250 (The TCP stack in 4.3BSD Net/2, as used in FreeBSD 5.4, NetBSD possibly ...)
	- kfreebsd-8 <undetermined>
	[wheezy] - kfreebsd-8 <end-of-life> (Not supported in wheezy LTS)
	- kfreebsd-9 <undetermined>
	[wheezy] - kfreebsd-9 <end-of-life> (Not supported in wheezy LTS)
	- kfreebsd-10 <undetermined> (bug #778367)
CVE-2014-7249 (Buffer overflow on the Allied Telesis AR440S, AR441S, AR442S, AR745, ...)
	NOT-FOR-US: Allied Telesis
CVE-2014-7248 (Cross-site scripting (XSS) vulnerability in IPA iLogScanner 4.0 allows ...)
	NOT-FOR-US: IPA iLogScanner
CVE-2014-7247 (Unspecified vulnerability in JustSystems Ichitaro 2008 through 2011; ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2014-7246 (The Core Server in OpenAM 9.5.3 through 9.5.5, 10.0.0 through 10.0.2, ...)
	NOT-FOR-US: OpenAM (SSO Server)
	NOTE: This is not the openam answering machine.
CVE-2014-7245
	REJECTED
CVE-2014-7244
	REJECTED
CVE-2014-7243 (LG Electronics Mobile WiFi router L-09C, L-03E, and L-04D does not ...)
	NOT-FOR-US: LG Routers
CVE-2014-7242 (The SumaHo application 3.0.0 and earlier for Android and the SumaHo ...)
	NOT-FOR-US: SumaHo (applications for Android)
CVE-2014-7241 (The TSUTAYA application 5.3 and earlier for Android allows remote ...)
	NOT-FOR-US: TSUTAYA application for Android
CVE-2014-7240 (Cross-site scripting (XSS) vulnerability in the Easy Contact Form ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-7239
	RESERVED
CVE-2014-7238
	RESERVED
CVE-2014-7237 (lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on ...)
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7237
CVE-2014-7236
	RESERVED
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2014-7236
CVE-2014-7235 (htdocs_ari/includes/login.php in the ARI Framework module/Asterisk ...)
	NOT-FOR-US: FreePBX
CVE-2014-7234
	REJECTED
CVE-2014-7233 (GE Healthcare Precision THUNIS-800+ has a default password of (1) 1973 ...)
	NOT-FOR-US: GE Healthcare Precision THUNIS-800+
CVE-2014-7232 (GE Healthcare Discovery XR656 and XR656 G2 has a password of (1) ...)
	NOT-FOR-US: GE Healthcare Discovery XR656 and XR656 G2
CVE-2014-7229 (Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x ...)
	NOT-FOR-US: Joomla
CVE-2014-7228 (Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, ...)
	NOT-FOR-US: Joomla
CVE-2014-7227
	REJECTED
CVE-2014-7226 (The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and ...)
	NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-7225
	RESERVED
CVE-2014-7224
	RESERVED
	NOT-FOR-US: Android addJavascriptInterface
CVE-2014-7223
	RESERVED
CVE-2014-7222 (Buffer overflow in TeamSpeak Client 3.0.14 and earlier allows remote ...)
	- teamspeak-client <removed>
	[wheezy] - teamspeak-client <end-of-life> (non-free is not supported)
CVE-2014-7221 (TeamSpeak Client 3.0.14 and earlier allows remote authenticated users ...)
	- teamspeak-client <removed>
	[wheezy] - teamspeak-client <end-of-life> (non-free is not supported)
CVE-2014-7220
	RESERVED
CVE-2014-7219
	RESERVED
CVE-2014-7218
	RESERVED
CVE-2014-7217 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:4.2.9.1-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-11.php
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-7216 (Multiple stack-based buffer overflows in Yahoo! Messenger 11.5.0.228 ...)
	NOT-FOR-US: Yahoo
CVE-2014-7215
	REJECTED
CVE-2014-7214
	REJECTED
CVE-2014-7213
	REJECTED
CVE-2014-7212
	REJECTED
CVE-2014-7211
	REJECTED
CVE-2014-7210 [pdns in Debian creates too privileged MySQL user]
	RESERVED
	{DLA-492-1}
	- pdns 3.3.1-1
	[squeeze] - pdns <not-affected> (Vulnerabile code not present)
	NOTE: Debian packaging specific.
CVE-2014-7209 (run-mailcap in the Debian mime-support package before 3.52-1+deb7u1 ...)
	{DSA-3114-1 DLA-125-1}
	- mime-support 3.58
CVE-2014-7208 (GParted before 0.15.0 allows local users to execute arbitrary commands ...)
	- gparted 0.16.1-1
	[wheezy] - gparted <no-dsa> (Minor issue)
	[squeeze] - gparted <no-dsa> (Minor issue)
CVE-2014-7207 (A certain Debian patch to the IPv6 implementation in the Linux kernel ...)
	{DSA-3060-1}
	- linux <not-affected> (Issue specific to 3.2.x)
	NOTE: In 3.2.x introduced with https://git.kernel.org/cgit/linux/kernel/git/bwh/linux-3.2.y.git/commit/?h=linux-3.2.y&id=64b5c251d5b2cee4a0f697bfb90d79263f6dd517
	NOTE: which is a backport of https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=73f156a6e8c1074ac6327e0abd1169e95eb66463 (v3.16-rc1)
	NOTE: The missing commit for the 3.2.x branch was applied already earlier (before v3.16) mainline:
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=916e4cf46d0204806c062c8c6c4d1f633852c5b6 (v3.14-rc6)
	NOTE: http://bugs.debian.org/766195
	- linux-2.6 <not-affected> (Issue specific to 3.2.x)
CVE-2014-7206 (The changelog command in Apt before 1.0.9.2 allows local users to ...)
	{DSA-3048-1}
	- apt 1.0.9.2 (bug #763780)
	[squeeze] - apt <not-affected> (apt changelog command and vulnerable code not present)
	NOTE: mitigated by Linux kernel features in wheezy and up
CVE-2013-7405 (The Ad Hoc Reporting feature in GE Healthcare Centricity DMS 4.2 has a ...)
	NOT-FOR-US: GE Healthcare Centricity DMS
CVE-2013-7404 (GE Healthcare Discovery NM 750b has a password of 2getin for the ...)
	NOT-FOR-US: GE Healthcare Discovery NM 750b
CVE-2012-6662 (Cross-site scripting (XSS) vulnerability in the default content option ...)
	- jqueryui 1.10.1+dfsg-1
	[wheezy] - jqueryui <not-affected> (ui.tooltip not yet present)
	[squeeze] - jqueryui <not-affected> (code not present)
	NOTE: http://bugs.jqueryui.com/ticket/8861
	NOTE: https://github.com/jquery/jquery-ui/commit/f2854408cce7e4b7fc6bf8676761904af9c96bde
CVE-2012-6661 (Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta ...)
	- zope2.12 2.12.26-1
	- zope2.13 <not-affected> (Fixed before initial upload in upstream version 2.13.19)
	NOTE: CVE SPLIT from CVE-2012-5508
CVE-2012-6660 (GE Healthcare Precision MPi has a password of (1) orion for the ...)
	NOT-FOR-US: GE Healthcare Precision MPi
CVE-2011-5374
	RESERVED
CVE-2010-5310 (The Acquisition Workstation for the GE Healthcare Revolution XQ/i has ...)
	NOT-FOR-US: GE Healthcare Revolution XQ/i
CVE-2010-5309 (GE Healthcare CADStream Server has a default password of confirma for ...)
	NOT-FOR-US: GE Healthcare CADStream Server
CVE-2010-5308 (GE Healthcare Optima MR360 does not require authentication for the ...)
	NOT-FOR-US: GE Healthcare Optima MR360
CVE-2010-5307 (The HIPAA configuration interface in GE Healthcare Optima MR360 has a ...)
	NOT-FOR-US: GE Healthcare Optima MR360
CVE-2010-5306 (GE Healthcare Optima CT680, CT540, CT640, and CT520 has a default ...)
	NOT-FOR-US: GE Healthcare Optima
CVE-2009-5143 (GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) ...)
	NOT-FOR-US: GE Healthcare Discovery 530C
CVE-2007-6757 (GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of ...)
	NOT-FOR-US: GE Healthcare Centricity DMS
CVE-2006-7253 (GE Healthcare Infinia II has a default password of (1) infinia for the ...)
	NOT-FOR-US: GE Healthcare Infinia II
CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet ...)
	NOT-FOR-US: GE Healthcare Centricity Image Vault
CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...)
	NOT-FOR-US: GE Healthcare Discovery VH
CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1594 (GE Healthcare eNTEGRA P&amp;R has a password of (1) entegra for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1254 (crypto/rsa/rsa_gen.c in OpenSSL before 0.9.6 mishandles C ...)
	- openssl 0.9.6-1
	NOTE: https://git.openssl.org/?p=openssl.git;a=commit;h=db82b8f9bd432a59aea8e1014694e15fc457c2bb
CVE-2000-1253
	RESERVED
CVE-2014-7300 (GNOME Shell 3.14.x before 3.14.1, when the Screen Lock feature is ...)
	- gnome-shell 3.14.1-1 (low)
	[wheezy] - gnome-shell <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=737456
	NOTE: PrtSc is an unauthenticated request that's available to untrusted
	NOTE: parties. A series of requests can consume a large amount of memory.
	NOTE: The combination of this PrtSc behavior and the existence of the
	NOTE: oom-killer allows authentication bypass for command execution.
	NOTE: Therefore, the product must limit the aggregate memory consumption of
	NOTE: all active requests, and the lack of this limit is a vulnerability.
CVE-2014-7231 (The strutils.mask_password function in the OpenStack Oslo utility ...)
	- python-oslo.utils 0.2.0-1
	NOTE: https://launchpad.net/bugs/1345233
	NOTE: https://review.openstack.org/gitweb?p=openstack%2Foslo.utils.git;a=commitdiff;h=e0425691d90bce0bbe847a9ff49468ce0fab5486
CVE-2014-7230 (The processutils.execute function in OpenStack oslo-incubator, Cinder, ...)
	- cinder 2014.1.3-4 (low; bug #765704)
	- nova 2014.1.3-5 (low; bug #765714)
	[wheezy] - nova <no-dsa> (Minor issue)
	- openstack-trove 2014.1.3-1 (low)
	NOTE: https://launchpad.net/bugs/1343604
CVE-2014-7205 (Eval injection vulnerability in the internals.batch function in ...)
	NOTE: https://nodesecurity.io/advisories/bassmaster_js_injection
	NOT-FOR-US: node.js package bassmaster
CVE-2014-7201 (Multiple SQL injection vulnerabilities in the search function in ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2014-7200 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2014-7198
	RESERVED
CVE-2014-7197
	RESERVED
CVE-2014-7196
	REJECTED
CVE-2014-7195 (Spotfire Web Player Engine in TIBCO Spotfire Web Player 6.0.x before ...)
	NOT-FOR-US: Spotfire Web Player
CVE-2014-7194 (TIBCO Managed File Transfer Internet Server before 7.2.4, Managed File ...)
	NOT-FOR-US: TIBCO
CVE-2014-7193 (The Crumb plugin before 3.0.0 for Node.js does not properly restrict ...)
	NOT-FOR-US: Crumb
CVE-2014-7192 (Eval injection vulnerability in index.js in the syntax-error package ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773623)
	NOTE: libv8 not covered by security support
CVE-2014-7191 (The qs module before 1.0.0 in Node.js does not call the compact ...)
	- node-qs 2.2.4-1
	NOTE: https://github.com/raymondfeng/node-querystring/commit/43a604b7847e56bba49d0ce3e222fe89569354d8
	NOTE: https://nodesecurity.io/advisories/qs_dos_memory_exhaustion
CVE-2014-7188 (The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7184
	RESERVED
CVE-2014-7183 (Multiple cross-site scripting (XSS) vulnerabilities in the search.php ...)
	NOT-FOR-US: LifeCart
CVE-2014-7182 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Google ...)
	NOT-FOR-US: WP Google Maps plugin for WordPress
CVE-2014-7181 (Cross-site scripting (XSS) vulnerability in the Max Foundry MaxButtons ...)
	NOT-FOR-US: Max Foundry MaxButtons plugin for WordPress
CVE-2014-7180 (Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 ...)
	NOT-FOR-US: ElectricCommander
CVE-2014-7179
	RESERVED
CVE-2014-7178 (Enalean Tuleap before 7.5.99.6 allows remote attackers to execute ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-7177 (XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-7176 (SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote ...)
	NOT-FOR-US: Enalean Tuleap
CVE-2014-7175
	RESERVED
CVE-2014-7174
	RESERVED
CVE-2014-7173
	RESERVED
CVE-2014-7172
	RESERVED
CVE-2014-7171
	RESERVED
CVE-2014-7170 (Race condition in Puppet Server 0.2.0 allows local users to obtain ...)
	NOT-FOR-US: Puppet Server (replacement for puppetmaster)
CVE-2014-7204 (jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a ...)
	{DSA-3042-1 DLA-69-1}
	- exuberant-ctags 1:5.9~svn20110310-8 (bug #742605)
	NOTE: http://sourceforge.net/p/ctags/code/791/
CVE-2014-7203 (libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces ...)
	- zeromq <not-affected> (Vulnerable code not present, only zmq 4.x onwards)
	- zeromq3 4.0.5+dfsg-1
	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1191
CVE-2014-7202 (stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 ...)
	- zeromq <not-affected> (Vulnerable code not present, only zmq 4.x onwards)
	- zeromq3 4.0.5+dfsg-1
	NOTE: Code commit: https://github.com/zeromq/libzmq/issues/1190
CVE-2014-7190 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Openfiler
CVE-2014-7189 (crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is ...)
	- golang 2:1.3.2-1
	[wheezy] - golang <not-affected> (Vulnerable code not present, only Go 1.1 onwards)
	NOTE: https://groups.google.com/forum/#!msg/golang-nuts/eeOHNw_shwU/OHALUmroA5kJ
	NOTE: https://code.google.com/p/go/source/detail?r=eae0457c101512f59296538f0162749eba325892&name=release-branch.go1.3
CVE-2014-7187 (Off-by-one error in the read_token_word function in parse.y in GNU ...)
	{DSA-3035-1 DLA-63-1}
	- bash 4.3-9.2
CVE-2014-7186 (The redirection implementation in parse.y in GNU Bash through 4.3 ...)
	{DSA-3035-1 DLA-63-1}
	- bash 4.3-9.2
CVE-2014-7185 (Integer overflow in bufferobject.c in Python before 2.7.8 allows ...)
	- python2.5 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.8-1 (low; bug #763848)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue21831
	NOTE: Upstream fix http://hg.python.org/cpython/rev/8d963c7db507
CVE-2014-7168
	RESERVED
CVE-2014-7167
	RESERVED
CVE-2014-7166
	RESERVED
CVE-2014-7165
	RESERVED
CVE-2014-7164
	RESERVED
CVE-2014-7163
	RESERVED
CVE-2014-7162
	RESERVED
CVE-2014-7161
	RESERVED
CVE-2014-7160
	RESERVED
CVE-2014-7159
	RESERVED
CVE-2014-7158 (Cross-site request forgery (CSRF) vulnerability in Exinda WAN ...)
	NOT-FOR-US: Exinda WAN Optimization Suite
CVE-2014-7157 (Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization ...)
	NOT-FOR-US: Exinda WAN Optimization Suite
CVE-2014-7153 (SQL injection vulnerability in the editgallery function in ...)
	NOT-FOR-US: WordPress plugin Huge-IT Image Gallery
CVE-2014-XXXX [cyassl: RSA Padding check vulnerability]
	- cyassl <removed>
	- wolfssl 3.4.8+dfsg-1
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: http://www.yassl.com/yaSSL/Blog/Entries/2014/9/12_CyaSSL_3.2.0_Released.html
	NOTE: http://www.intelsecurity.com/advanced-threat-research/#
	NOTE: similar to CVE-2014-1568 in nss
CVE-2014-7199 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.19, ...)
	{DSA-3036-1}
	- mediawiki 1:1.19.19+dfsg-1 (bug #762754)
	[squeeze] - mediawiki <end-of-life>
CVE-2014-7169 (GNU Bash through 4.3 bash43-025 processes trailing strings after ...)
	{DSA-3035-1 DLA-63-1}
	- bash 4.3-9.2 (bug #762760)
CVE-2014-7156 (The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7155 (The x86_emulate function in arch/x86/x86_emulate/x86_emulate.c in Xen ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7154 (Race condition in HVMOP_track_dirty_vram in Xen 4.0.0 through 4.4.x ...)
	{DSA-3041-1}
	- xen 4.4.1-3
	[squeeze] - xen <end-of-life>
CVE-2014-7152 (Cross-site scripting (XSS) vulnerability in the Easy MailChimp Forms ...)
	NOT-FOR-US: WordPress plugin Easy MailChimp Forms
CVE-2014-7151 (Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms ...)
	NOT-FOR-US: NEX-Forms Lite plugin for WordPress
CVE-2014-7150
	RESERVED
CVE-2014-7149
	RESERVED
CVE-2014-7148
	RESERVED
CVE-2014-7147
	RESERVED
CVE-2014-7146 (The XmlImportExport plugin in MantisBT 1.2.17 and earlier allows ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17725
	NOTE: https://github.com/mantisbt/mantisbt/commit/bed19db9 (1.2.x branch)
	NOTE: https://github.com/mantisbt/mantisbt/commit/84017535 (master)
CVE-2014-7140 (Unspecified vulnerability in the management interface in Citrix ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2014-7139 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
	NOT-FOR-US: WordPress plugin Contact Form DB
CVE-2014-7138 (Cross-site scripting (XSS) vulnerability in the Google Calendar Events ...)
	NOT-FOR-US: WordPress plugin Google Calendar Events
CVE-2014-7137 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM before ...)
	- dolibarr 3.5.5+dfsg1-1 (bug #770313)
CVE-2014-7136 (Heap-based buffer overflow in the K7FWFilt.sys kernel mode driver (aka ...)
	NOT-FOR-US: K7 Computing
CVE-2014-7135 (The Ayuntamiento de Coana (aka com.wInfoCoa) application 0.2 for ...)
	NOT-FOR-US: Ayuntamiento de Coana (aka com.wInfoCoa) application for Android
CVE-2014-7134 (The PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application 2.1 ...)
	NOT-FOR-US: PROF. USMAN ALI AWHEELA (aka com.wPROFUAAWHEELA) application for Android
CVE-2014-7133
	REJECTED
CVE-2014-7132 (The Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application ...)
	NOT-FOR-US: Jambatan PBB Semporna (aka com.wJAMBATANPBBSEMPORNA) application for Android
CVE-2014-7131 (The Digital Content NewFronts 2014 (aka ...)
	NOT-FOR-US: Digital Content NewFronts 2014 (aka com.coreapps.android.followme.newfronts2014) application for Android
CVE-2014-7130
	REJECTED
CVE-2014-7129 (The Argus Leader Print Edition (aka com.argusleader.android.prod) ...)
	NOT-FOR-US: Argus Leader Print Edition (aka com.argusleader.android.prod) application for Android
CVE-2014-7128 (The Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application ...)
	NOT-FOR-US: Toyota OC (aka com.tapatalk.toyotaownersclubcomforums) application for Android
CVE-2014-7127 (The Football Espana magazine (aka com.triactivemedia.footballespana) ...)
	NOT-FOR-US: Football Espana magazine (aka com.triactivemedia.footballespana) application for Android
CVE-2014-7126
	REJECTED
CVE-2014-7125 (The Motor (aka com.magzter.motorhwpublishing) application 3.0 for ...)
	NOT-FOR-US: Motor (aka com.magzter.motorhwpublishing) application for Android
CVE-2014-7124 (The IP Alarm (aka com.cosesy.gadget.alarm) application 1.4 for Android ...)
	NOT-FOR-US: IP Alarm (aka com.cosesy.gadget.alarm) application for Android
CVE-2014-7123 (The Brevir Harian V2 (aka com.brevir.harian.v) application 2.0 for ...)
	NOT-FOR-US: Brevir Harian V2 (aka com.brevir.harian.v) application for Android
CVE-2014-7122 (The Lansing State Journal Print (aka com.lansingjournal.android.prod) ...)
	NOT-FOR-US: Lansing State Journal Print (aka com.lansingjournal.android.prod) application for Android
CVE-2014-7121 (The Dhanam (aka com.magzter.dhanam) application 3.1 for Android does ...)
	NOT-FOR-US: Dhanam (aka com.magzter.dhanam) application for Android
CVE-2014-7120 (The Model Laboratory (aka com.magazinecloner.modellaboratory) ...)
	NOT-FOR-US: Model Laboratory (aka com.magazinecloner.modellaboratory) application for Android
CVE-2014-7119 (The GNAM 2013 (aka com.beepeers.gndam) application 1.0 for Android ...)
	NOT-FOR-US: GNAM 2013 (aka com.beepeers.gndam) application for Android
CVE-2014-7118 (The Itography Item Hunt (aka com.itography.application) application ...)
	NOT-FOR-US: Itography Item Hunt (aka com.itography.application) application for Android
CVE-2014-7117 (The Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application ...)
	NOT-FOR-US: Forest Area FCU Mobile (aka com.metova.cuae.fafcu) application for Android
CVE-2014-7116 (The NRA Journal (aka ...)
	NOT-FOR-US: NRA Journal (aka com.magazinecloner.nationalrifleassociationjournal) application for Android
CVE-2014-7115 (The Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) ...)
	NOT-FOR-US: Letters to God - soc. network (aka com.wPismakBoguLetterstoGod) application for Android
CVE-2014-7114
	REJECTED
CVE-2014-7113 (The NASA Universe Wallpapers Xeus (aka com.xeusNASA) application 1.0 ...)
	NOT-FOR-US: NASA Universe Wallpapers Xeus (aka com.xeusNASA) application for Android
CVE-2014-7112
	REJECTED
CVE-2014-7111 (The Android Excellence (aka an.exc.ap) application 1.4.1 for Android ...)
	NOT-FOR-US: Android Excellence (aka an.exc.ap) application for Android
CVE-2014-7110
	REJECTED
CVE-2014-7109 (The Nesvarnik (aka cz.dtest.nesvarnik) application 1.0 for Android ...)
	NOT-FOR-US: Nesvarnik (aka cz.dtest.nesvarnik) application for Android
CVE-2014-7108 (The Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) ...)
	NOT-FOR-US: Stop Headaches and Migraines (aka com.StopHeadachesandMigraines) application for Android
CVE-2014-7107 (The Human Factor (aka com.magzter.thehumanfactor) application 3.01 for ...)
	NOT-FOR-US: The Human Factor (aka com.magzter.thehumanfactor) application for Android
CVE-2014-7106 (The Orakel-Ball (aka com.wOrakelball) application 0.2 for Android does ...)
	NOT-FOR-US: Orakel-Ball (aka com.wOrakelball) application for Android
CVE-2014-7105
	REJECTED
CVE-2014-7104 (The gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application 1.2 for ...)
	NOT-FOR-US: gymnoOVP (iOVP) (aka com.johtru.gymnoOVP) application for Android
CVE-2014-7103 (The Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) ...)
	NOT-FOR-US: Oskarshamnsliv (aka appinventor.ai_stadslivsguiden.Oskarshamnsliv) application for Android
CVE-2014-7102 (The Car Insurance Quote Comparison (aka com.seopa.quotezone) ...)
	NOT-FOR-US: Car Insurance Quote Comparison (aka com.seopa.quotezone) application for Android
CVE-2014-7101 (The Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application ...)
	NOT-FOR-US: Talk Radio Europe (aka com.nobexinc.wls_31251464.rc) application for Android
CVE-2014-7100 (The www.sm3ny.com (aka sm3ny.com) application 1.0 for Android does not ...)
	NOT-FOR-US: www.sm3ny.com (aka sm3ny.com) application for Android
CVE-2014-7099 (The Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application ...)
	NOT-FOR-US: Woodcraft Magazine (aka com.magzter.woodcraftmagazine) application for Android
CVE-2014-7098 (The Fylet Secure Large File Sender (aka ...)
	NOT-FOR-US: Fylet Secure Large File Sender (aka com.application.fyletFileSender) application for Android
CVE-2014-7097
	REJECTED
CVE-2014-7096
	REJECTED
CVE-2014-7095
	REJECTED
CVE-2014-7094
	REJECTED
CVE-2014-7093 (The Superbike Magazine (aka com.triactivemedia.superbike) application ...)
	NOT-FOR-US: Superbike Magazine (aka com.triactivemedia.superbike) application for Android
CVE-2014-7092 (The Ubooly (aka com.ubooly.ubooly) application 4.3.0 for Android does ...)
	NOT-FOR-US: Ubooly (aka com.ubooly.ubooly) application for Android
CVE-2014-7091 (The Sacramento Kings (aka com.tibco.gse.sports) application 6.0.8 for ...)
	NOT-FOR-US: Sacramento Kings (aka com.tibco.gse.sports) application for Android
CVE-2014-7090 (The MyVCCCD (aka com.dub.app.ventura) application 1.4.14 for Android ...)
	NOT-FOR-US: MyVCCCD (aka com.dub.app.ventura) application for Android
CVE-2014-7089 (The COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application ...)
	NOT-FOR-US: COMPETITION INFORMATION (aka com.ear.bilgiyarismasi) application for Android
CVE-2014-7088 (The JDM Lifestyle (aka com.hondatech) application 6.4 for Android does ...)
	NOT-FOR-US: JDM Lifestyle (aka com.hondatech) application for Android
CVE-2014-7087 (The Top Roller Coasters Europe 1 (aka ...)
	NOT-FOR-US: Top Roller Coasters Europe 1 (aka com.appaapps.top10tallesteuropeanrollercoasters1) application for Android
CVE-2014-7086 (The Killer Screen lock (aka com.cc.theme.shashou) application 0.5 for ...)
	NOT-FOR-US: Killer Screen lock (aka com.cc.theme.shashou) application for Android
CVE-2014-7085 (The i Newspaper (aka com.independent.thei) application @7F080184 for ...)
	NOT-FOR-US: i Newspaper (aka com.independent.thei) application for Android
CVE-2014-7084 (The Hesheng 80 (aka com.ireadercity.c29) application 3.0.2 for Android ...)
	NOT-FOR-US: Hesheng 80 (aka com.ireadercity.c29) application for Android
CVE-2014-7083 (The Jiu Jik (aka com.scmp.jiujik) application 1.4.0 for Android does ...)
	NOT-FOR-US: Jiu Jik (aka com.scmp.jiujik) application for Android
CVE-2014-7082 (The No Disturb (aka com.blogspot.imapp.imnodisturb) application 3.3 ...)
	NOT-FOR-US: No Disturb (aka com.blogspot.imapp.imnodisturb) application for Android
CVE-2014-7081
	REJECTED
CVE-2014-7080 (The Sigong ebook (aka com.sigongsa.sigonggenre) application 1.0.0 for ...)
	NOT-FOR-US: Sigong ebook (aka com.sigongsa.sigonggenre) application for Android
CVE-2014-7079 (The Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application ...)
	NOT-FOR-US: Romeo and Juliet (aka jp.co.cybird.appli.android.rjs) application for Android
CVE-2014-7078 (The Payoneer Sign Up (aka com.wPayoneerSignUp) application 0.1 for ...)
	NOT-FOR-US: Payoneer Sign Up (aka com.wPayoneerSignUp) application for Android
CVE-2014-7077 (The Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application ...)
	NOT-FOR-US: Gulf Coast Educators FCU (aka com.metova.cuae.gcefcu) application for Android
CVE-2014-7076 (The Sanctuary Asia (aka com.magzter.sanctuaryasia) application 3.0 for ...)
	NOT-FOR-US: Sanctuary Asia (aka com.magzter.sanctuaryasia) application for Android
CVE-2014-7075 (The HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application 2.0 for ...)
	NOT-FOR-US: HAPPY (aka com.tw.knowhowdesign.sinfonghuei) application for Android
CVE-2014-7074
	REJECTED
CVE-2014-7073 (The Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) ...)
	NOT-FOR-US: Andrew Magdy Kamal's Network (aka com.wAndSocialREWApps) application for Android
CVE-2014-7072 (The Venezia map (aka com.wVeneziamap) application 0.1 for Android does ...)
	NOT-FOR-US: Venezia map (aka com.wVeneziamap) application for Android
CVE-2014-7071 (The Autocar India (aka com.magzter.autocarindia) application 3.03 for ...)
	NOT-FOR-US: Autocar India (aka com.magzter.autocarindia) application for Android
CVE-2014-7070 (The Air War Hero (aka com.dev.airwar) application 3.0 for Android does ...)
	NOT-FOR-US: Air War Hero (aka com.dev.airwar) application for Android
CVE-2014-7069 (The Aventino Brand (aka com.AventinoBrand) application 2.2 for Android ...)
	NOT-FOR-US: Aventino Brand (aka com.AventinoBrand) application for Android
CVE-2014-7068 (The Neumann Student Activities (aka com.appmakr.app153856) application ...)
	NOT-FOR-US: Neumann Student Activities (aka com.appmakr.app153856) application for Android
CVE-2014-7067 (The BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application 0.1 for ...)
	NOT-FOR-US: BTD5 Videos (aka com.wxTYILIEIRBTD5Videos) application for Android
CVE-2014-7066 (The LegalEra (aka com.magzter.legalera) application 3.0 for Android ...)
	NOT-FOR-US: LegalEra (aka com.magzter.legalera) application for Android
CVE-2014-7065 (The Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) ...)
	NOT-FOR-US: Nigerias Business Directory (aka com.wNigeriasBusinessDirectory) application for Android
CVE-2014-7064 (The ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) ...)
	NOT-FOR-US: ben10 omniverse walkthrough (aka com.wben10omniverse2walkthrough) application for Android
CVE-2014-7063 (The Bikers Romagna (aka com.bikers.romagna) application 1.0 for ...)
	NOT-FOR-US: Bikers Romagna (aka com.bikers.romagna) application for Android
CVE-2014-7062 (The Association Min Ajlik (aka com.association.min.ajlik) application ...)
	NOT-FOR-US: Association Min Ajlik (aka com.association.min.ajlik) application for Android
CVE-2014-7061 (The MODSIM World 2014 (aka com.concursive.modsimworld) application ...)
	NOT-FOR-US: MODSIM World 2014 (aka com.concursive.modsimworld) application for Android
CVE-2014-7060 (The Your Tango (aka com.your.tango) application 1.0 for Android does ...)
	NOT-FOR-US: Your Tango (aka com.your.tango) application for Android
CVE-2014-7059 (The TheDevildogGamer (aka com.wTheDevildogGamer) application 1.0 for ...)
	NOT-FOR-US: TheDevildogGamer (aka com.wTheDevildogGamer) applicationfor Android
CVE-2014-7058 (The Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) ...)
	NOT-FOR-US: Efendimizin Sunnetleri (aka com.wEfendimizinSunnetleri) application for Android
CVE-2014-7057 (The Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) ...)
	NOT-FOR-US: Hong Kong Tatler Society (aka com.magzter.hongkongtatlersociety) application for Android
CVE-2014-7056 (The Yeast Infection (aka com.wyeastinfectionapp) application 0.1 for ...)
	NOT-FOR-US: Yeast Infection (aka com.wyeastinfectionapp) application for Android
CVE-2014-7055 (The NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) ...)
	NOT-FOR-US: NCCI's Annual Issues Symposium (aka com.quickmobile.ais14) application for Android
CVE-2014-7054 (The musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) ...)
	NOT-FOR-US: musica de barrios sonideros (aka com.nobexinc.wls_93155702.rc) application for Android
CVE-2014-7053 (The City Star ME (aka com.citystarme) application 1.0 for Android does ...)
	NOT-FOR-US: City Star ME (aka com.citystarme) application for Android
CVE-2014-7052 (The sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application ...)
	NOT-FOR-US: sahab-alkher.com (aka com.tapatalk.sahabalkhercomvb) application for Android
CVE-2014-7051
	REJECTED
CVE-2014-7050 (The givenu give (aka com.givenu.give) application 1.5.3 for Android ...)
	NOT-FOR-US: givenu give (aka com.givenu.give) application for Android
CVE-2014-7049 (The SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application ...)
	NOT-FOR-US: SomTodo - Task/To-do widget (aka com.somcloud.somtodo) application for Android
CVE-2014-7048 (The Bear ID Lock (aka com.wBearIDLock) application 0.1 for Android ...)
	NOT-FOR-US: Bear ID Lock (aka com.wBearIDLock) application for Android
CVE-2014-7047 (The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application ...)
	NOT-FOR-US: Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application for Android
CVE-2014-7046 (The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 ...)
	NOT-FOR-US: George Wassouf (aka com.devkhr32.georgewassouf) application for Android
CVE-2014-7045 (The Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) ...)
	NOT-FOR-US: Bust Out Bail (aka com.onesolutionapps.bustoutbailandroid) application for Android
CVE-2014-7044 (The Street Walker (aka kt.road.StreetWalker) application 0.0.1 for ...)
	NOT-FOR-US: Street Walker (aka kt.road.StreetWalker) application for Android
CVE-2014-7043 (The Cadpage (aka net.anei.cadpage) application 1.7.44 for Android does ...)
	NOT-FOR-US: Cadpage (aka net.anei.cadpage) application for Android
CVE-2014-7042 (** DISPUTED ** The My nTelos (aka com.telespree.ntelospostpay) ...)
	NOT-FOR-US: My nTelos (aka com.telespree.ntelospostpay) application for Android
CVE-2014-7041 (The SimGene (aka com.japanbioinformatics.simgene) application 1.3 for ...)
	NOT-FOR-US: SimGene (aka com.japanbioinformatics.simgene) application for Android
CVE-2014-7040 (The UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) ...)
	NOT-FOR-US: UniCredit Investors (aka eu.unicreditgroup.brand.ucinvestors) application for Android
CVE-2014-7039 (The Wild Women United (aka com.wildwomenunited) application 1.0 for ...)
	NOT-FOR-US: Wild Women United (aka com.wildwomenunited) application for Android
CVE-2014-7038 (The Al Jazeera (aka com.Al.Jazeera.net) application 6.0 for Android ...)
	NOT-FOR-US: Al Jazeera (aka com.Al.Jazeera.net) application for Android
CVE-2014-7037 (The Noble Sticker &quot;FREE&quot; (aka com.kuronecostudio.kizokustamp.free) ...)
	NOT-FOR-US: Noble Sticker "FREE" (aka com.kuronecostudio.kizokustamp.free) application for Android
CVE-2014-7036 (The Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application ...)
	NOT-FOR-US: Quest Federal CU Mobile (aka com.metova.cuae.questfcu) application for Android
CVE-2014-7035 (The Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application ...)
	NOT-FOR-US: Harmonizers Planet (aka uk.co.pixelkicks.fifthharmony) application for Android
CVE-2014-7034 (The Senator Inn &amp; Spa (aka ...)
	NOT-FOR-US: Senator Inn & Spa (aka com.conduit.app_cc06e8e9659c4cf7b361ad0b7717f3a4.app) application for Android
CVE-2014-7033 (The Cure Viewer (aka com.livedoor.android.cureviewer) application 1.03 ...)
	NOT-FOR-US: Cure Viewer (aka com.livedoor.android.cureviewer) application for Android
CVE-2014-7032 (The MYHABIT (aka com.amazon.myhabit) application @7F080041 for Android ...)
	NOT-FOR-US: MYHABIT (aka com.amazon.myhabit) application for Android
CVE-2014-7031 (The RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application 2.5 ...)
	NOT-FOR-US: RedAtoms Three (aka com.redatoms.mojodroid.tw.gp) application for Android
CVE-2014-7030 (The Dieta Dukan passo a passo (aka ...)
	NOT-FOR-US: Dieta Dukan passo a passo (aka com.rareartifact.dukanpasoapaso82BE0897) application for Android
CVE-2014-7029 (The Bultmonster Registret (aka com.bultmonster.registret) application ...)
	NOT-FOR-US: Bultmonster Registret (aka com.bultmonster.registret) application for Android
CVE-2014-7028 (The Ibis pau centre (aka com.myapphone.android.myappibispaucentre) ...)
	NOT-FOR-US: Ibis pau centre (aka com.myapphone.android.myappibispaucentre) application for Android
CVE-2014-7027 (The Esercizi per le donne (aka ...)
	NOT-FOR-US: Esercizi per le donne (aka com.rareartifact.eserciziperledonne6D5578C6) application for Android
CVE-2014-7026 (The LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application ...)
	NOT-FOR-US: LIFE TIME FITNESS (aka com.lifetimefitness.ltfmobile) application for Android
CVE-2014-7025 (The Who-is-it? Lite name caller time limited free (aka ...)
	NOT-FOR-US: Who-is-it? Lite name caller time limited free (aka de.profiler.android.whoisit) application for Android
CVE-2014-7024 (The Hardest Game Collection (aka com.lotfun.abuse) application 1.5.0 ...)
	NOT-FOR-US: Hardest Game Collection (aka com.lotfun.abuse) application for Android
CVE-2014-7023 (The Find Color (aka com.chudong.color) application 1.1.1 for Android ...)
	NOT-FOR-US: Find Color (aka com.chudong.color) application for Android
CVE-2014-7022 (The Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) ...)
	NOT-FOR-US: Modelisme.com forum/portail (aka com.tapatalk.modelismecomforum) application for Android
CVE-2014-7021 (The Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) ...)
	NOT-FOR-US: Leg Surgery - Kids Games (aka com.harriskerioe.legsurgery) application for Android
CVE-2014-7020 (The Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) ...)
	NOT-FOR-US: Diabetes Forum (aka com.tapatalk.diabetescoukdiabetesforum) application for Android
CVE-2014-7019 (The Clarks Inn (aka com.ClarksInn) application 3.3.0 for Android does ...)
	NOT-FOR-US: Clarks Inn (aka com.ClarksInn) application for Android
CVE-2014-7018 (The LOVE DANCE (aka com.efunfun.ddianle.lovedance) application ...)
	NOT-FOR-US: LOVE DANCE (aka com.efunfun.ddianle.lovedance) application for Android
CVE-2014-7017 (The Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) ...)
	NOT-FOR-US: Tim Ban Bon Phuong (aka com.entertaiment.timbanbonphuong) application for Android
CVE-2014-7016 (The Mahasna Batik (aka com.batik.mahasna) application 1.0 for Android ...)
	NOT-FOR-US: Mahasna Batik (aka com.batik.mahasna) application for Android
CVE-2014-7015 (The JJ Texas Hold'em Poker (aka cn.jj.poker) application 1.13.23.HD ...)
	NOT-FOR-US: JJ Texas Hold'em Poker (aka cn.jj.poker) application for Android
CVE-2014-7014
	REJECTED
CVE-2014-7013 (The Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) ...)
	NOT-FOR-US: Funny Photo Color Editor (aka com.doirdeditor.funcloreditor) application for Android
CVE-2014-7012 (The Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application 2.0.1 ...)
	NOT-FOR-US: Coffee Inn (aka lt.lemonlabs.android.coffeeinn) application for Android
CVE-2014-7011 (The NWTC Mobile (aka com.dub.app.nwtc) application 1.4.17 for Android ...)
	NOT-FOR-US: NWTC Mobile (aka com.dub.app.nwtc) application for Android
CVE-2014-7010 (The UTSA Mobile (aka com.dub.app.utsa) application 1.4.21 for Android ...)
	NOT-FOR-US: UTSA Mobile (aka com.dub.app.utsa) application for Android
CVE-2014-7009 (The HKBN My Account (aka com.hkbn.myaccount) application @7F070015 for ...)
	NOT-FOR-US: HKBN My Account (aka com.hkbn.myaccount) application for Android
CVE-2014-7008 (The Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) ...)
	NOT-FOR-US: Forum FrAndroid beta (aka com.tapatalk.forumfrandroidcom) application for Android
CVE-2014-7007 (The Master Mix (aka com.nobexinc.wls_24832536.rc) application 3.3.5 ...)
	NOT-FOR-US: Master Mix (aka com.nobexinc.wls_24832536.rc) application for Android
CVE-2014-7006 (The HydFM (aka com.apheliontechnologies.hydfm) application 1.1.9 for ...)
	NOT-FOR-US: HydFM (aka com.apheliontechnologies.hydfm) application for Android
CVE-2014-7005 (The Foconet (aka suporte.com.foconet) application 1.0 for Android does ...)
	NOT-FOR-US: Foconet (aka suporte.com.foconet) application for Android
CVE-2014-7004 (The PETA (aka com.peta.android) application 1.1 for Android does not ...)
	NOT-FOR-US: PETA (aka com.peta.android) application for Android
CVE-2014-7003 (The Goodwin (aka com.goodwin.Goodwin) application 1.15 for Android ...)
	NOT-FOR-US: Goodwin (aka com.goodwin.Goodwin) application for Android
CVE-2014-7002 (The Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) ...)
	NOT-FOR-US: Sopexa Pavillon France (aka com.goomeoevents.pavillonfrance) application for Android
CVE-2014-7001 (The Jian Ren (aka cn.sh.scustom.janren) application 1.5.1 for Android ...)
	NOT-FOR-US: Jian Ren (aka cn.sh.scustom.janren) application for Android
CVE-2014-7000 (The Paul Alexander Campaign (aka hr.apps.n51261427) application 4.5.8 ...)
	NOT-FOR-US: Paul Alexander Campaign (aka hr.apps.n51261427) application for Android
CVE-2014-6999 (The Questoes OAB (aka com.pedefeijao.questoesoab) application ...)
	NOT-FOR-US: Questoes OAB (aka com.pedefeijao.questoesoab) application for Android
CVE-2014-6998 (The PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) ...)
	NOT-FOR-US: PinkFong TV (aka kr.co.smartstudy.pinkfongtv_android_googlemarket) application for Android
CVE-2014-6997 (The Dino Village (aka com.tappocket.dinovillage) application 1.6 for ...)
	NOT-FOR-US: Dino Village (aka com.tappocket.dinovillage) application for Android
CVE-2014-6996 (The Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application ...)
	NOT-FOR-US: Martial Arts Battle Card (aka com.tapenjoy.zjh.tw) application for Android
CVE-2014-6995 (The adidas eyewear (aka com.adidasep.eyewear) application 1.2 for ...)
	NOT-FOR-US: adidas eyewear (aka com.adidasep.eyewear) application for Android
CVE-2014-6994 (The Atecea (aka com.atecea) application 1.2 for Android does not ...)
	NOT-FOR-US: Atecea (aka com.atecea) application for Android
CVE-2014-6993 (The Codeeta Coupons (aka com.codeeta.promos) application 1.0.5 for ...)
	NOT-FOR-US: Codeeta Coupons (aka com.codeeta.promos) application for Android
CVE-2014-6992 (The Timeless Black (aka com.apptive.android.apps.timeless) application ...)
	NOT-FOR-US: Timeless Black (aka com.apptive.android.apps.timeless) application for Android
CVE-2014-6991 (The LiveAuctions.tv (aka air.LiveAndroidMaxx) application 2.005 for ...)
	NOT-FOR-US: LiveAuctions.tv (aka air.LiveAndroidMaxx) application for Android
CVE-2014-6990 (The Albasit artes y danza (aka ...)
	NOT-FOR-US: Albasit artes y danza (aka com.adianteventures.adianteapps.albasit_artes_y_danza) application for Android
CVE-2014-6989 (The Germanwings (aka com.germanwings.android) application 2.1.13 for ...)
	NOT-FOR-US: Germanwings (aka com.germanwings.android) application for Android
CVE-2014-6988 (The Quotes in Images (aka pt.lumberapps.imagensfrases) application ...)
	NOT-FOR-US: Quotes in Images (aka pt.lumberapps.imagensfrases) application for Android
CVE-2014-6987 (The Mass Gaming TV (aka net.massgamers) application 1.0 for Android ...)
	NOT-FOR-US: Mass Gaming TV (aka net.massgamers) application for Android
CVE-2014-6986 (The Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) ...)
	NOT-FOR-US: Pregnancy Tips (aka com.rareartifact.tipsforpregnant71C80129) application for Android
CVE-2014-6985 (The Georgia Packing (aka com.tapatalk.georgiapackingorg) application ...)
	NOT-FOR-US: Georgia Packing (aka com.tapatalk.georgiapackingorg) application for Android
CVE-2014-6984 (The Shots (aka com.shots.android) application 1.0.8 for Android does ...)
	NOT-FOR-US: Shots (aka com.shots.android) application for Android
CVE-2014-6983 (The NBE (aka com.nbe.app) application 1.1 for Android does not verify ...)
	NOT-FOR-US: NBE (aka com.nbe.app) application for Android
CVE-2014-6982 (The Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) ...)
	NOT-FOR-US: Arabic Troll Football (aka com.hamoosh.ArabicTrollFootball) application for Android
CVE-2014-6981 (The Taiwan Business Bank (aka com.mitake.TBB) application 2.04 for ...)
	NOT-FOR-US: Taiwan Business Bank (aka com.mitake.TBB) application for Android
CVE-2014-6980 (The LINE PLAY (aka jp.naver.lineplay.android) application 2.3.1.1 for ...)
	NOT-FOR-US: LINE PLAY (aka jp.naver.lineplay.android) application for Android
CVE-2014-6979 (The MiWay Insurance Ltd (aka com.MiWay.MD) application 1.2 for Android ...)
	NOT-FOR-US: MiWay Insurance Ltd (aka com.MiWay.MD) application for Android
CVE-2014-6978 (The Karim Rahal Essoulami (aka ...)
	NOT-FOR-US: Karim Rahal Essoulami (aka com.karim.rahal.essoulami.lcxogeyuizteegxvnq) application for Android
CVE-2014-6977 (The eLearn (aka ...)
	NOT-FOR-US: eLearn (aka com.desire2learn.campuslife.chattanoogastate.edu.directory) application for Android
CVE-2014-6976 (The Aeroexpress (aka ru.lynx.aero) application 2.6.2 for Android does ...)
	NOT-FOR-US: Aeroexpress (aka ru.lynx.aero) application for Android
CVE-2014-6975 (The Twin Lin (aka com.twinlin.twmo) application 5 for Android does not ...)
	NOT-FOR-US: Twin Lin (aka com.twinlin.twmo) application for Android
CVE-2014-6974 (The MifaShow Hairstyles (aka com.mifashow) application 3.7 for Android ...)
	NOT-FOR-US: MifaShow Hairstyles (aka com.mifashow) application for Android
CVE-2014-6973 (The Care4Kids (aka com.codetherapy.care4kids) application 1.03 for ...)
	NOT-FOR-US: Care4Kids (aka com.codetherapy.care4kids) application for Android
CVE-2014-6972 (The Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application 2.5 ...)
	NOT-FOR-US: Kazakhstan Radio (aka com.wordbox.kazakhstanRadio) application for Android
CVE-2014-6971 (The Easy Video Downloader (aka com.simon.padillar.EasyVideo) ...)
	NOT-FOR-US: Easy Video Downloader (aka com.simon.padillar.EasyVideo) application for Android
CVE-2014-6970 (The North American Ismaili Games (aka hr.apps.n166983741) application ...)
	NOT-FOR-US: North American Ismaili Games (aka hr.apps.n166983741) application for Android
CVE-2014-6969 (The Deltin Suites (aka com.DeltinSuites) application 3.4.1 for Android ...)
	NOT-FOR-US: Deltin Suites (aka com.DeltinSuites) application for Android
CVE-2014-6968 (The Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) ...)
	NOT-FOR-US: Grandma's Grotto (aka com.mobileappsuite.grandmasgrotto) application for Android
CVE-2014-6967 (The Albion College (aka com.vivomobile.albioncollege) application ...)
	NOT-FOR-US: Albion College (aka com.vivomobile.albioncollege) application for Android
CVE-2014-6966 (The West Bend School District (aka net.parentlink.westbend) ...)
	NOT-FOR-US: West Bend School District (aka net.parentlink.westbend) application for Android
CVE-2014-6965 (The FAZ.NET (aka net.faz.FAZ) application 1.0.1 for Android does not ...)
	NOT-FOR-US: FAZ.NET (aka net.faz.FAZ) application for Android
CVE-2014-6964 (The Hanyang University Admissions (aka kr.ac.hanyang.planner) ...)
	NOT-FOR-US: Hanyang University Admissions (aka kr.ac.hanyang.planner) application for Android
CVE-2014-6963 (The feiron (aka es.sw.feironmobile.app) application 1.1 for Android ...)
	NOT-FOR-US: feiron (aka es.sw.feironmobile.app) application for Android
CVE-2014-6962 (The Elk Grove PublicStuff (aka com.wassabi.elkgrove) application 3.2 ...)
	NOT-FOR-US: Elk Grove PublicStuff (aka com.wassabi.elkgrove) application for Android
CVE-2014-6961 (The SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application 2.0 ...)
	NOT-FOR-US: SudaniNet (aka com.sudaninet.wtwqiqbegq_btwlda) application for Android
CVE-2014-6960 (The Multitrac (aka com.multitrac) application 1.04 for Android does ...)
	NOT-FOR-US: Multitrac (aka com.multitrac) application for Android
CVE-2014-6959 (The QinCard (aka com.haowan.qincard) application 2.0 for Android does ...)
	NOT-FOR-US: QinCard (aka com.haowan.qincard) application for Android
CVE-2014-6958 (The ISMRM-ESMRMB 2014 (aka ...)
	NOT-FOR-US: ISMRM-ESMRMB 2014 (aka com.coreapps.android.followme.ismrm_esmrmb14) application for Android
CVE-2014-6957 (The scottcolibmn (aka com.bredir.boopsie.scottlib) application 4.5.110 ...)
	NOT-FOR-US: scottcolibmn (aka com.bredir.boopsie.scottlib) application for Android
CVE-2014-6956 (The Hydrogen Water (aka com.appzone628) application 1.0 for Android ...)
	NOT-FOR-US: Hydrogen Water (aka com.appzone628) application for Android
CVE-2014-6955 (The Le Grand Bleu (aka com.appzone468) application 1.0 for Android ...)
	NOT-FOR-US: Le Grand Bleu (aka com.appzone468) application for Android
CVE-2014-6954 (The Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) ...)
	NOT-FOR-US: Deer Hunting Calls + Guide (aka com.anawaz.deerhuntingcalls.free) application for Android
CVE-2014-6953 (The AFTERLIFE WITH ARCHIE (aka ...)
	NOT-FOR-US: AFTERLIFE WITH ARCHIE (aka com.afterlifewitharchie.afterlifewitharchie) application for Android
CVE-2014-6952 (The Manga Facts (aka app.mangafacts.ar) application 1.0 for Android ...)
	NOT-FOR-US: Manga Facts (aka app.mangafacts.ar) application for Android
CVE-2014-6951 (The OneFile Ignite (aka uk.co.onefile.ignite) application 1.19 for ...)
	NOT-FOR-US: OneFile Ignite (aka uk.co.onefile.ignite) application for Android
CVE-2014-6950 (The Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) ...)
	NOT-FOR-US: Mt. Airy News (aka com.soln.SBE4A803AD6430A6E9DBA5688AA644148) application for Android
CVE-2014-6949 (The Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) ...)
	NOT-FOR-US: Akne Ernahrung (aka com.rareartifact.akneernahrung72010074) application for Android
CVE-2014-6948 (The TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) ...)
	NOT-FOR-US: TH3 professional Al Mohtarif (aka com.th3professional.almohtarif) application for Android
CVE-2014-6947 (The Archie Comics (aka com.iversecomics.archie.android) application ...)
	NOT-FOR-US: Archie Comics (aka com.iversecomics.archie.android) application for Android
CVE-2014-6946 (The Re:kyu (aka com.appzone619) application 1.0 for Android does not ...)
	NOT-FOR-US: Re:kyu (aka com.appzone619) application for Android
CVE-2014-6945 (The Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application 1.0 for ...)
	NOT-FOR-US: Neeku Naaku Dash Dash (aka com.dakshaa.nndd) application for Android
CVE-2014-6944 (The mitfahrgelegenheit.at (aka com.carpooling.android.at) application ...)
	NOT-FOR-US: mitfahrgelegenheit.at (aka com.carpooling.android.at) application for Android
CVE-2014-6943 (The Konigsleiten (aka com.knigsleiten) application 1.0 for Android ...)
	NOT-FOR-US: Konigsleiten (aka com.knigsleiten) application for Android
CVE-2014-6942 (The Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) ...)
	NOT-FOR-US: Alisha Marie (Unofficial) (aka com.automon.ay.alisha.marie) application for Android
CVE-2014-6941 (The NOS Alive (aka pt.optimus.optimusalive2011) application 5.1 for ...)
	NOT-FOR-US: NOS Alive (aka pt.optimus.optimusalive2011) application for Android
CVE-2014-6940 (The Absolute Lending Solutions (aka ...)
	NOT-FOR-US: Absolute Lending Solutions (aka com.soln.S008F6C05EC0B63264B429F6D76286562) application for Android
CVE-2014-6939 (The Sketch W Friends FREE -Tablets (aka ...)
	NOT-FOR-US: Sketch W Friends FREE -Tablets (aka air.com.xlabz.SketchWFriendsFree) application for Android
CVE-2014-6938 (The Apostilas musicais (aka com.apostilas) application 1.0 for Android ...)
	NOT-FOR-US: Apostilas musicais (aka com.apostilas) application for Android
CVE-2014-6937 (The China CITIC Bank Credit Card (aka com.citiccard.mobilebank) ...)
	NOT-FOR-US: China CITIC Bank Credit Card (aka com.citiccard.mobilebank) application for Android
CVE-2014-6936 (The IDS 2013 (aka de.mobileeventguide.ids2013) application 1.21 for ...)
	NOT-FOR-US: IDS 2013 (aka de.mobileeventguide.ids2013) application for Android
CVE-2014-6935 (The ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) ...)
	NOT-FOR-US: ColorMania - Color Quiz Game (aka com.ColormaniaColoringGames) application for Android
CVE-2014-6934 (The Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) ...)
	NOT-FOR-US: Physics Chemistry Biology Quiz (aka com.pdevsmcqs.pcbmcqseries) application for Android
CVE-2014-6933 (The Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application ...)
	NOT-FOR-US: Toraware Takojyou (aka ltd.pte.wavea.torawaretakojyou) application for Android
CVE-2014-6932 (The All Navalny (aka com.all.navalny) application 1.10 for Android ...)
	NOT-FOR-US: All Navalny (aka com.all.navalny) application for Android
CVE-2014-6931 (The Treves Dance Center (aka ...)
	NOT-FOR-US: Treves Dance Center (aka com.myapphone.android.myapptrvesdancecenter) application for Android
CVE-2014-6930 (The Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application ...)
	NOT-FOR-US: Abram Radio Groove! (aka com.nobexinc.wls_79226887.rc) application for Android
CVE-2014-6929 (The AIHce 2014 (aka com.coreapps.android.followme.aihce2014) ...)
	NOT-FOR-US: AIHce 2014 (aka com.coreapps.android.followme.aihce2014) application for Android
CVE-2014-6928 (The Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) ...)
	NOT-FOR-US: Rastreador de Celulares (aka com.mobincube.android.sc_9KTH8) application for Android
CVE-2014-6927 (The Myanmar Housing : mmHome (aka com.mmhome3) application 1.3 for ...)
	NOT-FOR-US: Myanmar Housing : mmHome (aka com.mmhome3) application for Android
CVE-2014-6926 (The Allt om Brollop (aka com.paperton.wl.alltombrollop) application ...)
	NOT-FOR-US: Allt om Brollop (aka com.paperton.wl.alltombrollop) application for Android
CVE-2014-6925 (The Steyr Forum (aka com.tapatalk.steyrclubcomvb) application 3.9.12 ...)
	NOT-FOR-US: Steyr Forum (aka com.tapatalk.steyrclubcomvb) application for Android
CVE-2014-6924 (The Metro News (aka com.netpia.ha.metro) application 1.6.5 for Android ...)
	NOT-FOR-US: Metro News (aka com.netpia.ha.metro) application for Android
CVE-2014-6923 (The Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) ...)
	NOT-FOR-US: Dubrovnik Guided Walking Tours (aka com.mytoursapp.android.app351) application for Android
CVE-2014-6922 (The KFAI Community Radio (aka com.skyblue.pra.kfai) application 2.0.4 ...)
	NOT-FOR-US: KFAI Community Radio (aka com.skyblue.pra.kfai) application for Android
CVE-2014-6921 (The Buckhorn Grill (aka com.orderingapps.buckhorn) application 2.8 for ...)
	NOT-FOR-US: Buckhorn Grill (aka com.orderingapps.buckhorn) application for Android
CVE-2014-6920 (The Canal 44 (aka com.canal.canal44) application 1.0 for Android does ...)
	NOT-FOR-US: Canal 44 (aka com.canal.canal44) application for Android
CVE-2014-6919 (The Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) ...)
	NOT-FOR-US: Metalcasting Newsstand (aka air.com.yudu.ReaderAIR3017071) application for Android
CVE-2014-6918 (The Bikers Underground (aka hr.ap.n66871172) application 4.5.10 for ...)
	NOT-FOR-US: Bikers Underground (aka hr.ap.n66871172) application for Android
CVE-2014-6917 (The www.knote.kr Smart (aka kr.or.knote.android) application 1.0.3 for ...)
	NOT-FOR-US: www.knote.kr Smart (aka kr.or.knote.android) application for Android
CVE-2014-6916 (The mama.cn (aka cn.ziipin.mama.ui) application 1.02 for Android does ...)
	NOT-FOR-US: mama.cn (aka cn.ziipin.mama.ui) application for Android
CVE-2014-6915
	REJECTED
CVE-2014-6914 (The Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application 1.0 ...)
	NOT-FOR-US: Houcine El Jasmi (aka com.devkhr31.houcineeljasmi) application for Android
CVE-2014-6913 (The Dive The World (aka com.paperton.wl.divetheworld) application 1.53 ...)
	NOT-FOR-US: Dive The World (aka com.paperton.wl.divetheworld) application for Android
CVE-2014-6912 (The IRA's 59th Annual Conference (aka ...)
	NOT-FOR-US: IRA's 59th Annual Conference (aka com.coreapps.android.followme.ira_14) application for Android
CVE-2014-6911 (The diziturky HD 2015 (aka com.adv.diziturky) application 2014 for ...)
	NOT-FOR-US: diziturky HD 2015 (aka com.adv.diziturky) application for Android
CVE-2014-6910 (The MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) ...)
	NOT-FOR-US: MemorizeIt! (aka com.kshinenterprises.kshinent.memorizeit) application for Android
CVE-2014-6909 (The Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) ...)
	NOT-FOR-US: Coca-Cola FM Peru (aka com.enyetech.radio.coca_cola.fm_pe) application for Android
CVE-2014-6908 (The Forum IC (aka com.tapatalk.forumimmigrercom) application 3.3.12 ...)
	NOT-FOR-US: Forum IC (aka com.tapatalk.forumimmigrercom) application for Android
CVE-2014-6907 (The Rakuten Install (aka co.jp.rakuten.installapp) application 1.5.0 ...)
	NOT-FOR-US: Rakuten Install (aka co.jp.rakuten.installapp) application for Android
CVE-2014-6906 (The Loli Chocolate Cake (aka com.alison.kang.chocolatecake) ...)
	NOT-FOR-US: Loli Chocolate Cake (aka com.alison.kang.chocolatecake) application for Android
CVE-2014-6905 (The H2O Human Harmony Organization (aka com.netpia.ha.theh2o) ...)
	NOT-FOR-US: H2O Human Harmony Organization (aka com.netpia.ha.theh2o) application for Android
CVE-2014-6904 (The Safe Browser - The Web Filter (aka com.cloudacl) application 1.2.5 ...)
	NOT-FOR-US: Safe Browser - The Web Filter (aka com.cloudacl) application for Android
CVE-2014-6903 (The Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application ...)
	NOT-FOR-US: Gulf Power Mobile Bill Pay (aka com.tionetworks.gulf) application for Android
CVE-2014-6902 (The Anjuke (aka com.anjuke.android.app) application 7.1.7 for Android ...)
	NOT-FOR-US: Anjuke (aka com.anjuke.android.app) application for Android
CVE-2014-6901 (The RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application ...)
	NOT-FOR-US: RADIOS DEL ECUADOR (aka com.nobexinc.wls_87612622.rc) application for Android
CVE-2014-6900 (The EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) ...)
	NOT-FOR-US: EAGE Amsterdam 2014 (aka com.coreapps.android.followme.eage_2014) application for Android
CVE-2014-6899 (The Jazeera Airways (aka com.winit.jazeeraairways) application 2.7 for ...)
	NOT-FOR-US: Jazeera Airways (aka com.winit.jazeeraairways) application for Android
CVE-2014-6898 (The Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application ...)
	NOT-FOR-US: Boopsie MyLibrary (aka com.bredir.boopsie.mylibrary) application for Android
CVE-2014-6897 (The Skyrim Map (aka com.neko.skyrimmap) application 2.1 for Android ...)
	NOT-FOR-US: Skyrim Map (aka com.neko.skyrimmap) application for Android
CVE-2014-6896 (The Yik Yak (aka com.yik.yak) application 2.0.002 for Android does not ...)
	NOT-FOR-US: Yik Yak (aka com.yik.yak) application for Android
CVE-2014-6895 (The Throne Rush (aka com.progrestar.bft) application 2.3.10 for ...)
	NOT-FOR-US: Throne Rush (aka com.progrestar.bft) application for Android
CVE-2014-6894 (The Lucktastic (aka com.lucktastic.scratch) application 1.2.6 for ...)
	NOT-FOR-US: Lucktastic (aka com.lucktastic.scratch) application for Android
CVE-2014-6893 (The Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) ...)
	NOT-FOR-US: Pushpins Grocery Coupons (aka com.pushpinsapp.pushpins) application for Android
CVE-2014-6892 (The kalahari.com Shopping (aka com.kalahari.shop) application 1.4.2.1 ...)
	NOT-FOR-US: kalahari.com Shopping (aka com.kalahari.shop) application for Android
CVE-2014-6891 (The Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) ...)
	NOT-FOR-US: Vodafone Avantaj Cepte (aka com.vodafone.avantajcepte.main) application for Android
CVE-2014-6890 (The CouponCabin - Coupons &amp; Deals (aka com.couponcabin) application ...)
	NOT-FOR-US: CouponCabin - Coupons & Deals (aka com.couponcabin) application for Android
CVE-2014-6889 (The GunBroker.com (aka com.gunbroker.android) application 1.1.2 for ...)
	NOT-FOR-US: GunBroker.com (aka com.gunbroker.android) application for Android
CVE-2014-6888 (The PennyTalk Mobile (aka net.idt.pennytalk.android) application ...)
	NOT-FOR-US: PennyTalk Mobile (aka net.idt.pennytalk.android) application for Android
CVE-2014-6887 (The EXPRESS (aka com.gpshopper.express.android) application 2.5.3 for ...)
	NOT-FOR-US: EXPRESS (aka com.gpshopper.express.android) application for Android
CVE-2014-6886 (The WePhone - phone calls vs skype (aka com.wephoneapp) application ...)
	NOT-FOR-US: WePhone - phone calls vs skype (aka com.wephoneapp) application for Android
CVE-2014-6885 (The Academy Sports + Outdoors Visa (aka ...)
	NOT-FOR-US: Academy Sports + Outdoors Visa (aka com.usbank.icsmobile.academysports) application for Android
CVE-2014-6884 (The Ford Credit Account Manager (aka com.fordcredit.accountmanager) ...)
	NOT-FOR-US: Ford Credit Account Manager (aka com.fordcredit.accountmanager) application for Android
CVE-2014-6883 (The CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application ...)
	NOT-FOR-US: CNNMoney Portfolio for stocks (aka com.cnn.portfolio) application for Android
CVE-2014-6882 (The Western Federal Credit Union (aka com.kerrata.pulse.western) ...)
	NOT-FOR-US: Western Federal Credit Union (aka com.kerrata.pulse.western) application for Android
CVE-2014-6881 (The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) ...)
	NOT-FOR-US: PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application for Android
CVE-2014-6880 (The TradeHero (aka com.tradehero.th) application 2.2.5 for Android ...)
	NOT-FOR-US: TradeHero (aka com.tradehero.th) application for Android
CVE-2014-6879 (The Equifax Mobile (aka com.equifax) application 1.5 for Android does ...)
	NOT-FOR-US: Equifax Mobile (aka com.equifax) application for Android
CVE-2014-6878 (The RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application 3.1 ...)
	NOT-FOR-US: RBFCU Mobile (aka com.Vertifi.DeposZip.P314089681) application for Android
CVE-2014-6877 (The Santander Personal Banking (aka com.sovereign.santander) ...)
	NOT-FOR-US: Santander Personal Banking (aka com.sovereign.santander) application for Android
CVE-2014-6876 (The American Express Serve (aka com.serve.mobile) application ...)
	NOT-FOR-US: American Express Serve (aka com.serve.mobile) application for Android
CVE-2014-6875 (The Woodforest Mobile Banking (aka com.woodforest) application 3.1 for ...)
	NOT-FOR-US: Woodforest Mobile Banking (aka com.woodforest) application for Android
CVE-2014-6874 (The ModSim Connected (aka com.concursive.modsim) application 2.0 for ...)
	NOT-FOR-US: ModSim Connected (aka com.concursive.modsim) application for Android
CVE-2014-6873 (The AMGC (aka com.amec.uae) application 6.0 for Android does not ...)
	NOT-FOR-US: AMGC (aka com.amec.uae) application for Android
CVE-2014-6872 (The TTNET Muzik (aka com.ttnet.muzik) application 3.2 for Android does ...)
	NOT-FOR-US: TTNET Muzik (aka com.ttnet.muzik) application for Android
CVE-2014-6871 (The Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application 1.0.0 ...)
	NOT-FOR-US: Hogs Fly Crazy (aka com.pedrojayme.hogsflycrazy) application for Android
CVE-2014-6870 (The BGEnergy (aka com.bluegrass.smartapps) application 1.153.0034 for ...)
	NOT-FOR-US: BGEnergy (aka com.bluegrass.smartapps) application for Android
CVE-2014-6869 (The barcode scanner (aka tw.com.books.android.plus) application 2.3.0 ...)
	NOT-FOR-US: barcode scanner (aka tw.com.books.android.plus) application for Android
CVE-2014-6868 (The DS audio (aka com.synology.DSaudio) application 3.4 for Android ...)
	NOT-FOR-US: DS audio (aka com.synology.DSaudio) application for Android
CVE-2014-6867 (The Sortir en Alsace (aka com.axessweb.sortirenalsace) application ...)
	NOT-FOR-US: Sortir en Alsace (aka com.axessweb.sortirenalsace) application for Android
CVE-2014-6866 (The HomeAdvisor Mobile (aka com.servicemagic.consumer) application ...)
	NOT-FOR-US: HomeAdvisor Mobile (aka com.servicemagic.consumer) application for Android
CVE-2014-6865 (The Jamal Bates Show (aka ...)
	NOT-FOR-US: Jamal Bates Show (aka com.conduit.app_3a95e13827c54c4da9056fafb33ecc8d.app) application for Android
CVE-2014-6864 (The Forest River Forums (aka com.socialknowledge.forestriverforums) ...)
	NOT-FOR-US: Forest River Forums (aka com.socialknowledge.forestriverforums) application for Android
CVE-2014-6863 (The Mootorratturid &amp; biker.ee (aka ee.digitalfruit.mootorratturid) ...)
	NOT-FOR-US: Mootorratturid & biker.ee (aka ee.digitalfruit.mootorratturid) application for Android
CVE-2014-6862 (The ArtAcces (aka cat.gencat.mobi.artacces) application 1.0 for ...)
	NOT-FOR-US: ArtAcces (aka cat.gencat.mobi.artacces) application for Android
CVE-2014-6861 (The Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) ...)
	NOT-FOR-US: Terrarienbilder.com Forum (aka com.tapatalk.terrarienbildercomvb) application for Android
CVE-2014-6860 (The Trial Tracker (aka com.etcweb.android.trial_tracker) application ...)
	NOT-FOR-US: Trial Tracker (aka com.etcweb.android.trial_tracker) application for Android
CVE-2014-6859 (The Daum Maps - Subway (aka net.daum.android.map) application 3.9.1 ...)
	NOT-FOR-US: Daum Maps - Subway (aka net.daum.android.map) application for Android
CVE-2014-6858 (The Mostafa Shemeas (aka com.mostafa.shemeas.website) application 1.0 ...)
	NOT-FOR-US: Mostafa Shemeas (aka com.mostafa.shemeas.website) application for Android
CVE-2014-6857 (The Car Wallpapers HD (aka com.arab4x4.gallery.app) application 1.3 ...)
	NOT-FOR-US: Car Wallpapers HD (aka com.arab4x4.gallery.app) application for Android
CVE-2014-6856 (The AHRAH (aka com.vet2pet.aid219426) application 219426 for Android ...)
	NOT-FOR-US: AHRAH (aka com.vet2pet.aid219426) application for Android
CVE-2014-6855 (The Long (aka com.imop.longjiang.android) application 1.0.4 for ...)
	NOT-FOR-US: Long (aka com.imop.longjiang.android) application for Android
CVE-2014-6854 (The EyeXam (aka com.globaleyeventures.eyexam) application 1.4 for ...)
	NOT-FOR-US: EyeXam (aka com.globaleyeventures.eyexam) application for Android
CVE-2014-6853 (The Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) ...)
	NOT-FOR-US: Foxit MobilePDF - PDF Reader (aka com.foxit.mobile.pdf.lite) application for Android
CVE-2014-6852 (The LedLine.gr Official (aka com.automon.ledline.gr) application ...)
	NOT-FOR-US: LedLine.gr Official (aka com.automon.ledline.gr) application for Android
CVE-2014-6851 (The New Beginnings CFC (aka com.goodbarber.nbcfc) application 1.1 for ...)
	NOT-FOR-US: New Beginnings CFC (aka com.goodbarber.nbcfc) application for Android
CVE-2014-6850 (The SED Account (aka com.starkville.smartapps) application 1.153.0034 ...)
	NOT-FOR-US: SED Account (aka com.starkville.smartapps) application for Android
CVE-2014-6849
	REJECTED
CVE-2014-6848 (The DS file (aka com.synology.DSfile) application 4.1.1 for Android ...)
	NOT-FOR-US: DS file (aka com.synology.DSfile) application for Android
CVE-2014-6847 (The Horoscopes and Dreams (aka com.horoscopesanddreams) application ...)
	NOT-FOR-US: Horoscopes and Dreams (aka com.horoscopesanddreams) application for Android
CVE-2014-6846 (The Four Seasons Beverly Hills (aka ...)
	NOT-FOR-US: Four Seasons Beverly Hills (aka com.intelitycorp.FourSeasons.android.ice) application for Android
CVE-2014-6845 (The MediaFire (aka com.mediafire.android) application 1.1.1 for ...)
	NOT-FOR-US: MediaFire (aka com.mediafire.android) application for Android
CVE-2014-6844 (The ABC Song (aka com.tabtale.abcsingalong) application 1.0.0 for ...)
	NOT-FOR-US: ABC Song (aka com.tabtale.abcsingalong) application for Android
CVE-2014-6843 (The Sweatshop (aka com.orderingapps.sweatshop) application 2.96 for ...)
	NOT-FOR-US: Sweatshop (aka com.orderingapps.sweatshop) application for Android
CVE-2014-6842 (The Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) ...)
	NOT-FOR-US: Daily Advertiser Print (aka com.lafayettedailyadv.android.prod) application for Android
CVE-2014-6841 (The RTI INDIA (aka com.vbulletin.build_890) application 3.8.21 for ...)
	NOT-FOR-US: RTI INDIA (aka com.vbulletin.build_890) application for Android
CVE-2014-6840 (The My Wedding Planner (aka app.wedding) application 1.5 for Android ...)
	NOT-FOR-US: My Wedding Planner (aka app.wedding) application for Android
CVE-2014-6839 (The Alma Corinthiana (aka com.alma.corinthiana) application 1.0 for ...)
	NOT-FOR-US: Alma Corinthiana (aka com.alma.corinthiana) application for Android
CVE-2014-6838 (The Groupama toujours la (aka com.groupama.toujoursla) application ...)
	NOT-FOR-US: Groupama toujours la (aka com.groupama.toujoursla) application for Android
CVE-2014-6837 (The Hillside (aka com.hillside.hermanus) application 1.1 for Android ...)
	NOT-FOR-US: Hillside (aka com.hillside.hermanus) application for Android
CVE-2014-6836 (The DS photo+ (aka com.synology.dsphoto) application 3.3 for Android ...)
	NOT-FOR-US: DS photo+ (aka com.synology.dsphoto) application for Android
CVE-2014-6835 (The Herbal Guide (aka com.pocket.herbal.guide) application 1.0 for ...)
	NOT-FOR-US: Herbal Guide (aka com.pocket.herbal.guide) application for Android
CVE-2014-6834 (The Instaroid - Instagram Viewer (aka net.muik.instaroid) application ...)
	NOT-FOR-US: Instaroid - Instagram Viewer (aka net.muik.instaroid) application for Android
CVE-2014-6833 (The AuctionTrac Dealer (aka com.adesa.dealer.phone) application 2.0.3 ...)
	NOT-FOR-US: AuctionTrac Dealer (aka com.adesa.dealer.phone) application for Android
CVE-2014-6832 (The Bersa Forum (aka com.gcspublishing.bersaforum) application 3.9.16 ...)
	NOT-FOR-US: Bersa Forum (aka com.gcspublishing.bersaforum) application for Android
CVE-2014-6831 (The Hippo Studio (aka com.appgreen.hippostudio) application 1.0 for ...)
	NOT-FOR-US: Hippo Studio (aka com.appgreen.hippostudio) application for Android
CVE-2014-6830 (The Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) ...)
	NOT-FOR-US: Covet Fashion - Shopping Game (aka com.crowdstar.covetfashion) application for Android
CVE-2014-6829 (The Hook (aka com.hook.android) application 0.9.3 for Android does not ...)
	NOT-FOR-US: Hook (aka com.hook.android) application for Android
CVE-2014-6828 (The Gulf Credit Union (aka Fi_Mobile.Gulf) application 1.1 for Android ...)
	NOT-FOR-US: Gulf Credit Union (aka Fi_Mobile.Gulf) application for Android
CVE-2014-6827 (The DK ONLINE Beta (aka com.sgmobile.dkonline) application 1.0.2 for ...)
	NOT-FOR-US: DK ONLINE Beta (aka com.sgmobile.dkonline) application for Android
CVE-2014-6826 (The Tic-Tac To The MAX FREE (aka com.tothemax) application 1.2 for ...)
	NOT-FOR-US: Tic-Tac To The MAX FREE (aka com.tothemax) application for Android
CVE-2014-6825 (The Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) ...)
	NOT-FOR-US: Teatro Franco Parenti (aka com.mintlab.mx.teatroparenti) application for Android
CVE-2014-6824 (The kamkomesan (aka com.anek.kamkomesan) application 1.0 for Android ...)
	NOT-FOR-US: kamkomesan (aka com.anek.kamkomesan) application for Android
CVE-2014-6823 (The kuailecaidengmi (aka com.licai.kuailecaidengmi) application ...)
	NOT-FOR-US: kuailecaidengmi (aka com.licai.kuailecaidengmi) application for Android
CVE-2014-6822 (The Nerdico (aka com.nerdico.danielepais) application 1.9 Stable for ...)
	NOT-FOR-US: Nerdico (aka com.nerdico.danielepais) application for Android
CVE-2014-6821 (The voetbal (aka nl.jborsje.android.voetbal.az) application 4.7.2 for ...)
	NOT-FOR-US: voetbal (aka nl.jborsje.android.voetbal.az) application for Android
CVE-2014-6820 (The Amebra Ameba (aka jp.honeytrap15.amebra) application 1.0.0 for ...)
	NOT-FOR-US: Amebra Ameba (aka jp.honeytrap15.amebra) application for Android
CVE-2014-6819 (The Lapp Group Catalogue (aka com.prinovis.LappKabel) application 1.4 ...)
	NOT-FOR-US: Lapp Group Catalogue (aka com.prinovis.LappKabel) application for Android
CVE-2014-6818 (The OHBM 20th Annual Meeting (aka ...)
	NOT-FOR-US: OHBM 20th Annual Meeting (aka com.coreapps.android.followme.ohbm2014) application for Android
CVE-2014-6817 (The Cove (aka org.covechurch.app) application 1.0.2 for Android does ...)
	NOT-FOR-US: Cove (aka org.covechurch.app) application for Android
CVE-2014-6816 (The WISDOM (aka lvtu99.com.nescmxiaoniuniu) application 2.1 for ...)
	NOT-FOR-US: WISDOM (aka lvtu99.com.nescmxiaoniuniu) application for Android
CVE-2014-6815 (The Vouch! (aka com.voucherry.voucherry) application 2.1.6 for Android ...)
	NOT-FOR-US: Vouch! (aka com.voucherry.voucherry) application for Android
CVE-2014-6814 (The Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) ...)
	NOT-FOR-US: Sentinels Randomizer (aka com.mikehipps.sentinelsrandomizer) application for Android
CVE-2014-6813 (The klassens (aka com.mcreda.klassens.apps) application 1.0 for ...)
	NOT-FOR-US: klassens (aka com.mcreda.klassens.apps) application for Android
CVE-2014-6812 (The Aloha Guide (aka com.aloha.guide.english) application 1.5 for ...)
	NOT-FOR-US: Aloha Guide (aka com.aloha.guide.english) application for Android
CVE-2014-6811
	REJECTED
CVE-2014-6810 (The RIMS 2014 Annual Conference (aka ...)
	NOT-FOR-US: RIMS 2014 Annual Conference (aka com.coreapps.android.followme.rims2014) application for Android
CVE-2014-6809
	REJECTED
CVE-2014-6808 (The Active 24 (aka com.zentity.app.active24) application 1.0.1 for ...)
	NOT-FOR-US: Active 24 (aka com.zentity.app.active24) application for Android
CVE-2014-6807 (The OLA School (aka ...)
	NOT-FOR-US: OLA School (aka com.conduit.app_00f9890a4f0145f2aae9d714e20b273a.app) application for Android
CVE-2014-6806 (The Thanodi - Setswana Translator (aka com.thanodi.thanodi) ...)
	NOT-FOR-US: Thanodi - Setswana Translator (aka com.thanodi.thanodi) application for Android
CVE-2014-6805 (The weibo (aka magic.weibo) application 1.2 for Android does not ...)
	NOT-FOR-US: weibo (aka magic.weibo) application for Android
CVE-2014-6804 (The Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) ...)
	NOT-FOR-US: Deschutes Public MobileLibrary (aka com.bredir.boopsie.deschutes) application for Android
CVE-2014-6803 (The Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application ...)
	NOT-FOR-US: Bank of Moscow EIRTS Rent (aka ru.bm.rbs.android) application for Android
CVE-2014-6802 (The First Assembly NLR (aka ...)
	NOT-FOR-US: First Assembly NLR (aka com.subsplash.thechurchapp.firstassemblynlr) application for Android
CVE-2014-6801 (The frank matano (aka com.frank.matano) application 1.0 for Android ...)
	NOT-FOR-US: frank matano (aka com.frank.matano) application for Android
CVE-2014-6800 (The Bloom Township 206 (aka net.parentlink.bloom) application 4.0.500 ...)
	NOT-FOR-US: Bloom Township 206 (aka net.parentlink.bloom) application for Android
CVE-2014-6799 (The Investigation Tool (aka gov.ca.post.lp.itool) application 1.0.0 ...)
	NOT-FOR-US: Investigation Tool (aka gov.ca.post.lp.itool) application for Android
CVE-2014-6798 (The McMaster Marauders (aka com.weever.marauders) application 1.0.1 ...)
	NOT-FOR-US: McMaster Marauders (aka com.weever.marauders) application for Android
CVE-2014-6797 (The Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application ...)
	NOT-FOR-US: Abu Ali Anasheeds (aka com.faapps.abuali_anasheeds) application for Android
CVE-2014-6796 (The LocalSense (aka com.LocalSense) application 1.2.1 for Android does ...)
	NOT-FOR-US: LocalSense (aka com.LocalSense) application for Android
CVE-2014-6795 (The Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) ...)
	NOT-FOR-US: Beekeeping Forum (aka com.tapatalk.supporttapatalkcomxxxxx) application for Android
CVE-2014-6794 (The AAPLD (aka com.bredir.boopsie.aapld) application 4.5.110 for ...)
	NOT-FOR-US: AAPLD (aka com.bredir.boopsie.aapld) application for Android
CVE-2014-6793 (The Arch Friend (aka com.xyproto.archfriend) application 0.4.2 for ...)
	NOT-FOR-US: Arch Friend (aka com.xyproto.archfriend) application for Android
CVE-2014-6792 (The Suriname Radio (aka com.wordbox.surinameRadio) application 1.5 for ...)
	NOT-FOR-US: Suriname Radio (aka com.wordbox.surinameRadio) application for Android
CVE-2014-6791 (The Angel Reigns (aka ...)
	NOT-FOR-US: Angel Reigns (aka com.conduit.app_dab60e7bd60d4f23a14b3fb7357f9dcd.app) application for Android
CVE-2014-6790 (The INVEX (aka com.mobilatolye.keyinternet) application 1.0.2 for ...)
	NOT-FOR-US: INVEX (aka com.mobilatolye.keyinternet) application for Android
CVE-2014-6789 (The Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application ...)
	NOT-FOR-US: Anaheim Library 2Go! (aka com.bredir.boopsie.anaheim) application for Android
CVE-2014-6788 (The Oman News (aka com.oman.news.rmtzlnbuooordciw) application 1.0 for ...)
	NOT-FOR-US: Oman News (aka com.oman.news.rmtzlnbuooordciw) application for Android
CVE-2014-6787 (The Counter Intuition (aka com.counter.intuition) application 1.2 for ...)
	NOT-FOR-US: Counter Intuition (aka com.counter.intuition) application for Android
CVE-2014-6786 (The Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) ...)
	NOT-FOR-US: Math for Kids - Subtraction (aka it.tinytap.attsa.deepsub) application for Android
CVE-2014-6785 (The Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) ...)
	NOT-FOR-US: Renny McLean Ministries (aka com.subsplash.thechurchapp.s_GJQX72) application for Android
CVE-2014-6784 (The Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) ...)
	NOT-FOR-US: Fermononrespiri Mobile (aka com.tapatalk.rmonlineitforums) application for Android
CVE-2014-6783 (The Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) ...)
	NOT-FOR-US: Campus Link - Campus TV HKUSU (aka com.campus.tv.hkusu) application for Android
CVE-2014-6782 (The Abraham Tours (aka com.mytoursapp.android.app432) application ...)
	NOT-FOR-US: Abraham Tours (aka com.mytoursapp.android.app432) application for Android
CVE-2014-6781 (The Aloha Stadium - Hawaii (aka com.stadium.aloha) application 1.2 for ...)
	NOT-FOR-US: Aloha Stadium - Hawaii (aka com.stadium.aloha) application for Android
CVE-2014-6780 (The MeiTalk (aka com.playjia.meitalk) application @7F060012 for ...)
	NOT-FOR-US: MeiTalk (aka com.playjia.meitalk) application for Android
CVE-2014-6779 (The Cart App (aka com.virtecha.mobilewallet) application 1.5 for ...)
	NOT-FOR-US: Cart App (aka com.virtecha.mobilewallet) application for Android
CVE-2014-6778 (The Goat Forum (aka com.gcspublishing.goatspot) application 3.9.15 for ...)
	NOT-FOR-US: Goat Forum (aka com.gcspublishing.goatspot) application for Android
CVE-2014-6777 (The blueeleph (aka eg.film.blueeleph) application 1.0 for Android does ...)
	NOT-FOR-US: blueeleph (aka eg.film.blueeleph) application for Android
CVE-2014-6776 (The United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) ...)
	NOT-FOR-US: United Advantage NW Federal Cr (aka com.myappengine.uanwfcu) application for Android
CVE-2014-6775 (The Light for Pets (aka com.helenwoodward.light4pets) application 1.0 ...)
	NOT-FOR-US: Light for Pets (aka com.helenwoodward.light4pets) application for Android
CVE-2014-6774 (The USEK (aka com.university.usek) application 1.0.8 for Android does ...)
	NOT-FOR-US: USEK (aka com.university.usek) application for Android
CVE-2014-6773 (The CIH Quiz game (aka com.bowenehs.cihquizgameapp) application 1.3 ...)
	NOT-FOR-US: CIH Quiz game (aka com.bowenehs.cihquizgameapp) application for Android
CVE-2014-6772 (The United Educational CU (aka com.metova.cuae.uecu) application ...)
	NOT-FOR-US: United Educational CU (aka com.metova.cuae.uecu) application for Android
CVE-2014-6771 (The United Heritage Mobile (aka Fi_Mobile.UHCU) application 1.1 for ...)
	NOT-FOR-US: United Heritage Mobile (aka Fi_Mobile.UHCU) application for Android
CVE-2014-6770 (The Aerospace Jobs (aka com.app_aerospacejobs.layout) application ...)
	NOT-FOR-US: Aerospace Jobs (aka com.app_aerospacejobs.layout) application for Android
CVE-2014-6769 (The Meteo Belgique (aka com.mobilesoft.belgiumweather) application 3.2 ...)
	NOT-FOR-US: Meteo Belgique (aka com.mobilesoft.belgiumweather) application for Android
CVE-2014-6768 (The Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application ...)
	NOT-FOR-US: Anywhere Anytime Yoga Workout (aka com.bayart.yoga) application for Android
CVE-2014-6767 (The Juggle! FREE (aka com.jakyl.juggleforfree) application 3.0.0 for ...)
	NOT-FOR-US: Juggle! FREE (aka com.jakyl.juggleforfree) application for Android
CVE-2014-6766 (The Afro-Beat (aka com.zero.themelock.tambourine) application 0.2 for ...)
	NOT-FOR-US: Afro-Beat (aka com.zero.themelock.tambourine) application for Android
CVE-2014-6765 (The No Fuss Home Loans (aka ...)
	NOT-FOR-US: No Fuss Home Loans (aka com.soln.SA2CAA74BBC3AFEFE7C8BE3F3AAC499E7) application for Android
CVE-2014-6764 (The Assyrian (aka com.b2.assyrian.activity) application 2.2 for ...)
	NOT-FOR-US: Assyrian (aka com.b2.assyrian.activity) application for Android
CVE-2014-6763 (The Codename Birdgame (aka ...)
	NOT-FOR-US: Codename Birdgame (aka com.devsecondfictioncom.devsecondfictioncom.birdadhoc) application for Android
CVE-2014-6762 (The bongomovie (aka com.mbwasi.bongomovie) application 1.0 for Android ...)
	NOT-FOR-US: bongomovie (aka com.mbwasi.bongomovie) application for Android
CVE-2014-6761 (The Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) ...)
	NOT-FOR-US: Aprende a Meditar (aka com.rareartifact.aprendeameditar544CB0A2) application for Android
CVE-2014-6760 (The Harem Thief Dating (aka com.haremthief.haremthief) application ...)
	NOT-FOR-US: Harem Thief Dating (aka com.haremthief.haremthief) application for Android
CVE-2014-6759 (The Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) ...)
	NOT-FOR-US: Downton Abbey Fan Portal (aka com.downton.abbey.fan.portal) application for Android
CVE-2014-6758 (The Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) ...)
	NOT-FOR-US: Qin Story (aka com.kongzhong.tjmammoth.android.cqqslengp) application for Android
CVE-2014-6757 (The Koran - AlqoranVideos (aka com.alqoran.videos.example) application ...)
	NOT-FOR-US: Koran - AlqoranVideos (aka com.alqoran.videos.example) application for Android
CVE-2014-6756 (The Reddit Aww (aka org.biais.redditawww) application 1.2.1 for ...)
	NOT-FOR-US: Reddit Aww (aka org.biais.redditawww) application for Android
CVE-2014-6755 (The SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) ...)
	NOT-FOR-US: SDN Forum (TapaTalk) (aka com.tapatalk.forumshiftdeletenet) application for Android
CVE-2014-6754 (The Vector Outage Manager (aka nz.co.vector.outagemanager) application ...)
	NOT-FOR-US: Vector Outage Manager (aka nz.co.vector.outagemanager) application for Android
CVE-2014-6753 (The sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application 2.0 ...)
	NOT-FOR-US: sunnat e rasool (aka com.imsoft.sunnat_e_rasool) application for Android
CVE-2014-6752 (The Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) ...)
	NOT-FOR-US: Mindless Behavior Fan Base (aka com.mindless.behavior.fan.base) application for Android
CVE-2014-6751 (The Grasshopper Beta (aka com.grasshopper.dialer) application 2.1 for ...)
	NOT-FOR-US: Grasshopper Beta (aka com.grasshopper.dialer) application for Android
CVE-2014-6750 (The $0.99 Kindle Books (aka com.kindle.books.for99) application 6.0 ...)
	NOT-FOR-US: $0.99 Kindle Books (aka com.kindle.books.for99) application for Android
CVE-2014-6749 (The American Nurses Association (aka com.dub.poweredbydub.assoc.ana) ...)
	NOT-FOR-US: American Nurses Association (aka com.dub.poweredbydub.assoc.ana) application for Android
CVE-2014-6748 (The GEMAIRE's HVAC Assist (aka com.es.Gemaire) application 5.0 for ...)
	NOT-FOR-US: GEMAIRE's HVAC Assist (aka com.es.Gemaire) application for Android
CVE-2014-6747 (The SeeOn (aka com.seeon) application 4.0.7 for Android does not ...)
	NOT-FOR-US: SeeOn (aka com.seeon) application for Android
CVE-2014-6746 (The Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) ...)
	NOT-FOR-US: Infiniti Roadside Assistance (aka com.ccas.rsa.common.infiniti) application for Android
CVE-2014-6745 (The Family Location (aka com.sosocome.family) application 3.4 ...)
	NOT-FOR-US: Family Location (aka com.sosocome.family) application for Android
CVE-2014-6744 (The Al-Ahsa News (aka com.alahsa.news) application 2.0 for Android ...)
	NOT-FOR-US: Al-Ahsa News (aka com.alahsa.news) application for Android
CVE-2014-6743 (The Hearsay: A Social Party Game (aka air.com.lip.per) application ...)
	NOT-FOR-US: Hearsay: A Social Party Game (aka air.com.lip.per) application for Android
CVE-2014-6742 (The All around Cyprus (aka com.cyprus.newspapers) application 2.11 for ...)
	NOT-FOR-US: All around Cyprus (aka com.cyprus.newspapers) application for Android
CVE-2014-6741 (The John MacArthur (aka com.john.macarthur) application 1.0.26 for ...)
	NOT-FOR-US: John MacArthur (aka com.john.macarthur) application for Android
CVE-2014-6740 (The XD Forum (aka com.tapatalk.xdforumcomforum) application 3.9.17 for ...)
	NOT-FOR-US: XD Forum (aka com.tapatalk.xdforumcomforum) application for Android
CVE-2014-6739 (The Well-Being Connect Mobile (aka com.healthways.wellbeinggo) ...)
	NOT-FOR-US: Well-Being Connect Mobile (aka com.healthways.wellbeinggo) application for Android
CVE-2014-6738 (The Maccabi Tel Aviv (aka com.monkeytech.maccabi) application 1.0 for ...)
	NOT-FOR-US: Maccabi Tel Aviv (aka com.monkeytech.maccabi) application for Android
CVE-2014-6737 (The Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) ...)
	NOT-FOR-US: Ultimate Target-Armored Sniper (aka air.wood.liame.ultimatetarget) application for Android
CVE-2014-6736 (The EPL Hat Trick (aka com.hat.trick.goal) application 1.0 for Android ...)
	NOT-FOR-US: EPL Hat Trick (aka com.hat.trick.goal) application for Android
CVE-2014-6735 (The imagine Next bmobile (aka ...)
	NOT-FOR-US: imagine Next bmobile (aka com.conduit.app_51c3c19581af465092327dd25591b224.app) application for Android
CVE-2014-6734 (The Wine Making (aka com.gcspublishing.winemakingtalk) application ...)
	NOT-FOR-US: Wine Making (aka com.gcspublishing.winemakingtalk) application for Android
CVE-2014-6733 (The My T-Mobile (aka at.tmobile.android.myt) application @7F0C0030 for ...)
	NOT-FOR-US: My T-Mobile (aka at.tmobile.android.myt) application for Android
CVE-2014-6732 (The Westpac Mobile Banking (aka org.westpac.bank) application 5.21 for ...)
	NOT-FOR-US: Westpac Mobile Banking (aka org.westpac.bank) application for Android
CVE-2014-6731 (The Alfa-Bank (aka ru.alfabank.mobile.android) application 5.5.1.1 for ...)
	NOT-FOR-US: Alfa-Bank (aka ru.alfabank.mobile.android) application for Android
CVE-2014-6730 (The Melodigram (aka com.minusdegree.melodigramandroid) application 1.1 ...)
	NOT-FOR-US: Melodigram (aka com.minusdegree.melodigramandroid) application for Android
CVE-2014-6729 (The Grilling with Rich (aka com.grilling.with.rich) application 1.0 ...)
	NOT-FOR-US: Grilling with Rich (aka com.grilling.with.rich) application for Android
CVE-2014-6728 (The ThinkPal (aka com.mythinkpalapp) application 1.6.3 for Android ...)
	NOT-FOR-US: ThinkPal (aka com.mythinkpalapp) application for Android
CVE-2014-6727 (The Mikeius (Official App) (aka com.automon.mikeius) application ...)
	NOT-FOR-US: Mikeius (Official App) (aka com.automon.mikeius) application for Android
CVE-2014-6726 (The 30A (aka com.app30a) application 5.26.2 for Android does not ...)
	NOT-FOR-US: 30A (aka com.app30a) application for Android
CVE-2014-6725 (The SchoolXM (aka apprentice.schoolxm) application 1.2 for Android ...)
	NOT-FOR-US: SchoolXM (aka apprentice.schoolxm) application for Android
CVE-2014-6724 (The Soap Making (aka com.tapatalk.soapmakingforumcom) application ...)
	NOT-FOR-US: Soap Making (aka com.tapatalk.soapmakingforumcom) application for Android
CVE-2014-6723 (The Comics Plus (aka com.iversecomics.comicsplus.android) application ...)
	NOT-FOR-US: Comics Plus (aka com.iversecomics.comicsplus.android) application for Android
CVE-2014-6722 (The Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) ...)
	NOT-FOR-US: Pescuit Crap Lite (aka ro.aventurilapescui.pescuitcrap.lite) application for Android
CVE-2014-6721 (The Pharmaguideline (aka com.pharmaguideline) application 1.2.0 for ...)
	NOT-FOR-US: Pharmaguideline (aka com.pharmaguideline) application for Android
CVE-2014-6720 (The Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) ...)
	NOT-FOR-US: Pesca de Carpa Lite (aka com.clearfishing.pescadecarpa.lite) application for Android
CVE-2014-6719 (The Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) ...)
	NOT-FOR-US: Kayak Angler Magazine (aka air.com.yudu.ReaderAIR1360155) application for Android
CVE-2014-6718 (The My Mobile Day (aka com.mymobileday) application 1.3 for Android ...)
	NOT-FOR-US: My Mobile Day (aka com.mymobileday) application for Android
CVE-2014-6717 (The iTriage Health (aka com.healthagen.iTriage) application 5.29 for ...)
	NOT-FOR-US: iTriage Health (aka com.healthagen.iTriage) application for Android
CVE-2014-6716 (The fastin (aka moda.azyae.fastin.net) application 1.0 for Android ...)
	NOT-FOR-US: fastin (aka moda.azyae.fastin.net) application for Android
CVE-2014-6715 (The SlotMachine (aka com.popoinnovation.SlotMachine) application 1.03 ...)
	NOT-FOR-US: SlotMachine (aka com.popoinnovation.SlotMachine) application for Android
CVE-2014-6714 (The WebMD (aka com.webmd.android) application 3.5 for Android does not ...)
	NOT-FOR-US: WebMD (aka com.webmd.android) application for Android
CVE-2014-6713 (The MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application ...)
	NOT-FOR-US: MedQuiz: Medical Chat and MCQs (aka com.pdevsmedd.med) application for Android
CVE-2014-6712 (The Airlines International (aka org.iata.IAMagazine) application 1.0 ...)
	NOT-FOR-US: Airlines International (aka org.iata.IAMagazine) application for Android
CVE-2014-6711 (The ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application ...)
	NOT-FOR-US: ABC Lounge Webradio (aka com.nobexinc.wls_66087017.rc) application for Android
CVE-2014-6710 (The Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) ...)
	NOT-FOR-US: Chifro Kids Coloring Game (aka com.chifro.kids_coloring_game) application for Android
CVE-2014-6709 (The TechRadar News (aka com.techradar.news) application 1.0 for ...)
	NOT-FOR-US: TechRadar News (aka com.techradar.news) application for Android
CVE-2014-6708 (The Sporting Club Uphoria (aka com.sportinginnovations.skc) ...)
	NOT-FOR-US: Sporting Club Uphoria (aka com.sportinginnovations.skc) application for Android
CVE-2014-6707 (The 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application ...)
	NOT-FOR-US: 7Sage LSAT Prep - Proctor (aka com.sevensage.lsat) application for Android
CVE-2014-6706 (The Embry-Riddle (aka com.dub.app.erau) application 1.4.04 for Android ...)
	NOT-FOR-US: Embry-Riddle (aka com.dub.app.erau) application for Android
CVE-2014-6705 (The Maher Zain (aka com.vanagas.app.maher_zain) application 1.1 for ...)
	NOT-FOR-US: Maher Zain (aka com.vanagas.app.maher_zain) application for Android
CVE-2014-6704 (The Utah Jazz (aka com.sportinginnovations.jazz) application 2.0.0 for ...)
	NOT-FOR-US: Utah Jazz (aka com.sportinginnovations.jazz) application for Android
CVE-2014-6703 (The phonearabs4 (aka com.phonearabs4.myapps) application 1.4 for ...)
	NOT-FOR-US: phonearabs4 (aka com.phonearabs4.myapps) application for Android
CVE-2014-6702 (The StarSat International (aka ...)
	NOT-FOR-US: StarSat International (aka com.conduit.app_b15a1814d2d840198e70e3c235af5e8b.app) application for Android
CVE-2014-6701 (The Vendormate Mobile (aka com.vendormate.mobile) application 3.0 for ...)
	NOT-FOR-US: Vendormate Mobile (aka com.vendormate.mobile) application for Android
CVE-2014-6700 (The NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) ...)
	NOT-FOR-US: NBA Game Time 2013-2014 (aka com.nbadigital.gametimelite) application for Android
CVE-2014-6699 (The Weather Channel (aka com.weather.Weather) application 5.2.0 for ...)
	NOT-FOR-US: Weather Channel (aka com.weather.Weather) application for Android
CVE-2014-6698 (The Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application 1.2.3 ...)
	NOT-FOR-US: Galaxy Online 2 (aka air.com.igg.galaxyAPhone) application for Android
CVE-2014-6697 (The Morocco Weather (aka com.mobilesoft.meteomaroc) application 3.1 ...)
	NOT-FOR-US: Morocco Weather (aka com.mobilesoft.meteomaroc) application for Android
CVE-2014-6696 (The Candy Girl Party Makeover (aka ...)
	NOT-FOR-US: Candy Girl Party Makeover (aka com.bearhugmedia.android_candygirlparty) application for Android
CVE-2014-6695 (The Wedding Photo Frames-Love Pics (aka ...)
	NOT-FOR-US: Wedding Photo Frames-Love Pics (aka com.WeddingPhotoFramesLovePics) application for Android
CVE-2014-6694 (The 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application ...)
	NOT-FOR-US: 5SOS Family Planet (aka uk.co.pixelkicks.fivesos) application for Android
CVE-2014-6693 (The Juiker (aka org.itri) application 3.2.0829.1 for Android does not ...)
	NOT-FOR-US: Juiker (aka org.itri) application for Android
CVE-2014-6692 (The Kingsoft Clip (Office Tool) (aka cn.wps.clip) application 1.5.1 ...)
	NOT-FOR-US: Kingsoft Clip (Office Tool) (aka cn.wps.clip) application for Android
CVE-2014-6691 (The UC Browser HD (aka com.uc.browser.hd) application 3.3.1.469 for ...)
	NOT-FOR-US: UC Browser HD (aka com.uc.browser.hd) application for Android
CVE-2014-6690 (The InstaMessage - Instagram Chat (aka ...)
	NOT-FOR-US: InstaMessage - Instagram Chat (aka com.futurebits.instamessage.free) application for Android
CVE-2014-6689 (The JW Cards (aka com.jingwei.card) application 3.8.0 for Android does ...)
	NOT-FOR-US: JW Cards (aka com.jingwei.card) application for Android
CVE-2014-6688 (The Voices.com (aka com.voices.voices) application 1.5 for Android ...)
	NOT-FOR-US: Voices.com (aka com.voices.voices) application for Android
CVE-2014-6687 (The wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application 0.1 ...)
	NOT-FOR-US: wSaudichannelAlNasr (aka com.wSaudichannelAlNasr) application for Android
CVE-2014-6686 (The Zoho Books - Accounting App (aka com.zoho.books) application 3.1.9 ...)
	NOT-FOR-US: Zoho Books - Accounting App (aka com.zoho.books) application for Android
CVE-2014-6685 (The Tsushima Travel Guide (aka com.netjapan.ntsushima) application 1.9 ...)
	NOT-FOR-US: Tsushima Travel Guide (aka com.netjapan.ntsushima) application for Android
CVE-2014-6684 (The MOL bringaPONT (aka hu.mol.bringapont) application 1.1 for Android ...)
	NOT-FOR-US: MOL bringaPONT (aka hu.mol.bringapont) application for Android
CVE-2014-6683 (The Open Electrical Webser (aka com.wOpenElectricalWeb) application ...)
	NOT-FOR-US: Open Electrical Webser (aka com.wOpenElectricalWeb) application for Android
CVE-2014-6682 (The w88235ff7bdc2fb574f1789750ea99ed6 (aka ...)
	NOT-FOR-US: w88235ff7bdc2fb574f1789750ea99ed6 (aka com.w88235ff7bdc2fb574f1789750ea99ed6) application for Android
CVE-2014-6681 (The Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) ...)
	NOT-FOR-US: Mahabharata Audiocast (aka com.wordbox.mahabharataAudiocast) application for Android
CVE-2014-6680 (The superheroquiz (aka com.davidhey.superheroquiz) application 1.0 for ...)
	NOT-FOR-US: superheroquiz (aka com.davidhey.superheroquiz) application for Android
CVE-2014-6679 (The wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) ...)
	NOT-FOR-US: wEPISDParentPortal (aka com.dreamstep.wEPISDParentPortal) application for Android
CVE-2014-6678 (The Algeria Radio (aka com.wordbox.algeriaRadio) application 2.5 for ...)
	NOT-FOR-US: Algeria Radio (aka com.wordbox.algeriaRadio) application for Android
CVE-2014-6677 (The Ticket Round Up (aka com.xcr.android.ticketroundupapp) application ...)
	NOT-FOR-US: Ticket Round Up (aka com.xcr.android.ticketroundupapp) application for Android
CVE-2014-6676 (The Exercitii pentru abdomen (aka ...)
	NOT-FOR-US: Exercitii pentru abdomen (aka com.rareartifact.exercitiipentruabdomen41E29322) application for Android
CVE-2014-6675 (The Ruta Exacta (aka com.rutaexacta.m) application 1.0 for Android ...)
	NOT-FOR-US: Ruta Exacta (aka com.rutaexacta.m) application for Android
CVE-2014-6674 (The Amazighmusic (aka nl.appsandroo.Amazighmusic) application 1.0 for ...)
	NOT-FOR-US: Amazighmusic (aka nl.appsandroo.Amazighmusic) application for Android
CVE-2014-6673 (The ChallengerTX (aka com.zhtiantian.ChallengerTX) application ...)
	NOT-FOR-US: ChallengerTX (aka com.zhtiantian.ChallengerTX) application for Android
CVE-2014-6672 (The Friendcaster (aka uk.co.senab.blueNotifyFree) application 5.4.5 ...)
	NOT-FOR-US: Friendcaster (aka uk.co.senab.blueNotifyFree) application for Android
CVE-2014-6671 (The World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) ...)
	NOT-FOR-US: World Cup 2014 Brazil - Xem TV (aka vn.letshare.football.worldcup) application for Android
CVE-2014-6670 (The SingaporeMotherhood Forum (aka ...)
	NOT-FOR-US: SingaporeMotherhood Forum (aka com.tapatalk.singaporemotherhoodcomforum) application for Android
CVE-2014-6669 (The Inside Crochet (aka com.magazinecloner.insidecrochet) application ...)
	NOT-FOR-US: Inside Crochet (aka com.magazinecloner.insidecrochet) application for Android
CVE-2014-6668 (The African Radios Live (aka com.nana.africanradioslive) application ...)
	NOT-FOR-US: African Radios Live (aka com.nana.africanradioslive) application for Android
CVE-2014-6667 (The racemotocross (aka com.bossappsmk.racemotocross) application 1.2 ...)
	NOT-FOR-US: racemotocross (aka com.bossappsmk.racemotocross) application for Android
CVE-2014-6666 (The Baglamukhi (aka com.wshribaglamukhiblog) application 0.1 for ...)
	NOT-FOR-US: Baglamukhi (aka com.wshribaglamukhiblog) application for Android
CVE-2014-6665 (The Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application ...)
	NOT-FOR-US: Ahmed Bukhatir Nasheeds TV (aka com.wAhmedBukhatirApp) application for Android
CVE-2014-6664 (The Latin Angels Music HD (aka com.applizards.lafreetj) application ...)
	NOT-FOR-US: Latin Angels Music HD (aka com.applizards.lafreetj) application for Android
CVE-2014-6663 (The Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) ...)
	NOT-FOR-US: Addis Gag Funny Amharic Pic (aka com.wAmharicFunnyPicture) application for Android
CVE-2014-6662 (The Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application ...)
	NOT-FOR-US: Forum Krstarice (aka com.tapatalk.forumkrstaricacom) application for Android
CVE-2014-6661 (The netease movie (aka com.netease.movie) application 4.7.2 for ...)
	NOT-FOR-US: netease movie (aka com.netease.movie) application for Android
CVE-2014-6660 (The Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application ...)
	NOT-FOR-US: Koleksi Hadis Nabi SAW (aka com.wKoleksiHadisNabiSAW) application for Android
CVE-2014-6659 (The Defence.pk (aka com.tapatalk.defencepkforums) application 2.4.13.1 ...)
	NOT-FOR-US: Defence.pk (aka com.tapatalk.defencepkforums) application for Android
CVE-2014-6658 (The Apploi Job Search- Find Jobs (aka com.apploi) application 4.19 for ...)
	NOT-FOR-US: Apploi Job Search- Find Jobs (aka com.apploi) application for Android
CVE-2014-6657 (The Leadership Newspapers (aka com.LeadershipNewspapers) application ...)
	NOT-FOR-US: Leadership Newspapers (aka com.LeadershipNewspapers) application for Android
CVE-2014-6656 (The drareym (aka com.drareym) application 0.1 for Android does not ...)
	NOT-FOR-US: drareym (aka com.drareym) application for Android
CVE-2014-6655 (The Tortoise Forum (aka org.tortoiseforum.android.forumrunner) ...)
	NOT-FOR-US: Tortoise Forum (aka org.tortoiseforum.android.forumrunner) application for Android
CVE-2014-6654 (The wTrootrooTvIzle (aka com.wTrootrooTvIzle) application 0.1 for ...)
	NOT-FOR-US: wTrootrooTvIzle (aka com.wTrootrooTvIzle) application for Android
CVE-2014-6653 (The Afghan Radio (aka com.wordbox.afghanRadio) application 2.5 for ...)
	NOT-FOR-US: Afghan Radio (aka com.wordbox.afghanRadio) application for Android
CVE-2014-6652 (The Wizaz Forum (aka com.tapatalk.wizazplforum) application 3.6.4 for ...)
	NOT-FOR-US: Wizaz Forum (aka com.tapatalk.wizazplforum) application for Android
CVE-2014-6651 (The Planet of the Vapes Forum (aka ...)
	NOT-FOR-US: Planet of the Vapes Forum (aka com.tapatalk.planetofthevapescoukforums) application for Android
CVE-2014-6650 (The NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) ...)
	NOT-FOR-US: NextGenUpdate (aka com.tapatalk.nextgenupdatecomforums) application for Android
CVE-2014-6649 (The MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) ...)
	NOT-FOR-US: MyBroadband Tapatalk (aka com.tapatalk.mybroadbandcozavb) application for Android
CVE-2014-6648 (The iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application 3.3.20 ...)
	NOT-FOR-US: iPhone4.TW (aka com.tapatalk.iPhone4TWforums) application for Android
CVE-2014-6647 (The ElForro.com (aka com.tapatalk.elforrocom) application 2.4.3.10 for ...)
	NOT-FOR-US: ElForro.com (aka com.tapatalk.elforrocom) application for Android
CVE-2014-6646 (The bellyhoodcom (aka com.tapatalk.bellyhoodcom) application 3.4.23 ...)
	NOT-FOR-US: bellyhoodcom (aka com.tapatalk.bellyhoodcom) application for Android
CVE-2014-6645 (The Batch library for Android does not verify X.509 certificates from ...)
	NOT-FOR-US: Batch library for Android
CVE-2014-6644
	REJECTED
CVE-2014-6643 (The FIAT Forum (aka com.tapatalk.fiatforumcom) application 3.8.41 for ...)
	NOT-FOR-US: FIAT Forum (aka com.tapatalk.fiatforumcom) application for Android
CVE-2014-6642 (The Mark's Daily Apple Forum (aka ...)
	NOT-FOR-US: Mark's Daily Apple Forum (aka com.tapatalk.marksdailyapplecomforum) application for Android
CVE-2014-6641 (The Homesteading Today (aka com.tapatalk.homesteadingtodaycom) ...)
	NOT-FOR-US: Homesteading Today (aka com.tapatalk.homesteadingtodaycom) application for Android
CVE-2014-6640 (The DNB Trade (aka lt.dnb.mobiletrade) application 1 for Android does ...)
	NOT-FOR-US: DNB Trade (aka lt.dnb.mobiletrade) application for Android
CVE-2014-6639 (The TIO MobilePay - Bill Payments (aka ...)
	NOT-FOR-US: TIO MobilePay - Bill Payments (aka com.tionetworks.mobile.android.tioclient) application for Android
CVE-2014-6638 (The wTMDesktop (aka com.wTMDesktop) application 1 for Android does not ...)
	NOT-FOR-US: wTMDesktop (aka com.wTMDesktop) application for Android
CVE-2014-6637 (The Facebook Facts (aka com.wFacebookFacts) application 0.1 for ...)
	NOT-FOR-US: Facebook Facts (aka com.wFacebookFacts) application for Android
CVE-2014-6636 (The LG Telepresence (aka com.rsupport.rtc.lge) application 2.0.12 ...)
	NOT-FOR-US: LG Telepresence (aka com.rsupport.rtc.lge) application for Android
CVE-2014-6635 (Cross-site scripting (XSS) vulnerability in Exponent CMS 2.3.0 allows ...)
	NOT-FOR-US: Exponent CMS
CVE-2014-6634
	RESERVED
CVE-2014-6633 (The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x ...)
	{DSA-3043-1 DLA-70-1}
	- tryton-server 3.2.3-1
	NOTE: https://bugs.tryton.org/issue4155
CVE-2014-6632 (Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 ...)
	NOT-FOR-US: Joomla
CVE-2014-6631 (Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x ...)
	NOT-FOR-US: Joomla
CVE-2014-6630
	RESERVED
CVE-2014-6629
	RESERVED
CVE-2014-6628 (Aruba Networks ClearPass Policy Manager (CPPM) before 6.5.0 allows ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6627 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6626 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6625 (The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6624 (The Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6623 (Cross-site request forgery (CSRF) vulnerability in the Insight module ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6622 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6621 (Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6620 (Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-6619 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PizzaInn_Project Restaurant Script
CVE-2014-6618 (Cross-site scripting (XSS) vulnerability in Your Online Shop allows ...)
	NOT-FOR-US: Your Online Shop
CVE-2014-6617 (Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 ...)
	NOT-FOR-US: Softing FG-100
CVE-2014-6616 (Cross-site scripting (XSS) vulnerability in Softing FG-100 PROFIBUS ...)
	NOT-FOR-US: Softing FG-100
CVE-2014-6615
	RESERVED
CVE-2014-6614
	RESERVED
CVE-2014-6613
	RESERVED
CVE-2014-6612
	RESERVED
CVE-2014-6611 (The BlackBerry World app before 5.0.0.262 on BlackBerry 10 OS 10.2.0, ...)
	NOT-FOR-US: BlackBerry
CVE-2014-6609 (The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 ...)
	- asterisk <not-affected> (only affects 12.x series)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-009.html
CVE-2014-6608
	RESERVED
CVE-2014-6606
	RESERVED
CVE-2014-6605
	RESERVED
CVE-2014-6604 (Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in ...)
	NOT-FOR-US: Subscribe2 plugin for WordPress
CVE-2014-6603 (The SSHParseBanner function in SSH parser (app-layer-ssh.c) in ...)
	[squeeze] - suricata <not-affected> (Vulnerable code not yet present)
	[wheezy] - suricata <not-affected> (Vulnerable code not yet present)
	- suricata 2.0.4-1 (bug #762828)
CVE-2014-6602 (Microsoft Asha OS on the Microsoft Mobile Nokia Asha 501 phone 14.0.4 ...)
	NOT-FOR-US: Microsoft Asha OS
CVE-2012-6659 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
	NOT-FOR-US: Phorum
CVE-2014-7144 (OpenStack keystonemiddleware (formerly python-keystoneclient) 0.x ...)
	- python-keystonemiddleware 1.0.0-3 (bug #762748)
	- python-keystoneclient 1:0.10.1-2 (bug #762749)
	[wheezy] - python-keystoneclient <no-dsa> (Minor issue)
CVE-2014-7143 [twisted: trustRoot not respected in HTTP client]
	RESERVED
	- twisted 14.0.2-1 (bug #761983)
	[wheezy] - twisted <not-affected> (Only affects 14.0 series)
	[squeeze] - twisted <not-affected> (Only affects 14.0 series)
CVE-2014-6610 (Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and ...)
	{DLA-455-1}
	- asterisk 1:11.12.1~dfsg-1 (medium; bug #762164)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010.html
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-010-11.diff applies on 1:1.8.13.1~dfsg1-3+deb7u3
	NOTE: Squeeze version doesn't have res/res_fax_spandsp.c with the problem.
CVE-2014-6607 (M/Monit 3.3.2 and earlier does not verify the original password before ...)
	NOT-FOR-US: M/Monit
CVE-2014-6601 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2014-6600 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6599 (Unspecified vulnerability in the Siebel Core - Common Components ...)
	NOT-FOR-US: Oracle
CVE-2014-6598 (Unspecified vulnerability in the Oracle Communications Diameter ...)
	NOT-FOR-US: Oracle
CVE-2014-6597 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2014-6596 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2014-6595 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6594 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle iLearning
CVE-2014-6593 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2014-6592 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6591 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
	- icu 52.1-7 (bug #775884)
CVE-2014-6590 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6589 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6588 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.18-dfsg-2 (bug #775888)
	[wheezy] - virtualbox <not-affected> (Introduced in 4.3)
	- virtualbox-ose <not-affected> (Introduced in 4.3)
CVE-2014-6587 (Unspecified vulnerability in Oracle Java SE 6u85, 7u72, and 8u25 ...)
	{DSA-3147-1 DSA-3144-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
CVE-2014-6586 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle
CVE-2014-6585 (Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and ...)
	{DSA-3187-1 DSA-3147-1 DSA-3144-1 DLA-219-1 DLA-157-1}
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b22-1
	- icu 52.1-7.1 (bug #776264)
CVE-2014-6584 (Unspecified vulnerability in the Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle Sun Systems Products Suite ILOM
CVE-2014-6583 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6582 (Unspecified vulnerability in the Oracle HCM Configuration Workbench ...)
	NOT-FOR-US: Oracle
CVE-2014-6581 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2014-6580 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle
CVE-2014-6579 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2014-6578 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6577 (Unspecified vulnerability in the XML Developer's Kit for C component ...)
	NOT-FOR-US: Oracle
CVE-2014-6576 (Unspecified vulnerability in the Oracle Adaptive Access Manager ...)
	NOT-FOR-US: Oracle
CVE-2014-6575 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6574 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
	NOT-FOR-US: Oracle
CVE-2014-6573 (Unspecified vulnerability in the Enterprise Manager Ops Center ...)
	NOT-FOR-US: Oracle
CVE-2014-6572 (Unspecified vulnerability in the Oracle Customer Interaction History ...)
	NOT-FOR-US: Oracle
CVE-2014-6571 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-6570 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-6569 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-6568 (Unspecified vulnerability in Oracle MySQL Server 5.5.40 and earlier, ...)
	{DSA-3135-1}
	- mysql-5.5 5.5.42-1 (bug #775881)
	- mariadb-10.0 10.0.16-1 (bug #775882)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html#AppendixMSQL
CVE-2014-6567 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6566 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2014-6565 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle
CVE-2014-6564 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
CVE-2014-6563 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6562 (Unspecified vulnerability in Oracle Java SE 8u20 allows remote ...)
	- openjdk-8 8u40~b09-1
CVE-2014-6561 (Unspecified vulnerability in the Oracle Payments component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6560 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6559 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6558 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6557 (Unspecified vulnerability in the Application Performance Management ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2014-6556 (Unspecified vulnerability in the Oracle Applications DBA component in ...)
	NOT-FOR-US: Oracle
CVE-2014-6555 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6554 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6553 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6552 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6551 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6550 (Unspecified vulnerability in the Oracle Applications Object Library ...)
	NOT-FOR-US: Oracle
CVE-2014-6549 (Unspecified vulnerability in Oracle Java SE 8u25 allows remote ...)
	- openjdk-8 8u40~b22-1
CVE-2014-6548 (Unspecified vulnerability in the Oracle SOA Suite component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6547 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6546 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6545 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6544 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6543 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6542 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6541 (Unspecified vulnerability in the Recovery component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2014-6540 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox-guest-additions <removed>
	- virtualbox-guest-additions-iso 4.3.14-1
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2014-6539 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6538 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6537 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6536 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6535 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6534 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6533 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6532 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6531 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6530 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6529 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6528 (Unspecified vulnerability in the Siebel Core - System Management ...)
	NOT-FOR-US: Oracle
CVE-2014-6527 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6526 (Unspecified vulnerability in the Oracle Directory Server Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2014-6525 (Unspecified vulnerability in the Oracle Web Applications Desktop ...)
	NOT-FOR-US: Oracle
CVE-2014-6524 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6523 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6521 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6520 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mysql-5.1 <not-affected> (Only affects 5.5 series)
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6519 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20, and Java SE ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6518 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6517 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20; Java ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6516 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2014-6515 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6514 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2014-6513 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, and ...)
	- openjdk-6 <not-affected> (Windows-specific)
	- openjdk-7 <not-affected> (Windows-specific)
	- openjdk-8 <not-affected> (Windows-specific)
CVE-2014-6512 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
	NOTE: Upstream OpenJDK commit: http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/0798607dd425
CVE-2014-6511 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6510 (Unspecified vulnerability in Oracle Solaris 11 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6509 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6508 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows ...)
	NOT-FOR-US: Oracle Sun Solaris 10 and 11
CVE-2014-6507 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6506 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6505 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6504 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, and 7u67, ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6503 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6502 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6501 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6500 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6499 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6498 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6497 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6496 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6495 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6494 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6493 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6492 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6491 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed> (bug #770229)
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6490 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6489 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
	- mysql-5.5 <not-affected> (Only MySQL 5.6)
	- mysql-5.1 <not-affected> (Only MySQL 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
CVE-2014-6488 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control EM Base Plattform
CVE-2014-6487 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6486 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6485 (Unspecified vulnerability in Oracle Java SE 8u20 and JavaFX 2.2.65 ...)
	- openjdk-8 8u40~b09-1
CVE-2014-6484 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6483 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6482 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6481 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-6480 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-6479 (Unspecified vulnerability in the Oracle Applications Technology ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6478 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier, ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
	- cyassl <removed>
	- wolfssl <not-affected> (WolfSSL not affected)
CVE-2014-6477 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2014-6476 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6475 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6474 (Unspecified vulnerability in Oracle MySQL Server 5.6.19 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
CVE-2014-6473 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris 10 and 11
CVE-2014-6472 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6471 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-6470 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-6469 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6468 (Unspecified vulnerability in Oracle Java SE 8u20 allows local users to ...)
	- openjdk-8 8u40~b09-1
CVE-2014-6467 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6466 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20, when ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6465 (Unspecified vulnerability in the Oracle Communications Session Border ...)
	NOT-FOR-US: Oracle Communications Applications
CVE-2014-6464 (Unspecified vulnerability in Oracle MySQL Server 5.5.39 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.40-1
	- mariadb-5.5 <removed>
	- mariadb-10.0 10.0.15-1
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6463 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-6462 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-6461 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-6460 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-6459 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-6458 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6457 (Unspecified vulnerability in Oracle Java SE 5.0u71, 6u81, 7u67, and ...)
	{DSA-3080-1 DSA-3077-1 DLA-96-1}
	- openjdk-6 6b33-1.13.5-1
	- openjdk-7 7u71-2.5.3-1
	- openjdk-8 8u40~b09-1
CVE-2014-6456 (Unspecified vulnerability in Oracle Java SE 7u67 and 8u20 allows ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-6455 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6454 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6453 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6452 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-6451 (J-Web in Juniper vSRX virtual firewalls with Junos OS before ...)
	NOT-FOR-US: Juniper
CVE-2014-6450 (Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2014-6449 (Juniper Junos OS before 12.1X44-D50, 12.1X46 before 12.1X46-D35, ...)
	NOT-FOR-US: Juniper Junos OS
CVE-2014-6448
	RESERVED
CVE-2014-6447
	RESERVED
CVE-2014-6446 (The Infusionsoft Gravity Forms plugin 1.5.3 through 1.5.10 for ...)
	NOT-FOR-US: WordPress plugin Infusionsoft Gravity Forms
CVE-2014-6445 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin Contact Form 7 Integrations
CVE-2014-6444 (Multiple cross-site scripting (XSS) vulnerabilities in the Titan ...)
	NOT-FOR-US: Titan Framework plugin for WordPress
CVE-2014-6443
	RESERVED
CVE-2014-6442
	RESERVED
CVE-2014-6441
	RESERVED
CVE-2014-6440 (VideoLAN VLC media player before 2.1.5 allows remote attackers to ...)
	- vlc 2.1.5-1 (low)
	[wheezy] - vlc <not-affected> (Introduced in 2.1)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-6439 (Cross-site scripting (XSS) vulnerability in the CORS functionality in ...)
	- elasticsearch 1.0.3+dfsg-4 (bug #763958; low)
CVE-2014-6438 (The URI.decode_www_form_component method in Ruby before 1.9.2-p330 ...)
	{DLA-275-1}
	- ruby1.9.1 1.9.3.0-1
	- ruby1.8 <not-affected> (Vulnerable code not present)
	NOTE: https://www.ruby-lang.org/en/news/2014/08/19/ruby-1-9-2-p330-released/
	NOTE: https://github.com/ruby/www.ruby-lang.org/issues/817
	NOTE: https://github.com/ruby/ruby/commit/5082e91876502a2f3dde862406a0efe9f85afcdb
	NOTE: https://github.com/ruby/ruby/commit/7b9354af8805c02ed968765abe300162e0fcc943
	NOTE: CVE assignment is specific to ruby 1.9.x series?
CVE-2014-6437 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow ...)
	NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6436 (Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly ...)
	NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6435 (cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and ...)
	NOT-FOR-US: Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices
CVE-2014-6434 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: GoPro
CVE-2014-6433 (gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: GoPro
CVE-2014-6420
	RESERVED
CVE-2014-6419
	RESERVED
CVE-2014-6415
	RESERVED
CVE-2014-6413
	RESERVED
CVE-2014-6412 (WordPress before 4.4 makes it easier for remote attackers to predict ...)
	- wordpress <not-affected> (Affects only Wordpress on Windows systems)
CVE-2014-6411
	RESERVED
CVE-2014-6409 (Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and ...)
	NOT-FOR-US: M/Monit
CVE-2014-6408 (Docker 1.3.0 through 1.3.1 allows remote attackers to modify the ...)
	- docker.io 1.3.2~dfsg1-1
CVE-2014-6407 (Docker before 1.3.2 allows remote attackers to write to arbitrary ...)
	- docker.io 1.3.2~dfsg1-1
CVE-2014-6406
	RESERVED
CVE-2014-6405
	RESERVED
CVE-2014-6404
	RESERVED
CVE-2014-6403
	RESERVED
CVE-2014-6402
	RESERVED
CVE-2014-6401
	RESERVED
CVE-2014-6400
	RESERVED
CVE-2014-6399
	RESERVED
CVE-2014-6398
	RESERVED
CVE-2014-6397
	RESERVED
CVE-2014-6396 (The dissector_postgresql function in dissectors/ec_postgresql.c in ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-6395 (Heap-based buffer overflow in the dissector_postgresql function in ...)
	- ettercap 1:0.8.1-3 (bug #773416)
	[squeeze] - ettercap <not-affected> (Vulnerable code not present according to upstream author in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773416#20)
CVE-2014-6394 (visionmedia send before 0.8.4 for Node.js uses a partial comparison ...)
	- node-send 0.9.4-1
	NOTE: https://nodesecurity.io/advisories/send-directory-traversal
CVE-2014-6393 (The Express web framework before 3.11 and 4.x before 4.5 for Node.js ...)
	- node-express <unfixed> (unimportant)
	NOTE: libv8 is not covered by security support
CVE-2014-6392 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Facebook app and Facebook Messenger app for iOS
CVE-2014-6391
	RESERVED
CVE-2014-6390
	RESERVED
CVE-2014-6389 (backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers ...)
	NOT-FOR-US: PhpCompta
CVE-2014-6388
	REJECTED
CVE-2013-7403
	RESERVED
	NOT-FOR-US: WordPress plugin wp-video-commando
CVE-2012-6658 (Multiple cross-site scripting (XSS) vulnerabilities in SpiceWorks ...)
	NOT-FOR-US: SpiceWorks
CVE-2014-7145 (The SMB2_tcon function in fs/cifs/smb2pdu.c in the Linux kernel before ...)
	- linux 3.16.3-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
	NOTE: upstream fix: https://github.com/torvalds/linux/commit/18f39e7be0121317550d03e267e3ebd4dbfbb3ce (v3.17-rc2)
CVE-2014-6432 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6431 (Buffer overflow in the SnifferDecompress function in ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6430 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6429 (The SnifferDecompress function in wiretap/ngsniffer.c in the DOS ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-19.html
CVE-2014-6428 (The dissect_spdu function in epan/dissectors/packet-ses.c in the SES ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-18.html
CVE-2014-6427 (Off-by-one error in the is_rtsp_request_or_reply function in ...)
	{DSA-3049-1}
	- wireshark 1.12.1+g01b65bf-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-17.html
CVE-2014-6426 (The dissect_hip_tlv function in epan/dissectors/packet-hip.c in the ...)
	- wireshark 1.12.1+g01b65bf-1
	[wheezy] - wireshark <not-affected> (Only applies to 1.12.x)
	[squeeze] - wireshark <not-affected> (Only applies to 1.12.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-16.html
CVE-2014-6425 (The (1) get_quoted_string and (2) get_unquoted_string functions in ...)
	- wireshark 1.12.1+g01b65bf-1
	[wheezy] - wireshark <not-affected> (Only applies to 1.12.x)
	[squeeze] - wireshark <not-affected> (Only applies to 1.12.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-15.html
CVE-2014-6424 (The dissect_v9_v10_pdu_data function in ...)
	{DSA-3049-1}
	- wireshark 1.12.1+g01b65bf-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-14.html
CVE-2014-6423 (The tvb_raw_text_add function in epan/dissectors/packet-megaco.c in ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.1+g01b65bf-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-13.html
CVE-2014-6422 (The SDP dissector in Wireshark 1.10.x before 1.10.10 creates duplicate ...)
	{DSA-3049-1 DLA-198-1}
	- wireshark 1.12.0+git+4fab41a1-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=04c05a21e34cec326f1aff2f5f8a6e74e1ced984 (v1.11.3)
CVE-2014-6421 (Use-after-free vulnerability in the SDP dissector in Wireshark 1.10.x ...)
	- wireshark 1.12.0~rc1-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2014-12.html
	NOTE: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commitdiff;h=81c4eee84b6ee19fd27929856fa1465b1af148c6 (v1.10.10)
CVE-2014-6418 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...)
	- linux 3.16.3-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
	NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6417 (net/ceph/auth_x.c in Ceph, as used in the Linux kernel before 3.16.3, ...)
	- linux 3.16.3-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
	NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6416 (Buffer overflow in net/ceph/auth_x.c in Ceph, as used in the Linux ...)
	- linux 3.16.3-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c27a3e4d667fdcad3db7b104f75659478e0c68d8 (v3.17-rc5)
	NOTE: http://tracker.ceph.com/issues/8979
CVE-2014-6414 (OpenStack Neutron before 2014.2.4 and 2014.1 before 2014.1.2 allows ...)
	- neutron 2014.1.3-1
	NOTE: vulnerable versions up to 2013.2.4 and 2014.1 versions up to 2014.1.2
CVE-2014-6410 (The __udf_read_inode function in fs/udf/inode.c in the Linux kernel ...)
	{DLA-118-1}
	- linux 3.16.5-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c03aa9f6e1f938618e6db2e23afef0574efeeb65 (v3.17-rc5)
CVE-2012-6657 (The sock_setsockopt function in net/core/sock.c in the Linux kernel ...)
	{DLA-103-1}
	- linux 3.6.4-1
	[wheezy] - linux 3.2.32-1
	- linux-2.6 <removed>
	NOTE: Upstream fix: https://git.kernel.org/linus/3e10986d1d698140747fcfc2761ec9cb64c1d582 (v3.6)
CVE-2014-6386 (Juniper Junos 11.4 before 11.4R8, 12.1X44 before 12.1X44-D35, 12.1X45 ...)
	NOT-FOR-US: Juniper
CVE-2014-6385 (Juniper Junos 11.4 before 11.4R13, 12.1X44 before 12.1X44-D45, 12.1X46 ...)
	NOT-FOR-US: Juniper
CVE-2014-6384 (Juniper Junos 12.1X44 before 12.1X44-D45, 12.1X46 before 12.1X46-D25, ...)
	NOT-FOR-US: Juniper
CVE-2014-6383 (The stateless firewall in Juniper Junos 13.3R3, 14.1R1, and 14.1R2, ...)
	NOT-FOR-US: Juniper
CVE-2014-6382 (The Juniper MX Series routers with Junos 13.3R3 through 13.3Rx before ...)
	NOT-FOR-US: Juniper
CVE-2014-6381 (Juniper WLC devices with WLAN Software releases 8.0.x before 8.0.4, ...)
	NOT-FOR-US: Juniper
CVE-2014-6380 (Juniper Junos 11.4 before R11, 12.1 before R9, 12.1X44 before D30, ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6379 (Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6378 (Juniper Junos 11.4 before R12-S4, 12.1X44 before D35, 12.1X45 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6377 (Juniper JunosE before 13.3.3p0-1, 14.x before 14.3.2, and 15.x before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-6376 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6375 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6374 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6373 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6372
	REJECTED
CVE-2014-6371
	REJECTED
CVE-2014-6370
	REJECTED
CVE-2014-6369 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6368 (Microsoft Internet Explorer 11 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6367
	REJECTED
CVE-2014-6366 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6365 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6364 (Use-after-free vulnerability in Microsoft Office 2007 SP3; 2010 SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6363 (vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6362 (Use-after-free vulnerability in Microsoft Office 2007 SP3, 2010 SP2, ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6361 (Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 Gold and SP1, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2014-6360 (Microsoft Excel 2007 SP3, Excel 2010 SP2, and Office Compatibility ...)
	NOT-FOR-US: Microsoft Excel
CVE-2014-6359
	REJECTED
CVE-2014-6358
	REJECTED
CVE-2014-6357 (Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6356 (Array index error in Microsoft Word 2007 SP3, Word 2010 SP2, and ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-6355 (The Graphics Component in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsft Windows
CVE-2014-6354 (Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6353 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2014-6352 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2014-6351 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2014-6350 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft
CVE-2014-6349 (Microsoft Internet Explorer 10 and 11 allows remote attackers to gain ...)
	NOT-FOR-US: Microsoft
CVE-2014-6348 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-6347 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6346 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6345 (Microsoft Internet Explorer 9 and 10 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6344 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6343 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6342 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6341 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6340 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6339 (Microsoft Internet Explorer 8 and 9 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6338
	REJECTED
CVE-2014-6337 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6336 (Outlook Web App (OWA) in Microsoft Exchange Server 2013 SP1 and ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6335 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-6334 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft
CVE-2014-6333 (Microsoft Word 2007 SP3, Word Viewer, and Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft
CVE-2014-6332 (OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2014-6331 (Microsoft Active Directory Federation Services (AD FS) 2.0, 2.1, and ...)
	NOT-FOR-US: Microsoft
CVE-2014-6330 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6329 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6328 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6327 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6326 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6325 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6324 (The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-6323 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-6322 (The Windows Audio service in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2014-6321 (Schannel in Microsoft Windows Server 2003 SP2, Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2014-6320
	REJECTED
CVE-2014-6319 (Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2014-6318 (The audit logon feature in Remote Desktop Protocol (RDP) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2014-6317 (Array index error in win32k.sys in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft
CVE-2014-6316 (core/string_api.php in MantisBT before 1.2.18 does not properly ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://github.com/mantisbt/mantisbt/commit/e66ecc9f
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17648
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17362
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17698
	NOTE: https://www.mantisbt.org/bugs/view.php?id=17811
CVE-2014-6315 (Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado ...)
	NOT-FOR-US: WordPress plugin Photo Gallery
CVE-2014-6314
	RESERVED
CVE-2014-6313 (Cross-site scripting (XSS) vulnerability in the WooCommerce plugin ...)
	NOT-FOR-US: WordPress plugin WooCommerce
CVE-2014-6312 (Cross-site request forgery (CSRF) vulnerability in the Login Widget ...)
	NOT-FOR-US: Login Widget With Shortcode (login-sidebar-widget) plugin for WordPress
CVE-2014-6309 (The HTTP and WebSocket engine components in the server in Kaazing ...)
	NOT-FOR-US: Kaazing Gateway
CVE-2014-6308 (Directory traversal vulnerability in OSClass before 3.4.2 allows ...)
	NOT-FOR-US: OsClass
CVE-2014-6307
	RESERVED
CVE-2014-6306
	RESERVED
CVE-2014-6305
	RESERVED
CVE-2014-6304 (The Form Controls CSS file in PNMsoft Sequence Kinetics before 7.7 ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6303 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6302 (The Monitoring Administration pages in PNMsoft Sequence Kinetics ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: PNMsoft
CVE-2014-6300 (Cross-site scripting (XSS) vulnerability in the micro history ...)
	- phpmyadmin 4:4.2.8.1-1
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-10.php
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-6299 (Cross-site request forgery (CSRF) vulnerability in the mm_forum ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6298 (Unrestricted file upload vulnerability in the mm_forum extension ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6297 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6296 (Cross-site scripting (XSS) vulnerability in the WEC Map (wec_map) ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6295 (SQL injection vulnerability in the WEC Map (wec_map) extension before ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6294 (Cross-site scripting (XSS) vulnerability in the External links click ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6293 (SQL injection vulnerability in the Statistics (ke_stats) extension ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6292 (The femanager extension before 1.0.9 for TYPO3 allows remote frontend ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6291 (Cross-site scripting (XSS) vulnerability in the Alphabetic Sitemap ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6290 (The News (tt_news) extension before 3.5.2 for TYPO3 allows remote ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6289 (The Ajax dispatcher for Extbase in the Yet Another Gallery (yag) ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6288 (The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers ...)
	NOT-FOR-US: Typo3 extension
CVE-2014-6287 (The findMacroMarker function in parserLib.pas in Rejetto HTTP File ...)
	NOT-FOR-US: Rejetto HTTP File Server
CVE-2014-6286
	RESERVED
CVE-2014-6285
	RESERVED
CVE-2014-6284 (SAP Adaptive Server Enterprise (ASE) before 15.7 SP132 and 16.0 before ...)
	NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6283 (SAP Adaptive Server Enterprise (ASE) 15.7 before SP122 or SP63, 15.5 ...)
	NOT-FOR-US: SAP Adaptive Server Enterprise
CVE-2014-6282
	RESERVED
CVE-2014-6281
	RESERVED
CVE-2014-6280 (Multiple cross-site scripting (XSS) vulnerabilities in OSClass before ...)
	NOT-FOR-US: OsClass
CVE-2014-6279
	RESERVED
CVE-2014-6278 (GNU Bash through 4.3 bash43-026 does not properly parse function ...)
	- bash 4.3-9.2 (high)
	[wheezy] - bash 4.2+dfsg-0.1+deb7u3 (high)
	[squeeze] - bash 4.1-3+deb6u2 (high)
	NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents
	NOTE: exploitation of this issue by making bash only use environment variables
	NOTE: with specific names (BASH_FUNC_*()) to define functions from its
	NOTE: environment.
CVE-2014-6277 (GNU Bash through 4.3 bash43-026 does not properly parse function ...)
	- bash 4.3-9.2
	[wheezy] - bash 4.2+dfsg-0.1+deb7u3
	[squeeze] - bash 4.1-3+deb6u2
	NOTE: Florian Weimer's variables-affix.patch patch applied in Debian prevents
	NOTE: exploitation of this issue by making bash only use environment variables
	NOTE: with specific names (BASH_FUNC_*()) to define functions from its
	NOTE: environment.
CVE-2014-6276 (schema.py in Roundup before 1.5.1 does not properly limit attributes ...)
	{DSA-3502-1}
	- roundup <removed> (bug #816780)
	NOTE: http://hg.code.sf.net/p/roundup/code/rev/a403c29ffaf9
CVE-2014-6275
	RESERVED
	- fusionforge 5.3.2-1
	[squeeze] - fusionforge <end-of-life> (Not supported in Squeeze LTS)
	NOTE: https://lists.fusionforge.org/pipermail/fusionforge-general/2014-September/002824.html
CVE-2014-6274 [S3 and Glacier remotes creds embedded in the git repo were not encrypted]
	RESERVED
	- git-annex 5.20140919
	[wheezy] - git-annex <not-affected> (Vulnerable code introduced in 3.20121126)
	NOTE: https://git-annex.branchable.com/upgrades/insecure_embedded_creds/
CVE-2014-6273 (Buffer overflow in the HTTP transport code in apt-get in APT 1.0.1 and ...)
	{DSA-3031-1 DLA-58-1}
	- apt 1.0.3
CVE-2014-6272 (Multiple integer overflows in the evbuffer API in Libevent 1.4.x ...)
	{DSA-3119-1 DLA-137-1}
	- libevent 2.0.21-stable-2 (bug #774645)
CVE-2014-6271 (GNU Bash through 4.3 processes trailing strings after function ...)
	{DSA-3032-1 DLA-59-1}
	- bash 4.3-9.1
CVE-2014-6267
	RESERVED
CVE-2014-6266
	RESERVED
CVE-2014-6265
	RESERVED
CVE-2014-6264
	RESERVED
CVE-2014-6263
	RESERVED
CVE-2014-6262
	RESERVED
CVE-2014-6261 (Zenoss Core through 5 Beta 3 does not properly implement the Check For ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6260 (Zenoss Core through 5 Beta 3 does not require a password for modifying ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6259 (Zenoss Core through 5 Beta 3 does not properly detect recursion during ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6258 (An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6257 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6256 (Zenoss Core through 5 Beta 3 allows remote attackers to bypass ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6255 (Open redirect vulnerability in the login form in Zenoss Core before ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6254 (Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core ...)
	- zenoss <itp> (bug #361253)
CVE-2014-6253 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...)
	- zenoss <itp> (bug #361253)
CVE-2013-7400 (The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows ...)
	NOT-FOR-US: TYPO3 extension direct_mail
CVE-2014-6387 (gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to ...)
	{DSA-3120-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17640
	NOTE: http://github.com/mantisbt/mantisbt/commit/215968fa8 (1.2.x branch)
	NOTE: http://github.com/mantisbt/mantisbt/commit/fc02c46ee (master branch)
CVE-2014-XXXX [install-sh: insecure use of /tmp]
	- automake1.11 1:1.11.6-4 (unimportant; bug #827346)
	- automake-1.14 <removed> (unimportant; bug #827347)
	[jessie] - automake-1.14 1:1.14.1-4+deb8u1
	- automake-1.15 1:1.15-3 (unimportant; bug #760455)
	NOTE: http://seclists.org/oss-sec/2014/q3/588
	NOTE: Neutralised by kernel hardening
CVE-2014-6252 (Buffer overflow in disp+work.exe 7000.52.12.34966 and ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-6311 [/tmp file vulnerability in generate_doxygen.pl]
	RESERVED
	- ace 6.2.7+dfsg-2 (unimportant; bug #760709)
	NOTE: Not installed into the binary packages
CVE-2014-6310
	RESERVED
	- chicken <not-affected> (Affects only CHICKEN Scheme on the Android platform)
CVE-2014-6270 (Off-by-one error in the snmpHandleUdp function in snmp_core.cc in ...)
	- squid <removed> (unimportant)
	NOTE: SNMP not built in squid 2
	- squid3 3.4.8-1 (low; bug #761002)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=895773
	NOTE: Upstream commits: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13574
	NOTE: http://bazaar.launchpad.net/~squid/squid/trunk/revision/13582
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_3.txt
CVE-2014-7142 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...)
	- squid <removed>
	[squeeze] - squid <no-dsa> (Minor issue)
	[wheezy] - squid <no-dsa> (Minor issue)
	- squid3 3.4.8-1 (bug #760999)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
CVE-2014-7141 (The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain ...)
	- squid <removed>
	[squeeze] - squid <no-dsa> (Minor issue)
	[wheezy] - squid <no-dsa> (Minor issue)
	- squid3 3.4.8-1 (bug #760999)
	[squeeze] - squid3 <no-dsa> (Minor issue)
	[wheezy] - squid3 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=891268
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_4.txt
CVE-2014-6268 (The evtchn_fifo_set_pending function in Xen 4.4.x allows local guest ...)
	- xen 4.4.1-3
	[wheezy] - xen <not-affected> (Affects only Xen 4.4 onwards)
	[squeeze] - xen <not-affected> (Affects only Xen 4.4 onwards)
CVE-2014-6251 (Stack-based buffer overflow in CPUMiner before 2.4.1 allows remote ...)
	NOT-FOR-US: CPUMiner, related to cgminer according to #773624
CVE-2014-6250
	RESERVED
CVE-2014-6249
	RESERVED
CVE-2014-6248
	RESERVED
CVE-2014-6247
	RESERVED
CVE-2014-6246
	RESERVED
CVE-2014-6245
	RESERVED
CVE-2014-6244
	RESERVED
CVE-2014-6243 (Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer ...)
	NOT-FOR-US: WordPress plugin EWWW Image Optimizer
CVE-2014-6242 (Multiple SQL injection vulnerabilities in the All In One WP Security &amp; ...)
	NOT-FOR-US: WordPress plugin All In One WP Security
CVE-2014-6230 (WP-Ban plugin before 1.6.4 for WordPress, when running in certain ...)
	NOT-FOR-US: WordPress plugin WP-Ban
CVE-2014-6229 (The HashContext class in hphp/runtime/ext/ext_hash.cpp in Facebook ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-6228 (Integer overflow in the string_chunk_split function in ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2010-5305
	RESERVED
CVE-2014-3618 (Heap-based buffer overflow in formisc.c in formail in procmail 3.22 ...)
	{DSA-3019-1 DLA-46-1}
	- procmail 3.22-22 (bug #760443)
	NOTE: http://www.openwall.com/lists/oss-security/2014/09/03/8
CVE-2014-6241 (SQL injection vulnerability in the wt_directory extension before 1.4.1 ...)
	NOT-FOR-US: Typo3 extension wt_directory
CVE-2014-6240 (Cross-site scripting (XSS) vulnerability in the Google Sitemap ...)
	NOT-FOR-US: Typo3 extension weeaar_googlesitemap
CVE-2014-6239 (SQL injection vulnerability in the Address visualization with Google ...)
	NOT-FOR-US: Typo3 extension st_address_map
CVE-2014-6238 (Cross-site scripting (XSS) vulnerability in the Akronymmanager (aka SB ...)
	NOT-FOR-US: Typo3 extension Akronymmanager
CVE-2014-6237 (Cross-site scripting (XSS) vulnerability in the News Pack extension ...)
	NOT-FOR-US: Typo3 extension News Pack
CVE-2014-6236 (Unspecified vulnerability in the LumoNet PHP Include (lumophpinclude) ...)
	NOT-FOR-US: Typo3 extension lumophpinclude
CVE-2014-6235 (Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for ...)
	NOT-FOR-US: Typo3 extension DomPDF
CVE-2014-6234 (Cross-site scripting (XSS) vulnerability in the Open Graph protocol ...)
	NOT-FOR-US: Typo3 extension jh_opengraphprotocol
CVE-2014-6233 (SQL injection vulnerability in the Flat Manager (flatmgr) extension ...)
	NOT-FOR-US: Typo3 extension flatmgr
CVE-2014-6232 (Unspecified vulnerability in the LDAP (eu_ldap) extension before ...)
	NOT-FOR-US: Typo3 extension eu_ldap
CVE-2014-6231 (Unspecified vulnerability in the CWT Frontend Edit (cwt_feedit) ...)
	NOT-FOR-US: Typo3 extension cwt_feedit
	NOTE: This is different from the feedit extension in typo3-src.
CVE-2014-6227
	RESERVED
CVE-2014-6226
	RESERVED
CVE-2014-6225
	RESERVED
CVE-2014-6224
	RESERVED
CVE-2014-6223
	RESERVED
CVE-2014-6222 (Directory traversal vulnerability in IBM Marketing Operations 7.x and ...)
	NOT-FOR-US: IBM Marketing Operations
CVE-2014-6221 (The MSCAPI/MSCNG interface implementation in GSKit in IBM Rational ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2014-6220
	RESERVED
CVE-2014-6219
	RESERVED
CVE-2014-6218
	RESERVED
CVE-2014-6217
	RESERVED
CVE-2014-6216
	RESERVED
CVE-2014-6215 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2014-6214 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-6213
	RESERVED
CVE-2014-6212 (The Echo API in IBM Emptoris Contract Management 9.5.x before 9.5.0.6 ...)
	NOT-FOR-US: IBM
CVE-2014-6211 (The command-line scripts in IBM WebSphere Commerce 6.0 through ...)
	NOT-FOR-US: IBM
CVE-2014-6210 (IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 ...)
	NOT-FOR-US: IBM
CVE-2014-6209 (IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 ...)
	NOT-FOR-US: IBM
CVE-2014-6208
	RESERVED
CVE-2014-6207
	RESERVED
CVE-2014-6206
	RESERVED
CVE-2014-6205
	RESERVED
CVE-2014-6204
	RESERVED
CVE-2014-6203
	RESERVED
CVE-2014-6202
	RESERVED
CVE-2014-6201
	RESERVED
CVE-2014-6200
	RESERVED
CVE-2014-6199 (The HTTP Server Adapter in IBM Sterling B2B Integrator 5.1 and 5.2.x ...)
	NOT-FOR-US: IBM
CVE-2014-6198 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
	NOT-FOR-US: IBM
CVE-2014-6197 (IBM Security Network Protection 5.1.x and 5.2.x before 5.2.0.0 FP5 and ...)
	NOT-FOR-US: IBM
CVE-2014-6196 (Cross-site scripting (XSS) vulnerability in IBM Web Experience Factory ...)
	NOT-FOR-US: IBM WEF
CVE-2014-6195 (The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6194 (Directory traversal vulnerability in an unspecified web form in IBM ...)
	NOT-FOR-US: IBM Maximo
CVE-2014-6193 (IBM WebSphere Portal 8.0.0 through 8.0.0.1 CF14 and 8.5.0 before CF04, ...)
	NOT-FOR-US: IBM
CVE-2014-6192 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
	NOT-FOR-US: IBM
CVE-2014-6191 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
	NOT-FOR-US: IBM
CVE-2014-6190 (The log viewer in IBM Workload Deployer 3.1 before 3.1.0.7 allows ...)
	NOT-FOR-US: IBM
CVE-2014-6189 (Cross-site scripting (XSS) vulnerability in IBM Security Network ...)
	NOT-FOR-US: IBM
CVE-2014-6188 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-6187 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-6186 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.x before ...)
	NOT-FOR-US: IBM
CVE-2014-6185 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before ...)
	NOT-FOR-US: IBM
	NOTE: https://www-01.ibm.com/support/docview.wss?uid=swg21695715
CVE-2014-6184 (Stack-based buffer overflow in dsmtca in the client in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6183 (IBM Security Network Protection 5.1 before 5.1.0.0 FP13, 5.1.1 before ...)
	NOT-FOR-US: IBM Security Network Protection
CVE-2014-6182 (Directory traversal vulnerability in an export function in the Process ...)
	NOT-FOR-US: IBM
CVE-2014-6181 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before ...)
	NOT-FOR-US: IBM
CVE-2014-6180 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-6179 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-6178 (Cross-site scripting (XSS) vulnerability in the widgets in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-6177 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.x before ...)
	NOT-FOR-US: IBM
CVE-2014-6176 (IBM WebSphere Process Server 7.0, WebSphere Enterprise Service Bus ...)
	NOT-FOR-US: IBM
CVE-2014-6175 (Cross-site scripting (XSS) vulnerability in IBM Marketing Operations ...)
	NOT-FOR-US: IBM Marketing Operations
CVE-2014-6174 (IBM WebSphere Application Server 7.x before 7.0.0.37, 8.0.x before ...)
	NOT-FOR-US: IBM
CVE-2014-6173 (Cross-site scripting (XSS) vulnerability in the Process Inspector in ...)
	NOT-FOR-US: IBM
CVE-2014-6172 (IBM API Management 3.0 before 3.0.4.0 IF1 allows remote attackers to ...)
	NOT-FOR-US: IBM
CVE-2014-6171 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0 ...)
	NOT-FOR-US: IBM
CVE-2014-6170 (The HTTPInput node in IBM WebSphere Message Broker 7.0 before 7.0.0.8 ...)
	NOT-FOR-US: IBM
CVE-2014-6169 (Cross-site scripting (XSS) vulnerability in IBM Forms Experience ...)
	NOT-FOR-US: IBM Forms Experience Builder
CVE-2014-6168 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
	NOT-FOR-US: IBM
CVE-2014-6167 (Cross-site scripting (XSS) vulnerability in the URL rewriting feature ...)
	NOT-FOR-US: IBM
CVE-2014-6166 (The Communications Enabled Applications (CEA) service in IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-6165
	RESERVED
CVE-2014-6164 (IBM WebSphere Application Server 8.0.x before 8.0.0.10 and 8.5.x ...)
	NOT-FOR-US: IBM
CVE-2014-6163 (Cross-site scripting (XSS) vulnerability on the IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-6162
	RESERVED
CVE-2014-6161 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool/Impact ...)
	NOT-FOR-US: IBM
CVE-2014-6160 (IBM WebSphere Service Registry and Repository (WSRR) 8.5 before ...)
	NOT-FOR-US: IBM
CVE-2014-6159 (IBM DB2 9.7 before FP10, 9.8 through FP5, 10.1 through FT4, and 10.5 ...)
	NOT-FOR-US: IBM
CVE-2014-6158 (Multiple directory traversal vulnerabilities in the file-upload ...)
	NOT-FOR-US: IBM
CVE-2014-6157
	RESERVED
CVE-2014-6156
	RESERVED
CVE-2014-6155 (Multiple directory traversal vulnerabilities in the ServiceRegistry UI ...)
	NOT-FOR-US: IBM
CVE-2014-6154 (Directory traversal vulnerability in IBM Optim Performance Manager for ...)
	NOT-FOR-US: IBM Optim
CVE-2014-6153 (The Web UI in IBM WebSphere Service Registry and Repository (WSRR) ...)
	NOT-FOR-US: IBM
CVE-2014-6152 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6151 (CRLF injection vulnerability in IBM Tivoli Integrated Portal (TIP) ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6150 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Application ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6149 (Directory traversal vulnerability in BIRT-viewer in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6148 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2014-6147 (IBM Flex System Manager (FSM) 1.1.x.x, 1.2.0.x, 1.2.1.x, 1.3.0.0, ...)
	NOT-FOR-US: IBM FSM
CVE-2014-6146 (IBM Sterling B2B Integrator 5.2.x through 5.2.4, when the ...)
	NOT-FOR-US: IBM
CVE-2014-6145 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
	NOT-FOR-US: IBM
CVE-2014-6144 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
	NOT-FOR-US: IBM
CVE-2014-6143 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
	NOT-FOR-US: IBM
CVE-2014-6142
	RESERVED
CVE-2014-6141 (IBM Tivoli Monitoring (ITM) 6.2.0 through FP03, 6.2.1 through FP04, ...)
	NOT-FOR-US: IBM
CVE-2014-6140 (IBM Tivoli Endpoint Manager Mobile Device Management (MDM) before ...)
	NOT-FOR-US: IBM Endpoint Manager Mobile Device Management Components
CVE-2014-6139 (The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, ...)
	NOT-FOR-US: IBM BPM
CVE-2014-6138 (The IBM WebSphere DataPower XC10 appliance 2.1 and 2.5 before FP4 ...)
	NOT-FOR-US: IBM
CVE-2014-6137 (Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page ...)
	NOT-FOR-US: IBM Endpoint Manager
CVE-2014-6136 (IBM Security AppScan Standard 8.x and 9.x before 9.0.1.1 FP1 supports ...)
	NOT-FOR-US: IBM
CVE-2014-6135 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
	NOT-FOR-US: IBM
CVE-2014-6134 (IBM Rational ClearCase 8.0.0 before 8.0.0.14 and 8.0.1 before 8.0.1.7, ...)
	NOT-FOR-US: IBM
CVE-2014-6133 (IBM API Management 3.x before 3.0.1.0 allows local users to obtain ...)
	NOT-FOR-US: IBM API Management
CVE-2014-6132 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-6131 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2014-6130 (The IBM Notes Traveler application before 9.0.1.3 for Android lacks a ...)
	NOT-FOR-US: IBM Notes Traveler application for Android
CVE-2014-6129 (IBM Rational Jazz Team Server (JTS), as used in Rational Collaborative ...)
	NOT-FOR-US: IBM
CVE-2014-6128
	RESERVED
CVE-2014-6127
	RESERVED
CVE-2014-6126 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-6125 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-6124
	RESERVED
CVE-2014-6123 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
	NOT-FOR-US: IBM
CVE-2014-6122 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
	NOT-FOR-US: IBM
CVE-2014-6121 (Cross-site scripting (XSS) vulnerability in IBM Security AppScan ...)
	NOT-FOR-US: IBM
CVE-2014-6120 (IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through ...)
	NOT-FOR-US: IBM Rational AppScan Source
CVE-2014-6119 (IBM Security AppScan Enterprise 8.5 before 8.5 IFix 002, 8.6 before ...)
	NOT-FOR-US: IBM
CVE-2014-6118
	RESERVED
CVE-2014-6117
	RESERVED
CVE-2014-6116 (The Telemetry Component in WebSphere MQ 8.0.0.1 before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-6115 (IBM Rational Insight 1.1.1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: IBM Rational Insight
CVE-2014-6114 (The Hosted Transparent Decision Service in the Rule Execution Server ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-6113 (Cross-site scripting (XSS) vulnerability in the Web Reports component ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-6112 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
	NOT-FOR-US: IBM
CVE-2014-6111 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
	NOT-FOR-US: IBM
CVE-2014-6110 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 does not ...)
	NOT-FOR-US: IBM
CVE-2014-6109 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
	NOT-FOR-US: IBM
CVE-2014-6108 (IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and ...)
	NOT-FOR-US: IBM
CVE-2014-6107 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
	NOT-FOR-US: IBM
CVE-2014-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
	NOT-FOR-US: IBM
CVE-2014-6105 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
	NOT-FOR-US: IBM
CVE-2014-6104
	RESERVED
CVE-2014-6103
	RESERVED
CVE-2014-6102 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5.0 before ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-6101 (Cross-site scripting (XSS) vulnerability in the redirect-login feature ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2014-6100 (Cross-site scripting (XSS) vulnerability in the Admin UI in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2014-6099 (The Change Password feature in IBM Sterling B2B Integrator 5.2.x ...)
	NOT-FOR-US: IBM Sterling
CVE-2014-6098 (IBM Security Identity Manager 6.x before 6.0.0.3 IF14 allows remote ...)
	NOT-FOR-US: IBM
CVE-2014-6097 (IBM DB2 9.7 before FP10 and 9.8 through FP5 on Linux, UNIX, and ...)
	NOT-FOR-US: IBM
CVE-2014-6096 (Cross-site scripting (XSS) vulnerability in IBM Security Identity ...)
	NOT-FOR-US: IBM
CVE-2014-6095 (Directory traversal vulnerability in IBM Security Identity Manager 6.x ...)
	NOT-FOR-US: IBM
CVE-2014-6094
	RESERVED
CVE-2014-6093 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.x ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-6092 (IBM Curam Social Program Management (SPM) 5.2 before SP6 EP6, 6.0 SP2 ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6091 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6090 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-6089 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6088 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6087 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6086 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6085
	RESERVED
CVE-2014-6084 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6083 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6082 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6081
	RESERVED
CVE-2014-6080 (SQL injection vulnerability in IBM Security Access Manager for Mobile ...)
	NOT-FOR-US: IBM
CVE-2014-6079 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-6078 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6077 (Cross-site request forgery (CSRF) vulnerability in IBM Security Access ...)
	NOT-FOR-US: IBM
CVE-2014-6076 (IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security ...)
	NOT-FOR-US: IBM
CVE-2014-6075 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-6074 (IBM UrbanCode Deploy 6.1.0.2 before IF1 allows remote authenticated ...)
	NOT-FOR-US: IBM UrbanCode Deploy
CVE-2014-6073
	RESERVED
CVE-2014-6072
	RESERVED
CVE-2014-6071 (jQuery 1.4.2 allows remote attackers to conduct cross-site scripting ...)
	- jquery 1.6.1-1
	[squeeze] - jquery <no-dsa> (Only exploitable when following anti-patterns)
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=1136683#c2
CVE-2014-6069
	RESERVED
CVE-2014-6068
	RESERVED
CVE-2014-6067
	RESERVED
CVE-2014-6066
	RESERVED
CVE-2014-6065
	RESERVED
CVE-2014-6064 (The Accounts tab in the administrative user interface in McAfee Web ...)
	NOT-FOR-US: McAfee Web Gateway
CVE-2014-6063
	RESERVED
CVE-2014-6062
	RESERVED
CVE-2014-6061
	RESERVED
CVE-2014-6059
	RESERVED
CVE-2014-6058
	RESERVED
CVE-2014-6057
	RESERVED
CVE-2014-6056
	RESERVED
CVE-2014-6055 (Multiple stack-based buffer overflows in the File Transfer feature in ...)
	{DSA-3081-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	NOTE: https://github.com/newsoft/libvncserver/commit/06ccdf016154fde8eccb5355613ba04c59127b2e
	NOTE: https://github.com/newsoft/libvncserver/commit/f528072216dec01cee7ca35d94e171a3b909e677
	NOTE: https://github.com/newsoft/libvncserver/commit/256964b884c980038cd8b2f0d180fbb295b1c748 (improvement)
	NOTE: check for possible ABI break: https://bugzilla.redhat.com/show_bug.cgi?id=1144293#c2
CVE-2014-6054 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
	{DSA-3081-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	NOTE: https://github.com/newsoft/libvncserver/commit/05a9bd41a8ec0a9d580a8f420f41718bdd235446
	NOTE: https://github.com/newsoft/libvncserver/commit/f18f24ce65f5cac22ddcf3ed51417e477f9bad09 (hardening)
	NOTE: https://github.com/newsoft/libvncserver/commit/5dee1cbcd83920370a487c4fd2718aa4d3eba548 (required for sparc)
	NOTE: https://github.com/newsoft/libvncserver/commit/819481c5e2003cd36d002336c248de8c75de362e (hardening)
	NOTE: https://github.com/newsoft/libvncserver/commit/e5d9b6a07257c12bf3b6242ddea79ea1c95353a8 (hardening)
CVE-2014-6053 (The rfbProcessClientNormalMessage function in libvncserver/rfbserver.c ...)
	{DSA-3081-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	NOTE: https://github.com/newsoft/libvncserver/commit/6037a9074d52b1963c97cb28ea1096c7c14cbf28
CVE-2014-6052 (The HandleRFBServerMessage function in libvncclient/rfbproto.c in ...)
	{DSA-3081-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	NOTE: https://github.com/newsoft/libvncserver/commit/85a778c0e45e87e35ee7199f1f25020648e8b812
CVE-2014-6051 (Integer overflow in the MallocFrameBuffer function in vncviewer.c in ...)
	{DSA-3081-1 DLA-197-1}
	- libvncserver 0.9.9+dfsg-6.1 (bug #762745)
	NOTE: https://github.com/newsoft/libvncserver/commit/045a044e8ae79db9244593fbce154cdf6e843273
CVE-2014-6050
	RESERVED
CVE-2014-6049
	RESERVED
CVE-2014-6048
	RESERVED
CVE-2014-6047
	RESERVED
CVE-2014-6046
	RESERVED
CVE-2014-6045
	RESERVED
CVE-2014-6044
	RESERVED
CVE-2014-6043 (ZOHO ManageEngine EventLog Analyzer 9.0 build 9002 and 8.2 build 8020 ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-6042
	RESERVED
CVE-2014-6041 (The Android WebView in Android before 4.4 allows remote attackers to ...)
	NOT-FOR-US: Android Browser application
CVE-2014-6039
	RESERVED
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-6038
	RESERVED
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-6037 (Directory traversal vulnerability in the agentUpload servlet in ZOHO ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-6036 (Directory traversal vulnerability in the multipartRequest servlet in ...)
	NOT-FOR-US: ZOHO
CVE-2014-6035 (Directory traversal vulnerability in the FileCollector servlet in ZOHO ...)
	NOT-FOR-US: ZOHO
CVE-2014-6034 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: ZOHO
CVE-2014-6033
	REJECTED
CVE-2014-6032 (Multiple XML External Entity (XXE) vulnerabilities in the ...)
	NOT-FOR-US: F5 Networks Big-IP
CVE-2014-6031 (Buffer overflow in the mcpq daemon in F5 BIG-IP systems 10.x before ...)
	NOT-FOR-US: F5 BIG-IP systems
CVE-2014-6030 (Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET ...)
	NOT-FOR-US: ClassApps SelectSurvey.NET
CVE-2014-6026
	RESERVED
CVE-2014-6025 (The Chartboost library before 2.0.2 for Android does not verify X.509 ...)
	NOT-FOR-US: Chartboost library for Android
CVE-2014-6024 (The Flurry library before 3.4.0 for Android does not verify X.509 ...)
	NOT-FOR-US: Flurry library for Android
CVE-2014-6023 (The s-peek credit rating report (aka com.rhomobile.speek) application ...)
	NOT-FOR-US: s-peek credit rating report (aka com.rhomobile.speek) application for Android
CVE-2014-6022 (The Versent Books (aka com.versentbooks) application 1.1.99 for ...)
	NOT-FOR-US: Versent Books (aka com.versentbooks) application for Android
CVE-2014-6021 (The Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) ...)
	NOT-FOR-US: Harley-Davidson Visa (aka com.usbank.icsmobile.harleydavidson) application for Android
CVE-2014-6020 (The Fuel Rewards Network (aka com.excentus.frn) application 1 for ...)
	NOT-FOR-US: Fuel Rewards Network (aka com.excentus.frn) application for Android
CVE-2014-6019 (The psychology (aka com.alek.psychology) application 1.0.2 for Android ...)
	NOT-FOR-US: psychology (aka com.alek.psychology) application for Android
CVE-2014-6018 (The global beauty research (aka com.appems.topgirl) application 1.6 ...)
	NOT-FOR-US: global beauty research (aka com.appems.topgirl) application for Android
CVE-2014-6017 (The Doodle Drop (aka net.lazyer.DoodleDrop) application 1 for Android ...)
	NOT-FOR-US: Doodle Drop (aka net.lazyer.DoodleDrop) application for Android
CVE-2014-6016 (The Celluloid (aka com.eurisko.celluloid) application 1.3 for Android ...)
	NOT-FOR-US: Celluloid (aka com.eurisko.celluloid) application for Android
CVE-2014-6015 (The TuCarro (aka com.tucarro) application 2.0.5 for Android does not ...)
	NOT-FOR-US: TuCarro (aka com.tucarro) application for Android
CVE-2014-6014 (The Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) ...)
	NOT-FOR-US: Conquest Of Fantasia (aka air.com.ingen.studios.cof.sg) application for Android
CVE-2014-6013 (The nuSquare (aka tw.com.nuphoto.nusquare) application 1.0.78 for ...)
	NOT-FOR-US: nuSquare (aka tw.com.nuphoto.nusquare) application for Android
CVE-2014-6012 (The Gravity Bounce (aka net.toddm.gb) application 1.1 for Android does ...)
	NOT-FOR-US: Gravity Bounce (aka net.toddm.gb) application for Android
CVE-2014-6011 (The cutprice (aka kr.co.wedoit.cutprice) application 1.0.4 for Android ...)
	NOT-FOR-US: cutprice (aka kr.co.wedoit.cutprice) application for Android
CVE-2014-6010 (The Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) ...)
	NOT-FOR-US: Rasta Weed Widgets HD (aka aw.awesomewidgets.rastaweed) application for Android
CVE-2014-6009 (The Zombie Detector (aka com.jimmybolstad.zombiedetector) application ...)
	NOT-FOR-US: Zombie Detector (aka com.jimmybolstad.zombiedetector) application for Android
CVE-2014-6008 (The Blitz Bingo (aka com.appMobi.sbbingo.app) application 2.3 for ...)
	NOT-FOR-US: Blitz Bingo (aka com.appMobi.sbbingo.app) application for Android
CVE-2014-6007 (The LikeHero Get Instagram Likes (aka com.fraoula.likehero) ...)
	NOT-FOR-US: LikeHero Get Instagram Likes (aka com.fraoula.likehero) application for Android
CVE-2014-6006 (The Gratta &amp; Vinci? (aka com.dreamstep.wGrattaevinci) application ...)
	NOT-FOR-US: Gratta & Vinci? (aka com.dreamstep.wGrattaevinci) application for Android
CVE-2014-6005 (The Survey.com Mobile (aka com.survey.android) application 3.2.16 for ...)
	NOT-FOR-US: Survey.com Mobile (aka com.survey.android) application for Android
CVE-2014-6004 (The Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application 3 ...)
	NOT-FOR-US: Pocket Cam Photo Editor (aka mobi.pocketcam.editor) application for Android
CVE-2014-6003 (The Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application ...)
	NOT-FOR-US: Belas Frases de Amor (aka com.goodbarber.frasesdeamor) application for Android
CVE-2014-6002 (The DTE Energy (aka com.dteenergy.mydte) application 3.0.3 for Android ...)
	NOT-FOR-US: DTE Energy (aka com.dteenergy.mydte) application for Android
CVE-2014-6001 (The gewara (aka com.gewara) application 5.2.3 for Android does not ...)
	NOT-FOR-US: gewara (aka com.gewara) application for Android
CVE-2014-6000 (The FreshDirect (aka com.freshdirect.android) application 2.7.1 for ...)
	NOT-FOR-US: FreshDirect (aka com.freshdirect.android) application for Android
CVE-2014-5999 (The autonavi (aka com.telenav.doudouyou.android.autonavi) application ...)
	NOT-FOR-US: autonavi (aka com.telenav.doudouyou.android.autonavi) application for Android
CVE-2014-5998 (The SkyDrive Assistant (aka com.dhh.sky) application 2.1 for Android ...)
	NOT-FOR-US: SkyDrive Assistant (aka com.dhh.sky) application for Android
CVE-2014-5997 (The Auto Trader (aka za.co.autotrader.android.app) application 2 for ...)
	NOT-FOR-US: Auto Trader (aka za.co.autotrader.android.app) application for Android
CVE-2014-5996 (The DEKRA Used Car Report (aka com.dekra.maengelreport) application ...)
	NOT-FOR-US: DEKRA Used Car Report (aka com.dekra.maengelreport) application for Android
CVE-2014-5995 (The eWUS mobile (aka pl.dreryk.ewustest) application 1.4.5 for Android ...)
	NOT-FOR-US: eWUS mobile (aka pl.dreryk.ewustest) application for Android
CVE-2014-5994 (The ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application ...)
	NOT-FOR-US: ding* ezetop. Top-up Any Phone (aka com.ezetop.world) application for Android
CVE-2014-5993 (The MLB Preplay (aka com.preplay.android.mlb) application 5.4.2 for ...)
	NOT-FOR-US: MLB Preplay (aka com.preplay.android.mlb) application for Android
CVE-2014-5992 (The successsecrets (aka com.alek.successsecrets) application 1.2.3 for ...)
	NOT-FOR-US: successsecrets (aka com.alek.successsecrets) application for Android
CVE-2014-5991 (The Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) ...)
	NOT-FOR-US: Skin Conditions and Diseases (aka com.appsgeyser.wSkinConditions) application for Android
CVE-2014-5990 (The cookbible (aka net.bookjam.cookbible) application 1.0.0 for ...)
	NOT-FOR-US: cookbible (aka net.bookjam.cookbible) application for Android
CVE-2014-5989 (The baby days (aka jp.co.cyberagent.babydays) application 1.5.8 for ...)
	NOT-FOR-US: baby days (aka jp.co.cyberagent.babydays) application for Android
CVE-2014-5988 (The Azkend Gold (aka com.the10tons.azkend.gold) application 1.2.6 for ...)
	NOT-FOR-US: Azkend Gold (aka com.the10tons.azkend.gold) application for Android
CVE-2014-5987 (The My3 - by 3HK (aka com.my3) application @7F0A0001 for Android does ...)
	NOT-FOR-US: My3 - by 3HK (aka com.my3) application for Android
CVE-2014-5986 (The Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) ...)
	NOT-FOR-US: Educational Puzzles - Letters (aka com.EducationalPuzzlesLetters) application for Android
CVE-2014-5985 (The Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application ...)
	NOT-FOR-US: Animal Kaiser Zangetsu (aka com.wAnimalKaiserZangetsu) application for Android
CVE-2014-5984 (The Little Dragons (aka com.playcomo.dragongame) application 1.0.256 ...)
	NOT-FOR-US: Little Dragons (aka com.playcomo.dragongame) application for Android
CVE-2014-5983 (The Threadflip : Buy, Sell Fashion (aka com.threadflip.android) ...)
	NOT-FOR-US: Threadflip : Buy, Sell Fashion (aka com.threadflip.android) application for Android
CVE-2014-5982 (The RunKeeper - GPS Track Run Walk (aka ...)
	NOT-FOR-US: RunKeeper - GPS Track Run Walk (aka com.fitnesskeeper.runkeeper.pro) application for Android
CVE-2014-5981 (The MoWeather (aka com.moji.moweather) application 1.40.05 for Android ...)
	NOT-FOR-US: MoWeather (aka com.moji.moweather) application for Android
CVE-2014-5980 (The Genertel (aka com.genertel) application 2.6.0 for Android does not ...)
	NOT-FOR-US: Genertel (aka com.genertel) application for Android
CVE-2014-5979 (The TV Bengali Open Directory (aka com.TVBengali) application 1.4 for ...)
	NOT-FOR-US: TV Bengali Open Directory (aka com.TVBengali) application for Android
CVE-2014-5978 (The memetan (aka memetan.android.com.activity) application 1.1.0 for ...)
	NOT-FOR-US: memetan (aka memetan.android.com.activity) application for Android
CVE-2014-5977 (The Mobile Face (aka com.wFacemobile) application 0.74.13432.91159 for ...)
	NOT-FOR-US: Mobile Face (aka com.wFacemobile) application for Android
CVE-2014-5976 (The alibaba (aka com.alibaba.wireless) application 4.1.0.0 for Android ...)
	NOT-FOR-US: alibaba (aka com.alibaba.wireless) application for Android
CVE-2014-5975 (The eponyms (aka com.anddeveloper.eponyms) application 3.2 for Android ...)
	NOT-FOR-US: eponyms (aka com.anddeveloper.eponyms) application for Android
CVE-2014-5974 (The PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application 2.2 ...)
	NOT-FOR-US: PSECU Mobile+ (aka com.Vertifi.Mobile.P231381116) application for Android
CVE-2014-5973 (The Aquarium Advice (aka com.socialknowledge.aquariumadvice) ...)
	NOT-FOR-US: Aquarium Advice (aka com.socialknowledge.aquariumadvice) application for Android
CVE-2014-5972 (The Loving - Couple Essential (aka com.xiaoenai.app) application 4.0.1 ...)
	NOT-FOR-US: Loving - Couple Essential (aka com.xiaoenai.app) application for Android
CVE-2014-5971 (The Fiksu library for Android does not verify X.509 certificates from ...)
	NOT-FOR-US: Fiksu library for Android
CVE-2014-5970 (The BabyBus (aka com.sinyee.babybus.concert.ru) application 3.91 for ...)
	NOT-FOR-US: BabyBus (aka com.sinyee.babybus.concert.ru) application for Android
CVE-2014-5969 (The healthylifestyle (aka com.alek.healthylifestyle) application 1.2.2 ...)
	NOT-FOR-US: healthylifestyle (aka com.alek.healthylifestyle) application for Android
CVE-2014-5968 (The iGolf - Golf GPS (aka com.igolf) application 20 for Android does ...)
	NOT-FOR-US: iGolf - Golf GPS (aka com.igolf) application for Android
CVE-2014-5967 (The Designs Nail Arts (aka com.decoracionesnailart.flickr) application ...)
	NOT-FOR-US: Designs Nail Arts (aka com.decoracionesnailart.flickr) application for Android
CVE-2014-5966 (The Dreamland Super Theme GO Gold (aka ...)
	NOT-FOR-US: Designs Nail Arts (aka com.decoracionesnailart.flickr) application for Android
CVE-2014-5965 (The GrooveMusic (aka com.mobincube.android.sc_2HKFF) application 2.0.0 ...)
	NOT-FOR-US: GrooveMusic (aka com.mobincube.android.sc_2HKFF) application for Android
CVE-2014-5964 (The MegaBank (aka com.megabank.mobilebank) application 2.0 for Android ...)
	NOT-FOR-US: MegaBank (aka com.megabank.mobilebank) application for Android
CVE-2014-5963 (The Halieutics (aka com.corn.Halieutics) application 21.40.5 for ...)
	NOT-FOR-US: Halieutics (aka com.corn.Halieutics) application for Android
CVE-2014-5962 (The Guess The Actor (aka com.gamelikeinc.actors) application 1.1 for ...)
	NOT-FOR-US: Guess The Actor (aka com.gamelikeinc.actors) application for Android
CVE-2014-5961 (The russiananime (aka com.rareartifact.russiananime68A5CCFE) ...)
	NOT-FOR-US: russiananime (aka com.rareartifact.russiananime68A5CCFE) application for Android
CVE-2014-5960 (The BundesArztsuche (aka de.kbv.bas) application 1.0.1 for Android ...)
	NOT-FOR-US: BundesArztsuche (aka de.kbv.bas) application for Android
CVE-2014-5959 (The tx Smart (aka com.wooriwm.txsmart) application 7.05 for Android ...)
	NOT-FOR-US: tx Smart (aka com.wooriwm.txsmart) application for Android
CVE-2014-5958 (The ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) ...)
	NOT-FOR-US: ChatBox - Chat Rooms (aka com.droidchatroom.messengerapp) application for Android
CVE-2014-5957 (The Alien War Survivors (aka com.ly.a13.gp) application 1.3.1 for ...)
	NOT-FOR-US: Alien War Survivors (aka com.ly.a13.gp) application for Android
CVE-2014-5956 (The VPlayer Video Player (aka me.abitno.vplayer.t) application 3.2.6 ...)
	NOT-FOR-US: VPlayer Video Player (aka me.abitno.vplayer.t) application for Android
CVE-2014-5955 (The Atomic Fusion (aka com.bytesized.fusion) application 1.7 for ...)
	NOT-FOR-US: Atomic Fusion (aka com.bytesized.fusion) application for Android
CVE-2014-5954 (The State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application 2.0.1 ...)
	NOT-FOR-US: State Bank Anywhere (aka com.sbi.SBIFreedomPlus) application for Android
CVE-2014-5953 (The KASKUS (aka com.kaskus.android) application 2.13.0 for Android ...)
	NOT-FOR-US: KASKUS (aka com.kaskus.android) application for Android
CVE-2014-5952 (The E-Dziennik (aka com.librus.dziennik) application 0.5.2 for Android ...)
	NOT-FOR-US: E-Dziennik (aka com.librus.dziennik) application for Android
CVE-2014-5951 (The SinoPac (aka com.sionpac.app.SinoPac) application 2.4.2 for ...)
	NOT-FOR-US: SinoPac (aka com.sionpac.app.SinoPac) application for Android
CVE-2014-5950 (The NOW (aka com.smtown.smtownnow.androidapp) application 0.9.8 for ...)
	NOT-FOR-US: NOW (aka com.smtown.smtownnow.androidapp) application for Android
CVE-2014-5949 (The TICKET APP - Concerts &amp; Sports (aka com.xcr.android.ticketapp) ...)
	NOT-FOR-US: TICKET APP - Concerts & Sports (aka com.xcr.android.ticketapp) application for Android
CVE-2014-5948 (The Obama for America (aka com.barackobama.ofa) application 1.02 for ...)
	NOT-FOR-US: Obama for America (aka com.barackobama.ofa) application for Android
CVE-2014-5947 (The psicofxp (aka com.tapatalk.psicofxpcom) application 2.4.12.15 for ...)
	NOT-FOR-US: psicofxp (aka com.tapatalk.psicofxpcom) application for Android
CVE-2014-5946 (The forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) ...)
	NOT-FOR-US: forumhawaaworldcom (aka com.tapatalk.forumhawaaworldcom) application for Android
CVE-2014-5945 (The Edline Mobile (aka com.wEdlineFree) application 0.63.13369.34294 ...)
	NOT-FOR-US: Edline Mobile (aka com.wEdlineFree) application for Android
CVE-2014-5944 (The Soccer Blitz (aka soccer.blitz) application 1.06 for Android does ...)
	NOT-FOR-US: Soccer Blitz (aka soccer.blitz) application for Android
CVE-2014-5943 (The LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application Beta ...)
	NOT-FOR-US: LabMSF Antivirus beta (aka com.ReSync.RNGN) 1.0.2 application for Android
CVE-2014-5942 (The Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) ...)
	NOT-FOR-US: Baby Stomach Surgery (aka com.harriskerioe.stomachsurgery) application for Android
CVE-2014-5941 (The Armpit Spa &amp; Girl Games (aka com.freegames.spamakeover) ...)
	NOT-FOR-US: Armpit Spa & Girl Games (aka com.freegames.spamakeover) application for Android
CVE-2014-5940 (The PocketPC.ch (aka com.tapatalk.pocketpcch) application 3.9.51 for ...)
	NOT-FOR-US: PocketPC.ch (aka com.tapatalk.pocketpcch) application for Android
CVE-2014-5939 (The travelzadcomvb (aka com.tapatalk.travelzadcomvb) application ...)
	NOT-FOR-US: travelzadcomvb (aka com.tapatalk.travelzadcomvb) application for Android
CVE-2014-5938 (The AllDealsAsia All Deals ADA app (aka com.ada.deals) application ...)
	NOT-FOR-US: AllDealsAsia All Deals ADA app (aka com.ada.deals) application for Android
CVE-2014-5937 (The Social Networking (aka com.wSocialNetworkingSites) application ...)
	NOT-FOR-US: Social Networking (aka com.wSocialNetworkingSites) application for Android
CVE-2014-5936 (The INCOgnito Private Browser (aka com.SL.InCoBrowser) application ...)
	NOT-FOR-US: INCOgnito Private Browser (aka com.SL.InCoBrowser) application for Android
CVE-2014-5935 (The Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) ...)
	NOT-FOR-US: Daily Free App @ Amazon (aka com.kattanweb.android.dfaa) application for Android
CVE-2014-5934 (The Flurv Chat (aka com.flurv.android) application 4.3.3 for Android ...)
	NOT-FOR-US: Flurv Chat (aka com.flurv.android) application for Android
CVE-2014-5933 (The Coke Studio 7 (aka com.cokeshare.pakistan) application 1 for ...)
	NOT-FOR-US: Coke Studio 7 (aka com.cokeshare.pakistan) application for Android
CVE-2014-5932 (The Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) ...)
	NOT-FOR-US: Vodafone Mobile@Work (aka com.mobileiron.vodafone.MIClient) application for Android
CVE-2014-5931 (The Stop &amp; Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) ...)
	NOT-FOR-US: Stop & Shop SCAN IT! Mobile (aka com.modivmedia.scanitss) application for Android
CVE-2014-5930 (The Store and Share (aka sg.com.singnet.mystorage.android) application ...)
	NOT-FOR-US: Store and Share (aka sg.com.singnet.mystorage.android) application for Android
CVE-2014-5929 (The emartmall (aka kr.co.emart.emartmall) application 1.3.3 for ...)
	NOT-FOR-US: emartmall (aka kr.co.emart.emartmall) application for Android
CVE-2014-5928 (The Steganos Online Shield VPN (aka com.steganos.onlineshield) ...)
	NOT-FOR-US: Steganos Online Shield VPN (aka com.steganos.onlineshield) application for Android
CVE-2014-5927 (The FastCustomer -- Fast Customer (aka www.fastcustomer.com) ...)
	NOT-FOR-US: FastCustomer -- Fast Customer (aka www.fastcustomer.com) application for Android
CVE-2014-5926 (The DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application ...)
	NOT-FOR-US: DCU Mobile Banking (aka com.Vertifi.Mobile.P211391825) application for Android
CVE-2014-5925 (The 10000 Kindle Books Downloads (aka ...)
	NOT-FOR-US: 10000 Kindle Books Downloads (aka com.ww10000KindleBooksLatestnBestSellers) application for Android
CVE-2014-5924 (The Monster Makeup (aka com.bearhugmedia.android_monster) application ...)
	NOT-FOR-US: Monster Makeup (aka com.bearhugmedia.android_monster) application for Android
CVE-2014-5923 (The Facebook Status Via (aka com.StatusViaAdvanced) application 3.5 ...)
	NOT-FOR-US: Facebook Status Via (aka com.StatusViaAdvanced) application for Android
CVE-2014-5922 (The ga6748 (aka com.g.ga6748) application 1 for Android does not ...)
	NOT-FOR-US: ga6748 (aka com.g.ga6748) application for Android
CVE-2014-5921 (The Need for Speed Network (aka com.ea.nfsautolog.bv) application ...)
	NOT-FOR-US: Need for Speed Network (aka com.ea.nfsautolog.bv) application for Android
CVE-2014-5920 (The VK Amberfog (aka com.amberfog.vkfree) application 3.5.6 for ...)
	NOT-FOR-US: VK Amberfog (aka com.amberfog.vkfree) application for Android
CVE-2014-5919 (The SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application ...)
	NOT-FOR-US: SurDoc - 100GB+ FREE storage (aka com.jd.surdoc) application for Android
CVE-2014-5918 (The Secret Circle - talk freely (aka com.easyxapp.secret) application ...)
	NOT-FOR-US: Secret Circle - talk freely (aka com.easyxapp.secret) application for Android
CVE-2014-5917 (The Slideshow 365 (aka com.Slideshow) application 3.6 for Android does ...)
	NOT-FOR-US: Slideshow 365 (aka com.Slideshow) application for Android
CVE-2014-5916 (The Minha Oi (aka br.com.mobicare.minhaoi) application 1.15.0 for ...)
	NOT-FOR-US: Minha Oi (aka br.com.mobicare.minhaoi) application for Android
CVE-2014-5915 (The Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) ...)
	NOT-FOR-US: Tigo Copa Mundial FIFA 2014 (aka com.fwc2014.millicom.and) application for Android
CVE-2014-5914 (The Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) ...)
	NOT-FOR-US: Finansbank Cep Subesi (aka com.finansbank.mobile.cepsube) application for Android
CVE-2014-5913 (The Allies in War (aka com.gamelion.aiw) application 1.3.2 for Android ...)
	NOT-FOR-US: Allies in War (aka com.gamelion.aiw) application for Android
CVE-2014-5912 (The InNote (aka com.intsig.notes) application 1.0.3.20131119 for ...)
	NOT-FOR-US: InNote (aka com.intsig.notes) application for Android
CVE-2014-5911 (The Free App Icons &amp; Icon Packs (aka com.jellytap.cooliconfinder) ...)
	NOT-FOR-US: Free App Icons & Icon Packs (aka com.jellytap.cooliconfinder) application for Android
CVE-2014-5910 (The Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application ...)
	NOT-FOR-US: Dog Whistle (aka com.dogwhistle.dogtrainingandroidapp) application for Android
CVE-2014-5909 (The watcha (aka com.frograms.watcha) application 2.0.2 for Android ...)
	NOT-FOR-US: watcha (aka com.frograms.watcha) application for Android
CVE-2014-5908 (The Kmart (aka com.kmart.android) application @7F0C00EF for Android ...)
	NOT-FOR-US: Kmart (aka com.kmart.android) application for Android
CVE-2014-5907 (The Pet Salon (aka com.libiitech.petsalon) application 1.0.1 for ...)
	NOT-FOR-US: Pet Salon (aka com.libiitech.petsalon) application for Android
CVE-2014-5906 (The Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) ...)
	NOT-FOR-US: Lil Wayne Slots: FREE SLOTS (aka com.lilwayneslots.slots.android) application for Android
CVE-2014-5905 (The Grocery List - Tomatoes (aka com.meucarrinho) application 5.1.4 ...)
	NOT-FOR-US: Grocery List - Tomatoes (aka com.meucarrinho) application for Android
CVE-2014-5904 (The MiniInTheBox Online Shopping (aka com.miniinthebox.android) ...)
	NOT-FOR-US: MiniInTheBox Online Shopping (aka com.miniinthebox.android) application for Android
CVE-2014-5903 (The Mobile@Work (aka com.mobileiron) application 6.0.0.1.12R for ...)
	NOT-FOR-US: Mobile@Work (aka com.mobileiron) application for Android
CVE-2014-5902 (The UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) ...)
	NOT-FOR-US: UA Cinemas - Mobile ticketing (aka com.mtel.uacinemaapps) application for Android
CVE-2014-5901 (The Beauty Bible - App for Girls (aka com.my.beauty.bible) application ...)
	NOT-FOR-US: Beauty Bible - App for Girls (aka com.my.beauty.bible) application for Android
CVE-2014-5900 (The myHomework Student Planner (aka com.myhomeowork) application 3.0.2 ...)
	NOT-FOR-US: myHomework Student Planner (aka com.myhomeowork) application for Android
CVE-2014-5899 (The Nespresso (aka com.nespresso.activities) application 2.4.1 for ...)
	NOT-FOR-US: Nespresso (aka com.nespresso.activities) application for Android
CVE-2014-5898 (The Heavy Duty Truck Driver Simulator 3D (aka ...)
	NOT-FOR-US: Heavy Duty Truck Driver Simulator 3D (aka com.oas.heavy.duty.truck.driver.simulator3d) application for Android
CVE-2014-5897 (The Parallel Mafia MMORPG (aka com.perblue.pm.client) application ...)
	NOT-FOR-US: Parallel Mafia MMORPG (aka com.perblue.pm.client) application for Android
CVE-2014-5896 (The GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) ...)
	NOT-FOR-US: GlobalTalk- free phone calls (aka com.seawolftech.globaltalk) application for Android
CVE-2014-5895 (The ShopYourWay (aka com.sears.shopyourway) application 1.9 for ...)
	NOT-FOR-US: ShopYourWay (aka com.sears.shopyourway) application for Android
CVE-2014-5894 (The AireTalk: Text, Call, &amp; More! (aka com.pingshow.amper) application ...)
	NOT-FOR-US: AireTalk: Text, Call, & More! (aka com.pingshow.amper) application for Android
CVE-2014-5893 (The froyo (aka com.shinsegae.mobile.froyo) application 5.1.3 for ...)
	NOT-FOR-US: froyo (aka com.shinsegae.mobile.froyo) application for Android
CVE-2014-5892 (The greenbill (aka com.show.greenbill_G) application 2.0.3 for Android ...)
	NOT-FOR-US: greenbill (aka com.show.greenbill_G) application for Android
CVE-2014-5891 (The SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application ...)
	NOT-FOR-US: SnipSnap Coupon App (aka com.snipsnap.snipsnapapp) application for Android
CVE-2014-5890 (The KBO sports2i 2014 (aka com.sports2i) application 5.1.00 for ...)
	NOT-FOR-US: KBO sports2i 2014 (aka com.sports2i) application for Android
CVE-2014-5889 (The Android Forums (aka com.tapatalk.androidforumscom) application ...)
	NOT-FOR-US: Android Forums (aka com.tapatalk.androidforumscom) application for Android
CVE-2014-5888 (The SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) ...)
	NOT-FOR-US: SLOTS: Bible Slots Free (aka com.topfreegames.topbibleslots) application for Android
CVE-2014-5887 (The Yell Local Search (aka com.yell.launcher2) application 4.2.1.4 for ...)
	NOT-FOR-US: Yell Local Search (aka com.yell.launcher2) application for Android
CVE-2014-5886 (The iVysilani ceske televize (aka cz.motion.ivysilani) application 1.6 ...)
	NOT-FOR-US: iVysilani ceske televize (aka cz.motion.ivysilani) application for Android
CVE-2014-5885 (The Disaster Alert (aka disasterAlert.PDC) application 3.2 for Android ...)
	NOT-FOR-US: Disaster Alert (aka disasterAlert.PDC) application for Android
CVE-2014-5884 (The 1&amp;1 Online Storage (aka de.einsundeins.smartdrive) application ...)
	NOT-FOR-US: 1&1 Online Storage (aka de.einsundeins.smartdrive) application for Android
CVE-2014-5883 (The 7-ELEVEN (aka ecowork.seven) application 2.08.000 for Android does ...)
	NOT-FOR-US: 7-ELEVEN (aka ecowork.seven) application for Android
CVE-2014-5882 (The Homoo Ijiri (aka jp.co.applica) application 3.7 for Android does ...)
	NOT-FOR-US: Homoo Ijiri (aka jp.co.applica) application for Android
CVE-2014-5881 (The Yahoo! Japan Box (aka jp.co.yahoo.android.ybox) application 1.5.1 ...)
	NOT-FOR-US: Yahoo! ybox application for android
CVE-2014-5879 (The tvguide (aka kenneth.tvguide) application 1.9.14 for Android does ...)
	NOT-FOR-US: tvguide application for Android
CVE-2014-5878 (The ium (aka net.ium.mobile.android) application 3.3.4 for Android ...)
	NOT-FOR-US: ium application for Android
CVE-2014-5877 (The TV Guide (aka net.micene.minigroup.palimpsests.lite) application ...)
	NOT-FOR-US: TV Guide application for Android
CVE-2014-5876 (The WD My Cloud (aka com.wdc.wd2go) application 4.0.0 for Android does ...)
	NOT-FOR-US: WD My Cloud application for Android
CVE-2014-5875 (The Sylphone (aka com.sylpheo.prospectosyl) application 5.3.8 for ...)
	NOT-FOR-US: Sylphone application for Android
CVE-2014-5874 (The SplashID (aka com.splashidandroid) application 7.2.2 for Android ...)
	NOT-FOR-US: SplashID application for Android
CVE-2014-5873 (The Sears (aka com.sears.android) application 6.2.8 for Android does ...)
	NOT-FOR-US: Sears application for Android
CVE-2014-5872 (The SafeNetMobile Pass (aka ...)
	NOT-FOR-US: SafeNetMobile Pass application for Android
CVE-2014-5871 (The Piwik Mobile 2 (aka org.piwik.mobile2) application 2.0.1 for ...)
	NOT-FOR-US: Piwik Mobile 2 application for Android
CVE-2014-5870 (The Kmart (aka com.kmart.android) application 6.2.8 for Android does ...)
	NOT-FOR-US: Kmart application for Android
CVE-2014-5869 (The CNNMoney Portfolio (aka com.cnn.cnnmoney) application 1.03 for ...)
	NOT-FOR-US: CNNMoney Portfolio application for Android
CVE-2014-5868 (The Cisco Technical Support (aka com.cisco.swtg_android) application ...)
	NOT-FOR-US: Cisco Technical Support application for Android
CVE-2014-5867 (The Capital One Spark Pay (aka com.capitalone.sparkpay) application ...)
	NOT-FOR-US: Capital One Spark Pay application for Android
CVE-2014-5866 (The CA DMV (aka gov.ca.dmv) application 2 for Android does not verify ...)
	NOT-FOR-US: CA DMV application for Android
CVE-2014-5865 (The Ask.com (aka com.ask.android) application 2.2.5 for Android does ...)
	NOT-FOR-US: Ask.com application for Android
CVE-2014-5864 (The Swish payments (aka se.bankgirot.swish) application 2 for Android ...)
	NOT-FOR-US: Swish payments application for Android
CVE-2014-5863 (The mpang.gp (aka air.com.cjenm.mpang.gp) application 4.0.0 for ...)
	NOT-FOR-US: mpang.gp application for Android
CVE-2014-5862 (The ecalendar2 (aka cn.etouch.ecalendar2) application 4.5.3 for ...)
	NOT-FOR-US: ecalendar2 application for Android
CVE-2014-5861 (The BoyAhoy - Gay Chat (aka com.boyahoy.android) application 4.3.6 for ...)
	NOT-FOR-US: BoyAhoy application for Android
CVE-2014-5860 (The Slide Show Creator (aka com.amem) application 4.4.3 for Android ...)
	NOT-FOR-US: Slide Show Creator application for Android
CVE-2014-5859 (The Star Girl: Colors of Spring (aka ...)
	NOT-FOR-US: Star Girl application for Android
CVE-2014-5858 (The Candy Blast (aka com.appgame7.candyblast) application 1.1.001 for ...)
	NOT-FOR-US: Candy Blast application for Android
CVE-2014-5857 (The White &amp; Yellow Pages (aka com.avantar.wny) application 5.1.1 for ...)
	NOT-FOR-US: White & Yellow Pages application for Android
CVE-2014-5856 (The Selfie Camera -Facial Beauty- (aka com.cfinc.cunpic) application ...)
	NOT-FOR-US: Selfie Camera application for Android
CVE-2014-5855 (The CJmall (aka com.cjoshppingphone) application 4.1.8 for Android ...)
	NOT-FOR-US: CJmall application for Android
CVE-2014-5854 (The Windows Live Hotmail PUSH mail (aka com.clearhub.wl) application ...)
	NOT-FOR-US: Windows Live Hotmail PUSH mail application for Android
CVE-2014-5853 (The Knights N Squires (aka ...)
	NOT-FOR-US: Knights N Squires application for Android
CVE-2014-5852 (The Kakao (aka ...)
	NOT-FOR-US: Kakao application for Android
CVE-2014-5851 (The Dark Summoner (aka com.darksummoner) application 1.03.39 for ...)
	NOT-FOR-US: Dark Summoner application for Android
CVE-2014-5850 (The Kaave Fali (aka com.didilabs.kaavefali) application 1.5.1 for ...)
	NOT-FOR-US: Kaave Fali application for Android
CVE-2014-5849 (The Maleficent Free Fall (aka com.disney.maleficent_goo) application ...)
	NOT-FOR-US: Maleficent Free Fall application for Android
CVE-2014-5848 (The Dubstep Hero (aka com.electricpunch.dubstephero) application 1.9 ...)
	NOT-FOR-US: Dubstep Hero application for Android
CVE-2014-5847 (The Big Win Slots - Slot Machines (aka com.gosub60.BigWinSlots) ...)
	NOT-FOR-US: Big Win Slot application for Android
CVE-2014-5846 (The Fairy Princess Makeover Salon (aka ...)
	NOT-FOR-US: Fairy Princess Makeover Salon application for Android
CVE-2014-5845 (The Strike Fighters Israel (aka ...)
	NOT-FOR-US: Strike Fighers Israel application for Android
CVE-2014-5844 (The Alsunna (aka com.wAlsunna) application 0.1 for Android does not ...)
	NOT-FOR-US: Alsunna application for Android
CVE-2014-5843 (The ADP AGENCY Immobiliare (aka com.wAdpagencyAndroid) application 0.1 ...)
	NOT-FOR-US: ADP AGENCY Immobiliare application for Android
CVE-2014-5842 (The 2G Live Tv (aka com.ww2GLiveTv) application 0.9 for Android does ...)
	NOT-FOR-US: 2G Live TV application for Android
CVE-2014-5841 (The Girls Calendar Period&amp;Weight (aka jp.co.cybird.apps.lifestyle.cal) ...)
	NOT-FOR-US: Girls Calendar Period&Weight application for Android
CVE-2014-5840 (The forfone: Free Calls &amp; Messages (aka com.forfone.sip) forfone ...)
	NOT-FOR-US: forfone application for Android
CVE-2014-5839 (The Acces Compte (aka ...)
	NOT-FOR-US: Acces Compte application for Android
CVE-2014-5838 (The Girls Games - Shoes Maker (aka com.g6677.android.shoemaker) ...)
	NOT-FOR-US: Girls Games application for Android
CVE-2014-5837 (The My Railway (aka com.gameinsight.myrailway) application 1.1.33 for ...)
	NOT-FOR-US: My Railway application for Android
CVE-2014-5836 (The GittiGidiyor (aka com.gittigidiyormobil) application 1.4.1 for ...)
	NOT-FOR-US: GittiGidiyor application for Android
CVE-2014-5835 (The Club Personal (aka com.globant.clubpersonal) application 2.6 for ...)
	NOT-FOR-US: Club Personal application for Android
CVE-2014-5834 (The Solitaire Deluxe (aka com.gosub60.solfree2) application 2.8.5 for ...)
	NOT-FOR-US: Solitaire Deluxe application for Android
CVE-2014-5833 (The FriendCaster Chat (aka com.handmark.friendcaster.chat) application ...)
	NOT-FOR-US: Friendaster Chat application for Android
CVE-2014-5832 (The hananbank (aka com.hanabank.ebk.channel.android.hananbank) ...)
	NOT-FOR-US: hananbank application for Android
CVE-2014-5831 (The Hotel Story: Resort Simulation (aka com.happylabs.hotelstory) ...)
	NOT-FOR-US: Hotel Story application for Android
CVE-2014-5830 (The Farm Frenzy Gold (aka com.herocraft.game.farmfrenzy.gold) ...)
	NOT-FOR-US: Farm Frenzy Gold application for Android
CVE-2014-5829 (The Hobby Lobby Stores (aka com.hobbylobbystores.android) application ...)
	NOT-FOR-US: Hobby Lobby Stores application for Android
CVE-2014-5828 (The 3Kundenzone (aka com.hutchison3g.at.android.selfcare) application ...)
	NOT-FOR-US: 3Kundenzone application for Android
CVE-2014-5827 (The Ibotta - Better than Coupons. (aka com.ibotta.android) application ...)
	NOT-FOR-US: Ibotta application for Android
CVE-2014-5826 (The Rix GO Locker Theme (aka ...)
	NOT-FOR-US: Rix GO Locker Theme application for Android
CVE-2014-5825 (The Guess The Movie (aka com.june.guessthemovie) application 2.982 for ...)
	NOT-FOR-US: Guess The Movie application for Android
CVE-2014-5824 (The longjiang (aka com.longjiang.kr) application 2.0.6 for Android ...)
	NOT-FOR-US: longjiang application for Android
CVE-2014-5823 (The The Cleaner - Speed up &amp; Clean (aka com.liquidum.thecleaner) ...)
	NOT-FOR-US: The Cleaner application for Android
CVE-2014-5822 (The VK Kate Mobile (aka com.perm.kate) application 9.6.1 for Android ...)
	NOT-FOR-US: VK Kate Mobile application for Android
CVE-2014-5821 (The Guitar Tuner Free - GuitarTuna (aka com.ovelin.guitartuna) ...)
	NOT-FOR-US: Guitar Tuner Free application for Android
CVE-2014-5820 (The OkCupid Dating (com.okcupid.okcupid) application 3.4.6 for Android ...)
	NOT-FOR-US: OkCupid Dating application for Android
CVE-2014-5819 (The PHONE for Google Voice &amp; GTalk (aka com.moplus.gvphone) ...)
	NOT-FOR-US: PHONE for Google Voice & GTalk application for Android
CVE-2014-5818 (The Tiny Tower (aka com.mobage.ww.a560.tinytower_android) application ...)
	NOT-FOR-US: Tiny Tower application for Android
CVE-2014-5817 (The Mini Pets (aka com.miniclip.animalshelter) application 2.0.3 for ...)
	NOT-FOR-US: Mini Pets application for Android
CVE-2014-5816 (The MeiPai (aka com.meitu.meipaimv) application 1.2.0 for Android does ...)
	NOT-FOR-US: MeiPai application for Android
CVE-2014-5815 (The Solitaire Arena (aka com.mavenhut.solitaire) application 1.0.15 ...)
	NOT-FOR-US: Solitaire Arena application for Android
CVE-2014-5814
	REJECTED
CVE-2014-5813 (The lostword (aka zozo.android.lostword) application 5.9 for Android ...)
	NOT-FOR-US: lostword application for Android
CVE-2014-5812 (The VDM Officiel (aka vdm.activities) application 5 for Android does ...)
	NOT-FOR-US: VDM Officiel application for Android
CVE-2014-5811 (The ZOOM Cloud Meetings (aka us.zoom.videomeetings) application ...)
	NOT-FOR-US: ZOOM cloud Meetings application for Android
CVE-2014-5810 (The SGK Hizmet Dokumu 4a (aka tr.gov.sgk.hizmetDokumu4a) application ...)
	NOT-FOR-US: SGK Hizmet Dokumu 4a application for Android
CVE-2014-5809 (The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for ...)
	NOT-FOR-US: Smart Browser (aka smartbrowser.geniuscloud) application for Android
CVE-2014-5808 (The Whisper (aka sh.whisper) application 4.0.6 for Android does not ...)
	NOT-FOR-US: Whisper application for Android
CVE-2014-5807 (The Safari Browser (aka safari.safaribrowser.internetexplorer) ...)
	NOT-FOR-US: Safari Browser application for Android
CVE-2014-5806 (The World of Tanks Assistant (aka ru.worldoftanks.mobile) application ...)
	NOT-FOR-US: World of Tanks Assistant application for Android
CVE-2014-5805 (The Dating for everyone - Mamba! (aka ru.mamba.client) application 3.5 ...)
	NOT-FOR-US: Dating for everyone - Mamba! application for Android
CVE-2014-5804 (The Mail.Ru Dating (aka ru.mail.love) application 3 for Android does ...)
	NOT-FOR-US: Mail.Ru Dating application for Android
CVE-2014-5803 (The Towers N' Trolls (aka project.android.ftdjni) application 1.6.4 ...)
	NOT-FOR-US: Towers N' Trolls application for Android
CVE-2014-5802 (The PlayScape (aka playscape.mominis.gameconsole.com) application ...)
	NOT-FOR-US: PlayScape application for Android
CVE-2014-5801 (The DataGard VPN + AV (aka ocshield.com) application @7F050013 for ...)
	NOT-FOR-US: DataGard VPN + AV application for Android
CVE-2014-5800 (The smart.nhibzbanking (aka nh.smart.nhibzbanking) application 2.1 for ...)
	NOT-FOR-US: smart.nhibzbanking application for Android
CVE-2014-5799 (The smart.card (aka nh.smart.card) application 3.2 for Android does ...)
	NOT-FOR-US: smart.card application for Android
CVE-2014-5798 (The smart.calculator (aka nh.smart.calculator) application 2 for ...)
	NOT-FOR-US: smart.calculator application for Android
CVE-2014-5797 (The smart (aka nh.smart) application 3.0.5 for Android does not verify ...)
	NOT-FOR-US: smart application for Android
CVE-2014-5796 (The Chest Workout (aka net.p4p.chest) application 2.0.8 for Android ...)
	NOT-FOR-US: Chest workout application for Android
CVE-2014-5794 (The 8 Minutes Abs Workout (aka net.p4p.absen) application 2.0.9 for ...)
	NOT-FOR-US: 8 Minutes Abs Workout application for Android
CVE-2014-5793 (The Bilgi Yarisi (aka net.mobilecraft.bilgiyarisi) application 1.8 for ...)
	NOT-FOR-US: Bilgi Yarisi application for Android
CVE-2014-5792 (The Reign of Dragons: Build-Battle (aka ...)
	NOT-FOR-US: Reign of Dragons application for Android
CVE-2014-5791 (The Daum Cloud (aka net.daum.android.cloud) application 1.6.18 for ...)
	NOT-FOR-US: Daum cloud application for Android
CVE-2014-5790 (The Pets Fun House (aka mominis.Generic_Android.Pets_Fun_House) ...)
	NOT-FOR-US: Pets Fun House application for Android
CVE-2014-5789 (The Ninja Chicken Ooga Booga (aka ...)
	NOT-FOR-US: Nija Chicken Ooga Booga application for Android
CVE-2014-5788 (The Ninja Chicken Adventure Island (aka ...)
	NOT-FOR-US: Ninja Chicken Adventure Island application for Android
CVE-2014-5787 (The Ninja Chicken (aka mominis.Generic_Android.Ninja_Chicken) ...)
	NOT-FOR-US: Ninja Chicken application for Android
CVE-2014-5786 (The Jewels &amp; Diamonds (aka ...)
	NOT-FOR-US: Jewels & Diamonds application for Android
CVE-2014-5785 (The Bouncy Bill World-Cup (aka ...)
	NOT-FOR-US: Bouncy Bill World-Cup application for Android
CVE-2014-5784 (The Bouncy Bill Seasons (aka ...)
	NOT-FOR-US: Bouncy Bill Seasons application for Android
CVE-2014-5783 (The Bouncy Bill Monster Smasher ed (aka ...)
	NOT-FOR-US: Bouncy Bill Monster Smasher ed application for Android
CVE-2014-5782 (The Bouncy Bill Halloween (aka ...)
	NOT-FOR-US: Bouncy Bill Halloween application for Android
CVE-2014-5781 (The Bouncy Bill Easter Tales (aka ...)
	NOT-FOR-US: Bouncy Bill Easter Tales application for Android
CVE-2014-5780 (The Bouncy Bill (aka mominis.Generic_Android.Bouncy_Bill) application ...)
	NOT-FOR-US: Bouncy Bill application for Android
CVE-2014-5779 (The Jack'd - Gay Chat &amp; Dating (aka mobi.jackd.android) application ...)
	NOT-FOR-US: Jack'd - Gay Chat & Dating (aka mobi.jackd.android) application for Android
CVE-2014-5778 (The Pou (aka me.pou.app) application 1.4.53 for Android does not ...)
	NOT-FOR-US: Pou (aka me.pou.app) application for Android
CVE-2014-5777 (The icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) ...)
	NOT-FOR-US: icon wallpaper dressup-CocoPPa (aka jp.united.app.cocoppa) application for Android
CVE-2014-5776 (The PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) ...)
	NOT-FOR-US: PlayMemories Online (aka jp.co.sony.tablet.PersonalSpace) application for Android
CVE-2014-5775 (The Super Fast Browser (aka iron.web.jalepano.browser) application ...)
	NOT-FOR-US: Super Fast Browser (aka iron.web.jalepano.browser) application for Android
CVE-2014-5774 (The Web Browser &amp; Explorer (aka internetexplorer.browser.webexplorer) ...)
	NOT-FOR-US: Web Browser & Explorer (aka internetexplorer.browser.webexplorer) application for Android
CVE-2014-5773 (The RegisteredAssistant (aka Icr.RegisteredAssistant) application ...)
	NOT-FOR-US: RegisteredAssistant (aka Icr.RegisteredAssistant) application for Android
CVE-2014-5772 (The Government Bookstore (aka hksarg.isd.sop.govbookstore) application ...)
	NOT-FOR-US: Government Bookstore (aka hksarg.isd.sop.govbookstore) application for Android
CVE-2014-5771 (The Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application 1.1 ...)
	NOT-FOR-US: Credit Union of Texas Mobile (aka Fi_Mobile.CUOT) application for Android
CVE-2014-5770 (The Web Browser for Android (aka explore.web.browser) application 1.2 ...)
	NOT-FOR-US: Web Browser for Android (aka explore.web.browser) application for Android
CVE-2014-5769 (The Mobiscope Local (aka ehs.mobiscope.kernel) application 1.05 for ...)
	NOT-FOR-US: Mobiscope Local (aka ehs.mobiscope.kernel) application for Android
CVE-2014-5768 (The Food Planner (aka dk.boggie.madplan.android) application ...)
	NOT-FOR-US: Food Planner (aka dk.boggie.madplan.android) application for Android
CVE-2014-5767 (The IM+ (aka de.shapeservices.impluslite) application 6.6.2 for ...)
	NOT-FOR-US: IM+ (aka de.shapeservices.impluslite) application for Android
CVE-2014-5766 (The Uber B2B (aka de.mobileeventguide.uberb2b) application 1.9 for ...)
	NOT-FOR-US: Uber B2B (aka de.mobileeventguide.uberb2b) application for Android
CVE-2014-5765 (The Paint for Friends (aka de.lotumlabs.buddypainting) application ...)
	NOT-FOR-US: Paint for Friends (aka de.lotumlabs.buddypainting) application for Android
CVE-2014-5764 (The Antivirus Free (aka com.zrgiu.antivirus) application 7.2.16.02 for ...)
	NOT-FOR-US: Antivirus Free (aka com.zrgiu.antivirus) application for Android
CVE-2014-5763 (The Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application ...)
	NOT-FOR-US: Kid Mode: Free Games + Lock (aka com.zoodles.kidmode) application for Android
CVE-2014-5762 (The Cut the Rope: Time Travel (aka ...)
	NOT-FOR-US: Cut the Rope: Time Travel (aka com.zeptolab.timetravel.free.google) application for Android
CVE-2014-5761 (The Zipcar (aka com.zc.android) application 3.4.2 for Android does not ...)
	NOT-FOR-US: Zipcar (aka com.zc.android) application for Android
CVE-2014-5760 (The Pizza Hut (aka com.yum.pizzahut) application 2.0.5 for Android ...)
	NOT-FOR-US: Pizza Hut (aka com.yum.pizzahut) application for Android
CVE-2014-5759 (The Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) ...)
	NOT-FOR-US: Awesome Antivirus 2014 (aka com.yoursite.top5antivirus2014) application for Android
CVE-2014-5758 (The Yellow Pages Local Search (aka com.yellowbook.android2) ...)
	NOT-FOR-US: Yellow Pages Local Search (aka com.yellowbook.android2) application for Android
CVE-2014-5757 (The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for ...)
	NOT-FOR-US: Buy Tickets (aka com.xcr.android.buytickets) application for Android
CVE-2014-5756 (The Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) ...)
	NOT-FOR-US: Buy 99 Cents Only Products (aka com.ww99CentsOnlyStores) application for Android
CVE-2014-5755 (The verizon (aka com.wverizonwirelessbill) application 0.1 for Android ...)
	NOT-FOR-US: verizon (aka com.wverizonwirelessbill) application for Android
CVE-2014-5754 (The Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) ...)
	NOT-FOR-US: Verizon Instant Refills 24/7 (aka com.wVerizonInstantRefill247) application for Android
CVE-2014-5753 (The Twitter No Background (aka com.wTwitternobackground) application ...)
	NOT-FOR-US: Twitter No Background (aka com.wTwitternobackground) application for Android
CVE-2014-5752 (The wTradersActivity (aka com.wTradersActivity) application 0.1 for ...)
	NOT-FOR-US: wTradersActivity (aka com.wTradersActivity) application for Android
CVE-2014-5751 (The Tor Browser the Short Guide (aka com.wTorShortUserManual) ...)
	NOT-FOR-US: Tor Browser the Short Guide (aka com.wTorShortUserManual) application for Android
CVE-2014-5750 (The Pro Bet Tips (aka com.wProBetTips) application 0.2 for Android ...)
	NOT-FOR-US: Pro Bet Tips (aka com.wProBetTips) application for Android
CVE-2014-5749 (The Jelly Splash (aka com.wooga.jelly_splash) application 1.11.3 for ...)
	NOT-FOR-US: Jelly Splash (aka com.wooga.jelly_splash) application for Android
CVE-2014-5748 (The wK12olslogin (aka com.wK12olslogin) application 0.1 for Android ...)
	NOT-FOR-US: wK12olslogin (aka com.wK12olslogin) application for Android
CVE-2014-5747 (The XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) ...)
	NOT-FOR-US: XFINITY Constant Guard Mobile (aka com.whitesky.mobile.android) application for Android
CVE-2014-5746 (The Government Best Jobs (aka com.wGovernmentBestJobs) application 0.1 ...)
	NOT-FOR-US: Government Best Jobs (aka com.wGovernmentBestJobs) application for Android
CVE-2014-5745 (The FREE Pageplus Activation (aka com.wFREEPageplusActivations) ...)
	NOT-FOR-US: FREE Pageplus Activation (aka com.wFREEPageplusActivations) application for Android
CVE-2014-5744 (The RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) ...)
	NOT-FOR-US: RE-VOLT 2 : MULTIPLAYER (aka com.wegoi.revolt2multiplayer) application for Android
CVE-2014-5743 (The RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) ...)
	NOT-FOR-US: RE-VOLT 2 : Best RC 3D Racing (aka com.wego.revolt2_global) application for Android
CVE-2014-5742 (The Eversnap Private Photo Album (aka com.weddingsnap.android) ...)
	NOT-FOR-US: Eversnap Private Photo Album (aka com.weddingsnap.android) application for Android
CVE-2014-5741 (The Security - Complete (aka com.webroot.security.complete) ...)
	NOT-FOR-US: Security - Complete (aka com.webroot.security.complete) application for Android
CVE-2014-5740 (The Security - Free (aka com.webroot.security) application 3.6.0.6610 ...)
	NOT-FOR-US: Security - Free (aka com.webroot.security) application for Android
CVE-2014-5739 (The Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) ...)
	NOT-FOR-US: Garfield's Diner (aka com.webprancer.google.GarfieldsDiner) application for Android
CVE-2014-5738 (The Garfield's Defense (aka com.webprancer.google.garfieldDefense) ...)
	NOT-FOR-US: Garfield's Defense (aka com.webprancer.google.garfieldDefense) application for Android
CVE-2014-5737 (The CDsoft (aka com.wCDSOFT) application 0.2 for Android does not ...)
	NOT-FOR-US: CDsoft (aka com.wCDSOFT) application for Android
CVE-2014-5736 (The Buy Coins (aka com.wBuyCoins) application 0.62.13364.24150 for ...)
	NOT-FOR-US: Buy Coins (aka com.wBuyCoins) application for Android
CVE-2014-5735 (The Buy A Gift (aka com.wBuyAGift) application 13529.90084 for Android ...)
	NOT-FOR-US: Buy A Gift (aka com.wBuyAGift) application for Android
CVE-2014-5734 (The Buy Books (aka com.wBooksForSale) application 0.1 for Android does ...)
	NOT-FOR-US: Buy Books (aka com.wBooksForSale) application for Android
CVE-2014-5733 (The Shop Love (aka com.waterwish.shoplove) application 1.05 for ...)
	NOT-FOR-US: Shop Love (aka com.waterwish.shoplove) application for Android
CVE-2014-5732 (The Wamba - meet women and men (aka com.wamba.client) application 3 ...)
	NOT-FOR-US: Wamba - meet women and men (aka com.wamba.client) application for Android
CVE-2014-5731 (The Word Search (aka com.virtuesoft.wordsearch) application 2.3.0 for ...)
	NOT-FOR-US: Word Search (aka com.virtuesoft.wordsearch) application for Android
CVE-2014-5730 (The russkoe TB HD (aka com.videotelecom.russkoeHD) application 3.6 for ...)
	NOT-FOR-US: russkoe TB HD (aka com.videotelecom.russkoeHD) application for Android
CVE-2014-5729 (The Viddy (aka com.viddy.Viddy) application 1.3.9 for Android does not ...)
	NOT-FOR-US: Viddy (aka com.viddy.Viddy) application for Android
CVE-2014-5728 (The Vevo - Watch HD Music Videos (aka com.vevo) application 2.0.27 for ...)
	NOT-FOR-US: Vevo - Watch HD Music Videos (aka com.vevo) application for Android
CVE-2014-5727 (The uTorrent Remote (aka com.utorrent.web) application 1.0.20110929 ...)
	NOT-FOR-US: uTorrent Remote (aka com.utorrent.web) application for Android
CVE-2014-5726 (The Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) ...)
	NOT-FOR-US: Security Service myBranch App (aka com.tyfone.ssfcu.mbanking) application for Android
CVE-2014-5725 (The Truecaller - Caller ID &amp; Block (aka com.truecaller) application ...)
	NOT-FOR-US: Truecaller - Caller ID & Block (aka com.truecaller) application for Android
CVE-2014-5724 (The Gambling Insider Magazine (aka com.triactivemedia.gambling) ...)
	NOT-FOR-US: Gambling Insider Magazine (aka com.triactivemedia.gambling) application for Android
CVE-2014-5723 (The Trapster (aka com.trapster.android) application 4.3.2 for Android ...)
	NOT-FOR-US: Trapster (aka com.trapster.android) application for Android
CVE-2014-5722 (The SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application ...)
	NOT-FOR-US: SwiftKey Keyboard + Emoji (aka com.touchtype.swiftkey) application for Android
CVE-2014-5721 (The Touchnote Postcards (aka com.touchnote.android) application 4.2.7 ...)
	NOT-FOR-US: Touchnote Postcards (aka com.touchnote.android) application for Android
CVE-2014-5720 (The Bike Race Free - Top Free Game (aka ...)
	NOT-FOR-US: Bike Race Free - Top Free Game (aka com.topfreegames.bikeracefreeworld) application for Android
CVE-2014-5719 (The BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) ...)
	NOT-FOR-US: BIKE RACING 2014 (aka com.timuzsolutions.bikeracing2014) application for Android
CVE-2014-5718
	REJECTED
CVE-2014-5717 (The Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) ...)
	NOT-FOR-US: Fashion Style (aka com.thirtysixyougames.google.starGirlSingapore) application for Android
CVE-2014-5716 (The GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) ...)
	NOT-FOR-US: GUNSHIP BATTLE : Helicopter 3D (aka com.theonegames.gunshipbattle) application for Android
CVE-2014-5715 (The Street Racing (aka com.tgb.streetracing.lite5pp) application 4.0.4 ...)
	NOT-FOR-US: Street Racing (aka com.tgb.streetracing.lite5pp) application for Android
CVE-2014-5714 (The Text Me! Free Texting &amp; Call (aka com.textmeinc.textme) ...)
	NOT-FOR-US: Text Me! Free Texting & Call (aka com.textmeinc.textme) application for Android
CVE-2014-5713 (The Telly - Watch the good stuff (aka com.telly) application 2.5.1 for ...)
	NOT-FOR-US: Telly - Watch the good stuff (aka com.telly) application for Android
CVE-2014-5712 (The Turbo River Racing Free (aka com.tektite.androidgames.trrfree) ...)
	NOT-FOR-US: Turbo River Racing Free (aka com.tektite.androidgames.trrfree) application for Android
CVE-2014-5711 (The Microsoft Tech Companion (aka com.technet) application 1.0.6 for ...)
	NOT-FOR-US: Microsoft Tech Companion (aka com.technet) application for Android
CVE-2014-5710 (The Cisco Class Locator Fast Lane (aka ...)
	NOT-FOR-US: Cisco Class Locator Fast Lane (aka com.tabletkings.mycompany.fastlane.cisco) application for Android
CVE-2014-5709 (The Donut Maker (aka com.sunstorm.android.donut) application 1.27 for ...)
	NOT-FOR-US: Donut Maker (aka com.sunstorm.android.donut) application for Android
CVE-2014-5708 (The Best Racing/moto Games Ranking (aka com.subapp.android.racing) ...)
	NOT-FOR-US: Best Racing/moto Games Ranking (aka com.subapp.android.racing) application for Android
CVE-2014-5707 (The Bunny Run (aka com.stargirlgames.google.bunnyrun) application ...)
	NOT-FOR-US: Bunny Run (aka com.stargirlgames.google.bunnyrun) application for Android
CVE-2014-5706 (The SomNote - Journal/Memo (aka com.somcloud.somnote) application ...)
	NOT-FOR-US: SomNote - Journal/Memo (aka com.somcloud.somnote) application for Android
CVE-2014-5705 (The Sonic CD Lite (aka com.soa.sega.soniccdlite) application 1.0.4 for ...)
	NOT-FOR-US: Sonic CD Lite (aka com.soa.sega.soniccdlite) application for Android
CVE-2014-5704 (The DISH Anywhere (aka com.sm.SlingGuide.Dish) application 3.5.10 for ...)
	NOT-FOR-US: DISH Anywhere (aka com.sm.SlingGuide.Dish) application for Android
CVE-2014-5703 (The Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) ...)
	NOT-FOR-US: Slingo Lottery Challenge (aka com.slingo.slingolotterychallenge) application for Android
CVE-2014-5702 (The Penguin Run (aka com.skyboard.google.penguinRun) application 1.1 ...)
	NOT-FOR-US: Penguin Run (aka com.skyboard.google.penguinRun) application for Android
CVE-2014-5701 (The Skout: Chats. Friends. Fun. (aka com.skout.android) application ...)
	NOT-FOR-US: Skout: Chats. Friends. Fun. (aka com.skout.android) application for Android
CVE-2014-5700 (The Brain lab - brain age games IQ (aka com.sixdead.brainlab) ...)
	NOT-FOR-US: Brain lab - brain age games IQ (aka com.sixdead.brainlab) application for Android
CVE-2014-5699 (The Parallel Kingdom MMO (aka com.silvermoon.client) application ...)
	NOT-FOR-US: Parallel Kingdom MMO (aka com.silvermoon.client) application for Android
CVE-2014-5698 (The Furdiburb (aka com.sheado.lite.pet) application 1.1.2 for Android ...)
	NOT-FOR-US: Furdiburb (aka com.sheado.lite.pet) application for Android
CVE-2014-5697 (The Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application 2 ...)
	NOT-FOR-US: Dress Up! Girl Party (aka com.sgn.DressUp.GirlParty) application for Android
CVE-2014-5696 (The Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application ...)
	NOT-FOR-US: Sonic 4 Episode II LITE (aka com.sega.sonic4ep2lite) application for Android
CVE-2014-5695 (The Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application ...)
	NOT-FOR-US: Hello Kitty Cafe (aka com.sd.google.helloKittyCafe) application for Android
CVE-2014-5694 (The Scoutmob local deals &amp; events (aka com.scoutmob.ile) application ...)
	NOT-FOR-US: Scoutmob local deals & events (aka com.scoutmob.ile) application for Android
CVE-2014-5693 (The Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) ...)
	NOT-FOR-US: Slots Vacation - FREE Slots (aka com.scopely.slotsvacation) application for Android
CVE-2014-5692 (The Safeway (aka com.safeway.client.android.safeway) application 4.1.0 ...)
	NOT-FOR-US: Safeway (aka com.safeway.client.android.safeway) application for Android
CVE-2014-5691 (The Best Phone Security (aka com.rvappstudios.phonesecurity) ...)
	NOT-FOR-US: Best Phone Security (aka com.rvappstudios.phonesecurity) application for Android
CVE-2014-5690 (The Runtastic Timer (aka com.runtastic.android.timer) application ...)
	NOT-FOR-US: Runtastic Timer (aka com.runtastic.android.timer) application for Android
CVE-2014-5689 (The Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) ...)
	NOT-FOR-US: Runtastic Road Bike (aka com.runtastic.android.roadbike.lite) application for Android
CVE-2014-5688 (The Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) ...)
	NOT-FOR-US: Runtastic Pedometer (aka com.runtastic.android.pedometer.lite) application for Android
CVE-2014-5687 (The Runtastic Mountain Bike (aka ...)
	NOT-FOR-US: Runtastic Mountain Bike (aka com.runtastic.android.mountainbike.lite) application for Android
CVE-2014-5686 (The Runtastic Me (aka com.runtastic.android.me.lite) application 1.0.2 ...)
	NOT-FOR-US: Runtastic Me (aka com.runtastic.android.me.lite) application for Android
CVE-2014-5685 (The Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) ...)
	NOT-FOR-US: Runtastic Heart Rate (aka com.runtastic.android.heartrate.lite) application for Android
CVE-2014-5684 (The Runtastic Running &amp; Fitness (aka com.runtastic.android) ...)
	NOT-FOR-US: Runtastic Running & Fitness (aka com.runtastic.android) application for Android
CVE-2014-5683 (The Piano Teacher (aka com.rubycell.pianisthd) application 20140730 ...)
	NOT-FOR-US: Piano Teacher (aka com.rubycell.pianisthd) application for Android
CVE-2014-5682 (The Retale - Weekly Ads &amp; Deals (aka com.retale.android) application ...)
	NOT-FOR-US: Retale - Weekly Ads & Deals (aka com.retale.android) application for Android
CVE-2014-5681 (The XDA-Developers (aka com.quoord.tapatalkxda.activity) application ...)
	NOT-FOR-US: XDA-Developers (aka com.quoord.tapatalkxda.activity) application for Android
CVE-2014-5680 (The Tapatalk (aka com.quoord.tapatalkpro.activity) application 4.8.0 ...)
	NOT-FOR-US: Tapatalk (aka com.quoord.tapatalkpro.activity) application for Android
CVE-2014-5679 (The PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application ...)
	NOT-FOR-US: PopU 2: Get Likes on Instagram (aka com.popuapp.popu) application for Android
CVE-2014-5678 (The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for ...)
	NOT-FOR-US: IQ Test (aka com.pophub.androidiqtest.free) application for Android
CVE-2014-5677 (The Point Inside Shopping &amp; Travel (aka com.pointinside.android.app) ...)
	NOT-FOR-US: Point Inside Shopping & Travel (aka com.pointinside.android.app) application for Android
CVE-2014-5676 (The Township (aka com.playrix.township) application 1.5.1 for Android ...)
	NOT-FOR-US: Township (aka com.playrix.township) application for Android
CVE-2014-5675 (The Phonegram - Instagram Download (aka com.pinssible.padgram) ...)
	NOT-FOR-US: Phonegram - Instagram Download (aka com.pinssible.padgram) application for Android
CVE-2014-5674 (The PicsArt - Photo Studio (aka com.picsart.studio) application 4.5.5 ...)
	NOT-FOR-US: PicsArt - Photo Studio (aka com.picsart.studio) application for Android
CVE-2014-5673 (The Easy Finder &amp; Anti-Theft (aka com.nqmobile.easyfinder) application ...)
	NOT-FOR-US: Easy Finder & Anti-Theft (aka com.nqmobile.easyfinder) application for Android
CVE-2014-5672 (The NQ Mobile Security &amp; Antivirus (aka com.nqmobile.antivirus20) ...)
	NOT-FOR-US: NQ Mobile Security & Antivirus (aka com.nqmobile.antivirus20) application for Android
CVE-2014-5671 (The Super Stickman Golf (aka com.noodlecake.ssg) application 2.2 for ...)
	NOT-FOR-US: Super Stickman Golf (aka com.noodlecake.ssg) application for Android
CVE-2014-5670 (The SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) ...)
	NOT-FOR-US: SAS: Zombie Assault 3 (aka com.ninjakiwi.sas3zombieassault) application for Android
CVE-2014-5669 (The 9GAG - Funny pics and videos (aka com.ninegag.android.app) ...)
	NOT-FOR-US: 9GAG - Funny pics and videos (aka com.ninegag.android.app) application for Android
CVE-2014-5668 (The BAND -Group sharing &amp; planning (aka com.nhn.android.band) ...)
	NOT-FOR-US: BAND -Group sharing & planning (aka com.nhn.android.band) application for Android
CVE-2014-5667 (The Vault-Hide SMS, Pics &amp; Videos (aka com.netqin.ps) application ...)
	NOT-FOR-US: Vault-Hide SMS, Pics & Videos (aka com.netqin.ps) application for Android
CVE-2014-5666 (The AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) ...)
	NOT-FOR-US: AVD Download Video (aka com.myboyfriendisageek.videocatcher.demo) application for Android
CVE-2014-5665 (The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for ...)
	NOT-FOR-US: Mzone Login (aka com.mr384.MzoneLogin) application for Android
CVE-2014-5664 (The Spider Solitaire (aka com.mobilityware.spider) application 3.0.0 ...)
	NOT-FOR-US: Spider Solitaire (aka com.mobilityware.spider) application for Android
CVE-2014-5663 (The FreeCell Solitaire (aka com.mobilityware.freecell) application ...)
	NOT-FOR-US: FreeCell Solitaire (aka com.mobilityware.freecell) application for Android
CVE-2014-5662 (The Rail Rush (aka com.miniclip.railrush) application 1.9.0 for ...)
	NOT-FOR-US: Rail Rush (aka com.miniclip.railrush) application for Android
CVE-2014-5661 (The Anger of Stick 3 (aka com.miniclip.angerofstick3) application ...)
	NOT-FOR-US: Anger of Stick 3 (aka com.miniclip.angerofstick3) application for Android
CVE-2014-5660 (The TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application ...)
	NOT-FOR-US: TN Members 1st FCU-RDC (aka com.metova.cuae.tmffcu) application for Android
CVE-2014-5659 (The ASTRO File Manager with Cloud (aka com.metago.astro) application ...)
	NOT-FOR-US: ASTRO File Manager with Cloud (aka com.metago.astro) application for Android
CVE-2014-5658 (The MercadoLibre (aka com.mercadolibre) application 3.8.7 for Android ...)
	NOT-FOR-US: MercadoLibre (aka com.mercadolibre) application for Android
CVE-2014-5657 (The CA Lottery Results (aka com.matcho0.calotto) application 2.1 for ...)
	NOT-FOR-US: CA Lottery Results (aka com.matcho0.calotto) application for Android
CVE-2014-5656 (The TRA Auctions for Buyers (aka com.manheim.tra) application 2.6 for ...)
	NOT-FOR-US: TRA Auctions for Buyers (aka com.manheim.tra) application for Android
CVE-2014-5655 (The CM Browser - Fast &amp; Secure (aka com.ksmobile.cb) application ...)
	NOT-FOR-US: CM Browser - Fast & Secure (aka com.ksmobile.cb) application for Android
CVE-2014-5654 (The Kaspersky Internet Security (aka com.kms.free) application ...)
	NOT-FOR-US: Kaspersky Internet Security (aka com.kms.free) application for Android
CVE-2014-5653 (The Unblock Me FREE (aka com.kiragames.unblockmefree) application ...)
	NOT-FOR-US: Unblock Me FREE (aka com.kiragames.unblockmefree) application for Android
CVE-2014-5652 (The Kicksend Photo Prints (aka com.kicksend.android.print) application ...)
	NOT-FOR-US: Kicksend Photo Prints (aka com.kicksend.android.print) application for Android
CVE-2014-5651 (The Kicksend: Share &amp; Print Photos (aka com.kicksend.android) ...)
	NOT-FOR-US: Kicksend: Share & Print Photos (aka com.kicksend.android) application for Android
CVE-2014-5650 (The Traffic Jam Free (aka com.jiuzhangtech.rushhour) application 1.7.7 ...)
	NOT-FOR-US: Traffic Jam Free (aka com.jiuzhangtech.rushhour) application for Android
CVE-2014-5649 (The iLove - Free Dating &amp; Chat App (aka ...)
	NOT-FOR-US: iLove - Free Dating & Chat App (aka com.jestadigital.android.ilove) application for Android
CVE-2014-5648 (The Chat, Flirt &amp; Dating Heart JAUMO (aka com.jaumo) application 2.7.5 ...)
	NOT-FOR-US: Chat, Flirt & Dating Heart JAUMO (aka com.jaumo) application for Android
CVE-2014-5647 (The ISL Light Remote Desktop (aka ...)
	NOT-FOR-US: ISL Light Remote Desktop (aka com.islonline.isllight.mobile.android) application for Android
CVE-2014-5646 (The AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) ...)
	NOT-FOR-US: AMC Security- Antivirus, Clean (aka com.iobit.mobilecare) application for Android
CVE-2014-5645 (The CamScanner -Phone PDF Creator (aka com.intsig.camscanner) ...)
	NOT-FOR-US: CamScanner -Phone PDF Creator (aka com.intsig.camscanner) application for Android
CVE-2014-5644 (The Brightest LED Flashlight (aka ...)
	NOT-FOR-US: Brightest LED Flashlight (aka com.intellectualflame.ledflashlight.washer) application for Android
CVE-2014-5643 (The Instachat -Instagram Messenger (aka com.instachat.android) ...)
	NOT-FOR-US: Instachat -Instagram Messenger (aka com.instachat.android) application for Android
CVE-2014-5642 (The IMPI Mobile Security (aka com.impi) application 2.1.0 for Android ...)
	NOT-FOR-US: IMPI Mobile Security (aka com.impi) application for Android
CVE-2014-5641 (The Cloud Manager (aka com.ileaf.cloud_manager) application 1.6 for ...)
	NOT-FOR-US: Cloud Manager (aka com.ileaf.cloud_manager) application for Android
CVE-2014-5640 (The CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) ...)
	NOT-FOR-US: CM Backup -Restore,Cloud,Photo (aka com.ijinshan.kbackup) application for Android
CVE-2014-5639 (The ADT Taxis (aka com.icabbi.adttaxisApp) application 6 for Android ...)
	NOT-FOR-US: ADT Taxis (aka com.icabbi.adttaxisApp) application for Android
CVE-2014-5638 (The Huntington Mobile (aka com.huntington.m) application 2.1.222 for ...)
	NOT-FOR-US: Huntington Mobile (aka com.huntington.m) application for Android
CVE-2014-5637 (The Eu Sei (aka com.guilardi.eusei) application eusei_android_5.5 for ...)
	NOT-FOR-US: Eu Sei (aka com.guilardi.eusei) application for Android
CVE-2014-5636 (The Cloud Browser (aka com.granitamalta.cloudbrowser) application ...)
	NOT-FOR-US: Cloud Browser (aka com.granitamalta.cloudbrowser) application for Android
CVE-2014-5635 (The Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) ...)
	NOT-FOR-US: Buy Yorkshire Conference (aka com.gotfocus.buyyorkshire) application for Android
CVE-2014-5634 (The Madipass Martinique (aka com.goodbarber.madipassmartinique) ...)
	NOT-FOR-US: Madipass Martinique (aka com.goodbarber.madipassmartinique) application for Android
CVE-2014-5633 (The Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) ...)
	NOT-FOR-US: Kiss Kiss Office (aka com.girlsgames123.kisskissoffice) application for Android
CVE-2014-5632 (The Mega Jump (aka com.getsetgames.megajump) application @7F080002 for ...)
	NOT-FOR-US: Mega Jump (aka com.getsetgames.megajump) application for Android
CVE-2014-5631 (The Video Poker Casino (aka com.geaxgame.videopoker) application 1.0.5 ...)
	NOT-FOR-US: Video Poker Casino (aka com.geaxgame.videopoker) application for Android
CVE-2014-5630 (The Home Repair (aka com.gcspublishing.houserepairtalk) application ...)
	NOT-FOR-US: Home Repair (aka com.gcspublishing.houserepairtalk) application for Android
CVE-2014-5629 (The Stupid Zombies (aka com.gameresort.stupidzombies) application 1.12 ...)
	NOT-FOR-US: Stupid Zombies (aka com.gameresort.stupidzombies) application for Android
CVE-2014-5628 (The Wonder Zoo - Animal rescue ! (aka ...)
	NOT-FOR-US: Wonder Zoo - Animal rescue ! (aka com.gameloft.android.ANMP.GloftZRHM) application for Android
CVE-2014-5627 (The Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) ...)
	NOT-FOR-US: Ice Age Village (aka com.gameloft.android.ANMP.GloftIAHM) application for Android
CVE-2014-5626 (The Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) ...)
	NOT-FOR-US: Brothers In Arms 2 Free+ (aka com.gameloft.android.ANMP.GloftB2HM) application for Android
CVE-2014-5625 (The Perfect Kick (aka com.gamegou.PerfectKick.google) application ...)
	NOT-FOR-US: Perfect Kick (aka com.gamegou.PerfectKick.google) application for Android
CVE-2014-5624 (The Sniper Shooter Free - Fun Game (aka ...)
	NOT-FOR-US: Sniper Shooter Free - Fun Game (aka com.fungamesforfree.snipershooter.free) application for Android
CVE-2014-5623 (The penguinchefshop (aka com.freegames.penguinchefshop) application ...)
	NOT-FOR-US: penguinchefshop (aka com.freegames.penguinchefshop) application for Android
CVE-2014-5622 (The Follow Mania for Instagram (aka com.followmania) application 1.2.1 ...)
	NOT-FOR-US: Follow Mania for Instagram (aka com.followmania) application for Android
CVE-2014-5621 (The Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application ...)
	NOT-FOR-US: Office Zombie (aka com.fluik.OfficeZombieGoogleFree) application for Android
CVE-2014-5620 (The Office Jerk Free (aka com.fluik.OfficeJerkFree) application 1.7.13 ...)
	NOT-FOR-US: Office Jerk Free (aka com.fluik.OfficeJerkFree) application for Android
CVE-2014-5619
	REJECTED
CVE-2014-5618 (The Cartoon Camera (aka com.fingersoft.cartooncamera) application ...)
	NOT-FOR-US: Cartoon Camera (aka com.fingersoft.cartooncamera) application for Android
CVE-2014-5617 (The Exsoul Web Browser (aka com.exsoul) application 3.3.3 for Android ...)
	NOT-FOR-US: Exsoul Web Browser (aka com.exsoul) application for Android
CVE-2014-5616 (The Web Browser &amp; Explorer (aka com.explore.web.browser) application ...)
	NOT-FOR-US: Web Browser & Explorer (aka com.explore.web.browser) application for Android
CVE-2014-5615 (The Snap Secure (aka com.exclaim.snapsecure.app) application 9.5 for ...)
	NOT-FOR-US: Snap Secure (aka com.exclaim.snapsecure.app) application for Android
CVE-2014-5614 (The Love Collage - Photo Editor (aka com.etoolkit.lovecollage) ...)
	NOT-FOR-US: Love Collage - Photo Editor (aka com.etoolkit.lovecollage) application for Android
CVE-2014-5613 (The Able Remote (aka com.entertailion.android.remote) application ...)
	NOT-FOR-US: Able Remote (aka com.entertailion.android.remote) application for Android
CVE-2014-5612 (The Gmarket (aka com.ebay.kr.gmarket) application 5.1.3 for Android ...)
	NOT-FOR-US: Gmarket (aka com.ebay.kr.gmarket) application for Android
CVE-2014-5611 (The eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) ...)
	NOT-FOR-US: eBay Kleinanzeigen for Germany (aka com.ebay.kleinanzeigen) application for Android
CVE-2014-5610 (The ce4arab market (aka com.dreamstep.wce4arabmarket) application ...)
	NOT-FOR-US: ce4arab market (aka com.dreamstep.wce4arabmarket) application for Android
CVE-2014-5609 (The Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) ...)
	NOT-FOR-US: Stickman Ski Racer (aka com.djinnworks.StickmanSkiRacer.free) application for Android
CVE-2014-5608 (The Line Runner (Free) (aka com.djinnworks.linerunnerfree) application ...)
	NOT-FOR-US: Line Runner (Free) (aka com.djinnworks.linerunnerfree) application for Android
CVE-2014-5607 (The Where's My Water? Free (aka com.disney.WMWLite) application 1.9.1 ...)
	NOT-FOR-US: Where's My Water? Free (aka com.disney.WMWLite) application for Android
CVE-2014-5606 (The Where's My Perry? Free (aka com.disney.WMPLite) application 1.5.1 ...)
	NOT-FOR-US: Where's My Perry? Free (aka com.disney.WMPLite) application for Android
CVE-2014-5605 (The QQ Copy (aka com.digimobistudio.qqcopy) application 1 for Android ...)
	NOT-FOR-US: QQ Copy (aka com.digimobistudio.qqcopy) application for Android
CVE-2014-5604 (The Akinator the Genie FREE (aka ...)
	NOT-FOR-US: Akinator the Genie FREE (aka com.digidust.elokence.akinator.freemium) application for Android
CVE-2014-5603 (The DeskRoll Remote Desktop (aka com.deskroll.client1) application 0.6 ...)
	NOT-FOR-US: DeskRoll Remote Desktop (aka com.deskroll.client1) application for Android
CVE-2014-5602 (The Magzter -Magazine &amp; Book Store (aka com.dci.magzter) application ...)
	NOT-FOR-US: Magzter -Magazine & Book Store (aka com.dci.magzter) application for Android
CVE-2014-5601 (The 1800CONTACTS App (aka com.contacts1800.ecomapp) application 2.7.0 ...)
	NOT-FOR-US: 1800CONTACTS App (aka com.contacts1800.ecomapp) application for Android
CVE-2014-5600 (The familyconnect (aka com.comcast.plaxo.familyconnect.app) ...)
	NOT-FOR-US: familyconnect (aka com.comcast.plaxo.familyconnect.app) application for Android
CVE-2014-5599 (The Tiny Farm (aka ...)
	NOT-FOR-US: Tiny Farm (aka com.com2us.tinyfarm.normal.freefull.google.global.android.common) application for Android
CVE-2014-5598 (The Puzzle Family (aka ...)
	NOT-FOR-US: Puzzle Family (aka com.com2us.puzzlefamily.up.freefull.google.global.android.common) application for Android
CVE-2014-5597 (The 9 Innings: 2014 Pro Baseball (aka ...)
	NOT-FOR-US: 9 Innings: 2014 Pro Baseball (aka com.com2us.nipb2013.normal.freefull.google.global.android.common) application for Android
CVE-2014-5596 (The Homerun Battle 2 (aka ...)
	NOT-FOR-US: Homerun Battle 2 (aka com.com2us.homerunbattle2.normal.freefull.google.global.android.common) application for Android
CVE-2014-5595 (The actionpuzzlefamily for Kakao (aka ...)
	NOT-FOR-US: actionpuzzlefamily for Kakao (aka com.com2us.actionpuzzlefamily.kakao.freefull.google.global.android.common) application for Android
CVE-2014-5594 (The CIBC Mobile Banking (aka com.cibc.android.mobi) application 3.2 ...)
	NOT-FOR-US: CIBC Mobile Banking (aka com.cibc.android.mobi) application for Android
CVE-2014-5593 (The Christian Dating Cafe (aka com.christiancafe.mobile.android) ...)
	NOT-FOR-US: Christian Dating Cafe (aka com.christiancafe.mobile.android) application for Android
CVE-2014-5592 (The Free Dating Heart COL (aka com.choiceoflove.dating) application ...)
	NOT-FOR-US: Free Dating Heart COL (aka com.choiceoflove.dating) application for Android
CVE-2014-5591 (The Frankly Chat (aka com.chatfrankly.android) application 3.0.1 for ...)
	NOT-FOR-US: Frankly Chat (aka com.chatfrankly.android) application for Android
CVE-2014-5590 (The Snake Evolution (aka com.btwgames.snake) application 1.3.1 for ...)
	NOT-FOR-US: Snake Evolution (aka com.btwgames.snake) application for Android
CVE-2014-5589 (The Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 ...)
	NOT-FOR-US: Now Browser (Material) (aka com.browser.nowbasic) 2.8.1 application for Android
CVE-2014-5588 (The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for ...)
	NOT-FOR-US: Free eBooks (aka com.bmfapps.freekindlebooks) application for Android
CVE-2014-5587 (The brokenscreencrank (aka com.biggame.brokenscreencrank) application ...)
	NOT-FOR-US: brokenscreencrank (aka com.biggame.brokenscreencrank) application for Android
CVE-2014-5586 (The BIATNET (aka com.biatnet.mobile) application 1.1 for Android does ...)
	NOT-FOR-US: BIATNET (aka com.biatnet.mobile) application for Android
CVE-2014-5585 (The Like4Like: Get Instagram Likes (aka com.bepop.bepop) application ...)
	NOT-FOR-US: Like4Like: Get Instagram Likes (aka com.bepop.bepop) application for Android
CVE-2014-5584 (The Background Check BeenVerified (aka com.beenverified.android) ...)
	NOT-FOR-US: Background Check BeenVerified (aka com.beenverified.android) application for Android
CVE-2014-5583 (The Most Popular Ringtones (aka com.bbs.mostpopularringtones) ...)
	NOT-FOR-US: Most Popular Ringtones (aka com.bbs.mostpopularringtones) application for Android
CVE-2014-5582 (The Ingress Intel Helper (aka com.bb.ingressintel) application 1.2 for ...)
	NOT-FOR-US: Ingress Intel Helper (aka com.bb.ingressintel) application for Android
CVE-2014-5581 (The mirror photo shape (aka com.baiwang.styleinstamirror) application ...)
	NOT-FOR-US: mirror photo shape (aka com.baiwang.styleinstamirror) application for Android
CVE-2014-5580 (The BackgroundCheckProTool (aka com.BackgroundCheckProTool) ...)
	NOT-FOR-US: BackgroundCheckProTool (aka com.BackgroundCheckProTool) application for Android
CVE-2014-5579 (The Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) ...)
	NOT-FOR-US: Anywhere Pad-Meet, Collaborate (aka com.azeus.anywherepad) application for Android
CVE-2014-5578 (The Trading 212 FOREX (aka com.avuscapital.trading212) application ...)
	NOT-FOR-US: Trading 212 FOREX (aka com.avuscapital.trading212) application for Android
CVE-2014-5577 (The AVON Buy &amp; Sell (aka com.AVONBeautyntheRep) application 0.3 for ...)
	NOT-FOR-US: AVON Buy & Sell (aka com.AVONBeautyntheRep) application for Android
CVE-2014-5576 (The Avira Secure Backup (aka com.avira.avirabackup) application 1.2.3 ...)
	NOT-FOR-US: Avira Secure Backup (aka com.avira.avirabackup) application for Android
CVE-2014-5575
	REJECTED
CVE-2014-5574 (The Ask.fm - Social Q&amp;A Network (aka com.askfm) application 1.2.4 for ...)
	NOT-FOR-US: Ask.fm - Social Q&A Network (aka com.askfm) application for Android
CVE-2014-5573 (The Appstros - FREE Gift Cards! (aka com.appstros.main) application ...)
	NOT-FOR-US: Appstros - FREE Gift Cards! (aka com.appstros.main) application for Android
CVE-2014-5572 (The Jazzpodium De Tor (aka com.appmakr.app273713) application 206160 ...)
	NOT-FOR-US: Jazzpodium De Tor (aka com.appmakr.app273713) application for Android
CVE-2014-5571 (The Appeak Poker (aka com.appeak.poker) application 2.4.5 for Android ...)
	NOT-FOR-US: Appeak Poker (aka com.appeak.poker) application for Android
CVE-2014-5570 (The DailyFinance - Stocks &amp; News (aka com.aol.mobile.dailyFinance) ...)
	NOT-FOR-US: DailyFinance - Stocks & News (aka com.aol.mobile.dailyFinance) application for Android
CVE-2014-5569 (The Star Girl (aka com.animoca.google.starGirl) application 3.4.1 for ...)
	NOT-FOR-US: Star Girl (aka com.animoca.google.starGirl) application for Android
CVE-2014-5568 (The Las Vegas Lottery Scratch Off (aka com.androkera.lottery) ...)
	NOT-FOR-US: Las Vegas Lottery Scratch Off (aka com.androkera.lottery) application for Android
CVE-2014-5567 (The hasb_e_haal (aka com.anawaz.hasb_e_haal) application 1.0.9 for ...)
	NOT-FOR-US: hasb_e_haal (aka com.anawaz.hasb_e_haal) application for Android
CVE-2014-5566 (The Selfshot - Front Flash Camera (aka com.americos.selfshot) ...)
	NOT-FOR-US: Selfshot - Front Flash Camera (aka com.americos.selfshot) application for Android
CVE-2014-5565 (The GadgetTrak Mobile Security (aka com.activetrak.android.app) ...)
	NOT-FOR-US: GadgetTrak Mobile Security (aka com.activetrak.android.app) application for Android
CVE-2014-5564 (The Angry Gran Toss (aka com.aceviral.angrygrantoss) application 1.1.1 ...)
	NOT-FOR-US: Angry Gran Toss (aka com.aceviral.angrygrantoss) application for Android
CVE-2014-5563 (The Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application 1.4.6 ...)
	NOT-FOR-US: Show do Milhao 2014 (aka br.com.lgrmobile.sdm) application for Android
CVE-2014-5562 (The Coles Credit Card App (aka au.com.colesfinancialservices.mobile) ...)
	NOT-FOR-US: Coles Credit Card App (aka au.com.colesfinancialservices.mobile) application for Android
CVE-2014-5561 (The Word Search Free (aka air.wordSearchFree) application 4.9 for ...)
	NOT-FOR-US: Word Search Free (aka air.wordSearchFree) application for Android
CVE-2014-5560 (The Popscene (Music Industry Sim) (aka air.Popscene) application 1.04 ...)
	NOT-FOR-US: Popscene (Music Industry Sim) (aka air.Popscene) application for Android
CVE-2014-5559 (The Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) ...)
	NOT-FOR-US: Kids GoldFish Care (aka air.josiane.sauveterre.kidsgoldfishcare) application for Android
CVE-2014-5558 (The Hard Time (Prison Sim) (aka air.HardTime) application 1.111 for ...)
	NOT-FOR-US: Hard Time (Prison Sim) (aka air.HardTime) application for Android
CVE-2014-5557 (The America's Economy for Phone (aka ...)
	NOT-FOR-US: America's Economy for Phone (aka air.gov.census.mobile.phone.americaseconomy) application for Android
CVE-2014-5556 (The Fly Fishing &amp; Fly Tying (aka air.com.yudu.ReaderAIR3209899) ...)
	NOT-FOR-US: Fly Fishing & Fly Tying (aka air.com.yudu.ReaderAIR3209899) application for Android
CVE-2014-5555 (The Counting &amp; Addition Kids Games (aka ...)
	NOT-FOR-US: Counting & Addition Kids Games (aka air.com.tribalnova.ilearnwith.ipad.PokoAddEn) application for Android
CVE-2014-5554 (The Fun Preschool Creativity Game (aka ...)
	NOT-FOR-US: Fun Preschool Creativity Game (aka air.com.tribalnova.ilearnwith.ipad.MotherAppEn) application for Android
CVE-2014-5553 (The Kids Preschool Learning Games (aka ...)
	NOT-FOR-US: Kids Preschool Learning Games (aka air.com.tribalnova.ilearnwith.ipad.App3En) application for Android
CVE-2014-5552 (The Numbers &amp; Addition! Math games (aka ...)
	NOT-FOR-US: Numbers & Addition! Math games (aka air.com.tribalnova.ilearnwith.ipad.App2En) application for Android
CVE-2014-5551 (The Alphabet &amp; Spelling Kids Games (aka ...)
	NOT-FOR-US: Alphabet & Spelling Kids Games (aka air.com.tribalnova.ilearnwith.ipad.App1En) application for Android
CVE-2014-5550 (The Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) ...)
	NOT-FOR-US: Animals! Kids Preschool Games (aka air.com.tribalnova.Animals) application for Android
CVE-2014-5549 (The Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) ...)
	NOT-FOR-US: Puppy Slots (aka air.com.starluxstudios.PuppySlotsFree) application for Android
CVE-2014-5548 (The Christmas Words (aka air.com.sevenBulls.summerWords) application ...)
	NOT-FOR-US: Christmas Words (aka air.com.sevenBulls.summerWords) application for Android
CVE-2014-5547 (The Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) ...)
	NOT-FOR-US: Mahjong Galaxy Space Lite (aka air.com.permadi.mahjongIris) application for Android
CVE-2014-5546 (The Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application ...)
	NOT-FOR-US: Africa Memory (aka air.com.klon4enabor4e.AfricaMemory) application for Android
CVE-2014-5545 (The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android ...)
	NOT-FOR-US: Sprint jump (aka air.com.ilaz.appilas) application for Android
CVE-2014-5544 (The SongPop (aka air.com.freshplanet.games.WaM) application 1.21.2 for ...)
	NOT-FOR-US: SongPop (aka air.com.freshplanet.games.WaM) application for Android
CVE-2014-5543 (The Hidden Object - Alice Free (aka ...)
	NOT-FOR-US: Hidden Object - Alice Free (aka air.com.differencegames.hovisionsofalicefree) application for Android
CVE-2014-5542 (The Hidden Object Mystery (aka ...)
	NOT-FOR-US: Hidden Object Mystery (aka air.com.differencegames.hodetectivemysteryfree) application for Android
CVE-2014-5541 (The Hidden Memory - Aladdin FREE! (aka ...)
	NOT-FOR-US: Hidden Memory - Aladdin FREE! (aka air.com.differencegames.hmaladdinfree) application for Android
CVE-2014-5540 (The Flick a Trade (aka air.com.cygnecode.fat) application 3.3 for ...)
	NOT-FOR-US: Flick a Trade (aka air.com.cygnecode.fat) application for Android
CVE-2014-5539 (The Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) ...)
	NOT-FOR-US: Michael Baker FCU (aka air.com.creditunionhomebanking.mb155) application for Android
CVE-2014-5538 (The Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) ...)
	NOT-FOR-US: Westmoreland Water FCU (aka air.com.creditunionhomebanking.mb115) application for Android
CVE-2014-5537 (The Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) ...)
	NOT-FOR-US: Abduction Stacker Free (aka air.com.chewygames.abductionstacker2) application for Android
CVE-2014-5536 (The Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) ...)
	NOT-FOR-US: Bingo Bash - Free Bingo Casino (aka air.com.bitrhymes.bingo) application for Android
CVE-2014-5535 (The Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application ...)
	NOT-FOR-US: Baby Get Up - Kids Care (aka air.brown.jordansa.getup) application for Android
CVE-2014-5534 (The Princess Shopping (aka air.android.PrincessShopping) application 2 ...)
	NOT-FOR-US: Princess Shopping (aka air.android.PrincessShopping) application for Android
CVE-2014-5533
	REJECTED
CVE-2014-5532 (The Honolulu (aka adidas.jp.android.running.honolulu) application 2 ...)
	NOT-FOR-US: Honolulu (aka adidas.jp.android.running.honolulu) application for Android
CVE-2014-5531 (The Abode (aka abode.webview) application 1.7 for Android does not ...)
	NOT-FOR-US: Abode (aka abode.webview) application for Android
CVE-2014-5530
	REJECTED
CVE-2014-5529 (The Gameloft library for Android does not verify X.509 certificates ...)
	NOT-FOR-US: Gameloft library for Android
CVE-2014-5528 (The Appsflyer library for Android does not verify X.509 certificates ...)
	NOT-FOR-US: Appsflyer library for Android
CVE-2014-5527 (The Tapjoy library for Android does not verify X.509 certificates from ...)
	NOT-FOR-US: Tapjoy library for Android
CVE-2014-5526 (The Inmobi library for Android does not verify X.509 certificates from ...)
	NOT-FOR-US: Inmobi library for Android
CVE-2014-5525 (The MoMinis library for Android does not verify X.509 certificates ...)
	NOT-FOR-US: MoMinis library for Android
CVE-2014-5524 (The Adcolony library for Android does not verify X.509 certificates ...)
	NOT-FOR-US: Adcolony library for Android
CVE-2014-5523
	REJECTED
CVE-2014-5522
	REJECTED
CVE-2014-5521 (plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows ...)
	NOT-FOR-US: XRMS CRM
CVE-2014-5520 (SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows ...)
	NOT-FOR-US: XRMS CRM
CVE-2014-5518
	RESERVED
CVE-2014-5517
	RESERVED
CVE-2014-5516
	RESERVED
	NOT-FOR-US: KonaKart
CVE-2014-5515
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5514
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5513
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5512
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5511
	RESERVED
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
CVE-2014-5510
	RESERVED
CVE-2014-5508 (Multiple integer overflows in the HelpServ module (mod-helpserv.c) in ...)
	NOT-FOR-US: srvx (irc services)
CVE-2014-5507 (iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full ...)
	NOT-FOR-US: iBackup
CVE-2014-5506 (Double free vulnerability in SAP Crystal Reports allows remote ...)
	NOT-FOR-US: SAP Crystal Reports
CVE-2014-5505 (Stack-based buffer overflow in SAP Crystal Reports allows remote ...)
	NOT-FOR-US: SAP Crystal Reports
CVE-2014-5504 (SolarWinds Log and Event Manager before 6.0 uses &quot;static&quot; credentials, ...)
	NOT-FOR-US: SolarWinds
CVE-2014-5503 (SQL injection vulnerability in the Guest Login Portal in the Sophos ...)
	NOT-FOR-US: Sophos Cyberoam CyberoamOS
CVE-2014-5502 (The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows ...)
	NOT-FOR-US: Sophos Cyberoam CyberoamOS
CVE-2014-5501 (Stack-based buffer overflow in the diagnose service in the Sophos ...)
	NOT-FOR-US: Sophos Cyberoam CyberoamOS
CVE-2014-5500
	RESERVED
CVE-2014-5499
	RESERVED
CVE-2014-5498
	RESERVED
CVE-2014-5497
	RESERVED
CVE-2014-5496
	RESERVED
CVE-2014-5495
	RESERVED
CVE-2014-5494
	RESERVED
CVE-2014-5493
	RESERVED
CVE-2014-5492
	RESERVED
CVE-2014-5491
	RESERVED
CVE-2014-5490
	RESERVED
CVE-2014-5489
	RESERVED
CVE-2014-5488
	RESERVED
CVE-2014-5487
	RESERVED
CVE-2014-5486
	RESERVED
CVE-2014-5485
	RESERVED
CVE-2014-5484
	RESERVED
CVE-2014-5483
	RESERVED
CVE-2014-5482
	RESERVED
CVE-2014-5481
	RESERVED
CVE-2014-5480
	RESERVED
CVE-2014-5479
	RESERVED
CVE-2014-5478
	RESERVED
CVE-2014-5477
	RESERVED
CVE-2014-5476
	RESERVED
CVE-2014-5475
	RESERVED
CVE-2014-5474
	RESERVED
CVE-2014-5473
	RESERVED
CVE-2014-5470
	RESERVED
CVE-2014-5469
	RESERVED
CVE-2014-5468
	RESERVED
CVE-2014-5467
	RESERVED
CVE-2014-5466 (Cross-site scripting (XSS) vulnerability in the Dashboard in Splunk ...)
	NOT-FOR-US: Splunk
CVE-2014-5465 (Directory traversal vulnerability in force-download.php in the ...)
	NOT-FOR-US: WordPress plugin Download Shortcode
CVE-2014-5463
	RESERVED
CVE-2014-5462 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and ...)
	NOT-FOR-US: OpenEMR
CVE-2014-5460 (Unrestricted file upload vulnerability in the Tribulant Slideshow ...)
	NOT-FOR-US: Tribulant Slideshow Gallery plugin for WordPress
CVE-2013-7399
	RESERVED
CVE-2010-5304
	RESERVED
	NOT-FOR-US: RealVNC
CVE-2014-6269 (Multiple integer overflows in the http_request_forward_body function ...)
	- haproxy 1.5.4-1
	[squeeze] - haproxy <not-affected> (Vulnerable code not present)
	NOTE: http://article.gmane.org/gmane.comp.web.haproxy/17726
	NOTE: http://article.gmane.org/gmane.comp.web.haproxy/18097
	NOTE: http://git.haproxy.org/?p=haproxy-1.5.git;a=commitdiff;h=b4d05093bc89f71377230228007e69a1434c1a0c
CVE-2014-5256 (Node.js 0.8 before 0.8.28 and 0.10 before 0.10.30 does not consider ...)
	- nodejs <unfixed> (unimportant; bug #760385)
	NOTE: libv8 is not covered by security support
CVE-2014-7402 (The SK encar (aka com.encardirect.app) application @7F050000 for ...)
	NOT-FOR-US: SK encar (aka com.encardirect.app) application for Android
CVE-2013-7402 (Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x ...)
	{DSA-3101-1}
	- c-icap 1:0.3.1-1
	NOTE: http://sourceforge.net/p/c-icap/code/1018/
	NOTE: http://sourceforge.net/p/c-icap/code/1021
CVE-2013-7401 (The parse_request function in request.c in c-icap 0.2.x allows remote ...)
	{DSA-3101-1}
	- c-icap 1:0.3.1-1
	NOTE: http://sourceforge.net/p/c-icap/bugs/59/
	NOTE: http://sourceforge.net/p/c-icap/code/1018/
CVE-2014-6070 (Multiple cross-site scripting (XSS) vulnerabilities in Adiscon ...)
	- loganalyzer 3.6.6+dfsg-1 (bug #760372)
CVE-2014-6029 (TorrentFlux 2.4 allows remote authenticated users to delete or modify ...)
	- torrentflux <removed> (bug #759573)
	[wheezy] - torrentflux <no-dsa> (Minor issue)
	[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6028 (TorrentFlux 2.4 allows remote authenticated users to obtain other ...)
	- torrentflux <removed> (bug #759573)
	[wheezy] - torrentflux <no-dsa> (Minor issue)
	[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6027 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.4 ...)
	- torrentflux <removed> (bug #759574)
	[wheezy] - torrentflux <no-dsa> (Minor issue)
	[squeeze] - torrentflux <no-dsa> (Minor issue)
CVE-2014-6040 (GNU C Library (aka glibc) before 2.20 allows context-dependent ...)
	{DSA-3142-1 DLA-97-1}
	- glibc 2.19-12
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=17325
	NOTE: https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html
CVE-2014-5519 (The Ploticus module in PhpWiki 1.5.0 allows remote attackers to ...)
	- phpwiki <removed>
CVE-2014-5509 (clipedit in the Clipboard module for Perl allows local users to delete ...)
	- libclipboard-perl <not-affected> (Fixed with initial upload to Debian)
CVE-2014-5458 (SQL injection vulnerability in sqrl_verify.php in php-sqrl allows ...)
	NOT-FOR-US: php-sqrl
CVE-2014-5457 (QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, ...)
	NOT-FOR-US: QNAP
CVE-2014-5456 (Cross-site scripting (XSS) vulnerability in the Social Stats module ...)
	NOT-FOR-US: Drupal Social Stats module
CVE-2014-5455 (Unquoted Windows search path vulnerability in the ptservice service in ...)
	NOT-FOR-US: PrivateTunnel as bundled in OpenVPN
CVE-2014-5454 (Unrestricted file upload vulnerability in the image upload module in ...)
	NOT-FOR-US: SAS Visual Analytics
CVE-2014-5453 (Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: ...)
	NOT-FOR-US: Ubisoft Uplay PC
CVE-2014-5452 (CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the ...)
	NOT-FOR-US: HL7 C-CDA
CVE-2014-5451 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MODX Revolution
CVE-2014-5446 (Directory traversal vulnerability in the DisplayChartPDF servlet in ...)
	NOT-FOR-US: ZOHO
CVE-2014-5445 (Multiple absolute path traversal vulnerabilities in ZOHO ManageEngine ...)
	NOT-FOR-US: ZOHO
CVE-2014-5444 (Geary before 0.6.3 does not present the user with a warning when a TLS ...)
	- geary 0.6.3-1
	NOTE: Upstream bugreport: https://bugzilla.gnome.org/show_bug.cgi?id=713247
	NOTE: Upstream fix: https://git.gnome.org/browse/geary/commit/?h=geary-0.6&id=55f06a7bdcedb7efde6a516bde626ea28793ca7e
CVE-2014-5442
	RESERVED
CVE-2014-5441 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Fat Free CRM
CVE-2014-5440 (SQL injection vulnerability in Login.aspx in MPEX Business Solutions ...)
	NOT-FOR-US: MX-SmartTimer
CVE-2014-5439
	RESERVED
	{DLA-713-1}
	- sniffit 0.3.7.beta-20 (bug #845122)
	[jessie] - sniffit 0.3.7.beta-17+deb8u1
	NOTE: http://hmarco.org/bugs/CVE-2014-5439-sniffit_0.3.7-stack-buffer-overflow.html
CVE-2014-5438 (Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT ...)
	NOT-FOR-US: Arris Touchstone
CVE-2014-5437 (Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS ...)
	NOT-FOR-US: Arris Touchstone
CVE-2014-5436
	RESERVED
CVE-2014-5435
	RESERVED
CVE-2014-5434
	RESERVED
CVE-2014-5433
	RESERVED
CVE-2014-5432
	RESERVED
CVE-2014-5431
	RESERVED
CVE-2014-5430 (Untrusted search path vulnerability in ABB RobotStudio 5.6x before ...)
	NOT-FOR-US: ABB RobotStudio
CVE-2014-5429 (DNP Master Driver 3.02 and earlier in Elipse SCADA 2.29 build 141 and ...)
	NOT-FOR-US: Elipse SCADA
CVE-2014-5428 (Unrestricted file upload vulnerability in unspecified web services in ...)
	NOT-FOR-US: Johnson Controls Metasys
CVE-2014-5427 (Johnson Controls Metasys 4.1 through 6.5, as used in Application and ...)
	NOT-FOR-US: Johnson Controls Metasys
CVE-2014-5426 (MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote ...)
	NOT-FOR-US: MatrikonOPC
CVE-2014-5425 (IOServer before Beta2112.exe allows remote attackers to cause a denial ...)
	NOT-FOR-US: IOServer
CVE-2014-5424 (Rockwell Automation Connected Components Workbench (CCW) before ...)
	NOT-FOR-US: Rockwell Automation Connected Components Workbench
CVE-2014-5423 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
	NOT-FOR-US: CareFusion
CVE-2014-5422 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
	NOT-FOR-US: CareFusion
CVE-2014-5421 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool 1.0.16 and ...)
	NOT-FOR-US: CareFusion
CVE-2014-5420 (CareFusion Pyxis SupplyStation 8.1 with hardware test tool before ...)
	NOT-FOR-US: CareFusion
CVE-2014-5419 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...)
	NOT-FOR-US: GE Multilink
CVE-2014-5418 (GE Multilink ML800, ML1200, ML1600, and ML2400 switches with firmware ...)
	NOT-FOR-US: GE Multilink
CVE-2014-5417 (Cross-site scripting (XSS) vulnerability in Meinberg NTP Server ...)
	NOT-FOR-US: Meinberg NTP Server firmware on LANTIME M-Series devices
CVE-2014-5416
	REJECTED
CVE-2014-5415 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device ...)
	NOT-FOR-US: Beckhoff Embedded PC image
CVE-2014-5414 (Beckhoff Embedded PC images before 2014-10-22 and Automation Device ...)
	NOT-FOR-US: Beckhoff Embedded PC image
CVE-2014-5413 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5412 (Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5411 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5410 (The DNP3 feature on Rockwell Automation Allen-Bradley MicroLogix 1400 ...)
	NOT-FOR-US: MicroLogix controller
CVE-2014-5409 (The 17046 Ethernet card before 94450214LFMT100SEM-L.R3-CL for the GE ...)
	NOT-FOR-US: GE Digital Energy Hydran
CVE-2014-5408 (Cross-site scripting (XSS) vulnerability in the login script in the ...)
	NOT-FOR-US: Nordex Control 2
CVE-2014-5407 (Multiple stack-based buffer overflows in Schneider Electric VAMPSET ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5406 (The Hospira LifeCare PCA Infusion System before 7.0 does not validate ...)
	NOT-FOR-US: Hospira LifeCare
CVE-2014-5405 (Hospira MedNet before 6.1 uses a hardcoded cleartext password to ...)
	NOT-FOR-US: Hospira MedNet
CVE-2014-5404
	REJECTED
CVE-2014-5403 (Hospira MedNet before 6.1 uses hardcoded cryptographic keys for ...)
	NOT-FOR-US: Hospira MedNet
CVE-2014-5402
	REJECTED
CVE-2014-5401
	RESERVED
CVE-2014-5400 (The installation component in Hospira MedNet before 6.1 places ...)
	NOT-FOR-US: Hospira MedNet
CVE-2014-5399 (SQL injection vulnerability in Schneider Electric Wonderware ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5398 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5397 (Cross-site scripting (XSS) vulnerability in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-5396 (The web interface in Schrack Technik microControl with firmware before ...)
	NOT-FOR-US: Schrack Technik microControl
CVE-2014-5395 (Multiple cross-site request forgery (CSRF) vulnerabilities in Huawei ...)
	NOT-FOR-US: Huawei Routers
CVE-2014-5394 (Multiple Huawei Campus switches allow remote attackers to enumerate ...)
	NOT-FOR-US: Huawei
CVE-2014-5393 (Directory traversal vulnerability in the JobScheduler Operations ...)
	NOT-FOR-US: JobScheduler
CVE-2014-5392 (XML External Entity (XXE) vulnerability in JobScheduler before ...)
	NOT-FOR-US: JobScheduler
CVE-2014-5391 (Cross-site scripting (XSS) vulnerability in the JobScheduler ...)
	NOT-FOR-US: JobScheduler
CVE-2014-5390
	RESERVED
CVE-2014-5389 (SQL injection vulnerability in content-audit-schedule.php in the ...)
	NOT-FOR-US: WordPress plugin Content Audit
CVE-2014-5387 (Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine ...)
	NOT-FOR-US: EllisLab ExpressionEngine Core
CVE-2014-5386 (The mcrypt_create_iv function in ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-5385 (com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 ...)
	NOT-FOR-US: Shopizer
CVE-2014-5384 (The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 ...)
	NOT-FOR-US: iconv system library of FreeBSD and NetBSD
CVE-2014-5383 (SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2010-5303 (Cross-site scripting (XSS) vulnerability in the displayError function ...)
	NOT-FOR-US: TimThumb
CVE-2010-5302 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
	NOT-FOR-US: TimThumb
CVE-2009-5142 (Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb ...)
	NOT-FOR-US: TimThumb
CVE-2014-5472 (The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the ...)
	{DLA-103-1}
	- linux 3.16.2-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
	NOTE: commit contained first in v3.17-rc2
CVE-2014-5471 (Stack consumption vulnerability in the parse_rock_ridge_inode_internal ...)
	{DLA-103-1}
	- linux 3.16.2-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=88
	NOTE: https://github.com/torvalds/linux/commit/410dd3cf4c9b36f27ed4542ee18b1af5e68645a4
	NOTE: commit contained first in v3.17-rc2
CVE-2014-5464 (Cross-site scripting (XSS) vulnerability in the nDPI traffic ...)
	- ntopng 1.2.1+dfsg1-1 (bug #760990)
	NOTE: http://seclists.org/fulldisclosure/2014/Aug/65
CVE-2014-5459 (The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows ...)
	- php5 <removed> (unimportant; bug #682157; bug #759282)
	NOTE: Although #682157 and #759282 got closed the issues with unsafe use of
	NOTE: /tmp are not yet resolved, cf. https://bugs.debian.org/682157#36
	NOTE: Neutralised by kernel hardening
CVE-2014-5450 (Zarafa Collaboration Platform 4.1 uses world-readable permissions for ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5449 (Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5448 (Zarafa 5.00 uses world-readable permissions for the files in the log ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5447 (Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions ...)
	- zarafa <itp> (bug #658433)
CVE-2014-5443 (Seafile Server before 3.1.2 and Server Professional Edition before ...)
	- seafile <not-affected> (Fixed before initial upload to the archive)
CVE-2014-5388 (Off-by-one error in the pci_read function in the ACPI PCI hotplug ...)
	- qemu 2.1+dfsg-5
	[squeeze] - qemu <not-affected> (Introduced in 1.7)
	[wheezy] - qemu <not-affected> (Introduced in 1.7)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Introduced in 1.7)
	[wheezy] - qemu-kvm <not-affected> (Introduced in 1.7)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-08/msg03338.html
	NOTE: Introduced in  http://git.qemu.org/?p=qemu.git;a=commit;h=db4728e6fec0364b866d3106125974eedc00e091
CVE-2014-5382 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Schrack Technik microControl
CVE-2014-5381
	RESERVED
CVE-2014-5380
	RESERVED
CVE-2014-5379
	RESERVED
CVE-2014-5378
	RESERVED
CVE-2014-5377 (ReadUsersFromMasterServlet in ManageEngine DeviceExpert before 5.9 ...)
	NOT-FOR-US: ManageEngine DeviceExpert
CVE-2014-5376 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a ...)
	NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5375 (The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 ...)
	NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5374
	RESERVED
CVE-2014-5373
	RESERVED
CVE-2014-5372
	RESERVED
CVE-2014-5371
	RESERVED
CVE-2014-5370 (Directory traversal vulnerability in the CFChart servlet ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2014-5369 (Enigmail 1.7.x before 1.7.2 sends emails in plaintext when encryption ...)
	- enigmail 2:1.7.2-1
	[wheezy] - enigmail <not-affected> (Introduced in 1.7)
	[squeeze] - enigmail <not-affected> (Introduced in 1.7)
	NOTE: http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/#b315
	NOTE: and http://sourceforge.net/p/enigmail/bugs/294/
	NOTE: fixed in 1.7.1 and 1.8.0 upstream (not yet released)
CVE-2014-5367
	REJECTED
CVE-2014-5366
	RESERVED
CVE-2014-5365
	RESERVED
CVE-2014-5364
	RESERVED
CVE-2014-5363
	RESERVED
CVE-2014-5362 (The admin interface in Landesk Management Suite 9.6 and earlier allows ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2014-5361 (Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2014-5360 (Cross-site scripting (XSS) vulnerability in the admin interface in ...)
	NOT-FOR-US: LANDESK Management Suite
CVE-2014-5359 (Directory traversal vulnerability in SafeNet Authentication Service ...)
	NOT-FOR-US: SafeNet Authentication Service
CVE-2014-5358
	RESERVED
CVE-2014-5357
	RESERVED
CVE-2014-5355 (MIT Kerberos 5 (aka krb5) through 1.13.1 incorrectly expects that a ...)
	{DLA-1265-1}
	- krb5 1.12.1+dfsg-18 (bug #778647)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/102bb6ebf20f9174130c85c3b052ae104e5073ec
CVE-2014-5354 (plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka ...)
	- krb5 1.12.1+dfsg-16 (bug #773228)
	[wheezy] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
	[squeeze] - krb5 <not-affected> (do not expose a way for principal entries to have no long-term key material)
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/04038bf3633c4b909b5ded3072dc88c8c419bf16
CVE-2014-5353 (The krb5_ldap_get_password_policy_from_dn function in ...)
	{DLA-1265-1}
	- krb5 1.12.1+dfsg-16 (bug #773226)
	[squeeze] - krb5 <no-dsa> (Minor issue, needs elevated privileges to trigger crash)
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/d1f707024f1d0af6e54a18885322d70fa15ec4d3
CVE-2014-5352 (The krb5_gss_process_context_token function in ...)
	{DSA-3153-1 DLA-146-1}
	- krb5 1.12.1+dfsg-17
CVE-2014-5351 (The kadm5_randkey_principal_3 function in ...)
	{DLA-1265-1}
	- krb5 1.12.1+dfsg-10 (bug #762479)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8018
	NOTE: Upstream commit: https://github.com/krb5/krb5/commit/af0ed4df4dfae762ab5fb605f5a0c8f59cb4f6ca
CVE-2014-5350 (Multiple directory traversal vulnerabilities in Bitdefender ...)
	NOT-FOR-US: Bitdefender GravityZone
CVE-2014-5349 (Stack-based buffer overflow in Baidu Spark Browser 26.5.9999.3511 ...)
	NOT-FOR-US: Baidu Spark Browser
CVE-2014-5348 (Cross-site scripting (XSS) vulnerability in apps/zxtm/locallog.cgi in ...)
	NOT-FOR-US: Riverbed Stingray Traffic Manager Virtual Appliance
CVE-2014-5347 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Disqus Comment System plugin for WordPress
CVE-2014-5346 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Disqus Comment System plugin for WordPress
CVE-2014-5345 (Cross-site scripting (XSS) vulnerability in upgrade.php in the Disqus ...)
	NOT-FOR-US: Disqus Comment System plugin for WordPress
CVE-2014-5344 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobiloud ...)
	NOT-FOR-US: Mobiloud (mobiloud-mobile-app-plugin) plugin for WordPress
CVE-2014-5343 (Cross-site scripting (XSS) vulnerability in Feng Office allows remote ...)
	NOT-FOR-US: Feng Office
CVE-2014-5342 (Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-5341 (The SFTP external storage driver (files_external) in ownCloud Server ...)
	- owncloud 7~20140504+dfsg-1
	NOTE: Only affects 5.x and 6.x, so marking first 7 release as fixed
	NOTE: https://owncloud.org/security/advisory/?id=oc-sa-2014-019
CVE-2014-5340 (The wato component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 ...)
	- check-mk 1.2.6p4-1 (bug #758883)
	[wheezy] - check-mk <not-affected> (does not use pickle, vulnerable code not present)
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=192d41525502dc8de10ac99f57bd988450c17566
	NOTE: introduces incompatible changes to older versions, see https://bugzilla.redhat.com/show_bug.cgi?id=1132337#c2
CVE-2014-5339 (Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allows remote ...)
	- check-mk 1.2.6p4-1 (bug #758883)
	[wheezy] - check-mk <not-affected>  (Vulnerable code not present)
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=7998aa4d53d2fef7302c0761b9c8f47e2f626e18
CVE-2014-5338 (Multiple cross-site scripting (XSS) vulnerabilities in the multisite ...)
	- check-mk 1.2.6p4-1 (bug #758883)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=076468b10e660abdeaaaa6c459a4aa3ce8e07
CVE-2014-5337 (The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not ...)
	NOT-FOR-US: WordPress plugin Mobile Pack
CVE-2014-5335 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: innovaphone PBX
CVE-2014-5334 (FreeNAS before 9.3-M3 has a blank admin password, which allows remote ...)
	NOT-FOR-US: FreeNAS
CVE-2014-5332 (Race condition in NVMap in NVIDIA Tegra Linux Kernel 3.10 allows local ...)
	- linux <not-affected> (drivers/video/tegra not present)
	NOTE: http://googleprojectzero.blogspot.de/2015/01/exploiting-nvmap-to-escape-chrome.html
CVE-2014-5331 (Cross-site scripting (XSS) vulnerability in Aflax allows remote ...)
	NOT-FOR-US: Aflax
CVE-2014-5330 (Cross-site scripting (XSS) vulnerability in BirdBlog allows remote ...)
	NOT-FOR-US: BirdBlog
CVE-2014-5329
	RESERVED
CVE-2014-5328 (Buffer overflow in the Webserver component on the Huawei E5332 router ...)
	NOT-FOR-US: Huawei router
CVE-2014-5327 (Buffer overflow in the Webserver component on the Huawei E5332 router ...)
	NOT-FOR-US: Huawei router
CVE-2014-5326 (Cross-site scripting (XSS) vulnerability in Direct Web Remoting (DWR) ...)
	- dwr <itp> (bug #601517)
CVE-2014-5325 (The (1) DOMConverter, (2) JDOMConverter, (3) DOM4JConverter, and (4) ...)
	- dwr <itp> (bug #601517)
CVE-2014-5324 (Unrestricted file upload vulnerability in the N-Media file uploader ...)
	NOT-FOR-US: N-Media file uploader plugin for WordPress
CVE-2014-5323 (The Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) ...)
	NOT-FOR-US: Yuko Yuko (aka jp.co.yukoyuko.android.yukoyuko_android) application for Android
CVE-2014-5322 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
	NOT-FOR-US: FileMaker Pro
CVE-2014-5321 (FileMaker Pro before 13 and Pro Advanced before 13 does not verify ...)
	NOT-FOR-US: FileMaker Pro
CVE-2014-5320 (The Bump application for Android does not properly handle implicit ...)
	NOT-FOR-US: Bump application for Android
CVE-2014-5319 (Directory traversal vulnerability in the S-Link SLFileManager ...)
	NOT-FOR-US: S-Link SLFileManager application for Android
CVE-2014-5318 (The jigbrowser+ application 1.8.1 and earlier for iOS allows remote ...)
	NOT-FOR-US: jigbrowser+ application for iOS
CVE-2014-5317 (Cross-site scripting (XSS) vulnerability in php365.com 365 Links 3.11 ...)
	NOT-FOR-US: php365.com components
CVE-2014-5316 (Cross-site scripting (XSS) vulnerability in Dotclear before 2.6.4 ...)
	- dotclear 2.6.4+dfsg-1
CVE-2014-5315 (Cross-site scripting (XSS) vulnerability in the Help page in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2014-5314 (Buffer overflow in Cybozu Office 9 and 10 before 10.1.0, Mailwise 4 ...)
	NOT-FOR-US: Cybozu Office
CVE-2014-5313 (Cross-site scripting (XSS) vulnerability in the management page in Six ...)
	- movabletype-opensource <removed>
	[wheezy] - movabletype-opensource <end-of-life> (Not supported in Wheezy)
CVE-2014-5461 (Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through ...)
	{DSA-3016-1 DSA-3015-1 DLA-47-1}
	- lua5.1 5.1.5-7
	- lua5.2 5.2.3-1
	NOTE: http://www.lua.org/bugs.html#5.2.2-1
	NOTE: fixed in 5.2.3, see https://bugzilla.redhat.com/show_bug.cgi?id=1132304#c7
CVE-2014-5368 (Directory traversal vulnerability in the file_get_contents function in ...)
	NOT-FOR-US: WordPress plugin wp-source-control
CVE-2014-5333 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
	NOTE: assignment not from Adobe, see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-5333
CVE-2014-5356 (OpenStack Image Registry and Delivery Service (Glance) before ...)
	- glance 2014.1.3-1
	[wheezy] - glance <not-affected> (Vulnerable code not present)
	NOTE: Versions: up to 2013.2.3 and 2014.1 to 2014.1.2
CVE-2014-5336 (Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2014-5312
	RESERVED
CVE-2014-5311
	RESERVED
CVE-2014-5310
	RESERVED
CVE-2014-5309
	RESERVED
CVE-2014-5308 (Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote ...)
	NOT-FOR-US: TestLink
CVE-2014-5307 (Heap-based buffer overflow in the PavTPK.sys kernel mode driver of ...)
	NOT-FOR-US: Panda Security
CVE-2014-5306
	RESERVED
CVE-2014-5305
	RESERVED
CVE-2014-5304
	RESERVED
CVE-2014-5303
	RESERVED
CVE-2014-5302 (Directory traversal vulnerability in ServiceDesk Plus and Plus MSP v5 ...)
	NOT-FOR-US: ManageEngine components
CVE-2014-5301 (Directory traversal vulnerability in ServiceDesk Plus MSP v5 to v9.0 ...)
	NOT-FOR-US: ManageEngine components
CVE-2014-5300 (Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote ...)
	NOT-FOR-US: Adaptive Computing Moab
CVE-2014-5299
	RESERVED
CVE-2014-5298 (FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on ...)
	NOT-FOR-US: X2Engine
CVE-2014-5297 (The actionSendErrorReport method in ...)
	NOT-FOR-US: X2Engine
CVE-2014-5296
	RESERVED
CVE-2014-5295
	RESERVED
CVE-2014-5294
	RESERVED
CVE-2014-5293
	RESERVED
CVE-2014-5292
	RESERVED
CVE-2014-5291
	RESERVED
CVE-2014-5290
	RESERVED
CVE-2014-5289
	RESERVED
CVE-2014-5288
	RESERVED
CVE-2014-5287
	RESERVED
CVE-2014-5286 (The ActiveMatrix Policy Manager Authentication module in TIBCO ...)
	NOT-FOR-US: TIBCO
CVE-2014-5285 (Unspecified vulnerability in the Authentication Module in TIBCO ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2014-5284 (host-deny.sh in OSSEC before 2.8.1 writes to temporary files with ...)
	- ossec-hids <itp> (bug #361954)
CVE-2014-5283
	RESERVED
CVE-2014-5282 (Docker before 1.3 does not properly validate image IDs, which allows ...)
	- docker.io 1.3.0~dfsg1-1
CVE-2014-5281
	RESERVED
CVE-2014-5280 (boot2docker 1.2 and earlier allows attackers to conduct cross-site ...)
	NOT-FOR-US: boot2docker
CVE-2014-5279 (The Docker daemon managed by boot2docker 1.2 and earlier improperly ...)
	NOT-FOR-US: boot2docker
CVE-2014-5278
	RESERVED
CVE-2014-5277 (Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when ...)
	- docker.io 1.3.1~dfsg1-1
	NOTE: https://groups.google.com/d/topic/docker-user/oYm0i3xShJU/discussion
CVE-2014-5276 (Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2014-5275 (Multiple SQL injection vulnerabilities in includes/functions.php in ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2014-5264
	RESERVED
CVE-2014-5259 (Cross-site scripting (XSS) vulnerability in cattranslate.php in the ...)
	NOT-FOR-US: BlackCat CMS
CVE-2014-5258 (Directory traversal vulnerability in showTempFile.php in webEdition ...)
	NOT-FOR-US: webEdition CMS
CVE-2014-5257 (Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms ...)
	NOT-FOR-US: Forma Lms
CVE-2014-5248 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows ...)
	NOT-FOR-US: MyBB
CVE-2014-5246 (The Shenzhen Tenda Technology Tenda A5s router with firmware ...)
	NOT-FOR-US: Shenzhen Tenda Technology Tenda A5s router
CVE-2014-5245
	RESERVED
CVE-2014-5244
	RESERVED
CVE-2014-5239 (The Microsoft Outlook.com application before 7.8.2.12.49.7090 for ...)
	NOT-FOR-US: Microsoft
CVE-2014-5238
	RESERVED
	NOT-FOR-US: Open-Xchange
CVE-2014-5237 (Server-side request forgery (SSRF) vulnerability in the ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-5236
	RESERVED
	NOT-FOR-US: Open-Xchange
CVE-2014-5235 (Cross-site scripting (XSS) vulnerability in the frontend in ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-5234 (Cross-site scripting (XSS) vulnerability in the backend in ...)
	NOT-FOR-US: Open-Xchange
CVE-2012-6654 (Multiple SQL injection vulnerabilities in ZPanel 10.0.1 and earlier ...)
	NOT-FOR-US: ZPanel
CVE-2014-5274 (Cross-site scripting (XSS) vulnerability in the view operations page ...)
	- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
	NOTE: Version 3.x uses the browser-provided confirmation window and not custom HTML.
CVE-2014-5273 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:4.2.7.1-1 (low; bug #758536)
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
	NOTE: Most of the affected Javascript files do not exist on version 3.3 and 3.4.
	NOTE: Those that do do not contain the problematic code.
CVE-2014-5268 (The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote ...)
	NOT-FOR-US: Drupal addon
CVE-2014-5250 (Unspecified vulnerability in the AJAX autocompletion callback in the ...)
	NOT-FOR-US: Drupal addon
CVE-2014-5249 (SQL injection vulnerability in the &quot;Biblio self autocomplete&quot; ...)
	NOT-FOR-US: Drupal addon
CVE-2012-6656 (iconvdata/ibm930.c in GNU C Library (aka glibc) before 2.16 allows ...)
	{DSA-3142-1 DLA-97-1}
	- glibc 2.17-1
	- eglibc <removed>
	[wheezy] - eglibc <no-dsa> (Will be fixed in a point update)
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=14134
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=6e230d11837f3ae7b375ea69d7905f0d18eb79e5
CVE-2012-6655 [passes (encrypted) passwords as commandline arguments]
	RESERVED
	- accountsservice <unfixed> (low; bug #757912)
	[stretch] - accountsservice <ignored> (Minor issue)
	[jessie] - accountsservice <ignored> (Minor issue)
	[wheezy] - accountsservice <ignored> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=55000
CVE-2014-5272 (libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=3539d6c63a16e1b2874bb037a86f317449c58770
	NOTE: <lu_zero> Does not apply to Libav at all.
CVE-2014-5271 (Heap-based buffer overflow in the encode_slice function in ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:11-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=52b81ff4635c077b2bc8b8d3637d933b6629d803
	NOTE: new ffmpeg now in experimental, CVE fixed in 7:2.4-1
	NOTE: https://git.libav.org/?p=libav.git;a=commitdiff;h=45ce880a9b3e50cfa088f111dffaf8685bd7bc6b
CVE-2014-5262 (SQL injection vulnerability in the graph settings script ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-8
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
CVE-2014-5261 (The graph settings script (graph_settings.php) in Cacti 0.8.8b and ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-8
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7454
CVE-2014-4274 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
	{DSA-3054-1 DLA-75-1}
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.39-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: Fix MySQL: https://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4638
	NOTE: Fix MariaDB: https://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/4261?sort=date#storage/myisam/ha_myisam.cc
CVE-2014-5270 (Libgcrypt before 1.5.4, as used in GnuPG and other products, does not ...)
	{DSA-3073-1 DSA-3024-1 DLA-93-1 DLA-54-1}
	- gnupg 1.4.16-1
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=cad8216f9a0b33c9dc84ecc4f385b00045e7b496
	- libgcrypt11 1.5.4-1
	- libgcrypt20 1.6.0-2
	NOTE: http://lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.html
CVE-2014-5267 (modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 ...)
	{DSA-2999-1}
	- drupal7 7.31-1
CVE-2014-5266 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...)
	{DSA-3001-1 DSA-2999-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9
	- drupal7 7.31-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2014-004
CVE-2014-5265 (The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 ...)
	{DSA-3001-1 DSA-2999-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29405/branches/3.9
	- drupal7 7.31-1
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	NOTE: https://www.drupal.org/SA-CORE-2014-004
CVE-2014-5253 (OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno ...)
	- keystone 2014.1.2.1-1
	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
	NOTE: https://launchpad.net/bugs/1349597
	NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=317f9d34b4da20c21edd5b851889298b67c843e1
CVE-2014-5252 (The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 ...)
	- keystone 2014.1.2.1-1
	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
	NOTE: https://launchpad.net/bugs/1348820
	NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=bdb88c662ac2035f9b0d8a229a5db5f60f5f16ae
CVE-2014-5251 (The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x ...)
	- keystone 2014.1.2.1-1
	[wheezy] - keystone <not-affected> (Affects 2014.1 versions up to 2014.1.1)
	NOTE: https://launchpad.net/bugs/1347961
	NOTE: https://git.openstack.org/cgit/openstack/keystone/commit/?id=6cbf835542d62e6e5db4b4aef7141b1731cad9dc
CVE-2014-5263 (vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not ...)
	- qemu 2.1+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
	[squeeze] - qemu <not-affected> (Vulnerable code introduced in v1.6.0)
	- qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: patch http://git.qemu.org/?p=qemu.git;a=commit;h=3afca1d6d413592c2b78cf28f52fa24a586d8f56
CVE-2014-5269 (Plack::App::File in Plack before 1.0031 removes trailing slash ...)
	{DLA-61-1}
	- libplack-perl 1.0031-1
	[wheezy] - libplack-perl 0.9989-1+deb7u1
	NOTE: https://github.com/plack/Plack/issues/405
CVE-2014-5255 [Insecure use of temporary file related to the /tmp/get_infos_dvd.sh]
	RESERVED
	- xcfa 5.0.1-1 (unimportant; bug #756600)
	NOTE: Neutralised by kernel temp hardening
CVE-2014-5254 [Symlink following issues]
	RESERVED
	- xcfa 5.0.1-1 (unimportant; bug #756600)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-XXXX [Enforce use of HTTPS for MathJax in IPython]
	- ipython 0.12-1
	[wheezy] - ipython <no-dsa> (Minor issue)
	[squeeze] - ipython <not-affected> (Affects versions <= 2.1 and >= 0.12)
	NOTE: https://github.com/ipython/ipython/issues/6246
	NOTE: patch: https://github.com/ipython/ipython/commit/f58dabb277d0cdfb603d46cd01fcf29819ae7613
	NOTE: in Debian patch to use mathjax from system was added right away in version 0.12
CVE-2014-5260 (The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow ...)
	- libxml-dt-perl 0.66-1 (bug #756566)
	[wheezy] - libxml-dt-perl <no-dsa> (Minor issue)
	[squeeze] - libxml-dt-perl <not-affected> (Vulnerable code introduced later)
CVE-2014-6060 (The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 ...)
	- dhcpcd5 6.0.5-2 (low; bug #770043)
	[wheezy] - dhcpcd5 5.5.6-1+deb7u1
	- dhcpcd <not-affected> (Affects dhcpcd 4.0.0 to 6.4.2)
	NOTE: http://roy.marples.name/projects/dhcpcd/ci/1d2b93aa5ce25a8a710082fe2d36a6bf7f5794d5?sbs=0
CVE-2014-5243 (MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and ...)
	{DSA-3011-1}
	- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65778
CVE-2014-5242 (Cross-site scripting (XSS) vulnerability in ...)
	- mediawiki <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=66608
	NOTE: Introduced in 1.22wmf14, https://bugzilla.wikimedia.org/show_bug.cgi?id=66608#c18
CVE-2014-5241 (The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki ...)
	{DSA-3011-1}
	- mediawiki 1:1.19.18+dfsg-0.1 (bug #758510)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=68187
CVE-2014-5233 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...)
	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
CVE-2014-5232 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...)
	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
CVE-2014-5231 (The Siemens SIMATIC WinCC Sm@rtClient app before 1.0.2 for iOS allows ...)
	NOT-FOR-US: Siemens SIMATIC WinCC Sm@rtClient
CVE-2014-5230
	REJECTED
CVE-2014-5229
	REJECTED
CVE-2014-5228
	REJECTED
CVE-2014-5227
	REJECTED
CVE-2014-5226
	REJECTED
CVE-2014-5225
	REJECTED
CVE-2014-5224
	REJECTED
CVE-2014-5223
	REJECTED
CVE-2014-5222
	REJECTED
CVE-2014-5221
	REJECTED
CVE-2014-5220
	RESERVED
CVE-2014-5219
	RESERVED
CVE-2014-5218
	RESERVED
CVE-2014-5217 (Cross-site request forgery (CSRF) vulnerability in nps/servlet/webacc ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5216 (Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5215 (NetIQ Access Manager (NAM) 4.x before 4.0.1 HF3 allows remote ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5214 (nps/servlet/webacc in iManager in the Administration Console server in ...)
	NOT-FOR-US: NetIQ Access Manager
CVE-2014-5213 (nds/files/opt/novell/eDirectory/lib64/ndsimon/public/images in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2014-5212 (Cross-site scripting (XSS) vulnerability in nds/search/data in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2014-5211 (Stack-based buffer overflow in the Attachmate Reflection FTP Client ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-5210 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-5209
	RESERVED
CVE-2014-5208 (BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS ...)
	NOT-FOR-US: Batch Management Packages in Yokogawa and Exaopc
CVE-2014-5202 (Cross-site scripting (XSS) vulnerability in compfight-search.php in ...)
	NOT-FOR-US: WordPress plugin compfight
CVE-2014-5201 (SQL injection vulnerability in the Gallery Objects plugin 0.4 for ...)
	NOT-FOR-US: WordPress plugin gallery-objects
CVE-2014-5200 (SQL injection vulnerability in game_play.php in the FB Gorilla plugin ...)
	NOT-FOR-US: WordPress plugin fbgorilla
CVE-2014-5199 (Cross-site request forgery (CSRF) vulnerability in the WordPress File ...)
	NOT-FOR-US: WordPress plugin wp-file-upload
CVE-2014-5198 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk
CVE-2014-5197 (Directory traversal vulnerability in (1) Splunk Web or the (2) Splunkd ...)
	NOT-FOR-US: Splunk
CVE-2014-5196 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: WordPress plugin improved-user-search-in-backend
CVE-2014-5195 (Unity before 7.2.3 and 7.3.x before 7.3.1, as used in Ubuntu, does not ...)
	- unity <itp> (bug #609278)
CVE-2014-5194 (Static code injection vulnerability in admin/admin.php in Sphider ...)
	NOT-FOR-US: Sphider
CVE-2014-5193 (Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider ...)
	NOT-FOR-US: Sphider
CVE-2014-5192 (SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows ...)
	NOT-FOR-US: Sphider
CVE-2014-5191 (Cross-site scripting (XSS) vulnerability in the Preview plugin before ...)
	- ckeditor 4.4.4+dfsg1-1 (bug #760736)
	[wheezy] - ckeditor <not-affected> (Preview plugin not yet present)
	[squeeze] - ckeditor <not-affected> (Preview plugin not yet present)
CVE-2014-5190 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin SI CAPTCHA Anti-Spam
CVE-2014-5189 (SQL injection vulnerability in lib/optin/optin_page.php in the Lead ...)
	NOT-FOR-US: WordPress plugin Lead-Octopus-Power
CVE-2014-5188 (Cross-site scripting (XSS) vulnerability in doemailpassword.tml in ...)
	NOT-FOR-US: Lyris ListManager
CVE-2014-5187 (Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin ...)
	NOT-FOR-US: WordPress plugin tom-m8te
CVE-2014-5186 (SQL injection vulnerability in the All Video Gallery ...)
	NOT-FOR-US: WordPress plugin all-video-gallery
CVE-2014-5185 (SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress ...)
	NOT-FOR-US: WordPress plugin quartz
CVE-2014-5184 (SQL injection vulnerability in the stripshow-storylines page in the ...)
	NOT-FOR-US: WordPress plugin stripshow
CVE-2014-5183 (SQL injection vulnerability in includes/mode-edit.php in the Simple ...)
	NOT-FOR-US: WordPress plugin simple-retail-menus
CVE-2014-5182 (Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for ...)
	NOT-FOR-US: WordPress plugin yawpp
CVE-2014-5181 (Directory traversal vulnerability in lastfm-proxy.php in the Last.fm ...)
	NOT-FOR-US: WordPress plugin lastfm-rotation
CVE-2014-5180 (SQL injection vulnerability in the videos page in the HDW Player ...)
	NOT-FOR-US: WordPress plugin hdw-player-video-player-video-gallery
CVE-2014-5178 (Multiple cross-site scripting (XSS) vulnerabilities in Easy File ...)
	NOT-FOR-US: Easy File Sharing
CVE-2014-5176 (SAP FI Manager Self-Service has a hard-coded user name, which makes it ...)
	NOT-FOR-US: SAP
CVE-2014-5175 (The License Measurement servlet in SAP Solution Manager 7.1 allows ...)
	NOT-FOR-US: SAP
CVE-2014-5174 (The SAP Netweaver Business Warehouse component does not properly ...)
	NOT-FOR-US: SAP
CVE-2014-5173 (SAP HANA Extend Application Services (XS) allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2014-5172 (Multiple cross-site scripting (XSS) vulnerabilities in the XS ...)
	NOT-FOR-US: SAP
CVE-2014-5171 (SAP HANA Extend Application Services (XS) does not encrypt ...)
	NOT-FOR-US: SAP
CVE-2013-7398 (main/java/com/ning/http/client/AsyncHttpClientConfig.java in Async ...)
	- async-http-client <not-affected> (Vulnerable code not present, bug #773364)
	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/197
	NOTE: https://github.com/AsyncHttpClient/async-http-client/commit/3c9152e2c75f7e8b654beec40383748a14c6b51b
CVE-2013-7397 (Async Http Client (aka AHC or async-http-client) before 1.9.0 skips ...)
	- async-http-client 1.6.5-3
	[wheezy] - async-http-client <no-dsa> (Minor issue)
	NOTE: https://github.com/AsyncHttpClient/async-http-client/issues/352
CVE-2013-7396
	RESERVED
CVE-2013-7395 (ZOLL Defibrillator / Monitor X Series has a default (1) supervisor ...)
	NOT-FOR-US: ZOLL Defibrillator / Monitor X Series
CVE-2013-7394 (The &quot;runshellscript echo.sh&quot; script in Splunk before 5.0.5 allows ...)
	NOT-FOR-US: Splunk
CVE-2012-6653 (Unspecified vulnerability in the All Video Gallery (all-video-gallery) ...)
	NOT-FOR-US: WordPress plugin all-video-gallery
CVE-2007-6756 (ZOLL Defibrillator / Monitor M Series, E Series, and R Series have a ...)
	NOT-FOR-US: ZOLL Defibrillator / Monitor M Series, E Series, and R Series
CVE-2014-5207 (fs/namespace.c in the Linux kernel through 3.16.1 does not properly ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: Fixed by https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=9566d6742852c527bf5af38af5cbb878dad75705 (v3.17-rc1)
	NOTE: and: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ffbc6f0ead47fa5a1dc9642b0331cb75c20a640e (v3.17-rc1)
	NOTE: Introduced by: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0c55cfc4166d9a0f38de779bd4d75a90afbe7734 (v3.8)
	NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
CVE-2014-5206 (The do_remount function in fs/namespace.c in the Linux kernel through ...)
	- linux 3.16.2-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git/commit/?h=for-linus&id=db181ce011e3c033328608299cd6fac06ea50130
	NOTE: Thread starting at http://www.openwall.com/lists/oss-security/2014/08/12/6
CVE-2014-5247 (The _UpgradeBeforeConfigurationChange function in ...)
	- ganeti 2.11.5-1
	[wheezy] - ganeti <not-affected> (Vulnerable code not present)
	[squeeze] - ganeti <not-affected> (Vulnerable code not present)
	NOTE: http://www.ocert.org/advisories/ocert-2014-006.html
CVE-2014-5240 (Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php ...)
	{DSA-3001-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29398
CVE-2014-5205 (wp-includes/pluggable.php in WordPress before 3.9.2 does not use ...)
	{DSA-3001-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29408
CVE-2014-5204 (wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid ...)
	{DSA-3001-1 DLA-56-1}
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29384
CVE-2014-5203 (wp-includes/class-wp-customize-widgets.php in the widget ...)
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	[wheezy] - wordpress <not-affected> (Vulnerable code not present)
	[squeeze] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: https://core.trac.wordpress.org/changeset/29389
CVE-2014-3528 (Apache Subversion 1.0.0 through 1.7.x before 1.7.17 and 1.8.x before ...)
	- subversion 1.8.10-1 (low)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion <no-dsa> (Minor issue)
	NOTE: http://mail-archives.apache.org/mod_mbox/subversion-dev/201407.mbox/%3C53DAB4A7.8030004%40reser.org%3E
CVE-2014-5179 (The freelinking module for Drupal, as used in the Freelinking for Case ...)
	NOT-FOR-US: drupal6-freelinking module
CVE-2014-5177 (libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access ...)
	- libvirt 1.2.4-1 (low)
	[wheezy] - libvirt <not-affected> (Not exploitable in that version)
	[squeeze] - libvirt <not-affected> (Not exploitable in that version)
	NOTE: http://security.libvirt.org/2014/0003.html
CVE-2014-5170 (The Storage API module 7.x before 7.x-1.6 for Drupal might allow ...)
	NOT-FOR-US: Storage API module for Drupal
CVE-2014-5169 (Cross-site scripting (XSS) vulnerability in the Date module before ...)
	NOT-FOR-US: Drupal module Date
CVE-2014-5168
	RESERVED
CVE-2014-5167
	RESERVED
CVE-2014-5166
	RESERVED
CVE-2014-5165 (The dissect_ber_constrained_bitstring function in ...)
	{DSA-3002-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-11.html
CVE-2014-5164 (The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC ...)
	{DSA-3002-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-10.html
CVE-2014-5163 (The APN decode functionality in (1) epan/dissectors/packet-gtp.c and ...)
	{DSA-3002-1 DLA-38-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark 1.2.11-6+squeeze15
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-09.html
CVE-2014-5162 (The read_new_line function in wiretap/catapult_dct2000.c in the ...)
	{DSA-3002-1 DLA-38-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark 1.2.11-6+squeeze15
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5161 (The dissect_log function in plugins/irda/packet-irda.c in the IrDA ...)
	{DSA-3002-1 DLA-38-1}
	- wireshark 1.12.0+git+4fab41a1-1
	[squeeze] - wireshark 1.2.11-6+squeeze15
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-08.html
CVE-2014-5160 (** DISPUTED ** Multiple directory traversal vulnerabilities in crs.exe ...)
	NOT-FOR-US: HP Data Protector
CVE-2014-5159 (SQL injection vulnerability in the ossim-framework service in ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-5158 (The (1) av-centerd SOAP service and (2) backup command in the ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-5157
	REJECTED
CVE-2014-5156
	RESERVED
CVE-2014-5155
	RESERVED
CVE-2014-5154
	RESERVED
CVE-2014-5153
	RESERVED
CVE-2014-5152
	RESERVED
CVE-2014-5151
	RESERVED
CVE-2014-5150
	RESERVED
CVE-2014-5149 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when ...)
	- xen 4.4.1-4 (low; bug #770230)
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-5148 (Xen 4.4.x, when running on an ARM system and &quot;handling an unknown ...)
	- xen 4.4.1-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-5147 (Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not ...)
	- xen 4.4.1-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-5146 (Certain MMU virtualization operations in Xen 4.2.x through 4.4.x ...)
	- xen 4.4.1-4 (low; bug #770230)
	[wheezy] - xen <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-5145
	RESERVED
CVE-2014-5144 (Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 ...)
	NOT-FOR-US: Qualcomm driver for Android
CVE-2014-5143
	RESERVED
CVE-2014-5142
	RESERVED
CVE-2014-5141
	RESERVED
CVE-2014-5140
	RESERVED
CVE-2014-5139 (The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-5138
	RESERVED
	NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5137 (Innovative Interfaces Sierra Library Services Platform 1.2_3 provides ...)
	NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5136 (Cross-site scripting (XSS) vulnerability in Innovative Interfaces ...)
	NOT-FOR-US: Sierra Library Services Platform
CVE-2014-5135
	RESERVED
CVE-2014-5134
	RESERVED
CVE-2014-5133
	RESERVED
CVE-2014-5132 (Avolve Software ProjectDox 8.1 allows remote attackers to enumerate ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5131 (Avolve Software ProjectDox 8.1 makes it easier for remote ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5130 (Avolve Software ProjectDox 8.1 allows remote authenticated users to ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5129 (Cross-site scripting (XSS) vulnerability in Avolve Software ProjectDox ...)
	NOT-FOR-US: ProjectDox
CVE-2014-5128 (Innovative Interfaces Encore Discovery Solution 4.3 places a session ...)
	NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5127 (Open redirect vulnerability in Innovative Interfaces Encore Discovery ...)
	NOT-FOR-US: Innovative Interfaces Encore Discovery Solution
CVE-2014-5126
	RESERVED
CVE-2014-5125
	RESERVED
CVE-2014-5124
	RESERVED
CVE-2014-5123
	RESERVED
CVE-2014-5122 (Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows ...)
	NOT-FOR-US: ArcGIS
CVE-2014-5121 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
	NOT-FOR-US: ArcGIS
CVE-2014-5120 (gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x ...)
	- php5 5.4.0-1
	[squeeze] - php5 <not-affected> (Introduced in 5.4)
	- libgd2 <not-affected> (Specific to integration of gd in PHP)
	NOTE: https://bugs.php.net/bug.php?id=67730
	NOTE: https://bugs.php.net/patch-display.php?bug_id=67730&patch=gd-null-injection&revision=latest
	NOTE: For the PHP5 5.4 branch this issue is fixed in version 5.4.32
	NOTE: fixed in Debian with the gdIOCtx.patch patch
CVE-2014-5115 (Absolute path traversal vulnerability in DirPHP 1.0 allows remote ...)
	NOT-FOR-US: DirPHP
CVE-2014-5114 (WeBid 1.1.1 allows remote attackers to conduct an LDAP injection ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2014-5113 (Multiple cross-site scripting (XSS) vulnerabilities in test.php in ...)
	NOT-FOR-US: Visualwave MyConnection Server
CVE-2014-5112 (maint/modules/home/index.php in Fonality trixbox allows remote ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5111 (Multiple directory traversal vulnerabilities in Fonality trixbox allow ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5110 (Cross-site scripting (XSS) vulnerability in user/help/html/index.php ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5109 (SQL injection vulnerability in ...)
	NOT-FOR-US: Fonality trixbox
CVE-2014-5108 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: concrete5
CVE-2014-5107 (concrete5 before 5.6.3 allows remote attackers to obtain the ...)
	NOT-FOR-US: concrete5
CVE-2014-5106 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
	NOT-FOR-US: Invision Power IP.Board
CVE-2014-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce ...)
	NOT-FOR-US: ol-commerce
CVE-2014-5104 (Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow ...)
	NOT-FOR-US: ol-commerce
CVE-2014-5103 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog ...)
	NOT-FOR-US: ZOHO ManageEngine EventLog Analyzer
CVE-2014-5102 (SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 ...)
	NOT-FOR-US: vBulletin
CVE-2014-5101 (Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 ...)
	NOT-FOR-US: WeBid Auction Script
CVE-2014-5100 (Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka ...)
	NOT-FOR-US: Omeka
CVE-2014-5099
	RESERVED
CVE-2014-5098 (Cross-site scripting (XSS) vulnerability in the Search module before ...)
	NOT-FOR-US: Jamroom Search module
CVE-2014-5097 (Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR ...)
	NOT-FOR-US: ArticleFR
CVE-2014-5096
	RESERVED
CVE-2014-5095
	RESERVED
CVE-2014-5094 (Status2k allows remote attackers to obtain configuration information ...)
	NOT-FOR-US: Status2k
CVE-2014-5093
	RESERVED
CVE-2014-5092
	RESERVED
CVE-2014-5091
	RESERVED
CVE-2014-5090 (admin/options/logs.php in Status2k allows remote authenticated ...)
	NOT-FOR-US: Status2k
CVE-2014-5089 (SQL injection vulnerability in admin/options/logs.php in Status2k ...)
	NOT-FOR-US: Status2k
CVE-2014-5088 (Cross-site scripting (XSS) vulnerability in Status2k allows remote ...)
	NOT-FOR-US: Status2k
CVE-2014-5087
	RESERVED
CVE-2014-5086
	RESERVED
CVE-2014-5085
	RESERVED
CVE-2014-5084
	RESERVED
CVE-2014-5083
	RESERVED
CVE-2014-5082 (Multiple SQL injection vulnerabilities in admin/admin.php in Sphider ...)
	NOT-FOR-US: Sphider
CVE-2014-5081
	RESERVED
CVE-2014-5080
	RESERVED
CVE-2014-5079
	RESERVED
CVE-2014-5078
	RESERVED
CVE-2014-5076 (The La Banque Postale application before 3.2.6 for Android does not ...)
	NOT-FOR-US: La Banque Postale application
CVE-2014-5075 (The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x ...)
	- libsmack-java <itp> (bug #640873)
CVE-2014-5074 (Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow ...)
	NOT-FOR-US: Siemens SIMATIC S7-1500 CPU devices
CVE-2014-5073 (vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 ...)
	NOT-FOR-US: VMTurbo Operations Manager
CVE-2014-5072 (Cross-site request forgery (CSRF) vulnerability in WP Security Audit ...)
	NOT-FOR-US: WP Security Audit Log plugin for WordPress
CVE-2014-5071 (SQL injection vulnerability in the checkPassword function in ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5070 (Symmetricom s350i 2.70.15 allows remote authenticated users to gain ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5069 (Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5068 (Directory traversal vulnerability in the web application in ...)
	NOT-FOR-US: Symmetricom
CVE-2014-5067
	RESERVED
CVE-2014-5066
	RESERVED
CVE-2014-5065
	RESERVED
CVE-2014-5064
	RESERVED
CVE-2014-5063
	RESERVED
CVE-2014-5062
	RESERVED
CVE-2014-5061
	RESERVED
CVE-2014-5060
	RESERVED
CVE-2014-5059
	RESERVED
CVE-2014-5058
	RESERVED
CVE-2014-5057
	RESERVED
CVE-2014-5056
	RESERVED
CVE-2014-5055
	RESERVED
CVE-2014-5054
	RESERVED
CVE-2014-5053
	RESERVED
CVE-2014-5052
	RESERVED
CVE-2014-5051
	RESERVED
CVE-2014-5050
	RESERVED
CVE-2014-5049
	RESERVED
CVE-2014-5048
	RESERVED
CVE-2014-5047
	RESERVED
CVE-2014-5046
	RESERVED
CVE-2014-5118
	RESERVED
	NOT-FOR-US: tboot
CVE-2014-5117 (Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit ...)
	{DSA-2993-1 DLA-17-1}
	- tor 0.2.4.23-1
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2014-5116 (The cairo_image_surface_get_data function in Cairo 1.10.2, as used in ...)
	NOTE: This is non-security bug in Wireshark, not in Cairo
CVE-2014-5077 (The sctp_assoc_update function in net/sctp/associola.c in the Linux ...)
	{DLA-103-1}
	- linux 3.14.15-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: upstream fix: http://patchwork.ozlabs.org/patch/372475/
CVE-2014-5043
	REJECTED
CVE-2014-5042
	RESERVED
CVE-2014-5041
	RESERVED
CVE-2014-5040 (HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus ...)
	- eucalyptus <removed>
CVE-2014-5039
	RESERVED
CVE-2014-5038 (Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or ...)
	- eucalyptus <removed>
CVE-2014-5037 (Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, ...)
	- eucalyptus <removed>
CVE-2014-5036 (The Storage Controller (SC) component in Eucalyptus 3.4.2 through ...)
	- eucalyptus <removed>
CVE-2014-5035 (The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers ...)
	NOT-FOR-US: Opendaylight
CVE-2014-5034 (Cross-site request forgery (CSRF) vulnerability in the Brute Force ...)
	NOT-FOR-US: Brute Force Login Protection module for WordPress
CVE-2014-5023 (Repository.php in Gitter, as used in Gitlist, allows remote attackers ...)
	- gitlist <itp> (bug #750368)
CVE-2014-5018 (Incomplete blacklist vulnerability in the autoEscape function in ...)
	- limesurvey <itp> (bug #472802)
CVE-2014-5017 (SQL injection vulnerability in CPDB in ...)
	- limesurvey <itp> (bug #472802)
CVE-2014-5016 (Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2014-5014 (The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows ...)
	NOT-FOR-US: WordPress Flash Uploader plugin for WordPress
CVE-2014-5013 [Remote Code Execution (complement of CVE-2014-2383)]
	RESERVED
	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5012 [Denial Of Service Vector]
	RESERVED
	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5011 [Information Disclosure]
	RESERVED
	- php-dompdf 0.6.2+dfsg-1 (bug #813849)
	[jessie] - php-dompdf 0.6.1+dfsg-2+deb8u1
	NOTE: https://github.com/dompdf/dompdf/releases/tag/v0.6.2
CVE-2014-5010
	RESERVED
CVE-2014-5007
	RESERVED
CVE-2014-5006 (Directory traversal vulnerability in ZOHO ManageEngine Desktop Central ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2014-5005 (Directory traversal vulnerability in ZOHO ManageEngine Desktop Central ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2013-7393 (The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local ...)
	- subversion 1.8.5-1 (unimportant)
	NOTE: Optional admin-side utilities in Subversion 1.8.x
	NOTE: split form CVE-2013-4262
CVE-2013-7392 (Gitlist allows remote attackers to execute arbitrary commands via ...)
	- gitlist <itp> (bug #750368)
CVE-2013-7391 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using ...)
	NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-7390
	RESERVED
CVE-2011-5281
	RESERVED
CVE-2014-5045 (The mountpoint_last function in fs/namei.c in the Linux kernel before ...)
	- linux 3.14.15-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	- linux-2.6 <not-affected> (Introduced in 3.12)
	NOTE: https://lkml.org/lkml/2014/7/21/98
CVE-2014-5044 (Multiple integer overflows in libgfortran might allow remote attackers ...)
	- gcc-4.9 4.9.1-4 (bug #756325)
	- gcc-4.8 4.8.3-7 (bug #756325)
	- gcc-4.7 <removed> (bug #756325)
	[wheezy] - gcc-4.7 <no-dsa> (Minor issue, too intrusive to backport)
	- gcc-4.6 <unfixed> (bug #756325)
	[wheezy] - gcc-4.6 <no-dsa> (Minor issue, too intrusive to backport)
	- gcc-4.4 <unfixed> (bug #756325)
	[wheezy] - gcc-4.4 <no-dsa> (Minor issue, too intrusive to backport)
	[squeeze] - gcc-4.4 <no-dsa> (Minor issue, too intrusive to backport)
	- gcc-4.3 <removed>
	[squeeze] - gcc-4.3 <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: https://gcc.gnu.org/viewcvs/gcc?limit_changes=0&view=revision&revision=211721
CVE-2014-5033 (KDE kdelibs before 4.14 and kauth before 5.1 does not properly use ...)
	{DSA-3004-1 DLA-76-1}
	- kde4libs 4:4.13.3-2 (bug #755814)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=864716
	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commit&h=e4e7b53b71e2659adaf52691d4accc3594203b23
CVE-2014-5032 (GLPI before 0.84.7 does not properly restrict access to cost ...)
	- glpi <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2014/07/22/6
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2014-5031 (The web interface in CUPS before 2.0 does not check that files have ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-2
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://cups.org/str.php?L4455
CVE-2014-5030 (CUPS before 2.0 allows local users to read arbitrary files via a ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-2
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://cups.org/str.php?L4455
CVE-2014-5029 (The web interface in CUPS 1.7.4 allows local users in the lp group to ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-2
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://cups.org/str.php?L4455
CVE-2014-5028 (The Original File and Patched File resources in Review Board 1.7.x ...)
	- reviewboard <itp> (bug #653113)
CVE-2014-5027 (Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before ...)
	- reviewboard <itp> (bug #653113)
CVE-2014-5026 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-7
	NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5025 (Cross-site scripting (XSS) vulnerability in data_sources.php in Cacti ...)
	{DSA-3007-1 DLA-40-1}
	- cacti 0.8.8b+dfsg-7
	NOTE: http://bugs.cacti.net/view.php?id=2456
CVE-2014-5024 (Cross-site scripting (XSS) vulnerability in sgms/panelManager in Dell ...)
	NOT-FOR-US: DELL SonicWALL GMS
CVE-2014-5015 (bozotic HTTP server (aka bozohttpd) before 20140708, as used in ...)
	{DLA-490-1}
	- bozohttpd <removed> (bug #755197)
	[squeeze] - bozohttpd <no-dsa> (Minor issue)
	NOTE: Fixed by: http://cvsweb.netbsd.org/bsdweb.cgi/src/libexec/httpd/bozohttpd.c.diff?r1=1.52&r2=1.53&only_with_tag=MAIN
CVE-2014-5009 (Snoopy allows remote attackers to execute arbitrary commands.  NOTE: ...)
	- libphp-snoopy <not-affected> (Incorrect fix not applied)
	NOTE: This issue exists because of an incorrect fix for CVE-2014-5008.
	NOTE: https://github.com/cogdog/feed2js/pull/12#issuecomment-48283706
CVE-2014-5008 (Snoopy allows remote attackers to execute arbitrary commands. ...)
	{DSA-3248-1 DLA-357-1}
	- libphp-snoopy 2.0.0-1 (bug #778634)
	NOTE: http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/
	NOTE: This issue exists because of an incorrect fix for CVE-2008-4796 (i.e., use of escapeshellcmd where escapeshellarg was required).
CVE-2014-5004 (lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database ...)
	NOT-FOR-US: Ruby Gem brbackup
CVE-2014-5003 (chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in ...)
	NOT-FOR-US: Ruby Gem ciborg
CVE-2014-5002 (The lynx gem 0.2.0 for Ruby places the configured password on command ...)
	NOT-FOR-US: Ruby Gem lynx
CVE-2014-5001 (lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database ...)
	NOT-FOR-US: Ruby Gem kcapifony
CVE-2014-5000 (The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby ...)
	NOT-FOR-US: Ruby Gem lawn-login
CVE-2014-4999 (vendor/plugins/dataset/lib/dataset/database/mysql.rb in the kajam gem ...)
	NOT-FOR-US: Ruby Gem kajam
CVE-2014-4998 (test/tc_database.rb in the lean-ruport gem 0.3.8 for Ruby places the ...)
	NOT-FOR-US: Ruby Gem lean-ruport
CVE-2014-4997 (lib/commands/setup.rb in the point-cli gem 0.0.1 for Ruby places ...)
	NOT-FOR-US: Ruby Gem point-cli
CVE-2014-4996 (lib/vlad/dba/mysql.rb in the VladTheEnterprising gem 0.2 for Ruby ...)
	NOT-FOR-US: Ruby Gem VladTheEnterprising
CVE-2014-4995 (Race condition in lib/vlad/dba/mysql.rb in the VladTheEnterprising gem ...)
	NOT-FOR-US: Ruby Gem VladTheEnterprising
CVE-2014-4994 (lib/gyazo/client.rb in the gyazo gem 1.0.0 for Ruby allows local users ...)
	NOT-FOR-US: Ruby Gem gyazo
CVE-2014-4993 ((1) lib/backup/cli/utility.rb in the backup-agoddard gem 3.0.28 and ...)
	NOT-FOR-US: Ruby Gems backup-agoddard and backup_checksum
CVE-2014-4992 (lib/cap-strap/helpers.rb in the cap-strap gem 0.1.5 for Ruby places ...)
	NOT-FOR-US: Ruby Gem cap-strap
CVE-2014-4991 ((1) lib/dataset/database/mysql.rb and (2) ...)
	NOT-FOR-US: Ruby Gem codders-dataset
CVE-2014-4990
	RESERVED
CVE-2014-4989
	RESERVED
CVE-2014-4988
	RESERVED
CVE-2014-4987 (server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x ...)
	- phpmyadmin 4:4.2.6-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-7.php
CVE-2014-4986 (Multiple cross-site scripting (XSS) vulnerabilities in js/functions.js ...)
	- phpmyadmin 4:4.2.6-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2014-6.php
CVE-2014-4985
	RESERVED
CVE-2014-4984
	RESERVED
CVE-2014-4983
	RESERVED
CVE-2014-4982
	RESERVED
CVE-2014-4981
	RESERVED
CVE-2014-4980 (The /server/properties resource in Tenable Web UI before 2.3.5 for ...)
	NOT-FOR-US: Tenable Web UI for Nessus
CVE-2014-4979 (Apple QuickTime allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-4977 (Multiple SQL injection vulnerabilities in Dell SonicWall Scrutinizer ...)
	NOT-FOR-US: SonicWall
CVE-2014-4976 (Dell SonicWall Scrutinizer 11.0.1 allows remote authenticated users to ...)
	NOT-FOR-US: SonicWall
CVE-2014-5022 (Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal ...)
	{DSA-2983-1}
	- drupal6 <not-affected> (Only affects Drupal 7 core)
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-5021 (Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x ...)
	{DSA-2983-1}
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-5020 (The File module in Drupal 7.x before 7.29 does not properly check ...)
	{DSA-2983-1}
	- drupal6 <not-affected> (Only affects Drupal 7 core)
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-5019 (The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 ...)
	{DSA-2983-1}
	- drupal6 <removed>
	[squeeze] - drupal6 <end-of-life>
	- drupal7 7.29-1 (bug #755038)
	NOTE: https://www.drupal.org/SA-CORE-2014-003
CVE-2014-4975 (Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and ...)
	{DSA-3157-1 DLA-200-1}
	- ruby1.8 <not-affected> (Vulnerable code not present in 1.8)
	- ruby1.9.1 <removed> (low)
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
	- ruby2.0 <removed> (low)
	- ruby2.1 2.1.3-1 (low)
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=46778
CVE-2014-4974 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode ...)
	NOT-FOR-US: ESET
CVE-2014-4973 (The ESET Personal Firewall NDIS filter (EpFwNdis.sys) driver in the ...)
	NOT-FOR-US: ESET Personal Firewall
CVE-2014-4972 (Unrestricted file upload vulnerability in the Gravity Upload Ajax ...)
	NOT-FOR-US: Gravity Upload Ajax plugin for WordPress
CVE-2014-4971 (Microsoft Windows XP SP3 does not validate addresses in certain IRP ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2014-4970
	RESERVED
CVE-2014-4969
	RESERVED
CVE-2014-4968
	RESERVED
CVE-2014-4967
	RESERVED
	- ansible 1.6.8+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
CVE-2014-4966
	RESERVED
	- ansible 1.6.8+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/84759faa0950146a6bae8452580b4a4cede6d871
CVE-2014-4965 (Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 ...)
	NOT-FOR-US: Shopizer
CVE-2014-4964 (Multiple cross-site request forgery (CSRF) vulnerabilities in Shopizer ...)
	NOT-FOR-US: Shopizer
CVE-2014-4963 (Shopizer 1.1.5 and earlier allows remote attackers to modify the ...)
	NOT-FOR-US: Shopizer
CVE-2014-4962 (Shopizer 1.1.5 and earlier allows remote attackers to reduce the total ...)
	NOT-FOR-US: Shopizer
CVE-2014-4961
	RESERVED
CVE-2014-4960 (Multiple SQL injection vulnerabilities in models\gallery.php in ...)
	NOT-FOR-US: Joomla! component
CVE-2014-4959 (**DISPUTED** SQL injection vulnerability in SQLiteDatabase.java in the ...)
	NOT-FOR-US: Disputed Android issue
CVE-2014-4958 (Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET ...)
	NOT-FOR-US: Telerik UI for ASP.NET AJAX RadEditor Control
CVE-2014-4957
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4956
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4955 (Cross-site scripting (XSS) vulnerability in the PMA_TRI_getRowForList ...)
	- phpmyadmin 4:4.2.6-1 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4954 (Cross-site scripting (XSS) vulnerability in the ...)
	- phpmyadmin 4:4.2.6-1
	[squeeze] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
	[wheezy] - phpmyadmin <not-affected> (libraries/structure.lib.php not present)
CVE-2014-4953
	REJECTED
CVE-2014-4952
	REJECTED
CVE-2014-4951
	REJECTED
CVE-2014-4950
	REJECTED
CVE-2014-4949
	REJECTED
CVE-2014-4948 (Unspecified vulnerability in Citrix XenServer 6.2 Service Pack 1 and ...)
	NOT-FOR-US: Citrix XenServer
CVE-2014-4947 (Buffer overflow in the HVM graphics console support in Citrix ...)
	NOT-FOR-US: Citrix XenServer
CVE-2014-4946 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
	- php-horde-imp 6.2.0-1
	- horde3 <removed>
	[squeeze] - horde3 <not-affected>
	NOTE: Upstream patches:
	NOTE: https://github.com/horde/horde/commit/578ff073724d9c179663098d8ff0076e8b361cfb
	NOTE: https://github.com/horde/horde/commit/2f1f4b10dec90fb67797ea80be0e029ead90f168
	NOTE: The bugs are in javascript files that do not exist in the version in Squeeze.
CVE-2014-4945 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet ...)
	- php-horde-imp 6.2.0-1
	- horde3 <removed>
	[squeeze] - horde3 <not-affected>
	NOTE: Upstream patch: https://github.com/horde/horde/commit/71633e649afc0704b72098a6e2530377dd67eb0c
	NOTE: The bug is in PHP template file that does not exist in the version in Squeeze.
CVE-2014-4944 (Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4943 (The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel ...)
	{DSA-2992-1 DLA-103-1}
	- linux 3.14.13-1
	- linux-2.6 <removed>
	NOTE: upstream commit: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
CVE-2014-4942 (The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4941 (Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4940 (Multiple directory traversal vulnerabilities in Tera Charts ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4939 (SQL injection vulnerability in the ENL Newsletter (enl-newsletter) ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4938 (SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4937 (Directory traversal vulnerability in includes/bookx_export.php BookX ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4936 (The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer ...)
	NOT-FOR-US: Malwarebytes
CVE-2014-4935
	RESERVED
CVE-2014-4934
	RESERVED
CVE-2014-4933
	RESERVED
CVE-2014-4932
	RESERVED
CVE-2014-4931
	RESERVED
CVE-2014-4930 (Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2014-4929 (Directory traversal vulnerability in the routing component in ownCloud ...)
	- owncloud 6.0.4~beta1+dfsg-1
	NOTE: https://github.com/owncloud/security-advisories/blob/master/server/oc-sa-2014-018.json
CVE-2014-4928 (SQL injection vulnerability in Invision Power Board (aka IPB or ...)
	NOT-FOR-US: Invision Power Board
CVE-2014-4927 (Buffer overflow in ACME micro_httpd, as used in D-Link DSL2750U and ...)
	NOT-FOR-US: ACME micro_httpd
CVE-2014-4926
	RESERVED
CVE-2014-4925 (Cross-site scripting (XSS) vulnerability in Good for Enterprise for ...)
	NOT-FOR-US: Good for Enterprise for Android
CVE-2014-4924
	RESERVED
CVE-2014-4923
	RESERVED
CVE-2014-4922
	RESERVED
CVE-2014-4921
	RESERVED
CVE-2014-4920
	RESERVED
CVE-2014-4919 (OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, ...)
	NOT-FOR-US: OXID eShop
CVE-2014-4918
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4917
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4916
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-4915
	RESERVED
CVE-2014-4912 (An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to ...)
	NOT-FOR-US: Frog CMS
CVE-2014-4906 (The Brisbane &amp; Queensland Alert (aka com.queensland.alert) application ...)
	NOT-FOR-US: Brisbane & Queensland Alert (aka com.queensland.alert) application for Android
CVE-2014-4905 (The Clean Internet Browser (aka com.cleantab.browsesecure) application ...)
	NOT-FOR-US: Clean Internet Browser (aka com.cleantab.browsesecure) application for Android
CVE-2014-4904 (The Crossmo Calendar (aka com.crossmo.calendar) application 1.7.1 for ...)
	NOT-FOR-US: Crossmo Calendar (aka com.crossmo.calendar) application for Android
CVE-2014-4903 (The Kakao Bingo Garden (aka com.mocoga.bingogarden) application 1.0.14 ...)
	NOT-FOR-US: Kakao Bingo Garden (aka com.mocoga.bingogarden) application for Android
CVE-2014-4902
	RESERVED
CVE-2014-4901 (The Bond Trading (aka com.appmakr.app613309) application 197705 for ...)
	NOT-FOR-US: Bond Trading (aka com.appmakr.app613309) application for Android
CVE-2014-4900 (The migme (aka com.projectgoth) application 4.03.002 for Android does ...)
	NOT-FOR-US: migme (aka com.projectgoth) application for Android
CVE-2014-4899 (The Indian Cement Review (aka com.magzter.indiancementreview) ...)
	NOT-FOR-US: Indian Cement Review (aka com.magzter.indiancementreview) application for Android
CVE-2014-4898 (The Harivijay (aka com.upasanhar.marathi.harivijay) application 4.0 ...)
	NOT-FOR-US: Harivijay (aka com.upasanhar.marathi.harivijay) application for Android
CVE-2014-4897 (The Touriosity Travelmag (aka com.magzter.touriositytravelmag) ...)
	NOT-FOR-US: Touriosity Travelmag (aka com.magzter.touriositytravelmag) application for Android
CVE-2014-4896 (The Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) ...)
	NOT-FOR-US: Parque Imperial (aka com.a792139893520606f84b2188a.a23428594a) application for Android
CVE-2014-4895 (The Herpin Time Radio (aka com.herpin.time.radio) application 2.0 for ...)
	NOT-FOR-US: Herpin Time Radio (aka com.herpin.time.radio) application for Android
CVE-2014-4894 (The MyMetro (aka com.myrippleapps.mymetro) application 2.4.7 for ...)
	NOT-FOR-US: MyMetro (aka com.myrippleapps.mymetro) application for Android
CVE-2014-4893
	RESERVED
CVE-2014-4892 (The uControl Smart Home Automation (aka de.ucontrol) application 1.2 ...)
	NOT-FOR-US: uControl Smart Home Automation (aka de.ucontrol) application for Android
CVE-2014-4891 (The CT iHub (aka com.concursive.ctihub) application 1 for Android does ...)
	NOT-FOR-US: CT iHub (aka com.concursive.ctihub) application for Android
CVE-2014-4890 (The Nano Digest (aka com.magzter.nanodigest) application 3.0 for ...)
	NOT-FOR-US: Nano Digest (aka com.magzter.nanodigest) application for Android
CVE-2014-4889 (The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 ...)
	NOT-FOR-US: Diabetic Diet Guide (aka com.wDiabeticDietGuide) application for Android
CVE-2014-4888 (The BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) ...)
	NOT-FOR-US: BattleFriends at Sea GOLD (aka com.tequilamobile.warshipslivegold) application for Android
CVE-2014-4887 (The Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application ...)
	NOT-FOR-US: Joint Radio Blues (aka com.nobexinc.wls_69685189.rc) application for Android
CVE-2014-4886
	RESERVED
CVE-2014-4885 (The CPWORLD Close Protection World (aka ...)
	NOT-FOR-US: CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application for Android
CVE-2014-4884 (The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android ...)
	NOT-FOR-US: Conrad Hotel (aka com.wConradHotel) application for Android
CVE-2014-4883 (resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in ...)
	- xen <not-affected> (LWIP DNS code not present in Xen Debian packages)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1169008
CVE-2014-4882 (Aptexx Resident Anywhere does not require authentication, which allows ...)
	NOT-FOR-US: Aptexx Resident Anywhere
CVE-2014-4881 (The PartyTrack library for Android does not verify X.509 certificates ...)
	NOT-FOR-US: PartyTrack library for Android
CVE-2014-4880 (Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, ...)
	NOT-FOR-US: Hikvision DVR
CVE-2014-4879
	RESERVED
CVE-2014-4878
	RESERVED
CVE-2014-4877 (Absolute path traversal vulnerability in GNU Wget before 1.16, when ...)
	{DSA-3062-1 DLA-82-1}
	- wget 1.16-1 (bug #766981)
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=18b0979357ed7dc4e11d4f2b1d7e0f5932d82aa7
CVE-2014-4876 (Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical ...)
	NOT-FOR-US: Toshiba
CVE-2014-4875 (CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and ...)
	NOT-FOR-US: CreateBossCredentials.jar in Toshiba CHEC
CVE-2014-4874 (BMC Track-It! 11.3.0.355 allows remote authenticated users to read ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-4873 (SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-4872 (BMC Track-It! 11.3.0.355 does not require authentication on TCP port ...)
	NOT-FOR-US: BMC Track-It!
CVE-2014-4871 (Cross-site scripting (XSS) vulnerability in wlsecurity.html on ...)
	NOT-FOR-US: NetCommWireless NB604N routers
CVE-2014-4870 (/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade ...)
	NOT-FOR-US: Brocade Vyatta
CVE-2014-4869 (The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows ...)
	NOT-FOR-US: Brocade Vyatta
CVE-2014-4868 (The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), ...)
	NOT-FOR-US: Brocade Vyatta
CVE-2014-4867 (Cryoserver Security Appliance 7.3.x uses weak permissions for ...)
	NOT-FOR-US: Cryoserver
CVE-2014-4866
	RESERVED
CVE-2014-4865 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: CacheGuard-OS
CVE-2014-4864 (The NETGEAR ProSafe Plus Configuration Utility creates configuration ...)
	NOT-FOR-US: NETGEAR ProSafe Plus Configuration Utility
CVE-2014-4863 (The Arris Touchstone DG950A cable modem with software 7.10.131 has an ...)
	NOT-FOR-US: Arris Touchstone DG950A cable modem
CVE-2014-4862 (The Netmaster CBW700N cable modem with software 81.447.392110.729.024 ...)
	NOT-FOR-US: Netmaster CBW700N cable modem
CVE-2014-4861 (The Remote Desktop Launcher in Thycotic Secret Server before ...)
	NOT-FOR-US: Remote Desktop Launcher in Thycotic Secret Server
CVE-2014-4860
	RESERVED
	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4859
	RESERVED
	- edk2 <not-affected> (No support for updates of hypervisor-supplied firmware from guests)
	NOTE: https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation-presentation.pdf
CVE-2014-4858 (Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre ...)
	NOT-FOR-US: Sabre AirCenter Crew
CVE-2014-4857 (Cross-site scripting (XSS) vulnerability in Gurock TestRail before ...)
	NOT-FOR-US: Gurock TestRail
CVE-2014-4856 (Cross-site scripting (XSS) vulnerability in the Polldaddy Polls &amp; ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4855 (Cross-site scripting (XSS) vulnerability in the Polylang plugin before ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4854 (Cross-site scripting (XSS) vulnerability in the WP Construction Mode ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4853 (Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-4852 (SQL injection vulnerability in admin/uploads.php in The Digital Craft ...)
	NOT-FOR-US: AtomCMS
CVE-2014-4851 (Open redirect vulnerability in msg.php in FoeCMS allows remote ...)
	NOT-FOR-US: FoeCMS
CVE-2014-4850 (SQL injection vulnerability in index.php in FoeCMS allows remote ...)
	NOT-FOR-US: FoeCMS
CVE-2014-4849 (Multiple cross-site scripting (XSS) vulnerabilities in msg.php in ...)
	NOT-FOR-US: FoeCMS
CVE-2014-4848 (Cross-site scripting (XSS) vulnerability in the Blogstand Banner ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4847 (Cross-site scripting (XSS) vulnerability in the Random Banner plugin ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4846 (Cross-site scripting (XSS) vulnerability in the Meta Slider ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4845 (Cross-site scripting (XSS) vulnerability in the BannerMan plugin 0.2.4 ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4844 (The import/export functionality in IBM Business Process Manager (BPM) ...)
	NOT-FOR-US: IBM
CVE-2014-4843 (Curam Universal Access in IBM Curam Social Program Management (SPM) ...)
	NOT-FOR-US: IBM
CVE-2014-4842
	RESERVED
CVE-2014-4841
	RESERVED
CVE-2014-4840 (IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4839 (Cross-site request forgery (CSRF) vulnerability in birtviewer.query in ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4838 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4837 (Cross-site scripting (XSS) vulnerability in NewDocument.jsp in IBM ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4836 (Cross-site scripting (XSS) vulnerability in breakOutWithName.jsp in ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2014-4835 (IBM ServerGuide before 9.63, UpdateXpress System Packs Installer ...)
	NOT-FOR-US: IBM
CVE-2014-4834 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
	NOT-FOR-US: IBM
CVE-2014-4833 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4832 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4831 (IBM Security QRadar SIEM and QRadar Risk Manager 7.1 before MR2 Patch ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4830 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4829 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM Security QRadar
CVE-2014-4828 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 allows remote ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4827 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4826 (IBM Security QRadar SIEM 7.2 before 7.2.3 Patch 1 does not properly ...)
	NOT-FOR-US: IBM Security QRadar
CVE-2014-4825 (IBM Security QRadar SIEM QRM 7.1 MR1 and QRM/QVM 7.2 MR2 does not ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-4824 (SQL injection vulnerability in IBM Security QRadar SIEM 7.2 before ...)
	NOT-FOR-US: IBM Security QRadar
CVE-2014-4823 (The administration console in IBM Security Access Manager for Web 7.x ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-4822 (IBM WebSphere MQ classes for Java libraries 8.0 before 8.0.0.1 and ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2014-4821 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4820 (Cross-site scripting (XSS) vulnerability in IBM Integration Bus ...)
	NOT-FOR-US: IBM
CVE-2014-4819 (The web user interface in IBM WebSphere Message Broker 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2014-4818 (dsmtca in the client in IBM Tivoli Storage Manager (TSM) 5.4.x, 5.5.x, ...)
	NOT-FOR-US: IBM
CVE-2014-4817 (The server in IBM Tivoli Storage Manager (TSM) 5.x and 6.x before ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2014-4816 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4815 (Session fixation vulnerability in IBM Rational Lifecycle Integration ...)
	NOT-FOR-US: IBM
CVE-2014-4814 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4813 (Race condition in the client in IBM Tivoli Storage Manager (TSM) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2014-4812 (The installer in IBM Security AppScan Source 8.x and 9.x through 9.0.1 ...)
	NOT-FOR-US: IBM Security AppScan Source
CVE-2014-4811 (IBM Storwize 3500, 3700, 5000, and 7000 devices and SAN Volume ...)
	NOT-FOR-US: IBM
CVE-2014-4810 (IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and ...)
	NOT-FOR-US: IBM
CVE-2014-4809 (The WebSEAL component in IBM Security Access Manager for Web 7.x ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-4808 (Unspecified vulnerability in IBM WebSphere Portal 6.1.0 through ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4807 (Sterling Order Management in IBM Sterling Selling and Fulfillment ...)
	NOT-FOR-US: IBM Sterling Selling
CVE-2014-4806 (The installation process in IBM Security AppScan Enterprise 8.x before ...)
	NOT-FOR-US: IBM
CVE-2014-4805 (IBM DB2 10.5 before FP4 on Linux and AIX creates temporary files ...)
	NOT-FOR-US: IBM DB2
CVE-2014-4804 (Curam Universal Access in IBM Curam Social Program Management 5.2 ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-4803 (CRLF injection vulnerability in the Universal Access implementation in ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-4802 (The Saved Search Admin component in the Process Admin Console in IBM ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2014-4801 (Cross-site scripting (XSS) vulnerability in IBM Rational Quality ...)
	NOT-FOR-US: IBM
CVE-2014-4800
	RESERVED
CVE-2014-4799
	RESERVED
CVE-2014-4798
	RESERVED
CVE-2014-4797
	RESERVED
CVE-2014-4796
	RESERVED
CVE-2014-4795
	RESERVED
CVE-2014-4794
	RESERVED
CVE-2014-4793 (IBM WebSphere MQ 8.x before 8.0.0.1 does not properly enforce CHLAUTH ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-4792 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM
CVE-2014-4791
	RESERVED
CVE-2014-4790 (IBM Emptoris Sourcing Portfolio 9.5.x before 9.5.1.3, 10.0.0.x before ...)
	NOT-FOR-US: IBM Emptoris Sourcing Portfolio
CVE-2014-4789 (Session fixation vulnerability in IBM Initiate Master Data Service 9.5 ...)
	NOT-FOR-US: IBM
CVE-2014-4788 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before ...)
	NOT-FOR-US: IBM
CVE-2014-4787 (Cross-site scripting (XSS) vulnerability in IBM Initiate Master Data ...)
	NOT-FOR-US: IBM
CVE-2014-4786 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before ...)
	NOT-FOR-US: IBM
CVE-2014-4785 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...)
	NOT-FOR-US: IBM
CVE-2014-4784 (IBM Initiate Master Data Service 9.5 before 9.5.093013, 9.7 before ...)
	NOT-FOR-US: IBM
CVE-2014-4783 (Cross-site request forgery (CSRF) vulnerability in IBM Initiate Master ...)
	NOT-FOR-US: IBM
CVE-2014-4782 (IBM InfoSphere BigInsights 2.1.2 allows remote authenticated users to ...)
	NOT-FOR-US: IBM
CVE-2014-4781 (The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2014-4780
	RESERVED
CVE-2014-4779
	RESERVED
CVE-2014-4778 (IBM License Metric Tool 9 before 9.1.0.2 and Endpoint Manager for ...)
	NOT-FOR-US: IBM
CVE-2014-4777
	RESERVED
CVE-2014-4776 (IBM License Metric Tool 9 before 9.1.0.2 does not have an off ...)
	NOT-FOR-US: IBM
CVE-2014-4775 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x ...)
	NOT-FOR-US: IBM
CVE-2014-4774 (Cross-site request forgery (CSRF) vulnerability in the login page in ...)
	NOT-FOR-US: IBM
CVE-2014-4773
	RESERVED
CVE-2014-4772
	RESERVED
CVE-2014-4771 (IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2014-4770 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4769 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 ...)
	NOT-FOR-US: IBM
CVE-2014-4768 (IBM Unified Extensible Firmware Interface (UEFI) on Flex System x880 ...)
	NOT-FOR-US: IBM
CVE-2014-4767 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4766 (IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote ...)
	NOT-FOR-US: IBM Sametime Classic Meeting Server
CVE-2014-4765 (IBM Maximo Asset Management 7.1 through 7.1.1.13 and 7.5 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-4764 (IBM WebSphere Application Server (WAS) 8.0.x before 8.0.0.10 and 8.5.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-4763 (Cross-site scripting (XSS) vulnerability in Content Navigator in ...)
	NOT-FOR-US: IBM
CVE-2014-4762 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.0 ...)
	NOT-FOR-US: IBM
CVE-2014-4761 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-4760 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0.0 through ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-4759 (An unspecified Ajax service in the Content Management toolkit in IBM ...)
	NOT-FOR-US: IBM
CVE-2014-4758 (IBM Business Process Manager (BPM) 7.5.x through 8.5.5 and WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-4757 (The Outlook Extension in IBM Content Collector 4.0.0.x before ...)
	NOT-FOR-US: IBM Content Collector
CVE-2014-4756 (The Administration and Reporting Tool in IBM Rational License Key ...)
	NOT-FOR-US: IBM
CVE-2014-4755
	RESERVED
CVE-2014-4754
	RESERVED
CVE-2014-4753
	RESERVED
CVE-2014-4752 (IBM System Networking G8052, G8124, G8124-E, G8124-ER, G8264, G8316, ...)
	NOT-FOR-US: IBM
CVE-2014-4751 (Cross-site scripting (XSS) vulnerability in IBM Security Access ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2014-4750 (IBM PowerVC Express Edition 1.2.0 before FixPack3 establishes an FTP ...)
	NOT-FOR-US: IBM
CVE-2014-4749 (IBM PowerVC 1.2.0 before FixPack3 does not properly use the ...)
	NOT-FOR-US: IBM
CVE-2014-4748 (Cross-site scripting (XSS) vulnerability in the Classic Meeting Server ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-4747 (The Classic Meeting Server in IBM Sametime 8.x through 8.5.2.1 allows ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-4746 (IBM WebSphere Portal 8.0.0 before 8.0.0.1 CF13 and 8.5.0 through CF01 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-4745
	RESERVED
CVE-2014-4744 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket before ...)
	NOT-FOR-US: osTicket
CVE-2014-4743 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Kajona module
CVE-2014-4742 (Cross-site scripting (XSS) vulnerability in system/class_link.php in ...)
	NOT-FOR-US: Kajona module
CVE-2014-4741 (SQL injection vulnerability in demo/ads.php in Artifectx xClassified ...)
	NOT-FOR-US: Artifectx xClassified
CVE-2014-4740
	REJECTED
CVE-2014-4739
	RESERVED
CVE-2014-4738 (Multiple cross-site scripting (XSS) vulnerabilities in FortiGuard ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-4737 (Cross-site scripting (XSS) vulnerability in Textpattern CMS before ...)
	- textpattern <removed>
	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
	NOTE: https://github.com/textpattern/textpattern/commit/1206c7d84949a58cd0a2bc4a91ee53a0c8d4daf6
	NOTE: is likely the commit fixing the issue. But it does more than the
	NOTE: strict minimum.
CVE-2014-4736 (SQL injection vulnerability in E2 before 2.4 (2845) allows remote ...)
	NOT-FOR-US: E2
CVE-2014-4735 (Cross-site scripting (XSS) vulnerability in MyWebSQL 3.4 and earlier ...)
	NOT-FOR-US: MyWebSQL
CVE-2014-4734 (Cross-site scripting (XSS) vulnerability in e107_admin/db.php in e107 ...)
	NOT-FOR-US: e107
CVE-2014-4733
	RESERVED
CVE-2014-4732
	RESERVED
CVE-2014-4731
	RESERVED
CVE-2014-4730
	RESERVED
CVE-2014-4729
	RESERVED
CVE-2014-4728 (The web server in the TP-LINK N750 Wireless Dual Band Gigabit Router ...)
	NOT-FOR-US: TP-Link
CVE-2014-4727 (Cross-site scripting (XSS) vulnerability in the DHCP clients page in ...)
	NOT-FOR-US: TP-Link
CVE-2014-4726 (Unspecified vulnerability in the MailPoet Newsletters ...)
	NOT-FOR-US: wysija-newsletters
CVE-2014-4725 (The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for ...)
	NOT-FOR-US: wysija-newsletters
CVE-2014-4978 (The rs_filter_graph function in librawstudio/rs-filter.c in rawstudio ...)
	- rawstudio <removed> (low; bug #754899)
	[wheezy] - rawstudio <no-dsa> (Minor issue)
	[squeeze] - rawstudio <not-affected> (Vulnerable code not present)
CVE-2014-5119 (Off-by-one error in the __gconv_translit_find function in ...)
	{DSA-3012-1 DLA-43-1}
	- glibc 2.19-10 (medium)
	- eglibc <removed> (medium)
	NOTE: http://www.openwall.com/lists/oss-security/2014/07/14/2
	NOTE: http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
CVE-2014-4909 (Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in ...)
	{DSA-2988-1}
	- transmission 2.84-0.1 (bug #755985)
	[squeeze] - transmission <not-affected> (Vulnerable code not present)
	NOTE: http://trac.transmissionbt.com/wiki/Changes#version-2.84
	NOTE: PoC: http://web.archive.org/web/20140815000641/http://inertiawar.com:80/submission.go
CVE-2013-7389 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 ...)
	NOT-FOR-US: D-Link router
CVE-2014-4723 (Cross-site scripting (XSS) vulnerability in the Easy Banners plugin ...)
	NOT-FOR-US: WordPress plugin Easy Banners
CVE-2014-4724 (Cross-site scripting (XSS) vulnerability in the Custom Banners plugin ...)
	NOT-FOR-US: WordPress plugin Custom Banners
CVE-2014-4722 (Multiple cross-site scripting (XSS) vulnerabilities in the OCS Reports ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2014-4914 (The Zend_Db_Select::order function in Zend Framework before 1.12.7 ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.7-0.1 (bug #754201)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-04
	NOTE: https://github.com/zendframework/zf1/commit/da09186c60b9168520e994af4253fba9c19c2b3d
CVE-2014-4913 [ZF2014-03: Potential XSS vector in multiple view helpers]
	RESERVED
	- zendframework <not-affected> (Vulnerable code not present, only affects ZF2)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-03
CVE-2014-4911 (The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before ...)
	{DSA-2981-1 DLA-36-1}
	- polarssl 1.3.7-2.1 (bug #754655)
	[squeeze] - polarssl 1.2.9-1~deb6u2
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-02
	NOTE: commit for 1.3.x branch: https://github.com/polarssl/polarssl/commit/0bcc4e1df78fff6d15c3ecb521e3bd0bbee86e1c
	NOTE: commit for 1.2.x branch: https://github.com/polarssl/polarssl/commit/5bad6afd8c72b2c3a6574dff01ca5f8f2f04800a
CVE-2014-4910 (Directory traversal vulnerability in tools/backlight_helper.c in X.Org ...)
	- xserver-xorg-video-intel <not-affected> (Vulnerable code not present)
	NOTE: http://lists.x.org/archives/xorg-commit/2014-July/036840.html
	NOTE: only experimental, and xf86-video-intel-backlight-helper not installed setuid in Debian
CVE-2014-4720 (Email::Address module before 1.904 for Perl uses an inefficient ...)
	{DSA-2969-1}
	- libemail-address-perl 1.905-1
	[squeeze] - libemail-address-perl 1.889-2+deb6u1
CVE-2014-4719 (Cross-site scripting (XSS) vulnerability in the login panel ...)
	NOT-FOR-US: User-Friendly SVN
CVE-2014-4718 (Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar ...)
	NOT-FOR-US: Lunar CMS
CVE-2014-4717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin simple-share-buttons-adder
CVE-2014-4716 (Cross-site request forgery (CSRF) vulnerability in Thomson TWG87OUIR ...)
	NOT-FOR-US: Thomson TWG87OUIR
CVE-2014-4714
	REJECTED
CVE-2014-4713
	RESERVED
CVE-2014-4712
	RESERVED
CVE-2014-4711
	RESERVED
CVE-2014-4710 (Cross-site scripting (XSS) vulnerability in zero_user_account.php in ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-4709
	RESERVED
CVE-2014-4708
	RESERVED
CVE-2014-4707 (Huawei Campus S7700 with software V200R001C00SPC300, ...)
	NOT-FOR-US: Huawei
CVE-2014-4706 (Huawei Campus S3700HI with software V200R001C00SPC300; Campus S5700 ...)
	NOT-FOR-US: Huawei
CVE-2014-4705 (Multiple heap-based buffer overflows in the eSap software platform in ...)
	NOT-FOR-US: eSap
CVE-2014-4704
	RESERVED
CVE-2013-7388 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2012-6652
	RESERVED
	NOT-FOR-US: WordPress plugin wppageflip
CVE-2012-6651 (Multiple directory traversal vulnerabilities in the Vitamin plugin ...)
	NOT-FOR-US: WordPress plugin vitamin
CVE-2012-6650
	RESERVED
CVE-2014-XXXX [Quassel: /var/lib/quassel/quasselCert.pem world-readable]
	- quassel 0.10.0-2 (low)
	[wheezy] - quassel 0.8.0-1+deb7u2
	[squeeze] - quassel <no-dsa> (Minor issue)
CVE-2014-4908 (Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios ...)
	- pnp4nagios 0.6.24+dfsg1-1 (low)
	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
	NOTE: https://github.com/lingej/pnp4nagios/commit/cb925073edeeb97eb4ce61a86cdafccc9b87f9bb
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516078
	NOTE: https://github.com/lingej/pnp4nagios/commit/e4a19768a5c5e5b1276caf3dd5bb721a540ec014
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=516140
CVE-2014-4907 (Cross-site scripting (XSS) vulnerability in ...)
	- pnp4nagios 0.6.24+dfsg1-1 (low)
	[wheezy] - pnp4nagios <no-dsa> (Minor issue)
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=51607
	NOTE: http://sourceforge.net/p/pnp4nagios/code/ci/f846a6c9d007ca2bee05359af747619151195fc9/
CVE-2014-4715 (Yann Collet LZ4 before r119, when used on certain 32-bit platforms ...)
	- lz4 0.0~r119-1
	NOTE: https://code.google.com/p/lz4/issues/detail?id=134
	NOTE: https://code.google.com/p/lz4/source/detail?r=119
CVE-2014-4700 (Citrix XenDesktop 7.x, 5.x, and 4.x, when pooled random desktop groups ...)
	NOT-FOR-US: Citrix XenDesktop
CVE-2014-4699 (The Linux kernel before 3.15.4 on Intel processors does not properly ...)
	{DSA-2972-1 DLA-0015-1}
	- linux 3.14.10-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b9cd18de4db3c9ffa7e17b0dc0ca99ed5aa4d43a
CVE-2014-4698 (Use-after-free vulnerability in ext/spl/spl_array.c in the SPL ...)
	- php5 5.6.0~rc3+dfsg-1 (unimportant)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=22882a9d89712ff2b6ebc20a689a89452bba4dcd
	NOTE: https://bugs.php.net/bug.php?id=67539
	NOTE: exploitable by malicious scripts only
CVE-2014-4697
	RESERVED
CVE-2014-4696 (Multiple open redirect vulnerabilities in the Suricata package before ...)
	NOT-FOR-US: pfSense
CVE-2014-4695 (Multiple open redirect vulnerabilities in the Snort package before ...)
	NOT-FOR-US: pfSense
CVE-2014-4694 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: pfSense
CVE-2014-4693 (Multiple cross-site scripting (XSS) vulnerabilities in the Snort ...)
	NOT-FOR-US: pfSense
CVE-2014-4692 (pfSense before 2.1.4, when HTTP is used, does not include the HTTPOnly ...)
	NOT-FOR-US: pfSense
CVE-2014-4691 (Session fixation vulnerability in pfSense before 2.1.4 allows remote ...)
	NOT-FOR-US: pfSense
CVE-2014-4690 (Multiple directory traversal vulnerabilities in pfSense before 2.1.4 ...)
	NOT-FOR-US: pfSense
CVE-2014-4689 (Absolute path traversal vulnerability in pkg_edit.php in pfSense ...)
	NOT-FOR-US: pfSense
CVE-2014-4688 (pfSense before 2.1.4 allows remote authenticated users to execute ...)
	NOT-FOR-US: pfSense
CVE-2014-4687 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense before ...)
	NOT-FOR-US: pfSense
CVE-2014-4686 (The Project administration application in Siemens SIMATIC WinCC before ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4685 (Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4684 (The database server in Siemens SIMATIC WinCC before 7.3, as used in ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4683 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4682 (The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used ...)
	NOT-FOR-US: Siemens SIMATIC WinCC
CVE-2014-4681
	RESERVED
CVE-2014-4680
	RESERVED
CVE-2014-4679
	RESERVED
CVE-2014-4677 (The installPackage function in the installerHelper subcomponent in ...)
	NOT-FOR-US: Libmacgpg
CVE-2014-4676
	RESERVED
CVE-2014-4675
	RESERVED
CVE-2014-4674
	RESERVED
CVE-2014-4673
	RESERVED
CVE-2014-4672 (The CDetailView widget in Yii PHP Framework 1.1.14 allows remote ...)
	- yii-framework-php <itp> (bug #683810)
CVE-2014-4671 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-4670 (Use-after-free vulnerability in ext/spl/spl_dllist.c in the SPL ...)
	{DSA-3008-1}
	- php5 5.6.0~rc3+dfsg-1 (unimportant)
	NOTE: exploitable by malicious scripts only
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=df78c48354f376cf419d7a97f88ca07d572f00fb
	NOTE: https://bugs.php.net/bug.php?id=67538
CVE-2014-4669 (HP Enterprise Maps 1.00 allows remote authenticated users to read ...)
	NOT-FOR-US: HP Enterprise Maps
CVE-2014-4666
	RESERVED
CVE-2014-4665
	RESERVED
CVE-2014-4664 (Cross-site scripting (XSS) vulnerability in the Wordfence Security ...)
	NOT-FOR-US: Wordfence Security plugin for WordPress
CVE-2014-4663 (TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is ...)
	NOT-FOR-US: WordPress timthumb
CVE-2014-4662
	RESERVED
CVE-2014-4661 (Cross-site scripting (XSS) vulnerability in HP Records Manager before ...)
	NOT-FOR-US: HP Records Manager
CVE-2014-4651
	RESERVED
	NOT-FOR-US: JClouds
CVE-2014-4647 (Stack-based buffer overflow in the loadExtensionFactory method in the ...)
	NOT-FOR-US: Embarcadero ER/Studio Data Architect
CVE-2014-4646 (Buffer overflow in the FPDFBookmark_GetTitle method in Foxit PDF SDK ...)
	NOT-FOR-US: Foxit PDF SDK
CVE-2014-4645 (Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link ...)
	NOT-FOR-US: D-Link hardware
CVE-2014-4644 (SQL injection vulnerability in superlinks.php in the superlinks plugin ...)
	NOT-FOR-US: Cacti plugin superlinks
CVE-2014-4643 (Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 ...)
	NOT-FOR-US: Core FTP client
CVE-2012-6649
	RESERVED
CVE-2014-4721 (The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 ...)
	{DSA-2974-1 DLA-0018-1}
	- php5 5.6.0~rc1+dfsg-2 (low)
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: https://bugs.php.net/bug.php?id=67498
	NOTE: https://www.sektioneins.de/en/blog/14-07-04-phpinfo-infoleak.html
CVE-2014-4668 (The cherokee_validator_ldap_check function in validator_ldap.c in ...)
	- cherokee <removed> (low)
	[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2014-4667 (The sctp_association_free function in net/sctp/associola.c in the ...)
	{DSA-2992-1 DLA-0015-1}
	- linux 3.14.9-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d3217b15a19a4779c39b212358a5c71d725822ee (v3.16-rc1)
CVE-2014-4656 (Multiple integer overflows in sound/core/control.c in the ALSA control ...)
	{DLA-0015-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
CVE-2014-4655 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
CVE-2014-4654 (The snd_ctl_elem_add function in sound/core/control.c in the ALSA ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
CVE-2014-4653 (sound/core/control.c in the ALSA control implementation in the Linux ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
CVE-2014-4652 (Race condition in the tlv handler functionality in the ...)
	{DLA-0015-1}
	- linux 3.14.9-1 (low)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 2.6.32-48squeeze8
CVE-2014-4678 [incomplete fix for CVE-2014-4657]
	RESERVED
	- ansible 1.6.6+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/5429b85b9f6c2e640074176f36ff05fd5e4d1916
	NOTE: See http://www.openwall.com/lists/oss-security/2014/06/26/30
CVE-2014-4660
	RESERVED
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
CVE-2014-4659
	RESERVED
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/c4b5e46054c74176b2446c82d4df1a2610eddc08
CVE-2014-4658
	RESERVED
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/a0e027fe362fbc209dbeff2f72d6e95f39885c69
CVE-2014-4657
	RESERVED
	- ansible 1.5.5+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/998793fd0ab55705d57527a38cee5e83f535974c
CVE-2014-4650
	RESERVED
	- python2.6 <removed> (low)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.8-1 (low)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 <removed> (low)
	- python3.4 3.4.1-8 (low)
	NOTE: http://bugs.python.org/issue21766
CVE-2014-4649 (SQL injection vulnerability in the photo-edit subsystem in Piwigo ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4648 (Unspecified vulnerability in Piwigo before 2.6.3 has unknown impact ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4642
	REJECTED
CVE-2014-4641
	REJECTED
CVE-2014-4640
	REJECTED
CVE-2014-4639 (EMC Documentum Web Development Kit (WDK) before 6.8 does not properly ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4638 (EMC Documentum Web Development Kit (WDK) before 6.8 allows remote ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4637 (Open redirect vulnerability in EMC Documentum Web Development Kit ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4636 (Cross-site request forgery (CSRF) vulnerability in EMC Documentum Web ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4635 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum Web Development
CVE-2014-4634 (Unquoted Windows search path vulnerability in EMC Replication Manager ...)
	NOT-FOR-US: EMC Replication Manager and EMC AppSync
CVE-2014-4633 (Cross-site scripting (XSS) vulnerability in EMC RSA Archer GRC ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-4632 (VMware vSphere Data Protection (VDP) 5.1, 5.5 before 5.5.9, and 5.8 ...)
	NOT-FOR-US: EMC Avamar
CVE-2014-4631 (RSA Adaptive Authentication (On-Premise) 6.0.2.1 through 7.1 P3, when ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-4630 (EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before 4.0.6 and RSA ...)
	NOT-FOR-US: RSA BSAFE
CVE-2014-4629 (EMC Documentum Content Server 7.0, 7.1 before 7.1 P10, and 6.7 before ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4628 (Cross-site scripting (XSS) vulnerability in EMC Isilon InsightIQ 2.x ...)
	NOT-FOR-US: EMC Isilon InsightIQ
CVE-2014-4627 (SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before ...)
	NOT-FOR-US: EMC RSA Web Threat Detection
CVE-2014-4626 (EMC Documentum Content Server before 6.7 SP1 P29, 6.7 SP2 before P18, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4625
	RESERVED
CVE-2014-4624 (EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and ...)
	NOT-FOR-US: EMC Avamar
CVE-2014-4623 (EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) ...)
	NOT-FOR-US: EMC Avamar
CVE-2014-4622 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4621 (EMC Documentum Content Server before 6.7 SP2 P17, 7.0 through P15, and ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4620 (The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 ...)
	NOT-FOR-US: EMC NetWorker
CVE-2014-4619 (EMC RSA Identity Management and Governance (IMG) 6.5.x before 6.5.1 ...)
	NOT-FOR-US: EMC RSA Identity Management and Governance
CVE-2014-4618 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-4612 (Cross-site scripting (XSS) vulnerability in the keywords manager ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2014-4611 (Integer overflow in the LZ4 algorithm implementation, as used in Yann ...)
	- linux 3.14.9-1 (unimportant)
	[wheezy] - linux <not-affected> (LZ4 support introduced in 3.11)
	- linux-2.6 <not-affected> (LZ4 support introduced in 3.11)
	NOTE: possible fix in https://lkml.org/lkml/2014/7/4/288
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=883949#c12
	- lz4 0.0~r119-1
	NOTE: Not exploitable for lz* compressed kernel images: http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
	NOTE: for lz4: https://code.google.com/p/lz4/issues/detail?id=52 and https://code.google.com/p/lz4/source/detail?r=118
CVE-2014-4610
	RESERVED
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fixed in http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6af26c55c1ea30f85a7d9edbc373f53be1743ee
CVE-2014-4609
	RESERVED
	{DSA-2977-1}
	- libav 6:10.2-1
	NOTE: http://git.libav.org/?p=libav.git;a=commit;h=ccda51b14c0fcae2fad73a24872dce75a7964996
CVE-2014-4608 (** DISPUTED ** Multiple integer overflows in the lzo1x_decompress_safe ...)
	- linux 3.14.9-1 (unimportant)
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed> (unimportant)
	[squeeze] - linux-2.6 2.6.32-48squeeze9
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=206a81c18401c0cde6e579164f752c4b147324ce
	NOTE: Not exploitable with the block sizes used in kernel images
CVE-2014-4607
	RESERVED
	{DSA-2995-1 DLA-35-1}
	- lzo <removed>
	- lzo2 2.08-1 (bug #752861)
	- busybox 1:1.22.0-10 (bug #768945)
	[jessie] - busybox 1:1.22.0-9+deb8u1
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2014-4606 (Cross-site scripting (XSS) vulnerability in redirect_to_zeenshare.php ...)
	NOT-FOR-US: WordPress plugin ZeenShare
CVE-2014-4605 (Cross-site scripting (XSS) vulnerability in cal/test.php in the ...)
	NOT-FOR-US: WordPress plugin ZdStatistics
CVE-2014-4604 (Cross-site scripting (XSS) vulnerability in settings/pwsettings.php in ...)
	NOT-FOR-US: WordPress plugin Your Text Manager
CVE-2014-4603 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin Yahoo Updates
CVE-2014-4602 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin XEN Carousel
CVE-2014-4601 (Cross-site scripting (XSS) vulnerability in wu-ratepost.php in the ...)
	NOT-FOR-US: WordPress plugin Wu-Rating
CVE-2014-4600 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin WP Ultimate Email Marketer
CVE-2014-4599 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin WP-Business Directory
CVE-2014-4598 (Cross-site scripting (XSS) vulnerability in wp-tmkm-amazon-search.php ...)
	NOT-FOR-US: WordPress plugin wp-tmkm-amazon
CVE-2014-4597 (Cross-site scripting (XSS) vulnerability in test.php in the WP Social ...)
	NOT-FOR-US: WordPress plugin WP Social Invitations
CVE-2014-4596 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin SnapApp
CVE-2014-4595 (Multiple cross-site scripting (XSS) vulnerabilities in the WP RESTful ...)
	NOT-FOR-US: WordPress plugin WP RESTful
CVE-2014-4594 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
	NOT-FOR-US: WordPress plugin Responsive Preview
CVE-2014-4593 (Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php ...)
	NOT-FOR-US: WordPress plugin WP Plugin Manager
CVE-2014-4592
	RESERVED
CVE-2014-4591 (Cross-site scripting (XSS) vulnerability in picasa_upload.php in the ...)
	NOT-FOR-US: WordPress plugin WP-Picasa-Image
CVE-2014-4590 (Cross-site scripting (XSS) vulnerability in get.php in the WP ...)
	NOT-FOR-US: WordPress plugin WP Microblogs
CVE-2014-4589 (Cross-site scripting (XSS) vulnerability in uploader.php in the WP ...)
	NOT-FOR-US: WordPress plugin wp-media-player
CVE-2014-4588 (Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the ...)
	NOT-FOR-US: WordPress plugin wphotfiles
CVE-2014-4587 (Multiple cross-site scripting (XSS) vulnerabilities in the WP GuestMap ...)
	NOT-FOR-US: WordPress plugin WP GuestMap
CVE-2014-4586 (Multiple cross-site scripting (XSS) vulnerabilities in the wp-football ...)
	NOT-FOR-US: WordPress plugin wp-football
CVE-2014-4585 (Cross-site scripting (XSS) vulnerability in the WP-FaceThumb plugin ...)
	NOT-FOR-US: WordPress plugin WP-FaceThumb
CVE-2014-4584 (Cross-site scripting (XSS) vulnerability in admin/editFacility.php in ...)
	NOT-FOR-US: WordPress plugin wp-easybooking
CVE-2014-4583 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin WP-Contact
CVE-2014-4582 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin WP Consultant
CVE-2014-4581 (Cross-site scripting (XSS) vulnerability in facture.php in the WPCB ...)
	NOT-FOR-US: WordPress plugin WPCB
CVE-2014-4580 (Cross-site scripting (XSS) vulnerability in blipbot.ajax.php in the WP ...)
	NOT-FOR-US: WordPress plugin WP BlipBot
CVE-2014-4579 (Cross-site scripting (XSS) vulnerability in js/test.php in the ...)
	NOT-FOR-US: WordPress plugin Appointments Scheduler
CVE-2014-4578 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin WP App Maker
CVE-2014-4577 (Absolute path traversal vulnerability in reviews.php in the WP AmASIN ...)
	NOT-FOR-US: WordPress plugin WP AmASIN - The Amazon Affiliate Shop
CVE-2014-4576 (Cross-site scripting (XSS) vulnerability in services/diagnostics.php ...)
	NOT-FOR-US: WordPress plugin WordPress Social Login
CVE-2014-4575 (Cross-site scripting (XSS) vulnerability in js/window.php in the ...)
	NOT-FOR-US: WordPress plugin Wikipop
CVE-2014-4574 (Cross-site scripting (XSS) vulnerability in resize.php in the ...)
	NOT-FOR-US: WordPress plugin WebEngage
CVE-2014-4573 (Multiple cross-site scripting (XSS) vulnerabilities in frame-maker.php ...)
	NOT-FOR-US: WordPress plugin Walk Score
CVE-2014-4572 (Cross-site scripting (XSS) vulnerability in bvc.php in the Votecount ...)
	NOT-FOR-US: WordPress plugin Votecount for Balatarin
CVE-2014-4571 (Multiple cross-site scripting (XSS) vulnerabilities in vncal.js.php in ...)
	NOT-FOR-US: WordPress plugin VN-Calendar
CVE-2014-4570 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin VideoWhisper Video Presentation
CVE-2014-4569 (Cross-site scripting (XSS) vulnerability in ls/vv_login.php in the ...)
	NOT-FOR-US: WordPress plugin VideoWhisper Live Streaming Integration
CVE-2014-4568 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4567
	RESERVED
CVE-2014-4566 (Cross-site scripting (XSS) vulnerability in res/fake_twitter/frame.php ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4565 (Multiple cross-site scripting (XSS) vulnerabilities in vcc.js.php in ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4564 (Cross-site scripting (XSS) vulnerability in check.php in the Validated ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4563 (Cross-site scripting (XSS) vulnerability in go.php in the URL Cloak &amp; ...)
	NOT-FOR-US: WordPress plugin
CVE-2014-4562
	RESERVED
CVE-2014-4561
	RESERVED
CVE-2014-4560 (Cross-site scripting (XSS) vulnerability in includes/getTipo.php in ...)
	NOT-FOR-US: WordPress plugin ToolPage
CVE-2014-4559
	RESERVED
CVE-2014-4558
	RESERVED
CVE-2014-4557 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the ...)
	NOT-FOR-US: WordPress plugin Swipe Checkout for Jigoshop
CVE-2014-4556 (Cross-site scripting (XSS) vulnerability in test-plugin.php in the ...)
	NOT-FOR-US: WordPress plugin Switch Checkout for eShop
CVE-2014-4555 (Cross-site scripting (XSS) vulnerability in fonts/font-form.php in the ...)
	NOT-FOR-US: WordPress plugin Style It
CVE-2014-4554 (Cross-site scripting (XSS) vulnerability in templates/download.php in ...)
	NOT-FOR-US: WordPress plugin SS Downloads
CVE-2014-4553
	RESERVED
CVE-2014-4552 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin Spotlight
CVE-2014-4551 (Cross-site scripting (XSS) vulnerability in diagnostics/test.php in ...)
	NOT-FOR-US: WordPress plugin Social Connect
CVE-2014-4550
	RESERVED
CVE-2014-4549 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin WooCommerce SagePay Direct Payment Gateway
CVE-2014-4548
	RESERVED
CVE-2014-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin Rezgo Online Booking
CVE-2014-4546 (Cross-site scripting (XSS) vulnerability in book_ajax.php in the Rezgo ...)
	NOT-FOR-US: WordPress plugin Rezgo
CVE-2014-4545 (Multiple cross-site scripting (XSS) vulnerabilities in pq_dialog.php ...)
	NOT-FOR-US: WordPress plugin Pro Quoter
CVE-2014-4544
	RESERVED
CVE-2014-4543 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin Pay Per Media Player
CVE-2014-4542 (Cross-site scripting (XSS) vulnerability in redirect.php in the Ooorl ...)
	NOT-FOR-US: WordPress plugin Ooorl
CVE-2014-4541 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin OMFG Mobile Pro
CVE-2014-4540 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin Oleggo LiveStream
CVE-2014-4539
	RESERVED
CVE-2014-4538 (Cross-site scripting (XSS) vulnerability in process.php in the Malware ...)
	NOT-FOR-US: WordPress plugin Malware Finder
CVE-2014-4537 (Cross-site scripting (XSS) vulnerability in inpage.tpl.php in the ...)
	NOT-FOR-US: WordPress plugin Keyword Strategy Internal Links
CVE-2014-4536
	RESERVED
CVE-2014-4535
	RESERVED
CVE-2014-4534 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin HTML5 Video Player with Playlist
CVE-2014-4533 (Cross-site scripting (XSS) vulnerability in ajax_functions.php in the ...)
	NOT-FOR-US: WordPress plugin GEO Redirector
CVE-2014-4532 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin GarageSale
CVE-2014-4531 (Cross-site scripting (XSS) vulnerability in main_page.php in the Game ...)
	NOT-FOR-US: WordPress plugin Game tabs
CVE-2014-4530
	RESERVED
CVE-2014-4529 (Cross-site scripting (XSS) vulnerability in fpg_preview.php in the ...)
	NOT-FOR-US: WordPress plugin Flash Photo Gallery
CVE-2014-4528 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin fbpromotions
CVE-2014-4527 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin envialosimple-email-marketing-y-newsletters-gratis
CVE-2014-4526 (Multiple cross-site scripting (XSS) vulnerabilities in callback.php in ...)
	NOT-FOR-US: WordPress plugin efence
CVE-2014-4525
	RESERVED
CVE-2014-4524 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin WP Easy Post Types
CVE-2014-4523
	RESERVED
CVE-2014-4522 (Cross-site scripting (XSS) vulnerability in client-assist.php in the ...)
	NOT-FOR-US: WordPress plugin dsSearchAgent: WordPress Edition
CVE-2014-4521 (Cross-site scripting (XSS) vulnerability in client-assist.php in the ...)
	NOT-FOR-US: WordPress plugin dsIDXpress IDX
CVE-2014-4520 (Cross-site scripting (XSS) vulnerability in phprack.php in the DMCA ...)
	NOT-FOR-US: WordPress plugin DMCA WaterMarker
CVE-2014-4519
	RESERVED
CVE-2014-4518 (Cross-site scripting (XSS) vulnerability in xd_resize.php in the ...)
	NOT-FOR-US: WordPress plugin Contact Form by ContactMe.com
CVE-2014-4517 (Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the ...)
	NOT-FOR-US: WordPress plugin CBI Referral Manager
CVE-2014-4516 (Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php ...)
	NOT-FOR-US: WordPress plugin BIC Media Widget
CVE-2014-4515 (Cross-site scripting (XSS) vulnerability in mce_anyfont/dialog.php in ...)
	NOT-FOR-US: WordPress plugin AnyFont
CVE-2014-4514 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin Alipay plugin
CVE-2014-4513 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin ActiveHelper LiveHelp Live Chat
CVE-2014-4512
	RESERVED
CVE-2014-4511 (Gitlist before 0.5.0 allows remote attackers to execute arbitrary ...)
	- gitlist <itp> (bug #750368)
CVE-2014-4509 (The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2014-4507 (Directory traversal vulnerability in Smart-Proxy in Foreman before ...)
	- foreman <itp> (bug #663101)
CVE-2014-4506 (Cross-site scripting (XSS) vulnerability in the Custom Meta module ...)
	NOT-FOR-US: Drupal module Custom Meta
CVE-2014-4505 (Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module ...)
	NOT-FOR-US: Drupal module Easy Breadcrumb
CVE-2014-4617 (The do_uncompress function in g10/compress.c in GnuPG 1.x before ...)
	{DSA-2968-1 DSA-2967-1 DLA-51-1 DLA-0012-1}
	- gnupg 1.4.16-1.2 (bug #752497)
	[squeeze] - gnupg 1.4.10-4+squeeze5
	- gnupg2 2.0.24-1 (bug #752498)
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commitdiff;h=11fdfcf82bd8
CVE-2014-4616 (Array index error in the scanstring function in the _json module in ...)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (minor issue)
	- python2.6 <removed>
	[squeeze] - python2.6 <no-dsa> (minor issue)
	[wheezy] - python2.6 <no-dsa> (minor issue)
	- python2.7 2.7.7-1 (bug #752395)
	[wheezy] - python2.7 <no-dsa> (minor issue)
	- python3.2 <removed>
	[wheezy] - python3.2 <no-dsa> (minor issue)
	- python3.3 <removed>
	- python3.4 3.4.0+20140417-1
	NOTE: http://bugs.python.org/issue21529
CVE-2014-4615 (The notifier middleware in OpenStack PyCADF 0.5.0 and earlier, ...)
	- neutron 2014.1.2-1
	NOTE: upstream patch: https://git.openstack.org/cgit/openstack/neutron/commit/?id=0324965a0c2987e5cad6276f011682dec184205f (neutron)
	- ceilometer 2014.1.2-1
	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=2b6454f9f4e0585949ab68a91ed405755438d76e (ceilometer)
	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/ceilometer/commit/?id=264f3b0d9640edeac743f339786e0a3b22c0f6c2 (ceilometer)
	- python-pycadf 0.5.1-1
	NOTE: Upstream patch: https://git.openstack.org/cgit/openstack/pycadf/commit/?id=966d4410a1a69e0a3af678442a1a965dae80d720 (pycadf)
CVE-2014-4614 (Multiple cross-site request forgery (CSRF) vulnerabilities in Piwigo ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Minor issue)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4613 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Minor issue)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-4510 (Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng ...)
	- apt-cacher-ng 0.7.26-2
	[wheezy] - apt-cacher-ng <no-dsa> (Minor issue)
	[squeeze] - apt-cacher-ng <no-dsa> (Minor issue)
CVE-2014-4508 (arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on ...)
	{DLA-103-1}
	- linux 3.14.9-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	NOTE: http://article.gmane.org/gmane.linux.kernel/1726110
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=554086d85e71f30abe46fc014fea31929a7c6a8a
CVE-2014-4504
	RESERVED
CVE-2014-4503 (The parse_notify function in util.c in sgminer before 4.2.2 and ...)
	- cgminer 4.2.3-1
CVE-2014-4502 (Multiple heap-based buffer overflows in the parse_notify function in ...)
	- cgminer 4.4.2-1
CVE-2014-4501 (Multiple stack-based buffer overflows in sgminer before 4.2.2, cgminer ...)
	- cgminer 4.4.2-1
CVE-2014-4500
	RESERVED
CVE-2014-4499 (The App Store process in CommerceKit Framework in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2014-4498 (The CPU Software in Apple OS X before 10.10.2 allows physically ...)
	NOT-FOR-US: Apple
CVE-2014-4497 (Integer signedness error in IOBluetoothFamily in the Bluetooth ...)
	NOT-FOR-US: Apple
CVE-2014-4496 (The mach_port_kobject interface in the kernel in Apple iOS before ...)
	NOT-FOR-US: Apple
CVE-2014-4495 (The kernel in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
	NOT-FOR-US: Apple
CVE-2014-4494 (Springboard in Apple iOS before 8.1.3 does not properly validate ...)
	NOT-FOR-US: Apple
CVE-2014-4493 (The app-installation functionality in MobileInstallation in Apple iOS ...)
	NOT-FOR-US: Apple
CVE-2014-4492 (libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
	NOT-FOR-US: Apple
CVE-2014-4491 (The extension APIs in the kernel in Apple iOS before 8.1.3, Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-4490
	REJECTED
CVE-2014-4489 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
	NOT-FOR-US: Apple
CVE-2014-4488 (IOHIDFamily in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
	NOT-FOR-US: Apple
CVE-2014-4487 (Buffer overflow in IOHIDFamily in Apple iOS before 8.1.3, Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-4486 (IOAcceleratorFamily in Apple iOS before 8.1.3, Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2014-4485 (Buffer overflow in the XML parser in Foundation in Apple iOS before ...)
	NOT-FOR-US: Apple
CVE-2014-4484 (FontParser in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and ...)
	NOT-FOR-US: Apple
CVE-2014-4483 (Buffer overflow in FontParser in Apple iOS before 8.1.3, Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-4482
	REJECTED
CVE-2014-4481 (Integer overflow in CoreGraphics in Apple iOS before 8.1.3, Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-4480 (Directory traversal vulnerability in afc in AppleFileConduit in Apple ...)
	NOT-FOR-US: Apple
CVE-2014-4479 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...)
	NOT-FOR-US: Apple
CVE-2014-4478
	REJECTED
CVE-2014-4477 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...)
	NOT-FOR-US: Apple
CVE-2014-4476 (WebKit, as used in Apple iOS before 8.1.3; Apple Safari before 6.2.3, ...)
	NOT-FOR-US: Apple
CVE-2014-4475 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4474 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4473 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4472 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4471 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4470 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4469 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4468 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4467 (WebKit, as used in Apple iOS before 8.1.3, does not properly determine ...)
	NOT-FOR-US: Apple
CVE-2014-4466 (WebKit, as used in Apple Safari before 6.2.1, 7.x before 7.1.1, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4465 (WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4464
	REJECTED
CVE-2014-4463 (Apple iOS before 8.1.1 allows physically proximate attackers to bypass ...)
	NOT-FOR-US: Apple
CVE-2014-4462 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4461 (The kernel in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does ...)
	NOT-FOR-US: Apple
CVE-2014-4460 (CFNetwork in Apple iOS before 8.1.1 and OS X before 10.10.1 does not ...)
	NOT-FOR-US: Apple
CVE-2014-4459 (Use-after-free vulnerability in WebKit, as used in Apple OS X before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4458 (The &quot;System Profiler About This Mac&quot; component in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2014-4457 (The Sandbox Profiles subsystem in Apple iOS before 8.1.1 does not ...)
	NOT-FOR-US: Apple
CVE-2014-4456
	REJECTED
CVE-2014-4455 (dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not ...)
	NOT-FOR-US: Apple
CVE-2014-4454
	REJECTED
CVE-2014-4453 (Apple iOS before 8.1.1 and OS X before 10.10.1 include location data ...)
	NOT-FOR-US: Apple
CVE-2014-4452 (WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4451 (Apple iOS before 8.1.1 does not properly enforce the failed-passcode ...)
	NOT-FOR-US: Apple
CVE-2014-4450 (The QuickType feature in the Keyboards subsystem in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2014-4449 (iCloud Data Access in Apple iOS before 8.1 does not verify X.509 ...)
	NOT-FOR-US: Apple iOS
CVE-2014-4448 (House Arrest in Apple iOS before 8.1 relies on the hardware UID for ...)
	NOT-FOR-US: Apple iOS
CVE-2014-4447 (Profile Manager in Apple OS X Server before 4.0 allows local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4446 (Mail Service in Apple OS X Server before 4.0 does not enforce SACL ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4445
	REJECTED
CVE-2014-4444 (SecurityAgent in Apple OS X before 10.10 does not ensure that a ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4443 (Apple OS X before 10.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4442 (The kernel in Apple OS X before 10.10 allows local users to cause a ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4441 (NetFS Client Framework in Apple OS X before 10.10 does not ensure that ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4440 (The MCX Desktop Config Profiles implementation in Apple OS X before ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4439 (Mail in Apple OS X before 10.10 does not properly recognize the ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4438 (Race condition in LoginWindow in Apple OS X before 10.10 allows ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4437 (LaunchServices in Apple OS X before 10.10 allows attackers to bypass ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4436 (IOHIDFamily in Apple OS X before 10.10 allows attackers to cause ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4435 (The &quot;iCloud Find My Mac&quot; feature in Apple OS X before 10.10 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4434 (The kernel in Apple OS X before 10.10 allows physically proximate ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4433 (Heap-based buffer overflow in the kernel in Apple OS X before 10.10 ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4432 (fdesetup in Apple OS X before 10.10 does not properly display the ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4431 (Dock in Apple OS X before 10.10 does not properly manage the ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4430 (CoreStorage in Apple OS X before 10.10 retains a volume's encryption ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4429
	REJECTED
CVE-2014-4428 (Bluetooth in Apple OS X before 10.10 does not require encryption for ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4427 (App Sandbox in Apple OS X before 10.10 allows attackers to bypass a ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4426 (AFP File Server in Apple OS X before 10.10 allows remote attackers to ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4425 (CFPreferences in Apple OS X before 10.10 does not properly enforce the ...)
	NOT-FOR-US: Apple OS X
CVE-2014-4424 (SQL injection vulnerability in Wiki Server in CoreCollaboration in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4423 (The Accounts subsystem in Apple iOS before 8 allows attackers to ...)
	NOT-FOR-US: Accounts subsystem in Apple iOS
CVE-2014-4422 (The kernel in Apple iOS before 8 and Apple TV before 7 uses a ...)
	NOT-FOR-US: Apple
CVE-2014-4421 (The network-statistics interface in the kernel in Apple iOS before 8 ...)
	NOT-FOR-US: Apple
CVE-2014-4420 (The network-statistics interface in the kernel in Apple iOS before 8 ...)
	NOT-FOR-US: Apple
CVE-2014-4419 (The network-statistics interface in the kernel in Apple iOS before 8 ...)
	NOT-FOR-US: Apple
CVE-2014-4418 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly ...)
	NOT-FOR-US: Apple
CVE-2014-4417 (Safari in Apple OS X before 10.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple Safari
CVE-2014-4416 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apples Mac OS X
CVE-2014-4415 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4414 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4413 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4412 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4411 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4410 (WebKit, as used in Apple iOS before 8 and Apple TV before 7, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4409 (WebKit in Apple iOS before 8 makes it easier for remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-4408 (The rt_setgate function in the kernel in Apple iOS before 8 and Apple ...)
	NOT-FOR-US: Apple
CVE-2014-4407 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly ...)
	NOT-FOR-US: Apple
CVE-2014-4406 (Cross-site scripting (XSS) vulnerability in Xcode Server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4405 (IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows ...)
	NOT-FOR-US: Apple
CVE-2014-4404 (Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and ...)
	NOT-FOR-US: Apple
CVE-2014-4403 (The kernel in Apple OS X before 10.9.5 allows local users to obtain ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4402 (An unspecified IOAcceleratorFamily function in Apple OS X before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4401 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4400 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4399 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4398 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4397 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4396 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4395 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4394 (An unspecified integrated graphics driver routine in the Intel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4393 (Buffer overflow in the shader compiler in the Intel Graphics Driver ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4392
	REJECTED
CVE-2014-4391 (The Code Signing feature in Apple OS X before 10.10 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4390 (Bluetooth in Apple OS X before 10.9.5 does not properly validate API ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4389 (Integer overflow in IOKit in Apple iOS before 8 and Apple TV before 7 ...)
	NOT-FOR-US: Apple
CVE-2014-4388 (IOKit in Apple iOS before 8 and Apple TV before 7 does not properly ...)
	NOT-FOR-US: Apple
CVE-2014-4387
	REJECTED
CVE-2014-4386 (Race condition in the App Installation feature in Apple iOS before 8 ...)
	NOT-FOR-US: Apple
CVE-2014-4385
	REJECTED
CVE-2014-4384 (Directory traversal vulnerability in the App Installation feature in ...)
	NOT-FOR-US: Apple
CVE-2014-4383 (The Assets subsystem in Apple iOS before 8 and Apple TV before 7 ...)
	NOT-FOR-US: Apple
CVE-2014-4382
	REJECTED
CVE-2014-4381 (Libnotify in Apple iOS before 8 and Apple TV before 7 lacks proper ...)
	NOT-FOR-US: Apple
CVE-2014-4380 (The IOHIDFamily kernel extension in Apple iOS before 8 and Apple TV ...)
	NOT-FOR-US: Apple
CVE-2014-4379 (An unspecified IOHIDFamily function in Apple iOS before 8 and Apple TV ...)
	NOT-FOR-US: Apple
CVE-2014-4378 (CoreGraphics in Apple iOS before 8 and Apple TV before 7 allows remote ...)
	NOT-FOR-US: Apple
CVE-2014-4377 (Integer overflow in CoreGraphics in Apple iOS before 8 and Apple TV ...)
	NOT-FOR-US: Apple
CVE-2014-4376 (IOKit in IOAcceleratorFamily in Apple OS X before 10.9.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2014-4375 (Double free vulnerability in Apple iOS before 8 and Apple TV before 7 ...)
	NOT-FOR-US: Apple
CVE-2014-4374 (NSXMLParser in Foundation in Apple iOS before 8 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-4373 (The IntelAccelerator driver in the IOAcceleratorFamily subsystem in ...)
	NOT-FOR-US: Apple
CVE-2014-4372 (syslogd in the syslog subsystem in Apple iOS before 8 and Apple TV ...)
	NOT-FOR-US: Apple
CVE-2014-4371 (The network-statistics interface in the kernel in Apple iOS before 8 ...)
	NOT-FOR-US: Apple
CVE-2014-4370
	REJECTED
CVE-2014-4369 (The IOAcceleratorFamily API implementation in Apple iOS before 8 and ...)
	NOT-FOR-US: Apple
CVE-2014-4368 (The Accessibility subsystem in Apple iOS before 8 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-4367 (Apple iOS before 8 enables Voice Dial during all upgrade actions, ...)
	NOT-FOR-US: Apple
CVE-2014-4366 (Mail in Apple iOS before 8 does not prevent sending a LOGIN command to ...)
	NOT-FOR-US: Apple
CVE-2014-4365
	REJECTED
CVE-2014-4364 (The 802.1X subsystem in Apple iOS before 8 and Apple TV before 7 does ...)
	NOT-FOR-US: Apple
CVE-2014-4363 (Safari in Apple iOS before 8 does not properly restrict the ...)
	NOT-FOR-US: Safari in Apple iOS
CVE-2014-4362 (The Sandbox Profiles implementation in Apple iOS before 8 does not ...)
	NOT-FOR-US: Apple
CVE-2014-4361 (The Home &amp; Lock Screen subsystem in Apple iOS before 8 does not ...)
	NOT-FOR-US: Apple
CVE-2014-4360
	REJECTED
CVE-2014-4359
	REJECTED
CVE-2014-4358
	REJECTED
CVE-2014-4357 (Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows ...)
	NOT-FOR-US: Apple
CVE-2014-4356 (Apple iOS before 8 does not follow the intended configuration setting ...)
	NOT-FOR-US: Apple
CVE-2014-4355
	REJECTED
CVE-2014-4354 (Apple iOS before 8 enables Bluetooth during all upgrade actions, which ...)
	NOT-FOR-US: Apple
CVE-2014-4353 (Race condition in iMessage in Apple iOS before 8 allows attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-4352 (Address Book in Apple iOS before 8 relies on the hardware UID for its ...)
	NOT-FOR-US: Apple
CVE-2014-4351 (Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-4350 (Buffer overflow in QT Media Foundation in Apple OS X before 10.9.5 ...)
	NOT-FOR-US: QT Media Foundation in Apple OS X
CVE-2014-4349 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:4.2.5-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4348 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:4.2.5-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-4347 (Citrix NetScaler Application Delivery Controller (ADC) and NetScaler ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2014-4346 (Cross-site scripting (XSS) vulnerability in administration user ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2014-4345 (Off-by-one error in the krb5_encode_krbsecretkey function in ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-7 (bug #757416)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/81c332e29f10887c6b9deb065f81ba259f4c7e03
	NOTE: http://web.mit.edu/Kerberos/advisories/MITKRB5-SA-2014-001.txt
CVE-2014-4344 (The acc_ctx_cont function in the SPNEGO acceptor in ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-5 (bug #755521)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/524688ce87a15fc75f87efc8c039ba4c7d5c197b
CVE-2014-4343 (Double free vulnerability in the init_ctx_reselect function in the ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-5 (bug #755520)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/f18ddf5d82de0ab7591a36e465bc24225776940f
CVE-2014-4342 (MIT Kerberos 5 (aka krb5) 1.7.x through 1.12.x before 1.12.2 allows ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-4 (bug #753625)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4341 (MIT Kerberos 5 (aka krb5) before 1.12.2 allows remote attackers to ...)
	{DSA-3000-1 DLA-37-1}
	- krb5 1.12.1+dfsg-4 (bug #753624)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze8
	NOTE: https://github.com/krb5/krb5/commit/fb99962cbd063ac04c9a9d2cc7c75eab73f3533d
CVE-2014-4340
	RESERVED
CVE-2014-4339
	RESERVED
CVE-2014-4335 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-4334 (Stack-based buffer overflow in Ubisoft Rayman Legends before ...)
	NOT-FOR-US: Ubisoft Rayman Legends
CVE-2014-4333 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Dolphin (php thing)
CVE-2014-4332
	RESERVED
CVE-2014-4331 (Cross-site scripting (XSS) vulnerability in admin/viewer.php in ...)
	NOT-FOR-US: OctavoCMS
CVE-2014-4330 (The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 ...)
	- perl 5.20.1-1 (bug #762256)
	[wheezy] - perl 5.14.2-21+deb7u2
	[squeeze] - perl <no-dsa> (Minor issue)
	NOTE: upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/19be3be6968e2337bcdfe480693fff795ecd1304
CVE-2014-4329 (Cross-site scripting (XSS) vulnerability in lua/host_details.lua in ...)
	- ntopng 1.2.0+dfsg1-1 (bug #760990)
	NOTE: https://svn.ntop.org/bugzilla/show_bug.cgi?id=379
CVE-2014-4328
	RESERVED
CVE-2014-4327
	RESERVED
CVE-2014-4326 (Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote ...)
	- logstash <itp> (bug #664841)
CVE-2014-4325 (The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-4324
	RESERVED
CVE-2014-4323 (The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP ...)
	- linux <not-affected> (Vulnerable code drivers/video/msm not present)
CVE-2014-4322 (drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, ...)
	- linux <not-affected> (Vulnerable code drivers/misc/qseecom.c not present)
CVE-2014-4321
	RESERVED
CVE-2014-4320
	RESERVED
CVE-2014-4319
	RESERVED
CVE-2014-4318
	RESERVED
CVE-2014-4317
	RESERVED
CVE-2014-4316
	RESERVED
CVE-2014-4315
	REJECTED
CVE-2014-4314
	REJECTED
CVE-2014-4313 (SQL injection vulnerability in Epicor Procurement before 7.4 SP2 ...)
	NOT-FOR-US: Epicor
CVE-2014-4312 (Multiple cross-site scripting (XSS) vulnerabilities in Epicor ...)
	NOT-FOR-US: Epicor
CVE-2014-4311 (Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers ...)
	NOT-FOR-US: Epicor
CVE-2014-4310 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4309 (Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 ...)
	NOT-FOR-US: Openfiler
CVE-2014-4308 (Multiple cross-site scripting (XSS) vulnerabilities in NICE Recording ...)
	NOT-FOR-US: NICE Recording eXpress
CVE-2014-4307 (SQL injection vulnerability in categories-x.php in WebTitan before ...)
	NOT-FOR-US: WebTitan
CVE-2014-4306 (Directory traversal vulnerability in logs-x.php in WebTitan before ...)
	NOT-FOR-US: WebTitan
CVE-2014-4305 (Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka ...)
	NOT-FOR-US: NICE Recording eXpress
CVE-2014-4304 (Cross-site scripting (XSS) vulnerability in browse.php in SQL Buddy ...)
	NOT-FOR-US: SQL Buddy
CVE-2014-4303 (Multiple cross-site scripting (XSS) vulnerabilities in the Touch theme ...)
	NOT-FOR-US: Drupal Touch theme
CVE-2014-4302 (Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D ...)
	NOT-FOR-US: HAM3D Shop Engine
CVE-2014-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Ajenti
CVE-2014-4300 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4299 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4298 (Unspecified vulnerability in the SQLJ component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4297 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4296 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4295 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4294 (Unspecified vulnerability in the Java VM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4293 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4292 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4291 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4290 (Unspecified vulnerability in the JPublisher component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4289 (Unspecified vulnerability in the JDBC component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4288 (Unspecified vulnerability in Oracle Java SE 6u81, 7u67, and 8u20 ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-8 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4287 (Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier ...)
	{DSA-3054-1}
	- mysql-5.5 5.5.39-1
	- mariadb-5.5 5.5.39-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
CVE-2014-4286
	REJECTED
CVE-2014-4285 (Unspecified vulnerability in the Oracle Applications Technology ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4284 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4283 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4282 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4281 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4280 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4279 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2014-4278 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-4277 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4276 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4275 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2014-4273
	REJECTED
CVE-2014-4272
	REJECTED
CVE-2014-4271 (Unspecified vulnerability in the Hyperion Essbase component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-4270 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4269 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4268 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4267 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4266 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	NOTE: http://hg.openjdk.java.net/jdk6/jdk6/jdk/rev/de40a32a44f5
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c58a25d48388
CVE-2014-4265 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4264 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (Vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/c084492f9e3d
CVE-2014-4263 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4262 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4261 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox <not-affected> (Only applies if VBox is running on Windows)
	- virtualbox-ose <not-affected> (Only applies if VBox is running on Windows)
CVE-2014-4260 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4259 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-4258 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4257 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle WebCenter Portal
CVE-2014-4256 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4255 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4254 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4253 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4252 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4251 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-4250 (Unspecified vulnerability in the Siebel Core - Server OM Frwks ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-4249 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-4248 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2014-4247 (Unspecified vulnerability in Oracle Java SE 8u5 allows remote ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-4246 (Unspecified vulnerability in the Hyperion Analytic Provider Services ...)
	NOT-FOR-US: Oracle
CVE-2014-4245 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-4244 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4243 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.37-1
	[wheezy] - mysql-5.5 5.5.37-0+wheezy1
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.36-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 <removed>
	NOTE: Unspecified, but according to Oracle only for 5.5.35 and earlier
CVE-2014-4242 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4241 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2014-4240 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4239 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-4238 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4237 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-4236 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-4235 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-4234 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2014-4233 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4232 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
	NOT-FOR-US: Oracle
CVE-2014-4231 (Unspecified vulnerability in the Siebel Travel &amp; Transportation ...)
	NOT-FOR-US: Oracle
CVE-2014-4230 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4229 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle
CVE-2014-4228 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <not-affected> (Only affects 4.1 and later)
CVE-2014-4227 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4226 (Unspecified vulnerability in the PeopleSoft Enterprise FIN Install ...)
	NOT-FOR-US: Oracle
CVE-2014-4225 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-4224 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11.1 ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2014-4223 (Unspecified vulnerability in Oracle Java SE 7u60 allows remote ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (Vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/84bce1b3d28a
CVE-2014-4222 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4221 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (Vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/bac16c82c14a
CVE-2014-4220 (Unspecified vulnerability in Oracle Java SE 7u60 and 8u5 allows remote ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4219 (Unspecified vulnerability in Oracle Java SE 6u75, 7u60, and 8u5 allows ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4218 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4217 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4216 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4215 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-4214 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-4213 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2014-4212 (Unspecified vulnerability in the Oracle Fusion Middleware component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4211 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4210 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4209 (Unspecified vulnerability in Oracle Java SE 5.0u65, 6u75, 7u60, and ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	- openjdk-7 7u65-2.5.1-1
CVE-2014-4208 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-4207 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-4206 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
	NOT-FOR-US: Oracle
CVE-2014-4205 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4204 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2014-4203 (Unspecified vulnerability in the Hyperion Enterprise Performance ...)
	NOT-FOR-US: Oracle
CVE-2014-4202 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4201 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-4200 (vm-support 0.88 in VMware Tools, as distributed with VMware ...)
	- open-vm-tools 2:9.4.6-1770165-1 (low; bug #770809)
	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
CVE-2014-4199 (vm-support 0.88 in VMware Tools, as distributed with VMware ...)
	- open-vm-tools 2:9.4.6-1770165-7 (low; bug #770809)
	[squeeze] - open-vm-tools <no-dsa> (Minor issue)
	[wheezy] - open-vm-tools <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2014/Aug/71
CVE-2014-4198
	RESERVED
CVE-2014-4197 (Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS ...)
	NOT-FOR-US: Bank Soft Systems
CVE-2014-4196
	RESERVED
CVE-2014-4195 (Cross-site scripting (XSS) vulnerability in zero_view_article.php in ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-4194 (SQL injection vulnerability in zero_transact_article.php in ZeroCMS ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-XXXX [softhsm-keyconv creates security-sensibe file world-readable]
	- softhsm 1.3.7-2 (low; bug #752092)
	[squeeze] - softhsm <no-dsa> (Minor issue)
	[wheezy] - softhsm <no-dsa> (Minor issue)
	NOTE: Upstream fix: https://github.com/bellgrim/SoftHSMv2/commit/492447cd4a2be449e99fb9ad2519ea3277aaad28
CVE-2014-XXXX [docker VMM breakout]
	- docker.io 1.0.0~dfsg1-1
CVE-2014-4193 (The TLS implementation in EMC RSA BSAFE-Java Toolkits (aka Share for ...)
	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4192 (The Dual_EC_DRBG implementation in EMC RSA BSAFE-C Toolkits (aka Share ...)
	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4191 (The TLS implementation in EMC RSA BSAFE-C Toolkits (aka Share for C ...)
	NOT-FOR-US: EMC RSA BSAFE-Java Toolkits
CVE-2014-4190 (Multiple heap-based buffer overflows in Huawei Campus Series Switches ...)
	NOT-FOR-US: Huawei Campus Series Switches
CVE-2014-4189 (Cross-site scripting (XSS) vulnerability in Hitachi Tuning Manager ...)
	NOT-FOR-US: Hitachi Tuning Manager
CVE-2014-4188 (Cross-site request forgery (CSRF) vulnerability in Hitachi Tuning ...)
	NOT-FOR-US: Hitachi Tuning Manager
CVE-2014-4187 (Cross-site scripting (XSS) vulnerability in signup.php in ClipBucket ...)
	NOT-FOR-US: ClipBucket
CVE-2014-4186
	RESERVED
CVE-2014-4185
	RESERVED
CVE-2014-4184
	RESERVED
CVE-2014-4183
	RESERVED
CVE-2014-4182
	RESERVED
CVE-2014-4181
	RESERVED
CVE-2014-4180
	RESERVED
CVE-2014-4179
	RESERVED
CVE-2014-4178
	RESERVED
CVE-2014-4177
	RESERVED
CVE-2014-4176
	RESERVED
CVE-2014-4175
	RESERVED
CVE-2014-4174 (wiretap/libpcap.c in the libpcap file parser in Wireshark 1.10.x ...)
	- wireshark 1.10.4-1
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2014-4173
	RESERVED
CVE-2014-4172 [php-cas unencoded tickets]
	RESERVED
	{DSA-3017-1}
	- php-cas 1.3.3-1 (bug #759718)
	NOTE: https://github.com/Jasig/phpCAS/pull/125
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46766
CVE-2014-4171 (mm/shmem.c in the Linux kernel through 3.15.1 does not properly ...)
	- linux 3.14.15-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: https://lkml.org/lkml/2014/7/2/518
CVE-2014-4170
	RESERVED
CVE-2014-4169
	RESERVED
CVE-2014-4166 (Cross-site scripting (XSS) vulnerability in the song history in ...)
	NOT-FOR-US: SHOUTcast DNAS
CVE-2014-4165 (Cross-site scripting (XSS) vulnerability in ntop allows remote ...)
	- ntop <removed> (bug #751946)
	[jessie] - ntop <no-dsa> (Minor issue)
	[wheezy] - ntop <no-dsa> (Minor issue)
CVE-2014-4164 (Cross-site scripting (XSS) vulnerability in AlgoSec FireFlow 6.3-b230 ...)
	NOT-FOR-US: AlogoSec FireFlow
CVE-2014-4163 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin Featured Comments
CVE-2014-4162 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Zyxel P-660HW-T1 wireless
CVE-2014-4161 (Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP ...)
	NOT-FOR-US: SAP Supplier Relationship Management
CVE-2014-4160 (Multiple cross-site scripting (XSS) vulnerabilities in the testcanvas ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2014-4159 (Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier  ...)
	NOT-FOR-US: SAP Supplier Relationship Management
CVE-2014-4158 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
	NOT-FOR-US: Kolibri
CVE-2014-4156
	RESERVED
CVE-2014-4155 (Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 ...)
	NOT-FOR-US: ZTE router
CVE-2014-4154 (ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores ...)
	NOT-FOR-US: ZTE router
CVE-2014-4153 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-4152 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-4151 (The av-centerd SOAP service in AlienVault OSSIM before 4.8.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-4149 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, ...)
	NOT-FOR-US: Microsoft
CVE-2014-4148 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4147
	REJECTED
CVE-2014-4146
	REJECTED
CVE-2014-4145 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4144
	REJECTED
CVE-2014-4143 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4142
	REJECTED
CVE-2014-4141 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2014-4140 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2014-4139
	REJECTED
CVE-2014-4138 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-4137 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-4136
	REJECTED
CVE-2014-4135
	REJECTED
CVE-2014-4134 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2014-4133 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-4132 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4131
	REJECTED
CVE-2014-4130 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4129 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4128 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4127 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4126 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4125
	REJECTED
CVE-2014-4124 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4123 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4122 (Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR ...)
	NOT-FOR-US: Microsoft
CVE-2014-4121 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4120
	REJECTED
CVE-2014-4119
	REJECTED
CVE-2014-4118 (XML Core Services (aka MSXML) 3.0 in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4117 (Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2014-4116 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2014-4115 (fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft
CVE-2014-4114 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2014-4113 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4112 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4111 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4110 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4109 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4108 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4107 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4106 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4105 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4104 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4103 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4102 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4101 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4100 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4099 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4098 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4097 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4096 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4095 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4094 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4093 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4092 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4091 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4090 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4089 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4088 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4087 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4086 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4085 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4084 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4083 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4082 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4081 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4080 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4079 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4078 (The IP Security feature in Microsoft Internet Information Services ...)
	NOT-FOR-US: Microsoft
CVE-2014-4077 (Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2014-4076 (Microsoft Windows Server 2003 SP2 allows local users to gain ...)
	NOT-FOR-US: Microsoft
CVE-2014-4075 (Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in ...)
	NOT-FOR-US: Microsoft
CVE-2014-4074 (The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2014-4073 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4072 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4, ...)
	NOT-FOR-US: Microsoft
CVE-2014-4071 (The Server in Microsoft Lync Server 2013 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-4070 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-4069
	REJECTED
CVE-2014-4068 (The Response Group Service in Microsoft Lync Server 2010 and 2013 and ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-4067 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4066 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4065 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4064 (The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2014-4063 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4062 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, and 3.5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2014-4061 (Microsoft SQL Server 2008 SP3, 2008 R2 SP2, and 2012 SP1 does not ...)
	NOT-FOR-US: Microsoft
CVE-2014-4060 (Use-after-free vulnerability in MCPlayer.dll in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2014-4059 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4058 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4057 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4056 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4055 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4054
	REJECTED
CVE-2014-4053
	REJECTED
CVE-2014-4052 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4051 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4050 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-4042
	RESERVED
CVE-2014-4041
	RESERVED
CVE-2014-4040 (snap in powerpc-utils 1.2.20 produces an archive with fstab and ...)
	- powerpc-utils 1.3.1-2 (unimportant)
	NOTE: SuSE decided to put/display a warning about the possibility to of
	NOTE: containing cleartext passwords in the produced archive containing fstab
	NOTE: and yaboot.conf
	NOTE: 1.3.1-2 upload removed /usr/sbin/snap from the installed binary package
CVE-2014-4039 (ppc64-diag 2.6.1 uses 0775 permissions for /tmp/diagSEsnap and does ...)
	- ppc64-diag 2.7.1-5
	NOTE: SuSE Patch: https://bugzilla.novell.com/attachment.cgi?id=599147
CVE-2014-4038 (ppc64-diag 2.6.1 allows local users to overwrite arbitrary files via a ...)
	- ppc64-diag 2.7.1-5
	NOTE: Issue partially fixed in 2.7.1-1, but not all parts fixed
	NOTE: SuSE Patch: https://bugzilla.novell.com/attachment.cgi?id=599147
CVE-2014-4037 (Cross-site scripting (XSS) vulnerability in ...)
	- fckeditor <removed> (low; bug #752873)
	[wheezy] - fckeditor <no-dsa> (Minor issue)
	[squeeze] - fckeditor <no-dsa> (Minor issue)
	- docvert <removed>
	[wheezy] - docvert <no-dsa> (Minor issue)
	[squeeze] - docvert <no-dsa> (Minor issue)
	- moin <not-affected> (unused emebdded copy)
	- knowledgeroot <not-affected> (unused embedded copy)
CVE-2014-4036 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
	NOT-FOR-US: ImpressCMS
CVE-2014-4035 (Cross-site scripting (XSS) vulnerability in booking_details.php in ...)
	NOT-FOR-US: Advance Hotel Booking System
CVE-2014-4034 (SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 ...)
	NOT-FOR-US: ZeroCMS
CVE-2014-4033 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Epignosis eFront
CVE-2014-4032 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Fiyo CMS
CVE-2014-4031 (The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-4030 (Cross-site request forgery (CSRF) vulnerability in the JW Player ...)
	NOT-FOR-US: WordPress plugin JW Player
CVE-2014-4029
	RESERVED
CVE-2014-4028
	RESERVED
CVE-2014-4026
	RESERVED
CVE-2014-4025
	RESERVED
CVE-2014-4024 (SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-4023 (Cross-site scripting (XSS) vulnerability in tmui/dashboard/echo.jsp in ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-4022 (The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x, ...)
	- xen <not-affected> (Only 32- and 64-bit ARM systems from Xen 4.4 onwards)
CVE-2014-4019
	RESERVED
CVE-2014-4018 (The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a ...)
	NOT-FOR-US: ZTE router
CVE-2010-5301 (Stack-based buffer overflow in Kolibri 2.0 allows remote attackers to ...)
	NOT-FOR-US: Kolibri
CVE-2010-5300 (Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows ...)
	NOT-FOR-US: www.jzip.com
	NOTE: This is the jzip Z-code interpreter in Debian.
CVE-2014-4168 ((1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote ...)
	{DSA-2964-1}
	- iodine 0.6.0~rc1-19 (bug #751834)
	[squeeze] - iodine 0.6.0~rc1-2+deb6u1
	NOTE: https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850
CVE-2014-4167 (The L3-agent in OpenStack Neutron before 2013.2.4, 2014.x before ...)
	- neutron 2014.1.1-1 (bug #752021)
	NOTE: https://launchpad.net/bugs/1309195
CVE-2014-4157 (arch/mips/include/asm/thread_info.h in the Linux kernel before 3.14.8 ...)
	{DLA-103-1}
	- linux 3.14.7-1 (bug #751417)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <not-affected> (squeeze-lts only covers x86)
CVE-2014-4049 (Heap-based buffer overflow in the php_parserr function in ...)
	{DSA-2961-1 DLA-0010-1}
	- php5 5.6.0~beta4+dfsg-3 (bug #751364)
	[squeeze] - php5 5.3.3-7+squeeze20
	NOTE: https://github.com/php/php-src/commit/b34d7849ed90ced9345f8ea1c59bc8d101c18468
CVE-2014-4048 (The PJSIP Channel Driver in Asterisk Open Source before 12.3.1 allows ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-008.html
CVE-2014-4047 (Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and ...)
	- asterisk 1:11.10.2~dfsg-1 (low)
	[wheezy] - asterisk 1:1.8.13.1~dfsg1-3+deb7u4
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-007.html
CVE-2014-4046 (Asterisk Open Source 11.x before 11.10.1 and 12.x before 12.3.1 and ...)
	{DLA-455-1}
	- asterisk 1:11.10.2~dfsg-1 (low)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-006.html
CVE-2014-4045 (The Publish/Subscribe Framework in the PJSIP channel driver in ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-005.html
CVE-2014-4044 (OpenAFS 1.6.8 does not properly clear the fields in the host structure, ...)
	- openafs 1.6.9-1
	[wheezy] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
	[squeeze] - openafs <not-affected> (Vulnerable code introduced in 1.6.8)
CVE-2014-4043 (The posix_spawn_file_actions_addopen function in glibc before 2.20 ...)
	{DSA-3169-1 DLA-165-1}
	- eglibc <removed>
	- glibc 2.19-2 (low; bug #751774)
CVE-2014-4021 (Xen 3.2.x through 4.4.x does not properly clean memory pages recovered ...)
	{DSA-3006-1}
	- xen 4.4.1-1 (bug #751894)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-4020 (The dissect_frame function in epan/dissectors/packet-frame.c in the ...)
	- wireshark 1.10.8-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.0 to 1.10.7)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-07.html
CVE-2014-4017 (Cross-site scripting (XSS) vulnerability in the Conversion Ninja ...)
	NOT-FOR-US: WordPress plugin conversionninja
CVE-2014-4016
	RESERVED
CVE-2014-4015
	RESERVED
CVE-2014-4013 (SQL injection vulnerability in the Policy Manager in Aruba Networks ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2014-4012 (SAP Open Hub Service has hardcoded credentials, which makes it easier ...)
	NOT-FOR-US: SAP
CVE-2014-4011 (SAP Capacity Leveling has hardcoded credentials, which makes it easier ...)
	NOT-FOR-US: SAP
CVE-2014-4010 (SAP Transaction Data Pool has hardcoded credentials, which makes it ...)
	NOT-FOR-US: SAP
CVE-2014-4009 (SAP CCMS Monitoring (BC-CCM-MON) has hardcoded credentials, which ...)
	NOT-FOR-US: SAP
CVE-2014-4008 (SAP Web Services Tool (CA-WUI-WST) has hardcoded credentials, which ...)
	NOT-FOR-US: SAP
CVE-2014-4007 (The SAP Upgrade tools for ABAP has hardcoded credentials, which makes ...)
	NOT-FOR-US: SAP
CVE-2014-4006 (The SAP Trader's and Scheduler's Workbench (TSW) for SAP Oil &amp; Gas has ...)
	NOT-FOR-US: SAP
CVE-2014-4005 (SAP Brazil add-on has hardcoded credentials, which makes it easier for ...)
	NOT-FOR-US: SAP
CVE-2014-4004 (The (1) Structures and (2) Project-Oriented Procurement components in ...)
	NOT-FOR-US: SAP
CVE-2014-4003 (The System Landscape Directory (SLD) in SAP NetWeaver allows remote ...)
	NOT-FOR-US: SAP
CVE-2014-4002 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-6 (bug #752573)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #752573)
CVE-2014-4001
	RESERVED
CVE-2014-4000 (Cacti before 1.0.0 allows remote authenticated users to conduct PHP ...)
	- cacti 0.8.8e+ds1-1 (low)
	[jessie] - cacti 0.8.8b+dfsg-8+deb8u2
	[wheezy] - cacti 0.8.8a+dfsg-5+deb7u6
	NOTE: http://www.cacti.net/release_notes_1_0_0.php
	NOTE: http://bugs.cacti.net/view.php?id=2452 (not accessible: marked as security issue)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7731
	NOTE: This CVE was fixed by introduction of the function sanitize_unserialize_selected_items
	NOTE: in version 0.8.8e and calling it instead of unserialize(stripslashes()).
	NOTE: Affected files require authenticated users.
CVE-2014-3999 (The Horde_Ldap library before 2.0.6 for Horde allows remote attackers ...)
	- php-horde-ldap 2.0.6-1
CVE-2014-3998
	RESERVED
CVE-2014-3997 (SQL injection vulnerability in the MetadataServlet servlet in ...)
	NOT-FOR-US: Password Manager Pro
CVE-2014-3996 (SQL injection vulnerability in the LinkViewFetchServlet servlet in ...)
	NOT-FOR-US: Password Manager Pro
CVE-2014-3993
	RESERVED
CVE-2014-3992 (Multiple SQL injection vulnerabilities in Dolibarr ERP/CRM 3.5.3 allow ...)
	- dolibarr 3.5.4+dfsg2-1 (bug #755531)
CVE-2014-3991 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ...)
	- dolibarr 3.5.5+dfsg1-1
CVE-2014-3990 (The Cart::getProducts method in system/library/cart.php in OpenCart ...)
	NOT-FOR-US: OpenCart
CVE-2014-3989
	RESERVED
CVE-2014-3988 (Cross-site scripting (XSS) vulnerability in index.php in SunHater ...)
	NOT-FOR-US: SunHater KCFinder
CVE-2014-3987
	RESERVED
CVE-2014-3984 (Multiple unspecified vulnerabilities in Libav before 0.8.12 allow ...)
	- libav 6:0.8.12-1
	NOTE: Fairly pointless CVE assignment...
CVE-2014-4150 [Insecure use of temporary file]
	RESERVED
	{DLA-0006-1}
	- scheme48 1.9-4 (bug #748766)
	[wheezy] - scheme48 1.8+dfsg-1+deb7u1
	[squeeze] - scheme48 1.8+dfsg-1+deb6u1
CVE-2014-4027 (The rd_build_device_space function in drivers/target/target_core_rd.c ...)
	- linux 3.14.2-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.38)
	NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4442dc8a92b8f9ad8ee9e7f8438f4c04c03a22dc
CVE-2014-4014 (The capabilities implementation in the Linux kernel before 3.14.8 does ...)
	- linux 3.14.7-1
	[wheezy] - linux <not-affected> (User namespaces only usable in later kernels)
	- linux-2.6 <not-affected> (User namespaces only usable in later kernels)
	NOTE: fixing commit https://git.kernel.org/linus/23adbe12ef7d3d4195e80800ab36b37bee28cd03
CVE-2014-3986 (include/tests_webservers in Lynis before 1.5.5 allows local users to ...)
	- lynis 1.5.5-1 (bug #751083)
	[squeeze] - lynis <no-dsa> (Minor issue)
	[wheezy] - lynis <no-dsa> (Minor issue)
CVE-2014-3995 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Djblets
CVE-2014-3994 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Djblets
CVE-2014-3983
	RESERVED
CVE-2014-3982 (include/tests_webservers in Lynis before 1.5.5 on AIX allows local ...)
	- lynis <not-affected> (Specific to AIX)
CVE-2014-3981 (acinclude.m4, as used in the configure script in PHP 5.5.13 and ...)
	- php5 5.6.0~rc1+dfsg-1 (unimportant)
	NOTE: Only exploitable during package build
CVE-2014-3979
	RESERVED
	NOT-FOR-US: Bytemark Symbiosis
CVE-2014-3978 (SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote ...)
	NOT-FOR-US: TomatoCart
CVE-2014-3977 (libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to ...)
	NOT-FOR-US: IBM AIX
CVE-2014-3976 (Buffer overflow in A10 Networks Advanced Core Operating System (ACOS) ...)
	NOT-FOR-US: A10 Networks Advanced Core Operating System
CVE-2014-3975 (Absolute path traversal vulnerability in filemanager.php in AuraCMS ...)
	NOT-FOR-US: AuraCMS
CVE-2014-3974 (Cross-site scripting (XSS) vulnerability in filemanager.php in AuraCMS ...)
	NOT-FOR-US: AuraCMS
CVE-2014-3973 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
	- frontaccounting 2.3.21-1 (bug #751867)
	[squeeze] - frontaccounting <no-dsa> (Minor issue)
	[wheezy] - frontaccounting <no-dsa> (Minor issue)
CVE-2014-3972 (Directory traversal vulnerability in Apexis APM-J601-WS cameras with ...)
	NOT-FOR-US: Apexis cameras
CVE-2014-3971 (The CmdAuthenticate::_authenticateX509 function in ...)
	- mongodb <not-affected> (X.509 certifictate authentication introduced in 2.6.x)
	NOTE: https://jira.mongodb.org/browse/SERVER-13753
	NOTE: https://github.com/mongodb/mongo/commit/c151e0660b9736fe66b224f1129a16871165251b
CVE-2014-3965
	RESERVED
CVE-2014-3964
	RESERVED
CVE-2014-3963 (ownCloud Server before 6.0.1 does not properly check permissions, ...)
	- owncloud 6.0.1+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-009/
CVE-2014-3962 (Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote ...)
	NOT-FOR-US: Videos Tube
CVE-2014-3961 (SQL injection vulnerability in the Export CSV page in the Participants ...)
	NOT-FOR-US: WordPress plugin Participants Database
CVE-2014-3960 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
	NOT-FOR-US: OpenNMS
CVE-2014-3980 (libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in ...)
	- libfep <itp> (bug #658575)
CVE-2014-3959 (Cross-site scripting (XSS) vulnerability in list.jsp in the ...)
	NOT-FOR-US: F5
CVE-2014-3958
	RESERVED
CVE-2014-3957
	RESERVED
CVE-2014-3955 (routed in FreeBSD 8.4 through 10.1-RC2 allows remote attackers to ...)
	NOT-FOR-US: FreeBSD routed
CVE-2014-3954 (Stack-based buffer overflow in rtsold in FreeBSD 9.1 through 10.1-RC2 ...)
	NOT-FOR-US: FreeBSD rtsold
CVE-2014-3953 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 ...)
	{DSA-3070-1}
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 <removed> (bug #754237)
	- kfreebsd-10 10.1~svn272463-1
CVE-2014-3952 (FreeBSD 8.4 before p14, 9.1 before p17, 9.2 before p10, and 10.0 ...)
	{DSA-3070-1}
	- kfreebsd-8 <removed>
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-8 <no-dsa> (kfreebsd-8 only a test kernel, will be fixed in a point update)
	- kfreebsd-9 <removed> (bug #754236)
	- kfreebsd-10 10.1~svn272463-1
CVE-2014-3951 (The HZ module in the iconv implementation in FreeBSD 10.0 before p6 ...)
	NOT-FOR-US: iconv system library of FreeBSD and NetBSD
CVE-2014-3950
	RESERVED
CVE-2014-3949 (Cross-site scripting (XSS) vulnerability in the layout wizard in the ...)
	NOT-FOR-US: TYPO3 extension gridelements
CVE-2014-3948 (Cross-site scripting (XSS) vulnerability in the HTML export wizard in ...)
	NOT-FOR-US: TYPO3 extension powermail
CVE-2014-3947 (Unrestricted file upload vulnerability in the powermail extension ...)
	NOT-FOR-US: TYPO3 extension powermail
CVE-2014-3939 (Heap-based buffer overflow in Autodesk SketchBook Pro before 6.2.6 ...)
	NOT-FOR-US: Autodesk SketchBook Pro
CVE-2014-3938 (Integer overflow in Autodesk SketchBook Pro before 6.2.6 allows remote ...)
	NOT-FOR-US: Autodesk Sketchbook Pro
CVE-2014-3937 (SQL injection vulnerability in the Contextual Related Posts plugin ...)
	NOT-FOR-US: WordPress plugin contextual-related-posts
CVE-2014-3936 (Stack-based buffer overflow in the do_hnap function in www/my_cgi.cgi ...)
	NOT-FOR-US: D-Link
CVE-2014-3935 (SQL injection vulnerability in glossaire-aff.php in the Glossaire ...)
	NOT-FOR-US: XOOPS module Glossaire
CVE-2014-3934 (SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2014-3933 (Cross-site scripting (XSS) vulnerability in the address components ...)
	NOT-FOR-US: Drupal module AddressField Tokens
CVE-2014-3932 (SQL injection vulnerability in the device registration component in ...)
	NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2014-3931 (fastping.c in MRLG (aka Multi-Router Looking Glass) before 5.5.0 ...)
	NOT-FOR-US: Multi-Router Looking Glass
CVE-2014-3930 (lg.pl in Cistron-LG 1.01 stores sensitive information under the web ...)
	NOT-FOR-US: Cistron-LG
CVE-2014-3929 (The default configuration for Cougar-LG stores sensitive information ...)
	NOT-FOR-US: Cougar-LG
CVE-2014-3928 (Cougar-LG stores sensitive information under the web root with ...)
	NOT-FOR-US: Cougar-LG
CVE-2014-3927 (mrlg-lib.php in mrlg4php before 1.0.8 allows remote attackers to ...)
	NOT-FOR-US: mrlg4php
CVE-2014-3926 (Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 ...)
	NOT-FOR-US: Cougar LG
CVE-2014-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Webmin before ...)
	NOT-FOR-US: Webmin
CVE-2014-3923 (Multiple cross-site scripting (XSS) vulnerabilities in the Digital ...)
	NOT-FOR-US: WordPress plugin Digital Zoom Studio Video Gallery
CVE-2014-3922 (Cross-site scripting (XSS) vulnerability in Trend Micro InterScan ...)
	NOT-FOR-US: Trend Micro InterScan
CVE-2014-3921 (Cross-site scripting (XSS) vulnerability in popup.php in the Simple ...)
	NOT-FOR-US: WordPress plugin Simple Popup Images
CVE-2013-7387 (Session fixation vulnerability in DataLife Engine (DLE) 9.7 and ...)
	NOT-FOR-US: DataLife Engine
CVE-2011-5280 (Multiple stack-based buffer overflows in BOINC 6.13.x allow remote ...)
	- boinc 7.0.2+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
CVE-2014-3969 (Xen 4.4.x, when running on an ARM system, does not properly check ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3970 (The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv ...)
	- pulseaudio 5.0-3 (low)
	[squeeze] - pulseaudio <no-dsa> (Minor issue)
	[wheezy] - pulseaudio <no-dsa> (Minor issue)
	NOTE: http://lists.freedesktop.org/archives/pulseaudio-discuss/2014-May/020740.html
CVE-2014-3968 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x allows ...)
	- xen 4.4.1-1 (bug #757724)
	[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
	[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
CVE-2014-3967 (The HVMOP_inject_msi function in Xen 4.2.x, 4.3.x, and 4.4.x does not ...)
	- xen 4.4.1-1 (bug #757724)
	[wheezy] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
	[squeeze] - xen <not-affected> (Xen versions from 4.2 onwards are vulnerable)
CVE-2014-3966 (Cross-site scripting (XSS) vulnerability in Special:PasswordReset in ...)
	{DSA-2957-1}
	- mediawiki 1:1.19.16+dfsg-1 (low; bug #750527)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=65501
CVE-2014-3956 (The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has ...)
	- sendmail 8.14.4-6 (low; bug #750562)
	[wheezy] - sendmail 8.14.4-4+deb7u1
	[squeeze] - sendmail <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2014/06/03/1
CVE-2014-3940 (The Linux kernel through 3.14.5 does not properly consider the ...)
	- linux 3.14.7-1 (low)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <not-affected> (Only exploitable in 3.12 and later)
CVE-2014-3925 (sosreport in Red Hat sos 1.7 and earlier on Red Hat Enterprise Linux ...)
	- sosreport <not-affected> (RedHat-specific issue)
CVE-2014-3920 (Cross-site request forgery (CSRF) vulnerability in Kanboard before ...)
	- kanboard <itp> (bug #790814)
CVE-2014-3919
	RESERVED
CVE-2014-3918
	RESERVED
CVE-2014-3916 (The str_buf_cat function in string.c in Ruby 1.9.3, 2.0.0, and 2.1 ...)
	- ruby2.1 <removed> (unimportant)
	- ruby2.0 <removed> (unimportant)
	- ruby1.9.1 <removed> (unimportant)
	- ruby1.8 <removed> (unimportant)
	NOTE: Only exploitable on Windows
CVE-2014-3915 (The userRequest servlet in the Admin Center for Tivoli Storage Manager ...)
	NOT-FOR-US: Rocket Servergraph
CVE-2014-3914 (Directory traversal vulnerability in the Admin Center for Tivoli ...)
	NOT-FOR-US: Rocket ServerGraph
CVE-2014-3913 (Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow ...)
	NOT-FOR-US: Ericom AccessNow Server
CVE-2014-3912 (Stack-based buffer overflow in the FindConfigChildeKeyList method in ...)
	NOT-FOR-US: Samsung iPOLiS Device Manager
CVE-2014-3911 (Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to ...)
	NOT-FOR-US: Samsung iPOLiS Device Manager
CVE-2014-3910 (Emurasoft EmFTP allows local users to gain privileges via a Trojan ...)
	NOT-FOR-US: Emurasoft EmFTP
CVE-2014-3909 (Session fixation vulnerability in Falcon WisePoint 4.1.19.7 and ...)
	NOT-FOR-US: Falcon WisePoint
CVE-2014-3908 (The Amazon.com Kindle application before 4.5.0 for Android does not ...)
	NOT-FOR-US: Amazon.com Kindle application
CVE-2014-3907 (Cross-site request forgery (CSRF) vulnerability in the MailPoet ...)
	NOT-FOR-US: MailPoet Newsletters (wysija-newsletters) plugin for WordPress
CVE-2014-3906 (SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2014-3905 (Cross-site scripting (XSS) vulnerability in tenfourzero Shutter 0.1.4 ...)
	NOT-FOR-US: tenfourzero Shutter
CVE-2014-3904 (SQL injection vulnerability in lib/admin.php in tenfourzero Shutter ...)
	NOT-FOR-US: tenfourzero Shutter
CVE-2014-3903 (Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x ...)
	NOT-FOR-US: Cakifo theme for WordPress
CVE-2014-3902 (The CyberAgent Ameba application 3.x and 4.x before 4.5.0 for Android ...)
	NOT-FOR-US: CyberAgent Ameba application
CVE-2014-3901 (Raritan Japan Dominion KX2-101 switches before 2 allow remote ...)
	NOT-FOR-US: Raritan Japan Dominion KX2-101 switches
CVE-2014-3900 (Cross-site scripting (XSS) vulnerability in admin/picture_modify.php ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-3899 (Gretech GOM Player 2.2.51.5149 and earlier allows remote attackers to ...)
	NOT-FOR-US: Gretech GOM Player
CVE-2014-3898 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView ...)
	NOT-FOR-US: Fujitsu ServerView Operations Manager
CVE-2014-3897 (Cross-site scripting (XSS) vulnerability in Homepage Decorator ...)
	NOT-FOR-US: Homepage Decorator PerlMailer
CVE-2014-3896 (Multiple cross-site request forgery (CSRF) vulnerabilities in CGI ...)
	NOT-FOR-US: Seeds acmailer
CVE-2014-3895 (The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, ...)
	NOT-FOR-US: I-O DATA camera firmware
CVE-2014-3894 (Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional ...)
	NOT-FOR-US: PHP Kobo Multifunctional MailForm
CVE-2014-3893
	RESERVED
CVE-2014-3892 (Cross-site scripting (XSS) vulnerability in Nexa Meridian before 2014 ...)
	NOT-FOR-US: Nexa Meridian
CVE-2014-3891 (Buffer overflow in RimArts Becky! Internet Mail before 2.68 allows ...)
	NOT-FOR-US: RimArts Becky! Internet Mail
CVE-2014-3890 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
	NOT-FOR-US: silex device
CVE-2014-3889 (silex SX-2000WG devices with firmware before 1.5.4 allow remote ...)
	NOT-FOR-US: silex device
CVE-2014-3888 (Stack-based buffer overflow in BKFSim_vhfd.exe in Yokogawa CENTUM CS ...)
	NOT-FOR-US: Yokogawa
CVE-2014-3887 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk ...)
	NOT-FOR-US: I-O DATA DEVICE
CVE-2014-3886 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when ...)
	NOT-FOR-US: Webmin
CVE-2014-3885 (Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows ...)
	NOT-FOR-US: Webmin
CVE-2014-3884 (Cross-site scripting (XSS) vulnerability in Usermin before 1.600 ...)
	NOT-FOR-US: Usermin
CVE-2014-3883 (Usermin before 1.600 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Usermin
CVE-2014-3882 (Cross-site request forgery (CSRF) vulnerability in the Login rebuilder ...)
	NOT-FOR-US: WordPress plugin login-rebuilder
CVE-2014-3881 (Cross-site request forgery (CSRF) vulnerability in Intercom Web ...)
	NOT-FOR-US: Intercom Web Kyukincho
CVE-2014-3880 (The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 ...)
	{DSA-2952-1}
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (Will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 <removed>
	- kfreebsd-10 10.0-6
CVE-2014-3879
	RESERVED
CVE-2014-3878 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2014-3877 (Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, ...)
	{DLA-68-1}
	- fex 20140530-1
	[wheezy] - fex <no-dsa> (non-free not supported)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3876 (Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast ...)
	{DLA-68-1}
	- fex 20140530-1
	[wheezy] - fex <no-dsa> (non-free not supported)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3875
	RESERVED
	{DLA-68-1}
	- fex 20140530-1
	[wheezy] - fex <no-dsa> (non-free not supported)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-22.txt
CVE-2014-3874
	RESERVED
CVE-2014-3873 (The ktrace utility in the FreeBSD kernel 8.4 before p11, 9.1 before ...)
	- kfreebsd-8 <removed>
	- kfreebsd-9 <removed> (bug #750493)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-9 <not-affected> (introduced by the merge of r237663)
	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
CVE-2014-3872 (Multiple SQL injection vulnerabilities in the administration login ...)
	NOT-FOR-US: D-Link firmware
CVE-2014-3871 (Multiple SQL injection vulnerabilities in register.php in Geodesic ...)
	NOT-FOR-US: GeodesicSolutions
CVE-2014-3869
	RESERVED
CVE-2014-3868
	RESERVED
CVE-2014-3867 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3863 (Cross-site scripting (XSS) vulnerability in the JChatSocial component ...)
	NOT-FOR-US: Joomla! component JChatSocial
CVE-2014-3862 (CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: HL7 C-CDA
CVE-2014-3861 (Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 ...)
	NOT-FOR-US: HL7 C-CDA
CVE-2014-3860
	RESERVED
CVE-2014-3859 (libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS ...)
	- bind9 <not-affected> (Only affects 9.10.0, 9.10.0-P1)
	NOTE: https://kb.isc.org/article/AA-01166
CVE-2014-3858
	RESERVED
CVE-2014-3857 (Multiple SQL injection vulnerabilities in Kerio Control Statistics in ...)
	NOT-FOR-US: Kerio Control
CVE-2014-3856
	RESERVED
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1437
CVE-2014-3855 (Directory traversal vulnerability in download.py in Pyplate 0.08 ...)
	NOT-FOR-US: Pyplate
CVE-2014-3854 (Cross-site request forgery (CSRF) vulnerability in admin/addScript.py ...)
	NOT-FOR-US: Pyplate
CVE-2014-3853 (Pyplate 0.08 does not set the secure flag for the id cookie in an ...)
	NOT-FOR-US: Pyplate
CVE-2014-3852 (Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header ...)
	NOT-FOR-US: Pyplate
CVE-2014-3851 (usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses ...)
	NOT-FOR-US: Pyplate
CVE-2014-3850 (Cross-site request forgery (CSRF) vulnerability in the Member Approval ...)
	NOT-FOR-US: WordPress plugin Member Approval 131109
CVE-2014-3849 (The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3848 (The iMember360 plugin before 3.9.001 for WordPress does not properly ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3847
	RESERVED
CVE-2014-3845 (Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color ...)
	NOT-FOR-US: WordPress plugin TinyMCE Color Picker
CVE-2014-3844 (The TinyMCE Color Picker plugin before 1.2 for WordPress does not ...)
	NOT-FOR-US: WordPress plugin TinyMCE Color Picker
CVE-2014-3843 (Cross-site request forgery (CSRF) vulnerability in the Search ...)
	NOT-FOR-US: WordPress plugin Search Everything
CVE-2014-3842 (Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 ...)
	NOT-FOR-US: WordPress plugin iMember360
CVE-2014-3841 (Cross-site scripting (XSS) vulnerability in the Contact Bank plugin ...)
	NOT-FOR-US: WordPress plugin Contact Bank
CVE-2012-6648 (gdm/guest-session-cleanup.sh in gdm-guest-session 0.24 and earlier, as ...)
	NOT-FOR-US: gdm-guest-session (Ubuntu-specific)
CVE-2010-5299 (Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote ...)
	NOT-FOR-US: MicroP
CVE-2014-3946 (The query caching functionality in the Extbase Framework component in ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3945 (The Authentication component in TYPO3 before 6.2, when salting for ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3944 (The Authentication component in TYPO3 6.2.0 before 6.2.3 does not ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3943 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3942 (The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3941 (TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, ...)
	{DSA-2942-1}
	- typo3-src 4.5.34+dfsg1-1 (bug #749215)
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-3917 (kernel/auditsc.c in the Linux kernel through 3.14.5, when ...)
	{DLA-0015-1}
	- linux 3.14.7-1
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: http://article.gmane.org/gmane.linux.kernel/1713179
CVE-2014-3865 (Multiple directory traversal vulnerabilities in dpkg-source in ...)
	{DSA-2953-1}
	- dpkg 1.17.10 (bug #749183)
CVE-2014-3864 (Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 ...)
	{DSA-2953-1}
	- dpkg 1.17.10 (bug #746498)
CVE-2014-3870 (Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 ...)
	NOT-FOR-US: WordPress plugin bib2html
CVE-2014-3866 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: userCake
CVE-2014-3846 (Cross-site scripting (XSS) vulnerability in Flying Cart allows remote ...)
	NOT-FOR-US: Flying Cart
CVE-2014-3839 [owncloud: Deserialization of Untrusted Data in core]
	RESERVED
	- owncloud 6.0.3+dfsg-1
CVE-2014-3838 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not properly ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-016/
CVE-2014-3837 (The document application in ownCloud Server before 6.0.3 uses ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-015/
CVE-2014-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-014/
CVE-2014-3835 (ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-012/
CVE-2014-3834 (ownCloud Server before 6.0.3 does not properly check permissions, ...)
	- owncloud 6.0.3+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-011/
	NOTE: http://owncloud.org/about/security/advisories/oc-sa-2014-013/
CVE-2014-3833 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery ...)
	- owncloud 6.0.3+dfsg-2
CVE-2014-3832 (Cross-site scripting (XSS) vulnerability in the Documents component in ...)
	- owncloud 6.0.3+dfsg-2
CVE-2014-3831
	REJECTED
CVE-2014-3830 (Cross-site scripting (XSS) vulnerability in info.php in TomatoCart ...)
	NOT-FOR-US: TomatoCart
CVE-2014-3829 (displayServiceStatus.php in Centreon 2.5.1 and Centreon Enterprise ...)
	NOT-FOR-US: Centreon
CVE-2014-3828 (Multiple SQL injection vulnerabilities in Centreon 2.5.1 and Centreon ...)
	NOT-FOR-US: Centreon
CVE-2014-3827
	RESERVED
CVE-2014-3826
	RESERVED
CVE-2014-3825 (The Juniper SRX Series devices with Junos 11.4 before 11.4R12-S4, ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3824 (Cross-site scripting (XSS) vulnerability in the web server in the ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3823 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with ...)
	NOT-FOR-US: The Juniper Junos Pulse Secure Access Service
CVE-2014-3822 (Juniper Junos 11.4 before 11.4R8, 12.1 before 12.1R5, 12.1X44 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3821 (Cross-site scripting (XSS) vulnerability in SRX Web Authentication ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3820 (Cross-site scripting (XSS) vulnerability in the SSL VPN/UAC web server ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3819 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R10, 12.1X44 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3818 (Juniper Junos OS 9.1 through 11.4 before 11.4R11, 12.1 before R10, ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3817 (Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3816 (Juniper Junos 11.4 before 11.4R12, 12.1 before 12.1R11, 12.1X44 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3815 (Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-3814 (The Juniper Networks NetScreen Firewall devices with ScreenOS before ...)
	NOT-FOR-US: Juniper Networks NetScreen Firewall
CVE-2014-3813 (Unspecified vulnerability in the Juniper Networks NetScreen Firewall ...)
	NOT-FOR-US: Juniper Networks NetScreen Firewall
CVE-2014-3812 (The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2014-3811 (Juniper Installer Service (JIS) Client 7.x before 7.4R6 for Windows ...)
	NOT-FOR-US: Junos Pulse Client
CVE-2014-3810 (SQL injection vulnerability in administration/profiles.php in BoonEx ...)
	NOT-FOR-US: Dolphin (php thingy)
CVE-2014-3809
	RESERVED
	NOT-FOR-US: Alcatel Lucent
CVE-2014-3808 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-3807 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-3806 (Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo ...)
	NOT-FOR-US: VMTurbo Operations Manager
CVE-2014-3805 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-3804 (The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2014-3803 (The SpeechInput feature in Blink, as used in Google Chrome before ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3802 (msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2014-3799
	REJECTED
CVE-2014-3798
	RESERVED
CVE-2014-3797 (Cross-site scripting (XSS) vulnerability in VMware vCenter Server ...)
	NOT-FOR-US: VMware vSphere
CVE-2014-3796 (VMware NSX 6.0 before 6.0.6, and vCloud Networking and Security (vCNS) ...)
	NOT-FOR-US: VMware NSX and vCNS
CVE-2014-3795
	REJECTED
CVE-2014-3794
	REJECTED
CVE-2014-3793 (VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player ...)
	NOT-FOR-US: VMware
CVE-2014-3792 (Cross-site request forgery (CSRF) vulnerability in Beetel 450TC2 ...)
	NOT-FOR-US: Beetel Router
CVE-2014-3791 (Stack-based buffer overflow in Easy File Sharing (EFS) Web Server 6.8 ...)
	NOT-FOR-US: Easy File Sharing
CVE-2014-3790 (Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows ...)
	NOT-FOR-US: VMware vCenter Server Appliance
CVE-2014-3789 (GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-3788 (Heap-based buffer overflow in the Web Server in Cogent Real-Time ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-3787 (SAP NetWeaver 7.20 and earlier allows remote attackers to read ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-7386 (Format string vulnerability in the PROJECT::write_account_file ...)
	- boinc 7.1.10+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
	[wheezy] - boinc <no-dsa> (Minor issue)
CVE-2013-7385 (LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7384 (UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a ...)
	- unrealircd <itp> (bug #515130)
CVE-2014-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- mayan <itp> (bug #718580)
CVE-2014-3801 (OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, ...)
	- heat 2014.1-4 (bug #748824)
	NOTE: https://launchpad.net/bugs/1311223
CVE-2014-3786 (Multiple cross-site scripting (XSS) vulnerabilities in the contact ...)
	NOT-FOR-US: Pixie CMS
CVE-2014-3785
	RESERVED
CVE-2014-3784
	RESERVED
CVE-2014-3783 (SQL injection vulnerability in admin/categories.php in Dotclear before ...)
	- dotclear 2.6.3+dfsg-1
CVE-2014-3782 (Multiple incomplete blacklist vulnerabilities in the ...)
	- dotclear 2.6.3+dfsg-1
CVE-2014-3781 (The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in ...)
	- dotclear 2.6.3+dfsg-1
CVE-2014-3780 (Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 ...)
	NOT-FOR-US: Citrix
CVE-2014-3779 (Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine ...)
	NOT-FOR-US: ZOHO
CVE-2014-3778 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ARRIS modem
CVE-2014-3777 (Directory traversal vulnerability in Reportico PHP Report Designer ...)
	NOT-FOR-US: Reportico PHP Report Designer
CVE-2014-3770
	RESERVED
CVE-2014-3769
	RESERVED
CVE-2014-3768
	RESERVED
CVE-2014-3767
	RESERVED
CVE-2014-3766
	RESERVED
CVE-2014-3765
	RESERVED
CVE-2014-3764 (Cross-site scripting (XSS) vulnerability in the web-based device ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2014-3763
	RESERVED
CVE-2014-3762
	RESERVED
CVE-2014-3761 (Cross-site scripting (XSS) vulnerability in D-Link DAP 1150 with ...)
	NOT-FOR-US: D-Link DAP 1150
CVE-2014-3760 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link DAP 1150
CVE-2014-3759 (Multiple SQL injection vulnerabilities in the BibTex Publications ...)
	NOT-FOR-US: TYPO3 extension si_bibtex
CVE-2014-3758 (Cross-site scripting (XSS) vulnerability in the BibTex Publications ...)
	NOT-FOR-US: TYPO3 extension si_bibtex
CVE-2014-3757 (SQL injection vulnerability in sorter.php in the phpManufaktur kitForm ...)
	NOT-FOR-US: phpManufaktur extension
CVE-2014-3754
	RESERVED
CVE-2014-3753
	RESERVED
CVE-2014-3752 (The MiniIcpt.sys driver in G Data TotalProtection 2014 24.0.2.1 and ...)
	NOT-FOR-US: G Data TotalProtection
CVE-2014-3751
	RESERVED
CVE-2014-3750 (The Bilyoner application before 2.3.1 for Android and before 4.6.2 for ...)
	NOT-FOR-US: Bilyoner for Android
CVE-2014-3748
	RESERVED
CVE-2014-3747
	RESERVED
CVE-2014-3746
	RESERVED
CVE-2014-3745
	RESERVED
CVE-2014-3744 (Directory traversal vulnerability in the st module before 0.2.5 for ...)
	NOT-FOR-US: Node st module
CVE-2014-3743
	RESERVED
	- node-marked 0.3.1+dfsg-1
CVE-2014-3742 (The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js ...)
	NOT-FOR-US: hapi framework for Node.js
CVE-2014-3741 (The printDirect function in lib/printer.js in the node-printer module ...)
	NOT-FOR-US: node-printer
CVE-2014-3740 (Cross-site scripting (XSS) vulnerability in SpiceWorks before ...)
	NOT-FOR-US: SpiceWorks
CVE-2014-3737 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Storesprite
CVE-2014-3736
	RESERVED
CVE-2014-3735 (ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers ...)
	NOT-FOR-US: Intel Ideo Video
CVE-2014-3734
	RESERVED
CVE-2014-3733
	RESERVED
CVE-2014-3732
	RESERVED
CVE-2014-3731
	RESERVED
CVE-2014-3729
	RESERVED
CVE-2014-3728
	RESERVED
CVE-2014-3727
	RESERVED
CVE-2014-3726
	RESERVED
CVE-2014-3725
	RESERVED
CVE-2014-3724
	RESERVED
CVE-2014-3723
	RESERVED
CVE-2014-3722
	RESERVED
CVE-2014-3721
	RESERVED
CVE-2014-3720
	RESERVED
CVE-2014-3718
	RESERVED
CVE-2014-3713
	RESERVED
CVE-2014-3712 (Katello allows remote attackers to cause a denial of service (memory ...)
	NOT-FOR-US: Katello
CVE-2014-3711 (namei in FreeBSD 9.1 through 10.1-RC2 allows remote attackers to cause ...)
	{DSA-3070-1}
	- kfreebsd-9 <removed> (bug #766275)
	- kfreebsd-10 10.1~svn273874-1 (bug #766278)
	[experimental] - kfreebsd-11 11.0~svn284956-1 (bug #766279)
CVE-2014-3710 (The donote function in readelf.c in file through 5.20, as used in the ...)
	{DSA-3074-1 DSA-3072-1 DLA-94-1 DLA-86-1}
	- file 1:5.20-2 (bug #768806)
	NOTE: Upstream fix: https://github.com/file/file/commit/39c7ac1106be844a5296d3eb5971946cc09ffda0
	- php5 5.6.3+dfsg-1 (bug #768807)
	NOTE: https://bugs.php.net/bug.php?id=68283
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=1803228597e82218a8c105e67975bc50e6f5bf0d (PHP 5.4 branch)
CVE-2014-3709 (The org.keycloak.services.resources.SocialResource.callback method in ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3708 (OpenStack Compute (Nova) before 2014.1.4 and 2014.2.x before 2014.2.1 ...)
	- nova 2014.1.3-6 (low)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: affected versions up to 2014.1.3, and 2014.2
CVE-2014-3707 (The curl_easy_duphandle function in libcurl 7.17.1 through 7.38.0, ...)
	{DSA-3069-1 DLA-84-1}
	- curl 7.38.0-3
	NOTE: http://curl.haxx.se/docs/adv_20141105.html
	NOTE: Upstream commit: https://github.com/bagder/curl/commit/b3875606925536f82fc61f3114ac42f29eaf6945
CVE-2014-3706 (ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle ...)
	NOT-FOR-US: ovirt-engine
CVE-2014-3705
	RESERVED
CVE-2014-3704 (The expandArguments function in the database abstraction API in Drupal ...)
	{DSA-3051-1}
	- drupal7 7.32-1 (bug #765507)
	- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2014-3703 (OpenStack PackStack 2012.2.1, when the Open vSwitch (OVS) monolithic ...)
	NOT-FOR-US: Red Hat Openstack 4 Neutron
CVE-2014-3702 (Directory traversal vulnerability in eNovance eDeploy allows remote ...)
	- edeploy <itp> (bug #717664)
CVE-2014-3701
	RESERVED
	- edeploy <itp> (bug #717664)
CVE-2014-3700
	RESERVED
	- edeploy <itp> (bug #717664)
CVE-2014-3699
	RESERVED
	- edeploy <itp> (bug #717664)
CVE-2014-3698 (The jabber_idn_validate function in jutil.c in the Jabber protocol ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3697 (Absolute path traversal vulnerability in the untar_block function in ...)
	- pidgin <not-affected> (Windows specific)
CVE-2014-3696 (nmevent.c in the Novell GroupWise protocol plugin in libpurple in ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3695 (markup.c in the MXit protocol plugin in libpurple in Pidgin before ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3694 (The (1) bundled GnuTLS SSL/TLS plugin and the (2) bundled OpenSSL ...)
	{DSA-3055-1}
	- pidgin 2.10.10-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2014-3693 (Use-after-free vulnerability in the socket manager of Impress Remote ...)
	- libreoffice 1:4.3.3~rc2~git20141011-1
	[wheezy] - libreoffice <not-affected> (Introduced in 4.0.0)
	NOTE: https://www.libreoffice.org/about-us/security/advisories/CVE-2014-3693/
CVE-2014-3692 (The customization template in Red Hat CloudForms 3.1 Management Engine ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-3691 (Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before ...)
	NOT-FOR-US: Foreman Smart Proxy
CVE-2014-3690 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: Upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d974baa398f34393db76be45f7d4d04fbdbb4a0a (v3.18-rc1)
CVE-2014-3689 (The vmware-vga driver (hw/display/vmware_vga.c) in QEMU allows local ...)
	{DSA-3067-1 DSA-3066-1}
	- qemu 2.1+dfsg-6 (bug #765496)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	[squeeze] - qemu <end-of-life>
	NOTE: Upstream's quick and easy stopgap for this issue: compile out the hardware acceleration functions which lack sanity checks.
	NOTE: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=83afa38eb20ca27e30683edc7729880e091387fc
CVE-2014-3688 (The SCTP implementation in the Linux kernel before 3.17.4 allows ...)
	{DSA-3060-1 DLA-118-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=26b87c7881006311828bb0ab271a551a62dcceb4 (v3.18-rc1)
CVE-2014-3687 (The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in ...)
	{DSA-3060-1 DLA-118-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b69040d8e39f20d5215a03502a8e8b4c6ab78395 (v3.18-rc1)
CVE-2014-3686 (wpa_supplicant and hostapd 0.7.2 through 2.2, when running with ...)
	{DSA-3052-1 DLA-147-1}
	- wpasupplicant <removed>
	- hostapd <removed>
	[squeeze] - hostapd <not-affected> (Vulnerable code not present in 0.6.10)
	- wpa 2.3-1 (bug #765352; high)
CVE-2014-3685
	REJECTED
CVE-2014-3684 (The tm_adopt function in lib/Libifl/tm.c in Terascale Open-Source ...)
	{DSA-3058-1 DLA-78-1}
	- torque 2.4.16+dfsg-1.5 (bug #763922)
	NOTE: https://github.com/adaptivecomputing/torque/commit/967cdc80150690459a47a35a658abeee0ca6e5cb
	NOTE: https://github.com/adaptivecomputing/torque/commit/f2f4c950f3d461a249111c8826da3beaafccace9
	NOTE: 2.4 is end-of-life upstream thus no patches available for that branch.
CVE-2014-3683 (Integer overflow in rsyslog before 7.6.7 and 8.x before 8.4.2 and ...)
	{DSA-3047-1 DLA-72-1}
	- rsyslog 8.4.2-1
	NOTE: http://www.rsyslog.com/remote-syslog-pri-vulnerability-cve-2014-3683/
CVE-2014-3682 (XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl ...)
	NOT-FOR-US: jBPM Designer
CVE-2014-3681 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.583 and ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3680 (Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3679 (The Monitoring plugin before 1.53.0 for Jenkins allows remote ...)
	NOT-FOR-US: Jenkins monitoring plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
CVE-2014-3678 (Cross-site scripting (XSS) vulnerability in the Monitoring plugin ...)
	NOT-FOR-US: Jenkins monitoring plugin
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-01
CVE-2014-3677 (Unspecified vulnerability in Shim might allow attackers to execute ...)
	NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3676 (Heap-based buffer overflow in Shim allows remote attackers to execute ...)
	NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3675 (Shim allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: shim (the UEFI one, not the systemd)
CVE-2014-3674 (Red Hat OpenShift Enterprise before 2.2 does not properly restrict ...)
	NOT-FOR-US: OpenShift Enterprise
CVE-2014-3673 (The SCTP implementation in the Linux kernel through 3.17.2 allows ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze9
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9de7922bc709eee2f609cd01d98aaedc4cf5ea74 (v3.18-rc1)
CVE-2014-3672 (The qemu implementation in libvirt before 1.3.0 and Xen allows local ...)
	{DLA-571-1}
	- xen 4.4.0-1
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: http://xenbits.xen.org/xsa/advisory-180.html
	NOTE: Related hardening for libvirt: https://libvirt.org/git/?p=libvirt.git;a=commit;h=0d968ad715475a1660779bcdd2c5b38ad63db4cf
	NOTE: This is hardly a vulnerability in qemu per se, but rather a problem of integrating qemu
CVE-2014-3671
	REJECTED
CVE-2014-3670 (The exif_ifd_make_value function in exif.c in the EXIF extension in ...)
	{DSA-3064-1 DLA-94-1}
	- php5 5.6.2+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68113
CVE-2014-3669 (Integer overflow in the object_custom function in ...)
	{DSA-3064-1 DLA-94-1}
	- php5 5.6.2+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68044
CVE-2014-3668 (Buffer overflow in the date_from_ISO8601 function in the mkgmtime ...)
	{DSA-3064-1 DLA-94-1}
	- php5 5.6.2+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=68027
CVE-2014-3667 (Jenkins before 1.583 and LTS before 1.565.3 does not properly prevent ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3666 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3665 (Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure ...)
	- jenkins <removed> (bug #767541)
	[jessie] - jenkins <no-dsa> (Backport not feasible, insecure feature is documented as such)
	NOTE: For jessie, the backport is too intrusive and since it's a cornercase, it's only documented,
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2014-10-30
CVE-2014-3664 (Directory traversal vulnerability in Jenkins before 1.583 and LTS ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3663 (Jenkins before 1.583 and LTS before 1.565.3 allows remote ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3662 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3661 (Jenkins before 1.583 and LTS before 1.565.3 allows remote attackers to ...)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2014-3660 (parser.c in libxml2 before 2.9.2 does not properly prevent entity ...)
	{DSA-2978-2 DSA-3057-1 DLA-151-1 DLA-80-1}
	[jessie] - libxml2 2.9.1+dfsg1-5
	- libxml2 2.9.2+dfsg1-1 (bug #765722)
	NOTE: https://www.ncsc.nl/actueel/nieuwsberichten/kwetsbaarheid-ontdekt-in-libxml2.html
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=be2a7edaf289c5da74a4f9ed3a0b6c733e775230
	NOTE: Beware the upstream patch relies on other commits not
	NOTE: available in the squeeze/wheezy version (at least cff2546f that
	NOTE: changes how the ent->checked variable is used and likely a3f1e3e5 too)
CVE-2014-3659
	REJECTED
CVE-2014-3658
	RESERVED
CVE-2014-3657 (The virDomainListPopulate function in conf/domain_conf.c in libvirt ...)
	- libvirt 1.2.9-1
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced later)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced later)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=fc22b2e74890873848b43fffae43025d22053669 (v1.2.9)
	NOTE: Introduced by: libvirt.org/git/?p=libvirt.git;a=commit;h=2c6808044408fba9ff9547ad88bb8a0f44ee21a0 (v0.10.0-rc0)
CVE-2014-3656
	RESERVED
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3655
	RESERVED
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3654 (Multiple cross-site scripting (XSS) vulnerabilities in spacewalk-java ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-3653 (Cross-site scripting (XSS) vulnerability in the template preview ...)
	- foreman <itp> (bug #663101)
	NOTE: http://projects.theforeman.org/issues/7483
	NOTE: https://github.com/sodabrew/foreman/issues/1
CVE-2014-3652
	RESERVED
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3651 (JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a ...)
	NOT-FOR-US: JBoss KeyCloak
CVE-2014-3650
	RESERVED
	NOT-FOR-US: JBoss AeroGear
CVE-2014-3649
	RESERVED
	NOT-FOR-US: JBoss AeroGear
CVE-2014-3648
	RESERVED
CVE-2014-3647 (arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=234f3ce485d54017f15cf5e0699cff4100121601
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=d1442d85cc30ea75f7d399474ca738e0bc96f715
CVE-2014-3646 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a642fc305053cc1c6e47e4f4df327895747ab485
CVE-2014-3645 (arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before ...)
	{DSA-3060-1}
	- linux 3.12.6-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bfd0a56b90005f8c8a004baf407ad90045c2b11e (v3.12-rc1)
CVE-2014-3644
	RESERVED
CVE-2014-3643
	RESERVED
	NOT-FOR-US: Jersey SAX parser
CVE-2014-3642 (vmdb/app/controllers/application_controller/performance.rb in Red Hat ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3641 (The (1) GlusterFS and (2) Linux Smbfs drivers in OpenStack Cinder ...)
	- cinder 2014.1.3-1
	NOTE: Affects version up to 2014.1.2
CVE-2014-3640 (The sosendto function in slirp/udp.c in QEMU before 2.1.2 allows local ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.1+dfsg-5 (bug #762532)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	[squeeze] - qemu <end-of-life>
	NOTE: http://lists.nongnu.org/archive/html/qemu-devel/2014-09/msg03543.html
CVE-2014-3639 (The dbus-daemon in D-Bus before 1.6.24 and 1.8.x before 1.8.8 does not ...)
	{DSA-3026-1 DLA-87-1}
	- dbus 1.8.8-1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80919
CVE-2014-3638 (The bus_connections_check_reply function in config-parser.c in D-Bus ...)
	{DSA-3026-1 DLA-87-1}
	- dbus 1.8.8-1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=81053
CVE-2014-3637 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 does ...)
	{DSA-3026-1}
	- dbus 1.8.8-1
	[squeeze] - dbus <not-affected> (Version in squeeze does not support FD passing with SCM_RIGHTS)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80559
CVE-2014-3636 (D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x before 1.8.8 allows ...)
	{DSA-3026-1}
	- dbus 1.8.8-1
	[squeeze] - dbus <not-affected> (Version in squeeze does not support FD passing with SCM_RIGHTS)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=82820
CVE-2014-3635 (Off-by-one error in D-Bus 1.3.0 through 1.6.x before 1.6.24 and 1.8.x ...)
	{DSA-3026-1}
	- dbus 1.8.8-1
	[squeeze] - dbus <not-affected> (Version in Squeeze does not support FD passing with SCM_RIGHTS)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=83622
CVE-2014-3634 (rsyslog before 7.6.6 and 8.x before 8.4.1 and sysklogd 1.5 and earlier ...)
	{DSA-3040-1 DLA-72-1}
	- rsyslog 8.4.1-1
	- inetutils 2:1.9.2.39.3a460-1
	[wheezy] - inetutils <no-dsa> (Minor issue)
	[squeeze] - inetutils <no-dsa> (Minor issue)
CVE-2014-3633 (The qemuDomainGetBlockIoTune function in qemu/qemu_driver.c in libvirt ...)
	{DSA-3038-1}
	- libvirt 1.2.8-2 (bug #762203)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in v0.9.8)
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=3e745e8f775dfe6f64f18b5c2fe4791b35d3546b
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=eca96694a7f992be633d48d5ca03cedc9bbc3c9a (v0.9.8)
	NOTE: Upstream advisory: http://security.libvirt.org/2014/0004.html
CVE-2014-3632 (The default configuration in a sudoers file in the Red Hat ...)
	- neutron <not-affected> (Red Hat-specific)
	NOTE: Regression of fix for CVE-2013-6433, Red Hat specific in RedHat Enterprise Open Stack Platform 5.0
CVE-2014-3631 (The assoc_array_gc function in the associative-array implementation in ...)
	- linux 3.16.3-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced later)
	- linux-2.6 <not-affected> (Vulnerable code introduced later)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69 (v3.13)
	NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=95389b08d93d5c06ec63ab49bd732b0069b7c35e
CVE-2014-3630 (XML external entity (XXE) vulnerability in the Java XML processing ...)
	NOT-FOR-US: Play framework
CVE-2014-3629 (XML external entity (XXE) vulnerability in the XML Exchange module in ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/secure/attachment/12680198/QPID-6218.patch
CVE-2014-3628 (Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / ...)
	- lucene-solr <not-affected> (Only affects later 4.x releases)
	NOTE: https://issues.apache.org/jira/browse/SOLR-6738
CVE-2014-3627 (The YARN NodeManager daemon in Apache Hadoop 0.23.0 through 0.23.11 ...)
	NOT-FOR-US: Apache Hadoop
CVE-2014-3626 (The Grails Resource Plugin often has to exchange URIs for resources ...)
	NOT-FOR-US: Grails Resource Plugin
CVE-2014-3625 (Directory traversal vulnerability in Pivotal Spring Framework 3.0.4 ...)
	- libspring-java 3.2.13-1 (bug #769698)
	[jessie] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
	NOTE: https://github.com/spring-projects/spring-framework/commit/3f68cd633f03370d33c2603a6496e81273782601 (3.2.x)
	NOTE: https://jira.spring.io/browse/SPR-12354
	NOTE: http://www.pivotal.io/security/cve-2014-3625
CVE-2014-3624 (Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to ...)
	- trafficserver 5.0.0-1
	[wheezy] - trafficserver <not-affected> (Only affects 4.0.2 to 4.1.2)
	NOTE: https://issues.apache.org/jira/browse/TS-2677
CVE-2014-3623 (Apache WSS4J before 1.6.17 and 2.x before 2.0.2, as used in Apache CXF ...)
	NOT-FOR-US: Apache CXF
CVE-2014-3622 [Posthandler Potential Illegal efree() vulnerability]
	RESERVED
	- php5 5.6.1+dfsg-1 (unimportant)
	NOTE: Not exploitable
	NOTE: https://bugs.php.net/bug.php?id=68088
CVE-2014-3621 (The catalog url replacement in OpenStack Identity (Keystone) before ...)
	- keystone 2014.1.3-1
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: up to 2013.2.3 and 2014.1 versions up to 2014.1.2.1
CVE-2014-3620 (cURL and libcurl before 7.38.0 allow remote attackers to bypass the ...)
	- curl 7.38.0-1
	[wheezy] - curl <not-affected> (affects versions 7.31.0 and later)
	[squeeze] - curl <not-affected> (affects versions 7.31.0 and later)
	NOTE: http://curl.haxx.se/docs/adv_20140910B.html
	NOTE: Introduced by https://github.com/bagder/curl/commit/85b9dc8023
CVE-2014-3619 (The __socket_proto_state_machine function in GlusterFS 3.5 allows ...)
	[experimental] - glusterfs 3.6.2-1
	- glusterfs 3.5.2-2 (bug #781018)
	[wheezy] - glusterfs <not-affected> (Vulnerability introduced after 3.2 release)
	[squeeze] - glusterfs <not-affected> (Vulnerability introduced after 3.2 release)
	NOTE: http://review.gluster.org/#/c/8848/ (3.5)
	NOTE: http://review.gluster.org/#/c/8662/4 (master)
	NOTE: GlusterFS after version 3.2 got changes in the RPC handling which seem to
	NOTE: introduce the vulnerability. With 3.2.x issue is not reproducible.
CVE-2014-3617 (The forum_print_latest_discussions function in mod/forum/lib.php in ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46619
CVE-2014-3616 (nginx 0.5.6 through 1.7.4, when using the same shared ...)
	{DSA-3029-1 DLA-55-1}
	- nginx 1.6.2-1 (bug #761940)
	NOTE: http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html
	NOTE: Upstream patch: http://trac.nginx.org/nginx/changeset/1ee1db30c9b96e9e43e85ab0bfba42140af24966/nginx (stable-1.6 branch)
	NOTE: See follow up on: http://mailman.nginx.org/pipermail/nginx-devel/2014-September/005948.html
CVE-2014-3615 (The VGA emulator in QEMU allows local guest users to read host memory ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.1+dfsg-5
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=c1b886c45dc70f247300f549dce9833f3fa2def5
	NOTE: http://git.qemu.org/?p=qemu.git;a=commit;h=ab9509cceabef28071e41bdfa073083859c949a7
CVE-2014-3614 (Unspecified vulnerability in PowerDNS Recursor (aka pdns_recursor) ...)
	- pdns-recursor 3.6.1-1
	[wheezy] - pdns-recursor <not-affected> (Only affects 3.6.0)
	[squeeze] - pdns-recursor <not-affected> (Only affects 3.6.0)
CVE-2014-3613 (cURL and libcurl before 7.38.0 does not properly handle IP addresses ...)
	{DSA-3022-1 DLA-64-1}
	- curl 7.38.0-1
	NOTE: http://curl.haxx.se/docs/adv_20140910A.html
CVE-2014-3612 (The LDAPLoginModule implementation in the Java Authentication and ...)
	- activemq 5.6.0+dfsg1-4 (low; bug #777196)
	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3612-announcement.txt
CVE-2014-3611 (Race condition in the __kvm_migrate_pit_timer function in ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=2febc839133280d5a5e8e1179c94ea674489dae2
CVE-2014-3610 (The WRMSR processing functionality in the KVM subsystem in the Linux ...)
	{DSA-3060-1}
	- linux 3.16.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (KVM not supported in Squeeze LTS)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=854e8bb1aa06c578c2c9145fa6bfe3680ef63b23
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=8b3c3104c3f4f706e99365c3e0d2aa61b95f969f
	NOTE: Enabling CONFIG_PARAVIRT when building the kernel mitigates this issue.
CVE-2014-3609 (HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 ...)
	{DSA-3139-1 DSA-3014-1 DLA-216-1 DLA-45-1}
	- squid 2.7.STABLE9-5 (bug #776194)
	- squid3 3.3.8-1.2 (bug #759509)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_2.txt
CVE-2014-3608 (The VMWare driver in OpenStack Compute (Nova) before 2014.1.3 allows ...)
	- nova 2014.1.3-1
	[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
	NOTE: Incomplete fix for CVE-2014-2573
CVE-2014-3607 (DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not ...)
	- libvt-ldap-java 3.3.8-1 (bug #763608)
CVE-2014-3606
	RESERVED
	- pillow <unfixed> (unimportant)
	- python-imaging <removed> (unimportant)
	NOTE: not a security issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1133306#c8
CVE-2014-3605
	REJECTED
CVE-2014-3604 (Certificates.java in Not Yet Commons SSL before 0.3.15 does not ...)
	- not-yet-commons-ssl 0.3.15-1 (bug #759526)
	NOTE: http://lists.juliusdavies.ca/pipermail/not-yet-commons-ssl-juliusdavies.ca/2014-August/000832.html
CVE-2014-3603 [HTTPS Connections Via HTTP Resources Do Not Perform Hostname Verification]
	RESERVED
	- libopensaml2-java 2.6.2-1 (bug #759470)
	NOTE: http://shibboleth.net/community/advisories/secadv_20140813.txt
	NOTE: http://svn.shibboleth.net/view/java-opensaml2/branches/REL_2/src/main/java/org/opensaml/DefaultBootstrap.java?r1=1622&r2=1666&pathrev=1666
CVE-2014-3602 (Red Hat OpenShift Enterprise before 2.2 allows local users to obtain ...)
	NOT-FOR-US: OpenShift
CVE-2014-3601 (The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux ...)
	- linux 3.16.2-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=350b8bdd689cd2ab2c67c8a86a0be86cfa0751a7
CVE-2014-3600 (XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before ...)
	- activemq 5.6.0+dfsg1-4 (low; bug #777196)
	[wheezy] - activemq 5.6.0+dfsg-1+deb7u1
	NOTE: http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
CVE-2014-3599
	RESERVED
	NOT-FOR-US: HornetQ
CVE-2014-3598 (The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote ...)
	- pillow 2.5.3-1
	- python-imaging <not-affected> (Vulnerable code not present)
CVE-2014-3597 (Multiple buffer overflows in the php_parserr function in ...)
	{DSA-3008-1 DLA-67-1}
	- php5 5.6.0+dfsg-1
	NOTE: patch: https://github.com/php/php-src/commit/2fefae47716d501aec41c1102f3fd4531f070b05#diff-d41d8cd98f00b204e9800998ecf8427e
	NOTE: https://bugs.php.net/bug.php?id=67717
	NOTE: incomplete fix for CVE-2014-4049
CVE-2014-3596 (The getCN function in Apache Axis 1.4 and earlier does not properly ...)
	{DLA-169-1}
	- axis 1.4-21 (low; bug #762444)
	[wheezy] - axis 1.4-16.2+deb7u1
	[squeeze] - axis <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/jira/secure/attachment/12662672/CVE-2014-3596.patch
CVE-2014-3595 (Cross-site scripting (XSS) vulnerability in spacewalk-java 1.2.39, ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-3594 (Cross-site scripting (XSS) vulnerability in the Host Aggregates ...)
	- horizon 2014.1.2-3 (bug #758930)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: up to 2013.2.3, and 2014.1 versions up to 2014.1.2
CVE-2014-3593 (Eval injection vulnerability in luci 0.26.0 allows remote ...)
	NOT-FOR-US: Luci
CVE-2014-3592
	RESERVED
	NOT-FOR-US: OpenShift Origin
CVE-2014-3591 [sidechannel attack on Elgamal]
	RESERVED
	{DSA-3185-1 DSA-3184-1 DLA-190-1 DLA-175-1}
	- libgcrypt11 <removed>
	- libgcrypt20 1.6.3-2
	- gnupg 1.4.18-7
	NOTE: http://www.cs.tau.ac.il/~tromer/radioexp/
	NOTE: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=commit;h=ff53cf06e966dce0daba5f2c84e03ab9db2c3c8b
CVE-2014-3590
	RESERVED
	- foreman <itp> (bug #663101)
CVE-2014-3589 (PIL/IcnsImagePlugin.py in Python Imaging Library (PIL) and Pillow ...)
	{DSA-3009-1 DLA-41-1}
	- pillow 2.5.3-1 (bug #758772)
	- python-imaging <removed>
	[squeeze] - python-imaging 1.1.7-2+deb6u1
	NOTE: https://github.com/python-pillow/Pillow/commit/205e056f8f9b06ed7b925cf8aa0874bc4aaf8a7d
CVE-2014-3588
	RESERVED
CVE-2014-3587 (Integer overflow in the cdf_read_property_info function in cdf.c in ...)
	{DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1}
	- php5 5.6.0+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=67716
	NOTE: https://github.com/php/php-src/commit/7ba1409a1aee5925180de546057ddd84ff267947
	- file 1:5.19-2
CVE-2014-3586 (The default configuration for the Command Line Interface in Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2014-3585
	RESERVED
	NOT-FOR-US: redhat-upgrade-tool
CVE-2014-3584 (The SamlHeaderInHandler in Apache CXF before 2.6.11, 2.7.x before ...)
	NOT-FOR-US: Apache CXF
CVE-2014-3583 (The handle_headers function in mod_proxy_fcgi.c in the mod_proxy_fcgi ...)
	- apache2 2.4.10-8 (low)
	[wheezy] - apache2 <not-affected> (no mod_proxy_fcgi in 2.2)
	[squeeze] - apache2 <not-affected> (no mod_proxy_fcgi in 2.2)
	NOTE: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_fcgi.c?r1=1618401&r2=1638818
	NOTE: Only exploitable by a malicious fcgi script.
CVE-2014-3582 (In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary ...)
	NOT-FOR-US: Apache Ambari
CVE-2014-3581 (The cache_merge_headers_out function in modules/cache/cache_util.c in ...)
	{DLA-71-1}
	- apache2 2.4.10-3
	[wheezy] - apache2 <not-affected> (Only affects 2.4)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56924#c6
CVE-2014-3580 (The mod_dav_svn Apache HTTPD server module in Apache Subversion 1.x ...)
	{DSA-3107-1 DLA-119-1}
	- subversion 1.8.10-5 (bug #773263)
	NOTE: http://subversion.apache.org/security/CVE-2014-3580-advisory.txt
CVE-2014-3579 (XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x ...)
	NOT-FOR-US: Apache ActiveMQ Apollo
CVE-2014-3578 (Directory traversal vulnerability in Pivotal Spring Framework 3.x ...)
	- libspring-java 3.2.13-1 (low; bug #760733)
	[jessie] - libspring-java <no-dsa> (minor issue)
	[wheezy] - libspring-java <no-dsa> (minor issue)
CVE-2014-3577 (org.apache.http.conn.ssl.AbstractVerifier in Apache HttpComponents ...)
	{DLA-222-1}
	- httpcomponents-client 4.3.5-1
	[wheezy] - httpcomponents-client 4.1.1-2+deb7u1
	[squeeze] - httpcomponents-client <no-dsa> (Minor issue)
	- commons-httpclient 3.1-11 (bug #758086)
	[wheezy] - commons-httpclient 3.1-10.2+deb7u1
	NOTE: See https://bugs.debian.org/758086#59 for full details.
CVE-2014-3576 (The processControlCommand function in broker/TransportConnection.java ...)
	{DSA-3330-1}
	- activemq 5.6.0+dfsg1-4+deb8u1 (bug #792857)
CVE-2014-3575 (The OLE preview generation in Apache OpenOffice before 4.1.1 and ...)
	NOT-FOR-US: OpenOffice on Windows
CVE-2014-3574 (Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote ...)
	- libapache-poi-java 3.10.1-1
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54764
CVE-2014-3573 (The oVirt Engine backend module, as used in Red Hat Enterprise ...)
	NOT-FOR-US: oVirt Engine
CVE-2014-3572 (The ssl3_get_key_exchange function in s3_clnt.c in OpenSSL before ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=ef28c6d6767a6a30df5add36171894c96628fe98
CVE-2014-3571 (OpenSSL before 0.9.8zd, 1.0.0 before 1.0.0p, and 1.0.1 before 1.0.1k ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=8d7aab986b499f34d9e1bc58fbfd77f05c38116e
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=45fe66b8ba026186aa5d8ef1e0e6010ea74d5c0b
CVE-2014-3570 (The BN_sqr implementation in OpenSSL before 0.9.8zd, 1.0.0 before ...)
	{DSA-3125-1 DLA-132-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a7a44ba55cb4f884c6bc9ceac90072dea38e66d
CVE-2014-3569 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 0.9.8zc, ...)
	{DSA-3125-1 DLA-81-1}
	- openssl 1.0.1k-1
	NOTE: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=6ce9687b5aba5391fc0de50e18779eb676d0e04d
CVE-2014-3568 (OpenSSL before 0.9.8zc, 1.0.0 before 1.0.0o, and 1.0.1 before 1.0.1j ...)
	{DSA-3053-1 DLA-81-1}
	- openssl 1.0.1j-1
CVE-2014-3567 (Memory leak in the tls_decrypt_ticket function in t1_lib.c in OpenSSL ...)
	{DSA-3053-1 DLA-81-1}
	- openssl 1.0.1j-1
CVE-2014-3566 (The SSL protocol 3.0, as used in OpenSSL through 1.0.1i and other ...)
	{DSA-3489-1 DSA-3253-1 DSA-3147-1 DSA-3144-1 DSA-3092-1 DLA-400-1 DLA-282-1 DLA-157-1}
	- arora <unfixed> (unimportant)
	- bouncycastle <not-affected> (SSLv3 needs to be explicitly enabled)
	NOTE: http://www.kb.cert.org/vuls/id/BLUU-9PYTFQ
	- chromium-browser 39.0.2171.71-1 (bug #765928)
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- conkeror <unfixed> (unimportant)
	- cyassl <removed> (bug #769905)
	- wolfssl 3.4.8+dfsg-1
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	- dwb <unfixed> (unimportant)
	- openssl 1.0.1j-1
	[wheezy] - openssl <no-dsa> (Will be addressed through a point update, #774299)
	[squeeze] - openssl <no-dsa> (Change considered too risky)
	- galeon <unfixed> (unimportant)
	- gnutls26 <removed>
	[squeeze] - gnutls26 <no-dsa> (Minor issue)
	[wheezy] - gnutls26 <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/1510163
	- gnutls28 3.3.8-5 (bug #769904)
	- kazehakase <unfixed> (unimportant)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	- epiphany-browser <unfixed> (unimportant)
	- haskell-tls 1.2.9-2 (bug #768164)
	[wheezy] - haskell-tls <no-dsa> (Minor issue)
	- icedove 31.3.0-1
	[squeeze] - icedove <end-of-life>
	- iceweasel 31.2.0esr-2
	[squeeze] - iceweasel <end-of-life>
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	- midori <unfixed> (unimportant)
	- netsurf <unfixed> (unimportant)
	- nss 2:3.17.1-1
	[squeeze] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
	[wheezy] - nss <no-dsa> (Upstream doesn't plan to disable SSLv3, stick with that)
	- openjdk-6 6b34-1.13.6-1
	- openjdk-7 7u75-2.5.4-1
	- openjdk-8 8u40~b04-1
	- polarssl 1.3.9-2
	[squeeze] - polarssl <no-dsa> (Minor issue)
	[wheezy] - polarssl <no-dsa> (Minor issue)
	- pound 2.6-6 (bug #765539)
	[squeeze] - pound <no-dsa> (Minor issue)
	- surf <unfixed> (unimportant)
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	- uzbl <unfixed> (unimportant)
	- erlang 1:17.3-dfsg-3 (bug #771359)
	[squeeze] - erlang <no-dsa> (Minor issue)
	[wheezy] - erlang <no-dsa> (Minor issue)
	- lighttpd 1.4.35-4 (bug #765702)
	NOTE: https://www.openssl.org/~bodo/ssl-poodle.pdf
	NOTE: http://googleonlinesecurity.blogspot.fr/2014/10/this-poodle-bites-exploiting-ssl-30.html
	NOTE: This is only about the SSLv3 CBC padding, not about any downgrade attack or support for the fallback SCSV
	NOTE: Fix is to disable SSLv3 in library or application configurations
	NOTE: Browsers based on webkit (with the exception of Chromium) or khtml are not covered by security support
CVE-2014-3565 (snmplib/mib.c in net-snmp 5.7.0 and earlier, when the -OQ option is ...)
	- net-snmp 5.7.2.1~dfsg-7 (bug #760132)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
	[squeeze] - net-snmp <no-dsa> (Minor issue)
CVE-2014-3564 (Multiple heap-based buffer overflows in the status_handler function in ...)
	{DSA-3005-1 DLA-39-1}
	- gpgme1.0 1.5.1-1 (bug #756651)
	[squeeze] - gpgme1.0 1.2.0-1.2+deb6u1
	NOTE: patch: http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgme.git;a=commit;h=2cbd76f7911fc215845e89b50d6af5ff4a83dd77
CVE-2014-3563 (Multiple unspecified vulnerabilities in Salt (aka SaltStack) before ...)
	- salt 2014.1.10+ds-1
	NOTE: http://docs.saltstack.com/en/latest/topics/releases/2014.1.10.html
CVE-2014-3562 (Red Hat Directory Server 8 and 389 Directory Server, when debugging is ...)
	- 389-ds-base 1.3.2.21-1 (bug #757437)
CVE-2014-3561 (The rhevm-log-collector package in Red Hat Enterprise Virtualization ...)
	NOT-FOR-US: rhevm-log-collector
CVE-2014-3560 (NetBIOS name services daemon (nmbd) in Samba 4.0.x before 4.0.21 and ...)
	- samba 2:4.1.11+dfsg-1 (bug #756759)
	[squeeze] - samba <not-affected> (Only affects 4.x)
	[wheezy] - samba <not-affected> (Only affects 4.x)
CVE-2014-3559 (The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 ...)
	NOT-FOR-US: ovirt-engine-backend
CVE-2014-3558 (ReflectionHelper (org.hibernate.validator.util.ReflectionHelper) in ...)
	- libhibernate-validator-java 4.2.1-2 (low; bug #762690)
	[jessie] - libhibernate-validator-java <no-dsa> (Only used as a build dependency for libhibernate3-java)
	[wheezy] - libhibernate-validator-java <no-dsa> (Only used as a build dependency for libhibernate3-java)
	[squeeze] - libhibernate-validator-java <no-dsa> (Only used as a build dependency for libhibernate3-java)
	NOTE: RedHat upgraded to new upstream versions in their security
	NOTE: updates. No patches are available for the 4.0.x branch we
	NOTE: have in Debian. Known fixed versions are 4.2.1, 4.3.2, and 5.1.2.
	NOTE: Upstream ticket: https://hibernate.atlassian.net/browse/HV-912
CVE-2014-3557
	RESERVED
CVE-2014-3556 (The STARTTLS implementation in mail/ngx_mail_smtp_handler.c in the ...)
	- nginx 1.6.1-1 (bug #757196)
	[wheezy] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
	[squeeze] - nginx <not-affected> (Affects 1.5.6 - 1.7.3)
	NOTE: fixed in nginx 1.7.4, 1.6.1
CVE-2014-3555 (OpenStack Neutron before 2013.2.4, 2014.x before 2014.1.2, and Juno ...)
	- neutron 2014.1.1-3 (bug #755134)
CVE-2014-3554 (Buffer overflow in the ndp_msg_opt_dnssl_domain function in libndp ...)
	- libndp 1.4-1 (bug #756389)
CVE-2014-3553 (mod/forum/classes/post_form.php in Moodle through 2.3.11, 2.4.x before ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38990
CVE-2014-3552 (The Shibboleth authentication plugin in auth/shibboleth/index.php in ...)
	- moodle 2.6.1-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_25_STABLE&st=commit&s=MDL-45485
CVE-2014-3551 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
CVE-2014-3550 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moodle <not-affected> (Only affects 2.7.x)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227
CVE-2014-3549 (Cross-site scripting (XSS) vulnerability in the get_description ...)
	- moodle <not-affected> (Only affects 2.7.x)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201
CVE-2014-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
CVE-2014-3547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
CVE-2014-3546 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45760
CVE-2014-3545 (Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46148
CVE-2014-3544 (Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
CVE-2014-3543 (mod/imscp/locallib.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45417
CVE-2014-3542 (mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45463
CVE-2014-3541 (The Repositories component in Moodle through 2.3.11, 2.4.x before ...)
	- moodle 2.7.2-1 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
CVE-2014-3540
	REJECTED
CVE-2014-3539 (base/oi/doa.py in the Rope library in CPython (aka Python) allows ...)
	- rope 0.10.3-1 (bug #777525)
	[jessie] - rope <no-dsa> (Minor issue)
	[squeeze] - rope <no-dsa> (Minor issue)
	[wheezy] - rope <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1116485
	NOTE: https://github.com/python-rope/rope/issues/105
	NOTE: 0.10.3-1 only adds a mitigation for the issue, so not completely fixed.
	NOTE: Still mark it as fixed in this version because patch limits socket
	NOTE: connections to localhost only
CVE-2014-3538 (file before 5.19 does not properly restrict the amount of data read ...)
	{DSA-3021-1 DSA-3008-1 DLA-67-1 DLA-50-1}
	- file 1:5.19-1
	NOTE: fix relies on the new feature that introduced regex/<length> syntax, might be too intrusive for backporting.
	- php5 5.6.0~rc4+dfsg-1
	NOTE: https://bugs.php.net/bug.php?id=67705
CVE-2014-3537 (The web interface in CUPS before 1.7.4 allows local users in the lp ...)
	{DSA-2990-1 DLA-0022-1}
	- cups 1.7.4-1
	[squeeze] - cups 1.4.4-7+squeeze6
	NOTE: https://www.cups.org/str.php?L4450
CVE-2014-3536
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2014-3535 (include/linux/netdevice.h in the Linux kernel before 2.6.36 ...)
	- linux <not-affected> (RHEL-specific, incomplete backport)
	- linux-2.6 <not-affected> (RHEL-specific, incomplete backport)
	NOTE: Fix: https://git.kernel.org/linus/256df2f3879efdb2e9808bdb1b54b16fbb11fa38
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=896015#c8
CVE-2014-3534 (arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the ...)
	{DSA-2992-1}
	- linux 3.14.13-2 (bug #728705)
	- linux-2.6 <not-affected> (Vulnerable code was introduced later)
CVE-2014-3533 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to ...)
	{DSA-2971-1}
	- dbus 1.8.6-1
	[squeeze] - dbus <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80469
CVE-2014-3532 (dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux ...)
	{DSA-2971-1}
	- dbus 1.8.6-1
	[squeeze] - dbus <not-affected> (Fix for other kernel version)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=80163
CVE-2014-3531 (Multiple cross-site scripting (XSS) vulnerabilities in Foreman before ...)
	- foreman <itp> (bug #663101)
CVE-2014-3530 (The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory ...)
	NOT-FOR-US: PicketLink
CVE-2014-3529 (The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers ...)
	- libapache-poi-java 3.10.1-1
	[wheezy] - libapache-poi-java <no-dsa> (Minor issue)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=56164
CVE-2014-3527 (When using the CAS Proxy ticket authentication from Spring Security ...)
	- libspring-security-java <itp> (bug #582181)
CVE-2014-3526 (Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2014-3525 (Unspecified vulnerability in Apache Traffic Server 3.x through 3.2.5, ...)
	- trafficserver 5.0.1-1 (low)
	[wheezy] - trafficserver <no-dsa> (Minor issue)
CVE-2014-3524 (Apache OpenOffice before 4.1.1 allows remote attackers to execute ...)
	NOT-FOR-US: OpenOffice for Windows
CVE-2014-3523 (Memory leak in the winnt_accept function in server/mpm/winnt/child.c ...)
	- apache2 <not-affected> (Affects only Windows systems)
CVE-2014-3522 (The Serf RA layer in Apache Subversion 1.4.0 through 1.7.x before ...)
	- subversion 1.8.10-1
	[wheezy] - subversion <unfixed> (unimportant)
	[squeeze] - subversion <unfixed> (unimportant)
	NOTE: https://subversion.apache.org/security/CVE-2014-3522-advisory.txt
CVE-2014-3521 (The component in (1) /luci/homebase and (2) /luci/cluster menu in Red ...)
	NOT-FOR-US: luci as included in conga
CVE-2014-3520 (OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, ...)
	- keystone 2014.1.1-3 (bug #753511)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2014-3519 (The open_by_handle_at function in vzkernel before 042stab090.5 in the ...)
	- linux-2.6 <not-affected> (Vulnerable code not yet present)
	- linux <not-affected> (Kernels after squeeze no longer contain the openvz flavour)
CVE-2014-3518 (jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss ...)
	NOT-FOR-US: JBoss Application Server
CVE-2014-3517 (api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, ...)
	- nova 2014.1.1-8 (bug #755042)
	[wheezy] - nova <not-affected> (Only exploitable when used with neutron, which is not in stable)
CVE-2014-3516
	RESERVED
CVE-2014-3515 (The SPL component in PHP before 5.4.30 and 5.5.x before 5.5.14 ...)
	{DSA-2974-1 DLA-0018-1}
	- php5 5.6.0~rc2+dfsg-1
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: https://bugs.php.net/bug.php?id=67492
CVE-2014-3514 (activerecord/lib/active_record/relation/query_methods.rb in Active ...)
	- rails 2:4.1.5-1
	[wheezy] - rails <not-affected> (Only affects 4.0.0 and all Later Versions)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	- rails-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
	- ruby-activerecord-2.3 <not-affected> (Only affects 4.0.0 and all Later Versions)
	- ruby-activerecord-3.2 <not-affected> (Only affects 4.0.0 and all Later Versions)
CVE-2014-3513 (Memory leak in d1_srtp.c in the DTLS SRTP extension in OpenSSL 1.0.1 ...)
	{DSA-3053-1}
	- openssl 1.0.1j-1
	[squeeze] - openssl <not-affected> (DLTS SRTP introduced in 1.0.1)
CVE-2014-3512 (Multiple buffer overflows in crypto/srp/srp_lib.c in the SRP ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-3511 (The ssl23_get_client_hello function in s23_srvr.c in OpenSSL 1.0.1 ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (Doesn't support TLS higher than 1.0)
CVE-2014-3510 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3509 (Race condition in the ssl_parse_serverhello_tlsext function in ...)
	{DSA-2998-1}
	- openssl 1.0.1i-1
	[squeeze] - openssl <not-affected> (vulnerable code not present)
CVE-2014-3508 (The OBJ_obj2txt function in crypto/objects/obj_dat.c in OpenSSL 0.9.8 ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3507 (Memory leak in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3506 (d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3505 (Double free vulnerability in d1_both.c in the DTLS implementation in ...)
	{DSA-2998-1 DLA-33-1}
	- openssl 1.0.1i-1
CVE-2014-3504 (The (1) serf_ssl_cert_issuer, (2) serf_ssl_cert_subject, and (3) ...)
	- serf 1.3.7-1 (bug #757965)
	[wheezy] - serf <no-dsa> (Minor issue)
	[squeeze] - serf <no-dsa> (Minor issue)
CVE-2014-3503 (Apache Syncope 1.1.x before 1.1.8 uses weak random values to generate ...)
	NOT-FOR-US: Apache Syncope
CVE-2014-3502 (Apache Cordova Android before 3.5.1 allows remote attackers to open ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-3501 (Apache Cordova Android before 3.5.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-3500 (Apache Cordova Android before 3.5.1 allows remote attackers to change ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-3499 (Docker 1.0.0 uses world-readable and world-writable permissions on the ...)
	- docker.io <not-affected> (RHEL specific, socket based activation not shipped)
CVE-2014-3498 (The user module in ansible before 1.6.6 allows remote authenticated ...)
	- ansible 1.7.0+dfsg-1
	NOTE: https://github.com/ansible/ansible/commit/8ed6350e65c82292a631f08845dfaacffe7f07f5 (v1.7.0)
CVE-2014-3497 (Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 ...)
	- swift 1.13.1-1 (bug #752087)
	[wheezy] - swift <not-affected> (Only affects 1.11.0 to 1.13.1)
CVE-2014-3496 (cartridge_repository.rb in OpenShift Origin and Enterprise 1.2.8 ...)
	NOT-FOR-US: OpenShift Origin
CVE-2014-3495 [improper verification of SSL certificates]
	RESERVED
	- duplicity 0.6.21-1 (low; bug #751902)
	[wheezy] - duplicity <no-dsa> (Minor issue)
	NOTE: Since python-boto 2.6.0, cf. #751902, boto's default is now to enable
	NOTE: certificate verification. This is as such only a issue if using boto's
	NOTE: version outside of the packaged one in Debian. Mark 0.6.21-1 as fixing
	NOTE: version since this is the first upload to unstable after python-boto
	NOTE: 2.8.0-1 was uploaded.
CVE-2014-3494 (kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs ...)
	- kde4libs 4:4.13.3-1 (bug #752052)
	[wheezy] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
	[squeeze] - kde4libs <not-affected> (Affects kdelibs 4.10.95 to 4.13.2)
	NOTE: http://quickgit.kde.org/?p=kdelibs.git&a=commitdiff&h=bbae87dc1be3ae063796a582774bd5642cacdd5d&hp=1ccdb43ed3b32a7798eec6d39bb3c83a6e40228f
CVE-2014-3493 (The push_ascii function in smbd in Samba 3.6.x before 3.6.24, 4.0.x ...)
	{DSA-2966-1}
	- samba 2:4.1.9+dfsg-1
	[squeeze] - samba <not-affected> (Only affects 3.6 and later)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2014-3493
CVE-2014-3492 (Multiple cross-site scripting (XSS) vulnerabilities in the host YAML ...)
	- foreman <itp> (bug #663101)
CVE-2014-3491 (Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and ...)
	- foreman <itp> (bug #663101)
	NOTE: Details not yet known as behind http://projects.theforeman.org/issues/5881
CVE-2014-3490 (RESTEasy 2.3.1 before 2.3.8.SP2 and 3.x before 3.0.9, as used in Red ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2014-3489 (lib/util/miq-password.rb in Red Hat CloudForms 3.0 Management Engine ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3488 (The SslHandler in Netty before 3.9.2 allows remote attackers to cause ...)
	- netty <not-affected> (Introduced in 3.9.0)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1107983 says only affects 3.9.0 and 3.9.1
CVE-2014-3487 (The cdf_read_property_info function in file before 5.19, as used in ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/93e063ee374b6a75729df9e7201fb511e47e259d
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
	NOTE: https://bugs.php.net/bug.php?id=67413
CVE-2014-3486 (The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-3485 (The REST API in the ovirt-engine in oVirt, as used in Red Hat ...)
	NOT-FOR-US: ovirt-engine-api / RHEV
CVE-2014-3484 [stack-based buffer overflow]
	RESERVED
	- musl 1.1.4-1 (bug #750815)
CVE-2014-3483 (SQL injection vulnerability in ...)
	{DSA-2982-1}
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activerecord-3.2 <removed>
	- rails 2:4.1.4-1
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	- rails-3.2 3.2.19-1
	- rails-4.0 <removed>
CVE-2014-3482 (SQL injection vulnerability in ...)
	{DSA-2982-1}
	- ruby-activerecord-2.3 <removed>
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- ruby-activerecord-3.2 <removed>
	- rails 2:4.1.4-1
	[wheezy] - rails <not-affected> (src:rails in wheezy is just a transition package)
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	- rails-3.2 3.2.19-1
	- rails-4.0 <removed>
CVE-2014-3481 (org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2014-3480 (The cdf_count_chain function in cdf.c in file before 5.19, as used in ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/40bade80cbe2af1d0b2cd0420cebd5d5905a2382
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: http://bugs.php.net/bug.php?id=67412
CVE-2014-3479 (The cdf_check_stream_offset function in cdf.c in file before 5.19, as ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/36fadd29849b8087af9f4586f89dbf74ea45be67
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
	NOTE: https://bugs.php.net/bug.php?id=67411
CVE-2014-3478 (Buffer overflow in the mconvert function in softmagic.c in file before ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/27a14bc7ba285a0a5ebfdb55e54001aa11932b08
	- php5 5.6.0~rc1+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://bugs.php.net/bug.php?id=67410
CVE-2014-3477 (The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and ...)
	{DSA-2971-1 DLA-87-1}
	- dbus 1.8.4-1 (low)
	[squeeze] - dbus <no-dsa> (Minor issue)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=78979
CVE-2014-3476 (OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, ...)
	- keystone 2014.1.1-2 (bug #751454)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2014-3475 (Cross-site scripting (XSS) vulnerability in the Users panel ...)
	- horizon 2014.1.1-3 (bug #754255)
	[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3474 (Cross-site scripting (XSS) vulnerability in ...)
	- horizon 2014.1.1-3 (bug #754255)
	[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3473 (Cross-site scripting (XSS) vulnerability in the Orchestration/Stack ...)
	- horizon 2014.1.1-3 (bug #754255)
	[wheezy] - horizon <no-dsa> (Minor issue)
CVE-2014-3472 (The isCallerInRole function in SimpleSecurityManager in JBoss ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2014-3471 (Use-after-free vulnerability in hw/pci/pcie.c in QEMU (aka Quick ...)
	- qemu 2.1+dfsg-1
	[wheezy] - qemu <not-affected> (Vulnerable code not present)
	[wheezy] - qemu-kvm <not-affected> (Vulnerable code not present)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-06/msg05283.html
	NOTE: Upstream fix: http://git.qemu.org/?p=qemu.git;a=commit;h=554f802da3f8b09b16b9a84ad5847b2eb0e9ad2b (v2.1.0-rc0)
	NOTE: PCIe support introduced in v1.3: http://wiki.qemu.org/ChangeLog/1.3
CVE-2014-3470 (The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL ...)
	{DSA-2950-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-3469 (The (1) asn1_read_value_type and (2) asn1_read_value functions in GNU ...)
	{DSA-3056-1 DLA-77-1}
	- libtasn1-3 <removed>
	- libtasn1-6 3.6-1
CVE-2014-3468 (The asn1_get_bit_der function in GNU Libtasn1 before 3.6 does not ...)
	{DSA-3056-1 DLA-77-1}
	- libtasn1-3 <removed>
	- libtasn1-6 3.6-1
CVE-2014-3467 (Multiple unspecified vulnerabilities in the DER decoder in GNU ...)
	{DSA-3056-1 DLA-77-1}
	- libtasn1-3 <removed>
	- libtasn1-6 3.6-1
CVE-2014-3466 (Buffer overflow in the read_server_hello function in ...)
	{DSA-2944-1 DLA-0001-1}
	- gnutls26 2.12.23-16
	- gnutls28 3.2.15-1
	[squeeze] - gnutls26 2.8.6-1+squeeze4
	NOTE: http://radare.today/technical-analysis-of-the-gnutls-hello-vulnerability/
CVE-2014-3465 (The gnutls_x509_dn_oid_name function in lib/x509/common.c in GnuTLS ...)
	- gnutls26 <not-affected> (Affected code was introduced in 3.0)
	- gnutls28 3.2.10-1
CVE-2014-3464 (The EJB invocation handler implementation in Red Hat JBossWS, as used ...)
	NOT-FOR-US: JBoss WS
CVE-2014-3463
	REJECTED
CVE-2013-7382 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and ...)
	NOT-FOR-US: VICIDIAL
CVE-2013-7381
	RESERVED
CVE-2013-7380
	RESERVED
CVE-2013-7379 (The admin API in the tomato module before 0.0.6 for Node.js does not ...)
	NOT-FOR-US: tomato module for Node.js
CVE-2013-7378
	RESERVED
CVE-2013-7377 (The codem-transcode module before 0.5.0 for Node.js, when ffprobe is ...)
	NOT-FOR-US: codem-transcode Node module
CVE-2013-7376 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
	NOT-FOR-US: OpenX
CVE-2014-3800 (XBMC 13.0 uses world-readable permissions for ...)
	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
	- xbmc 2:13.2+dfsg1-5 (low; bug #747428)
	[jessie] - xbmc <no-dsa> (Minor issue)
	[wheezy] - xbmc <no-dsa> (Minor issue)
	NOTE: http://trac.xbmc.org/ticket/15198
CVE-2014-3774 (Multiple cross-site scripting (XSS) vulnerabilities in items.php in ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
CVE-2014-3773 (Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/8820c8934d9ba0508ac345e73ad0be29049ec6de
CVE-2014-3772 (TeamPass before 2.1.20 allows remote attackers to bypass access ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/7715512f2bd5659cc69e063a1c513c19e384340f
CVE-2014-3771 (TeamPass before 2.1.20 allows remote attackers to bypass access ...)
	- teampass <itp> (bug #730180)
	NOTE: https://github.com/nilsteampassnet/TeamPass/commit/fd549b245c0f639a8d47bf4f74f92c37c053706f
CVE-2014-4703 (lib/parse_ini.c in Nagios Plugins 2.0.2 allows local users to obtain ...)
	- nagios-plugins <removed> (unimportant)
	NOTE: check_dhcp is not installed with root suid permissions in Debian
	NOTE: http://seclists.org/fulldisclosure/2014/Jun/141
	- monitoring-plugins <undetermined> (unimportant)
CVE-2014-4702 (The check_icmp plugin in Nagios Plugins before 2.0.2 allows local ...)
	- nagios-plugins <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/May/74
	NOTE: check_imcp is not installed with root suid permissions in Debian
	- monitoring-plugins <undetermined> (unimportant)
CVE-2014-4701 (The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local ...)
	- nagios-plugins <removed> (unimportant)
	NOTE: check_dhcp is not installed with root suid permissions in Debian
	NOTE: http://seclists.org/fulldisclosure/2014/May/74
	- monitoring-plugins <undetermined> (unimportant)
CVE-2014-3776 (Buffer overflow in the &quot;read-u8vector!&quot; procedure in the srfi-4 unit ...)
	- chicken 4.9.0-1 (bug #748904)
	[squeeze] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.gnu.org/archive/html/chicken-announce/2014-05/msg00001.html
	NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=1d06ce7e21c7e903ca5dca11fda6fcf2cc52de5e
CVE-2014-3775 (libgadu before 1.11.4 and 1.12.0 before 1.12.0-rc3, as used in Pidgin ...)
	{DSA-2935-1}
	- libgadu 1:1.12.0~rc3-1
	[squeeze] - libgadu <not-affected> (Vulnerable code not present)
CVE-2014-3749 (SQL injection vulnerability in Construtiva CIS Manager allows remote ...)
	NOT-FOR-US: Construtiva CIS Manager CMS
CVE-2014-3719
	RESERVED
	NOT-FOR-US: ALEPH500 Integrated library management system
CVE-2014-3717 (Xen 4.4.x does not properly validate the load address for 64-bit ARM ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3716 (Xen 4.4.x does not properly check alignment, which allows local users ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3715 (Buffer overflow in Xen 4.4.x allows local users to read system memory ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3714 (The ARM image loading functionality in Xen 4.4.x does not properly ...)
	- xen <not-affected> (Only ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3739 (Open redirect vulnerability in ...)
	- zenoss <itp> (bug #361253)
CVE-2014-3738 (Cross-site scripting (XSS) vulnerability in Zenoss 4.2.5 allows remote ...)
	- zenoss <itp> (bug #361253)
CVE-2014-3756 (The client in Mumble 1.2.x before 1.2.6 allows remote attackers to ...)
	- mumble 1.2.6-1 (bug #748189)
	[squeeze] - mumble <no-dsa> (Minor issue)
	[wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2
	NOTE: http://mumble.info/security/Mumble-SA-2014-006.txt
CVE-2014-3755 (The QSvg module in Qt, as used in the Mumble client 1.2.x before ...)
	- mumble 1.2.6-1 (bug #748189)
	[squeeze] - mumble <no-dsa> (Minor issue)
	[wheezy] - mumble 1.2.3-349-g315b5f5-2.2+deb7u2
	NOTE: http://mumble.info/security/Mumble-SA-2014-005.txt
CVE-2014-3461 (hw/usb/bus.c in QEMU 1.6.2 allows remote attackers to execute ...)
	- qemu 2.1+dfsg-1 (bug #739589)
	- qemu-kvm <removed>
	[wheezy] - qemu <no-dsa> (Too intrusive to backport, minor risk)
	[wheezy] - qemu-kvm <no-dsa> (Too intrusive to backport, minor risk)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://article.gmane.org/gmane.comp.emulators.qemu/272322
CVE-2014-3460 (Directory traversal vulnerability in the DumpToFile method in the ...)
	NOT-FOR-US: NetIQ Sentinel
CVE-2014-3459 (Heap-based buffer overflow in SolarWinds Network Configuration Manager ...)
	NOT-FOR-US: SolarWinds Network Configuration Manager
CVE-2014-3458
	RESERVED
CVE-2014-3457
	RESERVED
CVE-2014-3456 (Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition ...)
	NOT-FOR-US: GitLab Enterprise Edition
CVE-2014-3455 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
	NOT-FOR-US: MediaWiki extension SemanticForms
CVE-2014-3454 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: MediaWiki extension SemanticForms
CVE-2014-3452 (Filters\LAV\avfilter-lav-4.dll in K-lite Codec 10.4.5 and earlier ...)
	NOT-FOR-US: K-lite Codec
CVE-2014-3451 (OpenFire XMPP Server before 3.10 accepts self-signed certificates, ...)
	NOT-FOR-US: Openfire
CVE-2014-3450 (Unspecified vulnerability in Panda Gold Protection and Global ...)
	NOT-FOR-US: Panda
CVE-2014-3449
	RESERVED
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3448
	RESERVED
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3447
	RESERVED
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3446 (SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in ...)
	NOT-FOR-US: BSS Continuity CMS
CVE-2014-3445
	RESERVED
CVE-2014-3730 (The django.util.http.is_safe_url function in Django 1.4 before 1.4.13, ...)
	{DSA-2934-1}
	- python-django 1.6.5-1
	NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
CVE-2014-XXXX [data leak during restore]
	- obnam 1.8-1 (low; bug #745112)
	[wheezy] - obnam <no-dsa> (Minor issue)
CVE-2014-3462 (The &quot;.encfs6.xml&quot; configuration file in encfs before 1.7.5 allows ...)
	- encfs 1.8.1-1 (low; bug #736066)
	[jessie] - encfs <no-dsa> (Minor issue)
	[squeeze] - encfs <no-dsa> (Minor issue)
	[wheezy] - encfs <no-dsa> (Minor issue)
	NOTE: Shortcoming documented in 1.7.4-4
	NOTE: https://defuse.ca/audits/encfs.htm
	NOTE: Upstream issue: https://github.com/vgough/encfs/issues/14
CVE-2014-3453 (Eval injection vulnerability in the flag_import_form_validate function ...)
	NOT-FOR-US: Drupal module
CVE-2014-3444 (The GetGUID function in codecs/dmp4.dll in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2014-3443 (JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: JetAudio
CVE-2014-3442 (Winamp 5.666 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Winamp
CVE-2014-3441 (codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows ...)
	- vlc <not-affected> (VLC in Debian uses the system version of libpng which handles the malformed file correctly as invalid)
	NOTE: http://packetstormsecurity.com/files/126564/VLC-Player-2.1.3-Memory-Corruption.html
CVE-2014-3440 (The Agent Control Interface in the management server in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2014-3439 (ConsoleServlet in Symantec Endpoint Protection Manager (SEPM) 12.1 ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3438 (Multiple cross-site scripting (XSS) vulnerabilities in console ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3437 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2014-3436 (Symantec Encryption Desktop 10.3.x before 10.3.2 MP3, and Symantec PGP ...)
	NOT-FOR-US: Symantec
CVE-2014-3435
	REJECTED
CVE-2014-3434 (Buffer overflow in the sysplant driver in Symantec Endpoint Protection ...)
	NOT-FOR-US: Symantec
CVE-2014-3433 (Cross-site scripting (XSS) vulnerability in the management console in ...)
	NOT-FOR-US: Symantec
CVE-2014-3432 (Cross-site scripting (XSS) vulnerability in the management console in ...)
	NOT-FOR-US: Symantec
CVE-2014-3431 (Symantec PGP Desktop 10.x, and Encryption Desktop Professional 10.3.x ...)
	NOT-FOR-US: Symantec PGP Desktop
CVE-2014-3429 (IPython Notebook 0.12 through 1.x before 1.2 does not validate the ...)
	- ipython 1.2.0~rc1-1 (low)
	[wheezy] - ipython 0.13.1-2+deb7u1
	[squeeze] - ipython <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/ipython/ipython/pull/4845
CVE-2014-3428 (Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with ...)
	NOT-FOR-US: Yealink VoIP Phones
CVE-2014-3427 (CRLF injection vulnerability in Yealink VoIP Phones with firmware ...)
	NOT-FOR-US: Yealink VoIP Phones
CVE-2014-3420
	RESERVED
CVE-2014-3419 (Infoblox NetMRI before 6.8.5 has a default password of admin for the ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2014-3418 (config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2014-3417 (uPortal before 4.0.13.1 does not properly check the CONFIG permission, ...)
	NOT-FOR-US: uPortal
CVE-2014-3416 (uPortal before 4.0.13.1 does not properly check the MANAGE ...)
	NOT-FOR-US: uPortal
CVE-2014-3415 (SQL injection vulnerability in Sharetronix before 3.4 allows remote ...)
	NOT-FOR-US: Sharetronix
CVE-2014-3414 (Cross-site request forgery (CSRF) vulnerability in Sharetronix before ...)
	NOT-FOR-US: Sharetronix
CVE-2014-3413 (The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has ...)
	NOT-FOR-US: Juniper
CVE-2014-3412 (Unspecified vulnerability in Juniper Junos Space before 13.3R1.8, when ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2014-3411 (Unspecified vulnerability in the NSM XDB service in Juniper NSM before ...)
	NOT-FOR-US: Juniper NSM
CVE-2014-3410 (The syslog-management subsystem in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2014-3409 (The Ethernet Connectivity Fault Management (CFM) handling feature in ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3408 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Prime Optical
CVE-2014-3407 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2014-3406 (Race condition in the IP logging feature in Cisco Intrusion Prevention ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3405 (Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3404 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3403 (The Autonomic Networking Infrastructure (ANI) component in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3402 (The authentication-manager process in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-3401
	RESERVED
CVE-2014-3400 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3399 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-3398 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-3397 (The network stack in Cisco TelePresence MCU Software before 4.3(2.30) ...)
	NOT-FOR-US: TelePresence MCU
CVE-2014-3396 (Cisco IOS XR on ASR 9000 devices does not properly use compression for ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3395 (Cisco WebEx Meetings Server (WMS) 2.5 allows remote attackers to ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3394 (The Smart Call Home (SCH) implementation in Cisco ASA Software 8.2 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3393 (The Clientless SSL VPN portal customization framework in Cisco ASA ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3392 (The Clientless SSL VPN portal in Cisco ASA Software 8.2 before ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3391 (Untrusted search path vulnerability in Cisco ASA Software 8.x before ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3390 (The Virtual Network Management Center (VNMC) policy implementation in ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3389 (The VPN implementation in Cisco ASA Software 7.2 before 7.2(5.15), 8.2 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3388 (The DNS inspection engine in Cisco ASA Software 9.0 before 9.0(4.13), ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3387 (The SunRPC inspection engine in Cisco ASA Software 7.2 before ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3386 (The GPRS Tunneling Protocol (GTP) inspection engine in Cisco ASA ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3385 (Race condition in the Health and Performance Monitoring (HPM) for ASDM ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3384 (The IKEv2 implementation in Cisco ASA Software 8.4 before 8.4(7.15), ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3383 (The IKE implementation in the VPN component in Cisco ASA Software 9.1 ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3382 (The SQL*Net inspection engine in Cisco ASA Software 7.2 before ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-3381 (The ZIP inspection engine in Cisco AsyncOS 8.5 and earlier on the ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2014-3380 (Cisco Unified Communications Domain Manager Platform Software 4.4(.3) ...)
	NOT-FOR-US: Cisco Unified Communications
CVE-2014-3379 (Cisco IOS XR 5.1 and earlier on Network Convergence System 6000 ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3378 (tacacsd in Cisco IOS XR 5.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3377 (snmpd in Cisco IOS XR 5.1 and earlier allows remote authenticated ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3376 (Cisco IOS XR 5.1 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3375 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Service ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3374 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM admin ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3373 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM Dialed ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3372 (Multiple cross-site scripting (XSS) vulnerabilities in the CCM reports ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3371
	REJECTED
CVE-2014-3370 (Cisco TelePresence Video Communication Server (VCS) and Expressway ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3369 (The SIP IX implementation in Cisco TelePresence Video Communication ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3368 (Cisco TelePresence Video Communication Server (VCS) and Expressway ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3367 (Cross-site scripting (XSS) vulnerability in the vCloud Director ...)
	NOT-FOR-US: Cisco
CVE-2014-3366 (SQL injection vulnerability in the administrative web interface in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3365 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime ...)
	NOT-FOR-US: Cisco Prime Security Manager
CVE-2014-3364 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco
CVE-2014-3363 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-3362 (Memory leak in Cisco TelePresence System Edge MXP Series Software ...)
	NOT-FOR-US: Cisco
CVE-2014-3361 (The ALG module in Cisco IOS 15.0 through 15.4 does not properly ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3360 (Cisco IOS 12.4 and 15.0 through 15.4 and IOS XE 3.1.xS, 3.2.xS, ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3359 (Memory leak in Cisco IOS 15.1 through 15.4 and IOS XE 3.4.xS, 3.5.xS, ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3358 (Memory leak in Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3357 (Cisco IOS 15.0, 15.1, 15.2, and 15.4 and IOS XE 3.3.xSE before ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3356 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3355 (The metadata flow feature in Cisco IOS 15.1 through 15.3 and IOS XE ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3354 (Cisco IOS 12.0, 12.2, 12.4, 15.0, 15.1, 15.2, and 15.3 and IOS XE 2.x ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3353 (Cisco IOS XR 4.3(.2) and earlier, as used in Cisco Carrier Routing ...)
	NOT-FOR-US: Cisco
CVE-2014-3352 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) ...)
	NOT-FOR-US: Cisco
CVE-2014-3351 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does ...)
	NOT-FOR-US: Cisco
CVE-2014-3350 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does ...)
	NOT-FOR-US: Cisco
CVE-2014-3349 (Cisco Intelligent Automation for Cloud (aka Cisco Cloud Portal) does ...)
	NOT-FOR-US: Cisco
CVE-2014-3348 (The SSH module in the Integrated Management Controller (IMC) before ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-3347 (Cisco IOS 15.1(4)M2 on Cisco 1800 ISR devices, when the ISDN Basic ...)
	NOT-FOR-US: Cisco
CVE-2014-3346 (The web framework in Cisco Transport Gateway for Smart Call Home (aka ...)
	NOT-FOR-US: Cisco
CVE-2014-3345 (The web framework in Cisco Transport Gateway for Smart Call Home (aka ...)
	NOT-FOR-US: Cisco
CVE-2014-3344 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco
CVE-2014-3343 (Cisco IOS XR 5.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco
CVE-2014-3342 (The CLI in Cisco IOS XR allows remote authenticated users to obtain ...)
	NOT-FOR-US: Cisco
CVE-2014-3341 (The SNMP module in Cisco NX-OS 7.0(3)N1(1) and earlier on Nexus 5000 ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-3340 (Directory traversal vulnerability in an unspecified PHP script in the ...)
	NOT-FOR-US: Cisco
CVE-2014-3339 (Multiple SQL injection vulnerabilities in the administrative web ...)
	NOT-FOR-US: Cisco
CVE-2014-3338 (The CTIManager module in Cisco Unified Communications Manager (CM) ...)
	NOT-FOR-US: Cisco
CVE-2014-3337 (The SIP implementation in Cisco Unified Communications Manager (CM) ...)
	NOT-FOR-US: Cisco
CVE-2014-3336 (SQL injection vulnerability in the web framework in Cisco Unity ...)
	NOT-FOR-US: Cisco
CVE-2014-3335 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
	NOT-FOR-US: Cisco
CVE-2014-3334
	REJECTED
CVE-2014-3333 (The server in Cisco Unity Connection 9.1(1) and 9.1(2) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2014-3332 (Cisco Unified Communications Manager (CM) 8.6(.2) and earlier has an ...)
	NOT-FOR-US: Cisco
CVE-2014-3331 (The Session Manager component in Packet Data Network Gateway (aka PGW) ...)
	NOT-FOR-US: Cisco
CVE-2014-3330 (Cisco NX-OS 6.1(2)I2(1) on Nexus 9000 switches does not properly ...)
	NOT-FOR-US: Cisco
CVE-2014-3329 (Cross-site scripting (XSS) vulnerability in the web-server component ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2014-3328 (The Intercluster Sync Agent Service in Cisco Unified Presence Server ...)
	NOT-FOR-US: Cisco Unified Presence Server
CVE-2014-3327 (The EnergyWise module in Cisco IOS 12.2, 15.0, 15.1, 15.2, and 15.4 ...)
	NOT-FOR-US: Cisco
CVE-2014-3326 (SQL injection vulnerability in the web framework in Cisco Security ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3325 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2014-3324 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
	NOT-FOR-US: Cisco TelePrecence Server
CVE-2014-3323 (Directory traversal vulnerability in Cisco Unified Contact Center ...)
	NOT-FOR-US: Cisco
CVE-2014-3322 (Cisco IOS XR 4.3(.2) and earlier on ASR 9000 devices does not properly ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3321 (Cisco IOS XR 4.3.4 and earlier on ASR 9000 devices, when bridge-group ...)
	NOT-FOR-US: Cisco
CVE-2014-3320 (Multiple open redirect vulnerabilities in the admin web interface in ...)
	NOT-FOR-US: Cisco
CVE-2014-3319 (Directory traversal vulnerability in the Real-Time Monitoring Tool ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3318 (Directory traversal vulnerability in dna/viewfilecontents.do in the ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3317 (Directory traversal vulnerability in the Multiple Analyzer in the ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3316 (The Multiple Analyzer in the Dialed Number Analyzer (DNA) component in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3315 (Cross-site scripting (XSS) vulnerability in viewfilecontents.do in the ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3314 (Cisco AnyConnect on Android and OS X does not properly verify the host ...)
	NOT-FOR-US: Cisco AnyConnect
CVE-2014-3313 (Cross-site scripting (XSS) vulnerability in the web user interface on ...)
	NOT-FOR-US: Cisco Small Business phones
CVE-2014-3312 (The debug console interface on Cisco Small Business SPA300 and SPA500 ...)
	NOT-FOR-US: Cisco Small Business phones
CVE-2014-3311 (Heap-based buffer overflow in the file-sharing feature in WebEx ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3310 (The File Transfer feature in WebEx Meetings Client in Cisco WebEx ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3309 (The NTP implementation in Cisco IOS and IOS XE does not properly ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3308 (Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2014-3307 (The DHCP client implementation in Universal Small Cell firmware on ...)
	NOT-FOR-US: Cisco Small Cell
CVE-2014-3306 (The web server on Cisco DPC3010, DPC3212, DPC3825, DPC3925, DPQ3925, ...)
	NOT-FOR-US: Cisco
CVE-2014-3305 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3304 (The OutlookAction Class in Cisco WebEx Meetings Server allows remote ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3303 (The web framework in Cisco WebEx Meetings Server does not properly ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3302 (user.php in Cisco WebEx Meetings Server 1.5(.1.131) and earlier does ...)
	NOT-FOR-US: Cisco
CVE-2014-3301 (The ProfileAction controller in Cisco WebEx Meetings Server (CWMS) ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-3300 (The BVSMWeb portal in the web framework in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3299 (Cisco IOS allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3298 (Form Data Viewer in Cisco Intelligent Automation for Cloud in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-3297 (Cisco Intelligent Automation for Cloud in Cisco Cloud Portal does not ...)
	NOT-FOR-US: Cisco
CVE-2014-3296 (The XML programmatic interface (XML PI) in Cisco WebEx Meeting Server ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-3295 (The HSRP implementation in Cisco NX-OS 6.2(2a) and earlier allows ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-3294 (Cisco WebEx Meeting Server does not properly restrict the content of ...)
	NOT-FOR-US: Cisco WebEx Meeting Server
CVE-2014-3293 (Cisco IOS 15.4(3)S0b on ASR901 devices makes incorrect decisions to ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3292 (The Real Time Monitoring Tool (RTMT) implementation in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3291 (Cisco Wireless LAN Controller (WLC) devices allow remote attackers to ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-3290 (The mDNS implementation in Cisco IOS XE 3.12S does not properly ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2014-3289 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Cisco
CVE-2014-3288
	RESERVED
CVE-2014-3287 (SQL injection vulnerability in BulkViewFileContentsAction.java in the ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-3286 (The web framework in Cisco WebEx Meeting Server does not properly ...)
	NOT-FOR-US: Cisco WebEx Meeting Server
CVE-2014-3285 (Cisco Wide Area Application Services (WAAS) 5.3(.5a) and earlier, when ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2014-3284 (Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3283 (Open redirect vulnerability in Self-Care Client Portal applications in ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3282 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3281 (The web framework in VOSS in Cisco Unified Communications Domain ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3280 (The web framework in VOSS in Cisco Unified Communications Domain ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3279 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3278 (The web framework in VOSS in Cisco Unified Communications Domain ...)
	NOT-FOR-US: Cisco Unified Communications
CVE-2014-3277 (The Administration GUI in the web framework in VOSS in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-3276 (Cisco Identity Services Engine (ISE) 1.2(.1 patch 2) and earlier does ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-3275 (SQL injection vulnerability in the web framework in Cisco Identity ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-3274 (Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-3273 (The LLDP implementation in Cisco IOS allows remote attackers to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3272 (The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2014-3271 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2014-3270 (The DHCPv6 implementation in Cisco IOS XR allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2014-3269 (The SNMP module in Cisco IOS XE 3.5E allows remote authenticated users ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2014-3268 (Cisco IOS 15.2(4)M4 on Cisco Unified Border Element (CUBE) devices ...)
	NOT-FOR-US: Cisco Unified Border Element
CVE-2014-3267 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3266 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3265 (Cross-site scripting (XSS) vulnerability in the Auto Update Server ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-3264 (Cisco Adaptive Security Appliance (ASA) Software 9.1(.5) and earlier ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-3263 (The ScanSafe module in Cisco IOS 15.3(3)M allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3262 (The Locator/ID Separation Protocol (LISP) implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-3261 (Buffer overflow in the Smart Call Home implementation in Cisco NX-OS ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-3260 (Pacom 1000 CCU and RTU GMS devices allow remote attackers to spoof the ...)
	NOT-FOR-US: Pacom
CVE-2014-3259
	RESERVED
CVE-2014-3258
	RESERVED
CVE-2014-3257
	RESERVED
CVE-2014-3256
	RESERVED
CVE-2014-3255
	RESERVED
CVE-2014-3254
	RESERVED
CVE-2014-3253
	RESERVED
CVE-2014-3252
	RESERVED
CVE-2014-3251 (The MCollective aes_security plugin, as used in Puppet Enterprise ...)
	- mcollective 2.6.0+dfsg-1 (low; bug #758701)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: Mcollective are not configured to use the plugin and are not vulnerable by default.
	NOTE: http://puppetlabs.com/security/cve/cve-2014-3251
CVE-2014-3250 (The default vhost configuration file in Puppet before 3.6.2 does not ...)
	- puppet 3.7.0-1 (low)
	[squeeze] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
	[wheezy] - puppet <not-affected> (Only exploitable in combination with Apache 2.4)
	NOTE: http://puppetlabs.com/security/cve/CVE-2014-3250
CVE-2014-3249 (Puppet Enterprise 2.8.x before 2.8.7 allows remote attackers to obtain ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: http://puppetlabs.com/security/cve/cve-2014-3249
CVE-2014-3248 (Untrusted search path vulnerability in Puppet Enterprise 2.8 before ...)
	- puppet 3.7.0-1 (low)
	[wheezy] - puppet <no-dsa> (Minor issue)
	[squeeze] - puppet <no-dsa> (Minor issue)
	- hiera 1.3.4-1 (low)
	- ruby-hiera <removed> (low)
	[wheezy] - ruby-hiera <no-dsa> (Minor issue)
	- facter 2.0.1-1 (low)
	[wheezy] - facter <no-dsa> (Minor issue)
	[squeeze] - facter <no-dsa> (Minor issue)
	- mcollective 2.5.2+dfsg-1 (low)
	[wheezy] - mcollective <no-dsa> (Minor issue)
	NOTE: http://puppetlabs.com/security/cve/cve-2014-3248
	NOTE: problem in combination with ruby <= 1.9.1
CVE-2014-3247 (Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows ...)
	- collabtive 2.0+dfsg-1 (bug #748828)
	[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3246 (SQL injection vulnerability in Collabtive 1.2 allows remote ...)
	- collabtive 1.2+dfsg-2 (bug #748828)
	[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2014-3245
	RESERVED
CVE-2014-3244 (XML external entity (XXE) vulnerability in the RSSDashlet dashlet in ...)
	NOT-FOR-US: SugarCRM
CVE-2014-3241
	RESERVED
CVE-2014-3240
	RESERVED
CVE-2014-3239
	RESERVED
CVE-2014-3238
	RESERVED
CVE-2014-3237
	RESERVED
CVE-2014-3236
	RESERVED
CVE-2014-3235
	RESERVED
CVE-2014-3234
	RESERVED
CVE-2014-3233
	RESERVED
CVE-2014-3232
	RESERVED
CVE-2014-3231
	RESERVED
CVE-2014-3229
	RESERVED
CVE-2014-3228
	RESERVED
CVE-2014-3227 (dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect ...)
	{DSA-2915-2}
	- dpkg 1.17.9
CVE-2014-3226
	RESERVED
CVE-2014-3224 (Huawei Quidway S9700 V200R003C00SPC500, Quidway S9300 ...)
	NOT-FOR-US: Huawei
CVE-2014-3223 (Huawei S9300 with software before V100R006SPH013 and ...)
	NOT-FOR-US: Huawei
CVE-2014-3222 (In Huawei eSpace Meeting with software V100R001C03SPC201 and the ...)
	NOT-FOR-US: Huawei
CVE-2014-3221 (Huawei Eudemon8000E firewall with software V200R001C01SPC800 and ...)
	NOT-FOR-US: Huawei
CVE-2014-3220 (F5 BIG-IQ Cloud and Security 4.0.0 through 4.1.0 allows remote ...)
	NOT-FOR-US: F5 BIG-IQ
CVE-2013-7383 (x2gocleansessions in X2Go Server before 4.0.0.8 and 4.0.1.x before ...)
	- x2goserver <not-affected> (Fixed with first upload to Debian)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=5a2aa0c36ef7a57d87e3bb6f7c6b2558ed5430f7 (4.0.1.10)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=b03665513ab1969b069c1351fe17cbb8b5fca256 (4.0.0.8)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=8347d3fef0e5cbabe4aa48f503612fa7b9d078f8 (4.0.0.8)
	NOTE: Fixed by: http://code.x2go.org/gitweb?p=x2goserver.git;a=commit;h=bf44925ecccda436caa1cfc34f89eced9c1bd104 (4.0.0.8)
CVE-2013-7375 (SQL injection vulnerability in includes/classes/Authenticate.class.php ...)
	NOT-FOR-US: PHP-Fusion
CVE-2014-3145 (The BPF_S_ANC_NLATTR_NEST extension implementation in the ...)
	{DSA-2949-1 DLA-0015-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
	NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
	NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3144 (The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension ...)
	{DSA-2949-1 DLA-0015-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Upstream fix https://git.kernel.org/linus/05ab8f2647e4221cbdb3856dd7d32bd5407316b3
	NOTE: Introduced by https://git.kernel.org/linus/4738c1db1593687713869fa69e733eebc7b0d6d8
	NOTE: https://git.kernel.org/linus/d214c7537bbf2f247991fb65b3420b0b3d712c67
CVE-2014-3430 (Dovecot 1.1 before 2.2.13 and dovecot-ee before 2.1.7.7 and 2.2.x ...)
	{DSA-2954-1 DLA-0004-1}
	- dovecot 1:2.2.13~rc1-1 (low; bug #747549)
	[squeeze] - dovecot 1:1.2.15-7+deb6u1
	NOTE: http://permalink.gmane.org/gmane.mail.imap.dovecot/77499
CVE-2014-3426 (NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of ...)
	NOT-FOR-US: NCSA Mosaic
CVE-2014-3425 (NCSA Mosaic 2.0 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: NCSA Mosaic
CVE-2014-3424 (lisp/net/tramp-sh.el in GNU Emacs 24.3 and earlier allows local users ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	- xemacs21-packages <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00060.html
CVE-2014-3423 (lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	- xemacs21-packages <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00057.html
CVE-2014-3422 (lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	- xemacs21-packages <not-affected> (Vulnerable code not present)
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00056.html
CVE-2014-3421 (lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users ...)
	- emacs23 <removed> (bug #747100)
	[wheezy] - emacs23 <no-dsa> (Minor issue)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
	- emacs24 24.3+1-4
	NOTE: http://lists.gnu.org/archive/html/emacs-diffs/2014-05/msg00055.html
CVE-2014-9091 (Icecast before 2.4.0 does not change the supplementary group ...)
	- icecast2 2.4.0-1 (low)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	[wheezy] - icecast2 <no-dsa> (Minor issue)
	NOTE: https://trac.xiph.org/changeset/19137/
CVE-2014-3243 (SOAPpy 0.12.5 does not properly detect recursion during entity ...)
	- python-soappy 0.12.22-1 (low; bug #747280)
	[squeeze] - python-soappy <no-dsa> (Minor issue)
	[wheezy] - python-soappy <no-dsa> (Minor issue)
	NOTE: http://www.pnigos.com/?p=260
CVE-2014-3242 (SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a ...)
	- python-soappy 0.12.22-1 (low; bug #747280)
	[squeeze] - python-soappy <no-dsa> (Minor issue)
	[wheezy] - python-soappy <no-dsa> (Minor issue)
	NOTE: http://www.pnigos.com/?p=260
CVE-2014-3225 (Absolute path traversal vulnerability in the web interface in Cobbler ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2014-3219 (fish before 2.1.1 allows local users to write to arbitrary files via a ...)
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
CVE-2014-3218
	RESERVED
CVE-2014-3217
	RESERVED
CVE-2014-3216 (GOM Media Player 2.2.57.5189 and earlier allows remote attackers to ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2014-3215 (seunshare in policycoreutils 2.2.5 is owned by root with 4755 ...)
	- policycoreutils <not-affected> (seunshare not enabled/built in Debian)
CVE-2014-3214 (The prefetch implementation in named in ISC BIND 9.10.0, when a ...)
	- bind9 <not-affected> (prefetch option introduced in BIND 9.10.0b1)
	NOTE: https://kb.isc.org/article/AA-01161
CVE-2014-3213
	RESERVED
CVE-2014-3212
	RESERVED
CVE-2014-3211
	RESERVED
CVE-2014-3210 (SQL injection vulnerability in dopbs-backend-forms.php in the Booking ...)
	NOT-FOR-US: WordPress plugin Booking System
CVE-2014-3208
	RESERVED
CVE-2014-3206 (Seagate BlackArmor NAS allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Seagate
CVE-2014-3205 (backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a ...)
	NOT-FOR-US: Seagate
CVE-2014-3204 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle ...)
	NOT-FOR-US: Unity
CVE-2014-3203 (Unity before 7.2.1, as used in Ubuntu 14.04, does not properly ...)
	NOT-FOR-US: Unity
CVE-2014-3202 (Unity before 7.2.1 does not properly handle entry activation, which ...)
	NOT-FOR-US: Unity
CVE-2014-3201 (core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used ...)
	- chromium-browser 39.0.2171.71-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3200 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3199 (The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2014-3198 (The Instance::HandleInputEvent function in pdf/instance.cc in the ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3197 (The NavigationScheduler::schedulePageBlock function in ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3196 (base/memory/shared_memory_win.cc in Google Chrome before 38.0.2125.101 ...)
	- chromium-browser <not-affected> (Only affects Windows)
CVE-2014-3195 (Google V8, as used in Google Chrome before 38.0.2125.101, does not ...)
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2014-3194 (Use-after-free vulnerability in the Web Workers implementation in ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3193 (The SessionService::GetLastSession function in ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3192 (Use-after-free vulnerability in the ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3191 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3190 (Use-after-free vulnerability in the Event::currentTarget function in ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3189 (The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3188 (Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 ...)
	- chromium-browser 38.0.2125.101-1
	[wheezy] - chromium-browser <end-of-life>
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-3187 (Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS ...)
	- chromium-browser <not-affected> (only affects versions supporting Apple's facetime)
CVE-2014-3186 (Buffer overflow in the picolcd_raw_event function in ...)
	- linux 3.16.5-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=101
	NOTE: Upstream fix: https://git.kernel.org/linus/844817e47eef14141cf59b8d5ac08dd11c0a9189 (v3.17-rc3)
CVE-2014-3185 (Multiple buffer overflows in the command_port_read_callback function ...)
	{DLA-118-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=98
	NOTE: Upstream fix: https://git.kernel.org/linus/6817ae225cd650fb1c3295d769298c38b1eba818 (v3.17-rc3)
CVE-2014-3184 (The report_fixup functions in the HID subsystem in the Linux kernel ...)
	{DLA-246-1}
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <removed>
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=91
	NOTE: Upstream fix: https://git.kernel.org/linus/4ab25786c87eb20857bbb715c3ae34ec8fd6a214 (v3.17-rc2)
CVE-2014-3183 (Heap-based buffer overflow in the logi_dj_ll_raw_request function in ...)
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=90
	NOTE: Upstream fix: https://git.kernel.org/linus/51217e69697fba92a06e07e16f55c9a52d8e8945 (v3.17-rc2)
CVE-2014-3182 (Array index error in the logi_dj_raw_event function in ...)
	- linux 3.16.2-2
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable driver introduced later)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=89
	NOTE: Upstream fix: https://git.kernel.org/linus/ad3e14d7c5268c2e24477c6ef54bbdf88add5d36 (v3.17-rc2)
CVE-2014-3181 (Multiple stack-based buffer overflows in the magicmouse_raw_event ...)
	- linux 3.16.5-1
	[wheezy] - linux 3.2.63-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: https://code.google.com/p/google-security-research/issues/detail?id=100
	NOTE: Upstream fix: https://git.kernel.org/linus/c54def7bd64d7c0b6993336abcffb8444795bf38 (v3.17-rc3)
CVE-2014-3180
	RESERVED
CVE-2014-3179 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3178 (Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3177 (Google Chrome before 37.0.2062.94 does not properly handle the ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3176 (Google Chrome before 37.0.2062.94 does not properly handle the ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3175 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3174 (modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3173 (The WebGL implementation in Google Chrome before 37.0.2062.94 does not ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3172 (The Debugger extension API in ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3171 (Use-after-free vulnerability in the V8 bindings in Blink, as used in ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3170 (extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3169 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3168 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3167 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3166 (The Public Key Pinning (PKP) implementation in Google Chrome before ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3165 (Use-after-free vulnerability in ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3164 (cmds/servicemanager/service_manager.c in Android before commit ...)
	NOT-FOR-US: Android
CVE-2014-3163
	RESERVED
CVE-2014-3162 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3161 (The WebMediaPlayerAndroid::load function in ...)
	NOT-FOR-US: Android
CVE-2014-3160 (The ResourceFetcher::canRequest function in ...)
	{DSA-3039-1}
	- chromium-browser 37.0.2062.120-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3159 (The WebContentsDelegateAndroid::OpenURLFromTab function in ...)
	NOT-FOR-US: Android
CVE-2014-3158 (Integer overflow in the getword function in options.c in pppd in ...)
	{DSA-3079-1 DLA-74-1}
	- ppp 2.4.6-3 (medium; bug #762789)
	NOTE: https://github.com/paulusmack/ppp/commit/7658e8257183f062dc01f87969c140707c7e52cb
	NOTE: http://marc.info/?l=linux-ppp&m=140764978420764
	NOTE: No known exploit yet but potential local privilege escalation to root for users in "dip" group
CVE-2014-3157 (Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3156 (Buffer overflow in the clipboard implementation in Google Chrome ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3155 (net/spdy/spdy_write_queue.cc in the SPDY implementation in Google ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3154 (Use-after-free vulnerability in the ChildThread::Shutdown function in ...)
	{DSA-2959-1}
	- chromium-browser 35.0.1916.153-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-3153 (The futex_requeue function in kernel/futex.c in the Linux kernel ...)
	{DSA-2949-1 DLA-0007-1}
	- linux 3.14.5-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze7
	NOTE: http://thread.gmane.org/gmane.linux.kernel.stable/92357
CVE-2014-3152 (Integer underflow in the LCodeGen::PrepareKeyedOperand function in ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-3151
	RESERVED
CVE-2014-3150 (Livebox 1.1 allows remote authenticated users to upload arbitrary ...)
	NOT-FOR-US: Livebox
CVE-2014-3149 (Cross-site scripting (XSS) vulnerability in Invision Power IP.Board ...)
	NOT-FOR-US: Invision Power IP.Board
CVE-2014-3148 (Cross-site scripting (XSS) vulnerability in libahttp/err.c in OkCupid ...)
	NOT-FOR-US: OkCupid
CVE-2014-3147 (Cross-site scripting (XSS) vulnerability in the auto-complete feature ...)
	NOT-FOR-US: Splunk
CVE-2014-3146 (Incomplete blacklist vulnerability in the lxml.html.clean module in ...)
	{DSA-2941-1 DLA-0009-1}
	- lxml 3.3.5-1 (bug #746812)
	[squeeze] - lxml 2.2.8-2+deb6u1
	NOTE: http://lxml.de/3.3/changes-3.3.5.html
	NOTE: http://seclists.org/fulldisclosure/2014/Apr/210
	NOTE: https://github.com/lxml/lxml/commit/e86b294f1f81b899a59925123560ff924a72f1cc
CVE-2014-3143
	RESERVED
CVE-2014-3142
	RESERVED
CVE-2014-3141
	RESERVED
CVE-2014-3140
	REJECTED
CVE-2014-3139 (recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2014-3138 (SQL injection vulnerability in Xerox DocuShare before 6.53 Patch 6 ...)
	NOT-FOR-US: Xerox DocuShare
CVE-2014-3136
	RESERVED
CVE-2014-3135 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 5.1.1 ...)
	NOT-FOR-US: vBulletin
CVE-2014-3134 (Cross-site scripting (XSS) vulnerability in the InfoView application ...)
	NOT-FOR-US: SAP BusinessObjects
CVE-2014-3133 (SAP Netweaver Java Application Server does not properly restrict ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-3132 (SAP Background Processing does not properly restrict access, which ...)
	NOT-FOR-US: SAP Background Processing
CVE-2014-3131 (SAP Profile Maintenance does not properly restrict access, which ...)
	NOT-FOR-US: SAP Solution Manager
CVE-2014-3130 (The ABAP Help documentation and translation tools (BC-DOC-HLP) in ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-3129 (The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-3209 (The ldns-keygen tool in ldns 1.6.x uses the current umask to set the ...)
	- ldns 1.6.17-4 (low; bug #746758)
	[squeeze] - ldns <no-dsa> (Minor issue)
	[wheezy] - ldns 1.6.13-1+deb7u1
CVE-2014-3230 [HTTPS_CA_DIR or HTTPS_CA_FILE disables peer certificate verification for IO::Socket::SSL]
	RESERVED
	- liblwp-protocol-https-perl 6.04-3 (bug #746579)
	[wheezy] - liblwp-protocol-https-perl <not-affected> (Introduced by bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8 in 6.04)
	NOTE: Introduced by https://github.com/dagolden/lwp-protocol-https/commit/bcc46ce2dab53d2e2baa583f2243d6fc7d36dcc8
	NOTE: CVE assignment for https://github.com/libwww-perl/lwp-protocol-https/pull/14#issuecomment-42328818
CVE-2014-3207 (Cross-site scripting (XSS) vulnerability in wserver.ml in SKS ...)
	- sks 1.1.5-1 (low; bug #746626)
	[squeeze] - sks <no-dsa> (Minor issue)
	[wheezy] - sks 1.1.3-2+deb7u1
	NOTE: https://bitbucket.org/skskeyserver/sks-keyserver/issue/26/unfiltered-xss
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=952077
CVE-2014-3137 (Bottle 0.10.x before 0.10.12, 0.11.x before 0.11.7, and 0.12.x before ...)
	{DSA-2948-1}
	- python-bottle 0.12.6-1 (bug #746322)
	[squeeze] - python-bottle <not-affected> (bug affects versions 0.10.11-1 and 0.12.5-1)
CVE-2014-3128
	RESERVED
CVE-2014-3127 (dpkg 1.15.9 on Debian squeeze introduces support for the &quot;C-style ...)
	{DSA-2915-2}
	- dpkg 1.17.9
CVE-2014-3126
	RESERVED
CVE-2014-3125 (Xen 4.4.x, when running on an ARM system, does not properly context ...)
	- xen <not-affected> (Only 32- and 64-bit ARM systems are affected from Xen 4.4 onwards)
CVE-2014-3124 (The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local ...)
	{DSA-3006-1}
	- xen 4.4.1-1 (bug #757724)
	[squeeze] - xen <not-affected> (Xen versions from 4.1 onwards are vulnerable)
CVE-2014-3123 (Cross-site scripting (XSS) vulnerability in admin/manage-images.php in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2014-3121 (rxvt-unicode before 9.20 does not properly handle OSC escape ...)
	{DSA-2925-1}
	- rxvt-unicode 9.20-1 (bug #746593)
CVE-2014-3120 (The default configuration in Elasticsearch before 1.2 enables dynamic ...)
	- elasticsearch 1.0.3+dfsg-3 (bug #759736)
	NOTE: https://github.com/elasticsearch/elasticsearch/commit/81e83cca
	NOTE: https://github.com/elasticsearch/elasticsearch/issues/5853
CVE-2014-3119
	RESERVED
CVE-2014-3118
	RESERVED
CVE-2014-3117
	RESERVED
CVE-2014-3116
	RESERVED
CVE-2014-3115 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: Fortinet Fortiweb
CVE-2014-3114 (The EZPZ One Click Backup (ezpz-one-click-backup) plugin 12.03.10 and ...)
	NOT-FOR-US: WordPress plugin ezpz-one-click-backup
CVE-2014-3113 (Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 ...)
	NOT-FOR-US: RealPlayer
CVE-2014-3112
	RESERVED
CVE-2014-3110 (Multiple cross-site scripting (XSS) vulnerabilities on Honeywell ...)
	NOT-FOR-US: Honeywell FALCON XLWeb controllor
CVE-2014-3109
	RESERVED
CVE-2014-3108
	RESERVED
CVE-2014-3107
	RESERVED
CVE-2014-3106 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3105 (The OSLC integration feature in the Web component in IBM Rational ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3104 (IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3103 (The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3102 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.0.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3101 (The login form in the Web component in IBM Rational ClearQuest 7.1 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2014-3100 (Stack-based buffer overflow in the encode_key function in ...)
	NOT-FOR-US: Android service KeyStore
CVE-2014-3099 (Unspecified vulnerability in the Security component in IBM Systems ...)
	NOT-FOR-US: IBM Systems Director
CVE-2014-3098
	RESERVED
CVE-2014-3097 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-3096 (Cross-site scripting (XSS) vulnerability in IBM Curam Social Program ...)
	NOT-FOR-US: IBM Curam
CVE-2014-3095 (The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 ...)
	NOT-FOR-US: IBM DB2
CVE-2014-3094 (Stack-based buffer overflow in IBM DB2 9.7 through FP9a, 9.8 through ...)
	NOT-FOR-US: IBM DB2
CVE-2014-3093 (IBM PowerVC 1.2.0 before FP3 and 1.2.1 before FP2 uses cleartext ...)
	NOT-FOR-US: IBM
CVE-2014-3092 (IBM Jazz Team Server, as used in Rational Collaborative Lifecycle ...)
	NOT-FOR-US: IBM
CVE-2014-3091 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-3090 (IBM Rational ClearCase 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2014-3089 (The RDS Java Client library in IBM Rational Directory Server (RDS) ...)
	NOT-FOR-US: IBM Rational Directory Server
CVE-2014-3088 (stconf.nsf in IBM Sametime Meeting Server 8.5.1 relies on the client ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3087 (callService.do in IBM Business Process Manager (BPM) 7.5 through 8.5.5 ...)
	NOT-FOR-US: IBM
CVE-2014-3086 (Unspecified vulnerability in the IBM Java Virtual Machine, as used in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3085 (systest.php on IBM GCM16 and GCM32 Global Console Manager switches ...)
	NOT-FOR-US: IBM
CVE-2014-3084 (IBM Maximo Asset Management 6.1 through 6.5, 7.1 through 7.1.1.13, and ...)
	NOT-FOR-US: IBM
CVE-2014-3083 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.35, 8.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3082
	RESERVED
CVE-2014-3081 (prodtest.php on IBM GCM16 and GCM32 Global Console Manager switches ...)
	NOT-FOR-US: IBM
CVE-2014-3080 (Multiple cross-site scripting (XSS) vulnerabilities on IBM GCM16 and ...)
	NOT-FOR-US: IBM
CVE-2014-3079 (The Administration and Reporting Tool in IBM Rational License Key ...)
	NOT-FOR-US: IBM
CVE-2014-3078
	RESERVED
CVE-2014-3077 (IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x ...)
	NOT-FOR-US: IBM
CVE-2014-3076 (IBM Business Process Manager (BPM) 8.5 through 8.5.5 allows remote ...)
	NOT-FOR-US: IBM
CVE-2014-3075 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM
CVE-2014-3074 (The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2014-3073 (Unspecified vulnerability in IBM Security Access Manager (ISAM) for ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2014-3072 (Unspecified vulnerability in the Automation Server in IBM Security ...)
	NOT-FOR-US: IBM Security AppScan
CVE-2014-3071 (Cross-site scripting (XSS) vulnerability in the Data Quality Console ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-3070 (The addFileRegistryAccount Virtual Member Manager (VMM) SPI Admin Task ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3069 (Multiple CRLF injection vulnerabilities in the Universal Access ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3068 (IBM Java Runtime Environment (JRE) 7 R1 before SR1 FP1 (7.1.1.1), 7 ...)
	NOT-FOR-US: IBM JDK
CVE-2014-3067
	RESERVED
CVE-2014-3066 (IBM Tivoli Endpoint Manager 9.1 before 9.1.1088.0 allows remote ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2014-3065 (Unspecified vulnerability in IBM Java Runtime Environment (JRE) 7 R1 ...)
	NOT-FOR-US: IBM JDK
CVE-2014-3064 (The GDS component in IBM InfoSphere Master Data Management - ...)
	NOT-FOR-US: IBM
CVE-2014-3063 (IBM InfoSphere Master Data Management - Collaborative Edition 10.x ...)
	NOT-FOR-US: IBM
CVE-2014-3062 (Unspecified vulnerability in IBM Security QRadar SIEM 7.1 MR2 and 7.2 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-3061 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris Spend ...)
	NOT-FOR-US: IBM
CVE-2014-3060 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3059 (Unspecified vulnerability in the Administrative Console on the IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3058 (Cross-site request forgery (CSRF) vulnerability on the IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2014-3057 (Cross-site scripting (XSS) vulnerability in the Unified Task List ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3056 (The Unified Task List (UTL) Portlet for IBM WebSphere Portal 7.x and ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3055 (SQL injection vulnerability in the Unified Task List (UTL) Portlet for ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3054 (Multiple open redirect vulnerabilities in the Unified Task List (UTL) ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-3053 (The Local Management Interface (LMI) in IBM Security Access Manager ...)
	NOT-FOR-US: IBM ISAM
CVE-2014-3052 (The reverse-proxy feature in IBM Security Access Manager (ISAM) for ...)
	NOT-FOR-US: IBM ISAM
CVE-2014-3051 (The Internet Service Monitor (ISM) agent in IBM Tivoli Composite ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-3050 (IBM Rational Team Concert (RTC) 3.x before 3.0.1.6 IF3 and 4.x before ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2014-3049
	RESERVED
CVE-2014-3048 (Unspecified vulnerability on the IBM System Storage Virtualization ...)
	NOT-FOR-US: IBM System Storage Virtualization Engine
CVE-2014-3047
	RESERVED
CVE-2014-3046
	RESERVED
CVE-2014-3045 (IBM Scale Out Network Attached Storage (SONAS) 1.3.x and 1.4.x before ...)
	NOT-FOR-US: IBM
CVE-2014-3044
	RESERVED
CVE-2014-3043 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.3.3 allows ...)
	NOT-FOR-US: IBM
CVE-2014-3042 (IBM CICS Transaction Server 3.1, 3.2, 4.1, 4.2, and 5.1 on z/OS does ...)
	NOT-FOR-US: IBM CICS Transaction Serve
CVE-2014-3041 (SQL injection vulnerability in IBM Emptoris Contract Management 9.5.x ...)
	NOT-FOR-US: IBM
CVE-2014-3040 (Cross-site request forgery (CSRF) vulnerability in IBM Emptoris ...)
	NOT-FOR-US: IBM
CVE-2014-3039
	RESERVED
CVE-2014-3038 (IBM SPSS Modeler 16.0 before 16.0.0.1 on UNIX does not properly drop ...)
	NOT-FOR-US: IBM SPSS Modeler
CVE-2014-3037 (Cross-site request forgery (CSRF) vulnerability in IBM Configuration ...)
	NOT-FOR-US: IBM
CVE-2014-3036 (Unspecified vulnerability in IBM API Management 3.0.0.0, when basic ...)
	NOT-FOR-US: IBM API Management
CVE-2014-3035 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Spend ...)
	NOT-FOR-US: IBM
CVE-2014-3034 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Contract ...)
	NOT-FOR-US: IBM
CVE-2014-3033 (Cross-site scripting (XSS) vulnerability in IBM Emptoris Sourcing ...)
	NOT-FOR-US: IBM Emptoris Sourcing Portfolio
CVE-2014-3032 (Cross-site scripting (XSS) vulnerability in the Web GUI in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-3031 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Business ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2014-3030
	RESERVED
CVE-2014-3029
	RESERVED
CVE-2014-3028
	RESERVED
CVE-2014-3027
	RESERVED
CVE-2014-3026 (CRLF injection vulnerability in IBM Maximo Asset Management 7.5 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-3024 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2014-3023
	RESERVED
CVE-2014-3022 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3021 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.35, 8.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-3020 (install.sh in the Embedded WebSphere Application Server (eWAS) 7.0 ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2014-3019 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...)
	NOT-FOR-US: IBM
CVE-2014-3018 (IBM BladeCenter SAS Connectivity Module (aka NSSM) and SAS RAID Module ...)
	NOT-FOR-US: IBM
CVE-2014-3017
	RESERVED
CVE-2014-3016
	RESERVED
CVE-2014-3015 (Cross-site request forgery (CSRF) vulnerability in the Web player in ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3014 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-3013 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Curam ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3012 (Multiple CRLF injection vulnerabilities in IBM Curam Social Program ...)
	NOT-FOR-US: IBM Curam Social Program Management
CVE-2014-3011 (IBM OpenPages GRC Platform 6.1.0.1 before IF4 allows remote attackers ...)
	NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2014-3010 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2014-3009 (The GDS component in IBM InfoSphere Master Data Management - ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-3008 (Unitrends Enterprise Backup 7.3.0 allows remote authenticated users to ...)
	NOT-FOR-US: Unitrends Enterprise Backup
CVE-2014-3007 (Python Image Library (PIL) 1.1.7 and earlier and Pillow 2.3 might ...)
	- pillow 2.4.0-1 (bug #737059)
	- python-imaging <removed>
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	[wheezy] - python-imaging <no-dsa> (Minor issue)
	NOTE: details what is covered exactly by this CVE relating to CVE-2014-1932 and CVE-2014-1933 is missing
CVE-2014-3006 (Sitepark Information Enterprise Server (IES) 2.9 before 2.9.6, when ...)
	NOT-FOR-US: Sitepark Information Enterprise Server
CVE-2014-3005 (XML external entity (XXE) vulnerability in Zabbix 1.8.x before ...)
	- zabbix 1:2.2.5+dfsg-1 (bug #751910)
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://seclists.org/fulldisclosure/2014/Jun/87
	NOTE: Upstream issue tracking https://support.zabbix.com/browse/ZBX-8151
CVE-2014-3004 (The default configuration for the Xerces SAX Parser in Castor before ...)
	NOT-FOR-US: Castor
CVE-2014-3003
	REJECTED
CVE-2014-3002
	RESERVED
CVE-2014-3001 (The device file system (aka devfs) in FreeBSD 10.0 before p2 does not ...)
	- kfreebsd-10 <not-affected>
	NOTE: it is called SA-14:07.devfs in the freebsd world
	NOTE: the devfs rules file is loaded by /etc/init.d/freebsd-utils on boot, so debian never was vulnerable
CVE-2014-3000 (The TCP reassembly function in the inet module in FreeBSD 8.3 before ...)
	{DSA-2952-1}
	- kfreebsd-10 10.0-5 (bug #746949)
	- kfreebsd-9 <removed> (bug #746951)
	- kfreebsd-8 <removed> (bug #746952)
	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-2999
	RESERVED
CVE-2014-2998
	RESERVED
CVE-2014-2997
	RESERVED
CVE-2014-2996 (XCloner Standalone 3.5 and earlier, when enable_db_backup and sql_mem ...)
	NOT-FOR-US: XCloner Standalone
CVE-2014-2995 (Multiple cross-site scripting (XSS) vulnerabilities in twitget.php in ...)
	NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2994 (Stack-based buffer overflow in Acunetix Web Vulnerability Scanner ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2014-2993 (The Birebin.com application for Android does not verify X.509 ...)
	NOT-FOR-US: Birebin.com application for Android
CVE-2014-2992 (The Misli.com application for Android does not verify X.509 ...)
	NOT-FOR-US: Misli.com application for Android
CVE-2014-2991
	RESERVED
CVE-2014-2990
	RESERVED
CVE-2014-2989 (Cross-site request forgery (CSRF) vulnerability in Open Assessment ...)
	NOT-FOR-US: Open Assessment Technologies TAO
CVE-2014-2988 (EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware ...)
	NOT-FOR-US: EGroupware EPL
CVE-2014-2987 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: EGroupware EPL
CVE-2013-7373 (Android before 4.4 does not properly arrange for seeding of the ...)
	NOT-FOR-US: Android
CVE-2013-7372 (The engineNextBytes function in ...)
	NOT-FOR-US: Android
CVE-2011-5279 (CRLF injection vulnerability in the CGI implementation in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2014-3122 (The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel ...)
	{DSA-2926-1 DLA-0015-1}
	- linux 3.14.4-1 (bug #747326)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: Introduced by https://git.kernel.org/linus/b291f000393f5a0b679012b39d79fbc85c018233
	NOTE: Fixed by https://git.kernel.org/linus/57e68e9cd65b4b8eb4045a1e0d0746458502554c (v3.15-rc1)
CVE-2014-3985 (The getHTTPResponse function in miniwget.c in MiniUPnP 1.9 allows ...)
	- miniupnpc 1.6-4 (low; bug #748913)
	[wheezy] - miniupnpc <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1085618
	NOTE: https://github.com/miniupnp/miniupnp/commit/3a87aa2f10bd7f1408e1849bdb59c41dd63a9fe9
	NOTE: http://www.openwall.com/lists/oss-security/2014/04/30/3
CVE-2014-4338 (cups-browsed in cups-filters before 1.0.53 allows remote attackers to ...)
	- cups-filters 1.0.53-1
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7195
CVE-2014-4337 (The process_browse_data function in utils/cups-browsed.c in ...)
	- cups-filters 1.0.53-1
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
CVE-2014-4336 (The generate_local_queue function in utils/cups-browsed.c in ...)
	- cups-filters 1.0.53-1
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: incomplete fix was applied
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7194
CVE-2014-3111 (Multiple cross-site scripting (XSS) vulnerabilities in FOG 0.27 ...)
	NOT-FOR-US: fog cloning solution
CVE-2014-2985
	RESERVED
CVE-2014-2984
	REJECTED
CVE-2014-2982
	RESERVED
CVE-2014-2981
	RESERVED
CVE-2014-2979
	RESERVED
CVE-2014-2978 (The Dispatch_Write function in ...)
	- directfb <not-affected> (Vulnerable code was introduced in 1.4.4)
CVE-2014-2977 (Multiple integer signedness errors in the Dispatch_Write function in ...)
	- directfb <not-affected> (Vulnerable code was introduced in 1.4.13)
CVE-2014-2976 (Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 ...)
	NOT-FOR-US: Sixnet SixView
CVE-2014-2975 (Cross-site scripting (XSS) vulnerability in php/user_account.php in ...)
	NOT-FOR-US: Silver Peak VX
CVE-2014-2974 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Silver Peak VX
CVE-2014-2973
	REJECTED
CVE-2014-2972 (expand.c in Exim before 4.83 expands mathematical comparisons twice, ...)
	- exim4 4.82.1-2 (low)
	[squeeze] - exim4 <no-dsa> (Minor issue)
	[wheezy] - exim4 4.80-7+deb7u1
CVE-2014-2971 (Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in ...)
	NOT-FOR-US: MicroPact iComplaints
CVE-2014-2970
	REJECTED
CVE-2014-2969 (NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a ...)
	NOT-FOR-US: NETGEAR GS108PE Prosafe Plus switches
CVE-2014-2968 (Cross-site scripting (XSS) vulnerability in the web interface on the ...)
	NOT-FOR-US: Huawei E355 CH1E355SM firmware
CVE-2014-2967 (Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers ...)
	NOT-FOR-US: Autodesk VRED Professional
CVE-2014-2966 (The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly ...)
	NOT-FOR-US: Resin Pro
CVE-2014-2965 (Cross-site scripting (XSS) vulnerability in auth-settings-x.php in ...)
	NOT-FOR-US: SpamTitan
CVE-2014-2964 (Cobham Aviator 700D and 700E satellite terminals have hardcoded ...)
	NOT-FOR-US: Cobham Aviator 700D and 700E satellite terminals
CVE-2014-2963 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Liferay Portal
CVE-2014-2962 (Absolute path traversal vulnerability in the webproc cgi module on the ...)
	NOT-FOR-US: Belkin router
CVE-2014-2961
	RESERVED
CVE-2014-2960 (Vision Critical before 2014-05-30 allows attackers to read arbitrary ...)
	NOT-FOR-US: Vision Critical
CVE-2014-2959 (logViewer.htm on the Dell ML6000 tape backup system with firmware ...)
	NOT-FOR-US: Quantum Scalar
CVE-2014-2958
	RESERVED
CVE-2014-2957 (The dmarc_process function in dmarc.c in Exim before 4.82.1, when ...)
	- exim4 4.82.1-1 (unimportant)
	[squeeze] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
	[wheezy] - exim4 <not-affected> (Vulnerable code introduced in 4.82)
	NOTE: https://lists.exim.org/lurker/message/20140528.122536.a31d60a4.en.html
	NOTE: EXPERIMENTAL_DMARC not enabled
CVE-2014-2956 (ScriptHelperApi in the AVG ScriptHelper ActiveX control in ...)
	NOT-FOR-US: AVG Secure Search toolbar and AVG Safeguard
CVE-2014-2955 (Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers ...)
	NOT-FOR-US: Raritan PX
CVE-2014-2954
	RESERVED
CVE-2014-2953
	RESERVED
CVE-2014-2952 [Arbitrary File Deletion as Root in Webmin]
	RESERVED
	NOT-FOR-US: Webmin
	NOTE: https://sites.utexas.edu/iso/2014/09/09/arbitrary-file-deletion-as-root-in-webmin/
CVE-2014-2951 (Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded ...)
	NOT-FOR-US: Datum Systems SnIP
CVE-2014-2950 (Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require ...)
	NOT-FOR-US: Datum Systems SnIP
CVE-2014-2949 (SQL injection vulnerability in the web service in F5 ARX Data Manager ...)
	NOT-FOR-US: F5 ARX Data Manager
CVE-2014-2948 (SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM ...)
	NOT-FOR-US: Bizagi BPM
CVE-2014-2947 (Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM ...)
	NOT-FOR-US: Bizagi BPM
CVE-2014-2946 (Cross-site request forgery (CSRF) vulnerability in api/sms/send-sms in ...)
	NOT-FOR-US: Huawei device
CVE-2014-2945
	REJECTED
CVE-2014-2944
	REJECTED
CVE-2014-2943
	REJECTED
CVE-2014-2942 (Cobham Aviator 700D and 700E satellite terminals use an improper ...)
	NOT-FOR-US: Cobham Aviator
CVE-2014-2941 (** DISPUTED ** Cobham Sailor 6000 satellite terminals have hardcoded ...)
	NOT-FOR-US: Cobham Sailor 6000 satellite terminals
CVE-2014-2940 (Cobham Sailor 900 and 6000 satellite terminals with firmware 1.08 MFHF ...)
	NOT-FOR-US: Cobham Sailor 900 and 6000 satellite terminals
CVE-2014-2939 (Multiple cross-site scripting (XSS) vulnerabilities in Alfresco ...)
	NOT-FOR-US: Alfresco
CVE-2014-2938 (Hanvon FaceID before 1.007.110 does not require authentication, which ...)
	NOT-FOR-US: Hanvon FaceID
CVE-2014-2937
	REJECTED
CVE-2014-2936 (The directory manager in Caldera 9.20 allows remote attackers to ...)
	NOT-FOR-US: Caldera
CVE-2014-2935 (costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows ...)
	NOT-FOR-US: Caldera
CVE-2014-2934 (Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote ...)
	NOT-FOR-US: Caldera
CVE-2014-2933 (Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 ...)
	NOT-FOR-US: Caldera
CVE-2014-2932
	RESERVED
CVE-2014-2931
	RESERVED
CVE-2014-2930
	RESERVED
CVE-2014-2929
	RESERVED
CVE-2014-2928 (The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-2927 (The rsync daemon in F5 BIG-IP 11.6 before 11.6.0, 11.5.1 before HF3, ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2014-2926 (kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before ...)
	NOT-FOR-US: Kaseya Virtual System Administrator
CVE-2014-2925 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ASUS RT series
CVE-2014-2924
	RESERVED
CVE-2014-2923
	RESERVED
CVE-2014-2922 (The getObjectByToken function in Newsletter.php in the ...)
	NOT-FOR-US: pimcore
CVE-2014-2921 (The getObjectByToken function in Newsletter.php in the ...)
	NOT-FOR-US: pimcore
CVE-2014-2920
	RESERVED
CVE-2014-2919
	RESERVED
CVE-2014-2918
	RESERVED
CVE-2014-2917
	RESERVED
CVE-2014-2916 (Cross-site request forgery (CSRF) vulnerability in the subscription ...)
	NOT-FOR-US: subscription page editor
CVE-2014-2914 [remote code execution]
	RESERVED
	- fish 2.1.1-1 (bug #746259)
	[wheezy] - fish <not-affected> (Web interface not yet present)
	[squeeze] - fish <not-affected> (Web interface not yet present)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1438
CVE-2014-2912
	RESERVED
CVE-2014-2911
	RESERVED
CVE-2014-2910
	RESERVED
CVE-2014-2909 (CRLF injection vulnerability in the integrated web server on Siemens ...)
	NOT-FOR-US: Siemens
CVE-2014-2908 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
	NOT-FOR-US: Siemens
CVE-2014-2906 [unsafe temporary file creationg leading to privilege escalation]
	RESERVED
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1437
CVE-2014-2905 (fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly check the ...)
	- fish 2.1.1-1 (low; bug #746259)
	[squeeze] - fish <no-dsa> (Minor issue)
	[wheezy] - fish <no-dsa> (Minor issue)
	NOTE: https://github.com/fish-shell/fish-shell/issues/1436
CVE-2014-2895
	RESERVED
CVE-2014-2891 (strongSwan before 5.1.2 allows remote attackers to cause a denial of ...)
	{DSA-2922-1}
	- strongswan 5.1.2-1
CVE-2014-2887
	RESERVED
CVE-2014-2886 (GKSu 2.0.2, when sudo-mode is not enabled, uses &quot; (double quote) ...)
	- gksu <removed>
	[stretch] - gksu <ignored> (Minor issue)
	[jessie] - gksu <ignored> (Minor issue)
	[wheezy] - gksu <no-dsa> (Minor issue)
	[squeeze] - gksu <no-dsa> (Minor issue)
	NOTE: https://community.rapid7.com/community/metasploit/blog/2014/07/07/virtualbox-filename-command-execution-via-gksu
	NOTE: In Debian libgksu installs two alternatives gconf-defaults.libgksu-sudo
	NOTE: and gconf-defaults.libgksu-su, where the gconf-defaults.libgksu-su is
	NOTE: enabled (in auto mode).
CVE-2014-2883
	RESERVED
CVE-2014-2882 (Unspecified vulnerability in the management GUI in Citrix NetScaler ...)
	NOT-FOR-US: Citrix Netscaler
CVE-2014-2881 (Unspecified vulnerability in the Diffie-Hellman key agreement ...)
	NOT-FOR-US: Citrix Netscaler
CVE-2014-2880 (Open redirect vulnerability in the Oracle Identity Manager component ...)
	NOT-FOR-US: Oracle Identity Manager
CVE-2014-2879 (Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL ...)
	NOT-FOR-US: SonicWALL
CVE-2014-2878
	RESERVED
CVE-2014-2877
	RESERVED
CVE-2014-2876
	RESERVED
CVE-2014-2875
	RESERVED
CVE-2013-7369 (SQL injection vulnerability in an unspecified DLL in the FSDBCom ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2012-6647 (The futex_wait_requeue_pi function in kernel/futex.c in the Linux ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
	NOTE: Upstream fix: https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef
	NOTE: Introduced in https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122
CVE-2012-6646 (F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security ...)
	NOT-FOR-US: F-Secure
CVE-2014-XXXX [Insecure default permissions for ~/.virtualenvs and scripts]
	- virtualenvwrapper 4.3-1 (low; bug #745580)
	[wheezy] - virtualenvwrapper <no-dsa> (Minor issue)
	[squeeze] - virtualenvwrapper <no-dsa> (Minor issue)
CVE-2014-2907 (The srtp_add_address function in epan/dissectors/packet-rtp.c in the ...)
	- wireshark 1.10.7-1 (bug #745595)
	[wheezy] - wireshark <not-affected> (Affects 1.10.x only)
	[squeeze] - wireshark <not-affected> (Affects 1.10.x only)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9885
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-06.html
CVE-2014-2986 (The vgic_distr_mmio_write function in the virtual guest interrupt ...)
	- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2980 (Tools/gdomap.c in gdomap in GNUstep Base 1.24.6 and earlier, when run ...)
	- gnustep-base 1.24.6-1 (bug #745470)
	[wheezy] - gnustep-base 1.22.1-4+deb7u1
	[squeeze] - gnustep-base <no-dsa> (Minor issue)
	NOTE: https://savannah.gnu.org/bugs/?41751
CVE-2014-2915 (Xen 4.4.x, when running on ARM systems, does not properly restrict ...)
	- xen <not-affected> (Only 32-bit and 64-bit ARM systems are vulnerable from Xen 4.4 onwards)
CVE-2014-2913 (** DISPUTED ** Incomplete blacklist vulnerability in nrpe.c in Nagios ...)
	- nagios-nrpe 2.15-1 (unimportant; bug #745272)
	NOTE: This in insecure by design anyway
CVE-2014-2983 (Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate ...)
	{DSA-2914-1 DSA-2913-1}
	- drupal7 7.27-1
	- drupal6 <removed>
	NOTE: https://drupal.org/SA-CORE-2014-002
CVE-2014-2904
	RESERVED
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2903 (CyaSSL does not check the key usage extension in leaf certificates, ...)
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2902
	RESERVED
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2901
	RESERVED
	- cyassl <removed> (bug #770229)
	- wolfssl 3.4.8+dfsg-1 (bug #792646)
	NOTE: wolfssl actually fixed with the initial upload to unstable after the rename
	NOTE: according to maintainer addressed in 3.2.0 upstream
CVE-2014-2900 (wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2899 (wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial ...)
	- cyassl 2.9.4+dfsg-1
CVE-2014-2898
	RESERVED
	- cyassl 2.9.4+dfsg-1
CVE-2014-2897
	RESERVED
	- cyassl 2.9.4+dfsg-1
CVE-2014-2896
	RESERVED
	- cyassl 2.9.4+dfsg-1
CVE-2014-2890 (Cross-site scripting (XSS) vulnerability in the wrap_html function in ...)
	- phpmyid <itp> (bug #492325)
CVE-2014-2888 (lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows ...)
	NOT-FOR-US: Ruby Gem sfpagent
CVE-2014-2885 (Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) ...)
	- truecrypt <itp> (bug #364034)
CVE-2014-2884 (The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt ...)
	- truecrypt <itp> (bug #364034)
CVE-2014-2874 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2873 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2872 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2871 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2870 (The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2869 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2868 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2867 (Unrestricted file upload vulnerability in PaperThin CommonSpot before ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2866 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2865 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2864 (Multiple directory traversal vulnerabilities in PaperThin CommonSpot ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2863 (Multiple absolute path traversal vulnerabilities in PaperThin ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2862 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not check ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2861 (Incomplete blacklist vulnerability in PaperThin CommonSpot before ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2860 (Multiple cross-site scripting (XSS) vulnerabilities in PaperThin ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2859 (PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote ...)
	NOT-FOR-US: PaperThin CommonSpot
CVE-2014-2858 (Directory traversal vulnerability in the Resources plugin 1.0.0 before ...)
	- grails <itp> (bug #473213)
CVE-2014-2857 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
	- grails <itp> (bug #473213)
CVE-2013-7374 (The Ubuntu Date and Time Indicator (aka indicator-datetime) ...)
	NOT-FOR-US: indicator-datetime
CVE-2013-7371 [XSS in the Sencha Labs Connect middleware]
	RESERVED
	- node-connect <not-affected> (Only applies when incomplete fix applied)
	NOTE: CVE for incomplete fix for CVE-2013-7370, fixed in 2.8.2
CVE-2013-7370 [XSS in the Sencha Labs Connect middleware]
	RESERVED
	- node-connect 3.0.0-1 (bug #744374)
CVE-2013-7368 (Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 ...)
	NOT-FOR-US: Gnew
CVE-2014-2892 (Heap-based buffer overflow in the get_answer function in mmsh.c in ...)
	{DSA-2916-1}
	- libmms 0.6.2-4 (bug #745301)
	- xine-lib <not-affected> (mmsh is libmms-specific)
	NOTE: http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8
CVE-2014-2893 (The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and ...)
	- llvm-toolchain-snapshot 1:3.5~svn211669-1 (bug #744817)
	- llvm-toolchain-3.3 <unfixed>
	- llvm-toolchain-3.4 1:3.4.2-1
CVE-2014-2854 (Cross-site scripting (XSS) vulnerability in the SemanticTitle ...)
	NOT-FOR-US: MediaWiki extension SemanticTitle
CVE-2014-2853 (Cross-site scripting (XSS) vulnerability in ...)
	- mediawiki <not-affected> (Vulnerable code not present)
CVE-2014-2852 (OpenAFS before 1.6.7 delays the listen thread when an ...)
	{DSA-2899-1}
	- openafs 1.6.7-1
CVE-2014-2850 (The network interface configuration page (netinterface) in Sophos Web ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2014-2849 (The Change Password dialog box (change_password) in Sophos Web ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2014-2848 (A race condition in the wmi_malware_scan.nbin plugin before ...)
	NOT-FOR-US: Nessus
CVE-2014-2847 (SQL injection vulnerability in default.asp in CIS Manager CMS allows ...)
	NOT-FOR-US: CIS Manager CMS
CVE-2014-2846 (Directory traversal vulnerability in opt/arkeia/wui/htdocs/index.php ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2014-2845 (Cyberduck before 4.4.4 on Windows does not properly validate X.509 ...)
	NOT-FOR-US: Cyberduck on Windows
CVE-2014-2844 (Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure ...)
	NOT-FOR-US: F-Secure Messaging Secure Gateway
CVE-2014-2843
	RESERVED
CVE-2014-2842 (Juniper ScreenOS 6.3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Juniper ScreenOS
CVE-2014-2841
	RESERVED
CVE-2014-2840
	RESERVED
	NOT-FOR-US: TR-069 Auto Configuration Servers
	NOTE: http://mis.fortunecook.ie/misfortune-cookie-tr069-protection-whitepaper.pdf
CVE-2014-2839 (SQL injection vulnerability in the GD Star Rating plugin 19.22 for ...)
	NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2838 (Multiple cross-site request forgery (CSRF) vulnerabilities in the GD ...)
	NOT-FOR-US: GD Star Rating plugin for WordPress
CVE-2014-2837
	RESERVED
CVE-2014-2836
	RESERVED
CVE-2014-2835
	RESERVED
CVE-2014-2834
	RESERVED
CVE-2014-2833
	RESERVED
CVE-2014-2832
	RESERVED
CVE-2014-2831
	RESERVED
CVE-2014-2829 (Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly ...)
	NOT-FOR-US: MongooseIM
CVE-2014-2827 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2826 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2825 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2824 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2823 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2822 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2821 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2820 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2819 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2818 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2817 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2816 (Microsoft SharePoint Server 2013 Gold and SP1 and SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2014-2815 (Microsoft OneNote 2007 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2014-2814 (Microsoft Service Bus 1.1 on Microsoft Windows Server 2008 R2 SP1 and ...)
	NOT-FOR-US: Microsoft Server
CVE-2014-2813 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2812
	REJECTED
CVE-2014-2811 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2810 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2809 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2808 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2807 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2806 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2805
	REJECTED
CVE-2014-2804 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2803 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2802 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2801 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2800 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2798 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2797 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2796 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2795 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2794 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2793
	REJECTED
CVE-2014-2792 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2791 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2790 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2789 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2788 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2787 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2785 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2784 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2783 (Microsoft Internet Explorer 7 through 11 does not prevent use of ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2782 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2781 (Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-2780 (DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-2779 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2014-2778 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2777 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2776 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2775 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2774 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2773 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2772 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2771 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2770 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2769 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2768 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2767 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2765 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2764 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2763 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2762
	REJECTED
CVE-2014-2761 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2759 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2758 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2757 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2756 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2755 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2754 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2753 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-2752 (SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded ...)
	NOT-FOR-US: SAP
CVE-2014-2751 (SAP Print and Output Management has hardcoded credentials, which makes ...)
	NOT-FOR-US: SAP
CVE-2014-2750
	REJECTED
CVE-2014-2749 (The HANA ICM process in SAP HANA allows remote attackers to obtain the ...)
	NOT-FOR-US: SAP
CVE-2014-2748 (The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for ...)
	NOT-FOR-US: SAP
CVE-2014-2747
	RESERVED
CVE-2014-2740
	RESERVED
CVE-2014-2738
	RESERVED
CVE-2014-2737 (SQL injection vulnerability in the get_active_session function in the ...)
	NOT-FOR-US: KnowledgeTree
CVE-2014-2736 (Multiple SQL injection vulnerabilities in MODX Revolution before ...)
	NOT-FOR-US: MODX Revolution
CVE-2014-2735 (WinSCP before 5.5.3, when FTP with TLS is used, does not verify that ...)
	NOT-FOR-US: WinSCP
CVE-2014-2734 (** DISPUTED ** The openssl extension in Ruby 2.x does not properly ...)
	NOTE: considered invalid and should be rejected, see https://gist.github.com/emboss/91696b56cd227c8a0c13
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1091156#c1
CVE-2014-2733 (Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Siemens SINEMA
CVE-2014-2732 (Multiple directory traversal vulnerabilities in the integrated web ...)
	NOT-FOR-US: Siemens SINEMA
CVE-2014-2731 (Multiple unspecified vulnerabilities in the integrated web server in ...)
	NOT-FOR-US: Siemens SINEMA
CVE-2013-7367 (SAP Enterprise Portal does not properly restrict access to the ...)
	NOT-FOR-US: SAP
CVE-2013-7366 (The SAP Software Deployment Manager (SDM), in certain unspecified ...)
	NOT-FOR-US: SAP
CVE-2013-7365 (Cross-site scripting (XSS) vulnerability in SAP Enterprise Portal ...)
	NOT-FOR-US: SAP
CVE-2013-7364 (An unspecified J2EE core service in the J2EE Engine in SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2013-7363 (Unspecified vulnerability in the Diagnostics (SMD) agent in SAP ...)
	NOT-FOR-US: SAP
CVE-2013-7362 (An unspecified RFC function in SAP CCMS Agent allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2013-7361 (Directory traversal vulnerability in SAP CMS and CM Services allows ...)
	NOT-FOR-US: SAP
CVE-2013-7360 (Unspecified vulnerability in SAP adminadapter allows remote attackers ...)
	NOT-FOR-US: SAP
CVE-2013-7359 (Unspecified vulnerability in SAP Mobile Infrastructure allows remote ...)
	NOT-FOR-US: SAP
CVE-2013-7358 (Unspecified vulnerability in SAP Guided Procedures Archive Monitor ...)
	NOT-FOR-US: SAP
CVE-2013-7357 (Unspecified vulnerability in the configuration service in SAP J2EE ...)
	NOT-FOR-US: SAP
CVE-2013-7356 (Unspecified vulnerability in the SAP CCMS / Database Monitors for ...)
	NOT-FOR-US: SAP
CVE-2013-7355 (SQL injection vulnerability in SAP BI Universal Data Integration ...)
	NOT-FOR-US: SAP
CVE-2012-6645 (Cross-site scripting (XSS) vulnerability in the autocomplete ...)
	NOT-FOR-US: Drupal module Finder
CVE-2012-6644 (Multiple cross-site scripting (XSS) vulnerabilities in ClipBucket 2.6 ...)
	NOT-FOR-US: Drupal module ClipBucket
CVE-2012-6643 (Multiple SQL injection vulnerabilities in the update_counter function ...)
	NOT-FOR-US: Drupal module ClipBucket
CVE-2012-6642 (Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows ...)
	NOT-FOR-US: Drupal module ClipBucket
CVE-2011-5278 (SQL injection vulnerability in signature.php in Advanced Forum ...)
	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2011-5277 (Multiple SQL injection vulnerabilities in signature.php in the ...)
	NOT-FOR-US: MyBB plugin Advanced Forum Signatures
CVE-2014-2889 (Off-by-one error in the bpf_jit_compile function in ...)
	- linux 3.2.1-1
	- linux-2.6 3.2.1-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: introduced by https://git.kernel.org/linus/0a14842f5a3c0e88a1e59fac5c3025db39721f74
	NOTE: Upstrem fix in https://git.kernel.org/linus/a03ffcf873fe0f2565386ca8ef832144c42e67fa
CVE-2014-2894 (Off-by-one error in the cmd_smart function in the smart self test in ...)
	{DSA-2933-1 DSA-2932-1}
	- qemu 2.0.0+dfsg-1 (bug #745157)
	[squeeze] - qemu <not-affected> (Vulnerable code not present)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <not-affected> (Vulnerable code not present)
	NOTE: Upstream fix https://lists.nongnu.org/archive/html/qemu-devel/2014-04/msg02016.html
	NOTE: Vulnerable code introduced in 0.11.50: http://git.qemu.org/?p=qemu.git;a=commit;h=e8b54394950f975c1b31d2359cf58ca4d9f51b00
CVE-2014-2855 (The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...)
	- rsync 3.1.0-3 (bug #744791)
	[wheezy] - rsync <not-affected> (Introduced in 3.1.0)
	[squeeze] - rsync <not-affected> (Introduced in 3.1.0)
	NOTE: Introduced with https://git.samba.org/?p=rsync.git;a=commitdiff;h=5ebe9a46d7f3c846a6d665cb8c6ab8b79508a6df
	NOTE: Fix: https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a
CVE-2014-2856 (Cross-site scripting (XSS) vulnerability in scheduler/client.c in ...)
	- cups 1.7.2-1
	[squeeze] - cups 1.4.4-7+squeeze5
	[wheezy] - cups 1.5.3-5+deb7u2
	NOTE: http://www.cups.org/str.php?L4356
CVE-2014-XXXX [node-marked: multiple content injection vulnerabilities]
	- node-marked 0.3.1+dfsg-1
	NOTE: https://nodesecurity.io/advisories/marked_multiple_content_injection_vulnerabilities
CVE-2014-2851 (Integer overflow in the ping_init_sock function in net/ipv4/ping.c in ...)
	{DSA-2926-1}
	- linux 3.14.4-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: https://lkml.org/lkml/2014/4/10/736
	NOTE: Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=b04c46190219a4f845e46a459e3102137b7f6cac
CVE-2014-2830 (Stack-based buffer overflow in cifskey.c or cifscreds.c in cifs-utils ...)
	- cifs-utils <unfixed> (unimportant)
	[squeeze] - cifs-utils <not-affected> (Vulnerable code not present)
	[wheezy] - cifs-utils <not-affected> (pam_cifscreds introduced in 6.3)
	NOTE: cifscreds PAM not built in unstable
CVE-2014-2828 (The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and ...)
	- keystone 2014.1-1
	[wheezy] - keystone <not-affected> (Only affects 2013.1 to 2013.2.3)
	NOTE: https://launchpad.net/bugs/1300274
CVE-2014-2746 (net/IOService.java in Tigase before 5.2.1 does not properly restrict ...)
	NOT-FOR-US: Tigase XMPP Server
CVE-2014-2745 (Prosody before 0.9.4 does not properly restrict the processing of ...)
	{DSA-2895-1}
	- prosody 0.9.4-1
	[squeeze] - prosody <no-dsa> (Minor issue)
	NOTE: http://hg.prosody.im/0.9/rev/a97591d2e1ad
	NOTE: http://hg.prosody.im/0.9/rev/1107d66d2ab2
CVE-2014-2744 (plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) ...)
	{DSA-2895-1}
	- prosody 0.9.4-1
	- lua-expat 1.3.0-1
	[wheezy] - lua-expat 1.2.0-5+deb7u1
	[squeeze] - lua-expat <no-dsa> (Minor issue)
	[squeeze] - prosody <no-dsa> (Minor issue)
	NOTE: http://hg.prosody.im/0.9/rev/b3b1c9da38fb
CVE-2014-2743 (plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does ...)
	NOT-FOR-US: Openfire
CVE-2014-2742 (Isode M-Link before 16.0v7 does not properly restrict the processing ...)
	NOT-FOR-US: Openfire
CVE-2014-2741 (nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 ...)
	NOT-FOR-US: Openfire
CVE-2014-2730 (The XML parser in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-2739 (The cma_req_handler function in drivers/infiniband/core/cma.c in the ...)
	- linux <not-affected> (Introduced and fixed in 3.14)
	- linux-2.6 <not-affected> ((Introduced and fixed in 3.14)
CVE-2014-2729 (Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS ...)
	NOT-FOR-US: Ektron Web Content Management System
CVE-2014-2728
	RESERVED
CVE-2014-2727
	RESERVED
CVE-2012-6641 (Cross-site scripting (XSS) vulnerability in redirect.php in the ...)
	NOT-FOR-US: PrestaShop
CVE-2012-6640 (Cross-site scripting (XSS) vulnerability in Horde Internet Mail ...)
	- php-horde-imp 5.0.22
	- horde3 <removed> (low)
	[squeeze] - horde3 <no-dsa> (Minor issue)
CVE-2014-1985 (Open redirect vulnerability in the redirect_back_or_default function ...)
	- redmine 2.5.1-1 (bug #743828)
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	[wheezy] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: https://github.com/redmine/redmine/commit/7567c3d8b21fe67e5f04e6839c1fce061600f2f3
	NOTE: https://jvn.jp/en/jp/JVN93004610/
CVE-2014-2726
	RESERVED
CVE-2014-2725
	RESERVED
CVE-2014-2724
	RESERVED
CVE-2014-2723
	RESERVED
CVE-2014-2722
	RESERVED
CVE-2014-2721
	RESERVED
CVE-2014-2720 (IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's ...)
	NOT-FOR-US: IZArc Archiver
CVE-2014-2719 (Advanced_System_Content.asp in the ASUS RT series routers with ...)
	NOT-FOR-US: ASUS RT series routers
CVE-2014-2718 (ASUS RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, ...)
	NOT-FOR-US: ASUS routers
CVE-2014-2717 (Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier ...)
	NOT-FOR-US: Honeywell FALCON XLWeb controller
CVE-2014-2716 (Ekahau B4 staff badge tag 5.7 with firmware 1.4.52, Real-Time Location ...)
	NOT-FOR-US: Ekahau Real-Time Location Tracking System
CVE-2014-2715 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Drupal plugin
CVE-2014-2714 (The Enhanced Web Filtering (EWF) in Juniper Junos before 10.4R15, 11.4 ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2713 (Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2712 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2711 (Cross-site scripting (XSS) vulnerability in J-Web in Juniper Junos ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver ...)
	NOT-FOR-US: Oliver (formerly Webshar)
CVE-2014-2705
	RESERVED
CVE-2014-2704
	RESERVED
CVE-2014-2703
	RESERVED
CVE-2014-2702
	RESERVED
CVE-2014-2701
	RESERVED
CVE-2014-2700
	RESERVED
CVE-2014-2699
	RESERVED
CVE-2014-2698
	RESERVED
CVE-2014-2697
	RESERVED
CVE-2014-2696
	RESERVED
CVE-2014-2695
	RESERVED
CVE-2014-2694
	RESERVED
CVE-2014-2693
	RESERVED
CVE-2014-2692
	RESERVED
CVE-2014-2691
	RESERVED
CVE-2014-2690 (Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows ...)
	NOT-FOR-US: Citrix VDI-in-a-Box
CVE-2014-2689 (Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier ...)
	NOT-FOR-US: Offiria
CVE-2014-2688
	RESERVED
CVE-2014-2687
	RESERVED
CVE-2013-7354 (Multiple integer overflows in libpng before 1.5.14rc03 allow remote ...)
	- libpng <not-affected> (Only affects 1.5 and later)
	NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/
	NOTE: http://sourceforge.net/p/libpng/bugs/199/
	- libpng1.6 1.6.10-1
CVE-2013-7353 (Integer overflow in the png_set_unknown_chunks function in ...)
	- libpng <not-affected> (Only affects 1.5 and later)
	NOTE: http://sourceforge.net/p/png-mng/mailman/message/32215052/
	NOTE: http://sourceforge.net/p/libpng/bugs/199/
	- libpng1.6 1.6.10-1
CVE-2013-7352 (Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in ...)
	NOT-FOR-US: b2evolution
CVE-2013-7350 (Multiple unspecified vulnerabilities in Check Point Security Gateway ...)
	NOT-FOR-US: Check Point Security Gateway
CVE-2013-7349 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote ...)
	NOT-FOR-US: Gnew
CVE-2009-5141 (Format string vulnerability in War FTP Daemon (warftpd) 1.82 RC 12 ...)
	NOT-FOR-US: War FTP Daemon
CVE-2014-5880
	REJECTED
CVE-2014-2709 (lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #743565)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #743565)
	NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
	NOTE: CVE for all changes to lib/rrd.php to add cacti_escapeshellarg calls
CVE-2014-2708 (Multiple SQL injection vulnerabilities in graph_xport.php in Cacti ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #743565)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #743565)
	NOTE: http://bugs.cacti.net/view.php?id=2405 (not yet public)
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7439
	NOTE: CVE for all changes to graph_xport.php to ensure that data is numeric
CVE-2014-2707 (cups-browsed in cups-filters 1.0.41 before 1.0.51 allows remote IPP ...)
	- cups-filters 1.0.51-1 (bug #743470)
	[wheezy] - cups-filters <not-affected> (vulnerable code not present)
	NOTE: Introduced in at least 1.0.41
CVE-2014-2706 (Race condition in the mac80211 subsystem in the Linux kernel before ...)
	- linux 3.13.7-1 (low)
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba
CVE-2014-2686
	RESERVED
CVE-2014-2680
	RESERVED
CVE-2014-2679
	RESERVED
CVE-2014-2677
	RESERVED
CVE-2014-2676
	RESERVED
CVE-2014-2675 (Cross-site request forgery (CSRF) vulnerability in inc/AdminPage.php ...)
	NOT-FOR-US: WP HTML Sitemap plugin for WordPress
CVE-2014-2674 (Directory traversal vulnerability in the Ajax Pagination (twitter ...)
	NOT-FOR-US: Ajax Pagination (twitter Style) plugin for WordPress
CVE-2014-2671 (Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2014-2670 (Cross-site scripting (XSS) vulnerability in Properties.do in ZOHO ...)
	NOT-FOR-US: ZOHO ManageEngine OpStor
CVE-2014-2666
	RESERVED
CVE-2014-2664 (Unrestricted file upload vulnerability in the ...)
	NOT-FOR-US: X2Engine X2CR
CVE-2014-2663
	RESERVED
CVE-2014-2662
	RESERVED
CVE-2014-2661
	RESERVED
CVE-2014-2660
	RESERVED
CVE-2014-2659 (Cross-site request forgery (CSRF) vulnerability in the admin UI in ...)
	NOT-FOR-US: Papercut MF/NG
	NOTE: This is not the papercut NNTP server.
CVE-2014-2658 (Unspecified vulnerability in Papercut MF and NG before 14.1 (Build ...)
	NOT-FOR-US: PaperCut MF
CVE-2014-2657 (Unspecified vulnerability in the print release functionality in ...)
	NOT-FOR-US: PaperCut MF
CVE-2014-2654 (Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and ...)
	NOT-FOR-US: MobFox mAdserve
CVE-2013-7346 (Cross-site request forgery (CSRF) vulnerability in Symphony CMS before ...)
	NOT-FOR-US: Symphony CMS
CVE-2013-7351 [several XSS]
	RESERVED
	- shaarli 0.0.41~beta~dfsg2-4 (bug #743252)
	NOTE: https://github.com/sebsauvage/Shaarli/commit/53da201749f8f362323ef278bf338f1d9f7a925a
CVE-2014-2685 (The GenericConsumer class in the Consumer component in ZendOpenId ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2684 (The GenericConsumer class in the Consumer component in ZendOpenId ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-02
CVE-2014-2683 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2682 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2681 (Zend Framework 1 (ZF1) before 1.12.4, Zend Framework 2 before 2.1.6 ...)
	{DSA-3265-1 DLA-251-1}
	- zendframework 1.12.5-0.1 (bug #743175)
	NOTE: http://framework.zend.com/security/advisory/ZF2014-01
CVE-2014-2678 (The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel ...)
	{DLA-0015-1}
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: https://lkml.org/lkml/2014/3/29/188
CVE-2014-2673 (The arch_dup_task_struct function in the Transactional Memory (TM) ...)
	- linux 3.13.7-1
	[wheezy] - linux <not-affected> (Introduced in 3.4)
	- linux-2.6 <not-affected> (Introduced in 3.4)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=621b5060e823301d0cba4cb52a7ee3491922d291
	NOTE: only affects powerpc architecture
CVE-2014-2672 (Race condition in the ath_tx_aggr_sleep function in ...)
	- linux 3.13.7-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8
CVE-2014-2669 (Multiple integer overflows in contrib/hstore/hstore_io.c in PostgreSQL ...)
	{DSA-2865-1}
	- postgresql-9.1 9.1.12-1
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (9.x branch only)
	[squeeze] - postgresql-8.4 <not-affected> (9.x branch only)
	- postgresql-9.3 9.3.3-1
CVE-2014-2668 (Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a ...)
	- couchdb <removed> (low; bug #788962)
	[wheezy] - couchdb <no-dsa> (Minor issue)
	[squeeze] - couchdb <no-dsa> (Minor issue)
	NOTE: High resource usage in CPU and memory while query is active. No crash for deamon in 1.4.0-3+b1 and 1.2.0-5 versions.
	NOTE: http://git-wip-us.apache.org/repos/asf?p=couchdb.git;a=commitdiff_plain;h=0fb5aa9e67bd291ca2638dba961f4ddd3f6ccb3e;hp=198bea3479dfecac13ab1a3e95f902b8eba02f7d
CVE-2014-2667 (Race condition in the _get_masked_mode function in Lib/os.py in Python ...)
	- python3.1 <removed>
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 <removed>
	- python3.4 3.4.1-1
	- python2.5 <not-affected> (Only affects Python 3.x)
	- python2.6 <not-affected> (Only affects Python 3.x)
	- python2.7 <not-affected> (Only affects Python 3.x)
CVE-2014-2665 (includes/specials/SpecialChangePassword.php in MediaWiki before ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.14+dfsg-1 (bug #742857)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=62497
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-March/000145.html
CVE-2014-2656
	REJECTED
CVE-2014-2655 (SQL injection vulnerability in the gen_show_status function in ...)
	{DSA-2889-1}
	- postfixadmin 2.3.5-3
	NOTE: http://sourceforge.net/p/postfixadmin/code/1650
CVE-2014-2653 (The verify_host_key function in sshconnect.c in the client in OpenSSH ...)
	{DSA-2894-1}
	- openssh 1:6.6p1-1 (low; bug #742513)
CVE-2014-2652 (SQL injection vulnerability in OpenScape Deployment Service (DLS) ...)
	NOT-FOR-US: OpenScape Deployment Service
CVE-2014-2651
	RESERVED
CVE-2014-2650
	RESERVED
CVE-2014-2649 (Unspecified vulnerability in HP Operations Manager 9.20 on UNIX allows ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2648 (Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2647 (Cross-site scripting (XSS) vulnerability in HP Operations Agent in HP ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2646 (Unspecified vulnerability in HP Network Automation 9.10 and 9.20 ...)
	NOT-FOR-US: HP Network Automation
CVE-2014-2645 (HP Systems Insight Manager (SIM) before 7.4 allows remote attackers to ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2644 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2643 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2014-2642 (HP System Management Homepage (SMH) before 7.4 allows remote attackers ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2014-2641 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2014-2640 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2014-2639 (Unspecified vulnerability in HP MPIO Device Specific Module Manager ...)
	NOT-FOR-US: HP MPIO Device
CVE-2014-2638 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2637 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2636 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2635 (Unspecified vulnerability in HP Sprinter 12.01 allows remote attackers ...)
	NOT-FOR-US: HP Sprinter
CVE-2014-2634 (Unspecified vulnerability in the server in HP Service Manager (SM) ...)
	NOT-FOR-US: HP Service Manager
CVE-2014-2633 (Cross-site request forgery (CSRF) vulnerability in the server in HP ...)
	NOT-FOR-US: HP Service Manager
CVE-2014-2632 (Unspecified vulnerability in the WebTier component in HP Service ...)
	NOT-FOR-US: HP Service Manager
CVE-2014-2631 (Unspecified vulnerability in HP Application Lifecycle Management (aka ...)
	NOT-FOR-US: HP Application Lifecycle Management / Quality Center
CVE-2014-2630 (Unspecified vulnerability in HP Operations Agent 11.00, when Glance is ...)
	NOT-FOR-US: HP Operations Agent
CVE-2014-2629 (HP NonStop Safeguard Security Software G, H06.03 through H06.28.01, ...)
	NOT-FOR-US: HP NonStop Safeguard Security Software
CVE-2014-2628 (Unspecified vulnerability in HP Enterprise Maps 1 allows remote ...)
	NOT-FOR-US: HP Enterprise Maps
CVE-2014-2627 (Unspecified vulnerability in HP NonStop NetBatch G06.14 through ...)
	NOT-FOR-US: HP NonStop NetBatch
CVE-2014-2626 (Directory traversal vulnerability in the toServerObject function in HP ...)
	NOT-FOR-US: HP Network Virtualization
CVE-2014-2625 (Directory traversal vulnerability in the storedNtxFile function in HP ...)
	NOT-FOR-US: HP Network Virtualization
CVE-2014-2624 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2014-2623 (Unspecified vulnerability in HP Storage Data Protector 8.x allows ...)
	NOT-FOR-US: HP Data Protector
CVE-2014-2622 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2621 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2620 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2619 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2618 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2014-2617 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
	NOT-FOR-US: HP Universal CMDB
CVE-2014-2616 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
	NOT-FOR-US: HP Universal CMDB
CVE-2014-2615 (Unspecified vulnerability in HP Universal CMDB 10.01 and 10.10 allows ...)
	NOT-FOR-US: HP Universal CMDB
CVE-2014-2614 (Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and ...)
	NOT-FOR-US: HP SiteScope
CVE-2014-2613 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
	NOT-FOR-US: HP Release Control
CVE-2014-2612 (Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and ...)
	NOT-FOR-US: HP Release Control
CVE-2014-2611 (Directory traversal vulnerability in the fndwar web application in HP ...)
	NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2610 (Directory traversal vulnerability in the Content Acceleration Pack ...)
	NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2609 (The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and ...)
	NOT-FOR-US: HP Software Executive Scorecard
CVE-2014-2608 (Unspecified vulnerability in HP Smart Update Manager 6.x before 6.4.1 ...)
	NOT-FOR-US: HP Smart Update Manager
CVE-2014-2607 (Unspecified vulnerability in HP Operations Manager i 9.1 through 9.13 ...)
	NOT-FOR-US: HP Operations Manager
CVE-2014-2606 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and ...)
	NOT-FOR-US: HP StoreVirtual
CVE-2014-2605 (Unspecified vulnerability in HP StoreVirtual 4000 Storage and ...)
	NOT-FOR-US: HP StoreVirtual
CVE-2014-2604 (Unspecified vulnerability in HP IceWall SSO 10.0 Dfw and IceWall MCRP ...)
	NOT-FOR-US: HP IceWall
CVE-2014-2603 (Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and ...)
	NOT-FOR-US: HP
CVE-2014-2602 (Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote ...)
	NOT-FOR-US: HP OneView
CVE-2014-2601 (The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier ...)
	NOT-FOR-US: HP
CVE-2014-2600 (Unspecified vulnerability in HP IceWall Identity Manager 4.0 through ...)
	NOT-FOR-US: HP
CVE-2014-2598 (Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post ...)
	NOT-FOR-US: Quick Page/Post Redirect plugin for WordPress
CVE-2014-2597 (PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a ...)
	NOT-FOR-US: PCNetSoftware RAC Server
CVE-2014-2596
	RESERVED
CVE-2014-2595
	RESERVED
CVE-2014-2594
	RESERVED
CVE-2014-2593 (The management console in Aruba Networks ClearPass Policy Manager ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-2592 (Unrestricted file upload vulnerability in Aruba Web Management portal ...)
	NOT-FOR-US: Aruba Web Management portal
CVE-2014-2591 (Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 ...)
	NOT-FOR-US: AIX
CVE-2014-2590 (The web management interface in Siemens RuggedCom ROS before 3.11, ROS ...)
	NOT-FOR-US: Siemens RuggedCom ROS
CVE-2014-2589 (Cross-site scripting (XSS) vulnerability in the Dashboard Backend ...)
	NOT-FOR-US: SonicWall
CVE-2014-2588 (Directory traversal vulnerability in servlet/downloadReport in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2014-2587 (SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2014-2586 (Cross-site scripting (XSS) vulnerability in the login audit form in ...)
	NOT-FOR-US: McAfee
CVE-2014-2584
	RESERVED
CVE-2014-2583 (Multiple directory traversal vulnerabilities in pam_timestamp.c in the ...)
	- pam 1.1.8-3.1 (low; bug #757555)
	[wheezy] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
	NOTE: Fix: https://git.fedorahosted.org/cgit/linux-pam.git/commit/?id=Linux-PAM-1_1_8-32-g9dcead8
CVE-2014-2582
	RESERVED
CVE-2014-2579 (Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner ...)
	NOT-FOR-US: WordPress plugin xcloner
CVE-2014-2578 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk Web
CVE-2014-2577 (Multiple cross-site scripting (XSS) vulnerabilities in the Transform ...)
	NOT-FOR-US: Transform Foundation server
CVE-2014-2575 (Directory traversal vulnerability in the File Manager component in ...)
	NOT-FOR-US: ASP.NET WebForms and MVC
CVE-2014-2574
	RESERVED
CVE-2014-2570 (Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP ...)
	- php-font-lib <unfixed> (unimportant)
	NOTE: make_subset.php installed to examples
	NOTE: http://seclists.org/bugtraq/2014/Mar/128
CVE-2014-2569
	RESERVED
CVE-2014-2566
	RESERVED
CVE-2014-2565 (The commandline interface in Blue Coat Content Analysis System (CAS) ...)
	NOT-FOR-US: Blue Coat Content Analysis System
CVE-2014-2564
	RESERVED
CVE-2014-2563
	RESERVED
CVE-2014-2562
	RESERVED
CVE-2014-2561
	RESERVED
CVE-2014-2560
	RESERVED
CVE-2014-2559 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin Twitget
CVE-2014-2558 (The File Gallery plugin before 1.7.9.2 for WordPress does not properly ...)
	NOT-FOR-US: WordPress plugin file-gallery
CVE-2014-2557
	RESERVED
CVE-2014-2556
	RESERVED
CVE-2014-2555
	RESERVED
CVE-2014-2554 (OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 ...)
	{DLA-1119-1}
	- otrs2 3.3.6-1
	[squeeze] - otrs2 <no-dsa> (Minor issue)
	NOTE: https://www.otrs.com/security-advisory-2014-05-clickjacking-issue/
CVE-2014-2553 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-1119-1}
	- otrs2 3.3.6-1
	[squeeze] - otrs2 <no-dsa> (Minor issue)
CVE-2014-2552 (Brookins Consulting (BC) Collected Information Export extension for eZ ...)
	NOT-FOR-US: Brookins Consulting (BC) Collected Information Export extension
CVE-2014-2551
	RESERVED
CVE-2014-2550 (Cross-site request forgery (CSRF) vulnerability in the Disable ...)
	NOT-FOR-US: Disable Comments plugin for WordPress
CVE-2014-2549
	RESERVED
CVE-2014-2548
	RESERVED
CVE-2014-2547
	RESERVED
CVE-2014-2546
	RESERVED
CVE-2014-2545 (TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File ...)
	NOT-FOR-US: TIBCO
CVE-2014-2544 (Unspecified vulnerability in Spotfire Web Player Engine, Spotfire ...)
	NOT-FOR-US: Spotfire
CVE-2014-2543 (Buffer overflow in the Rendezvous Daemon (rvd), Rendezvous Routing ...)
	NOT-FOR-US: TIBCO
CVE-2014-2542 (Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon ...)
	NOT-FOR-US: TIBCO
CVE-2014-2541 (The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), ...)
	NOT-FOR-US: TIBCO
CVE-2014-2540 (SQL injection vulnerability in OrbitScripts Orbit Open Ad Server ...)
	NOT-FOR-US: Orbit Open Ad Server
CVE-2014-2539
	RESERVED
CVE-2014-2537 (Memory leak in the TCP stack in the kernel in Sophos UTM before 9.109 ...)
	NOT-FOR-US: Sophos UTM
CVE-2014-2536 (Directory traversal vulnerability in McAfee Cloud Identity Manager ...)
	NOT-FOR-US: McAfee Cloud Identity Manager
CVE-2014-2535 (Directory traversal vulnerability in McAfee Web Gateway (MWG) 7.4.x ...)
	NOT-FOR-US: McAfee Web Gateway
CVE-2014-2534 (/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...)
	NOT-FOR-US: BlackBerry
CVE-2014-2533 (/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows ...)
	NOT-FOR-US: BlackBerry
CVE-2014-2531 (SQL injection vulnerability in xhr.php in InterWorx Web Control Panel ...)
	NOT-FOR-US: InterWorx Control Panel
CVE-2014-2530
	RESERVED
CVE-2014-2529
	RESERVED
CVE-2014-2526 (Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive ...)
	NOT-FOR-US: BarracudaDrive
CVE-2014-2525 (Heap-based buffer overflow in the yaml_parser_scan_uri_escapes ...)
	{DSA-2885-1 DSA-2884-1}
	- libyaml 0.1.4-3.2 (bug #742732)
	- libyaml-libyaml-perl 0.41-5
	NOTE: http://www.ocert.org/advisories/ocert-2014-003.html
CVE-2014-2521 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2520 (EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2519 (The default configuration of EMC RecoverPoint Appliance (RPA) 4.1 ...)
	NOT-FOR-US: EMC RecoverPoint Appliance
CVE-2014-2518 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC ...)
	NOT-FOR-US: EMC Documentum
CVE-2014-2517 (Unspecified vulnerability in EMC RSA Archer GRC Platform 5.x before ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-2516 (Open redirect vulnerability in EMC RSA Authentication Manager 8.x ...)
	NOT-FOR-US: EMC RSA Authentication Manager
CVE-2014-2515 (EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, ...)
	NOT-FOR-US: EMC Documentum
CVE-2014-2514 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2513 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P15, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2512 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2014-2511 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum
CVE-2014-2510 (The JAXB XML parser in EMC Documentum Foundation Services (DFS) 6.6 ...)
	NOT-FOR-US: EMC Documentum Foundation Services
CVE-2014-2509 (Session fixation vulnerability in the Report Advisor (RA) component in ...)
	NOT-FOR-US: EMC NCM
CVE-2014-2508 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2507 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2506 (EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-2505 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-2504 (EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, ...)
	NOT-FOR-US: EMC Documentum D2
CVE-2014-2503 (The thumbnail proxy server in EMC Documentum Digital Asset Manager ...)
	NOT-FOR-US: EMC Documentum Digital Asset Manager
CVE-2014-2502 (Cross-site scripting (XSS) vulnerability in rsa_fso.swf in EMC RSA ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication
CVE-2014-2501
	RESERVED
CVE-2014-2500
	RESERVED
CVE-2014-2499
	RESERVED
CVE-2014-2498
	RESERVED
CVE-2013-7348 (Double free vulnerability in the ioctx_alloc function in fs/aio.c in ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (Introduced and fixed in 3.13 series)
	- linux-2.6 <not-affected> (Introduced and fixed in 3.13 series)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=d558023207e008a4476a3b7bb8706b2a2bf5d84f
CVE-2013-7347 (Luci in Red Hat Conga does not properly enforce the user session ...)
	NOT-FOR-US: Red Hat Conga
CVE-2013-7344 (Unspecified vulnerability in core/settings.php in ownCloud before ...)
	- owncloud 5.0.3+dfsg-1
CVE-2013-7343 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the ...)
	NOT-FOR-US: Flowplayer
	NOTE: Present in the source in some Moodle packages, see #736800
CVE-2013-7342 (Cross-site scripting (XSS) vulnerability in flowplayer.swf in the ...)
	NOT-FOR-US: Flowplayer
	NOTE: Present in the source in some Moodle packages, see #736800
CVE-2013-7340 (VideoLAN VLC Media Player before 2.0.7 allows remote attackers to ...)
	- vlc 2.2.0~rc2-1 (unimportant)
	NOTE: No security impact
	NOTE: Might be fixed earlier than 2.2.0~rc2, but only that version was checked
CVE-2013-7337
	RESERVED
CVE-2011-5276 (SQL injection vulnerability in the drawAdminTools_PackageInstaller ...)
	- dtc 0.34.1-1
CVE-2011-5275 (The install script in Domain Technologie Control (DTC) before 0.34.1 ...)
	- dtc 0.34.1-1
CVE-2011-5274 (The drawAdminTools_PackageInstaller function in ...)
	- dtc 0.34.1-1
CVE-2011-5273 (Directory traversal vulnerability in shared/package-installer in ...)
	- dtc 0.34.1-1
CVE-2011-5272 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
	- dtc 0.34.1-1
CVE-2009-5140
	RESERVED
CVE-2009-5139
	RESERVED
CVE-2014-2599 (The HVMOP_set_mem_access HVM control operations in Xen 4.1.x for ...)
	{DSA-3006-1}
	- xen 4.4.1-1 (bug #757724)
	[squeeze] - xen <not-affected> (Only affects 4.1 and later)
CVE-2014-2585 (ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2580 (The netback driver in Xen, when using certain Linux versions that do ...)
	- linux 3.13.10-1
	[wheezy] - linux <not-affected> (Introduced in 3.12)
	- linux-2.6 <not-affected> (Introduced in 3.12)
	NOTE: upstream patch: https://git.kernel.org/cgit/linux/kernel/git/davem/net-next.git/commit/?id=e9d8b2c2968499c1f96563e6522c56958d5a1d0d (first included in v3.15-rc1).
CVE-2014-2532 (sshd in OpenSSH before 6.6 does not properly support wildcards on ...)
	{DSA-2894-1}
	- openssh 1:6.6p1-1
	NOTE: Default sshd_config in Debian has AcceptEnv LANG LC_*
	NOTE: http://marc.info/?l=openbsd-security-announce&m=139492048027313&w=2
CVE-2014-2581 [credentials cache leak]
	RESERVED
	- smb4k 1.1.2-1 (low; bug #742816)
	[wheezy] - smb4k <no-dsa> (Minor issue)
	[squeeze] - smb4k <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/projects/smb4k/files/Smb4K%20%28stable%20releases%29/1.1.1/
CVE-2014-2576 (plugins/rssyl/feed.c in Claws Mail before 3.10.0 disables the ...)
	- claws-mail 3.10.1-1 (bug #742695)
	[wheezy] - claws-mail <not-affected> (rssyl plugin in separate source package)
	[squeeze] - claws-mail <not-affected> (rssyl plugin in separate source package)
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=3106
	- claws-mail-extra-plugins <removed>
	[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
CVE-2014-2573 (The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 ...)
	- nova 2014.1-9 (bug #750144)
	[wheezy] - nova <not-affected> (Vulnerable code in 2013.2 to 2013.2.2)
	NOTE: https://bugs.launchpad.net/nova/+bug/1269418
CVE-2014-2568 (Use-after-free vulnerability in the nfqnl_zcopy function in ...)
	- linux 3.13.7-1
	- linux-2.6 <not-affected> (Introduced in 3.10 commit ae08ce002108)
	[wheezy] - linux <not-affected> (Introduced in 3.10 commit ae08ce002108)
	NOTE: Upstream path: https://lkml.org/lkml/2014/3/20/421
CVE-2014-2567 (The OpenConnectionTask::handleStateHelper function in ...)
	NOT-FOR-US: Trojita
CVE-2014-2538 (Cross-site scripting (XSS) vulnerability in lib/rack/ssl.rb in the ...)
	- ruby-rack-ssl 1.3.2-4 (low; bug #742186)
	[wheezy] - ruby-rack-ssl <no-dsa> (Minor issue)
	NOTE: https://github.com/josh/rack-ssl/commit/9d7d7300b907e496db68d89d07fbc2e0df0b487b
CVE-2014-2528 (kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when ...)
	- k4dirstat 2.7.5-1 (bug #741659)
	[wheezy] - k4dirstat <no-dsa> (Minor issue)
	- kdirstat <removed>
	[squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-2527 (kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when ...)
	- k4dirstat <not-affected> (Uses single quotes for affected code)
	- kdirstat <removed> (low)
	[squeeze] - kdirstat <no-dsa> (Minor issue)
CVE-2014-2571 (Cross-site scripting (XSS) vulnerability in the quiz_question_tostring ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-7341 (Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2014-2572 (mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2014-2524 (The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 ...)
	- readline6 6.3-7 (low; bug #741953)
	[wheezy] - readline6 <no-dsa> (Minor issue)
	[squeeze] - readline6 <no-dsa> (Minor issue)
CVE-2014-2523 (net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through ...)
	{DSA-2906-1}
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/nf_conntrack_proto_dccp.c?id=b22f5126a24b3b2f15448c3f2a254fc10cbc2b92
CVE-2014-2522 (curl and libcurl 7.27.0 through 7.35.0, when running on Windows and ...)
	- curl <not-affected> (Only present in code only running on Windows)
CVE-2014-2497 (The gdImageCreateFromXpm function in gdxpm.c in libgd, as used in PHP ...)
	{DSA-3215-1 DLA-189-1}
	- php5 5.6.0~rc4+dfsg-1
	[wheezy] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
	[squeeze] - php5 <not-affected> (imagecreatefromxpm function not in used gd extension)
	- libgd2 2.1.0-4 (low; bug #744719)
	NOTE: http://web.archive.org/web/20150221193227/http://net-ninja-mr.me/2014/03/14/php-gd-v5-4-17-2-color-visual-null-pointer-dereference/
CVE-2014-2496 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle
CVE-2014-2495 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Purchasing ...)
	NOT-FOR-US: Oracle
CVE-2014-2494 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2985-1}
	- mysql-5.5 5.5.39-1 (bug #754941)
	- mysql-5.1 <not-affected> (Only affects 5.5 and later)
	- mariadb-5.5 5.5.38-1 (bug #754940)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- percona-xtradb-cluster-5.5 5.5.39-25.11+dfsg-1
CVE-2014-2493 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-2492 (Unspecified vulnerability in the Oracle Agile Product Collaboration ...)
	NOT-FOR-US: Oracle
CVE-2014-2491 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle
CVE-2014-2490 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
	{DSA-2987-1 DSA-2980-1 DLA-96-1}
	- openjdk-6 6b32-1.13.4-1
	NOTE: http://hg.openjdk.java.net/jdk6/jdk6/hotspot/rev/dd7d490e72af
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/02f12a9d5aec
CVE-2014-2489 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DLA-313-1}
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
CVE-2014-2488 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DLA-313-1}
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
CVE-2014-2487 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox <not-affected> (Only applies if VBox is running on Windows)
	- virtualbox-ose <not-affected> (Only applies if VBox is running on Windows)
CVE-2014-2486 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DLA-313-1}
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Specific details withheld, but CVSS score indicates low impact)
CVE-2014-2485 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-2484 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.6)
	- mariadb-5.5 <not-affected> (Only affects 5.6)
	- percona-xtradb-cluster-5.5 <not-affected> (Only affects 5.6)
CVE-2014-2483 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
	{DSA-2987-1}
	- openjdk-6 <not-affected> (vulnerable code not present)
	- openjdk-7 7u65-2.5.1-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/hotspot/rev/848481af9003
CVE-2014-2482 (Unspecified vulnerability in the Oracle Concurrent Processing ...)
	NOT-FOR-US: Oracle
CVE-2014-2481 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-2480 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-2479 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle
CVE-2014-2478 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-2477 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.3.12-dfsg-1 (bug #754939)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	- virtualbox-ose <not-affected> (Only affects 4.0 and later)
CVE-2014-2476 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2475 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2474 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2473 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2472 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2014-2471 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle iLearning
CVE-2014-2470 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2469 (Unspecified vulnerability in lighttpd in Oracle Solaris 11.1 allows ...)
	- lighttpd <not-affected> (Only affects lighttpd on Oracle Solaris)
CVE-2014-2468 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-2467 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2466 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2465 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2464 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2463 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
	NOT-FOR-US: Oracle Secure Global Desktop (SGD)
CVE-2014-2462
	REJECTED
CVE-2014-2461 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2460 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2459 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2458 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2457 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2456 (Unspecified vulnerability in the PeopleSoft Enterprise ELS Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2014-2455 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-2454 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-2453 (Unspecified vulnerability in the Hyperion Common Admin component in ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-2452 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2451 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2450 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2449 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Talent ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2448 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2447 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2446 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2445 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-2444 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2443 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2442 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2441 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox-guest-additions <not-affected> (Only affects 4.1 and later)
	- virtualbox-guest-additions-iso 4.3.10-1
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
CVE-2014-2440 (Unspecified vulnerability in the MySQL Client component in Oracle ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
	NOTE: this is the same issue as CVE-2014-0001, see http://www.openwall.com/lists/oss-security/2014/09/11/23
CVE-2014-2439 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
	NOT-FOR-US: Oracle Secure Global Desktop (SGD)
CVE-2014-2438 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2437 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2436 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2435 (Unspecified vulnerability in Oracle MySQL Server 5.6.16 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2434 (Unspecified vulnerability in Oracle MySQL Server 5.6.15 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-2433 (Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2432 (Unspecified vulnerability Oracle the MySQL Server component 5.5.35 and ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2431 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2430 (Unspecified vulnerability in Oracle MySQL Server 5.5.36 and earlier ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2429 (Unspecified vulnerability in the PeopleSoft Enterprise CS Campus Self ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2014-2428 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2427 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2426 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2425 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2424 (Unspecified vulnerability in the Oracle Event Processing component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2423 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2422 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and JavaFX ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-2421 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2420 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2419 (Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-2418 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2417 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2416 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2415 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2414 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2413 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-2412 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, SE 7u51, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2411 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2410 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-2409 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-2408 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-2407 (Unspecified vulnerability in the Oracle Data Integrator component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2406 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-2405 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...)
	{DSA-2912-1}
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2404 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2403 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2402 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-2401 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2014-2400 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2399 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-2398 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2397 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-2396
	RESERVED
CVE-2014-2395
	RESERVED
CVE-2014-2394
	RESERVED
CVE-2014-2393 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2392 (The E-Mail autoconfiguration feature in Open-Xchange AppSuite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2391 (The password recovery service in Open-Xchange AppSuite before ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2390 (Cross-site request forgery (CSRF) vulnerability in the User Management ...)
	NOT-FOR-US: McAfee Network Security Manager
CVE-2014-2389 (Stack-based buffer overflow in a certain decryption function in ...)
	NOT-FOR-US: BlackBerry Z 10
CVE-2014-2388 (The Storage and Access service in BlackBerry OS 10.x before ...)
	NOT-FOR-US: BlackBerry OS
CVE-2014-2385 (Multiple cross-site scripting (XSS) vulnerabilities in the web UI in ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2014-2384 (vmx86.sys in VMware Workstation 10.0.1 build 1379776 and VMware Player ...)
	NOT-FOR-US: VMware on Windows
CVE-2014-2383 (dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, ...)
	- php-dompdf 0.6.1+dfsg-2 (unimportant; bug #745619)
	NOTE: requires DOMPDF_ENABLE_REMOTE (disabled by default) to be enabled
CVE-2014-2382 (The DfDiskLo.sys driver in Faronics Deep Freeze Standard and ...)
	NOT-FOR-US: Faronics
CVE-2014-2381 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-2380 (Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-2379 (Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and ...)
	NOT-FOR-US: Sensys Networks
CVE-2014-2378 (Sensys Networks VSN240-F and VSN240-T sensors VDS before 2.10.1 and ...)
	NOT-FOR-US: Sensys Networks
CVE-2014-2377 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2376 (SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2375 (Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta ...)
	NOT-FOR-US: Ecava IntegraXor SCADA Server
CVE-2014-2374 (The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim ...)
	NOT-FOR-US: Accuenergy
CVE-2014-2373 (The web server on the AXN-NET Ethernet module accessory 3.04 for the ...)
	NOT-FOR-US: Accuenergy
CVE-2014-2372
	RESERVED
CVE-2014-2371
	RESERVED
CVE-2014-2370 (Cross-site scripting (XSS) vulnerability in the web application on ...)
	NOT-FOR-US: Omron
CVE-2014-2369 (Cross-site request forgery (CSRF) vulnerability in the web application ...)
	NOT-FOR-US: Omron
CVE-2014-2368 (The BrowseFolder method in the bwocxrun ActiveX control in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2367 (The ChkCookie subroutine in an ActiveX control in ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2366 (upAdminPg.asp in Advantech WebAccess before 7.2 allows remote ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2365 (Unspecified vulnerability in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2364 (Multiple stack-based buffer overflows in Advantech WebAccess before ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-2363 (Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which ...)
	NOT-FOR-US: Morpho Itemiser
CVE-2014-2362 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
	NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2361 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, ...)
	NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2360 (OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules ...)
	NOT-FOR-US: OleumTech Wireless Gateway
CVE-2014-2359 (OleumTech Wireless Sensor Network devices allow remote attackers to ...)
	NOT-FOR-US: OleumTech Wireless Sensor Network devices
CVE-2014-2358 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Fox-IT Fox DataDiode
CVE-2014-2357 (The GPT library in the Telegyr 8979 Master Protocol application in ...)
	NOT-FOR-US: SUBNET SubSTATION Server 2
CVE-2014-2356 (Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require ...)
	NOT-FOR-US: Innominate mGuard
CVE-2014-2355 (The (1) CimView and (2) CimEdit components in GE Proficy ...)
	NOT-FOR-US: Systems Integrated GE Proficy HMI/SCADA-CIMPLICITY
CVE-2014-2354 (Cogent DataHub before 7.3.5 does not use a salt during password ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-2353 (Cross-site scripting (XSS) vulnerability in Cogent DataHub before ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-2352 (Directory traversal vulnerability in Cogent DataHub before 7.3.5 ...)
	NOT-FOR-US: Cogent DataHub
CVE-2014-2351 (SQL injection vulnerability in the LiveData service in CSWorks before ...)
	NOT-FOR-US: CSWorks
CVE-2014-2350 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2014-2349 (Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 allows local users to ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2014-2348
	RESERVED
CVE-2014-2347 (Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage ...)
	NOT-FOR-US: Amtelco miSecureMessages
CVE-2014-2346 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through ...)
	NOT-FOR-US: COPA-DATA
CVE-2014-2345 (COPA-DATA zenon DNP3 NG driver (DNP3 master) 7.10 and 7.11 through ...)
	NOT-FOR-US: COPA-DATA
CVE-2014-2344
	REJECTED
CVE-2014-2343 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2014-2342 (Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2014-2341 (Session fixation vulnerability in CubeCart before 5.2.9 allows remote ...)
	NOT-FOR-US: CubeCart
CVE-2014-2340 (Cross-site request forgery (CSRF) vulnerability in the XCloner plugin ...)
	NOT-FOR-US: WordPress plugin xcloner-backup-and-restore
CVE-2014-2339 (Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in ...)
	NOT-FOR-US: GnuBoard
CVE-2014-2338 (IKEv2 in strongSwan 4.0.7 before 5.1.3 allows remote attackers to ...)
	{DSA-2903-1}
	- strongswan 5.1.2-4
CVE-2014-2337
	RESERVED
CVE-2014-2336 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2014-2335 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2014-2334 (Multiple cross-site scripting (XSS) vulnerabilities in the Web User ...)
	NOT-FOR-US: Fortinet FortiManager
CVE-2014-2333 (Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin ...)
	NOT-FOR-US: WordPress plugin Lazyest Gallery
CVE-2014-2332 (Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote ...)
	- check-mk 1.2.2p3-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2331 (Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated ...)
	- check-mk 1.2.6p4-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2330 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	- check-mk 1.2.6p4-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2329 (Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before ...)
	- check-mk 1.2.2p3-1 (bug #742689)
	[wheezy] - check-mk <no-dsa> (Minor issue)
	NOTE: http://packetstormsecurity.com/files/125850/DTC-A-20140324-002.txt
CVE-2014-2328 (lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #742768)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768)
	NOTE: http://bugs.cacti.net/view.php?id=2433
CVE-2014-2327 (Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-6 (bug #742768)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768)
	NOTE: http://bugs.cacti.net/view.php?id=2432
CVE-2014-2326 (Cross-site scripting (XSS) vulnerability in cdef.php in Cacti 0.8.7g, ...)
	{DSA-2970-1}
	- cacti 0.8.8b+dfsg-4 (bug #742768)
	[squeeze] - cacti 0.8.7g-1+squeeze4 (bug #742768)
	NOTE: http://bugs.cacti.net/view.php?id=2431
CVE-2014-2318 (SQL injection vulnerability in ATCOM Netvolution 3 allows remote ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2014-2317 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-2316 (SQL injection vulnerability in se_search_default in the Search ...)
	NOT-FOR-US: WP plugin search-everything
CVE-2014-2315 (Multiple cross-site scripting (XSS) vulnerabilities in the Thank You ...)
	NOT-FOR-US: WP plugin thankyoubutton
CVE-2014-2314 (Directory traversal vulnerability in the Issue Collector plugin in ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2014-2313 (Directory traversal vulnerability in the Importers plugin in Atlassian ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2013-7339 (The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel ...)
	{DSA-2906-1}
	- linux 3.13-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2349758acf1874e4c2b93fe41d072336f1a31d0
CVE-2013-7336 (The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in ...)
	- libvirt 1.1.4-1
	[wheezy] - libvirt <not-affected> (Vulnerable code not present)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: http://www.redhat.com/archives/libvir-list/2013-September/msg01208.html
CVE-2013-7335 (Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x ...)
	NOT-FOR-US: DotNetNuke
CVE-2013-7334 (Cross-site request forgery (CSRF) vulnerability in ImageCMS before 4.2 ...)
	NOT-FOR-US: ImageCMS
CVE-2014-2387 [pen: insecure temporary filename]
	RESERVED
	- pen 0.22.1-1 (low; bug #741370)
	[squeeze] - pen <no-dsa> (Minor issue)
	[wheezy] - pen <no-dsa> (Minor issue)
CVE-2014-2386 (Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, ...)
	{DSA-2956-1}
	- icinga 1.11.0-1
	[squeeze] - icinga <not-affected> (Vulnerable code not present)
CVE-2014-2325 (Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail ...)
	NOT-FOR-US: Proxmox Mail Gateway
CVE-2014-2324 (Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) ...)
	{DSA-2877-1}
	- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2323 (SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before ...)
	{DSA-2877-1}
	- lighttpd 1.4.33-1+nmu3 (bug #741493)
CVE-2014-2322 (lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby ...)
	NOT-FOR-US: Ruby Gem Arabic Prawn
CVE-2014-2321 (web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote ...)
	NOT-FOR-US: ZTE F460 and F660 cable modems
CVE-2014-2320
	RESERVED
CVE-2014-2319 (The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 ...)
	NOTE: Non issue
	NOTE: http://seclists.org/oss-sec/2014/q1/550
CVE-2014-2312 (The main function in android_main.cpp in thermald allows local users ...)
	- thermald <not-affected> (android_main.cpp not used for Debian build)
CVE-2014-2311 (SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-2308
	RESERVED
CVE-2014-2307
	RESERVED
CVE-2014-2306
	RESERVED
CVE-2014-2305
	RESERVED
CVE-2014-2304
	RESERVED
CVE-2014-2303 (Multiple SQL injection vulnerabilities in the file browser component ...)
	NOT-FOR-US: webEdition CMS
CVE-2014-2302
	RESERVED
CVE-2014-2301 (OrbiTeam BSCW before 5.0.8 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OrbiTeam BSCW
CVE-2014-2300
	RESERVED
CVE-2014-2299 (Buffer overflow in the mpeg_read function in wiretap/mpeg.c in the ...)
	{DSA-2871-1}
	- wireshark 1.10.6-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9843
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-04.html
CVE-2014-2298
	RESERVED
CVE-2014-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-2296
	RESERVED
CVE-2014-2295
	RESERVED
CVE-2014-2294 (Open Web Analytics (OWA) before 1.5.7 allows remote attackers to ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-2293 (Zikula Application Framework before 1.3.7 build 11 allows remote ...)
	NOT-FOR-US: Zikula
CVE-2014-2292 (Unspecified vulnerability in the Linux Network Connect client in ...)
	NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2014-2291 (Cross-site scripting (XSS) vulnerability in the Pulse Collaboration ...)
	NOT-FOR-US: Junos
CVE-2014-2290
	RESERVED
CVE-2014-2289 (res/res_pjsip_exten_state.c in the PJSIP channel driver in Asterisk ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-004.html
CVE-2014-2288 (The PJSIP channel driver in Asterisk Open Source 12.x before 12.1.1, ...)
	- asterisk <not-affected> (Only affects Asterisk 12.x)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-003.html
CVE-2014-2287 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.26.1, ...)
	{DLA-781-1}
	- asterisk 1:11.8.1~dfsg-1 (bug #741313)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-002.html
CVE-2014-2286 (main/http.c in Asterisk Open Source 1.8.x before 1.8.26.1, 11.8.x ...)
	{DLA-455-1}
	- asterisk 1:11.8.1~dfsg-1 (bug #741313)
	[squeeze] - asterisk <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2014-001.html
CVE-2014-2283 (epan/dissectors/packet-rlc in the RLC dissector in Wireshark 1.8.x ...)
	{DSA-2871-1}
	- wireshark 1.10.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9730
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-03.html
CVE-2014-2282 (The dissect_protocol_data_parameter function in ...)
	- wireshark 1.10.6-1
	[wheezy] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9699
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-02.html
CVE-2014-2281 (The nfs_name_snoop_add_name function in epan/dissectors/packet-nfs.c ...)
	{DSA-2871-1}
	- wireshark 1.10.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9672
	NOTE: http://www.wireshark.org/security/wnpa-sec-2014-01.html
CVE-2013-7333
	RESERVED
CVE-2014-2309 (The ip6_route_add function in net/ipv6/route.c in the Linux kernel ...)
	- linux 3.13.6-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Introduced in v3.0)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=957c665f37007de93ccbe45902a23143724170d0
	NOTE: Fix: https://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=c88507fbad8055297c1d1e21e599f46960cbee39
CVE-2014-2310 (The AgentX subagent in Net-SNMP before 5.4.4 allows remote attackers ...)
	- net-snmp 5.7.2~dfsg-3 (bug #684388)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8
	[squeeze] - net-snmp <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/net-snmp/patches/1113/
CVE-2012-6639
	RESERVED
	- cloud-init 0.7.1-1
	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/12299
CVE-2014-2280 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
	NOT-FOR-US: SeedDMS
CVE-2014-2279 (Multiple directory traversal vulnerabilities in SeedDMS (formerly ...)
	NOT-FOR-US: SeedDMS
CVE-2014-2278 (Unrestricted file upload vulnerability in op/op.AddFile2.php in ...)
	NOT-FOR-US: SeedDMS
CVE-2014-2277 (The make_temporary_filename function in perltidy 20120701-1 and ...)
	- perltidy 20130922-1 (bug #740670)
	[wheezy] - perltidy <no-dsa> (Minor issue)
	[squeeze] - perltidy <no-dsa> (Minor issue)
CVE-2014-2276 (The FileUploadController servlet in EMC Connectrix Manager Converged ...)
	NOT-FOR-US: EMC
CVE-2014-2275
	RESERVED
CVE-2014-2274 (Cross-site request forgery (CSRF) vulnerability in the Subscribe To ...)
	NOT-FOR-US: Subscribe To Comments Reloaded plugin for WordPress
CVE-2014-2273 (The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 ...)
	NOT-FOR-US: Huawei Router
CVE-2014-2272
	RESERVED
CVE-2014-2271
	RESERVED
CVE-2014-2269 (modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 ...)
	NOT-FOR-US: vTiger CRM
CVE-2014-2268 (views/Index.php in the Install module in vTiger 6.0 before Security ...)
	NOT-FOR-US: vTiger CRM
CVE-2014-2267
	RESERVED
CVE-2014-2266
	RESERVED
CVE-2014-2265 (Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to ...)
	NOT-FOR-US: Rock Lobster Contact Form
CVE-2014-2264 (The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2014-2263 (The mpegts_write_pmt function in the MPEG2 transport stream (aka DVB) ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=842b6c14bcfc1c5da1a2d288fd65386eb8c158ad
	- libav 6:10.4-1
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=addbaf134836aea4e14f73add8c6d753a1373257
CVE-2014-2262 (Buffer overflow in the client application in Base SAS 9.2 TS2M3, SAS ...)
	NOT-FOR-US: Base SAS
CVE-2014-2261
	RESERVED
CVE-2014-2260 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Ajenti
CVE-2014-2259 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
	NOT-FOR-US: Siemens
CVE-2014-2258 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2257 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
	NOT-FOR-US: Siemens
CVE-2014-2256 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2255 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
	NOT-FOR-US: Siemens
CVE-2014-2254 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2253 (Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 ...)
	NOT-FOR-US: Siemens
CVE-2014-2252 (Siemens SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allow ...)
	NOT-FOR-US: Siemens
CVE-2014-2251 (The random-number generator on Siemens SIMATIC S7-1500 CPU PLC devices ...)
	NOT-FOR-US: Siemens
CVE-2014-2250 (The random-number generator on Siemens SIMATIC S7-1200 CPU PLC devices ...)
	NOT-FOR-US: Siemens
CVE-2014-2249 (Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC ...)
	NOT-FOR-US: Siemens
CVE-2014-2248 (Open redirect vulnerability in the integrated web server on Siemens ...)
	NOT-FOR-US: Siemens
CVE-2014-2247 (The integrated web server on Siemens SIMATIC S7-1500 CPU PLC devices ...)
	NOT-FOR-US: Siemens
CVE-2014-2246 (Cross-site scripting (XSS) vulnerability in the integrated web server ...)
	NOT-FOR-US: Siemens
CVE-2014-2241 (The (1) cf2_initLocalRegionBuffer and (2) cf2_initGlobalRegionBuffer ...)
	- freetype 2.5.2-1.1 (bug #741299)
	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
	NOTE: https://savannah.nongnu.org/bugs/?41697#comment2 if I understood it right
CVE-2014-2240 (Stack-based buffer overflow in the cf2_hintmap_build function in ...)
	- freetype 2.5.2-1.1 (bug #741299)
	[wheezy] - freetype <not-affected> (vuln. code introduced around 2.5)
	[squeeze] - freetype <not-affected> (vuln. code introduced around 2.5)
	NOTE: http://sourceforge.net/projects/freetype/files/freetype2/2.5.3/
	NOTE: https://savannah.nongnu.org/bugs/?41697#comment0
CVE-2014-2239
	RESERVED
CVE-2014-2234 (A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier ...)
	- openssl <not-affected> (Apple-specific patch)
CVE-2014-2233 (Server-side request forgery (SSRF) vulnerability in the MapAPI in ...)
	NOT-FOR-US: Infoware MapSuite
CVE-2014-2232 (Absolute path traversal vulnerability in the MapAPI in Infoware ...)
	NOT-FOR-US: Infoware MapSuite
CVE-2014-2231 (Cross-site scripting (XSS) vulnerability in the API in synetics i-doit ...)
	NOT-FOR-US: synetics i-doit pro
CVE-2014-2230 (Open redirect vulnerability in the header function in adclick.php in ...)
	NOT-FOR-US: OpenX
CVE-2014-2229
	RESERVED
CVE-2014-2228
	RESERVED
CVE-2014-2227 (The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti ...)
	NOT-FOR-US: Ubiquiti Networks
CVE-2014-2226 (Ubiquiti UniFi Controller before 3.2.1 logs the administrative ...)
	NOT-FOR-US: Ubiquiti Networks
CVE-2014-2225
	RESERVED
	NOT-FOR-US: Ubiquiti Networks
CVE-2014-2224 (Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not ...)
	NOT-FOR-US: Plogger
CVE-2014-2223 (Unrestricted file upload vulnerability in plog-admin/plog-upload.php ...)
	NOT-FOR-US: Plogger
CVE-2014-2222
	RESERVED
CVE-2014-2221
	RESERVED
CVE-2014-2220
	RESERVED
CVE-2014-2219 (Cross-site scripting (XSS) vulnerability in whizzywig/wb.php in ...)
	NOT-FOR-US: CMSimple
CVE-2014-2218
	RESERVED
CVE-2014-2217 (Absolute path traversal vulnerability in the RadAsyncUpload control in ...)
	NOT-FOR-US: Telerik UI for ASP.NET AJAX
CVE-2014-2216 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2014-2215
	REJECTED
CVE-2014-2210 (Multiple directory traversal vulnerabilities in CA ERwin Web Portal ...)
	NOT-FOR-US: Erwin Web Portal
CVE-2014-2209 (Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-2208 (CRLF injection vulnerability in the LightProcess protocol ...)
	NOT-FOR-US: Facebook HipHop Virtual Machine
CVE-2014-2207
	RESERVED
CVE-2014-2205 (The Import and Export Framework in McAfee ePolicy Orchestrator (ePO) ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2014-2204
	RESERVED
CVE-2014-2203
	RESERVED
CVE-2014-2202
	RESERVED
CVE-2014-2201 (The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-2200 (Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local ...)
	NOT-FOR-US: Cisco
CVE-2014-2199 (meetinginfo.do in Cisco WebEx Event Center, WebEx Meeting Center, ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2198 (Cisco Unified Communications Domain Manager (CDM) in Unified CDM ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2197 (The Administration GUI in the web framework in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2196 (Cisco Wide Area Application Services (WAAS) 5.1.1 before 5.1.1e, when ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2014-2195 (Cisco AsyncOS on Email Security Appliance (ESA) and Content Security ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2014-2194 (system/egain/chat/entrypoint in Cisco Unified Web and E-mail ...)
	NOT-FOR-US: Cisco Unified Web and E-mail Interaction Manager
CVE-2014-2193 (Cisco Unified Web and E-Mail Interaction Manager places session ...)
	NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2014-2192 (Cross-site scripting (XSS) vulnerability in Cisco Unified Web and ...)
	NOT-FOR-US: Cisco Unified Web and E-Mail Interaction Manager
CVE-2014-2191 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-2190 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco
CVE-2014-2189
	REJECTED
CVE-2014-2188
	REJECTED
CVE-2014-2187
	RESERVED
CVE-2014-2186 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-2185 (The Call Detail Records (CDR) Management component in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-2184 (The IP Manager Assistant (IPMA) component in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-2183 (The L2TP module in Cisco IOS XE 3.10S(.2) and earlier on ASR 1000 ...)
	NOT-FOR-US: Cisco
CVE-2014-2182 (Cisco Adaptive Security Appliance (ASA) Software, when DHCPv6 replay ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2181 (Cisco Adaptive Security Appliance (ASA) Software allows remote ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2180 (The Document Management component in Cisco Unified Contact Center ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-2179 (The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on ...)
	NOT-FOR-US: Cisco RV
CVE-2014-2178 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
	NOT-FOR-US: Cisco RV
CVE-2014-2177 (The network-diagnostics administration interface in the Cisco RV ...)
	NOT-FOR-US: Cisco RV
CVE-2014-2176 (Cisco IOS XR 4.1.2 through 5.1.1 on ASR 9000 devices, when a ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2175 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2014-2174 (Cisco TelePresence T, TelePresence TE, and TelePresence TC before 7.1 ...)
	NOT-FOR-US: Cisco
CVE-2014-2173 (Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 ...)
	NOT-FOR-US: Cisco
CVE-2014-2172 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
	NOT-FOR-US: Cisco
CVE-2014-2171 (Heap-based buffer overflow in Cisco TelePresence TC Software 4.x ...)
	NOT-FOR-US: Cisco
CVE-2014-2170 (Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2014-2169 (Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE ...)
	NOT-FOR-US: Cisco
CVE-2014-2168 (Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE ...)
	NOT-FOR-US: Cisco
CVE-2014-2167 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2014-2166 (The SIP implementation in Cisco TelePresence TC Software 4.x and TE ...)
	NOT-FOR-US: Cisco
CVE-2014-2165 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2014-2164 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2014-2163 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2014-2162 (The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x ...)
	NOT-FOR-US: Cisco
CVE-2014-2161 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
	NOT-FOR-US: Cisco
CVE-2014-2160 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
	NOT-FOR-US: Cisco
CVE-2014-2159 (The H.225 subsystem in Cisco TelePresence System MXP Series Software ...)
	NOT-FOR-US: Cisco
CVE-2014-2158 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
	NOT-FOR-US: Cisco
CVE-2014-2157 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
	NOT-FOR-US: Cisco
CVE-2014-2156 (Cisco TelePresence System MXP Series Software before F9.3.1 allows ...)
	NOT-FOR-US: Cisco
CVE-2014-2155 (The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows ...)
	NOT-FOR-US: Cisco
CVE-2014-2154 (Memory leak in the SIP inspection engine in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2153 (Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2152 (Cross-site request forgery (CSRF) vulnerability in the INSERT page in ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2151 (The WebVPN portal in Cisco Adaptive Security Appliance (ASA) Software ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2150
	REJECTED
CVE-2014-2149
	REJECTED
CVE-2014-2148
	RESERVED
CVE-2014-2147 (The web interface in Cisco Prime Infrastructure 2.1 and earlier does ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-2146 (The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly ...)
	NOT-FOR-US: Cisco
CVE-2014-2145 (Directory traversal vulnerability in the messaging API in Cisco Unity ...)
	NOT-FOR-US: Cisco
CVE-2014-2144 (Cisco IOS XR does not properly throttle ICMPv6 redirect packets, which ...)
	NOT-FOR-US: Cisco
CVE-2014-2143 (The IKE implementation in Cisco IOS 15.4(1)T and earlier and IOS XE ...)
	NOT-FOR-US: Cisco
CVE-2014-2142 (Cisco ONS 15454 controller cards with software 10.0 and earlier allow ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2141 (The session-termination functionality on Cisco ONS 15454 controller ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2140 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2139 (Cisco ONS 15454 controller cards with software 9.6 and earlier allow ...)
	NOT-FOR-US: Cisco ONS
CVE-2014-2138 (CRLF injection vulnerability in the web framework in Cisco Security ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2014-2137 (CRLF injection vulnerability in the web framework in Cisco Web ...)
	NOT-FOR-US: Cisco Web Security Appliance
CVE-2014-2136 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2135 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2134 (Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2133 (Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2132 (Cisco WebEx Recording Format (WRF) player and Advanced Recording ...)
	NOT-FOR-US: Cisco WebEx
CVE-2014-2131 (The packet driver in Cisco IOS allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2130 (Cisco Secure Access Control Server (ACS) provides an unintentional ...)
	NOT-FOR-US: Cisco
CVE-2014-2129 (The SIP inspection engine in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2128 (The SSL VPN implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2127 (Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2126 (Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2125 (Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco ...)
	NOT-FOR-US: Cisco Unity Connection Server
CVE-2014-2124 (Cisco IOS 15.1(2)SY3 and earlier, when used with Supervisor Engine 2T ...)
	NOT-FOR-US: Cisco
CVE-2014-2123
	RESERVED
CVE-2014-2122 (Memory leak in the GUI in the Impact server in Cisco Hosted ...)
	NOT-FOR-US: Cisco
CVE-2014-2121 (The Java-based software in Cisco Hosted Collaboration Solution (HCS) ...)
	NOT-FOR-US: Cisco
CVE-2014-2120 (Cross-site scripting (XSS) vulnerability in the WebVPN login page in ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-2119 (The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS ...)
	NOT-FOR-US: Cisco AsyncOS
CVE-2014-2118 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cisco PRSM
CVE-2014-2117 (Multiple open redirect vulnerabilities in Cisco Emergency Responder ...)
	NOT-FOR-US: Cisco
CVE-2014-2116 (Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2014-2115 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Cisco
CVE-2014-2114 (Cross-site scripting (XSS) vulnerability in UserServlet in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2014-2113 (Cisco IOS 15.1 through 15.3 and IOS XE 3.3 and 3.5 before 3.5.2E; 3.7 ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2112 (The SSL VPN (aka WebVPN) feature in Cisco IOS 15.1 through 15.4 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2111 (The Application Layer Gateway (ALG) module in Cisco IOS 12.2 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2110
	RESERVED
CVE-2014-2109 (The TCP Input module in Cisco IOS 12.2 through 12.4 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2108 (Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2107 (Cisco IOS 12.2 and 15.0 through 15.3, when used with the Kailash FPGA ...)
	NOT-FOR-US: Cisco
CVE-2014-2106 (Cisco IOS 15.3M before 15.3(3)M2 and IOS XE 3.10.xS before 3.10.2S ...)
	NOT-FOR-US: Cisco IOS
CVE-2014-2105
	RESERVED
CVE-2014-2104 (Multiple cross-site scripting (XSS) vulnerabilities in the Business ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2014-2103 (Cisco Intrusion Prevention System (IPS) Software allows remote ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2014-2102 (Cisco Unified Contact Center Express (Unified CCX) does not properly ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-2101
	RESERVED
CVE-2014-2100
	RESERVED
CVE-2014-2099 (The msrle_decode_frame function in libavcodec/msrle.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: [Anton] appears to not be present in any version of libav
CVE-2014-2098 (libavcodec/wmalosslessdec.c in FFmpeg before 2.1.4 uses an incorrect ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:10.4-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=849b9d34 (master)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6be5a3c0 (release/10)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=36d8914f (release/9)
CVE-2014-2097 (The tak_decode_frame function in libavcodec/takdec.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: [Anton] appears to not be present in any version of libav
CVE-2014-2092 (Cross-site scripting (XSS) vulnerability in ...)
	- cmsms <itp> (bug #608888)
CVE-2014-2091 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ATutor
CVE-2014-2090 (Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ...)
	NOT-FOR-US: ILIAS
CVE-2014-2089 (ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via ...)
	NOT-FOR-US: ILIAS
CVE-2014-2088 (Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 ...)
	NOT-FOR-US: ILIAS
CVE-2014-2087 (Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload ...)
	NOT-FOR-US: Free Download Manager
CVE-2013-7332 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-7331 (The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-2285 (The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs ...)
	- net-snmp 5.7.2.1~dfsg-3 (unimportant)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072044
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1072778
	NOTE: Upstream fix: http://sourceforge.net/p/net-snmp/code/ci/76e8d6d100320629d8a23be4b0128619600c919d/
	NOTE: unimportant since it only segfaults with older Perl version
	NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2006/09/msg116250.html
	NOTE: http://perl5.git.perl.org/perl.git/commitdiff/ddfa59c
CVE-2014-2284 (The Linux implementation of the ICMP-MIB in Net-SNMP 5.5 before ...)
	- net-snmp 5.7.2.1~dfsg-3 (bug #742817)
	[wheezy] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
	[squeeze] - net-snmp <not-affected> (Only affects code from 5.5 through 5.7.2)
	NOTE: http://sourceforge.net/p/net-snmp/mailman/message/32026655/
	NOTE: http://sourceforge.net/p/net-snmp/code/ci/a1fd64716f6794c55c34d77e618210238a73bfa1/
CVE-2014-XXXX [buffer overflow]
	- mp3gain <removed> (low; bug #740268)
	[squeeze] - mp3gain <no-dsa> (Minor issue)
	[wheezy] - mp3gain <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/mp3gain/bugs/36/
CVE-2014-2270 (softmagic.c in file before 5.17 and libmagic allows context-dependent ...)
	{DSA-2943-1 DSA-2873-1 DLA-145-1}
	- file 1:5.17-1
	NOTE: http://bugs.gw.com/view.php?id=313
	NOTE: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801
	- php5 5.5.10+dfsg-1 (bug #740960)
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=a33759fd275b32ed0bbe89796fe2953b3cb0b41f
CVE-2013-7345 (The BEGIN regular expression in the awk script detector in ...)
	{DSA-3064-1 DSA-2873-1}
	- file 1:5.17-0.1 (bug #703993)
	NOTE: http://bugs.gw.com/view.php?id=164
	NOTE: fixed in commit ef2329cf71acb59204dd981e2c6cce6c81fe467c
	- php5 5.6.0+dfsg-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: Wheezy's php5 is vulnerable in 5.4.4-14+deb7u14. Verified by rebuilding
	NOTE: magic.mgc out of ext/fileinfo/data_info.c and "strings magic.mgc |grep BEGIN"
	NOTE: returns "^\s*BEGIN\s*[{]". Same test in squeeze does not
	NOTE: report the problematic string.
	NOTE: Good fix is to regenerate the file with "php5
	NOTE: create_data_file.php /usr/share/file/magic.mgc > data_info.c" once
	NOTE: you have a fixed libmagic1 installed.
	NOTE: fixed by php5 5.4.27 so DSA 3064-1 also fixed it in Wheezy
CVE-2014-5795
	REJECTED
CVE-2014-2245 (SQL injection vulnerability in the News module in CMS Made Simple ...)
	- cmsms <itp> (bug #608888)
CVE-2014-2244 (Cross-site scripting (XSS) vulnerability in the formatHTML function in ...)
	- mediawiki <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61362
	NOTE: https://gerrit.wikimedia.org/r/#/q/Idf985e4e69c2f11778a8a90503914678441cb3fb,n,z
CVE-2014-2243 (includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x ...)
	- mediawiki 1:1.19.12+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=61346
	NOTE: https://gerrit.wikimedia.org/r/#/q/I2a9e89120f7092015495e638c6fa9f67adc9b84f,n,z
CVE-2014-2242 (includes/upload/UploadBase.php in MediaWiki before 1.19.12, 1.20.x and ...)
	- mediawiki 1:1.19.12+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=60771
	NOTE: https://gerrit.wikimedia.org/r/#/q/7d923a6b53f7fbcb0cbc3a19797d741bf6f440eb,n,z
CVE-2014-2238 (SQL injection vulnerability in the manage configuration page ...)
	- mantis <removed>
	[wheezy] - mantis <not-affected> (Introduced in 1.2.13)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=17055
CVE-2014-2237 (The memcache token backend in OpenStack Identity (Keystone) 2013.1 ...)
	- keystone 2013.2.3-1
	[wheezy] - keystone <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/1260080
CVE-2014-2236 (Multiple cross-site scripting (XSS) vulnerabilities in Askbot before ...)
	- askbot <itp> (bug #687966)
CVE-2014-2235 (Cross-site scripting (XSS) vulnerability in Askbot before 0.7.49 ...)
	- askbot <itp> (bug #687966)
CVE-2014-2214
	RESERVED
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2213
	RESERVED
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2212 (The remember me feature in portal/scr_authentif.php in POSH (aka Posh ...)
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2211 (SQL injection vulnerability in portal/addtoapplication.php in POSH ...)
	NOT-FOR-US: POSH web app (different from src:posh)
CVE-2014-2206 (Stack-based buffer overflow in GetGo Download Manager 4.9.0.1982, ...)
	NOT-FOR-US: GetGo Download Manager
CVE-2014-2096 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2095 (Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2094 (Untrusted search path vulnerability in Catfish through 0.4.0.3, when a ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2093 (Untrusted search path vulnerability in Catfish through 0.4.0.3 allows ...)
	- catfish 1.0.1-1 (low; bug #739958)
	[squeeze] - catfish 0.3.2-1+deb6u1
	[wheezy] - catfish 0.3.2-2+deb7u1
CVE-2014-2086
	RESERVED
CVE-2014-2085
	REJECTED
CVE-2014-2084 (Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, ...)
	NOT-FOR-US: Skybox View Appliances
CVE-2014-2083
	RESERVED
CVE-2014-2082
	RESERVED
CVE-2014-2081 (Multiple SQL injection vulnerabilities in the login in ...)
	NOT-FOR-US: Innovative vtls-Virtua
CVE-2014-2080 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MODx Revolution
CVE-2014-2079 [File New sets inappropriate permissions in ACL enabled directories]
	RESERVED
	- xfe 1.37-2 (bug #739536)
	[wheezy] - xfe <no-dsa> (Minor issue)
	[squeeze] - xfe <no-dsa> (Minor issue)
CVE-2014-2078 (The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2077 (Cross-site scripting (XSS) vulnerability in the frontend in ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-2076
	RESERVED
CVE-2014-2075 (TIBCO Enterprise Administrator 1.0.0 and Enterprise Administrator SDK ...)
	NOT-FOR-US: TIBCO Enterprise Administrator
CVE-2014-2074
	RESERVED
CVE-2014-2073 (Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 ...)
	NOT-FOR-US: Dassault Systemes Catia
CVE-2014-2072
	RESERVED
	NOT-FOR-US: Dassault Systemes Catia
CVE-2014-2071 (Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before ...)
	NOT-FOR-US: Aruba Networks ClearPass Policy Manager
CVE-2014-2070
	RESERVED
CVE-2014-2069 (Absolute path traversal vulnerability in Eshtery CMS allows remote ...)
	NOT-FOR-US: Eshtery CMS
CVE-2014-2068 (The doIndex function in hudson/util/RemotingDiagnostics.java in ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/0530a6645aac10fec005614211660e98db44b5eb
CVE-2014-2067 (Cross-site scripting (XSS) vulnerability in ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/5d57c855f3147bfc5e7fda9252317b428a700014
CVE-2014-2066 (Session fixation vulnerability in Jenkins before 1.551 and LTS before ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/8ac74c350779921598f9d5edfed39dd35de8842a
CVE-2014-2065 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.551 and ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/a0b00508eeb74d7033dc4100eb382df4e8fa72e7
CVE-2014-2064 (The loadUserByUsername function in ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/fbf96734470caba9364f04e0b77b0bae7293a1ec
CVE-2014-2063 (Jenkins before 1.551 and LTS before 1.532.2 allows remote attackers to ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/16931bd7bf7560e26ef98328b8e95e803d0e90f6
CVE-2014-2062 (Jenkins before 1.551 and LTS before 1.532.2 does not invalidate the ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/5548b5220cfd496831b5721124189ff18fbb12a3
CVE-2014-2061 (The input control in PasswordParameterDefinition in Jenkins before ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/bf539198564a1108b7b71a973bf7de963a6213ef
CVE-2014-2060 (The Winstone servlet container in Jenkins before 1.551 and LTS before ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/29351af4bd01f61715418916fc12c52be46bd9b0
CVE-2014-2059 (Directory traversal vulnerability in the CLI job creation ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/ad38d8480f20ce3cbf8fec3e2003bc83efda4f7d
CVE-2014-2058 (BuildTrigger in Jenkins before 1.551 and LTS before 1.532.2 allows ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/b6b2a367a7976be80a799c6a49fa6c58d778b50e
CVE-2014-2057 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 6.0.2+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-007/
CVE-2014-2056 (PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before ...)
	- owncloud 6.0.2+dfsg-1
	- phpdocx 3.0+dfsg-2
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
CVE-2014-2055 (SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and ...)
	- owncloud 6.0.2+dfsg-1
	- php-sabredav 1.7.11+dfsg-1
	NOTE: https://github.com/fruux/sabre-dav/releases/tag/1.7.11
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
CVE-2014-2054 (PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and ...)
	- owncloud 6.0.2+dfsg-1
	- dolibarr 3.5.3+dfsg1-1
	- moodle 2.7.5+dfsg-3 (bug #775842)
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: dolibarr removed phpexcel in 3.5.3+dfsg1-1 / #729538
	NOTE: moodle also contain a copy of PHPExcel
	NOTE: owncloud does not mention details
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
	NOTE: https://github.com/PHPOffice/PHPExcel/blob/develop/changelog.txt
CVE-2014-2053 (getID3() before 1.9.8, as used in ownCloud Server before 5.0.15 and ...)
	{DSA-3001-1 DLA-56-1}
	- owncloud 6.0.2+dfsg-1
	- php-getid3 1.9.7-2
	[wheezy] - php-getid3 1.9.3-1+deb7u1
	[squeeze] - php-getid3 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/JamesHeinrich/getID3/commit/dc8549079a24bb0619b6124ef2df767704f8d0bc
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
	- wordpress 3.9.2+dfsg-1 (bug #757312)
	NOTE: https://core.trac.wordpress.org/changeset/29390
CVE-2014-2052
	RESERVED
	- owncloud 6.0.2+dfsg-1
	NOTE: owncloud advisory does not mention details for ZendFramework
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2014-006/
	NOTE: The reference wrt zendframework is for CVE-2012-6532
CVE-2014-2051 (ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2050
	RESERVED
CVE-2014-2049 (The default Flash Cross Domain policies in ownCloud before 5.0.15 and ...)
	- owncloud 6.0.0+dfsg-1
CVE-2014-2048 (The user_openid app in ownCloud Server before 5.0.15 allows remote ...)
	- owncloud <removed>
CVE-2014-2047 (Session fixation vulnerability in ownCloud before 6.0.2, when PHP is ...)
	- owncloud 6.0.2+dfsg-1
CVE-2014-2046 (cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 ...)
	NOT-FOR-US: Broadcom Ltd PIPA C211
CVE-2014-2045 (Multiple cross-site scripting (XSS) vulnerabilities in the old and new ...)
	NOT-FOR-US: Viprinet
CVE-2014-2044 (Incomplete blacklist vulnerability in ajax/upload.php in ownCloud ...)
	- owncloud <not-affected> (Windows-specific)
CVE-2014-2043 (SQL injection vulnerability in Resources/System/Templates/Data.aspx in ...)
	NOT-FOR-US: Procentia IntelliPen
CVE-2014-2042 (Unrestricted file upload vulnerability in the Manage Project ...)
	NOT-FOR-US: Livetecs Timelive
CVE-2014-2041
	RESERVED
CVE-2014-2040 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: WordPress plugin MediaFileRenamer
CVE-2014-2038 (The nfs_can_extend_write function in fs/nfs/write.c in the Linux ...)
	- linux 3.13.4-1
	[wheezy] - linux <not-affected> (Introduced in 3.11)
	- linux-2.6 <not-affected> (Introduced in 3.11)
	NOTE: Introduced by https://git.kernel.org/linus/c7559663e42f4294ffe31fe159da6b6a66b35d61
	NOTE: Fixed by https://git.kernel.org/linus/263b4509ec4d47e0da3e753f85a39ea12d1eff24
CVE-2014-2036
	RESERVED
CVE-2014-2035 (Cross-site scripting (XSS) vulnerability in xhr.php in InterWorx Web ...)
	NOT-FOR-US: InterWorx Web Control Panel
CVE-2014-2034 (Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through ...)
	NOT-FOR-US: Sonatype Nexus OSS
CVE-2014-2033 (The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2014-2028
	RESERVED
CVE-2014-2026 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Intrexx
CVE-2014-2025
	RESERVED
	NOT-FOR-US: Intrexx
CVE-2014-2024 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Open Classifieds
CVE-2014-2023 (Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 ...)
	NOT-FOR-US: vBulletin
CVE-2014-2022 (SQL injection vulnerability in includes/api/4/breadcrumbs_create.php ...)
	NOT-FOR-US: vBulletin
CVE-2014-2021 (Cross-site scripting (XSS) vulnerability in admincp/apilog.php in ...)
	NOT-FOR-US: vBulletin
CVE-2014-2020 (ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2014-2019 (The iCloud subsystem in Apple iOS before 7.1 allows physically ...)
	NOT-FOR-US: Apple iOS
CVE-2014-2018 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...)
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
CVE-2014-2017 (CRLF injection vulnerability in OXID eShop Professional Edition before ...)
	NOT-FOR-US: OXID eShop
CVE-2014-2016 (Multiple cross-site scripting (XSS) vulnerabilities in OXID eShop ...)
	NOT-FOR-US: OXID eShop
CVE-2014-2012
	RESERVED
CVE-2014-2011
	RESERVED
CVE-2014-2010
	RESERVED
CVE-2014-2009 (The mPAY24 payment module before 1.6 for PrestaShop allows remote ...)
	NOT-FOR-US: mPAY24 payment module for PrestaShop
CVE-2014-2008 (SQL injection vulnerability in confirm.php in the mPAY24 payment ...)
	NOT-FOR-US: mPAY24 payment module for PrestaShop
CVE-2014-2007
	RESERVED
CVE-2014-2006 (Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x ...)
	NOT-FOR-US: Intercom Web Kyukincho
CVE-2014-2005 (Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) ...)
	NOT-FOR-US: Sophos Enterprise Console
CVE-2014-2004 (The PPP Access Concentrator (PPPAC) on SEIL SEIL/x86 routers 1.00 ...)
	NOT-FOR-US: SEIL routers
CVE-2014-2003 (JustSystems JUST Online Update, as used in Ichitaro through 2014 and ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2014-2002 (Cross-site scripting (XSS) vulnerability in C-BOARD Moyuku 1.01b6 and ...)
	NOT-FOR-US: C-BOARD Moyuku
CVE-2014-2001 (The East Japan Railway Company JR East Japan application before 1.2.0 ...)
	NOT-FOR-US: Android application for East Japan Railway Company
CVE-2014-2000 (The NTT 050 plus application before 4.2.1 for Android allows attackers ...)
	NOT-FOR-US: NTT application for Android
CVE-2014-1999 (The auto-format feature in the Request_Curl class in FuelPHP 1.1 ...)
	NOT-FOR-US: FuelPHP
CVE-2014-1998 (Cross-site scripting (XSS) vulnerability in Nippon Institute of ...)
	NOT-FOR-US: SOY CMS
CVE-2014-1997 (The ATEN CN8000 remote-access unit with firmware 1.6.154 and earlier ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2014-1996 (Cybozu Garoon 3.7 before SP4 allows remote authenticated users to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1995 (Cross-site scripting (XSS) vulnerability in the Map search ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1994 (Cross-site scripting (XSS) vulnerability in the Notices portlet in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1993 (The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1992 (Cross-site scripting (XSS) vulnerability in the Messages functionality ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1991 (Open redirect vulnerability in WebPlatform / AppFramework 6.0 through ...)
	NOT-FOR-US: NTT DATA INTRAMART
CVE-2014-1990 (Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the ...)
	NOT-FOR-US: TOSHIBA TEC e-Studio
CVE-2014-1989 (Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1988 (The Phone Messages feature in Cybozu Garoon 2.0.0 through 3.7 SP2 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1987 (The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-1986 (The Content Provider in the KOKUYO CamiApp application 1.21.1 and ...)
	NOT-FOR-US: KOKUYO CamiApp application
CVE-2014-1984 (Session fixation vulnerability in the management screen in Cybozu ...)
	NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-1983 (Unspecified vulnerability in Cybozu Remote Service Manager through ...)
	NOT-FOR-US: Cybozu Remote Service Manager
CVE-2014-1982 (The administrative interface in Allied Telesis AT-RG634A ADSL ...)
	NOT-FOR-US: Allied Telesis AT-RG634A ADSL Broadband router
CVE-2014-1981
	REJECTED
CVE-2014-1980 (Cross-site scripting (XSS) vulnerability in ...)
	- piwigo <removed> (low)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2014-1979 (The NTT DOCOMO sp mode mail application 5900 through 6300 for Android ...)
	NOT-FOR-US: NTT DOCOMO mail app
CVE-2014-1978 (The application link interface in the NTT DOCOMO sp mode mail ...)
	NOT-FOR-US: NTT DOCOMO mail app
CVE-2014-1977 (The NTT DOCOMO sp mode mail application 6300 and earlier for Android ...)
	NOT-FOR-US: NTT DOCOMO mail app
CVE-2014-1976 (The Demaecan application 2.1.0 and earlier for Android does not verify ...)
	NOT-FOR-US: Demaecan Android app
CVE-2014-1975 (Directory traversal vulnerability in the R-Company Unzipper ...)
	NOT-FOR-US: Unzipper Android app
CVE-2014-1974 (Directory traversal vulnerability in the LYSESOFT AndExplorer ...)
	NOT-FOR-US: LYSESOFT
CVE-2014-1973 (Directory traversal vulnerability in the NextApp File Explorer ...)
	NOT-FOR-US: NextApp File Explorer application for Android
CVE-2014-1972 (Apache Tapestry before 5.3.6 relies on client-side object storage ...)
	NOT-FOR-US: Apache Tapestry
CVE-2014-1971 (Cross-site scripting (XSS) vulnerability in Silex before 2.0.0 allows ...)
	NOT-FOR-US: Silex
CVE-2014-1970 (Directory traversal vulnerability in the ES File Explorer File Manager ...)
	NOT-FOR-US: ES File Explorer File Manager for Android
CVE-2014-1969 (Directory traversal vulnerability in the apps4u@android SD Card ...)
	NOT-FOR-US: apps4u@android SD Card Manager application
CVE-2014-1968 (Cross-site scripting (XSS) vulnerability in the XooNIps module 3.47 ...)
	NOT-FOR-US: XooNIps module for XOOPS
CVE-2014-1967 (The Denny's application before 2.0.1 for Android does not verify X.509 ...)
	NOT-FOR-US: Denny's application for Android
CVE-2014-1966 (The SNMP implementation in Siemens RuggedCom ROS before 3.11, ROS 3.11 ...)
	NOT-FOR-US: Siemens RuggedCom ROS
CVE-2014-1965 (Cross-site scripting (XSS) vulnerability in ISpeakAdapter in the ...)
	NOT-FOR-US: SAP Exchange Infrastructure
CVE-2014-1964 (Cross-site scripting (XSS) vulnerability in the Integration Repository ...)
	NOT-FOR-US: SAP Exchange Infrastructure
CVE-2014-1963 (Unspecified vulnerability in Message Server in SAP NetWeaver 7.20 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-1962 (Gwsync in SAP CRM 7.02 EHP 2 allows remote attackers to obtain ...)
	NOT-FOR-US: SAP CRM
CVE-2014-1961 (Unspecified vulnerability in the Portal WebDynPro in SAP NetWeaver ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-1960 (The Solution Manager in SAP NetWeaver does not properly restrict ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2014-1957 (FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1956 (CRLF injection vulnerability in FortiGuard FortiWeb before 5.0.3 ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1955 (Cross-site scripting (XSS) vulnerability in FortiGuard FortiWeb before ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1954
	RESERVED
CVE-2014-1953
	RESERVED
CVE-2014-1952
	RESERVED
CVE-2014-1951
	RESERVED
CVE-2014-1946 (OpenDocMan 1.2.7 and earlier does not properly validate allowed ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-1945 (SQL injection vulnerability in ajax_udf.php in OpenDocMan before ...)
	NOT-FOR-US: OpenDocMan
CVE-2014-1944 (Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier ...)
	NOT-FOR-US: Ilch CMS
CVE-2014-1942 (Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx ...)
	NOT-FOR-US: Pearson eSIS Enterprise Student Information System
CVE-2014-1941
	RESERVED
CVE-2014-1940
	RESERVED
CVE-2014-1931 (The user login page in Visibility Software Cyber Recruiter before ...)
	NOT-FOR-US: Visibility Software Cyber Recruiter
CVE-2014-1930 (Visibility Software Cyber Recruiter before 8.1.00 does not use the ...)
	NOT-FOR-US: Visibility Software Cyber Recruiter
CVE-2013-7330 (Jenkins before 1.502 allows remote authenticated users to configure an ...)
	- jenkins 1.565.2-1 (bug #739067)
	NOTE: https://github.com/jenkinsci/jenkins/commit/36342d71e29e0620f803a7470ce96c61761648d8
CVE-2013-7328 (Multiple integer signedness errors in the gdImageCrop function in ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2013-7327 (The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
CVE-2013-7326 (Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-7324
	RESERVED
CVE-2012-6638 (The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the ...)
	- linux 3.2.29-1
	- linux-2.6  <removed>
	[squeeze] - linux-2.6 2.6.32-47
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=fdf5af0daf8019cec2396cdef8fb042d80fe71fa
CVE-2014-2039 (arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the ...)
	{DSA-2906-1}
	- linux 3.13.5-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/8d7f6690cedb83456edd41c9bd583783f0703bf0
CVE-2014-2037 (Openswan 2.6.40 allows remote attackers to cause a denial of service ...)
	- openswan <not-affected> (Incomplete fix was never applied)
CVE-2014-2032 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS ...)
	- maradns <not-affected> (Deadwood resolver not enabled)
	NOTE: https://github.com/samboy/MaraDNS/commit/2cfcd2397cb8168d4aa4594839fabe88420d03c3
CVE-2014-2031 (Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS ...)
	- maradns <not-affected> (Deadwood resolver not enabled)
	NOTE: https://github.com/samboy/MaraDNS/commit/f015495d221f1c2b2f10db38e87cecf3839d6093
CVE-2014-2030
	RESERVED
	{DSA-2898-1}
	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
	[squeeze] - imagemagick <not-affected> (CVE only for versions with r1448 applied)
	NOTE: for the issue in newer imagemagick versions using "L%06ld" string.
CVE-2014-2029 (The automatic version check functionality in the tools in Percona ...)
	- percona-toolkit 2.2.7-1~dfsg1 (bug #740846)
	[wheezy] - percona-toolkit <not-affected> (version-check introduced in 2.1.4)
	- percona-xtrabackup 2.2.3-1 (bug #751377)
CVE-2014-2027 (eGroupware before 1.8.006.20140217 allows remote attackers to conduct ...)
	- egroupware <removed>
CVE-2014-2015 (Stack-based buffer overflow in the normify function in the rlm_pap ...)
	{DLA-977-1}
	- freeradius 2.2.5+dfsg-0.1 (low; bug #742820)
	[squeeze] - freeradius <no-dsa> (Minor issue)
	NOTE: http://lists.freebsd.org/pipermail/freebsd-bugbusters/2014-February/000610.html
	NOTE: https://github.com/FreeRADIUS/freeradius-server/commit/0d606cfc29a.patch
CVE-2014-2014 (imapsync before 1.584, when running with the --tls option, attempts a ...)
	- imapsync <removed>
CVE-2014-1959 (lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 ...)
	{DSA-2866-1}
	- gnutls26 2.12.23-12
	[squeeze] - gnutls26 <not-affected> (does not allow X.509 v1 certificates by default)
	- gnutls28 3.2.11-1
	NOTE: https://gitlab.com/gnutls/gnutls/commit/b1abfe3d18
	NOTE: introduced by https://gitlab.com/gnutls/gnutls/commit/60ee8a0eb9975d123002b1cffbefd60a8cd5fae6
CVE-2014-1958 [PSD Images Processing RLE Decoding Buffer Overflow Vulnerability]
	RESERVED
	{DSA-2898-1}
	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
	[squeeze] - imagemagick <not-affected> (DecodePSDPixels function is not present)
	NOTE: squeeze: DecodePSDPixels not present but there was a rewrite from DecodeImage?
	NOTE: http://secunia.com/advisories/56844/
CVE-2014-1950 (Use-after-free vulnerability in the xc_cpupool_getinfo function in Xen ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Xen 4.1 onwards affected)
CVE-2014-1949 (GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, ...)
	- gtk+3.0 3.11.8-1
	[wheezy] - gtk+3.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
	- gtk+2.0 <not-affected> (Only affects GTK+ 3.10.9 and later)
	- cinnamon 2.2.14-1 (bug #738828)
	NOTE: http://www.openwall.com/lists/oss-security/2014/02/12/7
	NOTE: https://git.gnome.org/browse/gtk+/commit/?id=1691bb741d50c90ee938f0b73fe81b0ca9bfd6d4
	NOTE: The CVE was originally assigned specifically for cinnamon-screensaver, but the underlying fix lies in gtk+3.0
	NOTE: and later MITRE assigned the CVE to GTK+ 3.10.9 and later, see official MITRE CVE description.
CVE-2014-1948 (OpenStack Image Registry and Delivery Service (Glance) 2013.2 through ...)
	- glance 2013.2.2-1 (bug #738924)
	[wheezy] - glance <not-affected> (Only affects Havana)
	NOTE: https://launchpad.net/bugs/1275062
CVE-2014-1947 [Buffer overflow vulnerability]
	RESERVED
	{DSA-2898-1}
	- imagemagick 8:6.7.7.10+dfsg-1 (bug #740250)
	NOTE: http://web.archive.org/web/20090120112751/http://trac.imagemagick.org:80/changeset/13736
	- graphicsmagick 1.3.20-1 (unimportant)
	NOTE: for graphicsmagick: https://bugzilla.redhat.com/show_bug.cgi?id=1064098#c13
	NOTE: Rendered non-exploitable by fortified source for graphicsmagick
CVE-2014-1943 (Fine Free file before 5.17 allows context-dependent attackers to cause ...)
	{DSA-2868-1 DSA-2861-1}
	- file 1:5.17-0.1 (bug #738832)
	NOTE: http://mx.gw.com/pipermail/file/2014/001337.html
	NOTE: https://github.com/glensc/file/commit/3c081560c23f20b2985c285338b52c7aae9fdb0f
	NOTE: https://github.com/glensc/file/commit/cc9e74dfeca5265ad725acc926ef0b8d2a18ee70
	- php5 5.5.10+dfsg-1 (bug #739012)
CVE-2014-1929 (python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1926
	RESERVED
CVE-2014-1920
	RESERVED
CVE-2014-1919
	RESERVED
CVE-2014-1918
	RESERVED
CVE-2014-1917
	RESERVED
CVE-2014-1916 (The (1) opus_packet_get_nb_frames and (2) ...)
	NOT-FOR-US: MumbleKit / Mumble for iOS
CVE-2014-1915 (Multiple cross-site request forgery (CSRF) vulnerabilities in Command ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1914 (Multiple cross-site scripting (XSS) vulnerabilities in Command School ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1913
	RESERVED
CVE-2014-1911 (The Foscam FI8910W camera with firmware before 11.37.2.55 allows ...)
	NOT-FOR-US: Foscam camera
CVE-2014-1910 (Citrix ShareFile Mobile and ShareFile Mobile for Tablets before 2.4.4 ...)
	NOT-FOR-US: Citrix ShareFile Mobile
CVE-2014-1908 (The error-handling feature in (1) bp.php, (2) ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1907 (Multiple directory traversal vulnerabilities in the VideoWhisper Live ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1906 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1905 (Unrestricted file upload vulnerability in ls/vw_snapshots.php in the ...)
	NOT-FOR-US: VideoWhisper Live Streaming Integration plugin for WordPress
CVE-2014-1904 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2890-1}
	- libspring-java 3.0.6.RELEASE-13 (bug #741604)
	NOTE: http://www.gopivotal.com/security/cve-2014-1904
CVE-2014-1903 (admin/libraries/view.functions.php in FreePBX 2.9 before 2.9.0.14, ...)
	NOT-FOR-US: FreePBX
CVE-2014-1902 (Multiple cross-site scripting (XSS) vulnerabilities in Y-Cam camera ...)
	NOT-FOR-US: Y-Cam cameras
CVE-2014-1901 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
	NOT-FOR-US: Y-Cam cameras
CVE-2014-1900 (Y-Cam camera models SD range YCB003, YCK003, and YCW003; S range ...)
	NOT-FOR-US: Y-Cam cameras
CVE-2014-1899 (Cross-site scripting (XSS) vulnerability in Citrix NetScaler Gateway ...)
	NOT-FOR-US: Citrix NetScaler Gateway
CVE-2014-1898
	RESERVED
CVE-2014-1897
	RESERVED
CVE-2014-1890
	RESERVED
CVE-2014-1889 (The Group creation process in the Buddypress plugin before 1.9.2 for ...)
	NOT-FOR-US: Buddypress plugin for WordPress
CVE-2014-1888 (Cross-site scripting (XSS) vulnerability in the BuddyPress plugin ...)
	NOT-FOR-US: BuddyPress plugin for WordPress
CVE-2014-1880
	RESERVED
CVE-2014-1879 (Cross-site scripting (XSS) vulnerability in import.php in phpMyAdmin ...)
	{DSA-2975-1}
	- phpmyadmin 4:4.1.7-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2014-1878 (Stack-based buffer overflow in the cmd_submitf function in cgi/cmd.c ...)
	{DSA-2956-1 DLA-461-1 DLA-60-1}
	- icinga 1.10.3-1
	- nagios3 <removed> (bug #823721)
	[jessie] - nagios3 <no-dsa> (Minor issue)
CVE-2014-1873
	RESERVED
CVE-2014-1872
	RESERVED
CVE-2014-1871
	RESERVED
CVE-2014-1870 (Opera before 19 on Mac OS X allows user-assisted remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2014-1869 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- db4o <unfixed> (unimportant)
	- jenkins 1.565.3-1 (bug #763899)
	NOTE: in -doc package
CVE-2013-7329 (The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when ...)
	- libcgi-application-perl 4.50-2 (bug #739505)
	[wheezy] - libcgi-application-perl <no-dsa> (Minor issue)
	[squeeze] - libcgi-application-perl <no-dsa> (Minor issue)
	NOTE: suggested fix https://github.com/markstos/CGI--Application/pull/15
CVE-2013-7325
	RESERVED
	{DSA-2836-1}
	- devscripts 2.13.9
	[squeeze] - devscripts <no-dsa> (Minor issue)
CVE-2013-7321 (Cross-site scripting (XSS) vulnerability in D-Link DAP-2253 Access ...)
	NOT-FOR-US: D-Link hardware
CVE-2013-7320 (Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 ...)
	NOT-FOR-US: D-Link hardware
CVE-2013-7319 (Cross-site scripting (XSS) vulnerability in the Download Manager ...)
	NOT-FOR-US: WordPress plugin Download Manager
CVE-2012-6637 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
	NOT-FOR-US: Apache Cordova
CVE-2012-6636 (The Android API before 17 does not properly restrict the ...)
	NOT-FOR-US: Android
CVE-2013-7322 (usersfile.c in liboath in OATH Toolkit before 2.4.1 does not properly ...)
	- oath-toolkit 2.4.1-1 (low; bug #738515)
	[wheezy] - oath-toolkit <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/oath-toolkit-help/2013-12/msg00000.html
CVE-2014-1939 (java/android/webkit/BrowserFrame.java in Android before 4.4 uses the ...)
	NOT-FOR-US: Android Jelly Bean
CVE-2014-1938 [insecure use of /tmp]
	RESERVED
	- python-rply 0.7.4-1 (unimportant; bug #737627)
	NOTE: this CVE is for the insecure use of /tmp as followup for CVE-2014-1604
	NOTE: https://github.com/alex/rply/issues/42
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-1937 [insecure use of /tmp]
	RESERVED
	- gamera 3.4.1-1 (low; bug #737324)
	[squeeze] - gamera <no-dsa> (Minor issue)
	[wheezy] - gamera 3.3.3-2+deb7u1
CVE-2014-1936 [insecure use of /tmp]
	RESERVED
	- rc 1.7.1-5 (unimportant; bug #737125)
	NOTE: Only in the test suite, not part of the standard package
CVE-2014-1935 [insecure use of /tmp]
	RESERVED
	- 9base <unfixed> (unimportant; bug #737206)
	[squeeze] - 9base <no-dsa> (Minor issue)
	NOTE: Not exploitable with kernel hardening since wheezy
CVE-2014-1934 (tag.py in eyeD3 (aka python-eyed3) 7.0.3, 0.6.18, and earlier for ...)
	- eyed3 0.6.18-3 (unimportant; bug #737062)
	[squeeze] - eyed3 <no-dsa> (Minor issue)
	NOTE: Upstream patch: https://bitbucket.org/nicfit/eyed3/commits/372bbacb7a70
	NOTE: https://bitbucket.org/nicfit/eyed3/issue/65/tagpy-in-eyed3-allows-local-users-to
	NOTE: Neutralised by protected_symlinks kernel temp hardening
CVE-2014-1933 (The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python ...)
	- pillow 2.4.0-1 (low; bug #737059)
	- python-imaging <removed>
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	[wheezy] - python-imaging <no-dsa> (Minor issue)
CVE-2014-1932 (The (1) load_djpeg function in JpegImagePlugin.py, (2) Ghostscript ...)
	- pillow 2.4.0-1 (low; bug #737059)
	- python-imaging <removed>
	[squeeze] - python-imaging <no-dsa> (Minor issue)
	[wheezy] - python-imaging <no-dsa> (Minor issue)
CVE-2014-1928 (The shell_quote function in python-gnupg 0.3.5 does not properly ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1927 (The shell_quote function in python-gnupg 0.3.5 does not properly quote ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2014-1925 [SQL injection]
	RESERVED
	- koha <itp> (bug #702134)
CVE-2014-1924 [MARC framework import/export function did not require authentication]
	RESERVED
	- koha <itp> (bug #702134)
CVE-2014-1923 [arbitrary file write trough edithelp.pl]
	RESERVED
	- koha <itp> (bug #702134)
CVE-2014-1922 [path traversal]
	RESERVED
	- koha <itp> (bug #702134)
CVE-2014-1921 (parcimonie before 0.8.1, when using a large keyring, sleeps for the ...)
	{DSA-2860-1}
	- parcimonie 0.8.1-1 (bug #738134)
CVE-2014-1909 (Integer signedness error in system/core/adb/adb_client.c in Android ...)
	- android-tools 4.2.2+git20130529-5.1 (bug #770513)
	- android-platform-system-core 1:6.0.0+r26-1~stage1
	[jessie] - android-platform-system-core <no-dsa> (Minor issue)
	NOTE: http://www.droidsec.org/advisories/2014/02/04/two-security-issues-found-in-the-android-sdk-tools.html
CVE-2014-1896 (The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen ...)
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-1895 (Off-by-one error in the flask_security_avc_cachestats function in ...)
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
CVE-2014-1894 (Multiple integer overflows in unspecified suboperations in the flask ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1893 (Multiple integer overflows in the (1) FLASK_GETBOOL and (2) ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1892 (Xen 3.3 through 4.1, when XSM is enabled, allows local users to cause ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1891 (Multiple integer overflows in the (1) FLASK_GETBOOL, (2) ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not built with XSM_ENABLE, thus resulted binary packages not affected
CVE-2014-1887 (The DrinkedIn BarFinder application for Android, when Adobe PhoneGap ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1886 (The Edinburgh by Bus application for Android, when Adobe PhoneGap ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1885 (The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1884 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1883 (Adobe PhoneGap before 2.6.0 on Android uses the ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1882 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1881 (Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-1868 (Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when ...)
	- restlet <itp> (bug #596472)
CVE-2014-1867
	RESERVED
	- suphp <removed> (bug #736969)
	[squeeze] - suphp <no-dsa> (Minor issue)
	[wheezy] - suphp <no-dsa> (Minor issue)
CVE-2014-1866
	RESERVED
CVE-2014-1865
	RESERVED
CVE-2014-1864
	RESERVED
CVE-2014-1863
	RESERVED
CVE-2014-1862
	RESERVED
CVE-2014-1861 (The client in Jetro COCKPIT Secure Browsing (JCSB) 4.3.1 and 4.3.3 ...)
	NOT-FOR-US: Jetro COCKPIT Secure Browsing
CVE-2014-1859 ((1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) ...)
	- python-numpy 1:1.8.1~rc1-1 (low; bug #737778)
	[squeeze] - python-numpy <no-dsa> (Minor issue)
	[wheezy] - python-numpy <no-dsa> (Minor issue)
	NOTE: issue fixed by https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
CVE-2014-1858 (__init__.py in f2py in NumPy before 1.8.1 allows local users to write ...)
	- python-numpy 1:1.8.1~rc1-1 (low; bug #737778)
	[squeeze] - python-numpy <no-dsa> (Minor issue)
	[wheezy] - python-numpy <no-dsa> (Minor issue)
CVE-2014-1857
	RESERVED
CVE-2014-1856
	RESERVED
CVE-2014-1855 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel ...)
	NOT-FOR-US: Seo Panel
CVE-2014-1854 (SQL injection vulnerability in library/clicktracker.php in the ...)
	NOT-FOR-US: AdRotate plugin for WordPress
CVE-2014-1853
	RESERVED
CVE-2014-1852
	RESERVED
CVE-2014-1851
	RESERVED
CVE-2014-1850
	RESERVED
	- node-marked 0.3.1+dfsg-1
CVE-2014-1849 (Foscam IP camera 11.37.2.49 and other versions, when using the Foscam ...)
	NOT-FOR-US: Foscam
CVE-2014-1848
	RESERVED
CVE-2014-1847
	RESERVED
CVE-2014-1844
	RESERVED
CVE-2014-1843 (Directory traversal vulnerability in the web interface in Titan FTP ...)
	NOT-FOR-US: Titan FTP Server
CVE-2014-1842 (Directory traversal vulnerability in the web interface in Titan FTP ...)
	NOT-FOR-US: Titan FTP Server
CVE-2014-1841 (Directory traversal vulnerability in the web interface in Titan FTP ...)
	NOT-FOR-US: Titan FTP Server
CVE-2014-1840 (Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2014-1830 (Requests (aka python-requests) before 2.3.0 allows remote servers to ...)
	{DSA-3146-1}
	- requests 2.3.0-1 (bug #733108)
	NOTE: https://github.com/kennethreitz/requests/issues/1885
CVE-2014-1829 (Requests (aka python-requests) before 2.3.0 allows remote servers to ...)
	{DSA-3146-1}
	- requests 2.3.0-1 (bug #733108)
	NOTE: https://github.com/kennethreitz/requests/issues/1885
CVE-2014-1912 (Buffer overflow in the socket.recvfrom_into function in ...)
	{DSA-2880-1 DLA-25-1}
	- python2.5 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.6-6 (low)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.5-1 (low)
	- python3.4 3.4.0-1 (low)
	NOTE: http://bugs.python.org/issue20246
	NOTE: https://www.trustedsec.com/february-2014/python-remote-code-execution-socket-recvfrom_into/
CVE-2014-1877 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 ...)
	NOT-FOR-US: Dokeos
CVE-2014-1876 (The unpacker::redirect_stdio function in unpack.cpp in unpack200 in ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1 (low; bug #737562)
	- openjdk-6 6b31-1.13.3-1 (low)
CVE-2014-1875 (The Capture::Tiny module before 0.24 for Perl allows local users to ...)
	- libcapture-tiny-perl 0.24-1 (bug #737835)
	[wheezy] - libcapture-tiny-perl <no-dsa> (Minor issue)
	[squeeze] - libcapture-tiny-perl <no-dsa> (Minor issue)
CVE-2014-1874 (The security_context_to_sid_core function in ...)
	{DSA-2906-1}
	- linux 3.13.4-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2172fa709ab32ca60e86179dc67d0857be8e2c98, first included in v3.14-rc2
CVE-2014-1860 [PHP object insertion]
	RESERVED
	NOT-FOR-US: Contao CMS
CVE-2014-1832 (Phusion Passenger 4.0.37 allows local users to write to certain files ...)
	- ruby-passenger 4.0.37-2
	[wheezy] - ruby-passenger <not-affected> (incomplete patch never applied)
	- passenger <not-affected> (incomplete patch never applied)
CVE-2014-1831 (Phusion Passenger before 4.0.37 allows local users to write to certain ...)
	- ruby-passenger 4.0.37-1 (low; bug #736958)
	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u2 (low; bug #736958)
	- passenger 4.0.37-1
	[squeeze] - passenger <no-dsa> (minor issue)
CVE-2001-1593 (The tempname_ensure function in lib/routines.h in a2ps 4.14 and ...)
	{DSA-2892-1}
	- a2ps 1:4.14-1.2 (low; bug #737385)
CVE-2014-1845 (An unspecified setuid root helper in Enlightenment before 0.17.6 ...)
	- e17 0.17.3-3 (bug #737705)
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
CVE-2014-1846 (Enlightenment before 0.17.6 might allow local users to gain privileges ...)
	- e17 0.17.3-3 (bug #737705)
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
	NOTE: https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
CVE-2014-1839 (The Execute class in shellutils in logilab-commons before 0.61.0 uses ...)
	- logilab-common 0.61.0-1 (low; bug #737051)
	[squeeze] - logilab-common <no-dsa> (Minor issue)
	[wheezy] - logilab-common <no-dsa> (Minor issue)
CVE-2014-1838 (The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py ...)
	- logilab-common 0.61.0-1 (low; bug #737051)
	[squeeze] - logilab-common <no-dsa> (Minor issue)
	[wheezy] - logilab-common <no-dsa> (Minor issue)
CVE-2014-1837 (Cross-site scripting (XSS) vulnerability in the StackIdeas Komento ...)
	NOT-FOR-US: Joomla com_komento
CVE-2014-1836 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: ImpressCMS
CVE-2014-1835 (The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 ...)
	NOT-FOR-US: Echor Ruby Gem
CVE-2014-1834 (The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 ...)
	NOT-FOR-US: Echor Ruby Gem
CVE-2014-1833 (Directory traversal vulnerability in uupdate in devscripts 2.14.1 ...)
	- devscripts 2.14.8 (low; bug #737160)
	[squeeze] - devscripts <no-dsa> (Minor issue)
	[wheezy] - devscripts <no-dsa> (Minor issue)
CVE-2013-7338 (Python before 3.3.4 RC1 allows remote attackers to cause a denial of ...)
	- python2.5 <not-affected> (Only affects 3.x)
	- python2.6 <not-affected> (Only affects 3.x)
	- python2.7 <not-affected> (Only affects 3.x)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.4-1 (low)
	- python3.4 3.4~b3-1 (low)
	NOTE: http://bugs.python.org/issue20078
CVE-2014-XXXX [no input validation for search function]
	- fookebox 0.7.2-1 (low; bug #736821)
	[wheezy] - fookebox <no-dsa> (Minor issue)
CVE-2014-2013 (Stack-based buffer overflow in the xps_parse_color function in ...)
	{DSA-2951-1}
	- mupdf 1.3-2 (bug #738857)
	NOTE: http://www.hdwsec.fr/blog/mupdf.html
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694957
	NOTE: http://git.ghostscript.com/?p=mupdf.git;a=commitdiff;h=60dabde18d7fe12b19da8b509bdfee9cc886aafc
CVE-2013-XXXX [libclamunrar: double-free error libclamunrar_iface/unrar_iface.c]
	- libclamunrar 0.97.7+dfsg-1 (bug #770647)
	[wheezy] - libclamunrar <no-dsa> (Non-free not supported, also minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/11/29/6
CVE-2013-XXXX [staden-io-lib buffer overflow]
	- staden-io-lib 1.13.3-2 (low; bug #729276)
	[squeeze] - staden-io-lib <no-dsa> (Minor issue)
	[wheezy] - staden-io-lib <no-dsa> (Minor issue)
CVE-2013-XXXX [cakephp: local file inclusion]
	- cakephp <not-affected> (AssetDispatcher not present in 1.3)
	NOTE: http://web.archive.org/web/20140531064939/http://bakery.cakephp.org:80/articles/markstory/2013/07/18/cakephp_2_3_8_2_2_9_released
	NOTE: http://seclists.org/bugtraq/2013/Aug/97, needs a CVE assignment
CVE-2013-XXXX [automysqlbackup code injection]
	- automysqlbackup 2.6+debian.3-1 (bug #706099)
	[squeeze] - automysqlbackup <no-dsa> (Minor issue)
CVE-2013-XXXX [autopostgresqlbackup code injection]
	- autopostgresqlbackup 1.0-2 (bug #706095)
CVE-2013-XXXX [buffer overflow in commandline parsing]
	- swath 0.4.3-3 (low; bug #698189)
	[squeeze] - swath 0.4.0-4+squeeze1
CVE-2014-1828 (The iThoughts web server in the iThoughtsHD app 4.19 for iOS on iPad ...)
	NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1827 (The iThoughtsHD app 4.19 for iOS on iPad devices, when the WiFi ...)
	NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1826 (Cross-site scripting (XSS) vulnerability in the iThoughtsHD app 4.19 ...)
	NOT-FOR-US: iOS iThoughtsHD app
CVE-2014-1825
	REJECTED
CVE-2014-1824 (Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1823 (Cross-site scripting (XSS) vulnerability in the Web Components Server ...)
	NOT-FOR-US: Microsoft Lync Server
CVE-2014-1822
	REJECTED
CVE-2014-1821
	REJECTED
CVE-2014-1820 (Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) ...)
	NOT-FOR-US: Microsoft
CVE-2014-1819 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-1818 (GDI+ in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1817 (usp10.dll in Uniscribe (aka the Unicode Script Processor) in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1816 (Microsoft XML Core Services (aka MSXML) 3.0 and 6.0 does not properly ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2014-1815 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1814 (The Windows Installer in Microsoft Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2014-1813 (Microsoft Web Applications 2010 SP1 and SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2014-1812 (The Group Policy implementation in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2014-1811 (The TCP implementation in Microsoft Windows Vista SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1810
	REJECTED
CVE-2014-1809 (The MSCOMCTL library in Microsoft Office 2007 SP3, 2010 SP1 and SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2014-1808 (Microsoft Office 2013 Gold, SP1, RT, and RT SP1 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2014-1807 (The ShellExecute API in Windows Shell in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-1806 (The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2014-1805 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1804 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1803 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1802 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1801
	REJECTED
CVE-2014-1800 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1799 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1798
	REJECTED
CVE-2014-1797 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1796 (Microsoft Internet Explorer 6 and 8 through 11 allows remote attackers ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1795 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1794 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1793
	REJECTED
CVE-2014-1792 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1791 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1790 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1789 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1788 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1787
	REJECTED
CVE-2014-1786 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1785 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1784 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1783 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1782 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1781 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1780 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1779 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1778 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1777 (Microsoft Internet Explorer 10 and 11 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1776 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1775 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1774 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1773 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1772 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1771 (SChannel in Microsoft Internet Explorer 6 through 11 does not ensure ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1770 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1769 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1768
	REJECTED
CVE-2014-1767 (Double free vulnerability in the Ancillary Function Driver (AFD) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1766 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-1765 (Multiple use-after-free vulnerabilities in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1764 (Microsoft Internet Explorer 7 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1763 (Use-after-free vulnerability in Microsoft Internet Explorer 9 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1762 (Unspecified vulnerability in Microsoft Internet Explorer 6 through 11 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1761 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-1760 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1759 (pubconv.dll in Microsoft Publisher 2003 SP3 and 2007 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2014-1758 (Stack-based buffer overflow in Microsoft Word 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-1757 (Microsoft Word 2007 SP3 and 2010 SP1 and SP2, and Office Compatibility ...)
	NOT-FOR-US: Microsoft Word
CVE-2014-1756 (Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 ...)
	NOT-FOR-US: Microsoft
CVE-2014-1755 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1754 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2014-1753 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1752 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1751 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-1749 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2939-1}
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 35.0.1916.114-1
CVE-2014-1748 (The ScrollView::paint function in platform/scroll/ScrollView.cpp in ...)
	{DSA-2939-1}
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 35.0.1916.114-1
CVE-2014-1747 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1746 (The InMemoryUrlProtocol::Read function in ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1745 (Use-after-free vulnerability in the SVG implementation in Blink, as ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1744 (Integer overflow in the AudioInputRendererHost::OnCreateStream ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1743 (Use-after-free vulnerability in the StyleElement::removedFromDocument ...)
	{DSA-2939-1}
	- chromium-browser 35.0.1916.114-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1742 (Use-after-free vulnerability in the FrameSelection::updateAppearance ...)
	{DSA-2930-1}
	- chromium-browser 34.0.1847.137-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1741 (Multiple integer overflows in the replace-data functionality in the ...)
	{DSA-2930-1}
	- chromium-browser 34.0.1847.137-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1740 (Multiple use-after-free vulnerabilities in ...)
	{DSA-2930-1}
	- chromium-browser 34.0.1847.137-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1739 (The media_device_enum_entities function in ...)
	- linux 3.14.7-1 (unimportant)
	[wheezy] - linux 3.2.60-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerability introduced in 2.6.38)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8
	NOTE: Not exploitable with any sane setup
CVE-2014-1738 (The raw_cmd_copyout function in drivers/block/floppy.c in the Linux ...)
	{DSA-2928-1 DSA-2926-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2145e15e0557a01b9195d1c7199a1b92cb9be81f
CVE-2014-1737 (The raw_cmd_copyin function in drivers/block/floppy.c in the Linux ...)
	{DSA-2928-1 DSA-2926-1}
	- linux 3.14.4-1
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ef87dbe7614341c2e7bfe8d32fcb7028cc97442c
CVE-2014-1736 (Integer overflow in api.cc in Google V8, as used in Google Chrome ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1735 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.33, ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1734 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1733 (The PointerCompare function in codegen.cc in Seccomp-BPF, as used in ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1732 (Use-after-free vulnerability in ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1731 (core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1730 (Google V8, as used in Google Chrome before 34.0.1847.131 on Windows ...)
	{DSA-2920-1}
	- chromium-browser 34.0.1847.132-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1729 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1728 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1727 (Use-after-free vulnerability in ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1726 (The drag implementation in Google Chrome before 34.0.1847.116 allows ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1725 (The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1724 (Use-after-free vulnerability in Free(b)soft Laboratory Speech ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- speech-dispatcher 0.8-7 (low; bug #745808)
	[squeeze] - speech-dispatcher <no-dsa> (Minor issue)
	[wheezy] - speech-dispatcher <no-dsa> (Minor issue)
	NOTE: no specific information available (possibly already be fixed in 0.8), the fix in chromium was to disable speechd by default
CVE-2014-1723 (The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1722 (Use-after-free vulnerability in the ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1721 (Google V8, as used in Google Chrome before 34.0.1847.116, does not ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1720 (Use-after-free vulnerability in the HTMLBodyElement::insertedInto ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1719 (Use-after-free vulnerability in the ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1718 (Integer overflow in the SoftwareFrameManager::SwapToNewFrame function ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1717 (Google V8, as used in Google Chrome before 34.0.1847.116, does not ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1716 (Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype ...)
	{DSA-2905-1}
	- chromium-browser 34.0.1847.116-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1715 (Directory traversal vulnerability in Google Chrome before ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1714 (The ScopedClipboardWriter::WritePickledData function in ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2014-1713 (Use-after-free vulnerability in the AttributeSetter function in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1712
	RESERVED
CVE-2014-1711 (The GPU driver in the kernel in Google Chrome OS before 33.0.1750.152 ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1710 (The AsyncPixelTransfersCompletedQuery::End function in ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1709
	RESERVED
CVE-2014-1708 (The boot implementation in Google Chrome OS before 33.0.1750.152 does ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1707 (Directory traversal vulnerability in CrosDisks in Google Chrome OS ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1706 (crosh in Google Chrome OS before 33.0.1750.152 allows attackers to ...)
	NOT-FOR-US: Chrome OS
CVE-2014-1705 (Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	- libv8 <removed>
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1704 (Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2014-1703 (Use-after-free vulnerability in the ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1702 (Use-after-free vulnerability in the ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1701 (The GenerateFunction function in bindings/scripts/code_generator_v8.pm ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1700 (Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1699 (Siemens SIMATIC WinCC OA before 3.12 P002 January allows remote ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2014-1698 (Directory traversal vulnerability in Siemens SIMATIC WinCC OA before ...)
	NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1697 (The integrated web server in Siemens SIMATIC WinCC OA before 3.12 P002 ...)
	NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1696 (Siemens SIMATIC WinCC OA before 3.12 P002 January uses a weak hash ...)
	NOT-FOR-US: Siemens SIMATIC WinCC OA
CVE-2014-1695 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DLA-1119-1}
	- otrs2 3.3.5-1
	[squeeze] - otrs2 <no-dsa> (Minor issue)
	NOTE: https://www.otrs.com/security-advisory-2014-03-xss-issue/
CVE-2013-7323 (python-gnupg before 0.3.5 allows context-dependent attackers to ...)
	{DSA-2946-1}
	- python-gnupg 0.3.6-1 (bug #738509)
CVE-2013-7318 (Cross-site scripting (XSS) vulnerability in BusinessFlow/login in ...)
	NOT-FOR-US: AlgoSec Firewall Analyzer
CVE-2014-1750 (Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps ...)
	NOT-FOR-US: WordPress plugin nokia-mapsplaces
CVE-2014-1694 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	{DSA-2867-1}
	- otrs2 3.3.4-1 (low)
	NOTE: https://www.otrs.com/security-advisory-2014-01-csrf-issue-customer-web-interface/
CVE-2014-1693 (Multiple CRLF injection vulnerabilities in the FTP module in ...)
	- erlang 1:16.b.3.1-dfsg-3 (low; bug #738132)
	[squeeze] - erlang <no-dsa> (Minor issue)
	[wheezy] - erlang 1:15.b.1-dfsg-4+deb7u1
CVE-2014-1692 (The hash_buffer function in schnorr.c in OpenSSH through 6.4, when ...)
	- openssh <not-affected> (J-PAKE not activated)
CVE-2014-1691 (The framework/Util/lib/Horde/Variables.php script in the Util library ...)
	{DSA-2853-1}
	- horde3 <removed> (medium; bug #737149)
	- php-horde-util 2.3.0-1
	NOTE: https://github.com/horde/horde/commit/da6afc7e9f4e290f782eca9dbca794f772caccb3
	NOTE: https://github.com/horde/horde/commit/acf67ab4a633037849aca9e4a7592465b999ad93 is also required
CVE-2014-1690 (The help function in net/netfilter/nf_nat_irc.c in the Linux kernel ...)
	- linux 3.12.8-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
	NOTE: https://git.kernel.org/linus/2690d97ade05c5325cbf7c72b94b90d265659886
CVE-2014-1689
	RESERVED
CVE-2014-1688
	RESERVED
CVE-2014-1687
	RESERVED
CVE-2014-1686 (MediaWiki 1.18.0 allows remote attackers to obtain the installation ...)
	- mediawiki <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2014/Mar/102
	NOTE: path disclosure not an issue
CVE-2014-1685 (The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and ...)
	- zabbix 1:2.2.2+dfsg-1
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-1684 (The ASF_ReadObject_file_properties function in ...)
	- vlc 2.1.4-1 (unimportant; bug #743033)
	NOTE: Crash in enduser application, no security impact
CVE-2014-1683 (The bashMail function in ...)
	NOT-FOR-US: SkyBlueCanvas CMS
CVE-2014-1682 (The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x ...)
	- zabbix 1:2.2.2+dfsg-1 (bug #737818)
	[squeeze] - zabbix <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://support.zabbix.com/browse/ZBX-7703
CVE-2014-1681 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2014-1680 (Untrusted search path vulnerability in Bandisoft Bandizip before 3.10 ...)
	NOT-FOR-US: Bandisoft Bandizip
CVE-2014-1679 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2014-1678
	RESERVED
CVE-2014-1677 (Technicolor TC7200 with firmware STD6.01.12 could allow remote ...)
	NOT-FOR-US: Technicolor TC7200
	NOTE: https://www.exploit-db.com/exploits/31894/
CVE-2014-1676
	RESERVED
CVE-2014-1675
	RESERVED
CVE-2014-1674
	RESERVED
CVE-2014-1673 (Check Point Session Authentication Agent allows remote attackers to ...)
	NOT-FOR-US: Check Point Session Authentication Agent
CVE-2014-1672 (Check Point R75.47 Security Gateway and Management Server does not ...)
	NOT-FOR-US: Check Point R75.47 Security Gateway and Management Server
CVE-2014-1671 (Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 ...)
	NOT-FOR-US: Dell KACE K1000
CVE-2014-1670 (The Microsoft Bing application before 4.2.1 for Android allows remote ...)
	NOT-FOR-US: Microsoft Bing application
CVE-2014-1669
	RESERVED
CVE-2014-1668
	RESERVED
CVE-2014-1667
	RESERVED
CVE-2014-1665 (Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 ...)
	- owncloud <removed>
CVE-2014-1663 (Unspecified vulnerability in Citrix XenMobile Device Manager server ...)
	NOT-FOR-US: Citrix XenMobile Device Manager server
CVE-2014-1662
	REJECTED
CVE-2014-1661
	REJECTED
CVE-2014-1660
	REJECTED
CVE-2014-1659
	REJECTED
CVE-2014-1658
	REJECTED
CVE-2014-1657
	REJECTED
CVE-2014-1656
	REJECTED
CVE-2014-1655
	REJECTED
CVE-2014-1654
	REJECTED
CVE-2014-1653
	REJECTED
CVE-2014-1652 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-1651 (SQL injection vulnerability in clientreport.php in the management ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-1650 (SQL injection vulnerability in user.php in the management console in ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2014-1649 (The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 ...)
	NOT-FOR-US: Symantec Workspace Streaming
CVE-2014-1648 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2014-1647 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
	NOT-FOR-US: Symantec
CVE-2014-1646 (Symantec PGP Desktop 10.0.x through 10.2.x and Encryption Desktop ...)
	NOT-FOR-US: Symantec
CVE-2014-1645 (SQL injection vulnerability in forcepasswd.do in the management GUI in ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2014-1644 (The forgotten-password feature in forcepasswd.do in the management GUI ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2014-1643 (The Web Email Protection component in Symantec Encryption Management ...)
	NOT-FOR-US: Symantec PGP Universal Web Messenger
CVE-2013-7317 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before ...)
	NOT-FOR-US: CS-Cart
CVE-2013-7316 (Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-7315 (The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through ...)
	{DSA-2842-1}
	- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
CVE-2013-7314 (The OSPF implementation on NEC IP38X, IX1000, IX2000, and IX3000 ...)
	NOT-FOR-US: NEC routers
CVE-2013-7313 (The OSPF implementation in Juniper Junos through 13.x, JunosE, and ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-7312 (The OSPF implementation on Enterasys switches and routers does not ...)
	NOT-FOR-US: Enterasys switches and routers
CVE-2013-7311 (The OSPF implementation in Check Point Gaia OS R75.X and R76 and IPSO ...)
	NOT-FOR-US: Check Point Gaia OS
CVE-2013-7310 (The OSPF implementation on Yamaha routers does not consider the ...)
	NOT-FOR-US: Yamaha routers
CVE-2013-7309 (The OSPF implementation in Extreme Networks EXOS does not consider the ...)
	NOT-FOR-US: Extreme Networks EXOS
CVE-2013-7308 (The OSPF implementation on the D-Link DES-3810-28 switch with firmware ...)
	NOT-FOR-US: D-Link DES-3810-28 switch
CVE-2013-7307 (The OSPF implementation on the Brocade Vyatta vRouter with software ...)
	NOT-FOR-US: Brocade Vyatta vRouter
CVE-2013-7306 (The OSPF implementation on Brocade routers does not consider the ...)
	NOT-FOR-US: Brocade routers
CVE-2014-1666 (The do_physdev_op function in Xen 4.1.5, 4.1.6.1, 4.2.2 through 4.2.3, ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code not present)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2014-1664 (The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP ...)
	NOT-FOR-US: GoToMeeting in Android
CVE-2014-1641
	RESERVED
CVE-2014-1637 (Command School Student Management System 1.06.01 does not properly ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1636 (Multiple SQL injection vulnerabilities in Command School Student ...)
	NOT-FOR-US: Command School Student Management System
CVE-2014-1635 (Buffer overflow in login.cgi in MiniHttpd in Belkin N750 Router with ...)
	NOT-FOR-US: Belkin router
CVE-2014-1634
	RESERVED
CVE-2014-1633
	RESERVED
CVE-2014-1632 (htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers ...)
	NOT-FOR-US: Eventum
CVE-2014-1631 (Eventum before 2.3.5 allows remote attackers to reinstall the ...)
	NOT-FOR-US: Eventum
CVE-2014-1630
	RESERVED
CVE-2014-1629
	RESERVED
CVE-2014-1628
	RESERVED
CVE-2014-1627
	RESERVED
CVE-2014-1625
	RESERVED
CVE-2014-1623
	RESERVED
CVE-2014-1622
	RESERVED
CVE-2014-1621
	RESERVED
CVE-2014-1620 (Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2014-1619 (Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and ...)
	NOT-FOR-US: Cubic CMS
CVE-2014-1618 (Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script ...)
	NOT-FOR-US: UAEPD Shopping Cart Script
CVE-2014-1617
	RESERVED
CVE-2014-1616
	RESERVED
CVE-2014-1615 (Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon ...)
	NOT-FOR-US: Carbon Black
CVE-2014-1614
	RESERVED
CVE-2014-1613 (Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP ...)
	- dotclear 2.6.2+dfsg-1
CVE-2014-1612 (Cross-site scripting (XSS) vulnerability in login.esp in the Web ...)
	NOT-FOR-US: Mediatrix
CVE-2014-1610 (MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.11+dfsg-1
	[squeeze] - mediawiki <end-of-life>
CVE-2014-1609 (Multiple SQL injection vulnerabilities in MantisBT before 1.2.16 allow ...)
	{DSA-3030-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/7efe0175f0853e18ebfacedfd2374c4179028b3f
CVE-2014-1608 (SQL injection vulnerability in the mci_file_get function in ...)
	{DSA-3030-1}
	- mantis <removed>
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/mantisbt/mantisbt/commit/00b4c17088fa56594d85fe46b6c6057bb3421102
CVE-2014-1607 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Drupal EventCalendar
CVE-2014-1606
	RESERVED
CVE-2014-1605
	RESERVED
CVE-2014-1603 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
	NOT-FOR-US: GetSimple CMS
CVE-2014-1602
	RESERVED
CVE-2014-1601
	RESERVED
CVE-2014-1600
	RESERVED
CVE-2014-1599 (Multiple cross-site scripting (XSS) vulnerabilities in the SFR Box ...)
	NOT-FOR-US: SFR Box router
CVE-2014-1598
	RESERVED
CVE-2014-1597 (SQL injection vulnerability in the CMDB web application in synetics ...)
	NOT-FOR-US: i-doit
CVE-2014-1596
	REJECTED
CVE-2014-1595 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and ...)
	- iceweasel <not-affected> (Specific to MacOS X)
	- icedove <not-affected> (Specific to MacOS X)
CVE-2014-1594 (Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, Thunderbird ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1593 (Stack-based buffer overflow in the mozilla::FileBlockCache::Read ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1592 (Use-after-free vulnerability in the nsHtml5TreeOperation function in ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1591 (Mozilla Firefox 33.0 and SeaMonkey before 2.31 include path strings in ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
	- icedove <not-affected> (Only affects Firefox 33)
CVE-2014-1590 (The XMLHttpRequest.prototype.send method in Mozilla Firefox before ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1589 (Mozilla Firefox before 34.0 and SeaMonkey before 2.31 provide ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
	- icedove <not-affected> (Only affects Firefox 33)
CVE-2014-1588 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 33)
	- icedove <not-affected> (Only affects Firefox 33)
CVE-2014-1587 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3092-1 DSA-3090-1}
	- iceweasel 31.3.0esr-1
	- icedove 31.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1586 (content/base/src/nsDocument.cpp in Mozilla Firefox before 33.0, ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1585 (The WebRTC video-sharing feature in dom/media/MediaManager.cpp in ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1584 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1583 (The Alarm API in Mozilla Firefox before 33.0 and Firefox ESR 31.x ...)
	{DSA-3050-1}
	- iceweasel 31.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
CVE-2014-1582 (The Public Key Pinning (PKP) implementation in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1581 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1580 (Mozilla Firefox before 33.0 does not properly initialize memory for ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1579
	REJECTED
CVE-2014-1578 (The get_tile function in Mozilla Firefox before 33.0, Firefox ESR 31.x ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- libvpx 1.3.0-3 (bug #765435)
	[wheezy] - libvpx <not-affected> (vp9 codec not yet present)
	[squeeze] - libvpx <not-affected> (vp9 codec not yet present)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-77.html
	NOTE: https://hg.mozilla.org/releases/mozilla-esr31/rev/6023f0b4f8ba
CVE-2014-1577 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1576 (Heap-based buffer overflow in the nsTransformedTextRun function in ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1575 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 32 and later)
	- icedove <not-affected> (Only affects Firefox 32 and later)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1574 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-3061-1 DSA-3050-1}
	- iceweasel 31.2.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1573 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE-2014-1572 (The confirm_create_account function in the account-creation feature in ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE-2014-1571 (Bugzilla 2.x through 4.0.x before 4.0.15, 4.1.x and 4.2.x before ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE-2014-1570
	RESERVED
CVE-2014-1569 (The definite_length_decoder function in lib/util/quickder.c in Mozilla ...)
	{DSA-3186-1 DLA-154-1}
	- nss 2:3.17.2-1.1 (bug #773625)
CVE-2014-1568 (Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before ...)
	{DSA-3037-1 DSA-3034-1 DSA-3033-1 DLA-62-1}
	- nss 2:3.17.1-1
	- iceweasel <not-affected> (uses system nss)
	- icedove <not-affected> (uses system nss)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
	NOTE: http://www.intelsecurity.com/advanced-threat-research/#
CVE-2014-1567 (Use-after-free vulnerability in DirectionalityUtils.cpp in Mozilla ...)
	{DSA-3028-1 DSA-3018-1}
	- iceweasel 31.1.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1566 (Mozilla Firefox before 31.1 on Android does not properly restrict ...)
	- iceweasel <not-affected> (Specific to Android)
CVE-2014-1565 (The mozilla::dom::AudioEventTimeline function in the Web Audio API ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1564 (Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1563 (Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1562 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-3028-1 DSA-3018-1}
	- iceweasel 31.1.0esr-1
	- icedove 31.2.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1561 (Mozilla Firefox before 31.0 does not properly restrict use of ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-60.html
CVE-2014-1560 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
CVE-2014-1559 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
CVE-2014-1558 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 allow remote ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-65.html
CVE-2014-1557 (The ConvolveHorizontally function in Skia, as used in Mozilla Firefox ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-64.html
CVE-2014-1556 (Mozilla Firefox before 31.0, Firefox ESR 24.x before 24.7, and ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-62.html
CVE-2014-1555 (Use-after-free vulnerability in the nsDocLoader::OnProgress function ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-61.html
CVE-2014-1554 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1553 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 31.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
CVE-2014-1552 (Mozilla Firefox before 31.0 and Thunderbird before 31.0 do not ...)
	- iceweasel 31.0-1
	- icedove 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-66.html
CVE-2014-1551 (Use-after-free vulnerability in the FontTableRec destructor in Mozilla ...)
	- iceweasel <not-affected> (Affects only Windows platform)
	- icedove <not-affected> (Affects only Windows platform)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-59.html
CVE-2014-1550 (Use-after-free vulnerability in the MediaInputPort class in Mozilla ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-58.html
CVE-2014-1549 (The mozilla::dom::AudioBufferSourceNodeEngine::CopyFromInputBuffer ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - icedove <not-affected> (Only affects releases after ESR24)
	NOTE: https://www.mozilla.org/security/announce/2014/mfsa2014-57.html
CVE-2014-1548 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 31.0-1
	[wheezy] - iceweasel <not-affected> (Only affects releases after ESR24)
	[squeeze] - iceweasel <end-of-life>
CVE-2014-1547 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2996-1 DSA-2986-1}
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-56.html
CVE-2014-1546 (The response function in the JSONP endpoint in ...)
	- bugzilla4 <itp> (bug #669643)
	- bugzilla <removed>
	[squeeze] - bugzilla <end-of-life>
	NOTE: bugzilla part for Adobe Flash's CVE-2014-4671.
CVE-2014-1545 (Mozilla Netscape Portable Runtime (NSPR) before 4.10.6 allows remote ...)
	{DSA-2962-1 DSA-2960-1 DSA-2955-1 DLA-32-1}
	- nspr 2:4.10.6-1
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - nspr 4.8.6-1+squeeze2
	NOTE: Only the Wheezy builds use the bundled nspr
CVE-2014-1544 (Use-after-free vulnerability in the CERT_DestroyCertificate function ...)
	{DSA-3071-1 DSA-2996-1 DSA-2986-1 DLA-89-1}
	- nss 2:3.16.3-1
	- iceweasel 31.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 31.2.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: patch: https://hg.mozilla.org/projects/nss/rev/204f22c527f8
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-63.html
CVE-2014-1543 (Multiple heap-based buffer overflows in the navigator.getGamepads ...)
	- iceweasel <not-affected> (Only affects Windows 8)
	- icedove <not-affected> (Only affects Windows 8)
CVE-2014-1542 (Buffer overflow in the Speex resampler in the Web Audio subsystem in ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1541 (Use-after-free vulnerability in the RefreshDriverTimer::TickDriver ...)
	{DSA-2960-1 DSA-2955-1}
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1540 (Use-after-free vulnerability in the ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1539 (Mozilla Firefox before 30.0 and Thunderbird through 24.6 on OS X do ...)
	- iceweasel <not-affected> (Only affects Mac OS X)
	- icedove <not-affected> (Only affects Mac OS X)
CVE-2014-1538 (Use-after-free vulnerability in the nsTextEditRules::CreateMozBR ...)
	{DSA-2960-1 DSA-2955-1}
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1537 (Use-after-free vulnerability in the ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1536 (The PropertyProvider::FindJustificationRange function in Mozilla ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1535
	RESERVED
CVE-2014-1534 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[wheezy] - iceweasel <not-affected> (Doesn't affect ESR24)
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - icedove <not-affected> (Doesn't affect ESR24)
	[squeeze] - icedove <end-of-life>
CVE-2014-1533 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2960-1 DSA-2955-1}
	- iceweasel 30.0-1
	- icedove 31.0~b1-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1532 (Use-after-free vulnerability in the ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1531 (Use-after-free vulnerability in the ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1530 (The docshell implementation in Mozilla Firefox before 29.0, Firefox ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1529 (The Web Notification API in Mozilla Firefox before 29.0, Firefox ESR ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1528 (The sse2_composite_src_x888_8888 function in Pixman, as used in Cairo ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2014-1527 (Mozilla Firefox before 29.0 on Android allows remote attackers to ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
	- icedove <not-affected> (Only affects Firefox on Android)
CVE-2014-1526 (The XrayWrapper implementation in Mozilla Firefox before 29.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1525 (The mozilla::dom::TextTrack::AddCue function in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1524 (The nsXBLProtoImpl::InstallImplementation function in Mozilla Firefox ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1523 (Heap-based buffer overflow in the read_u32 function in Mozilla Firefox ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1522 (The mozilla::dom::OscillatorNodeEngine::ComputeCustom function in the ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1521
	REJECTED
CVE-2014-1520 (maintenservice_installer.exe in the Maintenance Service Installer in ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2014-1519 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1518 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2924-1 DSA-2918-1}
	- iceweasel 24.5.0esr-1
	- icedove 24.5.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1517 (The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2014-1516 (The saltProfileName function in base/GeckoProfileDirectories.java in ...)
	- iceweasel <not-affected> (Android-specific)
CVE-2014-1515 (Mozilla Firefox before 28.0.1 on Android processes a file: URL by ...)
	- iceweasel <not-affected> (Android-specific)
CVE-2014-1514 (vmtypedarrayobject.cpp in Mozilla Firefox before 28.0, Firefox ESR ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1513 (TypedArrayObject.cpp in Mozilla Firefox before 28.0, Firefox ESR 24.x ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1512 (Use-after-free vulnerability in the TypeObject class in the JavaScript ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1511 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1510 (The Web IDL implementation in Mozilla Firefox before 28.0, Firefox ESR ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1509 (Buffer overflow in the _cairo_truetype_index_to_ucs4 function in ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1508 (The libxul.so!gfxContext::Polygon function in Mozilla Firefox before ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1507 (Directory traversal vulnerability in the DeviceStorage API in Mozilla ...)
	NOT-FOR-US: Firefox OS
CVE-2014-1506 (Directory traversal vulnerability in Android Crash Reporter in Mozilla ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
CVE-2014-1505 (The SVG filter implementation in Mozilla Firefox before 28.0, Firefox ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1504 (The session-restore feature in Mozilla Firefox before 28.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1503
	RESERVED
CVE-2014-1502 (The (1) WebGL.compressedTexImage2D and (2) ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1501 (Mozilla Firefox before 28.0 on Android allows remote attackers to ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
CVE-2014-1500 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1499 (Mozilla Firefox before 28.0 and SeaMonkey before 2.25 allow remote ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1498 (The crypto.generateCRMFRequest method in Mozilla Firefox before 28.0 ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1497 (The mozilla::WaveReader::DecodeAudioData function in Mozilla Firefox ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1496 (Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird ...)
	- iceweasel <not-affected> (Online update not used in Debian)
	- icedove <not-affected> (Online update not used in Debian)
CVE-2014-1495
	RESERVED
CVE-2014-1494 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 27)
	- icedove <not-affected> (Only affects Firefox 27)
CVE-2014-1493 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2911-1 DSA-2881-1}
	- iceweasel 24.4.0esr-1
	- icedove 24.4.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1492 (The cert_TestHostName function in lib/certdb/certdb.c in the ...)
	{DSA-2994-1 DLA-23-1}
	- nss 2:3.16-1
	[squeeze] - nss 3.12.8-1+squeeze8
	- iceweasel <not-affected> (Only affects Firefox 28)
	- icedove <not-affected> (Only affects Firefox 28)
CVE-2014-1491 (Mozilla Network Security Services (NSS) before 3.15.4, as used in ...)
	{DSA-2994-1 DSA-2858-1 DLA-23-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	- nss 2:3.15.4-1
	[squeeze] - nss 3.12.8-1+squeeze8
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1490 (Race condition in libssl in Mozilla Network Security Services (NSS) ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	- nss 2:3.15.4-1
	[squeeze] - nss <no-dsa> (Too complex to backport)
	[wheezy] - nss <no-dsa> (complex to backport)
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	NOTE: session tickets must be enabled by the client (mainly browsers)
CVE-2014-1489 (Mozilla Firefox before 27.0 does not properly restrict access to ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1488 (The Web workers implementation in Mozilla Firefox before 27.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1487 (The Web workers implementation in Mozilla Firefox before 27.0, Firefox ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1486 (Use-after-free vulnerability in the imgRequestProxy function in ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1485 (The Content Security Policy (CSP) implementation in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1484 (Mozilla Firefox before 27.0 on Android 4.2 and earlier creates ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
	- icedove <not-affected> (Only affects Firefox for Android)
CVE-2014-1483 (Mozilla Firefox before 27.0 and SeaMonkey before 2.24 allow remote ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1482 (RasterImage.cpp in Mozilla Firefox before 27.0, Firefox ESR 24.x ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1481 (Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1480 (The file-download implementation in Mozilla Firefox before 27.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1479 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1478 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 26)
	- icedove <not-affected> (Only affects Firefox 26)
CVE-2014-1477 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2858-1}
	- iceweasel 24.3.0esr-1
	- icedove 24.3.0-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
CVE-2014-1474 (Algorithmic complexity vulnerability in Email::Address::List before ...)
	- libemail-address-list-perl 0.03-1
	NOTE: http://lists.bestpractical.com/pipermail/rt-announce/2014-January/000245.html
CVE-2013-7305 (fpw.php in e107 through 1.0.4 does not check the user_ban field, which ...)
	NOT-FOR-US: e107
CVE-2013-7304 (Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 does ...)
	NOT-FOR-US: Check Point Endpoint Security MI Server
CVE-2013-7297
	RESERVED
CVE-2013-7295 (Tor before 0.2.4.20, when OpenSSL 1.x is used in conjunction with a ...)
	- tor 0.2.4.20-1 (low)
	[wheezy] - tor <no-dsa> (Minor issue)
	[squeeze] - tor <not-affected> (OpenSSL in oldstable not affected)
CVE-2012-6635 (wp-admin/includes/class-wp-posts-list-table.php in WordPress before ...)
	- wordpress 3.4+dfsg-1
CVE-2012-6634 (wp-admin/media-upload.php in WordPress before 3.3.3 allows remote ...)
	- wordpress 3.4+dfsg-1
CVE-2012-6633 (Cross-site scripting (XSS) vulnerability in ...)
	- wordpress 3.4+dfsg-1
CVE-2012-6621 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
	NOT-FOR-US: GetSimple CMS
CVE-2012-6620 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) tasks ...)
	- php-horde-kronolith 4.0.2-1
	- kronolith2 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/horde/horde/commit/1228a6825a8dab3333d0a8c8986fc10d1f3d11b2
	NOTE: fixed upstream in 3.0.17
CVE-2011-5271 [configure creates temp files insecurely]
	RESERVED
	- pacemaker 1.1.6-1 (unimportant; bug #633964)
	NOTE: https://github.com/ClusterLabs/pacemaker/commit/23ad834
	NOTE: Only exploitable at build time
CVE-2011-5270 (wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the ...)
	- wordpress 3.2.1+dfsg-1
CVE-2010-5298 (Race condition in the ssl3_read_bytes function in s3_pkt.c in OpenSSL ...)
	{DSA-2908-1}
	- openssl 1.0.1g-3 (unimportant)
	[squeeze] - openssl <not-affected> (Introduced in 1.0.0)
	NOTE: Only exploitable with OPENSSL_NO_BUF_FREELIST enabled
CVE-2010-5297 (WordPress before 3.0.1, when a Multisite installation is used, ...)
	- wordpress 3.0.1-1
CVE-2010-5296 (wp-includes/capabilities.php in WordPress before 3.0.2, when a ...)
	- wordpress 3.0.2-1
CVE-2010-5295 (Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in ...)
	- wordpress 3.0.2-1
CVE-2010-5294 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- wordpress 3.0.2-1
CVE-2010-5293 (wp-includes/comment.php in WordPress before 3.0.2 does not properly ...)
	- wordpress 3.0.2-1
CVE-2014-1642 (The IRQ setup in Xen 4.2.x and 4.3.x, when using device passthrough ...)
	- xen 4.4.0-1
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2014/01/23/2
CVE-2014-1640 (axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe ...)
	- axiom 20120501-17 (low; bug #736358)
	[squeeze] - axiom <no-dsa> (Minor issue)
	[wheezy] - axiom <no-dsa> (Minor issue)
CVE-2014-1639 (syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses ...)
	- syncevolution 1.3.99.7-1 (unimportant; bug #736357)
	NOTE: Only exploitable during build time
CVE-2014-1638 ((1) debian/postrm and (2) debian/localepurge.config in localepurge ...)
	- localepurge 0.7.3.2 (bug #736359)
	[squeeze] - localepurge 0.6.2+nmu1+squeeze1
	[wheezy] - localepurge 0.6.3+deb7u1
CVE-2014-1626 (XML External Entity (XXE) vulnerability in MARC::File::XML module ...)
	- libmarc-xml-perl 1.0.2-1 (bug #736275)
	[wheezy] - libmarc-xml-perl <no-dsa> (Too intrusive to backport)
	[squeeze] - libmarc-xml-perl <no-dsa> (Too intrusive to backport)
	NOTE: http://sourceforge.net/p/marcpm/code/ci/cf2d36597a56eeeffd53b38182b8557c7bf569ac/
	NOTE: older versions do not have the ability to set a user custom parser, trying to fix CVE-2014-1626 not clear yet
	NOTE: upstream developer contacted and is looking into it; backport fix might be to intrusive due to change in used Module
CVE-2014-1624 (Race condition in the xdg.BaseDirectory.get_runtime_dir function in ...)
	- pyxdg 0.25-4 (low; bug #736247)
	[squeeze] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
	[wheezy] - pyxdg <not-affected> (get_runtime_dir introduced in later version)
CVE-2014-1611 (Cross-site scripting (XSS) vulnerability in the Anonymous Posting ...)
	NOT-FOR-US: Drupal contrib
CVE-2014-1604 (The parser cache functionality in parsergenerator.py in RPLY (aka ...)
	- python-rply 0.7.1-1
	NOTE: https://github.com/alex/rply/commit/fc9bbcd25b0b4f09bbd6339f710ad24c129d5d7cand
CVE-2014-1473 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: McAfee Vulnerability Manager
CVE-2014-1472 (Multiple cross-site scripting (XSS) vulnerabilities in the Enterprise ...)
	NOT-FOR-US: McAfee Vulnerability Manager
CVE-2014-1471 (SQL injection vulnerability in the StateGetStatesByType function in ...)
	{DSA-2867-1}
	- otrs2 3.3.4-1 (low)
	NOTE: https://www.otrs.com/security-advisory-2014-02-sql-injection-issue/
CVE-2014-1470
	REJECTED
CVE-2014-1469 (BlackBerry Enterprise Server 5.x before 5.0.4 MR7 and Enterprise ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2014-1468
	RESERVED
CVE-2014-1467 (BlackBerry Enterprise Service 10 before 10.2.1, Universal Device ...)
	NOT-FOR-US: IBM Domino
CVE-2014-1466 (SQL injection vulnerability in CSP MySQL User Manager 2.3 allows ...)
	NOT-FOR-US: CSP MySQL User Manager
CVE-2014-1465
	RESERVED
CVE-2014-1464
	RESERVED
CVE-2014-1463
	RESERVED
CVE-2014-1462
	RESERVED
CVE-2014-1461
	RESERVED
CVE-2014-1460
	RESERVED
CVE-2014-1459 (SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 ...)
	NOT-FOR-US: doorGets CMS
CVE-2014-1458 (Cross-site scripting (XSS) vulnerability in the web administration ...)
	NOT-FOR-US: FortiGuard FortiWeb
CVE-2014-1457 (Open Web Analytics (OWA) before 1.5.6 improperly generates random ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-1456 (Cross-site scripting (XSS) vulnerability in the login page in Open Web ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-1455 (SQL injection vulnerability in the password reset functionality in ...)
	NOT-FOR-US: Pearson eSIS Enterprise Student Information System
CVE-2014-1454
	RESERVED
CVE-2014-1453 (The NFS server (nfsserver) in FreeBSD 8.3 through 10.0 does not ...)
	{DSA-2952-1}
	- kfreebsd-8 <removed>
	[wheezy] - kfreebsd-8 <no-dsa> (Non standard kernel, will be fixed in a point update)
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 <removed> (bug #743984)
	- kfreebsd-10 10.0-4
	NOTE: kfreebsd-8 might be affected but NFS implementation isn't the one used there by default
CVE-2014-1452 (Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in ...)
	NOT-FOR-US: bsnmpd
CVE-2014-1451
	RESERVED
CVE-2014-1450
	RESERVED
CVE-2014-1449 (The Maxthon Cloud Browser application before 4.1.6.2000 for Android ...)
	NOT-FOR-US: Maxthon Cloud Browser application for Android
CVE-2014-1443 (Core FTP Server 1.2 before build 515 allows remote authenticated users ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1442 (Directory traversal vulnerability in Core FTP Server 1.2 before build ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1441 (Core FTP Server 1.2 before build 515 allows remote attackers to cause ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1440
	RESERVED
CVE-2014-1439 (The libxml_disable_entity_loader function in ...)
	NOT-FOR-US: HipHop Virtual Machine for PHP
CVE-2014-1437
	REJECTED
CVE-2014-1436
	REJECTED
CVE-2014-1435
	REJECTED
CVE-2014-1434
	REJECTED
CVE-2014-1433
	REJECTED
CVE-2014-1432
	REJECTED
CVE-2014-1431
	REJECTED
CVE-2014-1430
	REJECTED
CVE-2014-1429
	REJECTED
CVE-2014-1428
	RESERVED
CVE-2014-1427
	RESERVED
CVE-2014-1426
	RESERVED
CVE-2014-1425 (cmanager 0.32 does not properly enforce nesting when modifying cgroup ...)
	- cgmanager 0.33-3
	[jessie] - cgmanager 0.33-2+deb8u1
CVE-2014-1424 (apparmor_parser in the apparmor package before 2.8.95~2430-0ubuntu5.1 ...)
	- apparmor <not-affected> (Vulnerable code only in Ubuntu-specific backport of patch)
	NOTE: Caused by a patch that was added to the Ubuntu packaging before
	NOTE: it was taken upstream. The one that was merged upstream (and part
	NOTE: of AppArmor 2.9.0) is not affected. The closest version to the
	NOTE: affected one that we ever had in Debian (2.8.96~2652) did not
	NOTE: include the faulty patch.
CVE-2014-1423
	RESERVED
CVE-2014-1422
	RESERVED
CVE-2014-1421 (mountall 1.54, as used in Ubuntu 14.10, does not properly handle the ...)
	- mountall <not-affected> (partman-efi in jessie uses secure umask, mount in older releases not affected)
	NOTE: See https://bugs.launchpad.net/ubuntu/+source/partman-efi/+bug/1390183
	NOTE: and http://www.ubuntu.com/usn/usn-2411-1
CVE-2014-1420
	RESERVED
CVE-2014-1419 (Race condition in the power policy functions in policy-funcs in ...)
	{DSA-2984-1 DLA-30-1}
	- acpi-support 0.142-2
CVE-2014-1418 (Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 ...)
	{DSA-2934-1}
	- python-django 1.6.5-1
	NOTE: https://www.djangoproject.com/weblog/2014/may/14/security-releases-issued/
CVE-2014-1417
	RESERVED
CVE-2014-1416
	RESERVED
CVE-2014-1415
	RESERVED
CVE-2014-1414
	RESERVED
CVE-2014-1413
	RESERVED
CVE-2014-1412
	RESERVED
CVE-2014-1411
	RESERVED
CVE-2014-1410
	RESERVED
CVE-2013-7303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	- spip 3.0.13-1 (bug #736170)
	[wheezy] - spip 2.1.17-1+deb7u3
	[squeeze] - spip <end-of-life> (Not supported in Squeeze LTS)
CVE-2013-7302 (Session fixation vulnerability in the Ubercart module 6.x-2.x before ...)
	NOT-FOR-US: Drupal contrib
CVE-2013-7301 (Cantata before 1.2.2 does not restrict access to files in the play ...)
	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7300 (Absolute path traversal vulnerability in cantata before 1.2.2 allows ...)
	- cantata <not-affected> (Vulnerable code introduced with 1.2.0; bug #736154)
	NOTE: https://code.google.com/p/cantata/issues/detail?id=356
CVE-2013-7299 (framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows ...)
	- tntnet 2.2.1-1 (low; bug #735881)
	[wheezy] - tntnet <no-dsa> (Minor issue)
	[squeeze] - tntnet <no-dsa> (Minor issue)
CVE-2013-7298 (query_params.cpp in cxxtools before 2.2.1 allows remote attackers to ...)
	- cxxtools 2.2.1-1 (low; bug #735880)
	[wheezy] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
	[squeeze] - cxxtools <not-affected> (Issue not present, introduced in v2.2)
CVE-2013-7296 (The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler ...)
	- poppler <not-affected> (Introduced in a3cee0e7e9dd292c70fe1fa19a92e70bbc1e1b41)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee
	NOTE: https://bugs.kde.org/show_bug.cgi?id=328511
CVE-2013-7294 (The ikev2parent_inI1outR1 function in pluto/ikev2_parent.c in ...)
	NOT-FOR-US: libreswan, strongSwan not affected (pluto never supported ikev2)
CVE-2013-7293 (The ASUS WL-330NUL router has a configuration process that relies on ...)
	NOT-FOR-US: ASUS router
CVE-2014-1476 (The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an ...)
	{DSA-2847-1}
	- drupal6 <not-affected> (Only occurs on Drupal 7 sites which upgraded from Drupal 6 or earlier)
	- drupal7 7.26-1
CVE-2014-1475 (The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows ...)
	{DSA-2851-1 DSA-2847-1}
	- drupal6 <removed>
	- drupal7 7.26-1
CVE-2014-1446 (The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux ...)
	{DSA-2906-1}
	- linux 3.12.8-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.54-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8e3fbf870481eb53b2d3a322d1fc395ad8b367ed
CVE-2014-1445 (The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux ...)
	{DSA-2906-1}
	- linux 3.12.6-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2b13d06c9584b4eb773f1e80bbaedab9a1c344e1
CVE-2014-1444 (The fst_get_iface function in drivers/net/wan/farsync.c in the Linux ...)
	{DSA-2906-1}
	- linux 3.12.6-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=96b340406724d87e4621284ebac5e059d67b2194
CVE-2014-1438 (The restore_fpu_checking function in ...)
	{DLA-0007-1}
	- linux 3.12.8-1 (bug #733551)
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
	[squeeze] - linux-2.6 2.6.32-48squeeze7
	NOTE: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=26bef1318adc1b3a530ecc807ef99346db2aa8b0
CVE-2014-1448
	REJECTED
CVE-2014-1447 (Race condition in the virNetServerClientStartKeepAlive function in ...)
	{DSA-2846-1}
	- libvirt 1.2.1-1 (bug #735676)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1047577
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=066c8ef6c18bc1faf8b3e10787b39796a7a06cc0
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=173c2914734eb5c32df6d35a82bf503e12261bcf
CVE-2014-1409
	RESERVED
CVE-2014-1404
	RESERVED
CVE-2014-1403 (Cross-site scripting (XSS) vulnerability in name.html in easyXDM ...)
	NOT-FOR-US: easyXDM
CVE-2014-1397
	RESERVED
CVE-2014-1396
	RESERVED
CVE-2014-1395
	RESERVED
CVE-2014-1394
	RESERVED
CVE-2014-1393
	RESERVED
CVE-2014-1392
	RESERVED
CVE-2014-1391 (QT Media Foundation in Apple OS X before 10.9.5 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2014-1390 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1389 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1388 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1387 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1386 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1385 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1384 (WebKit, as used in Apple Safari before 6.1.6 and 7.x before 7.0.6, ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1383 (Apple TV before 6.1.2 allows remote authenticated users to bypass an ...)
	NOT-FOR-US: Apple TV
CVE-2014-1382 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1381 (Thunderbolt in Apple OS X before 10.9.4 does not properly restrict ...)
	NOT-FOR-US: Apple OS X Thunderbolt
CVE-2014-1380 (The Security - Keychain component in Apple OS X before 10.9.4 does not ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1379 (Graphics Drivers in Apple OS X before 10.9.4 allows attackers to gain ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1378 (IOGraphicsFamily in Apple OS X before 10.9.4 allows local users to ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1377 (Array index error in IOAcceleratorFamily in Apple OS X before 10.9.4 ...)
	NOT-FOR-US: Apple OS X
CVE-2014-1376 (Intel Compute in Apple OS X before 10.9.4 does not properly restrict ...)
	NOT-FOR-US: Apple OS X Intel Compute
CVE-2014-1375 (Intel Graphics Driver in Apple OS X before 10.9.4 allows local users ...)
	NOT-FOR-US: Apple OS X Intel Graphics Driver
CVE-2014-1374
	REJECTED
CVE-2014-1373 (Intel Graphics Driver in Apple OS X before 10.9.4 does not properly ...)
	NOT-FOR-US: Apple OS X Intel Graphics Driver
CVE-2014-1372 (Graphics Driver in Apple OS X before 10.9.4 does not properly restrict ...)
	NOT-FOR-US: Apple OS X Graphics Driver
CVE-2014-1371 (Array index error in Dock in Apple OS X before 10.9.4 allows attackers ...)
	NOT-FOR-US: Apple OS X Dock
CVE-2014-1370 (The byte-swapping implementation in copyfile in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2014-1369 (WebKit in Apple Safari before 6.1.5 and 7.x before 7.0.5 allows ...)
	NOT-FOR-US: WebKit
CVE-2014-1368 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1367 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1366 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1365 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1364 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1363 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1362 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: WebKit
CVE-2014-1361 (Secure Transport in Apple iOS before 7.1.2, Apple OS X before 10.9.4, ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1360 (Lockdown in Apple iOS before 7.1.2 does not properly verify data from ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1359 (Integer underflow in launchd in Apple iOS before 7.1.2, Apple OS X ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1358 (Integer overflow in launchd in Apple iOS before 7.1.2, Apple OS X ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1357 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1356 (Heap-based buffer overflow in launchd in Apple iOS before 7.1.2, Apple ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1355 (The IOKit implementation in the kernel in Apple iOS before 7.1.2 and ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1354 (CoreGraphics in Apple iOS before 7.1.2 does not properly restrict ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1353 (Lock Screen in Apple iOS before 7.1.2 does not properly manage the ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1352 (Lock Screen in Apple iOS before 7.1.2 does not properly enforce the ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1351 (Siri in Apple iOS before 7.1.2 allows physically proximate attackers ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1350 (Settings in Apple iOS before 7.1.2 allows physically proximate ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1349 (Use-after-free vulnerability in Safari in Apple iOS before 7.1.2 ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1348 (Mail in Apple iOS before 7.1.2 advertises the availability of data ...)
	NOT-FOR-US: Apple iOS
CVE-2014-1347 (Apple iTunes before 11.2.1 on OS X sets world-writable permissions for ...)
	NOT-FOR-US: Apple iTunes
CVE-2014-1346 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1345 (WebKit in Apple iOS before 7.1.2 and Apple Safari before 6.1.5 and 7.x ...)
	- webkitgtk 2.4.8-1 (unimportant)
CVE-2014-1344 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1343 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1342 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1341 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1340 (WebKit, as used in Apple Safari before 6.1.5 and 7.x before 7.0.5, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1339 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1338 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1337 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1336 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1335 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1334 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1333 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1332
	REJECTED
CVE-2014-1331 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1330 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1329 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1328
	REJECTED
CVE-2014-1327 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1326 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1325 (WebKit, as used in Apple iOS before 7.1.2, Apple Safari before 6.1.5 ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1324 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1323 (WebKit, as used in Apple Safari before 6.1.4 and 7.x before 7.0.4, ...)
	NOT-FOR-US: Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1322 (The kernel in Apple OS X through 10.9.2 places a kernel pointer into ...)
	NOT-FOR-US: Apple
CVE-2014-1321 (Power Management in Apple OS X 10.9.x through 10.9.2 allows physically ...)
	NOT-FOR-US: Apple
CVE-2014-1320 (IOKit in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and Apple ...)
	NOT-FOR-US: Apple
CVE-2014-1319 (Buffer overflow in ImageIO in Apple OS X 10.9.x through 10.9.2 allows ...)
	NOT-FOR-US: Apple
CVE-2014-1318 (The Intel Graphics Driver in Apple OS X through 10.9.2 does not ...)
	NOT-FOR-US: Apple
CVE-2014-1317 (iBooks Commerce in Apple OS X before 10.9.4 places Apple ID ...)
	NOT-FOR-US: Apple
CVE-2014-1316 (Heimdal, as used in Apple OS X through 10.9.2, allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2014-1315 (Format string vulnerability in CoreServicesUIAgent in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-1314 (WindowServer in Apple OS X through 10.9.2 does not prevent session ...)
	NOT-FOR-US: Apple
CVE-2014-1313 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1312 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1311 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1310 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1309 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1308 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1307 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1306
	REJECTED
CVE-2014-1305 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1304 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1303 (Heap-based buffer overflow in Apple Safari 7.0.2 allows remote ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1302 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1301 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1300 (Unspecified vulnerability in Apple Safari 7.0.2 on OS X allows remote ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1299 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1298 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1297 (WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1296 (CFNetwork in Apple iOS before 7.1.1, Apple OS X through 10.9.2, and ...)
	NOT-FOR-US: Apple
CVE-2014-1295 (Secure Transport in Apple iOS before 7.1.1, Apple OS X 10.8.x and ...)
	NOT-FOR-US: Apple
CVE-2014-1294 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1293 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1292 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1291 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1290 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1289 (WebKit, as used in Apple iOS before 7.1 and Apple TV before 6.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1288
	REJECTED
CVE-2014-1287 (USB Host in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
	NOT-FOR-US: Apple
CVE-2014-1286 (SpringBoard Lock Screen in Apple iOS before 7.1 allows remote ...)
	NOT-FOR-US: SpringBoard Lock Screen in Apple iOS
CVE-2014-1285 (Springboard in Apple iOS before 7.1 allows physically proximate ...)
	NOT-FOR-US: Springboard in Apple iOS
CVE-2014-1284
	REJECTED
CVE-2014-1283
	REJECTED
CVE-2014-1282 (The Profiles component in Apple iOS before 7.1 and Apple TV before 6.1 ...)
	NOT-FOR-US: Apple
CVE-2014-1281 (Photos Backend in Apple iOS before 7.1 does not properly manage the ...)
	NOT-FOR-US: Photos Backend in Apple iOS
CVE-2014-1280 (Video Driver in Apple iOS before 7.1 and Apple TV before 6.1 allows ...)
	NOT-FOR-US: Apple
CVE-2014-1279 (Apple TV before 6.1 does not properly restrict logging, which allows ...)
	NOT-FOR-US: Apple TV
CVE-2014-1278 (The ptmx_get_ioctl function in the ARM kernel in Apple iOS before 7.1 ...)
	NOT-FOR-US: Apple
CVE-2014-1277
	REJECTED
CVE-2014-1276 (IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct ...)
	NOT-FOR-US: IOKit HID Event in Apple iOS
CVE-2014-1275 (Buffer overflow in ImageIO in Apple iOS before 7.1 and Apple TV before ...)
	NOT-FOR-US: Apple
CVE-2014-1274 (FaceTime in Apple iOS before 7.1 allows physically proximate attackers ...)
	NOT-FOR-US: FaceTime in Apple iOS
CVE-2014-1273 (dyld in Apple iOS before 7.1 and Apple TV before 6.1 allows attackers ...)
	NOT-FOR-US: Apple
CVE-2014-1272 (CrashHouseKeeping in Crash Reporting in Apple iOS before 7.1 and Apple ...)
	NOT-FOR-US: Apple
CVE-2014-1271 (CoreCapture in Apple iOS before 7.1 and Apple TV before 6.1 does not ...)
	NOT-FOR-US: Apple
CVE-2014-1270 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1269 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1268 (WebKit, as used in Apple Safari before 6.1.2 and 7.x before 7.0.2, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2014-1267 (The Configuration Profiles component in Apple iOS before 7.1 and Apple ...)
	NOT-FOR-US: Apple
CVE-2014-1266 (The SSLVerifySignedServerKeyExchange function in ...)
	NOT-FOR-US: Apple
CVE-2014-1265 (The systemsetup program in the Date and Time subsystem in Apple OS X ...)
	NOT-FOR-US: Apple
CVE-2014-1264 (Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after ...)
	NOT-FOR-US: Apple
CVE-2014-1263 (curl and libcurl 7.27.0 through 7.35.0, when using the ...)
	- curl <not-affected> (Only applies to Curl on Mac OS or iOS)
	NOTE: http://curl.haxx.se/docs/adv_20140326C.html
CVE-2014-1262 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows attackers ...)
	NOT-FOR-US: Apple
CVE-2014-1261 (Integer signedness error in CoreText in Apple OS X before 10.9.2 ...)
	NOT-FOR-US: Apple
CVE-2014-1260 (QuickLook in Apple OS X through 10.8.5 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2014-1259 (Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows ...)
	NOT-FOR-US: Apple
CVE-2014-1258 (Heap-based buffer overflow in CoreAnimation in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2014-1257 (CFNetwork in Apple OS X through 10.8.5 does not remove session cookies ...)
	NOT-FOR-US: Apple
CVE-2014-1256 (Buffer overflow in Apple Type Services (ATS) in Apple OS X before ...)
	NOT-FOR-US: Apple
CVE-2014-1255 (Apple Type Services (ATS) in Apple OS X before 10.9.2 does not ...)
	NOT-FOR-US: Apple
CVE-2014-1254 (Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote ...)
	NOT-FOR-US: Apple
CVE-2014-1253 (AppleMNT.sys in Apple Boot Camp 5 before 5.1 allows local users to ...)
	NOT-FOR-US: Apple Boot Camp
CVE-2014-1252 (Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before ...)
	NOT-FOR-US: Apple Pages
CVE-2014-1251 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1250 (Apple QuickTime before 7.7.5 does not properly perform a byte-swapping ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1249 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1248 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1247 (Apple QuickTime before 7.7.5 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1246 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1245 (Integer signedness error in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1244 (Buffer overflow in Apple QuickTime before 7.7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1243 (Apple QuickTime before 7.7.5 does not initialize an unspecified ...)
	NOT-FOR-US: Apple QuickTime
CVE-2014-1242 (Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, ...)
	NOT-FOR-US: Apple iTunes
CVE-2014-1241
	RESERVED
CVE-2014-1240
	RESERVED
CVE-2014-1239
	RESERVED
CVE-2014-1238
	RESERVED
	NOT-FOR-US: Q-Pulse
CVE-2014-1237 (Cross-site scripting (XSS) vulnerability in synetics i-doit pro before ...)
	NOT-FOR-US: i-doit
CVE-2014-1232 (Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG ...)
	NOT-FOR-US: Foliopress
CVE-2014-1231
	RESERVED
CVE-2014-1230
	RESERVED
CVE-2014-1229
	RESERVED
CVE-2014-1228
	RESERVED
CVE-2014-1227
	RESERVED
CVE-2014-1226 (The pipe_init_terminal function in main.c in s3dvt allows local users ...)
	- s3d 0.2.2-13 (unimportant)
	NOTE: http://hmarco.org/bugs/CVE-2014-1226-s3dvt_0.2.2-root-shell.html
	NOTE: Additional patch hunk applied in 0.2.2-11 (experimental) only
	NOTE: Not running with elevated privileges in Debian packaging
CVE-2014-1225
	RESERVED
CVE-2014-1224 (Incomplete blacklist vulnerability in the user registration feature in ...)
	NOT-FOR-US: rexx Recruitment
CVE-2014-1223 (Cross-site scripting (XSS) vulnerability in controlpanel/loading.aspx ...)
	NOT-FOR-US: Telligent Evolution
CVE-2014-1222 (Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM ...)
	NOT-FOR-US: vTiger CRM
CVE-2014-1221
	RESERVED
	NOT-FOR-US: Dameware
CVE-2014-1220
	RESERVED
	NOT-FOR-US: IT2 Workstation
CVE-2014-1219 (CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID ...)
	NOT-FOR-US: 2E Web Option
CVE-2014-1218
	RESERVED
CVE-2014-1217 (Livetecs Timelive before 6.2.8 does not properly restrict access to ...)
	NOT-FOR-US: Livetecs Timelive
CVE-2014-1216 (FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers ...)
	NOT-FOR-US: Fitnesse Wiki
CVE-2014-1215 (Multiple buffer overflows in Core FTP Server before 1.2 build 508 ...)
	NOT-FOR-US: Core FTP Server
CVE-2014-1214
	RESERVED
	NOT-FOR-US: Projoom NovaSFH Plugin
CVE-2014-1213 (Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G ...)
	NOT-FOR-US: Sophos Anti Virus
CVE-2014-1212
	RESERVED
CVE-2014-1211 (Cross-site request forgery (CSRF) vulnerability in VMware vCloud ...)
	NOT-FOR-US: VMWare
CVE-2014-1210 (VMware vSphere Client 5.0 before Update 3 and 5.1 before Update 2 does ...)
	NOT-FOR-US: VMware vSphere Client
CVE-2014-1209 (VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before ...)
	NOT-FOR-US: VMware vSphere Client
CVE-2014-1208 (VMware Workstation 9.x before 9.0.1, VMware Player 5.x before 5.0.1, ...)
	NOT-FOR-US: VMWare
CVE-2014-1207 (VMware ESXi 4.0 through 5.1 and ESX 4.0 and 4.1 allow remote attackers ...)
	NOT-FOR-US: VMWare
CVE-2014-1206 (SQL injection vulnerability in the password reset page in Open Web ...)
	NOT-FOR-US: Open Web Analytics
CVE-2014-1205
	RESERVED
CVE-2014-1204 (SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and ...)
	NOT-FOR-US: Tableau Server
CVE-2014-1202 (The WSDL/WADL import functionality in SoapUI before 4.6.4 allows ...)
	NOT-FOR-US: SoapUI
CVE-2014-1201 (Buffer overflow in the INetViewX ActiveX control in the Lorex Edge ...)
	NOT-FOR-US: Lorex
CVE-2014-0999 (Sendio before 7.2.4 includes the session identifier in URLs in emails, ...)
	NOT-FOR-US: Sendio
CVE-2014-0998 (Integer signedness error in the vt console driver (formerly Newcons) ...)
	[experimental] - kfreebsd-11 11.0~svn284956-1
	- kfreebsd-10 10.1~svn274115-3 (bug #779194)
	- kfreebsd-9 <not-affected> (don't have newcons)
	- kfreebsd-8 <not-affected> (don't have newcons)
	NOTE: https://www.freebsd.org/security/advisories/FreeBSD-SA-15:02.kmem.asc
CVE-2014-0997 (WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android ...)
	NOT-FOR-US: WiFiMonitor in Android
CVE-2014-0996
	RESERVED
CVE-2014-0995 (The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier ...)
	NOT-FOR-US: SAP Netweaver
CVE-2014-0994 (Heap-based buffer overflow in the ReadDIB function in the ...)
	NOT-FOR-US: Delphi
CVE-2014-0993 (Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in ...)
	NOT-FOR-US: Embarcadero
CVE-2014-0992 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0991 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0990 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0989 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0988 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0987 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0986 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0985 (Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0984 (The passwordCheck function in SAP Router 721 patch 117, 720 patch 411, ...)
	NOT-FOR-US: SAP Router
CVE-2014-0983 (Multiple array index errors in programs that are automatically ...)
	{DSA-2904-1}
	- virtualbox 4.3.10-dfsg-1 (bug #741602)
	- virtualbox-ose <removed> (bug #741602)
	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0982
	REJECTED
CVE-2014-0981 (VBox/GuestHost/OpenGL/util/net.c in Oracle VirtualBox before 3.2.22, ...)
	{DSA-2904-1}
	- virtualbox 4.3.10-dfsg-1 (bug #741602)
	- virtualbox-ose <removed> (bug #741602)
	NOTE: http://www.coresecurity.com/advisories/oracle-virtualbox-3d-acceleration-multiple-memory-corruption-vulnerabilities
CVE-2014-0980 (Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote ...)
	NOT-FOR-US: Publish-It
CVE-2014-0976
	RESERVED
CVE-2014-0975
	RESERVED
CVE-2014-0974 (The boot_linux_from_mmc function in app/aboot/aboot.c in the Little ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-0973 (The image_verify function in platform/msm_shared/image_verify.c in the ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2014-0972 (The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm ...)
	- linux <not-affected> (affects drivers/gpu/msm, not merged in mainline)
CVE-2013-7292 (VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote ...)
	NOT-FOR-US: VASCO IAS
CVE-2013-7291 (memcached before 1.4.17, when running in verbose mode, allows remote ...)
	{DLA-701-1}
	- memcached 1.4.20-1 (low; bug #735314)
	[squeeze] - memcached <no-dsa> (Minor issue)
	NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
CVE-2013-7290 (The do_item_get function in items.c in memcached 1.4.4 and other ...)
	- memcached 1.4.13-0.2
	[squeeze] - memcached 1.4.5-1+deb6u1
	NOTE: https://github.com/memcached/memcached/commit/fbe823d9a61b5149cd6e3b5e17bd28dd3b8dd760
	NOTE: actual patch should be adjusted in case there is a further memcached upload accoring to upstream commit
CVE-2013-7289 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7287
	RESERVED
CVE-2013-7286
	RESERVED
CVE-2013-7283 (Race condition in the libreswan.spec files for Red Hat Enterprise ...)
	- libreswan <not-affected> (Fixed before initial upload in Debian; /tmp-race in libreswan.spec for rpm based systems)
CVE-2013-7282 (The management web interface on the Nisuta NS-WIR150NE router with ...)
	NOT-FOR-US: Nisuta NS-WIR150NE router
CVE-2013-7280 (Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier ...)
	NOT-FOR-US: HansoTools Hanso Player
CVE-2013-7279 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin S3 Video
CVE-2013-7278 (SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote ...)
	NOT-FOR-US: Naxtech CMS Afroditi
CVE-2013-7277 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...)
	NOT-FOR-US: Andy's PHP Knowledgebase (Aphpkb)
CVE-2013-7276 (Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the ...)
	NOT-FOR-US: WordPress plugin Recommend to a friend
CVE-2013-7275 (Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2013-7274 (Cross-site scripting (XSS) vulnerability in Wallpaper Script 3.5.0082 ...)
	NOT-FOR-US: Wallpaper Script
CVE-2013-7272
	RESERVED
CVE-2010-5292 (Amberdms Billing System (ABS) before 1.4.1, when a multi-instance ...)
	NOT-FOR-US: Amberdms Billing System
CVE-2014-1408 (The Conceptronic C54APM access point with runtime code 1.26 has a ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1407 (Multiple cross-site scripting (XSS) vulnerabilities on the ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1406 (CRLF injection vulnerability in goform/formWlSiteSurvey on the ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1405 (Multiple open redirect vulnerabilities on the Conceptronic C54APM ...)
	NOT-FOR-US: Conceptronic C54APM access point
CVE-2014-1402 (The default configuration for bccache.FileSystemBytecodeCache in ...)
	- jinja2 2.7.2-1 (low; bug #734747)
	[squeeze] - jinja2 <no-dsa> (Minor issue)
	[wheezy] - jinja2 <no-dsa> (Minor issue)
	NOTE: 2.7.2 does not create safely temporary files, new CVE-2014-0012 was assigned for this issue
CVE-2014-1401 (Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier ...)
	NOT-FOR-US: AuraCMS
CVE-2014-1400 (The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 ...)
	NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1399 (The entity wrapper access API in the Entity API module 7.x-1.x before ...)
	NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1398 (The entity wrapper access API in the Entity API module 7.x-1.x before ...)
	NOT-FOR-US: Drupal 7 Entity module
CVE-2014-1236 (Stack-based buffer overflow in the chkNum function in ...)
	{DSA-2843-1}
	- graphviz 2.26.3-16.1 (bug #734745)
	NOTE: fix: https://github.com/ellson/graphviz/commit/1d1bdec6318746f6f19f245db589eddc887ae8ff
CVE-2014-1235 (Stack-based buffer overflow in the &quot;yyerror&quot; function in Graphviz ...)
	- graphviz 2.26.3-16.1 (bug #734745)
	[wheezy] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
	[squeeze] - graphviz <not-affected> (CVE for additional buffer overflow introduced by 7aaddf52cd98589fb0c3ab72a393f8411838438a)
	NOTE: CVE is for buffer overflow introduced by applying only 7aaddf52cd98589fb0c3ab72a393f8411838438a
	NOTE: fix: https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
CVE-2014-1234 (The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to ...)
	NOT-FOR-US: Paratrooper Newrelic Ruby Gem
CVE-2014-1233 (The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to ...)
	NOT-FOR-US: Paratrooper Pingdom Ruby Gem
CVE-2014-1203 (The get_login_ip_config_file function in Eyou Mail System before 3.6 ...)
	NOT-FOR-US: Eyou Mail System
CVE-2014-0979 (The start_authentication function in lightdm-gtk-greeter.c in LightDM ...)
	- lightdm-gtk-greeter 1.6.1-5 (bug #734472)
	NOTE: https://bugs.launchpad.net/lightdm-gtk-greeter/+bug/1266449
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=857303
	[wheezy] - lightdm-gtk-greeter <not-affected> (in Wheezy, lightdm restarts when the greeter crashes, so there's no DoS)
CVE-2014-0978 (Stack-based buffer overflow in the yyerror function in ...)
	{DSA-2843-1}
	- graphviz 2.26.3-16 (bug #734745)
	NOTE: https://github.com/ellson/graphviz/commit/7aaddf52cd98589fb0c3ab72a393f8411838438a
	NOTE: additional commit required (new CVE-2014-1235): https://github.com/ellson/graphviz/commit/d266bb2b4154d11c27252b56d86963aef4434750
	NOTE: see: https://bugzilla.redhat.com/show_bug.cgi?id=1049165#c6
CVE-2014-0977 (Cross-site scripting (XSS) vulnerability in the Rich Text Editor in ...)
	{DSA-2841-1}
	- movabletype-opensource 5.2.9+dfsg-1 (bug #734304)
CVE-2014-0971
	RESERVED
CVE-2014-0970 (The GDS component in IBM InfoSphere Master Data Management - ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0969 (Cross-site request forgery (CSRF) vulnerability in the GDS component ...)
	NOT-FOR-US: IBM
CVE-2014-0968 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0967 (Cross-site scripting (XSS) vulnerability in the GDS component in IBM ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0966 (SQL injection vulnerability in the GDS component in IBM InfoSphere ...)
	NOT-FOR-US: IBM
CVE-2014-0965 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0964 (IBM WebSphere Application Server (WAS) 6.1.0.0 through 6.1.0.47 and ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0963 (The Reverse Proxy feature in IBM Global Security Kit (aka GSKit) in ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2014-0962
	RESERVED
CVE-2014-0961 (Cross-site request forgery (CSRF) vulnerability in IBM Tivoli Identity ...)
	NOT-FOR-US: IBM Tivoli Identity Manager
CVE-2014-0960 (IBM PureApplication System 1.0 before 1.0.0.4 cfix8 and 1.1 before ...)
	NOT-FOR-US: IBM PureApplication System
CVE-2014-0959 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0958 (Open redirect vulnerability in IBM WebSphere Portal 6.1.0 through ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0957 (Cross-site scripting (XSS) vulnerability in IBM Business Process ...)
	NOT-FOR-US: IBM
CVE-2014-0956 (Cross-site scripting (XSS) vulnerability in googlemap.jsp in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0955 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0954 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0953 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0952 (Cross-site scripting (XSS) vulnerability in boot_config.jsp in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0951 (Cross-site scripting (XSS) vulnerability in FilterForm.jsp in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0950 (Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM ...)
	NOT-FOR-US: IBM
CVE-2014-0949 (IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0948 (Unspecified vulnerability in IBM Rational Software Architect Design ...)
	NOT-FOR-US: IBM Rational Software Architect Design
CVE-2014-0947 (Unspecified vulnerability in the server in IBM Rational Software ...)
	NOT-FOR-US: IBM Rational Software Architect Design
CVE-2014-0946 (The RES Console in Rule Execution Server in IBM Operational Decision ...)
	NOT-FOR-US: IBM
CVE-2014-0945 (Cross-site scripting (XSS) vulnerability in the RES Console in Rule ...)
	NOT-FOR-US: IBM
CVE-2014-0944 (Cross-site request forgery (CSRF) vulnerability in the RES Console in ...)
	NOT-FOR-US: IBM
CVE-2014-0943 (IBM WebSphere Commerce 6.0 Feature Pack 2 through Feature Pack 5, ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2014-0942 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: IBM Netcool
CVE-2014-0941 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: IBM Netcool
CVE-2014-0940 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2014-0939
	RESERVED
CVE-2014-0938
	RESERVED
CVE-2014-0937
	RESERVED
CVE-2014-0936 (IBM Security AppScan Source 8.0 through 9.0, when the ...)
	NOT-FOR-US: IBM Security AppScan
CVE-2014-0935 (Unspecified vulnerability in IBM Smart Analytics System 7700 before FP ...)
	NOT-FOR-US: IBM Smart Analytics System
CVE-2014-0934
	RESERVED
CVE-2014-0933 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0932 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...)
	NOT-FOR-US: IBM
CVE-2014-0931 (Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN ...)
	NOT-FOR-US: IBM
CVE-2014-0930 (The ptrace system call in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.x, ...)
	NOT-FOR-US: IBM AIX
CVE-2014-0929 (Cross-site request forgery (CSRF) vulnerability in the Profiles ...)
	NOT-FOR-US: IBM Connections
CVE-2014-0928
	RESERVED
CVE-2014-0927 (The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 ...)
	NOT-FOR-US: IBM
CVE-2014-0926
	RESERVED
CVE-2014-0925 (Open redirect vulnerability in IBM Sterling Control Center 5.4.0 ...)
	NOT-FOR-US: IBM Sterling Control Center
CVE-2014-0924 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 does not verify ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0923 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0922 (IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 allows remote ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0921 (The server in IBM MessageSight 1.x before 1.1.0.0-IBM-IMA-IT01015 ...)
	NOT-FOR-US: IBM MessageSight
CVE-2014-0920 (IBM SPSS Analytic Server 1.0 before IF002 and 1.0.1 before IF004 logs ...)
	NOT-FOR-US: IBM SPSS Analytic Server
CVE-2014-0919 (IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords ...)
	NOT-FOR-US: IBM DB2
CVE-2014-0918 (Directory traversal vulnerability in IBM Eclipse Help System (IEHS) in ...)
	NOT-FOR-US: IBM Eclipse Help System
CVE-2014-0917 (Cross-site scripting (XSS) vulnerability in IBM Eclipse Help System ...)
	NOT-FOR-US: IBM Eclipse Help System
CVE-2014-0916
	RESERVED
CVE-2014-0915 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0914 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0913 (Cross-site scripting (XSS) vulnerability in IBM iNotes and Domino ...)
	NOT-FOR-US: IBM iNotes
CVE-2014-0912 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2014-0911 (inetd in IBM WebSphere MQ 7.1.x before 7.1.0.5 and 7.5.x before ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2014-0910 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0909 (The Administration and Reporting Tool in IBM Rational License Key ...)
	NOT-FOR-US: IBM
CVE-2014-0908 (The User Attribute implementation in IBM Business Process Manager ...)
	NOT-FOR-US: IBM Business Process Manager
CVE-2014-0907 (Multiple untrusted search path vulnerabilities in unspecified (1) ...)
	NOT-FOR-US: IBM DB2
CVE-2014-0906 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-0905 (IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure ...)
	NOT-FOR-US: IBM
CVE-2014-0904 (The update process in IBM Security AppScan Standard 7.9 through 8.8 ...)
	NOT-FOR-US: IBM Security AppScan Standard
CVE-2014-0903
	RESERVED
CVE-2014-0902
	RESERVED
CVE-2014-0901 (Cross-site scripting (XSS) vulnerability in the Social Rendering ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0900 (The Device Administrator code in Android before 4.4.1_r1 might allow ...)
	NOT-FOR-US: Android
CVE-2014-0899 (ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a ...)
	NOT-FOR-US: IBM AIX
CVE-2014-0898
	RESERVED
CVE-2014-0897 (The Configuration Patterns component in IBM Flex System Manager (FSM) ...)
	NOT-FOR-US: IBM
CVE-2014-0896 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5.x before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0895 (Buffer overflow in the vsflex8l ActiveX control in IBM SPSS ...)
	NOT-FOR-US: IBM SPSS
CVE-2014-0894 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0893 (Cross-site scripting (XSS) vulnerability in customreport.jsp in IBM ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0892 (IBM Notes and Domino 8.5.x before 8.5.3 FP6 IF3 and 9.x before 9.0.1 ...)
	NOT-FOR-US: IBM
CVE-2014-0891 (IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0890 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, ...)
	NOT-FOR-US: IBM Sametime
CVE-2014-0889 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Atlas Suite ...)
	NOT-FOR-US: IBM Atlas Suite
CVE-2014-0888 (IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in ...)
	NOT-FOR-US: IBM
CVE-2014-0887 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0886 (The Admin Web UI in IBM Lotus Protector for Mail Security 2.8.x before ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0885 (Cross-site request forgery (CSRF) vulnerability in the Admin Web UI in ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0884 (Cross-site scripting (XSS) vulnerability in the Admin Web UI in IBM ...)
	NOT-FOR-US: IBM Lotus Protector for Mail Security
CVE-2014-0883 (Cross-site scripting (XSS) vulnerability in IBM Power Hardware ...)
	NOT-FOR-US: IBM
CVE-2014-0882 (Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, ...)
	NOT-FOR-US: IBM
CVE-2014-0881 (The TPM on Integrated Management Module II (IMM2) on IBM Flex System ...)
	NOT-FOR-US: IBM
CVE-2014-0880 (IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; ...)
	NOT-FOR-US: IBM SAN Volume Controller
CVE-2014-0879 (Stack-based buffer overflow in the Taskmaster Capture ActiveX control ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2014-0878 (The IBMSecureRandom component in the IBMJCE and IBMSecureRandom ...)
	NOT-FOR-US: IBM JDK
CVE-2014-0877 (IBM Cognos TM1 10.2.0.2 before IF1 and 10.2.2.0 before IF1 allows ...)
	NOT-FOR-US: IBM Cognos
CVE-2014-0876 (Buffer overflow in the Java GUI Configuration Wizard and Preferences ...)
	NOT-FOR-US: IBM
CVE-2014-0875 (Active Cloud Engine (ACE) in IBM Storwize V7000 Unified 1.3.0.0 ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2014-0874 (Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.x ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2014-0873 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0872 (The installation process in IBM Security Key Lifecycle Manager 2.5 ...)
	NOT-FOR-US: IBM
CVE-2014-0871 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0870 (Multiple cross-site scripting (XSS) vulnerabilities in RICOS in IBM ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0869 (The decrypt function in RICOS in IBM Algo Credit Limits (aka ACLM) ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0868 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0867 (rcore6/main/addcookie.jsp in RICOS in IBM Algo Credit Limits (aka ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0866 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0865 (RICOS in IBM Algo Credit Limits (aka ACLM) 4.5.0 through 4.7.0 before ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0864 (Multiple cross-site request forgery (CSRF) vulnerabilities in Executer ...)
	NOT-FOR-US: IBM Algo Credit Limits
CVE-2014-0863 (The client in IBM Cognos TM1 9.5.2.3 before IF5, 10.1.1.2 before IF1, ...)
	NOT-FOR-US: IBM
CVE-2014-0862 (Unspecified vulnerability in Jazz Team Server in IBM Rational ...)
	NOT-FOR-US: IBM Rational Collaborative Lifecycle Management
CVE-2014-0861 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2014-0860 (The firmware before 3.66E in IBM BladeCenter Advanced Management ...)
	NOT-FOR-US: IBM
CVE-2014-0859 (The web-server plugin in IBM WebSphere Application Server (WAS) 7.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0858 (IBM Content Navigator 2.x before 2.0.2.2-ICN-FP002 allows remote ...)
	NOT-FOR-US: IBM Content Navigator
CVE-2014-0857 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0856
	RESERVED
CVE-2014-0855 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Connections ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0854 (The server in IBM Cognos Business Intelligence (BI) 8.4.1, 10.1 before ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2014-0853 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0852 (IBM WebSphere DataPower SOA appliances through 4.0.2.15, 5.x through ...)
	NOT-FOR-US: IBM
CVE-2014-0851
	RESERVED
CVE-2014-0850 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0849 (IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2014-0848 (The (1) ssl.conf and (2) httpd.conf files in the Apache HTTP Server ...)
	NOT-FOR-US: IBM Netezza Performance Portal
CVE-2014-0847
	RESERVED
CVE-2014-0846 (Cross-site scripting (XSS) vulnerability in IBM Rational Requirements ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0845 (Open redirect vulnerability in IBM Rational Requirements Composer 3.x ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0844 (Unspecified vulnerability in IBM Rational Requirements Composer 3.x ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2014-0843 (Cross-site scripting (XSS) vulnerability in IBM Rational Focal Point ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0842 (The account-creation functionality in IBM Rational Focal Point 6.4.x ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0841 (IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a ...)
	NOT-FOR-US: IBM
CVE-2014-0840 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0839 (IBM Rational Focal Point 6.4.x and 6.5.x before 6.5.2.3 and 6.6.x ...)
	NOT-FOR-US: IBM Rational Focal Point
CVE-2014-0838 (The AutoUpdate package before 6.4 for IBM Security QRadar SIEM 7.2 MR1 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0837 (The AutoUpdate process in IBM Security QRadar SIEM 7.2 MR1 and earlier ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0836 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0835 (Cross-site request forgery (CSRF) vulnerability in IBM Security QRadar ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2014-0834 (IBM General Parallel File System (GPFS) 3.4 through 3.4.0.27 and 3.5 ...)
	NOT-FOR-US: IBM General Parallel File System
CVE-2014-0833 (The OAC component in IBM Financial Transaction Manager (FTM) 2.0 ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0832 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0831 (Cross-site request forgery (CSRF) vulnerability in the OAC component ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0830 (Directory traversal vulnerability in the table-export implementation ...)
	NOT-FOR-US: IBM Financial Transaction Manager
CVE-2014-0829 (Multiple buffer overflows in IBM Rational ClearCase 7.x before ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2014-0828 (Cross-site scripting (XSS) vulnerability in the WCM (Web Content ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2014-0827 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2014-0826
	RESERVED
CVE-2014-0825 (Cross-site scripting (XSS) vulnerability in openreport.jsp in IBM ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2014-0824 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2014-0823 (IBM WebSphere Application Server (WAS) 8.x before 8.0.0.9 and 8.5.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2014-0822 (The IMAP server in IBM Domino 8.5.x before 8.5.3 FP6 IF1 and 9.0.x ...)
	NOT-FOR-US: IBM Domino
CVE-2014-0821 (SQL injection vulnerability in the download feature in Cybozu Garoon ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-0820 (Directory traversal vulnerability in the download feature in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-0819 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2014-0818 (Untrusted search path vulnerability in Autodesk AutoCAD before 2014 ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2014-0817 (Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2014-0816 (Unspecified vulnerability in Norman Security Suite 10.1 and earlier ...)
	NOT-FOR-US: Norman Security Suite
CVE-2014-0815 (The intent: URL implementation in Opera before 18 on Android allows ...)
	NOT-FOR-US: Opera
CVE-2014-0814 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-0813 (Cross-site request forgery (CSRF) vulnerability in phpMyFAQ before ...)
	NOT-FOR-US: phpMyFAQ
CVE-2014-0812 (Cross-site scripting (XSS) vulnerability in KENT-WEB Joyful Note 2.8 ...)
	NOT-FOR-US: KENT-WEB Joyful Note
CVE-2014-0811 (Cross-site scripting (XSS) vulnerability in Blackboard Vista/CE 8.0 ...)
	NOT-FOR-US: Blackboard Vista
CVE-2014-0810 (Unspecified vulnerability in JustSystems Sanshiro 2007 before update ...)
	NOT-FOR-US: JustSystems Sanshiro 2007
CVE-2014-0809 (Directory traversal vulnerability in the Gapless Player SimZip (aka ...)
	NOT-FOR-US: Gapless Player SimZip
CVE-2014-0808 (The lfCheckError function in ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2014-0807 (data/class/pages/shopping/LC_Page_Shopping_Deliv.php in LOCKON EC-CUBE ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2014-0806 (The Sleipnir Mobile application 2.12.1 and earlier and Sleipnir Mobile ...)
	NOT-FOR-US: Sleipnir Mobile application
CVE-2014-0805 (Directory traversal vulnerability in the NeoFiler application 5.4.3 ...)
	NOT-FOR-US: NeoFiler
CVE-2014-0804 (Directory traversal vulnerability in the CGENE Security File Manager ...)
	NOT-FOR-US: CGENE Security File Manager
CVE-2014-0803 (Directory traversal vulnerability in the tetra filer application 2.3.1 ...)
	NOT-FOR-US: tetra filer application
CVE-2014-0802 (Directory traversal vulnerability in the aokitaka ZIP with Pass ...)
	NOT-FOR-US: aokitaka ZIP with Pass
CVE-2014-0801
	RESERVED
CVE-2014-0800
	RESERVED
CVE-2014-0799
	RESERVED
CVE-2014-0798
	RESERVED
CVE-2014-0797
	RESERVED
CVE-2014-0796
	RESERVED
CVE-2014-0795
	RESERVED
CVE-2014-0794 (SQL injection vulnerability in the JV Comment (com_jvcomment) ...)
	NOT-FOR-US: JV Comment Joomla Extension
CVE-2014-0793 (Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas ...)
	NOT-FOR-US: Komento Joomla Extension
CVE-2014-0792 (Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to ...)
	NOT-FOR-US: Sonatype Nexus
CVE-2014-0790
	RESERVED
CVE-2013-7288 (Cross-site scripting (XSS) vulnerability in the mycode_parse_video ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2013-7285 [remote code execution via deserialization in XStream]
	RESERVED
	- libxstream-java 1.4.7-1 (bug #734821)
	[wheezy] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
	[squeeze] - libxstream-java <not-affected> (Vulnerability introduced in 1.4.5)
	NOTE: http://blog.diniscruz.com/2013/12/xstream-remote-code-execution-exploit.html
	NOTE: http://markmail.org/message/kfqoqdfj5fnup5co?q=list:org.codehaus.xstream.dev&page=3
	NOTE: initial patch: https://fisheye.codehaus.org/changelog/xstream?cs=2210
CVE-2013-7284 (The PlRPC module, possibly 0.2020 and earlier, for Perl uses the ...)
	- libplrpc-perl <removed> (high; bug #734789)
	[squeeze] - libplrpc-perl <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream appears dead.
CVE-2013-7273 (GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list ...)
	- gdm3 3.8.3-1 (low; bug #683338)
	[wheezy] - gdm3 <no-dsa> (Minor issue)
	[squeeze] - gdm3 <not-affected> (Vulnerable code not present)
CVE-2013-7271 (The x25_recvmsg function in net/x25/af_x25.c in the Linux kernel ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7270 (The packet_recvmsg function in net/packet/af_packet.c in the Linux ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7269 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7268 (The ipx_recvmsg function in net/ipx/af_ipx.c in the Linux kernel ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7267 (The atalk_recvmsg function in net/appletalk/ddp.c in the Linux kernel ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7266 (The mISDN_sock_recvmsg function in drivers/isdn/mISDN/socket.c in the ...)
	{DLA-103-1}
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	- linux 3.12.6-1
	[wheezy] - linux 3.2.54-1
	NOTE: upstream fix: https://git.kernel.org/linus/f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
	NOTE: included in https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.4
CVE-2013-7262 (SQL injection vulnerability in the msPostGISLayerSetTimeFilter ...)
	- mapserver 6.4.1-1 (low; bug #734565)
	[wheezy] - mapserver 6.0.1-3.2+deb7u2
	[squeeze] - mapserver 5.6.5-2+squeeze3
	NOTE: https://github.com/mapserver/mapserver/issues/4834
CVE-2013-7261
	RESERVED
CVE-2013-7260 (Multiple stack-based buffer overflows in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2014-0791 (Integer overflow in the license_read_scope_list function in ...)
	- freerdp <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=998941
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/f1d6afca6ae620f9855a33280bdc6f3ad9153be0#diff-b6d68bbca6e0f5875c57ef225cd65c45
	NOTE: A malicous license has simpler means to DoS a RDP client, e.g. by simply stating that no valid license exists etc.
CVE-2014-0789 (Multiple buffer overflows in the OPC Automation 2.0 Server Object ...)
	NOT-FOR-US: OPC Automation 2.0 Server
CVE-2014-0788
	REJECTED
CVE-2014-0787 (Stack-based buffer overflow in WellinTech KingSCADA before 3.1.2.13 ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2014-0786 (Ecava IntegraXor before 4.1.4393 allows remote attackers to read ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2014-0785
	REJECTED
CVE-2014-0784 (Stack-based buffer overflow in BKBCopyD.exe in Yokogawa CENTUM CS 3000 ...)
	NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0783 (Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 ...)
	NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0782 (Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test ...)
	NOT-FOR-US: Yokogawa CENTUM
CVE-2014-0781 (Heap-based buffer overflow in BKCLogSvr.exe in Yokogawa CENTUM CS 3000 ...)
	NOT-FOR-US: Yokogawa CENTUM CS 3000
CVE-2014-0780 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2014-0779 (The PLC driver in ServerMain.exe in the Kepware KepServerEX 4 ...)
	NOT-FOR-US: Schneider Electric
CVE-2014-0778 (The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows ...)
	NOT-FOR-US: Progea Movicon
CVE-2014-0777 (The Modbus slave/outstation driver in the OPC Drivers 1.0.20 and ...)
	NOT-FOR-US: IOServer OPC Server
CVE-2014-0776
	RESERVED
CVE-2014-0775
	REJECTED
CVE-2014-0774 (Stack-based buffer overflow in the C++ sample client in Schneider ...)
	NOT-FOR-US: Schneider Electric OPC Factory Server
CVE-2014-0773 (The CreateProcess method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0772 (The OpenUrlToBufferTimeout method in the BWOCXRUN.BwocxrunCtrl.1 ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0771 (The OpenUrlToBuffer method in the BWOCXRUN.BwocxrunCtrl.1 ActiveX ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0770 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0769 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
	NOT-FOR-US: Festo controller
CVE-2014-0768 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0767 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0766 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0765 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0764 (Stack-based buffer overflow in Advantech WebAccess before 7.2 allows ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0763 (Multiple SQL injection vulnerabilities in DBVisitor.dll in Advantech ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2014-0762 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows ...)
	NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0761 (The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows ...)
	NOT-FOR-US: CG Automation ePAQ-9410 Substation Gateway
CVE-2014-0760 (The Festo CECX-X-C1 Modular Master Controller with CoDeSys and ...)
	NOT-FOR-US: Festo controller
CVE-2014-0759 (Unquoted Windows search path vulnerability in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric Floating License Manager
CVE-2014-0758 (An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, ...)
	NOT-FOR-US: ICONICS
CVE-2014-0757 (Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 ...)
	NOT-FOR-US: Smart Software Solutions (3S) CoDeSys Runtime Toolkit
CVE-2014-0756
	REJECTED
CVE-2014-0755 (Rockwell Automation RSLogix 5000 7 through 20.01, and 21.0, does not ...)
	NOT-FOR-US: Rockwell Automation RSLogix
CVE-2014-0754 (Directory traversal vulnerability in SchneiderWEB on Schneider ...)
	NOT-FOR-US: SchneiderWEB
CVE-2014-0753 (Stack-based buffer overflow in the SCADA server in Ecava IntegraXor ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2014-0752 (The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2014-0751 (Directory traversal vulnerability in CimWebServer.exe (aka the WebView ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2014-0750 (Directory traversal vulnerability in gefebt.exe in the WebView CimWeb ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2014-0749 (Stack-based buffer overflow in lib/Libdis/disrsi_.c in Terascale ...)
	{DSA-2936-1}
	- torque 2.4.16+dfsg-1.4 (bug #748827)
CVE-2014-0748 (apinit on Cray devices with CLE before 4.2.UP02 and 5.x before ...)
	NOT-FOR-US: Aprun/apinit on Cray supercomputers
CVE-2014-0747 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0746 (The disaster recovery system (DRS) in Cisco Unified Contact Center ...)
	NOT-FOR-US: Cisco Unified Contact Center
CVE-2014-0745 (Cross-site request forgery (CSRF) vulnerability in the Unified ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2014-0744
	REJECTED
CVE-2014-0743 (The Certificate Authority Proxy Function (CAPF) component in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0742 (The Certificate Authority Proxy Function (CAPF) CLI implementation in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0741 (The certificate-import feature in the Certificate Authority Proxy ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0740 (Cross-site request forgery (CSRF) vulnerability in the Call Detail ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0739 (Race condition in the Phone Proxy component in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-0738 (The Phone Proxy component in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco ASA
CVE-2014-0737 (The Cisco Unified IP Phone 7960G 9.2(1) and earlier allows remote ...)
	NOT-FOR-US: The Cisco Unified IP Phone
CVE-2014-0736 (Cross-site request forgery (CSRF) vulnerability in the Call Detail ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0735 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0734 (SQL injection vulnerability in the Certificate Authority Proxy ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0733 (The Enterprise License Manager (ELM) component in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0732 (The Real Time Monitoring Tool (RTMT) web application in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0731 (The administration interface in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-0730 (Cisco Unified Computing System (UCS) Central Software 1.1 and earlier ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2014-0729 (SQL injection vulnerability in the Enterprise Mobility Application ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0728 (SQL injection vulnerability in the Java database interface in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0727 (SQL injection vulnerability in the CallManager Interactive Voice ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0726 (SQL injection vulnerability in the IP Manager Assistant (IPMA) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0725 (Cisco Unified Communications Manager (UCM) does not require ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0724 (The bulk administration interface in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0723 (Cross-site scripting (XSS) vulnerability in the IP Manager Assistant ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0722 (The log4jinit web application in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0721 (The Cisco Unified SIP Phone 3905 with firmware before 9.4(1) allows ...)
	NOT-FOR-US: Cisco Unified SIP Phone 3905
CVE-2014-0720 (Cisco IPS Software 7.1 before 7.1(8)E4 and 7.2 before 7.2(2)E4 allows ...)
	NOT-FOR-US: Cisco IPS
CVE-2014-0719 (The control-plane access-list implementation in Cisco IPS Software ...)
	NOT-FOR-US: Cisco IPS
CVE-2014-0718 (The produce-verbose-alert feature in Cisco IPS Software 7.1 before ...)
	NOT-FOR-US: Cisco IPS
CVE-2014-0717
	RESERVED
CVE-2014-0716
	RESERVED
CVE-2014-0715
	RESERVED
CVE-2014-0714
	RESERVED
CVE-2014-0713
	RESERVED
CVE-2014-0712
	RESERVED
CVE-2014-0711
	RESERVED
CVE-2014-0710 (Race condition in the cut-through proxy feature in Cisco Firewall ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2014-0709 (Cisco UCS Director (formerly Cloupia) before 4.0.0.3 has a hardcoded ...)
	NOT-FOR-US: Cisco UCS Director
CVE-2014-0708 (WebEx Meeting Center in Cisco WebEx Business Suite does not properly ...)
	NOT-FOR-US: Cisco WebEx Business Suite
CVE-2014-0707 (Cisco Wireless LAN Controller (WLC) devices 7.2, 7.3, and 7.4 before ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0706 (Cisco Wireless LAN Controller (WLC) devices 7.2 before 7.2.115.2, 7.3, ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0705 (The multicast listener discovery (MLD) service on Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0704 (The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0703 (Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0702
	RESERVED
CVE-2014-0701 (Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2014-0700
	RESERVED
CVE-2014-0699
	RESERVED
CVE-2014-0698
	RESERVED
CVE-2014-0697
	RESERVED
CVE-2014-0696
	RESERVED
CVE-2014-0695
	RESERVED
CVE-2014-0694 (Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and ...)
	NOT-FOR-US: Cisco
CVE-2014-0693
	RESERVED
CVE-2014-0692
	RESERVED
CVE-2014-0691 (Cisco WebEx Meetings Server before 1.1 uses meeting IDs with ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-0690
	RESERVED
CVE-2014-0689
	RESERVED
CVE-2014-0688
	RESERVED
CVE-2014-0687
	RESERVED
CVE-2014-0686 (Cisco Unified Communications Manager (aka Unified CM) 9.1 (2.10000.28) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0685 (Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware ...)
	NOT-FOR-US: Cisco
CVE-2014-0684 (Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause ...)
	NOT-FOR-US: Cisco
CVE-2014-0683 (The web management interface on the Cisco RV110W firewall with ...)
	NOT-FOR-US: Cisco
CVE-2014-0682 (Cisco WebEx Meetings Server allows remote authenticated users to ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2014-0681 (Cross-site scripting (XSS) vulnerability in Cisco Identity Services ...)
	NOT-FOR-US: Cisco Identity Service Engine
CVE-2014-0680 (Cross-site scripting (XSS) vulnerability in the HTTP control interface ...)
	NOT-FOR-US: Cisco Identity Service Engine
CVE-2014-0679 (Cisco Prime Infrastructure 1.2 and 1.3 before 1.3.0.20-2, 1.4 before ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2014-0678 (The portal interface in Cisco Secure Access Control System (ACS) does ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0677 (The Label Distribution Protocol (LDP) functionality in Cisco NX-OS ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-0676 (Cisco NX-OS allows local users to bypass intended TACACS+ command ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2014-0675 (The Expressway component in Cisco TelePresence Video Communication ...)
	NOT-FOR-US: Cisco
CVE-2014-0674 (Cisco Video Surveillance Operations Manager (VSOM) does not require ...)
	NOT-FOR-US: Cisco Video Surveillance Operations Manager
CVE-2014-0673 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco Video Surveillance
CVE-2014-0672 (The Search and Play interface in Cisco MediaSense does not properly ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2014-0671 (Open redirect vulnerability in Cisco MediaSense allows remote ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2014-0670 (Cross-site scripting (XSS) vulnerability in the Search and Play ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2014-0669 (The Wireless Session Protocol (WSP) feature in the Gateway GPRS ...)
	NOT-FOR-US: Cisco ASR 5000
CVE-2014-0668 (Cross-site scripting (XSS) vulnerability in the portal in Cisco Secure ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0667 (The RMI interface in Cisco Secure Access Control System (ACS) does not ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0666 (Directory traversal vulnerability in the Send Screen Capture ...)
	NOT-FOR-US: Cisco Jabber
CVE-2014-0665 (The RBAC implementation in Cisco Identity Services Engine (ISE) ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2014-0664 (The server in Cisco Unity Connection allows remote authenticated users ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2014-0663 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2014-0662 (The SIP module in Cisco TelePresence Video Communication Server (VCS) ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-0661 (The System Status Collection Daemon (SSCD) in Cisco TelePresence ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-0660 (Cisco TelePresence ISDN Gateway with software before 2.2(1.92) allows ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2014-0659 (The Cisco WAP4410N access point with firmware through 2.0.6.1, ...)
	NOT-FOR-US: Cisco Small Business Devices
CVE-2014-0658 (Cisco 9900 Unified IP phones allow remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco 9900 Unified IP phones
CVE-2014-0657 (The administration portal in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2014-0656 (Cisco Context Directory Agent (CDA) allows remote authenticated users ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0655 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-0654 (Cisco Context Directory Agent (CDA) allows remote attackers to modify ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0653 (The Identity Firewall (IDFW) functionality in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2014-0652 (Cross-site scripting (XSS) vulnerability in the Mappings page in Cisco ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0651 (The administrative interface in Cisco Context Directory Agent (CDA) ...)
	NOT-FOR-US: Cisco Context Directory Agent
CVE-2014-0650 (The web interface in Cisco Secure Access Control System (ACS) 5.x ...)
	NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0649 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x ...)
	NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0648 (The RMI interface in Cisco Secure Access Control System (ACS) 5.x ...)
	NOT-FOR-US: Cisco Secure ACS RMI
CVE-2014-0647 (The Starbucks 2.6.1 application for iOS stores sensitive information ...)
	NOT-FOR-US: Starbucks iOS application
CVE-2014-0646 (The runtime WS component in the server in EMC RSA Access Manager 6.1.3 ...)
	NOT-FOR-US: EMC
CVE-2014-0645 (EMC Cloud Tiering Appliance (CTA) 9.x through 10 SP1 and File ...)
	NOT-FOR-US: EMC
CVE-2014-0644 (EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote ...)
	NOT-FOR-US: EMC
CVE-2014-0643 (EMC RSA NetWitness before 9.8.5.19 and RSA Security Analytics before ...)
	NOT-FOR-US: EMC RSA NetWitness and RSA Security Analytics
CVE-2014-0642 (EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, ...)
	NOT-FOR-US: EMC Documentum Content Server
CVE-2014-0641 (Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-0640 (EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote ...)
	NOT-FOR-US: EMC RSA Archer GRC Platform
CVE-2014-0639 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
	NOT-FOR-US: RSA Archer
CVE-2014-0638 (Cross-site scripting (XSS) vulnerability in RSA Adaptive ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0637 (Cross-site scripting (XSS) vulnerability in the back-office ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2014-0636 (EMC RSA BSAFE Micro Edition Suite (MES) 3.2.x before 3.2.6 and 4.0.x ...)
	NOT-FOR-US: EMC RSA BSAFE Micro Edition Suite
CVE-2014-0635 (Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0634 (EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0633 (The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0632 (Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and ...)
	NOT-FOR-US: EMC VPLEX
CVE-2014-0631
	REJECTED
CVE-2014-0630 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
	NOT-FOR-US: EMC
CVE-2014-0629 (EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 ...)
	NOT-FOR-US: EMC
CVE-2014-0628 (The server in EMC RSA BSAFE Micro Edition Suite (MES) 4.0.x before ...)
	NOT-FOR-US: EMC
CVE-2014-0627 (The SSLEngine API implementation in EMC RSA BSAFE SSL-J 5.x before ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0626 (The (1) JSAFE and (2) JSSE APIs in EMC RSA BSAFE SSL-J 5.x before ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0625 (The SSLSocket implementation in the (1) JSAFE and (2) JSSE APIs in EMC ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0624 (EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0623 (Cross-site scripting (XSS) vulnerability in the Self-Service Console ...)
	NOT-FOR-US: EMC RSA
CVE-2014-0622 (The web service in EMC Documentum Foundation Services (DFS) 6.5 ...)
	NOT-FOR-US: EMC Documentum Foundation Services
CVE-2014-0621 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Technicolor TC7200 STD6.01.12
CVE-2014-0620 (Multiple cross-site scripting (XSS) vulnerabilities in Technicolor ...)
	NOT-FOR-US: Technicolor TC7200 STD6.01.12
CVE-2014-0619 (Untrusted search path vulnerability in Hamster Free ZIP Archiver ...)
	NOT-FOR-US: Hamster Free ZIP Archiver
CVE-2014-0618 (Juniper Junos before 10.4 before 10.4R16, 11.4 before 11.4R8, 12.1R ...)
	NOT-FOR-US: SRX Services Gateways
CVE-2014-0617 (Juniper Junos 10.4S before 10.4S15, 10.4R before 10.4R16, 11.4 before ...)
	NOT-FOR-US: SRX Services Gateways
CVE-2014-0616 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before ...)
	NOT-FOR-US: Juniper JunOS
CVE-2014-0615 (Juniper Junos 10.4 before 10.4R16, 11.4 before 11.4R10, 12.1R before ...)
	NOT-FOR-US: JunOS CLI
CVE-2014-0614 (Juniper Junos 13.2 before 13.2R3 and 13.3 before 13.3R1, when PIM is ...)
	NOT-FOR-US: Juniper Junos
CVE-2014-0613 (The XNM command processor in Juniper Junos 10.4 before 10.4R16, 11.4 ...)
	NOT-FOR-US: JunOS
CVE-2014-0612 (Unspecified vulnerability in Juniper Junos before 11.4R10-S1, before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-7281 (The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux ...)
	- linux-2.6 <not-affected> (Introduced in 3.10)
	- linux 3.12.6-1 (low)
	[wheezy] - linux <not-affected> (Introduced in 3.10)
CVE-2013-7265 (The pn_recvmsg function in net/phonet/datagram.c in the Linux kernel ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.54-1
	- linux 3.12.6-1 (low)
CVE-2013-7264 (The l2tp_ip_recvmsg function in net/l2tp/l2tp_ip.c in the Linux kernel ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.54-1
	- linux 3.12.6-1 (low)
CVE-2013-7263 (The Linux kernel before 3.12.4 updates certain length values before ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.12.6-1 (low)
	[wheezy] - linux 3.2.54-1 (low)
CVE-2013-7251 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ProjectForge
CVE-2013-7250 (Cross-site scripting (XSS) vulnerability in the JsonBuilder ...)
	NOT-FOR-US: ProjectForge
CVE-2013-7248 (Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550
CVE-2013-7247 (cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware ...)
	NOT-FOR-US: Franklin Fueling Systems TS-550
CVE-2013-7246 (Buffer overflow in the IconCreate method in an ActiveX control in the ...)
	NOT-FOR-US: DaumGame ActiveX plugin
CVE-2013-7245 (The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows ...)
	NOT-FOR-US: SAP Sybase ASE
CVE-2013-7244
	RESERVED
CVE-2013-7243 (Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS ...)
	NOT-FOR-US: GetSimple CMS
CVE-2013-7238
	RESERVED
CVE-2013-7237
	RESERVED
CVE-2011-5269 (Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 ...)
	NOT-FOR-US: ProjectForge
CVE-2009-5138 (GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag ...)
	- gnutls26 2.7.12-1
	- gnutls28 <not-affected> (Only affects versions before 2.7.6)
	NOTE: Only affects version prior of 2.7.6, fix: https://gitlab.com/gnutls/gnutls/commit/c8dcbedd1fdc312f5b1a70fcfbc1afe235d800cd
	NOTE: and the issue has different root than CVE-2014-1959
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1069301
CVE-2009-5137 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...)
	NOT-FOR-US: CastRipper
CVE-2014-0611 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2014-0610 (The client in Novell GroupWise before 8.0.3 HP4, 2012 before SP3, and ...)
	NOT-FOR-US: Novell GroupWise
CVE-2014-0609 (Unspecified vulnerability in Novell Open Enterprise Server (OES) 11 ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0608
	RESERVED
CVE-2014-0607 (Unrestricted file upload vulnerability in Attachmate Verastream ...)
	NOT-FOR-US: Attachmate Verastream Process Designer
CVE-2014-0606
	REJECTED
CVE-2014-0605 (Directory traversal vulnerability in the rftpcom.dll ActiveX control ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-0604 (Directory traversal vulnerability in the rftpcom.dll ActiveX control ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-0603 (The rftpcom.dll ActiveX control in Attachmate Reflection FTP Client ...)
	NOT-FOR-US: Attachmate Reflection FTP Client
CVE-2014-0602 (Directory traversal vulnerability in the DumpToFile method in the ...)
	NOT-FOR-US: NetIQ Security Manager
CVE-2014-0601
	RESERVED
CVE-2014-0600 (FileUploadServlet in the Administration service in Novell GroupWise ...)
	NOT-FOR-US: Novell GroupWise
CVE-2014-0599 (Cross-site scripting (XSS) vulnerability in iPrint in Novell Open ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0598 (Directory traversal vulnerability in iPrint in Novell Open Enterprise ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2014-0597
	RESERVED
CVE-2014-0596
	RESERVED
CVE-2014-0595 (/opt/novell/ncl/bin/nwrights in Novell Client for Linux in Novell Open ...)
	NOT-FOR-US: Novel OES
CVE-2014-0594
	RESERVED
CVE-2014-0593
	RESERVED
CVE-2014-0592 (Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used ...)
	NOT-FOR-US: Crowbar
CVE-2014-0591 (The query_findclosestnsec3 function in query.c in named in ISC BIND ...)
	{DSA-3023-1 DLA-48-1}
	- bind9 1:9.9.5.dfsg-2 (bug #735190)
	NOTE: https://kb.isc.org/article/AA-01078
	NOTE: https://kb.isc.org/article/AA-01085
CVE-2013-7259 (Multiple cross-site request forgery (CSRF) vulnerabilities in Neo4J ...)
	- neo4j-community <itp> (bug #685615)
	NOTE: http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
CVE-2013-7258 (Cross-site scripting (XSS) vulnerability in web2ldap 1.1.x before ...)
	- web2ldap <removed> (low; bug #734107)
CVE-2013-7257 (Cross-site scripting (XSS) vulnerability in Codiad 2.0.7 allows remote ...)
	NOT-FOR-US: Codiad
CVE-2013-7256 (Cross-site request forgery (CSRF) vulnerability in Opsview before ...)
	NOT-FOR-US: Ops View
CVE-2013-7255 (Open redirect vulnerability in Opsview before 4.4.2 allows remote ...)
	NOT-FOR-US: Ops View
CVE-2013-7254 (Cross-site scripting (XSS) vulnerability in Opsview before 4.4.2 ...)
	NOT-FOR-US: Ops View
CVE-2013-7253
	RESERVED
CVE-2013-7252 (kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ...)
	- kde-runtime 4:4.12.2-1
	[wheezy] - kde-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
	- kdebase-runtime <removed>
	[squeeze] - kdebase-runtime <no-dsa> (4.12 introduces a GnuPG backend, no backport planned)
	NOTE: http://gaganpreet.in/blog/2013/07/24/kwallet-security-analysis/
	NOTE: Upstream advisory: https://www.kde.org/info/security/advisory-20150109-1.txt
CVE-2013-7233 (Cross-site request forgery (CSRF) vulnerability in the retrospam ...)
	- wordpress <unfixed> (unimportant)
	NOTE: issue only allows comments from posts to be moved to "needs moderation" list
CVE-2013-7232 (SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2013-7231 (Cross-site scripting (XSS) vulnerability in the Mobile Content Server ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2013-7230
	RESERVED
CVE-2013-7229
	RESERVED
CVE-2013-7228
	RESERVED
CVE-2013-7227
	RESERVED
CVE-2013-7226 (Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP ...)
	- php5 5.5.9+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	[squeeze] - php5 <not-affected> (Vulnerable code was introduced in 5.5.0)
	NOTE: https://bugs.php.net/bug.php?id=66356
	NOTE: http://www.php.net/manual/en/function.imagecrop.php
CVE-2013-7219 (SQL injection vulnerability in vote.php in the 2Glux Sexy Polling ...)
	NOT-FOR-US: Joomla component com_sexypolling
CVE-2013-7218
	RESERVED
CVE-2013-7217 (Unspecified vulnerability in Zimbra Collaboration Server 7.2.5 and ...)
	NOT-FOR-US: Zimbra
CVE-2013-7216 (Multiple SQL injection vulnerabilities in Classifieds Creator 2.0 ...)
	NOT-FOR-US: Classifieds Creator
CVE-2013-7215
	RESERVED
CVE-2013-7214
	RESERVED
CVE-2013-7213
	RESERVED
CVE-2013-7212
	RESERVED
CVE-2013-7211
	RESERVED
CVE-2013-7210
	RESERVED
CVE-2013-7209 (Cross-site request forgery (CSRF) vulnerability in admBase/login.page ...)
	NOT-FOR-US: jForum
CVE-2013-7208
	RESERVED
CVE-2013-7207
	RESERVED
CVE-2013-7206
	RESERVED
CVE-2013-7204 (Cross-site request forgery (CSRF) vulnerability in set_users.cgi in ...)
	NOT-FOR-US: Conceptronic CIPCAMPTIWL Camera
CVE-2013-7202 (The WebHybridClient class in PayPal 5.3 and earlier for Android allows ...)
	NOT-FOR-US: Paypal for Android
CVE-2013-7201 (WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL ...)
	NOT-FOR-US: Paypal for Android
CVE-2013-7200
	RESERVED
CVE-2013-7199
	RESERVED
CVE-2013-7198
	RESERVED
CVE-2013-7197
	RESERVED
CVE-2012-6619 (The default configuration for MongoDB before 2.3.2 does not validate ...)
	- mongodb 1:2.4.1-1
	[wheezy] - mongodb <no-dsa> (Workaround exists, intrusive change)
	[squeeze] - mongodb <no-dsa> (Workaround exists, intrusive change)
	NOTE: http://article.gmane.org/gmane.comp.security.oss.general/11822
	NOTE: https://jira.mongodb.org/browse/SERVER-7769
CVE-2012-6618 (The av_probe_input_buffer function in libavformat/utils.c in FFmpeg ...)
	{DSA-2947-1}
	- libav 6:9.11-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=e74cd2f4706f71da5e9205003c1d8263b54ed3fb
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=2115a3597457231a6e5c0527fe0ff8550f64b733
CVE-2012-6617 (The prepare_sdp_description function in ffserver.c in FFmpeg before ...)
	- libav 6:9.11-1
	[wheezy] - libav <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
	- ffmpeg <not-affected> (Introduced in 0.9 with d77f4afa9814b0433be6fdbfd7d8a113592ba680)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=9929991da7b843e7d80154fcacc4e80579b86a2d
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=82b9799bb211ecd117171115e4a8b832c4942314
CVE-2012-6616 (The mov_text_decode_frame function in libavcodec/movtextdec.c in ...)
	- libav <not-affected> (Vulnerable code not present in libav)
	- ffmpeg <not-affected> (Vulnerable code not present in older ffmpeg)
CVE-2012-6615 (The ff_ass_split_override_codes function in libavcodec/ass_split.c in ...)
	- libav <not-affected> (Vulnerable code not present in libav)
	- ffmpeg <not-affected> (Vulnerable code not present in older ffmpeg)
CVE-2011-5268 (connection.c in Bip before 0.8.9 does not properly close sockets, ...)
	- bip 0.8.9-1
	[squeeze] - bip <no-dsa> (Minor issue)
	[wheezy] - bip <no-dsa> (Minor issue)
	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2014-0590 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0589 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0588 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0587 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0586 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0585 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0584 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0583 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0582 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0581 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0580 (Adobe Flash Player before 13.0.0.259 and 14.x through 16.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0579
	REJECTED
CVE-2014-0578 (Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0577 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0576 (Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0575
	REJECTED
CVE-2014-0574 (Double free vulnerability in Adobe Flash Player before 13.0.0.252 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0573 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.252 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0572 (Adobe ColdFusion 9.0 before Update 13, 9.0.1 before Update 12, 9.0.2 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-0571 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-0570 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2014-0569 (Integer overflow in Adobe Flash Player before 13.0.0.250 and 14.x and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0568 (The NtSetInformationFile system call hook feature in Adobe Reader and ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0567 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0566 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0565 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0564 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0563 (Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0562 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0561 (Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0560 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0559 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0558 (Adobe Flash Player before 13.0.0.250 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0557 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0556 (Heap-based buffer overflow in Adobe Flash Player before 13.0.0.244 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0555 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0554 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0553 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.244 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0552 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0551 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0550 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0549 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0548 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0547 (Adobe Flash Player before 13.0.0.244 and 14.x and 15.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0546 (Adobe Reader and Acrobat 10.x before 10.1.11 and 11.x before 11.0.08 ...)
	NOT-FOR-US: Adobe
CVE-2014-0545 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0544 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0543 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0542 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0541 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0540 (Adobe Flash Player before 13.0.0.241 and 14.x before 14.0.0.176 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0539 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0538 (Use-after-free vulnerability in Adobe Flash Player before 13.0.0.241 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0537 (Adobe Flash Player before 13.0.0.231 and 14.x before 14.0.0.145 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0536 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0535 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0534 (Adobe Flash Player before 13.0.0.223 and 14.x before 14.0.0.125 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0533 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0532 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0531 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0530
	REJECTED
CVE-2014-0529 (Buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.10 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0528 (Double free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0527 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0526 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0525 (The API in Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0524 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0523 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0522 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0521 (Adobe Reader and Acrobat 10.x before 10.1.10 and 11.x before 11.0.07 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2014-0520 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0519 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0518 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0517 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0516 (Adobe Flash Player before 13.0.0.214 on Windows and OS X and before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0515 (Buffer overflow in Adobe Flash Player before 11.7.700.279 and 11.8.x ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0514 (The Adobe Reader Mobile application before 11.2 for Android does not ...)
	NOT-FOR-US: Adobe Reader Mobile application
CVE-2014-0513 (Stack-based buffer overflow in Adobe Illustrator CS6 before 16.0.5 and ...)
	NOT-FOR-US: Adobe Illustrator CS6
CVE-2014-0512 (Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0511 (Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0510 (Heap-based buffer overflow in Adobe Flash Player 12.0.0.77 allows ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0509 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0508 (Adobe Flash Player before 11.7.700.275 and 11.8.x through 13.0.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0507 (Buffer overflow in Adobe Flash Player before 11.7.700.275 and 11.8.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0506 (Use-after-free vulnerability in Adobe Flash Player before 11.7.700.275 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2014-0505 (Adobe Shockwave Player before 12.1.0.150 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0504 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0503 (Adobe Flash Player before 11.7.700.272 and 11.8.x through 12.0.x ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0502 (Double free vulnerability in Adobe Flash Player before 11.7.700.269 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0501 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0500 (Adobe Shockwave Player before 12.0.9.149 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2014-0499 (Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0498 (Stack-based buffer overflow in Adobe Flash Player before 11.7.700.269 ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0497 (Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0496 (Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0495 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0494 (Adobe Digital Editions 2.0.1 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Digital Editions
CVE-2014-0493 (Adobe Reader and Acrobat 10.x before 10.1.9 and 11.x before 11.0.06 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2014-0492 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0491 (Adobe Flash Player before 11.7.700.260 and 11.8.x and 11.9.x before ...)
	NOT-FOR-US: Flash plugin
CVE-2014-0490 (The apt-get download command in APT before 1.0.9 does not properly ...)
	{DSA-3025-1}
	- apt 0.9.12
	NOTE: fixed with commit http://anonscm.debian.org/cgit/apt/apt.git/commit/?id=d57f6084aaa3972073114973d149ea2291b36682
	[squeeze] - apt <not-affected> (apt download command and vulnerable code not present)
CVE-2014-0489 (APT before 1.0.9, when the Acquire::GzipIndexes option is enabled, ...)
	{DSA-3025-1 DLA-53-1}
	- apt 1.0.9
CVE-2014-0488 (APT before 1.0.9 does not &quot;invalidate repository data&quot; when moving ...)
	{DSA-3025-1 DLA-53-1}
	- apt 1.0.9
CVE-2014-0487 (APT before 1.0.9 does not verify downloaded files if they have been ...)
	{DSA-3025-1 DLA-53-1}
	- apt 1.0.9
CVE-2014-0486 (Knot DNS before 1.5.2 allows remote attackers to cause a denial of ...)
	- knot 1.5.2-1
CVE-2014-0485 (S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which ...)
	{DSA-3013-1}
	- s3ql 2.10.1+dfsg-4 (high)
CVE-2014-0484 (The Debian acpi-support package before 0.140-5+deb7u3 allows local ...)
	{DSA-3020-1 DLA-49-1}
	- acpi-support 0.142-4
CVE-2014-0483 (The administrative interface (contrib.admin) in Django before 1.4.14, ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0482 (The contrib.auth.middleware.RemoteUserMiddleware middleware in Django ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0481 (The default configuration for the file upload handling system in ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0480 (The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x ...)
	{DSA-3010-1 DLA-65-1}
	- python-django 1.6.6-1
CVE-2014-0479 (reportbug before 6.4.4+deb7u1 and 6.5.x before 6.5.0+nmu1 allows ...)
	{DSA-2997-1 DLA-31-1}
	- reportbug 6.5.0+nmu1
	[squeeze] - reportbug 4.12.6+deb6u1
CVE-2014-0478 (APT before 1.0.4 does not properly validate source packages, which ...)
	{DSA-2958-1 DLA-0005-1}
	- apt 1.0.4 (bug #749795)
	[squeeze] - apt 0.8.10.3+squeeze2
CVE-2014-0477 (The parse function in Email::Address module before 1.905 for Perl uses ...)
	{DSA-2969-1 DLA-0011-1}
	- libemail-address-perl 1.905-1
	[squeeze] - libemail-address-perl 1.889-2+deb6u1
CVE-2014-0476 (The slapper function in chkrootkit before 0.50 does not properly quote ...)
	{DSA-2945-1 DLA-0002-1}
	- chkrootkit 0.49-5
	[squeeze] - chkrootkit 0.49-4+deb6u1
CVE-2014-0475 (Multiple directory traversal vulnerabilities in GNU C Library (aka ...)
	{DSA-2976-1 DLA-43-1}
	- glibc 2.19-6
	- eglibc <removed>
CVE-2014-0474 (The (1) FilePathField, (2) GenericIPAddressField, and (3) ...)
	{DSA-2934-1}
	- python-django 1.6.3-1
CVE-2014-0473 (The caching framework in Django before 1.4.11, 1.5.x before 1.5.6, ...)
	{DSA-2934-1}
	- python-django 1.6.3-1
CVE-2014-0472 (The django.core.urlresolvers.reverse function in Django before 1.4.11, ...)
	{DSA-2934-1}
	- python-django 1.6.3-1
CVE-2014-0471 (Directory traversal vulnerability in the unpacking functionality in ...)
	{DSA-2915-1}
	- dpkg 1.17.8
CVE-2014-0470 (super.c in Super 3.30.0 does not check the return value of the setuid ...)
	{DSA-2917-1}
	- super 3.30.0-7
CVE-2014-0469 (Stack-based buffer overflow in a certain Debian patch for xbuffy ...)
	{DSA-2921-1}
	- xbuffy 3.3.bl.3.dfsg-9
CVE-2014-0468
	RESERVED
	- fusionforge 5.3+20140506-1
	[squeeze] - fusionforge <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://lists.fusionforge.org/pipermail/fusionforge-general/2014-March/002645.html
CVE-2014-0467 (Buffer overflow in copy.c in Mutt before 1.5.23 allows remote ...)
	{DSA-2874-1}
	- mutt 1.5.22-2 (bug #708731)
CVE-2014-0466 (The fixps script in a2ps 4.14 does not use the -dSAFER option when ...)
	{DSA-2892-1}
	- a2ps 1:4.14-1.3 (bug #742902)
CVE-2013-7196 (static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote ...)
	NOT-FOR-US: PHPFox
CVE-2013-7195 (PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass ...)
	NOT-FOR-US: PHPFox
CVE-2013-7194 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: eFront
CVE-2013-7193 (Multiple SQL injection vulnerabilities in C2C Forward Auction Creator ...)
	NOT-FOR-US: C2C Forward Auction Creator
CVE-2013-7192 (Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder ...)
	NOT-FOR-US: Dynamic Biz Website Builder
CVE-2013-7190 (Multiple directory traversal vulnerabilities in iScripts AutoHoster, ...)
	NOT-FOR-US: iScripts AutoHoster
CVE-2013-7186 (Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows ...)
	NOT-FOR-US: Steinberg MyMp3PRO
CVE-2013-7185
	RESERVED
CVE-2013-7184 (Gretech GOM Media Player 2.2.56.5158 and earlier allows remote ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2013-7183 (cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote ...)
	NOT-FOR-US: Seowon Intech SWC-9100
CVE-2013-7182 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2013-7181 (Cross-site scripting (XSS) vulnerability in user/ldap_user/add in ...)
	NOT-FOR-US: FortiWeb
CVE-2013-7180 (Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; ...)
	NOT-FOR-US: Cobham
CVE-2013-7179 (The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech ...)
	NOT-FOR-US: Seowon Intech SWC-9100 routers
CVE-2013-7178
	RESERVED
CVE-2013-7177 (config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban ...)
	{DSA-2979-1 DLA-0021-1}
	- fail2ban 0.8.11-1
	[squeeze] - fail2ban 0.8.4-3+squeeze3
	NOTE: https://github.com/fail2ban/fail2ban/commit/bd175f026737d66e7110868fb50b3760ff75e087
CVE-2013-7176 (config/filter.d/postfix.conf in the postfix filter in Fail2ban before ...)
	{DSA-2979-1 DLA-0021-1}
	- fail2ban 0.8.11-1
	[squeeze] - fail2ban 0.8.4-3+squeeze3
CVE-2013-7175 (Multiple SQL injection vulnerabilities in Avanset Visual CertExam ...)
	NOT-FOR-US: Avanset Visual CertExam Manager
CVE-2013-7174 (Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS ...)
	NOT-FOR-US: QNAP QTS
CVE-2013-7173
	RESERVED
CVE-2013-7172
	RESERVED
	- libiodbc2 <not-affected> (RPATH issue slackware specific)
CVE-2013-7171
	RESERVED
	- llvm-2.9 <not-affected> (RPATH issue slackware specific)
	- llvm-3.0 <not-affected> (RPATH issue slackware specific)
	- llvm-3.1 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-3.2 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-3.3 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-3.4 <not-affected> (RPATH issue slackware specific)
	- llvm-toolchain-snapshot <not-affected> (RPATH issue slackware specific)
CVE-2013-7170
	RESERVED
CVE-2013-7169
	REJECTED
CVE-2013-7168
	REJECTED
CVE-2013-7167
	REJECTED
CVE-2013-7166
	REJECTED
CVE-2013-7165
	REJECTED
CVE-2013-7164
	REJECTED
CVE-2013-7163
	RESERVED
CVE-2013-7162
	RESERVED
CVE-2013-7161
	RESERVED
CVE-2013-7160
	RESERVED
CVE-2013-7159
	RESERVED
CVE-2013-7158
	RESERVED
CVE-2013-7157
	RESERVED
CVE-2013-7156
	RESERVED
CVE-2013-7155
	RESERVED
CVE-2013-7154
	RESERVED
CVE-2013-7153
	RESERVED
CVE-2013-7152
	RESERVED
CVE-2013-7151
	RESERVED
CVE-2013-7150
	RESERVED
CVE-2014-0465 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0464 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
	- openjdk-7 <not-affected> (Only affects Java 8)
	- openjdk-6 <not-affected> (Only affects Java 8)
CVE-2014-0463 (Unspecified vulnerability in Oracle Java SE 8 allows remote attackers ...)
	- openjdk-7 <not-affected> (Only affects Java 8)
	- openjdk-6 <not-affected> (Only affects Java 8)
CVE-2014-0462 (Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux ...)
	{DSA-2912-1}
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0461 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0460 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0459 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	{DSA-2923-1 DSA-2912-1}
	- lcms <unfixed>
	[squeeze] - lcms <no-dsa> (Minor issue)
	[wheezy] - lcms <no-dsa> (Minor issue)
	- lcms2 2.6-1 (low; bug #745471)
	[wheezy] - lcms2 <no-dsa> (Minor issue)
CVE-2014-0458 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0457 (Unspecified vulnerability in Oracle Java SE 5.0u61, SE 6u71, 7u51, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0456 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0455 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-0454 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	{DSA-2923-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 <not-affected> (Only affects Java 7/8)
CVE-2014-0453 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0452 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0451 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0450 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0449 (Unspecified vulnerability in Oracle Java SE 6u71, 7u51, and 8, and ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0448 (Unspecified vulnerability in Oracle Java SE 7u51 and 8 allows remote ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0447 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
	NOT-FOR-US: Solaris
CVE-2014-0446 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8, ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0445 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0444 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0443 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0442 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11.1 allows ...)
	NOT-FOR-US: Solaris
CVE-2014-0441 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0440 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0439 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0438 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0437 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mysql-5.5 5.5.35+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0436 (Unspecified vulnerability in the Hyperion BI+ component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2014-0435 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0434 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0433 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0432 (Unspecified vulnerability in Oracle Java SE 7u51 and 8, and Java SE ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2014-0431 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0430 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0429 (Unspecified vulnerability in Oracle Java SE 5.0u61, 6u71, 7u51, and 8; ...)
	{DSA-2923-1 DSA-2912-1}
	- openjdk-7 7u55-2.4.7-1
	- openjdk-6 6b31-1.13.3-1
CVE-2014-0428 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0427 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2014-0426 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0425 (Unspecified vulnerability in the PeopleSoft Enterprise SCM Services ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0424 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0423 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0422 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0421 (Unspecified vulnerability in Oracle Solaris 10, when running on the ...)
	NOT-FOR-US: Solaris
CVE-2014-0420 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1}
	- mariadb-5.5 5.5.35-1
	- mysql-5.5 5.5.35+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0419 (Unspecified vulnerability in the Oracle Secure Global Desktop (SGD) ...)
	NOT-FOR-US: Oracle Secure Global Desktop
CVE-2014-0418 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0417 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2014-0416 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0415 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0414 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0413 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0412 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mysql-5.5 5.5.35+dfsg-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0411 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0410 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0409
	REJECTED
CVE-2014-0408 (Unspecified vulnerability in Oracle Java SE 7u45, when running on OS ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 <not-affected> (Specific to MacOS X)
CVE-2014-0407 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2014-0406 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2014-0405 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox-guest-additions <removed> (bug #735410)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
	- virtualbox-guest-additions-iso 4.3.10-1 (bug #735410)
	[wheezy] - virtualbox-guest-additions-iso <no-dsa> (Non-free not supported)
CVE-2014-0404 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2014-0403 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0402 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0401 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0400 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0399 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0398 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2014-0397 (Multiple unspecified vulnerabilities in libXtsol in Oracle Solaris 10 ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-0396 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0395 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0394 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0393 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0392 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0391 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0390 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2014-0389 (Unspecified vulnerability in Oracle iLearning 6.0 allows remote ...)
	NOT-FOR-US: Oracle iLearning
CVE-2014-0388 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS Human ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0387 (Unspecified vulnerability in Oracle Java SE 6u65 and Java SE 7u45, ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0386 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0385 (Unspecified vulnerability in Oracle Java SE 7u45, when installing on ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 <not-affected> (Specific to MacOS X)
CVE-2014-0384 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2919-1}
	- mysql-5.5 5.5.37-1 (bug #744910)
	- mariadb-5.5 5.5.37-1 (bug #745330)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5/5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2014-0383 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0382 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2014-0381 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0380 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2014-0379 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0378 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-0377 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2014-0376 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0375 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2014-0374 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2014-0373 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0372 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0371 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2014-0370 (Unspecified vulnerability in the Siebel Life Sciences component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-0369 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2014-0368 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45, ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2014-0367 (Unspecified vulnerability in the Hyperion Essbase Administration ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2014-0366 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-7249 (Fat Free CRM before 0.12.1 does not restrict XML serialization, which ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7242 (SQL injection vulnerability in ...)
	NOT-FOR-US: Zenphoto
CVE-2013-7241 (Cross-site scripting (XSS) vulnerability in the export function in ...)
	NOT-FOR-US: Zenphoto
CVE-2013-7240 (Directory traversal vulnerability in download-file.php in the Advanced ...)
	NOT-FOR-US: Dewplayer
CVE-2013-7239 (memcached before 1.4.17 allows remote attackers to bypass ...)
	{DSA-2832-1}
	- memcached 1.4.13-0.3 (bug #733643)
	[squeeze] - memcached <not-affected> (vulnerable code present, but SASL authentication support not enabled)
	NOTE: https://code.google.com/p/memcached/wiki/ReleaseNotes1417
	NOTE: https://code.google.com/p/memcached/issues/detail?id=316
	NOTE: https://github.com/memcached/memcached/commit/87c1cf0f20be20608d3becf854e9cf0910f4ad32
CVE-2013-7236 (Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-7235 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-7234 (Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-7225 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7224 (Fat Free CRM before 0.12.1 does not restrict JSON serialization, which ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7223 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7222 (config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has ...)
	NOT-FOR-US: Fat Free CRM
CVE-2013-7221 (The automatic screen lock functionality in GNOME Shell (aka ...)
	- gnome-shell 3.10.1-1
	[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=708313
	NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/main.js?id=efdf1ff755943fba1f8a9aaeff77daa3ed338088
CVE-2013-7220 (js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 ...)
	- gnome-shell 3.8.4-1
	[wheezy] - gnome-shell <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=686740
	NOTE: https://git.gnome.org/browse/gnome-shell/commit/js/ui/screenShield.js?id=209014b083dbe86ed0e0860a6016735571b56f94
CVE-2013-7205 (Off-by-one error in the process_cgivars function in ...)
	- nagios3 <removed> (low; bug #771466)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: additional changed files for nagios3, cf. CVE-2013-7108
CVE-2013-7203
	RESERVED
	- gitolite3 3.5.3.1-1
	NOTE: http://marc.info/?l=oss-security&m=138783069700756&w=2
CVE-2013-7191 (Cross-site scripting (XSS) vulnerability in Tenmiles Helpdesk Pilot ...)
	NOT-FOR-US: Tenmiles Helpdesk Pilot
CVE-2013-7189 (Multiple SQL injection vulnerabilities in iScripts AutoHoster, ...)
	NOT-FOR-US: iScripts AutoHoster
CVE-2013-7188 (Cross-site scripting (XSS) vulnerability in KBKP Software HostBill ...)
	NOT-FOR-US: HostBill
CVE-2013-7187 (SQL injection vulnerability in form.php in the FormCraft plugin 1.3.7 ...)
	NOT-FOR-US: WordPress plugin FormCraft
CVE-2013-7149 (SQL injection vulnerability in www/delivery/axmlrpc.php (aka the ...)
	NOT-FOR-US: Revive Adserver
CVE-2013-7148
	REJECTED
CVE-2013-7147
	REJECTED
CVE-2013-7146
	REJECTED
CVE-2013-7145
	REJECTED
CVE-2013-7144 (LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X ...)
	NOT-FOR-US: LINE
CVE-2013-7143 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7142 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7141 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7140 (XML External Entity (XXE) vulnerability in the CalDAV interface in ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-7139 (SQL injection vulnerability in download.php in Horizon Quick Content ...)
	NOT-FOR-US: Horizon CMS
CVE-2013-7138 (Directory traversal vulnerability in lib/functions/d-load.php in ...)
	NOT-FOR-US: Horizon CMS
CVE-2013-7137 (The &quot;remember me&quot; functionality in login.php in Burden before 1.8.1 ...)
	NOT-FOR-US: Burden
CVE-2013-7136 (The UPC Ireland Cisco EPC 2425 router (aka Horizon Box) does not have ...)
	NOT-FOR-US: Cisco
CVE-2013-7135 (The Proc::Daemon module 0.14 for Perl uses world-writable permissions ...)
	- libproc-daemon-perl 0.14-2 (low; bug #732283)
	[wheezy] - libproc-daemon-perl <no-dsa> (Minor issue)
	[squeeze] - libproc-daemon-perl <not-affected> (does not have pid_file option)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=91450
CVE-2013-7134 (Juvia uses the same secret key for all installations, which allows ...)
	NOT-FOR-US: Juvia
CVE-2013-7133
	RESERVED
CVE-2013-7132
	RESERVED
CVE-2013-7131
	RESERVED
CVE-2013-7130 (The i_create_images_and_backing (aka create_images_and_backing) method ...)
	- nova 2013.2.2 (low; bug #736465)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/nova/+bug/1251590
CVE-2013-7129 (Cross-site scripting (XSS) vulnerability in ThemeBeans Blooog theme ...)
	NOT-FOR-US: WordPress theme
CVE-2013-7128 (Valve Bug Reporter in the valve-bugreporter package 2.10+bsos1 in ...)
	NOT-FOR-US: SteamOS
CVE-2013-7127 (Apple Safari 6.0.5 on Mac OS X 10.7.5 and 10.8.5 stores cleartext ...)
	NOT-FOR-US: Apple Safari
CVE-2013-7126
	REJECTED
CVE-2013-7125
	REJECTED
CVE-2013-7124
	REJECTED
CVE-2013-7123
	REJECTED
CVE-2013-7122
	REJECTED
CVE-2013-7121
	REJECTED
CVE-2013-7120
	REJECTED
CVE-2013-7119
	REJECTED
CVE-2013-7118
	REJECTED
CVE-2013-7117
	REJECTED
CVE-2013-7116
	REJECTED
CVE-2013-7115
	REJECTED
CVE-2013-7109
	RESERVED
CVE-2013-7105 (Buffer overflow in the Interstage HTTP Server log functionality, as ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2013-7104 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-7103 (McAfee Email Gateway 7.6 allows remote authenticated administrators to ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-7102 (Multiple unrestricted file upload vulnerabilities in (1) ...)
	NOT-FOR-US: WordPress theme OptimizePress
CVE-2013-7101
	RESERVED
CVE-2013-7100 (Buffer overflow in the unpacksms16 function in apps/app_sms.c in ...)
	{DSA-2835-1}
	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-006.html
	- asterisk 1:11.7.0~dfsg-1 (bug #732355)
CVE-2013-7099
	RESERVED
CVE-2013-7098
	RESERVED
CVE-2013-7097 (Directory traversal vulnerability in 7 Media Web Solutions eduTrac ...)
	NOT-FOR-US: eduTrac
CVE-2013-7096 (Multiple SQL injection vulnerabilities in SAP EMR Unwired allow remote ...)
	NOT-FOR-US: Sap EMR
CVE-2013-7095 (The XML parser (crm_flex_data) in SAP Customer Relationship Management ...)
	NOT-FOR-US: Sap CRM
CVE-2013-7094 (SQL injection vulnerability in the RSDDCVER_COUNT_TAB_COLS function in ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-7093 (SAP Network Interface Router (SAProuter) 39.3 SP4 allows remote ...)
	NOT-FOR-US: SAP Network Interface Router
CVE-2013-7092 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-7091 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Zimbra
CVE-2013-7090
	RESERVED
CVE-2013-7084
	RESERVED
CVE-2013-7114 (Multiple buffer overflows in the create_ntlmssp_v2_key function in ...)
	{DSA-2825-1}
	- wireshark 1.10.4-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-68.html
CVE-2013-7113 (epan/dissectors/packet-bssgp.c in the BSSGP dissector in Wireshark ...)
	{DSA-2825-1}
	- wireshark 1.10.4-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-67.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9488
CVE-2013-7112 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...)
	{DLA-497-1}
	- wireshark 1.10.4-1 (unimportant)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-66.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9388
	NOTE: Not suitable for code injection
CVE-2013-7111 (The put_call function in the API client (api/api_client.rb) in the ...)
	NOT-FOR-US: Bio Basespace SDK Ruby Gem
CVE-2013-7110 (Transifex command-line client before 0.10 does not validate X.509 ...)
	- transifex-client 0.10-1
	[wheezy] - transifex-client <not-affected> (Incomplete patch was never released)
	NOTE: fix for CVE-2013-2073 was incorrect/incomplete
	NOTE: https://github.com/transifex/transifex-client/issues/42
	NOTE: https://github.com/transifex/transifex-client/commit/6d69d61
CVE-2013-7108 (Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, ...)
	{DSA-2956-1 DLA-60-1}
	- icinga 1.10.2-1 (low)
	- nagios3 <removed> (low; bug #771466)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.org/issues/5251
	NOTE: separate CVE requested for nagios, http://www.openwall.com/lists/oss-security/2013/12/23/4
CVE-2013-7107 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga ...)
	{DSA-2956-1}
	- icinga 1.10.2-1 (low)
	[squeeze] - icinga <no-dsa> (Minor issue)
	- nagios3 <removed> (low)
	[jessie] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	NOTE: https://dev.icinga.org/issues/5346
CVE-2013-7106 (Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 ...)
	{DSA-2956-1}
	- icinga 1.10.2-1
	[squeeze] - icinga <not-affected> (Vulnerable code not present)
	NOTE: https://dev.icinga.org/issues/5250
CVE-2013-7083
	RESERVED
CVE-2013-7068 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal ...)
	NOT-FOR-US: Drupal module
CVE-2013-7067 (The OG Features module 6.x-1.x before 6.x-1.4 for Drupal does not ...)
	NOT-FOR-US: Drupal module
CVE-2013-7066 (The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal ...)
	NOT-FOR-US: Drupal module
CVE-2013-7065 (The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal ...)
	NOT-FOR-US: Drupal module
CVE-2013-7064 (Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance ...)
	NOT-FOR-US: Drupal module
CVE-2013-7063 (The Invitation module 7.x-2.x for Drupal does not properly check ...)
	NOT-FOR-US: Drupal module
CVE-2013-7059
	RESERVED
CVE-2013-7058
	RESERVED
CVE-2013-7057 (Cross-site request forgery (CSRF) vulnerability in Axway ...)
	NOT-FOR-US: Axway SecureTransport
CVE-2013-7056
	RESERVED
CVE-2013-7055
	RESERVED
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7054
	RESERVED
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7053
	RESERVED
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7052
	RESERVED
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7051
	RESERVED
	NOT-FOR-US: Router D-Link DIR-100
CVE-2013-7047
	RESERVED
CVE-2013-7046
	RESERVED
CVE-2013-7045
	RESERVED
CVE-2013-7044
	RESERVED
CVE-2013-7043 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-7042 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 uses ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2013-7037
	RESERVED
CVE-2013-7036
	RESERVED
CVE-2013-7035
	RESERVED
CVE-2013-7034 (The setCookieValue function in _lib/functions.global.inc.php in ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7033 (LiveZilla before 5.1.2.1 includes the operator password in plaintext ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7032 (Multiple cross-site scripting (XSS) vulnerabilities in the web based ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7031
	RESERVED
CVE-2013-7030 (** DISPUTED ** The TFTP service in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-7029
	RESERVED
CVE-2013-7028
	RESERVED
CVE-2013-7027 (The ieee80211_radiotap_iterator_init function in ...)
	- linux 3.11.7-1 (unimportant)
	[wheezy] - linux 3.2.53-1
	- linux-2.6 <removed> (unimportant)
	NOTE: Non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=1040010#c1
CVE-2013-7026 (Multiple race conditions in ipc/shm.c in the Linux kernel before ...)
	- linux 3.12.5-1
	[wheezy] - linux <not-affected> (Introduced in 8b8d52ac382b)
	- linux-2.6 <not-affected> (Introduced in 8b8d52ac382b)
CVE-2013-7089 [dbg_printhex possible information leak]
	RESERVED
	- clamav 0.97.7+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6804
CVE-2013-7088 [buffer overflow]
	RESERVED
	- clamav 0.97.7+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=6809
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/e8e3746266dd3f82054ca137b81b800e54de6ebd
CVE-2013-7087 [[clamav: WWPack corrupt heap memory]
	RESERVED
	- clamav 0.97.7+dfsg-1
	NOTE: https://github.com/vrtadmin/clamav-devel/commit/71990820d01c246e4e61408a3659dd9d92949b38
	NOTE: from https://github.com/vrtadmin/clamav-devel/commits/master/libclamav/wwunpack.c
CVE-2013-7086 (The message function in lib/webbynode/notify.rb in the Webbynode gem ...)
	NOT-FOR-US: Ruby Gem Webbynode
CVE-2013-7085 (Uscan in devscripts 2.13.5, when USCAN_EXCLUSION is enabled, allows ...)
	- devscripts 2.13.9 (bug #732006)
	[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
	[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
CVE-2013-7082 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...)
	NOT-FOR-US: Typo3 Flow
	NOTE: https://review.typo3.org/#/c/26176/
	NOTE: CVE assigned for Typo3 Flow, correspond to CVE-2013-7078
CVE-2013-7081 (The (old) Form Content Element component in TYPO3 4.5.0 through ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26182/
CVE-2013-7080 (The creating record functionality in Extension table administration ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26178/
CVE-2013-7079 (Open redirect vulnerability in the OpenID extension in TYPO3 4.5.0 ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26179/
CVE-2013-7078 (Cross-site scripting (XSS) vulnerability in the errorAction method in ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26176/
CVE-2013-7077 (Cross-site scripting (XSS) vulnerability in the Backend User ...)
	- typo3-src <not-affected> (Affects versions 6.0.0 to 6.0.11, 6.1.0 to 6.1.6)
CVE-2013-7076 (Cross-site scripting (XSS) vulnerability in Extension Manager in TYPO3 ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26181/
CVE-2013-7075 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26175/
CVE-2013-7074 (Multiple cross-site scripting (XSS) vulnerabilities in Content Editing ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26184/
	NOTE: https://review.typo3.org/#/c/26183/
	NOTE: https://review.typo3.org/#/c/26177/
CVE-2013-7073 (The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, ...)
	{DSA-2834-1}
	- typo3-src 4.5.32+dfsg1-1 (bug #731999)
	NOTE: https://review.typo3.org/#/c/26180/
CVE-2013-7072
	REJECTED
CVE-2013-7071
	RESERVED
	NOT-FOR-US: Monitorix
CVE-2013-7070
	RESERVED
	NOT-FOR-US: Monitorix
CVE-2013-7062 [XSS]
	RESERVED
	- zope2.12 <removed> (low)
	[wheezy] - zope2.12 <no-dsa> (Minor issue)
	- zope2.13 <not-affected> (Vulnerable code not present)
CVE-2013-7061 (Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows ...)
	NOT-FOR-US: Plone
CVE-2013-7060 (Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows ...)
	NOT-FOR-US: Plone
CVE-2013-7049 (Stack-based buffer overflow in fish.cpp in the Fish plugin for ZNC, as ...)
	NOTE: vulnerable code not found in Debian
	NOTE: http://www.openwall.com/lists/oss-security/2013/12/11/14
	NOT-FOR-US: FiSH Plugin for ZNC IRC Bouncer
CVE-2013-7048 (OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and ...)
	- nova 2013.2.2 (bug #732022)
	[wheezy] - nova <not-affected> (Support for live snapshots added later)
	NOTE: https://bugs.launchpad.net/nova/+bug/1227027
CVE-2013-7050 (The get_main_source_dir function in scripts/uscan.pl in devscripts ...)
	- devscripts 2.13.8 (bug #731849)
	[wheezy] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
	[squeeze] - devscripts <not-affected> (does not contain the vulnerable code; introduced in 2.13.5)
	NOTE: http://anonscm.debian.org/gitweb/?p=collab-maint/devscripts.git;a=commitdiff;h=91f05b5
CVE-2013-7069 (ack 2.00 through 2.11_02 allows remote attackers to execute arbitrary ...)
	- ack-grep 2.12-1 (bug #731848)
	[wheezy] - ack-grep <not-affected> (don't support per-project .ackrc files)
	[squeeze] - ack-grep <not-affected> (don't support per-project .ackrc files)
	NOTE: https://github.com/petdance/ack2/issues/399
CVE-2013-7025 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Dell SonicWALL Global Management System
CVE-2013-7007
	RESERVED
CVE-2013-7006
	RESERVED
CVE-2013-7005 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...)
	NOT-FOR-US: D-Link DSR-150
CVE-2013-7004 (D-Link DSR-150 with firmware before 1.08B44; DSR-150N with firmware ...)
	NOT-FOR-US: D-Link DSR-150
CVE-2013-7003 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...)
	NOT-FOR-US: LiveZilla
CVE-2012-6614
	RESERVED
CVE-2012-6613
	RESERVED
CVE-2014-0365
	RESERVED
CVE-2014-0364 (The ParseRoster component in the Ignite Realtime Smack XMPP API before ...)
	NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964)
CVE-2014-0363 (The ServerTrustManager component in the Ignite Realtime Smack XMPP API ...)
	NOT-FOR-US: smack userspace tools, was once ITPed, but closed (637964)
CVE-2014-0362 (Cross-site scripting (XSS) vulnerability on Google Search Appliance ...)
	NOT-FOR-US: Google Search Appliance
CVE-2014-0361 (The default configuration of IBM 4690 OS, as used in Toshiba Global ...)
	NOT-FOR-US: IBM
CVE-2014-0360
	REJECTED
CVE-2014-0359 (Xangati XSR before 11 and XNR before 7 allows remote attackers to ...)
	NOT-FOR-US: Xangati
CVE-2014-0358 (Multiple directory traversal vulnerabilities in Xangati XSR before 11 ...)
	NOT-FOR-US: Xangati
CVE-2014-0357 (Amtelco miSecureMessages allows remote attackers to read the messages ...)
	NOT-FOR-US: Amtelco miSecureMessages
CVE-2014-0356 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0355 (Multiple stack-based buffer overflows on the ZyXEL Wireless N300 ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0354 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0353 (The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware ...)
	NOT-FOR-US: ZyXEL
CVE-2014-0352
	REJECTED
CVE-2014-0351 (The FortiManager protocol service in Fortinet FortiOS before 4.3.16 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2014-0350 (The Poco::Net::X509Certificate::verify method in the NetSSL library in ...)
	{DLA-1239-1}
	- poco 1.3.6p1-5 (low; bug #746637)
	[squeeze] - poco <no-dsa> (Minor issue)
CVE-2014-0349 (Multiple unspecified vulnerabilities in J2k-Codec allow remote ...)
	NOT-FOR-US: J2k-Codec
CVE-2014-0348 (The Artiva Agency Single Sign-On (SSO) implementation in Artiva ...)
	NOT-FOR-US: Artiva
CVE-2014-0347 (The Settings module in Websense Triton Unified Security Center 7.7.3 ...)
	NOT-FOR-US: Websense Triton Unified Security Center
CVE-2014-0346
	REJECTED
CVE-2014-0345
	RESERVED
CVE-2014-0344 (Properties.do in ZOHO ManageEngine OpStor before build 8500 does not ...)
	NOT-FOR-US: ZOHO ManageEngine OpStor
CVE-2014-0343 (The web interface on Virtual Access GW6110A routers with software 9.00 ...)
	NOT-FOR-US: GW6110A routers
CVE-2014-0342 (Multiple unrestricted file upload vulnerabilities in fileupload.php in ...)
	NOT-FOR-US: PivotX
CVE-2014-0341 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX before ...)
	NOT-FOR-US: PivotX
CVE-2014-0340
	RESERVED
CVE-2014-0339 (Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before ...)
	NOT-FOR-US: Webmin
CVE-2014-0338 (Multiple cross-site scripting (XSS) vulnerabilities in the firewall ...)
	NOT-FOR-US: WatchGuard Fireware XTM
CVE-2014-0337 (Cross-site scripting (XSS) vulnerability in the web interface on ...)
	NOT-FOR-US: Huawei Echo Life HG8247
CVE-2014-0336 (Cross-site request forgery (CSRF) vulnerability in the web client in ...)
	NOT-FOR-US: Serena Dimensions CM
CVE-2014-0335 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
	NOT-FOR-US: Serena Dimensions CM
CVE-2014-0334 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2014-0333 (The png_push_read_chunk function in pngpread.c in the progressive ...)
	- libpng <not-affected> (Only affects libpng 1.6.0 through 1.6.9)
	- libpng1.6 1.6.10-1
CVE-2014-0332 (Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL ...)
	NOT-FOR-US: Dell SonicWALL GMS
CVE-2014-0331 (Cross-site scripting (XSS) vulnerability in the web administration ...)
	NOT-FOR-US: Fortinet NGFW
CVE-2014-0330 (Cross-site scripting (XSS) vulnerability in adminui/user_list.php on ...)
	NOT-FOR-US: Dell KACE K1000 management appliance
CVE-2014-0329 (The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded ...)
	NOT-FOR-US: TELNET service on the ZTE ZXV10 W300 router
CVE-2014-0328 (The thraneLINK protocol implementation on Cobham devices does not ...)
	NOT-FOR-US: Cobham
CVE-2014-0327 (The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and ...)
	NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on Iridium satellite terminals
CVE-2014-0326 (The Pilot Below Deck Equipment (BDE) and OpenPort implementations on ...)
	NOT-FOR-US: Pilot Below Deck Equipment and OpenPort implementations on Iridium satellite terminals
CVE-2013-7041 (The pam_userdb module for Pam uses a case-insensitive method to ...)
	- pam 1.1.8-3.1 (low; bug #731368)
	[squeeze] - pam <no-dsa> (Minor issue)
	[wheezy] - pam <no-dsa> (Minor issue)
CVE-2013-7040 (Python 2.7 before 3.4 only uses the last eight bits of the prefix to ...)
	- python2.5 <removed> (unimportant)
	- python2.6 <removed> (unimportant)
	- python2.7 <unfixed> (unimportant)
	- python3.1 <removed> (unimportant)
	- python3.2 <removed> (unimportant)
	- python3.3 <removed> (unimportant)
	- python3.4 3.4.0-1 (unimportant)
	NOTE: upstream tagged this as wontfix for versions older than 3.4
CVE-2013-7039 (Stack-based buffer overflow in the MHD_digest_auth_check function in ...)
	- libmicrohttpd 0.9.32-1 (low; bug #731933)
	[wheezy] - libmicrohttpd 0.9.20-1+deb7u1
	[squeeze] - libmicrohttpd <no-dsa> (Minor issue, only expoitable in corner cases)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039390
CVE-2013-7038 (The MHD_http_unescape function in libmicrohttpd before 0.9.32 might ...)
	- libmicrohttpd 0.9.32-1 (low; bug #731933)
	[squeeze] - libmicrohttpd <no-dsa> (Minor issue)
	[wheezy] - libmicrohttpd <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039384
CVE-2013-7024 (The jpeg2000_decode_tile function in libavcodec/jpeg2000dec.c in ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/fe448cd28d674c3eff3072552eae366d0b659ce9
	NOTE: https://trac.ffmpeg.org/ticket/2921
	NOTE: Only present in libav trunk
CVE-2013-7023 (The ff_combine_frame function in libavcodec/parser.c in FFmpeg before ...)
	- ffmpeg <not-affected> (max_alloc not present in old ffmpeg/libav)
	- libav <not-affected> (max_alloc not present in old ffmpeg/libav)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/f31011e9abfb2ae75bb32bc44e2c34194c8dc40a
	NOTE: https://trac.ffmpeg.org/ticket/2982
CVE-2013-7022 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e07ac727c1cc9eed39e7f9117c97006f719864bd
	NOTE: https://trac.ffmpeg.org/ticket/2971
	NOTE: Only present in libav trunk
CVE-2013-7021 (The filter_frame function in libavfilter/vf_fps.c in FFmpeg before 2.1 ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/cdd5df8189ff1537f7abe8defe971f80602cc2d2
	NOTE: https://trac.ffmpeg.org/ticket/2905
CVE-2013-7020 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
	{DSA-3027-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.4-1
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/b05cd1ea7e45a836f7f6071a716c38bb30326e0f
CVE-2013-7019 (The get_cox function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/a1b9004b768bef606ee98d417bceb9392ceb788d
	NOTE: https://trac.ffmpeg.org/ticket/2898
	NOTE: Only present in libav trunk
CVE-2013-7018 (libavcodec/jpeg2000dec.c in FFmpeg before 2.1 does not ensure the use ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/9a271a9368eaabf99e6c2046103acb33957e63b7
	NOTE: https://trac.ffmpeg.org/ticket/2895
	NOTE: Only present in libav trunk
CVE-2013-7017 (libavcodec/jpeg2000.c in FFmpeg before 2.1 allows remote attackers to ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/912ce9dd2080c5837285a471d750fa311e09b555
	NOTE: Only present in libav trunk
CVE-2013-7016 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/8bb11c3ca77b52e05a9ed1496a65f8a76e6e2d8f
	NOTE: https://trac.ffmpeg.org/ticket/2848
	NOTE: Only present in libav trunk
CVE-2013-7015 (The flashsv_decode_frame function in libavcodec/flashsv.c in FFmpeg ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.11-1
	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/880c73cd76109697447fbfbaa8e5ee5683309446
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=57070b1468edc6ac8cb3696c817f3c943975d4c1
	NOTE: https://trac.ffmpeg.org/ticket/2844
CVE-2013-7014 (Integer signedness error in the add_bytes_l2_c function in ...)
	{DSA-2855-1}
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:9.11-1
	NOTE: https://trac.ffmpeg.org/ticket/2919
	NOTE: Fix in ffmpeg: https://github.com/FFmpeg/FFmpeg/commit/86736f59d6a527d8bc807d09b93f971c0fe0bb07
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7013 (The g2m_init_buffers function in libavcodec/g2meet.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/821a5938d100458f4d09d634041b05c860554ce0
	NOTE: https://trac.ffmpeg.org/ticket/2922
	NOTE: Only present in libav trunk
CVE-2013-7012 (The get_siz function in libavcodec/jpeg2000dec.c in FFmpeg before 2.1 ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/780669ef7c23c00836a24921fcc6b03be2b8ca4a
	NOTE: https://trac.ffmpeg.org/ticket/3080
	NOTE: Only present in libav trunk
CVE-2013-7011 (The read_header function in libavcodec/ffv1dec.c in FFmpeg before 2.1 ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Reproducer fails on libav 0.8.9 and 9.11)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/547d690d676064069d44703a1917e0dab7e33445
	NOTE: https://trac.ffmpeg.org/ticket/2906
CVE-2013-7010 (Multiple integer signedness errors in libavcodec/dsputil.c in FFmpeg ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.11-1
	NOTE: ffmpeg fix: https://github.com/FFmpeg/FFmpeg/commit/454a11a1c9c686c78aa97954306fb63453299760
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=d1916d13e28b87f4b1b214231149e12e1d536b4b
CVE-2013-7009 (The rpza_decode_stream function in libavcodec/rpza.c in FFmpeg before ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Not reproducible with 0.8.9)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/3819db745da2ac7fb3faacb116788c32f4753f34
	NOTE: https://trac.ffmpeg.org/ticket/2850
CVE-2013-7008 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav <not-affected> (Crash not reproducable, libav code is different)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/29ffeef5e73b8f41ff3a3f2242d356759c66f91f
	NOTE: https://trac.ffmpeg.org/ticket/2927
CVE-2013-7002 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: LiveZilla
CVE-2013-7001 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS &amp; MMS Gateway ...)
	NOT-FOR-US: NowSMS
CVE-2013-7000 (The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS &amp; MMS Gateway ...)
	NOT-FOR-US: NowSMS
CVE-2013-6999 (** DISPUTED ** The IsHandleEntrySecure function in win32k.sys in the ...)
	NOT-FOR-US: Microsoft Windows Server 2008 SP2
CVE-2013-6998
	REJECTED
CVE-2013-6997 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6996
	RESERVED
CVE-2013-6995
	REJECTED
CVE-2013-6994 (OpenText Exceed OnDemand (EoD) 8 transmits the session ID in ...)
	NOT-FOR-US: OpenText Exceed OnDemand
CVE-2013-6993 (Cross-site scripting (XSS) vulnerability in the Ad-minister plugin 0.6 ...)
	NOT-FOR-US: WordPress plugin Ad-minister
CVE-2013-6992 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: WordPress plugin AskApache Firefox Adsense
CVE-2013-6991 (Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard ...)
	NOT-FOR-US: WordPress plugin WP-Cron Dashboard
CVE-2013-6990 (FortiGuard FortiAuthenticator before 3.0 allows remote administrators ...)
	NOT-FOR-US: FortiGuard FortiAuthenticator
CVE-2013-6989
	RESERVED
CVE-2013-6988
	RESERVED
CVE-2013-6987 (Multiple directory traversal vulnerabilities in the FileBrowser ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2013-6986 (The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in ...)
	NOT-FOR-US: ZippyYum
CVE-2013-6984
	RESERVED
CVE-2013-6983 (SQL injection vulnerability in the web interface in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Presence Server
CVE-2013-6982 (The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-6981 (Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-6980
	RESERVED
CVE-2013-6979 (The VTY authentication implementation in Cisco IOS XE 03.02.xxSE and ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-6978 (The disaster recovery system (DRS) component in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2013-6977
	RESERVED
CVE-2013-6976 (Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup ...)
	NOT-FOR-US: Cisco
CVE-2013-6975 (Directory traversal vulnerability in the command-line interface in ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-6974 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-6973 (Cisco WebEx Training Center allows remote attackers to discover ...)
	NOT-FOR-US: Cisco
CVE-2013-6972 (Cisco WebEx Training Center allows remote attackers to discover ...)
	NOT-FOR-US: Cisco
CVE-2013-6971 (Open redirect vulnerability in Cisco WebEx Training Center allows ...)
	NOT-FOR-US: Cisco
CVE-2013-6970 (Cisco WebEx Meeting Center allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cisco
CVE-2013-6969 (The training-registration page in Cisco WebEx Training Center allows ...)
	NOT-FOR-US: Cisco
CVE-2013-6968 (Cisco WebEx Training Center provides different error messages for ...)
	NOT-FOR-US: Cisco
CVE-2013-6967 (Open redirect vulnerability in the mobile-browser subsystem in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-6966 (Open redirect vulnerability in Cisco WebEx Training Center allows ...)
	NOT-FOR-US: Cisco
CVE-2013-6965 (The registration component in Cisco WebEx Training Center provides the ...)
	NOT-FOR-US: Cisco
CVE-2013-6964 (Cisco WebEx Meeting Center allows remote authenticated users to bypass ...)
	NOT-FOR-US: Cisco
CVE-2013-6963 (Cross-site scripting (XSS) vulnerability in the registration component ...)
	NOT-FOR-US: Cisco
CVE-2013-6962 (Cross-site scripting (XSS) vulnerability in the mobile-browser ...)
	NOT-FOR-US: Cisco
CVE-2013-6961 (Cross-site scripting (XSS) vulnerability in the Collaboration Partner ...)
	NOT-FOR-US: Cisco
CVE-2013-6960 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2013-6959 (Open redirect vulnerability in Cisco WebEx Sales Center allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-6958 (Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the ...)
	NOT-FOR-US: Juniper NetScreen Firewall
CVE-2013-6957 (Cross-site scripting (XSS) vulnerability in the web administrative ...)
	NOT-FOR-US: Juniper
CVE-2013-6956 (Cross-site scripting (XSS) vulnerability in the Secure Access Service ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-6955 (webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 ...)
	NOT-FOR-US: Synology DiskStation Manager
CVE-2013-6954 (The png_do_expand_palette function in libpng before 1.6.8 allows ...)
	{DSA-2923-1}
	- libpng <not-affected> (Vulnerable code introduced in 1.6.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045561
	NOTE: http://sourceforge.net/mailarchive/message.php?msg_id=31751422
CVE-2013-6953 (BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2013-6952 (The Belkin WeMo Home Automation firmware before 3949 has a hardcoded ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6951 (The Belkin WeMo Home Automation firmware before 3949 does not maintain ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6950 (The Belkin WeMo Home Automation firmware before 3949 does not use SSL ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6949 (The Belkin WeMo Home Automation firmware before 3949 does not properly ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6948 (The peerAddresses API in the Belkin WeMo Home Automation firmware ...)
	NOT-FOR-US: Belkin WeMo
CVE-2013-6947
	RESERVED
CVE-2013-6946
	RESERVED
CVE-2013-6945 (The M2M Broker in OSEHRA VistA, as distributed before September 30, ...)
	- vista <itp> (bug #541242)
CVE-2013-6944 (Cross-site scripting (XSS) vulnerability in the user interface in the ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6943 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6942 (Cross-site request forgery (CSRF) vulnerability in Citrix NetScaler ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6941 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6940 (Citrix NetScaler Application Delivery Controller (ADC) 9.3.x before ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6939 (Unspecified vulnerability in Citrix NetScaler Application Delivery ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6938 (Unspecified vulnerability in the Service VM in Citrix NetScaler SDX ...)
	NOT-FOR-US: Citrix NetScaler SDX
CVE-2013-6937 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
	NOT-FOR-US: VideoCharge
CVE-2013-6936 (Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2013-6935 (Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows ...)
	NOT-FOR-US: VideoCharge
CVE-2013-6934 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
	- liblivemedia <not-affected> (incomplete patch never applied)
	- vlc <not-affected> (never built against liblivemedia with incomplete patch)
	- mplayer <not-affected> (never built against liblivemedia with incomplete patch)
	- mplayer2 <not-affected> (b-d's on liblivemedia but doesn't actually build the support for it)
CVE-2013-6933 (The parseRTSPRequestString function in Live Networks Live555 Streaming ...)
	{DSA-3156-1}
	- liblivemedia 2014.01.13-1
	[squeeze] - liblivemedia <not-affected> (vuln. code introduced in 2011.08.13)
	- vlc 2.1.4-1
	[wheezy] - vlc 2.0.3-5+deb7u2
	[squeeze] - vlc <not-affected> (not built against vuln. liblivemedia)
	- mplayer 2:1.1.1+svn37434-1 (low)
	[squeeze] - mplayer <no-dsa> (Minor issue)
	- mplayer2 <not-affected> (b-d's on liblivemedia but doesn't actually build the support for it)
	NOTE: vlc fixed by binNMU 2.1.2-2+b1, but since binNMUs are not visible to the security tracker, the subsequent sid upload is tracked
	NOTE: for wheezy the version present at release of DSA 3156 is used (2.0.3-5+deb7u2), although strictly speaking it's 2.0.3-5+deb7u2+b1
CVE-2013-6932 (Buffer overflow in IrfanView before 4.37, when a multibyte-character ...)
	NOT-FOR-US: IrfanView
CVE-2013-6931 (SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6930 (SQL injection vulnerability in the page-navigation implementation in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6929 (SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6928
	RESERVED
CVE-2013-6927
	RESERVED
CVE-2013-6926 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 ...)
	NOT-FOR-US: Siemens
CVE-2013-6925 (The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 ...)
	NOT-FOR-US: Siemens
CVE-2013-6924 (Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow ...)
	NOT-FOR-US: Seagate BlackArmor NAS devices
CVE-2013-6923 (Multiple cross-site scripting (XSS) vulnerabilities in Seagate ...)
	NOT-FOR-US: Seagate BlackArmor NAS 220 devices
CVE-2013-6922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Seagate BlackArmor NAS 220
CVE-2013-6921
	RESERVED
CVE-2012-6612 (The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
CVE-2014-0325 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0324 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0323 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2014-0322 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer 10
CVE-2014-0321 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0320
	REJECTED
CVE-2014-0319 (Microsoft Silverlight 5 before 5.1.30214.0 and Silverlight 5 Developer ...)
	NOT-FOR-US: Microsoft
CVE-2014-0318 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2014-0317 (The Security Account Manager Remote (SAMR) protocol implementation in ...)
	NOT-FOR-US: Microsoft
CVE-2014-0316 (Memory leak in the Local RPC (LRPC) server implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2014-0315 (Untrusted search path vulnerability in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2014-0314 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0313 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0312 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0311 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0310 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0309 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0308 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0307 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0306 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0305 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0304 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0303 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0302 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0301 (Double free vulnerability in qedit.dll in DirectShow in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2014-0300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2014-0299 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0298 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0297 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0296 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-0295 (VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0294 (Microsoft Forefront Protection 2010 for Exchange Server does not ...)
	NOT-FOR-US: Microsoft Forefront Protection
CVE-2014-0293 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0292
	REJECTED
CVE-2014-0291
	REJECTED
CVE-2014-0290 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0289 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0288 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0287 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0286 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0285 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0284 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0283 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0282 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0281 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0280 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0279 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0278 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0277 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0276 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0275 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0274 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0273 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0272 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0271 (The VBScript engine in Microsoft Internet Explorer 6 through 11, and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0270 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0269 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0268 (Microsoft Internet Explorer 8 through 11 does not properly restrict ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0267 (Microsoft Internet Explorer 11 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2014-0266 (The XMLHTTP ActiveX controls in XML Core Services 3.0 in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2014-0265
	REJECTED
CVE-2014-0264
	REJECTED
CVE-2014-0263 (The Direct2D implementation in Microsoft Windows 7 SP1, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-0262 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2014-0261 (Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows ...)
	NOT-FOR-US: Microsoft Dynamics
CVE-2014-0260 (Microsoft Word 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-0259 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-0258 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2014-0257 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0256 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2014-0255 (Microsoft Windows Server 2008 SP2 and R2 SP1 and Server 2012 Gold and ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2014-0254 (The IPv6 implementation in Microsoft Windows 8, Windows Server 2012, ...)
	NOT-FOR-US: Microsoft
CVE-2014-0253 (Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2014-0252
	REJECTED
CVE-2014-0251 (Microsoft Windows SharePoint Services 3.0 SP3; SharePoint Server 2007 ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2014-0250 (Multiple integer overflows in client/X11/xf_graphics.c in FreeRDP ...)
	- freerdp 1.1.0~git20140809.1.b07a5c1+dfsg-1 (unimportant; bug #749585)
	NOTE: A malicious RDP server has many more ways to mess with an RDP client
CVE-2014-0249 (The System Security Services Daemon (SSSD) 1.11.6 does not properly ...)
	- sssd 1.11.7-1 (low; bug #749569)
	[jessie] - sssd <no-dsa> (Minor issue)
	[squeeze] - sssd <no-dsa> (Minor issue)
	[wheezy] - sssd <no-dsa> (Minor issue)
CVE-2014-0248 (org.jboss.seam.web.AuthenticationFilter in Red Hat JBoss Web Framework ...)
	NOT-FOR-US: JBoss Seam
CVE-2014-0247 (LibreOffice 4.2.4 executes unspecified VBA macros automatically, which ...)
	- libreoffice 1:4.2.5-1
	[wheezy] - libreoffice <not-affected> (vulnerable code not present)
CVE-2014-0246 (SOSreport stores the md5 hash of the GRUB bootloader password in an ...)
	- sosreport <unfixed> (unimportant; bug #749568)
	NOTE: Non-issue, see https://bugzilla.redhat.com/show_bug.cgi?id=1101393#c5
CVE-2014-0245
	RESERVED
	NOT-FOR-US: GateIn
CVE-2014-0244 (The sys_recvfrom function in nmbd in Samba 3.6.x before 3.6.24, 4.0.x ...)
	{DSA-2966-1}
	- samba 2:4.1.9+dfsg-1
	[squeeze] - samba <not-affected> (Only affects 3.6 and later)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: https://www.samba.org/samba/security/CVE-2014-0244
CVE-2014-0243 [check-mk: arbitrary file disclosure]
	RESERVED
	- check-mk <not-affected> (Vulnerable code not present)
	NOTE: https://www.lsexperts.de/advisories/lse-2014-05-21.txt
CVE-2014-0242 [information disclosure via Content-Type response header]
	RESERVED
	{DSA-2937-1}
	- mod-wsgi 3.4-3
	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/b0a149c1f5e569932325972e2e20176a42e43517
CVE-2014-0241
	RESERVED
	NOT-FOR-US: hammer_cli_foreman ruby gem
CVE-2014-0240 (The mod_wsgi module before 3.5 for Apache, when daemon mode is ...)
	{DSA-2937-1}
	- mod-wsgi 3.5-1 (bug #748910)
	NOTE: https://github.com/GrahamDumpleton/mod_wsgi/commit/d9d5fea585b23991f76532a9b07de7fcd3b649f4
	NOTE: only when running with linux >= 2.6.0 and < 3.1.0
CVE-2014-0239 (The internal DNS server in Samba 4.x before 4.0.18 does not check the ...)
	- samba 2:4.1.8+dfsg-1 (bug #749845)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	[squeeze] - samba <not-affected> (AD feature not present)
	[wheezy] - samba <not-affected> (AD feature not present)
	NOTE: AD-related packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
CVE-2014-0238 (The cdf_read_property_info function in cdf.c in the Fileinfo component ...)
	{DSA-3021-1 DSA-2943-1 DLA-145-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/f97486ef5dc3e8735440edc4fc8808c63e1a3ef0
	- php5 5.6.0~beta4+dfsg-1 (low)
	NOTE: https://bugs.php.net/bug.php?id=67327
CVE-2014-0237 (The cdf_unpack_summary_info function in cdf.c in the Fileinfo ...)
	{DSA-3021-1 DSA-2943-1 DLA-145-1 DLA-27-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: https://github.com/file/file/commit/b8acc83781d5a24cc5101e525d15efe0482c280d
	- php5 5.6.0~beta4+dfsg-1 (low)
	NOTE: https://bugs.php.net/bug.php?id=67328
CVE-2014-0236 (file before 5.18, as used in the Fileinfo component in PHP before ...)
	- file 1:5.19-1
	[wheezy] - file <not-affected> (Introduced in 5.18)
	[squeeze] - file <not-affected> (Introduced in 5.18)
	- php5 5.6.0~beta4+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.php.net/bug.php?id=67329
CVE-2014-0235
	REJECTED
CVE-2014-0234
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2014-0233 (Red Hat OpenShift Enterprise 2.0 and 2.1 and OpenShift Origin allow ...)
	NOT-FOR-US: OpenShift
CVE-2014-0232 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Apache OFBiz
CVE-2014-0231 (The mod_cgid module in the Apache HTTP Server before 2.4.10 does not ...)
	{DSA-2989-1 DLA-66-1}
	- apache2 2.4.10-1
CVE-2014-0230 (Apache Tomcat 6.x before 6.0.44, 7.x before 7.0.55, and 8.x before ...)
	{DSA-3530-1 DLA-232-1}
	- tomcat6 6.0.41-3 (bug #785316)
	- tomcat7 7.0.55-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	- tomcat8 8.0.9-1
	NOTE: tomcat6 in jessie only builds the servlet API classes
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1603781 (7.x)
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1659537 (6.x)
CVE-2014-0229 (Apache Hadoop 0.23.x before 0.23.11 and 2.x before 2.4.1, as used in ...)
	NOT-FOR-US: Hadoop as packaged by Cloudera
CVE-2014-0228 (Apache Hive before 0.13.1, when in SQL standards based authorization ...)
	NOT-FOR-US: Apache Hive
CVE-2014-0227 (java/org/apache/coyote/http11/filters/ChunkedInputFilter.java in ...)
	{DSA-3530-1 DLA-232-1}
	- tomcat6 6.0.41-3 (bug #785312)
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1603628 (6.x)
	NOTE: Marked as fixed in 6.0.41-3 which only builds the libservlet2.5-java and libservlet2.5-java-doc packages
	- tomcat7 7.0.55-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601333 (7.x)
	- tomcat8 8.0.9-1
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1600984 (8.x)
	NOTE: Fixed in https://svn.apache.org/viewvc?view=revision&revision=1601332 (8.x)
CVE-2014-0226 (Race condition in the mod_status module in the Apache HTTP Server ...)
	{DSA-2989-1 DLA-66-1}
	- apache2 2.4.10-1
CVE-2014-0225 (When processing user provided XML documents, the Spring Framework ...)
	- libspring-java 3.0.6.RELEASE-14 (low; bug #753470)
	[squeeze] - libspring-java <no-dsa> (Minor issue)
	[wheezy] - libspring-java <no-dsa> (Minor issue)
CVE-2014-0224 (OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h ...)
	{DSA-2950-1 DLA-0008-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0223 (Integer overflow in the qcow_open function in block/qcow.c in QEMU ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-6 (bug #742730)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02156.html
CVE-2014-0222 (Integer overflow in the qcow_open function in block/qcow.c in QEMU ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-6 (bug #742730)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	- qemu-kvm <removed>
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2014-05/msg02155.html
CVE-2014-0221 (The dtls1_get_message_fragment function in d1_both.c in OpenSSL before ...)
	{DSA-2950-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0220 (Cloudera Manager before 4.8.3 and 5.x before 5.0.1 allows remote ...)
	NOT-FOR-US: Cloudera Manager
CVE-2014-0219 (Apache Karaf enables a shutdown port on the loopback interface, which ...)
	- apache-karaf <itp> (bug #881297)
CVE-2014-0218 (Cross-site scripting (XSS) vulnerability in the URL downloader ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
CVE-2014-0217 (enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45126
CVE-2014-0216 (The My Home implementation in the block_html_pluginfile function in ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43877
CVE-2014-0215 (The blind-marking implementation in Moodle through 2.3.11, 2.4.x ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44750
CVE-2014-0214 (login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43119
CVE-2014-0213 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- moodle 2.6.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44606
CVE-2014-0212 [on-demand ACL policy loading enables a denial of service by consuming all available file descriptors]
	RESERVED
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
	NOTE: Upstream issue: https://issues.apache.org/jira/browse/QPID-4938
	NOTE: Commit which does no longer build acl support only as plugin: https://svn.apache.org/viewvc?view=revision&revision=r1494697
CVE-2014-0211 (Multiple integer overflows in the (1) fs_get_reply, (2) ...)
	{DSA-2927-1}
	- libxfont 1:1.4.7-2 (unimportant)
	NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1
CVE-2014-0210 (Multiple buffer overflows in X.Org libXfont before 1.4.8 and 1.4.9x ...)
	{DSA-2927-1}
	- libxfont 1:1.4.7-2 (unimportant)
	NOTE: unimportant, as source affected but libxfont has disabled support to connect to font server since 1:1.4.7-1
CVE-2014-0209 (Multiple integer overflows in the (1) FontFileAddEntry and (2) ...)
	{DSA-2927-1}
	- libxfont 1:1.4.7-2
CVE-2014-0208 (Cross-site scripting (XSS) vulnerability in the search auto-completion ...)
	- foreman <itp> (bug #663101)
CVE-2014-0207 (The cdf_read_short_sector function in cdf.c in file before 5.19, as ...)
	{DSA-3021-1 DSA-2974-1 DLA-27-1 DLA-0018-1}
	- file 1:5.19-1
	[squeeze] - file 5.04-5+squeeze6
	NOTE: fixed as part of https://github.com/file/file/commit/6d209c1c489457397a5763bca4b28e43aac90391#diff-0
	- php5 5.6.0~beta4+dfsg-1
	[squeeze] - php5 5.3.3-7+squeeze21
	NOTE: https://bugs.php.net/bug.php?id=67326
CVE-2014-0206 (Array index error in the aio_read_events_ring function in fs/aio.c in ...)
	- linux 3.14.10-1
	[wheezy] - linux <not-affected> (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797)
	- linux-2.6 <not-affected> (introduced by a31ad380bed817aa25f8830ad23e1a0480fef797)
	NOTE: Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a31ad380bed817aa25f8830ad23e1a0480fef797 (v3.10)
	NOTE: Upstream patches: https://lkml.org/lkml/2014/6/24/619 https://lkml.org/lkml/2014/6/24/623
CVE-2014-0205 (The futex_wait function in kernel/futex.c in the Linux kernel before ...)
	- linux 2.6.37
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 2.6.32-28
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7ada876a8703f23befbb20a7465a702ee39b1704 (v2.6.37)
	NOTE: https://lkml.org/lkml/2010/9/16/99
	NOTE: Introduced in f801073f87aa2 (around 2.6.31) according to SuSE Bugzilla
CVE-2014-0204 (OpenStack Identity (Keystone) before 2014.1.1 does not properly handle ...)
	- keystone 2014.1-5 (bug #749026)
	[wheezy] - keystone <not-affected>
CVE-2014-0203 (The __do_follow_link function in fs/namei.c in the Linux kernel before ...)
	{DLA-0015-1}
	- linux 2.6.33-1
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	NOTE: upstream fix: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=86acdca1b63e6890540fa19495cfc708beff3d8b (v2.6.33)
CVE-2014-0202 (The setup script in ovirt-engine-dwh, as used in the Red Hat ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0201 (ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0200 (The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0199 (The setup script in ovirt-engine-reports, as used in the Red Hat ...)
	NOT-FOR-US: ovirt / RHEV
CVE-2014-0198 (The do_ssl3_write function in s3_pkt.c in OpenSSL 1.x through 1.0.1g, ...)
	{DSA-2931-1}
	- openssl 1.0.1g-4 (bug #747432)
	[squeeze] - openssl <not-affected> (vulnerable code not present)
	NOTE: http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=3321
CVE-2014-0197
	RESERVED
	NOT-FOR-US: CloudForms Management Engine
CVE-2014-0196 (The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel ...)
	{DSA-2928-1 DSA-2926-1}
	- linux 3.14.4-1 (bug #747166)
	- linux-2.6 <removed>
	NOTE: PoC: http://pastebin.com/yTSFUBgZ
CVE-2014-0195 (The dtls1_reassemble_fragment function in d1_both.c in OpenSSL before ...)
	{DSA-2950-1 DLA-0003-1}
	- openssl 1.0.1h-1 (bug #750665)
	[squeeze] - openssl 0.9.8o-4squeeze15
CVE-2014-0194
	REJECTED
CVE-2014-0193 (WebSocket08FrameDecoder in Netty 3.6.x before 3.6.9, 3.7.x before ...)
	- netty <not-affected> (WebSocket08FrameDecoder function not present; bug #746639)
CVE-2014-0192 (Foreman 1.4.0 before 1.5.0 does not properly restrict access to ...)
	- foreman <itp> (bug #663101)
CVE-2014-0191 (The xmlParserHandlePEReference function in parser.c in libxml2 before ...)
	{DSA-2978-2 DLA-151-1}
	- libxml2 2.9.1+dfsg1-4 (bug #747309)
	NOTE: The upstream patch we used in DSA-2978-1 and DLA-16-1 is only half of the fix. The other half is likely https://git.gnome.org/browse/libxml2/commit/?id=4629ee02ac649c27f9c0cf98ba017c6b5526070f which is only in libxml 2.9 and newer. This was found out with the test case given in https://github.com/sparklemotion/nokogiri/issues/693#issuecomment-8935085.
	NOTE: First patches: https://git.gnome.org/browse/libxml2/commit/?id=9cd1c3cfbd32655d60572c0a413e017260c854df https://git.gnome.org/browse/libxml2/commit/?id=dd8367da17c2948981a51e52c8a6beb445edf825
CVE-2014-0190 (The GIF decoder in QtGui in Qt before 5.3 allows remote attackers to ...)
	- qt4-x11 4:4.8.6+dfsg-1 (low)
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://qt.gitorious.org/qt/qtbase/commit/eb1325047f2697d24e93ebaf924900affc876bc1
	NOTE: Possible squeeze backport in http://lists.debian.org/54ca4d0c.4696420a.0f32.4d29@mx.google.com
CVE-2014-0189 (virt-who uses world-readable permissions for /etc/sysconfig/virt-who, ...)
	NOT-FOR-US: RedHat virt-who
CVE-2014-0188 (The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, ...)
	NOT-FOR-US: OpenShift
CVE-2014-0187 (The openvswitch-agent process in OpenStack Neutron 2013.1 before ...)
	- neutron 2014.1.2-1
	NOTE: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff;h=68a24e5f908412b83ca7c3f2d2d2014678e79570
	NOTE: https://review.openstack.org/gitweb?p=openstack%2Fneutron.git;a=commitdiff;h=42a8539d497322716df0150c2123befd246d69d8
CVE-2014-0186 (A certain tomcat7 package for Apache Tomcat 7 in Red Hat Enterprise ...)
	- tomcat7 <not-affected> (RHEL-specific regression)
CVE-2014-0185 (sapi/fpm/fpm/fpm_unix.c in the FastCGI Process Manager (FPM) in PHP ...)
	{DSA-2943-1}
	- php5 5.5.12+dfsg-1
	[squeeze] - php5 <not-affected> (FPM SAPI only enabled in 5.3.5-1)
	NOTE: https://bugs.php.net/bug.php?id=67060
CVE-2014-0184 (Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 logs ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0183
	RESERVED
	NOT-FOR-US: Katello
CVE-2014-0182 (Heap-based buffer overflow in the virtio_load function in ...)
	- qemu 2.1+dfsg-1 (bug #739589)
	- qemu-kvm <removed>
	[wheezy] - qemu <no-dsa> (Too intrusive to backport, minor risk)
	[wheezy] - qemu-kvm <no-dsa> (Too intrusive to backport, minor risk)
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fix: http://git.qemu.org/?p=qemu.git;a=commit;h=a890a2f9137ac3cf5b607649e66a6f3a5512d8dc
	NOTE: Regression fix needed: http://git.qemu.org/?p=qemu.git;a=commit;h=2f5732e9648fcddc8759a8fd25c0b41a38352be6
CVE-2014-0181 (The Netlink implementation in the Linux kernel through 3.14.1 does not ...)
	- linux 3.14.9-1 (bug #746738)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport to 2.6.32)
	[wheezy] - linux <no-dsa> (Too intrusive to backport to 3.2)
CVE-2014-0180 (The wait_for_task function in ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0179 (libvirt 0.7.5 through 1.2.x before 1.2.5 allows local users to cause a ...)
	{DSA-3038-1}
	- libvirt 1.2.4-1 (unimportant)
	NOTE: no ACL mechanism in squeeze and wheezy and all access is root-equivalent
	NOTE: LSN-2014-0003: https://www.redhat.com/archives/libvir-list/2014-May/msg00209.html
CVE-2014-0178 (Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before ...)
	{DSA-2966-1}
	- samba 2:4.1.8+dfsg-1 (low)
	[squeeze] - samba <not-affected> (Vulnerable code not present)
	- samba4 4.0.0~beta2+dfsg1-3.2+deb7u2
	NOTE: server packages removed from src:samba4 in 4.0.0~beta2+dfsg1-3.2+deb7u2
CVE-2014-0177 (The am function in lib/hub/commands.rb in hub before 1.12.1 allows ...)
	NOT-FOR-US: Github client
CVE-2014-0176 (Cross-site scripting (XSS) vulnerability in application/panel_control ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0175 [default password set at install]
	RESERVED
	- mcollective <unfixed> (unimportant)
	NOTE: Password rotation is documented in README.Debian
CVE-2014-0174 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
	NOT-FOR-US: Cumin
CVE-2014-0173 (The Jetpack plugin before 1.9 before 1.9.4, 2.0.x before 2.0.9, 2.1.x ...)
	NOT-FOR-US: WordPress plugin Jetpack
CVE-2014-0172 (Integer overflow in the check_section function in dwarf_begin_elf.c in ...)
	- elfutils 0.158-1 (low; bug #744017)
	[squeeze] - elfutils <not-affected> (Affected code introduced in 0.153)
	[wheezy] - elfutils <not-affected> (Affected code introduced in 0.153)
CVE-2014-0171 (XML external entity (XXE) vulnerability in StaxXMLFactoryProvider2 in ...)
	NOT-FOR-US: Odata4j
CVE-2014-0170 (Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data ...)
	NOT-FOR-US: Teiid
CVE-2014-0169
	RESERVED
	NOT-FOR-US: JBoss EAP
CVE-2014-0168 (Cross-site request forgery (CSRF) vulnerability in Jolokia before ...)
	NOT-FOR-US: Jolokia
CVE-2014-0167 (The Nova EC2 API security group implementation in OpenStack Compute ...)
	- nova 2013.2.3-1 (bug #744051)
	[wheezy] - nova <not-affected> (Only affects 2013.1 to 2013.2.3)
CVE-2014-0166 (The wp_validate_auth_cookie function in wp-includes/pluggable.php in ...)
	{DSA-2901-1}
	- wordpress 3.8.2+dfsg-1 (bug #744018)
CVE-2014-0165 (WordPress before 3.7.2 and 3.8.x before 3.8.2 allows remote ...)
	{DSA-2901-1}
	- wordpress 3.8.2+dfsg-1 (bug #744018)
CVE-2014-0164 (openshift-origin-broker-util, as used in Red Hat OpenShift Enterprise ...)
	- mcollective 1.2.1+dfsg-2
CVE-2014-0163
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2014-0162 (The Sheepdog backend in OpenStack Image Registry and Delivery Service ...)
	- glance 2014.1-1
	[wheezy] - glance <not-affected> (Only affects 2013.2 to 2013.2.3)
CVE-2014-0161
	RESERVED
	NOT-FOR-US: ovirt-engine-sdk-python
CVE-2014-0160 (The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before ...)
	{DSA-2896-1}
	- openssl 1.0.1g-1 (bug #743883)
	[squeeze] - openssl <not-affected> (vulnerable code introduced in upstream commit 4817504)
	NOTE: fix: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=96db902
	NOTE: http://www.openssl.org/news/secadv/20140407.txt
	NOTE: system reboot is recommended after the upgrade
CVE-2014-0159 (Buffer overflow in the GetStatistics64 remote procedure call (RPC) in ...)
	{DSA-2899-1}
	- openafs 1.6.7-1
CVE-2014-0157 (Cross-site scripting (XSS) vulnerability in the Horizon Orchestration ...)
	- horizon 2013.2.3-1 (bug #744019)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
CVE-2014-0156
	RESERVED
CVE-2014-0155 (The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel ...)
	- linux 3.14.4-1 (low)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: fix: https://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=5678de3f15010b9022ee45673f33bcfc71d47b60
CVE-2014-0154 (oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a ...)
	NOT-FOR-US: oVirt web admin interface
CVE-2014-0153 (The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 ...)
	NOT-FOR-US: oVirt REST API
CVE-2014-0152 (Session fixation vulnerability in the web admin interface in oVirt ...)
	NOT-FOR-US: oVirt web admin interface
CVE-2014-0151 (Cross-site request forgery (CSRF) vulnerability in oVirt Engine before ...)
	NOT-FOR-US: ovirt
CVE-2014-0150 (Integer overflow in the virtio_net_handle_mac function in ...)
	{DSA-2910-1 DSA-2909-1}
	- qemu 1.7.0+dfsg-8 (bug #744221)
	- qemu-kvm <removed>
CVE-2014-0149 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss ...)
	NOT-FOR-US: JBoss Seam
CVE-2014-0148
	RESERVED
	- qemu 2.0.0+dfsg-1 (bug #742730)
	[squeeze] - qemu <not-affected> (vhdx support introduced in 1.5)
	[wheezy] - qemu <not-affected> (vhdx support introduced in 1.5)
	- qemu-kvm <not-affected> (vhdx support introduced in 1.5)
CVE-2014-0147
	RESERVED
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0146 (The qcow2_open function in the (block/qcow2.c) in QEMU before 1.7.2 ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Upstream commit: http://git.qemu.org/?p=qemu.git;a=commit;h=11b128f4062dd7f89b14abc8877ff20d41b28be9
CVE-2014-0145 (Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0144
	RESERVED
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0143 (Multiple integer overflows in the block drivers in QEMU, possibly ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0142 (QEMU, possibly before 2.0.0, allows local users to cause a denial of ...)
	{DSA-3045-1 DSA-3044-1}
	- qemu 2.0.0+dfsg-1 (bug #742730)
	- qemu-kvm <removed>
	[squeeze] - qemu <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - qemu-kvm <end-of-life> (Unsupported in squeeze-lts)
CVE-2014-0141 (Cross-site scripting (XSS) vulnerability in Red Hat Satellite 6.0.3. ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2014-0140 (Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows ...)
	NOT-FOR-US: Red Hat CloudForms Management Engine
CVE-2014-0139 (cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, ...)
	{DSA-2902-1}
	- curl 7.36.0-1 (bug #742728)
	NOTE: http://curl.haxx.se/libcurl-reject-cert-ip-wildcards.patch
CVE-2014-0138 (The default configuration in cURL and libcurl 7.10.6 before 7.36.0 ...)
	{DSA-2902-1}
	- curl 7.36.0-1 (bug #742728)
	NOTE: http://curl.haxx.se/libcurl-bad-reuse.patch
CVE-2014-0137 (SQL injection vulnerability in the saved_report_delete action in the ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0136 (The (1) get and (2) log methods in the AgentController in Red Hat ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0135 (Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses ...)
	NOT-FOR-US: Kafo
	NOTE: Might be packaged after foreman (ITP bug #663101)
CVE-2014-0134 (The instance rescue mode in OpenStack Compute (Nova) 2013.2 before ...)
	- nova 2013.2.2-4 (bug #742712)
	[wheezy] - nova <not-affected> (Introduced in Grizzly)
	NOTE: https://launchpad.net/bugs/1221190
CVE-2014-0133 (Heap-based buffer overflow in the SPDY implementation in nginx 1.3.15 ...)
	- nginx 1.4.7-1 (unimportant; bug #742059)
	[wheezy] - nginx <not-affected> (Vulnerable code not present)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
	NOTE: ngx_http_spdy_module introduced in 1.3.15
	NOTE: Debian compiles with --with-http_spdy_module, but also with --with-debug
CVE-2014-0132 (The SASL authentication functionality in 389 Directory Server before ...)
	- 389-ds-base 1.3.2.9-1.1 (bug #741600)
CVE-2014-0131 (Use-after-free vulnerability in the skb_segment function in ...)
	- linux 3.13.6-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Introduced in 3.1)
	NOTE: http://marc.info/?l=linux-netdev&m=139446896921968&w=2
CVE-2014-0130 (Directory traversal vulnerability in ...)
	{DSA-2929-1}
	- ruby-actionpack-2.3 <not-affected> (Vulnerable code not present)
	- ruby-actionpack-3.2 <removed> (bug #747382)
	- rails-3.2 3.2.18-1 (bug #747382)
	- rails-4.0 <removed> (bug #747380)
CVE-2014-0129 (badges/mybadges.php in Moodle 2.5.x before 2.5.5 and 2.6.x before ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44140
CVE-2014-0128 (Squid 3.1 before 3.3.12 and 3.4 before 3.4.4, when SSL-Bump is ...)
	- squid <not-affected> (All Squid-3.0 and older versions not vulnerable)
	- squid3 3.4.8-1 (unimportant; bug #741312)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2014_1.txt
	NOTE: only affects package rebuilds with --enable-ssl by users
CVE-2014-0127 (The time-validation implementation in (1) mod/feedback/complete.php ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43656
CVE-2014-0126 (Cross-site request forgery (CSRF) vulnerability in ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43146
CVE-2014-0125 (repository/alfresco/lib.php in Moodle through 2.3.11, 2.4.x before ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29409
CVE-2014-0124 (The identity-reporting implementations in mod/forum/renderer.php and ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43916
CVE-2014-0123 (The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39990
	NOTE: squeeze version unaffected due to lack of fine-grained access control?
CVE-2014-0122 (mod/chat/chat_ajax.php in Moodle through 2.3.11, 2.4.x before 2.4.9, ...)
	- moodle 2.6.2-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-44082
CVE-2014-0121 (The admin terminal in Hawt.io does not require authentication, which ...)
	NOT-FOR-US: hawtio-karaf-terminal
CVE-2014-0120 (Cross-site request forgery (CSRF) vulnerability in the admin terminal ...)
	NOT-FOR-US: hawtio-karaf-terminal
CVE-2014-0119 (Apache Tomcat before 6.0.40, 7.x before 7.0.54, and 8.x before 8.0.6 ...)
	{DSA-3530-1}
	- tomcat8 8.0.8-1
	- tomcat7 7.0.54-1
	- tomcat6 6.0.41-1
	[wheezy] - tomcat7 7.0.28-4+deb7u4
CVE-2014-0118 (The deflate_in_filter function in mod_deflate.c in the mod_deflate ...)
	{DSA-2989-1 DLA-66-1}
	- apache2 2.4.10-1
CVE-2014-0117 (The mod_proxy module in the Apache HTTP Server 2.4.x before 2.4.10, ...)
	- apache2 2.4.10-1
	[squeeze] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
	[wheezy] - apache2 <not-affected> (Affects 2.4.6 to 2.4.9)
CVE-2014-0116 (CookieInterceptor in Apache Struts 2.x before 2.3.16.3, when a ...)
	- libstruts1.2-java <not-affected> (Struts 2.0.0 through to Struts 2.3.16.2)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-022
CVE-2014-0115 (Directory traversal vulnerability in the log viewer in Apache Storm ...)
	NOT-FOR-US: Apache Storm
CVE-2014-0114 (Apache Commons BeanUtils, as distributed in ...)
	{DSA-2940-1 DLA-57-1}
	- libstruts1.2-java 1.2.9-9 (bug #745897)
	NOTE: http://mail-archives.apache.org/mod_mbox/struts-announcements/201404.mbox/%3C535F5F52.4040108%40apache.org%3E
	- commons-beanutils 1.9.2-1 (low)
	[wheezy] - commons-beanutils <no-dsa> (Too intrusive to backport; might break existing apps)
	[squeeze] - commons-beanutils <no-dsa> (Too intrusive to backport; might break existing apps)
	NOTE: https://issues.apache.org/jira/browse/BEANUTILS-463
CVE-2014-0113 (CookieInterceptor in Apache Struts before 2.3.16.2, when a wildcard ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
	NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
CVE-2014-0112 (ParametersInterceptor in Apache Struts before 2.3.16.2 does not ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
	NOTE: https://struts.apache.org/release/2.3.x/docs/s2-021.html
CVE-2014-0111 (Apache Syncope 1.0.0 before 1.0.9 and 1.1.0 before 1.1.7 allows remote ...)
	NOT-FOR-US: Apache Syncope
CVE-2014-0110 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote ...)
	NOT-FOR-US: Apache CXF
CVE-2014-0109 (Apache CXF before 2.6.14 and 2.7.x before 2.7.11 allows remote ...)
	NOT-FOR-US: Apache CXF
CVE-2014-0108
	REJECTED
CVE-2014-0107 (The TransformerFactory in Apache Xalan-Java before 2.7.2 does not ...)
	{DSA-2886-1}
	- libxalan2-java 2.7.1-9 (bug #742577)
	NOTE: https://issues.apache.org/jira/browse/XALANJ-2435
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1581058
CVE-2014-0106 (Sudo 1.6.9 before 1.8.5, when env_reset is disabled, does not properly ...)
	{DLA-160-1}
	- sudo 1.8.5p2-1 (low)
	[squeeze] - sudo <no-dsa> (environment sanitising is enabled by default and turning it off in insecure anyway)
	NOTE: http://www.sudo.ws/sudo/alerts/env_add.html
CVE-2014-0105 (The auth_token middleware in the OpenStack Python client library for ...)
	- python-keystoneclient 1:0.6.0-4 (low; bug #742898)
	[wheezy] - python-keystoneclient <not-affected> (Vulnerable code yet in src:keystone)
	- keystone 2013.1.1-2
	[wheezy] - keystone <no-dsa> (Minor issue)
	NOTE: From 2013.1.1-2 the auth_token.py is in python-keystoneclient
CVE-2014-0104
	RESERVED
	- fence-agents 4.0.17-1 (low; bug #764801)
	[jessie] - fence-agents <no-dsa> (Minor issue)
	[wheezy] - fence-agents <no-dsa> (Minor issue)
CVE-2014-0103 (WebAccess in Zarafa before 7.1.10 and WebApp before 1.6 stores ...)
	- zarafa <itp> (bug #658433)
CVE-2014-0102 (The keyring_detect_cycle_iterator function in security/keys/keyring.c ...)
	- linux 3.13.6-1
	[wheezy] - linux <not-affected> (Introduced in v3.13)
	- linux-2.6 <not-affected> (Introduced in v3.13)
	NOTE: Introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b2a4df200d570b2c33a57e1ebfa5896e4bc81b69
	NOTE: patch: http://www.kernelhub.org/?msg=425013&p=2
CVE-2014-0101 (The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the ...)
	{DSA-2906-1}
	- linux 3.13.6-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed>
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bbd0d59809f923ea2b540cbd781b32110e249f6e
	NOTE: http://patchwork.ozlabs.org/patch/325898/
CVE-2014-0100 (Race condition in the inet_frag_intern function in ...)
	- linux 3.13.6-1
	[wheezy] - linux <not-affected> (Introduced in v3.9)
	- linux-2.6 <not-affected> (Introduced in v3.9)
	NOTE: Introduced by https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3ef0eb0db4bf92c6d2510fe5c4dc51852746f206
	NOTE: http://patchwork.ozlabs.org/patch/325844/
CVE-2014-0099 (Integer overflow in java/org/apache/tomcat/util/buf/Ascii.java in ...)
	{DSA-3530-1}
	- tomcat8 8.0.5-1
	- tomcat7 7.0.53-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	- tomcat6 6.0.41-1
	NOTE: http://svn.apache.org/r1578814
CVE-2014-0098 (The log_cookie function in mod_log_config.c in the mod_log_config ...)
	- apache2 2.4.9-1
	[squeeze] - apache2 <not-affected> (Vulnerable code not present)
	[wheezy] - apache2 <not-affected> (Vulnerable code not present)
	NOTE: Looks like it was introduced in 2.2.23 which would mean that squeeze+wheezy are not affected. sf: waiting for confirmation.
CVE-2014-0097 (The ActiveDirectoryLdapAuthenticator in Spring Security 3.2.0 to 3.2.1 ...)
	- libspring-java <not-affected> (ActiveDirectoryLdapAuthenticator not yet present, introduced in 3.1)
CVE-2014-0096 (java/org/apache/catalina/servlets/DefaultServlet.java in the default ...)
	{DSA-3530-1}
	- tomcat8 8.0.5-1
	- tomcat7 7.0.53-1
	- tomcat6 6.0.41-1
	[wheezy] - tomcat7 7.0.28-4+deb7u4
CVE-2014-0095 (java/org/apache/coyote/ajp/AbstractAjpProcessor.java in Apache Tomcat ...)
	- tomcat8 8.0.5-1
CVE-2014-0094 (The ParametersInterceptor in Apache Struts before 2.3.16.1 allows ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.16)
CVE-2014-0093 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.2, when ...)
	NOT-FOR-US: JBoss EAP
CVE-2014-0092 (lib/x509/verify.c in GnuTLS before 3.1.22 and 3.2.x before 3.2.12 does ...)
	{DSA-2869-1}
	- gnutls26 2.12.23-13
	- gnutls28 3.2.11-2
	NOTE: http://gnutls.org/security.html#GNUTLS-SA-2014-2
CVE-2014-0091
	RESERVED
	- foreman <itp> (bug #663101)
CVE-2014-0090 (Session fixation vulnerability in Foreman before 1.4.2 allows remote ...)
	- foreman <itp> (bug #663101)
CVE-2014-0089 (Cross-site scripting (XSS) vulnerability in ...)
	- foreman <itp> (bug #663101)
CVE-2014-0088 (The SPDY implementation in the ngx_http_spdy_module module in nginx ...)
	- nginx <not-affected> (Only affects 1.5.10)
CVE-2014-0087 (The check_privileges method in ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0086 (The doFilter function in webapp/PushHandlerFilter.java in JBoss ...)
	NOT-FOR-US: RichFaces
	NOTE: https://github.com/richfaces/richfaces/commit/4115c103f74e7cb0af6d392e22866e52db2bc4e7
	NOTE: https://issues.jboss.org/browse/RF-13250
CVE-2014-0085 (Apache Zookeeper logs cleartext admin passwords, which allows local ...)
	NOT-FOR-US: Fuse Fabric
CVE-2014-0084
	RESERVED
	NOT-FOR-US: rubygem-openshift-origin-node
CVE-2014-0083 [SSHA passwords generated by the net-ldap Ruby gem use a weak salt]
	RESERVED
	- ruby-net-ldap <not-affected> (SSHA support not present)
	NOTE: SSHA support only from version v0.5.0, see #742706
CVE-2014-0082 (actionpack/lib/action_view/template/text.rb in Action View in Ruby on ...)
	{DSA-2929-1}
	- rails-4.0 <not-affected> (only 3.2.x and earlier)
	- rails-3.2 3.2.17-1
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- rails 2.3.14.1
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0081 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-2929-1}
	- rails-4.0 <removed>
	- rails-3.2 3.2.17-1
	- ruby-actionpack-3.2 <removed>
	- ruby-actionpack-2.3 <removed>
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- rails 2.3.14.1
	[squeeze] - rails <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2014-0080 (SQL injection vulnerability in ...)
	- rails-4.0 <removed>
	- ruby-activerecord-3.2 <not-affected> (affects only rails 4.0.x)
	- ruby-activerecord-2.3 <not-affected> (affects only rails 4.0.x)
	- rails <not-affected> (affects only rails 4.0.x)
CVE-2014-0079 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
	NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0078 (The CatalogController in Red Hat CloudForms Management Engine (CFME) ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0077 (drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable ...)
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: seems introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
	NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
CVE-2014-0076 (The Montgomery ladder implementation in OpenSSL through 1.0.0l does ...)
	{DSA-2908-1 DLA-0003-1}
	- openssl 1.0.1g-1 (low; bug #742923)
	[squeeze] - openssl 0.9.8o-4squeeze15
	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=f9b6c0ba4c02497782f801e3c45688f3efaac55c
CVE-2014-0075 (Integer overflow in the parseChunkHeader function in ...)
	{DSA-3530-1}
	- tomcat8 8.0.5-1
	- tomcat7 7.0.53-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	- tomcat6 6.0.41-1
CVE-2014-0074 (Apache Shiro 1.x before 1.2.3, when using an LDAP server with ...)
	- shiro 1.2.3-1
CVE-2014-0073 (The CDVInAppBrowser class in the Apache Cordova In-App-Browser ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-0072 (ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone ...)
	NOT-FOR-US: Apache Cordova
CVE-2014-0071 (PackStack in Red Hat OpenStack 4.0 does not enforce the default ...)
	- neutron 2014.1-1
CVE-2014-0070
	REJECTED
CVE-2014-0069 (The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel ...)
	- linux 3.13.6-1 (bug #741958)
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Only affects 2.6.38 and later)
	NOTE: http://article.gmane.org/gmane.linux.kernel.cifs/9401
	NOTE: upstream fix 5d81de8e8667da7135d3a32a964087c0faf5483f included in v3.14-rc4
CVE-2014-0068
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2014-0067 (The &quot;make check&quot; command for the test suites in PostgreSQL 9.3.3 and ...)
	{DSA-2865-1 DSA-2864-1 DLA-0019-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0066 (The chkpass extension in PostgreSQL before 8.4.20, 9.0.x before ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0065 (Multiple buffer overflows in PostgreSQL before 8.4.20, 9.0.x before ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0064 (Multiple integer overflows in the path_in and other unspecified ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0063 (Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0062 (Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0061 (The validator functions for the procedural languages (PLs) in ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.12-1 (low)
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 8.4.20-0wheezy1
	- postgresql-9.3 9.3.3-1
	- postgresql-plsh 1.20140221-1
	[wheezy] - postgresql-plsh <no-dsa> (Minor issue)
	[squeeze] - postgresql-plsh <no-dsa> (Minor issue)
CVE-2014-0060 (PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, ...)
	{DSA-2865-1 DSA-2864-1}
	- postgresql-9.1 9.1.11-2
	- postgresql-8.4 <removed>
	[wheezy] - postgresql-8.4 <not-affected> (postgresql-8.4 in wheezy only provides PL/Perl)
	- postgresql-9.3 9.3.3-1
CVE-2014-0059 (JBoss SX and PicketBox, as used in Red Hat JBoss Enterprise ...)
	NOT-FOR-US: JBossSX
CVE-2014-0058 (The security audit functionality in Red Hat JBoss Enterprise ...)
	NOT-FOR-US: JBoss EAP
CVE-2014-0057 (The x_button method in the ServiceController ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2014-0056 (The l3-agent in OpenStack Neutron 2012.2 before 2013.2.3 does not ...)
	- neutron 2013.2.2-4 (bug #742800)
CVE-2014-0055 (The get_rx_bufs function in drivers/vhost/net.c in the vhost-net ...)
	- linux 3.13.10-1
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: introduced in https://github.com/torvalds/linux/commit/8dd014adfea6f173c1ef6378f7e5e7924866c923
	NOTE: qemu is built with support for vhost_net, module loaded post-wheezy when linux < 3.4 but root:root 0600
CVE-2014-0054 (The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring ...)
	{DSA-2890-1}
	- libspring-java 3.0.6.RELEASE-13 (bug #741604)
CVE-2014-0053 (The default configuration of the Resources plugin 1.0.0 before 1.2.6 ...)
	- grails <itp> (bug #473213)
CVE-2014-0052
	REJECTED
CVE-2014-0051
	REJECTED
CVE-2014-0050 (MultipartStream.java in Apache Commons FileUpload before 1.3.1, as ...)
	{DSA-2897-1 DSA-2856-1}
	- libcommons-fileupload-java 1.3.1-1
	- tomcat7 7.0.52-1
	- tomcat6 <not-affected> (access to Manager application limited to authenticated administrators)
	NOTE: http://svn.apache.org/viewvc?view=revision&revision=1565169
	NOTE: CVE might be splitted
CVE-2014-0049 (Buffer overflow in the complete_emulated_mmio function in ...)
	- linux 3.13.6-1
	[wheezy] - linux <not-affected> (Introduced in 3.5)
	- linux-2.6 <not-affected> (Introduced in 3.5)
	NOTE: fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a08d3b3b99efd509133946056531cdf8f3a0c09b
CVE-2014-0048 [multiple files downloaded over HTTP and executed or used unsafely]
	RESERVED
	- docker.io 1.6.0+dfsg1-1
	NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0047 (Docker before 1.5 allows local users to have unspecified impact via ...)
	- docker.io 1.6.0+dfsg1-1
	NOTE: According to Red Hat bug no longer present in 1.5
CVE-2014-0046 (Cross-site scripting (XSS) vulnerability in the link-to helper in ...)
	NOT-FOR-US: ember.js
CVE-2014-0045 (The needSamples method in AudioOutputSpeech.cpp in the client in ...)
	{DSA-2854-1}
	- mumble 1.2.4-0.2 (bug #737739)
	[squeeze] - mumble <not-affected> (Opus support not present)
CVE-2014-0044 (The opus_packet_get_samples_per_frame function in client in Mumble ...)
	{DSA-2854-1}
	- mumble 1.2.4-0.2 (bug #737739)
	[squeeze] - mumble <not-affected> (Opus support not present)
CVE-2014-0043 (In Apache Wicket 1.5.10 or 6.13.0, by issuing requests to special urls ...)
	NOT-FOR-US: Apache Wicket
CVE-2014-0042 (OpenStack Heat Templates (heat-templates), as used in Red Hat ...)
	NOT-FOR-US: openstack-heat-templates
CVE-2014-0041 (OpenStack Heat Templates (heat-templates), as used in Red Hat ...)
	NOT-FOR-US: openstack-heat-templates
CVE-2014-0040 (OpenStack Heat Templates (heat-templates), as used in Red Hat ...)
	NOT-FOR-US: openstack-heat-templates
CVE-2014-0039 (Untrusted search path vulnerability in fwsnort before 1.6.4, when not ...)
	- fwsnort 1.6.4-1 (low; bug #737495)
	[wheezy] - fwsnort <no-dsa> (Minor issue)
	[squeeze] - fwsnort <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/mrash/fwsnort/commit/fa977453120cc48e1654f373311f9cac468d3348
CVE-2014-0038 (The compat_sys_recvmmsg function in net/compat.c in the Linux kernel ...)
	- linux 3.13.4-1 (unimportant)
	[wheezy] - linux <not-affected> (Introduced in 3.4+)
	- linux-2.6 <not-affected> (Introduced in 3.4+)
	NOTE: introduced by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/compat.c?id=ee4fa23c4bfcc635d077a9633d405610de45bc70
	NOTE: Debian does not enable CONFIG_X86_X32, see #708070
CVE-2014-0037 (The ValidateUserLogon function in provider/libserver/ECSession.cpp in ...)
	NOT-FOR-US: Zarafa Collaboration Platform
CVE-2014-0036 (The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with ...)
	NOT-FOR-US: rbovirt
CVE-2014-0035 (The SymmetricBinding in Apache CXF before 2.6.13 and 2.7.x before ...)
	NOT-FOR-US: Apache CFX
CVE-2014-0034 (The SecurityTokenService (STS) in Apache CXF before 2.6.12 and 2.7.x ...)
	NOT-FOR-US: Apache CFX
CVE-2014-0033 (org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat ...)
	{DSA-3530-1 DLA-91-1}
	- tomcat6 6.0.39
CVE-2014-0032 (The get_resource function in repos.c in the mod_dav_svn module in ...)
	{DLA-207-1}
	- subversion 1.8.8-1 (low; bug #737815)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u5
CVE-2014-0031 (The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache ...)
	NOT-FOR-US: Apache CloudStack
CVE-2014-0030 (The XML-RPC protocol support in Apache Roller before 5.0.3 allows ...)
	NOT-FOR-US: Apache Roller
CVE-2014-0029 (Multiple cross-site scripting (XSS) vulnerabilities in the SAM web ...)
	NOT-FOR-US: Katello
CVE-2014-0028 (libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to ...)
	- libvirt 1.2.1-1
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
	NOTE: https://www.redhat.com/archives/libvir-list/2014-January/msg00684.html
CVE-2014-0027 (The play_wave_from_socket function in audio/auserver.c in Flite 1.4 ...)
	- flite 1.4-release-8 (low; bug #734746)
	[wheezy] - flite <no-dsa> (Minor issue)
	[squeeze] - flite <no-dsa> (Minor issue)
CVE-2014-0026
	RESERVED
	NOT-FOR-US: Katello
CVE-2014-0025
	REJECTED
CVE-2014-0024
	RESERVED
CVE-2014-0023
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2014-0022 (The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and ...)
	NOT-FOR-US: yum cron
CVE-2014-0021 [traffic amplification in cmdmon protocol]
	RESERVED
	- chrony 1.29.1-1 (low; bug #737644)
	[squeeze] - chrony <no-dsa> (Minor issue)
	[wheezy] - chrony <no-dsa> (Minor issue)
CVE-2014-0020 (The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2014-0019 (Stack-based buffer overflow in socat 1.3.0.0 through 1.7.2.2 and ...)
	- socat 1.7.2.3-1 (low; bug #736993)
	[squeeze] - socat <no-dsa> (Minor issue)
	[wheezy] - socat <no-dsa> (Minor issue)
CVE-2014-0018 (Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
CVE-2014-0017 (The RAND_bytes function in libssh before 0.6.3, when forking is ...)
	{DSA-2879-1}
	- libssh 0.5.4-3
	NOTE: http://git.libssh.org/projects/libssh.git/commit/?id=e99246246b4061f7e71463f8806b9dcad65affa0
CVE-2014-0016 (stunnel before 5.00, when using fork threading, does not properly ...)
	- stunnel4 <not-affected> (Debian package compiled with --with-threads=pthread)
CVE-2014-0015 (cURL and libcurl 7.10.6 through 7.34.0, when more than one ...)
	{DSA-2849-1}
	- curl 7.35.0-1
CVE-2014-0014 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...)
	NOT-FOR-US: Ember.js
CVE-2014-0013 (Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, ...)
	NOT-FOR-US: Ember.js
CVE-2014-0012 (FileSystemBytecodeCache in Jinja2 2.7.2 does not properly create ...)
	- jinja2 2.7.2-2 (bug #734956)
	[squeeze] - jinja2 <not-affected> (introduced by fix in 2.7.2)
	[wheezy] - jinja2 <not-affected> (introduced by fix in 2.7.2)
	NOTE: introduced by https://github.com/mitsuhiko/jinja2/commit/acb672b6a179567632e032f547582f30fa2f4aa7
CVE-2014-0011 [ZRLE decoding bounds checking issue]
	RESERVED
	- tigervnc <not-affected> (Fixed before initial release in Debian)
	- vnc4 4.1.1+X4.3.0+t-1 (unimportant)
	NOTE: may affect related *VNC implementations if built with NDEBUG
	NOTE: e.g. vnc4 seems to have similar code in common/rfb/zrleDecode.h
	NOTE: starting with 4.1.1+X4.3.0+t-1 it's a transitional package
CVE-2014-0010 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- moodle 2.5.4-1
	[squeeze] - moodle <not-affected> (Code correctly checks session key)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42883
CVE-2014-0009 (course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, ...)
	- moodle 2.5.4-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-42643
CVE-2014-0008 (lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x ...)
	- moodle 2.5.4-1 (low)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36721
CVE-2014-0007 (The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows ...)
	- foreman <itp> (bug #663101)
CVE-2014-0006 (The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 ...)
	- swift 1.11.0-2 (low; bug #735582)
	[wheezy] - swift <no-dsa> (Minor issue)
CVE-2014-0005 (PicketBox and JBossSX, as used in Red Hat JBoss Enterprise Application ...)
	NOT-FOR-US: PicketBox/JBossSX
CVE-2014-0004 (Stack-based buffer overflow in udisks before 1.0.5 and 2.x before ...)
	{DSA-2872-1}
	- udisks2 2.1.3-1
	- udisks 1.0.5-1
CVE-2014-0003 (The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before ...)
	NOT-FOR-US: Apache Camel
CVE-2014-0002 (The XSLT component in Apache Camel before 2.11.4 and 2.12.x before ...)
	NOT-FOR-US: Apache Camel
CVE-2014-0001 (Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before ...)
	{DSA-2919-1 DLA-75-1}
	- mysql-5.1 <removed> (low)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
	- mysql-5.5 5.5.37-1 (low; bug #737596)
	- mariadb-5.5 5.5.35-1 (low; bug #737597)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1054592
	NOTE: http://bazaar.launchpad.net/~maria-captains/maria/5.5/revision/2502.565.64
CVE-2013-6985 (SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth ...)
	NOT-FOR-US: Enorth Webpublisher CMS
CVE-2013-6920 (Siemens SINAMICS S/G controllers with firmware before 4.6.11 do not ...)
	NOT-FOR-US: Siemens
CVE-2013-6919 (The default configuration of phpThumb before 1.7.12 has a false value ...)
	NOT-FOR-US: phpThumb
CVE-2013-6917
	RESERVED
CVE-2013-6916 (Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6915 (Cross-site scripting (XSS) vulnerability in the system-administration ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6914 (Cross-site scripting (XSS) vulnerability in a calendar component in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6913 (Cross-site scripting (XSS) vulnerability in a search component in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6912 (Cross-site scripting (XSS) vulnerability in a calendar component in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6911 (Cross-site scripting (XSS) vulnerability in the bulletin-board ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6910 (Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6909 (Cross-site scripting (XSS) vulnerability in a report component in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6908 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6907 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6906 (Cross-site scripting (XSS) vulnerability in a mail component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6905 (Cross-site scripting (XSS) vulnerability in a phone component in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6904 (Cross-site scripting (XSS) vulnerability in a note component in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6903 (Cross-site scripting (XSS) vulnerability in a schedule component in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6902 (Cross-site scripting (XSS) vulnerability in the Space function in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6901 (Cross-site scripting (XSS) vulnerability in the Space function in ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6900 (Cross-site scripting (XSS) vulnerability in the system-administration ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6918 (The web interface on the Satechi travel router 1.5, when Wi-Fi is used ...)
	NOT-FOR-US: Satechi travel router
CVE-2013-6899
	RESERVED
CVE-2013-6898
	RESERVED
CVE-2013-6897
	RESERVED
CVE-2013-6896
	RESERVED
CVE-2013-6895
	RESERVED
CVE-2013-6894
	RESERVED
CVE-2013-6893
	RESERVED
CVE-2013-6892 (WebSVN 2.3.3 allows remote authenticated users to read arbitrary files ...)
	{DSA-3137-1 DLA-136-1}
	- websvn 2.3.3-1.2 (bug #775682)
CVE-2013-6891 (lppasswd in CUPS before 1.7.1, when running with setuid privileges, ...)
	- cups 1.7.1-1
	[wheezy] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
	[squeeze] - cups <not-affected> (Vulnerable code introduced with 1.6.4)
	NOTE: https://www.cups.org/str.php?L4319
CVE-2013-6890 (denyhosts 2.6 uses an incorrect regular expression when analyzing ...)
	{DSA-2826-1}
	- denyhosts 2.6-10.1
CVE-2013-6889 (GNU Rush 1.7 does not properly drop privileges, which allows local ...)
	- rush 1.7+dfsg-4 (bug #733505)
	[wheezy] - rush 1.7+dfsg-1+deb7u1
CVE-2013-6888 (Uscan in devscripts before 2.13.9 allows remote attackers to execute ...)
	{DSA-2836-1}
	- devscripts 2.13.9
	[squeeze] - devscripts <no-dsa> (Minor issue)
CVE-2013-6887 (OpenJPEG 1.5.1 allows remote attackers to cause a denial of service ...)
	- openjpeg 1.5.2-1 (bug #731237)
	[wheezy] - openjpeg <not-affected> (Only affects 1.5)
	[squeeze] - openjpeg <not-affected> (Only affects 1.5)
CVE-2013-6886 (RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to ...)
	- vnc4 <not-affected> (Only affects 5.0.6, binaries in Debian version are not setuid root)
CVE-2013-6884 (The write-blocker in CRU Ditto Forensic FieldStation with firmware ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6883 (Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6882 (Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6881 (CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows ...)
	NOT-FOR-US: Ditto Forensic FieldStation
CVE-2013-6880
	RESERVED
	NOT-FOR-US: FlashCanvas
CVE-2013-6879
	RESERVED
	NOT-FOR-US: MijoSearch
CVE-2013-6878
	RESERVED
	NOT-FOR-US: MijoSearch
CVE-2013-6877 (Heap-based buffer overflow in RealNetworks RealPlayer before 17.0.4.61 ...)
	NOT-FOR-US: RealPlayer
CVE-2013-6876 (The (1) pty_init_terminal and (2) pipe_init_terminal functions in ...)
	- s3d 0.2.2-9 (unimportant)
	NOTE: http://hmarco.org/bugs/s3dvt_0.2.2-root-shell.html
	NOTE: Not running with elevated privileges in Debian packaging
CVE-2013-6875 (SQL injection vulnerability in functions/prepend_adm.php in Nagios ...)
	NOT-FOR-US: Nagios XI
CVE-2013-6874 (Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows ...)
	NOT-FOR-US: Vortex Light Alloy
CVE-2013-6873 (SQL injection vulnerability in Testa Online Test Management System ...)
	NOT-FOR-US: Testa Online Test Management System
CVE-2013-6872 (SQL injection vulnerability in managetimetracker.php in Collabtive ...)
	- collabtive 1.2-1 (low)
	[wheezy] - collabtive <no-dsa> (Minor issue)
CVE-2013-6871
	RESERVED
CVE-2013-6870 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk ...)
	NOT-FOR-US: Splunk Web
CVE-2012-6611
	RESERVED
CVE-2012-6610
	RESERVED
CVE-2012-6609
	RESERVED
CVE-2012-6608 (Cross-site scripting (XSS) vulnerability in xmlservices/E_book.php in ...)
	NOT-FOR-US: Elastix
CVE-2013-6885 (The microcode on AMD 16h 00h through 0Fh processors does not properly ...)
	{DSA-3128-1 DLA-155-1}
	- linux 3.14.2-1
	- linux-2.6 <removed>
	NOTE: https://lkml.org/lkml/2014/1/14/198
	NOTE: Linux commit: https://git.kernel.org/cgit/linux/kernel/git/tip/tip.git/commit/?id=3b56496865f9f7d9bcb2f93b44c63f274f08e3b6 (v3.14-rc1)
	NOTE: Might also be fixed in amd64-microcode, but details are not published (https://packages.qa.debian.org/a/amd64-microcode/news/20141218T224849Z.html)
	NOTE: and since this is fixed on the kernel-side, only track the kernel packages
CVE-2013-6857
	RESERVED
CVE-2013-6856
	RESERVED
CVE-2013-6855
	RESERVED
CVE-2013-6854
	RESERVED
CVE-2013-6853 (Cross-site scripting (XSS) vulnerability in clickstream.js in Y! ...)
	NOT-FOR-US: Y! Toolbar plugin
CVE-2013-6852 (Cross-site request forgery (CSRF) vulnerability in html/json.html on ...)
	NOT-FOR-US: Hewlett-Packard network equipment
CVE-2013-6851
	RESERVED
CVE-2013-6850
	RESERVED
CVE-2013-6849
	RESERVED
CVE-2013-6848
	RESERVED
CVE-2013-6847
	RESERVED
CVE-2013-6846
	RESERVED
CVE-2013-6845
	RESERVED
CVE-2013-6844
	RESERVED
CVE-2013-6843
	RESERVED
CVE-2013-6842
	RESERVED
CVE-2013-6841
	RESERVED
CVE-2013-6840 (Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 ...)
	NOT-FOR-US: Siemens COMOS
CVE-2013-6839 (SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and ...)
	NOT-FOR-US: InstantCMS
CVE-2013-6838 (An unspecified Enghouse Interactive Professional Services &quot;addon ...)
	NOT-FOR-US: IVR Pro/Contact Center (VIP2000)
CVE-2013-6837 (Cross-site scripting (XSS) vulnerability in the setTimeout function in ...)
	- web2py <removed> (unimportant)
	NOTE: python-web2py contains /usr/share/web2py/applications/examples/static/js/jquery.prettyPhoto.js
	NOTE: Only an example code
CVE-2013-6836 (Heap-based buffer overflow in the ms_escher_get_data function in ...)
	- gnumeric 1.12.9-1 (low)
	[wheezy] - gnumeric <no-dsa> (Minor issue)
	[squeeze] - gnumeric <no-dsa> (Minor issue)
	NOTE: https://projects.gnome.org/gnumeric/announcements/1.12/gnumeric-1.12.9.shtml
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=712772
CVE-2013-6835 (TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, ...)
	NOT-FOR-US: iOS
CVE-2013-6834 (The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in ...)
	- kfreebsd-9 <not-affected> (Only affects 10.x)
	- kfreebsd-8 <not-affected> (Only affects 10.x)
	- kfreebsd-10 10.0~svn258623-1 (bug #730519)
CVE-2013-6833 (The qls_eioctl function in sys/dev/qlxge/qls_ioctl.c in the kernel in ...)
	- kfreebsd-9 <not-affected> (Only affects 10.x)
	- kfreebsd-8 <not-affected> (Only affects 10.x)
	- kfreebsd-10 10.0~svn258623-1 (bug #730519)
CVE-2013-6832 (The nand_ioctl function in sys/dev/nand/nand_geom.c in the nand driver ...)
	- kfreebsd-9 <not-affected> (Only affects 10.x)
	- kfreebsd-8 <not-affected> (Only affects 10.x)
	- kfreebsd-10 10.0~svn258623-1 (bug #730518)
CVE-2013-6831 (PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6830 (admin/confnetworking.html in PineApp Mail-SeCure 3.70 and earlier on ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6829 (admin/confnetworking.html in PineApp Mail-SeCure allows remote ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6828 (admin/management.html in PineApp Mail-SeCure allows remote attackers ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6827 (Absolute path traversal vulnerability in admin/viewmsg.php in PineApp ...)
	NOT-FOR-US: PineApp Mail-SeCure
CVE-2013-6826 (cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet ...)
	NOT-FOR-US: Fortinet FortiAnalyzer
CVE-2013-6825 ((1) movescu.cc and (2) storescp.cc in dcmnet/apps/, (3) ...)
	- dcmtk <unfixed> (unimportant)
	NOTE: http://hmarco.org/bugs/dcmtk-3.6.1-privilege-escalation.html
	NOTE: Not running with elevated privileges in Debian packaging
	NOTE: http://git.dcmtk.org/web?p=dcmtk.git;a=commitdiff;h=beaf5a5c24101daeeafa48c375120b16197c9e95;hp=5349794c4c458c76609b7aeb53d0ca28cf9fe9f0
CVE-2013-6824 (Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 ...)
	- zabbix 1:2.2.0+dfsg-6 (low)
	[squeeze] - zabbix <no-dsa> (Minor issue)
	[wheezy] - zabbix <no-dsa> (Minor issue)
	NOTE: https://support.zabbix.com/browse/ZBX-7479
CVE-2013-6823 (GRMGApp in SAP NetWeaver allows remote attackers to bypass intended ...)
	NOT-FOR-US: SAP
CVE-2013-6822 (GRMGApp in SAP NetWeaver allows remote attackers to have unspecified ...)
	NOT-FOR-US: SAP
CVE-2013-6821 (Directory traversal vulnerability in the Exportability Check Service ...)
	NOT-FOR-US: SAP
CVE-2013-6820 (Unrestricted file upload vulnerability in the SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2013-6819 (Cross-site scripting (XSS) vulnerability in Performance Provider in ...)
	NOT-FOR-US: SAP
CVE-2013-6818 (SAP NetWeaver Logviewer 6.30, when running on Windows, allows remote ...)
	NOT-FOR-US: SAP
CVE-2013-6817 (Heap-based buffer overflow in SAP Network Interface Router (SAProuter) ...)
	NOT-FOR-US: SAP
CVE-2013-6816 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: SAP
CVE-2013-6815 (The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ...)
	NOT-FOR-US: SAP
CVE-2013-6814 (The J2EE Engine in SAP NetWeaver 6.40, 7.02, and earlier allows remote ...)
	NOT-FOR-US: SAP
CVE-2013-6813
	RESERVED
CVE-2013-6812 (The ONEDC app before 1.7 for iOS does not properly verify X.509 ...)
	NOT-FOR-US: ONEDC app
CVE-2013-6811
	RESERVED
CVE-2013-6810 (The server in Brocade Network Advisor before 12.1.0, as used in EMC ...)
	NOT-FOR-US: EMC Connectrix Manager Converged Network Edition
CVE-2013-6809 (Format string vulnerability in the client in Tftpd32 before 4.50 ...)
	NOT-FOR-US: Tftpd32
CVE-2013-6808 (Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ...)
	NOT-FOR-US: ZendTo
CVE-2012-6607 (The transform_save function in transform.c in Augeas before 1.0.0 ...)
	- augeas 1.0.0-1 (low)
	[squeeze] - augeas <no-dsa> (Minor issue)
	[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2013-6869 (SQL injection vulnerability in the SRTT_GET_COUNT_BEFORE_KEY_RFC ...)
	NOT-FOR-US: Sap NetWeaver
CVE-2013-6868 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6867 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6866 (SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6865 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6864 (Directory traversal vulnerability in SAP Sybase Adaptive Server ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6863 (SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6862 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6861 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6860 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6859 (SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6858 (Multiple cross-site scripting (XSS) vulnerabilities in OpenStack ...)
	- horizon 2013.2-2 (bug #730752)
	[wheezy] - horizon <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/openstack/horizon/commit/6179f70290783e55b10bbd4b3b7ee74db3f8ef70
CVE-2013-6807 (The client in OpenText Exceed OnDemand (EoD) 8 supports anonymous ...)
	NOT-FOR-US: OpenText Exceed OnDemand
CVE-2013-6806 (OpenText Exceed OnDemand (EoD) 8 allows man-in-the-middle attackers to ...)
	NOT-FOR-US: OpenText Exceed onDemand
CVE-2013-6805 (OpenText Exceed OnDemand (EoD) 8 uses weak encryption for passwords, ...)
	NOT-FOR-US: OpenText Exceed OnDemand
CVE-2013-6804 (Cross-site scripting (XSS) vulnerability in the Search module before ...)
	NOT-FOR-US: Jamroom Search module
CVE-2013-6803
	RESERVED
CVE-2013-6802 (Google Chrome before 31.0.1650.57 allows remote attackers to bypass ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6801 (Microsoft Word 2003 SP2 and SP3 on Windows XP SP3 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2013-6800 (An unspecified third-party database module for the Key Distribution ...)
	NOTE: Pointless split from CVE-2013-1418
CVE-2013-6799 (Apple Mac OS X 10.9 allows local users to cause a denial of service ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-6798 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
	NOT-FOR-US: BlackBerry Link
CVE-2013-6797 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2013-6796 (The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: DeepOfix
CVE-2013-6795 (The Updater in Rackspace Openstack Windows Guest Agent for XenServer ...)
	NOT-FOR-US: Rackspace Windows Agent and Updater
CVE-2013-6794 (Cross-site scripting (XSS) vulnerability in the Calendar module in ...)
	NOT-FOR-US: Olat
CVE-2013-6793 (Multiple cross-site scripting (XSS) vulnerabilities in the Calendar ...)
	NOT-FOR-US: Olat
CVE-2013-6792
	RESERVED
CVE-2013-6791 (Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 ...)
	NOT-FOR-US: Microsoft Enhanced Mitigation Experience Toolkit
CVE-2013-6790
	RESERVED
CVE-2013-6789 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports ...)
	- silverstripe <itp> (bug #528461)
CVE-2013-6788 (The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2013-6787 (SQL injection vulnerability in the check_user_password function in ...)
	NOT-FOR-US: Chamilo LMS
CVE-2013-6786 (Cross-site scripting (XSS) vulnerability in Allegro RomPager before ...)
	NOT-FOR-US: Allegro RomPager
CVE-2013-6785
	RESERVED
CVE-2013-6784
	RESERVED
CVE-2013-6783
	RESERVED
CVE-2013-6782
	RESERVED
CVE-2013-6781
	RESERVED
CVE-2013-6780 (Cross-site scripting (XSS) vulnerability in uploader.swf in the ...)
	- yui <removed> (low; bug #730104)
	[squeeze] - yui <no-dsa> (Not backportable, doesn't build from source in oldstable/stable)
	[wheezy] - yui <no-dsa> (Not backportable, doesn't build from source in oldstable/stable)
	- yui3 <not-affected>
	- moodle 2.5.3-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-6779
	RESERVED
CVE-2013-6778
	RESERVED
CVE-2013-6777
	RESERVED
CVE-2013-6776
	RESERVED
CVE-2013-6775 (The Chainfire SuperSU package before 1.69 for Android allows attackers ...)
	NOT-FOR-US: Chainfire SuperSU package
CVE-2013-6774 (Untrusted search path vulnerability in the ChainsDD Superuser package ...)
	NOT-FOR-US: Chainfire SuperSU package
CVE-2013-6773
	RESERVED
CVE-2013-6772
	RESERVED
CVE-2013-6771 (Directory traversal vulnerability in the collect script in Splunk ...)
	NOT-FOR-US: Splunk
CVE-2013-6770 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for ...)
	NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6769 (The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for ...)
	NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6768 (Untrusted search path vulnerability in the ...)
	NOT-FOR-US: CyanogenMod/ClockWorkMod/Koush
CVE-2013-6767 (Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro ...)
	NOT-FOR-US: QuickHeal AntiVirus
CVE-2013-6764
	REJECTED
CVE-2013-6763 (The uio_mmap_physical function in drivers/uio/uio.c in the Linux ...)
	NOTE: Red Hat consider this as a non-issue:
	NOTE: http://seclists.org/oss-sec/2013/q4/282
CVE-2013-6762
	REJECTED
CVE-2013-6761
	REJECTED
CVE-2013-6760
	REJECTED
CVE-2013-6759
	REJECTED
CVE-2013-6758
	REJECTED
CVE-2013-6757
	REJECTED
CVE-2013-6756
	REJECTED
CVE-2013-6755
	REJECTED
CVE-2013-6754
	REJECTED
CVE-2013-6753
	REJECTED
CVE-2013-6752
	REJECTED
CVE-2013-6751
	REJECTED
CVE-2013-6750
	RESERVED
CVE-2013-6749 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2013-6748 (Buffer overflow in the ActiveX control in qp2.cab in IBM Lotus Quickr ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2013-6747 (IBM GSKit 7.x before 7.0.4.48 and 8.x before 8.0.50.16, as used in IBM ...)
	NOT-FOR-US: IBM GSKit
CVE-2013-6746 (Cross-site scripting (XSS) vulnerability in FileNet P8 Platform ...)
	NOT-FOR-US: IBM FileNet Business Process Manager
CVE-2013-6745 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
	NOT-FOR-US: IBM
CVE-2013-6744 (The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, ...)
	NOT-FOR-US: IBM DB2
CVE-2013-6743 (Cross-site scripting (XSS) vulnerability in the Meeting Server in IBM ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6742 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6741 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2013-6740
	RESERVED
CVE-2013-6739 (IBM SPSS Modeler before 16 on UNIX allows remote authenticated users ...)
	NOT-FOR-US: IBM
CVE-2013-6738 (Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics ...)
	NOT-FOR-US: IBM
CVE-2013-6737 (IBM System Storage Storwize V7000 Unified 1.3.x and 1.4.x before ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-6736
	RESERVED
CVE-2013-6735 (IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6734 (IBM WebSphere eXtreme Scale Client 7.1 through 8.6.0.4 does not ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-6733 (Cross-site scripting (XSS) vulnerability in the Web Application in the ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6732 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-6731 (IBM Netezza Performance Portal 2.x before 2.0.0.3 allows remote ...)
	NOT-FOR-US: IBM Netezza
CVE-2013-6730 (IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6729 (Cross-site scripting (XSS) vulnerability in IBM QuickFile 1.0.0.0 ...)
	NOT-FOR-US: IBM QuickFile
CVE-2013-6728 (The charting component in IBM WebSphere Dashboard Framework (WDF) ...)
	NOT-FOR-US: IBM WebSphere Dashboard Framework
CVE-2013-6727 (The Connect client in IBM Sametime 8.5.2 through 8.5.2.1 and 9.0 ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-6726 (Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2013-6725 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-6724 (Unspecified vulnerability in the vsflex8l ActiveX control in IBM SPSS ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2013-6723 (IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6722 (Unrestricted file upload vulnerability in the Registration/Edit My ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6721 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Service ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2013-6720 (Directory traversal vulnerability in download.php in the Passive ...)
	NOT-FOR-US: IBM Tealeaf
CVE-2013-6719 (delivery.php in the Passive Capture Application (PCA) web console in ...)
	NOT-FOR-US: IBM Tealeaf CX
CVE-2013-6718 (The Advanced Management Module (AMM) with firmware 3.64B, 3.64C, and ...)
	NOT-FOR-US: IBM firmware
CVE-2013-6717 (The OLAP query engine in IBM DB2 and DB2 Connect 9.7 through FP9, 9.8 ...)
	NOT-FOR-US: IBM
CVE-2013-6716
	REJECTED
CVE-2013-6715
	RESERVED
CVE-2013-6714 (The FlashCopy Manager for VMware component in IBM Tivoli Storage ...)
	NOT-FOR-US: IBM Tivoli Storage FlashCopy Manager
CVE-2013-6713 (The Data Protection for VMware component in IBM Tivoli Storage Manager ...)
	NOT-FOR-US: IBM Tivoli Storage Manager for Virtual Environments
CVE-2013-6712 (The scan function in ext/date/lib/parse_iso_intervals.c in PHP through ...)
	{DSA-2816-1}
	- php5 5.5.6+dfsg-2 (bug #731112)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=12fe4e90be7bfa2a763197079f68f5568a14e071
CVE-2013-6711 (Cross-site scripting (XSS) vulnerability in the product-creation ...)
	NOT-FOR-US: Cisco
CVE-2013-6710 (Cross-site request forgery (CSRF) vulnerability in Cisco WebEx ...)
	NOT-FOR-US: Cisco
CVE-2013-6709 (The registration component in Cisco WebEx Training Center provides the ...)
	NOT-FOR-US: Cisco
CVE-2013-6708 (Cisco Cloud Portal 9.4 allows remote attackers to read files of ...)
	NOT-FOR-US: Cisco
CVE-2013-6707 (Memory leak in the connection-manager implementation in Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2013-6706 (The Cisco Express Forwarding processing module in Cisco IOS XE allows ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-6705 (The IP Device Tracking (IPDT) feature in Cisco IOS and IOS XE allows ...)
	NOT-FOR-US: Cisco
CVE-2013-6704 (Cisco IOS XE does not properly manage memory for TFTP UDP flows, which ...)
	NOT-FOR-US: Cisco
CVE-2013-6703 (The TLS/SSLv3 module on Cisco ONS 15454 controller cards allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-6702 (The management implementation on Cisco ONS 15454 controller cards with ...)
	NOT-FOR-US: Cisco
CVE-2013-6701 (The tNetTaskLimit process on the Transport Node Controller (TNC) on ...)
	NOT-FOR-US: Cisco
CVE-2013-6700 (The SNMP module in Cisco IOS XR allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-6699 (The Control and Provisioning of Wireless Access Points (CAPWAP) ...)
	NOT-FOR-US: Cisco
CVE-2013-6698 (The web interface on Cisco Wireless LAN Controller (WLC) devices does ...)
	NOT-FOR-US: Cisco
CVE-2013-6697
	RESERVED
CVE-2013-6696 (Cisco Adaptive Security Appliance (ASA) Software does not properly ...)
	NOT-FOR-US: Cisco
CVE-2013-6695 (The RBAC implementation in Cisco Secure Access Control System (ACS) ...)
	NOT-FOR-US: Cisco
CVE-2013-6694 (The IPSec implementation in Cisco IOS allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2013-6693 (The MLDP implementation in Cisco IOS 15.3(3)S and earlier on 7600 ...)
	NOT-FOR-US: Cisco
CVE-2013-6692 (Cisco IOS XE 3.8S(.2) and earlier does not properly use a DHCP pool ...)
	NOT-FOR-US: Cisco
CVE-2013-6691 (The WebVPN CIFS implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-6690 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco
CVE-2013-6689 (Cisco Unified Communications Manager (Unified CM) 9.1(1) and earlier ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6688 (Directory traversal vulnerability in the license-upload interface in ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-6687 (The web portal in the Enterprise License Manager component in Cisco ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-6686 (The SSL VPN implementation in Cisco IOS 15.3(1)T2 and earlier allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-6685 (The firmware on Cisco Unified IP phones 8961, 9951, and 9971 uses weak ...)
	NOT-FOR-US: Cisco Unified IP phones
CVE-2013-6684 (The web framework on Cisco Wireless LAN Controller (WLC) devices does ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-6683 (The IPv6 implementation in Cisco NX-OS does not properly handle ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-6682 (The phone-proxy implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-6681
	RESERVED
CVE-2013-6680
	REJECTED
CVE-2013-6679
	REJECTED
CVE-2013-6678
	REJECTED
CVE-2013-6677
	REJECTED
CVE-2013-6676
	REJECTED
CVE-2013-6675
	REJECTED
CVE-2013-6674 (Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x ...)
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	NOTE: http://www.mozilla.org/security/announce/2014/mfsa2014-14.html
CVE-2013-6673 (Mozilla Firefox before 26.0, Firefox ESR 24.x before 24.2, Thunderbird ...)
	- iceweasel 24.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-6672 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 on Linux allow ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
	- iceape <not-affected> (Only affects Firefox 25)
CVE-2013-6671 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-6670
	RESERVED
CVE-2013-6669
	RESERVED
CVE-2013-6668 (Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-6667 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6666 (The PepperFlashRendererHost::OnNavigate function in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6665 (Heap-based buffer overflow in the ResourceProvider::InitializeSoftware ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6664 (Use-after-free vulnerability in the ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6663 (Use-after-free vulnerability in the SVGImage::setContainerSize ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6662 (Google Chrome caches TLS sessions before certificate validation ...)
	NOTE: Chrome issue fixed end of 2013, not really worth figuring out in which version
CVE-2013-6661 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6660 (The drag-and-drop implementation in Google Chrome before 33.0.1750.117 ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6659 (The SSLClientSocketNSS::Core::OwnAuthCertHandler function in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6658 (Multiple use-after-free vulnerabilities in the layout implementation ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6657 (core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6656 (The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6655 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6654 (The SVGAnimateElement::calculateAnimatedValue function in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6653 (Use-after-free vulnerability in the web contents implementation in ...)
	{DSA-2883-1}
	- chromium-browser 33.0.1750.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6652 (Directory traversal vulnerability in ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2013-6651
	RESERVED
CVE-2013-6650 (The StoreBuffer::ExemptPopularPages function in store-buffer.cc in ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-6649 (Use-after-free vulnerability in the RenderSVGImage::paint function in ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-6648 (SkRegion::setPath in Skia allows remote attackers to cause a denial of ...)
	- skia <itp> (bug #818180)
CVE-2013-6647 (A use-after-free in AnimationController::endAnimationUpdate in Google ...)
	- chromium-browser <not-affected> (According to upstream bug only affected interim version, not a stable release)
CVE-2013-6646 (Use-after-free vulnerability in the Web Workers implementation in ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6645 (Use-after-free vulnerability in the OnWindowRemovingFromRootWindow ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6644 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6643 (The OneClickSigninBubbleView::WindowClosing function in ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6642 (Google Chrome through 32.0.1700.23 on Android allows remote attackers ...)
	- chromium-browser <not-affected> (only affects google chrome on android)
CVE-2013-6641 (Use-after-free vulnerability in the ...)
	{DSA-2862-1}
	- chromium-browser 32.0.1700.123-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6640 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
	{DSA-2811-1}
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 3.14.5.8-5
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6639 (The DehoistArrayIndex function in hydrogen-dehoist.cc (aka ...)
	{DSA-2811-1}
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 3.14.5.8-5
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6638 (Multiple buffer overflows in runtime.cc in Google V8 before 3.22.24.7, ...)
	{DSA-2811-1}
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: libv8 not covered by security support
CVE-2013-6637 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6636 (The FrameLoader::notifyIfInitialDocumentAccessed function in ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6635 (Use-after-free vulnerability in the editing implementation in Blink, ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6634 (The OneClickSigninHelper::ShowInfoBarIfPossible function in ...)
	{DSA-2811-1}
	- chromium-browser 31.0.1650.63-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6633
	RESERVED
CVE-2013-6620
	RESERVED
CVE-2013-6619
	RESERVED
CVE-2013-6618 (jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6617 (The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not ...)
	- salt 0.17.1+dfsg-1
CVE-2011-5267 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: SpellChecker module in Xinha
CVE-2013-6766 (OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows ...)
	NOT-FOR-US: OpenVAS Administrator (only uploaded to exp 2.5 years ago)
CVE-2013-6765 (OpenVAS Manager 3.0 before 3.0.7 and 4.0 before 4.0.4 allows remote ...)
	NOT-FOR-US: OpenVAS Manager (only uploaded to experimental 2.5 years ago)
CVE-2013-6632 (Integer overflow in Google Chrome before 31.0.1650.57 allows remote ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6631 (Use-after-free vulnerability in the Channel::SendRTCPPacket function ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6630 (The get_dht function in jdmarker.c in libjpeg-turbo through 1.3.0, as ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
	- libjpeg-turbo 1.3.0-3 (low; bug #729873)
	- libjpeg6b 6b1-4 (low; bug #729867)
	[squeeze] - libjpeg6b <no-dsa> (Minor issue)
	[wheezy] - libjpeg6b 6b1-3+deb7u1
	- libjpeg8 8d-2 (low; bug #729867)
	[squeeze] - libjpeg8 <no-dsa> (Minor issue)
	[wheezy] - libjpeg8 8d-1+deb7u1
	- iceweasel 24.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
CVE-2013-6629 (The get_sos function in jdmarker.c in (1) libjpeg 6b and (2) ...)
	{DSA-2923-1 DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
	- libjpeg-turbo 1.3.0-3 (low; bug #729873)
	- libjpeg6b 6b1-4 (low; bug #729867)
	[wheezy] - libjpeg6b 6b1-3+deb7u1
	[squeeze] - libjpeg6b <no-dsa> (Minor issue)
	- libjpeg8 8d-2 (low; bug #729867)
	[squeeze] - libjpeg8 <no-dsa> (Minor issue)
	[wheezy] - libjpeg8 8d-1+deb7u1
	- iceweasel 24.2.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 24.2.0-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	NOTE: http://packetstormsecurity.com/files/123989/IJG-jpeg6b-libjpeg-turbo-Uninitialized-Memory.html
CVE-2013-6628 (net/socket/ssl_client_socket_nss.cc in the TLS implementation in ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6627 (net/http/http_stream_parser.cc in Google Chrome before 31.0.1650.48 ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6626 (The WebContentsImpl::AttachInterstitialPage function in ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6625 (Use-after-free vulnerability in core/dom/ContainerNode.cpp in Blink, ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6624 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6623 (The SVG implementation in Blink, as used in Google Chrome before ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6622 (Use-after-free vulnerability in the ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6621 (Use-after-free vulnerability in Google Chrome before 31.0.1650.48 ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-6616
	REJECTED
CVE-2013-6615
	REJECTED
CVE-2013-6614
	REJECTED
CVE-2013-6613
	REJECTED
CVE-2013-6612
	REJECTED
CVE-2013-6611
	REJECTED
CVE-2013-6610
	REJECTED
CVE-2013-6609
	REJECTED
CVE-2013-6608
	REJECTED
CVE-2013-6607
	REJECTED
CVE-2013-6606
	REJECTED
CVE-2013-6605
	REJECTED
CVE-2013-6604
	REJECTED
CVE-2013-6603
	REJECTED
CVE-2013-6602
	REJECTED
CVE-2013-6601
	REJECTED
CVE-2013-6600
	REJECTED
CVE-2013-6599
	REJECTED
CVE-2013-6598
	REJECTED
CVE-2013-6597
	REJECTED
CVE-2013-6596
	REJECTED
CVE-2013-6595
	REJECTED
CVE-2013-6594
	REJECTED
CVE-2013-6593
	REJECTED
CVE-2013-6592
	REJECTED
CVE-2013-6591
	REJECTED
CVE-2013-6590
	REJECTED
CVE-2013-6589
	REJECTED
CVE-2013-6588
	REJECTED
CVE-2013-6587
	REJECTED
CVE-2013-6586
	REJECTED
CVE-2013-6585
	REJECTED
CVE-2013-6584
	REJECTED
CVE-2013-6583
	REJECTED
CVE-2013-6582
	REJECTED
CVE-2013-6581
	REJECTED
CVE-2013-6580
	REJECTED
CVE-2013-6579
	REJECTED
CVE-2013-6578
	REJECTED
CVE-2013-6577
	REJECTED
CVE-2013-6576
	REJECTED
CVE-2013-6575
	REJECTED
CVE-2013-6574
	REJECTED
CVE-2013-6573
	REJECTED
CVE-2013-6572
	REJECTED
CVE-2013-6571
	REJECTED
CVE-2013-6570
	REJECTED
CVE-2013-6569
	REJECTED
CVE-2013-6568
	REJECTED
CVE-2013-6567
	REJECTED
CVE-2013-6566
	REJECTED
CVE-2013-6565
	REJECTED
CVE-2013-6564
	REJECTED
CVE-2013-6563
	REJECTED
CVE-2013-6562
	REJECTED
CVE-2013-6561
	REJECTED
CVE-2013-6560
	REJECTED
CVE-2013-6559
	REJECTED
CVE-2013-6558
	REJECTED
CVE-2013-6557
	REJECTED
CVE-2013-6556
	REJECTED
CVE-2013-6555
	REJECTED
CVE-2013-6554
	REJECTED
CVE-2013-6553
	REJECTED
CVE-2013-6552
	REJECTED
CVE-2013-6551
	REJECTED
CVE-2013-6550
	REJECTED
CVE-2013-6549
	REJECTED
CVE-2013-6548
	REJECTED
CVE-2013-6547
	REJECTED
CVE-2013-6546
	REJECTED
CVE-2013-6545
	REJECTED
CVE-2013-6544
	REJECTED
CVE-2013-6543
	REJECTED
CVE-2013-6542
	REJECTED
CVE-2013-6541
	REJECTED
CVE-2013-6540
	REJECTED
CVE-2013-6539
	REJECTED
CVE-2013-6538
	REJECTED
CVE-2013-6537
	REJECTED
CVE-2013-6536
	REJECTED
CVE-2013-6535
	REJECTED
CVE-2013-6534
	REJECTED
CVE-2013-6533
	REJECTED
CVE-2013-6532
	REJECTED
CVE-2013-6531
	REJECTED
CVE-2013-6530
	REJECTED
CVE-2013-6529
	REJECTED
CVE-2013-6528
	REJECTED
CVE-2013-6527
	REJECTED
CVE-2013-6526
	REJECTED
CVE-2013-6525
	REJECTED
CVE-2013-6524
	REJECTED
CVE-2013-6523
	REJECTED
CVE-2013-6522
	REJECTED
CVE-2013-6521
	REJECTED
CVE-2013-6520
	REJECTED
CVE-2013-6519
	REJECTED
CVE-2013-6518
	REJECTED
CVE-2013-6517
	REJECTED
CVE-2013-6516
	REJECTED
CVE-2013-6515
	REJECTED
CVE-2013-6514
	REJECTED
CVE-2013-6513
	REJECTED
CVE-2013-6512
	REJECTED
CVE-2013-6511
	REJECTED
CVE-2013-6510
	REJECTED
CVE-2013-6509
	REJECTED
CVE-2013-6508
	REJECTED
CVE-2013-6507
	REJECTED
CVE-2013-6506
	RESERVED
CVE-2013-6505
	RESERVED
CVE-2013-6504
	RESERVED
CVE-2013-6503
	RESERVED
CVE-2013-6502
	RESERVED
CVE-2013-6501 (The default soap.wsdl_cache_dir setting in (1) php.ini-production and ...)
	- php5 <removed> (unimportant)
	NOTE: Rendererd unexpoitable by kernel level hardening for tmp races
CVE-2013-6500
	REJECTED
CVE-2013-6499 [loading a module relative to the cwd]
	RESERVED
	- libmp3-info-perl <unfixed> (bug #777230; unimportant)
	[jessie] - libmp3-info-perl <no-dsa> (Minor issue)
	[wheezy] - libmp3-info-perl <no-dsa> (Minor issue)
	[squeeze] - libmp3-info-perl <no-dsa> (Minor issue)
	NOTE: Marked as unimportant at least for unstable, since the issue is mitigated
	NOTE: by src:perl not having '.' in INC since 5.22.2-4 by default.
CVE-2013-6498
	RESERVED
CVE-2013-6497 (clamscan in ClamAV before 0.98.5, when using -a option, allows remote ...)
	{DLA-95-1}
	- clamav 0.98.5+dfsg-1
	[wheezy] - clamav 0.98.5+dfsg-0+deb7u1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=11088
CVE-2013-6496 (Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Red Hat Conga
CVE-2013-6495
	RESERVED
	NOT-FOR-US: JBossWeb Bayeux
CVE-2013-6494 (fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a ...)
	NOT-FOR-US: fedup (Fedora specific)
CVE-2013-6493 (The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc ...)
	- icedtea-web 1.4.2-1 (low)
	[wheezy] - icedtea-web <no-dsa> (Minor issue)
CVE-2013-6492 (The Piranha Configuration Tool in Piranha 0.8.6 does not properly ...)
	NOT-FOR-US: Pirhana
CVE-2013-6491 (The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo ...)
	- nova 2013.2.3-1
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-6490 (The SIMPLE protocol functionality in Pidgin before 2.10.8 allows ...)
	{DSA-2859-2 DSA-2859-1}
	- pidgin 2.10.8-1
CVE-2013-6489 (Integer signedness error in the MXit functionality in Pidgin before ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6488
	REJECTED
CVE-2013-6487 (Integer overflow in libpurple/protocols/gg/lib/http.c in the Gadu-Gadu ...)
	{DSA-2859-1 DSA-2852-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
	- libgadu 1:1.11.3-1
CVE-2013-6486 (gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted ...)
	- pidgin <not-affected> (Windows-specific)
CVE-2013-6485 (Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows ...)
	{DSA-2859-2 DSA-2859-1}
	- pidgin 2.10.8-1
CVE-2013-6484 (The STUN protocol implementation in libpurple in Pidgin before 2.10.8 ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6483 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2013-6482 (Pidgin before 2.10.8 allows remote MSN servers to cause a denial of ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6481 (libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6480 (Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter ...)
	- libcloud <not-affected> (affects 0.12.3 to 0.13.3)
	NOTE: version prior to 0.12.3 don't include a DigitalOcean driver
CVE-2013-6479 (util.c in libpurple in Pidgin before 2.10.8 does not properly allocate ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2013-6478 (gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-6477 (Multiple integer signedness errors in libpurple in Pidgin before ...)
	{DSA-2859-1}
	- pidgin 2.10.8-1
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
CVE-2013-6476 (The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the ...)
	{DSA-2876-1 DSA-2875-1}
	- cups-filters 1.0.47-1 (bug #741318)
	- cups 1.5.0-16 (bug #741333)
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
CVE-2013-6475 (Multiple integer overflows in (1) OPVPOutputDev.cxx and (2) ...)
	{DSA-2876-1 DSA-2875-1}
	- cups-filters 1.0.47-1 (bug #741318)
	- cups 1.5.0-16 (bug #741333)
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
CVE-2013-6474 (Heap-based buffer overflow in the pdftoopvp filter in CUPS and ...)
	{DSA-2876-1 DSA-2875-1}
	- cups-filters 1.0.47-1 (bug #741318)
	- cups 1.5.0-16 (bug #741333)
	NOTE: cups moved filters to separate package in 1.5.0-16
	NOTE: in oldstable present in debian/local/filters/pdf-filters/pdftoopvp
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7176
CVE-2013-6473 (Multiple heap-based buffer overflows in the urftopdf filter in ...)
	- cups-filters 1.0.47-1 (bug #741318)
	[wheezy] - cups-filters <not-affected> (does not contain urftopdf filter)
	NOTE: http://bzr.linuxfoundation.org/loggerhead/openprinting/cups-filters/revision/7175
CVE-2013-6472 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58699
CVE-2013-6471
	RESERVED
CVE-2013-6470 (The default configuration in the standalone controller quickstack ...)
	NOT-FOR-US: openstack foreman-installer
CVE-2013-6469 (JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows ...)
	NOT-FOR-US: JBoss SOA RTgov
CVE-2013-6468 (JBoss Drools, Red Hat JBoss BRMS before 6.0.1, and Red Hat JBoss BPM ...)
	NOT-FOR-US: JBoss Drolls
CVE-2013-6467 (Libreswan 3.7 and earlier allows remote attackers to cause a denial of ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
CVE-2013-6466 (Openswan 2.6.39 and earlier allows remote attackers to cause a denial ...)
	{DSA-2893-1}
	- openswan <removed> (bug #737406)
	NOTE: https://libreswan.org/security/CVE-2013-6467/CVE-2013-6467.txt
CVE-2013-6465 (Multiple cross-site scripting (XSS) vulnerabilities in JBPM KIE ...)
	NOT-FOR-US: JBPM KIE Workbench
CVE-2013-6464
	RESERVED
CVE-2013-6463
	REJECTED
CVE-2013-6462 (Stack-based buffer overflow in the bdfReadCharacters function in ...)
	{DSA-2838-1}
	- libxfont 1:1.4.7-1
CVE-2013-6461 [DoS while parsing XML entities]
	RESERVED
	- ruby-nokogiri <not-affected> (jruby implementation not shiped)
	- libnokogiri-ruby <not-affected> (1.4 and earlier not affected)
	NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
CVE-2013-6460 [DoS while parsing XML documents]
	RESERVED
	- ruby-nokogiri <not-affected> (jruby implementation not shiped)
	- libnokogiri-ruby <not-affected> (1.4 and earlier not affected)
	NOTE: https://groups.google.com/forum/#!topic/ruby-security-ann/DeJpjTAg1FA
CVE-2013-6459 (Cross-site scripting (XSS) vulnerability in the will_paginate gem ...)
	- ruby-will-paginate 3.0.5-1 (low; bug #733209)
	[wheezy] - ruby-will-paginate <no-dsa> (Minor issue)
	- libwill-paginate-ruby <removed>
	[squeeze] - libwill-paginate-ruby <no-dsa> (Minor issue)
	NOTE: https://github.com/mislav/will_paginate/releases/tag/v3.0.5
CVE-2013-6458 (Multiple race conditions in the (1) virDomainBlockStats, (2) ...)
	{DSA-2846-1}
	- libvirt 1.2.1-1 (bug #734556)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01202.html
	NOTE: upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=db86da5ca2109e4006c286a09b6c75bfe10676ad
CVE-2013-6457 (The libxlDomainGetNumaParameters function in the libxl driver ...)
	- libvirt 1.2.1-1
	[wheezy] - libvirt <not-affected> (Vulnerable code not present)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://www.redhat.com/archives/libvir-list/2013-December/msg01258.html
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=f9ee91d35510ccbc6fc42cef8864b291b2d220f4
	NOTE: Introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=261c4f5fb93c5e23b8002f2760d4a7937cdb7f63
CVE-2013-6456 (The LXC driver (lxc/lxc_driver.c) in libvirt 1.0.1 through 1.2.1 ...)
	- libvirt 1.2.3-1 (bug #732394)
	[wheezy] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced in v1.0.1)
CVE-2013-6455
	RESERVED
	NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-6454 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58472
CVE-2013-6453 (MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58553
CVE-2013-6452 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=57550
CVE-2013-6451
	RESERVED
	- mediawiki 1:1.19.10+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=58088
	NOTE: Introduced by the fix for CVE-2013-4568
CVE-2013-6450 (The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l ...)
	{DSA-2833-1}
	- openssl 1.0.1e-5 (low)
	[squeeze] - openssl <not-affected> (Versions earlier than 1.0.0 are not affected)
CVE-2013-6449 (The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before ...)
	{DSA-2833-1}
	- openssl 1.0.1e-5 (bug #732754)
	[squeeze] - openssl <not-affected> (TLS 1.2 support introduced in 1.0.1)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1045363
	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=ca98926
	NOTE: http://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=0294b2b
CVE-2013-6448 (The InterfaceGenerator handler in JBoss Seam Remoting in JBoss Seam 2 ...)
	NOT-FOR-US: JBoss Seam
CVE-2013-6447 (Multiple XML External Entity (XXE) vulnerabilities in the (1) ...)
	NOT-FOR-US: JBoss Seam
CVE-2013-6446 (The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before ...)
	NOT-FOR-US: Cloudera
CVE-2013-6445 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
	NOT-FOR-US: Cumin
CVE-2013-6444 (PyWBEM 0.7 and earlier does not verify that the server hostname ...)
	- pywbem 0.8.0~dev650-1 (bug #732594)
	[squeeze] - pywbem <no-dsa> (Minor issue)
	[wheezy] - pywbem <no-dsa> (Minor issue)
	NOTE: Fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
CVE-2013-6443 (CloudForms 3.0 Management Engine before 5.2.1.6 allows remote ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-6442 (The owner_set function in smbcacls.c in smbcacls in Samba 4.0.x before ...)
	- samba 2:4.1.6+dfsg-1 (low)
	[squeeze] - samba <not-affected> (Only affects 4.x and later)
	[wheezy] - samba <not-affected> (Only affects 4.x and later)
	- samba4 <removed>
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
	NOTE: http://www.samba.org/samba/security/CVE-2013-6442
CVE-2013-6441 (The lxc-sshd template (templates/lxc-sshd.in) in LXC before ...)
	{DLA-442-1}
	- lxc 1.0.0-1 (unimportant)
	NOTE: getting root on host, if not using unprivileged containers or
	NOTE: restricting the containers with apparmor or selinux.
	NOTE: CVE is kept as no official documentation explicitly document this fact
	NOTE: https://github.com/lxc/lxc/commit/f4d5cc8e1f39d132b61e110674528cac727ae0e2 (lxc-1.0.0.beta2)
CVE-2013-6440 (The (1) BasicParserPool, (2) StaticBasicParserPool, (3) XML Decrypter, ...)
	- opensaml2 <not-affected> (Debian provides the C-based Shibboleth implementation)
	NOTE: http://shibboleth.net/community/advisories/secadv_20131213.txt
	NOTE: http://blog.sendsafely.com/post/69590974866/web-based-single-sign-on-and-the-dangers-of-saml-xml
CVE-2013-6439 (Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a ...)
	NOT-FOR-US: Candlepin
CVE-2013-6438 (The dav_xml_get_cdata function in main/util.c in the mod_dav module in ...)
	{DLA-66-1}
	- apache2 2.4.9-1
	[wheezy] - apache2 2.2.22-13+deb7u2
CVE-2013-6437 (The libvirt driver in OpenStack Compute (Nova) before 2013.2.2 and ...)
	- nova 2013.2.2
	[wheezy] - nova <not-affected> (Vulnerable code not present)
CVE-2013-6436 (The lxcDomainGetMemoryParameters method in lxc/lxc_driver.c in libvirt ...)
	- libvirt 1.2.0-1
	[squeeze] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
	[wheezy] - libvirt <not-affected> (vulnerable code not present, introduced in 1.1)
CVE-2013-6435 (Race condition in RPM 4.11.1 and earlier allows remote attackers to ...)
	{DSA-3129-1 DLA-140-1}
	- rpm 4.11.3-1.1 (bug #773101)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1039811
CVE-2013-6434 (The remote-viewer in Red Hat Enterprise Virtualization Manager ...)
	NOT-FOR-US: RHEV Manager
CVE-2013-6433 (The default configuration in the Red Hat openstack-neutron package ...)
	- quantum <removed>
	[wheezy] - quantum <no-dsa> (Minor issue)
	- neutron 2014.1-1
	NOTE: Likely fixed even earlier than 2014.1-1, but that was the oldest version checked
CVE-2013-6432 (The ping_recvmsg function in net/ipv4/ping.c in the Linux kernel ...)
	- linux 3.12.6-1
	[wheezy] - linux <not-affected> (Vulnerable code introduced in 3.11)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.11)
	NOTE: Introduced by https://git.kernel.org/linus/6d0bfe22611602f36617bc7aa2ffa1bbb2f54c67
	NOTE: fixed by https://git.kernel.org/linus/cf970c002d270c36202bd5b9c2804d3097a52da0
CVE-2013-6431 (The fib6_add function in net/ipv6/ip6_fib.c in the Linux kernel before ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.11.5-1 (low)
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: fixed by https://git.kernel.org/linus/ae7b4e1f213aa659aedf9c6ecad0bf5f0476e1e2
CVE-2013-6430
	RESERVED
	{DSA-2857-1}
	- libspring-java 3.0.6.RELEASE-11 (bug #735420)
CVE-2013-6429 (The SourceHttpMessageConverter in Spring MVC in Spring Framework ...)
	{DSA-2857-1}
	- libspring-java 3.0.6.RELEASE-11 (bug #735420)
CVE-2013-6428 (The ReST API in OpenStack Orchestration API (Heat) before Havana ...)
	- heat 2013.2.1-1 (bug #732033)
	NOTE: https://launchpad.net/bugs/1256983
CVE-2013-6427 (upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing ...)
	{DSA-2829-1}
	- hplip 3.13.11-2 (bug #731480)
	[squeeze] - hplip <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=853405
CVE-2013-6426 (The cloudformation-compatible API in OpenStack Orchestration API ...)
	- heat 2013.2.1-1 (bug #732033)
	NOTE: https://launchpad.net/bugs/1256049
CVE-2013-6425 (Integer underflow in the pixman_trapezoid_valid macro in pixman.h in ...)
	{DSA-2823-1}
	- pixman 0.30.2-2
CVE-2013-6424 (Integer underflow in the xTrapezoidValid macro in render/picture.h in ...)
	{DSA-2822-1}
	- xorg-server 2:1.14.2.901-1 (low; bug #742922)
	NOTE: Band-aid fix in Wheezy not applicable to upstream code, fixed post-Wheezy
	NOTE: in pixman: http://cgit.freedesktop.org/pixman/commit/?id=5e14da97f16e421d084a9e735be21b1025150f0c
	NOTE: Mark the first post-wheezy xorg-server as a pseudo fixed version
CVE-2013-6423
	RESERVED
CVE-2013-6422 (The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling ...)
	{DSA-2824-1}
	- curl 7.34.0-1
	[squeeze] - curl <not-affected> (issue introduced with 59cf93cc, 7.21.4)
CVE-2013-6421 (The unpack_zip function in archive_unpacker.rb in the sprout gem ...)
	NOT-FOR-US: Ruby Gem sprout
CVE-2013-6420 (The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP ...)
	{DSA-2816-1}
	- php5 5.5.6+dfsg-2 (bug #731895)
	NOTE: http://git.php.net/?p=php-src.git;a=commit;h=c1224573c773b6845e83505f717fbf820fc18415
CVE-2013-6419 (Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 ...)
	- neutron 2013.2.1-1
	- nova 2013.2.1-1
	[wheezy] - nova <not-affected> (Only exploitable in combination in neutron, not in Wheezy)
	NOTE: https://launchpad.net/bugs/1235450
CVE-2013-6418 (PyWBEM 0.7 and earlier uses a separate connection to validate X.509 ...)
	- pywbem 0.8.0~dev650-1 (low; bug #732594)
	[squeeze] - pywbem <no-dsa> (Minor issue)
	[wheezy] - pywbem <no-dsa> (Minor issue)
	NOTE: fix: https://bugzilla.redhat.com/attachment.cgi?id=851357
CVE-2013-6417 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: CVE for incomplete fix for CVE-2013-0155
CVE-2013-6416 (Cross-site scripting (XSS) vulnerability in the simple_format helper ...)
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- ruby-actionpack-3.2 <not-affected> (vulnerable code not present)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6415 (Cross-site scripting (XSS) vulnerability in the number_to_currency ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <removed> (bug #731289)
	[wheezy] - ruby-actionpack-2.3 <end-of-life>
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6414 (actionpack/lib/action_view/lookup_context.rb in Action View in Ruby on ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-6413 (Use-after-free vulnerability in UnrealIRCd 3.2.10 before 3.2.10.2 ...)
	- unrealircd <itp> (bug #515130)
	NOTE: http://forums.unrealircd.com/viewtopic.php?f=2&t=8221
CVE-2013-6412 (The transform_save function in transform.c in Augeas 1.0.0 through ...)
	{DLA-28-1}
	- augeas 1.2.0-0.1 (bug #731111)
	[wheezy] - augeas <not-affected> (Affected patch not present/applied)
	[squeeze] - augeas <not-affected> (Affected patch not present/applied)
	NOTE: only if applied original patch for CVE-2012-0786
CVE-2013-6411 (The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD ...)
	- openttd 1.3.3-1 (low)
	[squeeze] - openttd 1.0.4-7
	[wheezy] - openttd 1.2.1-3
	NOTE: http://bugs.openttd.org/task/5820
CVE-2013-6410 (nbd-server in Network Block Device (nbd) before 3.5 does not properly ...)
	{DSA-2806-1}
	- nbd 1:3.5-1
	NOTE: http://anonscm.debian.org/gitweb/?p=users/wouter/nbd.git;a=commitdiff;h=0e9bd98c44dd94d9ede92655a36849fbc8cbf5b9
CVE-2013-6409 (Debian adequate before 0.8.1, when run by root with the --user option, ...)
	- adequate 0.8.1 (bug #730691)
	NOTE: https://bitbucket.org/jwilk/adequate/commits/94e5fc5d810057bffb673501ed809f7c2dabd9ee
CVE-2013-6408 (The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
	NOTE: https://issues.apache.org/jira/browse/SOLR-4881
CVE-2013-6407 (The UpdateRequestHandler for XML in Apache Solr before 4.1 allows ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
	NOTE: https://issues.apache.org/jira/browse/SOLR-3895
CVE-2013-6406
	REJECTED
CVE-2013-6405
	REJECTED
CVE-2013-6404 (Quassel core (server daemon) in Quassel IRC before 0.9.2 does not ...)
	- quassel 0.9.2-1 (low)
	[wheezy] - quassel 0.8.0-1+deb7u1
	[squeeze] - quassel <no-dsa> (Minor issue)
	NOTE: https://github.com/quassel/quassel/commit/a1a24da
CVE-2013-6403 (The admin page in ownCloud before 5.0.13 allows remote attackers to ...)
	- owncloud 5.0.13+dfsg-1
CVE-2013-6402 (base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 ...)
	{DSA-2829-1}
	- hplip 3.13.11-2.1 (bug #725876)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=852368
CVE-2013-6401 (Jansson, possibly 2.4 and earlier, does not restrict the ability to ...)
	- jansson 2.6-1 (bug #738647)
	[wheezy] - jansson <no-dsa> (Minor issue)
CVE-2013-6400 (Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (4.2.x and later are vulnerable)
	[squeeze] - xen <not-affected> (4.2.x and later are vulnerable)
CVE-2013-6399 (Array index error in the virtio_load function in hw/virtio/virtio.c in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-6398 (The virtual router in Apache CloudStack before 4.2.1 does not preserve ...)
	NOT-FOR-US: Apache CloudStack
CVE-2013-6397 (Directory traversal vulnerability in SolrResourceLoader in Apache Solr ...)
	{DSA-2963-1}
	- lucene-solr 3.6.2+dfsg-2 (bug #731113)
	NOTE: https://issues.apache.org/jira/browse/SOLR-4882
CVE-2013-6396 (The OpenStack Python client library for Swift (python-swiftclient) 1.0 ...)
	- python-swiftclient 1:2.0.2-1 (bug #730626)
	NOTE: https://bugs.launchpad.net/python-swiftclient/+bug/1199783
CVE-2013-6395 (Cross-site scripting (XSS) vulnerability in header.php in Ganglia Web ...)
	- ganglia-web <unfixed> (unimportant; bug #730507)
	[squeeze] - ganglia <not-affected> (Vulnerable code not present)
	NOTE: See README.Debian.security, only supported behind an authenticated HTTP zone, #702776
	- ganglia 3.6.0-1
	[wheezy] - ganglia <no-dsa> (Minor issue)
	NOTE: ganglia-web and ganglia are now two separate source packages
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: https://github.com/ganglia/ganglia-web/issues/218
CVE-2013-6394 (Percona XtraBackup before 2.1.6 uses a constant string for the ...)
	- percona-xtrabackup 2.1.6-2 (bug #730544)
CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before ...)
	{DSA-2870-1 DSA-2850-1}
	- libyaml 0.1.4-3 (bug #737076)
	- libyaml-libyaml-perl 0.41-4
CVE-2013-6392 (The genlock_dev_ioctl function in genlock.c in the Genlock driver for ...)
	- linux-2.6 <not-affected> (Android-specific)
	- linux <not-affected> (Android-specific)
	NOTE: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3
CVE-2013-6391 (The ec2tokens API in OpenStack Identity (Keystone) before Havana ...)
	- keystone 2013.2.1-1 (bug #731981)
	[wheezy] - keystone <not-affected> (vulnerable code not present)
	NOTE: https://launchpad.net/bugs/1242597
CVE-2013-6390
	RESERVED
CVE-2013-6389 (Open redirect vulnerability in the Overlay module in Drupal 7.x before ...)
	{DSA-2804-1}
	- drupal7 7.24-1
CVE-2013-6388 (Cross-site scripting (XSS) vulnerability in the Color module in Drupal ...)
	{DSA-2804-1}
	- drupal7 7.24-1
CVE-2013-6387 (Cross-site scripting (XSS) vulnerability in the Image module in Drupal ...)
	{DSA-2804-1}
	- drupal7 7.24-1
CVE-2013-6386 (Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand ...)
	{DSA-2828-1 DSA-2804-1}
	- drupal6 <removed>
	- drupal7 7.24-1
	NOTE: https://drupal.org/SA-CORE-2013-003
CVE-2013-6385 (The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used ...)
	{DSA-2828-1 DSA-2804-1}
	- drupal6 <removed>
	- drupal7 7.24-1
	NOTE: https://drupal.org/SA-CORE-2013-003
CVE-2013-6384 ((1) impl_db2.py and (2) impl_mongodb.py in OpenStack Ceilometer 2013.2 ...)
	- ceilometer 2013.2-4 (bug #730227)
CVE-2013-6383 (The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.53-1
	- linux 3.11.8-1
	NOTE: https://git.kernel.org/linus/f856567b930dfcdbc3323261bf77240ccdde01f5
CVE-2013-6382 (Multiple buffer underflows in the XFS implementation in the Linux ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.10-1 (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-6381 (Buffer overflow in the qeth_snmp_command function in ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.10-1 (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/linus/6fb392b1a63ae36c31f62bc3fc8630b49d602b62
CVE-2013-6380 (The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.10-1
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/linus/b4789b8e6be3151a955ade74872822f30e8cd914
CVE-2013-6379
	REJECTED
CVE-2013-6378 (The lbs_debugfs_write function in ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.10-1 (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/linus/a497e47d4aec37aaf8f13509f3ef3d1f6a717d88
CVE-2013-6377
	REJECTED
CVE-2013-6376 (The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM ...)
	- linux 3.12.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
CVE-2013-6375 (Xen 4.2.x and 4.3.x, when using Intel VT-d for PCI passthrough, does ...)
	- xen 4.4.0-1 (bug #730254)
	[squeeze] - xen <not-affected> (Only affects >= 4.2)
	[wheezy] - xen <not-affected> (Only affects >= 4.2)
CVE-2013-6374 (Cross-site scripting (XSS) vulnerability in the Build Failure Analyzer ...)
	- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6373 (The Exclusion plugin before 0.9 for Jenkins does not properly prevent ...)
	- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6372 (The Subversion plugin before 1.54 for Jenkins stores credentials using ...)
	- jenkins <not-affected> (Affected plugins are not shipped in Debian, bug #730457)
CVE-2013-6371 (The hash functionality in json-c before 0.12 allows context-dependent ...)
	- json-c 0.11-4 (bug #744008)
	[wheezy] - json-c <no-dsa> (Minor issue)
	[squeeze] - json-c <no-dsa> (Minor issue)
	NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
CVE-2013-6370 (Buffer overflow in the printbuf APIs in json-c before 0.12 allows ...)
	- json-c 0.11-4 (bug #744008)
	[wheezy] - json-c <no-dsa> (Minor issue)
	[squeeze] - json-c <no-dsa> (Minor issue)
	NOTE: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
CVE-2013-6369 (Stack-based buffer overflow in the jbg_dec_in function in ...)
	{DSA-2900-1}
	- jbigkit 2.0-2.1 (bug #743960)
CVE-2013-6368 (The KVM subsystem in the Linux kernel through 3.12.5 allows local ...)
	- linux 3.12.5-1
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
CVE-2013-6367 (The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM ...)
	{DSA-2906-1}
	- linux 3.12.5-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
CVE-2013-6363
	RESERVED
CVE-2013-6362
	RESERVED
CVE-2013-6361
	RESERVED
CVE-2013-6360
	RESERVED
CVE-2013-6359 (Munin::Master::Node in Munin before 2.0.18 allows remote attackers to ...)
	{DSA-2815-1 DLA-20-1}
	- munin 2.0.18-1
	[squeeze] - munin 1.4.5-3+deb6u1
	NOTE: http://munin-monitoring.org/ticket/1397
CVE-2013-6358
	RESERVED
CVE-2013-6357 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: Disputed non-issue in Tomcat
CVE-2013-6356
	REJECTED
CVE-2013-6355
	REJECTED
CVE-2013-6354
	RESERVED
CVE-2013-6353
	RESERVED
CVE-2013-6352
	RESERVED
CVE-2013-6351
	RESERVED
CVE-2013-6350
	RESERVED
CVE-2013-6349 (McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2013-6348 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.3)
	NOTE: https://issues.apache.org/jira/browse/WW-4213
CVE-2013-6347 (Session fixation vulnerability in Novell ZENworks Configuration ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6346 (Cross-site request forgery (CSRF) vulnerability in the ZCC page in ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6345 (Unspecified vulnerability in the ZCC page in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6344 (The ZCC page in Novell ZENworks Configuration Management (ZCM) before ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-6343 (Multiple buffer overflows in web.c in httpd on the ASUS RT-N56U and ...)
	NOT-FOR-US: ASUS Router
CVE-2013-6342 (Cross-site scripting (XSS) vulnerability in the Tweet Blender plugin ...)
	NOT-FOR-US: Tweet Blender plugin for WP
CVE-2013-6341 (SQL injection vulnerability in Dokeos 2.2 RC2 and earlier allows ...)
	NOT-FOR-US: Dokeos
CVE-2004-XXXX [base-passwd: sets valid shells for system services]
	- base-passwd 3.5.30 (unimportant; bug #274229)
	NOTE: Hardening, not a direct vulnerability
CVE-2013-6366 (The Groovy script console in VMware Hyperic HQ 4.6.6 allows remote ...)
	NOT-FOR-US: VMware Hyperic HQ
CVE-2013-6365 [CSRF edit.php]
	RESERVED
	- php-horde 5.1.5+debian0-1 (bug #730110)
	- php-horde-kronolith 4.1.4-1 (bug #730980)
	- kronolith2 <not-affected> (Vulnerable code not present)
	- horde3 <removed>
	[squeeze] - horde3 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/horde/horde/commit/b79114d08ee8c8e43e74a179741749529f6d885c
CVE-2013-6364 [XSS and CSRF search.php]
	RESERVED
	- php-horde <not-affected> (Vulnerable code in turba)
	- php-horde-turba 4.1.3-1 (bug #730979)
	- turba2 <removed>
	[squeeze] - turba2 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://github.com/horde/horde/commit/74f9add4ad86c29b608270e33b17426163b3c8cf
CVE-2013-6340 (epan/dissectors/packet-tcp.c in the TCP dissector in Wireshark 1.8.x ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9263
CVE-2013-6339 (The dissect_openwire_type function in ...)
	{DLA-497-1}
	- wireshark 1.10.3-1 (unimportant)
	[squeeze] - wireshark <not-affected> (OpenWire dissector introduced in 1.8.0)
	NOTE: Not suitable for code injection
CVE-2013-6338 (The dissect_sip_common function in epan/dissectors/packet-sip.c in the ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9228
CVE-2013-6337 (Unspecified vulnerability in the NBAP dissector in Wireshark 1.8.x ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9168 not accessible
CVE-2013-6336 (The ieee802154_map_rec function in epan/dissectors/packet-ieee802154.c ...)
	{DSA-2792-1}
	- wireshark 1.10.3-1
	[squeeze] - wireshark <not-affected> (code introduced in 1.6.0)
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=52036
CVE-2013-6335 (The Backup-Archive client in IBM Tivoli Storage Manager (TSM) for ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-6334 (IBM Atlas eDiscovery Process Management 6.0.1.5 and earlier and 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2013-6333 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6332 (Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 ...)
	NOT-FOR-US: IBM Algo One UDS
CVE-2013-6331 (SQL injection vulnerability in IBM Algo One, as used in MetaData ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6330 (IBM WebSphere Application Server 7.x before 7.0.0.31, when ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-6329 (IBM Global Security Kit (aka GSKit), as used in Content Manager ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2013-6328 (Cross-site scripting (XSS) vulnerability in the Web Content Manager ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6327 (Cross-site scripting (XSS) vulnerability in the HTTP Option in IBM ...)
	NOT-FOR-US: IBM
CVE-2013-6326
	RESERVED
CVE-2013-6325 (IBM WebSphere Application Server 7.x before 7.0.0.31, 8.0.x before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-6324
	RESERVED
CVE-2013-6323 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-6322 (Cross-site scripting (XSS) vulnerability in Sterling Order Management ...)
	NOT-FOR-US: IBM Sterling Selling and Fulfillment Suite
CVE-2013-6321 (SQL injection vulnerability in IBM Atlas eDiscovery Process Management ...)
	NOT-FOR-US: IBM Atlas eDiscovery Process Management
CVE-2013-6320 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6319 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6318 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6317
	RESERVED
CVE-2013-6316 (IBM WebSphere Portal 7.0.0.x before 7.0.0.2 CF26 and 8.0.0.x before ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-6315 (IBM InfoSphere Enterprise Records 4.5.1 before 4.5.1.7-IER-IF001 and ...)
	NOT-FOR-US: IBM InfoSphere Enterprise Records
CVE-2013-6314 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Enterprise ...)
	NOT-FOR-US: IBM InfoSphere Enterprise Records
CVE-2013-6313
	RESERVED
CVE-2013-6312 (Unspecified vulnerability in IBM Rational Service Tester 8.3.x and ...)
	NOT-FOR-US: IBM
CVE-2013-6311 (SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6310 (Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6309 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6308 (IBM Marketing Platform 9.1 before FP2 allows remote authenticated ...)
	NOT-FOR-US: IBM Marketing Platform
CVE-2013-6307 (Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-6306 (Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 ...)
	NOT-FOR-US: IBM Power 7
CVE-2013-6305 (IBM Platform Symphony 5.2 before build 229037 and 6.1.0.1 before build ...)
	NOT-FOR-US: IBM Platform Symphony
CVE-2013-6304 (Multiple directory traversal vulnerabilities in Algo Risk Application ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6303 (Directory traversal vulnerability in IBM Algo One, as used in MetaData ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6302 (SQL injection vulnerability in IBM Algo One, as used in MetaData ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6301 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6300 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6299 (Cross-site scripting (XSS) vulnerability in IBM Algo One, as used in ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-6298
	RESERVED
CVE-2013-6297
	RESERVED
CVE-2013-6296
	RESERVED
CVE-2013-6295
	RESERVED
CVE-2013-6294
	RESERVED
CVE-2013-6293
	RESERVED
CVE-2013-6292
	RESERVED
CVE-2013-6291
	RESERVED
CVE-2013-6290
	RESERVED
CVE-2013-6287
	RESERVED
CVE-2013-6286
	RESERVED
CVE-2013-6284 (Unspecified vulnerability in the Statutory Reporting for Insurance ...)
	NOT-FOR-US: Financial Services module for SAP ERP Central Component
CVE-2013-6283 (VideoLAN VLC Media Player 2.0.8 and earlier allows remote attackers to ...)
	- vlc 2.1.0-2 (unimportant)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: User-assisted DoS for X session (freezes window manager) in 2.0.3-5
CVE-2013-6282 (The (1) get_user and (2) put_user API functions in the Linux kernel ...)
	- linux 3.6.4-1~experimental.1
	- linux-2.6 <not-affected> (Introduced in 2.6.38)
	[wheezy] - linux 3.2.53-1
	NOTE: https://www.codeaurora.org/projects/security-advisories/missing-access-checks-putusergetuser-kernel-api-cve-2013-6282
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/arch/arm/include/asm/uaccess.h?id=8404663f81d212918ff85f493649a7991209fa04
CVE-2013-6281 (Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php ...)
	NOT-FOR-US: Wordpress plugin
CVE-2013-6280 (Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit ...)
	NOT-FOR-US: Wordpress plugin
CVE-2013-6279
	RESERVED
CVE-2013-6278
	RESERVED
CVE-2013-6277
	RESERVED
CVE-2013-6276
	RESERVED
CVE-2013-6274
	RESERVED
CVE-2013-6273
	RESERVED
CVE-2013-6272 (The NotificationBroadcastReceiver class in the com.android.phone ...)
	NOT-FOR-US: Android
CVE-2013-6271 (Android 4.0 through 4.3 allows attackers to bypass intended access ...)
	NOT-FOR-US: Android
CVE-2013-6270
	RESERVED
CVE-2013-6269
	RESERVED
CVE-2013-6268
	RESERVED
CVE-2013-6267 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2013-6266
	REJECTED
CVE-2013-6265
	REJECTED
CVE-2013-6264
	REJECTED
CVE-2013-6263
	REJECTED
CVE-2013-6262
	REJECTED
CVE-2013-6261
	REJECTED
CVE-2013-6260
	REJECTED
CVE-2013-6259
	REJECTED
CVE-2013-6258
	REJECTED
CVE-2013-6257
	REJECTED
CVE-2013-6256
	REJECTED
CVE-2013-6255
	REJECTED
CVE-2013-6254
	REJECTED
CVE-2013-6253
	REJECTED
CVE-2013-6252
	REJECTED
CVE-2013-6251
	REJECTED
CVE-2013-6250
	REJECTED
CVE-2013-6249
	REJECTED
CVE-2013-6248
	REJECTED
CVE-2013-6247
	REJECTED
CVE-2013-6246 (The Dell Quest One Password Manager, possibly 5.0, allows remote ...)
	NOT-FOR-US: Dell Quest One Password Manager
CVE-2013-6245 (Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6244 (The Live Update webdynpro application ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-6289 (Cross-site scripting (XSS) vulnerability in the Apache Solr for TYPO3 ...)
	NOT-FOR-US: TYPO3 extension Apache Solr
CVE-2013-6288 (Unspecified vulnerability in the Apache Solr for TYPO3 (solr) ...)
	NOT-FOR-US: TYPO3 extension Apache Solr
CVE-2013-6285 (The search component in the Treasurer application in Tyler ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6275 [CSRF]
	RESERVED
	- php-horde-ingo 3.1.3-1 (bug #727669)
	- ingo1 <not-affected> (Affected code not present)
CVE-2013-6242
	RESERVED
	NOT-FOR-US: Open-Xchange
CVE-2013-6241 (The Birthday widget in the backend in Open-Xchange (OX) AppSuite 7.2.x ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6240
	RESERVED
CVE-2013-6239
	RESERVED
CVE-2013-6238
	RESERVED
CVE-2013-6237 (The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 ...)
	NOT-FOR-US: ISL Light
CVE-2013-6236
	RESERVED
	NOT-FOR-US: Stem Innovations IZON
CVE-2013-6235 (Multiple cross-site scripting (XSS) vulnerabilities in JAMon (Java ...)
	- libjamon-java <not-affected> (jamon.war/JAMon web apps gets excluded by debian/orig-tar.sh)
	NOTE: http://seclists.org/bugtraq/2014/Jan/92
CVE-2013-6234
	RESERVED
	NOT-FOR-US: SpagoBI
CVE-2013-6233 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
	NOT-FOR-US: SpagoBI
CVE-2013-6232 (Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows ...)
	NOT-FOR-US: SpagoBI
CVE-2013-6231
	RESERVED
	NOT-FOR-US: SpagoBI
CVE-2013-6230 (The Winsock WSAIoctl API in Microsoft Windows Server 2008, as used in ...)
	- bind9 <not-affected> (Affects only Windows systems)
	NOTE: https://kb.isc.org/article/AA-01062
CVE-2013-6229 (Multiple cross-site scripting (XSS) vulnerabilities in Atmail Webmail ...)
	- atmailopen <removed>
CVE-2013-6228
	RESERVED
CVE-2013-6227 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Zoho plugin in Pydio (AjaXplorer)
CVE-2013-6226 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Pydio (AjaXplorer) Zoho Editor plugin
CVE-2013-6225
	RESERVED
CVE-2013-6224 (Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla ...)
	NOT-FOR-US: Livezilla
CVE-2013-6223 (LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and ...)
	NOT-FOR-US: Livezilla
CVE-2013-6222 (Cross-site scripting (XSS) vulnerability in the Mobility Web Client ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-6221 (Directory traversal vulnerability in CommunicationServlet in HP ...)
	NOT-FOR-US: HP Service Virtualization
CVE-2013-6220 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
	NOT-FOR-US: HP
CVE-2013-6219 (Unspecified vulnerability in HP HP-UX Whitelisting (aka WLI) before ...)
	NOT-FOR-US: HP-UX
CVE-2013-6218 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x, ...)
	NOT-FOR-US: HP
CVE-2013-6217
	REJECTED
CVE-2013-6216 (Unspecified vulnerability in HP Array Configuration Utility, Array ...)
	NOT-FOR-US: HP
CVE-2013-6215 (Unspecified vulnerability in the Integration Service in HP Universal ...)
	NOT-FOR-US: HP Universal Configuration Management Database Integration Service
CVE-2013-6214 (Unspecified vulnerability in the Integration Service in HP Universal ...)
	NOT-FOR-US: HP
CVE-2013-6213 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
	NOT-FOR-US: HP
CVE-2013-6212 (Unspecified vulnerability in HP Database and Middleware Automation ...)
	NOT-FOR-US: HP
CVE-2013-6211 (Unspecified vulnerability in HP StoreOnce Virtual Storage Appliance ...)
	NOT-FOR-US: HP StoreOnce
CVE-2013-6210 (Unspecified vulnerability in HP Unified Functional Testing before 12.0 ...)
	NOT-FOR-US: HP Unified Functional Testing
CVE-2013-6209 (Unspecified vulnerability in rpc.lockd in the NFS subsystem in HP ...)
	NOT-FOR-US: NFS subsystem in HP HP-UX
CVE-2013-6208 (Unspecified vulnerability in HP Smart Update Manager 5.3.5 before ...)
	NOT-FOR-US: HP Smart Update Manager
CVE-2013-6207 (Unspecified vulnerability in the loadFileContents function in the SOAP ...)
	NOT-FOR-US: HP SiteScope
CVE-2013-6206 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
	NOT-FOR-US: HP
CVE-2013-6205 (Unspecified vulnerability in HP Rapid Deployment Pack (RDP) and ...)
	NOT-FOR-US: HP
CVE-2013-6204 (The Web Console in HP Application Information Optimizer (formerly HP ...)
	NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6203 (The Web Console in HP Application Information Optimizer (formerly HP ...)
	NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6202 (Multiple cross-site request forgery (CSRF) vulnerabilities in HP ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-6201 (Unspecified vulnerability in HP Security Management System 3.3.0, ...)
	NOT-FOR-US: HP Security Management System
CVE-2013-6200 (Unspecified vulnerability in m4 in HP HP-UX B.11.23 and B.11.31 allows ...)
	NOT-FOR-US: HP-UX
CVE-2013-6199
	REJECTED
CVE-2013-6198 (Cross-site scripting (XSS) vulnerability in HP Service Manager WebTier ...)
	NOT-FOR-US: HP Service Manager WebTier and Windows Client
CVE-2013-6197 (Unspecified vulnerability in HP Service Manager WebTier and Windows ...)
	NOT-FOR-US: HP Service Manager WebTier and Windows Client
CVE-2013-6196 (Cross-site scripting (XSS) vulnerability in HP Autonomy Ultraseek 5 ...)
	NOT-FOR-US: HP Autonomy Ultraseek
CVE-2013-6195 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: HP Data Protector
CVE-2013-6194 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: HP Data Protector
CVE-2013-6193 (Unspecified vulnerability on HP LaserJet M1522n and M2727; LaserJet ...)
	NOT-FOR-US: HP Printers
CVE-2013-6192 (Cross-site request forgery (CSRF) vulnerability in HP Operations ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2013-6191 (Cross-site scripting (XSS) vulnerability in HP Operations ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2013-6190
	REJECTED
CVE-2013-6189 (Unspecified vulnerability in the Archive Query Server in HP ...)
	NOT-FOR-US: HP Application Information Optimizer
CVE-2013-6188 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-6187
	REJECTED
CVE-2013-6186
	REJECTED
CVE-2013-6185
	REJECTED
CVE-2013-6184
	REJECTED
CVE-2013-6183
	REJECTED
CVE-2013-6182 (Unquoted Windows search path vulnerability in EMC Replication Manager ...)
	NOT-FOR-US: EMC Replication Manager
CVE-2013-6181 (EMC Watch4Net before 6.3 stores cleartext polled-device passwords in ...)
	NOT-FOR-US: EMC Watch4net
CVE-2013-6180 (EMC RSA Security Analytics (SA) 10.x before 10.3, and RSA NetWitness ...)
	NOT-FOR-US: RSA Security Analytics
CVE-2013-6179
	REJECTED
CVE-2013-6178 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
	NOT-FOR-US: EMC RSA Archer GRC
CVE-2013-6177 (Directory traversal vulnerability in EMC Document Sciences xPression ...)
	NOT-FOR-US: EMC
CVE-2013-6176 (Multiple SQL injection vulnerabilities in EMC Document Sciences ...)
	NOT-FOR-US: EMC
CVE-2013-6175 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Document ...)
	NOT-FOR-US: EMC
CVE-2013-6174 (Multiple open redirect vulnerabilities in xAdmin in EMC Document ...)
	NOT-FOR-US: EMC
CVE-2013-6173 (Multiple cross-site request forgery (CSRF) vulnerabilities in EMC ...)
	NOT-FOR-US: EMC
CVE-2013-6172 (steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x ...)
	{DSA-2787-1}
	- roundcube 0.9.4-1.1 (bug #727668)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://web.archive.org/web/20160304042345/http://roundcube.net/news/2013/10/21/security-updates-095-and-087/
	NOTE: http://trac.roundcube.net/ticket/1489382
CVE-2013-6171 (checkpassword-reply in Dovecot before 2.2.7 performs setuid operations ...)
	- dovecot 1:2.2.9-1 (low; bug #729063)
	[wheezy] - dovecot <no-dsa> (Minor issue)
	[squeeze] - dovecot <no-dsa> (Minor issue)
CVE-2013-6170 (Juniper Junos 10.0 before 10.0S28, 10.4 before 10.4R7, 11.1 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6169 (The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) ...)
	{DSA-2775-1}
	- ejabberd 2.1.11-1 (bug #722105)
CVE-2013-6168 (Cross-site scripting (XSS) vulnerability in Zikula Application ...)
	NOT-FOR-US: Zikula
CVE-2013-6165
	RESERVED
CVE-2013-6164 (SQL injection vulnerability in view/objectDetail.php in Project'Or RIA ...)
	NOT-FOR-US: Project'Or RIA
CVE-2013-6163 (Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr ...)
	NOT-FOR-US: Project'Or RIA
CVE-2013-6162 (Cross-site scripting (XSS) vulnerability in Code-Crafters Ability Mail ...)
	NOT-FOR-US: Code-Crafters Ability Mail Server
CVE-2013-6161
	REJECTED
CVE-2013-6160
	REJECTED
CVE-2013-6159
	REJECTED
CVE-2013-6158
	REJECTED
CVE-2013-6157
	REJECTED
CVE-2013-6156
	REJECTED
CVE-2013-6155
	REJECTED
CVE-2013-6154
	REJECTED
CVE-2013-6153
	REJECTED
CVE-2013-6152
	REJECTED
CVE-2013-6151
	REJECTED
CVE-2013-6150
	REJECTED
CVE-2013-6149
	REJECTED
CVE-2013-6148
	REJECTED
CVE-2013-6147
	REJECTED
CVE-2013-6146
	REJECTED
CVE-2013-6145
	REJECTED
CVE-2013-6144
	REJECTED
CVE-2013-6143 (The Schneider Electric Telvent SAGE 3030 RTU with firmware ...)
	NOT-FOR-US: Schneider Electric Telvent SAGE 3030 RTU
CVE-2013-6142 (DNP3Driver.exe in the DNP3 driver in Schneider Electric ClearSCADA ...)
	NOT-FOR-US: Schneider Electric ClearSCADA
CVE-2013-6141 (Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers ...)
	NOT-FOR-US: op5
CVE-2013-6140
	RESERVED
CVE-2013-6139
	RESERVED
CVE-2013-6138
	RESERVED
CVE-2013-6137
	RESERVED
CVE-2013-6136
	RESERVED
CVE-2013-6135
	RESERVED
CVE-2013-6134
	RESERVED
CVE-2013-6133
	RESERVED
CVE-2013-6132
	RESERVED
CVE-2013-6131
	RESERVED
CVE-2013-6130
	RESERVED
CVE-2013-6128 (The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before ...)
	NOT-FOR-US: WellinTech KingView
CVE-2013-6127 (The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before ...)
	NOT-FOR-US: WellinTech KingView
CVE-2013-6126
	REJECTED
CVE-2013-6125
	REJECTED
CVE-2013-6124 (The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora ...)
	NOT-FOR-US: Qualcomm (Android)
CVE-2013-6123 (Multiple array index errors in ...)
	NOT-FOR-US: Android Linux kernel
CVE-2013-6122 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
	NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-6121
	RESERVED
CVE-2013-6120
	RESERVED
CVE-2013-6119
	RESERVED
CVE-2013-6118
	RESERVED
CVE-2013-6117 (Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-6116
	RESERVED
CVE-2013-6115
	RESERVED
CVE-2013-6114 (Integer overflow in the OZDocument::parseElement function in Apple ...)
	NOT-FOR-US: Apple Motion
CVE-2013-6113
	RESERVED
CVE-2013-6112
	RESERVED
CVE-2013-6111 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
	NOT-FOR-US: mod_pagespeed
CVE-2013-6110
	RESERVED
CVE-2013-6109
	RESERVED
CVE-2013-6108
	RESERVED
CVE-2013-6107
	RESERVED
CVE-2013-6106
	RESERVED
CVE-2013-6105
	RESERVED
CVE-2013-6104
	REJECTED
CVE-2013-6103
	REJECTED
CVE-2013-6102
	REJECTED
CVE-2013-6101
	REJECTED
CVE-2013-6100
	REJECTED
CVE-2013-6099
	REJECTED
CVE-2013-6098
	REJECTED
CVE-2013-6097
	REJECTED
CVE-2013-6096
	REJECTED
CVE-2013-6095
	REJECTED
CVE-2013-6094
	REJECTED
CVE-2013-6093
	REJECTED
CVE-2013-6092
	REJECTED
CVE-2013-6091
	REJECTED
CVE-2013-6090
	REJECTED
CVE-2013-6089
	REJECTED
CVE-2013-6088
	REJECTED
CVE-2013-6087
	REJECTED
CVE-2013-6086
	REJECTED
CVE-2013-6085
	REJECTED
CVE-2013-6084
	REJECTED
CVE-2013-6083
	REJECTED
CVE-2013-6082
	REJECTED
CVE-2013-6081
	REJECTED
CVE-2013-6080
	REJECTED
CVE-2013-6079 (Buffer overflow in MostGear Soft Easy LAN Folder Share 3.2.0.100 ...)
	NOT-FOR-US: MostGear Soft Easy LAN Folder Share
CVE-2013-6078 (The default configuration of EMC RSA BSAFE Toolkits and RSA Data ...)
	NOT-FOR-US: EMC RSA
CVE-2013-6077 (Citrix XenDesktop 7.0, when upgraded from XenDesktop 5.x, does not ...)
	NOT-FOR-US: Citrix XenDesktop
CVE-2013-6076 (strongSwan 5.0.2 through 5.1.0 allows remote attackers to cause a ...)
	- strongswan 5.1.0-3
	[squeeze] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
	[wheezy] - strongswan <not-affected> (Vulnerable Code not present, introduced by upstream commit 30216000d3752026127c2f91470ce165ab3d3926)
CVE-2013-6075 (The compare_dn function in utils/identification.c in strongSwan 4.3.3 ...)
	{DSA-2789-1}
	- strongswan 5.1.0-3
CVE-2013-6074 (Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6073
	RESERVED
CVE-2013-6072
	RESERVED
CVE-2013-6071
	RESERVED
CVE-2013-6070
	RESERVED
CVE-2013-6069
	RESERVED
CVE-2013-6068
	RESERVED
CVE-2013-6067
	RESERVED
CVE-2013-6066
	RESERVED
CVE-2013-6065
	RESERVED
CVE-2013-6064
	RESERVED
CVE-2009-5136 (The policy definition evaluator in Condor before 7.4.2 does not ...)
	- condor <not-affected> (Fixed before initial upload)
CVE-2007-6755 (The NIST SP 800-90A default statement of the Dual Elliptic Curve ...)
	- openssl <unfixed> (unimportant)
	NOTE: Unused/broken in OpenSSL, see http://marc.info/?l=openssl-announce&m=138747119822324&w=2
CVE-2013-6243 (SQL injection vulnerability in the Landing Pages plugin 1.2.3, before ...)
	NOT-FOR-US: WordPress Landing Pages Plugin
CVE-2013-6167 (Mozilla Firefox through 27 sends HTTP Cookie headers without first ...)
	- iceweasel <removed> (unimportant)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=858215
CVE-2013-6166 (Google Chrome before 29 sends HTTP Cookie headers without first ...)
	- chromium-browser 31.0.1650.57-1 (low)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: https://code.google.com/p/chromium/issues/detail?id=238041
CVE-2013-6129 (The install/upgrade.php scripts in vBulletin 4.1 and 5 allow remote ...)
	NOT-FOR-US: VBulletin
CVE-2013-6063
	RESERVED
CVE-2013-6062
	RESERVED
CVE-2013-6061
	RESERVED
CVE-2013-6060
	RESERVED
CVE-2013-6059
	RESERVED
CVE-2013-6058 (SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows ...)
	NOT-FOR-US: appRain CMS
CVE-2013-6057
	RESERVED
CVE-2013-6056
	RESERVED
CVE-2013-6055
	REJECTED
CVE-2013-6054 (Heap-based buffer overflow in OpenJPEG 1.3 has unspecified impact and ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-6053 (OpenJPEG 1.5.1 allows remote attackers to obtain sensitive information ...)
	- openjpeg 1.5.2-1 (bug #731237)
	[wheezy] - openjpeg <not-affected> (Only affects 1.5)
	[squeeze] - openjpeg <not-affected> (Only affects 1.5)
CVE-2013-6052 (OpenJPEG 1.3 and earlier allows remote attackers to obtain sensitive ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-6051 (The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not ...)
	{DSA-2803-1}
	- quagga 0.99.22.4-1 (bug #730513)
	[squeeze] - quagga <not-affected> (Only affects 0.99.21)
CVE-2013-6050 (Integer overflow in Links before 2.8 allows remote attackers to cause ...)
	{DSA-2807-1}
	- links2 2.8-1
CVE-2013-6049 (apt-listbugs before 0.1.10 creates temporary files insecurely, which ...)
	- apt-listbugs 0.1.10 (low)
	[squeeze] - apt-listbugs <no-dsa> (Minor issue)
	[wheezy] - apt-listbugs 0.1.8+deb7u1
CVE-2013-6048 (The get_group_tree function in lib/Munin/Master/HTMLConfig.pm in Munin ...)
	{DSA-2815-1 DLA-20-1}
	- munin 2.0.18-1
	[squeeze] - munin 1.4.5-3+deb6u1
CVE-2013-6047 (Multiple cross-site scripting (XSS) vulnerabilities in the site ...)
	- ikiwiki-hosting 0.20131025
	[wheezy] - ikiwiki-hosting <no-dsa> (Minor XSS)
CVE-2013-6046
	RESERVED
CVE-2016-9675 (openjpeg: A heap-based buffer overflow flaw was found in the patch for ...)
	- openjpeg 1.5.2-1
	[wheezy] - openjpeg 1.3+dfsg-4.8
	[squeeze] - openjpeg 1.3+dfsg-4+squeeze3
	NOTE: Introduced as well a regression, cf. https://bugs.debian.org/734238
CVE-2013-6045 (Multiple heap-based buffer overflows in OpenJPEG 1.3 and earlier might ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-6044 (The is_safe_url function in utils/http.py in Django 1.4.x before ...)
	{DSA-2740-1}
	- python-django 1.5.2-1
CVE-2013-6043 (The login function in Softaculous Webuzo before 2.1.4 provides ...)
	NOT-FOR-US: Softaculous Webuzo
CVE-2013-6042 (Cross-site scripting (XSS) vulnerability in filemanager/login.php in ...)
	NOT-FOR-US: Softaculous Webuzo
CVE-2013-6041 (index.php in Softaculous Webuzo before 2.1.4 allows remote attackers ...)
	NOT-FOR-US: Softaculous Webuzo
CVE-2013-6040 (Multiple unspecified vulnerabilities in the MW6 Aztec, DataMatrix, and ...)
	NOT-FOR-US: MW6 Technologies
CVE-2013-6039 (Multiple cross-site scripting (XSS) vulnerabilities in NagiosQL 3.2 ...)
	NOT-FOR-US: NagiosQL
CVE-2013-6038 (Stack-based buffer overflow in Trimble SketchUp Viewer 13.0.4124 ...)
	NOT-FOR-US: Trimble SketchUp Viewer
CVE-2013-6037 (Cross-site scripting (XSS) vulnerability in index.php in Aker Secure ...)
	NOT-FOR-US: Aker Secure Mail Gateway
CVE-2013-6036
	RESERVED
CVE-2013-6035 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
	NOT-FOR-US: Inmarsat broadband satellite terminals
CVE-2013-6034 (The firmware on GateHouse; Harris BGAN RF-7800B-VU204 and BGAN ...)
	NOT-FOR-US: Inmarsat broadband satellite terminals
CVE-2013-6033 (Multiple cross-site scripting (XSS) vulnerabilities on Lexmark W840 ...)
	NOT-FOR-US: Lexmark
CVE-2013-6032 (cgi-bin/postpf/cgi-bin/dynamic/config/config.html on Lexmark X94x ...)
	NOT-FOR-US: Lexmark
CVE-2013-6031 (The Huawei E355 adapter with firmware 21.157.37.01.910 does not ...)
	NOT-FOR-US: Huawei E355 adapter
CVE-2013-6030 (Directory traversal vulnerability on the Emerson Network Power Avocent ...)
	NOT-FOR-US: Emerson Network Power
CVE-2013-6029 (Stack-based buffer overflow in the AT&amp;T Connect Participant ...)
	NOT-FOR-US: AT&T Connect Participant Application
CVE-2013-6028 (Multiple cross-site request forgery (CSRF) vulnerabilities in Atmail ...)
	NOT-FOR-US: Atmail Webmail Server
CVE-2013-6027 (Stack-based buffer overflow in the RuntimeDiagnosticPing function in ...)
	NOT-FOR-US: D-Link
CVE-2013-6026 (The web interface on D-Link DIR-100, DIR-120, DI-624S, DI-524UP, ...)
	NOT-FOR-US: D-Link
CVE-2013-6025 (The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) ...)
	NOT-FOR-US: SAP Sybase Adaptive Server Enterprise
CVE-2013-6024 (The Edge Client components in F5 BIG-IP APM 10.x through 10.2.4 and ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2013-6023 (Directory traversal vulnerability in the TVT TD-2308SS-B DVR with ...)
	NOT-FOR-US: TVT TD-2308SS-B DVR
CVE-2013-6022
	RESERVED
CVE-2013-6021 (Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 ...)
	NOT-FOR-US: WatchGuard WSM and Fireware
CVE-2013-6020 (passwordRequestPOST.jsp in Tyler Technologies TaxWeb 3.13.3.1 sends ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6019 (Cross-site scripting (XSS) vulnerability in Tyler Technologies TaxWeb ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6018 (Cross-site request forgery (CSRF) vulnerability in login.jsp in Tyler ...)
	NOT-FOR-US: Tyler Technologies TaxWeb
CVE-2013-6017 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server ...)
	NOT-FOR-US: Atmail Webmail Server
CVE-2013-6016 (The Traffic Management Microkernel (TMM) in F5 BIG-IP LTM, APM, ASM, ...)
	NOT-FOR-US: F5
CVE-2013-6015 (Juniper Junos before 10.4S14, 11.4 before 11.4R5-S2, 12.1R before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6014 (Juniper Junos 10.4 before 10.4S15, 11.4 before 11.4R9, 11.4X27 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6013 (Buffer overflow in the flow daemon (flowd) in Juniper Junos 10.4 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6012 (Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-6011 (Citrix NetScaler Application Delivery Controller (ADC) 10.0 before ...)
	NOT-FOR-US: Citrix NetScaler Application Delivery Controller
CVE-2013-6010 (Cross-site scripting (XSS) vulnerability in the Comment Attachment ...)
	NOT-FOR-US: Wordpress Comment-Attachment plugin
CVE-2013-6009 (CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-6008
	REJECTED
CVE-2013-6007
	REJECTED
CVE-2013-6006 (Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6005 (Cross-site scripting (XSS) vulnerability in Cybozu Dezie before 8.1.0 ...)
	NOT-FOR-US: Cybozu Dezie
CVE-2013-6004 (Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6003 (CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6002 (The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6001 (SQL injection vulnerability in the Space function in Cybozu Garoon ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-6000 (Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 ...)
	NOT-FOR-US: Tattyan HP TOWN
CVE-2013-5999 (Kingsoft KDrive Personal before 1.21.0.1880 on Windows does not verify ...)
	NOT-FOR-US: Kingsoft KDrive Personal
CVE-2013-5998 (Unspecified vulnerability in the Web manager implementation on D-Link ...)
	NOT-FOR-US: D-Link
CVE-2013-5997 (Unspecified vulnerability in the SSH implementation on D-Link Japan ...)
	NOT-FOR-US: D-Link
CVE-2013-5996 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5995 (data/class/helper/SC_Helper_Address.php in the front-features ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5994 (data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5993 (Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5992 (Cross-site scripting (XSS) vulnerability in the displaySystemError ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5991 (The displaySystemError function in html/handle_error.php in LOCKON ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-5990 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2013-5989
	RESERVED
CVE-2013-5988
	RESERVED
CVE-2013-5987 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
	- nvidia-graphics-drivers 304.117-1 (bug #735271)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3377
CVE-2013-5986 (Unspecified vulnerability in NVIDIA graphics driver Release 331, 325, ...)
	- nvidia-graphics-drivers 304.117-1 (bug #735271)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3377
CVE-2013-5985
	RESERVED
CVE-2013-5984 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Microweber
CVE-2013-5983 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY before ...)
	NOT-FOR-US: GuppY
CVE-2013-5982
	RESERVED
CVE-2013-5981
	RESERVED
CVE-2013-5980
	RESERVED
CVE-2013-5979 (Directory traversal vulnerability in Spring Signage Xibo 1.2.x before ...)
	NOT-FOR-US: Xibo
CVE-2013-5978
	RESERVED
CVE-2013-5977 (Cross-site request forgery (CSRF) vulnerability in Cart66Product.php ...)
	NOT-FOR-US: Cart66 Lite plugin for WordPress
CVE-2013-5976 (Cross-site scripting (XSS) vulnerability in the access policy logout ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5975 (The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 ...)
	NOT-FOR-US: F5 BIG-IP APM
CVE-2013-5974
	REJECTED
CVE-2013-5973 (VMware ESXi 4.0 through 5.5 and ESX 4.0 and 4.1 allow local users to ...)
	NOT-FOR-US: VMware ESXi and ESX
CVE-2013-5972 (VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 ...)
	NOT-FOR-US: VMware
CVE-2013-5971 (Session fixation vulnerability in the vSphere Web Client Server in ...)
	NOT-FOR-US: VMware vSphere
CVE-2013-5970 (hostd-vmdb in VMware ESXi 4.0 through 5.0 and ESX 4.0 through 4.1 ...)
	NOT-FOR-US: VMware ESXi and ESX
CVE-2013-5969
	RESERVED
CVE-2013-5968 (Cross-site scripting (XSS) vulnerability in CA SiteMinder 12.0 through ...)
	NOT-FOR-US: CA SiteMinder
CVE-2013-5967 (Multiple SQL injection vulnerabilities in AlienVault Open Source ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2013-5966 (Cross-site scripting (XSS) vulnerability in ZK Framework before 5.0.13 ...)
	NOT-FOR-US: ZK Framework
CVE-2013-5965 (The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal ...)
	NOT-FOR-US: Drupal addon
CVE-2013-5964 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
	NOT-FOR-US: Drupal addon
CVE-2013-5963 (Unrestricted file upload vulnerability in multi.php in Simple Dropbox ...)
	NOT-FOR-US: WordPress plugin Simple Dropbox Upload
CVE-2013-5962 (Unrestricted file upload vulnerability in frames/upload-images.php in ...)
	NOT-FOR-US: Complete Gallery Manager plugin for Wordpress
CVE-2013-5961 (Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO ...)
	NOT-FOR-US: WordPress plugin Lazy SEO
CVE-2013-5960 (The authenticated-encryption feature in the symmetric-encryption ...)
	NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5958 (The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before ...)
	NOT-FOR-US: Symfony
CVE-2013-5957 (Multiple SQL injection vulnerabilities in ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-5956 (Cross-site scripting (XSS) vulnerability in includes/flvthumbnail.php ...)
	NOT-FOR-US: Joomla plugin
CVE-2013-5955 (Cross-site scripting (XSS) vulnerability in manage.php in the ...)
	NOT-FOR-US: Joomla plugin
CVE-2013-5954 (Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX ...)
	NOT-FOR-US: OpenX
CVE-2013-5953 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Joomla component multi calendar
CVE-2013-5952 (Multiple cross-site scripting (XSS) vulnerabilities in the Freichat ...)
	NOT-FOR-US: Joomla component Freichat
CVE-2013-5951 (Multiple cross-site scripting (XSS) vulnerabilities in eXtplorer ...)
	{DSA-2882-1}
	- extplorer <removed> (bug #741908)
	NOTE: http://seclists.org/fulldisclosure/2014/Mar/273
CVE-2013-5950
	RESERVED
CVE-2013-5949
	RESERVED
CVE-2013-5948 (The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS ...)
	NOT-FOR-US: ASUS router
CVE-2013-5947
	RESERVED
CVE-2013-5946 (The runShellCmd function in systemCheck.htm in D-Link DSR-150 with ...)
	NOT-FOR-US: D-Link
CVE-2013-5945
	RESERVED
CVE-2013-5944 (The integrated web server on Siemens SCALANCE X-200 switches with ...)
	NOT-FOR-US: web server on Siemens switches
CVE-2013-5959 (Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2013-5943 (Multiple cross-site scripting (XSS) vulnerabilities in Graphite before ...)
	- graphite-web 0.9.12+debian-1
CVE-2013-5942 (Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, ...)
	- graphite-web 0.9.12+debian-1
CVE-2013-5941
	RESERVED
CVE-2013-5940
	RESERVED
CVE-2013-5939 (Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook ...)
	NOT-FOR-US: PHPCMS
CVE-2013-5938 (Cross-site scripting (XSS) vulnerability in the Click2Sell Suite ...)
	NOT-FOR-US: Click2Sell Suite Drupal contributed module
CVE-2013-5937 (Cross-site request forgery (CSRF) vulnerability in the Click2Sell ...)
	NOT-FOR-US: Click2Sell Suite Drupal contributed module
CVE-2013-5936 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5935 (The Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5934 (Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5933 (Stack-based buffer overflow in the sub_E110 function in init in a ...)
	NOT-FOR-US: Motorola
CVE-2013-5932 (Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro ...)
	NOT-FOR-US: Sophos UTM
CVE-2013-5931 (SQL injection vulnerability in property_listings_detail.php in Real ...)
	NOT-FOR-US: Real Estate PHP Script
CVE-2013-5930 (Cross-site scripting (XSS) vulnerability in search_residential.php in ...)
	NOT-FOR-US: Real Estate PHP Script
CVE-2013-5929
	RESERVED
CVE-2013-5928
	RESERVED
CVE-2013-5927
	RESERVED
CVE-2013-5926
	RESERVED
CVE-2013-5925
	RESERVED
CVE-2013-5924
	RESERVED
CVE-2013-5923
	RESERVED
CVE-2013-5922
	RESERVED
CVE-2013-5921
	RESERVED
CVE-2013-5920
	RESERVED
CVE-2013-5919 (Suricata before 1.4.6 allows remote attackers to cause a denial of ...)
	- suricata 2.0-1 (bug #751658)
	[wheezy] - suricata <no-dsa> (Minor issue)
	[squeeze] - suricata <no-dsa> (Minor issue)
CVE-2013-5918 (Cross-site scripting (XSS) vulnerability in platinum_seo_pack.php in ...)
	NOT-FOR-US: Platinum SEO plugin for WordPress
CVE-2013-5917 (SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI ...)
	NOT-FOR-US: NOSpam PTIa plugin for Wordpress
CVE-2013-5916 (Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco ...)
	NOT-FOR-US: WordPress plugin wp-e-commerce
CVE-2013-5915 (The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly ...)
	{DSA-2782-1}
	- polarssl 1.3.1-1 (bug #725359)
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-05
CVE-2013-5914 (Buffer overflow in the ssl_read_record function in ssl_tls.c in ...)
	{DSA-2782-1}
	- polarssl 1.2.0-1 (bug #725359)
	NOTE: https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-04
CVE-2013-5913 (Cross-site scripting (XSS) vulnerability in the getRecommSearch ...)
	NOT-FOR-US: OXID eShop
CVE-2013-5912 (VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server ...)
	NOT-FOR-US: Thomson Reuters Velocity Analytics Vhayu Analytic Server
CVE-2013-5911 (Cross-site scripting (XSS) vulnerability in devform.php in Tenable ...)
	NOT-FOR-US: Tenable SecurityCenter
CVE-2013-5910 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5909 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5908 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1 DSA-2845-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <removed>
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2013-5907 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5906 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 ...)
	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-5905 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45 ...)
	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-5904 (Unspecified vulnerability in Oracle Java SE 7u45 allows remote ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5903
	REJECTED
CVE-2013-5902 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5901 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5900 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5899 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5898 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5897 (Unspecified vulnerability in the Oracle Agile Product Lifecycle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5896 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5895 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5894 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5893 (Unspecified vulnerability in Oracle Java SE 7u45 and Java SE Embedded ...)
	- openjdk-6 <not-affected> (Only affects OpenJDK 7)
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5892 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DSA-2878-1}
	- virtualbox-ose <removed> (low)
	- virtualbox 4.3.6-dfsg-1 (low; bug #735410)
CVE-2013-5891 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2848-1}
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.35+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- percona-xtradb-cluster-5.5 5.5.37-25.10+dfsg-1
CVE-2013-5890 (Unspecified vulnerability in the Oracle Payroll component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-5889 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5888 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, when ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5887 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45 allows ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5886 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5885 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5884 (Unspecified vulnerability in Oracle Java SE 5.0u55, 6u65, and 7u45; ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5883 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5882 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5881 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5880 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5879 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5878 (Unspecified vulnerability in Oracle Java SE 6u65 and 7u45, Java SE ...)
	- openjdk-6 6b30-1.13.1-1
	- openjdk-7 7u51-2.4.4-1
CVE-2013-5877 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5876 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5875 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5874 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-5873 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5872 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5871 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2013-5870 (Unspecified vulnerability in Oracle Java SE 7u45 and JavaFX 2.2.45 ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5869 (Unspecified vulnerability in the Oracle WebCenter Portal component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5868 (Unspecified vulnerability in the Oracle AutoVue Electro-Mechanical ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2013-5867 (Unspecified vulnerability in the Siebel Core - Server Infrastructure ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5866 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2013-5865 (Unspecified vulnerability in Oracle Solaris 11.1 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2013-5864 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-5863 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2013-5862 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-5861 (Unspecified vulnerability in Oracle Solaris 11.1 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2013-5860 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
CVE-2013-5859 (Unspecified vulnerability in the Instantis EnterpriseTrack component ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2013-5858 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5857 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-5856 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-5855 (Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not ...)
	- mojarra 2.2.8-1 (low; bug #740586)
	[squeeze] - mojarra <no-dsa> (Minor issue)
	[wheezy] - mojarra <no-dsa> (Minor issue)
	NOTE: https://java.net/jira/browse/JAVASERVERFACES-3150
	NOTE: https://java.net/projects/mojarra/sources/svn/revision/12793
CVE-2013-5854 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5853 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5852 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5851 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5850 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5849 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5848 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5847 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5846 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, and ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5845 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle iLearning
CVE-2013-5844 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5843 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5842 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5841 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5840 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5839 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2013-5838 (Unspecified vulnerability in Oracle Java SE 7u25 and earlier, and Java ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5837 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
	NOT-FOR-US: Solaris
CVE-2013-5836 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5835 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5834 (Unspecified vulnerability in Oracle Solaris 8 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5833 (Unspecified vulnerability in Oracle Solaris 8 and 9 allows local users ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5832 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5831 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5830 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5829 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5828 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5827 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5826 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5825 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5824 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5823 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/a7758faab30d
CVE-2013-5822 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle iLearning
CVE-2013-5821 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11.1 allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-5820 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5819 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5818 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5817 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5816 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2013-5815 (Unspecified vulnerability in the Oracle Identity Analytics component ...)
	NOT-FOR-US: Oracle Fusion Middleware Oracle Identity Analytics
CVE-2013-5814 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5813 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5812 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5811 (Unspecified vulnerability in the Oracle Health Sciences InForm ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-5810 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5809 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5808 (Unspecified vulnerability in the Oracle iPlanet Web Proxy Server ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5807 (Unspecified vulnerability in Oracle MySQL Server 5.5.x through 5.5.32 ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5806 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 7u45-2.4.3-1
	NOTE: openjdk-7 package mentioned this CVE, specifc to Mac OS X?
CVE-2013-5805 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
	- openjdk-6 <not-affected> (Specific to MacOS X)
	- openjdk-7 7u45-2.4.3-1
	NOTE: openjdk-7 package mentioned this CVE, specific to MacOS X?
CVE-2013-5804 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1 (unimportant)
	- openjdk-7 7u45-2.4.3-1 (unimportant)
	NOTE: Javadoc comments can contain arbitrary HTML
CVE-2013-5803 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/0b84d3b434c2
CVE-2013-5802 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5801 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-5800 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5799 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5798 (Unspecified vulnerability in the Oracle Identity Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5797 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5796 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5795 (Unspecified vulnerability in the Oracle Demantra Demand Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-5794 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5793 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5792 (Unspecified vulnerability in the Techstack component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-5791 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5790 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5789 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5788 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier and Java ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5787 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5786 (Unspecified vulnerability in Oracle MySQL Server 5.6.12 and earlier ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5785 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5784 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5783 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
	NOTE: http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/2790e9ace697
CVE-2013-5782 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5781 (Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running ...)
	NOT-FOR-US: Oracle PARC Enterprise
CVE-2013-5780 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5779 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5778 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5777 (Unspecified vulnerability in the Java SE and JavaFX components in ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5776 (Unspecified vulnerability in the Java SE and Java SE Embedded ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-5775 (Unspecified vulnerability in the Java SE and JavaFX components in ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-5774 (Unspecified vulnerability in Oracle Java SE 7u40 and earlier, 6u60 and ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5773 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5772 (Unspecified vulnerability in the Java SE component in Oracle Java SE ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-5771 (Unspecified vulnerability in the XML Parser component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5770 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5769 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5768 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-5767 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-5766 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-5765 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-5764 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-5763 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-5762 (Unspecified vulnerability in the Oracle Siebel CTMS component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-5761 (Unspecified vulnerability in the Siebel Core - Server BizLogic Script ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-5760 (QNAP Photo Station before firmware 4.0.3 build0912 allows remote ...)
	NOT-FOR-US: QNAP firmware
CVE-2013-5759
	REJECTED
CVE-2013-5758 (cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5757 (Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5756 (Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2013-5755 (config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password ...)
	NOT-FOR-US: Yealink IP Phone
CVE-2013-5754 (The authorization implementation on Dahua DVR appliances accepts a ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-5753
	RESERVED
CVE-2013-5752
	RESERVED
CVE-2013-5751 (Directory traversal vulnerability in SAP NetWeaver 7.x allows remote ...)
	NOT-FOR-US: SAP NetWeaver 7.x
CVE-2013-5750 (The login form in the FriendsOfSymfony FOSUserBundle bundle before ...)
	NOT-FOR-US: FriendsOfSymfony FOSUserBundle
CVE-2013-5749 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SimpleRisk
CVE-2013-5748 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: SimpleRisk
CVE-2013-5747
	RESERVED
CVE-2013-5746
	RESERVED
CVE-2013-5744 (Cross-site scripting (XSS) vulnerability in Feng Office 2.3.2-rc and ...)
	NOT-FOR-US: Feng Office
CVE-2013-5743
	RESERVED
	- zabbix 1:2.0.8+dfsg-2
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2013-5742
	RESERVED
CVE-2013-5741 (Triangle Research International (aka Tri) Nano-10 PLC devices with ...)
	NOT-FOR-US: Triangle Research International Nano-10 PLC
CVE-2013-5745 (The vino_server_client_data_pending function in vino-server.c in GNOME ...)
	- vino 3.10.1-1 (low; bug #724545)
	[wheezy] - vino <no-dsa> (Minor issue)
	[squeeze] - vino <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2013/Sep/105
CVE-2013-5740 (Unspecified vulnerability in the Intel Trusted Execution Technology ...)
	NOT-FOR-US: Intel Trusted Execution Technology
CVE-2013-5739 (The default configuration of WordPress before 3.6.1 does not prevent ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1
CVE-2013-5738 (The get_allowed_mime_types function in wp-includes/functions.php in ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1
CVE-2013-5737
	RESERVED
CVE-2013-5736
	RESERVED
CVE-2013-5735
	RESERVED
CVE-2013-5734
	RESERVED
CVE-2013-5733
	RESERVED
CVE-2013-5732
	RESERVED
CVE-2013-5731
	RESERVED
CVE-2013-5730 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link
CVE-2013-5729
	RESERVED
CVE-2013-5728
	RESERVED
CVE-2013-5727
	RESERVED
CVE-2013-5726 (Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not ...)
	NOT-FOR-US: Tweetbot for iOS and Mac
CVE-2013-5725 (The Metaclassy Byword app 2.x before 2.1 for iOS does not require ...)
	NOT-FOR-US: Byword for iOS
CVE-2013-5724 (Phpbb3 before 3.0.11-4 for Debian GNU/Linux uses world-writable ...)
	{DSA-2752-1}
	- phpbb3 3.0.11-4 (bug #711172)
CVE-2013-5723 (SQL injection vulnerability in SAP NetWeaver 7.30 allows remote ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-5716 (Gretech GOM Media Player 2.2.53.5169 and possibly earlier allows ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2013-5715 (Buffer overflow in Gretech GOM Media Player before 2.2.53.5169 has ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2013-5714 (Multiple cross-site scripting (XSS) vulnerabilities in ls/htmlchat.php ...)
	NOT-FOR-US: WordPress plugin videowhisper-live-streaming-integration
CVE-2013-5713
	RESERVED
CVE-2013-5712
	RESERVED
CVE-2013-5711 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Design-approval-system Plugin for WordPress
CVE-2013-5722 (Unspecified vulnerability in the LDAP dissector in Wireshark 1.8.x ...)
	{DSA-2756-1}
	- wireshark 1.10.2-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-59.html
CVE-2013-5721 (The dissect_mq_rr function in epan/dissectors/packet-mq.c in the MQ ...)
	{DLA-497-1}
	- wireshark 1.10.2-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-58.html
CVE-2013-5720 (Buffer overflow in the RTPS dissector in Wireshark 1.8.x before 1.8.10 ...)
	{DSA-2756-1}
	- wireshark 1.10.2-1
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-57.html
CVE-2013-5719 (epan/dissectors/packet-assa_r3.c in the ASSA R3 dissector in Wireshark ...)
	{DLA-497-1}
	- wireshark 1.10.2-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-56.html
CVE-2013-5718 (The dissect_nbap_T_dCH_ID function in epan/dissectors/packet-nbap.c in ...)
	{DSA-2756-1}
	- wireshark 1.10.2-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-55.html
CVE-2013-5717 (The Bluetooth HCI ACL dissector in Wireshark 1.10.x before 1.10.2 does ...)
	- wireshark 1.10.2-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
	NOTE: https://www.wireshark.org/security/wnpa-sec-2013-54.html
CVE-2013-5710 (The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel ...)
	{DSA-2769-1}
	- kfreebsd-9 9.2~svn255465-1 (bug #722337)
	- kfreebsd-8 <removed>
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5709 (The authentication implementation in the web server on Siemens ...)
	NOT-FOR-US: Siemens SCALANCE X-200
CVE-2013-5708 (Coursemill Learning Management System (LMS) 6.8 constructs secret ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5707 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5706 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-5705 (apache2/modsecurity.c in ModSecurity before 2.7.6 allows remote ...)
	{DSA-2991-1 DLA-34-1}
	- modsecurity-apache 2.7.7-1
	- libapache-mod-security <removed>
	[squeeze] - libapache-mod-security 2.5.12-1+squeeze4
	NOTE: Upstream commit: https://github.com/SpiderLabs/ModSecurity/commit/f8d441cd25172fdfe5b613442fedfc0da3cc333d
	NOTE: http://martin.swende.se/blog/HTTPChunked.html
CVE-2013-5704 (The mod_headers module in the Apache HTTP Server 2.2.22 allows remote ...)
	{DLA-71-1}
	- apache2 2.4.10-2 (medium)
	[wheezy] - apache2 2.2.22-13+deb7u4
	NOTE: http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2
CVE-2013-5703 (The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute ...)
	NOT-FOR-US: DrayTek Vigor 2700 router
CVE-2013-5702 (Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in ...)
	NOT-FOR-US: Watchguard Server Center
CVE-2013-5701 (Multiple untrusted search path vulnerabilities in (1) Watchguard Log ...)
	NOT-FOR-US: Watchguard Server Center
CVE-2013-5700 (The Bloom Filter implementation in bitcoind and Bitcoin-Qt 0.8.x ...)
	- bitcoin 0.8.4-1
	NOTE: https://bitcointalk.org/index.php?topic=287351.0
CVE-2013-5699
	RESERVED
CVE-2013-5698 (Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite and ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5697 (SQL injection vulnerability in mod_accounting.c in the mod_accounting ...)
	- libapache-mod-acct <removed>
CVE-2013-5696 (inc/central.class.php in GLPI before 0.84.2 does not attempt to make ...)
	- glpi 0.84.2-1 (unimportant; bug #723837)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: CVE split pending
CVE-2013-5695 (Multiple cross-site scripting (XSS) vulnerabilities in Opsview before ...)
	NOT-FOR-US: Ops View
CVE-2013-5694 (SQL injection vulnerability in status/service/acknowledge in Opsview ...)
	NOT-FOR-US: Ops View
CVE-2013-5693 (Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 ...)
	NOT-FOR-US: X2CRM
CVE-2013-5692 (Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows ...)
	NOT-FOR-US: X2CRM
CVE-2013-5691 (The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in ...)
	{DSA-2769-1}
	- kfreebsd-9 9.2~svn255465-1 (bug #722338)
	- kfreebsd-8 <removed>
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
CVE-2013-5690 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5687
	RESERVED
CVE-2013-5686
	RESERVED
CVE-2013-5685
	RESERVED
CVE-2013-5684
	RESERVED
CVE-2013-5683
	RESERVED
CVE-2013-5682
	RESERVED
CVE-2013-5681
	RESERVED
CVE-2013-5680 (Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, ...)
	- hylafax <not-affected> (Not built with LDAP support)
	NOTE: http://www.securityfocus.com/archive/1/528943/30/0/threaded
CVE-2013-5679 (The authenticated-encryption feature in the symmetric-encryption ...)
	NOT-FOR-US: OWASP Enterprise Security API for Java
CVE-2013-5678
	RESERVED
CVE-2013-5677
	RESERVED
CVE-2013-5676 (The Jenkins Plugin for SonarQube 3.7 and earlier allows remote ...)
	NOT-FOR-US: SonarQube Jenkins plugin
CVE-2013-5674 (badges/external.php in Moodle 2.5.x before 2.5.2 does not properly ...)
	- moodle 2.5.2-1
	[squeeze] - moodle <not-affected> (Only affects 2.5.x)
CVE-2013-5669 (The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext ...)
	NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5668 (The ADS/NT Support page on the Thecus NAS server N8800 with firmware ...)
	NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5667 (The Thecus NAS server N8800 with firmware 5.03.01 allows remote ...)
	NOT-FOR-US: Thecus NAS server N8800
CVE-2013-5666 (The sendfile system-call implementation in sys/kern/uipc_syscalls.c in ...)
	- kfreebsd-9 9.2~svn255465-1 (bug #722336)
	[wheezy] - kfreebsd-9 <not-affected> (Only affects 9.2.x)
CVE-2013-5665
	RESERVED
CVE-2013-5664 (Cross-site scripting (XSS) vulnerability in the web-based ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5663 (The App-ID cache feature in Palo Alto Networks PAN-OS before 4.0.14, ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5662
	RESERVED
CVE-2013-5661 [DNS response rate limiting can simplify cache poisoning attacks]
	RESERVED
	NOTE: DNS protocol flaw
	NOTE: http://www.certa.ssi.gouv.fr/site/CERTA-2013-AVI-506/index.html
	NOTE: https://www.isc.org/blogs/cache-poisoning-gets-a-second-wind-from-rrl-probably-not/
CVE-2013-5660 (Buffer overflow in Power Software WinArchiver 3.2 allows remote ...)
	NOT-FOR-US: Power Software WinArchiver
CVE-2013-5659
	RESERVED
CVE-2013-5658
	RESERVED
CVE-2013-5657
	RESERVED
CVE-2013-5656
	RESERVED
CVE-2012-6632 (Multiple cross-site scripting (XSS) vulnerabilities in Vessio NetBill ...)
	NOT-FOR-US: Vessio NetBill
CVE-2012-6631 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Vessio NetBill
CVE-2012-6630 (Multiple cross-site scripting (XSS) vulnerabilities in the Media ...)
	NOT-FOR-US: WordPress plugin Media Library Categories
CVE-2012-6629 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin Newsletter Manager
CVE-2012-6628 (Multiple cross-site scripting (XSS) vulnerabilities in the Newsletter ...)
	NOT-FOR-US: WordPress plugin Newsletter Manager
CVE-2012-6627 (Cross-site scripting (XSS) vulnerability in admin/test_mail.php in the ...)
	NOT-FOR-US: WordPress plugin Newsletter Manager
CVE-2012-6626 (SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows ...)
	NOT-FOR-US: b2ePMS
CVE-2012-6625 (SQL injection vulnerability in fs-admin/fs-admin.php in the ForumPress ...)
	NOT-FOR-US: WordPress plugin WP Forum Server
CVE-2012-6624 (Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold ...)
	NOT-FOR-US: WordPress plugin SoundCloud Is Gold
CVE-2012-6623 (Cross-site scripting (XSS) vulnerability in fs-admin/wpf-add-forum.php ...)
	NOT-FOR-US: WordPress plugin ForumPress WP Forum Server
CVE-2012-6622 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin ForumPress WP Forum Server
CVE-2012-6606 (Palo Alto Networks GlobalProtect before 1.1.7, and NetConnect, does ...)
	NOT-FOR-US: alo Alto Networks GlobalProtect
CVE-2012-6605 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6604 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6603 (The web management UI in Palo Alto Networks PAN-OS before 3.1.12, ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6602 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6601 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6600 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6599 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6598 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6597 (Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6596 (Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.3 ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6595 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6594 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6593 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.4 allows ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6592 (Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5 allows ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6591 (The device-management command-line interface in Palo Alto Networks ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2012-6590 (The web-based management UI in Palo Alto Networks PAN-OS 4.0.x before ...)
	NOT-FOR-US: Palo Alto Networks PAN-OS
CVE-2013-5689 [Arbitrary File Upload]
	REJECTED
CVE-2013-5688 (Multiple directory traversal vulnerabilities in index.php in ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2013-5675
	RESERVED
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-4298 (The ReadGIFImage function in coders/gif.c in ImageMagick before ...)
	{DSA-2750-1}
	- imagemagick 8:6.7.7.10-6 (bug #721273)
	[squeeze] - imagemagick <not-affected> (Code not vulnerable)
CVE-2013-5673 (SQL injection vulnerability in testimonial.php in the IndiaNIC ...)
	NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress
CVE-2013-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: IndiaNIC Testimonial plugin 2.2 for WordPress
CVE-2013-5671 (lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for ...)
	NOT-FOR-US: fog-dragonfly Ruby Gem
CVE-2013-5670 (Cross-site scripting (XSS) vulnerability in spell-check-savedicts.php ...)
	- serendipity <not-affected> (Spellcheck plugin not included in 1.5.x)
CVE-2013-5653 (The getenv and filenameforall functions in Ghostscript 9.10 ignore the ...)
	{DSA-3691-1 DLA-674-1}
	- ghostscript 9.19~dfsg-3.1 (low; bug #839118)
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=694724
	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=ab109aaeb3ddba59518b036fb288402a65cf7ce8
CVE-2013-5652
	RESERVED
CVE-2013-5650 (Junos Pulse Secure Access Service (IVE) 7.1 before 7.1r5, 7.2 before ...)
	NOT-FOR-US: Junos Pulse Secure Access Service
CVE-2013-5649 (Multiple cross-site scripting (XSS) vulnerabilities in Juniper Junos ...)
	NOT-FOR-US: Juniper
CVE-2013-5655 (Directory traversal vulnerability in the FTP server in YingZhi Python ...)
	NOT-FOR-US: YingZhi Python for iOS
CVE-2013-5654
	RESERVED
	NOT-FOR-US: YingZhi Python for iOS
CVE-2013-5651 (The virBitmapParse function in util/virbitmap.c in libvirt before ...)
	- libvirt 1.1.2~rc1-1
	[jessie] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
	[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
	[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in v0.10.2-rc1)
	NOTE: introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0fc89098a68f0f6962de8be4fc03ddd960ffbf08
	NOTE: Upstream fix: http://libvirt.org/git/?p=libvirt.git;a=commit;h=47b9127e883677a0d60d767030a147450e919a25
CVE-2013-5646 (Cross-site scripting (XSS) vulnerability in Roundcube webmail 1.0-git ...)
	- roundcube <not-affected> (Unclear, 0.9.2 reported not affected, all other issues covered by CVE-2013-5645)
CVE-2013-5645 (Multiple cross-site scripting (XSS) vulnerabilities in Roundcube ...)
	- roundcube 0.9.4-1 (bug #721592)
	[wheezy] - roundcube <no-dsa> (Minor issue)
	[squeeze] - roundcube <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20160311164159/http://trac.roundcube.net/changeset/93b0a30c1c8aa29d862b587b31e52bcc344b8d16/github
	NOTE: http://web.archive.org/web/20160311132902/http://trac.roundcube.net/changeset/ce5a6496fd6039962ba7424d153278e41ae8761b/github
	NOTE: http://trac.roundcube.net/ticket/1489251
CVE-2013-5644
	RESERVED
CVE-2013-5643
	REJECTED
CVE-2013-5640 (Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote ...)
	NOT-FOR-US: Gnew
CVE-2013-5639 (Directory traversal vulnerability in users/login.php in Gnew 2013.1 ...)
	NOT-FOR-US: Gnew
CVE-2013-5648 (Absolute path traversal vulnerability in the handleStartDataFile ...)
	- libdigidoc <not-affected> (Fixed before initial upload to the archive)
CVE-2013-5647 (lib/sounder/sound.rb in the sounder gem 1.0.1 for Ruby allows remote ...)
	NOT-FOR-US: Sounder Ruby Gem
CVE-2013-5642 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source ...)
	{DSA-2749-1}
	- asterisk 1:11.5.1~dfsg-1 (bug #721220)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-005.html
CVE-2013-5641 (The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source ...)
	{DSA-2749-1}
	- asterisk 1:11.5.1~dfsg-1 (bug #721220)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2013-004.html
CVE-2013-5638
	RESERVED
CVE-2013-5637
	RESERVED
CVE-2013-5636 (Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint ...)
	NOT-FOR-US: Check Point Endpoint Security
CVE-2013-5635 (Media Encryption EPM Explorer in Check Point Endpoint Security through ...)
	NOT-FOR-US: Check Point Endpoint Security
CVE-2013-5633
	REJECTED
CVE-2013-5632
	REJECTED
CVE-2013-5631
	REJECTED
CVE-2013-5630
	REJECTED
CVE-2013-5629
	REJECTED
CVE-2013-5628
	REJECTED
CVE-2013-5627
	REJECTED
CVE-2013-5626
	REJECTED
CVE-2013-5625
	REJECTED
CVE-2013-5624
	REJECTED
CVE-2013-5623
	REJECTED
CVE-2013-5622
	REJECTED
CVE-2013-5621
	REJECTED
CVE-2013-5620
	REJECTED
CVE-2013-5619 (Multiple integer overflows in the binary-search implementation in ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
	- iceape <not-affected> (Only affects Firefox 25)
CVE-2013-5618 (Use-after-free vulnerability in the nsNodeUtils::LastRelease function ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5617
	RESERVED
CVE-2013-5616 (Use-after-free vulnerability in the ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5615 (The JavaScript implementation in Mozilla Firefox before 26.0, Firefox ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5614 (Mozilla Firefox before 26.0 and SeaMonkey before 2.23 do not properly ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
CVE-2013-5613 (Use-after-free vulnerability in the PresShell::DispatchSynthMouseMove ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5612 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
CVE-2013-5611 (Mozilla Firefox before 26.0 does not properly remove the Application ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
CVE-2013-5610 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 25)
	- iceape <not-affected> (Only affects Firefox 25)
	- icedove <not-affected> (Only affects Firefox 25)
CVE-2013-5609 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 24.2.0esr-1
	- icedove 24.2.0-1
	- iceape <removed>
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5608
	RESERVED
CVE-2013-5607 (Integer overflow in the PL_ArenaAllocate function in Mozilla Netscape ...)
	{DSA-2820-1}
	- nspr 2:4.10.2-1
CVE-2013-5606 (The CERT_VerifyCert function in lib/certhigh/certvfy.c in Mozilla ...)
	{DSA-2994-1 DLA-23-1}
	- nss 2:3.15.3-1 (bug #735105)
	[squeeze] - nss 3.12.8-1+squeeze8
CVE-2013-5605 (Mozilla Network Security Services (NSS) 3.14 before 3.14.5 and 3.15 ...)
	{DSA-2800-1}
	- nss 2:3.15.3-1
CVE-2013-5604 (The txXPathNodeUtils::getBaseURI function in the XSLT processor in ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.10-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
	- iceape <removed>
CVE-2013-5603 (Use-after-free vulnerability in the ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5602 (The Worker::SetEventListener function in the Web workers ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5601 (Use-after-free vulnerability in the ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.10-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
CVE-2013-5600 (Use-after-free vulnerability in the ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5599 (Use-after-free vulnerability in the nsIPresShell::GetPresContext ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5598 (PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox >=24)
	- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5597 (Use-after-free vulnerability in the nsDocLoader::doStopDocumentLoad ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5596 (The cycle collection (CC) implementation in Mozilla Firefox before ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5595 (The JavaScript engine in Mozilla Firefox before 25.0, Firefox ESR 17.x ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5594
	RESERVED
CVE-2013-5593 (The SELECT element implementation in Mozilla Firefox before 25.0, ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-5592 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox >=24)
	- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5591 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	- iceweasel 24.1.0esr-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox >=24)
	- iceape <not-affected> (Only affects Firefox >=24)
CVE-2013-5590 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2797-1 DSA-2788-1}
	- iceweasel 24.1.0esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- icedove 17.0.10-1
	- iceape <removed>
CVE-2013-5634 (arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (KVM for arm introduced in 3.9)
	- linux-2.6 <not-affected> (KVM for arm introduced in 3.9)
CVE-2013-5586 (Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2013-5585
	RESERVED
CVE-2013-5584
	RESERVED
CVE-2013-5583 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Joomla
CVE-2013-5582
	RESERVED
	NOT-FOR-US: Ammyy Admin
CVE-2013-5581
	RESERVED
	NOT-FOR-US: Ammyy Admin
CVE-2013-5579
	RESERVED
CVE-2013-5578 (Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ...)
	NOT-FOR-US: StarUML
CVE-2013-5577
	RESERVED
CVE-2013-5574
	RESERVED
CVE-2013-5573 (Cross-site scripting (XSS) vulnerability in the default markup ...)
	- jenkins 1.565.2-1 (bug #732708)
	NOTE: http://seclists.org/fulldisclosure/2013/Dec/159
CVE-2013-5572 (Zabbix 2.0.5 allows remote authenticated users to discover the LDAP ...)
	- zabbix 1:2.2.2+dfsg-1 (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2013/Sep/151
	NOTE: Non-issue
CVE-2013-5571
	RESERVED
CVE-2013-5570 (Cross-site scripting (XSS) vulnerability in the Javascript and CSS ...)
	NOT-FOR-US: TYPO3 extension (js_css_optimizer)
CVE-2013-5569 (SQL injection vulnerability in the Slideshare extension 0.1.0 for ...)
	NOT-FOR-US: TYPO3 extension
CVE-2012-6589 (Cross-site scripting (XSS) vulnerability in search.php in MYRE ...)
	NOT-FOR-US: MYRE Business Directory
CVE-2012-6588 (SQL injection vulnerability in links.php in MYRE Business Directory ...)
	NOT-FOR-US: MYRE Business Directory
CVE-2012-6587 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MYRE Vacation Rental
CVE-2012-6586 (Multiple SQL injection vulnerabilities in MYRE Vacation Rental ...)
	NOT-FOR-US: MYRE Vacation Rental
CVE-2012-6585 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty ...)
	NOT-FOR-US: MYRE Realty Manager
CVE-2012-6584 (Multiple SQL injection vulnerabilities in MYRE Realty Manager allow ...)
	NOT-FOR-US: MYRE Realty Manager
CVE-2012-6583 (Cross-site scripting (XSS) vulnerability in the Imagemenu module ...)
	NOT-FOR-US: Imagemenu Drupal contributed module
CVE-2010-5291 (Amberdms Billing System (ABS) before 1.4.1 does not properly implement ...)
	NOT-FOR-US: Amberdms Billing System
CVE-2010-5289 (Buffer overflow in the Authenticate method in the ...)
	NOT-FOR-US: IncrediMail
CVE-2013-5589 (SQL injection vulnerability in cacti/host.php in Cacti 0.8.8b and ...)
	{DSA-2747-1}
	- cacti 0.8.8b+dfsg-3
CVE-2013-5588 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.8b ...)
	{DSA-2747-1}
	- cacti 0.8.8b+dfsg-3
CVE-2013-5587 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x ...)
	{DSA-2671-1}
	- request-tracker3.8 <not-affected> (only covers the issues in 4.x)
	- request-tracker4 4.0.12-2 (bug #709836)
	NOTE: This is covered by the patches applied for CVE-2013-3371 in DSA-2760 and DSA-2761.
	NOTE: NVD explicitly mentions CVE-2013-5587 only for the RT 4.x series.
	NOTE: patch for 3.8.17: https://github.com/bestpractical/rt/compare/rt-3.8.16...rt-3.8.17
	NOTE: patch for 4.0.13: https://github.com/bestpractical/rt/compare/rt-4.0.12...rt-4.0.13
	NOTE: still not clear why the split was done, but confirmed by upstream that this issue
	NOTE: is covered by the fixes applied for CVE-2013-3371
CVE-2013-5580 (The (1) Conn_StartLogin and (2) cb_Read_Resolver_Result functions in ...)
	- ngircd <not-affected> (only affects 20, 20.1, and 20.2)
	NOTE: http://arthur.barton.de/pipermail/ngircd-ml/2013-August/000652.html
CVE-2013-5576 (administrator/components/com_media/helpers/media.php in the media ...)
	NOT-FOR-US: Joomla
CVE-2013-5575
	REJECTED
CVE-2013-5568 (The auto-update implementation in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5567 (Cisco Adaptive Security Appliance (ASA) Software 8.4(.6) and earlier, ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-5566 (Cisco NX-OS 5.0 and earlier on MDS 9000 devices allows remote ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-5565 (The OSPFv3 functionality in Cisco IOS XR 5.1 allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2013-5564 (The Java process in the Impact server in Cisco Prime Central for ...)
	NOT-FOR-US: Cisco Prime Central for Hosted Collaboration Solution
CVE-2013-5563 (Cross-site scripting (XSS) vulnerability in Query/NewQueryResult.jsp ...)
	NOT-FOR-US: Cisco CS-MARS
CVE-2013-5562 (The ITM web server in Cisco Prime Central for Hosted Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2013-5561 (The Safe Search enforcement feature in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5560 (The IPv6 implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5559 (Buffer overflow in the Active Template Library (ATL) framework in the ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2013-5558 (The WIL-A module in Cisco TelePresence VX Clinical Assistant 1.2 ...)
	NOT-FOR-US: Cisco
CVE-2013-5557 (The Proxy Bypass Content Rewriter feature in the WebVPN subsystem in ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5556 (The license-installation module on the Cisco Nexus 1000V switch ...)
	NOT-FOR-US: Cisco
CVE-2013-5555 (Cisco Unified Communications Manager (aka CUCM or Unified CM) allows ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-5554 (Directory traversal vulnerability in the web-management interface in ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2013-5553 (Multiple memory leaks in Cisco IOS 15.1 before 15.1(4)M7 allow remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5552 (Cisco IOS 12.4(24)MDB9 and earlier on Content Services Gateway (CSG) ...)
	NOT-FOR-US: Cisco
CVE-2013-5551 (Cisco Adaptive Security Appliance (ASA) Software, when certain ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5550 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-5549 (Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-5548 (The IKEv2 implementation in Cisco IOS, when AES-GCM or AES-GMAC is ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5547 (Cisco IOS XE 3.9 before 3.9.2S on 1000 ASR devices allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5546 (The TCP reassembly feature in Cisco IOS XE 3.7 before 3.7.3S and 3.8 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5545 (The PPTP ALG implementation in Cisco IOS XE 3.9 before 3.9.2S on 1000 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5544 (The VPN authentication functionality in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5543 (Cisco IOS XE 3.4 before 3.4.2S and 3.5 before 3.5.1S on 1000 ASR ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5542 (Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5541 (Cross-site scripting (XSS) vulnerability in the file-upload interface ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5540 (The file-upload feature in Cisco Identity Services Engine (ISE) allows ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5539 (The upload-dialog implementation in Cisco Identity Services Engine ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5538 (The Sponsor Portal in Cisco Identity Services Engine (ISE) uses weak ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5537 (The web framework on Cisco Web Security Appliance (WSA), Email ...)
	NOT-FOR-US: Cisco
CVE-2013-5536 (Cisco Secure Access Control System (ACS) does not properly implement ...)
	NOT-FOR-US: Cisco
CVE-2013-5535 (The analytics page on Cisco Video Surveillance 4000 IP cameras has ...)
	NOT-FOR-US: Cisco Video Surveillance 4000 IP cameras
CVE-2013-5534 (Directory traversal vulnerability in the attachment service in the ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2013-5533 (The image-upgrade functionality on Cisco 9900 Unified IP phones allows ...)
	NOT-FOR-US: Cisco
CVE-2013-5532 (Buffer overflow in the web-application interface on Cisco 9900 IP ...)
	NOT-FOR-US: Cisco
CVE-2013-5531 (Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-5530 (The web framework in Cisco Identity Services Engine (ISE) 1.0 and ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-5529 (The deployment module in the server in Cisco WebEx Meeting Center does ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-5528 (Directory traversal vulnerability in the Tomcat administrative web ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-5527 (The OSPF functionality in Cisco IOS and IOS XE allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2013-5526 (Cisco 9900 fourth-generation IP phones do not properly perform SDP ...)
	NOT-FOR-US: Cisco
CVE-2013-5525 (SQL injection vulnerability in the web framework in Cisco Identity ...)
	NOT-FOR-US: Cisco
CVE-2013-5524 (Cross-site scripting (XSS) vulnerability in the troubleshooting page ...)
	NOT-FOR-US: Cisco
CVE-2013-5523 (The Sponsor Portal in Cisco Identity Services Engine (ISE) 1.2 and ...)
	NOT-FOR-US: Cisco
CVE-2013-5522 (Cisco IOS on Catalyst 3750X switches has default Service Module ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5521 (Cisco Identity Services Engine does not properly restrict the creation ...)
	NOT-FOR-US: Cisco
CVE-2013-5520
	RESERVED
CVE-2013-5519 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco
CVE-2013-5518
	RESERVED
CVE-2013-5517 (SQL injection vulnerability in the web framework in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2013-5516 (The Media Snapshot implementation on Cisco TelePresence Multipoint ...)
	NOT-FOR-US: Cisco
CVE-2013-5515 (The Clientless SSL VPN feature in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5514
	RESERVED
CVE-2013-5513 (Cisco Adaptive Security Appliance (ASA) Software 8.2.x before ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5512 (Race condition in the HTTP Deep Packet Inspection (DPI) feature in ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5511 (The Adaptive Security Device Management (ASDM) remote-management ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5510 (The remote-access VPN implementation in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5509 (The SSL implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5508 (The SQL*Net inspection engine in Cisco Adaptive Security Appliance ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5507 (The IPsec implementation in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-5506 (The authorization functionality in Cisco Firewall Services Module ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2013-5505 (Cross-site scripting (XSS) vulnerability in an administration page in ...)
	NOT-FOR-US: Cisco
CVE-2013-5504 (Cross-site scripting (XSS) vulnerability in the Mobile Device ...)
	NOT-FOR-US: Cisco
CVE-2013-5503 (The UDP process in Cisco IOS XR 4.3.1 does not free packet memory upon ...)
	NOT-FOR-US: Cisco
CVE-2013-5502 (The web interface in Cisco MediaSense does not properly protect the ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2013-5501 (Cross-site scripting (XSS) vulnerability in the oraservice page in ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2013-5500 (Multiple cross-site scripting (XSS) vulnerabilities in the oraadmin ...)
	NOT-FOR-US: Cisco MediaSense
CVE-2013-5499 (The remember feature in the DHCP server in Cisco IOS allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-5498 (The PPTP-ALG component in CRS Carrier Grade Services Engine (CGSE) and ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-5497 (The authentication manager process in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2013-5496 (Open Network Environment Platform (ONEP) in Cisco NX-OS allows remote ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-5495 (Cross-site scripting (XSS) vulnerability in the web framework in the ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-5494 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-5493 (The diagnostic module in the firmware on Cisco Virtualization ...)
	NOT-FOR-US: Cisco
CVE-2013-5492 (administration.jsp in Cisco SocialMiner allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2013-5491
	RESERVED
CVE-2013-5490 (Cisco Prime Data Center Network Manager (DCNM) before 6.2(1) allows ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5489 (The gadget implementation in Cisco SocialMiner does not properly ...)
	NOT-FOR-US: Cisco
CVE-2013-5488 (Cisco Common Services, as used in Cisco Prime LAN Management Solution ...)
	NOT-FOR-US: Cisco
CVE-2013-5487 (DCNM-SAN Server in Cisco Prime Data Center Network Manager (DCNM) ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5486 (Directory traversal vulnerability in processImageSave.jsp in DCNM-SAN ...)
	NOT-FOR-US: Cisco Prime Data Center Network Manager
CVE-2013-5485
	RESERVED
CVE-2013-5484
	RESERVED
CVE-2013-5483 (Cross-site scripting (XSS) vulnerability in bookmarklet.jsp in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-5482 (Cisco Prime LAN Management Solution (LMS) does not properly restrict ...)
	NOT-FOR-US: Cisco
CVE-2013-5481 (The PPTP implementation in Cisco IOS 12.2 and 15.0 through 15.3, when ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5480 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5479 (The DNS-over-TCP implementation in Cisco IOS 12.2 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5478 (Cisco IOS 15.0 through 15.3 and IOS XE 3.2 through 3.8, when a VRF ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5477 (The T1/E1 driver-queue functionality in Cisco IOS 12.2 and 15.0 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5476 (The Zone-Based Firewall (ZFW) feature in Cisco IOS 15.1 through 15.2, ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5475 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.3, and IOS XE 2.1 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5474 (Race condition in the IPv6 virtual fragmentation reassembly (VFR) ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5473 (Memory leak in Cisco IOS 12.2, 15.1, and 15.2; IOS XE 3.4.2S through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5472 (The NTP implementation in Cisco IOS 12.0 through 12.4 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5471 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco Global Site Selector
CVE-2013-5470 (Cisco Secure Access Control System (ACS) does not properly handle ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-5469 (The TCP implementation in Cisco IOS does not properly implement the ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-5468 (IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 ...)
	NOT-FOR-US: IBM Algo One
CVE-2013-5467 (Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-5466 (The XSLT library in IBM DB2 and DB2 Connect 9.5 through 10.5, and the ...)
	NOT-FOR-US: IBM DB2 and DB2 Connect
CVE-2013-5465 (IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5464 (IBM Maximo Asset Management 7.5.x before 7.5.0.3 IFIX027, 7.5.0.4 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5463 (The WinCollect agent in IBM Security QRadar SIEM before 7.1.1.569824 ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5462 (IBM/ECMClient/configure/explodedformat/navigator/header.jsp in IBM ...)
	NOT-FOR-US: IBM
CVE-2013-5461 (IBM Endpoint Manager for Remote Control 9.0.0 and 9.0.1 and Tivoli ...)
	NOT-FOR-US: IBM
CVE-2013-5460 (IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5459 (Unspecified vulnerability in IBM Rational Software Architect (RSA) ...)
	NOT-FOR-US: IBM
CVE-2013-5458 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6 allows ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5457 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5456 (The com.ibm.rmi.io.SunSerializableFactory class in IBM Java SDK 7.0.0 ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5455 (IBM SmartCloud Provisioning 2.1 before FP3 IF0001 allows remote ...)
	NOT-FOR-US: IBM SmartCloud Provisioning
CVE-2013-5454 (IBM WebSphere Portal 6.0 through 6.0.1.7, 6.1.0 through 6.1.0.6 CF27, ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5453 (IBM Security AppScan Enterprise 5.6 through 8.7.0.1 allows remote ...)
	NOT-FOR-US: IBM
CVE-2013-5452 (IBM FileNet Business Process Framework 4.1.0 allows remote ...)
	NOT-FOR-US: IBM FileNet Business Process Framework
CVE-2013-5451
	RESERVED
CVE-2013-5450 (IBM Security AppScan Enterprise 8.5 through 8.7.0.1, when Jazz ...)
	NOT-FOR-US: IBM
CVE-2013-5449 (Cross-site scripting (XSS) vulnerability in workingSet.jsp in IBM ...)
	NOT-FOR-US: IBM
CVE-2013-5448 (Cross-site scripting (XSS) vulnerability in the Right Click Plugin ...)
	NOT-FOR-US: IBM Security QRadar SIEM
CVE-2013-5447 (Stack-based buffer overflow in IBM Forms Viewer 4.x before 4.0.0.3 and ...)
	NOT-FOR-US: IBM Forms Viewer
CVE-2013-5446 (The console on IBM WebSphere DataPower XC10 appliances 2.1.0 and 2.5.0 ...)
	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
CVE-2013-5445 (IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, 10.1 before ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-5444 (The server in IBM Cognos Express 9.0 before IFIX 2, 9.5 before IFIX 2, ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-5443 (Cross-site request forgery (CSRF) vulnerability in IBM Cognos Express ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-5442 (Cross-site scripting (XSS) vulnerability in the Local Management ...)
	NOT-FOR-US: IBM
CVE-2013-5441
	RESERVED
CVE-2013-5440 (IBM InfoSphere Information Server 8.0, 8.1, 8.5, 8.7, and 9.1 allows ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-5439
	RESERVED
CVE-2013-5438 (Cross-site scripting (XSS) vulnerability in the web server in IBM Flex ...)
	NOT-FOR-US: IBM Flex System Manager
CVE-2013-5437
	RESERVED
CVE-2013-5436
	RESERVED
CVE-2013-5435
	RESERVED
CVE-2013-5434
	RESERVED
CVE-2013-5433 (The Data Growth Solution for JD Edwards EnterpriseOne in IBM ...)
	NOT-FOR-US: IBM
CVE-2013-5432
	RESERVED
CVE-2013-5431 (Open redirect vulnerability in IBM Tivoli Federated Identity Manager ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-5430 (The Jazz Team Server component in IBM Security AppScan Enterprise 8.x ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-5429 (The Risk Based Access functionality in IBM Tivoli Federated Identity ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-5428 (IBM WebSphere DataPower XC10 appliances 2.5.0 do not require ...)
	NOT-FOR-US: IBM WebSphere DataPower XC10 appliances
CVE-2013-5427 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
	NOT-FOR-US: IBM InfoSphere Master Data Management
CVE-2013-5426 (Session fixation vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2013-5425 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5424 (IBM Flex System Manager (FSM) 1.3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: IBM Flex System Manager
CVE-2013-5423 (IBM Flex System Manager (FSM) 1.1 through 1.3 before 1.3.2.0 allows ...)
	NOT-FOR-US: IBM Flex System Manager
CVE-2013-5422 (The Web Client in IBM Rational ClearQuest 7.1 through 7.1.2.12, ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2013-5421 (Cross-site scripting (XSS) vulnerability in the IMS server before Ifix ...)
	NOT-FOR-US: IBM
CVE-2013-5420 (The IMS server before Ifix 6 in IBM Security Access Manager for ...)
	NOT-FOR-US: IBM Security Access Manager
CVE-2013-5419 (Multiple buffer overflows in (1) mkque and (2) mkquedev in ...)
	NOT-FOR-US: IBM AIX
CVE-2013-5418 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5417 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5416 (Unspecified vulnerability in IBM Rational ClearCase through 7.1.2.12, ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5415 (Buffer overflow in IBM Rational ClearCase through 7.1.2.12, 8.0.0.x ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5414 (The migration functionality in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-5413 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not ...)
	NOT-FOR-US: IBM
CVE-2013-5412
	RESERVED
CVE-2013-5411 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 allow ...)
	NOT-FOR-US: IBM
CVE-2013-5410
	RESERVED
CVE-2013-5409 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator ...)
	NOT-FOR-US: IBM
CVE-2013-5408
	RESERVED
CVE-2013-5407 (IBM Sterling B2B Integrator 5.2 and Sterling File Gateway 2.2 do not ...)
	NOT-FOR-US: IBM
CVE-2013-5406 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling ...)
	NOT-FOR-US: IBM
CVE-2013-5405 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling ...)
	NOT-FOR-US: IBM
CVE-2013-5404 (Cross-site scripting (XSS) vulnerability in the search implementation ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2013-5403 (Unspecified vulnerability on the IBM WebSphere DataPower XC10 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-5402 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2013-5401 (The command-port listener in IBM WebSphere MQ Internet Pass-Thru ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2013-5400 (An unspecified servlet in IBM Platform Symphony Developer Edition (DE) ...)
	NOT-FOR-US: IBM Platform Symphony Developer Edition
CVE-2013-5399
	RESERVED
CVE-2013-5398 (Unspecified vulnerability in the Webservice Axis Gateway in IBM ...)
	NOT-FOR-US: IBM
CVE-2013-5397 (Unspecified vulnerability in the Webservice Axis Gateway in IBM ...)
	NOT-FOR-US: IBM
CVE-2013-5396
	RESERVED
CVE-2013-5395 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5394 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, ...)
	NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5393 (The monitoring console in IBM WebSphere eXtreme Scale 7.1.0, 7.1.1, ...)
	NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5392
	RESERVED
CVE-2013-5391 (IBM Worklight Consumer and Enterprise Editions 5.0.x before 5.0.6 Fix ...)
	NOT-FOR-US: IBM
CVE-2013-5390 (Cross-site scripting (XSS) vulnerability in the monitoring console in ...)
	NOT-FOR-US: IBM WebSphere eXtreme Scale
CVE-2013-5389 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
	NOT-FOR-US: IBM Domino
CVE-2013-5388 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.3 ...)
	NOT-FOR-US: IBM Domino
CVE-2013-5387 (Buffer overflow in IBM Platform Symphony 5.2, 6.1, and 6.1.1 allows ...)
	NOT-FOR-US: IBM
CVE-2013-5386
	RESERVED
CVE-2013-5385 (The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries ...)
	NOT-FOR-US: IBM
CVE-2013-5384
	RESERVED
CVE-2013-5383 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5382 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5381 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5380 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-5379 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 7.x ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-5378 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.x ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-5377
	RESERVED
CVE-2013-5376 (Cross-site scripting (XSS) vulnerability in IBM Storwize V7000 Unified ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-5375 (Unspecified vulnerability in IBM Java SDK 7.0.0 before SR6, 6.0.1 ...)
	NOT-FOR-US: IBM JDK
CVE-2013-5374
	RESERVED
CVE-2013-5373 (The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through ...)
	NOT-FOR-US: IBM Rational ClearCase
CVE-2013-5372 (The XML4J parser in IBM WebSphere Message Broker 6.1 before 6.1.0.12, ...)
	NOT-FOR-US: IBM
CVE-2013-5371 (The client in IBM Tivoli Storage Manager (TSM) 6.3.1 and 6.4.0 on ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-5370 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-5369 (IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before ...)
	NOT-FOR-US: IBM SPSS Analytical Decision Management
CVE-2013-5368
	RESERVED
CVE-2013-5367
	RESERVED
CVE-2013-5366
	RESERVED
CVE-2013-5365 (Heap-based buffer overflow in Autodesk SketchBook for Enterprise 2014, ...)
	NOT-FOR-US: Autodesk SketchBook
CVE-2013-5364 (Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and ...)
	NOT-FOR-US: Secunia CSI Agent
CVE-2013-5363
	RESERVED
CVE-2013-5362
	RESERVED
CVE-2013-5361
	RESERVED
CVE-2013-5360
	RESERVED
CVE-2013-5359 (Stack-based buffer overflow in Picasa3.exe in Google Picasa before ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5358 (Picasa3.exe in Google Picasa before 3.9.0 Build 137.69 allows remote ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5357 (Integer overflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5356 (Sharetronix 3.1.1.3, 3.1.1, and earlier does not properly restrict ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5355 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5354 (Multiple SQL injection vulnerabilities in Sharetronix 3.1.1 allow ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5353 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5352 (Sharetronix 3.1.1.3, 3.1.1, and earlier allows remote attackers to ...)
	NOT-FOR-US: Sharetronix
CVE-2013-5351 (Heap-based buffer overflow in IrfanView before 4.37 allows remote ...)
	NOT-FOR-US: IrfanView
CVE-2013-5350 (The &quot;Remember me&quot; feature in the ...)
	NOT-FOR-US: OpenPNE
CVE-2013-5349 (Integer underflow in Picasa3.exe in Google Picasa before 3.9.0 Build ...)
	NOT-FOR-US: Google Picasa
CVE-2013-5348
	REJECTED
CVE-2013-5347
	REJECTED
CVE-2013-5346
	REJECTED
CVE-2013-5345
	REJECTED
CVE-2013-5344
	REJECTED
CVE-2013-5343
	REJECTED
CVE-2013-5342
	REJECTED
CVE-2013-5341
	REJECTED
CVE-2013-5340
	REJECTED
CVE-2013-5339
	REJECTED
CVE-2013-5338
	REJECTED
CVE-2013-5337
	REJECTED
CVE-2013-5336
	REJECTED
CVE-2013-5335
	REJECTED
CVE-2013-5334 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-5333 (Adobe Shockwave Player before 12.0.7.148 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-5332 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5331 (Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5330 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5329 (Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5328 (Adobe ColdFusion 10 before Update 12 allows remote attackers to read ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-5327 (MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2013-5326 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 9.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-5325 (Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote ...)
	NOT-FOR-US: Adobe
CVE-2013-5324 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-5323 (Cross-site scripting (XSS) vulnerability in the Static Info Tables ...)
	NOT-FOR-US: TYPO3 extension (Static Info Tables)
CVE-2013-5322 (SQL injection vulnerability in the CoolURI extension before 1.0.30 for ...)
	NOT-FOR-US: TYPO3 extension (CoolURI)
CVE-2013-5321 (Multiple SQL injection vulnerabilities in AlienVault Open Source ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2013-5320 (Cross-site scripting (XSS) vulnerability in Forums/EditPost.aspx in ...)
	NOT-FOR-US: mojoPortal
CVE-2013-5319 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2013-5318 (SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers ...)
	NOT-FOR-US: Ginkgo CMS
CVE-2013-5317 (Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows ...)
	NOT-FOR-US: RiteCMS
CVE-2013-5316 (Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 ...)
	NOT-FOR-US: RiteCMS
CVE-2012-6582 (Cross-site scripting (XSS) vulnerability in the Spambot module 6.x-3.x ...)
	NOT-FOR-US: Spambot Drupal contributed module
CVE-2013-5313 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-5312 (Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2013-5311 (Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2013-5315 (Cross-site scripting (XSS) vulnerability in the Resource Manager in ...)
	NOT-FOR-US: Drupal module
CVE-2013-5314 (Cross-site scripting (XSS) vulnerability in ...)
	- serendipity <removed>
	[squeeze] - serendipity <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-5310 (SQL injection vulnerability in the DB Integration (wfqbe) extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2013-5309 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: FUDforum
CVE-2013-5308 (Cross-site scripting (XSS) vulnerability in the RealURL Management ...)
	NOT-FOR-US: TYPO3 extension
CVE-2013-5307 (Cross-site scripting (XSS) vulnerability in the Faceted Search ...)
	NOT-FOR-US: Faceted Search Typo3 extension
CVE-2013-5306 (SQL injection vulnerability in the Browser - TYPO3 without PHP ...)
	NOT-FOR-US: TYPO3 Extension
CVE-2013-5305 (Cross-site scripting (XSS) vulnerability in the Store Locator ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5304 (SQL injection vulnerability in the Store Locator (locator) extension ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5303 (Unspecified vulnerability in the Store Locator (locator) extension ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2013-5302 (SQL injection vulnerability in the Faceted Search (ke_search) ...)
	NOT-FOR-US: Faceted Search Typo3 extension
CVE-2013-5301 (Directory traversal vulnerability in help.php in Trustport Webfilter ...)
	NOT-FOR-US: Trustport Webfilter
CVE-2013-5300 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
	NOT-FOR-US: AlienVault OSSIM
CVE-2013-5299
	RESERVED
CVE-2013-5298
	RESERVED
CVE-2013-5297
	RESERVED
CVE-2013-5296
	RESERVED
CVE-2013-5295
	RESERVED
CVE-2013-5294
	RESERVED
CVE-2013-5293
	RESERVED
CVE-2013-5292
	RESERVED
CVE-2013-5291
	RESERVED
CVE-2013-5290
	RESERVED
CVE-2013-5289
	RESERVED
CVE-2013-5288
	RESERVED
CVE-2013-5287
	RESERVED
CVE-2013-5286
	RESERVED
CVE-2013-5285
	RESERVED
CVE-2013-5284
	RESERVED
CVE-2013-5283
	RESERVED
CVE-2013-5282
	RESERVED
CVE-2013-5281
	RESERVED
CVE-2013-5280
	RESERVED
CVE-2013-5279
	RESERVED
CVE-2013-5278
	RESERVED
CVE-2013-5277
	RESERVED
CVE-2013-5276
	RESERVED
CVE-2013-5275
	RESERVED
CVE-2013-5274
	RESERVED
CVE-2013-5273
	RESERVED
CVE-2013-5272
	RESERVED
CVE-2013-5271
	RESERVED
CVE-2013-5270
	RESERVED
CVE-2013-5269
	RESERVED
CVE-2013-5268
	RESERVED
CVE-2013-5267
	RESERVED
CVE-2013-5266
	RESERVED
CVE-2013-5265
	RESERVED
CVE-2013-5264
	RESERVED
CVE-2013-5263
	RESERVED
CVE-2013-5262
	RESERVED
CVE-2013-5261
	RESERVED
CVE-2013-5260
	RESERVED
CVE-2013-5259
	RESERVED
CVE-2013-5258
	RESERVED
CVE-2013-5257
	RESERVED
CVE-2013-5256
	RESERVED
CVE-2013-5255
	RESERVED
CVE-2013-5254
	RESERVED
CVE-2013-5253
	RESERVED
CVE-2013-5252
	RESERVED
CVE-2013-5251
	RESERVED
CVE-2013-5250
	RESERVED
CVE-2013-5249
	RESERVED
CVE-2013-5248
	RESERVED
CVE-2013-5247
	RESERVED
CVE-2013-5246
	RESERVED
CVE-2013-5245
	RESERVED
CVE-2013-5244
	RESERVED
CVE-2013-5243
	RESERVED
CVE-2013-5242
	RESERVED
CVE-2013-5241
	RESERVED
CVE-2013-5240
	RESERVED
CVE-2013-5239
	RESERVED
CVE-2013-5238
	RESERVED
CVE-2013-5237
	RESERVED
CVE-2013-5236
	RESERVED
CVE-2013-5235
	RESERVED
CVE-2013-5234
	RESERVED
CVE-2013-5233
	RESERVED
CVE-2013-5232
	RESERVED
CVE-2013-5231
	RESERVED
CVE-2013-5230
	RESERVED
CVE-2013-5229 (The Remote Desktop full-screen feature in Apple OS X before 10.9 and ...)
	NOT-FOR-US: Apple
CVE-2013-5228 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5227 (Apple Safari before 6.1.1 and 7.x before 7.0.1 allows remote attackers ...)
	NOT-FOR-US: Safari
CVE-2013-5226
	RESERVED
CVE-2013-5225 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5224
	RESERVED
CVE-2013-5223 (Multiple cross-site scripting (XSS) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link DSL-2760U Gateway
CVE-2013-5222 (Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2013-5221 (The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 ...)
	NOT-FOR-US: Esri ArcGIS
CVE-2013-5220 (goform/login on the HOT HOTBOX router with software 2.1.11 allows ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5219 (Directory traversal vulnerability on the HOT HOTBOX router with ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5218 (Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5216 (Directory traversal vulnerability in logreader/uploadreader.jsp in ...)
	NOT-FOR-US: Performance Guard
CVE-2013-5215 (Cross-site scripting (XSS) vulnerability in the web interface &quot;WiFi ...)
	NOT-FOR-US: FOSCAM Wireless IP Camera
CVE-2013-5214
	RESERVED
CVE-2013-5213
	RESERVED
CVE-2013-5212
	RESERVED
	NOT-FOR-US: easyXDM
CVE-2013-5211 (The monlist feature in ntp_request.c in ntpd in NTP before 4.2.7p26 ...)
	- ntp 1:4.2.8p3+dfsg-1 (low; bug #733940)
	[jessie] - ntp <no-dsa> (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport)
	[wheezy] - ntp <no-dsa> (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport)
	[squeeze] - ntp <no-dsa> (No backportable code fix exists, default configuration is safe, tiny subsection of affected users can run a backport)
	NOTE: http://bugs.ntp.org/show_bug.cgi?id=1532
	NOTE: mitigated if noquery used. Only a problem for (public) ntp servers allowing
	NOTE: querying ntpd status, so allowing monlist
CVE-2013-5210 (Cross-site scripting (XSS) vulnerability in the GUI login page in ...)
	NOT-FOR-US: Adtran Netvanta
CVE-2013-5209 (The sctp_send_initiate_ack function in sys/netinet/sctp_output.c in ...)
	{DSA-2743-1}
	- kfreebsd-8 <removed> (bug #720476)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 9.2~svn254368-2 (bug #720475)
	- kfreebsd-10 10.0~svn254663-1 (bug #720478)
CVE-2013-5208 (HR Systems Strategies info:HR HRIS 7.9 does not properly protect the ...)
	NOT-FOR-US: HR Systems Strategies
CVE-2013-5207
	RESERVED
CVE-2013-5206
	RESERVED
CVE-2013-5205
	RESERVED
CVE-2013-5204
	RESERVED
CVE-2013-5203
	RESERVED
CVE-2013-5202
	RESERVED
CVE-2013-5201
	RESERVED
CVE-2013-5200 (The (1) REST and (2) memcache interfaces in the Hazelcast cluster API ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5199 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5198 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5197 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5196 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5195 (WebKit, as used in Apple Safari before 6.1.1 and 7.x before 7.0.1, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5194
	RESERVED
CVE-2013-5193 (The App Store component in Apple iOS before 7.0.4 does not properly ...)
	NOT-FOR-US: Apple
CVE-2013-5192 (The USB hub controller in Apple Mac OS X before 10.9 allows local ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5191 (The syslog implementation in Apple Mac OS X before 10.9 allows local ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5190 (Smart Card Services in Apple Mac OS X before 10.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5189 (Apple Mac OS X before 10.9 does not preserve a certain administrative ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5188 (The Screen Lock implementation in Apple Mac OS X before 10.9, when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5187 (The Screen Lock implementation in Apple Mac OS X before 10.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5186 (Power Management in Apple Mac OS X before 10.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5185 (The ldapsearch command-line program in OpenLDAP in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5184 (The kernel in Apple Mac OS X before 10.9 does not properly check for ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5183 (Mail in Apple Mac OS X before 10.9, when Kerberos authentication is ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5182 (Mail in Apple Mac OS X before 10.9 allows remote attackers to spoof ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5181 (The auto-configuration feature in Mail in Apple Mac OS X before 10.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5180 (The srandomdev function in Libc in Apple Mac OS X before 10.9, when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5179 (App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5178 (LaunchServices in Apple Mac OS X before 10.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5177 (The kernel in Apple Mac OS X before 10.9 allows local users to cause a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5176 (The kernel in Apple Mac OS X before 10.9 does not properly handle ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5175 (The kernel in Apple Mac OS X before 10.9 allows local users to obtain ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5174 (Integer signedness error in the kernel in Apple Mac OS X before 10.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5173 (The random-number generator in the kernel in Apple Mac OS X before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5172 (The kernel in Apple Mac OS X before 10.9 does not properly determine ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5171 (CoreGraphics in Apple Mac OS X before 10.9 allows local users to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5170 (Buffer underflow in CoreGraphics in Apple Mac OS X before 10.9 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5169 (CoreGraphics in Apple Mac OS X before 10.9, when display-sleep mode is ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5168 (Console in Apple Mac OS X before 10.9 allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5167 (CFNetwork in Apple Mac OS X before 10.9 does not properly support ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5166 (The Bluetooth USB host controller in Apple Mac OS X before 10.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5165 (socketfilterfw in Application Firewall in Apple Mac OS X before 10.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5164 (Multiple race conditions in the Phone app in Apple iOS before 7.0.3 ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5163 (Directory Services in Apple Mac OS X before 10.8.5 Supplemental Update ...)
	NOT-FOR-US: Apple OS X
CVE-2013-5162 (Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5161 (Passcode Lock in Apple iOS before 7.0.2 does not properly manage the ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5160 (Passcode Lock in Apple iOS before 7.0.2 on iPhone devices allows ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5159 (WebKit in Apple iOS before 7 allows remote attackers to bypass the ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5158 (The Social subsystem in Apple iOS before 7 does not properly restrict ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5157 (The Twitter subsystem in Apple iOS before 7 does not require API ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5156 (The Telephony subsystem in Apple iOS before 7 does not require API ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5155 (The Sandbox subsystem in Apple iOS before 7 allows attackers to cause ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5154 (The Sandbox subsystem in Apple iOS before 7 determines the sandboxing ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5153 (Springboard in Apple iOS before 7 does not properly manage the lock ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5152 (Mobile Safari in Apple iOS before 7 allows remote attackers to spoof ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5151 (Mobile Safari in Apple iOS before 7 does not prevent HTML ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5150 (The history-clearing feature in Safari in Apple iOS before 7 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5149 (The Push Notifications subsystem in Apple iOS before 7 provides the ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5148 (Apple Keynote before 6.0 does not properly handle the interaction ...)
	NOT-FOR-US: Apple Keynote
CVE-2013-5147 (Passcode Lock in Apple iOS before 7 does not properly manage the lock ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5146
	RESERVED
CVE-2013-5145 (kextd in Kext Management in Apple iOS before 7 does not properly ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5144 (Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5143 (The RADIUS service in Server App in Apple OS X Server before 3.0 ...)
	NOT-FOR-US: Apple OS X Server
CVE-2013-5142 (The kernel in Apple iOS before 7 does not initialize unspecified ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5141 (The kernel in Apple iOS before 7 uses an incorrect data size for a ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5140 (The kernel in Apple iOS before 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5139 (The IOSerialFamily driver in Apple iOS before 7 allows attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5138 (IOCatalogue in IOKitUser in Apple iOS before 7 allows attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5137 (IOKit in Apple iOS before 7 allows attackers to send user-interface ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5136 (Apple Remote Desktop before 3.7 does not properly use server ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2013-5135 (Format string vulnerability in Screen Sharing Server in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-5134
	REJECTED
CVE-2013-5133 (Backup in Apple iOS before 7.1 does not properly restrict symlinks, ...)
	NOT-FOR-US: Apple
CVE-2013-5132 (Apple AirPort Base Station Firmware before 7.6.4 does not properly ...)
	NOT-FOR-US: Apple AirPort
CVE-2013-5131 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5130 (WebKit in Apple Safari before 6.1 disables the Private Browsing ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-5129 (Multiple cross-site scripting (XSS) vulnerabilities in WebKit in Apple ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5128 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5127 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5126 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5125 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-5124
	RESERVED
CVE-2013-5123 [insecure mirroring]
	RESERVED
	- python-pip 1.4.1-1 (unimportant)
	[squeeze] - python-pip <not-affected> (Support for mirroring introduced in 0.8.1)
	NOTE: This is additional hardening / security feature, not a vulnerabily (despite
	NOTE: the discussion on oss-sec)
CVE-2013-5122
	RESERVED
	NOT-FOR-US: Linksys
CVE-2013-5121 (SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows ...)
	NOT-FOR-US: PHPFox
CVE-2013-5120 (SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows ...)
	NOT-FOR-US: PHPFox
CVE-2013-5119 (Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows ...)
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2013-5118 (Cross-site scripting (XSS) vulnerability in the Good for Enterprise ...)
	NOT-FOR-US: Good for Enterprise app for iOS
CVE-2013-5117 (SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in ...)
	NOT-FOR-US: DotNetNuke
CVE-2013-5116
	RESERVED
CVE-2013-5115
	RESERVED
CVE-2013-5114
	RESERVED
CVE-2013-5113
	RESERVED
CVE-2013-5112
	RESERVED
CVE-2013-5111
	RESERVED
CVE-2013-5110
	RESERVED
CVE-2013-5109
	RESERVED
CVE-2013-5108 (Multiple cross-site scripting (XSS) vulnerabilities in the xn function ...)
	- rockmongo <itp> (bug #702961)
CVE-2013-5107 (Directory traversal vulnerability in RockMongo 1.1.5 and earlier ...)
	- rockmongo <itp> (bug #702961)
CVE-2013-5106
	RESERVED
CVE-2013-5105
	RESERVED
CVE-2013-5104
	RESERVED
CVE-2013-5103
	RESERVED
CVE-2013-5102
	RESERVED
CVE-2013-5101
	RESERVED
CVE-2013-5100 (Cross-site scripting (XSS) vulnerability in the Static Methods since ...)
	NOT-FOR-US: TYPO3 extension Static Methods
CVE-2013-5099 (Cross-site scripting (XSS) vulnerability in article.php in Anchor CMS ...)
	NOT-FOR-US: Anchor CMS
CVE-2013-5098 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the ...)
	NOT-FOR-US: WordPress plugin download-monitor
CVE-2013-5097 (Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2013-5096 (Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2013-5095 (Cross-site scripting (XSS) vulnerability in the web-based interface in ...)
	NOT-FOR-US: Juniper Junos Space
CVE-2013-5094 (Cross-site scripting (XSS) vulnerability in index.exp in McAfee ...)
	NOT-FOR-US: McAfee Vulnerability Manager
CVE-2013-5093 (The renderLocalView function in render/views.py in graphite-web in ...)
	- graphite-web 0.9.12+debian-1 (bug #720454)
	NOTE: http://ceriksen.com/2013/08/20/graphite-remote-code-execution-vulnerability-advisory/
CVE-2013-5092 (Cross-site scripting (XSS) vulnerability in afa/php/Login.php in ...)
	NOT-FOR-US: AlgoSec Firewall Analyzer
CVE-2013-5091 (SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-5090
	REJECTED
CVE-2013-5089
	REJECTED
CVE-2013-5088
	REJECTED
CVE-2013-5087
	REJECTED
CVE-2013-5086
	REJECTED
CVE-2013-5085
	REJECTED
CVE-2013-5084
	REJECTED
CVE-2013-5083
	REJECTED
CVE-2013-5082
	REJECTED
CVE-2013-5081
	REJECTED
CVE-2013-5080
	REJECTED
CVE-2013-5079
	REJECTED
CVE-2013-5078
	REJECTED
CVE-2013-5077
	REJECTED
CVE-2013-5076
	REJECTED
CVE-2013-5075
	REJECTED
CVE-2013-5074
	REJECTED
CVE-2013-5073
	REJECTED
CVE-2013-5072 (Cross-site scripting (XSS) vulnerability in Outlook Web Access in ...)
	NOT-FOR-US: Microsoft Exchange Server OWA
CVE-2013-5071
	REJECTED
CVE-2013-5070
	REJECTED
CVE-2013-5069
	REJECTED
CVE-2013-5068
	REJECTED
CVE-2013-5067
	REJECTED
CVE-2013-5066
	REJECTED
CVE-2013-5065 (NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-5064
	REJECTED
CVE-2013-5063
	REJECTED
CVE-2013-5062
	REJECTED
CVE-2013-5061
	REJECTED
CVE-2013-5060
	REJECTED
CVE-2013-5059 (Microsoft SharePoint Server 2010 SP1 and SP2 and 2013, and Office Web ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-5058 (Integer overflow in the kernel-mode drivers in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows Kernel
CVE-2013-5057 (hxds.dll in Microsoft Office 2007 SP3 and 2010 SP1 and SP2 does not ...)
	NOT-FOR-US: Microsoft Windows Kernel
CVE-2013-5056 (Use-after-free vulnerability in the Scripting Runtime Object Library ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-5055
	REJECTED
CVE-2013-5054 (Microsoft Office 2013 and 2013 RT allows remote attackers to discover ...)
	NOT-FOR-US: Microsoft Office
CVE-2013-5053
	REJECTED
CVE-2013-5052 (Microsoft Internet Explorer 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5051 (Microsoft Internet Explorer 10 and 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5050
	REJECTED
CVE-2013-5049 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5048 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5047 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5046 (Microsoft Internet Explorer 7 through 11 allows local users to bypass ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5045 (Microsoft Internet Explorer 10 and 11 allows local users to bypass the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-5044
	REJECTED
CVE-2013-5043
	REJECTED
CVE-2013-5042 (Cross-site scripting (XSS) vulnerability in Microsoft ASP.NET SignalR ...)
	NOT-FOR-US: Microsoft ASP.NET SignalR
CVE-2013-5041
	REJECTED
CVE-2013-5040
	RESERVED
CVE-2013-5039 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5038 (The HOT HOTBOX router with software 2.1.11 allows remote attackers to ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5037 (The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of ...)
	NOT-FOR-US: HOT HOTBOX router
CVE-2013-5036 (The Square Squash allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Square Squash
CVE-2013-5035 (Multiple race conditions in HtmlCleaner before 2.6, as used in ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-5034 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
	NOT-FOR-US: Atmail
CVE-2013-5033 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
	NOT-FOR-US: Atmail
CVE-2013-5032 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
	NOT-FOR-US: Atmail
CVE-2013-5031 (Unspecified vulnerability in Atmail before 6.6.4, and 7.x before ...)
	NOT-FOR-US: Atmail
CVE-2013-5030 (Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow ...)
	NOT-FOR-US: Ruckus Wireless Zoneflex
CVE-2013-5029 (phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to ...)
	- phpmyadmin 4:4.0.5-1
	[squeeze] - phpmyadmin <no-dsa> (Backport not feasible and X-Frame-Options protection enough on any modern browser)
	[wheezy] - phpmyadmin <no-dsa> (Backport not feasible and X-Frame-Options protection enough on any modern browser)
CVE-2013-5028 (SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok ...)
	NOT-FOR-US: Kwok Information Server
CVE-2013-5027
	RESERVED
CVE-2013-5026 (An ActiveX control in lookout650.ocx, lookout660.ocx, and ...)
	NOT-FOR-US: National Instruments Lookout
CVE-2013-5025 (An ActiveX control in exlauncher.dll in the Help subsystem in National ...)
	NOT-FOR-US: National Instruments
CVE-2013-5024 (An ActiveX control in NationalInstruments.Help2.dll in National ...)
	NOT-FOR-US: National Instruments
CVE-2013-5023 (The ActiveX controls in the HelpAsst component in NI Help Links in ...)
	NOT-FOR-US: National Instruments
CVE-2013-5022 (Absolute path traversal vulnerability in the 3D Graph ActiveX control ...)
	NOT-FOR-US: National Instruments
CVE-2013-5021 (Multiple absolute path traversal vulnerabilities in National ...)
	NOT-FOR-US: National Instruments
CVE-2013-5020 (Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in ...)
	NOT-FOR-US: miniBB
CVE-2013-5019 (Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote ...)
	NOT-FOR-US: Ultra Mini HTTPD
CVE-2013-5018 (The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not ...)
	- strongswan <not-affected> (Only affects 5.0.4 from experimental)
	NOTE: The PEM aspect is under control of the administrator, so not a security issue
	NOTE: The XAuth / EAP Issue only affects 5.0.3/5.0.4
CVE-2013-5017 (SNMPConfig.php in the management console in Symantec Web Gateway (SWG) ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2013-5016 (Symantec Critical System Protection (SCSP) before 5.2.9, when ...)
	NOT-FOR-US: Symantec
CVE-2013-5015 (SQL injection vulnerability in the management console in Symantec ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5014 (The management console in Symantec Endpoint Protection Manager (SEPM) ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5013 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: Symantec WEB Gateway
CVE-2013-5012 (Multiple SQL injection vulnerabilities in the management console on ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2013-5011 (Unquoted Windows search path vulnerability in the client in Symantec ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5010 (The Application/Device Control (ADC) component in the client in ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5009 (The Management Console in Symantec Endpoint Protection (SEP) 11.x ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2013-5008 (The agent and task-agent components in Symantec Management Platform ...)
	NOT-FOR-US: Symantec
CVE-2013-5007
	RESERVED
CVE-2013-5006 (main_internet.php on the Western Digital My Net N600 and N750 with ...)
	NOT-FOR-US: Western Digital Router
CVE-2013-5005 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Tripwire Enterprise
CVE-2013-5004
	RESERVED
CVE-2013-4994
	RESERVED
CVE-2013-4993
	RESERVED
CVE-2013-4992
	RESERVED
CVE-2013-4991
	RESERVED
CVE-2013-4990
	RESERVED
CVE-2013-4989
	RESERVED
CVE-2013-4988 (Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote ...)
	NOT-FOR-US: IcoFX
CVE-2013-4987 (PineApp Mail-SeCure before 3.70 allows remote authenticated users to ...)
	NOT-FOR-US: PinApp
CVE-2013-4986 (Stack-based buffer overflow in PDFAX0722_IconCool.dll 7.22.1125.2121 ...)
	NOT-FOR-US: PDFCool
CVE-2013-4985
	RESERVED
	NOT-FOR-US: Vivotek IP Cameras
CVE-2013-4984 (The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos ...)
	NOT-FOR-US: Sophos Web Protection Appliance
CVE-2013-4983 (The get_referers function in /opt/ws/bin/sblistpack in Sophos Web ...)
	NOT-FOR-US: Sophos Web Protection Appliance
CVE-2013-4982
	RESERVED
	NOT-FOR-US: AVTECH DVR
CVE-2013-4981 (Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with ...)
	NOT-FOR-US: AVTECH DVR
CVE-2013-4980 (Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with ...)
	NOT-FOR-US: AVTECH DVR
CVE-2013-4979 (Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and ...)
	NOT-FOR-US: EPS Viewer
CVE-2013-4978 (Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in ...)
	NOT-FOR-US: Aloaha PDF Suite
CVE-2013-4977 (Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E ...)
	NOT-FOR-US: Hikvision IP camera
CVE-2013-4976
	RESERVED
CVE-2013-4975
	RESERVED
CVE-2013-4974 (RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2013-4973 (Stack-based buffer overflow in RealNetworks RealPlayer before ...)
	NOT-FOR-US: RealPlayer
CVE-2013-4972
	RESERVED
CVE-2013-4971 (Puppet Enterprise before 3.2.0 does not properly restrict access to ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4970
	RESERVED
CVE-2013-4969 (Puppet before 3.3.3 and 3.4 before 3.4.1 and Puppet Enterprise (PE) ...)
	{DSA-2831-1}
	- puppet 3.4.1-1
	NOTE: http://puppetlabs.com/security/cve/cve-2013-4969
CVE-2013-4968
	RESERVED
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4967 (Puppet Enterprise before 3.0.1 allows remote attackers to obtain the ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4966 (The master external node classification script in Puppet Enterprise ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4965 (Puppet Enterprise before 3.1.0 does not properly restrict the number ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4964 (Puppet Enterprise before 3.0.1 does not set the secure flag for the ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4963 (Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4962 (The reset password page in Puppet Enterprise before 3.0.1 does not ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4961 (Puppet Enterprise before 3.0.1 includes version information for the ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4960
	RESERVED
CVE-2013-4959 (Puppet Enterprise before 3.0.1 uses HTTP responses that contain ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4958 (Puppet Enterprise before 3.0.1 does not use a session timeout, which ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4957 (The dashboard report in Puppet Enterprise before 3.0.1 allows ...)
	NOT-FOR-US: puppet-dashboard
CVE-2013-4956 (Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and ...)
	{DSA-2761-1}
	- puppet 3.2.4-1
	[squeeze] - puppet <not-affected> (puppet module not yet present)
CVE-2013-4955 (Open redirect vulnerability in the login page in Puppet Enterprise ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4954 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
	NOT-FOR-US: Genetech Solutions Pie-Register
CVE-2013-4953 (SQL injection vulnerability in play.php in Top Games Script 1.2 allows ...)
	NOT-FOR-US: Top Games Script
CVE-2013-4952 (SQL injection vulnerability in functions/global.php in Elemata CMS RC ...)
	NOT-FOR-US: Elemata CMS
CVE-2013-4951 (Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 ...)
	NOT-FOR-US: Mintboard
CVE-2013-4950 (Cross-site scripting (XSS) vulnerability in view.php in Machform 2 ...)
	NOT-FOR-US: Machform
CVE-2013-4949 (Unrestricted file upload vulnerability in view.php in Machform 2 ...)
	NOT-FOR-US: Machform
CVE-2013-4948 (SQL injection vulnerability in view.php in Machform 2 allows remote ...)
	NOT-FOR-US: Machform
CVE-2013-4947 (Unspecified vulnerability in the update and build database page in ...)
	NOT-FOR-US: Sawmill
CVE-2013-4946 (Multiple cross-site scripting (XSS) vulnerabilities in BMC Service ...)
	NOT-FOR-US: BMC Service Desk Express
CVE-2013-4945 (Multiple SQL injection vulnerabilities in BMC Service Desk Express ...)
	NOT-FOR-US: BMC Service Desk Express
CVE-2013-4944 (Cross-site scripting (XSS) vulnerability in the BuddyPress Extended ...)
	NOT-FOR-US: BuddyPress
CVE-2013-4943 (The client application in Siemens COMOS before 9.1 Update 458, 9.2 ...)
	NOT-FOR-US: Siemens COMOS
CVE-2013-4942 (Cross-site scripting (XSS) vulnerability in flashuploader.swf in the ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4941 (Cross-site scripting (XSS) vulnerability in uploader.swf in the ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not installed in package)
CVE-2013-4940 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4939 (Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4938 (The LTI (aka IMS-LTI) mod_form implementation in Moodle through ...)
	- moodle 2.5.1-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4995 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 3.5.x before ...)
	{DSA-2975-1 DLA-0014-1}
	- phpmyadmin 4:4.0.4.2-1 (low)
	[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4996 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-2975-1 DLA-0014-1}
	- phpmyadmin 4:4.0.4.2-1
	[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4997 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:4.0.4.2-1
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-4998 (phpMyAdmin 3.5.x before 3.5.8.2 and 4.0.x before 4.0.4.2 allows remote ...)
	- phpmyadmin 4:4.0.4.2-1 (unimportant)
	NOTE: Full path disclosure irrelevant in Debian packages
CVE-2013-4999 (phpMyAdmin 4.0.x before 4.0.4.2 allows remote attackers to obtain ...)
	- phpmyadmin 4:4.0.4.2-1 (unimportant)
	NOTE: Full path disclosure irrelevant in Debian packages
CVE-2013-5000 (phpMyAdmin 3.5.x before 3.5.8.2 allows remote attackers to obtain ...)
	- phpmyadmin 4:4.0.4.2-1 (unimportant)
	NOTE: Full path disclosure irrelevant in Debian packages
CVE-2013-5001 (Cross-site scripting (XSS) vulnerability in ...)
	- phpmyadmin 4:4.0.4.2-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-5002 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2975-1}
	- phpmyadmin 4:4.0.4.2-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-5003 (Multiple SQL injection vulnerabilities in phpMyAdmin 3.5.x before ...)
	{DSA-2975-1 DLA-0014-1}
	- phpmyadmin 4:4.0.4.2-1
	[squeeze] - phpmyadmin 4:3.3.7-8
CVE-2013-4937 (Multiple unspecified vulnerabilities in the AiCloud feature on the ...)
	NOT-FOR-US: Asus firmware
CVE-2013-4936 (The IsDFP_Frame function in plugins/profinet/packet-pn-rt.c in the ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4935 (The dissect_per_length_determinant function in ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4934 (The netmon_open function in wiretap/netmon.c in the Netmon file parser ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4933 (The netmon_open function in wiretap/netmon.c in the Netmon file parser ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4932 (Multiple array index errors in epan/dissectors/packet-gsm_a_common.c ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
CVE-2013-4931 (epan/proto.c in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 ...)
	{DLA-497-1}
	- wireshark 1.10.1-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-4930 (The dissect_dvbci_tpdu_hdr function in epan/dissectors/packet-dvbci.c ...)
	{DSA-2734-1}
	- wireshark 1.10.1-1
	[squeeze] - wireshark <not-affected> (Affected dissector not yet present)
CVE-2013-4929 (The parseFields function in epan/dissectors/packet-dis-pdus.c in the ...)
	{DLA-497-1}
	- wireshark 1.10.1-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-4928 (Integer signedness error in the dissect_headers function in ...)
	- wireshark 1.10.1-1 (unimportant)
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
	NOTE: Not suitable for code injection
CVE-2013-4927 (Integer signedness error in the get_type_length function in ...)
	{DLA-497-1}
	- wireshark 1.10.1-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-4926 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4925 (Integer signedness error in epan/dissectors/packet-dcom-sysact.c in ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4924 (epan/dissectors/packet-dcom-sysact.c in the DCOM ISystemActivator ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4923 (Memory leak in the dissect_dcom_ActivationProperties function in ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4922 (Double free vulnerability in the dissect_dcom_ActivationProperties ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4921 (Off-by-one error in the dissect_radiotap function in ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4920 (The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly ...)
	- wireshark 1.10.1-1
	[wheezy] - wireshark <not-affected> (Only affects 1.10.x)
	[squeeze] - wireshark <not-affected> (Only affects 1.10.x)
CVE-2013-4919
	RESERVED
CVE-2013-4918
	RESERVED
CVE-2013-4917
	RESERVED
CVE-2013-4916
	RESERVED
CVE-2013-4915
	RESERVED
CVE-2013-4914
	RESERVED
CVE-2013-4913
	RESERVED
CVE-2013-4912 (Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 ...)
	NOT-FOR-US: Siemens
CVE-2013-4911 (Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA ...)
	NOT-FOR-US: Siemens
CVE-2013-4910
	RESERVED
CVE-2013-4909
	RESERVED
CVE-2013-4908
	RESERVED
CVE-2013-4907
	RESERVED
CVE-2013-4906
	RESERVED
CVE-2013-4905
	RESERVED
CVE-2013-4904
	RESERVED
CVE-2013-4903
	RESERVED
CVE-2013-4902
	RESERVED
CVE-2013-4901
	RESERVED
CVE-2013-4900 (Directory traversal vulnerability in DeWeS web server 0.4.2 and ...)
	NOT-FOR-US: DeWeS web server (Twilight CMS)
CVE-2013-4899 (Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and ...)
	NOT-FOR-US: Twilight CMS
CVE-2013-4898 (Unrestricted file upload vulnerability in the user profile page ...)
	NOT-FOR-US: Timeline Plugin for SocialEngine
CVE-2013-4897
	REJECTED
CVE-2013-4896
	RESERVED
CVE-2013-4895
	RESERVED
CVE-2013-4894
	RESERVED
CVE-2013-4893
	RESERVED
CVE-2013-4892
	RESERVED
CVE-2013-4891 (The xss_clean function in CodeIgniter before 2.1.4 might allow remote ...)
	NOT-FOR-US: CodeIgniter
CVE-2013-4889 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Digital Signage Xibo
CVE-2013-4888 (Cross-site scripting (XSS) vulnerability in index.php in Digital ...)
	NOT-FOR-US: Digital Signage Xibo
CVE-2013-4887 (SQL injection vulnerability in index.php in Digital Signage Xibo 1.4.2 ...)
	NOT-FOR-US: Digital Signage Xibo
CVE-2013-4886
	RESERVED
CVE-2013-4885 (The http-domino-enum-passwords.nse script in NMap before 6.40, when ...)
	- nmap 6.40-0.1 (low; bug #719289)
	[squeeze] - nmap <not-affected> (Vulnerable code not present)
	[wheezy] - nmap 6.00-0.3+deb7u1
CVE-2013-4884 (Cross-site scripting (XSS) vulnerability in McAfee SuperScan 4.0 ...)
	NOT-FOR-US: McAfee SuperScan
CVE-2013-5217
	REJECTED
CVE-2013-4890 (The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote ...)
	NOT-FOR-US: Samsung TV
CVE-2013-4883 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-4882 (Multiple SQL injection vulnerabilities in McAfee ePolicy Orchestrator ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-4881 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-4880 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-4879 (SQL injection vulnerability in core/inc/bigtree/cms.php in BigTree CMS ...)
	NOT-FOR-US: BigTree CMS
CVE-2013-4878 (The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2013-4877 (The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not ...)
	NOT-FOR-US: Verizon Wireless Network Extender
CVE-2013-4876 (The Verizon Wireless Network Extender SCS-2U01 has a hardcoded ...)
	NOT-FOR-US: Verizon Wireless Network Extender
CVE-2013-4875 (The Uboot bootloader on the Verizon Wireless Network Extender SCS-2U01 ...)
	NOT-FOR-US: Verizon Wireless Network Extender SCS-2U01
CVE-2013-4874 (The Uboot bootloader on the Verizon Wireless Network Extender ...)
	NOT-FOR-US: Verizon Wireless Network Extender
CVE-2013-4873 (The Yahoo! Tumblr app before 3.4.1 for iOS sends cleartext ...)
	NOT-FOR-US: iOS app
CVE-2013-4872 (Google Glass before XE6 does not properly restrict the processing of ...)
	NOT-FOR-US: Google Glass
CVE-2013-4871 (Cross-site request forgery (CSRF) vulnerability in the TEQneers SEO ...)
	NOT-FOR-US: TYPO3 extension tq_seo
CVE-2013-4870 (SQL injection vulnerability in the News Search (news_search) extension ...)
	NOT-FOR-US: TYPO3 extension news_search
CVE-2013-4869 (Cisco Unified Communications Manager (CUCM) 7.1(x) through 9.1(2) and ...)
	NOT-FOR-US: Cisco
CVE-2013-4868
	RESERVED
CVE-2013-4867
	RESERVED
CVE-2013-4866 (The LIXIL Corporation My SATIS Genius Toilet application for Android ...)
	NOT-FOR-US: LIXIL Corporation My SATIS Genius Toilet application for Android
CVE-2013-4865
	RESERVED
CVE-2013-4864
	RESERVED
CVE-2013-4863
	RESERVED
CVE-2013-4862
	RESERVED
CVE-2013-4861
	RESERVED
CVE-2013-4860 (Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does ...)
	NOT-FOR-US: Radio Thermostat
CVE-2013-4859
	RESERVED
CVE-2013-4858 (Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows ...)
	NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2013-4857
	RESERVED
CVE-2013-4856
	RESERVED
CVE-2013-4855
	RESERVED
CVE-2013-4854 (The RFC 5011 implementation in rdata.c in ISC BIND 9.7.x and 9.8.x ...)
	{DSA-2728-1}
	- bind9 1:9.8.4.dfsg.P1-6+nmu3 (bug #717936)
	NOTE: https://kb.isc.org/article/AA-01015/0
CVE-2013-4853
	RESERVED
CVE-2013-4852 (Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and ...)
	{DSA-2736-1}
	- putty 0.63-1 (bug #718779)
	- filezilla 3.7.3-1 (low; bug #718800)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.securityfocus.com/archive/1/527763/30/0
	NOTE: http://svn.tartarus.org/sgt?view=revision&sortby=date&revision=9896
CVE-2013-4851 (The vfs_hang_addrlist function in sys/kern/vfs_export.c in the NFS ...)
	{DSA-2743-1}
	- kfreebsd-9 9.1-4 (bug #717958)
	- kfreebsd-8 8.3-7 (bug #717959)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
	[squeeze] - kfreebsd-8 <not-affected> (FreeBSD NFS server implementation was not supported in squeeze)
CVE-2013-4850
	RESERVED
CVE-2013-4849
	RESERVED
CVE-2013-4848
	RESERVED
CVE-2013-4847
	RESERVED
CVE-2013-4846 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-4845 (Cross-site scripting (XSS) vulnerability on HP Officejet Pro 8500 (aka ...)
	NOT-FOR-US: HP Officejet Pro
CVE-2013-4844 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, ...)
	NOT-FOR-US: HP Service Manager and ServiceCenter
CVE-2013-4843 (Unspecified vulnerability in HP Integrated Lights-Out 4 (iLO4) with ...)
	NOT-FOR-US: HP iLO
CVE-2013-4842 (Cross-site scripting (XSS) vulnerability in HP Integrated Lights-Out 4 ...)
	NOT-FOR-US: HP iLO
CVE-2013-4841 (Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in ...)
	NOT-FOR-US: HP StoreVirtual
CVE-2013-4840 (Unspecified vulnerability in HP and H3C VPN Firewall Module products ...)
	NOT-FOR-US: HP and H3C VPN Firewall Module
CVE-2013-4839 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4838 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4837 (Unspecified vulnerability in Virtual User Generator in HP LoadRunner ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4836 (Unspecified vulnerability in the GossipService SOAP Request ...)
	NOT-FOR-US: HP Application LifeCycle Management
CVE-2013-4835 (The APISiteScopeImpl SOAP service in HP SiteScope 10.1x and 11.x ...)
	NOT-FOR-US: HP SiteScope
CVE-2013-4834 (Unspecified vulnerability in the client component in HP Application ...)
	NOT-FOR-US: HP Application LifeCycle Management
CVE-2013-4833 (Cross-site scripting (XSS) vulnerability in HP Service Manager 9.30 ...)
	NOT-FOR-US: HP
CVE-2013-4832 (HP Service Manager 9.30 through 9.32 allows remote authenticated users ...)
	NOT-FOR-US: HP
CVE-2013-4831 (HP Service Manager 9.30 through 9.32 does not properly manage ...)
	NOT-FOR-US: HP
CVE-2013-4830 (HP Service Manager 9.30 through 9.32 allows remote attackers to ...)
	NOT-FOR-US: HP
CVE-2013-4829 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet ...)
	NOT-FOR-US: HP
CVE-2013-4828 (HP LaserJet M4555, M525, and M725; LaserJet flow MFP M525c; LaserJet ...)
	NOT-FOR-US: HP
CVE-2013-4827 (SQL injection vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4826 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4825 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4824 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4823 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4822 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2013-4821 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-4820 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...)
	NOT-FOR-US: HP
CVE-2013-4819 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through ...)
	NOT-FOR-US: HP
CVE-2013-4818 (Unspecified vulnerability in HP IceWall SSO 8.0 through 10.0, IceWall ...)
	NOT-FOR-US: HP
CVE-2013-4817 (Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through ...)
	NOT-FOR-US: HP
CVE-2013-4816
	REJECTED
CVE-2013-4815 (Cross-site scripting (XSS) vulnerability in the web interface in HP ...)
	NOT-FOR-US: HP
CVE-2013-4814 (Cross-site scripting (XSS) vulnerability in HP XP P9000 Command View ...)
	NOT-FOR-US: HP
CVE-2013-4813 (The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) ...)
	NOT-FOR-US: HP
CVE-2013-4812 (UpdateCertificatesServlet in the SNAC registration server in HP ...)
	NOT-FOR-US: HP
CVE-2013-4811 (UpdateDomainControllerServlet in the SNAC registration server in HP ...)
	NOT-FOR-US: HP
CVE-2013-4810 (HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity ...)
	NOT-FOR-US: HP
CVE-2013-4809 (Multiple SQL injection vulnerabilities in GetEventsServlet in HP ...)
	NOT-FOR-US: HP
CVE-2013-4808 (Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and ...)
	NOT-FOR-US: HP
CVE-2013-4807 (Unspecified vulnerability on the HP LaserJet Pro P1102w, P1606dn, ...)
	NOT-FOR-US: HP
CVE-2013-4806 (The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, ...)
	NOT-FOR-US: HP routers
CVE-2013-4805 (Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) ...)
	NOT-FOR-US: HP Integrated Lights-Out firmware
CVE-2013-4804 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...)
	NOT-FOR-US: HP Business Process Monitor
CVE-2013-4803
	REJECTED
CVE-2013-4802 (Cross-site scripting (XSS) vulnerability in HP Application Lifecycle ...)
	NOT-FOR-US: HP
CVE-2013-4801 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4800 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4799 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4798 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4797 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-4796
	RESERVED
CVE-2013-4795 (Cross-site scripting (XSS) vulnerability in the Submitters list in ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4794
	RESERVED
CVE-2013-4793 (The update function in ...)
	NOT-FOR-US: Umbraco
CVE-2011-5266
	RESERVED
CVE-2013-4792
	RESERVED
CVE-2013-4791
	RESERVED
CVE-2013-4790 (Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-4789 (SQL injection vulnerability in modules/rss/rss.php in Cotonti before ...)
	NOT-FOR-US: Cotonti
CVE-2013-4788 (The PTR_MANGLE implementation in the GNU C Library (aka glibc or ...)
	{DLA-165-1}
	- glibc 2.17-94 (low; bug #717178)
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-4787 (Android 1.6 Donut through 4.2 Jelly Bean does not properly check ...)
	NOT-FOR-US: Android
CVE-2013-4786 (The IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange ...)
	NOTE: Design flaw in the IPMI 2.0 specification. Any correctly implemented device is vulnerable.
	NOTE: Contacted relevant maintainers: Since few to no devices do mutual authentication, tools shipped by Debian are generally not affected. At best, the tools can print a warning for vulnerable devices.
CVE-2013-4784 (The HP Integrated Lights-Out (iLO) BMC implementation allows remote ...)
	NOT-FOR-US: HP IPMI device
CVE-2013-4781 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4780 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4779 (Cross-site scripting (XSS) vulnerability in core/handleTw.php on the ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4778 (core/getLog.php on the Siemens Enterprise OpenScape Branch appliance ...)
	NOT-FOR-US: Siemens Enterprise OpenScape
CVE-2013-4777 (A certain configuration of Android 2.3.7 on the Motorola Defy XT phone ...)
	NOT-FOR-US: Motorola
CVE-2013-4776 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and ...)
	NOT-FOR-US: NETGEAR
CVE-2013-4775 (NETGEAR ProSafe GS724Tv3 and GS716Tv2 with firmware 5.4.1.13 and ...)
	NOT-FOR-US: NETGEAR
CVE-2013-4785 (The web interface on the Dell iDRAC6 with firmware before 1.95 allows ...)
	NOT-FOR-US: Dell
CVE-2013-4783 (The Dell iDRAC6 with firmware 1.x before 1.92 and 2.x and 3.x before ...)
	NOT-FOR-US: Dell
CVE-2013-4782 (The Supermicro BMC implementation allows remote attackers to bypass ...)
	NOT-FOR-US: Supermicro
CVE-2013-4774
	RESERVED
CVE-2013-4773
	RESERVED
CVE-2013-4772 (D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless ...)
	NOT-FOR-US: D-Link
CVE-2013-4771
	RESERVED
CVE-2013-4770
	RESERVED
CVE-2013-4769 (The cloud controller (aka CLC) component in Eucalyptus 3.3.x and 3.4.x ...)
	- eucalyptus <removed>
CVE-2013-4768 (The web services APIs in Eucalyptus 2.0 through 3.4.1 allow remote ...)
	- eucalyptus <removed>
CVE-2013-4767 (Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown ...)
	- eucalyptus <removed>
CVE-2013-4766 (The gather log service in Eucalyptus before 3.3.1 allows remote ...)
	- eucalyptus <removed>
CVE-2013-4765
	RESERVED
CVE-2013-4764
	RESERVED
CVE-2013-4763
	RESERVED
CVE-2013-4762 (Puppet Enterprise before 3.0.1 does not sufficiently invalidate a ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-4761 (Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x ...)
	{DSA-2761-1}
	- puppet 3.2.4-1 (low)
	[squeeze] - puppet <no-dsa> (non-standard config and attacker requires local access to master)
CVE-2013-4760
	RESERVED
CVE-2013-4759 (Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia ...)
	NOT-FOR-US: Magnolia CMS
CVE-2013-4757
	RESERVED
CVE-2013-4756
	RESERVED
CVE-2013-4758 (Double free vulnerability in the writeDataError function in the ...)
	- rsyslog <not-affected> (omelasticsearch plugin not enabled; see #715009)
	[squeeze] - rsyslog <not-affected> (omelasticsearch plugin not yet present)
	[wheezy] - rsyslog <not-affected> (omelasticsearch plugin not yet present)
	NOTE: http://bugzilla.adiscon.com/show_bug.cgi?id=461
	NOTE: http://git.adiscon.com/?p=rsyslog.git;a=commitdiff;h=80f88242982c9c6ad6ce8628fc5b94ea74051cf4
CVE-2013-4755
	RESERVED
CVE-2013-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Owl Intranet ...)
	NOT-FOR-US: Owl Intranet Knowledgebase
CVE-2013-4753 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2013-4752
	RESERVED
	NOT-FOR-US: Symfony HttpFoundation component
CVE-2013-4751
	RESERVED
	NOT-FOR-US: Symfony Validator component
CVE-2013-4750
	RESERVED
CVE-2013-4749 (Cross-site scripting (XSS) vulnerability in the UserTask Center, ...)
	NOT-FOR-US: sys_messages TYPO3 extension
CVE-2013-4748 (SQL injection vulnerability in the News system (news) extension before ...)
	NOT-FOR-US: News system TYPO3 extension
CVE-2013-4747 (Cross-site scripting (XSS) vulnerability in the Accessible browse ...)
	NOT-FOR-US: Accessible browse results TYPO3 extension
CVE-2013-4746 (Cross-site scripting (XSS) vulnerability in the My quiz and poll ...)
	NOT-FOR-US: My quiz and poll TYPO3 extension
CVE-2013-4745 (SQL injection vulnerability in the My quiz and poll (myquizpoll) ...)
	NOT-FOR-US: My quiz and poll TYPO3 extension
CVE-2013-4744 (Cross-site scripting (XSS) vulnerability in the PHPUnit extension ...)
	NOT-FOR-US: PHPUnit TYPO3 extension
CVE-2013-4743
	RESERVED
CVE-2013-4742 (Buffer overflow in NetWin SurgeFTP before 23d2 allows remote attackers ...)
	NOT-FOR-US: SurgeFTP
CVE-2013-4741
	RESERVED
CVE-2013-4740 (goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux ...)
	NOT-FOR-US: Goodix gt915 Android touchscreen driver
CVE-2013-4739 (The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm ...)
	- linux <not-affected> (Android-specific camera drivers)
CVE-2013-4738 (Multiple stack-based buffer overflows in the MSM camera driver for the ...)
	- linux <not-affected> (Android-specific camera drivers)
CVE-2013-4737 (The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, ...)
	- linux <not-affected> (Affected code not in mainline kernel)
	- linux-2.6 <not-affected> (Affected code not in mainline kernel)
	NOTE: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=4256415b296348ff16cd17a5b8f8dce4dea37328
CVE-2013-4736 (Multiple integer overflows in the JPEG engine drivers in the MSM ...)
	NOTE: https://www.codeaurora.org/projects/security-advisories/integer-overflow-and-signedness-issue-camera-jpeg-engines-cve-2013-4736
	NOT-FOR-US: camera JPEG engines on Android Linux kernels
CVE-2013-4735 (The Digital Alert Systems DASDEC EAS device before 2.0-2 and the ...)
	NOT-FOR-US: Digital Alert Systems and Monroe Electronics
CVE-2013-4734 (dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before ...)
	NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4733 (The web server on the Digital Alert Systems DASDEC EAS device before ...)
	NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4732 (** DISPUTED ** The administrative web server on the Digital Alert ...)
	NOT-FOR-US: Alert Systems and Monroe Electronics
CVE-2013-4731 (ajax.cgi in the web interface on the Choice Wireless Green Packet ...)
	NOT-FOR-US: Choice Wireless Green Packet modem
CVE-2013-4730 (Buffer overflow in PCMan's FTP Server 2.0.7 allows remote attackers to ...)
	NOT-FOR-US: PCMan FTP Server
CVE-2013-4729 (import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict ...)
	- phpmyadmin 4:4.0.4.1-1
	[wheezy] - phpmyadmin <not-affected> (vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2013-4728 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4727 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4726 (Cross-site request forgery (CSRF) vulnerability in DDSN Interactive ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4725 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4724 (DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4723 (Open redirect vulnerability in DDSN Interactive cm3 Acora CMS ...)
	NOT-FOR-US: Acora CMS
CVE-2013-4722 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Acora CMS
CVE-2010-5288 (Buffer overflow in the lsConnectionCached function in editcp in ...)
	NOT-FOR-US: EDItran Communications Platform
CVE-2013-4721 (SQL injection vulnerability in the RSS feed from records extension ...)
	NOT-FOR-US: records extension for TYPO3
CVE-2013-4720 (SQL injection vulnerability in the WEC Discussion Forum extension ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2013-4719 (SQL injection vulnerability in the SEO Pack for tt_news extension ...)
	NOT-FOR-US: SEO Pack for tt_news extension for TYPO3
CVE-2013-4718 [XSS]
	RESERVED
	NOT-FOR-US: OTRS ITSM
CVE-2013-4717 [SQL injection]
	RESERVED
	{DSA-2733-1}
	- otrs2 3.2.9-1
	NOTE: http://web.archive.org/web/20131023033811/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-05/
CVE-2012-6581 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6580 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6579 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6578 (Best Practical Solutions RT 3.8.x before 3.8.15 and 4.0.x before ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=870406#c3
CVE-2012-6577 (SQL injection vulnerability in the Formhandler extension before 1.4.1 ...)
	NOT-FOR-US: Formhandler TYPO3 extension
CVE-2012-6576 (Cross-site scripting (XSS) vulnerability in the PRH Search module ...)
	NOT-FOR-US: Drupal module PRH Search
CVE-2012-6575 (Cross-site scripting (XSS) vulnerability in the Exposed Filter Data ...)
	NOT-FOR-US: Drupal module Exposed Filter Data
CVE-2012-6574 (Cross-site scripting (XSS) vulnerability in the Fonecta verify module ...)
	NOT-FOR-US: Drupal module Fonecta verify
CVE-2013-4716 (Cross-site scripting (XSS) vulnerability in Tattyan HP TOWN 5_9_3 and ...)
	NOT-FOR-US: Tattyan HP TOWN
CVE-2013-4715 (SQL injection vulnerability in Tiki Wiki CMS Groupware 6 LTS before ...)
	NOT-FOR-US: Tiki Wiki
CVE-2013-4714 (Cross-site scripting (XSS) vulnerability in Tiki Wiki CMS Groupware 6 ...)
	NOT-FOR-US: Tiki Wiki
CVE-2013-4713 (Cross-site scripting (XSS) vulnerability in I-O DATA DEVICE RockDisk ...)
	NOT-FOR-US: I-O DATA DEVICE RockDisk
CVE-2013-4712 (I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and ...)
	NOT-FOR-US: I-O DATA DEVICE HDL-A and HDL2-A devices
CVE-2013-4711 (Cross-site scripting (XSS) vulnerability in Accela BizSearch 3.2 on ...)
	NOT-FOR-US: Accela Bizsearch
CVE-2013-4710 (Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, ...)
	NOT-FOR-US: Android
CVE-2013-4709 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
	NOT-FOR-US: PPP Access Concentrator
CVE-2013-4708 (The PPP Access Concentrator (PPPAC) in Internet Initiative Japan Inc. ...)
	NOT-FOR-US: Internet Initiative Japan Inc
CVE-2013-4707 (The SSH implementation on D-Link Japan DES-3810 devices with firmware ...)
	NOT-FOR-US: D-Link
CVE-2013-4706 (The SSH implementation on the D-Link Japan DWL-2100AP with firmware ...)
	NOT-FOR-US: D-Link
CVE-2013-4705 (Cross-site scripting (XSS) vulnerability in Opera before 15.00 allows ...)
	NOT-FOR-US: Opera
CVE-2013-4704 (Cross-site scripting (XSS) vulnerability in ChamaNet ChamaCargo 7.0000 ...)
	NOT-FOR-US: ChamaNet ChamaCargo
CVE-2013-4703 (Cross-site scripting (XSS) vulnerability in the top-page customization ...)
	NOT-FOR-US: Cybozu Office
CVE-2013-4702 (Multiple directory traversal vulnerabilities in the doApiAction ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-4701 (Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows ...)
	- php-openid 2.2.2-1.2 (low; bug #721221)
	[wheezy] - php-openid <no-dsa> (Minor issue)
	[squeeze] - php-openid <no-dsa> (Minor issue)
CVE-2013-4700 (The Yahoo! Japan Shopping application 1.4 and earlier for Android does ...)
	NOT-FOR-US: Yahoo shopping app
CVE-2013-4699 (The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and ...)
	NOT-FOR-US: Yahoo shopping app
CVE-2013-4698 (Cybozu Mailwise 5.0.4 and 5.0.5 allows remote authenticated users to ...)
	NOT-FOR-US: Cybozu Mailwise
CVE-2013-4697 (Multiple unspecified vulnerabilities in Hitachi JP1/IT Desktop ...)
	NOT-FOR-US: Hitachi
CVE-2013-4695
	RESERVED
CVE-2013-4694 (Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 ...)
	NOT-FOR-US: Winamp
CVE-2013-4693
	RESERVED
CVE-2013-4692
	RESERVED
CVE-2013-4691
	RESERVED
CVE-2013-4690 (Juniper Junos 10.4 before 10.4S13, 11.4 before 11.4R7-S1, 12.1 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4689 (J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1R ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4688 (flowd in Juniper Junos 10.4 before 10.4R11 on SRX devices, when the ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4687 (flowd in Juniper Junos 10.4 before 10.4S14, 11.2 and 11.4 before ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4686 (The kernel in Juniper Junos 10.4 before 10.4R14, 11.4 before 11.4R8, ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4685 (Buffer overflow in flowd in Juniper Junos 10.4 before 10.4S14, 11.4 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4684 (flowd in Juniper Junos 10.4 before 10.4S14, 11.4 before 11.4R8, 12.1 ...)
	NOT-FOR-US: Juniper Junos
CVE-2013-4683 (SQL injection vulnerability in the meta_feedit extension 0.1.10 and ...)
	NOT-FOR-US: meta_feedit extension for TYPO3
CVE-2013-4682 (SQL injection vulnerability in the Multishop extension before 2.0.39 ...)
	NOT-FOR-US: Multishop extension for TYPO3
CVE-2013-4681 (SQL injection vulnerability in the sofortueberweisung2commerce ...)
	NOT-FOR-US: sofortueberweisung2commerce extension TYPO3
CVE-2013-4680 (Open redirect vulnerability in Maag Form Captcha extension 2.0.0 and ...)
	NOT-FOR-US: meta_feedit extension for TYPO3
CVE-2013-4679 (Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a ...)
	NOT-FOR-US: Symantec Workspace Virtualization
CVE-2013-4678 (The NDMP protocol implementation in Symantec Backup Exec 2010 R3 ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4677 (Symantec Backup Exec 2010 R3 before 2010 R3 SP3 and 2012 before SP2 ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4676 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Backup ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4675
	RESERVED
CVE-2013-4674 (Cross-site scripting (XSS) vulnerability in the Web Email Protection ...)
	NOT-FOR-US: Symantec
CVE-2013-4673 (The management console on the Symantec Web Gateway (SWG) appliance ...)
	NOT-FOR-US: Symantec
CVE-2013-4672 (The management console on the Symantec Web Gateway (SWG) appliance ...)
	NOT-FOR-US: Symantec
CVE-2013-4671 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: Symantec
CVE-2013-4670 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: Symantec
CVE-2013-4668 (Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, ...)
	- file-roller 3.8.3-1
	[squeeze] - file-roller <not-affected> (Doesn't use libarchive)
	[wheezy] - file-roller <not-affected> (Doesn't use libarchive)
	NOTE: http://www.ocert.org/advisories/ocert-2013-001.html
CVE-2013-4667
	RESERVED
CVE-2013-4666
	RESERVED
CVE-2013-4665
	RESERVED
CVE-2013-4664
	RESERVED
CVE-2013-4663 (git_http_controller.rb in the redmine_git_hosting plugin for Redmine ...)
	NOT-FOR-US: Redmine plugin redmine_git_hosting
CVE-2013-4662 (The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-4661 (CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2013-4660 (The JS-YAML module before 2.0.5 for Node.js parses input without ...)
	NOT-FOR-US: js-yaml
CVE-2013-4659 (Buffer overflow in Broadcom ACSD allows remote attackers to execute ...)
	NOT-FOR-US: Broadcom ACSD
CVE-2013-4658
	RESERVED
CVE-2013-4657
	RESERVED
CVE-2013-4656
	RESERVED
CVE-2013-4655
	RESERVED
CVE-2013-4654
	RESERVED
CVE-2013-4653 (Multiple cross-site scripting (XSS) vulnerabilities in the signin ...)
	NOT-FOR-US: Alcatel-Lucent Omnitouch
CVE-2013-4652 (Unspecified vulnerability in the command-line management interface on ...)
	NOT-FOR-US: Siemens
CVE-2013-4651 (Siemens Scalance W7xx devices with firmware before 4.5.4 use the same ...)
	NOT-FOR-US: Siemens
CVE-2013-4650 (MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote ...)
	- mongodb 1:2.4.5-1 (bug #715007)
	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
	[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
CVE-2013-4649 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
	NOT-FOR-US: DotNetNuke
CVE-2013-4648
	RESERVED
CVE-2013-4647
	RESERVED
CVE-2013-4646
	RESERVED
CVE-2013-4645
	RESERVED
CVE-2013-4644
	RESERVED
CVE-2013-4643
	RESERVED
CVE-2013-4642
	RESERVED
CVE-2013-4641
	RESERVED
CVE-2013-4640
	RESERVED
CVE-2013-4639
	RESERVED
CVE-2013-4638
	RESERVED
CVE-2013-4637
	RESERVED
CVE-2013-4669 (FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, ...)
	NOT-FOR-US: FortiClient
CVE-2013-4636 (The mget function in libmagic/softmagic.c in the Fileinfo component in ...)
	- php5 5.5.0+dfsg-1
	[squeeze] - php5 <not-affected> (Introduced with 10367fa7c6a4a2cf9bee02d8905e284185428f09)
	[wheezy] - php5 <not-affected> (Introduced with 10367fa7c6a4a2cf9bee02d8905e284185428f09)
	- file <not-affected> (bug in code modified for PHP)
	NOTE: Tested with the squeeze and wheezy versions
CVE-2013-4635 (Integer overflow in the SdnToJewish function in jewish.c in the ...)
	- php5 5.5.0+dfsg-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2012-6572 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Inf08 theme for Drupal
CVE-2013-4634 (SQL injection vulnerability in the jQuery autocomplete for ...)
	NOT-FOR-US: rzautocomplete extension for Typo3
CVE-2013-4633 (Huawei Seco Versatile Security Manager (VSM) before V200R002C00SPC300 ...)
	NOT-FOR-US: Huawei Seco Versatile Security Manager
CVE-2013-4632 (The Huawei Access Router (AR) before V200R002SPC003 allows remote ...)
	NOT-FOR-US: The Huawei Access Router
CVE-2013-4631 (Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is ...)
	NOT-FOR-US: Huawei AR 150, 200, 1200, 2200, and 3200 routers,
CVE-2013-4630 (Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and ...)
	NOT-FOR-US: Huawei routers
CVE-2013-4629 (The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video ...)
	NOT-FOR-US: Huawei viewpoint
CVE-2013-4628 (The firewall module on the Huawei Quidway Service Process Unit (SPU) ...)
	NOT-FOR-US: Huawei Quidway Service Process Unit
CVE-2013-4627 (Unspecified vulnerability in bitcoind and Bitcoin-Qt 0.8.x allows ...)
	- bitcoin 0.8.3-1
CVE-2012-6571 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...)
	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
CVE-2012-6570 (The HTTP module in the (1) Branch Intelligent Management System (BIMS) ...)
	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
CVE-2012-6569 (Stack-based buffer overflow in the HTTP module in the (1) Branch ...)
	NOT-FOR-US: Branch Intelligent Management System, Huawei routers
CVE-2012-6568 (Buffer overflow in the back-end component in Huawei UTPS 1.0 allows ...)
	NOT-FOR-US: Huawei UTPS
CVE-2013-4626 (Cross-site scripting (XSS) vulnerability in the BackWPup plugin before ...)
	NOT-FOR-US: WordPress plugin BackWPup
CVE-2013-4625 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin Duplicator
CVE-2013-4624 (Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM ...)
	NOT-FOR-US: Jahia xCM
CVE-2013-4623 (The x509parse_crt function in x509.h in PolarSSL 1.1.x before 1.1.7 ...)
	{DSA-2782-1}
	- polarssl 1.2.8-1 (low; bug #719954)
CVE-2013-4622 (The 3G Mobile Hotspot feature on the HTC Droid Incredible has a ...)
	NOT-FOR-US: HTC Droid Incredible
CVE-2013-4621
	RESERVED
CVE-2013-4620 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2013-4619 (Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote ...)
	NOT-FOR-US: OpenEMR
CVE-2013-4618
	RESERVED
CVE-2013-4617 (Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a ...)
	NOT-FOR-US: Jahia xCM
CVE-2013-4616 (The WifiPasswordController generateDefaultPassword method in ...)
	NOT-FOR-US: Apple iOS
CVE-2013-4615 (The Canon MG3100, MG5300, MG6100, MP495, MX340, MX870, MX890, MX920, ...)
	NOT-FOR-US: EMC Smarts Network Configuration Manager
CVE-2013-4614 (English/pages_MacUS/wls_set_content.html on the Canon MG3100, MG5300, ...)
	NOT-FOR-US: EMC Smarts Network Configuration Manager
CVE-2013-4613 (The default configuration of the administrative interface on the Canon ...)
	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
CVE-2013-4612 (Multiple cross-site scripting (XSS) vulnerabilities in REDCap before ...)
	NOT-FOR-US: REDCap
CVE-2013-4611 (Multiple unspecified vulnerabilities in REDCap before 5.1.1 allow ...)
	NOT-FOR-US: REDCap
CVE-2013-4610 (Unspecified vulnerability in the Data Search utility in data-entry ...)
	NOT-FOR-US: REDCap
CVE-2013-4609 (REDCap before 5.0.4 and 5.1.x before 5.1.3 does not reject certain ...)
	NOT-FOR-US: REDCap
CVE-2013-4608 (Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows ...)
	NOT-FOR-US: REDCap
CVE-2013-4607
	RESERVED
CVE-2013-4606
	RESERVED
CVE-2013-4605
	RESERVED
CVE-2012-6567 (REDCap before 4.14.0 allows remote authenticated users to execute ...)
	NOT-FOR-US: REDCap
CVE-2012-6566 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 ...)
	NOT-FOR-US: REDCap
CVE-2012-6565 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 ...)
	NOT-FOR-US: REDCap
CVE-2012-6564 (Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 ...)
	NOT-FOR-US: REDCap
CVE-2013-4604 (Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2013-4603
	RESERVED
CVE-2013-4602
	RESERVED
CVE-2013-4601
	RESERVED
CVE-2013-4600 (Multiple cross-site scripting (XSS) vulnerabilities in Alkacon OpenCms ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2013-4599 (The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 ...)
	NOT-FOR-US: Drupal module misery
CVE-2013-4598 (The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for ...)
	NOT-FOR-US: Drupal module GCC
CVE-2013-4597 (The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not ...)
	NOT-FOR-US: Drupal module Revisioning
CVE-2013-4596 (The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not ...)
	NOT-FOR-US: Drupal module Node Access Keys
CVE-2013-4595 (The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not ...)
	NOT-FOR-US: Drupal module Secure Pages
CVE-2013-4594 (The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does ...)
	NOT-FOR-US: Drupal module Payment for Webform
CVE-2013-4593
	RESERVED
	- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
CVE-2013-4592 (Memory leak in the __kvm_set_memory_region function in ...)
	- linux 3.8-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
	[wheezy] - linux 3.2.53-1
CVE-2013-4591 (Buffer overflow in the __nfs4_get_acl_uncached function in ...)
	- linux 3.8-1
	[wheezy] - linux <not-affected> (Introduced in 3.6)
	- linux-2.6 <not-affected> (Introduced in 3.6)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12d6e7538e2d418c08f082b1b44ffa5fb7270ed8
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e40f193f5bb022e927a57a4f5d5194e4f12ddb74
CVE-2013-4590 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
	{DSA-3530-1 DLA-91-1}
	- tomcat6 6.0.39 (low)
	[squeeze] - tomcat6 <no-dsa> (Minor issue)
	- tomcat7 7.0.50 (low)
	[wheezy] - tomcat7 <no-dsa> (Minor issue)
	- tomcat8 8.0.0
CVE-2013-4589 (The ExportAlphaQuantumType function in export.c in GraphicsMagick ...)
	- graphicsmagick 1.3.18-1 (low; bug #729661)
	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
	[wheezy] - graphicsmagick <no-dsa> (Minor issue)
CVE-2013-4588 (Multiple stack-based buffer overflows in ...)
	{DSA-2906-1}
	- linux <not-affected> (fixed in 2.6.33)
	- linux-2.6 2.6.37-1
	NOTE: 2.6.37-1 first version including 2.6.33 in unstable for linux-2.6
	NOTE: https://git.kernel.org/linus/04bcef2a83f40c6db24222b27a52892cba39dffb
	NOTE: http://seclists.org/fulldisclosure/2013/Nov/77
CVE-2013-4587 (Array index error in the kvm_vm_ioctl_create_vcpu function in ...)
	{DSA-2906-1}
	- linux 3.12.5-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.54-1
CVE-2013-4586
	RESERVED
CVE-2013-4585
	RESERVED
CVE-2013-4584 [ssl_outgoing_ciphers not applied to STARTTLS connections]
	RESERVED
	- perdition 2.1-1 (low; bug #729028)
	[wheezy] - perdition <no-dsa> (Minor issue)
	[squeeze] - perdition <no-dsa> (Minor issue)
CVE-2013-4583
	RESERVED
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4582 [Local file inclusion vulnerability]
	RESERVED
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4581 (GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4580 (GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4579 (The ath9k_htc_set_bssid_mask function in ...)
	- linux-2.6 <not-affected> (ath9k not yet present)
	- linux 3.12.8-1 (bug #729573)
	[wheezy] - linux 3.2.54-1
	NOTE: http://www.mathyvanhoef.com/2013/11/unmasking-spoofed-mac-address.html
CVE-2013-4578 (jarsigner in OpenJDK and Oracle Java SE before 7u51 allows remote ...)
	- openjdk-7 7u51-2.4.4-1
	- openjdk-6 6b30-1.13.1-1
CVE-2013-4577 (A certain Debian patch for GNU GRUB uses world-readable permissions ...)
	- grub2 2.00-20 (unimportant; bug #632598)
	NOTE: Additional hardening for rare setups, not a vulnerability
CVE-2013-4576 (GnuPG 1.x before 1.4.16 generates RSA keys using sequences of ...)
	{DSA-2821-1}
	- gnupg 1.4.15-3
CVE-2013-4575 (Heap-based buffer overflow in the utility program in the Linux agent ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2013-4574 (Cross-site scripting (XSS) vulnerability in the TimeMediaHandler ...)
	NOT-FOR-US: TimedMediaHandler mediawiki extension
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=56699
CVE-2013-4573 (Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess ...)
	NOT-FOR-US: mediawiki extension ZeroRatedMobileAccess
CVE-2013-4572
	RESERVED
	{DSA-2891-1}
	- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=53032
CVE-2013-4571 (Buffer overflow in php-luasandbox in the Scribuntu extension for ...)
	NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49705
CVE-2013-4570 (The zend_inline_hash_func function in php-luasandbox in the Scribuntu ...)
	NOT-FOR-US: php-luasandbox / Scribunto mediawiki extension
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=54527
CVE-2013-4569 (The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before ...)
	NOT-FOR-US: mediawiki extension CleanChanges
CVE-2013-4568 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
CVE-2013-4567 (Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.8+dfsg-2.2 (bug #729629)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=55332
CVE-2013-4566 (mod_nss 1.0.8 and earlier, when NSSVerifyClient is set to none for the ...)
	- libapache2-mod-nss 1.0.8-4 (low; bug #731627)
	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
CVE-2013-4565 (Heap-based buffer overflow in the __OLEdecode function in ppthtml ...)
	- xlhtml <removed> (low; bug #729279)
	[wheezy] - xlhtml <no-dsa> (Minor issue)
	[squeeze] - xlhtml <no-dsa> (Minor issue)
CVE-2013-4564 (Libreswan 3.6 allows remote attackers to cause a denial of service ...)
	- libreswan <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2013-4564/CVE-2013-4564.txt.asc
	NOTE: https://github.com/libreswan/libreswan/commit/9b31deafbdbf0c2206358dfbf2d4e343e365f23f
CVE-2013-4563 (The udp6_ufo_fragment function in net/ipv6/udp_offload.c in the Linux ...)
	- linux-2.6 <not-affected> (Introduced in v3.10-rc5)
	- linux 3.11.10-1
	[wheezy] - linux <not-affected> (Introduced in v3.10-rc5)
	NOTE: Introduced: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1e2bd517c108816220f262d7954b697af03b5f9c
	NOTE: fixed in: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e033e0
CVE-2013-4562 (The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store ...)
	- ruby-omniauth-facebook <not-affected> (Fixed before initial release)
	NOTE: https://github.com/mkdynamic/omniauth-facebook/commit/ccfcc26fe7e34acbd75ad4a095fd01ce5ff48ee7
CVE-2013-4561
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2013-4560 (Use-after-free vulnerability in lighttpd before 1.4.33 allows remote ...)
	{DSA-2795-1}
	- lighttpd 1.4.33-1+nmu1 (bug #729453)
CVE-2013-4559 (lighttpd before 1.4.33 does not check the return value of the (1) ...)
	{DSA-2795-1}
	- lighttpd 1.4.33-1+nmu1 (bug #729453)
CVE-2013-4558 (The get_parent_resource function in repos.c in mod_dav_svn Apache ...)
	- subversion 1.7.14-1
	[squeeze] - subversion <not-affected> (Only affects 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4)
	[wheezy] - subversion <not-affected> (Only affects 1.7.11 through 1.7.13 and 1.8.1 through 1.8.4)
	NOTE: http://subversion.apache.org/security/CVE-2013-4558-advisory.txt
CVE-2013-4557 (The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 ...)
	{DSA-2794-1}
	- spip 2.1.24-1 (bug #729172)
CVE-2013-4556 (Cross-site scripting (XSS) vulnerability in the author page ...)
	{DSA-2794-1}
	- spip 2.1.24-1 (bug #729172)
CVE-2013-4555 (Cross-site request forgery (CSRF) vulnerability in ...)
	{DSA-2794-1}
	- spip 2.1.24-1 (bug #729172)
CVE-2013-4554 (Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), ...)
	- xen <not-affected> (Doesn't affect Linux)
CVE-2013-4553 (The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4552 (lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for ...)
	NOT-FOR-US: drupalauth module for simpleSAMLphp
CVE-2013-4551 (Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Only affects 4.2.x and later)
	[squeeze] - xen <not-affected> (Only affects 4.2.x and later)
CVE-2013-4550 (Bip before 0.8.9, when running as a daemon, writes SSL handshake ...)
	- bip 0.8.9-1 (low)
	[wheezy] - bip <no-dsa> (Minor issue)
	[squeeze] - bip <no-dsa> (Minor issue)
	NOTE: Upstream commit: https://projects.duckcorp.org/projects/bip/repository/revisions/df45c4c2d6f892e3e1dec23ce0ed2575b53a7d8c
	NOTE: https://projects.duckcorp.org/issues/261
	NOTE: Difference between CVE-2011-5268 and CVE-2013-4550: http://www.openwall.com/lists/oss-security/2014/01/02/9
CVE-2013-4549 (QXmlSimpleReader in Qt before 5.2 allows context-dependent attackers ...)
	- qtbase-opensource-src 5.1.1+dfsg-6
	- qt4-x11 4:4.8.5+git192-g085f851+dfsg-1 (low; bug #750141)
	[wheezy] - qt4-x11 <no-dsa> (Minor issue)
	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
	NOTE: https://codereview.qt-project.org/#change,70708
CVE-2013-4548 (The mm_newkeys_from_blob function in monitor_wrap.c in sshd in OpenSSH ...)
	- openssh 1:6.4p1-1 (bug #729029)
	[wheezy] - openssh <not-affected> (AES-GCM support introduced in 6.2)
	[squeeze] - openssh <not-affected> (AES-GCM support introduced in 6.2)
CVE-2013-4547 (nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote ...)
	{DSA-2802-1}
	- nginx 1.4.4-1 (bug #730012)
	[squeeze] - nginx <not-affected> (Only applies to 0.8.41 - 1.5.6)
CVE-2013-4546 (The repository import feature in gitlab-shell before 1.7.4, as used in ...)
	- gitlab <not-affected> (Fixed before initial upload to Debian)
CVE-2013-4545 (cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, ...)
	{DSA-2798-1}
	- curl 7.33.0-1
CVE-2013-4544 (hw/net/vmxnet3.c in QEMU 2.0.0-rc0, 1.7.1, and earlier allows local ...)
	- qemu 2.0.0+dfsg-1
	[wheezy] - qemu <not-affected> (Introduced in 1.4)
	[squeeze] - qemu <not-affected> (Introduced in 1.4)
	- qemu-kvm <not-affected> (Introduced in 1.4)
	NOTE: see BTS bug #744213
CVE-2013-4543
	REJECTED
CVE-2013-4542 (The virtio_scsi_load_request function in hw/scsi/scsi-bus.c in QEMU ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	NOTE: virtio-scsi support introduced in v1.1: http://wiki.qemu.org/ChangeLog/1.1
CVE-2013-4541 (The usb_device_post_load function in hw/usb/bus.c in QEMU before 1.7.2 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4540 (Buffer overflow in scoop_gpio_handler_update in QEMU before 1.7.2 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4539 (Multiple buffer overflows in the tsc210x_load function in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4538 (Multiple buffer overflows in the ssd0323_load function in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4537 (The ssi_sd_transfer function in hw/sd/ssi-sd.c in QEMU before 1.7.2 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4536
	RESERVED
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4535
	RESERVED
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4534 (Buffer overflow in hw/intc/openpic.c in QEMU before 1.7.2 allows ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4533 (Buffer overflow in the pxa2xx_ssp_load function in hw/arm/pxa2xx.c in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4532
	RESERVED
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4531 (Buffer overflow in target-arm/machine.c in QEMU before 1.7.2 allows ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4530 (Buffer overflow in hw/ssi/pl022.c in QEMU before 1.7.2 allows remote ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed>
CVE-2013-4529 (Buffer overflow in hw/pci/pcie_aer.c in QEMU before 1.7.2 allows ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4528
	REJECTED
CVE-2013-4527 (Buffer overflow in hw/timer/hpet.c in QEMU before 1.7.2 might allow ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4526 (Buffer overflow in hw/ide/ahci.c in QEMU before 1.7.2 allows remote ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4525 (Cross-site scripting (XSS) vulnerability in ...)
	- moodle 2.5.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4524 (Directory traversal vulnerability in repository/filesystem/lib.php in ...)
	- moodle 2.5.3-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4523 (Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle ...)
	- moodle 2.5.3-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4522 (lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x ...)
	- moodle 2.5.3-1 (low)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-4521
	RESERVED
	NOT-FOR-US: Nuxeo
CVE-2013-4520 (xslt.c in libxslt before 1.1.25 allows context-dependent attackers to ...)
	- libxslt <not-affected> (The versions in wheezy and squeeze contain the full patch)
CVE-2013-4519 (Multiple cross-site scripting (XSS) vulnerabilities in Review Board ...)
	- reviewboard <itp> (bug #653113)
CVE-2013-4518
	RESERVED
	NOT-FOR-US: Red Hat Update Infrastructure
CVE-2013-4517 (Apache Santuario XML Security for Java before 1.5.6, when applying ...)
	- libxml-security-java 1.5.6-1 (bug #733938)
	[squeeze] - libxml-security-java <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - libxml-security-java <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: http://santuario.apache.org/secadv.data/cve-2013-4517.txt.asc
CVE-2013-4516 (The mp_get_count function in drivers/staging/sb105x/sb_pci_mp.c in the ...)
	- linux 3.12-1 (unimportant)
	[wheezy] - linux <not-affected> (Affected code not present yet)
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a8b33654b1e3b0c74d4a1fed041c9aae50b3c427
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4515 (The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the ...)
	- linux 3.12-1 (unimportant)
	NOTE: bcm driver not built
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8d1e72250c847fa96498ec029891de4dc638a5ba
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4514 (Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in ...)
	- linux 3.12-1 (unimportant)
	NOTE: wlags49_h2 driver not built
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b5e2f339865fb443107e5b10603e53bbc92dc054
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4513 (Buffer overflow in the oz_cdev_write function in ...)
	- linux 3.12-1 (unimportant)
	[wheezy] - linux <not-affected> (Affected code not present yet)
	- linux-2.6 <not-affected> (Affected code not present yet)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c2c65cd2e14ada6de44cb527e7f1990bede24e15
	NOTE: Not enabled in Debian kernels; staging drivers are not supported
CVE-2013-4512 (Buffer overflow in the exitcode_proc_write function in ...)
	{DSA-2906-1}
	- linux 3.11.8-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=201f99f170df14ba52ea4c52847779042b7a623b
CVE-2013-4511 (Multiple integer overflows in Alchemy LCD frame-buffer drivers in the ...)
	{DSA-2906-1}
	- linux 3.11.8-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.53-1
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d
CVE-2013-4510 (Directory traversal vulnerability in the client in Tryton 3.0.0, as ...)
	{DSA-2791-1}
	- tryton-client 2.8.4-1
	NOTE: https://bugs.tryton.org/issue3446
CVE-2013-4509 (The default configuration of IBUS 1.5.4, and possibly 1.5.2 and ...)
	- mozc 1.12.1599.102-1 (low; bug #729065)
	[wheezy] - mozc <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	- ibus-anthy 1.5.4-1 (low; bug #729065)
	[wheezy] - ibus-anthy <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	[squeeze] - ibus-anthy <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
	- ibus-pinyin 1.5.0-1 (low; bug #729065)
	[wheezy] - ibus-pinyin <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	[squeeze] - ibus-pinyin <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
	- ibus-chewing 1.4.3-4 (low; bug #730781)
	[wheezy] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in stable)
	[squeeze] - ibus-chewing <not-affected> (Only in combination with Ibus 1.5.4, which is not in oldstable)
	NOTE: http://www.openwall.com/lists/oss-security/2013/11/04/2
	NOTE: This is rather a bug in the various IBus engines not in ibus itself, asked maintainers to investigate affected engines,
	NOTE: can be assigned to affected engines once more info is available
	NOTE: Introduced in 1.5, so stable/oldstable not affected
CVE-2013-4508 (lighttpd before 1.4.34, when SNI is enabled, configures weak SSL ...)
	{DSA-2795-1}
	- lighttpd 1.4.33-1+nmu1 (bug #729453)
	NOTE: http://download.lighttpd.net/lighttpd/security/lighttpd_sa_2013_01.txt
	NOTE: http://redmine.lighttpd.net/issues/2525
CVE-2013-4507 (Cross-site scripting (XSS) vulnerability in CollectiveAccess ...)
	NOT-FOR-US: CollectiveAccess
CVE-2013-4506
	RESERVED
CVE-2013-4505 (The is_this_legal function in mod_dontdothat for Apache Subversion ...)
	- subversion 1.7.14-1 (bug #730541; unimportant)
	NOTE: Not built in the binary packages
CVE-2013-4504 (The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4503 (Cross-site scripting (XSS) vulnerability in the Feed Element Mapper ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4502 (The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4501 (The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4500 (The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4499 (Cross-site scripting (XSS) vulnerability in the Bean module 7.x-1.x ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4498 (The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 ...)
	NOT-FOR-US: Drupal contrib module
CVE-2013-4497 (The XenAPI backend in OpenStack Compute (Nova) Folsom, Grizzly, and ...)
	- nova 2013.2-1
	[wheezy] - nova <not-affected> (OpenStack Essex is not affected)
	NOTE: https://bugs.launchpad.net/nova/+bug/1073306
	NOTE: https://github.com/openstack/nova/commit/ba0d007fb78bd1182c3c0b808dbd7ccc84640e80
	NOTE: https://bugs.launchpad.net/nova/+bug/1202266
	NOTE: https://github.com/openstack/nova/commit/5cced7a6dd32d231c606e25dbf762d199bf9cca7
CVE-2013-4496 (Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 ...)
	- samba 2:4.1.6+dfsg-1 (low)
	[wheezy] - samba 2:3.6.6-6+deb7u3
	[squeeze] - samba <no-dsa> (Minor issue)
	- samba4 <removed>
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
	NOTE: http://www.samba.org/samba/security/CVE-2013-4496
CVE-2013-4495 (The send_the_mail function in server/svr_mail.c in Terascale ...)
	{DSA-2796-1}
	- torque 2.4.16+dfsg-1.3 (bug #729333)
CVE-2013-4494 (Xen before 4.1.x, 4.2.x, and 4.3.x does not take the page_alloc_lock ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4493
	RESERVED
CVE-2013-4492 (Cross-site scripting (XSS) vulnerability in exceptions.rb in the i18n ...)
	{DSA-2830-1}
	- ruby-i18n 0.6.9-1
	- libi18n-ruby <removed>
	[squeeze] - libi18n-ruby <not-affected> (vulnerable code not present)
CVE-2013-4491 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2888-1}
	- rails-4.0 4.0.2+dfsg-1 (bug #731290)
	- rails-3.2 3.2.16-3+0
	- ruby-actionpack-3.2 3.2.16-1 (bug #731288)
	- ruby-actionpack-2.3 <not-affected> (vulnerable code not present)
	- rails <not-affected> (Vulnerable code not present)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4490 (The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before ...)
	- gitlab <not-affected> (Fixed before initial release to Debian)
CVE-2013-4489 (The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x ...)
	- gitlab <not-affected> (Fixed before initial release to Debian)
CVE-2013-4488 (libgadu before 1.12.0 does not verify X.509 certificates from SSL ...)
	- libgadu <unfixed> (unimportant)
	NOTE: Intentional design decision
CVE-2013-4487 (Off-by-one error in the dane_raw_tlsa in the DANE library (libdane) in ...)
	- gnutls28 <not-affected> (libdane is not built; original patch for CVE-2013-4466 not applied)
	- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
	NOTE: off-by one issue in original fix for CVE-2013-4466
CVE-2013-4486
	RESERVED
	NOT-FOR-US: Zanata
CVE-2013-4485 (389 Directory Server 1.2.11.15 (aka Red Hat Directory Server before ...)
	- 389-ds-base 1.3.2.9-1 (bug #730115)
CVE-2013-4484 (Varnish before 3.0.5 allows remote attackers to cause a denial of ...)
	{DSA-2814-1}
	- varnish 3.0.5-1 (medium; bug #728989)
	NOTE: https://www.varnish-cache.org/trac/ticket/1367
CVE-2013-4483 (The ipc_rcu_putref function in ipc/util.c in the Linux kernel before ...)
	- linux 3.11.8-1 (low)
	[wheezy] - linux 3.2.57-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <no-dsa> (Minor issue, too intrusive to backport)
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6062a8
CVE-2013-4482 (Untrusted search path vulnerability in python-paste-script (aka ...)
	NOT-FOR-US: LuCi
CVE-2013-4481 (Race condition in Luci 0.26.0 creates /var/lib/luci/etc/luci.ini with ...)
	NOT-FOR-US: LuCi
CVE-2013-4480 (Red Hat Satellite 5.6 and earlier does not disable the web interface ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-4479 (lib/sup/message_chunks.rb in Sup before 0.13.2.1 and 0.14.x before ...)
	{DSA-2805-1}
	- sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 (bug #728232)
	NOTE: https://github.com/sup-heliotrope/sup/commit/ca0302e0c716682d2de22e9136400c704cc93e42
CVE-2013-4478 (Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers ...)
	{DSA-2805-1}
	- sup-mail 0.12.1+git20120407.aaa852f-1+deb7u1 (bug #728232)
	NOTE: http://rubyforge.org/pipermail/sup-talk/2013-October/004996.html
	NOTE: https://github.com/sup-heliotrope/sup/commit/8b46cdbfc14e07ca07d403aa28b0e7bc1c544785
CVE-2013-4477 (The LDAP backend in OpenStack Identity (Keystone) Grizzly and Havana, ...)
	- keystone 2013.2-2 (bug #728233)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1242855
CVE-2013-4476 (Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is ...)
	- samba 2:4.0.11+dfsg-1 (low)
	[wheezy] - samba <not-affected> (Doesn't provide AD functionality)
	[squeeze] - samba <not-affected> (Doesn't provide AD functionality)
	- samba4 <removed> (low)
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
CVE-2013-4475 (Samba 3.2.x through 3.6.x before 3.6.20, 4.0.x before 4.0.11, and ...)
	{DSA-2812-1}
	- samba 2:4.0.11+dfsg-1 (low)
	- samba4 <removed> (low)
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
CVE-2013-4474 (Format string vulnerability in the extractPages function in ...)
	{DLA-1074-1}
	- poppler 0.18.4-9 (low; bug #729064)
	[squeeze] - poppler <not-affected> (pdfseparate not yet present)
CVE-2013-4473 (Stack-based buffer overflow in the extractPages function in ...)
	{DLA-1074-1}
	- poppler 0.18.4-9 (low; bug #729064)
	[squeeze] - poppler <not-affected> (pdfseparate not yet present)
CVE-2013-4472 (The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 ...)
	- poppler <unfixed> (unimportant)
	- xpdf <unfixed> (unimportant)
	NOTE: specific to non-*NIX systems
CVE-2013-4471 (The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 ...)
	- horizon 2013.2-1
	[wheezy] - horizon <not-affected> (v3 API introduced in Grizzly)
	NOTE: https://bugs.launchpad.net/horizon/+bug/1237989
CVE-2013-4470 (The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is ...)
	{DLA-0015-1}
	- linux 3.11.7-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	[wheezy] - linux 3.2.53-1
CVE-2013-4469 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana, when ...)
	- nova 2013.2-3 (low; bug #728605)
	[wheezy] - nova <no-dsa> (Minor issue)
	NOTE: CVE for incomplete fix of CVE-2013-2096
CVE-2013-4468 (VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and ...)
	NOT-FOR-US: VICIDIAL
CVE-2013-4467 (Multiple SQL injection vulnerabilities in the agent interface (agc/) ...)
	NOT-FOR-US: VICIDIAL
CVE-2013-4466 (Buffer overflow in the dane_query_tlsa function in the DANE library ...)
	- gnutls26 <not-affected> (only 3.1.x and 3.2.x)
	- gnutls28 <not-affected> (libdane is not built)
	NOTE: http://www.gnutls.org/security.html#GNUTLS-SA-2013-3
	NOTE: Upstream commit for 3.2.x: https://gitlab.com/gnutls/gnutls/commit/ed51e5e53cfbab3103d6b7b85b7ba4515e4f30c3
CVE-2013-4465 (Unrestricted file upload vulnerability in the avatar upload ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2013-4464
	RESERVED
CVE-2013-4463 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not properly ...)
	- nova 2013.2-3 (low; bug #728605)
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-4462
	RESERVED
	NOT-FOR-US: WordPress plugin
CVE-2013-4461 (SQL injection vulnerability in the web interface for cumin in Red Hat ...)
	NOT-FOR-US: Cumin
CVE-2013-4460 (Cross-site scripting (XSS) vulnerability in account_sponsor_page.php ...)
	{DSA-3120-1}
	- mantis <removed> (low; bug #727180)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=16513
CVE-2013-4459 (LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the ...)
	- lightdm <not-affected> (Only in combination with guest profile, apparmor and 1.8.x branch)
CVE-2013-4458 (Stack-based buffer overflow in the getaddrinfo function in ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.18-1 (low; bug #727181)
	[wheezy] - eglibc 2.13-38+deb7u1
	NOTE: https://sourceware.org/ml/libc-alpha/2013-10/msg00733.html
	NOTE: https://sourceware.org/bugzilla/show_bug.cgi?id=16072
CVE-2013-4457 (The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent ...)
	NOT-FOR-US: Cocaine rubygem
CVE-2013-4456
	RESERVED
CVE-2013-4455 (Katello Installer before 0.0.18 uses world-readable permissions for ...)
	NOT-FOR-US: Katello
CVE-2013-4454
	RESERVED
	NOT-FOR-US: WordPress plugin
CVE-2013-4453 (Cross-site scripting (XSS) vulnerability in templates/login.php in ...)
	- ldap-account-manager 4.4-1 (medium; bug #726976)
	[wheezy] - ldap-account-manager <no-dsa> (Minor issue)
	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2013-4452 (Red Hat JBoss Operations Network 3.1.2 uses world-readable permissions ...)
	NOT-FOR-US: JBoss Operation Network
CVE-2013-4451 [world writable files]
	RESERVED
	- gitolite <not-affected> (vulnerable code introduced for v3.5.3)
	- gitolite3 <not-affected> (vulnerable code introduced for v3.5.3)
CVE-2013-4450 (The HTTP server in Node.js 0.10.x before 0.10.21 and 0.8.x before ...)
	- nodejs 0.10.21~dfsg1-1 (medium)
	NOTE: https://github.com/joyent/node/commit/085dd30e93da67362f044ad1b3b6b2d997064692
	NOTE: http://blog.nodejs.org/2013/10/18/node-v0-10-21-stable/
CVE-2013-4449 (The rwm overlay in OpenLDAP 2.4.23, 2.4.36, and earlier does not ...)
	{DSA-3209-1 DLA-203-1}
	- openldap 2.4.39-1.1 (low; bug #729367)
	[wheezy] - openldap <no-dsa> (Minor issue)
	[squeeze] - openldap <no-dsa> (Minor issue)
	NOTE: http://www.openldap.org/its/index.cgi/Incoming?id=7723
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1019490
CVE-2013-4448
	RESERVED
CVE-2013-4447 (Cross-site scripting (XSS) vulnerability in the API in the Simplenews ...)
	NOT-FOR-US: Simplenews Drupal contributed module
CVE-2013-4446 (The _json_decode function in plugins/context_reaction_block.inc in the ...)
	NOT-FOR-US: Context Drupal contributed module
CVE-2013-4445 (The json rendering functionality in the Context module 6.x-2.x before ...)
	NOT-FOR-US: Context Drupal contributed module
CVE-2013-4444 (Unrestricted file upload vulnerability in Apache Tomcat 7.x before ...)
	- tomcat7 7.0.40-1
	[wheezy] - tomcat7 7.0.28-4+deb7u3
	NOTE: https://svn.apache.org/viewvc?view=revision&revision=1470435
CVE-2013-4443
	REJECTED
CVE-2013-4442 (Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated ...)
	- pwgen 2.07-1 (unimportant; bug #767008)
	NOTE: /dev/random is universally available, if an attacker can create an environment
	NOTE: where it's not available that opens a far bigger can of worms
CVE-2013-4441 [Phonemes mode has heavy bias and is enabled by default]
	RESERVED
	- pwgen <unfixed> (unimportant; bug #726578)
	NOTE: pwgen is documented to generate memorable passwords, so this is by design
CVE-2013-4440 (Password Generator (aka Pwgen) before 2.07 generates weak non-tty ...)
	- pwgen 2.07-1 (unimportant; bug #725507)
	NOTE: Documented shortcoming
CVE-2013-4439 (Salt (aka SaltStack) before 0.15.0 through 0.17.0 allows remote ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4438 (Salt (aka SaltStack) before 0.17.1 allows remote attackers to execute ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4437 (Unspecified vulnerability in salt-ssh in Salt (aka SaltStack) 0.17.0 ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4436 (The default configuration for salt-ssh in Salt (aka SaltStack) 0.17.0 ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4435 (Salt (aka SaltStack) 0.15.0 through 0.17.0 allows remote authenticated ...)
	- salt 0.17.1+dfsg-1 (bug #726480)
CVE-2013-4434 (Dropbear SSH Server before 2013.59 generates error messages for a ...)
	- dropbear 2012.55-1.4 (low; bug #726118)
	[squeeze] - dropbear <no-dsa> (Minor issue)
	[wheezy] - dropbear <no-dsa> (Minor issue)
CVE-2013-4433 (Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows ...)
	- xhprof 0.9.4-1 (bug #726284)
CVE-2013-4432 (Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does ...)
	- mahara <removed> (low; bug #727539)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5831
	NOTE: https://gitorious.org/mahara/mahara/commit/0b4952e063f50c001e4c2dfc5749f55258bff952
CVE-2013-4431 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does ...)
	- mahara <removed> (low; bug #727552)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5832
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5542
	NOTE: https://bugs.launchpad.net/mahara/+bug/1233500
CVE-2013-4430 (Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, ...)
	- mahara <removed> (unimportant; bug #727548)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5830
	NOTE: https://bugs.launchpad.net/mahara/+bug/1175446
	NOTE: Only exploitable during installation
CVE-2013-4429 (Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does ...)
	- mahara <removed> (low; bug #727545)
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.7_STABLE/revision/5833
	NOTE: https://bazaar.launchpad.net/~mahara-release/mahara/1.5_STABLE/revision/5543
	NOTE: https://bugs.launchpad.net/mahara/+bug/1211758
	[squeeze] - mahara <no-dsa> (Minor issue)
CVE-2013-4428 (OpenStack Image Registry and Delivery Service (Glance) Folsom, Grizzly ...)
	- glance 2013.2-1 (bug #726478)
	[wheezy] - glance <not-affected> (does not have the download_image)
CVE-2013-4427 (pyxtrlock before 0.2 does not properly check the return values of the ...)
	NOT-FOR-US: pyxtrlock
CVE-2013-4426 (pyxtrlock before 0.1 uses an incorrect variable name, which allows ...)
	NOT-FOR-US: pyxtrlock
CVE-2013-4425 (The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when ...)
	NOT-FOR-US: Osirix
CVE-2013-4424 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn ...)
	NOT-FOR-US: GateIn
CVE-2013-4423
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2013-4422 (SQL injection vulnerability in Quassel IRC before 0.9.1, when Qt 4.8.5 ...)
	- quassel 0.9.1-1
	[wheezy] - quassel <no-dsa> (Issue only relevant if the Qt 4.8.5 fix would be backported)
	[squeeze] - quassel <not-affected> (qt4-x11 is too old)
	NOTE: Issue when used with Qt >= 4.8.5 and PostgreSQL >= 8.2
	NOTE: http://quassel-irc.org/node/120
	NOTE: http://bugs.quassel-irc.org/issues/1244
	NOTE: https://github.com/quassel/quassel/commit/aa1008be162cb27da938cce93ba533f54d228869
	NOTE: Caused by a change in Qt's postgres driver:
	NOTE: https://bugreports.qt-project.org/browse/QTBUG-30076
	NOTE: https://qt.gitorious.org/qt/qtbase/commit/e3c5351d06ce8a12f035cd0627356bc64d8c334a
CVE-2013-4421 (The buf_decompress function in packet.c in Dropbear SSH Server before ...)
	- dropbear 2012.55-1.4 (low; bug #726019)
	[squeeze] - dropbear <no-dsa> (Minor issue)
	[wheezy] - dropbear <no-dsa> (Minor issue)
	NOTE: https://secure.ucc.asn.au/hg/dropbear/rev/0bf76f54de6f
CVE-2013-4420 (Multiple directory traversal vulnerabilities in the (1) ...)
	{DSA-2863-1}
	- libtar 1.2.20-2 (bug #731860)
CVE-2013-4419 (The guestfish command in libguestfs 1.20.12, 1.22.7, and earlier, when ...)
	- libguestfs 1:1.22.7-1
	[wheezy] - libguestfs 1:1.18.1-1+deb7u3
CVE-2013-4418
	REJECTED
CVE-2013-4417
	REJECTED
CVE-2013-4416 (The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, ...)
	- xen <not-affected> (ocaml version of the xenstore daemon not used in Debian)
CVE-2013-4415 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk and ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-4414 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
	NOT-FOR-US: Cumin
CVE-2013-4413 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Wicked Ruby Gem
CVE-2013-4412 [NULL ptr dereference]
	RESERVED
	- slim 1.3.6-0.1 (bug #725902)
	[wheezy] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
	[squeeze] - slim <not-affected> (Only exploitable with eglibc 2.17 and later)
	NOTE: Upstream fix: http://git.berlios.de/cgi-bin/cgit.cgi/slim/commit/?id=fbdfae3b406b1bb6f4e5e440e79b9b8bb8f071f
CVE-2013-4411
	RESERVED
	- reviewboard <itp> (bug #653113)
CVE-2013-4410
	RESERVED
	- reviewboard <itp> (bug #653113)
CVE-2013-4409 [unsanitized eval() vulnerability]
	RESERVED
	- djblets <removed> (low; bug #726039)
	- python-django-djblets <removed> (low)
	[squeeze] - python-django-djblets <no-dsa> (Minor issue)
	NOTE: Fix: https://github.com/djblets/djblets/commit/36cd15763742652ca990f913b44e91c69c707269
CVE-2013-4408 (Heap-based buffer overflow in the dcerpc_read_ncacn_packet_done ...)
	{DSA-2812-1}
	- samba 2:4.0.13+dfsg-1
	- samba4 <removed>
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
CVE-2013-4407 (HTTP::Body::Multipart in the HTTP-Body 1.08, 1.17, and earlier module ...)
	{DSA-2801-1}
	- libhttp-body-perl 1.17-2 (bug #721634)
	[squeeze] - libhttp-body-perl <not-affected> (Vulnerable code introduced in 1.08)
CVE-2013-4406 (The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, ...)
	NOT-FOR-US: Quick Tabs Drupal contributed module
CVE-2013-4405 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: Cumin
CVE-2013-4404 (cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce ...)
	NOT-FOR-US: Cumin
CVE-2013-4403
	REJECTED
CVE-2013-4402 (The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x ...)
	{DSA-2774-1 DSA-2773-1}
	- gnupg2 2.0.22-1 (bug #725433)
	- gnupg 1.4.15-1 (bug #725439)
CVE-2013-4401 (The virConnectDomainXMLToNative API function in libvirt 1.1.0 through ...)
	- libvirt 1.1.4-1 (bug #727101)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.0, REMOTE_PROC_CONNECT_DOMAIN_XML_TO|FROM_NATIVE not yet present)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=57687fd6bf7f6e1b3662c52f3f26c06ab19dc96c
CVE-2013-4400 (virt-login-shell in libvirt 1.1.2 through 1.1.3 allows local users to ...)
	- libvirt 1.1.4-1 (bug #727101)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.2, virt-login-shell not yet present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1015228#c3
CVE-2013-4399 (The remoteClientFreeFunc function in daemon/remote.c in libvirt before ...)
	- libvirt 1.1.4-1
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.0)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.0)
CVE-2013-4398
	REJECTED
CVE-2013-4397 (Multiple integer overflows in the th_read function in lib/block.c in ...)
	{DSA-2817-1}
	- libtar 1.2.20-1 (bug #725938)
CVE-2013-4396 (Use-after-free vulnerability in the doImageText function in ...)
	{DSA-2784-1}
	- xorg-server 2:1.14.3-4
CVE-2013-4395
	RESERVED
	NOT-FOR-US: Simple Machines Forum
CVE-2013-4394 (The SetX11Keyboard function in systemd, when PolicyKit Local Authority ...)
	{DSA-2777-1}
	- systemd 204-5 (bug #725357)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=862324
	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=0b507b17a760b21e33fc52ff377db6aa5086c680
CVE-2013-4393 (journald in systemd, when the origin of native messages is set to ...)
	- systemd 204-5 (bug #725357)
	[wheezy] - systemd <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859104
	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=1dfa7e79a60de680086b1d93fcc3629b463f58bd
CVE-2013-4392 (systemd, when updating file permissions, allows local users to change ...)
	- systemd <unfixed> (unimportant; bug #725357)
	[wheezy] - systemd <not-affected> (/etc/tmpfiles.d not supported in Wheezy)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859060
	NOTE: only relevant to systems running systemd along with selinux
CVE-2013-4391 (Integer overflow in the valid_user_field function in ...)
	{DSA-2777-1}
	- systemd 204-5 (bug #725357)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=859051
	NOTE: http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e
CVE-2013-4390 (Open redirect vulnerability in the AbstractAuthenticationFormServlet ...)
	NOT-FOR-US: Apache Sling
CVE-2013-4389 (Multiple format string vulnerabilities in log_subscriber.rb files in ...)
	{DSA-2888-1 DSA-2887-1}
	- rails-4.0 <not-affected> (Only affects 3.x)
	- ruby-actionmailer-3.2 3.2.16-1 (bug #726576)
	- ruby-actionmailer-2.3 <not-affected> (Only affects 3.x)
	- rails <not-affected> (Only affects 3.x)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-4388 (Buffer overflow in the mp4a packetizer ...)
	{DSA-2973-1}
	- vlc 2.1.0-1 (bug #726528)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=9794ec1cd268c04c8bca13a5fae15df6594dff3e
CVE-2013-4387 (net/ipv6/ip6_output.c in the Linux kernel through 3.11.4 does not ...)
	{DLA-0015-1}
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48squeeze8
	- linux 3.11.5-1
	[wheezy] - linux 3.2.53-1
CVE-2013-4386 (Multiple SQL injection vulnerabilities in ...)
	- foreman <itp> (bug #663101)
CVE-2013-4385 (Buffer overflow in the &quot;read-string!&quot; procedure in the &quot;extras&quot; unit ...)
	- chicken 4.8.0.5-1 (bug #724740; low)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://code.call-cc.org/cgi-bin/gitweb.cgi?p=chicken-core.git;a=commit;h=cd1b9775005ebe220ba11265dbf5396142e65f26
CVE-2013-4384 (Cross-site scripting (XSS) vulnerability in Google Site Search module ...)
	NOT-FOR-US: Drupal module
CVE-2013-4383 (Cross-site scripting (XSS) vulnerability in the jQuery Countdown ...)
	NOT-FOR-US: Drupal module
CVE-2013-4382
	REJECTED
CVE-2013-4381
	REJECTED
CVE-2013-4380 (Cross-site scripting (XSS) vulnerability in the MediaFront module ...)
	NOT-FOR-US: Drupal module
CVE-2013-4379 (The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal ...)
	NOT-FOR-US: Drupal module
CVE-2013-4378 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Javamelody
CVE-2013-4377 (Use-after-free vulnerability in the virtio-pci implementation in Qemu ...)
	- qemu 1.7.0+dfsg-4
	[wheezy] - qemu <not-affected> (Introduced in 1.4)
	[squeeze] - qemu <not-affected> (Introduced in 1.4)
	- qemu-kvm <not-affected> (Introduced in 1.4)
	NOTE: patches: http://thread.gmane.org/gmane.comp.emulators.qemu/234440
CVE-2013-4376 (The setgid wrapper libx2go-server-db-sqlite3-wrapper.c in X2Go Server ...)
	- x2goserver <not-affected> (Fixed with first upload to Debian)
	NOTE: Fixed by: https://code.x2go.org/gitweb?p=x2goserver.git;a=commitdiff;h=42264c88d7885474ebe3763b2991681ddfcfa69a
CVE-2013-4375 (The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before ...)
	- xen 4.2
	[squeeze] - xen <not-affected> (Only affects 4.2 and later)
	[wheezy] - xen <not-affected> (Only affects 4.2 and later)
	- qemu 1.7.0+dfsg-1
	[jessie] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
	[wheezy] - qemu <not-affected> (Xen in Wheezy uses it's internal copy of qemu)
	[squeeze] - qemu <not-affected> (vulnerable from version 1.1 onwards)
	- qemu-kvm <not-affected> (This only affects Qemu in combination with Xen)
	- xen-qemu-dm-4.0 <not-affected> (Affected code not yet present)
	NOTE: This is only exploitable in combination with Xen.
	NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
	NOTE: Xen in Wheezy includes qemu
	NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
CVE-2013-4374
	RESERVED
	NOT-FOR-US: RHQ MondoDB Drift Server
CVE-2013-4373 (The storeFiles method in JPADriftServerBean in Red Hat JBoss ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2013-4372 (Multiple cross-site scripting (XSS) vulnerabilities in Fuse Management ...)
	NOT-FOR-US: JBoss Fuse
CVE-2013-4371 (Use-after-free vulnerability in the libxl_list_cpupool function in the ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
	[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4370 (The ocaml binding for the xc_vcpu_getaffinity function in Xen 4.2.x ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
	[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4369 (The xlu_vif_parse_rate function in the libxlu library in Xen 4.2.x and ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
	[squeeze] - xen <not-affected> (Vulnerable code only present from 4.2 onwards)
CVE-2013-4368 (The outs instruction emulation in Xen 3.1.x, 4.2.x, 4.3.x, and ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4367
	RESERVED
	NOT-FOR-US: ovirt
CVE-2013-4366 (http/impl/client/HttpClientBuilder.java in Apache HttpClient 4.3.x ...)
	- httpcomponents-client 4.3.2-1
	[wheezy] - httpcomponents-client <not-affected> (vulnerable code not present)
	NOTE: http://svn.apache.org/r1528614
CVE-2013-4365 (Heap-based buffer overflow in the fcgid_header_bucket_read function in ...)
	{DSA-2778-1}
	- libapache2-mod-fcgid 1:2.3.9-1 (bug #725942)
CVE-2013-4364 ((1) oo-analytics-export and (2) oo-analytics-import in the ...)
	NOT-FOR-US: OpenShift
CVE-2013-4363 (Algorithmic complexity vulnerability in ...)
	- rubygems <removed> (unimportant; bug #722361)
	- libgems-ruby <removed> (unimportant; bug #722361)
	NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
	NOTE: it a potential elevated CPU consumption doesn't add any extra harm
	NOTE: CVE for incomplete fix for CVE-2013-4287
CVE-2013-4362 (WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users ...)
	{DSA-2765-1}
	- davfs2 1.4.7-3 (bug #723034)
	NOTE: http://savannah.nongnu.org/bugs/?40034
CVE-2013-4361 (The fbld instruction emulation in Xen 3.3.x through 4.3.x does not use ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4360
	REJECTED
CVE-2013-4359 (Integer overflow in kbdint.c in mod_sftp in ProFTPD 1.3.4d and 1.3.5r3 ...)
	{DSA-2767-1}
	- proftpd-dfsg 1.3.5~rc3-2.1 (bug #723179)
CVE-2013-4358 (libavcodec/h264.c in FFmpeg before 0.11.4 allows remote attackers to ...)
	- libav 6:9.1-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=072be3e8969f24113d599444be4d6a0ed04a6602
CVE-2013-4357 [getaddrinfo(), glob_in_dir stack overflow]
	RESERVED
	{DLA-165-1}
	- eglibc 2.17-1 (unimportant; bug #742925)
	[wheezy] - eglibc 2.13-38+deb7u6
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12671
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=797096
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=f2962a71959fd254a7a223437ca4b63b9e81130c
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=34a9094f49241ebb72084c536cf468fd51ebe3ec
	NOTE: https://sourceware.org/git/?p=glibc.git;a=commit;h=c8fc0c91695b1c7003c7170861274161f9224817
	NOTE: Fixed upstream in 2.14
CVE-2013-4356 (Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when ...)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Only affects 4.3+)
	[squeeze] - xen <not-affected> (Only affects 4.3+)
CVE-2013-4355 (Xen 4.3.x and earlier does not properly handle certain errors, which ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4354 (The API before 2.1 in OpenStack Image Registry and Delivery Service ...)
	- glance <unfixed> (unimportant)
	NOTE: https://bugs.launchpad.net/glance/+bug/1226078
	NOTE: according to upstream bug there will probably not be a patch for this issue
CVE-2013-4353 (The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before ...)
	{DSA-2837-1}
	- openssl 1.0.1f-1
	[squeeze] - openssl <not-affected> (Only affects 1.0.1 to 1.0.1e)
CVE-2013-4352 (The cache_invalidate function in modules/cache/cache_storage.c in the ...)
	- apache2 2.4.7-1 (low)
	[wheezy] - apache2 <not-affected> (Only affects 2.4.[56])
	[squeeze] - apache2 <not-affected> (Only affects 2.4.[56])
CVE-2013-4351 (GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all ...)
	{DSA-2774-1 DSA-2773-1}
	- gnupg 1.4.15-1 (low; bug #722722)
	- gnupg2 2.0.22-1 (low; bug #722724)
CVE-2013-4350 (The IPv6 SCTP implementation in net/sctp/ipv6.c in the Linux kernel ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.11.5-1
	[wheezy] - linux 3.2.53-1
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/13/2
	NOTE: http://git.kernel.org/cgit/linux/kernel/git/davem/net.git/commit/?id=95ee62083cb6453e056562d91f597552021e6ae7
CVE-2013-4349
	REJECTED
CVE-2013-4348 (The skb_flow_dissect function in net/core/flow_dissector.c in the ...)
	- linux 3.11.6-2
	- linux-2.6 <not-affected> (Introduced in 3.2)
	[wheezy] - linux 3.2.53-2
CVE-2013-4347 (The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier ...)
	- python-oauth2 <removed> (low; bug #722657)
	[wheezy] - python-oauth2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
	NOTE: https://github.com/simplegeo/python-oauth2/issues/9
CVE-2013-4346 (The Server.verify_request function in SimpleGeo python-oauth2 does not ...)
	- python-oauth2 <removed> (low; bug #722656)
	[wheezy] - python-oauth2 <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/12/5
	NOTE: https://github.com/simplegeo/python-oauth2/issues/129
CVE-2013-4345 (Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.5-1
	[wheezy] - linux 3.2.53-1
CVE-2013-4344 (Buffer overflow in the SCSI implementation in QEMU, as used in Xen, ...)
	{DSA-2933-1 DSA-2932-1}
	- xen 4.2-1
	[wheezy] - xen <not-affected> (Vulnerable code not present in the bundled 0.10 qemu)
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	- qemu 1.6.0+dfsg-2 (unimportant; bug #725944)
	- qemu-kvm <removed> (unimportant)
	- xen-qemu-dm-4.0 <removed>
	[squeeze] - xen-qemu-dm-4.0 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Qemu only exploitable by privileged administrator with malicious configuration
	NOTE: Xen in Squeeze uses a separate source package: xen-qemu-dm-4.0
	NOTE: Xen in Wheezy includes qemu
	NOTE: Xen after Wheezy uses qemu-system-x86 from qemu, marking 4.2 as pseudo fixed
CVE-2013-4343 (Use-after-free vulnerability in drivers/net/tun.c in the Linux kernel ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-4342 (xinetd does not enforce the user and group configuration directives ...)
	- xinetd 1:2.3.15-2 (bug #324678)
	[wheezy] - xinetd 1:2.3.14-7.1+deb7u1
	[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2013-4341 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle through ...)
	- moodle 2.5.2-1
	[squeeze] - moodle <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-4340 (wp-admin/includes/post.php in WordPress before 3.6.1 allows remote ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1 (bug #722537)
	NOTE: http://core.trac.wordpress.org/changeset/25321
CVE-2013-4339 (WordPress before 3.6.1 does not properly validate URLs before use in ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1 (bug #722537)
	NOTE: http://core.trac.wordpress.org/changeset/25323
	NOTE: http://core.trac.wordpress.org/changeset/25324
CVE-2013-4338 (wp-includes/functions.php in WordPress before 3.6.1 does not properly ...)
	{DSA-2757-1}
	- wordpress 3.6.1+dfsg-1 (bug #722537)
	NOTE: http://core.trac.wordpress.org/changeset/25325
CVE-2013-4337
	REJECTED
CVE-2013-4336
	REJECTED
CVE-2013-4335
	RESERVED
	NOT-FOR-US: opOpenSocialPlugin
CVE-2013-4334
	RESERVED
	NOT-FOR-US: opWebAPIPlugin
CVE-2013-4333
	RESERVED
	NOT-FOR-US: OpenPNE
CVE-2013-4332 (Multiple integer overflows in malloc/malloc.c in the GNU C Library ...)
	{DLA-165-1}
	- glibc 2.17-93 (bug #722536)
	- eglibc <removed>
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-4331 (Light Display Manager (aka LightDM) 1.4.x before 1.4.3, 1.6.x before ...)
	- lightdm 1.6.2-1 (bug #721744)
	[wheezy] - lightdm <not-affected> (Introduced in 1.4)
CVE-2013-4330 (Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, ...)
	NOT-FOR-US: Apache Camel
CVE-2013-4329 (The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <not-affected> (libxl not packaged in squeeze)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-09/msg00001.html
CVE-2013-4328
	REJECTED
CVE-2013-4327 (systemd does not properly use D-Bus for communication with a polkit ...)
	{DSA-2777-1}
	- systemd 204-5 (bug #723713)
CVE-2013-4326 (RealtimeKit (aka rtkit) 0.5 does not properly use D-Bus for ...)
	- rtkit 0.10-3 (bug #723714)
	[wheezy] - rtkit 0.10-2+wheezy1
CVE-2013-4325 (The check_permission_v1 function in base/pkit.py in HP Linux Imaging ...)
	{DSA-2829-1}
	- hplip 3.13.9-1 (bug #723716)
CVE-2013-4324 (spice-gtk 0.14, and possibly other versions, invokes the polkit ...)
	- spice-gtk 0.21-0nocelt1 (low)
	[wheezy] - spice-gtk <no-dsa> (Minor issue)
CVE-2013-4323
	RESERVED
CVE-2013-4322 (Apache Tomcat before 6.0.39, 7.x before 7.0.50, and 8.x before ...)
	{DSA-3530-1 DSA-2897-1 DLA-91-1}
	- tomcat6 6.0.39
	- tomcat7 7.0.50
	- tomcat8 8.0.0
CVE-2013-4321 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x ...)
	- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4320 (The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x ...)
	- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4319 (pbs_mom in Terascale Open-Source Resource and Queue Manager (aka ...)
	{DSA-2770-1}
	- torque 2.4.16+dfsg-1.1 (bug #722306)
	NOTE: http://www.supercluster.org/pipermail/torqueusers/2013-September/016098.html
CVE-2013-4318
	RESERVED
	NOT-FOR-US: Ruby gem Features
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/09/9
CVE-2013-4317 (In Apache CloudStack 4.1.0 and 4.1.1, when calling the CloudStack API ...)
	NOT-FOR-US: CloudStack
CVE-2013-4316 (Apache Struts 2.0.0 through 2.3.15.1 enables Dynamic Method Invocation ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-019.html
CVE-2013-4315 (Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x ...)
	{DSA-2755-1}
	- python-django 1.5.3-1 (bug #722605)
CVE-2013-4314 (The X509Extension in pyOpenSSL before 0.13.1 does not properly handle ...)
	{DSA-2763-1}
	- pyopenssl 0.13-2.1 (bug #722055)
CVE-2013-4313 (Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and ...)
	- moodle 2.5.2-1
	[squeeze] - moodle <not-affected>
CVE-2016-2847 (fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of ...)
	{DSA-3503-1}
	- linux 4.3.5-1
	NOTE: https://git.kernel.org/linus/759c01142a5d0f364a462346168a56de28a80f52 (v4.5-rc1)
CVE-2013-4312 (The Linux kernel before 4.4.1 allows local users to bypass ...)
	{DSA-3503-1 DSA-3448-1}
	- linux 4.3.3-6
	- linux-2.6 <removed>
	NOTE: https://git.kernel.org/linus/712f4aad406bb1ed67f3f98d04c044191f0ff593 (v4.5-rc1)
	NOTE: First patch for mitigation in 4.3.3-6, 4.3.5-1 adds a second bit required, that is CVE-2016-2847
CVE-2013-4311 (libvirt 1.0.5.x before 1.0.5.6, 0.10.2.x before 0.10.2.8, and 0.9.12.x ...)
	- libvirt 1.1.3~rc1-1 (unimportant)
	NOTE: polkit support not activated in Debian build prior to 1.2.9.
	NOTE: sourcewise support for 3-arg pkcheck syntax in libvirt is included
	NOTE: since 0.9.12.3-1 in wheezy-security (and 1.1.3~rc1-1 in unstable). But we need
	NOTE: to wait for the pu in #726558 for policykit-1/0.105-3+deb7u1 and have a rebuild
	NOTE: of libvirt then.
	NOTE: Needs a build dependency on libpolkit-gobject-1-dev
CVE-2013-4310 (Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2.0.0 - Struts 2.3.15.1)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-018.html
CVE-2013-4309
	RESERVED
CVE-2013-4308 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Mediawiki LiquidThreads extension
CVE-2013-4307 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Mediawiki Wikibase
CVE-2013-4306 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Mediawiki CheckUser extension
CVE-2013-4305 (Cross-site scripting (XSS) vulnerability in contrib/example.php in the ...)
	- mediawiki-extensions <removed> (unimportant)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49070
	NOTE: Just an example file
CVE-2013-4304 (The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x ...)
	NOT-FOR-US: Mediawiki CentralAuth extension
CVE-2013-4303 [mediawiki XSS with IE6]
	RESERVED
	- mediawiki 1:1.19.8+dfsg-1 (unimportant)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=52746
	NOTE: IE6 lacks so many security features that this doesn't matter
CVE-2013-4302 ((1) ApiBlock.php, (2) ApiCreateAccount.php, (3) ApiLogin.php, (4) ...)
	{DSA-2753-1}
	- mediawiki 1:1.19.8+dfsg-1
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=49090
CVE-2013-4301 (includes/resourceloader/ResourceLoaderContext.php in MediaWiki 1.19.x ...)
	- mediawiki 1:1.19.8+dfsg-1 (unimportant)
	[squeeze] - mediawiki <end-of-life>
	NOTE: Full path disclosure irrelevant in Debian
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46332
CVE-2013-4300 (The scm_check_creds function in net/core/scm.c in the Linux kernel ...)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users in 3.2)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users in 2.6.32)
CVE-2013-4299 (Interpretation conflict in drivers/md/dm-snap-persistent.c in the ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.6-2
	[wheezy] - linux 3.2.53-1
	NOTE: upstream commit: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e9c6a182649f4259db704ae15a91ac820e63b0ca
CVE-2013-4297 (The virFileNBDDeviceAssociate function in util/virfile.c in libvirt ...)
	- libvirt 1.1.2-2
	[jessie] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
	[wheezy] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
	[squeeze] - libvirt <not-affected> (Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=2dba0323ff0cec31bdcea9dd3b2428af297401f2
	NOTE: Introduced with 8aabd597b379db5ae1655e36dff4f10d5622830a, 1.0.6
CVE-2013-4296 (The remoteDispatchDomainMemoryStats function in daemon/remote.c in ...)
	{DSA-2764-1}
	- libvirt 1.1.4-1
	[squeeze] - libvirt <not-affected> (Vulnerable code not present, introduced by commit 158ba8730e44b7dd07a21ab90499996c5dec080a)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=158ba8730e44b7dd07a21ab90499996c5dec080a
	NOTE: Fix: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=e7f400a110e2e3673b96518170bfea0855dd82c0
CVE-2013-4295 (The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote ...)
	NOT-FOR-US: Apache Shindig
CVE-2013-4294 (The (1) mamcache and (2) KVS token backends in OpenStack Identity ...)
	- keystone 2013.1.3-2 (bug #722505)
	[wheezy] - keystone <not-affected> (only affects Folsom release and above)
CVE-2013-4293 (The server in Red Hat JBoss Operations Network (JON) 3.1.2 logs ...)
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2013-4292 (libvirt 1.1.0 and 1.1.1 allows local users to cause a denial of ...)
	- libvirt 1.1.2~rc2-1 (bug #721325)
	[jessie] - libvirt <not-affected> (Introduced with 1.1.0)
	[wheezy] - libvirt <not-affected> (Introduced with 1.1.0)
	[squeeze] - libvirt <not-affected> (Introduced with 1.1.0)
CVE-2013-4291 (The virSecurityManagerSetProcessLabel function in libvirt 0.10.2.7, ...)
	- libvirt 1.1.2-2
	[jessie] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
	[wheezy] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
	[squeeze] - libvirt <not-affected> (vulnerable code not introduced, introduced in 1.1.1)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=745aa55fbf3e076c4288d5ec3239f5a5d43508a6
CVE-2013-4290 (Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote ...)
	- openjpeg <removed> (unimportant; bug #722540)
	NOTE: JP3D code not built in the binary package, see #722540
CVE-2013-4289 (Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before ...)
	- openjpeg <removed> (unimportant; bug #722540)
	NOTE: JP3D code not built in the binary package, see #722540
CVE-2013-4288 (Race condition in PolicyKit (aka polkit) allows local users to bypass ...)
	- policykit-1 0.105-3+nmu1 (low; bug #723717)
	[squeeze] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
	[wheezy] - policykit-1 <no-dsa> (The update only deprecates an API and introduces a new option for pkcheck, no src package uses this API)
CVE-2013-4287 (Algorithmic complexity vulnerability in Gem::Version::VERSION_PATTERN ...)
	- rubygems <removed> (unimportant; bug #722361)
	- libgems-ruby <removed> (unimportant; bug #722361)
	NOTE: Non-issue, you trust the site providing the gem with installing arbitrary code, allowing
	NOTE: it a potential elevated CPU consumption doesn't add any extra harm
CVE-2013-4286 (Apache Tomcat before 6.0.39, 7.x before 7.0.47, and 8.x before ...)
	{DSA-3530-1 DSA-2897-1 DLA-91-1}
	- tomcat6 6.0.39
	- tomcat7 7.0.47
	- tomcat8 8.0.0
CVE-2013-4285 (A certain Gentoo patch for the PAM S/Key module does not properly ...)
	NOT-FOR-US: pam_skey
CVE-2013-4284 (Cumin, as used in Red Hat Enterprise MRG 2.4, allows remote attackers ...)
	NOT-FOR-US: Cumin
CVE-2013-4283 (ns-slapd in 389 Directory Server before 1.3.0.8 allows remote ...)
	- 389-ds-base 1.3.2.9-1 (bug #721222)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=999634
CVE-2013-4282 (Stack-based buffer overflow in the reds_handle_ticket function in ...)
	{DSA-2839-1}
	- spice 0.12.4-0nocelt2 (bug #728314)
	NOTE: http://cgit.freedesktop.org/spice/spice/commit/?id=8af619009660b24e0b41ad26b30289eea288fcc2
CVE-2013-4281
	RESERVED
CVE-2013-4280
	RESERVED
	NOT-FOR-US: Red Hat vdsm
CVE-2013-4279 (imapsync 1.564 and earlier performs a release check by default, which ...)
	- imapsync <removed>
CVE-2013-4278 (The &quot;create an instance&quot; API in OpenStack Compute (Nova) Folsom, ...)
	- nova 2013.1.3-1 (bug #720602)
	[wheezy] - nova <not-affected> (Affected code not present)
	NOTE: incomplete fix for CVE-2013-2256
CVE-2013-4277 (Svnserve in Apache Subversion 1.4.0 through 1.7.12 and 1.8.0 through ...)
	- subversion 1.7.13-1 (low; bug #721542)
	[squeeze] - subversion <no-dsa> (Minor issue, PID file not created by default)
	[wheezy] - subversion <no-dsa> (Minor issue, PID file not created by default)
	NOTE: http://subversion.apache.org/security/CVE-2013-4277-advisory.txt
CVE-2013-4276 (Multiple stack-based buffer overflows in LittleCMS (aka lcms or ...)
	- lcms 1.19.dfsg1-1.3 (low; bug #718682)
	[squeeze] - lcms <no-dsa> (Minor issue)
	[wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
	- lcms2 <not-affected> (Vulnerable code not present)
CVE-2013-4275
	RESERVED
	NOT-FOR-US: Drupal contributed module Zen
CVE-2013-4274 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-4273 (The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not ...)
	NOT-FOR-US: Drupal contributed module Entity API
CVE-2013-4272 (The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x ...)
	NOT-FOR-US: Drupal addon
CVE-2013-4271 (The default configuration of the ObjectRepresentation class in Restlet ...)
	- restlet <itp> (bug #596472)
CVE-2013-4270 (The net_ctl_permissions function in net/sysctl_net.c in the Linux ...)
	- linux-2.6 <not-affected> (Introduced in 3.8)
	- linux 3.11.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	NOTE: Introduced with http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cff109768b2d9c03095848f4cd4b0754117262aa
	NOTE: Fixed by http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2433c8f094a008895e66f25bd1773cdb01c91d01
CVE-2013-4269
	RESERVED
	- ajaxplorer <itp> (bug #668381)
CVE-2013-4268
	RESERVED
	- ajaxplorer <itp> (bug #668381)
CVE-2013-4267
	RESERVED
	- ajaxplorer <itp> (bug #668381)
CVE-2013-4266
	REJECTED
CVE-2013-4265 (The av_reallocp_array function in libavutil/mem.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Affected function codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected function not present in libav)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/c94f9e854228e0ea00e1de8769d8d3f7cab84a55
CVE-2013-4264 (The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before ...)
	- ffmpeg <not-affected> (g2meet codec not present in 0.5 ffmpeg)
	- libav <not-affected> (g2meet codec not present in libav)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/2960576378d17d71cc8dccc926352ce568b5eec1
CVE-2013-4263 (libavfilter in FFmpeg before 2.0.1 has unspecified impact and remote ...)
	- ffmpeg <not-affected> (Affected video filters not present in ffmpeg 0.5)
	- libav <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/FFmpeg/FFmpeg/commit/e43a0a232dbf6d3c161823c2e07c52e76227a1bc
	NOTE: [Anton] the report and the fix appear completely bogus, likely working around bugs from completely different parts of the code; most probably not present in any libav release
CVE-2013-4262 (svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile ...)
	- subversion 1.8.5-1 (unimportant)
	NOTE: Optional admin-side utilities in Subversion 1.8.x
CVE-2013-4261 (OpenStack Compute (Nova) Folsom, Grizzly, and earlier, when using ...)
	- nova 2013.2-1 (low)
	[wheezy] - nova <no-dsa> (Will be fixed in a point update)
	NOTE: https://bugs.launchpad.net/nova/+bug/1215091/comments/10 (relevant question for other components)
	NOTE: probably does not affect Essex/2012.1, see https://bugs.launchpad.net/nova/+bug/1215091/comments/6
CVE-2013-4260 (lib/ansible/playbook/__init__.py in Ansible 1.2.x before 1.2.3, when ...)
	- ansible <not-affected> (affected code introduced with ansible 1.2)
CVE-2013-4259 (runner/connection_plugins/ssh.py in Ansible before 1.2.3, when using ...)
	- ansible 1.3.4+dfsg-1 (bug #721766)
	NOTE: upstream commit: https://github.com/ansible/ansible/commit/6bf5d195065bc23b5fc72ba690d7ed45f228aaf0
CVE-2013-4258 (Format string vulnerability in the osLogMsg function in ...)
	{DSA-2771-1}
	- nas 1.9.3-6 (bug #720287)
CVE-2013-4257 [Heap Overflow]
	REJECTED
CVE-2013-4256 (Multiple stack-based and heap-based buffer overflows in Network Audio ...)
	{DSA-2771-1}
	- nas 1.9.3-6 (bug #720287)
CVE-2013-4255 (The policy definition evaluator in Condor 7.5.4, 8.0.0, and earlier ...)
	- condor 8.0.5~dfsg.1-1 (bug #721693)
	[wheezy] - condor <no-dsa> (Minor issue)
CVE-2013-4254 (The validate_event function in arch/arm/kernel/perf_event.c in the ...)
	- linux 3.10.11-1
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <not-affected> (No perf support on arm)
CVE-2013-4253
	RESERVED
CVE-2013-4252
	RESERVED
CVE-2013-4251 [weave /tmp and current directory issues]
	RESERVED
	{DLA-26-1}
	- python-scipy 0.12.0-3 (bug #726093)
	[wheezy] - python-scipy <no-dsa> (Minor issue)
	[squeeze] - python-scipy 0.7.2+dfsg1-1+deb6u1
	NOTE: https://github.com/scipy/scipy/commit/bd296e0336420b840fcd2faabb97084fd252a973
CVE-2013-4250 (The (1) file upload component and (2) File Abstraction Layer (FAL) in ...)
	- typo3-src <not-affected> (All versions from 6.0.0 up to the development branch of 6.2)
CVE-2013-4249 (Cross-site scripting (XSS) vulnerability in the AdminURLFieldWidget ...)
	- python-django 1.5.2-1
	[wheezy] - python-django <not-affected> (1.4.x not affected)
	[squeeze] - python-django <not-affected> (1.2.x not affected)
	NOTE: problem introduced with https://github.com/django/django/commit/ac2052ebc84c45709ab5f0f25e685bf656ce79bc
CVE-2013-4248 (The openssl_x509_parse function in openssl.c in the OpenSSL module in ...)
	{DSA-2742-1}
	- php5 5.5.3+dfsg-1 (bug #719765)
	NOTE: fix in 5.5.2 incomplete, see http://php.net/ChangeLog-5.php
CVE-2013-4247 (Off-by-one error in the build_unc_path_to_root function in ...)
	- linux-2.6 <not-affected> (Introduced in 3.8)
	- linux 3.9.6-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
CVE-2013-4246 (libsvn_fs_fs/fs_fs.c in Apache Subversion 1.8.x before 1.8.2 might ...)
	- subversion <not-affected> (only affects 1.8.0 and 1.8.1)
CVE-2013-4245 [Arbitrary code execution due to insecure CWD Python module load]
	RESERVED
	- gnome-orca <unfixed> (unimportant)
	NOTE: Negligable security impact
CVE-2013-4244 (The LZW decompressor in the gif2tiff tool in libtiff 4.0.3 and earlier ...)
	{DSA-2744-1}
	- tiff 4.0.3-3
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4243 (Heap-based buffer overflow in the readgifimage function in the ...)
	{DSA-2965-1 DLA-0013-1}
	- tiff 4.0.3-9 (low; bug #742917)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
	[squeeze] - tiff 3.9.4-5+squeeze11
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=2451
CVE-2013-4242 (GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x ...)
	{DSA-2731-1 DSA-2730-1}
	- gnupg 1.4.14-1 (bug #717880)
	- libgcrypt11 1.5.3-1
CVE-2013-4241
	RESERVED
	NOT-FOR-US: WordPress plugin HMS Testimonials
CVE-2013-4240 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS ...)
	NOT-FOR-US: WordPress plugin HMS Testimonials
CVE-2013-4239 (The xenDaemonListDefinedDomains function in xen/xend_internal.c in ...)
	- libvirt 1.1.2~rc1-1 (bug #719533)
	[wheezy] - libvirt <not-affected> (Introduced in 1.1.1)
	[squeeze] - libvirt <not-affected> (Introduced in 1.1.1)
	NOTE: Introduced by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=632180d1
	NOTE: Fixed by: http://libvirt.org/git/?p=libvirt.git;a=commit;h=0e671a16
CVE-2013-4238 (The ssl.match_hostname function in the SSL module in Python 2.6 ...)
	{DSA-2880-1 DLA-25-1}
	- python2.5 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	- python2.6 <removed> (low)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.5-8 (low; bug #719566)
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 <removed> (low; bug #719568)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.2-6 (low; bug #719567)
	NOTE: http://bugs.python.org/issue18709
	NOTE: https://bugs.mageia.org/show_bug.cgi?id=10989
CVE-2013-4237 (sysdeps/posix/readdir_r.c in the GNU C Library (aka glibc or libc6) ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-94 (bug #719558)
	[wheezy] - eglibc 2.13-38+deb7u1
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=14699
	NOTE: http://sourceware.org/ml/libc-alpha/2013-05/msg00445.html
CVE-2013-4236 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
	NOT-FOR-US: Red Hat vdsm
	NOTE: for incomplete fix for CVE-2013-0167
CVE-2013-4235 [TOCTOU race conditions by copying and removing directory trees]
	RESERVED
	- shadow <unfixed> (unimportant; bug #778950)
CVE-2013-4234 (Multiple heap-based buffer overflows in the (1) abc_MIDI_drum and (2) ...)
	{DSA-2751-1}
	- libmodplug 1:0.8.8.4-4 (bug #719462)
CVE-2013-4233 (Integer overflow in the abc_set_parts function in load_abc.cpp in ...)
	{DSA-2751-1}
	- libmodplug 1:0.8.8.4-4 (bug #719462)
CVE-2013-4232 (Use-after-free vulnerability in the t2p_readwrite_pdf_image function ...)
	{DSA-2744-1}
	- tiff 4.0.3-2 (bug #719303)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4231 (Multiple buffer overflows in libtiff before 4.0.3 allow remote ...)
	{DSA-2744-1}
	- tiff 4.0.3-2 (bug #719303)
	- tiff3 <not-affected> (The tiff3 source package doesn't build the TIFF tools)
CVE-2013-4230 (The mm_webform submodule in the Monster Menus module 6.x-6.x before ...)
	NOT-FOR-US: Monster Menus Drupal contributed module
CVE-2013-4229 (Cross-site scripting (XSS) vulnerability in the Monster Menus module ...)
	NOT-FOR-US: Monster Menus Drupal contributed module
CVE-2013-4228
	RESERVED
	NOT-FOR-US: Organic Group Drupal contributed module
CVE-2013-4227
	RESERVED
	NOT-FOR-US: Persona Drupal contributed module
CVE-2013-4226
	RESERVED
	NOT-FOR-US: Authenticated User Page Caching Drupal contributed module
CVE-2013-4225
	RESERVED
	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-4224
	RESERVED
	NOTE: Dublicate of CVE-2013-4187, thus rejected
CVE-2013-4223 (The Gentoo Nullmailer package before 1.11-r2 uses world-readable ...)
	- nullmailer 1:1.11-2 (low; bug #684619)
	[squeeze] - nullmailer <no-dsa> (Minor issue)
	NOTE: CVE originally for /etc/nullmailer/remotes permissions in gentoo, but Debian
	NOTE: had the same problem until 1:1.11-2
CVE-2013-4222 (OpenStack Identity (Keystone) Folsom, Grizzly 2013.1.3 and earlier, ...)
	- keystone 2013.1.3-1 (bug #719290)
	[wheezy] - keystone <not-affected> (Vulnerable code not present in Openstack Essex)
	NOTE: http://lists.openstack.org/pipermail/openstack-security/2013-August/000263.html
CVE-2013-4221 (The default configuration of the ObjectRepresentation class in Restlet ...)
	- restlet <itp> (bug #596472)
	NOTE: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html
	NOTE: https://github.com/o2platform/DefCon_RESTing
CVE-2013-4220 (The bad_mode function in arch/arm64/kernel/traps.c in the Linux kernel ...)
	- linux-2.6 <not-affected> (ARM64 not supported)
	- linux <not-affected> (ARM64 not yet supported)
CVE-2013-4219 (Multiple integer overflows in the Intel WiMAX Network Service through ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4218 (The InitMethodAndPassword function in ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4217 (The OSAL_Crypt_SetEncryptedPassword function in ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4216 (The Trace_OpenLogFile function in ...)
	- wimax-tools <itp> (bug #627975)
CVE-2013-4215 (The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins ...)
	- nagios-plugins <removed> (unimportant)
	NOTE: vulnerable code present, but check_ipxping is neither built nor installed
	- monitoring-plugins <undetermined> (unimportant)
CVE-2013-4214 (rss-newsfeed.php in Nagios Core 3.4.4, 3.5.1, and earlier, when ...)
	- nagios3 3.5.1-1 (low; bug #719056)
	[wheezy] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - nagios3 <not-affected> (html/rss-newsfeed.php not present)
	NOTE: fixed by removing html/rss-newsfeed.php completely
	NOTE: http://anonscm.debian.org/gitweb/?p=pkg-nagios/pkg-nagios3.git;a=commit;h=c88bef82308c99601732bb9517a1af5bc6928282
CVE-2013-4213 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-4212 (Certain getText methods in the ActionSupport controller in Apache ...)
	NOT-FOR-US: Apache Roller
CVE-2013-4211
	RESERVED
	NOT-FOR-US: OpenX
CVE-2013-4210 (The org.jboss.remoting.transport.socket.ServerThread class in Red Hat ...)
	NOT-FOR-US: JBoss Remoting
CVE-2013-4209 (Automatic Bug Reporting Tool (ABRT) before 2.1.6 allows local users to ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2013-4208 (The rsa_verify function in PuTTY before 0.63 (1) does not clear ...)
	{DSA-2736-1}
	- putty 0.63-1
	- filezilla 3.7.3-1 (low; bug #719070)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/private-key-not-wiped.html
CVE-2013-4207 (Buffer overflow in sshbn.c in PuTTY before 0.63 allows remote SSH ...)
	{DSA-2736-1}
	- putty 0.63-1
	- filezilla 3.7.3-1 (low; bug #719070)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-bignum-division-by-zero.html
CVE-2013-4206 (Heap-based buffer underflow in the modmul function in sshbn.c in PuTTY ...)
	{DSA-2736-1}
	- putty 0.63-1
	- filezilla 3.7.3-1 (low; bug #719070)
	[squeeze] - filezilla <no-dsa> (Minor issue)
	[wheezy] - filezilla <no-dsa> (Minor issue)
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-modmul.html
CVE-2013-4205 (Memory leak in the unshare_userns function in kernel/user_namespace.c ...)
	- linux 3.10.7-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-4204 (Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files ...)
	- gwt <removed> (low)
	[squeeze] - gwt <no-dsa> (Minor issue)
	NOTE: http://www.gwtproject.org/release-notes.html#Release_Notes_2_5_1_RC1
CVE-2013-4203 (The self.run_gpg function in lib/rgpg/gpg_helper.rb in the rgpg gem ...)
	NOT-FOR-US: Ruby Rgpg Gem
CVE-2013-4202 (The (1) backup (api/contrib/backups.py) and (2) volume transfer ...)
	- cinder 2013.1.2-4 (bug #719118)
CVE-2013-4201 (Katello allows remote authenticated users to call the &quot;system ...)
	NOT-FOR-US: Katello
CVE-2013-4200 (The isURLInPortal method in the URLTool class in in_portal.py in Plone ...)
	NOT-FOR-US: Plone
CVE-2013-4199 ((1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, ...)
	NOT-FOR-US: Plone
CVE-2013-4198 (mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
	NOT-FOR-US: Plone
CVE-2013-4197 (member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
	NOT-FOR-US: Plone
CVE-2013-4196 (The object manager implementation (objectmanager.py) in Plone 2.1 ...)
	NOT-FOR-US: Plone
CVE-2013-4195 (Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) ...)
	NOT-FOR-US: Plone
CVE-2013-4194 (The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x ...)
	NOT-FOR-US: Plone
CVE-2013-4193 (typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and ...)
	NOT-FOR-US: Plone
CVE-2013-4192 (sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
	NOT-FOR-US: Plone
CVE-2013-4191 (zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
	NOT-FOR-US: Plone
CVE-2013-4190 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Plone
CVE-2013-4189 (Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, ...)
	NOT-FOR-US: Plone
CVE-2013-4188 (traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x ...)
	NOT-FOR-US: Plone
CVE-2013-4187 [Access Bypass]
	RESERVED
	NOT-FOR-US: Flippy Contributed Drupal module
CVE-2013-4186
	REJECTED
CVE-2013-4185 (Algorithmic complexity vulnerability in OpenStack Compute (Nova) ...)
	- nova 2013.1.2-3 (low; bug #718907)
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-4184 [symlink attacks]
	RESERVED
	- libdata-uuid-perl <unfixed> (unimportant; bug #718949)
	NOTE: https://github.com/rjbs/Data-UUID/issues/5
	NOTE: Neutralised by kernel temp hardening
CVE-2013-4183 (The clear_volume function in LVMVolumeDriver driver in OpenStack ...)
	- cinder 2013.1.2-4 (bug #719010)
CVE-2013-4182 (app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 ...)
	- foreman <itp> (bug #663101)
CVE-2013-4181 (Cross-site scripting (XSS) vulnerability in the addAlert function in ...)
	NOT-FOR-US: ovirt
CVE-2013-4180 (The (1) power and (2) ipmi_boot actions in the HostController in ...)
	- foreman <itp> (bug #663101)
CVE-2013-4179 (The security group extension in OpenStack Compute (Nova) Grizzly ...)
	- nova 2013.1.3-1
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	NOTE: CVE for incomplete fix applied for CVE-2013-1664
CVE-2013-4178 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and ...)
	NOT-FOR-US: GA Login Drupal contributed module
CVE-2013-4177 (The Google Authenticator login module 6.x-1.x before 6.x-1.2 and ...)
	NOT-FOR-US: GA Login Drupal contributed module
CVE-2013-4176 [information disclosure]
	RESERVED
	NOT-FOR-US: MySecureShell
CVE-2013-4175 [local denial of service]
	RESERVED
	NOT-FOR-US: MySecureShell
CVE-2013-4174 (Multiple cross-site scripting (XSS) vulnerabilities in the Scald ...)
	NOT-FOR-US: Scald Drupal contributed module
CVE-2013-4173 (Directory traversal vulnerability in the trend-data daemon ...)
	- xymon 4.3.17-2 (bug #717895)
	[wheezy] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
	[squeeze] - xymon <no-dsa> (Not remotely exploitable in Debian default config)
CVE-2013-4172 (The Red Hat CloudForms Management Engine 5.1 allow remote ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-4171 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller ...)
	NOT-FOR-US: Apache Roller
CVE-2013-4170
	RESERVED
CVE-2013-4169 (GNOME Display Manager (gdm) before 2.21.1 allows local users to change ...)
	- gdm <removed> (unimportant)
	- gdm3 <not-affected> (Only affected older gdm < 2.21.1)
	NOTE: In Debian /tmp/.X11-unix is created by  /etc/init.d/x11-common
CVE-2013-4168 [start and end time fields not filtered]
	RESERVED
	{DLA-348-1}
	- smokeping 2.6.8-2 (low)
	[squeeze] - smokeping <no-dsa> (Minor issue)
	NOTE: https://github.com/oetiker/SmokePing/commit/bad9f9c28f0939b269f90072aa4cf41f20f15563
CVE-2013-4167 (Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) ...)
	- cmsms <itp> (bug #608888)
CVE-2013-4166 [problem in GPG key selection when encrypting mail]
	RESERVED
	- evolution <unfixed> (unimportant)
	NOTE: Regular UI bug, not a security issue.
CVE-2013-4165 (The HTTPAuthorized function in bitcoinrpc.cpp in bitcoind 0.8.1 ...)
	- bitcoin 0.8.4-1 (bug #717828)
	NOTE: https://github.com/bitcoin/bitcoin/issues/2838
CVE-2013-4164 (Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 ...)
	{DSA-2810-1 DSA-2809-1}
	- ruby1.8 1.8.7.358-9 (bug #730189)
	- ruby1.9.1 1.9.3.484-1 (bug #730178)
	- ruby2.0 2.0.0.353-1 (bug #730190)
	NOTE: https://www.ruby-lang.org/en/news/2013/11/22/heap-overflow-in-floating-point-parsing-cve-2013-4164/
CVE-2013-4163 (The ip6_append_data_mtu function in net/ipv6/ip6_output.c in the IPv6 ...)
	{DSA-2745-1}
	- linux 3.10.5-1
	- linux-2.6 <not-affected> (Introduced in 3.5)
CVE-2013-4162 (The udp_v6_push_pending_frames function in net/ipv6/udp.c in the IPv6 ...)
	{DSA-2906-1 DSA-2745-1}
	- linux 3.10.5-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-4161
	RESERVED
	- gksu-polkit <not-affected> (CVE for improperly applied fix for CVE-2012-5617 on Red Hat)
CVE-2013-4160 (Little CMS (lcms2) before 2.5, as used in OpenJDK 7 and possibly other ...)
	- lcms 1.19.dfsg1-1.3 (low; bug #728208)
	[squeeze] - lcms <no-dsa> (Minor issue)
	[wheezy] - lcms 1.19.dfsg2-1.2+deb7u1
	- lcms2 2.2+git20110628-2.3 (bug #714529)
	[wheezy] - lcms2 2.2+git20110628-2.2+deb7u1
	NOTE: https://github.com/mm2/Little-CMS/commit/91c2db7f2559be504211b283bc3a2c631d6f06d9
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=826097#c9
CVE-2013-4159 (ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary ...)
	- ctdb 2.5.1+debian0-1 (bug #749840)
	[wheezy] - ctdb <no-dsa> (Minor issue)
	[squeeze] - ctdb <no-dsa> (Minor issue)
CVE-2013-4158
	RESERVED
	- smokeping <not-affected> (fix for CVE-2012-0790/DSA-2651-1 uses regexp from 2.6.9 upstream release)
	NOTE: CVE is for incomplete fix for CVE-2012-0790
	NOTE: Debian package applied already the more complete fix, see #659899
CVE-2013-4157 (Red Hat Storage 2.0 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Red Hat Storage Server
CVE-2013-4156 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...)
	- libreoffice 1:4.1.0-1 (unimportant)
	[wheezy] - libreoffice <ignored> (Minor issue)
	- openoffice.org <removed> (unimportant)
	NOTE: Harmless crash
CVE-2013-4155 (OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows ...)
	{DSA-2737-1}
	- swift 1.8.0-7 (bug #719008)
CVE-2013-4154 (The qemuAgentCommand function in libvirt before 1.1.1, when a guest ...)
	- libvirt 1.1.0-4 (low; bug #717355)
	[squeeze] - libvirt <not-affected> (only affects >= 1.1.0)
	[wheezy] - libvirt <not-affected> (only affects >= 1.1.0)
	NOTE: Introduced by http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=d47eff88fe50e43a36671f6d8d0eeda52835d5e0 (v1.1.0)
	NOTE: http://openwall.com/lists/oss-security/2013/07/19/12
CVE-2013-4153 (Double free vulnerability in the qemuAgentGetVCPUs function in ...)
	- libvirt 1.1.0-4 (bug #717354)
	[squeeze] - libvirt <not-affected> (Introduced in 1.0.6)
	[wheezy] - libvirt <not-affected> (Introduced in 1.0.6)
	NOTE: http://openwall.com/lists/oss-security/2013/07/19/11
CVE-2013-4152 (The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, ...)
	{DSA-2842-1}
	- libspring-java 3.0.6.RELEASE-10 (low; bug #720902)
CVE-2013-4151 (The virtio_load function in virtio/virtio.c in QEMU 1.x before 1.7.2 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4150 (The virtio_net_load function in hw/net/virtio-net.c in QEMU 1.5.0 ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4149 (Buffer overflow in virtio_net_load function in net/virtio-net.c in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4148 (Integer signedness error in the virtio_net_load function in ...)
	- qemu 2.1+dfsg-1 (low; bug #739589)
	[wheezy] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	[wheezy] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
	[squeeze] - qemu <no-dsa> (Minor issue, hardly exploitable in practice)
	- qemu-kvm <removed> (low)
	[squeeze] - qemu-kvm <no-dsa> (Minor issue, hardly exploitable in practice)
CVE-2013-4147 (Multiple format string vulnerabilities in Yet Another Radius Daemon ...)
	- yardradius <removed> (low; bug #714612)
	[squeeze] - yardradius <no-dsa> (Minor issue)
	[wheezy] - yardradius <no-dsa> (Minor issue)
CVE-2013-4146
	RESERVED
CVE-2013-4145
	REJECTED
CVE-2013-4144
	RESERVED
CVE-2013-4143 (The (1) checkPasswd and (2) checkGroupXlockPasswds functions in ...)
	- xlockmore <removed>
	NOTE: http://openwall.com/lists/oss-security/2013/07/16/8
CVE-2013-4142
	REJECTED
CVE-2013-4141
	REJECTED
CVE-2013-4140 (Cross-site scripting (XSS) vulnerability in the TinyBox (Simple ...)
	NOT-FOR-US: TinyBox Drupal contributed module
CVE-2013-4139 (The Stage File Proxy module 7.x-1.x before 7.x-1.4 for Drupal allows ...)
	NOT-FOR-US: Stage File Proxy Drupal contributed module
CVE-2013-4138 (Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x ...)
	NOT-FOR-US: Hatch Drupal contributed module
CVE-2013-4137 (Multiple SQL injection vulnerabilities in StatusNet 1.0 before 1.0.2 ...)
	- statusnet <itp> (bug #491723)
CVE-2013-4136 (ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 ...)
	- passenger 3.0.13debian-1.2
	- ruby-passenger 3.0.13debian-1.2 (low; bug #717176)
	[squeeze] - passenger <no-dsa> (minor, local, issue)
	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
CVE-2013-4135 (The vos command in OpenAFS 1.6.x before 1.6.5, when using the -encrypt ...)
	{DSA-2729-1}
	- openafs 1.6.5-1
CVE-2013-4134 (OpenAFS before 1.4.15, 1.6.x before 1.6.5, and 1.7.x before 1.7.26 ...)
	{DSA-2729-1}
	- openafs 1.6.5-1
CVE-2013-4133 [memory leak]
	RESERVED
	- kde-workspace 4:4.10.5-3 (unimportant; bug #717180)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=314919
	NOTE: Plain bug, security implication rather far-fetched
CVE-2013-4132 (KDE-Workspace 4.10.5 and earlier does not properly handle the return ...)
	- kde-workspace 4:4.10.5-3 (bug #717180)
	[wheezy] - kde-workspace <not-affected> (Only exploitable with glibc 2.17)
	- kdebase-workspace <not-affected> (Only exploitable with glibc 2.17)
	NOTE: https://git.reviewboard.kde.org/r/111261/
	NOTE: https://projects.kde.org/projects/kde/kde-workspace/repository/revisions/45b7f137fbc0b942fd2c9b4e8d8c1f0293e64ba7
	NOTE: only relevant with eglibc >= 2.17.
CVE-2013-4131 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
	- subversion 1.7.13-1 (bug #717794)
	[squeeze] - subversion <not-affected> (Only affects >= 1.7)
	[wheezy] - subversion <not-affected> (Only affects >= 1.7)
CVE-2013-4130 (The (1) red_channel_pipes_add_type and (2) ...)
	{DSA-2839-1}
	- spice 0.12.4-0nocelt1 (low; bug #717030)
	[wheezy] - spice <no-dsa> (Minor issue)
CVE-2013-4129 (The bridge multicast implementation in the Linux kernel through 3.10.3 ...)
	- linux <not-affected> (Introduced in 3.11-rc1)
	- linux-2.6 <not-affected> (Introduced in 3.11-rc1)
CVE-2013-4128 (Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-4127 (Use-after-free vulnerability in the vhost_net_set_backend function in ...)
	- linux 3.10.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-4126
	RESERVED
CVE-2013-4125 (The fib6_add_rt2node function in net/ipv6/ip6_fib.c in the IPv6 stack ...)
	- linux 3.10.5-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
CVE-2013-4124 (Integer overflow in the read_nttrans_ea_list function in nttrans.c in ...)
	- samba 2:3.6.17-1 (low)
	[wheezy] - samba 2:3.6.6-6+deb7u1
	[squeeze] - samba 2:3.5.6~dfsg-3squeeze10
	- samba4 <unfixed> (low)
	[wheezy] - samba4 4.0.0~beta2+dfsg1-3.2+deb7u1
	NOTE: https://www.samba.org/samba/security/CVE-2013-4124
	NOTE: samba as per 2:4.0.9+dfsg-2 is the first upload of the unified samba 4.x package to unstable.
	NOTE: Issue also fixed in 4.0.8 upstream, thus the fix still contained in 4.x in unstable
CVE-2013-4123 (client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before ...)
	- squid <not-affected> (Only affects 3.2 onwards)
	- squid3 3.3.8-1 (bug #716743)
	[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
	[squeeze] - squid3 <not-affected> (Only affects 3.2 onwards)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_3.txt
CVE-2013-4122 (Cyrus SASL 2.1.23, 2.1.26, and earlier does not properly handle when a ...)
	{DSA-3368-1}
	- cyrus-sasl2 2.1.26.dfsg1-14 (bug #716835; bug #784112)
	[wheezy] - cyrus-sasl2 <not-affected> (Only exploitable with eglibc 2.17 and later)
	[squeeze] - cyrus-sasl2 <not-affected> (Only exploitable with eglibc 2.17 and later)
	NOTE: http://openwall.com/lists/oss-security/2013/07/12/3
	NOTE: http://git.cyrusimap.org/cyrus-sasl/commit/?id=dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d
	NOTE: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3803
	NOTE: https://bugzilla.cyrusimap.org/show_bug.cgi?id=3806
	NOTE: Was originally already fixed in 2.1.25.dfsg1-14 (cf. #716835)
CVE-2013-4121
	REJECTED
CVE-2013-4120
	RESERVED
	NOT-FOR-US: Katello
CVE-2013-4119 (FreeRDP before 1.1.0-beta+2013071101 allows remote attackers to cause ...)
	- freerdp <not-affected> (The server part is not build)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/0773bb9303d24473fe1185d85a424dfe159aff53
	NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt
CVE-2013-4118 (FreeRDP before 1.1.0-beta1 allows remote attackers to cause a denial ...)
	- freerdp <not-affected> (The server part is not build)
	NOTE: https://github.com/FreeRDP/FreeRDP/commit/7d58aac24fe20ffaad7bd9b40c9ddf457c1b06e7
	NOTE: Server disabled: option(WITH_SERVER "Build server binaries" OFF) in CMakeLists.txt
CVE-2013-4117 (Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php ...)
	NOT-FOR-US: WordPress plugin category-grid-view-gallery
CVE-2013-4116 (lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local ...)
	- npm 1.3.10~dfsg-1 (bug #715325)
	NOTE: Upstream fix https://github.com/isaacs/npm/commit/f4d31693
	NOTE: https://github.com/isaacs/npm/issues/3635
CVE-2013-4115 (Buffer overflow in the idnsALookup function in dns_internal.cc in ...)
	- squid <not-affected> (Only affects 3.2 onwards)
	- squid3 3.3.8-1 (bug #716743)
	[wheezy] - squid3 <not-affected> (Only affects 3.2 onwards)
	[squeeze] - squid3 <not-affected> (Only affects 3.2 onwards)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2013_2.txt
CVE-2013-4114 (The automatic update request in Nagstamont before 0.9.10 uses a ...)
	- nagstamon 0.9.9-2 (low; bug #716718)
	[wheezy] - nagstamon <no-dsa> (Minor issue)
	[squeeze] - nagstamon <no-dsa> (Minor issue)
	NOTE: update checks are disabled in Debian by default, see debian/patches/check-for-new-version.patch
CVE-2013-4113 (ext/xml/xml.c in PHP before 5.3.27 does not properly consider parsing ...)
	{DSA-2723-1}
	- php5 5.5.0+dfsg-15 (bug #717139)
CVE-2013-4112 (The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and ...)
	- libjgroups-java 2.12.2.Final-4 (bug #717031)
	[wheezy] - libjgroups-java <no-dsa> (Minor issue)
	[squeeze] - libjgroups-java <no-dsa> (Minor issue)
	NOTE: libjgroups-java/2.12.2.Final-4 disables diagnostic probing by default
CVE-2013-4111 (The Python client library for Glance (python-glanceclient) before ...)
	- python-glanceclient 1:0.9.0-2 (bug #718282)
CVE-2013-4110
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4109
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4108
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4107
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4106
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4105
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4104
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4103
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4102
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4101
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4100
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-4099 (Multiple unspecified vulnerabilities in OpenAL32.dll in JOAL 2.0-rc11, ...)
	NOT-FOR-US: JOGAMP
CVE-2013-4098 (ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote ...)
	NOT-FOR-US: DS3 Authentication Server
CVE-2013-4097 (ServerAdmin/TestDRConnection.jsp in DS3 Authentication Server allows ...)
	NOT-FOR-US: DS3 Authentication Server
CVE-2013-4096 (ServerAdmin/TestTelnetConnection.jsp in DS3 Authentication Server ...)
	NOT-FOR-US: DS3 Authentication Server
CVE-2013-4095 (plain/actionsets.html in the SecureSphere Operations Manager (SOM) ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4094 (The Key Management feature in the SecureSphere Operations Manager ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4093 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4092 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4091 (The SecureSphere Operations Manager (SOM) Management Server in Imperva ...)
	NOT-FOR-US: Imperva SecureSphere
CVE-2013-4090
	RESERVED
CVE-2013-4089
	RESERVED
CVE-2013-4088 [Information Disclosure]
	RESERVED
	{DSA-2712-1}
	- otrs2 3.2.8-1
	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
	NOTE: DSA-2733-1
	NOTE: http://web.archive.org/web/20130827134500/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-04/
CVE-2013-4087
	RESERVED
CVE-2013-4086
	RESERVED
CVE-2013-4085
	RESERVED
CVE-2013-4084
	RESERVED
CVE-2013-4083 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark 1.2.11-6+squeeze11
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8717
CVE-2013-4082 (The vwr_read function in wiretap/vwr.c in the Ixia IxVeriWave file ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8760
CVE-2013-4081 (The http_payload_subdissector function in ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (unimportant; bug #711918)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8733
	NOTE: Not suitable for code injection
CVE-2013-4080 (The dissect_r3_upstreamcommand_queryconfig function in ...)
	{DLA-497-1}
	- wireshark 1.10.0-1 (unimportant; bug #711918)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8764
CVE-2013-4079 (The dissect_schedule_message function in ...)
	{DLA-497-1}
	- wireshark 1.10.0-1 (unimportant; bug #711918)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8730
CVE-2013-4078 (epan/dissectors/packet-rdp.c in the RDP dissector in Wireshark 1.8.x ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7862
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8729
CVE-2013-4077 (Array index error in the NBAP dissector in Wireshark 1.8.x before ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8697
CVE-2013-4076 (Buffer overflow in the dissect_iphc_crtp_fh function in ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7880
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8727
CVE-2013-4075 (epan/dissectors/packet-gmr1_bcch.c in the GMR-1 BCCH dissector in ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Only affects 1.8+)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7664
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8726
CVE-2013-4074 (The dissect_capwap_data function in epan/dissectors/packet-capwap.c in ...)
	{DSA-2709-1}
	- wireshark 1.10.0-1 (bug #711918)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8725
CVE-2013-4073 (The OpenSSL::SSL.verify_certificate_identity function in ...)
	{DSA-2809-1 DSA-2738-1}
	- ruby1.8 1.8.7.358-7.1 (bug #714541)
	- ruby1.9.1 1.9.3.194-8.2 (bug #714543)
	- puppet <not-affected> (Only affects Puppet Enterprise)
	NOTE: http://www.ruby-lang.org/en/news/2013/06/27/hostname-check-bypassing-vulnerability-in-openssl-client-cve-2013-4073/
	NOTE: https://github.com/ruby/ruby/commit/2669b84d407ab431e965145c827db66c91158f89 (1.9.3)
	NOTE: https://github.com/ruby/ruby/commit/961bf7496ded3acfe847cf56fa90bbdcfd6e614f (1.8.7)
	NOTE: Regression with patch: https://bugs.ruby-lang.org/issues/8575
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?revision=41812&view=revision
CVE-2013-4072
	RESERVED
CVE-2013-4071
	RESERVED
CVE-2013-4070 (The Portal application in IBM SPSS Collaboration and Deployment ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4069 (The Portal application in IBM SPSS Collaboration and Deployment ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4068 (Buffer overflow in iNotes in IBM Domino 8.5.3 before FP5 IF1 and 9.0 ...)
	NOT-FOR-US: IBM
CVE-2013-4067 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-4066 (IBM InfoSphere Information Server 8.0, 8.1, 8.5 through FP3, 8.7, and ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-4065 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...)
	NOT-FOR-US: iNotes in IBM Domino
CVE-2013-4064 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...)
	NOT-FOR-US: iNotes in IBM Domino
CVE-2013-4063 (Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x ...)
	NOT-FOR-US: iNotes in IBM Domino
CVE-2013-4062 (IBM Rational Policy Tester 8.5 before 8.5.0.5 does not verify X.509 ...)
	NOT-FOR-US: IBM
CVE-2013-4061 (IBM Rational Policy Tester 8.5 before 8.5.0.5 does not properly check ...)
	NOT-FOR-US: IBM
CVE-2013-4060
	RESERVED
CVE-2013-4059 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-4058 (Multiple SQL injection vulnerabilities in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-4057 (Cross-site request forgery (CSRF) vulnerability in the XML Pack in IBM ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-4056 (Cross-site request forgery (CSRF) vulnerability in the Data Quality ...)
	NOT-FOR-US: IBM
CVE-2013-4055 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
	NOT-FOR-US: IBM Domino
CVE-2013-4054 (Directory traversal vulnerability in WMQ Telemetry in IBM WebSphere MQ ...)
	NOT-FOR-US: WebSphere
CVE-2013-4053 (The WS-Security implementation in IBM WebSphere Application Server ...)
	NOT-FOR-US: WebSphere
CVE-2013-4052 (Cross-site scripting (XSS) vulnerability in the UDDI Administrative ...)
	NOT-FOR-US: WebSphere
CVE-2013-4051 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Domino Web ...)
	NOT-FOR-US: IBM Domino
CVE-2013-4050 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf in ...)
	NOT-FOR-US: IBM Domino
CVE-2013-4049 (Unrestricted file upload vulnerability in IBM SPSS Analytical Decision ...)
	NOT-FOR-US: IBM SPSS
CVE-2013-4048 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical ...)
	NOT-FOR-US: IBM SPSS
CVE-2013-4047 (Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical ...)
	NOT-FOR-US: IBM SPSS
CVE-2013-4046 (Open redirect vulnerability in IBM SPSS Collaboration and Deployment ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4045 (Cross-site scripting (XSS) vulnerability in the Portal application in ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4044 (IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4043 (The server in IBM SPSS Collaboration and Deployment Services 4.x ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4042 (Unspecified vulnerability in IBM SPSS Collaboration and Deployment ...)
	NOT-FOR-US: IBM SPSS Collaboration and Deployment Services
CVE-2013-4041 (Unspecified vulnerability in IBM Java SDK 5.0.0 before SR16 FP4, 7.0.0 ...)
	NOT-FOR-US: IBM JDK
CVE-2013-4040 (IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.1.2.x ...)
	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-4039 (IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-4038 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2013-4037 (The RAKP protocol support in the Intelligent Platform Management ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2013-4036 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2013-4035 (IBM Sterling Connect:Direct for OpenVMS 3.4.00, 3.4.01, 3.5.00, 3.6.0, ...)
	NOT-FOR-US: IBM Sterling
CVE-2013-4034 (IBM Cognos Business Intelligence 8.4.1 before IF3, 10.1.0 before IF4, ...)
	NOT-FOR-US: IBM
CVE-2013-4033 (IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through ...)
	NOT-FOR-US: IBM DB2
CVE-2013-4032 (The Fast Communications Manager (FCM) in IBM DB2 Enterprise Server ...)
	NOT-FOR-US: IBM
CVE-2013-4031 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2013-4030 (Integrated Management Module (IMM) 2 1.00 through 2.00 on IBM System X ...)
	NOT-FOR-US: IBM System X and Flex System
CVE-2013-4029
	RESERVED
CVE-2013-4028
	RESERVED
CVE-2013-4027 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4026
	RESERVED
CVE-2013-4025 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
	NOT-FOR-US: IBM
CVE-2013-4024 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
	NOT-FOR-US: IBM
CVE-2013-4023
	RESERVED
CVE-2013-4022 (IBM Data Studio Web Console 3.x before 3.2, Optim Performance Manager ...)
	NOT-FOR-US: IBM
CVE-2013-4021 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4020 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4019 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4018 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4017 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4016 (SQL injection vulnerability in IBM Maximo Asset Management 7.x before ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4015 (Microsoft Internet Explorer 6 through 10 allows local users to bypass ...)
	NOT-FOR-US: MS IE
CVE-2013-4014 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4013 (IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 through 7.1.1.12, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-4012 (IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-4011 (Multiple unspecified vulnerabilities in the InfiniBand subsystem in ...)
	NOT-FOR-US: IBM AIX
CVE-2013-4010
	RESERVED
CVE-2013-4009
	RESERVED
CVE-2013-4008
	RESERVED
CVE-2013-4007 (Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced ...)
	NOT-FOR-US: IBM
CVE-2013-4006 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before ...)
	NOT-FOR-US: IBM
CVE-2013-4005 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-4004 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-4003 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...)
	NOT-FOR-US: IBM TRIRIGA
CVE-2013-4002 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-4001 (Session fixation vulnerability in IBM Cognos Command Center before ...)
	NOT-FOR-US: IBM Cognos Command Center
CVE-2013-4000 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
	NOT-FOR-US: IBM Cognos Command Center
CVE-2013-3999 (Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics ...)
	NOT-FOR-US: IBM Social Media Analytics
CVE-2013-3998 (CRLF injection vulnerability in the Web Application Enterprise Console ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-3997 (Open redirect vulnerability in the Web Application Enterprise Console ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-3996 (IBM InfoSphere BigInsights 1.1 through 2.1 does not properly handle ...)
	NOT-FOR-US: IBM
CVE-2013-3995 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere BigInsights ...)
	NOT-FOR-US: IBM
CVE-2013-3994
	RESERVED
CVE-2013-3993 (IBM InfoSphere BigInsights before 2.1.0.3 allows remote authenticated ...)
	NOT-FOR-US: IBM InfoSphere BigInsights
CVE-2013-3992 (Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere ...)
	NOT-FOR-US: IBM
CVE-2013-3991
	RESERVED
CVE-2013-3990 (Cross-site scripting (XSS) vulnerability in the MIME e-mail ...)
	NOT-FOR-US: IBM
CVE-2013-3989 (IBM Security AppScan Enterprise 8.x before 8.8 sends a cleartext ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-3988 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3987
	RESERVED
CVE-2013-3986 (IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause ...)
	NOT-FOR-US: IBM
CVE-2013-3985 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-3984 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3983 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3982 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3981 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3980 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3979 (Multiple cross-site scripting (XSS) vulnerabilities in the help pages ...)
	NOT-FOR-US: IBM Cognos Command Center
CVE-2013-3978 (The Meeting Server in IBM Sametime 8.5.2 through 8.5.2.1 and 9.x ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3977 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3976 (The (1) Data Protection for Exchange component 6.1 before 6.1.3.4 and ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-3975 (Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3974
	RESERVED
CVE-2013-3973 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 before ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3972 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3971 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3970 (Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS ...)
	NOT-FOR-US: Juniper Junos Pulse Secure Access Service
CVE-2013-3969 (The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through ...)
	- mongodb 1:2.4.5-1 (bug #715007; bug #717173)
	[squeeze] - mongodb <not-affected> (Only affects 2.4.x)
	[wheezy] - mongodb <not-affected> (Only affects 2.4.x)
	NOTE: http://www.mongodb.org/about/alerts/ SERVER-9878
CVE-2013-3968
	RESERVED
CVE-2013-3967
	RESERVED
CVE-2013-3966
	RESERVED
CVE-2013-3965
	RESERVED
CVE-2013-3964 (Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, ...)
	NOT-FOR-US: Samsung
CVE-2013-3963 (Cross-site request forgery (CSRF) vulnerability in goform/usermanage ...)
	NOT-FOR-US: Grandstream
CVE-2013-3962 (Cross-site scripting (XSS) vulnerability in Grandstream GXV3501, ...)
	NOT-FOR-US: Grandstream
CVE-2013-3961 (SQL injection vulnerability in edit_event.php in Simple PHP Agenda ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2013-3960
	RESERVED
CVE-2013-3959 (The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-3958 (The login implementation in the Web Navigator in Siemens WinCC before ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-3957 (SQL injection vulnerability in the login screen in the Web Navigator ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-3956 (The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on ...)
	NOT-FOR-US: Novell Client on Windows
CVE-2013-3955 (The get_xattrinfo function in the XNU kernel in Apple iOS 5.x and 6.x ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3954 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3953 (The mach_port_space_info function in osfmk/ipc/mach_debug.c in the XNU ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3952 (The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3951 (sys/openbsd/stack_protector.c in libc in Apple iOS 6.1.3 and Mac OS X ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3950 (Stack-based buffer overflow in the openSharedCacheFile function in ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3949 (The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-3948 (Apple iOS 6.1.3 does not follow redirects during determination of the ...)
	NOT-FOR-US: Apple iOS
CVE-2013-3947 (Buffer overflow in MedCoreD.sys in AhnLab V3 Internet Security 8.0.7.5 ...)
	NOT-FOR-US: AhnLab V3 Internet Security
CVE-2013-3946
	RESERVED
CVE-2013-3945
	RESERVED
CVE-2013-3944
	RESERVED
CVE-2013-3943 (Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before ...)
	NOT-FOR-US: DotNetNukeDot
CVE-2013-3942
	RESERVED
CVE-2013-3941
	RESERVED
CVE-2013-3940 (Integer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2013-3939
	RESERVED
CVE-2013-3938 (Integer overflow in xnview.exe in XnView 2.13 allows remote attackers ...)
	NOT-FOR-US: XnView
CVE-2013-3937
	RESERVED
CVE-2013-3936
	RESERVED
CVE-2013-3935
	RESERVED
CVE-2013-3934 (Stack-based buffer overflow in Kingsoft Writer 2012 8.1.0.3030, as ...)
	NOT-FOR-US: Kingsoft Office 2013
CVE-2013-3933 (Cross-site scripting (XSS) vulnerability in the JoomShopping ...)
	NOT-FOR-US: Joomla component com_joomshopping
CVE-2013-3932
	RESERVED
CVE-2013-3931
	RESERVED
CVE-2013-3930 (Stack-based buffer overflow in Core FTP before 2.2 build 1785 allows ...)
	NOT-FOR-US: Core FTP (client)
CVE-2013-3929 (Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS ...)
	NOT-FOR-US: CMS Made Simple
CVE-2013-3928 (Stack-based buffer overflow in the ReadFile function in flt_BMP.dll in ...)
	NOT-FOR-US: Chasys Draw IES
CVE-2013-3927 (Unspecified vulnerability in the client library in Siemens COMOS 9.2 ...)
	NOT-FOR-US: Siemens COMOS
CVE-2013-3926 (** DISPUTED ** Atlassian Crowd 2.6.3 allows remote attackers to ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2013-3925 (Atlassian Crowd 2.5.x before 2.5.4, 2.6.x before 2.6.3, 2.3.8, and ...)
	NOT-FOR-US: Atlassian Crowd
CVE-2013-3924
	RESERVED
CVE-2013-3923 (Directory traversal vulnerability in SavySoda WiFi HD Free before 7.0 ...)
	NOT-FOR-US: SavySoda WiFi HD Free
CVE-2013-3922 (Directory traversal vulnerability in Gummy Bear Studios FTP Drive + ...)
	NOT-FOR-US: Gummy Bear Studios FTP Drive + HTTP Server
CVE-2013-3921 (Directory traversal vulnerability in Easytime Studio Easy File Manager ...)
	NOT-FOR-US: Easytime Studio Easy File Manager
CVE-2013-3920 (Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 ...)
	NOT-FOR-US: Jahia xCM
CVE-2013-3918 (The InformationCardSigninHelper Class ActiveX control in icardie.dll ...)
	NOT-FOR-US: Microsoft
CVE-2013-3917 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3916 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3915 (Microsoft Internet Explorer 6 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3914 (Microsoft Internet Explorer 9 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3913
	REJECTED
CVE-2013-3912 (Microsoft Internet Explorer 8 through 11 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3911 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3910 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3909 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3908 (Microsoft Internet Explorer 6 through 10 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2013-3907 (portcls.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2013-3906 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2; Office 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2013-3905 (Microsoft Outlook 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT does ...)
	NOT-FOR-US: Microsoft
CVE-2013-3904
	REJECTED
CVE-2013-3903 (Array index error in win32k.sys in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3902 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3901
	REJECTED
CVE-2013-3900 (The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3899 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3898 (Microsoft Windows 8 and Windows Server 2012, when Hyper-V is used, ...)
	NOT-FOR-US: Microsoft
CVE-2013-3897 (Use-after-free vulnerability in the CDisplayPointer class in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0 does not properly validate ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2013-3895 (Microsoft SharePoint Server 2007 SP3 and 2010 SP1 and SP2 allows ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3894 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3893 (Use-after-free vulnerability in the SetMouseCapture implementation in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3892 (Microsoft Word 2007 SP3 and Office Compatibility Pack SP3 allow remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-3891 (Microsoft Word 2003 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-3890 (Microsoft Excel 2007 SP3, Excel Viewer, and Office Compatibility Pack ...)
	NOT-FOR-US: Microsoft
CVE-2013-3889 (Microsoft Excel 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office ...)
	NOT-FOR-US: Microsoft
CVE-2013-3888 (dxgkrnl.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3887 (The Ancillary Function Driver (AFD) in afd.sys in the kernel-mode ...)
	NOT-FOR-US: Microsoft
CVE-2013-3886 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3885 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3884
	REJECTED
CVE-2013-3883
	REJECTED
CVE-2013-3882 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3881 (win32k.sys in the kernel-mode drivers in Microsoft Windows 7 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3880 (The App Container feature in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3878 (Stack-based buffer overflow in the LRPC client in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3877
	REJECTED
CVE-2013-3876 (DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2013-3875 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3874 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3873 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3872 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3871 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3870 (Double free vulnerability in Microsoft Outlook 2007 SP3 and 2010 SP1 ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2013-3869 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2013-3868 (Microsoft Active Directory Lightweight Directory Service (AD LDS) on ...)
	NOT-FOR-US: Microsoft
CVE-2013-3867
	REJECTED
CVE-2013-3866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3863 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2013-3862 (Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 ...)
	NOT-FOR-US: Microsoft
CVE-2013-3861 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3860 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3859 (Microsoft Pinyin IME 2010, when used in conjunction with Microsoft ...)
	NOT-FOR-US: Microsoft Pinyin IME
CVE-2013-3858 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3857 (Microsoft Word Automation Services in SharePoint Server 2010 SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2013-3856 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3855 (Microsoft Word 2003 SP3 and 2007 SP3, Office Compatibility Pack SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2013-3854 (Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3853 (Microsoft Office 2007 SP3 and Word 2007 SP3 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3852 (Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1; Office Compatibility ...)
	NOT-FOR-US: Microsoft
CVE-2013-3851 (Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2013-3850 (Microsoft Word 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Office ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-3849 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3848 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3847 (Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word ...)
	NOT-FOR-US: Microsoft
CVE-2013-3846 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3845 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2013-3844
	REJECTED
CVE-2013-3842 (Unspecified vulnerability Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2013-3841 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3840 (Unspecified vulnerability in the Siebel Core - EAI component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3839 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1 DSA-2780-1}
	- mysql-5.5 5.5.33
	- mysql-5.1 <removed>
	- mariadb-5.5 5.5.35-1
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-3838 (Unspecified vulnerability in Oracle SPARC Enterprise T &amp; M Series ...)
	NOT-FOR-US: Oracle SPARC Enterprise
CVE-2013-3837 (Unspecified vulnerability in Oracle Solaris 10 and 11.1 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3836 (Unspecified vulnerability in the Oracle Web Cache component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3835 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3834 (Unspecified vulnerability in the Oracle Secure Global Desktop ...)
	NOT-FOR-US: Oracle Secure Global Desktop
CVE-2013-3833 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3832 (Unspecified vulnerability in the Siebel Server Remote component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-3831 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3830 (Unspecified vulnerability in the Hyperion Strategic Finance component ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2013-3829 (Unspecified vulnerability in the Java SE, Java SE Embedded component ...)
	- openjdk-6 6b27-1.12.7-1
	- openjdk-7 7u45-2.4.3-1
CVE-2013-3828 (Unspecified vulnerability in the Oracle Web Services component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3827 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Full application server not packaged)
CVE-2013-3826 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3825 (Unspecified vulnerability in the Oracle Agile Product Collaboration ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3824 (Unspecified vulnerability in the Oracle Agile Collaboration Framework ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3823 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3822 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-3821 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3820 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3819 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3818 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3817
	REJECTED
CVE-2013-3816 (Unspecified vulnerability in the Oracle Policy Automation component in ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-3815
	REJECTED
CVE-2013-3814 (Unspecified vulnerability in the Oracle Retail Invoice Matching ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-3813 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3812 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3811 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3810 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3809 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3808 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.31
	- mysql-5.1 <removed>
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3807 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3806 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3805 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.31
	- mysql-5.1 <not-affected> (Only affects Mysql 5.5 and 5.6)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3804 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1 DSA-2780-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3803 (Unspecified vulnerability in the Hyperion BI+ component in Oracle ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2013-3802 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1 DSA-2780-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3801 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.31
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3800 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3799 (Unspecified vulnerability in Oracle Solaris 10 and 11, when running on ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3798 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3797 (Unspecified vulnerability in Oracle Solaris 11 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3796 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects Mysql 5.6)
	- mysql-5.1 <not-affected> (Only affects Mysql 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3795 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 <not-affected> (Only affects 5.5 and 5.6)
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3794 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.31
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3793 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3792 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	{DLA-313-1}
	- virtualbox-ose <removed>
	[squeeze] - virtualbox-ose <no-dsa> (Minor issue)
	- virtualbox 4.2.16-dfsg-1 (bug #715327)
	[wheezy] - virtualbox 4.1.40-dfsg-1+deb7u1
	NOTE: https://www.virtualbox.org/ticket/11863
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2013-3791 (Unspecified vulnerability in Enterprise Manager (EM) Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-3790 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3789 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3788 (Unspecified vulnerability in the Oracle iSupplier Portal component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3787 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3786 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3785 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3784 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3783 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2818-1}
	- mysql-5.5 5.5.33+dfsg-1
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
	NOTE: http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
CVE-2013-3782 (Unspecified vulnerability in the Secure Global Desktop component in ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2013-3781 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3780 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3779 (Unspecified vulnerability in the Secure Global Desktop component in ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2013-3778 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3777 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3776 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3775 (Unspecified vulnerability in the Oracle iLearning component in Oracle ...)
	NOT-FOR-US: Oracle iLearning
CVE-2013-3774 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3773 (Unspecified vulnerability in the SPARC Enterprise M Series Servers ...)
	NOT-FOR-US: Oracle and Sun Systems Products Suite
CVE-2013-3772 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3771 (Unspecified vulnerability in the Oracle executable component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3770 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3769 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3768 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3767 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite Access Gate
CVE-2013-3766 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2013-3765 (Unspecified vulnerability in Oracle Solaris 11 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3764 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3763 (Unspecified vulnerability in the Oracle Endeca Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3762 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-3761 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products Portal
CVE-2013-3760 (Unspecified vulnerability in the Oracle executable component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3759 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-3758 (Unspecified vulnerability in the Enterprise Manager (EM) Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-3757 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3756 (Unspecified vulnerability in the Oracle Landed Cost Management ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3755 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-3754 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Solaris
CVE-2013-3753 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3752 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3751 (Unspecified vulnerability in the XML Parser component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-3750 (Unspecified vulnerability in Oracle Solaris 11 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3749 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3748 (Unspecified vulnerability in Oracle Solaris 11 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3747 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-3746 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Solaris
CVE-2013-3745 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-3744 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-3743 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
	- openjdk-7 <not-affected> (Only affects Java 5 and Java 6)
CVE-2013-3741
	RESERVED
CVE-2013-3740
	RESERVED
CVE-2013-3739 (Directory traversal vulnerability in editor.php in Network Weathermap ...)
	NOT-FOR-US: Network Weathermap
CVE-2013-3738
	RESERVED
CVE-2013-3843 (Stack-based buffer overflow in the mk_request_header_process function ...)
	- monkey <removed>
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-3919 (resolver.c in ISC BIND 9.8.5 before 9.8.5-P1, 9.9.3 before 9.9.3-P1, ...)
	- bind9 <not-affected> (vulnerable code not present)
	NOTE: https://kb.isc.org/article/AA-00967
CVE-2013-3742 (Cross-site scripting (XSS) vulnerability in view_create.php (aka the ...)
	- phpmyadmin 4:4.0.1-3 (low)
	[wheezy] - phpmyadmin <not-affected> (Vulnerable code not present)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3737 (The MobileUI (aka RT-Extension-MobileUI) extension before 1.04 in ...)
	NOT-FOR-US: Request Tracker extension MobileUI
CVE-2013-3736 (Cross-site scripting (XSS) vulnerability in the MobileUI (aka ...)
	NOT-FOR-US: Request Tracker extension MobileUI
CVE-2013-3735 (** DISPUTED ** The Zend Engine in PHP before 5.4.16 RC1, and 5.5.0 ...)
	- php5 <removed> (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2013-3734 (** DISPUTED ** The Embedded Jopr component in JBoss Application Server ...)
	NOT-FOR-US: Embedded Jopr
CVE-2013-3733
	RESERVED
CVE-2013-3732
	RESERVED
CVE-2013-3731
	RESERVED
CVE-2013-3730
	RESERVED
CVE-2013-3729 (Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler ...)
	NOT-FOR-US: Kasseler CMS
CVE-2013-3728 (Cross-site scripting (XSS) vulnerability in Kasseler CMS before 2 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2013-3727 (SQL injection vulnerability in Kasseler CMS before 2 r1232 allows ...)
	NOT-FOR-US: Kasseler CMS
CVE-2013-3726
	REJECTED
CVE-2013-3725
	RESERVED
CVE-2013-3724 (The mk_request_header_process function in mk_request.c in Monkey 1.1.1 ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-3723
	RESERVED
CVE-2013-3722
	RESERVED
CVE-2013-3721 (SQL injection vulnerability in awards.php in PsychoStats 3.2.2b allows ...)
	NOT-FOR-US: PsychoStats
CVE-2013-3720 (Cross-site scripting (XSS) vulnerability in widget_remove.php in the ...)
	NOT-FOR-US: Wordpress plugin Feedweb
CVE-2013-3719 (Cross-site scripting (XSS) vulnerability in the aiContactSafe ...)
	NOT-FOR-US: Joomla
CVE-2013-3718 [evince missing check on number of pages]
	RESERVED
	- evince 3.10.0-1
	[wheezy] - evince <not-affected>
	[squeeze] - evince <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701302
CVE-2013-3717
	RESERVED
CVE-2013-3716
	RESERVED
CVE-2013-3715
	RESERVED
CVE-2013-3714
	RESERVED
CVE-2013-3713 (The image creation configuration in aaa_base before 16.26.1 for ...)
	NOT-FOR-US: openSUSE live installer
CVE-2013-3712 (SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for ...)
	NOT-FOR-US: SUSE Studio Onsite
CVE-2013-3711
	RESERVED
CVE-2013-3710 (SUSE Lifecycle Management Server (SLMS) before 1.3.7 does not generate ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2013-3709 (WebYaST 1.3 uses weak permissions for ...)
	NOT-FOR-US: WebYast
CVE-2013-3708 (The id1.GetPrinterURLList function in Novell iPrint Client before 5.93 ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2013-3707 (The HTTPSTK service in the novell-nrm package before ...)
	NOT-FOR-US: Novell Open Enterprise Server 2
CVE-2013-3706 (Directory traversal vulnerability in the PreBoot service in Novell ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-3705 (The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on ...)
	NOT-FOR-US: Novell Client
CVE-2013-3704 (The RPM GPG key import and handling feature in libzypp 12.15.0 and ...)
	NOT-FOR-US: libzypp
CVE-2013-3703
	RESERVED
	NOT-FOR-US: Open Build Service
CVE-2013-3702
	REJECTED
CVE-2013-3701
	REJECTED
CVE-2013-3700
	RESERVED
CVE-2013-3699
	REJECTED
CVE-2013-3698
	REJECTED
CVE-2013-3697 (Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell ...)
	NOT-FOR-US: Novell Client on Windows
CVE-2013-3696
	RESERVED
CVE-2013-3695
	RESERVED
CVE-2013-3694 (BlackBerry Link before 1.2.1.31 on Windows and before 1.1.1 build 39 ...)
	NOT-FOR-US: BlackBerry Link
CVE-2013-3693 (The BlackBerry Universal Device Service in BlackBerry Enterprise ...)
	NOT-FOR-US: BlackBerry
CVE-2013-3692 (BlackBerry 10 OS before 10.0.10.648 on BlackBerry Z10 smartphones uses ...)
	NOT-FOR-US: Blackberry OS
CVE-2013-3691
	RESERVED
CVE-2013-3690 (Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi ...)
	NOT-FOR-US: Brickcom
CVE-2013-3689 (Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, ...)
	NOT-FOR-US: Brickcom
CVE-2013-3688 (The TP-Link IP Cameras TL-SC3171, TL-SC3130, TL-SC3130G, TL-SC3171G, ...)
	NOT-FOR-US: TP-Link
CVE-2013-3687 (AirLive POE2600HD, POE250HD, POE200HD, OD-325HD, OD-2025HD, OD-2060HD, ...)
	NOT-FOR-US: AirLive cameras
CVE-2013-3686 (cgi-bin/operator/param in AirLive WL2600CAM and possibly other camera ...)
	NOT-FOR-US: AirLive
CVE-2013-3685
	RESERVED
	NOT-FOR-US: Sprite Software's backup softare for Android
CVE-2013-3684
	RESERVED
CVE-2013-3683
	RESERVED
CVE-2013-3682
	RESERVED
CVE-2013-3681
	RESERVED
CVE-2013-3680
	RESERVED
CVE-2013-3679
	RESERVED
CVE-2013-3678 (Multiple unspecified vulnerabilities in SAP Governance, Risk, and ...)
	NOT-FOR-US: SAP
CVE-2013-3677
	RESERVED
CVE-2013-3676
	RESERVED
CVE-2013-3675 (The process_frame_obj function in sanm.c in libavcodec in FFmpeg ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-3674 (The cdg_decode_frame function in cdgraphics.c in libavcodec in FFmpeg ...)
	{DSA-3003-1}
	- ffmpeg <not-affected> (CD Graphics Video Decoder not present in 0.5 ffmpeg)
	- libav 6:10.4-1
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7ef2dbd2392e3e4d430e0173e1e5c4df9f18b6dd
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a1599f3f7ea8478d1f6a95e59e3bc6bc86d5f812
CVE-2013-3673 (The gif_decode_frame function in gifdec.c in libavcodec in FFmpeg ...)
	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-3672 (The mm_decode_inter function in mmvideo.c in libavcodec in FFmpeg ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.4-1
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=7fa6db2545643efb4fe2e0bb501fa50af35a6330
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=70cd3b8e659c3522eea5c16a65d14b8658894a94
CVE-2013-3671 (The format_line function in log.c in libavutil in FFmpeg before 1.2.1 ...)
	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-3670 (The rle_unpack function in vmdav.c in libavcodec in FFmpeg git ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10-1
	[wheezy] - libav <not-affected> (Vulnerable code not present in 0.8)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=0baa0a5a02e16ef097ed9f72bc8a7d7b585c7652
	NOTE: [Anton] not present in 0.8, 10 or master; possibly present in 9
CVE-2013-3669
	RESERVED
CVE-2013-3668
	RESERVED
CVE-2013-3667 (The software update mechanism as used in Bare Bones Software Yojimbo ...)
	NOT-FOR-US: Various proprietary software updaters
CVE-2013-3666 (The LG Hidden Menu component for Android on the LG Optimus G E973 ...)
	NOT-FOR-US: LG Hidden Menu
CVE-2013-3665 (Unspecified vulnerability in Autodesk AutoCAD through 2014, AutoCAD LT ...)
	NOT-FOR-US: AutoCAD
CVE-2013-3664 (Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2013-3663 (Heap-based buffer overflow in paintlib, as used in Trimble SketchUp ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2013-3662 (Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 ...)
	NOT-FOR-US: Trimble SketchUp
CVE-2013-3661 (The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3660 (The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-6563 (engine/lib/access.php in Elgg before 1.8.5 does not properly clear ...)
	- elgg <itp> (bug #526197)
CVE-2012-6562 (engine/lib/users.php in Elgg before 1.8.5 does not properly specify ...)
	- elgg <itp> (bug #526197)
CVE-2012-6561 (Cross-site scripting (XSS) vulnerability in engine/lib/views.php in ...)
	- elgg <itp> (bug #526197)
CVE-2012-6560 (SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows ...)
	NOT-FOR-US: FreeNAC
CVE-2012-6559 (Multiple cross-site scripting (XSS) vulnerabilities in FreeNAC 3.02 ...)
	NOT-FOR-US: FreeNAC
CVE-2012-6558 (Heap-based buffer overflow in HeavenTools PE Explorer 1.99 R6 allows ...)
	NOT-FOR-US: HeavenTools PE Explorer
CVE-2012-6557 (Multiple cross-site scripting (XSS) vulnerabilities in the AboutMe ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-6556 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-6555 (Cross-site scripting (XSS) vulnerability in the LatestComment plugin ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-6554 (functions/html_to_text.php in the Chat module before 1.5.2 for ...)
	NOT-FOR-US: activeCollab
CVE-2012-6553 (Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote ...)
	NOT-FOR-US: Resource Hacker
CVE-2013-3659 (The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for ...)
	NOT-FOR-US: Android application NTT DOCOMO
CVE-2013-3658 (Directory traversal vulnerability in VMware ESXi 4.0 through 5.0, and ...)
	NOT-FOR-US: VMware
CVE-2013-3657 (Buffer overflow in VMware ESXi 4.0 through 5.0, and ESX 4.0 and 4.1, ...)
	NOT-FOR-US: VMware
CVE-2013-3656 (Cybozu Office 9.1.0 and earlier does not properly manage sessions, ...)
	NOT-FOR-US: Cybozu Office
CVE-2013-3655 (The Sharp AQUOS PhotoPlayer HN-PP150 with firmware before 1.04.00.04 ...)
	NOT-FOR-US: Sharp AQUOS PhotoPlayer
CVE-2013-3654 (Directory traversal vulnerability in LOCKON EC-CUBE 2.12.0 through ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3653 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3652 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3651 (LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3650 (Directory traversal vulnerability in the lfCheckFileName function in ...)
	NOT-FOR-US: EC-CUBE
CVE-2013-3649 (Cross-site scripting (XSS) vulnerability in KENT-WEB CLIP-MAIL before ...)
	NOT-FOR-US: KENT-WEB CLIP-MAIL
CVE-2013-3648 (Cross-site scripting (XSS) vulnerability in KENT-WEB POST-MAIL before ...)
	NOT-FOR-US: KENT-WEB POST-MAIL
CVE-2013-3647 (The WebView class in the Cybozu Live application before 2.0.1 for ...)
	NOT-FOR-US: Cybozu Live for Android
CVE-2013-3646 (The Cybozu Live application before 2.0.1 for Android allows remote ...)
	NOT-FOR-US: Cybozu Live for Android
CVE-2013-3645 (Cross-site scripting (XSS) vulnerability in the Orchard.Comments ...)
	NOT-FOR-US: Orchard
CVE-2013-3644 (Unspecified vulnerability in JustSystems Ichitaro 2006 through 2013; ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2013-3643 (The Galapagos Browser application for Android does not properly ...)
	NOT-FOR-US: Galapagos Browser application for Android
CVE-2013-3642 (The Angel Browser application 1.47b and earlier for Android 1.6 ...)
	NOT-FOR-US: Angel Browser application
CVE-2013-3641 (The Pizza Hut Japan Official Order application before 1.1.1.a for ...)
	NOT-FOR-US: The Pizza Hut Japan Official Order for Android
CVE-2013-3640 (Cross-site scripting (XSS) vulnerability in the Instant Web Publish ...)
	NOT-FOR-US: FileMaker Pro
CVE-2013-3639 (Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 ...)
	NOT-FOR-US: Xaraya
CVE-2013-3638
	RESERVED
CVE-2013-3637
	RESERVED
CVE-2013-3636
	RESERVED
CVE-2013-3635
	RESERVED
CVE-2013-3634 (The SNMPv3 functionality on Siemens Scalance X200 IRT switches with ...)
	NOT-FOR-US: Siemens switches
CVE-2013-3633 (The web interface on Siemens Scalance X200 IRT switches with firmware ...)
	NOT-FOR-US: Siemens
CVE-2013-3632 (The Cron service in rpc.php in OpenMediaVault allows remote ...)
	NOT-FOR-US: OpenMediaVault
CVE-2013-3631 (NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: NAS4Free
CVE-2013-3630 (Moodle through 2.5.2 allows remote authenticated administrators to ...)
	NOTE: For Moodle: Not a securiy issue according to upstream, only applicable to administrators, see bug #775842
	NOTE: https://tracker.moodle.org/browse/MDL-41449
	NOTE: https://community.rapid7.com/community/metasploit/blog/2013/10/30/seven-tricks-and-treats
CVE-2013-3629
	RESERVED
CVE-2013-3628
	RESERVED
CVE-2013-3627 (FrameworkService.exe in McAfee Framework Service in McAfee Managed ...)
	NOT-FOR-US: McAfee
CVE-2013-3626 (Directory traversal vulnerability in the Session Server in Attachmate ...)
	NOT-FOR-US: Attachmate Verastream Host Integrator
CVE-2013-3625 (An unspecified DLL file in Baramundi Management Suite 7.5 through 8.9 ...)
	NOT-FOR-US: Baramundi Management Suite
CVE-2013-3624 (The OS deployment feature in Baramundi Management Suite 7.5 through ...)
	NOT-FOR-US: Baramundi Management Suite
CVE-2013-3623 (Multiple stack-based buffer overflows in cgi/close_window.cgi in the ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3622 (Buffer overflow in logout.cgi in the Intelligent Platform Management ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3621
	RESERVED
CVE-2013-3620
	RESERVED
CVE-2013-3619
	RESERVED
CVE-2013-3618
	RESERVED
CVE-2013-3617 (The XML API in Openbravo ERP 2.5, 3.0, and earlier allows remote ...)
	NOT-FOR-US: Openbravo ERP
CVE-2013-3616 (Cross-site scripting (XSS) vulnerability in the KnowledgeView ...)
	NOT-FOR-US: KnowledgeView Editorial and Management application
CVE-2013-3615 (Dahua DVR appliances use a password-hash algorithm with a short hash ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3614 (Dahua DVR appliances have a small value for the maximum password ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3613 (Dahua DVR appliances do not properly restrict UPnP requests, which ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3612 (Dahua DVR appliances have a hardcoded password for (1) the root ...)
	NOT-FOR-US: Dahua DVR
CVE-2013-3611
	REJECTED
CVE-2013-3610 (qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before ...)
	NOT-FOR-US: ASUS router
CVE-2013-3609 (The web interface in the Intelligent Platform Management Interface ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3608 (The web interface in the Intelligent Platform Management Interface ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3607 (Multiple stack-based buffer overflows in the web interface in the ...)
	NOT-FOR-US: Intelligent Platform Management Interface
CVE-2013-3606 (The login page in the GoAhead web server on Dell PowerConnect 3348 ...)
	NOT-FOR-US: GoAhead web server on Dell PowerConnect
CVE-2013-3605 (Cross-site request forgery (CSRF) vulnerability in Coursemill Learning ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3604 (Multiple cross-site scripting (XSS) vulnerabilities in Coursemill ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3603 (Cross-site scripting (XSS) vulnerability in Coursemill Learning ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3602 (SQL injection vulnerability in admindocumentworker.jsp in Coursemill ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3601 (Coursemill Learning Management System (LMS) 6.6 does not properly ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3600 (Coursemill Learning Management System (LMS) 6.6 allows remote ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3599 (userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and ...)
	NOT-FOR-US: Coursemill Learning Management System
CVE-2013-3598 (Directory traversal vulnerability in servlet/CreateTemplateServlet in ...)
	NOT-FOR-US: SearchBlox
CVE-2013-3597 (servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows ...)
	NOT-FOR-US: SearchBlox
CVE-2013-3596 (AdvancePro Advanceware allows remote authenticated users to obtain ...)
	NOT-FOR-US: AdvancePro Advanceware
CVE-2013-3595 (The OpenManage web application 2.5 build 1.19 on Dell PowerConnect ...)
	NOT-FOR-US: Dell PowerConnect
CVE-2013-3594 (The SSH service on Dell PowerConnect 3348 1.2.1.3, 3524p 2.0.0.48, and ...)
	NOT-FOR-US: Dell PowerConnect
CVE-2013-3593 (Baramundi Management Suite 7.5 through 8.9 uses cleartext for (1) ...)
	NOT-FOR-US: Baramundi Management Suite
CVE-2013-3592
	RESERVED
CVE-2013-3591
	RESERVED
CVE-2013-3590 (Unrestricted file upload vulnerability in admin/uploadImage.html in ...)
	NOT-FOR-US: SearchBlox
CVE-2013-3589 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
	NOT-FOR-US: Dell iDRAC6
CVE-2013-3588 (The web management interface on Zyxel P660 devices allows remote ...)
	NOT-FOR-US: Zyxel
CVE-2013-3587 [BREACH attack against HTTP compression]
	RESERVED
	NOTE: not something we can concretely fix somewhere
	NOTE: mitigations must be done in webapps
	NOTE: http://web.archive.org/web/20160304210825/http://breachattack.com/
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=995168
	NOTE: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-django/
	NOTE: https://www.mail-archive.com/dev@httpd.apache.org/msg57592.html
CVE-2013-3586 (Samsung Web Viewer for Samsung DVR devices allows remote attackers to ...)
	NOT-FOR-US: Samsung DVR devices
CVE-2013-3585 (Samsung Web Viewer for Samsung DVR devices stores credentials in ...)
	NOT-FOR-US: Samsung DVR devices
CVE-2013-3584 (Cross-site scripting (XSS) vulnerability in Corporater EPM Suite ...)
	NOT-FOR-US: Corporater EPM Suite
CVE-2013-3583 (Cross-site request forgery (CSRF) vulnerability in saveProperties.html ...)
	NOT-FOR-US: Corporater EPM Suite
CVE-2013-3582 (Buffer overflow in Dell BIOS on Dell Latitude D###, E####, XT2, and ...)
	NOT-FOR-US: Dell
CVE-2013-3581 (ajax.cgi in the web interface on the Choice Wireless Green Packet ...)
	NOT-FOR-US: Choice Wireless Green Packet WIXFMR-111 4G WiMax modem
CVE-2013-3580 (The TrustGo Antivirus &amp; Mobile Security application before 1.3.6 for ...)
	NOT-FOR-US: TrustGo
CVE-2013-3579 (The Lookout Mobile Security application before 8.17-8a39d3f for ...)
	NOT-FOR-US: Lookout Mobile Security application for Android
CVE-2013-3578 (SQL injection vulnerability in the Help Desk application in Wave ...)
	NOT-FOR-US: ERAS
CVE-2013-3577 (SQL injection vulnerability in the Help Desk application in Wave ...)
	NOT-FOR-US: ERAS
CVE-2013-3576 (ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2013-3575 (hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3574 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3573 (HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2013-3572 (Cross-site scripting (XSS) vulnerability in the administer interface ...)
	NOT-FOR-US: Ubiquiti Networks UniFi
CVE-2013-3571 (socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used ...)
	- socat 1.7.1.3-1.5 (low; bug #709931)
	[squeeze] - socat <no-dsa> (Minor issue)
	[wheezy] - socat <no-dsa> (Minor issue)
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv4.html
CVE-2013-3570
	RESERVED
CVE-2013-3569
	RESERVED
CVE-2013-3568
	RESERVED
CVE-2013-3567 (Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet ...)
	{DSA-2715-1}
	- puppet 3.2.2-1 (bug #712745)
CVE-2013-3566
	RESERVED
CVE-2013-3565 [XSS in HTTP Interface]
	RESERVED
	- vlc 2.0.7-1 (unimportant)
	NOTE: Negligable impact
CVE-2013-3564
	RESERVED
CVE-2013-3563 (Stack-based buffer overflow in db_netserver in Lianja SQL Server ...)
	NOT-FOR-US: Lianja SQL Server
CVE-2013-3562 (Multiple integer signedness errors in the tvb_unmasked function in ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8499
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-29.html
CVE-2013-3561 (Multiple integer overflows in Wireshark 1.8.x before 1.8.7 allow ...)
	- wireshark <not-affected> (This CVE ID is for the Wireshark trunk, the fix 1.8 is CVE-2013-3562)
CVE-2013-3560 (The dissect_dsmcc_un_download function in ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (unimportant; bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-28.html
	NOTE: Not suitable for code injection
CVE-2013-3559 (epan/dissectors/packet-dcp-etsi.c in the DCP ETSI dissector in ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-27.html
CVE-2013-3558 (The dissect_ccp_bsdcomp_opt function in epan/dissectors/packet-ppp.c ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-26.html
CVE-2013-3557 (The dissect_ber_choice function in epan/dissectors/packet-ber.c in the ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (unimportant; bug #709167)
	[squeeze] - wireshark 1.2.11-6+squeeze11
	NOTE: Not suitable for code injection
CVE-2013-3556 (The fragment_add_seq_common function in epan/reassemble.c in the ASN.1 ...)
	- wireshark <not-affected> (Only affected the dev trunk)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-25.html (r48943)
CVE-2013-3555 (epan/dissectors/packet-gtpv2.c in the GTPv2 dissector in Wireshark ...)
	{DSA-2700-1}
	- wireshark 1.8.7-1 (bug #709167)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-24.html
CVE-2013-3554
	RESERVED
CVE-2013-3553 (Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier ...)
	NOT-FOR-US: Nitro Pro
CVE-2013-3552 (Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier ...)
	NOT-FOR-US: Nitro Pro
CVE-2013-3551
	RESERVED
	{DSA-2696-1}
	- otrs2 3.2.7-1
	[squeeze] - otrs2 <not-affected>
CVE-2013-3550
	REJECTED
CVE-2013-3549
	RESERVED
CVE-2013-3548
	RESERVED
CVE-2013-3547
	RESERVED
CVE-2013-3546
	RESERVED
CVE-2013-3545
	RESERVED
CVE-2013-3544
	REJECTED
CVE-2013-3543 (The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) ...)
	NOT-FOR-US: AXIS Media Control
CVE-2013-3542
	RESERVED
CVE-2013-3541 (Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive ...)
	NOT-FOR-US: AirLive
CVE-2013-3540 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: AirLive
CVE-2013-3539 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: Sony
CVE-2013-3538 (Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php ...)
	NOT-FOR-US: Todoo Forum
CVE-2013-3537 (Multiple SQL injection vulnerabilities in todooforum.php in Todoo ...)
	NOT-FOR-US: Todoo Forum
CVE-2013-3536 (SQL injection vulnerability in the gp_LoadUserFromHash function in ...)
	NOT-FOR-US: grouppay plugin
CVE-2013-3535 (Multiple cross-site scripting (XSS) vulnerabilities in CMSLogik 1.2.0 ...)
	NOT-FOR-US: CMSLogik
CVE-2013-3534 (Cross-site scripting (XSS) vulnerability in the aiContactSafe ...)
	NOT-FOR-US: aiContactSafe
CVE-2013-3533 (Multiple SQL injection vulnerabilities in Virtual Access Monitor ...)
	NOT-FOR-US: Virtual Access Monitor
CVE-2013-3532 (SQL injection vulnerability in settings.php in the Web Dorado Spider ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3531 (SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows ...)
	NOT-FOR-US: RadioCMS
CVE-2013-3530 (SQL injection vulnerability in playlist.php in the Spiffy XSPF Player ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3529 (Multiple cross-site scripting (XSS) vulnerabilities in user/obits.php ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3528 (Unspecified vulnerability in the update check in Vanilla Forums before ...)
	NOT-FOR-US: Vanilla Forums
CVE-2013-3527 (Multiple SQL injection vulnerabilities in Vanilla Forums before ...)
	NOT-FOR-US: Vanilla Forums
CVE-2013-3526 (Cross-site scripting (XSS) vulnerability in js/ta_loaded.js.php in the ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3525 (** DISPUTED ** ...)
	NOTE: http://web.archive.org/web/20151225141212/http://blog.bestpractical.com/2013/04/on-our-security-policies.html
CVE-2013-3524 (SQL injection vulnerability in popupnewsitem/ in the Pop Up News ...)
	NOT-FOR-US: phpVMS
CVE-2013-3523 (SQL injection vulnerability in This HTML Is Simple (THIS) before 1.2.4 ...)
	NOT-FOR-US: This HTML Is Simple
CVE-2013-3522 (SQL injection vulnerability in index.php/ajax/api/reputation/vote in ...)
	NOT-FOR-US: vBulletin
CVE-2012-6552 (Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before ...)
	NOT-FOR-US: phpVMS
CVE-2013-3521
	REJECTED
CVE-2013-3520 (VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not ...)
	NOT-FOR-US: VMware vCenter Chargeback Manager
CVE-2013-3519 (lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x ...)
	NOT-FOR-US: VMware
CVE-2013-3518
	RESERVED
CVE-2013-3517
	RESERVED
CVE-2013-3516
	RESERVED
CVE-2013-3515 (Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source ...)
	NOT-FOR-US: OpenX
CVE-2013-3514 (Multiple directory traversal vulnerabilities in OpenX before 2.8.10 ...)
	NOT-FOR-US: OpenX
CVE-2013-3513 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Noma ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3512 (The Cacti component in GroundWork Monitor Enterprise 6.7.0 does not ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3511 (Open redirect vulnerability in the NeDi component in GroundWork ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3510 (Multiple SQL injection vulnerabilities in GroundWork Monitor ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3509 (html/System-NeDi.php in the NeDi component in GroundWork Monitor ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3508 (html/System-Files.php in the System File Overview feature in the NeDi ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3507 (The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3506 (cgi-bin/performance/perfchart.cgi in the Performance component in ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3505 (The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3504 (Directory traversal vulnerability in monarch.cgi in the MONARCH ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3503 (The Profile Importer feature in monarch.cgi in the MONARCH component ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3502 (monarch_scan.cgi in the MONARCH component in GroundWork Monitor ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3501 (Multiple cross-site scripting (XSS) vulnerabilities in GroundWork ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3500 (The Foundation webapp admin interface in GroundWork Monitor Enterprise ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3499 (GroundWork Monitor Enterprise 6.7.0 performs authentication on the ...)
	NOT-FOR-US: GroundWork Monitor Enterprise
CVE-2013-3498 (Cross-site scripting (XSS) vulnerability in Juniper SmartPass WLAN ...)
	NOT-FOR-US: Juniper
CVE-2013-3497 (Juniper Junos Space before 12.3P2.8, as used on the JA1500 appliance ...)
	NOT-FOR-US: Juniper
CVE-2013-3496 (Infotecs ViPNet Client 3.2.10 (15632) and earlier, ViPNet Coordinator ...)
	NOT-FOR-US: Infotecs ViPNet Client
CVE-2013-3495 (The Intel VT-d Interrupt Remapping engine in Xen 3.3.x through 4.3.x ...)
	- xen 4.4.1-3 (unimportant)
	NOTE: Hardware design flaw, no software solution
CVE-2013-3494
	RESERVED
CVE-2013-3493
	RESERVED
CVE-2013-3492
	RESERVED
CVE-2013-3491 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WordPress plugin sharebar
CVE-2013-3490
	RESERVED
CVE-2013-3489
	RESERVED
CVE-2013-3488
	RESERVED
CVE-2013-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the security ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2013-3486
	RESERVED
CVE-2013-3485 (Multiple untrusted search path vulnerabilities in Soda PDF ...)
	NOT-FOR-US: Soda PDF
CVE-2013-3484 (Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before ...)
	NOT-FOR-US: dotCMS
CVE-2013-3483 (Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER ...)
	NOT-FOR-US: ERADAS ER Viewer
CVE-2013-3482 (Stack-based buffer overflow in the rf_report_error function in ...)
	NOT-FOR-US: ERADAS ER Viewer
CVE-2013-3481 (Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 ...)
	NOT-FOR-US: Artweaver
CVE-2013-3480 (Integer overflow in Sagelight 4.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Sagelight
CVE-2013-3479 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...)
	NOT-FOR-US: WordPress plugin ShareThis
CVE-2013-3478 (SQL injection vulnerability in Apptha WordPress Video Gallery 2.0, ...)
	NOT-FOR-US: Apptha WordPress Video Gallery
CVE-2013-3477 (Cross-site request forgery (CSRF) vulnerability in the Related Posts ...)
	NOT-FOR-US: WordPress plugin related-posts-by-zemanta
CVE-2013-3476 (Cross-site request forgery (CSRF) vulnerability in the WordPress ...)
	NOT-FOR-US: WordPress plugin wordpress-23-related-posts-plugin
CVE-2013-3475 (Stack-based buffer overflow in db2aud in the Audit Facility in IBM DB2 ...)
	NOT-FOR-US: IBM
CVE-2013-3474 (The Web Administrator Interface on Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2013-3473 (The web framework in Cisco Prime Central for Hosted Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2013-3472 (Cross-site request forgery (CSRF) vulnerability in the Enterprise ...)
	NOT-FOR-US: Cisco
CVE-2013-3471 (The captive portal application in Cisco Identity Services Engine (ISE) ...)
	NOT-FOR-US: Cisco
CVE-2013-3470 (The RIP process in Cisco IOS XR allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-3469 (Cisco Mobility Services Engine does not properly set up the Oracle SSL ...)
	NOT-FOR-US: Cisco
CVE-2013-3468 (The Cisco Unified IP Phone 8945 with software 9.3(2) allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-3467 (Memory leak in the CLI component on Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2013-3466 (The EAP-FAST authentication module in Cisco Secure Access Control ...)
	NOT-FOR-US: Cisco
CVE-2013-3465
	RESERVED
CVE-2013-3464 (Cisco IOS XR allows local users to cause a denial of service (Silicon ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-3463 (The protocol-inspection feature on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco
CVE-2013-3462 (Buffer overflow in Cisco Unified Communications Manager (Unified CM) ...)
	NOT-FOR-US: Cisco
CVE-2013-3461 (Cisco Unified Communications Manager (Unified CM) 8.5(x) and 8.6(x) ...)
	NOT-FOR-US: Cisco
CVE-2013-3460 (Memory leak in Cisco Unified Communications Manager (Unified CM) ...)
	NOT-FOR-US: Cisco
CVE-2013-3459 (Cisco Unified Communications Manager (Unified CM) 7.1(x) before ...)
	NOT-FOR-US: Cisco
CVE-2013-3458 (Cisco Adaptive Security Appliances (ASA) devices, when SMP is used, do ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-3457 (Absolute path traversal vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco Finesse
CVE-2013-3456
	RESERVED
CVE-2013-3455 (Cisco Finesse allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Cisco
CVE-2013-3454 (Cisco TelePresence System Software 1.10.1 and earlier on 500, 13X0, ...)
	NOT-FOR-US: Cisco
CVE-2013-3453 (Memory leak in Cisco Unified Communications Manager IM and Presence ...)
	NOT-FOR-US: Cisco
CVE-2013-3452
	RESERVED
CVE-2013-3451 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-3450 (Cross-site request forgery (CSRF) vulnerability in the User WebDialer ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-3449
	RESERVED
CVE-2013-3448 (Cisco WebEx Meetings Server does not check whether a user account is ...)
	NOT-FOR-US: Cisco
CVE-2013-3447
	RESERVED
CVE-2013-3446 (Open redirect vulnerability in the login page in Cisco Digital Media ...)
	NOT-FOR-US: Cisco
CVE-2013-3445 (The firewall subsystem in Cisco Identity Services Engine has an ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-3444 (The web framework in Cisco WAAS Software before 4.x and 5.x before ...)
	NOT-FOR-US: Cisco
CVE-2013-3443 (The web service framework in Cisco WAAS Software 4.x and 5.x before ...)
	NOT-FOR-US: Cisco
CVE-2013-3442 (The web portal in Cisco Unified Communications Manager (Unified CM) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-3441 (Cisco Aironet 3600 access points allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2013-3440 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Cisco
CVE-2013-3439 (Cross-site scripting (XSS) vulnerability in Cisco Unified Operations ...)
	NOT-FOR-US: Cisco
CVE-2013-3438 (The web framework in the server in Cisco Unified MeetingPlace Web ...)
	NOT-FOR-US: Cisco
CVE-2013-3437 (SQL injection vulnerability in the management application in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3436 (The default configuration of the Group Encrypted Transport VPN (GET ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-3435 (The Cisco Unified IP Conference Station 7937G allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2013-3434 (Untrusted search path vulnerability in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2013-3433 (Untrusted search path vulnerability in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2013-3432
	RESERVED
CVE-2013-3431 (Cisco Video Surveillance Manager (VSM) before 7.0.0 does not require ...)
	NOT-FOR-US: Cisco
CVE-2013-3430 (Cisco Video Surveillance Manager (VSM) before 7.0.0 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-3429 (Multiple directory traversal vulnerabilities in Cisco Video ...)
	NOT-FOR-US: Cisco
CVE-2013-3428 (The web interface in Cisco Secure Access Control System (ACS) does not ...)
	NOT-FOR-US: Cisco
CVE-2013-3427
	RESERVED
CVE-2013-3426 (The Serviceability servlet on Cisco 9900 IP phones does not properly ...)
	NOT-FOR-US: Cisco
CVE-2013-3425 (The Meeting Center component in Cisco WebEx 11 generates different ...)
	NOT-FOR-US: Cisco WebEx 11
CVE-2013-3424 (Cross-site request forgery (CSRF) vulnerability in Administration and ...)
	NOT-FOR-US: Cisco
CVE-2013-3423 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3422 (Cross-site scripting (XSS) vulnerability in Administration pages in ...)
	NOT-FOR-US: Cisco
CVE-2013-3421 (Cross-site scripting (XSS) vulnerability in the Help index page in ...)
	NOT-FOR-US: Cisco
CVE-2013-3420 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2013-3419 (Cross-site scripting (XSS) vulnerability in Cisco Unified MeetingPlace ...)
	NOT-FOR-US: Cisco
CVE-2013-3418 (Cisco Unified Communications Domain Manager does not properly allocate ...)
	NOT-FOR-US: Cisco
CVE-2013-3417 (The administrative web interface in Cisco Video Surveillance ...)
	NOT-FOR-US: Cisco
CVE-2013-3416 (Cross-site scripting (XSS) vulnerability in the web framework in the ...)
	NOT-FOR-US: Cisco
CVE-2013-3415 (Cisco Adaptive Security Appliance (ASA) Software 8.4.x before 8.4(3) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2013-3414 (Cross-site scripting (XSS) vulnerability in the WebVPN portal login ...)
	NOT-FOR-US: Cisco
CVE-2013-3413 (Cross-site scripting (XSS) vulnerability in the search form in the ...)
	NOT-FOR-US: Cisco
CVE-2013-3412 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2013-3411 (The IDSM-2 drivers in Cisco Intrusion Prevention System (IPS) Software ...)
	NOT-FOR-US: Cisco
CVE-2013-3410 (Cisco Intrusion Prevention System (IPS) Software on IPS NME devices ...)
	NOT-FOR-US: Cisco
CVE-2013-3409 (The portal in Cisco Prime Central for Hosted Collaboration Solution ...)
	NOT-FOR-US: Cisco
CVE-2013-3408 (The firmware on Cisco Virtualization Experience Client 6000 devices ...)
	NOT-FOR-US: Cisco
CVE-2013-3407 (The web interface in Cisco Server Provisioner 6.4.0 Patch 5-1301292331 ...)
	NOT-FOR-US: Cisco
CVE-2013-3406 (The &quot;Files Available for Download&quot; implementation in the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3405 (The web portal in TC software on Cisco TelePresence endpoints does not ...)
	NOT-FOR-US: Cisco
CVE-2013-3404 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2013-3403 (Multiple untrusted search path vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2013-3402 (An unspecified function in Cisco Unified Communications Manager (CUCM) ...)
	NOT-FOR-US: Cisco
CVE-2013-3401 (The SIP implementation in Cisco TelePresence TC Software allows remote ...)
	NOT-FOR-US: Cisco
CVE-2013-3400 (The license-installation module in Cisco NX-OS on Nexus 1000V devices ...)
	NOT-FOR-US: Cisco
CVE-2013-3399 (Buffer overflow in an unspecified Android API on the Cisco Desktop ...)
	NOT-FOR-US: Cisco
CVE-2013-3398 (The web framework in Cisco Prime Central for Hosted Collaboration ...)
	NOT-FOR-US: Cisco
CVE-2013-3397 (Cross-site request forgery (CSRF) vulnerability in the Unified ...)
	NOT-FOR-US: Cisco
CVE-2013-3396 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3395 (Cross-site request forgery (CSRF) vulnerability in the web framework ...)
	NOT-FOR-US: Cisco IronPort Web Security Appliance
CVE-2013-3394 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3393 (The Precision Video Engine component in Cisco Jabber for Windows and ...)
	NOT-FOR-US: Cisco
CVE-2013-3392 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cisco ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2013-3391
	RESERVED
CVE-2013-3390 (Memory leak in Cisco Prime Central for Hosted Collaboration Solution ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3389 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3388 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3387 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-3386 (The IronPort Spam Quarantine (ISQ) component in the web framework in ...)
	NOT-FOR-US: Cisco
CVE-2013-3385 (The management GUI in the web framework in IronPort AsyncOS on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3384 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2013-3383 (The web framework in IronPort AsyncOS on Cisco Web Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2013-3382 (The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-3381 (Cisco Hosted Collaboration Mediation allows remote attackers to cause ...)
	NOT-FOR-US: Cisco Hosted Collaboration Mediation
CVE-2013-3380 (The administrative web interface in the Access Control Server in Cisco ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-3379 (The firewall subsystem in Cisco TelePresence TC Software before 4.2 ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2013-3378 (Cisco TelePresence TC Software before 6.1 and TE Software before 4.1.3 ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2013-3377 (Cisco TelePresence TC Software before 5.1.7 and TE Software before ...)
	NOT-FOR-US: Cisco TelePresence TC Software
CVE-2013-3376 (Open redirect vulnerability in the help page in Cisco Video ...)
	NOT-FOR-US: Cisco
CVE-2013-3375 (Cross-site scripting (XSS) vulnerability in the portal page in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2013-3374 (Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3373 (CRLF injection vulnerability in Request Tracker (RT) 3.8.x before ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3372 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3371 (Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3370 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3369 (Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3368 (bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before ...)
	{DSA-2671-1 DSA-2670-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2013-3367
	RESERVED
CVE-2013-3366
	RESERVED
CVE-2013-3365 (TRENDnet TEW-812DRU router allows remote authenticated users to ...)
	NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3364
	RESERVED
CVE-2013-3363 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3362 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3361 (Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3360 (Adobe Shockwave Player before 12.0.4.144 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3359 (Adobe Shockwave Player before 12.0.4.144 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3358 (Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3357 (Integer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3356 (Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3355 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3354 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3353 (Buffer overflow in Adobe Reader and Acrobat before 10.1.8 and 11.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3352 (Adobe Reader and Acrobat before 10.1.8 and 11.x before 11.0.04 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3351 (Multiple stack-based buffer overflows in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3350 (Adobe ColdFusion 10 before Update 11 allows remote attackers to call ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-3349 (Unspecified vulnerability in Adobe ColdFusion 9.0 through 9.0.2, when ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-3348 (Adobe Shockwave Player before 12.0.3.133 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-3347 (Integer overflow in Adobe Flash Player before 11.7.700.232 and 11.8.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3346 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3345 (Adobe Flash Player before 11.7.700.232 and 11.8.x before 11.8.800.94 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3344 (Heap-based buffer overflow in Adobe Flash Player before 11.7.700.232 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3343 (Adobe Flash Player before 10.3.183.90 and 11.x before 11.7.700.224 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3342 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3341 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3340 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3339 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3338 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3337 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-3336 (Unspecified vulnerability in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-3335 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3334 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3333 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3332 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3331 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3330 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3329 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3328 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3327 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3326 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3325 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3324 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-3323
	RESERVED
CVE-2013-3322
	RESERVED
CVE-2013-3321
	RESERVED
CVE-2013-3320
	RESERVED
CVE-2013-3319 (The GetComputerSystem method in the HostControl service in SAP ...)
	NOT-FOR-US: SAP Netweaver
CVE-2013-3318
	REJECTED
CVE-2013-3317
	RESERVED
CVE-2013-3316
	RESERVED
CVE-2013-3315 (The server in TIBCO Silver Mobile 1.1.0 does not properly verify ...)
	NOT-FOR-US: TIBCO
CVE-2013-3314
	RESERVED
CVE-2013-3313
	RESERVED
CVE-2013-3312
	RESERVED
CVE-2013-3311
	RESERVED
CVE-2013-3310
	RESERVED
CVE-2009-5135 (The Java XML parser in Echo before 2.1.1 and 3.x before 3.0.b6 allows ...)
	NOT-FOR-US: Echo
CVE-2013-3309
	RESERVED
CVE-2013-3308
	RESERVED
CVE-2013-3307
	RESERVED
CVE-2013-3306
	RESERVED
CVE-2013-3305
	RESERVED
CVE-2013-3304 (Directory traversal vulnerability in Dell EqualLogic PS4000 with ...)
	NOT-FOR-US: Dell EqualLogic PS4000
CVE-2013-3303
	RESERVED
CVE-2013-3300 (The JsonParser class in json/JsonParser.scala in Lift before 2.5 ...)
	NOT-FOR-US: Lift Framework
CVE-2013-3299 (RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers ...)
	NOT-FOR-US: RealPlayer
CVE-2013-3298
	RESERVED
CVE-2013-3297
	RESERVED
CVE-2013-3296
	RESERVED
CVE-2013-3295 (Directory traversal vulnerability in install/popup.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2013-3294 (Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 ...)
	NOT-FOR-US: Exponent CMS
CVE-2013-3293
	RESERVED
CVE-2013-3292
	RESERVED
CVE-2013-3291
	RESERVED
CVE-2013-3290
	RESERVED
CVE-2013-3289
	REJECTED
CVE-2013-3288 (Cross-site scripting (XSS) vulnerability on the EMC RSA Data ...)
	NOT-FOR-US: EMC
CVE-2013-3287 (EMC Unisphere for VMAX before 1.6.1.6, when using an unspecified level ...)
	NOT-FOR-US: EMC Unisphere for VMAX
CVE-2013-3286 (Multiple cross-site scripting (XSS) vulnerabilities in EMC Documentum ...)
	NOT-FOR-US: EMC Documentum
CVE-2013-3285 (The NetWorker Management Console (NMC) in EMC NetWorker 8.0.x before ...)
	NOT-FOR-US: EMC NetWorker
CVE-2013-3284
	REJECTED
CVE-2013-3283
	REJECTED
CVE-2013-3282
	REJECTED
CVE-2013-3281 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop ...)
	NOT-FOR-US: EMC Documentum
CVE-2013-3280 (EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet ...)
	NOT-FOR-US: RSA Authentication Agent for Web for Internet Information Services
CVE-2013-3279 (EMC Atmos before 2.1.4 has a blank password for the PostgreSQL ...)
	NOT-FOR-US: EMC
CVE-2013-3278 (EMC VPLEX before VPLEX GeoSynchrony 5.2 SP1 uses cleartext for storage ...)
	NOT-FOR-US: EMC
CVE-2013-3277 (Open redirect vulnerability in EMC RSA Archer GRC 5.x before 5.4 ...)
	NOT-FOR-US: EMC
CVE-2013-3276 (EMC RSA Archer GRC 5.x before 5.4 allows remote authenticated users to ...)
	NOT-FOR-US: EMC
CVE-2013-3275 (EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store ...)
	NOT-FOR-US: EMC
CVE-2013-3274 (EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store ...)
	NOT-FOR-US: EMC
CVE-2013-3273 (EMC RSA Authentication Manager 8.0 before P2 and 7.1 before SP4 P26, ...)
	NOT-FOR-US: EMC
CVE-2013-3272 (EMC Replication Manager (RM) before 5.4.4 places encoded passwords in ...)
	NOT-FOR-US: EMC
CVE-2013-3271 (EMC RSA Authentication Agent for PAM 7.0 before 7.0.2.1 enforces the ...)
	NOT-FOR-US: EMC
CVE-2013-3270 (EMC VNX Control Station before 7.1.70.2 and Celerra Control Station ...)
	NOT-FOR-US: EMC
CVE-2013-3302 (Race condition in the smb_send_rqst function in fs/cifs/transport.c in ...)
	- linux-2.6 <not-affected> (Introduced in 3.7)
	- linux 3.8-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
CVE-2013-3301 (The ftrace implementation in the Linux kernel before 3.8.8 allows ...)
	{DSA-2669-1}
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.8.11-1 (low)
	NOTE: https://git.kernel.org/linus/6a76f8c0ab19f215af2a3442870eeb5f0e81998d
	NOTE: Not enabled in default kernels
CVE-2013-3269 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...)
	NOT-FOR-US: Cybozu Office
CVE-2013-3268 (Novell iManager 2.7 before SP6 Patch 1 does not refresh a token after ...)
	NOT-FOR-US: Novell iManager
CVE-2013-3267 (Cross-site scripting (XSS) vulnerability in the highlighter plugin in ...)
	NOT-FOR-US: Joomla
CVE-2013-3266 (The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the ...)
	{DSA-2672-1}
	- kfreebsd-9 9.0-11 (bug #706414)
	- kfreebsd-8 <removed> (bug #706418)
	[wheezy] - kfreebsd-8 <no-dsa> (new NFS server is not enabled)
	[squeeze] - kfreebsd-8 <no-dsa> (new NFS server is not enabled)
	NOTE: http://www.freebsd.org/security/advisories/FreeBSD-SA-13:05.nfsserver.asc
CVE-2013-3265
	RESERVED
CVE-2013-3264 (The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for ...)
	NOT-FOR-US: WP Ultimate Email Marketer
CVE-2013-3263 (Multiple cross-site scripting (XSS) vulnerabilities in the WP Ultimate ...)
	NOT-FOR-US: WP Ultimate Email Marketer
CVE-2013-3262 (Cross-site scripting (XSS) vulnerability in admin/admin.php in the ...)
	NOT-FOR-US: WordPress plugin download-monitor
CVE-2013-3261 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
	NOT-FOR-US: WordPress plugin flash-album-gallery
CVE-2013-3260 (Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
	NOT-FOR-US: INMATRIX Zoom Player
CVE-2013-3259 (Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 ...)
	NOT-FOR-US: INMATRIX Zoom Player
CVE-2013-3258 (Cross-site request forgery (CSRF) vulnerability in he Digg Digg plugin ...)
	NOT-FOR-US: WordPress plugin digg-digg
CVE-2013-3257 (Cross-site request forgery (CSRF) vulnerability in the Related Posts ...)
	NOT-FOR-US: WordPress plugin related-posts
CVE-2013-3256 (Cross-site request forgery (CSRF) vulnerability in the Shareaholic ...)
	NOT-FOR-US: WordPress plugin sexybookmarks
CVE-2013-3255
	RESERVED
CVE-2013-3254 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3253 (Cross-site request forgery (CSRF) vulnerability in admin/setting.php ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-3252 (Cross-site request forgery (CSRF) vulnerability in the options admin ...)
	NOT-FOR-US: WordPress plugin WP-PostViews
CVE-2013-3251 (Cross-site request forgery (CSRF) vulnerability in the qTranslate ...)
	NOT-FOR-US: WordPress plugin qTranslate
CVE-2013-3250 (Cross-site request forgery (CSRF) vulnerability in the WP Maintenance ...)
	NOT-FOR-US: WP Maintenance Mode plugin for Wordpress
CVE-2013-3249 (Stack-based buffer overflow in the &quot;Add from text file&quot; feature in the ...)
	NOT-FOR-US: DameWare Remote Support
CVE-2013-3248 (Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows ...)
	NOT-FOR-US: Corel PDF Fusion
CVE-2013-3247
	RESERVED
CVE-2013-3246
	RESERVED
CVE-2013-3245 (** DISPUTED ** plugins/demux/libmkv_plugin.dll in VideoLAN VLC Media ...)
	- vlc 2.0.7-1 (unimportant)
	NOTE: Harmless crasher
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=59c9e8309d5b435a2d85c2c9eaae979ba56ccdd9
	NOTE: http://secunia.com/blog/372/
	NOTE: http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia
CVE-2013-3244 (Multiple unspecified vulnerabilities in the CJDB_FILL_MEMORY_FROM_PPB ...)
	NOT-FOR-US: SAP ERP Central Component
CVE-2013-3243 (Unspecified vulnerability in OpenText/IXOS ECM for SAP NetWeaver ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2013-3242 (plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 ...)
	NOT-FOR-US: Joomla
CVE-2013-3241 (export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 ...)
	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3240 (Directory traversal vulnerability in the Export feature in phpMyAdmin ...)
	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2013-3239 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3, when a SaveDir ...)
	{DLA-0014-1}
	- phpmyadmin 4:3.4.11.1-2
	[squeeze] - phpmyadmin 4:3.3.7-8
	NOTE: Requires non-default option saveDir to be enabled, an authenticated untrusted user and Apache mod_mime
CVE-2013-3238 (phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote ...)
	- phpmyadmin <not-affected> (exploitable PHP on Windows only)
	NOTE: code patched in 4:3.4.11.1-2 nonetheless
CVE-2013-3237 (The vsock_stream_sendmsg function in net/vmw_vsock/af_vsock.c in the ...)
	- linux-2.6 <not-affected> ((net/vmw_vsock/af_vsock.c not present)
	- linux <not-affected> (net/vmw_vsock/af_vsock.c not present)
	- open-vm-tools 2:9.2.2-893683-8 (low; bug #706557)
	[wheezy] - open-vm-tools <no-dsa> (Minor information leak)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported, minor information leak)
CVE-2013-3236 (The vmci_transport_dgram_dequeue function in ...)
	- linux-2.6 <not-affected> (VM Sockets only introduced in 3.9-rc1)
	- linux <not-affected> (VM Sockets introduced in 3.9-rc1)
CVE-2013-3235 (net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3234 (The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3233 (The llcp_sock_recvmsg function in net/nfc/llcp/sock.c in the Linux ...)
	- linux-2.6 <not-affected> (net/nfc/llcp/sock.c not present, introduced in 3.3)
	- linux <not-affected> (net/nfc/llcp/sock.c not present, introduced in 3.3)
CVE-2013-3232 (The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel ...)
	- linux-2.6 <not-affected> (Introduced and fixed during 3.9 cycle)
	- linux <not-affected> (Introduced and fixed during 3.9 cycle)
CVE-2013-3231 (The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3230 (The l2tp_ip6_recvmsg function in net/l2tp/l2tp_ip6.c in the Linux ...)
	- linux-2.6 <not-affected> (net/l2tp/l2tp_ip6.c not present)
	- linux <not-affected> (net/l2tp/l2tp_ip6.c introduced in 3.5)
CVE-2013-3229 (The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3228 (The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3227 (The caif_seqpkt_recvmsg function in net/caif/caif_socket.c in the ...)
	{DSA-2669-1}
	- linux-2.6 <not-affected> (net/caif/caif_socket.c introduced in v2.6.35)
	- linux 3.8.11-1 (low)
CVE-2013-3226 (The sco_sock_recvmsg function in net/bluetooth/sco.c in the Linux ...)
	- linux-2.6 <not-affected> (Vulnerable code not yet present)
	- linux <not-affected> (Vulnerable code not yet present)
	NOTE: sco_sock_recvmsg only introduced with v3.8, bt_sock_recvmsg has its own CVE ID
CVE-2013-3225 (The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3224 (The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3223 (The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3222 (The vcc_recvmsg function in net/atm/common.c in the Linux kernel ...)
	{DSA-2669-1 DSA-2668-1}
	- linux-2.6 <removed> (low)
	- linux 3.8.11-1 (low)
CVE-2013-3221 (The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and ...)
	- rails-3.2 <unfixed> (unimportant)
	- ruby-activerecord-3.2 <unfixed> (unimportant)
	- ruby-activerecord-2.3 <unfixed> (unimportant)
	[wheezy] - ruby-activerecord-2.3 <end-of-life>
	- rails 2.3.14.1 (unimportant)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: This is a general design problem and only mitigated by documented best practices
CVE-2013-3220 (bitcoind and Bitcoin-Qt before 0.4.9rc2, 0.5.x before 0.5.8rc2, 0.6.x ...)
	- bitcoin 0.8.1-1
CVE-2013-3219 (bitcoind and Bitcoin-Qt 0.8.x before 0.8.1 do not enforce a certain ...)
	- bitcoin 0.8.1-1
CVE-2013-3218
	RESERVED
CVE-2013-3217
	RESERVED
CVE-2013-3216
	RESERVED
CVE-2013-3215
	RESERVED
CVE-2013-3214
	RESERVED
CVE-2013-3213 (Multiple SQL injection vulnerabilities in vTiger CRM 5.0.0 through ...)
	NOT-FOR-US: vTiger CRM
CVE-2013-3212
	RESERVED
CVE-2012-6551 (The default configuration of Apache ActiveMQ before 5.8.0 enables a ...)
	- activemq <not-affected> (Example code not shipped in .deb)
CVE-2013-3211 (Unspecified vulnerability in Opera before 12.15 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2013-3210 (Opera before 12.15 does not properly block top-level domains in ...)
	NOT-FOR-US: Opera
CVE-2013-3209 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3208 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3207 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3206 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3205 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3204 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-3203 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3202 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2013-3201 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3200 (The USB drivers in the kernel-mode drivers in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3199 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3198 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3197 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3196 (The NT Virtual DOS Machine (NTVDM) subsystem in the kernel in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3195 (The DSA_InsertItem function in Comctl32.dll in the Windows common ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3194 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3193 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3192 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3191 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3190 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3189 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3188 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3187 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3186 (The Protected Mode feature in Microsoft Internet Explorer 7 through 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3185 (Microsoft Active Directory Federation Services (AD FS) 1.x through 2.1 ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2013-3184 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3183 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3182 (The Windows NAT Driver (aka winnat) service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3181 (usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3180 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3179 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-3178 (Microsoft Silverlight 5 before 5.1.20513.0 does not properly ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2013-3177
	REJECTED
CVE-2013-3176
	REJECTED
CVE-2013-3175 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2013-3174 (DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2013-3173 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2013-3172 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2013-3171 (The serialization functionality in Microsoft .NET Framework 2.0 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2013-3170
	REJECTED
CVE-2013-3169
	REJECTED
CVE-2013-3168
	REJECTED
CVE-2013-3167 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2013-3166 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3165
	REJECTED
CVE-2013-3164 (Microsoft Internet Explorer 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3163 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3162 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3161 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3160 (Microsoft Office 2003 SP3 and 2007 SP3, Word 2003 SP3 and 2007 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2013-3159 (Microsoft Excel 2003 SP3, 2007 SP3, and 2010 SP1 and SP2; Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2013-3158 (Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Excel
CVE-2013-3157 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2013-3156 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft ...)
	NOT-FOR-US: Microsoft Access
CVE-2013-3155 (Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2013-3154 (The signature-update functionality in Windows Defender on Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3153 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3152 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3151 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3150 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3149 (Microsoft Internet Explorer 7 and 8 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3148 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3147 (Microsoft Internet Explorer 6 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3146 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3145 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3144 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3143 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3142 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3141 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3140 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3139 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3138 (Integer overflow in the TCP/IP kernel-mode driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2013-3137 (Microsoft FrontPage 2003 SP3 does not properly parse DTDs, which ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2013-3136 (The kernel in Microsoft Windows XP SP3, Windows Server 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2013-3135
	REJECTED
CVE-2013-3134 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3133 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3132 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-3131 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5, and ...)
	NOT-FOR-US: Microsoft
CVE-2013-3130
	REJECTED
CVE-2013-3129 (Microsoft .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, and 4.5; Silverlight ...)
	NOT-FOR-US: Microsoft
CVE-2013-3128 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-3127 (The Microsoft WMV video codec in wmv9vcm.dll, wmvdmod.dll in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2013-3126 (Microsoft Internet Explorer 9 and 10, when script debugging is ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3125 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3124 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3123 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3122 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3121 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3120 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3119 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3118 (Microsoft Internet Explorer 10 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3117 (Microsoft Internet Explorer 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3116 (Microsoft Internet Explorer 7 through 9 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3115 (Microsoft Internet Explorer 7 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3114 (Microsoft Internet Explorer 9 and 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3113 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3112 (Microsoft Internet Explorer 6 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3111 (Microsoft Internet Explorer 8 through 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3110 (Microsoft Internet Explorer 8 and 9 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-3109
	RESERVED
CVE-2013-3108
	RESERVED
CVE-2013-3107 (VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding ...)
	NOT-FOR-US: vCenter
CVE-2013-3106 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-3105
	RESERVED
CVE-2013-3104
	RESERVED
CVE-2013-3103
	RESERVED
CVE-2013-3102
	RESERVED
CVE-2013-3101
	RESERVED
CVE-2013-3100
	RESERVED
CVE-2013-3099
	RESERVED
CVE-2013-3098 (Multiple cross-site request forgery (CSRF) vulnerabilities in TRENDnet ...)
	NOT-FOR-US: TRENDnet TEW-812DRU router
CVE-2013-3097
	RESERVED
CVE-2013-3096
	RESERVED
CVE-2013-3095 (Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link ...)
	NOT-FOR-US: D-Link
CVE-2013-3094
	RESERVED
CVE-2013-3093
	RESERVED
CVE-2013-3092 (The Belkin N300 (F7D7301v1) router allows remote attackers to bypass ...)
	NOT-FOR-US: Belkin router
CVE-2013-3091
	RESERVED
CVE-2013-3090 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N300 ...)
	NOT-FOR-US: Belkin N300 router
CVE-2013-3089 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in Belkin ...)
	NOT-FOR-US: Belkin N300
CVE-2013-3088
	RESERVED
CVE-2013-3087 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin N900 ...)
	NOT-FOR-US: Belkin N900 router
CVE-2013-3086 (Cross-site request forgery (CSRF) vulnerability in util_system.html in ...)
	NOT-FOR-US: Belkin N900
CVE-2013-3085
	RESERVED
CVE-2013-3084 (Multiple cross-site scripting (XSS) vulnerabilities in Belkin Model ...)
	NOT-FOR-US: Belkin router
CVE-2013-3083 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Belkin
CVE-2013-3082 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Jojo CMS
CVE-2013-3081 (SQL injection vulnerability in the checkEmailFormat function in ...)
	NOT-FOR-US: Jojo CMS
CVE-2013-3080 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows ...)
	NOT-FOR-US: vCenter
CVE-2013-3079 (VMware vCenter Server Appliance (vCSA) 5.1 before Update 1 allows ...)
	NOT-FOR-US: vCenter
CVE-2013-3078
	RESERVED
CVE-2013-3077 (Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER ...)
	{DSA-2743-1}
	- kfreebsd-8 <removed> (bug #720470)
	[wheezy] - kfreebsd-8 8.3-6+deb7u1
	[squeeze] - kfreebsd-8 <end-of-life> (Unsupported in squeeze-lts)
	- kfreebsd-9 9.2~svn254368-2 (bug #720468)
	- kfreebsd-10 10.0~svn254663-1 (bug #720471)
CVE-2013-3076 (The crypto API in the Linux kernel through 3.9-rc8 does not initialize ...)
	{DSA-2669-1}
	- linux 3.8.11-1 (low)
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-3075 (Multiple buffer overflows in ActUWzd.dll 1.0.0.1 in Mitsubishi MX ...)
	NOT-FOR-US: Mitsubishi MX Component 3
CVE-2013-3074
	RESERVED
CVE-2013-3073
	RESERVED
CVE-2013-3072
	RESERVED
CVE-2013-3071
	RESERVED
CVE-2013-3070
	RESERVED
CVE-2013-3069 (Multiple cross-site scripting (XSS) vulnerabilities in NETGEAR ...)
	NOT-FOR-US: NETGEAR devices
CVE-2013-3068 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in ...)
	NOT-FOR-US: Linksys
CVE-2013-3067
	RESERVED
CVE-2013-3066 (Linksys EA6500 with firmware 1.1.28.147876 does not properly restrict ...)
	NOT-FOR-US: Linksys
CVE-2013-3065 (Cross-site scripting (XSS) vulnerability in the Parental Controls ...)
	NOT-FOR-US: Linksys
CVE-2013-3064 (Open redirect vulnerability in ui/dynamic/unsecured.html in Linksys ...)
	NOT-FOR-US: Linksys
CVE-2013-3063 (SAP BASIS Communication Services 4.6B through 7.30 allows remote ...)
	NOT-FOR-US: SAP BASIS Communication Services
CVE-2013-3062 (The CP_RC_TRANSACTION_CALL_BY_SET function in the Engineering ...)
	NOT-FOR-US: SAP
CVE-2013-3061 (The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H ...)
	NOT-FOR-US: SAP
CVE-2013-3060 (The web console in Apache ActiveMQ before 5.8.0 does not require ...)
	- activemq <not-affected> (Web console not provided in Debian package, see #702670)
CVE-2013-3059 (Cross-site scripting (XSS) vulnerability in the Voting plugin in ...)
	NOT-FOR-US: Joomla
CVE-2013-3058 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before ...)
	NOT-FOR-US: Joomla
CVE-2013-3057 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2013-3056 (Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2013-3055 (Lexmark Markvision Enterprise before 1.8 provides a diagnostic ...)
	NOT-FOR-US: Lexmark Markvision Enterprise
CVE-2013-3054
	RESERVED
CVE-2013-3053
	RESERVED
CVE-2013-3052
	RESERVED
CVE-2013-3051 (The TrustZone kernel, when used in conjunction with a certain Motorola ...)
	NOT-FOR-US: TrustZone kernel
CVE-2013-3050 (SQL injection vulnerability in ZAPms 1.41 and earlier allows remote ...)
	NOT-FOR-US: ZAPms
CVE-2013-3049 (IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3048 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3047 (IBM Maximo Asset Management 7.1 before 7.1.1.12 and 7.5 before 7.5.0.5 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-3046 (The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-3045 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-3044 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-3043 (Directory traversal vulnerability in the client in IBM Rational ...)
	NOT-FOR-US: IBM
CVE-2013-3042 (Directory traversal vulnerability in the server in IBM Rational ...)
	NOT-FOR-US: IBM
CVE-2013-3041 (The Web Client in IBM Rational ClearQuest 7.1 before 7.1.2.12, 8.0 ...)
	NOT-FOR-US: IBM
CVE-2013-3040 (IBM InfoSphere Information Server through 8.5 FP3, 8.7 through FP2, ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3039 (IBM Rational Requirements Composer before 4.0.4 does not properly ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3038 (Unspecified vulnerability in IBM Rational Requirements Composer before ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3037 (Unspecified vulnerability in IBM Rational Requirements Composer before ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3036 (Open redirect vulnerability in IBM Rational Requirements Composer ...)
	NOT-FOR-US: IBM Rational Requirements Composer
CVE-2013-3035 (The IPv6 implementation in the inet subsystem in IBM AIX 6.1 and 7.1, ...)
	NOT-FOR-US: IBM AIX
CVE-2013-3034 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-3033 (SQL injection vulnerability in the server component in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Remote Control
CVE-2013-3032 (Cross-site scripting (XSS) vulnerability in the MIME e-mail ...)
	NOT-FOR-US: IBM Domino
CVE-2013-3031 (A SQL stored procedure in the Universal Cache component in IBM solidDB ...)
	NOT-FOR-US: IBM
CVE-2013-3030 (The servlet gateway in IBM Cognos Business Intelligence 8.4.1 before ...)
	NOT-FOR-US: IBM
CVE-2013-3029 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-3028 (Multiple buffer overflows in mqm programs in IBM WebSphere MQ 7.0.x ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-3027 (Integer overflow in the DWA9W ActiveX control in iNotes in IBM Domino ...)
	NOT-FOR-US: IBM Domino
CVE-2013-3026 (Buffer overflow in the Lotus Quickr for Domino ActiveX control in ...)
	NOT-FOR-US: Lotus Quickr for Domino ActiveX
CVE-2013-3025 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Rational ...)
	NOT-FOR-US: IBM
CVE-2013-3024
	RESERVED
CVE-2013-3023
	RESERVED
CVE-2013-3022
	RESERVED
CVE-2013-3021
	RESERVED
CVE-2013-3020 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-3019
	RESERVED
CVE-2013-3018
	RESERVED
CVE-2013-3017
	RESERVED
CVE-2013-3016 (IBM WebSphere Portal 6.1, 7.0, and 8.0 allows remote attackers to ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-3015
	RESERVED
CVE-2013-3014
	RESERVED
CVE-2013-3013
	RESERVED
CVE-2013-3012 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3011 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3010 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3009 (The com.ibm.CORBA.iiop.ClientDelegate class in IBM Java 1.4.2 before ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3008 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3007 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3006 (Unspecified vulnerability in the Java Runtime Environment (JRE) in IBM ...)
	NOT-FOR-US: IBM JDK
CVE-2013-3005 (The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, ...)
	NOT-FOR-US: TFTP client in IBM AIX
CVE-2013-3004 (Directory traversal vulnerability in BIRT-Report Viewer in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-3003 (Unspecified vulnerability in SOAP Gateway in IBM IMS Enterprise Suite ...)
	NOT-FOR-US: IBM
CVE-2013-3002
	RESERVED
CVE-2013-3001
	RESERVED
CVE-2013-3000
	RESERVED
CVE-2013-2999
	RESERVED
CVE-2013-2998 (frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2013-2997 (IBM Security AppScan Enterprise before 8.7 does not invalidate the ...)
	NOT-FOR-US: IBM
CVE-2013-2996
	RESERVED
CVE-2013-2995
	RESERVED
CVE-2013-2994 (IBM WebSphere Commerce 7.0 Feature Pack 4 and Feature Pack 5 ...)
	NOT-FOR-US: IBM
CVE-2013-2993 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.7 ...)
	NOT-FOR-US: IBM
CVE-2013-2992 (The Search component in IBM WebSphere Commerce 7.0 FP4 through FP6, in ...)
	NOT-FOR-US: IBM
CVE-2013-2991
	RESERVED
CVE-2013-2990
	RESERVED
CVE-2013-2989 (The file-copying functionality in IBM Sterling Connect:Direct 3.8.00, ...)
	NOT-FOR-US: IBM
CVE-2013-2988 (Absolute path traversal vulnerability in the server in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-2987 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-2986
	RESERVED
CVE-2013-2985 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-2984 (Directory traversal vulnerability in IBM Sterling B2B Integrator 5.1 ...)
	NOT-FOR-US: IBM
CVE-2013-2983 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling ...)
	NOT-FOR-US: IBM
CVE-2013-2982 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-2981 (Directory traversal vulnerability in the Web Console in IBM Data ...)
	NOT-FOR-US: IBM Data Studio
CVE-2013-2980 (Cross-site request forgery (CSRF) vulnerability in the Web Console in ...)
	NOT-FOR-US: IBM Data Studio
CVE-2013-2979 (Directory traversal vulnerability in IBM Optim Performance Manager ...)
	NOT-FOR-US: IBM
CVE-2013-2978 (Absolute path traversal vulnerability in the server in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-2977 (Integer overflow in IBM Notes 8.5.x before 8.5.3 FP4 Interim Fix 1 and ...)
	NOT-FOR-US: IBM Notes
CVE-2013-2976 (The Administrative console in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM
CVE-2013-2975
	RESERVED
CVE-2013-2974 (The BIRT viewer in IBM Tivoli Application Dependency Discovery Manager ...)
	NOT-FOR-US: IBM Tivoli Application Dependency Discovery Manager
CVE-2013-2973
	RESERVED
CVE-2013-2972
	RESERVED
CVE-2013-2971
	RESERVED
CVE-2013-2970 (Unspecified vulnerability in IBM QRadar Security Information and Event ...)
	NOT-FOR-US: IBM
CVE-2013-2969 (Cross-site scripting (XSS) vulnerability in IBM Sterling Control ...)
	NOT-FOR-US: IBM Sterling Control Center
CVE-2013-2968 (An unspecified buffer-read method in IBM Sterling Control Center (SCC) ...)
	NOT-FOR-US: IBM Sterling Control Center
CVE-2013-2967 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-2966
	RESERVED
CVE-2013-2965
	RESERVED
CVE-2013-2964 (Buffer overflow in dsmtca in IBM Tivoli Storage Manager (TSM) through ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2013-2963
	RESERVED
CVE-2013-2962 (Buffer overflow in the Launcher in IBM WebSphere Transformation ...)
	NOT-FOR-US: IBM WebSphere Transformation Extender
CVE-2013-2961 (The internal web server in the Basic Services component in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-2960 (Buffer overflow in KDSMAIN in the Basic Services component in IBM ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-2959 (The Console in IBM InfoSphere Optim Data Growth for Oracle E-Business ...)
	NOT-FOR-US: IBM
CVE-2013-2958
	RESERVED
CVE-2013-2957 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data ...)
	NOT-FOR-US: IBM
CVE-2013-2956 (SQL injection vulnerability in the Console in IBM InfoSphere Optim ...)
	NOT-FOR-US: IBM
CVE-2013-2955 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Optim Data ...)
	NOT-FOR-US: IBM
CVE-2013-2954 (The login page in the Console in IBM InfoSphere Optim Data Growth for ...)
	NOT-FOR-US: IBM
CVE-2013-2953 (IBM InfoSphere Optim Data Growth for Oracle E-Business Suite 6.x, 7.x, ...)
	NOT-FOR-US: IBM
CVE-2013-2952
	RESERVED
CVE-2013-2951
	RESERVED
CVE-2013-2950 (CRLF injection vulnerability in IBM WebSphere Portal 6.1.0.x before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-2949
	RESERVED
CVE-2013-2948
	RESERVED
CVE-2013-2947
	RESERVED
CVE-2013-2946
	RESERVED
CVE-2013-2945 (SQL injection vulnerability in blogs/admin.php in b2evolution before ...)
	NOT-FOR-US: b2evolution
CVE-2013-2944 (strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ...)
	{DSA-2665-1}
	- strongswan 4.6.4-7
CVE-2013-2943
	RESERVED
CVE-2013-2942
	RESERVED
CVE-2013-2941
	RESERVED
CVE-2013-2940 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2939 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2938 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2937 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2936 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2935 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2934 (Citrix CloudPortal Services Manager (aka Cortex) 10.0 before ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2933 (Unspecified vulnerability in Citrix CloudPortal Services Manager (aka ...)
	NOT-FOR-US: Citrix CloudPortal Services Manager
CVE-2013-2932
	RESERVED
CVE-2013-2931 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2799-1}
	- chromium-browser 31.0.1650.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2930 (The perf_trace_event_perm function in kernel/trace/trace_event_perf.c ...)
	- linux-2.6 <not-affected> (Introduced in v3.4)
	[wheezy] - linux <not-affected> (Introduced in v3.4)
	- linux 3.11.8-1
	NOTE: Introduced by ced39002f5ea
CVE-2013-2929 (The Linux kernel before 3.12.2 does not properly use the get_dumpable ...)
	{DSA-2906-1}
	- linux-2.6 <removed>
	- linux 3.11.10-1
	[wheezy] - linux 3.2.53-2
CVE-2013-2928 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2927 (Use-after-free vulnerability in the ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2926 (Use-after-free vulnerability in the ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2925 (Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2924 (Use-after-free vulnerability in International Components for Unicode ...)
	{DSA-2786-1 DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
	- icu 4.8.1.1-13+nmu1 (bug #726477)
CVE-2013-2923 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2922 (Use-after-free vulnerability in core/html/HTMLTemplateElement.cpp in ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2921 (Double free vulnerability in the ResourceFetcher::didLoadResource ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2920 (The DoResolveRelativeHost function in url/url_canon_relative.cc in ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2919 (Google V8, as used in Google Chrome before 30.0.1599.66, allows remote ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <unfixed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2918 (Use-after-free vulnerability in the ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2917 (The ReverbConvolverStage::ReverbConvolverStage function in ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2916 (Blink, as used in Google Chrome before 30.0.1599.66, allows remote ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2915 (Google Chrome before 30.0.1599.66 preserves pending NavigationEntry ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2914 (Use-after-free vulnerability in the color-chooser dialog in Google ...)
	- chromium-browser <not-affected> (windows-specific issue)
CVE-2013-2913 (Use-after-free vulnerability in the XMLDocumentParser::append function ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2912 (Use-after-free vulnerability in the PepperInProcessRouter::SendToHost ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2911 (Use-after-free vulnerability in the XSLStyleSheet::compileStyleSheet ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2910 (Use-after-free vulnerability in ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2909 (Use-after-free vulnerability in Blink, as used in Google Chrome before ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2908 (Google Chrome before 30.0.1599.66 uses incorrect function calls to ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2907 (The Window.prototype object implementation in Google Chrome before ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2906 (Multiple race conditions in the Web Audio implementation in Blink, as ...)
	{DSA-2785-1}
	- chromium-browser 30.0.1599.101-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2905 (The SharedMemory::Create function in memory/shared_memory_posix.cc in ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2904 (Use-after-free vulnerability in the Document::finishedParsing function ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2903 (Use-after-free vulnerability in the ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2902 (Use-after-free vulnerability in the XSLT ProcessingInstruction ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt <not-affected> (according to https://chromiumcodereview.appspot.com/20856002 this is an issue on chromium's side of xslt handling)
CVE-2013-2901 (Multiple integer overflows in (1) libGLESv2/renderer/Renderer9.cpp and ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2900 (The FilePath::ReferencesParent function in files/file_path.cc in ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2899 (drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) ...)
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <not-affected> (driver introduced in 2.6.35)
CVE-2013-2898 (drivers/hid/hid-sensor-hub.c in the Human Interface Device (HID) ...)
	- linux 3.10.11-1 (low)
	[wheezy] - linux <not-affected> (driver introduced in 3.7)
	- linux-2.6 <not-affected> (driver introduced in 3.7)
CVE-2013-2897 (Multiple array index errors in drivers/hid/hid-multitouch.c in the ...)
	- linux 3.11.5-1 (low)
	- linux-2.6 <not-affected> (driver introduced in 2.6.38)
	[wheezy] - linux 3.2.53-1
CVE-2013-2896 (drivers/hid/hid-ntrig.c in the Human Interface Device (HID) subsystem ...)
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <not-affected> (Vulnerable feature probing code not present)
CVE-2013-2895 (drivers/hid/hid-logitech-dj.c in the Human Interface Device (HID) ...)
	- linux 3.11.5-1 (low)
	- linux-2.6 <not-affected> (driver introduced in 3.2)
	[wheezy] - linux 3.2.53-1
CVE-2013-2894 (drivers/hid/hid-lenovo-tpkbd.c in the Human Interface Device (HID) ...)
	- linux 3.11.5-1 (low)
	[wheezy] - linux <not-affected> (driver introduced in 3.6)
	- linux-2.6 <not-affected> (driver introduced in 3.6)
CVE-2013-2893 (The Human Interface Device (HID) subsystem in the Linux kernel through ...)
	{DSA-2906-1}
	- linux 3.11.5-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-2892 (drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in ...)
	{DSA-2766-1}
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <removed> (low)
CVE-2013-2891 (drivers/hid/hid-steelseries.c in the Human Interface Device (HID) ...)
	- linux 3.11.5-1 (low)
	[wheezy] - linux <not-affected> (steelseries driver introduced in 3.9)
	- linux-2.6 <not-affected> (steelseries driver introduced in 3.9)
CVE-2013-2890 (drivers/hid/hid-sony.c in the Human Interface Device (HID) subsystem ...)
	- linux <not-affected> (buzz driver introduced in 3.11 cycle, only in experimental)
	- linux-2.6 <not-affected> (buzz driver introduced in 3.11 cycle)
CVE-2013-2889 (drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem ...)
	{DSA-2906-1}
	- linux 3.11.5-1 (low)
	- linux-2.6 <removed> (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-2888 (Multiple array index errors in drivers/hid/hid-core.c in the Human ...)
	{DSA-2766-1}
	- linux 3.10.11-1
	- linux-2.6 <removed>
	[wheezy] - linux 3.2.51-1
CVE-2013-2887 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2741-1}
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2886 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2885 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2884 (Use-after-free vulnerability in the DOM implementation in Google ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2883 (Use-after-free vulnerability in Google Chrome before 28.0.1500.95 ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2882 (Google V8, as used in Google Chrome before 28.0.1500.95, allows remote ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2881 (Google Chrome before 28.0.1500.95 does not properly handle frames, ...)
	{DSA-2732-1}
	- chromium-browser 28.0.1500.95-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2880 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2879 (Google Chrome before 28.0.1500.71 does not properly determine the ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2878 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2877 (parser.c in libxml2 before 2.9.0, as used in Google Chrome before ...)
	{DSA-2779-1 DSA-2724-1}
	- libxml2 2.9.1+dfsg1-1 (bug #715531)
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2876 (browser/extensions/api/tabs/tabs_api.cc in Google Chrome before ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2875 (core/rendering/svg/SVGInlineTextBox.cpp in the SVG implementation in ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2874 (Google Chrome before 28.0.1500.71 on Windows, when an Nvidia GPU is ...)
	- chromium-browser <not-affected> (Windows-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2873 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2872 (Google Chrome before 28.0.1500.71 on Mac OS X does not ensure a ...)
	- chromium-browser <not-affected> (MacOS specific)
CVE-2013-2871 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2870 (Use-after-free vulnerability in Google Chrome before 28.0.1500.71 ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2869 (Google Chrome before 28.0.1500.71 allows remote attackers to cause a ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2868 (common/extensions/sync_helper.cc in Google Chrome before 28.0.1500.71 ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2867 (Google Chrome before 28.0.1500.71 does not properly prevent pop-under ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2866 (The Flash plug-in in Google Chrome before 27.0.1453.116, as used on ...)
	- chromium-browser <not-affected> (Flash plugin not included in Chromium)
CVE-2013-2865 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2864 (The PDF functionality in Google Chrome before 27.0.1453.110 allows ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2013-2863 (Google Chrome before 27.0.1453.110 does not properly handle SSL ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2862 (Skia, as used in Google Chrome before 27.0.1453.110, does not properly ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2861 (Use-after-free vulnerability in the SVG implementation in Google ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2860 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2859 (Google Chrome before 27.0.1453.110 allows remote attackers to bypass ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2858 (Use-after-free vulnerability in the HTML5 Audio implementation in ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2857 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2856 (Use-after-free vulnerability in Google Chrome before 27.0.1453.110 ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2855 (The Developer Tools API in Google Chrome before 27.0.1453.110 allows ...)
	{DSA-2706-1}
	- chromium-browser 27.0.1453.110-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2854 (Google Chrome before 27.0.1453.110 on Windows provides an incorrect ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2013-2853 (The HTTPS implementation in Google Chrome before 28.0.1500.71 does not ...)
	{DSA-2724-1}
	- chromium-browser 28.0.1500.71-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2852 (Format string vulnerability in the b43_request_firmware function in ...)
	{DSA-2766-1 DSA-2745-1}
	- linux 3.9.8-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-2851 (Format string vulnerability in the register_disk function in ...)
	{DSA-2766-1 DSA-2745-1}
	- linux 3.9.8-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-2850 (Heap-based buffer overflow in the iscsi_add_notunderstood_response ...)
	- linux 3.9.4-1
	- linux-2.6 <not-affected> (Introduced in 3.1)
	[wheezy] - linux 3.2.46-1
CVE-2013-2849 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2848 (The XSS Auditor in Google Chrome before 27.0.1453.93 might allow ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2847 (Race condition in the workers implementation in Google Chrome before ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2846 (Use-after-free vulnerability in the media loader in Google Chrome ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2845 (The Web Audio implementation in Google Chrome before 27.0.1453.93 ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2844 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2843 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2842 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2841 (Use-after-free vulnerability in Google Chrome before 27.0.1453.93 ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2840 (Use-after-free vulnerability in the media loader in Google Chrome ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2839 (Google Chrome before 27.0.1453.93 does not properly perform a cast of ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2838 (Google V8, as used in Google Chrome before 27.0.1453.93, allows remote ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <removed>
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2837 (Use-after-free vulnerability in the SVG implementation in Google ...)
	{DSA-2695-1}
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2836 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 27.0.1453.93-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-2835 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2834 (Google Chrome OS before 26.0.1410.57 does not properly enforce origin ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2833 (Use-after-free vulnerability in the O3D plug-in in Google Chrome OS ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2832 (The Buffer::Set function in core/cross/buffer.cc in the O3D plug-in in ...)
	NOT-FOR-US: Google Chrome OS
CVE-2013-2831
	RESERVED
CVE-2013-2830 (Use-after-free vulnerability in SumatraPDF Reader 2.x before 2.2.1 ...)
	NOT-FOR-US: SumatraPDF Reader
CVE-2013-2829 (MatrikonOPC SCADA DNP3 OPC Server 1.2.2.0 and earlier allows remote ...)
	NOT-FOR-US: MatrikonOPC SCADA DNP3 OPC Server
CVE-2013-2828 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2827 (An unspecified ActiveX control in WellinTech KingSCADA before 3.1.2, ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2013-2826 (WellinTech KingSCADA before 3.1.2, KingAlarm&amp;Event before 3.1, and ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2013-2825 (The DNP3 service in the Outstation component on Elecsys Director ...)
	NOT-FOR-US: Elecsys Director Gateway
CVE-2013-2824 (Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo ...)
	NOT-FOR-US: Schneider Electric StruxureWare SCADA Expert Vijeo Citect
CVE-2013-2823 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
	NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2822 (NovaTech Orion Substation Automation Platform OrionLX DNP Master ...)
	NOT-FOR-US: NovaTech
CVE-2013-2821 (NovaTech Orion Substation Automation Platform OrionLX DNP Master ...)
	NOT-FOR-US: NovaTech
CVE-2013-2820 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
CVE-2013-2819 (The Sierra Wireless AirLink Raven X EV-DO gateway 4221_4.0.11.003 and ...)
	NOT-FOR-US: Sierra Wireless AirLink Raven X EV-DO gateways
CVE-2013-2818 (The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 ...)
	NOT-FOR-US: e-terracontrol
CVE-2013-2817 (An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation ...)
	NOT-FOR-US: Mitsubishi Electric Automation MC-WorX Suite
CVE-2013-2816 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 ...)
	NOT-FOR-US: Cooper Power Systems
CVE-2013-2815
	REJECTED
CVE-2013-2814 (Cooper Power Systems Cybectec DNP3 Master OPC Server allows remote ...)
	NOT-FOR-US: Cooper Power Systems
CVE-2013-2813 (The DNP3 component in Cooper Power Systems SMP 4, 4/DP, and 16 ...)
	NOT-FOR-US: Cooper Power Systems
CVE-2013-2812
	RESERVED
CVE-2013-2811 (The (1) Catapult DNP3 I/O driver before 7.2.0.60 and the (2) GE ...)
	NOT-FOR-US: Catapult DNP3 I/O driver
CVE-2013-2810 (Emerson Process Management ROC800 RTU with software 3.50 and earlier, ...)
	NOT-FOR-US: Emerson
CVE-2013-2809 (The DNP Master Driver in the OSIsoft PI Interface before 3.1.2.54 for ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2808 (Heap-based buffer overflow in Xper in Philips Xper Information ...)
	NOT-FOR-US: Xper
CVE-2013-2807
	RESERVED
CVE-2013-2806
	RESERVED
CVE-2013-2805
	RESERVED
CVE-2013-2804 (The DNP Master Driver in Software Toolbox TOP Server before 5.12.140.0 ...)
	NOT-FOR-US: TOP Server OPC Server
CVE-2013-2803 (ProSoft RadioLinx ControlScape before 6.00.040 uses a deficient PRNG ...)
	NOT-FOR-US: ProSoft RadioLinx ControlScape
CVE-2013-2802 (The universal protocol implementation in Sixnet UDR before 2.0 and RTU ...)
	NOT-FOR-US: Sixnet
CVE-2013-2801 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2800 (The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows ...)
	NOT-FOR-US: OSIsoft PI Interface
CVE-2013-2799
	REJECTED
CVE-2013-2798 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2013-2797
	RESERVED
CVE-2013-2796 (Schneider Electric Vijeo Citect 7.20 and earlier, CitectSCADA 7.20 and ...)
	NOT-FOR-US: Schneider Electric Vijeo Citect
CVE-2013-2795
	REJECTED
CVE-2013-2794 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2013-2793 (Triangle MicroWorks SCADA Data Gateway 2.50.0309 through 3.00.0616, ...)
	NOT-FOR-US: Triangle MicroWorks SCADA
CVE-2013-2792 (Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories
CVE-2013-2791 (MatrikonOPC SCADA DNP3 OPC Server 1.2.0 allows remote attackers to ...)
	NOT-FOR-US: MatrikonOPC
CVE-2013-2790 (The master-station DNP3 driver before driver19.exe, and Beta2041.exe, ...)
	NOT-FOR-US: IOServer
CVE-2013-2789 (The Kepware DNP Master Driver for the KEPServerEX Communications ...)
	NOT-FOR-US: Kepware
CVE-2013-2788 (The DNP3 Slave service in SUBNET Solutions SubSTATION Server 2.7.0033 ...)
	NOT-FOR-US: SUBNET Solutions SubSTATION Server
CVE-2013-2787 (Alstom e-terracontrol 3.5, 3.6, and 3.7 allows remote attackers to ...)
	NOT-FOR-US: Alstom e-terracontrol
CVE-2013-2786 (Alstom Grid MiCOM S1 Agile before 1.0.3 and Alstom Grid MiCOM S1 ...)
	NOT-FOR-US: Alstom Grid MiCOM S1
CVE-2013-2785 (Multiple buffer overflows in CimWebServer.exe in the WebView component ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2013-2784 (Triangle Research International (aka Tri) Nano-10 PLC devices with ...)
	NOT-FOR-US: Triangle Research International
CVE-2013-2783 (The DNP3 driver in IOServer drivers 1.0.19.0 allows remote attackers ...)
	NOT-FOR-US: IOServer DNP3 drivers
CVE-2013-2782 (Schneider Electric Trio J-Series License Free Ethernet Radio with ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-2781 (Use-after-free vulnerability in the server application in 3S CODESYS ...)
	NOT-FOR-US: 3S CODESYS Gateway
CVE-2013-2780 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2013-2779 (Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-2778 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: PHP Address Book
CVE-2013-2777 (sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701839)
CVE-2013-2776 (sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701839)
CVE-2013-2775
	RESERVED
CVE-2013-2774
	RESERVED
CVE-2013-2773
	RESERVED
CVE-2013-2772
	RESERVED
CVE-2013-2771
	RESERVED
CVE-2013-2770 (The installation functionality in the Novell Kanaka component before ...)
	NOT-FOR-US: Novell Open Enterprise Server (OES) on Mac OS X
CVE-2013-2769
	RESERVED
CVE-2013-2768
	RESERVED
CVE-2013-2767 (Unspecified vulnerability in Citrix NetScaler Access Gateway ...)
	NOT-FOR-US: Citrix NetScaler Access Gateway
CVE-2013-2766 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.3.0 ...)
	NOT-FOR-US: Splunk
CVE-2013-2765 (The ModSecurity module before 2.7.4 for the Apache HTTP Server allows ...)
	- modsecurity-apache 2.6.6-9 (bug #710217)
	- libapache-mod-security <removed> (bug #710217)
	[wheezy] - modsecurity-apache 2.6.6-6+deb7u1
	[squeeze] - libapache-mod-security 2.5.12-1+squeeze2
	NOTE: https://raw.github.com/SpiderLabs/ModSecurity/master/CHANGES
	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/0840b13612a0b7ef1ce7441cf811dcfc6b463fba
CVE-2013-2764
	RESERVED
	NOT-FOR-US: Secure Entry Server
CVE-2013-2763 (** DISPUTED ** The Schneider Electric M340 PLC modules allow remote ...)
	NOT-FOR-US: Schneider Electric M340 modules
CVE-2013-2762 (The Schneider Electric Magelis XBT HMI controller has a default ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-2761 (The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-2760 (Buffer overflow in Groovy Media Player 3.2.0 allows remote attackers ...)
	NOT-FOR-US: Groovy Media Player
CVE-2013-2759
	RESERVED
CVE-2013-2758 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform ...)
	NOT-FOR-US: CloudStack
CVE-2013-2757 (Citrix CloudPlatform (formerly Citrix CloudStack) 3.0.x before 3.0.6 ...)
	NOT-FOR-US: Citrix
CVE-2013-2756 (Apache CloudStack 4.0.0 before 4.0.2 and Citrix CloudPlatform ...)
	NOT-FOR-US: CloudStack
CVE-2013-2755
	RESERVED
CVE-2013-2754 (Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS ...)
	NOT-FOR-US: Umisoft UMI.CMS
CVE-2013-2753
	RESERVED
CVE-2013-2752 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
CVE-2013-2751 (Eval injection vulnerability in frontview/lib/np_handler.pl in the ...)
	NOT-FOR-US: NETGEAR ReadyNAS RAIDiator
CVE-2013-2750 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: e107
CVE-2013-2749
	REJECTED
CVE-2013-2748
	RESERVED
CVE-2013-2747 (The password reset feature in Courion Access Risk Management Suite ...)
	NOT-FOR-US: Courion Access Risk Management Suite
CVE-2013-2746
	RESERVED
CVE-2013-2745 [SQL Injection]
	RESERVED
	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
CVE-2013-2744 (importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2743 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2742 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2741 (importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, ...)
	NOT-FOR-US: BackupBuddy plugin for WordPress
CVE-2013-2740
	RESERVED
CVE-2013-2739 [heap-based buffer overflow]
	RESERVED
	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
CVE-2013-2738 [SQL Injection]
	RESERVED
	- minidlna 1.1.2+dfsg-1 (low; bug #717131)
	NOTE: http://www.securityfocus.com/archive/1/527299/30/0
	[wheezy] - minidlna <no-dsa> (Minor issue, DLNA only used in a trusted context)
CVE-2013-2737 (A JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2736 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2735 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2734 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2733 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2732 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2731 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2730 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2729 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2728 (Adobe Flash Player before 10.3.183.86 and 11.x before 11.7.700.202 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-2727 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2726 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2725 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2724 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2723 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2722 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2721 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2720 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2719 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2718 (Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2717 (Multiple unspecified vulnerabilities in the System Management (aka ...)
	NOT-FOR-US: EMC
CVE-2012-6573 (Cross-site scripting (XSS) vulnerability in the Apache Solr ...)
	NOT-FOR-US: DRUPAL-SA-CONTRIB-2012-136
CVE-2012-6550 (Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 ...)
	- db4o <unfixed> (unimportant)
	NOTE: in doc package only
CVE-2013-2716 (Puppet Labs Puppet Enterprise before 2.8.0 does not use a &quot;randomized ...)
	NOT-FOR-US: Puppet Labs Puppet Enterprise
CVE-2013-2715 (Cross-site scripting (XSS) vulnerability in the admin view in the ...)
	NOT-FOR-US: Drupal module search_api
CVE-2013-2714
	RESERVED
CVE-2013-2713 (Cross-site request forgery (CSRF) vulnerability in users_maint.html in ...)
	NOT-FOR-US: KrisonAV
CVE-2013-2712 (Cross-site scripting (XSS) vulnerability in services/get_article.php ...)
	NOT-FOR-US: KrisonAV
CVE-2013-2711
	RESERVED
CVE-2013-2710 (Cross-site request forgery (CSRF) vulnerability in the Contextual ...)
	NOT-FOR-US: WordPress plugin Contextual Related Posts
CVE-2013-2709 (Cross-site request forgery (CSRF) vulnerability in the FourSquare ...)
	NOT-FOR-US: WordPress plugin FourSquare Checkins
CVE-2013-2708 (Cross-site request forgery (CSRF) vulnerability in the Content Slide ...)
	NOT-FOR-US: WordPress plugin Content Slide
CVE-2013-2707 (Cross-site request forgery (CSRF) vulnerability in the Login With Ajax ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-2706 (Cross-site request forgery (CSRF) vulnerability in the Stream Video ...)
	NOT-FOR-US: WordPress plugin Stream Video Player
CVE-2013-2705 (Cross-site request forgery (CSRF) vulnerability in the WordPress ...)
	NOT-FOR-US: WordPress plugin Simple Paypal Shopping Cart
CVE-2013-2704 (Cross-site request forgery (CSRF) vulnerability in the Dropdown Menu ...)
	NOT-FOR-US: WordPress plugin Dropdown Menu Widget
CVE-2013-2703 (Cross-site request forgery (CSRF) vulnerability in the Facebook ...)
	NOT-FOR-US: Facebook Members plugin for WordPres
CVE-2013-2702 (Cross-site request forgery (CSRF) vulnerability in the Easy AdSense ...)
	NOT-FOR-US: Easy AdSense Lite plugin for WordPress
CVE-2013-2701 (Cross-site request forgery (CSRF) vulnerability in the Social Sharing ...)
	NOT-FOR-US: social sharing toolkit plugin for wp
CVE-2013-2700 (Cross-site request forgery (CSRF) vulnerability in the Add/Edit page ...)
	NOT-FOR-US: WordPress plugin WP125
CVE-2013-2699 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: WordPress plugin underConstruction
CVE-2013-2698 (Cross-site request forgery (CSRF) vulnerability in the Calendar plugin ...)
	NOT-FOR-US: WordPress plugin calendar
CVE-2013-2697 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: Wordpress plugin Downloadmanager
CVE-2013-2696 (Cross-site request forgery (CSRF) vulnerability in the All in One ...)
	NOT-FOR-US: WordPress plugin All in One Webmaster
CVE-2013-2695 (Cross-site scripting (XSS) vulnerability in invite.php in the WP ...)
	NOT-FOR-US: WordPress plugin wp-symposium
CVE-2013-2694 (Open redirect vulnerability in invite.php in the WP Symposium plugin ...)
	NOT-FOR-US: WordPress plugin wp-symposium
CVE-2013-2693 (Cross-site request forgery (CSRF) vulnerability in the Options in the ...)
	NOT-FOR-US: WordPress plugin WP-Print
CVE-2013-2692 (Cross-site request forgery (CSRF) vulnerability in the Admin web ...)
	NOT-FOR-US: OpenVPN Access Server
CVE-2013-2691 (Stack-based buffer overflow in the JetMPG.ax module in jetAudio 8.0.17 ...)
	NOT-FOR-US: jetAudio
CVE-2013-2690 (SQL injection vulnerability in index.php in Synchroweb Technology ...)
	NOT-FOR-US: Synchroweb Technology SynConnect 2.0
CVE-2013-2689
	RESERVED
CVE-2013-2688 (Buffer overflow in phrelay in BlackBerry QNX Neutrino RTOS through ...)
	NOT-FOR-US: QNX Software Development Platform
CVE-2013-2687 (Stack-based buffer overflow in the bpe_decompress function in (1) ...)
	NOT-FOR-US: QNX
CVE-2013-2686 (main/http.c in the HTTP server in Asterisk Open Source 1.8.x before ...)
	- asterisk 1:1.8.13.1~dfsg-2 (bug #704114)
	[squeeze] - asterisk <not-affected> (httpd code does not read HTTP POST variables)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20967
CVE-2013-2685 (Stack-based buffer overflow in res/res_format_attr_h264.c in Asterisk ...)
	- asterisk <not-affected> (H264 code not yet present)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-20901
CVE-2013-2684
	RESERVED
CVE-2013-2683
	RESERVED
CVE-2013-2682
	RESERVED
CVE-2013-2681
	RESERVED
CVE-2013-2680
	RESERVED
CVE-2013-2679
	RESERVED
CVE-2013-2678
	RESERVED
CVE-2013-2677
	RESERVED
CVE-2013-2676
	RESERVED
CVE-2013-2675
	RESERVED
CVE-2013-2674
	RESERVED
CVE-2013-2673
	RESERVED
CVE-2013-2672
	RESERVED
CVE-2013-2671 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother ...)
	NOT-FOR-US: Brother printer
CVE-2013-2670 (Cross-site scripting (XSS) vulnerability in the Brother MFC-9970CDW ...)
	NOT-FOR-US: Brother printer
CVE-2013-2669
	RESERVED
CVE-2013-2668
	RESERVED
CVE-2013-2667
	RESERVED
CVE-2013-2666
	RESERVED
CVE-2013-2665
	RESERVED
CVE-2013-2664
	RESERVED
CVE-2013-2663
	RESERVED
CVE-2013-2662
	RESERVED
CVE-2013-2661
	RESERVED
CVE-2013-2660
	RESERVED
CVE-2013-2659
	RESERVED
CVE-2013-2658
	RESERVED
CVE-2013-2657
	RESERVED
CVE-2013-2656
	RESERVED
CVE-2013-2655
	RESERVED
CVE-2013-2654
	RESERVED
CVE-2013-2653 (security/MemberLoginForm.php in SilverStripe 3.0.3 supports login ...)
	- silverstripe <itp> (bug #528461)
CVE-2013-2652 (CRLF injection vulnerability in help/help_language.php in WebCollab ...)
	NOT-FOR-US: WebCollab
CVE-2013-2651 (Multiple cross-site scripting (XSS) vulnerabilities in BoltWire 3.5 ...)
	NOT-FOR-US: Boltwire
CVE-2013-2650
	RESERVED
CVE-2013-2649
	RESERVED
CVE-2013-2648
	RESERVED
CVE-2013-2647
	RESERVED
CVE-2013-2646
	RESERVED
CVE-2013-2645 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: TP-LINK Router
CVE-2013-2644
	REJECTED
CVE-2013-2643 (Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2013-2642 (Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2013-2641 (Directory traversal vulnerability in patience.cgi in Sophos Web ...)
	NOT-FOR-US: Sophos Web Appliance
CVE-2013-2640 (ajax.functions.php in the MailUp plugin before 1.3.2 for WordPress ...)
	NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-2639 (Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS ...)
	NOT-FOR-US: CTERA Cloud Storage OS
CVE-2013-2638
	RESERVED
CVE-2013-2637
	RESERVED
CVE-2013-2636 (net/bridge/br_mdb.c in the Linux kernel before 3.8.4 does not ...)
	- linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-2635 (The rtnl_fill_ifinfo function in net/core/rtnetlink.c in the Linux ...)
	- linux 3.2.41-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.34)
CVE-2013-2634 (net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize ...)
	{DSA-2668-1}
	- linux 3.2.41-2
	- linux-2.6 <removed>
CVE-2013-2633 (Piwik before 1.11 accepts input from a POST request instead of a GET ...)
	- piwik <itp> (bug #506933)
CVE-2013-2632 (Google V8 before 3.17.13, as used in Google Chrome before 27.0.1444.3, ...)
	- libv8 <removed>
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
	- libv8-3.14 <unfixed> (unimportant; bug #773671)
	NOTE: libv8 not covered by security support
CVE-2013-2631
	RESERVED
CVE-2013-2630 (Cross-site scripting (XSS) vulnerability in CA Service Desk Manager ...)
	NOT-FOR-US: CA Service Desk Manager
CVE-2013-2629 (Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers ...)
	NOT-FOR-US: Leed
CVE-2013-2628 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Leed
CVE-2013-2627 (SQL injection vulnerability in action.php in Leed (Light Feed), ...)
	NOT-FOR-US: Leed
CVE-2013-2626
	RESERVED
CVE-2013-2625
	RESERVED
	- otrs2 3.1.7+dfsg1-8
	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
	NOTE: DSA-2733-1
	NOTE: http://web.archive.org/web/20130716120019/http://www.otrs.com:80/en/open-source/community-news/security-advisories/security-advisory-2013-01/
CVE-2013-2624
	RESERVED
CVE-2013-2623
	RESERVED
	NOT-FOR-US: Uebimiau Webmail
CVE-2013-2622
	RESERVED
	NOT-FOR-US: Uebimiau Webmail
CVE-2013-2621
	RESERVED
	NOT-FOR-US: Uebimiau Webmail
CVE-2013-2620
	RESERVED
CVE-2013-2619 (Directory traversal vulnerability in Aspen before 0.22 allows remote ...)
	NOT-FOR-US: Aspen
CVE-2013-2618 (Cross-site scripting (XSS) vulnerability in editor.php in Network ...)
	NOT-FOR-US: Network Weathermap
CVE-2013-2617 (lib/curl.rb in the Curl Gem for Ruby allows remote attackers to ...)
	NOT-FOR-US: Ruby Curl gem
CVE-2013-2616 (lib/mini_magick.rb in the MiniMagick Gem 1.3.1 for Ruby allows remote ...)
	NOT-FOR-US: Ruby MiniMagick gem
CVE-2013-2615 (lib/entry_controller.rb in the fastreader Gem 1.0.8 for Ruby allows ...)
	NOT-FOR-US: Ruby fastreader gem
CVE-2013-2614
	RESERVED
CVE-2013-2613
	RESERVED
CVE-2013-2612
	RESERVED
CVE-2013-2611
	RESERVED
CVE-2013-2610
	RESERVED
CVE-2013-2609
	RESERVED
CVE-2013-2608
	RESERVED
CVE-2013-2607
	RESERVED
CVE-2013-2606
	RESERVED
CVE-2013-2605
	RESERVED
CVE-2013-2604 (RealNetworks GameHouse RealArcade Installer (aka ActiveMARK Game ...)
	NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2603 (The RACInstaller.StateCtrl.1 ActiveX control in InstallerDlg.dll in ...)
	NOT-FOR-US: RealNetworks GameHouse RealArcade Installer
CVE-2013-2602 (Multiple array index errors in the MyHeritage SEQueryObject ActiveX ...)
	NOT-FOR-US: MyHeritage SEQueryObject ActiveX control
CVE-2013-2601 (The NDVM in Citrix XenClient XT before 2.1.3 and 3.x before 3.1.4 ...)
	NOT-FOR-US: Citrix XenClient XT
CVE-2013-2600 [MiniUPnPd information disclosure]
	RESERVED
	- miniupnpd 1.8.20130730-1 (bug #716936)
CVE-2013-2599 (A certain Qualcomm Innovation Center (QuIC) patch to the ...)
	NOT-FOR-US: Qualcomm (Android)
CVE-2013-2598 (app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed ...)
	NOT-FOR-US: Little Kernel (bootloader)
CVE-2013-2597 (Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c ...)
	NOT-FOR-US: Android Linux kernel (affects {sound/soc/,arch/arm/mach-}msm/qdsp6v2)
	NOTE: https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
CVE-2013-2596 (Integer overflow in the fb_mmap function in drivers/video/fbmem.c in ...)
	- linux 3.9-1
	[wheezy] - linux 3.2.46-1
	NOTE: the issue comes from fbmem code from linux mainline, the exploit was just targetting motorola
	NOTE: phones that ship code that is based on the original linux code, but both are affected.
	NOTE: an exploit needs access to /dev/fb0 which is not world readable/writable on Debian
CVE-2013-2595 (The device-initialization functionality in the MSM camera driver for ...)
	NOT-FOR-US: Qualcomm MSM Camera driver
CVE-2013-2594 (SQL injection vulnerability in reports/calldiary.php in Hornbill ...)
	NOT-FOR-US: Supportworks ITSM
CVE-2013-2593
	RESERVED
CVE-2013-2592
	RESERVED
CVE-2013-2591
	RESERVED
CVE-2013-2590
	RESERVED
CVE-2013-2589
	RESERVED
CVE-2013-2588
	RESERVED
CVE-2013-2587
	RESERVED
CVE-2013-2586 (XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which ...)
	NOT-FOR-US: XAMPPP
CVE-2013-2585 (Cross-site scripting (XSS) vulnerability in Atmail Webmail Server ...)
	- atmailopen <removed>
CVE-2013-2584
	RESERVED
CVE-2013-2583 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-2582 (CRLF injection vulnerability in the redirect servlet in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-2581 (cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2580 (Unrestricted file upload vulnerability in cgi-bin/uploadfile in ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2579 (TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2578 (cgi-bin/admin/servetest in TP-Link IP Cameras TL-SC3130, TL-SC3130G, ...)
	NOT-FOR-US: TP-Link IP Cameras
CVE-2013-2577 (Buffer overflow in XnView before 2.04 allows remote attackers to ...)
	NOT-FOR-US: XnView
CVE-2013-2576 (Buffer overflow in Artweaver before 3.1.6 allows remote attackers to ...)
	NOT-FOR-US: Artweaver
CVE-2013-2575
	RESERVED
CVE-2013-2574
	RESERVED
	NOT-FOR-US: Foscam
CVE-2013-2573
	RESERVED
CVE-2013-2572
	RESERVED
CVE-2013-2571
	RESERVED
CVE-2013-2570
	RESERVED
CVE-2013-2569
	RESERVED
CVE-2013-2568
	RESERVED
CVE-2013-2567
	RESERVED
CVE-2013-2566 (The RC4 algorithm, as used in the TLS protocol and SSL protocol, has ...)
	NOTE: Generic protocol flaw in RC4
CVE-2012-6549 (The isofs_export_encode_fh function in fs/isofs/export.c in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.41-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6548 (The udf_encode_fh function in fs/udf/namei.c in the Linux kernel ...)
	{DSA-2668-1}
	- linux 3.2.41-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6547 (The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel ...)
	- linux 3.2.29-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 2.6.32-47
CVE-2012-6546 (The ATM implementation in the Linux kernel before 3.6 does not ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6545 (The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6544 (The Bluetooth protocol stack in the Linux kernel before 3.6 does not ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6543 (The l2tp_ip6_getname function in net/l2tp/l2tp_ip6.c in the Linux ...)
	- linux <not-affected> (Affected code introduced in 3.5)
	- linux-2.6 <not-affected> (Affected code introduced in 3.5)
CVE-2012-6542 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6541 (The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the ...)
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2012-6540 (The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6539 (The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 ...)
	{DSA-2668-1}
	- linux 3.2.30-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6538 (The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux ...)
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
CVE-2012-6537 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not ...)
	{DSA-2668-1}
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
CVE-2012-6536 (net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not verify ...)
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2012-XXXX [null pointer dereference]
	- chromium-browser 21.0.1180.57~r148591-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://seclists.org/fulldisclosure/2013/Mar/134
	NOTE: full disclosure post dosn't make it clear if a CVE was assigned for this or not, but it is fixed in the above version
CVE-2013-2565
	RESERVED
	NOT-FOR-US: Mambo CMS
CVE-2013-2564 (Mambo CMS 4.6.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2563 (Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2562 (Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the ...)
	NOT-FOR-US: Mambo CMS
CVE-2013-2561 (OpenFabrics ibutils 1.5.7 allows local users to overwrite arbitrary ...)
	- ibutils 1.5.7-2 (low; bug #704063)
	[squeeze] - ibutils <no-dsa> (Minor issue)
	[wheezy] - ibutils <no-dsa> (Minor issue)
CVE-2013-2560 (Directory traversal vulnerability in the web interface on Foscam ...)
	NOT-FOR-US: Foscam
CVE-2013-2559 (SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote ...)
	NOT-FOR-US: Symphony CMS
CVE-2013-2558 (Unspecified vulnerability in Microsoft Windows 8 allows remote ...)
	NOT-FOR-US: Windows 8
CVE-2013-2557 (The sandbox protection mechanism in Microsoft Internet Explorer 9 ...)
	NOT-FOR-US: Internet Explorer
CVE-2013-2556 (Unspecified vulnerability in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Windows 7
CVE-2013-2555 (Integer overflow in Adobe Flash Player before 10.3.183.75 and 11.x ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2013-2554 (Unspecified vulnerability in Microsoft Windows 7 allows attackers to ...)
	NOT-FOR-US: Windows 7
CVE-2013-2553 (Unspecified vulnerability in the kernel in Microsoft Windows 7 allows ...)
	NOT-FOR-US: Windows 7
CVE-2013-2552 (Unspecified vulnerability in Microsoft Internet Explorer 10 on Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2013-2551 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Internet Explorer
CVE-2013-2550 (Unspecified vulnerability in Adobe Reader 11.0.02 allows attackers to ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2549 (Unspecified vulnerability in Adobe Reader 11.0.02 allows remote ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-2548 (The crypto_report_one function in crypto/crypto_user.c in the report ...)
	- linux 3.2.41-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2013-2547 (The crypto_report_one function in crypto/crypto_user.c in the report ...)
	- linux 3.2.41-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2013-2546 (The report API in the crypto user configuration API in the Linux ...)
	- linux 3.2.41-1 (low)
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2013-2545
	RESERVED
CVE-2013-2544
	RESERVED
CVE-2013-2543
	RESERVED
CVE-2013-2542
	RESERVED
CVE-2013-2541
	RESERVED
CVE-2013-2540
	RESERVED
CVE-2013-2539
	RESERVED
CVE-2013-2538
	RESERVED
CVE-2013-2537
	RESERVED
CVE-2013-2536
	RESERVED
CVE-2013-2535
	RESERVED
CVE-2013-2534
	RESERVED
CVE-2013-2533
	RESERVED
CVE-2013-2532
	RESERVED
CVE-2013-2531
	RESERVED
CVE-2013-2530
	RESERVED
CVE-2013-2529
	RESERVED
CVE-2013-2528
	RESERVED
CVE-2013-2527
	RESERVED
CVE-2013-2526
	RESERVED
CVE-2013-2525
	RESERVED
CVE-2013-2524
	RESERVED
CVE-2013-2523
	RESERVED
CVE-2013-2522
	RESERVED
CVE-2013-2521
	RESERVED
CVE-2013-2520
	RESERVED
CVE-2013-2519
	RESERVED
CVE-2013-2518
	REJECTED
CVE-2013-2517
	REJECTED
CVE-2013-2516
	RESERVED
CVE-2013-2515
	RESERVED
CVE-2013-2514
	RESERVED
CVE-2013-2513
	RESERVED
CVE-2013-2512
	RESERVED
CVE-2013-2511
	RESERVED
CVE-2013-2510
	RESERVED
CVE-2013-2509
	RESERVED
CVE-2013-2508
	RESERVED
CVE-2013-2507 (Multiple cross-site scripting (XSS) vulnerabilities in the Brother ...)
	NOT-FOR-US: Brother
CVE-2013-2506 (app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before ...)
	NOT-FOR-US: Spree
CVE-2012-6535 (DjVuLibre before 3.5.25.3, as used in Evince, Sumatra PDF Reader, ...)
	{DSA-2844-1}
	- djvulibre 3.5.25.3-1
	NOTE: http://sourceforge.net/p/djvu/djvulibre-git/ci/d4f0f6d37fe6a1fb427cfa33a64ead1eff32d28e/
	NOTE: evince doesnt use an embedded version of this
CVE-2013-2505
	RESERVED
CVE-2013-2504 (Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in ...)
	NOT-FOR-US: Matrix42 Service Store
CVE-2013-2503 (Privoxy before 3.0.21 does not properly handle Proxy-Authenticate and ...)
	- privoxy 3.0.21-1 (low; bug #702896)
	[wheezy] - privoxy <no-dsa> (Minor issue)
	[squeeze] - privoxy <no-dsa> (Minor issue)
	NOTE: http://blog.c22.cc/2013/03/11/privoxy-proxy-authentication-credential-exposure-cve-2013-2503/
	NOTE: http://ijbswa.cvs.sourceforge.net/viewvc/ijbswa/current/ChangeLog?revision=1.188&view=markup
CVE-2013-2502
	RESERVED
CVE-2013-2501 (Cross-site scripting (XSS) vulnerability in the Terillion Reviews ...)
	NOT-FOR-US: Terillion Reviews plugin for Wordpress
CVE-2013-2500
	RESERVED
CVE-2013-2499
	RESERVED
CVE-2013-2498 (SQL injection vulnerability in the login page in ...)
	NOT-FOR-US: SimpleHRM
CVE-2013-2497
	RESERVED
CVE-2013-2496 (The msrle_decode_8_16_24_32 function in msrledec.c in libavcodec in ...)
	- libav 6:0.8.6-1 (bug #703200)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
CVE-2013-2495 (The iff_read_header function in iff.c in libavformat in FFmpeg through ...)
	- libav 6:0.8.6-1 (bug #703200)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
CVE-2013-2494 (libdns in ISC DHCP 4.2.x before 4.2.5-P1 allows remote name servers to ...)
	- isc-dhcp 4.2.4-6 (low; bug #704426)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u6
	[squeeze] - isc-dhcp <not-affected> (Only affects 4.2.x)
CVE-2013-2493 (The Hook_Terminate function in chrome_frame/protocol_sink_wrap.cc in ...)
	NOT-FOR-US: Google Chrome Frame plugin for Internet Explorer
CVE-2013-2492 (Stack-based buffer overflow in Firebird 2.1.3 through 2.1.5 before ...)
	{DSA-2648-1 DSA-2647-1}
	- firebird2.1 <unfixed> (bug #702735)
	- firebird2.5 2.5.2~svn+54698.ds4-2 (bug #702736)
	NOTE: http://tracker.firebirdsql.org/browse/CORE-4058
CVE-2013-2491
	RESERVED
CVE-2013-2490
	RESERVED
CVE-2013-2489
	RESERVED
CVE-2013-2488 (The DTLS dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-22.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8380
	NOTE: Versions affected: 1.8.0 to 1.8.X, 1.6.0 to 1.6.X
CVE-2013-2487 (epan/dissectors/packet-reload.c in the REsource LOcation And Discovery ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only 1.8.x series)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2486 (The dissect_diagnosticrequest function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only 1.8.x series)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-21.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8364
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2485 (The FCSP dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-20.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8359
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2484 (The CIMD dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-19.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8346
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2483 (The acn_add_dmp_data function in epan/dissectors/packet-acn.c in the ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-18.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8340
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2482 (The AMPQ dissector in Wireshark 1.6.x before 1.6.14 and 1.8.x before ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-17.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8337
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2481 (Integer signedness error in the dissect_mount_dirpath_call function in ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-16.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8335
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
	NOTE: Not suitable for code injection
CVE-2013-2480 (The RTPS and RTPS2 dissectors in Wireshark 1.6.x before 1.6.14 and ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-15.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8332
	NOTE: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2479 (The dissect_mpls_echo_tlv_dd_map function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-14.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8039
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2478 (The dissect_server_info function in epan/dissectors/packet-ms-mms.c in ...)
	{DSA-2644-1}
	- wireshark 1.8.2-5
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-13.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8382
	NOTE: announce mentions: Versions affected: 1.8.0 to 1.8.5, 1.6.0 to 1.6.13
CVE-2013-2477 (The CSN.1 dissector in Wireshark 1.8.x before 1.8.6 does not properly ...)
	- wireshark 1.8.2-5
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-12.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8383
	NOTE: Versions affected: 1.8.0 to 1.8.5
CVE-2013-2476 (The dissect_hartip function in epan/dissectors/packet-hartip.c in the ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-11.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8360
	NOTE: Versions affected: 1.8.0 to 1.8.5
	NOTE: Not suitable for code injection
CVE-2013-2475 (The TCP dissector in Wireshark 1.8.x before 1.8.6 allows remote ...)
	- wireshark 1.8.2-5
	[squeeze] - wireshark <not-affected> (only affecting 1.8.x)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2013-10.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8274
	NOTE: Versions affected: 1.8.0 to 1.8.5
CVE-2013-2474
	RESERVED
CVE-2013-2473 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2472 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2471 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2470 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2469 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2468 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2467 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 5)
	- openjdk-7 <not-affected> (Only affects Java 5)
CVE-2013-2466 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2465 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2464 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2463 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2462 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2461 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2460 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2459 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2458 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2457 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 <not-affected> (Only applies to Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2456 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2455 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2454 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2453 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-7 7u25-2.3.10-1
	- openjdk-6 6b27-1.12.6-1
CVE-2013-2452 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2451 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2450 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2449 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2722-1}
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2448 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2447 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2446 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2445 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2444 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2443 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-7 7u25-2.3.10-1
	- openjdk-6 6b27-1.12.6-1
CVE-2013-2442 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2441 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2013-2440 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2439 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Installation performed differently for Linux distros)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-2438 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2437 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2436 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-2435 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2434 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2433 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2432 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2431 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-2430 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2429 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2428 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2427 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2426 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2013-2425 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only applies to Java 7)
	- openjdk-7 <not-affected> (Installation performed differently for Linux distros)
CVE-2013-2424 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2423 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only applies to Java 7)
CVE-2013-2422 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2421 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2013-2420 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-2418 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2417 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-2416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2415 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
CVE-2013-2414 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-2413 (Unspecified vulnerability in the Siebel Enterprise Application ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2412 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-7 7u25-2.3.10-1
	- openjdk-6 6b27-1.12.6-1
CVE-2013-2411 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle Primavera Products
CVE-2013-2410 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2409 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2408 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2407 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-2406 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2405 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle Primavera Products
CVE-2013-2404 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2403 (Unspecified vulnerability in the Siebel Enterprise Application ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2401 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2400 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-2399 (Unspecified vulnerability in the Siebel Call Center component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2398 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-2397 (Unspecified vulnerability in the Oracle Retail Central Office ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-2396 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-2395 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-2394 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-2393 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-2392 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2391 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2390 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-2389 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
CVE-2013-2388 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-2387 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2386 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2385 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2384 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-2383 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-2382 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2381 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
CVE-2013-2380 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-2379 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2378 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2377 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-2376 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and ...)
	{DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2375 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-2374 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-2373 (The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x ...)
	NOT-FOR-US: TIBCO Spotfire Web Player
CVE-2013-2372 (Cross-site scripting (XSS) vulnerability in the Engine in TIBCO ...)
	NOT-FOR-US: TIBCO Spotfire Web Player
CVE-2013-2371 (The Web API in the Statistics Server in TIBCO Spotfire Statistics ...)
	NOT-FOR-US: TIBCO Spotfire Statistics
CVE-2013-2370 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-2369 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-2368 (Unspecified vulnerability in HP LoadRunner before 11.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2013-2367 (Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, ...)
	NOT-FOR-US: HP SiteScope
CVE-2013-2366 (Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch ...)
	NOT-FOR-US: HP Business Process Monitor
CVE-2013-2365 (HP Database and Middleware Automation (DMA) 10.x before 10.10, when ...)
	NOT-FOR-US: HP DMA
CVE-2013-2364 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP SMH
CVE-2013-2363 (HP System Management Homepage (SMH) before 7.2.1 allows remote ...)
	NOT-FOR-US: HP SMH
CVE-2013-2362 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP SMH
CVE-2013-2361 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP SMH
CVE-2013-2360 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP SMH
CVE-2013-2359 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP SMH
CVE-2013-2358 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP SMH
CVE-2013-2357 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP SMH
CVE-2013-2356 (HP System Management Homepage (SMH) before 7.2.1 allows remote ...)
	NOT-FOR-US: HP SMH
CVE-2013-2355 (HP System Management Homepage (SMH) before 7.2.1 allows remote ...)
	NOT-FOR-US: HP SMH
CVE-2013-2354
	REJECTED
CVE-2013-2353 (Unspecified vulnerability in HP StoreOnce D2D Backup System 1.x before ...)
	NOT-FOR-US: HP
CVE-2013-2352 (LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage ...)
	NOT-FOR-US: HP
CVE-2013-2351 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00, ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2013-2350 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: Data Protector
CVE-2013-2349 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: Data Protector
CVE-2013-2348 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: Data Protector
CVE-2013-2347 (The Backup Client Service (OmniInet.exe) in HP Storage Data Protector ...)
	NOT-FOR-US: Data Protector
CVE-2013-2346 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: Data Protector
CVE-2013-2345 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: Data Protector
CVE-2013-2344 (Unspecified vulnerability in HP Storage Data Protector 6.2X allows ...)
	NOT-FOR-US: Data Protector
CVE-2013-2343 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
	NOT-FOR-US: HP
CVE-2013-2342 (The HP StoreOnce D2D backup system with software before 3.0.0 has a ...)
	NOT-FOR-US: HP StoreOnce D2D backup system
CVE-2013-2341 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, ...)
	NOT-FOR-US: HP
CVE-2013-2340 (Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, ...)
	NOT-FOR-US: HP
CVE-2013-2339 (HP Smart Zero Core 4.3 and 4.3.1 on the t410 All-in-One Smart Zero ...)
	NOT-FOR-US: HP Smart Zero Client
CVE-2013-2338 (Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) ...)
	NOT-FOR-US: HP Integrated Lights-Out
CVE-2013-2337 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.11, ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-2336 (HP Service Manager 7.11, 9.21, 9.30, and 9.31, and ServiceCenter ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-2335 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2334 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2333 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2332 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2331 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2330 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2329 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2328 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2327 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2326 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2325 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2324 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2013-2323 (HP SQL/MX 3.0 through 3.2 on NonStop servers, when SQL/MP Objects are ...)
	NOT-FOR-US: HP
CVE-2013-2322 (HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are ...)
	NOT-FOR-US: HP
CVE-2013-2321 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...)
	NOT-FOR-US: HP Service Manager
CVE-2013-2320
	RESERVED
CVE-2013-2319 (FileMaker Pro before 12 and Pro Advanced before 12 does not verify ...)
	NOT-FOR-US: FileMaker Pro
CVE-2013-2318 (The Content Provider in the MovatwiTouch application before 1.793 and ...)
	NOT-FOR-US: MovatwiTouch
CVE-2013-2317 (The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2013-2316 (The Yahoo! Browser application 1.4.4 and earlier for Android allows ...)
	NOT-FOR-US: Yahoo! Browser application for Android
CVE-2013-2315 (data/class/pages/forgot/LC_Page_Forgot.php in LOCKON EC-CUBE 2.11.0 ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2314 (Cross-site scripting (XSS) vulnerability in the adminAuthorization ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2313 (Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2312 (Cross-site scripting (XSS) vulnerability in the shopping-cart screen ...)
	NOT-FOR-US: LOCKON EC-CUBE
CVE-2013-2311 (Cross-site scripting (XSS) vulnerability in static/js/share.js (aka ...)
	- web2py <not-affected> (Vulnerable code not present)
CVE-2013-2310 (SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP ...)
	NOT-FOR-US: SoftBank Wi-Fi Spot Configuration Software
CVE-2013-2309 (Cross-site scripting (XSS) vulnerability in the management screen in ...)
	NOT-FOR-US: OpenPNE
CVE-2013-2308 (The (1) OWA Helper and (2) OSG Lite programs in SoftBank Online ...)
	NOT-FOR-US: SoftBank Online Service Gate
CVE-2013-2307 (The Yahoo! Browser application before 1.4.3 for Android allows remote ...)
	NOT-FOR-US: Yahoo! Browser application for Android
CVE-2013-2306 (The jigbrowser+ application before 1.6.4 for Android does not properly ...)
	NOT-FOR-US: jigbrowser+ application for Android
CVE-2013-2305 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office ...)
	NOT-FOR-US: Cybozu
CVE-2013-2304 (The Sleipnir Mobile application 2.8.0 and earlier and Sleipnir Mobile ...)
	NOT-FOR-US: Sleipnir
CVE-2013-2303 (Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to ...)
	NOT-FOR-US: Sleipnir
CVE-2013-2302 (TransWARE Active! mail 6, when an external public interface is used, ...)
	NOT-FOR-US: TransWARE Active! mail
CVE-2013-2301 (The OMRON OpenWnn application before 1.3.6 for Android uses weak ...)
	NOT-FOR-US: OpenWnn application
CVE-2013-2300 (The FlickWnn (aka OpenWnn/Flick support) application 2.02 and earlier ...)
	NOT-FOR-US: FlickWnn Android App
CVE-2013-2299 (Cross-site scripting (XSS) vulnerability in Advantech WebAccess ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2013-2298 (Multiple stack-based buffer overflows in the XML parser in BOINC 7.x ...)
	- boinc 7.0.65+dfsg-1 (low)
	[wheezy] - boinc <no-dsa> (Minor issue, only exploitable by a rogue BOINC server)
	[squeeze] - boinc <no-dsa> (Minor issue, only exploitable by a rogue BOINC server)
	NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=2fea03824925cbcb976f4191f4d8321e41a4d95b
CVE-2013-2297 (Eucalyptus EuStore sets a blank root password in the default ...)
	- eucalyptus <removed>
CVE-2013-2296 (Walrus in Eucalyptus before 3.2.2 does not verify authorization for ...)
	- eucalyptus <removed> (bug #707592)
	NOTE: commit: https://github.com/eucalyptus/eucalyptus/commit/da7bb8b7c15d453e62df38eff5c12d0998e6eab1
	NOTE: https://eucalyptus.atlassian.net/browse/EUCA-3074
CVE-2013-2295
	RESERVED
CVE-2013-2294
	RESERVED
	NOT-FOR-US: ViewGit
CVE-2013-2293 (The CTransaction::FetchInputs method in bitcoind and Bitcoin-Qt before ...)
	- bitcoin 0.8.1-2 (bug #705265)
CVE-2013-2292 (bitcoind and Bitcoin-Qt 0.8.0 and earlier allow remote attackers to ...)
	- bitcoin 0.8.1-1
CVE-2013-2291
	RESERVED
CVE-2013-2290 (Cross-site scripting (XSS) vulnerability in the dashboard of the ...)
	NOT-FOR-US: Aruba Networks ArubaOS
CVE-2013-2289 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Batavi
CVE-2013-2288
	RESERVED
CVE-2013-2287 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WordPress plugin Uploader
CVE-2013-2286
	RESERVED
CVE-2013-2285
	RESERVED
CVE-2013-2284
	RESERVED
CVE-2013-2283
	RESERVED
CVE-2013-2282
	RESERVED
CVE-2013-2281
	RESERVED
CVE-2013-2280
	RESERVED
CVE-2013-2279 (CA SiteMinder Federation (FSS) 12.5, 12.0, and r6; Federation ...)
	NOT-FOR-US: CA SiteMinder
CVE-2013-2278 (Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when ...)
	NOT-FOR-US: War FTP Daemon
CVE-2013-2277 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1 (bug #703200)
CVE-2013-2276 (The avcodec_decode_audio4 function in utils.c in libavcodec in FFmpeg ...)
	- ffmpeg <not-affected> (Doesn't affect libav, specific to current ffmpeg)
	- libav <not-affected> (Doesn't affect libav, specific to current ffmpeg)
CVE-2013-2275 (The default configuration for puppet masters 0.25.0 and later in ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-2274 (Puppet 2.6.x before 2.6.18 and Puppet Enterprise 1.2.x before 1.2.7 ...)
	{DSA-2643-1}
	- puppet 2.7-1
	NOTE: Only affects puppet 2.6.x
CVE-2013-2273 (bitcoind and Bitcoin-Qt before 0.4.9rc1, 0.5.x before 0.5.8rc1, 0.6.0 ...)
	- bitcoin 0.8.1-1
CVE-2013-2272 (The penny-flooding protection mechanism in the CTxMemPool::accept ...)
	- bitcoin 0.8.1-2 (bug #705266)
CVE-2013-2271 (The D-Link DSL-2740B Gateway with firmware EU_1.0, when an active ...)
	NOT-FOR-US: D-Link DSL-2740B Gateway
CVE-2013-2270 (Cross-site scripting (XSS) vulnerability in the administration page in ...)
	NOT-FOR-US: Airvana
CVE-2013-2269 (The Sponsorship Confirmation functionality in Aruba Networks ClearPass ...)
	NOT-FOR-US: Aruba Networks ClearPass
CVE-2013-2268 (Unspecified vulnerability in the MathML implementation in WebKit in ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <not-affected> (Vulnerable code not present)
	NOTE: MathML added in chromium 24.x, disabled again in 25.x
CVE-2012-6534 (Novell Sentinel Log Manager before 1.2.0.3 allows remote attackers to ...)
	NOT-FOR-US: Novell Sentinel Log Manager
CVE-2013-2267
	RESERVED
CVE-2013-2266 (libdns in ISC BIND 9.7.x and 9.8.x before 9.8.4-P2, 9.8.5 before ...)
	{DSA-2656-1}
	- bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #704174)
CVE-2013-2265
	RESERVED
CVE-2013-2264 (The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, ...)
	- asterisk 1:1.8.13.1~dfsg-2 (low; bug #704114)
	[squeeze] - asterisk <no-dsa> (Minor information leak)
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-21013
CVE-2013-2263 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2013-2262
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-2261
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-2260
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-2259
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-2258
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-2257
	RESERVED
	NOT-FOR-US: Cryptocat
CVE-2013-2256 (OpenStack Compute (Nova) before 2013.1.3 and Havana before havana-2 ...)
	- nova 2013.1.2-3 (bug #718905)
	[wheezy] - nova <not-affected> (Affected code not present)
CVE-2013-2255 [Inconsistent and non-validating HTTPS client]
	RESERVED
	- keystone 2014.1-1
	[wheezy] - keystone <no-dsa> (Minor issue)
	- swift <not-affected> (See https://bugs.launchpad.net/keystone/+bug/1188189/comments/5)
	NOTE: Fixes for keystone: https://review.openstack.org/#/c/76476/
CVE-2013-2254 (The deepGetOrCreateNode function in ...)
	NOT-FOR-US: Apache Sling
CVE-2013-2253
	RESERVED
CVE-2013-2252
	RESERVED
CVE-2013-2251 (Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Only affect 2.x)
CVE-2013-2250 (Apache Open For Business Project (aka OFBiz) 10.04.01 through ...)
	NOT-FOR-US: Apache OFBiz
CVE-2013-2249 (mod_session_dbd.c in the mod_session_dbd module in the Apache HTTP ...)
	- apache2 2.4.6-1
	[wheezy] - apache2 <not-affected> (mod_session_dbd available apache 2.3 and later only)
	[squeeze] - apache2 <not-affected> (mod_session_dbd available apache 2.3 and later only)
CVE-2013-2248 (Multiple open redirect vulnerabilities in Apache Struts 2.0.0 through ...)
	- libstruts1.2-java <not-affected> (Only affect 2.x)
CVE-2013-2247 (The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and ...)
	NOT-FOR-US: Fast Permissions Administration Drupal contributed module
CVE-2013-2246 (mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232503
CVE-2013-2245 (rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232502
CVE-2013-2244 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moodle <not-affected> (Only affects 2.4.x and 2.5.x)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232501
CVE-2013-2243 (mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232500
CVE-2013-2242 (mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before ...)
	- moodle 2.5.1-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: https://moodle.org/mod/forum/discuss.php?d=232498
CVE-2013-2241 (modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows ...)
	- gallery3 <itp> (bug #511715)
CVE-2013-2240 (lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly ...)
	- gallery3 <itp> (bug #511715)
CVE-2013-2239 (vzkernel before 042stab080.2 in the OpenVZ modification for the Linux ...)
	{DSA-2766-1}
	- linux-2.6 <removed> (low)
	- linux <not-affected> (openvz flavour no longer included after Squeeze)
CVE-2013-2238 (Multiple buffer overflows in the switch_perform_substitution function ...)
	- freeswitch <itp> (bug #389591)
CVE-2013-2237 (The key_notify_policy_flush function in net/key/af_key.c in the Linux ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed> (low)
	- linux 3.9.4-1 (low)
	NOTE: https://github.com/torvalds/linux/commit/85dfb745ee40232876663ae206cba35f24ab2a40
CVE-2013-2236 (Stack-based buffer overflow in the new_msg_lsa_change_notify function ...)
	{DSA-2803-1}
	- quagga 0.99.22.4-1 (bug #726724)
	NOTE: http://lists.quagga.net/pipermail/quagga-dev/2013-July/010621.html
CVE-2013-2235
	RESERVED
CVE-2013-2234 (The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed>
	- linux 3.10.1-1
CVE-2013-2233 (Ansible before 1.2.1 makes it easier for remote attackers to conduct ...)
	- ansible 1.3.4+dfsg-1 (bug #714822)
	NOTE: https://github.com/ansible/ansible/issues/857
CVE-2013-2232 (The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed>
	- linux 3.10.1-1
CVE-2013-2231 (Unquoted Windows search path vulnerability in the QEMU Guest Agent ...)
	- qemu <not-affected> (Only affects win32 build)
CVE-2013-2230 (The qemu driver (qemu/qemu_driver.c) in libvirt before 1.1.1 allows ...)
	- libvirt 1.1.0-3 (bug #715559)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in with commit abf75aea)
CVE-2013-2229
	REJECTED
CVE-2013-2228 [RSA exponent of 1]
	RESERVED
	- salt 0.15.1-1
	NOTE: https://github.com/saltstack/salt/commit/e8ce66cf688b43aeb3e716e78b1af3a08e9940e3
CVE-2013-2227 [local file inclusion]
	RESERVED
	- glpi 0.83.91-1 (bug #714720; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2226 (Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow ...)
	- glpi 0.83.91-1 (bug #714720; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2225 (inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote ...)
	- glpi 0.83.91-1 (bug #714720; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2013-2224 (A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat ...)
	- linux-2.6 <not-affected> (Caused by RHEL backport)
	- linux <not-affected> (Caused by RHEL backport)
CVE-2013-2223 (GNU ZRTPCPP before 3.2.0 allows remote attackers to obtain sensitive ...)
	- libzrtpcpp 2.3.4-1 (bug #714650)
	[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
	[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2222 (Multiple stack-based buffer overflows in GNU ZRTPCPP before 3.2.0 ...)
	- libzrtpcpp 2.3.4-1 (bug #714650)
	[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
	[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2221 (Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ...)
	- libzrtpcpp 2.3.4-1 (bug #714650)
	[squeeze] - libzrtpcpp <no-dsa> (Minor issue)
	[wheezy] - libzrtpcpp <no-dsa> (Minor issue)
CVE-2013-2220 (Buffer overflow in the radius_get_vendor_attr function in the Radius ...)
	{DSA-2726-1}
	- php-radius 1.2.5-2.4 (bug #714362)
	NOTE: http://www.openwall.com/lists/oss-security/2013/06/28/2
CVE-2013-2219 (The Red Hat Directory Server before 8.2.11-13 and 389 Directory Server ...)
	- 389-ds-base 1.3.2.9-1 (bug #718325)
CVE-2013-2218 (Double free vulnerability in the virConnectListAllInterfaces method in ...)
	- libvirt 1.1.0-1 (bug #714699)
	[jessie] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
	[wheezy] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
	[squeeze] - libvirt <not-affected> (Vulnerable code introduced in 1.0.6)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=244e0b8cf15ca2ef48d82058e728656e6c4bad11
	NOTE: Vulnerable code introduced in http://libvirt.org/git/?p=libvirt.git;a=commit;h=7ac2c4fe624f30f2c8270116513fa2ddab07631f
CVE-2013-2217 (cache.py in Suds 0.4, when tempdir is set to None, allows local users ...)
	- suds 0.4.1-8 (low; bug #714340)
	[squeeze] - suds 0.3.9-1+deb6u1
	[wheezy] - suds 0.4.1-5+deb7u1
CVE-2013-2216
	RESERVED
CVE-2013-2215
	REJECTED
CVE-2013-2214 (status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does ...)
	- nagios3 3.4.1-4 (low)
	[wheezy] - nagios3 3.4.1-3+deb7u1
	[squeeze] - nagios3 <no-dsa> (disputed, minor issue)
	NOTE: Disputed issue; claimed work as designed, may be rejected
CVE-2013-2213 [KRandom::random() Small Space of Random Values]
	RESERVED
	- kdeplasma-addons <not-affected> (only affects if incomplete patch for CVE-2013-2120 is applied)
CVE-2013-2212 (The vmx_set_uc_mode function in Xen 3.3 through 4.3, when disabling ...)
	- xen 4.3.0-1 (unimportant)
	NOTE: Hardware design flaw, no software solution
	NOTE: http://xenbits.xen.org/xsa/advisory-60.html
CVE-2013-2211 (The libxenlight (libxl) toolstack library in Xen 4.0.x, 4.1.x, and ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <not-affected> (libxl not packaged in squeeze)
CVE-2013-2210 (Heap-based buffer overflow in the XML Signature Reference ...)
	{DSA-2717-1}
	- xml-security-c 1.6.1-7 (bug #714241)
	NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2210.txt
CVE-2013-2209 (Cross-site scripting (XSS) vulnerability in the auto-complete widget ...)
	NOT-FOR-US: Reviewboard (this was once in experimental, but removed later on)
CVE-2013-2208 (tpp 1.3.1 allows remote attackers to execute arbitrary commands via a ...)
	- tpp 1.3.1-3 (low; bug #706644)
	[squeeze] - tpp <no-dsa> (Minor issue)
	[wheezy] - tpp <no-dsa> (Minor issue)
CVE-2016-2856 (pt_chown in the glibc package before 2.19-18+deb8u4 on Debian jessie; ...)
	- eglibc <removed>
	[squeeze] - eglibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- glibc 2.21-1 (low)
	[jessie] - glibc 2.19-18+deb8u4
	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=09f7764882a81e13e7b5d87d715412283a6ce403
	NOTE: http://anonscm.debian.org/cgit/pkg-glibc/glibc.git/commit/?h=jessie&id=11475c083282c1582c4dd72eecfcb2b7d308c958
	NOTE: http://www.openwall.com/lists/oss-security/2016/03/07/2
CVE-2013-2207 (pt_chown in GNU C Library (aka glibc or libc6) before 2.18 does not ...)
	- eglibc <removed>
	[squeeze] - eglibc <no-dsa> (Minor issue)
	[wheezy] - eglibc <no-dsa> (Minor issue)
	- glibc 2.21-1 (low; bug #717544)
	[jessie] - glibc 2.19-18+deb8u4
	NOTE: Patch: https://sourceware.org/git/?p=glibc.git;a=commit;h=e4608715e6e1dd2adc91982fd151d5ba4f761d69
CVE-2013-2206 (The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in ...)
	{DSA-2766-1}
	- linux-2.6 <removed>
	- linux 3.9.4-1
	[wheezy] - linux 3.2.46-1
CVE-2013-2205 (The default configuration of SWFUpload in WordPress before 3.5.2 has ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2204 (moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2203 (WordPress before 3.5.2, when the uploads directory forbids write ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2202 (WordPress before 3.5.2 allows remote attackers to read arbitrary files ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2201 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2200 (WordPress before 3.5.2 does not properly check the capabilities of ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2199 (The HTTP API in WordPress before 3.5.2 allows remote attackers to send ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2198
	RESERVED
	NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2197 (The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before ...)
	NOT-FOR-US: Login Security Drupal contributed module
CVE-2013-2196 (Multiple unspecified vulnerabilities in the Elf parser (libelf) in Xen ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2195 (The Elf parser (libelf) in Xen 4.2.x and earlier allow local guest ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2194 (Multiple integer overflows in the Elf parser (libelf) in Xen 4.2.x and ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-2193 (Apache HBase 0.92.x before 0.92.3 and 0.94.x before 0.94.9, when the ...)
	NOT-FOR-US: Apache HBase
	NOTE: There was the package in unstable, but never in a release, see #630821
CVE-2013-2192 (The RPC protocol implementation in Apache Hadoop 2.x before ...)
	NOT-FOR-US: Apache Hadoop
	NOTE: There was the package in unstable, but never in a release, see 630820
CVE-2013-2191 (python-bugzilla before 0.9.0 does not validate X.509 certificates, ...)
	NOT-FOR-US: python-bugzilla
CVE-2013-2190 (The translate_hierarchy_event function in ...)
	- clutter-1.0 1.14.4-3 (low; bug #714264)
	[squeeze] - clutter-1.0 <no-dsa> (Minor issue)
	[wheezy] - clutter-1.0 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=701974
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=954054
CVE-2013-2189 (Apache OpenOffice.org (OOo) before 4.0 allows remote attackers to ...)
	- libreoffice 1:3.4.3-1 (unimportant)
	- openoffice.org 1:3.3.0-1 (unimportant)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
	NOTE: Plain crasher, not treated as security issue
CVE-2013-2188 (A certain Red Hat patch to the do_filp_open function in fs/namei.c in ...)
	- linux-2.6 <not-affected> (RHEL-specific issue)
	- linux <not-affected> (RHEL-specific issue)
CVE-2013-2187 (Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through ...)
	NOT-FOR-US: Apache Archiva
CVE-2013-2186 (The DiskFileItem class in Apache Commons FileUpload, as used in Red ...)
	{DSA-2827-1}
	- libcommons-fileupload-java 1.3-2.1 (bug #726601)
	- jenkins 1.565.3-1 (bug #763899)
CVE-2013-2185 (** DISPUTED ** The readObject method in the DiskFileItem class in ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=974813
	NOTE: http://www.openwall.com/lists/oss-security/2013/09/05/4
CVE-2013-2184 (Movable Type before 5.2.6 does not properly use the Storable::thaw ...)
	{DSA-3183-1}
	- movabletype-opensource 5.2.7+dfsg-1 (bug #712602)
	[squeeze] - movabletype-opensource <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2013/q2/568
	NOTE: http://www.movabletype.org/documentation/appendices/release-notes/movable-type-526-release-notes.html
CVE-2013-2183
	RESERVED
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2182 (The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2181 (Cross-site scripting (XSS) vulnerability in the Directory Listing ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2180
	RESERVED
	NOT-FOR-US: uk-cookie Wordpress plugin
CVE-2013-2179 (X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing ...)
	- xdm <not-affected> (Not affected when PAM is used)
	[squeeze] - xdm <not-affected> (same as above and glibc too old)
	[wheezy] - xdm <not-affected> (same as above and glibc too old)
	NOTE: http://www.openwall.com/lists/oss-security/2013/06/11/5
CVE-2013-2178 (The apache-auth.conf, apache-nohome.conf, apache-noscript.conf, and ...)
	{DSA-2708-1}
	- fail2ban 0.8.10-1
CVE-2013-2177 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...)
	NOT-FOR-US: third party drupal module (Display Suite)
CVE-2013-2176 (Unquoted Windows search path vulnerability in the Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Apt service
CVE-2013-2175 (HAProxy 1.4 before 1.4.24 and 1.5 before 1.5-dev19, when configured to ...)
	{DSA-2711-1}
	- haproxy 1.4.24-1
CVE-2013-2174 (Heap-based buffer overflow in the curl_easy_unescape function in ...)
	{DSA-2713-1}
	- curl 7.31.0-1
CVE-2013-2173 (wp-includes/class-phpass.php in WordPress 3.5.1, when a ...)
	{DSA-2718-1}
	- wordpress 3.5.2+dfsg-1 (bug #713947)
CVE-2013-2172 (jcp/xml/dsig/internal/dom/DOMCanonicalizationMethod.java in Apache ...)
	{DSA-3065-1 DLA-85-1}
	- libxml-security-java 1.5.5-2 (bug #720375)
	NOTE: http://santuario.apache.org/secadv.data/CVE-2013-2172.txt.asc
CVE-2013-2171 (The vm_map_lookup function in sys/vm/vm_map.c in the mmap ...)
	{DSA-2714-1}
	- kfreebsd-9 9.0-12 (bug #712664)
	- kfreebsd-8 <not-affected> (Only affects 9.x)
CVE-2013-2170
	REJECTED
CVE-2013-2169
	REJECTED
CVE-2013-2168 (The _dbus_printf_string_upper_bound function in ...)
	{DSA-2707-1}
	- dbus 1.6.12-1
	[squeeze] - dbus <not-affected> (Introduced in 1.4.16)
CVE-2013-2167 [middleware memcache signing bypass]
	RESERVED
	- python-keystoneclient 1:0.2.5-2 (bug #713819)
	[wheezy] - python-keystoneclient <not-affected> (Vulnerable code not present)
CVE-2013-2166 [middleware memcache encryption bypass]
	RESERVED
	- python-keystoneclient 1:0.2.5-2 (bug #713819)
	[wheezy] - python-keystoneclient <not-affected> (Vulnerable code not present)
CVE-2013-2165 (ResourceBuilderImpl.java in the RichFaces 3.x through 5.x ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-2164 (The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the ...)
	{DSA-2766-1 DSA-2745-1}
	- linux-2.6 <removed> (low)
	- linux 3.9.8-1 (low)
CVE-2013-2163 (Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to ...)
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2162 (Race condition in the post-installation script ...)
	{DSA-2818-1 DLA-75-1}
	- mysql-5.5 5.5.35+dfsg-1 (low; bug #711600)
	- mysql-5.1 <removed> (low)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, can be included in a future DSA)
CVE-2013-2161 (XML injection vulnerability in account/utils.py in OpenStack Swift ...)
	{DSA-2737-1}
	- swift 1.8.0-6 (low; bug #712202)
	[wheezy] - swift 1.4.8-2+deb7u1
CVE-2013-2160 (The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x ...)
	NOT-FOR-US: Apache CXF
CVE-2013-2159 [monkey broken authentication]
	RESERVED
	- monkey <removed>
	[squeeze] - monkey <no-dsa> (Minor issue)
CVE-2013-2158 (Cross-site request forgery (CSRF) vulnerability in the Services module ...)
	NOT-FOR-US: Services Drupal contributed modules
CVE-2013-2157 (OpenStack Keystone Folsom, Grizzly before 2013.1.3, and Havana, when ...)
	- keystone 2013.1.2-1 (bug #712160)
	[wheezy] - keystone <not-affected> (Vulnerable code not present)
CVE-2013-2156 (Heap-based buffer overflow in the Exclusive Canonicalization ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2155 (Apache Santuario XML Security for C++ (aka xml-security-c) before ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2154 (Stack-based buffer overflow in the XML Signature Reference ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2153 (The XML digital signature functionality (xsec/dsig/DSIGReference.cpp) ...)
	{DSA-2710-1}
	- xml-security-c 1.6.1-6
CVE-2013-2152 (Unquoted Windows search path vulnerability in the SPICE service, as ...)
	NOT-FOR-US: Spice service for Windows
CVE-2013-2151 (Unquoted Windows search path vulnerability in Red Hat Enterprise ...)
	NOT-FOR-US: RHEV Agent for Windows
CVE-2013-2150 (Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ...)
	- owncloud <not-affected> (affects only experimental version)
CVE-2013-2149 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.16debian-1 (bug #711517)
CVE-2013-2148 (The fill_event_metadata function in fs/notify/fanotify/fanotify_user.c ...)
	{DSA-2745-1}
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (fanotify introduced in 2.6.36)
	- linux 3.9.8-1 (low)
CVE-2013-2147 (The HP Smart Array controller disk-array driver and Compaq SMART2 ...)
	{DSA-2906-1}
	- linux-2.6 <removed> (low)
	- linux 3.11.5-1 (low)
	[wheezy] - linux 3.2.53-1
CVE-2013-2146 (arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before ...)
	- linux-2.6 <not-affected> (Introduced in 3.1)
	- linux 3.9.4-1
	[wheezy] - linux 3.2.46-1
CVE-2013-2145 (The cpansign verify functionality in the Module::Signature module ...)
	- libmodule-signature-perl 0.73-1 (bug #711239)
	[wheezy] - libmodule-signature-perl 0.68-1+deb7u1
	[squeeze] - libmodule-signature-perl 0.63-1+squeeze1
CVE-2013-2144 (Red Hat Enterprise Virtualization Manager (RHEVM) before 3.2 does not ...)
	NOT-FOR-US: RHEV Manager
CVE-2013-2143 (The users controller in Katello 1.5.0-14 and earlier, and Red Hat ...)
	NOT-FOR-US: Katello
CVE-2013-2142 (userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME ...)
	- libimobiledevice 1.1.5-0.1 (low; bug #710885)
	[squeeze] - libimobiledevice <not-affected> (Vulnerable code was introduced later)
	[wheezy] - libimobiledevice <not-affected> (Vulnerable code was introduced later)
CVE-2013-2141 (The do_tkill function in kernel/signal.c in the Linux kernel before ...)
	{DSA-2766-1 DSA-2669-1}
	- linux-2.6 <removed>
	- linux 3.9.4-1
CVE-2013-2140 (The dispatch_discard_io function in ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.10.1-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
CVE-2013-2139 (Buffer overflow in srtp.c in libsrtp in srtp 1.4.5 and earlier allows ...)
	{DSA-2840-1}
	- srtp 1.4.5~20130609~dfsg-1 (bug #711163)
CVE-2013-2138 (The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before ...)
	- gallery <not-affected> (Old 1.5 version not affected)
CVE-2013-2137 (Cross-site scripting (XSS) vulnerability in the &quot;View Log&quot; screen in ...)
	NOT-FOR-US: Apache OFBiz
CVE-2013-2136 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
	NOT-FOR-US: Apache CloudStack
CVE-2013-2135 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html
CVE-2013-2134 (Apache Struts 2 before 2.3.14.3 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: http://struts.apache.org/release/2.3.x/docs/s2-015.html
CVE-2013-2133 (The EJB invocation handler implementation in Red Hat JBossWS, as used ...)
	NOT-FOR-US: JBoss WS
CVE-2013-2132 (bson/_cbsonmodule.c in the mongo-python-driver (aka. pymongo) before ...)
	{DSA-2705-1}
	- pymongo 2.5.2-1 (bug #710597)
	[squeeze] - pymongo <not-affected> (bson module not present)
	NOTE: https://jira.mongodb.org/browse/PYTHON-532
	NOTE: https://github.com/mongodb/mongo-python-driver/commit/a060c15ef87e0f0e72974c7c0e57fe811bbd06a2
CVE-2013-2131 (Format string vulnerability in the rrdtool module 1.4.7 for Python, as ...)
	- rrdtool 1.4.8-1 (unimportant; bug #708866)
	NOTE: Non-issue, calling application need to perform sanitising
CVE-2013-2130 (ZNC 1.0 allows remote authenticated users to cause a denial of service ...)
	- znc 1.0-5 (bug #720632)
	[squeeze] - znc <not-affected> (Vulnerable code not present)
	[wheezy] - znc <not-affected> (Vulnerable code not present)
CVE-2013-2129 (Cross-site scripting (XSS) vulnerability in the Webform module 6.x-3.x ...)
	NOT-FOR-US: Webform Drupal contributed module
CVE-2013-2128 (The tcp_read_sock function in net/ipv4/tcp.c in the Linux kernel ...)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-24
	- linux 2.6.35-1~experimental.1
	NOTE: https://git.kernel.org/linus/baff42ab1494528907bf4d5870359e31711746ae
CVE-2013-2127 (Buffer overflow in the exposure correction code in LibRaw before ...)
	- libraw <not-affected> (Only affects 0.15, 0.15 was only in experimental)
	- libkdcraw <not-affected> (embeds libraw 0.14)
	- darktable <not-affected> (embeds libraw 0.14)
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
	NOTE: https://github.com/LibRaw/LibRaw/commit/2f912f5b33582961b1cdbd9fd828589f8b78f21d
CVE-2013-2126 (Multiple double free vulnerabilities in the LibRaw::unpack function in ...)
	- libraw 0.15.3-1 (low; bug #710353)
	[wheezy] - libraw <no-dsa> (Not suitable for code injection, minor issue)
	[squeeze] - libraw <not-affected> (Vulnerable code not present)
	- libkdcraw 4:4.8.4-2 (low; bug #711317)
	[wheezy] - libkdcraw <no-dsa> (Not suitable for code injection, minor issue)
	- darktable 1.2.1-2 (unimportant; bug #711316)
	NOTE: Not suitable for code injection, no security impact for an enduser application like Darktable
	- kdegraphics <removed>
	[squeeze] - kdegraphics <not-affected> (embedded version of kdcraw+libraw too old)
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/28/3
	NOTE: https://github.com/LibRaw/LibRaw/commit/19ffddb0fe1a4ffdb459b797ffcf7f490d28b5a6
CVE-2013-2125 (OpenSMTPD before 5.3.2 does not properly handle SSL sessions, which ...)
	- opensmtpd 5.3.3p1-1
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/18/8
CVE-2013-2124 (Double free vulnerability in inspect-fs.c in LibguestFS 1.20.x before ...)
	- libguestfs 1:1.20.8-1 (bug #710290)
	[wheezy] - libguestfs <not-affected> (Vulnerable code not present)
	NOTE: Introduced with commit https://github.com/libguestfs/libguestfs/commit/5a3da366268825b26b470cde35658b67c1d11cd4
CVE-2013-2123 (The Node access user reference module 6.x-3.x before 6.x-3.5 and ...)
	NOT-FOR-US: Node access user reference Drupal contributed module
CVE-2013-2122 (The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not ...)
	NOT-FOR-US: Edit Limit Drupal contributed module
CVE-2013-2121 (Eval injection vulnerability in the create method in the Bookmarks ...)
	- foreman <itp> (bug #663101)
CVE-2013-2120 [weak generated passwords]
	RESERVED
	- kdeplasma-addons 4:5.3.2-2 (low; bug #710497)
	[jessie] - kdeplasma-addons <no-dsa> (Minor issue)
	[wheezy] - kdeplasma-addons <no-dsa> (Minor issue)
	[squeeze] - kdeplasma-addons <no-dsa> (Minor issue)
	NOTE: Original fix https://projects.kde.org/projects/kde/kdeplasma-addons/repository/revisions/36a1fe49cb70f717c4a6e9eeee2c9186503a8dce not sufficient
CVE-2013-2119 (Phusion Passenger gem before 3.0.21 and 4.0.x before 4.0.5 for Ruby ...)
	- ruby-passenger 3.0.13debian-1.1 (low; bug #710351)
	[wheezy] - ruby-passenger 3.0.13debian-1+deb7u1
CVE-2013-2118 (SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 ...)
	{DSA-2694-1}
	- spip 2.1.22-1 (bug #709674)
CVE-2013-2117 (Directory traversal vulnerability in the cgit_parse_readme function in ...)
	- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2013-2116 (The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in ...)
	{DSA-2697-1}
	- gnutls26 2.12.23-5 (bug #709301)
	[squeeze] - gnutls26 <not-affected> (vulnerable code not backported)
CVE-2013-2115 (Apache Struts 2 before 2.3.14.2 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-2114 (Unrestricted file upload vulnerability in the chunk upload API in ...)
	- mediawiki 1:1.19.7+dfsg-1
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2013-2113 (The create method in app/controllers/users_controller.rb in Foreman ...)
	- foreman <itp> (bug #663101)
CVE-2013-2112 (The svnserve server in Subversion before 1.6.23 and 1.7.x before ...)
	{DSA-2703-1}
	- subversion 1.7.9-1+nmu2 (bug #711033)
	NOTE: http://subversion.apache.org/security/CVE-2013-2112-advisory.txt
CVE-2013-2111 (The IMAP functionality in Dovecot before 2.2.2 allows remote attackers ...)
	- dovecot <not-affected> (vulnerable code appeared in 2.2)
	[squeeze] - dovecot <not-affected> (vulnerable code appeared in 2.2)
	[wheezy] - dovecot  <not-affected> (vulnerable code appeared in 2.2)
CVE-2013-2110 (Heap-based buffer overflow in the php_quot_print_encode function in ...)
	- php5 5.5.0~rc3+dfsg-1
	[wheezy] - php5 <not-affected> (Vulnerable code not present)
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: https://github.com/php/php-src/commit/93e0d78ec655f59ebfa82b2c6f8486c43651c1d0
	NOTE: vulnerability introduced with commit http://git.php.net/?p=php-src.git;a=commitdiff;h=18bb426587d62f93c54c40bf8535eb8416603629
CVE-2013-2109
	RESERVED
	NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2108
	RESERVED
	NOT-FOR-US: WordPress plugin wp-cleanfix
CVE-2013-2107 (Cross-site request forgery (CSRF) vulnerability in the Mail On Update ...)
	NOT-FOR-US: WordPress plugin mail-on-update
CVE-2013-2106 [Authentication credential disclosure]
	RESERVED
	- webauth <not-affected> (vulnerable code only in 4.4.1 up to 4.5.2)
CVE-2013-2105 (The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local ...)
	NOT-FOR-US: Show In Browser Ruby Gem
CVE-2013-2104 (python-keystoneclient before 0.2.4, as used in OpenStack Keystone ...)
	- keystone <not-affected> (Vulnerable code only in experimental versions of keystone)
	[wheezy] - keystone <not-affected> (PKI token support not yet present)
	- python-keystoneclient 1:0.2.5-1
	[wheezy] - python-keystoneclient <not-affected> (vulnerable code not present)
	NOTE: Keystone Folsom fix: https://review.openstack.org/#/c/30743/
	NOTE: python-keystoneclient fix: https://review.openstack.org/#/c/30742/
	NOTE: Starting with 2013.1-1 code in keystone/middleware/auth_token.py moved to python-keystoneclient
CVE-2013-2103
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2013-2102 (The default configuration of Red Hat JBoss Portal before 6.1.0 enables ...)
	NOT-FOR-US: GateIn Portal
CVE-2013-2101
	RESERVED
	NOT-FOR-US: Katello
CVE-2013-2100 (The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage ...)
	NOT-FOR-US: Gentoo Portage binary package installer
CVE-2013-2099 (Algorithmic complexity vulnerability in the ssl.match_hostname ...)
	{DLA-1107-1}
	- python2.7 2.7.5-5 (low; bug #709066)
	[wheezy] - python2.7 <not-affected> (Backport was introduced in 2.7.3-11)
	- linkchecker 8.5-1 (low; bug #709067)
	[wheezy] - linkchecker <no-dsa> (Minor issue)
	[squeeze] - linkchecker <no-dsa> (Minor issue)
	- python3.2 <removed> (low; bug #708530)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	- python3.3 3.3.2-3 (low; bug #708530)
	- python2.6 <not-affected> (Introduced in Python 3.2)
	- python2.5 <not-affected> (Introduced in Python 3.2)
	- python3.1 <not-affected> (Introduced in Python 3.2)
	- bzr 2.6.0~bzr6574-1 (low; bug #709068)
	[squeeze] - bzr <no-dsa> (Minor issue)
	- python-urllib3 1.6-2 (low; bug #709070)
	[wheezy] - python-urllib3 <no-dsa> (Minor issue)
	- python-tornado 2.4.1-3 (low; bug #709069)
	[wheezy] - python-tornado <no-dsa> (Minor issue)
	[squeeze] - python-tornado <no-dsa> (Minor issue)
	- w3af <unfixed> (low; bug #709071)
	[jessie] - w3af <no-dsa> (Minor issue)
	[wheezy] - w3af <no-dsa> (Minor issue)
	[squeeze] - w3af <no-dsa> (Minor issue)
	- u1db 13.10-1 (low; bug #709486)
CVE-2013-2098
	REJECTED
CVE-2013-2097 [zPanel themes remote command execution as root]
	RESERVED
	NOT-FOR-US: zPanel
CVE-2013-2096 (OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify ...)
	- nova 2013.1.2-2 (low; bug #710157)
	[wheezy] - nova <no-dsa> (Minor issue)
CVE-2013-2095
	RESERVED
	NOT-FOR-US: openshift-origin-controller Ruby Gem
CVE-2013-2094 (The perf_swevent_init function in kernel/events/core.c in the Linux ...)
	{DSA-2669-1}
	- linux 3.8.11-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-2093
	RESERVED
	- dolibarr 3.3.4-1 (high)
CVE-2013-2092
	RESERVED
	- dolibarr 3.3.4-1
CVE-2013-2091
	RESERVED
	- dolibarr 3.3.4-1
CVE-2013-2090 (The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche ...)
	NOT-FOR-US: Creme Fraiche Ruby Gem
CVE-2013-2089 (Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2088 (contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 ...)
	- subversion 1.7.5-1 (unimportant)
	NOTE: 1.7.5 upstream does not ship anymore the contrib/ directory
	NOTE: both affected tools not installed into the binary packages
CVE-2013-2087 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 ...)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2013-2086 (The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote ...)
	- owncloud <not-affected> (Only owncloud 5.0.x)
CVE-2013-2085 (Directory traversal vulnerability in apps/files_trashbin/index.php in ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2084
	RESERVED
CVE-2013-2083 (The MoodleQuickForm class in lib/formslib.php in Moodle through ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
CVE-2013-2082 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245
CVE-2013-2081 (Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
CVE-2013-2080 (The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, ...)
	- moodle 2.5-1 (low)
	[squeeze] - moodle <no-dsa> (Minor issue)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
CVE-2013-2079 (mod/assign/locallib.php in the assignment module in Moodle 2.3.x ...)
	- moodle <not-affected> (Only affects 2.3 and later)
	NOTE: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38443
CVE-2013-2078 (Xen 4.0.2 through 4.0.4, 4.1.x, and 4.2.x allows local PV guest users ...)
	{DSA-3006-1}
	- xen 4.2.2-1
	[squeeze] - xen <not-affected> (No PVSAVE support in squeeze)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00000.html
CVE-2013-2077 (Xen 4.0.x, 4.1.x, and 4.2.x does not properly restrict the contents of ...)
	{DSA-3006-1}
	- xen 4.2.2-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00001.html
CVE-2013-2076 (Xen 4.0.x, 4.1.x, and 4.2.x, when running on AMD64 processors, only ...)
	{DSA-3006-1}
	- xen 4.2.2-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-06/msg00002.html
CVE-2013-2075
	RESERVED
	- chicken <not-affected> (Incomplete fix was never applied)
CVE-2013-2074 (kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows ...)
	{DLA-952-1}
	- kde4libs 4:4.10.5-1 (low; bug #707776)
	[squeeze] - kde4libs <no-dsa> (Minor issue)
	NOTE: https://bugs.kde.org/show_bug.cgi?id=319428
	NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=65d736dab592bced4410ccfa4699de89f78c96ca
	NOTE: https://cgit.kde.org/kdelibs.git/commit/?h=KDE/4.14&id=898135a59d91184692ed1bcee8bb4c6d80d6f7b9
CVE-2013-2073 (Transifex command-line client before 0.9 does not validate X.509 ...)
	- transifex-client 0.9-1 (low)
	[wheezy] - transifex-client <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2013/q2/394
CVE-2013-2072 (Buffer overflow in the Python bindings for the xc_vcpu_setaffinity ...)
	{DSA-3041-1}
	- xen 4.2.2-1 (low)
	[squeeze] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
	[wheezy] - xen <no-dsa> (Minor issue, can be postponed to the next Xen DSA)
CVE-2013-2071 (java/org/apache/catalina/core/AsyncContextImpl.java in Apache Tomcat ...)
	{DSA-2897-1}
	- tomcat7 7.0.40-1 (bug #707704)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=54178
CVE-2013-2070 (http/modules/ngx_http_proxy_module.c in nginx 1.1.4 through 1.2.8 and ...)
	{DSA-2721-1}
	- nginx 1.4.1-1 (bug #708164)
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
CVE-2013-2069 (Red Hat livecd-tools before 13.4.4, 17.x before 17.17, 18.x before ...)
	NOT-FOR-US: Red Hat livecd-tools
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/23/2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=964299
CVE-2013-2068 (Multiple directory traversal vulnerabilities in the AgentController in ...)
	NOT-FOR-US: RedHat CloudForms Management Engine
CVE-2013-2067 (java/org/apache/catalina/authenticator/FormAuthenticator.java in the ...)
	{DSA-2897-1 DSA-2725-1}
	- tomcat7 7.0.33
	- tomcat6 6.0.37
CVE-2013-2066 (Buffer overflow in X.org libXv 1.0.7 and earlier allows X servers to ...)
	{DSA-2674-1}
	- libxv 2:1.0.7-1+deb7u1
CVE-2013-2065 ((1) DL and (2) Fiddle in Ruby 1.9 before 1.9.3 patchlevel 426, and 2.0 ...)
	{DLA-235-1}
	- ruby1.9.1 1.9.3.448-1 (low)
	[wheezy] - ruby1.9.1 1.9.3.194-8.1+deb7u1
	- ruby1.8 <not-affected> (Only affects 1.9 and 2.x)
	NOTE: http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=40732
CVE-2013-2064 (Integer overflow in X.org libxcb 1.9 and earlier allows X servers to ...)
	{DSA-2686-1}
	- libxcb 1.8.1-2+deb7u1
CVE-2013-2063 (Integer overflow in X.org libXtst 1.2.1 and earlier allows X servers ...)
	{DSA-2689-1}
	- libxtst 2:1.2.1-1+deb7u1
CVE-2013-2062 (Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X ...)
	{DSA-2685-1}
	- libxp 1:1.0.1-2+deb7u1
CVE-2013-2061 (The openvpn_decrypt function in crypto.c in OpenVPN 2.3.0 and earlier, ...)
	- openvpn 2.3.1-1 (low; bug #707329)
	[squeeze] - openvpn 2.1.3-2+squeeze2
	[wheezy] - openvpn 2.2.1-8+deb7u1
	NOTE: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-f375aa67cc
CVE-2013-2060
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2013-2059 (OpenStack Identity (Keystone) Folsom 2012.2.4 and earlier, Grizzly ...)
	- keystone 2013.1.1-2 (bug #707598)
	[wheezy] - keystone 2012.1.1-13+wheezy1
	NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000099.html
CVE-2013-2058 (The host_start function in drivers/usb/chipidea/host.c in the Linux ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- linux 3.8-1
	[wheezy] - linux <not-affected> (Vulnerable code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/03/2
CVE-2013-2057
	RESERVED
	NOT-FOR-US: YaBB
CVE-2013-2056 (The Inter-Satellite Sync (ISS) operation in Red Hat Network (RHN) ...)
	NOT-FOR-US: RHN Satellite
CVE-2013-2055 (Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x ...)
	NOT-FOR-US: Apache Wicket
CVE-2013-2054 (Buffer overflow in the atodn function in strongSwan 2.0.0 through ...)
	- strongswan 4.3.4-1
	NOTE: http://download.strongswan.org/patches/11_pluto_atodn_patch/CVE-2013-2054.txt
CVE-2013-2053 (Buffer overflow in the atodn function in Openswan before 2.6.39, when ...)
	{DSA-2893-1}
	- openswan <removed> (low; bug #709144)
CVE-2013-2052 (Buffer overflow in the atodn function in libreswan 3.0 and 3.1, when ...)
	- libreswan <not-affected> (Fixed before the initial upload to Debian)
	NOTE: https://libreswan.org/security/CVE-2013-2052/CVE-2013-2052.txt
CVE-2013-2051 (The Tomcat 6 DIGEST authentication functionality as used in Red Hat ...)
	- tomcat6 <not-affected> (RedHat-specific issue)
	- tomcat7 <not-affected> (RedHat-specific issue)
CVE-2013-2050 (SQL injection vulnerability in the miq_policy controller in Red Hat ...)
	NOT-FOR-US: CloudForms Management Engine
CVE-2013-2049 (Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers ...)
	NOT-FOR-US: CloudForms Management Engine
CVE-2013-2048 (ownCloud before 5.0.6 does not properly check permissions, which ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2047 (The login page (aka index.php) in ownCloud before 5.0.6 does not ...)
	- owncloud <not-affected> (Only 5.0.x)
CVE-2013-2046 (SQL injection vulnerability in lib/bookmarks.php in ownCloud Server ...)
	- owncloud <not-affected> (Only affects 4.5.x)
CVE-2013-2045 (SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2044 (Open redirect vulnerability in the Login Page (index.php) in ownCloud ...)
	- owncloud <not-affected> (Only 5.0.x)
CVE-2013-2043 (apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before ...)
	- owncloud <not-affected> (Only 5.0.x and 4.5.x)
CVE-2013-2042 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.15debian-1
CVE-2013-2041 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x ...)
	- owncloud <not-affected> (Only affects 5.0.x)
CVE-2013-2040 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.15debian-1
CVE-2013-2039 (Directory traversal vulnerability in lib/files/view.php in ownCloud ...)
	- owncloud 4.0.15debian-1
CVE-2013-2038 (The NMEA0183 driver in gpsd before 3.9 allows remote attackers to ...)
	- gpsd 3.6-5 (bug #706665)
	[wheezy] - gpsd 3.6-4+deb7u1
	[squeeze] - gpsd <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/gpsd-dev/2013-05/msg00000.html
CVE-2013-2037 (httplib2 0.7.2, 0.8, and earlier, after an initial connection is made, ...)
	- python-httplib2 0.8-2 (low; bug #706602)
	[squeeze] - python-httplib2 <no-dsa> (Minor issue)
	[wheezy] - python-httplib2 0.7.4-2+deb7u1
	NOTE: http://openwall.com/lists/oss-security/2013/05/01/5
CVE-2013-2036 (Cross-site scripting (XSS) vulnerability in the Filebrowser module ...)
	NOT-FOR-US: Drupal module Filebrowser
CVE-2013-2035 (Race condition in ...)
	- hawtjni 1.10-1 (low; bug #708293)
	[wheezy] - hawtjni 1.0~+git0c502e20c4-3+deb7u1
CVE-2013-2034 (Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins ...)
	- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2033 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS ...)
	- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-2032 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.6-1 (low; bug #706601)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=46590
CVE-2013-2031 (MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote ...)
	{DSA-2891-1}
	- mediawiki 1:1.19.6-1 (bug #706601)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=47304
CVE-2013-2030 (keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, ...)
	- nova <not-affected> (Option not present in nova/2012.1.1)
	NOTE: http://lists.openstack.org/pipermail/openstack-announce/2013-May/000098.html
CVE-2013-2029 (nagios.upgrade_to_v3.sh, as distributed by Red Hat and possibly others ...)
	- nagios3 <not-affected> (Affected file nagios.upgrade_to_v3.sh not in Debian)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/30/8
CVE-2013-2028 (The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx ...)
	- nginx <not-affected> (Vulnerable code not present)
CVE-2013-2027 (Jython 2.2.1 uses the current umask to set the privileges of the class ...)
	[experimental] - jython 2.7.0+repack-1
	- jython 2.7.1+repack-1 (low; bug #777079)
	[stretch] - jython <ignored> (Minor issue)
	[jessie] - jython <ignored> (Minor issue)
	[wheezy] - jython <no-dsa> (Minor issue)
	[squeeze] - jython <no-dsa> (Minor issue)
	NOTE: http://bugs.jython.org/issue2044
	NOTE: The original issue seem addressed in 2.7.0+repack-1, but still files
	NOTE: might be created/written to /usr/share/jython/cachedir/packages
	NOTE: which should not be in /usr beeing a cachedir.
CVE-2013-2026
	REJECTED
CVE-2013-2025 (Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x ...)
	NOT-FOR-US: Ushahidi
CVE-2013-2024 [OS command injection vulnerability in Chicken Scheme]
	RESERVED
	- chicken 4.8.0.3-1 (bug #706525)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
	NOTE: http://lists.nongnu.org/archive/html/chicken-announce/2013-04/msg00000.html
CVE-2013-2023 (Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in ...)
	- jquery-jplayer 2.1.0-2
	NOTE: used for jPlayer 2.2.23 XSS
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2022 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- jquery-jplayer 2.1.0-2
	NOTE: https://github.com/happyworm/jPlayer/commit/c5fe17bb4459164bd59153b57248cf94b8867373
	NOTE: used for jPlayer 2.2.20 XSS
	NOTE: http://www.openwall.com/lists/oss-security/2013/05/05/3
CVE-2013-2021 (pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...)
	- clamav 0.97.8+dfsg-1
	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
CVE-2013-2020 (Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...)
	- clamav 0.97.8+dfsg-1
	[squeeze] - clamav 0.97.8+dfsg-1~squeeze1
CVE-2013-2019 (Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote ...)
	- boinc 6.13.6+dfsg-1 (low)
	[squeeze] - boinc <no-dsa> (Minor issue)
	NOTE: http://boinc.berkeley.edu/gitweb/?p=boinc-v2.git;a=commitdiff;h=9a4140ae30a72e5175f3f31646d91f2d58df7156
CVE-2013-2018 [SQL injections in the server-side scheduler code]
	RESERVED
	- boinc 7.0.65+dfsg-1 (low)
	[squeeze] - boinc <not-affected> (Vulnerable code not present)
	[wheezy] - boinc <no-dsa> (Minor issue)
	NOTE: server-maker not shipped in squeeze
CVE-2013-2017 (The veth (aka virtual Ethernet) driver in the Linux kernel before ...)
	- linux 2.6.34-1
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	NOTE: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6ec82562ffc6f297d0de36d65776cff8e5704867
	NOTE: http://marc.info/?l=linux-netdev&m=127310770900442&w=3
CVE-2013-2016 [qemu: virtio: out-of-bounds config space access]
	RESERVED
	- qemu 1.5.0+dfsg-1 (bug #710822)
	[jessie] - qemu <not-affected> (vulnerability introduced in 1.3.0)
	[wheezy] - qemu <not-affected> (vulnerability introduced in 1.3.0)
	[squeeze] - qemu <not-affected> (vulnerability introduced in 1.3.0)
	- qemu-kvm <not-affected> (vulnerability introduced in 1.3.0)
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05013.html
	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2013-04/msg05254.html
	NOTE: http://marc.info/?l=oss-security&m=136722323931507&w=2
	NOTE: Only pratically affects virtio-rng according to oss-reference (and if mmap_min_addr = 0)
CVE-2013-2015 (The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel ...)
	{DSA-2669-1 DSA-2668-1}
	- linux 3.8-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-2014 (OpenStack Identity (Keystone) before 2013.1 allows remote attackers to ...)
	- keystone 2013.1.1-2 (bug #708515)
	[wheezy] - keystone <no-dsa> (Minor issue)
CVE-2013-2013 (The user-password-update command in python-keystoneclient before 0.2.4 ...)
	- python-keystoneclient 1:0.2.5-1 (bug #709535)
	[wheezy] - python-keystoneclient 2012.1-3+deb7u1
	NOTE: https://bugs.launchpad.net/python-keystoneclient/+bug/938315
	NOTE: https://review.openstack.org/28702
CVE-2013-2012 [autojump profile will load random stuff from a directory called custom_install]
	RESERVED
	- autojump <not-affected> (vulnerable code not present for unstable)
	NOTE: experimental affected as per 21.5.1-1, see #706252
	NOTE: experimental fixed as 21.5.1-2
CVE-2013-2011
	RESERVED
	NOT-FOR-US: WP Super Cache
	NOTE: this issue exists because of an incomplete fix for CVE-2013-2009
CVE-2013-2010
	RESERVED
	NOT-FOR-US: W3 Total Cache
CVE-2013-2009
	RESERVED
	NOT-FOR-US: WP Super Cache
CVE-2013-2008
	RESERVED
	NOT-FOR-US: WP Super Cache
CVE-2013-2007 (The qemu guest agent in Qemu 1.4.1 and earlier, as used by Xen, when ...)
	- qemu <not-affected> (qemu guest agent introduced in 1.4, vulnerable versions were only in experimental)
	- qemu-kvm <not-affected> (qemu guest agent introduced in 1.4)
CVE-2013-2006 (OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode ...)
	- keystone 2013.1.1-2
	[wheezy] - keystone <no-dsa> (Minor issue)
	NOTE: https://review.openstack.org/#/c/26826/2/keystone/common/config.py
	NOTE: https://bugs.launchpad.net/keystone/+bug/1172195
CVE-2013-2005 (X.org libXt 1.1.3 and earlier does not check the return value of the ...)
	{DSA-2680-1}
	- libxt 1:1.1.3-1+deb7u1
CVE-2013-2004 (The (1) GetDatabase and (2) _XimParseStringFile functions in X.org ...)
	{DSA-2693-1}
	- libx11 2:1.5.0-1+deb7u1
CVE-2013-2003 (Integer overflow in X.org libXcursor 1.1.13 and earlier allows X ...)
	{DSA-2681-1}
	- libxcursor 1:1.1.13-1+deb7u1
CVE-2013-2002 (Buffer overflow in X.org libXt 1.1.3 and earlier allows X servers to ...)
	{DSA-2680-1}
	- libxt 1:1.1.3-1+deb7u1
CVE-2013-2001 (Buffer overflow in X.org libXxf86vm 1.1.2 and earlier allows X servers ...)
	{DSA-2692-1}
	- libxxf86vm 1:1.1.2-1+deb7u1
CVE-2013-2000 (Multiple buffer overflows in X.org libXxf86dga 1.1.3 and earlier allow ...)
	{DSA-2690-1}
	- libxxf86dga 2:1.1.3-2+deb7u1
CVE-2013-1999 (Buffer overflow in X.org libXvMC 1.0.7 and earlier allows X servers to ...)
	{DSA-2675-1}
	- libxvmc 2:1.0.8-1
CVE-2013-1998 (Multiple buffer overflows in X.org libXi 1.7.1 and earlier allow X ...)
	{DSA-2683-1}
	- libxi 2:1.6.1-1+deb7u1
CVE-2013-1997 (Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ...)
	{DSA-2693-1}
	- libx11 2:1.5.0-1+deb7u1
CVE-2013-1996 (X.org libFS 1.0.4 and earlier allows X servers to trigger allocation ...)
	{DSA-2687-1}
	- libfs 2:1.0.4-1+deb7u1
CVE-2013-1995 (X.org libXi 1.7.1 and earlier allows X servers to trigger allocation ...)
	{DSA-2683-1}
	- libxi 2:1.6.1-1+deb7u1
CVE-2013-1994 (Multiple integer overflows in X.org libchromeXvMC and libchromeXvMCPro ...)
	{DSA-2679-1}
	- xserver-xorg-video-openchrome 1:0.2.906-2+deb7u1
CVE-2013-1993 (Multiple integer overflows in X.org libGLX in Mesa 9.1.1 and earlier ...)
	{DSA-2678-1}
	- mesa 8.0.5-6
CVE-2013-1992 (Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X ...)
	{DSA-2673-1}
	- libdmx 1:1.1.2-1+deb7u1
CVE-2013-1991 (Multiple integer overflows in X.org libXxf86dga 1.1.3 and earlier ...)
	{DSA-2690-1}
	- libxxf86dga 2:1.1.3-2+deb7u1
CVE-2013-1990 (Multiple integer overflows in X.org libXvMC 1.0.7 and earlier allow X ...)
	{DSA-2675-1}
	- libxvmc 2:1.0.8-1
CVE-2013-1989 (Multiple integer overflows in X.org libXv 1.0.7 and earlier allow X ...)
	{DSA-2674-1}
	- libxv 2:1.0.7-1+deb7u1
CVE-2013-1988 (Multiple integer overflows in X.org libXRes 1.0.6 and earlier allow X ...)
	{DSA-2688-1}
	- libxres 2:1.0.6-1+deb7u1
CVE-2013-1987 (Multiple integer overflows in X.org libXrender 0.9.7 and earlier allow ...)
	{DSA-2677-1}
	- libxrender 1:0.9.7-1+deb7u1
CVE-2013-1986 (Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow ...)
	{DSA-2684-1}
	- libxrandr 2:1.3.2-2+deb7u1
CVE-2013-1985 (Integer overflow in X.org libXinerama 1.1.2 and earlier allows X ...)
	{DSA-2691-1}
	- libxinerama 2:1.1.2-1+deb7u1
CVE-2013-1984 (Multiple integer overflows in X.org libXi 1.7.1 and earlier allow X ...)
	{DSA-2683-1}
	- libxi 2:1.6.1-1+deb7u1
CVE-2013-1983 (Integer overflow in X.org libXfixes 5.0 and earlier allows X servers ...)
	{DSA-2676-1}
	- libxfixes 1:5.0-4+deb7u1
CVE-2013-1982 (Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X ...)
	{DSA-2682-1}
	- libxext 2:1.3.1-2+deb7u1
CVE-2013-1981 (Multiple integer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and ...)
	{DSA-2693-1}
	- libx11 2:1.5.0-1+deb7u1
CVE-2013-1980 (Buffer overflow in the get_dsmp function in loaders/masi_load.c in ...)
	- xmp 3.4.0-3 (low; bug #706667)
	[wheezy] - xmp <no-dsa> (Minor issue)
	[squeeze] - xmp <no-dsa> (Minor issue)
CVE-2013-1979 (The scm_set_cred function in include/net/scm.h in the Linux kernel ...)
	{DSA-2669-1}
	- linux 3.8.11-1
	- linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2013-1978 (Heap-based buffer overflow in the read_xwd_cols function in file-xwd.c ...)
	{DSA-2813-1}
	- gimp 2.8.10-0.1 (bug #731305)
CVE-2013-1977 (OpenStack devstack uses world-readable permissions for keystone.conf, ...)
	- keystone <not-affected> (permissions to /etc/keystone/keystone.conf restricted in postinst)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/19/2
CVE-2013-1976 (The (1) tomcat5, (2) tomcat6, and (3) tomcat7 init scripts, as used in ...)
	- tomcat6 <not-affected> (RedHat-specific issue)
	- tomcat7 <not-affected> (RedHat-specific issue)
CVE-2013-1975
	RESERVED
CVE-2013-1974
	RESERVED
CVE-2013-1973 (The autocomplete callback in Autocomplete Widgets for Text and Number ...)
	NOT-FOR-US: Drupal contributed module
CVE-2013-1972 (Cross-site request forgery (CSRF) vulnerability in the elFinder file ...)
	NOT-FOR-US: Drupal contributed module
CVE-2013-1971 (Cross-site scripting (XSS) vulnerability in the MP3 Player module for ...)
	NOT-FOR-US: Drupal contributed module
CVE-2013-1970
	REJECTED
CVE-2013-1969 (Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly ...)
	- libxml2 <not-affected> (Affecting only 2.9.x, see bug #705722)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=de0cc20c29cb3f056062925395e0f68d2250a46f
CVE-2013-1968 (Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote ...)
	{DSA-2703-1}
	- subversion 1.7.9-1+nmu2 (bug #711033)
	NOTE: https://subversion.apache.org/security/CVE-2013-1968-advisory.txt
CVE-2013-1967 (Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in ...)
	- owncloud <not-affected> (Vulnerable code not present)
	NOTE: oC >= 4.5 only
CVE-2013-1966 (Apache Struts 2 before 2.3.14.1 allows remote attackers to execute ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-1965 (Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2013-1964 (Xen 4.0.x and 4.1.x incorrectly releases a grant reference when ...)
	{DSA-2666-1}
	- xen 4.1.4-3
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00006.html
CVE-2013-1963 (The contacts application in ownCloud before 4.5.10 and 5.x before ...)
	- owncloud <not-affected> (Vulnerable code not present)
	NOTE: oC >= 4.5 only
CVE-2013-1962 (The remoteDispatchStoragePoolListAllVolumes function in the storage ...)
	- libvirt <not-affected> (Vulnerable code not present)
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commitdiff;h=ca697e90d5bd6a6dfb94bfb6d4438bdf9a44b739
CVE-2013-1961 (Stack-based buffer overflow in the t2p_write_pdf_page function in ...)
	{DSA-2698-1 DLA-610-1}
	- tiff 4.0.2-6+nmu1 (bug #706674)
	- tiff3 3.9.7-1 (bug #712840)
CVE-2013-1960 (Heap-based buffer overflow in the t2p_process_jpeg_strip function in ...)
	{DSA-2698-1}
	- tiff 4.0.2-6+nmu1 (bug #706675)
	- tiff3 <not-affected> (tiff command line tools not build in tiff3)
CVE-2013-1959 (kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have ...)
	- linux 3.8.11-1
	[wheezy] - linux <not-affected> (Introduced in 3.7)
	- linux-2.6 <not-affected> (Introduced in 3.7)
CVE-2013-1958 (The scm_check_creds function in net/core/scm.c in the Linux kernel ...)
	- linux 3.8.13-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users)
CVE-2013-1957 (The clone_mnt function in fs/namespace.c in the Linux kernel before ...)
	- linux 3.8.13-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users)
CVE-2013-1956 (The create_user_ns function in kernel/user_namespace.c in the Linux ...)
	- linux 3.8.11-1
	[wheezy] - linux <not-affected> (Not exploitable by unprivileged users)
	- linux-2.6 <not-affected> (Not exploitable by unprivileged users)
CVE-2013-1955 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Easy PHP Calendar
CVE-2013-1954 (The ASF Demuxer (modules/demux/asf/asf.c) in VideoLAN VLC media player ...)
	{DSA-2973-1}
	- vlc 2.0.6-1 (bug #705136)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.videolan.org/security/sa1302.html
CVE-2013-1953 (Integer underflow in the input_bmp_reader function in input-bmp.c in ...)
	- autotrace 0.31.1-16+nmu1 (low; bug #742873)
	[wheezy] - autotrace <no-dsa> (Minor issue)
	[squeeze] - autotrace <no-dsa> (Minor issue)
	- gimp 2.6.10-1
	NOTE: Gimp was fixed earlier, but only Squeeze version was checked
	NOTE: In gimp code introduced with d9c6f88141aecf956c5d721168f795de0e3027b8
	NOTE: and fixed with 57f805a159874107c6c98065f9aa648c3634b8fd
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=d9c6f88141aecf956c5d7
	NOTE: https://git.gnome.org/browse/gimp/commit/?h=57f805a159874107c6c98
CVE-2013-1952 (Xen 4.x, when using Intel VT-d for a bus mastering capable PCI device, ...)
	{DSA-2666-1}
	- xen 4.1.4-4
CVE-2013-1951
	RESERVED
	- mediawiki 1:1.19.5-1
	[squeeze] - mediawiki <end-of-life>
CVE-2013-1950 (The svc_dg_getargs function in libtirpc 0.2.3 and earlier allows ...)
	- libtirpc <not-affected> (regression code not present)
	NOTE: Regression introduced with 82cc2e6129c872c8be09381055f2fb5641c5e6fe
	NOTE: Regression fixed with a9f437119d79a438cb12e510f3cadd4060102c9f
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/22/9
CVE-2013-1949 (Social Media Widget (social-media-widget) plugin 4.0 for WordPress ...)
	NOT-FOR-US: Wordpress Social Media Widget
CVE-2013-1948 (converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent ...)
	NOT-FOR-US: Ruby gem md2pdf
CVE-2013-1947 (kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers ...)
	NOT-FOR-US: Ruby Gem kelredd-pruview
CVE-2013-1946 (The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and ...)
	NOT-FOR-US: RESTful Web Services (RESTWS) Drupal cotributed module
CVE-2013-1945
	RESERVED
	NOT-FOR-US: Red Hat specific packaging flaw of Ruby in Red Hat OpenShift Enterprise
CVE-2013-1944 (The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 ...)
	{DSA-2660-1}
	- curl 7.29.0-2.1 (bug #705274)
	[wheezy] - curl 7.26.0-1+wheezy2
	NOTE: http://curl.haxx.se/docs/adv_20130412.html
CVE-2013-1943 (The KVM subsystem in the Linux kernel before 3.0 does not check ...)
	- linux <not-affected> (RHEL-specific backport regression)
	- linux-2.6 <not-affected> (RHEL-specific backport regression)
CVE-2013-1942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- owncloud <not-affected> (Depends on libjs-jquery-jplayer)
	- jquery-jplayer 2.1.0-2
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-014/
	NOTE: https://github.com/happyworm/jPlayer/commit/e8ca190f7f972a6a421cb95f09e138720e40ed6d
CVE-2013-1941 (The installation routine in ownCloud Server before 4.0.14, 4.5.x ...)
	- owncloud 5.0.4~rc1+dfsg-1
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-015/
CVE-2013-1940 (X.Org X server before 1.13.4 and 1.4.x before 1.14.1 does not properly ...)
	{DSA-2661-1}
	- xorg-server 2:1.12.4-6
CVE-2013-1939 (The HTML\Browser plugin in SabreDAV before 1.6.9, 1.7.x before 1.7.7, ...)
	- owncloud <not-affected> (Windows version only)
	- php-sabredav <not-affected> (running in Windows hosts)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-016/
CVE-2013-1938
	RESERVED
	NOT-FOR-US: Zimbra
CVE-2013-1937 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- phpmyadmin <not-affected> (Affected are versions 3.5.0 to 3.5.7, older versions not vulnerable)
	NOTE: http://seclists.org/fulldisclosure/2013/Apr/100
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/79089c9bc02c82c15419fd9d6496b8781ae08a5a
CVE-2013-1936
	REJECTED
CVE-2013-1935 (A certain Red Hat patch to the KVM subsystem in the kernel package ...)
	- linux <not-affected> (RHEL-specific backport regression)
	- linux-2.6 <not-affected> (RHEL-specific backport regression)
CVE-2013-1934 [mantis: XSS issue in adm_config_report.php when displaying complex value]
	RESERVED
	{DSA-3120-1}
	- mantis <removed> (low; bug #717482)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1933 (The extract_from_ocr function in lib/docsplit/text_extractor.rb in the ...)
	NOT-FOR-US: Karteek Docsplit Ruby Gem
CVE-2013-1932 [mantis: XSS vulnerability on Configuration Report page]
	RESERVED
	- mantis <not-affected> (affects Mantis 1.2.13 only)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1931 [mantis: XSS vulnerability when deleting a version]
	RESERVED
	- mantis <not-affected> (affects Mantis 1.2.14 only)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1930 [mantis: Close button available to users despite workflow restrictions]
	RESERVED
	- mantis <not-affected> (affects only Mantis 1.2.12 and later)
	NOTE: http://www.openwall.com/lists/oss-security/2013/04/04/8
CVE-2013-1929 (Heap-based buffer overflow in the tg3_read_vpd function in ...)
	{DSA-2669-1 DSA-2668-1}
	- linux 3.8.11-1
	- linux-2.6 <removed>
CVE-2013-1928 (The do_video_set_spu_palette function in fs/compat_ioctl.c in the ...)
	{DSA-2668-1}
	- linux 3.2.35-1
	- linux-2.6 <removed>
CVE-2013-1927 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 allows ...)
	- icedtea-web 1.3.2-1
CVE-2013-1926 (The IcedTea-Web plugin before 1.2.3 and 1.3.x before 1.3.2 uses the ...)
	- icedtea-web 1.3.2-1
CVE-2013-1925 (The Chaos Tool Suite (ctools) module 7.x-1.x before 7.x-1.3 for Drupal ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2013-1924
	RESERVED
	NOT-FOR-US: Commerce Skrill Drupal module
CVE-2013-1923 (rpc-gssd in nfs-utils before 1.2.8 performs reverse DNS resolution for ...)
	- nfs-utils 1:1.2.8-1 (low; bug #707401)
	[squeeze] - nfs-utils <no-dsa> (Minor issue)
	[wheezy] - nfs-utils 1:1.2.6-4
CVE-2013-1922 (qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw ...)
	- xen <not-affected> (qemu-nbd-xen built, but not installed into the binary packages)
	- qemu 1.5.0+dfsg-1 (low; bug #705544)
	[squeeze] - qemu <no-dsa> (Minor issue)
	[wheezy] - qemu <no-dsa> (Minor issue)
	- xen-qemu-dm-4.0 <not-affected> (qemu-nbd not installed by the binary package)
CVE-2013-1921 (PicketBox, as used in Red Hat JBoss Enterprise Application Platform ...)
	NOT-FOR-US: Red Hat JBoss Enterprise Application Platform (Debian's jboss only provides some classes)
CVE-2013-1920 (Xen 4.2.x, 4.1.x, and earlier, when the hypervisor is running &quot;under ...)
	- xen <not-affected> (XSM not enabled in build)
	NOTE: Debian package not build with XSM_ENABLE, thus resulted binary packages not affected
CVE-2013-1919 (Xen 4.2.x and 4.1.x does not properly restrict access to IRQs, which ...)
	{DSA-2662-1}
	- xen 4.1.4-3
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00003.html
CVE-2013-1918 (Certain page table manipulation operations in Xen 4.1.x, 4.2.x, and ...)
	{DSA-2666-1}
	- xen 4.1.4-4
CVE-2013-1917 (Xen 3.1 through 4.x, when running 64-bit hosts on Intel CPUs, does not ...)
	{DSA-2662-1}
	- xen 4.1.4-3
	NOTE: http://lists.xen.org/archives/html/xen-announce/2013-04/msg00005.html
CVE-2013-1916
	RESERVED
	NOT-FOR-US: WordPress plugin
CVE-2013-1915 (ModSecurity before 2.7.3 allows remote attackers to read arbitrary ...)
	{DSA-2659-1}
	- modsecurity-apache 2.6.6-6 (bug #704625)
	- libapache-mod-security <removed>
	NOTE: https://github.com/SpiderLabs/ModSecurity/commit/d4d80b38aa85eccb26e3c61b04d16e8ca5de76fe
	NOTE: http://marc.info/?l=oss-security&m=136499182131283&w=2
CVE-2013-1914 (Stack-based buffer overflow in the getaddrinfo function in ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-2 (low; bug #704623)
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2013-1913 (Integer overflow in the load_image function in file-xwd.c in the X ...)
	{DSA-2813-1}
	- gimp 2.8.10-0.1 (bug #731305)
CVE-2013-1912 (Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through ...)
	{DSA-2711-1}
	- haproxy 1.4.23-1 (bug #704611)
	NOTE: http://git.1wt.eu/web?p=haproxy-1.4.git;a=commitdiff;h=dc80672211
CVE-2013-1911 (lib/ldoce/word.rb in the ldoce 0.0.2 gem for Ruby allows remote ...)
	NOT-FOR-US: ldoce ruby gem
CVE-2013-1910 [Not removing bad metadata and using it in next run]
	RESERVED
	- yum <unfixed> (unimportant)
	NOTE: http://yum.baseurl.org/gitweb?p=yum.git;a=commitdiff;h=c148eb10b798270b3d15087433c8efb2a79a69d0
	NOTE: Only used for bootstraps of chroots, see README.Debian
CVE-2013-1909 (The Python client in Apache Qpid before 2.2 does not verify that the ...)
	- qpid-python 0.22-1 (low; bug #714133)
	[wheezy] - qpid-python <no-dsa> (Minor issue)
CVE-2013-1908 (The Commons Wikis module before 7.x-3.1 for Drupal, as used in the ...)
	NOT-FOR-US: Drupal module
CVE-2013-1907 (The Commons Group module before 7.x-3.1 for Drupal, as used in the ...)
	NOT-FOR-US: Drupal module
CVE-2013-1906 (Cross-site scripting (XSS) vulnerability in the Rules module 7.x-2.x ...)
	NOT-FOR-US: Drupal module Rules
CVE-2013-1905 (Cross-site scripting (XSS) vulnerability in the Zero Point theme ...)
	NOT-FOR-US: Drupal theme Zero Point
CVE-2013-1904 (Absolute path traversal vulnerability in steps/mail/sendmail.inc in ...)
	- roundcube 0.7.2-9
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
CVE-2013-1903 (PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x ...)
	- postgresql-9.1 <not-affected> (installer related)
	- postgresql-8.4 <not-affected> (installer related)
CVE-2013-1902 (PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before ...)
	- postgresql-9.1 <not-affected> (installer related)
	- postgresql-8.4 <not-affected> (installer related)
CVE-2013-1901 (PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly ...)
	{DSA-2658-1}
	- postgresql-9.1 9.1.9-1
CVE-2013-1900 (PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before ...)
	{DSA-2658-1 DSA-2657-1}
	- postgresql-9.1 9.1.9-1
	- postgresql-8.4 8.4.17-1
CVE-2013-1899 (Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, ...)
	{DSA-2658-1}
	- postgresql-9.1 9.1.9-1 (bug #704479)
CVE-2013-1898 (lib/thumbshooter.rb in the Thumbshooter 0.1.5 gem for Ruby allows ...)
	NOT-FOR-US: Ruby gem Thumbshooter
CVE-2013-1897 (The do_search function in ldap/servers/slapd/search.c in 389 Directory ...)
	- 389-ds-base 1.3.2.9-1 (bug #704421)
	NOTE: http://git.fedorahosted.org/cgit/389/ds.git/commit/?h=389-ds-base-1.2.11&id=5a18c828533a670e7143327893f8171a19062286
	NOTE: https://fedorahosted.org/389/ticket/47308
CVE-2013-1896 (mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly ...)
	- apache2 2.4.6-1 (low; bug #717272)
	[wheezy] - apache2 2.2.22-13+deb7u1
	[squeeze] - apache2 2.2.16-6+squeeze12
	NOTE: http://www.gossamer-threads.com/lists/apache/announce/427633
CVE-2013-1895 [concurrency issue leading to auth bypass]
	RESERVED
	- python-bcrypt 0.4-1 (bug #704030)
	[squeeze] - python-bcrypt <not-affected> (thread support only introduced after 0.1 release)
	NOTE: https://code.google.com/p/py-bcrypt/source/detail?r=b03cc5246ea21a839fd027da5616d8d470247558
CVE-2013-1894
	REJECTED
CVE-2013-1893 (SQL injection vulnerability in addressbookprovider.php in ownCloud ...)
	- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1892 (MongoDB before 2.0.9 and 2.2.x before 2.2.4 does not properly validate ...)
	- mongodb 1:2.4.1-1 (bug #704042)
	[wheezy] - mongodb 1:2.0.6-1.1
	[squeeze] - mongodb <no-dsa> (Minor isue, Spidermonkey in Lenny is EOLed)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/25/7
CVE-2013-1891
	RESERVED
CVE-2013-1890 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
	- owncloud <not-affected> (only affecting 5.0 branch)
CVE-2013-1889
	RESERVED
	- libapache2-mod-ruid2 0.9.8-1 (low; bug #704066)
	[wheezy] - libapache2-mod-ruid2 <no-dsa> (Minor issue)
	NOTE: Fix: https://github.com/mind04/mod-ruid2/commit/1fed9dda70cd44d54301df19730a29ae0989e0a2
CVE-2013-1888 (pip before 1.3 allows local users to overwrite arbitrary files via a ...)
	- python-pip <not-affected>
	[squeeze] - python-pip <not-affected>
	NOTE: https://github.com/pypa/pip/pull/780/files
	NOTE: Not-affected as vulnerable code only in 1.3, and 1.3.1-1 fixed the issue.
CVE-2013-1887 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
	- drupal6 <not-affected> (only affects 7.x-3.x to 7.x-3.6)
	- drupal7 <not-affected> (views module not packaged)
CVE-2013-1886 (Format string vulnerability in the token processing system (pki-tps) ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2013-1885 (Multiple cross-site scripting (XSS) vulnerabilities in the token ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2013-1884 (The mod_dav_svn Apache HTTPD server module in Subversion 1.7.0 through ...)
	- subversion 1.7.9-1 (bug #704940)
	[wheezy] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
	[squeeze] - subversion <not-affected> (Subversion HTTPD servers 1.7.0 through 1.7.8 (inclusive))
	NOTE: http://bugs.debian.org/704940#32
	NOTE: http://subversion.apache.org/security/CVE-2013-1884-advisory.txt
CVE-2013-1883 (Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote ...)
	- mantis <not-affected> (only affects 1.2.12 to 1.2.14)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/21/3
CVE-2013-1882
	RESERVED
CVE-2013-1881 (GNOME libsvg before 2.39.0 allows remote attackers to read arbitrary ...)
	- librsvg 2.40.0-1 (bug #724741)
	[wheezy] - librsvg 2.36.1-2
	[squeeze] - librsvg 2.26.3-1+deb6u2
CVE-2013-1880 (Cross-site scripting (XSS) vulnerability in the Portfolio publisher ...)
	- activemq <not-affected> (portfolio demo app not shipped in Debian package)
	NOTE: https://issues.apache.org/jira/browse/AMQ-4398
CVE-2013-1879 (Cross-site scripting (XSS) vulnerability in scheduled.jsp in Apache ...)
	- activemq <not-affected> (scheduler not shipped in Debian package)
	NOTE: https://issues.apache.org/jira/browse/AMQ-4397
CVE-2013-1878
	REJECTED
CVE-2013-1877
	REJECTED
CVE-2013-1876
	REJECTED
CVE-2013-1875 (command_wrap.rb in the command_wrap Gem for Ruby allows remote ...)
	NOT-FOR-US: ruby gem command_wrap
CVE-2013-1874 (Untrusted search path vulnerability in csi in Chicken before 4.8.2 ...)
	- chicken 4.8.0.3-1 (low; bug #702410)
	[squeeze] - chicken <no-dsa> (Minor issue)
	[wheezy] - chicken <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/19/11
CVE-2013-1873 [linux kernel kernel stack memory disclosure]
	REJECTED
CVE-2013-1872 (The Intel drivers in Mesa 8.0.x and 9.0.x allow context-dependent ...)
	{DSA-2704-1}
	- mesa 8.0.5-7
	[squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2013-1871 (Cross-site scripting (XSS) vulnerability in account/EditAddress.do in ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-1870
	REJECTED
CVE-2013-1869 (CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2013-1868 (Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and ...)
	{DSA-2973-1}
	- vlc 2.0.5-1
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.videolan.org/security/sa1301.html
	NOTE: The freetype issue is a harmless NULL deref and won't be fixed
CVE-2013-1867
	RESERVED
CVE-2013-1866
	RESERVED
CVE-2013-1865 (OpenStack Keystone Folsom (2012.2) does not properly perform ...)
	- keystone <not-affected> (only affects folsom)
	NOTE: fixed in experimental with keystone/2012.2.3-2
CVE-2013-1864 (The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga ...)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/15/6
	- ekiga 4.0.1-1 (low; bug #704133)
	[wheezy] - ekiga <no-dsa> (Minor issue)
	[squeeze] - ekiga <no-dsa> (Minor issue)
CVE-2013-1863 (Samba 4.x before 4.0.4, when configured as an Active Directory domain ...)
	- samba4 <not-affected> (Debian package only uses ntvfs, see #679678)
	NOTE: http://www.samba.org/samba/history/samba-4.0.4.html
	NOTE: http://www.samba.org/samba/security/CVE-2013-1863
CVE-2013-1862 (mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server ...)
	- apache2 2.4.1-1 (unimportant)
	[wheezy] - apache2 2.2.22-13+deb7u1
	[squeeze] - apache2 2.2.16-6+squeeze12
	NOTE: Such injection issues are not treated as security issues
CVE-2013-1861 (MariaDB 5.5.x before 5.5.30, 5.3.x before 5.3.13, 5.2.x before 5.2.15, ...)
	{DSA-2818-1 DSA-2780-1}
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mysql-5.5 5.5.33+dfsg-1 (low; bug #706715)
	- mysql-5.1 <removed> (low; bug #706715)
	NOTE: https://mariadb.atlassian.net/browse/MDEV-4252
CVE-2013-1860 (Heap-based buffer overflow in the wdm_in_callback function in ...)
	{DSA-2668-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-1859 (The Node Parameter Control module 6.x-1.x for Drupal does not properly ...)
	NOT-FOR-US: Drupal module Node Parameter Control
CVE-2013-1858 (The clone system-call implementation in the Linux kernel before 3.8.3 ...)
	- linux <not-affected> (Only exploitable starting with 3.7)
	- linux-2.6 <not-affected> (Only exploitable starting with 3.7)
	NOTE: http://stealth.openwall.net/xSports/clown-newuser.c
CVE-2013-1857 (The sanitize helper in ...)
	{DSA-2655-1}
	- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
	- ruby-actionpack-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1856 (The ActiveSupport::XmlMini_JDOM backend in ...)
	- ruby-activesupport-2.3 <not-affected> (Only affects 3.x and later)
	- ruby-activesupport-3.2 3.2.6-6 (bug #703350)
	- rails <not-affected> (Only affects 3.x and later)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1855 (The sanitize_css method in ...)
	{DSA-2655-1}
	- ruby-actionpack-3.2 3.2.6-6 (bug #703349)
	- ruby-actionpack-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1854 (The Active Record component in Ruby on Rails 2.3.x before 2.3.18, ...)
	{DSA-2655-1}
	- ruby-activerecord-3.2 3.2.6-5 (bug #703348)
	- ruby-activerecord-2.3 2.3.14-6
	- ruby-activesupport-2.3 2.3.14-7
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-1853 (Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when ...)
	- almanah 0.9.1-1 (bug #702905)
	[squeeze] - almanah <not-affected> (Only affect Almanah used in combination with glib 2.32)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=695117
CVE-2013-1852 (SQL injection vulnerability in leaguemanager.php in the LeagueManager ...)
	NOT-FOR-US: WordPress plugin LeagueManager
CVE-2013-1851 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
	- owncloud 4.0.8debian-1.6 (bug #703094)
	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-010/
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1850 (Multiple incomplete blacklist vulnerabilities in (1) import.php and ...)
	- owncloud 4.0.8debian-1.6 (bug #703094)
	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-009/
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1849 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x through ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://seclists.org/fulldisclosure/2013/Mar/56
CVE-2013-1848 (fs/ext3/super.c in the Linux kernel before 3.8.4 uses incorrect ...)
	- linux 3.2.41-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/8
CVE-2013-1847 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.0 through ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://subversion.apache.org/security/CVE-2013-1847-advisory.txt
CVE-2013-1846 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://subversion.apache.org/security/CVE-2013-1846-advisory.txt
CVE-2013-1845 (The mod_dav_svn Apache HTTPD server module in Subversion 1.6.x before ...)
	{DLA-207-1}
	- subversion 1.7.9-1 (bug #704940)
	[squeeze] - subversion <no-dsa> (Minor issue)
	[wheezy] - subversion 1.6.17dfsg-4+deb7u2
	NOTE: http://subversion.apache.org/security/CVE-2013-1845-advisory.txt
CVE-2013-1844 (Cross-site scripting (XSS) vulnerability in Piwik before 1.11 allows ...)
	- piwik <itp> (bug #506933)
CVE-2013-1843 (Open redirect vulnerability in the Access tracking mechanism in TYPO3 ...)
	{DSA-2646-1}
	- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1842 (SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x ...)
	{DSA-2646-1}
	- typo3-src 4.5.19+dfsg1-5 (bug #702574)
CVE-2013-1841 (Net-Server, when the reverse-lookups option is enabled, does not check ...)
	- libnet-server-perl <unfixed> (low; bug #702914)
	[stretch] - libnet-server-perl <ignored> (Minor issue)
	[jessie] - libnet-server-perl <ignored> (Minor issue)
	[wheezy] - libnet-server-perl <ignored> (Minor issue)
	[squeeze] - libnet-server-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Ticket/Display.html?id=83909
CVE-2013-1840 (The v1 API in OpenStack Glance Essex (2012.1), Folsom (2012.2), and ...)
	- glance 2012.1.1-5 (bug #703063)
CVE-2013-1839 (The strHdrAcptLangGetItem function in errorpage.cc in Squid 3.2.x ...)
	- squid3 <not-affected> (the errors were introduced in trunk rev.11496 in 3.2.0.9)
	NOTE: According to http://seclists.org/bugtraq/2013/Mar/68 not affecting 3.1?
	NOTE: http://bazaar.launchpad.net/~squid/squid/3.2/revision/11796
CVE-2013-1838 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
	- nova 2012.1.1-15 (bug #703064)
CVE-2013-1837
	RESERVED
CVE-2013-1836 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1835 (Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1834 (notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, ...)
	- moodle 2.5-1 (low; bug #703870)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2013-1833 (Multiple cross-site scripting (XSS) vulnerabilities in the File Picker ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1832 (repository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before ...)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2013-1831 (lib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...)
	- moodle 2.5-1 (low; bug #703870)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2013-1830 (user/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x ...)
	- moodle 2.5-1 (low; bug #703870)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2013-1829 (calendar/managesubscriptions.php in Moodle 2.4.x before 2.4.2 does not ...)
	- moodle <not-affected> (Only in 2.4 to 2.4.1)
CVE-2013-1828 (The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the ...)
	- linux <not-affected> (Introduced in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.8)
CVE-2013-1827 (net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
CVE-2013-1826 (The xfrm_state_netlink function in net/xfrm/xfrm_user.c in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.32-1 (low)
	- linux-2.6 <removed> (low)
	NOTE: Probably gone since 3.2.32-1, but I checked 3.2.41-2
CVE-2013-1825
	REJECTED
CVE-2013-1824 (The SOAP parser in PHP before 5.3.22 and 5.4.x before 5.4.12 allows ...)
	{DSA-2639-1}
	- php5 5.4.4-14
	NOTE: See CVE-2013-1643
	NOTE: http://git.php.net/?p=web/php.git;a=commitdiff;h=e8432b34ee7a196a14a6e0191a00fe73b5a095e7
CVE-2013-1823 (Cross-site scripting (XSS) vulnerability in the Notifications form in ...)
	NOT-FOR-US: Katello
CVE-2013-1822 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...)
	- owncloud <not-affected> (owncloud stable4 (4.0.x) is not affected)
	NOTE: https://owncloud.org/about/security/advisories/oC-SA-2013-008/
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/14/8
CVE-2013-1821 (lib/rexml/text.rb in the REXML parser in Ruby before 1.9.3-p392 allows ...)
	{DSA-2809-1 DSA-2738-1}
	- ruby1.9.1 1.9.3.194-8.1 (bug #702525)
	- ruby1.8 1.8.7.358-7 (bug #702526)
	NOTE: http://www.ruby-lang.org/en/news/2013/02/22/rexml-dos-2013-02-22/
CVE-2013-1820
	RESERVED
	- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2013-1819 (The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel ...)
	- linux 3.8-1
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <no-dsa> (Too risky to backport, minor impact)
	[wheezy] - linux <no-dsa> (Too risky to backport, minor impact)
CVE-2013-1818 (maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote ...)
	- mediawiki <not-affected> (mwdoc-filter.php introduced in 1.20)
	NOTE: register_globals is not supported in Debian anyway, see PHP's README.Debian.security
CVE-2013-1817 [mediawiki information disclosure in unblock API]
	RESERVED
	- mediawiki 1:1.19.4-1 (bug #702305)
	[squeeze] - mediawiki <end-of-life>
CVE-2013-1816 [mediawiki insecure curl usage]
	RESERVED
	- mediawiki 1:1.19.4-1
	[squeeze] - mediawiki <end-of-life>
CVE-2013-1815 (PackStack 2012.2.3 in Red Hat OpenStack Essex and Folsom can create ...)
	NOT-FOR-US: OpenStack PackStack
CVE-2013-1814 (The users/get program in the User RPC API in Apache Rave 0.11 through ...)
	NOT-FOR-US: Apache Rave
CVE-2013-1813 (util-linux/mdev.c in BusyBox before 1.21.0 uses 0777 permissions for ...)
	- busybox 1:1.20.0-8 (low; bug #701965)
	[wheezy] - busybox <no-dsa> (Minor issue)
	[squeeze] - busybox <no-dsa> (Minor issue)
CVE-2013-1812 (The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID ...)
	- ruby-openid 2.1.8debian-6 (bug #702217)
	- libopenid-ruby <removed> (bug #702217)
	[squeeze] - libopenid-ruby 2.1.8debian-1+squeeze1
CVE-2013-1811 [Reporter can change issue status to 'new']
	RESERVED
	{DSA-3120-1}
	- mantis <removed> (low; bug #698481)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1810 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- mantis <not-affected> (only affects MantisBT 1.2.12)
CVE-2013-1809 [Gambas creates hijackable directory in /tmp]
	RESERVED
	- gambas3 3.5.1-1 (low; bug #702184)
	- gambas2 <removed>
	[wheezy] - gambas3 <no-dsa> (Minor issue)
	[squeeze] - gambas2 <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/gambas/issues/detail?id=365
CVE-2013-1808 (Cross-site scripting (XSS) vulnerability in ZeroClipboard.swf and ...)
	- db4o <unfixed> (unimportant)
	- jenkins 1.509.2+dfsg-1 (bug #706725)
CVE-2013-1807 (PHP-Fusion before 7.02.06 stores backup files with predictable ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1806 (Multiple directory traversal vulnerabilities in PHP-Fusion before ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1805
	REJECTED
CVE-2013-1804 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1803 (Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2013-1802 (The extlib gem 0.9.15 and earlier for Ruby does not properly restrict ...)
	{DLA-172-1}
	- ruby-extlib 0.9.15-3 (bug #697895)
	- libextlib-ruby <removed> (bug #697895)
CVE-2013-1801 (The httparty gem 0.9.0 and earlier for Ruby does not properly restrict ...)
	NOT-FOR-US: httparty Ruby gem
CVE-2013-1800 (The crack gem 0.3.1 and earlier for Ruby does not properly restrict ...)
	- ruby-crack 0.3.2-1
CVE-2013-1799 (Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before ...)
	- gnome-online-accounts <not-affected> (Incomplete patch wasn't applied in Debian)
CVE-2013-1798 (The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.41-2
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1797 (Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel ...)
	- linux 3.2.41-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, KVM server not supported in squeeze-lts)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1796 (The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux ...)
	{DSA-2669-1 DSA-2668-1}
	- linux 3.2.41-2
	- linux-2.6 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/9
CVE-2013-1795 (Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote ...)
	{DSA-2638-1}
	- openafs 1.6.1-3
CVE-2013-1794 (Buffer overflow in certain client utilities in OpenAFS before 1.6.2 ...)
	{DSA-2638-1}
	- openafs 1.6.1-3
CVE-2013-1793
	RESERVED
	NOT-FOR-US: openstack-utils
CVE-2013-1792 (Race condition in the install_user_keyrings function in ...)
	{DSA-2668-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-1791
	RESERVED
CVE-2013-1790 (poppler/Stream.cc in poppler before 0.22.1 allows context-dependent ...)
	{DSA-2719-1}
	- poppler 0.18.4-6 (low; bug #702071)
CVE-2013-1789 (splash/Splash.cc in poppler before 0.22.1 allows context-dependent ...)
	- poppler <not-affected> (vulnerable code introduced in a later version)
CVE-2013-1788 (poppler before 0.22.1 allows context-dependent attackers to cause a ...)
	{DSA-2719-1}
	- poppler 0.18.4-6 (low; bug #702071)
CVE-2013-1787 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1786 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1785 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1784 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1783 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1782 (Cross-site scripting (XSS) vulnerability in the Responsive Blog Theme ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1781 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1780 (Cross-site scripting (XSS) vulnerability in the Best Responsive Theme ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1779 (Cross-site scripting (XSS) vulnerability in the 3 slide gallery in the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1778 (Cross-site scripting (XSS) vulnerability in the Creative Theme 7.x-1.x ...)
	NOT-FOR-US: Drupal addon
CVE-2013-1777 (The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as ...)
	NOT-FOR-US: JMX componenent of Apache Geronimo is not packaged
CVE-2013-1776 (sudo 1.3.5 through 1.7.10 and 1.8.0 through 1.8.5, when the ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701839)
CVE-2013-1775 (sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows ...)
	{DSA-2642-1}
	- sudo 1.8.5p2-1+nmu1 (bug #701838)
	NOTE: severity depends a lot on the environment
CVE-2013-1774 (The chase_port function in drivers/usb/serial/io_ti.c in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.38-1
	- linux-2.6 <removed>
CVE-2013-1773 (Buffer overflow in the VFAT filesystem implementation in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.15-1
	- linux-2.6 <removed>
	NOTE: Probably gone since 3.2.15-1, but I checked 3.2.41-2
CVE-2013-1772 (The log_prefix function in kernel/printk.c in the Linux kernel 3.x ...)
	- linux 3.2.39-1
	- linux-2.6 <not-affected> (Vulnerability exposed since 3.0)
CVE-2013-1771 [monkey: world-readable logdir]
	RESERVED
	- monkey <removed> (low)
	[squeeze] - monkey <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/24/5
CVE-2013-1770 (Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia ...)
	- ganglia 3.6.0-1 (low; bug #700158)
	[squeeze] - ganglia <no-dsa> (Minor issue)
	[wheezy] - ganglia <no-dsa> (Minor issue)
	- ganglia-web 3.5.8-3 (bug #700159)
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: Upstream non-verified fix https://github.com/ganglia/ganglia-web/commit/552965f33bf79d41ccbec3f1f26840c8bab54ad6
CVE-2013-1769 (A certain hashing algorithm in Telepathy Gabble 0.16.x before 0.16.5 ...)
	- telepathy-gabble 0.16.5-1 (low; bug #702252)
	[squeeze] - telepathy-gabble <no-dsa> (Minor issue)
CVE-2013-1768 (The BrokerFactory functionality in Apache OpenJPA 1.x before 1.2.3 and ...)
	- openjpa 2.2.2-1 (bug #716937)
	[squeeze] - openjpa <no-dsa> (Minor issue)
	[wheezy] - openjpa <no-dsa> (Minor issue)
CVE-2013-1767 (Use-after-free vulnerability in the shmem_remount_fs function in ...)
	{DSA-2668-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-1766 (libvirt 1.0.2 and earlier sets the group owner to kvm for device ...)
	{DSA-2650-1}
	- libvirt 0.9.12-8 (bug #701649)
CVE-2013-1765 (Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in ...)
	NOT-FOR-US: WordPress plugin smart-flv
CVE-2013-1764 (The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local ...)
	- packagekit <not-affected> (Zypp backend specific to SuSE)
CVE-2013-1763 (Array index error in the __sock_diag_rcv_msg function in ...)
	- linux <not-affected> (Introduced in 3.3)
	NOTE: 3.6.9 and 3.7.8 in experimental are affected, 3.8 will be fixed.
CVE-2013-1762 (stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM ...)
	{DSA-2664-1}
	- stunnel4 3:4.53-1.1 (bug #702267)
CVE-2013-1761
	RESERVED
CVE-2013-1760
	RESERVED
CVE-2013-1759 (Cross-site scripting (XSS) vulnerability in the Responsive Logo ...)
	NOT-FOR-US: WordPress plugin responsive-logo-slideshow
CVE-2013-1758 (Cross-site scripting (XSS) vulnerability in the Marekkis Watermark ...)
	NOT-FOR-US: WordPress plugin marekkis-watermark
CVE-2013-1757
	RESERVED
CVE-2013-1756 (The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, ...)
	NOT-FOR-US: Dragonfly Ruby gem
CVE-2013-1755
	RESERVED
CVE-2013-1754
	RESERVED
CVE-2013-1753
	RESERVED
	- python2.5 <removed> (low)
	- python2.6 <removed> (low)
	- python2.7 2.7.9-1 (low; bug #742929)
	- python3.1 <removed> (low)
	- python3.2 <removed> (low)
	- python3.3 <removed> (low; bug #742928)
	- python3.4 3.4.2-4 (low; bug #742927)
	[jessie] - python3.4 <no-dsa> (Minor issue)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue16043
	NOTE: preliminary patch: http://bugs.python.org/file28796/xmlrpc_gzip_27.patch
CVE-2013-1752
	RESERVED
	- python2.5 <removed> (low)
	- python2.6 <removed> (low)
	- python2.7 2.7.9-1 (low; bug #742929)
	- python3.1 <removed> (low)
	- python3.2 <removed> (low)
	- python3.3 <removed> (low; bug #742928)
	- python3.4 3.4.1-1 (low; bug #742927)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.6 <no-dsa> (Minor issue)
	[wheezy] - python2.7 <no-dsa> (Minor issue)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	[wheezy] - python3.2 <no-dsa> (Minor issue)
	NOTE: http://marc.info/?l=oss-security&m=138816139322814&w=2
	NOTE: py27 in jessie (as of 2.7.8-11 has all fixes except the ones for smtplib and poplib
	NOTE: http://bugs.python.org/issue16041
	NOTE: http://bugs.python.org/issue16042
CVE-2013-1751
	RESERVED
	- twiki <removed>
	NOTE: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2013-1751
CVE-2013-1750 (Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 ...)
	NOT-FOR-US: RealPlayer
CVE-2013-1749 (Cross-site scripting (XSS) vulnerability in edit.php in PHP Address ...)
	NOT-FOR-US: PHP Address Book
CVE-2013-1748 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-6533 (Buffer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and ...)
	NOT-FOR-US: Symantec PGP Desktop
CVE-2013-1747 (channel.c in ngIRCd 20 and 20.1 allows remote attackers to cause a ...)
	- ngircd <not-affected> (Vulnerable version was only in experimental, introduced in 20.1-1~exp1 and fixed in 20.2-1~exp1)
CVE-2013-1746
	RESERVED
CVE-2013-1745
	RESERVED
CVE-2013-1744
	RESERVED
CVE-2013-1743 (Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in ...)
	- bugzilla <not-affected> (Only affects 4.1 to 4.4)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924932
CVE-2013-1742 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=924802
CVE-2013-1741 (Integer overflow in Mozilla Network Security Services (NSS) 3.15 ...)
	{DSA-2994-1 DLA-23-1}
	- nss 2:3.15.3-1 (bug #735105)
	[squeeze] - nss 3.12.8-1+squeeze8
	NOTE: https://hg.mozilla.org/projects/nss/rev/612d7d1eb9e7
CVE-2013-1740 (The ssl_Do1stHandshake function in sslsecur.c in libssl in Mozilla ...)
	- nss 2:3.15.4-1
	[squeeze] - nss <no-dsa> (false start disabled by default, needs to be enabled by clients)
	[wheezy] - nss <no-dsa> (false start disabled by default, needs to be enabled by clients)
	NOTE: false start must be enabled by the client (mainly browsers)
CVE-2013-1739 (Mozilla Network Security Services (NSS) before 3.15.2 does not ensure ...)
	{DSA-2790-1}
	- nss 2:3.15.2-1 (bug #726473)
	[squeeze] - nss <not-affected> (Introduced in 3.14.3)
	NOTE: https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.2_release_notes
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1012656
CVE-2013-1738 (Use-after-free vulnerability in the JS_GetGlobalForScopeChain function ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1737 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
CVE-2013-1736 (The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1735 (Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1734 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=913904
CVE-2013-1733 (Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in ...)
	- bugzilla <not-affected> (Only affects 4.4)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=911593
CVE-2013-1732 (Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1731 (Untrusted search path vulnerability in the GL tracing functionality in ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
	- iceape <not-affected> (Android-specific)
CVE-2013-1730 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1729 (The WebGL implementation in Mozilla Firefox before 24.0, when NVIDIA ...)
	- iceweasel <not-affected> (MacOS-specific)
	- icedove <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2013-1728 (The IonMonkey JavaScript engine in Mozilla Firefox before 24.0, ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1727 (Mozilla Firefox before 24.0 on Android allows attackers to bypass the ...)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
	- iceape <not-affected> (Android-specific)
CVE-2013-1726 (Mozilla Updater in Mozilla Firefox before 24.0, Firefox ESR 17.x ...)
	- iceweasel <not-affected> (Updater not used in Debian)
	- icedove <not-affected> (Updater not used in Debian)
	- iceape <not-affected> (Updater not used in Debian)
CVE-2013-1725 (Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1724 (Use-after-free vulnerability in the ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1723 (The NativeKey widget in Mozilla Firefox before 24.0, Thunderbird ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1722 (Use-after-free vulnerability in the ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1721 (Integer overflow in the drawLineLoop function in the libGLESv2 library ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1720 (The nsHtml5TreeBuilder::resetTheInsertionMode function in the HTML5 ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1719 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 24.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <end-of-life>
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1718 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2762-1 DSA-2759-1}
	- iceweasel 24.0-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.9-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1717 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1716
	RESERVED
CVE-2013-1715 (Multiple untrusted search path vulnerabilities in the (1) full ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2013-1714 (The Web Workers implementation in Mozilla Firefox before 23.0, Firefox ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1713 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1712 (Multiple untrusted search path vulnerabilities in updater.exe in ...)
	- iceweasel <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2013-1711 (The XrayWrapper implementation in Mozilla Firefox before 23.0 and ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1710 (The crypto.generateCRMFRequest function in Mozilla Firefox before ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1709 (Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1708 (Mozilla Firefox before 23.0 and SeaMonkey before 2.20 allow remote ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1707 (Stack-based buffer overflow in Mozilla Updater in Mozilla Firefox ...)
	- iceweasel <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2013-1706 (Stack-based buffer overflow in maintenanceservice.exe in the Mozilla ...)
	- iceweasel <not-affected> (Windows-specific)
	- icedove <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2013-1705 (Heap-based buffer underflow in the cryptojs_interpret_key_gen_type ...)
	- iceweasel 23.0-1
	[wheezy] - iceweasel <not-affected> (Only affects Firefox > 17)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1704 (Use-after-free vulnerability in the nsINode::GetParentNode function in ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1703
	RESERVED
CVE-2013-1702 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
	- icedove <not-affected> (Only affects Firefox > 17)
	- iceape <not-affected> (Only affects Firefox > 17)
CVE-2013-1701 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2746-1 DSA-2735-1}
	- iceweasel 17.0.8esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.8-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1700 (The Mozilla Maintenance Service in Mozilla Firefox before 22.0 on ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1699 (The Internationalized Domain Name (IDN) display algorithm in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1698 (The getUserMedia permission implementation in Mozilla Firefox before ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1697 (The XrayWrapper implementation in Mozilla Firefox before 22.0, Firefox ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1696 (Mozilla Firefox before 22.0 does not properly enforce the ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1695 (Mozilla Firefox before 22.0 does not properly implement certain ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1694 (The PreserveWrapper implementation in Mozilla Firefox before 22.0, ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1693 (The SVG filter implementation in Mozilla Firefox before 22.0, Firefox ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1692 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1691
	RESERVED
CVE-2013-1690 (Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1689
	RESERVED
	[wheezy] - iceape <end-of-life>
CVE-2013-1688 (The Profiler implementation in Mozilla Firefox before 22.0 parses ...)
	- iceweasel <not-affected> (Only affects Firefox > 17)
CVE-2013-1687 (The System Only Wrapper (SOW) and Chrome Object Wrapper (COW) ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1686 (Use-after-free vulnerability in the mozilla::ResetDir function in ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1685 (Use-after-free vulnerability in the nsIDocument::GetRootElement ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1684 (Use-after-free vulnerability in the ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1683 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 21)
	- icedove <not-affected> (Only affects Firefox 21)
	- iceape <not-affected> (Only affects Firefox 21)
CVE-2013-1682 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2720-1 DSA-2716-1}
	- iceweasel 17.0.7esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1681 (Use-after-free vulnerability in the ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1680 (Use-after-free vulnerability in the nsFrameList::FirstChild function ...)
	{DSA-2720-1 DSA-2699-1}
	[squeeze] - iceweasel <end-of-life>
	- iceweasel 17.0.6esr-1
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1679 (Use-after-free vulnerability in the ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1678 (The _cairo_xlib_surface_add_glyph function in Mozilla Firefox before ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1677 (The gfxSkipCharsIterator::SetOffsets function in Mozilla Firefox ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1676 (The SelectionIterator::GetNextSegment function in Mozilla Firefox ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1675 (Mozilla Firefox before 21.0, Firefox ESR 17.x before 17.0.6, ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1674 (Use-after-free vulnerability in Mozilla Firefox before 21.0, Firefox ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1673 (The Mozilla Updater in Mozilla Firefox before 21.0 on Windows does not ...)
	- iceweasel <not-affected> (Windows build only)
CVE-2013-1672 (The Mozilla Maintenance Service in Mozilla Firefox before 21.0, ...)
	- iceweasel <not-affected> (Windows build only)
	- icedove <not-affected> (Windows build only)
	- iceape <not-affected> (Windows build only)
CVE-2013-1671 (Mozilla Firefox before 21.0 does not properly implement the INPUT ...)
	- iceweasel <not-affected> (Doesn't affect ESR 17 series, only later versions in experimental)
CVE-2013-1670 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-1669 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 20)
	- icedove <not-affected> (Only affects Firefox 20)
	- iceape <not-affected> (Only affects Firefox 20)
CVE-2013-1668 (The uploadFile function in upload/index.php in CosCMS before 1.822 ...)
	NOT-FOR-US: CosCMS
CVE-2013-1667 (The rehash mechanism in Perl 5.8.2 through 5.16.x allows ...)
	{DSA-2641-1}
	- perl 5.14.2-19 (bug #702296)
	NOTE: http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
CVE-2013-1666
	RESERVED
	- foswiki <itp> (bug #509864)
CVE-2013-1665 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...)
	{DSA-2634-1}
	- keystone 2012.1.1-13 (bug #700948)
	- python-django 1.4.4-1
CVE-2013-1664 (The XML libraries for Python 3.4, 3.3, 3.2, 3.1, 2.7, and 2.6, as used ...)
	- keystone 2012.1.1-13 (bug #700948)
	- nova 2012.1.1-13 (bug #700949)
	- cinder 2012.2.3-1 (bug #700950)
CVE-2012-6532 ((1) Zend_Dom, (2) Zend_Feed, (3) Zend_Soap, and (4) Zend_XmlRpc in ...)
	{DLA-251-1}
	- zendframework 1.11.13-1
CVE-2012-6531 ((1) Zend_Dom, (2) Zend_Feed, and (3) Zend_Soap in Zend Framework 1.x ...)
	{DLA-251-1}
	- zendframework 1.11.13-1
CVE-2013-1663
	RESERVED
CVE-2013-1662 (vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x ...)
	NOT-FOR-US: VMware
CVE-2013-1661 (VMware ESXi 4.0 through 5.1, and ESX 4.0 and 4.1, does not properly ...)
	NOT-FOR-US: VMware ESXi
CVE-2013-1660
	REJECTED
CVE-2013-1659 (VMware vCenter Server 4.0 before Update 4b, 5.0 before Update 2, and ...)
	NOT-FOR-US: vCenter
CVE-2013-1658
	RESERVED
CVE-2013-1657
	RESERVED
CVE-2011-5265 (Cross-site scripting (XSS) vulnerability in cached_image.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5264 (Cross-site scripting (XSS) vulnerability in lazyest-backup.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5263 (Cross-site scripting (XSS) vulnerability in RetrieveMailExamples in ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2011-5262 (SQL injection vulnerability in prodpage.cfm in SonicWALL Aventail ...)
	NOT-FOR-US: SonicWALL Aventail
CVE-2011-5261 (Cross-site scripting (XSS) vulnerability in serverreport.cgi in Axis ...)
	NOT-FOR-US: Axis M10 Series Network Cameras
CVE-2011-5260 (Cross-site scripting (XSS) vulnerability in SAP/BW/DOC/METADATA in SAP ...)
	NOT-FOR-US: NetWeaver
CVE-2011-5259 (SQL injection vulnerability in lib/controllers/CentralController.php ...)
	NOT-FOR-US: OrangehRM
CVE-2011-5258 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM ...)
	NOT-FOR-US: OrangehRM
CVE-2011-5257 (Multiple cross-site scripting (XSS) vulnerabilities in the Classipress ...)
	NOT-FOR-US: WordPress theme
CVE-2011-5256 (Cross-site scripting (XSS) vulnerability in the tooltips in LimeSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2013-1656 (Spree Commerce 1.0.x through 1.3.2 allows remote authenticated ...)
	NOT-FOR-US: Spree
CVE-2013-1655 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1654 (Puppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, and Puppet ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1653 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1652 (Puppet before 2.6.18, 2.7.x before 2.7.21, and 3.1.x before 3.1.1, and ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1651 (OXUpdater in Open-Xchange Server before 6.20.7 rev14, 6.22.0 before ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1650 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1649 (Open-Xchange Server before 6.20.7 rev14, 6.22.0 before rev13, and ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1648 (The Subscriptions feature in Open-Xchange Server before 6.20.7 rev14, ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1647 (Multiple CRLF injection vulnerabilities in Open-Xchange Server before ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1646 (Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1645 (Directory traversal vulnerability in Open-Xchange Server before 6.20.7 ...)
	NOT-FOR-US: Open-Xchange
CVE-2013-1644
	RESERVED
CVE-2013-1643 (The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows ...)
	{DSA-2639-1}
	- php5 5.4.4-14 (bug #702221)
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=c737b89473df9dba6742b8fc8fbf6d009bf05c36
CVE-2013-1642
	RESERVED
CVE-2013-1641 (Directory traversal vulnerability in the zip download functionality in ...)
	NOT-FOR-US: QuiXplorer
CVE-2013-1640 (The (1) template and (2) inline_template functions in the master ...)
	{DSA-2643-1}
	- puppet 2.7.18-3
CVE-2013-1639 (Opera before 12.13 does not send CORS preflight requests in all ...)
	NOT-FOR-US: Opera
CVE-2013-1638 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2013-1637 (Opera before 12.13 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2013-1636 (Cross-site scripting (XSS) vulnerability in open-flash-chart.swf in ...)
	- biomaj-watcher 1.2.2-1 (low; bug #742859)
	[wheezy] - biomaj-watcher <no-dsa> (Minor issue)
CVE-2013-1635 (ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not ...)
	{DSA-2639-1}
	- php5 5.4.4-14 (unimportant; bug #702221)
	NOTE: open_basedir not supported
	NOTE: http://git.php.net/?p=php-src.git;a=commitdiff;h=702b436ef470cc02f8e2cc21f2fadeee42103c74
CVE-2013-1634
	RESERVED
CVE-2013-1633 (easy_install in setuptools before 0.7 uses HTTP to retrieve packages ...)
	- distribute <unfixed> (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2013-1632
	RESERVED
CVE-2013-1631
	RESERVED
CVE-2013-1630 (pyshop before 0.7.1 uses HTTP to retrieve packages from the PyPI ...)
	NOT-FOR-US: pyshop
CVE-2013-1629 (pip before 1.3 uses HTTP to retrieve packages from the PyPI ...)
	- python-pip 1.3.1-1 (low; bug #710163)
	[wheezy] - python-pip <no-dsa> (Minor issue)
	[squeeze] - python-pip <no-dsa> (Minor issue)
	- python-virtualenv 1.9.1-1 (medium; bug #710164)
	[wheezy] - python-virtualenv <no-dsa> (Minor issue)
	[squeeze] - python-virtualenv <no-dsa> (Minor issue)
CVE-2013-1628
	REJECTED
CVE-2013-1627 (Absolute path traversal vulnerability in NTWebServer.exe in Indusoft ...)
	NOT-FOR-US: Indusoft Studio, Advantech Studio
CVE-2013-1626
	RESERVED
CVE-2013-1625
	RESERVED
CVE-2013-1624 (The TLS implementation in the Bouncy Castle Java library before 1.48 ...)
	- bouncycastle 1.48+dfsg-2 (low; bug #699885)
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
CVE-2013-1623 (The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.30+dfsg-1.1 (bug #699886)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: cyassl: fixed upstream in 2.5.0
CVE-2013-1622
	REJECTED
CVE-2013-1621 (Array index error in the SSL module in PolarSSL before 1.2.5 might ...)
	{DSA-2622-1}
	- polarssl 1.1.4-2 (bug #699887)
CVE-2013-1620 (The TLS implementation in Mozilla Network Security Services (NSS) does ...)
	- nss 2:3.14.3-1 (low; bug #699888)
	[squeeze] - nss <no-dsa> (Minor issue)
CVE-2013-1619 (The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...)
	- gnutls26 2.12.20-4
	[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
	- gnutls28 3.0.22-3
CVE-2013-1618 (The TLS implementation in Opera before 12.13 does not properly ...)
	NOT-FOR-US: Opera
CVE-2013-1617 (Multiple SQL injection vulnerabilities in the management console on ...)
	NOT-FOR-US: Symantec
CVE-2013-1616 (The management console on the Symantec Web Gateway (SWG) appliance ...)
	NOT-FOR-US: Symantec
CVE-2013-1615 (The management console (aka Java console) on the Symantec Security ...)
	NOT-FOR-US: Symantec
CVE-2013-1614 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: Symantec
CVE-2013-1613 (SQL injection vulnerability in the management console (aka Java ...)
	NOT-FOR-US: Symantec
CVE-2013-1612 (Buffer overflow in secars.dll in the management console in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2013-1611 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Symantec Brightmail Gateway
CVE-2013-1610 (Unquoted Windows search path vulnerability in RDDService in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2013-1609 (Multiple unquoted Windows search path vulnerabilities in the (1) File ...)
	NOT-FOR-US: Symantec
CVE-2013-1608 (Directory traversal vulnerability in the Management Console on the ...)
	NOT-FOR-US: Symantec
CVE-2013-1607
	RESERVED
CVE-2013-1606 (Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT ...)
	NOT-FOR-US: Ubiquiti UBNT AirCam
CVE-2013-1605 (Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 ...)
	NOT-FOR-US: MayGion IP Cameras
CVE-2013-1604 (Directory traversal vulnerability in MayGion IP Cameras with firmware ...)
	NOT-FOR-US: MayGion IP Cameras
CVE-2013-1603
	RESERVED
CVE-2013-1602
	RESERVED
CVE-2013-1601
	RESERVED
CVE-2013-1600
	RESERVED
CVE-2013-1599
	RESERVED
CVE-2013-1598
	RESERVED
CVE-2013-1597
	RESERVED
CVE-2013-1596
	RESERVED
CVE-2013-1595
	RESERVED
CVE-2013-1594
	RESERVED
CVE-2013-1593
	RESERVED
CVE-2013-1592
	RESERVED
CVE-2013-1591 (Stack-based buffer overflow in libpixman, as used in Pale Moon before ...)
	- pixman 0.26.0-4 (bug #700308)
	[squeeze] - pixman <not-affected> (Vulnerable code not present)
CVE-2013-1590 (Buffer overflow in the NTLMSSP dissector in Wireshark 1.6.x before ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
CVE-2013-1589 (Double free vulnerability in epan/proto.c in the dissection engine in ...)
	- wireshark 1.8.6-1 (unimportant)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Not suitable for code injection
CVE-2013-1588 (Multiple buffer overflows in the dissect_pft_fec_detailed function in ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8213
	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47098
CVE-2013-1587 (The dissect_rohc_ir_packet function in epan/dissectors/packet-rohc.c ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7679
	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=44700
CVE-2013-1586 (The fragment_set_tot_len function in epan/reassemble.c in Wireshark ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8111
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46999
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=47000
CVE-2013-1585 (epan/tvbuff.c in Wireshark 1.6.x before 1.6.13 and 1.8.x before 1.8.5 ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=8112
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46705
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46678
CVE-2013-1584 (The dissect_version_5_and_6_primary_header function in ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46579
CVE-2013-1583 (The dissect_version_4_primary_header function in ...)
	- wireshark 1.8.6-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7945
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=46577
CVE-2013-1582 (The dissect_clnp function in epan/dissectors/packet-clnp.c in the CLNP ...)
	{DSA-2625-1}
	- wireshark 1.8.6-1
	[wheezy] - wireshark 1.8.2-5wheezy1
	NOTE: Upstream bug: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7871
	NOTE: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45646
CVE-2013-1571 (Unspecified vulnerability in the Javadoc component in Oracle Java SE 7 ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-1570 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1569 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-3187-1 DLA-219-1}
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
	- icu 52.1-1
CVE-2013-1568 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1567 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1566 (Unspecified vulnerability in Oracle MySQL 5.6.10 and earlier allows ...)
	- mysql-5.5 <not-affected> (Only affects MySQL 5.6)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.6)
CVE-2013-1565 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1564 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1563 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
	- openjdk-7 <not-affected> (Installation component of Oracle Java doesn't apply to IcedTea/OpenJDK)
CVE-2013-1562 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services
CVE-2013-1561 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1560 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services
CVE-2013-1559 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1558 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1557 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1556 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1555 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, and ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1554 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1553 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1552 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1551 (Unspecified vulnerability in the Siebel Enterprise Application ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-1550 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-1549 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1548 (Unspecified vulnerability in Oracle MySQL 5.1.63 and earlier allows ...)
	{DSA-2780-1}
	- mysql-5.5 <not-affected> (Only affects MySQL 5.1)
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1547 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1546 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1545 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1544 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1543 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-1542 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Finacial Services
CVE-2013-1540 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1539 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services
CVE-2013-1538 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1537 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1536 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2013-1535 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2013-1534 (Unspecified vulnerability in the Workload Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1533 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle financial Services Software
CVE-2013-1532 (Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 ...)
	{DSA-2780-1 DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1531 (Unspecified vulnerability in Oracle MySQL 5.1.66 and earlier and ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1530 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-1529 (Unspecified vulnerability in the Oracle WebCenter Interaction ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1528 (Unspecified vulnerability in the Oracle HRMS component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1527 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-1526 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows ...)
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1525 (Unspecified vulnerability in the Oracle Retail Integration Bus ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-1524 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1523 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier and ...)
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1522 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1521 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1520 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2013-1519 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2013-1518 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-1517 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1516 (Unspecified vulnerability in the Oracle WebCenter Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1515 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2013-1514 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2013-1513 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2013-1512 (Unspecified vulnerability in Oracle MySQL 5.5.29 and earlier allows ...)
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1511 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and ...)
	{DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1510 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-1509 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1508 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	- glassfish <not-affected> (Only affects 3.x)
CVE-2013-1507 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-1506 (Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier, 5.5.29 ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.30+dfsg-1
	- mysql-5.1 <removed>
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1505 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2013-1504 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1503 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1502 (Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 ...)
	{DSA-2667-1}
	- mysql-5.5 5.5.31+dfsg-1
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 and 5.6)
	- mariadb-10.0 <not-affected> (Fixed before initial upload)
	- mariadb-5.5 <not-affected> (Fixed before initial upload)
CVE-2013-1501 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2013-1500 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2727-1 DSA-2722-1}
	- openjdk-6 6b27-1.12.6-1
	- openjdk-7 7u25-2.3.10-1
CVE-2013-1499 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2013-1498 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-1497 (Unspecified vulnerability in the Oracle COREid Access component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2013-1496 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-1495 (asr in Oracle Auto Service Request in Oracle Support Tools before ...)
	NOT-FOR-US: Oracle Auto Service Request
CVE-2013-1494 (Unspecified vulnerability in Oracle Sun Solaris 10, when running on ...)
	NOT-FOR-US: Solaris
CVE-2013-1493 (The color management (CMM) functionality in the 2D component in Oracle ...)
	- openjdk-6 6b27-1.12.4-1
	- openjdk-7 7u3-2.1.7-1
CVE-2013-1492 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and ...)
	{DSA-2780-1}
	- mysql-5.1 <removed> (bug #712059)
	- mysql-5.5 5.5.30+dfsg-1
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2013_1492_buffer_overflow
CVE-2013-1491 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-1490 (Unspecified vulnerability in Oracle Java SE 7 Update 11 (JRE ...)
	- openjdk-6 <not-affected> (Not exploitable in OpenJDK6)
	- openjdk-7 <not-affected> (Icedtea 2.3 not affected)
CVE-2013-1489 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1488 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-1487 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1486 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 6b27-1.12.3-1
CVE-2013-1485 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-1484 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 <not-affected> (Only affects Java7)
CVE-2013-1483 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1482 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1481 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Icedtea uses a different sound implementation than Oracle Java)
	- openjdk-7 <not-affected> (Icedtea uses a different sound implementation than Oracle Java)
CVE-2013-1480 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1479 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1478 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1477 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1476 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1475 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-1474 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1473 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-1472 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-1471 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Fortinet FortiMail
CVE-2012-6530 (Stack-based buffer overflow in Sysax Multi Server before 5.52, when ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2012-6529 (Multiple SQL injection vulnerabilities in Marinet CMS allow remote ...)
	NOT-FOR-US: Marinet CMS
CVE-2012-6528 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2012-6527 (Cross-site scripting (XSS) vulnerability in the My Calendar plugin ...)
	NOT-FOR-US: WordPress plugin My Calendar
CVE-2012-6526 (SQL injection vulnerability in show_code.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2012-6525 (SQL injection vulnerability in members.php in PHPBridges allows remote ...)
	NOT-FOR-US: PHPBridges
CVE-2012-6524 (SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote ...)
	NOT-FOR-US: pGB
CVE-2012-6523 (Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 ...)
	NOT-FOR-US: w-CMS 2.01
CVE-2012-6522 (Directory traversal vulnerability in the getContent function in ...)
	NOT-FOR-US: w-CMS 2.01
CVE-2011-5255 (Multiple cross-site scripting (XSS) vulnerabilities in admin/login in ...)
	NOT-FOR-US: X3 CMS
CVE-2010-5290 (The authentication process in Adobe ColdFusion before 10 does not ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-5287 (SQL injection vulnerability in default.php in Cornerstone Technologies ...)
	NOT-FOR-US: Cornerstone Technologies webConductor
CVE-2013-1581 (The dissect_pft_fec_detailed function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1580 (The dissect_cmstatus_tlv function in plugins/docsis/packet-cmstatus.c ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1579 (The rtps_util_add_bitmap function in epan/dissectors/packet-rtps.c in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1578 (The dissect_pw_eth_heuristic function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1577 (The dissect_sip_p_charging_func_addresses function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1576 (The dissect_sdp_media_attribute function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1575 (The dissect_r3_cmd_alarmconfigure function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1574 (The dissect_bthci_eir_ad_data function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1573 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1572 (The dissect_oampdu_event_notification function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2013-1470 (Cross-site scripting (XSS) vulnerability in calendar/index.php in the ...)
	NOTE: There was a RFP long time ago, bug #203818
	NOTE: https://www.htbridge.com/advisory/HTB23143
	NOT-FOR-US: Geeklog
CVE-2013-1469 (Directory traversal vulnerability in install.php in Piwigo before ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
	NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1468 (Cross-site request forgery (CSRF) vulnerability in the LocalFiles ...)
	- piwigo <removed>
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
	NOTE: https://www.htbridge.com/advisory/HTB23144
CVE-2013-1467
	RESERVED
CVE-2013-1466 (Multiple cross-site scripting (XSS) vulnerabilities in glFusion before ...)
	NOT-FOR-US: glFusion
CVE-2013-1465 (The Cubecart::_basket method in classes/cubecart.class.php in CubeCart ...)
	NOT-FOR-US: CubeCart
CVE-2013-1464 (Cross-site scripting (XSS) vulnerability in assets/player.swf in the ...)
	{DSA-2772-1}
	- typo3-src 4.5.29+dfsg1-1
	[squeeze] - typo3-src <end-of-life> (Unsupported in squeeze-lts)
CVE-2013-1463 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-1462 (Integer signedness error in the ExecuteSoapAction function in the ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-1461 (The ExecuteSoapAction function in the SOAPAction handler in the HTTP ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-1460
	RESERVED
CVE-2013-1459
	RESERVED
CVE-2013-1458
	RESERVED
CVE-2013-1457
	RESERVED
CVE-2013-1456
	RESERVED
CVE-2013-1455 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla
CVE-2013-1454 (Joomla! 3.0.x through 3.0.2 allows attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla
CVE-2013-1453 (plugins/system/highlight/highlight.php in Joomla! 3.0.x through 3.0.2 ...)
	NOT-FOR-US: Joomla
CVE-2013-1452
	RESERVED
CVE-2013-4696
	REJECTED
CVE-2013-1451 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1450 (Microsoft Internet Explorer 8 and 9, when the Proxy Settings ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1449
	RESERVED
CVE-2013-1448
	RESERVED
CVE-2014-0158 (Heap-based buffer overflow in the JPEG2000 image tile decoder in ...)
	- openjpeg 1.3+dfsg-4.7
	NOTE: Not considering a duplicate of CVE-2013-1447 following
	NOTE: http://www.openwall.com/lists/oss-security/2014/04/02/2 . A query
	NOTE: to MITRE though indicated that CVE-2014-0158 will not be REJECTED
	NOTE: since people might have tracked CVE-2014-0158 of the much higher
	NOTE: impact as due https://bugzilla.redhat.com/show_bug.cgi?id=1082925
	NOTE: and https://bugzilla.suse.com/show_bug.cgi?id=871412
CVE-2013-1447 (OpenJPEG 1.3 and earlier allows remote attackers to cause a denial of ...)
	{DSA-2808-1}
	- openjpeg 1.3+dfsg-4.7 (bug #731237)
CVE-2013-1446
	RESERVED
CVE-2013-1445 (The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not ...)
	{DSA-2781-1}
	- python-crypto 2.6.1-1
CVE-2013-1444 (A certain Debian patch for txt2man 1.5.5, as used in txt2man 1.5.5-2, ...)
	- txt2man 1.5.5-4.1 (bug #724614)
	[wheezy] - txt2man <no-dsa> (Minor issue)
	[squeeze] - txt2man <no-dsa> (Minor issue)
CVE-2013-1443 (The authentication framework (django.contrib.auth) in Django 1.4.x ...)
	{DSA-2758-1}
	- python-django 1.5.4-1 (bug #723043)
CVE-2013-1442 (Xen 4.0 through 4.3.x, when using AVX or LWP capable CPUs, does not ...)
	{DSA-3006-1}
	- xen 4.4.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: advisory say: In Xen 4.0.2 through 4.0.4 as well as in Xen 4.1.x XSAVE support is disabled by default
CVE-2013-1441 (econvert in ExactImage 0.8.9 and earlier does not properly initialize ...)
	{DSA-2754-1}
	- exactimage 0.8.9-2
	NOTE: a different issue than CVE-2013-1438
CVE-2013-1440
	RESERVED
CVE-2013-1439 (The &quot;faster LJPEG decoder&quot; in libraw 0.13.x, 0.14.x, and 0.15.x before ...)
	- libraw 0.15.4-1 (bug #721338)
	[wheezy] - libraw <no-dsa> (Minor issue)
	[squeeze] - libraw <no-dsa> (Minor issue)
	- libkdcraw 4:4.10.5-2 (bug #721340)
	[wheezy] - libkdcraw <no-dsa> (Minor issue)
	- darktable 1.2.2-2 (bug #721339)
	[wheezy] - darktable 1.0.4-1+deb7u2
CVE-2013-1438 (Unspecified vulnerability in dcraw 0.8.x through 0.8.9, as used in ...)
	{DSA-2748-1}
	- libraw 0.15.4-1 (bug #721231)
	[wheezy] - libraw <no-dsa> (Minor issue)
	[squeeze] - libraw <no-dsa> (Minor issue)
	- libkdcraw 4:4.10.5-2 (bug #721239)
	[wheezy] - libkdcraw <no-dsa> (Minor issue)
	- darktable 1.2.2-2 (bug #721233)
	[wheezy] - darktable 1.0.4-1+deb7u2
	- dcraw <unfixed> (unimportant; bug #721232)
	- ufraw 0.19.2-2 (bug #721234)
	[wheezy] - ufraw <no-dsa> (end-user app)
	[squeeze] - ufraw <no-dsa> (end-user app)
	- xbmc 2:13.2+dfsg1-5 (unimportant; bug #721235)
	- exactimage 0.8.9-1 (bug #721236)
	- rawstudio <removed> (unimportant; bug #721237)
	- rawtherapee <not-affected> (unimportant; bug #721238)
	NOTE: Starting with 2:13.2+dfsg1-5 xbmc is a transitional package
CVE-2013-1437 [Code execution when gathering version metadata]
	RESERVED
	- perl 5.18.1-2
	[wheezy] - perl <not-affected> (Bug was introduced later)
	[squeeze] - perl <not-affected> (Does not yet contain Module::Metadata)
	- libmodule-metadata-perl 1.000015-1
	[wheezy] - libmodule-metadata-perl 1.000009-1+deb7u1
	NOTE: this is by 'design', but previous to version Module::Metadata 1.000015
	NOTE: the statement was This module provides a standard way to gather metadata
	NOTE: about a .pm file *without* executing unsafe code.
CVE-2013-1436 (The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 ...)
	- xmonad-contrib 0.11.2-1 (low)
	[squeeze] - xmonad-contrib <no-dsa> (Minor issue)
	[wheezy] - xmonad-contrib 0.10-4~deb7u1
CVE-2013-1435 ((1) snmp.php and (2) rrd.php in Cacti before 0.8.8b allows remote ...)
	{DSA-2739-1}
	- cacti 0.8.8b+dfsg-1
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7392
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7393
CVE-2013-1434 (Multiple SQL injection vulnerabilities in (1) api_poller.php and (2) ...)
	{DSA-2739-1}
	- cacti 0.8.8b+dfsg-1
	NOTE: http://svn.cacti.net/viewvc?view=rev&revision=7394
CVE-2013-1433
	REJECTED
CVE-2013-1432 (Xen 4.1.x and 4.2.x, when the XSA-45 patch is in place, does not ...)
	{DSA-3006-1}
	- xen 4.3.0-1
	[squeeze] - xen <end-of-life> (Unsupported in squeeze-lts)
	NOTE: All Xen versions having the XSA-45/CVE-2013-1918 fixes applied are vulnerable
CVE-2013-1431 (The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before ...)
	{DSA-2702-1}
	- telepathy-gabble 0.16.6-1
CVE-2013-1430 (An issue was discovered in xrdp before 0.9.1. When successfully logging ...)
	- xrdp 0.9.1~2016121126+git5171fa7-1
	[jessie] - xrdp <no-dsa> (Minor issue)
	[wheezy] - xrdp <no-dsa> (Minor issue)
	NOTE: https://github.com/neutrinolabs/xrdp/pull/497
	NOTE: When successfully logging in using RDP into a xrdp session, the file
	NOTE: ~/.vnc/sesman_${username}_passwd is created.  Its content is the
	NOTE: equivalent of the users clear text password, DES encrypted with a known
	NOTE: key.
CVE-2013-1429 [Lintian unsafe symlinks]
	RESERVED
	- lintian 2.5.10.5 (bug #705553; unimportant)
CVE-2013-1428 (Stack-based buffer overflow in the receive_tcppacket function in ...)
	{DSA-2663-1}
	- tinc 1.0.19-3
CVE-2013-1427 (The configuration file for the FastCGI PHP support for lighttpd before ...)
	{DSA-2649-1}
	- lighttpd 1.4.31-4
CVE-2013-1426 [mahara: stored XSS in tinyMCE editor]
	RESERVED
	- mahara <removed> (low)
	[wheezy] - mahara <no-dsa> (Minor issue)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/mahara/+bug/1153423
CVE-2013-1425 [ldap-git-backup: Incorrect directory permissions exposes password hashes]
	RESERVED
	- ldap-git-backup 1.0.4-1 (bug #699227)
CVE-2013-1424 [matplotlib buffer overrun]
	RESERVED
	- matplotlib 1.4.2-3.1 (low; bug #775691)
	[wheezy] - matplotlib <no-dsa> (Minor issue)
	[squeeze] - matplotlib <no-dsa> (Minor issue)
CVE-2013-1423 ((1) contrib/gforge-3.0-cronjobs.patch, (2) cronjobs/homedirs.php, (3) ...)
	{DSA-2633-1}
	- fusionforge 5.2.1+20130227-1
CVE-2013-1422
	RESERVED
CVE-2013-1421 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
	- webcalendar <removed>
CVE-2013-1420
	RESERVED
CVE-2013-1419
	RESERVED
CVE-2013-1418 (The setup_server_realm function in main.c in the Key Distribution ...)
	{DLA-1265-1}
	- krb5 1.11.3+dfsg-3+nmu1 (low; bug #728845)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7757
	NOTE: https://github.com/krb5/krb5/commit/5d2d9a1abe46a2c1a8614d4672d08d9d30a5f8bf
CVE-2013-1417 (do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 ...)
	- krb5 1.11.3+dfsg-3+nmu1 (low; bug #730085)
	[squeeze] - krb5 <not-affected> (Vulnerable code only present in 1.11.x)
	[wheezy] - krb5 <not-affected> (Vulnerable code only present in 1.11.x)
	NOTE: https://github.com/krb5/krb5/commit/4c023ba43c16396f0d199e2df1cfa59b88b62acc
CVE-2013-1416 (The prep_reprocess_req function in do_tgs_req.c in the Key ...)
	- krb5 1.10.1+dfsg-5 (low; bug #704775)
	[squeeze] - krb5 <no-dsa> (Minor issue)
CVE-2013-1415 (The pkinit_check_kdc_pkid function in ...)
	- krb5 1.10.1+dfsg-4 (low)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: https://github.com/krb5/krb5/commit/c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
	NOTE: https://github.com/krb5/krb5/commit/b71f8c4aacea8849ceaf31a2fa95e143f3943097
CVE-2013-1414 (Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet ...)
	NOT-FOR-US: Fortinet FortiOS on FortiGate firewall devices
CVE-2012-6521 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Elefant CMS
CVE-2012-6520 (Multiple SQL injection vulnerabilities in the advanced search in ...)
	NOT-FOR-US: Wikidforum
CVE-2012-6519 (SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 ...)
	NOT-FOR-US: DIY-CMS
CVE-2012-6518 (Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS ...)
	NOT-FOR-US: DiY-CMS
CVE-2012-6517 (Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 ...)
	NOT-FOR-US: DiY-CMS
CVE-2012-6516 (SQL injection vulnerability in PHP Ticket System Beta 1 allows remote ...)
	NOT-FOR-US: PHP Ticket System Beta
CVE-2012-6515 (eFront 3.6.10, 3.6.11 build 15059, and earlier allows remote attackers ...)
	NOT-FOR-US: eFront
CVE-2012-6514 (Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) ...)
	NOT-FOR-US: nBill for Joomla!
CVE-2012-6513 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: gpEasy CMS
CVE-2012-6512 (The Organizer plugin 1.2.1 for WordPress allows remote attackers to ...)
	NOT-FOR-US: Organizer wordpress plugin not in Debian
CVE-2012-6511 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Organizer wordpress plugin not in Debian
CVE-2012-6510 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6509 (Unrestricted file upload vulnerability in NetArt Media Car Portal 3.0 ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6508 (Multiple cross-site request forgery (CSRF) vulnerabilities in NetArt ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2012-6507 (Multiple SQL injection vulnerabilities in admin.php in ChurchCMS 0.0.1 ...)
	NOT-FOR-US: ChurchCMS
CVE-2012-6506 (Multiple cross-site scripting (XSS) vulnerabilities in the Zingiri Web ...)
	NOT-FOR-US: Zingiri Web Shop wordpress plugin not in Debian
CVE-2012-6505 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PHP Volunteer Management not in Debian
CVE-2012-6504 (SQL injection vulnerability in mods/hours/data/get_hours.php in PHP ...)
	NOT-FOR-US: PHP Volunteer Management not in Debian
CVE-2012-6503 (Unspecified vulnerability in the NinjaXplorer component before 1.0.7 ...)
	NOT-FOR-US: NinjaXplorer for Joomla!
CVE-2012-6502 (Microsoft Internet Explorer before 10 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1413 (Multiple cross-site scripting (XSS) vulnerabilities in synetics i-doit ...)
	NOT-FOR-US: synetics i-doit
CVE-2013-1412 (DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: DataLife Engine
CVE-2013-1411
	RESERVED
CVE-2013-1410
	RESERVED
CVE-2013-1409 (Cross-site scripting (XSS) vulnerability in the CommentLuv plugin ...)
	NOT-FOR-US: CommentLuv plugin for Wordpress
CVE-2013-1408 (Multiple SQL injection vulnerabilities in the Wysija Newsletters ...)
	NOT-FOR-US: WordPress plugin wysija-newsletters
CVE-2013-1407 (Multiple cross-site scripting (XSS) vulnerabilities in the Events ...)
	NOT-FOR-US: WordPress plugin Events Master Pro
CVE-2013-1406 (The Virtual Machine Communication Interface (VMCI) implementation in ...)
	NOT-FOR-US: VMware Workstation, Fusion, View, ESXi, ESX
CVE-2013-1405 (VMware vCenter Server 4.0 before Update 4b and 4.1 before Update 3a, ...)
	NOT-FOR-US: VMware
CVE-2013-1404
	RESERVED
CVE-2013-1403
	RESERVED
CVE-2013-1402 (DigiLIBE 3.4 and possibly other versions sends a redirect but does not ...)
	NOT-FOR-US: DigiLIBE
CVE-2013-1401
	RESERVED
CVE-2013-1400
	RESERVED
CVE-2009-5134 (Buffer overflow in the &quot;create torrent dialog&quot; functionality in ...)
	NOT-FOR-US: uTorrent
CVE-2013-0243 [Basic constraints vulnerability]
	RESERVED
	- haskell-tls-extra 0.4.6.1-1 (bug #698545)
CVE-2013-1399 (Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-1398 (The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2013-1397 (Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote ...)
	- php-symfony2-yaml <not-affected> (Only affects versions 2.0, 2.1, 2.2)
CVE-2013-1396
	RESERVED
CVE-2013-1395
	RESERVED
CVE-2013-1394
	RESERVED
CVE-2013-1393 (Cross-site scripting (XSS) vulnerability in the CurvyCorners module ...)
	NOT-FOR-US: Drupal module CurvyCorners
CVE-2013-1392
	RESERVED
CVE-2013-1391
	RESERVED
CVE-2013-1390
	RESERVED
CVE-2013-1389 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 11, ...)
	NOT-FOR-US: Adobe ColdFusion 9.0
CVE-2013-1388 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-1387 (Unspecified vulnerability in Adobe ColdFusion 9.0 before Update 10, ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-1386 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1385 (Adobe Shockwave Player before 12.0.2.122 does not prevent access to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1384 (Adobe Shockwave Player before 12.0.2.122 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1383 (Buffer overflow in Adobe Shockwave Player before 12.0.2.122 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-1382
	REJECTED
CVE-2013-1381
	REJECTED
CVE-2013-1380 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1379 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1378 (Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1377 (Adobe Digital Editions 2.x before 2.0.1 allows attackers to execute ...)
	NOT-FOR-US: Adobe Digital Editions
CVE-2013-1376 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-1375 (Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1374 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1373 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1372 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1371 (Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1370 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1369 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1368 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1367 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1366 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-1365 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2012-6110 (bcron-exec in bcron before 0.10 does not close file descriptors ...)
	- bcron 0.09-13 (low; bug #686650)
	[squeeze] - bcron 0.09-11+squeeze1
CVE-2013-1364 (The user.login function in Zabbix before 1.8.16 and 2.x before ...)
	- zabbix 1:2.0.4+dfsg-2 (bug #698541)
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
	NOTE: patches in https://support.zabbix.com/browse/ZBX-6097
CVE-2013-1363
	RESERVED
CVE-2013-1362 (Incomplete blacklist vulnerability in nrpc.c in Nagios Remote Plug-In ...)
	- nagios-nrpe 2.13-3 (low; bug #701227)
	[squeeze] - nagios-nrpe <no-dsa> (Minor issue)
CVE-2013-1361 (Untrusted search path vulnerability in Lenovo Thinkpad Bluetooth with ...)
	NOT-FOR-US: Lenovo Thinkpad Bluetooth with Enhanced Data Rate Software
CVE-2013-1360
	RESERVED
CVE-2013-1359
	RESERVED
CVE-2013-1358
	RESERVED
CVE-2013-1357
	RESERVED
CVE-2013-1356
	RESERVED
CVE-2013-1355
	REJECTED
CVE-2013-1354
	RESERVED
CVE-2013-1353
	RESERVED
CVE-2013-1352
	RESERVED
CVE-2013-1351
	RESERVED
CVE-2013-1350
	RESERVED
CVE-2013-1349 (Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 ...)
	NOT-FOR-US: openSIS
CVE-2013-1348 (The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote ...)
	- php-symfony2-yaml <not-affected> (Only affects version 2.0)
CVE-2013-1347 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1346 (mpengine.dll in Microsoft Malware Protection Engine before 1.1.9506.0 ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2013-1345 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2013-1344 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1343 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1342 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1341 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2013-1340 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2013-1339 (The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft
CVE-2013-1338 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1337 (Microsoft .NET Framework 4.5 does not properly create policy ...)
	NOT-FOR-US: Microsoft .NET Framework 4.5
CVE-2013-1336 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP2, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-1335 (Microsoft Word 2003 SP3 and Word Viewer allow remote attackers to ...)
	NOT-FOR-US: Microsoft Word
CVE-2013-1334 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1333 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1332 (dxgkrnl.sys (aka the DirectX graphics kernel subsystem) in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1331 (Buffer overflow in Microsoft Office 2003 SP3 and Office 2011 for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2013-1330 (The default configuration of Microsoft SharePoint Portal Server 2003 ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-1329 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1328 (Microsoft Publisher 2003 SP3, 2007 SP3, and 2010 SP1 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1327 (Integer signedness error in Microsoft Publisher 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1326
	REJECTED
CVE-2013-1325 (Heap-based buffer overflow in Microsoft Office 2003 SP3 and 2007 SP3 ...)
	NOT-FOR-US: Microsoft
CVE-2013-1324 (Stack-based buffer overflow in Microsoft Office 2003 SP3, 2007 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2013-1323 (Microsoft Publisher 2003 SP3 does not properly handle NULL values for ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1322 (Microsoft Publisher 2003 SP3 does not properly check table range data, ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1321 (Microsoft Publisher 2003 SP3 does not properly check the data type of ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1320 (Buffer overflow in Microsoft Publisher 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1319 (Microsoft Publisher 2003 SP3 does not properly check the return value ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1318 (Microsoft Publisher 2003 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1317 (Integer overflow in Microsoft Publisher 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1316 (Microsoft Publisher 2003 SP3 does not properly validate the size of an ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2013-1315 (Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; ...)
	NOT-FOR-US: Microsoft
CVE-2013-1314
	REJECTED
CVE-2013-1313 (Object Linking and Embedding (OLE) Automation in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2013-1312 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1311 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1310 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1309 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1308 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1307 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1306 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1305 (HTTP.sys in Microsoft Windows 8, Windows Server 2012, and Windows RT ...)
	NOT-FOR-US: Microsoft
CVE-2013-1304 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1303 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1302 (Microsoft Communicator 2007 R2, Lync 2010, Lync 2010 Attendee, and ...)
	NOT-FOR-US: Microsoft
CVE-2013-1301 (Microsoft Visio 2003 SP3 2007 SP3, and 2010 SP1 allows remote ...)
	NOT-FOR-US: Microsoft Visio
CVE-2013-1300 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2013-1299 (Microsoft Windows Modern Mail allows remote attackers to spoof link ...)
	NOT-FOR-US: Microsoft Windows Modern Mail
CVE-2013-1298
	REJECTED
CVE-2013-1297 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1296 (The Remote Desktop ActiveX control in mstscax.dll in Microsoft Remote ...)
	NOT-FOR-US: Microsoft Remote Desktop Connection Client
CVE-2013-1295 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1294 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1293 (The NTFS kernel-mode driver in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1292 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1291 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1290 (Microsoft SharePoint Server 2013, in certain configurations involving ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-1289 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2013-1288 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-1287 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1286 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1285 (The USB kernel-mode drivers in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1284 (Race condition in the kernel in Microsoft Windows 8, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1283 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1282 (The LDAP service in Microsoft Active Directory, Active Directory ...)
	NOT-FOR-US: Microsoft
CVE-2013-1281 (The NFS server in Microsoft Windows Server 2008 R2 and R2 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1280 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1279 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1278 (Race condition in the kernel in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1277 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1276 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1275 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1274 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1273 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1272 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1271 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1270 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1269 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1268 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1267 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1266 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1265 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1264 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1263 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1262 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1261 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1260 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1259 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1258 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1257 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1256 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1255 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1254 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1253 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1252 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1251 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1250 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1249 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-1248 (Race condition in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-6501 (The KillProcess method in the HP PKI ActiveX control (HPPKI.ocx) ...)
	NOT-FOR-US: HP PKI ActiveX
CVE-2012-6500 (Directory traversal vulnerability in download.lib.php in Pragyan CMS ...)
	NOT-FOR-US: Pragyan CMS
CVE-2012-6499 (Open redirect vulnerability in age-verification.php in the Age ...)
	NOT-FOR-US: Age Verification plugin for WordPress
CVE-2011-5254 (Unspecified vulnerability in the Connections plugin before 0.7.1.6 for ...)
	NOT-FOR-US: Connections plugin for WordPress
CVE-2011-5253 (Dl Download Ticket Service 0.3 through 0.9 allows remote attackers to ...)
	NOT-FOR-US: Dl Download Ticket Service
CVE-2011-5252 (Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x ...)
	NOT-FOR-US: Orchard
CVE-2012-0722
	REJECTED
CVE-2013-1247 (Cross-site scripting (XSS) vulnerability in the wireless configuration ...)
	NOT-FOR-US: Cisco
CVE-2013-1246 (Cisco TelePresence System Software does not properly handle inactive ...)
	NOT-FOR-US: Cisco
CVE-2013-1245 (The user-management page in Cisco WebEx Social relies on client-side ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2013-1244 (Cross-site scripting (XSS) vulnerability in the portal module in Cisco ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2013-1243 (The IP stack in Cisco Intrusion Prevention System (IPS) Software in ...)
	NOT-FOR-US: Cisco
CVE-2013-1242 (Memory leak in the web framework in the server in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2013-1241 (The ISM module in Cisco IOS on ISR G2 routers does not properly handle ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1240 (The command-line interface in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1239
	RESERVED
CVE-2013-1238
	RESERVED
CVE-2013-1237
	RESERVED
CVE-2013-1236 (Cisco TelePresence Supervisor MSE 8050 before 2.3(1.31) allows remote ...)
	NOT-FOR-US: Cisco TelePresence Supervisor
CVE-2013-1235 (Cisco Wireless LAN Controller (WLC) devices do not properly address ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1234 (The SNMP module in Cisco IOS XR allows remote authenticated users to ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-1233
	REJECTED
CVE-2013-1232 (The HTTP implementation in Cisco WebEx Node for MCS, WebEx Meetings ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1231 (The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1230 (Cisco Unified Communications Domain Manager allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2013-1229 (TMSSNMPService.exe in TelePresence Manager in Cisco TelePresence ...)
	NOT-FOR-US: Cisco
CVE-2013-1228 (Cisco Jabber on Windows does not verify X.509 certificates from SSL ...)
	NOT-FOR-US: Cisco Jabber
CVE-2013-1227 (Cross-site scripting (XSS) vulnerability in the web framework in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2013-1226 (The Ethernet frame-forwarding implementation in Cisco NX-OS on Nexus ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1225 (Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1224 (Directory traversal vulnerability in the Resource Manager in Cisco ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1223 (The log viewer in Cisco Unified Customer Voice Portal (CVP) Software ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1222 (The Tomcat Web Management feature in Cisco Unified Customer Voice ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1221 (The Tomcat Web Management feature in Cisco Unified Customer Voice ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1220 (The CallServer component in Cisco Unified Customer Voice Portal (CVP) ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2013-1219 (SensorApp in Cisco Intrusion Prevention System (IPS) allows local ...)
	NOT-FOR-US: Cisco Intrusion Prevention System
CVE-2013-1218 (Cisco Intrusion Prevention System (IPS) Software in ASA 5500-X IPS-SSP ...)
	NOT-FOR-US: Cisco
CVE-2013-1217 (The generic input/output control implementation in Cisco IOS does not ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1216 (Memory leak in the SNMP module in Cisco IOS XR allows remote ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-1215 (The vpnclient program in the Easy VPN component on Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2013-1214 (The scripts editor in Cisco Unified Contact Center Express (aka ...)
	NOT-FOR-US: Cisco Unified Contact Center Express
CVE-2013-1213 (Cisco NX-OS on the Nexus 1000V does not assign the proper priority to ...)
	NOT-FOR-US: Cisco
CVE-2013-1212 (The SSL functionality in Cisco NX-OS on the Nexus 1000V does not ...)
	NOT-FOR-US: Cisco
CVE-2013-1211 (Cisco NX-OS on the Nexus 1000V does not properly handle authentication ...)
	NOT-FOR-US: Cisco
CVE-2013-1210 (Array index error in the Virtual Ethernet Module (VEM) kernel driver ...)
	NOT-FOR-US: Cisco
CVE-2013-1209 (The encryption functionality in the Virtual Supervisor Module (VSM) to ...)
	NOT-FOR-US: Cisco
CVE-2013-1208 (The encryption functionality in Cisco NX-OS on the Nexus 1000V does ...)
	NOT-FOR-US: Cisco
CVE-2013-1207
	RESERVED
CVE-2013-1206
	RESERVED
CVE-2013-1205 (The Event Center module in Cisco WebEx Meetings Server does not ...)
	NOT-FOR-US: Cisco WebEx Meetings Server
CVE-2013-1204 (Memory leak in the SNMP process in Cisco IOS XR allows remote ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2013-1203 (Cisco ASA CX Context-Aware Security Software allows remote attackers ...)
	NOT-FOR-US: Cisco ASA
CVE-2013-1202
	RESERVED
CVE-2013-1201
	RESERVED
CVE-2013-1200 (Session fixation vulnerability in Cisco Secure Access Control System ...)
	NOT-FOR-US: Cisco Secure Access Control System
CVE-2013-1199 (Race condition in the CIFS implementation in the rewriter module in ...)
	NOT-FOR-US: Cisco
CVE-2013-1198 (Cross-site scripting (XSS) vulnerability in a Flash component in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1197 (The XML parser in the server in Cisco Unified Presence (CUP) allows ...)
	NOT-FOR-US: Cisco Unified Presence
CVE-2013-1196 (The command-line interface in Cisco Secure Access Control System ...)
	NOT-FOR-US: Cisco
CVE-2013-1195 (The time-based ACL implementation on Cisco Adaptive Security ...)
	NOT-FOR-US: isco Adaptive Security Appliances
CVE-2013-1194 (The ISAKMP implementation on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2013-1193 (The Secure Shell (SSH) implementation on Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2013-1192 (The JAR files on Cisco Device Manager for Cisco MDS 9000 devices ...)
	NOT-FOR-US: Cisco Device Manager
CVE-2013-1191 (Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local ...)
	NOT-FOR-US: Cisco
CVE-2013-1190 (The C-Series Rack Server component 1.4 in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2013-1189 (Cisco Universal Broadband (aka uBR) 10000 series routers, when an ...)
	NOT-FOR-US: Cisco Universal Broadband 10000 series routers
CVE-2013-1188 (Cisco Unified Communications Manager (CUCM) does not properly limit ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1187 (The Connection Manager in Cisco Jabber Extensible Communications ...)
	NOT-FOR-US: Cisco
CVE-2013-1186 (Cisco Unified Computing System (UCS) 1.x before 1.4(4) and 2.x before ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1185 (The web interface in the Manager component in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1184 (The management API in the XML API management service in the Manager ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1183 (Buffer overflow in the Intelligent Platform Management Interface ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1182 (The login page in the Web Console in the Manager component in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2013-1181 (Cisco NX-OS on Nexus 5500 devices 4.x and 5.x before 5.0(3)N2(2), ...)
	NOT-FOR-US: Cisco
CVE-2013-1180 (Buffer overflow in the SNMP implementation in Cisco NX-OS on Nexus ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1179 (Multiple buffer overflows in the (1) SNMP and (2) License Manager ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1178 (Multiple buffer overflows in the Cisco Discovery Protocol (CDP) ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1177 (SQL injection vulnerability in Cisco Network Admission Control (NAC) ...)
	NOT-FOR-US: Cisco Network Admission Control Manager
CVE-2013-1176 (The DSP card on Cisco TelePresence MCU 4500 and 4501 devices before ...)
	NOT-FOR-US: Cisco
CVE-2013-1175
	REJECTED
CVE-2013-1174 (Cisco Tivoli Business Service Manager (TBSM) in Hosted Collaboration ...)
	NOT-FOR-US: Cisco Tivoli Business Service Manager
CVE-2013-1173 (Heap-based buffer overflow in ciscod.exe in the Cisco Security Service ...)
	NOT-FOR-US: Cisco AnyConnect
CVE-2013-1172 (The Cisco Security Service in Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco AnyConnect
CVE-2013-1171 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Cisco Connected Grid Network Management System (CG-NMS)
CVE-2013-1170 (The Cisco Prime Network Control System (NCS) appliance with software ...)
	NOT-FOR-US: Cisco Prime Network Control System
CVE-2013-1169 (Cisco Unified MeetingPlace Web Conferencing Server 7.x before 7.1MR1 ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing Server
CVE-2013-1168 (The web server in Cisco Unified MeetingPlace Application Server 7.x ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Application Server
CVE-2013-1167 (Cisco IOS XE 3.2 through 3.4 before 3.4.2S, and 3.5, on 1000 series ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1166 (Cisco IOS XE 3.2 through 3.4 before 3.4.5S, and 3.5 through 3.7 before ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1165 (Cisco IOS XE 2.x and 3.x before 3.4.5S, and 3.5 through 3.7 before ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1164 (Cisco IOS XE 3.4 before 3.4.4S, 3.5, and 3.6 on 1000 series ...)
	NOT-FOR-US: Cisco IOS XE
CVE-2013-1163 (Multiple SQL injection vulnerabilities in the device-management ...)
	NOT-FOR-US: Cisco
CVE-2013-1162 (The traffic engineering (TE) processing subsystem in Cisco IOS XR ...)
	NOT-FOR-US: Cisco
CVE-2013-1161 (The XML parser in the Cisco Jabber IM application for Android allows ...)
	NOT-FOR-US: Cisco
CVE-2013-1160 (Cross-site scripting (XSS) vulnerability in the OpenView web menus in ...)
	NOT-FOR-US: Cisco
CVE-2013-1159 (Cross-site scripting (XSS) vulnerability in the Netcool Impact (NCI) ...)
	NOT-FOR-US: Cisco
CVE-2013-1158 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring ...)
	NOT-FOR-US: IBM
CVE-2013-1157 (Cross-site scripting (XSS) vulnerability in the IBM Tivoli Monitoring ...)
	NOT-FOR-US: IBM
CVE-2013-1156 (Directory traversal vulnerability in Cisco Prime Central for Hosted ...)
	NOT-FOR-US: Cisco
CVE-2013-1155 (The auth-proxy functionality in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2013-1154 (The Cisco Small Business 200 Series Smart Switch 1.2.7.76 and earlier, ...)
	NOT-FOR-US: Cisco Small Business switches
CVE-2013-1153 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
	NOT-FOR-US: Cisco Prime Infrastructure
CVE-2013-1152 (Cisco Adaptive Security Appliances (ASA) devices with software 9.0 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1151 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1150 (The authentication-proxy implementation on Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1149 (Cisco Adaptive Security Appliances (ASA) devices with software 7.x ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2013-1148 (The General Responder implementation in the IP Service Level Agreement ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1147 (The Protocol Translation (PT) functionality in Cisco IOS 12.3 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1146 (The Smart Install client functionality in Cisco IOS 12.2 and 15.0 ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1145 (Memory leak in Cisco IOS 12.2, 12.4, 15.0, and 15.1, when Zone-Based ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1144 (Memory leak in the IKEv1 implementation in Cisco IOS 15.1 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1143 (The RSVP protocol implementation in Cisco IOS 12.2 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1142 (Race condition in the VRF-aware NAT feature in Cisco IOS 12.2 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1141 (The mDNS snooping functionality on Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1140 (The XML parser in Cisco Security Monitoring, Analysis, and Response ...)
	NOT-FOR-US: Cisco Security MARS
CVE-2013-1139 (The nsAPI interface in Cisco Cloud Portal 9.1 SP1 and SP2, and 9.3 ...)
	NOT-FOR-US: Cisco Cloud Portal
CVE-2013-1138 (The NAT process on Cisco Adaptive Security Appliances (ASA) devices ...)
	NOT-FOR-US: Cisco
CVE-2013-1137 (Cisco Unified Presence Server (CUPS) 8.6, 9.0, and 9.1 before 9.1.1 ...)
	NOT-FOR-US: Cisco Unified Presence Server
CVE-2013-1136 (The crypto engine process in Cisco IOS on Aggregation Services Router ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1135 (Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance ...)
	NOT-FOR-US: Cisco Prime Central
CVE-2013-1134 (The Location Bandwidth Manager (LBM) Intracluster-communication ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1133 (Cisco Unified Communications Manager (CUCM) 8.6 before 8.6(2a)su2, 8.6 ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2013-1132 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2013-1131 (Cisco Small Business Wireless Access Points WAP200, WAP2000, WAP200E, ...)
	NOT-FOR-US: Cisco Small Business Wireless Access Points
CVE-2013-1130 (Cisco AnyConnect Secure Mobility Client on Mac OS X uses weak ...)
	NOT-FOR-US: Cisco
CVE-2013-1129 (Memory leak in Cisco Unity Connection 9.x allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2013-1128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-1127
	RESERVED
CVE-2013-1126
	RESERVED
CVE-2013-1125 (The command-line interface in Cisco Identity Services Engine Software, ...)
	NOT-FOR-US: Cisco
CVE-2013-1124 (The Cisco Network Admission Control (NAC) agent on Mac OS X does not ...)
	NOT-FOR-US: Cisco Network Admission Control
CVE-2013-1123 (Multiple cross-site scripting (XSS) vulnerabilities in the server in ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2013-1122 (Cisco NX-OS on the Nexus 7000, when a certain Overlay Transport ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1121 (The regex engine in the BGP implementation in Cisco NX-OS, when a ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2013-1120 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Cisco Unity Express
CVE-2013-1119 (Buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1118 (Stack-based buffer overflow in Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1117 (Buffer overflow in the exception handler in Cisco WebEx Recording ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1116 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1115 (Buffer overflow in Cisco WebEx Advanced Recording Format (ARF) player ...)
	NOT-FOR-US: Cisco WebEx
CVE-2013-1114 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unity ...)
	NOT-FOR-US: Cisco Unity Express
CVE-2013-1113 (Cross-site scripting (XSS) vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Communications Domain Manager
CVE-2013-1112 (Cisco Carrier Routing System (CRS) allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco Carrier Routing System
CVE-2013-1111 (The Cisco ATA 187 Analog Telephone Adaptor with firmware 9.2.1.0 and ...)
	NOT-FOR-US: Cisco ATA 187 Analog Telephone Adaptor
CVE-2013-1110 (Cisco WebEx Training Center allow remote authenticated users to bypass ...)
	NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1109 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1108 (Cisco WebEx Training Center allows remote authenticated users to ...)
	NOT-FOR-US: Cisco WebEx Training Center
CVE-2013-1107 (The search function in Cisco Webex Social (formerly Cisco Quad) allows ...)
	NOT-FOR-US: Cisco Webex Social
CVE-2013-1106
	RESERVED
CVE-2013-1105 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1104 (The HTTP Profiling functionality on Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1103 (Cisco Wireless LAN Controller (WLC) devices with software 7.0 before ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1102 (The Wireless Intrusion Prevention System (wIPS) component on Cisco ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2013-1101
	RESERVED
CVE-2013-1100 (The HTTP server in Cisco IOS on Catalyst switches does not properly ...)
	NOT-FOR-US: Cisco IOS
CVE-2013-1099
	REJECTED
CVE-2013-1098
	RESERVED
CVE-2013-1097 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1096 (Cross-site scripting (XSS) vulnerability in the Roles Based ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2013-1095 (Cross-site scripting (XSS) vulnerability in a ZCC page in njwc.jar in ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1094 (Cross-site scripting (XSS) vulnerability in a ZCC page in ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1093 (Open redirect vulnerability in the fwdToURL function in the ZCC login ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1092 (Multiple unquoted Windows search path vulnerabilities in Novell ...)
	NOT-FOR-US: Novell ZENworks Desktop Management
CVE-2013-1091 (Stack-based buffer overflow in Novell iPrint Client before 5.90 allows ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2013-1090 (The SUSE horde5 package before 5.0.2-2.4.1 sets incorrect ownership ...)
	- php-horde <not-affected> (SuSE specific packaging flaw)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=811369
CVE-2013-1089
	RESERVED
CVE-2013-1088 (Cross-site request forgery (CSRF) vulnerability in Novell iManager 2.7 ...)
	NOT-FOR-US: Novell iManager
CVE-2013-1087 (Cross-site scripting (XSS) vulnerability in the client in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2013-1086 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2013-1085 (Stack-based buffer overflow in the nim: protocol handler in Novell ...)
	NOT-FOR-US: Novell Messenger
CVE-2013-1084 (Directory traversal vulnerability in the GetFle method in the umaninv ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2013-1083 (Unspecified vulnerability in the login functionality in the Reporting ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2013-1082 (Directory traversal vulnerability in DUSAP.php in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1081 (Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1080 (The web server in Novell ZENworks Configuration Management (ZCM) 10.3 ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1079 (Directory traversal vulnerability in the ISCreateObject method in an ...)
	NOT-FOR-US: Novell ZENworks
CVE-2013-1078
	RESERVED
CVE-2013-1077
	REJECTED
CVE-2013-1076
	REJECTED
CVE-2013-1075
	REJECTED
CVE-2013-1074
	REJECTED
CVE-2013-1073
	REJECTED
CVE-2013-1072
	REJECTED
CVE-2013-1071
	REJECTED
CVE-2013-1070 (Cross-site scripting (XSS) vulnerability in the API in Ubuntu Metal as ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1069 (Ubuntu Metal as a Service (MaaS) 1.2 and 1.4 uses world-readable ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1068 (The OpenStack Nova (python-nova) package 1:2013.2.3-0 before ...)
	- nova 2014.1.1-4 (bug #753579)
	[wheezy] - nova <not-affected> (Vulnerable code not present)
	- cinder 2014.1.1-3 (bug #753585)
	[wheezy] - cinder <not-affected> (Vulnerable code not present)
	NOTE: Requires includedir to be defined in /etc/sudoers file
CVE-2013-1067 (Apport 2.12.5 and earlier uses weak permissions for core dump files ...)
	[experimental] - apport 2.12.6-1 (bug #727661)
	NOTE: apport only in experimental, so we cannot track this in security-tracker
	NOTE: add it, as we have an explicit (bug) reference for apport
CVE-2013-1066 (language-selector 0.110.x before 0.110.1, 0.90.x before 0.90.1, and ...)
	NOT-FOR-US: language-selector
CVE-2013-1065 (backend.py in Jockey before 0.9.7-0ubuntu7.11 does not properly use ...)
	NOT-FOR-US: jockey
CVE-2013-1064 (apt-xapian-index before 0.45ubuntu2.1, 0.44ubuntu7.1, and ...)
	- apt-xapian-index 0.47 (low; bug #724837)
	[wheezy] - apt-xapian-index <no-dsa> (Minor issue, only allows a possibly prohibited update of the Xapian package index)
	[squeeze] - apt-xapian-index <no-dsa> (Minor issue, only allows a possibly prohibited update of the Xapian package index)
CVE-2013-1063 (usb-creator 0.2.47 before 0.2.47.1, 0.2.40 before 0.2.40ubuntu2, and ...)
	NOT-FOR-US: usb-creator
CVE-2013-1062 (ubuntu-system-service 0.2.4 before 0.2.4.1. 0.2.3 before 0.2.3.1, and ...)
	NOT-FOR-US: ubuntu-system-service
CVE-2013-1061 (dbus/SoftwarePropertiesDBus.py in Software Properties 0.92.17 before ...)
	- software-properties 0.92.18 (low)
	[wheezy] - software-properties <no-dsa> (Minor issue)
	[squeeze] - software-properties <not-affected> (Vulnerable code not present)
CVE-2013-1060 (A certain Ubuntu build procedure for perf, as distributed in the Linux ...)
	NOT-FOR-US: Ubuntu packaging specific
CVE-2013-1059 (net/ceph/auth_none.c in the Linux kernel through 3.10 allows remote ...)
	{DSA-2745-1}
	- linux 3.10.1-1 (low)
	- linux-2.6 <removed> (low)
	[squeeze] - linux-2.6 <not-affected> (CEPH was introduced in 2.6.34)
CVE-2013-1058 (maas-import-pxe-files in MAAS before 13.10 does not verify the ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1057 (Untrusted search path vulnerability in maas-import-pxe-files in MAAS ...)
	NOT-FOR-US: Ubuntu MAAS
CVE-2013-1056 (X.org X server 1.13.3 and earlier, when not run as root, allows local ...)
	- xorg-server <not-affected> (Ubuntu-specific patch, see http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-1056.html)
CVE-2013-1055
	RESERVED
CVE-2013-1054
	RESERVED
CVE-2013-1053
	RESERVED
CVE-2013-1052 (pam-xdg-support, as used in Ubuntu 12.10, does not properly handle the ...)
	NOT-FOR-US: pam-xdg-support (Ubuntu-specific package)
CVE-2013-1051 (apt 0.8.16, 0.9.7, and possibly other versions does not properly ...)
	- apt 0.9.7.8
	[squeeze] - apt <not-affected> (InRelease support not used)
CVE-2013-1050 (The default configuration in gnome-screensaver 3.5.4 through 3.6.0 ...)
	- gnome-screensaver <not-affected> (Ubuntu-specific Unity patch)
CVE-2013-1049 (Buffer overflow in the RFC1413 (ident) client in cfingerd 1.4.3-3 ...)
	{DSA-2635-1}
	- cfingerd 1.4.3-3.1 (bug #700098)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/cfingerd/+bug/1104425
CVE-2013-1048 (The Debian apache2ctl script in the apache2 package squeeze before ...)
	{DSA-2637-1}
	- apache2 2.2.22-13
CVE-2013-1047 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1046 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1045 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1044 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1043 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1042 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1041 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1040 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1039 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1038 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1037 (WebKit, as used in Apple iOS before 7, allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1036 (Safari in Apple iOS before 7 allows remote attackers to execute ...)
	NOT-FOR-US: Apple iOS
CVE-2013-1035 (The iTunes ActiveX control in Apple iTunes before 11.1 allows remote ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Wiki Server in ...)
	NOT-FOR-US: Apple Mac OS X Server
CVE-2013-1033 (Screen Lock in Apple Mac OS X before 10.8.5 does not properly track ...)
	NOT-FOR-US: Screen Lock in Apple Mac OS X
CVE-2013-1032 (QuickTime in Apple Mac OS X before 10.8.5 allows remote attackers to ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2013-1031 (Power Management in Apple Mac OS X before 10.8.5 does not properly ...)
	NOT-FOR-US: Power Management in Apple Mac OS X
CVE-2013-1030 (mdmclient in Mobile Device Management in Apple Mac OS X before 10.8.5 ...)
	NOT-FOR-US: Mobile Device Management in Apple Mac OS X
CVE-2013-1029 (The kernel in Apple Mac OS X before 10.8.5 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1028 (The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1027 (Installer in Apple Mac OS X before 10.8.5 provides an option to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1026 (Buffer overflow in ImageIO in Apple Mac OS X before 10.8.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1025 (Buffer overflow in CoreGraphics in Apple Mac OS X before 10.8.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-1024 (CoreMedia Playback in Apple Mac OS X before 10.8.4 does not properly ...)
	NOT-FOR-US: CoreMedia Playback
CVE-2013-1023 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1022 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1021 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1020 (Apple QuickTime before 7.7.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1019 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1018 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1017 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1016 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1015 (Apple QuickTime before 7.7.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-1014 (Apple iTunes before 11.0.3 does not properly verify X.509 ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1013 (XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1012 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1011 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1010 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1009 (WebKit, as used in Apple Safari before 6.0.5, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-1008 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1007 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1006 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1005 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1004 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1003 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1002 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1001 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-1000 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0999 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0998 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0997 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0996 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0995 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0994 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0993 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0992 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0991 (WebKit, as used in Apple iTunes before 11.0.3, allows ...)
	NOT-FOR-US: Apple iTunes
CVE-2013-0990 (SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, ...)
	NOT-FOR-US: Apple
CVE-2013-0989 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0988 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0987 (Apple QuickTime before 7.7.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0986 (Buffer overflow in Apple QuickTime before 7.7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2013-0985 (Disk Management in Apple Mac OS X before 10.8.4 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0984 (Directory Service in Apple Mac OS X through 10.6.8 allows remote ...)
	NOT-FOR-US: Mac OS Server
CVE-2013-0983 (Stack consumption vulnerability in CoreAnimation in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0982 (The Private Browsing feature in CFNetwork in Apple Mac OS X before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0981 (The IOUSBDeviceFamily driver in the USB implementation in the kernel ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0980 (The Passcode Lock implementation in Apple iOS before 6.1.3 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0979 (lockdownd in Lockdown in Apple iOS before 6.1.3 does not properly ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0978 (The ARM prefetch abort handler in the kernel in Apple iOS before 6.1.3 ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0977 (dyld in Apple iOS before 6.1.3 and Apple TV before 5.2.1 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0976 (IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0975 (Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2013-0974 (StoreKit in Apple iOS before 6.1 does not properly handle the ...)
	NOT-FOR-US: Apple StoreKit
CVE-2013-0973 (Software Update in Apple Mac OS X through 10.7.5 does not prevent ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0972
	RESERVED
CVE-2013-0971 (Use-after-free vulnerability in PDFKit in Apple Mac OS X before 10.8.3 ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0970 (Messages in Apple Mac OS X before 10.8.3 allows remote attackers to ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0969 (Login Window in Apple Mac OS X before 10.8.3 does not prevent ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0968 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0967 (CoreTypes in Apple Mac OS X before 10.8.3 includes JNLP files in the ...)
	NOT-FOR-US: Mac OS X
CVE-2013-0966 (The Apple mod_hfs_apple module for the Apache HTTP Server in Apple Mac ...)
	NOT-FOR-US: Apple mod_hfs_apple
CVE-2013-0965
	RESERVED
CVE-2013-0964 (The kernel in Apple iOS before 6.1 and Apple TV before 5.2 does not ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0963 (Identity Services in Apple iOS before 6.1 does not properly handle ...)
	NOT-FOR-US: Identity Services in Apple iOS
CVE-2013-0962 (Cross-site scripting (XSS) vulnerability in WebKit in Apple iOS before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0961 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0960 (WebKit in Apple Safari before 6.0.3 allows remote attackers to execute ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0959 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0958 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0957 (Data Protection in Apple iOS before 7 allows attackers to bypass ...)
	NOT-FOR-US: Apple iOS
CVE-2013-0956 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0955 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0954 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0953 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0952 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0951 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0950 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0949 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0948 (WebKit, as used in Apple iOS before 6.1, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2013-0947 (EMC RSA Authentication Manager 8.0 before P1 allows local users to ...)
	NOT-FOR-US: EMC
CVE-2013-0946 (Buffer overflow in the Library Control Program (LCP) in EMC AlphaStor ...)
	NOT-FOR-US: EMC
CVE-2013-0945 (EMC Avamar Client before 6.1.101-89 does not verify that the server ...)
	NOT-FOR-US: EMC Avamar
CVE-2013-0944 (The web-based file-restore interface in EMC Avamar Server before 6.1.0 ...)
	NOT-FOR-US: EMC Avamar
CVE-2013-0943 (EMC NetWorker 7.6.x and 8.x before 8.1 allows local users to obtain ...)
	NOT-FOR-US: EMC
CVE-2013-0942 (Cross-site scripting (XSS) vulnerability in EMC RSA Authentication ...)
	NOT-FOR-US: EMC RSA Authentication Agent
CVE-2013-0941 (EMC RSA Authentication API before 8.1 SP1, RSA Web Agent before 5.3.5 ...)
	NOT-FOR-US: EMC
CVE-2013-0940 (The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and ...)
	NOT-FOR-US: EMC NetWorker
CVE-2013-0939 (EMC Documentum Webtop before 6.7 SP2, Documentum WDK before 6.7 SP2, ...)
	NOT-FOR-US: EMC
CVE-2013-0938 (Cross-site scripting (XSS) vulnerability in EMC Documentum Webtop ...)
	NOT-FOR-US: EMC
CVE-2013-0937 (Session fixation vulnerability in EMC Documentum Webtop before 6.7 ...)
	NOT-FOR-US: EMC
CVE-2013-0936 (Cross-site scripting (XSS) vulnerability in EMC Smarts IP Manager, ...)
	NOT-FOR-US: EMC
CVE-2013-0935 (EMC Smarts Network Configuration Manager (NCM) before 9.2 does not ...)
	NOT-FOR-US: EMC
CVE-2013-0934 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...)
	NOT-FOR-US: EMC
CVE-2013-0933 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
	NOT-FOR-US: EMC
CVE-2013-0932 (EMC RSA Archer 5.x before GRC 5.3SP1, and Archer Smart Suite Framework ...)
	NOT-FOR-US: EMC
CVE-2013-0931 (EMC RSA Authentication Agent 7.1.x before 7.1.2 on Windows does not ...)
	NOT-FOR-US: EMC RSA
CVE-2013-0930 (Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 ...)
	NOT-FOR-US: EMC AlphaStor
CVE-2013-0929 (Format string vulnerability in the _vsnsprintf function in rrobotd.exe ...)
	NOT-FOR-US: EMC AlphaStor
CVE-2013-0928 (The NetWorker command processor in rrobotd.exe in the Device Manager ...)
	NOT-FOR-US: EMC AlphaStor
CVE-2013-0927 (Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c ...)
	NOT-FOR-US: Chrome OS
CVE-2013-0926 (Google Chrome before 26.0.1410.43 does not properly handle active ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0925 (Google Chrome before 26.0.1410.43 does not ensure that an extension ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0924 (The extension functionality in Google Chrome before 26.0.1410.43 does ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0923 (The USB Apps API in Google Chrome before 26.0.1410.43 allows remote ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0922 (Google Chrome before 26.0.1410.43 does not properly restrict ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0921 (The Isolated Sites feature in Google Chrome before 26.0.1410.43 does ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0920 (Use-after-free vulnerability in the extension bookmarks API in Google ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0919 (Use-after-free vulnerability in Google Chrome before 26.0.1410.43 on ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0918 (Google Chrome before 26.0.1410.43 does not prevent navigation to ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0917 (The URL loader in Google Chrome before 26.0.1410.43 allows remote ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0916 (Use-after-free vulnerability in the Web Audio implementation in Google ...)
	- chromium-browser 26.0.1410.43-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0915 (The GPU process in Google Chrome OS before 25.0.1364.173 allows ...)
	NOT-FOR-US: Overflow in Chrome-specific libs
CVE-2013-0914 (The flush_signal_handlers function in kernel/signal.c in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.41-1 (low)
	- linux-2.6 <removed> (low)
CVE-2013-0913 (Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the ...)
	- linux 3.2.41-2
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code was introduced later)
CVE-2013-0912 (WebKit in Google Chrome before 25.0.1364.160 allows remote attackers ...)
	- chromium-browser 25.0.1364.160-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0911 (Directory traversal vulnerability in Google Chrome before ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0910 (Google Chrome before 25.0.1364.152 does not properly manage the ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0909 (The XSS Auditor in Google Chrome before 25.0.1364.152 allows remote ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0908 (Google Chrome before 25.0.1364.152 does not properly manage bindings ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0907 (Race condition in Google Chrome before 25.0.1364.152 allows remote ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0906 (The IndexedDB implementation in Google Chrome before 25.0.1364.152 ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0905 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0904 (The Web Audio implementation in Google Chrome before 25.0.1364.152 ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0903 (Use-after-free vulnerability in Google Chrome before 25.0.1364.152 ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0902 (Use-after-free vulnerability in the frame-loader implementation in ...)
	- chromium-browser 25.0.1364.152-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0901
	RESERVED
CVE-2013-0900 (Race condition in the International Components for Unicode (ICU) ...)
	{DSA-2786-1}
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
	- icu 4.8.1.1-12 (low; bug #702346)
	[squeeze] - icu <no-dsa> (Minor issue for standalone ICU outside of browser context)
CVE-2013-0899 (Integer overflow in the padding implementation in the ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
	- opus 0.9.14+20120615-1+nmu1 (bug #704870)
CVE-2013-0898 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0897 (Off-by-one error in the PDF functionality in Google Chrome before ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0896 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0895 (Google Chrome before 25.0.1364.97 on Linux, and before 25.0.1364.99 on ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0894 (Buffer overflow in the vorbis_parse_setup_hdr_floors function in the ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1 (bug #703200)
CVE-2013-0893 (Race condition in Google Chrome before 25.0.1364.97 on Windows and ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0892 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0891 (Integer overflow in Google Chrome before 25.0.1364.97 on Windows and ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0890 (Multiple unspecified vulnerabilities in the IPC layer in Google Chrome ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0889 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0888 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0887 (The developer-tools process in Google Chrome before 25.0.1364.97 on ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0886 (Google Chrome before 25.0.1364.99 on Mac OS X does not properly ...)
	- chromium-browser <not-affected> (Mac OS X only)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0885 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0884 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0883 (Skia, as used in Google Chrome before 25.0.1364.97 on Windows and ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0882 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0881 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0880 (Use-after-free vulnerability in Google Chrome before 25.0.1364.97 on ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0879 (Google Chrome before 25.0.1364.97 on Windows and Linux, and before ...)
	- chromium-browser 25.0.1364.97-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0878 (The advance_line function in libavcodec/targa.c in FFmpeg before 1.1.3 ...)
	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected code not present in libav)
CVE-2013-0877 (The old_codec37 function in libavcodec/sanm.c in FFmpeg before 1.1.3 ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0876 (Multiple integer overflows in the (1) old_codec37 and (2) old_codec47 ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0875 (The ff_add_png_paeth_prediction function in libavcodec/pngdec.c in ...)
	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected code not present in libav)
CVE-2013-0874 (The (1) doubles2str and (2) shorts2str functions in libavcodec/tiff.c ...)
	- ffmpeg <not-affected> (Affected code not present in 0.5 ffmpeg)
	- libav <not-affected> (Affected code not present in libav)
CVE-2013-0873 (The read_header function in libavcodec/shorten.c in FFmpeg before ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1 (bug #717009)
	NOTE: Commit in libav trunk http://git.libav.org/?p=libav.git;a=commit;h=c10da30d8426a1f681d99a780b6e311f7fb4e5c5
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=4f1279154ee9baf2078241bf5619774970d18b25
	NOTE: Fix needed for ffmpeg 0.5
CVE-2013-0872 (The swr_init function in libswresample/swresample.c in FFmpeg before ...)
	- ffmpeg <not-affected> (libswresample not yet present in ffmpeg/0.5)
	- libav <not-affected> (libswresample not present in libav, linavresamle not affected)
CVE-2013-0871 (Race condition in the ptrace functionality in the Linux kernel before ...)
	{DSA-2632-1}
	- linux 3.2.39-1
	- linux-2.6 <removed>
CVE-2013-0870 (The 'vp3_decode_frame' function in FFmpeg 1.1.4 moves threads check ...)
	- ffmpeg <not-affected> (No threading support in vp3 from ffmpeg 0.5)
	- libav <not-affected> (Vulnerable code added in ffmpeg post-merge)
CVE-2013-0869 (The field_end function in libavcodec/h264.c in FFmpeg before 1.1.2 ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commit;h=706acb558a38eba633056773280155d66c2f4b24
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=695af8eed642ff0104834495652d1ee784a4c14d
	NOTE: Fix needed in ffmpeg 0.5
CVE-2013-0868 (libavcodec/huffyuvdec.c in FFmpeg before 1.1.2 allows remote attackers ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f67a0d115254461649470452058fa3c28c0df294
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0dfc01c2bbf4b71bb56201bc4a393321e15d1b31
CVE-2013-0867 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav <not-affected> (Code in libav is different/not affect as per libav h264 maintainer)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=11c99c78bafa77f679a1a3ba06ad00984b9a4cae
CVE-2013-0866 (The aac_decode_init function in libavcodec/aacdec.c in FFmpeg before ...)
	{DSA-2793-1}
	- ffmpeg <not-affected> (Code in 0.5 is different/not affected)
	- libav 6:0.8.7-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=96f452ac647dae33c53c242ef3266b65a9beafb6
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a943a132f36f4df8fe2f749744677b71984abce7
CVE-2013-0865 (The vqa_decode_chunk function in libavcodec/vqavideo.c in FFmpeg ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.8-1 (bug #717009)
	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=f7d18deb73d1dd1b27b2c7062c9a10d168a6c62a
CVE-2013-0864 (The gif_copy_img_rect function in libavcodec/gifdec.c in FFmpeg before ...)
	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
CVE-2013-0863 (Buffer overflow in the rle_decode function in libavcodec/sanm.c in ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0862 (Multiple integer overflows in the process_frame_obj function in ...)
	- ffmpeg <not-affected> (Smush codec not present in 0.5 ffmpeg)
	- libav <not-affected> (Smush codec not present in libav)
CVE-2013-0861 (The avcodec_decode_audio4 function in libavcodec/utils.c in FFmpeg ...)
	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
	- libav <not-affected> (Affected code not present in libav 0.8.x)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d270c3202539e8364c46410e15f7570800e33343
	NOTE: Affects the libav version in experimental
CVE-2013-0860 (The ff_er_frame_end function in libavcodec/error_resilience.c in ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.1-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=23318a57358358e7a4dc551e830e4503f0638cfe
	NOTE: [Vittorio] not present in master and 10, fix pushed to 9 and 0.8
CVE-2013-0859 (The add_doubles_metadata function in libavcodec/tiff.c in FFmpeg ...)
	- ffmpeg <not-affected> (These changes are specific to current ffmpeg and don't affect ffmpeg 0.5)
	- libav <not-affected> ((These changes are specific to ffmpeg and don't affect libav)
CVE-2013-0858 (The atrac3_decode_init function in libavcodec/atrac3.c in FFmpeg ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.9-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=13451f5520ce6b0afde861b2285dda659f8d4fb4
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=50cf5a7fb78846fc39b3ecdaa896a10bcd74da2a
	NOTE: Fixed in 0.8.9
CVE-2013-0857 (The decode_frame_ilbm function in libavcodec/iff.c in FFmpeg before ...)
	{DSA-2793-1}
	- ffmpeg <not-affected> (IFF PBM/ILBM bitmap decoder not present in 0.5 ffmpeg)
	- libav 6:9.9-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=2fbb37b51bbea891392ad357baf8f3dff00bac05
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=7d65e960c72f36b73ae7fe84f8e427d758e61da9
	NOTE: Fixed in 0.8.9
CVE-2013-0856 (The lpc_prediction function in libavcodec/alac.c in FFmpeg before 1.1 ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.10-1
	[wheezy] - libav <not-affected> (Vulnerable code not present)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=fd4f4923cce6a2cbf4f48640b4ac706e614a1594
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=78aa2ed620178044a227fbbe48f749c0dc86023f
CVE-2013-0855 (Integer overflow in the alac_decode_close function in ...)
	- ffmpeg <not-affected> (0.5 series not affected)
	- libav 6:9.9-1 (bug #717009)
	[wheezy] - libav <not-affected> (0.8 series not affected)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3920d1387834e2bc334aff9f518f4beb24e470bd
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=f7c5883126f9440547933eefcf000aa78af4821c
CVE-2013-0854 (The mjpeg_decode_scan_progressive_ac function in libavcodec/mjpegdec.c ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.8-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1f41cffe1e3e79620f587545bdfcbd7e6e68ed29
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=cfbd98abe82cfcb9984a18d08697251b72b110c8
CVE-2013-0853 (The wavpack_decode_frame function in libavcodec/wavpack.c in FFmpeg ...)
	{DSA-2793-1}
	- ffmpeg <not-affected> (Vulnerability introduced later)
	- libav 6:0.8.8-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=be818df547c3b0ae4fadb50fd210139a8636706a
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=ed50673066956d6f2201a57c3254569f2ab08d9d
CVE-2013-0852 (The parse_picture_segment function in libavcodec/pgssubdec.c in FFmpeg ...)
	{DSA-3003-1}
	- ffmpeg <not-affected> (PGS subtitle decoder not present)
	- libav 6:10.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=c0d68be555f5858703383040e04fcd6529777061
CVE-2013-0851 (The decode_frame function in libavcodec/eamad.c in FFmpeg before 1.1 ...)
	{DSA-3003-1}
	- ffmpeg <not-affected> (Electronic Arts Madcow Video decoder not present in ffmpeg 0.5)
	- libav 6:10.3-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=63ac64864c6e0e84355aa3caa5b92208997a9a8d
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=f9204ec56a4cf73843d1e5b8563d3584c2c05b47 (v10)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=e8ff7972064631afbdf240ec6bfd9dec30cf2ce8 (v9)
	NOTE: https://git.libav.org/?p=libav.git;a=commit;h=187cfd3c13a1deb47661486824a5b8f41e158a7a (v0.8)
CVE-2013-0850 (The decode_slice_header function in libavcodec/h264.c in FFmpeg before ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.7-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=d6c184880ee2e09fd68c0ae217173832cee5afc1
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6e5cdf26281945ddea3aaf5eca4d127791f23ca8
CVE-2013-0849 (The roq_decode_init function in libavcodec/roqvideodec.c in FFmpeg ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.3-1 (bug #717009)
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=3ae610451170cd5a28b33950006ff0bd23036845
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=488f87be873506abb01d67708a67c10a4dd29283
CVE-2013-0848 (The decode_init function in libavcodec/huffyuv.c in FFmpeg before 1.1 ...)
	{DSA-3003-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:10.4-1
	NOTE: Fix in ffmpeg: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=6abb9a901fca27da14d4fffbb01948288b5da3ba
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=a7153444df9040bf6ae103e0bbf6104b66f974cb
CVE-2013-0847 (The ff_id3v2_parse function in libavformat/id3v2.c in FFmpeg before ...)
	- ffmpeg <not-affected> (Affected code not present in ffmpeg 0.5)
	- libav <not-affected> (Code in libav is different, read_ttag)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=10416a4d56fa8a89784e4fb62099c3cab17a9952
CVE-2013-0846 (Array index error in the qdm2_decode_super_block function in ...)
	{DSA-2855-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.3-1 (bug #717009)
	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=a7ee6281f7ef1c29284e3a4cadfe0f227ffde1ed
	NOTE: libav commit: http://git.libav.org/?p=libav.git;a=commit;h=39bec05ed42e505d17877b0c23f16322f9b5883b
	NOTE: Needed for ffmpeg 0.5
CVE-2013-0845 (libavcodec/alsdec.c in FFmpeg before 1.0.4 allows remote attackers to ...)
	{DSA-2855-1}
	- ffmpeg <not-affected> (MPEG-4 ALS decoder not present in ffmpeg/0.5)
	- libav 6:9.11-1
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=0ceca269b66ec12a23bf0907bd2c220513cdbf16
	NOTE: Fixed in revisions: v9-2748-g2a0fb72, v9.10-7-g3f7d890
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=2a0fb72
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=3f7d890
CVE-2013-0844 (Off-by-one error in the adpcm_decode_frame function in ...)
	{DSA-2793-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:9.10-1
	NOTE: ffmpeg commit: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=f18c873ab5ee3c78d00fdcc2582b39c133faecb4
	NOTE: libav commit: https://git.libav.org/?p=libav.git;a=commitdiff;h=12576afe206d35231ccd61f9033c5fdab6a11e
	NOTE: Fixed in 0.8.9
CVE-2013-0843 (content/renderer/media/webrtc_audio_renderer.cc in Google Chrome ...)
	- chromium-browser <not-affected> (MacOS-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0842 (Google Chrome before 24.0.1312.56 does not properly handle %00 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0841 (Array index error in the content-blocking functionality in Google ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0840 (Google Chrome before 24.0.1312.56 does not validate URLs during the ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0839 (Use-after-free vulnerability in Google Chrome before 24.0.1312.56 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0838 (Google Chrome before 24.0.1312.52 on Linux uses weak permissions for ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0837 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0836 (Google V8 before 3.14.5.3, as used in Google Chrome before ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 <not-affected> (bug #702261; vulnerablility was fixed by reverting to old implementation as found in version 3.8.9.20)
CVE-2013-0835 (Unspecified vulnerability in the Geolocation implementation in Google ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0834 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0833 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0832 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0831 (Directory traversal vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0830 (The IPC layer in Google Chrome before 24.0.1312.52 on Windows omits a ...)
	- chromium-browser <not-affected> (Only affects Windows)
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0829 (Google Chrome before 24.0.1312.52 does not properly maintain database ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2013-0828 (The PDF functionality in Google Chrome before 24.0.1312.52 does not ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-6498 (Unrestricted file upload vulnerability in index.php in Atomymaxsite ...)
	NOT-FOR-US: Atomymaxsite
CVE-2013-0827
	RESERVED
CVE-2013-0826
	RESERVED
CVE-2013-0825
	RESERVED
CVE-2013-0824
	RESERVED
CVE-2013-0823
	RESERVED
CVE-2013-0822
	RESERVED
CVE-2013-0821
	RESERVED
CVE-2013-0820
	RESERVED
CVE-2013-0819
	RESERVED
CVE-2013-0818
	RESERVED
CVE-2013-0817
	RESERVED
CVE-2013-0816
	RESERVED
CVE-2013-0815
	RESERVED
CVE-2013-0814
	RESERVED
CVE-2013-0813
	RESERVED
CVE-2013-0812
	RESERVED
CVE-2013-0811 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0810 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2013-0809 (Unspecified vulnerability in the 2D component in the Java Runtime ...)
	- openjdk-6 6b27-1.12.4-1
	- openjdk-7 7u3-2.1.7-1
CVE-2013-0808
	RESERVED
CVE-2013-0807 (Cross-site scripting (XSS) vulnerability in the NewSectionPrompt ...)
	NOT-FOR-US: gpEasy CMS
CVE-2013-0806
	RESERVED
CVE-2013-0805 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
	NOT-FOR-US: IT Operations Portal
CVE-2013-0804 (The client in Novell GroupWise 8.0 before 8.0.3 HP2 and 2012 before ...)
	NOT-FOR-US: GroupWise
CVE-2013-0803
	RESERVED
CVE-2012-6497 (The Authlogic gem for Ruby on Rails, when used with certain versions ...)
	{DSA-2597-1}
	- ruby-activerecord-3.2 3.2.6-3
	- ruby-activerecord-2.3 2.3.14-3
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-6496 (SQL injection vulnerability in the Active Record component in Ruby on ...)
	{DSA-2597-1}
	- ruby-activerecord-3.2 3.2.6-3
	- ruby-activerecord-2.3 2.3.14-3
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-0802
	RESERVED
CVE-2013-0801 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2720-1 DSA-2699-1}
	- iceweasel 17.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0800 (Integer signedness error in the pixman_fill_sse2 function in ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
	- wine-gecko-1.4 <unfixed> (unimportant)
	NOTE: The description is misleading: Firefox embeds a copy of Cairo, the interdiff
	NOTE: shows the respective change at mozilla-esr17/gfx/cairo/cairo/src/cairo-image-surface.c
	NOTE: Apparently the forked copy has changed, the code isn't present in vanilla Cairo
CVE-2013-0799 (Buffer overflow in the Mozilla Maintenance Service in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2013-0798 (Mozilla Firefox before 20.0 on Android uses world-writable and ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2013-0797 (Untrusted search path vulnerability in the Mozilla Updater in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2013-0796 (The WebGL subsystem in Mozilla Firefox before 20.0, Firefox ESR 17.x ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0795 (The System Only Wrapper (SOW) implementation in Mozilla Firefox before ...)
	{DSA-2720-1 DSA-2699-1}
	- icedove 17.0.7-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0794 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17 do not prevent ...)
	- iceweasel 17.0.5esr-1 (low)
	[squeeze] - iceweasel <end-of-life>
	- iceape <removed> (low)
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0793 (Mozilla Firefox before 20.0, Firefox ESR 17.x before 17.0.5, ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0792 (Mozilla Firefox before 20.0 and SeaMonkey before 2.17, when ...)
	- iceweasel 17.0.5esr-1 (low)
	[squeeze] - iceweasel <end-of-life>
	- iceape <removed> (low)
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0791 (The CERT_DecodeCertPackage function in Mozilla Network Security ...)
	- nss 2:3.14.3-1 (unimportant)
	NOTE: client crash only
CVE-2013-0790 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox on Android)
CVE-2013-0789 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 19)
	- icedove <not-affected> (Only affects Firefox 19)
	- iceape <not-affected> (Only affects Firefox 19)
CVE-2013-0788 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1
	[squeeze] - iceweasel <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0787 (Use-after-free vulnerability in the nsEditor::IsPreformatted function ...)
	{DSA-2699-1}
	[squeeze] - iceweasel <end-of-life>
	- iceweasel 17.0.5esr-1
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0786 (The Bugzilla::Search::build_subselect function in Bugzilla 2.x and 3.x ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2013-0785 (Cross-site scripting (XSS) vulnerability in show_bug.cgi in Bugzilla ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2013-0784 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0783 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0782 (Heap-based buffer overflow in the nsSaveAsCharset::DoCharsetConversion ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0781 (Use-after-free vulnerability in the nsPrintEngine::CommonPrint ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0780 (Use-after-free vulnerability in the ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0779 (The nsCodingStateMachine::NextState function in Mozilla Firefox before ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0778 (The ClusterIterator::NextCluster function in Mozilla Firefox before ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0777 (Use-after-free vulnerability in the nsDisplayBoxShadowOuter::Paint ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0776 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0775 (Use-after-free vulnerability in the ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0774 (Mozilla Firefox before 19.0, Firefox ESR 17.x before 17.0.3, ...)
	- iceape <not-affected> (Introduced in Firefox 15)
	- iceweasel <not-affected> (Introduced in Firefox 15)
	- icedove <not-affected> (Introduced in Firefox 15)
CVE-2013-0773 (The Chrome Object Wrapper (COW) and System Only Wrapper (SOW) ...)
	{DSA-2699-1}
	- iceweasel 17.0.5esr-1 (bug #703071)
	[squeeze] - iceweasel <end-of-life>
	- icedove 17.0.5-1
	[squeeze] - icedove <end-of-life>
	- iceape <removed>
	[squeeze] - iceape <end-of-life>
	[wheezy] - iceape <end-of-life>
CVE-2013-0772 (The RasterImage::DrawFrameTo function in Mozilla Firefox before 19.0, ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0771 (Heap-based buffer overflow in the ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0770 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0769 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 10.0.12-1
	[squeeze] - icedove <end-of-life>
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0768 (Stack-based buffer overflow in the Canvas implementation in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0767 (The nsSVGPathElement::GetPathLengthScale function in Mozilla Firefox ...)
	[squeeze] - iceweasel <end-of-life>
	- iceweasel 10.0.12esr-1
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0766 (Use-after-free vulnerability in the ~nsHTMLEditRules implementation in ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0765 (Mozilla Firefox before 19.0, Thunderbird before 17.0.3, and SeaMonkey ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0764 (The nsSOCKSSocketInfo::ConnectToProxy function in Mozilla Firefox ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0763 (Use-after-free vulnerability in Mozilla Firefox before 18.0, Firefox ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0762 (Use-after-free vulnerability in the imgRequest::OnStopFrame function ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0761 (Use-after-free vulnerability in the ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0760 (Buffer overflow in the CharDistributionAnalysis::HandleOneChar ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0759 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0758 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0757 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0756 (Use-after-free vulnerability in the obj_toSource function in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0755 (Use-after-free vulnerability in the mozVibrate implementation in the ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0754 (Use-after-free vulnerability in the ListenerManager implementation in ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0753 (Use-after-free vulnerability in the serializeToStream implementation ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 10.0.12-1
	[squeeze] - icedove <end-of-life>
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0752 (Mozilla Firefox before 18.0, Firefox ESR 17.x before 17.0.2, ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0751 (Mozilla Firefox before 18.0 on Android and SeaMonkey before 2.15 do ...)
	- iceape <not-affected> (Android-specific)
	- iceweasel <not-affected> (Android-specific)
	- icedove <not-affected> (Android-specific)
CVE-2013-0750 (Integer overflow in the JavaScript implementation in Mozilla Firefox ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0749 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0748 (The XBL.__proto__.toString implementation in Mozilla Firefox before ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0747 (The gPluginHandler.handleEvent function in the plugin handler in ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0746 (Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	[squeeze] - icedove <end-of-life>
	- icedove 10.0.12-1
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0745 (The AutoWrapperChanger class in Mozilla Firefox before 18.0, Firefox ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2013-0744 (Use-after-free vulnerability in the ...)
	- iceweasel 10.0.12esr-1
	[squeeze] - iceweasel <end-of-life>
	- icedove 10.0.12-1
	[squeeze] - icedove <end-of-life>
	- iceape 2.7.12-1
	[squeeze] - iceape <end-of-life>
CVE-2013-0743
	REJECTED
CVE-2013-0742 (Stack-based buffer overflow in Corel PDF Fusion 1.11 allows remote ...)
	NOT-FOR-US: Corel PDF Fusion
CVE-2013-0741 (Cross-site scripting (XSS) vulnerability in imagegen.ashx in ...)
	NOT-FOR-US: Percipient Studios ImageGen
CVE-2013-0740 (Open redirect vulnerability in Dell OpenManage Server Administrator ...)
	NOT-FOR-US: Dell OpenManage Server Administrator
CVE-2013-0739
	RESERVED
CVE-2013-0738
	RESERVED
CVE-2013-0737
	RESERVED
CVE-2013-0736 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: mingle forum plugin for wp
CVE-2013-0735 (Multiple SQL injection vulnerabilities in wpf.class.php in the Mingle ...)
	NOT-FOR-US: Mingle Forum Wordpress plugin
CVE-2013-0734 (Multiple cross-site scripting (XSS) vulnerabilities in the Mingle ...)
	NOT-FOR-US: Mingle Forum Wordpress plugin
CVE-2013-0733 (Untrusted search path vulnerability in Corel PaintShop Pro X5 and X6 ...)
	NOT-FOR-US: Corel PaintShop Pro
CVE-2013-0732 (Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2013-0731 (ajax.functions.php in the MailUp plugin before 1.3.3 for WordPress ...)
	NOT-FOR-US: MailUp plugin for Wordpress
CVE-2013-0730 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 4.x ...)
	NOT-FOR-US: Newscoop
CVE-2013-0729 (Heap-based buffer overflow in Tracker Software PDF-XChange before ...)
	NOT-FOR-US: Tracker Software PDF-XChange
CVE-2013-0728 (Multiple stack-based buffer overflows in NCSAddOn.dll in the ERDAS ...)
	NOT-FOR-US: ERDAS ECWP Browser Plugin
CVE-2013-0727 (Multiple untrusted search path vulnerabilities in Global Mapper 14.1.0 ...)
	NOT-FOR-US: Global Mapper
CVE-2013-0726 (Stack-based buffer overflow in the ERM_convert_to_correct_webpath ...)
	NOT-FOR-US: ERDAS ER Viewer
CVE-2013-0725
	RESERVED
CVE-2013-0724 (PHP remote file inclusion vulnerability in includes/generate-pdf.php ...)
	NOT-FOR-US: Wordpress plugin ecommerce Shop Styling
CVE-2013-0723 (Multiple heap-based buffer overflows in etxrw.dll in Kingsoft ...)
	NOT-FOR-US: Kingsoft Spreadsheets
CVE-2013-0722 (Stack-based buffer overflow in the scan_load_hosts function in ...)
	- ettercap 1:0.7.5.1-2 (low; bug #697987)
	[squeeze] - ettercap 1:0.7.3-2.1+squeeze1
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/10/2
	NOTE: http://www.exploit-db.com/exploits/23945/
	NOTE: https://secunia.com/advisories/51731/
	NOTE: Proposed patch http://www.securation.com/files/2013/01/ec.patch
CVE-2012-6495 (Multiple directory traversal vulnerabilities in the (1) twikidraw ...)
	{DSA-2593-1}
	- moin 1.9.5-3
	[wheezy] - moin 1.9.4-8+deb7u1
CVE-2012-6494
	RESERVED
CVE-2012-6493 (Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose ...)
	NOT-FOR-US: Rapid7 Nexpose Security Console
CVE-2012-6492
	RESERVED
CVE-2012-6491
	RESERVED
CVE-2012-6490
	RESERVED
CVE-2012-6489
	RESERVED
CVE-2012-6488
	RESERVED
CVE-2012-6487
	RESERVED
CVE-2012-6486
	RESERVED
CVE-2012-6485
	RESERVED
CVE-2012-6484
	RESERVED
CVE-2012-6483
	RESERVED
CVE-2012-6482
	RESERVED
CVE-2012-6481
	RESERVED
CVE-2012-6480
	RESERVED
CVE-2012-6479
	RESERVED
CVE-2012-6478
	RESERVED
CVE-2012-6477
	RESERVED
CVE-2012-6476
	RESERVED
CVE-2012-6475
	RESERVED
CVE-2012-6474
	RESERVED
CVE-2012-6473
	RESERVED
CVE-2013-0721 (wp-php-widget.php in the WP PHP widget plugin 1.0.2 for WordPress ...)
	NOT-FOR-US: WordPress plugin
CVE-2013-0720 (The COBIME application before 0.9.4 for Android uses weak permissions ...)
	NOT-FOR-US: COBIME
CVE-2013-0719 (The ArtIME Japanese Input application 1.1.2 and earlier for Android ...)
	NOT-FOR-US: ArtIME Japanese Input application
CVE-2013-0718 (The Simeji application 4.8.1 and earlier for Android uses weak ...)
	NOT-FOR-US: Simeji
CVE-2013-0717 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: NEC Aterm routers
CVE-2013-0716 (The web server in Wind River VxWorks 5.5 through 6.9 allows remote ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0715 (The WebCLI component in Wind River VxWorks 5.5 through 6.9 allows ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0714 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0713 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0712 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0711 (IPSSH (aka the SSH server) in Wind River VxWorks 6.5 through 6.9 ...)
	NOT-FOR-US: Wind River VxWorks
CVE-2013-0710 (Buffer overflow in Kingsoft Writer 2007 and 2010 before 2724 allows ...)
	NOT-FOR-US: Kingsoft Writer
CVE-2013-0709 (Cross-site scripting (XSS) vulnerability in dopvSTAR* 0091 allows ...)
	NOT-FOR-US: Bayashi dopvSTAR
CVE-2013-0708 (Cross-site scripting (XSS) vulnerability in dopvCOMET* 0009b allows ...)
	NOT-FOR-US: Bayashi dopvCOMET
CVE-2013-0707 (Unspecified vulnerability in JustSystems Ichitaro 2006 and 2007, ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2013-0706 (NEC Universal RAID Utility 1.40 Rev 680 and earlier, 2.31 Rev 1492 and ...)
	NOT-FOR-US: NEC Universal RAID Utility
CVE-2013-0705 (Directory traversal vulnerability in LSI 3ware Disk Manager (3DM) ...)
	NOT-FOR-US: LSI 3ware Disk Manager
CVE-2013-0704 (Directory traversal vulnerability in the GREE application before 1.3.3 ...)
	NOT-FOR-US: GREE Android app
CVE-2013-0703 (Cross-site scripting (XSS) vulnerability in imgboard.com imgboard ...)
	NOT-FOR-US: imgboard
CVE-2013-0702 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2013-0701 (SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2012-6472 (Opera before 12.12 on UNIX uses weak permissions for the profile ...)
	NOT-FOR-US: Opera
CVE-2012-6471 (Opera before 12.12 allows remote attackers to spoof the address field ...)
	NOT-FOR-US: Opera
CVE-2012-6470 (Opera before 12.12 does not properly allocate memory for GIF images, ...)
	NOT-FOR-US: Opera
CVE-2012-6469 (Opera before 12.11 allows remote attackers to determine the existence ...)
	NOT-FOR-US: Opera
CVE-2012-6468 (Heap-based buffer overflow in Opera before 12.11 allows remote ...)
	NOT-FOR-US: Opera
CVE-2012-6467 (Opera before 12.10 follows Internet shortcuts that are referenced by a ...)
	NOT-FOR-US: Opera
CVE-2012-6466 (Opera before 12.10 does not properly handle incorrect size data in a ...)
	NOT-FOR-US: Opera
CVE-2012-6465 (Opera before 12.10 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2012-6464 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...)
	NOT-FOR-US: Opera
CVE-2012-6463 (Cross-site scripting (XSS) vulnerability in Opera before 12.10 allows ...)
	NOT-FOR-US: Opera
CVE-2012-6462 (Opera before 12.10 does not properly implement the Cross-Origin ...)
	NOT-FOR-US: Opera
CVE-2012-6461 (The X.509 certificate-validation functionality in the https ...)
	NOT-FOR-US: Opera
CVE-2012-6460 (Opera before 11.67 and 12.x before 12.02 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2012-6459 (ConnMan 1.3 on Tizen continues to list the bluetooth service after ...)
	- connman 1.0-1.1 (bug #697580)
	[wheezy] - connman 1.0-1.1+wheezy1
	[squeeze] - connman <no-dsa> (Minor issue)
CVE-2012-6458 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- silverstripe <itp> (bug #528461)
CVE-2012-6457
	RESERVED
CVE-2012-6456
	RESERVED
CVE-2012-6455
	RESERVED
CVE-2012-6454
	RESERVED
CVE-2012-6452 (Axway Secure Messenger before 6.5 Updated Release 7, as used in Axway ...)
	NOT-FOR-US: Axway Secure Messenger
CVE-2012-6451
	RESERVED
CVE-2012-6450
	RESERVED
CVE-2012-6449
	RESERVED
CVE-2012-6448
	RESERVED
CVE-2012-6447 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 ...)
	NOT-FOR-US: Splunk
CVE-2012-6446
	RESERVED
CVE-2012-6445
	RESERVED
CVE-2012-6444
	RESERVED
CVE-2012-6443
	RESERVED
CVE-2012-6453 (Cross-site scripting (XSS) vulnerability in the RSS Reader extension ...)
	{DSA-2596-1}
	- mediawiki-extensions 2.11 (bug #696179)
CVE-2012-6442 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6441 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6440 (The web-server password-authentication functionality in Rockwell ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6439 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6438 (Buffer overflow in Rockwell Automation EtherNet/IP products; ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6437 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6436 (Buffer overflow in Rockwell Automation EtherNet/IP products; ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6435 (Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, ...)
	NOT-FOR-US: Rockwell Automation EtherNet/IP
CVE-2012-6434 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: e107
CVE-2012-6433 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: e107
CVE-2013-0700 (Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2013-0699 (The Galil RIO-47100 Pocket PLC allows remote attackers to cause a ...)
	NOT-FOR-US: Galil RIO-47100
CVE-2013-0698
	REJECTED
CVE-2013-0697
	REJECTED
CVE-2013-0696
	REJECTED
CVE-2013-0695
	REJECTED
CVE-2013-0694 (The Emerson Process Management ROC800 RTU with software 3.50 and ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0693 (The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0692 (The kernel in ENEA OSE on the Emerson Process Management ROC800 RTU ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0691
	REJECTED
CVE-2013-0690
	REJECTED
CVE-2013-0689 (The TFTP server on the Emerson Process Management ROC800 RTU with ...)
	NOT-FOR-US: Emerson Process Management
CVE-2013-0688 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0687 (The installer routine in Schneider Electric MiCOM S1 Studio uses ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-0686 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0685 (Invensys Wonderware Information Server (WIS) 4.0 SP1SP1, 4.5- Portal, ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0684 (SQL injection vulnerability in Invensys Wonderware Information Server ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2013-0683 (The DataSim and DataPid demonstration clients in Cogent Real-Time ...)
	NOT-FOR-US: DataSim and DataPid demonstration clients
CVE-2013-0682 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub ...)
	NOT-FOR-US: Cogent DataHub
CVE-2013-0681 (Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub ...)
	NOT-FOR-US: Cogent DataHub
CVE-2013-0680 (Stack-based buffer overflow in the web server in Cogent Real-Time ...)
	NOT-FOR-US: Cogent DataHub
CVE-2013-0679 (Directory traversal vulnerability in the web server in Siemens WinCC ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0678 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0677 (The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0676 (Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0675 (Buffer overflow in CCEServer (aka the central communications ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0674 (Buffer overflow in the RegReader ActiveX control in Siemens WinCC ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0673 (Directory traversal vulnerability in the web interface in the Health ...)
	NOT-FOR-US: MatrikonOPC
CVE-2013-0672 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0671 (Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0670 (CRLF injection vulnerability in the HMI web application in Siemens ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0669 (The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0668 (Multiple cross-site scripting (XSS) vulnerabilities in the HMI web ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0667 (Cross-site scripting (XSS) vulnerability in the HMI web application in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2013-0666 (The configuration utility in MatrikonOPC Security Gateway 1.0 allows ...)
	NOT-FOR-US: MatrikonOPC
CVE-2013-0665 (Schweitzer Engineering Laboratories (SEL) AcSELerator QuickSet before ...)
	NOT-FOR-US: Schweitzer Engineering Laboratories AcSELerator QuickSet
CVE-2013-0664 (The FactoryCast service on the Schneider Electric Quantum 140NOE77111 ...)
	NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0663 (Cross-site request forgery (CSRF) vulnerability on the Schneider ...)
	NOT-FOR-US: Schneider Electric Quantum modules
CVE-2013-0662 (Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider ...)
	NOT-FOR-US: Schneider Electric
CVE-2013-0661
	RESERVED
CVE-2013-0660
	RESERVED
CVE-2013-0659 (The debugging feature on the Siemens CP 1604 and CP 1616 interface ...)
	NOT-FOR-US: Siemens Interface Card
CVE-2013-0658 (Heap-based buffer overflow in RFManagerService.exe in Schneider ...)
	NOT-FOR-US: Schneider Electric Accutech Manager
CVE-2013-0657 (Stack-based buffer overflow in Schneider Electric Interactive ...)
	NOT-FOR-US: Schneider Electric IGSS
CVE-2013-0656 (Buffer overflow in a third-party ActiveX component in Siemens SIMATIC ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2013-0655 (The client in Schneider Electric Software Update (SESU) Utility 1.0.x ...)
	NOT-FOR-US: Schneider Electric SESU
CVE-2013-0654 (CimWebServer in GE Intelligent Platforms Proficy HMI/SCADA - ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2013-0653 (Directory traversal vulnerability in substitute.bcl in the WebView ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2013-0652 (GE Intelligent Platforms Proficy Real-Time Information Portal does not ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2013-0651 (The Portal installation process in GE Intelligent Platforms Proficy ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy
CVE-2012-6432 (Symfony 2.0.x before 2.0.20, 2.1.x before 2.1.5, and 2.2-dev, when the ...)
	NOT-FOR-US: Symfony
CVE-2012-6431 (Symfony 2.0.x before 2.0.20 does not process URL encoded data ...)
	NOT-FOR-US: Symfony
CVE-2012-6430 (Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms ...)
	NOT-FOR-US: Open Solution Quick.Cart and Quick.Cms
CVE-2012-6429 (Buffer overflow in the PrepareSync method in the SyncService.dll ...)
	NOT-FOR-US: Samsung Kies
CVE-2013-0650 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0649 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0648 (Unspecified vulnerability in the ExternalInterface ActionScript ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0647 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0646 (Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0645 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0644 (Use-after-free vulnerability in Adobe Flash Player before 10.3.183.63 ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0643 (The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0642 (Buffer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0641 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.4, 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-0640 (Adobe Reader and Acrobat 9.x before 9.5.4, 10.x before 10.1.6, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2013-0639 (Integer overflow in Adobe Flash Player before 10.3.183.63 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0638 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0637 (Adobe Flash Player before 10.3.183.63 and 11.x before 11.6.602.168 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0636 (Stack-based buffer overflow in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-0635 (Adobe Shockwave Player before 12.0.0.112 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2013-0634 (Adobe Flash Player before 10.3.183.51 and 11.x before 11.5.502.149 on ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0633 (Buffer overflow in Adobe Flash Player before 10.3.183.51 and 11.x ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0632 (administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0631 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0630 (Buffer overflow in Adobe Flash Player before 10.3.183.50 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2013-0629 (Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0628
	REJECTED
CVE-2013-0627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0626 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0625 (Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2013-0624 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0623 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0622 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0621 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0620 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0619 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0618 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0617 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0616 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0615 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0614 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0613 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0612 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0611 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0610 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0609 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0608 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0607 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0606 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0605 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0604 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0603 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0602 (Use-after-free vulnerability in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2013-0601 (Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2012-6428 (Carlo Gavazzi EOS-Box with firmware before 1.0.0.1080_2.1.10 ...)
	NOT-FOR-US: Carlo Gavazzi EOS-Box
CVE-2012-6427 (Multiple SQL injection vulnerabilities in Carlo Gavazzi EOS-Box with ...)
	NOT-FOR-US: Carlo Gavazzi EOS-Box
CVE-2012-6426 (LemonLDAP::NG before 1.2.3 does not use the signature-verification ...)
	- lemonldap-ng 1.2.2-3 (bug #696329)
	[wheezy] - lemonldap-ng 1.1.2-5+deb7u1
	[squeeze] - lemonldap-ng <not-affected> (SAML code not present)
CVE-2013-0600 (Unspecified vulnerability on IBM WebSphere DataPower XC10 Appliance ...)
	NOT-FOR-US: IBM WebSphere DataPower XC10 Appliance devices
CVE-2013-0599 (IBM Eclipse Help System (IEHS), as used in IBM Rational Directory ...)
	NOT-FOR-US: IBM
CVE-2013-0598 (Cross-site request forgery (CSRF) vulnerability in the Web Client in ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2013-0597 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0596 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0595 (Multiple cross-site scripting (XSS) vulnerabilities in iNotes 8.5.x in ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2013-0594
	RESERVED
CVE-2013-0593 (Unspecified vulnerability in the olch2x32 ActiveX control in IBM SPSS ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2013-0592
	RESERVED
CVE-2013-0591 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2013-0590 (Cross-site scripting (XSS) vulnerability in iNotes 8.5.x in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2013-0589
	RESERVED
CVE-2013-0588
	RESERVED
CVE-2013-0587 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-0586 (Cross-site scripting (XSS) vulnerability in the server in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos
CVE-2013-0585 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2013-0584 (The Data Replication Dashboard component in IBM InfoSphere Replication ...)
	NOT-FOR-US: IBM InfoSphere Replication Server
CVE-2013-0583
	RESERVED
CVE-2013-0582 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Federated ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2013-0581 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Business ...)
	NOT-FOR-US: IBM
CVE-2013-0580 (Cross-site request forgery (CSRF) vulnerability in the Optim ...)
	NOT-FOR-US: IBM
CVE-2013-0579 (The Optim E-Business Console in IBM Data Growth Solution for Oracle ...)
	NOT-FOR-US: IBM
CVE-2013-0578 (The Sterling Order Management APIs in IBM Sterling Multi-Channel ...)
	NOT-FOR-US: IBM
CVE-2013-0577 (The Optim E-Business Console in IBM Data Growth Solution for Oracle ...)
	NOT-FOR-US: IBM
CVE-2013-0576 (Cross-site scripting (XSS) vulnerability in the Tivoli Enterprise ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-0575
	RESERVED
CVE-2013-0574
	RESERVED
CVE-2013-0573
	RESERVED
CVE-2013-0572 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for ...)
	NOT-FOR-US: IBM Document Connect for Application Support Facility
CVE-2013-0571 (Cross-site scripting (XSS) vulnerability in IBM Document Connect for ...)
	NOT-FOR-US: IBM Document Connect for Application Support Facility
CVE-2013-0570
	RESERVED
CVE-2013-0569 (Cross-site scripting (XSS) vulnerability in the Communities component ...)
	NOT-FOR-US: IBM Connections
CVE-2013-0568 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0567 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0566 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2013-0565 (Cross-site scripting (XSS) vulnerability in the RPC adapter for the ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0564
	RESERVED
CVE-2013-0563
	RESERVED
CVE-2013-0562
	RESERVED
CVE-2013-0561
	RESERVED
CVE-2013-0560 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator ...)
	NOT-FOR-US: IBM
CVE-2013-0559 (Unspecified vulnerability in IBM API Management 2.0 before 2.0.0.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0558 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0557
	RESERVED
CVE-2013-0556
	RESERVED
CVE-2013-0555
	RESERVED
CVE-2013-0554
	RESERVED
CVE-2013-0553 (The client implementation in IBM Sametime 8.5.1 through 8.5.2.1, as ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0552
	RESERVED
CVE-2013-0551 (The Basic Services component in IBM Tivoli Monitoring (ITM) 6.2.0 ...)
	NOT-FOR-US: IBM Tivoli Monitoring
CVE-2013-0550
	RESERVED
CVE-2013-0549 (Cross-site scripting (XSS) vulnerability in the Web Content Manager - ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2013-0548 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic ...)
	NOT-FOR-US: IBM Tivoli
CVE-2013-0547
	RESERVED
CVE-2013-0546
	RESERVED
CVE-2013-0545
	RESERVED
CVE-2013-0544 (Directory traversal vulnerability in the Administrative Console in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0543 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0542 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0541 (Buffer overflow in IBM WebSphere Application Server (WAS) 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0540 (IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0539 (An unspecified third-party component in IBM Sterling B2B Integrator ...)
	NOT-FOR-US: IBM
CVE-2013-0538 (Cross-site scripting (XSS) vulnerability in IBM Lotus Notes 8.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2013-0537 (The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0536 (ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes ...)
	NOT-FOR-US: IBM Notes
CVE-2013-0535 (Multiple cross-site scripting (XSS) vulnerabilities in the Classic ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0534 (The Connect client in IBM Sametime 8.5.1, 8.5.1.1, 8.5.1.2, 8.5.2, and ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0533 (Cross-site scripting (XSS) vulnerability in the Sametime Links server ...)
	NOT-FOR-US: IBM Sametime
CVE-2013-0532 (Cross-site request forgery (CSRF) vulnerability in IBM Security ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0531 (The SSL implementation in IBM Security AppScan Enterprise before ...)
	NOT-FOR-US: IBM
CVE-2013-0530
	RESERVED
CVE-2013-0529 (The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 ...)
	NOT-FOR-US: IBM Sterling Connect:Direct
CVE-2013-0528
	RESERVED
CVE-2013-0527 (The Browser in IBM Sterling Connect:Direct 1.4 before 1.4.0.11 and 1.5 ...)
	NOT-FOR-US: IBM Sterling Connect:Direct
CVE-2013-0526 (ping.php in Global Console Manager 16 (GCM16) and Global Console ...)
	NOT-FOR-US: IBM GCM16
CVE-2013-0525 (Multiple cross-site scripting (XSS) vulnerabilities in IBM iNotes ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0524
	RESERVED
CVE-2013-0523 (IBM WebSphere Commerce Enterprise 5.6.x through 5.6.1.5, 6.0.x through ...)
	NOT-FOR-US: IBM WebSphere
CVE-2013-0522
	RESERVED
CVE-2013-0521
	RESERVED
CVE-2013-0520 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...)
	NOT-FOR-US: IBM
CVE-2013-0519 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...)
	NOT-FOR-US: IBM
CVE-2013-0518 (IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim ...)
	NOT-FOR-US: IBM
CVE-2013-0517
	RESERVED
CVE-2013-0516
	RESERVED
CVE-2013-0515
	RESERVED
CVE-2013-0514
	RESERVED
CVE-2013-0513 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM ...)
	NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester
CVE-2013-0512 (Stack-based buffer overflow in the Manual Explore browser plug-in for ...)
	NOT-FOR-US: IBM Security AppScan Enterprise, Rational Policy Tester
CVE-2013-0511 (Multiple SQL injection vulnerabilities in IBM Security AppScan ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0510 (IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 includes a ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0509 (Buffer overflow in the Transaction MIB agent in IBM Tivoli Netcool ...)
	NOT-FOR-US: IBM
CVE-2013-0508 (Multiple buffer overflows in IBM Tivoli Netcool System Service ...)
	NOT-FOR-US: IBM
CVE-2013-0507
	RESERVED
CVE-2013-0506 (Cross-site scripting (XSS) vulnerability in IBM Sterling Order ...)
	NOT-FOR-US: IBM Sterling Order Management
CVE-2013-0505 (IBM Sterling Order Management 8.0 before HF127, 8.5 before HF89, 9.0 ...)
	NOT-FOR-US: IBM Sterling Order Management
CVE-2013-0504 (Buffer overflow in the broker service in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2013-0503 (Cross-site scripting (XSS) vulnerability in the Bookmarks component in ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2013-0502 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2013-0501 (The EdrawSoft EDOFFICE.EDOfficeCtrl.1 ActiveX control, as used in ...)
	NOT-FOR-US: IBM Cognos Disclosure Management
CVE-2013-0500 (IBM Storwize V7000 Unified 1.3.x and 1.4.x before 1.4.2.0 does not ...)
	NOT-FOR-US: IBM Storwize V7000 Unified
CVE-2013-0499 (Cross-site scripting (XSS) vulnerability in the echo functionality on ...)
	NOT-FOR-US: IBM
CVE-2013-0498
	RESERVED
CVE-2013-0497
	RESERVED
CVE-2013-0496
	RESERVED
CVE-2013-0495
	RESERVED
CVE-2013-0494 (IBM Sterling B2B Integrator 5.0 and 5.1 allows remote attackers to ...)
	NOT-FOR-US: IBM Sterling Integrator
CVE-2013-0493
	RESERVED
CVE-2013-0492 (Cross-site scripting (XSS) vulnerability in IBM Informix Open Admin ...)
	NOT-FOR-US: IBM Informix
CVE-2013-0491
	RESERVED
CVE-2013-0490 (Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 ...)
	NOT-FOR-US: IBM InfoSphere Guardium
CVE-2013-0489 (Cross-site request forgery (CSRF) vulnerability in webadmin.nsf (aka ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0488 (Cross-site scripting (XSS) vulnerability in webadmin.nsf (aka the Web ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0487 (The Java Console in IBM Domino 8.5.x allows remote authenticated users ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0486 (Memory leak in the HTTP server in IBM Domino 8.5.x allows remote ...)
	NOT-FOR-US: IBM Domino
CVE-2013-0485 (Unspecified vulnerability in IBM Java SDK 7 before SR4-FP1, 6 before ...)
	NOT-FOR-US: IBM Java SDK
CVE-2013-0484 (The server process in IBM Cognos TM1 10.1.x before 10.1.1 FP1 allows ...)
	NOT-FOR-US: IBM Cognos TM1
CVE-2013-0483 (The login component in SOAP Gateway in IBM IMS Enterprise Suite 1.1, ...)
	NOT-FOR-US: IBM IMS Enterprise Suite
CVE-2013-0482 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.29, 8.0 before ...)
	NOT-FOR-US: IBM
CVE-2013-0481 (The console in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling ...)
	NOT-FOR-US: IBM
CVE-2013-0480
	RESERVED
CVE-2013-0479 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0478 (Cross-site scripting (XSS) vulnerability in IBM InfoSphere Master Data ...)
	NOT-FOR-US: IBM
CVE-2013-0477 (Multiple cross-site scripting (XSS) vulnerabilities in IBM InfoSphere ...)
	NOT-FOR-US: IBM
CVE-2013-0476 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0475 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0474 (The Manual Explore browser plug-in in IBM Security AppScan Enterprise ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0473 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Security ...)
	NOT-FOR-US: IBM Security AppScan Enterprise
CVE-2013-0472 (The Web GUI in the client in IBM Tivoli Storage Manager (TSM) 6.3 ...)
	NOT-FOR-US: IBM
CVE-2013-0471 (The traditional scheduler in the client in IBM Tivoli Storage Manager ...)
	NOT-FOR-US: IBM
CVE-2013-0470 (HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote ...)
	NOT-FOR-US: IBM
CVE-2013-0469
	RESERVED
CVE-2013-0468 (Cross-site scripting (XSS) vulnerability in IBM Sterling B2B ...)
	NOT-FOR-US: IBM
CVE-2013-0467 (IBM Eclipse Help System (IEHS), as used in IBM Data Studio 3.1 and ...)
	NOT-FOR-US: IBM
CVE-2013-0466 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Message ...)
	NOT-FOR-US: IBM
CVE-2013-0465 (Unspecified vulnerability in the IBM WebSphere Cast Iron physical and ...)
	NOT-FOR-US: IBM
CVE-2013-0464 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Eclipse ...)
	NOT-FOR-US: IBM
CVE-2013-0463 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0462 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0461 (Cross-site scripting (XSS) vulnerability in the virtual member manager ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0460 (Cross-site request forgery (CSRF) vulnerability in the portlet ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0459 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0458 (Cross-site scripting (XSS) vulnerability in the Administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2013-0457 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2013-0456 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2013-0455 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling ...)
	NOT-FOR-US: IBM
CVE-2013-0454 (The SMB2 implementation in Samba 3.6.x before 3.6.6, as used on the ...)
	- samba 2:3.6.6-1
	[squeeze] - samba <not-affected> (only Samba 3.6.0 - 3.6.5 (inclusive) affected)
	NOTE: https://www.samba.org/samba/security/CVE-2013-0454
CVE-2013-0453 (Cross-site scripting (XSS) vulnerability in Web Reports in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0452 (Cross-site request forgery (CSRF) vulnerability in the Software Use ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2013-0451 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-6425
	RESERVED
CVE-2012-6424
	RESERVED
CVE-2012-6423
	RESERVED
CVE-2012-6422 (The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly ...)
	NOT-FOR-US: Android kernel
CVE-2012-6421
	REJECTED
CVE-2012-6420
	REJECTED
CVE-2012-6419
	REJECTED
CVE-2012-6418
	REJECTED
CVE-2012-6417
	REJECTED
CVE-2012-6416
	REJECTED
CVE-2012-6415
	REJECTED
CVE-2012-6414
	REJECTED
CVE-2012-6413
	REJECTED
CVE-2012-6412
	REJECTED
CVE-2012-6411
	REJECTED
CVE-2012-6410
	REJECTED
CVE-2012-6409
	REJECTED
CVE-2012-6408
	REJECTED
CVE-2012-6407
	REJECTED
CVE-2012-6406
	REJECTED
CVE-2012-6405
	REJECTED
CVE-2012-6404
	REJECTED
CVE-2012-6403
	REJECTED
CVE-2012-6402
	REJECTED
CVE-2012-6401
	REJECTED
CVE-2012-6400
	RESERVED
CVE-2012-6399 (Cisco WebEx 4.1 on iOS does not verify that the server hostname ...)
	NOT-FOR-US: Cisco
CVE-2012-6398
	RESERVED
CVE-2012-6397 (Cross-site scripting (XSS) vulnerability in Cisco WebEx Social ...)
	NOT-FOR-US: Cisco WebEx Social
CVE-2012-6396 (Cisco NX-OS on Nexus 7000 series switches does not properly handle ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-6395 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.4 do ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-6394
	RESERVED
CVE-2012-6393
	RESERVED
CVE-2012-6392 (Cisco Prime LAN Management Solution (LMS) 4.1 through 4.2.2 on Linux ...)
	NOT-FOR-US: Cisco Prime LMS
CVE-2012-6391
	RESERVED
CVE-2012-6390
	RESERVED
CVE-2012-6389
	RESERVED
CVE-2012-6388
	RESERVED
CVE-2012-6387
	RESERVED
CVE-2012-6386
	RESERVED
CVE-2012-6385
	RESERVED
CVE-2012-6384
	RESERVED
CVE-2012-6383
	RESERVED
CVE-2012-6382
	RESERVED
CVE-2012-6381
	RESERVED
CVE-2012-6380
	RESERVED
CVE-2012-6379
	RESERVED
CVE-2012-6378
	RESERVED
CVE-2012-6377
	RESERVED
CVE-2012-6376
	RESERVED
CVE-2012-6375
	RESERVED
CVE-2012-6374
	RESERVED
CVE-2012-6373
	RESERVED
CVE-2012-6372
	RESERVED
CVE-2012-6371 (The WPA2 implementation on the Belkin N900 F9K1104v1 router ...)
	NOT-FOR-US: Belkin router
CVE-2012-6370
	RESERVED
CVE-2012-6369 (Cross-site scripting (XSS) vulnerability in the Troubleshooting ...)
	NOT-FOR-US: AgileBits 1Password
CVE-2012-6368
	REJECTED
CVE-2012-6367
	REJECTED
CVE-2012-6366
	REJECTED
CVE-2012-6365
	REJECTED
CVE-2012-6364
	REJECTED
CVE-2012-6363
	REJECTED
CVE-2012-6362
	REJECTED
CVE-2012-6361
	RESERVED
CVE-2012-6360 (Cross-site scripting (XSS) vulnerability in IBM Intelligent Operations ...)
	NOT-FOR-US: IBM Intelligent Operations Center
CVE-2012-6359 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.11, ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-6358
	RESERVED
CVE-2012-6357 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials ...)
	NOT-FOR-US: IBM
CVE-2012-6356 (IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials ...)
	NOT-FOR-US: IBM
CVE-2012-6355 (IBM Maximo Asset Management 6.2 through 7.5, Maximo Asset Management ...)
	NOT-FOR-US: IBM
CVE-2012-6354 (The management GUI on the IBM SAN Volume Controller and Storwize V7000 ...)
	NOT-FOR-US: IBM
CVE-2012-6353
	RESERVED
CVE-2012-6352 (The Session Manager in IBM Sterling Connect:Direct through 4.1.0.3 on ...)
	NOT-FOR-US: IBM Sterling Connect:Direct
CVE-2012-6351
	RESERVED
CVE-2012-6350 (Cross-site scripting (XSS) vulnerability in the Web component in IBM ...)
	NOT-FOR-US: IBM Cognos TM1
CVE-2012-6349 (Buffer overflow in the .mdb parser in Autonomy KeyView IDOL, as used ...)
	NOT-FOR-US: IBM Notes
CVE-2012-6348 (Centrify Deployment Manager 2.1.0.283, as distributed in Centrify ...)
	NOT-FOR-US: Centrify
CVE-2012-6347 (Multiple cross-site scripting (XSS) vulnerabilities in Java number ...)
	NOT-FOR-US: FortiGate
CVE-2012-6346 (Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before ...)
	NOT-FOR-US: FortiWeb
CVE-2012-6345
	RESERVED
	NOT-FOR-US: CyberArk Vault
CVE-2012-6344
	RESERVED
	NOT-FOR-US: CyberArk Vault
CVE-2012-6343
	RESERVED
CVE-2012-6342 (Cross-site request forgery (CSRF) vulnerability in logout.action in ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2012-6341
	RESERVED
CVE-2012-6340
	RESERVED
CVE-2012-6339 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2012-6338
	RESERVED
CVE-2012-6337 (The Track My Mobile feature in the SamsungDive subsystem for Android ...)
	NOT-FOR-US: SamsungDive on Samsung Galaxy
CVE-2012-6336 (The Missing Device feature in Lookout allows physically proximate ...)
	NOT-FOR-US: Lookout
CVE-2012-6335 (The Anti-theft service in AVG AntiVirus for Android allows physically ...)
	NOT-FOR-US: AVG AntiVirus for Android
CVE-2012-6334 (The Track My Mobile feature in the SamsungDive subsystem for Android ...)
	NOT-FOR-US: SamsungDive subsystem for Android
CVE-2011-5251 (Open redirect vulnerability in forum/login.php in vBulletin 4.1.3 and ...)
	NOT-FOR-US: vBulletin
CVE-2012-6333 (Multiple HVM control operations in Xen 3.4 through 4.2 allow local HVM ...)
	{DSA-2636-1}
	- xen 4.1.3-8
CVE-2012-6332
	RESERVED
CVE-2012-6331
	RESERVED
CVE-2012-6330 (The localization functionality in TWiki before 5.1.3, and Foswiki ...)
	- foswiki <itp> (bug #509864)
CVE-2012-6329 (The _compile function in Maketext.pm in the Locale::Maketext ...)
	- perl 5.14.2-16 (bug #695224)
	[squeeze] - perl 5.10.1-17squeeze5
	- foswiki <itp> (bug #509864)
CVE-2012-6328
	REJECTED
CVE-2012-6327
	REJECTED
CVE-2012-6326 (VMware vCenter Server 4.1 before Update 3 and 5.0 before Update 2, and ...)
	NOT-FOR-US: vCenter
CVE-2012-6325 (VMware vCenter Server Appliance (vCSA) 5.0 before Update 2 does not ...)
	NOT-FOR-US: VMware vCenter Server Appliance
CVE-2012-6324 (Directory traversal vulnerability in VMware vCenter Server Appliance ...)
	NOT-FOR-US: VMware vCenter Server Appliance
CVE-2013-0450 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0449 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0448 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-0447 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0446 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0445 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12.1-1
	- openjdk-7 7u17-2.3.8-1
	NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69
	NOTE: openjdk-7 fixed in experimental: 7u13-2.3.6-1
CVE-2013-0444 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 7u3-2.1.6-1
	NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/ce04db4aba39
CVE-2013-0443 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0442 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
	NOTE: icedtea fix: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/6527ae06da69
CVE-2013-0441 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0440 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0439 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0438 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0437 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0436 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0435 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0434 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0433 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0432 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0431 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java7)
	- openjdk-7 7u3-2.1.6-1
	NOTE: IcedTea commit: http://icedtea.classpath.org/hg/release/icedtea7-forest-2.3/jdk/rev/b09c28ff798f
CVE-2013-0430 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0429 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0428 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0427 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0426 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0425 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0424 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b27-1.12-1
	- openjdk-7 7u3-2.1.6-1
CVE-2013-0423 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0422 (Multiple vulnerabilities in Oracle Java 7 before Update 11 allow ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u3-2.1.4-1
	NOTE: Exploitable on Linux http://www.openwall.com/lists/oss-security/2013/01/11/1
CVE-2013-0421
	REJECTED
CVE-2013-0420 (Unspecified vulnerability in the VirtualBox component in Oracle ...)
	- virtualbox 4.1.18-dfsg-2 (bug #698292)
	- virtualbox-ose <not-affected> (Vulnerable code not present)
CVE-2013-0419 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0418 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Outside In
CVE-2013-0417 (Unspecified vulnerability in the Sun Storage Common Array Manager ...)
	NOT-FOR-US: Sun Storage Common Array Manager
CVE-2013-0416 (Unspecified vulnerability in the Siebel Enterprise Application ...)
	NOT-FOR-US: Oracle Siebel
CVE-2013-0415 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2013-0414 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2013-0413 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-0412 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2013-0411 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2013-0410 (Unspecified vulnerability in the Agile EDM component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2013-0409 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2013-0408 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2013-0407 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-0406 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2013-0405 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2013-0404 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2013-0403 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2013-0402 (Heap-based buffer overflow in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2013-0401 (The Java Runtime Environment (JRE) component in Oracle Java SE 7 ...)
	- openjdk-7 7u21-2.3.9-1
	- openjdk-6 6b27-1.12.5-1
CVE-2013-0400 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-0399 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2013-0398 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2013-0397 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle Applications Framework
CVE-2013-0396 (Unspecified vulnerability in the Application Performance Management ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0395 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0394 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0393 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Outside In
CVE-2013-0392 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0391 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0390 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle Applications Framework
CVE-2013-0389 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0388 (Unspecified vulnerability in the PeopleSoft HRMS component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0387 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0386 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0385 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0384 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0383 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0382 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0381 (Unspecified vulnerability in the Oracle CRM Technical Foundation ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0380 (Unspecified vulnerability in the Oracle Payroll component in Oracle ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0379 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-0378 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-0377 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0376 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E Business suite
CVE-2013-0375 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 5.1.67
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0374 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-0373 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-0372 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager
CVE-2013-0371 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0370 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain product suite
CVE-2013-0369 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0368 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0367 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2013-0366 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0365 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2013-0364 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0363 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0362 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0361 (Unspecified vulnerability in the Mobile Server component in Oracle ...)
	NOT-FOR-US: Oracle Database Mobile/Lite Server
CVE-2013-0360 (Unspecified vulnerability in the Application Performance Management ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0359 (Unspecified vulnerability in the APM - Application Performance ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0358 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0357 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0356 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2013-0355 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0354 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0353 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0352 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2013-0351 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2013-0350 (tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary ...)
	- pktstat 1.8.5-3 (bug #701211)
	[squeeze] - pktstat <not-affected> (Vulnerable code not present)
CVE-2013-0349 (The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux ...)
	{DSA-2668-1}
	- linux 3.2.39-1
	- linux-2.6 <removed>
CVE-2013-0348 (thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use ...)
	- thttpd <removed> (low)
	[squeeze] - thttpd <no-dsa> (Minor issue)
	NOTE: http://blogs.gentoo.org/blueness/2014/10/03/sthttpd-a-very-tiny-and-very-fast-http-server-with-a-mature-codebase/
CVE-2013-0347 (The Gentoo init script for webfs uses world-readable permissions for ...)
	- webfs 1.21+ds1-9 (low; bug #701638)
	[wheezy] - webfs <no-dsa> (Minor issue)
	[squeeze] - webfs <no-dsa> (Minor issue)
CVE-2013-0346 (** DISPUTED ** Apache Tomcat 7.x uses world-readable permissions for ...)
	- tomcat6 <not-affected> (Log files are owned by tomcat:tomcat)
CVE-2013-0345 (varnish 3.0.3 uses world-readable permissions for the ...)
	- varnish <not-affected> (Logfiles are owned by varnishlog:varnishlog)
CVE-2013-0344
	RESERVED
CVE-2013-0343 (The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux ...)
	{DSA-2906-1}
	- linux 3.10.11-1 (low)
	[wheezy] - linux 3.2.51-1
	- linux-2.6 <removed> (low)
CVE-2013-0342 [CreateID() creates serialized packet IDs for RADIUS]
	RESERVED
	- pyrad <unfixed> (low; bug #701151)
	[stretch] - pyrad <no-dsa> (Minor issue)
	[jessie] - pyrad <no-dsa> (Minor issue)
	[wheezy] - pyrad <no-dsa> (Minor issue)
	[squeeze] - pyrad <no-dsa> (Minor issue)
	NOTE: this is initially related to #700669
CVE-2013-0341 [external entity expansion]
	REJECTED
CVE-2013-0340 (expat 2.1.0 and earlier does not properly handle entities expansion ...)
	- expat <unfixed> (unimportant)
	NOTE: Expat provides API to mitigate expansion attacks, ultimately under control of the app using Expat
	NOTE: https://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-0340.html
CVE-2013-0339 (libxml2 through 2.9.1 does not properly handle external entities ...)
	{DSA-2652-1}
	- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0338 (libxml2 2.9.0 and earlier allows context-dependent attackers to cause ...)
	{DSA-2652-1}
	- libxml2 2.8.0+dfsg1-7+nmu1 (bug #702260)
CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier, uses ...)
	- nginx <unfixed> (low; bug #701112)
	[stretch] - nginx <ignored> (Minor issue)
	[jessie] - nginx <ignored> (Minor issue)
	[wheezy] - nginx <no-dsa> (Minor issue)
	[squeeze] - nginx <no-dsa> (Minor issue)
	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376
	NOTE: resolved upstream.
	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 fixes.
CVE-2013-0336 (The ipapwd_chpwop function in ...)
	- 389-ds-base 1.3.2.9-1 (bug #704077)
CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) ...)
	- nova 2012.1.1-14 (bug #701773)
CVE-2013-0334 (Bundler before 1.7, when multiple top-level source lines are used, ...)
	- bundler 1.7.2-1 (low; bug #762739)
	[wheezy] - bundler <no-dsa> (Minor issue)
CVE-2013-0333 (lib/active_support/json/backends/yaml.rb in Ruby on Rails 2.3.x before ...)
	{DSA-2613-1}
	- rails 2.3.14.1 (bug #699226)
	- ruby-activesupport-2.3 2.3.14-6 (bug #699249)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: https://groups.google.com/forum/?fromgroups=#!topic/rubyonrails-security/1h2DR63ViGo
CVE-2013-0332 (Multiple directory traversal vulnerabilities in ZoneMinder 1.24.x ...)
	{DSA-2640-1}
	- zoneminder 1.25.0-1 (bug #700912)
CVE-2013-0331 (Jenkins before 1.502 and LTS before 1.480.3 allows remote ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0330 (Unspecified vulnerability in Jenkins before 1.502 and LTS before ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0329 (Unspecified vulnerability in Jenkins before 1.502 and LTS before ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0328 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.502 and ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0327 (Cross-site request forgery (CSRF) vulnerability in Jenkins master in ...)
	- jenkins 1.480.3+dfsg-1 (bug #700761)
CVE-2013-0326 [_base images permissions world readable]
	RESERVED
	- nova <unfixed> (unimportant)
	NOTE: Unfixed upstream, typical installation not multi-user anyway
CVE-2013-0325 (Multiple cross-site scripting (XSS) vulnerabilities in the Varnish ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0324 (Cross-site scripting (XSS) vulnerability in the Rendered links ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0323 (Cross-site scripting (XSS) vulnerability in the Display Suite module ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0322 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0321 (Cross-site scripting (XSS) vulnerability in Views in the Ubercart ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0320 (Cross-site request forgery (CSRF) vulnerability in the Taxonomy ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0319 (Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0318 (The admin page in the Banckle Chat module for Drupal does not properly ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0317 (Cross-site scripting (XSS) vulnerability in the Manager Change for ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0316 (The Image module in Drupal 7.x before 7.20 allows remote attackers to ...)
	- drupal7 7.14-2 (bug #701165)
	- drupal6 <not-affected> (Only affects Drupal 7)
CVE-2013-0315 (The GateIn Portal export/import gadget in JBoss Enterprise Portal ...)
	NOT-FOR-US: GateIn Portal
CVE-2013-0314 (The GateIn Portal export/import gadget in JBoss Enterprise Portal ...)
	NOT-FOR-US: GateIn Portal
CVE-2013-0313 (The evm_update_evmxattr function in ...)
	- linux 3.2.39-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0312 (389 Directory Server before 1.3.0.4 allows remote attackers to cause a ...)
	- 389-ds-base 1.3.0.3-1
CVE-2013-0311 (The translate_desc function in drivers/vhost/vhost.c in the Linux ...)
	- linux 3.2.41-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0310 (The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux ...)
	- linux 3.2.29-1
	- linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2013-0309 (arch/x86/include/asm/pgtable.h in the Linux kernel before 3.6.2, when ...)
	- linux 3.2.32-1
	- linux-2.6 <not-affected> (THP not in Squeeze)
	NOTE: Probably gone since 3.2.32, but I checked 3.2.41-2
CVE-2013-0308 (The imap-send command in GIT before 1.8.1.4 does not verify that the ...)
	- git <not-affected> (OpenSSL support is not enabled in Debian, see bug #701586)
	NOTE: http://marc.info/?l=git&m=136134619013145&w=2
	NOTE: Further reference about SSL support in imap-send #434599 needs to be adressed first
CVE-2013-0307 (Cross-site scripting (XSS) vulnerability in settings.php in ownCloud ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0306 (The form library in Django 1.3.x before 1.3.6, 1.4.x before 1.4.4, and ...)
	{DSA-2634-1}
	- python-django 1.4.4-1 (bug #701186)
CVE-2013-0305 (The administrative interface for Django 1.3.x before 1.3.6, 1.4.x ...)
	{DSA-2634-1}
	- python-django 1.4.4-1 (bug #701186)
	NOTE: https://www.djangoproject.com/weblog/2013/feb/19/security/
CVE-2013-0304 (ownCloud Server before 4.5.7 does not properly check ownership of ...)
	- owncloud 5.0.3+dfsg-1
CVE-2013-0303 (Unspecified vulnerability in core/ajax/translations.php in ownCloud ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-006/
CVE-2013-0302 (Unspecified vulnerability in ownCloud Server before 4.0.12 allows ...)
	- owncloud 5.0.3+dfsg-1
CVE-2013-0301 (Cross-site request forgery (CSRF) vulnerability in ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
CVE-2013-0300 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
CVE-2013-0299 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-004/
CVE-2013-0298 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x ...)
	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0297 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.8debian-1.5 (bug #701115)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-003/
CVE-2013-0296 (Race condition in pigz before 2.2.5 uses permissions derived from the ...)
	- pigz 2.2.4-2 (low; bug #700608)
	[squeeze] - pigz 2.1.6-1+squeeze1
CVE-2013-0295 [CreateID() creates serialized packet IDs for RADIUS]
	RESERVED
CVE-2013-0294 [potentially predictable password hashing]
	RESERVED
	- pyrad 2.0-2 (low; bug #700669)
	[wheezy] - pyrad 1.2-1+deb7u2
	[squeeze] - pyrad 1.2-1+deb6u1
CVE-2013-0293 [Lock screen accepts F2 to drop to shell]
	RESERVED
	- ovirt-node <itp> (bug #502024)
CVE-2013-0292 (The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib ...)
	- dbus-glib 0.100.1-1 (bug #700638; high)
	[squeeze] - dbus-glib 0.88-2.1+squeeze1
CVE-2013-0291
	RESERVED
CVE-2013-0290 (The __skb_recv_datagram function in net/core/datagram.c in the Linux ...)
	- linux <not-affected> (Introduced in 3.4, fixed in 3.8)
	- linux-2.6 <not-affected> (Introduced in 3.4)
CVE-2013-0289 (Isync 0.4 before 1.0.6, does not verify that the server hostname ...)
	- isync 1.0.4-2.2 (low; bug #701052)
	[squeeze] - isync <no-dsa> (Minor issue)
	NOTE: http://isync.git.sourceforge.net/git/gitweb.cgi?p=isync/isync;a=patch;h=914ede18664980925628a9ed2a73ad05f85aeedb
CVE-2013-0288 (nss-pam-ldapd before 0.7.18 and 0.8.x before 0.8.11 allows ...)
	{DSA-2628-1}
	- nss-pam-ldapd 0.8.10-3 (bug #690319)
CVE-2013-0287 (The Simple Access Provider in System Security Services Daemon (SSSD) ...)
	- sssd <not-affected> (Introduced in 1.9.0)
	NOTE: http://www.openwall.com/lists/oss-security/2013/03/20/12
CVE-2013-0286
	RESERVED
CVE-2013-0285 (The nori gem 2.0.x before 2.0.2, 1.1.x before 1.1.4, and 1.0.x before ...)
	NOT-FOR-US: nori Ruby gem
CVE-2013-0284 (Ruby agent 3.2.0 through 3.5.2 serializes sensitive data when ...)
	NOT-FOR-US: newrelic_rpm Ruby gem
CVE-2013-0283
	RESERVED
	NOT-FOR-US: Red Hat CloudForms
CVE-2013-0282 (OpenStack Keystone Grizzly before 2013.1, Folsom 2012.1.3 and earlier, ...)
	- keystone 2012.1.1-13 (bug #700947)
CVE-2013-0281 (Pacemaker 1.1.10, when remote Cluster Information Base (CIB) ...)
	- pacemaker 1.1.10-1 (low; bug #700923)
	[squeeze] - pacemaker <no-dsa> (Minor issue)
	[wheezy] - pacemaker <no-dsa> (Minor issue)
	NOTE: https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93
CVE-2013-0280
	REJECTED
CVE-2013-0279
	REJECTED
CVE-2013-0278
	REJECTED
CVE-2013-0277 (ActiveRecord in Ruby on Rails before 2.3.17 and 3.x before 3.1.0 ...)
	{DSA-2620-1}
	- ruby-activerecord-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2013-0276 (ActiveRecord in Ruby on Rails before 2.3.17, 3.1.x before 3.1.11, and ...)
	{DSA-2620-1}
	- ruby-activemodel-3.2 3.2.6-3
	- ruby-activerecord-2.3 2.3.14-5
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: The fix for 3.2 is present in ruby-activemodel-3.2, not ruby-activerecord-3.2
CVE-2013-0275 (Multiple cross-site scripting (XSS) vulnerabilities in Ganglia Web ...)
	- ganglia 3.6.0-1 (low; bug #700158)
	[squeeze] - ganglia <no-dsa> (Minor issue)
	[wheezy] - ganglia <no-dsa> (Minor issue)
	- ganglia-web 3.5.8-3 (bug #700159)
	NOTE: starting with 3.6.0-1 the web front is no longer built from src:ganglia so marking this version as fixed
	NOTE: https://github.com/ganglia/ganglia-web/commit/31d348947419058c43b8dfcd062e2988abd5058e
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=892823
CVE-2013-0274 (upnp.c in libpurple in Pidgin before 2.10.7 does not properly ...)
	- pidgin 2.10.6-3
	NOTE: http://www.pidgin.im/news/security/?id=68
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-0273 (sametime.c in the Sametime protocol plugin in libpurple in Pidgin ...)
	- pidgin 2.10.6-3
	[squeeze] - pidgin <no-dsa> (Not suitable for code injection)
	NOTE: http://pidgin.im/news/security/?id=67
CVE-2013-0272 (Buffer overflow in http.c in the MXit protocol plugin in libpurple in ...)
	- pidgin 2.10.6-3
	NOTE: http://pidgin.im/news/security/?id=66
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2013-0271 (The MXit protocol plugin in libpurple in Pidgin before 2.10.7 might ...)
	- pidgin 2.10.6-3
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
	NOTE: http://pidgin.im/news/security/?id=65
CVE-2013-0270 (OpenStack Keystone Grizzly before 2013.1, Folsom, and possibly earlier ...)
	- keystone 2013.1.1-2
	[wheezy] - keystone <no-dsa> (Too intrusive to backport)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1099025
	NOTE: See notes on ubuntu security tracker, change too intrusive to be backported
CVE-2013-0269 (The JSON gem before 1.5.5, 1.6.x before 1.6.8, and 1.7.x before 1.7.7 ...)
	{DLA-263-1 DLA-215-1}
	- ruby-json 1.7.3-3 (bug #700436)
	- libjson-ruby <removed>
	- ruby1.9.1 1.9.3.194-7 (bug #700471)
	- ruby1.8 <not-affected> (json ext not present in 1.8)
CVE-2013-0268 (The msr_open function in arch/x86/kernel/msr.c in the Linux kernel ...)
	- linux 3.2.39-1
	- linux-2.6 2.6.32-48squeeze1
CVE-2013-0267 (The Privileges portion of the web GUI and the XMLRPC API in Apache VCL ...)
	NOT-FOR-US: Apache VCL
CVE-2013-0266 (manifests/base.pp in the puppetlabs-cinder module, as used in ...)
	NOT-FOR-US: Openstack Packstack
CVE-2013-0265 (The redirect_stderr function in xnbd_common.c in xnbd-server and ...)
	- xnbd 0.1.0-pre-hg20-e75b93a47722-3 (low)
	NOTE: http://seclists.org/oss-sec/2013/q1/248
CVE-2013-0264
	RESERVED
	NOT-FOR-US: Cumin
CVE-2013-0263 (Rack::Session::Cookie in Rack 1.5.x before 1.5.2, 1.4.x before 1.4.5, ...)
	{DSA-2783-1}
	- ruby-rack 1.4.1-2.1 (bug #700226)
	- librack-ruby <removed> (bug #700226)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=802794
	NOTE: Patches in git, commits 0cd7e9aa397f8ebb3b8481d67dbac8b4863a7f07 and 9a81b961457805f6d1a5c275d053068440421e11
CVE-2013-0262 (rack/file.rb (Rack::File) in Rack 1.5.x before 1.5.2 and 1.4.x before ...)
	- ruby-rack 1.4.1-2.1 (bug #700173)
	- librack-ruby <not-affected> (Introduced in 1.4.0, see #700226)
	NOTE: Patches in git, commit 6f237e4c9fab649d3750482514f0fde76c56ab30
CVE-2013-0261 ((1) installer/basedefs.py and (2) modules/ospluginutils.py in ...)
	NOT-FOR-US: Openstack Packstack
CVE-2013-0260 (Unspecified vulnerability in the Drush Debian Packaging module for ...)
	NOT-FOR-US: Drupal module debuild
	NOTE: This is a different thing from the drush package.
CVE-2013-0259 (Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x ...)
	NOT-FOR-US: Drupal module Boxes
CVE-2013-0258 (The Google Authenticator login (ga_login) module 7.x before 7.x-1.3 ...)
	NOT-FOR-US: Drupal module ga_login
CVE-2013-0257 (The email2image module 6.x-1.x and 6.x-2.x for Drupal does not ...)
	NOT-FOR-US: Drupal module email2image
CVE-2013-0256 (darkfish.js in RDoc 2.3.0 through 3.12 and 4.x before ...)
	{DLA-235-1}
	- ruby1.9.1 1.9.3.194-6 (low; bug #699929)
	- ruby1.8 <not-affected> (Only affects 1.9 and 2.0)
	NOTE: http://marc.info/?l=oss-security&m=136021623726440&w=2
	NOTE: https://github.com/rdoc/rdoc/commit/ffa87887ee0517793df7541629a470e331f9fe60
CVE-2013-0255 (PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before ...)
	{DSA-2630-1}
	- postgresql-9.1 9.1.8-1
	- postgresql-8.4 8.4.16-1
CVE-2013-0254 (The QSharedMemory class in Qt 5.0.0, 4.8.x before 4.8.5, 4.7.x before ...)
	{DLA-210-1}
	- qt4-x11 4:4.8.2+dfsg-11 (bug #699870)
	NOTE: possible follow-up problem if patch is applied: http://bugs.debian.org/700530
	NOTE: but bug in xorg server, needs checking
CVE-2013-0253 (The default configuration of Apache Maven 3.0.4, when using Maven ...)
	- wagon2 2.2-3+nmu1 (bug #701991)
CVE-2013-0252 (boost::locale::utf::utf_traits in the Boost.Locale library in Boost ...)
	- boost1.50 <removed> (bug #699650)
	- boost1.49 1.49.0-3.2 (bug #699649)
	- boost1.42 <not-affected> (Boost.Locale was not part of boost until 1.48.0, bug #699719)
CVE-2013-0251 (Stack-based buffer overflow in llogincircuit.cc in latd 1.25 through ...)
	- latd 1.31 (low; bug #699625)
	[squeeze] - latd <no-dsa> (Minor issue)
CVE-2013-0250 (The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 ...)
	- corosync <not-affected> (Introduced in v1.99.8-2-ge925f42; bug #699615)
	NOTE: https://github.com/corosync/corosync/commit/4378915a33ab7fbbb5874f79dd7cd71b014ef44e#L0R407
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/01/1
CVE-2013-0249 (Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message ...)
	- curl 7.29.0-1 (bug #700002)
	[squeeze] - curl <not-affected> (Only affects 7.26.0 to 7.28.1)
	[wheezy] - curl 7.26.0-1+wheezy1
CVE-2013-0248 (The default configuration of javax.servlet.context.tempdir in Apache ...)
	- libcommons-fileupload-java 1.3-1 (unimportant)
	NOTE: Only affects example code
CVE-2013-0247 (OpenStack Keystone Essex 2012.1.3 and earlier, Folsom 2012.2.3 and ...)
	- keystone 2012.1.1-12 (bug #699835)
	NOTE: https://bugs.launchpad.net/keystone/+bug/1098307
CVE-2013-0246 (The Image module in Drupal 7.x before 7.19, when a private file system ...)
	- drupal7 7.14-1.3 (bug #698334)
	NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0245 (The printer friendly version functionality in the Book module in ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #698333)
	- drupal7 7.14-1.3 (bug #698334)
	NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0244 (Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #698333)
	- drupal7 7.14-1.3 (bug #698334)
	NOTE: https://drupal.org/SA-CORE-2013-001
CVE-2013-0242 (Buffer overflow in the extend_buffers function in the regular ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-2 (low; bug #699399)
	[wheezy] - eglibc 2.13-38+deb7u1
	NOTE: http://seclists.org/oss-sec/2013/q1/202
CVE-2013-0241 (The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to ...)
	- xserver-xorg-video-qxl 0.0.17-1 (bug #699396)
	[squeeze] - xserver-xorg-video-qxl <no-dsa> (minor denial of service issue)
	NOTE: squeeze is affected since it could be a guest of an affected qemu-kvm version
CVE-2013-0240 (Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x ...)
	- gnome-online-accounts 3.4.2-2 (bug #699825)
CVE-2013-0239 (Apache CXF before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3, ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-0238 (The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before ...)
	{DSA-2618-1}
	- ircd-hybrid 1:7.2.2.dfsg.2-10 (bug #699267; high)
	[squeeze] - ircd-hybrid 7.2.2.dfsg.2-6.2+squeeze1
	- oftc-hybrid <unfixed>
CVE-2013-0237 (Cross-site scripting (XSS) vulnerability in Plupload.as in Moxiecode ...)
	- wordpress 3.5.1+dfsg-1 (bug #698929)
	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0236 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...)
	- wordpress 3.5.1+dfsg-1 (bug #698927)
	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0235 (The XMLRPC API in WordPress before 3.5.1 allows remote attackers to ...)
	- wordpress 3.5.1+dfsg-1 (bug #698916)
	NOTE: http://wordpress.org/news/2013/01/wordpress-3-5-1/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/25/7
CVE-2013-0234 (Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg ...)
	- elgg <itp> (bug #526197)
CVE-2013-0233 (Devise gem 2.2.x before 2.2.3, 2.1.x before 2.1.3, 2.0.x before 2.0.5, ...)
	- ruby-devise 3.4.1-1
CVE-2013-0232 (includes/functions.php in ZoneMinder Video Server 1.24.0, 1.25.0, and ...)
	{DSA-2640-1}
	- zoneminder 1.25.0-4 (bug #698910)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=904103
	NOTE: Upstream forum post: http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
CVE-2013-0231 (The pciback_enable_msi function in the PCI backend driver ...)
	{DSA-2632-1}
	- linux 3.2.41-1
	- linux-2.6 <removed>
CVE-2013-0230 (Stack-based buffer overflow in the ExecuteSoapAction function in the ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-0229 (The ProcessSSDPRequest function in minissdp.c in the SSDP handler in ...)
	- miniupnpd <not-affected> (Fixed before initial upload to archive)
CVE-2013-0228 (The xen_iret function in arch/x86/xen/xen-asm_32.S in the Linux kernel ...)
	{DLA-103-1}
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
	NOTE: was actually fixed in 2.6.32-46squeeze1 but upload was done and no DSA was released for that version.
CVE-2013-0227 (Cross-site scripting (XSS) vulnerability in the Search API Sorts ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0226 (The Keyboard Shortcut Utility module 7.x-1.x before 7.x-1.1 for Drupal ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0225 (Cross-site scripting (XSS) vulnerability in the User Relationships ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0224 (The Video module 7.x-2.x before 7.x-2.9 for Drupal, when using the ...)
	NOT-FOR-US: Drupal addon
CVE-2013-0223 (The SUSE coreutils-i18n.patch for GNU coreutils allows ...)
	- coreutils <not-affected> (Affected patch not added to Debian package)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0222 (The SUSE coreutils-i18n.patch for GNU coreutils allows ...)
	- coreutils <not-affected> (Affected patch not added to Debian package)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0221 (The SUSE coreutils-i18n.patch for GNU coreutils allows ...)
	- coreutils <not-affected> (Affected patch not added to Debian package)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/21/14
CVE-2013-0220 (The (1) sss_autofs_cmd_getautomntent and (2) ...)
	- sssd 1.8.4-2 (low; bug #698871)
	[squeeze] - sssd <not-affected> (autofs and ssh responders not yet present)
CVE-2013-0219 (System Security Services Daemon (SSSD) before 1.9.4, when (1) ...)
	- sssd 1.8.4-2 (low; bug #698871)
	[squeeze] - sssd <no-dsa> (Minor issue)
CVE-2013-0218 (The GUI installer in JBoss Enterprise Application Platform (EAP) and ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2013-0217 (Memory leak in drivers/net/xen-netback/netback.c in the Xen netback ...)
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2013-0216 (The Xen netback functionality in the Linux kernel before 3.7.8 allows ...)
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2013-0215 (oxenstored in Xen 4.1.x, Xen 4.2.x, and xen-unstable does not properly ...)
	- xen <not-affected> (ocaml version of the xenstore daemon not used in Debian)
CVE-2013-0214 (Cross-site request forgery (CSRF) vulnerability in the Samba Web ...)
	{DSA-2617-1}
	- samba 2:3.6.6-5
CVE-2013-0213 (The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, ...)
	{DSA-2617-1}
	- samba 2:3.6.6-5
CVE-2013-0212 (store/swift.py in OpenStack Glance Essex (2012.1), Folsom (2012.2) ...)
	- glance 2012.1.1-4
CVE-2013-0211 (Integer signedness error in the archive_write_zip_data function in ...)
	- libarchive 3.0.4-3 (bug #703957)
	[squeeze] - libarchive <not-affected> (Vulnerable code not present)
CVE-2013-0210 (The smart proxy Puppet run API in Foreman before 1.2.0 allows remote ...)
	- foreman <itp> (bug #663101)
CVE-2013-0209 (lib/MT/Upgrade.pm in mt-upgrade.cgi in Movable Type 4.2x and 4.3x ...)
	{DSA-2611-1}
	- movabletype-opensource 5.1.2+dfsg-1 (bug #697666)
	NOTE: Versions 5.0 or higher not affected
CVE-2013-0208 (The boot-from-volume feature in OpenStack Compute (Nova) Folsom and ...)
	- nova 2012.1.1-12
CVE-2013-0207 (Cross-site request forgery (CSRF) vulnerability in the Mark Complete ...)
	NOT-FOR-US: module for Drupal
CVE-2013-0206 (Unrestricted file upload vulnerability in the Live CSS module 6.x-2.x ...)
	NOT-FOR-US: module for Drupal
CVE-2013-0205 (Cross-site request forgery (CSRF) vulnerability in the RESTful Web ...)
	NOT-FOR-US: module for Drupal
CVE-2013-0204 (settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote ...)
	- owncloud <not-affected> (Vulnerably code not present, only affects 4.5 branch)
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-002/
CVE-2013-0203 [XSS vulnerabilities]
	RESERVED
	- owncloud 4.0.8debian-1.4 (bug #698737)
	[wheezy] - owncloud 4.0.4debian2-3.3
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
CVE-2013-0202 [XSS vulnerabilities]
	RESERVED
	- owncloud 4.0.8debian-1.4 (bug #698737)
	[wheezy] - owncloud 4.0.4debian2-3.3
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
CVE-2013-0201 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, ...)
	- owncloud 4.0.8debian-1.4 (bug #698737)
	[wheezy] - owncloud 4.0.4debian2-3.3
	NOTE: http://owncloud.org/about/security/advisories/oC-SA-2013-001/
CVE-2013-0200 (HP Linux Imaging and Printing (HPLIP) through 3.12.4 allows local ...)
	{DSA-2829-1}
	- hplip 3.12.6-3.1 (low; bug #701185)
	[squeeze] - hplip <no-dsa> (Minor issue)
CVE-2013-0199 (The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict ...)
	NOT-FOR-US: FreeIPA
CVE-2013-0198 (Dnsmasq before 2.66test2, when used with certain libvirt ...)
	- dnsmasq 2.66-1 (low)
	[wheezy] - dnsmasq <no-dsa> (Minor issue)
	[squeeze] - dnsmasq <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/18/2
CVE-2013-0197 (Cross-site scripting (XSS) vulnerability in the ...)
	- mantis <not-affected> (This only affects the 1.2.12 version, which isn't present in Debian, bug #698481)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=15373
CVE-2013-0196
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2013-0195 [Unspecified XSS]
	RESERVED
	- piwik <itp> (bug #506933)
	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0194 [Unspecified XSS]
	RESERVED
	- piwik <itp> (bug #506933)
	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0193 [Unspecified XSS]
	RESERVED
	- piwik <itp> (bug #506933)
	NOTE: http://piwik.org/blog/2013/01/piwik-1-10/
CVE-2013-0192
	RESERVED
	NOT-FOR-US: Simple Machines Forum
CVE-2013-0188
	REJECTED
CVE-2013-0190 (The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 ...)
	- linux 3.2.39-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
CVE-2013-0189 (cachemgr.cgi in Squid 3.1.x and 3.2.x, possibly 3.1.22, 3.2.4, and ...)
	{DSA-2631-1}
	- squid 2.7.STABLE9-2
	NOTE: squid-cgi was removed in 2.7.STABLE9-2
	- squid3 3.1.20-2.1 (bug #696187)
	NOTE: possible regression, see #701123
CVE-2013-0191 (libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value ...)
	- pam-pgsql 0.7.3.1-4 (bug #698241)
	[squeeze] - pam-pgsql 0.7.1-4+squeeze2
	NOTE: patch: https://sourceforge.net/u/lvella/pam-pgsql/ci/9361f5970e5dd90a747319995b67c2f73b91448c/
	NOTE: bugreport: https://sourceforge.net/p/pam-pgsql/bugs/13/
CVE-2013-0187 (Foreman before 1.1 allows remote authenticated users to gain ...)
	- foreman <itp> (bug #663101)
CVE-2013-0186
	RESERVED
	NOT-FOR-US: ManageIQ EVM (CloudForms)
CVE-2013-0185 (Cross-site request forgery (CSRF) vulnerability in ManageIQ Enterprise ...)
	NOT-FOR-US: ManageIQ EVM (CloudForms)
CVE-2013-0184 (Unspecified vulnerability in Rack::Auth::AbstractRequest in Rack 1.1.x ...)
	{DSA-2783-1}
	- ruby-rack 1.4.1-2.1 (bug #698440)
	- librack-ruby <removed>
CVE-2013-0183 (multipart/parser.rb in Rack 1.3.x before 1.3.8 and 1.4.x before 1.4.3 ...)
	{DSA-2783-1}
	- ruby-rack 1.4.1-2.1 (bug #698440)
	- librack-ruby <removed>
	NOTE: commit 24d512531bd88f2d6ce94b3a3d9798fde8fbb713 refactored the multipart module
	NOTE: and introduced the fast_forward_to_first_boundry function.
	NOTE: https://github.com/rack/rack/commit/24d512531bd88f2d6ce94b3a3d9798fde8fbb713
CVE-2013-0182 (The Payment module 7.x-1.x before 7.x-1.3 for Drupal does not properly ...)
	NOT-FOR-US: Drupal module Payment
CVE-2013-0181 (Cross-site scripting (XSS) vulnerability in Views in the Search API ...)
	NOT-FOR-US: Drupal module search_api
CVE-2013-0180
	RESERVED
CVE-2013-0179 (The process_bin_delete function in memcached.c in memcached 1.4.4 and ...)
	- memcached 1.4.13-0.2 (low; bug #698231)
	[squeeze] - memcached 1.4.5-1+deb6u1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=895054
	NOTE: https://code.google.com/p/memcached/issues/detail?id=306
	NOTE: https://code.google.com/p/memcached/issues/attachmentText?id=306&aid=3060004000&name=0001-Fix-buffer-overrun-when-logging-key-to-delete-in-bin.patch
CVE-2013-0178 [redis 2.4: Insecure temporary flaw use for redis service's vm swap file]
	RESERVED
	- redis 2:2.6.0-1 (low)
	[squeeze] - redis <no-dsa> (Minor issue)
	[wheezy] - redis <no-dsa> (Minor issue)
	NOTE: RedHat bugreport mentions 2.4 is affected, but not 2.6
CVE-2013-0177 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: OFBiz
CVE-2013-0176 (The publickey_from_privatekey function in libssh before 0.5.4, when no ...)
	- libssh 0.5.4-1 (low; bug #698963)
	[squeeze] - libssh <no-dsa> (Minor issue)
	NOTE: http://www.libssh.org/2013/01/22/libssh-0-5-4-security-release/
	NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=55b09f426417406bb25c0b9c474fbab1398b0dc8
CVE-2013-0175 (multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and ...)
	- ruby-multi-xml <not-affected> (Vulnerable version never in the archive)
	NOTE: fixed in https://rubygems.org/gems/multi_xml/versions/0.5.2
CVE-2013-0174 (The external node classifier (ENC) API in Foreman before 1.1 allows ...)
	- foreman <itp> (bug #663101)
CVE-2013-0173 (Foreman before 1.1 uses a salt of &quot;foreman&quot; to hash root passwords, ...)
	- foreman <itp> (bug #663101)
CVE-2013-0172 (Samba 4.0.x before 4.0.1, in certain Active Directory ...)
	- samba4 4.0.0~beta2+dfsg1-3.1 (high; bug #699188)
	- samba <not-affected> (Only affects Active Directory functionality)
	NOTE: https://lists.samba.org/archive/samba-technical/2013-January/089911.html
CVE-2013-0171 (Foreman before 1.1 allows remote attackers to execute arbitrary code ...)
	- foreman <itp> (bug #663101)
CVE-2013-0170 (Use-after-free vulnerability in the virNetMessageFree function in ...)
	- libvirt 0.9.12-6 (bug #699224)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present, see bug #699224)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=893450
	NOTE: http://libvirt.org/git/?p=libvirt.git;a=commit;h=46532e3e8ed5f5a736a02f67d6c805492f9ca720
CVE-2013-0169 (The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as ...)
	{DSA-2622-1 DSA-2621-1}
	- openssl 1.0.1e-1 (bug #699889)
	- bouncycastle 1.48+dfsg-2 (low; bug #699885)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	- polarssl 1.1.4-2 (bug #699887)
	- nss 2:3.14.3-1 (bug #699888)
	[squeeze] - nss <no-dsa> (Minor issue)
	- openjdk-7 7u3-2.1.6-1
	- openjdk-6 6b27-1.12.3-1
	- gnutls26 2.12.20-4
	[squeeze] - gnutls26 <no-dsa> (Too intrusive to backport)
	- gnutls28 3.0.22-3
	- cyassl 2.9.4+dfsg-1
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	NOTE: matrixssl fixed this upstream in 3.4.1
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	NOTE: http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
CVE-2013-0168 (The MoveDisk command in Red Hat Enterprise Virtualization Manager ...)
	NOTE: RHEV management tool
CVE-2013-0167 (VDSM in Red Hat Enterprise Virtualization 3 and 3.2 allows privileged ...)
	NOT-FOR-US: Red Hat vdsm
CVE-2013-0166 (OpenSSL before 0.9.8y, 1.0.0 before 1.0.0k, and 1.0.1 before 1.0.1d ...)
	{DSA-2621-1}
	- openssl 1.0.1e-1 (bug #699889)
CVE-2013-0165
	RESERVED
	NOT-FOR-US: OpenShift
CVE-2013-0164 (The lockwrap function in port-proxy/bin/openshift-port-proxy-cfg in ...)
	NOT-FOR-US: OpenShift
CVE-2013-0163
	RESERVED
	NOT-FOR-US: OpenShift haproxy cartridge
CVE-2013-0162 (The diff_pp function in lib/gauntlet_rubyparser.rb in the ruby_parser ...)
	- ruby-parser 2.3.1-2 (bug #701637)
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/22/5
CVE-2013-0161
	RESERVED
	NOT-FOR-US: Havalite CMS
CVE-2013-0160 (The Linux kernel through 3.7.9 allows local users to obtain sensitive ...)
	{DSA-2669-1}
	- linux 3.8.12-1 (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor information leak, rather a missing hardening feature than a security vulnerability.
CVE-2013-0159 (The fedora-business-cards package before 1-0.1.beta1.fc17 on Fedora 17 ...)
	NOT-FOR-US: Fedora build script
CVE-2013-0158 (Unspecified vulnerability in Jenkins before 1.498, Jenkins LTS before ...)
	- jenkins 1.480.2+dfsg-1~exp1 (bug #697617)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-01-04
CVE-2013-0157 ((a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably ...)
	- util-linux 2.20.1-5.5 (bug #697464; low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
	[wheezy] - util-linux <no-dsa> (Minor issue)
CVE-2013-0156 (active_support/core_ext/hash/conversions.rb in Ruby on Rails before ...)
	{DSA-2604-1}
	- rails 2.3.14.1 (bug #697722; high)
	- ruby-activesupport-2.3 2.3.14-5 (bug #697789)
	- ruby-activesupport-3.2 3.2.6-5 (bug #697790)
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: http://www.insinuator.net/2013/01/rails-yaml/
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/14
	NOTE: experimental has 3.2.8-1 and should be affected too
CVE-2013-0155 (Ruby on Rails 3.0.x before 3.0.19, 3.1.x before 3.1.10, and 3.2.x ...)
	{DSA-2609-1}
	- ruby-activerecord-3.2 3.2.6-4 (bug #697744)
	- ruby-activerecord-2.3 2.3.14-4
	- ruby-actionpack-3.2 3.2.6-5 (bug #697802)
	- rails 2.3.14.1
	NOTE: Starting with 2.3.14.1 rails is a transition package
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/08/13
CVE-2013-0154 (The get_page_type function in xen/arch/x86/mm.c in Xen 4.2, when ...)
	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0153 (The AMD IOMMU support in Xen 4.2.x, 4.1.x, 3.3, and other versions, ...)
	{DSA-2636-1}
	- xen 4.1.4-2
CVE-2013-0152 (Memory leak in Xen 4.2 and unstable allows local HVM guests to cause a ...)
	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0151 (The do_hvm_op function in xen/arch/x86/hvm/hvm.c in Xen 4.2.x on the ...)
	- xen <not-affected> (Only applies to Xen 4.2, which is only available in experimental)
CVE-2013-0150 (Directory traversal vulnerability in an unspecified signed Java applet ...)
	NOT-FOR-US: F5 BIG-IP APM, FirePass and other F5 products
CVE-2013-0149 (The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 ...)
	- quagga <not-affected>
	NOTE: OSPF protocol vulnerability, quagga implementation not affected
CVE-2013-0148 (The Data Camouflage (aka FairCom Standard Encryption) algorithm in ...)
	NOT-FOR-US: FairCom c-treeACE
CVE-2013-0147
	RESERVED
CVE-2013-0146
	RESERVED
CVE-2013-0145 (Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote ...)
	NOT-FOR-US: Serva32
CVE-2013-0144 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: QNAP
CVE-2013-0143 (cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, ...)
	NOT-FOR-US: QNAP
CVE-2013-0142 (QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance ...)
	NOT-FOR-US: QNAP
CVE-2013-0141 (Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-0140 (SQL injection vulnerability in the Agent-Handler component in McAfee ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2013-0139 (The Arecont Vision AV1355DN MegaDome camera allows remote attackers to ...)
	NOT-FOR-US: Arecont Vision
CVE-2013-0138 (BitZipper 2013 before Update 1 allows remote attackers to execute ...)
	NOT-FOR-US: BitZipper
CVE-2013-0137 (The default configuration of the Digital Alert Systems DASDEC EAS ...)
	NOT-FOR-US: Digital Alert Systems and Monroe Electronics
CVE-2013-0136 (Multiple directory traversal vulnerabilities in the EditDocument ...)
	NOT-FOR-US: Mutiny
CVE-2013-0135 (Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2013-0134 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: AirDroid
CVE-2013-0133 (Untrusted search path vulnerability in ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2013-0132 (The suexec implementation in Parallels Plesk Panel 11.0.9 contains a ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2013-0131 (Buffer overflow in the NVIDIA GPU driver before 304.88, 310.x before ...)
	- nvidia-graphics-drivers 304.88-1 (bug #704547)
	[wheezy] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	[squeeze] - nvidia-graphics-drivers <no-dsa> (Non-free not supported)
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3290
CVE-2013-0130 (Multiple buffer overflows in Core FTP before 2.2 build 1769 allow ...)
	NOT-FOR-US: Core FTP
CVE-2013-0129 (Multiple cross-site scripting (XSS) vulnerabilities in pd-admin before ...)
	NOT-FOR-US: pd-admin
CVE-2013-0128 (The Contact Customer Support feature in the TigerText Free Private ...)
	NOT-FOR-US: TigerText
CVE-2013-0127 (IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2013-0126 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Verizon router
CVE-2013-0125 (Cross-site scripting (XSS) vulnerability in fileview.asp in C2 ...)
	NOT-FOR-US: C2 WebResource
CVE-2013-0124 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: ASKIA
CVE-2013-0123 (Multiple SQL injection vulnerabilities in the administration interface ...)
	NOT-FOR-US: ASKIA
CVE-2013-0122 (The avast! Mobile Security application before 2.0.4400 for Android ...)
	NOT-FOR-US: avast! Mobile Security application
CVE-2013-0121
	RESERVED
CVE-2013-0120 (The web interface on Dell PowerConnect 6248P switches allows remote ...)
	NOT-FOR-US: Dell Switches
CVE-2013-0119
	RESERVED
CVE-2013-0118 (CS-Cart before 3.0.6, when PayPal Standard Payments is configured, ...)
	NOT-FOR-US: CS-Cart
CVE-2013-0117
	RESERVED
CVE-2013-0116
	RESERVED
CVE-2013-0115
	RESERVED
CVE-2013-0114
	RESERVED
CVE-2013-0113 (Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2013-0112
	RESERVED
CVE-2013-0111 (daemonu.exe (aka the NVIDIA Update Service Daemon), as distributed ...)
	NOT-FOR-US: NVIDIA Update Service Daemon
CVE-2013-0110 (nvSCPAPISvr.exe in the NVIDIA Stereoscopic 3D Driver service, as ...)
	NOT-FOR-US: NVIDIA Stereoscopic 3D Driver service
CVE-2013-0109 (The NVIDIA driver before 307.78, and Release 310 before 311.00, in the ...)
	NOT-FOR-US: NVIDIA Display Driver service on Windows
CVE-2013-0108 (An ActiveX control in HscRemoteDeploy.dll in Honeywell Enterprise ...)
	NOT-FOR-US: Honeywell
CVE-2013-0107 (Stack-based buffer overflow in Foxit Advanced PDF Editor 3 before 3.04 ...)
	NOT-FOR-US: Foxit Advanced PDF Editor
CVE-2013-0106
	RESERVED
CVE-2013-0105
	RESERVED
CVE-2013-0104
	RESERVED
CVE-2013-0103
	RESERVED
CVE-2013-0102
	RESERVED
CVE-2013-0101
	RESERVED
CVE-2012-6323
	RESERVED
CVE-2012-6322
	RESERVED
CVE-2012-6321
	RESERVED
CVE-2012-6320
	RESERVED
CVE-2012-6319
	RESERVED
CVE-2012-6318
	RESERVED
CVE-2012-6317
	RESERVED
CVE-2012-6316 (Multiple cross-site scripting (XSS) vulnerabilities in the TP-LINK ...)
	NOT-FOR-US: TP-LINK
CVE-2012-6315
	REJECTED
CVE-2012-6314 (Citrix XenDesktop Virtual Desktop Agent (VDA) 5.6.x before 5.6.200, ...)
	NOT-FOR-US: Citrix XenDesktop
CVE-2012-6313 (simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-6312 (Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-6311
	RESERVED
CVE-2012-6310
	RESERVED
CVE-2012-6309
	RESERVED
CVE-2012-6308
	RESERVED
CVE-2012-6307
	RESERVED
CVE-2012-6306
	RESERVED
CVE-2012-6305
	RESERVED
CVE-2012-6304
	RESERVED
CVE-2012-6303 (Heap-based buffer overflow in the GetWavHeader function in ...)
	- snack 2.2.10-dfsg1-12.1 (low; bug #695614)
	[squeeze] - snack 2.2.10-dfsg1-9+squeeze1
	- wavesurfer <not-affected> (originally reported in wavesurfer, but actually a bug in libsnack, see bug #695615)
	NOTE: http://secunia.com/advisories/49889/
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/10/2
CVE-2012-6302
	RESERVED
CVE-2012-6301 (The Browser application in Android 4.0.3 allows remote attackers to ...)
	NOT-FOR-US: Android browser
CVE-2012-6300
	RESERVED
CVE-2012-6299 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...)
	NOT-FOR-US: CA IdentityMinder
CVE-2012-6298 (Unspecified vulnerability in CA IdentityMinder r12.0 through CR16, ...)
	NOT-FOR-US: CA IdentityMinder
CVE-2012-6297
	RESERVED
CVE-2012-6296
	RESERVED
CVE-2012-6295
	RESERVED
CVE-2012-6294
	RESERVED
CVE-2012-6293
	RESERVED
CVE-2012-6292
	RESERVED
CVE-2012-6291
	RESERVED
CVE-2012-6290 (SQL injection vulnerability in ImageCMS before 4.2 allows remote ...)
	NOT-FOR-US: ImageCMS
CVE-2012-6289
	REJECTED
CVE-2012-6288
	REJECTED
CVE-2012-6287
	REJECTED
CVE-2012-6286
	REJECTED
CVE-2012-6285
	REJECTED
CVE-2012-6284
	REJECTED
CVE-2012-6283
	REJECTED
CVE-2012-6282
	REJECTED
CVE-2012-6281
	REJECTED
CVE-2012-6280
	REJECTED
CVE-2012-6279
	REJECTED
CVE-2012-6278
	REJECTED
CVE-2012-6277
	RESERVED
CVE-2012-6276 (Directory traversal vulnerability in the web-based management ...)
	NOT-FOR-US: TP-LINK TL-WR841N
CVE-2012-6275 (Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2012-6274 (BigAntSoft BigAnt IM Message Server does not require authentication ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2012-6273 (SQL injection vulnerability in BigAntSoft BigAnt IM Message Server ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2012-6272 (Multiple cross-site scripting (XSS) vulnerabilities in Dell OpenManage ...)
	NOT-FOR-US: Dell OpenManage Server Administrator
CVE-2012-6271 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-6270 (Adobe Shockwave Player through 11.6.8.638 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-6269
	REJECTED
CVE-2012-6268
	REJECTED
CVE-2012-6267
	REJECTED
CVE-2012-6266
	REJECTED
CVE-2012-6265
	REJECTED
CVE-2012-6264
	REJECTED
CVE-2012-6263
	REJECTED
CVE-2012-6262
	REJECTED
CVE-2012-6261
	REJECTED
CVE-2012-6260
	REJECTED
CVE-2012-6259
	REJECTED
CVE-2012-6258
	REJECTED
CVE-2012-6257
	REJECTED
CVE-2012-6256
	REJECTED
CVE-2012-6255
	REJECTED
CVE-2012-6254
	REJECTED
CVE-2012-6253
	REJECTED
CVE-2012-6252
	REJECTED
CVE-2012-6251
	REJECTED
CVE-2012-6250
	REJECTED
CVE-2012-6249
	REJECTED
CVE-2012-6248
	REJECTED
CVE-2012-6247
	REJECTED
CVE-2012-6246
	REJECTED
CVE-2012-6245
	REJECTED
CVE-2012-6244
	REJECTED
CVE-2012-6243
	REJECTED
CVE-2012-6242
	REJECTED
CVE-2012-6241
	REJECTED
CVE-2012-6240
	REJECTED
CVE-2012-6239
	REJECTED
CVE-2012-6238
	REJECTED
CVE-2012-6237
	REJECTED
CVE-2012-6236
	REJECTED
CVE-2012-6235
	REJECTED
CVE-2012-6234
	REJECTED
CVE-2012-6233
	REJECTED
CVE-2012-6232
	REJECTED
CVE-2012-6231
	REJECTED
CVE-2012-6230
	REJECTED
CVE-2012-6229
	REJECTED
CVE-2012-6228
	REJECTED
CVE-2012-6227
	REJECTED
CVE-2012-6226
	REJECTED
CVE-2012-6225
	REJECTED
CVE-2012-6224
	REJECTED
CVE-2012-6223
	REJECTED
CVE-2012-6222
	REJECTED
CVE-2012-6221
	REJECTED
CVE-2012-6220
	REJECTED
CVE-2012-6219
	REJECTED
CVE-2012-6218
	REJECTED
CVE-2012-6217
	REJECTED
CVE-2012-6216
	REJECTED
CVE-2012-6215
	REJECTED
CVE-2012-6214
	REJECTED
CVE-2012-6213
	REJECTED
CVE-2012-6212
	REJECTED
CVE-2012-6211
	REJECTED
CVE-2012-6210
	REJECTED
CVE-2012-6209
	REJECTED
CVE-2012-6208
	REJECTED
CVE-2012-6207
	REJECTED
CVE-2012-6206
	REJECTED
CVE-2012-6205
	REJECTED
CVE-2012-6204
	REJECTED
CVE-2012-6203
	REJECTED
CVE-2012-6202
	REJECTED
CVE-2012-6201
	REJECTED
CVE-2012-6200
	REJECTED
CVE-2012-6199
	REJECTED
CVE-2012-6198
	REJECTED
CVE-2012-6197
	REJECTED
CVE-2012-6196
	REJECTED
CVE-2012-6195
	REJECTED
CVE-2012-6194
	REJECTED
CVE-2012-6193
	REJECTED
CVE-2012-6192
	REJECTED
CVE-2012-6191
	REJECTED
CVE-2012-6190
	REJECTED
CVE-2012-6189
	REJECTED
CVE-2012-6188
	REJECTED
CVE-2012-6187
	REJECTED
CVE-2012-6186
	REJECTED
CVE-2012-6185
	REJECTED
CVE-2012-6184
	REJECTED
CVE-2012-6183
	REJECTED
CVE-2012-6182
	REJECTED
CVE-2012-6181
	REJECTED
CVE-2012-6180
	REJECTED
CVE-2012-6179
	REJECTED
CVE-2012-6178
	REJECTED
CVE-2012-6177
	REJECTED
CVE-2012-6176
	REJECTED
CVE-2012-6175
	REJECTED
CVE-2012-6174
	REJECTED
CVE-2012-6173
	REJECTED
CVE-2012-6172
	REJECTED
CVE-2012-6171
	REJECTED
CVE-2012-6170
	REJECTED
CVE-2012-6169
	REJECTED
CVE-2012-6168
	REJECTED
CVE-2012-6167
	REJECTED
CVE-2012-6166
	REJECTED
CVE-2012-6165
	REJECTED
CVE-2012-6164
	REJECTED
CVE-2012-6163
	REJECTED
CVE-2012-6162
	REJECTED
CVE-2012-6161
	REJECTED
CVE-2012-6160
	REJECTED
CVE-2012-6159
	REJECTED
CVE-2012-6158
	REJECTED
CVE-2012-6157
	RESERVED
CVE-2012-6156
	RESERVED
CVE-2012-6155
	RESERVED
CVE-2012-6154
	RESERVED
CVE-2012-6153 (http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient ...)
	{DLA-222-1}
	- commons-httpclient 3.1-10.2 (bug #692442)
	NOTE: References to upstream patches for 4.x can be found in https://issues.apache.org/jira/browse/HTTPCLIENT-1549
CVE-2012-6152 (The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does ...)
	- pidgin 2.10.8-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-6151 (Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB ...)
	- net-snmp 5.7.2.1~dfsg-3 (low; bug #731625)
	[wheezy] - net-snmp 5.4.3~dfsg-2.8+deb7u1
	[squeeze] - net-snmp <no-dsa> (Minor issue)
	NOTE: http://sourceforge.net/p/net-snmp/bugs/2411/
	NOTE: Upstream patch: http://sourceforge.net/p/net-snmp/code/ci/793d596838ff7cb48a73b675d62897c56c9e62df/
CVE-2012-6150 (The winbind_name_list_to_sid_string_list function in ...)
	- samba 2:4.0.13+dfsg-1 (low)
	[wheezy] - samba 2:3.6.6-6+deb7u3
	[squeeze] - samba <no-dsa> (Can be fixed along in a future DSA)
	- samba4 <not-affected> (Samba 4 winbind does not implement this feature)
	NOTE: introduced http://git.samba.org/?p=samba.git;a=commit;h=31f1a36901b5b8959dc51401c09c114829b50392
	NOTE: fixed by http://git.samba.org/?p=samba.git;a=commitdiff;h=f62683956a3b182f6a61cc7a2b4ada2e74cde243
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=10300
CVE-2012-6149 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2012-6148 (Cross-site scripting (XSS) vulnerability in the function menu API in ...)
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	[squeeze] - typo3-src <not-affected> (Vulnerable code not present)
	NOTE: https://review.typo3.org/16300
CVE-2012-6147 (Cross-site scripting (XSS) vulnerability in the tree render API ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16305
CVE-2012-6146 (The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16304
CVE-2012-6145 (Cross-site scripting (XSS) vulnerability in the Backend History module ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16304
CVE-2012-6144 (SQL injection vulnerability in the Backend History module in TYPO3 ...)
	{DSA-2574-1}
	- typo3-src 4.5.19+dfsg1-4 (bug #692775)
	NOTE: https://review.typo3.org/16304
CVE-2012-6143 (Spoon::Cookie in the Spoon module 0.24 for Perl does not properly use ...)
	- libspoon-perl <removed> (bug #715371; low)
	[squeeze] - libspoon-perl <no-dsa> (Minor issue)
	[wheezy] - libspoon-perl <no-dsa> (Minor issue)
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85217
CVE-2012-6142 (Session::Cookie in the HTML::EP module 0.2011 for Perl does not ...)
	NOT-FOR-US: HTML-EP CPAN module
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85216
CVE-2012-6141 (The App::Context module 0.01 through 0.968 for Perl does not properly ...)
	NOT-FOR-US: App-Context CPAN module
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=85215
CVE-2012-6140 (pam_google_authenticator.c in the PAM module in Google Authenticator ...)
	- google-authenticator 20130529-1 (bug #666129)
CVE-2012-6139 (libxslt before 1.1.28 allows remote attackers to cause a denial of ...)
	{DSA-2654-1}
	- libxslt 1.1.26-14.1 (bug #703933)
	NOTE: http://git.gnome.org/browse/libxslt/commit/?id=6c99c519d97e5fcbec7a9537d190efb442e4e833
	NOTE: http://git.gnome.org/browse/libxslt/commit/?id=dc11b6b379a882418093ecc8adf11f6166682e8d
CVE-2012-6138
	REJECTED
CVE-2012-6137 (rhn-migrate-classic-to-rhsm tool in Red Hat subscription-manager does ...)
	NOT-FOR-US: Red Hat subscription-manager
CVE-2012-6136
	RESERVED
	- tuned <not-affected> (Fixed before initial release to Debian)
CVE-2012-6135
	RESERVED
	- ruby-passenger <not-affected> (Vulnerable code not present; bug #702219)
	NOTE: 4.0.0 betas only
CVE-2012-6134 (Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 ...)
	- ruby-omniauth-oauth2 <not-affected> (Fixed in the first version uploaded to Debian)
CVE-2012-6133 [XSS flaws in ok and error messages]
	RESERVED
	{DLA-298-1}
	- roundup 1.4.20-1
	NOTE: http://issues.roundup-tracker.org/issue2550724
CVE-2012-6132 (Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 ...)
	{DLA-298-1}
	- roundup 1.4.20-1
CVE-2012-6131 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...)
	{DLA-298-1}
	- roundup 1.4.20-1
	NOTE: http://issues.roundup-tracker.org/issue2550711
CVE-2012-6130 (Cross-site scripting (XSS) vulnerability in the history display in ...)
	{DLA-298-1}
	- roundup 1.4.20-1
	NOTE: http://issues.roundup-tracker.org/issue2550684
CVE-2012-6129 (Stack-based buffer overflow in utp.cpp in libutp, as used in ...)
	- transmission 2.52-3+nmu1 (bug #700234)
	[squeeze] - transmission <not-affected> (UTP code not present)
CVE-2012-6128 (Multiple stack-based buffer overflows in http.c in OpenConnect before ...)
	{DSA-2623-1}
	- openconnect 3.20-3 (bug #700794)
	NOTE: http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/26f752c3dbf69227679fc6bebb4ae071aecec491
	NOTE: The fix seems to introduce a possible memory leak as regression, see BTS #700805
CVE-2012-6127
	REJECTED
CVE-2012-6126
	REJECTED
CVE-2012-6125
	RESERVED
	- chicken 4.8.0-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6124
	RESERVED
	- chicken 4.8.0-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6123
	RESERVED
	- chicken 4.8.0-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6122
	RESERVED
	- chicken 4.8.0.3-1 (low; bug #702410)
	[wheezy] - chicken <no-dsa> (Minor issue)
	[squeeze] - chicken <no-dsa> (Minor issue)
CVE-2012-6121 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
	- roundcube <not-affected> (vulnerable code not in stable or testing)
	NOTE: http://trac.roundcube.net/ticket/1488850
	NOTE: Upstream patch: https://github.com/roundcube/roundcubemail/commit/74cd0a9b62f11bc07c5a1d3ba0098b54883eb0ba
CVE-2012-6120 (Red Hat OpenStack Essex and Folsom creates the /var/log/puppet ...)
	{DLA-29-1}
	- puppet 2.6.4-2
	[squeeze] - puppet <no-dsa> (Minor issue)
	NOTE: puppet-common postinst in unstable sets dpkg-statoverride --update --add puppet puppet 0750 /var/log/puppet
	NOTE: After starting puppetmaster permissions on directory are restricted
CVE-2012-6119 (Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager ...)
	NOTE: Candlepin
CVE-2012-6118 (The Administer tab in Aeolus Conductor allows remote authenticated ...)
	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-6117 (Aeolus Configuration Server, as used in Red Hat CloudForms Cloud ...)
	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-6116 (modules/certs/manifests/config.pp in katello-configure before ...)
	NOTE: Candlepin
CVE-2012-6115 (The domain management tool (rhevm-manage-domains) in Red Hat ...)
	NOTE: RHEV management tool
CVE-2012-6114 [temp file vulnerability in git-extras]
	RESERVED
	- git-extras 1.7.0-1.2 (bug #698490)
CVE-2012-6113 (The openssl_encrypt function in ext/openssl/openssl.c in PHP 5.3.9 ...)
	- php5 5.4.0~beta2-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.9)
	NOTE: Introduced in http://git.php.net/?p=php-src.git;a=commitdiff;h=095cbc48a8f0090f3b0abc6155f2b61943c9eafb
	NOTE: Fixed in 5.3.14 http://git.php.net/?p=php-src.git;a=commitdiff;h=270a406ac94b5fc5cc9ef59fc61e3b4b95648a3e
	NOTE: https://bugs.launchpad.net/ubuntu/+source/php5/+bug/1099793
	NOTE: https://bugs.php.net/bug.php?id=61413
CVE-2012-6112 (classes/GoogleSpell.php in the PHP Spellchecker (aka Google ...)
	- tinymce <not-affected> (TinyMCE Google spellchecker plugin)
	- wordpress 3.5.1+dfsg-2
	- moodle 2.5-1 (bug #702387)
	[squeeze] - wordpress 3.5.2+dfsg-1~deb6u1 (bug #701667)
	[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
	[wheezy] - wordpress 3.5.2+dfsg-1~deb7u1 (bug #701667)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
	NOTE: http://www.tinymce.com/develop/changelog/?type=phpspell
	NOTE: patch: https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974
	NOTE: http://www.tinymce.com/forum/viewtopic.php?id=30036
CVE-2012-6111 [gnome-keyring does not discard stored secrets in some cases]
	RESERVED
	- gnome-keyring 3.8.2-1 (low; bug #697896)
	[squeeze] - gnome-keyring <no-dsa> (Minor issue)
	[wheezy] - gnome-keyring <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/11/5
CVE-2012-6109 (lib/rack/multipart.rb in Rack before 1.1.4, 1.2.x before 1.2.6, 1.3.x ...)
	- ruby-rack 1.4.1-2.1 (bug #698440)
	- librack-ruby <removed>
	[squeeze] - librack-ruby <not-affected> (vulnerable code not present)
	NOTE: https://github.com/rack/rack/commit/4fc44671b3cad569421f4f8b775c0590b86f575e
	NOTE: https://groups.google.com/forum/#!msg/rack-devel/1w4_fWEgTdI/XAkSNHjtdTsJ
CVE-2012-6108 (HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses ...)
	- hplip <not-affected> (permissions are 755 on wheezy, sid and experimental)
CVE-2012-6107 (Apache Axis2/C does not verify that the server hostname matches a ...)
	- axis2c <removed> (bug #697974)
	[squeeze] - axis2c <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.apache.org/jira/browse/AXIS2C-1619
CVE-2012-6106 (calendar/managesubscriptions.php in the Manage Subscriptions ...)
	- moodle <not-affected> (Only affects 2.4)
CVE-2012-6105 (blog/rsslib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6104 (blog/rsslib.php in Moodle 2.2.x before 2.2.7, 2.3.x before 2.3.4, and ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6103 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6102 (lib.php in the Submission comments plugin in the Assignment module in ...)
	- moodle <not-affected> (Only affects 2.3 and above)
CVE-2012-6101 (Multiple open redirect vulnerabilities in Moodle 2.2.x before 2.2.7, ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6100 (report/outline/index.php in Moodle 2.2.x before 2.2.7, 2.3.x before ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <not-affected> (Only affects 2.2 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6099 (The moodle1 backup converter in backup/converter/moodle1/lib.php in ...)
	- moodle 2.5-1
	[squeeze] - moodle <not-affected> (Only affects 2.1 and above)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6098 (grade/edit/outcome/edit_form.php in Moodle 1.9.x through 1.9.19, 2.1.x ...)
	- moodle 2.5-1 (low; bug #702387)
	[squeeze] - moodle <no-dsa> (Minor issue)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy2
CVE-2012-6097 (File descriptor leak in cronie 1.4.8, when running in certain ...)
	[experimental] - cronie <unfixed> (low; bug #697811)
	NOTE: Only present in experimental
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=786096
CVE-2012-6096 (Multiple stack-based buffer overflows in the get_history function in ...)
	{DSA-2653-1 DSA-2616-1}
	- icinga 1.7.1-5 (bug #697931)
	- nagios3 3.4.1-3 (bug #697930)
CVE-2012-6095 (ProFTPD before 1.3.5rc1, when using the UserOwner directive, allows ...)
	{DSA-2606-1}
	- proftpd-dfsg 1.3.4a-3 (bug #697524)
CVE-2012-6094
	RESERVED
	- cups <not-affected> (systemd patch not applied in Debian, see bug #697584)
CVE-2012-6093 (The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before ...)
	- qt4-x11 <not-affected> (Only affects environments where a different OpenSSL is used, doesn't apply to Debian; bug #697582)
	NOTE: http://lists.qt-project.org/pipermail/announce/2013-January/000020.html
	NOTE: https://codereview.qt-project.org/#change,42461
	NOTE: Fixed in 4:4.8.2+dfsg-10
CVE-2012-6092 (Multiple cross-site scripting (XSS) vulnerabilities in the web demos ...)
	- activemq <not-affected> (Example code not shipped in .deb)
CVE-2012-6091
	RESERVED
CVE-2012-6090 (Multiple stack-based buffer overflows in the expand function in ...)
	- swi-prolog 5.10.4-5 (low; bug #697416)
	[squeeze] - swi-prolog 5.10.1-1+squeeze1
	NOTE: http://web.archive.org/web/20130309013536/http://web.archive.org/web/20130309013536/https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
	NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/b2c88972e7515ada025e97e7d3ce3e34f81cf33e
CVE-2012-6089 (Multiple stack-based buffer overflows in the canoniseFileName function ...)
	- swi-prolog 5.10.4-5 (low; bug #697416)
	[squeeze] - swi-prolog 5.10.1-1+squeeze1
	NOTE: http://web.archive.org/web/20130309013536/http://web.archive.org/web/20130309013536/https://lists.iai.uni-bonn.de/pipermail/swi-prolog/2012/009428.html
	NOTE: http://www.swi-prolog.org/git/pl.git/commitdiff/a9a6fc8a2a9cf3b9154b490a4b1ffaa8be4d723c
CVE-2012-6088 (The rpmpkgRead function in lib/package.c in RPM 4.10.x before 4.10.2 ...)
	- rpm 4.10.1-2.1 (bug #697375)
	[squeeze] - rpm <not-affected> (Introduced in rpm 4.10.0)
	[wheezy] - rpm 4.10.0-5+deb7u1
CVE-2012-6087 (repository/s3/S3.php in the Amazon S3 library in Moodle through ...)
	- moodle 2.2.7.dfsg-1
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1
	NOTE: https://github.com/tpyo/amazon-s3-php-class/pull/36
	NOTE: https://tracker.moodle.org/browse/MDL-40615
CVE-2012-6086 (libs/zbxmedia/eztexting.c in Zabbix 1.8.x before 1.8.18rc1, 2.0.x ...)
	- zabbix 1:2.0.7+dfsg-1 (bug #697443)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
	NOTE: https://support.zabbix.com/browse/ZBX-5924
CVE-2012-6085 (The read_block function in g10/import.c in GnuPG 1.4.x before 1.4.13 ...)
	{DSA-2601-1}
	- gnupg 1.4.12-7 (bug #697108)
	- gnupg2 2.0.19-2 (bug #697251)
CVE-2012-6084 (modules/m_capab.c in (1) ircd-ratbox before 3.0.8 and (2) Charybdis ...)
	{DSA-2612-1}
	- charybdis 3.3.0-7.1 (bug #697092)
	- ircd-ratbox 3.0.7.dfsg-3 (bug #697093)
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/1
	NOTE: http://www.openwall.com/lists/oss-security/2013/01/01/2
CVE-2012-6083
	RESERVED
	- freeciv 2.3.4-1 (low; bug #696306)
	[squeeze] - freeciv <no-dsa> (Minor issue)
	[wheezy] - freeciv 2.3.2-1+deb7u1
CVE-2012-6082 (Cross-site scripting (XSS) vulnerability in the rsslink function in ...)
	{DSA-2593-1}
	- moin 1.9.5-2
	[wheezy] - moin 1.9.4-8+deb7u1
	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/c98ec456e493
CVE-2012-6081 (Multiple unrestricted file upload vulnerabilities in the (1) twikidraw ...)
	{DSA-2593-1}
	[wheezy] - moin 1.9.4-8+deb7u1
	- moin 1.9.5-3 (bug #696948)
	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
CVE-2012-6080 (Directory traversal vulnerability in the _do_attachment_move function ...)
	{DSA-2593-1}
	[wheezy] - moin 1.9.4-8+deb7u1
	- moin 1.9.5-4 (bug #696949)
	NOTE: Fix http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
CVE-2012-6079
	RESERVED
	NOT-FOR-US: W3 Total Cache
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6078
	RESERVED
	NOT-FOR-US: W3 Total Cache
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6077
	RESERVED
	NOT-FOR-US: W3 Total Cache
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/3
CVE-2012-6076 (Inkscape before 0.48.4 reads .eps files from /tmp instead of the ...)
	- inkscape 0.48.3.1-1.3 (low; bug #654341)
	[squeeze] - inkscape <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/inkscape/+bug/911146
CVE-2012-6075 (Buffer overflow in the e1000_receive function in the e1000 device ...)
	{DSA-2619-1 DSA-2608-1 DSA-2607-1}
	- qemu 1.1.2+dfsg-4 (bug #696051)
	- qemu-kvm 1.1.2+dfsg-4 (bug #696051)
	- xen 4.1.3-8
	[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/30/1
CVE-2012-6074 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.491, ...)
	- jenkins 1.447.2+dfsg-3 (bug #696816)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6073 (Open redirect vulnerability in Jenkins before 1.491, Jenkins LTS ...)
	- jenkins 1.447.2+dfsg-3 (bug #696816)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6072 (CRLF injection vulnerability in Jenkins before 1.491, Jenkins LTS ...)
	- jenkins 1.447.2+dfsg-3 (bug #696816)
	- jenkins-winstone 0.9.10-jenkins-37+dfsg-2 (bug #696974)
	NOTE: https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2012-11-20
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/28/1
CVE-2012-6071 [libnusoap-php: Curl insecure usage]
	RESERVED
	- nusoap 0.7.3-5 (low; bug #696707)
	[squeeze] - nusoap <no-dsa> (Minor issue)
CVE-2012-6070 [falconpl: Curl insecure usage]
	RESERVED
	- falconpl 0.9.6.9-git20120606-2 (bug #696681)
CVE-2011-5250
	RESERVED
CVE-2011-5249 (Cross-site scripting (XSS) vulnerability in the events page in the ...)
	NOT-FOR-US: SNARE
CVE-2011-5248
	RESERVED
CVE-2011-5247
	RESERVED
CVE-2009-5133
	RESERVED
CVE-2012-6069 (Directory traversal vulnerability in the Runtime Toolkit in CODESYS ...)
	NOT-FOR-US: CODESYS Runtime System
CVE-2012-6068 (The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not ...)
	NOT-FOR-US: CODESYS Runtime System
CVE-2012-6067 (freeFTPd.exe in freeFTPd through 1.0.11 allows remote attackers to ...)
	NOT-FOR-US: freeFTPd
CVE-2012-6066 (freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to ...)
	NOT-FOR-US: freeFTPd
CVE-2012-6065 (The OM Maximenu module 6.x-1.43 and earlier for Drupal, when the ...)
	NOT-FOR-US: Drupal plugin
CVE-2012-6064 (Directory traversal vulnerability in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2012-6063 (Double free vulnerability in the sftp_mkdir function in sftp.c in ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
	[squeeze] - libssh 0.4.5-3+squeeze1
	NOTE: Fix included in CVE-2012-4559 patch
	NOTE: https://red.libssh.org/issues/84
	NOTE: http://git.libssh.org/projects/libssh.git/commit/?h=v0-5&id=4d8420f3282ed07fc99fc5e930c17df27ef1e9b2
CVE-2012-6062 (The dissect_rtcp_app function in epan/dissectors/packet-rtcp.c in the ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6061 (The dissect_wtp_common function in epan/dissectors/packet-wtp.c in the ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6060 (Integer overflow in the dissect_iscsi_pdu function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6059 (The dissect_isakmp function in epan/dissectors/packet-isakmp.c in the ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6058 (Integer overflow in the dissect_icmpv6 function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6057 (The dissect_eigrp_metric_comm function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6056 (Integer overflow in the dissect_sack_chunk function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6055 (epan/dissectors/packet-3g-a11.c in the 3GPP2 A11 dissector in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6054 (The dissect_sflow_245_address_type function in ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6053 (epan/dissectors/packet-usb.c in the USB dissector in Wireshark 1.6.x ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-6052 (Wireshark 1.8.x before 1.8.4 allows remote attackers to obtain ...)
	{DLA-497-1}
	- wireshark 1.8.6-1 (unimportant)
	NOTE: not suitable for code injection
	NOTE: Upstream patch: http://anonsvn.wireshark.org/viewvc?view=revision&revision=45511
CVE-2011-5246
	RESERVED
CVE-2013-0100
	REJECTED
CVE-2013-0099
	REJECTED
CVE-2013-0098
	REJECTED
CVE-2013-0097
	REJECTED
CVE-2013-0096 (Writer in Microsoft Windows Essentials 2011 and 2012 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2013-0095 (Outlook in Microsoft Office for Mac 2008 before 12.3.6 and Office for ...)
	NOT-FOR-US: Outlook in Microsoft Office for Mac
CVE-2013-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0093 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0092 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0091 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0090 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0089 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0088 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0087 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0086 (Microsoft OneNote 2010 SP1 does not properly determine buffer sizes ...)
	NOT-FOR-US: Microsoft OneNote
CVE-2013-0085 (Buffer overflow in Microsoft SharePoint Server 2010 SP1 and SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0084 (Directory traversal vulnerability in Microsoft SharePoint Server 2010 ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0083 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0082 (Microsoft Office 2003 SP3 and 2007 SP3 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2013-0081 (Microsoft SharePoint Portal Server 2003 SP3 and SharePoint Server 2007 ...)
	NOT-FOR-US: Microsoft
CVE-2013-0080 (Microsoft SharePoint Server 2010 SP1 and SharePoint Foundation 2010 ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2013-0079 (Microsoft Visio Viewer 2010 SP1 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Visio Viewer
CVE-2013-0078 (The Microsoft Antimalware Client in Windows Defender on Windows 8 and ...)
	NOT-FOR-US: Microsoft Antimalware Client
CVE-2013-0077 (Quartz.dll in DirectShow in Microsoft Windows XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0076 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0075 (The TCP/IP implementation in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2013-0073 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0072
	REJECTED
CVE-2013-0071
	REJECTED
CVE-2013-0070
	REJECTED
CVE-2013-0069
	REJECTED
CVE-2013-0068
	REJECTED
CVE-2013-0067
	REJECTED
CVE-2013-0066
	REJECTED
CVE-2013-0065
	REJECTED
CVE-2013-0064
	REJECTED
CVE-2013-0063
	REJECTED
CVE-2013-0062
	REJECTED
CVE-2013-0061
	REJECTED
CVE-2013-0060
	REJECTED
CVE-2013-0059
	REJECTED
CVE-2013-0058
	REJECTED
CVE-2013-0057
	REJECTED
CVE-2013-0056
	REJECTED
CVE-2013-0055
	REJECTED
CVE-2013-0054
	REJECTED
CVE-2013-0053
	REJECTED
CVE-2013-0052
	REJECTED
CVE-2013-0051
	REJECTED
CVE-2013-0050
	REJECTED
CVE-2013-0049
	REJECTED
CVE-2013-0048
	REJECTED
CVE-2013-0047
	REJECTED
CVE-2013-0046
	REJECTED
CVE-2013-0045
	REJECTED
CVE-2013-0044
	REJECTED
CVE-2013-0043
	REJECTED
CVE-2013-0042
	REJECTED
CVE-2013-0041
	REJECTED
CVE-2013-0040
	REJECTED
CVE-2013-0039
	REJECTED
CVE-2013-0038
	REJECTED
CVE-2013-0037
	REJECTED
CVE-2013-0036
	REJECTED
CVE-2013-0035
	REJECTED
	NOT-FOR-US: Apache CXF
CVE-2013-0034
	REJECTED
	NOT-FOR-US: Apache CXF
CVE-2013-0033
	REJECTED
CVE-2013-0032
	REJECTED
CVE-2013-0031
	REJECTED
CVE-2013-0030 (The Vector Markup Language (VML) implementation in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0029 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0028 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0027 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0026 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0025 (Use-after-free vulnerability in Microsoft Internet Explorer 8 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0024 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0023 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0022 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0021 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0020 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0019 (Use-after-free vulnerability in Microsoft Internet Explorer 7 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0018 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0017
	REJECTED
CVE-2013-0016
	REJECTED
CVE-2013-0015 (Microsoft Internet Explorer 6 through 9 does not properly perform ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2013-0014
	REJECTED
CVE-2013-0013 (The SSL provider component in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0012
	REJECTED
CVE-2013-0011 (The Print Spooler in Microsoft Windows Server 2008 R2 and R2 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0010 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...)
	NOT-FOR-US: Microsoft System Center Opera Manager
CVE-2013-0009 (Cross-site scripting (XSS) vulnerability in Microsoft System Center ...)
	NOT-FOR-US: Microsoft System Center Opera Manager
CVE-2013-0008 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2013-0007 (Microsoft XML Core Services (aka MSXML) 4.0, 5.0, and 6.0 does not ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2013-0006 (Microsoft XML Core Services (aka MSXML) 3.0, 5.0, and 6.0 does not ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2013-0005 (The WCF Replace function in the Open Data (aka OData) protocol ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0004 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0003 (Buffer overflow in a System.DirectoryServices.Protocols (S.DS.P) ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0002 (Buffer overflow in the Windows Forms (aka WinForms) component in ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2013-0001 (The Windows Forms (aka WinForms) component in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-6051 (Google CityHash computes hash values without properly restricting the ...)
	- cityhash <removed> (bug #694999)
CVE-2011-5373
	REJECTED
CVE-2011-5372
	REJECTED
CVE-2011-5371
	REJECTED
CVE-2011-5370
	REJECTED
CVE-2012-6050 (The winbox service in MikroTik RouterOS 5.15 and earlier allows remote ...)
	NOT-FOR-US: MikroTik RouterOS
CVE-2012-6049 (Open Solution Quick.Cart 5.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Open Solution Quick.Cart 5.0
CVE-2012-6048 (Guitar Pro 6.1.1 r10791 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Guitar Pro 6.1.1
CVE-2012-6047 (Cross-site request forgery (CSRF) vulnerability in X7 Chat 2.0.5.1 and ...)
	NOT-FOR-US: X7 Chat 2.0.5.1
CVE-2012-6046 (Static code injection vulnerability in admin/banners.php in PHP Enter ...)
	NOT-FOR-US: PHP Enter
CVE-2012-6045 (Cross-site scripting (XSS) vulnerability in gb/user/index.php in Ramui ...)
	NOT-FOR-US: Ramui Forum
CVE-2012-6044 (M-Player 0.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: M-Player (different from mplayer in the archive)
CVE-2012-6043 (Cross-site scripting (XSS) vulnerability in downloads.php in ...)
	NOT-FOR-US: phpFusion
CVE-2012-6042 (GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: GPSMapEdit
CVE-2012-6041 (Double free vulnerability in GreenBrowser before 6.0.1002, when the ...)
	NOT-FOR-US: GreenBrowser
CVE-2012-6040 (Cross-site scripting (XSS) vulnerability in users.php in File King ...)
	NOT-FOR-US: File King Advanced File Management 1.4
CVE-2012-6039 (SQL injection vulnerability in view_comments.php in YABSoft Advanced ...)
	NOT-FOR-US: YABSoft Advanced Image Hosting
CVE-2012-6038 (admin/core/admin_func.php in razorCMS before 1.2.1 does not properly ...)
	NOT-FOR-US: razorCMS
CVE-2010-5286 (Directory traversal vulnerability in Jstore (com_jstore) component for ...)
	NOT-FOR-US: Joomla jstore
CVE-2010-5285 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOTE: Old report against collabtive, Poc has vanished and likely fixed in current release, see #695348
CVE-2010-5284 (Multiple cross-site scripting (XSS) vulnerabilities in Collabtive ...)
	- collabtive 0.7.6-1 (bug #695348)
	NOTE: Might be fixed earlier, but 0.7.6 was tested
CVE-2010-5283 (Cross-site request forgery (CSRF) vulnerability in OpenText ECM ...)
	NOT-FOR-US: OpenText ECM
CVE-2010-5282 (Multiple cross-site scripting (XSS) vulnerabilities in OpenText ECM ...)
	NOT-FOR-US: OpenText ECM
CVE-2010-5281 (Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 ...)
	NOT-FOR-US: CMScout IBrowser TinyMCE Plugin
CVE-2010-5280 (Directory traversal vulnerability in the Community Builder Enhanced ...)
	NOT-FOR-US: CBE for Joomla
CVE-2012-6037 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.4.x ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
CVE-2012-6036 (The (1) memc_save_get_next_page, (2) tmemc_restore_put_page and (3) ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6035 (The do_tmem_destroy_pool function in the Transcendent Memory (TMEM) in ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6034 (The (1) tmemc_save_get_next_page and (2) tmemc_save_get_next_inv ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6033 (The do_tmem_control function in the Transcendent Memory (TMEM) in Xen ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6032 (Multiple integer overflows in the (1) tmh_copy_from_client and (2) ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6031 (The do_tmem_get function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6030 (The do_tmem_op function in the Transcendent Memory (TMEM) in Xen 4.0, ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: CVE-2012-3497 has been SPLIT into this ID and others
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-6029 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Cisco NAC Appliance
CVE-2012-6028
	RESERVED
CVE-2012-6027
	RESERVED
CVE-2012-6026 (The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 ...)
	NOT-FOR-US: Cisco Aironet Access Point
CVE-2012-6025
	RESERVED
CVE-2012-6024
	RESERVED
CVE-2012-6023
	RESERVED
CVE-2012-6022
	RESERVED
CVE-2012-6021
	RESERVED
CVE-2012-6020
	RESERVED
CVE-2012-6019
	RESERVED
CVE-2012-6018
	RESERVED
CVE-2012-6017
	RESERVED
CVE-2012-6016
	RESERVED
CVE-2012-6015
	RESERVED
CVE-2012-6014
	RESERVED
CVE-2012-6013
	RESERVED
CVE-2012-6012
	RESERVED
CVE-2012-6011
	RESERVED
CVE-2012-6010
	RESERVED
CVE-2012-6009
	RESERVED
CVE-2012-6008
	RESERVED
CVE-2012-6007 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cisco
CVE-2012-6006
	RESERVED
CVE-2012-6005
	RESERVED
CVE-2012-6004
	RESERVED
CVE-2012-6003
	RESERVED
CVE-2012-6002
	RESERVED
CVE-2012-6001
	RESERVED
CVE-2012-6000
	RESERVED
CVE-2012-5999
	RESERVED
CVE-2012-5998
	RESERVED
CVE-2012-5997
	RESERVED
CVE-2012-5996
	RESERVED
CVE-2012-5995
	RESERVED
CVE-2012-5994
	RESERVED
CVE-2012-5993
	RESERVED
CVE-2012-5992 (Multiple cross-site request forgery (CSRF) vulnerabilities on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-5991 (screens/base/web_auth_custom.html on Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2012-5990 (Multiple cross-site scripting (XSS) vulnerabilities in Health Monitor ...)
	NOT-FOR-US: Cisco
CVE-2012-5989
	RESERVED
CVE-2012-5988
	RESERVED
CVE-2012-5987
	RESERVED
CVE-2012-5986
	RESERVED
CVE-2012-5985
	RESERVED
CVE-2012-5984
	RESERVED
CVE-2012-5983
	RESERVED
CVE-2012-5982
	RESERVED
CVE-2012-5981
	RESERVED
CVE-2012-5980
	RESERVED
CVE-2012-5978 (Multiple directory traversal vulnerabilities in the (1) View ...)
	NOT-FOR-US: VMware View
CVE-2012-5977 (Asterisk Open Source 1.8.x before 1.8.19.1, 10.x before 10.11.1, and ...)
	{DSA-2605-1}
	- asterisk 1:1.8.13.1~dfsg-2 (bug #697230)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
CVE-2012-5976 (Multiple stack consumption vulnerabilities in Asterisk Open Source ...)
	{DSA-2605-1}
	- asterisk 1:1.8.13.1~dfsg-2 (bug #697230)
	NOTE: http://downloads.digium.com/pub/security/AST-2012-014.pdf
CVE-2012-5975 (The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 ...)
	NOT-FOR-US: Tectia SSH
CVE-2012-5974
	RESERVED
CVE-2012-5973 (CA XCOM Data Transport r11.0 and r11.5 on UNIX and Linux allows remote ...)
	NOT-FOR-US: CA XCOM Data Transport
CVE-2012-5972 (Directory traversal vulnerability in the web server in SpecView 2.5 ...)
	NOT-FOR-US: SpecView 2.5
CVE-2012-5971
	RESERVED
CVE-2012-5970 (The Huawei E585 device allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Huawei device
CVE-2012-5969 (Multiple directory traversal vulnerabilities on the Huawei E585 device ...)
	NOT-FOR-US: Huawei device
CVE-2012-5968 (The Huawei E585 device does not validate the status of admin sessions, ...)
	NOT-FOR-US: Huawei device
CVE-2012-5967 (SQL injection vulnerability in menuXML.php in Centreon 2.3.3 through ...)
	NOT-FOR-US: Centreon
CVE-2012-5966 (The restricted telnet shell on the D-Link DSL2730U router allows ...)
	NOT-FOR-US: D-Link DSL2730U router
CVE-2012-5965 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5964 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5963 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5962 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5961 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5960 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5959 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5958 (Stack-based buffer overflow in the unique_service_name function in ...)
	{DSA-2615-1 DSA-2614-1}
	- libupnp 1:1.6.17-1.2 (bug #699316)
	- libupnp4 1.8.0~svn20100507-1.2 (bug #699459)
CVE-2012-5957
	RESERVED
CVE-2012-5956 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine AssetExplorer 5.6
CVE-2012-5955 (Unspecified vulnerability in the IBM HTTP Server component 5.3 in IBM ...)
	NOT-FOR-US: WebSphere
CVE-2012-5954 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2012-5953 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, ...)
	NOT-FOR-US: IBM
CVE-2012-5952 (IBM WebSphere Message Broker 6.1 before 6.1.0.12, 7.0 before 7.0.0.6, ...)
	NOT-FOR-US: IBM
CVE-2012-5951 (Unspecified vulnerability in IBM Tivoli NetView 1.4, 5.1 through 5.4, ...)
	NOT-FOR-US: IBM Tivoli NetView
CVE-2012-5950 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2012-5949 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2012-5948 (Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA ...)
	NOT-FOR-US: IBM TRIRIGA Application Platform
CVE-2012-5947 (Buffer overflow in the vsflex7l ActiveX control in IBM SPSS ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-5946 (Buffer overflow in the c1sizer ActiveX control in C1sizer.ocx in IBM ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-5945 (Multiple buffer overflows in the Vsflex8l ActiveX control in IBM SPSS ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-5944
	RESERVED
CVE-2012-5943 (Cross-site scripting (XSS) vulnerability in IBM iNotes 8.5.x before ...)
	NOT-FOR-US: IBM iNotes
CVE-2012-5942 (Cross-site scripting (XSS) vulnerability in the Data Management Portal ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2012-5941 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...)
	NOT-FOR-US: IBM
CVE-2012-5940 (The WebAdmin application 6.0.5, 6.0.8, and 7.0 before P2 in IBM ...)
	NOT-FOR-US: IBM
CVE-2012-5939 (Cross-site scripting (XSS) vulnerability in Welcome.do in the Data ...)
	NOT-FOR-US: IBM Tivoli TADDM
CVE-2012-5938 (The installation process in IBM InfoSphere Information Server 8.1, ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-5937 (Unspecified vulnerability in the CLA2 server in IBM Gentran ...)
	NOT-FOR-US: IBM Gentran Integration
CVE-2012-5936 (IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 ...)
	NOT-FOR-US: IBM
CVE-2011-5245 (The readFrom function in providers.jaxb.JAXBXmlTypeProvider in ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-5935
	RESERVED
CVE-2012-5934
	RESERVED
CVE-2012-5933
	RESERVED
CVE-2012-5932 (Eval injection vulnerability in the ldapagnt_eval function in ...)
	NOT-FOR-US: NetIQ Privileged User Manager 2.3.x
CVE-2012-5931 (Directory traversal vulnerability in the set_log_config function in ...)
	NOT-FOR-US: NetIQ Privileged User Manager 2.3.x
CVE-2012-5930 (The pa_modify_accounts function in auth.dll in unifid.exe in NetIQ ...)
	NOT-FOR-US: NetIQ Privileged User Manager 2.3.x
CVE-2012-5929
	RESERVED
CVE-2012-5928
	RESERVED
CVE-2012-5927
	RESERVED
CVE-2012-5926
	RESERVED
CVE-2012-5925
	RESERVED
CVE-2012-5924
	RESERVED
CVE-2012-5923
	RESERVED
CVE-2012-5922
	RESERVED
CVE-2012-5921
	RESERVED
CVE-2012-5920 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...)
	- gwt <removed> (bug #691900)
	[squeeze] - gwt <not-affected> (Vulnerable code not present)
CVE-2012-5919 (Multiple cross-site scripting (XSS) vulnerabilities in Havalite 1.0.4 ...)
	NOT-FOR-US: havalite
CVE-2012-5918 (razorCMS 1.2 allows remote authenticated users to access administrator ...)
	NOT-FOR-US: razorCMS
CVE-2012-5917 (SnackAmp 3.1.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SnackAmp
CVE-2012-5916 (Neocrome Seditio build 161 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2012-5915 (Neocrome Seditio build 161 and earlier allows remote attackers to ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2012-5914 (Multiple cross-site scripting (XSS) vulnerabilities in the sed_import ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2012-5913 (Cross-site scripting (XSS) vulnerability in wp-integrator.php in the ...)
	NOT-FOR-US: Wordpress Integrator plugin
CVE-2012-5912 (Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow ...)
	NOT-FOR-US: PicoPublisher
CVE-2012-5911 (Cross-site scripting (XSS) vulnerability in blogs/blog1.php in ...)
	NOT-FOR-US: b2evolution
CVE-2012-5910 (SQL injection vulnerability in blogs/htsrv/viewfile.php in b2evolution ...)
	NOT-FOR-US: b2evolution
CVE-2012-5909 (SQL injection vulnerability in admin/modules/user/users.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2012-5908 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyBB
CVE-2012-5907 (Directory traversal vulnerability in json.php in TomatoCart 1.2.0 ...)
	NOT-FOR-US: TomatoCart
CVE-2012-5906 (Multiple cross-site scripting (XSS) vulnerabilities in GreenBrowser ...)
	NOT-FOR-US: GreenBrowser
CVE-2012-5905 (Buffer overflow in KnFTPd 1.0.0 allows remote authenticated users to ...)
	NOT-FOR-US: KnFTPd
CVE-2012-5904 (Heap-based buffer overflow in IrfanView before 4.33 allows remote ...)
	NOT-FOR-US: IrfanView
CVE-2012-5903 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2012-5902 (Cross-site scripting (XSS) vulnerability in ptk/lib/modal_bookmark.php ...)
	NOT-FOR-US: DFLabs PTK
CVE-2012-5901 (DFLabs PTK 1.0.5 stores data files with predictable names under the ...)
	NOT-FOR-US: DFLabs PTK
CVE-2012-5900 (Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow ...)
	NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5899 (Cross-site scripting (XSS) vulnerability in admin/action/objects.php ...)
	NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5898 (Cross-site request forgery (CSRF) vulnerability in SAMEDIA LandShop ...)
	NOT-FOR-US: SAMEDIA LandShop
CVE-2012-5897 (The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX ...)
	NOT-FOR-US: Quest in Trust
CVE-2012-5896 (The Annotation Objects Extension ActiveX control in AnnotateX.dll in ...)
	NOT-FOR-US: Quest in Trust
CVE-2012-5895 (Multiple unspecified vulnerabilities in iRODS before 3.1 have unknown ...)
	NOT-FOR-US: iRODS
CVE-2012-5894 (SQL injection vulnerability in hava_post.php in Havalite CMS 1.1.0 and ...)
	NOT-FOR-US: Havalite CMS
CVE-2012-5893 (Unrestricted file upload vulnerability in hava_upload.php in Havalite ...)
	NOT-FOR-US: Havalite CMS
CVE-2012-5892 (Havalite CMS 1.1.0 and earlier stores sensitive information under the ...)
	NOT-FOR-US: Havalite CMS
CVE-2012-5891 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Dalbum
CVE-2012-5890 (The Front End User Registration (sr_feuser_register) extension before ...)
	NOT-FOR-US: Typo3 extension (sr_feuser_register)
CVE-2012-5889 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
	NOT-FOR-US: Typo3 extension (powermail)
CVE-2012-5888 (Cross-site scripting (XSS) vulnerability in Basic SEO Features ...)
	NOT-FOR-US: Typo3 extension (seo_basics)
CVE-2012-5887 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2012-5886 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2012-5885 (The replay-countermeasure functionality in the HTTP Digest Access ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-3+nmu1 (bug #692440)
CVE-2011-5244 (Multiple off-by-one errors in the (1) token and (2) linetoken ...)
	{DSA-2357-1}
	- evince 2.32.0-1
	[squeeze] - evince 2.30.3-2+squeeze1
	NOTE: This issue was already fixed in DSA-2357-1 by shipping the correct fix from the start
CVE-2012-5884 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <not-affected> (vulnerable code not present in 3.x)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-5883 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
	- yui3 <not-affected>
	- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
	[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
	- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5882 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
	- yui3 <not-affected>
	- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
	[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
	- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5881 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
	- yui3 <not-affected>
	- yui 2.9.0.dfsg.0.1-0.1 (bug #693608)
	[squeeze] - yui <no-dsa> (Minor issue, Flash not build from source in oldstable)
	- icinga-web 1.7.1+dfsg2-6 (bug #694641)
CVE-2012-5880
	RESERVED
CVE-2012-5879 (An ActiveX control in McHealthCheck.dll in McAfee Virtual Technician ...)
	NOT-FOR-US: McAfee Virtual Technician
CVE-2012-5878
	RESERVED
CVE-2012-5877 (Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Nero MediaHome
CVE-2012-5876 (Multiple off-by-one errors in NMMediaServerService.dll in Nero ...)
	NOT-FOR-US: Nero MediaHome
CVE-2012-5875 (Firefly Media Server 1.0.0.1359 allows remote attackers to cause a ...)
	NOT-FOR-US: Firefly Media Server
CVE-2012-5874 (Multiple SQL injection vulnerabilities in the (1) ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2012-5873
	RESERVED
CVE-2012-5872
	RESERVED
CVE-2012-5871
	RESERVED
CVE-2012-5870
	RESERVED
CVE-2012-5869
	RESERVED
CVE-2012-5868 (WordPress 3.4.2 does not invalidate a wordpress_sec session cookie ...)
	- wordpress <unfixed> (unimportant; bug #696868)
	NOTE: non-issue, see https://wordpress.org/support/topic/old-bug-cve-2012-5868
CVE-2012-5867
	RESERVED
CVE-2012-5866 (Cross-site scripting (XSS) vulnerability in include.php in Achievo ...)
	NOT-FOR-US: Achievo
CVE-2012-5865 (SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows ...)
	NOT-FOR-US: Achievo
CVE-2012-5864 (The management web pages on the Sinapsi eSolar Light Photovoltaic ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5863 (ping.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5862 (login.php on the Sinapsi eSolar Light Photovoltaic System Monitor (aka ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5861 (Multiple SQL injection vulnerabilities on the Sinapsi eSolar Light ...)
	NOT-FOR-US: Sinapsi eSolar Light Photovoltaic System Monitor
CVE-2012-5860 (Unspecified vulnerability on Oberthur ID-One COSMO 5.2, 5.2a, and 64 ...)
	NOT-FOR-US: ID-One COSMO
CVE-2012-5859 (Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to ...)
	NOT-FOR-US: Samsung Kies Air
CVE-2012-5858 (Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address ...)
	NOT-FOR-US: Samsung Kies Air
CVE-2012-5857
	RESERVED
CVE-2012-5856 (Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka ...)
	NOT-FOR-US: Wordpress plugin (uk cookie)
CVE-2012-5855 (The SHAddToRecentDocs function in VideoLAN VLC media player 2.0.4 and ...)
	- vlc <not-affected> (Windows only issue)
	NOTE: Harmless crasher without security relevance
CVE-2012-5853 (SQL injection vulnerability in the &quot;the_search_function&quot; function in ...)
	NOT-FOR-US: "the_search_function" function in cardoza_ajax_search.php in the AJAX Post Search (cardoza-ajax-search) plugin for WordPress
CVE-2012-5852
	RESERVED
CVE-2012-5851 (html/parser/XSSAuditor.cpp in WebCore in WebKit, as used in Google ...)
	- chromium-browser <unfixed> (unimportant)
	- webkit <unfixed> (unimportant)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=92692
	NOTE: Incomplete mitigation feature, not a security vulnerability per se
CVE-2012-5850
	RESERVED
CVE-2012-5849 (Multiple SQL injection vulnerabilities in ClipBucket 2.6 Revision 738 ...)
	NOT-FOR-US: ClipBucket
CVE-2012-5854 (Heap-based buffer overflow in WeeChat 0.3.6 through 0.3.9 allows ...)
	- weechat 0.3.9.1-1 (bug #693026)
	[wheezy] - weechat 0.3.8-1+deb7u1
	[squeeze] - weechat <not-affected> (Vulnerable code not present)
CVE-2012-5848
	REJECTED
CVE-2012-5847
	REJECTED
CVE-2012-5846
	REJECTED
CVE-2012-5845
	REJECTED
CVE-2012-5844
	REJECTED
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5843 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5842 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-5841 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5840 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5839 (Heap-based buffer overflow in the ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5838 (The copyTexImage2D implementation in the WebGL subsystem in Mozilla ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5837 (The Web Developer Toolbar in Mozilla Firefox before 17.0 executes ...)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5836 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-5835 (Integer overflow in the WebGL subsystem in Mozilla Firefox before ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5834
	REJECTED
CVE-2012-5833 (The texImage2D implementation in the WebGL subsystem in Mozilla ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5832
	REJECTED
CVE-2012-5831
	REJECTED
CVE-2012-5830 (Use-after-free vulnerability in Mozilla Firefox before 17.0, Firefox ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-5829 (Heap-based buffer overflow in the nsWindow::OnExposeEvent function in ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-5828
	RESERVED
CVE-2012-5827 (Joomla! 2.5.x before 2.5.8 and 3.0.x before 3.0.2 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2012-5826
	RESERVED
CVE-2011-5243 (TwitterOAuth does not verify that the server hostname matches a domain ...)
	NOT-FOR-US: TwitterOAuth
CVE-2011-5242 (tmhOAuth before 0.61 does not verify that the server hostname matches ...)
	NOT-FOR-US: tmhOAuth
CVE-2011-5241 (Services_Twitter 0.6.3 does not verify that the server hostname ...)
	NOT-FOR-US: PEAR module for Twitter
CVE-2011-5240 (Magento 1.5 and 1.6.2 does not verify that the server hostname matches ...)
	NOT-FOR-US: Magento
CVE-2011-5239 (CiviCRM 4.0.5 and 4.1.1 does not verify that the server hostname ...)
	- civicrm <not-affected> (Fixed before initial upload to the archive)
CVE-2011-5238 (google-checkout-php-sample-code before 1.3.2 does not verify that the ...)
	NOT-FOR-US: google-checkout-php-sample-code
CVE-2011-5237 (PayPal WPS ToolKit does not verify that the server hostname matches a ...)
	NOT-FOR-US: PayPal WPS ToolKit
CVE-2011-5236 (Moneris eSelectPlus 2.03 PHP API does not verify that the server ...)
	NOT-FOR-US: Moneris eSelectPlus 2.03 PHP API
CVE-2012-5825 (Tweepy does not verify that the server hostname matches a domain name ...)
	- tweepy 3.1.0-2 (low; bug #692444)
	[jessie] - tweepy <no-dsa> (Minor issue)
	[wheezy] - tweepy <no-dsa> (Minor issue)
CVE-2012-5824 (Trillian 5.1.0.19 does not verify that the server hostname matches a ...)
	NOT-FOR-US: Trillian
CVE-2012-5823 (Open Source Classifieds does not verify that the server hostname ...)
	NOT-FOR-US: Open Source Classifieds
CVE-2012-5822 (The contribution feature in Zamboni does not verify that the server ...)
	NOT-FOR-US: Zamboni
CVE-2012-5821 (Lynx does not verify that the server's certificate is signed by a ...)
	- lynx-cur 2.8.8dev.15-1 (low; bug #692443)
	[squeeze] - lynx-cur <no-dsa> (Minor issue)
	[wheezy] - lynx-cur <no-dsa> (Minor issue)
CVE-2012-5820 (The developer-account sample code in Google AdMob does not verify that ...)
	NOT-FOR-US: Google AdMob
CVE-2012-5819 (FilesAnywhere does not verify that the server hostname matches a ...)
	NOT-FOR-US: FilesAnywhere
CVE-2012-5818 (ElephantDrive does not verify that the server hostname matches a ...)
	NOT-FOR-US: ElephantDrive
CVE-2012-5817 (Codehaus XFire 1.2.6 and earlier, as used in the Amazon EC2 API Tools ...)
	NOT-FOR-US: Codehaus XFire
CVE-2012-5816 (AOL Instant Messenger (AIM) 1.0.1.2 does not verify that the server ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2012-5815 (The Rackspace app 2.1.5 for iOS does not verify that the server ...)
	NOT-FOR-US: Rackspace app for iOS
CVE-2012-5814 (Weberknecht, as used in GitHub Gaug.es and other products, does not ...)
	NOT-FOR-US: Weberknecht
CVE-2012-5813 (The Android_Pusher library for Android does not verify that the server ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5812 (The ACRA library for Android does not verify that the server hostname ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5811 (The Breezy application for Android does not verify that the server ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5810 (The Chase mobile banking application for Android does not verify that ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5809 (The Groupon Redemptions application for Android does not verify that ...)
	NOT-FOR-US: Android app/lib
CVE-2012-5808 (The LinkPoint module in Zen Cart does not verify that the server ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5807 (The Authorize.Net eCheck module in Zen Cart does not verify that the ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5806 (The PayPal Payments Pro module in Zen Cart does not verify that the ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5805 (The PayPal IPN functionality in Zen Cart does not verify that the ...)
	NOT-FOR-US: Zen Cart module
CVE-2012-5804 (The CyberSource module in Ubercart does not verify that the server ...)
	NOT-FOR-US: Ubercart module
CVE-2012-5803 (The Authorize.Net module in Ubercart does not verify that the server ...)
	NOT-FOR-US: Ubercart module
CVE-2012-5802 (The PayPal module in Ubercart does not verify that the server hostname ...)
	NOT-FOR-US: Ubercart module
CVE-2012-5801 (The PayPal module in PrestaShop does not verify that the server ...)
	NOT-FOR-US: PrestaShop module
CVE-2012-5800 (The eBay module in PrestaShop does not verify that the server hostname ...)
	NOT-FOR-US: PrestaShop module
CVE-2012-5799 (The Canada Post (aka CanadaPost) module in PrestaShop does not verify ...)
	NOT-FOR-US: PrestaShop module
CVE-2012-5798 (The PayPal Pro PayFlow EC module in osCommerce does not verify that ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5797 (The PayPal Pro PayFlow module in osCommerce does not verify that the ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5796 (The PayPal Pro module in osCommerce does not verify that the server ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5795 (The PayPal Express module in osCommerce does not verify that the ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5794 (The MoneyBookers module in osCommerce does not verify that the server ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5793 (The Authorize.Net module in osCommerce does not verify that the server ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5792 (The Sage Pay Direct module in osCommerce does not verify that the ...)
	NOT-FOR-US: osCommerce module
CVE-2012-5791 (PayPal Invoicing does not verify that the server hostname matches a ...)
	NOT-FOR-US: PayPal Invoicing
CVE-2012-5790 (PayPal Payments Standard PHP Library 20120427 does not verify that the ...)
	NOT-FOR-US: PayPal Payments Standard PHP Library
CVE-2012-5789 (PayPal Payments Standard PHP Library before 20120427 does not verify ...)
	NOT-FOR-US: PayPal Payments Standard PHP Library
CVE-2012-5788 (The PayPal IPN utility does not verify that the server hostname ...)
	NOT-FOR-US: The PayPal IPN utility
CVE-2012-5787 (The PayPal merchant SDK does not verify that the server hostname ...)
	NOT-FOR-US: The PayPal merchant SDK
CVE-2012-5786 (The wsdl_first_https sample code in ...)
	NOT-FOR-US: Apache CXF
CVE-2012-5785 (Apache Axis2/Java 1.6.2 and earlier does not verify that the server ...)
	NOT-FOR-US: Axis2/Java
	NOTE: Axis2/C is packaged as axis2c, but this is a different software.
CVE-2012-5784 (Apache Axis 1.4 and earlier, as used in PayPal Payments Pro, PayPal ...)
	{DLA-169-1}
	- axis 1.4-16.1 (low; bug #692650)
	[squeeze] - axis <no-dsa> (Minor issue)
CVE-2012-5783 (Apache Commons HttpClient 3.x, as used in Amazon Flexible Payments ...)
	{DLA-222-1}
	- commons-httpclient 3.1-10.1 (bug #692442)
	[wheezy] - commons-httpclient <no-dsa> (Minor issue)
	[squeeze] - commons-httpclient <no-dsa> (Minor issue)
CVE-2012-5782 (Amazon Flexible Payments Service (FPS) PHP Library does not verify ...)
	NOT-FOR-US: Amazon Flexible Payments Service
CVE-2012-5781 (Amazon Elastic Load Balancing API Tools does not verify that the ...)
	NOT-FOR-US: Amazon Elastic Load Balancing API Tools
CVE-2012-5780 (The Amazon merchant SDK does not verify that the server hostname ...)
	NOT-FOR-US: The Amazon merchant SDK
CVE-2012-5779
	RESERVED
CVE-2012-5778
	RESERVED
CVE-2012-5777 (Eval injection vulnerability in the ReplaceListVars function in the ...)
	NOT-FOR-US: EmpireCMS
CVE-2012-5776
	RESERVED
CVE-2012-5775
	REJECTED
CVE-2012-5774
	REJECTED
CVE-2012-5773
	REJECTED
CVE-2012-5772
	REJECTED
CVE-2012-5771
	REJECTED
CVE-2012-5770 (The SSL configuration in IBM Tivoli Application Dependency Discovery ...)
	NOT-FOR-US: IBM
CVE-2012-5769 (IBM SPSS Modeler 14.0, 14.1, 14.2 through FP3, and 15.0 before FP2 ...)
	NOT-FOR-US: IBM SPSS Modeler
CVE-2012-5768
	RESERVED
CVE-2012-5767 (Unspecified vulnerability in the web interface on the IBM TS3500 Tape ...)
	NOT-FOR-US: IBM TS3500 Tape Library
CVE-2012-5766 (Multiple SQL injection vulnerabilities in IBM Sterling B2B Integrator ...)
	NOT-FOR-US: IBM
CVE-2012-5765 (The Web Client (aka CQ Web) in IBM Rational ClearQuest 7.1.2.x before ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-5764
	RESERVED
CVE-2012-5763 (Cross-site request forgery (CSRF) vulnerability in the WebAdmin ...)
	NOT-FOR-US: IBM
CVE-2012-5762 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...)
	NOT-FOR-US: IBM
CVE-2012-5761 (Cross-site scripting (XSS) vulnerability in the WebAdmin application ...)
	NOT-FOR-US: IBM
CVE-2012-5760 (SQL injection vulnerability in the WebAdmin application 6.0.5, 6.0.8, ...)
	NOT-FOR-US: IBM
CVE-2012-5759 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
	NOT-FOR-US: Websphere
CVE-2012-5758 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
	NOT-FOR-US: Websphere
CVE-2012-5757 (Cross-site scripting (XSS) vulnerability in the Web Client in IBM ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-5756 (The IBM WebSphere DataPower XC10 Appliance 2.0.0.0 through 2.0.0.3 and ...)
	NOT-FOR-US: Websphere
CVE-2012-5755
	RESERVED
CVE-2012-5754
	RESERVED
CVE-2012-5753
	RESERVED
CVE-2012-5752
	RESERVED
CVE-2012-5751
	RESERVED
CVE-2012-5750
	RESERVED
CVE-2012-5749
	RESERVED
CVE-2012-5748
	RESERVED
CVE-2012-5747
	RESERVED
CVE-2012-5746
	RESERVED
CVE-2012-5745
	RESERVED
CVE-2012-5744 (Multiple cross-site scripting (XSS) vulnerabilities in the guest ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2012-5743
	RESERVED
CVE-2012-5742
	RESERVED
CVE-2012-5741
	RESERVED
CVE-2012-5740
	RESERVED
CVE-2012-5739
	RESERVED
CVE-2012-5738
	RESERVED
CVE-2012-5737
	RESERVED
CVE-2012-5736
	RESERVED
CVE-2012-5735
	RESERVED
CVE-2012-5734
	RESERVED
CVE-2012-5733
	RESERVED
CVE-2012-5732
	RESERVED
CVE-2012-5731
	RESERVED
CVE-2012-5730
	RESERVED
CVE-2012-5729
	RESERVED
CVE-2012-5728
	RESERVED
CVE-2012-5727
	RESERVED
CVE-2012-5726
	RESERVED
CVE-2012-5725
	RESERVED
CVE-2012-5724
	RESERVED
CVE-2012-5723 (Cisco ASR 1000 devices with software before 3.8S, when BDI routing is ...)
	NOT-FOR-US: Cisco devices
CVE-2012-5722
	RESERVED
CVE-2012-5721
	RESERVED
CVE-2012-5720
	RESERVED
CVE-2012-5719
	RESERVED
CVE-2012-5718
	RESERVED
CVE-2012-5717 (Cisco Adaptive Security Appliances (ASA) devices with firmware 8.x ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-5716
	RESERVED
CVE-2012-5715
	RESERVED
CVE-2012-5714
	RESERVED
CVE-2012-5713
	RESERVED
CVE-2012-5712
	RESERVED
CVE-2012-5711
	RESERVED
CVE-2012-5710
	RESERVED
CVE-2012-5709
	RESERVED
CVE-2012-5708
	RESERVED
CVE-2012-5707
	RESERVED
CVE-2012-5706
	RESERVED
CVE-2012-5705 (Cross-site scripting (XSS) vulnerability in the settings page ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5704 (The Hotblocks module 6.x-1.x before 6.x-1.8 for Drupal allows remote ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-5703 (The vSphere API in VMware ESXi 4.1 and ESX 4.1 allows remote attackers ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-5702 (Multiple cross-site scripting (XSS) vulnerabilities in dotProject ...)
	NOT-FOR-US: dotProject
CVE-2012-5701 (Multiple SQL injection vulnerabilities in dotProject before 2.1.7 ...)
	NOT-FOR-US: dotProject
CVE-2012-5700 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...)
	NOT-FOR-US: Baby Gekko
CVE-2012-5699
	RESERVED
CVE-2012-5698
	RESERVED
CVE-2012-5979
	REJECTED
CVE-2012-5697 (The btinstall installation script in Bulb Security Smartphone Pentest ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5696 (Bulb Security Smartphone Pentest Framework (SPF) before 0.1.3 does not ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5695 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bulb ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5694 (Multiple SQL injection vulnerabilities in Bulb Security Smartphone ...)
	NOT-FOR-US: Smartphone Pentest Framework
CVE-2012-5693
	RESERVED
CVE-2012-5692 (Unspecified vulnerability in admin/sources/base/core.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2012-5691 (Buffer overflow in RealNetworks RealPlayer before 16.0.0.282 and ...)
	NOT-FOR-US: RealPlayer
CVE-2012-5690 (RealNetworks RealPlayer before 16.0.0.282 and RealPlayer SP 1.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2012-5689 (ISC BIND 9.8.x through 9.8.4-P1 and 9.9.x through 9.9.2-P1, in certain ...)
	- bind9 1:9.8.4.dfsg.P1-6+nmu1 (bug #699145)
	[squeeze] - bind9 <not-affected> (Only affects Bind 9.8 and 9.9)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-5688 (ISC BIND 9.8.x before 9.8.4-P1 and 9.9.x before 9.9.2-P1, when DNS64 ...)
	- bind9 1:9.8.4.dfsg.P1-1 (bug #695192)
	[squeeze] - bind9 <not-affected> (Only affects 9.8 and 9.9)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-5687 (Directory traversal vulnerability in the web-based management feature ...)
	NOT-FOR-US: TP-LINK TL-WR841N router
CVE-2012-5686
	RESERVED
CVE-2012-5685 (SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote ...)
	NOT-FOR-US: ZPanel
CVE-2012-5684 (Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier ...)
	NOT-FOR-US: ZPanel
CVE-2012-5683 (Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel ...)
	NOT-FOR-US: ZPanel
CVE-2012-5682
	REJECTED
CVE-2012-5681
	REJECTED
CVE-2012-5680 (Buffer overflow in Adobe Photoshop Camera Raw before 7.3 allows ...)
	NOT-FOR-US: Adobe Photoshop Camera Raw
CVE-2012-5679 (Buffer underflow in Adobe Photoshop Camera Raw before 7.3 allows ...)
	NOT-FOR-US: Adobe Photoshop Camera Raw
CVE-2012-5678 (Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5677 (Integer overflow in Adobe Flash Player before 10.3.183.48 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5676 (Buffer overflow in Adobe Flash Player before 10.3.183.48 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5675 (Adobe ColdFusion 9.0 through 9.0.2, and 10, allows local users to ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-5674 (Unspecified vulnerability in Adobe ColdFusion 10 before Update 5, when ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-5673 (Unspecified vulnerability in Adobe Flash Player before 10.3.183.29 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-5235 (SQL injection vulnerability in mnoGoSearch before 3.3.12 allows remote ...)
	NOT-FOR-US: mnoGoSearch
CVE-2011-5234 (SQL injection vulnerability in user.php in Social Network Community 2 ...)
	NOT-FOR-US: Social Network Community
CVE-2011-5233 (Heap-based buffer overflow in IrfanView before 4.32 allows remote ...)
	NOT-FOR-US: IrfanView
CVE-2011-5232
	REJECTED
CVE-2011-5231
	REJECTED
CVE-2011-5230 (Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass ...)
	NOT-FOR-US: Seotoaster
CVE-2011-5229 (SQL injection vulnerability in quickstart/profile/index.php in the ...)
	NOT-FOR-US: appRain CMF
CVE-2011-5228 (Cross-site scripting (XSS) vulnerability in the Search module ...)
	NOT-FOR-US: appRain CMF
CVE-2011-5227 (Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in ...)
	NOT-FOR-US: Enterasys Network Management Suite
CVE-2011-5226 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5225 (Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5224 (SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress ...)
	NOT-FOR-US: WordPress plugin Sentinel
CVE-2011-5223 (Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti ...)
	- cacti 0.8.7i-1 (low)
	[squeeze] - cacti 0.8.7g-1+squeeze4
CVE-2011-5222 (SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and ...)
	NOT-FOR-US: PHP Flirt-Projekt
CVE-2011-5221 (Cross-site scripting (XSS) vulnerability in the getLog function in ...)
	- websvn 2.3.1-1
CVE-2011-5220 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PHP-SCMS
CVE-2011-5219 (Directory traversal vulnerability in examples/show_code.php in mPDF ...)
	NOT-FOR-US: mPDF
CVE-2011-5218 (SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows ...)
	NOT-FOR-US: DotA OpenStats
CVE-2011-5217 (Directory traversal vulnerability in the PXE Mtftp service in Hitachi ...)
	NOT-FOR-US: Hitachi JP1/ServerConductor/DeploymentManager
CVE-2011-5216 (SQL injection vulnerability in ajax.php in SCORM Cloud For WordPress ...)
	NOT-FOR-US: WordPress plugin SCORM Cloud
CVE-2011-5215 (SQL injection vulnerability in index.php in Video Community Portal ...)
	NOT-FOR-US: Video Community Portal
CVE-2011-5214 (Multiple cross-site scripting (XSS) vulnerabilities in BrowserCRM ...)
	NOT-FOR-US: BrowserCRM
CVE-2011-5213 (Multiple SQL injection vulnerabilities in BrowserCRM 5.100.01 and ...)
	NOT-FOR-US: BrowserCRM
CVE-2012-5672 (Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-5671 (Heap-based buffer overflow in the dkim_exim_query_dns_txt function in ...)
	{DSA-2566-1}
	- exim4 4.80-5.1 (medium)
CVE-2012-5670 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows ...)
	- freetype 2.4.9-1.1 (bug #696691)
	[squeeze] - freetype <not-affected> (Version in Squeeze doesn't parse alternative encoding format yet)
	NOTE: https://savannah.nongnu.org/bugs/?37907
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=7f2e4f4f553f6836be7683f66226afac3fa979b8
CVE-2012-5669 (The _bdf_parse_glyphs function in FreeType before 2.4.11 allows ...)
	- freetype 2.4.9-1.1 (unimportant; bug #696691)
	NOTE: https://savannah.nongnu.org/bugs/?37906
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=07bdb6e289c7954e2a533039dc93c1c136099d2d
CVE-2012-5668 (FreeType before 2.4.11 allows context-dependent attackers to cause a ...)
	- freetype 2.4.9-1.1 (unimportant; bug #696691)
	NOTE: https://savannah.nongnu.org/bugs/?37905
	NOTE: http://git.savannah.gnu.org/cgit/freetype/freetype2.git/commit/?id=9b6b5754b57c12b820e01305eb69b8863a161e5a
CVE-2012-5667 (Multiple integer overflows in GNU Grep before 2.11 might allow ...)
	- grep 2.11-1 (low; bug #701897)
	[squeeze] - grep 2.6.3-3+squeeze1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/grep/+bug/1091473
	NOTE: patch http://git.savannah.gnu.org/cgit/grep.git/commit/?id=cbbc1a45b9f843c811905c97c90a5d31f8e6c189
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/22/1
CVE-2012-5666 (Cross-site scripting (XSS) vulnerability in bookmarks/js/bookmarks.js ...)
	- owncloud 4.0.8debian-1.3 (bug #696574)
	[wheezy] - owncloud 4.0.4debian2-3.2
CVE-2012-5665 (ownCloud 4.0.x before 4.0.10 and 4.5.x before 4.5.5 does not properly ...)
	- owncloud 4.0.8debian-1.3 (bug #696574)
	[wheezy] - owncloud 4.0.4debian2-3.2
CVE-2012-5664
	REJECTED
CVE-2012-5663
	RESERVED
	NOT-FOR-US: Isearch
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/21/1
CVE-2012-5662 (x3270 before 3.3.12ga12 does not verify that the server hostname ...)
	- ibm-3270 3.3.14ga11-1 (bug #706547)
	[wheezy] - ibm-3270 <no-dsa> (Non-free not supported)
	[squeeze] - ibm-3270 <no-dsa> (Non-free not supported)
CVE-2012-5661
	REJECTED
CVE-2012-5660 (abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-5659 (Untrusted search path vulnerability in ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-5658 (rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d (debug ...)
	NOT-FOR-US: OpenShift
CVE-2012-5657 (The (1) Zend_Feed_Rss and (2) Zend_Feed_Atom classes in Zend_Feed in ...)
	{DSA-2602-1}
	- zendframework 1.11.13-1.1 (bug #696483)
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/20/2
	NOTE: http://framework.zend.com/security/advisory/ZF2012-05
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=889037
	NOTE: http://secunia.com/advisories/51583
CVE-2012-5656 (The rasterization process in Inkscape before 0.48.4 allows local users ...)
	- inkscape 0.48.3.1-1.2 (bug #696485)
	[squeeze] - inkscape <no-dsa> (Minor issue)
CVE-2012-5655 (The Context module 6.x-3.x before 6.x-3.1 and 7.x-3.x before ...)
	NOT-FOR-US: Context module for Drupal
CVE-2012-5654 (The Nodewords: D6 Meta Tags module before 6.x-1.14 for Drupal, when ...)
	NOT-FOR-US: Nodewords: D6 Meta Tags module for Drupal
CVE-2012-5653 (The file upload feature in Drupal 6.x before 6.27 and 7.x before 7.18 ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #696343)
	- drupal7 7.14-1.2 (bug #696342)
	NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5652 (Drupal 6.x before 6.27 allows remote attackers to obtain sensitive ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #696343)
	NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5651 (Drupal 6.x before 6.27 and 7.x before 7.18 displays information for ...)
	{DSA-2776-1}
	- drupal6 <removed> (bug #696343)
	- drupal7 7.14-1.2 (bug #696342)
	NOTE: http://drupal.org/SA-CORE-2012-004
CVE-2012-5650 (Cross-site scripting (XSS) vulnerability in the Futon UI in Apache ...)
	- couchdb 1.2.0-5 (bug #698439)
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5649 (Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before ...)
	- couchdb 1.2.0-5 (bug #698439)
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-5648 (Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow ...)
	- foreman <itp> (bug #663101)
CVE-2012-5647 (Open redirect vulnerability in node-util/www/html/restorer.php in Red ...)
	NOT-FOR-US: OpenShift
CVE-2012-5646 (node-util/www/html/restorer.php in the Red Hat OpenShift Origin before ...)
	NOT-FOR-US: OpenShift
CVE-2012-5645
	RESERVED
	- freeciv 2.3.4-1 (low; bug #696306)
	[squeeze] - freeciv <no-dsa> (Minor issue)
	[wheezy] - freeciv 2.3.2-1+deb7u1
CVE-2012-5644 [(Complete) Information disclosure when moving user's home directory]
	RESERVED
	- libuser 1:0.60~dfsg-1 (low; bug #705690)
	[wheezy] - libuser <no-dsa> (Minor issue)
	[squeeze] - libuser <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=885724#c7
CVE-2012-5643 (Multiple memory leaks in tools/cachemgr.cc in cachemgr.cgi in Squid ...)
	{DSA-2631-1}
	- squid 2.7.STABLE9-2
	NOTE: squid-cgi was removed in 2.7.STABLE9-2
	- squid3 3.1.20-2.1 (bug #696187)
	NOTE: possible regression, see #701123
CVE-2012-5642 (server/action.py in Fail2ban before 0.8.8 does not properly handle the ...)
	- fail2ban 0.8.6-3wheezy1 (low; bug #696184)
	[squeeze] - fail2ban <not-affected> (Introduced in 0.8.6, see #696187)
CVE-2012-5641 (Directory traversal vulnerability in the partition2 function in ...)
	- couchdb <not-affected> (Only affects CouchDB on Windows)
CVE-2012-5640 [thttpd: Local DoS vulnerability]
	RESERVED
	- thttpd <removed> (low)
	[squeeze] - thttpd <no-dsa> (Minor issue)
CVE-2012-5639
	RESERVED
	- libreoffice <unfixed> (unimportant)
	[wheezy] - libreoffice <ignored> (Minor issue)
	- openoffice.org 1:3.3.0-1 (unimportant)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=58295
	NOTE: Additional hardening/UI improvement, not a direct vulnerability
	NOTE: For 4.2: http://whatofhow.wordpress.com/2013/12/02/stealth-mode/
CVE-2012-5638 (The setup_logging function in log.h in SANLock uses world-writable ...)
	- sanlock 2.2-2 (bug #696424)
CVE-2012-5637
	REJECTED
CVE-2012-5636 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-5635 (The GlusterFS functionality in Red Hat Storage Management Console 2.0, ...)
	- glusterfs <unfixed> (unimportant; bug #704944)
	NOTE: Neutralised by kernel hardening
CVE-2012-5634 (Xen 4.2.x, 4.1.x, and 4.0, when using Intel VT-d for PCI passthrough, ...)
	{DSA-2636-1}
	- xen 4.1.3-8 (low)
CVE-2012-5633 (The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5632
	RESERVED
CVE-2012-5631
	RESERVED
	NOT-FOR-US: FreeIPA
CVE-2012-5630 [TOCTOU race conditions by copying and removing directory trees]
	RESERVED
	- libuser 1:0.60~dfsg-1 (low; bug #705690)
	[wheezy] - libuser <no-dsa> (Minor issue)
	[squeeze] - libuser <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=884685#c31
CVE-2012-5629 (The default configuration of the (1) LdapLoginModule and (2) ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5628 (gofer before 0.68 uses world-writable permissions for ...)
	NOT-FOR-US: gofer component of PULP project
CVE-2012-5627 (Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and ...)
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mysql-5.1 <unfixed> (unimportant)
	- mysql-5.5 <removed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=883719
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3915
CVE-2012-5626
	RESERVED
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5625 (OpenStack Compute (Nova) Folsom before 2012.2.2 and Grizzly, when ...)
	- nova <not-affected> (Only affects OpenStack Folsom, bug #695830)
CVE-2012-5624 (The XMLHttpRequest object in Qt before 4.8.4 enables http redirection ...)
	- qt4-x11 4:4.8.2+dfsg-7 (bug #695156)
	[squeeze] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: http://lists.qt-project.org/pipermail/announce/2012-November/000014.html
CVE-2012-5623
	RESERVED
	NOT-FOR-US: change_passwd plugin for Squirrelmail
CVE-2012-5622 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: OpenShift
CVE-2012-5621 (lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows ...)
	- ekiga 3.2.7-6 (bug #702282; low)
	[squeeze] - ekiga <no-dsa> (Minor issue)
CVE-2012-5620
	RESERVED
	NOT-FOR-US: Docecot non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695138#15
CVE-2012-5619 (The Sleuth Kit (TSK) 4.0.1 does not properly handle &quot;.&quot; (dotfile) file ...)
	- sleuthkit 4.1.2-1 (unimportant; bug #695097)
CVE-2012-5618
	RESERVED
	NOT-FOR-US: Ushahidi
CVE-2012-5617 [privilege escalation due to improper authentication settings in policykit configuration file]
	RESERVED
	- gksu-polkit <removed> (bug #695807)
	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.openwall.com/lists/oss-security/2012/12/12/8
CVE-2012-5616 (Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform (formerly ...)
	NOT-FOR-US: CloudStack
CVE-2012-5615 (Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB ...)
	{DSA-3054-1}
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mysql-5.1 <removed> (low; bug #695001)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
	- mysql-5.5 5.5.39-1 (low; bug #695001)
	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/4676
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3909
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/9
CVE-2012-5614 (Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB ...)
	- mariadb-5.5 <not-affected> (Fixed before initial upload to archive)
	- mysql-5.5 <not-affected> (The affected versions were only in experimental)
	- mysql-5.1 <removed> (low)
	[squeeze] - mysql-5.1 5.1.73-1
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3910
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/7
	NOTE: http://www.openwall.com/lists/oss-security/2013/02/28/10
CVE-2012-5613 (** DISPUTED ** ...)
	- mysql-5.1 <unfixed> (unimportant; bug #695001)
	- mysql-5.5 <removed> (unimportant; bug #695001)
	NOTE: Disputed as incorrect configuration
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/6
CVE-2012-5612 (Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions ...)
	- mysql-5.1 <not-affected> (MDL was introduced in 5.5)
	- mysql-5.5 5.5.29+dfsg-1 (bug #695001)
	NOTE: https://mariadb.atlassian.net/browse/MDEV-3908
CVE-2012-5611 (Stack-based buffer overflow in the acl_get function in Oracle MySQL ...)
	{DSA-2581-1}
	- mysql-5.1 <unfixed> (bug #695001)
	- mysql-5.5 5.5.29+dfsg-1 (bug #695001)
	NOTE: http://seclists.org/fulldisclosure/2012/Dec/4
CVE-2012-5610 (Incomplete blacklist vulnerability in lib/filesystem.php in ownCloud ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5609 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5608 (Cross-site scripting (XSS) vulnerability in ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5607 (The &quot;Lost Password&quot; reset functionality in ownCloud before 4.0.9 and ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5606 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.8debian-1.1 (bug #693990)
	[wheezy] - owncloud 4.0.4debian2-3.1
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/30/2
CVE-2012-5605 (Grinder in Red Hat CloudForms before 1.1 uses world-writable ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-5604 (The ldap_fluff gem for Ruby, as used in Red Hat CloudForms 1.1, when ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-5603 (proxies_controller.rb in Katello in Red Hat CloudForms before 1.1 does ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-5602
	REJECTED
CVE-2012-5601
	REJECTED
CVE-2012-5600
	REJECTED
CVE-2012-5599
	REJECTED
CVE-2012-5598
	REJECTED
CVE-2012-5597
	REJECTED
CVE-2012-5596
	REJECTED
CVE-2012-5595
	REJECTED
CVE-2012-5594
	REJECTED
CVE-2012-5593
	REJECTED
CVE-2012-5592
	REJECTED
CVE-2012-5591 (Cross-site scripting (XSS) vulnerability in the Zero Point module ...)
	NOT-FOR-US: Drupal Zero Point module
CVE-2012-5590 (SQL injection vulnerability in the Webmail Plus module for Drupal ...)
	NOT-FOR-US: Drupal Webmail Plus module
CVE-2012-5589 (The MultiLink module 6.x-2.x before 6.x-2.7 and 7.x-2.x before 7.x-2.7 ...)
	NOT-FOR-US: Drupal MultiLink module
CVE-2012-5588 (The Email Field module 6.x-1.x before 6.x-1.3 for Drupal, when using a ...)
	NOT-FOR-US: Drupal Email Field module
CVE-2012-5587 (Cross-site scripting (XSS) vulnerability in the Email Field module ...)
	NOT-FOR-US: Drupal Email Field module
CVE-2012-5586 (The Services module 6.x-3.x before 6.x-3.3 and 7.x-3.x before 7.x-3.3 ...)
	NOT-FOR-US: Drupal Services module
CVE-2012-5585 (Cross-site scripting (XSS) vulnerability in the Mixpanel module ...)
	NOT-FOR-US: Drupal Mixpanel module
CVE-2012-5584 (The Table of Contents module 6.x-3.x before 6.x-3.8 for Drupal does ...)
	NOT-FOR-US: Drupal Table of Contents module
CVE-2012-5583 (phpCAS before 1.3.2 does not verify that the server hostname matches a ...)
	- php-cas 1.3.1-2
	- moodle 2.2.7.dfsg-1
	[squeeze] - moodle <no-dsa> (Minor issue)
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy1
	NOTE: https://github.com/Jasig/phpCAS/pull/58
CVE-2012-5582 [opendnssec curl usage]
	RESERVED
	- opendnssec <not-affected> (eppclient not built in Debian package)
	NOTE: http://lists.opendnssec.org/pipermail/opendnssec-user/2012-November/002296.html
CVE-2012-5581 (Stack-based buffer overflow in tif_dir.c in LibTIFF before 4.0.2 ...)
	{DSA-2589-1}
	- tiff 4.0.2-1 (bug #694693)
	- tiff3 3.9.6-10
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/28/1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=867235
CVE-2012-5580 (Format string vulnerability in the print_proxies function in ...)
	- libproxy 0.3.1-4 (low)
	[squeeze] - libproxy <no-dsa> (Minor issue)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=791086
	NOTE: https://code.google.com/p/libproxy/source/detail?r=475
CVE-2012-5579
	REJECTED
CVE-2012-5578 [Python keyring insecure permissions on new databases]
	RESERVED
	- python-keyring 0.9.2-1.1 (bug #696736)
	[wheezy] - python-keyring 0.7.1-1+deb7u1
	[squeeze] - python-keyring <no-dsa> (Minor issue)
CVE-2012-5577 [Python keyring insecure permissions on migrated files]
	RESERVED
	- python-keyring 0.9.2-1.1 (bug #696736)
	[wheezy] - python-keyring 0.7.1-1+deb7u1
	[squeeze] - python-keyring <no-dsa> (Minor issue)
CVE-2012-5576 (Multiple stack-based buffer overflows in file-xwd.c in the X Window ...)
	- gimp 2.8.2-2 (bug #693977)
	[squeeze] - gimp 2.6.10-1+squeeze4
	NOTE: Upstream fix http://git.gnome.org/browse/gimp/commit/?id=2873262fccba12af144ed96ed91be144d92ff2e1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=687392
	NOTE: http://www.openwall.com/lists/oss-security/2012/11/21/2
CVE-2012-5575 (Apache CFX 2.5.x before 2.5.10, 2.6.x before CXF 2.6.7, and 2.7.x ...)
	NOT-FOR-US: Apache CXF
CVE-2012-5574 (lib/form/sfForm.class.php in Symfony CMS before 1.4.20 allows remote ...)
	NOT-FOR-US: Symfony
CVE-2012-5573 (The connection_edge_process_relay_cell function in or/relay.c in Tor ...)
	{DLA-17-1}
	- tor 0.2.3.25-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-5572 (CRLF injection vulnerability in the cookie method ...)
	- libdancer-perl 1.3114+dfsg-1 (low; bug #694279)
	[wheezy] - libdancer-perl <no-dsa> (Minor issue)
	NOTE: https://github.com/PerlDancer/Dancer/issues/859
CVE-2012-5571 (OpenStack Keystone Essex (2012.1) and Folsom (2012.2) does not ...)
	- keystone 2012.1.1-11 (bug #694433)
CVE-2012-5570
	RESERVED
CVE-2012-5569 (Multiple cross-site scripting (XSS) vulnerabilities in the Basic ...)
	NOT-FOR-US: Drupal Webmail module
CVE-2012-5568 (Apache Tomcat through 7.0.x allows remote attackers to cause a denial ...)
	- tomcat6 6.0.41-3 (unimportant)
	NOTE: Since 6.0.41-3, src:tomcat6 only builds a servlet and docs
	- tomcat7 <unfixed> (unimportant)
	NOTE: No fix planned, can be mitigated by config changes:
	NOTE: http://mail-archives.apache.org/mod_mbox/tomcat-users/200906.mbox/%3C4A3D0884.5080309@apache.org%3E
CVE-2012-5567 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
CVE-2012-5566 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	- kronolith2 <not-affected> (Vulnerable code not present in 2.x codebase and later versions not yet packaged in sid)
CVE-2012-5565 (Cross-site scripting (XSS) vulnerability in js/compose-dimp.js in ...)
	- php-horde-imp <not-affected> (This doesn't seem to be packaged in sid's Horde and the imp3 and dimp1 packages from stable do not include the affected code)
CVE-2012-5564 (android-tools 4.1.1 in Android Debug Bridge (ADB) allows local users ...)
	- android-tools <unfixed> (unimportant; bug #688280)
	NOTE: Since android-tools/5.1.1.r38-1 the android-tools-adb binary package
	NOTE: is not built anymore which used to contain /usr/bin/adb.
	NOTE: Package still affected source-wise
	- android-platform-system-core <unfixed> (unimportant; bug #823792)
	NOTE: Neutralised by kernel hardening
CVE-2012-5563 (OpenStack Keystone, as used in OpenStack Folsom 2012.2, does not ...)
	- keystone <not-affected> (Folsom branch not packaged yet)
CVE-2012-5562
	RESERVED
	NOT-FOR-US: Red Hat Satellite
CVE-2012-5561 (script/katello-generate-passphrase in Katello 1.1 uses world-readable ...)
	NOT-FOR-US: Katello
CVE-2012-5560 (The default configuration in mate-settings-daemon 1.5.3 allows local ...)
	- mate-settings-daemon <not-affected> (Fixed before initial release)
	NOTE: https://github.com/mate-desktop/mate-settings-daemon/commit/c7d634acd12814a1fe298118e65f1c688b3a9f74#diff-52ccb9f1be1c09e2f24b64d37b56c2f4
CVE-2012-5559 (Cross-site scripting (XSS) vulnerability in the page manager node view ...)
	NOT-FOR-US: Drupal chaos tool addon
CVE-2012-5558
	RESERVED
CVE-2012-5557 (The User Read-Only module 6.x-1.x before 6.x-1.4 and 7.x-1.x before ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5556 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5555
	RESERVED
CVE-2012-5554 (The default configuration for the Webform CiviCRM Integration module ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5553 (Multiple cross-site scripting (XSS) vulnerabilities in the OM Maximenu ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5552 (The Password policy module 6.x-1.x before 6.x-1.5 and 7.x-1.x before ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5551 (Multiple cross-site scripting (XSS) vulnerabilities in the MailChimp ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5550 (SQL injection vulnerability in the Time Spent module 6.x and 7.x for ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5549 (Cross-site request forgery (CSRF) vulnerability in the Time Spent ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5548 (Cross-site scripting (XSS) vulnerability in the Time Spent module 6.x ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5546
	REJECTED
CVE-2012-5545 (Multiple cross-site scripting (XSS) vulnerabilities in the ShareThis ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5544 (The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5543 (The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5542 (Cross-site request forgery (CSRF) vulnerability in the Commerce Extra ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5541 (Cross-site scripting (XSS) vulnerability in the Twitter Pull module ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5540 (Multiple cross-site scripting (XSS) vulnerabilities in the Hostip ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5539 (The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5538 (Cross-site scripting (XSS) vulnerability in the FileField Sources ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5537 (The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-5536 (A certain Red Hat build of the pam_ssh_agent_auth module on Red Hat ...)
	NOT-FOR-US: Red Hat-specific packaging flaw
CVE-2012-5535
	RESERVED
	- gnome-system-log <not-affected> (Fedora-specific issue)
CVE-2012-5534 (The hook_process function in the plugin API for WeeChat 0.3.0 through ...)
	{DSA-2598-1}
	- weechat 0.3.9.2-1
	[wheezy] - weechat 0.3.8-1+deb7u1
CVE-2012-5533 (The http_request_split_value function in request.c in lighttpd before ...)
	- lighttpd 1.4.31-2
	[squeeze] - lighttpd <not-affected> (Introduced in 1.4.31)
CVE-2012-5532 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
	- linux-tools <not-affected> (userspace daemon not built until later)
	- linux-2.6 <not-affected> (userspace daemon not yet present)
CVE-2012-5531 (Multiple cross-site scripting (XSS) vulnerabilities in the GateIn ...)
	NOT-FOR-US: GateIn Portal
CVE-2012-5530 (The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot ...)
	- pcp 3.7.1 (bug #698735; low)
	NOTE: first package in unstable is 3.7.1 (package has no debian revision)
	[squeeze] - pcp 3.3.3-squeeze3
CVE-2012-5529 (TraceManager in Firebird 2.5.0 and 2.5.1, when trace is enabled, ...)
	{DSA-2648-1}
	- firebird2.5 2.5.2~svn+54698.ds4-2 (low; bug #693210)
	- firebird2.1 <not-affected> (Only affects 2.5.x)
CVE-2012-5528
	RESERVED
CVE-2012-5527
	RESERVED
	- claws-mail-extra-plugins 3.8.1-2 (unimportant; bug #693391)
	NOTE: More of a plain bug than a security vulnerability
CVE-2012-5526 (CGI.pm module before 3.63 for Perl does not properly escape newlines ...)
	{DSA-2587-1 DSA-2586-1}
	- perl 5.14.2-16 (bug #693420)
	- libcgi-pm-perl 3.61-2 (bug #693421)
	NOTE: http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
	NOTE: https://github.com/markstos/CGI.pm/pull/23
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=877015
CVE-2012-5525 (The get_page_from_gfn hypercall function in Xen 4.2 allows local PV ...)
	- xen <not-affected> (Only affects Xen 4.2 and xen-unstable)
CVE-2012-5524 (The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 ...)
	- gajim 0.15.4-1 (low; bug #693282)
	[wheezy] - gajim 0.15.1-4.1
	[squeeze] - gajim <no-dsa> (Minor issue)
CVE-2012-5523 (core/email_api.php in MantisBT before 1.2.12 does not properly manage ...)
	- mantis 1.2.11-1.2 (bug #693283)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=14704
CVE-2012-5522 (MantisBT before 1.2.12 does not use an expected default value during ...)
	- mantis 1.2.11-1.2 (bug #693283)
	[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=14496
CVE-2012-5521
	RESERVED
	- quagga <unfixed> (unimportant; bug #693102)
	NOTE: Not reproducible so far
CVE-2012-5520 (The send_to_sourcefire function in manage_sql.c in OpenVAS Manager 3.x ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2012-5519 (CUPS 1.4.4, when running in certain Linux distributions such as Debian ...)
	{DSA-2600-1}
	- cups 1.5.3-2.7 (bug #692791)
	NOTE: http://seclists.org/oss-sec/2012/q4/253
CVE-2012-5518
	RESERVED
	NOT-FOR-US: ovirt / vsdm
CVE-2012-5517 (The online_pages function in mm/memory_hotplug.c in the Linux kernel ...)
	- linux 3.2.41-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-5516 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, when ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation Manager
CVE-2012-5515 (The (1) XENMEM_decrease_reservation, (2) XENMEM_populate_physmap, and ...)
	{DSA-2582-1}
	- xen 4.1.3-5
CVE-2012-5514 (The guest_physmap_mark_populate_on_demand function in Xen 4.2 and ...)
	{DSA-2582-1}
	- xen 4.1.3-6
CVE-2012-5513 (The XENMEM_exchange handler in Xen 4.2 and earlier does not properly ...)
	{DSA-2582-1}
	- xen 4.1.3-5
CVE-2012-5512 (Array index error in the HVMOP_set_mem_access handler in Xen 4.1 ...)
	- xen 4.1.3-5
	[squeeze] - xen <not-affected> (Only affects Xen 4.1)
CVE-2012-5511 (Stack-based buffer overflow in the dirty video RAM tracking ...)
	{DSA-2636-1}
	- xen 4.1.3-5
CVE-2012-5510 (Xen 4.x, when downgrading the grant table version, does not properly ...)
	{DSA-2582-1}
	- xen 4.1.3-5
CVE-2012-5509 (aeolus-configserver-setup in the Aeolas Configuration Server, as used ...)
	NOT-FOR-US: Aeolus Cloud Configuration tool (not the pipe organ simulator in Debian)
CVE-2012-5508 (The error pages in Plone before 4.2.3 and 4.3 before beta 1 allow ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/24
CVE-2012-5507 (AccessControl/AuthEncoding.py in Zope before 2.13.19, as used in Plone ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/23
CVE-2012-5506 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5505 (atat.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/21
CVE-2012-5504 (Cross-site scripting (XSS) vulnerability in widget_traversal.py in ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5503 (ftp.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5502 (Cross-site scripting (XSS) vulnerability in safe_html.py in Plone ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5501 (at_download.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5500 (The batch id change script (renameObjectsByPaths.py) in Plone before ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5499 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5498 (queryCatalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5497 (membership_tool.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5496 (kupu_spellcheck.py in Kupu in Plone before 4.0 allows remote attackers ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5495 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5494 (Cross-site scripting (XSS) vulnerability in python_scripts.py in Plone ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5493 (gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5492 (uid_catalog.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5491 (z3c.form, as used in Plone before 4.2.3 and 4.3 before beta 1, allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5490 (Cross-site scripting (XSS) vulnerability in kssdevel.py in Plone ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5489 (The App.Undo.UndoSupport.get_request_var_or_attr function in Zope ...)
	- zope2.12 <unfixed> (bug #692899)
	[wheezy] - zope2.12 <no-dsa> (Minor issue)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/05
CVE-2012-5488 (python_scripts.py in Plone before 4.2.3 and 4.3 before beta 1 allows ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
CVE-2012-5487 (The sandbox whitelisting function (allowmodule.py) in Plone before ...)
	- zope2.12 <unfixed> (unimportant; bug #692899)
	NOTE: Non-issue, see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=692899#20
CVE-2012-5486 (ZPublisher.HTTPRequest._scrubHeader in Zope 2 before 2.13.19, as used ...)
	- zope2.12 2.12.26-1 (bug #692899)
	NOTE: https://plone.org/products/plone/security/advisories/20121106/02
CVE-2012-5485 (registerConfiglet.py in Plone before 4.2.3 and 4.3 before beta 1 ...)
	NOT-FOR-US: Plone not packaged in Debian, see bug #692899
	NOTE: https://plone.org/products/plone/security/advisories/20121106/01
CVE-2012-5484 (The client in FreeIPA 2.x and 3.x before 3.1.2 does not properly ...)
	NOT-FOR-US: FreeIPA
CVE-2012-5483 (tools/sample_data.sh in OpenStack Keystone 2012.1.3, when access to ...)
	- keystone <not-affected> (Debian packaging enforces correct permissions)
CVE-2012-5482 (The v2 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
	- glance 2012.1.1-3 (bug #692641)
CVE-2012-5481 (Moodle 2.3.x before 2.3.3 allows remote authenticated users to bypass ...)
	- moodle <not-affected> (Doesn't affect 1.9 or 2.2)
CVE-2012-5480 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5479 (The Portfolio plugin in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5478 (The AuthorizationInterceptor in JBoss Enterprise Application Platform ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-5477 (The smart proxy in Foreman before 1.1 uses a umask set to 0, which ...)
	- foreman <itp> (bug #663101)
CVE-2012-5476
	RESERVED
	- horizon <not-affected> (File is installed with 0700 perms in Debian)
CVE-2012-5475 [YUI 2.x security issue regarding embedded SWF files]
	REJECTED
CVE-2012-5474
	RESERVED
	- horizon 2012.1.1-7
CVE-2012-5473 (The Database activity module in Moodle 2.1.x before 2.1.9, 2.2.x ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5472 (lib/formslib.php in Moodle 2.2.x before 2.2.6 and 2.3.x before 2.3.3 ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5471 (The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x ...)
	- moodle 2.2.3.dfsg-2.6
	[wheezy] - moodle 2.2.3.dfsg-2.6~wheezy0
	[squeeze] - moodle <not-affected> (Doesn't affect 1.9)
CVE-2012-5470 (libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote ...)
	- vlc 2.0.4-1 (bug #692130)
	[wheezy] - vlc 2.0.3-4
	[squeeze] - vlc <no-dsa> (Minor issue)
CVE-2012-5469 (The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-5468 (Heap-based buffer overflow in iconvert.c in the bogolexer component in ...)
	{DSA-2585-1}
	- bogofilter 1.2.2+dfsg1-2 (bug #695139)
CVE-2012-5467
	RESERVED
CVE-2012-5466
	RESERVED
CVE-2012-5465
	RESERVED
CVE-2012-5464
	RESERVED
CVE-2012-5463
	RESERVED
CVE-2012-5462
	RESERVED
CVE-2012-5461
	RESERVED
CVE-2012-5460 (Cross-site scripting (XSS) vulnerability in the help page in Juniper ...)
	NOT-FOR-US: Juniper IVE OS
CVE-2012-5459 (Untrusted search path vulnerability in VMware Workstation 8.x before ...)
	NOT-FOR-US: VMware
CVE-2012-5458 (VMware Workstation 8.x before 8.0.5 and VMware Player 4.x before 4.0.5 ...)
	NOT-FOR-US: VMware
CVE-2012-5457
	RESERVED
CVE-2012-5456 (The Zoner AntiVirus Free application for Android does not verify that ...)
	NOT-FOR-US: Zoner AntiVirus Free
CVE-2012-5455 (Cross-site scripting (XSS) vulnerability in the language search ...)
	NOT-FOR-US: Joomla! component
CVE-2012-5454 (user/index_inline_editor_submit.php in ATutor AContent 1.2-1 does not ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5453 (SQL injection vulnerability in user/index_inline_editor_submit.php in ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5452 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...)
	NOT-FOR-US: Subrion CMS
CVE-2011-5212 (SQL injection vulnerability in admin/index.php in Subrion CMS 2.0.4 ...)
	NOT-FOR-US: Subrion CMS
CVE-2011-5211 (Cross-site scripting (XSS) vulnerability in the poll module in Subrion ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-5451 (Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi ...)
	NOT-FOR-US: TVMOBiLi
CVE-2012-5450 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2012-5449
	RESERVED
CVE-2012-5448
	RESERVED
CVE-2012-5447
	RESERVED
CVE-2012-5446
	RESERVED
CVE-2012-5445 (The kernel in Cisco Native Unix (CNU) on Cisco Unified IP Phone 7900 ...)
	NOT-FOR-US: Cisco Native Unix
CVE-2012-5444 (Cisco TelePresence Video Communication Server (VCS) X7.0.3 does not ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-5443
	RESERVED
CVE-2012-5442
	RESERVED
CVE-2012-5441
	RESERVED
CVE-2012-5440
	RESERVED
CVE-2012-5439
	RESERVED
CVE-2012-5438
	RESERVED
CVE-2012-5437
	RESERVED
CVE-2012-5436
	RESERVED
CVE-2012-5435
	RESERVED
CVE-2012-5434
	RESERVED
CVE-2012-5433
	RESERVED
CVE-2012-5432
	RESERVED
CVE-2012-5431
	RESERVED
CVE-2012-5430
	RESERVED
CVE-2012-5429 (The VPN driver in Cisco VPN Client on Windows does not properly ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2012-5428
	RESERVED
CVE-2012-5427 (Cisco IOS Unified Border Element (CUBE) in Cisco IOS before 15.3(2)T ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5426
	RESERVED
CVE-2012-5425
	RESERVED
CVE-2012-5424 (Cisco Secure Access Control System (ACS) 5.x before 5.2 Patch 11 and ...)
	NOT-FOR-US: Cisco
CVE-2012-5423
	RESERVED
CVE-2012-5422 (Unspecified vulnerability in Cisco IOS before 15.3(2)T on AS5400 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5421
	RESERVED
CVE-2012-5420
	RESERVED
CVE-2012-5419 (Cisco Adaptive Security Appliance (ASA) software 8.7.1 and 8.7.1.1 for ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance
CVE-2012-5418
	RESERVED
CVE-2012-5417 (Cisco Prime Data Center Network Manager (DCNM) before 6.1(1) does not ...)
	NOT-FOR-US: Cisco
CVE-2012-5416 (Buffer overflow in Cisco Unified MeetingPlace Web Conferencing before ...)
	NOT-FOR-US: Cisco
CVE-2012-5415 (Race condition on Cisco Adaptive Security Appliances (ASA) devices ...)
	NOT-FOR-US: Cisco
CVE-2012-5414
	RESERVED
CVE-2012-5413
	RESERVED
CVE-2012-5412
	RESERVED
CVE-2012-5411
	RESERVED
CVE-2012-5410
	RESERVED
CVE-2012-5409 (AscoServer.exe in the server in Siemens SiPass integrated MP2.6 and ...)
	NOT-FOR-US: Siemens SiPass
CVE-2012-5408
	RESERVED
CVE-2012-5407
	RESERVED
CVE-2012-5406
	RESERVED
CVE-2012-5405
	RESERVED
CVE-2012-5404
	RESERVED
CVE-2012-5403
	RESERVED
CVE-2012-5402
	RESERVED
CVE-2012-5401
	RESERVED
CVE-2012-5400
	RESERVED
CVE-2012-5399
	RESERVED
CVE-2012-5398
	RESERVED
CVE-2012-5397
	RESERVED
CVE-2012-5396
	RESERVED
CVE-2012-5395 (Session fixation vulnerability in the CentralAuth extension for ...)
	NOT-FOR-US: Mediawiki extension CentralAuth
CVE-2012-5394 (Cross-site request forgery (CSRF) vulnerability in the CentralAuth ...)
	NOT-FOR-US: mediawiki extension CentralAuth
CVE-2012-5393
	RESERVED
CVE-2012-5392
	RESERVED
CVE-2012-5391 (Session fixation vulnerability in Special:UserLogin in MediaWiki ...)
	- mediawiki 1:1.19.3-1 (bug #694998)
	[squeeze] - mediawiki 1:1.15.5-2squeeze5
CVE-2012-5390 (The standard universe shadow (condor_shadow.std) component in Condor ...)
	- condor <not-affected> (standard universe is disabled in the Debian package, see bug #697936)
	NOTE: http://research.cs.wisc.edu/htcondor/security/vulnerabilities/CONDOR-2012-0003.html
CVE-2012-5389
	RESERVED
CVE-2012-5388 (Cross-site scripting (XSS) vulnerability in wlcms-plugin.php in the ...)
	NOT-FOR-US: White Label CMS
CVE-2012-5387 (Cross-site request forgery (CSRF) vulnerability in wlcms-plugin.php in ...)
	NOT-FOR-US: WordPress plugin White Label CMS
CVE-2012-5386 (Directory traversal vulnerability in index.php in phpPaleo 4.8b180 ...)
	NOT-FOR-US: phpPaleo
CVE-2012-5385 (install/index.php in Craig Knudsen WebCalendar before 1.2.5 allows ...)
	- webcalendar <removed>
CVE-2012-5384 (Multiple cross-site scripting (XSS) vulnerabilities in Craig Knudsen ...)
	- webcalendar <removed>
CVE-2012-5376 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5375 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
	- linux 3.8-1 (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5374 (The CRC32C feature in the Btrfs implementation in the Linux kernel ...)
	- linux 3.8-1 (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: btrfs support in Squeeze/Wheezy is not ready for production use
CVE-2012-5373 (Oracle Java SE 7 and earlier, and OpenJDK 7 and earlier, computes hash ...)
	- openjdk-6 <removed> (low)
	[wheezy] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
	[squeeze] - openjdk-6 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
	- openjdk-7 <removed> (low)
	[jessie] - openjdk-7 <ignored> (Minor issue, no icedtea fix, too complex to backport)
	[wheezy] - openjdk-7 <no-dsa> (Minor issue, no icedtea fix, too complex to backport)
CVE-2012-5372 (Rubinius computes hash values without properly restricting the ability ...)
	- rubinius  <itp> (bug #591817)
CVE-2012-5371 (Ruby (aka CRuby) 1.9 before 1.9.3-p327 and 2.0 before r37575 computes ...)
	{DLA-263-1}
	- ruby1.8 <not-affected> (Only affects 1.9.x)
	- ruby1.9.1 1.9.3.194-4 (bug #693024)
CVE-2012-5370 (JRuby computes hash values without properly restricting the ability to ...)
	{DLA-209-1}
	- jruby 1.5.6-5 (bug #694694)
CVE-2012-5369
	RESERVED
CVE-2012-5368 (phpMyAdmin 3.5.x before 3.5.3 uses JavaScript code that is obtained ...)
	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5367 (Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow ...)
	NOT-FOR-US: OrangeHRM
CVE-2012-5366
	RESERVED
	NOT-FOR-US: Mac OS X
CVE-2012-5365
	RESERVED
	- kfreebsd-8 <removed> (low; bug #690986)
	- kfreebsd-9 <removed> (low)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
CVE-2012-5364
	RESERVED
	NOT-FOR-US: Microsoft Windows
CVE-2012-5363
	RESERVED
	- kfreebsd-8 <removed> (low; bug #690986)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-9 <removed> (low)
CVE-2012-5362
	RESERVED
	NOT-FOR-US: Microsoft Windows
CVE-2012-5361 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
	NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5360 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
	NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5359 (Libavcodec in FFmpeg before 0.11 allows remote attackers to execute ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: http://technet.microsoft.com/en-us/security/msvr/msvr12-017
	NOTE: upstream needs a proper sample to reproduce the issue
CVE-2012-5358 (The XSLTCompiledTransform function in Ektron Content Management System ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2012-5357 (Ektron Content Management System (CMS) before 8.02 SP5 uses the ...)
	NOT-FOR-US: Ektron Content Management System
CVE-2012-5356 (The apt-add-repository tool in Ubuntu Software Properties 0.75.x ...)
	NOT-FOR-US: apt-add-repository
CVE-2012-5355 (welcome.py in xdiagnose before 2.5.2ubuntu0.1 allows local users to ...)
	NOT-FOR-US: xdiagnose
CVE-2012-5354 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
	- iceape <not-affected> (Only affects 16.x release from experimental)
	- iceweasel <not-affected> (Only affects 16.x release from experimental)
	- icedove <not-affected> (Only affects 16.x release from experimental)
CVE-2012-5383 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	- mysql-5.1 <not-affected> (Windows issue only)
	- mysql-5.5 <not-affected> (Windows issue only)
CVE-2012-5382 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	NOT-FOR-US: Zend Server
CVE-2012-5381 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	- php5 <not-affected> (Windows issue only)
CVE-2012-5380 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	- ruby1.8 <not-affected> (Windows issue only)
	- ruby1.9.1 <not-affected> (Windows issue only)
CVE-2012-5379 (** DISPUTED ** Untrusted search path vulnerability in the installation ...)
	NOT-FOR-US: ActivePython
CVE-2012-5378 (Untrusted search path vulnerability in the installation functionality ...)
	NOT-FOR-US: ActiveTcl
CVE-2012-5377 (Untrusted search path vulnerability in the installation functionality ...)
	NOT-FOR-US: ActivePerl
CVE-2012-5353 (Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge ...)
	NOT-FOR-US: Eduserv
CVE-2012-5352 (Java Open Single Sign-On Project Home (JOSSO) allows remote attackers ...)
	NOT-FOR-US: josso
CVE-2012-5351 (Apache Axis2 allows remote attackers to forge messages and bypass ...)
	- axis2c <removed> (low; bug #690421)
	[squeeze] - axis2c <end-of-life> (Unsupported in squeeze-lts)
	NOTE: https://issues.apache.org/jira/browse/AXIS2C-1607
CVE-2012-5350 (SQL injection vulnerability in the Pay With Tweet plugin before 1.2 ...)
	NOT-FOR-US: wp Pay With Tweet plugin
CVE-2012-5349 (Multiple cross-site scripting (XSS) vulnerabilities in pay.php in the ...)
	NOT-FOR-US: wp Pay With Tweet plugin
CVE-2012-5348 (SQL injection vulnerability in MangosWeb Enhanced 3.0.3 allows remote ...)
	NOT-FOR-US: MangosWeb
CVE-2012-5347 (TinyWebGallery 1.8.3 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-5346 (Cross-site scripting (XSS) vulnerability in wp-live.php in the WP ...)
	NOT-FOR-US: WP live plugin
CVE-2012-5345 (Buffer overflow in the Remote command server (Rcmd.bat) in IpTools ...)
	NOT-FOR-US: batch file
CVE-2012-5344 (Directory traversal vulnerability in the WebServer (Thttpd.bat) in ...)
	NOT-FOR-US: batch file
CVE-2012-5343 (Cross-site scripting (XSS) vulnerability in admin/login.php in Limny ...)
	NOT-FOR-US: Limny
CVE-2012-5342 (Multiple SQL injection vulnerabilities in SenseSites CommonSense CMS ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2012-5341 (Multiple cross-site scripting (XSS) vulnerabilities in statistik.php ...)
	NOT-FOR-US: Otterware StatIt
CVE-2011-5210 (Directory traversal vulnerability in admin/preview.php in Limny 3.0.0 ...)
	NOT-FOR-US: Limny
CVE-2011-5209 (Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone ...)
	NOT-FOR-US: GraphicsClone
CVE-2012-5340
	RESERVED
CVE-2012-5339 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin <not-affected> (Only affects 3.5.x, not packaged yet, see #691728)
CVE-2012-5338 (Open redirect vulnerability in JForum 2.1.9 allows remote attackers to ...)
	NOT-FOR-US: JForum
CVE-2012-5337 (Multiple cross-site scripting (XSS) vulnerabilities in jforum.page in ...)
	NOT-FOR-US: jForum
CVE-2012-5336 (lib/base.php in ownCloud before 4.0.8 does not properly validate the ...)
	- owncloud 4.0.8debian-1
CVE-2012-5335 (Directory traversal vulnerability in Tiny Server 1.1.5 allows remote ...)
	NOT-FOR-US: Tiny Server
CVE-2012-5334 (SQL injection vulnerability in product_desc.php in Pre Printing Press ...)
	NOT-FOR-US: Pre Printing Press
CVE-2012-5333 (SQL injection vulnerability in page.php in Pre Printing Press allows ...)
	NOT-FOR-US: Pre Printing Press
CVE-2012-5332 (at32 Reverse Proxy 1.060.310 allows remote attackers to cause a denial ...)
	NOT-FOR-US: at32 Reverse Proxy
CVE-2012-5331 (Directory traversal vulnerability in asaanCart 0.9 allows remote ...)
	NOT-FOR-US: asaanCart
CVE-2012-5330 (Multiple cross-site scripting (XSS) vulnerabilities in asaanCart 0.9 ...)
	NOT-FOR-US: asaanCart
CVE-2012-5329 (Buffer overflow in TYPSoft FTP Server 1.1 allows remote authenticated ...)
	NOT-FOR-US: TYPSoft FTP
CVE-2012-5328 (Multiple SQL injection vulnerabilities in the Mingle Forum plugin ...)
	NOT-FOR-US: WP Mingle Forum
CVE-2012-5327 (Multiple SQL injection vulnerabilities in fs-admin/fs-admin.php in the ...)
	NOT-FOR-US: WP Mingle Forum
CVE-2012-5326 (Cross-site request forgery (CSRF) vulnerability in admin/function.php ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2012-5325 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WP Shortcode
CVE-2012-5324 (Multiple buffer overflows in the Pdf Printer Preferences ActiveX ...)
	NOT-FOR-US: PDF-XChange
CVE-2012-5323 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Xavi ADSL router
CVE-2012-5322 (Multiple cross-site scripting (XSS) vulnerabilities in Xavi X7968 ...)
	NOT-FOR-US: Xavi ADSL router
CVE-2012-5321 (tiki-featured_link.php in TikiWiki CMS/Groupware 8.3 allows remote ...)
	- tikiwiki <removed>
CVE-2012-5320 (Cross-site request forgery (CSRF) vulnerability in password.cgi in ...)
	NOT-FOR-US: Sagem
CVE-2012-5319 (Cross-site request forgery (CSRF) vulnerability in setup/security.cgi ...)
	NOT-FOR-US: D-link
CVE-2012-5318 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: WP Kish
CVE-2012-5317 (SQL injection vulnerability in main_bigware_43.php in Bigware Shop ...)
	NOT-FOR-US: Bigware Shop
CVE-2012-5316 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Spam ...)
	NOT-FOR-US: Barracuda
CVE-2012-5315 (Multiple cross-site scripting (XSS) vulnerabilities in php ireport 1.0 ...)
	NOT-FOR-US: iReport
CVE-2012-5314 (Cross-site scripting (XSS) vulnerability in ViewGit 0.0.6 and earlier ...)
	NOT-FOR-US: ViewGit
CVE-2012-5313 (SQL injection vulnerability in forum.asp in Snitz Forums 2000 allows ...)
	NOT-FOR-US: Snitz Forums
CVE-2012-5312 (SQL injection vulnerability in Tribiq CMS allows remote attackers to ...)
	NOT-FOR-US: Tribiq CMS
CVE-2012-5311
	REJECTED
CVE-2012-5310 (SQL injection vulnerability in the WP e-Commerce plugin before 3.8.7.6 ...)
	NOT-FOR-US: WP e-Commerce plugin
CVE-2012-5309 (servlet/traveler in IBM Lotus Notes Traveler through 8.5.3.3 Interim ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-5308 (Cross-site request forgery (CSRF) vulnerability in servlet/traveler in ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-5307 (Cross-site scripting (XSS) vulnerability in servlet/traveler in IBM ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-5306 (Stack-based buffer overflow in the SelectDirectory method in ...)
	NOT-FOR-US: D-Link
CVE-2012-5305 (Cross-site scripting (XSS) vulnerability in CMD_DOMAIN in JBMC ...)
	NOT-FOR-US: DirectAdmin
CVE-2012-5304 (Static code injection vulnerability in administration/install.php in ...)
	NOT-FOR-US: YVS
CVE-2012-5303 (Monkey HTTP Daemon 0.9.3 might allow local users to overwrite ...)
	- monkey <removed> (unimportant)
CVE-2012-5302 (The server in TIBCO Formvine 3.1.x and 3.2.x before 3.2.1 does not ...)
	NOT-FOR-US: TIBCO Formvine
CVE-2011-5208 (Multiple directory traversal vulnerabilities in the BackWPup plugin ...)
	NOT-FOR-US: BackWPup
CVE-2010-5279 (article.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
	NOT-FOR-US: VWar
CVE-2010-5278 (Directory traversal vulnerability in ...)
	NOT-FOR-US: MODx Revolution
CVE-2010-5277 (Unspecified vulnerability in the Views Bulk Operations module 6 before ...)
	NOT-FOR-US: Drupal Views Bulk Operations
CVE-2010-5276 (The Memcache module 5.x before 5.x-1.10 and 6.x before 6.x-1.6 for ...)
	NOT-FOR-US: Drupal Memcache
CVE-2010-5275 (Cross-site scripting (XSS) vulnerability in memcache_admin in the ...)
	NOT-FOR-US: Drupal Memcache
CVE-2012-5301 (The default configuration of Cerberus FTP Server before 5.0.4.0 ...)
	NOT-FOR-US: Cerberus
CVE-2012-5300 (SQL injection vulnerability in art_catalogo.php in MyStore Xpress ...)
	NOT-FOR-US: MyStore Xpress
CVE-2012-5299 (Mavili Guestbook, as released in November 2007, allows remote attackers to ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5298 (Mavili Guestbook, as released in November 2007, stores guestbook.mdb under ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5297 (SQL injection vulnerability in edit.asp in Mavili Guestbook, as ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5296 (Multiple cross-site scripting (XSS) vulnerabilities in Mavili ...)
	NOT-FOR-US: Mavili Guestbook
CVE-2012-5295 (Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk ...)
	NOT-FOR-US: FuseTalk
CVE-2012-5294 (SQL injection vulnerability in art_detalle.php in MyStore Xpress ...)
	NOT-FOR-US: MyStore Xpress
CVE-2012-5293 (Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 ...)
	NOT-FOR-US: SAPID CMS
CVE-2012-5292 (Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow ...)
	NOT-FOR-US: Atar2b
CVE-2012-5291 (SQL injection vulnerability in team.php in Posse Softball Director CMS ...)
	NOT-FOR-US: Posse Softball Director
CVE-2012-5290 (Multiple SQL injection vulnerabilities in EasyWebRealEstate allow ...)
	NOT-FOR-US: EasyWebRealEstate
CVE-2012-5289 (Multiple SQL injection vulnerabilities in Plogger 1.0 RC1 allow remote ...)
	NOT-FOR-US: Plogger
CVE-2012-5288 (SQL injection vulnerability in page.php in phpMyDirectory 1.3.3 allows ...)
	NOT-FOR-US: phpMyDirectory
CVE-2011-5207 (Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php ...)
	NOT-FOR-US: WP TheCartPress
CVE-2011-5206 (Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech ...)
	NOT-FOR-US: Rapidleech
CVE-2011-5205 (Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 ...)
	NOT-FOR-US: Rapidleech
CVE-2011-5204 (Akiva WebBoard 8.x stores passwords in plaintext, which allows local ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2011-5203 (SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2012-XXXX [gunicorn fails to drop supplemental groups]
	- gunicorn 0.14.5-3 (low)
	[squeeze] - gunicorn <no-dsa> (Minor issue)
CVE-2012-5287 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5286 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5285 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5284
	REJECTED
CVE-2012-5283
	REJECTED
CVE-2012-5282
	REJECTED
CVE-2012-5281
	REJECTED
CVE-2012-5280 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5279 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5278 (Adobe Flash Player before 10.3.183.43 and 11.x before 11.5.502.110 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5277 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5276 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5275 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5274 (Buffer overflow in Adobe Flash Player before 10.3.183.43 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5273 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-5272 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5271 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5270 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5269 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5268 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5267 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5266 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5265 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5264 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5263 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5262 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5261 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5260 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5259 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5258 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5257 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5256 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5255 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5254 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5253 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5252 (Adobe Flash Player before 10.3.183.29 and 11.x before 11.4.402.287 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5251 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5250 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5249 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5248 (Buffer overflow in Adobe Flash Player before 10.3.183.29 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-5247
	RESERVED
CVE-2012-5246
	RESERVED
CVE-2012-5245
	RESERVED
CVE-2012-5244 (Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and ...)
	NOT-FOR-US: Banana Dance
CVE-2012-5243 (functions/suggest.php in Banana Dance B.2.6 and earlier allows remote ...)
	NOT-FOR-US: Banana Dance
CVE-2012-5242 (Directory traversal vulnerability in functions/suggest.php in Banana ...)
	NOT-FOR-US: Banana Dance
CVE-2012-5241
	RESERVED
	NOT-FOR-US: PEAR module for Twitter
CVE-2012-5240 (Buffer overflow in the dissect_tlv function in ...)
	- wireshark 1.8.2-2 (bug #689972)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5239
	REJECTED
CVE-2012-5238 (epan/dissectors/packet-ppp.c in the PPP dissector in Wireshark 1.8.x ...)
	- wireshark 1.8.2-2 (bug #689972)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5237 (The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP ...)
	- wireshark 1.8.2-2 (bug #689972)
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-5236 [Admin can decrypt user files]
	RESERVED
	- owncloud 5.0.3+dfsg-1
	[wheezy] - owncloud <no-dsa> (Low risk, requires entensive changes, will be fully fixed in 5.0)
	NOTE: http://owncloud.org/about/security/advisories/CVE-2012-5236/
CVE-2012-5235
	RESERVED
CVE-2012-5234 (Open redirect vulnerability in index.php in ocPortal before 7.1.6 ...)
	- ocportal <itp> (bug #625865)
CVE-2012-5233 (Cross-site scripting (XSS) vulnerability in the stickynote module ...)
	NOT-FOR-US: Drupal stickynote
CVE-2012-5232 (Cross-site scripting (XSS) vulnerability in the Quickl Form component ...)
	NOT-FOR-US: Joomla component
CVE-2012-5231 (miniCMS 1.0 and 2.0 allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: miniCMS
CVE-2012-5230 (Unspecified vulnerability in the JE Story Submit (com_jesubmit) ...)
	NOT-FOR-US: Joomla jesusmit
CVE-2012-5229 (Cross-site scripting (XSS) vulnerability in css/gallery-css.php in the ...)
	NOT-FOR-US: WP Gallery2
CVE-2012-5228 (Cross-site scripting (XSS) vulnerability in admin/index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2012-5227 (SQL injection vulnerability in administrer/tva.php in Peel SHOPPING ...)
	NOT-FOR-US: Peel Shopping
CVE-2012-5226 (Multiple cross-site scripting (XSS) vulnerabilities in Peel SHOPPING ...)
	NOT-FOR-US: Peel Shopping
CVE-2012-5225 (Cross-site scripting (XSS) vulnerability in webscr.php in xClick Cart ...)
	NOT-FOR-US: xClick
CVE-2012-5224 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: vbadvanced CMPS
CVE-2012-5223 (The proc_deutf function in includes/functions_vbseocp_abstract.php in ...)
	NOT-FOR-US: vBSEO
CVE-2012-5222 (HP Service Manager Web Tier 9.31 before 9.31.2004 p2 allows remote ...)
	NOT-FOR-US: HP Service Manager
CVE-2012-5221 (Directory traversal vulnerability in the PostScript Interpreter, as ...)
	NOT-FOR-US: HP LaserJet
CVE-2012-5220 (Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, ...)
	NOT-FOR-US: HP Storage Data Protector
CVE-2012-5219 (Cross-site scripting (XSS) vulnerability in HP Managed Printing ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2012-5218 (HP ElitePad 900 PCs with BIOS F.0x before F.01 Update 1.0.0.8 do not ...)
	NOT-FOR-US: HP ElitePad 900
CVE-2012-5217 (HP System Management Homepage (SMH) before 7.2.1 allows remote ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-5216 (Cross-site request forgery (CSRF) vulnerability on HP ProCurve 1700-8 ...)
	NOT-FOR-US: HP ProCurve
CVE-2012-5215 (Unspecified vulnerability on the HP LaserJet Pro M1212nf, M1213nf, ...)
	NOT-FOR-US: HP LaserJet Pro
CVE-2012-5214 (Unspecified vulnerability in HP ServiceCenter 6.2.8 before 6.2.8.10 ...)
	NOT-FOR-US: HP ServiceCenter
CVE-2012-5213 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5212 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5211 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5210 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5209 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5208 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5207 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5206 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5205 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5204 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5203 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5202 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5201 (Unspecified vulnerability in HP Intelligent Management Center (iMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5200 (Cross-site scripting (XSS) vulnerability in HP Intelligent Management ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-5199 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2012-5198 (Unspecified vulnerability in HP ArcSight Connector Appliance before ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2011-5202 (BazisVirtualCDBus.sys in WinCDEmu 3.6 allows local users to cause a ...)
	NOT-FOR-US: WinCDEmu
CVE-2012-5197 (Multiple unspecified vulnerabilities in Condor 7.6.x before 7.6.10 and ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (unimportant)
	NOTE: Not exploitable according to upstream
CVE-2012-5196 (Multiple buffer overflows in Condor 7.6.x before 7.6.10 and 7.8.x ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (unimportant)
	NOTE: Not exploitable according to upstream
CVE-2012-5195 (Heap-based buffer overflow in the Perl_repeatcpy function in util.c in ...)
	{DSA-2586-1}
	- perl 5.14.2-14 (bug #689314)
CVE-2012-5194
	RESERVED
CVE-2012-5193
	RESERVED
CVE-2012-5192 (Directory traversal vulnerability in gmap/view_overlay.php in ...)
	NOT-FOR-US: Bitweaver
CVE-2012-5191
	RESERVED
CVE-2012-5190
	RESERVED
CVE-2012-5189
	REJECTED
CVE-2012-5188 (Untrusted search path vulnerability in mora Downloader before 1.0.0.1 ...)
	NOT-FOR-US: mora Downloader
CVE-2012-5187 (The Weathernews Touch application 2.3.2 and earlier for Android allows ...)
	NOT-FOR-US: Android
CVE-2012-5186 (Cross-site scripting (XSS) vulnerability in FLUGELz netmania myu-s and ...)
	NOT-FOR-US: FLUGELz netmania myu-s, PHP WeblogSystem
CVE-2012-5185 (Directory traversal vulnerability in the Olive Toast Documents Pro ...)
	NOT-FOR-US: Olive Toast Documents Pro File Viewer
CVE-2012-5184 (Cross-site scripting (XSS) vulnerability in the Olive Toast Documents ...)
	NOT-FOR-US: Olive Toast Documents Pro File Viewer
CVE-2012-5183 (The Loctouch application 3.4.6 and earlier for Android allows ...)
	NOT-FOR-US: Loctouch application for Android
CVE-2012-5182 (The Loctouch application 3.4.6 and earlier for Android does not ...)
	NOT-FOR-US: Loctouch application for Android
CVE-2012-5181 (Cross-site scripting (XSS) vulnerability in concrete5 Japanese 5.5.1 ...)
	NOT-FOR-US: concrete5
CVE-2012-5180 (The Opera Mobile application before 12.1 and Opera Mini application ...)
	NOT-FOR-US: Opera Mobile application for Android
CVE-2012-5179 (The Boat Browser application before 4.2 and Boat Browser Mini ...)
	NOT-FOR-US: Boat Browser application for Android
CVE-2012-5178 (Cross-site request forgery (CSRF) vulnerability in the Welcart plugin ...)
	NOT-FOR-US: WordPress Welcart plugin
CVE-2012-5177 (Cross-site scripting (XSS) vulnerability in the Welcart plugin before ...)
	NOT-FOR-US: WordPress Welcart plugin
CVE-2012-5176 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT ...)
	NOT-FOR-US: KENT-WEB ACCESS REPORT
CVE-2012-5175 (Cross-site scripting (XSS) vulnerability in KENT-WEB ACCESS REPORT 4.2 ...)
	NOT-FOR-US: KENT-WEB ACCESS REPORT
CVE-2012-5174 (The KYOCERA AH-K3001V, AH-K3002V, WX300K, WX310K, WX320K, and WX320KR ...)
	NOT-FOR-US: KYOCERA
CVE-2012-5173 (Session fixation vulnerability in BIGACE before 2.7.8 allows remote ...)
	NOT-FOR-US: BIGACE
CVE-2012-5172 (The Asial Monaca Debugger application before 1.4.2 for Android allows ...)
	NOT-FOR-US: Asial Monaca Debugger
CVE-2012-5171 (Directory traversal vulnerability in Be Graph BeZIP before 3.10 allows ...)
	NOT-FOR-US: Be Graph's BeZIP
CVE-2012-5170 (Open redirect vulnerability in Pebble before 2.6.4 allows remote ...)
	NOT-FOR-US: Pebble blog
CVE-2012-5169 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5168 (ATutor AContent before 1.2-1 allows remote attackers to modify ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5167 (Multiple SQL injection vulnerabilities in ATutor AContent before 1.2-1 ...)
	NOT-FOR-US: ATutor AContent
CVE-2012-5166 (ISC BIND 9.x before 9.7.6-P4, 9.8.x before 9.8.3-P4, 9.9.x before ...)
	{DSA-2560-1}
	- bind9 1:9.8.1.dfsg.P1-4.3 (bug #690118)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-5165
	RESERVED
CVE-2012-5164 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
	NOT-FOR-US: Fork CMS
CVE-2012-5163 (Cross-site scripting (XSS) vulnerability in oc-admin/ajax/ajax.php in ...)
	NOT-FOR-US: OSClass not in Debian
CVE-2012-5162 (Multiple SQL injection vulnerabilities in oc-admin/ajax/ajax.php in ...)
	NOT-FOR-US: OSClass not in Debian
CVE-2012-5161 (The XML Service interface in Citrix XenApp 6.5 and 6.5 Feature Pack 1 ...)
	NOT-FOR-US: Citrix XenApp
CVE-2012-5160
	RESERVED
CVE-2012-5158 (Puppet Enterprise (PE) before 2.6.1 does not properly invalidate ...)
	- puppet <not-affected> (Only affects Puppet Enterprise)
CVE-2012-5157 (Google Chrome before 24.0.1312.52 does not properly handle image data ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5156 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5155 (Google Chrome before 24.0.1312.52 on Mac OS X does not use an ...)
	- chromium-browser <not-affected> (Only affects MacOS X)
CVE-2012-5154 (Integer overflow in Google Chrome before 24.0.1312.52 on Windows ...)
	- chromium-browser <not-affected> (Only affects Windows)
CVE-2012-5153 (Google V8 before 3.14.5.3, as used in Google Chrome before ...)
	- libv8 <not-affected> (bug #702261; kMinFixedIndex and kMaxFixedIndex are hard-coded to the correct values in 3.8.9.20, a later commit introduced a caclulation that produced incorrect values)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5152 (Google Chrome before 24.0.1312.52 allows remote attackers to cause a ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 24.0.1312.68-1
CVE-2012-5151 (Integer overflow in Google Chrome before 24.0.1312.52 allows remote ...)
	- chromium-browser <not-affected> (PDF functionality not available in Chromium)
CVE-2012-5150 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	- libav 6:0.8.6-1
CVE-2012-5149 (Integer overflow in the audio IPC layer in Google Chrome before ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5148 (The hyphenation functionality in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5147 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5146 (Google Chrome before 24.0.1312.52 allows remote attackers to bypass ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5145 (Use-after-free vulnerability in Google Chrome before 24.0.1312.52 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5144 (Google Chrome before 23.0.1271.97, and Libav 0.7.x before 0.7.7 and ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- ffmpeg <not-affected> (Vulnerable code not present)
	- libav 6:0.8.5-1 (bug #694483)
	NOTE: libav fix: http://git.libav.org/?p=libav.git;a=commitdiff;h=6d5b0092678b2a95dfe209a207550bd2fe9ef646
CVE-2012-5143 (Integer overflow in Google Chrome before 23.0.1271.97 allows remote ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5142 (Google Chrome before 23.0.1271.97 does not properly handle history ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5141 (Google Chrome before 23.0.1271.97 does not properly restrict ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5140 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5139 (Use-after-free vulnerability in Google Chrome before 23.0.1271.97 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5138 (Google Chrome before 23.0.1271.95 does not properly handle file paths, ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5137 (Use-after-free vulnerability in Google Chrome before 23.0.1271.95 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5136 (Google Chrome before 23.0.1271.91 does not properly perform a cast of ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5135 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5134 (Heap-based buffer underflow in the xmlParseAttValueComplex function in ...)
	{DSA-2580-1}
	- libxml2 2.8.0+dfsg1-7 (bug #694521)
CVE-2012-5133 (Use-after-free vulnerability in Google Chrome before 23.0.1271.91 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5132 (Google Chrome before 23.0.1271.91 allows remote attackers to cause a ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5131 (Google Chrome before 23.0.1271.91 on Mac OS X does not properly ...)
	- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5130 (Skia, as used in Google Chrome before 23.0.1271.91, allows remote ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5129 (Heap-based buffer overflow in the WebGL subsystem in Google Chrome OS ...)
	- mesa 8.0.5-3 (bug #695248)
	[squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2012-5128 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
	- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5127 (Integer overflow in Google Chrome before 23.0.1271.64 allows remote ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
	- libwebp 0.1.3-3+nmu1 (bug #704573)
	NOTE: fixed in experimental version 0.2.1-1
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=442152
	NOTE: Upstream announce: https://groups.google.com/a/webmproject.org/forum/?fromgroups=#!topic/webp-discuss/QTtgi8YfgkE
CVE-2012-5126 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5125 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5124 (Google Chrome before 23.0.1271.64 does not properly handle textures, ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5123 (Skia, as used in Google Chrome before 23.0.1271.64, allows remote ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5122 (Google Chrome before 23.0.1271.64 does not properly perform a cast of ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5121 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5120 (Google V8 before 3.13.7.5, as used in Google Chrome before ...)
	- libv8 <not-affected> (Doesn't affect 3.8.9, see bug #694808)
CVE-2012-5119 (Race condition in Pepper, as used in Google Chrome before ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5118 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly ...)
	- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5117 (Google Chrome before 23.0.1271.64 does not properly restrict the ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5116 (Use-after-free vulnerability in Google Chrome before 23.0.1271.64 ...)
	- chromium-browser 24.0.1312.68-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5115 (Google Chrome before 23.0.1271.64 on Mac OS X does not properly ...)
	- chromium-browser <not-affected> (MacOS-specific)
CVE-2012-5114
	RESERVED
CVE-2012-5113
	RESERVED
CVE-2012-5112 (Use-after-free vulnerability in the SVG implementation in WebKit, as ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5111 (Google Chrome before 22.0.1229.92 does not monitor for crashes of ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5110 (The compositor in Google Chrome before 22.0.1229.92 allows remote ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5109 (The International Components for Unicode (ICU) functionality in Google ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5108 (Race condition in Google Chrome before 22.0.1229.92 allows remote ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-5107
	RESERVED
CVE-2012-5106 (Stack-based buffer overflow in FreeFloat FTP Server 1.0 allows remote ...)
	NOT-FOR-US: FreeFloat FTP Server
CVE-2012-5159 (phpMyAdmin 3.5.2.2, as distributed by the cdnetworks-kr-1 mirror ...)
	- phpmyadmin <not-affected>
CVE-2012-5105 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...)
	NOT-FOR-US: SQLiteManager
CVE-2012-5104 (Cross-site scripting (XSS) vulnerability in forums/ubbthreads.php in ...)
	NOT-FOR-US: UBB.threads
CVE-2012-5103 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Ggb guestbook
CVE-2012-5102 (Cross-site scripting (XSS) vulnerability in inc/extensions.php in ...)
	NOT-FOR-US: VertigoServ
CVE-2012-5101 (SQL injection vulnerability in the JExtensions JE Poll component ...)
	NOT-FOR-US: Joomla! extension
CVE-2012-5100 (Directory traversal vulnerability in HServer 0.1.1 allows remote ...)
	NOT-FOR-US: HServer
CVE-2012-5099 (Cross-site scripting (XSS) vulnerability in list.php in PHPB2B 4.1 and ...)
	NOT-FOR-US: PHPB2B
CVE-2012-5098 (Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, ...)
	NOT-FOR-US: PHP-X-Links
CVE-2012-5097 (Unspecified vulnerability in the Oracle Access Manager component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-5096 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-5095 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 10
CVE-2012-5094 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
	NOT-FOR-US: Oracle Agile PLM
CVE-2012-5093 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
	NOT-FOR-US: Oracle Agile PLM
CVE-2012-5092 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
	NOT-FOR-US: Oracle Agile PLM
CVE-2012-5091 (Unspecified vulnerability in the Oracle Agile Product Supplier ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2012-5090 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2012-5089 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5088 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5087 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5086 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
CVE-2012-5085 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5084 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5083 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-5082 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5081 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
	NOTE: https://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html
	NOTE: https://robotattack.org/
CVE-2012-5080 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5079 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5078 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-5077 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5076 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5075 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5074 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5073 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5072 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5071 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5070 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5069 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5068 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-5067 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-5066 (Unspecified vulnerability in the Oracle Central Designer component in ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-5065 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-5064 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-5063 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-5062 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2012-5061 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-5060 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-5059 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-5058 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-5057 (CRLF injection vulnerability in ownCloud Server before 4.0.8 allows ...)
	- owncloud 4.0.8debian-1
CVE-2012-5056 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server ...)
	- owncloud 4.0.8debian-1
CVE-2012-5055 (DaoAuthenticationProvider in VMware SpringSource Spring Security ...)
	NOT-FOR-US: VMware
CVE-2012-5054 (Integer overflow in the copyRawDataTo method in the Matrix3D class in ...)
	NOT-FOR-US: Adobe Flash player
CVE-2012-5053 (Cross-site scripting (XSS) vulnerability in the Receiver Web User ...)
	NOT-FOR-US: Trimble Infrastructure GNSS Series Receivers
CVE-2012-5052
	RESERVED
CVE-2012-5051 (Directory traversal vulnerability in VMware CapacityIQ 1.5.x allows ...)
	NOT-FOR-US: VMware
CVE-2012-5050 (Cross-site scripting (XSS) vulnerability in the server in VMware ...)
	NOT-FOR-US: VMware
CVE-2012-5049 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...)
	NOT-FOR-US: Optimalog Optima PLC
CVE-2012-5048 (APIFTP Server in Optimalog Optima PLC 1.5.2 and earlier allows remote ...)
	NOT-FOR-US: Optimalog Optima PLC
CVE-2012-5047
	RESERVED
CVE-2012-5046
	RESERVED
CVE-2012-5045
	RESERVED
CVE-2012-5044 (Cisco IOS before 15.3(1)T, when media flow-around is not used, allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5043
	RESERVED
CVE-2012-5042
	RESERVED
CVE-2012-5041
	RESERVED
CVE-2012-5040
	RESERVED
CVE-2012-5039 (The BGP Router process in Cisco IOS before 12.2(50)SY1 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5038
	RESERVED
CVE-2012-5037 (The ACL implementation in Cisco IOS before 15.1(1)SY on Catalyst 6500 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5036 (Cisco IOS before 12.2(50)SY1 allows remote authenticated users to ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5035
	RESERVED
CVE-2012-5034
	RESERVED
CVE-2012-5033
	RESERVED
CVE-2012-5032 (The Flex-VPN load-balancing feature in the ipsec-ikev2 implementation ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5031
	RESERVED
CVE-2012-5030 (Cisco IOS before 15.2(4)S6 does not initialize an unspecified ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5029
	RESERVED
CVE-2012-5028
	RESERVED
CVE-2012-5027
	RESERVED
CVE-2012-5026
	RESERVED
CVE-2012-5025
	RESERVED
CVE-2012-5024
	RESERVED
CVE-2012-5023
	RESERVED
CVE-2012-5022
	RESERVED
CVE-2012-5021
	RESERVED
CVE-2012-5020
	RESERVED
CVE-2012-5019
	RESERVED
CVE-2012-5018
	RESERVED
CVE-2012-5017 (Cisco IOS before 15.1(1)SY1 allows remote authenticated users to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5016
	RESERVED
CVE-2012-5015
	RESERVED
CVE-2012-5014 (Cisco IOS before 15.1(2)SY allows remote authenticated users to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-5013
	RESERVED
CVE-2012-5012
	RESERVED
CVE-2012-5011
	RESERVED
CVE-2012-5010 (ASA 5515-X Adaptive Security Appliance Adaptive Security Appliance ...)
	NOT-FOR-US: Adaptive Security Appliance Adaptive Security Appliance (ASA)
CVE-2012-5009
	RESERVED
CVE-2012-5008
	RESERVED
CVE-2011-5201 (Multiple SQL injection vulnerabilities in sign.php in tinyguestbook ...)
	NOT-FOR-US: tinyguestbook
CVE-2011-5200 (Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow ...)
	NOT-FOR-US: DeDeCMS
CVE-2011-5199 (Cross-site scripting (XSS) vulnerability in sign.php in tinyguestbook ...)
	NOT-FOR-US: tinyguestbook
CVE-2011-5198 (SQL injection vulnerability in search.php in Neturf eCommerce Shopping ...)
	NOT-FOR-US: Neturf eCommerce Shopping Cart
CVE-2011-5197 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Public Knowledge Project Open Harvester Systems
CVE-2011-5196 (Cross-site request forgery (CSRF) vulnerability in ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2011-5195 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Public Knowledge Project Open Conference Systems
CVE-2011-5194 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress Whois search plugin
CVE-2011-5193 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress Whois search plugin
CVE-2011-5192 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty ...)
	NOT-FOR-US: Wordpress Pretty Link Lite plugin
CVE-2011-5191 (Cross-site scripting (XSS) vulnerability in pretty-bar.php in Pretty ...)
	NOT-FOR-US: Wordpress Pretty Link Lite plugin
CVE-2012-5007 (The Fill PDF module 7.x-1.x before 7.x-1.2 for Drupal allows remote ...)
	NOT-FOR-US: Drupal addon Fill PDF
CVE-2012-5006 (Heap-based buffer overflow in npdjvu.dll in Caminova DjVu Browser ...)
	NOT-FOR-US: Caminova DjVu Browser
CVE-2012-5005 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: VR GPub
CVE-2012-5004 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Parallels H-Sphere
CVE-2012-5003 (nxapplet.jar in No Machine NX Web Companion 3.x and earlier does not ...)
	NOT-FOR-US: No Machine NX Web Companion
CVE-2012-5002 (Stack-based buffer overflow in SR10 FTP server (SR10.exe) 1.1.0.6 in ...)
	NOT-FOR-US: SR10 FTP server in Ricoh DC Software
CVE-2012-5001 (Multiple unspecified vulnerabilities in Hitachi JP1/Cm2/Network Node ...)
	NOT-FOR-US: Hitachi JP1/Cm2/Network Node Manager
CVE-2012-5000 (SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2012-4999 (Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote ...)
	NOT-FOR-US: Mercury MR804 Router
CVE-2012-4998 (Cross-site scripting (XSS) vulnerability in index.php in starCMS ...)
	NOT-FOR-US: starCMS
CVE-2012-4997 (Directory traversal vulnerability in acp/index.php in AneCMS allows ...)
	NOT-FOR-US: AneCMS
CVE-2012-4996 (Multiple SQL injection vulnerabilities in RivetTracker 1.03 and ...)
	NOT-FOR-US: RivetTracker
CVE-2012-4995 (Cross-site scripting (XSS) vulnerability in ...)
	- limesurvey <itp> (bug #472802)
CVE-2012-4994 (SQL injection vulnerability in admin/admin.php in LimeSurvey before ...)
	- limesurvey <itp> (bug #472802)
CVE-2012-4993 (torrent_functions.php in RivetTracker 1.03 and earlier does not ...)
	NOT-FOR-US: RivetTracker
CVE-2012-4992 (Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote ...)
	NOT-FOR-US: FlashFXP
CVE-2012-4991 (Multiple directory traversal vulnerabilities in Axway SecureTransport ...)
	NOT-FOR-US: Axway SecureTransport
CVE-2012-4990 (SQL injection vulnerability in admin/campaign-zone-link.php in OpenX ...)
	NOT-FOR-US: OpenX
CVE-2012-4989 (Cross-site scripting (XSS) vulnerability in admin/plugin-index.php in ...)
	NOT-FOR-US: OpenX
CVE-2012-4988 (Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or ...)
	NOT-FOR-US: XnView
CVE-2012-4987 (Stack-based buffer overflow in RealNetworks RealPlayer 15.0.5.109 ...)
	NOT-FOR-US: RealPlayer
CVE-2012-4986
	RESERVED
CVE-2012-4985 (The Forescout CounterACT NAC device 6.3.4.1 does not block ARP and ...)
	NOT-FOR-US: Forescout device
CVE-2012-4984
	RESERVED
CVE-2012-4983 (Multiple cross-site scripting (XSS) vulnerabilities on the Forescout ...)
	NOT-FOR-US: Forescout device
CVE-2012-4982 (Open redirect vulnerability in assets/login on the Forescout ...)
	NOT-FOR-US: Forescout device
CVE-2012-4981
	RESERVED
CVE-2012-4980
	RESERVED
CVE-2012-4979
	RESERVED
CVE-2012-4978
	RESERVED
CVE-2012-4977 (Layton Helpbox 4.4.0 allows remote attackers to discover cleartext ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4976 (selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4975 (editrequestuser.asp in Layton Helpbox 4.4.0 allows remote ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4974 (Layton Helpbox 4.4.0 allows remote authenticated users to change the ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4973
	RESERVED
CVE-2012-4972 (Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4971 (Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow ...)
	NOT-FOR-US: Layton Helpbox
CVE-2012-4970 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Polycom HDX Video End Points
CVE-2011-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Social Book ...)
	NOT-FOR-US: Social Book Facebook Clone 2010
CVE-2011-5189 (Cross-site scripting (XSS) vulnerability in the Webform Validation ...)
	NOT-FOR-US: Drupal addon
CVE-2011-5187 (Cross-site scripting (XSS) vulnerability in the Support Ticketing ...)
	NOT-FOR-US: Drupal addon
CVE-2011-5186 (Cross-site scripting (XSS) vulnerability in jbshop.php in the jbShop ...)
	NOT-FOR-US: jbShop plugin for e107
CVE-2011-5185 (Cross-site scripting (XSS) vulnerability in video_comments.php in ...)
	NOT-FOR-US: Online Subtitles Workshop
CVE-2011-5184 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-5182 (** DISPUTED ** ...)
	NOT-FOR-US: Wordpress Lanoba Social plugin
CVE-2011-5181 (Cross-site scripting (XSS) vulnerability in clickdesk.php in ClickDesk ...)
	NOT-FOR-US: Wordpress ClickDesk Live Support - Live Chat plugin
CVE-2011-5180 (Cross-site scripting (XSS) vulnerability in wp-1pluginjquery.php in ...)
	NOT-FOR-US: Wordpress ZooEffect plugin
CVE-2011-5179 (Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php ...)
	NOT-FOR-US: Skysa App Bar
CVE-2011-5177 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2012-4969 (Use-after-free vulnerability in the CMshtmlEd::Exec function in ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-4968 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
	- silverstripe <itp> (bug #528461)
CVE-2012-4967
	REJECTED
CVE-2012-4966
	REJECTED
CVE-2012-4965
	REJECTED
CVE-2012-4964 (The Samsung printer firmware before 20121031 has a hardcoded ...)
	NOT-FOR-US: Samsung printer firmware
CVE-2012-4963
	RESERVED
CVE-2012-4962
	RESERVED
CVE-2012-4961
	RESERVED
CVE-2012-4960 (The Huawei NE5000E, MA5200G, NE40E, NE80E, ATN, NE40, NE80, NE20E-X6, ...)
	NOT-FOR-US: Huawei devices
CVE-2012-4959 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4958 (Directory traversal vulnerability in NFRAgent.exe in Novell File ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4957 (Absolute path traversal vulnerability in NFRAgent.exe in Novell File ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4956 (Heap-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
	NOT-FOR-US: Novell File Reporter
CVE-2012-4955 (Cross-site scripting (XSS) vulnerability in Dell OpenManage Server ...)
	NOT-FOR-US: Dell OpenManage SA
CVE-2012-4954 (The edit-profile page in Vanilla Forums before 2.1a32 allows remote ...)
	NOT-FOR-US: Vanilla Forums
CVE-2012-4953 (The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-4952 (Henry Schein Dentrix G5 before 15.1.294 has a single internal-database ...)
	NOT-FOR-US: Dentrix
CVE-2012-4951 (Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in ...)
	NOT-FOR-US: VeriFone VeriCentre Web Console
CVE-2012-4950 (Cross-site scripting (XSS) vulnerability in the Keyword Search page in ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4949 (SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote ...)
	NOT-FOR-US: ESRI ArcGIS
CVE-2012-4948 (The default configuration of Fortinet Fortigate UTM appliances uses ...)
	NOT-FOR-US: Fortinet Fortigate UTM applianced
CVE-2012-4947 (Agile FleetCommander and FleetCommander Kiosk before 4.08 store ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4946 (Agile FleetCommander and FleetCommander Kiosk before 4.08 use an XOR ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4945 (Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4944 (Multiple unrestricted file upload vulnerabilities in Agile ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4943 (Multiple cross-site request forgery (CSRF) vulnerabilities in Agile ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4942 (Multiple cross-site scripting (XSS) vulnerabilities in Agile ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4941 (Multiple SQL injection vulnerabilities in Agile FleetCommander and ...)
	NOT-FOR-US: FleetCommander
CVE-2012-4940 (Multiple directory traversal vulnerabilities in the View Log Files ...)
	NOT-FOR-US: Axigen Free Mail Server
CVE-2012-4939 (Cross-site scripting (XSS) vulnerability in IPAMSummaryView.aspx in ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-4938 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4937 (Session fixation vulnerability in the web interface in Pattern Insight ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4936 (The web interface in Pattern Insight 2.3 allows remote attackers to ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4935 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
	NOT-FOR-US: Pattern Insight
CVE-2012-4934 (TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled ...)
	NOT-FOR-US: TomatoCart
CVE-2012-4933 (The rtrlet web application in the Web Console in Novell ZENworks Asset ...)
	NOT-FOR-US: Novell ZENworks
CVE-2012-4932 (Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices ...)
	NOT-FOR-US: SimpleInvoices
CVE-2012-4931
	RESERVED
CVE-2012-4930 (The SPDY protocol 3 and earlier, as used in Mozilla Firefox, Google ...)
	- iceweasel <not-affected> (Firefox ESV not support SDPY)
	- chromium-browser 21.0.1180.57~r148591-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://www.imperialviolet.org/2012/09/21/crime.html
CVE-2012-4929 (The TLS protocol 1.2 and earlier, as used in Mozilla Firefox, Google ...)
	{DSA-3253-1 DSA-2627-1 DSA-2626-1 DSA-2579-1 DLA-400-1 DLA-0008-1}
	- iceweasel <not-affected> (Firefox ESV not use TLS/SSL compression)
	- chromium-browser 22.0.1229.94~r161065-1
	NOTE: Chromium fix: https://chromiumcodereview.appspot.com/10825183/
	[squeeze] - chromium-browser <end-of-life>
	- qt4-x11 4:4.8.2+dfsg-3
	- apache2 2.2.22-12 (bug #689936)
	- lighttpd 1.4.30-1 (bug #700399)
	- nginx 1.2.1-2.2 (bug #700426)
	[squeeze] - qt4-x11 <no-dsa> (Minor issue)
	- openssl 1.0.1e-5 (low; bug #728055)
	[wheezy] - openssl 1.0.1e-2+deb7u11
	[squeeze] - openssl 0.9.8o-4squeeze16
	NOTE: openssl redhat announcement https://rhn.redhat.com/errata/RHSA-2013-0587.html
	NOTE: openssl disables compression by default since dc5744cb78da6f2bcafeeefe22c604a51b52dfc5
	- pound 2.6-3 (bug #727197)
CVE-2012-4928 (Cross-site scripting (XSS) vulnerability in ow_updates/index.php in ...)
	NOT-FOR-US: Oxwall 1.1.1
CVE-2012-4927 (SQL injection vulnerability in Limesurvey (a.k.a PHPSurveyor) before ...)
	- limesurvey <itp> (bug #472802)
CVE-2012-4926 (approve.php in Img Pals Photo Host 1.0 does not authenticate requests, ...)
	NOT-FOR-US: Img Pals Photo Host 1.0
CVE-2012-4925 (Multiple SQL injection vulnerabilities in approve.php in Img Pals ...)
	NOT-FOR-US: Img Pals Photo Host 1.0
CVE-2012-4924 (Buffer overflow in the CxDbgPrint function in the ipswcom.dll ActiveX ...)
	NOT-FOR-US: ASUS Net4Switch
CVE-2012-4923 (Multiple cross-site scripting (XSS) vulnerabilities in Endian Firewall ...)
	NOT-FOR-US: Endian Firewall 2.4
CVE-2012-4922 (The tor_timegm function in common/util.c in Tor before 0.2.2.39, and ...)
	{DSA-2548-1}
	- tor 0.2.3.22-rc-1
CVE-2012-4921 (Multiple cross-site request forgery (CSRF) vulnerabilities in the DVS ...)
	NOT-FOR-US: WordPress plugin DVS Custom Notification
CVE-2012-4920 (Directory traversal vulnerability in the zing_forum_output function in ...)
	NOT-FOR-US: Wordpress plugin Zingiri Forum
CVE-2012-4919
	RESERVED
CVE-2012-4918 (Call of Duty Elite for iOS 2.0.1 does not properly validate the server ...)
	NOT-FOR-US: Call of Duty Elite for iOS
CVE-2012-4917 (The TripAdvisor app 6.6 for iOS sends cleartext credentials, which ...)
	NOT-FOR-US: The TripAdvisor app 6.6 for iOS
CVE-2012-4916
	RESERVED
CVE-2012-4915 (Directory traversal vulnerability in the Google Doc Embedder plugin ...)
	NOT-FOR-US: WordPress plugin Google Doc Embedder
CVE-2012-4914 (Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows ...)
	NOT-FOR-US: CoolPDF
CVE-2012-4913
	RESERVED
CVE-2012-4912 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-5188 (Cross-site scripting (XSS) vulnerability in the Support Timer module ...)
	NOT-FOR-US: Drupal module
CVE-2011-5183 (Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier ...)
	NOT-FOR-US: OrderSys
CVE-2011-5178 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Infoblox NetMRI
CVE-2011-5176 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5175 (SQL injection vulnerability in search.php in Banana Dance, possibly ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5174 (Buffer overflow in Intel Trusted Execution Technology (TXT) SINIT ...)
	NOT-FOR-US: Intel Trusted Execution Technology
CVE-2011-5173 (Buffer overflow in Bugbear Entertainment FlatOut 2005 allows ...)
	NOT-FOR-US: Bugbear Entertainment FlatOut 2005
CVE-2011-5172 (Stack-based buffer overflow in StoryBoard Quick 6 Build 3786, and ...)
	NOT-FOR-US: StoryBoard Quick 6 Build, StoryBoard Artist and StoryBoard Studio
CVE-2011-5171 (Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build ...)
	NOT-FOR-US: CyberLink Power2Go
CVE-2011-5170 (Stack-based buffer overflow in Castillo Bueno Systems CCMPlayer 1.5 ...)
	NOT-FOR-US: Castillo Bueno Systems CCMPlayer
CVE-2011-5169 (SQL injection vulnerability in ...)
	NOT-FOR-US: SonicWall ViewPoint
CVE-2011-5168 (SQL injection vulnerability in user.php in Banana Dance before B.1.5 ...)
	NOT-FOR-US: Banana Dance
CVE-2011-5167 (Heap-based buffer overflow in the SetDevNames method of the Tidestone ...)
	NOT-FOR-US: Oracle Hyperion Strategic Finance
CVE-2011-5166 (Multiple stack-based buffer overflows in KnFTP 1.0.0 allow remote ...)
	NOT-FOR-US: KnFTP
CVE-2011-5165 (Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and ...)
	NOT-FOR-US: Free MP3 CD Ripper
CVE-2011-5164 (Stack-based buffer overflow in VanDyke Software AbsoluteFTP 1.9.6 ...)
	NOT-FOR-US: VanDyke Software AbsoluteFTP
CVE-2011-5163 (Buffer overflow in an unspecified third-party component in the Batch ...)
	NOT-FOR-US: Schneider Electric CitectSCADA
CVE-2011-5162 (Stack-based buffer overflow in GOM Player 2.1.33.5071 allows ...)
	NOT-FOR-US: GOM Player
CVE-2012-4911
	REJECTED
CVE-2012-4910
	REJECTED
CVE-2012-4909 (Google Chrome before 18.0.1025308 on Android allows remote attackers ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4908 (Google Chrome before 18.0.1025308 on Android allows remote attackers ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4907 (Google Chrome before 18.0.1025308 on Android does not properly ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4906 (Google Chrome before 18.0.1025308 on Android does not properly ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4905 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4904 (Cross-application scripting vulnerability in Google Chrome before ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4903 (Google Chrome before 18.0.1025308 on Android does not properly ...)
	- chromium-browser <not-affected> (Chrome on Android)
CVE-2012-4902 (Multiple cross-site request forgery (CSRF) vulnerabilities in Template ...)
	NOT-FOR-US: Template CMS (http://template-cms.ru)
CVE-2012-4901 (Cross-site scripting (XSS) vulnerability in Template CMS 2.1.1 and ...)
	NOT-FOR-US: Template CMS (http://template-cms.ru)
CVE-2012-4900
	RESERVED
CVE-2012-4899 (WellinTech KingView 6.5.3 and earlier uses a weak password-hashing ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-4898 (Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a ...)
	NOT-FOR-US: Mesh OS
CVE-2012-4897 (Untrusted search path vulnerability in the installer in VMware Movie ...)
	NOT-FOR-US: VMware
CVE-2012-4896 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
	NOT-FOR-US: SumatraPDF
CVE-2012-4895 (Heap-based buffer overflow in SumatraPDF before 2.1 allows remote ...)
	NOT-FOR-US: SumatraPDF
CVE-2012-4894 (Google SketchUp before 8.0.14346 (aka 8 Maintenance 3) allows ...)
	NOT-FOR-US: Google SketchUp
CVE-2012-4893 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Webmin
CVE-2012-4892 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4891 (Cross-site scripting (XSS) vulnerability in fw/index2.do in ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2012-4890 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4889 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2012-4888
	RESERVED
CVE-2012-4887
	RESERVED
CVE-2012-4886 (Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 ...)
	NOT-FOR-US: WPS Office
CVE-2012-4885 (The wikitext parser in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
	- mediawiki 1:1.19.0-1 (low)
	[squeeze] - mediawiki <end-of-life>
CVE-2012-4884 (Argument injection vulnerability in Request Tracker (RT) 3.8.x before ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2011-5161 (Unrestricted file upload vulnerability in the patient photograph ...)
	NOT-FOR-US: OpenEMR
CVE-2011-5160 (Cross-site scripting (XSS) vulnerability in setup.php in OpenEMR 4 ...)
	NOT-FOR-US: OpenEMR
CVE-2011-5159 (Cross-site scripting (XSS) vulnerability in admin/configuration.php in ...)
	NOT-FOR-US: Geeklog
CVE-2012-4883 (Multiple untrusted search path vulnerabilities in 3DVIA Composer ...)
	NOT-FOR-US: 3DVIA Composer V6R2012
CVE-2012-4882 (Multiple untrusted search path vulnerabilities in 3D XML Player ...)
	NOT-FOR-US: 3D XML Player
CVE-2012-4881 (Untrusted search path vulnerability in moviEZ HD 1.0 Build ...)
	NOT-FOR-US: moviEZ
CVE-2012-4880 (Multiple untrusted search path vulnerabilities in DVD Architect Pro ...)
	NOT-FOR-US: DVD Architect Pro
CVE-2012-4879 (The Linux Console on the WAGO I/O System 758 model 758-870, 758-874, ...)
	NOT-FOR-US: WAGO I/O System 758
CVE-2012-4878 (Absolute path traversal vulnerability in controlcenter.php in FlatnuX ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4877 (Cross-site request forgery (CSRF) vulnerability in controlcenter.php ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2012-4876 (Stack-based buffer overflow in the UltraMJCam ActiveX Control in ...)
	NOT-FOR-US: TRENDnet SecurView TV-IP121WN Wireless Internet Camera
CVE-2012-4875 (** DISPUTED ** ...)
	- ghostscript <not-affected> (Even if it's genuine, it's Windows-code)
CVE-2012-4874 (Unspecified vulnerability in the Another WordPress Classifieds Plugin ...)
	NOT-FOR-US: Another WordPress Classifieds Plugin for Wordpress
CVE-2012-4873 (Cross-site scripting (XSS) vulnerability in the file_download function ...)
	NOT-FOR-US: GNUBoard
CVE-2012-4872 (Cross-site scripting (XSS) vulnerability in Tickets/Submit in Kayako ...)
	NOT-FOR-US: Kayako Fusion
CVE-2012-4871 (Cross-site scripting (XSS) vulnerability in service/graph_html.php in ...)
	NOT-FOR-US: LiteSpeed Web Server
CVE-2012-4870 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.9 and ...)
	NOT-FOR-US: FreePBX
CVE-2012-4869 (The callme_startcall function in recordings/misc/callme_page.php in ...)
	NOT-FOR-US: FreePBX
CVE-2012-4868 (SQL injection vulnerability in news.php in the Kunena component 1.7.2 ...)
	NOT-FOR-US: Kunena component for Joomla!
CVE-2012-4867 (Directory traversal vulnerability in ...)
	NOT-FOR-US: vtiger CRM
CVE-2012-4866 (Untrusted search path vulnerability in Xtreme RAT 3.5 allows local ...)
	NOT-FOR-US: Xtreme RAT
CVE-2012-4865 (Buffer overflow in Oreans Themida 2.1.8.0 allows remote attackers to ...)
	NOT-FOR-US: Oreans Themida
CVE-2012-4864 (Oreans WinLicense 2.1.8.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Oreans WinLicense
CVE-2012-4863
	RESERVED
CVE-2012-4862 (The Host Connect emulator in IBM Rational Developer for System z 7.1 ...)
	NOT-FOR-US: IBM Rational
CVE-2012-4861 (The web server in InfoSphere Data Replication Dashboard in IBM ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2012-4860
	RESERVED
CVE-2012-4859 (Unspecified vulnerability in IBM Tivoli Storage Manager for Space ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2012-4858 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4857 (Buffer overflow in IBM Informix 11.50 through 11.50.xC9W2 and 11.70 ...)
	NOT-FOR-US: IBM Informix
CVE-2012-4856 (The Service Processor in the IBM Power 5 91##-### and 940#-### before ...)
	NOT-FOR-US: IBM Power 5
CVE-2012-4855 (Unspecified vulnerability in the web services framework in IBM ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2012-4854
	RESERVED
CVE-2012-4853 (Cross-site request forgery (CSRF) vulnerability in IBM WebSphere ...)
	NOT-FOR-US: Websphere
CVE-2012-4852
	RESERVED
CVE-2012-4851 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
	NOT-FOR-US: Websphere
CVE-2012-4850 (IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, ...)
	NOT-FOR-US: Websphere
CVE-2012-4849
	RESERVED
CVE-2012-4848 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Foundations Start
CVE-2012-4847 (IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4846 (IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2012-4845 (The FTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, ...)
	NOT-FOR-US: AIX
CVE-2012-4844 (Cross-site scripting (XSS) vulnerability in the web server in IBM ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-4843
	RESERVED
CVE-2012-4842 (Open redirect vulnerability in the web server in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-4841 (Unspecified vulnerability in Tivoli Endpoint Manager for Remote ...)
	NOT-FOR-US: Tivoli
CVE-2012-4840 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4839 (The OSLC interface in the Web Client (aka CQ Web) in IBM Rational ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-4838 (IBM Flex System Chassis Management Module (CMM) and Integrated ...)
	NOT-FOR-US: IBM Flex
CVE-2012-4837 (IBM Cognos Business Intelligence (BI) 8.4.1 before IF1, 10.1 before ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4836 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4835 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-4834 (Directory traversal vulnerability in LayerLoader.jsp in the theme ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2012-4833 (fuser in IBM AIX 6.1 and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, does not ...)
	NOT-FOR-US: AIX
CVE-2012-4832 (Information Services Framework (ISF) in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2012-4831
	RESERVED
CVE-2012-4830 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 through ...)
	NOT-FOR-US: WebSphere
CVE-2012-4829 (IBM XIV Storage System Gen3 before 11.2 relies on a default X.509 v3 ...)
	NOT-FOR-US: IBM
CVE-2012-4828
	RESERVED
CVE-2012-4827
	RESERVED
CVE-2012-4826 (Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored ...)
	NOT-FOR-US: IBM DB2
CVE-2012-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-4824 (Open redirect vulnerability in servlet/traveler in IBM Lotus Notes ...)
	NOT-FOR-US: Lotus Notes
CVE-2012-4823 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4822 (Multiple unspecified vulnerabilities in the JRE component in IBM Java ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4821 (Multiple unspecified vulnerabilities in the JRE component in IBM Java ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4820 (Unspecified vulnerability in the JRE component in IBM Java 7 SR2 and ...)
	- openjdk-6 <not-affected> (Vulnerabilities specific to IBM Java)
	- openjdk-7 <not-affected> (Vulnerabilities specific to IBM Java)
CVE-2012-4819 (Cross-site scripting (XSS) vulnerability in InfoSphere Business ...)
	NOT-FOR-US: IBM InfoSphere
CVE-2012-4818
	RESERVED
CVE-2012-4817 (The NFSv4 client implementation in IBM AIX 5.3, 6.1, and 7.1, and VIOS ...)
	NOT-FOR-US: IBM AIX, VIOS
CVE-2012-4816 (IBM Rational Automation Framework (RAF) 3.x through 3.0.0.5 allows ...)
	NOT-FOR-US: IBM Rational Automation Framework
CVE-2012-4815
	RESERVED
CVE-2012-4814
	RESERVED
CVE-2012-4813
	REJECTED
CVE-2012-4812
	REJECTED
CVE-2012-4811
	REJECTED
CVE-2012-4810
	REJECTED
CVE-2012-4809
	REJECTED
CVE-2012-4808
	REJECTED
CVE-2012-4807
	REJECTED
CVE-2012-4806
	REJECTED
CVE-2012-4805
	REJECTED
CVE-2012-4804
	REJECTED
CVE-2012-4803
	REJECTED
CVE-2012-4802
	REJECTED
CVE-2012-4801
	REJECTED
CVE-2012-4800
	REJECTED
CVE-2012-4799
	REJECTED
CVE-2012-4798
	REJECTED
CVE-2012-4797
	REJECTED
CVE-2012-4796
	REJECTED
CVE-2012-4795
	REJECTED
CVE-2012-4794
	REJECTED
CVE-2012-4793
	REJECTED
CVE-2012-4792 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4791 (Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2012-4790
	REJECTED
CVE-2012-4789
	REJECTED
CVE-2012-4788
	REJECTED
CVE-2012-4787 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4786 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-4785
	REJECTED
CVE-2012-4784
	REJECTED
CVE-2012-4783
	REJECTED
CVE-2012-4782 (Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4781 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-4780
	REJECTED
CVE-2012-4779
	REJECTED
CVE-2012-4778
	REJECTED
CVE-2012-4777 (The code-optimization feature in the reflection implementation in ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-4776 (The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-4775 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-4774 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-4773 (Multiple cross-site request forgery (CSRF) vulnerabilities in Subrion ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-4772 (SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-4771 (Multiple cross-site scripting (XSS) vulnerabilities in Subrion CMS ...)
	NOT-FOR-US: Subrion CMS
CVE-2012-4770
	RESERVED
CVE-2012-4769
	RESERVED
CVE-2012-4768 (Cross-site scripting (XSS) vulnerability in the Download Monitor ...)
	NOT-FOR-US: Download Monitor plugin for WordPress
CVE-2012-4767
	RESERVED
CVE-2012-4766
	RESERVED
CVE-2012-4765
	RESERVED
CVE-2012-4764
	RESERVED
CVE-2012-4763
	RESERVED
CVE-2012-4762
	RESERVED
CVE-2012-4761
	RESERVED
CVE-2012-4760
	RESERVED
CVE-2011-5158 (Multiple untrusted search path vulnerabilities in the DMTGUI2.EXE and ...)
	NOT-FOR-US: DATEV Grundpaket Basis
CVE-2010-5274 (Untrusted search path vulnerability in PKZIP before 12.50.0014 allows ...)
	NOT-FOR-US: PKZIP
CVE-2010-5273 (Untrusted search path vulnerability in Altova DiffDog 2011 Enterprise ...)
	NOT-FOR-US: Altova DiffDog 2011 Enterprise
CVE-2010-5272 (Untrusted search path vulnerability in Altova DatabaseSpy 2011 ...)
	NOT-FOR-US: Altova DatabaseSpy 2011
CVE-2010-5271 (Untrusted search path vulnerability in Altova MapForce 2011 Enterprise ...)
	NOT-FOR-US: Altova MapForce 2011
CVE-2010-5270 (Multiple untrusted search path vulnerabilities in Adobe Device Central ...)
	NOT-FOR-US: Adobe Device Central
CVE-2010-5269 (Untrusted search path vulnerability in tbb.dll in Intel Threading ...)
	NOT-FOR-US: Intel Threading Building Blocks
CVE-2010-5268 (Untrusted search path vulnerability in Amazon Kindle for PC 1.3.0 ...)
	NOT-FOR-US: Amazon Kindle for PC
CVE-2010-5267 (Untrusted search path vulnerability in MunSoft Easy Office Recovery ...)
	NOT-FOR-US: MunSoft Easy Office Recovery
CVE-2010-5266 (Untrusted search path vulnerability in VideoCharge Studio 2.9.0.632 ...)
	NOT-FOR-US: VideoCharge Studio
CVE-2010-5265 (Untrusted search path vulnerability in SmartSniff 1.71 allows local ...)
	NOT-FOR-US: SmartSniff
CVE-2010-5264 (Untrusted search path vulnerability in the CExtDWM::CExtDWM method in ...)
	NOT-FOR-US: Prof-UIS
CVE-2010-5263 (Untrusted search path vulnerability in Sothink SWF Decompiler 6.0 ...)
	NOT-FOR-US: Sothink SWF Decompiler
CVE-2010-5262 (Multiple untrusted search path vulnerabilities in libmcl-5.4.0.dll in ...)
	NOT-FOR-US: Gromada Multimedia Conversion Library
CVE-2010-5261 (Untrusted search path vulnerability in SnowFox Total Video Converter ...)
	NOT-FOR-US: SnowFox Total Video Converter
CVE-2010-5260 (Untrusted search path vulnerability in Agrin All DVD Ripper 4.0 allows ...)
	NOT-FOR-US: Agrin All DVD Ripper
CVE-2010-5259 (Multiple untrusted search path vulnerabilities in IsoBuster 2.8 allow ...)
	NOT-FOR-US: IsoBuster
CVE-2010-5258 (Untrusted search path vulnerability in Adobe Audition 3.0 build 7283.0 ...)
	NOT-FOR-US: Adobe Audition
CVE-2010-5257 (Multiple untrusted search path vulnerabilities in ArchiCAD 13 and 14 ...)
	NOT-FOR-US: ArchiCAD
CVE-2010-5256 (Untrusted search path vulnerability in CDisplay 1.8.1 allows local ...)
	NOT-FOR-US: CDisplay
CVE-2010-5255 (Untrusted search path vulnerability in UltraISO 9.3.6.2750 allows ...)
	NOT-FOR-US: UltraISO
CVE-2010-5254 (Untrusted search path vulnerability in GFI Backup 3.1 Build 20100730 ...)
	NOT-FOR-US: GFI Backup
CVE-2010-5253 (Untrusted search path vulnerability in WinImage 8.50 allows local ...)
	NOT-FOR-US: WinImage
CVE-2010-5252 (Untrusted search path vulnerability in HTTrack 3.43-9 allows local ...)
	- httrack <not-affected> (Only affects Windows)
CVE-2010-5251 (Multiple untrusted search path vulnerabilities in IBM Lotus Notes 8.5 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-5250 (Untrusted search path vulnerability in the ...)
	NOT-FOR-US: Pthreads-win32
CVE-2010-5249 (Untrusted search path vulnerability in Sophos Free Encryption 2.40.1.1 ...)
	NOT-FOR-US: Sophos Free Encryption
CVE-2010-5248 (Untrusted search path vulnerability in UltraVNC 1.0.8.2 allows local ...)
	NOT-FOR-US: UltraVNC
CVE-2010-5247 (Untrusted search path vulnerability in QtWeb Browser 3.3 build 043 ...)
	NOT-FOR-US: QtWeb Browser
CVE-2010-5246 (Multiple untrusted search path vulnerabilities in Maxthon Browser ...)
	NOT-FOR-US: Maxthon Browser
CVE-2010-5245 (Untrusted search path vulnerability in PDF-XChange Viewer 2.0 Build ...)
	NOT-FOR-US: PDF-XChange Viewer
CVE-2010-5244 (Untrusted search path vulnerability in SiSoftware Sandra 2010 Lite ...)
	NOT-FOR-US: SiSoftware Sandra
CVE-2010-5243 (Multiple untrusted search path vulnerabilities in Cyberlink Power2Go ...)
	NOT-FOR-US: Cyberlink Power2Go
CVE-2010-5242 (Untrusted search path vulnerability in Sound Forge Pro 10.0b Build 474 ...)
	NOT-FOR-US: Sound Forge Pro
CVE-2010-5241 (Multiple untrusted search path vulnerabilities in Autodesk AutoCAD ...)
	NOT-FOR-US: Autodesk AutoCAD
CVE-2010-5240 (Multiple untrusted search path vulnerabilities in Corel PHOTO-PAINT ...)
	NOT-FOR-US: Corel PHOTO-PAINT and CorelDRAW
CVE-2010-5239 (Untrusted search path vulnerability in DAEMON Tools Lite 4.35.6.0091 ...)
	NOT-FOR-US: DAEMON Tools Lite and Pro Standard
CVE-2010-5238 (Untrusted search path vulnerability in CyberLink PowerDirector ...)
	NOT-FOR-US: CyberLink PowerDirector
CVE-2010-5237 (Untrusted search path vulnerability in CyberLink PowerDirector 7 ...)
	NOT-FOR-US: CyberLink PowerDirector
CVE-2010-5236 (Untrusted search path vulnerability in Roxio Easy Media Creator Home ...)
	NOT-FOR-US: Roxio Easy Media Creator Home
CVE-2010-5235 (Untrusted search path vulnerability in IZArc Archiver 4.1.2 allows ...)
	NOT-FOR-US: IZArc Archiver
CVE-2010-5234 (Multiple untrusted search path vulnerabilities in Camtasia Studio ...)
	NOT-FOR-US: Camtasia Studio
CVE-2010-5233 (Untrusted search path vulnerability in Virtual DJ 6.1.2 Trial b301 ...)
	NOT-FOR-US: Virtual DJ
CVE-2010-5232 (Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows ...)
	NOT-FOR-US: DivX Plus Player
CVE-2010-5231 (Untrusted search path vulnerability in DivX Player 7.2.019 allows ...)
	NOT-FOR-US: DivX Player
CVE-2010-5230 (Multiple untrusted search path vulnerabilities in MicroStation 7.1 ...)
	NOT-FOR-US: MicroStation
CVE-2010-5229 (Untrusted search path vulnerability in 010 Editor before 3.1.3 allows ...)
	NOT-FOR-US: 010 Editor
CVE-2010-5228 (Untrusted search path vulnerability in RealPlayer SP 1.1.5 12.0.0.879 ...)
	NOT-FOR-US: RealPlayer SP
CVE-2010-5227 (Untrusted search path vulnerability in Opera before 10.62 allows local ...)
	NOT-FOR-US: Opera
CVE-2010-5226 (Multiple untrusted search path vulnerabilities in Autodesk Design ...)
	NOT-FOR-US: Autodesk Design Review
CVE-2012-4759 (Untrusted search path vulnerability in facebook_plugin.fpi in the ...)
	NOT-FOR-US: Foxit Reader
CVE-2012-4758 (Multiple untrusted search path vulnerabilities in CyberLink ...)
	NOT-FOR-US: CyberLink PowerProducer
CVE-2012-4757 (Multiple untrusted search path vulnerabilities in CyberLink ...)
	NOT-FOR-US: CyberLink StreamAuthor
CVE-2012-4756 (Multiple untrusted search path vulnerabilities in CyberLink LabelPrint ...)
	NOT-FOR-US: CyberLink LabelPrint
CVE-2012-4755 (Untrusted search path vulnerability in SciTools Understand before 2.6 ...)
	NOT-FOR-US: SciTools Unterstand
CVE-2012-4754 (Multiple untrusted search path vulnerabilities in MindManager 2012 ...)
	NOT-FOR-US: MindManager
CVE-2011-5157 (Untrusted search path vulnerability in Attachmate Reflection before ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2011-5156 (Untrusted search path vulnerability in Effective File Search 6.7 ...)
	NOT-FOR-US: Effective File Search
CVE-2011-5155 (Untrusted search path vulnerability in Help &amp; Manual 5.5.1 Build 1296 ...)
	NOT-FOR-US: Help & Manual 5.5.1 Build
CVE-2011-5154 (Multiple untrusted search path vulnerabilities in (1) SAPGui.exe and ...)
	NOT-FOR-US: SAP GUI
CVE-2011-5153 (Untrusted search path vulnerability in FotoSlate 4.0 Build 146 allows ...)
	NOT-FOR-US: FotoSlate
CVE-2011-5152 (Multiple untrusted search path vulnerabilities in ACDSee Photo Editor ...)
	NOT-FOR-US: ACDSee Photo Editor
CVE-2011-5151 (Untrusted search path vulnerability in ACDSee Picture Frame Manager ...)
	NOT-FOR-US: ACDSee Picture Frame Manager
CVE-2010-5225 (Untrusted search path vulnerability in Babylon 8.1.0 r16 allows local ...)
	NOT-FOR-US: Babylon 8.1.0
CVE-2010-5224 (Untrusted search path vulnerability in Cool iPhone Ringtone Maker ...)
	NOT-FOR-US: Cool iPhone Ringtone Maker
CVE-2010-5223 (Multiple untrusted search path vulnerabilities in Phoenix Project ...)
	NOT-FOR-US: Phoenix Project Manager
CVE-2010-5222 (Untrusted search path vulnerability in Ease Jukebox 1.40 allows local ...)
	NOT-FOR-US: Ease Jukebox
CVE-2010-5221 (Untrusted search path vulnerability in STDU Explorer 1.0.201 allows ...)
	NOT-FOR-US: STDU Explorer
CVE-2010-5220 (Untrusted search path vulnerability in MEO Encryption Software 2.02 ...)
	NOT-FOR-US: MEO Encryption Software
CVE-2010-5219 (Untrusted search path vulnerability in SmartFTP 4.0.1140.0 allows ...)
	NOT-FOR-US: SmartFTP
CVE-2010-5218 (Untrusted search path vulnerability in Dupehunter 9.0.0.3911 allows ...)
	NOT-FOR-US: Dupehunter
CVE-2010-5217 (Multiple untrusted search path vulnerabilities in TuneUp Utilities ...)
	NOT-FOR-US: TuneUp Utilities
CVE-2010-5216 (Untrusted search path vulnerability in LINGO 11.0.1.6 and 12.0.2.20 ...)
	NOT-FOR-US: LINGO
CVE-2010-5215 (Multiple untrusted search path vulnerabilities in SWiSH Max3 3.0 ...)
	NOT-FOR-US: SWiSH Max3
CVE-2010-5214 (Untrusted search path vulnerability in Fotobook Editor 5.0 2.8.0.1 ...)
	NOT-FOR-US: Fotobook Editor
CVE-2010-5213 (Untrusted search path vulnerability in Adobe LiveCycle Designer ...)
	NOT-FOR-US: Adobe LiveCycle Designer
CVE-2010-5212 (Untrusted search path vulnerability in Adobe LiveCycle Designer ES2 ...)
	NOT-FOR-US: Adobe LiveCycle Designer ES2
CVE-2010-5211 (Untrusted search path vulnerability in ALSee 6.20.0.1 allows local ...)
	NOT-FOR-US: ALSee
CVE-2010-5210 (Untrusted search path vulnerability in Sorax Reader 2.0.3129.70 allows ...)
	NOT-FOR-US: Sorax Reader
CVE-2010-5209 (Multiple untrusted search path vulnerabilities in Nuance PDF Reader ...)
	NOT-FOR-US: Nuance PDF Reader
CVE-2010-5208 (Multiple untrusted search path vulnerabilities in the (1) ...)
	NOT-FOR-US: Kingsoft Office
CVE-2010-5207 (Multiple untrusted search path vulnerabilities in CelFrame Office 2008 ...)
	NOT-FOR-US: CelFrame Office
CVE-2010-5206 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...)
	NOT-FOR-US: ONE Office
CVE-2010-5205 (Multiple untrusted search path vulnerabilities in e-press ONE Office ...)
	NOT-FOR-US: ONE Office
CVE-2010-5204 (Multiple untrusted search path vulnerabilities in IBM Lotus Symphony ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2010-5203 (Multiple untrusted search path vulnerabilities in NCP Secure ...)
	NOT-FOR-US: NCP Secure Enterprise
CVE-2010-5202 (Untrusted search path vulnerability in JetAudio 8.0.7.1000 Basic ...)
	NOT-FOR-US: JetAudio
CVE-2010-5201 (Untrusted search path vulnerability in MAGIX Samplitude Producer 11 ...)
	NOT-FOR-US: MAGIX Samplitude Producer
CVE-2010-5200 (Untrusted search path vulnerability in KeePass Password Safe before ...)
	NOT-FOR-US: KeePass 1 (a Windows only program) is not in Debian, only KeePass 2 (multi-OS version of KeePass) and KeePassX (port/rewrite of KeePass)
CVE-2010-5199 (Untrusted search path vulnerability in PhotoImpact X3 13.00.0000.0 ...)
	NOT-FOR-US: PhotoImpact
CVE-2010-5198 (Multiple untrusted search path vulnerabilities in Intuit QuickBooks ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2010-5197 (Untrusted search path vulnerability in Pixia 4.70j allows local users ...)
	NOT-FOR-US: Pixia 4.70j
CVE-2010-5196 (Untrusted search path vulnerability in KeePass Password Safe before ...)
	- keepass2 <not-affected> (only affects Windows)
CVE-2010-5195 (Untrusted search path vulnerability in Roxio MyDVD 9 allows local ...)
	NOT-FOR-US: Roxio MyDVD 9
CVE-2012-4410
	REJECTED
CVE-2012-4753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
	NOTE: False assignment, will be rejected, see #688123
CVE-2012-4752 (appconfig.php in ownCloud before 4.0.6 does not properly restrict ...)
	- owncloud 4.0.7debian-1
	[wheezy] - owncloud 4.0.4debian2-2
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/05/17
CVE-2012-4751 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	- otrs2 3.1.7+dfsg1-6
	[squeeze] - otrs2 2.4.9+dfsg1-3+squeeze4
	NOTE: DSA-2733-1
CVE-2012-4750
	RESERVED
CVE-2012-4749
	RESERVED
CVE-2012-4748
	RESERVED
CVE-2011-3090 (Race condition in Google Chrome before 19.0.1084.46 allows remote ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-4746 (Cross-site request forgery (CSRF) vulnerability in accessaccount.cgi ...)
	NOT-FOR-US: ZTE ZXDSL
CVE-2012-4745 (Cross-site scripting (XSS) vulnerability in admin/login.asp in Acuity ...)
	NOT-FOR-US: Acuity CMS
CVE-2012-4744 (Cross-site scripting (XSS) vulnerability in ssearch.php in the Siche ...)
	NOT-FOR-US: Zeroboard
CVE-2012-4743 (Multiple SQL injection vulnerabilities in ssearch.php in Siche search ...)
	NOT-FOR-US: Zeroboard
CVE-2012-4742 (The web_node_register function in web.pm in PacketFence before 3.0.2 ...)
	NOT-FOR-US: PacketFence
CVE-2012-4741 (The RADIUS extension in PacketFence before 3.3.0 uses a different user ...)
	NOT-FOR-US: PacketFence
CVE-2012-4740 (Cross-site scripting (XSS) vulnerability in the captive portal in ...)
	NOT-FOR-US: PacketFence
CVE-2012-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda SSL ...)
	NOT-FOR-US: Barracuda SSL VPN
CVE-2012-4738
	RESERVED
CVE-2011-5150 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.07 ...)
	NOT-FOR-US: SpamTitan 5.07
CVE-2011-5149 (Multiple cross-site scripting (XSS) vulnerabilities in SpamTitan 5.08 ...)
	NOT-FOR-US: SpamTitan 5.08
CVE-2011-5148 (Multiple incomplete blacklist vulnerabilities in the Simple File ...)
	NOT-FOR-US: Simple File Upload
CVE-2011-5147 (Static code injection vulnerability in ajax_save_name.php in the Ajax ...)
	NOT-FOR-US: tinymce plugin
CVE-2011-5145 (Multiple SQL injection vulnerabilities in Open Business Management ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5144 (Open Business Management (OBM) 2.4.0-rc13 and earlier allows remote ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5143 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5142 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5141 (Directory traversal vulnerability in exportcsv/exportcsv_index.php in ...)
	NOT-FOR-US: Open Business Management
CVE-2011-5140 (Multiple SQL injection vulnerabilities in the blog module 1.0 for ...)
	NOT-FOR-US: DIY CMS
CVE-2011-5139 (SQL injection vulnerability in page.php in Pre Studio Business Cards ...)
	NOT-FOR-US: Pre Studio Business Cards Designer
CVE-2011-5138 (Cross-site scripting (XSS) vulnerability in member.php in tForum ...)
	NOT-FOR-US: tForum
CVE-2011-5137 (Multiple SQL injection vulnerabilities in tForum b0.915 allow remote ...)
	NOT-FOR-US: tForum
CVE-2010-5194 (Stack-based buffer overflow in the Image2PDF function in the ...)
	NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2010-5193 (Stack-based buffer overflow in the TIFMergeMultiFiles function in the ...)
	NOT-FOR-US: Viscom Image Viewer CP Pro
CVE-2012-4736 (The Device Encryption Client component in Sophos SafeGuard Enterprise ...)
	NOT-FOR-US: Sophos SafeGuard Enterprise
CVE-2012-4735
	REJECTED
CVE-2012-4734 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4733 (Request Tracker (RT) 4.x before 4.0.13 does not properly enforce the ...)
	{DSA-2671-1}
	- request-tracker4 4.0.12-2 (bug #709836)
CVE-2012-4732 (Cross-site request forgery (CSRF) vulnerability in Request Tracker ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4731 (FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly ...)
	{DSA-2568-1}
	- rtfm <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4730 (Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows ...)
	{DSA-2567-1}
	- request-tracker3.8 <removed>
	- request-tracker4 4.0.7-2
CVE-2012-4729 (Wing FTP Server before 4.1.1 allows remote authenticated users to ...)
	NOT-FOR-US: Wing FTP Server
CVE-2012-4728 (The (1) QProGetNotebookWindowHandle and (2) Ordinal132 functions in ...)
	NOT-FOR-US: Corel Quattro Pro
CVE-2012-4727
	RESERVED
CVE-2012-4726
	REJECTED
CVE-2012-4725
	REJECTED
CVE-2012-4724
	REJECTED
CVE-2012-4723
	REJECTED
CVE-2012-4722
	REJECTED
CVE-2012-4721
	REJECTED
CVE-2012-4720
	REJECTED
CVE-2012-4719
	REJECTED
CVE-2012-4718
	REJECTED
CVE-2012-4717
	REJECTED
CVE-2012-4716 (N-Tron 702-W Industrial Wireless Access Point devices use the same (1) ...)
	NOT-FOR-US: N-Tron 702-W Industrial Wireless Access Point
CVE-2012-4715 (Buffer overflow in LogReceiver.exe in Rockwell Automation RSLinx ...)
	NOT-FOR-US: Rockwell Automation RSLinx Enterprise
CVE-2012-4714 (Integer overflow in RNADiagnostics.dll in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2012-4713 (Integer signedness error in RNADiagnostics.dll in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Services Platform
CVE-2012-4712 (Moxa EDR-G903 series routers with firmware before 2.11 have a ...)
	NOT-FOR-US: Moxa EDR-G903
CVE-2012-4711 (Buffer overflow in kingMess.exe 65.20.2003.10300 in WellinTech ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-4710 (Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote ...)
	NOT-FOR-US: Invensys Wonderware Win-XML Exporter
CVE-2012-4709 (Invensys Wonderware InTouch HMI 2012 R2 and earlier allows remote ...)
	NOT-FOR-US: Invensys
CVE-2012-4708 (Stack-based buffer overflow in 3S CODESYS Gateway-Server before ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4707 (3S CODESYS Gateway-Server before 2.3.9.27 allows remote attackers to ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4706 (Integer signedness error in 3S CODESYS Gateway-Server before 2.3.9.27 ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4705 (Directory traversal vulnerability in 3S CODESYS Gateway-Server before ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4704 (Array index error in 3S CODESYS Gateway-Server before 2.3.9.27 allows ...)
	NOT-FOR-US: 3S CODESYS Gateway-Server
CVE-2012-4703 (The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2012-4702 (360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a ...)
	NOT-FOR-US: 360 Systems Maxx, Image Server Maxx, and Image Server
CVE-2012-4701 (Directory traversal vulnerability in Tridium Niagara AX 3.5, 3.6, and ...)
	NOT-FOR-US: Tridium Niagara
CVE-2012-4700 (Multiple buffer overflows in an ActiveX control in PE3DO32A.ocx in ...)
	NOT-FOR-US: IntegraXor SCADA Server
CVE-2012-4699
	REJECTED
CVE-2012-4698 (Siemens RuggedCom Rugged Operating System (ROS) before 3.12, ROX I OS ...)
	NOT-FOR-US: Siemens RuggedCom Rugged Operating System
CVE-2012-4697 (TURCK BL20 Programmable Gateway and BL67 Programmable Gateway have ...)
	NOT-FOR-US: TURCK Programmable Gateway
CVE-2012-4696 (Buffer overflow in Beijer ADP 6.5.0-180_R1967 and 6.5.1-186_R2942, and ...)
	NOT-FOR-US: Beijer
CVE-2012-4695 (LogReceiver.exe in Rockwell Automation RSLinx Enterprise CPR9, ...)
	NOT-FOR-US: Rockwell Automation RSLinx Enterprise
CVE-2012-4694 (Moxa EDR-G903 series routers with firmware before 2.11 do not use a ...)
	NOT-FOR-US: Moxa EDR-G903
CVE-2012-4693 (Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ...)
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2012-4692
	REJECTED
CVE-2012-4691 (Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2012-4690 (Rockwell Automation Allen-Bradley MicroLogix controller 1100, 1200, ...)
	NOT-FOR-US: Rockwell
CVE-2012-4689 (Integer overflow in CimWebServer.exe in GE Intelligent Platforms ...)
	NOT-FOR-US: Proficy
CVE-2012-4688 (The Central application in i-GEN opLYNX before 2.01.9 allows remote ...)
	NOT-FOR-US: Central application in i-GEN opLYNX
CVE-2012-4687 (Post Oak AWAM Bluetooth Reader Traffic System does not use a ...)
	NOT-FOR-US: Post Oak
CVE-2012-4686 (SQL injection vulnerability in announcement.php in vBulletin 4.1.10 ...)
	NOT-FOR-US: vBulletin
CVE-2012-4685 (Cross-site scripting (XSS) vulnerability in Arbor Networks Peakflow SP ...)
	NOT-FOR-US: Arbor Networks Peakflow SP
CVE-2012-4684 (The alert functionality in bitcoind and Bitcoin-Qt before 0.7.0 ...)
	- bitcoin 0.7.2-1
CVE-2012-4683 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...)
	- bitcoin 0.7.2-1 (bug #688813)
CVE-2012-4682 (Unspecified vulnerability in bitcoind and Bitcoin-Qt allows attackers ...)
	- bitcoin 0.7.2-1 (bug #688813)
CVE-2011-5136 (showImg.php in EPractize Labs Subscription Manager, possibly 1.0, ...)
	NOT-FOR-US: EPractize Labs Subscription Manager
CVE-2011-5135 (Multiple SQL injection vulnerabilities in the save_connection function ...)
	NOT-FOR-US: DoceboLMS
CVE-2011-5134 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: JCE component for Joomla!
CVE-2011-5133 (Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and ...)
	NOT-FOR-US: MyBB
CVE-2011-5132 (Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows ...)
	NOT-FOR-US: MyBB
CVE-2011-5131 (Cross-site request forgery (CSRF) vulnerability in global.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2011-5130 (dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when ...)
	NOT-FOR-US: Family Connections CMS
CVE-2011-5129 (Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote ...)
	- xchat <unfixed> (unimportant; bug #686454)
CVE-2011-5128 (Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize ...)
	NOT-FOR-US: Adminimize plugin for Wordpress
CVE-2012-4737 (channels/chan_iax2.c in Asterisk Open Source 1.8.x before 1.8.15.1 and ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-XXXX
	- juju 0.5.1-2 (bug #685728)
CVE-2012-4681 (Multiple vulnerabilities in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.2-1
	- openjdk-6 <not-affected>
CVE-2012-4680 (Directory traversal vulnerability in the XML Server in IOServer before ...)
	NOT-FOR-US: IOServer
CVE-2012-4679 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
	- newscoop <itp> (bug #604113)
CVE-2012-4678 (munin-cgi-graph for Munin 2.0 rc4 does not delete temporary files, ...)
	- munin 2.0~rc6-1 (low; bug #668667)
	[squeeze] - munin <not-affected> (Only affects 2.x branch)
CVE-2012-4677 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-4676 (The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-4675 (Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote ...)
	NOT-FOR-US: PluXml
CVE-2012-4674 (PluXml before 5.1.6 allows remote attackers to obtain the installation ...)
	NOT-FOR-US: PluXml
CVE-2012-4673 (SQL injection vulnerability in application/controllers/invoice.php in ...)
	NOT-FOR-US: Neoinvoice
CVE-2012-4672 (Apple iChat Server does not verify that a request was made for an XMPP ...)
	NOT-FOR-US: Apple iChat Server
CVE-2012-4671 (psyced before 20120821 does not verify that a request was made for an ...)
	NOT-FOR-US: psyced
CVE-2012-4670 (Tigase XMPP Server before 5.1.0 does not verify that a request was ...)
	NOT-FOR-US: Tigase
CVE-2012-4669 (M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify ...)
	NOT-FOR-US: M-Link
CVE-2012-4666
	RESERVED
CVE-2012-4665
	RESERVED
CVE-2012-4664
	RESERVED
CVE-2012-4663 (The DCERPC inspection engine on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco
CVE-2012-4662 (The DCERPC inspection engine on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco
CVE-2012-4661 (Stack-based buffer overflow in the DCERPC inspection engine on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-4660 (The SIP inspection engine on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2012-4659 (The AAA functionality in the IPv4 SSL VPN implementations on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-4658 (The ios-authproxy implementation in Cisco IOS before 15.1(1)SY3 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4657
	RESERVED
CVE-2012-4656
	RESERVED
CVE-2012-4655 (The WebLaunch feature in Cisco Secure Desktop before 3.6.6020 does not ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2012-4654
	RESERVED
CVE-2012-4653
	RESERVED
CVE-2012-4652
	RESERVED
CVE-2012-4651 (Cisco IOS before 15.3(2)T, when scansafe is enabled, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4650
	RESERVED
CVE-2012-4649
	RESERVED
CVE-2012-4648
	RESERVED
CVE-2012-4647
	RESERVED
CVE-2012-4646
	RESERVED
CVE-2012-4645
	RESERVED
CVE-2012-4644
	RESERVED
CVE-2012-4643 (The DHCP server on Cisco Adaptive Security Appliances (ASA) 5500 ...)
	NOT-FOR-US: Cisco
CVE-2012-4642
	RESERVED
CVE-2012-4641
	RESERVED
CVE-2012-4640
	RESERVED
CVE-2012-4639
	RESERVED
CVE-2012-4638 (Cisco IOS before 15.1(1)SY allows local users to cause a denial of ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4637
	RESERVED
CVE-2012-4636
	RESERVED
CVE-2012-4635
	RESERVED
CVE-2012-4634
	RESERVED
CVE-2012-4633
	RESERVED
CVE-2012-4632
	RESERVED
CVE-2012-4631
	RESERVED
CVE-2012-4630
	RESERVED
CVE-2012-4629 (The Cisco ASA-CX Context-Aware Security module before 9.0.2-103 for ...)
	NOT-FOR-US: Cisco ASA
CVE-2012-4628
	RESERVED
CVE-2012-4627
	RESERVED
CVE-2012-4626
	RESERVED
CVE-2012-4625
	RESERVED
CVE-2012-4624
	RESERVED
CVE-2012-4623 (The DHCPv6 server in Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4622 (Cisco IOS XE 03.02.00.XO.15.0(2)XO on Catalyst 4500E series switches, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4621 (The Device Sensor feature in Cisco IOS 15.0 through 15.2 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4620 (Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4619 (The NAT implementation in Cisco IOS 12.2, 12.4, and 15.0 through 15.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4618 (The SIP ALG feature in the NAT implementation in Cisco IOS 12.2, 12.4, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4617 (The BGP implementation in Cisco IOS 15.2, IOS XE 3.5.xS before 3.5.2S, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-4616 (Directory traversal vulnerability in the Web UI in EMC Data Protection ...)
	NOT-FOR-US: EMC Data Protection Advisor
CVE-2012-4615 (EMC Smarts Network Configuration Manager (NCM) before 9.1 uses a ...)
	NOT-FOR-US: EMC
CVE-2012-4614 (The default configuration of EMC Smarts Network Configuration Manager ...)
	NOT-FOR-US: EMC
CVE-2012-4613 (EMC RSA Data Protection Manager Appliance 2.7.x and 3.x before 3.2.1 ...)
	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
CVE-2012-4612 (Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection ...)
	NOT-FOR-US: EMC RSA Data Protection Manager Appliance
CVE-2012-4611 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
	NOT-FOR-US: EMC
CVE-2012-4610 (EMC Avamar Client for VMware 6.1 stores the cleartext server root ...)
	NOT-FOR-US: VMware
CVE-2012-4609 (The web interface in EMC RSA NetWitness Informer before 2.0.5.6 allows ...)
	NOT-FOR-US: EMC RSA NetWitness Informer
CVE-2012-4608 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
	NOT-FOR-US: EMC RSA NetWitness Informer
CVE-2012-4607 (Buffer overflow in nsrindexd in EMC NetWorker 7.5.x and 7.6.x before ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-5127 (Directory traversal vulnerability in Blue Coat Reporter 9.x before ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5126 (Blue Coat ProxySG 6.1 before SGOS 6.1.5.1 and 6.2 before SGOS 6.2.2.1 ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5125 (Cross-site scripting (XSS) vulnerability in Blue Coat Director before ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5124 (Stack-based buffer overflow in the BCAAA component before build 60258, ...)
	NOT-FOR-US: Blue Coat
CVE-2011-5123 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5122 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5121 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5120 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5119 (Multiple race conditions in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2011-5118 (Multiple race conditions in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5192 (Cross-site scripting (XSS) vulnerability in the Java Management ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5191 (Multiple cross-site request forgery (CSRF) vulnerabilities on the Blue ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5190 (The Active Content Transformation functionality in Blue Coat ProxySG ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5189 (Blue Coat ProxySG before SGOS 4.3.4.1, 5.x before SGOS 5.4.5.1, 5.5 ...)
	NOT-FOR-US: Blue Coat
CVE-2010-5188 (SilverStripe 2.3.x before 2.3.6 allows remote attackers to obtain ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-5187 (SilverStripe 2.3.x before 2.3.8 and 2.4.x before 2.4.1, when running ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-5186 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5185 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5184 (** DISPUTED ** Race condition in ZoneAlarm Extreme Security ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5183 (** DISPUTED ** Race condition in Webroot Internet Security Essentials ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5182 (** DISPUTED ** Race condition in VirusBuster Internet Security Suite ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5181 (** DISPUTED ** Race condition in VIPRE Antivirus Premium 4.0.3272 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5180 (** DISPUTED ** Race condition in VBA32 Personal 3.12.12.4 on Windows ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5179 (** DISPUTED ** Race condition in Trend Micro Internet Security Pro ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5178 (** DISPUTED ** Race condition in ThreatFire 4.7.0.17 on Windows XP ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5177 (** DISPUTED ** Race condition in Sophos Endpoint Security and Control ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5176 (** DISPUTED ** Race condition in Security Shield 2010 13.0.16.313 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5175 (** DISPUTED ** Race condition in PrivateFirewall 7.0.20.37 on Windows ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5174 (** DISPUTED ** Race condition in Prevx 3.0.5.143 on Windows XP allows ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5173 (** DISPUTED ** Race condition in PC Tools Firewall Plus 6.0.0.88 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5172 (** DISPUTED ** Race condition in Panda Internet Security 2010 15.01.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5171 (** DISPUTED ** Race condition in Outpost Security Suite Pro ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5170 (** DISPUTED ** Race condition in Online Solutions Security Suite ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5169 (** DISPUTED ** Race condition in Online Armor Premium 4.0.0.35 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5168 (** DISPUTED ** Race condition in Symantec Norton Internet Security ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5167 (** DISPUTED ** Race condition in Norman Security Suite PRO 8.0 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5166 (** DISPUTED ** Race condition in McAfee Total Protection 2010 10.0.580 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5165 (** DISPUTED ** Race condition in Malware Defender 2.6.0 on Windows XP ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5164 (** DISPUTED ** Race condition in KingSoft Personal Firewall 9 Plus ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5163 (** DISPUTED ** Race condition in Kaspersky Internet Security 2010 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5162 (** DISPUTED ** Race condition in G DATA TotalCare 2010 on Windows XP ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5161 (** DISPUTED ** Race condition in F-Secure Internet Security 2010 10.00 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5160 (** DISPUTED ** Race condition in ESET Smart Security 4.2.35.3 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5159 (** DISPUTED ** Race condition in Dr.Web Security Space Pro 6.0.0.03100 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5158 (** DISPUTED ** Race condition in DefenseWall Personal Firewall 3.00 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5157 (Race condition in Comodo Internet Security before 4.1.149672.916 on ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2010-5156 (** DISPUTED ** Race condition in CA Internet Security Suite Plus 2010 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5155 (** DISPUTED ** Race condition in Blink Professional 4.6.1 on Windows ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5154 (** DISPUTED ** Race condition in BitDefender Total Security 2010 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5153 (** DISPUTED ** Race condition in Avira Premium Security Suite ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5152 (** DISPUTED ** Race condition in AVG Internet Security 9.0.791 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5151 (** DISPUTED ** Race condition in avast! Internet Security 5.0.462 on ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2010-5150 (** DISPUTED ** Race condition in 3D EQSecure Professional Edition 4.2 ...)
	NOT-FOR-US: Anti virus snake oil
CVE-2009-5132 (The Filtering Service in Websense Web Security and Web Filter before ...)
	NOT-FOR-US: Websense
CVE-2009-5131 (The Receive Service in Websense Email Security before 7.1 does not ...)
	NOT-FOR-US: Websense
CVE-2009-5130 (The Rules Service in Websense Email Security before 7.1 allows remote ...)
	NOT-FOR-US: Websense
CVE-2009-5129 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: Websense
CVE-2009-5128 (The Websense V10000 appliance before 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: Websense
CVE-2009-5127 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5126 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5125 (Comodo Internet Security before 3.9.95478.509 allows remote attackers ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5124 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2009-5123 (The Antivirus component in Comodo Internet Security before ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2012-4667 (Multiple cross-site scripting (XSS) vulnerabilities in SquidClamav 5.x ...)
	- squidclamav <removed> (bug #685398)
CVE-2012-4606
	RESERVED
CVE-2011-5117 (Sophos SafeGuard Enterprise Device Encryption 5.x through 5.50.8.13, ...)
	NOT-FOR-US: Sophos SafeGuard
CVE-2011-5116 (SQL injection vulnerability in setseed-hub in SetSeed CMS 5.8.20, ...)
	NOT-FOR-US: SetSeed CMS
CVE-2011-5115 (Cross-site scripting (XSS) vulnerability in DLGuard, possibly 4.6 and ...)
	NOT-FOR-US: DLguard
CVE-2011-5114 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: DLguard
CVE-2011-5113 (SQL injection vulnerability in frontend/models/techfoliodetail.php in ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5112 (SQL injection vulnerability in Alameda (com_alameda) component before ...)
	NOT-FOR-US: Joomla addon
CVE-2011-5111 (Multiple SQL injection vulnerabilities in Kajian Website CMS Balitbang ...)
	NOT-FOR-US: Kajian Website CMS
CVE-2011-5110 (Multiple SQL injection vulnerabilities in Blogs Manager 1.101 and ...)
	NOT-FOR-US: Blogs Manager
CVE-2011-5109 (Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and ...)
	NOT-FOR-US: Freelancer calendar
CVE-2011-5108 (Cross-site scripting (XSS) vulnerability in config.php in AdaptCMS ...)
	NOT-FOR-US: AdaptCMS
CVE-2011-5107 (Cross-site scripting (XSS) vulnerability in post_alert.php in Alert ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5106 (Cross-site scripting (XSS) vulnerability in edit-post.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5105 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ZOHO ManageEngine ADSelfService Plus
CVE-2011-5104 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5103 (SQL injection vulnerability in Alurian Prismotube PHP Video Script ...)
	NOT-FOR-US: Alurian Prismotube PHP Video Script
CVE-2012-4605 (The default configuration of the SMTP component in Websense Email ...)
	NOT-FOR-US: Websense Email Security
CVE-2012-4604 (The TRITON management console in Websense Web Security before 7.6 ...)
	NOT-FOR-US: Websense Web Security
CVE-2012-4603
	RESERVED
CVE-2012-4602 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Nicola Asuni TCExam
CVE-2012-4601 (Multiple SQL injection vulnerabilities in Nicola Asuni TCExam before ...)
	NOT-FOR-US: Nicola Asuni TCExam
CVE-2012-4600 (Cross-site scripting (XSS) vulnerability in Open Ticket Request System ...)
	{DSA-2536-1}
	- otrs2 3.1.7+dfsg1-5
CVE-2011-5102 (The Investigative Reports web interface in the TRITON management ...)
	NOT-FOR-US: Websense
CVE-2010-5149 (Websense Web Security and Web Filter before 6.3.3 Hotfix 27 and 7.x ...)
	NOT-FOR-US: Websense
CVE-2010-5148 (Websense Web Security and Web Filter before 7.1 Hotfix 21 do not set ...)
	NOT-FOR-US: Websense
CVE-2010-5147 (The Remote Filtering component in Websense Web Security and Web Filter ...)
	NOT-FOR-US: Websense
CVE-2010-5146 (The Remote Filtering component in Websense Web Security and Web Filter ...)
	NOT-FOR-US: Websense
CVE-2010-5145 (The Filtering Service in Websense Web Security and Web Filter before ...)
	NOT-FOR-US: Websense
CVE-2010-5144 (The ISAPI Filter plug-in in Websense Enterprise, Websense Web ...)
	NOT-FOR-US: Websense
CVE-2009-5122 (The Personal Email Manager component in Websense Email Security before ...)
	NOT-FOR-US: Websense
CVE-2009-5121 (Websense Email Security 7.1 before Hotfix 4 allows remote attackers to ...)
	NOT-FOR-US: Websense
CVE-2009-5120 (The default configuration of Apache Tomcat in Websense Manager in ...)
	NOT-FOR-US: Websense
CVE-2009-5119 (The default configuration of Apache Tomcat in Websense Manager in ...)
	NOT-FOR-US: Websense
CVE-2008-7313 (The _httpsrequest function in Snoopy allows remote attackers to ...)
	{DSA-3248-1 DLA-357-1}
	- libphp-snoopy 2.0.0-1 (bug #778634)
	NOTE: additional commit missing, so fix for CVE-2008-4796 was incomplete
	NOTE: http://snoopy.cvs.sourceforge.net/viewvc/snoopy/Snoopy/Snoopy.class.php?view=log#rev1.27
CVE-2008-7312 (The Filtering Service in Websense Enterprise 5.2 through 6.3 does not ...)
	NOT-FOR-US: Websense
CVE-2012-4599 (McAfee SmartFilter Administration, and SmartFilter Administration Bess ...)
	NOT-FOR-US: McAfee SmartFilter Administration
CVE-2012-4598 (An unspecified ActiveX control in McAfee Virtual Technician (MVT) ...)
	NOT-FOR-US: McAfee Virtual Technician
CVE-2012-4597 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4596 (Directory traversal vulnerability in McAfee Email Gateway (MEG) 7.0.0 ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2012-4595 (McAfee Email and Web Security (EWS) 5.5 through Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4594 (McAfee ePolicy Orchestrator (ePO) 4.6.1 and earlier allows remote ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2012-4593 (McAfee Application Control and Change Control 5.1.x and 6.0.0 do not ...)
	NOT-FOR-US: McAfee Application Control and Change Control
CVE-2012-4592 (The Portal in McAfee Enterprise Mobility Manager (EMM) before 10.0 ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4591 (About.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4590 (Multiple cross-site scripting (XSS) vulnerabilities in About.aspx in ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4589 (Login.aspx in the Portal in McAfee Enterprise Mobility Manager (EMM) ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4588 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4587 (McAfee Enterprise Mobility Manager (EMM) Agent before 4.8 and Server ...)
	NOT-FOR-US: McAfee Enterprise Mobility Manager
CVE-2012-4586 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4585 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4584 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4583 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4582 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4581 (McAfee Email and Web Security (EWS) 5.x before 5.5 Patch 6 and 5.6 ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4580 (Cross-site scripting (XSS) vulnerability in McAfee Email and Web ...)
	NOT-FOR-US: McAfee Email and Web Security
CVE-2012-4579 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:3.4.11.1-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2012-4578 (The geli encryption provider 7 before r239184 on FreeBSD 10 uses a ...)
	- freebsd-utils <not-affected> (only affects dev version of 10)
	NOTE: not sure if the bug is in the userland tool or in the kernel device
CVE-2012-4577 (The Linux firmware image on (1) Korenix Jetport 5600 series ...)
	NOT-FOR-US: Korenix Jetport 5600
CVE-2012-4576 [freebsd privilege escalation]
	RESERVED
	- kfreebsd-8 8.3-6 (bug #694096)
	- kfreebsd-9 9.0-9 (bug #694097)
	- kfreebsd-10 10.0~svn252032-1 (bug #694098)
	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze4
CVE-2012-4575 (The add_database function in objects.c in the pgbouncer pooler 1.5.2 ...)
	- pgbouncer 1.5.2-4
	[squeeze] - pgbouncer <no-dsa> (Minor issue)
CVE-2012-4574 (Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-4573 (The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex ...)
	- glance 2012.1.1-2 (bug #692641)
CVE-2012-4572 (Red Hat JBoss Enterprise Application Platform (EAP) before 6.1.0 and ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-4571 (Python Keyring 0.9.1 does not securely initialize the cipher when ...)
	- python-keyring 0.9.2-1 (bug #675379)
	[wheezy] - python-keyring 0.7.1-1+deb7u1
	[squeeze] - python-keyring <no-dsa> (Minor issue)
CVE-2012-4570 (SQL injection vulnerability in LetoDMS_Core/Core/inc.ClassDMS.php in ...)
	- php-letodms-core 3.3.8-1
CVE-2012-4569 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- letodms 3.3.9+dfsg-1
CVE-2012-4568 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...)
	- letodms 3.3.9+dfsg-1
CVE-2012-4567 (Multiple cross-site scripting (XSS) vulnerabilities in LetoDMS ...)
	- letodms 3.3.9+dfsg-1
CVE-2012-4566 (The DTLS support in radsecproxy before 1.6.2 does not properly verify ...)
	{DSA-2573-1}
	- radsecproxy 1.6.2-1
CVE-2012-4565 (The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux ...)
	- linux 3.2.35-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4564 (ppm2tiff does not check the return value of the TIFFScanlineSize ...)
	{DSA-2575-1}
	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
	- tiff 4.0.2-5 (bug #692345)
CVE-2012-4563 (Cross-site scripting (XSS) vulnerability in Google Web Toolkit (GWT) ...)
	- gwt <removed> (bug #691900)
	[squeeze] - gwt <not-affected> (Vulnerable code not present)
CVE-2012-4562 (Multiple integer overflows in libssh before 0.5.3 allow remote ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
CVE-2012-4561 (The (1) publickey_make_dss, (2) publickey_make_rsa, (3) ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
CVE-2012-4560 (Multiple buffer overflows in libssh before 0.5.3 allow remote ...)
	- libssh 0.5.3-1
	[squeeze] - libssh <not-affected> (Vulnerable code not present)
CVE-2012-4559 (Multiple double free vulnerabilities in the (1) agent_sign_data ...)
	{DSA-2577-1}
	- libssh 0.5.3-1
CVE-2012-4558 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	{DSA-2637-1}
	- apache2 2.2.22-13 (low)
CVE-2012-4557 (The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through ...)
	{DSA-2579-1}
	- apache2 2.2.22-1
CVE-2012-4556 (The token processing system (pki-tps) in Red Hat Certificate System ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-4555 (The token processing system (pki-tps) in Red Hat Certificate System ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-4554 (The OpenID module in Drupal 7.x before 7.16 allows remote OpenID ...)
	- drupal7 7.14-1.1 (bug #690817)
	- drupal6 <not-affected> (according to upstream)
	NOTE: http://drupal.org/node/1815912
CVE-2012-4553 (Drupal 7.x before 7.16 allows remote attackers to obtain sensitive ...)
	- drupal7 7.14-1.1 (bug #690817)
	- drupal6 <not-affected> (according to upstream)
	NOTE: http://drupal.org/node/1815912
CVE-2012-4552 (Stack-based buffer overflow in the error function in ssg/ssgParser.cxx ...)
	- plib 1.8.5-6 (low; bug #694810)
	[squeeze] - plib <no-dsa> (Minor issue)
CVE-2012-4551 (Use-after-free vulnerability in libunity-webapps before 2.4.1 allows ...)
	NOT-FOR-US: libunity-webapps
CVE-2012-4550 (JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4549 (The processInvocation function in ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4548 (Argument injection vulnerability in syntax-highlighting.sh in cgit ...)
	- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2012-4547 (Unspecified vulnerability in awredir.pl in AWStats before 7.1 has ...)
	- awstats <not-affected>
	NOTE: awredir.pl is not installed into the binary package
CVE-2012-4546 (The default configuration for IPA servers in Red Hat Enterprise Linux ...)
	NOT-FOR-US: FreeIPA
CVE-2012-4545 (The http_negotiate_create_context function in ...)
	{DSA-2592-1}
	- elinks 0.12~pre5-9
CVE-2012-4544 (The PV domain builder in Xen 4.2 and earlier does not validate the ...)
	{DSA-2636-1}
	- xen 4.1.3-4 (low; bug #688125)
CVE-2012-4543 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-4542 (block/scsi_ioctl.c in the Linux kernel through 3.8 does not properly ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport)
	NOTE: No upstream fix seems to be planned/treated as non-issue. Marking as unimportant
CVE-2012-4541 (Cross-site scripting (XSS) vulnerability in Piwik before 1.9 allows ...)
	- piwik <itp> (bug #506933)
CVE-2012-4540 (Off-by-one error in the invoke function in ...)
	{DSA-2768-1}
	- icedtea-web 1.3.1-1 (bug #692608)
	NOTE: http://seclists.org/oss-sec/2012/q4/237
CVE-2012-4539 (Xen 4.0 through 4.2, when running 32-bit x86 PV guests on 64-bit ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4538 (The HVMOP_pagetable_dying hypercall in Xen 4.0, 4.1, and 4.2 does not ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4537 (Xen 3.4 through 4.2, and possibly earlier versions, does not properly ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4536 (The (1) domain_pirq_to_emuirq and (2) physdev_unmap_pirq functions in ...)
	- xen 4.1.3-4
	[squeeze] - xen <not-affected> (Only affects 4.1.x)
CVE-2012-4535 (Xen 3.4 through 4.2, and possibly earlier versions, allows local guest ...)
	{DSA-2582-1}
	- xen 4.1.3-4
CVE-2012-4534 (org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x ...)
	- tomcat7 7.0.28-1 (bug #695251)
	- tomcat6 6.0.35-6 (bug #695250)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
CVE-2012-4533 (Cross-site scripting (XSS) vulnerability in the &quot;extra&quot; details in the ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.4 (low; bug #691062)
CVE-2012-4532 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4531 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.x before 2.5.7 ...)
	NOT-FOR-US: Joomla
CVE-2012-4530 (The load_script function in fs/binfmt_script.c in the Linux kernel ...)
	- linux 3.2.35-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4529 (The org.apache.catalina.connector.Response.encodeURL method in Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-4528 (The mod_security2 module before 2.7.0 for the Apache HTTP Server ...)
	- modsecurity-apache 2.6.6-5 (bug #691146)
	- libapache-mod-security <removed>
	[squeeze] - libapache-mod-security <no-dsa> (Minor issue)
CVE-2012-4527 (Stack-based buffer overflow in mcrypt 2.6.8 and earlier allows ...)
	- mcrypt 2.6.8-1.3 (unimportant; bug #690924)
	NOTE: patch proposed by submitter at RH bugzilla is incorrect
	NOTE: Only occurs in cmdline parsing, no priv escalation. Only a security issue in constructed setups
CVE-2012-4526 [XSS in password.php, incomplete fix for CVE-2012-4525]
	RESERVED
	- piwigo <not-affected> (incomplete fix not applied to Debian package)
	[squeeze] - piwigo <not-affected> (vulnerable code not present)
CVE-2012-4525 [XSS in password.php]
	RESERVED
	- piwigo <removed>
	[squeeze] - piwigo <not-affected> (vulnerable code not present)
CVE-2012-4524 [xlockmore bypass]
	RESERVED
	- xlockmore <removed> (low)
CVE-2012-4523 (radsecproxy before 1.6.1 does not properly verify certificates when ...)
	{DSA-2573-1}
	- radsecproxy 1.6.2-1
CVE-2012-4522 (The rb_get_path_check function in file.c in Ruby 1.9.3 before ...)
	{DLA-235-1}
	- ruby1.8 <not-affected> (Only affects 1.9.x, see bug #690670)
	- ruby1.9.1 1.9.3.194-3 (bug #690670)
CVE-2012-4521 [rejected dupe assignment]
	REJECTED
CVE-2012-4520 (The django.http.HttpRequest.get_host function in Django 1.3.x before ...)
	{DSA-2634-1}
	- python-django 1.4.2-1 (bug #691145)
CVE-2012-4519
	RESERVED
	NOT-FOR-US: Zenphoto
CVE-2012-4518 (ibacm 1.0.7 creates files with world-writable permissions, which ...)
	NOT-FOR-US: ibacm
CVE-2012-4517 (ibacm before 1.0.6 does not properly manage reference counts for ...)
	NOT-FOR-US: ibacm
CVE-2012-4516 (librdmacm 1.0.16, when ibacm.port is not specified, connects to port ...)
	- librdmacm 1.0.16-1 (bug #690672)
	[squeeze] - librdmacm <not-affected> (Introduced in 1.0.12)
	[wheezy] - librdmacm 1.0.15-1+deb7u1
CVE-2012-4515 (Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4514 (rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4513 (khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows ...)
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4512
	RESERVED
	- kdebase <removed> (unimportant)
	- kde-baseapps <unfixed> (unimportant)
	NOTE: Konqueror not supported security-wise
CVE-2012-4511 (services/flickr/flickr.c in libsocialweb before 0.25.21 automatically ...)
	- libsocialweb 0.25.20-3.1 (low; bug #690675)
	[wheezy] - libsocialweb 0.25.20-2.1
CVE-2012-4510 (cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile ...)
	{DSA-2562-1}
	- cups-pk-helper 0.2.3-1
CVE-2012-4509
	RESERVED
CVE-2012-4508 (Race condition in fs/ext4/extents.c in the Linux kernel before 3.4.16 ...)
	{DSA-2668-1}
	- linux 3.2.35-1
	- linux-2.6 <removed>
CVE-2012-4507 (The strchr function in procmime.c in Claws Mail (aka claws-mail) 3.8.1 ...)
	- claws-mail 3.8.1-2 (low; bug #690151)
	[squeeze] - claws-mail 3.7.6-4+squeeze1
	NOTE: http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2743
	NOTE: www.thewildbeast.co.uk/claws-mail/bugzilla/attachment.cgi?id=1165
CVE-2012-4506 (Directory traversal vulnerability in gitolite 3.x before 3.1, when ...)
	- gitolite <not-affected> (Only affects 3.x releases)
	NOTE: https://groups.google.com/forum/#!topic/gitolite/K9SnQNhCQ-0/discussion
	NOTE: https://github.com/sitaramc/gitolite/commit/f636ce3ba3e340569b26d1e47b9d9b62dd8a3bf2
CVE-2012-4505 (Heap-based buffer overflow in the px_pac_reload function in lib/pac.c ...)
	{DSA-2571-1}
	- libproxy 0.3.1-5.1 (bug #690376)
CVE-2012-4504 (Stack-based buffer overflow in the url::get_pac function in url.cpp in ...)
	- libproxy <not-affected> (Vulnerable code not present)
	NOTE: 0.4-only issue, fixed in newest upstream 0.4.9
CVE-2012-4503 (cmdmon.c in Chrony before 1.29 allows remote attackers to obtain ...)
	{DSA-2760-1}
	- chrony 1.29-1 (bug #719203)
CVE-2012-4502 (Multiple integer overflows in pktlength.c in Chrony before 1.29 allow ...)
	{DSA-2760-1}
	- chrony 1.29-1 (bug #719203)
CVE-2012-4501 (Citrix Cloud.com CloudStack, and Apache CloudStack pre-release, allows ...)
	NOT-FOR-US: CloudStack
CVE-2012-4500 (The Announcements module 6.x-1.x before 6.x-1.5 for Drupal allows ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4499 (The contact formatter page in the Email Field module 6.x-1.x before ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4498 (The Activism module 6.x-2.x before 6.x-2.1 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4497 (Cross-site scripting (XSS) vulnerability in the &quot;3 slide gallery&quot; in ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4496 (Cross-site scripting (XSS) vulnerability in the Custom Publishing ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4495 (The Mime Mail module 6.x-1.x before 6.x-1.1 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4494 (The Shibboleth authentication module 7.x-4.0 for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4493 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4492 (Multiple cross-site scripting (XSS) vulnerabilities in the Shorten ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4491 (The Monthly Archive by Node Type module 6.x for Drupal does not ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4490 (Multiple cross-site scripting (XSS) vulnerabilities in the Excluded ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4489 (Open redirect vulnerability in the securelogin_secure_redirect ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4488 (The Location module 6.x before 6.x-3.2 and 7.x before 7.x-3.0-alpha1 ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4487 (The Subuser module before 6.x-1.8 for Drupal does not properly check ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4486 (Cross-site request forgery (CSRF) vulnerability in the Subuser module ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4485 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4484 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4483 (The commons_discussion_views_default_views function in ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4482 (The Ubercart SecureTrading Payment Method module 6.x for Drupal does ...)
	NOT-FOR-US: Drupal addon not packaged in Debian
CVE-2012-4481 (The safe-level feature in Ruby 1.8.7 allows context-dependent ...)
	- ruby1.8 1.8.7.358-5 (bug #689945)
	[squeeze] - ruby1.8 <not-affected> (problematic code not present)
CVE-2012-4480
	RESERVED
	NOT-FOR-US: mom
CVE-2012-4479 (SQL injection vulnerability in the Drag &amp; Drop Gallery module 6.x for ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4478 (Cross-site request forgery (CSRF) vulnerability in the Drag &amp; Drop ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4477 (Unspecified vulnerability in the Drag &amp; Drop Gallery module 6.x for ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4476 (Cross-site scripting (XSS) vulnerability in the Drag &amp; Drop Gallery ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4475 (The Security Questions module for Drupal 6.x-1.x before 6.x-1.1 and ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4474 (Multiple cross-site scripting (XSS) vulnerabilities in the Colorbox ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4473 (The Restrict node page view module 7.x-1.x before 7.x-1.2 for Drupal ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4472 (Unrestricted file upload vulnerability in upload.php in the Drag &amp; ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4471 (The Search Autocomplete module 7.x-2.x before 7.x-2.4 for Drupal does ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4470 (The Listhandler module 6.x-1.x before 6.x-1.1 for Drupal does not ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4469 (Cross-site scripting (XSS) vulnerability in the Hashcash module ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4468 (Cross-site scripting (XSS) vulnerability in the Privatemsg module ...)
	NOT-FOR-US: Drupal contributed-module
CVE-2012-4467 (The (1) do_siocgstamp and (2) do_siocgstampns functions in ...)
	- linux-2.6 <not-affected> (Vulnerable code introduced in 3.3)
	- linux <not-affected> (Vulnerable code introduced in 3.3)
CVE-2012-4466 (Ruby 1.8.7 before patchlevel 371, 1.9.3 before patchlevel 286, and 2.0 ...)
	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
	[squeeze] - ruby1.9.1 <not-affected> (Minor issue, please recheck)
CVE-2012-4465 (Heap-based buffer overflow in the substr function in parsing.c in cgit ...)
	- cgit <not-affected> (Fixed before the initial upload into the archive)
CVE-2012-4464 (Ruby 1.9.3 before patchlevel 286 and 2.0 before revision r37068 allows ...)
	- ruby1.9.1 1.9.3.194-2 (low; bug #689075)
	[squeeze] - ruby1.9.1 <not-affected> (Introduced in 1.9.3)
CVE-2012-4463 (Midnight Commander (mc) 4.8.5 does not properly handle the (1) ...)
	- mc 3:4.8.8-1 (low; bug #689571)
	[wheezy] - mc <no-dsa> (Minor issue)
	[squeeze] - mc <no-dsa> (Minor issue)
CVE-2012-4462 (aviary/jobcontrol.py in Condor, as used in Red Hat Enterprise MRG 2.3, ...)
	- condor <not-affected> (This bug only affects the Aviary contrib module, which isn't built in the Debian condor package, #690556)
CVE-2012-4461 (The KVM subsystem in the Linux kernel before 3.6.9, when running on ...)
	{DSA-2668-1}
	- linux-2.6 <removed>
	- linux 3.2.35-1
CVE-2012-4460 (The serializing/deserializing functions in the qpid::framing::Buffer ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4459 (Integer overflow in the qpid::framing::Buffer::checkAvailable function ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4458 (The AMQP type decoder in Apache Qpid 0.20 and earlier allows remote ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4457 (OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-3 ...)
	- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4456 (The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone ...)
	- keystone 2012.1.1-9 (bug #689210)
CVE-2012-4455 (openCryptoki 2.4.1 allows local users to create or set world-writable ...)
	- opencryptoki 3.4.1+dfsg-1 (low; bug #689417)
	[jessie] - opencryptoki <no-dsa> (Minor issue)
	[squeeze] - opencryptoki <no-dsa> (Minor issue)
	[wheezy] - opencryptoki <no-dsa> (Minor issue)
CVE-2012-4454 (openCryptoki before 2.4.1, when using spinlocks, allows local users to ...)
	- opencryptoki 3.4.1+dfsg-1 (low; bug #689417)
	[jessie] - opencryptoki <no-dsa> (Minor issue)
	[squeeze] - opencryptoki <no-dsa> (Minor issue)
	[wheezy] - opencryptoki <no-dsa> (Minor issue)
CVE-2012-4453 (dracut.sh in dracut, as used in Red Hat Enterprise Linux 6, Fedora 16 ...)
	- dracut 020-1.1 (low; bug #688956)
	[squeeze] - dracut <no-dsa> (Minor issue)
CVE-2012-4452 (MySQL 5.0.88, and possibly other versions and platforms, allows local ...)
	- mysql-dfsg-5.0 <not-affected> (Debian never included that 5.0.88 release)
CVE-2012-4451 [php-ZendFramework: XSS vectors in multiple Zend Framework components ZF2012-03]
	RESERVED
	- zendframework <not-affected> (Vulnerable code introduced in 2.x, #688946)
CVE-2012-4450 (389 Directory Server 1.2.10 does not properly update the ACL when a DN ...)
	- 389-ds-base 1.2.11.15-1 (bug #688942)
	NOTE: Upstream ticket https://fedorahosted.org/389/ticket/340
	NOTE: Upstream patch http://git.fedorahosted.org/cgit/389/ds.git/commit/?id=5beb93d42efb807838c09c5fab898876876f8d09
CVE-2012-4449 (Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 ...)
	- hadoop <itp> (bug #793644)
CVE-2012-4448 (Cross-site request forgery (CSRF) vulnerability in wp-admin/index.php ...)
	- wordpress 3.5.1+dfsg-2 (low; bug #689031)
	[squeeze] - wordpress <no-dsa> (Minor issue)
	[wheezy] - wordpress <no-dsa> (Minor issue)
CVE-2012-4447 (Heap-based buffer overflow in tif_pixarlog.c in LibTIFF before 4.0.3 ...)
	{DSA-2561-1}
	- tiff 4.0.2-4 (bug #688944)
	- tiff3 3.9.6-9 (bug #688944)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=860198
CVE-2012-4446 (The default configuration for Apache Qpid 0.20 and earlier, when the ...)
	- qpid-cpp <removed> (low; bug #772794)
	[wheezy] - qpid-cpp <no-dsa> (Minor issue)
CVE-2012-4445 (Heap-based buffer overflow in the eap_server_tls_process_fragment ...)
	{DSA-2557-1}
	- hostapd <removed>
	- wpa 1.0-3 (bug #689990)
CVE-2012-4444 (The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux ...)
	- linux 2.6.36-1~experimental.1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4443 (Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of ...)
	- monkey <removed> (unimportant; bug #688008)
CVE-2012-4442 (Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the ...)
	- monkey <removed> (unimportant; bug #688007)
CVE-2012-4441 [jenkins XSS in CI game plugin]
	RESERVED
	- jenkins <not-affected> (Plugin not built in Debian source package)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4440 [jenkins XSS in Violations plugin]
	RESERVED
	- jenkins <not-affected> (Plugin not built in Debian source package)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4439 [jenkins XSS]
	RESERVED
	- jenkins 1.447.2+dfsg-2 (bug #688298)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4438 [jenkins remote code execution]
	RESERVED
	- jenkins 1.447.2+dfsg-2 (bug #688298)
	NOTE: http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://web.archive.org/web/20130606043312/http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2012-09-17.cb
CVE-2012-4437 (Cross-site scripting (XSS) vulnerability in the SmartyException class ...)
	- smarty3 3.1.10-2 (bug #688153)
	- smarty <removed> (bug #702710)
	[squeeze] - smarty 2.6.26-0.2+squeeze1
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/19/1
	NOTE: http://secunia.com/advisories/50589/
	NOTE: http://code.google.com/p/smarty-php/source/browse/trunk/distribution/change_log.txt
	NOTE: http://code.google.com/p/smarty-php/source/detail?r=4658
	NOTE: https://code.google.com/p/smarty-php/source/detail?r=4660
CVE-2012-4436 (Buffer overflow in the run_last_args function in client/fwknop.c in ...)
	- fwknop 2.0.3-1 (bug #688151)
	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
	NOTE: http://seclists.org/oss-sec/2012/q3/509
	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=a60f05ad44e824f6230b22f8976399340cb535dc
CVE-2012-4435 (fwknop before 2.0.3 does not properly validate IP addresses, which ...)
	- fwknop 2.0.3-1 (bug #688151)
	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
	NOTE: http://seclists.org/oss-sec/2012/q3/509
	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=f4c16bc47fc24a96b63105556b62d61c1ba7d799
CVE-2012-4434 [fwknop 2.0.3: multiple DoS / code execution flaw]
	RESERVED
	- fwknop 2.0.3-1 (bug #688151)
	[squeeze] - fwknop <not-affected> (Vulnerable code not present)
	[wheezy] - fwknop 2.0.0rc2-2+deb7u1
	NOTE: http://seclists.org/oss-sec/2012/q3/509
	NOTE: http://www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git;a=commitdiff;h=d46ba1c027a11e45821ba897a4928819bccc8f22
CVE-2012-4433 (Multiple integer overflows in operations/external/ppm-load.c in GEGL ...)
	- gegl 0.2.0-2+nmu1 (bug #692435)
	[squeeze] - gegl <not-affected> (PPM code not yet present)
	NOTE: http://seclists.org/oss-sec/2012/q4/215
CVE-2012-4432 (Use-after-free vulnerability in opngreduc.c in OptiPNG Hg and 0.7.x ...)
	- optipng <not-affected> (Introduced in 0.7, bug #687998)
CVE-2012-4431 (org/apache/catalina/filters/CsrfPreventionFilter.java in Apache Tomcat ...)
	- tomcat7 7.0.28-4 (bug #695251)
	- tomcat6 6.0.35-6 (bug #695250)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
CVE-2012-4430 (The dump_resource function in dird/dird_conf.c in Bacula before 5.2.11 ...)
	{DSA-2558-1}
	- bacula 5.2.6+dfsg-4 (bug #687923)
	[wheezy] - bacula 5.2.6+dfsg-2.1
	NOTE: http://www.bacula.org/git/cgit.cgi/bacula/commit/?id=67debcecd3d530c429e817e1d778e79dcd1db905
CVE-2012-4429 (Vino 2.28, 2.32, 3.4.2, and earlier allows remote attackers to read ...)
	- vino 3.8.1-1 (bug #687596; low)
	[squeeze] - vino <no-dsa> (Minor issue)
	[wheezy] - vino <no-dsa> (Minor issue)
CVE-2012-4428
	RESERVED
	{DLA-304-1}
	- openslp-dfsg 1.2.1-10 (bug #687597; low)
	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
	[wheezy] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2012-4427 (The gnome-shell plugin 3.4.1 in GNOME allows remote attackers to force ...)
	- gnome-shell <unfixed> (unimportant)
	NOTE: I don't see much of a problem here, if you install from a repo, you need to trust it
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=684215
	NOTE: As far as I can see there is still a yes/no prompt for the user. I suggest unfixed unimportant. -- helmut
CVE-2012-4426 (Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier ...)
	- mcrypt 2.6.8-1.1
	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
CVE-2012-4425 (libgio, when used in setuid or other privileged programs in spice-gtk ...)
	- spice-gtk 0.12-5 (bug #689155)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/18
CVE-2012-4424 (Stack-based buffer overflow in string/strcoll_l.c in the GNU C Library ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-94 (low; bug #689423)
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2012-4423 (The virNetServerProgramDispatchCall function in libvirt before 0.10.2 ...)
	- libvirt 0.9.12-5 (bug #687598)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=857133
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/13/11
CVE-2012-4422 (wp-admin/plugins.php in WordPress before 3.4.2, when the multisite ...)
	- wordpress 3.4.2+dfsg-1
CVE-2012-4421 (The create_post function in wp-includes/class-wp-atom-server.php in ...)
	- wordpress 3.4.2+dfsg-1
CVE-2012-4420 [Duplicate of CVE-2012-4416]
	RESERVED
	NOT-FOR-US: Duplicate of CVE-2012-4416
CVE-2012-4419 (The compare_tor_addr_to_addr_policy function in or/policies.c in Tor ...)
	{DSA-2548-1}
	- tor 0.2.3.22-rc-1
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/5
	NOTE: https://gitweb.torproject.org/tor.git/blob/release-0.2.2:/ReleaseNotes
	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/973c18bf0e84d14d8006a9ae97fde7f7fb97e404
	NOTE: https://gitweb.torproject.org/tor.git/commitdiff/62d96284f7e0f81c40d5df7e53dd7b4dfe7e56a5
CVE-2012-4418 (Apache Axis2 allows remote attackers to forge messages and bypass ...)
	NOT-FOR-US: We only provide Axis 1(Java) and the C-version of Axis
CVE-2012-4417 (GlusterFS 3.3.0, as used in Red Hat Storage server 2.0, allows local ...)
	- glusterfs 3.2.7-5 (low; bug #693112)
	[wheezy] - glusterfs <no-dsa> (Minor issue)
	[squeeze] - glusterfs <no-dsa> (Minor issue)
CVE-2012-4416 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
CVE-2012-4415 (Stack-based buffer overflow in the guac_client_plugin_open function in ...)
	- libguac 0.6.0-2 (medium)
	NOTE: maintainer contacted us, working on update
	NOTE: http://guac-dev.org/trac/changeset/7dcefa744b4a38825619c00ae8b47e5bae6e38c0/libguac
CVE-2012-4414 (Multiple SQL injection vulnerabilities in the replication code in ...)
	- mysql-5.1 5.1.72-1 (low; bug #687484)
	[squeeze] - mysql-5.1 <no-dsa> (Minor issue, currently not fixed in MySQL, can be included once fixed in 5.1.x)
	- mysql-5.5 5.5.30+dfsg-1 (bug #687485)
CVE-2012-4413 (OpenStack Keystone 2012.1.3 does not invalidate existing tokens when ...)
	- keystone 2012.1.1-6 (bug #687428)
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/7
CVE-2012-4412 (Integer overflow in string/strcoll_l.c in the GNU C Library (aka glibc ...)
	{DLA-165-1}
	- eglibc <removed>
	- glibc 2.17-94 (low; bug #687530)
	[wheezy] - eglibc 2.13-38+deb7u1
CVE-2012-4411 (The graphical console in Xen 4.0, 4.1 and 4.2 allows local OS guest ...)
	{DSA-2543-1}
	- xen 4.1.3-2
	- xen-qemu-dm-4.0 <removed>
	[squeeze] - xen <not-affected> (In Squeeze the code is in the package xen-qemu-dm-4.0)
CVE-2012-4409 (Stack-based buffer overflow in the check_file_head function in extra.c ...)
	- mcrypt 2.6.8-1.1
	[squeeze] - mcrypt <no-dsa> (minor issue, it doesn't affect libmcrypt)
	NOTE: http://packetstormsecurity.org/files/116268/mcrypt-2.6.8-Buffer-Overflow-Proof-Of-Concept.html
CVE-2012-4408 (course/reset.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4407 (lib/filelib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, and ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4406 (OpenStack Object Storage (swift) before 1.7.0 uses the loads function ...)
	- swift 1.4.8-2 (bug #686812)
CVE-2012-4405 (Multiple integer underflows in the icmLut_allocate function in ...)
	{DSA-2595-1}
	- argyll 1.4.0-7 (bug #687275)
	[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
	- ghostscript 9.05~dfsg-6.1 (bug #687274)
CVE-2012-4404 (security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly ...)
	{DSA-2538-1}
	- moin 1.9.4-8
	NOTE: http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
CVE-2012-4403 (theme/yui_combo.php in Moodle 2.3.x before 2.3.2 does not properly ...)
	- moodle <not-affected> (Only affects >= 2.3)
CVE-2012-4402 (webservice/lib.php in Moodle 2.1.x before 2.1.8, 2.2.x before 2.2.5, ...)
	- moodle 2.2.3.dfsg-2.3 (bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-4401 (Moodle 2.2.x before 2.2.5 and 2.3.x before 2.3.2 allows remote ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-4400 (repository/repository_ajax.php in Moodle 2.2.x before 2.2.5 and 2.3.x ...)
	- moodle 2.2.3.dfsg-2.3 (low; bug #687924)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-4399 (The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 ...)
	- cakephp <not-affected> (Does not affect 1.3)
	NOTE: http://seclists.org/bugtraq/2012/Jul/101
	NOTE: http://web.archive.org/web/20140822011643/http://bakery.cakephp.org:80/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1
CVE-2012-4398 (The __request_module function in kernel/kmod.c in the Linux kernel ...)
	- linux 3.2.35-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-48
CVE-2012-4397 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.1debian-1
CVE-2012-4396 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 4.0.2debian-1
CVE-2012-4395 (Cross-site scripting (XSS) vulnerability in index.php in ownCloud ...)
	- owncloud 4.0.3debian-1
CVE-2012-4394 (Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js ...)
	- owncloud 4.0.5debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4393 (Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4392 (index.php in ownCloud 4.0.7 does not properly validate the oc_token ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4391 (Cross-site request forgery (CSRF) vulnerability in ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4390 ((1) apps/calendar/appinfo/remote.php and (2) ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4389 (Incomplete blacklist vulnerability in lib/migrate.php in ownCloud ...)
	- owncloud 4.0.7debian-1 (bug #686567)
	[wheezy] - owncloud 4.0.4debian2-2
CVE-2012-4388 (The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through ...)
	- php5 5.4.1~rc1-1
	[squeeze] - php5 <not-affected> (CVE-2011-1398 was never fixed in squeeze)
CVE-2012-4387 (Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
	NOTE: http://struts.apache.org/2.x/docs/s2-011.html
CVE-2012-4386 (The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
	NOTE: http://struts.apache.org/2.x/docs/s2-010.html
CVE-2012-4385 [letodms CSRF]
	RESERVED
	- letodms 3.3.7+dfsg-1 (bug #689664)
CVE-2012-4384 [letodms XSS]
	RESERVED
	- letodms 3.3.7+dfsg-1 (bug #689664)
CVE-2012-4383
	RESERVED
	NOT-FOR-US: Contao
CVE-2012-4382 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39823
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4381 [Passwords were stored in local DB even if auth systems like LDAP were used]
	RESERVED
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39184
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4380 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39824
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4379 (MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39180
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4378 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <end-of-life>
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=37587
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4377 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 ...)
	- mediawiki 1:1.19.2-1 (bug #686330)
	[squeeze] - mediawiki <not-affected> (Introduced in 1.16)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=39700
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/31/6
CVE-2012-4376
	RESERVED
CVE-2012-4375
	RESERVED
CVE-2012-4374
	RESERVED
CVE-2012-4373
	RESERVED
CVE-2012-4372
	RESERVED
CVE-2012-4371
	RESERVED
CVE-2012-4370
	RESERVED
CVE-2012-4369
	RESERVED
CVE-2012-4368
	RESERVED
CVE-2012-4367
	RESERVED
CVE-2012-4366 (Belkin wireless routers Surf N150 Model F7D1301v1, N900 Model ...)
	NOT-FOR-US: Belkin wireless routers
CVE-2012-4365
	RESERVED
CVE-2012-4364
	RESERVED
CVE-2011-5101 (The Rumor technology in McAfee SaaS Endpoint Protection before 5.2.4 ...)
	NOT-FOR-US: McAfee
CVE-2011-5100 (The web interface in McAfee Firewall Reporter before 5.1.0.13 does not ...)
	NOT-FOR-US: McAfee
CVE-2010-5143 (McAfee VirusScan Enterprise before 8.8 allows local users to disable ...)
	NOT-FOR-US: McAfee
CVE-2009-5118 (Untrusted search path vulnerability in McAfee VirusScan Enterprise ...)
	NOT-FOR-US: McAfee
CVE-2009-5117 (The Web Post Protection feature in McAfee Host Data Loss Prevention ...)
	NOT-FOR-US: McAfee
CVE-2009-5116 (McAfee LinuxShield 1.5.1 and earlier does not properly implement ...)
	NOT-FOR-US: McAfee
CVE-2009-5115 (McAfee Common Management Agent (CMA) 3.5.5 through 3.5.5.588 and 3.6.0 ...)
	NOT-FOR-US: McAfee
CVE-2012-4363 (Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4362 (hydra.exe in HP SAN/iQ before 9.5 on the HP Virtual SAN Appliance has ...)
	NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-4361 (lhn/public/network/ping in HP SAN/iQ before 9.5 on the HP Virtual SAN ...)
	NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-4360 (Cross-site scripting (XSS) vulnerability in the mod_pagespeed module ...)
	NOT-FOR-US: mod_pagespeed
CVE-2012-4359 (Sielco Sistemi Winlog Pro SCADA before 2.07.18 and Winlog Lite SCADA ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4358 (Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4357 (Array index error in Sielco Sistemi Winlog Pro SCADA before 2.07.17 ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4356 (Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4355 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.18 and ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4354 (TCPIPS_Story.dll in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4353 (Stack-based buffer overflow in RunTime.exe in Sielco Sistemi Winlog ...)
	NOT-FOR-US: Sielco Sistemi Winlog SCADA
CVE-2012-4352 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-4351 (Integer overflow in pgpwded.sys in Symantec PGP Desktop 10.x and ...)
	NOT-FOR-US: Symantec
CVE-2012-4350 (Multiple unquoted Windows search path vulnerabilities in the (1) ...)
	NOT-FOR-US: Symantec Enterprise Security Manager
CVE-2012-4349 (Unquoted Windows search path vulnerability in Symantec Network Access ...)
	NOT-FOR-US: Symantec Network Access Control
CVE-2012-4348 (The management console in Symantec Endpoint Protection (SEP) 11.0 ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-4347 (Multiple directory traversal vulnerabilities in the management console ...)
	NOT-FOR-US: Symantec
CVE-2012-4346
	RESERVED
CVE-2012-4345 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...)
	- phpmyadmin 4:3.4.11.1-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2012-4344 (Cross-site scripting (XSS) vulnerability in Ipswitch WhatsUp Gold ...)
	NOT-FOR-US: Ipswitch
CVE-2012-4343 (Multiple unspecified vulnerabilities in Gallery 3 before 3.0.4 allow ...)
	- gallery3 <itp> (bug #511715)
CVE-2012-4342 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 ...)
	- gallery3 <itp> (bug #511715)
CVE-2012-4341 (Multiple stack-based buffer overflows in msg_server.exe in SAP ...)
	NOT-FOR-US: SAP NetWeaver ABAP
CVE-2012-4340 (Cross-site scripting (XSS) vulnerability in Sybase EAServer before 6.1 ...)
	NOT-FOR-US: Sybase
CVE-2012-4339
	RESERVED
CVE-2012-4338
	RESERVED
CVE-2012-4337 (Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote ...)
	NOT-FOR-US: Foxit Reader
CVE-2012-4336 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Flogr 2.5.6
CVE-2012-4335 (Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a ...)
	NOT-FOR-US: Samsung NET-i
CVE-2012-4334 (The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) ...)
	NOT-FOR-US: Samsung NET-i
CVE-2012-4333 (Multiple stack-based buffer overflows in the BackupToAvi method in the ...)
	NOT-FOR-US: Samsung NET-i
CVE-2012-4332 (The ShareYourCart plugin 1.7.1 for WordPress allows remote attackers ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-4331 (Multiple unspecified vulnerabilities in SPIP before 1.9.2.o, 2.0.x ...)
	{DSA-2461-1}
	- spip 2.1.13-1
CVE-2012-4330 (The Samsung D6000 TV and possibly other products allows remote ...)
	NOT-FOR-US: Samsung D6000 TV
CVE-2012-4329 (The Samsung D6000 TV and possibly other products allow remote ...)
	NOT-FOR-US: Samsung D6000 TV
CVE-2012-4328 (Unspecified vulnerability in the MAPI in vBulletin Suite 4.1.2 through ...)
	NOT-FOR-US: vBulletin
CVE-2012-4327 (Unspecified vulnerability in the Image News slider plugin before 3.3 ...)
	NOT-FOR-US: Image News slider plugin for WordPress
CVE-2012-4326 (Cross-site request forgery (CSRF) vulnerability in commonsettings.php ...)
	NOT-FOR-US: AlstraSoft Site Uptime Enterprise
CVE-2012-4325 (Cross-site request forgery (CSRF) vulnerability in upload/users.php in ...)
	NOT-FOR-US: Utopia News Pro
CVE-2012-4324 (Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation ...)
	NOT-FOR-US: PHPJabbers Vacation Rental Script
CVE-2012-4323
	RESERVED
CVE-2012-4322
	RESERVED
CVE-2012-4321
	RESERVED
CVE-2012-4320
	RESERVED
CVE-2012-4319
	RESERVED
CVE-2012-4318
	RESERVED
CVE-2012-4317
	RESERVED
CVE-2012-4316
	RESERVED
CVE-2012-4315
	RESERVED
CVE-2012-4314
	RESERVED
CVE-2012-4313
	RESERVED
CVE-2012-4312
	RESERVED
CVE-2012-4311
	RESERVED
CVE-2012-4310
	RESERVED
CVE-2012-4309
	RESERVED
CVE-2012-4308
	RESERVED
CVE-2012-4307
	RESERVED
CVE-2012-4306
	RESERVED
CVE-2012-4305 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-4304
	RESERVED
CVE-2012-4303 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-4302
	RESERVED
CVE-2012-4301 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-4300
	RESERVED
CVE-2012-4299
	RESERVED
CVE-2012-4298 (Integer signedness error in the vwr_read_rec_data_ethernet function in ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4297 (Buffer overflow in the dissect_gsm_rlcmac_downlink function in ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.6.x and 1.8.x)
CVE-2012-4296 (Buffer overflow in epan/dissectors/packet-rtps2.c in the RTPS2 ...)
	{DSA-2590-1}
	- wireshark 1.8.2-1
CVE-2012-4295 (Array index error in the channelised_fill_sdh_g707_format function in ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4294 (Buffer overflow in the channelised_fill_sdh_g707_format function in ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4293 (plugins/ethercat/packet-ecatmb.c in the EtherCAT Mailbox dissector in ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4292 (The dissect_stun_message function in epan/dissectors/packet-stun.c in ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4291 (The CIP dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4290 (The CTDB dissector in Wireshark 1.4.x before 1.4.15, 1.6.x before ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4289 (epan/dissectors/packet-afp.c in the AFP dissector in Wireshark 1.4.x ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4288 (Integer overflow in the dissect_xtp_ecntl function in ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4287 (epan/dissectors/packet-mongo.c in the MongoDB dissector in Wireshark ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4286 (The pcapng_read_packet_block function in wiretap/pcapng.c in the ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Only affects 1.8.x)
CVE-2012-4285 (The dissect_pft function in epan/dissectors/packet-dcp-etsi.c in the ...)
	- wireshark 1.8.2-1 (unimportant)
	NOTE: not suitable for code injection
CVE-2012-4284
	RESERVED
CVE-2011-5099 (SQL injection vulnerability in helper/popup.php in the ccNewsletter ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4283 (Cross-site scripting (XSS) vulnerability in the Login With Ajax plugin ...)
	NOT-FOR-US: Login With Ajax plugin for Wordpress
CVE-2012-4282 (SQL injection vulnerability in photo.php in Trombinoscope 3.5 allows ...)
	NOT-FOR-US: Trombinoscope 3.5
CVE-2012-4281 (Multiple SQL injection vulnerabilities in Travelon Express 6.2.2 allow ...)
	NOT-FOR-US: Travelon Express 6.2.2
CVE-2012-4280 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Free Realty 3.1-0.6
CVE-2012-4279 (Multiple SQL injection vulnerabilities in Free Realty 3.1-0.6 allow ...)
	NOT-FOR-US: Free Realty 3.1-0.6
CVE-2012-4278 (Multiple cross-site scripting (XSS) vulnerabilities in Free Realty ...)
	NOT-FOR-US: Free Realty
CVE-2012-4277 (Cross-site scripting (XSS) vulnerability in the ...)
	- smarty3 3.1.10-1
	- smarty <removed> (low)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-4276 (Unspecified vulnerability in Hitachi IT Operations Director 02-50-01 ...)
	NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4275 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
	NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-4274 (Unspecified vulnerability in Hitachi Cobol GUI Option 06-00, 06-01 ...)
	NOT-FOR-US: Hitachi Cobol GUI Option
CVE-2012-4273 (Cross-site scripting (XSS) vulnerability in libs/xing.php in the 2 ...)
	NOT-FOR-US: 2 Click Social Media Buttons plugin for Wordpress
CVE-2012-4272 (Multiple cross-site scripting (XSS) vulnerabilities in the 2 Click ...)
	NOT-FOR-US: 2 Click Social Media Buttons plugin for WordPress
CVE-2012-4271 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-4270 (Cross-site scripting (XSS) vulnerability in eFront 3.6.11 allows ...)
	NOT-FOR-US: eFront
CVE-2012-4269 (Unrestricted file upload vulnerability in eFront 3.6.11 allows remote ...)
	NOT-FOR-US: eFront
CVE-2012-4268 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: BulletProof Security plugin for WordPress
CVE-2012-4267 (Cross-site scripting (XSS) vulnerability in user/register in Sockso ...)
	NOT-FOR-US: Sockso
CVE-2012-4266 (Cross-site scripting (XSS) vulnerability in client_details.php in ...)
	NOT-FOR-US: Proman Xpress
CVE-2012-4265 (SQL injection vulnerability in category_edit.php in Proman Xpress ...)
	NOT-FOR-US: Proman Xpress
CVE-2012-4264 (Multiple cross-site scripting (XSS) vulnerabilities in the Better WP ...)
	NOT-FOR-US: Better WP Security plugin for WordPress
CVE-2012-4263 (Cross-site scripting (XSS) vulnerability in inc/admin/content.php in ...)
	NOT-FOR-US: Better WP Security plugin for Wordpress
CVE-2012-4262 (Multiple cross-site scripting (XSS) vulnerabilities in myCare2x allow ...)
	NOT-FOR-US: myCare2x
CVE-2012-4261 (SQL injection vulnerability in modules/patient/mycare2x_pat_info.php ...)
	NOT-FOR-US: myCare2x
CVE-2012-4260 (Multiple SQL injection vulnerabilities in myCare2x allow remote ...)
	NOT-FOR-US: myCare2x
CVE-2012-4259 (Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone ...)
	NOT-FOR-US: XPhone Virtual Directory
CVE-2012-4258 (Multiple SQL injection vulnerabilities in MYRE Real Estate Software ...)
	NOT-FOR-US: MYRE Real Estate Software
CVE-2012-4257 (Yaqas (Yet Another Question &amp; Answer System) 1.0 Alpha 1 allows remote ...)
	NOT-FOR-US: Yaqas
CVE-2012-4256 (The jNews (com_jnews) component 7.5.1 for Joomla! allows remote ...)
	NOT-FOR-US: jNews for Joomla!
CVE-2012-4255 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4254 (MySQLDumper 1.24.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4253 (Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4252 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4251 (Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper ...)
	NOT-FOR-US: MySQLDumper
CVE-2012-4250 (Stack-based buffer overflow in the RequestScreenOptimization function ...)
	NOT-FOR-US: Samsung NET-i viewer
CVE-2012-4249 (The Amazon Lab126 com.lab126.system sendEvent implementation on the ...)
	NOT-FOR-US: Kindle Touch
CVE-2012-4248 (The Amazon Kindle Touch before 5.1.2 does not properly restrict access ...)
	NOT-FOR-US: Kindle Touch
CVE-2012-4247 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phplist
CVE-2012-4246 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phplist
CVE-2012-4245 (The scriptfu network server in GIMP 2.6 does not require ...)
	- gimp <unfixed> (unimportant)
	NOTE: The interface isn't designed or advertised to be secure, this is hardly a security issue in practice
CVE-2012-4244 (ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before ...)
	{DSA-2547-1}
	- bind9 1:9.8.4.dfsg-1 (bug #693015)
	[wheezy] - bind9 1:9.8.1.dfsg.P1-4.4
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-4243
	RESERVED
CVE-2012-4242 (Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin ...)
	NOT-FOR-US: MF Gig Calendar
CVE-2012-4241 (Multiple cross-site scripting (XSS) vulnerabilities in Microcart 1.0 ...)
	NOT-FOR-US: Microcart
CVE-2012-4240 (SQL injection vulnerability in modules/calendar/json.php in ...)
	NOT-FOR-US: Group-Office
CVE-2012-4239
	RESERVED
CVE-2012-4238 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: TCExam
CVE-2012-4237 (Multiple SQL injection vulnerabilities in TCExam before 11.3.008 allow ...)
	NOT-FOR-US: TCExam
CVE-2012-4236 (Cross-site scripting (XSS) vulnerability in the refresh_page function ...)
	NOT-FOR-US: Total Shop UK eCommerce
CVE-2012-4235 (The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4234 (Cross-site scripting (XSS) vulnerability in the group moderation ...)
	NOT-FOR-US: Phorum
CVE-2012-4233 (LibreOffice 3.5.x before 3.5.7.2 and 3.6.x before 3.6.1, and ...)
	{DSA-2570-1}
	- libreoffice 1:3.5.4+dfsg-3 (low)
	- openoffice.org 1:3.3.0-1 (low)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
	NOTE: https://www.htbridge.com/advisory/HTB23106
CVE-2012-4232 (SQL injection vulnerability in admin/index.php in jCore before 1.0pre2 ...)
	NOT-FOR-US: jCore
CVE-2012-4231 (Cross-site scripting (XSS) vulnerability in admin/index.php in jCore ...)
	NOT-FOR-US: jCore
CVE-2012-4230 (The bbcode plugin in TinyMCE 3.5.8 does not properly enforce the ...)
	- tinymce <unfixed> (low; bug #796117)
	[stretch] - tinymce <no-dsa> (Minor issue)
	[jessie] - tinymce <no-dsa> (Minor issue)
	[squeeze] - tinymce <no-dsa> (Minor issue)
	[wheezy] - tinymce <no-dsa> (Minor issue)
CVE-2012-4229
	RESERVED
CVE-2012-4228
	RESERVED
CVE-2012-4227
	RESERVED
CVE-2012-4226 (Multiple cross-site scripting (XSS) vulnerabilities in Quick Post ...)
	NOT-FOR-US: WordPress plugin Quick Post Widget
CVE-2012-4225 (NVIDIA UNIX graphics driver before 295.71 and before 304.32 allows ...)
	- nvidia-graphics-drivers 304.37-1 (bug #684781)
	- nvidia-graphics-drivers-legacy-173xx 173.14.35-3
	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze2
	[squeeze] - nvidia-graphics-drivers-legacy-173xx <no-dsa> (Non-free not supported)
	NOTE: http://seclists.org/fulldisclosure/2012/Aug/4
	NOTE: http://nvidia.custhelp.com/app/answers/detail/a_id/3140
CVE-2012-4224
	REJECTED
CVE-2012-4223
	REJECTED
CVE-2012-4222 (drivers/gpu/msm/kgsl.c in the Qualcomm Innovation Center (QuIC) ...)
	- linux <not-affected> (Android-specific drivers)
	- linux-2.6 <not-affected> (Android-specific drivers)
CVE-2012-4221 (Integer overflow in diagchar_core.c in the Qualcomm Innovation Center ...)
	- linux <not-affected> (Android-specific drivers)
	- linux-2.6 <not-affected> (Android-specific drivers)
CVE-2012-4220 (diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics ...)
	- linux <not-affected> (Android-specific drivers)
	- linux-2.6 <not-affected> (Android-specific drivers)
CVE-2012-4219 (show_config_errors.php in phpMyAdmin 3.5.x before 3.5.2.1 allows ...)
	- phpmyadmin 4:4.0.1-1 (unimportant)
	NOTE: Path disclosure irrelevant in Debian
CVE-2012-4218 (Use-after-free vulnerability in the ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4217 (Use-after-free vulnerability in the ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4216 (Use-after-free vulnerability in the gfxFont::GetFontEntry function in ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-4215 (Use-after-free vulnerability in the ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4214 (Use-after-free vulnerability in the nsTextEditorState::PrepareEditor ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4213 (Use-after-free vulnerability in the nsEditor::FindNextLeafNode ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4212 (Use-after-free vulnerability in the XPCWrappedNative::Mark function in ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4211
	REJECTED
CVE-2012-4210 (The Style Inspector in Mozilla Firefox before 17.0 and Firefox ESR ...)
	- iceweasel 10.0.11esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4209 (Mozilla Firefox before 17.0, Firefox ESR 10.x before 10.0.11, ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4208 (The XrayWrapper implementation in Mozilla Firefox before 17.0, ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4207 (The HZ-GB-2312 character-set implementation in Mozilla Firefox before ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-4206 (Untrusted search path vulnerability in the installer in Mozilla ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2012-4205 (Mozilla Firefox before 17.0, Thunderbird before 17.0, and SeaMonkey ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4204 (The str_unescape function in the JavaScript engine in Mozilla Firefox ...)
	- iceape <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
	- icedove <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4203 (The New Tab page in Mozilla Firefox before 17.0 uses a privileged ...)
	- iceweasel <not-affected> (Doesn't affect the ESR series, only releases from experimental)
CVE-2012-4202 (Heap-based buffer overflow in the image::RasterImage::DrawFrameTo ...)
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-4201 (The evalInSandbox implementation in Mozilla Firefox before 17.0, ...)
	{DSA-2588-1 DSA-2584-1 DSA-2583-1}
	- iceweasel 10.0.11esr-1
	- icedove 10.0.11-1
	- iceape 2.7.11-1
CVE-2012-4200
	RESERVED
CVE-2012-4199 (template/en/default/bug/field-events.js.tmpl in Bugzilla 3.x before ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4198 (The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x ...)
	- bugzilla <not-affected> (Only affects 3.7 onwards)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4197 (Bugzilla/Attachment.pm in attachment.cgi in Bugzilla 2.x and 3.x ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4196 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, ...)
	- iceweasel 10.0.10esr-1
	- icedove 10.0.10-1
	- iceape 2.7.10-1
	[squeeze] - iceape <not-affected> (vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (vulnerable code not present)
	[squeeze] - icedove <not-affected> (vulnerable code not present)
CVE-2012-4195 (The nsLocation::CheckURL function in Mozilla Firefox before 16.0.2, ...)
	- iceape <not-affected> (Only affects 16.x release from experimental)
	- iceweasel <not-affected> (Only affects 16.x release from experimental)
	- icedove <not-affected> (Only affects 16.x release from experimental)
CVE-2012-4194 (Mozilla Firefox before 16.0.2, Firefox ESR 10.x before 10.0.10, ...)
	- iceape 2.7.10-1
	- icedove 10.0.10-1
	- iceweasel 10.0.10esr-1
	[squeeze] - iceape <not-affected> (vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (vulnerable code not present)
	[squeeze] - icedove <not-affected> (vulnerable code not present)
CVE-2012-4193 (Mozilla Firefox before 16.0.1, Firefox ESR 10.x before 10.0.9, ...)
	- iceweasel 10.0.9esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (vulnerable code not present)
	[squeeze] - icedove <not-affected> (vulnerable code not present)
CVE-2012-4192 (Mozilla Firefox 16.0, Thunderbird 16.0, and SeaMonkey 2.13 allow ...)
	- iceweasel 10.0.9esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Regression not present in Squeeze)
	[squeeze] - iceweasel <not-affected> (Regression not present in Squeeze)
	[squeeze] - icedove <not-affected> (Regression not present in Squeeze)
CVE-2012-4191 (The mozilla::net::FailDelayManager::Lookup function in the WebSockets ...)
	- iceweasel <not-affected> (Doesn't affect ESR series)
CVE-2012-4190 (The FT2FontEntry::CreateFontEntry function in FreeType, as used in the ...)
	- iceweasel <not-affected> (Only affects Firefox Mobile)
CVE-2012-4189 (Cross-site scripting (XSS) vulnerability in Bugzilla 4.1.x and 4.2.x ...)
	- bugzilla <not-affected> (Only affects 4.1 onwards)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-4188 (Heap-based buffer overflow in the Convolve3x3 function in Mozilla ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4187 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4186 (Heap-based buffer overflow in the nsWaveReader::DecodeAudioData ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4185 (Buffer overflow in the nsCharTraits::length function in Mozilla ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4184 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4183 (Use-after-free vulnerability in the DOMSVGTests::GetRequiredFeatures ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4182 (Use-after-free vulnerability in the nsTextEditRules::WillInsert ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4181 (Use-after-free vulnerability in the ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4180 (Heap-based buffer overflow in the ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4179 (Use-after-free vulnerability in the ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-4178 (SQL injection vulnerability in spywall/includes/deptUploads_data.php ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-4177 (The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote ...)
	NOT-FOR-US: Ubisoft Uplay PC
CVE-2012-4176 (Array index error in Adobe Shockwave Player before 11.6.8.638 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4175 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4174 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4173 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4172 (Buffer overflow in Adobe Shockwave Player before 11.6.8.638 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2012-4171 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4170 (Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows ...)
	NOT-FOR-US: Adobe Photoshop CS6
CVE-2012-4169
	REJECTED
CVE-2012-4168 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4167 (Integer overflow in Adobe Flash Player before 10.3.183.23 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4166
	REJECTED
CVE-2012-4165 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4164 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4163 (Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-4162 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4161 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4160 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4159 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4158 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4157 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4156 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4155 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4154 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4153 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4152 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4151 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4150 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4149 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4148 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-4147 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-5098 (chef-server-api/app/controllers/clients.rb in Chef Server in Chef ...)
	- chef 0.10.10-1
CVE-2011-5097 (chef-server-api/app/controllers/cookbooks.rb in Chef Server in Chef ...)
	- chef 0.10.10-1
CVE-2010-5142 (chef-server-api/app/controllers/users.rb in the API in Chef before ...)
	- chef 0.10.10-1
CVE-2012-4146 (Opera before 12.01 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2012-4145 (Unspecified vulnerability in Opera before 12.01 on Windows and UNIX, ...)
	NOT-FOR-US: Opera
CVE-2012-4144 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x ...)
	NOT-FOR-US: Opera
CVE-2012-4143 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x ...)
	NOT-FOR-US: Opera
CVE-2012-4142 (Opera before 12.01 on Windows and UNIX, and before 11.66 and 12.x ...)
	NOT-FOR-US: Opera
CVE-2012-XXXX [redeclipse code execution through map files]
	- redeclipse 1.2-3 (bug #684143)
CVE-2012-XXXX [base name disclosure]
	- spip 2.1.17-1 (bug #683667)
	[squeeze] - spip 2.1.1-3squeeze5
CVE-2012-XXXX [insecure default configuration / authentication bypass]
	- munin 2.0.5-1 (bug #682869)
	[squeeze] - munin <no-dsa> (Minor issue)
CVE-2012-4141 (Directory traversal vulnerability in the CLI parser in Cisco NX-OS ...)
	NOT-FOR-US: Cisco
CVE-2012-4140
	REJECTED
CVE-2012-4139
	REJECTED
CVE-2012-4138
	REJECTED
CVE-2012-4137
	REJECTED
CVE-2012-4136 (The high-availability service in the Fabric Interconnect component in ...)
	NOT-FOR-US: Cisco
CVE-2012-4135 (Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and ...)
	NOT-FOR-US: Cisco
CVE-2012-4134
	REJECTED
CVE-2012-4133
	REJECTED
CVE-2012-4132
	REJECTED
CVE-2012-4131 (Directory traversal vulnerability in tar in Cisco NX-OS allows local ...)
	NOT-FOR-US: Cisco
CVE-2012-4130
	REJECTED
CVE-2012-4129
	REJECTED
CVE-2012-4128
	REJECTED
CVE-2012-4127
	REJECTED
CVE-2012-4126
	REJECTED
CVE-2012-4125
	REJECTED
CVE-2012-4124
	REJECTED
CVE-2012-4123
	REJECTED
CVE-2012-4122 (The CLI parser in Cisco NX-OS allows local users to bypass intended ...)
	NOT-FOR-US: Cisco
CVE-2012-4121 (Cisco NX-OS allows local users to gain privileges, and read or modify ...)
	NOT-FOR-US: Cisco
CVE-2012-4120
	REJECTED
CVE-2012-4119
	REJECTED
CVE-2012-4118
	REJECTED
CVE-2012-4117 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2012-4116 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2012-4115 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2012-4114 (The fabric-interconnect KVM module in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2012-4113 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco
CVE-2012-4112 (The Baseboard Management Controller (BMC) in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2012-4111 (The create certreq command in the fabric-interconnect component in ...)
	NOT-FOR-US: Cisco
CVE-2012-4110 (run-script in the fabric-interconnect component in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2012-4109 (The clear sshkey command in the fabric-interconnect component in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-4108 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4107 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4106 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4105 (The fabric-interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4104 (Absolute path traversal vulnerability in the image-download process in ...)
	NOT-FOR-US: Cisco
CVE-2012-4103 (ethanalyzer in the fabric-interconnect component in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2012-4102 (The activate firmware command in the fabric-interconnect component in ...)
	NOT-FOR-US: Cisco
CVE-2012-4101
	REJECTED
CVE-2012-4100
	REJECTED
CVE-2012-4099 (The BGP implementation in Cisco NX-OS does not properly filter AS ...)
	NOT-FOR-US: Cisco
CVE-2012-4098 (The BGP implementation in Cisco NX-OS does not properly filter AS ...)
	NOT-FOR-US: Cisco
CVE-2012-4097 (The BGP implementation in Cisco NX-OS does not properly filter segment ...)
	NOT-FOR-US: Cisco
CVE-2012-4096 (The local file editor in the Baseboard Management Controller (BMC) in ...)
	NOT-FOR-US: Cisco
CVE-2012-4095 (The local file editor in the fabric-interconnect component in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-4094 (Buffer overflow in the Smart Call Home feature in the fabric ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4093 (The Manager component in Cisco Unified Computing System (UCS) allows ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4092 (The management interface in the Central Software component in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4091 (The RIP service engine in Cisco NX-OS allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2012-4090 (The management interface in Cisco NX-OS on Nexus 7000 devices allows ...)
	NOT-FOR-US: Cisco
CVE-2012-4089 (MCTOOLS in the fabric interconnect in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4088 (The FTP server in Cisco Unified Computing System (UCS) has a hardcoded ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4087 (A cluster setup script for fabric interconnect devices in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4086 (A setup script for fabric interconnect devices in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4085 (The Intelligent Platform Management Interface (IPMI) implementation in ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4084 (Cross-site request forgery (CSRF) vulnerability in the web-management ...)
	NOT-FOR-US: Cisco
CVE-2012-4083 (Multiple buffer overflows in the administrative web interface in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4082 (MCTools in the Cisco Management Controller in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2012-4081 (MCServer in the Cisco Management Controller in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco
CVE-2012-4080
	REJECTED
CVE-2012-4079 (The XML API service in the Fabric Interconnect component in Cisco ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4078 (The Baseboard Management Controller (BMC) in Cisco Unified Computing ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4077 (Cisco NX-OS allows local users to gain privileges and execute ...)
	NOT-FOR-US: Cisco
CVE-2012-4076 (Cisco NX-OS allows local users to gain privileges and execute ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-4075 (Cisco NX-OS allows local users to gain privileges and execute ...)
	NOT-FOR-US: Cisco
CVE-2012-4074 (The Board Management Controller (BMC) in the Serial over LAN (SoL) ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4073 (The KVM subsystem in the client in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4072 (The KVM subsystem in Cisco Unified Computing System (UCS) relies on a ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-4071 (Cross-site scripting (XSS) vulnerability in the comments module in the ...)
	NOT-FOR-US: Joomla addon
CVE-2012-4070 (SQL injection vulnerability in system/src/dispatcher.php in Dir2web ...)
	NOT-FOR-US: Dir2Web
CVE-2012-4069 (Dir2web 3.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: Dir2Web
CVE-2012-4068 (Heap-based buffer overflow in the SoapServer service in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2012-4067 (Walrus in Eucalyptus before 3.2.2 allows remote attackers to cause a ...)
	- eucalyptus <removed> (bug #707592)
	NOTE: https://github.com/eucalyptus/eucalyptus/commit/e958e60
	NOTE: https://eucalyptus.atlassian.net/browse/EUCA-5277
CVE-2012-4066 (The internal message protocol for Walrus in Eucalyptus 3.2.0 and ...)
	- eucalyptus <removed> (bug #702388)
CVE-2012-4065 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
	- eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4064 (Eucalyptus before 3.1.1 does not properly restrict the binding of ...)
	- eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4063 (The Apache Santuario configuration in Eucalyptus before 3.1.1 does not ...)
	- eucalyptus 3.1.0-9 (bug #689599)
CVE-2012-4062
	RESERVED
CVE-2012-4061 (Multiple SQL injection vulnerabilities in ASP-DEv XM Diary allow ...)
	NOT-FOR-US: ASP-DEv XM Diary
CVE-2012-4060 (Multiple SQL injection vulnerabilities in ASP-DEv XM Forums RC3 allow ...)
	NOT-FOR-US: ASP-DEv XM Diary
CVE-2012-4059 (Cross-site request forgery (CSRF) vulnerability in home/secretqtn.php ...)
	NOT-FOR-US: Socketmail not in Debian
CVE-2012-4058 (Cross-site scripting (XSS) vulnerability in SocketMail Pro 2.2.9 ...)
	NOT-FOR-US: Socketmail not in Debian
CVE-2012-4057 (Buffer overflow in the Player in Remote-Anything 5.60.15 allows remote ...)
	NOT-FOR-US: Remote-Anything not in Debian
CVE-2012-4056 (SQL injection vulnerability in index2.php in Uiga Personal Portal ...)
	NOT-FOR-US: Uiga personal portal
CVE-2012-4055 (SQL injection vulnerability in index2.php in Uiga Fan Club allows ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2012-4054 (Buffer overflow in the readfile function in CPE17 Autorun Killer 1.7.1 ...)
	NOT-FOR-US: CPE17 Autorun Killer not in Debian
CVE-2012-4053 (Cross-site request forgery (CSRF) vulnerability in eZOE flash player ...)
	NOT-FOR-US: eZOE flash player not in Debian
CVE-2012-4052 (Multiple cross-site scripting (XSS) vulnerabilities in Jease before ...)
	NOT-FOR-US: Jease
CVE-2012-4051 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: JAMF Casper suite
CVE-2007-6754 (The ipalloc function in libc/stdlib/malloc.c in jemalloc in libc for ...)
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2006-7252 (Integer overflow in the calloc function in libc/stdlib/malloc.c in ...)
	NOT-FOR-US: NetBSD/FreeBSD libc
CVE-2005-4895 (Multiple integer overflows in TCMalloc (tcmalloc.cc) in gperftools ...)
	- google-perftools 0.7-1
CVE-2012-4047
	RESERVED
CVE-2012-4046 (The D-Link DCS-932L camera with firmware 1.02 allows remote attackers ...)
	NOT-FOR-US: D-Link DCS-932L camera
CVE-2012-4045 (Multiple heap-based buffer overflows in bmp.w5s in Winamp before 5.63 ...)
	NOT-FOR-US: Winamp
CVE-2012-4044
	RESERVED
CVE-2012-4043 (Cross-site scripting (XSS) vulnerability in global-protect/login.esp ...)
	NOT-FOR-US: Palo Alto Networks software
CVE-2012-4042
	RESERVED
CVE-2012-4041
	RESERVED
CVE-2012-4040
	RESERVED
CVE-2012-4039
	RESERVED
CVE-2012-4038
	RESERVED
CVE-2012-4037 (Multiple cross-site scripting (XSS) vulnerabilities in the web client ...)
	- transmission 2.52-3 (bug #683380)
	[squeeze] - transmission <not-affected> (Version in Stable not affected)
CVE-2012-4036 (Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 ...)
	NOT-FOR-US: PBBoard
CVE-2012-4035 (The new_password page in PBBoard 2.1.4 allows remote attackers to ...)
	NOT-FOR-US: PBBoard
CVE-2012-4034 (Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote ...)
	NOT-FOR-US: PBBoard
CVE-2012-4050 (Multiple unspecified vulnerabilities in Google Chrome OS before ...)
	NOT-FOR-US: Google Chrome OS
CVE-2012-4049 (epan/dissectors/packet-nfs.c in the NFS dissector in Wireshark 1.4.x ...)
	- wireshark 1.8.2-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-12.html
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
CVE-2012-4048 (The PPP dissector in Wireshark 1.4.x before 1.4.14, 1.6.x before ...)
	{DSA-2590-1}
	- wireshark 1.8.2-1 (bug #680056)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-11.html
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/24/2
CVE-2012-4033 (Multiple unspecified vulnerabilities in the Zingiri Web Shop plugin ...)
	NOT-FOR-US: Zingiri not in Debian
CVE-2012-4032 (Open redirect vulnerability in the login page in WebsitePanel before ...)
	NOT-FOR-US: WebsitePanel not in Debian
CVE-2012-4031 (Multiple directory traversal vulnerabilities in src/acloglogin.php in ...)
	NOT-FOR-US: Wangkongbao not in Debian
CVE-2012-4030
	RESERVED
CVE-2012-4029
	RESERVED
CVE-2012-4028 (Tridium Niagara AX Framework does not properly store credential data, ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-4027 (Directory traversal vulnerability in Tridium Niagara AX Framework ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-4026 (The Johnson Controls Pegasys P2000 server with software before 3.11 ...)
	NOT-FOR-US: The Johnson Controls Pegasys P2000
CVE-2012-4025 (Integer overflow in the queue_init function in unsquashfs.c in ...)
	- squashfs-tools 1:4.2+20121212-1 (low; bug #683371)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
CVE-2012-4024 (Stack-based buffer overflow in the get_component function in ...)
	- squashfs-tools 1:4.2+20121212-1 (low; bug #683371)
	[squeeze] - squashfs-tools <no-dsa> (Minor issue)
	[wheezy] - squashfs-tools <no-dsa> (Minor issue)
CVE-2012-4023 (CRLF injection vulnerability in Pebble before 2.6.4 allows remote ...)
	NOT-FOR-US: Pebble blog
CVE-2012-4022 (Pebble before 2.6.4 allows remote attackers to trigger loss of ...)
	NOT-FOR-US: Pebble blog
CVE-2012-4021 (MosP kintai kanri before 4.1.0 does not properly perform ...)
	NOT-FOR-US: MosP kintai kanri
CVE-2012-4020 (MosP kintai kanri before 4.1.0 does not enforce privilege ...)
	NOT-FOR-US: MosP kintai kanri
CVE-2012-4019 (Cross-site scripting (XSS) vulnerability in tokyo_bbs.cgi in Come on ...)
	NOT-FOR-US: Come on Girls Interface (CGI) Tokyo BBS
CVE-2012-4018 (Cross-site scripting (XSS) vulnerability in Final Beta Laboratory ...)
	NOT-FOR-US: Final Beta Laboratory MyWebSearch
CVE-2012-4017 (The jigbrowser+ application before 1.5.0 for Android does not properly ...)
	NOT-FOR-US: Android application
CVE-2012-4016 (The ATOK application before 1.0.4 for Android allows remote attackers ...)
	NOT-FOR-US: Android application
CVE-2012-4015 (Cross-site scripting (XSS) vulnerability in the management screen in ...)
	NOT-FOR-US: My Little tool / My little admin SQL server 2000
CVE-2012-4014 (Unspecified vulnerability in McAfee Email Anti-virus (formerly ...)
	NOT-FOR-US: McAfee Email Anti-virus
CVE-2012-4013 (The WebView class in the Cybozu KUNAI Browser for Remote Service ...)
	NOT-FOR-US: Cybozu KUNAI Browser
CVE-2012-4012 (The WebView class in the Cybozu KUNAI application before 2.0.6 for ...)
	NOT-FOR-US: Cybozu KUNAI
CVE-2012-4011 (The Cybozu KUNAI application before 2.0.6 for Android allows remote ...)
	NOT-FOR-US: Cybozu KUNAI
CVE-2012-4010 (Opera before 11.60 allows remote attackers to spoof the address bar ...)
	NOT-FOR-US: Opera
CVE-2012-4009 (The WebView class in the Cybozu Live application 1.0.4 and earlier for ...)
	NOT-FOR-US: Cybozu Live
CVE-2012-4008 (The Cybozu Live application 1.0.4 and earlier for Android allows ...)
	NOT-FOR-US: Cybozu Live
CVE-2012-4007 (The mixi application before 4.3.0 for Android allows remote attackers ...)
	NOT-FOR-US: mixi application for Android
CVE-2012-4006 (The GREE application before 1.4.0, GREE Tanken Dorirando application ...)
	NOT-FOR-US: GREE application for Android
CVE-2012-4005 (The NHN Japan NAVER LINE application before 2.5.5 for Android does not ...)
	NOT-FOR-US: NHN Japan NAVER LINE
CVE-2012-4004 (Cross-site scripting (XSS) vulnerability in the Sleipnir Mobile ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2012-4003 (Multiple cross-site scripting (XSS) vulnerabilities in GLPI-PROJECT ...)
	- glpi 0.83.31-1 (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4002 (Cross-site request forgery (CSRF) vulnerability in GLPI-PROJECT GLPI ...)
	- glpi 0.83.31-1 (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: https://forge.indepnet.net/projects/glpi/versions/771
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/13/1
CVE-2012-4001 (The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server ...)
	NOT-FOR-US: mod_pagespeed
CVE-2012-4000 (Cross-site scripting (XSS) vulnerability in the print_textinputs_var ...)
	{DSA-2522-1}
	- fckeditor 1:2.6.6-3 (bug #683418)
	NOTE: http://disse.cting.org/2012/06/22/fckeditor-reflected-xss-vulnerability/
CVE-2012-3999 (Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky ...)
	NOT-FOR-US: Sticky Notes
CVE-2012-3998 (Multiple SQL injection vulnerabilities in Sticky Notes before ...)
	NOT-FOR-US: Sticky Notes
CVE-2012-3997 (Multiple cross-site scripting (XSS) vulnerabilities in Sticky Notes ...)
	NOT-FOR-US: Sticky Notes
CVE-2012-3996 (TikiWiki CMS/Groupware 8.3 and earlier allows remote attackers to ...)
	- tikiwiki <removed>
CVE-2012-3995 (The IsCSSWordSpacingSpace function in Mozilla Firefox before 16.0, ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3994 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3993 (The Chrome Object Wrapper (COW) implementation in Mozilla Firefox ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3992 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3991 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-3990 (Use-after-free vulnerability in the IME State Manager implementation ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-3989 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3988 (Use-after-free vulnerability in Mozilla Firefox before 16.0, Firefox ...)
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3987 (Mozilla Firefox before 16.0 on Android assigns chrome privileges to ...)
	- iceweasel <not-affected> (Android-specific)
CVE-2012-3986 (Mozilla Firefox before 16.0, Firefox ESR 10.x before 10.0.8, ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
CVE-2012-3985 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3984 (Mozilla Firefox before 16.0, Thunderbird before 16.0, and SeaMonkey ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3983 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2572-1 DSA-2569-1 DSA-2565-1}
	- iceweasel 10.0.8esr-1
	- icedove 10.0.9-1
	- iceape 2.7.9-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-4747 (Bugzilla 2.x and 3.x through 3.6.11, 3.7.x and 4.0.x before 4.0.8, ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785522
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=785511
CVE-2012-3981 (Auth/Verify/LDAP.pm in Bugzilla 2.x and 3.x before 3.6.11, 3.7.x and ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-3980 (The web console in Mozilla Firefox before 15.0, Firefox ESR 10.x ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3979 (Mozilla Firefox before 15.0 on Android does not properly implement ...)
	- iceweasel <not-affected> (Only affects Firefox for Android)
CVE-2012-3978 (The nsLocation::CheckURL function in Mozilla Firefox before 15.0, ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3977
	REJECTED
CVE-2012-3976 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, and ...)
	- iceweasel 10.0.7esr-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3975 (The DOMParser component in Mozilla Firefox before 15.0, Thunderbird ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3974 (Untrusted search path vulnerability in the installer in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox for Windows)
CVE-2012-3973 (The debugger in the developer-tools subsystem in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-3972 (The format-number functionality in the XSLT implementation in Mozilla ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3971 (Summer Institute of Linguistics (SIL) Graphite 2, as used in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-3970 (Use-after-free vulnerability in the nsTArray_base::Length function in ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3969 (Integer overflow in the nsSVGFEMorphologyElement::Filter function in ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3968 (Use-after-free vulnerability in the WebGL implementation in Mozilla ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3967 (The WebGL implementation in Mozilla Firefox before 15.0, Firefox ESR ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3966 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3965 (Mozilla Firefox before 15.0 does not properly restrict navigation to ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-3964 (Use-after-free vulnerability in the gfxTextRun::GetUserData function ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3963 (Use-after-free vulnerability in the js::gc::MapAllocToTraceKind ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3962 (Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3961 (Use-after-free vulnerability in the RangeData implementation in ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3960 (Use-after-free vulnerability in the ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3959 (Use-after-free vulnerability in the nsRangeUpdater::SelAdjDeleteNode ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-3958 (Use-after-free vulnerability in the ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3957 (Heap-based buffer overflow in the nsBlockFrame::MarkLineDirty function ...)
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3956 (Use-after-free vulnerability in the ...)
	- iceweasel <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- icedove <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
	- iceape <not-affected> (Vulnerable code not present in Firefox 10.x codebase)
CVE-2012-3955 (ISC DHCP 4.1.x before 4.1-ESV-R7 and 4.2.x before 4.2.4-P2 allows ...)
	{DSA-2551-1}
	- isc-dhcp 4.2.4-2
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3954 (Multiple memory leaks in ISC DHCP 4.1.x and 4.2.x before 4.2.4-P1 and ...)
	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
	- isc-dhcp 4.2.4-2 (bug #686174)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3953 (SQL injection vulnerability in admin/index.php in phpList before ...)
	NOT-FOR-US: phplist
CVE-2012-3952 (Cross-site scripting (XSS) vulnerability in admin/index.php in phpList ...)
	NOT-FOR-US: phplist
CVE-2012-3951 (The MySQL component in Plixer Scrutinizer (aka Dell SonicWALL ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3950 (The Intrusion Prevention System (IPS) feature in Cisco IOS 12.3 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3949 (The SIP implementation in Cisco Unified Communications Manager (CUCM) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2012-3948
	RESERVED
CVE-2012-3947
	RESERVED
CVE-2012-3946 (Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3945
	RESERVED
CVE-2012-3944
	RESERVED
CVE-2012-3943
	RESERVED
CVE-2012-3942
	RESERVED
CVE-2012-3941 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3940 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3939 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3938 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3937 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3936 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-3935 (Cisco Unified Presence (CUP) before 8.6(3) and Jabber Extensible ...)
	NOT-FOR-US: Cisco Unified Presence, Jabber Extensible Communications Platform
CVE-2012-3934
	RESERVED
CVE-2012-3933
	RESERVED
CVE-2012-3932
	RESERVED
CVE-2012-3931
	RESERVED
CVE-2012-3930
	RESERVED
CVE-2012-3929
	RESERVED
CVE-2012-3928
	RESERVED
CVE-2012-3927
	RESERVED
CVE-2012-3926
	RESERVED
CVE-2012-3925
	RESERVED
CVE-2012-3924 (The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3923 (The SSLVPN implementation in Cisco IOS 12.4, 15.0, 15.1, and 15.2, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3922
	RESERVED
CVE-2012-3921
	RESERVED
CVE-2012-3920
	RESERVED
CVE-2012-3919 (The Cisco Application Control Engine (ACE) module 3.0 for Cisco ...)
	NOT-FOR-US: Cisco Application Control Engine
CVE-2012-3918 (Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3917
	RESERVED
CVE-2012-3916
	RESERVED
CVE-2012-3915 (The DMVPN tunnel implementation in Cisco IOS 15.2 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3914
	RESERVED
CVE-2012-3913 (The Cisco VC220 and VC240 cameras allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2012-3912
	RESERVED
CVE-2012-3911
	RESERVED
CVE-2012-3910
	RESERVED
CVE-2012-3909
	RESERVED
CVE-2012-3908 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ISE ...)
	NOT-FOR-US: Cisco Identity Services Engine
CVE-2012-3907
	RESERVED
CVE-2012-3906
	RESERVED
CVE-2012-3905
	RESERVED
CVE-2012-3904
	RESERVED
CVE-2012-3903
	RESERVED
CVE-2012-3902
	RESERVED
CVE-2012-3901 (The updateTime function in sensorApp on Cisco IPS 4200 series sensors ...)
	NOT-FOR-US: Cisco IPS 4200
CVE-2012-3900
	RESERVED
CVE-2012-3899 (sensorApp on Cisco IPS 4200 series sensors 6.0, 6.2, and 7.0 does not ...)
	NOT-FOR-US: Cisco IPS 4200
CVE-2012-3898
	RESERVED
CVE-2012-3897
	RESERVED
CVE-2012-3896
	RESERVED
CVE-2012-3895 (Cisco IOS 15.0 through 15.3 allows remote authenticated users to cause ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3894
	RESERVED
CVE-2012-3893 (The FlexVPN implementation in Cisco IOS 15.2 and 15.3 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3892
	RESERVED
CVE-2012-3891
	RESERVED
CVE-2012-3890 (The in_mod plugin in Winamp before 5.63 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2012-3889 (The in_mod plugin in Winamp before 5.63 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2012-3888 (The login implementation in AirDroid 1.0.4 beta allows remote ...)
	NOT-FOR-US: AirDroid
CVE-2012-3887 (AirDroid before 1.0.7 beta uses a cleartext base64 format for data ...)
	NOT-FOR-US: AirDroid
CVE-2012-3886 (AirDroid 1.0.4 beta uses the MD5 algorithm for values in the ...)
	NOT-FOR-US: AirDroid
CVE-2012-3885 (The default configuration of AirDroid 1.0.4 beta uses a four-character ...)
	NOT-FOR-US: AirDroid
CVE-2012-3884 (AirDroid 1.0.4 beta implements authentication through direct ...)
	NOT-FOR-US: AirDroid
CVE-2012-3883
	RESERVED
CVE-2012-3882
	RESERVED
CVE-2012-3881 (Multiple SQL injection vulnerabilities in RTG 0.7.4 and RTG2 0.9.2 ...)
	NOT-FOR-US: RTG, RTG2
CVE-2012-3880
	RESERVED
CVE-2012-3879
	RESERVED
CVE-2012-3878
	REJECTED
CVE-2012-3877
	RESERVED
CVE-2012-3876
	RESERVED
CVE-2012-3875
	RESERVED
CVE-2012-3874
	RESERVED
CVE-2012-3873 (Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3872 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3871 (Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3870 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Open Constructor
CVE-2012-3869 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: REDAXO
CVE-2012-3868 (Race condition in the ns_client structure management in ISC BIND 9.9.x ...)
	NOTE: https://kb.isc.org/article/AA-00730
	- bind9 <not-affected> (Vulnerable code not present, only affects 9.9.x)
	- isc-dhcp <not-affected> (embeds bind 9.8.x; this issue only affects 9.9.x)
CVE-2012-3867 (lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3866 (lib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3865 (Directory traversal vulnerability in lib/puppet/reports/store.rb in ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3864 (Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise ...)
	{DSA-2511-1}
	- puppet 2.7.18-1
CVE-2012-3862
	RESERVED
CVE-2012-3861
	RESERVED
CVE-2012-3860
	RESERVED
CVE-2012-3859 (Unspecified vulnerability in the WebAdmin Portal in Netsweeper has ...)
	NOT-FOR-US: Netsweeper WebAdmin Portal
CVE-2012-3858
	RESERVED
CVE-2012-3857
	RESERVED
CVE-2012-3856
	RESERVED
CVE-2012-3855
	RESERVED
CVE-2012-3854
	RESERVED
CVE-2012-3853
	RESERVED
CVE-2012-3852
	RESERVED
CVE-2012-3851
	RESERVED
CVE-2012-3850
	RESERVED
CVE-2012-3849
	RESERVED
CVE-2012-3848 (Multiple cross-site scripting (XSS) vulnerabilities in the web console ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-3863 (channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1
CVE-2012-3847 (slssvc.exe in Invensys Wonderware SuiteLink in Invensys InTouch 2012 ...)
	NOT-FOR-US: Windows utility
CVE-2012-3846 (Cross-site scripting (XSS) vulnerability in index.php in PHP-pastebin ...)
	NOT-FOR-US: php-pastebin not in Debian
CVE-2012-3845 (Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote ...)
	NOT-FOR-US: LAN Messenger not in Debian
CVE-2012-3844 (Cross-site scripting (XSS) vulnerability in vBulletin 4.1.12 allows ...)
	NOT-FOR-US: vBulletin not in Debian
CVE-2012-3843 (Cross-site scripting (XSS) vulnerability in the registration page in ...)
	NOT-FOR-US: e107 not in Debian
CVE-2012-3842 (Multiple cross-site scripting (XSS) vulnerabilities in CMD_DOMAIN in ...)
	NOT-FOR-US: DirectAdmin not in Debian
CVE-2012-3841 (Untrusted search path vulnerability in KMPlayer 3.2.0.19 allows local ...)
	NOT-FOR-US: KMPlayer not in Debian (not the KDE interface to mplayer)
CVE-2012-3840 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: MyClientBase not in Debian
CVE-2012-3839 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: MyClientBase not in Debian
CVE-2012-3838 (Gekko before 1.2.0 allows remote attackers to obtain the installation ...)
	NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3837 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3836 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko ...)
	NOT-FOR-US: Baby Gekko not in Debian
CVE-2012-3835 (Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open ...)
	NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map)
CVE-2012-3834 (SQL injection vulnerability in forensics/base_qry_main.php in ...)
	NOT-FOR-US: OSSIM not in Debian (different from Open Source Software Image Map)
CVE-2012-3833 (Cross-site scripting (XSS) vulnerability in the default index page in ...)
	NOT-FOR-US: Quick.CMS not in Debian
CVE-2012-3832 (Cross-site scripting (XSS) vulnerability in decoda/Decoda.php in ...)
	NOT-FOR-US: Decoda not in Debian
CVE-2012-3831 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
	NOT-FOR-US: Decoda not in Debian
CVE-2012-3830 (Cross-site scripting (XSS) vulnerability in decoda/templates/video.php ...)
	NOT-FOR-US: Decoda not in Debian
CVE-2012-3829 (Joomla! 2.5.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: Joomla
CVE-2012-3828 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.3 allows ...)
	NOT-FOR-US: Joomla
CVE-2012-3827
	RESERVED
CVE-2011-5096 (Stack-based buffer overflow in cstore.exe in the Media Application ...)
	NOT-FOR-US: Avaya Aura Application Server
CVE-2012-3826 (Multiple integer underflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
	- wireshark 1.6.8-1 (unimportant)
	[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
	NOTE: not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
	NOTE: leftover of CVE-2012-2392
CVE-2012-3825 (Multiple integer overflows in Wireshark 1.4.x before 1.4.13 and 1.6.x ...)
	- wireshark 1.6.8-1 (unimportant)
	[squeeze] - wireshark <not-affected> (vulnerable code appeared in 1.4/1.6)
	NOTE: not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125
	NOTE: leftover of CVE-2012-2392
CVE-2012-3824
	RESERVED
CVE-2012-3823
	RESERVED
CVE-2012-3822
	RESERVED
CVE-2012-3821
	RESERVED
CVE-2012-3820 (Multiple SQL injection vulnerabilities in Campaign11.exe in Arial ...)
	NOT-FOR-US: Arial Software Campaign Enterprise
CVE-2012-3819 (Stack consumption vulnerability in dartwebserver.dll 1.9 and earlier, ...)
	NOT-FOR-US: dartwebserver.dll
CVE-2012-3818 (The fpm exporter in Revelation 0.4.13-2 and earlier encrypts the ...)
	- revelation 0.4.13-1.2 (bug #680059)
	[squeeze] - revelation <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-3818
	NOTE: http://knoxin.blogspot.co.uk/2012/06/revelation-password-manager-considered.html
	NOTE: http://als.regnet.cz/fpm2/feedback/2
CVE-2012-3817 (ISC BIND 9.4.x, 9.5.x, 9.6.x, and 9.7.x before 9.7.6-P2; 9.8.x before ...)
	{DSA-2517-1}
	- bind9 1:9.8.1.dfsg.P1-4.2 (bug #683259)
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
	NOTE: https://kb.isc.org/article/AA-00729
CVE-2012-XXXX [packagekit insecure temp file]
	- packagekit 0.7.6-1 (bug #678189)
CVE-2012-3816 (WinRadius Server 2009 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinRadius
CVE-2012-3815 (Buffer overflow in RunTime.exe in Sielco Sistemi Winlog Pro SCADA ...)
	NOT-FOR-US: Sielco Sistemi Winlog
CVE-2012-3814 (Unrestricted file upload vulnerability in font-upload.php in the Font ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3813
	RESERVED
CVE-2012-3812 (Double free vulnerability in apps/app_voicemail.c in Asterisk Open ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
CVE-2012-3811 (Unrestricted file upload vulnerability in ImageUpload.ashx in the ...)
	NOT-FOR-US: Avaya IP Office Customer Call Reporter
CVE-2012-3810
	RESERVED
CVE-2012-3809
	RESERVED
CVE-2012-3808
	RESERVED
CVE-2012-3807
	RESERVED
CVE-2012-3806
	RESERVED
CVE-2012-3805 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Kajona
CVE-2012-3804
	RESERVED
CVE-2012-3803
	RESERVED
CVE-2012-3802 (Unspecified vulnerability in the Post Affiliate Pro (PAP) module for ...)
	NOT-FOR-US: Drupal module
CVE-2012-3801
	REJECTED
CVE-2012-3800 (Cross-site scripting (XSS) vulnerability in og.js in the Organic ...)
	NOT-FOR-US: Drupal module
CVE-2012-3799 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal module
CVE-2012-3798 (The Janrain Capture module 6.x-1.0 and 7.x-1.0 for Drupal, when ...)
	NOT-FOR-US: Drupal module
CVE-2012-3797 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3796 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3795 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3794 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3793 (Integer overflow in Pro-face WinGP PC Runtime 3.1.00 and earlier, and ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3792 (Pro-face WinGP PC Runtime 3.1.00 and earlier, and ProServr.exe in ...)
	NOT-FOR-US: Pro-face WinGP PC Runtime
CVE-2012-3791 (Multiple SQL injection vulnerabilities in Simple Web Content ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2012-3790 (Cross-site scripting (XSS) vulnerability in index.php in Adiscon ...)
	NOT-FOR-US: Adiscon LogAnalyzer
CVE-2011-5095 (The Diffie-Hellman key-exchange implementation in OpenSSL 0.9.8, when ...)
	- openssl 0.9.8a-1 (bug #684527)
	NOTE: fips version not used in Debian
CVE-2012-3789 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.7rc3, ...)
	- bitcoin 0.5.0~rc1-1
CVE-2012-3788
	RESERVED
CVE-2012-3787
	RESERVED
CVE-2012-3786
	RESERVED
CVE-2012-3785
	RESERVED
CVE-2012-3784
	RESERVED
CVE-2012-3783
	RESERVED
CVE-2012-3782
	RESERVED
CVE-2012-3781
	RESERVED
CVE-2012-3780
	RESERVED
CVE-2012-3779
	RESERVED
CVE-2012-3778
	RESERVED
CVE-2012-3777
	RESERVED
CVE-2012-3776
	RESERVED
CVE-2012-3775
	RESERVED
CVE-2012-3774
	RESERVED
CVE-2012-3773
	RESERVED
CVE-2012-3772
	RESERVED
CVE-2012-3771
	RESERVED
CVE-2012-3770
	RESERVED
CVE-2012-3769
	RESERVED
CVE-2012-3768
	RESERVED
CVE-2012-3767
	RESERVED
CVE-2012-3766
	RESERVED
CVE-2012-3765
	RESERVED
CVE-2012-3764
	RESERVED
CVE-2012-3763
	RESERVED
CVE-2012-3762
	RESERVED
CVE-2012-3761
	RESERVED
CVE-2012-3760
	RESERVED
CVE-2012-3759
	RESERVED
CVE-2012-3758 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
	NOT-FOR-US: QuickTime
CVE-2012-3757 (Apple QuickTime before 7.7.3 allows remote attackers to execute ...)
	NOT-FOR-US: QuickTime
CVE-2012-3756 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
	NOT-FOR-US: QuickTime
CVE-2012-3755 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
	NOT-FOR-US: QuickTime
CVE-2012-3754 (Use-after-free vulnerability in the Clear method in the ActiveX ...)
	NOT-FOR-US: QuickTime
CVE-2012-3753 (Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows ...)
	NOT-FOR-US: QuickTime
CVE-2012-3752 (Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote ...)
	NOT-FOR-US: QuickTime
CVE-2012-3751 (Use-after-free vulnerability in the plugin in Apple QuickTime before ...)
	NOT-FOR-US: QuickTime
CVE-2012-3750 (The Passcode Lock implementation in Apple iOS before 6.0.1 does not ...)
	NOT-FOR-US: iOS
CVE-2012-3749 (The extensions APIs in the kernel in Apple iOS before 6.0.1 provide ...)
	NOT-FOR-US: iOS
CVE-2012-3748 (Race condition in WebKit in Apple iOS before 6.0.1 and Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3747 (WebKit, as used in Apple iOS before 6, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3746 (UIWebView in UIKit in Apple iOS before 6 does not properly use the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3745 (Off-by-one error in Telephony in Apple iOS before 6 allows remote ...)
	NOT-FOR-US: Telephony in Apple iOS
CVE-2012-3744 (Telephony in Apple iOS before 6 uses an SMS message's return address ...)
	NOT-FOR-US: Telephony in Apple iOS
CVE-2012-3743 (The System Logs implementation in Apple iOS before 6 does not restrict ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3742 (Safari in Apple iOS before 6 does not properly restrict use of an ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3741 (The Restrictions (aka Parental Controls) implementation in Apple iOS ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3740 (The Passcode Lock implementation in Apple iOS before 6 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3739 (The Passcode Lock implementation in Apple iOS before 6 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3738 (The Emergency Dialer screen in the Passcode Lock implementation in ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3737 (The Passcode Lock implementation in Apple iOS before 6 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3736 (The Passcode Lock implementation in Apple iOS before 6 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3735 (The Passcode Lock implementation in Apple iOS before 6 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3734 (Office Viewer in Apple iOS before 6 writes cleartext document data to ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3733 (Messages in Apple iOS before 6, when multiple iMessage e-mail ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3732 (Mail in Apple iOS before 6 uses an S/MIME message's From address as ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3731 (Mail in Apple iOS before 6 does not properly implement the Data ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3730 (Mail in Apple iOS before 6 does not properly handle reuse of ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3729 (The Berkeley Packet Filter (BPF) interpreter implementation in the ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3728 (The kernel in Apple iOS before 6 dereferences invalid pointers during ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3727 (Buffer overflow in the IPsec component in Apple iOS before 6 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3726 (Double free vulnerability in ImageIO in Apple iOS before 6 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3725 (The DNAv4 protocol implementation in the DHCP component in Apple iOS ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3724 (CFNetwork in Apple iOS before 6 does not properly identify the host ...)
	NOT-FOR-US: Apple iOS
CVE-2012-3723 (Apple Mac OS X before 10.7.5 does not properly handle the bNbrPorts ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3722 (The Sorenson codec in QuickTime in Apple Mac OS X before 10.7.5, and ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2012-3721 (Profile Manager in Apple Mac OS X before 10.7.5 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3720 (Mobile Accounts in Apple Mac OS X before 10.7.5 and 10.8.x before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3719 (Mail in Apple Mac OS X before 10.7.5 does not properly handle embedded ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3718 (Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3717
	RESERVED
CVE-2012-3716 (CoreText in Apple Mac OS X 10.7.x before 10.7.5 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-3715 (Apple Safari before 6.0.1 makes http requests for https URIs in ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3714 (The Form Autofill feature in Apple Safari before 6.0.1 does not ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3713 (Apple Safari before 6.0.1 does not properly handle the Quarantine ...)
	NOT-FOR-US: Apple Safari / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3712 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3711 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3710 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3709 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3708 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3707 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3706 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3705 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3704 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3703 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3702 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3701 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3700 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3699 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3698 (Apple Xcode before 4.4 does not properly compose a designated ...)
	NOT-FOR-US: Apple Xcode
CVE-2012-3697 (WebKit in Apple Safari before 6.0 does not properly handle file: URLs, ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3696 (CRLF injection vulnerability in WebKit in Apple Safari before 6.0 ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3694 (WebKit in Apple Safari before 6.0 does not properly handle ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3693 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3692 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3691 (WebKit in Apple Safari before 6.0 does not properly handle Cascading ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3690 (WebKit in Apple Safari before 6.0 does not properly handle ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3689 (WebKit in Apple Safari before 6.0 does not properly handle ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3688 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3687 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3686 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3685 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3684 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3681 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3680 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3679 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3678 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3677 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3676 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3675 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3674 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3673 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3672 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3671 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3670 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3669 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3668 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3667 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3666 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3665 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3664 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3663 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3662
	RESERVED
CVE-2012-3661 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3660 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3659 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3658 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3657 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3656 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3655 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3654 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3653 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3652 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3651 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3650 (WebKit in Apple Safari before 6.0 accesses uninitialized memory ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3649 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3648 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3647 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3646 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3645 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3644 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3643 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3642 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3641 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3640 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3639 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3638 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3637 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3636 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3635 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3634 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3633 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3632 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3631 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3630 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3629 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3628 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3627 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3626 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3625 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3624 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3623 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3622 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3621 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3620 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3619
	RESERVED
CVE-2012-3618 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3617 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3616 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3615 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3614 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3613 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3612 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3611 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3610 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3609 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3608 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3607 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3606 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3605 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3604 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3603 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3602 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3601 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3600 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3599 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3598 (WebKit, as used in Apple iTunes before 10.7, allows remote attackers ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3597 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3596 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3595 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3594 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3593 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3592 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3591 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3590 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3589 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes / Safari; if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-3588 (Directory traversal vulnerability in preview.php in the Plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3587 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
	- apt 0.7.25 (unimportant)
	NOTE: net-update is disabled by default on Debian
CVE-2012-3586
	RESERVED
CVE-2012-3585 (Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) ...)
	NOT-FOR-US: IrfanView PlugIns
CVE-2012-3584
	RESERVED
CVE-2012-3583
	REJECTED
CVE-2012-3582 (Symantec PGP Universal Server 3.2.x before 3.2.1 MP2 does not properly ...)
	NOT-FOR-US: Symantec PGP Universal Server
CVE-2012-3581 (Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3580 (Symantec Messaging Gateway (SMG) before 10.0 allows remote ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3579 (Symantec Messaging Gateway (SMG) before 10.0 has a default password ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-3578 (Unrestricted file upload vulnerability in html/Upload.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3577 (Unrestricted file upload vulnerability in doupload.php in the Nmedia ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3576 (Unrestricted file upload vulnerability in php/upload.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3575 (Unrestricted file upload vulnerability in uploader.php in the RBX ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3574 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-3573
	REJECTED
CVE-2012-3572 (Open Source Competency Center (OSCC) MyMeeting 3.0.1 and earlier, and ...)
	NOT-FOR-US: Open Source Competency Center (OSCC) MyMeeting
CVE-2011-5094 (** DISPUTED ** Mozilla Network Security Services (NSS) 3.x, with ...)
	NOTE: Disputed NSS issue
CVE-2012-3571 (ISC DHCP 4.1.2 through 4.2.4 and 4.1-ESV before 4.1-ESV-R6 allows ...)
	{DSA-2519-2 DSA-2519-1 DSA-2516-1}
	- isc-dhcp 4.2.4-2 (bug #686174)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3570 (Buffer overflow in ISC DHCP 4.2.x before 4.2.4-P1, when DHCPv6 mode is ...)
	- isc-dhcp 4.2.4-2 (bug #686174)
	[squeeze] - isc-dhcp <not-affected> (Vulnerable code not present)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u1
CVE-2012-3569 (Format string vulnerability in VMware OVF Tool 2.1 on Windows, as used ...)
	NOT-FOR-US: VMware OVF Tool
CVE-2012-3568 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2012-3567 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2012-3566 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...)
	NOT-FOR-US: Opera
CVE-2012-3565 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2012-3564 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2012-3563 (Opera before 12.00 Beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2012-3562 (Opera before 12.00 Beta allows user-assisted remote attackers to cause ...)
	NOT-FOR-US: Opera
CVE-2012-3561 (Opera before 11.64 does not properly allocate memory for URL strings, ...)
	NOT-FOR-US: Opera
CVE-2012-3560 (Opera before 11.65 does not ensure that the address field corresponds ...)
	NOT-FOR-US: Opera
CVE-2012-3559 (Unspecified vulnerability in Opera before 12.00 on Mac OS X has ...)
	NOT-FOR-US: Opera
CVE-2012-3558 (Opera before 11.65 does not ensure that the address field corresponds ...)
	NOT-FOR-US: Opera
CVE-2012-3557 (Opera before 11.65 does not properly restrict the reading of JSON ...)
	NOT-FOR-US: Opera
CVE-2012-3556 (Opera before 11.65 does not properly restrict the opening of a pop-up ...)
	NOT-FOR-US: Opera
CVE-2012-3555 (Opera before 11.65 does not ensure that keyboard sequences are ...)
	NOT-FOR-US: Opera
CVE-2012-3554 (SQL injection vulnerability in the RSGallery2 (com_rsgallery2) ...)
	NOT-FOR-US: Joomla addon
CVE-2012-3552 (Race condition in the IP implementation in the Linux kernel before 3.0 ...)
	{DSA-2668-1}
	- linux 3.0-1
	- linux-2.6 <removed>
CVE-2012-3551 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Crowbar
CVE-2012-3550
	REJECTED
CVE-2012-3549 (The SCTP implementation in FreeBSD 8.2 allows remote attackers to ...)
	- kfreebsd-8 8.3-5 (bug #686961)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	- kfreebsd-9 9.0-7 (bug #686962)
	- kfreebsd-10 10.0~svn242489-1 (bug #686963)
	NOTE: http://www.exploit-db.com/exploits/20226/
CVE-2012-3548 (The dissect_drda function in epan/dissectors/packet-drda.c in ...)
	- wireshark 1.8.2-2 (unimportant; bug #686225)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: Doesn't allow code injection
	NOTE: debian changelog contains CVE-2012-5239, but this was rejected in favour of CVE-2012-3548
CVE-2012-3547 (Stack-based buffer overflow in the cbtls_verify function in FreeRADIUS ...)
	{DSA-2546-1}
	- freeradius 2.1.12+dfsg-1.1 (medium; bug #687175)
CVE-2012-3546 (org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before ...)
	- tomcat7 7.0.28-4 (bug #695251)
	- tomcat6 6.0.35-6 (bug #695250)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
CVE-2012-3545
	REJECTED
CVE-2012-3544 (Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not ...)
	{DSA-2897-1 DSA-2725-1}
	- tomcat6 6.0.37
	- tomcat7 7.0.30
CVE-2012-3543
	RESERVED
	- mono 2.10.8.1-7 (bug #686562)
	[squeeze] - mono <no-dsa> (Minor issue)
CVE-2012-3542 (OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and ...)
	- keystone 2012.1.1-5
CVE-2012-3541
	REJECTED
CVE-2012-3540 (Open redirect vulnerability in views/auth_forms.py in OpenStack ...)
	- horizon 2012.1.1-4 (bug #686050)
CVE-2012-3539
	REJECTED
CVE-2012-3538 (Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in ...)
	NOT-FOR-US: Red Hat CloudForms
CVE-2012-3537 (The Crowbar Ohai plugin ...)
	NOT-FOR-US: crowbar ohai plugin
	NOTE: https://github.com/SUSE-Cloud/barclamp-deployer/commit/b6454268a067fc77ff5de82057b5b53b3cc38b87
CVE-2012-3536 (Two XSS vulnerabilities were fixed in message list and view in the ...)
	NOT-FOR-US: Apache James
CVE-2012-3535 (Heap-based buffer overflow in OpenJPEG 1.5.0 and earlier allows remote ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.6 (bug #685970)
CVE-2012-3534 (GNU Gatekeeper before 3.1 does not limit the number of connections to ...)
	- gnugk 2:3.0.2-3 (low; bug #685969)
	[squeeze] - gnugk <no-dsa> (Minor issue)
CVE-2012-3533 (The python SDK before 3.1.0.6 and CLI before 3.1.0.8 for oVirt 3.1 ...)
	NOT-FOR-US: ovirt
CVE-2012-3532 (Cross-site request forgery (CSRF) vulnerability in the GateIn Portal ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3531 (Cross-site scripting (XSS) vulnerability in the Install Tool in TYPO3 ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3530 (Incomplete blacklist vulnerability in the t3lib_div::quoteJSvalue API ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3529 (The configuration module in the backend in TYPO3 4.5.x before 4.5.19, ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3528 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3527 (view_help.php in the backend help system in TYPO3 4.5.x before 4.5.19, ...)
	{DSA-2537-1}
	- typo3-src 4.5.19+dfsg1-1 (bug #685011)
CVE-2012-3526 (The reverse proxy add forward module (mod_rpaf) 0.5 and 0.6 for the ...)
	{DSA-2532-1}
	- libapache2-mod-rpaf 0.6-1 (bug #683984)
CVE-2012-3525 (s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a ...)
	- jabberd2 2.2.17-1 (bug #685666)
CVE-2012-3524 (libdbus 1.5.x and earlier, when used in setuid or other privileged ...)
	- dbus 1.6.8-1 (bug #689070)
	[squeeze] - dbus 1.2.24-4+squeeze2
	- glib2.0 2.33.12+really2.32.4-2
	[squeeze] - glib2.0 <not-affected> (Vulnerable code not present)
	NOTE: fixed in 2.34.0-1 from experimental
	NOTE: http://www.openwall.com/lists/oss-security/2012/09/12/6
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=697105
	NOTE: http://stealth.openwall.net/null/dzug.c
CVE-2012-3523 (The STARTTLS implementation in nnrpd in INN before 2.5.3 does not ...)
	- inn <not-affected> (STARTTLS was introduced in 2.3, see bug #685581)
	- inn2 2.5.3-1 (low; bug #685581)
	[squeeze] - inn2 <no-dsa> (Minor issue)
CVE-2012-3522 (Cross-site scripting (XSS) vulnerability in contrib/langwiz.php in ...)
	- geshi <not-affected> (Vulnerable code not present, see bug #685323)
	[squeeze] - geshi <no-dsa> (shipped as example/.gz)
CVE-2012-3521 (Multiple directory traversal vulnerabilities in the cssgen contrib ...)
	- geshi 1.0.8.4-2 (bug #685324)
	[squeeze] - geshi 1.0.8.4-1+squeeze1
CVE-2012-3520 (The Netlink implementation in the Linux kernel before 3.2.30 does not ...)
	- linux 3.2.29-1
	- linux-2.6 <not-affected> (Introduced in 3.1)
CVE-2012-3519 (routerlist.c in Tor before 0.2.2.38 uses a different amount of time ...)
	{DSA-2548-1}
	- tor 0.2.3.20-rc-1 (low)
CVE-2012-3518 (The networkstatus_parse_vote_from_string function in routerparse.c in ...)
	{DSA-2548-1}
	- tor 0.2.3.20-rc-1 (low)
CVE-2012-3517 (Use-after-free vulnerability in dns.c in Tor before 0.2.2.38 might ...)
	{DLA-17-1}
	- tor 0.2.3.20-rc-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-3516 (The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall ...)
	- xen <not-affected> (Only affects >= 4.2)
CVE-2012-3515 (Qemu, as used in Xen 4.0, 4.1 and possibly other products, when ...)
	{DSA-2545-1 DSA-2543-1 DSA-2542-1}
	- xen 4.1.3-2 (bug #686764)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
	- xen-qemu-dm-4.0 <removed>
	- qemu 1.1.2+dfsg-1
	- qemu-kvm 1.1.2+dfsg-1
CVE-2012-3514 (OCaml Xml-Light Library before r234 computes hash values without ...)
	- xml-light 2.2-15 (low; bug #685584)
	[squeeze] - xml-light <no-dsa> (Minor issue)
CVE-2012-3513 (munin-cgi-graph in Munin before 2.0.6, when running as a CGI module ...)
	- munin 2.0.6-1 (bug #684076)
	[squeeze] - munin <not-affected> (vulnerable code introduced in 2.x)
	NOTE: http://www.munin-monitoring.org/ticket/1238
CVE-2012-3512 (Munin before 2.0.6 stores plugin state files that run as root in the ...)
	{DLA-20-1}
	- munin 2.0.6-1 (bug #684075)
	[squeeze] - munin 1.4.5-3+deb6u1
	NOTE: http://www.munin-monitoring.org/ticket/1234
CVE-2012-3511 (Multiple race conditions in the madvise_remove function in ...)
	- linux 3.2.23-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-47
CVE-2012-3510 (Use-after-free vulnerability in the xacct_add_tsk function in ...)
	- linux 2.6.20-1
	- linux-2.6 2.6.20-1
CVE-2012-3509 (Multiple integer overflows in the (1) _objalloc_alloc function in ...)
	{DLA-324-1}
	- binutils 2.22-8 (low; bug #688951)
CVE-2012-4668 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 ...)
	- roundcube 0.7.2-4 (bug #685475)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://trac.roundcube.net/ticket/1488613
CVE-2012-3508 (Cross-site scripting (XSS) vulnerability in program/lib/washtml.php in ...)
	- roundcube 0.7.2-4 (bug #685475)
	[squeeze] - roundcube <not-affected> (Vulnerable code not present)
	NOTE: http://trac.roundcube.net/ticket/1488613
CVE-2012-3507 (Cross-site scripting (XSS) vulnerability in ...)
	- roundcube <not-affected> (only affects rc versions of 0.8)
	NOTE: http://trac.roundcube.net/ticket/1488519
CVE-2012-3506 (Unspecified vulnerability in the Apache Open For Business Project (aka ...)
	NOT-FOR-US: OFBiz
CVE-2012-3505 (Tinyproxy 1.8.3 and earlier allows remote attackers to cause a denial ...)
	{DSA-2564-1}
	- tinyproxy 1.8.3-3 (bug #685281)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tinyproxy/+bug/1036985
CVE-2012-3504 (The nssconfigFound function in genkey.pl in crypto-utils 2.4.1-34 ...)
	NOT-FOR-US: genkey script from Red Hat, not present in Debian
CVE-2012-3503 (The installation script in Katello 1.0 and earlier does not properly ...)
	NOT-FOR-US: Katello
CVE-2012-3502 (The proxy functionality in (1) mod_proxy_ajp.c in the mod_proxy_ajp ...)
	- apache2 <not-affected> (Only affects 2.4 from experimental)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=53727
CVE-2012-3501 (The squidclamav_check_preview_handler function in squidclamav.c in ...)
	- squidclamav <removed> (bug #685398)
CVE-2012-3500 (scripts/annotate-output.sh in devscripts before 2.12.2, as used in ...)
	{DSA-2549-1}
	- devscripts 2.12.2
CVE-2012-3499 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP ...)
	{DSA-2637-1}
	- apache2 2.2.22-13 (low)
CVE-2012-3498 (PHYSDEVOP_map_pirq in Xen 4.1 and 4.2 and Citrix XenServer 6.0.2 and ...)
	- xen 4.1.3-2 (bug #686764)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2012-3497 ((1) TMEMC_SAVE_GET_CLIENT_WEIGHT, (2) TMEMC_SAVE_GET_CLIENT_CAP, (3) ...)
	- xen 4.1.4-1 (unimportant; bug #686764)
	[squeeze] - xen <no-dsa> (Experimental/unsupported feature)
	NOTE: TMEM not supported for production systems (technology preview)
CVE-2012-3496 (XENMEM_populate_physmap in Xen 4.0, 4.1, and 4.2, and Citrix XenServer ...)
	{DSA-2544-1}
	- xen 4.1.3-2 (bug #686764)
CVE-2012-3495 (The physdev_get_free_pirq hypercall in arch/x86/physdev.c in Xen 4.1.x ...)
	- xen 4.1.3-2 (bug #686764)
	[squeeze] - xen <not-affected> (Vulnerable code not present)
CVE-2012-3494 (The set_debugreg hypercall in include/asm-x86/debugreg.h in Xen 4.0, ...)
	{DSA-2544-1}
	- xen 4.1.3-2 (bug #686764)
CVE-2012-3493 (The command_give_request_ad function in condor_startd.V6/command.cpp ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3492 (The filesystem authentication (condor_io/condor_auth_fs.cpp) in Condor ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3491 (src/condor_schedd.V6/schedd.cpp in Condor 7.6.x before 7.6.10 and ...)
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3490
	RESERVED
	- condor 7.8.2~dfsg.1-1+deb7u1 (bug #688210)
CVE-2012-3489 (The xml_parse function in the libxml2 support in the core server ...)
	{DSA-2534-1}
	- postgresql-9.1 9.1.5-1
	- postgresql-8.4 8.4.12-2
CVE-2012-3488 (The libxslt support in contrib/xml2 in PostgreSQL 8.3 before 8.3.20, ...)
	{DSA-2534-1}
	- postgresql-9.1 9.1.5-1
	- postgresql-8.4 8.4.12-2
CVE-2012-3487 (Race condition in Tunnelblick 3.3beta20 and earlier allows local users ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3486 (Tunnelblick 3.3beta20 and earlier allows local users to gain ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3485 (Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3484 (Tunnelblick 3.3beta20 and earlier relies on a test for specific ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3483 (Race condition in the runScript function in Tunnelblick 3.3beta20 and ...)
	NOT-FOR-US: Tunnelblick
CVE-2012-3482 (Fetchmail 5.0.8 through 6.3.21, when using NTLM authentication in ...)
	- fetchmail 6.3.22-1 (low)
	[wheezy] - fetchmail <no-dsa> (Minor issue)
	[squeeze] - fetchmail <no-dsa> (Minor issue)
CVE-2012-3481 (Integer overflow in the ReadImage function in ...)
	- gimp 2.8.2-1 (bug #685397)
	[squeeze] - gimp 2.6.10-1+squeeze4
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/20/8
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=776572
CVE-2012-3480 (Multiple integer overflows in the (1) strtod, (2) strtof, (3) strtold, ...)
	{DLA-165-1}
	- eglibc 2.13-36 (bug #684889)
	- glibc 2.13-36
CVE-2012-3479 (lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically ...)
	{DSA-2603-1}
	- emacs23 23.4+1-4 (bug #684695)
	- emacs24 24.2+1-1 (bug #684694)
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/13/2
CVE-2012-3478 (rssh 2.3.3 and earlier allows local users to bypass intended ...)
	{DSA-2530-1}
	- rssh 2.3.3-5
CVE-2012-3477 (SQL injection vulnerability in signup_check.php in NeoInvoice allows ...)
	NOT-FOR-US: Neoinvoice
CVE-2012-3476 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3475 (The installer in the Ushahidi Platform before 2.5 omits certain calls ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3474 (The comments API in ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3473 (The (1) reports API and (2) administration feature in the comments API ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3472 (The email API in application/libraries/api/MY_Email_Api_Object.php in ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3471 (Multiple SQL injection vulnerabilities in the edit functions in (1) ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3470 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3469 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3468 (Multiple SQL injection vulnerabilities in the Ushahidi Platform before ...)
	NOT-FOR-US: Ushahidi
CVE-2012-3467 (Apache QPID 0.14, 0.16, and earlier uses a NullAuthenticator mechanism ...)
	- qpid-cpp 0.16-7 (bug #684456)
	[wheezy] - qpid-cpp 0.16-6+deb7u1
CVE-2012-3466 (GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set ...)
	- gnome-keyring 3.4.1-5 (bug #683655)
	[squeeze] - gnome-keyring <not-affected> (Only affects gnome-keyring 3.4.x)
CVE-2012-3465 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2655-1}
	- rails 2.3.14.1 (low)
	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-3464 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2655-1}
	- rails 2.3.14.1 (low)
	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
	NOTE: Starting with 2.3.14.1 rails is a transition package
CVE-2012-3463 (Cross-site scripting (XSS) vulnerability in ...)
	- rails <not-affected> (Only affects RoR 3.x)
	- ruby-actionpack-3.2 3.2.6-4 (bug #684454)
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/09/8
CVE-2012-3462
	RESERVED
CVE-2012-3461 (The (1) otrl_base64_otr_decode function in src/b64.c; (2) ...)
	{DSA-2526-1}
	- libotr 3.2.1-1 (medium; bug #684121)
CVE-2012-3460
	RESERVED
	NOT-FOR-US: Cumin
CVE-2012-3459 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
	NOT-FOR-US: Cumin
CVE-2012-3458 (Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES ...)
	{DSA-2541-1}
	- beaker 1.6.3-1.1 (bug #684890)
CVE-2012-3457 (PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for ...)
	- pnp4nagios <unfixed> (unimportant; bug #683879)
	NOTE: The permissions of this file are under the control of the admin
CVE-2012-3456 (Heap-based buffer overflow in the read function in ...)
	- calligra 1:2.4.3-2 (bug #684004)
	- wv2 0.4.2.dfsg.1-9.1 (low)
	[squeeze] - wv2 <no-dsa> (Minor issue)
CVE-2012-3455 (Heap-based buffer overflow in the read function in ...)
	- koffice <removed> (low)
	[squeeze] - koffice <no-dsa> (Minor issue)
CVE-2012-3454 (eXtplorer 2.1.0b6 uses world writable permissions for the ...)
	- extplorer 2.1.0b6+dfsg.3-4 (low; bug #683649)
	[squeeze] - extplorer <no-dsa> (Minor issue)
CVE-2012-3453 (logol 1.5.0 uses world writable permissions for the ...)
	- logol 1.5.0-4 (bug #683647)
CVE-2012-3452 (gnome-screensaver 3.4.x before 3.4.4 and 3.5.x before 3.5.4, when ...)
	- gnome-screensaver <not-affected> (vulnerable code not present)
CVE-2012-3451 (Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 ...)
	NOT-FOR-US: Apache CXF
CVE-2012-3450 (pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x ...)
	{DSA-2527-1}
	- php5 5.4.4-1 (bug #683694)
	NOTE: http://seclists.org/bugtraq/2012/Jun/60
	NOTE: https://bugs.php.net/bug.php?id=61755
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/3
	NOTE: http://www.openwall.com/lists/oss-security/2012/08/02/7
CVE-2012-3449 (Open vSwitch 1.4.2 uses world writable permissions for (1) ...)
	- openvswitch 1.4.2+git20120612-8 (bug #683665)
CVE-2012-3448 (Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote ...)
	{DSA-2610-1}
	- ganglia 3.3.8-1 (bug #683584)
CVE-2012-3447 (virt/disk/api.py in OpenStack Compute (Nova) 2012.1.x before 2012.1.2 ...)
	- nova 2012.1.1-6 (bug #684256)
CVE-2012-3446 (Apache Libcloud before 0.11.1 uses an incorrect regular expression ...)
	- libcloud 0.5.0-1.1 (bug #683927)
CVE-2012-3445 (The virTypedParameterArrayClear function in libvirt 0.9.13 does not ...)
	- libvirt 0.9.12-4 (bug #683483)
	[squeeze] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://www.redhat.com/archives/libvir-list/2012-July/msg01650.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=844734
CVE-2012-3444 (The get_image_dimensions function in the image-handling functionality ...)
	{DSA-2529-1}
	- python-django 1.4.1-1 (bug #683364)
	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3443 (The django.forms.ImageField class in the form system in Django before ...)
	{DSA-2529-1}
	- python-django 1.4.1-1 (bug #683364)
	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3442 (The (1) django.http.HttpResponseRedirect and (2) ...)
	{DSA-2529-1}
	- python-django 1.4.1-1 (bug #683364)
	NOTE: https://www.djangoproject.com/weblog/2012/jul/30/security-releases-issued/
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/31/2
CVE-2012-3441 (The database creation script ...)
	- icinga <not-affected> (Debian uses dbconfig, which does the right thing, bug #683320)
CVE-2012-3440 (A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux ...)
	- sudo <not-affected> (Red Hat-specific postinst script)
CVE-2012-3439
	REJECTED
CVE-2012-3438 (The Magick_png_malloc function in coders/png.c in GraphicsMagick ...)
	- graphicsmagick 1.3.16-1.1 (low; bug #683284)
	[squeeze] - graphicsmagick <no-dsa> (Minor issue)
CVE-2012-3437 (The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 ...)
	{DLA-242-1}
	- imagemagick 8:6.7.7.10-3 (low; bug #683285)
	[squeeze] - imagemagick <no-dsa> (Minor issue)
CVE-2012-3436 (OpenTTD 0.6.0 through 1.2.1 does not properly validate requests to ...)
	{DSA-2524-1}
	- openttd 1.2.1-2 (low; bug #683258)
CVE-2012-3435 (SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix ...)
	{DSA-2539-1}
	- zabbix 1:2.0.2+dfsg-1 (bug #683273)
	NOTE: http://seclists.org/oss-sec/2012/q3/127
CVE-2012-3434 (Multiple cross-site scripting (XSS) vulnerabilities in userperspan.php ...)
	NOT-FOR-US: WordPress plugin Count Per Day
CVE-2012-3433 (Xen 4.0 and 4.1 allows local HVM guest OS kernels to cause a denial of ...)
	{DSA-2531-1}
	- xen 4.1.3-1 (bug #683279)
CVE-2012-3432 (The handle_mmio function in arch/x86/hvm/io.c in the MMIO operations ...)
	{DSA-2531-1}
	- xen 4.1.3-1 (bug #683279)
CVE-2012-3431 (The Teiid Java Database Connectivity (JDBC) socket, as used in JBoss ...)
	NOT-FOR-US: Teeid
CVE-2012-3430 (The rds_recvmsg function in net/rds/recv.c in the Linux kernel before ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/26/3
CVE-2012-3429 (The dns_to_ldap_dn_escape function in src/ldap_convert.c in ...)
	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-3428 (The IronJacamar container before 1.0.12.Final for JBoss Application ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-3427 (EC2 Amazon Machine Image (AMI) in JBoss Enterprise Application ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-3426 (OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before ...)
	- keystone 2012.1.1-1
CVE-2012-3425 (The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before ...)
	{DLA-375-1}
	- libpng 1.2.49-1 (low; bug #668082)
CVE-2012-3424 (The decode_credentials method in ...)
	- rails <not-affected> (Only affects RoR 3.x)
	- ruby-actionpack-3.2 3.2.6-3 (bug #683370)
CVE-2012-3423 (The IcedTea-Web plugin before 1.2.1 does not properly handle NPVariant ...)
	- icedtea-web 1.3-1
CVE-2012-3422 (The getFirstInTableInstance function in the IcedTea-Web plugin before ...)
	- icedtea-web 1.3-1
CVE-2012-3421 (The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3420 (Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3419 (Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3418 (libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote ...)
	{DSA-2533-1}
	- pcp 3.6.5 (bug #685476)
CVE-2012-3417 (The good_client function in rquotad (rquota_svc.c) in Linux DiskQuota ...)
	- quota 4.00~pre1-1
	NOTE: this is at least fixed in 4.00, I could not trace this back to an exact version
CVE-2012-3416 (Condor before 7.8.2 allows remote attackers to bypass host-based ...)
	- condor 7.8.2~dfsg.1-1 (bug #685366)
CVE-2012-3415
	REJECTED
CVE-2012-3414 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload ...)
	- libjs-swfupload 2.2.0.1+ds1-2 (low; bug #681323)
	- wordpress 3.5.1+dfsg-1 (bug #698934)
	NOTE: https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/
CVE-2012-3413 (The HTMLQuoteColorer::process function in ...)
	- kdepim <not-affected> (Only affects kdepim >= 4.6)
	NOTE: CVE-request http://www.openwall.com/lists/oss-security/2012/07/13/3
	NOTE: https://projects.kde.org/projects/kde/kdepim/repository/revisions/dbb2f72f4745e00f53031965a9c10b2d6862bd54
	NOTE: https://bugs.launchpad.net/ubuntu/+source/kdepim/+bug/1022690
CVE-2012-3412 (The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before ...)
	- linux 3.2.29-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
CVE-2012-3411 (Dnsmasq before 2.63test1, when used with certain libvirt ...)
	- dnsmasq 2.63-1 (low; bug #683372)
	[wheezy] - dnsmasq <no-dsa> (Minor issue)
	[squeeze] - dnsmasq <no-dsa> (Minor issue)
	NOTE: Please see CVE-2013-0198
CVE-2012-3410 (Stack-based buffer overflow in lib/sh/eaccess.c in GNU Bash before 4.2 ...)
	- bash 4.2-4 (low; bug #681278)
	[squeeze] - bash <no-dsa> (Minor issue)
CVE-2012-3409
	RESERVED
	- ecryptfs-utils 99-1 (bug #682220)
	[squeeze] - ecryptfs-utils <not-affected> (home src/dest mountpoints hardcoded in that version)
CVE-2012-3408 (lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet ...)
	- puppet 2.7.18-1 (low)
	[squeeze] - puppet <no-dsa> (Minor issue)
	NOTE: http://puppetlabs.com/security/cve/cve-2012-3408/
	NOTE: There's no code fix, but this should be addressed in stable with a NEWS file warning about this
	NOTE: Fixed in 2.7.18 by updated docs
CVE-2012-3407
	RESERVED
	NOT-FOR-US: plow
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/16
CVE-2012-3406 (The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka ...)
	{DSA-3169-1 DLA-165-1}
	- eglibc <removed>
	- glibc 2.19-14 (low; bug #681888)
	NOTE: Upstream fix: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=5985c6ea868db23380977a35a2167549f9a3653b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=826943
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3405 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
	{DLA-165-1}
	- glibc 2.13-35 (low; bug #681473)
	- eglibc 2.13-35 (low; bug #681473)
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=13446
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a4647e727a2a52e1259474c13f4b13288938bed4
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833704
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1d498daa95384e5c9ad5bcb35e7a996e5869ac39
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3404 (The vfprintf function in stdio-common/vfprintf.c in libc in GNU C ...)
	- glibc 2.13-35 (low; bug #681473)
	- eglibc 2.13-35 (low; bug #681473)
	[squeeze] - eglibc 2.11.3-1
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=12445
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=84a4211850e3d23a9d3a4f3b294752a3b30bc0ff
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=833703
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/17
CVE-2012-3403 (Heap-based buffer overflow in the KiSS CEL file format plug-in in GIMP ...)
	- gimp 2.8.2-1 (bug #685397)
	[squeeze] - gimp 2.6.10-1+squeeze4
CVE-2012-3402 (Integer overflow in plug-ins/common/psd.c in the Adobe Photoshop PSD ...)
	- gimp 2.4.0~rc1-1
	NOTE: Only affects 2.2 series
CVE-2012-3401 (The t2p_read_tiff_init function in tiff2pdf (tools/tiff2pdf.c) in ...)
	{DSA-2552-1}
	- tiff 4.0.2-2 (bug #682115)
	- tiff3 3.9.6-7 (bug #682195)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=837577
CVE-2012-3400 (Heap-based buffer overflow in the udf_load_logicalvol function in ...)
	- linux 3.2.23-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
CVE-2012-3399 (Config/diff.php in Basilic 1.5.14 allows remote attackers to execute ...)
	NOT-FOR-US: Basilic
CVE-2012-3398 (Algorithmic complexity vulnerability in Moodle 1.9.x before 1.9.19, ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <no-dsa> (Minor issue)
CVE-2012-3397 (lib/modinfolib.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.0)
CVE-2012-3396 (Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.0)
CVE-2012-3395 (SQL injection vulnerability in mod/feedback/complete.php in Moodle ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.0)
CVE-2012-3394 (auth/ldap/ntlmsso_attempt.php in Moodle 2.0.x before 2.0.10, 2.1.x ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3393 (Cross-site scripting (XSS) vulnerability in repository/lib.php in ...)
	- moodle 2.2.3.dfsg-2.1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3392 (mod/forum/unsubscribeall.php in Moodle 2.1.x before 2.1.7 and 2.2.x ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3391 (mod/forum/rsslib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3390 (lib/filelib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 ...)
	- moodle 2.2.3.dfsg-1 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.1)
CVE-2012-3389 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moodle 2.2.3.dfsg-2.2 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-3388 (The is_enrolled function in lib/accesslib.php in Moodle 2.2.x before ...)
	- moodle 2.2.3.dfsg-2.2 (bug #682203)
	[squeeze] - moodle <not-affected> (Only affects >= 2.2)
CVE-2012-3387 (Moodle 2.3.x before 2.3.1 uses only a client-side check for whether ...)
	- moodle <not-affected> (Only affects 2.3)
CVE-2012-3386 (The &quot;make distcheck&quot; rule in GNU Automake before 1.11.6 and 1.12.x ...)
	- automake 1:1.4-p6-13.1
	- automake1.10 1:1.10.3-3
	[squeeze] - automake1.10 1:1.10.3-1+squeeze1
	- automake1.11 1:1.11.6-1 (bug #681097)
	[squeeze] - automake1.11 1:1.11.1-1+squeeze1
	- automake1.7 1.7.9-10
	[squeeze] - automake1.7 1.7.9-9.1+squeeze1
	- automake1.9 1.9.6+nogfdl-4
	[squeeze] - automake1.9 1.9.6+nogfdl-3.1+squeeze1
CVE-2012-3385 (WordPress before 3.4.1 does not properly restrict access to post ...)
	- wordpress 3.4.1+dfsg-1 (bug #680721)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3384 (Cross-site request forgery (CSRF) vulnerability in the customizer in ...)
	- wordpress 3.4.1+dfsg-1 (bug #680721)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3383 (The map_meta_cap function in wp-includes/capabilities.php in WordPress ...)
	- wordpress 3.4.1+dfsg-1 (bug #680721)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/02/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/08/1
CVE-2012-3382 (Cross-site scripting (XSS) vulnerability in the ProcessRequest ...)
	{DSA-2512-1}
	- mono 2.10.8.1-5 (bug #681095)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=769799
	NOTE: https://github.com/mono/mono/commit/d16d4623edb210635bec3ca3786481b82cde25a2
CVE-2012-3381 (sfcb in sblim-sfcb places a zero-length directory name in the ...)
	NOT-FOR-US: sblim-sfcb
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=770234
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=838160
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/7
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/06/8
CVE-2012-3380 (Directory traversal vulnerability in naxsi-ui/nx_extract.py in the ...)
	- nginx 1.2.1-2
	[squeeze] - nginx <not-affected> (naxsi package was introduced in 1.1.18-1)
CVE-2012-3379 [as31: insecure file creation in /tmp]
	REJECTED
CVE-2012-3378 (The register_application function in atk-adaptor/bridge.c in GNOME ...)
	- at-spi2-atk 2.5.3-1 (bug #678026)
CVE-2012-3377 (Heap-based buffer overflow in the Ogg_DecodePacket function in the OGG ...)
	- vlc 2.0.2-1 (bug #680665)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://git.videolan.org/?p=vlc/vlc-2.0.git;a=commitdiff;h=16e9e126333fb7acb47d363366fee3deadc8331e
	NOTE: http://securitytracker.com/id/1027224
CVE-2012-3376 (DataNodes in Apache Hadoop 2.0.0 alpha does not check the BlockTokens ...)
	- hadoop <itp> (bug #535861)
	NOTE: http://seclists.org/bugtraq/2012/Jul/48
CVE-2012-3375 (The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before ...)
	- linux 3.2.23-1
	- linux-2.6 <not-affected> (Introduced in 3.2)
CVE-2012-3374 (Buffer overflow in markup.c in the MXit protocol plugin in libpurple ...)
	{DSA-2509-1}
	- pidgin 2.10.6-1 (bug #680661)
	[squeeze] - pidgin 2.7.3-1+squeeze3
	NOTE: http://www.pidgin.im/news/security/index.php?id=64
	NOTE: http://hg.pidgin.im/pidgin/main/rev/ded93865ef42
CVE-2012-3373 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-3372 (** DISPUTED ** The default configuration of Cyberoam UTM appliances ...)
	NOT-FOR-US: Cyberoam DPI devices
	NOTE: https://blog.torproject.org/blog/security-vulnerability-found-cyberoam-dpi-devices-cve-2012-3372
	NOTE: http://seclists.org/bugtraq/2012/Jul/20
CVE-2012-3371 (The Nova scheduler in OpenStack Compute (Nova) Folsom (2012.2) and ...)
	- nova 2012.1.1-5 (bug #681301)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/13
	NOTE: https://github.com/openstack/nova/commit/034762e8060dcf0a11cb039b9d426b0d0bb1801d
	NOTE: https://github.com/openstack/nova/commit/25f5bd31805bd21d7b7e3583c775252aa8f737e9
	NOTE: https://bugs.launchpad.net/nova/+bug/1017795
CVE-2012-3370 (The SecurityAssociation.getCredential method in JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3369 (The CallerIdentityLoginModule in JBoss Enterprise Application Platform ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-3368 (Integer signedness error in attach.c in dtach 0.8 allows remote ...)
	- dtach 0.8-2.1 (low; bug #625302)
	[squeeze] - dtach 0.8-2+squeeze1
	NOTE: http://sourceforge.net/tracker/?func=detail&aid=3517812&group_id=36489&atid=417357
	NOTE: http://sourceforge.net/tracker/download.php?group_id=36489&atid=417357&file_id=441195&aid=3517812
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812551
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835849
CVE-2012-3367 (Red Hat Certificate System (RHCS) before 8.1.1 and Dogtag Certificate ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-3366 (The Trigger plugin in bcfg2 1.2.x before 1.2.3 allows remote attackers ...)
	{DSA-2503-1}
	- bcfg2 1.2.2-2 (bug #679272)
CVE-2012-3365 (The SQLite functionality in PHP before 5.3.15 allows remote attackers ...)
	- php5 <removed> (unimportant)
	NOTE: open_basedir not supported
CVE-2012-3364 (Multiple stack-based buffer overflows in the Near Field Communication ...)
	- linux 3.2.23-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-3363 (Zend_XmlRpc in Zend Framework 1.x before 1.11.12 and 1.12.x before ...)
	{DSA-2505-1}
	- zendframework 1.11.12-1 (bug #679215)
	- moodle 2.5-1 (bug #703870)
	[squeeze] - moodle <not-affected> (Vulnerable code not present)
CVE-2012-3362 (Cross-site request forgery (CSRF) vulnerability in eXtplorer 2.1 RC3 ...)
	{DSA-2510-1}
	- extplorer 2.1.0b6+dfsg.3-3 (bug #678737)
CVE-2012-3361 (virt/disk/api.py in OpenStack Compute (Nova) Folsom (2012.2), Essex ...)
	- nova 2012.1.1-2 (bug #680110)
CVE-2012-3360 (Directory traversal vulnerability in virt/disk/api.py in OpenStack ...)
	- nova 2012.1.1-2 (bug #680110)
CVE-2012-3359 (Luci in Red Hat Conga stores the user's username and password in a ...)
	NOT-FOR-US: Red Hat Conga
CVE-2012-3358 (Multiple heap-based buffer overflows in the j2k_read_sot function in ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.4 (bug #681075)
	NOTE: http://www.openwall.com/lists/oss-security/2012/07/11/1
	NOTE: Upstream patch: http://code.google.com/p/openjpeg/source/detail?r=1727
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835767
CVE-2012-3357 (The SVN revision view (lib/vclib/svn/svn_repos.py) in ViewVC before ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #679069)
	NOTE: http://viewvc.tigris.org/issues/show_bug.cgi?id=353
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2755
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2756
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2757
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2759
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2760
CVE-2012-3356 (The remote SVN views functionality (lib/vclib/svn/svn_ra.py) in ViewVC ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #679069)
	NOTE: http://viewvc.tigris.org/source/browse/viewvc?view=rev&revision=2758
CVE-2012-3355 ((1) AlbumTab.py, (2) ArtistTab.py, (3) LinksTab.py, and (4) ...)
	- rhythmbox 2.97-2.1 (low; bug #616673)
	[squeeze] - rhythmbox <no-dsa> (Minor issue)
	NOTE: Upstream bug report https://bugzilla.gnome.org/show_bug.cgi?id=678661
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=835076
CVE-2012-3354 (doku.php in DokuWiki, as used in Fedora 16, 17, and 18, when certain ...)
	- dokuwiki 0.0.20130510a-1 (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/24/2
CVE-2012-3353 (The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling ...)
	NOT-FOR-US: Apache Sling
CVE-2012-3553 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Asterisk Open ...)
	- asterisk <not-affected> (Only affects Asterisk 10)
CVE-2012-3352
	RESERVED
CVE-2012-3351
	RESERVED
CVE-2012-3350 (SQL injection vulnerability in index.php in Webmatic 3.1.1 allows ...)
	NOT-FOR-US: WebMatic
	NOTE: http://seclists.org/bugtraq/2012/Jul/25
CVE-2012-3349
	RESERVED
CVE-2012-3348
	RESERVED
CVE-2012-3347 (AutoFORM PDM Archive before 7.0 implements user accounts in a way that ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-3346
	RESERVED
CVE-2012-3345 (ioquake3 before r2253 allows local users to overwrite arbitrary files ...)
	- ioquake3 1.36+svn2224-4
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/3
CVE-2012-3344
	RESERVED
CVE-2012-3343 (Cross-site request forgery (CSRF) vulnerability in Microdasys before ...)
	NOT-FOR-US: Microdasys
CVE-2010-5141 (wxBitcoin and bitcoind before 0.3.5 do not properly handle script ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2012-3342 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-3341
	RESERVED
CVE-2012-3340
	RESERVED
CVE-2012-3339
	RESERVED
CVE-2012-3338
	RESERVED
CVE-2012-3337
	RESERVED
CVE-2012-3336
	RESERVED
CVE-2012-3335
	RESERVED
CVE-2012-3334 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 11.50 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2012-3333 (CRLF injection vulnerability in IBM Maximo Asset Management 7.x before ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2012-3332
	RESERVED
CVE-2012-3331 (IBM Sametime allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: IBM Sametime
CVE-2012-3330 (The proxy server in IBM WebSphere Application Server 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3329 (IBM Advanced Settings Utility (ASU) through 3.62 and 3.70 through 9.21 ...)
	NOT-FOR-US: IBM Advanced Settings Utility, Bootable Media Creator
CVE-2012-3328 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2012-3327 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2012-3326 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3325 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.45, 7.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3324 (Directory traversal vulnerability in the UTL_FILE module in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2012-3323 (IBM Maximo Asset Management 6.2 before 6.2.8, 7.1 before 7.1.1.12, and ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3322 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM
CVE-2012-3321 (IBM SmartCloud Control Desk 7.5 allows remote authenticated users to ...)
	NOT-FOR-US: IBM
CVE-2012-3320
	RESERVED
CVE-2012-3319 (IBM Rational Business Developer 8.x before 8.0.1.4 allows remote ...)
	NOT-FOR-US: IBM Rational Business Developer
CVE-2012-3318
	RESERVED
CVE-2012-3317 (IBM WebSphere Message Broker 6.1 before 6.1.0.11, 7.0 before 7.0.0.5, ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-3316 (Cross-site scripting (XSS) vulnerability in the Tivoli Process ...)
	NOT-FOR-US: IBM
CVE-2012-3315 (The Java servlets in the management console in IBM Tivoli Federated ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3314 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3313 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-3312 (The datasource definition editor in IBM InfoSphere Guardium 8.2 and ...)
	NOT-FOR-US: IBM InfoSphere Guardium
CVE-2012-3311 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3310 (IBM Tivoli Federated Identity Manager (TFIM) before 6.1.1.14, 6.2.0 ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3309 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: IBM InfoSphere Guardium
CVE-2012-3308 (Cross-site scripting (XSS) vulnerability in IBM Sametime 8.0.2 through ...)
	NOT-FOR-US: IBM Sametime
CVE-2012-3307
	RESERVED
CVE-2012-3306 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.45, 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3305 (Directory traversal vulnerability in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3304 (The Administrative Console in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-3303
	RESERVED
CVE-2012-3302 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-3301 (Multiple CRLF injection vulnerabilities in the HTTP server in IBM ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2012-3300 (IBM WebSphere Commerce 7.0 before 7.0.0.6, when persistent sessions ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2012-3299
	RESERVED
CVE-2012-3298 (Unspecified vulnerability in the REST services framework in IBM ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2012-3297 (Cross-site scripting (XSS) vulnerability in the embedded HTTP server ...)
	NOT-FOR-US: IBM Tivoli
CVE-2012-3296 (Cross-site scripting (XSS) vulnerability in the Help link in the login ...)
	NOT-FOR-US: IBM Power Hardware Management Console
CVE-2012-3295 (IBM WebSphere MQ 7.1, when an SVRCONN channel is used, allows remote ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2012-3294 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Web ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-3293 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-3292 (The GridFTP in Globus Toolkit (GT) before 5.2.2, when certain autoconf ...)
	{DSA-2523-1}
	- globus-gridftp-server 6.5-1
CVE-2012-3291 (Heap-based buffer overflow in OpenConnect 3.18 allows remote servers ...)
	{DSA-2495-1}
	- openconnect 3.18-1 (bug #677594)
CVE-2012-3290 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	NOT-FOR-US: Chrome books
CVE-2012-3289 (VMware Workstation 8.x before 8.0.4, VMware Player 4.x before 4.0.4, ...)
	NOT-FOR-US: VMware
CVE-2012-3288 (VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware ...)
	NOT-FOR-US: VMware
CVE-2012-3287 (Poul-Henning Kamp md5crypt has insufficient algorithmic complexity and ...)
	NOT-FOR-US: md5crypt
CVE-2012-3286 (Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and ...)
	NOT-FOR-US: HP ArcSight appliance
CVE-2012-3285 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3284 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3283 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3282 (Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance ...)
	NOT-FOR-US: HP LeftHand Virtual SAN Appliance
CVE-2012-3281 (Unspecified vulnerability in Device Manager in HP XP P9000 Command ...)
	NOT-FOR-US: HP XP P9000 Command View
CVE-2012-3280 (Multiple unspecified vulnerabilities on HP NonStop Servers H06.x and ...)
	NOT-FOR-US: HP NonStop Servers
CVE-2012-3279 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager i
CVE-2012-3278 (Stack-based buffer overflow in magentservice.exe in HP Diagnostics ...)
	NOT-FOR-US: HP Diagnostics Server
CVE-2012-3277 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, ...)
	NOT-FOR-US: HP OpenVMS
CVE-2012-3276 (HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the Itanium platform and 7.3-2, ...)
	NOT-FOR-US: HP OpenVMS
CVE-2012-3275 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.1x and ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2012-3274 (Stack-based buffer overflow in uam.exe in the User Access Manager ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2012-3273 (Multiple unspecified vulnerabilities on the HP LaserJet Pro 400 MFP ...)
	NOT-FOR-US: HP LaserJet
CVE-2012-3272 (Cross-site scripting (XSS) vulnerability on the HP Color LaserJet ...)
	NOT-FOR-US: HP LaserJet
CVE-2012-3271 (Unspecified vulnerability on the HP Integrated Lights-Out 3 (aka iLO3) ...)
	NOT-FOR-US: HP ILO
CVE-2012-3270 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-3269 (Unspecified vulnerability in HP Performance Insight 5.31, 5.40, and ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-3268 (Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, ...)
	NOT-FOR-US: HP network devices
CVE-2012-3267 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.20 ...)
	NOT-FOR-US: HP NNMi
CVE-2012-3266 (Unspecified vulnerability in IBRIX 6.1.196 through 6.1.251 on HP IBRIX ...)
	NOT-FOR-US: HP IBRIX
CVE-2012-3265
	REJECTED
CVE-2012-3264 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3263 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3262 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3261 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3260 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3259 (Unspecified vulnerability in a SOAP feature in HP SiteScope 11.10 ...)
	NOT-FOR-US: HP SiteScope
CVE-2012-3258 (Unspecified vulnerability in HP Operations Orchestration 9.0 before ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2012-3257 (HP Business Availability Center (BAC) 8.07 allows remote authenticated ...)
	NOT-FOR-US: HP Business Availability Center
CVE-2012-3256 (Cross-site request forgery (CSRF) vulnerability in HP Business ...)
	NOT-FOR-US: HP Business Availability Center
CVE-2012-3255 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
	NOT-FOR-US: HP Business Availability Center
CVE-2012-3254 (Multiple unspecified vulnerabilities in HP iNode Management Center ...)
	NOT-FOR-US: HP iNode Management Center
CVE-2012-3253 (Multiple unspecified vulnerabilities in HP Intelligent Management ...)
	NOT-FOR-US: HP Intelligent Management
CVE-2012-3252 (Unspecified vulnerability in HP Serviceguard A.11.19 and A.11.20 ...)
	NOT-FOR-US: HP Serviceguard
CVE-2012-3251 (Cross-site scripting (XSS) vulnerability in HP Service Manager Web ...)
	NOT-FOR-US: HP Service Manager
CVE-2012-3250 (Unspecified vulnerability in HP Service Manager Server 7.11, 9.21, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2012-3249 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...)
	NOT-FOR-US: HP Fortify Software Security Center
CVE-2012-3248 (HP Fortify Software Security Center 3.1, 3.3, 3.4, and 3.5 allows ...)
	NOT-FOR-US: HP Fortify Software Security Center
CVE-2012-3247 (Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c ...)
	NOT-FOR-US: HP Integrity Server
CVE-2012-3246
	RESERVED
CVE-2012-3245
	RESERVED
CVE-2012-3244
	RESERVED
CVE-2012-3243 (Cross-site scripting (XSS) vulnerability in the SEOgento plugin for ...)
	NOT-FOR-US: SEOgento plugin for Magento
CVE-2012-3242
	RESERVED
CVE-2012-3241 (The VMware Broker in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 does not ...)
	- eucalyptus <not-affected> (Fixed before initial release)
CVE-2012-3240 (The Walrus service in Eucalyptus 2.0.3 and 3.0.x before 3.0.2 allows ...)
	- eucalyptus <not-affected> (Fixed before initial release)
CVE-2012-3239
	RESERVED
CVE-2012-3238 (Cross-site scripting (XSS) vulnerability in the Backup/Restore ...)
	NOT-FOR-US: Astaro appliance
CVE-2012-3237
	RESERVED
CVE-2012-3236 (fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a ...)
	- gimp 2.8.2-1 (unimportant)
	NOTE: Harmless crasher w/o security impact
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=676804
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=0474376d234bc3d0901fd5e86f89d778a6473dd8 (GIMP_2_8_2)
CVE-2012-3235
	RESERVED
CVE-2012-3234 (RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP 1.0 through ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-3233 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Kayako Fusion 4.40.1148
CVE-2012-3232 (Cross-site scripting (XSS) vulnerability in search.php in web@all 2.0, ...)
	NOT-FOR-US: web@all
CVE-2012-3231 (Multiple cross-site request forgery (CSRF) vulnerabilities in web@all ...)
	NOT-FOR-US: web@all
CVE-2012-3230 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3229 (Unspecified vulnerability in the Siebel UI Framework component in ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3228 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3227 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3226 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3225 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3224 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3223 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3222 (Unspecified vulnerability in the Oracle iRecruitment component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3221 (Unspecified vulnerability in the Oracle VM Virtual Box component in ...)
	{DSA-2594-1}
	- virtualbox 4.1.18-dfsg-1.1 (bug #690777)
	- virtualbox-ose <removed>
	NOTE: http://www.halfdog.net/Security/2012/VirtualBoxSoftwareInterrupt0x8GuestCrash/
CVE-2012-3220 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3219 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle
CVE-2012-3218 (Unspecified vulnerability in the Human Resources component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2012-3217 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3216 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 6b24-1.11.5-0ubuntu1 (bug #690774)
	- openjdk-7 7u3-2.1.3-1 (bug #690774)
CVE-2012-3215 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3214 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3213 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-3212 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3211 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3210 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3209 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11, when ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3208 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3207 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3206 (Unspecified vulnerability in the Integrated Lights Out Manager CLI in ...)
	NOT-FOR-US: Oracle Sun Products Suite SysFW
CVE-2012-3205 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3204 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3203 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3202 (Multiple unspecified vulnerabilities in the Oracle JRockit component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3201 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3200 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3199 (Unspecified vulnerability in Oracle Sun Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3198 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3197 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3196 (Unspecified vulnerability in the Oracle Human Resources component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3195 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3194 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3193 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3192 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3191 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3190 (Unspecified vulnerability in the Oracle Universal Work Queue component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3189 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3188 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3187 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3186 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3185 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3184 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3183 (Unspecified vulnerability in the Oracle WebCenter Sites component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3182 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3181 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3180 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3179 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3178 (Unspecified vulnerability in the kernel in Oracle Sun Solaris 11 ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3177 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3176 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-3175 (Unspecified vulnerability in the Oracle Application Server Single ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3174 (Unspecified vulnerability in Oracle Java 7 before Update 11 allows ...)
	- openjdk-6 <not-affected> (Only affects Java 7)
	- openjdk-7 7u3-2.1.4-1
CVE-2012-3173 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3172 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3171 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3170 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3169 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3168 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-3167 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3166 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3165 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3164 (Unspecified vulnerability in the Oracle Marketing component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3163 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3162 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3161 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3160 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3159 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-3158 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3157 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3156 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3155 (Unspecified vulnerability in the CORBA ORB component in Sun GlassFish ...)
	- glassfish <undetermined> (bug #692035)
	[wheezy] - glassfish <end-of-life>
	NOTE: Oracle doesn't provide any useful public information to fix the package without importing a new upstream version.
CVE-2012-3154 (Unspecified vulnerability in the Oracle Agile PLM Framework component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3153 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3152 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3151 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3150 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2581-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3149 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3148 (Unspecified vulnerability in the Oracle Field Service component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3147 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3146 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3145 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3144 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.28+dfsg-1 (bug #690778)
CVE-2012-3143 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-3142 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3141 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-3140 (Unspecified vulnerability in the Oracle Agile PLM For Process ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3139 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3138 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-3137 (The authentication protocol in Oracle Database Server 10.2.0.3, ...)
	NOT-FOR-US: Oracle Database
CVE-2012-3136 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.2-1
	- openjdk-6 <not-affected>
CVE-2012-3135 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-3134 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-3133 (Buffer overflow in the DataDirect ODBC driver, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2012-3132 (SQL injection vulnerability in Oracle Database Server 10.2.0.3, ...)
	NOT-FOR-US: Oracle Database
CVE-2012-3131 (Unspecified vulnerability in Oracle Sun Solaris 9, 10, and 11 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3130 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3129 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3128 (Unspecified vulnerability in Oracle SPARC T-Series Servers running ...)
	NOT-FOR-US: ILO firmware
CVE-2012-3127 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3126 (Unspecified vulnerability in the Solaris Cluster component in Oracle ...)
	NOT-FOR-US: Solaris Cluster
CVE-2012-3125 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3124 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3123 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3122 (Unspecified vulnerability in Oracle Sun Solaris 8 and 9 allows local ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3121 (Unspecified vulnerability in Oracle Sun Solaris 9 and 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3120 (Unspecified vulnerability in Oracle Sun Solaris 8 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3119 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
CVE-2012-3118 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise PeopleTools)
CVE-2012-3117 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3116 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3115 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3114 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-3113 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
CVE-2012-3112 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-3111 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products (PeopleSoft Enterprise HRMS)
CVE-2012-3110 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3109 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3108 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3107 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3106 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-3105 (The glBufferData function in the WebGL implementation in Mozilla ...)
	- iceweasel 10.0.5esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2012-3104
	REJECTED
CVE-2011-5093 (Best Practical Solutions RT 4.x before 4.0.6 does not properly ...)
	NOTE: Dupe of CVE-2011-4458
CVE-2011-5092 (Best Practical Solutions RT 3.8.x before 3.8.12 and 4.x before 4.0.6 ...)
	NOTE: Dupe of CVE-2011-4458
CVE-2012-3103
	RESERVED
CVE-2012-3102
	RESERVED
CVE-2012-3101
	RESERVED
CVE-2012-3100
	RESERVED
CVE-2012-3099
	RESERVED
CVE-2012-3098
	RESERVED
CVE-2012-3097
	RESERVED
CVE-2012-3096 (Cisco Unity Connection (UC) 7.1, 8.0, and 8.5 allows remote ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-3095
	RESERVED
CVE-2012-3094 (The VPN downloader in the download_install component in Cisco ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2012-3093
	RESERVED
CVE-2012-3092
	RESERVED
CVE-2012-3091
	RESERVED
CVE-2012-3090
	RESERVED
CVE-2012-3089
	RESERVED
CVE-2012-3088 (Cisco AnyConnect Secure Mobility Client 3.1.x before 3.1.00495, and ...)
	NOT-FOR-US: Cisco AnyConnect Secure Mobility Client
CVE-2012-3087
	RESERVED
CVE-2012-3086
	RESERVED
CVE-2012-3085
	RESERVED
CVE-2012-3084
	RESERVED
CVE-2012-3083
	RESERVED
CVE-2012-3082
	RESERVED
CVE-2012-3081
	RESERVED
CVE-2012-3080
	RESERVED
CVE-2012-3079 (Cisco IOS 12.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3078
	RESERVED
CVE-2012-3077
	RESERVED
CVE-2012-3076 (The administrative web interface on Cisco TelePresence Recording ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3075 (The administrative web interface on Cisco TelePresence Immersive ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3074 (An unspecified API on Cisco TelePresence Immersive Endpoint Devices ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3073 (The IP implementation on Cisco TelePresence Multipoint Switch before ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-3072
	RESERVED
CVE-2012-3071
	RESERVED
CVE-2012-3070
	RESERVED
CVE-2012-3069
	RESERVED
CVE-2012-3068
	RESERVED
CVE-2012-3067
	RESERVED
CVE-2012-3066
	RESERVED
CVE-2012-3065
	RESERVED
CVE-2012-3064
	RESERVED
CVE-2012-3063 (Cisco Application Control Engine (ACE) before A4(2.3) and A5 before ...)
	NOT-FOR-US: Cisco
CVE-2012-3062 (Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-3061
	RESERVED
CVE-2012-3060 (Cisco Unity Connection (UC) 8.6, 9.0, and 9.5 allows remote attackers ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-3059
	RESERVED
CVE-2012-3058 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2012-3057 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3056 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3055 (Stack-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3054 (Heap-based buffer overflow in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3053 (Buffer overflow in the Cisco WebEx Advanced Recording Format (ARF) ...)
	NOT-FOR-US: Cisco WebEx Player
CVE-2012-3052 (Untrusted search path vulnerability in Cisco VPN Client 5.0 allows ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2012-3051 (Cisco NX-OS 5.2 and 6.1 on Nexus 7000 series switches allows remote ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-3050
	RESERVED
CVE-2012-3049
	RESERVED
CVE-2012-3048
	RESERVED
CVE-2012-3047 (Cross-site scripting (XSS) vulnerability in the web-wizard setup page ...)
	NOT-FOR-US: Cisco
CVE-2012-3046
	RESERVED
CVE-2012-3045
	RESERVED
CVE-2012-3044
	RESERVED
CVE-2012-3043
	RESERVED
CVE-2012-3042
	REJECTED
CVE-2012-3041
	RESERVED
CVE-2012-3040 (Cross-site scripting (XSS) vulnerability in the web server on Siemens ...)
	NOT-FOR-US: Siemens
CVE-2012-3039 (Moxa OnCell Gateway G3111, G3151, G3211, and G3251 devices with ...)
	NOT-FOR-US: Moxa OnCell Gateway
CVE-2012-3038
	RESERVED
CVE-2012-3037 (The Siemens SIMATIC S7-1200 2.x PLC does not properly protect the ...)
	NOT-FOR-US: Siemens SIMATIC PLC
CVE-2012-3036
	REJECTED
CVE-2012-3035 (Buffer overflow in Emerson DeltaV 9.3.1 and 10.3 through 11.3.1 allows ...)
	NOT-FOR-US: Emerson DeltaV
CVE-2012-3034 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3033
	REJECTED
CVE-2012-3032 (SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3031 (Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3030 (WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3029
	REJECTED
CVE-2012-3028 (Cross-site request forgery (CSRF) vulnerability in WebNavigator in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-3027
	REJECTED
CVE-2012-3026 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-3025 (The default configuration of Tridium Niagara AX Framework through 3.6 ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-3024 (Tridium Niagara AX Framework through 3.6 uses predictable values for ...)
	NOT-FOR-US: Tridium Niagara AX Framework
CVE-2012-3023
	RESERVED
CVE-2012-3022 (The SaveToFile method in a certain ActiveX control in TrendDisplay.dll ...)
	NOT-FOR-US: Canary Labs TrendLink
CVE-2012-3021 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-3020 (The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and ...)
	NOT-FOR-US: Siemens Synco OZW Web Server
CVE-2012-3019
	RESERVED
CVE-2012-3018 (The lockout-recovery feature in the Security Configurator component in ...)
	NOT-FOR-US: ICONICS GENESIS32
CVE-2012-3017 (Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2012-3016 (Siemens SIMATIC S7-400 PN CPU devices with firmware 6 before 6.0.3 ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2012-3015 (Untrusted search path vulnerability in Siemens SIMATIC STEP7 before ...)
	NOT-FOR-US: Siemens SIMATIC
CVE-2012-3014 (The Management Software application in GarrettCom Magnum MNS-6K before ...)
	NOT-FOR-US: GarrettCom Magnum MNS-6K
CVE-2012-3013 (WAGO I/O System 758 model 758-870, 758-874, 758-875, and 758-876 ...)
	NOT-FOR-US: WAGO I/O System 758
CVE-2012-3012 (The Arbiter Power Sentinel 1133A device with firmware before 11Jun2012 ...)
	NOT-FOR-US: Arbiter Power Sentinel 1133A
CVE-2012-3011 (Directory traversal vulnerability in the web server in Fultek WinTr ...)
	NOT-FOR-US: Fultek WinTr Scada web server
CVE-2012-3010 (rifsrvd.exe in the Remote Interface Service in GE Intelligent ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-3009 (Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, ...)
	NOT-FOR-US: Siemens COMOS
CVE-2012-3008 (Stack-based buffer overflow in OSIsoft PI OPC DA Interface before ...)
	NOT-FOR-US: OSIsoft PI OPC DA Interface
CVE-2012-3007 (Stack-based buffer overflow in slssvc.exe before 58.x in Invensys ...)
	NOT-FOR-US: Invensys Wonderware SuiteLink
CVE-2012-3006 (The Innominate mGuard Smart HW before HW-101130 and BD before ...)
	NOT-FOR-US: Innominate mGuard Smart
CVE-2012-3005 (Untrusted search path vulnerability in Invensys Wonderware InTouch ...)
	NOT-FOR-US: Wonderwar
CVE-2012-3004 (Multiple untrusted search path vulnerabilities in RealFlex RealWin ...)
	NOT-FOR-US: RealFlex RealWin
CVE-2012-3003 (Open redirect vulnerability in an unspecified web application in ...)
	NOT-FOR-US: WinCC
CVE-2012-3002 (The web interface on (1) Foscam and (2) Wansview IP cameras allows ...)
	NOT-FOR-US: Foscam, Wansview IP cameras
CVE-2012-3001 (Mutiny Standard before 4.5-1.12 allows remote attackers to execute ...)
	NOT-FOR-US: Mutiny Standard
CVE-2012-3000 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2012-2999 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: Cerberus FTP
CVE-2012-2998 (SQL injection vulnerability in the ad hoc query module in Trend Micro ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2012-2997 (XML External Entity (XXE) vulnerability in ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2012-2996 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Trend Micro
CVE-2012-2995 (Multiple cross-site scripting (XSS) vulnerabilities in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2012-2994 (The CoSoSys Endpoint Protector 4 appliance establishes an EPProot ...)
	NOT-FOR-US: CoSoSys Endpoint Protector
CVE-2012-2993 (Microsoft Windows Phone 7 does not verify the domain name in the ...)
	NOT-FOR-US: Microsoft Windows Phone
CVE-2012-2992
	RESERVED
CVE-2012-2991 (The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in ...)
	NOT-FOR-US: PayPal module in osCommerce Online Merchant
CVE-2012-2990 (The MASetupCaller ActiveX control before 1.4.2012.508 in ...)
	NOT-FOR-US: MarkAny ContentSAFER
CVE-2012-2989
	RESERVED
CVE-2012-2988
	RESERVED
CVE-2012-2987
	RESERVED
CVE-2012-2986 (lhn/public/network/ping in HP SAN/iQ 9.5 on the HP Virtual SAN ...)
	NOT-FOR-US: HP Virtual SAN Appliance
CVE-2012-2985 (Cross-site scripting (XSS) vulnerability in InsertDocument.aspx in ...)
	NOT-FOR-US: CuteSoft Cute Editor
CVE-2012-2984 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Websense
CVE-2012-2983 (file/edit_html.cgi in Webmin 1.590 and earlier does not perform an ...)
	NOT-FOR-US: Webmin
CVE-2012-2982 (file/show.cgi in Webmin 1.590 and earlier allows remote authenticated ...)
	NOT-FOR-US: Webmin
CVE-2012-2981 (Webmin 1.590 and earlier allows remote authenticated users to execute ...)
	NOT-FOR-US: Webmin
CVE-2012-2980 (The Samsung and HTC onTouchEvent method implementation for Android on ...)
	NOT-FOR-US: Samsung and HTC Android
CVE-2012-2979 [VU#517036: NSD 3.2.13 emergency release]
	RESERVED
	- nsd3 <not-affected> (Debian version not affected)
CVE-2012-2978 (query.c in NSD 3.0.x through 3.0.8, 3.1.x through 3.1.1, and 3.2.x ...)
	{DSA-2515-1}
	- nsd3 3.2.12-1
CVE-2012-2977 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2976 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2975 (Cross-site scripting (XSS) vulnerability in the traffic overview page ...)
	NOT-FOR-US: F5 ASM
CVE-2012-2974 (The web interface on the SMC SMC8024L2 switch allows remote attackers ...)
	NOT-FOR-US: SMC SMC8024L2 switch
CVE-2012-2973
	RESERVED
CVE-2012-2972 (The (1) server and (2) agent components in CA ARCserve Backup r12.5, ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2012-2971 (The server in CA ARCserve Backup r12.5, r15, and r16 on Windows does ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2012-2970 (The Synel SY-780/A Time &amp; Attendance terminal allows remote attackers ...)
	NOT-FOR-US: Synel terminal
CVE-2012-2969 (Caucho Quercus, as distributed in Resin before 4.0.29, allows remote ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2968 (Directory traversal vulnerability in Caucho Quercus, as distributed in ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2967 (Caucho Quercus, as distributed in Resin before 4.0.29, does not ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2966 (Caucho Quercus, as distributed in Resin before 4.0.29, overwrites ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2965 (Caucho Quercus, as distributed in Resin before 4.0.29, does not ...)
	NOT-FOR-US: Caucho Quercus
CVE-2012-2964 (The BreakingPoint Storm appliance before 3.0 requires cleartext ...)
	NOT-FOR-US: BreakingPoint Storm appliance
CVE-2012-2963 (The administrative interface in the embedded web server on the ...)
	NOT-FOR-US: BreakingPoint Storm appliance
CVE-2012-2962 (SQL injection vulnerability in d4d/statusFilter.php in Plixer ...)
	NOT-FOR-US: Dell SonicWALL Scrutinizer
CVE-2012-2961 (SQL injection vulnerability in the management console in Symantec Web ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2960 (Cross-site scripting (XSS) vulnerability in the import functionality ...)
	NOT-FOR-US: HP ArcSight Connector, ArcSight Logger
CVE-2012-2959 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: BMC
CVE-2012-2958
	RESERVED
CVE-2012-2957 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2956 (SQL injection vulnerability in SpiceWorks 5.3.75941 allows remote ...)
	NOT-FOR-US: SpiceWorks
CVE-2012-2955 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security
CVE-2012-2954
	RESERVED
CVE-2012-2953 (The management console in Symantec Web Gateway 5.0.x before 5.0.3.18 ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2952 (SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier ...)
	NOT-FOR-US: Jaow
CVE-2012-2951
	REJECTED
CVE-2012-2950
	RESERVED
CVE-2012-2949 (The ZTE sync_agent program for Android 2.3.4 on the Score M device ...)
	NOT-FOR-US: Android
CVE-2012-2948 (chan_skinny.c in the Skinny (aka SCCP) channel driver in Certified ...)
	{DSA-2493-1}
	- asterisk 1:1.8.13.0~dfsg-1 (bug #675210)
CVE-2012-2947 (chan_iax2.c in the IAX2 channel driver in Certified Asterisk ...)
	{DSA-2493-1}
	- asterisk 1:1.8.13.0~dfsg-1 (bug #675204)
CVE-2012-2946
	RESERVED
CVE-2012-2945
	RESERVED
	- hadoop <itp> (bug #535861)
CVE-2010-5140 (wxBitcoin and bitcoind before 0.3.13 do not properly handle bitcoins ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5139 (Integer overflow in wxBitcoin and bitcoind before 0.3.11 allows remote ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2010-5138 (wxBitcoin and bitcoind 0.3.x allow remote attackers to cause a denial ...)
	- bitcoin 0.4.0-1
CVE-2010-5137 (wxBitcoin and bitcoind before 0.3.5 allow remote attackers to cause a ...)
	- bitcoin <not-affected> (Fixed before initial release)
CVE-2012-2944 (Buffer overflow in the addchar function in common/parseconf.c in upsd ...)
	{DSA-2484-1}
	- nut 2.6.4-1
	NOTE: https://alioth.debian.org/tracker/index.php?func=detail&aid=313636&group_id=30602&atid=411542
CVE-2012-2943 (CRLF injection vulnerability in cryptographp.inc.php in Cryptographp ...)
	NOT-FOR-US: Cryptographp
CVE-2012-2942 (Buffer overflow in the trash buffer in the header capture ...)
	{DSA-2711-1}
	- haproxy 1.4.23-1 (bug #674447)
	NOTE: According to upstream information this only was fixed in 1.4.21
	NOTE: only a issue if using non-default value for global.tune.bufsize configuration option
	NOTE: Reported as duplicate with CVE-2012-2391 http://seclists.org/oss-sec/2012/q2/417
CVE-2012-2941 (Cross-site scripting (XSS) vulnerability in search/ in Yandex.Server ...)
	NOT-FOR-US: Yandex.Server 2010 9.0 Enterprise
CVE-2012-2940 (MediaChance Real-DRAW PRO 5.2.4 allows remote attackers to cause a ...)
	NOT-FOR-US: MediaChance Real-DRAW PRO
CVE-2012-2939 (Multiple unrestricted file upload vulnerabilities in Travelon Express ...)
	NOT-FOR-US: Travelon Express
CVE-2012-2938 (Multiple cross-site scripting (XSS) vulnerabilities in Travelon ...)
	NOT-FOR-US: Travelon Express
CVE-2012-2937 (Multiple SQL injection vulnerabilities in Pligg CMS before 1.2.2 allow ...)
	NOT-FOR-US: Pligg
CVE-2012-2936 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS ...)
	NOT-FOR-US: Pligg
CVE-2012-2935 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: OSCommerce Online Merchant
CVE-2012-2934 (Xen 4.0, and 4.1, when running a 64-bit PV guest on &quot;older&quot; AMD CPUs, ...)
	{DSA-2501-1}
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-2933
	RESERVED
CVE-2012-2932 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-2931
	RESERVED
CVE-2012-2930 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: TinyWebGallery
CVE-2012-2929
	RESERVED
CVE-2011-5091 (Multiple SQL injection vulnerabilities in GR Board (aka grboard) ...)
	NOT-FOR-US: GR Board
CVE-2011-5090 (GR Board (aka grboard) 1.8.6.5 Community Edition does not require ...)
	NOT-FOR-US: GR Board
CVE-2012-2928 (The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for ...)
	NOT-FOR-US: JIRA plugin
CVE-2012-2927 (The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2012-2926 (Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2012-2925 (SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2012-2924 (PHP remote file inclusion vulnerability in admin/setup.inc.php in ...)
	NOT-FOR-US: Hypermethod eLearning Server 4G
CVE-2012-2923 (SQL injection vulnerability in news.php4 in Hypermethod eLearning ...)
	NOT-FOR-US: Hypermethod eLearning Server 4G
CVE-2012-2922 (The request_path function in includes/bootstrap.inc in Drupal 7.14 and ...)
	- drupal7 7.22-1 (unimportant)
	NOTE: Path disclosure irrelevant for Debian
CVE-2012-2921 (Universal Feed Parser (aka feedparser or python-feedparser) before ...)
	- feedparser 5.1.2-1 (low; bug #674167)
	[squeeze] - feedparser <no-dsa> (Minor issue)
CVE-2012-2920 (Cross-site scripting (XSS) vulnerability in the userphoto_options_page ...)
	NOT-FOR-US: WordPress User Photo plugin
CVE-2012-2919 (Directory traversal vulnerability in Upload/engine.php in Chevereto ...)
	NOT-FOR-US: Chevereto
CVE-2012-2918 (Cross-site scripting (XSS) vulnerability in Upload/engine.php in ...)
	NOT-FOR-US: Chevereto
CVE-2012-2917 (Cross-site scripting (XSS) vulnerability in the Share and Follow ...)
	NOT-FOR-US: WordPress Share and Follow plugin
CVE-2012-2916 (Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in ...)
	NOT-FOR-US: WordPress SABRE plugin
CVE-2012-2915 (Stack-based buffer overflow in Lattice Semiconductor PAC-Designer ...)
	NOT-FOR-US: Lattice Semiconductor PAC-Designer
CVE-2012-2914 (Cross-site scripting (XSS) vulnerability in captchademo.php in ...)
	NOT-FOR-US: Unijimpe Captcha
CVE-2012-2913 (Multiple cross-site scripting (XSS) vulnerabilities in the Leaflet ...)
	NOT-FOR-US: WordPress Leaflet plugin
CVE-2012-2912 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WordPress LeagueManager plugin
CVE-2012-2911 (Cross-site scripting (XSS) vulnerability in backupDB.php in ...)
	NOT-FOR-US: SiliSoftware backupDB
CVE-2012-2910 (Multiple cross-site scripting (XSS) vulnerabilities in SiliSoftware ...)
	NOT-FOR-US: SiliSoftware phpThumb
CVE-2012-2909 (Multiple cross-site scripting (XSS) vulnerabilities in Viscacha ...)
	NOT-FOR-US: Viscacha
CVE-2012-2908 (Multiple SQL injection vulnerabilities in admin/bbcodes.php in ...)
	NOT-FOR-US: Viscacha
CVE-2012-2907 (Cross-site scripting (XSS) vulnerability in the aberdeen_breadcrumb ...)
	NOT-FOR-US: Drupal Aberdeen theme
CVE-2012-2906 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Artiphp CMS 5.5.0 Neo
CVE-2012-2905 (Artiphp CMS 5.5.0 Neo (r422) stores database backups with predictable ...)
	NOT-FOR-US: Artiphp CMS
CVE-2012-2904 (player.swf in LongTail JW Player 5.9 allows remote attackers to ...)
	NOT-FOR-US: LongTail JW Player
CVE-2012-2903 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-2902 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Joomla JCE
CVE-2012-2901 (Cross-site scripting (XSS) vulnerability in the Profile List in the ...)
	NOT-FOR-US: Joomla JCE
CVE-2012-2900 (Skia, as used in Google Chrome before 22.0.1229.92, does not properly ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2899 (Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls ...)
	- chromium-browser <not-affected> (iOS-specific)
CVE-2012-2898 (Google Chrome before 21.0.1180.82 on iOS on iPad devices allows remote ...)
	- chromium-browser <not-affected> (iOS-specific)
CVE-2012-2897 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...)
	- chromium-browser <not-affected> (Windows-specific)
CVE-2012-2896 (Integer overflow in the WebGL implementation in Google Chrome before ...)
	- chromium-browser <not-affected> (MacOS X-specific)
CVE-2012-2895 (The PDF functionality in Google Chrome before 22.0.1229.79 allows ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2012-2894 (Google Chrome before 22.0.1229.79 does not properly handle ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2893 (Double free vulnerability in libxslt, as used in Google Chrome before ...)
	{DSA-2555-1}
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt 1.1.26-14 (bug #689422)
CVE-2012-2892 (Unspecified vulnerability in Google Chrome before 22.0.1229.79 allows ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2891 (The IPC implementation in Google Chrome before 22.0.1229.79 allows ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2890 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
CVE-2012-2889 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2888 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2887 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2886 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2885 (Double free vulnerability in Google Chrome before 22.0.1229.79 allows ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2884 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2883 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2882 (FFmpeg, as used in Google Chrome before 22.0.1229.79, does not ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
	- libav 6:0.8.5-1 (bug #694483)
	- ffmpeg <not-affected> (vulnerable code not present)
	NOTE: https://chromiumcodereview.appspot.com/10829204
	NOTE: fixed with http://git.libav.org/?p=libav.git;a=commitdiff;h=7751e4693dd10ec98c20fbd9887233b575034272
CVE-2012-2881 (Google Chrome before 22.0.1229.79 does not properly handle plug-ins, ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2880 (Race condition in Google Chrome before 22.0.1229.79 allows remote ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2879 (Google Chrome before 22.0.1229.79 allows remote attackers to cause a ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2878 (Use-after-free vulnerability in Google Chrome before 22.0.1229.79 ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2877 (The extension system in Google Chrome before 22.0.1229.79 does not ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2876 (Buffer overflow in the SSE2 optimization functionality in Google ...)
	- chromium-browser 22.0.1229.94~r161065-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2875 (Multiple unspecified vulnerabilities in the PDF functionality in ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2874 (Skia, as used in Google Chrome before 22.0.1229.79, allows remote ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 22.0.1229.94~r161065-1
CVE-2012-2873
	RESERVED
CVE-2012-2872 (Cross-site scripting (XSS) vulnerability in an SSL interstitial page ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2871 (libxml2 2.9.0-rc1 and earlier, as used in Google Chrome before ...)
	{DSA-2555-1}
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt 1.1.26-14 (bug #689422)
CVE-2012-2870 (libxslt 1.1.26 and earlier, as used in Google Chrome before ...)
	{DSA-2555-1}
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
	- libxslt 1.1.26-14 (bug #689422)
CVE-2012-2869 (Google Chrome before 21.0.1180.89 does not properly load URLs, which ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2868 (Race condition in Google Chrome before 21.0.1180.89 allows remote ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2867 (The SPDY implementation in Google Chrome before 21.0.1180.89 allows ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2866 (Google Chrome before 21.0.1180.89 does not properly perform a cast of ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2865 (Google Chrome before 21.0.1180.89 does not properly perform line ...)
	- chromium-browser 21.0.1180.89~r154005-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2864 (Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, ...)
	- mesa 8.0.4-2 (bug #685667)
	[squeeze] - mesa <not-affected> (Vulnerable code not present)
CVE-2012-2863 (The PDF functionality in Google Chrome before 21.0.1180.75 allows ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2862 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2861
	RESERVED
CVE-2012-2860 (The date-picker implementation in Google Chrome before 21.0.1180.57 on ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/122918
CVE-2012-2859 (Google Chrome before 21.0.1180.57 on Linux does not properly handle ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2858 (Buffer overflow in the WebP decoder in Google Chrome before ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2857 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) DOM ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2856 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2855 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2854 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2853 (The webRequest API in Google Chrome before 21.0.1180.57 on Mac OS X ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2852 (The PDF functionality in Google Chrome before 21.0.1180.57 on Mac OS X ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2851 (Multiple integer overflows in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2850 (Multiple unspecified vulnerabilities in the PDF functionality in ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2849 (Off-by-one error in the GIF decoder in Google Chrome before ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2848 (The drag-and-drop implementation in Google Chrome before 21.0.1180.57 ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2847 (Google Chrome before 21.0.1180.57 on Mac OS X and Linux, and before ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2846 (Google Chrome before 21.0.1180.57 on Linux does not properly isolate ...)
	- chromium-browser 21.0.1180.57~r148591
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2845 (Integer overflow in the jpeg_data_load_data function in jpeg-data.c in ...)
	- exif 0.6.20-2 (low; bug #681465)
	[squeeze] - exif <no-dsa> (Minor crasher)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2844 (The PDF functionality in Google Chrome before 20.0.1132.57 does not ...)
	- chromium-browser <not-affected>
CVE-2012-2843 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 ...)
	- chromium-browser 20.0.1132.57~r145807-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2842 (Use-after-free vulnerability in Google Chrome before 20.0.1132.57 ...)
	- chromium-browser 20.0.1132.57~r145807-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2841 (Integer underflow in the exif_entry_get_value function in exif-entry.c ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2840 (Off-by-one error in the exif_convert_utf16_to_utf8 function in ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2839
	RESERVED
CVE-2012-2838
	RESERVED
CVE-2012-2837 (The mnote_olympus_entry_get_value function in ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2836 (The exif_data_load_data function in exif-data.c in the EXIF Tag ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2835
	RESERVED
CVE-2012-2834 (Integer overflow in Google Chrome before 20.0.1132.43 allows remote ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2833 (Buffer overflow in the JS API in the PDF functionality in Google ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2832 (The image-codec implementation in the PDF functionality in Google ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2831 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2830 (Google Chrome before 20.0.1132.43 does not properly set array values, ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2829 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2828 (Multiple integer overflows in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2827 (Use-after-free vulnerability in the UI in Google Chrome before ...)
	- chromium-browser <not-affected> (MacOS specific)
CVE-2012-2826 (Google Chrome before 20.0.1132.43 does not properly implement texture ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2825 (The XSL implementation in Google Chrome before 20.0.1132.43 allows ...)
	- libxslt 1.1.26-13 (low; bug #679283)
	[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2012-2824 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2823 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2822 (The PDF functionality in Google Chrome before 20.0.1132.43 allows ...)
	- chromium-browser <not-affected> (PDF functionality not present in Chromium)
CVE-2012-2821 (The autofill implementation in Google Chrome before 20.0.1132.43 does ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2820 (Google Chrome before 20.0.1132.43 does not properly implement SVG ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2819 (The texSubImage2D implementation in the WebGL subsystem in Google ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2818 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2817 (Use-after-free vulnerability in Google Chrome before 20.0.1132.43 ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <not-affected>
CVE-2012-2816 (Google Chrome before 20.0.1132.43 on Windows does not properly isolate ...)
	- chromium-browser <not-affected> (windows-only)
CVE-2012-2815 (Google Chrome before 20.0.1132.43 allows remote attackers to obtain ...)
	- chromium-browser 20.0.1132.43~r143823-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-2814 (Buffer overflow in the exif_entry_format_value function in ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2813 (The exif_convert_utf16_to_utf8 function in exif-entry.c in the EXIF ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2812 (The exif_entry_get_value function in exif-entry.c in the EXIF Tag ...)
	{DSA-2559-1}
	- libexif 0.6.20-3 (bug #681454)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=771229
	NOTE: http://seclists.org/oss-sec/2012/q3/74
CVE-2012-2811
	RESERVED
CVE-2012-2810
	RESERVED
CVE-2012-2809
	RESERVED
CVE-2012-2808 (The PRNG implementation in the DNS resolver in Bionic in Android ...)
	- iceweasel <not-affected> (Only affects 37.x; only on Android)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-41/
CVE-2012-2807 (Multiple integer overflows in libxml2, as used in Google Chrome before ...)
	{DSA-2521-1}
	- libxml2 2.8.0+dfsg1-5 (bug #679280)
	NOTE: https://git.gnome.org/browse/libxml2/commit/?id=459eeb9dc752d5185f57ff6b135027f11981a626
CVE-2012-2806 (Heap-based buffer overflow in the get_sos function in jdmarker.c in ...)
	- libjpeg-turbo <not-affected> (Fixed before initial release)
CVE-2012-2805 (Unspecified vulnerability in FFMPEG 0.10 allows remote attackers to ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2804 (Unspecified vulnerability in libavcodec/indeo3.c in FFmpeg before 0.11 ...)
	- ffmpeg 7:2.4.1-1
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
CVE-2012-2803 (Double free vulnerability in the mpeg_decode_frame function in ...)
	{DSA-2624-1}
	- ffmpeg 7:2.4.1-1
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2802 (Unspecified vulnerability in the ac3_decode_frame function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2801 (Unspecified vulnerability in libavcodec/avs.c in FFmpeg before 0.11, ...)
	{DSA-2624-1}
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2800 (Unspecified vulnerability in the ff_ivi_process_empty_tile function in ...)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2799 (Unspecified vulnerability in libavcodec/wmalosslessdec.c in FFmpeg ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2798 (Unspecified vulnerability in the decode_dds1 function in ...)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2797 (Unspecified vulnerability in the decode_frame_mp3on4 function in ...)
	- ffmpeg 7:2.4.1-1
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg <not-affected> (vulnerable code not present)
	NOTE: patch proposed: http://patches.libav.org/patch/32642/
CVE-2012-2796 (Unspecified vulnerability in the vc1_decode_frame function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2795 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2794 (Unspecified vulnerability in the decode_mb_info function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2793 (Unspecified vulnerability in the lag_decode_zero_run_line function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2792 (Unspecified vulnerability in the decode_init function in ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2791 (Multiple unspecified vulnerabilities in the (1) decode_band_hdr ...)
	- libav 6:0.8.5-1 (bug #688847)
CVE-2012-2790 (Unspecified vulnerability in the read_var_block_data function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2789 (Unspecified vulnerability in the avi_read_packet function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	NOTE: contrary to the description, this issue is about the decode_subframe in libavcodec/wmaprodec.c
CVE-2012-2788 (Unspecified vulnerability in the avi_read_packet function in ...)
	{DSA-2624-1}
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
CVE-2012-2787 (Unspecified vulnerability in the decode_frame function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2786 (Unspecified vulnerability in the decode_wdlt function in ...)
	- ffmpeg <not-affected> (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2785 (Multiple unspecified vulnerabilities in libavcodec/wmalosslessdec.c in ...)
	- libav <not-affected> (Vulnerable code not present in 0.8 version from unstable, fixed in 0.9 version in experimental)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-2784 (Unspecified vulnerability in the decode_pic function in ...)
	{DSA-2624-1}
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
	NOTE: duplicate of CVE-2012-2777
CVE-2012-2783 (Unspecified vulnerability in libavcodec/vp56.c in FFmpeg before 0.11, ...)
	{DSA-2624-1}
	- ffmpeg 7:2.4.1-1 (bug #688849)
	- libav 6:0.8.5-1 (bug #688847)
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-2782 (Unspecified vulnerability in the decode_slice_header function in ...)
	- libav <not-affected> (Doesn't affect libav)
CVE-2012-2781 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2780 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2779 (Unspecified vulnerability in the decode_frame function in ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2778 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2777 (Unspecified vulnerability in the decode_pic function in ...)
	{DSA-2624-1}
	[squeeze] - ffmpeg 4:0.5.9-1 (bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
	- ffmpeg 7:2.4.1-1
CVE-2012-2776 (Unspecified vulnerability in the decode_cell_data function in ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2775 (Unspecified vulnerability in the read_var_block_data function in ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2774 (The ff_MPV_frame_start function in libavcodec/mpegvideo.c in FFmpeg ...)
	- ffmpeg <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
	- libav <not-affected> (there is no crash, just a couple uninitialized reads, harmless according to Janne)
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=59a4b73531428d2f420b4dad545172c8483ced0f
	NOTE: patch proposed: http://patches.libav.org/patch/32644/
CVE-2012-2773 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2772 (Unspecified vulnerability in the ff_rv34_decode_frame function in ...)
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (Vulnerable code not present, bug #688849)
	- libav 6:0.8.4-1 (bug #688847)
CVE-2012-2771 (Unspecified vulnerability in FFmpeg before 0.10.3 has unknown impact ...)
	- ffmpeg 7:2.4.1-1
CVE-2012-2770 (The Authen::ExternalAuth extension before 0.11 for Best Practical ...)
	- rt-authen-externalauth 0.10-2 (bug #683288)
CVE-2012-2769 (Multiple cross-site scripting (XSS) vulnerabilities in the topic ...)
	- request-tracker4 4.0.6-1
	NOTE: bundled in RT4
CVE-2012-2768 (Multiple cross-site scripting (XSS) vulnerabilities in the topic ...)
	{DSA-2535-1}
	- rtfm <removed> (bug #683290)
	- request-tracker4 4.0.6-1
	NOTE: bundled in RT4
CVE-2012-2767
	RESERVED
CVE-2012-2766
	RESERVED
CVE-2012-2765
	RESERVED
CVE-2012-2764 (Untrusted search path vulnerability in Google Chrome before ...)
	- chromium-browser <not-affected> (Windows specific)
CVE-2012-2763 (Buffer overflow in the readstr_upto function in ...)
	- gimp 2.8.0-1 (unimportant)
	NOTE: Only exploitable in rare/theoretical setups
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/31/1
	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfu-buffer-overflow-GIMP-2.6.html
	NOTE: http://www.reactionpenetrationtesting.co.uk/advisories/scriptfubof.c
CVE-2012-2762 (SQL injection vulnerability in include/functions_trackbacks.inc.php in ...)
	- serendipity <not-affected> (vulnerable code not present in 1.5.1, see bug #678139)
CVE-2012-2761
	RESERVED
CVE-2012-2760 (mod_auth_openid before 0.7 for Apache uses world-readable permissions ...)
	- libapache2-mod-auth-openid 0.7-0.1 (low; bug #674165)
	[squeeze] - libapache2-mod-auth-openid <no-dsa> (Minor issue)
CVE-2012-2759 (Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-2758
	RESERVED
CVE-2012-2757
	RESERVED
CVE-2012-2756
	RESERVED
CVE-2012-2755
	RESERVED
CVE-2012-2754
	RESERVED
CVE-2012-2753 (Untrusted search path vulnerability in TrGUI.exe in the Endpoint ...)
	NOT-FOR-US: Endpoint Connect
CVE-2012-2752 (Untrusted search path vulnerability in VMware vMA 4.x and 5.x before ...)
	NOT-FOR-US: VMware
CVE-2012-2751 (ModSecurity before 2.6.6, when used with PHP, does not properly handle ...)
	{DSA-2506-1}
	- modsecurity-apache 2.6.6-1 (bug #678527)
	- libapache-mod-security <removed> (bug #678529)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2012-2750 (Unspecified vulnerability in MySQL 5.5.x before 5.5.23 has unknown ...)
	{DSA-2780-1}
	- mysql-5.5 5.5.23-1
	- mysql-5.1 <unfixed>
	NOTE: http://bugs.mysql.com/bug.php?id=59533
	NOTE: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
CVE-2012-2749 (MySQL 5.1.x before 5.1.63 and 5.5.x before 5.5.24 allows remote ...)
	{DSA-2496-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.24+dfsg-1
CVE-2012-2748 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2012-2747 (Unspecified vulnerability in Joomla! 2.5.x before 2.5.5 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2012-2746 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
	- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-2745 (The copy_creds function in kernel/cred.c in the Linux kernel before ...)
	- linux 3.2.15-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2744 (net/ipv6/netfilter/nf_conntrack_reasm.c in the Linux kernel before ...)
	- linux 2.6.34-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-36
CVE-2012-2743 (Revelation 0.4.13-2 and earlier does not iterate through SHA hashing ...)
	- revelation 0.4.11-10 (low; bug #633088)
	[squeeze] - revelation <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2742 (Revelation 0.4.13-2 and earlier uses only the first 32 characters of a ...)
	- revelation 0.4.11-10 (bug #633088)
	[squeeze] - revelation <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/18/1
CVE-2012-2741 (Cross-site scripting (XSS) vulnerability in public_html/lists/admin/ ...)
	NOT-FOR-US: phplist
CVE-2012-2740 (SQL injection vulnerability in public_html/lists/admin in phpList ...)
	NOT-FOR-US: phplist
CVE-2012-2739 (Oracle Java SE before 7 Update 6, and OpenJDK 7 before 7u6 build 12 ...)
	- openjdk-6 <removed> (unimportant)
	- openjdk-7 <removed> (unimportant)
	NOTE: Upstream disputes this and states it needs to be fixed in Java apps itself
	NOTE: http://mail.openjdk.java.net/pipermail/core-libs-dev/2012-May/010238.html
	NOTE: http://armoredbarista.blogspot.de/2012/02/investigating-hashdos-issue.html
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/15/12
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/17/1
CVE-2012-2738 (The VteTerminal in gnome-terminal (vte) before 0.32.2 allows remote ...)
	- vte 1:0.28.2-5 (bug #677717)
	- vte3 1:0.32.2-1
	[squeeze] - vte 1:0.24.3-4
CVE-2012-2737 (The user_change_icon_file_authorized_cb function in ...)
	- accountsservice 0.6.21-6 (bug #679429)
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/28/9
	NOTE: http://cgit.freedesktop.org/accountsservice/commit/?id=69b526a6cd4c078732068de2ba393cf9242a404b
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=832532
CVE-2012-2736 [NetworkManager: creating new WPA-secured wireless network results in insecure network being created instead]
	RESERVED
	- network-manager 0.9.4.0-1 (low; bug #655972)
	[squeeze] - network-manager 0.8.1-6+squeeze2
CVE-2012-2735 (Session fixation vulnerability in Cumin before 0.1.5444, as used in ...)
	NOT-FOR-US: Cumin
CVE-2012-2734 (Multiple cross-site request forgery (CSRF) vulnerabilities in Cumin ...)
	NOT-FOR-US: Cumin
CVE-2012-2733 (java/org/apache/coyote/http11/InternalNioInputBuffer.java in the HTTP ...)
	- tomcat6 6.0.35-5+nmu1 (bug #692439)
	[squeeze] - tomcat6 6.0.35-1+squeeze3
	NOTE: DSA 2725
	- tomcat7 7.0.28-1 (bug #692440)
CVE-2012-2732
	REJECTED
CVE-2012-2731 (The Ubercart AJAX Cart 6.x-2.x before 6.x-2.1 for Drupal stores the ...)
	NOT-FOR-US: Drupal module
CVE-2012-2730 (The Protected Node module 6.x-1.x before 6.x-1.6 for Drupal does not ...)
	NOT-FOR-US: Drupal module
CVE-2012-2729 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Drupal module
CVE-2012-2728 (Multiple cross-site request forgery (CSRF) vulnerabilities in the Node ...)
	NOT-FOR-US: Drupal module
CVE-2012-2727 (Open redirect vulnerability in the Janrain Capture module 6.x-1.0 and ...)
	NOT-FOR-US: Drupal module
CVE-2012-2726 (Cross-site scripting (XSS) vulnerability in the Protest module 6.x-1.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2725 (classes/Filter/WhitelistedExternalFilter.php in the Authoring HTML ...)
	NOT-FOR-US: Drupal module
CVE-2012-2724
	RESERVED
	NOT-FOR-US: Drupal module
CVE-2012-2723 (Cross-site scripting (XSS) vulnerability in the Maestro module 7.x-1.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2722 (The node selection interface in the WYSIWYG editor (CKEditor) in the ...)
	NOT-FOR-US: Drupal module
CVE-2012-2721 (The default views in the Organic Groups (OG) module 6.x-2.x before ...)
	NOT-FOR-US: Drupal module
CVE-2012-2720 (The Token Authentication (tokenauth) module 6.x-1.x before 6.x-1.7 for ...)
	NOT-FOR-US: Drupal module
CVE-2012-2719 (The filedepot module 6.x-1.x before 6.x-1.3 for Drupal, when accessed ...)
	NOT-FOR-US: Drupal module
CVE-2012-2718 (SQL injection vulnerability in the Counter module for Drupal allows ...)
	NOT-FOR-US: Drupal module
CVE-2012-2717 (Multiple cross-site scripting (XSS) vulnerabilities in the Mobile ...)
	NOT-FOR-US: Drupal module
CVE-2012-2716 (Cross-site request forgery (CSRF) vulnerability in the Comment ...)
	NOT-FOR-US: Drupal module
CVE-2012-2715 (Cross-site scripting (XSS) vulnerability in the themes_links function ...)
	NOT-FOR-US: Drupal module
CVE-2012-2714
	RESERVED
	NOT-FOR-US: Drupal module
CVE-2012-2713 (Cross-site request forgery (CSRF) vulnerability in the BrowserID ...)
	NOT-FOR-US: Drupal module
CVE-2012-2712 (Multiple cross-site scripting (XSS) vulnerabilities in the Search API ...)
	NOT-FOR-US: Drupal module
CVE-2012-2711 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...)
	NOT-FOR-US: Drupal module
CVE-2012-2710 (Cross-site scripting (XSS) vulnerability in the Zen module 6.x-1.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2709
	REJECTED
CVE-2012-2708 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Drupal module
CVE-2012-2707 (The Hostmaster (Aegir) module 6.x-1.x before 6.x-1.9 for Drupal does ...)
	NOT-FOR-US: Drupal module
CVE-2012-2706 (Cross-site scripting (XSS) vulnerability in the Post Affiliate Pro ...)
	NOT-FOR-US: Drupal module
CVE-2012-2705 (The filter_titles function in the Smart Breadcrumb module 6.x-1.x ...)
	NOT-FOR-US: Drupal module
CVE-2012-2704 (The Advertisement module 6.x-2.x before 6.x-2.3 for Drupal does not ...)
	NOT-FOR-US: Drupal Module
CVE-2012-2703 (Cross-site scripting (XSS) vulnerability in the Advertisement module ...)
	NOT-FOR-US: Drupal module
CVE-2012-2702 (The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal ...)
	NOT-FOR-US: Drupal module
CVE-2012-2701
	REJECTED
CVE-2012-2700
	REJECTED
CVE-2012-2699
	REJECTED
CVE-2012-2698 (Cross-site scripting (XSS) vulnerability in the outputPage function in ...)
	[squeeze] - mediawiki <not-affected> (bug #677895; only affects experimental version 1.9.0)
	- mediawiki 1:1.19.1-1
CVE-2012-2697 (Unspecified vulnerability in autofs, as used in Red Hat Enterprise ...)
	- autofs 5.0.6-1
	NOTE: Fixed upstream with "fix paged ldap map read"
CVE-2012-2696 (The backend in Red Hat Enterprise Virtualization Manager (RHEV-M) ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-2695 (The Active Record component in Ruby on Rails before 3.0.14, 3.1.x ...)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
CVE-2012-2694 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
CVE-2012-2693 (libvirt, possibly before 0.9.12, does not properly assign USB devices ...)
	- libvirt 0.9.12-1 (bug #677496)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-2692 (MantisBT before 1.2.11 does not check the delete_attachments_threshold ...)
	{DSA-2500-1}
	- mantis 1.2.11-1 (bug #676783)
CVE-2012-2691 (The mc_issue_note_update function in the SOAP API in MantisBT before ...)
	- mantis 1.2.11-1 (bug #676783)
	[squeeze] - mantis <not-affected> (according to maintainer)
CVE-2012-2690 (virt-edit in libguestfs before 1.18.0 does not preserve the ...)
	- libguestfs 1:1.18.0-1
	NOTE: Upstream patch https://www.redhat.com/archives/libguestfs/2012-February/msg00034.html
	NOTE: https://www.redhat.com/archives/libguestfs/2012-February/msg00033.html
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=788642
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/11/5
CVE-2012-2689
	RESERVED
CVE-2012-2688 (Unspecified vulnerability in the _php_stream_scandir function in the ...)
	{DSA-2527-1}
	- php5 5.4.4-4 (low; bug #683274)
CVE-2012-2687 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- apache2 2.2.22-8 (low)
	[squeeze] - apache2 2.2.16-6+squeeze8
CVE-2012-2686 (crypto/evp/e_aes_cbc_hmac_sha1.c in the AES-NI functionality in the ...)
	- openssl 1.0.1e-1 (bug #699889)
	[squeeze] - openssl <not-affected> (Vulnerable code not present)
	NOTE: DoS in specific protocol + cpu type combination
CVE-2012-2685 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
	NOT-FOR-US: Cumin
CVE-2012-2684 (Multiple SQL injection vulnerabilities in the ...)
	NOT-FOR-US: Cumin
CVE-2012-2683 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
	NOT-FOR-US: Cumin
CVE-2012-2682 (Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG ...)
	NOT-FOR-US: Cumin
CVE-2012-2681 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
	NOT-FOR-US: Cumin
CVE-2012-2680 (Cumin before 0.1.5444, as used in Red Hat Enterprise Messaging, ...)
	NOT-FOR-US: Cumin
CVE-2012-2679 (Red Hat Network (RHN) Configuration Client (rhncfg-client) in rhncfg ...)
	NOT-FOR-US: Red Hat Network configuration client
CVE-2012-2678 (389 Directory Server before 1.2.11.6 (aka Red Hat Directory Server ...)
	- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-2677 (Integer overflow in the ordered_malloc function in boost/pool/pool.hpp ...)
	- boost1.42 <removed> (low; bug #688331)
	[squeeze] - boost1.42 <no-dsa> (Minor issue)
	- boost1.49 1.49.0-3.1 (low; bug #677197)
CVE-2012-2676 (Multiple integer overflows in the (1) malloc and (2) calloc functions ...)
	NOT-FOR-US: Hoard memory allocator
CVE-2012-2675 (Multiple integer overflows in the (1) CallMalloc (malloc) and (2) ...)
	NOT-FOR-US: nedmalloc
CVE-2012-2674 (Multiple integer overflows in the (1) chk_malloc, (2) leak_malloc, and ...)
	NOT-FOR-US: Android libc
CVE-2012-2673 (Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc ...)
	- libgc 1:7.1-9 (bug #677195)
	[squeeze] - libgc 1:6.8-2
CVE-2012-2672 (Oracle Mojarra 2.1.7 does not properly &quot;clean up&quot; the FacesContext ...)
	- mojarra 2.2.8-1 (bug #677194)
	[wheezy] - mojarra <not-affected> (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian)
	[squeeze] - mojarra <not-affected> (Only affected in combination with EAP6/AS7 application servers, not shipped in Debian)
CVE-2012-2671 (The Rack::Cache rubygem 0.3.0 through 1.1 caches Set-Cookie and other ...)
	NOTE: https://github.com/rtomayko/rack-cache/blob/master/CHANGES
	- ruby-rack-cache 1.2-1
CVE-2012-2670 (manageuser.php in Collabtive before 0.7.6 allows remote authenticated ...)
	- collabtive 0.7.6-1 (bug #676311)
	NOTE: http://www.securityfocus.com/archive/1/522973/30/0/threaded
	NOTE: http://xync.org/2012/06/04/Arbitrary-File-Upload-in-Collabtive.html
	NOTE: http://www.collabtive.o-dyn.de/blog/?p=426
CVE-2012-2669 (The main function in tools/hv/hv_kvp_daemon.c in hypervkvpd, as ...)
	- linux 3.2.23-1
	[squeeze] - linux-2.6 <not-affected> (userspace daemon not yet present)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=761200
CVE-2012-2668 (libraries/libldap/tls_m.c in OpenLDAP, possibly 2.4.31 and earlier, ...)
	- openldap <not-affected> (OpenLDAP in Debian uses GNUTLS instead of Mozilla NSS)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=825875
	NOTE: http://www.openldap.org/its/index.cgi?findid=7285
	NOTE: http://www.openldap.org/devel/gitweb.cgi?p=openldap.git;a=commit;h=2c2bb2e
CVE-2012-2667 (Session fixation vulnerability in ...)
	NOT-FOR-US: Symfony
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=418427
	NOTE: http://symfony.com/blog/security-release-symfony-1-4-18-released
	NOTE: http://trac.symfony-project.org/browser/tags/RELEASE_1_4_18/CHANGELOG
	NOTE: http://trac.symfony-project.org/changeset/33466?format=diff&new=33466
CVE-2012-2666
	RESERVED
CVE-2012-2665 (Multiple heap-based buffer overflows in the XML manifest encryption ...)
	{DSA-2520-1}
	- libreoffice 1:3.5.4-7
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
CVE-2012-2664 (The sosreport utility in the Red Hat sos package before 2.2-29 does ...)
	NOT-FOR-US: sosreport (Red Hat tool)
CVE-2012-2663 (extensions/libxt_tcp.c in iptables through 1.4.21 does not match TCP ...)
	- iptables <unfixed> (unimportant; bug #675445)
CVE-2012-2662 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2012-2661 (The Active Record component in Ruby on Rails 3.0.x before 3.0.13, ...)
	- rails <not-affected> (Doesn't affects RoR in Squeeze)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675396; bug #675429)
	NOTE: http://seclists.org/oss-sec/2012/q2/448
CVE-2012-2660 (actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before ...)
	- ruby-activerecord-3.2 3.2.6-1 (bug #675429)
	NOTE: http://seclists.org/oss-sec/2012/q2/449
CVE-2012-2659
	RESERVED
CVE-2012-2658 (** DISPUTED ** ...)
	- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
	NOTE: Only triggerable by trusted input, not a security issue
CVE-2012-2657 (** DISPUTED ** ...)
	- unixodbc 2.3.6-0.1 (unimportant; bug #675058)
	NOTE: Only triggerable by trusted input, not a security issue
CVE-2012-2656 [XXE vulnerability in Restlet]
	RESERVED
	- restlet <itp> (bug #596472)
CVE-2012-2655 (PostgreSQL 8.3.x before 8.3.19, 8.4.x before 8.4.12, 9.0.x before ...)
	{DSA-2491-1}
	- postgresql-9.1 9.1.4-1
	- postgresql-8.4 8.4.12-1
CVE-2012-2654 (The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom ...)
	- nova 2012.1-6 (bug #676465)
CVE-2012-2653 (arpwatch 2.1a15, as used by Red Hat, Debian, Fedora, and possibly ...)
	{DSA-2481-1}
	- arpwatch 2.1a15-1.2 (bug #674715)
	NOTE: Debian build includes the vulnerable patch (in .diff.gz)
CVE-2012-2652 (The bdrv_open function in Qemu 1.0 does not properly handle the ...)
	{DSA-2545-1 DSA-2542-1}
	- qemu 1.1.0+dfsg-1 (bug #678280)
	- qemu-kvm 1.1.0+dfsg-1
CVE-2012-2651
	RESERVED
CVE-2012-2650
	RESERVED
CVE-2012-2649 (The Sleipnir Mobile application 2.2.0 and earlier and Sleipnir Mobile ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2012-2648 (Cross-site scripting (XSS) vulnerability in the GoodReader app 3.16 ...)
	NOT-FOR-US: GoodReader
CVE-2012-2647 (Yahoo! Toolbar 1.0.0.5 and earlier for Chrome and Safari allows remote ...)
	NOT-FOR-US: Yahoo! Toolbar
CVE-2012-2646 (The Sleipnir Mobile application before 2.1.0 and Sleipnir Mobile Black ...)
	NOT-FOR-US: Sleipnir Mobile
CVE-2012-2645 (The Yahoo! Japan Yahoo! Browser application 1.2.0 and earlier for ...)
	NOT-FOR-US: The Yahoo! Japan Yahoo! Browser application
CVE-2012-2644 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...)
	NOT-FOR-US: Movable Type MT4i plugin
CVE-2012-2643 (Cross-site scripting (XSS) vulnerability in KENT-WEB YY-BOARD before ...)
	NOT-FOR-US: KENT-WEB YY-BOARD
CVE-2012-2642 (Cross-site scripting (XSS) vulnerability in the MT4i plugin 3.1 beta 4 ...)
	NOT-FOR-US: Movable Type MT4i plugin
CVE-2012-2641 (Cross-site scripting (XSS) vulnerability in Zenphoto before 1.4.3 ...)
	NOT-FOR-US: Zenphoto
CVE-2012-2640 (The NEC BIGLOBE Yome Collection application 1.8.3 and earlier for ...)
	NOT-FOR-US: The NEC BIGLOBE Yome Collection
CVE-2012-2639
	REJECTED
CVE-2012-2638 (Cross-site scripting (XSS) vulnerability in SmallPICT.cgi in SmallPICT ...)
	NOT-FOR-US: SmallPICT
CVE-2012-2637 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...)
	NOT-FOR-US: KENT-WEB WEB PATIO
CVE-2012-2636 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB PATIO 4.04 ...)
	NOT-FOR-US: KENT-WEB WEB PATIO
CVE-2012-2635 (The Dolphin Browser HD application before 7.6 and Dolphin for Pad ...)
	NOT-FOR-US: Dolphin
CVE-2012-2634 (Cross-site scripting (XSS) vulnerability in FeedDemon before 4.0, when ...)
	NOT-FOR-US: FeedDemon
CVE-2012-2633 (Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp ...)
	NOT-FOR-US: WassUp
CVE-2012-2632 (SEIL routers with firmware SEIL/x86 1.00 through 2.35, SEIL/X1 2.30 ...)
	NOT-FOR-US: SEIL routers
CVE-2012-2631 (Cross-site scripting (XSS) vulnerability in WEBLOGIC @WEB ShoppingCart ...)
	NOT-FOR-US: WEBLOGIC
CVE-2012-2630 (The Puella Magi Madoka Magica iP application 1.05 and earlier for ...)
	NOT-FOR-US: Puella Magi Madoka Magica iP (Android application)
CVE-2012-2629
	RESERVED
CVE-2012-2628
	RESERVED
CVE-2012-2627 (d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-2626 (cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell ...)
	NOT-FOR-US: Plixer Scrutinizer
CVE-2012-2625 (The PyGrub boot loader in Xen unstable before changeset ...)
	{DSA-2636-1}
	- xen 4.1.3-4 (low; bug #688125)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-2625
CVE-2012-2624 (Stack-based buffer overflow in Logica HotScan allows remote attackers ...)
	NOT-FOR-US: Logica HotScan
CVE-2012-XXXX [two XSS]
	- spip 2.1.14-1 (low; bug #672961)
	[squeeze] - spip 2.1.1-3squeeze4
CVE-2012-1675 (The TNS Listener, as used in Oracle Database 11g 11.1.0.7, 11.2.0.2, ...)
	NOT-FOR-US: Oracle Database
CVE-2012-2623
	RESERVED
CVE-2012-2622
	RESERVED
CVE-2012-2621
	RESERVED
CVE-2012-2620
	RESERVED
CVE-2012-2619 (The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, ...)
	- firmware-nonfree <not-affected> (Affects different chipset combination, see bug #694716)
CVE-2012-2618
	RESERVED
CVE-2012-2617
	RESERVED
CVE-2012-2616
	RESERVED
CVE-2012-2615
	REJECTED
CVE-2012-2614 (Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 ...)
	NOT-FOR-US: Lattice Diamond Programmer
CVE-2012-2613
	RESERVED
CVE-2012-2612 (The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2611 (The DiagTraceR3Info function in the Dialog processor in disp+work.exe ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2610
	RESERVED
CVE-2012-2609
	RESERVED
CVE-2012-2608
	RESERVED
CVE-2012-2607 (The Johnson Controls CK721-A controller with firmware before ...)
	NOT-FOR-US: The Johnson Controls CK721-A
CVE-2012-2606 (The agent in Bradford Network Sentry before 5.3.3 does not require ...)
	NOT-FOR-US: Bradford Network Sentry
CVE-2012-2605 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Bradford Network Sentry
CVE-2012-2604 (Multiple cross-site scripting (XSS) vulnerabilities in GuestAccess.jsp ...)
	NOT-FOR-US: Bradford Network Sentry
CVE-2012-2603 (The server in CollabNet ScrumWorks Pro before 6.0 allows remote ...)
	NOT-FOR-US: CollabNet ScrumWorks Pro
CVE-2012-2602 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2601 (SQL injection vulnerability in WrVMwareHostList.asp in Ipswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2012-2600
	RESERVED
CVE-2012-2599
	RESERVED
CVE-2012-2598 (Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2597 (Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2596 (The XPath functionality in unspecified web applications in Siemens ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2595 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified web ...)
	NOT-FOR-US: Siemens WinCC
CVE-2012-2594
	RESERVED
CVE-2012-2593
	RESERVED
CVE-2012-2592 (Cross-site scripting (XSS) vulnerability in Axigen Mail Server 8.0.1 ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2012-2591 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
	NOT-FOR-US: EmailArchitect
CVE-2012-2590 (Multiple cross-site scripting (XSS) vulnerabilities in ESCON ...)
	NOT-FOR-US: ESCON SupportPortal Professional Edition
CVE-2012-2589
	REJECTED
CVE-2012-2588 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2012-2587 (Multiple cross-site scripting (XSS) vulnerabilities in AfterLogic ...)
	NOT-FOR-US: AfterLogic MailSuite Pro
CVE-2012-2586 (Multiple cross-site scripting (XSS) vulnerabilities in Mailtraq ...)
	NOT-FOR-US: Mailtraq
CVE-2012-2585 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2012-2584 (Multiple cross-site scripting (XSS) vulnerabilities in Alt-N MDaemon ...)
	NOT-FOR-US: Alt-N MDaemon Free
CVE-2012-2583 (Cross-site scripting (XSS) vulnerability in Mini Mail Dashboard Widget ...)
	NOT-FOR-US: WordPress plugin Mini Mail Dashboard Widget
CVE-2012-2582 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
	{DSA-2536-1}
	- otrs2 3.1.7+dfsg1-4
CVE-2012-2581
	RESERVED
CVE-2012-2580 (Cross-site scripting (XSS) vulnerability in the Postie plugin 1.4.3, ...)
	NOT-FOR-US: WordPress plugin Postie
CVE-2012-2579 (Multiple cross-site scripting (XSS) vulnerabilities in the WP ...)
	NOT-FOR-US: WordPress plugin SimpleMail
CVE-2012-2578 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterMail 9.2 ...)
	NOT-FOR-US: SmarterMail
CVE-2012-2577 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2012-2576 (SQL injection vulnerability in the LoginServlet page in SolarWinds ...)
	NOT-FOR-US: SolarWinds
CVE-2012-2575 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 6.0a4 ...)
	NOT-FOR-US: NetWin SurgeMail
CVE-2012-2574 (SQL injection vulnerability in the management console in Symantec Web ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2573 (Multiple cross-site scripting (XSS) vulnerabilities in T-dah WebMail ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-2572 (Cross-site scripting (XSS) vulnerability in the ThreeWP Email ...)
	NOT-FOR-US: WordPress plugin ThreeWP Email Reflector
CVE-2012-2571 (Multiple cross-site scripting (XSS) vulnerabilities in WinWebMail ...)
	NOT-FOR-US: WinWebMail
CVE-2012-2570 (Cross-site scripting (XSS) vulnerability in products_map.php in X-Cart ...)
	NOT-FOR-US: X-Cart Gold
CVE-2012-2569 (Cross-site scripting (XSS) vulnerability in Synametrics Technologies ...)
	NOT-FOR-US: Synametrics Technologies Xeams
CVE-2012-2568 (d41d8cd98f00b204e9800998ecf8427e.php in the management web server on ...)
	NOT-FOR-US: Seagate BlackArmor
CVE-2012-2567 (The Xelex MobileTrack application 2.3.7 and earlier for Android uses ...)
	NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2566 (Bloxx Web Filtering before 5.0.14 does not properly interpret ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2565 (Bloxx Web Filtering before 5.0.14 does not use a salt during ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2564 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web ...)
	NOT-FOR-US: Bloxx Web Filtering
CVE-2012-2562 (The Xelex MobileTrack application 2.3.7 and earlier for Android does ...)
	NOT-FOR-US: Xelex MobileTrack application
CVE-2012-2561 (HP Business Service Management (BSM) 9.12 does not properly restrict ...)
	NOT-FOR-US: HP Business Service Management
CVE-2012-2560 (Directory traversal vulnerability in WellinTech KingView 6.53 allows ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-2559 (WellinTech KingHistorian 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: WellinTech KingHistorian
CVE-2012-2558
	RESERVED
CVE-2012-2557 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-2556 (The OpenType Font (OTF) driver in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2555
	REJECTED
CVE-2012-2554
	REJECTED
CVE-2012-2553 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2552 (Cross-site scripting (XSS) vulnerability in the SQL Server Report ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2012-2551 (The server in Kerberos in Microsoft Windows Server 2008 R2 and R2 SP1, ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2012-2550 (Microsoft Works 9 allows remote attackers to execute arbitrary code or ...)
	NOT-FOR-US: Microsoft Works
CVE-2012-2549 (The IP-HTTPS server in Windows Server 2008 R2 and R2 SP1 and Server ...)
	NOT-FOR-US: Windows Server
CVE-2012-2548 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-2547
	REJECTED
CVE-2012-2546 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-2545
	REJECTED
CVE-2012-2544
	REJECTED
CVE-2012-2543 (Stack-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-2542
	REJECTED
CVE-2012-2541
	REJECTED
CVE-2012-2540
	REJECTED
CVE-2012-2539 (Microsoft Word 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Word Viewer; ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-2538
	REJECTED
CVE-2012-2537
	REJECTED
CVE-2012-2536 (Cross-site scripting (XSS) vulnerability in Microsoft Systems ...)
	NOT-FOR-US: Microsoft Systems Management Server
CVE-2012-2535
	REJECTED
CVE-2012-2534
	REJECTED
CVE-2012-2533
	REJECTED
CVE-2012-2532 (Microsoft FTP Service 7.0 and 7.5 for Internet Information Services ...)
	NOT-FOR-US: Microsoft FTP Service
CVE-2012-2531 (Microsoft Internet Information Services (IIS) 7.5 uses weak ...)
	NOT-FOR-US: Microsoft IIS
CVE-2012-2530 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2529 (Integer overflow in the kernel in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2528 (Use-after-free vulnerability in Microsoft Word 2003 SP3, 2007 SP2 and ...)
	NOT-FOR-US: Microsoft Word
CVE-2012-2527 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2526 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-2525
	REJECTED
CVE-2012-2524 (Microsoft Office 2007 SP2 and SP3 and 2010 SP1 allows remote attackers ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-2523 (Integer overflow in Microsoft Internet Explorer 8 and 9, JScript 5.8, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2522 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2521 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-2520 (Cross-site scripting (XSS) vulnerability in Microsoft InfoPath 2007 ...)
	NOT-FOR-US: Microsoft Infopath
CVE-2012-2519 (Untrusted search path vulnerability in Entity Framework in ADO.NET in ...)
	NOT-FOR-US: Microsoft .NET framework
CVE-2012-2518
	REJECTED
CVE-2012-2517
	RESERVED
CVE-2012-2516 (An ActiveX control in KeyHelp.ocx in KeyWorks KeyHelp Module (aka the ...)
	NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2515 (Multiple stack-based buffer overflows in the KeyHelp.KeyCtrl.1 ActiveX ...)
	NOT-FOR-US: KeyWorks not in Debian
CVE-2012-2514 (The DiagiEventSource function in disp+work.exe 7010.29.15.58313 and ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2513 (The Diaginput function in disp+work.exe 7010.29.15.58313 and ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2512 (The DiagTraceStreamI function in disp+work.exe 7010.29.15.58313 and ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2511 (The DiagTraceAtoms function in disp+work.exe 7010.29.15.58313 and ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-2510
	RESERVED
CVE-2012-2509
	RESERVED
CVE-2012-2508
	RESERVED
CVE-2012-2507
	RESERVED
CVE-2012-2506
	RESERVED
CVE-2012-2505
	RESERVED
CVE-2012-2504
	RESERVED
CVE-2012-2503
	RESERVED
CVE-2012-2502
	RESERVED
CVE-2012-2501
	RESERVED
CVE-2012-2500 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 does not ...)
	NOT-FOR-US: Cisco
CVE-2012-2499 (The IPsec implementation in Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2012-2498 (Cisco AnyConnect Secure Mobility Client 3.0 through 3.0.08066 does not ...)
	NOT-FOR-US: Cisco
CVE-2012-2497
	REJECTED
CVE-2012-2496 (A certain Java applet in the VPN downloader implementation in the ...)
	NOT-FOR-US: Cisco
CVE-2012-2495 (The HostScan downloader implementation in Cisco AnyConnect Secure ...)
	NOT-FOR-US: Cisco
CVE-2012-2494 (The VPN downloader implementation in the WebLaunch feature in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-2493 (The VPN downloader implementation in the WebLaunch feature in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-2492
	RESERVED
CVE-2012-2491
	RESERVED
CVE-2012-2490 (Cisco IP Communicator 8.6 allows man-in-the-middle attackers to modify ...)
	NOT-FOR-US: Cisco
CVE-2012-2489
	RESERVED
CVE-2012-2488 (Cisco IOS XR before 4.2.1 on ASR 9000 series devices and CRS series ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-2487
	RESERVED
CVE-2012-2486 (The Cisco Discovery Protocol (CDP) implementation on Cisco ...)
	NOT-FOR-US: Cisco Telepresence
CVE-2012-2485
	RESERVED
CVE-2012-2484
	RESERVED
CVE-2012-2483
	RESERVED
CVE-2012-2482
	RESERVED
CVE-2012-2481
	RESERVED
CVE-2012-2480
	RESERVED
CVE-2012-2479
	RESERVED
CVE-2012-2478
	RESERVED
CVE-2012-2477
	RESERVED
CVE-2012-2476
	RESERVED
CVE-2012-2475
	RESERVED
CVE-2012-2474 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...)
	NOT-FOR-US: Cisco
CVE-2012-2473
	RESERVED
CVE-2012-2472 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2012-2471
	RESERVED
CVE-2012-2470
	RESERVED
CVE-2012-2469 (Cisco NX-OS 4.2, 5.0, 5.1, and 5.2 on Nexus 7000 series switches, when ...)
	NOT-FOR-US: Cisco
CVE-2012-2468
	RESERVED
CVE-2012-2467
	RESERVED
CVE-2012-2466
	RESERVED
CVE-2012-2465
	RESERVED
CVE-2012-2464
	RESERVED
CVE-2012-2463
	RESERVED
CVE-2012-2462
	RESERVED
CVE-2012-2461
	RESERVED
CVE-2012-2460
	RESERVED
CVE-2012-2459 (Unspecified vulnerability in bitcoind and Bitcoin-Qt before 0.4.6, ...)
	- bitcoin 0.6.2.1-1
	NOTE: https://bitcointalk.org/index.php?topic=81749.0
CVE-2012-2458
	RESERVED
CVE-2012-2457
	RESERVED
CVE-2012-2456
	REJECTED
CVE-2012-2455 (Advanced Productivity Software DTE Axiom before 12.3.3 does not ...)
	NOT-FOR-US: Advanced Productivity Software DTE Axiom
CVE-2012-2454
	RESERVED
CVE-2012-2453
	RESERVED
CVE-2012-2452
	RESERVED
CVE-2012-2450 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, ...)
	NOT-FOR-US: VMware
CVE-2012-2449 (VMware Workstation 8.x before 8.0.3, VMware Player 4.x before 4.0.3, ...)
	NOT-FOR-US: VMware
CVE-2012-2448 (VMware ESXi 3.5 through 5.0 and ESX 3.5 through 4.1 allow remote ...)
	NOT-FOR-US: VMware
CVE-2012-2447 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Netsweeper WebAdmin Portal
CVE-2012-2446 (Cross-site scripting (XSS) vulnerability in tools/local_lookup.php in ...)
	NOT-FOR-US: Netsweeper WebAdmin Portal
CVE-2012-2451 (The Config::IniFiles module before 2.71 for Perl creates temporary ...)
	- libconfig-inifiles-perl 2.72-1 (bug #671255; low)
	[squeeze] - libconfig-inifiles-perl 2.52-1+squeeze1
	NOTE: https://bitbucket.org/shlomif/perl-config-inifiles/changeset/a08fa26f4f59
	NOTE: http://seclists.org/oss-sec/2012/q2/225
CVE-2012-2445
	RESERVED
CVE-2012-2444
	RESERVED
CVE-2012-2443
	RESERVED
CVE-2012-2442 (Buffer overflow in the Video Manager in Nokia PC Suite 7.1.180.64 and ...)
	NOT-FOR-US: Nokia PC Suite
CVE-2012-2441 (RuggedCom Rugged Operating System (ROS) before 3.3 has a factory ...)
	NOT-FOR-US: RuggedCom Rugged Operating System
CVE-2012-2440 (The default configuration of the TP-Link 8840T router enables ...)
	NOT-FOR-US: TP-Link router
CVE-2012-2439 (The default configuration of the NETGEAR ProSafe FVS318N firewall ...)
	NOT-FOR-US: NETGEAR appliance
CVE-2012-2438 (ar web content manager (AWCM) 2.2 does not restrict the number of ...)
	NOT-FOR-US: ar web content manager
CVE-2012-2437 (cookie_gen.php in ar web content manager (AWCM) 2.2 does not require ...)
	NOT-FOR-US: ar web content manager
CVE-2012-2436 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg CMS ...)
	NOT-FOR-US: Pligg
CVE-2012-2435 (Directory traversal vulnerability in the captcha module in Pligg CMS ...)
	NOT-FOR-US: Pligg
CVE-2012-2434
	RESERVED
CVE-2012-2433
	RESERVED
CVE-2012-2432
	RESERVED
CVE-2012-2431
	RESERVED
CVE-2012-2430
	RESERVED
CVE-2012-2429 (The server in xArrow before 3.4.1 performs an invalid read operation, ...)
	NOT-FOR-US: xArrow
CVE-2012-2428 (Integer overflow in the server in xArrow before 3.4.1 allows remote ...)
	NOT-FOR-US: xArrow
CVE-2012-2427 (Heap-based buffer overflow in the server in xArrow before 3.4.1 allows ...)
	NOT-FOR-US: xArrow
CVE-2012-2426 (The server in xArrow before 3.4.1 does not properly allocate memory, ...)
	NOT-FOR-US: xArrow
CVE-2012-2425 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
	NOT-FOR-US: Intuit
CVE-2012-2424 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
	NOT-FOR-US: Intuit
CVE-2012-2423 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
	NOT-FOR-US: Intuit
CVE-2012-2422 (Intuit QuickBooks 2009 through 2012 might allow remote attackers to ...)
	NOT-FOR-US: Intuit
CVE-2012-2421 (Absolute path traversal vulnerability in the intu-help-qb (aka Intuit ...)
	NOT-FOR-US: Intuit
CVE-2012-2420 (The intu-help-qb (aka Intuit Help System Async Pluggable Protocol) ...)
	NOT-FOR-US: Intuit
CVE-2012-2419 (Memory leak in the intu-help-qb (aka Intuit Help System Async ...)
	NOT-FOR-US: Intuit
CVE-2012-2418 (Heap-based buffer overflow in the intu-help-qb (aka Intuit Help System ...)
	NOT-FOR-US: Intuit
CVE-2012-2417 (PyCrypto before 2.6 does not produce appropriate prime numbers when ...)
	{DSA-2502-1}
	- python-crypto 2.6-1
	NOTE: https://bugs.launchpad.net/pycrypto/+bug/985164
CVE-2012-2413 (Cross-site scripting (XSS) vulnerability in the ja_purity template for ...)
	NOT-FOR-US: Joomla template
CVE-2012-2412
	RESERVED
CVE-2012-2411 (Buffer overflow in RealNetworks RealPlayer before 15.0.4.53, and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2410 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2409 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2408 (The AAC SDK in RealNetworks RealPlayer before 15.0.6.14, RealPlayer SP ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2407 (Buffer overflow in RealNetworks RealPlayer before 15.0.6.14, ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2012-2406 (RealNetworks RealPlayer before 15.0.4.53, and RealPlayer SP 1.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2012-2405 (Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement ...)
	- gallery2 <removed>
CVE-2012-2404 (wp-comments-post.php in WordPress before 3.3.2 supports offsite ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2403 (wp-includes/formatting.php in WordPress before 3.3.2 attempts to ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2402 (wp-admin/plugins.php in WordPress before 3.3.2 allows remote ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2401 (Plupload before 1.5.4, as used in wp-includes/js/plupload/ in ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2400 (Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2012-2399 (Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload ...)
	{DSA-2470-1}
	- wordpress 3.3.2+dfsg-1 (bug #670124)
CVE-2010-5136
	REJECTED
CVE-2010-5135
	REJECTED
CVE-2010-5134
	REJECTED
CVE-2010-5133
	REJECTED
CVE-2010-5132
	REJECTED
CVE-2010-5131
	REJECTED
CVE-2010-5130
	REJECTED
CVE-2010-5129
	REJECTED
CVE-2010-5128
	REJECTED
CVE-2010-5127
	REJECTED
CVE-2010-5126
	REJECTED
CVE-2010-5125
	REJECTED
CVE-2010-5124
	REJECTED
CVE-2010-5123
	REJECTED
CVE-2010-5122
	REJECTED
CVE-2010-5121
	REJECTED
CVE-2010-5120
	REJECTED
CVE-2010-5119
	REJECTED
CVE-2010-5118
	REJECTED
CVE-2010-5117
	REJECTED
CVE-2010-5116
	RESERVED
CVE-2010-5115
	RESERVED
CVE-2010-5114
	RESERVED
CVE-2010-5113
	RESERVED
CVE-2010-5112
	RESERVED
CVE-2010-5111 (Multiple buffer overflows in readline.c in Echoping 6.0.2 allow remote ...)
	- echoping 6.0.2-4 (low; bug #606808)
	[squeeze] - echoping <no-dsa> (Minor issue)
	NOTE: Upstream fix http://sourceforge.net/p/echoping/bugs/55/
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=349569
	NOTE: http://xforce.iss.net/xforce/xfdb/64141
	NOTE: http://secunia.com/advisories/42619/
CVE-2010-5110 (DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause ...)
	{DLA-24-1}
	- poppler 0.16.3-1 (bug #722705)
	[squeeze] - poppler 0.12.4-1.2+squeeze4
CVE-2010-5109 (Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's ...)
	- libytnef 1.5-5 (low; bug #705468)
	[squeeze] - libytnef <no-dsa> (Minor issue)
	[wheezy] - libytnef <no-dsa> (Minor issue)
	- claws-mail-extra-plugins <unfixed> (low)
	[squeeze] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	[wheezy] - claws-mail-extra-plugins <no-dsa> (Minor issue)
	- claws-mail 3.11.1-2 (bug #771360)
	[squeeze] - claws-mail <not-affected> (In Squeeze, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
	[wheezy] - claws-mail <not-affected> (In Wheezy, the problematic package claws-mail-tnef-parser is built by claws-mail-extra-plugins)
CVE-2010-5108 [Trac Ticket Modification Workflow Permission Restriction Bypass]
	RESERVED
	- trac 0.11.7-1 (bug #573260)
CVE-2010-5107 (The default configuration of OpenSSH through 6.1 enforces a fixed time ...)
	- openssh 1:6.0p1-4 (low; bug #700102)
	[squeeze] - openssh 1:5.5p1-6+squeeze3
CVE-2010-5106 (The XML-RPC remote publishing interface in xmlrpc.php in WordPress ...)
	- wordpress 3.0.3-1
CVE-2010-5105 (The undo save quit routine in the kernel in Blender 2.5, 2.63a, and ...)
	- blender <unfixed> (unimportant; bug #584621)
	[squeeze] - blender <no-dsa> (Minor issue)
	[wheezy] - blender <no-dsa> (Minor issue)
	NOTE: Neutralised by kernel temp hardening
CVE-2010-5104 (The escapeStrForLike method in TYPO3 4.2.x before 4.2.16, 4.3.x before ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5103 (SQL injection vulnerability in the list module in TYPO3 4.2.x before ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5102 (Directory traversal vulnerability in mod/tools/em/class.em_unzip.php ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5101 (Directory traversal vulnerability in the TypoScript setup in TYPO3 ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5100 (Multiple cross-site scripting (XSS) vulnerabilities in the Install ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5099 (The fileDenyPattern functionality in the PHP file inclusion protection ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5098 (Cross-site scripting (XSS) vulnerability in the FORM content object in ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5097 (Cross-site scripting (XSS) vulnerability in the click enlarge ...)
	- typo3-src 4.3.9+dfsg1-1 (bug #607286)
CVE-2010-5096 (** DISPUTED ** ...)
	NOT-FOR-US: MyBB
CVE-2010-5095 (Cross-site scripting (XSS) vulnerability in SilverStripe 2.3.x before ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5094 (The deleteinstallfiles function in control/ContentController.php in ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5093 (Member_ProfileForm in security/Member.php in SilverStripe 2.3.x before ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5092 (The Add Member dialog in the Security admin page in SilverStripe 2.4.0 ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5091 (The setName function in filesystem/File.php in SilverStripe 2.3.x ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5090 (SilverStripe before 2.4.2 allows remote authenticated users to change ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5089 (SilverStripe before 2.4.2 does not properly restrict access to pages ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5088 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5087 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 allows remote ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2012-2416 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
CVE-2012-2415 (Heap-based buffer overflow in chan_skinny.c in the Skinny channel ...)
	{DSA-2460-1}
	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2414 (main/manager.c in the Manager Interface in Asterisk Open Source ...)
	{DSA-2460-1}
	- asterisk 1:1.8.11.1~dfsg-1 (bug #670180)
CVE-2012-2398 (Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ...)
	- owncloud 3.0.3-1
CVE-2012-2397 (Cross-site request forgery (CSRF) vulnerability in ownCloud before ...)
	- owncloud 3.0.3-1
CVE-2012-2396 (VideoLAN VLC media player 2.0.1 allows remote attackers to cause a ...)
	- vlc <not-affected> (Not used, see bug #671727)
	- taglib 1.7.2-1 (unimportant)
CVE-2012-2395 (Incomplete blacklist vulnerability in action_power.py in Cobbler 2.2.0 ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2012-2394 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 on the SPARC and ...)
	- wireshark 1.6.8-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7221
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824419
CVE-2012-2393 (epan/dissectors/packet-diameter.c in the DIAMETER dissector in ...)
	- wireshark 1.6.8-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: http://www.wireshark.org/security/wnpa-sec-2012-09.html
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7133
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824413
CVE-2012-2392 (Wireshark 1.4.x before 1.4.13 and 1.6.x before 1.6.8 allows remote ...)
	- wireshark 1.6.8-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6805 Squeeze: vulnerable code not present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7118 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7119 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7120 Squeeze: vulnerable code not present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7121 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7122 Squeeze: vulnerable code present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7124 Squeeze: vulnerable code not present
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7125 is CVE-2012-3825 and CVE-2012-3826
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=824411
CVE-2012-2391
	REJECTED
CVE-2012-2390 (Memory leak in mm/hugetlb.c in the Linux kernel before 3.4.2 allows ...)
	- linux 3.2.19-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2389 (hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 ...)
	- hostapd <not-affected> (Debian package provides no default config file)
	- wpa <not-affected> (Debian package provides no default config file)
CVE-2012-2388 (The GMP Plugin in strongSwan 4.2.0 through 4.6.3 allows remote ...)
	{DSA-2483-1}
	- strongswan 4.5.2-1.4
CVE-2012-2387 (devotee 0.1 patch 2 uses a 32-bit seed for generating 48-bit random ...)
	- devotee <itp> (bug #470995)
CVE-2012-2386 (Integer overflow in the phar_parse_tarfile function in tar.c in the ...)
	{DSA-2492-1}
	- php5 5.4.4~rc1-1
CVE-2012-2385 (The terminal dispatcher in mosh before 1.2.1 allows remote ...)
	- mosh 1.2.1-1 (low; bug #673871)
	[squeeze] - mosh 1.2.1-1 (low; bug #673871)
	NOTE: https://github.com/keithw/mosh/issues/271
	NOTE: https://github.com/keithw/mosh/commit/9791768705528e911bfca6c4d8aa88139035060e
CVE-2012-2384 (Integer overflow in the i915_gem_do_execbuffer function in ...)
	- linux-2.6 3.2.17-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2383 (Integer overflow in the i915_gem_execbuffer2 function in ...)
	- linux-2.6 3.2.17-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2382
	REJECTED
CVE-2012-2381 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller ...)
	NOT-FOR-US: Apache Roller
CVE-2012-2380 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Apache Roller
CVE-2012-2379 (Apache CXF 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before ...)
	NOT-FOR-US: Apache CXF
CVE-2012-2378 (Apache CXF 2.4.5 through 2.4.7, 2.5.1 through 2.5.3, and 2.6.x before ...)
	NOT-FOR-US: Apache CXF
CVE-2012-2377 (JGroups diagnostics service in JBoss Enterprise Portal Platform before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-2376 (Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and ...)
	- php5 <not-affected> (Windows-specific vulnerability)
CVE-2012-2375 (The __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the NFSv4 ...)
	- linux 3.2.19-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Incomplete patch was not released)
CVE-2012-2374 (CRLF injection vulnerability in the ...)
	- python-tornado 2.1.0-3 (low; bug #673987)
	[squeeze] - python-tornado <not-affected> (Vulnerable code not present)
CVE-2012-2373 (The Linux kernel before 3.4.5 on the x86 platform, when Physical ...)
	- linux-2.6 3.2.19-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-2372 (The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram ...)
	- linux 3.11.10-1 (unimportant)
	[wheezy] - linux 3.2.53-1
	NOTE: rds is not included in distributed kernel images, only marked as "experimental"
CVE-2012-2371 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: WP-FaceThumb plugin for WordPress
CVE-2012-2370 (Multiple integer overflows in the read_bitmap_file_data function in ...)
	- gdk-pixbuf 2.26.1-1 (low)
CVE-2012-2369 (Format string vulnerability in the log_message_cb function in ...)
	{DSA-2476-1}
	- pidgin-otr 3.2.1-1 (medium; bug #673154)
	NOTE: libotr not affected
CVE-2012-2368 (Bytemark Symbiosis before Revision 1322 does not properly validate ...)
	NOT-FOR-US: Bytemark Symbiosis
CVE-2012-2367 (Moodle 1.9.x before 1.9.18, 2.0.x before 2.0.9, 2.1.x before 2.1.6, ...)
	- moodle 2.2.3.dfsg-1 (low; bug #674163)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
CVE-2012-2366 (mod/data/preset.php in Moodle 2.1.x before 2.1.6 and 2.2.x before ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2365 (Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2364 (Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2363 (SQL injection vulnerability in calendar/event.php in the calendar ...)
	- moodle 2.0-1 (bug #674163)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
	NOTE: Only affects Moodle 1.9.x
CVE-2012-2362 (Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog ...)
	- moodle 2.0-1 (bug #674163)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
	NOTE: Only affects Moodle 1.9.x
CVE-2012-2361 (Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2360 (Cross-site scripting (XSS) vulnerability in the Wiki subsystem in ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2359 (admin/roles/override.php in Moodle 2.0.x before 2.0.9, 2.1.x before ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2358 (Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-2357 (The Multi-Authentication feature in the Central Authentication Service ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2356 (The question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2355 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2354 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2353 (Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote ...)
	- moodle 2.2.3.dfsg-1 (bug #674163)
	[squeeze] - moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-2352 (The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in ...)
	{DSA-2477-1}
	- sympa 6.1.11~dfsg-1 (bug #672893; high)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/12/8
CVE-2012-2351 (The default configuration of the auth/saml plugin in Mahara before ...)
	{DSA-2467-1}
	- mahara 1.4.2-1
CVE-2012-2350 [pam_shield default configuration does not take any action]
	RESERVED
	- pam-shield 0.9.2-3.3 (low; bug #658830)
	[squeeze] - pam-shield 0.9.2-3.3~squeeze1
CVE-2012-2349
	REJECTED
CVE-2012-2348
	REJECTED
CVE-2012-2347
	REJECTED
CVE-2012-2346
	REJECTED
CVE-2012-2345
	REJECTED
CVE-2012-2344
	REJECTED
CVE-2012-2343
	REJECTED
CVE-2012-2342
	REJECTED
CVE-2012-2341 (Cross-site request forgery (CSRF) vulnerability in the Take Control ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
	NOT-FOR-US: Drupal Take Control
CVE-2012-2340 (The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
	NOT-FOR-US: Drupal Contact Forms
CVE-2012-2339 (Cross-site scripting (XSS) vulnerability in the Glossary module ...)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/6
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/2
	NOT-FOR-US: Drupal Glossary
CVE-2012-2338 (SQL injection vulnerability in includes/picture.class.php in Galette ...)
	NOT-FOR-US: Galette
	NOTE: http://redmine.ulysses.fr/issues/250
	NOTE: http://redmine.ulysses.fr/projects/galette/repository/revisions/8c13ec159ba
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/10/5
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/11/1
CVE-2012-2337 (sudo 1.6.x and 1.7.x before 1.7.9p1, and 1.8.x before 1.8.4p5, does ...)
	{DSA-2478-1}
	- sudo 1.8.3p2-1.1 (bug #673766)
CVE-2012-2336 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...)
	- php5 5.4.3 (unimportant)
	NOTE: Rather harmless bug
CVE-2012-2335 (php-wrapper.fcgi does not properly handle command-line arguments, ...)
	NOT-FOR-US: Incomplete wrapper provided by PHP as workaround for CVE-2012-1823/CVE-2012-2311
CVE-2012-2334 (Integer overflow in filter/source/msfilter/msdffimp.cxx in ...)
	{DSA-2487-1}
	- libreoffice 1:3.5.2~rc2-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package
CVE-2012-2333 (Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and ...)
	{DSA-2475-1}
	- openssl 1.0.1c-1 (bug #672452)
	NOTE: http://seclists.org/oss-sec/2012/q2/299
	NOTE: http://www.openssl.org/news/secadv/20120510.txt
CVE-2012-2332 (SQL injection vulnerability in serendipity/serendipity_admin.php in ...)
	- serendipity <removed> (bug #671937; low)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt
	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
CVE-2012-2331 (Cross-site scripting (XSS) vulnerability in ...)
	- serendipity <removed> (bug #671937; low)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120527103654/http://www.koramis.com:80/advisories/2012/KORAMIS-ADV2012-001.txt
	NOTE: http://blog.s9y.org/archives/240-Serendipity-1.6.1-released.html
	NOTE: CVE id requested http://seclists.org/oss-sec/2012/q2/276
CVE-2012-2330 (The Update method in src/node_http_parser.cc in Node.js before 0.6.17 ...)
	- nodejs 0.6.17~dfsg1-1
	NOTE: http://blog.nodejs.org/2012/05/07/http-server-security-vulnerability-please-upgrade-to-0-6-17/
	NOTE: https://github.com/joyent/node/commit/c9a231d
CVE-2012-2329 (Buffer overflow in the apache_request_headers function in ...)
	- php5 5.4.3-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	NOTE: 5.4.x only
CVE-2012-2328 (internal/cimxml/sax/NodeFactory.java in Standards-Based Linux ...)
	NOT-FOR-US: sblim
CVE-2012-2327 (MyBB (aka MyBulletinBoard) before 1.6.7 allows remote attackers to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2326 (Cross-site scripting (XSS) vulnerability in the Admin Control Panel ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2325 (SQL injection vulnerability in the User Inline Moderation feature in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
	NOTE: http://blog.mybb.com/2012/04/01/mybb-1-6-7-update-1-8-development/
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/07/14
CVE-2012-2324 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2012-2323
	REJECTED
CVE-2012-2322 (Integer overflow in the dhcpv6_get_option function in gdhcp/client.c ...)
	- connman 1.0-1 (bug #672989)
	[squeeze] - connman <not-affected> (Vulnerable code not present)
CVE-2012-2321 (The loopback plug-in in ConnMan before 0.85 allows remote attackers to ...)
	- connman 1.0-1 (low; bug #672989)
	[squeeze] - connman <no-dsa> (Minor issue)
CVE-2012-2320 (ConnMan before 0.85 does not ensure that netlink messages originate ...)
	- connman 1.0-1 (low; bug #672989)
	[squeeze] - connman <no-dsa> (Minor issue)
CVE-2012-2319 (Multiple buffer overflows in the hfsplus filesystem implementation in ...)
	- linux 3.2.17-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2318 (msg.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.4 ...)
	- pidgin 2.10.4-1
	[squeeze] - pidgin <end-of-life> (Support in oldstable is limited to IRC, Jabber/XMPP, Sametime and SIMPLE)
CVE-2012-2317 (The Debian php_crypt_revamped.patch patch for PHP 5.3.x, as used in ...)
	- php5 5.3.6-1 (bug #581170)
	[squeeze] - php5 5.3.3-7+squeeze4
CVE-2012-2316 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: OpenKM
CVE-2012-2315 (admin/Auth in OpenKM 5.1.7 and other versions before 5.1.8-2 does not ...)
	NOT-FOR-US: OpenKM
CVE-2012-2314 (The bootloader configuration module (pyanaconda/bootloader.py) in ...)
	NOT-FOR-US: The anaconda installer
CVE-2012-2313 (The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the ...)
	- linux 3.2.19-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2312
	RESERVED
	- jbossas4 <not-affected> (Only affects JBoss 7)
CVE-2012-2311 (sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when ...)
	{DSA-2465-1}
	- php5 5.4.3-1 (bug #671880)
	NOTE: This CVE ID is for the initial incomplete fix for CVE-2012-1823
	NOTE: http://www.kb.cert.org/vuls/id/520827
CVE-2012-2310 (Cross-site scripting (XSS) vulnerability in the cctags module for ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2309 (Cross-site scripting (XSS) vulnerability in the Glossify Internal ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2308 (Cross-site scripting (XSS) vulnerability in the Taxonomy Grid : ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2307 (Cross-site request forgery (CSRF) vulnerability in the Addressbook ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2306 (SQL injection vulnerability in the Addressbook module for Drupal ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2305 (Cross-site request forgery (CSRF) vulnerability in the Node Gallery ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2304 (The Linkit module 7.x-2.x before 7.x-2.3 for Drupal, when using an ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2303 (The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2302 (Site Documentation (Sitedoc) module for Drupal 6.x-1.x before 6.x-1.4 ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2301 (The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2300 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2299 (The Ubercart module 6.x-2.x before 6.x-2.8 and 7.x-3.x before 7.x-3.1 ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2298 (Multiple cross-site scripting (XSS) vulnerabilities in the RealName ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2297 (Multiple cross-site scripting (XSS) vulnerabilities in the Creative ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2296 (The Janrain Engage (formerly RPX) module for Drupal 6.x-1.x. 6.x-2.x ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2295
	REJECTED
CVE-2012-2294 (EMC RSA Archer SmartSuite Framework 4.x and RSA Archer GRC 5.x before ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2012-2293 (Directory traversal vulnerability in EMC RSA Archer SmartSuite ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2012-2292 (The Silverlight cross-domain policy in EMC RSA Archer SmartSuite ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2012-2291 (EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC ...)
	NOT-FOR-US: EMC Avamar
CVE-2012-2290 (The client in EMC NetWorker Module for Microsoft Applications (NMM) ...)
	NOT-FOR-US: EMC NetWorker Module for Microsoft Applications
CVE-2012-2289 (EMC ApplicationXtender Desktop before 6.5 SP2 and ApplicationXtender ...)
	NOT-FOR-US: EMC
CVE-2012-2288 (Format string vulnerability in the nsrd RPC service in EMC NetWorker ...)
	NOT-FOR-US: EMC NetWorker
CVE-2012-2287 (The authentication functionality in EMC RSA Authentication Agent 7.1 ...)
	NOT-FOR-US: EMC RSA Authentication agent
CVE-2012-2286 (Unspecified vulnerability in EMC RSA Adaptive Authentication ...)
	NOT-FOR-US: EMC RSA Authentication agent
CVE-2012-2285 (EMC Cloud Tiering Appliance (aka CTA, formerly FMA) 9.0 and earlier, ...)
	NOT-FOR-US: EMC Cloud Tiering Appliance
CVE-2012-2284 (The (1) install and (2) upgrade processes in EMC NetWorker Module for ...)
	NOT-FOR-US: EMC NetWorker Module for Microsoft Applications
CVE-2012-2283 (The Iomega Home Media Network Hard Drive with EMC Lifeline firmware ...)
	NOT-FOR-US: Iomega Home Media Network Hard Drive
CVE-2012-2282 (EMC Celerra Network Server 6.x before 6.0.61.0, VNX 7.x before ...)
	NOT-FOR-US: EMC Celerra/VNX/VNXe
CVE-2012-2281 (EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access ...)
	NOT-FOR-US: RSA Access Manager
	NOTE: http://seclists.org/bugtraq/2012/Jul/36
CVE-2012-2280 (EMC RSA Authentication Manager 7.1 before SP4 P14 and RSA SecurID ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2012-2279 (Open redirect vulnerability in the Security Console in EMC RSA ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2012-2278 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2012-2277 (The IRM Server in EMC Documentum Information Rights Management 4.x ...)
	NOT-FOR-US: EMC Documentum Information Rights Management
CVE-2012-2276 (The IRM Server in EMC Documentum Information Rights Management 4.x ...)
	NOT-FOR-US: EMC Documentum Information Rights Management
CVE-2012-2275 (Multiple cross-site request forgery (CSRF) vulnerabilities in TestLink ...)
	NOT-FOR-US: TestLink
CVE-2012-2274 (Cross-site scripting (XSS) vulnerability in pivotx/ajaxhelper.php in ...)
	NOT-FOR-US: PivotX
CVE-2012-2273 (Comodo Internet Security before 5.10.228257.2253 on Windows 7 x64 ...)
	NOT-FOR-US: Comodo Internet Security
CVE-2012-2272
	RESERVED
CVE-2012-2271 (Buffer overflow in the InitLicenKeys function in a certain ActiveX ...)
	NOT-FOR-US: SkinCrafter
CVE-2012-2270 (Open redirect vulnerability in index.php (aka the Login Page) in ...)
	- owncloud 3.0.3-1
CVE-2012-2269 (Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before ...)
	- owncloud 3.0.2-1
CVE-2011-5089 (Buffer overflow in the Security Login ActiveX controls in ICONICS ...)
	NOT-FOR-US: ICONICS, BizViz
CVE-2011-5088 (The GENESIS32 IcoSetServer ActiveX control in ICONICS GENESIS32 9.21 ...)
	NOT-FOR-US: ICONICS GENESIS32, BizViz
CVE-2011-5087 (Unspecified vulnerability in AdAstrA TRACE MODE Data Center allows ...)
	NOT-FOR-US: AdAstrA TRACE MODE Data Center
CVE-2011-5086 (https50.ocx in IP*Works! SSL in the server in Unitronics UniOPC before ...)
	NOT-FOR-US: Unitronics UniOPC
CVE-2012-2268 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-2267 (master.exe in the SNMP Master Agent in RealNetworks Helix Server and ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-2266
	REJECTED
CVE-2012-2265
	REJECTED
CVE-2012-2264
	REJECTED
CVE-2012-2263
	REJECTED
CVE-2012-2262
	REJECTED
CVE-2012-2261
	REJECTED
CVE-2012-2260
	REJECTED
CVE-2012-2259
	REJECTED
CVE-2012-2258
	REJECTED
CVE-2012-2257
	REJECTED
CVE-2012-2256
	REJECTED
CVE-2012-2255
	REJECTED
CVE-2012-2254
	REJECTED
CVE-2012-2253 (Cross-site scripting (XSS) vulnerability in group/members.php in ...)
	{DSA-2591-1}
	- mahara 1.5.1-3.1 (bug #695789)
CVE-2012-2252 (Incomplete blacklist vulnerability in rssh before 2.3.4, when the ...)
	{DSA-2578-1}
	- rssh 2.3.3-6
CVE-2012-2251 (rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync ...)
	{DSA-2578-1}
	- rssh 2.3.3-6
CVE-2012-2250 (Tor before 0.2.3.24-rc allows remote attackers to cause a denial of ...)
	{DLA-17-1}
	- tor 0.2.3.24-rc-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-2249 (Tor before 0.2.3.23-rc allows remote attackers to cause a denial of ...)
	{DLA-17-1}
	- tor 0.2.3.23-rc-1 (low)
	[squeeze] - tor 0.2.4.23-1~deb6u1
CVE-2012-2248 [build-influenced PATH set in dhclient]
	RESERVED
	- isc-dhcp 4.2.4-3 (bug #690532)
	[wheezy] - isc-dhcp 4.2.2.dfsg.1-5+deb70u2
	[squeeze] - isc-dhcp <not-affected> (CLIENT_PATH is not correctly defined)
	NOTE: Debian-specific
CVE-2012-2247 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=4938
	NOTE: https://bugs.launchpad.net/mahara/+bug/1061980
CVE-2012-2246 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=493
	NOTE: https://bugs.launchpad.net/mahara/+bug/1057240
CVE-2012-2245
	REJECTED
CVE-2012-2244 (Mahara 1.4.x before 1.4.5 and 1.5.x before 1.5.4 allows remote ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=4936
	NOTE: https://bugs.launchpad.net/mahara/+bug/1057238
CVE-2012-2243 (Cross-site scripting (XSS) vulnerability in Mahara 1.4.x before 1.4.5 ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
	NOTE: https://mahara.org/interaction/forum/topic.php?id=4937
	NOTE: https://bugs.launchpad.net/mahara/+bug/1055232
	NOTE: https://bugs.launchpad.net/mahara/+bug/1063480
CVE-2012-2242 (scripts/dget.pl in devscripts before 2.10.73 allows remote attackers ...)
	{DSA-2549-1}
	- devscripts 2.12.3
CVE-2012-2241 (scripts/dget.pl in devscripts before 2.12.3 allows remote attackers to ...)
	{DSA-2549-1}
	- devscripts 2.12.3
CVE-2012-2240 (scripts/dscverify.pl in devscripts before 2.12.3 allows remote ...)
	{DSA-2549-1}
	- devscripts 2.12.3
CVE-2012-2239 (Mahara 1.4.x before 1.4.4 and 1.5.x before 1.5.3 allows remote ...)
	{DSA-2591-1}
	- mahara 1.5.1-3
CVE-2012-2238
	RESERVED
	- tryton-server <not-affected> (only affected 2.4, in experimental)
CVE-2012-2237
	RESERVED
	{DSA-2540-1}
	- mahara 1.5.1-2
CVE-2012-2236 (SQL injection vulnerability in users.php in PHP Gift Registry 1.5.5 ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2012-2235 (Cross-site scripting (XSS) vulnerability in Support Incident Tracker ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2012-2234 (Cross-site scripting (XSS) vulnerability in sources/users.queries.php ...)
	NOT-FOR-US: TeamPass.net
CVE-2012-2233
	RESERVED
CVE-2012-2232
	RESERVED
CVE-2012-2231
	RESERVED
CVE-2012-2230 (Cloudera Manager 3.7.x before 3.7.5 and Service and Configuration ...)
	NOT-FOR-US: Cloudera Manager
CVE-2012-2229
	RESERVED
CVE-2012-2228
	RESERVED
CVE-2012-2227 (Directory traversal vulnerability in update/index.php in PluXml before ...)
	NOT-FOR-US: PluXml
CVE-2012-2226
	RESERVED
CVE-2012-2225 (360zip 1.93beta allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: 360zip
CVE-2012-2224 (Xunlei Thunder before 7.2.6 allows remote attackers to execute ...)
	NOT-FOR-US: Xunlei Thunder
CVE-2012-2223 (The xplat agent in Novell ZENworks Configuration Management (ZCM) ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2012-2222
	RESERVED
CVE-2012-2221
	RESERVED
CVE-2012-2220
	RESERVED
CVE-2012-2219
	RESERVED
CVE-2012-2218
	RESERVED
CVE-2012-2217 (The HTC IQRD service for Android on the HTC EVO 4G before 4.67.651.3, ...)
	NOT-FOR-US: Android
CVE-2012-2216
	RESERVED
CVE-2012-2095 (The SetWiredProperty function in the D-Bus interface in WICD before ...)
	- wicd 1.7.2.4-1 (low; bug #668397)
	[squeeze] - wicd 1.7.0+ds1-5+squeeze2
CVE-2012-2215 (Directory traversal vulnerability in the Preboot Service in Novell ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2012-2214 (proxy.c in libpurple in Pidgin before 2.10.4 does not properly handle ...)
	- pidgin 2.10.4-1
	[squeeze] - pidgin <end-of-life> (Update not feasible, updated packages are provided through backports)
	NOTE: http://www.pidgin.im/news/security/?id=62
CVE-2012-2213 (** DISPUTED ** Squid 3.1.9 allows remote attackers to bypass the ...)
	NOT-FOR-US: Disputed Squid access bypass, probably user error and minor impact anyway
CVE-2012-2212 (** DISPUTED ** McAfee Web Gateway 7.0 allows remote attackers to ...)
	NOT-FOR-US: McAfee Web Gateway
CVE-2012-2211 (Cross-site scripting (XSS) vulnerability in ...)
	- egroupware <removed>
CVE-2012-2210 (The Sony Bravia TV KDL-32CX525 allows remote attackers to cause a ...)
	NOT-FOR-US: Sony Bravia
CVE-2012-2209 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	- piwigo <removed> (bug #685364)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2012-2208 (Directory traversal vulnerability in upgrade.php in Piwigo before ...)
	- piwigo <removed> (bug #685364)
	[squeeze] - piwigo <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Request to mark the package as unsupported in #779104
CVE-2012-2207
	RESERVED
CVE-2012-2206 (The Web Gateway component in IBM WebSphere MQ File Transfer Edition ...)
	NOT-FOR-US: IBM WebSphere MQ File Transfer Edition
CVE-2012-2205 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2204
	RESERVED
CVE-2012-2203 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2012-2202 (Directory traversal vulnerability in javatester_init.php in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Protector, IBM ISS Proventia Network Mail Security System
CVE-2012-2201
	RESERVED
CVE-2012-2200 (The default configuration of sendmail in IBM AIX 6.1 and 7.1, and VIOS ...)
	NOT-FOR-US: sendmail configuration in AIX
CVE-2012-2199 (The server message channel agent in the queue manager in the server in ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2012-2198
	RESERVED
CVE-2012-2197 (Stack-based buffer overflow in the Java Stored Procedure ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2196 (IBM DB2 9.1 before FP12, 9.5 through FP9, 9.7 through FP6, 9.8 through ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2195
	RESERVED
CVE-2012-2194 (Directory traversal vulnerability in the SQLJ.DB2_INSTALL_JAR stored ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2193 (Cross-site scripting (XSS) vulnerability in Query Studio in IBM Cognos ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-2192 (The socketpair function in IBM AIX 5.3, 6.1, and 7.1 and VIOS ...)
	NOT-FOR-US: AIX
CVE-2012-2191 (IBM Global Security Kit (aka GSKit) before 8.0.14.22, as used in IBM ...)
	NOT-FOR-US: IBM Global Security Kit
CVE-2012-2190 (IBM Global Security Kit (aka GSKit), as used in IBM HTTP Server in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-2189
	RESERVED
CVE-2012-2188 (IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, ...)
	NOT-FOR-US: IBM Power Hardware Management Console
CVE-2012-2187 (IBM Remote Supervisor Adapter II firmware for System x3650, x3850 M2, ...)
	NOT-FOR-US: IBM Remote Supervisor Adapter
CVE-2012-2186 (Incomplete blacklist vulnerability in main/manager.c in Asterisk Open ...)
	{DSA-2550-1}
	- asterisk 1:1.8.13.1~dfsg-1 (bug #680470)
CVE-2012-2185 (IBM Maximo Asset Management 6.2 through 7.5, as used in SmartCloud ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2184 (Session fixation vulnerability in IBM Maximo Asset Management 7.1 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2183 (Session fixation vulnerability in IBM Maximo Asset Management 6.2 ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-2182
	RESERVED
CVE-2012-2181 (Directory traversal vulnerability in the Dojo module in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere not in Debian
CVE-2012-2180 (The chaining functionality in the Distributed Relational Database ...)
	NOT-FOR-US: IBM DB2
CVE-2012-2179 (libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite ...)
	NOT-FOR-US: AIX
CVE-2012-2178
	RESERVED
CVE-2012-2177 (Cross-site scripting (XSS) vulnerability in IBM Cognos Business ...)
	NOT-FOR-US: IBM Cognos Business Intelligence
CVE-2012-2176 (Multiple stack-based buffer overflows in a certain ActiveX control in ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2012-2175 (Buffer overflow in the Attachment_Times method in a certain ActiveX ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2012-2174 (The URL handler in IBM Lotus Notes 8.x before 8.5.3 FP2 allows remote ...)
	NOT-FOR-US: Notes
CVE-2012-2173 (The ODBC driver in IBM Security AppScan Source 7.x and 8.x before 8.6 ...)
	NOT-FOR-US: AppScan
CVE-2012-2172 (Cross-site scripting (XSS) vulnerability in SoftwareRegistration.do in ...)
	NOT-FOR-US: IBM System Storage DS Storage Manager
CVE-2012-2171 (SQL injection vulnerability in ModuleServlet.do in the Storage Manager ...)
	NOT-FOR-US: IBM System Storage DS Storage Manager
CVE-2012-2170 (The Application Snoop Servlet in IBM WebSphere Application Server 7.0 ...)
	NOT-FOR-US: WebSphere
CVE-2012-2169 (Cross-site scripting (XSS) vulnerability in the file-upload ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2168 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2167 (The IBM XIV Storage System Gen3 before 11.1.0.a allows remote ...)
	NOT-FOR-US: IBM XIV Storage System Gen3
CVE-2012-2166 (IBM XIV Storage System 2810-A14 and 2812-A14 devices before level ...)
	NOT-FOR-US: IBM XIV Storage System
CVE-2012-2165 (IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x before 8.0.0.3, ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2164 (The Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 and 8.x ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-2163 (IBM Scale Out Network Attached Storage (SONAS) 1.1 through 1.3.1 ...)
	NOT-FOR-US: IBM Scale Out Network Attached Storage
CVE-2012-2162 (The Web Server Plug-in in IBM WebSphere Application Server (WAS) 8.0 ...)
	NOT-FOR-US: WebSphere
CVE-2012-2161 (Cross-site scripting (XSS) vulnerability in deferredView.jsp in IBM ...)
	NOT-FOR-US: IBM Security AppScan Source
CVE-2012-2160
	RESERVED
CVE-2012-2159 (Open redirect vulnerability in IBM Eclipse Help System (IEHS), as used ...)
	NOT-FOR-US: IBM Eclipse Help System
CVE-2012-2158
	RESERVED
CVE-2012-2157
	RESERVED
CVE-2012-2156 (Multiple cross-site scripting (XSS) vulnerabilities in Plume CMS 1.2.4 ...)
	NOT-FOR-US: Plume CMS
CVE-2012-2155 (Cross-site request forgery (CSRF) vulnerability in the CDN2 Video ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2154 (Cross-site scripting (XSS) vulnerability in the CDN2 Video module 6.x ...)
	NOT-FOR-US: Drupal addon not packaged
CVE-2012-2153 (Drupal 7.x before 7.14 does not properly restrict access to nodes in a ...)
	- drupal7 7.14-1
CVE-2012-2152 (Stack-based buffer overflow in the get_packet method in socket.c in ...)
	{DSA-2498-1}
	- dhcpcd 1:3.2.3-11 (bug #671265)
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/02/4
CVE-2012-2151 (Multiple cross-site scripting (XSS) vulnerabilities in SPIP 1.9.x ...)
	{DSA-2461-1}
	- spip 2.1.13-1 (low; bug #671264)
CVE-2012-2150 (xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file ...)
	- xfsprogs 3.2.4-1 (low; bug #793495)
	[jessie] - xfsprogs <no-dsa> (Minor issue, too intrusive to backport)
	[wheezy] - xfsprogs <no-dsa> (Minor issue)
	[squeeze] - xfsprogs <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817696
	NOTE: http://oss.sgi.com/pipermail/xfs/2015-July/042726.html
CVE-2012-2149 (The WPXContentListener::_closeTableRow function in ...)
	- libwpd 0.8.14-1
	NOTE: http://permalink.gmane.org/gmane.comp.security.full-disclosure/85789
	NOTE: http://sourceforge.net/p/libwpd/code/ci/437bf6702164e30761a10771f95dd1c796f474b7
	NOTE: http://sourceforge.net/p/libwpd/code/ci/5969b8f3f73418ebba2a722513a4cb285e7b9c23
CVE-2012-2148
	RESERVED
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-2147 (munin-cgi-graph in Munin 2.0 rc4 allows remote attackers to cause a ...)
	- munin 2.0~rc6-1 (bug #670811)
	[squeeze] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2146 (Elixir 0.8.0 uses Blowfish in CFB mode without constructing a unique ...)
	- elixir 0.7.1-4 (low; bug #670919)
	[jessie] - elixir <no-dsa> (Minor issue)
	[squeeze] - elixir <no-dsa> (Minor issue)
	[wheezy] - elixir <no-dsa> (Minor issue)
CVE-2012-2145 (Apache Qpid 0.17 and earlier does not properly restrict incoming ...)
	- qpid-cpp 0.16-1 (bug #672124)
CVE-2012-2144 (Session fixation vulnerability in OpenStack Dashboard (Horizon) ...)
	- horizon 2012.1-4 (bug #671604)
CVE-2012-2143 (The crypt_des (aka DES-based crypt) function in FreeBSD before ...)
	{DSA-2491-1}
	- postgresql-9.1 9.1.4-1
	- postgresql-8.4 8.4.12-1
	- php5 5.3.3-1
	NOTE: Uses the unaffected system libraries since 5.3.3
CVE-2012-2142 [Insufficient sanitization of escape sequences in the error message]
	RESERVED
	- xpdf <not-affected> (uses poppler's Error.cc)
	- poppler 0.18.4-7  (unimportant; bug #487773)
	NOTE: poppler upstream patch http://cgit.freedesktop.org/poppler/poppler/commit/?id=71bad47ed6a36d825b0d08992c8db56845c71e40
CVE-2012-2141 (Array index error in the handle_nsExtendOutput2Table function in ...)
	- net-snmp 5.4.3~dfsg-2.5 (low; bug #672492)
	[squeeze] - net-snmp 5.4.3~dfsg-2+squeeze1
	NOTE: Red Hat patch: https://bugzilla.redhat.com/attachment.cgi?id=580443&action=diff
CVE-2012-2140 (The Mail gem before 2.4.3 for Ruby allows remote attackers to execute ...)
	- ruby-mail 2.4.4-1
CVE-2012-2139 (Directory traversal vulnerability in ...)
	- ruby-mail 2.4.4-1
CVE-2012-2138 (The @CopyFrom operation in the POST servlet in the ...)
	NOT-FOR-US: Apache Sling
CVE-2012-2137 (Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the ...)
	- linux 3.2.20-1
CVE-2012-2136 (The sock_alloc_send_pskb function in net/core/sock.c in the Linux ...)
	- linux 3.2.20-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 2.6.32-46
CVE-2012-2135 (The utf-16 decoder in Python 3.1 through 3.3 does not update the ...)
	- python3.1 <unfixed> (bug #670389)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3-1 (bug #670389)
	- python3.3 3.3.1-1
	NOTE: http://bugs.python.org/issue14579
CVE-2012-2134 (The handle_connection_error function in ldap_helper.c in ...)
	NOT-FOR-US: Dynamic LDAP backend plugin for BIND
CVE-2012-2133 (Use-after-free vulnerability in the Linux kernel before 3.3.6, when ...)
	{DSA-2469-1}
	- linux-2.6 3.2.19-1
CVE-2012-2132 (libsoup 2.32.2 and earlier does not validate certificates or clear the ...)
	- midori <unfixed> (unimportant; bug #672880)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=758431
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=817692
CVE-2012-2131 (Multiple integer signedness errors in crypto/buffer/buffer.c in ...)
	{DSA-2454-2}
	- openssl <not-affected> (only affected patch against 0.9.8)
	NOTE: http://marc.info/?l=openssl-dev&m=133525318514423&w=2
CVE-2012-2130
	RESERVED
	- polarssl 1.1.2-1
	[squeeze] - polarssl <not-affected> (Introduced in 0.99-pre4)
CVE-2012-2129 (Cross-site scripting (XSS) vulnerability in doku.php in DokuWiki ...)
	- dokuwiki 0.0.20120125a-1 (low; bug #670917)
	[squeeze] - dokuwiki <not-affected>
	NOTE: http://secunia.com/advisories/48848/
CVE-2012-2128 (** DISPUTED ** ...)
	- dokuwiki 0.0.20120125a-1 (unimportant)
	NOTE: http://bugs.dokuwiki.org/index.php?do=details&task_id=2488
CVE-2012-2127 (fs/proc/root.c in the procfs implementation in the Linux kernel before ...)
	- linux-2.6 3.2-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.1)
CVE-2012-2126 (RubyGems before 1.8.23 does not verify an SSL certificate, which ...)
	- rubygems 1.8.24-1 (bug #670228)
CVE-2012-2125 (RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which ...)
	- rubygems 1.8.24-1 (bug #670228)
CVE-2012-2124 (functions/imap_general.php in SquirrelMail, as used in Red Hat ...)
	- squirrelmail <not-affected> (Incorrect RedHat security update)
CVE-2012-2123 (The cap_bprm_set_creds function in security/commoncap.c in the Linux ...)
	{DSA-2469-1}
	- linux-2.6 3.2.16-1
CVE-2012-2122 (sql/password.c in Oracle MySQL 5.1.x before 5.1.63, 5.5.x before ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #677018)
	- mysql-5.5 5.5.24+dfsg-1
	NOTE: https://www.secmaniac.com/blog/2012/06/11/massive-mysql-authentication-bypass-exploit/
	NOTE: http://seclists.org/oss-sec/2012/q2/493
	NOTE: Issue only triggered with specific optimisation in glibc enabled; no builds in Debian known to be affected.
	NOTE: Fixed versions indicate application of upstream patch which prevents issue regardless of opt.settings.
CVE-2012-2121 (The KVM implementation in the Linux kernel before 3.3.4 does not ...)
	{DSA-2668-1}
	- linux-2.6 3.2.17-1
CVE-2012-2120 (latex2man in texlive-extra-utils 2011.20120322, and possibly other ...)
	- texlive-extra 2012.20130315-1 (low; bug #668779)
	[wheezy] - texlive-extra <no-dsa> (Minor issue)
	[squeeze] - texlive-extra 2009-10+squeeze1
CVE-2012-2119 (Buffer overflow in the macvtap device driver in the Linux kernel ...)
	- linux 3.2.20-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, was added in 3.1)
CVE-2012-2118 (Format string vulnerability in the LogVHdrMessageVerb function in ...)
	- xorg-server 2:1.12.1.902-1 (bug #673148)
	[squeeze] - xorg-server <not-affected> (Introduced in 1.10)
	NOTE: http://lists.x.org/pipermail/xorg-devel/2012-May/031411.html
CVE-2012-2117 (Cross-site scripting (XSS) vulnerability in the Gigya - Social ...)
	NOT-FOR-US: Drupal plugin (Gigya - Social Optimization) not in Debian
CVE-2012-2116 (Cross-site request forgery (CSRF) vulnerability in the Commerce ...)
	NOT-FOR-US: Drupal plugin (Commerce Reorder) not in Debian
CVE-2012-2115 (SQL injection vulnerability in interface/login/validateUser.php in ...)
	NOT-FOR-US: OpenEMR
CVE-2012-2114 (Stack-based buffer overflow in fprintf in musl before 0.8.8 and ...)
	NOT-FOR-US: musl libc not in Debian
CVE-2012-2113 (Multiple integer overflows in tiff2pdf in libtiff before 4.0.2 allow ...)
	{DSA-2552-1}
	- tiff 4.0.2-1 (bug #678140)
	- tiff3 <not-affected> (The tiff-tools package is only built from the tiff source package)
CVE-2012-2112 (Cross-site scripting (XSS) vulnerability in the Exception Handler in ...)
	{DSA-2455-1}
	- typo3-src 4.5.15+dfsg1-1 (bug #669158)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-002/
CVE-2012-2111 (The (1) CreateAccount, (2) OpenAccount, (3) AddAccountRights, and (4) ...)
	{DSA-2463-1}
	- samba 2:3.6.5-1
	NOTE: http://www.samba.org/samba/history/samba-3.6.5.html
	NOTE: According to the release notes Samba 3.4.x to 3.6.4 are affected
CVE-2012-2110 (The asn1_d2i_read_bio function in crypto/asn1/a_d2i_fp.c in OpenSSL ...)
	{DSA-2454-1}
	- openssl 1.0.1a-1
	NOTE: http://www.openssl.org/news/secadv/20120419.txt
CVE-2012-2109 (SQL injection vulnerability in wp-load.php in the BuddyPress plugin ...)
	NOT-FOR-US: wordpress buddypress plugin
CVE-2012-2108 (Stack-based buffer overflow in the main function in util/lpci_main.c ...)
	- csound 1:5.17.6~dfsg-1 (low; bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2107 (Integer overflow in the main function in util/lpci_main.c in Csound ...)
	- csound 1:5.17.6~dfsg-1 (bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2106 (Integer overflow in the pv_import function in util/pv_import.c in ...)
	- csound 1:5.17.6~dfsg-1 (bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
CVE-2012-2105 (Multiple SQL injection vulnerabilities in login.php in Timesheet Next ...)
	NOT-FOR-US: tsheetx
CVE-2012-2104 (cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without ...)
	- munin 2.0~rc6-1 (bug #668666)
	[squeeze] - munin <not-affected> (Vulnerable code not present)
	[lenny] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2103 (The qmailscan plugin for Munin 1.4.5 allows local users to overwrite ...)
	- munin 2.0~rc6-1 (bug #668778)
	[squeeze] - munin <not-affected> (Vulnerable code not present)
	[lenny] - munin <not-affected> (Vulnerable code not present)
CVE-2012-2102 (MySQL 5.1.x before 5.1.62 and 5.5.x before 5.5.22 allows remote ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (low; bug #670636)
	- mysql-5.5 5.5.24+dfsg-1 (low)
CVE-2012-2101 (Openstack Compute (Nova) Folsom, 2012.1, and 2011.3 does not limit the ...)
	- nova 2012.1-2 (bug #670637)
CVE-2012-2100 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...)
	- linux-2.6 3.2.2-1
	[squeeze] - linux-2.6 2.6.32-41squeeze1
	NOTE: incomplete fix of CVE-2009-4307, introducing another issue:
	NOTE: https://lkml.org/lkml/2012/2/20/422
CVE-2012-2099 (Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 ...)
	NOT-FOR-US: Wikidforum
CVE-2012-2098 (Algorithmic complexity vulnerability in the sorting algorithms in ...)
	- libcommons-compress-java 1.4.1-1 (low; bug #674448)
	[squeeze] - libcommons-compress-java <no-dsa> (Minor issue)
CVE-2012-2097 (Cross-site request forgery (CSRF) vulnerability in the Autosave module ...)
	NOT-FOR-US: Drupal module Autosave
CVE-2012-2096 (The Fivestar module 6.x-1.x before 6.x-1.20 for Drupal does not ...)
	NOT-FOR-US: Drupal module Fivestar
CVE-2012-2094 (Cross-site scripting (XSS) vulnerability in the refresh mechanism in ...)
	- horizon 2012.1-3
CVE-2012-2093 (src/common/latex.py in Gajim 0.15 allows local users to overwrite ...)
	{DSA-2453-2 DSA-2453-1}
	- gajim 0.15-1.1 (low; bug #668710)
CVE-2012-2092
	RESERVED
	- cobbler <not-affected> (Ubuntu specific cobbler-ubuntu-import script not present)
CVE-2012-2091 (Multiple buffer overflows in FlightGear 2.6 and earlier and SimGear ...)
	- simgear 2.10.0-3 (unimportant; bug #669024)
	- flightgear 2.6.0-1.1 (unimportant; bug #669025)
	NOTE: Negligable security impact, very obscure attack vector
CVE-2012-2090 (Multiple format string vulnerabilities in FlightGear 2.6 and earlier ...)
	- simgear 2.10.0-2 (unimportant; bug #669024)
	- flightgear 2.6.0-1.1 (unimportant; bug #669025)
	NOTE: Negligable security impact, very obscure attack vector
CVE-2012-2089 (Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module ...)
	- nginx 1.1.19-1
	[squeeze] - nginx <not-affected> (Vulnerable code not present)
CVE-2012-2088 (Integer signedness error in the TIFFReadDirectory function in ...)
	{DSA-2552-1}
	- tiff 4.0-1 (bug #678140)
	- tiff3 3.9.6-6
CVE-2012-2087
	RESERVED
CVE-2012-2086 (SQL injection vulnerability in the get_last_conversation_lines ...)
	{DSA-2453-2 DSA-2453-1}
	- gajim 0.15-1 (low; bug #668038)
CVE-2012-2085 (The exec_command function in common/helpers.py in Gajim before 0.15 ...)
	{DSA-2453-2 DSA-2453-1}
	- gajim 0.15-1 (medium; bug #668038)
CVE-2012-2084 (Cross-site scripting (XSS) vulnerability in the Printer, email and PDF ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2083 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2082 (Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2081 (The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2080 (Cross-site request forgery (CSRF) vulnerability in the Node Limit ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2079
	RESERVED
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2078
	RESERVED
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2077 (Cross-site request forgery (CSRF) vulnerability in the ShareThis ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2076 (Cross-site scripting (XSS) vulnerability in the administration forms ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2075 (Cross-site scripting (XSS) vulnerability in the Contact Save module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2074 (Unspecified vulnerability in certain default views in the Ubercart ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2073 (The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2072 (Cross-site scripting (XSS) vulnerability in the Share Buttons ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2071 (Cross-site scripting (XSS) vulnerability in the Contact Forms module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2070 (Cross-site scripting (XSS) vulnerability in the MultiBlock module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2069 (Cross-site request forgery (CSRF) vulnerability in the Wishlist module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2068 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2067 (Unspecified vulnerability in the CKeditor module 6.x-2.x before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2066 (Cross-site scripting (XSS) vulnerability in the FCKeditor module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2065 (Cross-site scripting (XSS) vulnerability in the Language Icons module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2064 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2063 (The Slidebox module before 7.x-1.4 for Drupal does not properly check ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2062 (Open redirect vulnerability in the Redirecting click bouncer module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2061 (Cross-site request forgery (CSRF) vulnerability in the Admin tools ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2060 (Cross-site scripting (XSS) vulnerability in the Admin tools module for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2059 (Cross-site scripting (XSS) vulnerability in the ticketyboo News Ticker ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2058 (The Ubercart Payflow module for Drupal does not use a secure token, ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2057 (Cross-site request forgery (CSRF) vulnerability in the Ubercart Bulk ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-2056 (Cross-site request forgery (CSRF) vulnerability in the Content Lock ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2008-7311 (The session cookie store implementation in Spree 0.2.0 uses a ...)
	NOT-FOR-US: Spree
CVE-2008-7310 (Spree 0.2.0 does not properly restrict the use of a hash to provide ...)
	NOT-FOR-US: Spree
CVE-2008-7309 (Insoshi before 20080920 does not properly restrict the use of a hash ...)
	NOT-FOR-US: Insoshi
CVE-2012-2055 (GitHub Enterprise before 20120304 does not properly restrict the use ...)
	NOT-FOR-US: GitHub Enterprise
CVE-2012-2054 (Redmine before 1.3.2 does not properly restrict the use of a hash to ...)
	- redmine 1.3.2+dfsg1-1
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: http://www.redmine.org/issues/10390
	NOTE: git mirror patch would be 5141f1e..177ff05
CVE-2012-2053 (The sudoers file in the Linux system configuration in F5 FirePass ...)
	NOT-FOR-US: F5 Firepass
CVE-2012-2052 (Stack-based buffer overflow in the U3D.8BI library plugin in Adobe ...)
	NOT-FOR-US: Adobe Photoshop plugin U3D.8BI library
CVE-2012-2051 (Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-2050 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-2049 (Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-2048 (Unspecified vulnerability in Adobe ColdFusion 10 and earlier allows ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-2047 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2046 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2045 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2044 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2043 (Adobe Shockwave Player before 11.6.6.636 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2042 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2041 (CRLF injection vulnerability in the Component Browser in Adobe ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-2040 (Untrusted search path vulnerability in the installer in Adobe Flash ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2039 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2038 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2037 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2036 (Integer overflow in Adobe Flash Player before 10.3.183.20 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2035 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.20 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2034 (Adobe Flash Player before 10.3.183.20 and 11.x before 11.3.300.257 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-2033 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2032 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2031 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2030 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2029 (Adobe Shockwave Player before 11.6.5.635 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-2028 (Buffer overflow in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2012-2027 (Use-after-free vulnerability in Adobe Photoshop CS5 12.x before 12.0.5 ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2012-2026 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2025 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2024 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2023 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-2022 (Multiple cross-site scripting (XSS) vulnerabilities in HP Network Node ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2012-2021 (Multiple cross-site scripting (XSS) vulnerabilities in HP AssetManager ...)
	NOT-FOR-US: HP AssetManager
CVE-2012-2020 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...)
	NOT-FOR-US: HP Operations Agent
CVE-2012-2019 (Unspecified vulnerability in HP Operations Agent before 11.03.12 ...)
	NOT-FOR-US: HP Operations Agent
CVE-2012-2018 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2012-2017 (Unspecified vulnerability on HP Photosmart Wireless e-All-in-One B110, ...)
	NOT-FOR-US: HP Photosmart Wireless e-All-in-One
CVE-2012-2016 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2015 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2014 (HP System Management Homepage (SMH) before 7.1.1 does not properly ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2013 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2012 (HP System Management Homepage (SMH) before 7.1.1 does not have an off ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-2011 (Multiple cross-site scripting (XSS) vulnerabilities in HP Web Jetadmin ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2012-2010 (The ACMELOGIN implementation in HP OpenVMS 8.3 and 8.4 on the Alpha ...)
	NOT-FOR-US: OpenVMS
CVE-2012-2009 (Unspecified vulnerability in HP Performance Insight for Networks ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-2008 (Cross-site scripting (XSS) vulnerability in HP Performance Insight for ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-2007 (SQL injection vulnerability in HP Performance Insight for Networks ...)
	NOT-FOR-US: HP Performance Insight
CVE-2012-2006 (Unspecified vulnerability in HP Insight Management Agents before ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2005 (Cross-site scripting (XSS) vulnerability in HP Insight Management ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2004 (Open redirect vulnerability in HP Insight Management Agents before ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2003 (Cross-site request forgery (CSRF) vulnerability in HP Insight ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2002 (Open redirect vulnerability in HP SNMP Agents for Linux before 9.0.0 ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2001 (Cross-site scripting (XSS) vulnerability in HP SNMP Agents for Linux ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-2000 (Multiple unspecified vulnerabilities in HP System Health Application ...)
	NOT-FOR-US: Proprietary HP monitoring tools
CVE-2012-1999 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1998 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1997 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1996 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1995 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2012-1994
	RESERVED
CVE-2012-1993 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-1992 (Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS ...)
	NOT-FOR-US: CMD Made Simple
CVE-2012-1991
	RESERVED
CVE-2012-1990 (Multiple cross-site scripting (XSS) vulnerabilities in Schneider ...)
	NOT-FOR-US: Schneider Electric Kerweb
CVE-2012-1989 (telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) ...)
	- puppet 2.7.13-1
	[squeeze] - puppet <not-affected> (Only affects 2.7.x)
CVE-2012-1988 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2012-1987 (Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2012-1986 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2011-5085 (Unspecified vulnerability in Movable Type 4.x before 4.36 and 5.x ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.2+dfsg-1
CVE-2011-5084 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.2+dfsg-1
CVE-2012-1985 (Cross-site request forgery (CSRF) vulnerability in RealNetworks Helix ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-1984 (Multiple cross-site scripting (XSS) vulnerabilities in RealNetworks ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-1983
	RESERVED
CVE-2012-1982 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1981
	RESERVED
CVE-2012-1980
	RESERVED
CVE-2012-1979 (Cross-site scripting (XSS) vulnerability in starnet/index.php in ...)
	NOT-FOR-US: SyndeoCMS
CVE-2012-1978 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2012-1977 (WellinTech KingSCADA 3.0 uses a cleartext base64 format for storage of ...)
	NOT-FOR-US: WellinTech KingSCADA
CVE-2012-1976 (Use-after-free vulnerability in the ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1975 (Use-after-free vulnerability in the PresShell::CompleteMove function ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1974 (Use-after-free vulnerability in the gfxTextRun::CanBreakLineBefore ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1973 (Use-after-free vulnerability in the nsObjectLoadingContent::LoadObject ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1972 (Use-after-free vulnerability in the ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- icedove 10.0.7-1
	- iceape 2.7.7-1
CVE-2012-1971 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
CVE-2012-1970 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2556-1 DSA-2554-1 DSA-2553-1}
	- iceweasel 10.0.7esr-1
	- iceape 2.7.7-1
	- icedove 10.0.7-1
CVE-2012-1969 (The get_attachment_link function in Template.pm in Bugzilla 2.x and ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-1968 (Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses ...)
	- bugzilla <not-affected> (Only affects 4.1 to 4.3)
	- bugzilla4 <itp> (bug #669643)
CVE-2012-1967 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...)
	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
CVE-2012-1966 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...)
	{DSA-2514-1}
	- iceweasel 10.0.6esr-1
CVE-2012-1965 (Mozilla Firefox 4.x through 13.0 and Firefox ESR 10.x before 10.0.6 do ...)
	- iceweasel 10.0.6esr-1
	[squeeze] - iceweasel <end-of-life>
CVE-2012-1964 (The certificate-warning functionality in ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1963 (The Content Security Policy (CSP) functionality in Mozilla Firefox 4.x ...)
	- iceweasel 10.0.6esr-1
	[squeeze] - iceweasel <not-affected> (CSP not yet available)
	- icedove 10.0.6-1
	[squeeze] - icedove <not-affected> (CSP not yet available)
	- iceape 2.7.6-1
	[squeeze] - iceape <not-affected> (CSP not yet available)
CVE-2012-1962 (Use-after-free vulnerability in the JSDependentString::undepend ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1961 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1960 (The qcms_transform_data_rgb_out_lut_sse2 function in the QCMS ...)
	- iceweasel <not-affected> (Only affects Firefox > 10)
CVE-2012-1959 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1958 (Use-after-free vulnerability in the nsGlobalWindow::PageHidden ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1957 (An unspecified parser-utility class in Mozilla Firefox 4.x through ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1956 (Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey ...)
	- iceweasel <not-affected> (Only affects Firefox >= 10)
	- icedove <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Only affects Firefox >= 10)
CVE-2012-1955 (Mozilla Firefox 4.x through 13.0, Firefox ESR 10.x before 10.0.6, ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1954 (Use-after-free vulnerability in the nsDocument::AdoptNode function in ...)
	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
CVE-2012-1953 (The ElementAnimations::EnsureStyleRuleFor function in Mozilla Firefox ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1952 (The nsTableFrame::InsertFrames function in Mozilla Firefox 4.x through ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1951 (Use-after-free vulnerability in the nsSMILTimeValueSpec::IsEventBased ...)
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-1950 (The drag-and-drop implementation in Mozilla Firefox 4.x through 13.0 ...)
	{DSA-2528-1 DSA-2514-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
CVE-2012-1949 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 13)
CVE-2012-1948 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2528-1 DSA-2514-1 DSA-2513-1}
	- iceweasel 10.0.6esr-1
	- icedove 10.0.6-1
	- iceape 2.7.6-1
CVE-2012-1947 (Heap-based buffer overflow in the utf16_to_isolatin1 function in ...)
	{DSA-2499-1 DSA-2489-1 DSA-2488-1}
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1946 (Use-after-free vulnerability in the nsINode::ReplaceOrInsertBefore ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1945 (Mozilla Firefox 4.x through 12.0, Firefox ESR 10.x before 10.0.5, ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1944 (The Content Security Policy (CSP) implementation in Mozilla Firefox ...)
	- iceweasel 10.0.5esr-1
	[squeeze] - iceweasel <not-affected> (CSP not yet available)
	- icedove 10.0.5-1
	[squeeze] - icedove <not-affected> (CSP not yet available)
CVE-2012-1943 (Untrusted search path vulnerability in Updater.exe in the Windows ...)
	- iceweasel <not-affected> (windows-specific)
CVE-2012-1942 (The Mozilla Updater and Windows Updater Service in Mozilla Firefox ...)
	- iceweasel <not-affected> (windows-specific)
CVE-2012-1941 (Heap-based buffer overflow in the ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1940 (Use-after-free vulnerability in the nsFrameList::FirstChild function ...)
	{DSA-2499-1 DSA-2489-1 DSA-2488-1}
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
CVE-2012-1939 (jsinfer.cpp in Mozilla Firefox ESR 10.x before 10.0.5 and Thunderbird ...)
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
CVE-2012-1938 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects iceweasel from experimental)
CVE-2012-1937 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2499-1 DSA-2489-1 DSA-2488-1}
	- iceweasel 10.0.5esr-1
	- icedove 10.0.5-1
CVE-2012-1936 (** DISPUTED ** The wp_create_nonce function in ...)
	NOT-FOR-US: Disputed Wordpress issue
CVE-2012-1935 (Multiple cross-site scripting (XSS) vulnerabilities in Newscoop 3.5.x ...)
	- newscoop <itp> (bug #604113)
CVE-2012-1934 (SQL injection vulnerability in admin/country/edit.php in Newscoop ...)
	- newscoop <itp> (bug #604113)
CVE-2012-1933 (Multiple PHP remote file inclusion vulnerabilities in Newscoop 3.5.x ...)
	- newscoop <itp> (bug #604113)
CVE-2012-1932
	RESERVED
CVE-2007-6753 (Untrusted search path vulnerability in Shell32.dll in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1931 (Opera before 11.62 on UNIX, when used in conjunction with an ...)
	NOT-FOR-US: Opera
CVE-2012-1930 (Opera before 11.62 on UNIX uses world-readable permissions for ...)
	NOT-FOR-US: Opera
CVE-2012-1929 (Opera before 11.62 on Mac OS X allows remote attackers to spoof the ...)
	NOT-FOR-US: Opera
CVE-2012-1928 (Opera before 11.62 allows remote attackers to spoof the address field ...)
	NOT-FOR-US: Opera
CVE-2012-1927 (Opera before 11.62 allows remote attackers to spoof the address field ...)
	NOT-FOR-US: Opera
CVE-2012-1926 (Opera before 11.62 allows remote attackers to bypass the Same Origin ...)
	NOT-FOR-US: Opera
CVE-2012-1925 (Opera before 11.62 does not ensure that a dialog window is placed on ...)
	NOT-FOR-US: Opera
CVE-2012-1924 (Opera before 11.62 allows user-assisted remote attackers to trick ...)
	NOT-FOR-US: Opera
CVE-2012-1923 (RealNetworks Helix Server and Helix Mobile Server 14.x before 14.3.x ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-1922 (Multiple cross-site request forgery (CSRF) vulnerabilities in Sitecom ...)
	NOT-FOR-US: Sitecom WLM-2501
CVE-2012-1921 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Sitecom
CVE-2012-1920 (@Mail WebMail Client in AtMail Open-Source 1.04 and earlier allows ...)
	- atmailopen <removed>
CVE-2012-1919 (CRLF injection vulnerability in mime.php in @Mail WebMail Client in ...)
	- atmailopen <removed>
CVE-2012-1918 (Multiple directory traversal vulnerabilities in (1) compose.php and ...)
	- atmailopen <removed>
CVE-2012-1917 (compose.php in @Mail WebMail Client in AtMail Open-Source before 1.05 ...)
	- atmailopen <removed>
CVE-2012-1916 (@Mail WebMail Client in AtMail Open-Source before 1.05 allows remote ...)
	- atmailopen <removed>
CVE-2007-6752 (** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in ...)
	- drupal7 <removed> (unimportant)
CVE-2012-1915
	RESERVED
CVE-2012-1914
	RESERVED
CVE-2012-1913
	REJECTED
CVE-2012-1912 (Cross-site scripting (XSS) vulnerability in preferences.php in PHP ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-1911 (Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and ...)
	NOT-FOR-US: PHP Address Book
CVE-2012-1910 (Bitcoin-Qt 0.5.0.x before 0.5.0.5; 0.5.1.x, 0.5.2.x, and 0.5.3.x ...)
	- bitcoin <not-affected> (windows-only, qt gui not built)
CVE-2012-1909 (The Bitcoin protocol, as used in bitcoind before 0.4.4, wxBitcoin, ...)
	- bitcoin 0.6.0-1
CVE-2012-1908 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.3 ...)
	NOT-FOR-US: Splunk
CVE-2012-1907 (The scanner engine in PrivaWall Antivirus 5.6 and earlier does not ...)
	NOT-FOR-US: PrivaWall Antivirus
CVE-2012-1906 (Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet ...)
	{DSA-2451-1}
	- puppet 2.7.13-1
CVE-2012-1905
	RESERVED
CVE-2012-1904 (mp4fformat.dll in the QuickTime File Format plugin in RealNetworks ...)
	NOT-FOR-US: RealPlayer
CVE-2012-1903
	RESERVED
CVE-2012-1902 (show_config_errors.php in phpMyAdmin 3.4.x before 3.4.10.2, when a ...)
	- phpmyadmin 4:3.4.10.2-1 (unimportant)
CVE-2012-1901 (Multiple cross-site request forgery (CSRF) vulnerabilities in FlexCMS ...)
	NOT-FOR-US: FlexCMS
CVE-2012-1900 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...)
	NOT-FOR-US: RazorCMS
CVE-2012-1899 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Webfolio CMS
CVE-2012-1898 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Wolf CMS
CVE-2012-1897 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wolf CMS ...)
	NOT-FOR-US: Wolf CMS
CVE-2012-1586 (mount.cifs in cifs-utils 2.6 allows local users to determine the ...)
	- cifs-utils 2:5.3-2 (unimportant; bug #665923)
	NOTE: Harmless information leak, if a user can perform arbitrary CIFS mounts they probably
	NOTE: can do a lot more with this
CVE-2012-1896 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly consider ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1895 (The reflection implementation in Microsoft .NET Framework 1.0 SP3, 1.1 ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1894 (Microsoft Office for Mac 2011 uses world-writable permissions for the ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-1893 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1892 (Cross-site scripting (XSS) vulnerability in Microsoft Visual Studio ...)
	NOT-FOR-US: Microsoft Visual Studio Team Foundation Server
CVE-2012-1891 (Heap-based buffer overflow in Microsoft Data Access Components (MDAC) ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2012-1890 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1889 (Microsoft XML Core Services 3.0, 4.0, 5.0, and 6.0 accesses ...)
	NOT-FOR-US: Microsoft XML Core Services
CVE-2012-1888 (Buffer overflow in Microsoft Visio 2010 SP1 and Visio Viewer 2010 SP1 ...)
	NOT-FOR-US: Microsoft Visio
CVE-2012-1887 (Use-after-free vulnerability in Microsoft Excel 2003 SP3, 2007 SP2 and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1886 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 SP1; Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1885 (Heap-based buffer overflow in Microsoft Excel 2003 SP3, 2007 SP2 and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1884
	REJECTED
CVE-2012-1883
	REJECTED
CVE-2012-1882 (Microsoft Internet Explorer 6 through 9 does not block cross-domain ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1881 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1880 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1879 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1878 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1877 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1876 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1875 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1874 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1873 (Microsoft Internet Explorer 7 through 9 does not properly create and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1872 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1871
	REJECTED
CVE-2012-1870 (The CBC mode in the TLS protocol, as used in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1869
	REJECTED
CVE-2012-1868 (Race condition in the thread-creation implementation in win32k.sys in ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1867 (Integer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Windows Windows
CVE-2012-1866 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1865 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1864 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1863 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-1862 (Open redirect vulnerability in Microsoft Office SharePoint Server 2007 ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1861 (Cross-site scripting (XSS) vulnerability in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1860 (Microsoft Office SharePoint Server 2007 SP2 and SP3, SharePoint Server ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1859 (Cross-site scripting (XSS) vulnerability in scriptresx.ashx in ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2012-1858 (The toStaticHTML API (aka the SafeHTML component) in Microsoft ...)
	NOT-FOR-US: MicrosoftInternet Explorer, Communicator, Lync
CVE-2012-1857 (Cross-site scripting (XSS) vulnerability in the Enterprise Portal ...)
	NOT-FOR-US: Microsoft Dynamics AX
CVE-2012-1856 (The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in ...)
	NOT-FOR-US: Microsoft
CVE-2012-1855 (Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-1854 (Untrusted search path vulnerability in VBE6.dll in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2012-1853 (Stack-based buffer overflow in the Remote Administration Protocol ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1852 (Heap-based buffer overflow in the Remote Administration Protocol (RAP) ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2012-1851 (Format string vulnerability in the Print Spooler service in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1850 (The Remote Administration Protocol (RAP) implementation in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1849 (Untrusted search path vulnerability in Microsoft Lync 2010, 2010 ...)
	NOT-FOR-US: Microsoft Lync, Attendee,, Attendant
CVE-2012-1848 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1847 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-1846 (Google Chrome 17.0.963.66 and earlier allows remote attackers to ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-1845 (Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-1844 (The Quantum Scalar i500 tape library with firmware before i7.0.3 ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1843 (Cross-site request forgery (CSRF) vulnerability in saveRestore.htm on ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1842 (Cross-site scripting (XSS) vulnerability in checkQKMProg.htm on the ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1841 (Absolute path traversal vulnerability in logShow.htm on the Quantum ...)
	NOT-FOR-US: Quantum Scalar
CVE-2012-1840 (AjaXplorer 3.2.x before 3.2.5 and 4.0.x before 4.0.4 does not properly ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2012-1839 (Multiple directory traversal vulnerabilities in the Get Template ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2012-1838 (The web management interface on the LG-Nortel ELO GS24M switch allows ...)
	NOT-FOR-US: Nortel switch
CVE-2012-1837 (The (1) webreports, (2) post/create-role, and (3) post/update-role ...)
	NOT-FOR-US: Tivoli
CVE-2012-1836 (Heap-based buffer overflow in dns.cpp in InspIRCd 2.0.5 might allow ...)
	{DSA-2448-1}
	- inspircd 2.0.5-0.1 (bug #667914)
CVE-2012-1835 (Multiple cross-site scripting (XSS) vulnerabilities in the All-in-One ...)
	NOT-FOR-US: All-in-One Event Calendar plugin for WordPress
CVE-2012-1834 (Cross-site scripting (XSS) vulnerability in the cms_tpv_admin_head ...)
	NOT-FOR-US: WordPress plugin CMS Tree Page View
CVE-2012-1833 (VMware SpringSource Grails before 1.3.8, and 2.x before 2.0.2, does ...)
	NOT-FOR-US: Grails
CVE-2012-1832 (WellinTech KingView 6.53 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1831 (Heap-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
	NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1830 (Stack-based buffer overflow in WellinTech KingView 6.53 allows remote ...)
	NOT-FOR-US: WellinTech KingView not in Debian
CVE-2012-1829 (Multiple cross-site scripting (XSS) vulnerabilities in AutoFORM PDM ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1828 (The administrative functions in AutoFORM PDM Archive before 7.1 do not ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1827 (The web service in AutoFORM PDM Archive before 7.1 does not have ...)
	NOT-FOR-US: AutoFORM PDM Archive
CVE-2012-1826 (dotCMS 1.9 before 1.9.5.1 allows remote authenticated users to execute ...)
	NOT-FOR-US: dotCMS not in Debian
CVE-2012-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the status ...)
	NOT-FOR-US: ForeScout CounterACT
CVE-2012-1824 (Untrusted search path vulnerability in Measuresoft ScadaPro Client ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2012-1823 (sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when ...)
	{DSA-2465-1}
	- php5 5.4.3-1
	NOTE: http://ompldr.org/vZGxxaQ
	NOTE: https://bugs.php.net/bug.php?id=61910
	NOTE: 5.4.2-1 'fixed' this, but fix is incomplete: CVE-2012-2311
CVE-2012-1822
	RESERVED
CVE-2012-1821 (The Network Threat Protection module in the Manager component in ...)
	NOT-FOR-US: Symantec Endpoint Protection on Windows Server 2003
CVE-2012-1820 (The bgp_capability_orf function in bgpd in Quagga 0.99.20.1 and ...)
	{DSA-2497-1}
	- quagga 0.99.21-3 (bug #676510)
CVE-2012-1819 (Untrusted search path vulnerability in WellinTech KingView 6.53 allows ...)
	NOT-FOR-US: WellinTech KingView
CVE-2012-1818 (An unspecified ActiveX control in Emerson DeltaV and DeltaV ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1817 (Buffer overflow in Emerson DeltaV and DeltaV Workstations 9.3.1, ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1816 (PORTSERV.exe in Emerson DeltaV and DeltaV Workstations 9.3.1, 10.3.1, ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1815 (SQL injection vulnerability in Emerson DeltaV and DeltaV Workstations ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1814 (Cross-site scripting (XSS) vulnerability in Emerson DeltaV and DeltaV ...)
	NOT-FOR-US: DeltaV (SCADA system) not in Debian
CVE-2012-1813 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1812 (eosfailoverservice.exe in C3-ilex EOScada before 11.0.19.2 allows ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1811 (EOSDataServer.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1810 (EOSCoreScada.exe in C3-ilex EOScada before 11.0.19.2 allows remote ...)
	NOT-FOR-US: C3-ilex EOScada
CVE-2012-1809 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1808 (The web server in the ECOM Ethernet module in Koyo H0-ECOM, ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1807 (Cross-site scripting (XSS) vulnerability in the web server in the ECOM ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1806 (The ECOM Ethernet module in Koyo H0-ECOM, H0-ECOM100, H2-ECOM, ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1805 (Buffer overflow in the ECOM Ethernet module in Koyo H0-ECOM, ...)
	NOT-FOR-US: Koyo ECOM
CVE-2012-1804 (The OPC server in Progea Movicon before 11.3 allows remote attackers ...)
	NOT-FOR-US: Progea Movicon
CVE-2012-1803 (RuggedCom Rugged Operating System (ROS) 3.10.x and earlier has a ...)
	NOT-FOR-US: RuggedCom Rugged Operating System
CVE-2012-1802 (Buffer overflow in the embedded web server on the Siemens Scalance X ...)
	NOT-FOR-US: Siemens Scalance X
CVE-2012-1801 (Multiple stack-based buffer overflows in (1) COM and (2) ActiveX ...)
	NOT-FOR-US: ABB WebWare
CVE-2012-1800 (Stack-based buffer overflow in the Profinet DCP protocol ...)
	NOT-FOR-US: Siemens Scalance S
CVE-2012-1799 (The web server on the Siemens Scalance S Security Module firewall S602 ...)
	NOT-FOR-US: Siemens Scalance S
CVE-2012-1798 (The TIFFGetEXIFProperties function in coders/tiff.c in ImageMagick ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1797 (IBM DB2 9.5 uses world-writable permissions for nodes.reg, which has ...)
	NOT-FOR-US: IBM DB2
CVE-2012-1796 (Unspecified vulnerability in IBM Tivoli Monitoring Agent (ITMA), as ...)
	NOT-FOR-US: Tivoli
CVE-2012-1795 (webglimpse.cgi in Webglimpse before 2.20.0 allows remote attackers to ...)
	NOT-FOR-US: Webglimpse
CVE-2012-1794
	RESERVED
CVE-2012-1793
	RESERVED
CVE-2012-1792 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: OSCommerce Online Merchant
CVE-2012-1791
	RESERVED
CVE-2012-1777 (SQL injection vulnerability in my.activation.php3 in F5 FirePass 6.0.0 ...)
	NOT-FOR-US: F5 Firepass
CVE-2012-1776 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...)
	- vlc 2.0.1-1 (low)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-1775 (Stack-based buffer overflow in VideoLAN VLC media player before 2.0.1 ...)
	- vlc 2.0.1-1 (low)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5083 (Unrestricted file upload vulnerability in inc/swf/swfupload.swf in ...)
	- dotclear 2.5+dfsg-1 (low; bug #670227)
	NOTE: Post-authentication; vulnerability is actually in admin/media.php.
CVE-2012-1790 (Absolute path traversal vulnerability in Webgrind 1.0 and 1.0.2 allows ...)
	NOT-FOR-US: Webgrind
CVE-2012-1789 (Multiple cross-site scripting (XSS) vulnerabilities in Kongreg8 1.7.3 ...)
	NOT-FOR-US: Kongreg8
CVE-2012-1788 (Multiple cross-site scripting (XSS) vulnerabilities in wonderdesk.cgi ...)
	NOT-FOR-US: WonderDesk SQL
CVE-2012-1787 (Multiple cross-site scripting (XSS) vulnerabilities in wgarcmin.cgi in ...)
	NOT-FOR-US: Webglimpse
CVE-2012-1786 (The Media Upload form in the Video Embed &amp; Thumbnail Generator plugin ...)
	NOT-FOR-US: Media Upload form in the Video Embed & Thumbnail Generator plugin for WordPress
CVE-2012-1785 (kg_callffmpeg.php in the Video Embed &amp; Thumbnail Generator plugin ...)
	NOT-FOR-US: Video Embed & Thumbnail Generator plugin for WordPress
CVE-2012-1784 (SQL injection vulnerability in MyJobList 0.1.3 allows remote attackers ...)
	NOT-FOR-US: MyJobList
CVE-2012-1783 (Tiny Server 1.1.9 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Tiny Server
CVE-2012-1782 (Multiple cross-site scripting (XSS) vulnerabilities in questions/ask ...)
	NOT-FOR-US: OSQA
CVE-2012-1781 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1780 (SQL injection vulnerability in search.php in SocialCMS 1.0.5 allows ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1779 (Cross-site scripting (XSS) vulnerability in IDevSpot ...)
	NOT-FOR-US: IDevSpot idev-BusinessDirectory
CVE-2012-1778 (SQL injection vulnerability in artykul_print.php in CreateVision CMS ...)
	NOT-FOR-US: CreateVision CMS
CVE-2011-5082 (Cross-site scripting (XSS) vulnerability in the s2Member Pro plugin ...)
	NOT-FOR-US: s2Member Pro plugin for WordPress
CVE-2010-5086 (Directory traversal vulnerability in wiki/rankings.php in Bitweaver ...)
	NOT-FOR-US: Bitweaver
CVE-2009-5114 (Directory traversal vulnerability in wgarcmin.cgi in WebGlimpse 2.18.7 ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5113 (Cross-site scripting (XSS) vulnerability in wgarcmin.cgi in WebGlimpse ...)
	NOT-FOR-US: WebGlimpse
CVE-2009-5112 (wgarcmin.cgi in WebGlimpse 2.18.7 and earlier allows remote attackers ...)
	NOT-FOR-US: WebGlimpse
CVE-2012-1774 (Unspecified vulnerability in the Open URL feature in Gretech GOM Media ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2012-1773 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1772 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1771 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1770 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1769 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1768 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1767 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1766 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1765 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 10
CVE-2012-1764 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1763 (Unspecified vulnerability in the Oracle Clinical/Remote Data Capture ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-1762 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1761 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1760 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1759 (Unspecified vulnerability in the Oracle AutoVue component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-1758 (Unspecified vulnerability in the Oracle AutoVue component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-1757 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1756 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1755 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1754 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1753 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1752 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Oracle Sun Solaris 11
CVE-2012-1751 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1750 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Oracle Sun Solaris 8, 9, 10, and 11
CVE-2012-1749 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1748 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products 9.1
CVE-2012-1747 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1746 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1745 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-1744 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1743 (Unspecified vulnerability in the Oracle Clinical Remote Data Capture ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-1742 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1741 (Unspecified vulnerability in the Enterprise Manager for Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1740 (Unspecified vulnerability in the Oracle Application Express Listener ...)
	NOT-FOR-US: Oracle Application Express Listener
CVE-2012-1739 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1738 (Unspecified vulnerability in the Oracle iPlanet Web Server component ...)
	NOT-FOR-US: Oracle Sun Products Suite, iPlanet Web Server
CVE-2012-1737 (Unspecified vulnerability in the Enterprise Manager for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2012-1736 (Unspecified vulnerability in the Oracle MapViewer component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1735 (Unspecified vulnerability in Oracle MySQL Server 5.5.23 and earlier ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1734 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #682212)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1733 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-1732 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1731 (Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1730 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1729 (Unspecified vulnerability in the Hyperion BI+ component in Oracle ...)
	NOT-FOR-US: Oracle Hyperion
CVE-2012-1728 (Unspecified vulnerability in the Oracle Siebel CRM 8.1.1 and 8.2.2 ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1727 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1726 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1725 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1724 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1723 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1722 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
CVE-2012-1721 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
CVE-2012-1720 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only affects Java on Solaris)
	- openjdk-7 <not-affected> (Only affects Java on Solaris)
CVE-2012-1719 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1718 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1717 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1716 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1715 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-1714 (Unspecified vulnerability in a TList 6 ActiveX control in Oracle ...)
	NOT-FOR-US: Oracle Hyperion Financial Management
CVE-2012-1713 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1712 (Directory traversal vulnerability in the Liferay component in Oracle ...)
	NOT-FOR-US: Oracle Sun GlassFish Web Space Server
CVE-2012-1711 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2507-1}
	- openjdk-6 6b24-1.11.3-1 (bug #677487)
	- openjdk-7 7~u3-2.1.1-1 (bug #677486)
CVE-2012-1710 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-1709 (Unspecified vulnerability in the Oracle WebCenter Forms Recognition ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-1708 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database
CVE-2012-1707 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-1706 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-1705 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-1704 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-1703 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-1702 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-1701 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1700 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1699 (The ProcSetEventMask function in difs/events.c in the xfs font server ...)
	- xfs 1:1.0.1-1
CVE-2012-1698 (Unspecified vulnerability in Oracle Sun Solaris 11 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2012-1697 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.23-1
CVE-2012-1696 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.5 5.5.23-1
CVE-2012-1695 (Unspecified vulnerability in the Oracle JRockit component in Oracle ...)
	NOT-FOR-US: Oracle Fusion
CVE-2012-1694 (Unspecified vulnerability in Oracle Sun Solaris 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2012-1693 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...)
	NOT-FOR-US: Oracle SPARC Enterprise M Series Servers
CVE-2012-1692 (Unspecified vulnerability in Oracle Sun Solaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2012-1691 (Unspecified vulnerability in Oracle Sun Solaris 11 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2012-1690 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-1689 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier, ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #682212)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-1688 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-1687 (Unspecified vulnerability in Oracle Solaris 10 and 11 allows local ...)
	NOT-FOR-US: Oracle Solaris 10 and 11
CVE-2012-1686 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1685 (Unspecified vulnerability in the Secure Global Desktop component in ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2012-1684 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2012-1683 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2012-1682 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.2-1
CVE-2012-1681 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2012-1680 (Unspecified vulnerability in the Siebel CRM component in Oracle Siebel ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2012-1679 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2012-1678 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2012-1677 (Unspecified vulnerability in the Oracle Application Server Single ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-1676 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle FLEXCUBE
CVE-2012-1674 (Unspecified vulnerability in the Siebel Clinical component in Oracle ...)
	NOT-FOR-US: Oracle Siebel
CVE-2012-1673 (SQL injection vulnerability in loginscript.php in e-ticketing allows ...)
	NOT-FOR-US: e-ticketing
CVE-2012-1672 (SQL injection vulnerability in getcity.php in Hotel Booking Portal 0.1 ...)
	NOT-FOR-US: Hotel Booking Portal
CVE-2012-1671 (Directory traversal vulnerability in index.php in phpPaleo 4.8b155 and ...)
	NOT-FOR-US: phpPaleo
CVE-2012-1670 (admin/index.php in PHP Grade Book before 1.9.5 BETA allows remote ...)
	NOT-FOR-US: PHP Grade Book
CVE-2012-1669 (Directory traversal vulnerability in index.php in phpMoneyBooks before ...)
	NOT-FOR-US: phpMoneyBooks
CVE-2012-1668
	RESERVED
CVE-2012-1667 (ISC BIND 9.x before 9.7.6-P1, 9.8.x before 9.8.3-P1, 9.9.x before ...)
	{DSA-2486-1}
	- bind9 1:9.8.1.dfsg.P1-4.1
	- isc-dhcp <not-affected> (issue only affects the named service, which isn't used by isc-dhcp)
CVE-2012-1666 (Untrusted search path vulnerability in VMware Tools in VMware ...)
	NOT-FOR-US: VMware Tools
CVE-2012-1665 (Multiple SQL injection vulnerabilities in the admin panel in osCMax ...)
	NOT-FOR-US: osCMax
CVE-2012-1664 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
	NOT-FOR-US: osCMax
CVE-2012-1663 (Double free vulnerability in libgnutls in GnuTLS before 3.0.14 allows ...)
	- gnutls28 3.0.14-1
	- gnutls26 <not-affected> (only GNUTLS 3.0 is affected)
CVE-2012-1662 (CA ARCserve Backup r12.0 through SP2, r12.5 before SP2, r15 through ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2012-1661 (ESRI ArcMap 9 and ArcGIS 10.0.2.3200 and earlier does not properly ...)
	NOT-FOR-US: ESRI ArcMap, ArcGIS
CVE-2012-1660 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1659 (Cross-site scripting (XSS) vulnerability in the Node Recommendation ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1658 (Cross-site scripting (XSS) vulnerability in the Read More Link module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1657 (Cross-site scripting (XSS) vulnerability in block_class.module in the ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1656 (SQL injection vulnerability in the Multisite Search module 6.x-2.2 for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1655 (Unspecified vulnerability in the UC PayDutchGroup / WeDeal payment ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1654 (Multiple cross-site scripting (XSS) vulnerabilities in the Data module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1653 (Cross-site scripting (XSS) vulnerability in the Taxonomy Views ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1652 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1651 (Cross-site scripting (XSS) vulnerability in the Submenu Tree module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1650 (The ZipCart module 6.x before 6.x-1.4 for Drupal checks the &quot;access ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1649 (Cool Aid module before 6.x-1.9 for Drupal does not enforce access ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1648 (Cross-site scripting (XSS) vulnerability in the Cool Aid module before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1647 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;stand ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1646 (Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1645 (The CDN module 6.x-2.2 and 7.x-2.2 for Drupal, when running in Origin ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1644 (The Organic Groups (OG) Vocabulary module 6.x-1.x before 6.x-1.2 for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1643 (The Faster Permissions module 7.x-2.x before 7.x-1.2 for Drupal does ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1642 (includes/linkchecker.pages.inc in the Link checker module 6.x-2.x ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1641 (The finder_import function in the Finder module 6.x-1.x before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1640 (Multiple cross-site scripting (XSS) vulnerabilities in the Managesite ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1639 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1638 (SQL injection vulnerability in the Search Autocomplete module before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1637
	RESERVED
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1636 (Cross-site request forgery (CSRF) vulnerability in the stickynote ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1635 (The hook_node_access function in the revisioning module 7.x-1.x before ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1634 (Cross-site scripting (XSS) vulnerability in video_filter.codecs.inc in ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1633 (Cross-site request forgery (CSRF) vulnerability in the Password Policy ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1632 (Cross-site scripting (XSS) vulnerability in password_policy.admin.inc ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1631 (Cross-site request forgery (CSRF) vulnerability in the Admin:hover ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1630 (Cross-site scripting (XSS) vulnerability in the Taxonomy Navigator ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1629 (Cross-site scripting (XSS) vulnerability in the Taxotouch module for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1628 (Cross-site scripting (XSS) vulnerability in the SuperCron module for ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1627 (Cross-site scripting (XSS) vulnerability in vud_term.module in the ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1626 (SQL injection vulnerability in the conversion form for Events in the ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1625 (Eval injection vulnerability in the fillpdf_form_export_decode ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1624 (Multiple cross-site scripting (XSS) vulnerabilities in the Lingotek ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1623 (The Registration Codes module before 6.x-2.4 for Drupal does not ...)
	NOT-FOR-US: Drupal addon module not packaged in Debian
CVE-2012-1622 (Apache OFBiz 10.04.x before 10.04.02 allows remote attackers to ...)
	NOT-FOR-US: Apache OFBiz
CVE-2012-1621 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Open For ...)
	NOT-FOR-US: Apache OFBiz
CVE-2012-1620 (slock 0.9 does not properly handle the XRaiseWindow event when the ...)
	- suckless-tools 39-1 (unimportant; bug #667796)
CVE-2012-1619
	REJECTED
CVE-2012-1618 (Interaction error in the PostgreSQL JDBC driver before 8.2, when used ...)
	- libpgjava <not-affected> (Even the version in oldstable had 8.2)
CVE-2012-1617 (Directory traversal vulnerability in combine.php in OSClass before ...)
	NOT-FOR-US: OSClass not in Debian
CVE-2012-1616 (Use-after-free vulnerability in icclib before 2.13, as used by Argyll ...)
	- argyll 1.4.0-1
	[squeeze] - argyll <no-dsa> (Only standalone binary in squeeze, minor impact)
	NOTE: Starting with 1.4.0 argyll includes icclib 2.13, but it's hard to identify the
	NOTE: isolated security fix
CVE-2012-1615 [sectool dbus priv escalation]
	RESERVED
	NOT-FOR-US: sectool
CVE-2012-1614 (Coppermine Photo Gallery before 1.5.20 allows remote attackers to ...)
	NOT-FOR-US: Coppermine
CVE-2012-1613 (Cross-site scripting (XSS) vulnerability in edit_one_pic.php in ...)
	NOT-FOR-US: Coppermine
CVE-2012-1612 (Cross-site scripting (XSS) vulnerability in the update manager in ...)
	NOT-FOR-US: Joomla
CVE-2012-1611 (Joomla! 2.5.x before 2.5.4 does not properly check permissions, which ...)
	NOT-FOR-US: Joomla
CVE-2012-1610 (Integer overflow in the GetEXIFProperty function in magick/property.c ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-1609
	RESERVED
CVE-2012-1608 (The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, ...)
	{DSA-2445-1}
	- typo3-src 4.5.14+dfsg1-1
CVE-2012-1607 (The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, ...)
	{DSA-2445-1}
	- typo3-src 4.5.14+dfsg1-1
CVE-2012-1606 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...)
	{DSA-2445-1}
	- typo3-src 4.5.14+dfsg1-1
CVE-2012-1605 (The Extbase Framework in TYPO3 4.6.x through 4.6.6, 4.7, and 6.0 ...)
	- typo3-src <not-affected> (vulnerable code not yet present)
CVE-2012-1604 (Cross-site scripting (XSS) vulnerability in NextBBS 0.6 allows remote ...)
	NOT-FOR-US: NextBBS
CVE-2012-1603 (Multiple SQL injection vulnerabilities in ajaxserver.php in NextBBS ...)
	NOT-FOR-US: NextBBS
CVE-2012-1602 (user.php in NextBBS 0.6 allows remote attackers to bypass ...)
	NOT-FOR-US: NextBBS
CVE-2012-1601 (The KVM implementation in the Linux kernel before 3.3.6 allows host OS ...)
	{DSA-2469-1}
	- linux-2.6 3.2.17-1 (low)
CVE-2012-1600 (Multiple cross-site scripting (XSS) vulnerabilities in functions.php ...)
	- phppgadmin 5.0.4-1
	[squeeze] - phppgadmin <no-dsa> (Minor issue, will be fixed through a point update)
CVE-2012-1599 (Joomla! 1.5.x before 1.5.26 does not properly check permissions, which ...)
	NOT-FOR-US: Joomla
CVE-2012-1598 (Joomla! 1.5.x before 1.5.26 has unspecified impact and attack vectors ...)
	NOT-FOR-US: Joomla
CVE-2012-1597 (Cross-site scripting (XSS) vulnerability in the textEncode function in ...)
	NOT-FOR-US: eZ Publish
CVE-2012-1596 (The mp2t_process_fragmented_payload function in ...)
	- wireshark 1.6.6-1 (unimportant; bug #666058)
	NOTE: Not suitable for code injection
CVE-2012-1595 (The pcap_process_pseudo_header function in wiretap/pcap-common.c in ...)
	- wireshark 1.6.6-1 (bug #666058)
	[squeeze] - wireshark 1.2.11-6+squeeze7
CVE-2012-1594 (epan/dissectors/packet-ieee80211.c in the IEEE 802.11 dissector in ...)
	- wireshark 1.6.6-1 (unimportant; bug #666058)
	NOTE: Not suitable for code injection
CVE-2012-1593 (epan/dissectors/packet-ansi_a.c in the ANSI A dissector in Wireshark ...)
	- wireshark 1.6.6-1 (unimportant; bug #666058)
	[squeeze] - wireshark 1.2.11-6+squeeze7
	NOTE: Not suitable for code injection
CVE-2012-1592
	RESERVED
	- libstruts1.2-java <not-affected> (Only applies to Struts 2, see bug #657870)
CVE-2012-1591 (The image module in Drupal 7.x before 7.14 does not properly check ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1590 (The forum list in Drupal 7.x before 7.14 does not properly check user ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1589 (Open redirect vulnerability in the Form API in Drupal 7.x before 7.13 ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1588 (Algorithmic complexity vulnerability in the _filter_url function in ...)
	- drupal7 7.14-1 (bug #671402)
CVE-2012-1587
	REJECTED
CVE-2012-1585 (OpenStack Compute (Nova) Essex before 2011.3 allows remote ...)
	- nova 2012-1~rc3-1 (bug #666888)
CVE-2012-1584 (Integer overflow in the mid function in toolkit/tbytevector.cpp in ...)
	- taglib 1.7.1-1 (low; bug #662705)
	[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1583 (Double free vulnerability in the xfrm6_tunnel_rcv function in ...)
	- linux-2.6 2.6.22-1
CVE-2012-1582 (Cross-site scripting (XSS) vulnerability in the wikitext parser in ...)
	- mediawiki 1:1.15.5-9 (bug #666269)
	[squeeze] - mediawiki <end-of-life>
CVE-2012-1581 (MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak ...)
	- mediawiki 1:1.15.5-9 (bug #666269)
	[squeeze] - mediawiki <end-of-life>
CVE-2012-1580 (Cross-site request forgery (CSRF) vulnerability in Special:Upload in ...)
	- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1579 (The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x ...)
	- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1578 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- mediawiki <not-affected> (Vulnerable code not present, see bug #666269)
CVE-2012-1577
	RESERVED
	- dietlibc 0.33~cvs20120325-1 (unimportant)
CVE-2012-1576 (The myuser_delete function in libathemecore/account.c in Atheme 5.x ...)
	NOT-FOR-US: atheme
CVE-2012-1575 (Multiple cross-site scripting (XSS) vulnerabilities in Cumin before ...)
	NOT-FOR-US: cumin
CVE-2012-1574 (The Kerberos/MapReduce security functionality in Apache Hadoop ...)
	- hadoop <itp> (bug #535861)
CVE-2012-1573 (gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before ...)
	{DSA-2441-1}
	- gnutls26 2.12.18-1 (high)
	- gnutls28 3.0.17-2 (high)
CVE-2012-1572
	RESERVED
	- keystone 2012.1~rc2-1
CVE-2012-1571 (file before 5.11 and libmagic allow remote attackers to cause a denial ...)
	{DSA-2422-1}
	- file 5.11-1 (low; bug #664263)
CVE-2012-1570 (The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 ...)
	- maradns 1.4.12-1 (bug #665012)
	[squeeze] - maradns 1.4.03-1.1+squeeze1
CVE-2012-1569 (The asn1_get_length_der function in decoding.c in GNU Libtasn1 before ...)
	{DSA-2440-1}
	- libtasn1-3 2.12-1 (high)
CVE-2012-1568 (The ExecShield feature in a certain Red Hat patch for the Linux kernel ...)
	- linux-2.6 <not-affected> (execshield issue)
CVE-2012-1567
	RESERVED
	NOT-FOR-US: LinuxMint
CVE-2012-1566
	RESERVED
	NOT-FOR-US: LinuxMint
CVE-2012-1565 (Unspecified vulnerability in ez Publish 4.1.4, 4.2, 4.3, 4.4, 4.5, and ...)
	NOT-FOR-US: eZ Publish
CVE-2012-1564 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: YVS
CVE-2012-1563
	RESERVED
	NOT-FOR-US: Joomla
CVE-2012-1562
	RESERVED
	NOT-FOR-US: Joomla
CVE-2012-1561 (Cross-site scripting (XSS) vulnerability in the Finder module 6.x-1.x ...)
	NOT-FOR-US: Drupal Finder
CVE-2012-1560
	RESERVED
CVE-2012-1559
	RESERVED
CVE-2012-1558 (yaSSL CyaSSL before 2.0.8 allows remote attackers to cause a denial of ...)
	- cyassl <not-affected> (Fixed before initial upload)
	NOTE: https://github.com/cyassl/cyassl/commit/6b77c8967aa34f2a0bae85e90a469c4170cb2bb1
CVE-2012-1557 (SQL injection vulnerability in admin/plib/api-rpc/Agent.php in ...)
	NOT-FOR-US: Parallels Plesk Panel
CVE-2012-1556 (Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 ...)
	NOT-FOR-US: Synology DiskStation Manager extension
CVE-2012-1555
	RESERVED
CVE-2012-1554
	RESERVED
CVE-2012-1553
	RESERVED
CVE-2012-1552
	RESERVED
CVE-2012-1551
	RESERVED
CVE-2012-1550
	RESERVED
CVE-2012-1549
	RESERVED
CVE-2012-1548
	RESERVED
CVE-2012-1547
	RESERVED
CVE-2012-1546
	RESERVED
CVE-2012-1545 (Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1544
	REJECTED
CVE-2012-1543 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
CVE-2012-1542
	RESERVED
CVE-2012-1541 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1540
	RESERVED
CVE-2012-1539 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1538 (Use-after-free vulnerability in Microsoft Internet Explorer 9 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1537 (Heap-based buffer overflow in DirectPlay in DirectX 9.0 through 11.1 ...)
	NOT-FOR-US: DirectX 9.0 in Microsoft Windows
CVE-2012-1536
	RESERVED
CVE-2012-1535 (Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-1534
	REJECTED
CVE-2012-1533 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1532 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
	- openjdk-7 <not-affected> (Deployment components not part of OpenJDK, only present in Oracle Java)
CVE-2012-1531 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	- openjdk-7 <not-affected> (Specific to Oracle Java, not present in IcedTea)
	NOTE: Due to the vague disclosure policy by Oracle the exact nature is unknown but since no patch landed in icedtea, we consider it not-affected
CVE-2012-1530 (Heap-based buffer overflow in the XSLT engine in Adobe Reader and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2012-1529 (Use-after-free vulnerability in Microsoft Internet Explorer 8 and 9 ...)
	NOT-FOR-US: Internet Explorer
CVE-2012-1528 (Integer overflow in Windows Shell in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1527 (Integer underflow in Windows Shell in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-1526 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1525 (Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-1524 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1523 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1522 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-1521 (Use-after-free vulnerability in the XML parser in Google Chrome before ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2012-1520 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-1519
	RESERVED
CVE-2012-1518 (VMware Workstation 8.x before 8.0.2, VMware Player 4.x before 4.0.2, ...)
	NOT-FOR-US: VMware
CVE-2012-1517 (The VMX process in VMware ESXi 4.1 and ESX 4.1 does not properly ...)
	NOT-FOR-US: VMware
CVE-2012-1516 (The VMX process in VMware ESXi 3.5 through 4.1 and ESX 3.5 through 4.1 ...)
	NOT-FOR-US: VMware
CVE-2012-1515 (VMware ESXi 3.5, 4.0, and 4.1 and ESX 3.5, 4.0, and 4.1 do not ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-1514 (Cross-site request forgery (CSRF) vulnerability in VMware vShield ...)
	NOT-FOR-US: VMware vShield Manager
CVE-2012-1513 (The Web Configuration tool in VMware vCenter Orchestrator (vCO) 4.0 ...)
	NOT-FOR-US: VMware vCenter Orchestrator
CVE-2012-1512 (Cross-site scripting (XSS) vulnerability in the internal browser in ...)
	NOT-FOR-US: VMware vSphere
CVE-2012-1511 (Cross-site scripting (XSS) vulnerability in View Manager Portal in ...)
	NOT-FOR-US: VMware View
CVE-2012-1510 (Buffer overflow in the WDDM display driver in VMware ESXi 4.0, 4.1, ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-1509 (Buffer overflow in the XPDM display driver in VMware View before 4.6.1 ...)
	NOT-FOR-US: VMware View
CVE-2012-1508 (The XPDM display driver in VMware ESXi 4.0, 4.1, and 5.0; VMware ESX ...)
	NOT-FOR-US: VMware ESXi
CVE-2012-1507 (Multiple cross-site scripting (XSS) vulnerabilities in OrangeHRM ...)
	NOT-FOR-US: OrangeHRM
CVE-2012-1506 (SQL injection vulnerability in the updateStatus function in ...)
	NOT-FOR-US: OrangeHRM
CVE-2012-1505
	RESERVED
CVE-2012-1504
	RESERVED
CVE-2012-1503 (Cross-site scripting (XSS) vulnerability in Six Apart (formerly Six ...)
	NOT-FOR-US: Six Apart
CVE-2012-1502 (Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam ...)
	{DSA-2430-1}
	- python-pam 0.4.2-13
CVE-2012-1501
	REJECTED
CVE-2012-1500
	RESERVED
CVE-2012-1499 (The JPEG 2000 codec (jp2.c) in OpenJPEG before 1.5 allows remote ...)
	- openjpeg <not-affected> (vulnerable code introduced after 1.3)
CVE-2012-1498 (Multiple cross-site request forgery (CSRF) vulnerabilities in Webfolio ...)
	NOT-FOR-US: Webfolio CMS
CVE-2012-1497 (The default configuration of Movable Type before 4.38, 5.0x before ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-1496
	RESERVED
CVE-2012-1495
	RESERVED
CVE-2012-1102 [XML::Atom Perl module XML entity expansion]
	RESERVED
	{DSA-2424-1}
	- libxml-atom-perl 0.39-1 (medium)
CVE-2012-1494
	RESERVED
CVE-2012-1493 (F5 BIG-IP appliances 9.x before 9.4.8-HF5, 10.x before 10.2.4, 11.0.x ...)
	NOT-FOR-US: F5 BIG-IP appliances
CVE-2012-1492
	RESERVED
CVE-2012-1491
	RESERVED
CVE-2012-1490
	RESERVED
CVE-2012-1489
	RESERVED
CVE-2012-1488
	RESERVED
CVE-2012-1487
	RESERVED
CVE-2012-1486
	RESERVED
CVE-2012-1485 (Unspecified vulnerability in the NetFront Life Browser ...)
	NOT-FOR-US: NetFront Life Browser for Android
CVE-2012-1484 (Unspecified vulnerability in the WaliSMS CN (cn.com.wali.walisms) ...)
	NOT-FOR-US: WaliSMS CN (cn.com.wali.walisms) application
CVE-2012-1483 (Unspecified vulnerability in the Message Forwarder ...)
	NOT-FOR-US: Message Forwarder for Android
CVE-2012-1482 (Unspecified vulnerability in the TouchPal Contacts ...)
	NOT-FOR-US: TouchPal Contacts for Android
CVE-2012-1481 (Unspecified vulnerability in the Textdroid (com.app.android.textdroid) ...)
	NOT-FOR-US: Textdroid for Android
CVE-2012-1480 (Unspecified vulnerability in the Pansi SMS (com.pansi.msg) application ...)
	NOT-FOR-US: Pansi SMS
CVE-2012-1479 (Unspecified vulnerability in the AContact (com.movester.quickcontact) ...)
	NOT-FOR-US: AContact
CVE-2012-1478 (Unspecified vulnerability in the UCMobile BloveStorm (com.blovestorm) ...)
	NOT-FOR-US: UCMobile BloveStorm
CVE-2012-1477 (Unspecified vulnerability in the Cnectd (mci.cnectd) application 3.1.0 ...)
	NOT-FOR-US: Cnectd
CVE-2012-1476 (Unspecified vulnerability in the KKtalk (com.kkliaotian.android) ...)
	NOT-FOR-US: KKtalk
CVE-2012-1475 (Unspecified vulnerability in the YagattaTalk Messenger ...)
	NOT-FOR-US: YagattaTalk Messenge
CVE-2012-1474 (Unspecified vulnerability in the Youni SMS (com.snda.youni) ...)
	NOT-FOR-US: Youni SMS
CVE-2012-1473
	RESERVED
CVE-2012-1472 (VMware vCenter Chargeback Manager (aka CBM) before 2.0.1 does not ...)
	NOT-FOR-US: VMware vCenter Chargeback Manager
CVE-2012-1471 (Directory traversal vulnerability in catalogue_file.php in ocPortal ...)
	- ocportal <itp> (bug #625865)
CVE-2012-1470 (Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php ...)
	- ocportal <itp> (bug #625865)
CVE-2012-1469 (Multiple cross-site scripting (XSS) vulnerabilities in Open Journal ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1468 (Incomplete blacklist vulnerability in Open Journal Systems before ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1467 (Multiple directory traversal vulnerabilities in the iBrowser plugin ...)
	- ojs <removed> (low)
	[squeeze] - ojs <no-dsa> (Minor issue)
CVE-2012-1466 (The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1465 (Stack-based buffer overflow in the HTTP Server in NetMechanica ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1464 (Dashboard Server for NetMechanica NetDecision before 4.6.1 allows ...)
	NOT-FOR-US: NetMechanica NetDecision
CVE-2012-1463 (The ELF file parser in AhnLab V3 Internet Security 2011.01.18.00, ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1462 (The ZIP file parser in AhnLab V3 Internet Security 2011.01.18.00, AVG ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1461 (The Gzip file parser in AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1460 (The Gzip file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1459 (The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1458 (The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1457 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1456 (The TAR file parser in AVG Anti-Virus 10.0.0.1190, Quick Heal (aka Cat ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1455 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus ...)
	NOT-FOR-US: NOD32 Antivirus, Rising Antivirus
CVE-2012-1454 (The ELF file parser in Dr.Web 5.0.2.03300, eSafe 7.0.17.0, McAfee ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1453 (The CAB file parser in Dr.Web 5.0.2.03300, Trend Micro HouseCall ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1452 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Ikarus Virus ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1451 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1 and Ikarus Virus ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1450 (The CAB file parser in Emsisoft Anti-Malware 5.1.0.1, Sophos ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1449 (The CAB file parser in NOD32 Antivirus 5795 and Rising Antivirus ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1448 (The CAB file parser in Quick Heal (aka Cat QuickHeal) 11.00, Trend ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1447 (The ELF file parser in Fortinet Antivirus 4.2.254.0, eSafe 7.0.17.0, ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1446 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1445 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1444 (The ELF file parser in eSafe 7.0.17.0, Prevx 3.0, Fortinet Antivirus ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1443 (The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, ...)
	NOTE: clamav, but upstream evaluated it as invalid (#668273)
CVE-2012-1442 (The ELF file parser in Quick Heal (aka Cat QuickHeal) 11.00, McAfee ...)
	NOT-FOR-US: Multiple Antivirus applications
CVE-2012-1441 (The Microsoft EXE file parser in eSafe 7.0.17.0 and Prevx 3.0 allows ...)
	NOT-FOR-US: eSafe, Prevx
CVE-2012-1440 (The ELF file parser in Norman Antivirus 6.06.12, eSafe 7.0.17.0, CA ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1439 (The ELF file parser in eSafe 7.0.17.0, Rising Antivirus 22.83.00.03, ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1438 (The Microsoft Office file parser in Comodo Antivirus 7425 and Sophos ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1437 (The Microsoft Office file parser in Comodo Antivirus 7425 allows ...)
	NOT-FOR-US: Comodo Antivirus 7425
CVE-2012-1436 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1435 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1434 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1433 (The Microsoft EXE file parser in AhnLab V3 Internet Security ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1432 (The Microsoft EXE file parser in Emsisoft Anti-Malware 5.1.0.1, eSafe ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1431 (The ELF file parser in Bitdefender 7.2, Command Antivirus 5.2.11.5, ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1430 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, eSafe ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1429 (The ELF file parser in Bitdefender 7.2, Comodo Antivirus 7424, ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1428 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1427 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1426 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command ...)
	NOT-FOR-US: multiple Anti-Virus applications
CVE-2012-1425 (The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK ...)
	NOT-FOR-US: Multiple Antivirus applications
CVE-2012-1424 (The TAR file parser in Antiy Labs AVL SDK 2.0.3.7, Quick Heal (aka Cat ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1423 (The TAR file parser in Command Antivirus 5.2.11.5, Emsisoft ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1422 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, NOD32 ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1421 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Norman ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1420 (The TAR file parser in Quick Heal (aka Cat QuickHeal) 11.00, Command ...)
	NOT-FOR-US: multiple Antivirus applications
CVE-2012-1419 (The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat ...)
	- clamav 0.97.5+dfsg-1 (low; bug #668273)
	[squeeze] - clamav 0.97.5+dfsg-3~squeeze1
CVE-2012-1418 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	NOT-FOR-US: Chrome books
CVE-2012-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Local Phone ...)
	NOT-FOR-US: Yealink VoIP Phone
CVE-2012-1416 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: SocialCMS
CVE-2012-1415 (Cross-site request forgery (CSRF) vulnerability in lib/logout.php in ...)
	NOT-FOR-US: DFLabs PTK
CVE-2012-1414 (Cross-site request forgery (CSRF) vulnerability in manager/news.php in ...)
	NOT-FOR-US: Plume CMS
CVE-2012-1413 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Zen Cart
CVE-2012-1412
	RESERVED
CVE-2012-1411
	RESERVED
CVE-2012-1410 (Multiple cross-site scripting (XSS) vulnerabilities in the History ...)
	- kadu 0.11.0-1
	[squeeze] - kadu <not-affected> (Only affects >= 0.9)
CVE-2012-1409 (Unspecified vulnerability in the Tiny Password ...)
	NOT-FOR-US: Tiny Password
CVE-2012-1408 (Unspecified vulnerability in the App Lock (com.cc.applock) application ...)
	NOT-FOR-US: App Lock
CVE-2012-1407 (Unspecified vulnerability in the GO Message Widget ...)
	NOT-FOR-US: GO Message Widget
CVE-2012-1406 (Unspecified vulnerability in the GO Bookmark Widget ...)
	NOT-FOR-US: GO Bookmark Widget
CVE-2012-1405 (Unspecified vulnerability in the GO Note Widget ...)
	NOT-FOR-US: GO Note Widget
CVE-2012-1404 (Unspecified vulnerability in the Dolphin Browser Mini ...)
	NOT-FOR-US: Dolphin Browser Mini
CVE-2012-1403 (Unspecified vulnerability in the Dolphin Browser CN ...)
	NOT-FOR-US: Dolphin Browser CN
CVE-2012-1402 (Unspecified vulnerability in the QianXun YingShi (com.qianxun.yingshi) ...)
	NOT-FOR-US: QianXun YingShi
CVE-2012-1401 (Unspecified vulnerability in the CamScanner (com.intsig.camscanner) ...)
	NOT-FOR-US: CamScanner
CVE-2012-1400 (Unspecified vulnerability in the U+Box 2.0 Pad (lg.uplusbox.pad) ...)
	NOT-FOR-US: U+Box
CVE-2012-1399 (Unspecified vulnerability in the U+Box 2.0 (lg.uplusbox) application ...)
	NOT-FOR-US: U+Box
CVE-2012-1398 (Unspecified vulnerability in the GO WeiboWidget ...)
	NOT-FOR-US: GO WeiboWidget
CVE-2012-1397 (Unspecified vulnerability in the GO QQWeiboWidget ...)
	NOT-FOR-US: GO QQWeiboWidget
CVE-2012-1396 (Unspecified vulnerability in the GO FBWidget ...)
	NOT-FOR-US: GO FBWidget
CVE-2012-1395 (Unspecified vulnerability in the GO TwiWidget ...)
	NOT-FOR-US: GO TwiWidget
CVE-2012-1394 (Unspecified vulnerability in the GO Email Widget ...)
	NOT-FOR-US: GO Email Widget
CVE-2012-1393 (Unspecified vulnerability in the GO SMS Pro (com.jb.gosms) application ...)
	NOT-FOR-US: GO SMS Pro
CVE-2012-1392 (Unspecified vulnerability in the Dolphin Browser HD ...)
	NOT-FOR-US: Dolphin Browser HD
CVE-2012-1391 (Unspecified vulnerability in the mOffice - Outlook sync ...)
	NOT-FOR-US: mOffice - Outlook sync
CVE-2012-1390 (Unspecified vulnerability in the Miso (com.bazaarlabs.miso) ...)
	NOT-FOR-US: Miso
CVE-2012-1389 (Unspecified vulnerability in the Di Long Weibo (com.icekirin.weibos) ...)
	NOT-FOR-US: Di Long Weibo
CVE-2012-1388 (Unspecified vulnerability in the XiXunTianTian (com.xixun.tiantian) ...)
	NOT-FOR-US: XiXunTianTian
CVE-2012-1387 (Unspecified vulnerability in the RealTalk (com.tmsmanager.tms) ...)
	NOT-FOR-US: RealTalk
CVE-2012-1386 (Unspecified vulnerability in the YouMail Visual Voicemail Plus ...)
	NOT-FOR-US: YouMail Visual Voicemail Plus
CVE-2012-1385 (Unspecified vulnerability in the NetEase WeiboHD (com.netease.wbhd) ...)
	NOT-FOR-US: NetEase WeiboHD
CVE-2012-1384 (Unspecified vulnerability in the NetEase Pmail (com.netease.rpmms) ...)
	NOT-FOR-US: NetEase Pmail
CVE-2012-1383 (Unspecified vulnerability in the NetEase Reader (com.netease.pris) ...)
	NOT-FOR-US: NetEase Reader
CVE-2012-1382 (Unspecified vulnerability in the Youdao Dictionary (com.youdao.dict) ...)
	NOT-FOR-US: Youdao Dictionary
CVE-2012-1381 (Unspecified vulnerability in the NetEase CloudAlbum ...)
	NOT-FOR-US: NetEase CloudAlbum
CVE-2012-1380 (Unspecified vulnerability in the NetEaseWeibo (com.netease.wb) ...)
	NOT-FOR-US: NetEaseWeibo
CVE-2012-1379
	RESERVED
CVE-2012-1378
	RESERVED
CVE-2012-1377
	RESERVED
CVE-2012-1376
	RESERVED
CVE-2012-1375
	RESERVED
CVE-2012-1374
	RESERVED
CVE-2012-1373
	RESERVED
CVE-2012-1372
	RESERVED
CVE-2012-1371
	RESERVED
CVE-2012-1370 (Cisco AnyConnect Secure Mobility Client 3.0 before 3.0.08057 allows ...)
	NOT-FOR-US: Cisco
CVE-2012-1369
	RESERVED
CVE-2012-1368
	RESERVED
CVE-2012-1367 (The MallocLite implementation in Cisco IOS 12.0, 12.2, 15.0, 15.1, and ...)
	NOT-FOR-US: Cisco
CVE-2012-1366 (Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1365 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2012-1364 (Cisco Unified Computing System (UCS) 1.4 and 2.0 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2012-1363
	RESERVED
CVE-2012-1362
	RESERVED
CVE-2012-1361 (Cisco IOS 15.1 and 15.2, when the Multicast Music-on-Hold (MMoH) ...)
	NOT-FOR-US: Cisco
CVE-2012-1360
	RESERVED
CVE-2012-1359
	RESERVED
CVE-2012-1358
	RESERVED
CVE-2012-1357 (The igmp_snoop_orib_fill_source_update function in the IGMP process in ...)
	NOT-FOR-US: NX-OS
CVE-2012-1356
	RESERVED
CVE-2012-1355
	RESERVED
CVE-2012-1354
	RESERVED
CVE-2012-1353
	RESERVED
CVE-2012-1352
	RESERVED
CVE-2012-1351
	RESERVED
CVE-2012-1350 (Cisco IOS 12.3 and 12.4 on Aironet access points allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1349
	RESERVED
CVE-2012-1348 (Cisco Wide Area Application Services (WAAS) appliances with software ...)
	NOT-FOR-US: Cisco Wide Area Application Services
CVE-2012-1347
	RESERVED
CVE-2012-1346 (Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco Emergency Responder
CVE-2012-1345
	RESERVED
CVE-2012-1344 (Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1343
	RESERVED
CVE-2012-1342 (Cisco Carrier Routing System (CRS) 3.9, 4.0, and 4.1 allows remote ...)
	NOT-FOR-US: Cisco Carrier Routing System
CVE-2012-1341
	RESERVED
CVE-2012-1340 (The Fibre Channel over IP (FCIP) implementation in Cisco MDS NX-OS 4.2 ...)
	NOT-FOR-US: Cisco MDS NX-OS
CVE-2012-1339 (The Fabric Interconnect component in Cisco Unified Computing System ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-1338 (Cisco IOS 15.0 and 15.1 on Catalyst 3560 and 3750 series switches ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1337 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-1336 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-1335 (Buffer overflow in the Cisco WebEx Recording Format (WRF) player T27 L ...)
	NOT-FOR-US: Cisco WebEx
CVE-2012-1334
	RESERVED
CVE-2012-1333
	RESERVED
CVE-2012-1332
	RESERVED
CVE-2012-1331
	RESERVED
CVE-2012-1330
	RESERVED
CVE-2012-1329
	RESERVED
CVE-2012-1328 (Cisco Unified IP Phones 9900 series devices with firmware 9.1 and 9.2 ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2012-1327 (dot11t/t_if_dot11_hal_ath.c in Cisco IOS 12.3, 12.4, 15.0, and 15.1 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1326
	RESERVED
CVE-2012-1325
	RESERVED
CVE-2012-1324 (Race condition in the Zone-Based Firewall in Cisco IOS 15.1 and 15.2, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1323
	RESERVED
CVE-2012-1322
	RESERVED
CVE-2012-1321
	RESERVED
CVE-2012-1320
	RESERVED
CVE-2012-1319
	RESERVED
CVE-2012-1318
	RESERVED
CVE-2012-1317 (The multicast implementation in Cisco IOS before 15.1(1)SY allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1316
	RESERVED
CVE-2012-1315 (Memory leak in the SIP inspection feature in the Zone-Based Firewall ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1314 (The WAAS Express feature in Cisco IOS 15.1 and 15.2 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1313 (The remote debug shell on the PALO adapter card in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Computing System
CVE-2012-1312 (The MACE feature in Cisco IOS 15.1 and 15.2 allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1311 (The RSVP feature in Cisco IOS 15.0 and 15.1 and IOS XE 3.2.xS through ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1310 (Memory leak in the Zone-Based Firewall in Cisco IOS 12.4, 15.0, 15.1, ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-1309
	RESERVED
CVE-2012-1308 (Cross-site request forgery (CSRF) vulnerability in redpass.cgi in ...)
	NOT-FOR-US: D-Link
CVE-2012-1307
	RESERVED
CVE-2012-1306
	RESERVED
CVE-2012-1305
	RESERVED
CVE-2012-1304
	RESERVED
CVE-2012-1303 (Multiple cross-site scripting (XSS) vulnerabilities in amCharts Flash ...)
	NOT-FOR-US: amCharts Flash
CVE-2012-1302 (Multiple cross-site scripting (XSS) vulnerabilities in amMap 2.6.3 ...)
	NOT-FOR-US: amMap
CVE-2012-1301 (The FeedProxy.aspx script in Umbraco 4.7.0 allows remote attackers to ...)
	NOT-FOR-US: Umbraco
CVE-2012-1300
	RESERVED
CVE-2012-1299
	RESERVED
CVE-2012-1298
	RESERVED
CVE-2012-1297 (Multiple cross-site request forgery (CSRF) vulnerabilities in main.php ...)
	NOT-FOR-US: Contao
CVE-2012-1296 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Elefant CMS
CVE-2012-1295
	RESERVED
CVE-2012-1294 (SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote ...)
	NOT-FOR-US: CONTIMEX Impulsio CMS
CVE-2012-1292 (Unspecified vulnerability in the MessagingSystem servlet in SAP ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1291 (Unspecified vulnerability in the ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1290 (Cross-site scripting (XSS) vulnerability in b2b/auction/container.jsp ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1289 (Multiple directory traversal vulnerabilities in SAP NetWeaver 7.0 ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2012-1293 (Multiple cross-site scripting (XSS) vulnerabilities in fup in Frams' ...)
	{DSA-2414-1}
	- fex 20120215-1 (low; bug #660621)
CVE-2012-1288 (The UTC Fire &amp; Security GE-MC100-NTP/GPS-ZB Master Clock device uses ...)
	NOT-FOR-US: UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock
CVE-2012-1287
	RESERVED
CVE-2012-1286
	RESERVED
CVE-2012-1285
	RESERVED
CVE-2012-1284
	RESERVED
CVE-2012-1283
	RESERVED
CVE-2012-1282
	RESERVED
CVE-2012-1281
	RESERVED
CVE-2012-1280
	RESERVED
CVE-2012-1279
	RESERVED
CVE-2012-1278
	RESERVED
CVE-2012-1277
	RESERVED
CVE-2012-1276
	RESERVED
CVE-2012-1275
	RESERVED
CVE-2012-1274
	RESERVED
CVE-2012-1273
	RESERVED
CVE-2012-1272
	RESERVED
CVE-2012-1271
	RESERVED
CVE-2012-1270
	RESERVED
CVE-2012-1269
	RESERVED
CVE-2012-1268
	RESERVED
CVE-2012-1267
	RESERVED
CVE-2012-1266
	RESERVED
CVE-2012-1265
	RESERVED
CVE-2012-1264 (Unspecified vulnerability in Gretech GOM Media Player before ...)
	NOT-FOR-US: Gretech GOM Media Player
CVE-2012-1263
	RESERVED
CVE-2012-1262 (Cross-site scripting (XSS) vulnerability in cgi-bin/mt/mt-wizard.cgi ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-1261
	RESERVED
CVE-2012-1260
	RESERVED
CVE-2012-1259
	RESERVED
CVE-2012-1258
	RESERVED
CVE-2012-1257
	RESERVED
	- pidgin <unfixed> (unimportant)
	NOTE: Negligable local information disclosure
CVE-2012-1256 (The single sign-on (SSO) implementation in EasyVista before ...)
	NOT-FOR-US: EasyVista
CVE-2012-1255 (SQL injection vulnerability in Segue 2.2.10.2 and earlier allows ...)
	NOT-FOR-US: Segue (CMS)
CVE-2012-1254 (Cross-site scripting (XSS) vulnerability in Segue 2.2.10.2 and earlier ...)
	NOT-FOR-US: Segue (CMS)
CVE-2012-1253 (Cross-site scripting (XSS) vulnerability in Roundcube Webmail before ...)
	- roundcube 0.7-1 (low)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2012-1252 (Cross-site scripting (XSS) vulnerability in RSSOwl before 2.1.1 allows ...)
	- rssowl <itp> (bug #346541)
CVE-2012-1251 (Opera before 9.63 does not properly verify X.509 certificates from SSL ...)
	NOT-FOR-US: Opera
CVE-2012-1250 (Logitec LAN-W300N/R routers with firmware before 2.27 do not properly ...)
	NOT-FOR-US: Logitec LAN-W300N/R device
CVE-2012-1249 (The iLunascape application 1.0.4.0 and earlier for Android does not ...)
	NOT-FOR-US: iLunascape
CVE-2012-1248 (app/config/core.php in baserCMS 1.6.15 and earlier does not properly ...)
	NOT-FOR-US: BaserCMS
CVE-2012-1247 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...)
	NOT-FOR-US: KENT-WEB WEB MART
CVE-2012-1246 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB MART 1.7 and ...)
	NOT-FOR-US: KENT-WEB WEB MART
CVE-2012-1245 (Cross-site scripting (XSS) vulnerability in the cleanup_urls function ...)
	NOT-FOR-US: OSQA
CVE-2012-1244 (The NTT DOCOMO sp mode mail application 5400 and earlier for Android ...)
	NOT-FOR-US: Android app
CVE-2012-1243 (The TwitRocker2 application before 1.0.23 for Android does not ...)
	NOT-FOR-US: Android app
CVE-2012-1242 (Untrusted search path vulnerability in JustSystems Ichitaro 2011 Sou, ...)
	NOT-FOR-US: various Ichitaro products
CVE-2012-1241 (GRScript18.dll before 1.2.2.0 in ActiveScriptRuby (ASR) before 1.8.7 ...)
	NOT-FOR-US: ActiveScriptRuby
CVE-2012-1240 (Cross-site scripting (XSS) vulnerability in the RECRUIT Dokodemo ...)
	NOT-FOR-US: RECRUIT Dokodemo
CVE-2012-1239 (The TopAccess web-based management interface on TOSHIBA TEC e-Studio ...)
	NOT-FOR-US: TOSHIBA TEC e-Studio
CVE-2012-1238 (Session fixation vulnerability in SENCHA SNS before 1.0.2 allows ...)
	NOT-FOR-US: SENCHA SNS
CVE-2012-1237 (Cross-site request forgery (CSRF) vulnerability in SENCHA SNS before ...)
	NOT-FOR-US: SENCHA SNS
CVE-2012-1236 (Multiple cross-site request forgery (CSRF) vulnerabilities in Janetter ...)
	NOT-FOR-US: Janetter
CVE-2012-1235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1234 (SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-1233
	RESERVED
CVE-2012-1232
	RESERVED
CVE-2012-1231
	RESERVED
CVE-2012-1230
	RESERVED
CVE-2012-1229
	RESERVED
CVE-2012-1228
	RESERVED
CVE-2012-1227 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: pluck
CVE-2012-1226 (Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 ...)
	- dolibarr 3.3.4-1
CVE-2012-1225 (Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and ...)
	- dolibarr 3.3.4-1
CVE-2012-1224 (Cross-site scripting (XSS) vulnerability in system/classes/login.php ...)
	NOT-FOR-US: ContentLion Alpha
CVE-2012-1223 (RabidHamster R2/Extreme 1.65 and earlier uses a small search space of ...)
	NOT-FOR-US: RabidHamster
CVE-2012-1222 (Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and ...)
	NOT-FOR-US: RabidHamster
CVE-2012-1221 (Directory traversal vulnerability in the telnet server in RabidHamster ...)
	NOT-FOR-US: RabidHamster
CVE-2012-1220 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: GAzie
CVE-2012-1219 (Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit ...)
	NOT-FOR-US: freelancerKit
CVE-2012-1218 (Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow ...)
	NOT-FOR-US: freelancerKit
CVE-2012-1217 (Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web ...)
	NOT-FOR-US: STHS
CVE-2012-1216 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PBBoard
CVE-2012-1215 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...)
	NOT-FOR-US: Yoono extension
CVE-2012-1214 (Cross-site scripting (XSS) vulnerability in the Add friends module in ...)
	NOT-FOR-US: Yoono Desktop Application
CVE-2012-1213 (Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in ...)
	NOT-FOR-US: Zimbra Web Client
CVE-2012-1212 (Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName ...)
	NOT-FOR-US: Semantic Enterprise Wiki
CVE-2012-1211 (Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in ...)
	NOT-FOR-US: Powie pFile
CVE-2012-1210 (SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 ...)
	NOT-FOR-US: Powie pFile
CVE-2012-1209 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1208 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1207 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1206 (Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote ...)
	NOT-FOR-US: Hancom Office
CVE-2012-1205 (PHP remote file inclusion vulnerability in relocate-upload.php in ...)
	NOT-FOR-US: Relocate Upload plugin
CVE-2012-1204
	RESERVED
CVE-2012-1203 (Cross-site request forgery (CSRF) vulnerability in starnet/index.php ...)
	NOT-FOR-US: SyndeoCMS
CVE-2012-1202
	RESERVED
CVE-2012-1201
	RESERVED
CVE-2012-1200 (Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow ...)
	NOT-FOR-US: Nova CMS
CVE-2012-1199 (Multiple PHP remote file inclusion vulnerabilities in Basic Analysis ...)
	- acidbase <removed> (unimportant)
	NOTE: requires register_globals to be on
CVE-2012-1198 (base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 ...)
	- acidbase <removed> (unimportant; bug #661020)
	NOTE: unreproducible issue, extremely low on details in original report
CVE-2012-1197 (Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build ...)
	NOT-FOR-US: ACDSee
CVE-2012-1196 (Directory traversal vulnerability in the VulCore web service ...)
	NOT-FOR-US: Lenovo ThinkManagement Console
CVE-2012-1195 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Lenovo ThinkManagement Console
CVE-2012-1194 (The resolver in the DNS Server service in Microsoft Windows Server ...)
	NOTE: DNS protocol flaw
CVE-2012-1193 (The resolver in PowerDNS Recursor (aka pdns_recursor) 3.3 overwrites ...)
	NOTE: DNS protocol flaw
CVE-2012-1192 (The resolver in Unbound before 1.4.11 overwrites cached server names ...)
	NOTE: DNS protocol flaw
CVE-2012-1191 (The resolver in dnscache in Daniel J. Bernstein djbdns 1.05 overwrites ...)
	- djbdns <removed>
	NOTE: DNS protocol flaw
	NOTE: RH made an update: https://bugzilla.redhat.com/show_bug.cgi?id=838761
CVE-2011-5081 (Cross-site scripting (XSS) vulnerability in RestoreFile.pm in BackupPC ...)
	- backuppc 3.1.0-9.1 (low; bug #661011)
	[squeeze] - backuppc 3.1.0-9.1
	[lenny] - backuppc <no-dsa> (Minor issue)
CVE-2012-0869 (Cross-site scripting (XSS) vulnerability in fup in Frams' Fast File ...)
	{DSA-2414-1}
	- fex 20120215-1 (low; bug #660621)
CVE-2012-1190 (Cross-site scripting (XSS) vulnerability in the replication-setup ...)
	- phpmyadmin 4:3.4.10.1-1 (unimportant)
	[lenny] - phpmyadmin <not-affected>
	[squeeze] - phpmyadmin <not-affected>
	NOTE: hypothetical issue
CVE-2012-1189 (Stack-based buffer overflow in modules/graphic/ssgraph/grsound.cpp in ...)
	- torcs 1.3.3-1 (low; bug #660555)
	[squeeze] - torcs <no-dsa> (Minor issue)
	- speed-dreams <itp> (bug #599884)
CVE-2012-1188 (Multiple cross-site scripting (XSS) vulnerabilities in Fork CMS before ...)
	NOT-FOR-US: Fork CMS
CVE-2012-1187
	RESERVED
	- bitlbee 3.0.4+bzr855-1 (low)
	[squeeze] - bitlbee <no-dsa> (Minor issue)
CVE-2012-1186 (Integer overflow in the SyncImageProfiles function in profile.c in ...)
	{DSA-2462-1}
	- imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1185 (Multiple integer overflows in (1) magick/profile.c or (2) ...)
	{DSA-2462-1}
	- imagemagick 8:6.6.9.7-7 (bug #665007)
CVE-2012-1184 (Stack-based buffer overflow in the ast_parse_digest function in ...)
	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
	[squeeze] - asterisk <not-affected> (HTTP digest authentication code not present)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1183 (Stack-based buffer overflow in the milliwatt_generate function in the ...)
	{DSA-2460-1}
	- asterisk 1:1.8.10.0~dfsg-1 (bug #664411)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/16/10
CVE-2012-1182 (The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before ...)
	{DSA-2450-1}
	- samba 2:3.6.4-1 (bug #668309)
	- samba4 4.0.0~alpha19+dfsg1-1 (bug #668309)
CVE-2012-1181 (fcgid_spawn_ctl.c in the mod_fcgid module 2.3.6 for the Apache HTTP ...)
	{DSA-2436-1}
	- libapache2-mod-fcgid 1:2.3.6-1.1 (bug #615814)
CVE-2012-1180 (Use-after-free vulnerability in nginx before 1.0.14 and 1.1.x before ...)
	{DSA-2434-1}
	- nginx 1.1.17-1 (bug #664137)
	NOTE: http://seclists.org/oss-sec/2012/q1/644
CVE-2012-1179 (The Linux kernel before 3.3.1, when KVM is used, allows guest OS users ...)
	- linux-2.6 3.2.14-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-1178 (The msn_oim_report_to_user function in oim.c in the MSN protocol ...)
	- pidgin 2.10.2-1 (low; bug #664030)
	[squeeze] - pidgin <no-dsa> (Only exploitable by malicious server)
	NOTE: http://pidgin.im/news/security/?id=61
CVE-2012-1177 (libgdata before 0.10.2 and 0.11.x before 0.11.1 does not validate SSL ...)
	{DSA-2482-1}
	- libgdata 0.10.2-1 (bug #664032)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/3
CVE-2012-1176 (Buffer overflow in the fribidi_utf8_to_unicode function in PyFriBidi ...)
	- pyfribidi 0.11.0-1 (bug #663189)
	[squeeze] - pyfribidi <no-dsa> (Minor issue)
CVE-2012-1175 (Integer overflow in the GnashImage::size method in ...)
	{DSA-2435-1}
	- gnash 0.8.10-5 (bug #664023)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/5
CVE-2012-1174 (The rm_rf_children function in util.c in the systemd-logind login ...)
	- systemd 44-1 (bug #664364)
CVE-2012-1173 (Multiple integer overflows in tiff_getimage.c in LibTIFF 3.9.4 allow ...)
	{DSA-2447-1}
	- tiff3 3.9.6-2
	- tiff 4.0.1-2
CVE-2012-1172 (The file-upload implementation in rfc1867.c in PHP before 5.4.0 does ...)
	{DSA-2465-1}
	- php5 5.4.0-1 (bug #663760)
CVE-2012-1171 (The libxml RSHUTDOWN function in PHP 5.x allows remote attackers to ...)
	- php5 <removed> (unimportant)
	NOTE: according to php's security statement, safemode bypass issues are not treated as security-relevant
CVE-2012-1170
	RESERVED
	- moodle <not-affected> (Only affects 2.2)
CVE-2012-1169
	RESERVED
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1168
	RESERVED
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1167 (The JBoss Server in JBoss Enterprise Application Platform 5.1.x before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2012-1166 (The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x ...)
	- ldm  2:2.2.7-1 (bug #663645)
	[squeeze] - ldm <not-affected> (Introduced in 2.2)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ldm/+bug/953340
CVE-2012-1165 (The mime_param_cmp function in crypto/asn1/asn_mime.c in OpenSSL ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1 (low; bug #663642)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/3
CVE-2012-1164 (slapd in OpenLDAP before 2.4.30 allows remote attackers to cause a ...)
	{DLA-203-1}
	- openldap 2.4.31-1 (low; bug #663644)
	[squeeze] - openldap <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/12/4
CVE-2012-1163 (Integer overflow in the _zip_readcdir function in zip_open.c in libzip ...)
	- libzip 0.10.1-1 (bug #664990)
	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
CVE-2012-1162 (Heap-based buffer overflow in the _zip_readcdir function in zip_open.c ...)
	- libzip 0.10.1-1 (bug #664990)
	[squeeze] - libzip <not-affected> (Only affects 0.10.x)
CVE-2012-1161
	RESERVED
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1160
	RESERVED
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1159
	RESERVED
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1158
	RESERVED
	- moodle <not-affected> (Only affects 2.1 to 2.2)
CVE-2012-1157
	RESERVED
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1156
	RESERVED
	- moodle <not-affected> (Only affects 2.0 to 2.2)
CVE-2012-1155
	RESERVED
	- moodle 1.9.9.dfsg2-6 (low; bug #668411)
	[squeeze] - moodle 1.9.9.dfsg2-2.1+squeeze4
CVE-2012-1154 (mod_cluster 1.0.10 before 1.0.10 CP03 and 1.1.x before 1.1.4, as used ...)
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2012-1153 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: AppRain CMS
CVE-2012-1152 (Multiple format string vulnerabilities in the error reporting ...)
	{DSA-2432-1}
	- libyaml-libyaml-perl 0.38-2 (bug #661548)
CVE-2012-1151 (Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka ...)
	{DSA-2431-1}
	- libdbd-pg-perl 2.19.0-1 (bug #661536)
CVE-2012-1150 (Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x ...)
	{DLA-25-1}
	- python2.5 <removed> (low)
	- python2.6 2.6.8-0.1 (low)
	- python2.7 2.7.3~rc1-1 (low)
	- python3.2 3.2.3-1 (low)
	- python3.1 <removed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
CVE-2012-1149 (Integer overflow in the vclmi.dll module in OpenOffice.org (OOo) 3.3, ...)
	{DSA-2487-1 DSA-2473-1}
	- libreoffice 1:3.4.5-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2012-1148 (Memory leak in the poolGrow function in expat/lib/xmlparse.c in expat ...)
	{DSA-2525-1}
	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
	- expat 2.1.0~beta3-1 (bug #663579)
CVE-2012-1147 (readfilemap.c in expat before 2.1.0 allows context-dependent attackers ...)
	- expat <not-affected> (readfilemap.c is not used in *IX)
CVE-2012-1146 (The mem_cgroup_usage_unregister_event function in mm/memcontrol.c in ...)
	- linux-2.6 3.2.10-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-1145 (spacewalk-backend in Red Hat Network Satellite 5.4 on Red Hat ...)
	NOT-FOR-US: RHN Satellite
CVE-2012-1144 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1143 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1142 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1141 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1140 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1139 (Array index error in FreeType before 2.4.9, as used in Mozilla Firefox ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1138 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1137 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1136 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1135 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1134 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1133 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	{DSA-2428-1}
	- freetype 2.4.9-1 (bug #662864)
CVE-2012-1132 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1131 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1130 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1129 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1128 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1127 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1126 (FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 ...)
	- freetype 2.4.9-1 (unimportant; bug #662864)
	NOTE: Crash only
CVE-2012-1125 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Kish Guest Posting Plugin for WordPress (not in Debian)
CVE-2012-1124
	RESERVED
	NOT-FOR-US: phxEventManager not in Debian
CVE-2012-1123 (The mci_check_login function in api/soap/mc_api.php in the SOAP API in ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (bug #662858)
CVE-2012-1122 (bug_actiongroup.php in MantisBT before 1.2.9 does not properly check ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669927)
CVE-2012-1121 (MantisBT before 1.2.9 does not properly check permissions, which ...)
	- mantis 1.2.10-1 (low; bug #669926)
	[squeeze] - mantis <not-affected> (according to maintainer)
CVE-2012-1120 (The SOAP API in MantisBT before 1.2.9 does not properly enforce the ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669925)
CVE-2012-1119 (MantisBT before 1.2.9 does not audit when users copy or clone a bug ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669928)
CVE-2012-1118 (The access_has_bug_level function in core/access_api.php in MantisBT ...)
	{DSA-2500-1}
	- mantis 1.2.10-1 (low; bug #669924)
CVE-2012-1117 (Cross-site scripting (XSS) vulnerability in Joomla! 2.5.0 and 2.5.1 ...)
	NOT-FOR-US: Joomla
CVE-2012-1116 (SQL injection vulnerability in Joomla! 1.7.x and 2.5.x before 2.5.2 ...)
	NOT-FOR-US: Joomla
CVE-2012-1115
	RESERVED
	- phpldapadmin 1.2.2-3 (low; bug #662050)
	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
	- ldap-account-manager 3.6-2 (low; bug #661904)
	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2012-1114
	RESERVED
	- phpldapadmin 1.2.2-3 (low; bug #662050)
	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
	- ldap-account-manager 3.6-2 (low; bug #661904)
	[squeeze] - ldap-account-manager <no-dsa> (Minor issue)
CVE-2012-1113 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- gallery2 2.3.2.dfsg-1 (low)
	[squeeze] - gallery2 <no-dsa> (Minor issue)
CVE-2012-1112 (Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier ...)
	NOT-FOR-US: OpenRealty CMS not in Debian
CVE-2012-1111 (lightdm before 1.0.9 does not properly close file descriptors before ...)
	- lightdm 1.0.9-1 (bug #658678)
CVE-2012-1110 (Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and ...)
	NOT-FOR-US: etano not in Debian
CVE-2012-1109
	RESERVED
	NOT-FOR-US: mwlib not in Debian
CVE-2012-1108 (The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier ...)
	- taglib 1.7.1-1 (low; bug #662705)
	[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1107 (The analyzeCurrent function in ape/apeproperties.cpp in TagLib 1.7 and ...)
	- taglib 1.7.1-1 (low; bug #662705)
	[squeeze] - taglib <no-dsa> (Minor issue)
CVE-2012-1106 (The C handler plug-in in Automatic Bug Reporting Tool (ABRT), possibly ...)
	NOT-FOR-US: abrt is Red Hat / Fedora specific
CVE-2012-1105
	RESERVED
	- moodle 2.2.7.dfsg-1 (low; bug #662945)
	[squeeze] - moodle <no-dsa> (Minor issue)
	- glpi 0.80.7-2 (unimportant; bug #662944)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1104
	RESERVED
	- moodle 2.2.7.dfsg-1 (low; bug #662945)
	[squeeze] - moodle <no-dsa> (Minor issue)
	- glpi 0.80.7-2 (unimportant; bug #662944)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1103 (emacs/notmuch-mua.el in Notmuch before 0.11.1, when using the Emacs ...)
	{DSA-2416-1}
	- notmuch 0.11.1-1
CVE-2012-1101
	RESERVED
	- systemd 43-1 (bug #662029)
CVE-2012-1100 (Red Hat JBoss Operations Network (JON) 3.0.x before 3.0.1, 2.4.2, and ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-1099 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2466-1}
	- ruby-actionpack-2.3 2.3.14-3 (bug #668607)
	- rails 2.3.14
	NOTE: (code lives within ruby-actionpack in unstable)
CVE-2012-1098 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 3.0.x before ...)
	- ruby-actionpack-2.3 2.3.14-3 (bug #668977)
	- rails 2.3.14
	[squeeze] - rails <not-affected> (Vulnerable code not present)
	NOTE: (code lives within ruby-actionpack in unstable)
CVE-2012-1097 (The regset (aka register set) feature in the Linux kernel before ...)
	{DSA-2443-1}
	- linux-2.6 3.2.10-1 (low)
CVE-2012-1096
	RESERVED
	- network-manager <unfixed> (low; bug #684259)
	[stretch] - network-manager <ignored> (Minor issue)
	[jessie] - network-manager <ignored> (Minor issue)
	[wheezy] - network-manager <ignored> (Minor issue)
	[squeeze] - network-manager <no-dsa> (Minor issue)
CVE-2012-1095 (osc before 0.134 might allow remote OBS repository servers or package ...)
	- osc <unfixed> (unimportant)
	NOTE: This is ultimately a bug in the respectice terminal emulations and not a vulnerability in osc
CVE-2012-1094
	RESERVED
	- libapache2-mod-cluster <itp> (bug #731410)
CVE-2012-1093 [init script x11-common creates directories in insecure manner]
	RESERVED
	- xorg 1:7.6+12 (bug #661627)
	[squeeze] - xorg <no-dsa> (maintainer suggests no-dsa; confirm)
CVE-2012-1092
	REJECTED
CVE-2012-1091
	REJECTED
CVE-2012-1090 (The cifs_lookup function in fs/cifs/dir.c in the Linux kernel before ...)
	{DSA-2443-1}
	- linux-2.6 3.2.10-1
CVE-2012-1089 (Directory traversal vulnerability in Apache Wicket 1.4.x before 1.4.20 ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-1088 (iproute2 before 3.3.0 allows local users to overwrite arbitrary files ...)
	- iproute 20120319-1 (unimportant)
	NOTE: 1st issue only exploitable at build time / 2nd issue just example script in iproute-doc
CVE-2012-1087 (Cross-site scripting (XSS) vulnerability in the Post data records to ...)
	NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1086 (Cross-site scripting (XSS) vulnerability in the UrlTool (aeurltool) ...)
	NOT-FOR-US: aeurltool extension for TYPO3
CVE-2012-1085 (Unspecified vulnerability in the BE User Switch (beuserswitch) ...)
	NOT-FOR-US: beuserswitch for TYPO3
CVE-2012-1084 (Cross-site scripting (XSS) vulnerability in the BE User Switch ...)
	NOT-FOR-US: beuserswitch for TYPO3
CVE-2012-1083 (Cross-site request forgery (CSRF) vulnerability in the Terminal PHP ...)
	NOT-FOR-US: terminal extension TYPO3
CVE-2012-1082 (Cross-site scripting (XSS) vulnerability in the Terminal PHP Shell ...)
	NOT-FOR-US: terminal extension TYPO3
CVE-2012-1081 (Cross-site scripting (XSS) vulnerability in the Yet another Google ...)
	NOT-FOR-US: ya_googlesearch extension for TYPO3
CVE-2012-1080 (Cross-site scripting (XSS) vulnerability in the Euro Calculator ...)
	NOT-FOR-US: skt_eurocalc extension for TYPO3
CVE-2012-1079 (Unspecified vulnerability in the Webservices for TYPO3 ...)
	NOT-FOR-US: typo3_webservice extension for TYPO3
CVE-2012-1078 (The System Utilities (sysutils) extension 1.0.3 and earlier for TYPO3 ...)
	NOT-FOR-US: sysutils extension for TYPO3
CVE-2012-1077 (SQL injection vulnerability in the Post data records to facebook ...)
	NOT-FOR-US: bc_post2facebook extension for TYPO3
CVE-2012-1076 (Cross-site scripting (XSS) vulnerability in the Documents download ...)
	NOT-FOR-US: rtg_files extension for TYPO3
CVE-2012-1075 (SQL injection vulnerability in the Documents download (rtg_files) ...)
	NOT-FOR-US: rtg_files extension for TYPO3
CVE-2012-1074 (SQL injection vulnerability in the White Papers (mm_whtppr) extension ...)
	NOT-FOR-US: mm_whtppr extension for TYPO3
CVE-2012-1073 (Cross-site scripting (XSS) vulnerability in the Category-System ...)
	NOT-FOR-US: toi_category extension for TYPO3
CVE-2012-1072 (SQL injection vulnerability in the Category-System (toi_category) ...)
	NOT-FOR-US: toi_category extension for TYPO3
CVE-2012-1071 (SQL injection vulnerability in the Kitchen recipe (mv_cooking) ...)
	NOT-FOR-US: mv_cooking extension for TYPO3
CVE-2012-1070 (Cross-site scripting (XSS) vulnerability in the Modern FAQ (irfaq) ...)
	NOT-FOR-US: irfaq extension for TYPO3
CVE-2012-1069 (Cross-site scripting (XSS) vulnerability in module/kb/search_word in ...)
	NOT-FOR-US: lknSupport
CVE-2012-1068 (Cross-site scripting (XSS) vulnerability in the rc_ajax function in ...)
	NOT-FOR-US: WP-RecentComments plugin for WordPress
CVE-2012-1067 (SQL injection vulnerability in the WP-RecentComments plugin 2.0.7 for ...)
	NOT-FOR-US: WP-RecentComments plugin for WordPress
CVE-2012-1066 (Cross-site scripting (XSS) vulnerability in the template module in ...)
	NOT-FOR-US: SmartyCMS
CVE-2012-1065 (Insecure method vulnerability in TuxScripting.dll in the TuxSystem ...)
	NOT-FOR-US: TuxSystem
CVE-2012-1064 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer ...)
	NOT-FOR-US: EMC RSA Archer
CVE-2011-5080 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: jftcaforms extension for TYPO3
CVE-2011-5079 (Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 ...)
	NOT-FOR-US: irfaq extension for TYPO3
CVE-2010-5085 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Hulihan Amethyst
CVE-2010-5084 (The cross-site request forgery (CSRF) protection mechanism in e107 ...)
	NOT-FOR-US: e107
CVE-2010-5083 (SQL injection vulnerability in the Web_Links module for PHP-Nuke 8.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2012-1063 (Multiple SQL injection vulnerabilities in ManageEngine Applications ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2012-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2012-1061 (SQL injection vulnerability in GForge Advanced Server 6.0.0 and other ...)
	NOT-FOR-US: GForge Advanced Server
CVE-2012-1060 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Taxonomy module for Drupal
CVE-2012-1059 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: shirt module in OSCommerce
CVE-2012-1058 (Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 ...)
	NOT-FOR-US: Flyspray
CVE-2012-1057 (Cross-site request forgery (CSRF) vulnerability in the clickthrough ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2012-1056 (The Forward module 6.x-1.x before 6.x-1.21 and 7.x-1.x before 7.x-1.3 ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2012-1055 (Heap-based buffer overflow in PhotoLine 17.01 and possibly other ...)
	NOT-FOR-US: PhotoLine
CVE-2012-1054 (Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet ...)
	{DSA-2419-1}
	- puppet 2.7.11-1
CVE-2012-1053 (The change_user method in the SUIDManager ...)
	{DSA-2419-1}
	- puppet 2.7.11-1
CVE-2012-1052 (Buffer overflow in IvanView 1.2.15 allows remote attackers to execute ...)
	NOT-FOR-US: IvanView
CVE-2012-1051 (Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in ...)
	NOT-FOR-US: XnView
CVE-2012-1050 (Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before ...)
	- mathopd <removed> (low; bug #660627)
	[lenny] - mathopd <no-dsa> (Minor issue, configuration specific)
	[squeeze] - mathopd <no-dsa> (Minor issue, configuration specific)
	NOTE: this is only an issue in specific configurations but not in the Debian configuration
CVE-2012-1049 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine ADManager Plus
CVE-2012-1048 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: eFront Community++
CVE-2012-1047 (Directory traversal vulnerability in the WWWHELP Service ...)
	NOT-FOR-US: Cyberoam Central Console
CVE-2012-1046 (Cross-site scripting (XSS) vulnerability in TM1 Web in IBM Cognos TM1 ...)
	NOT-FOR-US: IBM Cognos
CVE-2012-1045
	RESERVED
CVE-2012-1044
	RESERVED
CVE-2012-1043
	RESERVED
CVE-2012-1042
	RESERVED
CVE-2012-1041
	RESERVED
CVE-2012-1040
	RESERVED
CVE-2012-1039 (Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before ...)
	- dotclear 2.4.2+dfsg-1
CVE-2012-1038 (Cross-site scripting (XSS) vulnerability in the WebAAA login ...)
	NOT-FOR-US: Juniper
CVE-2012-1037 (PHP remote file inclusion vulnerability in front/popup.php in GLPI ...)
	- glpi 0.80.7-1 (bug #659383; unimportant)
	[squeeze] - glpi <not-affected> (Introduced in 0.78)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2012-1036 (Cross-site scripting (XSS) vulnerability in the telerik HTML editor in ...)
	NOT-FOR-US: telerik
CVE-2012-1035 (AdaCore Ada Web Services (AWS) before 2.10.2 computes hash values for ...)
	NOT-FOR-US: AdaCore Ada Web Services
CVE-2011-5078 (The web administration interface in the server in Sybase M-Business ...)
	NOT-FOR-US: Sybase
CVE-2012-1034 (Multiple cross-site scripting (XSS) vulnerabilities in the admin ...)
	NOT-FOR-US: EPiServer CMS
CVE-2012-1033 (The resolver in ISC BIND 9 through 9.8.1-P1 overwrites cached server ...)
	- bind9 1:9.8.1.dfsg.P1-4.1 (low)
	[squeeze] - bind9 <no-dsa> (low-severity dns protocol design flaw)
CVE-2012-1032 (Cross-site scripting (XSS) vulnerability in the Euroling SiteSeeker ...)
	NOT-FOR-US: EPiServer CMS module Euroling SiteSeeker
CVE-2012-1031 (Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in ...)
	NOT-FOR-US: EPiServer CMS
CVE-2012-1030 (Cross-site scripting (XSS) vulnerability in DotNetNuke 6.x through ...)
	NOT-FOR-US: DotNetNuke
CVE-2012-1029 (SQL injection vulnerability in mobile/search/index.php in Tube Ace ...)
	NOT-FOR-US: Tube Ace
CVE-2012-1028 (Cross-site scripting (XSS) vulnerability in bin/index.php in ...)
	NOT-FOR-US: SimpleGroupWare
CVE-2012-1027 (Cross-site scripting (XSS) vulnerability in account-closed.tcl in ...)
	NOT-FOR-US: project-open
CVE-2012-1026 (Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 ...)
	NOT-FOR-US: XRay CMS
CVE-2012-1025 (Absolute path traversal vulnerability in file in Enigma2 Webinterface ...)
	NOT-FOR-US: Enigma2
CVE-2012-1024 (Directory traversal vulnerability in file in Enigma2 Webinterface ...)
	NOT-FOR-US: Enigma2
CVE-2012-1023 (Open redirect vulnerability in admin/index.php in 4images 1.7.10 ...)
	NOT-FOR-US: 4images
CVE-2012-1022 (SQL injection vulnerability in admin/categories.php in 4images 1.7.10 ...)
	NOT-FOR-US: 4images
CVE-2012-1021 (Cross-site scripting (XSS) vulnerability in admin/categories.php in ...)
	NOT-FOR-US: 4images
CVE-2012-1020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: NexorONE Online Banking
CVE-2012-1019 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki ...)
	NOT-FOR-US: Xwiki Enterprise
CVE-2012-1018 (Cross-site scripting (XSS) vulnerability in includes/convert.php in ...)
	NOT-FOR-US: Joomla addon
CVE-2012-1017 (Multiple SQL injection vulnerabilities in base_qry_main.php in Basic ...)
	- acidbase <removed> (low; bug #659287)
	[squeeze] - acidbase <no-dsa> (Minor issue)
CVE-2012-1016 (The pkinit_server_return_padata function in ...)
	- krb5 1.10.1+dfsg-4+nmu1 (bug #702633)
	[squeeze] - krb5 <not-affected> (introduced upstream with 3725d22140c23a376dd79b69d130be8e2b91005f, not affecting 1.8.x)
CVE-2012-1015 (The kdc_handle_protected_negotiation function in the Key Distribution ...)
	{DSA-2518-1}
	- krb5 1.10.1+dfsg-2 (bug #683429)
	NOTE: http://seclists.org/bugtraq/2012/Jul/171
CVE-2012-1014 (The process_as_req function in the Key Distribution Center (KDC) in ...)
	{DSA-2518-1}
	- krb5 1.10.1+dfsg-2 (bug #683429)
	NOTE: http://seclists.org/bugtraq/2012/Jul/171
CVE-2012-1013 (The check_1_6_dummy function in lib/kadm5/srv/svr_principal.c in ...)
	- krb5 1.10.1+dfsg-3 (low; bug #687647)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	NOTE: DoS only triggered by clients with admin permissions
CVE-2012-1012 (server/server_stubs.c in the kadmin protocol implementation in MIT ...)
	- krb5 1.10.1+dfsg-1 (bug #670918)
	[squeeze] - krb5 <not-affected> (vulnerable code not present)
	NOTE: bug was introduced in krb5 1.10
CVE-2012-1011 (actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows ...)
	NOT-FOR-US: Wordpress plugin
CVE-2012-1010 (Unrestricted file upload vulnerability in actions.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-5077 (Unrestricted file upload vulnerability in attachement.php in HDWiki ...)
	NOT-FOR-US: HDWiki
CVE-2011-5076 (SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, ...)
	NOT-FOR-US: HDWiki
CVE-2012-1009 (NetSarang Xlpd 4 Build 0100 and NetSarang Xmanager Enterprise 4 Build ...)
	NOT-FOR-US: NetSarang
CVE-2012-1008 (OfficeSIP Server 3.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OfficeSIP Server
CVE-2012-1007 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
	- libstruts1.2-java <removed> (unimportant; bug #657870)
	NOTE: Just examples
CVE-2012-1006 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2012-1005 (Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software ...)
	NOT-FOR-US: Sphinx Software Mobile Web Server
CVE-2012-1004 (Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm ...)
	- foswiki <itp> (bug #509864)
CVE-2012-1003 (Multiple integer overflows in Opera 11.60 and earlier allow remote ...)
	NOT-FOR-US: Opera
CVE-2002-2483
	- linux-2.6 2.4.20
CVE-2012-1002 (SQL injection vulnerability in author/edit.php in OpenConf 4.x before ...)
	NOT-FOR-US: OpenConf
CVE-2012-1001
	RESERVED
CVE-2012-1000 (Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 ...)
	NOT-FOR-US: LEPTON
CVE-2012-0999 (SQL injection vulnerability in modules/news/rss.php in LEPTON before ...)
	NOT-FOR-US: LEPTON
CVE-2012-0998 (Directory traversal vulnerability in account/preferences.php in LEPTON ...)
	NOT-FOR-US: LEPTON
CVE-2012-0997 (Cross-site request forgery (CSRF) vulnerability in admin/index.php in ...)
	NOT-FOR-US: 11in1
CVE-2012-0996 (Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable ...)
	NOT-FOR-US: 11in1
CVE-2012-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 ...)
	NOT-FOR-US: ZENphoto
CVE-2012-0994 (SQL injection vulnerability in the Manage Albums feature in ...)
	NOT-FOR-US: ZENphoto
CVE-2012-0993 (Eval injection vulnerability in ...)
	NOT-FOR-US: ZENphoto
CVE-2012-0992 (interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote ...)
	NOT-FOR-US: OpenEMR
CVE-2012-0991 (Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow ...)
	NOT-FOR-US: OpenEMR
CVE-2012-0990 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: DClassifieds
CVE-2012-0989 (Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2012-0988 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: KnowledgeTree
CVE-2012-0987 (Directory traversal vulnerability in edituser.php in ImpressCMS 1.2.x ...)
	NOT-FOR-US: ImpressCMS
CVE-2012-0986 (Multiple cross-site scripting (XSS) vulnerabilities in ImpressCMS ...)
	NOT-FOR-US: ImpressCMS
CVE-2012-0985 (Multiple buffer overflows in the Wireless Manager ActiveX control ...)
	NOT-FOR-US: Sony VAIO wireless LAN management ActiveX
CVE-2012-0984 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS before ...)
	NOT-FOR-US: Xoops
CVE-2012-0983 (SQL injection vulnerability in Scriptsez.net Ez Album allows remote ...)
	NOT-FOR-US: Ez Album
CVE-2012-0982 (SQL injection vulnerability in search.php in Vastal I-Tech Agent Zone ...)
	NOT-FOR-US: Vastal I-Tech Agent Zone
CVE-2012-0981 (Directory traversal vulnerability in phpShowtime 2.0 allows remote ...)
	NOT-FOR-US: phpShowtime
CVE-2012-0980 (SQL injection vulnerability in download.php in phux Download Manager ...)
	NOT-FOR-US: phux.org Download Manager
CVE-2012-0979 (Cross-site scripting (XSS) vulnerability in TWiki allows remote ...)
	- twiki <removed>
CVE-2012-0978 (Stack-based buffer overflow in npjp2.dll in LuraWave JP2 Browser ...)
	NOT-FOR-US: LuraWave JP2 Browser Plug-In
CVE-2012-0977 (Stack-based buffer overflow in jp2_x.dll in LuraWave JP2 ActiveX ...)
	NOT-FOR-US: LuraWave JP2 ActiveX Control
CVE-2012-0976 (Cross-site scripting (XSS) vulnerability in admin/EditForm in ...)
	- silverstripe <itp> (bug #528461)
CVE-2012-0975 (Cross-site scripting (XSS) vulnerability in misc.php in Image Hosting ...)
	NOT-FOR-US: Image Hosting Script DPI
CVE-2012-0974 (Multiple cross-site scripting (XSS) vulnerabilities in the getParam ...)
	NOT-FOR-US: OSClass
CVE-2012-0973 (Multiple SQL injection vulnerabilities in OSClass before 2.3.5 allow ...)
	NOT-FOR-US: OSClass
CVE-2012-0972
	REJECTED
CVE-2012-0971
	REJECTED
CVE-2012-0970
	REJECTED
CVE-2012-0969
	REJECTED
CVE-2012-0968
	REJECTED
CVE-2012-0967
	REJECTED
CVE-2012-0966
	REJECTED
CVE-2012-0965
	REJECTED
CVE-2012-0964
	REJECTED
CVE-2012-0963
	REJECTED
CVE-2012-0962 (Aptdaemon 0.43 in Ubuntu 11.10 and 12.04 LTS uses short IDs when ...)
	- aptdaemon 0.45-2 (low)
	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/software-center-agent/+bug/1052789
CVE-2012-0961 (Apt 0.8.16~exp5ubuntu13.x before 0.8.16~exp5ubuntu13.6, ...)
	- apt 0.9.7.7 (bug #695832)
	[squeeze] - apt <not-affected> (Logged as 0600 in Squeeze)
CVE-2012-0960 (Unity integration extension (unity-firefox-extension) before 2.4.1 for ...)
	NOT-FOR-US: Ubuntu Unity extension
CVE-2012-0959 (Remote Login Service (RLS) 1.0.0 does not properly clear account ...)
	NOT-FOR-US: Ubuntu remote login service
CVE-2012-0958 (content/unity-api.js in the unity-firefox-extension extension 2.4.1 ...)
	NOT-FOR-US: Firefox unity-firefox extension
CVE-2012-0957 (The override_release function in kernel/sys.c in the Linux kernel ...)
	- linux 3.2.32-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Introduced in 3.0)
	NOTE: https://lkml.org/lkml/2012/10/9/550
CVE-2012-0956 (ubiquity-slideshow-ubuntu before 58.2, during installation, allows ...)
	NOT-FOR-US: ubiquity-slideshow-ubuntu
CVE-2012-0955
	RESERVED
CVE-2012-0954 (APT 0.7.x before 0.7.25 and 0.8.x before 0.8.16, when using the ...)
	- apt 0.7.25 (unimportant)
	NOTE: net-update is not enabled by default in Debian
CVE-2012-0953
	RESERVED
CVE-2012-0952
	RESERVED
CVE-2012-0951
	RESERVED
CVE-2012-0950 (The Apport hook (DistUpgradeApport.py) in Update Manager, as used by ...)
	- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0949 (The Apport hook in Update Manager as used by Ubuntu 12.04 LTS, 11.10, ...)
	- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0948 (DistUpgrade/DistUpgradeMain.py in Update Manager, as used by Ubuntu ...)
	- update-manager <not-affected> (Ubuntu-specific)
CVE-2012-0947 (Heap-based buffer overflow in the vqa_decode_chunk function in the VQA ...)
	{DSA-2471-1}
	- libav 6:0.8.2-1
	- ffmpeg 7:2.4.1-1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/libav/+bug/980963
	NOTE: http://www.openwall.com/lists/oss-security/2012/05/03/4
CVE-2012-0946 (The NVIDIA UNIX driver before 295.40 allows local users to access ...)
	- nvidia-graphics-drivers 295.40-1
	[squeeze] - nvidia-graphics-drivers 195.36.31-6squeeze1
CVE-2012-0945
	RESERVED
CVE-2012-0944 (Aptdaemon 0.43 and earlier in Ubuntu 11.04, 11.10, and 12.04 LTS does ...)
	- aptdaemon 0.43+bzr790-1
	[squeeze] - aptdaemon <not-affected> (Vulnerable code not present)
CVE-2012-0943 (debian/guest-account in Light Display Manager (lightdm) 1.0.x before ...)
	- lightdm <not-affected> (Ubuntu-specific script)
CVE-2012-0942 (Buffer overflow in rn5auth.dll in RealNetworks Helix Server and Helix ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2012-0941 (Multiple cross-site scripting (XSS) vulnerabilities in Fortinet ...)
	NOT-FOR-US: Fortinet
CVE-2012-0940
	RESERVED
CVE-2012-0939 (Multiple SQL injection vulnerabilities in TestLink 1.8.5b and earlier ...)
	NOT-FOR-US: TestLink
CVE-2012-0938 (Multiple SQL injection vulnerabilities in TestLink 1.9.3, 1.8.5b, and ...)
	NOT-FOR-US: TestLink
CVE-2012-0937 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
CVE-2012-0936 (Cross-site scripting (XSS) vulnerability in ...)
	- opennms <itp> (bug #450615)
CVE-2012-0935 (SQL injection vulnerability in Default.aspx in Aryadad CMS allows ...)
	NOT-FOR-US: Aryadad CMS
CVE-2012-0934 (PHP remote file inclusion vulnerability in ajax/savetag.php in the ...)
	NOT-FOR-US: Wordpress plug-in
CVE-2012-0933 (Multiple cross-site scripting (XSS) vulnerabilities in Acidcat CMS ...)
	NOT-FOR-US: Acidcat CMS
CVE-2012-0932 (Cross-site scripting (XSS) vulnerability in admin/login.php in Lead ...)
	NOT-FOR-US: Lead Capture Page System
CVE-2012-0931 (Schneider Electric Modicon Quantum PLC does not perform authentication ...)
	NOT-FOR-US: Schneider Electric Modicon Quantum PLC
CVE-2012-0930 (Cross-site scripting (XSS) vulnerability in Schneider Electric Modicon ...)
	NOT-FOR-US: Schneider Electric Modicon Quantum PLC
CVE-2012-0929 (Multiple buffer overflows in Schneider Electric Modicon Quantum PLC ...)
	NOT-FOR-US: Schneider Electric Modicon Quantum PLC
CVE-2012-0928 (The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0927 (Unspecified vulnerability in RealNetworks RealPlayer 11.x, 14.x, and ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0926 (The RV10 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0925 (Unspecified vulnerability in the RV40 codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0924 (RealNetworks RealPlayer 11.x, 14.x, and 15.x before 15.02.71, and ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0923 (The RV20 codec in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...)
	NOT-FOR-US: RealPlayer
CVE-2012-0922 (rvrender.dll in RealNetworks RealPlayer 11.x, 14.x, and 15.x before ...)
	NOT-FOR-US: RealPlayer
CVE-2011-5075 (translate.php in Support Incident Tracker (aka SiT!) 3.45 through 3.65 ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5074 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5073 (Multiple cross-site scripting (XSS) vulnerabilities in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5072 (Multiple SQL injection vulnerabilities in Support Incident Tracker ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5071 (Multiple SQL injection vulnerabilities in Support Incident Tracker ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5070 (Multiple cross-site scripting (XSS) vulnerabilities in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5069 (Unrestricted file upload vulnerability in incident_attachments.php in ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5068 (Multiple cross-site request forgery (CSRF) vulnerabilities in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-5067 (move_uploaded_file.php in Support Incident Tracker (aka SiT!) 3.65 ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2012-0921
	RESERVED
CVE-2012-0920 (Use-after-free vulnerability in Dropbear SSH Server 0.52 through ...)
	{DSA-2456-1}
	- dropbear 2012.55-1 (low; bug #661150)
	NOTE: this is limited to authenticated users with enforced command restrictions
CVE-2012-0919 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
	NOT-FOR-US: Hitachi IT Operations Director
CVE-2012-0918 (Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net ...)
	NOT-FOR-US: Hitachi
CVE-2012-0917 (Cross-site scripting (XSS) vulnerability in Hitachi IT Operations ...)
	NOT-FOR-US: Hitachi IT Operations Analyzer
CVE-2012-0916 (Heap-based buffer overflow in RenRen Talk 2.9 allows remote attackers ...)
	NOT-FOR-US: RenRen Talk
CVE-2012-0915 (Integer signedness error in RenRen Talk 2.9 allows remote attackers to ...)
	NOT-FOR-US: RenRen Talk
CVE-2012-0914 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: admin view in the Panels module for Drupal
CVE-2012-0913 (SQL injection vulnerability in checklogin.aspx in ICloudCenter ...)
	NOT-FOR-US: ICloudCenter ICTimeAttendance
CVE-2012-0912 (SQL injection vulnerability in Stoneware webNetwork before 6.0.8.0 ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-0911 (TikiWiki CMS/Groupware before 6.7 LTS and before 8.4 allows remote ...)
	- tikiwiki <removed>
	NOTE: http://seclists.org/bugtraq/2012/Jul/19
CVE-2012-0910
	RESERVED
CVE-2012-0909 (Cross-site scripting (XSS) vulnerability in Horde_Form in Horde ...)
	- horde3 3.3.12+debian0-2.2 (low)
	[squeeze] - horde3 <no-dsa> (Minor issue)
CVE-2012-0907 (Directory traversal vulnerability in the web player in NeoAxis NeoAxis ...)
	NOT-FOR-US: NeoAxis NeoAxis web player
CVE-2012-0906 (SQL injection vulnerability in the Moviebase addon for deV!L'z ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2012-0905 (SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2012-0904 (VLC media player 1.1.11 allows remote attackers to cause a denial of ...)
	- vlc <not-affected> (not reproducible, no public fix from the vlc team either)
CVE-2012-0903 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Desktop ...)
	NOT-FOR-US: Zimbra Desktop
CVE-2012-0902 (AirTies Air 4450 1.1.2.18 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AirTies Air
CVE-2012-0901 (Cross-site scripting (XSS) vulnerability in yousaytoo.php in YouSayToo ...)
	NOT-FOR-US: YouSayToo auto-publishing plugin for WordPress
CVE-2012-0900 (Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum ...)
	NOT-FOR-US: Beehive Forum
CVE-2012-0899 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Annuaire PHP
CVE-2012-0898 (Directory traversal vulnerability in meb_download.php in the ...)
	NOT-FOR-US: myEASYbackup plugin for WordPress
CVE-2012-0897 (Stack-based buffer overflow in the JPEG2000 plugin in IrfanView ...)
	NOT-FOR-US: IrfanView PlugIns
CVE-2012-0896 (Absolute path traversal vulnerability in download.php in the Count Per ...)
	NOT-FOR-US: Count Per Day module for WordPress
CVE-2012-0895 (Cross-site scripting (XSS) vulnerability in map/map.php in the Count ...)
	NOT-FOR-US: Count Per Day module for WordPress
CVE-2012-0894
	RESERVED
CVE-2012-0893
	RESERVED
CVE-2012-0892
	RESERVED
CVE-2012-0891 (Multiple cross-site scripting (XSS) vulnerabilities in Puppet ...)
	NOT-FOR-US: puppet-dashboard
CVE-2012-0890
	RESERVED
CVE-2012-0889
	RESERVED
CVE-2012-0888
	RESERVED
CVE-2012-0887
	RESERVED
CVE-2012-0886
	RESERVED
CVE-2012-0908 (Cross-site scripting (XSS) vulnerability in logout.php in ...)
	{DSA-2387-1}
	- simplesamlphp 1.8.2-1
	NOTE: http://code.google.com/p/simplesamlphp/issues/detail?id=468
CVE-2012-0884 (The implementation of Cryptographic Message Syntax (CMS) and PKCS #7 ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1 (low)
	NOTE: "If a Linux distribution picks up the fix for CVE-2012-0884 then they will want to pick up change 22161 at the same time" -- http://www.openwall.com/lists/oss-security/2012/03/23/12
CVE-2012-0883 (envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 ...)
	- apache2 <not-affected> (LD_LIBRARY_PATH not set in debian package)
CVE-2012-0882 (Buffer overflow in yaSSL, as used in MySQL 5.5.20 and possibly other ...)
	- mysql-5.5 5.5.22 (bug #675872)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: limited information about issue, only a video of exploit taking place
CVE-2012-0881 (Apache Xerces2 Java allows remote attackers to cause a denial of ...)
	- libxerces2-java <unfixed> (unimportant)
	NOTE: Negligable impact for Xerces
CVE-2012-0880 (Apache Xerces-C++ allows remote attackers to cause a denial of service ...)
	- xerces-c <unfixed> (unimportant)
	NOTE: Negligable impact for Xerces
CVE-2012-0879 (The I/O implementation for block devices in the Linux kernel before ...)
	{DSA-2469-1}
	- linux-2.6 2.6.33-1
CVE-2012-0878 (Paste Script 1.7.5 and earlier does not properly set group memberships ...)
	- pastescript 1.7.5-2 (low; bug #661061)
	[squeeze] - pastescript <no-dsa> (Minor issue)
	NOTE: https://groups.google.com/d/topic/paste-users/KqZRujMcJHE/discussion
CVE-2012-0877 [hash table collisions CPU usage DoS]
	RESERVED
	- python-xml <removed>
CVE-2012-0876 (The XML parser (xmlparse.c) in expat before 2.1.0 computes hash values ...)
	{DSA-2525-1}
	- expat 2.1.0~beta3-1 (bug #663579)
	- xmlrpc-c 1.16.33-3.2 (low; bug #687672)
	[squeeze] - xmlrpc-c <no-dsa> (Minor issue)
	- python2.6 <not-affected> (configured with --with-system-expat since 2.6.6-4)
CVE-2012-0875 (SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged ...)
	- systemtap 1.7-1 (low; bug #660929; bug #660886)
	[squeeze] - systemtap <not-affected> (Vulnerable code not present)
	[lenny] - systemtap <not-affected> (Vulnerable code not present)
CVE-2012-0874 (The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2012-0873 (Multiple cross-site scripting (XSS) vulnerabilities in Boonex Dolphin ...)
	NOT-FOR-US: Boonex Dolphin
CVE-2012-0872 (Multiple cross-site scripting (XSS) vulnerabilities in OxWall 1.1.1 ...)
	NOT-FOR-US: OxWall
CVE-2012-0871 (The session_link_x11_socket function in login/logind-session.c in ...)
	- systemd 43-1
CVE-2012-0870 (Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used ...)
	- samba 2:3.4.0~pre1-1
	[lenny] - samba <not-affected> (pre-release issue)
	[squeeze] - samba <not-affected> (pre-release issue)
CVE-2012-0868 (CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before ...)
	{DSA-2418-1}
	- postgresql-9.1 9.1.3-1
	- postgresql-8.4 8.4.11-1
CVE-2012-0867 (PostgreSQL 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before ...)
	{DSA-2418-1}
	- postgresql-9.1 9.1.3-1
	- postgresql-8.4 8.4.11-1
CVE-2012-0866 (CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, ...)
	{DSA-2418-1}
	- postgresql-9.1 9.1.3-1
	- postgresql-8.4 8.4.11-1
CVE-2012-0865 (Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier ...)
	NOT-FOR-US: CubeCart
CVE-2012-0864 (Integer overflow in the vfprintf function in stdio-common/vfprintf.c ...)
	- eglibc 2.13-31 (low; bug #660611)
	[squeeze] - eglibc 2.11.3-4
CVE-2012-0863 (Mumble 1.2.3 and earlier uses world-readable permissions for ...)
	{DSA-2411-1}
	- mumble 1.2.3-3 (bug #659039)
CVE-2012-0862 (builtins.c in Xinetd before 2.3.15 does not check the service type ...)
	- xinetd 1:2.3.14-7.1 (bug #672381)
	[squeeze] - xinetd <no-dsa> (Minor issue)
CVE-2012-0861 (The vds_installer in Red Hat Enterprise Virtualization Manager ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0860 (Multiple untrusted search path vulnerabilities in Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Enterprise Virtualisation
CVE-2012-0859 (The render_line function in the vorbis codec (vorbis.c) in libavcodec ...)
	{DSA-2471-1}
	- libav 6:0.8.3-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg 4:0.5.10-1 (bug #688849)
CVE-2012-0858 (The Shorten codec (shorten.c) in libavcodec in FFmpeg 0.7.x before ...)
	{DSA-2624-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.2.1-1
	[squeeze] - ffmpeg 4:0.5.9-1
CVE-2012-0857 (Multiple buffer overflows in the get_qcx function in the J2K decoder ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0856 (Heap-based buffer overflow in the MPV_frame_start function in ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0855 (Heap-based buffer overflow in the get_sot function in the J2K decoder ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0854 (The dpcm_decode_frame function in libavcodec/dpcm.c in FFmpeg before ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0853 (The decodeTonalComponents function in the Actrac3 codec (atrac3.c) in ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2012-0852 (The adpcm_decode_frame function in adpcm.c in libavcodec in FFmpeg ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2012-0851 (The ff_h264_decode_seq_parameter_set function in h264_ps.c in ...)
	{DSA-2494-1}
	- libav 6:0.8.3-1
	- ffmpeg 7:2.4.1-1
CVE-2012-0850 (The sbr_qmf_synthesis function in libavcodec/aacsbr.c in FFmpeg before ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0849 (Integer overflow in the ff_j2k_dwt_init function in ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0848 (Heap-based buffer overflow in the ws_snd_decode_frame function in ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Code in 0.5 not affected per upstream)
CVE-2012-0847 (Heap-based buffer overflow in the avfilter_filter_samples function in ...)
	- libav <not-affected> (Vulnerable code not present)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2012-0846 (Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar ...)
	- webcalendar <removed>
CVE-2012-0845 (SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, ...)
	{DLA-25-1}
	- python3.1 <removed> (low)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3~rc1-1
	- python2.7 2.7.3~rc1-1
	- python2.6 2.6.8-0.1
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
CVE-2012-0844
	RESERVED
	- netsurf 2.8-2 (bug #659376)
CVE-2012-0843
	RESERVED
	- uzbl 0.0.0~git.20111128-2 (bug #659379)
	[squeeze] - uzbl <no-dsa> (Minor issue)
CVE-2012-0842 [surf info leak]
	RESERVED
	- surf 0.4.1-6 (bug #659296)
CVE-2012-0841 (libxml2 before 2.8.0 computes hash values without restricting the ...)
	{DSA-2417-1}
	- libxml2 2.7.8.dfsg-8 (bug #660846)
CVE-2012-0840 (tables/apr_hash.c in the Apache Portable Runtime (APR) library through ...)
	- apr 1.4.6-1 (low; bug #655435)
	[squeeze] - apr <no-dsa> (exploitability in httpd extremely limited, not known to be exploitable in svn)
	NOTE: Commit http://mail-archives.apache.org/mod_mbox/apr-commits/201201.mbox/%3C20120115003715.071D423888FD@eris.apache.org%3E seems to cause regressions
CVE-2012-0839 (OCaml 3.12.1 and earlier computes hash values without restricting the ...)
	- ocaml 4.00.0~beta2-1 (low; bug #659149)
	[wheezy] - ocaml <no-dsa> (Minor issue)
	[squeeze] - ocaml <no-dsa> (Minor issue)
CVE-2012-0838 (Apache Struts 2 before 2.2.3.1 evaluates a string as an OGNL ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2012-0837 (Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to ...)
	NOT-FOR-US: Joomla
CVE-2012-0836 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows ...)
	NOT-FOR-US: Joomla
CVE-2012-0835 (Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 and 2.5.x ...)
	NOT-FOR-US: Joomla
CVE-2012-0834 (Cross-site scripting (XSS) vulnerability in lib/QueryRender.php in ...)
	- phpldapadmin 1.2.2-1 (low; bug #658907)
	[squeeze] - phpldapadmin <no-dsa> (Minor issue)
CVE-2012-0833 (The acllas__handle_group_entry function in ...)
	- 389-ds-base <not-affected> (Fixed before initial upload)
CVE-2012-0832
	RESERVED
CVE-2012-0831 (PHP before 5.3.10 does not properly perform a temporary change to the ...)
	{DSA-2408-1}
	- php5 5.3.10-1
CVE-2012-0830 (The php_register_variable_ex function in php_variables.c in PHP 5.3.9 ...)
	{DSA-2403-1}
	- php5 5.3.10-1
	NOTE: http://thexploit.com/sec/critical-php-remote-vulnerability-introduced-in-fix-for-php-hashtable-collision-dos/
CVE-2012-0829 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mibew ...)
	NOT-FOR-US: Mibew Messenger
CVE-2012-0828
	RESERVED
	- xchat <not-affected> (Only affects Xchat on Windows and Maemo)
CVE-2012-0827 (The File module in Drupal 7.x before 7.11, when using unspecified ...)
	- drupal7 7.11-1
	- drupal6 <not-affected>
CVE-2012-0826 (Cross-site request forgery (CSRF) vulnerability in the Aggregator ...)
	{DSA-2776-1}
	- drupal7 7.11-1
	- drupal6 6.26-1
CVE-2012-0825 (Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that ...)
	{DSA-2776-1}
	- drupal7 7.11-1
	- drupal6 6.26-1
CVE-2012-0824
	RESERVED
	- gnusound <removed> (low; bug #654270)
	[squeeze] - gnusound 0.7.5-3+squeeze1
CVE-2012-0823 (VP8 Codec SDK (libvpx) before 1.0.0 &quot;Duclair&quot; allows remote attackers ...)
	- libvpx 1.0.0-1
	[squeeze] - libvpx <not-affected> (Introduced in 0.9.7)
	NOTE: http://blog.webmproject.org/2012/01/vp8-codec-sdk-duclair-released.html
CVE-2012-0822 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6 and 1.7.x ...)
	NOT-FOR-US: Joomla
CVE-2012-0821 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
	NOT-FOR-US: Joomla
CVE-2012-0820 (Cross-site scripting (XSS) vulnerability in Joomla! 1.6.x and 1.7.x ...)
	NOT-FOR-US: Joomla
CVE-2012-0819 (Unspecified vulnerability in Joomla! 1.6.x and 1.7.x before 1.7.4 ...)
	NOT-FOR-US: Joomla
CVE-2012-0818 (RESTEasy before 2.3.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: RESTEasy framework for JBoss
CVE-2012-0817 (Memory leak in smbd in Samba 3.6.x before 3.6.3 allows remote ...)
	- samba 2:3.6.3-1 (low)
	- samba4 4.0.0~alpha18.dfsg1-1
	[squeeze] - samba <not-affected> (Only affects 3.6.x)
	[lenny] - samba <not-affected> (Only affects 3.6.x)
CVE-2012-0816
	RESERVED
CVE-2012-0815 (The headerVerifyInfo function in lib/header.c in RPM before 4.9.1.3 ...)
	{DLA-140-1}
	- rpm 4.9.1.3-1 (bug #667031)
	[squeeze] - rpm <no-dsa> (Minor issue)
CVE-2012-0814 (The auth_parse_options function in auth-options.c in sshd in OpenSSH ...)
	- openssh 1:5.6p1-1 (low; bug #657445)
	[squeeze] - openssh 1:5.5p1-6+squeeze2
CVE-2012-0813 (Wicd before 1.7.1 saves sensitive information in log files in ...)
	- wicd 1.7.1~b3-4 (unimportant; bug #652417)
	NOTE: Not a security issue per se, logfile only accessible by root:adm
CVE-2012-0812 [PostfixAdmin 2.3.4 multiple XSS vulnerabilities]
	RESERVED
	- postfixadmin 2.3.5-1
	NOTE: http://seclists.org/oss-sec/2012/q1/285
CVE-2012-0811 (Multiple SQL injection vulnerabilities in Postfix Admin (aka ...)
	- postfixadmin 2.3.5-1
	NOTE: http://seclists.org/oss-sec/2012/q1/285
CVE-2012-0810
	RESERVED
	- linux-2.6 3.2.16-1 (bug #672660)
	[squeeze] - linux-2.6 <not-affected> (rt patchset not yet present)
	NOTE: Ben Hutchings said it was fixed in 3.2.9-1, I checked it for 3.2.16-1
CVE-2012-0809 (Format string vulnerability in the sudo_debug function in Sudo 1.8.0 ...)
	- sudo 1.8.3p2-1 (bug #657985)
	[squeeze] - sudo <not-affected> (Vulnerable code not present)
	[lenny] - sudo <not-affected> (Vulnerable code not present)
CVE-2012-0808 (as31 2.3.1-4 does not seed the random number generator and generates ...)
	- as31 2.3.1-5 (bug #655496)
	[squeeze] - as31 <no-dsa> (The maintainer consider it a minor issue. Check comments in the bug report)
CVE-2012-0807 (Stack-based buffer overflow in the suhosin_encrypt_single_cookie ...)
	- php-suhosin 0.9.33-1 (low; bug #657190)
	[squeeze] - php-suhosin <no-dsa> (Exploitable in rare setups)
	NOTE: https://github.com/stefanesser/suhosin/commit/73b1968ee30f6d9d2dae497544b910e68e114bfa
CVE-2012-0806 (Buffer overflow in Bip 0.8.8 and earlier might allow remote ...)
	{DSA-2393-1}
	- bip 0.8.8-2 (bug #657217)
	[lenny] - bip <not-affected> (Maintainer reports vulnerable code not present)
CVE-2012-0805 (Multiple SQL injection vulnerabilities in SQLAlchemy before 0.7.0b4, ...)
	{DSA-2449-1}
	- sqlalchemy 0.6.7-1
CVE-2012-0804 (Heap-based buffer overflow in the proxy_connect function in ...)
	{DSA-2407-1}
	- cvs 2:1.12.13+real-7
CVE-2012-0803 (The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows ...)
	NOT-FOR-US: Apache CXF
CVE-2012-0802 (Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote ...)
	NOT-FOR-US: spamdyke
CVE-2012-0801 (lib/formslib.php in Moodle 2.1.x before 2.1.4 and 2.2.x before 2.2.1 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0800 (The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0799 (Moodle 2.0.x before 2.0.7 and 2.1.x before 2.1.4, when an anonymous ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0798 (The self-enrolment functionality in Moodle 2.1.x before 2.1.4 and ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0797 (The webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2012-0796 (class.phpmailer.php in the PHPMailer library, as used in Moodle 1.9.x ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0795 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0794 (The rc4encrypt function in lib/moodlelib.php in Moodle 1.9.x before ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0793 (Moodle 1.9.x before 1.9.16, 2.0.x before 2.0.7, 2.1.x before 2.1.4, ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0792 (mod/forum/user.php in Moodle 1.9.x before 1.9.16 allows remote ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2012-0791 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...)
	{DSA-2485-1}
	- imp4 4.3.10+debian0-1.1 (bug #659392)
CVE-2012-0790 (Cross-site scripting (XSS) vulnerability in smokeping_cgi in Smokeping ...)
	{DSA-2651-1}
	- smokeping 2.6.8-2 (bug #659899)
CVE-2012-0789 (Memory leak in the timezone functionality in PHP before 5.3.9 allows ...)
	- php5 5.3.9-1 (low)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport)
CVE-2012-0788 (The PDORow implementation in PHP before 5.3.9 does not properly ...)
	{DSA-2408-1}
	- php5 5.3.9-1
CVE-2012-0787 (The clone_file function in transfer.c in Augeas before 1.0.0, when ...)
	{DLA-28-1}
	- augeas 1.0.0-1 (low; bug #731132)
	[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2012-0786 (The transform_save function in transform.c in Augeas before 1.0.0 ...)
	{DLA-28-1}
	- augeas 1.0.0-1 (low; bug #731132)
	[wheezy] - augeas <no-dsa> (Minor issue)
CVE-2012-0885 (chan_sip.c in Asterisk Open Source 1.8.x before 1.8.8.2 and 10.x ...)
	- asterisk 1:1.8.8.2~dfsg-1 (bug #656596)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: AST-2012-001 http://downloads.asterisk.org/pub/security/AST-2012-001.html
CVE-2012-0784
	RESERVED
CVE-2012-0783
	RESERVED
CVE-2012-0782 (** DISPUTED ** Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2012-0781 (The tidy_diagnose function in PHP 5.3.8 might allow remote attackers ...)
	{DSA-2408-1}
	- php5 5.3.9-1 (low)
CVE-2012-0780 (Adobe Illustrator before CS6 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2012-0779 (Adobe Flash Player before 10.3.183.19 and 11.x before 11.2.202.235 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0778 (Buffer overflow in Adobe Flash Professional before CS6 allows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0777 (The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0776 (The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0775 (The JavaScript implementation in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0774 (Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2012-0773 (The NetStream class in Adobe Flash Player before 10.3.183.18 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0772 (An unspecified ActiveX control in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0771 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0770 (Adobe ColdFusion 8.0, 8.0.1, 9.0, and 9.0.1 computes hash values for ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2012-0769 (Adobe Flash Player before 10.3.183.16 and 11.x before 11.1.102.63 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0768 (The Matrix3D component in Adobe Flash Player before 10.3.183.16 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0767 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0766 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0765 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0764 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0763 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0762 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0761 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0760 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0759 (Adobe Shockwave Player before 11.6.4.634 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0758 (Heap-based buffer overflow in Adobe Shockwave Player before 11.6.4.634 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0757 (The Shockwave 3D Asset component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2012-0756 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0755 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0754 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0753 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0752 (Adobe Flash Player before 10.3.183.15 and 11.x before 11.1.102.62 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0751 (The ActiveX control in Adobe Flash Player before 10.3.183.15 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0750
	RESERVED
CVE-2012-0749
	RESERVED
CVE-2012-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2012-0747 (SQL injection vulnerability in IBM Maximo Asset Management 6.2 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0746 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0745 (The getpwnam function in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.1.0.10 ...)
	NOT-FOR-US: IBM AIX
CVE-2012-0744 (IBM Rational ClearQuest 7.1.x through 7.1.2.7 and 8.x through 8.0.0.3 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-0743 (IBM Tivoli Directory Server (TDS) 6.3 and earlier allows remote ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0742 (IBM Tivoli Event Pump 4.2.2, when the LOG_REQUESTS and ...)
	NOT-FOR-US: IBM Tivoli Event Pump
CVE-2012-0741 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy ...)
	NOT-FOR-US: (IBM Security AppScan Enterprise
CVE-2012-0740 (Cross-site scripting (XSS) vulnerability in the Web Admin Tool in IBM ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0739
	RESERVED
CVE-2012-0738 (IBM Security AppScan Enterprise before 8.6.0.2 and Rational Policy ...)
	NOT-FOR-US: (IBM Security AppScan Enterprise
CVE-2012-0737 (Cross-site scripting (XSS) vulnerability in IBM Rational AppScan ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0736 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0735 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0734 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0733 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1, when ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0732 (The Enterprise Console client in IBM Rational AppScan Enterprise 5.x ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0731 (IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 does not ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0730 (Multiple cross-site request forgery (CSRF) vulnerabilities in IBM ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0729 (Unrestricted file upload vulnerability in IBM Rational AppScan ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2012-0728 (SQL injection vulnerability in IBM Maximo Asset Management 7.1 through ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0727 (SQL injection vulnerability in IBM Maximo Asset Management 7.5, as ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0726 (The default configuration of TLS in IBM Tivoli Directory Server (TDS) ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2012-0725 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0724 (Adobe Flash Player before 11.2.202.229 in Google Chrome before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2012-0723 (The kernel in IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.2.1.4-FP-25 SP-02, ...)
	NOT-FOR-US: IBM AIX, VIOS
CVE-2012-0721
	RESERVED
CVE-2012-0720 (Cross-site scripting (XSS) vulnerability in the Integration Solution ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2012-0719 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Endpoint ...)
	NOT-FOR-US: IBM Tivoli Endpoint Manager
CVE-2012-0718
	RESERVED
CVE-2012-0717 (IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0716 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0715 (Cross-site scripting (XSS) vulnerability in the Gantt applet viewer in ...)
	NOT-FOR-US: IBM Tivoli Change and Configuration Management Database
CVE-2012-0714 (Cross-site request forgery (CSRF) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2012-0713 (Unspecified vulnerability in the XML feature in IBM DB2 9.7 before FP6 ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0712 (The XML feature in IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0711 (Integer signedness error in the db2dasrrm process in the DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0710 (IBM DB2 9.1 before FP11, 9.5 before FP9, 9.7 before FP5, and 9.8 ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0709 (IBM DB2 9.5 before FP9, 9.7 through FP5, and 9.8 through FP4 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2012-0708 (Heap-based buffer overflow in the Ole API in the CQOle ActiveX control ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2012-0707 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi ...)
	NOT-FOR-US: IBM WebSphere
CVE-2012-0706 (IBM Scale Out Network Attached Storage (SONAS) 1.3 before 1.3.2.3 ...)
	NOT-FOR-US: IBM Scale Out network Attached Storage (SONAS)
CVE-2012-0705 (InfoSphere Import Export Manager in InfoSphere Information Server ...)
	NOT-FOR-US: InfoSphere Information Server
CVE-2012-0704
	RESERVED
CVE-2012-0703 (Open redirect vulnerability in Information Services Framework (ISF) in ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0702 (Information Services Framework (ISF) in IBM InfoSphere Information ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0701 (The client applications in the DataStage Administrator client in ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0700 (The client in InfoSphere FastTrack 8.1 through 8.7 in IBM InfoSphere ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0699 (Multiple cross-site request forgery (CSRF) vulnerabilities in Family ...)
	NOT-FOR-US: Family Connections CMS
CVE-2012-0698 (tcsd in TrouSerS before 0.3.10 allows remote attackers to cause a ...)
	{DSA-2576-1}
	- trousers 0.3.9-1 (low; bug #692649)
CVE-2011-5066 (The SibRaRecoverableSiXaResource class in the Default Messaging ...)
	NOT-FOR-US: WebSphere
CVE-2011-5065 (Cross-site scripting (XSS) vulnerability in IBM WebSphere Application ...)
	NOT-FOR-US: WebSphere
CVE-2011-5064 (DigestAuthenticator.java in the HTTP Digest Access Authentication ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5063 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5062 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-5061 (functions.php in WHMCompleteSolution (WHMCS) 4.0.x through 5.0.x ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-5060 (The par_mktmpdir function in the PAR module before 1.003 for Perl ...)
	- libpar-perl 1.005-1 (bug #650707)
	[squeeze] - libpar-perl 1.000-1+squeeze1
CVE-2010-5082 (Untrusted search path vulnerability in colorcpl.exe 6.0.6000.16386 in ...)
	NOT-FOR-US: Windows Server
CVE-2012-0697 (HP StorageWorks P2000 G3 MSA array systems have a default account, ...)
	NOT-FOR-US: HP StorageWorks
CVE-2012-0696 (Multiple cross-site scripting (XSS) vulnerabilities in the Executive ...)
	NOT-FOR-US: IBM Cognos
CVE-2012-0695 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	NOT-FOR-US: Google Chrome books
CVE-2012-0694 [SugarCRM CE unserialize PHP code execution in multiple files]
	RESERVED
	- sugarcrm-ce-5.0 <itp> (bug #457876)
	NOTE: http://seclists.org/bugtraq/2012/Jun/165
CVE-2012-0693 (** DISPUTED ** submitticket.php in WHMCompleteSolution (WHMCS) 5.03 ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2012-0692 (CA License (aka CA Licensing) before 1.90.03 allows local users to ...)
	NOT-FOR-US: CA License
CVE-2012-0691 (CA License (aka CA Licensing) before 1.90.03 does not properly ...)
	NOT-FOR-US: CA License
CVE-2012-0690 (TIBCO Spotfire Web Application, Web Player Application, Automation ...)
	NOT-FOR-US: TIBCO Spotfire
CVE-2012-0689 (The server in TIBCO ActiveMatrix Platform in TIBCO Silver Fabric ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2012-0688 (Cross-site scripting (XSS) vulnerability in TIBCO ActiveMatrix ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2012-0687 (TIBCO ActiveMatrix Runtime Platform in Service Grid and Service Bus ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2012-0686
	RESERVED
CVE-2012-0685 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...)
	NOT-FOR-US: XnView
CVE-2012-0684 (Integer overflow in XnViewer (aka XnView) before 1.98.5 allows remote ...)
	NOT-FOR-US: XnView
CVE-2012-0683 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0682 (WebKit, as used in Apple Safari before 6.0, allows remote attackers to ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0681 (Apple Remote Desktop before 3.6.1 does not recognize the &quot;Encrypt all ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2012-0680 (Apple Safari before 6.0 does not properly handle the autocomplete ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0679 (Apple Safari before 6.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0678 (Cross-site scripting (XSS) vulnerability in Apple Safari before 6.0 ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0677 (Heap-based buffer overflow in Apple iTunes before 10.6.3 allows remote ...)
	NOT-FOR-US: Apple iTunes
CVE-2012-0676 (WebKit in Apple Safari before 5.1.7 does not properly track state ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0675 (Time Machine in Apple Mac OS X before 10.7.4 does not require ...)
	NOT-FOR-US: Time Machine
CVE-2012-0674 (Safari in Apple iOS before 5.1.1 allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0673
	RESERVED
CVE-2012-0672 (WebKit in Apple iOS before 5.1.1 allows remote attackers to execute ...)
	NOTE: http://dl.packetstormsecurity.net/1205-advisories/APPLE-SA-2012-05-09-2.txt
CVE-2012-0671 (Apple QuickTime before 7.7.2 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0670 (Integer overflow in Apple QuickTime before 7.7.2 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0669 (Buffer overflow in Apple QuickTime before 7.7.2 on Windows allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0668 (Buffer overflow in Apple QuickTime before 7.7.2 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0667 (Integer signedness error in Apple QuickTime before 7.7.2 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0666 (Stack-based buffer overflow in the plugin in Apple QuickTime before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0665 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0664 (Heap-based buffer overflow in Apple QuickTime before 7.7.2 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0663 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2012-0662 (Integer overflow in the Security Framework in Apple Mac OS X before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0661 (Use-after-free vulnerability in QuickTime in Apple Mac OS X 10.7.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0660 (Buffer underflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0659 (Integer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0658 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0657 (Quartz Composer in Apple Mac OS X before 10.7.4, when the RSS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0656 (Race condition in LoginUIFramework in Apple Mac OS X 10.7.x before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0655 (libsecurity in Apple Mac OS X before 10.7.4 does not properly restrict ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0654 (libsecurity in Apple Mac OS X before 10.7.4 accesses uninitialized ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0653
	RESERVED
CVE-2012-0652 (Login Window in Apple Mac OS X 10.7.3, when Legacy File Vault or ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0651 (The directory server in Directory Service in Apple Mac OS X 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0650 (Buffer overflow in the DirectoryService Proxy in DirectoryService in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0649 (Race condition in the initialization routine in blued in Bluetooth in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2012-0648 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0647 (WebKit in Apple Safari before 5.1.4 does not properly handle redirects ...)
	NOT-FOR-US: Apple Safari/ if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0646 (Format string vulnerability in VPN in Apple iOS before 5.1 allows ...)
	NOT-FOR-US: VPN in Apple iOS
CVE-2012-0645 (Siri in Apple iOS before 5.1 does not properly restrict the ability of ...)
	NOT-FOR-US: Siri
CVE-2012-0644 (Race condition in the Passcode Lock feature in Apple iOS before 5.1 ...)
	NOT-FOR-US: Passcode Lock in Apple iOS
CVE-2012-0643 (The kernel in Apple iOS before 5.1 does not properly handle debug ...)
	NOT-FOR-US: kernel in Apple iOS
CVE-2012-0642 (Integer underflow in Apple iOS before 5.1 allows remote attackers to ...)
	NOT-FOR-US: Apple iOS
CVE-2012-0641 (CFNetwork in Apple iOS before 5.1 does not properly construct request ...)
	NOT-FOR-US: Apple iOS
CVE-2012-0640 (WebKit in Apple Safari before 5.1.4 does not properly implement &quot;From ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0639 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0638 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0637 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0636 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0635 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0634 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0633 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0632 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0631 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0630 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0629 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0628 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0627 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0626 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0625 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0624 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0623 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0622 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0621 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0620 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0619 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0618 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0617 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0616 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0615 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0614 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0613 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0612 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0611 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0610 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0609 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0608 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0607 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0606 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0605 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0604 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0603 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0602 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0601 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0600 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0599 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0598 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0597 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0596 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0595 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0594 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0593 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0592 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0591 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0590 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0589 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0588 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0587 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0586 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0585 (The Private Browsing feature in Safari in Apple iOS before 5.1 allows ...)
	NOT-FOR-US: Apple Safari/iTunes if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2012-0584 (The Internationalized Domain Name (IDN) feature in Apple Safari before ...)
	NOT-FOR-US: Apple Safari
CVE-2012-0583 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2496-1}
	- mysql-5.1 5.1.62-1 (bug #670636)
	- mysql-5.5 5.5.23-1
CVE-2012-0582 (Unspecified vulnerability in the Siebel Clinical component in Oracle ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2012-0581 (Unspecified vulnerability in the Oracle Agile component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0580 (Unspecified vulnerability in the Oracle Agile PLM for Process ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0579 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0578 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	- mysql-5.1 <not-affected> (Only affects 5.5)
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-0577 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0576 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0575 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0574 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-0573 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0572 (Unspecified vulnerability in the Server component in Oracle MySQL ...)
	{DSA-2780-1}
	- mysql-5.1 <removed>
	- mysql-5.5 5.5.29+dfsg-1
CVE-2012-0571 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0570 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, 10, and 11 ...)
	NOT-FOR-US: Solaris
CVE-2012-0569 (Unspecified vulnerability Oracle Sun Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-0568 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2012-0567 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0566 (Unspecified vulnerability in the Oracle Agile component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0565 (Unspecified vulnerability in the Oracle Agile component in Oracle ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0564 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0563 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0562 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0561 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0560 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0559 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0558 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2012-0557 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0556 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0555 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0554 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0553 (Buffer overflow in yaSSL, as used in MySQL 5.1.x before 5.1.68 and ...)
	{DSA-2780-1}
	- mysql-5.1 <removed> (bug #712059)
	- mysql-5.5 5.5.28+dfsg-1
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: https://blogs.oracle.com/sunsecurity/entry/cve_2012_0553_buffer_overflow
CVE-2012-0552 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0551 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
	- openjdk-6 <not-affected> (specific to Oracle Java)
	- openjdk-7 <not-affected> (specific to Oracle Java)
CVE-2012-0550 (Unspecified vulnerability in the GlassFish Enterprise Server component ...)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2012-0549 (Unspecified vulnerability in the Oracle AutoVue Office component in ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2012-0548 (Unspecified vulnerability in Oracle SPARC Enterprise M Series Servers ...)
	NOT-FOR-US: Oracle SPARC Enterprise M Series Servers XCP 1110
CVE-2012-0547 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-7 7u3-2.1.2-1 (low)
	- openjdk-6 6b24-1.11.4-1 (low)
CVE-2012-0546 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0545 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0544 (Unspecified vulnerability in the Oracle FLEXCUBE Universal Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0543 (Unspecified vulnerability in the BI Publisher (formerly XML Publisher) ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0542 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0541 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0540 (Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier ...)
	{DSA-2496-1}
	- mysql-5.1 <removed> (bug #682212)
	- mysql-5.5 5.5.24+dfsg-1 (bug #682210)
CVE-2012-0539 (Unspecified vulnerability in Oracle Sun Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Oracle Sun Solaris
CVE-2012-0538 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0537 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0536 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0535 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0534 (Unspecified vulnerability in the RDBMS Core component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0533 (Unspecified vulnerability in the PeopleSoft Enterprise FCSM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0532 (Unspecified vulnerability in the Identity Manager component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0531 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0530 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0529 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0528 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0527 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0526 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0525 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0524 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0523 (Unspecified vulnerability in the Oracle Grid Engine component in ...)
	- gridengine 6.2u5-7.1
	[squeeze] - gridengine <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://www.securityfocus.com/bid/53132
	NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0522 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0520 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0519 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0518 (Unspecified vulnerability in the Oracle Application Server Single ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0517 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0516 (Unspecified vulnerability in the Oracle iPlanet Web Server component ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2012-0515 (Unspecified vulnerability in the Identity Manager Connector component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0514 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0513 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0512 (Unspecified vulnerability in the Enterprise Manager Base Platform ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0511 (Unspecified vulnerability in the OCI component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0510 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0509 (Unspecified vulnerability in the Oracle FLEXCUBE Direct Banking ...)
	NOT-FOR-US: Oracle Financial Services Software
CVE-2012-0508 (Unspecified vulnerability in the JavaFX component in Oracle Java SE ...)
	- openjdk-6 <not-affected> (JavaFX not part of OpenJDK)
	- openjdk-7 <not-affected> (JavaFX not part of OpenJDK)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0507 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: Replacement for misused CVE-2011-3571.
CVE-2012-0506 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0505 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
CVE-2012-0504 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- openjdk-6 <not-affected> (Only applies to the Windows-specific update tool)
	- openjdk-7 <not-affected> (Only applies to the Windows-specific update tool)
	- sun-java6 <not-affected> (Only applies to the Windows-specific update tool)
CVE-2012-0503 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0502 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0501 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0500 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: OpenJDK browser plugin is a different code base.
CVE-2012-0499 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK.
CVE-2012-0498 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	NOTE: According to the Red Hat bug tracker, this vulnerability does not affect Iced Tea/OpenJDK.
CVE-2012-0497 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2012-0496 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0495 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0494 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0493 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0492 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0491 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0490 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0489 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0488 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0487 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0486 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0485 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0484 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0483
	RESERVED
CVE-2012-0482
	RESERVED
CVE-2012-0481
	RESERVED
CVE-2012-0480
	RESERVED
CVE-2011-5059 (Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote ...)
	NOT-FOR-US: Final Draft
CVE-2011-5058 (The CmbWebserver.dll module of the Control service in 3S CoDeSys 3.4 ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2012-0479 (Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0478 (The texImage2D implementation in the WebGL subsystem in Mozilla ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0477 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0476
	RESERVED
CVE-2012-0475 (Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and ...)
	- icedove 10.0.4-1
	[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceweasel 12.0-1 (low; bug #703071)
	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	[wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceape <removed> (low)
	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	[wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2012-0474 (Cross-site scripting (XSS) vulnerability in the docshell ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0473 (The WebGLBuffer::FindMaxUshortElement function in Mozilla Firefox 4.x ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0472 (The cairo-dwrite implementation in Mozilla Firefox 4.x through 11.0, ...)
	- icedove <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2012-0471 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0470 (Heap-based buffer overflow in the ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0469 (Use-after-free vulnerability in the ...)
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0468 (The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird ...)
	- icedove <not-affected> (Only affects Firefox 11 and above)
	- iceweasel <not-affected> (Only affects Firefox 11 and above)
	- iceape <not-affected> (Only affects Firefox 11 and above)
CVE-2012-0467 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2464-1 DSA-2458-1 DSA-2457-1}
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0466 (template/en/default/list/list.js.tmpl in Bugzilla 2.x and 3.x before ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0465 (Bugzilla 3.5.x and 3.6.x before 3.6.9, 3.7.x and 4.0.x before 4.0.6, ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0464 (Use-after-free vulnerability in the browser engine in Mozilla Firefox ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0463 (The nsWindow implementation in the browser engine in Mozilla Firefox ...)
	- iceweasel <not-affected> (Only affects Firefox Mobile on Android)
CVE-2012-0462 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0461 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0460 (Mozilla Firefox 4.x through 10.0, Firefox ESR 10.x before 10.0.3, ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0459 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox 4.x ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0458 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0457 (Use-after-free vulnerability in the ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2012-0456 (The SVG Filters implementation in Mozilla Firefox before 3.6.28 and ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0455 (Mozilla Firefox before 3.6.28 and 4.x through 10.0, Firefox ESR 10.x ...)
	{DSA-2458-1 DSA-2437-1 DSA-2433-1}
	- icedove 10.0.3-1
	- iceweasel 10.0.3esr-1
	- iceape 2.7.3-1
CVE-2012-0454 (Use-after-free vulnerability in Mozilla Firefox 4.x through 10.0, ...)
	- iceweasel <not-affected> (Only affects Firefox on Windows)
CVE-2012-0453 (Cross-site request forgery (CSRF) vulnerability in xmlrpc.cgi in ...)
	- bugzilla <removed>
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0452 (Use-after-free vulnerability in Mozilla Firefox 10.x before 10.0.1, ...)
	- icedove <not-affected> (Introduced in Thunderbird 10)
	- iceweasel 10.0.1-1
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 10)
	- iceape <not-affected> (Vulnerable version never uploaded to the archive)
CVE-2012-0451 (CRLF injection vulnerability in Mozilla Firefox 4.x through 10.0, ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (CSP introduced in Thunderbird 3.3)
	- iceweasel 10.0.3esr-1
	[squeeze] - iceweasel <not-affected> (CSP introduced in Firefox 4)
	- iceape 2.7.3-1
	[squeeze] - iceape <not-affected> (CSP introduced in Seamonkey 2.1)
CVE-2012-0450 (Mozilla Firefox 4.x through 9.0 and SeaMonkey before 2.7 on Linux and ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0449 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 10.0.3-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2012-0448 (Bugzilla 2.x and 3.x before 3.4.14, 3.5.x and 3.6.x before 3.6.8, ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0447 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0446 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0445 (Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and ...)
	- icedove 10.0.3-1
	[squeeze] - icedove <not-affected> (Only affects Firefox >= 4)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0444 (Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before ...)
	{DSA-2412-1 DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.3.2-1.2 (bug #664197)
	- icedove 10.0.3-1
	[lenny] - icedove <not-affected> (Vulnerable code not present)
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2012-0443 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2012-0442 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 10.0.3-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2012-0441 (The ASN.1 decoder in the QuickDER decoder in Mozilla Network Security ...)
	{DSA-2490-1}
	- nss 3.13.4-1
CVE-2012-0440 (Cross-site request forgery (CSRF) vulnerability in jsonrpc.cgi in ...)
	- bugzilla <removed> (low)
	- bugzilla4 <itp> (bug #669643)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
CVE-2012-0439 (An ActiveX control in gwcls1.dll in the client in Novell GroupWise 8.0 ...)
	NOT-FOR-US: GroupWise
CVE-2012-0438
	RESERVED
CVE-2012-0437
	RESERVED
CVE-2012-0436
	RESERVED
CVE-2012-0435 (SUSE WebYaST before 1.2 0.2.63-0.6.1 allows remote attackers to modify ...)
	NOT-FOR-US: YAST
CVE-2012-0434 (The server in Crowbar, as used in SUSE Cloud 1.0, uses weak ...)
	NOT-FOR-US: Crowbar
CVE-2012-0433
	RESERVED
CVE-2012-0432 (Stack-based buffer overflow in the Novell NCP implementation in NetIQ ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0431
	RESERVED
CVE-2012-0430 (Unspecified vulnerability in NetIQ eDirectory 8.8.6.x before 8.8.6.7 ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0429 (dhost in NetIQ eDirectory 8.8.6.x before 8.8.6.7 and 8.8.7.x before ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0428 (Cross-site scripting (XSS) vulnerability in NetIQ eDirectory 8.8.6.x ...)
	NOT-FOR-US: NetIQ eDirectory
CVE-2012-0427 (yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before ...)
	NOT-FOR-US: inst-source-utils
CVE-2012-0426 (Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in ...)
	NOT-FOR-US: SUSE Linux Enterprise for SAP Applications
CVE-2012-0425 (LanItems.ycp in save_y2logs in yast2-network before 2.24.4 in SUSE ...)
	NOT-FOR-US: SUSE YaST
CVE-2012-0424
	RESERVED
CVE-2012-0423
	RESERVED
CVE-2012-0422
	RESERVED
CVE-2012-0421 (The SUSE Audit Log Keeper daemon before 0.2.1-0.4.6.1 for SUSE Manager ...)
	NOT-FOR-US: SUSE Audit Log Keeper daemon
CVE-2012-0420 (zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before ...)
	NOT-FOR-US: SUSE Zypper
CVE-2012-0419 (Directory traversal vulnerability in the agent HTTP interfaces in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0418 (Unspecified vulnerability in the client in Novell GroupWise 8.0 before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0417 (Integer overflow in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0416
	RESERVED
CVE-2012-0415
	RESERVED
CVE-2012-0414 (Cross-site scripting (XSS) vulnerability in the Spacewalk service in ...)
	NOT-FOR-US: SuSE extension to Spacewalk
CVE-2012-0413
	RESERVED
CVE-2012-0412
	RESERVED
CVE-2012-0411 (Unspecified vulnerability in Novell iPrint Client before 5.82 allows ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2012-0410 (Directory traversal vulnerability in WebAccess in Novell GroupWise ...)
	NOT-FOR-US: Groupwise
CVE-2012-0409 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...)
	NOT-FOR-US: EMC
CVE-2012-0408
	REJECTED
CVE-2012-0407 (Integer overflow in the DPA_Utilities library in EMC Data Protection ...)
	NOT-FOR-US: emc.com Data Protection Advisor
CVE-2012-0406 (The DPA_Utilities.cProcessAuthenticationData function in EMC Data ...)
	NOT-FOR-US: emc.com Data Protection Advisor
CVE-2012-0405
	REJECTED
CVE-2012-0404 (Cross-site scripting (XSS) vulnerability in EMC Documentum eRoom ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0403 (Directory traversal vulnerability in EMC RSA enVision 4.x before 4.1 ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0402 (EMC RSA enVision 4.x before 4.1 Patch 4 uses unspecified hardcoded ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0401 (Multiple SQL injection vulnerabilities in EMC RSA enVision 4.x before ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0400 (EMC RSA enVision 4.x before 4.1 Patch 4 does not properly restrict the ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0399 (Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA ...)
	NOT-FOR-US: EMC RSA enVision
CVE-2012-0398 (EMC Documentum eRoom before 7.4.4 does not properly validate session ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2012-0397 (Buffer overflow in EMC RSA SecurID Software Token Converter before ...)
	NOT-FOR-US: EMC RSA SecurID Software Token Converter
CVE-2012-0396 (EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly ...)
	NOT-FOR-US: EMC
CVE-2012-0395 (Buffer overflow in the server in EMC NetWorker 7.5.x and 7.6.x before ...)
	NOT-FOR-US: EMC
CVE-2012-0394 (** DISPUTED ** The DebuggingInterceptor component in Apache Struts ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0393 (The ParameterInterceptor component in Apache Struts before 2.3.1.1 ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0392 (The CookieInterceptor component in Apache Struts before 2.3.1.1 does ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2012-0391 (The ExceptionDelegator component in Apache Struts before 2.2.3.1 ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2011-5057 (Apache Struts 2.3.1.1 and earlier provides interfaces that do not ...)
	- libstruts1.2-java <not-affected> (Affects Struts 2, #657870)
CVE-2011-5056 (The authoritative server in MaraDNS through 2.0.04 computes hash ...)
	- maradns <not-affected> (Only affects 2.x, see #653838)
CVE-2011-5055 (MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without ...)
	- maradns 1.4.09-1 (low)
	[squeeze] - maradns <no-dsa> (Minor issue)
CVE-2011-5054 (kcheckpass passes a user-supplied argument to the pam_start function, ...)
	- kdebase-workspace <unfixed> (unimportant)
	NOTE: the kcheckpass utility is not present in sid (still present in src package, will check with KDE maints)
	NOTE: Not exploitable without OpenPAM
CVE-2011-5053 (The Wi-Fi Protected Setup (WPS) protocol, when the &quot;external ...)
	NOT-FOR-US: This vulnerability affects a protocol, not a product. More information can be found at http://www.kb.cert.org/vuls/id/723755 . All products listed there are not part of Debian.
CVE-2012-0390 (The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain ...)
	- gnutls28 3.0.11-1
	- gnutls26 <not-affected> (lacks DTLS support and is not affected)
CVE-2012-0389 (Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in ...)
	NOT-FOR-US: MailEnable Professional
CVE-2012-0388 (Memory leak in the H.323 inspection feature in the Zone-Based Firewall ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0387 (Memory leak in the HTTP Inspection Engine feature in the Zone-Based ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0386 (The SSHv2 implementation in Cisco IOS 12.2, 12.4, 15.0, 15.1, and 15.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0385 (The Smart Install feature in Cisco IOS 12.2, 15.0, 15.1, and 15.2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0384 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.2 and IOS XE 2.1.x ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0383 (Memory leak in the NAT feature in Cisco IOS 12.4, 15.0, and 15.1 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0382 (The Multicast Source Discovery Protocol (MSDP) implementation in Cisco ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0381 (The IKEv1 implementation in Cisco IOS 12.2 through 12.4 and 15.0 ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0380
	RESERVED
CVE-2012-0379
	RESERVED
CVE-2012-0378 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0377
	RESERVED
CVE-2012-0376 (The voice-sipstack component in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2012-0375
	RESERVED
CVE-2012-0374
	RESERVED
CVE-2012-0373
	RESERVED
CVE-2012-0372
	RESERVED
CVE-2012-0371 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0370 (Cisco Wireless LAN Controller (WLC) devices with software 4.x, 5.x, ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0369 (Cisco Wireless LAN Controller (WLC) devices with software 6.0 and 7.0 ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0368 (The administrative management interface on Cisco Wireless LAN ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2012-0367 (Cisco Unity Connection before 7.1.5b(Su5), 8.0 and 8.5 before ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-0366 (Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated ...)
	NOT-FOR-US: Cisco Unity Connection
CVE-2012-0365 (Directory traversal vulnerability in the Local TFTP file-upload ...)
	NOT-FOR-US: Cisco SRP 520 series devices
CVE-2012-0364 (Cisco SRP 520 series devices with firmware before 1.1.26 and SRP ...)
	NOT-FOR-US: Cisco SRP devices
CVE-2012-0363 (The web interface on Cisco SRP 520 series devices with firmware before ...)
	NOT-FOR-US: Cisco SRP devices
CVE-2012-0362 (The extended ACL functionality in Cisco IOS 12.2(58)SE2 and 15.0(1)SE ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0361 (The sccp-protocol component in Cisco IP Communicator (CIPC) 7.0 ...)
	NOT-FOR-US: Cisco
CVE-2012-0360 (Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0359 (The Cisco Cius with software before 9.2(1) SR2 allows remote attackers ...)
	NOT-FOR-US: Cisco Cius
CVE-2012-0358 (Buffer overflow in the Cisco Port Forwarder ActiveX control in ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0357
	RESERVED
CVE-2012-0356 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0355 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0354 (The Threat Detection feature on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0353 (The UDP inspection engine on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2012-0352 (Cisco NX-OS 4.2.x before 4.2(1)SV1(5.1) on Nexus 1000v series ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2012-0351
	RESERVED
CVE-2012-0350
	RESERVED
CVE-2012-0349
	RESERVED
CVE-2012-0348
	RESERVED
CVE-2012-0347
	RESERVED
CVE-2012-0346
	RESERVED
CVE-2012-0345
	RESERVED
CVE-2012-0344
	RESERVED
CVE-2012-0343
	RESERVED
CVE-2012-0342
	RESERVED
CVE-2012-0341
	RESERVED
CVE-2012-0340 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2012-0339 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0338 (Cisco IOS 12.2 through 12.4 and 15.0 does not recognize the vrf-also ...)
	NOT-FOR-US: Cisco IOS
CVE-2012-0337 (SQL injection vulnerability in the web component in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2012-0336
	RESERVED
CVE-2012-0335 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2012-0334
	RESERVED
CVE-2012-0333 (Cisco Small Business IP phones with SPA 500 series firmware 7.4.9 and ...)
	NOT-FOR-US: Cisco
CVE-2012-0332
	RESERVED
CVE-2012-0331 (Cisco TelePresence Video Communication Server with software before ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-0330 (Cisco TelePresence Video Communication Server with software before ...)
	NOT-FOR-US: Cisco TelePresence Video Communication Server
CVE-2012-0329 (Cisco Digital Media Manager 5.2.2 and earlier, and 5.2.3, allows ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2012-0328 (Janetter before 3.3.0.0 (aka 3.3.0) allows remote attackers to obtain ...)
	NOT-FOR-US: Janetter
CVE-2012-0327 (Cross-site scripting (XSS) vulnerability in Redmine before 1.3.2 ...)
	- redmine 1.3.2+dfsg1-1
	[squeeze] - redmine <end-of-life> (Redmine not supported because of rails)
	NOTE: http://jvn.jp/en/jp/JVN93406632/
	NOTE: patch unclear: difficult to find the patch in 1.3.2 release
CVE-2012-0326 (The twicca application 0.7.0 through 0.9.30 for Android does not ...)
	NOT-FOR-US: twicca application for Android
CVE-2012-0325 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, ...)
	- jenkins 1.424.6+dfsg-1
CVE-2012-0324 (Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, ...)
	- jenkins 1.424.6+dfsg-1
CVE-2012-0323 (Cross-site scripting (XSS) vulnerability in the Autocomplete plugin ...)
	NOT-FOR-US: Autocomplete plugin for SquirrelMail
CVE-2012-0322 (The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for ...)
	NOT-FOR-US: EStrongs ES File Explorer
CVE-2012-0321 (Unspecified vulnerability in the device driver in Kingsoft Internet ...)
	NOT-FOR-US: Kingsoft Internet Security 2011
CVE-2012-0320 (Movable Type before 4.38, 5.0x before 5.07, and 5.1x before 5.13 ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0319 (The file-management system in Movable Type before 4.38, 5.0x before ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0318 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0317 (Multiple cross-site request forgery (CSRF) vulnerabilities in Movable ...)
	{DSA-2423-1}
	- movabletype-opensource 5.1.3+dfsg-1
CVE-2012-0316 (The Cookpad 1.5.16 and earlier and Cookpad Noseru 1.1.1 and earlier ...)
	NOT-FOR-US: Cookpad
CVE-2012-0315 (Untrusted search path vulnerability in ALFTP before 5.31 allows local ...)
	NOT-FOR-US: ALFTP
CVE-2012-0314 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: eAccess Pocket WiFi
CVE-2012-0313 (Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 ...)
	NOT-FOR-US: glucose
CVE-2012-0312 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
	NOT-FOR-US: osCommerce
CVE-2012-0311 (Cross-site scripting (XSS) vulnerability in osCommerce 2.2MS1J before ...)
	NOT-FOR-US: osCommerce
CVE-2012-0310 (CRLF injection vulnerability in Cogent DataHub 7.1.2 and earlier, ...)
	NOT-FOR-US: Cogent DataHub
CVE-2012-0309 (Cross-site scripting (XSS) vulnerability in Cogent DataHub 7.1.2 and ...)
	NOT-FOR-US: Cogent DataHub
CVE-2012-0308 (Cross-site request forgery (CSRF) vulnerability in Symantec Messaging ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-0307 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec ...)
	NOT-FOR-US: Symantec Messaging Gateway
CVE-2012-0306 (Symantec Ghost Solution Suite 2.x through 2.5.1 allows remote ...)
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2012-0305 (Untrusted search path vulnerability in Symantec System Recovery 2011 ...)
	NOT-FOR-US: Symantec System Recovery 2011 before SP2 and Backup Exec System Recovery 2010 before SP5
CVE-2012-0304 (Symantec LiveUpdate Administrator before 2.3.1 uses weak permissions ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2012-0303 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0302 (Cross-site scripting (XSS) vulnerability in Brightmail Control Center ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0301 (Session fixation vulnerability in Brightmail Control Center in ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0300 (Brightmail Control Center in Symantec Message Filter 6.3 does not ...)
	NOT-FOR-US: Symantec Message Filter
CVE-2012-0299 (The file-management scripts in the management GUI in Symantec Web ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0298 (The file-management scripts in the management GUI in Symantec Web ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0297 (The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0296 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2012-0295 (The Manager service in the management console in Symantec Endpoint ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-0294 (Directory traversal vulnerability in the Manager service in the ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2012-0293 (Multiple SQL injection vulnerabilities in Symantec Altiris WISE ...)
	NOT-FOR-US: Symantec Altiris WISE Package Studio
CVE-2012-0292 (The awhost32 service in Symantec pcAnywhere through 12.5.3, Altiris IT ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0291 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
	NOT-FOR-US: pcAnywhere
CVE-2012-0290 (Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2012-0289 (Buffer overflow in Symantec Endpoint Protection (SEP) 11.0.600x ...)
	NOT-FOR-US: Symantec Network Access Control
CVE-2011-5052 (Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote ...)
	NOT-FOR-US: CoCSoft Stream Down
CVE-2011-5051 (Multiple unrestricted file upload vulnerabilities in the WP Symposium ...)
	NOT-FOR-US: Symposium plugin for Wordpress
CVE-2011-5050 (SQL injection vulnerability in corporate/Controller in Elitecore ...)
	NOT-FOR-US: Elitecore Technologies Cyberoam UTM
CVE-2011-5049 (MySQL 5.5.8, when running on Windows, allows remote attackers to cause ...)
	NOT-FOR-US: MySQL on Windows
CVE-2007-6751 (Cross-site scripting (XSS) vulnerability in the MailForm plugin before ...)
	NOT-FOR-US: MailForm plugin for Movable Type
CVE-2004-2776
	RESERVED
	NOT-FOR-US: Montitorix
CVE-2004-2775
	RESERVED
CVE-2004-2774
	RESERVED
CVE-2004-2773
	RESERVED
CVE-2004-2772
	RESERVED
CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and ...)
	{DSA-3105-1 DLA-114-1}
	- heirloom-mailx 12.5-3.1 (bug #773417)
	- bsd-mailx 8.1.2-0.20071201cvs-1
	- mailx 1:8.1.2-0.20040524cvs-2 (bug #278748)
CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in ...)
	- linux <not-affected> (Fixed before rename to src:linux)
	- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
	NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
CVE-2003-1602
	RESERVED
CVE-2003-1601
	RESERVED
CVE-2003-1600
	RESERVED
CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in ...)
	NOT-FOR-US: WordPress plugin wp-links
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ...)
	- wordpress 1.0.1-1
CVE-2002-2444 [snoopy: Security hole in exec cURL]
	RESERVED
	- libphp-snoopy <not-affected> (affected version never was in the repo)
	NOTE: http://www.openwall.com/lists/oss-security/2014/07/18/2
	NOTE: http://sourceforge.net/p/snoopy/bugs/13/
CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...)
	{DSA-2701-1}
	- krb5 1.10.1+dfsg-6 (bug #708267)
	NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637
	NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c
CVE-2002-2442
	RESERVED
CVE-2002-2441
	RESERVED
CVE-2002-2440
	RESERVED
CVE-2002-2439
	RESERVED
	- gcc-4.1 <removed>
	[squeeze] - gcc-4.1 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.3 <removed>
	[squeeze] - gcc-4.3 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.4 <unfixed> (low)
	[squeeze] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	[wheezy] - gcc-4.4 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.6 <unfixed> (low)
	[wheezy] - gcc-4.6 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.7 <removed> (low; bug #710830)
	[wheezy] - gcc-4.7 <no-dsa> (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis)
	- gcc-4.8 4.8.0-1 (low)
	NOTE: Are there apps known to be exploitable through this?
	NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway?
	NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is
	NOTE: properly rebuild with a fixed version from the start
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439
CVE-2002-2438
	RESERVED
	NOT-FOR-US: ancient linux 2.4 issue
CVE-2001-1592
	RESERVED
CVE-2001-1591
	RESERVED
CVE-2001-1590
	RESERVED
CVE-2001-1589
	RESERVED
CVE-2001-1588
	RESERVED
CVE-2000-1252
	RESERVED
CVE-2000-1251
	RESERVED
CVE-2000-1250
	RESERVED
CVE-2000-1249
	RESERVED
CVE-2000-1248
	RESERVED
CVE-1999-1598
	RESERVED
CVE-1999-1597
	RESERVED
CVE-1999-1596
	RESERVED
CVE-1999-1595
	RESERVED
CVE-1999-1594
	RESERVED
CVE-2012-0288
	RESERVED
CVE-2011-5048 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Web ...)
	NOT-FOR-US: IBM Web Experience Factory
CVE-2011-5047 (Cross-site scripting (XSS) vulnerability in status_rrd_graph.php in ...)
	NOT-FOR-US: pfSense
CVE-2012-0287 (Cross-site scripting (XSS) vulnerability in wp-comments-post.php in ...)
	- wordpress 3.3.1+dfsg-1
	[squeeze] - wordpress <not-affected> (only 3.3.x vulnerable)
	[lenny] - wordpress <not-affected> (only 3.3.x vulnerable)
CVE-2012-0286 (Cross-site request forgery (CSRF) vulnerability in Stoneware ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-0285 (Multiple cross-site scripting (XSS) vulnerabilities in Stoneware ...)
	NOT-FOR-US: Stoneware webNetwork
CVE-2012-0284 (Stack-based buffer overflow in the SetSource method in the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2012-0283 (Cross-site scripting (XSS) vulnerability in the tpl_mediaFileList ...)
	- dokuwiki 0.0.20120125b-1 (low; bug #683378)
	[squeeze] - dokuwiki <not-affected> (Vulnerable functionality not present, see #683378)
CVE-2012-0282 (Heap-based buffer overflow in XnView before 1.99 allows remote ...)
	NOT-FOR-US: XnView
CVE-2012-0281
	RESERVED
CVE-2012-0280
	RESERVED
CVE-2012-0279 (Quest Toad for Data Analysts 3.0.1 uses weak permissions (Everyone: ...)
	NOT-FOR-US: Quest (quest.com) Toad
CVE-2012-0278 (Heap-based buffer overflow in the FlashPix PlugIn before 4.3.4.0 for ...)
	NOT-FOR-US: IrfanView
CVE-2012-0277 (Heap-based buffer overflow in XnView before 1.99 allows remote ...)
	NOT-FOR-US: XnView
CVE-2012-0276 (Multiple heap-based buffer overflows in XnView before 1.99 allow ...)
	NOT-FOR-US: XnView
CVE-2012-0275 (Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 ...)
	NOT-FOR-US: Adobe Photoshop CS5
CVE-2012-0274
	RESERVED
CVE-2012-0273 (Multiple stack-based buffer overflows in MinaliC 2.0.0 allow remote ...)
	NOT-FOR-US: MinaliC (Webserver)
CVE-2012-0272 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0271 (Integer overflow in the WebConsole component in gwia.exe in GroupWise ...)
	NOT-FOR-US: Novell GroupWise
CVE-2012-0270 (Multiple stack-based buffer overflows in Csound before 5.16.6 allow ...)
	- csound 1:5.16.6~dfsg-1 (low; bug #661197)
	[squeeze] - csound <no-dsa> (Minor issue)
	NOTE: http://secunia.com/secunia_research/2012-3/
	NOTE: http://csound.git.sourceforge.net/git/gitweb.cgi?p=csound/csound5.git;a=commitdiff;h=7d617a9551fb6c552ba16874b71266fcd90f3a6f
CVE-2012-0269 (Buffer overflow in JustSystems Ichitaro 2011 Sou, Ichitaro 2006 ...)
	NOT-FOR-US: various Ichitaro products
CVE-2012-0268 (Integer overflow in the CYImage::LoadJPG method in YImage.dll in ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2012-0267 (The StopModule method in the NTR ActiveX control before 2.0.4.8 allows ...)
	NOT-FOR-US: NTR ActiveX control
CVE-2012-0266 (Multiple stack-based buffer overflows in the NTR ActiveX control ...)
	NOT-FOR-US: NTR ActiveX control
CVE-2012-0265 (Stack-based buffer overflow in Apple QuickTime before 7.7.2 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-5046 (The Graphics Device Interface (GDI) in win32k.sys in the kernel-mode ...)
	NOT-FOR-US: Microsoft Windows 7
CVE-2011-5045 (Cross-site scripting (XSS) vulnerability in details_view.php in PHP ...)
	NOT-FOR-US: PHP Booking Calendar 10e (not in Debian)
CVE-2011-5044 (SopCast 3.4.7.45585 uses weak permissions (Everyone:Full Control) for ...)
	NOT-FOR-US: SopCast (not in Debian)
CVE-2011-5043 (TomatoSoft Free Mp3 Player 1.0 allows remote attackers to cause a ...)
	NOT-FOR-US: TomatoSoft Free Mp3 Player (not in Debian)
CVE-2011-5042 (Cross-site scripting (XSS) vulnerability in inc/lib/lib.base.php in ...)
	NOT-FOR-US: SASHA (not in Debian)
CVE-2011-5041 (Multiple cross-site scripting (XSS) vulnerabilities in Pulse Pro CMS ...)
	NOT-FOR-US: Pulse Pro CMS (not in Debian)
CVE-2011-5040 (Multiple cross-site scripting (XSS) vulnerabilities in Infoproject ...)
	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5039 (Multiple SQL injection vulnerabilities in Infoproject Biznis Heroj ...)
	NOT-FOR-US: Infoproject Biznis Heroj (not in Debian)
CVE-2011-5038 (SQL injection vulnerability in hitCode hitAppoint 4.5.17 and possibly ...)
	NOT-FOR-US: hitAppoint (not in Debian)
CVE-2011-5037 (Google V8 computes hash values for form parameters without restricting ...)
	- libv8 3.6.6.14-2 (bug #653962)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-5036 (Rack before 1.1.3, 1.2.x before 1.2.5, and 1.3.x before 1.3.6 computes ...)
	{DSA-2783-1}
	- ruby-rack 1.4.0-1 (bug #653963)
	- librack-ruby <removed>
	NOTE: https://github.com/rack/rack/commit/5b9d09a81a9fdc9475f0ab0095cb2a33bf2a8f91
CVE-2011-5035 (Oracle Glassfish 2.1.1, 3.0.1, and 3.1.1, as used in Communications ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
	- sun-java6 <removed>
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- glassfish <not-affected> (Debian only builds some core libs, not the full application stack)
CVE-2011-5034 (Apache Geronimo 2.2.1 and earlier computes hash values for form ...)
	NOT-FOR-US: Apache Geronimo
CVE-2011-5033 (Stack-based buffer overflow in CFS.c in ConfigServer Security &amp; ...)
	NOT-FOR-US: ConfigServer Security & Firewall
CVE-2011-5032 (WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to ...)
	NOT-FOR-US: WinMount
CVE-2011-5031 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: cApexWEB
CVE-2011-5030 (Cross-site scripting (XSS) vulnerability in the Meta tags quick module ...)
	NOT-FOR-US: Meta tags quick module for Drupal
CVE-2011-5029 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Sumple PHP Blog
CVE-2011-5028 (Directory traversal vulnerability in novelllogmanager/FileDownload in ...)
	NOT-FOR-US: Novell Sentinel Log Manager
CVE-2011-5027 (Cross-site scripting (XSS) vulnerability in ZABBIX before 1.8.10 ...)
	- zabbix 1:1.8.10-1 (bug #652664)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-5026 (Cross-site scripting (XSS) vulnerability in the addPost function in ...)
	NOT-FOR-US: Winn Guestbook
CVE-2011-5025 (Multiple cross-site scripting (XSS) vulnerabilities in the wiki ...)
	- yaws 1.92-1 (low; bug #653966)
	[squeeze] - yaws <no-dsa> (Minor issue)
CVE-2011-5024 (Cross-site scripting (XSS) vulnerability in mmsearch/design in the ...)
	NOT-FOR-US: ht://Dig integration for Mailman
CVE-2011-5023 (Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows ...)
	NOT-FOR-US: Pligg CMS
CVE-2011-5022 (SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows ...)
	NOT-FOR-US: Pligg CMS
CVE-2011-5021 (PHPIDS before 0.7 does not properly implement Regular Expression ...)
	- php-ids <itp> (bug #488848)
CVE-2011-5020
	RESERVED
CVE-2011-5019 (Cross-site scripting (XSS) vulnerability in setup/index.php in ...)
	- textpattern <unfixed> (low)
	[squeeze] - textpattern <no-dsa> (Vulnerability is in setup.php, which becomes inaccessible after installation)
CVE-2011-5018
	RESERVED
CVE-2011-5017
	RESERVED
CVE-2011-5016
	RESERVED
CVE-2011-5015
	RESERVED
CVE-2011-5014
	RESERVED
CVE-2011-5013
	RESERVED
CVE-2011-5012 (Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2011-5011 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: xt:Commerce
CVE-2011-5010 (apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows ...)
	NOT-FOR-US: Ctek SkyRouter
CVE-2011-5009 (The CmpWebServer.dll module in the Control service in 3S CoDeSys 3.4 ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5008 (Integer overflow in the GatewayService component in 3S CoDeSys 3.4 SP4 ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5007 (Stack-based buffer overflow in the CmpWebServer component in 3S ...)
	NOT-FOR-US: 3S CoDeSys
CVE-2011-5006 (Stack-based buffer overflow in QQPlayer 3.2.845 allows remote ...)
	NOT-FOR-US: QQPlayer
CVE-2011-5005 (Unrestricted file upload vulnerability in QuiXplorer 2.3 and earlier ...)
	NOT-FOR-US: QuiXplorer
CVE-2011-5004 (Unrestricted file upload vulnerability in models/importcsv.php in the ...)
	NOT-FOR-US: Joomla extension
CVE-2011-5003 (Stack-based buffer overflow in the Phonetic Indexer ...)
	NOT-FOR-US: Avid Media Composer
CVE-2011-5002 (Multiple stack-based buffer overflows in Final Draft 8 before 8.02 ...)
	NOT-FOR-US: Final Draft
CVE-2011-5001 (Stack-based buffer overflow in the CGenericScheduler::AddTask function ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2011-5000 (The ssh_gssapi_parse_ename function in gss-serv.c in OpenSSH 5.8 and ...)
	- openssh 1:5.9p1-1
	[squeeze] - openssh 1:5.5p1-6+squeeze4
	NOTE: looking at the code an additional integer overflow check was added in at least 5.9
CVE-2011-4999
	REJECTED
CVE-2011-4998
	REJECTED
CVE-2011-4997
	REJECTED
CVE-2011-4996
	REJECTED
CVE-2011-4995
	REJECTED
CVE-2011-4994
	REJECTED
CVE-2011-4993
	REJECTED
CVE-2011-4992
	REJECTED
CVE-2011-4991
	REJECTED
CVE-2011-4990
	REJECTED
CVE-2011-4989
	REJECTED
CVE-2011-4988
	REJECTED
CVE-2011-4987
	REJECTED
CVE-2011-4986
	REJECTED
CVE-2011-4985
	REJECTED
CVE-2011-4984
	REJECTED
CVE-2011-4983
	REJECTED
CVE-2011-4982
	REJECTED
CVE-2011-4981
	REJECTED
CVE-2011-4980
	REJECTED
CVE-2011-4979
	REJECTED
CVE-2011-4978
	RESERVED
CVE-2011-4977
	RESERVED
CVE-2011-4976
	RESERVED
CVE-2011-4975
	RESERVED
CVE-2011-4974
	RESERVED
CVE-2011-4973 (Authentication bypass vulnerability in mod_nss 1.0.8 allows remote ...)
	- libapache2-mod-nss 1.0.8-4 (low; bug #729626)
	[wheezy] - libapache2-mod-nss <no-dsa> (Minor issue)
	NOTE: https://www.redhat.com/archives/mod_nss-list/2011-May/msg00001.html
	NOTE: https://git.fedorahosted.org/cgit/mod_nss.git/commit/?id=a6c3370491ae1d3bc552e8de9353c82f73e510e3
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=1017197
CVE-2011-4972 [CKEditor module for Drupal access bypass]
	RESERVED
	NOT-FOR-US: Drupal module
CVE-2011-4971 (Multiple integer signedness errors in the (1) process_bin_sasl_auth, ...)
	{DSA-2832-1}
	- memcached 1.4.13-0.3 (bug #706426)
	NOTE: https://github.com/memcached/memcached/commit/6695ccbc525c36d693aaa3e8337b36aa0c784424
CVE-2011-4970 (Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) ...)
	- lcgdm 1.8.6-1 (low; bug #702895)
	[wheezy] - lcgdm <no-dsa> (Minor issue)
	- dpm <removed>
	[squeeze] - dpm <no-dsa> (Minor issue)
CVE-2011-4969 (Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when ...)
	- jquery 1.6.4-1 (low; bug #699482)
	[squeeze] - jquery <no-dsa> (Minor issue)
	NOTE: http://blog.jquery.com/2011/09/01/jquery-1-6-3-released/
	NOTE: https://github.com/jquery/jquery/commit/db9e023e62c1ff5d8f21ed9868ab6878da2005e9
CVE-2011-4968 [nginx http proxy module does not verify peer identity of https origin server]
	RESERVED
	- nginx 1.9.1-1 (low; bug #697940)
	[jessie] - nginx <no-dsa> (Minor issue)
	[squeeze] - nginx <no-dsa> (Minor issue)
	[wheezy] - nginx <no-dsa> (Minor issue)
	NOTE: http://trac.nginx.org/nginx/ticket/13
	NOTE: Upstream commit: http://trac.nginx.org/nginx/changeset/060c2e692b96a150b584b8e30d596be1f2defa9c/nginx
CVE-2011-4967
	RESERVED
	NOT-FOR-US: OpenPegasus
CVE-2011-4966 (modules/rlm_unix/rlm_unix.c in FreeRADIUS before 2.2.0, when unix mode ...)
	- freeradius 2.1.12+dfsg-1.2 (low; bug #694407)
	[squeeze] - freeradius <no-dsa> (Minor issue)
CVE-2011-4965
	REJECTED
CVE-2011-4964
	REJECTED
CVE-2011-4963 (nginx/Windows 1.3.x before 1.3.1 and 1.2.x before 1.2.1 allows remote ...)
	- nginx <not-affected> (Only affects Nginx on Windows)
CVE-2011-4962 (code/sitefeatures/PageCommentInterface.php in SilverStripe 2.4.x ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4961 (SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4960 (SQL injection vulnerability in the Folder::findOrMake method in ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4959 (SQL injection vulnerability in the addslashes method in SilverStripe ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4958 (Cross-site scripting (XSS) vulnerability in the process function in ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2011-4957 (The make_clickable function in wp-includes/formatting.php in WordPress ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
CVE-2011-4956 (Cross-site scripting (XSS) vulnerability in WordPress before 3.1.1 ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
CVE-2011-4955 (Multiple cross-site scripting (XSS) vulnerabilities in ui_stats.php in ...)
	NOT-FOR-US: wordpress bsuite plugin
CVE-2011-4954
	RESERVED
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4953 (The set_mgmt_parameters function in item.py in cobbler before 2.2.2 ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4952
	RESERVED
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2011-4951 (Open redirect vulnerability in phpgwapi/ntlm/index.php in EGroupware ...)
	NOT-FOR-US: EGroupware
CVE-2011-4950 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: EGroupware
CVE-2011-4949 (SQL injection vulnerability in ...)
	NOT-FOR-US: EGroupware
CVE-2011-4948 (Directory traversal vulnerability in admin/remote.php in EGroupware ...)
	NOT-FOR-US: EGroupware
CVE-2011-4947 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: e107
CVE-2011-4946 (SQL injection vulnerability in e107_admin/users_extended.php in e107 ...)
	NOT-FOR-US: e107
CVE-2011-4945 (PolicyKit 0.103 sets the AdminIdentities to &quot;wheel&quot; by default, which ...)
	- policykit-1 0.103-1
	[squeeze] - policykit-1 <not-affected> (vulnerable code introduced in 0.103)
CVE-2011-4944 (Python 2.6 through 3.2 creates ~/.pypirc with world-readable ...)
	{DLA-25-1}
	- python2.7 2.7.3~rc2-2 (low; bug #650555)
	- python2.6 2.6.8-1 (unimportant; bug #615118)
	NOTE: Negligable impact
CVE-2011-4943
	RESERVED
CVE-2011-4942 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Geeklog
CVE-2011-4941 (Unspecified vulnerability in Piwik 1.2 through 1.4 allows remote ...)
	- piwik <itp> (bug #506933)
CVE-2011-4940 (The list_directory function in Lib/SimpleHTTPServer.py in ...)
	{DLA-25-1}
	- python2.7 2.7.2-8 (unimportant)
	- python2.6 <unfixed> (unimportant; bug #664135)
	- python2.5 <removed> (unimportant)
	NOTE: http://www.openwall.com/lists/oss-security/2012/03/14/11
	NOTE: This only affects IE7, which is inherently insecure anyway
CVE-2011-4939 (The pidgin_conv_chat_rename_user function in gtkconv.c in Pidgin ...)
	- pidgin 2.10.2-1 (bug #664028)
	[squeeze] - pidgin <not-affected> (vulnerable code not present)
	NOTE: http://pidgin.im/news/security/?id=60
CVE-2011-4938
	RESERVED
	NOT-FOR-US: Ariadne CMS not in Debian
CVE-2011-4937
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-4936
	REJECTED
CVE-2011-4935
	REJECTED
CVE-2011-4934
	REJECTED
CVE-2011-4933
	REJECTED
CVE-2011-4932 (Eval injection vulnerability in ...)
	NOT-FOR-US: ImpressPages CMS not in Debian
CVE-2011-4931
	RESERVED
	- gpw <unfixed> (unimportant; bug #651510)
	NOTE: This has only marginal security impact
CVE-2011-4930 (Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, ...)
	- condor <not-affected> (Fixed before initial release)
CVE-2011-4929 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4928 (Cross-site scripting (XSS) vulnerability in the textile formatter in ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4927 (Unspecified vulnerability in the bazaar repository adapter in Redmine ...)
	{DSA-2261-1}
	- redmine 1.0.5-1 (bug #608397)
	NOTE: http://www.redmine.org/news/49
CVE-2011-4926 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress plugin Adminimize
CVE-2011-4925 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
	- torque <not-affected> (The version in Debian doesn't yet have MUNGE support)
CVE-2011-4924
	RESERVED
	- zope2.12 2.12.22-1
	- zope3 <removed> (low)
	- zope2.10 <removed> (low)
	[lenny] - zope2.10 <no-dsa> (Minor issue)
	[lenny] - zope3 <no-dsa> (Minor issue)
	- zope2.11 <removed>
	- zope2.9 <removed>
	NOTE: http://openwall.com/lists/oss-security/2012/01/19/16
CVE-2011-4923 (Cross-site scripting (XSS) vulnerability in View.pm in BackupPC 3.0.0, ...)
	- backuppc 3.2.1-2 (bug #646865)
	[squeeze] - backuppc 3.1.0-9.1
CVE-2011-4922 (cipher.c in the Cipher API in libpurple in Pidgin before 2.7.10 ...)
	- pidgin 2.7.11-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[squeeze] - pidgin <no-dsa> (Minor issue)
	NOTE: http://www.pidgin.im/news/security/?id=50
CVE-2011-4921 (SQL injection vulnerability in usersettings.php in e107 0.7.26, and ...)
	NOT-FOR-US: e107
CVE-2011-4920 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.26, ...)
	NOT-FOR-US: e107
CVE-2011-4919 [mpack info disclosure]
	RESERVED
	- mpack 1.6-8 (low; bug #655971)
	[squeeze] - mpack <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2011/12/31/1
CVE-2011-4918 (Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS ...)
	NOT-FOR-US: Elxis CMS, Aphrodite
CVE-2011-4917
	RESERVED
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4916
	RESERVED
CVE-2011-4915
	RESERVED
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Minor info leak, unlikely to be fixed upstream
CVE-2011-4914 (The ROSE protocol implementation in the Linux kernel before 2.6.39 ...)
	{DSA-2389-1}
	- linux-2.6 2.6.38-4
CVE-2011-4913 (The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-4912
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-4911 (Joomla! before 1.5.12 does not perform a JEXEC check in unspecified ...)
	NOT-FOR-US: Joomla
CVE-2011-4910 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.5.12 ...)
	NOT-FOR-US: Joomla
CVE-2011-4909 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2011-4908
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-4907
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-4906
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-4905 (Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial ...)
	- activemq 5.5.0+dfsg-5 (bug #655495)
CVE-2011-4899 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2011-4898 (** DISPUTED ** wp-admin/setup-config.php in the installation component ...)
	- wordpress <unfixed> (unimportant)
	NOTE: https://www.trustwave.com/spiderlabs/advisories/TWSL2012-002.txt
CVE-2010-5081 (Stack-based buffer overflow in Mini-Stream RM-MP3 Converter 3.1.2.1 ...)
	NOT-FOR-US: Mini-Stream RM-MP3 Converter
CVE-2009-5111 (GoAhead WebServer allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2009-5110 (dhttpd allows remote attackers to cause a denial of service (daemon ...)
	- dhttpd <removed> (low; bug #533665)
	[squeeze] - dhttpd <no-dsa> (Minor issue)
	[lenny] - dhttpd <no-dsa> (Minor issue)
CVE-2009-5109 (Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows ...)
	NOT-FOR-US: Mini-Stream Ripper
CVE-2007-6750 (The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a ...)
	- apache2 2.2.15-3 (medium; bug #533661)
	- apache <removed> (medium; bug #533662)
	[lenny] - apache2 <no-dsa> (Minor issue)
CVE-2011-4904
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4903
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4902
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4901
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4900
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2012-0264 (op5 Monitor and op5 Appliance before 5.5.0 do not properly manage ...)
	NOT-FOR-US: op5
CVE-2012-0263 (monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows ...)
	NOT-FOR-US: op5
CVE-2012-0262 (op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and ...)
	NOT-FOR-US: op5
CVE-2012-0261 (license.php in system-portal before 1.6.2 in op5 Monitor and op5 ...)
	NOT-FOR-US: op5
CVE-2012-0260 (The JPEGWarningHandler function in coders/jpeg.c in ImageMagick before ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0259 (The GetEXIFProperty function in magick/property.c in ImageMagick ...)
	{DSA-2462-1}
	- imagemagick 8:6.7.4.0-4 (bug #667635)
CVE-2012-0258 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...)
	NOT-FOR-US: Invensys Wonderware Application Server
CVE-2012-0257 (Heap-based buffer overflow in the WWCabFile ActiveX component in the ...)
	NOT-FOR-US: Invensys Wonderware Application Server
CVE-2012-0256 (Apache Traffic Server 2.0.x and 3.0.x before 3.0.4 and 3.1.x before ...)
	- trafficserver 3.0.4-1
CVE-2012-0255 (The BGP implementation in bgpd in Quagga before 0.99.20.1 does not ...)
	{DSA-2459-1}
	- quagga 0.99.20.1-1
CVE-2012-0254 (Stack-based buffer overflow in the HMIWeb Browser HSCDSPRenderDLL ...)
	NOT-FOR-US: Honeywell
CVE-2012-0253 (Multiple cross-site scripting (XSS) vulnerabilities in Demand Media ...)
	NOT-FOR-US: Demand Media Pluck SiteLife
CVE-2012-0252
	RESERVED
CVE-2012-0251
	RESERVED
CVE-2012-0250 (Buffer overflow in the OSPFv2 implementation in ospfd in Quagga before ...)
	{DSA-2459-1}
	- quagga 0.99.20.1-1
CVE-2012-0249 (Buffer overflow in the ospf_ls_upd_list_lsa function in ospf_packet.c ...)
	{DSA-2459-1}
	- quagga 0.99.20.1-1
CVE-2012-0248 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a ...)
	{DSA-2427-1}
	- imagemagick 8:6.6.9.7-6 (low; bug #659339)
CVE-2012-0247 (ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a ...)
	{DSA-2427-1}
	- imagemagick 8:6.6.9.7-6 (bug #659339)
CVE-2012-0246 (Directory traversal vulnerability in an unspecified ActiveX control in ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2012-0245 (Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB ...)
	NOT-FOR-US: ABB Robot Communications Runtime
CVE-2012-0244 (Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0243 (Buffer overflow in an ActiveX control in bwocxrun.ocx in ...)
	NOT-FOR-US: ActiveX
CVE-2012-0242 (Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0241 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0240 (GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0239 (uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0238 (Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0237 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0236 (Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0235 (Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0234 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0233 (Cross-site scripting (XSS) vulnerability in Advantech/BroadWin ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2012-0232 (Directory traversal vulnerability in rifsrvd.exe in the Remote ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Real-Time Information Portal
CVE-2012-0231 (PRLicenseMgr.exe in the Proficy Server License Manager in GE ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
CVE-2012-0230 (PRRDS.exe in the Proficy Remote Data Service in GE Intelligent ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Plant Applications
CVE-2012-0229 (The Data Archiver service in GE Intelligent Platforms Proficy ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Historian
CVE-2012-0228 (Invensys Wonderware Information Server 4.0 SP1 and 4.5 does not ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2012-0227 (Buffer overflow in the VSFlex7.VSFlexGrid ActiveX control in ...)
	NOT-FOR-US: Open Automation Software OPC Systems.NET
CVE-2012-0226 (SQL injection vulnerability in Invensys Wonderware Information Server ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2012-0225 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2012-0224 (Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 ...)
	NOT-FOR-US: 7-Technologies (7T) AQUIS
CVE-2012-0223 (Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 ...)
	NOT-FOR-US: TERMIS
CVE-2012-0222 (The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley FactoryTalk
CVE-2012-0221 (The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation ...)
	NOT-FOR-US: Rockwell Automation Allen-Bradley FactoryTalk
CVE-2011-4897 (Tor before 0.2.2.25-alpha, when configured as a relay without the ...)
	- tor 0.2.2.27-beta-1 (unimportant)
CVE-2011-4896 (Tor before 0.2.2.24-alpha continues to use a reachable bridge that was ...)
	- tor 0.2.2.27-beta-1 (unimportant)
CVE-2011-4895 (Tor before 0.2.2.34, when configured as a bridge, sets up circuits ...)
	- tor 0.2.2.34-1 (unimportant)
CVE-2011-4894 (Tor before 0.2.2.34, when configured as a bridge, uses direct DirPort ...)
	- tor 0.2.2.34-1 (unimportant)
CVE-2011-4893
	RESERVED
CVE-2011-4892
	RESERVED
CVE-2011-4891
	RESERVED
CVE-2011-4890 (The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-4889 (The javax.naming.directory.AttributeInUseException class in the ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-4888
	RESERVED
CVE-2011-4887 (Cross-site scripting (XSS) vulnerability in the Violations Table in ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-4886
	RESERVED
CVE-2011-4885 (PHP before 5.3.9 computes hash values for form parameters without ...)
	{DSA-2399-1}
	- php5 5.3.9-1 (low)
CVE-2011-4884
	RESERVED
CVE-2011-4883 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4882 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4881 (The web server in Certec atvise webMI2ADS (aka webMI) before 2.0.2 ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4880 (Directory traversal vulnerability in the web server in Certec atvise ...)
	NOT-FOR-US: atvise.com webMI
CVE-2011-4879 (miniweb.exe in the HMI web server in Siemens WinCC flexible 2004, ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4878 (Directory traversal vulnerability in miniweb.exe in the HMI web server ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4877 (HmiLoad in the runtime loader in Siemens WinCC flexible 2004, 2005, ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4876 (Directory traversal vulnerability in HmiLoad in the runtime loader in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4875 (Stack-based buffer overflow in HmiLoad in the runtime loader in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4874 (Use-after-free vulnerability in MICROSYS PROMOTIC before 8.1.7 allows ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4873 (Unspecified vulnerability in the server in Certec EDV atvise before ...)
	NOT-FOR-US: Certec EDV atvise
CVE-2011-4872 (Multiple HTC Android devices including Desire HD FRG83D and GRI40, ...)
	NOT-FOR-US: Android devices
CVE-2011-4871 (Open Automation Software OPC Systems.NET before 5.0 allows remote ...)
	NOT-FOR-US: opcsystems.com
CVE-2011-4870 (Multiple buffer overflows in the (1) GUIControls, (2) BatchObjSrv, and ...)
	NOT-FOR-US: Invensys Wonderware
CVE-2011-4869 (validator/val_nsec3.c in Unbound before 1.4.13p2 does not properly ...)
	{DSA-2370-1}
	- unbound 1.4.14-1 (medium)
CVE-2011-4868 (The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when ...)
	- isc-dhcp 4.2.2.dfsg.1-5 (low; bug #655746)
	[squeeze] - isc-dhcp <not-affected> (vulnerable code not present)
CVE-2011-4867 (The Tencent QQPhoto (com.tencent.qqphoto) application 0.97 for Android ...)
	NOT-FOR-US: Tencent QQPhoto (com.tencent.qqphoto) application
CVE-2011-4866 (The Kaixin001 (com.kaixin001.activity) application 1.3.1 and 1.3.3 for ...)
	NOT-FOR-US: Kaixin001 (com.kaixin001.activity) application
CVE-2011-4865 (The Tencent WBlog (com.tencent.WBlog) 3.3.1 and MicroBlogPad 1.4.0 ...)
	NOT-FOR-US: Tencent WBlog
CVE-2011-4864 (The Tencent MobileQQ (com.tencent.mobileqq) application 2.2 for ...)
	NOT-FOR-US: Tencent MobileQQ (com.tencent.mobileqq) application
CVE-2011-4863 (The Tencent QQPimSecure (com.tencent.qqpimsecure) application 3.0.2 ...)
	NOT-FOR-US: Tencent QQPimSecure (com.tencent.qqpimsecure) application
CVE-2011-4862 (Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 ...)
	{DSA-2375-1 DSA-2373-1 DSA-2372-1}
	- heimdal 1.5.dfsg.1-1 (high)
	- inetutils 2:1.8-6 (high)
	- krb5 1.8+dfsg~aa+r23527-1 (high)
	- krb5-appl 1:1.0.1-1.2 (high; bug #654231)
	NOTE: krb5 fixed through move of code to krb5-appl.
CVE-2011-4861 (The modbus_125_handler function in the Schneider Electric Quantum ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4860 (The ComputePassword function in the Schneider Electric Quantum ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4859 (The Schneider Electric Quantum Ethernet Module, as used in the Quantum ...)
	NOT-FOR-US: Schneider Electric Quantum Ethernet Module
CVE-2011-4858 (Apache Tomcat before 5.5.35, 6.x before 6.0.35, and 7.x before 7.0.23 ...)
	{DSA-2401-1}
	- tomcat5 <removed>
	- tomcat6 6.0.35-1
	- tomcat7 7.0.26-1
CVE-2011-4857 (Heap-based buffer overflow in the in_mod.dll plugin in Winamp before ...)
	NOT-FOR-US: Winamp
CVE-2010-5080 (The Security/changepassword URL action in SilverStripe 2.3.x before ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5079 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 uses weak ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5078 (SilverStripe 2.3.x before 2.3.10 and 2.4.x before 2.4.4 stores ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-5077 (server/sv_main.c in Quake3 Arena, as used in ioquake3 before r1762, ...)
	{DSA-2442-1}
	- openarena 0.8.5-6 (medium; bug #665656)
	- ioquake3 <not-affected> (fixed before upload)
	- tremulous 1.1.0-8 (bug #665842)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2010-5076 (QSslSocket in Qt before 4.7.0-rc1 recognizes a wildcard IP address in ...)
	- qt4-x11 4:4.6.3-1
	NOTE: Might be fixed earlier, but Squeeze version has been validated to be fixed
CVE-2009-5108
	REJECTED
CVE-2009-5107
	REJECTED
CVE-2009-5106
	RESERVED
CVE-2009-5105
	RESERVED
CVE-2009-5104
	RESERVED
CVE-2008-7308
	RESERVED
CVE-2008-7307
	RESERVED
CVE-2008-7306
	RESERVED
CVE-2008-7305
	RESERVED
CVE-2008-7304
	RESERVED
CVE-2007-6749
	RESERVED
CVE-2007-6748
	RESERVED
CVE-2007-6747
	RESERVED
CVE-2007-6746 (telepathy-idle before 0.1.15 does not verify (1) that the issuer is a ...)
	- telepathy-idle 0.1.15-1 (low; bug #706094)
	[wheezy] - telepathy-idle <no-dsa> (Minor issue)
	[squeeze] - telepathy-idle <no-dsa> (Minor issue)
CVE-2007-6745 [clamav floating point exception in OLE2 scanner DoS]
	RESERVED
	- clamav 0.91.2-1~volatile1
	[etch] - clamav <not-affected> (Vulnerable code not present)
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2006-7251
	RESERVED
CVE-2006-7250 (The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t ...)
	{DSA-2454-1}
	- openssl 1.0.0h-1
	NOTE: DSA addressed it in patch for CVE-2012-1165
CVE-2006-7249
	REJECTED
CVE-2006-7248
	REJECTED
CVE-2006-7247 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...)
	NOT-FOR-US: Joomla
CVE-2005-4894
	RESERVED
CVE-2005-4893
	RESERVED
CVE-2005-4892
	RESERVED
CVE-2005-4891
	RESERVED
CVE-2011-4856 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4855 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4854 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4853 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4852 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4851 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4850 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4849 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4848 (The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 ...)
	NOT-FOR-US: Plesk
CVE-2011-4847 (SQL injection vulnerability in the Control Panel in Parallels Plesk ...)
	NOT-FOR-US: Plesk
CVE-2011-4846
	RESERVED
CVE-2011-4845
	RESERVED
CVE-2011-4844
	RESERVED
CVE-2011-4843
	RESERVED
CVE-2011-4842
	RESERVED
CVE-2011-4841
	RESERVED
CVE-2011-4840
	RESERVED
CVE-2011-4839
	RESERVED
CVE-2011-4838 (JRuby before 1.6.5.1 computes hash values without restricting the ...)
	{DLA-209-1}
	- jruby 1.5.6-4 (low; bug #686867)
CVE-2012-0220 (Multiple cross-site scripting (XSS) vulnerabilities in the meta plugin ...)
	{DSA-2474-1}
	- ikiwiki 3.20120516
CVE-2012-0219 (Heap-based buffer overflow in the xioscan_readline function in ...)
	- socat 1.7.1.3-1.3 (low; bug #672994)
	[squeeze] - socat <no-dsa> (Minor issue)
	NOTE: http://www.dest-unreach.org/socat/contrib/socat-secadv3.html
CVE-2012-0218 (Xen 3.4, 4.0, and 4.1, when the guest OS has not registered a handler ...)
	{DSA-2501-1}
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
CVE-2012-0217 (The x86-64 kernel system-call functionality in Xen 4.1.2 and earlier, ...)
	{DSA-2508-1 DSA-2501-1}
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1
	- kfreebsd-8 8.3-4 (bug #677297)
	- kfreebsd-9 9.0-4 (bug #677298)
	- kfreebsd-10 10.0~svn237137-1 (bug #677299)
	NOTE: apparently this code is included in freebsd, xen, as well as
	NOTE: microsoft windows, which is also a part of this id assignment (and a
	NOTE: bit strangely the only os currently called out in the mitre description).
	NOTE: also affected the linux kernel, and was fixed 6 years earlier as CVE-2006-0744.
CVE-2012-0216 (The default configuration of the apache2 package in Debian GNU/Linux ...)
	{DSA-2452-1}
	- apache2 2.2.22-4 (low)
CVE-2012-0215 (model/modelstorage.py in the Tryton application framework (trytond) ...)
	{DSA-2444-1}
	- tryton-server 2.2.2-1 (medium)
CVE-2012-0214 (The pkgAcqMetaClearSig::Failed method in apt-pkg/acquire-item.cc in ...)
	- apt 0.8.15.10
	[squeeze] - apt <not-affected> (Vulnerable code not present)
	[lenny] - apt <not-affected> (Vulnerable code not present)
CVE-2012-0213 (The UnhandledDataStructure function in ...)
	{DSA-2468-1}
	- libjakarta-poi-java <removed>
CVE-2012-0212 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before ...)
	{DSA-2409-1}
	- devscripts 2.11.4
CVE-2012-0211 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before ...)
	{DSA-2409-1}
	- devscripts 2.11.4
CVE-2012-0210 (debdiff.pl in devscripts 2.10.x before 2.10.69 and 2.11.x before ...)
	{DSA-2409-1}
	- devscripts 2.11.4
CVE-2012-0209 (Horde 3.3.12, Horde Groupware 1.2.10, and Horde Groupware Webmail ...)
	- horde3 3.3.12+debian0-2 (bug #660077)
	[squeeze] - horde3 <not-affected> (Introduced in 3.3.12)
	[lenny] - horde3 <not-affected> (Introduced in 3.3.12)
CVE-2012-0208 (Unspecified vulnerability in the Oracle Grid Engine component in ...)
	{DSA-2472-1}
	- gridengine 6.2u5-6
	NOTE: http://www.securityfocus.com/bid/53123/info
	NOTE: http://gridscheduler.sourceforge.net/security.html
CVE-2012-0207 (The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel ...)
	- linux-2.6 3.1.8-2 (bug #654876)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2012-0206 (common_startup.cc in PowerDNS (aka pdns) Authoritative Server before ...)
	{DSA-2385-1}
	- pdns 3.0-1.1 (high)
CVE-2012-0205 (InfoSphere Metadata Workbench (MWB) 8.1 through 8.7 in IBM InfoSphere ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0204 (Untrusted search path vulnerability in InfoSphere Import Export ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0203 (Cross-site scripting (XSS) vulnerability in InfoSphere Metadata ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2012-0202 (Multiple stack-based buffer overflows in tm1admsd.exe in the Admin ...)
	NOT-FOR-US: Admin Server in IBM Cognos TM1
CVE-2012-0201 (Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM ...)
	NOT-FOR-US: IBM Personal Communications
CVE-2012-0200 (The server in IBM solidDB 6.5 before Interim Fix 6 does not properly ...)
	NOT-FOR-US: IBM solidDB
CVE-2012-0199 (Multiple SQL injection vulnerabilities in IBM Tivoli Provisioning ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2012-0198 (Stack-based buffer overflow in the RunAndUploadFile method in the ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2012-0197
	RESERVED
CVE-2012-0196
	RESERVED
CVE-2012-0195 (Cross-site scripting (XSS) vulnerability in the Start Center Layout ...)
	NOT-FOR-US: IBM Maximo Asset Management and others
CVE-2012-0194 (The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large ...)
	NOT-FOR-US: AIX
CVE-2012-0193 (IBM WebSphere Application Server (WAS) 6.0 through 6.0.2.43, 6.1 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2012-0192 (Multiple integer overflows in vclmi.dll in the visual class library ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2012-0191 (The web container in IBM Lotus Expeditor 6.1.x and 6.2.x before 6.2 ...)
	NOT-FOR-US: IBM Lotus Expeditor
CVE-2012-0190 (Unspecified vulnerability in the Render method in the ExportHTML.ocx ...)
	NOT-FOR-US: IBM SPSS Dimensions
CVE-2012-0189 (Multiple unspecified vulnerabilities in the (1) PrintFile and (2) ...)
	NOT-FOR-US: IBM SPSS SamplePower
CVE-2012-0188 (Unspecified vulnerability in the SetLicenseInfoEx method in an ActiveX ...)
	NOT-FOR-US: IBM SPSS Dimensions
CVE-2012-0187 (Untrusted search path vulnerability in IBM Lotus Expeditor 6.1.x and ...)
	NOT-FOR-US: IBM Lotus Expeditor
CVE-2012-0186 (Directory traversal vulnerability in the Eclipse Help component in IBM ...)
	NOT-FOR-US: IBM Lotus Expeditor
CVE-2011-4837 (Cross-site request forgery (CSRF) vulnerability in /ctrl in the web ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4836 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4835 (Directory traversal vulnerability in the web interface in HomeSeer HS2 ...)
	NOT-FOR-US: HomeSeer
CVE-2011-4834 (The GetInstalledPackages function in the configuration tool in HP ...)
	NOT-FOR-US: HP Application Lifestyle Management
CVE-2011-4833 (Multiple SQL injection vulnerabilities in the Leads module in SugarCRM ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-4832 (Directory traversal vulnerability in CaupoShop Pro 2.x, CaupoShop ...)
	NOT-FOR-US: CaupoShop
CVE-2011-4831 (Directory traversal vulnerability in webFileBrowser.php in Web File ...)
	NOT-FOR-US: Web File Browser
CVE-2011-4830 (Multiple cross-site scripting (XSS) vulnerabilities in the com_listing ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4829 (SQL injection vulnerability in the com_listing component in Barter ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4828 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4827 (Multiple cross-site scripting (XSS) vulnerabilities in AutoSec Tools ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4826 (SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 ...)
	NOT-FOR-US: AutoSec Tools V-CMS
CVE-2011-4825 (Static code injection vulnerability in inc/function.base.php in Ajax ...)
	NOT-FOR-US: Ajax File and Image Manager
CVE-2011-4824 (SQL injection vulnerability in auth_login.php in Cacti before 0.8.7h ...)
	{DSA-2384-1}
	- cacti 0.8.7i-1 (high; bug #652371)
CVE-2011-4823 (Multiple SQL injection vulnerabilities in Vik Real Estate ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4822 (Multiple cross-site scripting (XSS) vulnerabilities in the user ...)
	NOT-FOR-US: Atlassian FishEye
CVE-2011-4821 (Directory traversal vulnerability in the TFTP server in D-Link DIR-601 ...)
	NOT-FOR-US: D-Link router
CVE-2011-4820
	RESERVED
CVE-2011-4819 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Maximo ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4818 (Open redirect vulnerability in IBM Maximo Asset Management and Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4817 (The About option on the Help menu in IBM Maximo Asset Management and ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4816 (SQL injection vulnerability in the KPI component in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-4815 (Ruby (aka CRuby) before 1.8.7-p357 computes hash values without ...)
	{DLA-88-1}
	- ruby1.8 1.8.7.358-1
	- ruby1.9 <not-affected> (Includes randomisation of the hash function)
	- ruby1.9.1 <not-affected> (Includes randomisation of the hash function)
CVE-2012-0185 (Heap-based buffer overflow in Microsoft Excel 2007 SP2 and SP3 and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-0184 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...)
	NOT-FOR-US: Microsoft Excel
CVE-2012-0183 (Microsoft Word 2003 SP3 and 2007 SP2 and SP3, Office 2008 and 2011 for ...)
	NOT-FOR-US: Microsoft Word
CVE-2012-0182 (Microsoft Word 2007 SP2 and SP3 does not properly handle memory during ...)
	NOT-FOR-US: Microsoft Word
CVE-2012-0181 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0180 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0179 (Double free vulnerability in tcpip.sys in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0178 (Race condition in partmgr.sys in Windows Partition Manager in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0177 (Heap-based buffer overflow in the Office Works File Converter in ...)
	NOT-FOR-US: Microsoft
CVE-2012-0176 (Double free vulnerability in Microsoft Silverlight 4 before 4.1.10329 ...)
	NOT-FOR-US: Microsoft Silverlight
CVE-2012-0175 (The Shell in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0174 (Windows Firewall in tcpip.sys in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0173 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0172 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0171 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0170 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0169 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0168 (Microsoft Internet Explorer 6 through 9 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2012-0167 (Heap-based buffer overflow in the Office GDI+ library in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0166
	REJECTED
CVE-2012-0165 (GDI+ in Microsoft Windows Vista SP2 and Server 2008 SP2 and Office ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0164 (Microsoft .NET Framework 4 does not properly compare index values, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0163 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, and ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0162 (Microsoft .NET Framework 4 does not properly allocate buffers, which ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0161 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0160 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.0 SP2, 3.5 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2012-0159 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0158 (The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ...)
	NOT-FOR-US: Microsoft
CVE-2012-0157 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0156 (DirectWrite in Microsoft Windows Vista SP2, Windows Server 2008 SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0155 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft
CVE-2012-0154 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft
CVE-2012-0153
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2012-0152 (The Remote Desktop Protocol (RDP) service in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0151 (The Authenticode Signature Verification function in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2012-0150 (Buffer overflow in msvcrt.dll in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2012-0149 (afd.sys in the Ancillary Function Driver in Microsoft Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2012-0148 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2012-0147 (Microsoft Forefront Unified Access Gateway (UAG) 2010 SP1 and SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2012-0146 (Open redirect vulnerability in Microsoft Forefront Unified Access ...)
	NOT-FOR-US: Microsoft
CVE-2012-0145 (Cross-site scripting (XSS) vulnerability in wizardlist.aspx in ...)
	NOT-FOR-US: Microsoft
CVE-2012-0144 (Cross-site scripting (XSS) vulnerability in themeweb.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2012-0143 (Microsoft Excel 2003 SP3 and Office 2008 for Mac do not properly ...)
	NOT-FOR-US: Microsoft
CVE-2012-0142 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2012-0141 (Microsoft Excel 2003 SP3, 2007 SP2 and SP3, and 2010 Gold and SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2012-0140
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2012-0139
	REJECTED
	NOT-FOR-US: Microsoft
CVE-2012-0138 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2012-0137 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2012-0136 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2012-0135 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2012-0134 (Unspecified vulnerability in HP OpenVMS 7.3-2 on the Alpha platform, ...)
	NOT-FOR-US: HP OpenVMS
CVE-2012-0133 (HP ProCurve 5400 zl switches with certain serial numbers include a ...)
	NOT-FOR-US: HP ProCurve
CVE-2012-0132 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
	NOT-FOR-US: HP Business Availability
CVE-2012-0131 (Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX ...)
	NOT-FOR-US: HP HP-UX
CVE-2012-0130 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2012-0129 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2012-0128 (HP Onboard Administrator (OA) before 3.50 allows remote attackers to ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2012-0127 (Unspecified vulnerability in HP Performance Manager 9.00 allows remote ...)
	NOT-FOR-US: HP Performance Manager
CVE-2012-0126 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.11 ...)
	NOT-FOR-US: HP HP-UX
CVE-2012-0125 (Unspecified vulnerability in the WBEM implementation in HP HP-UX 11.31 ...)
	NOT-FOR-US: HP HP-UX
CVE-2012-0124 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2012-0123 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2012-0122 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2012-0121 (Unspecified vulnerability in HP Data Protector Express (aka DPX) ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2011-4814 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 ...)
	- dolibarr 3.3.4-1 (low)
CVE-2011-4813 (Directory traversal vulnerability in clientarea.php in ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-4812 (Cross-site scripting (XSS) vulnerability in nowosci.php in BestShopPro ...)
	NOT-FOR-US: BestShopPro
CVE-2011-4811 (SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows ...)
	NOT-FOR-US: BestShopPro
CVE-2011-4810 (Multiple directory traversal vulnerabilities in WHMCompleteSolution ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2011-4809 (Multiple cross-site scripting (XSS) vulnerabilities in the HM ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4808 (SQL injection vulnerability in the HM Community (com_hmcommunity) ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4807 (Directory traversal vulnerability in main.php in phpAlbum 0.4.1.16 and ...)
	NOT-FOR-US: phpAlbum
CVE-2011-4806 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in ...)
	NOT-FOR-US: phpAlbum
CVE-2011-4805 (Cross-site scripting (XSS) vulnerability in pubDBLogon.jsp in SAP ...)
	NOT-FOR-US: SAP Crystal Report Server
CVE-2011-4804 (Directory traversal vulnerability in the obSuggest (com_obsuggest) ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4803 (SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin ...)
	NOT-FOR-US: WPTouch WordPress plugin
CVE-2011-4802 (Multiple SQL injection vulnerabilities in Dolibarr 3.1.0 RC and ...)
	- dolibarr 3.3.4-1
CVE-2011-4801 (SQL injection vulnerability in akeyActivationLogin.do in Authenex Web ...)
	NOT-FOR-US: Authenex Strong Authentication System
CVE-2011-4800 (Directory traversal vulnerability in Serv-U FTP Server before 11.1.0.5 ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2011-4799
	REJECTED
CVE-2011-4798
	REJECTED
CVE-2011-4797
	REJECTED
CVE-2011-4796
	REJECTED
CVE-2011-4795
	REJECTED
CVE-2011-4794
	REJECTED
CVE-2011-4793
	REJECTED
CVE-2011-4792
	REJECTED
CVE-2011-4791 (DBServer.exe in HP Data Protector Media Operations 6.11 and earlier ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-4790 (Unspecified vulnerability in HP Network Automation 7.5x, 7.6x, 9.0, ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-4789 (Stack-based buffer overflow in magentservice.exe in the server in HP ...)
	NOT-FOR-US: HP Diagnostics
CVE-2011-4788 (Absolute path traversal vulnerability in the web interface on HP ...)
	NOT-FOR-US: HP StorageWorks
CVE-2011-4787 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care ...)
	NOT-FOR-US: HP Easy Printer Care
CVE-2011-4786 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care ...)
	NOT-FOR-US: HP Easy Printer Care
CVE-2011-4785 (Directory traversal vulnerability in the HP-ChaiSOE/1.0 web server on ...)
	NOT-FOR-US: HP-ChaiSOE/1.0 web server
CVE-2011-4784 (The NVIDIA Stereoscopic 3D driver before 7.17.12.7565 does not ...)
	NOT-FOR-US: NVIDIA Windows driver
CVE-2011-4783 (The IDAPython plugin before 1.5.2.3 in IDA Pro allows user-assisted ...)
	NOT-FOR-US: IDA Pro
CVE-2011-4782 (Cross-site scripting (XSS) vulnerability in ...)
	- phpmyadmin 4:3.4.9-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: unlikely exploitation scenario
CVE-2011-4781
	RESERVED
CVE-2011-4780 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- phpmyadmin 4:3.4.9-1 (unimportant)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: unlikely exploitation scenario
CVE-2011-4779
	REJECTED
CVE-2011-4778 (Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 4.2.x ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4777 (Cross-site scripting (XSS) vulnerability in the Site Editor (aka ...)
	NOT-FOR-US: Plesk
CVE-2011-4776 (Multiple cross-site scripting (XSS) vulnerabilities in the Control ...)
	NOT-FOR-US: Plesk
CVE-2011-4775
	RESERVED
CVE-2011-4774
	RESERVED
CVE-2011-5146 (Bokken before 1.6 and 1.5-x before 1.5-3 for Debian allows local users ...)
	- bokken 1.5-3 (bug #651931)
CVE-2012-0120 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0119 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0118 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0117 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	- mysql-5.1 <not-affected> (Only affects MySQL 5.5 from experimental)
CVE-2012-0116 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0115 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0114 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0113 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0112 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0111 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox 4.1.8-dfsg-1 (bug #659950)
	[squeeze] - virtualbox <not-affected> (Vulnerable code not present, see #659950)
CVE-2012-0110 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0109 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0108 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0107 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0106 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0105 (Unspecified vulnerability in the Oracle VM VirtualBox component in ...)
	- virtualbox-guest-additions-iso 4.1.8-1 (bug #659951)
	[squeeze] - virtualbox-guest-additions-iso <not-affected> (Vulnerable code not present, see #659950)
CVE-2012-0104 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...)
	- glassfish <not-affected> (Debian package only builds a few API elements)
CVE-2012-0103 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Oracle Solaris Kernel
CVE-2012-0102 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0101 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0100 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0099 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0098 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0097 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0096 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0095 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0094 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2012-0093 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0092 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0091 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0090 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0089 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0088 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0087 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0086 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0085 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0084 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0083 (Unspecified vulnerability in the Oracle WebCenter Content component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2012-0082 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0081 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.1.1 ...)
	- glassfish <not-affected> (Debian package only builds a few API elements)
CVE-2012-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0079 (Unspecified vulnerability in Oracle OpenSSO 7.1 and 8.0 allows remote ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2012-0078 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0077 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2012-0076 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0075 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2012-0074 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2012-0073 (Unspecified vulnerability in the Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2012-0072 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2012-0071 (Unspecified vulnerability in the Oracle Imaging and Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-4773 (The AnGuanJia (com.anguanjia.safe) application 2.10.343 for Android ...)
	NOT-FOR-US: AnGuanJia (com.anguanjia.safe) application
CVE-2011-4772 (The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android ...)
	NOT-FOR-US: 360 KouXin (com.qihoo360.kouxin) application
CVE-2011-4771 (The Scan to PDF Free (com.scan.to.pdf.trial) application 2.0.4 for ...)
	NOT-FOR-US: Scan to PDF Free (com.scan.to.pdf.trial) application
CVE-2011-4770 (The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not ...)
	NOT-FOR-US: QIWI Wallet (ru.mw) application
CVE-2011-4769 (The 360 MobileSafe (com.qihoo360.mobilesafe) application 2.x before ...)
	NOT-FOR-US: 360 MobileSafe (com.qihoo360.mobilesafe) application
CVE-2011-4768 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small ...)
	NOT-FOR-US: Plesk
CVE-2011-4767 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small ...)
	NOT-FOR-US: Plesk
CVE-2011-4766 (** DISPUTED ** The Site Editor (aka SiteBuilder) feature in Parallels ...)
	NOT-FOR-US: Plesk
CVE-2011-4765 (The Site Editor (aka SiteBuilder) feature in Parallels Plesk Small ...)
	NOT-FOR-US: Plesk
CVE-2011-4764 (Multiple cross-site scripting (XSS) vulnerabilities in the Site Editor ...)
	NOT-FOR-US: Plesk
CVE-2011-4763 (Multiple SQL injection vulnerabilities in the Site Editor (aka ...)
	NOT-FOR-US: Plesk
CVE-2011-4762 (Parallels Plesk Small Business Panel 10.2.0 sends incorrect ...)
	NOT-FOR-US: Plesk
CVE-2011-4761 (Parallels Plesk Small Business Panel 10.2.0 omits the Content-Type ...)
	NOT-FOR-US: Plesk
CVE-2011-4760 (Parallels Plesk Small Business Panel 10.2.0 has web pages containing ...)
	NOT-FOR-US: Plesk
CVE-2011-4759 (Parallels Plesk Small Business Panel 10.2.0 generates web pages ...)
	NOT-FOR-US: Plesk
CVE-2011-4758 (Parallels Plesk Small Business Panel 10.2.0 receives cleartext ...)
	NOT-FOR-US: Plesk
CVE-2011-4757 (Parallels Plesk Small Business Panel 10.2.0 generates a password form ...)
	NOT-FOR-US: Plesk
CVE-2011-4756 (Parallels Plesk Small Business Panel 10.2.0 does not include the ...)
	NOT-FOR-US: Plesk
CVE-2011-4755 (Parallels Plesk Small Business Panel 10.2.0 does not properly validate ...)
	NOT-FOR-US: Plesk
CVE-2011-4754 (Multiple cross-site scripting (XSS) vulnerabilities in Parallels Plesk ...)
	NOT-FOR-US: Plesk
CVE-2011-4753 (Multiple SQL injection vulnerabilities in Parallels Plesk Small ...)
	NOT-FOR-US: Plesk
CVE-2011-4752 (SmarterTools SmarterStats 6.2.4100 sends incorrect Content-Type ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4751 (SmarterTools SmarterStats 6.2.4100 generates web pages containing ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4750 (Multiple cross-site scripting (XSS) vulnerabilities in SmarterTools ...)
	NOT-FOR-US: SmarterTools SmaterStats
CVE-2011-4749 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4748 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4747 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4746 (The billing system for Parallels Plesk Panel 10.3.1_build1013110726.09 ...)
	NOT-FOR-US: Plesk
CVE-2011-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the billing ...)
	NOT-FOR-US: Plesk
CVE-2011-4744 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4743 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4742 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4741 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4740 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4739 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4738 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4737 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4736 (The Control Panel in Parallels Plesk Panel 10.2.0 build 20110407.20 ...)
	NOT-FOR-US: Plesk
CVE-2011-4735 (Multiple cross-site scripting (XSS) vulnerabilities in the Control ...)
	NOT-FOR-US: Plesk
CVE-2011-4734 (Multiple SQL injection vulnerabilities in the Control Panel in ...)
	NOT-FOR-US: Plesk
CVE-2011-4733 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4732 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4731 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4730 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4729 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4728 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4727 (The Server Administration Panel in Parallels Plesk Panel ...)
	NOT-FOR-US: Plesk
CVE-2011-4726 (Multiple cross-site scripting (XSS) vulnerabilities in the Server ...)
	NOT-FOR-US: Plesk
CVE-2011-4725 (Multiple SQL injection vulnerabilities in the Server Administration ...)
	NOT-FOR-US: Plesk
CVE-2011-4724
	RESERVED
CVE-2011-4723 (The D-Link DIR-300 router stores cleartext passwords, which allows ...)
	NOT-FOR-US: D-Link DIR-300 router
CVE-2011-4722 (Directory traversal vulnerability in the TFTP Server 1.0.0.24 in ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2011-4721
	RESERVED
CVE-2011-4720 (Hillstone HS TFTP Server 1.3.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Hillstone HS TFTP Server
CVE-2011-4719 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: Duplicate for chromebooks
CVE-2011-4718 (Session fixation vulnerability in the Sessions subsystem in PHP before ...)
	- php5 5.5.2+dfsg-1 (low)
	[wheezy] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
	[squeeze] - php5 <no-dsa> (Too intrusive to backport, mitigations exists)
	NOTE: 5.5.2 implements strict sessions RFC (https://wiki.php.net/rfc/strict_sessions)
CVE-2011-4717 (Directory traversal vulnerability in zFTPServer Suite 6.0.0.52 allows ...)
	NOT-FOR-US: zFTPServer Suite
CVE-2011-4716 (Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, ...)
	NOT-FOR-US: DreamBox
CVE-2011-4715 (Directory traversal vulnerability in cgi-bin/koha/mainpage.pl in Koha ...)
	- koha <itp> (bug #389876)
CVE-2011-4714 (Directory traversal vulnerability in Virtual Vertex Muster before 6.20 ...)
	NOT-FOR-US: Virtual Vertex Muster
CVE-2011-4713 (Directory traversal vulnerability in catalog/content.php in osCSS2 ...)
	NOT-FOR-US: osCSS2
CVE-2011-4712 (Directory traversal vulnerability in Oxide WebServer allows remote ...)
	NOT-FOR-US: Oxide
CVE-2011-4711 (Multiple directory traversal vulnerabilities in namazu.cgi in Namazu ...)
	- namazu2 <not-affected> (Windows-specific issue)
CVE-2011-4710 (Multiple SQL injection vulnerabilities in Pixie CMS 1.01 through 1.04 ...)
	NOT-FOR-US: Pixie CMS
CVE-2011-4709 (Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in ...)
	NOT-FOR-US: Hotaru
CVE-2011-4708 (Cross-site scripting (XSS) vulnerability in IBM Rational Asset Manager ...)
	NOT-FOR-US: IBM Rational Asset Manager
CVE-2011-4707 (Multiple cross-site scripting (XSS) vulnerabilities in the Virus Scan ...)
	NOT-FOR-US: SAP Netweaver
CVE-2011-4706
	RESERVED
CVE-2011-4705 (The Ming Blacklist Free (vc.software.blacklist) application 1.8.1 and ...)
	NOT-FOR-US: Ming Blacklist Free (vc.software.blacklist) application
CVE-2011-4704 (The Voxofon (com.voxofon) application before 2.5.2 for Android does ...)
	NOT-FOR-US: Voxofon (com.voxofon) application
CVE-2011-4703 (The Limit My Call (com.limited.call.view) application 2.11 for Android ...)
	NOT-FOR-US: Limit My Call (com.limited.call.view) application
CVE-2011-4702 (The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android ...)
	NOT-FOR-US: Nimbuzz (com.nimbuzz) application
CVE-2011-4701 (The CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application 2.0.0 ...)
	NOT-FOR-US: CallConfirm (jp.gr.java_conf.ofnhwx.callconfirm) application
CVE-2011-4700 (The UberMedia UberSocial (com.twidroid) application 7.x before 7.2.4 ...)
	NOT-FOR-US: UberMedia UberSocial (com.twidroid) application
CVE-2011-4699 (The Ubermedia Twidroyd Legacy (com.twidroydlegacy) application 4.3.11 ...)
	NOT-FOR-US: Ubermedia Twidroyd Legacy (com.twidroydlegacy) application
CVE-2011-4698 (The AndroidAppTools Easy Filter (com.phoneblocker.android) application ...)
	NOT-FOR-US: AndroidAppTools Easy Filter (com.phoneblocker.android)
CVE-2011-4697 (The Xiaomi MiTalk Messenger (com.xiaomi.channel) application before ...)
	NOT-FOR-US: Xiaomi MiTalk Messenger (com.xiaomi.channel) application
CVE-2011-4696 (Directory traversal vulnerability in Eye-Fi Helper before 3.4.23 ...)
	NOT-FOR-US: Eye-Fi Helper
CVE-2010-5075 (Integer overflow in aswFW.sys 5.0.594.0 in Avast! Internet Security ...)
	NOT-FOR-US: Avast! Internet Security
CVE-2012-0785 [Jenkins and hash collision attack]
	RESERVED
	- jenkins-winstone 0.9.10-jenkins-31+dfsg-1 (bug #655553)
	- jenkins-executable-war 1.25-1 (bug #655554)
	- jenkins 1.409.3+dfsg-2
CVE-2012-0070
	RESERVED
	NOT-FOR-US: spamdyke not in Debian
CVE-2012-0069 (SQL injection vulnerability in ajax.php in Batavi before 1.2.1 allows ...)
	NOT-FOR-US: batavi not in Debian
CVE-2012-0068 (The lanalyzer_read function in wiretap/lanalyzer.c in Wireshark 1.4.x ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6670
CVE-2012-0067 (wiretap/iptrace.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6668
CVE-2012-0066 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6666
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6667
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6669
CVE-2012-0065 (Heap-based buffer overflow in the receive_packet function in ...)
	- usbmuxd 1.0.7-2 (medium; bug #656581)
	[lenny] - usbmuxd <not-affected> (introduced in 1.0.7)
	[squeeze] - usbmuxd <not-affected> (introduced in 1.0.7)
CVE-2012-0064 (xkeyboard-config before 2.5 in X.Org before 7.6 enables certain XKB ...)
	- xorg-server 2:1.11.3.901-2 (high; bug #656410)
	[squeeze] - xorg-server <not-affected> (introduced in 1.11)
	[lenny] - xorg-server <not-affected> (introduced in 1.11)
	NOTE: actually unfixed in experimental, not marked because of version numbering
CVE-2012-0063
	RESERVED
	- tucan <unfixed> (bug #656388)
	[squeeze] - tucan <no-dsa> (Minor issue)
CVE-2012-0062 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-0061 (The headerLoad function in lib/header.c in RPM before 4.9.1.3 does not ...)
	{DLA-140-1}
	- rpm 4.9.1.3-1 (bug #667031)
	[squeeze] - rpm <no-dsa> (Minor issue)
CVE-2012-0060 (RPM before 4.9.1.3 does not properly validate region tags, which ...)
	{DLA-140-1}
	- rpm 4.9.1.3-1 (bug #667031)
	[squeeze] - rpm <no-dsa> (Minor issue)
CVE-2012-0059 (Spacewalk-backend in Red Hat Network (RHN) Satellite and Proxy 5.4 ...)
	NOT-FOR-US: RHN Satellite
CVE-2012-0058 (The kiocb_batch_free function in fs/aio.c in the Linux kernel before ...)
	- linux-2.6 3.2.2-1
	[wheezy] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
	[squeeze] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
	[lenny] - linux-2.6 <not-affected> (introduced in 3.2-rc1)
CVE-2012-0057 (PHP before 5.3.9 has improper libxslt security settings, which allows ...)
	{DSA-2399-1}
	- php5 5.3.9-1 (bug #656308)
CVE-2012-0056 (The mem_write function in the Linux kernel before 3.2.2, when ASLR is ...)
	- linux-2.6 3.2.1-2
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.39)
	NOTE: fix is http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e268337dfe26dfc7efd422a804dbb27977a3cccc (queued for 3.3)
CVE-2012-0055
	RESERVED
	NOT-FOR-US: overlayfs is not (yet) in the Debian kernel
CVE-2012-0054 (libs/updater.py in GoLismero 0.6.3, and other versions before Git ...)
	NOT-FOR-US: golismero not in Debian
CVE-2012-0053 (protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not ...)
	{DSA-2405-1}
	- apache2 2.2.22-1 (low)
CVE-2012-0052 (Red Hat JBoss Operations Network (JON) before 2.4.2 and 3.0.x before ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-0051
	RESERVED
	- tahoe-lafs <not-affected> (Only affects 1.9.0, not uploaded to the archive)
CVE-2012-0050 (OpenSSL 0.9.8s and 1.0.0f does not properly support DTLS applications, ...)
	{DSA-2392-1}
	- openssl 1.0.0g-1
	NOTE: http://www.openssl.org/news/secadv/20120118.txt
CVE-2012-0049
	RESERVED
	{DSA-2524-1}
	- openttd 1.1.5-1 (low)
	NOTE: http://vcs.openttd.org/svn/changeset/23764
	NOTE: http://security.openttd.org/en/CVE-2012-0049
CVE-2012-0048 (OpenTTD 0.3.5 through 1.1.4 allows remote attackers to cause a denial ...)
	NOTE: contacted MITRE, will be rejected
CVE-2012-0047 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2012-0046 [mediawiki info leak]
	RESERVED
	- mediawiki 1:1.15.5-6 (low; bug #655694)
	[squeeze] - mediawiki 1:1.15.5-2squeeze3
	[lenny] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2012-0045 (The em_syscall function in arch/x86/kvm/emulate.c in the KVM ...)
	{DSA-2443-1}
	- linux-2.6 3.2.2-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2012-0044 (Integer overflow in the drm_mode_dirtyfb_ioctl function in ...)
	- linux-2.6 3.1.5-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2012-0043 (Buffer overflow in the reassemble_message function in ...)
	- wireshark 1.6.5-1
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
CVE-2012-0042 (Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 does not properly ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
CVE-2012-0041 (The dissect_packet function in epan/packet.c in Wireshark 1.4.x before ...)
	{DSA-2395-1}
	- wireshark 1.6.5-1 (unimportant)
	NOTE: Not suitable for code injection
	NOTE: https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6663
CVE-2012-0040 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2387-1}
	- simplesamlphp 1.8.2-1
	NOTE: http://groups.google.com/group/simplesamlphp-announce/browse_thread/thread/cb96723ee3c6751e
CVE-2012-0039 (** DISPUTED ** GLib 2.31.8 and earlier, when the g_str_hash function ...)
	- glib2.0 <unfixed> (unimportant; bug #655044)
CVE-2012-0038 (Integer overflow in the xfs_acl_from_disk function in fs/xfs/xfs_acl.c ...)
	- linux-2.6 3.2.1-1
	[squeeze] - linux-2.6 2.6.32-41
CVE-2012-0037 (Redland Raptor (aka libraptor) before 2.0.7, as used by OpenOffice 3.3 ...)
	{DSA-2438-1}
	- raptor 1.4.21-7.1 (bug #677427)
CVE-2012-0036 (curl and libcurl 7.2x before 7.24.0 do not properly consider special ...)
	{DSA-2398-1}
	- curl 7.24.0-1
	[lenny] - curl <not-affected> (Only affects 7.20.0 to 7.23.1)
	NOTE: http://curl.haxx.se/docs/adv_20120124.html
CVE-2012-0035 (Untrusted search path vulnerability in EDE in CEDET before 1.0.1, as ...)
	- cedet <removed> (low; bug #655299)
	[squeeze] - cedet <no-dsa> (Minor issue)
	- emacs23 23.3+1-5 (low; bug #655300)
	[squeeze] - emacs23 <no-dsa> (Minor issue)
CVE-2012-0034 (The NonManagedConnectionFactory in JBoss Enterprise Application ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2012-0033 (The CBounceDCCMod::OnPrivCTCP function in bouncedcc.cpp in the ...)
	- znc 0.202-2
	[squeeze] - znc <not-affected> (Only affects 0.200 and 0.202)
	[lenny] - znc <not-affected> (Only affects 0.200 and 0.202)
CVE-2012-0032 (Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2012-0031 (scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...)
	{DSA-2405-1}
	- apache2 2.2.22-1 (low)
CVE-2012-0030 (Nova 2011.3 and Essex, when using the OpenStack API, allows remote ...)
	- nova 2012.1~rc1-1
CVE-2012-0029 (Heap-based buffer overflow in the process_tx_desc function in the ...)
	{DSA-2404-1 DSA-2396-1}
	- qemu-kvm 1.0+dfsg-5
	- xen-qemu-dm-4.0 <removed>
	[squeeze] - xen <not-affected> (vulnerable code not present)
	- xen 4.1.3~rc1+hg-20120614.a9c0a89c08f2-1 (medium)
CVE-2012-0028 (The robust futex implementation in the Linux kernel before 2.6.28 does ...)
	- linux-2.6 2.6.32-1
CVE-2012-0027 (The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle ...)
	- openssl 1.0.0f-1
	[lenny] - openssl <not-affected> (no GOST support)
	[squeeze] - openssl <not-affected> (no GOST support)
CVE-2012-0026
	REJECTED
CVE-2012-0025 (Double free vulnerability in the Free_All_Memory function in ...)
	NOT-FOR-US: libfpx
CVE-2012-0024 (MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values ...)
	- maradns 1.4.09-1
	[squeeze] - maradns <no-dsa> (Minor issue)
	[lenny] - maradns <no-dsa> (Minor issue)
	NOTE: a DoS that requires being able to do recursive queries. Allowing recursive queries to the general public is already a security issue to begin with, so this issue can better be addressed in a point update.
CVE-2012-0023 (Double free vulnerability in the get_chunk_header function in ...)
	- vlc 1.1.13-1
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2012-0022 (Apache Tomcat 5.5.x before 5.5.35, 6.x before 6.0.34, and 7.x before ...)
	{DSA-2401-1}
	- tomcat5 <removed>
	- tomcat6 6.0.35-1
	- tomcat7 7.0.23-1
CVE-2012-0021 (The log_cookie function in mod_log_config.c in the mod_log_config ...)
	- apache2 2.2.22-1
	[squeeze] - apache2 <not-affected> (Introduced in 2.2.17)
	[lenny] - apache2 <not-affected> (Introduced in 2.2.17)
CVE-2011-4695 (Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4694 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-4693 (Unspecified vulnerability in Adobe Flash Player 11.1.102.55 on Windows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-4692 (WebKit, as used in Apple Safari 5.1.1 and earlier and Google Chrome 15 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-4691 (Google Chrome 15.0.874.121 and earlier does not prevent capture of ...)
	- chromium-browser 17.0.963.56~r121963-1 (unimportant)
CVE-2011-4690 (Opera 11.60 and earlier does not prevent capture of data about the ...)
	NOT-FOR-US: Opera
CVE-2011-4689 (Microsoft Internet Explorer 6 through 9 does not prevent capture of ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-4688 (Mozilla Firefox 8.0.1 and earlier does not prevent capture of data ...)
	- iceweasel <removed> (unimportant)
CVE-2011-4687 (Opera before 11.60 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-4686 (Unspecified vulnerability in the Web Workers implementation in Opera ...)
	NOT-FOR-US: Opera
CVE-2011-4685 (Dragonfly in Opera before 11.60 allows remote attackers to cause a ...)
	NOT-FOR-US: Opera
CVE-2011-4684 (Opera before 11.60 does not properly handle certificate revocation, ...)
	NOT-FOR-US: Opera
CVE-2011-4683 (Unspecified vulnerability in Opera before 11.60 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2011-4682 (The JavaScript engine in Opera before 11.60 does not properly ...)
	NOT-FOR-US: Opera
CVE-2011-4681 (Opera before 11.60 does not properly consider the number of . (dot) ...)
	NOT-FOR-US: Opera
CVE-2011-4680 (Multiple cross-site scripting (XSS) vulnerabilities in the customer ...)
	NOT-FOR-US: vtiger CRM
CVE-2011-4679 (vtiger CRM before 5.3.0 does not properly recognize the disabled ...)
	NOT-FOR-US: vtiger CRM
CVE-2010-5074 (The layout engine in Mozilla Firefox before 4.0, Thunderbird before ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2010-5073 (The JavaScript implementation in Google Chrome 4 does not properly ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2010-5072 (The JavaScript implementation in Opera 10.5 does not properly restrict ...)
	NOT-FOR-US: Opera
CVE-2010-5071 (The JavaScript implementation in Microsoft Internet Explorer 8.0 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-5070 (The JavaScript implementation in Apple Safari 4 does not properly ...)
	NOT-FOR-US: Safari
CVE-2010-5069 (The Cascading Style Sheets (CSS) implementation in Google Chrome 4 ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2010-5068 (The Cascading Style Sheets (CSS) implementation in Opera 10.5 does not ...)
	NOT-FOR-US: Opera
CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2002-2436 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox ...)
	- iceweasel 4.0-1 (unimportant)
CVE-2002-2435 (The Cascading Style Sheets (CSS) implementation in Microsoft Internet ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-4678 (The password reset feature in One Click Orgs before 1.2.3 generates ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4677 (One Click Orgs before 1.2.3 does not have an off autocomplete ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4676
	RESERVED
CVE-2011-4675 (The pathname canonicalization functionality in ...)
	- widelands 1:15-3 (low)
	NOTE: Nearly a duplicate of CVE-2011-1932.
	NOTE: CVE's SPLIT decision is unclear.
CVE-2011-4674 (SQL injection vulnerability in popup.php in Zabbix 1.8.3 and 1.8.4, ...)
	- zabbix 1:1.8.9-1 (bug #651225)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-4673 (SQL injection vulnerability in modules/sharedaddy.php in the Jetpack ...)
	NOT-FOR-US: Jetpack plugin for Wordpress
CVE-2011-4672 (Multiple SQL injection vulnerabilities in Valid tiny-erp 1.6 and ...)
	NOT-FOR-US: Valid tiny-erp, different from TinyERP, the former name of OpenERP
CVE-2011-4671 (SQL injection vulnerability in adrotate/adrotate-out.php in the ...)
	NOT-FOR-US: Adrorate plugin for Wordpress
CVE-2011-4670 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM ...)
	NOT-FOR-US: vTiger CRM
CVE-2011-4669 (SQL injection vulnerability in wp-users.php in WordPress Users plugin ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4668 (IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers ...)
	NOT-FOR-US: Tivoli
CVE-2011-4667 (The encryption library in Cisco IOS Software 15.2(1)T, 15.2(1)T1, and ...)
	NOT-FOR-US: Cisco
CVE-2011-4666
	RESERVED
CVE-2011-4665
	RESERVED
CVE-2011-4664
	RESERVED
CVE-2011-4663
	RESERVED
CVE-2011-4662
	RESERVED
CVE-2011-4661
	RESERVED
CVE-2011-4660
	RESERVED
CVE-2011-4659 (Cisco TelePresence Software before TE 4.1.1 on the Cisco IP Video ...)
	NOT-FOR-US: Cisco TelePresence Software
CVE-2011-4658
	RESERVED
CVE-2011-4657
	RESERVED
CVE-2011-4656
	RESERVED
CVE-2011-4655
	RESERVED
CVE-2011-4654
	RESERVED
CVE-2011-4653
	RESERVED
CVE-2011-4652
	RESERVED
CVE-2011-4651
	RESERVED
CVE-2011-4650 (Cisco Data Center Network Manager is affected by Excessive Logging ...)
	NOT-FOR-US: Cisco
CVE-2011-4649
	RESERVED
CVE-2011-4648
	RESERVED
CVE-2011-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the story ...)
	NOT-FOR-US: Geeklog
CVE-2011-4646 (SQL injection vulnerability in wp-postratings.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4645
	RESERVED
CVE-2011-4644 (Splunk 4.2.5 and earlier, when a Free license is selected, enables ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4643 (Multiple directory traversal vulnerabilities in Splunk 4.x before ...)
	NOT-FOR-US: Splunk Web
CVE-2011-4642 (mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly ...)
	NOT-FOR-US: Splunk Web
CVE-2003-1597
	RESERVED
CVE-2011-4641
	RESERVED
CVE-2011-4640 (Directory traversal vulnerability in logs-x.php in SpamTitan WebTitan ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4639 (The (1) Traceroute and (2) Ping implementations in tools.php in ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4638 (Multiple SQL injection vulnerabilities in SpamTitan WebTitan before ...)
	NOT-FOR-US: SpamTitan
CVE-2011-4637
	RESERVED
CVE-2011-4636
	RESERVED
CVE-2011-4635
	RESERVED
CVE-2011-4634 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:3.4.8-1 (low)
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-4633
	RESERVED
CVE-2011-4632
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4631
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4630
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4629
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4628
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4627
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4626
	RESERVED
	{DSA-2289-1}
	- typo3-src 4.5.4+dfsg1-1 (bug #635937)
CVE-2011-4625 [simplesamlphp xml encryption issues]
	RESERVED
	{DSA-2330-1}
	- simplesamlphp 1.8.1-1
CVE-2011-4624 (Cross-site scripting (XSS) vulnerability in facebook.php in the GRAND ...)
	NOT-FOR-US: WordPress flash-album-gallery
CVE-2011-4623 (Integer overflow in the rsCStrExtendBuf function in ...)
	- rsyslog 5.7.4-1
	[squeeze] - rsyslog <no-dsa> (Minor issue)
CVE-2011-4622 (The create_pit_timer function in arch/x86/kvm/i8254.c in KVM 83, and ...)
	{DSA-2389-1}
	- linux-2.6 3.1.8-1
CVE-2011-4621 (The Linux kernel before 2.6.37 does not properly implement a certain ...)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.35)
CVE-2011-4620 (Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB ...)
	{DSA-2425-1}
	- plib 1.8.5-5.1 (bug #654785)
CVE-2011-4619 (The Server Gated Cryptography (SGC) implementation in OpenSSL before ...)
	{DSA-2390-1}
	- openssl 1.0.0h-1
CVE-2011-4618 (Cross-site scripting (XSS) vulnerability in advancedtext.php in ...)
	NOT-FOR-US: WordPress advanced-text-widget
CVE-2011-4617 (virtualenv.py in virtualenv before 1.5 allows local users to overwrite ...)
	- python-virtualenv 1.6-1 (low; bug #652653)
	[lenny] - python-virtualenv <no-dsa> (Minor issue)
	[squeeze] - python-virtualenv 1.4.9-3squeeze1
CVE-2011-4616 (Cross-site scripting (XSS) vulnerability in the HTML-Template-Pro ...)
	- libhtml-template-pro-perl 0.9507-1 (low; bug #652587)
	[squeeze] - libhtml-template-pro-perl 0.9502-1+squeeze1
CVE-2011-4615 (Multiple cross-site scripting (XSS) vulnerabilities in Zabbix before ...)
	- zabbix 1:1.8.10-1 (bug #652664)
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-4614 (PHP remote file inclusion vulnerability in ...)
	- typo3-src 4.5.9+dfsg1-1 (bug #652365)
	[squeeze] - typo3-src <not-affected> (Only affects 4.5 onwards)
	[lenny] - typo3-src <not-affected> (Only affects 4.5 onwards)
CVE-2011-4613 (The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu ...)
	{DSA-2364-1}
	- xorg 1:7.6+10 (low; bug #652249)
	[lenny] - xorg <not-affected> (Introduced in 1:7.4~4)
CVE-2011-XXXX [X launcher doesn't drop group privileges]
	- xorg 1:7.6+10 (low)
	[squeeze] - xorg 1:7.5+8+squeeze1
	[lenny] - xorg <no-dsa> (potential privilege handling weakness, no known attack vector)
	NOTE: http://anonscm.debian.org/gitweb/?p=pkg-xorg/debian/xorg.git;a=commitdiff;h=e81b3943be75ca6674867fc7756905490e979522
CVE-2011-4612 (icecast before 2.3.3 allows remote attackers to inject control ...)
	- icecast2 2.3.3-1 (bug #652663)
	[lenny] - icecast2 <no-dsa> (Minor issue)
	[squeeze] - icecast2 <no-dsa> (Minor issue)
	[wheezy] - icecast2 2.3.2-9+deb7u2
CVE-2011-4611 (Integer overflow in the perf_event_interrupt function in ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-1
CVE-2011-4610 (JBoss Web, as used in Red Hat JBoss Communications Platform before ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4609 (The svc_run function in the RPC implementation in glibc before 2.15 ...)
	- eglibc 2.13-33 (low; bug #671478)
	[squeeze] - eglibc 2.11.3-4
CVE-2011-4608 (mod_cluster in JBoss Enterprise Application Platform 5.1.2 for Red Hat ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server)
CVE-2011-4607 (PuTTY 0.59 through 0.61 does not clear sensitive process memory when ...)
	- putty 0.62-1 (unimportant)
	[squeeze] - putty 0.60+2010-02-20-1+squeeze2
	NOTE: DSA-2736-1
	NOTE: http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/password-not-wiped.html
	NOTE: Hardening measure, not a vulnerability
CVE-2011-4606 (Artsoft Entertainment Rocks'n'Diamonds (aka rocksndiamonds) 3.3.0.1 ...)
	- rocksndiamonds 3.3.0.1+dfsg1-2.2 (bug #651620)
	[squeeze] - rocksndiamonds <no-dsa> (Contrib not supported)
	[lenny] - rocksndiamonds <no-dsa> (Contrib not supported)
CVE-2011-4605 (The (1) JNDI service, (2) HA-JNDI service, and (3) HAJNDIFactory ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4604 (The bat_socket_read function in net/batman-adv/icmp_socket.c in the ...)
	- batmand-adv-kernelland <removed>
	[squeeze] - batmand-adv-kernelland <not-affected> (Vulnerable code not present)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4603 (The silc_channel_message function in ops.c in the SILC protocol plugin ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4602 (The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4601 (family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin ...)
	- pidgin 2.10.1-1 (low)
	[squeeze] - pidgin 2.7.3-1+squeeze2
CVE-2011-4600 (The networkReloadIptablesRules function in network/bridge_driver.c in ...)
	- libvirt 0.9.9-1 (low)
	[squeeze] - libvirt <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-4599 (Stack-based buffer overflow in the _canonicalize function in ...)
	{DSA-2397-1}
	- icu 4.8.1.1-3 (bug #654883)
CVE-2011-4598 (The handle_request_info function in channels/chan_sip.c in Asterisk ...)
	{DSA-2367-1}
	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-4597 (The SIP over UDP implementation in Asterisk Open Source 1.4.x before ...)
	{DSA-2367-1}
	- asterisk 1:1.8.8.0~dfsg-1 (bug #651552)
CVE-2011-4596 (Multiple directory traversal vulnerabilities in OpenStack Nova before ...)
	- nova 2012.1~e1-4
CVE-2011-4595
	RESERVED
	NOT-FOR-US: WordPress pretty-link plugin
CVE-2011-4594 (The __sys_sendmsg function in net/socket.c in the Linux kernel before ...)
	- linux-2.6 3.1-1
	[squeeze] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
	[lenny] - linux-2.6 <not-affected> (Introduced and fixed during 3.1 dev cycle)
CVE-2011-4593 (Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4592 (The command-line cron implementation in Moodle 2.0.x before 2.0.6 and ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4591 (Cross-site scripting (XSS) vulnerability in the print_object function ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4590 (The web services implementation in Moodle 2.0.x before 2.0.6 and 2.1.x ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4589 (backup/moodle2/restore_stepslib.php in Moodle 2.0.x before 2.0.6 and ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4588 (The ip_in_range function in mnet/lib.php in MNET in Moodle 1.9.x ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4587 (lib/moodlelib.php in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4586 (CRLF injection vulnerability in calendar/set.php in the Calendar ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4585 (login/change_password.php in Moodle 1.9.x before 1.9.15 does not use ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4584 (The MNET authentication functionality in Moodle 1.9.x before 1.9.15, ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5 (bug #652235)
CVE-2011-4583 (Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3 displays web service ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4582 (Open redirect vulnerability in the Calendar set page in Moodle 2.1.x ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4581 (mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss ...)
	NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-4579 (The svq1_decode_frame function in the SVQ1 decoder (svq1dec.c) in ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commit;h=4931c8f0f10bf8dedcf626104a6b85bfefadc6f2
CVE-2011-4578 (event.c in acpid (aka acpid2) before 2.0.11 does not have an ...)
	{DSA-2362-1}
	- acpid 1:2.0.11-1
CVE-2011-4577 (OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is ...)
	- openssl 1.0.0f-1 (unimportant)
	NOTE: RFC 3779 support has not been enabled at compile time.
CVE-2011-4576 (The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before ...)
	{DSA-2390-1}
	- openssl 1.0.0f-1
CVE-2011-4575 (Cross-site scripting (XSS) vulnerability in the JMX console in JBoss ...)
	NOT-FOR-US: JMX Console
CVE-2011-4574
	RESERVED
CVE-2011-4573 (Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly ...)
	NOT-FOR-US: JBoss Operations Network
CVE-2011-4572 (Cross-site scripting (XSS) vulnerability in inc/tesmodrewite.php in CF ...)
	NOT-FOR-US: CF Image Hosting Script
CVE-2011-4571 (SQL injection vulnerability in the Estate Agent (com_estateagent) ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4570 (SQL injection vulnerability in the Time Returns (com_timereturns) ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4569 (SQL injection vulnerability in userbarsettings.php in the Userbar ...)
	NOT-FOR-US: MyBB extension
CVE-2011-4568 (Cross-site scripting (XSS) vulnerability in view/frontend-head.php in ...)
	NOT-FOR-US: Wordpress extension
CVE-2011-4567 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4566 (Integer overflow in the exif_process_IFD_TAG function in exif.c in the ...)
	{DSA-2399-1}
	- php5 5.3.9-1
CVE-2011-4565 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.5.1.a, ...)
	NOT-FOR-US: XOOPS
CVE-2011-4564 (Cross-site scripting (XSS) vulnerability in the admin script in Active ...)
	NOT-FOR-US: Active CMS
CVE-2011-4563 (Cross-site scripting (XSS) vulnerability in index.php in JAKCMS ...)
	NOT-FOR-US: JAKCMS
CVE-2011-4562 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4561 (Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 ...)
	NOT-FOR-US: Phorum
CVE-2011-4560 (Cross-site scripting (XSS) vulnerability in the Petition Node module ...)
	NOT-FOR-US: Petition node module for Drupal
CVE-2011-4559 (SQL injection vulnerability in the Calendar module in vTiger CRM 5.2.1 ...)
	NOT-FOR-US: vTiger
CVE-2011-4558
	RESERVED
	- tikiwiki <removed>
	NOTE: http://dev.tiki.org/item4059
	NOTE: http://info.tiki.org/article185-Tiki-Security-Patches-Available-for-8-3-and-6-6-LTS
CVE-2011-4557
	RESERVED
CVE-2011-4556
	RESERVED
CVE-2011-4555 (One Click Orgs before 1.2.3 does not require unique e-mail addresses ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4554 (One Click Orgs before 1.2.3 allows remote authenticated users to ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4553 (Multiple open redirect vulnerabilities in One Click Orgs before 1.2.3 ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4552 (Multiple cross-site scripting (XSS) vulnerabilities in One Click Orgs ...)
	NOT-FOR-US: One Click Orgs
CVE-2011-4551 (Cross-site scripting (XSS) vulnerability in tiki-cookie-jar.php in ...)
	- tikiwiki <removed>
CVE-2011-4550
	RESERVED
CVE-2011-4549
	RESERVED
CVE-2010-5067 (Virtual War (aka VWar) 1.6.1 R2 uses static session cookies that ...)
	NOT-FOR-US: Virtual War
CVE-2010-5066 (The createRandomPassword function in includes/functions_common.php in ...)
	NOT-FOR-US: Virtual War
CVE-2010-5065 (popup.php in Virtual War (aka VWar) 1.6.1 R2 allows remote attackers ...)
	NOT-FOR-US: Virtual War
CVE-2010-5064 (Multiple cross-site scripting (XSS) vulnerabilities in Virtual War ...)
	NOT-FOR-US: Virtual War
CVE-2010-5063 (SQL injection vulnerability in article.php in Virtual War (aka VWar) ...)
	NOT-FOR-US: Virtual War
CVE-2011-4548 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: duplicate for chromebooks
CVE-2011-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4546
	RESERVED
CVE-2011-4545 (CRLF injection vulnerability in admin/displayImage.php in Prestashop ...)
	NOT-FOR-US: Prestashop
CVE-2011-4544 (Multiple cross-site scripting (XSS) vulnerabilities in Prestashop ...)
	NOT-FOR-US: Prestashop
CVE-2011-4543 (Multiple directory traversal vulnerabilities in osCommerce 3.0.2 allow ...)
	NOT-FOR-US: osCommerce
CVE-2011-4542 (Hastymail2 2.1.1 before RC2 allows remote attackers to execute ...)
	- hastymail <removed>
CVE-2011-4541 (Cross-site scripting (XSS) vulnerability in index.php in Hastymail2 ...)
	- hastymail <removed>
CVE-2011-4540 (Multiple cross-site scripting (XSS) vulnerabilities in AtMail Open ...)
	- atmailopen <removed>
CVE-2011-4539 (dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 ...)
	{DSA-2519-2 DSA-2519-1}
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- isc-dhcp 4.2.2.dfsg.1-5 (bug #652259; low)
CVE-2011-4538
	RESERVED
CVE-2011-4537 (Multiple buffer overflows in 7-Technologies (7T) Interactive Graphical ...)
	NOT-FOR-US: 7-Technologies IGSS
CVE-2011-4536 (Heap-based buffer overflow in nettransdll.dll in HistorySvr.exe (aka ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-4535 (Buffer overflow in TurboPower Abbrevia before 4.0, as used in ScadaTEC ...)
	NOT-FOR-US: TurboPower Abbrevia
CVE-2011-4534 (ZenSysSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows ...)
	NOT-FOR-US: COPA-DATA
CVE-2011-4533 (zenAdminSrv.exe in Ing. Punzenberger COPA-DATA zenon 6.51 SP0 allows ...)
	NOT-FOR-US: COPA-DATA
CVE-2011-4532 (Absolute path traversal vulnerability in the ALMListView.ALMListCtrl ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4531 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4530 (Siemens Automation License Manager (ALM) 4.0 through 5.1+SP1+Upd1 does ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4529 (Multiple buffer overflows in Siemens Automation License Manager (ALM) ...)
	NOT-FOR-US: Siemens Automation License Manager
CVE-2011-4528 (Unbound before 1.4.13p2 attempts to free unallocated memory during ...)
	{DSA-2370-1}
	- unbound 1.4.14-1 (medium)
CVE-2011-4527
	RESERVED
CVE-2011-4526 (Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4525 (Advantech/BroadWin WebAccess before 7.0 allows remote attackers to ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4524 (Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4523 (Cross-site scripting (XSS) vulnerability in bwview.asp in ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4522 (Cross-site scripting (XSS) vulnerability in bwerrdn.asp in ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4521 (SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 ...)
	NOT-FOR-US: Advantech/BroadWin WebAccess
CVE-2011-4520 (Heap-based buffer overflow in an ActiveX component in MICROSYS ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4519 (Stack-based buffer overflow in an ActiveX component in MICROSYS ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4518 (Directory traversal vulnerability in the PmWebDir object in the web ...)
	NOT-FOR-US: MICROSYS PROMOTIC
CVE-2011-4517 (The jpc_crg_getparms function in libjasper/jpc/jpc_cs.c in JasPer ...)
	{DSA-2371-1}
	- jasper 1.900.1-13 (bug #652649)
	- ghostscript 8.64~dfsg-2
	NOTE: ghostscript using system jasper since this version
CVE-2011-4516 (Heap-based buffer overflow in the jpc_cox_getcompparms function in ...)
	{DSA-2371-1}
	- jasper 1.900.1-13 (bug #652649)
	- ghostscript 8.64~dfsg-2
	NOTE: ghostscript using system jasper since this version
CVE-2011-4515 (Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4514 (The TELNET daemon in Siemens WinCC flexible 2004, 2005, 2007, and ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4513 (Siemens WinCC flexible 2004, 2005, 2007, and 2008; WinCC V11 (aka TIA ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4512 (CRLF injection vulnerability in the HMI web server in Siemens WinCC ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4511 (Cross-site scripting (XSS) vulnerability in the HMI web server in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4510 (Cross-site scripting (XSS) vulnerability in the HMI web server in ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4509 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and ...)
	NOT-FOR-US: Siemens WinCC
CVE-2011-4508 (The HMI web server in Siemens WinCC flexible 2004, 2005, 2007, and ...)
	NOT-FOR-US: Siemens WinCC
CVE-2010-5062 (SQL injection vulnerability in search.php in MH Products ...)
	NOT-FOR-US: MH Products kleinanzeigenmarkt
CVE-2010-5061 (SQL injection vulnerability in index.php in RSStatic allows remote ...)
	NOT-FOR-US: RSStatic
CVE-2010-5060 (SQL injection vulnerability in Nus.php in NUs Newssystem 1.02 allows ...)
	NOT-FOR-US: NUs Newssystem
CVE-2010-5059 (SQL injection vulnerability in index.php in CMScout 2.0.8 allows ...)
	NOT-FOR-US: CMScout
CVE-2010-5058 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 ...)
	NOT-FOR-US: CMS Ariadna
CVE-2010-5057 (SQL injection vulnerability in detResolucion.php in CMS Ariadna 1.1 ...)
	NOT-FOR-US: CMS Ariadna
CVE-2010-5056 (SQL injection vulnerability in the GBU Facebook (com_gbufacebook) ...)
	NOT-FOR-US: GBU Facebook
CVE-2010-5055 (SQL injection vulnerability in index.php in Almnzm 2.1 allows remote ...)
	NOT-FOR-US: Almnzm
CVE-2010-5054 (Cross-site scripting (XSS) vulnerability in Special:Login in JAMWiki ...)
	NOT-FOR-US: JAMWiki
CVE-2010-5053 (SQL injection vulnerability in the XOBBIX (com_xobbix) component 1.0.1 ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5052 (Cross-site scripting (XSS) vulnerability in admin/components.php in ...)
	NOT-FOR-US: GetSimple CMS
CVE-2010-5051 (Cross-site scripting (XSS) vulnerability in admin/core/admin_func.php ...)
	NOT-FOR-US: razorCMS
CVE-2010-5050 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ManageEngine ADManager Plus
CVE-2010-5049 (SQL injection vulnerability in events.php in Zabbix 1.8.1 and earlier ...)
	- zabbix  1:1.8.2-1
CVE-2010-5048 (Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5047 (SQL injection vulnerability in page.php in V-EVA Press Release Script ...)
	NOT-FOR-US: V-EVA Press Release Script
CVE-2010-5046 (Cross-site scripting (XSS) vulnerability in admin.php in ecoCMS allows ...)
	NOT-FOR-US: ecoCMS
CVE-2011-4507 (The D-Link DIR-685 router, when certain WPA and WPA2 configurations ...)
	NOT-FOR-US: D-Link DIR-685 router
CVE-2011-4506 (The UPnP IGD implementation on the Thomson (aka Technicolor) TG585 ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4505 (The UPnP IGD implementation on SpeedTouch 5x6 devices with firmware ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4504 (The UPnP IGD implementation in the Pseudo ICS UPnP software on the ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4503 (The UPnP IGD implementation in Broadcom Linux on the Sitecom WL-111 ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4502 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4501 (The UPnP IGD implementation in Edimax EdiLinux on the Edimax BR-6104K ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4500 (The UPnP IGD implementation on the Cisco Linksys WRT54GX with firmware ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4499 (The UPnP IGD implementation in the Broadcom UPnP stack on the Cisco ...)
	NOT-FOR-US: hardware device with broken UPnP UGD implementation
CVE-2011-4498 (Cross-site request forgery (CSRF) vulnerability in the web console in ...)
	NOT-FOR-US: Zenprise Device Manager
CVE-2011-4497 (QIS_wizard.htm on the ASUS RT-N56U router with firmware before ...)
	NOT-FOR-US: Asus device
CVE-2011-4496 (Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers ...)
	NOT-FOR-US: Aviosoft DTV Player
CVE-2011-4495
	RESERVED
CVE-2011-4494
	RESERVED
CVE-2011-4493
	RESERVED
CVE-2011-4492
	RESERVED
CVE-2011-4491
	RESERVED
CVE-2011-4490
	RESERVED
CVE-2011-4489
	RESERVED
CVE-2011-4488
	RESERVED
CVE-2011-4487 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-4486 (Cisco Unified Communications Manager (CUCM) with software 6.x and 7.x ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-4485
	RESERVED
CVE-2011-4484
	RESERVED
CVE-2011-4483
	RESERVED
CVE-2011-4482
	RESERVED
CVE-2011-4481
	RESERVED
CVE-2011-4480
	RESERVED
CVE-2011-4479
	RESERVED
CVE-2011-4478
	RESERVED
CVE-2011-4477
	RESERVED
CVE-2011-4476
	RESERVED
CVE-2011-4475
	RESERVED
CVE-2011-4474
	RESERVED
CVE-2011-4473
	RESERVED
CVE-2011-4472
	RESERVED
CVE-2011-4471
	RESERVED
CVE-2011-4470
	RESERVED
CVE-2011-4469
	RESERVED
CVE-2011-4468
	RESERVED
CVE-2011-4467
	RESERVED
CVE-2011-4466
	RESERVED
CVE-2011-4465 (Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2011-4464
	RESERVED
CVE-2011-4463
	RESERVED
CVE-2011-4462 (Plone 4.1.3 and earlier computes hash values for form parameters ...)
	- plone3 <removed>
CVE-2011-4461 (Jetty 8.1.0.RC2 and earlier computes hash values for form parameters ...)
	- jetty 6.1.26-1
	[squeeze] - jetty <no-dsa> (Minor issue)
CVE-2011-4460 (SQL injection vulnerability in Best Practical Solutions RT 2.x and 3.x ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4459 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4458 (Best Practical Solutions RT 3.6.x, 3.7.x, and 3.8.x before 3.8.12 and ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-4457 (OWASP HTML Sanitizer (aka owasp-java-html-sanitizer) before 88, when ...)
	NOT-FOR-US: OWASP HTML Sanitizer
CVE-2011-4456
	REJECTED
CVE-2011-4455
	RESERVED
	- tikiwiki <removed>
	NOTE: http://secunia.com/advisories/46740/
CVE-2011-4454
	RESERVED
	- tikiwiki <removed>
	NOTE: http://secunia.com/advisories/46740/
CVE-2011-4453 (The PageListSort function in scripts/pagelist.php in PmWiki 2.x before ...)
	- pmwiki <itp> (bug #330117)
CVE-2011-4452 (Cross-site request forgery (CSRF) vulnerability in the AdminUsers ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4451 (** DISPUTED ** libs/Wakka.class.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4450 (Directory traversal vulnerability in handlers/files.xml/files.xml.php ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4449 (actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when ...)
	NOT-FOR-US: WikkaWiki
CVE-2011-4448 (SQL injection vulnerability in actions/usersettings/usersettings.php ...)
	NOT-FOR-US: WikkaWiki
CVE-2008-7303 (The nonet and nointernet sandbox profiles in Apple Mac OS X 10.5.x do ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-4447 (The &quot;encrypt wallet&quot; feature in wxBitcoin and bitcoind 0.4.x before ...)
	- bitcoin 0.5.1-1
CVE-2011-4446
	RESERVED
CVE-2011-4445
	RESERVED
CVE-2011-4444
	RESERVED
CVE-2011-4443
	RESERVED
CVE-2011-4442
	RESERVED
CVE-2011-4441
	RESERVED
CVE-2011-4440
	RESERVED
CVE-2011-4439
	RESERVED
CVE-2011-4438
	RESERVED
CVE-2011-4437
	RESERVED
CVE-2012-0020 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2012-0019 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2012-0018 (Microsoft Visio Viewer 2010 Gold and SP1 does not properly validate ...)
	NOT-FOR-US: Microsoft Visio
CVE-2012-0017 (Cross-site scripting (XSS) vulnerability in inplview.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2012-0016 (Untrusted search path vulnerability in Microsoft Expression Design; ...)
	NOT-FOR-US: Microsoft Expression Design
CVE-2012-0015 (Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not properly calculate ...)
	NOT-FOR-US: Microsoft
CVE-2012-0014 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4, and Silverlight 4 ...)
	NOT-FOR-US: Microsoft
CVE-2012-0013 (Incomplete blacklist vulnerability in the Windows Packager ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0012 (Microsoft Internet Explorer 9 does not properly handle the creation ...)
	NOT-FOR-US: Microsoft
CVE-2012-0011 (Microsoft Internet Explorer 7 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2012-0010 (Microsoft Internet Explorer 6 through 9 does not properly perform ...)
	NOT-FOR-US: Microsoft
CVE-2012-0009 (Untrusted search path vulnerability in the Windows Object Packager ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0008 (Untrusted search path vulnerability in Microsoft Visual Studio 2008 ...)
	NOT-FOR-US: Microsoft Visual Studio 2008
CVE-2012-0007 (The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 ...)
	NOT-FOR-US: Microsoft Anti-Cross Site Scripting Library
CVE-2012-0006 (The DNS server in Microsoft Windows Server 2003 SP2 and Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0005 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0004 (Unspecified vulnerability in DirectShow in DirectX in Microsoft ...)
	NOT-FOR-US: DirectX
CVE-2012-0003 (Unspecified vulnerability in winmm.dll in Windows Multimedia Library ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0002 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2012-0001 (The kernel in Microsoft Windows XP SP2, Windows Server 2003 SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4436 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4435 (The web-server component in the Consolidation and Analysis Engine ...)
	NOT-FOR-US: IBM DB2
CVE-2011-4434 (Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-4433
	REJECTED
CVE-2011-4432 (www/include/configuration/nconfigObject/contact/DB-Func.php in ...)
	NOT-FOR-US: Merethis Centreon
CVE-2011-4431 (Directory traversal vulnerability in main.php in Merethis Centreon ...)
	NOT-FOR-US: Merethis Centreon
CVE-2011-4430
	REJECTED
CVE-2011-4429
	REJECTED
CVE-2011-4428
	REJECTED
CVE-2011-4427
	REJECTED
CVE-2011-4426
	REJECTED
CVE-2011-4425
	REJECTED
CVE-2011-4424
	REJECTED
CVE-2011-4423
	REJECTED
CVE-2011-4422
	REJECTED
CVE-2011-4421
	REJECTED
CVE-2011-4420
	REJECTED
CVE-2011-4419
	REJECTED
CVE-2011-4418
	REJECTED
CVE-2011-4417
	REJECTED
CVE-2011-4416
	REJECTED
CVE-2011-4415 (The ap_pregsub function in server/util.c in the Apache HTTP Server ...)
	- apache2 2.4.1-1 (unimportant)
	NOTE: apache2 does not protect or claim to protect against DoS through .htaccess
CVE-2011-4414
	REJECTED
CVE-2011-4413
	REJECTED
CVE-2011-4412
	REJECTED
CVE-2011-4411
	REJECTED
CVE-2011-4410
	REJECTED
CVE-2011-4409 (The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 ...)
	NOT-FOR-US: Ubuntu One
CVE-2011-4408 (The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and ...)
	- ubuntu-sso-client <removed> (bug #680492)
CVE-2011-4407 (ppa.py in Software Properties before 0.81.13.3 does not validate the ...)
	- software-properties 0.76.7debian2+nmu2
	[squeeze] - software-properties <not-affected> (Vulnerable code not present)
	[lenny] - software-properties <not-affected> (Vulnerable code not present)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/software-properties/+bug/915210/
CVE-2011-4406 (The Ubuntu AccountsService package before 0.6.14-1git1ubuntu1.1 does ...)
	- accountsservice 0.6.15-3
CVE-2011-4405 (The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and ...)
	- system-config-printer 1.3.7-1 (low; bug #651204)
	[squeeze] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-4404 (The default configuration of the HTTP server in Jetty in vSphere ...)
	- jetty 6.1.19-1 (low; bug #528389)
	NOTE: duplicate of CVE-2009-1523
CVE-2011-4403 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart ...)
	NOT-FOR-US: Zen Cart
CVE-2011-4402
	REJECTED
CVE-2011-4401
	REJECTED
CVE-2011-4400
	REJECTED
CVE-2011-4399
	REJECTED
CVE-2011-4398
	REJECTED
CVE-2011-4397
	REJECTED
CVE-2011-4396
	REJECTED
CVE-2011-4395
	REJECTED
CVE-2011-4394
	REJECTED
CVE-2011-4393
	REJECTED
CVE-2011-4392
	REJECTED
CVE-2011-4391
	REJECTED
CVE-2011-4390
	REJECTED
CVE-2011-4389
	REJECTED
CVE-2011-4388
	REJECTED
CVE-2011-4387
	REJECTED
CVE-2011-4386
	REJECTED
CVE-2011-4385
	REJECTED
CVE-2011-4384
	REJECTED
CVE-2011-4383
	REJECTED
CVE-2011-4382
	REJECTED
CVE-2011-4381
	REJECTED
CVE-2011-4380
	REJECTED
CVE-2011-4379
	REJECTED
CVE-2011-4378
	REJECTED
CVE-2011-4377
	REJECTED
CVE-2011-4376
	REJECTED
CVE-2011-4375
	REJECTED
CVE-2011-4374 (Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-4373 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4372 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4371 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4370 (Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4369 (Unspecified vulnerability in the PRC component in Adobe Reader and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-4368 (Cross-site scripting (XSS) vulnerability in Remote Development ...)
	NOT-FOR-US: Adobe Cold Fusion
CVE-2011-4367 (Multiple directory traversal vulnerabilities in MyFaces JavaServer ...)
	- mojarra <not-affected> (The Debian package only ships some API classes)
CVE-2011-4366
	REJECTED
CVE-2011-4365
	REJECTED
CVE-2011-4364 (Buffer overflow in the Sierra VMD decoder in libavcodec in FFmpeg ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://www.usenix.org/events/woot11/tech/final_files/Yamaguchi.pdf
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=494cfacdb9ba3f0549e37f76b3a2f86a7aeeac3c
CVE-2011-4363 (ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when ...)
	- libproc-processtable-perl 0.45-6 (low; bug #650500)
	[squeeze] - libproc-processtable-perl 0.45-1+squeeze1
CVE-2011-4362 (Integer signedness error in the base64_decode function in the HTTP ...)
	{DSA-2368-1}
	- lighttpd 1.4.30-1 (low; bug #652726)
	NOTE: http://openwall.com/lists/oss-security/2011/11/29/8
	NOTE: http://redmine.lighttpd.net/issues/2370
	NOTE: the announcement says that the debian package is not affected, but there are no additional patches that would cause different behavior (i.e. the base64_reverse_table is the same in debian and upstream), so if upstream is affected, so too is the debian package
CVE-2011-4361 (MediaWiki before 1.17.1 does not check for read permission before ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-4 (bug #650434)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4360 (MediaWiki before 1.17.1 allows remote attackers to obtain the page ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-4 (bug #650434)
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2011-November/000104.html
CVE-2011-4359 [MyFaces - includeViewParameters re-evaluates param/model values as EL expressions]
	REJECTED
CVE-2011-4358 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 3.0.1 ...)
	{DSA-2359-1}
	- mojarra 2.0.3-2 (bug #650430)
CVE-2011-4357 (Format string vulnerability in the p_cgi_error function in ...)
	{DSA-2355-1}
	- clearsilver 0.10.5-1.3 (bug #649322)
CVE-2011-4356 (Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before ...)
	- celery 2.4.6-1
	- django-celery <not-affected> (Vulnerable code not present)
CVE-2011-4355 (GNU Project Debugger (GDB) before 7.5, when .debug_gdb_scripts is ...)
	- gdb <unfixed> (unimportant)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=703238
CVE-2011-4354 (crypto/bn/bn_nist.c in OpenSSL before 0.9.8h on 32-bit platforms, as ...)
	{DSA-2390-1}
	- openssl 0.9.8o-4squeeze3 (bug #650621)
CVE-2011-4353 (The (1) av_image_fill_pointers, (2) vp5_parse_coeff, and (3) ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=67a7ed6
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=c76505e
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=30c08e2
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=7367cbe
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=28acce2
CVE-2011-4352 (Integer overflow in the vp3_dequant function in the VP3 decoder ...)
	- libav 4:0.7.3-1
	- ffmpeg <not-affected> (Was introduced in 0.6)
	- ffmpeg-debian <not-affected> (Was introduced in 0.6)
	NOTE: http://article.gmane.org/gmane.comp.video.libav.devel/15182
CVE-2011-4351 (Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x ...)
	{DSA-2378-1}
	- libav 4:0.7.3-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=a31ccacb1a9b2abc0e140a812fb0ffca6f7c2591
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=0d93d5c4614fafea74bdac681673f5b32eb49063
	NOTE: http://git.libav.org/?p=libav.git;a=commitdiff;h=73472053516f82b7d273a3d42c583f894077a191
CVE-2011-4350
	RESERVED
	- yaws 1.91-2 (bug #650009)
	[lenny] - yaws <not-affected> (Vulnerable code not present)
	[squeeze] - yaws <not-affected> (Vulnerable code not present)
CVE-2011-4349 (Multiple SQL injection vulnerabilities in (1) cd-mapping-db.c and (2) ...)
	- colord 0.1.15-1 (medium; bug #650021)
CVE-2011-4348 (Race condition in the sctp_rcv function in net/sctp/input.c in the ...)
	- linux-2.6 <not-affected> (Incomplete fix for RHEL5-specific backport regression)
	NOTE: incomplete fix for CVE-2011-2482
CVE-2011-4347 (The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in ...)
	{DSA-2443-1}
	- linux-2.6 <removed>
CVE-2011-4346 (Cross-site scripting (XSS) vulnerability in the web interface in Red ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2011-4345 (Cross-site scripting (XSS) vulnerability in Namazu before 2.0.21, when ...)
	- namazu2 2.0.21-1 (low)
	[squeeze] - namazu2 <no-dsa> (Minor issue)
CVE-2011-4344 (Cross-site scripting (XSS) vulnerability in Jenkins Core in Jenkins ...)
	- jenkins-winstone 0.9.10-jenkins-29+dfsg-1  (bug #649900)
CVE-2011-4343 (Information disclosure vulnerability in Apache MyFaces Core 2.0.1 ...)
	NOT-FOR-US: Apache MyFaces
CVE-2011-4342 (PHP remote file inclusion vulnerability in wp_xml_export.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-4341 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: Symphony CMS
CVE-2011-4340 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...)
	NOT-FOR-US: Symphony CMS
CVE-2011-4339 (ipmievd (aka the IPMI event daemon) in OpenIPMI, as used in the ...)
	{DSA-2376-2 DSA-2376-1}
	- ipmitool 1.8.11-5 (bug #651917)
CVE-2011-4338
	RESERVED
	NOT-FOR-US: Arch-Linux specific tool
CVE-2011-4337 (Static code injection vulnerability in translate.php in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-4336
	RESERVED
	NOT-FOR-US: Tiki Wiki
CVE-2011-4335 (Multiple cross-site scripting (XSS) vulnerabilities in Contao before ...)
	NOT-FOR-US: Contao
CVE-2011-4334 (edit.php in LabWiki 1.1 and earlier does not properly verify uploaded ...)
	NOT-FOR-US: LabWiki
CVE-2011-4333 (Multiple cross-site scripting (XSS) vulnerabilities in LabWiki 1.1 and ...)
	NOT-FOR-US: LabWiki
CVE-2011-4332 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.6.3 ...)
	NOT-FOR-US: Joomla
CVE-2011-4331
	REJECTED
CVE-2011-4330 (Stack-based buffer overflow in the hfs_mac2asc function in ...)
	- linux-2.6 3.1.4-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4329 (Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr 3.1.0 ...)
	- dolibarr 3.3.4-1 (low)
CVE-2011-4328 (plugin/npapi/plugin.cpp in Gnash before 0.8.10 uses weak permissions ...)
	{DSA-2435-1}
	- gnash 0.8.10-1 (low; bug #649384)
CVE-2011-4327 (ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain ...)
	- openssh <not-affected> (Only affects platforms w/o /dev/random)
	NOTE: http://www.openssh.com/txt/portable-keysign-rand-helper.adv
CVE-2011-4326 (The udp6_ufo_fragment function in net/ipv6/udp.c in the Linux kernel ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-40
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-4325 (The NFS implementation in Linux kernel before 2.6.31-rc6 calls certain ...)
	- linux-2.6 2.6.32-1
CVE-2011-4324 (The encode_share_access function in fs/nfs/nfs4xdr.c in the Linux ...)
	- linux-2.6 <not-affected> (RHEL5-specific backport error)
CVE-2011-4323
	REJECTED
CVE-2011-4322
	RESERVED
	NOT-FOR-US: websitebaker
CVE-2011-4321 (The password reset functionality in Joomla! 1.5.x through 1.5.24 uses ...)
	NOT-FOR-US: Joomla
CVE-2011-4320 (The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and ...)
	- ejabberd 2.1.9-1 (low)
	[squeeze] - ejabberd <no-dsa> (Only triggerable with malformed config file)
	NOTE: https://support.process-one.net/browse/EJAB-1498
CVE-2011-4319 (Cross-site scripting (XSS) vulnerability in the i18n translations ...)
	- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-4318 (Dovecot 2.0.x before 2.0.16, when ssl or starttls is enabled and ...)
	- dovecot 1:2.0.18-1 (unimportant; bug #649511)
	NOTE: Additional hardening
CVE-2011-4317 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...)
	{DSA-2405-1}
	- apache2 2.2.21-3
	NOTE: Related to CVE-2011-3368 and CVE-2011-3639 but a different issue
CVE-2011-4316 (Red Hat Enterprise Virtualization Manager (RHEV-M) before 3.1, in ...)
	NOT-FOR-US: ovirt
	NOTE: While the Red Hat advisory refers to SPICE, this is a vulnerability in
	NOTE: the server-side ovirt logic (contacted Red Hat for clarification)
CVE-2011-4315 (Heap-based buffer overflow in compression-pointer processing in ...)
	- nginx 1.1.8-1 (low)
	[squeeze] - nginx 0.7.67-3+squeeze1
	[lenny] - nginx <no-dsa> (Minor issue)
	NOTE: http://trac.nginx.org/nginx/changeset/4268/nginx
CVE-2011-4314 (message/ax/AxMessage.java in OpenID4Java before 0.9.6 final, as used ...)
	- openid4java 0.9.6.662-1
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-4313 (query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, ...)
	{DSA-2347-1}
	- bind9 1:9.8.1.dfsg.P1-1 (high; bug #649099)
CVE-2011-4312 (Multiple cross-site scripting (XSS) vulnerabilities in the commenting ...)
	NOT-FOR-US: Review Board
CVE-2011-4311 (ResourceSpace before 4.2.2833 does not properly validate access keys, ...)
	NOT-FOR-US: ResourceSpace
CVE-2011-4310
	RESERVED
	- cmsms <itp> (bug #608888)
CVE-2011-4309 (Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4308 (mod/forum/user.php in Moodle 1.9.x before 1.9.14, 2.0.x before 2.0.5, ...)
	{DSA-2421-1}
	- moodle 1.9.9.dfsg2-5
CVE-2011-4307 (Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4306 (Cross-site scripting (XSS) vulnerability in course/editsection.html in ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4305 (message/refresh.php in Moodle 1.9.x before 1.9.14 allows remote ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4304 (The chat functionality in Moodle 2.0.x before 2.0.5 and 2.1.x before ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4303 (lib/db/upgrade.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4302 (mnet/xmlrpc/client.php in MNET in Moodle 1.9.x before 1.9.14, 2.0.x ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4301 (The MoodleQuickForm class in the Forms Library in lib/formslib.php in ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4300 (The file_browser component in Moodle 2.0.x before 2.0.5 and 2.1.x ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4299 (Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4298 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4297 (comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4296 (lib/db/access.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4295 (The moodle_enrol_external:role_assign function in ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4294 (The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x ...)
	{DSA-2338-1}
	- moodle 1.9.9.dfsg2-4
CVE-2011-4293 (The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4292 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4291 (Moodle 2.0.x before 2.0.3 allows remote authenticated users to cause a ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4290 (Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4289 (Moodle 2.0.x before 2.0.3 does not recognize the configuration setting ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4288 (Moodle 1.9.x before 1.9.12 and 2.0.x before 2.0.3 does not properly ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4287 (admin/uploaduser_form.php in Moodle 2.0.x before 2.0.3 does not force ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4286 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4285 (The default configuration of Moodle 2.0.x before 2.0.2 has an ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4284 (Moodle 2.0.x before 2.0.2 allows remote attackers to obtain sensitive ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4283 (Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 places an IMS ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4282 (Multiple cross-site scripting (XSS) vulnerabilities in the course-tags ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4281 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4280 (Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4279 (Moodle 2.0.x before 2.0.2 does not use the forceloginforprofiles ...)
	- moodle <not-affected> (Only affects 2.x)
CVE-2011-4278 (Cross-site scripting (XSS) vulnerability in the tag autocomplete ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4277 (Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum ...)
	NOT-FOR-US: CourseForum
CVE-2011-4276 (The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) ...)
	NOT-FOR-US: Android
CVE-2011-4275 (Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT ...)
	NOT-FOR-US: IT Operations Portal
CVE-2011-4274 (Cross-site scripting (XSS) vulnerability in the A-Form PC and ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-4273 (Multiple cross-site scripting (XSS) vulnerabilities in GoAhead ...)
	NOT-FOR-US: GoAhead Webserver
CVE-2011-4272
	REJECTED
CVE-2011-4271
	REJECTED
CVE-2011-4270
	REJECTED
CVE-2011-4269
	REJECTED
CVE-2011-4268
	REJECTED
CVE-2011-4267
	REJECTED
CVE-2011-4266 (Untrusted search path vulnerability in FFFTP before 1.98d allows local ...)
	NOT-FOR-US: FFFTP
CVE-2011-4265 (Cross-site scripting (XSS) vulnerability in phpWebSite before 1.0.0 ...)
	NOT-FOR-US: phpWebSite
CVE-2011-4264 (Cross-site scripting (XSS) vulnerability in Etomite before 1.1 allows ...)
	NOT-FOR-US: Etomite
CVE-2011-4263 (Cross-site scripting (XSS) vulnerability in Schneider Electric ...)
	NOT-FOR-US: Schneider Electric PowerChute Business Edition
CVE-2010-5045 (Cross-site scripting (XSS) vulnerability in poll/default.asp in Smart ...)
	NOT-FOR-US: Smart ASP Survey
CVE-2010-5044 (SQL injection vulnerability in models/log.php in the Search Log ...)
	NOT-FOR-US: Search log Joomla addon
CVE-2010-5043 (SQL injection vulnerability in the DJ-ArtGallery (com_djartgallery) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5042 (Cross-site scripting (XSS) vulnerability in the DJ-ArtGallery ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5041 (SQL injection vulnerability in index.php in the NP_Gallery plugin 0.94 ...)
	NOT-FOR-US: Nucleus CMS extension
CVE-2010-5040 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nucleus CMS extension
CVE-2010-5039 (SQL injection vulnerability in control/admin_login.php in ScriptsFeed ...)
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2010-5038 (PHP remote file inclusion vulnerability in contact/contact.php in ...)
	NOT-FOR-US: Groone's Simple Contact Form
CVE-2010-5037 (SQL injection vulnerability in article.php in SenseSites CommonSense ...)
	NOT-FOR-US: SenseSites CommonSense CMS
CVE-2010-5036 (SQL injection vulnerability in addsale.php in iScripts eSwap 2.0 ...)
	NOT-FOR-US: iScripts eSwap
CVE-2010-5035 (Cross-site scripting (XSS) vulnerability in search.php in iScripts ...)
	NOT-FOR-US: iScripts eSwap
CVE-2010-5034 (SQL injection vulnerability in viewhistorydetail.php in iScripts ...)
	NOT-FOR-US: iScripts EasyBiller
CVE-2010-5033 (SQL injection vulnerability in ProductList.cfm in Fusebox 5.5.1 allows ...)
	NOT-FOR-US: Fusebox
CVE-2010-5032 (SQL injection vulnerability in the BF Quiz (com_bfquiztrial) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5031 (Cross-site scripting (XSS) vulnerability in index.php in fileNice 1.1 ...)
	NOT-FOR-US: fileNice
CVE-2010-5030 (Cross-site scripting (XSS) vulnerability in index.php in Ecomat CMS ...)
	NOT-FOR-US: Ecomat CMS
CVE-2010-5029 (SQL injection vulnerability in index.php in Ecomat CMS 5.0 allows ...)
	NOT-FOR-US: Ecomat CMS
CVE-2010-5028 (SQL injection vulnerability in the JExtensions JE Job (com_jejob) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5027 (Cross-site scripting (XSS) vulnerability in winners.php in Science ...)
	NOT-FOR-US: Science Fair In A Box (SFIAB)
CVE-2010-5026 (SQL injection vulnerability in winners.php in Science Fair In A Box ...)
	NOT-FOR-US: Science Fair In A Box (SFIAB)
CVE-2010-5025 (Cross-site scripting (XSS) vulnerability in manage/main.php in ...)
	NOT-FOR-US: CuteSITE CMS
CVE-2010-5024 (SQL injection vulnerability in manage/add_user.php in CuteSITE CMS ...)
	NOT-FOR-US: CuteSITE CMS
CVE-2010-5023 (SQL injection vulnerability in index.asp in Digital Interchange ...)
	NOT-FOR-US: Digital Interchange Calendar
CVE-2010-5022 (SQL injection vulnerability in the JExtensions JE Story Submit ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5021 (SQL injection vulnerability in view_group.asp in Digital Interchange ...)
	NOT-FOR-US: Digital Interchange Calendar
CVE-2010-5020 (SQL injection vulnerability in index.php in NetArt Media iBoutique 4.0 ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2010-5019 (SQL injection vulnerability in view_photo.php in 2daybiz Online ...)
	NOT-FOR-US: 2daybiz Online Classified Script
CVE-2010-5018 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: 2daybiz Online Classified Script
CVE-2010-5017 (SQL injection vulnerability in stats.php in Elite Gaming Ladders 3.0 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5016 (SQL injection vulnerability in matchdb.php in Elite Gaming Ladders 3.5 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5015 (SQL injection vulnerability in view_photo.php in 2daybiz Network ...)
	NOT-FOR-US: 2daybiz Network Community Script
CVE-2010-5014 (SQL injection vulnerability in standings.php in Elite Gaming Ladders ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2010-5013 (SQL injection vulnerability in listing_detail.asp in Mckenzie ...)
	NOT-FOR-US: Mckenzie Creations Virtual Real Estate Manager
CVE-2010-5012 (SQL injection vulnerability in new.php in DaLogin 2.2 and 2.2.5 allows ...)
	NOT-FOR-US: DaLogin
CVE-2010-5011 (SQL injection vulnerability in schoolmv2/html/studentmain.php in ...)
	NOT-FOR-US: SchoolMation
CVE-2010-5010 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SchoolMation
CVE-2010-5009 (SQL injection vulnerability in index.php in UTStats Beta 4 and earlier ...)
	NOT-FOR-US: UTStats
CVE-2010-5008 (SQL injection vulnerability in pages/contact_list_mail_form.asp in ...)
	NOT-FOR-US: BrightSuite Groupware
CVE-2010-5007 (Cross-site scripting (XSS) vulnerability in pages/match_report.php in ...)
	NOT-FOR-US: UTStats
CVE-2010-5006 (SQL injection vulnerability in googlemap/index.php in EMO Realty ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2010-5005 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Rayzz Photoz
CVE-2010-5004 (SQL injection vulnerability in searchvote.php in 2daybiz Polls (aka ...)
	NOT-FOR-US: 2daybiz Polls
CVE-2010-5000 (SQL injection vulnerability in login/login_index.php in MCLogin System ...)
	NOT-FOR-US: MCLogin System
CVE-2010-4998 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ardeaCore PHP Framework
CVE-2010-4997 (SQL injection vulnerability in index.php in OlyKit Swoopo Clone 2010 ...)
	NOT-FOR-US: OlyKit Swoopo Clone 2010
CVE-2010-4971 (Cross-site scripting (XSS) vulnerability in VideoWhisper PHP 2 Way ...)
	NOT-FOR-US: VideoWhisper PHP 2 Way Video Chat
CVE-2011-4262 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4261 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4260 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4259 (Integer underflow in RealNetworks RealPlayer before 15.0.0 allows ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4258 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4257 (The Cook codec in RealNetworks RealPlayer before 15.0.0 allows remote ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4256 (The RV30 codec in RealNetworks RealPlayer before 15.0.0 and Mac ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4255 (Unspecified vulnerability in RealNetworks RealPlayer before 15.0.0 and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4254 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4253 (Unspecified vulnerability in the RV20 codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4252 (The RV10 codec in RealNetworks RealPlayer before 15.0.0 and Mac ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4251 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4250 (Unspecified vulnerability in the ATRC codec in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4249 (Array index error in the RV30 codec in RealNetworks RealPlayer before ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4248 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4247 (RealNetworks RealPlayer before 15.0.0 allows remote attackers to ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4246 (The AAC codec in RealNetworks RealPlayer before 15.0.0 and Mac ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4245 (The RealVideo renderer in RealNetworks RealPlayer before 15.0.0 and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4244 (Heap-based buffer overflow in the RealVideo renderer in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-4243
	RESERVED
CVE-2011-4242
	RESERVED
CVE-2011-4241
	RESERVED
CVE-2011-4240
	RESERVED
CVE-2011-4239
	RESERVED
CVE-2011-4238
	RESERVED
CVE-2011-4237 (CRLF injection vulnerability in autologin.jsp in Cisco CiscoWorks ...)
	NOT-FOR-US: Cisco
CVE-2011-4236
	RESERVED
CVE-2011-4235
	RESERVED
CVE-2011-4234
	RESERVED
CVE-2011-4233
	RESERVED
CVE-2011-4232 (The web server in Cisco Unified MeetingPlace 6.1 and 8.5 produces ...)
	NOT-FOR-US: Cisco
CVE-2011-4231 (Cisco IOS 15.1 and 15.2 and IOS XE 3.x, when configured as an IPsec ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4230
	RESERVED
CVE-2011-4229
	RESERVED
CVE-2011-4228
	RESERVED
CVE-2011-4227
	RESERVED
CVE-2011-4226
	RESERVED
CVE-2011-4225
	RESERVED
CVE-2011-4224
	RESERVED
CVE-2011-4223 (Unspecified vulnerability in Investintech.com Absolute PDF Server ...)
	NOT-FOR-US: Investintech.com Absolute PDF Server
CVE-2011-4222 (Unspecified vulnerability in Investintech.com Able2Extract and ...)
	NOT-FOR-US: Investintech.com Able2Extract
CVE-2011-4221 (Unspecified vulnerability in Investintech.com Able2Doc and Able2Doc ...)
	NOT-FOR-US: Investintech.com Able2Doc
CVE-2011-4220 (Investintech.com SlimPDF Reader does not properly restrict the ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4219 (Investintech.com SlimPDF Reader does not prevent faulting-address data ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4218 (Investintech.com SlimPDF Reader does not prevent faulting-instruction ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4217 (Investintech.com SlimPDF Reader does not properly restrict read ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4216 (Investintech.com SlimPDF Reader does not properly restrict write ...)
	NOT-FOR-US: Investintech.com SlimPDF
CVE-2011-4215 (SQL injection vulnerability in lib/ooz_access.php in OneOrZero Action ...)
	NOT-FOR-US: OneOrZero Action & Information Management System (AIMS)
CVE-2011-4214 (OneOrZero Action &amp; Information Management System (AIMS) 2.7.0 allows ...)
	NOT-FOR-US: OneOrZero Action & Information Management System (AIMS)
CVE-2010-5003 (SQL injection vulnerability in the AutarTimonial (com_autartimonial) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-5002 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Exponent CMS
CVE-2010-5001 (SQL injection vulnerability in view.php in esoftpro Online Contact ...)
	NOT-FOR-US: esoftpro Online Contact Manager
CVE-2010-4999 (SQL injection vulnerability in index.php in esoftpro Online Photo Pro ...)
	NOT-FOR-US: esoftpro Online Photo Pro
CVE-2010-4996 (SQL injection vulnerability in ogp_show.php in esoftpro Online ...)
	NOT-FOR-US: esoftpro Online Guestbook Pro
CVE-2010-4995 (SQL injection vulnerability in the NeoRecruit (com_neorecruit) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4994 (SQL injection vulnerability in the Jobs Pro component 1.6.4 for ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4993 (SQL injection vulnerability in the eventcal (com_eventcal) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4992 (SQL injection vulnerability in the Payments Plus component 2.1.5 for ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4991 (SQL injection vulnerability in the NinjaMonials (com_ninjamonials) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4990 (SQL injection vulnerability in the Front-edit Address Book ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4989 (SQL injection vulnerability in main.asp in Ziggurat Farsi CMS allows ...)
	NOT-FOR-US: Ziggurat Farsi CMS
CVE-2010-4988 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Family Connections Who is Chatting
CVE-2010-4987 (SQL injection vulnerability in default.asp in KMSoft Guestbook (aka ...)
	NOT-FOR-US: KMSoft Guestbook (aka GBook)
CVE-2010-4986 (SQL injection vulnerability in detail.php in Simple Document ...)
	NOT-FOR-US: Simple Document Management System (SDMS)
CVE-2010-4985 (Cross-site scripting (XSS) vulnerability in notes.php in My Kazaam ...)
	NOT-FOR-US: My Kazaam Notes Management System
CVE-2010-4984 (SQL injection vulnerability in notes.php in My Kazaam Notes Management ...)
	NOT-FOR-US: My Kazaam Notes Management System
CVE-2010-4983 (SQL injection vulnerability in profile.php in iScripts CyberMatch 1.0 ...)
	NOT-FOR-US: iScripts CyberMatch
CVE-2010-4982 (SQL injection vulnerability in address_book/contacts.php in My Kazaam ...)
	NOT-FOR-US: My Kazaam Address & Contact Organizer
CVE-2010-4981 (SQL injection vulnerability in trackads.php in YourFreeWorld Banner ...)
	NOT-FOR-US: YourFreeWorld Banner Management
CVE-2010-4980 (SQL injection vulnerability in packagedetails.php in iScripts ...)
	NOT-FOR-US: iScripts ReserveLogic
CVE-2010-4979 (SQL injection vulnerability in image/view.php in CANDID allows remote ...)
	NOT-FOR-US: CANDID
CVE-2010-4978 (Cross-site scripting (XSS) vulnerability in image/view.php in CANDID ...)
	NOT-FOR-US: CANDID
CVE-2010-4977 (SQL injection vulnerability in menu.php in the Canteen (com_canteen) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4976 (Cross-site scripting (XSS) vulnerability in search/search.php in ...)
	NOT-FOR-US: MetInfo
CVE-2010-4975 (SQL injection vulnerability in the Techjoomla SocialAds For JomSocial ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4974 (SQL injection vulnerability in info.php in BrotherScripts (BS) and ...)
	NOT-FOR-US: BrotherScripts (BS) and ScriptsFeed Auto Dealer
CVE-2010-4973 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
	NOT-FOR-US: Campsite
CVE-2010-4972 (SQL injection vulnerability in index.php in YPNinc JokeScript allows ...)
	NOT-FOR-US: YPNinc JokeScript
CVE-2010-4970 (SQL injection vulnerability in handlers/getpage.php in Wiki Web Help ...)
	NOT-FOR-US: Wiki Web Help
CVE-2010-4969 (SQL injection vulnerability in articlesdetails.php in BrotherScripts ...)
	NOT-FOR-US: BrotherScripts (BS) Business Directory
CVE-2010-4968 (SQL injection vulnerability in the webmaster-tips.net Flash Gallery ...)
	NOT-FOR-US: Joomla extension
CVE-2011-4213 (The sandbox environment in the Google App Engine Python SDK before ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4212 (The sandbox environment in the Google App Engine Python SDK before ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4211 (The FakeFile implementation in the sandbox environment in the Google ...)
	NOT-FOR-US: Google App Engine
CVE-2011-4210
	RESERVED
CVE-2011-4209
	RESERVED
CVE-2011-4208
	RESERVED
CVE-2011-4207
	RESERVED
CVE-2011-4206
	RESERVED
CVE-2011-4205
	RESERVED
CVE-2011-4204
	RESERVED
CVE-2011-4203 (CRLF injection vulnerability in calendar/set.php in the Calendar ...)
	NOT-FOR-US: Moodle addon
CVE-2011-4202 (The Tadasoft Restorepoint 3.2 evaluation image uses weak permissions ...)
	NOT-FOR-US: Tadasoft Restorepoint
CVE-2011-4201 (remote_support.cgi in the Tadasoft Restorepoint 3.2 evaluation image ...)
	NOT-FOR-US: Tadasoft Restorepoint
CVE-2011-4200
	RESERVED
CVE-2011-4199
	RESERVED
CVE-2011-4198
	RESERVED
CVE-2011-4197 (etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 ...)
	NOT-FOR-US: pfSense
CVE-2011-XXXX [spip privilege escalation]
	- spip 2.1.12-1 (bug #649113)
	[squeeze] - spip 2.1.1-3squeeze2
CVE-2011-XXXX [spip XSS]
	- spip 2.1.12-1 (bug #649113)
	[squeeze] - spip 2.1.1-3squeeze2
CVE-2011-XXXX [spip path disclosure]
	- spip 2.1.12-1 (unimportant; bug #646758)
	NOTE: http://archives.rezo.net/archives/spip-ann.mbox/5XCQ4RYDCYRXQSQQK42DT7IO2GVT7ZSI/
	NOTE: Path disclosure not an issue for Debian
CVE-2011-4196
	RESERVED
CVE-2011-4195 (kiwi before 4.98.05, as used in SUSE Studio Onsite 1.2 before 1.2.1 ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4194 (Buffer overflow in Novell iPrint Server in Novell Open Enterprise ...)
	NOT-FOR-US: Novell iPrint
CVE-2011-4193 (Cross-site scripting (XSS) vulnerability in the overlay files tab in ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4192 (kiwi before 4.85.1, as used in SUSE Studio Onsite 1.2 before 1.2.1 and ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-4191 (Stack-based buffer overflow in the xdrDecodeString function in ...)
	NOT-FOR-US: Novell NetWare
CVE-2011-4190
	RESERVED
CVE-2011-4189 (The client in Novell GroupWise 8.0x through 8.02HP3 allows remote ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-4188 (Buffer overflow in the Create Attribute function in jclient in Novell ...)
	NOT-FOR-US: Novell iManager
CVE-2011-4187 (Buffer overflow in the GetDriverSettings function in nipplib.dll in ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-4186 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-4185 (The GetPrinterURLList2 method in the ActiveX control in Novell iPrint ...)
	NOT-FOR-US: ActiveX
CVE-2011-4184
	RESERVED
CVE-2011-4183
	RESERVED
CVE-2011-4182
	RESERVED
CVE-2011-4181
	RESERVED
CVE-2011-4180
	RESERVED
CVE-2011-4179
	RESERVED
CVE-2011-4178
	RESERVED
CVE-2011-4177
	RESERVED
CVE-2011-4176
	RESERVED
CVE-2011-4175
	RESERVED
CVE-2011-4174
	RESERVED
CVE-2011-4173 (Cross-site request forgery (CSRF) vulnerability in Simple Machines ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-4172 (Multiple cross-site scripting (XSS) vulnerabilities in KENT-WEB WEB ...)
	NOT-FOR-US: KENT WEB FORUM
CVE-2011-4171 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM ...)
	NOT-FOR-US: WebSphere
CVE-2011-4170 (Cross-site scripting (XSS) vulnerability in the ...)
	- empathy 3.2.1.1-1
	[squeeze] - empathy <no-dsa> (Minor issue)
	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-4169 (Unspecified vulnerability in HP Managed Printing Administration before ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4168 (Directory traversal vulnerability in hpmpa/jobDelivery/Default.asp in ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4167 (Stack-based buffer overflow in MPAUploader.dll in HP Managed Printing ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4166 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: HP Managed Printing Administration
CVE-2011-4165 (Unspecified vulnerability in HP Database Archiving Software 6.31 ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4164 (Unspecified vulnerability in HP Database Archiving Software 6.31 ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4163 (Unspecified vulnerability in HP Database Archiving Software 6.31 ...)
	NOT-FOR-US: HP Database Archiving Software
CVE-2011-4162 (The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, ...)
	NOT-FOR-US: HP Protect Tools Device Access Manager
CVE-2011-4161 (The default configuration of the HP CM8060 Color MFP with Edgeline; ...)
	NOT-FOR-US: HP CM8060 Color MFP
CVE-2011-4160 (Unspecified vulnerability in HP Operations Agent 11.00 and Performance ...)
	NOT-FOR-US: HP Operations Agent
CVE-2011-4159 (Unspecified vulnerability in System Administration Manager (SAM) in ...)
	NOT-FOR-US: HP-UX
CVE-2011-4158 (Unspecified vulnerability in HP Directories Support for ProLiant ...)
	NOT-FOR-US: HP Directories Support
CVE-2011-4157 (Stack-based buffer overflow in hydra.exe in HP SAN/iQ before 9.5 on ...)
	NOT-FOR-US: HP SAN/iQ
CVE-2011-4156 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-4155 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-4154
	RESERVED
CVE-2011-4153 (PHP 5.3.8 does not always check the return value of the zend_strndup ...)
	{DSA-2408-1}
	- php5 5.3.9-1 (low)
CVE-2011-4152
	RESERVED
CVE-2011-4151 (The krb5_db2_lockout_audit function in the Key Distribution Center ...)
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[squeeze] - krb5 <no-dsa> (Minor issue)
	[lenny] - krb5 <not-affected> (introduced in 1.8)
CVE-2010-4967 (SQL injection vulnerability in default.asp in ATCOM Netvolution 2.5.6 ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2010-4966 (Cross-site scripting (XSS) vulnerability in default.asp in ATCOM ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2009-5103 (Cross-site scripting (XSS) vulnerability in ATCOM Netvolution 1.0 ASP ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2009-5102 (SQL injection vulnerability in default.asp in ATCOM Netvolution 1.0 ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2011-4150
	REJECTED
CVE-2011-4149
	REJECTED
CVE-2011-4148
	REJECTED
CVE-2011-4147
	REJECTED
CVE-2011-4146
	REJECTED
CVE-2011-4145
	REJECTED
CVE-2011-4144 (Unspecified vulnerability in EMC Documentum Content Server 6.0, 6.5 ...)
	NOT-FOR-US: EMC
CVE-2011-4143 (EMC RSA enVision 4.0 before SP4 P5 and 4.1 before P3 allows remote ...)
	NOT-FOR-US: EMC
CVE-2011-4142 (The Web Search feature in EMC SourceOne Email Management 6.5 before ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-4141 (Untrusted search path vulnerability in EMC RSA SecurID Software Token ...)
	NOT-FOR-US: RSA SecurID
CVE-2011-4140 (The CSRF protection mechanism in Django through 1.2.7 and 1.3.x ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4139 (Django before 1.2.7 and 1.3.x before 1.3.1 uses a request's HTTP Host ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4138 (The verify_exists functionality in the URLField implementation in ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4137 (The verify_exists functionality in the URLField implementation in ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4136 (django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, ...)
	{DSA-2332-1}
	- python-django 1.3.1-1 (bug #641405)
CVE-2011-4135 (Multiple directory traversal vulnerabilities in lmgrd in Flexera ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4134 (Heap-based buffer overflow in lmadmin in Flexera FlexNet Publisher ...)
	NOT-FOR-US: Flexera FlexNet Publisher
CVE-2011-4133 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.9.x before ...)
	{DSA-2262-1}
	- moodle 1.9.9.dfsg2-3
CVE-2011-4132 (The cleanup_journal_tail function in the Journaling Block Device (JBD) ...)
	- linux-2.6 3.1.6-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-4131 (The NFSv4 implementation in the Linux kernel before 3.2.2 does not ...)
	- linux 3.2.9-1 (low)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <no-dsa> (Too intrusive to backport, minor impact)
CVE-2011-4130 (Use-after-free vulnerability in the Response API in ProFTPD before ...)
	{DSA-2346-2 DSA-2346-1}
	- proftpd-dfsg 1.3.4~rc3-2 (high; bug #648373)
	[lenny] - proftpd-dfsg <not-affected> (vulnerable functionality not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3711
CVE-2011-4129 ((1) services/twitter/twitter-contact-view.c and (2) ...)
	- libsocialweb 0.25.20-1
CVE-2011-4128 (Buffer overflow in the gnutls_session_get_data function in ...)
	- gnutls26 2.12.14-1 (low; bug #648441)
	[squeeze] - gnutls26 2.8.6-1+squeeze1
	[lenny] - gnutls26 <no-dsa> (Minor issue)
CVE-2011-4127 (The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl ...)
	{DSA-2443-1 DSA-2389-1}
	- libguestfs 1:1.14.8-1
	- linux-2.6 <removed>
CVE-2011-4126
	RESERVED
CVE-2011-4125
	RESERVED
CVE-2011-4124
	RESERVED
CVE-2011-4123
	REJECTED
CVE-2011-4122 (Directory traversal vulnerability in openpam_configure.c in OpenPAM ...)
	NOT-FOR-US: OpenPAM
CVE-2011-4121
	RESERVED
	- ruby1.9.1 <not-affected> (Only affected trunk versions)
CVE-2011-4120 [authentication bypass by pressing ctrl-d]
	RESERVED
	- yubico-pam 2.10-1
CVE-2011-4119
	RESERVED
CVE-2011-4117
	RESERVED
	NOT-FOR-US: perl Batch::BatchRun CPAN module
CVE-2011-4116 [unsafe traversal of symlinks]
	RESERVED
	- perl <unfixed> (unimportant; bug #776268)
	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/6174/focus=6177
CVE-2011-4115
	RESERVED
	- libparallel-forkmanager-perl <not-affected> (issue introduced in 0.7.6 upstream, never in Debian)
	NOTE: affected code was never in Debian. Upstream fixed in 1.0.0
	NOTE: https://rt.cpan.org/Public/Bug/Display.html?id=68298
CVE-2011-4114 (The par_mktmpdir function in the PAR::Packer module before 1.012 for ...)
	- libpar-packer-perl 1.012-1 (bug #650706)
	[squeeze] - libpar-packer-perl 1.006-1+squeeze1
CVE-2011-4113 (SQL injection vulnerability in the Views module before 6.x-2.13 for ...)
	- drupal6-mod-views 2.14-1
CVE-2011-4112 (The net subsystem in the Linux kernel before 3.1 does not properly ...)
	- linux-2.6 3.1-1 (unimportant)
	NOTE: Turned out to be a non-issue, http://www.openwall.com/lists/oss-security/2011/11/24/3
CVE-2011-4111 (Buffer overflow in the ccid_card_vscard_handle_message function in ...)
	- qemu 0.15.1+dfsg-2
	[lenny] - qemu <not-affected> (Vulnerable CCID code not present)
	[squeeze] - qemu <not-affected> (Vulnerable CCID code not present)
	- xen 4.4.0-1
	[wheezy] - xen <not-affected> (Vulnerable code introduced after 0.14.50, embedded version is 0.10.2)
	NOTE: Xen switched to qemu-system in 4.4.0-1
	NOTE: Vulnerable code introduced after 0.14.50: http://git.qemu.org/?p=qemu.git;a=commit;h=edbb21363fbfe40e050f583df921484cbc31c79d
CVE-2011-4110 (The user_update function in security/keys/user_defined.c in the Linux ...)
	{DSA-2389-1}
	- linux-2.6 3.1.4-1
CVE-2011-4109 (Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when ...)
	{DSA-2390-1}
	- openssl 1.0.0c-1
CVE-2011-4108 (The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f ...)
	{DSA-2390-1}
	- openssl 1.0.0f-1 (low; bug #645805)
	NOTE: http://rt.openssl.org/Ticket/Display.html?id=2625&user=guest&pass=guest
CVE-2011-4107 (The simplexml_load_string function in the XML import plug-in ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.7.1-1 (bug #656247)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=751112
CVE-2011-4106 (TimThumb (timthumb.php) before 2.0 does not validate the entire source ...)
	NOT-FOR-US: wordpress plugin timthumb
CVE-2011-4105 (LightDM before 1.0.6 allows local users to change ownership of ...)
	- lightdm 1.0.6-2
CVE-2011-4104 (The from_yaml method in serializers.py in Django Tastypie before ...)
	- django-tastypie 0.9.10-1 (bug #647314)
CVE-2011-4103 (emitters.py in Django Piston before 0.2.3 and 0.2.x before 0.2.2.1 ...)
	{DSA-2344-1}
	- python-django-piston 0.2.2-2 (high; bug #647315)
CVE-2011-4102 (Heap-based buffer overflow in the erf_read_header function in ...)
	{DSA-2351-1}
	- wireshark 1.6.3-1
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-19.html
	NOTE: http://anonsvn.wireshark.org/viewvc/trunk/wiretap/erf.c?r1=39508&r2=39507&pathrev=39508&view=patch
	NOTE: Affects 1.0 and 1.2, the versions listed in the advisory are relative to the supported upstream branches
CVE-2011-4101 (The dissect_infiniband_common function in ...)
	- wireshark 1.6.3-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-18.html
CVE-2011-4100 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...)
	- wireshark 1.6.3-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0-1.6.2)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-17.html
CVE-2011-4099 (The capsh program in libcap before 2.22 does not change the current ...)
	- libcap2 1:2.22-1 (low)
	[squeeze] - libcap2 <no-dsa> (Minor issue)
CVE-2011-4098 (The fallocate implementation in the GFS2 filesystem in the Linux ...)
	- linux 3.2.1-1
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (fallocate support was added to GFS2 in 2.37)
CVE-2011-4097 (Integer overflow in the oom_badness function in mm/oom_kill.c in the ...)
	- linux-2.6 3.0.0-6
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-4096 (The idnsGrokReply function in Squid before 3.1.16 does not properly ...)
	{DSA-2381-1}
	- squid3 3.1.16-1
	[lenny] - squid3 <not-affected> (no IPv6 support)
CVE-2011-4095
	RESERVED
	NOT-FOR-US: Jara
CVE-2011-4094
	RESERVED
	NOT-FOR-US: Jara
CVE-2011-4093 (Integer overflow in inc/server.hpp in libnet6 (aka net6) before 1.3.14 ...)
	- net6 1:1.3.14-1 (low; bug #647318)
	[squeeze] - net6 <no-dsa> (Minor issue)
	[lenny] - net6 <no-dsa> (Minor issue)
CVE-2011-4092 (obby (aka libobby) does not verify SSL server certificates, which ...)
	- obby <removed> (low; bug #647317)
	[wheezy] - obby <no-dsa> (Minor design limitation)
	[lenny] - obby <no-dsa> (Minor design limitation)
	[squeeze] - obby <no-dsa> (Minor design limitation)
CVE-2011-4091 (The libobby server in inc/server.hpp in libnet6 (aka net6) before ...)
	[squeeze] - net6 <no-dsa> (Minor issue)
	[lenny] - net6 <no-dsa> (Minor issue)
	- net6 1:1.3.14-1 (low; bug #647318)
CVE-2011-4090 [serendipity before 1.6 backend XSS in karma plugin]
	RESERVED
	- serendipity <removed> (bug #650937)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	NOTE: http://seclists.org/oss-sec/2011/q4/192
CVE-2011-4089 (The bzexe command in bzip2 1.0.5 and earlier generates compressed ...)
	- bzip2 1.0.6-1 (low; bug #632862)
	[squeeze] - bzip2 1.0.5-6+squeeze1
	[lenny] - bzip2 <no-dsa> (Minor issue)
CVE-2011-4088
	RESERVED
	NOT-FOR-US: abrt/libreport
CVE-2011-4087 (The br_parse_ip_options function in net/bridge/br_netfilter.c in the ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-4086 (The journal_unmap_buffer function in fs/jbd2/transaction.c in the ...)
	{DSA-2469-1}
	- linux-2.6 <removed> (low)
CVE-2011-4085 (The servlets invoked by httpha-invoker in JBoss Enterprise Application ...)
	NOT-FOR-US: JBoss Enterprise SOA Platform
CVE-2011-4084
	REJECTED
CVE-2011-4083 (The sosreport utility in the Red Hat sos package before 1.7-9 and 2.x ...)
	NOT-FOR-US: RedHat sos
CVE-2011-4082
	RESERVED
	- phpldapadmin 0.9.8-1
CVE-2011-4081 (crypto/ghash-generic.c in the Linux kernel before 3.1 allows local ...)
	- linux-2.6 3.0.0-6
	[squeeze] - linux-2.6 <not-affected> (CRYPTO_GHASH Introduced in 2.6.32)
CVE-2011-4080 (The sysrq_sysctl_handler function in kernel/sysctl.c in the Linux ...)
	- linux-2.6 2.6.39-1
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.37 with eaf06b241b091357e72b76863ba16e89610d31bd)
CVE-2011-4079 (Off-by-one error in the UTF8StringNormalize function in OpenLDAP ...)
	- openldap 2.4.28-1 (unimportant; bug #647610)
	NOTE: Not exploitable with glibc, see
	NOTE: http://www.openldap.org/its/index.cgi/Software%20Bugs?id=7059;selectid=7059
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4079
CVE-2011-4078 (include/iniset.php in Roundcube Webmail 0.5.4 and earlier, when PHP ...)
	- roundcube 0.6+dfsg-1 (bug #646675)
	[squeeze] - roundcube <not-affected> (squeeze PHP version does not expose the issue)
	NOTE: http://trac.roundcube.net/ticket/1488086
	NOTE: This is arguably a PHP issue, but will probably not be fixed upstream.
CVE-2011-4077 (Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-6
CVE-2011-4076
	RESERVED
	- nova 2012.1~e1-1
	NOTE: https://bugs.launchpad.net/nova/+bug/868360
	NOTE: the patch for this bug is available at https://review.openstack.org/#/c/794/
CVE-2011-4075 (The masort function in lib/functions.php in phpLDAPadmin 1.2.x before ...)
	{DSA-2333-1}
	- phpldapadmin 1.2.0.5-2.1 (bug #646754)
CVE-2011-4074 (Cross-site scripting (XSS) vulnerability in cmd.php in phpLDAPadmin ...)
	{DSA-2333-1}
	- phpldapadmin 1.2.0.5-2.1 (bug #646769)
CVE-2011-4073 (Use-after-free vulnerability in the cryptographic helper handler ...)
	{DSA-2374-1}
	- openswan 1:2.6.37-1 (low; bug #650674)
CVE-2007-6744 (Flexera Macrovision InstallShield before 2008 sends a ...)
	NOT-FOR-US: Flexera Macrovision InstallShield
CVE-2006-7246
	RESERVED
	- wpasupplicant 0.7.3-1
	[squeeze] - wpasupplicant <no-dsa> (Minor issue)
	- network-manager 0.9.4.0-1
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: might be fixed earlier; I checked the source versions in Wheezy
CVE-2011-4072
	REJECTED
CVE-2011-4071
	RESERVED
CVE-2011-4070
	RESERVED
CVE-2011-4069 (html/admin/login.php in PacketFence before 3.0.2 allows remote ...)
	NOT-FOR-US: PacketFence
CVE-2011-4068 (The check_password function in html/admin/login.php in PacketFence ...)
	NOT-FOR-US: PacketFence
CVE-2011-4067
	RESERVED
CVE-2011-4066 (SQL injection vulnerability in bbs/tb.php in Gnuboard 4.33.02 and ...)
	NOT-FOR-US: Gnuboard
CVE-2011-4065
	RESERVED
CVE-2011-4063 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.8.x ...)
	- asterisk 1:1.8.7.1~dfsg-1 (bug #647252)
	[lenny] - asterisk <not-affected> (Only affects >= 1.8)
	[squeeze] - asterisk <not-affected> (Only affects >= 1.8)
CVE-2011-4062 (Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows ...)
	{DSA-2325-1}
	- kfreebsd-10 10.0~svn226224-1
	- kfreebsd-9 9.0~svn225873-1
	- kfreebsd-8 8.2-11 (bug #645377)
	- kfreebsd-7 <removed>
CVE-2011-4061 (Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) ...)
	NOT-FOR-US: DB2
CVE-2011-4060 (The runtime linker in QNX Neutrino RTOS 6.5.0 before Service Pack 1 ...)
	NOT-FOR-US: QNX
CVE-2011-4059
	RESERVED
CVE-2011-4058
	RESERVED
CVE-2010-4965 (/etc/rc.d/rc.local on the D-Link DCS-2121 camera with firmware 1.04 ...)
	NOT-FOR-US: D-Link DCS-2121
CVE-2010-4964 (recorder_test.cgi on the D-Link DCS-2121 camera with firmware 1.04 ...)
	NOT-FOR-US: D-Link DCS-2121
CVE-2011-4064 (Cross-site scripting (XSS) vulnerability in the setup interface in ...)
	- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-4057 (Wibu-Systems AG CodeMeter Runtime 4.30c, 4.10b, and possibly other ...)
	NOT-FOR-US: Wibu-Systems AG CodeMeter Runtime
CVE-2011-4056 (An unspecified ActiveX control in ActBar.ocx in Siemens Tecnomatix ...)
	NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4055 (Buffer overflow in the WebClient ActiveX control in Siemens Tecnomatix ...)
	NOT-FOR-US: Siemens Tecnomatix
CVE-2011-4054 (Cross-site scripting (XSS) vulnerability in login.fcc in CA SiteMinder ...)
	NOT-FOR-US: CA SiteMinder
CVE-2011-4053 (Untrusted search path vulnerability in 7-Technologies (7T) Interactive ...)
	NOT-FOR-US: 7-Technologies (7T) Interactive Graphical SCADA System
CVE-2011-4052 (Stack-based buffer overflow in CEServer.exe in the CEServer component ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-4051 (CEServer.exe in the CEServer component in the Remote Agent module in ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-4050 (Buffer overflow in 7-Technologies (7T) Interactive Graphical SCADA ...)
	NOT-FOR-US: Interactive Graphical SCADA System
CVE-2011-4049
	RESERVED
CVE-2011-4048 (The Dell KACE K2000 System Deployment Appliance has a default username ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4047 (The Dell KACE K2000 System Deployment Appliance allows remote ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4046 (The Dell KACE K2000 System Deployment Appliance stores the recovery ...)
	NOT-FOR-US: Dell appliance
CVE-2011-4045 (Buffer overflow in an unspecified ActiveX control in aipgctl.ocx in ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4044 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4043 (Integer overflow in an unspecified ActiveX control in SVUIGrd.ocx in ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4042 (An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique ...)
	NOT-FOR-US: ARC Informatique
CVE-2011-4041 (webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers ...)
	NOT-FOR-US: Advantech WebAccess
CVE-2011-4040 (Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows ...)
	NOT-FOR-US: NJStar Communicator
CVE-2011-4039 (Invensys Wonderware HMI Reports 3.42.835.0304 and earlier, as used in ...)
	NOT-FOR-US: Invensys Wonderware HMI Reports
CVE-2011-4038 (Cross-site scripting (XSS) vulnerability in Invensys Wonderware HMI ...)
	NOT-FOR-US: Invensys Wonderware HMI Reports
CVE-2011-4037 (Buffer overflow in Sielco Sistemi Winlog PRO before 2.07.09 and Winlog ...)
	NOT-FOR-US: Sielco Sistemi Winlog PRO
CVE-2011-4036 (Directory traversal vulnerability in Schneider Electric Vijeo ...)
	NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4035 (Cross-site scripting (XSS) vulnerability in Schneider Electric Vijeo ...)
	NOT-FOR-US: Schneider Electric Vijeo
CVE-2011-4034 (Buffer overflow in the Steema TeeChart ActiveX control, as used in ...)
	NOT-FOR-US: Steema TeeChart
CVE-2011-4033 (Buffer overflow in the Steema TeeChart ActiveX control, as used in ...)
	NOT-FOR-US: Steema TeeChart
CVE-2011-4032
	RESERVED
CVE-2011-4031 (Integer underflow in the asfrtp_parse_packet function in ...)
	- libav 0.8-1 (bug #675767)
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-4030 (The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and ...)
	- plone3 <not-affected> (Only affects Plone 4.x)
CVE-2011-4029 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 ...)
	- xorg-server 2:1.11.1.901-2 (low)
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=b67581cf825940fdf52bf2e0af4330e695d724a4
	NOTE: this has a poc now: http://web.archive.org/web/20111204204028/http://vladz.devzero.fr:80/Xorg-CVE-2011-4029.txt
CVE-2011-4028 (The LockServer function in os/utils.c in X.Org xserver before 1.11.2 ...)
	- xorg-server 2:1.11.1.901-2 (low)
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6ba44b91e37622ef8c146d8f2ac92d708a18ed34
CVE-2011-4027
	RESERVED
CVE-2011-4026 (SQL injection vulnerability in thanks.php in NexusPHP 1.5 allows ...)
	NOT-FOR-US: NexusPHP
CVE-2010-4963 (SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows ...)
	NOT-FOR-US: Hulihan BXR
CVE-2010-4962 (Unspecified vulnerability in the Webkit PDFs (webkitpdf) extension ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4961 (SQL injection vulnerability in the Webkit PDFs (webkitpdf) extension ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4960 (Cross-site scripting (XSS) vulnerability in the Branchenbuch (aka ...)
	NOT-FOR-US: Branchenbuch
CVE-2010-4959 (SQL injection vulnerability in the login feature in Pre Projects Pre ...)
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2010-4958 (SQL injection vulnerability in index.php in Prado Portal 1.2.0 allows ...)
	NOT-FOR-US: Prado Portal
CVE-2010-4957 (SQL injection vulnerability in the Questionnaire (ke_questionnaire) ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4956 (Cross-site scripting (XSS) vulnerability in the Questionnaire ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4955 (SQL injection vulnerability in board/board.php in APBoard Developers ...)
	NOT-FOR-US: APBoard Developers APBoard
CVE-2010-4954 (SQL injection vulnerability in product_reviews_info.php in xt:Commerce ...)
	NOT-FOR-US: xt:Commerce Gambio
CVE-2010-4953 (Unspecified vulnerability in the JW Calendar (jw_calendar) extension ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4952 (SQL injection vulnerability in the FE user statistic (festat) ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4951 (Cross-site scripting (XSS) vulnerability in the xaJax Shoutbox ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4950 (SQL injection vulnerability in the Event (event) extension before ...)
	NOT-FOR-US: Typo3 extension
CVE-2010-4949 (Cross-site scripting (XSS) vulnerability in the (1) FreiChat component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4948 (PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in ...)
	NOT-FOR-US: PHP Free Photo Gallery
CVE-2010-4947 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: ALLPC
CVE-2010-4946 (SQL injection vulnerability in product_info.php in ALLPC 2.5 allows ...)
	NOT-FOR-US: ALLPC
CVE-2010-4945 (SQL injection vulnerability in the CamelcityDB (com_camelcitydb2) ...)
	NOT-FOR-US: CamelcityDB
CVE-2010-4944 (SQL injection vulnerability in the Elite Experts (com_elite_experts) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4943 (Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 ...)
	NOT-FOR-US: Saurus CMS
CVE-2010-4942 (SQL injection vulnerability in location.php in the eCal module in ...)
	NOT-FOR-US: E-Xoopport Samsara
CVE-2010-4941 (SQL injection vulnerability in the Teams (com_teams) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4940 (SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows ...)
	NOT-FOR-US: WAnewsletter
CVE-2010-4939 (PHP remote file inclusion vulnerability in index.php in MailForm 1.2 ...)
	NOT-FOR-US: MailForm
CVE-2010-4938 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4937 (Multiple SQL injection vulnerabilities in the Amblog (com_amblog) ...)
	NOT-FOR-US: Amblog
CVE-2010-4936 (SQL injection vulnerability in the Slide Show (com_slideshow) ...)
	NOT-FOR-US: Slide Show extension for Joomla
CVE-2010-4935 (SQL injection vulnerability in poll.php in Entrans 0.3.2 and earlier ...)
	NOT-FOR-US: Entrans
CVE-2010-4934 (SQL injection vulnerability in video.php in Get Tube 4.51 and earlier ...)
	NOT-FOR-US: Get Tube
CVE-2010-4933 (SQL injection vulnerability in filemgmt/singlefile.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2010-4932 (Cross-site scripting (XSS) vulnerability in search.php in Entrans ...)
	NOT-FOR-US: Entrans
CVE-2010-4931 (** DISPUTED ** Directory traversal vulnerability in maincore.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2010-4930 (Cross-site scripting (XSS) vulnerability in index.php in @mail Webmail ...)
	NOT-FOR-US: @mail Webmail
CVE-2010-4929 (SQL injection vulnerability in the Joostina (com_ezautos) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4928 (Cross-site scripting (XSS) vulnerability in the Restaurant Guide ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4927 (SQL injection vulnerability in the Restaurant Guide ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4926 (SQL injection vulnerability in the TimeTrack (com_timetrack) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4925 (SQL injection vulnerability in clic.php in the Partenaires module 1.5 ...)
	NOT-FOR-US: Nuked Klan
CVE-2010-4924 (** DISPUTED ** PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: clearBudget
CVE-2010-4923 (SQL injection vulnerability in book/detail.php in Virtue Netz Virtue ...)
	NOT-FOR-US: Virtue Netz Virtue
CVE-2010-4922 (Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow ...)
	NOT-FOR-US: Allinta CMS
CVE-2010-4921 (SQL injection vulnerability in inc_pollingboothmanager.asp in DMXReady ...)
	NOT-FOR-US: DMXReady Polling Booth Manager
CVE-2010-4920 (SQL injection vulnerability in detail.asp in Micronetsoft Rental ...)
	NOT-FOR-US: Micronetsoft
CVE-2010-4919 (SQL injection vulnerability in detail.asp in Micronetsoft RV Dealer ...)
	NOT-FOR-US: Micronetsoft
CVE-2010-4918 (PHP remote file inclusion vulnerability in iJoomla Magazine ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4917 (SQL injection vulnerability in sources/search.php in A-Blog 2.0 allows ...)
	NOT-FOR-US: A-Blog
CVE-2010-4916 (Multiple SQL injection vulnerabilities in index.cfm in ColdGen ...)
	NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4915 (SQL injection vulnerability in index.cfm in ColdGen ColdBookmarks 1.22 ...)
	NOT-FOR-US: ColdGen ColdBookmarks
CVE-2010-4914 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2010-4913 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
	NOT-FOR-US: ColdGen ColdUserGroup
CVE-2010-4912 (SQL injection vulnerability in shop.php in UCenter Home 2.0 allows ...)
	NOT-FOR-US: UCenter
CVE-2010-4911 (SQL injection vulnerability in classi/detail.php in PHP Classifieds ...)
	NOT-FOR-US: PHP Classifieds
CVE-2010-4910 (SQL injection vulnerability in index.cfm in ColdGen ColdCalendar 2.06 ...)
	NOT-FOR-US: ColdGen ColdCalendar
CVE-2010-4909 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PaysiteReviewCMS
CVE-2010-4908 (SQL injection vulnerability in detail.php in Virtue Shopping Mall ...)
	NOT-FOR-US: Virtue Shopping Mall
CVE-2010-4907 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...)
	NOT-FOR-US: Zenphoto
CVE-2010-4906 (SQL injection vulnerability in zp-core/full-image.php in Zenphoto 1.3 ...)
	NOT-FOR-US: Zenphoto
CVE-2010-4905 (SQL injection vulnerability in article_details.php in Softbiz Article ...)
	NOT-FOR-US: Softbiz
CVE-2010-4904 (SQL injection vulnerability in the Aardvertiser (com_aardvertiser) ...)
	NOT-FOR-US: Aardvertiser
CVE-2010-4903 (SQL injection vulnerability in index.php in CubeCart 4.3.3 allows ...)
	NOT-FOR-US: CubeCart
CVE-2010-4902 (Multiple SQL injection vulnerabilities in the Clantools ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4901 (Multiple cross-site scripting (XSS) vulnerabilities in char_map.php in ...)
	NOT-FOR-US: MySource Matrix
CVE-2010-4900 (Open redirect vulnerability in c.php in CMS WebManager-Pro 8.1 and ...)
	NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4899 (SQL injection vulnerability in c.php in CMS WebManager-Pro before 8.1 ...)
	NOT-FOR-US: CMS WebManager-Pro
CVE-2010-4898 (SQL injection vulnerability in the Gantry (com_gantry) component ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4897 (SQL injection vulnerability in comment.php in BlueCMS 1.6 allows ...)
	NOT-FOR-US: BlueCMS
CVE-2010-4896 (Cross-site scripting (XSS) vulnerability in admin/index.asp in Member ...)
	NOT-FOR-US: Member Management System
CVE-2010-4895 (Cross-site scripting (XSS) vulnerability in core/showsite.php in ...)
	NOT-FOR-US: chillyCMS
CVE-2010-4894 (SQL injection vulnerability in core/showsite.php in chillyCMS 1.1.3 ...)
	NOT-FOR-US: chillyCMS
CVE-2010-4893 (Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS ...)
	NOT-FOR-US: FestOS
CVE-2011-XXXX [lintian disclosure of file presense]
	- lintian 2.5.2 (unimportant)
	[squeeze] - lintian 2.4.3+squeeze1
CVE-2011-XXXX [0.1.1+dfsg-1 multiple issues]
	- ibid 0.1.1+dfsg-1
	[squeeze] - ibid 0.1.0+dfsg-2+squeeze1
CVE-2011-4025
	RESERVED
CVE-2010-4892 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4891 (SQL injection vulnerability in the Yet Another Calendar (ke_yac) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4890 (Cross-site scripting (XSS) vulnerability in the Yet Another Calendar ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4889 (Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4888 (SQL injection vulnerability in the Tiny Market (hm_tinymarket) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4887 (SQL injection vulnerability in the Commenting system Backend Module ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4886 (Cross-site scripting (XSS) vulnerability in the &quot;official twitter ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4885 (Cross-site scripting (XSS) vulnerability in the XING Button (xing) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2010-4884 (PHP remote file inclusion vulnerability in guestbook/gbook.php in ...)
	NOT-FOR-US: Gaestebuch
CVE-2010-4883 (Cross-site scripting (XSS) vulnerability in manager/index.php in MODx ...)
	NOT-FOR-US: MODx Revolution
CVE-2010-4882 (Cross-site scripting (XSS) vulnerability in autocms.php in Auto CMS ...)
	NOT-FOR-US: Auto CMS
CVE-2010-4881 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ApPHP Calendar
CVE-2010-4880 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ApPHP Calendar
CVE-2010-4879 (PHP remote file inclusion vulnerability in dompdf.php in dompdf 0.6.0 ...)
	- php-dompdf 0.6.1+dfsg-1
CVE-2010-4878 (PHP remote file inclusion vulnerability in formmailer.php in Kontakt ...)
	NOT-FOR-US: Kontakt Formular
CVE-2010-4877 (Cross-site scripting (XSS) vulnerability in index.php in OneCMS 2.6.1 ...)
	NOT-FOR-US: OneCMS
CVE-2010-4876 (SQL injection vulnerability in viewpost.php in mBlogger 1.0.04 allows ...)
	NOT-FOR-US: mBlogger
CVE-2010-4875 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2010-4874 (Multiple cross-site scripting (XSS) vulnerabilities in users.php in ...)
	NOT-FOR-US: NinkoBB
CVE-2010-4873 (Cross-site scripting (XSS) vulnerability in confirm.php in WeBid 0.8.5 ...)
	NOT-FOR-US: WeBid
CVE-2010-4872 (SQL injection vulnerability in newsroom.asp in ASPilot Pilot Cart 7.3 ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4871 (Unspecified vulnerability in SmartFTP before 4.0 Build 1142 allows ...)
	NOT-FOR-US: SmartFTP
CVE-2010-4870 (SQL injection vulnerability in index.php in BloofoxCMS 0.3.5 allows ...)
	NOT-FOR-US: BloofoxCMS
CVE-2011-4024 (Cross-site scripting (XSS) vulnerability in ocsinventory in OCS ...)
	- ocsinventory-server 2.0.2-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2011-4023 (Memory leak in libcmd in Cisco NX-OS 5.0 on Nexus switches allows ...)
	NOT-FOR-US: Cisco
CVE-2011-4022 (The sensor in Cisco Intrusion Prevention System (IPS) 7.0 and 7.1 ...)
	NOT-FOR-US: Cisco
CVE-2011-4021
	RESERVED
CVE-2011-4020
	RESERVED
CVE-2011-4019 (Memory leak in Cisco IOS 12.4 and 15.0 through 15.2, and Cisco Unified ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4018
	RESERVED
CVE-2011-4017
	RESERVED
CVE-2011-4016 (The PPP implementation in Cisco IOS 12.2 and 15.0 through 15.2, when ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4015 (Cisco IOS 15.2S allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4014 (The TAC Case Attachment tool in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2011-4013
	RESERVED
CVE-2011-4012 (Cisco IOS 12.0, 15.0, and 15.1, when a Policy Feature Card 3C (PFC3C) ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4011
	RESERVED
CVE-2011-4010
	RESERVED
CVE-2011-4009
	RESERVED
CVE-2011-4008
	RESERVED
CVE-2011-4007 (Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the &quot;set ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-4006 (The ESMTP inspection feature on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco
CVE-2011-4005 (Cross-site request forgery (CSRF) vulnerability in the Services Ready ...)
	NOT-FOR-US: Cisco SRP
CVE-2011-4004 (Buffer overflow in the ATAS32 processing functionality in the Cisco ...)
	NOT-FOR-US: Cisco Webex
CVE-2011-4003
	RESERVED
CVE-2011-4002 (HP no Mawashimono Nikki 6.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: HP no Mawashimono Nikki
CVE-2011-4001 (Directory traversal vulnerability in HP no Mawashimono Nikki 6.6 and ...)
	NOT-FOR-US: HP no Mawashimono Nikki
CVE-2011-4000 (Buffer overflow in ChaSen 2.4.x allows remote attackers to execute ...)
	{DSA-2361-1}
	- chasen 2.4.4-17 (medium; bug #648359)
CVE-2011-3999 (Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader ...)
	NOT-FOR-US: Iwate Portal Bar
CVE-2011-3998 (Cross-site scripting (XSS) vulnerability in Apple WebObjects 5.2 and ...)
	NOT-FOR-US: Apple WebObjects
CVE-2011-3997 (Opengear console servers with firmware before 2.2.1 allow remote ...)
	NOT-FOR-US: Opengear
CVE-2011-3996 (The LiveData Service in CSWorks before 2.0.4115.1 allows remote ...)
	NOT-FOR-US: CSWorks
CVE-2011-3995 (Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 ...)
	NOT-FOR-US: Twilight Frontier Touhou Hisouten
CVE-2011-3994 (Cross-site request forgery (CSRF) vulnerability in SKYARC MTCMS before ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-3993 (SKYARC MTCMS before 5.252, and the MultiFileUploader 0.44 and earlier, ...)
	NOT-FOR-US: Movable Type plugin
CVE-2011-3992 (Buffer overflow in the SSH server functionality on the D-Link DES-3800 ...)
	NOT-FOR-US: D-Link device
CVE-2011-3991 (Untrusted search path vulnerability in FFFTP 1.98a and earlier allows ...)
	NOT-FOR-US: FFFTP
CVE-2011-3990 (Cross-site scripting (XSS) vulnerability in plugin/comment.inc.php in ...)
	NOT-FOR-US: PukiWiki
CVE-2011-3989 (SQL injection vulnerability in DBD::mysqlPP 0.04 and earlier allows ...)
	NOT-FOR-US: DBD::mysqlPP Perl module
CVE-2011-3988 (SQL injection vulnerability in data/class/SC_Query.php in EC-CUBE ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-3987 (dtsoftbus01.sys in DAEMON Tools Lite before 4.41.3, Pro Standard ...)
	NOT-FOR-US: DAEMON Tools
CVE-2011-3986 (Cross-site scripting (XSS) vulnerability in Pligg before 1.2.0 allows ...)
	NOT-FOR-US: Pligg
CVE-2011-3985 (Cross-site scripting (XSS) vulnerability in Plume before 1.2.3 allows ...)
	NOT-FOR-US: Plume
CVE-2011-3984 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3983 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3982 (The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 ...)
	NOT-FOR-US: IBM AIX driver
CVE-2010-4869 (SQL injection vulnerability in index.php in DBHcms 1.1.4 allows remote ...)
	NOT-FOR-US: DBHcms
CVE-2010-4868 (Cross-site scripting (XSS) vulnerability in search.php3 (aka ...)
	NOT-FOR-US: W-Agora
CVE-2010-4867 (Directory traversal vulnerability in search.php3 (aka search.php) in ...)
	NOT-FOR-US: W-Agora
CVE-2010-4866 (SQL injection vulnerability in index.php in Chipmunk Board 1.3 allows ...)
	NOT-FOR-US: Chipmunk Board
CVE-2010-4865 (SQL injection vulnerability in the JE Guestbook (com_jeguestbook) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4864 (SQL injection vulnerability in the Club Manager (com_clubmanager) ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4863 (Cross-site scripting (XSS) vulnerability in admin/changedata.php in ...)
	NOT-FOR-US: GetSimple CMS
CVE-2010-4862 (SQL injection vulnerability in the JExtensions JE Directory ...)
	NOT-FOR-US: Joomla extension
CVE-2010-4861 (SQL injection vulnerability in asearch.php in webSPELL 4.2.1 allows ...)
	NOT-FOR-US: webSPELL
CVE-2010-4860 (SQL injection vulnerability in product_desc.php in MyPhpAuction 2010 ...)
	NOT-FOR-US: MyPhpAuction
CVE-2010-4859 (SQL injection vulnerability in index.php in WebAsyst Shop-Script ...)
	NOT-FOR-US: WebAsyst Shop-Script
CVE-2010-4858 (Directory traversal vulnerability in team.rc5-72.php in DNET ...)
	NOT-FOR-US: DNET Live-Stats
CVE-2010-4857 (SQL injection vulnerability in click.php in CAG CMS 0.2 Beta allows ...)
	NOT-FOR-US: CAG CMS
CVE-2010-4856 (SQL injection vulnerability in arsiv.asp in xWeblog 2.2 allows remote ...)
	NOT-FOR-US: xWeblog
CVE-2010-4855 (SQL injection vulnerability in oku.asp in xWeblog 2.2 allows remote ...)
	NOT-FOR-US: xWebLog
CVE-2010-4854 (SQL injection vulnerability in ajax/coupon.php in Zuitu 1.6, when ...)
	NOT-FOR-US: Zuitu
CVE-2010-4853 (SQL injection vulnerability in the ccInvoices (com_ccinvoices) ...)
	NOT-FOR-US: Joomla extension
CVE-2008-7302 (SQL injection vulnerability in netinvoice.php in the nBill ...)
	NOT-FOR-US: Joomla extension
CVE-2008-7301 (SQL injection vulnerability in admin/login.php in jSite 1.0 OE allows ...)
	NOT-FOR-US: jSite
CVE-2008-7300 (The labeled networking implementation in Solaris Trusted Extensions in ...)
	NOT-FOR-US: Oracle Solaris
CVE-2000-1247 (The default configuration of the jserv-status handler in jserv.conf in ...)
	- apache <removed>
CVE-2011-3981 (PHP remote file inclusion vulnerability in actions.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3980 (Unspecified vulnerability in the Drag Drop Mass Upload ...)
	NOT-FOR-US: TYPO3 extension
CVE-2011-3979 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2011-3978 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy.php ...)
	NOT-FOR-US: LightNEasy
CVE-2011-3977 (Unspecified vulnerability in nxconfigure.sh in NoMachine NX Node 3.x ...)
	NOT-FOR-US: NoMachine NX components
CVE-2011-3976 (Stack-based buffer overflow in AmmSoft ScriptFTP 3.3 allows remote FTP ...)
	NOT-FOR-US: AmmSoft ScriptFTP
CVE-2011-3975 (A certain HTC update for Android 2.3.4 build GRJ22, when the Sense ...)
	NOT-FOR-US: HTC Android
CVE-2011-3974 (Integer signedness error in the decode_residual_inter function in ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3973 (cavsdec.c in libavcodec in FFmpeg before 0.7.4 and 0.8.x before 0.8.3 ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3972 (The shader translator implementation in Google Chrome before ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3971 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3970 (libxslt, as used in Google Chrome before 17.0.963.46, allows remote ...)
	- libxslt 1.1.26-11 (low; bug #660650)
	[squeeze] - libxslt 1.1.26-6+squeeze1
CVE-2011-3969 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3968 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3967 (Unspecified vulnerability in Google Chrome before 17.0.963.46 allows ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3966 (Use-after-free vulnerability in Google Chrome before 17.0.963.46 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3965 (Google Chrome before 17.0.963.46 does not properly check signatures, ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3964 (Google Chrome before 17.0.963.46 does not properly implement the ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3963 (Google Chrome before 17.0.963.46 does not properly handle PDF FAX ...)
	- chromium-browser <not-affected> (Only affects proprietary Chrome)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3962 (Google Chrome before 17.0.963.46 does not properly perform path ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3961 (Race condition in Google Chrome before 17.0.963.46 allows remote ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3960 (Google Chrome before 17.0.963.46 does not properly decode audio data, ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3959 (Buffer overflow in the locale implementation in Google Chrome before ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3958 (Google Chrome before 17.0.963.46 does not properly perform casts of ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3957 (Use-after-free vulnerability in the garbage-collection functionality ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3956 (The extension implementation in Google Chrome before 17.0.963.46 does ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3955 (Google Chrome before 17.0.963.46 allows remote attackers to cause a ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3954 (Google Chrome before 17.0.963.46 allows remote attackers to cause a ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3953 (Google Chrome before 17.0.963.46 does not prevent monitoring of the ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3952 (The decode_init function in kmvc.c in libavcodec in FFmpeg before 0.10 ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3951 (The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg ...)
	{DSA-2494-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3950 (The dirac_decode_data_unit function in libavcodec/diracdec.c in FFmpeg ...)
	- libav <not-affected> (Specific to newer ffmpeg after split)
	- ffmpeg <not-affected> (Specific to newer ffmpeg after split)
CVE-2011-3949 (The dirac_unpack_idwt_params function in libavcodec/diracdec.c in ...)
	- libav <not-affected> (Specific to newer ffmpeg after split)
	- ffmpeg <not-affected> (Specific to newer ffmpeg after split)
CVE-2011-3948
	RESERVED
CVE-2011-3947 (Buffer overflow in mjpegbdec.c in libavcodec in FFmpeg 0.7.x before ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3946 (The ff_h264_decode_sei function in libavcodec/h264_sei.c in FFmpeg ...)
	{DSA-3003-1}
	- libav 6:10.3-1 (unimportant)
	- ffmpeg 7:2.4.1-1 (unimportant)
	NOTE: Not suitable for code injection, not treated as security issue
CVE-2011-3945 (The decode_frame function in the KVG1 decoder (kgv1dec.c) in ...)
	- libav 4:0.8.1-1
	- ffmpeg <not-affected> (Vulnerable code not present)
CVE-2011-3944 (The smacker_decode_header_tree function in libavcodec/smacker.c in ...)
	{DSA-2855-1}
	- libav 6:9.10-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commitdiff;h=0679cec6e8802643bbe6d5f68ca1110a7d3171da
CVE-2011-3943
	RESERVED
CVE-2011-3942
	RESERVED
CVE-2011-3941 (The decode_mb function in libavcodec/error_resilience.c in FFmpeg ...)
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <end-of-life> (Backports to 0.5.x not useful, too many checks missing)
	NOTE: Fix in libav: http://git.libav.org/?p=libav.git;a=commit;h=6193ff68549ecbaf1a4d63a0e06964ec580ac620
CVE-2011-3940 (nsvdec.c in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3939
	RESERVED
CVE-2011-3938
	RESERVED
CVE-2011-3937 (The H.263 codec (libavcodec/h263dec.c) in FFmpeg 0.7.x before 0.7.12, ...)
	- libav 6:0.8.3-1
	- ffmpeg <not-affected> (Vulnerable code not present, introduced in 0.7)
CVE-2011-3936 (The dv_extract_audio function in libavcodec in FFmpeg 0.7.x before ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3935 (The codec_get_buffer function in ffmpeg.c in FFmpeg before 0.10 allows ...)
	{DSA-3003-1}
	- libav 6:10-1
	- ffmpeg <not-affected> (vuln. code not present, introduced later)
	NOTE: [Diego] applies to 0.8 and 9 only, cherrypicked fixes on ML
CVE-2011-3934 (Double free vulnerability in the vp3_update_thread_context function in ...)
	{DSA-3003-1}
	- libav 6:10-1 (unimportant)
	- ffmpeg 7:2.4.1-1 (unimportant)
	NOTE: Fixed in libav trunk: http://git.libav.org/?p=libav.git;a=commit;h=759001c534287a96dc96d1e274665feb7059145d
	NOTE: only a crasher
CVE-2011-3933
	RESERVED
CVE-2011-3932
	RESERVED
CVE-2011-3931
	RESERVED
CVE-2011-3930
	RESERVED
CVE-2011-3929 (The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x ...)
	{DSA-2471-1}
	- libav 4:0.8.1-1
	- ffmpeg 7:2.4.1-1
CVE-2011-3928 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3927 (Skia, as used in Google Chrome before 16.0.912.77, does not perform ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3926 (Heap-based buffer overflow in the tree builder in Google Chrome before ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3925 (Use-after-free vulnerability in the Safe Browsing feature in Google ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3924 (Use-after-free vulnerability in Google Chrome before 16.0.912.77 ...)
	- chromium-browser 16.0.912.77~r118311-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3923 [struts ParameterInterceptor remote code execution]
	RESERVED
	- libstruts1.2-java <not-affected> (Only affects 2.x)
	NOTE: https://cwiki.apache.org/confluence/display/WW/S2-009
	NOTE: http://blog.o0o.nu/2012/01/cve-2011-3923-yet-another-struts2.html
CVE-2011-3922 (Stack-based buffer overflow in Google Chrome before 16.0.912.75 allows ...)
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3921 (Use-after-free vulnerability in Google Chrome before 16.0.912.75 ...)
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3920
	RESERVED
CVE-2011-3919 (Heap-based buffer overflow in libxml2, as used in Google Chrome before ...)
	{DSA-2394-1}
	- chromium-browser 16.0.912.75~r116452-1
	[squeeze] - chromium-browser <end-of-life>
	- libxml2 2.7.8.dfsg-7 (bug #656377)
CVE-2011-3918 (The Zygote process in Android 4.0.3 and earlier accepts fork requests ...)
	NOT-FOR-US: Android
CVE-2011-3917 (Stack-based buffer overflow in FileWatcher in Google Chrome before ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3916 (Google Chrome before 16.0.912.63 does not properly handle PDF cross ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
CVE-2011-3915 (Buffer overflow in Google Chrome before 16.0.912.63 allows remote ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3914 (The internationalization (aka i18n) functionality in Google V8, as ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (v8-i18n chrome issue)
CVE-2011-3913 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/100827
CVE-2011-3912 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/100502
CVE-2011-3911 (Google Chrome before 16.0.912.63 does not properly handle PDF ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3910 (Google Chrome before 16.0.912.63 does not properly handle YUV video ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3909 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/98374
CVE-2011-3908 (Google Chrome before 16.0.912.63 does not properly parse SVG ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99025
CVE-2011-3907 (The view-source feature in Google Chrome before 16.0.912.63 allows ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3906 (The PDF parser in Google Chrome before 16.0.912.63 allows remote ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (Chrome pdf plugin)
CVE-2011-3905 (libxml2, as used in Google Chrome before 16.0.912.63, allows remote ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-3904 (Use-after-free vulnerability in Google Chrome before 16.0.912.63 ...)
	- chromium-browser 16.0.912.63~r113337-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99462
CVE-2011-3903 (Google Chrome before 16.0.912.63 does not properly perform regex ...)
	- chromium-browser 16.0.912.63~r113337-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3902
	RESERVED
CVE-2011-3901
	RESERVED
CVE-2011-3900 (Google V8, as used in Google Chrome before 15.0.874.121, allows remote ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	- libv8 3.5.10.24
	[squeeze] - chromium-browser <not-affected>
	[squeeze] - libv8 <not-affected>
CVE-2011-3899
	RESERVED
CVE-2011-3898 (Google Chrome before 15.0.874.120, when Java Runtime Environment (JRE) ...)
	- chromium-browser 15.0.874.121~r109964-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3897 (Use-after-free vulnerability in Google Chrome before 15.0.874.120 ...)
	- chromium-browser 15.0.874.121~r109964-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/99023
CVE-2011-3896 (Buffer overflow in Google Chrome before 15.0.874.120 allows remote ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3895 (Heap-based buffer overflow in the Vorbis decoder in Google Chrome ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (Chrome issue)
	- ffmpeg 7:2.4.1-1
	- libav 4:0.8~beta2-1 (bug #654534; bug #654573)
CVE-2011-3894 (Google Chrome before 15.0.874.120 does not properly perform VP8 ...)
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3893 (Google Chrome before 15.0.874.120 does not properly implement the MKV ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	- libav 4:0.8~beta2-1 (bug #654534; bug #654572)
	- ffmpeg 7:2.4.1-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: this is due to http://llvm.org/bugs/show_bug.cgi?id=7554
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106599
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=106621
CVE-2011-3892 (Double free vulnerability in the Theora decoder in Google Chrome ...)
	{DSA-2471-1}
	- chromium-browser 15.0.874.121~r109964-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
	- libav 4:0.8~beta2-1 (bug #654534; bug #654571)
	- ffmpeg 7:2.4.1-1
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=107489
CVE-2011-3891 (Google Chrome before 15.0.874.102 does not properly restrict access to ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3890 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97451
CVE-2011-3889 (Heap-based buffer overflow in the Web Audio implementation in Google ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96843
CVE-2011-3888 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/96868
CVE-2011-3887 (Google Chrome before 15.0.874.102 does not properly handle javascript: ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96260
CVE-2011-3886 (Google V8, as used in Google Chrome before 15.0.874.102, allows remote ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	- libv8 3.6
	[squeeze] - libv8 <not-affected>
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3885 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97402
CVE-2011-3884 (Google Chrome before 15.0.874.102 does not properly address timing ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3883 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96632
CVE-2011-3882 (Use-after-free vulnerability in Google Chrome before 15.0.874.102 ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3881 (WebKit, as used in Google Chrome before 15.0.874.102 and Android ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/97353
CVE-2011-3880 (Google Chrome before 15.0.874.102 does not prevent use of an ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3879 (Google Chrome before 15.0.874.102 does not prevent redirects to ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/96610
CVE-2011-3878 (Race condition in Google Chrome before 15.0.874.102 allows remote ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/96999
CVE-2011-3877 (Cross-site scripting (XSS) vulnerability in the appcache internals ...)
	- chromium-browser 15.0.874.106~r107270-1
	- webkit <not-affected> (Chrome issue)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-3876 (Google Chrome before 15.0.874.102 does not properly handle downloading ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3875 (Google Chrome before 15.0.874.102 does not properly handle drag and ...)
	- chromium-browser 15.0.874.106~r107270-1 (unimportant)
	- webkit <not-affected> (Chrome issue)
CVE-2011-3874 (Stack-based buffer overflow in libsysutils in Android 2.2.x through ...)
	NOT-FOR-US: Android
CVE-2011-3873 (Google Chrome before 14.0.835.202 does not properly implement shader ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-XXXX [Fix file indirectory injection]
	- puppet 2.7.3-3 (unimportant)
	[squeeze] - puppet 2.6.2-5+squeeze1
	NOTE: Only exploitable during build/test suite run
	NOTE: DSA-2314-1
CVE-2011-3872 (Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet ...)
	{DSA-2352-1}
	- puppet 2.7.6-1
CVE-2011-3871 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3870 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3869 (Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows ...)
	{DSA-2314-1}
	- puppet 2.7.3-3
CVE-2011-3868 (Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player ...)
	NOT-FOR-US: Vmware
CVE-2011-3867
	REJECTED
CVE-2011-3866 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 do not properly ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3865 (Cross-site scripting (XSS) vulnerability in the Black-LetterHead theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3864 (Cross-site scripting (XSS) vulnerability in the The Erudite theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3863 (Cross-site scripting (XSS) vulnerability in the RedLine theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3862 (Cross-site scripting (XSS) vulnerability in the Morning Coffee theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3861 (Cross-site scripting (XSS) vulnerability in the Web Minimalist 200901 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3860 (Cross-site scripting (XSS) vulnerability in the Cover WP theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3859 (Cross-site scripting (XSS) vulnerability in the Trending theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3858 (Cross-site scripting (XSS) vulnerability in the Pixiv Custom theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3857 (Cross-site scripting (XSS) vulnerability in the Antisnews theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3856 (Cross-site scripting (XSS) vulnerability in the Elegant Grunge theme ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3855 (Cross-site scripting (XSS) vulnerability in the F8 Lite theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3854 (Cross-site scripting (XSS) vulnerability in the ZenLite theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3853 (Cross-site scripting (XSS) vulnerability in the Hybrid theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3852 (Cross-site scripting (XSS) vulnerability in the EvoLve theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3851 (Cross-site scripting (XSS) vulnerability in the News theme before 0.2 ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3850 (Cross-site scripting (XSS) vulnerability in the Atahualpa theme before ...)
	NOT-FOR-US: Wordpress theme
CVE-2011-3849 (Unspecified vulnerability in dxserver before 6279 in CA Directory 8.1 ...)
	NOT-FOR-US: CA Directory
CVE-2011-3848 (Directory traversal vulnerability in Puppet 2.6.x before 2.6.10 and ...)
	{DSA-2314-1}
	- puppet 2.7.3-2
CVE-2011-3847
	RESERVED
CVE-2011-3846 (Cross-site request forgery (CSRF) vulnerability in HP System ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-3845 (Use-after-free vulnerability in Apple Safari 5.1.2, when a plug-in ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3844 (Apple Safari 5.0.5 does not properly implement the setInterval ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3843
	RESERVED
CVE-2011-3842
	RESERVED
CVE-2011-3841 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3840
	RESERVED
CVE-2011-3839 (The administration functionality in Wuzly 2.0 allows remote attackers ...)
	NOT-FOR-US: Wuzly
CVE-2011-3838 (Multiple SQL injection vulnerabilities in Wuzly 2.0 allow remote ...)
	NOT-FOR-US: Wuzly
CVE-2011-3837 (Directory traversal vulnerability in blog_system/data_functions.php in ...)
	NOT-FOR-US: Wuzly
CVE-2011-3836 (Multiple cross-site request forgery (CSRF) vulnerabilities in Wuzly ...)
	NOT-FOR-US: Wuzly
CVE-2011-3835 (Multiple cross-site scripting (XSS) vulnerabilities in Wuzly 2.0 allow ...)
	NOT-FOR-US: Wuzly
CVE-2011-3834 (Multiple integer overflows in the in_avi.dll plugin in Winamp before ...)
	NOT-FOR-US: Winamp
CVE-2011-3833 (Unrestricted file upload vulnerability in ftp_upload_file.php in ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3832 (Eval injection vulnerability in config.php in Support Incident Tracker ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3831 (SQL injection vulnerability in incident_attachments.php in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3830 (Cross-site scripting (XSS) vulnerability in search.php in Support ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3829 (ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2011-3828 (DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote ...)
	NOT-FOR-US: DVR Remote
CVE-2011-3827 (The iCalendar component in gwwww1.dll in GroupWise Internet Agent ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4852 (Cross-site scripting (XSS) vulnerability in login.php in Eclime 1.1.2b ...)
	NOT-FOR-US: Eclime
CVE-2010-4851 (Multiple SQL injection vulnerabilities in Eclime 1.1.2b allow remote ...)
	NOT-FOR-US: Eclime
CVE-2010-4850 (Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 ...)
	NOT-FOR-US: Diferior
CVE-2010-4849 (SQL injection vulnerability in countrydetails.php in Alibaba Clone B2B ...)
	NOT-FOR-US: Alibaba Clone B2B
CVE-2010-4848 (Multiple cross-site scripting (XSS) vulnerabilities in addlink.php in ...)
	NOT-FOR-US: AXScripts AxsLinks
CVE-2010-4847 (SQL injection vulnerability in view_item.php in MH Products MHP ...)
	NOT-FOR-US: MH Products MHP Downloadshop
CVE-2010-4846 (SQL injection vulnerability in view_item.php in MH Products Pay Pal ...)
	NOT-FOR-US: MH Products Pay Pal Shop Digital
CVE-2010-4845 (Multiple SQL injection vulnerabilities in MH Products Projekt Shop ...)
	NOT-FOR-US: MH Products Projekt Shop
CVE-2010-4844 (SQL injection vulnerability in content.php in MH Products Easy Online ...)
	NOT-FOR-US: MH Products Easy Online Shop
CVE-2010-4843 (SQL injection vulnerability in website-page.php in PHP Web Scripts Ad ...)
	NOT-FOR-US: PHP Web Scripts Ad Manager Pro
CVE-2010-4842 (SQL injection vulnerability in admin/login.php in MHP DownloadScript ...)
	NOT-FOR-US: MH Products Download Center
CVE-2011-3826 (Zikula 1.2.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3825 (Zend Framework 1.11.3 in Zend Server CE 5.1.0 allows remote attackers ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3824 (Your Own URL Shortener (YOURLS) 1.5 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3823 (Yamamah 1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3822 (XOOPS 2.5.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3821 (xajax 0.6 beta1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3820 (WSN Software 6.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3819 (WoW Server Status 4.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3818 (WordPress 2.9.2 and 3.0.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3817 (Website Baker 2.8.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3816 (WEBinsta mailing list manager 1.3e allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3815 (WeBid 1.0.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3814 (WebCalendar 1.2.3, and other versions before 1.2.5, allows remote ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3813 (Virtual War (aka VWar) 1.5.0r15 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3812 (Vanilla 2.0.16 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3811 (TomatoCart 1.1.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3810 (TinyWebGallery (TWG) 1.8.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3809 (TheHostingTool (THT) 1.2.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3808 (The Bug Genie 2.1.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3807 (Textpattern 4.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3806 (TCExam 11.1.015 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3805 (TaskFreak! multi-mysql-0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3804 (SweetRice 0.7.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3803 (SugarCRM 6.1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3802 (StatusNet 0.9.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3801 (SimpleTest 1.0.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3800 (Serendipity 1.5.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3799 (ReOS 2.0.5 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3798 (Rapid Leech 2.3-v42-svn322 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3797 (ProjectPier 0.8.0.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3796 (PrestaShop 1.4.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3795 (Podcast Generator 1.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3794 (Pligg CMS 1.1.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3793 (Pixie 1.04 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3792 (Pixelpost 1.7.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3791 (Piwik 1.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3790 (Piwigo 2.1.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3789 (phpwcms 1.4.7 r412 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3788 (PhpSecInfo 0.2.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3787 (phpScheduleIt 1.2.12 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3786 (PHProjekt 6.0.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3785 (PHP Point Of Sale (POS) 10.7 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3784 (Francisco Burzi PHP-Nuke 8.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3783 (phpMyFAQ 2.6.13 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3782 (phpLD 2-151.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3781 (PHPIDS 0.6.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3780 (PHP iCalendar 2.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3779 (PhpHostBot 2.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3778 (PhpGedView 4.2.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3777 (phpFreeChat 1.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3776 (phpFormGenerator 2.09 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3775 (PHPfileNavigator 2.3.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3774 (php Easy Survey Package (phpESP) 2.1.1 allows remote attackers to ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3773 (PHPDevShell 3.0.0-Beta-4b allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3772 (phpCollab 2.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3771 (phpBook 2.1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3770 (phpAlbum 0.4.1.14 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3769 (PHPads 2.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3768 (Phorum 5.2.15a allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3767 (osCommerce 3.0a5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3766 (OrangeHRM 2.6.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3765 (Open-Realty 2.5.8 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3764 (OpenDocMan 1.2.6-svn-2011-01-21 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3763 (OpenCart 1.4.9.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3762 (OpenBlog 1.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3761 (NuSOAP 0.9.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3760 (Nucleus 3.61 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3759 (MyBB (aka MyBulletinBoard) 1.6 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3758 (::mound:: 2.1.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3757 (Moodle 2.0.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3756 (MicroBlog 0.9.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3755 (MantisBT 1.2.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3754 (Mambo 4.6.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3753 (LinPHA 1.3.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3752 (LimeSurvey 1.90+ build9642-20101214 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3751 (LifeType 1.2.10 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3750 (kPlaylist 1.8.502 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3749 (ka-Map 1.0-20070205 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3748 (Kamads Classifieds 2_B3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3747 (Joomla! 1.6.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3746 (Jcow 4.2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3745 (HycusCMS 1.0.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3744 (HTML Purifier 4.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3743 (Hesk 2.2 allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3742 (HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3741 (Ganglia 3.1.7 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3740 (FrontAccounting 2.3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3739 (Freeway 1.5 Alpha allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3738 (Feng Office 1.7.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3737 (eyeOS 2.2.0.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3736 (ExoPHPDesk 1.2.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3735 (Escort Agency CMS (aka escort-agency-cms) allows remote attackers to ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3734 (Energine 2.3.8 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3733 (Elgg 1.7.6 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3732 (eggBlog 4.1.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3731 (e107 0.7.24 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3730 (Drupal 7.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3729 (dotproject 2.1.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3728 (Dolphin 7.0.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3727 (DokuWiki 2009-12-25c allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3726 (DoceboLMS 4.0.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3725 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3724 (CubeCart 4.4.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3723 (Crafty Syntax 3.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3722 (Coppermine Photo Gallery (CPG) 1.5.12 allows remote attackers to ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3721 (concrete 5.4.0.5, 5.4.1, and 5.4.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3720 (conceptcms 5.3.1, 5.3.3, and possibly other versions allows remote ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3719 (CodeIgniter 1.7.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3718 (CMS Made Simple (CMSMS) 1.9.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3717 (ClipBucket 2.0.9 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3716 (Claroline 1.9.7 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3715 (ClanTiger 1.1.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3714 (ClanSphere 2010.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3713 (cFTP r80 allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3712 (CakePHP 1.3.7 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3711 (BIGACE 2.7.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3710 (bbPress 1.0.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3709 (b2evolution 3.3.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3708 (Automne 4.0.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3707 (JanRain PHP OpenID library (aka php-openid) 2.2.2 allows remote ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3706 (ATutor 2.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3705 (Arctic Fox CMS 0.9.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3704 (appRain 0.1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3703 (AneCMS 1.0 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3702 (Ananta Gazelle 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3701 (AlegroCart 1.2.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3700 (Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3699 (John Lim ADOdb Library for PHP 5.11 allows remote attackers to obtain ...)
	- libphp-adodb <unfixed> (unimportant)
	NOTE: path is already known
CVE-2011-3698 (AdaptCMS 2.0.2 Beta allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3697 (Achievo 1.4.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3696 (60cycleCMS 2.5.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3695 (111WebCalendar 1.2.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web app path disclosure, not an issue (path is known anyway)
CVE-2011-3694 (The Server Administration Console in NetSaro Enterprise Messenger ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3693 (NetSaro Enterprise Messenger Server 2.0 allows local users to discover ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3692 (NetSaro Enterprise Messenger Server 2.0 stores cleartext console ...)
	NOT-FOR-US: NetSaro Enterprise Messenger
CVE-2011-3691 (Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-3690 (Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 ...)
	NOT-FOR-US: PlotSoft PDFill PDF Editor
CVE-2011-3689 (Cross-site scripting (XSS) vulnerability in Licenses.html in ...)
	NOT-FOR-US: Wibu-Systems CodeMeter WebAdmin
CVE-2011-3688 (Multiple SQL injection vulnerabilities in Sonexis ConferenceManager ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3687 (Multiple cross-site scripting (XSS) vulnerabilities in Sonexis ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3686 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Sonexis ConferenceManager
CVE-2011-3685 (Tembria Server Monitor before 6.0.5 Build 2252 uses a substitution ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2011-3684 (Multiple cross-site scripting (XSS) vulnerabilities in Tembria Server ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2011-3683
	RESERVED
CVE-2011-3682
	RESERVED
CVE-2011-3681
	REJECTED
CVE-2011-3680
	REJECTED
CVE-2011-3679
	REJECTED
CVE-2011-3678
	REJECTED
CVE-2011-3677
	REJECTED
CVE-2011-3676
	REJECTED
CVE-2011-3675
	REJECTED
CVE-2011-3674
	REJECTED
CVE-2011-3673
	REJECTED
CVE-2011-3672
	REJECTED
CVE-2011-3671 (Use-after-free vulnerability in the nsHTMLSelectElement function in ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3670 (Mozilla Firefox before 3.6.26 and 4.x through 6.0, Thunderbird before ...)
	{DSA-2406-1 DSA-2402-1 DSA-2400-1}
	- icedove 7.0-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-10
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3669 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3668 (Cross-site request forgery (CSRF) vulnerability in post_bug.cgi in ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3667 (The User.offer_account_by_email WebService method in Bugzilla 2.x and ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3666 (Mozilla Firefox before 3.6.25 and Thunderbird before 3.1.17 on Mac OS ...)
	- iceweasel <not-affected> (MacOS specific)
CVE-2011-3665 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3664 (Mozilla Firefox before 9.0, Thunderbird before 9.0, and SeaMonkey ...)
	- iceweasel <not-affected> (MacOS specific)
CVE-2011-3663 (Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3662
	RESERVED
CVE-2011-3661 (YARR, as used in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3660 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 9.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3659 (Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 10.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3658 (The SVG implementation in Mozilla Firefox 8.0, Thunderbird 8.0, and ...)
	- iceweasel 9.0-1
	- iceape 2.7.1-1
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3657 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.x ...)
	- bugzilla <removed> (low)
	[squeeze] - bugzilla <end-of-life> (Not supported in Squeeze LTS)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2011-3656
	RESERVED
	- iceweasel 4.0-1
	[squeeze] - iceweasel <end-of-life> (Iceweasel not supported in Squeeze LTS)
CVE-2011-3655 (Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3654 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3653 (Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do ...)
	- iceweasel <not-affected> (MacOS X-specific)
CVE-2011-3652 (The browser engine in Mozilla Firefox before 8.0 and Thunderbird ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3651 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3650 (Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3649 (Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2011-3648 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 8.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3647 (The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird ...)
	{DSA-2345-1 DSA-2342-1 DSA-2341-1}
	- icedove 3.1.16-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-9
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-3646 (phpmyadmin.css.php in phpMyAdmin 3.4.x before 3.4.6 allows remote ...)
	- phpmyadmin 4:3.4.6-1 (unimportant)
CVE-2011-3645 (Newgen OmniDocs allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Newgen OmniDocs
CVE-2010-4841 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2010-4840 (Multiple buffer overflows in the Syslog server in ManageEngine ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2011-XXXX [atftp DoS]
	- atftp 0.7.dfsg-11 (low)
	[squeeze] - atftp <no-dsa> (Minor issue)
	[lenny] - atftp <not-affected> (Introduced with ipv6 patch)
CVE-2011-3644
	RESERVED
CVE-2011-3643
	RESERVED
CVE-2011-3642 [flowplayer-core: Arbitrary plugins with remote code execution (XSS)]
	RESERVED
	- mahara <removed> (low; bug #699230)
	[squeeze] - mahara <no-dsa> (Minor issue)
	NOTE: https://code.google.com/p/flowplayer-core/issues/detail?id=441
CVE-2011-3641
	RESERVED
CVE-2011-3640 (** DISPUTED ** Untrusted search path vulnerability in Mozilla Network ...)
	{DSA-2339-1}
	- nss 3.13.1.with.ckbi.1.88-1 (low; bug #647614)
	[lenny] - nss <no-dsa> (Minor issue)
	[squeeze] - nss <no-dsa> (Minor issue)
	- chromium-browser <unfixed> (unimportant)
	NOTE: attacker needs to get malicious file into cwd first
	NOTE: http://seclists.org/fulldisclosure/2011/Oct/734
CVE-2011-3639 (The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 ...)
	{DSA-2405-1}
	- apache2 2.2.18-1
	NOTE: Related to CVE-2011-3368 and CVE-2011-4317 but a different issue
CVE-2011-3638 (fs/ext4/extents.c in the Linux kernel before 3.0 does not mark a ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-3637 (The m_stop function in fs/proc/task_mmu.c in the Linux kernel before ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-3636 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: FreeIPA
CVE-2011-3635 (Cross-site scripting (XSS) vulnerability in the ...)
	- empathy 3.2.1.1-1
	[squeeze] - empathy <no-dsa> (Minor issue)
	[lenny] - empathy <not-affected> (only affects webkit theming, not present in Lenny)
CVE-2011-3634 (methods/https.cc in apt before 0.8.11 accepts connections when the ...)
	{DLA-0005-1}
	- apt 0.8.11 (low)
	[squeeze] - apt 0.8.10.3+squeeze2
	NOTE: Minor issue, apt is only affected if apt-transport-https is installed
	NOTE: http://bazaar.launchpad.net/~donkult/apt/sid/revision/2053.1.28
	NOTE: https://bugs.launchpad.net/ubuntu/+source/apt/+bug/868353
CVE-2011-3633
	REJECTED
CVE-2011-3632 [hardlink has buffer overflows, is unsafe on changing trees]
	RESERVED
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3631 [hardlink has buffer overflows, is unsafe on changing trees]
	RESERVED
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3630 [hardlink has buffer overflows, is unsafe on changing trees]
	RESERVED
	- hardlink <not-affected> (Only the C version, ours are written in Python)
CVE-2011-3629
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-3628 (Untrusted search path vulnerability in pam_motd (aka the MOTD module) ...)
	- pam 1.1.3-7 (low; bug #670076)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
	NOTE: https://bugs.launchpad.net/ubuntu/%2Bsource/pam/%2Bbug/610125
	NOTE: https://launchpadlibrarian.net/82729670/610125.patch
	NOTE: its not clear which version fixed this, but its present in the checked version 1.1.3-7
CVE-2011-3627 (The bytecode engine in ClamAV before 0.97.3 allows remote attackers to ...)
	- clamav 0.97.3+dfsg-1 (low)
	[squeeze] - clamav 0.97.3+dfsg-1~squeeze1
CVE-2011-3626 (Double free vulnerability in the prepare_exec function in src/exec.c ...)
	NOT-FOR-US: Logsurfer
CVE-2011-3625 (Stack-based buffer overflow in the sub_read_line_sami function in ...)
	- mplayer 2:1.0~rc4.dfsg1+svn33713-2 (bug #645987)
	[squeeze] - mplayer <not-affected> (Malformed SMI file correctly rejected, possibly introduced by later changes)
	- mplayer2 2.0-134-g84d8671-9 (bug #646937)
CVE-2011-3624
	RESERVED
	- ruby1.8 <removed> (low; bug #646020)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	[wheezy] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed> (low; bug #646020)
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 <removed> (low; bug #646020)
	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, there seems to be no patch upstream)
	[wheezy] - ruby1.9.1 <no-dsa> (Minor issue)
CVE-2011-3623 (Multiple stack-based buffer overflows in VideoLAN VLC media player ...)
	- vlc 1.1.3-1
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=285370
CVE-2011-3622
	RESERVED
	NOT-FOR-US: phorum
CVE-2011-3621
	RESERVED
	NOT-FOR-US: fluxbb
CVE-2011-3620 (Apache Qpid 0.12 does not properly verify credentials during the ...)
	- qpid-cpp <not-affected> (Red Hat-specific extension, see bug #672124)
CVE-2011-3619 (The apparmor_setprocattr function in security/apparmor/lsm.c in the ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-3618 [atop insecure tempfile handling]
	RESERVED
	- atop 1.23-1.1 (low; bug #622794)
	[lenny] - atop 1.23-1+lenny1 (bug #622794)
	[squeeze] - atop 1.23-1+squeeze1 (bug #622794)
CVE-2011-3617 [tahoe-lafs: an unauthorized user can delete files]
	RESERVED
	- tahoe-lafs 1.8.3-1 (bug #641540)
CVE-2011-3616 (The getSkillname function in the eve module in Conky 1.8.1 and earlier ...)
	- conky 1.8.0-1.1 (low; bug #612033)
	[squeeze] - conky 1.8.0-1+squeeze1
	[lenny] - conky 1.6.0-2+lenny1
CVE-2011-3615 (Multiple SQL injection vulnerabilities in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-3614 [vanilla plugin access control]
	RESERVED
	NOT-FOR-US: Vanilla Forums
CVE-2011-3613 [vanilla forums cookie theft]
	RESERVED
	NOT-FOR-US: Vanilla Forums
CVE-2011-3612 [HTB22913: Multiple CSRF in UseBB]
	RESERVED
	NOT-FOR-US: UseBB
CVE-2011-3611 [HTB22914: Local File Inclusion in UseBB]
	RESERVED
	NOT-FOR-US: UseBB
CVE-2011-3610 [serendipity freetag plugin before 3.30 and probably others]
	RESERVED
	NOT-FOR-US: Serendipity plugin
CVE-2011-3609 [CSRF in the JBoss AS 7 administration console & HTTP management API]
	RESERVED
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3608
	REJECTED
CVE-2011-3607 (Integer overflow in the ap_pregsub function in server/util.c in the ...)
	{DSA-2405-1}
	- apache2 2.2.21-4
CVE-2011-3606 [DOM based XSS in the JBoss AS 7 administration console]
	RESERVED
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2011-3605 (The process_rs function in the router advertisement daemon (radvd) ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3604 (The process_ra function in the router advertisement daemon (radvd) ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3603 (The router advertisement daemon (radvd) before 1.8.2 does not properly ...)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
	NOTE: should be rejected (http://seclists.org/oss-sec/2011/q4/72)
CVE-2011-3602 (Directory traversal vulnerability in device-linux.c in the router ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.1 (bug #644614)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3601 (Buffer overflow in the process_ra function in the router advertisement ...)
	{DSA-2323-1}
	- radvd 1:1.8-1.2 (bug #644614)
	[squeeze] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
	[lenny] - radvd <not-affected> (No support for ND_OPT_DNSSL_INFORMATION)
	NOTE: http://seclists.org/oss-sec/2011/q4/30
CVE-2011-3600
	RESERVED
	- libxmlrpc3-java 3.1.3-1 (low)
	[lenny] - libxmlrpc3-java <no-dsa> (Minor issue)
CVE-2011-3599 (The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when ...)
	- libcrypt-dsa-perl 1.17-3 (unimportant; bug #644189)
	NOTE: All supported Debian kernels have /dev/random, so severity unimportant
CVE-2011-3598 (Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin ...)
	- phppgadmin 5.0.3-1 (low; bug #644290)
	[squeeze] - phppgadmin 4.2.3-1.1squeeze1
	[lenny] - phppgadmin 4.2.2-1lenny1
CVE-2011-3597 (Eval injection vulnerability in the Digest module before 1.17 for Perl ...)
	- libdigest-perl 1.17-1 (low; bug #644108)
	[squeeze] - libdigest-perl 1.16-1+squeeze1
	[lenny] - libdigest-perl 1.15-2+lenny1
	- perl 5.12.4-6 (low; bug #644108)
	[squeeze] - perl 5.10.1-17squeeze3
	[lenny] - perl <no-dsa> (Minor issue)
	NOTE: https://github.com/gisle/digest/commit/33800e83550bcad19c4fc593874ec3497841fa1e
CVE-2011-3596
	RESERVED
	- polipo 1.0.4.1-1.2 (bug #644289)
	[squeeze] - polipo <no-dsa> (Minor issue)
	NOTE: http://seclists.org/fulldisclosure/2011/Oct/10
CVE-2011-3595
	RESERVED
	NOT-FOR-US: Joomla
CVE-2011-3594 (The g_markup_escape_text function in the SILC protocol plug-in in ...)
	- pidgin 2.10.1-1 (unimportant)
	[squeeze] - pidgin 2.7.3-1+squeeze2
	NOTE: relatively obscure client crash
CVE-2011-3593 (A certain Red Hat patch to the vlan_hwaccel_do_receive function in ...)
	- linux-2.6 <not-affected> (RHEL6 only because of badly backported patches)
CVE-2011-3592 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- phpmyadmin 4:3.4.5-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3591 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:3.4.5-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3590 (The Red Hat mkdumprd script for kexec-tools, as distributed in the ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3589 (The Red Hat mkdumprd script for kexec-tools, as distributed in the ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3588 (The SSH configuration in the Red Hat mkdumprd script for kexec-tools, ...)
	- kexec-tools <not-affected> (The flaw exists in kdump.init and mkdumprd scrits, shipped only with Red Hat and Fedora)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=716439
CVE-2011-3587 (Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone ...)
	- zope2.10 <not-affected> (Introduced in 2.12)
	- zope2.12 2.12.20-2
CVE-2011-3586
	RESERVED
	NOTE: Dupe of CVE-2011-3504, to be rejected
CVE-2011-3585
	RESERVED
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:4.5-1 (low)
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=810f7e4e0f2dbcbee0294d9b371071cb08268200
CVE-2011-3584 [TYPO3-SA-2011-003]
	RESERVED
	- typo3-src 4.5.6+dfsg1-1 (low; bug #641683)
	[squeeze] - typo3-src 4.3.9+dfsg1-1+squeeze2
	[lenny] - typo3-src 4.2.5-1+lenny9
CVE-2011-3583 [TYPO3-SA-2011-002]
	RESERVED
	- typo3-src 4.5.6+dfsg1-1 (low; bug #641682)
	[squeeze] - typo3-src <not-affected> (Only affects 4.5.x)
	[lenny] - typo3-src <not-affected> (Only affects 4.5.x)
CVE-2011-3582
	RESERVED
	NOT-FOR-US: Advanced Electron Forums
CVE-2011-3581 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...)
	{DSA-2353-1}
	- ldns 1.6.11-1 (bug #647297)
CVE-2011-3580 (IceWarp WebMail in IceWarp Mail Server before 10.3.3 allows remote ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2011-3579 (server/webmail.php in IceWarp WebMail in IceWarp Mail Server before ...)
	NOT-FOR-US: IceWarp Mail Server
CVE-2011-3578 (Cross-site scripting (XSS) vulnerability in ...)
	- mantis 1.2.7-1
	[squeeze] - mantis 1.1.8+dfsg-10squeeze1
CVE-2004-2770
	REJECTED
CVE-2011-3577 (IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2011-3576 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 8.5.2 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-3575 (Stack-based buffer overflow in the NSFComputeEvaluateExt function in ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-3574 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3573 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3572
	REJECTED
CVE-2011-3571 (Unspecified vulnerability in the Virtual Desktop Infrastructure (VDI) ...)
	NOTE: CVE was misused by Oracle. Replaced by CVE-2012-0507.
CVE-2011-3570 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3569 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3568 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3567
	REJECTED
CVE-2011-3566 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3565 (Unspecified vulnerability in Oracle Communications Unified 7.0 allows ...)
	NOT-FOR-US: Oracle Communications Unified
CVE-2011-3564 (Unspecified vulnerability in Oracle GlassFish Enterprise Server 2.1.1 ...)
	- glassfish <not-affected> (administration component not shipped)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=783897
CVE-2011-3563 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2420-1}
	- openjdk-6 6b24-1.11.1-1
	- openjdk-7 7~u3-2.1-1
CVE-2011-3562 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-3561 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3560 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3559 (Unspecified vulnerability in Oracle Communications Server 2.0; ...)
	NOT-FOR-US: Oracle Communications Server, GlassFish Enterprise Server, Sun Java System App Server
CVE-2011-3558 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - openjdk-6 <not-affected> (Hotspot version too old)
	[squeeze] - openjdk-6 <not-affected> (Hotspot version too old)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3557 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3556 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3555 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3554 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3553 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3552 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3551 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3550 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3549 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3548 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3547 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3546 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3545 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2011-3544 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3543 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...)
	NOT-FOR-US: Oracle Solaris 11 Express
CVE-2011-3542 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3541 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3540
	REJECTED
CVE-2011-3539 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3538 (Unspecified vulnerability in the Sun Ray component in Oracle ...)
	NOT-FOR-US: Oracle Virtualization
CVE-2011-3537 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3536 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3535 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3534 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3533 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3532 (Unspecified vulnerability in the Oracle Agile Product Supplier ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2011-3531 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3529 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3528 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3527 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-3526 (Unspecified vulnerability in the Siebel Core - UIF Server component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-3525 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3524 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3523 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-3522 (Unspecified vulnerability in SysFW 8.0 on certain SPARC T3, Netra ...)
	NOT-FOR-US: SPARC T3, Netra SPARC T3, Sun Fire, and Sun Blade
CVE-2011-3521 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	{DSA-2358-1 DSA-2356-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
CVE-2011-3520 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise PeopleTools
CVE-2011-3519 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-3518 (Unspecified vulnerability in the Siebel Core - UIF Client component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-3517 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3516 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- sun-java6 <not-affected> (Windows-specific)
	- openjdk-6 <not-affected> (Windows-specific)
CVE-2011-3515 (Unspecified vulnerability in the Oracle Solaris 10 and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3514 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3513 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-3512 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3511 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-3510 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-3509 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-3508 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-3507 (Unspecified vulnerability in the Oracle Communications Unified ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3506 (Unspecified vulnerability in the Oracle OpenSSO component in Oracle ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-3505
	REJECTED
CVE-2011-3504 (The Matroska format decoder in FFmpeg before 0.8.3 does not properly ...)
	{DSA-2336-1}
	- libav 4:0.7.2-1 (bug #643859)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-3503 (Untrusted search path vulnerability in eSignal 10.6.2425.1208, and ...)
	NOT-FOR-US: eSignal
CVE-2011-3502 (The web server in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3501 (Integer overflow in Cogent DataHub 7.1.1.63 and earlier allows remote ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3500 (Directory traversal vulnerability in the web server in Cogent DataHub ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3499 (Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3498 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3497 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3496 (service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3495 (Multiple directory traversal vulnerabilities in service.exe in ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3494 (WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to ...)
	NOT-FOR-US: eSignal
CVE-2011-3493 (Multiple stack-based buffer overflows in the DH_OneSecondTick function ...)
	NOT-FOR-US: Cogent DataHub
CVE-2011-3492 (Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and ...)
	NOT-FOR-US: Azeotech DAQFactory
CVE-2011-3491 (Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and ...)
	NOT-FOR-US: Progea Movicon / PowerHMI
CVE-2011-3490 (Multiple stack-based buffer overflows in service.exe in Measuresoft ...)
	NOT-FOR-US: Measuresoft ScadaPro
CVE-2011-3489 (RnaUtility.dll in RsvcHost.exe 2.30.0.23 in Rockwell RSLogix 19 and ...)
	NOT-FOR-US: Rockwell RSLogix
CVE-2011-3488 (Use-after-free vulnerability in Equis MetaStock 11 and earlier allows ...)
	NOT-FOR-US: Equis MetaStock
CVE-2011-3487 (Directory traversal vulnerability in CarelDataServer.exe in Carel ...)
	NOT-FOR-US: Carel PlantVisor
CVE-2011-3486 (Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to ...)
	NOT-FOR-US: Beckhoff TwinCAT
CVE-2011-3485
	RESERVED
CVE-2011-3481 (The index_get_ids function in index.c in imapd in Cyrus IMAP Server ...)
	{DSA-2377-1}
	- cyrus-imapd-2.2 <unfixed>
	- cyrus-imapd-2.4 2.4.11-1
	- kolab-cyrus-imapd <removed>
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3480
	REJECTED
CVE-2011-3479 (Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3478 (The host-services component in Symantec pcAnywhere 12.5.x through ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2011-3477 (GEAR Software CD DVD Filter driver (aka GEARAspiWDM.sys), as used in ...)
	NOT-FOR-US: Symantec
CVE-2011-3476
	REJECTED
CVE-2011-3475
	RESERVED
CVE-2011-3474
	RESERVED
CVE-2011-3473
	RESERVED
CVE-2011-3472
	RESERVED
CVE-2011-3471
	RESERVED
CVE-2011-3470
	RESERVED
CVE-2011-3469
	RESERVED
CVE-2011-3468
	RESERVED
CVE-2011-3467
	RESERVED
CVE-2011-3466
	RESERVED
CVE-2011-3465
	RESERVED
CVE-2011-3464 (Off-by-one error in the png_formatted_warning function in pngerror.c ...)
	- libpng <not-affected> (Only affects libpng 1.5, which is only in experimental)
CVE-2011-3463 (WebDAV Sharing in Apple Mac OS X 10.7.x before 10.7.3 does not ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3462 (Time Machine in Apple Mac OS X before 10.7.3 does not verify the ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3461
	RESERVED
CVE-2011-3460 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.3 allows ...)
	NOT-FOR-US: QuickTime
CVE-2011-3459 (Off-by-one error in QuickTime in Apple Mac OS X before 10.7.3 allows ...)
	NOT-FOR-US: QuickTime
CVE-2011-3458 (QuickTime in Apple Mac OS X before 10.7.3 does not prevent access to ...)
	NOT-FOR-US: QuickTime
CVE-2011-3457 (The OpenGL implementation in Apple Mac OS X before 10.7.3 does not ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3456
	RESERVED
CVE-2011-3455
	RESERVED
CVE-2011-3454
	RESERVED
CVE-2011-3453 (Integer overflow in libresolv in Apple Mac OS X before 10.7.3 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3452 (Internet Sharing in Apple Mac OS X before 10.7.3 does not preserve the ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3451
	RESERVED
CVE-2011-3450 (CoreUI in Apple Mac OS X 10.7.x before 10.7.3 does not properly ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3449 (Use-after-free vulnerability in CoreText in Apple Mac OS X before ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3448 (Heap-based buffer overflow in CoreMedia in Apple Mac OS X before ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3447 (CFNetwork in Apple Mac OS X 10.7.x before 10.7.3 does not properly ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3446 (Apple Type Services (ATS) in Apple Mac OS X before 10.7.3 does not ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3445
	RESERVED
CVE-2011-3444 (Address Book in Apple Mac OS X before 10.7.3 automatically switches to ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3443 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webspecidied Safari webkit issue, likely a Apple dupe
CVE-2011-3442 (The kernel in Apple iOS before 5.0.1 does not ensure the validity of ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3441 (libinfo in Apple iOS before 5.0.1 does not properly formulate ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3440 (The Passcode Lock feature in Apple iOS before 5.0.1 on the iPad 2 does ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3439 (FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote ...)
	{DSA-2350-1}
	- freetype 2.4.8-1 (bug #649122)
CVE-2011-3438 (WebKit, as used in Safari 5.0.6, allows remote attackers to cause a ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3437 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Type Services (ATS) in Apple Mac OS
CVE-2011-3436 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 does not require a ...)
	NOT-FOR-US: Open Directory in Apple Mac OS
CVE-2011-3435 (Open Directory in Apple Mac OS X 10.7 before 10.7.2 allows local users ...)
	NOT-FOR-US: Open Directory in Apple Mac OS
CVE-2011-3434 (The WiFi component in Apple iOS before 5 stores WiFi credentials in an ...)
	NOT-FOR-US: WiFi component in Apple iOS
CVE-2011-3433
	RESERVED
CVE-2011-3432 (The UIKit Alerts component in Apple iOS before 5 allows remote ...)
	NOT-FOR-US: UIKit Alerts component in Apple iOS
CVE-2011-3431 (The Home screen component in Apple iOS before 5 does not properly ...)
	NOT-FOR-US: Home screen component in Apple iOS
CVE-2011-3430 (The Settings component in Apple iOS before 5, when a configuration ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3429 (The Settings component in Apple iOS before 5 stores a cleartext ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3428 (Buffer overflow in QuickTime before 7.7.1 for Windows allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2011-3427 (The Data Security component in Apple iOS before 5 and Apple TV before ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3426 (Cross-site scripting (XSS) vulnerability in Safari in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3425
	RESERVED
CVE-2011-3424 (Session fixation vulnerability in the Managed File Transfer server in ...)
	NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2011-3423 (Cross-site scripting (XSS) vulnerability in the Managed File Transfer ...)
	NOT-FOR-US: TIBCO Managed File Transfer Internet Server
CVE-2010-4839 (SQL injection vulnerability in the Event Registration plugin 5.32 and ...)
	NOT-FOR-US: Wordpress plugin Event Registration
CVE-2010-4838 (SQL injection vulnerability in the JSupport (com_jsupport) component ...)
	NOT-FOR-US: Joomla
CVE-2010-4837 (Cross-site scripting (XSS) vulnerability in the JSupport ...)
	NOT-FOR-US: Joomla
CVE-2010-4836 (Cross-site scripting (XSS) vulnerability in register.html in PHPShop ...)
	NOT-FOR-US: PHPShop
CVE-2010-4835 (Directory traversal vulnerability in index.php in OneOrZero AIMS 2.6.0 ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2010-4834 (Multiple SQL injection vulnerabilities in index.php in OneOrZero AIMS ...)
	NOT-FOR-US: OneOrZero AIMS
CVE-2009-5101 (Pentaho BI Server 1.7.0.1062 and earlier includes the session ID ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5100 (Pentaho BI Server 1.7.0.1062 and earlier does not set the autocomplete ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5099 (Cross-site scripting (XSS) vulnerability in ViewAction in Pentaho BI ...)
	NOT-FOR-US: Pentaho BI Server
CVE-2009-5098 (The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5097 (Palm Pre WebOS 1.1 and earlier processes JavaScript in email messages, ...)
	NOT-FOR-US: Palm WebOS
CVE-2009-5096 (Cross-site scripting (XSS) vulnerability in the Flag Content module ...)
	NOT-FOR-US: Drupal module Flag Content
	NOTE: might get packaged
CVE-2011-3482 (The csnStreamDissector function in epan/dissectors/packet-csn1.c in ...)
	- wireshark 1.6.2-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-16.html
CVE-2011-3483 (Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial ...)
	{DSA-2395-1}
	- wireshark 1.6.2-1
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-14.html
CVE-2011-3484 (The unxorFrame function in epan/dissectors/packet-opensafety.c in the ...)
	- wireshark 1.6.2-1
	[squeeze] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	[lenny] - wireshark <not-affected> (Affects only 1.6.0 and 1.6.1)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-12.html
CVE-2011-3422 (The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-3421 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	NOTE: duplicate
CVE-2011-3420 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	NOTE: duplicate
CVE-2011-3419
	REJECTED
CVE-2011-3418
	REJECTED
CVE-2011-3417 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3416 (The Forms Authentication feature in the ASP.NET subsystem in Microsoft ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3415 (Open redirect vulnerability in the Forms Authentication feature in the ...)
	NOT-FOR-US: Microsoft ASP.NET
CVE-2011-3414 (The CaseInsensitiveHashProvider.getHashCode function in the HashTable ...)
	NOT-FOR-US: Microsoft .NET Framework
	NOTE: Might affect Mono, pinged maintainers
CVE-2011-3413 (Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2011-3412 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3411 (Microsoft Publisher 2003 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3410 (Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-3409
	REJECTED
CVE-2011-3408 (Csrsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3407
	REJECTED
CVE-2011-3406 (Buffer overflow in Active Directory, Active Directory Application Mode ...)
	NOT-FOR-US: Microsoft Active Directory
CVE-2011-3405
	REJECTED
CVE-2011-3404 (Microsoft Internet Explorer 6 through 9 does not properly use the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-3403 (Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-3402 (Unspecified vulnerability in the TrueType font parsing engine in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-3401 (ENCDEC.DLL in Windows Media Player and Media Center in Microsoft ...)
	NOT-FOR-US: Microsoft Media Player
CVE-2011-3400 (Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3399
	REJECTED
CVE-2011-3398
	REJECTED
CVE-2011-3397 (The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-3396 (Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2011-3395
	REJECTED
CVE-2011-3394 (SQL injection vulnerability in findagent.php in MYRE Real Estate ...)
	NOT-FOR-US: MYRE Real Estate
CVE-2011-3393 (Multiple cross-site scripting (XSS) vulnerabilities in findagent.php ...)
	NOT-FOR-US: MYRE Real Estate
CVE-2009-5095 (PHP remote file inclusion vulnerability in index_inc.php in ea gBook ...)
	NOT-FOR-US: ea gBook
CVE-2009-5094 (SQL injection vulnerability in info.php in CMS Faethon 2.2.0 Ultimate ...)
	NOT-FOR-US: CMS Faethon
CVE-2009-5093 (Directory traversal vulnerability in gastbuch.php in G&#228;stebuch ...)
	NOT-FOR-US: Gastebuch
CVE-2009-5092 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Microsoft FAST ESP
CVE-2009-5091 (SQL injection vulnerability in page.php in Vlinks 1.0.3 and 1.1.6 ...)
	NOT-FOR-US: Vlinks
CVE-2009-5090 (SQL injection vulnerability in editcomments.php in Bloggeruniverse ...)
	NOT-FOR-US: Bloggeruniverse Beta 2
CVE-2009-5089 (Directory traversal vulnerability in index.php in IdeaCart 0.02 and ...)
	NOT-FOR-US: IdeaCart
CVE-2009-5088 (SQL injection vulnerability in secure/index.php in IdeaCart 0.02 ...)
	NOT-FOR-US: IdeaCart
CVE-2009-5087 (Directory traversal vulnerability in geohttpserver in Geovision ...)
	NOT-FOR-US: Geovision Digital Video Surveillance System
CVE-2011-3392 (Cross-site scripting (XSS) vulnerability in control.php in the ...)
	NOT-FOR-US: Phorum
CVE-2011-3391 (IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2011-3354 (The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel ...)
	- quassel 0.7.3-1 (low; bug #640960)
	[squeeze] - quassel 0.6.3-2+squeeze1 (bug #640960)
	NOTE: http://git.quassel-irc.org/?p=quassel.git;a=commit;h=da215fcb9cd3096a3e223c87577d5d4ab8f8518b
CVE-2011-3390 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: IBM OpenAdmin Too
CVE-2010-4833 (Untrusted search path vulnerability in ...)
	- gtk+2.0 <not-affected> (win32 specific)
CVE-2011-3350 [masqmail improper privilege dropping]
	RESERVED
	- masqmail 0.2.30-1 (low; bug #638002)
	[lenny] - masqmail <no-dsa> (no security issue by itself)
	[squeeze] - masqmail 0.2.27-1.1+squeeze1
CVE-2011-3389 (The SSL protocol, as used in certain configurations in Microsoft ...)
	{DSA-2398-1 DSA-2368-1 DSA-2358-1 DSA-2356-1 DLA-400-1 DLA-154-1}
	- sun-java6 <removed> (bug #645881)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b23~pre11-1
	- openjdk-7 7~b147-2.0-1
	- iceweasel <not-affected>
	NOTE: http://blog.mozilla.com/security/2011/09/27/attack-against-tls-protected-communications/
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
	- lighttpd 1.4.30-1
	NOTE: strictly speaking this is no lighttpd issue, but lighttpd adds a workaround
	- curl 7.24.0-1
	NOTE: http://curl.haxx.se/docs/adv_20120124B.html
	- python2.6 2.6.8-0.1 (bug #684511)
	[squeeze] - python2.6 <no-dsa> (Minor issue)
	- python2.7 2.7.3~rc1-1
	- python3.1 <unfixed> (bug #678998)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2.3~rc1-1
	NOTE: http://bugs.python.org/issue13885
	NOTE: python3.1 is fixed starting 3.1.5
	- cyassl <removed>
	- gnutls26 <removed> (unimportant)
	- gnutls28 <unfixed> (unimportant)
	NOTE: No mitigation for gnutls, it is recommended to use TLS 1.1 or 1.2 which is supported since 2.0.0
	- haskell-tls <unfixed> (unimportant)
	NOTE: No mitigation for haskell-tls, it is recommended to use TLS 1.1, which is supported since 0.2
	- matrixssl <removed> (low)
	[squeeze] - matrixssl <no-dsa> (Minor issue)
	[wheezy] - matrixssl <no-dsa> (Minor issue)
	NOTE: matrixssl fix this upstream in 3.2.2
	- bouncycastle 1.49+dfsg-1
	[squeeze] - bouncycastle <no-dsa> (Minor issue)
	[wheezy] - bouncycastle <no-dsa> (Minor issue)
	NOTE: No mitigation for bouncycastle, it is recommended to use TLS 1.1, which is supported since 1.4.9
	- nss 3.13.1.with.ckbi.1.88-1
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=665814
	NOTE: https://hg.mozilla.org/projects/nss/rev/7f7446fcc7ab
	- polarssl <unfixed> (unimportant)
	NOTE: No mitigation for polarssl, it is recommended to use TLS 1.1, which is supported in all releases
	- tlslite <removed>
	[wheezy] - tlslite <no-dsa> (Minor issue)
	- pound 2.6-2
	NOTE: Pound 2.6-2 added an anti_beast.patch to mitigate BEAST attacks.
	- erlang 1:15.b-dfsg-1
	[squeeze] - erlang <no-dsa> (Minor issue)
	- asterisk 1:13.7.2~dfsg-1
	[jessie] - asterisk 1:11.13.1~dfsg-2+deb8u1
	[wheezy] - asterisk <no-dsa> (Minor issue)
	[squeeze] - asterisk <end-of-life> (Not supported in Squeeze LTS)
	NOTE: http://downloads.digium.com/pub/security/AST-2016-001.html
	NOTE: https://issues.asterisk.org/jira/browse/ASTERISK-24972
	NOTE: patch for 11 (jessie): https://code.asterisk.org/code/changelog/asterisk?cs=f233bcd81d85626ce5bdd27b05bc95d131faf3e4
	NOTE: all versions vulnerable, backport required for wheezy
CVE-2011-3388 (Opera before 11.51 allows remote attackers to cause an insecure site ...)
	NOT-FOR-US: Opera
CVE-2011-3387 (The class file parser in IBM Java 1.4.2 SR13 FP9 allows remote ...)
	NOT-FOR-US: IBM Java
CVE-2011-3386 (Unspecified vulnerability in Medtronic Paradigm wireless insulin pump ...)
	NOT-FOR-US: Medtronic Paradigm wireless insulin pump
CVE-2011-3385 (Cross-site scripting (XSS) vulnerability in WebsiteBaker before 2.8, ...)
	NOT-FOR-US: WebsiteBaker
CVE-2011-3384 (Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and ...)
	NOT-FOR-US: Sage
CVE-2011-3383 (Cross-site scripting (XSS) vulnerability in KENT-WEB WEB FORUM 5.1 and ...)
	NOT-FOR-US: KENT-WEB WEB FORUM
CVE-2011-3382 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 ...)
	NOT-FOR-US: Phorum
CVE-2011-3381 (Cross-site request forgery (CSRF) vulnerability in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2011-3380 (Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a ...)
	- openswan <not-affected> (vulnerable versions never uploaded to the archive)
CVE-2011-3379 (The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the ...)
	- php5 5.3.9-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3378 (RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote ...)
	- rpm 4.9.1.2-1 (low; bug #645325)
	[squeeze] - rpm 4.8.1-6+squeeze1
	[lenny] - rpm <no-dsa> (rpm isn't used a a package manager, very limited attack vector)
CVE-2011-3377 (The web browser plug-in in IcedTea-Web 1.0.x before 1.0.6 and 1.1.x ...)
	{DSA-2420-1}
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1.4-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-3376 (org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat ...)
	- tomcat7 7.0.22-1
CVE-2011-3375 (Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not ...)
	{DSA-2401-1}
	- tomcat6 6.0.33-1
	- tomcat7 7.0.22-1
CVE-2011-3374 [apt-key insecure validation]
	RESERVED
	- apt <unfixed> (unimportant; bug #642480)
	NOTE: Not exploitable in Debian, since no keyring URI is defined
CVE-2011-3373
	RESERVED
	NOT-FOR-US: Views Bulk Operations module for Drupal
CVE-2011-3372 (imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before ...)
	{DSA-2318-1}
	- cyrus-imapd-2.2 2.4.11-1 (medium)
	- cyrus-imapd-2.4 2.4.11-1 (medium)
	- kolab-cyrus-imapd <removed> (medium)
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3371 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PunBB
CVE-2011-3370
	RESERVED
	- statusnet <itp> (bug #491723)
CVE-2011-3369 (The add_conversation function in conversations.c in EtherApe before ...)
	- etherape 0.9.12-1 (low; bug #645324)
	[lenny] - etherape <no-dsa> (Minor issue)
	[squeeze] - etherape 0.9.8-1+squeeze1
CVE-2011-3368 (The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, ...)
	{DSA-2405-1}
	- apache2 2.2.21-2 (medium)
	NOTE: http://article.gmane.org/gmane.comp.apache.announce/61
CVE-2011-3367 (Arora, possibly 0.11 and other versions, does not use a certain font ...)
	- arora <unfixed> (unimportant)
	NOTE: Requires CA compromise to exploit, browser still displays warning.
CVE-2011-3366 (Rekonq 0.7.0 and earlier does not use a certain font when rendering ...)
	- rekonq <not-affected> (Only affected the 0.8.x devel versions and was fixed before final 0.8 release, see bug #647298)
	NOTE: http://www.kde.org/info/security/advisory-20111003-1.txt
CVE-2011-3365 (The KDE SSL Wrapper (KSSL) API in KDE SC 4.6.0 through 4.7.1, and ...)
	- kde4libs 4:4.7.2-1
	[squeeze] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
	[lenny] - kde4libs <not-affected> (only 4.6.0 - 4.7.1 are vulnerable)
CVE-2011-3364 (Incomplete blacklist vulnerability in the svEscape function in ...)
	- network-manager-applet <not-affected> (ifcfg-rh plugin not built/included in Debian)
CVE-2011-3363 (The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in commit 1bfe73c2)
CVE-2011-3362 (Integer signedness error in the decode_residual_block function in ...)
	{DSA-2336-1}
	- libav 4:0.7.1-7 (bug #641478)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://www.ocert.org/advisories/ocert-2011-002.html
CVE-2011-3361 (Cross-site scripting (XSS) vulnerability in CGI/Browse.pm in BackupPC ...)
	- backuppc 3.2.1-2 (bug #641450)
	[squeeze] - backuppc 3.1.0-9.1
	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=f1f1ef74-716d-4af8-b1bf-c1ba6d9a98a1%40SC1EXHC-02.global.atheros.com&forum_name=backuppc-devel
	NOTE: http://backuppc.cvs.sourceforge.net/viewvc/backuppc/BackupPC/lib/BackupPC/CGI/Browse.pm?r1=1.23&r2=1.24
CVE-2011-3360 (Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 ...)
	{DSA-2324-1}
	- wireshark 1.6.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2011-15.html
CVE-2011-3359 (The dma_rx function in drivers/net/wireless/b43/dma.c in the Linux ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
	[lenny] - linux-2.6 <not-affected> (b43 allocate recieve buffer is 2404 bytes, which is already larger than the upstream fix of increasing it to 2382 bytes)
CVE-2011-3358 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
	{DSA-2308-1}
	- mantis 1.2.7-1 (low; bug #640297)
	[squeeze] - mantis <not-affected> (Vulnerable code not present)
CVE-2011-3357 (Directory traversal vulnerability in bug_actiongroup_ext_page.php in ...)
	{DSA-2308-1}
	- mantis 1.2.7-1 (medium; bug #640297)
CVE-2011-3356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- mantis 1.2.7-1 (low; bug #640297)
	[squeeze] - mantis <not-affected> (Vulnerable code not present)
	[lenny] - mantis <not-affected> (Vulnerable code not present)
CVE-2011-3355
	RESERVED
	- evolution-data-server3 3.2.1-1 (bug #641052)
CVE-2011-3353 (Buffer overflow in the fuse_notify_inval_entry function in ...)
	{DSA-2389-1}
	- linux-2.6 3.1.0~rc4-1~experimental.1 (low)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in commit 3b463ae0)
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-3352
	RESERVED
	NOT-FOR-US: Zikula
CVE-2011-3351
	RESERVED
	- openvas-server <removed> (low; bug #641327)
	[squeeze] - openvas-server <no-dsa> (Minor issue)
	NOTE: openvas-scanner in experimental also affected according to #671327
CVE-2011-3349 [lightdm denial of service]
	RESERVED
	- lightdm 0.9.6-1 (bug #639151)
CVE-2011-3348 (The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when ...)
	- apache2 2.2.21-1
	[squeeze] - apache2 2.2.16-6+squeeze4
	[lenny] - apache2 <not-affected> (introduced in 2.2.12)
CVE-2011-3347 (A certain Red Hat patch to the be2net implementation in the kernel ...)
	- linux-2.6 3.2-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-3346 (Buffer overflow in hw/scsi-disk.c in the SCSI subsystem in QEMU before ...)
	- qemu-kvm 0.15.1+dfsg-1 (bug #646118)
	[squeeze] - qemu-kvm <no-dsa> (SCSI support in 0.12 generally broken, no complete fix other than updating to 0.15)
CVE-2011-3345 (ulp/sdp/sdp_proc.c in the ib_sdp module (aka ib_sdp.ko) in the ...)
	- ofa-kernel <itp> (bug #541849)
CVE-2011-3344 (Cross-site scripting (XSS) vulnerability in the Lookup Login/Password ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-3343 (Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3342 (Multiple buffer overflows in OpenTTD before 1.1.3 allow remote ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3341 (Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 ...)
	{DSA-2386-1}
	- openttd 1.1.3-1
	NOTE: http://www.openwall.com/lists/oss-security/2011/09/02/4
CVE-2011-3340 (SQL injection vulnerability in ATCOM Netvolution 2.5.8 ASP allows ...)
	NOT-FOR-US: ATCOM Netvolution
CVE-2010-4832 (Android OS before 2.2 does not display the correct SSL certificate in ...)
	NOT-FOR-US: Android
CVE-2010-4831 (Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in ...)
	- gtk+2.0 <not-affected> (Win32-specific)
CVE-2009-5086 (Cross-site scripting (XSS) vulnerability in Appliance Configuration ...)
	NOT-FOR-US: Juniper IDP
CVE-2011-3339 (Cross-site scripting (XSS) vulnerability in the Admin Control Center ...)
	NOT-FOR-US: Sentinel HASP Run-time Environment
CVE-2011-3338
	RESERVED
CVE-2011-3337 (eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 ...)
	NOT-FOR-US: eEye Digital Security Audits
CVE-2011-3336
	RESERVED
CVE-2011-3335
	RESERVED
CVE-2011-3334
	RESERVED
CVE-2011-3333
	RESERVED
CVE-2011-3332 (Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix ...)
	NOT-FOR-US: Iceni Argus
CVE-2011-3331
	RESERVED
CVE-2011-3330 (Buffer overflow in the UnitelWay Windows Device Driver, as used in ...)
	NOT-FOR-US: Schneider Electric
CVE-2011-3329
	RESERVED
CVE-2011-3328 (The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when ...)
	- libpng <not-affected> (Introduced in 1.5.4, which was only in experimental and which has been fixed since then)
CVE-2011-3327 (Heap-based buffer overflow in the ecommunity_ecom2str function in ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3326 (The ospf_flood function in ospf_flood.c in ospfd in Quagga before ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3325 (ospf_packet.c in ospfd in Quagga before 0.99.19 allows remote ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3324 (The ospf6_lsa_is_changed function in ospf6_lsa.c in the OSPFv3 ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3323 (The OSPFv3 implementation in ospf6d in Quagga before 0.99.19 allows ...)
	{DSA-2316-1}
	- quagga 0.99.19-1
CVE-2011-3322 (Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon ...)
	NOT-FOR-US: Scadatec Limited Procyon SCADA
CVE-2011-3321 (Heap-based buffer overflow in the Siemens WinCC Runtime Advanced ...)
	NOT-FOR-US: SIMATIC WinCC
CVE-2011-3320 (Cross-site scripting (XSS) vulnerability in the Web Administrator ...)
	NOT-FOR-US: GE Intelligent Platforms Proficy Historian
CVE-2011-3319 (Buffer overflow in the WRF parsing functionality in the Cisco WebEx ...)
	NOT-FOR-US: WebEx
CVE-2011-3318 (Cisco Video Surveillance 2421 and 2500 series cameras with software ...)
	NOT-FOR-US: Cisco
CVE-2011-3317 (Multiple cross-site scripting (XSS) vulnerabilities in the Solution ...)
	NOT-FOR-US: Cisco
CVE-2011-3316
	RESERVED
CVE-2011-3315 (Directory traversal vulnerability in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2011-3314
	RESERVED
CVE-2011-3313
	RESERVED
CVE-2011-3312
	RESERVED
CVE-2011-3311
	RESERVED
CVE-2011-3310 (The Home Page component in Cisco CiscoWorks Common Services before 4.1 ...)
	NOT-FOR-US: Cisco CiscoWorks
CVE-2011-3309 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-3308
	RESERVED
CVE-2011-3307
	RESERVED
CVE-2011-3306
	RESERVED
CVE-2011-3305 (Directory traversal vulnerability in Cisco Network Admission Control ...)
	NOT-FOR-US: Cisco Network Admission Control
CVE-2011-3304 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3303 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3302 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3301 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3300 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3299 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3298 (Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ...)
	NOT-FOR-US: Cisco
CVE-2011-3297 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 ...)
	NOT-FOR-US: Cisco
CVE-2011-3296 (Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 ...)
	NOT-FOR-US: Cisco
CVE-2011-3295 (The NETIO and IPV4_IO processes in Cisco IOS XR 3.8 through 4.1, as ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2011-3294 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2011-3293 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Cisco
CVE-2011-3292
	RESERVED
CVE-2011-3291
	RESERVED
CVE-2011-3290 (Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default ...)
	NOT-FOR-US: Cisco
CVE-2011-3289 (Cisco IOS 12.4 and 15.0 through 15.2 allows physically proximate ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-3288 (Cisco Unified Presence before 8.5(4) does not properly detect ...)
	NOT-FOR-US: Cisco
CVE-2011-3287 (Cisco Jabber Extensible Communications Platform (aka Jabber XCP) 2.x ...)
	NOT-FOR-US: Cisco
CVE-2011-3286
	RESERVED
CVE-2011-3285 (CRLF injection vulnerability in /+CSCOE+/logon.html on Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2011-3284
	RESERVED
CVE-2011-3283 (Cisco Carrier Routing System 3.9.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2011-3282 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, ...)
	NOT-FOR-US: Cisco
CVE-2011-3281 (Unspecified vulnerability in Cisco IOS 15.0 through 15.1, in certain ...)
	NOT-FOR-US: Cisco
CVE-2011-3280 (Memory leak in the NAT implementation in Cisco IOS 12.1 through 12.4 ...)
	NOT-FOR-US: Cisco
CVE-2011-3279 (The provider-edge MPLS NAT implementation in Cisco IOS 12.1 through ...)
	NOT-FOR-US: Cisco
CVE-2011-3278 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 ...)
	NOT-FOR-US: Cisco
CVE-2011-3277 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 ...)
	NOT-FOR-US: Cisco
CVE-2011-3276 (Unspecified vulnerability in the NAT implementation in Cisco IOS 12.1 ...)
	NOT-FOR-US: Cisco
CVE-2011-3275 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, and IOS XE 2.5.x ...)
	NOT-FOR-US: Cisco
CVE-2011-3274 (Unspecified vulnerability in Cisco IOS 12.2SRE before 12.2(33)SRE4, ...)
	NOT-FOR-US: Cisco
CVE-2011-3273 (Memory leak in Cisco IOS 15.0 through 15.1, when IPS or Zone-Based ...)
	NOT-FOR-US: Cisco
CVE-2011-3272 (The IP Service Level Agreement (IP SLA) functionality in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2011-3271 (Unspecified vulnerability in the Smart Install functionality in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2011-3270 (Unspecified vulnerability in Cisco IOS 12.2SB before 12.2(33)SB10 and ...)
	NOT-FOR-US: Cisco
CVE-2011-3269
	RESERVED
CVE-2011-3268 (Buffer overflow in the crypt function in PHP before 5.3.7 allows ...)
	- php5 5.3.8-1
	[squeeze] - php5 <not-affected> (Only affected 5.3.7)
	[lenny] - php5 <not-affected> (Only affected 5.3.7)
CVE-2011-3267 (PHP before 5.3.7 does not properly implement the error_log function, ...)
	{DSA-2408-1}
	- php5 5.3.7-1
	[squeeze] - php5 <not-affected> (Vulnerable code not present)
	[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2011-3266 (The proto_tree_add_item function in Wireshark 1.6.0 through 1.6.1 and ...)
	- wireshark 1.6.2-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2010-4830 (SQL injection vulnerability in Resumes/TD_RESUME_Indlist.asp in Techno ...)
	NOT-FOR-US: Techno Dreams (T-Dreams) Job Career Package
CVE-2010-4829 (SQL injection vulnerability in processview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2010-4828 (Multiple cross-site scripting (XSS) vulnerabilities in SolarWinds ...)
	NOT-FOR-US: SolarWinds Orion Network Performance Monitor
CVE-2010-4827 (Cross-site scripting (XSS) vulnerability in members.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2010-4826 (SQL injection vulnerability in members.asp in Snitz Forums 2000 3.4.07 ...)
	NOT-FOR-US: Snitz Forums
CVE-2010-4825 (Cross-site scripting (XSS) vulnerability in magpie_debug.php in the ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-3265 (popup.php in Zabbix before 1.8.7 allows remote attackers to read the ...)
	- zabbix 1:1.8.9-1
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2011-3264 (Zabbix before 1.8.6 allows remote attackers to obtain sensitive ...)
	- zabbix 1:1.8.6-1 (unimportant)
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
	NOTE: Installation path is known anyway for the Debian package
CVE-2011-3263 (zabbix_agentd in Zabbix before 1.8.6 and 1.9.x before 1.9.4 allows ...)
	- zabbix 1:1.8.6-1
	[squeeze] - zabbix <end-of-life> (Not supported in Squeeze LTS)
CVE-2011-3262 (tools/libxc/xc_dom_bzimageloader.c in Xen 3.2, 3.3, 4.0, and 4.1 ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	- xen-3 <removed>
	[lenny] - xen-3 <no-dsa> (Minor issue; only marginally affected)
CVE-2011-3261 (Double free vulnerability in OfficeImport in Apple iOS before 5 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3260 (Buffer overflow in OfficeImport in Apple iOS before 5 allows remote ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3259 (The kernel in Apple iOS before 5 and Apple TV before 4.4 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3258
	RESERVED
CVE-2011-3257 (The Data Access component in Apple iOS before 5 does not properly ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3256 (FreeType 2 before 2.4.7, as used in CoreGraphics in Apple iOS before ...)
	{DSA-2328-1}
	- freetype 2.4.7-1 (bug #646120)
CVE-2011-3255 (CFNetwork in Apple iOS before 5 stores AppleID credentials in an ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3254 (Cross-site scripting (XSS) vulnerability in Calendar in Apple iOS ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3253 (CalDAV in Apple iOS before 5 does not validate X.509 certificates for ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3252 (Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-3251 (Apple QuickTime before 7.7.1 on Windows allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3250 (Integer overflow in Apple QuickTime before 7.7.1 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3249 (Buffer overflow in Apple QuickTime before 7.7.1 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3248 (Integer signedness error in Apple QuickTime before 7.7.1 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3247 (Integer overflow in Apple QuickTime before 7.7.1 on Windows allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-3246 (CFNetwork in Apple iOS before 5.0.1 and Mac OS X 10.7 before 10.7.2 ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3245 (The Keyboards component in Apple iOS before 5 displays the final ...)
	NOT-FOR-US: Apple iOS
CVE-2011-3244 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3243 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3242 (The Private Browsing feature in Apple Safari before 5.1.1 on Mac OS X ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3241 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3240
	RESERVED
CVE-2011-3239 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3238 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3237 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3236 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3235 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3234 (Google Chrome before 14.0.835.163 does not properly handle boxes, ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/92132
CVE-2011-3233 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-3232 (YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-3231 (The SSL implementation in Apple Safari before 5.1.1 on Mac OS X before ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3230 (Apple Safari before 5.1.1 on Mac OS X does not enforce an intended ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3229 (Directory traversal vulnerability in Apple Safari before 5.1.1 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2011-3228 (QuickTime in Apple Mac OS X before 10.7.2 allows remote attackers to ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3227 (libsecurity in Apple Mac OS X before 10.7.2 does not properly handle ...)
	NOT-FOR-US: libsecurity in Apple Mac OS X
CVE-2011-3226 (Open Directory in Apple Mac OS X 10.7 before 10.7.2, when an LDAPv3 ...)
	NOT-FOR-US: Open Directory in Apple Mac OS X
CVE-2011-3225 (The SMB File Server component in Apple Mac OS X 10.7 before 10.7.2 ...)
	NOT-FOR-US: SMB File Server component in Apple Mac OS X
CVE-2011-3224 (The User Documentation component in Apple Mac OS X through 10.6.8 uses ...)
	NOT-FOR-US: User Documentation component in Apple Mac OS X
CVE-2011-3223 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3222 (Buffer overflow in QuickTime in Apple Mac OS X before 10.7.2 allows ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3221 (QuickTime in Apple Mac OS X before 10.7.2 does not properly handle the ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3220 (QuickTime in Apple Mac OS X before 10.7.2 does not properly process ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3219 (Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, ...)
	NOT-FOR-US: Apple CoreMedia
CVE-2011-3218 (The &quot;Save for Web&quot; selection in QuickTime Player in Apple Mac OS X ...)
	NOT-FOR-US: QuickTime in Apple Mac OS X
CVE-2011-3217 (MediaKit in Apple Mac OS X through 10.6.8 allows remote attackers to ...)
	NOT-FOR-US: Mac OS X
CVE-2011-3216 (The kernel in Apple Mac OS X before 10.7.2 does not properly implement ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2011-3215 (The kernel in Apple Mac OS X before 10.7.2 does not properly prevent ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2011-3214 (IOGraphics in Apple Mac OS X through 10.6.8 does not properly handle a ...)
	NOT-FOR-US: IOGraphics in Apple Mac OS X
CVE-2011-3213 (The File Systems component in Apple Mac OS X before 10.7.2 does not ...)
	NOT-FOR-US: File Systems component in Apple Mac OS X
CVE-2011-3212 (CoreStorage in Apple Mac OS X 10.7 before 10.7.2 does not ensure that ...)
	NOT-FOR-US: CoreStorage in Apple Mac OS X
CVE-2011-3211 (The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows ...)
	{DSA-2302-1}
	- bcfg2 1.1.2-2 (bug #640028)
	NOTE: information as reported by maintainer
CVE-2011-3210 (The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through ...)
	- openssl 1.0.0e-1
	[lenny] - openssl 0.9.8g-15+lenny13
	[squeeze] - openssl 0.9.8o-4squeeze3
CVE-2011-3209 (The div_long_long_rem implementation in include/asm-x86/div64.h in the ...)
	- linux-2.6 2.6.26-1
CVE-2011-3208 (Stack-based buffer overflow in the split_wildmats function in nntpd.c ...)
	{DSA-2318-1}
	- cyrus-imapd-2.2 2.4.11-1 (medium)
	- cyrus-imapd-2.4 2.4.11-1 (medium)
	- kolab-cyrus-imapd <removed> (medium)
	[squeeze] - kolab-cyrus-imapd <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3207 (crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not ...)
	- openssl 1.0.0e-1
	[squeeze] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
	[lenny] - openssl <not-affected> (only affects 1.0.0 through 1.0.0d)
CVE-2011-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: RHQ
CVE-2011-3205 (Buffer overflow in the gopherToHTML function in gopher.cc in the ...)
	{DSA-2304-1}
	- squid3 3.1.15-1 (low; bug #639755)
	- squid <not-affected> (Only a buffer overflow in Squid 3, see https://bugzilla.redhat.com/show_bug.cgi?id=734583#c4)
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2011_3.txt
CVE-2011-3204 (hammerhead.cc in Hammerhead 2.1.4 allows local users to write to ...)
	- hammerhead <removed> (bug #639890)
	[lenny] - hammerhead <no-dsa> (Minor issue)
	[squeeze] - hammerhead <no-dsa> (Minor issue)
	NOTE: https://launchpad.net/bugs/826679
CVE-2011-3203 [Jcow CMS 4.x:4.2 <= , 5.x:5.2 <= | Arbitrary Code Execution]
	RESERVED
	NOT-FOR-US: Jcow
CVE-2011-3202 [Jcow CMS 4.2 <= | Cross Site Scripting]
	RESERVED
	NOT-FOR-US: Jcow
CVE-2011-3201 (GNOME Evolution before 3.2.3 allows user-assisted remote attackers to ...)
	- evolution <unfixed> (unimportant)
	NOTE: Any attacks still involve quite some social engineering
CVE-2011-3200 (Stack-based buffer overflow in the parseLegacySyslogMsg function in ...)
	- rsyslog 5.8.5-1 (low; bug #644611)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
	NOTE: off-by-one/-two limited to 0 or :0
CVE-2011-3199 (Multiple cross-site scripting (XSS) vulnerabilities in Domain ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637584)
CVE-2011-3198 (Domain Technologie Control (DTC) before 0.34.1 includes a password in ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637537)
CVE-2011-3197 (SQL injection vulnerability in Domain Technologie Control (DTC) before ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637487; bug #637498)
CVE-2011-3196 (The setup script in Domain Technologie Control (DTC) before 0.34.1 ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637485)
CVE-2011-3195 (shared/inc/sql/lists.php in Domain Technologie Control (DTC) before ...)
	{DSA-2365-1}
	- dtc 0.34.1-1 (bug #637477)
CVE-2011-3194 (Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt ...)
	{DLA-117-1}
	- qt4-x11 4:4.7.4-1 (bug #641738)
CVE-2011-3193 (Heap-based buffer overflow in the Lookup_MarkMarkPos function in the ...)
	{DLA-117-1}
	- qt4-x11 4:4.7.4-1 (bug #641738)
	- pango1.0 1.28.3-1
	NOTE: affected code in pango1.0 removed earlier, but this is the version checked (lenny is affected)
CVE-2011-3192 (The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through ...)
	{DSA-2298-1}
	- apache2 2.2.19-2
CVE-2011-3191 (Integer signedness error in the CIFSFindNext function in ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-5
CVE-2011-3190 (Certain AJP protocol connector implementations in Apache Tomcat 7.0.0 ...)
	{DSA-2401-1}
	- tomcat6 6.0.35-1
	- tomcat7 7.0.21-1
	- tomcat5.5 <removed>
CVE-2011-3189 (The crypt function in PHP 5.3.7, when the MD5 hash type is used, ...)
	- php5 5.3.8-1
	[squeeze] - php5 <not-affected> (Introduced in 5.3.7)
	[lenny] - php5 <not-affected> (Introduced in 5.3.7)
CVE-2011-3188 (The (1) IPv4 and (2) IPv6 implementations in the Linux kernel before ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-3187 (The to_s method in ...)
	- rails <unfixed> (unimportant)
	NOTE: X-Forwarded-For header is user supplied (like User-Agent)
CVE-2011-3186 (CRLF injection vulnerability in ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-3185 (gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted ...)
	- pidgin <not-affected> (Windows-specific)
CVE-2011-3184 (The msn_httpconn_parse_data function in httpconn.c in the MSN protocol ...)
	- pidgin 2.10.0-1 (unimportant)
	NOTE: Only exploitable by a malicious MSN server to crash the client
CVE-2011-3183
	RESERVED
	NOT-FOR-US: Concrete CMS
CVE-2011-3182 (PHP before 5.3.7 does not properly check the return values of the ...)
	{DSA-2408-1}
	- php5 5.3.7-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-3181 (Multiple cross-site scripting (XSS) vulnerabilities in the Tracking ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.4-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-3180 (kiwi before 4.98.08, as used in SUSE Studio Onsite 1.2 before 1.2.1 ...)
	NOT-FOR-US: Suse kiwi (different from python-kiwi)
CVE-2011-3179 (The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and ...)
	NOT-FOR-US: Novell Messenger
CVE-2011-3178 (In the web ui of the openbuildservice before 2.3.0 a code injection of ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
CVE-2011-3177 (The YaST2 network created files with world readable permissions which ...)
	NOT-FOR-US: YaST
CVE-2011-3176 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3175 (Stack-based buffer overflow in the Preboot Service in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3174 (Buffer overflow in the DoFindReplace function in the ISGrid.Grid2.1 ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-3173 (Stack-based buffer overflow in the GetDriverSettings function in ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2011-3172
	RESERVED
CVE-2011-3171 (Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly ...)
	NOT-FOR-US: pure-FTPd add-on
CVE-2011-3170 (The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and ...)
	{DSA-2354-1}
	- cups 1.5.0-8
	NOTE: This ID is for an incomplete fix for CVE-2011-2896
CVE-2010-4824 (SQL injection vulnerability in the augmentSQL method in ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4823 (Cross-site scripting (XSS) vulnerability in the httpError method in ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4822 (core/model/MySQLDatabase.php in SilverStripe 2.4.x before 2.4.4, when ...)
	- silverstripe <itp> (bug #528461)
	NOTE: http://seclists.org/oss-sec/2012/q2/209
CVE-2010-4821 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.6.9 ...)
	NOT-FOR-US: phpMyFAQ
CVE-2010-4820 (Untrusted search path vulnerability in Ghostscript 8.62 allows local ...)
	- ghostscript 8.71~dfsg2-6.1
	[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-4819 (The ProcRenderAddGlyphs function in the Render extension ...)
	- xorg-server 2:1.9.0.901-1
	[squeeze] - xorg-server 2:1.7.7-14
	[lenny] - xorg-server <no-dsa> (Minor issue)
CVE-2010-4818 (The GLX extension in X.Org xserver 1.7.7 allows remote authenticated ...)
	- xorg-server 2:1.9.99.902-1
	[squeeze] - xorg-server 2:1.7.7-4
	[lenny] - xorg-server <no-dsa> (Minor issue)
	NOTE: As per https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4818 three commits with theoretical sec impact:
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=6c69235a9dfc52e4b4e47630ff4bab1a820eb543
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=ec9c97c6bf70b523bc500bd3adf62176f1bb33a4
	NOTE: http://cgit.freedesktop.org/xorg/xserver/commit/?id=3f0d3f4d97bce75c1828635c322b6560a45a037f
CVE-2010-4817 [overwriting of arbitrary file via symlinks]
	RESERVED
	- pithos 0.3.5-1
CVE-2010-4816
	RESERVED
CVE-2010-4815
	RESERVED
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-3169 (Unspecified vulnerability in the SMTP service implementation in HP ...)
	NOT-FOR-US: HP OpenVMS
CVE-2011-3168 (Unspecified vulnerability in the POP and IMAP service implementations ...)
	NOT-FOR-US: HP OpenVMS
CVE-2011-3167 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3166 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3165 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2011-3164 (Unspecified vulnerability in HP-UX Containers (formerly HP-UX Secure ...)
	NOT-FOR-US: HP-UX
CVE-2011-3163 (HP MFP Digital Sending Software 4.9x through 4.91.21 allows local ...)
	NOT-FOR-US: HP MFP Digital Sending Software
CVE-2011-3162 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3161 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3160 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3159 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3158 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3157 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3156 (Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-3155 (Unspecified vulnerability in HP Onboard Administrator (OA) 3.21 ...)
	NOT-FOR-US: HP Onboard Administrator
CVE-2011-3154 (DistUpgrade/DistUpgradeViewKDE.py in Update Manager before ...)
	- update-manager <not-affected> (ubuntu-specific issue)
	NOTE: see bug #650307
CVE-2011-3153 (dmrc.c in Light Display Manager (aka LightDM) before 1.1.1 allows ...)
	- lightdm 1.0.6-2
CVE-2011-3152 (DistUpgrade/DistUpgradeFetcherCore.py in Update Manager before ...)
	- update-manager <not-affected> (ubuntu-specific issue)
	NOTE: see bug #650307
CVE-2011-3151
	RESERVED
CVE-2011-3150 (Software Center in Ubuntu 11.10, 11.04 10.10 does not properly ...)
	- software-center <not-affected> (ubuntu-specific issue)
	NOTE: debian package does not contain the vulnerable purchaseview.py code, and probably won't ever as that's part of their commercial interface code
CVE-2011-3149 (The _expand_arg function in the pam_env module ...)
	{DSA-2326-1}
	- pam 1.1.3-5
	[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3148 (Stack-based buffer overflow in the _assemble_line function in ...)
	{DSA-2326-1}
	- pam 1.1.3-5
	[lenny] - pam <not-affected> (user_env parsing not yet available)
CVE-2011-3147
	RESERVED
CVE-2011-3146 (librsvg before 2.34.1 uses the node name to identify the type of node, ...)
	- librsvg 2.34.1-1
	[squeeze] - librsvg <no-dsa> (Minor issue)
	NOTE: http://git.gnome.org/browse/librsvg/commit/?id=34c95743ca692ea0e44778e41a7c0a129363de84
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=658014
CVE-2011-3145
	RESERVED
	{DSA-2382-1}
	- ecryptfs-utils 92-1
	[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
CVE-2011-3144 (Cross-site scripting (XSS) vulnerability in Control Microsystems ...)
	NOT-FOR-US: Control Microsystems ClearSCADA
CVE-2011-3143 (Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, ...)
	NOT-FOR-US: Control Microsystems ClearSCADA
CVE-2011-3142 (Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-3141 (Buffer overflow in the InBatch BatchField ActiveX control for Invensys ...)
	NOT-FOR-US: Wonderware InBatch
CVE-2011-3140 (IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and ...)
	NOT-FOR-US: IBM Web Application Firewall
CVE-2011-3139
	REJECTED
CVE-2011-3138 (The LTPA STS module support implementation in IBM Tivoli Federated ...)
	NOT-FOR-US: Tivoli
CVE-2011-3137 (Unspecified vulnerability in the Management Console in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2011-3136 (Unspecified vulnerability in the Management Console in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2011-3135 (Unspecified vulnerability in the Runtime in IBM Tivoli Federated ...)
	NOT-FOR-US: Tivoli
CVE-2009-5085 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, ...)
	NOT-FOR-US: Tivoli
CVE-2009-5084 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, ...)
	NOT-FOR-US: Tivoli
CVE-2009-5083 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2, ...)
	NOT-FOR-US: Tivoli
CVE-2008-7299 (IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.2 uses ...)
	NOT-FOR-US: Tivoli
CVE-2011-3134 (Unspecified vulnerability in TIBCO Spotfire Server 3.0.x before 3.0.2, ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3133 (Session fixation vulnerability in TIBCO Spotfire Server 3.0.x before ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3132 (Cross-site scripting (XSS) vulnerability in TIBCO Spotfire Server ...)
	NOT-FOR-US: TIBCO Spotfire Server
CVE-2011-3131 (Xen 4.1.1 and earlier allows local guest OS kernels with control of a ...)
	{DSA-2582-1}
	- xen 4.1.2-1
CVE-2011-3130 (wp-includes/taxonomy.php in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3129 (The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3128 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 treats unattached ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3127 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 does not prevent ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3126 (WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 allows remote ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3125 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
CVE-2011-3124 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, ...)
	NOT-FOR-US: InfoSphere
CVE-2011-3123 (IBM InfoSphere Information Server 8.5 and 8.5.0.1 on Unix and Linux, ...)
	NOT-FOR-US: InfoSphere
CVE-2011-3122 (Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before ...)
	{DSA-2470-1}
	- wordpress 3.2.1+dfsg-1
	NOTE: CVE allocated from the Wordpress 3.1.3 / 3.2 beta2 release announce
	NOTE: original advisory seems to be http://technet.microsoft.com/en-us/security/msvr/msvr11-010
CVE-2011-3121
	RESERVED
CVE-2011-3120
	REJECTED
CVE-2011-3119
	REJECTED
CVE-2011-3118
	REJECTED
CVE-2011-3117
	REJECTED
CVE-2011-3116
	REJECTED
CVE-2011-3115 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3114 (Multiple buffer overflows in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3113 (The PDF functionality in Google Chrome before 19.0.1084.52 does not ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3112 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF functionality specific to Chrome)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3111 (Google V8, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- libv8 3.8.9.20-2 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-3110 (The PDF functionality in Google Chrome before 19.0.1084.52 allows ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3109 (Google Chrome before 19.0.1084.52 on Linux does not properly perform a ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3108 (Use-after-free vulnerability in Google Chrome before 19.0.1084.52 ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3107 (Google Chrome before 19.0.1084.52 does not properly implement ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3106 (The WebSockets implementation in Google Chrome before 19.0.1084.52 ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3105 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3104 (Skia, as used in Google Chrome before 19.0.1084.52, allows remote ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3103 (Google V8, as used in Google Chrome before 19.0.1084.52, does not ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3102 (Off-by-one error in libxml2, as used in Google Chrome before ...)
	{DSA-2479-1}
	- libxml2 2.7.8.dfsg-9.1 (bug #674191)
	NOTE: http://git.gnome.org/browse/libxml2/commit/?id=d8e1faeaa99c7a7c07af01c1c72de352eb590a3e
CVE-2011-3101 (Google Chrome before 19.0.1084.46 on Linux does not properly mitigate ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 20.0.1132.21~r139451-1
CVE-2011-3100 (Google Chrome before 19.0.1084.46 does not properly draw dash paths, ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3099 (Use-after-free vulnerability in the PDF functionality in Google Chrome ...)
	- chromium-browser <not-affected> (PDF viewer not included in Chromium)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3098 (Google Chrome before 19.0.1084.46 on Windows uses an incorrect search ...)
	- chromium-browser <not-affected> (Windows-specific)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3097 (The PDF functionality in Google Chrome before 19.0.1084.46 allows ...)
	- chromium-browser <not-affected> (PDF functionality not built)
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3096 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 on ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3095 (The OGG container in Google Chrome before 19.0.1084.46 allows remote ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3094 (Google Chrome before 19.0.1084.46 does not properly handle Tibetan ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3093 (Google Chrome before 19.0.1084.46 does not properly handle glyphs, ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3092 (The regex implementation in Google V8, as used in Google Chrome before ...)
	- libv8 <not-affected> (Only affects >= 3.9, bug #687574)
CVE-2011-3091 (Use-after-free vulnerability in the IndexedDB implementation in Google ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3089 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3088 (Google Chrome before 19.0.1084.46 does not properly draw hairlines, ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3087 (Google Chrome before 19.0.1084.46 does not properly perform window ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3086 (Use-after-free vulnerability in Google Chrome before 19.0.1084.46 ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3085 (The Autofill feature in Google Chrome before 19.0.1084.46 does not ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3084 (Google Chrome before 19.0.1084.46 does not use a dedicated process for ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3083 (browser/profiles/profile_impl_io_data.cc in Google Chrome before ...)
	- chromium-browser 20.0.1132.21~r139451-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3082
	RESERVED
CVE-2011-3081 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3080 (Race condition in the Inter-process Communication (IPC) implementation ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3079 (The Inter-process Communication (IPC) implementation in Google Chrome ...)
	{DSA-3260-1}
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
	- iceweasel <not-affected> (Only affects Firefox on Windows)
	- icedove <not-affected> (Only affects Thunderbird on Windows)
	NOTE: https://www.mozilla.org/en-US/security/advisories/mfsa2015-57/
CVE-2011-3078 (Use-after-free vulnerability in Google Chrome before 18.0.1025.168 ...)
	- chromium-browser 18.0.1025.168~r134367-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3077 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3076 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3075 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3074 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3073 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3072 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3071 (Use-after-free vulnerability in the HTMLMediaElement implementation in ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3070 (Use-after-free vulnerability in Google Chrome before 18.0.1025.151 ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3069 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3068 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3067 (Google Chrome before 18.0.1025.151 allows remote attackers to bypass ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3066 (Skia, as used in Google Chrome before 18.0.1025.151, does not properly ...)
	- chromium-browser 18.0.1025.151~r130497-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3065 (Skia, as used in Google Chrome before 18.0.1025.142, allows remote ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3064 (Use-after-free vulnerability in Google Chrome before 18.0.1025.142 ...)
	[squeeze] - chromium-browser <end-of-life>
	- chromium-browser 18.0.1025.142~r129054-1
CVE-2011-3063 (Google Chrome before 18.0.1025.142 does not properly validate the ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3062 (Off-by-one error in the OpenType Sanitizer in Google Chrome before ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
	- icedove 10.0.4-1
	[squeeze] - icedove <not-affected> (Vulnerable code not present)
	- iceweasel 10.0.4esr-1
	[squeeze] - iceweasel <not-affected> (Vulnerable code not present)
	- iceape 2.7.4-1
	[squeeze] - iceape <not-affected> (Vulnerable code not present)
CVE-2011-3061 (Google Chrome before 18.0.1025.142 does not properly check X.509 ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3060 (Google Chrome before 18.0.1025.142 does not properly handle text ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3059 (Google Chrome before 18.0.1025.142 does not properly handle SVG text ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3058 (Google Chrome before 18.0.1025.142 does not properly handle the EUC-JP ...)
	- chromium-browser 18.0.1025.142~r129054-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3057 (Google V8, as used in Google Chrome before 17.0.963.83, allows remote ...)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=117794
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-3056 (Google Chrome before 17.0.963.83 allows remote attackers to bypass the ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3055 (The browser native UI in Google Chrome before 17.0.963.83 does not ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3054 (The WebUI privilege implementation in Google Chrome before 17.0.963.83 ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3053 (Use-after-free vulnerability in Google Chrome before 17.0.963.83 ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3052 (The WebGL implementation in Google Chrome before 17.0.963.83 does not ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3051 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3050 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3049 (Google Chrome before 17.0.963.83 does not properly restrict the ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3048 (The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, ...)
	{DSA-2446-1}
	- libpng 1.2.49-1 (bug #667475)
CVE-2011-3047 (The GPU process in Google Chrome before 17.0.963.79 allows remote ...)
	- chromium-browser 17.0.963.83~r127885-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3046 (The extension subsystem in Google Chrome before 17.0.963.78 does not ...)
	- chromium-browser 17.0.963.78~r125577-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3045 (Integer signedness error in the png_inflate function in pngrutil.c in ...)
	{DSA-2439-1}
	- libpng 1.2.47-2 (bug #665208; high)
CVE-2011-3044 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3043 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3042 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3041 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3040 (Google Chrome before 17.0.963.65 does not properly handle text, which ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3039 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3038 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3037 (Google Chrome before 17.0.963.65 does not properly perform casts of ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3036 (Google Chrome before 17.0.963.65 does not properly perform a cast of ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3035 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3034 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3033 (Buffer overflow in Skia, as used in Google Chrome before 17.0.963.65, ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3032 (Use-after-free vulnerability in Google Chrome before 17.0.963.65 ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3031 (Use-after-free vulnerability in the element wrapper in Google V8, as ...)
	- chromium-browser 17.0.963.66~r124982-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3030
	RESERVED
CVE-2011-3029
	RESERVED
CVE-2011-3028
	RESERVED
CVE-2011-3027 (Google Chrome before 17.0.963.56 does not properly perform a cast of ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3026 (Integer overflow in libpng, as used in Google Chrome before ...)
	{DSA-2410-1}
	- libpng 1.2.46-5 (high; bug #660026)
CVE-2011-3025 (Google Chrome before 17.0.963.56 does not properly parse H.264 data, ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3024 (Google Chrome before 17.0.963.56 allows remote attackers to cause a ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3023 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3022 (translate/translate_manager.cc in Google Chrome before 17.0.963.56 and ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3021 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3020 (Unspecified vulnerability in the Native Client validator ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3019 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3018 (Heap-based buffer overflow in Google Chrome before 17.0.963.56 allows ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3017 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3016 (Use-after-free vulnerability in Google Chrome before 17.0.963.56 ...)
	- chromium-browser 17.0.963.56~r121963-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-3015 (Multiple integer overflows in the PDF codecs in Google Chrome before ...)
	- chromium-browser <not-affected> (PDF functionality not built)
CVE-2011-3014 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3013 (WebAdmin in the Mobility Pack before 1.2 in Novell Data Synchronizer ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-3012 (The ioQuake3 engine, as used in World of Padman 1.2 and earlier, ...)
	- openarena 0.8.5-5+exp1
	NOTE: Current openarena packages use the share ioquake3 engine
	[squeeze] - openarena <no-dsa> (Minor issue, will be fixed in point update)
	- ioquake3 1.36+svn1946-4
	- tremulous 1.1.0-6 (bug #660836)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-3011 (BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle ...)
	NOT-FOR-US: CA ARCserve D2D
CVE-2011-3010 (Multiple cross-site scripting (XSS) vulnerabilities in TWiki before ...)
	NOT-FOR-US: Twiki
CVE-2011-3009 (Ruby before 1.8.6-p114 does not reset the random seed upon forking, ...)
	- ruby1.8 1.8.7.352-1
	[squeeze] - ruby1.8 1.8.7.302-2squeeze2
CVE-2011-3008 (The default configuration of Avaya Secure Access Link (SAL) Gateway ...)
	NOT-FOR-US: Avaya Secure Access Link Gateway
CVE-2008-7298 (The Android browser in Android cannot properly restrict modifications ...)
	NOT-FOR-US: Android browser
CVE-2008-7297 (Opera cannot properly restrict modifications to cookies established in ...)
	NOT-FOR-US: Opera
CVE-2008-7296 (Apple Safari cannot properly restrict modifications to cookies ...)
	NOT-FOR-US: Safari, see CVE-2008-7294 for potential webkit ramifications
CVE-2008-7295 (Microsoft Internet Explorer cannot properly restrict modifications to ...)
	NOT-FOR-US: Internet Explorer
CVE-2008-7294 (Google Chrome before 4.0.211.0 cannot properly restrict modifications ...)
	- chromium-browser 4.0.211.0
	- webkit <not-affected>
CVE-2008-7293 (Mozilla Firefox before 4 cannot properly restrict modifications to ...)
	- iceweasel 4.0-1 (unimportant)
	NOTE: This is about the lack of HTTP Strict Transport Security, which is ultimately
	NOTE: a security feature enhancement
CVE-2008-7292 (Bugzilla 2.20.x before 2.20.5, 2.22.x before 2.22.3, and 3.0.x before ...)
	- bugzilla 3.0.4-1
CVE-2011-3007 (The myCIOScn ActiveX control (myCIOScn.dll) in McAfee SaaS Endpoint ...)
	NOT-FOR-US: McAfee SaaS
CVE-2011-3006 (The MyAsUtil ActiveX control in MyAsUtil5.2.0.603.dll in McAfee SaaS ...)
	NOT-FOR-US: McAfee SaaS
CVE-2011-3005 (Use-after-free vulnerability in Mozilla Firefox 4.x through 6, ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3004 (The JSSubScriptLoader in Mozilla Firefox 4.x through 6 and SeaMonkey ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3003 (Mozilla Firefox before 7.0 and SeaMonkey before 2.4 allow remote ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3002 (Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3001 (Mozilla Firefox 4.x through 6, Thunderbird before 7.0, and SeaMonkey ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-3000 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2999 (Mozilla Firefox before 3.6.23 and 4.x through 5, Thunderbird before ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2998 (Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: Only affects firefox 3.6 code base, not 4.0 oder later
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2997 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox 6)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox 6)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 6)
	- iceape <not-affected> (Only affects Firefox 6)
CVE-2011-2996 (Unspecified vulnerability in the plugin API in Mozilla Firefox 3.6.x ...)
	- icedove <not-affected> (Only affects MacOS)
	- xulrunner <not-affected> (Only affects MacOS)
	- iceweasel <not-affected> (Only affects MacOS)
	- iceape <not-affected> (Only affects MacOS)
CVE-2011-2995 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2994
	RESERVED
CVE-2011-2993 (The implementation of digital signatures for JAR files in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2992 (The Ogg reader in the browser engine in Mozilla Firefox 4.x through 5, ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2991 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2990 (The implementation of Content Security Policy (CSP) violation reports ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
CVE-2011-2989 (The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2988 (Buffer overflow in an unspecified string class in the WebGL shader ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2987 (Heap-based buffer overflow in Almost Native Graphics Layer Engine ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2986 (Mozilla Firefox 4.x through 5, Thunderbird before 6, SeaMonkey 2.x ...)
	- xulrunner <not-affected> (Only affects Windows)
	- iceweasel <not-affected> (Only affects Windows)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2985 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Only affects Firefox >= 4)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox >= 4)
	- iceape <not-affected> (Only affects Firefox >= 4)
	- icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-2984 (Mozilla Firefox before 3.6.20, SeaMonkey 2.x, Thunderbird 3.x before ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2983 (Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2982 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2981 (The event-management implementation in Mozilla Firefox before 3.6.20, ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2980 (Untrusted search path vulnerability in the ThinkPadSensor::Startup ...)
	- icedove <not-affected> (Only affects Windows)
	- xulrunner <not-affected> (Only affects Windows)
	- iceweasel <not-affected> (Only affects Windows)
CVE-2011-2979 (Bugzilla 4.1.x before 4.1.3 generates different responses for certain ...)
	{DSA-2322-1}
	- bugzilla <not-affected> (Only affects Bugzilla 4.1, never uploaded to the archive)
CVE-2011-2978 (Bugzilla 2.16rc1 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2977 (Bugzilla 3.6.x before 3.6.6, 3.7.x, 4.0.x before 4.0.2, and 4.1.x ...)
	- bugzilla <not-affected> (Only affects Bugzilla on Windows)
CVE-2011-2976 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.16rc1 through ...)
	- bugzilla 3.6.1.0-0.1 (low)
	NOTE: Fixed in 3.5.1, but 3.6.1 was first fixed upload to archive
CVE-2011-2975 (Double free vulnerability in the msAddImageSymbol function in ...)
	- mapserver 6.0.1-1
	[lenny] - mapserver <not-affected> (Vulnerable code not present)
	[squeeze] - mapserver <not-affected> (Vulnerable code not present)
CVE-2011-2974
	REJECTED
CVE-2011-2973
	REJECTED
CVE-2011-2972
	REJECTED
CVE-2011-2971
	REJECTED
CVE-2011-2970
	REJECTED
CVE-2011-2969
	REJECTED
CVE-2011-2968
	REJECTED
CVE-2011-2967
	REJECTED
CVE-2011-2966
	REJECTED
CVE-2011-2965
	REJECTED
CVE-2011-2964 (foomaticrip.c in foomatic-rip in foomatic-filters in Foomatic 4.0.6 ...)
	{DSA-2380-1}
	- foomatic-filters 4.0.9-1
	NOTE: There two implementation of the affected filter: the version from foomatic-filters
	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in
	NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697
	NOTE: Fixed in foomatic-filters 4.0.8
CVE-2011-2963 (TCPUploadServer.exe in Progea Movicon 11.2 before Build 1084 does not ...)
	NOT-FOR-US: Progea Movicon
CVE-2011-2962 (Multiple stack-based buffer overflows in Invensys Wonderware ...)
	NOT-FOR-US: Invensys Wonderware Information Server
CVE-2011-2961 (Heap-based buffer overflow in AngelServer.exe 6.0.11.3 in Sunway ...)
	NOT-FOR-US: Sunway pNetPower
CVE-2011-2960 (Heap-based buffer overflow in httpsvr.exe 6.0.5.3 in Sunway ...)
	NOT-FOR-US: Sunway ForceControl
CVE-2011-2959 (Stack-based buffer overflow in the Open Database Connectivity (ODBC) ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System (IGSS)
CVE-2011-2958 (Multiple cross-site scripting (XSS) vulnerabilities in Ecava ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2011-2957 (Unspecified vulnerability in Rockwell Automation FactoryTalk ...)
	NOT-FOR-US: Rockwell Automation FactoryTalk Diagnostics Viewer
CVE-2011-2956 (AzeoTech DAQFactory before 5.85 (Build 1842) does not perform ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2011-XXXX [rtkit: failure to drop supplemental groups]
	- rtkit 0.10-2
CVE-2011-XXXX [minissdpd multiple issues]
	- minissdpd 1.0.20110729-1 (bug #635836)
CVE-2011-2955 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealNetworks RealPlayer 11.0
CVE-2011-2954 (Use-after-free vulnerability in the AutoUpdate feature in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer 11.0
CVE-2011-2953 (An unspecified ActiveX control in the browser plugin in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2952 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2951 (Buffer overflow in RealNetworks RealPlayer 11.0 through 11.1 and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2950 (Heap-based buffer overflow in qcpfformat.dll in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2949 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2948 (RealNetworks RealPlayer 11.0 through 11.1 and 14.0.0 through 14.0.5, ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2947 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2946 (Unspecified vulnerability in an ActiveX control in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2945 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-2944 (SQL injection vulnerability in login.php in MegaLab The Uploader ...)
	NOT-FOR-US: MegaLab The Uploader
CVE-2011-2943 (The irc_msg_who function in msgs.c in the IRC protocol plugin in ...)
	- pidgin 2.10.0-1 (bug #638709)
	[squeeze] - pidgin <not-affected> (Only affects 2.8 to 2.10)
	[lenny] - pidgin <not-affected> (Only affects 2.8 to 2.10)
CVE-2011-2942 (A certain Red Hat patch to the __br_deliver function in ...)
	- linux-2.6 <not-affected> (RHEL-specific backport issue)
CVE-2011-2941 (Open redirect vulnerability in Red Hat JBoss Enterprise Portal ...)
	NOT-FOR-US: JBoss Enterprise Portal Platform
CVE-2011-2940 (stunnel 4.40 and 4.41 might allow remote attackers to execute ...)
	- stunnel4 3:4.42-1 (bug #638758)
	[squeeze] - stunnel4 <not-affected> (Only 4.4x affected)
	[lenny] - stunnel4 <not-affected> (Only 4.4x affected)
CVE-2011-2939 (Off-by-one error in the decode_xs function in Unicode/Unicode.xs in ...)
	- perl 5.12.4-4 (low; bug #637376)
	[squeeze] - perl 5.10.1-17squeeze3
	[lenny] - perl <no-dsa> (Minor issue)
	- libencode-perl 2.44-1 (low)
CVE-2011-2938 (Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php ...)
	- mantis 1.2.6-1 (bug #638321)
	[squeeze] - mantis <not-affected> (Only affects Mantis 1.1)
	[lenny] - mantis <not-affected> (Only affects Mantis 1.1)
CVE-2011-2937 (Cross-site scripting (XSS) vulnerability in the UI messages ...)
	- roundcube 0.5.4+dfsg-1 (low; bug #641996)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-2936
	RESERVED
	- elgg <itp> (bug #526197)
CVE-2011-2935
	RESERVED
	- elgg <itp> (bug #526197)
CVE-2011-2934
	RESERVED
	NOT-FOR-US: WebsiteBaker
CVE-2011-2933
	RESERVED
	NOT-FOR-US: WebsiteBaker
CVE-2011-2932 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2655-1}
	- rails 2.3.14
CVE-2011-2931 (Cross-site scripting (XSS) vulnerability in the strip_tags helper in ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-2930 (Multiple SQL injection vulnerabilities in the quote_table_name method ...)
	{DSA-2301-1}
	- rails 2.3.14
CVE-2011-2929 (The template selection functionality in ...)
	- rails <not-affected> (Only affects RoR 3.0 and above)
CVE-2011-2928 (The befs_follow_link function in fs/befs/linuxvfs.c in the Linux ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2927 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2926
	RESERVED
CVE-2011-2925 (Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 ...)
	NOT-FOR-US: Cumin
CVE-2011-2924
	RESERVED
	- foomatic-filters 4.0.12-1 (low)
	[squeeze] - foomatic-filters 4.0.5-6+squeeze2
CVE-2011-2923
	RESERVED
	- foomatic-filters <unfixed> (unimportant)
	NOTE: debug mode-only
CVE-2011-2922
	RESERVED
	- ktsuss <removed>
CVE-2011-2921
	RESERVED
	- ktsuss <removed>
CVE-2011-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Spacewalk 1.6, ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2919 (Cross-site scripting (XSS) vulnerability in Spacewalk 1.6, as used in ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-2918 (The Performance Events subsystem in the Linux kernel before 3.1 does ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
	[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2917 (SQL injection vulnerability in administrator/index2.php in Mambo CMS ...)
	NOT-FOR-US: Mambo
CVE-2011-2916
	RESERVED
	- qtnx <removed> (low; bug #637439)
	[squeeze] - qtnx <no-dsa> (Minor issue)
CVE-2011-2915 (Off-by-one error in the CSoundFile::ReadAMS2 function in ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2914 (Off-by-one error in the CSoundFile::ReadDSM function in ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2913 (Off-by-one error in the CSoundFile::ReadAMS function in ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2912 (Stack-based buffer overflow in the CSoundFile::ReadS3M function in ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2911 (Integer overflow in the CSoundFile::ReadWav function in ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1
CVE-2011-2910
	RESERVED
	- ax25-tools 0.0.8-13.2 (low; bug #638198)
	[lenny] - ax25-tools <no-dsa> (Minor issue)
	[squeeze] - ax25-tools <no-dsa> (Minor issue)
CVE-2011-2909 (The do_devinfo_ioctl function in drivers/staging/comedi/comedi_fops.c ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2908 (Cross-site request forgery (CSRF) vulnerability in the JMX Console ...)
	NOT-FOR-US: JBoss Enterprise Application Platform
CVE-2011-2907 (Terascale Open-Source Resource and Queue Manager (aka TORQUE Resource ...)
	- torque 2.4.15+dfsg-1
	[squeeze] - torque <no-dsa> (Not fixable, would need an update to a release with MUNGE support, clusters typically run in locked down environments)
CVE-2011-2906 (** DISPUTED ** Integer signedness error in the ...)
	NOT-FOR-US: ** REJECT **
CVE-2011-2905 (Untrusted search path vulnerability in the perf_config function in ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
	[lenny] - linux-2.6 <not-affected> (perf not yet present)
CVE-2011-2904 (Cross-site scripting (XSS) vulnerability in acknow.php in Zabbix ...)
	- zabbix 1:1.8.6-1
	[squeeze] - zabbix <no-dsa> (Will be handled through point update)
CVE-2011-2903 (Heap-based buffer overflow in tcptrack before 1.4.2 might allow ...)
	- tcptrack 1.4.2-1 (unimportant; bug #551092)
	NOTE: https://bugs.gentoo.org/show_bug.cgi?id=377917
CVE-2011-2902 (zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and ...)
	- xpdf 3.02-19 (low; bug #635849)
	[lenny] - xpdf <no-dsa> (zxpdf script is indeed affected, but it's not associated with pdf handling by default, so not a concern for remote abuse)
	[squeeze] - xpdf 3.02-12+squeeze1
CVE-2011-2901 (Off-by-one error in the __addr_ok macro in Xen 3.3 and earlier allows ...)
	- xen <not-affected> (Only affects Xen <= 3.3)
	- xen-3 <removed>
CVE-2011-2900 (Stack-based buffer overflow in the (1) put_dir function in mongoose.c ...)
	NOT-FOR-US: Mongoose
CVE-2011-2899 (pysmb.py in system-config-printer 0.6.x and 0.7.x, as used in ...)
	- foomatic-gui 0.7.9.5 (low)
	- system-config-printer <not-affected> (Vulnerable code not present; bug #639243)
	[squeeze] - system-config-printer <not-affected> (Vulnerable code not present)
	[lenny] - system-config-printer <no-dsa> (Minor issue)
CVE-2011-2898 (net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not ...)
	{DSA-2389-1}
	- linux-2.6 3.0.0-1
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.27)
CVE-2011-2897
	RESERVED
	- gdk-pixbuf <not-affected> (This only applies to the old standalone copy shipped until Lenny)
CVE-2011-2896 (The LZW decompressor in the LWZReadByte function in giftoppm.c in the ...)
	{DSA-2426-1 DSA-2354-1}
	- cups 1.5.0-8
	- gimp 2.6.11-5 (bug #643753)
CVE-2011-2895 (The LZW decompressor in (1) the BufCompressedFill function in ...)
	{DSA-2293-1}
	- libxfont 1:1.4.4-1
CVE-2011-2894 (Spring Framework 3.0.0 through 3.0.5, Spring Security 3.0.0 through ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2893 (The DataPilot feature in IBM Lotus Symphony 3 before FP3 allows ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2892 (Joomla! 1.6.x before 1.6.2 does not prevent page rendering inside a ...)
	NOT-FOR-US: Joomla
CVE-2011-2891 (Joomla! 1.6.x before 1.6.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla
CVE-2011-2890 (The MediaViewMedia class in ...)
	NOT-FOR-US: Joomla
CVE-2011-2889 (templates/system/error.php in Joomla! before 1.5.23 might allow remote ...)
	NOT-FOR-US: Joomla
CVE-2011-2888 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2887 (IBM Lotus Symphony 3 before FP3 on Linux allows remote attackers to ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2886 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2885 (IBM Lotus Symphony 3 before FP3 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2884 (Multiple unspecified vulnerabilities in IBM Lotus Symphony 3 before ...)
	NOT-FOR-US: IBM Lotus Symphony
CVE-2011-2883 (The NSEPA.NsepaCtrl.1 ActiveX control in nsepa.ocx in Citrix Access ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2011-2882 (Stack-based buffer overflow in the NSEPA.NsepaCtrl.1 ActiveX control ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2011-2881 (Google Chrome before 14.0.835.202 does not properly handle Google V8 ...)
	- chromium-browser <not-affected> (chromium uses libv8 system copy)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=97784
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2880 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/95667
	NOTE: http://trac.webkit.org/changeset/95689
	NOTE: http://trac.webkit.org/changeset/95728
CVE-2011-2879 (Google Chrome before 14.0.835.202 does not properly consider object ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94984
CVE-2011-2878 (Google Chrome before 14.0.835.202 does not properly restrict access to ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/95488
CVE-2011-2877 (Google Chrome before 14.0.835.202 does not properly handle SVG text, ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94508
CVE-2011-2876 (Use-after-free vulnerability in Google Chrome before 14.0.835.202 ...)
	- chromium-browser 14.0.835.202~r103287-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/95600
CVE-2011-2875 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (libv8 issue)
	- libv8 3.8.9.20-1 (bug #687574)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=95920
	NOTE: access restricted to chrome/libv8 bug log, so uncheckable
CVE-2011-2874 (Google Chrome before 14.0.835.163 does not perform an expected pin ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2873 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2872 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2871 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2870 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2869 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2868 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2867 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2866 (WebKit, as used in Apple iTunes before 10.6, allows man-in-the-middle ...)
	NOT-FOR-US: Apple WebKit
	NOTE: reported by google, likely duplicate
CVE-2011-2865
	RESERVED
CVE-2011-2864 (Google Chrome before 14.0.835.163 does not properly handle Tibetan ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2863
	RESERVED
CVE-2011-2862 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2861 (Google Chrome before 14.0.835.163 does not properly handle strings in ...)
	- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2860 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93794
CVE-2011-2859 (Google Chrome before 14.0.835.163 uses incorrect permissions for ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2858 (Google Chrome before 14.0.835.163 does not properly handle triangle ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2857 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/93514
CVE-2011-2856 (Google V8, as used in Google Chrome before 14.0.835.163, allows remote ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
	- webkit <not-affected>
	- libv8 3.4.14.21-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2855 (Google Chrome before 14.0.835.163 does not properly handle Cascading ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93227
CVE-2011-2854 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/94109
	NOTE: http://trac.webkit.org/changeset/94543
CVE-2011-2853 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2852 (Off-by-one error in Google V8, as used in Google Chrome before ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected> (uses libv8 system copy)
	- webkit <not-affected>
	- libv8 3.4.14.21-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2851 (Google Chrome before 14.0.835.163 does not properly handle video, ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2850 (Google Chrome before 14.0.835.163 does not properly handle Khmer ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2849 (The WebSockets implementation in Google Chrome before 14.0.835.163 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2848 (Google Chrome before 14.0.835.163 allows user-assisted remote ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2847 (Use-after-free vulnerability in the document loader in Google Chrome ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/93521
CVE-2011-2846 (Use-after-free vulnerability in Google Chrome before 14.0.835.163 ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-2845 (Google Chrome before 15.0.874.102 does not properly handle history ...)
	- chromium-browser 15.0.874.106~r107270-1
	[squeeze] - chromium-browser <end-of-life>
CVE-2011-2844 (Google Chrome before 14.0.835.163 does not properly process MP3 files, ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2843 (Google Chrome before 14.0.835.163 does not properly handle media ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2842 (The installer in Google Chrome before 14.0.835.163 on Mac OS X does ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2841 (Google Chrome before 14.0.835.163 does not properly perform garbage ...)
	- chromium-browser <not-affected> (pdf plugin)
	- webkit <not-affected>
CVE-2011-2840 (Google Chrome before 14.0.835.163 allows user-assisted remote ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90164
CVE-2011-2839 (The PDF implementation in Google Chrome before 13.0.782.215 on Linux ...)
	- chromium-browser <not-affected> (Pdf plugin)
CVE-2011-2838 (Google Chrome before 14.0.835.163 does not properly consider the MIME ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2837 (Google Chrome before 14.0.835.163 on Linux does not use the PIC and ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2836 (Google Chrome before 14.0.835.163 does not require Infobar interaction ...)
	- chromium-browser 14.0.835.163~r101024-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2835 (Race condition in Google Chrome before 14.0.835.163 allows attackers ...)
	- chromium-browser 14.0.835.163~r101024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
CVE-2011-2834 (Double free vulnerability in libxml2, as used in Google Chrome before ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
CVE-2011-2833 (WebKit, as used in Apple iOS before 5.1 and iTunes before 10.6, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2832
	RESERVED
CVE-2011-2831 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2830 (Google V8, as used in Google Chrome before 14.0.835.163, does not ...)
	NOTE: CVE description is wrong, see #656057
CVE-2011-2829 (Integer overflow in Google Chrome before 13.0.782.215 on 32-bit ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/92413
CVE-2011-2828 (Google V8, as used in Google Chrome before 13.0.782.215, allows remote ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-2827 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91908
CVE-2011-2826 (Google Chrome before 13.0.782.215 allows remote attackers to bypass ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91957
CVE-2011-2825 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/r91738
	NOTE: http://trac.webkit.org/r91739
	NOTE: http://trac.webkit.org/changeset/92744
CVE-2011-2824 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/92630
CVE-2011-2823 (Use-after-free vulnerability in Google Chrome before 13.0.782.215 ...)
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
CVE-2011-2822 (Google Chrome before 13.0.782.215 on Windows does not properly parse ...)
	- chromium-browser <not-affected> (windows only)
	- webkit <not-affected>
CVE-2011-2821 (Double free vulnerability in libxml2, as used in Google Chrome before ...)
	{DSA-2394-1}
	- chromium-browser 13.0.782.215~r97094-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
	- libxml2 2.7.8.dfsg-5 (low; bug #643648)
	[squeeze] - libxml2 <no-dsa> (denial-of-service only issue)
CVE-2011-2820 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2819 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91611
CVE-2011-2818 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	NOTE: http://trac.webkit.org/changeset/91386
CVE-2011-2817 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2816 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2815 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2814 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2813 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2812
	RESERVED
CVE-2011-2811 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2810
	REJECTED
CVE-2011-2809 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2808
	RESERVED
CVE-2011-2807
	RESERVED
CVE-2011-2806 (Google Chrome before 13.0.782.215 on Windows does not properly handle ...)
	- chromium-browser <not-affected> (It's in Windows-specific code)
CVE-2011-2805 (Google Chrome before 13.0.782.107 allows remote attackers to bypass ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/91152
CVE-2011-2804 (Google Chrome before 13.0.782.107 does not properly handle nested ...)
	- chromium-browser <not-affected> (pdf plugin)
CVE-2011-2803 (Google Chrome before 13.0.782.107 does not properly handle Skia paths, ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (skia code)
CVE-2011-2802 (Google V8, as used in Google Chrome before 13.0.782.107, does not ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected>
	- libv8 3.4
	[squeeze] - libv8 <not-affected>
	NOTE: Bug was introduced in http://code.google.com/p/v8/source/detail?r=8224
CVE-2011-2801 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90936
CVE-2011-2800 (Google Chrome before 13.0.782.107 allows remote attackers to obtain ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/91044
	NOTE: http://developer.apple.com/library/safari/#documentation/Tools/Conceptual/SafariExtensionGuide/MessagesandProxies/MessagesandProxies.html#//apple_ref/doc/uid/TP40009977-CH14-SW9
CVE-2011-2799 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/90130
CVE-2011-2798 (Google Chrome before 13.0.782.107 does not properly restrict access to ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2797 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/90595
CVE-2011-2796 (Use-after-free vulnerability in Skia, as used in Google Chrome before ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (skia code)
CVE-2011-2795 (Google Chrome before 13.0.782.107 does not prevent calls to functions ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/89782
CVE-2011-2794 (Google Chrome before 13.0.782.107 does not properly perform text ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89831
CVE-2011-2793 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89595
CVE-2011-2792 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89836
CVE-2011-2791 (The International Components for Unicode (ICU) functionality in Google ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (icu issue)
	NOTE: ICU bug only in debug build
CVE-2011-2790 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/89165
CVE-2011-2789 (Use-after-free vulnerability in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2788 (Buffer overflow in the inspector serialization functionality in Google ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88444
CVE-2011-2787 (Google Chrome before 13.0.782.107 does not properly address ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2786 (Google Chrome before 13.0.782.107 does not ensure that the ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2785 (The extensions implementation in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2784 (Google Chrome before 13.0.782.107 allows remote attackers to obtain ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in angleproject)
CVE-2011-2783 (Google Chrome before 13.0.782.107 does not ensure that developer-mode ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2782 (The drag-and-drop implementation in Google Chrome before 13.0.782.107 ...)
	- chromium-browser 13.0.782.107~r94237-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-2781
	RESERVED
CVE-2011-2780 (Directory traversal vulnerability in includes/lib/gz.php in Chyrp 2.0 ...)
	NOT-FOR-US: Chyrp
CVE-2011-2779 (Windows Event Log SmartConnector in HP ArcSight Connector Appliance ...)
	NOT-FOR-US: HP ArcSight Connector Appliance
CVE-2011-2778 (Multiple heap-based buffer overflows in Tor before 0.2.2.35 allow ...)
	{DSA-2363-1}
	- tor 0.2.2.35-1
CVE-2011-2777 (samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier ...)
	- acpid 1:2.0.14-1
	[lenny] - acpid <not-affected> (Vulnerable code not present)
	[squeeze] - acpid 1:2.0.7-1squeeze3
CVE-2011-2776 (Buffer overflow in the Error function in super.c in Super 3.30.0 might ...)
	{DSA-2383-1}
	- super 3.30.0-6
CVE-2011-2775
	RESERVED
CVE-2011-2774 (The &quot;Reply to message&quot; feature in Mahara 1.3.x and 1.4.x before 1.4.1 ...)
	- mahara 1.4.1-1
	[squeeze] - mahara <not-affected> (Vulnerable code not present)
	[lenny] - mahara <not-affected> (Vulnerable code not present)
CVE-2011-4118 (Mahara before 1.4.1, when MNet (aka the Moodle network feature) is ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
	NOTE: http://mahara.org/interaction/forum/topic.php?id=4138
CVE-2011-2773 (Cross-site request forgery (CSRF) vulnerability in Mahara before 1.4.1 ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2772 (The get_dataroot_image_path function in lib/file.php in Mahara before ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2771 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before ...)
	{DSA-2334-1}
	- mahara 1.4.1-1
CVE-2011-2770 (Cross-site scripting (XSS) vulnerability in man2html.cgi.c in man2html ...)
	{DSA-2335-1}
	- man2html 1.6g-6
CVE-2011-2769 (Tor before 0.2.2.34, when configured as a bridge, accepts the CREATE ...)
	{DSA-2331-1}
	- tor 0.2.2.34-1
CVE-2011-2768 (Tor before 0.2.2.34, when configured as a client or bridge, sends a ...)
	{DSA-2331-1}
	- tor 0.2.2.34-1
CVE-2011-2767
	RESERVED
CVE-2011-2766 (The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by ...)
	{DSA-2327-1}
	- libfcgi-perl 0.73-2 (bug #607479)
	[lenny] - libfcgi-perl <not-affected> (Introduced in 0.70)
CVE-2011-2765 [pyro: insecure use of temporary pid file]
	RESERVED
	- pyro 1:3.14-1 (low; bug #631912)
	[lenny] - pyro <no-dsa> (Minor issue)
	[squeeze] - pyro <no-dsa> (Minor issue)
CVE-2011-2764 (The FS_CheckFilenameIsNotExecutable function in qcommon/files.c in the ...)
	- openarena 0.8.5-5+exp1
	NOTE: Current openarena packages use the share ioquake3 engine
	[squeeze] - openarena 0.8.5-5+squeeze1
	- ioquake3 1.36+svn1946-4
	- tremulous 1.1.0-6 (bug #660836)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2011-2763 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) and ...)
	NOT-FOR-US: LifeSize Room appliance
CVE-2011-2762 (The web interface on the LifeSize Room appliance LS_RM1_3.5.3 (11) ...)
	NOT-FOR-US: LifeSize Room appliance
CVE-2011-2761 (Google Chrome 14.0.794.0 does not properly handle a reload of a page ...)
	- chromium-browser 14.0.835.157~r99685-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium issue)
CVE-2011-2760 (Brocade BigIron RX switches allow remote attackers to bypass ACL rules ...)
	NOT-FOR-US: Brocade BigIron RX
CVE-2011-2759 (The login page of IDSWebApp in the Web Administration Tool in IBM ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-2758 (IDSWebApp in the Web Administration Tool in IBM Tivoli Directory ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-2757 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2756 (FileDownload.jsp in ManageEngine ServiceDesk Plus 8.0 before Build ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2755 (Directory traversal vulnerability in FileDownload.jsp in ManageEngine ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-2754 (Cross-site scripting (XSS) vulnerability in the PageBuilder2 (aka Page ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2753 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2011-2752 (CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2011-2751 (SQL injection vulnerability in Parodia before 6.809 allows remote ...)
	NOT-FOR-US: Parodia
CVE-2011-2750 (NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-2749 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before ...)
	{DSA-2292-1}
	- isc-dhcp 4.2.2-1 (bug #638404)
	- dhcp3 <removed>
CVE-2011-2748 (The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before ...)
	{DSA-2292-1}
	- isc-dhcp 4.2.2-1 (bug #638404)
	- dhcp3 <removed>
CVE-2011-2747 (Google Picasa before 3.6 Build 105.67 does not properly handle invalid ...)
	NOT-FOR-US: Google Picasa
CVE-2011-2746 (Unspecified vulnerability in Kernel/Modules/AdminPackageManager.pm in ...)
	- otrs2 2.4.7-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2011-2745 (upload_handler.php in the swfupload extension in Chyrp 2.0 and earlier ...)
	NOT-FOR-US: Chyrp
CVE-2011-2744 (Directory traversal vulnerability in Chyrp 2.1 and earlier allows ...)
	NOT-FOR-US: Chyrp
CVE-2011-2743 (Multiple cross-site scripting (XSS) vulnerabilities in Chyrp 2.1 and ...)
	NOT-FOR-US: Chyrp
CVE-2011-2742 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2741 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2740 (EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when ...)
	NOT-FOR-US: EMC RSA Key Manager
CVE-2011-2739 (The file-blocking feature in EMC Documentum eRoom 7.3.x and 7.4.x ...)
	NOT-FOR-US: EMC Documentum eRoom
CVE-2011-2738 (Multiple unspecified vulnerabilities in Cisco Unified Service Monitor ...)
	NOT-FOR-US: Cisco Unified Service Monitor, CiscoWorks LAN Management Solution
CVE-2011-2737 (RSA enVision 3.x and 4.x before 4 SP4 P3 allows remote attackers to ...)
	NOT-FOR-US: RSA enVision
CVE-2011-2736 (RSA enVision 4.x before 4 SP4 P3 places cleartext administrative ...)
	NOT-FOR-US: RSA enVision
CVE-2011-2735 (Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before ...)
	NOT-FOR-US: EMC AutoStart
CVE-2011-2734
	REJECTED
CVE-2011-2733 (EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-2732 (CRLF injection vulnerability in the logout functionality in VMware ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2731 (Race condition in the RunAsManager mechanism in VMware SpringSource ...)
	- libspring-security-2.0-java 2.0.7.RELEASE-1 (bug #670901)
	[squeeze] - libspring-security-2.0-java <no-dsa> (Minor issue)
CVE-2011-2730 (VMware SpringSource Spring Framework before 2.5.6.SEC03, 2.5.7.SR023, ...)
	{DSA-2504-1}
	- libspring-2.5-java <unfixed> (bug #677814)
CVE-2011-2729 (native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 ...)
	- commons-daemon 1.0.7-1
	[squeeze] - commons-daemon <not-affected> (Support for libcap was only added in 1.0.6)
	NOTE: According to http://tomcat.apache.org/security-7.html jsvc needs to be build againt libcap to be exploitable
CVE-2011-2728 (The bsd_glob function in the File::Glob module for Perl before 5.14.2 ...)
	- perl 5.14.2-1 (unimportant)
	NOTE: requires the attacker to manipulate glob flags
CVE-2011-2727 (The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and ...)
	NOT-FOR-US: Tribiq CMS
CVE-2011-2726 [SA-CORE-2011-003]
	RESERVED
	- drupal7 7.6-1
CVE-2011-2725 (Directory traversal vulnerability in Ark 4.7.x and earlier allows ...)
	- kdeutils 4:4.6.5-4 (low; bug #635541)
	[lenny] - kdeutils <no-dsa> (Minor issue)
	[squeeze] - kdeutils 4:4.4.5-1+squeeze1
CVE-2011-2724 (The check_mtab function in client/mount.cifs.c in mount.cifs in smbfs ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:5.1-1 (low)
	[squeeze] - cifs-utils 2:4.5-2+squeeze1
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://web.archive.org/web/20111209193822/http://git.samba.org/?p=cifs-utils.git;a=commit;h=1e7a32924b22d1f786b6f490ce8590656f578f91
CVE-2011-2723 (The skb_gro_header_slow function in include/linux/netdevice.h in the ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-2
CVE-2011-2722 (The send_data_to_stdout function in prnt/hpijs/hpcupsfax.cpp in HP ...)
	- hplip 3.11.10-1 (bug #635549; low)
	[squeeze] - hplip 3.10.6-2+squeeze0
	[lenny] - hplip <not-affected> (Vulnerable code not present)
CVE-2011-2721 (Off-by-one error in the cli_hm_scan function in matcher-hash.c in ...)
	- clamav 0.97.2+dfsg-1 (bug #635599)
	[squeeze] - clamav 0.97.2+dfsg-1~squeeze1
CVE-2011-2720 (The autocompletion functionality in GLPI before 0.80.2 does not ...)
	- glpi 0.80.2-1 (bug #635544; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2011-2719 (libraries/auth/swekey/swekey.auth.lib.php in phpMyAdmin 3.x before ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.2-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2718 (Multiple directory traversal vulnerabilities in the relational schema ...)
	- phpmyadmin 4:3.4.3.2-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2717
	RESERVED
	NOT-FOR-US: udhcp6c
CVE-2011-2716 (The DHCP client (udhcpc) in BusyBox before 1.20.0 allows remote DHCP ...)
	- busybox 1:1.20.0-3 (unimportant; bug #635548)
	NOTE: the default action script of busybox is not vulnerable to this attack
	NOTE: fixed in 1.20 (experimental). default script in udeb may be vulnerable.
CVE-2011-2715
	RESERVED
	NOT-FOR-US: Drupal data module
CVE-2011-2714
	RESERVED
	NOT-FOR-US: Drupal data module
CVE-2011-2713 (oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows ...)
	{DSA-2315-1}
	- libreoffice 1:3.4.3-1
	- openoffice.org 1:3.3.0-1
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2712 (Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before ...)
	NOT-FOR-US: Apache Wicket
CVE-2011-2711 (Cross-site scripting (XSS) vulnerability in the print_fileinfo ...)
	NOT-FOR-US: cgit
CVE-2011-2710 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2011-2709 (libgssapi and libgssglue before 0.4 do not properly check privileges, ...)
	- libgssglue 0.4-1 (low; bug #670256)
	[squeeze] - libgssglue <no-dsa> (Minor issue in Squeeze)
	NOTE: Our mount.nfs does not link against libgssglue,
	NOTE: so we do not appear to be affected directly.
CVE-2011-2708
	REJECTED
CVE-2011-2707 (The ptrace_setxregs function in arch/xtensa/kernel/ptrace.c in the ...)
	- linux-2.6 <not-affected> (xtensa arch not used in Debian)
CVE-2011-2706
	RESERVED
	NOT-FOR-US: sNews
CVE-2011-2705 (The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby ...)
	{DLA-235-1 DLA-88-1}
	- ruby1.8 1.8.7.352-1 (low; bug #635878)
	- ruby1.9.1 1.9.3~preview1-1 (low)
CVE-2011-2704 (Stack-based buffer overflow in MapServer before 4.10.7 and 5.x before ...)
	{DSA-2285-1}
	- mapserver 6.0.1-1
CVE-2011-2703 (Multiple SQL injection vulnerabilities in MapServer before 4.10.7, 5.x ...)
	{DSA-2285-1}
	- mapserver 6.0.1-1
CVE-2011-2702 (Integer signedness error in Glibc before 2.13 and eglibc before 2.13, ...)
	- eglibc 2.13-10
	[squeeze] - eglibc <not-affected> (ssse3 optimizations not included in squeeze version)
	- glibc <not-affected> (ssse3 optimizations not included)
	NOTE: http://web.archive.org/web/20110824011938/http://www.nodefense.org:80/eglibc.txt
	NOTE: fixed well before 2.13-10, but that is the present testing version that was available to check
CVE-2011-2701 (The ocsp_check function in rlm_eap_tls.c in FreeRADIUS 2.1.11, when ...)
	- freeradius <not-affected> (Introduced in 2.1.11, even sid ships 2.1.10+dfsg-3+b2)
CVE-2011-2700 (Multiple buffer overflows in the si4713_write_econtrol_string function ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-1
	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2011-2699 (The IPv6 implementation in the Linux kernel before 3.1 does not ...)
	- linux-2.6 3.0.0-2
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2698 (Off-by-one error in the elem_cell_id_aux function in ...)
	- wireshark 1.6.1-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-2697 (foomatic-rip-hplip in HP Linux Imaging and Printing (HPLIP) 3.11.5 ...)
	{DSA-2380-1}
	- hplip 3.10.6-2 (bug #635549; medium)
	NOTE: hplip might have been fixed earlier than stable, current versions use foomatic-rip
	NOTE: from foomatic-filters: /usr/lib/cups/filter/foomatic-rip
	- foomatic-filters 4.0
	NOTE: There two implementation of the affected filter: the version from foomatic-filters
	NOTE: 4.0 is written in C and has been assigned CVE-2011-2964 and the version in
	NOTE: foomatic-filters 3.x is written in Perl and has been assigned CVE-2011-2697
	NOTE: hplip includes local copy of the Perl version. It needs to be checked, whether
	NOTE: it's modified somehow
CVE-2011-2696 (Integer overflow in libsndfile before 1.0.25 allows remote attackers ...)
	{DSA-2288-1}
	- libsndfile 1.0.25-1
CVE-2011-2695 (Multiple off-by-one errors in the ext4 subsystem in the Linux kernel ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 2.6.32-48
CVE-2011-2694 (Cross-site scripting (XSS) vulnerability in the chg_passwd function in ...)
	{DSA-2290-1}
	- samba 2:3.5.10~dfsg-1 (low)
CVE-2011-2693 (The perf subsystem in the kernel package 2.6.32-122.el6.x86_64 in Red ...)
	NOTE: Duplicate of CVE-2011-2521
CVE-2011-2692 (The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (low; bug #633871)
CVE-2011-2691 (The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (low; bug #633871)
CVE-2011-2690 (Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, ...)
	{DSA-2287-1}
	- libpng 1.2.46-1 (high; bug #633871)
CVE-2011-2689 (The gfs2_fallocate function in fs/gfs2/file.c in the Linux kernel ...)
	- linux-2.6 3.0.0-1
	[squeeze] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
	[lenny] - linux-2.6 <not-affected> (gfs didn't have fallocate support until 2.6.37)
CVE-2011-2688 (SQL injection vulnerability in mysql/mysql-auth.pl in the ...)
	{DSA-2279-1}
	- libapache2-mod-authnz-external 3.2.4-2.1 (medium; bug #633637)
CVE-2011-2687 (Drupal 7.x before 7.3 allows remote attackers to bypass intended ...)
	NOTE: http://drupal.org/node/1168756
	- drupal7 7.2-1 (bug #633385)
	- drupal6 6.22-1
	[squeeze] - drupal6 6.18-1squeeze1
CVE-2011-2686 (Ruby before 1.8.7-p352 does not reset the random seed upon forking, ...)
	{DLA-88-1}
	- ruby1.8 1.8.7.352-1 (low; bug #635878)
CVE-2011-2685 (Stack-based buffer overflow in the Lotus Word Pro import filter in ...)
	{DSA-2275-1}
	- libreoffice 1:3.3.3-1
	- openoffice.org 1:3.3.0-1
	[lenny] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: Since 3.3.0 openoffice.org is a transitional source package to migrate to libreoffice
CVE-2011-2684 (foo2zjs before 20110722dfsg-3ubuntu1 as packaged in Ubuntu, ...)
	- foo2zjs 20110722dfsg-1 (low; bug #633870)
	[lenny] - foo2zjs <no-dsa> (Minor issue)
	[squeeze] - foo2zjs 20090908dfsg-5.1+squeeze0
CVE-2011-2683 (reseed seeds random numbers from an insecure HTTP request to ...)
	- reseed <removed>
	[lenny] - reseed <no-dsa> (Minor issue)
CVE-2010-4814 (SQL injection vulnerability in index1.php in Best Soft Inc. (BSI) ...)
	NOT-FOR-US: Best Soft Inc.
CVE-2010-4813 (Cross-site scripting (XSS) vulnerability in the Category Tokens module ...)
	NOT-FOR-US: Drupal 6.x Category Tokens module
CVE-2010-4812 (Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 ...)
	NOT-FOR-US: 6kbbs
CVE-2010-4811 (Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php ...)
	NOT-FOR-US: 6kbbs
CVE-2010-4810 (Multiple PHP remote file inclusion vulnerabilities in AR Web Content ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2010-4809 (SQL injection vulnerability in index.php in DBSite 1.0 allows remote ...)
	NOT-FOR-US: DBSite
CVE-2010-4808 (SQL injection vulnerability in index.php in Webmatic allows remote ...)
	NOT-FOR-US: Webmatic
CVE-2011-2682 (The Login component in IBM Rational DOORS Web Access 1.4.x before ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2681 (IBM Rational DOORS Web Access 1.4.x before 1.4.0.4 does not properly ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2680 (Unspecified vulnerability in IBM Rational DOORS Web Access 1.4.x ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2679 (Cross-site scripting (XSS) vulnerability in IBM Rational DOORS Web ...)
	NOT-FOR-US: IBM Rational DOORS Web Access
CVE-2011-2678 (The Cisco VPN Client 5.0.7.0240 and 5.0.7.0290 on 64-bit Windows ...)
	NOT-FOR-US: Cisco VPN Client
CVE-2011-2677 (Cybozu Office before 8.0.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Cybozu Office
CVE-2011-2676 (The A-Form and A-Form bamboo before 1.3.6 and 2.x before 2.0.3, and ...)
	NOT-FOR-US: A-Form
CVE-2011-2675 (Cross-site scripting (XSS) vulnerability in Enkai-kun before 110916 ...)
	NOT-FOR-US: Enkai-kun
CVE-2011-2674 (BaserCMS before 1.6.12 does not properly restrict additions to the ...)
	NOT-FOR-US: BaserCMS
CVE-2011-2673 (Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 ...)
	NOT-FOR-US: BaserCMS
CVE-2011-2672 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before ...)
	NOT-FOR-US: SemanticScuttle
CVE-2011-2671 (Unspecified vulnerability in Megalith 12th edition through 27th ...)
	NOT-FOR-US: Megalith
CVE-2011-2670
	RESERVED
CVE-2011-2669
	RESERVED
CVE-2011-2668
	RESERVED
CVE-2011-2667 (Icihttp.exe in CA Gateway Security for HTTP, as used in CA Gateway ...)
	NOT-FOR-US: CA Gateway Security for HTTP
CVE-2011-2666 (The default configuration of the SIP channel driver in Asterisk Open ...)
	- asterisk 1:1.8.3.3-1
	[squeeze] - asterisk <no-dsa> (minor issue; can be addressed through configuration)
CVE-2011-2665 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source ...)
	- asterisk 1:1.8.4.3-1 (bug #631445)
	[squeeze] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
CVE-2011-2664 (Unspecified vulnerability in Check Point Multi-Domain Management / ...)
	NOT-FOR-US: Check Point Multi-Domain Management
CVE-2011-2663 (Array index error in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2662 (Integer signedness error in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2661 (Multiple cross-site scripting (XSS) vulnerabilities in WebAccess in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2660 (The modify_resolvconf_suse script in the vpnc package before ...)
	- vpnc <not-affected>
	NOTE: This only affects the SUSE packaging.
CVE-2011-2659
	RESERVED
CVE-2011-2658 (The ISList.ISAvi ActiveX control in AdminStudio in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-2657 (Directory traversal vulnerability in the LaunchProcess function in the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2011-2656 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2655 (Unspecified vulnerability in ZfHSrvr.exe in Novell ZENworks Handheld ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2654 (The RPC implementation in the server in Novell Cloud Manager 1.1.2 ...)
	NOT-FOR-US: Novell Cloud Manager
CVE-2011-2653 (Directory traversal vulnerability in the rtrlet component in Novell ...)
	NOT-FOR-US: Novell ZENworks
CVE-2011-2652 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2651 (Unspecified vulnerability in the file browser in Kiwi before 3.74.2, ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2650 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2649 (Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2648 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2647 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2646 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2645 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2644 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2643 (Directory traversal vulnerability in sql.php in phpMyAdmin 3.4.x ...)
	- phpmyadmin 4:3.4.3.2-1
	[squeeze] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2642 (Multiple cross-site scripting (XSS) vulnerabilities in the table Print ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.2-1
CVE-2011-XXXX [stardict: minor information disclosure]
	- stardict 3.0.1-5 (low; bug #632260)
	[squeeze] - stardict <no-dsa> (minor information disclosure)
	[lenny] - stardict <no-dsa> (minor information disclosure)
CVE-2011-2641 (Opera 11.11 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2011-2640 (Opera before 11.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-2639 (Opera before 11.10 does not properly handle hidden animated GIF ...)
	NOT-FOR-US: Opera
CVE-2011-2638 (Unspecified vulnerability in Opera before 11.10 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2637 (Unspecified vulnerability in Opera before 11.10 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2636 (Unspecified vulnerability in Opera before 11.10 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2635 (The Cascading Style Sheets (CSS) implementation in Opera before 11.10 ...)
	NOT-FOR-US: Opera
CVE-2011-2634 (Opera before 11.10 allows remote attackers to hijack (1) searches and ...)
	NOT-FOR-US: Opera
CVE-2011-2633 (Unspecified vulnerability in Opera before 11.11 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2632 (Opera before 11.11 does not properly handle destruction of a ...)
	NOT-FOR-US: Opera
CVE-2011-2631 (The Cascading Style Sheets (CSS) implementation in Opera before 11.11 ...)
	NOT-FOR-US: Opera
CVE-2011-2630 (Opera before 11.11 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Opera
CVE-2011-2629 (Unspecified vulnerability in Opera before 11.11 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2628 (Opera before 11.11 does not properly implement FRAMESET elements, ...)
	NOT-FOR-US: Opera
CVE-2011-2627 (Unspecified vulnerability in the DOM implementation in Opera before ...)
	NOT-FOR-US: Opera
CVE-2011-2626 (Opera before 11.50 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-2625 (Opera before 11.50 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-2624 (Opera before 11.50 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Opera
CVE-2011-2623 (Unspecified vulnerability in the SVG BiDi implementation in Opera ...)
	NOT-FOR-US: Opera
CVE-2011-2622 (Unspecified vulnerability in the Web Workers implementation in Opera ...)
	NOT-FOR-US: Opera
CVE-2011-2621 (Unspecified vulnerability in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2620 (Unspecified vulnerability in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2619 (Opera before 11.50 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-2618 (Opera before 11.50 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-2617 (Unspecified vulnerability in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2616 (Unspecified vulnerability in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2615 (Unspecified vulnerability in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2614 (The SVG implementation in Opera before 11.50 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2011-2613 (The Array.prototype.join method in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2612 (Unspecified vulnerability in Opera before 11.50 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-2611 (Unspecified vulnerability in the printing functionality in Opera ...)
	NOT-FOR-US: Opera
CVE-2011-2610 (Unspecified vulnerability in Opera before 11.50 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2011-2609 (Opera before 11.50 does not properly restrict data: URIs, which makes ...)
	NOT-FOR-US: Opera
CVE-2011-2608 (ovbbccb.exe 6.20.50.0 and other versions in HP OpenView Performance ...)
	NOT-FOR-US: HP OpenView
CVE-2011-2607 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2606 (Cross-site scripting (XSS) vulnerability in the Web UI in IBM Rational ...)
	NOT-FOR-US: IBM Rational Team Concert
CVE-2011-2605 (CRLF injection vulnerability in the ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2604 (The Intel G41 driver 6.14.10.5355 on Windows XP SP3 allows remote ...)
	NOT-FOR-US: Windows XP
CVE-2011-2603 (The NVIDIA 9400M driver 6.2.6 on Mac OS X 10.6.7 allows remote ...)
	NOT-FOR-US: Mac OS X
CVE-2011-2602 (The NVIDIA Geforce 310 driver 6.14.12.7061 on Windows XP SP3 allows ...)
	NOT-FOR-US: Windows XP
CVE-2011-2601 (The GPU support functionality in Mac OS X does not properly restrict ...)
	NOT-FOR-US: Mac OS X
CVE-2011-2600 (The GPU support functionality in Windows XP does not properly restrict ...)
	NOT-FOR-US: Windows XP
CVE-2011-2599 (Google Chrome 11 does not block use of a cross-domain image as a WebGL ...)
	- chromium-browser <unfixed> (unimportant)
	[squeeze] - chromium-browser <not-affected>
CVE-2011-2598 (The WebGL implementation in Mozilla Firefox 4.x allows remote ...)
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2009-5082 (The (1) configure and (2) config.guess scripts in GNU troff (aka ...)
	- groff 1.20.1-5 (unimportant; bug #538338)
	NOTE: Only exploitable during build
CVE-2009-5081 (The (1) config.guess, (2) contrib/groffer/perl/groffer.pl, and (3) ...)
	- groff 1.20.1-5 (unimportant)
	NOTE: Only exploitable during build
CVE-2009-5080 (The (1) contrib/eqn2graph/eqn2graph.sh, (2) ...)
	- groff 1.20.1-5 (low; bug #538330)
	[lenny] - groff <no-dsa> (Minor issue)
CVE-2009-5079 (The (1) gendef.sh, (2) doc/fixinfo.sh, and (3) ...)
	- groff 1.20.1-5 (unimportant)
CVE-2009-5078 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 ...)
	- groff 1.20.1-5 (low; bug #538338)
	[etch] - groff <not-affected> (pdfroff not yet present)
	[lenny] - groff <not-affected> (pdfroff not yet present)
CVE-2011-2597 (The Lucent/Ascend file parser in Wireshark 1.2.x before 1.2.18, 1.4.x ...)
	- wireshark 1.6.1-1 (unimportant)
	NOTE: no code injection, not treated as a security issue, see README.Debian.security
CVE-2011-2596
	RESERVED
CVE-2011-2595 (Multiple stack-based buffer overflows in ACDSee FotoSlate 4.0 Build ...)
	NOT-FOR-US: ACDSee FotoSlate
CVE-2011-2594 (Heap-based buffer overflow in KMPlayer 3.0.0.1441, and possibly other ...)
	NOT-FOR-US: KMPlayer
	NOTE: This is http://www.kmplayer.com and not our kmplayer package.
CVE-2011-2593 (Integer overflow in the StartEpa method in the nsepacom ActiveX ...)
	NOT-FOR-US: Citrix Access Gateway Enterprise Edition Plug-in
CVE-2011-2592 (Heap-based buffer overflow in the StartEpa method in the nsepacom ...)
	NOT-FOR-US: ActiveX control for Citrix Access Gateway
CVE-2011-2591 (Multiple buffer overflows in the Provideo ActiveX controls allow ...)
	NOT-FOR-US: Provideo ActiveX
CVE-2011-2590 (The Play method in the UUPlayer ActiveX control 6.0.0.1 in UUSee 2010 ...)
	NOT-FOR-US: UUSee 201
CVE-2011-2589 (Heap-based buffer overflow in the SendLogAction method in the UUPlayer ...)
	NOT-FOR-US: UUSee 201
CVE-2011-2588 (Heap-based buffer overflow in the AVI_ChunkRead_strf function in ...)
	- vlc 1.1.11-1 (bug #633675)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2587 (Heap-based buffer overflow in the DemuxAudioSipr function in real.c in ...)
	- vlc 1.1.11-1 (bug #633674)
	[squeeze] - vlc <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-2586 (The HTTP client in Cisco IOS 12.4 and 15.0 allows user-assisted remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2585 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...)
	NOT-FOR-US: Cisco Show and Share
CVE-2011-2584 (Cisco Show and Share 5(2), 5.2(1), and 5.2(2) before 5.2(2.1) allows ...)
	NOT-FOR-US: Cisco Show and Share
CVE-2011-2583 (Cisco Unified Contact Center Express (aka CCX) 8.0 and 8.5 allows ...)
	NOT-FOR-US: Cisco CCX
CVE-2011-2582
	RESERVED
CVE-2011-2581 (The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2011-2580
	RESERVED
CVE-2011-2579
	RESERVED
CVE-2011-2578 (Memory leak in Cisco IOS 15.1 and 15.2 allows remote attackers to ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2577 (Unspecified vulnerability in Cisco TelePresence C Series Endpoints, ...)
	NOT-FOR-US: Cisco TelePresence
CVE-2011-2576
	RESERVED
CVE-2011-2575
	RESERVED
CVE-2011-2574
	RESERVED
CVE-2011-2573
	RESERVED
CVE-2011-2572
	RESERVED
CVE-2011-2571
	RESERVED
CVE-2011-2570
	RESERVED
CVE-2011-2569 (Cisco Nexus OS (aka NX-OS) 4.2 and 5.0 and Cisco Unified Computing ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2011-2568
	RESERVED
CVE-2011-2567
	RESERVED
CVE-2011-2566
	RESERVED
CVE-2011-2565
	RESERVED
CVE-2011-2564 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2563 (Unspecified vulnerability in the Service Advertisement Framework (SAF) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2562 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2561 (The SIP process in Cisco Unified Communications Manager (aka CUCM, ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2560 (The Packet Capture Service in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-2559
	RESERVED
CVE-2011-2558
	RESERVED
CVE-2011-2557
	RESERVED
CVE-2011-2556
	RESERVED
CVE-2011-2555 (Cisco TelePresence Recording Server 1.7.2.x before 1.7.2.1 has a ...)
	NOT-FOR-US: Cisco TelePresence Recording Server
CVE-2011-2554
	RESERVED
CVE-2011-2553
	RESERVED
CVE-2011-2552
	RESERVED
CVE-2011-2551
	RESERVED
CVE-2011-2550
	RESERVED
CVE-2011-2549 (Unspecified vulnerability in Cisco IOS XR 4.1.x before 4.1.1 on Cisco ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2011-2548
	RESERVED
CVE-2011-2547 (The web-based management interface on Cisco SA 500 series security ...)
	NOT-FOR-US: Cisco SA 500 series appliances management interface
CVE-2011-2546 (SQL injection vulnerability in the web-based management interface on ...)
	NOT-FOR-US: Cisco SA 500 series appliances management interface
CVE-2011-2545 (Cross-site scripting (XSS) vulnerability in the SIP implementation on ...)
	NOT-FOR-US: Cisco SPA
CVE-2011-2544 (Cross-site scripting (XSS) vulnerability in the web interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2011-2543 (Buffer overflow in the cuil component in Cisco Telepresence System ...)
	NOT-FOR-US: Cisco
CVE-2011-2542
	RESERVED
CVE-2011-2541
	RESERVED
CVE-2011-2540
	RESERVED
CVE-2011-2539
	RESERVED
CVE-2011-2538
	RESERVED
	- plone3 <removed>
CVE-2011-2537
	RESERVED
CVE-2011-XXXX [unspecified security vulnerabilities from 4.3.7]
	- movabletype-opensource 4.3.7+dfsg-1 (bug #631437)
CVE-2011-2536 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.4.x ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.4~dfsg-1 (bug #632029)
CVE-2011-2534 (Buffer overflow in the clusterip_proc_write function in ...)
	- linux-2.6 2.6.32-34 (low)
CVE-2011-2533 (The configure script in D-Bus (aka DBus) 1.2.x before 1.2.28 allows ...)
	- dbus 1.3.2~git20100715.821f99c-1 (unimportant)
	NOTE: Compile-time only
CVE-2011-2532 (The json.decode function in util/json.lua in Prosody 0.8.x before ...)
	- prosody 0.8.1-1
	[squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2531 (Prosody 0.8.x before 0.8.1, when MySQL is used, assigns an incorrect ...)
	- prosody 0.8.1-1
	[squeeze] - prosody <no-dsa> (Minor issue)
CVE-2011-2530 (Buffer overflow in RSEds.dll in RSHWare.exe in the EDS Hardware ...)
	NOT-FOR-US: EDS Hardware Installation tool
CVE-2011-2535 (chan_iax2.c in the IAX2 channel driver in Asterisk Open Source 1.4.x ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.3-1 (bug #631448)
	[squeeze] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
CVE-2011-2529 (chan_sip.c in the SIP channel driver in Asterisk Open Source 1.6.x ...)
	{DSA-2276-2 DSA-2276-1}
	- asterisk 1:1.8.4.3-1 (bug #631446)
CVE-2011-2528 (Unspecified vulnerability in (1) Zope 2.12.x before 2.12.19 and 2.13.x ...)
	- plone3 <removed>
CVE-2011-2527 (The change_process_uid function in os-posix.c in Qemu 0.14.0 and ...)
	{DSA-2282-1}
	- qemu-kvm 0.14.1+dfsg-3 (bug #633669)
	- kvm <not-affected> (Vulnerable code not present)
CVE-2011-2526 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7 (bug #634992)
	- tomcat7 7.0.19-1 (bug #634992)
	- tomcat5.5 <removed> (bug #634992)
CVE-2011-2525 (The qdisc_notify function in net/sched/sch_api.c in the Linux kernel ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.35-1
CVE-2011-2524 (Directory traversal vulnerability in soup-uri.c in SoupServer in ...)
	{DSA-2369-1}
	- libsoup2.4 2.34.3-1 (bug #635837)
CVE-2011-2523
	RESERVED
	- vsftpd <not-affected> (backdoored version was never in the Debian archive)
CVE-2011-2522 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	{DSA-2290-1}
	- samba 2:3.5.10~dfsg-1 (low)
CVE-2011-2521 (The x86_assign_hw_event function in arch/x86/kernel/cpu/perf_event.c ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2520 (fw_dbus.py in system-config-firewall 1.2.29 and earlier uses the ...)
	NOT-FOR-US: system-config-firewall
CVE-2011-2519 (Xen in the Linux kernel, when running a guest on a host without ...)
	- xen-3 3.2.1-2
	NOTE: Possibly fixed earlier than 3.2.1-2, but that's the version in oldstable, which
	NOTE: was checked to contain http://xenbits.xen.org/hg/xen-3.1-testing.hg/rev/15644
	- xen <not-affected> (Only affects older Xen 3 releases)
CVE-2011-2518 (The tomoyo_mount_acl function in security/tomoyo/mount.c in the Linux ...)
	- linux-2.6 2.6.39-3 (low)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-2517 (Multiple buffer overflows in net/wireless/nl80211.c in the Linux ...)
	{DSA-2303-1}
	- linux-2.6 2.6.39-3 (unimportant)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: Requires CAP_NET_ADMIn to exploit
CVE-2011-2516 (Off-by-one error in the XML signature feature in Apache XML Security ...)
	{DSA-2277-1}
	- xml-security-c 1.6.1-1 (low; bug #632973)
CVE-2011-2515
	RESERVED
	- packagekit 0.6.17-1
CVE-2011-2514 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...)
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-2513 (The Java Network Launching Protocol (JNLP) implementation in IcedTea6 ...)
	- openjdk-6 6b21~pre1-1
	- icedtea-web 1.1.2-1
	NOTE: Browser plugin was removed in openjdk-6 6b21~pre1-1.
CVE-2011-2512 (The virtio_queue_notify in qemu-kvm 0.14.0 and earlier does not ...)
	{DSA-2270-1}
	- qemu-kvm 0.14.1+dfsg-2 (bug #631975)
	- kvm <removed>
	[lenny] - kvm <not-affected> (Vulnerability not present)
CVE-2011-2511 (Integer overflow in libvirt before 0.9.3 allows remote authenticated ...)
	{DSA-2280-1}
	- libvirt 0.9.2-7 (bug #633630)
CVE-2011-2510 (Cross-site scripting (XSS) vulnerability in the RSS embedding feature ...)
	- dokuwiki 0.0.20110525a-1 (low; bug #631818)
	[squeeze] - dokuwiki 0.0.20091225c-10+squeeze2
	[lenny] - dokuwiki 0.0.20080505-4+lenny3
CVE-2011-2509 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2011-2508 (Directory traversal vulnerability in libraries/display_tbl.lib.php in ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2507 (libraries/server_synchronize.lib.php in the Synchronize implementation ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1 (unimportant)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: neutralized by Suhosin patch
CVE-2011-2506 (setup/lib/ConfigGenerator.class.php in phpMyAdmin 3.x before 3.3.10.2 ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2505 (libraries/auth/swekey/swekey.auth.lib.php in the Swekey authentication ...)
	{DSA-2286-1}
	- phpmyadmin 4:3.4.3.1-1
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2011-2504 (Untrusted search path vulnerability in x11perfcomp in XFree86 x11perf ...)
	- x11-apps 7.7~1 (low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2011-2503 (The insert_module function in runtime/staprun/staprun_funcs.c in the ...)
	{DSA-2348-1}
	- systemtap 1.6-1 (bug #635542)
	[lenny] - systemtap <not-affected> (Signed modules not yet supported)
CVE-2011-2502 (runtime/staprun/staprun_funcs.c in the systemtap runtime tool ...)
	- systemtap 1.6-1 (bug #635542)
	[lenny] - systemtap <not-affected> (Affected option introduced in 1.4)
	[squeeze] - systemtap <not-affected> (Affected option introduced in 1.4)
CVE-2011-2501 (The png_format_buffer function in pngerror.c in libpng 1.0.x before ...)
	{DSA-2287-1}
	- libpng 1.2.44-3 (bug #632786)
CVE-2011-2500 (The host_reliable_addrinfo function in support/export/hostname.c in ...)
	- nfs-utils 1:1.2.4-1 (bug #633155)
	[lenny] - nfs-utils <not-affected> (Introduced in 1.2.3)
	[squeeze] - nfs-utils <not-affected> (Introduced in 1.2.3)
CVE-2011-2499
	RESERVED
	NOT-FOR-US: Mambo CMS
CVE-2011-2498
	RESERVED
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.36)
CVE-2011-2497 (Integer underflow in the l2cap_config_req function in ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-3
CVE-2011-2496 (Integer overflow in the vma_to_resize function in mm/mremap.c in the ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-1 (low)
CVE-2011-2495 (fs/proc/base.c in the Linux kernel before 2.6.39.4 does not properly ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1 (low)
CVE-2011-2494 (kernel/taskstats.c in the Linux kernel before 3.1 allows local users ...)
	- linux-2.6 3.0.0-5 (low)
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2493 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
	[lenny] - linux-2.6 <not-affected> (sbi->s_err-report didn't exist yet)
CVE-2011-2492 (The bluetooth subsystem in the Linux kernel before 3.0-rc4 does not ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1 (low)
CVE-2011-2491 (The Network Lock Manager (NLM) protocol implementation in the NFS ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 3.0.0-1
CVE-2011-2490 (opielogin.c in opielogin in OPIE 2.4.1-test1 and earlier does not ...)
	{DSA-2281-1}
	- opie <removed> (bug #631345)
CVE-2011-2489 (Multiple off-by-one errors in opiesu.c in opiesu in OPIE 2.4.1-test1 ...)
	{DSA-2281-1}
	- opie <removed> (bug #631344)
CVE-2011-2488 (Joomla! before 1.5.23 does not properly check for errors, which allows ...)
	NOT-FOR-US: Joomla
CVE-2011-2487
	RESERVED
	NOT-FOR-US: Apache CXF
CVE-2011-2486 (nspluginwrapper before 1.4.4 does not properly provide access to ...)
	- nspluginwrapper <unfixed> (bug #671846)
	[squeeze] - nspluginwrapper <no-dsa> (Contrib not supported)
CVE-2011-2485 (The gdk_pixbuf__gif_image_load function in gdk-pixbuf/io-gif.c in ...)
	- gdk-pixbuf 2.23.3-3.1 (bug #631524)
	[squeeze] - gdk-pixbuf <no-dsa> (Minor issue)
	[lenny] - gdk-pixbuf <no-dsa> (Minor issue)
CVE-2011-2484 (The add_del_listener function in kernel/taskstats.c in the Linux ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-3 (low)
CVE-2011-2483 (crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain ...)
	{DSA-2399-1 DSA-2340-1}
	- libcrypt-eksblowfish-perl <not-affected> (discovered and corrected in initial release in 2007)
	- php-suhosin <not-affected> (bug #631283; that portion is not used since PHP 5.3)
	[lenny] - php-suhosin <unfixed> (bug #631283)
	- postgresql-8.4 8.4.9-1 (bug #631285)
	- postgresql-9.0 9.0.5-1 (bug #631285)
	- postgresql-9.1 9.1~rc1-1
	- php5 5.3.6-13 (bug #631347)
	- libxcrypt 1:2.4-1.1 (bug #679628)
	[squeeze] - libxcrypt <no-dsa> (Minor issue)
	NOTE: http://openwall.com/lists/oss-security/2011/06/20/2
CVE-2011-2482 (A certain Red Hat patch to the sctp_sock_migrate function in ...)
	- linux-2.6 <not-affected> (RHEL-specific regression)
CVE-2011-2481 (Apache Tomcat 7.0.x before 7.0.17 permits web applications to replace ...)
	- tomcat7 7.0.19-1
CVE-2011-2480 [kfreebsd info disclosure]
	RESERVED
	- kfreebsd-9 9.0~svn223502-1 (bug #631160)
	- kfreebsd-8 8.2-3 (bug #631161)
	[squeeze] - kfreebsd-8 8.1+dfsg-8+squeeze1
	- kfreebsd-7 <removed>
CVE-2011-2479 (The Linux kernel before 2.6.39 does not properly create transparent ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.38)
CVE-2011-2478 (Google SketchUp before 8 does not properly handle edge geometry in ...)
	NOT-FOR-US: Google SketchUp
CVE-2011-2470 (Cross-site scripting (XSS) vulnerability in chat/base/admin/login.php ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2469
	RESERVED
CVE-2011-2467 (SQL injection vulnerability in lsassd in Lsass in the Likewise ...)
	NOT-FOR-US: Likewise
CVE-2011-2466
	RESERVED
CVE-2011-2465 (Unspecified vulnerability in ISC BIND 9 9.8.0, 9.8.0-P1, 9.8.0-P2, and ...)
	- bind9 1:9.8.1.dfsg.P1-1
	[squeeze] - bind9 <not-affected> (Only affects 9.8)
	[lenny] - bind9 <not-affected> (Only affects 9.8)
CVE-2011-2464 (Unspecified vulnerability in ISC BIND 9 9.6.x before 9.6-ESV-R4-P3, ...)
	{DSA-2272-1}
	- bind9 1:9.8.1.dfsg-1 (high)
CVE-2011-2463 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-2462 (Unspecified vulnerability in the U3D component in Adobe Reader and ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2011-2461 (Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and ...)
	NOT-FOR-US: Adobe Flex
CVE-2011-2460 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2459 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2458 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2457 (Stack-based buffer overflow in Adobe Flash Player before 10.3.183.11 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2456 (Buffer overflow in Adobe Flash Player before 10.3.183.11 and 11.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2455 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2454 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2453 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2452 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2451 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2450 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2449 (The TextXtra module in Adobe Shockwave Player before 11.6.3.633 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2448 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2447 (Adobe Shockwave Player before 11.6.3.633 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2446 (The DIRapi library in Adobe Shockwave Player before 11.6.3.633 allows ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2011-2445 (Adobe Flash Player before 10.3.183.11 and 11.x before 11.1.102.55 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2444 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2443 (Multiple buffer overflows in Adobe Photoshop Elements 8.0 and earlier ...)
	NOT-FOR-US: Adobe Photoshop Elements
CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2430 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2429 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2428 (Adobe Flash Player before 10.3.183.10 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2427 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2426 (Stack-based buffer overflow in the ActionScript Virtual Machine (AVM) ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2425 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2424 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2423 (msvcr90.dll in Adobe Shockwave Player before 11.6.1.629 allows remote ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2422 (Textra.x32 in Adobe Shockwave Player before 11.6.1.629 allows remote ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2421 (Dirapi.dll in Adobe Shockwave Player before 11.6.1.629 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2420 (Adobe Shockwave Player before 11.6.1.629 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2419 (IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2418
	REJECTED
CVE-2011-2417 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2416 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2415 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2414 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2413
	RESERVED
CVE-2011-2412 (Unspecified vulnerability in HP Business Service Automation (BSA) ...)
	NOT-FOR-US: HP Business Service Automation
CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x ...)
	NOT-FOR-US: HP NonStop Servers
CVE-2011-2410 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance ...)
	NOT-FOR-US: HP OpenView
CVE-2011-2409 (Cross-site scripting (XSS) vulnerability in the Calendar application ...)
	NOT-FOR-US: HP Palm webOS 3.x
CVE-2011-2408 (Cross-site scripting (XSS) vulnerability in the Contacts application ...)
	NOT-FOR-US: HP Palm webOS 3.x
CVE-2011-2407 (Unspecified vulnerability in HP OpenView Performance Insight 5.3, ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2011-2406 (Cross-site scripting (XSS) vulnerability in HP OpenView Performance ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2011-2405 (The HP ProLiant SL Advanced Power Manager (SL-APM) with firmware ...)
	NOT-FOR-US: HP ProLiant SL Advanced Power Manager
CVE-2011-2404 (A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care ...)
	NOT-FOR-US: HP Easy Printer Care Software
CVE-2011-2403 (SQL injection vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-2402 (Cross-site scripting (XSS) vulnerability in HP Network Automation ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-2401 (Session fixation vulnerability in HP SiteScope 9.x, 10.x, and 11.x ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-2400 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.x, 10.x, ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-2399 (Unspecified vulnerability in the Media Management Daemon (mmd) in HP ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-2398 (Unspecified vulnerability in the dynamic loader in HP HP-UX B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2011-2397 (The Agent service in Iron Mountain Connected Backup 8.4 allows remote ...)
	NOT-FOR-US: Iron Mountain Connected Backup
CVE-2011-2396
	RESERVED
CVE-2011-2394
	RESERVED
CVE-2011-2393 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	- kfreebsd-7 <removed> (low)
	- kfreebsd-8 <removed> (low)
	[squeeze] - kfreebsd-8 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-8 <no-dsa> (Minor issue)
	- kfreebsd-9 <removed> (low; bug #684072)
	[squeeze] - kfreebsd-9 <no-dsa> (Minor issue)
	[wheezy] - kfreebsd-9 <no-dsa> (Minor issue)
	- kfreebsd-10 <unfixed> (unimportant)
	[jessie] - kfreebsd-10 <no-dsa> (Minor issue)
	NOTE: http://www.mh-sec.de/downloads/mh-RA_flooding_CVE-2010-multiple.txt
	NOTE: Starting with stretch kfreebsd is no longer supported
CVE-2011-2392
	RESERVED
CVE-2011-2391 (The IPv6 implementation in the kernel in Apple iOS before 7 allows ...)
	NOT-FOR-US: Apple iOS
CVE-2011-2390
	RESERVED
CVE-2011-2389
	RESERVED
CVE-2011-2388
	RESERVED
CVE-2011-2387
	RESERVED
CVE-2011-2386 (VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey ...)
	NOT-FOR-US: VisiWave Site Survey
CVE-2011-2385 (The iPhoneHandle package 0.9.x before 0.9.7 and 1.0.x before 1.0.3 in ...)
	- otrs2 <not-affected> (does not include iPhoneHandle package)
CVE-2011-2384
	RESERVED
CVE-2011-2381 (CRLF injection vulnerability in Bugzilla 2.17.1 through 2.22.7, 3.0.x ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2380 (Bugzilla 2.23.3 through 2.22.7, 3.0.x through 3.3.x, 3.4.x before ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2379 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.4 through ...)
	{DSA-2322-1}
	- bugzilla <removed> (low)
	[squeeze] - bugzilla 3.6.2.0-4.4
CVE-2011-2378 (The appendChild function in Mozilla Firefox before 3.6.20, Thunderbird ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-13
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2377 (Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird ...)
	- xulrunner <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- iceweasel <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- iceape <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
	- icedove <not-affected> (Was already fixed as CVE-2010-1201 for Firefox < 3.6)
CVE-2011-2376 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2375 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox 5.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 5.0, not yet in unstable)
CVE-2011-2374 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	- iceweasel 3.5.19-3
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2373 (Use-after-free vulnerability in Mozilla Firefox before 3.6.18 and 4.x ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2372 (Mozilla Firefox before 3.6.23 and 4.x through 6, Thunderbird before ...)
	{DSA-2317-1 DSA-2313-1 DSA-2312-1}
	- icedove 3.1.15-1
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	- iceweasel 7.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-8
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2371 (Integer overflow in the Array.reduceRight method in Mozilla Firefox ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2370 (Mozilla Firefox before 5.0 does not properly enforce the whitelist for ...)
	- xulrunner <not-affected> (Only affects Firefox 4.x and above)
	- iceweasel 5.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[squeeze] - iceweasel <not-affected> (Only affects Firefox 4.x and above)
	- iceape <not-affected> (Only affects Firefox 4.x and above)
	- icedove <not-affected> (Only affects Firefox 4.x and above)
CVE-2011-2369 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 4.x ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2368 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2367 (The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2366 (Mozilla Gecko before 5.0, as used in Firefox before 5.0 and ...)
	- xulrunner <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox >= 4.0, not yet in unstable)
CVE-2011-2365 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.19-3
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
CVE-2011-2364 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	- xulrunner <not-affected> (Only affects Firefox >= 3.6)
	- iceweasel <not-affected> (Only affects Firefox >= 3.6)
	- iceape <not-affected> (Only affects Firefox >= 3.6)
	- icedove <not-affected> (Only affects Firefox >= 3.6)
CVE-2011-2363 (Use-after-free vulnerability in the nsSVGPointList::AppendElement ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2362 (Mozilla Firefox before 3.6.18, Thunderbird before 3.1.11, and ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-2361 (The Basic Authentication dialog implementation in Google Chrome before ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2360 (Google Chrome before 13.0.782.107 does not ensure that the user is ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2359 (Google Chrome before 13.0.782.107 does not properly track line boxes ...)
	{DSA-2307-1}
	- chromium-browser 13.0.782.107~r94237-1
	NOTE: http://trac.webkit.org/changeset/90068
CVE-2011-2358 (Google Chrome before 13.0.782.107 does not ensure that extension ...)
	- chromium-browser 13.0.782.107~r94237-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-2357 (Cross-application scripting vulnerability in the Browser URL loading ...)
	NOT-FOR-US: Android
CVE-2011-2356 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2355
	RESERVED
CVE-2011-2354 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2353
	RESERVED
CVE-2011-2352 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2351 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88584
	NOTE: http://trac.webkit.org/changeset/88549
CVE-2011-2350 (The HTML parser in Google Chrome before 12.0.742.112 does not properly ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88411
	NOTE: http://trac.webkit.org/changeset/88434
CVE-2011-2349 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88456
CVE-2011-2348 (Google V8, as used in Google Chrome before 12.0.742.112, performs an ...)
	- libv8 3.4.14-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: Fixed in V8 bleeding edge r8230, 3.2.10.17 and 3.3.10.9.
CVE-2011-2347 (Google Chrome before 12.0.742.112 does not properly handle Cascading ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88448
CVE-2011-2346 (Use-after-free vulnerability in Google Chrome before 12.0.742.112 ...)
	- chromium-browser 12.0.742.112~r90304-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: introduced in http://trac.webkit.org/changeset/77740
	NOTE: http://trac.webkit.org/changeset/87827
CVE-2011-2345 (The NPAPI implementation in Google Chrome before 12.0.742.112 does not ...)
	- chromium-browser <not-affected> (linux version is not affected)
	- webkit <not-affected>
CVE-2011-2344 (Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext ...)
	NOT-FOR-US: Android SDK
CVE-2011-2343
	RESERVED
CVE-2011-2341 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2340
	RESERVED
CVE-2011-2339 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2338 (WebKit, as used in Apple iTunes before 10.5, allows man-in-the-middle ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-2337
	RESERVED
CVE-2011-2336
	RESERVED
CVE-2011-2335
	RESERVED
CVE-2011-2334
	RESERVED
CVE-2011-2333
	RESERVED
CVE-2011-2329 (The rampart_timestamp_token_validate function in ...)
	- rampart 1.3.0-3 (low; bug #631221)
	[squeeze] - rampart <no-dsa> (Minor issue)
CVE-2011-2327 (Unspecified vulnerability in the Oracle Communications Unified ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2326 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2325 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2324 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2323 (Unspecified vulnerability in the Health Sciences - Oracle Thesaurus ...)
	NOT-FOR-US: Oracle Thesaurus Management System
CVE-2011-2322 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2321 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2320 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2319 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2318 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2317 (Unspecified vulnerability in the EnterpriseOne Tools component in ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-2316 (Unspecified vulnerability in the Siebel Apps - Marketing component in ...)
	NOT-FOR-US: Oracle Siebel
CVE-2011-2315 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft Enterprise
CVE-2011-2314 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2313 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2312 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2311 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2310 (Unspecified vulnerability in the Oracle Waveset component in Oracle ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2309 (Unspecified vulnerability in the Health Sciences - Oracle Clinical, ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2011-2308 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2307 (Unspecified vulnerability in Oracle SysFW 8.1.0.a in various Oracle ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2306 (Unspecified vulnerability in Oracle Linux 4 and 5 allows remote ...)
	NOT-FOR-US: Oracle Linux-specific feature
CVE-2011-2305 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...)
	- virtualbox-ose <not-affected> (Only affects 4.x)
	- virtualbox 4.0.10-dfsg-1
CVE-2011-2304 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2303 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2302 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2301 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2011-2300 (Unspecified vulnerability in Oracle VM VirtualBox 3.0, 3.1, 3.2, and ...)
	- virtualbox-guest-additions-iso 4.0.10-1 (bug #635276)
	[squeeze] - virtualbox-guest-additions <no-dsa> (Non-free not supported)
CVE-2011-2299 (Unspecified vulnerability in Oracle SPARC Enterprise M3000, M4000, ...)
	NOT-FOR-US: Oracle SPARC Enterprise
CVE-2011-2298 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2297 (Unspecified vulnerability in Oracle Solaris Cluster 3.3 allows local ...)
	NOT-FOR-US: Oracle Solaris Cluster
CVE-2011-2296 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2295 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2294 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2293 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2292 (Unspecified vulnerability in Oracle Solaris 9 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2291 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2290 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2289 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2288 (Unspecified vulnerability in Sun Integrated Lights Out Manager (ILOM) ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2287 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2286 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2285 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2284 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2283 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2282 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2281 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2280 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2279 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2278 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2277 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2276
	REJECTED
CVE-2011-2275 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2274 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2273 (Unspecified vulnerability in the Agile Core Technology component in ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2011-2272 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2271 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2270
	REJECTED
CVE-2011-2269
	REJECTED
CVE-2011-2268
	REJECTED
CVE-2011-2267 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2266
	REJECTED
CVE-2011-2265
	REJECTED
CVE-2011-2264 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2263 (Unspecified vulnerability in Sun Integrated Lights Out Manager in ...)
	NOT-FOR-US: Oracle SysFW
CVE-2011-2262 (Unspecified vulnerability in the MySQL Server component in Oracle ...)
	{DSA-2429-1}
	- mysql-5.1 5.1.61-2 (bug #659687)
CVE-2011-2261 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2260 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2259 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2258 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2257 (Unspecified vulnerability in the Database Target Type Menus component ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2256
	REJECTED
CVE-2011-2255 (Unspecified vulnerability in the Oracle WebLogic Portal component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-2254
	REJECTED
CVE-2011-2253 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2252 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2251 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2011-2250 (Unspecified vulnerability in the PeopleSoft Enterprise FIN component ...)
	NOT-FOR-US: Oracle PeopleSoft Products
CVE-2011-2249 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-2248 (Unspecified vulnerability in the SQL Performance Advisories/UIs ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2247
	REJECTED
CVE-2011-2246 (Unspecified vulnerability in the Business Intelligence component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-2245 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-2244 (Unspecified vulnerability in the Security Framework component in ...)
	NOT-FOR-US: Oracle Database Server and Enterprise Manager Grid Control
CVE-2011-2243 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2242 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2241 (Unspecified vulnerability in the Oracle Business Intelligence ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-2240 (Unspecified vulnerability in the Oracle Universal Installer component ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2239 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2238 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2237 (Unspecified vulnerability in the Oracle Web Services Manager component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2011-2236
	REJECTED
CVE-2011-2235
	REJECTED
CVE-2011-2234
	REJECTED
CVE-2011-2233
	REJECTED
CVE-2011-2232 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2231 (Unspecified vulnerability in the XML Developer Kit component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2230 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-2229
	REJECTED
CVE-2011-2228
	REJECTED
CVE-2011-2227 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2011-2226 (Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2225 (Unspecified vulnerability in Kiwi before 3.74.2, as used in SUSE ...)
	NOT-FOR-US: Kiwi, SUSE Studio
CVE-2011-2224 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2223 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2222 (Session fixation vulnerability in WebAdmin in the Mobility Pack before ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2221 (The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through ...)
	NOT-FOR-US: Novell Data Synchronizer
CVE-2011-2220 (Stack-based buffer overflow in NFREngine.exe in Novell File Reporter ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-2219 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2218 (Unspecified vulnerability in GroupWise Internet Agent (GWIA) in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-2217 (Certain ActiveX controls in (1) tsgetxu71ex552.dll and (2) ...)
	NOT-FOR-US: VMware
CVE-2011-2213 (The inet_diag_bc_audit function in net/ipv4/inet_diag.c in the Linux ...)
	{DSA-2389-1 DSA-2310-1}
	- linux-2.6 2.6.39-3
	[squeeze] - linux-2.6 2.6.32-36
CVE-2011-2212 (Buffer overflow in the virtio subsystem in qemu-kvm 0.14.0 and earlier ...)
	{DSA-2282-1}
	- qemu-kvm 0.14.1+dfsg-3 (bug #632987)
	- kvm <removed>
CVE-2011-2207
	RESERVED
	- dirmngr <unfixed> (unimportant; bug #627377)
	NOTE: Negligable impact
CVE-2011-2206 (XMLParser.pm in DJabberd before 0.85 allows remote authenticated users ...)
	NOT-FOR-US: Djabberd
CVE-2011-2205 (Prosody before 0.8.1 does not properly detect recursion during entity ...)
	- prosody 0.7.0-1 (low; bug #579087)
	[squeeze] - prosody <no-dsa> (Minor issue)
	[lenny] - prosody <no-dsa> (Minor issue)
CVE-2011-2204 (Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before ...)
	{DSA-2401-1}
	- tomcat5.5 <removed> (low; bug #632882)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.32-5 (low; bug #632882)
	[lenny] - tomcat6 <no-dsa> (Minor issue)
	[squeeze] - tomcat6 <no-dsa> (Minor issue)
	- tomcat7 7.0.16-3 (low; bug #632882)
CVE-2011-2201 (The Data::FormValidator module 4.66 and earlier for Perl, when ...)
	- libdata-formvalidator-perl 4.66-3 (low; bug #629511)
	[lenny] - libdata-formvalidator-perl <no-dsa> (Minor issue)
	[squeeze] - libdata-formvalidator-perl 4.66-1+squeeze1
CVE-2011-2200 (The _dbus_header_byteswap function in dbus-marshal-header.c in D-Bus ...)
	- dbus 1.4.12-1 (low; bug #629938)
	[squeeze] - dbus 1.2.24-4+squeeze1
	[lenny] - dbus <no-dsa> (Minor issue)
CVE-2011-2197 (The cross-site scripting (XSS) prevention feature in Ruby on Rails 2.x ...)
	- rails <not-affected> (Affected plugin not installed, see bug #634990)
CVE-2011-2196 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as ...)
	NOT-FOR-US: JBoss Seam
CVE-2011-2195
	RESERVED
CVE-2011-2193 (Multiple buffer overflows in Terascale Open-Source Resource and Queue ...)
	{DSA-2329-1}
	- torque 2.4.15+dfsg-1 (bug #635342)
CVE-2011-2192 (The Curl_input_negotiate function in http_negotiate.c in libcurl ...)
	{DSA-2271-1}
	- curl 7.21.6-2 (high; bug #631615)
CVE-2011-2191 (Cross-site request forgery (CSRF) vulnerability in Cherokee-admin in ...)
	- cherokee <removed> (low; bug #661993)
	[squeeze] - cherokee <no-dsa> (Minor issue)
CVE-2011-2189 (net/core/net_namespace.c in the Linux kernel 2.6.32 and earlier does ...)
	- linux-2.6 2.6.35-1 (low)
	[lenny] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
	[squeeze] - linux-2.6 <no-dsa> (attacker needs elevated CAP_SYS_ADMIN privileges to abuse this)
	- vsftpd 2.3.4-1 (bug #629373)
	[squeeze] - vsftpd 2.3.2-3+squeeze2
	[lenny] - vsftpd 2.0.7-1+lenny1
	NOTE: this is technically a kernel bug. however this has been workarounded specifically
	NOTE: for vsftpd by adding a kernel check before using this feature, see DSA-2304-1
	NOTE: for details
CVE-2011-2187
	RESERVED
	- xscreensaver 5.14-1 (bug #627382)
	[squeeze] - xscreensaver <not-affected> (introduced in 5.13)
CVE-2011-2186
	RESERVED
	NOTE: Disputed gitweb non-issue: https://bugzilla.redhat.com/show_bug.cgi?id=713298
CVE-2011-2181 (Multiple SQL injection vulnerabilities in A Really Simple Chat (ARSC) ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2180 (Cross-site scripting (XSS) vulnerability in dereferer.php in A Really ...)
	NOT-FOR-US: A Really Simple Chat
CVE-2011-2177
	RESERVED
	NOT-FOR-US: Claimed older OpenOffice vulnerability, which was never disclosed
CVE-2011-2176 (GNOME NetworkManager before 0.8.6 does not properly enforce the ...)
	- network-manager 0.9.0-1 (low; bug #631520)
	[squeeze] - network-manager <no-dsa> (Minor issue)
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e7273c1609ac267e1d77ff03c97c8929f15e3737
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=287fe10c40ae9b90ce703b79f3479b755f0956c0
	NOTE: http://cgit.freedesktop.org/NetworkManager/NetworkManager/commit/?h=id=e5085f950730b1e2e68645231e2042127c29a82e
CVE-2011-2167 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the chroot ...)
	- dovecot 1:2.0.13-1 (low)
	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
	[lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2011-2166 (script-login in Dovecot 2.0.x before 2.0.13 does not follow the user ...)
	- dovecot 1:2.0.13-1 (low)
	[squeeze] - dovecot <not-affected> (Vulnerable script not present)
	[lenny] - dovecot <not-affected> (Vulnerable script not present)
CVE-2010-4805 (The socket implementation in net/core/sock.c in the Linux kernel ...)
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-48
CVE-2009-5077 (CRE Loaded before 6.2.14 allows remote attackers to bypass ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-5076 (CRE Loaded before 6.2.14, and possibly other versions before 6.3.x, ...)
	NOT-FOR-US: CRE Loaded
CVE-2011-2477 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...)
	- icinga 1.4.1-1
	[squeeze] - icinga <no-dsa> (Minor issue)
	- nagios3 3.4.1-1
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	NOTE: Nagios might be fixed earlier than 3.4.1, checked the Wheezy version
CVE-2011-2476 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-2208 (Integer signedness error in the osf_getdomainname function in ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2209 (Integer signedness error in the osf_sysinfo function in ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2210 (The osf_getsysinfo function in arch/alpha/kernel/osf_sys.c in the ...)
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2211 (The osf_wait4 function in arch/alpha/kernel/osf_sys.c in the Linux ...)
	{DSA-2310-1}
	- linux-2.6 2.6.32-1
	NOTE: Support for Alpha was dropped with Squeeze, so marking 2.6.32 as fixed
CVE-2011-2203 (The hfs_find_init function in the Linux kernel 2.6 allows local users ...)
	- linux-2.6 3.1.1-1
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-2202 (The rfc1867_post_handler function in main/rfc1867.c in PHP before ...)
	{DSA-2266-1}
	- php5 5.3.6-12
CVE-2011-2199 (Buffer overflow in tftp-hpa before 5.1 allows remote attackers to ...)
	- tftp-hpa 5.1-1 (low)
	[squeeze] - tftp-hpa <no-dsa> (Minor issue)
	NOTE: http://git.kernel.org/?p=network/tftp/tftp-hpa.git;a=commitdiff;h=f3035c45bc50bb5cac87ca01e7ef6a12485184f8
CVE-2011-2198 (The &quot;insert-blank-characters&quot; capability in caps.c in gnome-terminal ...)
	- vte 1:0.28.1-1 (low; bug #629688)
	[lenny] - vte <no-dsa> (Minor issue)
	[squeeze] - vte 1:0.24.3-3
CVE-2011-2185 (Fabric before 1.1.0 allows local users to overwrite arbitrary files ...)
	- fabric 1.1.2-1 (low; bug #629003)
	[squeeze] - fabric <no-dsa> (Minor issue)
CVE-2011-2475 (Format string vulnerability in ECTrace.dll in the iMailGateway service ...)
	NOT-FOR-US: Sybase OneBridge Mobile Data Suite
CVE-2011-2474 (Directory traversal vulnerability in the HTTP Server in Sybase ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-2473 (The do_dump_data function in utils/opcontrol in OProfile 0.9.6 and ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2472 (Directory traversal vulnerability in utils/opcontrol in OProfile 0.9.6 ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2471 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users ...)
	- oprofile 0.9.6-1.1+squeeze2 (bug #630084)
CVE-2011-2468 (Directory traversal vulnerability in the web interface in AnyMacro ...)
	NOT-FOR-US: AnyMacro Mail System G4X
CVE-2011-2395 (The Neighbor Discovery (ND) protocol implementation in Cisco IOS on ...)
	NOT-FOR-US: Cisco
CVE-2011-2383 (Microsoft Internet Explorer 9 and earlier does not properly restrict ...)
	NOT-FOR-US: Microsoft
CVE-2011-2342 (The DOM implementation in Google Chrome before 12.0.742.91 allows ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/88071
CVE-2011-2382 (Microsoft Internet Explorer 8 and earlier, and Internet Explorer 9 ...)
	NOT-FOR-US: Microsoft
CVE-2011-2332 (Google V8, as used in Google Chrome before 12.0.742.91, allows remote ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	- libv8 3.4.14-1
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	NOTE: execScript removed in libv8 3.2 branch
CVE-2011-2194 (Integer overflow in the XSPF playlist parser in VideoLAN VLC media ...)
	{DSA-2257-1}
	- vlc 1.1.10-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://repo.or.cz/w/vlc.git/commitdiff/cd929923ff49175a501bb3e9553a683bc42ff61c
CVE-2011-2190 (The generate_admin_password function in Cherokee before 1.2.99 uses ...)
	- cherokee 1.0.14-1 (low; bug #647205)
	[squeeze] - cherokee 1.0.8-5+squeeze1
	[lenny] - cherokee <no-dsa> (Minor issue)
	NOTE: http://code.google.com/p/cherokee/issues/detail?id=1212
CVE-2011-2188 (LuaExpat before 1.2.0 does not properly detect recursion during entity ...)
	- lua-expat 1.2.0-1 (low; bug #629225)
	[squeeze] - lua-expat 1.2.0-0squeeze1
	[lenny] - lua-expat <no-dsa> (Minor issue)
CVE-2011-2184 (The key_replace_session_keyring function in ...)
	- linux-2.6 2.6.39-2
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.39)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.39)
CVE-2011-2183 (Race condition in the scan_get_next_rmap_item function in mm/ksm.c in ...)
	{DSA-2389-1}
	- linux-2.6 2.6.39-3 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
	[squeeze] - linux-2.6 2.6.32-36
CVE-2005-4890 [login: tty hijacking possible in "su" via TIOCSTI ioctl]
	RESERVED
	- shadow 1:4.1.5-1 (low; bug #628843)
	[squeeze] - shadow <no-dsa> (Minor issue)
	[lenny] - shadow <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=173008
	- sudo 1.7.4p4 (low; bug #657784)
	NOTE: sudo might be fixed earlier, use_pty present in stable
CVE-2011-2331 (Integer overflow in img.exe in HP Intelligent Management Center (IMC) ...)
	NOT-FOR-US: HP Intelligent Management Center (IMC)
CVE-2011-2330 (Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, ...)
	NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-2328 (Buffer overflow in HP LoadRunner allows remote attackers to cause a ...)
	NOT-FOR-US: HP LoadRunner
CVE-2011-2215 (Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before ...)
	NOT-FOR-US: WalRack
CVE-2011-2214 (Unspecified vulnerability in the Open Database Connectivity (ODBC) ...)
	NOT-FOR-US: 7T Interactive Graphical SCADA System
CVE-2011-2175 (Integer underflow in the visual_read function in wiretap/visual.c in ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant; bug #630159)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-2174 (Double free vulnerability in the tvb_uncompress function in ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (bug #630159)
CVE-2011-2173 (The implementation of OutputMediator objects in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2172 (Cross-site scripting (XSS) vulnerability in the search center in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-2171 (Unspecified vulnerability in the dbugs package in Google Chrome OS ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2170 (Google Chrome OS before R12 0.12.433.38 Beta, when Guest mode is ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2169 (Google Chrome OS before R12 0.12.433.38 Beta allows local users to ...)
	NOT-FOR-US: Google Chrome OS
CVE-2011-2168 (Multiple integer overflows in the glob implementation in libc in ...)
	NOT-FOR-US: OpenBSD
CVE-2011-2165 (The STARTTLS implementation in WatchGuard XCS 9.0 and 9.1 does not ...)
	NOT-FOR-US: WatchGuard XCS
CVE-2010-4807 (Race condition in IBM Web Content Manager (WCM) 7.0.0.1 before CF003 ...)
	NOT-FOR-US: IBM Web Content Manager
CVE-2010-4806 (The authoring tool in IBM Web Content Manager (WCM) 6.1.5, and 7.0.0.1 ...)
	NOT-FOR-US: IBM Web Content Manager
CVE-2011-2182 (The ldm_frag_add function in fs/partitions/ldm.c in the Linux kernel ...)
	{DSA-2264-1}
	- linux-2.6 2.6.39-2
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-2179 (Multiple cross-site scripting (XSS) vulnerabilities in config.c in ...)
	- nagios3 3.2.3-3 (bug #629127)
	[lenny] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
	[squeeze] - nagios3 <not-affected> (Affected feature got introduced in 3.2.2)
	- icinga 1.4.1-1 (bug #629131)
	[squeeze] - icinga <not-affected> (Affected feature got introduced in 1.3.1)
	[lenny] - icinga <not-affected> (Affected feature got introduced in 1.3.1)
	NOTE: http://tracker.nagios.org/view.php?id=224
CVE-2011-2178 (The virSecurityManagerGetPrivateData function in ...)
	- libvirt 0.9.1-2 (bug #629128)
	[squeeze] - libvirt <not-affected> (Introduced in 0.8.8)
	[lenny] - libvirt <not-affected> (Introduced in 0.8.8)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=709769
	NOTE: https://www.redhat.com/archives/libvir-list/2011-May/msg01935.html
CVE-2011-2216 (reqresp_parser.c in the SIP channel driver in Asterisk Open Source ...)
	- asterisk 1:1.8.4.2-1 (bug #629130)
	[lenny] - asterisk <not-affected> (Only affects 1.8)
	[squeeze] - asterisk <not-affected> (Only affects 1.8)
	NOTE: http://downloads.digium.com/pub/security/AST-2011-007.html
CVE-2011-XXXX [unspecified security vulnerabilities]
	- movabletype-opensource 4.3.6+dfsg-1 (bug #627936)
	[squeeze] - movabletype-opensource 4.3.5+dfsg-2+squeeze2
	[lenny] - movabletype-opensource 4.2.3-1+lenny3
CVE-2011-2164 (Multiple unspecified vulnerabilities in Adobe Photoshop before 12.0.4 ...)
	NOT-FOR-US: Photoshop
CVE-2011-2163 (Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM ...)
	NOT-FOR-US: IBM Systems Director
CVE-2011-2162 (Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: duplicate of CVE-2011-1198
CVE-2011-2161 (The ape_read_header function in ape.c in libavformat in FFmpeg before ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=1c31b26b
CVE-2011-2160 (The VC-1 decoding functionality in FFmpeg before 0.5.4, as used in ...)
	{DSA-2306-1}
	- libav 4:0.6-1 (bug #628448)
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
	NOTE: duplicate of CVE-2011-0723
	NOTE: http://git.videolan.org/?p=ffmpeg.git;a=commitdiff;h=8069e2f6
CVE-2011-2159 (The SmarterTools SmarterStats 6.0 web server omits the Content-Type ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2158 (The SmarterTools SmarterStats 6.0 web server sends incorrect ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2157 (The (1) Admin/frmEmailReportSettings.aspx and (2) ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2156 (The SmarterTools SmarterStats 6.0 web server allows remote attackers ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2155 (Login.aspx in the SmarterTools SmarterStats 6.0 web server generates a ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2154 (login.aspx in the SmarterTools SmarterStats 6.0 web server does not ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2153 (Login.aspx in the SmarterTools SmarterStats 6.0 web server supports ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2152 (The SmarterTools SmarterStats 6.0 web server generates web pages ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2151 (The (1) Admin/frmEmailReportSettings.aspx, (2) ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2150 (The SmarterTools SmarterStats 6.0 web server does not properly ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2149 (Multiple SQL injection vulnerabilities in the SmarterTools ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2148 (Admin/frmSite.aspx in the SmarterTools SmarterStats 6.0 web server ...)
	NOT-FOR-US: SmarterStats
CVE-2011-2147 (Openswan 2.2.x does not properly restrict permissions for (1) ...)
	- openswan <not-affected> (In Debian no starter.pid is ever written and the subsys entry gets created with -rw-r--r-- permissions, bug #628449)
CVE-2011-2146 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631507)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-2145 (mount.vmhgfs in the VMware Host Guest File System (HGFS) in VMware ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631508)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2009-5075 (Monkey's Audio before 4.02 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Monkey's Audio
CVE-2006-7245 (Monkey's Audio before 4.01b2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Monkey's Audio
CVE-2011-2144 (The eDocument Conversion Actions implementation in IBM Datacap ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2143 (IBM Datacap Taskmaster Capture 8.0.1 before FP1, when Windows ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2142 (The Web Client Service in IBM Datacap Taskmaster Capture 8.0.1 before ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2141 (SQL injection vulnerability in TMWeb in IBM Datacap Taskmaster Capture ...)
	NOT-FOR-US: IBM Datacap Taskmaster Capture
CVE-2011-2140 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2139 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2138 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2137 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2136 (Integer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2135 (Adobe Flash Player before 10.3.183.5 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2134 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2133 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 8 and 9 ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2011-2132 (Adobe Flash Media Server (FMS) before 3.5.7, and 4.x before 4.0.3, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2011-2131 (Adobe Photoshop 12.0 in Creative Suite 5 (CS5) and 12.1 in Creative ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2011-2130 (Buffer overflow in Adobe Flash Player before 10.3.183.5 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2129
	REJECTED
CVE-2011-2128 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2127 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2126 (Buffer overflow in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2125 (Buffer overflow in Dirapix.dll in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2124 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2123 (Integer overflow in the Shockwave 3D Asset x32 component in Adobe ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2122 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2121 (Integer overflow in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2120 (Integer overflow in the CursorAsset x32 component in Adobe Shockwave ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2119 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2118 (The FLV ASSET Xtra component in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2117 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2116 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2115 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2114 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2113 (Multiple buffer overflows in the Shockwave3DAsset component in Adobe ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2112 (Multiple buffer overflows in IML32.dll in Adobe Shockwave Player ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2111 (IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2110 (Adobe Flash Player before 10.3.181.26 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2109 (Multiple integer overflows in Dirapi.dll in Adobe Shockwave Player ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2108 (Adobe Shockwave Player before 11.6.0.626 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-2107 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-2106 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2105 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2104 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2103 (Adobe Reader and Acrobat 8.x before 8.3 on Windows and Mac OS X allow ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2102 (Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2101 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2100 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2099 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2098 (Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2097 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2096 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2095 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2094 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3, 9.x before ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-2093 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and ...)
	NOT-FOR-US: Adobe LiveCycle Data Services
CVE-2011-2092 (Adobe LiveCycle Data Services 3.1 and earlier, LiveCycle 9.0.0.2 and ...)
	NOT-FOR-US: Adobe LiveCycle Data Services
CVE-2011-2091 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, 9.0, and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-2090
	RESERVED
CVE-2011-2089 (Stack-based buffer overflow in the SetActiveXGUID method in the ...)
	NOT-FOR-US: ICONICS BizViz, GENESIS32
CVE-2011-2088 (XWork 2.2.1 in Apache Struts 2.2.1, and OpenSymphony XWork in ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2011-2087 (Multiple cross-site scripting (XSS) vulnerabilities in component ...)
	- libstruts1.2-java <not-affected> (struts 2 issue)
CVE-2011-2086
	RESERVED
CVE-2011-2085 (Multiple cross-site request forgery (CSRF) vulnerabilities in Best ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2084 (Best Practical Solutions RT 3.x before 3.8.12 and 4.x before 4.0.6 ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2083 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2082 (The vulnerable-passwords script in Best Practical Solutions RT 3.x ...)
	{DSA-2480-1}
	- request-tracker4 4.0.5-3
CVE-2011-2081 (MediaCAST 8 and earlier does not properly handle requests for ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2080 (Multiple SQL injection vulnerabilities in MediaCAST 8 and earlier ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2079 (MediaCAST 8 and earlier allows remote attackers to have an unspecified ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2078 (Multiple cross-site scripting (XSS) vulnerabilities in the New Atlanta ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2011-2077 (The default configuration of the New Atlanta BlueDragon administrative ...)
	NOT-FOR-US: New Atlanta BlueDragon
CVE-2011-2076 (MediaCAST 8 and earlier stores passwords in cleartext, which makes it ...)
	NOT-FOR-US: MediaCAST
CVE-2011-2075 (Unspecified vulnerability in Google Chrome 11.0.696.65 on Windows 7 ...)
	NOT-FOR-US: Historical Chrome issue on Windows
CVE-2011-2074 (Unspecified vulnerability in the client in Skype 5.x before 5.1.0.922 ...)
	NOT-FOR-US: Skype
CVE-2011-2073
	RESERVED
CVE-2011-2072 (Memory leak in Cisco IOS 12.4, 15.0, and 15.1, Cisco IOS XE 2.5.x ...)
	NOT-FOR-US: Cisco
CVE-2011-2071
	RESERVED
CVE-2011-2070
	RESERVED
CVE-2011-2069
	RESERVED
CVE-2011-2068
	RESERVED
CVE-2011-2067
	RESERVED
CVE-2011-2066
	RESERVED
CVE-2011-2065
	RESERVED
CVE-2011-2064 (Cisco IOS 12.4MDA before 12.4(24)MDA5 on the Cisco Content Services ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2063
	RESERVED
CVE-2011-2062
	RESERVED
CVE-2011-2061
	RESERVED
CVE-2011-2060 (The platform-sw component on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2011-2059 (The ipv6 component in Cisco IOS before 15.1(4)M1.3 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2058 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2057 (The cat6000-dot1x component in Cisco IOS 12.2 before 12.2(33)SXI7 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-2056
	RESERVED
CVE-2011-2055
	RESERVED
CVE-2011-2054
	RESERVED
	NOT-FOR-US: ** REJECT ** CVE-2011-2054 misused as CVE-2011-2524
CVE-2011-2053
	RESERVED
CVE-2011-2052
	RESERVED
CVE-2011-2051
	RESERVED
CVE-2011-2050
	RESERVED
CVE-2011-2049
	RESERVED
CVE-2011-2048
	RESERVED
CVE-2011-2047
	RESERVED
CVE-2011-2046
	RESERVED
CVE-2011-2045
	RESERVED
CVE-2011-2044
	RESERVED
CVE-2011-2043
	RESERVED
CVE-2011-2042 (The Sybase SQL Anywhere database component in Cisco CiscoWorks Common ...)
	NOT-FOR-US: Cisco CiscoWorks
CVE-2011-2041 (The Start Before Logon (SBL) functionality in Cisco AnyConnect Secure ...)
	NOT-FOR-US: Cisco
CVE-2011-2040 (The helper application in Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2011-2039 (The helper application in Cisco AnyConnect Secure Mobility Client ...)
	NOT-FOR-US: Cisco
CVE-2011-2038
	RESERVED
CVE-2011-2037
	RESERVED
CVE-2011-2036
	RESERVED
CVE-2011-2035
	RESERVED
CVE-2011-2034
	RESERVED
CVE-2011-2033
	RESERVED
CVE-2011-2032
	RESERVED
CVE-2011-2031
	RESERVED
CVE-2011-2030
	RESERVED
CVE-2011-2029
	RESERVED
CVE-2011-2028
	RESERVED
CVE-2011-2027
	RESERVED
CVE-2011-2026
	RESERVED
CVE-2011-2025
	RESERVED
CVE-2011-2024 (Cisco Network Registrar before 7.2 has a default administrative ...)
	NOT-FOR-US: Cisco
CVE-2011-2023 (Cross-site scripting (XSS) vulnerability in functions/mime.php in ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1
CVE-2011-2022 (The agp_generic_remove_memory function in drivers/char/agp/generic.c ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-2021 (Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 ...)
	NOT-FOR-US: TIBCO iProcess Engine
CVE-2011-2020 (Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine ...)
	NOT-FOR-US: TIBCO iProcess Engine
CVE-2011-2019 (Untrusted search path vulnerability in Microsoft Internet Explorer 9 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2018 (The kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2011-2017
	REJECTED
CVE-2011-2016 (Untrusted search path vulnerability in Windows Mail and Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2015
	REJECTED
CVE-2011-2014 (The LDAP over SSL (aka LDAPS) implementation in Active Directory, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2013 (Integer overflow in the TCP/IP implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2012 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-2011 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2010 (The Microsoft Office Input Method Editor (IME) for Simplified Chinese ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-2009 (Untrusted search path vulnerability in Windows Media Center in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2008 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and ...)
	NOT-FOR-US: Microsoft Host Integration Server
CVE-2011-2007 (Microsoft Host Integration Server (HIS) 2004 SP1, 2006 SP1, 2009, and ...)
	NOT-FOR-US: Microsoft Host Integration Server
CVE-2011-2006
	REJECTED
CVE-2011-2005 (afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2004 (Array index error in win32k.sys in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2003 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2002 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-2001 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-2000 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1999 (Microsoft Internet Explorer 8 does not properly allocate and access ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1998 (Microsoft Internet Explorer 9 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1997 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1996 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1995 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1994
	REJECTED
CVE-2011-1993 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1992 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1991 (Multiple untrusted search path vulnerabilities in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1990 (Microsoft Excel 2007 SP2; Excel in Office 2007 SP2; Excel Viewer SP2; ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1989 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1988 (Microsoft Excel 2003 SP3 and 2007 SP2; Excel in Office 2007 SP2; ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1987 (Array index error in Microsoft Excel 2003 SP3 and 2007 SP2; Excel in ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1986 (Use-after-free vulnerability in Microsoft Excel 2003 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-1985 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1984 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1983 (Use-after-free vulnerability in Microsoft Office 2007 SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1982 (Microsoft Office 2007 SP2, and 2010 Gold and SP1, does not initialize ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1981
	REJECTED
CVE-2011-1980 (Untrusted search path vulnerability in Microsoft Office 2003 SP3 and ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1979 (Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-1978 (Microsoft .NET Framework 2.0 SP2, 3.5.1, and 4 does not properly ...)
	NOT-FOR-US: Microsoft .NET
CVE-2011-1977 (The ASP.NET Chart controls in Microsoft .NET Framework 4, and Chart ...)
	NOT-FOR-US: Microsoft .NET
CVE-2011-1976 (Cross-site scripting (XSS) vulnerability in the Report Viewer Control ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2011-1975 (Untrusted search path vulnerability in the Data Access Tracing ...)
	NOT-FOR-US: Microsoft
CVE-2011-1974 (NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1973
	REJECTED
CVE-2011-1972 (Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-1971 (The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1970 (The DNS server in Microsoft Windows Server 2003 SP2 and Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1969 (Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1968 (The Remote Desktop Protocol (RDP) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1967 (Winsrv.dll in the Client/Server Run-time Subsystem (aka CSRSS) in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1966 (The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1965 (Tcpip.sys in the TCP/IP stack in Microsoft Windows 7 Gold and SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1964 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1963 (Microsoft Internet Explorer 7 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1962 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1961 (The telnet URI handler in Microsoft Internet Explorer 6 through 9 does ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1960 (Microsoft Internet Explorer 6 through 9 does not properly implement ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1959 (The snoop_read function in wiretap/snoop.c in Wireshark 1.2.x before ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant; bug #630159)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1958 (Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1957 (The dissect_dcm_main function in epan/dissectors/packet-dcm.c in the ...)
	{DSA-2274-1}
	- wireshark 1.6.0-1 (unimportant)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1956 (The bytes_repr_len function in Wireshark 1.4.5 uses an incorrect ...)
	- wireshark 1.4.6-1 (unimportant)
	[lenny] - wireshark <not-affected> (Affects 1.4.5 only)
	[squeeze] - wireshark <not-affected> (Affects 1.4.5 only)
	NOTE: Crashes w/o code injection not treated as security issues, see README.Security
CVE-2011-1955
	RESERVED
CVE-2011-1954 (Multiple cross-site request forgery (CSRF) vulnerabilities in Post ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1953 (Multiple cross-site scripting (XSS) vulnerabilities in common.php in ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1952 (common.php in Post Revolution before 0.8.0c-2 allows remote attackers ...)
	NOT-FOR-US: Post Revolution
CVE-2011-1951 (lib/logmatcher.c in Balabit syslog-ng before 3.2.4, when the global ...)
	- syslog-ng 3.2.4-1 (low)
	[squeeze] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
	[lenny] - syslog-ng <not-affected> (Only affects PCRE >= 8.12)
	NOTE: http://git.balabit.hu/?p=bazsi/syslog-ng-3.2.git;a=commit;h=09710c0b105e579d35c7b5f6c66d1ea5e3a3d3ff
CVE-2011-1950 (plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users ...)
	- plone3 <removed>
CVE-2011-1949 (Cross-site scripting (XSS) vulnerability in the safe_html filter in ...)
	- plone3 <removed>
CVE-2011-1948 (Cross-site scripting (XSS) vulnerability in Plone 4.1 and earlier ...)
	- plone3 <removed>
CVE-2011-1947 (fetchmail 5.9.9 through 6.3.19 does not properly limit the wait time ...)
	- fetchmail 6.3.22-1 (unimportant)
	NOTE: http://www.fetchmail.info/fetchmail-SA-2011-01.txt
CVE-2011-1946 (gnomesu-pam-backend in libgnomesu 1.0.0 prints an error message but ...)
	NOT-FOR-US: libgnomesu
CVE-2011-1945 (The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and ...)
	{DSA-2309-1}
	- openssl 1.0.0e-1 (low)
CVE-2011-1944 (Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x ...)
	{DSA-2255-1}
	- libxml2 2.7.8.dfsg-3 (bug #628537)
CVE-2011-1943 (The destroy_one_secret function in nm-setting-vpn.c in libnm-util in ...)
	- network-manager-openvpn <not-affected> (Affected code was only in experimental, see bug #628730)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=708876
CVE-2011-1942
	RESERVED
CVE-2011-1941 (Open redirect vulnerability in the redirector feature in phpMyAdmin ...)
	- phpmyadmin 4:3.4.1-1
	[lenny] - phpmyadmin <not-affected> (3.4.x only)
	[squeeze] - phpmyadmin <not-affected> (3.4.x only)
CVE-2011-1940 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-2391-1}
	- phpmyadmin 4:3.4.1-1
	[lenny] - phpmyadmin <not-affected> (3.3.x+ only)
	[squeeze] - phpmyadmin <no-dsa> (may be bundled with future issues)
CVE-2011-1939
	RESERVED
	- zendframework 1.11.6-1 (low)
	[squeeze] - zendframework <no-dsa> (Minor issue)
CVE-2011-1938 (Stack-based buffer overflow in the socket_connect function in ...)
	{DSA-2399-1}
	- php5 5.3.6-13 (low)
	[lenny] - php5 <not-affected> (The Lenny version doesn't use memcpy)
CVE-2011-1937 (Cross-site scripting (XSS) vulnerability in Webmin 1.540 and earlier ...)
	NOT-FOR-US: Webmin
CVE-2011-1936 (Xen, when using x86 Intel processors and the VMX virtualization ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1935 (pcap-linux.c in libpcap 1.1.1 before commit ...)
	- libpcap 1.1.1-4 (low; bug #623868)
	[squeeze] - libpcap 1.1.1-2+squeeze1
	[lenny] - libpcap <not-affected>
	NOTE: <878vsbyviu.fsf@silenus.orebokech.com>
CVE-2011-1934 [lilo: lilo.conf world-readable]
	RESERVED
	- lilo 23.1-2 (low; bug #615103)
	[squeeze] - lilo <not-affected> (Introduced in 23.1)
	[lenny] - lilo <not-affected> (Introduced in 23.1)
CVE-2011-1933
	RESERVED
	- libjifty-dbi-perl 0.68-1 (low; bug #622919)
	[squeeze] - libjifty-dbi-perl 0.60-1+squeeze1
CVE-2011-1932 (Directory traversal vulnerability in io/filesystem/filesystem.cc in ...)
	- widelands 1:15-3 (low; bug #617960)
	[lenny] - widelands <no-dsa> (Minor issue)
CVE-2011-1931 (sp5xdec.c in the Sunplus SP5X JPEG decoder in libavcodec in FFmpeg ...)
	- libav 4:0.6.2-3 (bug #624339)
	- ffmpeg <not-affected> (vulnerability introduced in 0.6)
	- ffmpeg-debian <not-affected> (vulnerability introduced in 0.6)
CVE-2011-1930
	RESERVED
	- klibc 1.5.22-1 (low)
	[squeeze] - klibc 1.5.20-1+squeeze1
	[lenny] - klibc 1.5.12-2lenny1
CVE-2011-1929 (lib-mail/message-header-parser.c in Dovecot 1.2.x before 1.2.17 and ...)
	{DSA-2252-1}
	- dovecot 1:2.0.13-1 (bug #627443)
	NOTE: [lenny] - dovecot <not-affected> (Vulnerability introduced in 1.1)
	NOTE: <e15277de7326d4d7f8b560cd853e1a12@muenster.org> claims lenny is affected
CVE-2011-1928 (The fnmatch implementation in apr_fnmatch.c in the Apache Portable ...)
	{DSA-2237-2}
	- apr 1.4.5-1 (bug #627182)
CVE-2011-1927 (The ip_expire function in net/ipv4/ip_fragment.c in the Linux kernel ...)
	- linux-2.6 2.6.39-1 (high)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1926 (The STARTTLS implementation in Cyrus IMAP Server before 2.4.7 does not ...)
	{DSA-2258-1 DSA-2242-1}
	- cyrus-imapd-2.2 2.2.13p1-11 (bug #627081)
	- cyrus-imapd-2.4 2.4.7-1
	- kolab-cyrus-imapd 2.2.13p1-0.1 (bug #629350)
CVE-2011-1925 (nbd-server.c in Network Block Device (nbd-server) 2.9.21 allows remote ...)
	- nbd 1:2.9.22-1 (bug #627042)
	[wheezy] - nbd <not-affected>
	[squeeze] - nbd <not-affected>
	[lenny] - nbd <not-affected>
CVE-2011-1924 (Buffer overflow in the policy_summarize function in or/policies.c in ...)
	- tor 0.2.1.30-1
	[squeeze] - tor <no-dsa> (Only affects the central Tor directory servers)
	[lenny] - tor <no-dsa> (Only affects the central Tor directory servers)
CVE-2011-1923 (The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL ...)
	- polarssl 0.14.3-1 (low; bug #616114)
	[squeeze] - polarssl <no-dsa> (Minor issue)
CVE-2011-1922 (daemon/worker.c in Unbound 1.x before 1.4.10, when debugging ...)
	- unbound 1.4.10-1 (unimportant)
	[lenny] - unbound 1.4.6-1~lenny2 (unimportant)
	[squeeze] - unbound 1.4.6-1+squeeze2 (unimportant)
	NOTE: http://unbound.nlnetlabs.nl/downloads/CVE-2011-1922.txt
	NOTE: asserts not enabled in Debian build
CVE-2011-1921 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1920 (The make include files in NetBSD before 1.6.2, as used in pmake 1.111 ...)
	- pmake 1.111-3 (low; bug #626673)
	[squeeze] - pmake 1.111-2+squeeze1
	[lenny] - pmake 1.111-1+lenny1
CVE-2011-1919 (Multiple stack-based buffer overflows in GE Intelligent Platforms ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2011-1918 (Stack-based buffer overflow in the Data Archiver service in GE ...)
	NOT-FOR-US: GE Intelligent Platforms
CVE-2011-1917
	RESERVED
CVE-2011-1916
	RESERVED
CVE-2011-1915 (SQL injection vulnerability in eClient 7.3.2.3 in Enspire Distribution ...)
	NOT-FOR-US: Enspire Distribution Management Solution
CVE-2011-1914 (Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) ...)
	NOT-FOR-US: ActiveX
CVE-2011-1913 (SQL injection vulnerability in the login form in the web interface in ...)
	NOT-FOR-US: Mercator SENTINEL
CVE-2011-1912
	RESERVED
CVE-2011-1911 (JasperServer in JasperReports Server Community Project 3.7.0 and 3.7.1 ...)
	NOT-FOR-US: JasperReports Server
CVE-2011-1910 (Off-by-one error in named in ISC BIND 9.x before 9.7.3-P1, 9.8.x ...)
	{DSA-2244-1}
	- bind9 1:9.8.1.dfsg-1 (high)
	NOTE: https://lists.isc.org/pipermail/bind-users/2011-May/083819.html
CVE-2011-1909
	RESERVED
CVE-2011-1908 (Integer overflow in the Type 1 font decoder in the FreeType engine in ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-1906 (Trustwave WebDefend Enterprise before 5.0 7.01.903-1.4 stores specific ...)
	NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-1905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1904 (An unspecified function in the web interface in Proofpoint Messaging ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1903 (SQL injection vulnerability in an unspecified function in Proofpoint ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1902 (Directory traversal vulnerability in the web interface in Proofpoint ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1901 (The mail-filter web interface in Proofpoint Messaging Security Gateway ...)
	NOT-FOR-US: Proofpoint Messaging Security Gateway
CVE-2011-1900 (Directory traversal vulnerability in NTWebServer in InduSoft Web ...)
	NOT-FOR-US: InduSoft Web Studio
CVE-2011-1899 (Multiple cross-site scripting (XSS) vulnerabilities in CA eHealth ...)
	NOT-FOR-US: CA eHealth
CVE-2011-1898 (Xen 4.1 before 4.1.1 and 4.0 before 4.0.2, when using PCI passthrough ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	[lenny] - xen-3 <not-affected>
CVE-2011-1897 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1896 (Cross-site scripting (XSS) vulnerability in Microsoft Forefront ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1895 (CRLF injection vulnerability in Microsoft Forefront Unified Access ...)
	NOT-FOR-US: Microsoft Forefront
CVE-2011-1894 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1893 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1892 (Microsoft Office Groove 2007 SP2, SharePoint Workspace 2010 Gold and ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-1891 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1890 (Cross-site scripting (XSS) vulnerability in EditForm.aspx in Microsoft ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-1889 (The NSPLookupServiceNext function in the client in Microsoft Forefront ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2011-1888 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 ...)
	NOT-FOR-US: MS Windows
CVE-2011-1887 (win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP1 ...)
	NOT-FOR-US: MS Windows
CVE-2011-1886 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 does ...)
	NOT-FOR-US: MS Windows
CVE-2011-1885 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: MS Windows
CVE-2011-1884 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1883 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1882 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1881 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: MS Windows
CVE-2011-1880 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: MS Windows
CVE-2011-1879 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1878 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1877 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1876 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1875 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1874 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: MS Windows
CVE-2011-1873 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1872 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1871 (Tcpip.sys in the TCP/IP stack in Microsoft Windows Vista SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2011-1870 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) ...)
	NOT-FOR-US: MS Windows
CVE-2011-1869 (The Distributed File System (DFS) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1868 (The Distributed File System (DFS) implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4804 (The Android browser in Android before 2.3.4 allows remote attackers to ...)
	NOT-FOR-US: Android Browser
CVE-2011-XXXX [fglrx-driver xauth cookie leak]
	- fglrx-driver 1:11-6-3 (low; bug #625868)
	[squeeze] - fglrx-driver <no-dsa> (Non-free not supported)
	[lenny] - fglrx-driver <no-dsa> (Non-free not supported)
CVE-2011-1907 (ISC BIND 9.8.x before 9.8.0-P1, when Response Policy Zones (RPZ) RRset ...)
	- bind9 1:9.8.1.dfsg.P1-1
	[squeeze] - bind9 <not-affected> (Only affects 9.8.0)
	[lenny] - bind9 <not-affected> (Only affects 9.8.0)
CVE-2011-1765 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.5, ...)
	- mediawiki <not-affected> (Incomplete fix was never released for Debian, neither in sid, nor oldstable/stable)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
CVE-2011-1766 (includes/User.php in MediaWiki before 1.16.5, when ...)
	- mediawiki <not-affected> (Vulnerable code not present, planned next upload will skip it)
	[lenny] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.16.0)
	[squeeze] - mediawiki <not-affected> (Vulnerable code not present, introduced in 1.16.0)
	NOTE: https://bugzilla.wikimedia.org/show_bug.cgi?id=28534
CVE-2011-1867 (Stack-based buffer overflow in iNodeMngChecker.exe in the User Access ...)
	NOT-FOR-US: iNodeMngChecker.exe of HP Intelligent Management Center
CVE-2011-1866 (Buffer overflow in omniinet.exe in the inet service in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1865 (Multiple stack-based buffer overflows in the inet service in HP ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1864 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1863 (HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1862 (Cross-site scripting (XSS) vulnerability in HP Service Manager 7.02, ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1861 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1860 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1859 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1858 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1857 (Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and ...)
	NOT-FOR-US: HP Service Manager
CVE-2011-1856 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
	NOT-FOR-US: HP Business Availability
CVE-2011-1855 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-1854 (Use-after-free vulnerability in HP Intelligent Management Center (IMC) ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1853 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1852 (Multiple stack-based buffer overflows in tftpserver.exe in HP ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1851 (Stack-based buffer overflow in tftpserver.exe in HP Intelligent ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1850 (Stack-based buffer overflow in the logging functionality in dbman.exe ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1849 (tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1848 (Stack-based buffer overflow in img.exe in HP Intelligent Management ...)
	NOT-FOR-US: HP Intelligent Management Center
CVE-2011-1847 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows ...)
	NOT-FOR-US: IBM DB2 9.5
CVE-2011-1846 (IBM DB2 9.5 before FP7 and 9.7 before FP4 on Linux, UNIX, and Windows ...)
	NOT-FOR-US: IBM DB2 9.5
CVE-2011-1845 (Multiple memory leaks in the DataGrid control implementation in ...)
	NOT-FOR-US: Silverlight
CVE-2011-1844 (Memory leak in Microsoft Silverlight 4 before 4.0.60310.0 allows ...)
	NOT-FOR-US: Silverlight
CVE-2011-1843 (Integer overflow in conf.c in Tinyproxy before 1.8.3 might allow ...)
	- tinyproxy 1.8.2-2 (unimportant; bug #627503)
	[squeeze] - tinyproxy 1.8.2-1squeeze2 (unimportant)
	NOTE: Only exploitable through config files, which are under admin control
CVE-2011-1842 (dbus_backend/lsd.py in the D-Bus backend in language-selector before ...)
	NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-1841 (Cross-site scripting (XSS) vulnerability in the link_to helper in ...)
	{DSA-2239-1}
	- libmojolicious-perl 1.12-1
CVE-2011-1840 (The MartiniCreations PassmanLite Password Manager application before ...)
	NOT-FOR-US: MartiniCreations PassmanLite Password Manager for Android
CVE-2011-1839 (IBM Rational Build Forge 7.1.0 uses the HTTP GET method during ...)
	NOT-FOR-US: IBM Rational Build Forge 7.1.0
CVE-2011-1838 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: TWiki
CVE-2011-1837 (The lock-counter implementation in utils/mount.ecryptfs_private.c in ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1836 (utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not ...)
	- ecryptfs-utils 92-1
	[squeeze] - ecryptfs-utils <not-affected> (Vulnerable code not present)
	[lenny] - ecryptfs-utils <not-affected> (Vulnerable code not present)
CVE-2011-1835 (The encrypted private-directory setup process in ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1834 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1833 (Race condition in the ecryptfs_mount function in fs/ecryptfs/main.c in ...)
	{DSA-2443-1}
	- ecryptfs-utils 92-1
	[squeeze] - ecryptfs-utils <no-dsa> (Minor issue)
	- linux-2.6 3.1.1-1
	NOTE: cannot be fixed in ecryptfs-utils (squeeze, lenny) until kernel fix is in place
CVE-2011-1832 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1831 (utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not ...)
	{DSA-2382-1}
	- ecryptfs-utils 92-1
CVE-2011-1830
	RESERVED
CVE-2011-1829 (APT before 0.8.15.2 does not properly validate inline GPG signatures, ...)
	- apt 0.8.15.2
	[squeeze] - apt <not-affected> (Vulnerable code not present)
	[lenny] - apt <not-affected> (Vulnerable code not present)
CVE-2011-1828 (usb-creator-helper in usb-creator before 0.2.28.3 does not enforce ...)
	NOT-FOR-US: usb-creator, Ubuntu-specific package
CVE-2010-4803 (Mojolicious before 0.999927 does not properly implement HMAC-MD5 ...)
	{DSA-2239-1}
	- libmojolicious-perl 0.999929-1
CVE-2010-4802 (Commands.pm in Mojolicious before 0.999928 does not properly perform ...)
	{DSA-2239-1}
	- libmojolicious-perl 0.999929-1
CVE-2009-5074 (Unspecified vulnerability in the MojoX::Dispatcher::Static ...)
	- libmojolicious-perl <not-affected> (Fixed before initial upload)
CVE-2011-XXXX [spip DoS]
	- spip 2.1.11-0.1
	[squeeze] - spip 2.1.1-3squeeze1
CVE-2011-1827 (Multiple unspecified vulnerabilities in Check Point SSL Network ...)
	NOT-FOR-US: Check Point
CVE-2010-4801 (Directory traversal vulnerability in admin/updatelist.php in BaconMap ...)
	NOT-FOR-US: BaconMap
CVE-2010-4800 (SQL injection vulnerability in doadd.php in BaconMap 1.0 allows remote ...)
	NOT-FOR-US: BaconMap
CVE-2010-4799 (Multiple SQL injection vulnerabilities in Chipmunk Pwngame 1.0, when ...)
	NOT-FOR-US: Chipmunk Pwngame
CVE-2010-4798 (Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 ...)
	NOT-FOR-US: OrangeHRM
CVE-2010-4797 (Multiple SQL injection vulnerabilities in the log-in form in Truworth ...)
	NOT-FOR-US: Truworth Flex Timesheet
CVE-2010-4796 (Multiple SQL injection vulnerabilities in PHPYun 1.1.6 allow remote ...)
	NOT-FOR-US: PHPYun
CVE-2010-4795 (SQL injection vulnerability in the JS Calendar (com_jscalendar) ...)
	NOT-FOR-US: JS Calendar component for Joomla!
CVE-2010-4794 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: JoomlaSeller JS Calendar component for Joomla!
CVE-2010-4793 (SQL injection vulnerability in detail.asp in Site2Nite Auto e-Manager ...)
	NOT-FOR-US: Site2Nite Auto e-Manager
CVE-2010-4792 (Cross-site scripting (XSS) vulnerability in title.php in OPEN IT ...)
	NOT-FOR-US: OPEN IT OverLook
CVE-2010-4791 (SQL injection vulnerability in ...)
	NOT-FOR-US: MG User-Fotoalbum module for PHP-Fusion
CVE-2010-4790 (Directory traversal vulnerability in FilterFTP 2.0.3, 2.0.5, and ...)
	NOT-FOR-US: FilterFTP
CVE-2011-1826 (Open redirect vulnerability in the Administrative Console in CA Arcot ...)
	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1825 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: CA Arcot WebFort Versatile Authentication Server
CVE-2011-1824 (The VEGAOpBitmap::AddLine function in Opera before 10.61 does not ...)
	NOT-FOR-US: Opera
CVE-2011-1823 (The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 ...)
	NOT-FOR-US: Android
CVE-2011-1822 (The LDAP_ADD implementation in IBM Tivoli Directory Server (TDS) 5.2 ...)
	NOT-FOR-US: Tivoli
CVE-2011-1821 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010 ...)
	NOT-FOR-US: Tivoli
CVE-2011-1820 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-IF0010, ...)
	NOT-FOR-US: Tivoli
CVE-2011-1819 (Google Chrome before 12.0.742.91 allows remote attackers to perform ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions)
CVE-2011-1818 (Use-after-free vulnerability in the image loader in Google Chrome ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86725
CVE-2011-1817 (Google Chrome before 12.0.742.91 does not properly implement history ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1816 (Use-after-free vulnerability in the developer tools in Google Chrome ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86507
CVE-2011-1815 (Google Chrome before 12.0.742.91 allows remote attackers to inject ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions specific)
CVE-2011-1814 (Google Chrome before 12.0.742.91 attempts to read data from an ...)
	- chromium-browser <not-affected> (chromium pdiflugin)
	- webkit <not-affected> (chromium pdf plugin)
CVE-2011-1813 (Google Chrome before 12.0.742.91 does not properly implement the ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1812 (Google Chrome before 12.0.742.91 allows remote attackers to bypass ...)
	- chromium-browser 12.0.742.91~r87961-1 (unimportant)
	- webkit <not-affected> (chromium extensions)
CVE-2011-1811 (Google Chrome before 12.0.742.91 does not properly handle a large ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1810 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/83345
CVE-2011-1809 (Use-after-free vulnerability in the accessibility feature in Google ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80890
CVE-2011-1808 (Use-after-free vulnerability in Google Chrome before 12.0.742.91 ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84096
	NOTE: http://trac.webkit.org/changeset/84098
	NOTE: http://trac.webkit.org/changeset/84119
CVE-2011-1807 (Google Chrome before 11.0.696.71 does not properly handle blobs, which ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1806 (Google Chrome before 11.0.696.71 does not properly implement the GPU ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1805
	RESERVED
CVE-2011-1804 (rendering/RenderBox.cpp in WebCore in WebKit before r86862, as used in ...)
	- chromium-browser 11.0.696.71~r86024-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/86448
CVE-2011-1803
	RESERVED
CVE-2011-1802
	RESERVED
CVE-2011-1801 (Unspecified vulnerability in Google Chrome before 11.0.696.71 allows ...)
	- chromium-browser 11.0.696.71~r86024-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/85977
CVE-2011-1800 (Multiple integer overflows in the SVG Filters implementation in ...)
	- chromium-browser 11.0.696.68~r84545-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/85926
CVE-2011-1799 (Google Chrome before 11.0.696.68 does not properly perform casts of ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.68~r84545-1
CVE-2011-1798 (rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84085
CVE-2011-1797 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	{DSA-2245-1}
	- chromium-browser 12.0.742.91~r87961-1
CVE-2011-1796 (Use-after-free vulnerability in the ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84300
CVE-2011-1795 (Integer underflow in the HTMLFormElement::removeFormElement function ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/83690
CVE-2011-1794 (Integer overflow in the FilterEffect::copyImageBytes function in ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84422
CVE-2011-1793 (rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/85406
CVE-2011-1792
	RESERVED
CVE-2011-1791
	RESERVED
CVE-2011-1790
	RESERVED
CVE-2010-4789 (Use-after-free vulnerability in the proxy-server implementation in IBM ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4788 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.62 (aka ...)
	NOT-FOR-US: Tivoli
CVE-2010-4787 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka ...)
	NOT-FOR-US: Tivoli
CVE-2010-4786 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.63 (aka ...)
	NOT-FOR-US: Tivoli
CVE-2010-4785 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...)
	NOT-FOR-US: Tivoli
CVE-2009-5073 (IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.59 (aka ...)
	NOT-FOR-US: Tivoli
CVE-2009-5072 (Memory leak in the ldap_explode_dn function in IBM Tivoli Directory ...)
	NOT-FOR-US: Tivoli
CVE-2008-7290 (Memory leak in the ldap_explode_rdn API function in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2008-7289 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 ...)
	NOT-FOR-US: Tivoli
CVE-2008-7288 (IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0007 ...)
	NOT-FOR-US: Tivoli
CVE-2008-7287 (Multiple memory leaks in the (1) ldap_init and (2) ...)
	NOT-FOR-US: Tivoli
CVE-2007-6743 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 ...)
	NOT-FOR-US: Tivoli
CVE-2007-6742 (The get_filter_list function in IBM Tivoli Directory Server (TDS) 5.2 ...)
	NOT-FOR-US: Tivoli
CVE-2011-1789 (The self-extracting installer in the vSphere Client Installer package ...)
	NOT-FOR-US: vSphere
CVE-2011-1788 (vCenter Server in VMware vCenter 4.0 before Update 3 and 4.1 before ...)
	NOT-FOR-US: vCenter
CVE-2011-1787 (Race condition in mount.vmhgfs in the VMware Host Guest File System ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (bug #631506)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-1786 (lsassd in Likewise Open /Enterprise 5.3 before build 7845, Open 6.0 ...)
	NOT-FOR-US: Likewise
CVE-2011-1785 (VMware ESXi 4.0 and 4.1 and ESX 4.0 and 4.1 allow remote attackers to ...)
	NOT-FOR-US: VMware
CVE-2011-1784 (The pidfile_write function in core/pidfile.c in keepalived 1.2.2 and ...)
	- keepalived 1:1.2.2-2 (low; bug #626281)
	[lenny] - keepalived <no-dsa> (Minor issue)
	[squeeze] - keepalived 1:1.1.20-1+squeeze1
CVE-2011-1783 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1782 (Heap-based buffer overflow in the read_channel_data function in ...)
	{DSA-2426-1}
	- gimp 2.6.11-3 (bug #629830)
CVE-2011-1781 (SystemTap 1.4, when unprivileged (aka stapusr) mode is enabled, allows ...)
	- systemtap 1.6-1 (bug #628819)
	[squeeze] - systemtap <not-affected> (Only affects version 1.4.x)
	[lenny] - systemtap <not-affected> (Only affects version 1.4.x)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
CVE-2011-1780 (The instruction emulation in Xen 3.0.3 allows local SMP guest users to ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1779 (Multiple use-after-free vulnerabilities in libarchive 2.8.4 and 2.8.5 ...)
	- libarchive 3.0.4-2 (bug #669197)
	[squeeze] - libarchive <not-affected> (vulnerable code not present in 2.x series)
	NOTE: http://code.google.com/p/libarchive/source/detail?r=0736e0890a8fce59e96d57340405c56f084407e7
	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
CVE-2011-1778 (Buffer overflow in libarchive through 2.8.5 allows remote attackers to ...)
	{DSA-2413-1}
	- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1777 (Multiple buffer overflows in the (1) heap_add_entry and (2) ...)
	{DSA-2413-1}
	- libarchive 2.8.5-5 (bug #651844)
CVE-2011-1776 (The is_gpt_valid function in fs/partitions/efi.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1 (low)
CVE-2011-1775 (The CSecurityTLS::processMsg function in common/rfb/CSecurityTLS.cxx ...)
	- tigervnc <not-affected> (Fixed before initial release in Debian)
	NOTE: https://github.com/TigerVNC/tigervnc/commit/ce6c8b097f0d5b161039dc8c8208aff078d433ff
CVE-2011-1774 (WebKit in Apple Safari before 5.0.6 has improper libxslt security ...)
	NOTE: CVE-2011-1774 is about webkit's interface to xmlsec, CVE-2011-1425 is the actual issue
	NOTE: http://www.openwall.com/lists/oss-security/2011/05/09/4
CVE-2011-1773 (virt-v2v before 0.8.4 does not preserve the VNC console password when ...)
	NOT-FOR-US: virt-v2v
CVE-2011-1772 (Multiple cross-site scripting (XSS) vulnerabilities in XWork in Apache ...)
	- libstruts1.2-java <not-affected> (xwork introduced in 2.x)
CVE-2011-1771 (The cifs_close function in fs/cifs/file.c in the Linux kernel before ...)
	- linux-2.6 2.6.38-4
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.37)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.37)
CVE-2011-1770 (Integer underflow in the dccp_parse_options function ...)
	{DSA-2240-1}
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34squeeze1
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29 with commit e77b8363b2ea7c0d89919547c1a8b0562f298b57)
CVE-2011-1769 (SystemTap 1.4 and earlier, when unprivileged (aka stapusr) mode is ...)
	- systemtap 1.6-1 (unimportant; bug #628819)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=702687#c29
	NOTE: http://sourceware.org/git/?p=systemtap.git;a=commit;h=fa2e3415185a28542d419a641ecd6cddd52e3cd9
	NOTE: a DoS with a very limited exploitation possibility
CVE-2011-1768 (The tunnels implementation in the Linux kernel before 2.6.34, when ...)
	{DSA-2264-1}
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-1767 (net/ipv4/ip_gre.c in the Linux kernel before 2.6.34, when ip_gre is ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-34squeeze1
CVE-2011-1764 (Format string vulnerability in the dkim_exim_verify_finish function in ...)
	{DSA-2232-1}
	- exim4 4.75-3 (high; bug #624670)
	[lenny] - exim4 <not-affected> (vulnerable code not present)
CVE-2011-1763 (The get_free_port function in Xen allows local authenticated DomU ...)
	- linux-2.6 <not-affected> (Only affected the old Xen kernel patch from 2.6.18/2.6.26)
CVE-2011-1762
	RESERVED
CVE-2011-1761 (Multiple stack-based buffer overflows in the (1) abc_new_macro and (2) ...)
	{DSA-2415-1}
	- libmodplug 1:0.8.8.4-1 (low; bug #625966)
CVE-2011-1760 (utils/opcontrol in OProfile 0.9.6 and earlier might allow local users ...)
	{DSA-2254-2 DSA-2254-1}
	- oprofile 0.9.6-1.2 (medium; bug #624212)
CVE-2011-1759 (Integer overflow in the sys_oabi_semtimedop function in ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1
CVE-2011-1758 (The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in ...)
	- sssd <not-affected> (Only affects version 1.5+)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=700867
	NOTE: http://git.fedorahosted.org/git/?p=sssd.git;a=commitdiff;h=fffdae81651b460f3d2c119c56d5caa09b4de42a
CVE-2011-1757 (DJabberd 0.84 and earlier does not properly detect recursion during ...)
	NOTE: DJabberd
CVE-2011-1756 (modules/xmpp/serv_xmpp.c in Citadel 7.86 and earlier does not properly ...)
	{DSA-2250-1}
	- citadel 8.04-1 (medium)
CVE-2011-1755 (jabberd2 before 2.2.14 does not properly detect recursion during ...)
	- jabberd2 2.2.8-2.1 (medium)
CVE-2011-1754 (jabberd14 1.6.1.1 and earlier does not properly detect recursion ...)
	{DSA-2249-1}
	- jabberd14 1.6.1.1-5.1
CVE-2011-1753 (expat_erl.c in ejabberd before 2.1.7 and 3.x before 3.0.0-alpha-3, and ...)
	{DSA-2248-1}
	- ejabberd 2.1.6-2.1 (medium)
CVE-2011-1752 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
	{DSA-2251-1}
	- subversion 1.6.17dfsg-1
CVE-2011-1751 (The pciej_write function in hw/acpi_piix4.c in the PIIX4 Power ...)
	{DSA-2241-1}
	- qemu-kvm 0.14.1+dfsg-1
	- kvm <undetermined>
CVE-2011-1750 (Multiple heap-based buffer overflows in the virtio-blk driver ...)
	{DSA-2230-1}
	- qemu-kvm 0.14.1+dfsg-1 (bug #624177)
	- kvm <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=698906
CVE-2011-1749 (The nfs_addmntent function in support/nfs/nfs_mntent.c in the ...)
	- nfs-utils 1:1.2.3-3 (low; bug #629420)
	[squeeze] - nfs-utils 1:1.2.2-4squeeze2
	[lenny] - nfs-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=697975
CVE-2011-1748 (The raw_release function in net/can/raw.c in the Linux kernel before ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.39-1
CVE-2011-1747 (The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not ...)
	- linux-2.6 <removed> (unimportant)
	NOTE: Can only be triggered with root equivalent privs -> non-issue
CVE-2011-1746 (Multiple integer overflows in the (1) agp_allocate_memory and (2) ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1745 (Integer overflow in the agp_generic_insert_memory function in ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1744 (EMC Captiva eInput 2.1.1 before 2.1.1.37 does not restrict the origin ...)
	NOT-FOR-US: EMC
CVE-2011-1743 (Cross-site scripting (XSS) vulnerability in EMC Captiva eInput 2.1.1 ...)
	NOT-FOR-US: EMC
CVE-2011-1742 (EMC Data Protection Advisor before 5.8.1 places cleartext account ...)
	NOT-FOR-US: EMC
CVE-2011-1741 (Stack-based buffer overflow in ftserver.exe in the OpenText ...)
	NOT-FOR-US: OpenText Hummingbird Client Connector
CVE-2011-1740 (EMC Avamar 4.x, 5.0.x, and 6.0.x before 6.0.0-592 allows remote ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-1739 (The makemask function in mountd.c in mountd in FreeBSD 7.4 through 8.2 ...)
	NOT-FOR-US: FreeBSD mountd
CVE-2011-1738 (HP Palm webOS 1.4.5 and 1.4.5.1 does not properly restrict Plug-in ...)
	NOT-FOR-US: HP Palm webOS
CVE-2011-1737 (Multiple cross-site scripting (XSS) vulnerabilities in the Email ...)
	NOT-FOR-US: HP Palm webOS
CVE-2011-1736 (Directory traversal vulnerability in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1735 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1734 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1733 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1732 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1731 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1730 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1729 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1728 (Stack-based buffer overflow in OmniInet.exe in the Backup Client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-1727 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-1726 (Cross-site scripting (XSS) vulnerability in HP SiteScope 9.54, 10.13, ...)
	NOT-FOR-US: HP SiteScope
CVE-2011-1725 (Unspecified vulnerability in HP Network Automation 7.2x, 7.5x, 7.6x, ...)
	NOT-FOR-US: HP Network Automation
CVE-2011-1724 (Unspecified vulnerability in HP Virtual Server Environment before 6.3 ...)
	NOT-FOR-US: HP Virtual Server Environment
CVE-2011-1723 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2011-1722 (Multiple SQL injection vulnerabilities in WEC Discussion Forum ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2011-1721 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: WebJaxe
CVE-2011-1720 (The SMTP server in Postfix before 2.5.13, 2.6.x before 2.6.10, 2.7.x ...)
	{DSA-2233-1}
	- postfix 2.8.3-1
	NOTE: http://www.postfix.org/CVE-2011-1720.html
CVE-2011-1719 (Multiple stack-based buffer overflows in the Web Viewer ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2011-1718 (The Web Agents component in CA SiteMinder R6 before SP6 CR2 and R12 ...)
	NOT-FOR-US: CA SiteMinder
CVE-2011-1716 (Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in ...)
	- xymon 4.3.7-1
	[wheezy] - xymon <no-dsa> (Minor issue)
	[squeeze] - xymon <no-dsa> (Minor issue)
CVE-2009-5071 (Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown ...)
	NOT-FOR-US: Palm WebOS
CVE-2011-1717 (Skype for Android stores sensitive user data without encryption in ...)
	NOT-FOR-US: Skype for Android
CVE-2011-1715 (Directory traversal vulnerability in ...)
	NOT-FOR-US: QooxDoo
CVE-2011-1714 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: QooxDoo
CVE-2011-1713 (Microsoft msxml.dll, as used in Internet Explorer 8 on Windows 7, ...)
	NOT-FOR-US: Microsoft
CVE-2011-1712 (The txXPathNodeUtils::getXSLTId function in ...)
	- iceweasel 4.0.1-1 (unimportant)
CVE-2011-1711 (Unspecified vulnerability in the Mobility Pack 1.1.2 and earlier in ...)
	NOT-FOR-US: Mobility Pack 1.1.2 and earlier in Novell Data Synchronizer
CVE-2011-1710 (Multiple integer overflows in the HTTP server in the Novell XTier ...)
	NOT-FOR-US: Novell XTier
CVE-2011-1709 (GNOME Display Manager (gdm) before 2.32.2, when glib 2.28 is used, ...)
	- gdm3 <not-affected> (Vulnerable code patched out in Debian package in sid, patched in 3.0.4 experimental)
	- gdm <not-affected> (Vulnerable code not present)
CVE-2011-1708 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1707 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1706 (Stack-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1705 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1704 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1703 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1702 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1701 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1700 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1699 (Heap-based buffer overflow in nipplib.dll in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2011-1698
	RESERVED
CVE-2011-1697
	RESERVED
CVE-2011-1696 (Cross-site scripting (XSS) vulnerability in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2011-1695
	RESERVED
CVE-2011-1694
	RESERVED
CVE-2011-1693
	RESERVED
CVE-2011-1692
	RESERVED
CVE-2011-1691 (The counterToCSSValue function in CSSComputedStyleDeclaration.cpp in ...)
	- chromium-browser 12.0.742.91~r87961-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82222
CVE-2011-1690 (Best Practical Solutions RT 3.6.0 through 3.6.10 and 3.8.0 through ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1689 (Multiple cross-site scripting (XSS) vulnerabilities in Best Practical ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1688 (Directory traversal vulnerability in Best Practical Solutions RT 3.2.0 ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1687 (Best Practical Solutions RT 3.0.0 through 3.6.10, 3.8.0 through 3.8.9, ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1686 (Multiple SQL injection vulnerabilities in Best Practical Solutions RT ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
	- request-tracker3.6 <removed>
CVE-2011-1685 (Best Practical Solutions RT 3.8.0 through 3.8.9 and 4.0.0rc through ...)
	{DSA-2220-1}
	- request-tracker3.8 3.8.10-1 (bug #622774)
CVE-2011-1683 (IBM WebSphere Application Server (WAS) 6.0.x through 6.0.2.43, 6.1.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1682 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList ...)
	NOT-FOR-US: phpList
CVE-2011-1684 (Heap-based buffer overflow in the MP4_ReadBox_skcr function in ...)
	{DSA-2218-1}
	- vlc 1.1.8-3 (medium)
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	[squeeze] - vlc 1.1.3-1squeeze5
	NOTE: CVE id requested
CVE-2011-1681 (vmware-hgfsmounter in VMware Open Virtual Machine Tools (aka ...)
	- open-vm-tools 2:8.4.2+2011.08.21-471295-1 (low; bug #623968)
	[squeeze] - open-vm-tools <no-dsa> (Contrib not supported)
	[lenny] - open-vm-tools <no-dsa> (Contrib not supported)
CVE-2011-1680 (ncpmount in ncpfs 2.2.6 and earlier does not remove the /etc/mtab~ ...)
	- ncpfs 2.2.6-9 (low; bug #660545)
	[squeeze] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1679 (ncpfs 2.2.6 and earlier attempts to use (1) ncpmount to append to the ...)
	- ncpfs 2.2.6-9 (low; bug #660545)
	[squeeze] - ncpfs <no-dsa> (Minor issue)
CVE-2011-1678 (smbfs in Samba 3.5.8 and earlier attempts to use (1) mount.cifs to ...)
	- samba 2:3.4.7~dfsg-2 (low)
	- cifs-utils 2:5.1-1 (low)
	[squeeze] - cifs-utils 2:4.5-2+squeeze1
	NOTE: cifs-utils was split off from the samba source package with 2:3.4.7~dfsg-2, so marking it as fixed
	NOTE: http://git.samba.org/?p=cifs-utils.git;a=commitdiff;h=f6eae44a3d05b6515a59651e6bed8b6dde689aec
CVE-2011-1677 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab~ ...)
	- util-linux 2.20.1-1 (low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
CVE-2011-1676 (mount in util-linux 2.19 and earlier does not remove the /etc/mtab.tmp ...)
	NOTE: This was found to be a non-issue, see http://thread.gmane.org/gmane.comp.security.oss.general/4374/focus=4983
CVE-2011-1675 (mount in util-linux 2.19 and earlier attempts to append to the ...)
	- util-linux 2.20.1-1 (low)
	[squeeze] - util-linux <no-dsa> (Minor issue)
CVE-2011-1674 (The NetGear ProSafe WNAP210 with firmware 2.0.12 allows remote ...)
	NOT-FOR-US: NetGear ProSafe WNAP210
CVE-2011-1673 (BackupConfig.php on the NetGear ProSafe WNAP210 allows remote ...)
	NOT-FOR-US: NetGear ProSafe WNAP210
CVE-2011-1672 (The Dell KACE K2000 Systems Deployment Appliance 3.3.36822 and earlier ...)
	NOT-FOR-US: Dell KACE K2000 Systems Deployment Appliance
CVE-2011-1671 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Tracks
CVE-2011-1670 (Cross-site scripting (XSS) vulnerability in actions/add.php in InTerra ...)
	NOT-FOR-US: InTerra
CVE-2011-1669 (Directory traversal vulnerability in wp-download.php in the WP Custom ...)
	NOT-FOR-US: WP Custom Pages module for WordPress
CVE-2011-1668 (Cross-site scripting (XSS) vulnerability in search.php in AR Web ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2011-1667 (SQL injection vulnerability in index.php in Anzeigenmarkt 2011 allows ...)
	NOT-FOR-US: Anzeigenmarkt
CVE-2011-1666 (Metaways Tine 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Metaways Tine
CVE-2011-1665 (PHPBoost 3.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: PHPBoost
CVE-2011-1664 (Cross-site request forgery (CSRF) vulnerability in the Translation ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1663 (SQL injection vulnerability in the Translation Management module 6.x ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1662 (Cross-site scripting (XSS) vulnerability in Translation Management ...)
	NOT-FOR-US: Translation Management module for Drupal
CVE-2011-1661 (The Node Quick Find module 6.x-1.1 for Drupal does not use ...)
	NOT-FOR-US: Node Quick Find module for Drupal
CVE-2011-1660 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: GrapeCity Data Dynamics Reports
CVE-2011-1659 (Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or ...)
	- eglibc 2.13-8
	[squeeze] - eglibc 2.11.3-2
	- glibc 2.13-8
	[lenny] - glibc <no-dsa> (Minor issue)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=8126d90480fa
CVE-2011-1658 (ld.so in the GNU C Library (aka glibc or libc6) 2.13 and earlier ...)
	- eglibc 2.13-33 (low; bug #672119)
	[squeeze] - eglibc <not-affected>
CVE-2011-1657 (The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions ...)
	{DSA-2408-1}
	- php5 5.3.7-1 (unimportant)
	NOTE: safe mode not supported
CVE-2011-1656
	RESERVED
CVE-2011-1655 (The management.asmx module in the Management Web Service in the ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1654 (Directory traversal vulnerability in the Heartbeat Web Service in ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1653 (Multiple SQL injection vulnerabilities in the Unified Network Control ...)
	NOT-FOR-US: CA Total Defense
CVE-2011-1652 (** DISPUTED ** The default configuration of Microsoft Windows 7 ...)
	NOT-FOR-US: Microsoft Windows 7
CVE-2010-4784 (Multiple SQL injection vulnerabilities in member.php in PHP Web ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4783 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2010-4782 (Multiple SQL injection vulnerabilities in list.asp in Softwebs Nepal ...)
	NOT-FOR-US: Softwebs Nepal Ananda Real Estate
CVE-2010-4781 (index.php in Enano CMS 1.1.7pl1, and possibly other versions before ...)
	NOT-FOR-US: Enano CMS
CVE-2010-4780 (SQL injection vulnerability in the check_banlist function in ...)
	NOT-FOR-US: Enano CMS
CVE-2010-4779 (Cross-site scripting (XSS) vulnerability in lib/includes/auth.inc.php ...)
	NOT-FOR-US: WPtouch plugin for WordPress
CVE-2011-1651 (Cisco IOS XR 3.9.x and 4.0.x before 4.0.3 and 4.1.x before 4.1.1, when ...)
	NOT-FOR-US: Cisco
CVE-2011-1650
	RESERVED
CVE-2011-1649 (The Internet Streamer application in Cisco Content Delivery System ...)
	NOT-FOR-US: Cisco
CVE-2011-1648
	RESERVED
CVE-2011-1647 (The web management interface on the Cisco RVS4000 Gigabit Security ...)
	NOT-FOR-US: Cisco
CVE-2011-1646 (The web management interface on the Cisco RVS4000 Gigabit Security ...)
	NOT-FOR-US: Cisco
CVE-2011-1645 (The web management interface on the Cisco RVS4000 Gigabit Security ...)
	NOT-FOR-US: Cisco
CVE-2011-1644
	RESERVED
CVE-2011-1643 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1642
	RESERVED
CVE-2011-1641
	RESERVED
CVE-2011-1640 (The ethernet-lldp component in Cisco IOS 12.2 before 12.2(33)SXJ1 does ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1639
	RESERVED
CVE-2011-1638
	RESERVED
CVE-2011-1637 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software ...)
	NOT-FOR-US: Cisco
CVE-2011-1636
	RESERVED
CVE-2011-1635
	RESERVED
CVE-2011-1634
	RESERVED
CVE-2011-1633
	RESERVED
CVE-2011-1632
	RESERVED
CVE-2011-1631
	RESERVED
CVE-2011-1630
	RESERVED
CVE-2011-1629
	RESERVED
CVE-2011-1628
	RESERVED
CVE-2011-1627
	RESERVED
CVE-2011-1626
	RESERVED
CVE-2011-1625 (Cisco IOS 12.2, 12.3, 12.4, 15.0, and 15.1, when the data-link ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1624 (Cisco IOS 12.2(58)SE, when a login banner is configured, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-1623 (Cisco Media Processing Software before 1.2 on Media Experience Engine ...)
	NOT-FOR-US: Cisco
CVE-2011-1622
	RESERVED
CVE-2011-1621
	RESERVED
CVE-2011-1620
	RESERVED
CVE-2011-1619
	RESERVED
CVE-2011-1618
	RESERVED
CVE-2011-1617
	RESERVED
CVE-2011-1616
	RESERVED
CVE-2011-1615
	RESERVED
CVE-2011-1614
	RESERVED
CVE-2011-1613 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2011-1612
	RESERVED
CVE-2011-1611
	RESERVED
CVE-2011-1610 (Multiple SQL injection vulnerabilities in xmldirectorylist.jsp in the ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1609 (SQL injection vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1608
	RESERVED
CVE-2011-1607 (Directory traversal vulnerability in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1606 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1605 (Unspecified vulnerability in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1604 (Memory leak in Cisco Unified Communications Manager (aka CUCM, ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-1603 (Cisco Unified IP Phones 7900 devices (aka TNP phones) with software ...)
	NOT-FOR-US: Cisco
CVE-2011-1602 (The su utility on Cisco Unified IP Phones 7900 devices (aka TNP ...)
	NOT-FOR-US: Cisco
CVE-2011-1601
	RESERVED
CVE-2011-1600
	RESERVED
CVE-2011-1599 (manager.c in the Manager Interface in Asterisk Open Source 1.4.x ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1598 (The bcm_release function in net/can/bcm.c in the Linux kernel before ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1597
	RESERVED
	NOT-FOR-US: OpenVAS Manager
CVE-2011-1596
	RESERVED
	NOT-FOR-US: ** REJECT ** (regular bug in gnome-screensaver-dialog)
CVE-2011-1595 (Directory traversal vulnerability in the disk_create function in ...)
	- rdesktop 1.7.0-1 (low; bug #623552)
	[squeeze] - rdesktop <no-dsa> (Minor issue)
	[lenny] - rdesktop <no-dsa> (Minor issue)
CVE-2011-1594 (Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat ...)
	NOT-FOR-US: Red Hat Network Satellite server
CVE-2011-1593 (Multiple integer overflows in the next_pidmap function in kernel/pid.c ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1592 (The NFS dissector in epan/dissectors/packet-nfs.c in Wireshark 1.4.x ...)
	- wireshark <not-affected> (Windows-specific)
CVE-2011-1591 (Stack-based buffer overflow in the DECT dissector in ...)
	- wireshark 1.4.5-1
	[squeeze] - wireshark <not-affected> (Only affects 1.4.x)
	[lenny] - wireshark <not-affected> (Only affects 1.4.x)
CVE-2011-1590 (The X.509if dissector in Wireshark 1.2.x before 1.2.16 and 1.4.x ...)
	{DSA-2274-1}
	- wireshark 1.4.5-1 (unimportant)
CVE-2011-1589 (Directory traversal vulnerability in Path.pm in Mojolicious before ...)
	{DSA-2221-1}
	- libmojolicious-perl 1.16-1
CVE-2011-1588
	RESERVED
	- thunar <not-affected> (Introduced in 1.2, only in experimental)
	NOTE: http://git.xfce.org/xfce/thunar/diff/?id=03dd312e157d4fa8a11d5fa402706ae5b05806fa
CVE-2011-1587 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.4, ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1586 (Directory traversal vulnerability in the ...)
	- kdenetwork 4:4.6.3-1
	[squeeze] - kdenetwork 4:4.4.5-2+squeeze1
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
CVE-2011-1585 (The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux ...)
	{DSA-2240-1}
	- linux-2.6 <removed> (unimportant)
	NOTE: an exploitation requires the ability to run mount.cifs w/ root privs
CVE-2011-1584 (The updateFile function in inc/core/class.dc.media.php in the Media ...)
	- dotclear <not-affected> (Fixed before initial upload to archive)
CVE-2011-1583 (Multiple integer overflows in tools/libxc/xc_dom_bzimageloader.c in ...)
	{DSA-2337-1}
	- xen 4.1.1-1
	- xen-3 <removed>
	[lenny] - xen-3 <no-dsa> (Minor issue; only marginally affected)
CVE-2011-1582 (Apache Tomcat 7.0.12 and 7.0.13 processes the first request to a ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1581 (The bond_select_queue function in drivers/net/bonding/bond_main.c in ...)
	- linux-2.6 2.6.39-1 (low)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1580 (The transwiki import functionality in MediaWiki before 1.16.3 does not ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1579 (The checkCss function in includes/Sanitizer.php in the wikitext parser ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1578 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.3, ...)
	{DSA-2366-1}
	- mediawiki 1:1.15.5-5
CVE-2011-1577 (Heap-based buffer overflow in the is_gpt_valid function in ...)
	{DSA-2264-1}
	- linux-2.6 2.6.39-3 (low)
	[squeeze] - linux-2.6 2.6.32-35
CVE-2011-1576 (The Generic Receive Offload (GRO) implementation in the Linux kernel ...)
	{DSA-2303-1}
	- linux-2.6 3.0.0-5
	[lenny] - linux-2.6 <not-affected> (Code not present)
	NOTE: "...code path in question is no longer reachable..." not sure when this was fixed
CVE-2011-1575 (The STARTTLS implementation in ftp_parser.c in Pure-FTPd before 1.0.30 ...)
	- pure-ftpd 1.0.30-1 (low)
	[squeeze] - pure-ftpd 1.0.28-3+squeeze1
	[lenny] - pure-ftpd <no-dsa> (Minor issue)
CVE-2011-1574 (Stack-based buffer overflow in the ReadS3M method in load_s3m.cpp in ...)
	{DSA-2226-1}
	- libmodplug 1:0.8.8.2-1 (low; bug #622091)
CVE-2011-1573 (net/sctp/sm_make_chunk.c in the Linux kernel before 2.6.34, when ...)
	- linux-2.6 2.6.34-1
	[squeeze] - linux-2.6 2.6.32-34
	NOTE: http://xorl.wordpress.com/2011/05/08/cve-2011-1573-linux-kernel-sctp-initinit-ack-length-miscalculation/
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a8170c35e738d62e9919ce5b109cf4ed66e9
CVE-2011-1572 (Directory traversal vulnerability in the Admin Defined Commands (ADC) ...)
	{DSA-2215-1}
	- gitolite 1.5.7-2
	NOTE: https://github.com/sitaramc/gitolite/commit/a33f0f85047834212ff4baf5b479c6cf3d2a6075
	NOTE: https://github.com/sitaramc/gitolite/commit/4ce00aef84d1ff7c35f7adbbb99a6241cfda00cc
	[squeeze] - gitolite 1.5.4-2+squeeze1
CVE-2011-1571 (Unspecified vulnerability in the XSL Content portlet in Liferay Portal ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1570 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1569 (download.aspx in Douran Portal 3.9.7.8 allows remote attackers to ...)
	NOT-FOR-US: Douran Portal
CVE-2011-1568 (Format string vulnerability in the logText function in shmemmgr9.dll ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1567 (Multiple stack-based buffer overflows in IGSSdataServer.exe ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1566 (Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1565 (Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 ...)
	NOT-FOR-US: 7-Technologies Interactive Graphical SCADA System
CVE-2011-1564 (Multiple integer overflows in the HMI application in DATAC RealFlex ...)
	NOT-FOR-US: DATAC RealFlex RealWin
CVE-2011-1563 (Multiple stack-based buffer overflows in the HMI application in DATAC ...)
	NOT-FOR-US: DATAC RealFlex RealWin
CVE-2011-1562 (Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote ...)
	NOT-FOR-US: Ecava IntegraXor HMI
CVE-2011-1561 (The LDAP login feature in bos.rte.security 6.1.6.4 in IBM AIX 6.1, ...)
	NOT-FOR-US: IBM AIX 6.1
CVE-2011-1560 (solid.exe in IBM solidDB before 4.5.181, 6.0.x before 6.0.1067, 6.1.x ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-1559 (Unspecified vulnerability in the IBM Web Interface for Content ...)
	NOT-FOR-US: IBM WEBi
CVE-2011-1558 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...)
	NOT-FOR-US: IBM WEBi
CVE-2009-5070
	RESERVED
CVE-2009-5069
	RESERVED
CVE-2009-5068
	RESERVED
	NOT-FOR-US: Simple Machines Forum
CVE-2009-5067 (Directory traversal vulnerability in html2ps before 1.0b6 allows ...)
	- html2ps 1.0b7-1 (low; bug #548633)
	[squeeze] - html2ps <no-dsa> (Minor issue)
CVE-2009-5066 (twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials ...)
	- jbossas4 <not-affected> (twiddle.sh is included in the source package, but not in any of the binary packages)
CVE-2009-5065 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
CVE-2011-XXXX [drupal6-mod-tagadelic XSS]
	- drupal6-mod-tagadelic 1.3-1 (low)
	NOTE: DRUPAL-SA-CONTRIB-2011-013
CVE-2011-1557 (SQL injection vulnerability in ICloudCenter ICJobSite 1.1 allows ...)
	NOT-FOR-US: ICloudCenter ICJobSite
CVE-2011-1556 (SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1555 (SQL injection vulnerability in saa.php in Andy's PHP Knowledgebase ...)
	NOT-FOR-US: Aphpkb
CVE-2010-4778 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- imp4 4.3.10+debian0-1
	[squeeze] - imp4 <no-dsa> (Minor issue)
CVE-2011-1554 (Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1553 (Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1552 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ...)
	{DSA-2388-1}
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: see https://bugzilla.redhat.com/show_bug.cgi?id=692909#c23
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
CVE-2011-1551 (SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ ...)
	- cobbler <not-affected> (bug #796151; perms different on Debian)
	NOTE: /var/log/cobbler is set to cobbler:cobbler and daemon runs as root
CVE-2011-1550 (The default configuration of logrotate on SUSE openSUSE Factory uses ...)
	- logrotate <not-affected> (SuSE-specific, see CVE-2011-1548 for Debian)
CVE-2011-1549 (The default configuration of logrotate on Gentoo Linux uses root ...)
	- logrotate <not-affected> (Gentoo-specific, see CVE-2011-1548 for Debian)
CVE-2011-1548 (The default configuration of logrotate on Debian GNU/Linux uses root ...)
	- logrotate 3.7.8-6
CVE-2009-5064 (** DISPUTED ** ldd in the GNU C Library (aka glibc or libc6) 2.13 and ...)
	- eglibc 2.10.1-7
	- glibc 2.10.1-7
	NOTE: Obscure attack
CVE-2011-1547 (Multiple stack consumption vulnerabilities in the kernel in NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2011-1546 (Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase ...)
	NOT-FOR-US: Aphpkb
CVE-2011-1545 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2011-1544 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2011-1543 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2011-1542 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2011-1541 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-1540 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2011-1539 (Unspecified vulnerability in HP Proliant Support Pack (PSP) before 8.7 ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1538 (Open redirect vulnerability in HP Proliant Support Pack (PSP) before ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1537 (Cross-site scripting (XSS) vulnerability in HP Proliant Support Pack ...)
	NOT-FOR-US: HP Proliant Support Pack
CVE-2011-1536 (Unspecified vulnerability in HP Performance Insight 5.0, 5.1x. 5.2x, ...)
	NOT-FOR-US: HP Performance Insight
CVE-2011-1535 (Unspecified vulnerability in HP Insight Control for Linux (aka ...)
	NOT-FOR-US: HP Insight Control
CVE-2011-1534 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-1533 (Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1532 (Unspecified vulnerability in the SNMP component on the HP Photosmart ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1531 (The webscan component in the Embedded Web Server (EWS) on the HP ...)
	NOT-FOR-US: HP Photosmart
CVE-2011-1530 (The process_tgs_req function in do_tgs_req.c in the Key Distribution ...)
	- krb5 1.10+dfsg~alpha1-7
	[squeeze] - krb5 <not-affected> (Only affecs 1.9 and higher)
	[lenny] - krb5 <not-affected> (Only affecs 1.9 and higher)
CVE-2011-1529 (The lookup_lockout_policy function in the Key Distribution Center ...)
	{DSA-2379-1}
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1528 (The krb5_ldap_lockout_audit function in the Key Distribution Center ...)
	{DSA-2379-1}
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[lenny] - krb5 <not-affected> (Introduced in 1.8)
CVE-2011-1527 (The kdb_ldap plugin in the Key Distribution Center (KDC) in MIT ...)
	- krb5 1.10+dfsg~alpha1-1 (low; bug #646367)
	[squeeze] - krb5 <not-affected> (Introduced in 1.9)
	[lenny] - krb5 <not-affected> (Introduced in 1.9)
CVE-2011-1526 (ftpd.c in the GSS-API FTP daemon in MIT Kerberos Version 5 ...)
	{DSA-2283-1}
	- krb5-appl 1:1.0.1-1.1
CVE-2011-1525 (Heap-based buffer overflow in rvrender.dll in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2011-1524 (Cross-site scripting (XSS) vulnerability in the management login GUI ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-1523 (Cross-site scripting (XSS) vulnerability in statusmap.c in ...)
	- nagios3 3.2.3-3 (bug #629127)
	- icinga 1.4.1-1 (bug #629131)
	[squeeze] - nagios3 <no-dsa> (Minor issue)
	[lenny] - nagios3 <no-dsa> (Minor issue)
	[squeeze] - icinga <no-dsa> (Minor issue)
	[lenny] - icinga <no-dsa> (Minor issue)
	NOTE: http://tracker.nagios.org/view.php?id=207
CVE-2011-1522 (Multiple SQL injection vulnerabilities in the ...)
	{DSA-2223-1}
	- doctrine 1.2.4-1 (bug #622674)
CVE-2010-4777 (The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, ...)
	- perl 5.20.1-1 (unimportant; bug #628836)
	NOTE: Only affects Perl builds with enabled assertions, i.e. the debugperl binary from perl-debug
	NOTE: likely fixed sometime around 5.18, but 5.20 was the version checked
CVE-2009-5063 (Memory leak in the embedded_profile_len function in pngwutil.c in ...)
	- libpng 1.2.39-1 (unimportant)
CVE-2006-7244 (Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions ...)
	- libpng 1.2.39-1 (unimportant)
CVE-2011-1520 (The default configuration of the server console in IBM Lotus Domino ...)
	NOT-FOR-US: Lotus Domino
CVE-2011-1519 (The remote console in the Server Controller in IBM Lotus Domino 7.x ...)
	NOT-FOR-US: Lotus Domino
CVE-2011-1518 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
	{DSA-2231-1}
	- otrs2 2.4.10+dfsg1-1
CVE-2011-1521 (The urllib and urllib2 modules in Python 2.x before 2.7.2 and 3.x ...)
	{DLA-25-1}
	- python3.1 <removed> (bug #628453)
	[squeeze] - python3.1 <no-dsa> (Minor issue)
	- python3.2 3.2-3
	- python2.7 2.7.1-7
	- python2.6 2.6.7-1 (bug #628455)
	- python2.5 <removed>
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	NOTE: http://bugs.python.org/issue11662
CVE-2011-XXXX [htmlpurifier various]
	- php-htmlpurifier 4.3.0+dfsg1-1 (unimportant)
	- mahara 1.2.5-1
	[lenny] - mahara 1.0.4-4+lenny10
	NOTE: http://web.archive.org/web/20120515064303/http://htmlpurifier.org/news/2011/0327-4.3.0-released
	NOTE: htmlpurifier only provides library functions, it's not vulnerable by itself
	NOTE: If apps are vulnerable, this must be addressed there (as done for Mahara)
CVE-2011-1517
	RESERVED
CVE-2011-1516 (The kSBXProfileNoNetwork and kSBXProfileNoInternet sandbox profiles in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-1515 (The inet service in HP OpenView Storage Data Protector 6.00 through ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1514 (The inet service in HP OpenView Storage Data Protector 6.00 through ...)
	NOT-FOR-US: HP OpenView
CVE-2011-1513 (Static code injection vulnerability in install_.php in e107 CMS 0.7.24 ...)
	NOT-FOR-US: e107
CVE-2011-1512 (Heap-based buffer overflow in xlssr.dll in Autonomy KeyView, as used ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1511 (Unspecified vulnerability in the Oracle GlassFish Server component in ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-1510 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-1509 (The encryptPassword function in Login.js in ManageEngine ServiceDesk ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2011-1508 (Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, does not properly ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2011-1507 (Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
CVE-2010-4776 (SQL injection vulnerability in takefreestart.php in PreProjects Pre ...)
	NOT-FOR-US: PreProjects Pre Online Tests Generator Pro
CVE-2010-4775 (The Relevant Content module 5.x before 5.x-1.4 and 6.x before 6.x-1.5 ...)
	NOT-FOR-US: Relevant Content addon for Drupal
CVE-2010-4774 (SQL injection vulnerability in pdf.php in AuraCMS 1.62 allows remote ...)
	NOT-FOR-US: AuraCMS
CVE-2010-4773 (Unspecified vulnerability in Hitachi EUR Form Client before 05-10 -/D ...)
	NOT-FOR-US: Hitachi EUR Form, uCosminexus EUR Form Service
CVE-2010-4772 (Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS ...)
	NOT-FOR-US: S-CMS
CVE-2010-4771 (SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows ...)
	NOT-FOR-US: S-CMS
CVE-2010-4770 (SQL injection vulnerability in index.php in CommodityRentals DVD ...)
	NOT-FOR-US: CommodityRentals DVD Rentals Script
CVE-2010-4769 (Directory traversal vulnerability in the Jimtawl (com_jimtawl) ...)
	NOT-FOR-US: Jimtawl
CVE-2011-1506 (The STARTTLS implementation in Kerio Connect 7.1.4 build 2985 and ...)
	NOT-FOR-US: Kerio
CVE-2011-1505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.27 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2011-1504 (Cross-site scripting (XSS) vulnerability in Liferay Portal Community ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1503 (The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1502 (Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache ...)
	- liferay-portal <itp> (bug #569819)
CVE-2011-1501
	REJECTED
CVE-2011-1500 (PreferencesPithosDialog.py in Pithos 0.3.7 does not properly restrict ...)
	- pithos 0.3.8-1 (low)
CVE-2011-1499 (acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting ...)
	{DSA-2222-1}
	- tinyproxy 1.8.2-2 (bug #621493)
	[lenny] - tinyproxy <not-affected> (Vulnerable code not present)
CVE-2011-1498 (Apache HttpClient 4.x before 4.1.1 in Apache HttpComponents, when used ...)
	- httpcomponents-client 4.1.1-1 (bug #628727)
	[squeeze] - httpcomponents-client 4.0.1-1squeeze1
	NOTE: http://seclists.org/oss-sec/2011/q2/188
	NOTE: http://web.archive.org/web/20130102213624/http://www.apache.org/dist/httpcomponents/httpclient/RELEASE_NOTES-4.1.x.txt
CVE-2011-1497
	RESERVED
CVE-2011-1496 (tmux 1.3 and 1.4 does not properly drop group privileges, which allows ...)
	{DSA-2212-1}
	- tmux 1.4-6 (bug #620304)
	NOTE: CVE id requested
CVE-2011-1495 (drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel 2.6.38 and ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1494 (Integer overflow in the _ctl_do_mpt_command function in ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-5 (unimportant)
CVE-2011-1493 (Array index error in the rose_parse_national function in ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1492 (steps/utils/modcss.inc in Roundcube Webmail before 0.5.1 does not ...)
	- roundcube 0.5.1-1
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-1491 (The login form in Roundcube Webmail before 0.5.1 does not properly ...)
	- roundcube 0.5.1-1 (low)
	[squeeze] - roundcube <no-dsa> (Minor issue)
CVE-2011-1490
	RESERVED
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1489
	RESERVED
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1488
	RESERVED
	- rsyslog 5.7.6-1 (low)
	[squeeze] - rsyslog <no-dsa> (Minor issue)
	[lenny] - rsyslog <no-dsa> (Minor issue)
CVE-2011-1487 (The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl ...)
	{DSA-2265-1}
	- perl 5.10.1-20 (unimportant; bug #622817)
	NOTE: http://nntp.perl.org/group/perl.perl5.porters/171010
CVE-2011-1486 (libvirtd in libvirt before 0.9.0 does not use thread-safe error ...)
	{DSA-2280-1}
	- libvirt 0.9.0-1 (low; bug #623222)
	[lenny] - libvirt <no-dsa> (Minor issue)
CVE-2011-1485 (Race condition in the pkexec utility and polkitd daemon in PolicyKit ...)
	{DSA-2319-1}
	- policykit-1 0.101-4 (bug #644500)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=692922
CVE-2011-1484 (jboss-seam.jar in the JBoss Seam 2 framework 2.2.x and earlier, as ...)
	NOT-FOR-US: JBoss Seam
CVE-2011-1483 (wsf/common/DOMUtils.java in JBossWS Native in Red Hat JBoss Enterprise ...)
	NOT-FOR-US: JBoss Enterprise Web Platform
CVE-2011-1482 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1481 (Multiple cross-site scripting (XSS) vulnerabilities in Francisco Burzi ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1480 (SQL injection vulnerability in admin.php in the administration backend ...)
	NOT-FOR-US: PHP-Nuke
CVE-2011-1479 (Double free vulnerability in the inotify subsystem in the Linux kernel ...)
	- linux-2.6 2.6.38-4
	[lenny] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
	[squeeze] - linux-2.6 <not-affected> (Only affected 2.6.37 and 2.6.38)
CVE-2011-1478 (The napi_reuse_skb function in net/core/dev.c in the Generic Receive ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1477 (Multiple array index errors in sound/oss/opl3.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1476 (Integer underflow in the Open Sound System (OSS) subsystem in the ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1475 (The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1474
	RESERVED
	NOT-FOR-US: PaX hardening patch
	NOTE: http://seclists.org/oss-sec/2011/q1/579
CVE-2011-1473 (** DISPUTED ** OpenSSL before 0.9.8l, and 0.9.8m through 1.x, does not ...)
	NOTE: Generic protocol issue, no code fix. Workarounds exist, see bug #672456
	NOTE: and http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html
CVE-2011-1472 (The Nokia E75 phone with firmware before 211.12.01 allows physically ...)
	NOT-FOR-US: Nokia E75 phone
CVE-2009-5062 (IBM Lotus Quickr 8.1 before 8.1.0.15 services for Lotus Domino on AIX ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5061 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.14 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5060 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.11 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5059 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.10 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-5058 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before 8.1.0.5 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7286 (IBM Lotus Quickr 8.1 before 8.1.0.2 services for Lotus Domino does not ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7285 (Unspecified vulnerability in the docnote string handling ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-7284 (IBM Lotus Quickr 8.1 before 8100.003 services for Lotus Domino allows ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2011-1471 (Integer signedness error in zip_stream.c in the Zip extension in PHP ...)
	{DSA-2266-1}
	- php5 5.3.6-1
CVE-2011-1470 (The Zip extension in PHP before 5.3.6 allows context-dependent ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-1469 (Unspecified vulnerability in the Streams component in PHP before 5.3.6 ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: exploitable by malicious scripts only
CVE-2011-1468 (Multiple memory leaks in the OpenSSL extension in PHP before 5.3.6 ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: under normal conditions the amount of memory leaked is insignificant
CVE-2011-1467 (Unspecified vulnerability in the NumberFormatter::setSymbol (aka ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	[lenny] - php5 <not-affected> (intl extension included since 5.3)
	NOTE: Only triggerable with malicious script
CVE-2011-1466 (Integer overflow in the SdnToJulian function in the Calendar extension ...)
	{DSA-2266-1}
	- php5 5.3.6-1
	NOTE: null pointer deref because of int overflow. Fix has a bug
CVE-2011-1465 (The SPDY implementation in net/http/http_network_transaction.cc in ...)
	- chromium-browser <not-affected> (only the dev version was affected)
	- webkit <not-affected> (chromium specific)
CVE-2011-1464 (Buffer overflow in the strval function in PHP before 5.3.6, when the ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: ini setting needs to be modified.
CVE-2011-1463
	RESERVED
CVE-2011-1462 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1461
	RESERVED
CVE-2011-1460
	RESERVED
CVE-2011-1459
	RESERVED
CVE-2011-1458
	RESERVED
CVE-2011-1457 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1456 (Google Chrome before 11.0.696.57 does not properly handle PDF forms, ...)
	- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1455 (Google Chrome before 11.0.696.57 does not properly handle PDF ...)
	- chromium-browser <not-affected> (chrome pdf plugin)
CVE-2011-1454 (Use-after-free vulnerability in the DOM id handling functionality in ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/84015
CVE-2011-1453 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1452 (Google Chrome before 11.0.696.57 allows user-assisted remote attackers ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1451 (Google Chrome before 11.0.696.57 does not properly handle DOM id maps, ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/83209
CVE-2011-1450 (Google Chrome before 11.0.696.57 does not properly present file ...)
	- chromium-browser 11.0.696.65~r84435-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-1449 (Use-after-free vulnerability in the WebSockets implementation in ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82088
CVE-2011-1448 (Google Chrome before 11.0.696.57 does not properly perform height ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81786
CVE-2011-1447 (Google Chrome before 11.0.696.57 does not properly handle drop-down ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81851
CVE-2011-1446 (Google Chrome before 11.0.696.57 allows remote attackers to spoof the ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1445 (Google Chrome before 11.0.696.57 does not properly handle SVG ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81689
CVE-2011-1444 (Race condition in the sandbox launcher implementation in Google Chrome ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.65~r84435-1
	- webkit <not-affected> (chromium sandbox)
CVE-2011-1443 (Google Chrome before 11.0.696.57 does not properly implement layering, ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/82624
CVE-2011-1442 (Google Chrome before 11.0.696.57 does not properly handle mutation ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81611
CVE-2011-1441 (Google Chrome before 11.0.696.57 does not properly perform a cast of ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80773
	NOTE: http://trac.webkit.org/changeset/81088
CVE-2011-1440 (Use-after-free vulnerability in Google Chrome before 11.0.696.57 ...)
	{DSA-2245-1}
	- chromium-browser 11.0.696.65~r84435-1
	NOTE: http://trac.webkit.org/changeset/84009
CVE-2011-1439 (Google Chrome before 11.0.696.57 on Linux does not properly isolate ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1438 (Google Chrome before 11.0.696.57 allows remote attackers to bypass the ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/81399
CVE-2011-1437 (Multiple integer overflows in Google Chrome before 11.0.696.57 allow ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/79462
CVE-2011-1436 (Google Chrome before 11.0.696.57 on Linux does not properly interact ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1435 (Google Chrome before 11.0.696.57 does not properly implement the tabs ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1434 (Google Chrome before 11.0.696.57 does not ensure thread safety during ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (chromium specific)
CVE-2011-1433 (The (1) AgentInterface and (2) CustomerInterface components in Open ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligable security impact
CVE-2010-4768 (Open Ticket Request System (OTRS) before 2.3.5 does not properly ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4767 (Open Ticket Request System (OTRS) before 2.3.6 does not properly ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4766 (The AgentTicketForward feature in Open Ticket Request System (OTRS) ...)
	- otrs2 2.4.7+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4765 (Race condition in the Kernel::System::Main::FileWrite method in Open ...)
	- otrs2 2.4.8+dfsg1-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2010-4764 (Open Ticket Request System (OTRS) before 2.4.10, and 3.x before 3.0.3, ...)
	- otrs2 2.4.10+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4763 (The ACL-customer-status Ticket Type setting in Open Ticket Request ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligable security impact
CVE-2010-4762 (Cross-site scripting (XSS) vulnerability in the rich-text-editor ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligable security impact
CVE-2010-4761 (The customer-interface ticket-print dialog in Open Ticket Request ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Marginal security impact, standard bug
CVE-2010-4760 (Open Ticket Request System (OTRS) before 3.0.0-beta6 adds ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: No security impact, feature enhancement
CVE-2010-4759 (Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: No security impact, feature enhancement
CVE-2010-4758 (installer.pl in Open Ticket Request System (OTRS) before 3.0.3 has an ...)
	- otrs2 3.0.8+dfsg1-1 (unimportant)
	NOTE: Negligable security enhancement
CVE-2009-5057 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5056 (Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2009-5055 (Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on ...)
	- otrs2 2.4.5-1 (low)
	[lenny] - otrs2 <no-dsa> (Minor issue)
CVE-2008-7283 (Open Ticket Request System (OTRS) before 2.2.6, when customer group ...)
	- otrs2 2.2.6-1
CVE-2008-7282 (Kernel/Output/HTML/CustomerNewTicketQueueSelectionGeneric.pm in Open ...)
	- otrs2 2.2.6-1
CVE-2008-7281 (Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing ...)
	- otrs2 2.2.7-1
CVE-2008-7280 (Kernel/System/EmailParser.pm in PostmasterPOP3.pl in Open Ticket ...)
	- otrs2 2.2.7-1
CVE-2008-7279 (The CustomerInterface component in Open Ticket Request System (OTRS) ...)
	- otrs2 2.3.2-1
CVE-2008-7278 (The S/MIME feature in Open Ticket Request System (OTRS) before 2.2.5, ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7277 (Open Ticket Request System (OTRS) before 2.3.0-beta4 checks for the rw ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7276 (Kernel/System/Web/Request.pm in Open Ticket Request System (OTRS) ...)
	- otrs2 2.3.2-1 (low)
CVE-2008-7275 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
	- otrs2 2.3.3-1
CVE-2011-1432 (The STARTTLS implementation in SCO SCOoffice Server does not properly ...)
	NOT-FOR-US: SCO SCOoffice Server
CVE-2011-1431 (The STARTTLS implementation in qmail-smtpd.c in qmail-smtpd in the ...)
	- qmail <removed> (unimportant; bug #652378)
	NOTE: The TLS patch is shipped in the source package, but it's not applied
	- netqmail <not-affected> (Doesn't include the TLS patch)
CVE-2011-1430 (The STARTTLS implementation in the server in Ipswitch IMail 11.03 and ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2011-1429 (Mutt does not verify that the smtps server hostname matches the domain ...)
	- mutt 1.5.21-5 (low; bug #619216)
	[squeeze] - mutt 1.5.20-9+squeeze2
	[lenny] - mutt <no-dsa> (Minor issue)
	NOTE: http://dev.mutt.org/trac/ticket/3506
CVE-2011-1428 (Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does ...)
	{DSA-2598-1}
	- weechat 0.3.5-1
CVE-2011-1427 (Multiple cross-site scripting (XSS) vulnerabilities in Kodak InSite ...)
	NOT-FOR-US: Kodak InSite
CVE-2011-1426 (The OpenURLInDefaultBrowser method in RealNetworks RealPlayer 11.0 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1425 (xslt.c in XML Security Library (aka xmlsec) before 1.2.17, as used in ...)
	{DSA-2219-1}
	- xmlsec1 1.2.14-1.1 (bug #620560)
	NOTE: http://www.aleksey.com/xmlsec/news.html
CVE-2011-1424 (The default configuration of ExShortcut\Web.config in EMC SourceOne ...)
	NOT-FOR-US: EMC SourceOne Email Management
CVE-2011-1423 (Cross-site scripting (XSS) vulnerability in RSA Data Loss Prevention ...)
	NOT-FOR-US: RSA Data Loss Prevention Enterprise Manager
CVE-2011-1422 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave ...)
	NOT-FOR-US: EMC RSA Adaptive Authentication On-Premise
CVE-2011-1421 (EMC NetWorker 7.5.x before 7.5.4.3 and 7.6.x before 7.6.1.5, when the ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-1420 (EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC ...)
	NOT-FOR-US: EMC Data Protection Advisor Collector
CVE-2011-1419 (Apache Tomcat 7.x before 7.0.11, when web.xml has no security ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1418 (The stateless address autoconfiguration (aka SLAAC) functionality in ...)
	NOT-FOR-US: Apple iOS
CVE-2011-1417 (Integer overflow in QuickLook, as used in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: QuickLook,
CVE-2011-1416 (The Research In Motion (RIM) BlackBerry Torch 9800 with firmware ...)
	NOT-FOR-US: BlackBerry
CVE-2011-1415
	REJECTED
CVE-2010-4757 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 ...)
	NOT-FOR-US: e107
CVE-2011-1414 (Cross-site scripting (XSS) vulnerability in the tibbr web server, as ...)
	NOT-FOR-US: TIBCO tibbr
CVE-2011-1413 (Google Chrome before 10.0.648.127 on Linux does not properly mitigate ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1412 (sys/sys_unix.c in the ioQuake3 engine on Unix and Linux, as used in ...)
	- openarena <not-affected> (Vulnerable code not present, the version in sid uses ioquake3)
	- ioquake3 1.36+svn1946-4
CVE-2011-1411 (Shibboleth OpenSAML library 2.4.x before 2.4.3 and 2.5.x before 2.5.1, ...)
	{DSA-2284-1}
	- opensaml2 2.4.3-1
CVE-2011-1410
	RESERVED
CVE-2011-1409 (Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly ...)
	{DSA-2259-1}
	- fex 20110610-1
CVE-2011-1408 [ikiwiki tty hijacking vulnerability]
	RESERVED
	- ikiwiki 3.20110608 (low)
	[squeeze] - ikiwiki <no-dsa> (Minor issue)
CVE-2011-1407 (The DKIM implementation in Exim 4.7x before 4.76 permits matching for ...)
	{DSA-2236-1}
	- exim4 4.76-1
	[lenny] - exim4 <not-affected> (Vulnerable code not present)
CVE-2011-1406 (Mahara before 1.3.6 does not properly handle an https URL in the ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1405 (Cross-site scripting (XSS) vulnerability in Mahara before 1.3.6 allows ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1404 (Mahara before 1.3.6 does not properly restrict the data in responses ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1403 (Cross-site request forgery (CSRF) vulnerability in the pieforms ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1402 (Mahara before 1.3.6 allows remote authenticated users to bypass ...)
	{DSA-2246-1}
	- mahara 1.3.6-1
CVE-2011-1401 (ikiwiki before 3.20110328 does not ascertain whether the htmlscrubber ...)
	{DSA-2214-1}
	- ikiwiki 3.20110328
CVE-2011-1400 (The default configuration of the shell_escape_commands directive in ...)
	{DSA-2198-1}
	- tex-common 2.09
CVE-2011-1399
	RESERVED
CVE-2011-1398 (The sapi_header_op function in main/SAPI.c in PHP before 5.3.11 and ...)
	- php5 5.4.0~rc5-1 (low)
	[squeeze] - php5 <no-dsa> (Minor issue)
CVE-2011-1397 (Cross-site request forgery (CSRF) vulnerability in the Labor Reporting ...)
	NOT-FOR-US: IBM Tivoli
CVE-2011-1396 (Cross-site scripting (XSS) vulnerability in IBM Maximo Asset ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1395 (Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1394 (IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, ...)
	NOT-FOR-US: IBM Maximo Asset Management
CVE-2011-1393 (Unspecified vulnerability in the authentication functionality in the ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-1392 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1391 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1390 (SQL injection vulnerability in the Maintenance tool in IBM Rational ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2011-1389 (Multiple directory traversal vulnerabilities in the vendor daemon in ...)
	NOT-FOR-US: Telelogic License Server
CVE-2011-1388 (The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll ...)
	NOT-FOR-US: IBM Rational Rhapsody
CVE-2011-1387
	RESERVED
CVE-2011-1386 (IBM Tivoli Federated Identity Manager (TFIM) and Tivoli Federated ...)
	NOT-FOR-US: IBM Tivoli Federated Identity Manager
CVE-2011-1385 (IBM AIX 5.3, 6.1, and 7.1, and VIOS 2.1.x and 2.2.x, allows remote ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1384 (The (1) bin/invscoutClient_VPD_Survey and (2) sbin/invscout_lsvpd ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1383
	RESERVED
CVE-2011-1382
	RESERVED
CVE-2011-1381 (Unspecified vulnerability in IBM OpenPages GRC Platform 6.1.0.1 before ...)
	NOT-FOR-US: IBM OpenPages GRC Platform
CVE-2011-1380
	RESERVED
CVE-2011-1379
	RESERVED
CVE-2011-1378 (IBM WebSphere MQ 6.0 on OpenVMS, when the default rights of the MQM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1377 (The Web Services Security component in the Web Services Feature Pack ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1376 (iscdeploy in IBM WebSphere Application Server (WAS) 6.1 before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1375 (IBM AIX 6.1 and 7.1 does not restrict the wpar_limits_config and ...)
	NOT-FOR-US: IBM AIX
CVE-2011-1374 (Buffer overflow in Apple QuickTime before 7.7.3 allows remote ...)
	NOT-FOR-US: Appe QuickTime
CVE-2011-1373 (Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the ...)
	NOT-FOR-US: IBM DB2
CVE-2011-1372 (The Web User Interface on the IBM TS3100 and TS3200 tape libraries ...)
	NOT-FOR-US: IBM web interface to tape libraries
CVE-2011-1371 (Cross-site scripting (XSS) vulnerability in content/error.jsp in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1370 (The default configuration of the Sametime configuration servlet (SCS) ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2011-1369
	RESERVED
CVE-2011-1368 (The JavaServer Faces (JSF) application functionality in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1367 (Unspecified vulnerability in the File Load feature in IBM Rational ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2011-1366 (Unspecified vulnerability in the Import feature in IBM Rational ...)
	NOT-FOR-US: IBM Rational AppScan
CVE-2011-1365
	RESERVED
CVE-2011-1364 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Goole App Engine Python SDK
CVE-2011-1363
	RESERVED
CVE-2011-1362 (Cross-site scripting (XSS) vulnerability in the Installation ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1361
	RESERVED
CVE-2011-1360 (Multiple cross-site scripting (XSS) vulnerabilities in IBM HTTP Server ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2011-1359 (Directory traversal vulnerability in the administration console in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2011-1358
	RESERVED
CVE-2011-1357 (Cross-site scripting (XSS) vulnerability in agentDetect.jsp in the web ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2011-1356 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1355 (Open redirect vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1354
	RESERVED
CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2011-1352 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to ...)
	NOT-FOR-US: Anroid
CVE-2011-1351
	RESERVED
CVE-2011-1350 (The PowerVR SGX driver in Android before 2.3.6 allows attackers to ...)
	NOT-FOR-US: Android
CVE-2011-1349
	RESERVED
CVE-2011-1348
	RESERVED
CVE-2011-1347 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1346 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1345 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
	NOT-FOR-US: Internet Explorer
CVE-2011-1344 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1343 (SQL injection vulnerability in the Web GUI in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2011-1342 (SQL injection vulnerability in Aimluck Aipo before 5.1.1, and Aipo for ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2011-1341 (Cross-site request forgery (CSRF) vulnerability in Aimluck Aipo before ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2011-1340 (Cross-site scripting (XSS) vulnerability in ...)
	- plone3 <removed>
CVE-2011-1339 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
	NOT-FOR-US: Google Search Appliance
CVE-2011-1338 (Untrusted search path vulnerability in XnView before 1.98.1 allows ...)
	NOT-FOR-US: XnView
CVE-2011-1337 (Opera before 11.50 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2011-1336 (Buffer overflow in ALZip 8.21 and earlier allows remote attackers to ...)
	NOT-FOR-US: ALZip
CVE-2011-1335 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, 7, and 8 ...)
	NOT-FOR-US: Cybozu Office
CVE-2011-1334 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6, Cybozu ...)
	NOT-FOR-US: Cybozu
CVE-2011-1333 (Cross-site scripting (XSS) vulnerability in Cybozu Office 6 and Cybozu ...)
	NOT-FOR-US: Cybozu
CVE-2011-1332 (Cross-site scripting (XSS) vulnerability in Cybozu Garoon 2.0.0 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2011-1331 (JustSystems Ichitaro 2005 through 2011, Ichitaro Government 6, ...)
	NOT-FOR-US: JustSystems Ichitaro Products
CVE-2011-1330 (Cross-site scripting (XSS) vulnerability in WeblyGo 5.0 Pro/LE, 5.02 ...)
	NOT-FOR-US: WeblyGo
CVE-2011-1329 (WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly ...)
	NOT-FOR-US: WalRack
CVE-2011-1328 (SQL injection vulnerability in RADVISION iVIEW Suite before 7.5 allows ...)
	NOT-FOR-US: RADVISION iVIEW Suite
CVE-2011-1327 (The Keystroke Encryption feature in Trend Micro Internet Security 2009 ...)
	NOT-FOR-US: Trend Micro Internet Security
CVE-2011-1326 (Unspecified vulnerability on the La Fonera+ router with firmware ...)
	NOT-FOR-US: La Fonera+ router
CVE-2011-1325 (Cross-site request forgery (CSRF) vulnerability in EC-CUBE before ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-1324 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Buffalo routers
CVE-2011-1323 (Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware ...)
	NOT-FOR-US: Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers
CVE-2011-1322 (The SOAP with Attachments API for Java (SAAJ) implementation in the ...)
	NOT-FOR-US: WebSphere
CVE-2011-1321 (The AuthCache purge implementation in the Security component in IBM ...)
	NOT-FOR-US: WebSphere
CVE-2011-1320 (The Security component in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: WebSphere
CVE-2011-1319 (The Security component in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: WebSphere
CVE-2011-1318 (Memory leak in org.apache.jasper.runtime.JspWriterImpl.response in the ...)
	NOT-FOR-US: WebSphere
CVE-2011-1317 (Memory leak in com.ibm.ws.jsp.runtime.WASJSPStrBufferImpl in the ...)
	NOT-FOR-US: WebSphere
CVE-2011-1316 (The Session Initiation Protocol (SIP) Proxy in the HTTP Transport ...)
	NOT-FOR-US: WebSphere
CVE-2011-1315 (Memory leak in the messaging engine in IBM WebSphere Application ...)
	NOT-FOR-US: WebSphere
CVE-2011-1314 (The Service Integration Bus (SIB) messaging engine in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2011-1313 (Double free vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: WebSphere
CVE-2011-1312 (The Administrative Console component in IBM WebSphere Application ...)
	NOT-FOR-US: WebSphere
CVE-2011-1311 (The Security component in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: WebSphere
CVE-2011-1310 (The Administrative Scripting Tools component in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2011-1309 (The Plug-in component in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: WebSphere
CVE-2011-1308 (Cross-site scripting (XSS) vulnerability in the Installation ...)
	NOT-FOR-US: WebSphere
CVE-2011-1307 (The installer in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: WebSphere
CVE-2011-1306 (Unspecified vulnerability in the Scratchpad application in Google ...)
	NOT-FOR-US: Google ChromeOS
CVE-2011-1305 (Race condition in Google Chrome before 11.0.696.57 on Linux and Mac OS ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/76713
CVE-2011-1304 (Unspecified vulnerability in Google Chrome before 11.0.696.57 allows ...)
	- chromium-browser 11.0.696.65~r84435-1 (unimportant)
CVE-2011-1303 (Google Chrome before 11.0.696.57 does not properly handle floating ...)
	- chromium-browser 11.0.696.65~r84435-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80682
CVE-2011-1302 (Heap-based buffer overflow in the GPU process in Google Chrome before ...)
	- chromium-browser 10.0.648.205~r81283-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1301 (Use-after-free vulnerability in the GPU process in Google Chrome ...)
	- chromium-browser 10.0.648.205~r81283-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1300 (The Program::getActiveUniformMaxLength function in ...)
	NOT-FOR-US: Mozilla Firefox on Windows, Google Chrome on Windows
CVE-2011-1299
	RESERVED
CVE-2011-1298
	RESERVED
CVE-2011-1297
	RESERVED
CVE-2011-1296 (Google Chrome before 10.0.648.204 does not properly handle SVG text, ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80520
CVE-2011-1295 (WebKit, as used in Google Chrome before 10.0.648.204 and Apple Safari ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/80487
CVE-2011-1294 (Google Chrome before 10.0.648.204 does not properly handle Cascading ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/80144
CVE-2011-1293 (Use-after-free vulnerability in the HTMLCollection implementation in ...)
	{DSA-2245-1}
	- chromium-browser 10.0.648.204~r79063-1
	NOTE: http://trac.webkit.org/changeset/80797
CVE-2011-1292 (Use-after-free vulnerability in the frame-loader implementation in ...)
	{DSA-2245-1}
	- chromium-browser 10.0.648.204~r79063-1
	NOTE: http://trac.webkit.org/changeset/79808
CVE-2011-1291 (Google Chrome before 10.0.648.204 does not properly handle base ...)
	- chromium-browser 10.0.648.204~r79063-1
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1290 (Integer overflow in WebKit, as used on the Research In Motion (RIM) ...)
	{DSA-2192-1}
	- chromium-browser 10.0.648.133~r77742-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: needs port
	NOTE: http://trac.webkit.org/changeset/80787
CVE-2011-1289
	RESERVED
CVE-2011-1288 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-1287
	RESERVED
CVE-2011-1286 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1285 (The regular-expression functionality in Google Chrome before ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1284 (Integer overflow in the Client/Server Run-time Subsystem (aka CSRSS) ...)
	NOT-FOR-US: MS Windows
CVE-2011-1283 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...)
	NOT-FOR-US: MS Windows
CVE-2011-1282 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...)
	NOT-FOR-US: MS Windows
CVE-2011-1281 (The Client/Server Run-time Subsystem (aka CSRSS) in the Win32 ...)
	NOT-FOR-US: MS Windows
CVE-2011-1280 (The XML Editor in Microsoft InfoPath 2007 SP2 and 2010; SQL Server ...)
	NOT-FOR-US: Microsoft InfoPath, SQL Server, SQL Server Management Studio Express, Visual Studio
CVE-2011-1279 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1278 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly ...)
	NOT-FOR-US: Microsoft Excel, Office
CVE-2011-1277 (Microsoft Excel 2002 SP3, Office 2008 for Mac, and Open XML File ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1276 (Buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1275 (Microsoft Excel 2002 SP3; Office 2004, 2008, and 2011 for Mac; and ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter
CVE-2011-1274 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1273 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1272 (Microsoft Excel 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and 2008 ...)
	NOT-FOR-US: Microsoft Excel, Office, Open XML File Format Converter, Excel Viewer, Office Compatibility Pack
CVE-2011-1271 (The JIT compiler in Microsoft .NET Framework 3.5 Gold and SP1, 3.5.1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2011-1270 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft PowerPoint 2002 SP3 and 2003 SP3
CVE-2011-1269 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...)
	NOT-FOR-US: Microsoft
CVE-2011-1268 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1267 (The SMB server in Microsoft Windows Vista SP1 and SP2, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1266 (The Vector Markup Language (VML) implementation in vgx.dll in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1265 (The Bluetooth Stack 2.1 in Microsoft Windows Vista SP1 and SP2 and ...)
	NOT-FOR-US: MS Windows
CVE-2011-1264 (Cross-site scripting (XSS) vulnerability in Active Directory ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1263 (Cross-site scripting (XSS) vulnerability in the logon page in Remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1262 (Microsoft Internet Explorer 7 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1261 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1260 (Microsoft Internet Explorer 8 and 9 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1259
	REJECTED
CVE-2011-1258 (Microsoft Internet Explorer 6 through 8 does not properly restrict web ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1257 (Race condition in Microsoft Internet Explorer 6 through 8 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1256 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1255 (The Timed Interactive Multimedia Extensions (aka HTML+TIME) ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1254 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1253 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5.1, and 4, and ...)
	NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-1252 (Cross-site scripting (XSS) vulnerability in the SafeHTML function in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1251 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1250 (Microsoft Internet Explorer 6 through 9 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1249 (The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1248 (WINS in Microsoft Windows Server 2003 SP2 and Server 2008 Gold, SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1247 (Untrusted search path vulnerability in the Microsoft Active ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1246 (Microsoft Internet Explorer 8 does not properly handle content ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1245 (Microsoft Internet Explorer 6 and 7 does not properly restrict script ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1244 (Microsoft Internet Explorer 6, 7, and 8 does not enforce intended ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-1243 (The Windows Messenger ActiveX control in msgsc.dll in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1242 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1241 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1240 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1239 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1238 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1237 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1236 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1235 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1234 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1233 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1232 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1231 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1230 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1229 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1228 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1227 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1226 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-1225 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-XXXX [dokuwiki ACL bypass]
	- dokuwiki 0.0.20101107a-1 (low)
	[squeeze] - dokuwiki <no-dsa> (Minor issue)
	[lenny] - dokuwiki <no-dsa> (Minor issue)
CVE-2011-1224 (IBM WebSphere MQ 6.0 before 6.0.2.11 and 7.0 before 7.0.1.5 does not ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-1223 (Buffer overflow in the Alternate Data Stream (aka ADS or named stream) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1222 (Buffer overflow in the Journal Based Backup (JBB) feature in the ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2011-1221 (Cross-zone scripting vulnerability in the RealPlayer ActiveX control ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2011-1220 (Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM ...)
	NOT-FOR-US: IBM Tivoli Management Framework
CVE-2011-1219
	RESERVED
CVE-2011-1218 (Buffer overflow in kvarcve.dll in Autonomy KeyView, as used in IBM ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1217 (Buffer overflow in kpprzrdr.dll in Autonomy KeyView, as used in IBM ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1216 (Stack-based buffer overflow in assr.dll in Autonomy KeyView, as used ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1215 (Stack-based buffer overflow in mw8sr.dll in Autonomy KeyView, as used ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1214 (Stack-based buffer overflow in rtfsr.dll in Autonomy KeyView, as used ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1213 (Integer underflow in lzhsr.dll in Autonomy KeyView, as used in IBM ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2011-1212
	RESERVED
CVE-2011-1211
	RESERVED
CVE-2011-1210
	RESERVED
CVE-2011-1209 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1208 (IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and ...)
	NOT-FOR-US: IBM solidDB
CVE-2011-1207 (The ActiveBar1 ActiveX control in the Data Dynamics ActiveBar ActiveX ...)
	NOT-FOR-US: IBM Rational System
CVE-2011-1206 (Stack-based buffer overflow in the server process in ibmslapd.exe in ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2011-1205 (Multiple buffer overflows in unspecified COM objects in Rational ...)
	NOT-FOR-US: IBM Rational ClearCase, ClearQuest
CVE-2011-1204 (Google Chrome before 10.0.648.127 does not properly handle attributes, ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/79810
	NOTE: very hard to merge: needs introduction of ScopedEventQueue.cpp
CVE-2011-1203 (Google Chrome before 10.0.648.127 does not properly handle SVG ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79476
CVE-2011-1202 (The xsltGenerateIdFunction function in functions.c in libxslt 1.1.26 ...)
	- libxslt 1.1.26-7 (low; bug #617413)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <no-dsa> (minor issue)
	- iceweasel 3.5.19-1
	[squeeze] - iceweasel <no-dsa> (minor issue)
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[squeeze] - iceape <no-dsa> (minor issue)
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: http://scarybeastsecurity.blogspot.com/2011/03/multi-browser-heap-address-leak-in-xslt.html
	[squeeze] - libxslt 1.1.26-6+squeeze1
	[lenny] - libxslt <no-dsa> (minor issue)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-1201 (The context implementation in WebKit, as used in Google Chrome before ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (losecontext not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/78921
CVE-2011-1200 (Google Chrome before 10.0.648.127 does not properly perform a cast of ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/78744
CVE-2011-1199 (Google Chrome before 10.0.648.127 does not properly handle DataView ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in libv8 bindings)
	NOTE: https://trac.webkit.org/changeset/78738
CVE-2011-1198 (The video functionality in Google Chrome before 10.0.648.127 allows ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- libav <not-affected> (Specific to ffmpeg-mt)
CVE-2011-1197 (Google Chrome before 10.0.648.127 does not properly perform table ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79734
CVE-2011-1196 (The OGG container implementation in Google Chrome before 10.0.648.127 ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- libav 4:0.7.1-1
	- ffmpeg-debian <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
	- ffmpeg <not-affected> (Info from maintainer: the patch does not apply 0.5, and I failed to reproduce)
CVE-2011-1195 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/78147
CVE-2011-1194 (Multiple unspecified vulnerabilities in Google Chrome before ...)
	- chromium-browser 10.0.648.127~r76697-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/77049
	NOTE: http://trac.webkit.org/changeset/77329
	NOTE: popup blocker bypass not treated as a security issue
CVE-2011-1193 (Google V8, as used in Google Chrome before 10.0.648.127, allows remote ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1192 (Google Chrome before 10.0.648.127 on Linux does not properly handle ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in chromium-specific code)
	NOTE: http://trac.webkit.org/changeset/76732
CVE-2011-1191 (Use-after-free vulnerability in Google Chrome before 10.0.648.127 ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not yet present)
	NOTE: http://trac.webkit.org/changeset/76652
CVE-2011-1190 (The Web Workers implementation in Google Chrome before 10.0.648.127 ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/77563
CVE-2011-1189 (Google Chrome before 10.0.648.127 does not properly perform box ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/79689
CVE-2011-1188 (Google Chrome before 10.0.648.127 does not properly handle counter ...)
	{DSA-2189-1}
	- chromium-browser 10.0.648.127~r76697-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/77142
CVE-2011-1187 (Google Chrome before 10.0.648.127 allows remote attackers to bypass ...)
	- libv8 3.1.8.10-1 (bug #617418)
	[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
	- icedove 17.0.2-1 (low)
	[wheezy] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - icedove <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceweasel 12.0-1 (bug #703071)
	[wheezy] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - iceweasel <no-dsa> (Minor issue, also not fixed in ESV branch)
	- iceape <removed> (low)
	[wheezy] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	[squeeze] - iceape <no-dsa> (Minor issue, also not fixed in ESV branch)
	NOTE: Fixed in Thunderbird 12 and Seamonkey 2.9
CVE-2011-1186 (Google Chrome before 10.0.648.127 on Linux does not properly handle ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1185 (Google Chrome before 10.0.648.127 does not prevent (1) navigation and ...)
	- chromium-browser 10.0.648.127~r76697-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: http://trac.webkit.org/changeset/74853
CVE-2011-1184 (The HTTP Digest Access Authentication implementation in Apache Tomcat ...)
	{DSA-2401-1}
	- tomcat6 6.0.32-7
	- tomcat7 7.0.12
	- tomcat5.5 <removed>
CVE-2011-1183 (Apache Tomcat 7.0.11, when web.xml has no login configuration, does ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1182 (kernel/signal.c in the Linux kernel before 2.6.39 allows local users ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
CVE-2011-1181 [missing error handling in linux netdev]
	REJECTED
CVE-2011-1180 (Multiple stack-based buffer overflows in the ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4
CVE-2011-1179 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
	NOT-FOR-US: SPICE Firefox plug-in
CVE-2011-1178 (Multiple integer overflows in the load_image function in file-pcx.c in ...)
	- gimp 2.6.10-1
	NOTE: Likely fixed earlier, but only the squeeze version was checked
CVE-2011-1177
	RESERVED
CVE-2011-1176 (The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk ...)
	{DSA-2202-1}
	- apache2 2.2.17-2 (bug #618857; medium)
	[lenny] - apache2 <not-affected> (different source package in lenny: apache2-mpm-itk)
	- apache2-mpm-itk <removed>
	[lenny] - apache2-mpm-itk <not-affected> (bug was introduced later, in 2.2.11-01)
CVE-2011-1175 (tcptls.c in the TCP/TLS server in Asterisk Open Source 1.6.1.x before ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1174 (manager.c in Asterisk Open Source 1.6.1.x before 1.6.1.24, 1.6.2.x ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2011-1173 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1172 (net/ipv6/netfilter/ip6_tables.c in the IPv6 implementation in the ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1171 (net/ipv4/netfilter/ip_tables.c in the IPv4 implementation in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1170 (net/ipv4/netfilter/arp_tables.c in the IPv4 implementation in the ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1169 (Array index error in the asihpi_hpi_ioctl function in ...)
	- linux-2.6 2.6.38-2
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1168 (Cross-site scripting (XSS) vulnerability in the KHTMLPart::htmlError ...)
	- kde4libs 4:4.4.5-4 (low)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2011-1167 (Heap-based buffer overflow in the thunder (aka ThunderScan) decoder in ...)
	{DSA-2210-1}
	- tiff 3.9.4-9 (bug #619614)
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2011-1166 (Xen, possibly before 4.0.2, allows local 64-bit PV guests to cause a ...)
	{DSA-2337-1}
	- xen 4.1.0-1
	- xen-3 <removed>
CVE-2011-1165 (Vino, possibly before 3.2, does not properly document that it opens ...)
	- vino <unfixed> (unimportant)
	NOTE: Mostly interface glitches
CVE-2011-1164 (Vino before 2.99.4 can connect external networks contrary to the ...)
	- vino <unfixed> (unimportant)
	NOTE: Mostly interface glitches
CVE-2011-1163 (The osf_partition function in fs/partitions/osf.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1
CVE-2011-1162 (The tpm_read function in the Linux kernel 2.6 does not properly clear ...)
	- linux-2.6 3.0.0-5 (low)
	[squeeze] - linux-2.6 2.6.32-40
CVE-2011-1161
	REJECTED
CVE-2011-1160 (The tpm_open function in drivers/char/tpm/tpm.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1159 (acpid.c in acpid before 2.0.9 does not properly handle a situation in ...)
	{DSA-2362-1}
	- acpid 1:2.0.9-1
	[lenny] - acpid <no-dsa> (Minor issue)
CVE-2011-1158 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120304003020/https://code.google.com/p/feedparser/issues/detail?id=255
CVE-2011-1157 (Cross-site scripting (XSS) vulnerability in feedparser.py in Universal ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20120211010803/https://code.google.com/p/feedparser/issues/detail?id=254
CVE-2011-1156 (feedparser.py in Universal Feed Parser (aka feedparser or ...)
	- feedparser 5.0.1-1 (low; bug #617998)
	[squeeze] - feedparser <no-dsa> (Minor issue)
	[lenny] - feedparser <no-dsa> (Minor issue)
	- planet-venus 0~git9de2109-2 (low; bug #684246)
	[wheezy] - planet-venus <no-dsa> (Minor issue)
	[squeeze] - planet-venus <no-dsa> (Minor issue)
	[lenny] - planet-venus <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20130326201801/http://code.google.com/p/feedparser/issues/detail?id=91
CVE-2011-1155 (The writeState function in logrotate.c in logrotate 3.7.9 and earlier ...)
	- logrotate 3.8.0-1
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1154 (The shred_file function in logrotate.c in logrotate 3.7.9 and earlier ...)
	- logrotate 3.8.0-1
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1153 (Multiple format string vulnerabilities in phar_object.c in the phar ...)
	{DSA-2266-1}
	- php5 5.3.6-1 (unimportant)
	NOTE: only exploitable by malicious scripts
CVE-2011-1152
	REJECTED
CVE-2011-1151
	RESERVED
	NOT-FOR-US: Joomla!
CVE-2011-1150
	RESERVED
	NOT-FOR-US: bbPress
CVE-2011-1149 (Android before 2.3 does not properly restrict access to the system ...)
	NOT-FOR-US: Android
CVE-2011-1148 (Use-after-free vulnerability in the substr_replace function in PHP ...)
	{DSA-2408-1}
	- php5 5.4.0-1 (unimportant)
	NOTE: only exploitable by malicious scripts
CVE-2011-1147 (Multiple stack-based and heap-based buffer overflows in the (1) ...)
	{DSA-2225-1}
	- asterisk 1:1.8.3.3-1 (bug #614580)
CVE-2011-1146 (libvirt.c in the API in Red Hat libvirt 0.8.8 does not properly ...)
	{DSA-2194-1}
	- libvirt 0.8.8-3 (low; bug #617773)
	[lenny] - libvirt <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=683650
CVE-2011-1145 [buffer overflow in unixODBC's SQLDriverConnect()]
	RESERVED
	- unixodbc 2.2.14p2-3 (low; bug #617655)
	[squeeze] - unixodbc <no-dsa> (Only exploitable through a malicious server)
	[lenny] - unixodbc <no-dsa> (Only exploitable through a malicious server)
	NOTE: http://seclists.org/oss-sec/2011/q1/446
CVE-2011-1144 (The installer in PEAR 1.9.2 and earlier allows local users to ...)
	- php5 <not-affected> (incomplete fix never used in Debian packages)
CVE-2011-1143 (epan/dissectors/packet-ntlmssp.c in the NTLMSSP dissector in Wireshark ...)
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1142 (Stack consumption vulnerability in the dissect_ber_choice function in ...)
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1141 (epan/dissectors/packet-ldap.c in Wireshark 1.0.x, 1.2.0 through ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1140 (Multiple stack consumption vulnerabilities in the ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1139 (wiretap/pcapng.c in Wireshark 1.2.0 through 1.2.14 and 1.4.0 through ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1 (unimportant)
CVE-2011-1138 (Off-by-one error in the dissect_6lowpan_iphc function in ...)
	- wireshark 1.4.4-1
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
	[squeeze] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-1131 (The PlushSearch2 function in Search.php in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1130 (Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1129 (Cross-site scripting (XSS) vulnerability in the EditNews function in ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1128 (The loadUserSettings function in Load.php in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1127 (SSI.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2011-1126 (VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware ...)
	NOT-FOR-US: VMware Workstation
CVE-2010-4756 (The glob implementation in the GNU C Library (aka glibc or libc6) ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: That's standard POSIX behaviour implemented by (e)glibc. Applications using
	NOTE: glob need to impose limits for themselves
CVE-2010-4755 (The (1) remote_glob function in sftp-glob.c and the (2) process_put ...)
	NOTE: That's essentially shooting yourself in your own foot:
	NOTE: http://lists.mindrot.org/pipermail/openssh-unix-dev/2011-March/029433.html
CVE-2010-4754 (The glob implementation in libc in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, ...)
	NOT-FOR-US: FreeBSD/NetBSD libc
CVE-2011-1125 (Google Chrome before 9.0.597.107 does not properly perform layout, ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code introduced in commit 75823)
	NOTE: http://trac.webkit.org/changeset/78775
CVE-2011-1124 (Use-after-free vulnerability in Google Chrome before 9.0.597.107 ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-1123 (Google Chrome before 9.0.597.107 does not properly restrict access to ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-1122 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=53782
CVE-2011-1121 (Integer overflow in Google Chrome before 9.0.597.107 allows remote ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: needs port (s/logicalBottom/bottom)
	NOTE: http://trac.webkit.org/changeset/77565
CVE-2011-1120 (The WebGL implementation in Google Chrome before 9.0.597.107 allows ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (webgl support not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77956
CVE-2011-1119 (Google Chrome before 9.0.597.107 does not properly determine device ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (device orientation code/support not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77418
CVE-2011-1118 (Google Chrome before 9.0.597.107 does not properly handle TEXTAREA ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77144
CVE-2011-1117 (Google Chrome before 9.0.597.107 does not properly handle XHTML ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77262
CVE-2011-1116 (Google Chrome before 9.0.597.107 does not properly handle SVG ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/77548
CVE-2011-1115 (Google Chrome before 9.0.597.107 does not properly render tables, ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76915
CVE-2011-1114 (Google Chrome before 9.0.597.107 does not properly handle tables, ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (vulnerable code introduced after 1.2, and the fix restores this code to its 1.2 state)
	NOTE: http://trac.webkit.org/changeset/77141
CVE-2011-1113 (Google Chrome before 9.0.597.107 on 64-bit Linux platforms does not ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-1112 (Google Chrome before 9.0.597.107 does not properly perform SVG ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (Chromium specific)
CVE-2011-1111 (Google Chrome before 9.0.597.107 does not properly implement forms ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	NOTE: needs port (s/FormAssociatedElement/HTMLFormElement)
	NOTE: http://trac.webkit.org/changeset/77114
CVE-2011-1110 (Google Chrome before 9.0.597.107 does not properly implement key frame ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/76828
CVE-2011-1109 (Google Chrome before 9.0.597.107 does not properly process nodes in ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76728
CVE-2011-1108 (Google Chrome before 9.0.597.107 does not properly implement ...)
	{DSA-2189-1}
	- chromium-browser 9.0.597.107~r75357-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (Chromium specific)
CVE-2011-1107 (Unspecified vulnerability in Google Chrome before 9.0.597.107 allows ...)
	- chromium-browser 9.0.597.107~r75357-1
	[squeeze] - chromium-browser <end-of-life>
	- webkit <not-affected> (history controller code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/76205
CVE-2011-1106 (Cross-site scripting (XSS) vulnerability in stcenter.nsf in the server ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2010-4753 (Cross-site scripting (XSS) vulnerability in LightNEasy.php in ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4752 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4751 (SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, ...)
	NOT-FOR-US: LightNEasy
CVE-2010-4750 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2010-4749 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS ...)
	NOT-FOR-US: BLOG:CMS
CVE-2010-4748 (Cross-site scripting (XSS) vulnerability in pmwiki.php in PmWiki ...)
	NOT-FOR-US: pmwiki
CVE-2010-4747 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Wordpress plugin
CVE-2011-1105 (Multiple cross-site scripting (XSS) vulnerabilities in Mutare EVM ...)
	NOT-FOR-US: Mutare EVM
CVE-2011-1104 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mutare ...)
	NOT-FOR-US: Mutare EVM
CVE-2011-1103 (The WebReporting module in F-Secure Policy Manager 7.x, 8.00 before ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2011-1102 (Cross-site scripting (XSS) vulnerability in the WebReporting module in ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2011-1101 (Multiple unspecified vulnerabilities in a third-party component of the ...)
	NOT-FOR-US: Citrix License Management Console
CVE-2011-1100 (Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost ...)
	- pixelpost <removed>
CVE-2011-1099 (Multiple directory traversal vulnerabilities in FocalMedia.Net Quick ...)
	NOT-FOR-US: FocalMedia.Net Quick Polls
CVE-2011-1098 (Race condition in the createOutputFile function in logrotate.c in ...)
	- logrotate 3.8.0-1 (low)
	[squeeze] - logrotate <no-dsa> (Minor issue)
CVE-2011-1097 (rsync 3.x before 3.0.8, when certain recursion, deletion, and ...)
	- rsync 3.0.8 (low; bug #621866)
	[squeeze] - rsync <no-dsa> (Minor issue)
CVE-2011-1096 (The W3C XML Encryption Standard, as used in the JBoss Web Services ...)
	NOT-FOR-US: alleged flaw in W3C XML Encryption standard. Nothing specific to fix
CVE-2011-1095 (locale/programs/locale.c in locale in the GNU C Library (aka glibc or ...)
	- glibc 2.13-16
	[lenny] - glibc <no-dsa> (Minor issue)
	- eglibc 2.13-16
	[squeeze] - eglibc 2.11.3-2
	NOTE: http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=330923
CVE-2011-1094 (kio/kio/tcpslavebase.cpp in KDE KSSL in kdelibs before 4.6.1 does not ...)
	- kde4libs 4:4.4.5-4 (low)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
	- kdelibs <not-affected> (vulnerable code not present)
	NOTE: http://seclists.org/oss-sec/2011/q1/434
CVE-2011-1093 (The dccp_rcv_state_process function in net/dccp/input.c in the ...)
	{DSA-2264-1}
	- linux-2.6 2.6.38-1 (low)
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1092 (Integer overflow in ext/shmop/shmop.c in PHP before 5.3.6 allows ...)
	{DSA-2408-1}
	- php5 5.4.0-1 (unimportant)
	NOTE: only exploitable by malicious scripts
	NOTE: http://seclists.org/oss-sec/2011/q1/430
CVE-2011-1091 (libymsg.c in the Yahoo! protocol plugin in libpurple in Pidgin 2.6.0 ...)
	- pidgin 2.7.11-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[squeeze] - pidgin <no-dsa> (Minor issue)
CVE-2011-1090 (The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1 (low)
CVE-2011-1089 (The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 ...)
	- glibc 2.13-8
	- eglibc 2.13-8
	[squeeze] - eglibc 2.11.3-1
	NOTE: http://seclists.org/oss-sec/2011/q1/368
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57
CVE-2011-1088 (Apache Tomcat 7.x before 7.0.10 does not follow ServletSecurity ...)
	- tomcat6 <not-affected> (Only affects Tomcat 7)
CVE-2011-1087 (Buffer overflow in VideoLAN VLC media player 1.0.5 allows ...)
	- vlc 1.1.10-1 (low; bug #616156)
	[squeeze] - vlc <no-dsa> (Minor issue)
	[lenny] - vlc <no-dsa> (Minor issue)
	NOTE: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4931.php
	NOTE: obscure exploit scenario
CVE-2011-1086
	RESERVED
	NOT-FOR-US: openfiler
CVE-2011-1085
	RESERVED
	NOT-FOR-US: smoothwall
CVE-2011-1084
	RESERVED
	NOT-FOR-US: smoothwall
CVE-2011-1083 (The epoll implementation in the Linux kernel 2.6.37.2 and earlier does ...)
	- linux-2.6 3.2.9-1 (low)
	[squeeze] - linux-2.6 2.6.32-47
CVE-2011-1082 (fs/eventpoll.c in the Linux kernel before 2.6.38 places epoll file ...)
	- linux-2.6 2.6.38-1 (low)
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1081 (modrdn.c in slapd in OpenLDAP 2.4.x before 2.4.24 allows remote ...)
	- openldap 2.4.25-1 (low; bug #617606)
	[lenny] - openldap 2.4.11-1+lenny2.1
	[squeeze] - openldap 2.4.23-7.1
CVE-2011-1080 (The do_replace function in net/bridge/netfilter/ebtables.c in the ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1079 (The bnep_sock_ioctl function in net/bluetooth/bnep/sock.c in the Linux ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1078 (The sco_sock_getsockopt_old function in net/bluetooth/sco.c in the ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-4 (low)
CVE-2011-1077 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Archiva ...)
	NOT-FOR-US: Apache Archiva
CVE-2011-1076 (net/dns_resolver/dns_key.c in the Linux kernel before 2.6.38 allows ...)
	- linux-2.6 2.6.38-1
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.36)
	[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.36)
CVE-2011-1075
	RESERVED
CVE-2011-1074 (crontab.c in crontab in FreeBSD allows local users to determine the ...)
	- cron <not-affected> (Debian's cron not affected)
CVE-2011-1073 (crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users ...)
	- cron <not-affected> (Debian's cron not affected)
CVE-2011-1071 (The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded ...)
	- glibc 2.11.2-12
	- eglibc 2.11.2-12 (bug #615120)
	[squeeze] - eglibc 2.11.3-2
CVE-2011-1070
	RESERVED
	- v86d 0.1.10-1 (low; bug #619404)
	[squeeze] - v86d 0.1.9-1+squeeze1
	[lenny] - v86d 0.1.5.2-1+lenny1
CVE-2011-1069
	RESERVED
	NOT-FOR-US: PHPShop
CVE-2011-1068 (Microsoft Windows Azure Software Development Kit (SDK) 1.3.x before ...)
	NOT-FOR-US: Microsoft Windows Azure SDK
CVE-2011-1067 (slapd (aka ns-slapd) in 389 Directory Server before 1.2.8.a2 does not ...)
	NOT-FOR-US: s389 LDAP server
CVE-2011-1066 (Cross-site scripting (XSS) vulnerability in the Messaging module ...)
	NOT-FOR-US: Messaging module for Drupal
CVE-2011-1065 (Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX ...)
	NOT-FOR-US: PIPI Player
CVE-2011-1064 (SQL injection vulnerability in member/list.php in qibosoft Qi Bo CMS 7 ...)
	NOT-FOR-US: Qi Bo CMS
CVE-2011-1063 (Multiple cross-site scripting (XSS) vulnerabilities in Cherry-Design ...)
	NOT-FOR-US: Cherry-Design Photopad
CVE-2011-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: TaskFreak!
CVE-2011-1061 (SQL injection vulnerability in memberlist.php in WSN Guest 1.24 allows ...)
	NOT-FOR-US: WSN Guest
CVE-2011-1060 (SQL injection vulnerability in the member function in ...)
	NOT-FOR-US: WSN Guest
CVE-2011-1059 (Use-after-free vulnerability in WebCore in WebKit before r77705, as ...)
	- webkit <not-affected> (history controller code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/77705
CVE-2010-4746 (Multiple memory leaks in the normalization functionality in 389 ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-1058 (Cross-site scripting (XSS) vulnerability in the reStructuredText (rst) ...)
	{DSA-2321-1}
	- moin 1.9.3-3
CVE-2011-1057
	REJECTED
CVE-2011-1056 (The installer for Metasploit Framework 3.5.1, when running on Windows, ...)
	NOT-FOR-US: Metasploit Framework
CVE-2011-1055 (SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS ...)
	NOT-FOR-US: Lingxia I.C.E CMS
CVE-2011-1054 (Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1053 (Unspecified vulnerability in the Mach-O input file loader in Hex-Rays ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1052 (Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1051 (Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1050 (Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1049 (Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro ...)
	NOT-FOR-US: IDA Pro
CVE-2011-1048 (SQL injection vulnerability in product.php in MihanTools 1.33 allows ...)
	NOT-FOR-US: MihanTools
CVE-2011-1047 (Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ...)
	NOT-FOR-US: VastHTML Forum Server
CVE-2011-1046 (IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used ...)
	NOT-FOR-US: FileNet P8 Content Engine
CVE-2011-1045 (Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 ...)
	NOT-FOR-US: Rendition Engine
CVE-2010-4745 (Cross-site scripting (XSS) vulnerability in nav.html in PHPXref before ...)
	NOT-FOR-US: PHPXref
CVE-2011-XXXX [pam_pgsql overflow]
	- pam-pgsql 0.7.1-5 (bug #603436)
	[lenny] - pam-pgsql 0.6.3-2+lenny1
	[squeeze] - pam-pgsql 0.7.1-4+squeeze1
CVE-2011-1044 (The ib_uverbs_poll_cq function in drivers/infiniband/core/uverbs_cmd.c ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 2.6.26-26lenny2
CVE-2011-1043
	RESERVED
CVE-2011-1042 (Use-after-free vulnerability in flimflamd in flimflam in Google Chrome ...)
	NOT-FOR-US: flimflam in Google Chrome OS
CVE-2011-1041
	RESERVED
CVE-2011-1040
	RESERVED
CVE-2011-1039
	RESERVED
CVE-2011-1038 (Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in ...)
	NOT-FOR-US: Lotus Sametime
CVE-2011-1037
	RESERVED
CVE-2011-1036 (The XML Security Database Parser class in the XMLSecDB ActiveX control ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2011-1035 (The password reset in PivotX before 2.2.4 allows remote attackers to ...)
	NOT-FOR-US: PivotX
CVE-2010-4744 (Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have ...)
	- abcm2ps 5.9.22-1 (low)
	[squeeze] - abcm2ps <no-dsa> (Minor issue)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-4743 (Heap-based buffer overflow in the getarena function in abc2ps.c in ...)
	- abcm2ps 5.9.22-1 (low)
	[squeeze] - abcm2ps <no-dsa> (Minor issue)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-4742 (Stack-based buffer overflow in a certain ActiveX control in ...)
	NOT-FOR-US: MediaDBPlayback.DLL
CVE-2010-4741 (Stack-based buffer overflow in MDMUtil.dll in MDMTool.exe in MDM Tool ...)
	NOT-FOR-US: Moxa Device Manager
CVE-2011-1034 (Cross-site scripting (XSS) vulnerability in the UI in IBM Rational ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2010-4740 (Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC ...)
	NOT-FOR-US: SCADA Engine BACnet
CVE-2010-4739 (SQL injection vulnerability in the Maian Media Silver (com_maianmedia) ...)
	NOT-FOR-US: Maian Media Silver
CVE-2010-4738 (Multiple SQL injection vulnerabilities in Rae Media INC Real Estate ...)
	NOT-FOR-US: Rae Media INC Real Estate Single and Multi Agent System
CVE-2010-4737 (SQL injection vulnerability in resorts.asp in HotWebScripts HotWeb ...)
	NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4736 (SQL injection vulnerability in ECO.asp in GateSoft DocuSafe 4.1.0 and ...)
	NOT-FOR-US: GateSoft DocuSafe
CVE-2010-4735 (SQL injection vulnerability in shoppingcart.asp in Ecommercemax ...)
	NOT-FOR-US: Ecommercemax Solutions Digital-goods seller
CVE-2010-4734 (Multiple cross-site scripting (XSS) vulnerabilities in the comment ...)
	NOT-FOR-US: Skeletonz CMS
CVE-2011-1033 (Stack-based buffer overflow in oninit in IBM Informix Dynamic Server ...)
	NOT-FOR-US: IBM
CVE-2011-1032 (IBM Lotus Connections 3.0, when IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM
CVE-2011-1031 (The feh_unique_filename function in utils.c in feh 1.11.2 and earlier ...)
	- feh 1.12-1 (low)
	[lenny] - feh <no-dsa> (Minor issue)
	[squeeze] - feh <no-dsa> (Minor issue)
CVE-2011-1030 (Cross-site scripting (XSS) vulnerability in the Wikis component in IBM ...)
	NOT-FOR-US: IBM
CVE-2011-1029 (Cross-site scripting (XSS) vulnerability in IBM Rational Team Concert ...)
	NOT-FOR-US: IBM
CVE-2011-1028
	RESERVED
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-1027 (Off-by-one error in the convert_query_hexchar function in html.c in ...)
	NOT-FOR-US: cgit
CVE-2011-1026 (Multiple cross-site request forgery (CSRF) vulnerabilities in Apache ...)
	NOT-FOR-US: Apache Archiva
CVE-2011-1025 (bind.cpp in back-ndb in OpenLDAP 2.4.x before 2.4.24 does not require ...)
	- openldap 2.4.25-1 (unimportant; bug #617606)
	[squeeze] - openldap 2.4.23-7.1
	NOTE: NBD backend disabled in Debian builds
CVE-2011-1024 (chain.c in back-ldap in OpenLDAP 2.4.x before 2.4.24, when a ...)
	- openldap 2.4.25-1 (low; bug #617606)
	[lenny] - openldap 2.4.11-1+lenny2.1
	[squeeze] - openldap 2.4.23-7.1
CVE-2011-1023 (The Reliable Datagram Sockets (RDS) subsystem in the Linux kernel ...)
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.35)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.35)
CVE-2011-1022 (The cgre_receive_netlink_msg function in daemon/cgrulesengd.c in ...)
	{DSA-2193-1}
	- libcgroup 0.37.1-1 (bug #615987)
CVE-2011-1021 (drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	[squeeze] - linux-2.6 <not-affected> (Introduced in 2.6.33)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.33)
CVE-2011-1020 (The proc filesystem implementation in the Linux kernel 2.6.37 and ...)
	{DSA-2310-1 DSA-2303-1}
	- linux-2.6 2.6.39-1
CVE-2011-1019 (The dev_load function in net/core/dev.c in the Linux kernel before ...)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.32)
	- linux-2.6 2.6.38-1 (unimportant)
	NOTE: We won't fix this for Squeeze. This only applies to non-standard setups with fine
	NOTE: grained security capability models, and an attacker can only load modules from
	NOTE: /lib/modules, which is only writable with root privs
CVE-2011-1018 (logwatch.pl in Logwatch 7.3.6 allows remote attackers to execute ...)
	{DSA-2182-1}
	- logwatch 7.3.6.cvs20090906-2 (bug #615995)
CVE-2011-1017 (Heap-based buffer overflow in the ldm_frag_add function in ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-5
CVE-2011-1016 (The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not ...)
	{DSA-2240-1}
	- linux-2.6 2.6.38-1
CVE-2011-1015 (The is_cgi method in CGIHTTPServer.py in the CGIHTTPServer module in ...)
	{DLA-25-1}
	- python2.6 2.6.8-1 (low; bug #614860)
	[wheezy] - python2.6 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	- python2.5 <unfixed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	[lenny] - python2.5 <no-dsa> (Minor issue, fix modifies behaviour, too intrusive to backport)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: Python 2.7 and 3.1 are fixed
	NOTE: http://bugs.python.org/issue2254
CVE-2011-1014
	REJECTED
CVE-2011-1013 (Integer signedness error in the drm_modeset_ctl function in (1) ...)
	- linux-2.6 2.6.38-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2011-1012 (The ldm_parse_vmdb function in fs/partitions/ldm.c in the Linux kernel ...)
	{DSA-2264-1}
	- linux-2.6 2.6.38-1
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1011 (The seunshare_mount function in sandbox/seunshare.c in seunshare in ...)
	NOT-FOR-US: seunshare
CVE-2011-1010 (Buffer overflow in the mac_partition function in fs/partitions/mac.c ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-1009
	RESERVED
	NOT-FOR-US: Vanilla Forums
CVE-2011-1008 (Scrips_Overlay.pm in Best Practical Solutions RT before 3.8.9 does not ...)
	- request-tracker3.8 3.8.10-1 (bug #614576)
	[squeeze] - request-tracker3.8 3.8.8-7+squeeze1
	[lenny] - request-tracker3.6 3.6.7-5+lenny6
CVE-2011-1007 (Best Practical Solutions RT before 3.8.9 does not perform certain ...)
	- request-tracker3.6 <removed> (unimportant)
	- request-tracker3.8 3.8.10-1 (unimportant)
	NOTE: A physically proximate attacker can do far more damage anyway
CVE-2011-1006 (Heap-based buffer overflow in the parse_cgroup_spec function in ...)
	{DSA-2193-1}
	- libcgroup 0.37.1-1
CVE-2011-1005 (The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through ...)
	- ruby1.8 1.8.7.334-1 (bug #615517)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <not-affected>
	- ruby1.9.1 <not-affected>
CVE-2011-1004 (The FileUtils.remove_entry_secure method in Ruby 1.8.6 through ...)
	- ruby1.8 1.8.7.334-1 (bug #615518)
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	[squeeze] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed> (bug #615519)
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 1.9.2.180-1 (bug #615519)
	[squeeze] - ruby1.9.1 <no-dsa> (Minor issue, patch would change behaviour and might break things)
CVE-2011-1003 (Double free vulnerability in the vba_read_project_strings function in ...)
	- clamav 0.97+dfsg-1 (low)
	[squeeze] - clamav 0.97+dfsg-2~squeeze1 (bug #617444)
	[lenny] - clamav <end-of-life>
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=2486
	NOTE: http://web.archive.org/web/20110304224953/http://git.clamav.net:80/gitweb?p=clamav-devel.git;a=commit;h=d21fb8d975f8c9688894a8cef4d50d977022e09f
CVE-2011-1002 (avahi-core/socket.c in avahi-daemon in Avahi before 0.6.29 allows ...)
	{DSA-2174-1}
	- avahi 0.6.28-4 (bug #614785)
	NOTE: duped with CVE-2011-0634
CVE-2011-1001 (dexdump in Android SDK before 2.3 does not properly perform structural ...)
	NOT-FOR-US: Android SDK
CVE-2011-1000 (jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before ...)
	{DSA-2169-1}
	- telepathy-gabble 0.9.15-2
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=34048
CVE-2011-0999 (mm/huge_memory.c in the Linux kernel before 2.6.38-rc5 does not ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.38-rc1, fixed in 2.6.38-rc5)
CVE-2011-0998
	RESERVED
CVE-2011-0997 (dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV ...)
	{DSA-2217-1 DSA-2216-1}
	- isc-dhcp 4.1.1-P1-16.1 (bug #621099)
	- dhcp3 <removed>
CVE-2011-XXXX [isc-dhcp: omapi dos]
	- isc-dhcp <not-affected> (only affects 4.2.0)
	- dhcp3 <not-affected> (only affects 4.2.0)
	NOTE: http://thread.gmane.org/gmane.comp.security.oss.general/4820
	NOTE: inrodroduced in 4.2.0 and fixed in 4.2.1
CVE-2011-0996 (dhcpcd before 5.2.12 allows remote attackers to execute arbitrary ...)
	- dhcpcd <not-affected> (old shell quoting code is not vulnerable)
	NOTE: Debian's dhcpcd.sh is not vulnerable.
CVE-2011-0995 (The sqlite3-ruby gem in the rubygem-sqlite3 package before 1.2.4-0.5.1 ...)
	- ruby-sqlite3 <not-affected> (SuSE-specific packaging flaw)
CVE-2011-0994 (Stack-based buffer overflow in NFRAgent.exe in Novell File Reporter ...)
	NOT-FOR-US: Novell File Reporter
CVE-2011-0993 (SUSE Lifecycle Management Server before 1.1 uses world readable ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2011-0992 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0991 (Use-after-free vulnerability in Mono, when Moonlight 2.x before 2.4.1 ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0990 (Race condition in the FastCopy optimization in the Array.Copy method ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0989 (The RuntimeHelpers.InitializeArray method in metadata/icall.c in Mono, ...)
	- mono <not-affected> (Moonlight no longer present in Debian)
CVE-2011-0988 (pure-ftpd 1.0.22, as used in SUSE Linux Enterprise Server 10 SP3 and ...)
	- pure-ftpd <not-affected> (SUSE-specific)
CVE-2010-4733 (WebSCADA WS100 and WS200, Easy Connect EC150, Modbus RTU - TCP Gateway ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4732 (cgi-bin/read.cgi in WebSCADA WS100 and WS200, Easy Connect EC150, ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4731 (Absolute path traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...)
	NOT-FOR-US: WebSCADA
CVE-2010-4730 (Directory traversal vulnerability in cgi-bin/read.cgi in WebSCADA ...)
	NOT-FOR-US: WebSCADA
CVE-2008-7274 (IBM WebSphere Application Server (WAS) 6.1.0.9, when the JAAS Login ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-1132 (The IPv6 implementation in the kernel in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple IPv6 implementation
CVE-2011-XXXX [kfreebsd dos]
	- kfreebsd-8 8.2-1 (low; bug #613312; bug #611476)
	[squeeze] - kfreebsd-8 8.1+dfsg-8
	[lenny] - kfreebsd-8 <no-dsa> (Not-supported in Lenny)
	- kfreebsd-7 <removed>
	[lenny] - kfreebsd-7 <no-dsa> (Not supported in Lenny)
CVE-2011-1133 [xinha XSS mode param]
	RESERVED
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1134 [xinha XSS image manager]
	RESERVED
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1135 [xinha multiple vulns]
	RESERVED
	- serendipity <removed> (bug #611661)
	[lenny] - serendipity <not-affected> (Xinha not yet included)
	[squeeze] - serendipity <no-dsa> (Minor issue)
	- openacs <not-affected> (PHP bindings not used)
	- dotlrn <not-affected> (PHP bindings not used)
	NOTE: http://secunia.com/advisories/40669/
CVE-2011-1137 (Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d ...)
	{DSA-2185-1}
	- proftpd-dfsg 1.3.3d-4 (bug #616179)
	[lenny] - proftpd-dfsg <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3586
	NOTE: http://www.exploit-db.com/exploits/16129/
CVE-2011-XXXX [incorrect handling of {$smarty.template} and {$smarty.current_dir}]
	- smarty3 3.0.8-1 (unimportant)
	- smarty <removed> (unimportant)
	NOTE: http://www.smarty.net/forums/viewtopic.php?t=18815
	NOTE: http://code.google.com/p/smarty-php/source/detail?r=3989
	NOTE: https://github.com/smarty-php/smarty/commit/0154f17de2b2dd16ff9c016923015ac19af9c0cb(3.0.7)
	NOTE: non-issue in practice, if you can place arbitrary template files you have worse problems
CVE-2011-0987 (The PMA_Bookmark_get function in libraries/bookmark.lib.php in ...)
	{DSA-2167-1}
	- phpmyadmin 4:3.3.9.2-1
CVE-2011-0986 (phpMyAdmin 2.11.x before 2.11.11.2, and 3.3.x before 3.3.9.1, does not ...)
	- phpmyadmin 4:3.3.9.2-1 (unimportant)
	NOTE: Path disclosure; paths in Debian are public info already
CVE-2011-0985 (Google Chrome before 9.0.597.94 does not properly perform process ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (Chromium specific)
CVE-2011-0984 (Google Chrome before 9.0.597.94 does not properly handle plug-ins, ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (doesn't include v8 code)
	NOTE: http://trac.webkit.org/changeset/76264
	NOTE: ^ this has to be the wrong commit, its a v8 fix, but that doesn't match the description at all
CVE-2011-0983 (Google Chrome before 9.0.597.94 does not properly handle anonymous ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (vulnerable code not yet present in 1.2)
	NOTE: http://trac.webkit.org/changeset/75810
CVE-2011-0982 (Use-after-free vulnerability in Google Chrome before 9.0.597.94 allows ...)
	- chromium-browser 9.0.597.98~r74359-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76990
CVE-2011-0981 (Google Chrome before 9.0.597.94 does not properly perform event ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.98~r74359-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/76708
CVE-2011-0980 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...)
	NOT-FOR-US: Microsoft Office Excel 2003
CVE-2011-0979 (Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office 2004, ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0978 (Stack-based buffer overflow in Microsoft Excel 2002 SP3, 2003 SP3, and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0977 (Use-after-free vulnerability in Microsoft Office XP SP3, Office 2003 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2011-0976 (Microsoft PowerPoint 2002 SP3, 2003 SP3, and 2007 SP2; Office 2004 and ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-0975 (Stack-based buffer overflow in BMC PATROL Agent Service Daemon for in ...)
	NOT-FOR-US: BMC PATROL
CVE-2011-0974
	RESERVED
CVE-2011-0973
	RESERVED
CVE-2011-0972
	RESERVED
CVE-2011-0971
	RESERVED
CVE-2011-0970
	RESERVED
CVE-2011-0969
	RESERVED
CVE-2011-0968
	RESERVED
CVE-2011-0967
	RESERVED
CVE-2011-0966 (Directory traversal vulnerability in cwhp/auditLog.do in the Homepage ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2011-0965
	RESERVED
CVE-2011-0964
	RESERVED
CVE-2011-0963 (The default configuration of the RADIUS authentication feature on the ...)
	NOT-FOR-US: Cisco Network Access Control (NAC) Guest Server
CVE-2011-0962 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0961 (Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2011-0960 (Multiple SQL injection vulnerabilities in Cisco Unified Operations ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0959 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Operations Manager
CVE-2011-0958
	RESERVED
CVE-2011-0957
	RESERVED
CVE-2011-0956
	RESERVED
CVE-2011-0955
	RESERVED
CVE-2011-0954
	RESERVED
CVE-2011-0953
	RESERVED
CVE-2011-0952
	RESERVED
CVE-2011-0951 (The web-based management interface in Cisco Secure Access Control ...)
	NOT-FOR-US: Cisco ACS
CVE-2011-0950
	RESERVED
CVE-2011-0949 (Cisco IOS XR 3.6.x, 3.8.x before 3.8.3, and 3.9.x before 3.9.1 does ...)
	NOT-FOR-US: Cisco
CVE-2011-0948
	RESERVED
CVE-2011-0947
	RESERVED
CVE-2011-0946 (The NAT implementation in Cisco IOS 12.1 through 12.4 and 15.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0945 (Memory leak in the Data-link switching (aka DLSw) feature in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0944 (Cisco IOS 12.4, 15.0, and 15.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0943 (Cisco IOS XR 3.8.3, 3.8.4, and 3.9.1 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2011-0942
	RESERVED
CVE-2011-0941 (Memory leak in Cisco Unified Communications Manager (CUCM) 6.x before ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2011-0940
	RESERVED
CVE-2011-0939 (Unspecified vulnerability in Cisco IOS 12.4, 15.0, and 15.1, and IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0938
	RESERVED
CVE-2011-0937
	RESERVED
CVE-2011-0936
	RESERVED
CVE-2011-0935 (The PKI functionality in Cisco IOS 15.0 and 15.1 does not prevent ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0934
	RESERVED
CVE-2011-0933
	RESERVED
CVE-2011-0932
	RESERVED
CVE-2011-0931
	RESERVED
CVE-2011-0930
	RESERVED
CVE-2011-0929
	RESERVED
CVE-2011-0928
	RESERVED
CVE-2011-0927
	RESERVED
CVE-2011-0926 (A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2011-0925 (The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2011-0924 (The client in HP Data Protector does not verify the contents of files ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0923 (The client in HP Data Protector does not properly validate EXEC_CMD ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0922 (The client in HP Data Protector allows remote attackers to execute ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0921 (crs.exe in the Cell Manager Service in the client in HP Data Protector ...)
	NOT-FOR-US: HP Data Protector
CVE-2011-0920 (The Remote Console in IBM Lotus Domino, when a certain unsupported ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0919 (Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0918 (Stack-based buffer overflow in the NRouter (aka Router) service in IBM ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0917 (Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0916 (Stack-based buffer overflow in the SMTP service in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0915 (Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0914 (Integer signedness error in ndiiop.exe in the DIIOP implementation in ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0913 (Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2011-0912 (Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2011-0911 (Cross-site scripting (XSS) vulnerability in the Users module in Zikula ...)
	NOT-FOR-US: zikula
CVE-2011-0910 (The cookie implementation in Vanilla Forums before 2.0.17.6 makes it ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0909 (Cross-site scripting (XSS) vulnerability in Vanilla Forums before ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0908 (Open redirect vulnerability in Vanilla Forums before 2.0.17.6 allows ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0907
	RESERVED
CVE-2011-0906
	RESERVED
CVE-2011-0905 (The rfbSendFramebufferUpdate function in ...)
	{DSA-2238-1}
	- vino 2.28.2-3
	- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
	- kdenetwork 4:4.0
	NOTE: Only affects the krfb from KDE 3.5
CVE-2011-0904 (The rfbSendFramebufferUpdate function in ...)
	{DSA-2238-1}
	- vino 2.28.2-3
	- libvncserver <not-affected> (Performs sufficient range validation, but was initially reported as affected)
	- kdenetwork 4:4.0
	NOTE: Only affects the krfb from KDE 3.5
CVE-2011-0903 (Multiple directory traversal vulnerabilities in AR Web Content Manager ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2011-0902 (Multiple untrusted search path vulnerabilities in the Java Service in ...)
	NOT-FOR-US: SunOS
CVE-2011-0901 (Multiple stack-based buffer overflows in the tsc_launch_remote ...)
	- tsclient <removed> (low; bug #613204)
	[lenny] - tsclient <no-dsa> (Minor issue)
	[squeeze] - tsclient <no-dsa> (Minor issue)
CVE-2011-0900 (Stack-based buffer overflow in the tsc_launch_remote function ...)
	- tsclient <removed> (low; bug #613204)
	[lenny] - tsclient <no-dsa> (Minor issue)
	[squeeze] - tsclient <no-dsa> (Minor issue)
CVE-2011-0899 (The AES encryption module 7.x-1.4 for Drupal leaves certain debugging ...)
	NOT-FOR-US: AES module for Drupal
CVE-2011-0898 (Cross-site scripting (XSS) vulnerability in HP Network Node Manager i ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0897 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.00 ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0896 (Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on ...)
	NOT-FOR-US: HP-UX
CVE-2011-0895 (Unspecified vulnerability in HP Network Node Manager i (NNMi) 9.0x and ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2011-0894 (Unspecified vulnerability in HP Operations 9.10 on UNIX platforms ...)
	NOT-FOR-US: HP Operations
CVE-2011-0893 (Cross-site scripting (XSS) vulnerability in HP Operations 9.10 on UNIX ...)
	NOT-FOR-US: HP Operations
CVE-2011-0892 (Cross-site scripting (XSS) vulnerability in HP Diagnostics 7.5x and ...)
	NOT-FOR-US: HP Diagnostics
CVE-2011-0891 (Unspecified vulnerability in the OS-Core.CORE2-KRN fileset in HP HP-UX ...)
	NOT-FOR-US: HP HP-UX
CVE-2011-0890 (HP Discovery &amp; Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2011-0889 (Unspecified vulnerability in HP Client Automation Enterprise (aka HPCA ...)
	NOT-FOR-US: HP Client Automation Enterprise
CVE-2011-0888
	RESERVED
CVE-2011-0887 (The web management portal on the SMC SMCD3G-CCR (aka Comcast Business ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0886 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0885 (A certain Comcast Business Gateway configuration of the SMC SMCD3G-CCR ...)
	NOT-FOR-US: SMC SMCD3G-CCR
CVE-2011-0884 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0883 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0882 (Unspecified vulnerability in the Content Management component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0881 (Unspecified vulnerability in the EMCTL component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0880 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0879 (Unspecified vulnerability in the Instance Management component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0878
	REJECTED
CVE-2011-0877 (Unspecified vulnerability in the Instance Management component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0876 (Unspecified vulnerability in the Enterprise Manager Console component ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0875 (Unspecified vulnerability in the EMCTL component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0874
	REJECTED
CVE-2011-0873 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0872 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	NOT-FOR-US: OpenJDK on Microsoft Windows
CVE-2011-0871 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0870 (Unspecified vulnerability in the Schema Management component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0869 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0868 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0867 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0866 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0865 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0864 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0863 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0862 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...)
	{DSA-2358-1 DSA-2311-1}
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
	- openjdk-6 6b18-1.8.9-0.1 (bug #629852)
CVE-2011-0861 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0860 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0859 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 Tax ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0858 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0857 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0856 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.49 GA ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0855 (Unspecified vulnerability in the InForm component in Oracle Industry ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2011-0854 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.1 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0853 (Unspecified vulnerability in Oracle PeopleSoft Enterprise HRMS 9.0 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0852 (Unspecified vulnerability in the Security Management component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0851 (Unspecified vulnerability in Oracle PeopleSoft Enterprise ELS 9.0 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0850 (Unspecified vulnerability in Oracle PeopleSoft Enterprise CRM 8.9 ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0849 (Unspecified vulnerability in Oracle Java Dynamic Management Kit 5.1 ...)
	NOT-FOR-US: Oracle Java Dynamic Management Kit
CVE-2011-0848 (Unspecified vulnerability in the Security Framework component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0847 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-0846 (Unspecified vulnerability in the Oracle Sun Java System Access Manager ...)
	NOT-FOR-US: Oracle Sun Java System Access Manager Policy Agent
CVE-2011-0845 (Unspecified vulnerability in the Database Control component in Oracle ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2011-0844 (Unspecified vulnerability in the OpenSSO Enterprise and Sun Java ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2011-0843 (Unspecified vulnerability in the Siebel CRM Core component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0842
	REJECTED
CVE-2011-0841 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0840 (Unspecified vulnerability in Oracle PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise PeopleTools
CVE-2011-0839 (Unspecified vulnerability in Oracle Solaris 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0838 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0837 (Unspecified vulnerability in the Agile Technology Platform component ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2011-0836 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0835 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0834 (Unspecified vulnerability in the Siebel CRM Core component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0833 (Unspecified vulnerability in the Siebel CRM Core component in Oracle ...)
	NOT-FOR-US: Oracle Siebel CRM
CVE-2011-0832 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0831 (Unspecified vulnerability in the Enterprise Config Management ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0830 (Unspecified vulnerability in the Event Management component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0829 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0828 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2011-0827 (Unspecified vulnerability in the PeopleSoft Enterprise component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-0826 (Unspecified vulnerability in Oracle PeopleSoft Enterprise 8.8 Bundle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2011-0825 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0824 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0823 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0822 (Unspecified vulnerability in the Streams, AQ &amp; Replication Mgmt ...)
	NOT-FOR-US: Oracle Database Serve
CVE-2011-0821 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0820 (Unspecified vulnerability in Oracle Solaris 10, and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0819 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0818 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Tools 8.9 ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0817 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0816 (Unspecified vulnerability in the CMDB Metadata &amp; Instance APIs ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0815 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0814 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0813 (Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0812 (Unspecified vulnerability in the Solaris component in Oracle Solaris ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0811 (Unspecified vulnerability in the Enterprise Config Management ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0810 (Unspecified vulnerability Oracle JD Edwards EnterpriseOne Tools 8.9 GA ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2011-0809 (Unspecified vulnerability in the Web ADI component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0808 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0807 (Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server ...)
	NOT-FOR-US: Oracle Sun GlassFish Enterprise Server
CVE-2011-0806 (Unspecified vulnerability in the Network Foundation component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0805 (Unspecified vulnerability in the UIX component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0804 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0803 (Unspecified vulnerability in the JD Edwards EnterpriseOne Tools ...)
	NOT-FOR-US: Oracle JD Edwards Products
CVE-2011-0802 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	[lenny] - sun-java6 6.26-0lenny1
	[squeeze] - sun-java6 6.26-0squeeze1
	- sun-java6 6.26-1 (bug #629852)
CVE-2011-0801 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0800 (Unspecified vulnerability in the Solaris component in Oracle Solaris ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0799 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0798 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0797 (Unspecified vulnerability in the Applications Install component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0796 (Unspecified vulnerability in the Applications Install component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0795 (Unspecified vulnerability in the Single Sign On component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0794 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0793 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0792 (Unspecified vulnerability in the Oracle Warehouse Builder component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2011-0791 (Unspecified vulnerability in the Application Object Library component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2011-0790 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0789 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2011-0788 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0787 (Unspecified vulnerability in the Application Service Level Management ...)
	NOT-FOR-US: Oracle
CVE-2011-0786 (Unspecified vulnerability in the Java Runtime Environment (JRE) ...)
	NOT-FOR-US: Java on Windows
CVE-2011-0785 (Unspecified vulnerability in the Oracle Help component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2011-0784 (Race condition in Google Chrome before 9.0.597.84 allows remote ...)
	- chromium-browser 9.0.597.84~r72991-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0783 (Unspecified vulnerability in Google Chrome before 9.0.597.84 allows ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0782 (Google Chrome before 9.0.597.84 on Mac OS X does not properly mitigate ...)
	- chromium-browser <not-affected> (mac only)
	- webkit <not-affected> (chromium specific)
CVE-2011-0781 (Google Chrome before 9.0.597.84 does not properly handle autofill ...)
	- chromium-browser 9.0.597.84~r72991-1 (unimportant)
	- webkit <not-affected> (chromium specific)
CVE-2011-0780 (The PDF event handler in Google Chrome before 9.0.597.84 does not ...)
	- chromium-browser <not-affected> (Chrome pdf plugin)
	- webkit <not-affected> (chromium specific)
CVE-2011-0779 (Google Chrome before 9.0.597.84 does not properly handle a missing key ...)
	{DSA-2192-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0778 (Google Chrome before 9.0.597.84 does not properly restrict drag and ...)
	{DSA-2188-1 DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/71925
CVE-2011-0777 (Use-after-free vulnerability in Google Chrome before 9.0.597.84 allows ...)
	{DSA-2166-1}
	- chromium-browser 9.0.597.84~r72991-1
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	NOTE: http://trac.webkit.org/changeset/72230
CVE-2011-0776 (The sandbox implementation in Google Chrome before 9.0.597.84 on Mac ...)
	- chromium-browser <not-affected> (mac only)
	- webkit <not-affected> (chromium specific)
CVE-2010-4729 (Zikula before 1.2.3 does not use the authid protection mechanism for ...)
	NOT-FOR-US: zikula
CVE-2010-4728 (Zikula before 1.3.1 uses the rand and srand PHP functions for random ...)
	NOT-FOR-US: zikula
CVE-2011-XXXX [evince segfault]
	- evince 2.30.3-1
	[lenny] - evince <unfixed> (bug #612668)
CVE-2011-XXXX [php-gettext XSS]
	- php-gettext <unfixed> (unimportant)
	NOTE: http://www.autosectools.com/Advisories/CiviCRM.3.3.3.Drupal-Joomla_Reflected.Cross-site.Scripting_102.html
	NOTE: Vulnerable code only in examples/
CVE-2011-1136 [tesseract tempfile]
	RESERVED
	- tesseract 2.04-2.1 (low; bug #612032)
	[squeeze] - tesseract 2.04-2+squeeze1
	[lenny] - tesseract 2.03-2+lenny1 (bug #612032)
CVE-2011-XXXX [aptitude tempfile]
	- aptitude 0.6.3-4 (low; bug #612034)
	[squeeze] - aptitude 0.6.3-2.1+squeeze1 (bug #612034)
	[lenny] - aptitude 0.4.11.11-1~lenny2 (bug #612034)
CVE-2011-0775 (pivotx/modules/module_image.php in PivotX 2.2.2 allows remote ...)
	NOT-FOR-US: PivotX
CVE-2011-0774 (PivotX before 2.2.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PivotX
CVE-2011-0773 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PivotX
CVE-2011-0772 (Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, ...)
	NOT-FOR-US: PivotX
CVE-2011-0771 (The Janrain Engage (formerly RPX) module 6.x-1.3 for Drupal does not ...)
	NOT-FOR-US: Janrain Engage Drupal module
CVE-2011-0770 (Cross-site scripting (XSS) vulnerability in Windows Event Log ...)
	NOT-FOR-US: Windows Event Log SmartConnector
CVE-2011-0769
	RESERVED
CVE-2011-0768
	RESERVED
CVE-2011-0767 (Cross-site scripting (XSS) vulnerability in the management GUI in the ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall
CVE-2011-0766 (The random number generator in the Crypto application before 2.0.2.2, ...)
	- erlang 1:14.b.3-dfsg-1 (low; bug #628456)
	[squeeze] - erlang 1:14.a-dfsg-3squeeze1
	NOTE: http://www.kb.cert.org/vuls/id/178990
	NOTE: https://github.com/erlang/otp/commit/f228601de45c5
CVE-2011-0765 (Unspecified vulnerability in lft in pWhois Layer Four Traceroute (LFT) ...)
	NOT-FOR-US: pWhois Layer Four Traceroute
CVE-2011-0764 (t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ...)
	{DSA-2388-1}
	- xpdf 3.02-9
	- poppler <not-affected> (never used t1lib)
	- t1lib 5.1.2-3.3
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: http://www.toucan-system.com/advisories/tssa-2011-01.txt
CVE-2011-0763
	RESERVED
CVE-2011-0762 (The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 ...)
	{DSA-2305-1}
	- vsftpd 2.3.4-1 (bug #622741)
	[squeeze] - vsftpd 2.3.2-3+squeeze2
	[lenny] - vsftpd 2.0.7-1+lenny1
CVE-2011-0761 (Perl 5.10.x allows context-dependent attackers to cause a denial of ...)
	- perl 5.12.0-1 (unimportant; bug #628817)
CVE-2011-0760 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WP Related Posts plugin for WordPress
CVE-2011-0759 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Recaptcha plugin for WordPress
CVE-2010-4727 (Smarty before 3.0.0 beta 7 does not properly handle the &lt;?php and ?&gt; ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4726 (Unspecified vulnerability in the math plugin in Smarty before 3.0.0 ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4725 (Smarty before 3.0.0 RC3 does not properly handle an on value of the ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4724 (Multiple unspecified vulnerabilities in the parser implementation in ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4723 (Smarty before 3.0.0, when security is enabled, does not prevent access ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-4722 (Unspecified vulnerability in the fetch plugin in Smarty before 3.0.2 ...)
	- smarty3 3.0.8-1
	- smarty <removed>
	[squeeze] - smarty3 <end-of-life> (Unsupported in squeeze-lts)
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5054 (Smarty before 3.0.0 beta 4 does not consider the umask value when ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5053 (Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2009-5052 (Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 ...)
	- smarty3 3.0~rc1-1
	- smarty <removed>
	[squeeze] - smarty <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0758 (The eCS component (ECSQdmn.exe) in CA ETrust Secure Content Manager ...)
	NOT-FOR-US: CA ETrust
CVE-2011-0757 (IBM DB2 9.1 before FP10, 9.5 before FP6a, and 9.7 before FP2 on Linux, ...)
	NOT-FOR-US: IBM DB2
CVE-2011-0756 (The application server in Trustwave WebDefend Enterprise before 5.0 ...)
	NOT-FOR-US: Trustwave WebDefend Enterprise
CVE-2011-0755 (Integer overflow in the mt_rand function in PHP before 5.3.4 might ...)
	- php5 5.3.5-1 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0754 (The SplFileInfo::getType function in the Standard PHP Library (SPL) ...)
	- php5 <not-affected> (Only affects PHP on Windows)
CVE-2011-0753 (Race condition in the PCNTL extension in PHP before 5.3.4, when a ...)
	- php5 5.3.5-1 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0752 (The extract function in PHP before 5.2.15 does not prevent use of the ...)
	- php5 5.3.3-7 (unimportant)
	NOTE: Only exploitable with malicious script
CVE-2011-0751 (Directory traversal vulnerability in nhttpd (aka Nostromo webserver) ...)
	NOT-FOR-US: Nostromo webserver
CVE-2011-0750
	RESERVED
CVE-2011-0749
	RESERVED
CVE-2011-0748 (Multiple cross-site request forgery (CSRF) vulnerabilities in phpList ...)
	NOT-FOR-US: phpList
CVE-2011-0747
	RESERVED
CVE-2011-0746 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: ZyXEL O2 DSL Router
CVE-2011-0745 (SugarCRM before 6.1.3 does not properly handle reloads and direct ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2011-0744
	RESERVED
CVE-2011-0743
	RESERVED
CVE-2011-0742 (Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management ...)
	NOT-FOR-US: Novell ZENworks Handheld Management
CVE-2011-0741 (Multiple cross-site scripting (XSS) vulnerabilities in ModX Evolution ...)
	NOT-FOR-US: ModX
CVE-2011-0740 (Cross-site scripting (XSS) vulnerability in ...)
	- magpierss 0.72-10 (low; bug #611940)
	[squeeze] - magpierss 0.72-8+squeeze1
	[lenny] - magpierss 0.72-5+lenny1
CVE-2011-0739 (The deliver function in the sendmail delivery agent ...)
	NOT-FOR-US: Ruby mail gem
CVE-2011-0738 (MyProxy 5.0 through 5.2, as used in Globus Toolkit 5.0.0 through ...)
	NOT-FOR-US: MyProxy
CVE-2011-0737 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier allows remote ...)
	NOT-FOR-US: Adobe Coldfusion
CVE-2011-0736 (** DISPUTED ** Adobe ColdFusion 9.0.1 CHF1 and earlier, when a web ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0735 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0734 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0733 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion before ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0732 (Multiple unspecified vulnerabilities in IBM Tivoli Integrated Portal ...)
	NOT-FOR-US: IBM Tivoli Integrated Portal
CVE-2011-0731 (Buffer overflow in the DB2 Administration Server (DAS) component in ...)
	NOT-FOR-US: IBM DB2
CVE-2011-0730 (Eucalyptus before 2.0.3 and Eucalyptus EE before 2.0.2, as used in ...)
	- eucalyptus <not-affected> (It was once removed from archive, then re-added as 3.1.0)
CVE-2011-0729 (dbus_backend/ls-dbus-backend in the D-Bus backend in language-selector ...)
	NOT-FOR-US: Ubuntu-specific language-selector package
CVE-2011-0728 (Cross-site scripting (XSS) vulnerability in templatefunctions.py in ...)
	- loggerhead 1.18.1-1 (low)
	[squeeze] - loggerhead <no-dsa> (Minor issue)
CVE-2011-0727 (GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to ...)
	{DSA-2205-1}
	- gdm3 2.30.5-9
	- gdm <not-affected> (Affected code was introduced in 2.28)
CVE-2011-0726 (The do_task_stat function in fs/proc/array.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
	[lenny] - linux-2.6 2.6.26-26lenny3
	[squeeze] - linux-2.6 2.6.32-32
CVE-2011-0725 (Absolute path traversal vulnerability in the ...)
	- aptdaemon 0.43+bzr707-1
	[squeeze] - aptdaemon <not-affected> (Introduced in 0.33)
CVE-2011-0724 (The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not ...)
	- italc <not-affected> (Only Edubuntu Live DVD affected)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/italc/+bug/714864
	NOTE: http://web.archive.org/web/20140817234205/https://lists.ubuntu.com/archives/ubuntu-security-announce/2011-February/001245.html
CVE-2011-0723 (FFmpeg 0.5.x, as used in MPlayer and other products, allows remote ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-0722 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2011-0721 (Multiple CRLF injection vulnerabilities in (1) chfn and (2) chsh in ...)
	{DSA-2164-1}
	- shadow 1:4.1.4.2+svn3283-3
	[lenny] - shadow <not-affected> (Vulnerable code not present)
CVE-2010-4721 (SQL injection vulnerability in news.php in Immo Makler allows remote ...)
	NOT-FOR-US: Immo Makler
CVE-2010-4720 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
	NOT-FOR-US: Joomla JEAuto addon
CVE-2010-4719 (Directory traversal vulnerability in JRadio (com_jradio) component ...)
	NOT-FOR-US: Joomla JRadio addon
CVE-2010-4718 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Joomla Lyftenbloggie addon
CVE-2011-0720 (Unspecified vulnerability in Plone 2.5 through 4.0, as used in Conga, ...)
	- plone3 <removed>
CVE-2011-0719 (Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 ...)
	{DSA-2175-1}
	- samba 2:3.5.7~dfsg-1
CVE-2011-0718 (Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay ...)
	NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0717 (Session fixation vulnerability in Red Hat Network (RHN) Satellite ...)
	NOT-FOR-US: Red Hat Network Satellite/Spacewalk
CVE-2011-0716 (The br_multicast_add_group function in net/bridge/br_multicast.c in ...)
	- linux-2.6 2.6.38-1 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
	[squeeze] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
	[wheezy] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.34)
CVE-2011-0715 (The mod_dav_svn module for the Apache HTTP Server, as distributed in ...)
	{DSA-2181-1}
	- subversion 1.6.16dfsg-1
CVE-2011-0714 (Use-after-free vulnerability in a certain Red Hat patch for the RPC ...)
	- linux-2.6 <not-affected> (This issue only affects Red Hat Enterprise Linux 6)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=678144
	NOTE: http://seclists.org/oss-sec/2011/q1/438
CVE-2011-0713 (Heap-based buffer overflow in wiretap/dct3trace.c in Wireshark 1.2.0 ...)
	{DSA-2201-1}
	- wireshark 1.4.4-1
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
	NOTE: http://anonsvn.wireshark.org/viewvc?view=rev&revision=35953
CVE-2011-0712 (Multiple buffer overflows in the caiaq Native Instruments USB audio ...)
	{DSA-2310-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0711 (The xfs_fs_geometry function in fs/xfs/xfs_fsops.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-1 (low)
CVE-2011-0710 (The task_show_regs function in arch/s390/kernel/traps.c in the Linux ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-2 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0709 (The br_mdb_ip_get function in net/bridge/br_multicast.c in the Linux ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.35-rc1 and fixed in 2.6.35-rc5)
CVE-2011-0708 (exif.c in the Exif extension in PHP before 5.3.6 on 64-bit platforms ...)
	{DSA-2266-1}
	- php5 5.3.6-1
CVE-2011-0707 (Multiple cross-site scripting (XSS) vulnerabilities in Cgi/confirm.py ...)
	{DSA-2170-1}
	- mailman 1:2.1.14-1
	NOTE: patch http://mail.python.org/pipermail/mailman-developers/attachments/20110218/15500b22/attachment.txt
	NOTE: present in 2.1.14 and earlier
	NOTE: http://mail.python.org/pipermail/mailman-developers/2011-February/021317.html
CVE-2011-0706 (The JNLPClassLoader class in IcedTea-Web before 1.0.1, as used in ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.7-1
CVE-2011-0705 [path traversal in SimpleHTTPServer]
	RESERVED
	NOTE: Will be rejected
CVE-2011-0704 (389 Directory Server 1.2.7.5, when built with mozldap, allows remote ...)
	NOT-FOR-US: 389 Directory Server
CVE-2011-0703
	RESERVED
	- gksu-polkit <removed> (bug #684489)
	[squeeze] - gksu-polkit <end-of-life> (Unsupported in squeeze-lts)
CVE-2011-0702 (The feh_unique_filename function in utils.c in feh before 1.11.2 might ...)
	- feh 1.12-1 (low; bug #612035)
	[squeeze] - feh <no-dsa> (Minor issue)
	[lenny] - feh <no-dsa> (Minor issue)
CVE-2011-0701 (wp-admin/async-upload.php in the media uploader in WordPress before ...)
	{DSA-2190-1}
	- wordpress 3.0.5+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
CVE-2011-0700 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress ...)
	{DSA-2190-1}
	- wordpress 3.0.5+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
CVE-2011-0699
	RESERVED
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 <not-affected> (code introduced in .37)
	[squeeze] - linux-2.6 <not-affected> (code introduced in .37)
	[lenny] - linux-2.6 <not-affected> (code introduced in .37)
CVE-2011-0698 (Directory traversal vulnerability in Django 1.1.x before 1.1.4 and ...)
	- python-django <not-affected> (Windows-specific)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
CVE-2011-0697 (Cross-site scripting (XSS) vulnerability in Django 1.1.x before 1.1.4 ...)
	{DSA-2163-1}
	- python-django 1.2.5-1
	[lenny] - python-django <not-affected> (Vulnerable code not present)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
	[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0696 (Django 1.1.x before 1.1.4 and 1.2.x before 1.2.5 does not properly ...)
	{DSA-2163-1}
	- python-django 1.2.5-1
	[lenny] - python-django <not-affected> (Vulnerable code not present)
	NOTE: http://www.djangoproject.com/weblog/2011/feb/08/security/
	[squeeze] - python-django 1.2.3-3+squeeze1
CVE-2011-0695 (Race condition in the cm_work_handler function in the InfiniBand ...)
	{DSA-2264-1 DSA-2240-1}
	- linux-2.6 2.6.38-2
CVE-2011-0694 (RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and ...)
	NOT-FOR-US: RealPlayer
CVE-2011-0693
	RESERVED
CVE-2011-0692
	RESERVED
CVE-2011-0691
	RESERVED
CVE-2011-0690
	RESERVED
CVE-2011-0689
	RESERVED
CVE-2011-0688 (Intel Alert Management System (aka AMS or AMS2), as used in Symantec ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2011-0687 (Opera before 11.01 does not properly implement Wireless Application ...)
	NOT-FOR-US: Opera
CVE-2011-0686 (Unspecified vulnerability in Opera before 11.01 allows remote ...)
	NOT-FOR-US: Opera
CVE-2011-0685 (The Delete Private Data feature in Opera before 11.01 does not ...)
	NOT-FOR-US: Opera
CVE-2011-0684 (Opera before 11.01 does not properly handle redirections and ...)
	NOT-FOR-US: Opera
CVE-2011-0683 (Opera before 11.01 does not properly restrict the use of opera: URLs, ...)
	NOT-FOR-US: Opera
CVE-2011-0682 (Integer truncation error in opera.dll in Opera before 11.01 allows ...)
	NOT-FOR-US: Opera
CVE-2011-0681 (The Cascading Style Sheets (CSS) Extensions for XML implementation in ...)
	NOT-FOR-US: Opera
CVE-2011-0680 (data/WorkingMessage.java in the Mms application in Android before ...)
	NOT-FOR-US: Mms for Android
CVE-2010-4717 (Multiple stack-based buffer overflows in the IMAP server component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4716 (Cross-site scripting (XSS) vulnerability in the WebPublisher component ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4715 (Multiple directory traversal vulnerabilities in the (1) WebAccess ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4714 (Multiple stack-based buffer overflows in Novell GroupWise before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4713 (Integer signedness error in gwia.exe in GroupWise Internet Agent ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4712 (Multiple stack-based buffer overflows in gwia.exe in GroupWise ...)
	NOT-FOR-US: Novell GroupWise
CVE-2010-4711 (Double free vulnerability in the IMAP server component in GroupWise ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0679 (IBM WebSphere Portal 6.0.1.1 through 7.0.0.0, as used in IBM Lotus Web ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2011-0678 (Unrestricted file upload vulnerability in the EasyEdit module in ...)
	NOT-FOR-US: Lomtec ActiveWeb Professional
CVE-2011-0677 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0676 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0675 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0674 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0673 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP3 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0672 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0671 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0670 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0669
	REJECTED
CVE-2011-0668
	RESERVED
CVE-2011-0667 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0666 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0665 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0664 (Microsoft .NET Framework 2.0 SP1 and SP2, 3.5 Gold and SP1, 3.5.1, and ...)
	NOT-FOR-US: Microsoft .NET Framework, Silverlight
CVE-2011-0663 (Multiple integer overflows in the Microsoft (1) JScript 5.6 through ...)
	NOT-FOR-US: Microsoft JScript
CVE-2011-0662 (Use-after-free vulnerability in win32k.sys in the kernel-mode drivers ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0661 (The SMB Server service in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0660 (The SMB client in Microsoft Windows XP SP2 and SP3, Windows Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0659
	REJECTED
CVE-2011-0658 (Integer underflow in the OLE Automation protocol implementation in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0657 (DNSAPI.dll in the DNS client in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0656 (Microsoft PowerPoint 2002 SP3, 2003 SP3, 2007 SP2, and 2010; Office ...)
	NOT-FOR-US: Microsoft
CVE-2011-0655 (Microsoft PowerPoint 2007 SP2 and 2010; Office 2004, 2008, and 2011 ...)
	NOT-FOR-US: Microsoft
CVE-2011-0654 (Integer underflow in the BowserWriteErrorLogEntry function in the ...)
	NOT-FOR-US: Windows 2003
CVE-2011-0653 (Cross-site scripting (XSS) vulnerability in Microsoft Office ...)
	NOT-FOR-US: Microsoft SharePoint
CVE-2011-0652 (lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 ...)
	NOT-FOR-US: Look 'n' Stop Firewall
CVE-2011-0651 (Buffer overflow in the key exchange functionality in Icon Labs ...)
	NOT-FOR-US: Iconfidant SSL Server (VxWorks OS)
CVE-2011-0650 (Cross-site request forgery (CSRF) vulnerability in Greenbone Security ...)
	NOT-FOR-US: Greenbone Security Manager appliance
CVE-2010-4710 (Cross-site scripting (XSS) vulnerability in the addItem method in the ...)
	- yui <removed> (unimportant)
	NOTE: Mostly a case of mis-documentation
CVE-2010-4709 (Heap-based buffer overflow in Automated Solutions Modbus/TCP Master ...)
	NOT-FOR-US: Automated Solutions Modbus/TCP Master
CVE-2011-0649 (Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through ...)
	NOT-FOR-US: TIBCO Rendezvous
CVE-2011-0648 (Unspecified vulnerability in EMC Avamar before 5.0.4-30 allows remote ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-0647 (The irccd.exe service in EMC Replication Manager Client before 5.3 and ...)
	NOT-FOR-US: EMC
CVE-2011-0646 (SQL injection vulnerability in viewfaqs.php in PHP LOW BIDS allows ...)
	NOT-FOR-US: PHPLOWBIDS
CVE-2011-0645 (SQL injection vulnerability in data.php in PHPCMS 2008 V2 allows ...)
	NOT-FOR-US: PHPCMS
CVE-2011-0644 (SQL injection vulnerability in include/admin/model_field.class.php in ...)
	NOT-FOR-US: PHPCMS
CVE-2011-0643 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: PHP Link Directory
CVE-2011-0642 (Cross-site request forgery (CSRF) vulnerability in news/admin.php in ...)
	NOT-FOR-US: N-13 News
CVE-2011-0641 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: StatPressCN Wordpress Plugin
CVE-2011-0640 (The default configuration of udev on Linux does not warn the user ...)
	NOTE: Not much that could sensibly be fixed here
CVE-2011-0639 (Apple Mac OS X does not properly warn the user before enabling ...)
	NOT-FOR-US: Mac OS X
CVE-2011-0638 (Microsoft Windows does not properly warn the user before enabling ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0637 (The FC SCSI protocol driver in IBM AIX 6.1 does not verify that a ...)
	NOT-FOR-US: AIX
CVE-2011-0636 (The (1) cudaHostAlloc and (2) cuMemHostAlloc functions in the NVIDIA ...)
	NOT-FOR-US: NVIDIA CUDA Toolkit
CVE-2011-0635 (Static code injection vulnerability in Simploo CMS 1.7.1 and earlier ...)
	NOT-FOR-US: Simploo
CVE-2010-4708 (The pam_env module in Linux-PAM (aka pam) 1.1.2 and earlier reads the ...)
	- pam 1.1.3-7.1 (low; bug #611136)
	[lenny] - pam <no-dsa> (Minor issue, too invasive for a stable release)
	[squeeze] - pam <no-dsa> (Minor issue, too invasive for a stable release)
CVE-2010-4707 (The check_acl function in pam_xauth.c in the pam_xauth module in ...)
	- pam 1.1.3-1 (low)
	[lenny] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4706 (The pam_sm_close_session function in pam_xauth.c in the pam_xauth ...)
	- pam 1.1.3-1 (low)
	[lenny] - pam <no-dsa> (Minor issue)
	[squeeze] - pam <no-dsa> (Minor issue)
CVE-2010-4705 (Integer overflow in the vorbis_residue_decode_internal function in ...)
	{DSA-2165-1}
	- ffmpeg <not-affected> (issue introduced in 0.6.x series; bug #611495)
	- ffmpeg-debian <removed>
	NOTE: recheck when 0.6.x gets uploaded
CVE-2010-4704 (libavcodec/vorbis_dec.c in the Vorbis decoder in FFmpeg 0.6.1 and ...)
	{DSA-2306-1 DSA-2165-1}
	- libav 4:0.6.2-1 (low; bug #611495)
	- ffmpeg 7:2.4.1-1 (low; bug #611495)
	- ffmpeg-debian <removed>
	NOTE: this is a crash found by fuzzing and not clearly exploitable (can be combined with other fixes so low urgency)
CVE-2011-XXXX [shibboleth Single TransientID Mapped to Multiple Principals]
	NOTE: Not packaged in Debian, separate package Shibboleth IdP
	NOTE: http://shibboleth.internet2.edu/secadv/secadv_20110113.txt
CVE-2011-0520 (The compress_add_dlabel_points function in dns/Compress.c in MaraDNS ...)
	{DSA-2196-1}
	- maradns 1.4.03-1.1 (bug #610834)
CVE-2011-0634
	REJECTED
CVE-2011-0633 (The Net::HTTPS module in libwww-perl (LWP) before 6.00, as used in ...)
	- libwww-perl 6.01-1 (low; bug #669126)
	[squeeze] - libwww-perl <no-dsa> (Minor issue)
CVE-2011-0632
	RESERVED
CVE-2011-0631
	RESERVED
CVE-2011-0630
	RESERVED
CVE-2011-0629 (Cross-site request forgery (CSRF) vulnerability in Adobe ColdFusion ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0628 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0627 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0626 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0625 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0624 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0623 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0622 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0621 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0620 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0619 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0618 (Integer overflow in Adobe Flash Player before 10.3.181.14 on Windows, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0617
	REJECTED
CVE-2011-0616
	REJECTED
CVE-2011-0615 (Multiple buffer overflows in Adobe Audition 3.0.1 and earlier allow ...)
	NOT-FOR-US: Adobe Audition
CVE-2011-0614 (Buffer overflow in Adobe Audition 3.0.1 and earlier allows remote ...)
	NOT-FOR-US: Adobe Audition
CVE-2011-0613 (Multiple cross-site scripting (XSS) vulnerabilities in RoboHelp 7 and ...)
	NOT-FOR-US: RoboHelp
CVE-2011-0612 (Adobe Flash Media Server (FMS) before 3.5.6, and 4.x before 4.0.2, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2011-0611 (Adobe Flash Player before 10.2.154.27 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player / Acrobat Reader
CVE-2011-0610 (The CoolType library in Adobe Reader 9.x before 9.4.4 and 10.x through ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0609 (Unspecified vulnerability in Adobe Flash Player 10.2.154.13 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0608 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0607 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0606 (Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0605 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0604 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0603 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0602 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0601
	REJECTED
CVE-2011-0600 (The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0599 (The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0598 (Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0597
	REJECTED
CVE-2011-0596 (The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0595 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0594 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0593 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0592 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0591 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0590 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0589 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0588 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0587 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0586 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0585 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0584 (Session fixation vulnerability in Adobe ColdFusion 8.0 through 9.0.1 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0583 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0582 (Unspecified vulnerability in the administrator console in Adobe ...)
	NOT-FOR-US: ColdFusion
CVE-2011-0581 (Multiple CRLF injection vulnerabilities in Adobe ColdFusion 8.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0580 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2011-0579 (Adobe Flash Player before 10.3.181.14 on Windows, Mac OS X, Linux, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0578 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0577 (Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0576
	REJECTED
CVE-2011-0575 (Untrusted search path vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0574 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0573 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0572 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0571 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0570 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0569 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0568 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0567 (AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0566 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0565 (Unspecified vulnerability in Adobe Reader and Acrobat 10.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0564 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0563 (Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0562 (Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2011-0561 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0560 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0559 (Adobe Flash Player before 10.2.152.26 allows attackers to execute ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0558 (Integer overflow in Adobe Flash Player before 10.2.152.26 allows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2011-0557 (Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0556 (The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0555 (The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0554 (The management console in Symantec IM Manager before 8.4.18 allows ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0553 (SQL injection vulnerability in the management console in Symantec IM ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0552 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2011-0551 (Cross-site request forgery (CSRF) vulnerability in the Web Interface ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2011-0550 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2011-0549 (SQL injection vulnerability in forget.php in the management GUI in ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2011-0548 (Buffer overflow in the Lotus Freelance Graphics PRZ file viewer in ...)
	NOT-FOR-US: Lotus Freelance Graphics
CVE-2011-0547 (Multiple integer overflows in vxsvc.exe in the Veritas Enterprise ...)
	NOT-FOR-US: Veritas
CVE-2011-0546 (Symantec Backup Exec 11.0, 12.0, 12.5, 13.0, and 13.0 R2 does not ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2011-0545 (Cross-site request forgery (CSRF) vulnerability in adduser.do in ...)
	NOT-FOR-US: Symantec LiveUpdate Administrator
CVE-2011-0544
	RESERVED
	- phpbb3 3.0.7-PL1-5 (low; bug #612477)
	[squeeze] - phpbb3 <no-dsa> (Minor issue)
CVE-2011-0543 (Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0542 (fusermount in fuse 2.8.5 and earlier does not perform a chdir to / ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0541 (fuse 2.8.5 and earlier does not properly handle when /etc/mtab cannot ...)
	- fuse 2.8.5-1 (low; bug #624551)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-0541
CVE-2011-0540
	REJECTED
CVE-2011-0539 (The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, ...)
	- openssh 1:5.8p1-2
	[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
	[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
CVE-2011-0538 (Wireshark 1.2.0 through 1.2.14, 1.4.0 through 1.4.3, and 1.5.0 frees ...)
	{DSA-2201-1}
	- wireshark 1.4.3-3 (low; bug #613202)
CVE-2011-0537 (Multiple directory traversal vulnerabilities in (1) ...)
	- mediawiki <not-affected> (Only affected when running on Windows or Novell Netware)
CVE-2011-0536 (Multiple untrusted search path vulnerabilities in elf/dl-object.c in ...)
	- eglibc 2.11.2-8 (bug #600667)
	- glibc <not-affected> (Lenny version not affected)
CVE-2011-0535 (Cross-site request forgery (CSRF) vulnerability in the Users module in ...)
	NOT-FOR-US: zikula
CVE-2011-0534 (Apache Tomcat 7.0.0 through 7.0.6 and 6.0.0 through 6.0.30 does not ...)
	{DSA-2160-1}
	- tomcat5.5 <not-affected> (Vulnerable code not present)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0533 (Cross-site scripting (XSS) vulnerability in Apache Continuum 1.1 ...)
	NOT-FOR-US: Apache Continuum
CVE-2011-0532 (The (1) backup and restore scripts, (2) main initialization script, ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0531 (demux/mkv/mkv.hpp in the MKV demuxer plugin in VideoLAN VLC media ...)
	{DSA-2159-1}
	- vlc 1.1.7-1 (medium)
	[lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0530 (Buffer overflow in the mainloop function in nbd-server.c in the server ...)
	{DSA-2183-1}
	- nbd 1:2.9.16-8 (bug #611187)
	[etch] - nbd <not-affected> (reintroduced in 2.9.0)
CVE-2011-0529
	RESERVED
	- weborf 0.12.5-1
CVE-2011-0528 (Puppet 2.6.0 through 2.6.3 does not properly restrict access to node ...)
	- puppet 2.6.2-3
	[lenny] - puppet <not-affected> (Only affects 2.6.x)
CVE-2011-0527 (VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before ...)
	NOT-FOR-US: VMware vFabric tc Server
CVE-2011-0526 (Cross-site scripting (XSS) vulnerability in index.php in Vanilla ...)
	NOT-FOR-US: Vanilla Forums
CVE-2011-0525
	RESERVED
	NOT-FOR-US: Batavi
CVE-2011-0524 (Multiple buffer overflows in the NMEA parser (nmea-gen.c) in gypsy 0.8 ...)
	- gypsy <itp> (bug #491723)
CVE-2011-0523 (gypsy 0.8 does not properly restrict the files that can be read while ...)
	- gypsy <itp> (bug #491723)
CVE-2011-0521 (The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-2
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2011-0519 (SQL injection vulnerability in gallery.php in Gallarific PHP Photo ...)
	NOT-FOR-US: Gallarific
CVE-2011-0518 (Directory traversal vulnerability in core/lib/router.php in LotusCMS ...)
	NOT-FOR-US: LotusCMS
CVE-2011-0517 (Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and ...)
	NOT-FOR-US: Winlog Pro
CVE-2011-0516 (SQL injection vulnerability in mainx_a.php in E-PROMPT C BetMore Site ...)
	NOT-FOR-US: BetMore Site Suite
CVE-2011-0515 (KisKrnl.sys 2011.1.13.89 and earlier in Kingsoft AntiVirus 2011 SP5.2 ...)
	NOT-FOR-US: Kingsoft AntiVirus
CVE-2011-0514 (The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows ...)
	NOT-FOR-US: HP Data Protector Manager
CVE-2011-0513 (DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows ...)
	NOT-FOR-US: SecurStar DriveCrypt
CVE-2011-0512 (SQL injection vulnerability in team.php in the Teams Structure module ...)
	NOT-FOR-US: PHP-Fusion
CVE-2011-0511 (SQL injection vulnerability in the allCineVid component ...)
	NOT-FOR-US: Joomla! component
CVE-2011-0510 (SQL injection vulnerability in cart.php in Advanced Webhost Billing ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2011-0509 (Cross-site scripting (XSS) vulnerability in Vaadin before 6.4.9 allows ...)
	NOT-FOR-US: Vaadin
CVE-2011-0508 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Contao CMS
CVE-2011-0507 (FTPService.exe in Blackmoon FTP 3.1 Build 1735 and Build 1736 ...)
	NOT-FOR-US: Blackmoon FTP
	NOTE: Windows-only
CVE-2011-0506 (Directory traversal vulnerability in modules/profile/user.php in Ax ...)
	NOT-FOR-US: AxDCMS
CVE-2011-0505 (Directory traversal vulnerability in system/system.php in Zwii 2.1.1, ...)
	NOT-FOR-US: Zwii
CVE-2011-0504 (Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, ...)
	NOT-FOR-US: VaM Shop
CVE-2011-0503 (Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, ...)
	NOT-FOR-US: VaM Shop
CVE-2011-0502 (Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly ...)
	NOT-FOR-US: Music Animation Machine MIDI Player
	NOTE: Windows-only
CVE-2011-0501 (Stack-based buffer overflow in Music Animation Machine MIDI Player ...)
	NOT-FOR-US: Music Animation Machine MIDI Player
	NOTE: Windows-only
CVE-2011-0500 (Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and ...)
	NOT-FOR-US: VideoSpirit Pro
CVE-2011-0499 (Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier ...)
	NOT-FOR-US: VideoSpirit Pro
CVE-2011-0498 (Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, ...)
	NOT-FOR-US: Nokia Multimedia Player
CVE-2011-0497 (Directory traversal vulnerability in Sybase EAServer 6.x before 6.3 ...)
	NOT-FOR-US: Sybase EAServer
CVE-2011-0496 (Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ...)
	NOT-FOR-US: Sybase EAServer
CVE-2010-4703 (SQL injection vulnerability in default.asp in HotWebScripts HotWeb ...)
	NOT-FOR-US: HotWebScripts HotWeb Rentals
CVE-2010-4702 (SQL injection vulnerability in JRadio (com_jradio) component before ...)
	NOT-FOR-US: Joomla component
CVE-2010-4701 (Heap-based buffer overflow in the CDrawPoly::Serialize function in ...)
	NOT-FOR-US: Microsoft Windows Fax Services Cover Page Editor
CVE-2011-0495 (Stack-based buffer overflow in the ast_uri_encode function in ...)
	{DSA-2171-1}
	- asterisk 1:1.6.2.9-2+squeeze1 (bug #610487)
CVE-2011-0494 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2011-0489 (The server components in Objectivity/DB 10.0 do not require ...)
	NOT-FOR-US: Objectivity/DB
CVE-2011-0488 (Stack-based buffer overflow in NTWebServer.exe in the test web service ...)
	NOT-FOR-US: NTWebServer
CVE-2011-0487 (ICQ 7 does not verify the authenticity of updates, which allows ...)
	NOT-FOR-US: ICQ
CVE-2011-0486 (Cross-site scripting (XSS) vulnerability in cognos.cgi in IBM Cognos 8 ...)
	NOT-FOR-US: IBM Cognos
CVE-2010-4700 (The set_magic_quotes_runtime function in PHP 5.3.2 and 5.3.3, when the ...)
	- php5 <not-affected> (vuln code in mysqlnd, we use libmysqlclient)
CVE-2010-4699 (The iconv_mime_decode_headers function in the Iconv extension in PHP ...)
	- php5 5.3.5-1 (unimportant)
CVE-2010-4698 (Stack-based buffer overflow in the GD extension in PHP before 5.2.15 ...)
	- php5 5.3.3-7 (unimportant)
	NOTE: Only exloitable with malicious script
CVE-2010-4697 (Use-after-free vulnerability in the Zend engine in PHP before 5.2.15 ...)
	{DSA-2408-1}
	- php5 5.3.5-1 (unimportant)
	NOTE: requires attacker to be able to execute code already
CVE-2010-4696 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
	NOT-FOR-US: Joomla
CVE-2009-5051 (Hastymail2 before RC 8 does not set the secure flag for the session ...)
	- hastymail <removed>
CVE-2011-0493 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha might allow ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0492 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha allows remote ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0491 (The tor_realloc function in Tor before 0.2.1.29 and 0.2.2.x before ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0490 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha makes calls to ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-XXXX [multiple spip issues]
	- spip 2.1.1-3 (bug #609212; bug #610016)
CVE-2011-0485 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser 6.0.472.63~r59945-5+squeeze4
	- webkit <not-affected> (chromium specific)
CVE-2011-0484 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/75082
	NOTE: http://trac.webkit.org/changeset/75084
CVE-2011-0483 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/74787
CVE-2011-0482 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-5
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/74779
CVE-2011-0481 (Buffer overflow in Google Chrome before 8.0.552.237 and Chrome OS ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0480 (Multiple buffer overflows in vorbis_dec.c in the Vorbis decoder in ...)
	{DSA-2306-1}
	- ffmpeg 7:2.4.1-1
	[squeeze] - ffmpeg <not-affected> (webm not supported yet)
	- ffmpeg-debian <not-affected> (webm not supported yet)
	- libav 4:0.6.1-1 (bug #610550)
CVE-2011-0479 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-0478 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/74636
CVE-2011-0477 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 6.0.472.63~r59945-5
	- webkit <not-affected> (chromium specific)
CVE-2011-0476 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0475 (Use-after-free vulnerability in Google Chrome before 8.0.552.237 and ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0474 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/74574
CVE-2011-0473 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/73927
	NOTE: http://trac.webkit.org/changeset/73937
CVE-2011-0472 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser <not-affected> (Chrome PDF plugin)
	- webkit <not-affected> (Chrome PDF plugin)
CVE-2011-0471 (The node-iteration implementation in Google Chrome before 8.0.552.237 ...)
	- chromium-browser 6.0.472.63~r59945-5
	NOTE: http://trac.webkit.org/changeset/73559
	NOTE: http://trac.webkit.org/changeset/73620
CVE-2011-0470 (Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
CVE-2011-0469 (Code injection in openSUSE when running some source services used in ...)
	- open-build-service <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=679325
	NOTE: Main fix: https://github.com/openSUSE/open-build-service/commit/76b0ab003f34435ca90d943e02dd22279cdeec2a
	NOTE: Secondary fix: https://github.com/openSUSE/open-build-service/commit/23c8d21c75242999e29379e6ca8418a14c8725c6
CVE-2011-0468 (The aaa_base package before 11.3-8.9.1 in SUSE openSUSE 11.3, and ...)
	NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0467
	RESERVED
CVE-2011-0466 (The API in SUSE openSUSE Build Service (OBS) 2.0.x before 2.0.8 and ...)
	NOT-FOR-US: openSUSE Build Service
CVE-2011-0465 (xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote ...)
	{DSA-2213-1}
	- x11-xserver-utils 7.6+2 (low; bug #621423)
	NOTE: http://cgit.freedesktop.org/xorg/app/xrdb/commit/?id=1027d5df07398c1507fb1fe3a9981aa6b4bc3a56
	NOTE: low as this is not enabled in a standard setup
CVE-2011-0464 (Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 ...)
	NOT-FOR-US: Novell Vibe OnPrem
CVE-2011-0463 (The ocfs2_prepare_page_for_write function in fs/ocfs2/aops.c in the ...)
	- linux-2.6 2.6.39-1
	[squeeze] - linux-2.6 2.6.32-34
CVE-2011-0462 (Multiple cross-site scripting (XSS) vulnerabilities in the login page ...)
	NOT-FOR-US: openSUSE Build Service
CVE-2011-0461 (/etc/init.d/boot.localfs in the aaa_base package before 11.2-43.48.1 ...)
	NOT-FOR-US: OpenSUSE aaa_base package
CVE-2011-0460 (The init script in kbd, possibly 1.14.1 and earlier, allows local ...)
	- kbd <not-affected> (SUSE-specific)
CVE-2011-0459 (Cross-site scripting (XSS) vulnerability in Cyber-Ark Password Vault ...)
	NOT-FOR-US: Cyber-Ark
CVE-2011-0458 (Untrusted search path vulnerability in the Locate on Disk feature in ...)
	NOT-FOR-US: Google Picasa
CVE-2011-0457 (Cross-site scripting (XSS) vulnerability in e107 0.7.22 and earlier ...)
	NOT-FOR-US: e107
CVE-2011-0456 (webscript.pl in Open Ticket Request System (OTRS) 2.3.4 and earlier ...)
	- otrs2 2.4.5-1
CVE-2011-0455 (Cross-site scripting (XSS) vulnerability in Things BBS before 2.0.3 ...)
	NOT-FOR-US: Things BBS
CVE-2011-0454 (Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 ...)
	NOT-FOR-US: PPP Access Concentrator
CVE-2011-0453 (F-Secure Internet Gatekeeper for Linux 3.x before 3.03 does not ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper
CVE-2011-0452 (Untrusted search path vulnerability in the script function in ...)
	NOT-FOR-US: Lunascape
CVE-2011-0451 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: EC-CUBE
CVE-2011-0450 (The downloads manager in Opera before 11.01 on Windows does not ...)
	NOT-FOR-US: Opera
CVE-2011-0449 (actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x ...)
	- rails <not-affected> (Only affects 3.x)
CVE-2011-0448 (Ruby on Rails 3.0.x before 3.0.4 does not ensure that arguments to the ...)
	- rails <not-affected> (Only affects 3.x)
CVE-2011-0447 (Ruby on Rails 2.1.x, 2.2.x, and 2.3.x before 2.3.11, and 3.x before ...)
	{DSA-2247-1}
	- rails 2.3.11-0.1 (bug #614864)
CVE-2011-0446 (Multiple cross-site scripting (XSS) vulnerabilities in the mail_to ...)
	{DSA-2247-1}
	- rails 2.3.11-0.1 (bug #614864)
CVE-2010-4695 (A certain Fedora patch for gif2png.c in gif2png 2.5.1 and 2.5.2, as ...)
	- gif2png 2.5.4-2 (low; bug #610479)
	[lenny] - gif2png <no-dsa> (Minor issue)
	[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2010-4694 (Buffer overflow in gif2png.c in gif2png 2.5.3 and earlier might allow ...)
	- gif2png 2.5.4-2 (low; bug #610479)
	[lenny] - gif2png <no-dsa> (Minor issue)
	[squeeze] - gif2png <no-dsa> (Minor issue)
CVE-2008-7271 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
	- eclipse <not-affected> (Fixed before the version now in Squeeze)
CVE-2011-0426 (Directory traversal vulnerability in vCenter Server in VMware vCenter ...)
	NOT-FOR-US: VMware
CVE-2011-0445 (The ASN.1 BER dissector in Wireshark 1.4.0 through 1.4.2 allows remote ...)
	- wireshark <not-affected> (Only affects Wireshark 1.4, fixed in experimental)
CVE-2011-0444 (Buffer overflow in the MAC-LTE dissector ...)
	- wireshark 1.2.11-6
	[lenny] - wireshark <not-affected> (Vulnerable code not present)
CVE-2011-0443 (SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, ...)
	NOT-FOR-US: tinyBB
CVE-2011-0442 (The service utility in EMC Avamar 5.x before 5.0.4 uses cleartext to ...)
	NOT-FOR-US: EMC Avamar
CVE-2011-0441 (The Debian GNU/Linux /etc/cron.d/php5 cron job for PHP 5.3.5 allows ...)
	{DSA-2195-1}
	- php5 5.3.6-1 (bug #618489)
	NOTE: Debian-specific
CVE-2011-0440 (Cross-site request forgery (CSRF) vulnerability in Mahara 1.2.x before ...)
	{DSA-2206-1}
	- mahara 1.2.7-1
CVE-2011-0439 (Cross-site scripting (XSS) vulnerability in Mahara 1.2.x before 1.2.7 ...)
	{DSA-2206-1}
	- mahara 1.2.7-1
CVE-2011-0438 (nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success ...)
	- nss-pam-ldapd <not-affected> (Only affects 0.8.0, which was only uploaded to experimental)
CVE-2011-0437 (shared/inc/sql/ssh.php in the SSH accounts management implementation ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0436 (The register_user function in client/new_account_form.php in Domain ...)
	{DSA-2179-1}
	- dtc 0.32.10-1 (bug #614302)
CVE-2011-0435 (Domain Technologie Control (DTC) before 0.32.9 does not require ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0434 (Multiple SQL injection vulnerabilities in Domain Technologie Control ...)
	{DSA-2179-1}
	- dtc 0.32.10-1
CVE-2011-0433 (Heap-based buffer overflow in the linetoken function in afmparse.c in ...)
	{DSA-2388-1}
	- evince 2.32.0-1 (bug #614668)
	[squeeze] - evince 2.30.3-2+squeeze1
	- vftool 2.0alpha-4.1 (low; bug #614669)
	[squeeze] - vftool 2.0alpha-4+squeeze1
	[lenny] - vftool 2.0alpha-3+lenny1
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
	NOTE: vuln source file is lib/t1lib/parseAFM.c, which differs slightly from evince's afmparse.c in the affected areas but it is indeed affected
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=640923
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=643882
CVE-2011-0432 (Multiple SQL injection vulnerabilities in the get_userinfo method in ...)
	{DSA-2177-1}
	- pywebdav 0.9.4-3
CVE-2011-0431 (The afs_linux_lock function in afs/LINUX/osi_vnodeops.c in the kernel ...)
	{DSA-2168-1}
	- openafs 1.4.14+dfsg-1
CVE-2011-0430 (Double free vulnerability in the Rx server process in OpenAFS 1.4.14, ...)
	{DSA-2168-1}
	- openafs 1.4.14+dfsg-1
CVE-2011-0429
	RESERVED
CVE-2011-0428
	RESERVED
	- ikiwiki 3.20110122
	[squeeze] - ikiwiki 3.20100815.5
	[lenny] - ikiwiki <not-affected> (Vulnerable code not present)
	NOTE: https://ikiwiki.info/security/#index38h2
CVE-2011-0427 (Heap-based buffer overflow in Tor before 0.2.1.29 and 0.2.2.x before ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0425
	RESERVED
CVE-2011-0424
	RESERVED
CVE-2011-0423 (The PolyVision RoomWizard with firmware 3.2.3 has a default password ...)
	NOT-FOR-US: PolyVision RoomWizard
CVE-2011-0422
	RESERVED
CVE-2011-0421 (The _zip_name_locate function in zip_name_locate.c in the Zip ...)
	{DSA-2266-1}
	- php5 5.3.6-1
	NOTE: http://svn.php.net/viewvc?view=revision&revision=307867
	- libzip 0.10-1 (low)
	[squeeze] - libzip <no-dsa> (Minor issue)
	NOTE: http://hg.nih.at/libzip/?fd=13654bfdc88c;file=lib/zip_name_locate.c
CVE-2011-0420 (The grapheme_extract function in the Internationalization extension ...)
	{DSA-2266-1}
	- php5 5.3.6-1 (unimportant)
	[lenny] - php5 <not-affected> (intl extension added in 5.3)
	NOTE: Only triggerable through malicious script
	NOTE: http://svn.php.net/viewvc?view=revision&revision=306449
CVE-2011-0419 (Stack consumption vulnerability in the fnmatch implementation in ...)
	{DSA-2237-2}
	- apr 1.4.4-1 (low)
CVE-2011-0418 (The glob implementation in Pure-FTPd before 1.0.32, and in libc in ...)
	- pure-ftpd 1.0.32-1 (unimportant)
	NOTE: The attack could not be reproduced on Linux. The upstream change from 1.0.32
	NOTE: only disables GLOB_BRACE, possibly to protect installations with a vulnerable libc
CVE-2011-0417
	RESERVED
CVE-2011-0416
	RESERVED
CVE-2011-0415
	RESERVED
CVE-2011-0414 (ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative ...)
	{DSA-2208-1}
	- bind9 1:9.7.3.dfsg-1 (bug #601830)
	[lenny] - bind9 <not-affected> (Introduced in 9.7.1)
CVE-2011-0413 (The DHCPv6 server in ISC DHCP 4.0.x and 4.1.x before 4.1.2-P1, 4.0-ESV ...)
	{DSA-2184-1}
	- isc-dhcp 4.1.1-P1-16 (bug #611217)
	- dhcp3 <not-affected> (vuln code introduced in 4.0)
	- dhcp <not-affected> (vuln code introduced in 4.0)
	NOTE: maintainer is aware
	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2011-0413
CVE-2011-0412 (Oracle Solaris 8, 9, and 10 stores back-out patch files (undo.Z) ...)
	NOT-FOR-US: Oracle Solaris
CVE-2011-0411 (The STARTTLS implementation in Postfix 2.4.x before 2.4.16, 2.5.x ...)
	{DSA-2233-1}
	- postfix 2.8.0-1 (bug #617849)
	NOTE: http://www.securityfocus.com/archive/1/516901/30/0/threaded
	NOTE: http://www.postfix.org/announcements/postfix-2.7.3.html
	NOTE: http://www.postfix.org/CVE-2011-0411.html
	NOTE: http://www.kb.cert.org/vuls/id/MAPG-8D9M5Q
CVE-2011-0410 (CollabNet ScrumWorks Basic 1.8.4 uses cleartext credentials for ...)
	NOT-FOR-US: CollabNet ScrumWorks Basic
CVE-2011-0409
	RESERVED
CVE-2011-0408 (pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to ...)
	- libpng <not-affected> (vulnerable code introduced in 1.5.0, not packaged)
CVE-2011-0407 (SQL injection vulnerability in the store function in ...)
	NOT-FOR-US: Phenotype CMS
CVE-2011-0406 (Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView ...)
	NOT-FOR-US: WellinTech KingView
CVE-2011-0405 (Directory traversal vulnerability in module.php in PhpGedView 4.2.3 ...)
	- phpgedview <removed>
CVE-2011-0404 (Stack-based buffer overflow in NetSupport Manager Agent for Linux ...)
	NOT-FOR-US: NetSupport Manager Agent for Linux
CVE-2011-0403 (Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, ...)
	NOT-FOR-US: ImgBurn
CVE-2011-0402 (dpkg-source in dpkg before 1.14.31 and 1.15.x allows user-assisted ...)
	{DSA-2142-1}
	- dpkg 1.15.8.8
CVE-2011-0401 (Piwik before 1.1 does not properly limit the number of files stored ...)
	- piwik <itp> (bug #506933)
CVE-2011-0400 (Cookie.php in Piwik before 1.1 does not set the secure flag for the ...)
	- piwik <itp> (bug #506933)
CVE-2011-0399 (Piwik before 1.1 does not prevent the rendering of the login form ...)
	- piwik <itp> (bug #506933)
CVE-2011-0398 (The Piwik_Common::getIP function in Piwik before 1.1 does not properly ...)
	- piwik <itp> (bug #506933)
CVE-2010-4693 (Multiple cross-site scripting (XSS) vulnerabilities in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2011-0397
	RESERVED
CVE-2011-0396 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0395 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0394 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0393 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0392 (Cisco TelePresence Recording Server devices with software 1.6.x do not ...)
	NOT-FOR-US: Cisco
CVE-2011-0391 (Cisco TelePresence Recording Server devices with software 1.6.x allow ...)
	NOT-FOR-US: Cisco
CVE-2011-0390 (The XML-RPC implementation on Cisco TelePresence Multipoint Switch ...)
	NOT-FOR-US: Cisco
CVE-2011-0389 (Cisco TelePresence Multipoint Switch (CTMS) devices with software ...)
	NOT-FOR-US: Cisco
CVE-2011-0388 (Cisco TelePresence Recording Server devices with software 1.6.x and ...)
	NOT-FOR-US: Cisco
CVE-2011-0387 (The administrative web interface on Cisco TelePresence Multipoint ...)
	NOT-FOR-US: Cisco
CVE-2011-0386 (The XML-RPC implementation on Cisco TelePresence Recording Server ...)
	NOT-FOR-US: Cisco
CVE-2011-0385 (The administrative web interface on Cisco TelePresence Recording ...)
	NOT-FOR-US: Cisco
CVE-2011-0384 (The Java Servlet framework on Cisco TelePresence Multipoint Switch ...)
	NOT-FOR-US: Cisco
CVE-2011-0383 (The Java Servlet framework on Cisco TelePresence Recording Server ...)
	NOT-FOR-US: Cisco
CVE-2011-0382 (The CGI subsystem on Cisco TelePresence Recording Server devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0381 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2011-0380 (Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2011-0379 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5500 ...)
	NOT-FOR-US: Cisco
CVE-2011-0378 (The XML-RPC implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0377 (Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x ...)
	NOT-FOR-US: Cisco
CVE-2011-0376 (The TFTP implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0375 (The CGI implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0374 (The CGI implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0373 (The CGI implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0372 (The CGI implementation on Cisco TelePresence endpoint devices with ...)
	NOT-FOR-US: Cisco
CVE-2011-0371
	RESERVED
CVE-2011-0370
	RESERVED
CVE-2011-0369
	RESERVED
CVE-2011-0368
	RESERVED
CVE-2011-0367
	RESERVED
CVE-2011-0366
	RESERVED
CVE-2011-0365
	RESERVED
CVE-2011-0364 (The Management Console (webagent.exe) in Cisco Security Agent 5.1, ...)
	NOT-FOR-US: Cisco Security Agent Management
CVE-2011-0363
	RESERVED
CVE-2011-0362
	RESERVED
CVE-2011-0361
	RESERVED
CVE-2011-0360
	RESERVED
CVE-2011-0359
	RESERVED
CVE-2011-0358
	RESERVED
CVE-2011-0357
	RESERVED
CVE-2011-0356
	RESERVED
CVE-2011-0355 (Cisco Nexus 1000V Virtual Ethernet Module (VEM) 4.0(4) SV1(1) through ...)
	NOT-FOR-US: Cisco
CVE-2011-0354 (The default configuration of Cisco Tandberg C Series Endpoints, and ...)
	NOT-FOR-US: Cisco
CVE-2011-0353
	RESERVED
CVE-2011-0352 (Buffer overflow in the web-based management interface on the Cisco ...)
	NOT-FOR-US: Linksys router
CVE-2011-0351
	RESERVED
CVE-2011-0350 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0349 (Unspecified vulnerability in Cisco IOS 12.4(24)MD before 12.4(24)MD2 ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0348 (Cisco IOS 12.4(11)MD, 12.4(15)MD, 12.4(22)MD, 12.4(24)MD before ...)
	NOT-FOR-US: Cisco IOS
CVE-2011-0347 (Microsoft Internet Explorer on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0346 (Use-after-free vulnerability in the ReleaseInterface function in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0345 (Directory traversal vulnerability in the NMS server in Alcatel-Lucent ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2011-0344 (Multiple stack-based buffer overflows in unspecified CGI programs in ...)
	NOT-FOR-US: Unified Maintenance Tool
CVE-2011-0342 (Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ...)
	NOT-FOR-US: InduSoft ISSymbol ActiveX
CVE-2011-0341 (Stack-based buffer overflow in the pdfmoz_onmouse function in ...)
	NOT-FOR-US: MuPDF plug-in for Firefox
CVE-2011-0340 (Multiple buffer overflows in the ISSymbol ActiveX control in ...)
	NOT-FOR-US: ISSymbol.ocx
CVE-2011-0339
	RESERVED
CVE-2011-0338
	RESERVED
CVE-2011-0337
	RESERVED
CVE-2011-0336
	RESERVED
CVE-2011-0335 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0334 (Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0333 (Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf ...)
	NOT-FOR-US: Novell GroupWise
CVE-2011-0332 (Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom ...)
	NOT-FOR-US: Foxit Reader
CVE-2011-0331 (Use-after-free vulnerability in the addOSPLext method in the Honeywell ...)
	NOT-FOR-US: Honeywell ScanServer
CVE-2011-0330 (The Dell DellSystemLite.Scanner ActiveX control in DellSystemLite.ocx ...)
	NOT-FOR-US: Dell System Lite
CVE-2011-0329 (Directory traversal vulnerability in the GetData method in the Dell ...)
	NOT-FOR-US: Dell System Lite
CVE-2011-0328
	RESERVED
CVE-2011-0327
	RESERVED
CVE-2011-0326
	RESERVED
CVE-2011-0325
	RESERVED
CVE-2011-0324 (Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ...)
	NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0323 (Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other ...)
	NOT-FOR-US: Topaz Systems SigPlus
CVE-2011-0322 (Unspecified vulnerability in EMC RSA Access Manager Server 5.5.x, ...)
	NOT-FOR-US: EMC RSA Access Manager Server
CVE-2011-0321 (librpc.dll in nsrexecd in EMC NetWorker before 7.5 SP4, 7.5.3.x before ...)
	NOT-FOR-US: EMC NetWorker
CVE-2011-0320 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0319 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0318 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0317 (Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2011-0316 (The Administrative Console component in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0315 (Cross-site scripting (XSS) vulnerability in the Servlet Engine / Web ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2011-0314 (Heap-based buffer overflow in IBM WebSphere MQ 6.0 before 6.0.2.11 and ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0313
	RESERVED
CVE-2011-0312
	RESERVED
CVE-2011-0311 (The class file parser in IBM Java before 1.4.2 SR13 FP9, as used in ...)
	NOT-FOR-US: IBM Java
CVE-2011-0310 (Buffer overflow in IBM WebSphere MQ 7.0 before 7.0.1.4 allows remote ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2011-0309
	RESERVED
CVE-2011-0308
	RESERVED
CVE-2011-0307
	RESERVED
CVE-2011-0306
	RESERVED
CVE-2011-0305
	RESERVED
CVE-2011-0304
	RESERVED
CVE-2011-0303
	RESERVED
CVE-2011-0302
	RESERVED
CVE-2011-0301
	RESERVED
CVE-2011-0300
	RESERVED
CVE-2011-0299
	RESERVED
CVE-2011-0298
	RESERVED
CVE-2011-0297
	RESERVED
CVE-2011-0296
	RESERVED
CVE-2011-0295
	RESERVED
CVE-2011-0294
	RESERVED
CVE-2011-0293
	RESERVED
CVE-2011-0292
	RESERVED
CVE-2011-0291 (The BlackBerry PlayBook service on the Research In Motion (RIM) ...)
	NOT-FOR-US: BlackBarry PlayBook
CVE-2011-0290 (The BlackBerry Collaboration Service in Research In Motion (RIM) ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2011-0289
	RESERVED
CVE-2011-0288
	RESERVED
CVE-2011-0287 (Unspecified vulnerability in the BlackBerry Administration API in ...)
	NOT-FOR-US: BlackBerry products
CVE-2011-0286 (Cross-site scripting (XSS) vulnerability in webdesktop/app in the ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-4692 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4691 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4690 (The Mobile User Security (MUS) service on Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4689 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4688 (Unspecified vulnerability in the SIP inspection feature on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4687 (STCAPP (aka the SCCP telephony control application) on Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4686 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA1 does not ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4685 (Cisco IOS before 15.0(1)XA1 does not clear the public key cache upon a ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4684 (Cisco IOS before 15.0(1)XA1, when certain TFTP debugging is enabled, ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4683 (Memory leak in Cisco IOS before 15.0(1)XA5 might allow remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4682 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 series ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4681 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4680 (The WebVPN implementation on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4679 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4678 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4677 (emWEB on Cisco Adaptive Security Appliances (ASA) 5500 series devices ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4676 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4675 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4674 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4673 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4672 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4671 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-4670 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-4669 (The Neighbor Discovery (ND) protocol implementation in the IPv6 stack ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-5040 (CallManager Express (CME) on Cisco IOS before 15.0(1)XA allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5039 (Memory leak in the gk_circuit_info_do_in_acf function in the H.323 ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5038 (Cisco IOS before 15.0(1)XA does not properly handle IRC traffic during ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-5037 (Cisco Adaptive Security Appliances (ASA) 5500 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2011-XXXX
	- xdigger <removed> (bug #609096)
	[lenny] - xdigger 1.0.10-13+lenny1
	NOTE: CVE ID requested
CVE-2010-4645 (strtod.c, as used in the zend_strtod function in PHP 5.2 before 5.2.17 ...)
	- php5 5.3.3-7 (high)
	[lenny] - php5 <not-affected>
	NOTE: lenny10 includes a test for the bug. With lenny's toolchain
	NOTE: and settings, the bug can't be reproduced.
CVE-2011-XXXX [Crash with long HOME environment variable]
	- toppler 1.1.4-2 (unimportant; bug #608979)
	NOTE: Negligable privilege escalation
CVE-2011-XXXX [Crash with long HOME environment variable]
	- lbreakout2 <unfixed> (unimportant; bug #608980)
	NOTE: sgid games is dropped before buffer overflow
CVE-2011-XXXX [Crash with long GGI_DISPLAY environment variable]
	- libggi <removed> (bug #608981)
	[squeeze] - libggi <no-dsa> (Minor issue)
CVE-2011-0343 (Balabit syslog-ng 2.0, 3.0, 3.1, 3.2 OSE and PE, when running on ...)
	- syslog-ng 3.1.3-2 (bug #608491)
	[lenny] - syslog-ng <not-affected> (2.0 not affected, also Freebsd-specific, which is not supported in Lenny anyway)
CVE-2010-XXXX [XSS in ftpls]
	- ftpcopy 0.6.7-3 (bug #607494)
	[squeeze] - ftpcopy <no-dsa> (Minor issue)
	[lenny] - ftpcopy <no-dsa> (Minor issue)
	NOTE: CVE ID requested
CVE-2011-0285 (The process_chpw_request function in schpw.c in the password-changing ...)
	- krb5 1.9.1+dfsg-1 (bug #622681)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <not-affected> (see below)
	NOTE: 1.6 is not affected: While the error case in the process_chpw_request()
	NOTE: in kadmind in 1.6 can leave the data pointer uninitialized, the error
	NOTE: path in its caller will not free() that pointer (the invalid pointer
	NOTE: goes out of scope without being freed), unlike in krb5-1.7 and later.
	NOTE: Those later releases add support for password changing over TCP, and
	NOTE: the error path in the TCP handling code is what frees the
	NOTE: uninitialized pointer. (Clarification by Tom Yu)
CVE-2011-0284 (Double free vulnerability in the prepare_error_as function in ...)
	- krb5 1.8.3+dfsg-6 (low; bug #618517)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed through a point update)
CVE-2011-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.9 ...)
	- krb5 <not-affected> (Only affects 1.9.x)
	[squeeze] - krb5 <no-dsa> (minor issue)
	[lenny] - krb5 <no-dsa> (minor issue)
CVE-2011-0282 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.6.x ...)
	- krb5 1.8.3+dfsg-5
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed in a point update)
CVE-2011-0281 (The unparse implementation in the Key Distribution Center (KDC) in MIT ...)
	- krb5 1.8.3+dfsg-5
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <no-dsa> (Will be fixed in a point update)
CVE-2010-4668 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4667 (Cross-site scripting (XSS) vulnerability in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2010-4666 (Buffer overflow in libarchive 3.0 pre-release code allows remote ...)
	- libarchive 3.0.4-2 (bug #669197)
	[squeeze] - libarchive <not-affected> (no cab support prior to 3.0)
	NOTE: http://code.google.com/p/libarchive/source/detail?r=488ef3fb28c416285ebe4c00266268db7330466b
	NOTE: Might be fixed earlier than 3.0.4-2, but was tested against the Wheezy version
CVE-2010-4665 (Integer overflow in the ReadDirectory function in tiffdump.c in ...)
	{DSA-2552-1}
	- tiff <not-affected> (vulnerable code not present)
	- tiff3 3.9.5
CVE-2010-4664
	RESERVED
	- consolekit 0.4.2-1 (low)
	[squeeze] - consolekit <no-dsa> (Minor issue)
CVE-2010-4663 (Unspecified vulnerability in the News module in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-4662
	RESERVED
	NOT-FOR-US: pmwiki
CVE-2010-4661 [arbitrary kernel module loading]
	RESERVED
	- udisks 1.0.3-1
	[squeeze] - udisks <no-dsa> (Minor issue)
	NOTE: upstream bug https://bugs.freedesktop.org/show_bug.cgi?id=32232
	NOTE: fixed by http://cgit.freedesktop.org/udisks/commit/?id=c933a929f07421ec747cebb24d5e620fc2b97037
CVE-2010-4660
	RESERVED
	- statusnet <itp> (bug #491723)
CVE-2010-4659
	RESERVED
	- statusnet <itp> (bug #491723)
CVE-2010-4658
	RESERVED
	- statusnet <itp> (bug #491723)
CVE-2010-4657 [xmlTextWriterWriteAttribute heap disclosure]
	RESERVED
	- php5 5.4.4-1 (low)
	[squeeze] - php5 <no-dsa> (Minor issue)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=631551
	NOTE: Not sure when this was initially fixed, tested with the initial Wheezy version 5.4.4
	NOTE: and the reproducer from https://bugs.launchpad.net/php/%2Bbug/655442
CVE-2010-4656 (The iowarrior_write function in drivers/usb/misc/iowarrior.c in the ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4655 (net/core/ethtool.c in the Linux kernel before 2.6.36 does not ...)
	{DSA-2264-1}
	- linux-2.6 2.6.32-27
CVE-2010-4654 [Malformed commands may cause corruption of the internal stack]
	RESERVED
	- kdegraphics <not-affected> (no stackheight)
	- xpdf <not-affected> (no stackheight)
	- poppler 0.16.3-1
	[lenny] - poppler <not-affected> (stackheights introduced after 0.12)
	[squeeze] - poppler <not-affected> (stackheights introduced after 0.12)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=8284008aa8230a92ba08d547864353d3290e9bf9
CVE-2010-4653 [integer overflow when parsing CharCodes for fonts]
	RESERVED
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.16.3-1 (low)
	[lenny] - poppler <no-dsa> (minor issue)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=cad66a7d25abdb6aa15f3aa94a35737b119b2659
CVE-2010-4652 (Heap-based buffer overflow in the sql_prepare_where function ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.3a-6
CVE-2010-4651 (Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ...)
	- patch <unfixed> (unimportant)
	NOTE: Applying a patch blindly opens more severe security issues than only directory traversal...
	NOTE: openwall ships a fix
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=667529 for details
CVE-2010-4650 (Buffer overflow in the fuse_do_ioctl function in fs/fuse/file.c in the ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.29)
CVE-2010-4649 (Integer overflow in the ib_uverbs_poll_cq function in ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4648 (The orinoco_ioctl_set_auth function in ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4647 (Multiple cross-site scripting (XSS) vulnerabilities in the Help ...)
	- eclipse 3.5.2-9 (low; bug #611849)
	[squeeze] - eclipse 3.5.2-6squeeze2
CVE-2010-4646 (Cross-site scripting (XSS) vulnerability in Hastymail2 before 1.01 ...)
	- hastymail <removed>
CVE-2010-4644 (Multiple memory leaks in rev_hunt.c in Apache Subversion before 1.6.15 ...)
	- subversion 1.6.12dfsg-3 (low; bug #608989)
	[lenny] - subversion <no-dsa> (Minor issue)
CVE-2010-4643 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4642 (Cross-site scripting (XSS) vulnerability in XWiki Enterprise before ...)
	NOT-FOR-US: XWiki
CVE-2010-4641 (SQL injection vulnerability in XWiki Enterprise before 2.5 allows ...)
	NOT-FOR-US: XWiki
CVE-2010-4640 (Multiple cross-site scripting (XSS) vulnerabilities in XWiki Watch 1.0 ...)
	NOT-FOR-US: XWiki
CVE-2010-4639 (SQL injection vulnerability in index.php in MySource Matrix allows ...)
	NOT-FOR-US: MySource Matrix
CVE-2010-4638 (SQL injection vulnerability in the submitSurvey function in ...)
	NOT-FOR-US: Joomla! JQuarks4s component
CVE-2010-4637 (Cross-site scripting (XSS) vulnerability in feedlist/handler_image.php ...)
	NOT-FOR-US: FeedList
CVE-2010-4636 (SQL injection vulnerability in detail.asp in Site2Nite Business ...)
	NOT-FOR-US: Site2Nite
CVE-2010-4635 (SQL injection vulnerability in detail.asp in Site2Nite Vacation Rental ...)
	NOT-FOR-US: Site2Nite
CVE-2010-4634 (** DISPUTED ** ...)
	NOT-FOR-US: osTicket
CVE-2010-4633 (SQL injection vulnerability in cart.php in digiSHOP 2.0.2 allows ...)
	NOT-FOR-US: digiSHOP
CVE-2010-4632 (Multiple SQL injection vulnerabilities in ASPilot Pilot Cart 7.3 allow ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4631 (Multiple cross-site scripting (XSS) vulnerabilities in ASPilot Pilot ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2010-4630 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WordPress Survey and Quiz Tool plugin
CVE-2010-4629 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly restrict ...)
	NOT-FOR-US: MyBB
CVE-2010-4628 (member.php in MyBB (aka MyBulletinBoard) before 1.4.12 makes a certain ...)
	NOT-FOR-US: MyBB
CVE-2010-4627 (Cross-site request forgery (CSRF) vulnerability in usercp2.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2010-4626 (The my_rand function in functions.php in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2010-4625 (MyBB (aka MyBulletinBoard) before 1.4.12 does not properly handle a ...)
	NOT-FOR-US: MyBB
CVE-2010-4624 (MyBB (aka MyBulletinBoard) before 1.4.12 allows remote authenticated ...)
	NOT-FOR-US: MyBB
CVE-2010-4623 (WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1 before ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2010-4622 (Directory traversal vulnerability in WebSEAL in IBM Tivoli Access ...)
	NOT-FOR-US: IBM Tivoli Access Manager
CVE-2010-4621
	RESERVED
CVE-2010-4620
	RESERVED
CVE-2010-4543 (Heap-based buffer overflow in the read_channel_data function in ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4542 (Stack-based buffer overflow in the gfig_read_parameter_gimp_rgb ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4541 (Stack-based buffer overflow in the loadit function in ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4540 (Stack-based buffer overflow in the load_preset_response function in ...)
	{DSA-2426-1}
	- gimp 2.6.11-2 (low; bug #608497)
CVE-2010-4619 (SQL injection vulnerability in profil.php in Mafya Oyun Scrpti (aka ...)
	NOT-FOR-US: Mafya Oyun Scrpti
CVE-2010-4618 (Cross-site scripting (XSS) vulnerability in the Algis Info ...)
	NOT-FOR-US: Algis Info for Joomla!
CVE-2010-4617 (Directory traversal vulnerability in the JotLoader (com_jotloader) ...)
	NOT-FOR-US: JotLoader for Joomla!
CVE-2010-4616 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ImpressCMS
CVE-2010-4615 (Multiple SQL injection vulnerabilities in Oto Galeri Sistemi 1.0 allow ...)
	NOT-FOR-US: Oto Galeri Sistemi
CVE-2010-4614 (SQL injection vulnerability in item.php in Ero Auktion 2010 allows ...)
	NOT-FOR-US: Ero Auktion
CVE-2010-4613 (Multiple directory traversal vulnerabilities in Hycus CMS 1.0.3 allow ...)
	NOT-FOR-US: Hycus CMS
CVE-2010-4612 (Multiple SQL injection vulnerabilities in index.php in Hycus CMS ...)
	NOT-FOR-US: Hycus CMS
CVE-2010-4611 (Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4610 (Cross-site scripting (XSS) vulnerability in index.php in Html-edit CMS ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4609 (SQL injection vulnerability in index.php in Html-edit CMS 3.1.8 allows ...)
	NOT-FOR-US: Html-edit CMS
CVE-2010-4608 (Habari 0.6.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Habari
CVE-2010-4607 (Multiple cross-site scripting (XSS) vulnerabilities in Habari 0.6.5, ...)
	NOT-FOR-US: Habari
CVE-2010-4606 (Unspecified vulnerability in the Space Management client in the ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4605 (Unspecified vulnerability in the backup-archive client in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4604 (Stack-based buffer overflow in the GeneratePassword function in dsmtca ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-4603 (IBM Rational ClearQuest 7.0.x before 7.0.1.11, 7.1.1.x before 7.1.1.4, ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4602 (The Web client in IBM Rational ClearQuest 7.1.1.x before 7.1.1.4 and ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4601 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest 7.0.x ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2010-4600 (Dojo Toolkit, as used in the Web client in IBM Rational ClearQuest ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2011-0280 (Multiple cross-site scripting (XSS) vulnerabilities in HP Power ...)
	NOT-FOR-US: HP Power Manager
CVE-2011-0279 (HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) ...)
	NOT-FOR-US: HP Multifunction Peripheral
CVE-2011-0278 (Unspecified vulnerability in HP Web Jetadmin 10.2 Service Release 3 ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2011-0277 (Cross-site request forgery (CSRF) vulnerability in HP Power Manager ...)
	NOT-FOR-US: HP Power Manager
CVE-2011-0276 (HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 ...)
	NOT-FOR-US: HP OpenView Performance Insight Server
CVE-2011-0275 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0274 (Cross-site scripting (XSS) vulnerability in HP Business Availability ...)
	NOT-FOR-US: HP Business Availability
CVE-2011-0273 (Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2011-0272 (Unspecified vulnerability in HP LoadRunner 9.52 allows remote ...)
	NOT-FOR-US: HP LoadRunner
CVE-2011-0271 (The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0270 (Format string vulnerability in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0269 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0268 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0267 (Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0266 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0265 (Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0264 (Stack-based buffer overflow in ovutil.dll in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0263 (Multiple stack-based buffer overflows in ovas.exe in the OVAS service ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0262 (Buffer overflow in the stringToSeconds function in ovutil.dll in ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0261 (Unspecified vulnerability in jovgraph.exe in jovgraph in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2011-0260 (The CoreProcesses component in Apple Mac OS X 10.7 before 10.7.2 does ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0259 (CoreFoundation, as used in Apple iTunes before 10.5, does not properly ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-0258 (Apple QuickTime before 7.7 on Windows allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0257 (Integer signedness error in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0256 (Integer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0255 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0254 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0253 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0252 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0251 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0250 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0249 (Heap-based buffer overflow in Apple QuickTime before 7.7 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0248 (Stack-based buffer overflow in the QuickTime ActiveX control in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0247 (Multiple stack-based buffer overflows in Apple QuickTime before 7.7 on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0246 (Heap-based buffer overflow in Apple QuickTime before 7.7 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0245 (Buffer overflow in Apple QuickTime before 7.7 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2011-0244 (WebKit in Apple Safari before 5.0.6 allows user-assisted remote ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0243
	RESERVED
CVE-2011-0242 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0241 (Heap-based buffer overflow in ImageIO in Apple Safari before 5.0.6 ...)
	NOT-FOR-US: Apple Safari
CVE-2011-0240 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0239
	RESERVED
CVE-2011-0238 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0237 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0236
	RESERVED
CVE-2011-0235 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0234 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0233 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0232 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0231 (CFNetwork in Apple Mac OS X before 10.7.2 does not properly follow an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0230 (Buffer overflow in the ATSFontDeactivate API in Apple Type Services ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0229 (Apple Type Services (ATS) in Apple Mac OS X through 10.6.8 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0228 (The Data Security component in Apple iOS before 4.2.10 and 4.3.x ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0227 (The queueing primitives in IOMobileFrameBuffer in Apple iOS before ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0226 (Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, ...)
	{DSA-2294-1}
	- freetype 2.4.6-1 (bug #635871)
CVE-2011-0225 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0224 (CoreMedia in Apple Mac OS X through 10.6.8 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0223 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0222 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0221 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0220
	RESERVED
CVE-2011-0219 (Apple Safari before 5.0.6 allows remote attackers to bypass the Same ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0218 (WebKit, as used in Apple Safari before 5.0.6, allows remote attackers ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0217 (Apple Safari before 5.0.6 provides AutoFill information to scripts ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0216 (Off-by-one error in libxml in Apple Safari before 5.0.6 allows remote ...)
	{DSA-2394-1}
	- libxml2 2.7.8.dfsg-5.1 (bug #652352)
CVE-2011-0215 (ImageIO in Apple Safari before 5.0.6 on Windows does not properly ...)
	NOT-FOR-US: ImageIO in Apple Safari
CVE-2011-0214 (CFNetwork in Apple Safari before 5.0.6 on Windows does not properly ...)
	NOT-FOR-US: CFNetwork in Apple Safari
CVE-2011-0213 (Buffer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows ...)
	NOT-FOR-US: QuickTime in Apple Mac OS
CVE-2011-0212 (servermgrd in Apple Mac OS X before 10.6.8 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0211 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0210 (QuickTime in Apple Mac OS X before 10.6.8 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0209 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.8 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0208 (QuickLook in Apple Mac OS X 10.6 before 10.6.8 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0207 (The MobileMe component in Apple Mac OS X before 10.6.8 uses a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0206 (Buffer overflow in International Components for Unicode (ICU) in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0205 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0204 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0203 (Absolute path traversal vulnerability in xftpd in the FTP Server ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0202 (Integer overflow in CoreGraphics in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0201 (Off-by-one error in the CoreFoundation framework in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0200 (Integer overflow in ColorSync in Apple Mac OS X before 10.6.8 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0199 (The Certificate Trust Policy component in Apple Mac OS X before 10.6.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0198 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0197 (App Store in Apple Mac OS X before 10.6.8 creates a log entry ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0196 (AirPort in Apple Mac OS X 10.5.8 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0195 (The generate-id XPath function in libxslt in Apple iOS 4.3.x before ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0194 (Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0193 (Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0192 (Buffer overflow in Fax4Decode in LibTIFF 3.9.4 and possibly other ...)
	{DSA-2210-1}
	- tiff 3.9.4-7
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2011-0191 (Buffer overflow in LibTIFF 3.9.4 and possibly other versions, as used ...)
	{DSA-2210-1}
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed before initial upload)
	NOTE: This might've been fixed earlier even
CVE-2011-0190 (Install Helper in Installer in Apple Mac OS X before 10.6.7 does not ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0189 (The default configuration of Terminal in Apple Mac OS X 10.6 before ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0188 (The VpMemAlloc function in bigdecimal.c in the BigDecimal class in ...)
	{DLA-235-1 DLA-88-1}
	- ruby1.8 1.8.7.352-1 (bug #628452)
	- ruby1.9 <removed> (bug #628451)
	- ruby1.9.1 1.9.2.290-1 (bug #628450)
CVE-2011-0187 (The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0186 (QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0185 (Format string vulnerability in the debug-logging feature in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2011-0184 (QuickLook in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0183 (Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0182 (The i386_set_ldt system call in the kernel in Apple Mac OS X before ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0181 (Integer overflow in ImageIO in Apple Mac OS X before 10.6.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0180 (Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0179 (CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0178 (The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0177 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0176 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0175 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0174 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0173 (Multiple format string vulnerabilities in AppleScript in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0172 (AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2011-0171
	RESERVED
CVE-2011-0170 (Heap-based buffer overflow in ImageIO in CoreGraphics in Apple iTunes ...)
	NOT-FOR-US: Apple iTunes
CVE-2011-0169 (WebKit in Apple Safari before 5.0.4, when the Web Inspector is used, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0168 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0167 (The windows functionality in WebKit in Apple Safari before 5.0.4 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0166 (The HTML5 drag and drop functionality in WebKit in Apple Safari before ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0165 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0164 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0163 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0162 (Wi-Fi in Apple iOS before 4.3 and Apple TV before 4.2 does not ...)
	NOT-FOR-US: Apple iOS
CVE-2011-0161 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0160 (WebKit, as used in Apple Safari before 5.0.4 and iOS before 4.3, does ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0159 (The Safari Settings feature in Safari in Apple iOS 4.x before 4.3 does ...)
	NOT-FOR-US: Safari in Apple iOS
CVE-2011-0158 (MobileSafari in Apple iOS before 4.3 does not properly implement ...)
	NOT-FOR-US: MobileSafari in Apple iOS
CVE-2011-0157 (WebKit, as used in Apple iOS before 4.3, allows remote attackers to ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0156 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0155 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0154 (WebKit, as used in Apple iTunes before 10.2 on Windows and Apple iOS, ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0153 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0152 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0151 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0150 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0149 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0148 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0147 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0146 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0145 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0144 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0143 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0142 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0141 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0140 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0139 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0138 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0137 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0136 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0135 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0134 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0133 (WebKit, as used in Apple iTunes before 10.2 on Windows, does not ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0132 (Use-after-free vulnerability in the Runin box functionality in the ...)
	NOT-FOR-US: Apple
CVE-2011-0131 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0130 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0129 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0128 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0127 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0126 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0125 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0124 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0123 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0122 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0121 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0120 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0119 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0118 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0117 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0116 (Use-after-free vulnerability in the setOuterText method in the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0115 (The DOM level 2 implementation in WebKit, as used in Apple iTunes ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0114 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0113 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0112 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2011-0111 (WebKit, as used in Apple iTunes before 10.2 on Windows, allows ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-4599 (Untrusted search path vulnerability in Ecava IntegraXor 3.6.4000.0 ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4598 (Directory traversal vulnerability in Ecava IntegraXor 3.6.4000.0 and ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4597 (Stack-based buffer overflow in the save method in the ...)
	NOT-FOR-US: Ecava IntegraXor
CVE-2010-4596 (Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2010-4595 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4594 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4, when ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4593 (The Connection Manager in IBM Lotus Mobile Connect before 6.1.4 does ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4592 (The Mobile Network Connections functionality in the Connection Manager ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4591 (The Connection Manager in IBM Lotus Mobile Connect (LMC) before 6.1.4, ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4590 (Cross-site scripting (XSS) vulnerability in HTTP Access Services ...)
	NOT-FOR-US: IBM Lotus Mobile Connect
CVE-2010-4589 (Cross-site scripting (XSS) vulnerability in IBM ENOVIA 6 allows remote ...)
	NOT-FOR-US: IBM ENOVIA 6
CVE-2010-4588 (The WBEMSingleView.ocx ActiveX control 1.50.1131.0 in Microsoft WMI ...)
	NOT-FOR-US: Microsoft
CVE-2011-0110
	REJECTED
CVE-2011-0109
	REJECTED
CVE-2011-0108
	REJECTED
CVE-2011-0107 (Untrusted search path vulnerability in Microsoft Office XP SP3, Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2011-0106
	REJECTED
CVE-2011-0105 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0104 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0103 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0102
	REJECTED
CVE-2011-0101 (Microsoft Excel 2002 SP3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0100
	REJECTED
CVE-2011-0099
	REJECTED
CVE-2011-0098 (Integer signedness error in Microsoft Excel 2002 SP3, 2003 SP3, 2007 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0097 (Integer underflow in Microsoft Excel 2002 SP3, 2003 SP3, 2007 SP2, and ...)
	NOT-FOR-US: Microsoft Excel
CVE-2011-0096 (The MHTML protocol handler in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft mhtml
CVE-2011-0095
	REJECTED
CVE-2011-0094 (Use-after-free vulnerability in Microsoft Internet Explorer 6 and 7 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0093 (ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-0092 (The LZW stream decompression functionality in ORMELEMS.DLL in ...)
	NOT-FOR-US: Microsoft Visio
CVE-2011-0091 (Kerberos in Microsoft Windows Server 2008 R2 and Windows 7 does not ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0090 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0089 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0088 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0087 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0086 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0085 (Use-after-free vulnerability in the nsXULCommandDispatcher function in ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0084 (The SVGTextElement.getCharNumAtPosition function in Mozilla Firefox ...)
	{DSA-2297-1 DSA-2296-1 DSA-2295-1}
	- icedove 3.1.12-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.6)
	- iceweasel 6.0-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-5
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <not-affected> (Only affects Thunderbird 5)
CVE-2011-0083 (Use-after-free vulnerability in the nsSVGPathSegList::ReplaceItem ...)
	{DSA-2273-3 DSA-2269-1 DSA-2268-1}
	- iceweasel 3.5.19-3
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-12
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-3
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.11-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0082 (The X.509 certificate validation functionality in Mozilla Firefox ...)
	- xulrunner <removed> (unimportant)
	- iceweasel <removed> (unimportant; bug #627552)
	NOTE: Negligable impact
CVE-2011-0081 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0/3.6, not yet in unstable)
CVE-2011-0080 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0079 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0078 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0077 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0076 (Unspecified vulnerability in the Java Embedding Plugin (JEP) in ...)
	- xulrunner <not-affected> (Only affects MacOS X)
	- iceweasel <not-affected> (Only affects MacOS X)
CVE-2011-0075 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0074 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0073 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0072 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0071 (Directory traversal vulnerability in Mozilla Firefox before 3.5.19 and ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0070 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.10-1
	[lenny] - icedove <end-of-life>
CVE-2011-0068
	RESERVED
	- xulrunner <not-affected> (Only affects Firefox 4.0, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 4.0, not yet in unstable)
CVE-2011-0067 (Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0066 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.15-1+b1
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0065 (Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and ...)
	{DSA-2235-1 DSA-2228-1 DSA-2227-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.19-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.14-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.1.15-1+b1
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0064 (The hb_buffer_ensure function in hb-buffer.c in HarfBuzz, as used in ...)
	{DSA-2178-1}
	- pango1.0 1.28.3-2~sid1
	[wheezy] - pango1.0 1.28.3-1+squeeze2
	[lenny] - pango1.0 <not-affected> (introduced in code cleanup)
CVE-2011-0063 (The _list_file_get function in lib/Majordomo.pm in Majordomo 2 ...)
	NOT-FOR-US: Majordomo
CVE-2011-0062 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
CVE-2011-0061 (Buffer overflow in Mozilla Firefox 3.6.x before 3.6.14, Thunderbird ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, not yet in unstable)
	- iceweasel <not-affected> (Only affects Firefox 3.6, not yet in unstable)
CVE-2011-0060
	REJECTED
CVE-2011-0059 (Cross-site request forgery (CSRF) vulnerability in Mozilla Firefox ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0058 (Buffer overflow in Mozilla Firefox before 3.5.17 and 3.6.x before ...)
	- icedove <not-affected> (Windows-specific)
	- xulrunner <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
CVE-2011-0057 (Use-after-free vulnerability in the Web Workers implementation in ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0056 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0055 (Use-after-free vulnerability in the JSON.stringify method in ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0054 (Buffer overflow in the JavaScript engine in Mozilla Firefox before ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2011-0053 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0052
	RESERVED
CVE-2011-0051 (Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, and SeaMonkey ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2011-0050 (Cross-site scripting (XSS) vulnerability in the nonjs interface ...)
	{DSA-2158-1}
	- cgiirc 0.5.9-3.1 (bug #612671)
CVE-2011-0049 (Directory traversal vulnerability in the _list_file_get function in ...)
	NOT-FOR-US: Majordomo
CVE-2011-0048 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2011-0047 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.16.2 ...)
	- mediawiki 1:1.15.5-3 (low; bug #611787)
	[lenny] - mediawiki 1:1.12.0-2lenny8 (low; bug #611787)
	[squeeze] - mediawiki 1:1.15.5-2squeeze1 (low; bug #611787)
CVE-2011-0046 (Multiple cross-site request forgery (CSRF) vulnerabilities in Bugzilla ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4578 (Google Chrome before 8.0.552.224 and Chrome OS before 8.0.552.343 do ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-4
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/73432
CVE-2010-4577 (The CSSParser::parseFontFaceSrc function in WebCore/css/CSSParser.cpp ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-4
	- webkit 1.2.7-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=49883
	NOTE: http://code.google.com/p/chromium/issues/detail?id=63866
	NOTE: http://trac.webkit.org/changeset/72685
CVE-2010-4576 (browser/worker_host/message_port_dispatcher.cc in Google Chrome before ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607843; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=63529
CVE-2010-4575 (The ThemeInstalledInfoBarDelegate::Observe function in ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607846; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=60761
	NOTE: http://codereview.chromium.org/5326011/
CVE-2010-4574 (The Pickle::Pickle function in base/pickle.cc in Google Chrome before ...)
	- chromium-browser 6.0.472.63~r59945-4 (bug #607848; low)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=56449
	NOTE: http://codereview.chromium.org/4716006
CVE-2010-4573 (The Update Installer in VMware ESXi 4.1, when a modified sfcb.cfg is ...)
	NOT-FOR-US: VMware ESXi
CVE-2010-4572 (CRLF injection vulnerability in chart.cgi in Bugzilla before 3.2.10, ...)
	{DSA-2322-1}
	- bugzilla <removed>
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
	NOTE: perl and associate packages are CVE-2010-2761 and CVE-2010-4411 (see above reference)
CVE-2010-4571
	RESERVED
CVE-2010-4570 (Cross-site scripting (XSS) vulnerability in the duplicate-detection ...)
	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4569 (Cross-site scripting (XSS) vulnerability in Bugzilla 3.7.1, 3.7.2, ...)
	- bugzilla <not-affected> (vulnerable code introduced in 3.7)
CVE-2010-4568 (Bugzilla 2.14 through 2.22.7; 3.0.x, 3.1.x, and 3.2.x before 3.2.10; ...)
	{DSA-2322-1}
	- bugzilla <removed> (bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4567 (Bugzilla before 3.2.10, 3.4.x before 3.4.10, 3.6.x before 3.6.4, and ...)
	{DSA-2322-1}
	- bugzilla <removed> (high; bug #611176)
	[squeeze] - bugzilla 3.6.2.0-4.4
	NOTE: http://www.bugzilla.org/security/3.2.9/
CVE-2010-4566 (The web authentication form in the NT4 authentication component in ...)
	NOT-FOR-US: Citrix Acces Gateway
CVE-2010-4565 (The bcm_connect function in net/can/bcm.c (aka the Broadcast Manager) ...)
	{DSA-2153-1}
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4564
	RESERVED
CVE-2010-4563 (The Linux kernel, when using IPv6, allows remote attackers to ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: http://seclists.org/fulldisclosure/2011/Apr/254
CVE-2010-4562 (Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4561
	RESERVED
CVE-2010-4560
	REJECTED
CVE-2010-4559
	REJECTED
CVE-2010-4587 (Opera before 11.00 on Windows does not properly implement the Insecure ...)
	NOT-FOR-US: Opera
CVE-2010-4586 (The default configuration of Opera before 11.00 enables WebSockets ...)
	NOT-FOR-US: Opera
CVE-2010-4585 (Unspecified vulnerability in the auto-update functionality in Opera ...)
	NOT-FOR-US: Opera
CVE-2010-4584 (Opera before 11.00, when Opera Turbo is used, does not properly ...)
	NOT-FOR-US: Opera
CVE-2010-4583 (Opera before 11.00, when Opera Turbo is enabled, does not display a ...)
	NOT-FOR-US: Opera
CVE-2010-4582 (Opera before 11.00 does not properly handle security policies during ...)
	NOT-FOR-US: Opera
CVE-2010-4581 (Unspecified vulnerability in Opera before 11.00 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2010-4580 (Opera before 11.00 does not clear WAP WML form fields after manual ...)
	NOT-FOR-US: Opera
CVE-2010-4579 (Opera before 11.00 does not properly constrain dialogs to appear on ...)
	NOT-FOR-US: Opera
CVE-2010-XXXX [calibre XSS]
	- calibre 0.7.38+dfsg-1 (bug #608822)
	[squeeze] - calibre <not-affected> (Vulnerable code not present, see #608822)
	NOTE: http://www.waraxe.us/advisory-77.html
	NOTE: CVE ID requested
CVE-2010-XXXX [calibre file disclosure]
	- calibre 0.7.38+dfsg-1 (bug #608822)
	[squeeze] - calibre <not-affected> (Vulnerable code not present, see #608822)
	NOTE: http://www.waraxe.us/advisory-77.html
	NOTE: CVE ID requested
CVE-2010-XXXX [webkit info leak]
	- chromium-browser 26.0.1410.43-1 (low)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: this was fixed much earlier (webkit 1.2), but this was the version checked
	NOTE: http://em386.blogspot.com/2010/12/webkit-css-type-confusion.html
CVE-2010-4558 (phpMyFAQ 2.6.11 and 2.6.12, as distributed between December 4th and ...)
	NOT-FOR-US: phpMyFAQ
CVE-2010-4557 (Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch ...)
	NOT-FOR-US: Invensys Wonderware InBatch
CVE-2010-4556 (Stack-based buffer overflow in the SapThemeRepository ActiveX control ...)
	NOT-FOR-US: SAP NetWeaver Business Client
CVE-2010-4523 (Multiple stack-based buffer overflows in libopensc in OpenSC 0.11.13 ...)
	- opensc 0.11.13-1.1 (low; bug #607427)
	[lenny] - opensc 0.11.4-5+lenny1.1
CVE-2010-4555 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1 (low)
	NOTE: difficult to exploit
CVE-2010-4554 (functions/page_header.php in SquirrelMail 1.4.21 and earlier does not ...)
	{DSA-2291-1}
	- squirrelmail 2:1.4.22-1
CVE-2010-4553 (An unspecified Domino API in IBM Lotus Notes Traveler before 8.5.1.1 ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4552 (Memory leak in IBM Lotus Notes Traveler before 8.5.1.1 allows remote ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4551 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4550 (IBM Lotus Notes Traveler before 8.5.1.3 allows remote attackers to ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4549 (IBM Lotus Notes Traveler before 8.5.1.3 on the Nokia s60 device ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4548 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4547 (IBM Lotus Notes Traveler before 8.5.1.3, when a multidomain ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4546 (IBM Lotus Notes Traveler before 8.5.1.2 does not reject an attachment ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4545 (IBM Lotus Notes Traveler before 8.5.1.2 allows remote authenticated ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2010-4544 (Cross-site scripting (XSS) vulnerability in the servlet in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5036 (traveler.exe in IBM Lotus Notes Traveler before 8.0.1.3 CF1 allows ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5035 (The Nokia client in IBM Lotus Notes Traveler before 8.5.0.2 does not ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5034 (IBM Lotus Notes Traveler before 8.5.0.2 allows remote authenticated ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5033 (IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a &quot;* ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2009-5032 (The encrypted e-mail feature in IBM Lotus Notes Traveler before ...)
	NOT-FOR-US: IBM Lotus Notes Traveler
CVE-2011-0045 (The Trace Events functionality in the kernel in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0044
	REJECTED
CVE-2011-0043 (Kerberos in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0042 (SBE.dll in the Stream Buffer Engine in Windows Media Player and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0041 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0040 (The server in Microsoft Active Directory on Windows Server 2003 SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0039 (The Local Security Authority Subsystem Service (LSASS) in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0038 (Untrusted search path vulnerability in Microsoft Internet Explorer 8 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0037 (Microsoft Malware Protection Engine before 1.1.6603.0, as used in ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2011-0036 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0035 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2011-0034 (Stack-based buffer overflow in the OpenType Compact Font Format (aka ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0033 (The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0032 (Untrusted search path vulnerability in DirectShow in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0031 (The (1) JScript 5.8 and (2) VBScript 5.8 scripting engines in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0030 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0029 (Untrusted search path vulnerability in the client in Microsoft Remote ...)
	NOT-FOR-US: Microsoft
CVE-2011-0028 (WordPad in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does ...)
	NOT-FOR-US: Microsoft Windows
CVE-2011-0027 (Microsoft Data Access Components (MDAC) 2.8 SP1 and SP2, and Windows ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2011-0026 (Integer signedness error in the SQLConnectW function in an ODBC API ...)
	NOT-FOR-US: Microsoft Data Access Components
CVE-2010-XXXX [ircd-ratbox password disclosure during TLS handshake]
	- ircd-ratbox 3.0.6.dfsg-2
	[lenny] - ircd-ratbox <not-affected> (TLS support not yet activated)
CVE-2010-4539 (The walk function in repos.c in the mod_dav_svn module for the Apache ...)
	- subversion 1.6.12dfsg-4 (low; bug #608989)
	[lenny] - subversion <no-dsa> (Minor issue)
CVE-2010-4538 (Buffer overflow in the sect_enttec_dmx_da function in ...)
	{DSA-2144-1}
	- wireshark 1.2.11-6 (bug #608990)
CVE-2010-4537 (Unspecified vulnerability in CrawlTrack before 3.2.7, when a public ...)
	NOT-FOR-US: CrawlTrack
CVE-2010-4536 (Multiple cross-site scripting (XSS) vulnerabilities in KSES, as used ...)
	- wordpress 3.0.4+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
	- moodle <not-affected> (Moodle's version of KSES is not affected)
	- egroupware <not-affected> (Only uses a minor subset of KSES)
CVE-2010-4535 (The password reset functionality in django.contrib.auth in Django ...)
	- python-django 1.2.4-1
	[squeeze] - python-django 1.2.3-3
	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
CVE-2010-4534 (The administrative interface in django.contrib.admin in Django before ...)
	- python-django 1.2.4-1
	[squeeze] - python-django 1.2.3-3
	NOTE: http://www.djangoproject.com/weblog/2010/dec/22/security/
CVE-2010-4533 [offlineimap uses SSLv2]
	RESERVED
	- offlineimap 6.3.4-1 (low; bug #606962)
	NOTE: offlineimap uses the "ssl" standard lib in Python, marking the version of offlineimap in wheezy as fixed
	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4532 [no SSL cert validation]
	RESERVED
	- offlineimap 6.3.2~rc3-2 (low; bug #603450)
	[squeeze] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
	[lenny] - offlineimap <no-dsa> (Long-standing, documented behaviour, can be updated in spu if needed)
CVE-2010-4531 (Stack-based buffer overflow in the ATRDecodeAtr function in the ...)
	{DSA-2156-1}
	- pcsc-lite 1.5.5-4 (low; bug #607781)
CVE-2010-4530 (Signedness error in ccid_serial.c in libccid in the USB Chip/Smart ...)
	- ccid 1.3.11-2 (unimportant; bug #607780)
	NOTE: Theoretical attack
CVE-2011-XXXX [remote DoS when case of the characters of a nickname is modified]
	- bip 0.8.7-1
	[squeeze] - bip 0.8.2-1squeeze3
	[lenny] - bip <not-affected> (Vulnerable code not present)
CVE-2010-4529 (Integer underflow in the irda_getsockopt function in ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4528 (directconn.c in the MSN protocol plugin in libpurple 2.7.6 through ...)
	- pidgin 2.7.9-1 (bug #608331; medium)
	[squeeze] - pidgin <not-affected> (Vulnerable code not present)
	[lenny] - pidgin <not-affected> (Vulnerable code not present)
CVE-2010-4527 (The load_mixer_volumes function in sound/oss/soundcard.c in the OSS ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4526 (Race condition in the sctp_icmp_proto_unreachable function in ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4525 (Linux kernel 2.6.33 and 2.6.34.y does not initialize the ...)
	- linux-2.6 2.6.35-1
	[squeeze] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
	[lenny] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
	[wheezy] - linux-2.6 <not-affected> (Only affects 2.6.33/2.6.34)
CVE-2010-4524 (Cross-site scripting (XSS) vulnerability in lib/mhtxthtml.pl in ...)
	- mhonarc 2.6.18-1 (low; bug #607693)
	[squeeze] - mhonarc <no-dsa> (Minor issue)
CVE-2010-4522 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2010-4521 (Cross-site scripting (XSS) vulnerability in the Views module 6.x ...)
	- drupal6-mod-views 2.12-1
CVE-2010-4520 (Multiple cross-site scripting (XSS) vulnerabilities in the Views ...)
	- drupal6-mod-views 2.11-1
CVE-2010-4519 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	- drupal6-mod-views 2.11-1
CVE-2010-4518 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Safe Search plugin for WordPress
CVE-2010-4517 (SQL injection vulnerability in the JExtensions JE Auto (com_jeauto) ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4516 (Multiple cross-site scripting (XSS) vulnerabilities in the JXtended ...)
	NOT-FOR-US: Joomla!
CVE-2010-4515 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 5.0, ...)
	NOT-FOR-US: Citrix Web Interface
CVE-2010-4514 (Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx ...)
	NOT-FOR-US: DotNetNuke
CVE-2010-4513 (Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS ...)
	NOT-FOR-US: Zimplit CMS
CVE-2010-4512 (Cobbler before 2.0.4 uses an incorrect umask value, which allows local ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-4511 (Unspecified vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4509 (Multiple unspecified vulnerabilities in Movable Type 4.x before 4.35 ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2
CVE-2010-4508 (The WebSockets implementation in Mozilla Firefox 4 through 4.0 Beta 7 ...)
	- xulrunner <not-affected> (Only affects Firefox 4.x)
CVE-2009-5031 (ModSecurity before 2.5.11 treats request parameter values containing ...)
	- modsecurity-apache <not-affected> (Fixed before initial upload)
	- libapache-mod-security 2.5.12-1
	NOTE: https://www.modsecurity.org/fisheye/browse/modsecurity/m2/branches/2.5.x/apache2/msc_multipart.c?r2=1419&r1=1366
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/1
	NOTE: http://www.openwall.com/lists/oss-security/2012/06/22/2
CVE-2009-5030 (The tcd_free_encode function in tcd.c in OpenJPEG 1.3 through 1.5 ...)
	{DSA-2629-1}
	- openjpeg 1.3+dfsg-4.1 (medium; bug #672455)
	NOTE: Upstream ticket http://code.google.com/p/openjpeg/issues/detail?id=5
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=812317
CVE-2009-5029 (Integer overflow in the __tzfile_read function in glibc before 2.15 ...)
	- eglibc 2.13-24 (low; bug #656108)
	[squeeze] - eglibc 2.11.3-3
	- glibc 2.13-24
	NOTE: http://support.novell.com/security/cve/CVE-2009-5029.html
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=735850
CVE-2009-5028 (Stack-based buffer overflow in Namazu before 2.0.20 allows remote ...)
	- namazu2 2.0.20-1.0 (low)
CVE-2009-5027
	REJECTED
CVE-2009-5026 (The executable comment feature in MySQL 5.0.x before 5.0.93 and 5.1.x ...)
	- mysql-5.1 5.1.53-1
CVE-2009-5025 [PyForum XSS+CSRF]
	RESERVED
	NOT-FOR-US: PyForum
CVE-2009-5024 (ViewVC before 1.1.11 allows remote attackers to bypass the cvsdb ...)
	{DSA-2563-1}
	- viewvc 1.1.5-1.3 (bug #671482)
CVE-2009-5023 (The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, ...)
	- fail2ban 0.8.4+svn20110323-1 (low; bug #544232)
	[lenny] - fail2ban <no-dsa> (Minor issue)
	[squeeze] - fail2ban 0.8.4-3+squeeze1
CVE-2009-5022 (Heap-based buffer overflow in tif_ojpeg.c in the OJPEG decoder in ...)
	{DSA-2256-1}
	- tiff 3.9.5-1 (bug #624287)
	- tiff3 <not-affected> (fixed before initial upload)
	[lenny] - tiff <not-affected> (3.9+ only)
	NOTE: http://bugzilla.maptools.org/show_bug.cgi?id=1999
CVE-2009-5021 (Cobbler before 1.6.1 does not properly determine whether an ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-4507 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: iSpot/ClearSpot hardware devices
CVE-2010-4506 (Passlogix v-GO Self-Service Password Reset (SSPR) and OEM before 7.0A ...)
	NOT-FOR-US: Passlogix
CVE-2010-4505 (Multiple SQL injection vulnerabilities in login.php in Injader 2.4.4, ...)
	NOT-FOR-US: Injader
CVE-2010-4504 (Multiple cross-site scripting (XSS) vulnerabilities in eSyndiCat ...)
	NOT-FOR-US: eSyndiCat
CVE-2010-4503 (SQL injection vulnerability in indexlight.php in Aigaion 1.3.4 allows ...)
	NOT-FOR-US: Aigaion
CVE-2010-4502 (Integer overflow in KmxSbx.sys 6.2.0.22 in CA Internet Security Suite ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2010-4501
	REJECTED
CVE-2010-4500 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
	NOT-FOR-US: MRCGIGUY FreeTicket
CVE-2011-0025 (IcedTea 1.7 before 1.7.8, 1.8 before 1.8.5, and 1.9 before 1.9.5 does ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.5-1
	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
	[lenny] - openjdk-6 <no-dsa> (bug #614151)
CVE-2011-0024 (Heap-based buffer overflow in wiretap/pcapng.c in Wireshark before 1.2 ...)
	- wireshark 1.2-0-1
CVE-2011-0023
	RESERVED
CVE-2011-0022 (The setup scripts in 389 Directory Server 1.2.x (aka Red Hat Directory ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0522 (The StripTags function in (1) the USF decoder ...)
	- vlc 1.1.3-1squeeze2
	[lenny] - vlc 0.8.6.h-4+lenny3
CVE-2011-0021 (Multiple heap-based buffer overflows in cdg.c in the CDG decoder in ...)
	- vlc 1.1.3-1squeeze2
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=f9b664eac0e1a7bceed9d7b5854fd9fc351b4aab
CVE-2011-0020 (Heap-based buffer overflow in the pango_ft2_font_render_box_glyph ...)
	- pango1.0 1.28.3-1+squeeze1 (bug #610792)
CVE-2011-0019 (slapd (aka ns-slapd) in 389 Directory Server 1.2.7.5 (aka Red Hat ...)
	NOT-FOR-US: 389 LDAP server
CVE-2011-0018 (The email function in manage_sql.c in OpenVAS Manager 1.0.x through ...)
	NOT-FOR-US: OpenVAS Manager
CVE-2011-0017 (The open_log function in log.c in Exim 4.72 and earlier does not check ...)
	{DSA-2154-1}
	- exim4 4.72-4
CVE-2011-0016 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0015 (Tor before 0.2.1.29 and 0.2.2.x before 0.2.2.21-alpha does not ...)
	{DSA-2148-1}
	- tor 0.2.1.29-1
CVE-2011-0014 (ssl/t1_lib.c in OpenSSL 0.9.8h through 0.9.8q and 1.0.0 through 1.0.0c ...)
	{DSA-2162-1}
	- openssl 0.9.8o-5 (low)
	[lenny] - openssl <not-affected> (Only 0.9.8h through 0.9.8q are affected)
CVE-2011-0013 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML ...)
	{DSA-2160-1}
	- tomcat5.5 <removed> (low)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2011-0012 (The SPICE Firefox plug-in (spice-xpi) 2.4, 2.3, 2.2, and possibly ...)
	NOT-FOR-US: SPICE Firefox plug-in
CVE-2011-0011 (qemu-kvm before 0.11.0 disables VNC authentication when the password ...)
	{DSA-2230-1}
	- qemu-kvm 0.14.0+dfsg-1~tls (low; bug #611134)
	- kvm <not-affected> (Vulnerable code not present)
	NOTE: Harmless implementation bug, see discussion in #611134
CVE-2011-0010 (check.c in sudo 1.7.x before 1.7.4p5, when a Runas group is ...)
	- sudo 1.7.4p4-6 (bug #609641)
	[lenny] - sudo <not-affected> (Only affects 1.7.x)
	[squeeze] - sudo 1.7.4p4-2.squeeze.1
	NOTE: http://www.sudo.ws/sudo/alerts/runas_group_pw.html
CVE-2011-0009 (Best Practical Solutions RT 3.x before 3.8.9rc2 and 4.x before ...)
	{DSA-2150-1}
	- request-tracker3.8 3.8.8-7
CVE-2011-0008 (A certain Fedora patch for parse.c in sudo before 1.7.4p5-1.fc14 on ...)
	- sudo <not-affected> (Fedora-specific issue)
CVE-2011-0007 (pimd 2.1.5 and possibly earlier versions allows user-assisted local ...)
	{DSA-2147-1}
	- pimd 2.1.6-1 (unimportant; bug #609304)
	[squeeze] - pimd 2.1.1-1.1 (unimportant; bug #609304)
CVE-2011-0006 (The ima_lsm_rule_init function in security/integrity/ima/ima_policy.c ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2011-0005 (Cross-site scripting (XSS) vulnerability in the com_search module for ...)
	NOT-FOR-US: Joomla
CVE-2011-0004 (Multiple cross-site scripting (XSS) vulnerabilities in Piwik before ...)
	- piwik <itp> (bug #506933)
CVE-2011-0003 (MediaWiki before 1.16.1, when user or site JavaScript or CSS is ...)
	{DTSA-207-1}
	- mediawiki 1:1.15.5-2
	[lenny] - mediawiki 1:1.12.0-2lenny7
CVE-2011-0002 (libuser before 0.57 uses a cleartext password value of (1) !! or (2) x ...)
	- libuser 1:0.56.9.dfsg.1-1.1 (bug #610034)
CVE-2011-0001 (Double free vulnerability in the iscsi_rx_handler function ...)
	{DSA-2209-1}
	- tgt 1:1.0.4-3
CVE-2010-4499 (Session fixation vulnerability in Collaborative Information Manager ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4498 (Unspecified vulnerability in Collaborative Information Manager server, ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4497 (Cross-site scripting (XSS) vulnerability in Collaborative Information ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4496 (Multiple SQL injection vulnerabilities in Collaborative Information ...)
	NOT-FOR-US: TIBCO Collaborative Information Manager
CVE-2010-4495 (Unspecified vulnerability in the ActiveMatrix Runtime component in ...)
	NOT-FOR-US: TIBCO ActiveMatrix
CVE-2010-4494 (Double free vulnerability in libxml2 2.7.8 and other versions, as used ...)
	{DSA-2137-1}
	- libxml2 2.7.8.dfsg-2 (bug #607922)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (never embedded libxml2's xpath.c)
CVE-2010-4493 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-3
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/72013
CVE-2010-4492 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
	{DSA-2188-1}
	- chromium-browser 6.0.472.63~r59945-3
	- webkit 1.2.7-1
	NOTE: http://trac.webkit.org/changeset/71686
CVE-2010-4491 (Google Chrome before 8.0.552.215 does not properly restrict privileged ...)
	- chromium-browser 9.0.597.45~r70550-1
	[squeeze] - chromium-browser <not-affected>
	[wheezy] - chromium-browser <not-affected>
	- webkit <not-affected> (issue in chromium-specific webkit code)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=62168
	NOTE: http://trac.webkit.org/changeset/71533
CVE-2010-4490 (Google Chrome before 8.0.552.215 allows remote attackers to cause a ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (chromium specific issue)
CVE-2010-4489 (libvpx, as used in Google Chrome before 8.0.552.215 and possibly other ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	- libvpx 0.9.5-1 (bug #610510)
	[squeeze] - libvpx <not-affected> (regression in later version)
CVE-2010-4488 (Google Chrome before 8.0.552.215 does not properly handle HTTP proxy ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium issue)
	NOTE: only a browser crash
CVE-2010-4487 (Incomplete blacklist vulnerability in Google Chrome before 8.0.552.215 ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (chromium issue)
CVE-2010-4486 (Use-after-free vulnerability in Google Chrome before 8.0.552.215 ...)
	- chromium-browser 6.0.472.63~r59945-3
	- webkit <not-affected> (vulnerable code not present in 1.2)
	NOTE: http://trac.webkit.org/changeset/71170
CVE-2010-4485 (Google Chrome before 8.0.552.215 does not properly restrict the ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	NOTE: http://trac.webkit.org/changeset/69914
	NOTE: only a browser crash due to opening too many dialogs (i.e. a dos)
CVE-2010-4484 (Google Chrome before 8.0.552.215 does not properly handle HTML5 ...)
	- chromium-browser 9.0.597.83~r72435-1 (unimportant)
	[squeeze] - chromium-browser <not-affected>
	- webkit <not-affected> (chromium specific)
	NOTE: only a browser crash
CVE-2010-4483 (Google Chrome before 8.0.552.215 does not properly restrict read ...)
	- chromium-browser 6.0.472.63~r59945-3
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=46678
CVE-2010-4482 (Unspecified vulnerability in Google Chrome before 8.0.552.215 allows ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: unimportant, bypass the pop-up blocker
	NOTE: http://trac.webkit.org/changeset/69990
CVE-2010-4481 (phpMyAdmin before 3.4.0-beta1 allows remote attackers to bypass ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-3 (bug #608290)
	NOTE: enables phpinfo output; this is disabled by default and phpinfo on Debian
	NOTE: systems is by and large full of otherwise predictable information.
CVE-2010-4480 (error.php in PhpMyAdmin 3.3.8.1, and other versions before ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-3 (bug #608290)
CVE-2010-4510
	REJECTED
CVE-2010-4479 (Unspecified vulnerability in pdf.c in libclamav in ClamAV before ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4478 (OpenSSH 5.6 and earlier, when J-PAKE is enabled, does not properly ...)
	- openssh <not-affected> (J-PAKE not activated, see bug #606922)
CVE-2010-4477
	REJECTED
CVE-2010-4476 (The Double.parseDouble method in Java Runtime Environment (JRE) in ...)
	{DSA-2161-2 DSA-2161-1}
	- openjdk-6 6b18-1.8.7-1 (bug #612660)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
	- sun-java6 6.24-1
	NOTE: Patch http://mail.openjdk.java.net/pipermail/core-libs-dev/2011-February/005795.html
	NOTE: Oracle http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
	NOTE: Original report http://www.exploringbinary.com/java-hangs-when-converting-2-2250738585072012e-308/
CVE-2010-4475 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4474 (Unspecified vulnerability in the Java DB component in Oracle Java SE ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4473 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4472 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4471 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4470 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4469 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4468 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4467 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4466 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4465 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4464 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...)
	NOT-FOR-US: Oracle Convergence
CVE-2010-4463 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4462 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4461 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4460 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2010-4459 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-4458 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-4457 (Unspecified vulnerability in Oracle Solaris 11 Express allows remote ...)
	NOT-FOR-US: Solaris
CVE-2010-4456 (Unspecified vulnerability in Oracle Sun Java System Communications ...)
	NOT-FOR-US: Oracle Sun Java System Communications Express
CVE-2010-4455 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-4454 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4453 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic
CVE-2010-4452 (Unspecified vulnerability in the Deployment component in Java Runtime ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4451 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4450 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4449 (Unspecified vulnerability in the Audit Vault component in Oracle Audit ...)
	NOT-FOR-US: Oracle Audit
CVE-2010-4448 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	{DSA-2224-1}
	- sun-java6 6.24-1
	- openjdk-6 6b18-1.8.7-1 (bug #614033)
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4447 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4446 (Unspecified vulnerability in Oracle Solaris 11 Express allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-4445 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4444 (Unspecified vulnerability in Oracle Sun Java System Access Manager and ...)
	NOT-FOR-US: OpenSSO
CVE-2010-4443 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Solaris
CVE-2010-4442 (Unspecified vulnerability in Oracle Solaris 10 and 11 Express allows ...)
	NOT-FOR-US: Solaris
CVE-2010-4441 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4440 (Unspecified vulnerability in Oracle 10 and 11 Express allows local ...)
	NOT-FOR-US: Oracle Express
CVE-2010-4439 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4438 (Unspecified vulnerability in Oracle GlassFish 2.1, 2.1.1, and 3.0.1, ...)
	- glassfish <not-affected> (Only builds a few class libs)
CVE-2010-4437 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: WebLogic
CVE-2010-4436 (Unspecified vulnerability in Oracle Sun Management Center (SunMC) 4.0 ...)
	NOT-FOR-US: SunMC
CVE-2010-4435 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2010-4434 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4433 (Unspecified vulnerability in Oracle Solaris 10 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2010-4432 (Unspecified vulnerability in the Oracle Transportation Manager ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2010-4431 (Unspecified vulnerability in Oracle Sun Java System Portal Server 7.1 ...)
	NOT-FOR-US: Oracle Sun Java System Portal Server
CVE-2010-4430 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4429 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain
CVE-2010-4428 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4427 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle BI Publisher
CVE-2010-4426 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4425 (Unspecified vulnerability in the Oracle BI Publisher component in ...)
	NOT-FOR-US: Oracle BI Publisher
CVE-2010-4424 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4423 (Unspecified vulnerability in the Cluster Verify Utility component in ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4422 (Unspecified vulnerability in the Java Runtime Environment (JRE) in ...)
	- sun-java6 6.24-1
	[lenny] - sun-java6 <no-dsa> (non-free not supported)
	[squeeze] - sun-java6 <no-dsa> (non-free not supported)
CVE-2010-4421 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4420 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4419 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4418 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-4417 (Unspecified vulnerability in the Services for Beehive component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4416 (Unspecified vulnerability in the Oracle GoldenGate Veridata component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-4415 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-4414 (Unspecified vulnerability in Oracle VM VirtualBox 4.0 allows local ...)
	- virtualbox-ose <not-affected> (Support for extensions was added in 4.x, see #611925)
CVE-2010-4413 (Unspecified vulnerability in the Scheduler Agent component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2010-4412 (Multiple cross-site scripting (XSS) vulnerabilities in pfSense 2 beta ...)
	NOT-FOR-US: pfSense
CVE-2010-4411 (Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote ...)
	- perl 5.10.1-17 (bug #606995)
	[lenny] - perl 5.10.0-19lenny3
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
	- libcgi-pm-perl 3.51-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
CVE-2010-4410 (CRLF injection vulnerability in the header function in (1) CGI.pm ...)
	- perl 5.10.1-17 (bug #606995)
	[lenny] - perl 5.10.0-19lenny3
	- libcgi-pm-perl 3.50-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
CVE-2010-4408 (Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through ...)
	NOT-FOR-US: Apache archiva
CVE-2008-7270 (OpenSSL before 0.9.8j, when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is ...)
	- openssl 0.9.8k-1
	[lenny] - openssl 0.9.8g-15+lenny11
	NOTE: lenny was fixed as a side effect of the fix of CVE-2010-4180
	NOTE: which disabled the bug compatibility code
CVE-2010-4334 (The IO::Socket::SSL module 1.35 for Perl, when verify_mode is not ...)
	- libio-socket-ssl-perl 1.35-1 (bug #606058)
	[squeeze] - libio-socket-ssl-perl 1.33-1+squeeze1
	[lenny] - libio-socket-ssl-perl <not-affected> (Vulnerable code not present)
CVE-2010-4335 (The _validatePost function in libs/controller/components/security.php ...)
	- cakephp 1.3.2-1.1 (bug #606386)
	[lenny] - cakephp <not-affected>
	NOTE: https://github.com/cakephp/cakephp/commit/e431e86aa4301ced4273dc7919b59362cbb353cb
CVE-2010-4336 (The cu_rrd_create_file function (src/utils_rrdcreate.c) in collectd ...)
	{DSA-2133-1}
	- collectd 4.10.1-2.1 (bug #605092; low)
	[squeeze] - collectd 4.10.1-1+squeeze2
CVE-2010-4337 (The configure script in gnash 0.8.8 allows local users to overwrite ...)
	{DSA-2435-1}
	- gnash 0.8.8-8 (unimportant; bug #605419)
CVE-2006-7243 (PHP before 5.3.4 accepts the \0 character in a pathname, which might ...)
	- php5 5.3.3-6 (low)
	NOTE: old, known, issue -- partial protection by the suhosin extension
	NOTE: http://svn.php.net/viewvc?view=revision&revision=305507
CVE-2010-4409 (Integer overflow in the NumberFormatter::getSymbol (aka ...)
	- php5 5.3.3-6
	[lenny] - php5 <not-affected> (intl extension included since 5.3)
	NOTE: http://www.kb.cert.org/vuls/id/479900
CVE-2010-4407 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: AlGuest
CVE-2010-4406 (Directory traversal vulnerability in gallery.php in Brunetton ...)
	NOT-FOR-US: LittlePhpGallery
CVE-2010-4405 (Cross-site scripting (XSS) vulnerability in the Yannick Gaultier ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4404 (SQL injection vulnerability in the Yannick Gaultier sh404SEF component ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4403 (The Register Plus plugin 3.5.1 and earlier for WordPress allows remote ...)
	NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4402 (Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in ...)
	NOT-FOR-US: The Register Plus plugin for WordPress
CVE-2010-4401 (languages.inc.php in DynPG CMS 4.2.0 allows remote attackers to obtain ...)
	NOT-FOR-US: DynPG
CVE-2010-4400 (SQL injection vulnerability in _rights.php in DynPG CMS 4.2.0 allows ...)
	NOT-FOR-US: DynPG
CVE-2010-4399 (Directory traversal vulnerability in languages.inc.php in DynPG CMS ...)
	NOT-FOR-US: DynPG
CVE-2010-4398 (Stack-based buffer overflow in the RtlQueryRegistryValues function in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4397 (Integer overflow in the pnen3260.dll module in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4396 (Cross-zone scripting vulnerability in the HandleAction method in a ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4395 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4394 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4393 (Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4392 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4391 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4390 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4389 (Heap-based buffer overflow in the cook codec in RealNetworks ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4388 (The (1) Upsell.htm, (2) Main.html, and (3) Custsupport.html components ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4387 (The RealAudio codec in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4386 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4385 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4384 (Array index error in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4383 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4382 (Multiple heap-based buffer overflows in RealNetworks RealPlayer 11.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4381 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4380 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4379 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4378 (The drv2.dll (aka RV20 decompression) module in RealNetworks ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4377 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4376 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4375 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-4374 (The in_mkv plugin in Winamp before 5.6 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2010-4373 (The in_mp4 plugin in Winamp before 5.6 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2010-4372 (Integer overflow in the in_nsv plugin in Winamp before 5.6 allows ...)
	NOT-FOR-US: Winamp
CVE-2010-4371 (Buffer overflow in the in_mod plugin in Winamp before 5.6 allows ...)
	NOT-FOR-US: Winamp
CVE-2010-4370 (Multiple integer overflows in the in_midi plugin in Winamp before 5.6 ...)
	NOT-FOR-US: Winamp
CVE-2010-4369 (Directory traversal vulnerability in AWStats before 7.0 allows remote ...)
	- awstats 6.9.5~dfsg-5 (low; bug #606263)
	[lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2010-4368 (awstats.cgi in AWStats before 7.0 on Windows accepts a configdir ...)
	- awstats <not-affected> (Windows-specific issue)
	NOTE: looks like it's the same as CVE-2010-4367
CVE-2010-4367 (awstats.cgi in AWStats before 7.0 accepts a configdir parameter in the ...)
	- awstats 6.9.5~dfsg-5 (low; bug #606263)
	[lenny] - awstats 6.7.dfsg-5.1+lenny1
CVE-2009-5020 (Open redirect vulnerability in awredir.pl in AWStats before 6.95 ...)
	- awstats 6.9.5~dfsg-1 (unimportant)
CVE-2010-4338 (ocrodjvu 0.4.6-1 on Debian GNU/Linux allows local users to modify ...)
	- ocrodjvu 0.4.6-2 (low; bug #598134)
CVE-2010-4339 (Cross-site scripting (XSS) vulnerability in Hypermail 2.2.0 allows ...)
	- hypermail <removed> (low; bug #598743)
	[lenny] - hypermail <no-dsa> (Minor issue)
CVE-2010-4366 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Chameleon Social Networking
CVE-2010-4365 (SQL injection vulnerability in JE Ajax Event Calendar ...)
	NOT-FOR-US: Joomla! extension
CVE-2010-4364 (DaDaBIK 4.3 beta3, when running in a case-sensitive environment, does ...)
	NOT-FOR-US: DaDaBIK
CVE-2010-4363 (Multiple SQL injection vulnerabilities in contact.php in MRCGIGUY ...)
	NOT-FOR-US: FreeTicket
CVE-2010-4362 (Multiple SQL injection vulnerabilities in MicroNetsoft RV Dealer ...)
	NOT-FOR-US: MicroNetsoft RV Dealer
CVE-2010-4361 (Cross-site scripting (XSS) vulnerability in url-gateway.php in ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4360 (Multiple SQL injection vulnerabilities in index.php in Jurpopage 0.2.0 ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4359 (SQL injection vulnerability in index.php in Jurpopage 0.2.0 allows ...)
	NOT-FOR-US: Jurpopage
CVE-2010-4358 (Multiple cross-site scripting (XSS) vulnerabilities in gb.cgi in ...)
	NOT-FOR-US: MRCGIGUY (MCG) Guestbook
CVE-2010-4357 (SQL injection vulnerability in comments.php in SiteEngine 7.1 allows ...)
	NOT-FOR-US: SiteEngine
CVE-2010-4356 (SQL injection vulnerability in news_default.asp in Site2Nite Big Truck ...)
	NOT-FOR-US: Site2Nite Big Truck
CVE-2010-4355 (Cross-site scripting (XSS) vulnerability in DaDaBIK before 4.3 beta2, ...)
	NOT-FOR-US: DaDaBIK
CVE-2009-5019 (Web Wiz NewsPad stores sensitive information under the web root with ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-7269 (Open redirect vulnerability in api.php in SiteEngine 5.x allows ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7268 (The phpinfo function in SiteEngine 5.x allows remote attackers to ...)
	NOT-FOR-US: SiteEngine
CVE-2008-7267 (SQL injection vulnerability in announcements.php in SiteEngine 5.x ...)
	NOT-FOR-US: SiteEngine
CVE-2010-XXXX [elfsign uses cryptographically weak md5 hashes]
	- elfsign <removed> (low; bug #555668)
	[lenny] - elfsign <no-dsa> (a stronger hashing algorithm would completely change functionality of the package)
CVE-2010-4354 (The remote-access IPSec VPN implementation on Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-4353 (Unrestricted file upload vulnerability in ...)
	- gallery3 <itp> (bug #511715)
CVE-2010-4352 (Stack consumption vulnerability in D-Bus (aka DBus) before 1.4.1 ...)
	{DSA-2149-1}
	- dbus 1.2.24-4
CVE-2010-4351 (The JNLP SecurityManager in IcedTea (IcedTea.so) 1.7 before 1.7.7, 1.8 ...)
	{DSA-2224-1}
	- openjdk-6 6b18-1.8.4-1
	[squeeze] - openjdk-6 <no-dsa> (bug #614151)
	[lenny] - openjdk-6 <no-dsa> (bug #614151)
CVE-2010-4350 (Directory traversal vulnerability in admin/upgrade_unattended.php in ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4349 (admin/upgrade_unattended.php in MantisBT before 1.2.4 allows remote ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4348 (Cross-site scripting (XSS) vulnerability in ...)
	- mantis <not-affected> (admin dir procected in Apache config, see #607159)
CVE-2010-4347 (The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.33 and fixed in 2.6.36.2, we never released an affected kernel)
CVE-2010-4346 (The install_special_mapping function in mm/mmap.c in the Linux kernel ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4345 (Exim 4.72 and earlier allows local users to gain privileges by ...)
	{DSA-2154-1}
	- exim4 4.72-3 (bug #606527)
CVE-2010-4344 (Heap-based buffer overflow in the string_vformat function in string.c ...)
	{DSA-2131-1}
	- exim4 4.70-1 (bug #606612)
CVE-2010-4343 (drivers/scsi/bfa/bfa_core.c in the Linux kernel before 2.6.35 does not ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Driver introduced in 2.6.32)
CVE-2010-4342 (The aun_incoming function in net/econet/af_econet.c in the Linux ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4341 (The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in ...)
	- sssd 1.2.1-4.1 (bug #610032)
	[squeeze] - sssd 1.2.1-4+squeeze1
	[wheezy] - sssd 1.2.1-4+squeeze1
CVE-2010-4333 (Pointter PHP Micro-Blogging Social Network 1.8 allows remote attackers ...)
	NOT-FOR-US: Pointter PHP Micro-Blogging Social Network
CVE-2010-4332 (Pointter PHP Content Management System 1.0 allows remote attackers to ...)
	NOT-FOR-US: Pointter PHP Content Management System
CVE-2010-4331 (Multiple cross-site scripting (XSS) vulnerabilities in Seo Panel 2.2.0 ...)
	NOT-FOR-US: Seo Panel
CVE-2010-4330 (Directory traversal vulnerability in includes/controller.php in Pulse ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-4329 (Cross-site scripting (XSS) vulnerability in the PMA_linkOrButton ...)
	{DSA-2139-1}
	- phpmyadmin 4:3.3.7-2
CVE-2010-4328 (Multiple stack-based buffer overflows in opt/novell/iprint/bin/ipsmd ...)
	NOT-FOR-US: Novell iPrint LPD
CVE-2010-4327 (Unspecified vulnerability in the NCP service in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-4326 (Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent ...)
	NOT-FOR-US: Groupwise
CVE-2010-4325 (Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in ...)
	NOT-FOR-US: Groupwise
CVE-2010-4324 (Cross-site scripting (XSS) vulnerability in the Approval Form in the ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2010-4323 (Heap-based buffer overflow in novell-tftp.exe in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks
CVE-2010-4322 (Cross-site scripting (XSS) vulnerability in gwtTeaming.rpc in Novell ...)
	NOT-FOR-US: Novell Vibe
CVE-2010-4321 (Stack-based buffer overflow in an ActiveX control in ienipp.ocx in ...)
	NOT-FOR-US: Novell iPrint client
CVE-2010-4320
	RESERVED
CVE-2010-4319
	RESERVED
CVE-2010-4318
	RESERVED
CVE-2010-4317
	RESERVED
CVE-2010-4316
	RESERVED
CVE-2010-4315
	RESERVED
CVE-2010-4314 (Remote attackers can use the iPrint web-browser ActiveX plugin in ...)
	NOT-FOR-US: iPrint web-browser ActiveX plugin in Novell iPrint Client
CVE-2010-4313 (Unrestricted file upload vulnerability in fileman_file_upload.php in ...)
	NOT-FOR-US: Orbis CMS
CVE-2010-4312 (The default configuration of Apache Tomcat 6.x does not include the ...)
	- tomcat6 6.0.35-5 (unimportant; bug #608286)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-4311 (Free Simple Software 1.0 stores passwords in cleartext, which allows ...)
	NOT-FOR-US: Free Simple Software
CVE-2010-4310
	RESERVED
CVE-2010-4309 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4308 (Adobe Shockwave Player before 11.6.1.629 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4307 (Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4306 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4305 (Cisco Unified Videoconferencing (UVC) System 3545, 5110, 5115, and ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4304 (The web interface in Cisco Unified Videoconferencing (UVC) System ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4303 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4302 (/opt/rv/Versions/CurrentVersion/Mcu/Config/Mcu.val in Cisco Unified ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-4299 (Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 ...)
	NOT-FOR-US: Novell Zenworks
CVE-2010-4298 (SQL injection vulnerability in the download module in Free Simple ...)
	NOT-FOR-US: Free Simple Software
CVE-2010-4297 (The VMware Tools update functionality in VMware Workstation 6.5.x ...)
	NOT-FOR-US: VMware
CVE-2010-4296 (vmware-mount in VMware Workstation 7.x before 7.1.2 build 301548 on ...)
	NOT-FOR-US: VMware
CVE-2010-4295 (Race condition in the mounting process in vmware-mount in VMware ...)
	NOT-FOR-US: VMware
CVE-2010-4294 (The frame decompression functionality in the VMnc media codec in ...)
	NOT-FOR-US: VMware
CVE-2008-7266 (Cross-site scripting (XSS) vulnerability in an unspecified Shockwave ...)
	NOT-FOR-US: RSA Adaptive Authentication
CVE-2010-XXXX [directory traversal]
	- openacs 5.5.1+dfsg-2
	- dotlrn 2.5.0+dfsg-2
CVE-2010-XXXX [insecure python path handling]
	- pymca 4.4.1p1-1 (low; bug #605160)
	- opendnssec 1.1.3-2 (low; bug #605161)
	- pybliographer 1.2.14-3 (low; bug #605153)
	[squeeze] - pybliographer 1.2.12-4squeeze1
	- calendarserver 2.4.dfsg-2.1 (low; bug #605157)
	[lenny] - calendarserver <no-dsa> (Minor issue)
	- gquilt 0.22-1.1 (low; bug #605152)
	[lenny] - gquilt 0.20-2+lenny1
	- snappea 3.0d3-20 (low; bug #605151)
	[lenny] - snappea <no-dsa> (Minor issue)
	- dlr-languages 20090805+git.e6b28d27+dfsg-3 (low; bug #605158)
	[lenny] - ironpython <no-dsa> (Minor issue)
	- gnome-schedule 2.1.1-3.1 (low; bug #605169)
	[lenny] - gnome-schedule <no-dsa> (Minor issue)
	- gnumed-client 0.8.5-1 (low; bug #605159)
	[squeeze] - gnumed-client 0.7.10-1
	[lenny] - gnumed-client <no-dsa> (Minor issue)
	- distcc 3.1-3.2 (low; bug #605168)
	[lenny] - distcc <not-affected> (Vulnerable code not present)
	- mmass 3.8.0-2 (low; bug #605150)
	[squeeze] - mmass <not-affected> (Doesn't set PYTHONPATH)
	- guake 0.4.2-3 (low; bug #605163)
CVE-2010-4301 (epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in ...)
	- wireshark <not-affected> (Only affects >= 1.4)
CVE-2010-4300 (Heap-based buffer overflow in the dissect_ldss_transfer function ...)
	- wireshark 1.2.11-4
	[lenny] - wireshark <not-affected> (Only affects >= 1.2)
CVE-2010-4293
	REJECTED
CVE-2010-4292
	REJECTED
CVE-2010-4291
	REJECTED
CVE-2010-4290
	REJECTED
CVE-2010-4289
	REJECTED
CVE-2010-4288
	REJECTED
CVE-2010-4287
	REJECTED
CVE-2010-4286
	REJECTED
CVE-2010-4285
	REJECTED
CVE-2010-4284 (SQL injection vulnerability in the authentication form in the ...)
	NOT-FOR-US: Samsung Integrated Management System
CVE-2010-4283 (PHP remote file inclusion vulnerability in extras/pandora_diag.php in ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4282 (Multiple directory traversal vulnerabilities in Pandora FMS before ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4281 (Incomplete blacklist vulnerability in the safe_url_extraclean function ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4280 (Multiple SQL injection vulnerabilities in Pandora FMS before 3.1.1 ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4279 (The default configuration of Pandora FMS 3.1 and earlier specifies an ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4278 (operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows ...)
	NOT-FOR-US: Pandora FMS
CVE-2010-4277 (Cross-site scripting (XSS) vulnerability in lembedded-video.php in the ...)
	NOT-FOR-US: Embedded Video plugin 4.1 for WordPress
CVE-2010-4276 (Cross-site scripting (XSS) vulnerability in the lz_tracking_set_sessid ...)
	NOT-FOR-US: LiveZilla
CVE-2010-4275 (Multiple cross-site scripting (XSS) vulnerabilities in Radius Manager ...)
	NOT-FOR-US: Radius Manager
CVE-2010-4274 (reset_diragent_keys in the Common agent in IBM Systems Director 6.2.0 ...)
	NOT-FOR-US: IBM Systems Director
CVE-2010-4273 (SQL injection vulnerability in imoveis.php in DescargarVista ACC ...)
	NOT-FOR-US: DescargarVista ACC
CVE-2010-4272 (SQL injection vulnerability in the Pulse Infotech Sponsor Wall ...)
	NOT-FOR-US: Pulse Infotech Sponsor Wall
CVE-2010-4271 (SQL injection vulnerability in ImpressCMS before 1.2.3 RC2 allows ...)
	NOT-FOR-US: ImpressCMS
CVE-2010-4270 (Directory traversal vulnerability in the nBill (com_netinvoice) ...)
	NOT-FOR-US: Joomla addon
CVE-2010-4269 (SQL injection vulnerability in managechat.php in Collabtive 0.65 ...)
	NOT-FOR-US: Collabtive
CVE-2010-4268 (SQL injection vulnerability in the Pulse Infotech Flip Wall ...)
	NOT-FOR-US: Pulse Infotech
CVE-2010-4267 (Stack-based buffer overflow in the hpmud_get_pml function in ...)
	{DSA-2152-1}
	- hplip 3.10.6-2 (bug #610960)
CVE-2010-4266
	RESERVED
CVE-2010-4265 (The ...)
	- jbossas4 <not-affected> (Red Hat issue, they didn't include the fix for CVE-2010-3862 in the update)
CVE-2010-4264
	RESERVED
CVE-2010-4263 (The igb_receive_skb function in drivers/net/igb/igb_main.c in the ...)
	- linux-2.6 2.6.32-30
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4262 (Stack-based buffer overflow in Xfig 3.2.4 and 3.2.5 allows remote ...)
	- xfig 1:3.2.5.b-1.1 (bug #606257)
	NOTE: details and patch at https://bugzilla.redhat.com/659676
CVE-2010-4261 (Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (icon extractor not yet present)
	NOTE: Fixed in 1f3db7f074995bd4e1d0183b2db8b1c472d2f41b
CVE-2010-4260 (Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV ...)
	- clamav 0.96.5+dfsg-1
	[lenny] - clamav <not-affected> (Introduced in 3643f3d2b0a38fdc7bc6777d093c857b9760804e)
	NOTE: Fixed in 019f1955194360600ecf0644959ceca6734c2d7b
CVE-2010-4259 (Stack-based buffer overflow in FontForge 20100501 allows remote ...)
	{DSA-2253-1}
	- fontforge 0.0.20100501-4 (bug #605537)
CVE-2010-4258 (The do_exit function in kernel/exit.c in the Linux kernel before ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4257 (SQL injection vulnerability in the do_trackbacks function in ...)
	{DSA-2138-1}
	NOTE: http://core.trac.wordpress.org/changeset/16625
	- wordpress 3.0.2-1 (bug #605603)
CVE-2010-4256 (The pipe_fcntl function in fs/pipe.c in the Linux kernel before 2.6.37 ...)
	- linux-2.6 <not-affected> (introduced in 2.6.35; fixed in 2.6.37)
CVE-2010-4255 (The fixup_page_fault function in arch/x86/traps.c in Xen 4.0.1 and ...)
	- xen 4.0.1-2 (bug #609531)
CVE-2010-4254 (Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is ...)
	- moon <not-affected> (Debian's version of Moonlight is not affected, see #608288)
CVE-2010-4253 (Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-4252 (OpenSSL before 1.0.0c, when J-PAKE is enabled, does not properly ...)
	- openssl <not-affected> (configured with -DOPENSSL_NO_JPAKE; bug #606902)
	NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4251 (The socket implementation in net/core/sock.c in the Linux kernel ...)
	- linux-2.6 2.6.32-22
CVE-2010-4250 (Memory leak in the inotify_init1 function in ...)
	- linux-2.6 2.6.37-1
	[squeeze] - linux-2.6 <not-affected> (Introduced after 2.6.32)
	[lenny] - linux-2.6 <not-affected> (Introduced after 2.6.32)
	[wheezy] - linux-2.6 <not-affected> (Introduced after 2.6.32)
CVE-2010-4249 (The wait_for_unix_gc function in net/unix/garbage.c in the Linux ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4248 (Race condition in the __exit_signal function in kernel/exit.c in the ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4247 (The do_block_io_op function in (1) drivers/xen/blkback/blkback.c and ...)
	- linux-2.6 <not-affected> (changes included since introduction of dom0 support)
CVE-2010-4246 (Multiple cross-site scripting (XSS) vulnerabilities in graph.php in ...)
	NOT-FOR-US: pfSense
CVE-2010-4245
	RESERVED
	- pootle 2.0.5-0.3 (low; bug #604060)
	[lenny] - pootle <not-affected> (Vulnerable code not present)
CVE-2010-4244
	REJECTED
CVE-2010-4243 (fs/exec.c in the Linux kernel before 2.6.37 does not enable the OOM ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-30
CVE-2010-4242 (The hci_uart_tty_open function in the HCI UART driver ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-28
CVE-2010-4241
	RESERVED
	- tikiwiki <removed>
CVE-2010-4240
	RESERVED
	- tikiwiki <removed>
CVE-2010-4239
	RESERVED
	- tikiwiki <removed>
CVE-2010-4238 (The vbd_create function in Xen 3.1.2, when the Linux kernel 2.6.18 on ...)
	- linux-2.6 <not-affected> (RedHat-specific issue, does not affect Xen-upstream/Debian)
CVE-2010-4236 (Untrusted search path vulnerability in estaskwrapper in IBM OmniFind ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-4235 (Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2010-4234 (The web server on the Camtron CMNC-200 Full HD IP Camera and TecVoz ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4233 (The Linux installation on the Camtron CMNC-200 Full HD IP Camera and ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4232 (The web-based administration interface on the Camtron CMNC-200 Full HD ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4231 (Directory traversal vulnerability in the web-based administration ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4230 (Stack-based buffer overflow in a certain ActiveX control for the ...)
	NOT-FOR-US: Camtron, TecVoz
CVE-2010-4229 (Directory traversal vulnerability in an unspecified servlet in the ...)
	NOT-FOR-US: Novell ZENworks Configuration Management
CVE-2010-4228 (Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-4227 (The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before ...)
	NOT-FOR-US: Novell Netware
CVE-2010-4226 (cpio, as used in build 2007.05.10, 2010.07.28, and possibly other ...)
	NOT-FOR-US: OpenSuSE build services
	NOTE: This might qualify as a cpio hardening issue, but this CVE-ID is not about cpio itself.
CVE-2010-4225 (Unspecified vulnerability in the mod_mono module for XSP in Mono 2.8.x ...)
	- mono 2.6.7-5 (bug #608288)
CVE-2010-4224
	RESERVED
CVE-2010-4223
	RESERVED
CVE-2010-4222
	RESERVED
CVE-2009-5017 (Mozilla Firefox before 3.6 Beta 3 does not properly handle overlong ...)
	- xulrunner <undetermined>
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-5016 (Integer overflow in the xml_utf8_decode function in ext/xml/xml.c in ...)
	- php5 5.3.3-4
	[lenny] - php5 5.2.6.dfsg.1-1+lenny10
	[squeeze] - php5 5.3.3-7+squeeze1
	NOTE: Also fixed by debian/patches/CVE-2010-3870.patch
CVE-2010-4221 (Multiple stack-based buffer overflows in the pr_netio_telnet_gets ...)
	- proftpd-dfsg 1.3.3a-5 (bug #603511; bug #602279)
	[lenny] - proftpd-dfsg <not-affected> (Introduced in 1.3.2rc3)
CVE-2010-4220 (Cross-site scripting (XSS) vulnerability in the Integrated Solution ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-4219 (Cross-site scripting (XSS) vulnerability in SemanticTagService.js in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-4218 (Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown ...)
	NOT-FOR-US: IBM ENOVIA 6
CVE-2010-4217 (Use-after-free vulnerability in the proxy server in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4216 (IBM Tivoli Directory Server (TDS) 6.0.0.x before ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-4215 (UI/Manage.pm in Foswiki 1.1.0 and 1.1.1 allows remote authenticated ...)
	- foswiki <itp> (bug #509864)
CVE-2010-4214 (The Wells Fargo Mobile application 1.1 for Android stores a username ...)
	NOT-FOR-US: Wells Fargo Mobile for Android
CVE-2010-4213 (The Bank of America application 2.12 for Android stores a security ...)
	NOT-FOR-US: Bank of America application for Android
CVE-2010-4212 (The USAA application 3.0 for Android stores a mirror image of each ...)
	NOT-FOR-US: USAA application for Android
CVE-2010-4211 (The PayPal app before 3.0.1 for iOS does not verify that the server ...)
	NOT-FOR-US: PayPal app for iOS
CVE-2010-4210 (The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x ...)
	- kfreebsd-7 <unfixed>
	[lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
	- kfreebsd-8 8.1-1
	- kfreebsd-9 <not-affected> (fixed prior to first upload)
	- kfreebsd-10 <not-affected> (fixed prior to first upload)
CVE-2010-4209 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4208 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4207 (Cross-site scripting (XSS) vulnerability in the Flash component ...)
	- yui 2.8.2r1~squeeze-1 (bug #603513)
CVE-2010-4206 (Array index error in the FEBlend::apply function in ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/70652
CVE-2010-4205 (Google Chrome before 7.0.517.44 does not properly handle the data ...)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48159
	NOTE: http://trac.webkit.org/changeset/70550
CVE-2010-4204 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=48281
	NOTE: http://trac.webkit.org/changeset/70517
CVE-2010-4202 (Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux ...)
	- webkit <not-affected> (skia issue)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://code.google.com/p/skia/source/detail?r=606
	NOTE: http://code.google.com/p/skia/source/detail?r=607
CVE-2010-4201 (Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows ...)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=47522
CVE-2010-4200
	REJECTED
CVE-2010-4199 (Google Chrome before 7.0.517.44 does not properly perform a cast of an ...)
	{DSA-2188-1}
	- webkit 1.2.7-1
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/69936
CVE-2010-4198 (WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/69735
	NOTE: style fix change set: http://trac.webkit.org/changeset/69801
CVE-2010-4197 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-2
	NOTE: http://trac.webkit.org/changeset/70594
CVE-2010-4196 (The Shockwave 3d Asset module in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4195 (The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4194 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4193 (Adobe Shockwave Player before 11.5.9.620 does not properly validate ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4192 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4191 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4190 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4189 (The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4188 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4187 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4186 (SQL injection vulnerability in process.asp in OnlineTechTools Online ...)
	NOT-FOR-US: OnlineTechTools
CVE-2010-4185 (SQL injection vulnerability in index.php in Energine, possibly 2.3.8 ...)
	NOT-FOR-US: Energine
CVE-2010-4184 (NetSupport Manager (NSM) before 11.00.0005 sends HTTP headers with ...)
	NOT-FOR-US: NetSupport Manager
CVE-2010-4183 (Multiple cross-site scripting (XSS) vulnerabilities in HTML Purifier ...)
	- php-htmlpurifier 4.1.1+dfsg1-1
CVE-2010-4182 (Untrusted search path vulnerability in the Data Access Objects (DAO) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-4181 (Directory traversal vulnerability in Yaws 1.89 allows remote attackers ...)
	- yaws <not-affected> (Only affects Windows)
CVE-2010-4180 (OpenSSL before 0.9.8q, and 1.0.x before 1.0.0c, when ...)
	{DSA-2141-1}
	- openssl 0.9.8o-4
	NOTE: http://www.openssl.org/news/secadv/20101202.txt
CVE-2010-4179 (The installation documentation for Red Hat Enterprise Messaging, ...)
	NOT-FOR-US: RedHat documentation of MRG
CVE-2010-4178
	RESERVED
	- mysql-gui-tools <unfixed> (low; bug #605542)
	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
CVE-2010-4177
	RESERVED
	- mysql-gui-tools <unfixed> (low; bug #605542)
	[squeeze] - mysql-gui-tools <no-dsa> (Minor issue)
	[lenny] - mysql-gui-tools <no-dsa> (Minor issue)
CVE-2010-4176 (plymouth-pretrigger.sh in dracut and udev, when running on Fedora 13 ...)
	- dracut <not-affected> (vulnerable script not shipped)
	- udev <not-affected> (vulnerable script not shipped; fedora-specific issue)
CVE-2010-4175 (Integer overflow in the rds_cmsg_rdma_args function (net/rds/rdma.c) ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (RDS introduced in 2.6.30)
CVE-2010-4174
	REJECTED
CVE-2010-4173 (The default configuration of libsdp.conf in libsdp 1.1.104 and earlier ...)
	- libsdp 1.1.99-2.1 (bug #603841)
CVE-2010-4172 (Multiple cross-site scripting (XSS) vulnerabilities in the Manager ...)
	- tomcat6 6.0.28-9 (bug #606388)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-4171 (The staprun runtime tool in SystemTap 1.3 does not verify that a ...)
	{DSA-2348-1}
	- systemtap 1.2-3 (bug #603946)
CVE-2010-4170 (The staprun runtime tool in SystemTap 1.3 does not properly clear the ...)
	{DSA-2348-1}
	- systemtap 1.2-3 (bug #603946)
CVE-2010-4169 (Use-after-free vulnerability in mm/mprotect.c in the Linux kernel ...)
	- linux-2.6 2.6.32-29
	[lenny] - linux-2.6 <not-affected> (perf counters not yet present)
CVE-2010-4168 (Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 ...)
	- openttd 1.0.4-3 (bug #603752)
	[lenny] - openttd <not-affected> (Introduced in 1.0)
CVE-2010-4167 (Untrusted search path vulnerability in configure.c in ImageMagick ...)
	- imagemagick 8:6.6.0.4-3 (low; bug #601824)
	[lenny] - imagemagick 7:6.3.7.9.dfsg2-1~lenny4
CVE-2010-4166 (Multiple SQL injection vulnerabilities in Joomla! 1.5.x before 1.5.22 ...)
	NOT-FOR-US: Joomla
CVE-2010-4165 (The do_tcp_setsockopt function in net/ipv4/tcp.c in the Linux kernel ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.28)
CVE-2010-4164 (Multiple integer underflows in the x25_parse_facilities function in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-4163 (The blk_rq_map_user_iov function in block/blk-map.c in the Linux ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4162 (Multiple integer overflows in fs/bio.c in the Linux kernel before ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-4161 (The udp_queue_rcv_skb function in net/ipv4/udp.c in a certain Red Hat ...)
	- linux-2.6 2.6.28-1
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4159 (Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 ...)
	- mono 2.6.7-4 (bug #605097)
	[lenny] - mono <no-dsa> (Minor issue)
CVE-2010-4156 (The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through ...)
	- php5 5.3.3-4 (bug #603751)
	[lenny] - php5 <not-affected> (Only affects 5.3.x)
CVE-2010-4155 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.10 ...)
	NOT-FOR-US: eXV2 CMS
CVE-2010-4154 (Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager ...)
	NOT-FOR-US: Rhino Software, Inc. FTP Voyager
CVE-2010-4153 (Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably ...)
	NOT-FOR-US: CrossFTP
CVE-2010-4152 (SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, ...)
	NOT-FOR-US: 4site CMS
CVE-2010-4151 (SQL injection vulnerability in misc.php in DeluxeBB 1.3, and possibly ...)
	NOT-FOR-US: DeluxeBB
CVE-2010-4150 (Double free vulnerability in the imap_do_open function in the IMAP ...)
	{DSA-2195-1}
	- php5 5.3.3-7
CVE-2009-5015 (The URL dispatch mechanism in TurboGears2 (aka tg2) before 2.0.2 ...)
	- turbogears2 2.0.3-1
CVE-2009-5014 (The default quickstart configuration of TurboGears2 (aka tg2) before ...)
	- turbogears2 2.0.3-1
CVE-2008-7265 (The pr_data_xfer function in ProFTPD before 1.3.2rc3 allows remote ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.2-1 (low)
CVE-2010-4203 (WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google ...)
	- libvpx 0.9.1-2 (bug #602693)
CVE-2010-4160 (Multiple integer overflows in the (1) pppol2tp_sendmsg function in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4158 (The sk_run_filter function in net/core/filter.c in the Linux kernel ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4157 (Integer overflow in the ioc_general function in drivers/scsi/gdth.c in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28 (low)
CVE-2010-4149 (Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, ...)
	NOT-FOR-US: FreshWebMaster Fresh FTP
CVE-2010-4148 (Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly ...)
	NOT-FOR-US: AnyConnect
CVE-2010-4147 (Multiple SQL injection vulnerabilities in Pentasoft Avactis Shopping ...)
	NOT-FOR-US: Pentasoft Avactis Shopping Cart
CVE-2010-4146 (Cross-site scripting (XSS) vulnerability in Attachmate Reflection for ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2010-4145 (Kisisel Radyo Script stores sensitive information under the web root ...)
	NOT-FOR-US: Kisisel Radyo Script
CVE-2010-4144 (SQL injection vulnerability in radyo.asp in Kisisel Radyo Script ...)
	NOT-FOR-US: Kisisel Radyo Script
CVE-2010-4143 (SQL injection vulnerability in chart.php in phpCheckZ 1.1.0, when ...)
	NOT-FOR-US: phpCheckZ
CVE-2010-4142 (Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build ...)
	NOT-FOR-US: DATAC RealWin
CVE-2010-4141
	REJECTED
CVE-2010-4140
	REJECTED
CVE-2010-4139
	REJECTED
CVE-2010-4138
	REJECTED
CVE-2010-4137
	REJECTED
CVE-2010-4136
	REJECTED
CVE-2010-4135
	REJECTED
CVE-2010-4134
	REJECTED
CVE-2010-4133
	REJECTED
CVE-2010-4132
	REJECTED
CVE-2010-4131
	REJECTED
CVE-2010-4130
	REJECTED
CVE-2010-4129
	REJECTED
CVE-2010-4128
	REJECTED
CVE-2010-4127
	REJECTED
CVE-2010-4126
	REJECTED
CVE-2010-4125
	REJECTED
CVE-2010-4124
	REJECTED
CVE-2010-4123
	REJECTED
CVE-2010-4122
	REJECTED
CVE-2010-4121 (** DISPUTED ** The TCP-to-ODBC gateway in IBM Tivoli Provisioning ...)
	NOT-FOR-US: IBM Tivoli
CVE-2010-XXXX
	- weborf 0.12.4-1 (bug #601585)
CVE-2010-4120 (Multiple cross-site scripting (XSS) vulnerabilities in the TAM console ...)
	NOT-FOR-US: IBM Tivoli
CVE-2010-4119
	REJECTED
CVE-2010-4118
	REJECTED
CVE-2010-4117
	REJECTED
CVE-2010-4116 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2010-4115 (HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, ...)
	NOT-FOR-US: HP StorageWorks
CVE-2010-4114 (Cross-site scripting (XSS) vulnerability in HP Discovery &amp; Dependency ...)
	NOT-FOR-US: HP DDMI
CVE-2010-4113 (Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 ...)
	NOT-FOR-US: HP HPPM
CVE-2010-4112 (HP Insight Management Agents before 8.6 allows remote attackers to ...)
	NOT-FOR-US: HP Insight Management Agents
CVE-2010-4111 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2010-4110 (Unspecified vulnerability in HP OpenVMS 8.3, 8.3-1H1, and 8.4 on the ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-4109 (Cross-site scripting (XSS) vulnerability in the Contacts Application ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4108 (HP HP-UX B.11.11, B.11.23, and B.11.31 does not properly support ...)
	NOT-FOR-US: HP-UX
CVE-2010-4107 (The default configuration of the PJL Access value in the File System ...)
	NOT-FOR-US: HP LaserJet
CVE-2010-4106 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4105 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4104 (Unspecified vulnerability in HP Insight Orchestration before 6.2 ...)
	NOT-FOR-US: HP Insight Orchestration
CVE-2010-4103 (Unspecified vulnerability in HP Insight Managed System Setup Wizard ...)
	NOT-FOR-US: HP Insight Managed System Setup Wizard
CVE-2010-4102 (Unspecified vulnerability in HP Insight Recovery before 6.2 allows ...)
	NOT-FOR-US: HP Insight Recovery
CVE-2010-4101 (Cross-site scripting (XSS) vulnerability in HP Insight Recovery before ...)
	NOT-FOR-US: HP Insight Recovery
CVE-2010-4100 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4099 (ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is ...)
	NOT-FOR-US: NitroSecurity NitroView
CVE-2010-4098 (monotone before 0.48.1, when configured to allow remote commands, ...)
	- monotone 0.48-3
	[lenny] - monotone <not-affected> (Vulnerable feature introduced in 0.46)
CVE-2010-4097 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Aardvark Topsites PHP
CVE-2010-4095 (Directory traversal vulnerability in the FTP client in Serengeti ...)
	NOT-FOR-US: Serengeti Systems Incorporated Robo-FTP 3.7.3
CVE-2010-4094 (The Tomcat server in IBM Rational Quality Manager and Rational Test ...)
	NOT-FOR-US: IBM Rational Quality Manager
CVE-2010-4093 (Adobe Shockwave Player before 11.5.9.620 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4092 (Use-after-free vulnerability in an unspecified compatibility component ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4091 (The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2010-4090 (Adobe Shockwave Player before 11.5.9.615 allows attackers to execute ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4089 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4088 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4087 (IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4086 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4085 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4084 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-4083 (The copy_semid_to_user function in ipc/sem.c in the Linux kernel ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4082 (The viafb_ioctl_get_viafb_info function in drivers/video/via/ioctl.c ...)
	- linux-2.6 2.6.32-24 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-4081 (The snd_hdspm_hwdep_ioctl function in sound/pci/rme9652/hdspm.c in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4080 (The snd_hdsp_hwdep_ioctl function in sound/pci/rme9652/hdsp.c in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27 (low)
CVE-2010-4079 (The ivtvfb_ioctl function in drivers/media/video/ivtv/ivtvfb.c in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4078 (The sisfb_ioctl function in drivers/video/sis/sis_main.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24 (low)
CVE-2010-4077 (The ntty_ioctl_tiocgicount function in drivers/char/nozomi.c in the ...)
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4076 (The rs_ioctl function in drivers/char/amiserial.c in the Linux kernel ...)
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4075 (The uart_get_count function in drivers/serial/serial_core.c in the ...)
	{DSA-2264-1}
	- linux-2.6 2.6.37-1 (low)
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
CVE-2010-4074 (The USB subsystem in the Linux kernel before 2.6.36-rc5 does not ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24 (low)
CVE-2010-4073 (The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4072 (The copy_shmid_to_user function in ipc/shm.c in the Linux kernel ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-4071 (Cross-site scripting (XSS) vulnerability in AgentTicketZoom in OTRS ...)
	- otrs2 2.4.9+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.4)
CVE-2010-4070 (Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper ...)
	NOT-FOR-US: portmap.exe
CVE-2010-4069 (Stack-based buffer overflow in IBM Informix Dynamic Server (IDS) 7.x ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4068 (Unspecified vulnerability in the Extension Manager in TYPO3 4.2.x ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-4096 (share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local ...)
	- monkeysphere 0.31-3 (bug #600304)
	NOTE: micah requested this CVE from mitre, issue has been fixed in debian already
CVE-2010-4067
	RESERVED
CVE-2010-4066
	RESERVED
CVE-2010-4065
	RESERVED
CVE-2010-4064
	RESERVED
CVE-2010-4063
	RESERVED
CVE-2010-4062
	RESERVED
CVE-2010-4061
	RESERVED
CVE-2010-4060
	RESERVED
CVE-2010-4059
	RESERVED
CVE-2010-4058
	RESERVED
CVE-2010-4057 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4056 (solid.exe in IBM solidDB 6.5.0.3 and earlier does not properly perform ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4055 (Stack consumption vulnerability in solid.exe in IBM solidDB 6.5.0.3 ...)
	NOT-FOR-US: IBM solidDB
CVE-2010-4054 (The gs_type2_interpret function in Ghostscript allows remote attackers ...)
	- ghostscript 8.71~dfsg-1 (unimportant)
	NOTE: Crash-only
CVE-2010-4053 (Stack-based buffer overflow in an unspecified logging function in ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2010-4052 (Stack consumption vulnerability in the regcomp implementation in the ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: Deficiency in the regexp engine of glibc, while there implementations which
	NOTE: process such expressions more efficiently, imposing a limit lies within
	NOTE: the application accepting it from user input
CVE-2010-4051 (The regcomp implementation in the GNU C Library (aka glibc or libc6) ...)
	- glibc <removed> (unimportant)
	- eglibc <unfixed> (unimportant)
	NOTE: Deficiency in the regexp engine of glibc, while there implementations which
	NOTE: process such expressions more efficiently, imposing a limit lies within
	NOTE: the application accepting it from user input
CVE-2010-XXXX [XSS vulnerability discovered -plugin-globalsearch]
	- fusionforge 5.0.2-3
CVE-2010-XXXX [insecure usage of temporary files in flash-kernel]
	- flash-kernel 2.33 (low)
	[lenny] - flash-kernel <no-dsa> (Minor issue)
CVE-2010-4050 (Opera before 10.63 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2010-4049 (Opera before 10.63 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2010-4048 (Opera before 10.63 allows user-assisted remote web servers to cause a ...)
	NOT-FOR-US: Opera
CVE-2010-4047 (Opera before 10.63 does not properly select the security context of ...)
	NOT-FOR-US: Opera
CVE-2010-4046 (Opera before 10.63 does not properly verify the origin of video ...)
	NOT-FOR-US: Opera
CVE-2010-4045 (Opera before 10.63 does not properly restrict web script in ...)
	NOT-FOR-US: Opera
CVE-2010-4044 (Opera before 10.63 does not ensure that the portion of a URL shown in ...)
	NOT-FOR-US: Opera
CVE-2010-4043 (Opera before 10.63 does not prevent interpretation of a cross-origin ...)
	NOT-FOR-US: Opera
CVE-2010-4042 (Google Chrome before 7.0.517.41 does not properly handle element maps, ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/68096
CVE-2010-4041 (The sandbox implementation in Google Chrome before 7.0.517.41 on Linux ...)
	- webkit <not-affected> (issue with chromium sandbox)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4040 (Google Chrome before 7.0.517.41 does not properly handle animated GIF ...)
	{DSA-2188-1}
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/68446
CVE-2010-4039 (Google Chrome before 7.0.517.41 on Linux does not properly set the ...)
	- webkit <not-affected> (chromium-specifc LD_LIBRARY_PATH issue)
	- chromium-browser <not-affected> (package uses its own startup script)
CVE-2010-4038 (The Web Sockets implementation in Google Chrome before 7.0.517.41 does ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 9.0.570
	[squeeze] - chromium-browser <not-affected> (websocket_experiment not enabled in v6)
	[wheezy] - chromium-browser <not-affected>
CVE-2010-4037 (Unspecified vulnerability in Google Chrome before 7.0.517.41 allows ...)
	- webkit <not-affected> (affected gesture code not present in 1.2.x)
	- chromium-browser <unfixed> (unimportant)
	NOTE: http://trac.webkit.org/changeset/67716
CVE-2010-4036 (Google Chrome before 7.0.517.41 does not properly handle the unloading ...)
	- webkit <not-affected> (chromium-specifc issue)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4035 (Google Chrome before 7.0.517.41 does not properly perform autofill ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4034 (Google Chrome before 7.0.517.41 does not properly handle forms, which ...)
	- webkit <not-affected> (issue in chromium code base)
	- chromium-browser 6.0.472.63~r59945-1
CVE-2010-4033 (Google Chrome before 7.0.517.41 does not properly implement the ...)
	- webkit <not-affected> (issue in gestures, which resides in the webkit codebase, but is only used by chromium right now)
	- chromium-browser 6.0.472.63~r59945-1
	NOTE: http://trac.webkit.org/changeset/63786
	NOTE: http://trac.webkit.org/changeset/67240
CVE-2010-4032 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4031 (Unspecified vulnerability in HP Insight Control Performance Management ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4030 (Cross-site scripting (XSS) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight Control Performance Management
CVE-2010-4029 (Unspecified vulnerability in HP Storage Essentials before 6.3.0, when ...)
	NOT-FOR-US: HP Storage Essentials
CVE-2010-4028 (Unspecified vulnerability in LoadRunner Web Tours 9.10 in HP ...)
	NOT-FOR-US: HP LoadRunner
CVE-2010-4027 (Unspecified vulnerability in the camera application in HP Palm webOS ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4026 (Unspecified vulnerability in the service API in HP Palm webOS 1.4.1 ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4025 (Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows ...)
	NOT-FOR-US: HP Palm webOS
CVE-2010-4024 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight Control Power Management
CVE-2010-4023 (Cross-site scripting (XSS) vulnerability in HP Insight Control Power ...)
	NOT-FOR-US: HP Insight Control Power Management
CVE-2010-4022 (The do_standalone function in the MIT krb5 KDC database propagation ...)
	- krb5 1.8.3+dfsg-5 (low)
	[squeeze] - krb5 1.8.3+dfsg-4squeeze1
	[lenny] - krb5 <not-affected> (Only affects 1.7.x onwards)
	[etch] - krb5 <not-affected> (Only affects 1.7.x onwards)
CVE-2010-4021 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 ...)
	- krb5 1.8+dfsg~alpha1-1
	[lenny] - krb5 <not-affected> (Only affects 1.7.x)
CVE-2010-4020 (MIT Kerberos 5 (aka krb5) 1.8.x through 1.8.3 does not reject RC4 ...)
	- krb5 1.8.3+dfsg-3 (bug #605553)
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.8)
CVE-2010-4019
	RESERVED
CVE-2010-4018
	RESERVED
CVE-2010-4017
	RESERVED
CVE-2010-4016
	RESERVED
CVE-2010-4015 (Buffer overflow in the gettoken function in ...)
	{DSA-2157-1}
	- postgresql-9.0 9.0.3-1
	- postgresql-8.4 8.4.7-1
	- postgresql-8.3 <removed>
CVE-2010-4014
	RESERVED
CVE-2010-4013 (Format string vulnerability in PackageKit in Apple Mac OS X 10.6.x ...)
	NOT-FOR-US: This is not the PackageKit distributed by Debian, but a different code base
CVE-2010-4012 (Race condition in Apple iOS 4.0 through 4.1 for iPhone 3G and later ...)
	NOT-FOR-US: Apple iOS
CVE-2010-4011 (Dovecot in Apple Mac OS X 10.6.5 10H574 does not properly manage ...)
	- dovecot <not-affected> (HT4452 claims it is Apple-specific and doesn't affect the OSS version)
CVE-2010-4010 (Integer signedness error in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Type Services
CVE-2010-4009 (Integer overflow in Apple QuickTime before 7.6.9 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-4008 (libxml2 before 2.7.8, as used in Google Chrome before 7.0.517.44, ...)
	{DSA-2128-1}
	- libxml2 2.7.8.dfsg-1 (bug #602609)
CVE-2010-4007 (Oracle Mojarra uses an encrypted View State without a Message ...)
	- mojarra <not-affected> (Fixed before initial upload, in 2.0.1)
CVE-2010-4006 (Multiple SQL injection vulnerabilities in search.php in WSN Links ...)
	NOT-FOR-US: WSN Links
CVE-2010-4005 (The (1) tomboy and (2) tomboy-panel scripts in GNOME Tomboy 1.5.2 and ...)
	- tomboy 1.2.2-2 (low; bug #605096)
	[lenny] - tomboy <no-dsa> (Minor issue)
CVE-2010-4004
	RESERVED
CVE-2010-4003
	RESERVED
CVE-2010-4002
	RESERVED
CVE-2010-4001 (** DISPUTED ** GMXRC.bash in Gromacs 4.5.1 and earlier places a ...)
	NOTE: Not a security issue
CVE-2010-4000 (gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name ...)
	- gnome-shell 2.91.3-1 (bug #605098)
	[lenny] - gnome-shell <no-dsa> (Minor issue)
CVE-2010-3999 (gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length ...)
	- gnucash 2.2.9-10 (low; bug #603329)
	[lenny] - gnucash <no-dsa> (Minor issue)
CVE-2010-3998 (The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and ...)
	- banshee 1.6.1-1.1 (bug #605095)
	[lenny] - banshee <no-dsa> (Minor issue)
CVE-2010-3997
	RESERVED
CVE-2010-3996 (festival_server in Centre for Speech Technology Research (CSTR) ...)
	- festival <not-affected> (From Lenny onwards we don't include the server component)
CVE-2009-5013 (Memory leak in the on_dtp_close function in ftpserver.py in pyftpdlib ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5012 (ftpserver.py in pyftpdlib before 0.5.2 does not require the l ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5011 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...)
	- python-pyftpdlib 0.5.2-1
CVE-2009-5010 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7264 (The ftp_QUIT function in ftpserver.py in pyftpdlib before 0.5.0 allows ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7263 (ftpserver.py in pyftpdlib before 0.5.0 does not delay its response ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2008-7262 (Multiple directory traversal vulnerabilities in FTPServer.py in ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6741 (The ftp_PORT function in FTPServer.py in pyftpdlib before 0.2.0 does ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6740 (The ftp_STOU function in FTPServer.py in pyftpdlib before 0.2.0 does ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6739 (FTPServer.py in pyftpdlib before 0.2.0 allows remote attackers to ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6738 (pyftpdlib before 0.1.1 does not choose a random value for the port ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6737 (FTPServer.py in pyftpdlib before 0.2.0 does not increment the ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2007-6736 (Multiple directory traversal vulnerabilities in FTPServer.py in ...)
	- python-pyftpdlib <not-affected> (Fixed before initial upload to the archive)
CVE-2010-3995
	RESERVED
CVE-2010-3994 (Cross-site scripting (XSS) vulnerability in HP Version Control ...)
	NOT-FOR-US: HP VCRM
CVE-2010-3993 (Unspecified vulnerability in HP Insight Control Server Migration ...)
	NOT-FOR-US: HP Insight
CVE-2010-3992 (Unspecified vulnerability in HP Insight Control Server Migration ...)
	NOT-FOR-US: HP Insight
CVE-2010-3991 (Cross-site scripting (XSS) vulnerability in HP Insight Control Server ...)
	NOT-FOR-US: HP Insight
CVE-2010-3990 (Unspecified vulnerability in HP Virtual Server Environment before 6.2 ...)
	NOT-FOR-US: HP Virtual Server Environment
CVE-2010-3989 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight
CVE-2010-3988 (Unspecified vulnerability in HP Insight Control Virtual Machine ...)
	NOT-FOR-US: HP Insight
CVE-2010-3987 (Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual ...)
	NOT-FOR-US: HP Insight
CVE-2010-3986 (Unspecified vulnerability in HP Virtual Connect Enterprise Manager ...)
	NOT-FOR-US: HP VCEM
CVE-2010-3985 (Cross-site scripting (XSS) vulnerability in HP Operations ...)
	NOT-FOR-US: HP Operations Orchestration
CVE-2010-3984 (Buffer overflow in mng_core_com.dll in CA XOsoft Replication r12.0 SP1 ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-3983 (CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3982 (SAP BusinessObjects Enterprise XI 3.2 allows remote attackers to ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3981 (Cross-site scripting (XSS) vulnerability in SAP BusinessObjects ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3980 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 does not limit the ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3979 (Dswsbobje in SAP BusinessObjects Enterprise XI 3.2 generates different ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-3978 (Spree 0.11.x before 0.11.2 and 0.30.x before 0.30.0 exchanges data ...)
	NOT-FOR-US: Spree
CVE-2010-3977 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: cForm wordpress plugin
CVE-2010-3976 (Untrusted search path vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3975 (Untrusted search path vulnerability in Adobe Flash Player 9 allows ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3974 (fxscover.exe in the Fax Cover Page Editor in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3973 (The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in ...)
	NOT-FOR-US: Microsoft
CVE-2010-3972 (Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData ...)
	NOT-FOR-US: Microsoft Internet Information Services
CVE-2010-3971 (Use-after-free vulnerability in the CSharedStyleSheet::Notify function ...)
	NOT-FOR-US: Microsoft Internet Explorer 7 and 8
CVE-2010-3970 (Stack-based buffer overflow in the CreateSizedDIBSECTION function in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3969
	REJECTED
CVE-2010-3968
	REJECTED
CVE-2010-3967 (Untrusted search path vulnerability in Microsoft Windows Movie Maker ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3966 (Untrusted search path vulnerability in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3965 (Untrusted search path vulnerability in Windows Media Encoder 9 on ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3964 (Unrestricted file upload vulnerability in the Document Conversions ...)
	NOT-FOR-US: Microsoft Office SharePoint Server
CVE-2010-3963 (Buffer overflow in the Routing and Remote Access NDProxy component in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3962 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3961 (The Consent User Interface (UI) in Microsoft Windows Vista SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3960 (Hyper-V in Microsoft Windows Server 2008 Gold, SP2, and R2 allows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3959 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3958 (The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3957 (Double free vulnerability in the OpenType Font (OTF) driver in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3956 (The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3955 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-3954 (Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-3953
	REJECTED
CVE-2010-3952 (The FlashPix image converter in the graphics filters in Microsoft ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3951 (Buffer overflow in the FlashPix image converter in the graphics ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3950 (The TIFF image converter in the graphics filters in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3949 (Buffer overflow in the TIFF image converter in the graphics filters in ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3948
	REJECTED
CVE-2010-3947 (Heap-based buffer overflow in the TIFF image converter in the graphics ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3946 (Integer overflow in the PICT image converter in the graphics filters ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3945 (Buffer overflow in the CGM image converter in the graphics filters in ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3944 (win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3943 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3942 (win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3941 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3940 (Double free vulnerability in win32k.sys in the kernel-mode drivers in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3939 (Buffer overflow in win32k.sys in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3938
	REJECTED
CVE-2010-3937 (Microsoft Exchange Server 2007 SP2 on the x64 platform allows remote ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2010-3936 (Cross-site scripting (XSS) vulnerability in Signurl.asp in Microsoft ...)
	NOT-FOR-US: Forefront Unified Access Gateway
CVE-2010-3935
	REJECTED
CVE-2010-3934 (The browser in Research In Motion (RIM) BlackBerry Device Software ...)
	NOT-FOR-US: BlackBerry Device Software
CVE-2010-3933 (Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested ...)
	- rails <not-affected> (Only affects >= 2.3.9, which is not yet in the archive)
CVE-2010-3932
	REJECTED
CVE-2010-3931 (Cross-site scripting (XSS) vulnerability in multiple Rocomotion ...)
	NOT-FOR-US: Rocomotion
CVE-2010-3930 (Directory traversal vulnerability in MODx Evolution 1.0.4 and earlier ...)
	NOT-FOR-US: MODx
CVE-2010-3929 (SQL injection vulnerability in MODx Evolution 1.0.4 and earlier allows ...)
	NOT-FOR-US: MODx
CVE-2010-3928 (Ruby Version Manager (RVM) before 1.2.1 writes file contents to a ...)
	NOT-FOR-US: Ruby Version Manager
CVE-2010-3927 (Untrusted search path vulnerability in Lunascape before 6.4.0 allows ...)
	NOT-FOR-US: Lunascape
CVE-2010-3926 (Multiple cross-site scripting (XSS) vulnerabilities in Shop.cgi in ...)
	NOT-FOR-US: SGX-SP Final
CVE-2010-3925 (Contents-Mall before 15 does not properly handle passwords, which ...)
	NOT-FOR-US: Contents-Mall
CVE-2010-3924 (SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows ...)
	NOT-FOR-US: Aimluck Aipo
CVE-2010-3923 (Untrusted search path vulnerability in AttacheCase before 2.70 allows ...)
	NOT-FOR-US: AttacheCase
CVE-2010-3922 (SQL injection vulnerability in Movable Type 4.x before 4.35 and 5.x ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311)
CVE-2010-3921 (Cross-site scripting (XSS) vulnerability in Movable Type 4.x before ...)
	- movabletype-opensource 4.3.5+dfsg-1 (bug #606311)
	[lenny] - movabletype-opensource 4.2.3-1+lenny2 (bug #606311)
CVE-2010-3920 (The Seiko Epson printer driver installers for LP-S9000 before 4.1.11 ...)
	NOT-FOR-US: Seiko Epson printer driver
CVE-2010-3919 (Fenrir Grani 4.5 and earlier does not prevent interaction between web ...)
	NOT-FOR-US: Fenrir Grani
CVE-2010-3918 (Fenrir Sleipnir 2.9.6 and earlier does not prevent interaction between ...)
	NOT-FOR-US: Fenrir Sleipnir
CVE-2010-3917
	RESERVED
CVE-2010-3916 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3915 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-3914 (Untrusted search path vulnerability in VIM Development Group GVim ...)
	- vim <not-affected> (Windows-specific)
CVE-2010-3913 (CRLF injection vulnerability in TransWARE Active! mail 6 build ...)
	NOT-FOR-US: TransWARE Active! mail
CVE-2010-3912 (The supportconfig script in supportutils in SUSE Linux Enterprise 11 ...)
	NOT-FOR-US: SLES support scripts
CVE-2010-3911 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
	NOT-FOR-US: vTiger CRM
CVE-2010-3910 (Multiple directory traversal vulnerabilities in the ...)
	NOT-FOR-US: vTiger CRM
CVE-2010-3909 (Incomplete blacklist vulnerability in config.template.php in vtiger ...)
	NOT-FOR-US: vtiger CRM
CVE-2010-3908 (FFmpeg before 0.5.4, as used in MPlayer and other products, allows ...)
	{DSA-2306-1}
	- libav 4:0.6-1
	- ffmpeg 7:2.4.1-1
	- ffmpeg-debian <end-of-life>
CVE-2010-3907 (Multiple integer overflows in real.c in the Real demuxer plugin in ...)
	- vlc 1.1.3-1squeeze1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-3906 (Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier ...)
	- git-core <removed>
	[lenny] - git-core 1.5.6.5-3+lenny3.3
	- git 1:1.7.2.3-2.2
CVE-2010-3905 (The password reset feature in the administrator interface for ...)
	- eucalyptus <not-affected> (bug #608289) (It was once removed from archive, then re-added as 3.1.0)
CVE-2010-3904 (The rds_page_copy_user function in net/rds/page.c in the Reliable ...)
	- linux-2.6 2.6.32-26
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.30)
CVE-2010-3903 (Unspecified vulnerability in OpenConnect before 2.23 allows remote ...)
	- openconnect 2.25-0.1
CVE-2010-3902 (OpenConnect before 2.26 places the webvpn cookie value in the ...)
	- openconnect 3.02-1 (unimportant)
	NOTE: This is an additional safety net for careless users, not a vulnerability
CVE-2010-3901 (OpenConnect before 2.25 does not properly validate X.509 certificates, ...)
	- openconnect 2.25-0.1 (bug #590873)
CVE-2010-3900 (Midori before 0.2.5, when WebKitGTK+ before 1.1.14 or LibSoup before ...)
	- midori 0.2.7-1.1 (unimportant; bug #607497)
	NOTE: Current Midori SSL support is very limited
	NOTE: Midori should not be used if SSL support is important to you
CVE-2010-3899 (IBM OmniFind Enterprise Edition 8.x and 9.x performs web crawls with ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3898 (IBM OmniFind Enterprise Edition 8.x and 9.x does not properly restrict ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3897 (ESSearchApplication/palette.do in IBM OmniFind Enterprise Edition 8.x ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3896 (The ESSearchApplication directory tree in IBM OmniFind Enterprise ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3895 (esRunCommand in IBM OmniFind Enterprise Edition before 9.1 allows ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3894 (Stack-based buffer overflow in the ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3893 (The administrator interface in IBM OmniFind Enterprise Edition 8.x and ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3892 (Session fixation vulnerability in the login form in the administrator ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3891 (Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3890 (Cross-site scripting (XSS) vulnerability in IBM OmniFind Enterprise ...)
	NOT-FOR-US: IBM OmniFind Enterprise Edition
CVE-2010-3889 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3888 (Unspecified vulnerability in Microsoft Windows on 32-bit platforms ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3887 (The Limit Mail feature in the Parental Controls functionality in Mail ...)
	NOT-FOR-US: Apple Mail
CVE-2010-3886 (The CTimeoutEventList::InsertIntoTimeoutList function in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3885
	REJECTED
CVE-2010-3884 (Cross-site request forgery (CSRF) vulnerability in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3883 (Cross-site request forgery (CSRF) vulnerability in the Change Group ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3882 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-3881 (arch/x86/kvm/x86.c in the Linux kernel before 2.6.36.2 does not ...)
	- linux-2.6 2.6.32-29 (low)
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-3880 (net/ipv4/inet_diag.c in the Linux kernel before 2.6.37-rc2 does not ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3879 (FUSE, possibly 2.8.5 and earlier, allows local users to create mtab ...)
	- fuse 2.8.5-1 (bug #602333)
	[squeeze] - fuse <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3879
CVE-2010-3878 (Cross-site request forgery (CSRF) vulnerability in the JMX Console in ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3877 (The get_name function in net/tipc/socket.c in the Linux kernel before ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3876 (net/packet/af_packet.c in the Linux kernel before 2.6.37-rc2 does not ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3875 (The ax25_getname function in net/ax25/af_ax25.c in the Linux kernel ...)
	{DSA-2264-1 DSA-2240-1 DSA-2126-1}
	- linux-2.6 2.6.32-30 (low)
CVE-2010-3874 (Heap-based buffer overflow in the bcm_connect function in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-29 (low)
CVE-2010-3873 (The X.25 implementation in the Linux kernel before 2.6.36.2 does not ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28 (low)
CVE-2010-3872 (The fcgid_header_bucket_read function in fcgid_bucket.c in the ...)
	{DSA-2140-1}
	- libapache2-mod-fcgid 1:2.3.6-1 (bug #605484)
CVE-2010-3871 (Cross-site scripting (XSS) vulnerability in ...)
	- mahara <not-affected> (Vulnerable feature introduced in 1.3)
CVE-2010-3870 (The utf8_decode function in PHP before 5.3.4 does not properly handle ...)
	{DSA-2195-1}
	- php5 5.3.3-4 (bug #603751)
CVE-2010-3869 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2010-3868 (Red Hat Certificate System (RHCS) 7.3 and 8 and Dogtag Certificate ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2010-3867 (Multiple directory traversal vulnerabilities in the mod_site_misc ...)
	{DSA-2191-1}
	- proftpd-dfsg 1.3.3a-4
CVE-2010-3866
	REJECTED
CVE-2010-3865 (Integer overflow in the rds_rdma_pages function in net/rds/rdma.c in ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3864 (Multiple race conditions in ssl/t1_lib.c in OpenSSL 0.9.8f through ...)
	{DSA-2125-1}
	- openssl 0.9.8o-3
CVE-2010-3863 (Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize ...)
	- shiro <not-affected> (Fixed before the initial release in Debian)
CVE-2010-3862 (The ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3861 (The ethtool_get_rxnfc function in net/core/ethtool.c in the Linux ...)
	- linux-2.6 2.6.32-29
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3860 (IcedTea 1.7.x before 1.7.6, 1.8.x before 1.8.3, and 1.9.x before ...)
	- openjdk-6 6b18-1.8.3-1
CVE-2010-3859 (Multiple integer signedness errors in the TIPC implementation in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27
CVE-2010-3858 (The setup_arg_pages function in fs/exec.c in the Linux kernel before ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-27
CVE-2010-3857 [JBoss BRMS XSS via UUID parameter]
	RESERVED
	- jbossas4 <not-affected> (Vulnerable code not present)
	NOTE: JBoss 5 only; fixed in 5.1.0
CVE-2010-3856 (ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and ...)
	{DSA-2122-2 DSA-2122-1}
	- glibc 2.11.2-8
	- eglibc 2.11.2-8 (bug #600667)
CVE-2010-3855 (Buffer overflow in the ft_var_readpackedpoints function in ...)
	{DSA-2155-1}
	- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3854 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	- couchdb 1.1.0-1
	[squeeze] - couchdb <end-of-life> (Unsupported in squeeze-lts)
CVE-2010-3853 (pam_namespace.c in the pam_namespace module in Linux-PAM (aka pam) ...)
	- pam 1.1.3-1 (low; bug #608273)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
CVE-2010-3852 (The default configuration of Luci 0.22.4 and earlier in Red Hat Conga ...)
	NOT-FOR-US: Red Hat Conga
CVE-2010-3851 (libguestfs before 1.5.23, as used in virt-v2v, virt-inspector 1.5.3 ...)
	NOT-FOR-US: libguestfs
CVE-2010-3850 (The ec_dev_ioctl function in net/econet/af_econet.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3849 (The econet_sendmsg function in net/econet/af_econet.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3848 (Stack-based buffer overflow in the econet_sendmsg function in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-28
CVE-2010-3847 (elf/dl-load.c in ld.so in the GNU C Library (aka glibc or libc6) ...)
	{DSA-2122-2 DSA-2122-1}
	- eglibc 2.11.2-8 (bug #600667)
	- glibc 2.11.2-8
CVE-2010-3846 (Array index error in the apply_rcs_change function in rcs.c in CVS ...)
	- cvs <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-3852
CVE-2010-3844
	RESERVED
	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
	NOTE: Very far-fetched attack vector
CVE-2010-3843
	RESERVED
	- ettercap 1:0.7.4-1 (unimportant; bug #600130)
	NOTE: Very far-fetched attack vector
CVE-2010-3842 (Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, ...)
	- curl <not-affected> (Doesn't affect POSIX systems)
CVE-2010-3841 (Multiple cross-site scripting (XSS) vulnerabilities in lib/TWiki.pm in ...)
	NOT-FOR-US: TWiki
CVE-2009-5009 (Double free vulnerability in OpenConnect before 1.40 might allow ...)
	- openconnect 1.40-1
CVE-2009-5008 (Cisco Secure Desktop (CSD), when used in conjunction with an ...)
	NOT-FOR-US: isco Secure Desktop
CVE-2009-5007 (The Cisco trial client on Linux for Cisco AnyConnect SSL VPN allows ...)
	NOT-FOR-US: Cisco AnyConnect SSL VPN trial client
CVE-2009-5006 (The SessionAdapter::ExchangeHandlerImpl::checkAlternate function in ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5005 (The Cluster::deliveredEvent function in cluster/Cluster.cpp in Apache ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2009-5004
	RESERVED
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3845 (libapache-authenhook-perl 2.00-04 stores usernames and passwords in ...)
	- libapache-authenhook-perl 2.00-04+pristine-2 (low; bug #599712)
	[lenny] - libapache-authenhook-perl 2.00-04+pristine-1+lenny1
CVE-2010-4237
	RESERVED
	- mercurial 1.6.4-1 (low; bug #598841)
	[lenny] - mercurial <no-dsa> (Minor issue)
CVE-2010-3840 (The Gis_line_string::init_from_wkb function in sql/spatial.cc in MySQL ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3839 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...)
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3838 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3837 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3836 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3835 (MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3834 (Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3833 (MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-3 (bug #599937)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3832 (Heap-based buffer overflow in the GSM mobility management ...)
	NOT-FOR-US: Apple iOS Telophony
CVE-2010-3831 (Photos in Apple iOS before 4.2 enables support for HTTP Basic ...)
	NOT-FOR-US: Apple iOS Photos
CVE-2010-3830 (Networking in Apple iOS before 4.2 accesses an invalid pointer during ...)
	NOT-FOR-US: Apple iOS Networking
CVE-2010-3829 (WebKit in Apple iOS before 4.2 allows remote attackers to bypass the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3828 (iAd Content Display in Apple iOS before 4.2 allows man-in-the-middle ...)
	NOT-FOR-US: Apple iOS iAd
CVE-2010-3827 (Apple iOS before 4.2 does not properly validate signatures before ...)
	NOT-FOR-US: Apple iOS configuration installation utility
CVE-2010-3826 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3825
	RESERVED
CVE-2010-3824 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3823 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3822 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3821 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3820 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3819 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3818 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3817 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3816 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3815
	RESERVED
CVE-2010-3814 (Heap-based buffer overflow in the Ins_SHZ function in ttinterp.c in ...)
	{DSA-2155-1}
	- freetype 2.4.2-2.1 (bug #602221)
CVE-2010-3813 (The WebCore::HTMLLinkElement::process function in ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: fixed much earlier in chromium, but this was the version checked
CVE-2010-3812 (Integer overflow in the Text::wholeText method in dom/Text.cpp in ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 29.0.1547.57-1
	[squeeze] - chromium-browser <end-of-life>
	NOTE: fixed much earlier in chromium, but this was the version checked
	NOTE: http://www.zerodayinitiative.com/advisories/ZDI-10-257
CVE-2010-3811 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3810 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3809 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3808 (WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3807
	RESERVED
CVE-2010-3806
	RESERVED
CVE-2010-3805 (Integer underflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3804 (The JavaScript implementation in WebKit in Apple Safari before 5.0.3 ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3803 (Integer overflow in WebKit in Apple Safari before 5.0.3 on Mac OS X ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-3802 (Integer signedness error in Apple QuickTime before 7.6.9 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3801 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3800 (Apple QuickTime before 7.6.9 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3799
	RESERVED
CVE-2010-3798 (Heap-based buffer overflow in xar in Apple Mac OS X 10.6.x before ...)
	- xar <removed>
	[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-3797 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-3796 (Safari RSS in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does not ...)
	NOT-FOR-US: Apple Safari RSS
CVE-2010-3795 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3794 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3793 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3792 (Integer signedness error in QuickTime in Apple Mac OS X 10.6.x before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3791 (Buffer overflow in QuickTime in Apple Mac OS X 10.6.x before 10.6.5 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3790 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3789 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3788 (QuickTime in Apple Mac OS X 10.6.x before 10.6.5 accesses ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3787 (Heap-based buffer overflow in QuickTime in Apple Mac OS X 10.6.x ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-3786 (QuickLook in Apple Mac OS X 10.6.x before 10.6.5 allows remote ...)
	NOT-FOR-US: Apple QuickLook
CVE-2010-3785 (Buffer overflow in QuickLook in Apple Mac OS X 10.5.8 and 10.6.x ...)
	NOT-FOR-US: Apple QuickLook
CVE-2010-3784 (The PMPageFormatCreateWithDataRepresentation API in Printing in Apple ...)
	NOT-FOR-US: Apple Printing
CVE-2010-3783 (Password Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 does ...)
	NOT-FOR-US: Apple Password Server
CVE-2010-3782
	RESERVED
CVE-2010-3781 (The PL/php add-on 1.4 and earlier for PostgreSQL does not properly ...)
	- postgresql-9.0 9.0.1-1
CVE-2010-3780 (Dovecot 1.2.x before 1.2.15 allows remote authenticated users to cause ...)
	- dovecot 1:1.2.15-1 (bug #599521)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3779 (Dovecot 1.2.x before 1.2.15 and 2.0.x before 2.0.beta2 grants the ...)
	- dovecot 1:1.2.15-1 (bug #599521)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3778 (Unspecified vulnerability in Mozilla Firefox 3.5.x before 3.5.16, ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.11-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3777 (Unspecified vulnerability in Mozilla Firefox 3.6.x before 3.6.13 and ...)
	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3776 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	- icedove 3.0.11-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3775 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3774 (The NS_SecurityCompareURIs function in netwerk/base/public/nsNetUtil.h ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (Doesn't affect 1.9.0)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3773 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3772 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3771 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, and SeaMonkey ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3770 (Multiple cross-site scripting (XSS) vulnerabilities in the rendering ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3769 (The line-breaking implementation in Mozilla Firefox before 3.5.16 and ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.11-1
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (font-face support introduced in 1.9.1)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3768 (Mozilla Firefox before 3.5.16 and 3.6.x before 3.6.13, Thunderbird ...)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
	- icedove 3.0.11-1
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3767 (Integer overflow in the NewIdArray function in Mozilla Firefox before ...)
	{DSA-2132-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3766 (Use-after-free vulnerability in Mozilla Firefox before 3.5.16 and ...)
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner <not-affected> (Vulnerable code not present)
	- iceweasel 3.5.16-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.11-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3765 (Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.15-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.10-1
	- icedove 3.0.10-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (bug in optimization added later)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3764 (The Old Charts implementation in Bugzilla 2.12 through 3.2.8, 3.4.8, ...)
	- bugzilla 3.6.3.0-1 (bug #602420; low)
	[squeeze] - bugzilla 3.6.2.0-4.2
CVE-2010-3763 (Cross-site scripting (XSS) vulnerability in core/summary_api.php in ...)
	- mantis 1.1.8+dfsg-9 (bug #601618)
	[lenny] - mantis 1.1.6+dfsg-2lenny4
CVE-2010-3762 (ISC BIND before 9.7.2-P2, when DNSSEC validation is enabled, does not ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P2-1 (bug #599515)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
	NOTE: ACL bypass claimed to only affect >=9.7.2: https://kb.isc.org/article/AA-00935/0/CVE-2010-3762%3A-failure-to-handle-bad-signatures-if-multiple-trust-anchors-configured.html
	NOTE: The crash with multiple trust anchors affects 9.6 and is fixed in 9.6-ESV-R2.
CVE-2010-3761 (Unspecified vulnerability in IBM Tivoli Storage Manager (TSM) FastBack ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3760 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3759 (FastBackMount.exe in the Mount service in IBM Tivoli Storage Manager ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3758 (Multiple stack-based buffer overflows in FastBackServer.exe in the ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3757 (Format string vulnerability in the _Eventlog function in ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3756 (The _CalcHashValueWithLength function in FastBackServer.exe in the ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3755 (The _DAS_ReadBlockReply function in FastBackServer.exe in the Server ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3754 (The FXCLI_OraBR_Exec_Command function in FastBackServer.exe in the ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2010-3753 (programs/pluto/xauth.c in the client in Openswan 2.6.26 through 2.6.28 ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.26)
CVE-2010-3752 (programs/pluto/xauth.c in the client in Openswan 2.6.25 through 2.6.28 ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3751 (Multiple heap-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3750 (rjrmrpln.dll in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3749 (The browser-plugin implementation in RealNetworks RealPlayer 11.0 ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3748 (Stack-based buffer overflow in the RichFX component in RealNetworks ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3747 (An ActiveX control in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-3746
	RESERVED
CVE-2010-3745
	RESERVED
CVE-2010-3744
	RESERVED
CVE-2010-3743 (Directory traversal vulnerability in Visual Synapse HTTP Server 1.0 ...)
	NOT-FOR-US: Visual Synapse HTTP Server
CVE-2010-3742 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3741 (The offline backup mechanism in Research In Motion (RIM) BlackBerry ...)
	NOT-FOR-US: BlackBerry Desktop Software
CVE-2010-3740 (The Net Search Extender (NSE) implementation in the Text Search ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3739 (The audit facility in the Security component in IBM DB2 UDB 9.5 before ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3738 (The Security component in IBM DB2 UDB 9.5 before FP6a logs AUDIT ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3737 (Memory leak in the Relational Data Services component in IBM DB2 UDB ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3736 (Memory leak in the Relational Data Services component in IBM DB2 UDB ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3735 (The &quot;Query Compiler, Rewrite, Optimizer&quot; component in IBM DB2 UDB 9.5 ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3734 (The Install component in IBM DB2 UDB 9.5 before FP6a on Linux, UNIX, ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3733 (The Engine Utilities component in IBM DB2 UDB 9.5 before FP6a uses ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3732 (The DRDA Services component in IBM DB2 UDB 9.5 before FP6a allows ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3731 (Stack-based buffer overflow in the validateUser implementation in the ...)
	NOT-FOR-US: IBM DB2 UDB 9.5
CVE-2010-3730 (Google Chrome before 6.0.472.62 does not properly use information ...)
	- webkit <not-affected> (issue in libv8)
	- chromium-browser 6.0.472.62~r59676-1
	- libv8 <not-affected>
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45700
	NOTE: http://trac.webkit.org/changeset/67509
CVE-2010-3729 (The SPDY protocol implementation in Google Chrome before 6.0.472.62 ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.62~r59676-1
CVE-2010-3728
	REJECTED
CVE-2010-XXXX [amanda code injection]
	- amanda <not-affected> (Introduced in 3.1.1)
CVE-2010-3727
	REJECTED
CVE-2010-3726
	REJECTED
CVE-2010-3725
	REJECTED
CVE-2010-3724
	REJECTED
CVE-2010-3723
	REJECTED
CVE-2010-3722
	REJECTED
CVE-2010-3721
	REJECTED
CVE-2010-3720
	REJECTED
CVE-2010-3719 (Eval injection vulnerability in IMAdminSchedTask.asp in the ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2010-3718 (Apache Tomcat 7.0.0 through 7.0.3, 6.0.x, and 5.5.x, when running ...)
	{DSA-2160-1}
	- tomcat5.5 <removed> (low)
	[lenny] - tomcat5.5 <no-dsa> (Minor issue)
	- tomcat6 6.0.28-10 (bug #612257)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-3717 (The t3lib_div::validEmail function in TYPO3 4.2.x before 4.2.15, 4.3.x ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3716 (The be_user_creation task in TYPO3 4.2.x before 4.2.15 and 4.3.x ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3715 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.2.x ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3714 (The jumpUrl (aka access tracking) implementation in ...)
	{DSA-2121-1}
	- typo3-src 4.3.7-1
CVE-2010-3713 (rss.php in UseBB before 1.0.11 does not properly handle forum ...)
	NOT-FOR-US: UseBB
CVE-2010-3712 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before ...)
	NOT-FOR-US: Joomla
CVE-2010-3711 (libpurple in Pidgin before 2.7.4 does not properly validate the return ...)
	- pidgin 2.7.4-1
	[squeeze] - pidgin 2.7.3-1+squeeze1
CVE-2010-3710 (Stack consumption vulnerability in the filter_var function in PHP ...)
	{DSA-2195-1}
	- php5 5.3.3-3 (bug #601619)
CVE-2010-3709 (The ZipArchive::getArchiveComment function in PHP 5.2.x through 5.2.14 ...)
	{DSA-2195-1}
	- php5 5.3.3-4 (bug #603751)
CVE-2010-3708 (The serialization implementation in JBoss Drools in Red Hat JBoss ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-3707 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
	- dovecot 1:1.2.15-1
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3706 (plugins/acl/acl-backend-vfile.c in Dovecot 1.2.x before 1.2.15 and ...)
	- dovecot 1:1.2.15-1
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2010-3705 (The sctp_auth_asoc_get_hmac function in net/sctp/auth.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3704 (The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser ...)
	{DSA-2135-1 DSA-2119-1}
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.12.4-1.2 (bug #599165)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=39d140bfc0b8239bdd96d6a55842034ae5c05473
CVE-2010-3703 (The PostScriptFunction::PostScriptFunction function in ...)
	- kdegraphics 4:4.0.0-1
	[lenny] - kdegraphics <not-affected> (Vulnerable code not present)
	- xpdf 3.02-9
	[lenny] - xpdf <not-affected> (Vulnerable code not present)
	- poppler 0.12.4-1.2 (bug #599165)
	[lenny] - poppler <not-affected> (Vulnerable code not present)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=bf2055088a3a2d3bb3d3c37d464954ec1a25771f
CVE-2010-3702 (The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, ...)
	{DSA-2135-1 DSA-2119-1}
	- kdegraphics 4:4.0.0-1
	- xpdf 3.02-9
	- poppler 0.12.4-1.2 (bug #599165)
	NOTE: http://cgit.freedesktop.org/poppler/poppler/commit/?id=e853106b58d6b4b0467dbd6436c9bb1cfbd372cf
CVE-2010-3701 (lib/MessageStoreImpl.cpp in Red Hat Enterprise MRG before 1.2.2 allows ...)
	NOT-FOR-US: Red Hat Enterprise MRG
CVE-2010-3700 (VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before ...)
	NOT-FOR-US: VMware SpringSource Spring Security
CVE-2010-3699 (The backend driver in Xen 3.x allows guest OS users to cause a denial ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-31
CVE-2010-3698 (The KVM implementation in the Linux kernel before 2.6.36 does not ...)
	- linux-2.6 2.6.32-28
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-3697 (The wait_for_child_to_die function in main/event.c in FreeRADIUS 2.1.x ...)
	- freeradius 2.1.10+dfsg-1 (bug #600176; unimportant)
	NOTE: requires server to be down already
CVE-2010-3696 (The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in ...)
	- freeradius 2.1.10+dfsg-1 (bug #600176)
	[lenny] - freeradius <not-affected> (Vulnerable code not present)
CVE-2010-3695 (Cross-site scripting (XSS) vulnerability in fetchmailprefs.php in ...)
	{DSA-2204-1}
	- imp4 4.3.7+debian0-2.1 (bug #598584; low)
	NOTE: http://archives.neohapsis.com/archives/fulldisclosure/2010-09/0379.html
CVE-2010-3694 (Cross-site request forgery (CSRF) vulnerability in the Horde ...)
	{DSA-2278-1}
	- horde3 3.3.8+debian0-2 (bug #598582)
	NOTE: http://lists.horde.org/archives/announce/2010/000568.html
CVE-2010-3693 (Cross-site scripting (XSS) vulnerability in Horde Dynamic IMP (DIMP) ...)
	- dimp1 1.1.4+debian2-1.1 (bug #598583)
	NOTE: http://lists.horde.org/archives/announce/2010/000561.html
CVE-2010-3692 (Directory traversal vulnerability in the callback function in ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3691 (PGTStorage/pgt-file.php in phpCAS before 1.1.3, when proxy mode is ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3690 (Multiple cross-site scripting (XSS) vulnerabilities in phpCAS before ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-3689 (soffice in OpenOffice.org (OOo) 3.x before 3.3 places a zero-length ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3687 (Unspecified vulnerability in the powermail extension 1.5.3 and earlier ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3686 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3685 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-4340 (libcloud before 0.4.1 does not verify SSL certificates for HTTPS ...)
	- libcloud 0.5.0-1 (low; bug #598463)
CVE-2010-3688 (Directory traversal vulnerability in ADMIN/login.php in NetArtMEDIA ...)
	NOT-FOR-US: NetArtMEDIA WebSiteAdmin
CVE-2010-3684 (The FTP authentication module in Synology Disk Station 2.x logs ...)
	NOT-FOR-US: Synology Disk Station
CVE-2010-3683 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 sends an OK packet ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3682 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3681 (Oracle MySQL 5.1 before 5.1.49 and 5.5 before 5.5.5 allows remote ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3680 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3679 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3678 (Oracle MySQL 5.1 before 5.1.49 allows remote authenticated users to ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3677 (Oracle MySQL 5.1 before 5.1.49 and 5.0 before 5.0.92 allows remote ...)
	{DSA-2143-1}
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
CVE-2010-3676 (storage/innobase/dict/dict0crea.c in mysqld in Oracle MySQL 5.1 before ...)
	- mysql-5.1 5.1.49-1 (bug #598580)
	- mysql-dfsg-5.0 <removed>
	[lenny] - mysql-dfsg-5.0 <not-affected> (vulnerable code not present)
CVE-2010-3675
	RESERVED
CVE-2010-3658 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3657 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3656 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3655 (Stack-based buffer overflow in dirapi.dll in Adobe Shockwave Player ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-3654 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3653 (The Director module (dirapi.dll) in Adobe Shockwave Player before ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2010-3652 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3651
	RESERVED
CVE-2010-3650 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3649 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3648 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3647 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3646 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3645 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3644 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3643 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3642 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3641 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3640 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3639 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3638 (Unspecified vulnerability in Adobe Flash Player before 9.0.289.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3637 (An unspecified ActiveX control in Adobe Flash Player before 9.0.289.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3636 (Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-3635 (Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, 3.5.x before 3.5.5, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3634 (Unspecified vulnerability in the edge process in Adobe Flash Media ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3633 (Memory leak in Adobe Flash Media Server (FMS) 3.0.x before 3.0.7, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-3632 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3631 (Array index error in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3630 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3629 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3628 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3627 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3626 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3625 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3624 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.5 ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3623 (Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3622 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3621 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3620 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3619 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-3618 (PGP Desktop 10.0.x before 10.0.3 SP2 and 10.1.0 before 10.1.0 SP1 does ...)
	NOT-FOR-US: PGP Desktop
CVE-2010-3617
	RESERVED
CVE-2010-3616 (ISC DHCP server 4.2 before 4.2.0-P2, when configured to use failover ...)
	- isc-dhcp <not-affected> (Only affects 4.2.x)
	- dhcp3 <not-affected> (Only affects 4.2.x)
	- dhcp <not-affected> (Only affects 4.2.x)
CVE-2010-3615 (named in ISC BIND 9.7.2-P2 does not check all intended locations for ...)
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	[lenny] - bind9 <not-affected> (Doesn't affect 9.6 ESV)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3614 (named in ISC BIND 9.x before 9.6.2-P3, 9.7.x before 9.7.2-P3, 9.4-ESV ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3613 (named in ISC BIND 9.6.2 before 9.6.2-P3, 9.6-ESV before 9.6-ESV-R3, ...)
	{DSA-2130-1}
	- bind9 1:9.7.2.dfsg.P3-1 (bug #605876)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P3/RELEASE-NOTES-BIND-9.7.2-P3.html
CVE-2010-3612
	RESERVED
CVE-2010-3611 (ISC DHCP server 4.0 before 4.0.2, 4.1 before 4.1.2, and 4.2 before ...)
	- isc-dhcp 4.1.1-P1-14
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- dhcp <not-affected> (Only affects DHCP 4.x)
CVE-2010-3610
	RESERVED
CVE-2010-3609 (The extension parser in slp_v2message.c in OpenSLP 1.2.1, and other ...)
	{DLA-304-1}
	- openslp-dfsg 1.2.1-8 (low; bug #623551)
	[squeeze] - openslp-dfsg <no-dsa> (Minor issue)
	[lenny] - openslp-dfsg <no-dsa> (Minor issue)
CVE-2010-3659 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 CMS 4.1.x ...)
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3660 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3661 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3662 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3663 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3664 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3665 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3666 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3667 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3668 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3669 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3670 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3671 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3672 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3673 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-3674 [Multiple security issues]
	RESERVED
	{DSA-2098-1}
	- typo3-src 4.3.5-1 (bug #590719)
CVE-2010-XXXX [piwigo]
	- piwigo 2.1.2-2
	NOTE: http://www.exploit-db.com/exploits/14973/
	NOTE: First unfilled CVE-request http://www.openwall.com/lists/oss-security/2010/12/07/1
	NOTE: Second CVE-request http://www.openwall.com/lists/oss-security/2012/10/06/3
CVE-2010-3608 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
	NOT-FOR-US: wpQuiz
CVE-2010-3607 (Cross-site scripting (XSS) vulnerability in AGENTS/index.php in NetArt ...)
	NOT-FOR-US: NetArt MEDIA Real Estate Portal
CVE-2010-3606 (Multiple directory traversal vulnerabilities in AGENTS/index.php in ...)
	NOT-FOR-US: NetArt MEDIA Real Estate Portal
CVE-2010-3605 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3604 (SQL injection vulnerability in the powermail extension 1.5.3 and ...)
	NOT-FOR-US: powermail extension 1.5.3 for typo3
CVE-2010-3603 (Cross-site request forgery (CSRF) vulnerability in the file manager ...)
	NOT-FOR-US: mojoPortal
CVE-2010-3602 (Cross-site scripting (XSS) vulnerability in ProfileView.aspx in ...)
	NOT-FOR-US: mojoPortal
CVE-2010-3601 (SQL injection vulnerability in index.php in ibPhotohost 1.1.2 allows ...)
	NOT-FOR-US: ibPhotohost
CVE-2010-3499 (F-Secure Anti-Virus does not properly interact with the processing of ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2010-3498 (AVG Anti-Virus does not properly interact with the processing of ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2010-3497 (Symantec Norton AntiVirus 2011 does not properly interact with the ...)
	NOT-FOR-US: Symantec Norton AntiVirus
CVE-2010-3496 (McAfee VirusScan Enterprise 8.5i and 8.7i does not properly interact ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2010-3495 (Race condition in ZEO/StorageServer.py in Zope Object Database (ZODB) ...)
	- zodb 1:3.9.4-1.1 (bug #599711)
CVE-2010-3494 (Race condition in the FTPHandler class in ftpserver.py in pyftpdlib ...)
	- python-pyftpdlib 0.5.2-1 (low)
	NOTE: http://code.google.com/p/pyftpdlib/issues/detail?id=104
CVE-2010-3493 (Multiple race conditions in smtpd.py in the smtpd module in Python ...)
	- python3.1 3.1.2+20100829-1
	- python2.6 2.6.6-1 (low; bug #601690)
	- python2.5 <unfixed> (low)
	[squeeze] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
CVE-2010-3492 (The asyncore module in Python before 3.2 does not properly handle ...)
	- python2.7 2.7.8-11 (unimportant)
	- python3.1 <removed> (unimportant)
	- python3.2 3.4.2-1 (unimportant)
	NOTE: likely fixed much earlier, but these were the versions checked
CVE-2010-3491 (The (1) ActiveMatrix Runtime and (2) ActiveMatrix Administrator ...)
	NOT-FOR-US: TIBCO ActiveMatrix Service Grid
CVE-2010-3490 (Directory traversal vulnerability in page.recordings.php in the System ...)
	NOT-FOR-US: FreePBX
CVE-2010-3489 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: CMS Digital Workroom
CVE-2010-3488 (Directory traversal vulnerability in QuickShare 1.0 allows remote ...)
	NOT-FOR-US: QuickShare
CVE-2010-3487 (Directory traversal vulnerability in YelloSoft Pinky 1.0 for Windows ...)
	NOT-FOR-US: YelloSoft Pinky
CVE-2010-3486 (Directory traversal vulnerability in FileStorageUpload.ashx in ...)
	NOT-FOR-US: SmarterMail
CVE-2010-3483 (cms_write.php in Primitive CMS 1.0.9 does not properly restrict ...)
	NOT-FOR-US: Primitive CMS
CVE-2010-3482 (Multiple SQL injection vulnerabilities in cms_write.php in Primitive ...)
	NOT-FOR-US: Primitive CMS
CVE-2010-3481 (Multiple SQL injection vulnerabilities in login.php in ApPHP PHP ...)
	NOT-FOR-US: MicroCMS
CVE-2010-3480 (Directory traversal vulnerability in index.php in ApPHP PHP MicroCMS ...)
	NOT-FOR-US: MicroCMS
CVE-2010-3479 (SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote ...)
	NOT-FOR-US: BoutikOne
CVE-2009-5003 (SQL injection vulnerability in click.php in e-soft24 Banner Exchange ...)
	NOT-FOR-US: e-soft24 Banner Exchange Script
CVE-2010-3478
	RESERVED
CVE-2010-3477 (The tcf_act_police_dump function in net/sched/act_police.c in the ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3600 (Unspecified vulnerability in the Client System Analyzer component in ...)
	NOT-FOR-US: Oracle Database
CVE-2010-3599 (Unspecified vulnerability in the Oracle Document Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3598 (Unspecified vulnerability in the Oracle Document Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3597 (Unspecified vulnerability in the Oracle Outside In Technology ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3596 (Unspecified vulnerability in the mod_ssl component in Oracle Secure ...)
	NOT-FOR-US: Dupe of CVE-2009-3555, will be rejected
CVE-2010-3595 (Unspecified vulnerability in the Oracle Document Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3594 (Unspecified vulnerability in the Real User Experience Insight ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-3593 (Unspecified vulnerability in the Health Sciences - Oracle Argus Safety ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2010-3592 (Unspecified vulnerability in the Oracle Document Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3591 (Unspecified vulnerability in the Oracle Document Capture component in ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3590 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2010-3589 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle Application Object Library component
CVE-2010-3588 (Unspecified vulnerability in the Oracle Discoverer component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3587 (Unspecified vulnerability in the Oracle Common Applications component ...)
	NOT-FOR-US: Oracle Applications
CVE-2010-3586 (Unspecified vulnerability in Oracle Solaris 9 allows local users to ...)
	- xscreensaver <not-affected> (Solaris-specific patch)
CVE-2010-3585 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3584 (Unspecified vulnerability in the Oracle VM component in Oracle VM ...)
	NOT-FOR-US: OracleVM
CVE-2010-3583 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3582 (Unspecified vulnerability in the OracleVM component in Oracle VM 2.2.1 ...)
	NOT-FOR-US: OracleVM
CVE-2010-3581 (Unspecified vulnerability in the BPEL Console component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-3580 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3579 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun ...)
	NOT-FOR-US: Java Communications Suite
CVE-2010-3578 (Unspecified vulnerability in Oracle OpenSolaris allows remote ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3577 (Unspecified vulnerability in Oracle OpenSolaris allows remote ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3576 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3575 (Unspecified vulnerability in the Oracle Communications Messaging ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3574 (Unspecified vulnerability in the Networking component in Oracle Java ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3573 (Unspecified vulnerability in the Networking component in Oracle Java ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3572 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3571 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3570 (Unspecified vulnerability in the Deployment Toolkit component in ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3569 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3568 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3567 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3566 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3565 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3564 (Unspecified vulnerability in the Oracle Communications Messaging ...)
	- openjdk-6 6b18-1.8.2-1
CVE-2010-3563 (Unspecified vulnerability in the Deployment component in Oracle Java ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3562 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3561 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3560 (Unspecified vulnerability in the Networking component in Oracle Java ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3559 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3558 (Unspecified vulnerability in the Java Web Start component in Oracle ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3557 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3556 (Unspecified vulnerability in the 2D component in Oracle Java SE and ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3555 (Unspecified vulnerability in the Deployment component in Oracle Java ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3554 (Unspecified vulnerability in the CORBA component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3553 (Unspecified vulnerability in the Swing component in Oracle Java SE and ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3552 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3551 (Unspecified vulnerability in the Networking component in Oracle Java ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3550 (Unspecified vulnerability in the Java Web Start component in Oracle ...)
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3549 (Unspecified vulnerability in the Networking component in Oracle Java ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3548 (Unspecified vulnerability in the Java Naming and Directory Interface ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3547 (Unspecified vulnerability in the PeopleSoft FMS ESA - EX component in ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-3546 (Unspecified vulnerability in the Sun Java System Identity Manager ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3545 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3544 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3543
	REJECTED
CVE-2010-3542 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3541 (Unspecified vulnerability in the Networking component in Oracle Java ...)
	- openjdk-6 6b18-1.8.2-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-3540 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3539 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3538 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - GL ...)
	NOT-FOR-US: PeopleSoft Enterprise FMS
CVE-2010-3537 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM ...)
	NOT-FOR-US: PeopleSoft Enterprise FMS
CVE-2010-3536 (Unspecified vulnerability in the PeopleSoft Enterprise SCM component ...)
	NOT-FOR-US: PeopleSoft Enterprise SCM
CVE-2010-3535 (Unspecified vulnerability in the Directory Server Enterprise Edition ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3534 (Unspecified vulnerability in the Primavera P6 Enterprise Project ...)
	NOT-FOR-US: Oracle Primavera Products Suite
CVE-2010-3533 (Unspecified vulnerability in the PeopleSoft Enterprise SCM OM and CRM ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3532 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Order ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3531 (Unspecified vulnerability in the PeopleSoft Enterprise FMS ESA - RM ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3530 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - HR ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3529 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - Cash ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3528 (Unspecified vulnerability in the PeopleSoft Enterprise CRM - Common ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3527 (Unspecified vulnerability in the PeopleSoft Enterprise FMS - AM ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3526 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - PO ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3525 (Unspecified vulnerability in the (1) PeopleSoft Enterprise FMS, (2) ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3524 (Unspecified vulnerability in the PeopleSoft Enterprise SCM - Strategic ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3523 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3522 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3521 (Unspecified vulnerability in the PeopleSoft Enterprise HCM ePay ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3520 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3519 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3518 (Unspecified vulnerability in the PeopleSoft Enterprise HCM GP - Japan ...)
	NOT-FOR-US: Oracle PeopleSoft and JDEdwards Suite
CVE-2010-3517 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3516 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3515 (Unspecified vulnerability in the Solaris component in Oracle Solaris 9 ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3514 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-3513 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...)
	NOT-FOR-US: Oracle Solaris and OpenSolaris
CVE-2010-3512 (Unspecified vulnerability in the Oracle iPlanet Web Server (Sun Java ...)
	NOT-FOR-US: Oracle iPlanet Web Server
CVE-2010-3511 (Unspecified vulnerability in Oracle OpenSolaris allows local users to ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-3510 (Unspecified vulnerability in the Oracle WebLogic Server component in ...)
	NOT-FOR-US: Oracle WebLogic
CVE-2010-3509 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3508 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3507 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-3506 (Unspecified vulnerability in the Oracle Explorer (Sun Explorer) ...)
	NOT-FOR-US: Oracle Explorer
CVE-2010-3505 (Unspecified vulnerability in the Agile Core component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products
CVE-2010-3504 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-3503 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Oracle Solaris 10 and OpenSolaris
CVE-2010-3502 (Unspecified vulnerability in the Siebel Core component in Oracle ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3501 (Unspecified vulnerability in the OID component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-3500 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-3476 (Open Ticket Request System (OTRS) 2.3.x before 2.3.6 and 2.4.x before ...)
	- otrs2 2.4.8+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2010-3475 (IBM DB2 9.7 before FP3 does not properly enforce privilege ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3474 (IBM DB2 9.7 before FP3 does not perform the expected drops or ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3473 (Open redirect vulnerability in the Workplace (aka WP) component in IBM ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3472 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3471 (Session fixation vulnerability in the Workplace (aka WP) component in ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3470 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3469
	RESERVED
CVE-2010-3468 (Directory traversal vulnerability in fileManager.cfc in Mura CMS 5.1 ...)
	NOT-FOR-US: Mura CMS
CVE-2009-5002 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-5001 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-5000 (Multiple cross-site scripting (XSS) vulnerabilities in the Workplace ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4999 (Cross-site scripting (XSS) vulnerability in the Workplace (aka WP) ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2009-4998 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2008-7261 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2006-7242 (The Workplace (aka WP) component in IBM FileNet P8 Application Engine ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2006-7241 (The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) ...)
	NOT-FOR-US: IBM FileNet P8 Application Engine
CVE-2010-3467 (SQL injection vulnerability in modules/sections/index.php in ...)
	NOT-FOR-US: E-Xoopport Samsara
CVE-2010-3466 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: NetArt Media iBoutique.MALL
CVE-2010-3465 (Multiple cross-site scripting (XSS) vulnerabilities in XSE Shopping ...)
	NOT-FOR-US: XSE Shopping Cart
CVE-2010-3464 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: SantaFox
CVE-2010-3463 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SantaFox
CVE-2010-3462 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Mollify
CVE-2010-3461 (SQL injection vulnerability in the Publisher module in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia
CVE-2010-3460 (Directory traversal vulnerability in the HTTP interface in AXIGEN Mail ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2010-3459 (Cross-site scripting (XSS) vulnerability in the Ajax WebMail interface ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2010-3458 (SQL injection vulnerability in lib/toolkit/events/event.section.php in ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-3457 (Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-3456 (Directory traversal vulnerability in download.php in EnergyScripts ...)
	NOT-FOR-US: EnergyScripts Simple Download
CVE-2010-3455 (Cross-site scripting (XSS) vulnerability in index.php in AChecker 1.0 ...)
	NOT-FOR-US: AChecker
CVE-2010-3454 (Multiple off-by-one errors in the WW8DopTypography::ReadFromMem ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3453 (The WW8ListManager::WW8ListManager function in oowriter in ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3452 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3451 (Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3450 (Multiple directory traversal vulnerabilities in OpenOffice.org (OOo) ...)
	{DSA-2151-1}
	- openoffice.org 1:3.2.1-11+squeeze2
CVE-2010-3449 (Cross-site request forgery (CSRF) vulnerability in Redback before ...)
	NOT-FOR-US: Redback
CVE-2010-3448 (drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-12 (bug #565790; unimportant)
	NOTE: this is more of a hardware bug rather than a security issue
CVE-2010-3447 (Cross-site scripting (XSS) vulnerability in view.php in the file ...)
	- gollem 1.1.1+debian0-1.1 (bug #598585)
	[lenny] - gollem <not-affected> ($filename not printed directly and passed through htmlspecialchars())
	NOTE: http://bugs.horde.org/ticket/9191
CVE-2010-3446
	RESERVED
CVE-2010-3445 (Stack consumption vulnerability in the dissect_ber_unknown function in ...)
	{DSA-2127-1}
	- wireshark 1.2.11-3 (low)
	NOTE: http://archives.neohapsis.com/archives/bugtraq/2010-09/0088.html
CVE-2010-3444 (Buffer overflow in the log2vis_utf8 function in pyfribidi.c in GNU ...)
	- pyfribidi 0.10.0-2 (bug #570068)
	[lenny] - pyfribidi <not-affected> (fribidi 0.19.1 or higher needs to be installed to trigger this)
CVE-2010-3443 (ctcphandler.cpp in Quassel before 0.6.3 and 0.7.x before 0.7.1 allows ...)
	- quassel 0.7.1-1 (bug #597853)
	[squeeze] - quassel 0.6.3-1
	NOTE: https://bugs.launchpad.net/ubuntu/+source/quassel/+bug/629774
CVE-2010-3442 (Multiple integer overflows in the snd_ctl_new function in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
	NOTE: http://git.kernel.org/?p=linux/kernel/git/tiwai/sound-2.6.git;a=commitdiff;h=5591bf07225523600450edd9e6ad258bb877b779
CVE-2010-3441 (Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote ...)
	- abcm2ps 5.9.13-0.1 (low; bug #577014)
	[lenny] - abcm2ps <no-dsa> (Minor issue)
CVE-2010-3440 [babiloo insecure downloading and unpacking of dictionary files]
	RESERVED
	- babiloo 2.0.11-1 (low; bug #591995)
CVE-2010-3439 [alien-arena: server dos]
	RESERVED
	- alien-arena 7.33-5 (low; bug #575621)
	[lenny] - alien-arena 7.0-1+lenny2
CVE-2010-3438 [Insufficient stripping of CR/LF allows arbitrary IRC command execution]
	RESERVED
	- libpoe-component-irc-perl 6.32+dfsg-1
	[lenny] - libpoe-component-irc-perl 5.84+dfsg-1+lenny1 (bug #581194)
CVE-2010-3437 (Integer signedness error in the pkt_find_dev_from_minor function in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3436 (fopen_wrappers.c in PHP 5.3.x through 5.3.3 might allow remote ...)
	- php5 5.3.3-4 (unimportant)
	NOTE: http://svn.php.net/viewvc?view=revision&revision=303824
CVE-2010-3435 (The (1) pam_env and (2) pam_mail modules in Linux-PAM (aka pam) before ...)
	- pam 1.1.3-1 (low; bug #599832)
	[squeeze] - pam <no-dsa> (Minor issue)
	[lenny] - pam <no-dsa> (Minor issue)
	NOTE: Fix from 1.1.2 is not fully complete
CVE-2010-3434 (Buffer overflow in the find_stream_bounds function in pdf.c in ...)
	- clamav 0.96.3+dfsg-1
	[lenny] - clamav <end-of-life>
	NOTE: libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)
CVE-2010-3433 (The PL/perl and PL/Tcl implementations in PostgreSQL 7.4 before ...)
	{DSA-2120-1}
	- postgresql-9.0 9.0.1-1
	- postgresql-8.4 8.4.5-1
	[squeeze] - postgresql-8.4 8.4.5-0squeeze1
	- postgresql-8.3 <removed>
CVE-2010-3432 (The sctp_packet_config function in net/sctp/output.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3431 (The privilege-dropping implementation in the (1) pam_env and (2) ...)
	- pam 1.1.3-1 (low; bug #599832)
	[squeeze] - pam <no-dsa> (Minor issue)
	NOTE: 20100924164823.GA21584@openwall.com
CVE-2010-3430 (The privilege-dropping implementation in the (1) pam_env and (2) ...)
	- pam 1.1.3-1 (bug #599832)
	[squeeze] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
	[lenny] - pam <not-affected> (Affected functionality introduced in 1.1.2, see #599832)
	NOTE: 20100924164823.GA21584@openwall.com
CVE-2010-3429 (flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in ...)
	{DSA-2165-1}
	- ffmpeg 4:0.5.2-6 (bug #598590)
	- ffmpeg-debian <removed>
	NOTE: http://www.ocert.org/advisories/ocert-2010-004.html
CVE-2010-XXXX [mingetty directory traversal]
	- mingetty 1.07-2 (low; bug #597382)
	[lenny] - mingetty <no-dsa> (Minor issue)
CVE-2010-XXXX [config file world readable]
	- sabnzbdplus 0.5.4-1 (low; bug #593829)
CVE-2010-XXXX [signature verification issue]
	- dpkg 1.15.1 (unimportant; bug #592115)
CVE-2008-XXXX [greylistd bypass]
	- greylistd 0.8.7+nmu2 (low; bug #464084)
	[lenny] - greylistd <no-dsa> (Minor issue)
CVE-2010-XXXX [numpy memory corruption]
	- python-numpy 1:1.4.1-5 (low; bug #581058)
	[lenny] - python-numpy <no-dsa> (Minor issue)
	NOTE: http://projects.scipy.org/numpy/changeset/8364
CVE-2010-XXXX [mediatomb directory traversal]
	- mediatomb 0.12.1-47-g7ab7616-1 (low; bug #580120; bug #778669)
	[wheezy] - mediatomb 0.12.1-4+deb7u1
	[squeeze] - mediatomb 0.12.0~svn2018-6.1
	NOTE: was previously fixed in 580120 but patch was not applied to later maintainer uploads
CVE-2010-3428 (SQL injection vulnerability in modules/notes/json.php in Intermesh ...)
	NOT-FOR-US: Intermesh Group-Office
CVE-2010-3427 (Multiple cross-site scripting (XSS) vulnerabilities in Open ...)
	NOT-FOR-US: Open Classifieds
CVE-2010-3426 (Directory traversal vulnerability in jphone.php in the JPhone ...)
	NOT-FOR-US: JPhone for Joomla
CVE-2010-3425 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SmarterStats
CVE-2010-3424 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Invision Power Board
CVE-2010-3423 (SQL injection vulnerability in the Yr Weatherdata module for Drupal ...)
	NOT-FOR-US: Yr Weatherdata module for Drupal
CVE-2010-3422 (SQL injection vulnerability in the JGen (com_jgen) component 0.9.33 ...)
	NOT-FOR-US: JGen for Joomla
CVE-2010-3421 (Cross-site scripting (XSS) vulnerability in AffiliateLogin.asp in ...)
	NOT-FOR-US: ProductCart
CVE-2010-3420 (Cross-site scripting (XSS) vulnerability in Products_Results.php in ...)
	NOT-FOR-US: PowerStore
CVE-2010-3419 (Multiple PHP remote file inclusion vulnerabilities in Haudenschilt ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2010-3418 (Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2010-3417 (Google Chrome before 6.0.472.59 does not prompt the user before ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3416 (Google Chrome before 6.0.472.59 on Linux does not properly implement ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44960
	NOTE: http://trac.webkit.org/changeset/66689
CVE-2010-3415 (Google Chrome before 6.0.472.59 does not properly implement ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45112
	NOTE: http://trac.webkit.org/changeset/66837
	NOTE: depends on http://trac.webkit.org/changeset/66837
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=45257
CVE-2010-3414 (Google Chrome before 6.0.472.59 on Mac OS X does not properly ...)
	- webkit <not-affected> (Does not affect linux)
	- chromium-browser <not-affected> (Does not affect linux)
CVE-2010-3413 (Unspecified vulnerability in the pop-up blocking functionality in ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3412 (Race condition in the console implementation in Google Chrome before ...)
	- libv8 2.2.24-6 (bug #597856)
CVE-2010-3411 (Google Chrome before 6.0.472.59 on Linux does not properly handle ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 6.0.472.59~r59126-1
CVE-2010-3410
	REJECTED
CVE-2010-3409
	REJECTED
CVE-2010-3408
	REJECTED
CVE-2010-3407 (Stack-based buffer overflow in the MailCheck821Address function in ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-3406 (Unspecified vulnerability in sa_snap in the bos.esagent fileset in IBM ...)
	NOT-FOR-US: AIX 5.3
CVE-2010-3405 (Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, ...)
	NOT-FOR-US: AIX 6.1, VIOS
CVE-2010-3404 (Multiple SQL injection vulnerabilities in eshtery CMS (aka ...)
	NOT-FOR-US: eshtery CMS
CVE-2010-3403 (Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic ...)
	NOT-FOR-US: Qualcomm eXtensible Diagnostic Monitor
CVE-2010-3402 (Untrusted search path vulnerability in IDM Computer Solutions ...)
	NOT-FOR-US: UltraEdit
CVE-2010-3401
	RESERVED
CVE-2010-3400 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
CVE-2010-3399 (The js_InitRandom function in the JavaScript implementation in Mozilla ...)
	NOTE: These will likely be rejected, Mozilla people will clarify with MITRE
CVE-2010-3398 (Unspecified vulnerability in the webcontainer implementation in IBM ...)
	NOT-FOR-US: IBM Lotus Sametime Connect
CVE-2010-3397 (Untrusted search path vulnerability in PGP Desktop 9.9.0 Build 397, ...)
	NOT-FOR-US: PGP Desktop
CVE-2010-3396 (Buffer overflow in kavfm.sys in Kingsoft Antivirus 2010.04.26.648 and ...)
	NOT-FOR-US: Kingsoft Antivirus
CVE-2010-3395
	RESERVED
CVE-2010-3394 (The (1) texmacs and (2) tm_mupad_help scripts in TeXmacs 1.0.7.4 place ...)
	- texmacs 1:1.0.7.7-1.1 (bug #598424)
	[squeeze] - texmacs 1:1.0.7.4-3.1
	[lenny] - texmacs <no-dsa> (minor issue)
CVE-2010-3393 (magics-config in Magics++ 2.10.0 places a zero-length directory name ...)
	- magics++ 2.10.0.dfsg-5.1 (bug #598418)
CVE-2010-3392
	RESERVED
CVE-2010-3391
	RESERVED
CVE-2010-3390
	RESERVED
CVE-2010-3389 (The (1) SAPDatabase and (2) SAPInstance scripts in OCF Resource Agents ...)
	- cluster-agents 1:1.0.3-3.1 (bug #598549)
CVE-2010-3388
	RESERVED
CVE-2010-3387 (** DISPUTED ** ...)
	- vdr 1.6.0-19.1 (unimportant; bug #598308)
	NOTE: Only affects a debugging tool, see bug #598308
CVE-2010-3386 (usttrace in LTTng Userspace Tracer (aka UST) 0.7 places a zero-length ...)
	- ust 0.7-2.1 (bug #598309)
	[squeeze] - ust 0.5-1+squeeze1
	[wheezy] - ust 0.5-1+squeeze1
CVE-2010-3385 (TuxGuitar 1.2 places a zero-length directory name in the ...)
	- tuxguitar 1.2-7 (bug #598307)
	[lenny] - tuxguitar <no-dsa> (Minor issue)
CVE-2010-3384 (The (1) torcs, (2) nfsperf, (3) accc, (4) texmapper, (5) trackgen, and ...)
	- torcs 1.3.1-5 (bug #598306)
	[lenny] - torcs <no-dsa> (Minor issue)
CVE-2010-3383 (The (1) teamspeak and (2) teamspeak-server scripts in TeamSpeak 2.0.32 ...)
	- teamspeak-client 2.0.32-3.1 (low; bug #598304)
	[lenny] - teamspeak-client <no-dsa> (Non-free not supported)
	- teamspeak-server 2.0.24.1+debian-1.1 (low; bug #598305)
	[lenny] - teamspeak-server <no-dsa> (Non-free not supported)
CVE-2010-3382 (tauex in Tuning and Analysis Utilities (TAU) 2.16.4 places a ...)
	- tau 2.16.4-1.4 (bug #598303)
CVE-2010-3381 (The (1) tangerine and (2) tangerine-properties scripts in Tangerine ...)
	- tangerine 0.3.2.2-6 (bug #598302)
	[lenny] - tangerine <no-dsa> (minor issue)
CVE-2010-3380 (The (1) init.d/slurm and (2) init.d/slurmdbd scripts in SLURM before ...)
	- slurm-llnl 2.1.15-2 (bug #602340)
	[wheezy] - slurm-llnl 2.1.11-1squeeze1 (bug #602340)
	[squeeze] - slurm-llnl 2.1.11-1squeeze1 (bug #602340)
	[lenny] - slurm-llnl <no-dsa> (Minor issue)
	NOTE: Debian package ships its own, also vulnerable, init script. NOT fixed in 2.1.14-1
CVE-2010-3379
	RESERVED
CVE-2010-3378 (The (1) scilab, (2) scilab-cli, and (3) scilab-adv-cli scripts in ...)
	- scilab 5.2.2-8 (bug #598423; bug #598422)
	[lenny] - scilab <no-dsa> (Non-free not supported)
CVE-2010-3377 (The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) ...)
	- salome 5.1.3-11 (bug #598421)
CVE-2010-3376 (The (1) proofserv, (2) xrdcp, (3) xrdpwdadmin, and (4) xrd scripts in ...)
	- root-system 5.34.00-1 (bug #598420; bug #598419)
	[lenny] - root-system <no-dsa> (minor issue)
CVE-2010-3375
	RESERVED
	- qtparted 0.4.5-8 (low; bug #598301)
	[lenny] - qtparted <no-dsa> (Minor issue)
CVE-2010-3374 (Qt Creator before 2.0.1 places a zero-length directory name in the ...)
	- qtcreator 1.3.1-3 (bug #598300)
CVE-2010-3373
	RESERVED
	- paxtest 1:0.9.9-1 (unimportant; bug #598413)
CVE-2010-3372 (Untrusted search path vulnerability in NorduGrid Advanced Resource ...)
	- nordugrid-arc-nox 1.1.0~rc6-2.1 (bug #606151)
CVE-2010-3371
	RESERVED
CVE-2010-3370
	RESERVED
CVE-2010-3369 (The (1) mdb and (2) mdb-symbolreader scripts in mono-debugger 2.4.3, ...)
	- mono-debugger 2.6.3-2.1 (low; bug #598299)
	[lenny] - mono-debugger <no-dsa> (Minor issue)
CVE-2010-3368
	RESERVED
CVE-2010-3367
	RESERVED
CVE-2010-3366 (Mn_Fit 5.13 places a zero-length directory name in the ...)
	- mn-fit <removed> (bug #598298)
	[lenny] - mn-fit <no-dsa> (Minor issue)
CVE-2010-3365 (Mistelix 0.31 places a zero-length directory name in the ...)
	- mistelix 0.31-2 (low; bug #598297)
CVE-2010-3364 (The vips-7.22 script in VIPS 7.22.2 places a zero-length directory ...)
	- vips 7.14.5-2 (unimportant; bug #598296)
	NOTE: Scripts are not used for any real world scenarios
CVE-2010-3363 (roarify in roaraudio 0.3 places a zero-length directory name in the ...)
	- roaraudio 0.3-2 (low; bug #598295)
	[lenny] - roaraudio <no-dsa> (Minor issue)
CVE-2010-3362 (lastfm 1.5.4 places a zero-length directory name in the ...)
	- lastfm 1:1.5.4.26862+dfsg-5 (low; bug #598294)
	[lenny] - lastfm 1:1.5.1.31879.dfsg-1+lenny1
CVE-2010-3361 (The (1) iked, (2) ikea, and (3) ikec scripts in Shrew Soft IKE 2.1.5 ...)
	- ike 2.1.5+dfsg-2 (low; bug #598292)
	[lenny] - ike <no-dsa> (Minor issue)
CVE-2010-3360 (Hipo 0.6.1 places a zero-length directory name in the LD_LIBRARY_PATH, ...)
	- hipo <removed> (bug #598291)
	[lenny] - hipo <no-dsa> (Minor issue)
CVE-2010-3359 [gargoyle: insecure library loading]
	RESERVED
	- gargoyle-free 2009-08-25-2
	NOTE: http://groups.google.com/group/garglk-dev/browse_thread/thread/1c92ab6f24d5ebe6
CVE-2010-3358 (HenPlus JDBC SQL-Shell 0.9.7 places a zero-length directory name in ...)
	- henplus <removed> (bug #598290)
CVE-2010-3357 (gnome-subtitles 1.0 places a zero-length directory name in the ...)
	- gnome-subtitles 1.0-2 (low; bug #598289)
	[lenny] - gnome-subtitles <no-dsa> (Minor issue)
CVE-2010-3356
	RESERVED
CVE-2010-3355 (Ember 0.5.7 places a zero-length directory name in the ...)
	- ember 0.5.7-1.1 (low; bug #598288)
CVE-2010-3354 (dropboxd in Dropbox 0.7.110 places a zero-length directory name in the ...)
	- dropbox 0.8.107-1 (low; bug #598287)
	[lenny] - dropbox <no-dsa> (Non-free not supported)
CVE-2010-3353 (Cowbell 0.2.7.1 places a zero-length directory name in the ...)
	- cowbell <not-affected> (See bug #598286)
CVE-2010-3352
	RESERVED
CVE-2010-3351 (startBristol in Bristol 0.60.5 places a zero-length directory name in ...)
	- bristol 0.60.5-2 (bug #598285)
CVE-2010-3350 (bareFTP 0.3.4 places a zero-length directory name in the ...)
	- bareftp 0.3.4-1.1 (bug #598284)
CVE-2010-3349 (Ardour 2.8.11 places a zero-length directory name in the ...)
	- ardour 1:2.8.11-2 (low; bug #598282)
CVE-2010-3348 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3347
	REJECTED
CVE-2010-3346 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3345 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3344
	REJECTED
CVE-2010-3343 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3342 (Microsoft Internet Explorer 6, 7, and 8 does not prevent rendering of ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3341
	REJECTED
CVE-2010-3340 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3339
	REJECTED
CVE-2010-3338 (The Windows Task Scheduler in Microsoft Windows Vista SP1 and SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3337 (Untrusted search path vulnerability in Microsoft Office 2007 SP2 and ...)
	NOT-FOR-US: Microsoft Office 2007 SP2
CVE-2010-3336 (Microsoft Office XP SP3, Office 2004 and 2008 for Mac, Office for Mac ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3335 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3334 (Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office ...)
	NOT-FOR-US: Microsoft Office XP SP3
CVE-2010-3333 (Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-3332 (Microsoft .NET Framework 1.1 SP1, 2.0 SP1 and SP2, 3.5, 3.5 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3331 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3330 (Microsoft Internet Explorer 6 through 8 does not properly restrict ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3329 (mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3328 (Use-after-free vulnerability in the CAttrArray::PrivateFind function ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3327 (The implementation of HTML content creation in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3326 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3325 (Microsoft Internet Explorer 6 through 8 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3324 (The toStaticHTML function in Microsoft Internet Explorer 8, and the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3323 (Splunk 4.0.0 through 4.1.4 allows remote attackers to conduct session ...)
	NOT-FOR-US: Splunk
CVE-2010-3322 (The XML parser in Splunk 4.0.0 through 4.1.4 allows remote ...)
	NOT-FOR-US: Splunk
CVE-2010-3321 (RSA Authentication Client 2.0.x, 3.0, and 3.5.x before 3.5.3 does not ...)
	NOT-FOR-US: RSA Authentication Client
CVE-2010-3320 (Open redirect vulnerability in IBM Records Manager (RM) 4.5.x before ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3319 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3318 (IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 transmits ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3317 (Cross-site scripting (XSS) vulnerability in IBM Records Manager (RM) ...)
	NOT-FOR-US: IBM Records Manager
CVE-2010-3316 (The run_coprocess function in pam_xauth.c in the pam_xauth module in ...)
	- pam 1.1.2-1 (unimportant; bug #599832)
	NOTE: partial fix http://git.altlinux.org/people/ldv/packages/?p=pam.git;a=commitdiff;h=06f882f30092a39a1db867c9744b2ca8d60e4ad6
	NOTE: Not exploitable with current kernels
CVE-2010-3315 (authz.c in the mod_dav_svn module for the Apache HTTP Server, as ...)
	{DSA-2118-1}
	- subversion 1.6.12dfsg-2 (low)
CVE-2010-3314 (Cross-site scripting (XSS) vulnerability in login.php in EGroupware ...)
	{DSA-2013-1}
	- egroupware <removed> (high; bug #573279)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3313 (phpgwapi/js/fckeditor/editor/dialog/fck_spellerpages/spellerpages/serverscripts/spellchecker.php ...)
	{DSA-2013-1}
	- egroupware <removed> (high; bug #573279)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
CVE-2010-3312 (Epiphany 2.28 and 2.29, when WebKit and LibSoup are used, ...)
	- epiphany-browser 2.29.91-1 (bug #564690)
	[lenny] - epiphany-browser <not-affected> (Introduced with the switch to webkit after Lenny release)
CVE-2010-3311 (Integer overflow in base/ftstream.c in libXft (aka the X FreeType ...)
	{DSA-2116-1}
	- freetype 2.4.0-1
	NOTE: Only the 2.3.x series is affected
CVE-2010-3310 (Multiple integer signedness errors in net/rose/af_rose.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-25
CVE-2010-3309
	REJECTED
CVE-2010-3308 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3307 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Free Simple CMS 1.0
CVE-2010-3305 [pixel CSRF]
	RESERVED
	- pixelpost <removed> (bug #597224)
CVE-2010-3304 (The ACL plugin in Dovecot 1.2.x before 1.2.13 propagates INBOX ACLs to ...)
	- dovecot 1.2.13-1
	[lenny] - dovecot <not-affected> (only affects 1.2.x)
CVE-2010-3303 (Multiple cross-site scripting (XSS) vulnerabilities in MantisBT before ...)
	- mantis 1.1.8+dfsg-8 (bug #599710)
	[lenny] - mantis 1.1.6+dfsg-2lenny3
CVE-2010-3302 (Buffer overflow in programs/pluto/xauth.c in the client in Openswan ...)
	- openswan 1:2.6.28+dfsg-2
	[lenny] - openswan <not-affected> (Introduced in version 2.6.25)
CVE-2010-3301 (The IA32 system call emulation functionality in ...)
	- linux-2.6 2.6.32-23
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.27)
CVE-2010-3300
	RESERVED
CVE-2010-3299 [ruby on rails: padding oracle attack]
	RESERVED
	- rails <unfixed> (unimportant)
	NOTE: http://seclists.org/oss-sec/2010/q3/415
	NOTE: http://seclists.org/oss-sec/2010/q3/413
	NOTE: http://usenix.org/events/woot10/tech/full_papers/Rizzo.pdf
CVE-2010-3298 (The hso_get_count function in drivers/net/usb/hso.c in the Linux ...)
	- linux-2.6 2.6.32-24
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
CVE-2010-3297 (The eql_g_master_cfg function in drivers/net/eql.c in the Linux kernel ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3296 (The cxgb_extension_ioctl function in drivers/net/cxgb3/cxgb3_main.c in ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3295 [drivers/net/tulip/de4x5.c: reading uninitialized stack memory]
	RESERVED
	NOTE: assigned to linux-2.6, but claimed not a problem: http://www.openwall.com/lists/oss-security/2010/09/15/2
	NOTE: will probably get rejected
CVE-2010-3291 (Cross-site scripting (XSS) vulnerability in HP AssetCenter 5.0x ...)
	NOT-FOR-US: HP AssetCenter
CVE-2010-3290 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3289 (Cross-site scripting (XSS) vulnerability in HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3288 (Cross-site request forgery (CSRF) vulnerability in HP Systems Insight ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3287 (Unspecified vulnerability on HP ProCurve Access Points, Access ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-3286 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 6.0 and ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-3285 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-3284 (Unspecified vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3283 (Open redirect vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3282
	RESERVED
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-3281 (Stack-based buffer overflow in the HTTP proxy service in ...)
	NOT-FOR-US: Alcatel-Lucent OmniVista
CVE-2010-3280 (The CCAgent option 9.0.8.4 and earlier in the management server (aka ...)
	NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center
CVE-2010-3279 (The default configuration of the CCAgent option before 9.0.8.4 in the ...)
	NOT-FOR-US: Alcatel-Lucent OmniTouch Contact Center
CVE-2010-3294 (Cross-site scripting (XSS) vulnerability in apc.php in the Alternative ...)
	- php-apc <unfixed> (unimportant)
	NOTE: vulnerable script is, mainly, for debugging purposes
	NOTE: and is distributed gzip-compressed
CVE-2010-3293 [mailscanner virus updates DoS]
	RESERVED
	- mailscanner <removed> (bug #596397; unimportant)
	NOTE: or even unimportant, the script is not used by default
CVE-2010-3292 [mailscanner may use spoofed data]
	RESERVED
	- mailscanner <removed> (bug #596396; low)
	[squeeze] - mailscanner <no-dsa> (Minor issue)
CVE-2010-3278
	REJECTED
CVE-2010-3277 (The installer in VMware Workstation 7.x before 7.1.2 build 301548 and ...)
	NOT-FOR-US: VMware Workstation
CVE-2010-3276 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
	{DSA-2211-1}
	- vlc 1.1.8-1
	NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3275 (libdirectx_plugin.dll in VideoLAN VLC Media Player before 1.1.8 allows ...)
	{DSA-2211-1}
	- vlc 1.1.8-1
	NOTE: fe44129dc6509b3347113ab0e1a0524af1e0dd11 in 1.1 branch
CVE-2010-3274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3273 (ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allows ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3272 (accounts/ValidateAnswers in the security-questions implementation in ...)
	NOT-FOR-US: ZOHO ManageEngine
CVE-2010-3271 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-3270 (Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before ...)
	NOT-FOR-US: Cisco WebEx Meeting Center
CVE-2010-3269 (Multiple stack-based buffer overflows in the Cisco WebEx Recording ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3268 (The GetStringAMSHandler function in prgxhndl.dll in hndlrsvc.exe in ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2010-3267 (Multiple SQL injection vulnerabilities in BugTracker.NET before 3.4.5 ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3266 (Multiple cross-site scripting (XSS) vulnerabilities in BugTracker.NET ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3265
	RESERVED
CVE-2010-3264 (The engine installer in Novell Identity Manager (aka IDM) 3.6.1 stores ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2010-3263 (Cross-site scripting (XSS) vulnerability in setup/frames/index.inc.php ...)
	- phpmyadmin 4:3.3.7-1 (low)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2010-3262 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.x before ...)
	NOT-FOR-US: flock
CVE-2010-3261 (Directory traversal vulnerability in RSA Authentication Agent 7.0 ...)
	NOT-FOR-US: RSA Authentication Agent 7.0 for Web
CVE-2010-3260 (oxf/xml/xerces/XercesSAXParserFactoryImpl.java in the xforms-server ...)
	NOT-FOR-US: Orbeon Forms
CVE-2010-3259 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3, ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44399
	NOTE: http://trac.webkit.org/changeset/65826
CVE-2010-3258 (The sandbox implementation in Google Chrome before 6.0.472.53 does not ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3257 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/65748
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44226
CVE-2010-3256 (Google Chrome before 6.0.472.53 does not properly limit the number of ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3255 (Google Chrome before 6.0.472.53 and webkitgtk before 1.2.6 do not ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43812
	NOTE: http://trac.webkit.org/changeset/66052
CVE-2010-3254 (The WebSockets implementation in Google Chrome before 6.0.472.53 does ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/65135
CVE-2010-3253 (The implementation of notification permissions in Google Chrome before ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (notifications not yet used in webkit)
	NOTE: http://trac.webkit.org/changeset/64647
	NOTE: http://trac.webkit.org/changeset/64651
CVE-2010-3252 (Use-after-free vulnerability in the Notifications presenter in Google ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (notifications not yet used in webkit)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43645
	NOTE: http://trac.webkit.org/changeset/65742
CVE-2010-3251 (The WebSockets implementation in Google Chrome before 6.0.472.53 ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3250 (Unspecified vulnerability in Google Chrome before 6.0.472.53 allows ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3249 (Google Chrome before 6.0.472.53 does not properly implement SVG ...)
	- chromium-browser 6.0.472.53~r57914-1
	NOTE: http://trac.webkit.org/changeset/60541
CVE-2010-3248 (Google Chrome before 6.0.472.53 does not properly restrict copying to ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-3247 (Google Chrome before 6.0.472.53 does not properly restrict the ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected>
	NOTE: chromium specific
CVE-2010-3246 (Google Chrome before 6.0.472.53 does not properly handle the _blank ...)
	- chromium-browser 6.0.472.53~r57914-1
	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34541
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44969
	NOTE: http://trac.webkit.org/changeset/66742
CVE-2010-3245 (The automated-backup functionality in Blackboard Transact Suite ...)
	NOT-FOR-US: Blackboard Transact Suite
CVE-2010-3244 (BbtsConnection_Edit.exe in Blackboard Transact Suite (formerly ...)
	NOT-FOR-US: Blackboard Transact Suite
CVE-2009-4997 (gnome-power-manager 2.27.92 does not properly implement the ...)
	- gnome-power-manager 2.28.0-1 (unimportant)
CVE-2009-4996 (** DISPUTED ** ...)
	NOTE: Disputed non-issue
CVE-2006-7240 (gnome-power-manager 2.14.0 does not properly implement the ...)
	- gnome-power-manager 2.28.0-1 (unimportant)
CVE-2010-3306 (Directory traversal vulnerability in the modURL function in instance.c ...)
	- weborf 0.12.3-1 (bug #596112)
CVE-2010-3243 (Cross-site scripting (XSS) vulnerability in the toStaticHTML function ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-3242 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3241 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3240 (Microsoft Excel 2002 SP3 and 2007 SP2; Excel Viewer SP2; and Office ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3239 (Microsoft Excel 2002 SP3 does not properly validate record ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3238 (Microsoft Excel 2002 SP3 and 2003 SP3, and Office 2004 for Mac, does ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3237 (Microsoft Excel 2002 SP3 and Office 2004 for Mac do not properly ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3236 (Microsoft Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3235 (Microsoft Excel 2002 SP3 does not properly validate formula ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3234 (Microsoft Excel 2002 SP3 does not properly validate formula ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3233 (Microsoft Excel 2002 SP3 and 2003 SP3 does not properly validate ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3232 (Microsoft Excel 2003 SP3 and 2007 SP2; Office 2004 and 2008 for Mac; ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3231 (Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3230 (Integer overflow in Microsoft Excel 2002 SP3 allows remote attackers ...)
	NOT-FOR-US: Microsoft Excel
CVE-2010-3229 (The Secure Channel (aka SChannel) security package in Microsoft ...)
	NOT-FOR-US: Microsoft OSes
CVE-2010-3228 (The JIT compiler in Microsoft .NET Framework 4.0 on 64-bit platforms ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-3227 (Stack-based buffer overflow in the UpdateFrameTitleForDocument method ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3226
	REJECTED
CVE-2010-3225 (Use-after-free vulnerability in the Media Player Network Sharing ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2010-3224
	REJECTED
CVE-2010-3223 (The user interface in Microsoft Cluster Service (MSCS) in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3222 (Stack-based buffer overflow in the Remote Procedure Call Subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-3221 (Microsoft Word 2002 SP3 and 2003 SP3, Office 2004 for Mac, and Word ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3220 (Unspecified vulnerability in Microsoft Word 2002 SP3 and Office 2004 ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3219 (Array index vulnerability in Microsoft Word 2002 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3218 (Heap-based buffer overflow in Microsoft Word 2002 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3217 (Double free vulnerability in Microsoft Word 2002 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3216 (Microsoft Word 2002 SP3 and Office 2004 for Mac allow remote attackers ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3215 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3214 (Stack-based buffer overflow in Microsoft Word 2002 SP3, 2003 SP3, 2007 ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3213 (Cross-site request forgery (CSRF) vulnerability in Microsoft Outlook ...)
	NOT-FOR-US: Microsoft Outlook Web Access
CVE-2010-3212 (SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier ...)
	NOT-FOR-US: Seagull
CVE-2010-3211 (Multiple SQL injection vulnerabilities in the JE FAQ Pro ...)
	NOT-FOR-US: Joomla addon
CVE-2010-3210 (Multiple PHP remote file inclusion vulnerabilities in Multi-lingual ...)
	NOT-FOR-US: Multi-lingual E-Commerce System
CVE-2010-3209 (Multiple PHP remote file inclusion vulnerabilities in Seagull 0.6.7 ...)
	NOT-FOR-US: Seagull
CVE-2010-3208 (Cross-site scripting (XSS) vulnerability in ajax.php in Wiccle Web ...)
	NOT-FOR-US: Wiccle Web Builder
CVE-2010-3207 (SQL injection vulnerability in index.php in GaleriaSHQIP 1.0, when ...)
	NOT-FOR-US: GaleriaSHQIP
CVE-2010-3206 (Multiple PHP remote file inclusion vulnerabilities in DiY-CMS 1.0 ...)
	NOT-FOR-US: DiY-CMS
CVE-2010-3205 (PHP remote file inclusion vulnerability in index.php in Textpattern ...)
	- textpattern <removed>
	[squeeze] - textpattern <no-dsa> (Minor issue)
CVE-2010-3204 (Multiple PHP remote file inclusion vulnerabilities in Pecio CMS 2.0.5 ...)
	NOT-FOR-US: Pecio CMS
CVE-2010-3203 (Directory traversal vulnerability in the PicSell (com_picsell) ...)
	NOT-FOR-US: PicSell
CVE-2010-3202 (Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 ...)
	NOT-FOR-US: flock
CVE-2010-3201 (Cross-site scripting (XSS) vulnerability in NetWin Surgemail before ...)
	NOT-FOR-US: NetWin Surgemail
CVE-2010-3200 (MSO.dll in Microsoft Word 2003 SP3 11.8326.11.8324 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-3199 (Untrusted search path vulnerability in TortoiseSVN 1.6.10, Build 19898 ...)
	NOT-FOR-US: TortoiseSVN
CVE-2010-3198 (ZServer in Zope 2.10.x before 2.10.12 and 2.11.x before 2.11.7 allows ...)
	- zope2.10 <removed>
	- zope2.11 <removed>
CVE-2010-3197 (IBM DB2 9.7 before FP2 does not perform the expected access control on ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3196 (IBM DB2 9.7 before FP2, when AUTO_REVAL is IMMEDIATE, allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3195 (Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3194 (The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3193 (Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2010-3192 (Certain run-time memory protection mechanisms in the GNU C Library ...)
	- eglibc <unfixed> (unimportant)
	NOTE: Minor information leak
CVE-2010-3191 (Untrusted search path vulnerability in Adobe Captivate 5.0.0.596, and ...)
	NOT-FOR-US: Adobe Captivate
CVE-2010-3190 (Untrusted search path vulnerability in the Microsoft Foundation Class ...)
	NOT-FOR-US: ATL MFC Trace Tool
CVE-2010-3189 (The extSetOwner function in the UfProxyBrowserCtrl ActiveX control ...)
	NOT-FOR-US: Trend Micro Internet Security Pro
CVE-2010-3188 (SQL injection vulnerability in search.aspx in BugTracker.NET 3.4.3 and ...)
	NOT-FOR-US: BugTracker.NET
CVE-2010-3187 (Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote ...)
	NOT-FOR-US: IBM AIX
CVE-2010-3186 (IBM WebSphere Application Server (WAS) 7.x before 7.0.0.13, and ...)
	NOT-FOR-US: WebSphere
CVE-2010-3185
	RESERVED
CVE-2010-3184
	RESERVED
CVE-2010-3183 (The LookupGetterOrSetter function in js3250.dll in Mozilla Firefox ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (bug in optimization added later)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3182 (A certain application-launch script in Mozilla Firefox before 3.5.14 ...)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel <not-affected> (run-mozilla.sh not used)
CVE-2010-3181 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.14 ...)
	- iceweasel <not-affected> (Windows-specific)
CVE-2010-3180 (Use-after-free vulnerability in the nsBarProp function in Mozilla ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <end-of-life>
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3179 (Stack-based buffer overflow in the text-rendering functionality in ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3178 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3177 (Multiple cross-site scripting (XSS) vulnerabilities in the Gopher ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3176 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3175 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- iceweasel <not-affected> (Only affects Firefox 3.6, which is only in experimental)
CVE-2010-3174 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2124-1}
	- xulrunner <removed> (unimportant)
	- icedove 3.0.9-1
	[lenny] - icedove <end-of-life>
	- iceweasel 3.5.14-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.9-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3173 (The SSL implementation in Mozilla Firefox before 3.5.14 and 3.6.x ...)
	{DSA-2123-1}
	- nss 3.12.8-1
CVE-2010-3172 (CRLF injection vulnerability in Bugzilla before 3.2.9, 3.4.x before ...)
	- bugzilla 3.6.3.0-1 (bug #602420; low)
	[squeeze] - bugzilla 3.6.2.0-4.2
CVE-2010-3171 (The Math.random function in the JavaScript implementation in Mozilla ...)
	NOTE: Will likely be rejected by MITRE
CVE-2010-3170 (Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird ...)
	{DSA-2123-1}
	- nss 3.12.8-1
	- kde4libs 4:4.4.5-4 (low)
	- qt4-x11 4:4.7.2-4 (low)
	[squeeze] - qt4-x11 4:4.6.3-4+squeeze1
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	[squeeze] - kde4libs 4:4.4.5-2+squeeze2
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2010-3169 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3168 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3167 (The nsTreeContentView function in Mozilla Firefox before 3.5.12 and ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3166 (Heap-based buffer overflow in the nsTextFrameUtils::TransformText ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- icedove 3.0.7-1
	[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-3165 (Untrusted search path vulnerability in Yokka NoEditor 1.33.1.1 and ...)
	NOT-FOR-US: Yokka NoEditor and others
CVE-2010-3164 (Untrusted search path vulnerability in Fenrir Sleipnir 2.9.4 and ...)
	NOT-FOR-US: Fenrir Sleipnir, Grani
CVE-2010-3163 (Untrusted search path vulnerability in Fenrir Sleipnir before 2.9.5 ...)
	NOT-FOR-US: Fenrir Sleipnir, Grani
CVE-2010-3162 (Untrusted search path vulnerability in Apsaly before 3.74 allows local ...)
	NOT-FOR-US: Apsaly
CVE-2010-3161 (Untrusted search path vulnerability in TeraPad before 1.00 allows ...)
	NOT-FOR-US: TeraPad
CVE-2010-3160 (Untrusted search path vulnerability in Archive Decoder 1.23 and ...)
	NOT-FOR-US: Archive Decoder
CVE-2010-3159 (Untrusted search path vulnerability in Explzh 5.67 and earlier allows ...)
	NOT-FOR-US: Explzh
CVE-2010-3158 (Untrusted search path vulnerability in Lhaplus before 1.58 allows ...)
	NOT-FOR-US: Lhaplus
CVE-2010-3157 (Untrusted search path vulnerability in XacRett before 50 allows ...)
	NOT-FOR-US: XacRett
CVE-2010-3156 (Untrusted search path vulnerability in K2 K2Editor before 1.5.9 allows ...)
	NOT-FOR-US: K2Editor
CVE-2010-3133 (Untrusted search path vulnerability in Wireshark 0.8.4 through 1.0.15 ...)
	- wireshark <not-affected> (Only affects Windows port)
CVE-2010-3131 (Untrusted search path vulnerability in Mozilla Firefox before 3.5.12 ...)
	- xulrunner <not-affected> (Only affects Windows port)
	- iceweasel <not-affected> (Only affects Windows port)
CVE-2010-3123
	RESERVED
CVE-2010-3155 (Untrusted search path vulnerability in Adobe ExtendScript Toolkit ...)
	NOT-FOR-US: Adobe ExtendedScript Toolkit
CVE-2010-3154 (Untrusted search path vulnerability in Adobe Extension Manager CS5 ...)
	NOT-FOR-US: Adobe Extension Manager
CVE-2010-3153 (Untrusted search path vulnerability in Adobe InDesign CS4 6.0, ...)
	NOT-FOR-US: Adobe InDesign
CVE-2010-3152 (Untrusted search path vulnerability in Adobe Illustrator CS4 14.0.0, ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2010-3151 (Untrusted search path vulnerability in Adobe On Location CS4 Build 315 ...)
	NOT-FOR-US: Adobe On Location
CVE-2010-3150 (Untrusted search path vulnerability in Adobe Premier Pro CS4 4.0.0 ...)
	NOT-FOR-US: Adobe Premier Pro
CVE-2010-3149 (Untrusted search path vulnerability in Adobe Device Central CS5 ...)
	NOT-FOR-US: Adobe Device Central
CVE-2010-3148 (Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft Visio
CVE-2010-3147 (Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in ...)
	NOT-FOR-US: Microsoft Address Book
CVE-2010-3146 (Multiple untrusted search path vulnerabilities in Microsoft Groove ...)
	NOT-FOR-US: Microsoft Office Groove
CVE-2010-3145 (Untrusted search path vulnerability in the BitLocker Drive Encryption ...)
	NOT-FOR-US: Microsoft Vista BitLocker
CVE-2010-3144 (Untrusted search path vulnerability in the Internet Connection Signup ...)
	NOT-FOR-US: Microsoft Internet Connection Signup Wizard
CVE-2010-3143 (Untrusted search path vulnerability in Microsoft Windows Contacts ...)
	NOT-FOR-US: Microsoft Windows Contacts
CVE-2010-3142 (Untrusted search path vulnerability in Microsoft Office PowerPoint ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-3141 (Untrusted search path vulnerability in Microsoft PowerPoint 2010 ...)
	NOT-FOR-US: Microsoft Power Point
CVE-2010-3140 (Untrusted search path vulnerability in Microsoft Windows Internet ...)
	NOT-FOR-US: Microsoft Windows Internet Communication Settings
CVE-2010-3139 (Untrusted search path vulnerability in Microsoft Windows Progman Group ...)
	NOT-FOR-US: Microsoft Windows Progman Group Converter
CVE-2010-3138 (Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-3137 (Untrusted search path vulnerability in Nullsoft Winamp 5.581, and ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2010-3136 (Untrusted search path vulnerability in Skype 4.2.0.169 and earlier ...)
	NOT-FOR-US: Skype
CVE-2010-3135 (Untrusted search path vulnerability in Cisco Packet Tracer 5.2 allows ...)
	NOT-FOR-US: Cisco Packet Tracer
CVE-2010-3134 (Untrusted search path vulnerability in Google Earth 5.1.3535.3218 ...)
	NOT-FOR-US: Google Earth
CVE-2010-3132 (Untrusted search path vulnerability in Adobe Dreamweaver CS5 11.0 ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2010-3130 (Untrusted search path vulnerability in TechSmith Snagit 10 (Build 788) ...)
	NOT-FOR-US: TechSmith Snagit
CVE-2010-3129 (Untrusted search path vulnerability in uTorrent 2.0.3 and earlier ...)
	NOT-FOR-US: uTorrent
CVE-2010-3128 (Untrusted search path vulnerability in TeamViewer 5.0.8703 and earlier ...)
	NOT-FOR-US: TeamViewer
CVE-2010-3127 (Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 ...)
	NOT-FOR-US: Adobe PhotoShop
CVE-2010-3126 (Untrusted search path vulnerability in avast! Free Antivirus version ...)
	NOT-FOR-US: avast! Free Antivirus version
CVE-2010-3125 (Untrusted search path vulnerability in TeamMate Audit Management ...)
	NOT-FOR-US: TeamMate Audit Management Software Suite
CVE-2010-3122 (The DevonIT thin-client management tool relies on a shared secret for ...)
	NOT-FOR-US: DevonIT thin-client management tool
CVE-2010-3121 (Buffer overflow in tm-console-bin in the DevonIT thin-client ...)
	NOT-FOR-US: DevonIT thin-client management tool
CVE-2009-4995 (Cross-site scripting (XSS) vulnerability in frmTickets.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterTrack
CVE-2009-4994 (Cross-site scripting (XSS) vulnerability in frmKBSearch.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterTrack
CVE-2009-4993 (PHP remote file inclusion vulnerability in home.php in LM Starmail ...)
	NOT-FOR-US: LM Starmail Paidmail
CVE-2009-4992 (SQL injection vulnerability in paidbanner.php in LM Starmail Paidmail ...)
	NOT-FOR-US: LM Starmail Paidmail
CVE-2009-4991 (Cross-site scripting (XSS) vulnerability in users/resume_register.php ...)
	NOT-FOR-US: Omnistar Recruiting
CVE-2009-4990 (Cross-site scripting (XSS) vulnerability in the Webform report module ...)
	NOT-FOR-US: Webform report module for Drupal
CVE-2009-4989 (Cross-site scripting (XSS) vulnerability in index.php in AJ Auction ...)
	NOT-FOR-US: AJ Auction Pro OOPD
CVE-2009-4988 (Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business ...)
	NOT-FOR-US: SAP Business One
CVE-2009-4987 (admin/header.php in Scripteen Free Image Hosting Script 2.3 allows ...)
	NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-4986 (Directory traversal vulnerability in index.php in In-Portal 4.3.1, ...)
	NOT-FOR-US: In-Portal
CVE-2009-4985 (SQL injection vulnerability in browse.php in Accessories Me PHP ...)
	NOT-FOR-US: Accessories Me PHP Affiliate Script
CVE-2009-4984 (Multiple cross-site scripting (XSS) vulnerabilities in Accessories Me ...)
	NOT-FOR-US: Accessories Me PHP Affiliate Script
CVE-2009-4983 (Multiple cross-site scripting (XSS) vulnerabilities in Silurus ...)
	NOT-FOR-US: Silurus Classifieds
CVE-2009-4982 (SQL injection vulnerability in the select function in Irokez CMS ...)
	NOT-FOR-US: Irokez CMS
CVE-2009-4981 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4980 (Multiple cross-site scripting (XSS) vulnerabilities in Photokorn ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4979 (Multiple SQL injection vulnerabilities in search.php in Photokorn ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2009-4978 (Directory traversal vulnerability in down.php in MyBackup 1.4.0 allows ...)
	NOT-FOR-US: MyBackup
CVE-2009-4977 (PHP remote file inclusion vulnerability in index.php in MyBackup 1.4.0 ...)
	NOT-FOR-US: MyBackup
CVE-2010-3124 (Untrusted search path vulnerability in bin/winvlc.c in VLC Media ...)
	- vlc <not-affected> (Windows specific vulnerability)
CVE-2010-3120 (Google Chrome before 5.0.375.127 does not properly implement the ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43776
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39879
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=44096
	NOTE: http://trac.webkit.org/changeset/65329
	NOTE: http://trac.webkit.org/changeset/65325
CVE-2010-3119 (Google Chrome before 5.0.375.127 and webkitgtk before 1.2.6 do not ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43795
	NOTE: http://trac.webkit.org/changeset/65090
CVE-2010-3118 (The autosuggest feature in the Omnibox implementation in Google Chrome ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3117 (Google Chrome before 5.0.375.127 does not properly implement the ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3116 (Multiple use-after-free vulnerabilities in WebKit, as used in Apple ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/64293
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43147
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43888
	NOTE: http://trac.webkit.org/changeset/65280 vulnerable code not present in 1.2 series
CVE-2010-3115 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.6, does not ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/63925
	NOTE: http://trac.webkit.org/changeset/64077
	NOTE: only partially fixed: only 64077 applied in 1.2.4-1
CVE-2010-3114 (The text-editing implementation in Google Chrome before 5.0.375.127, ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42655
	NOTE: http://trac.webkit.org/changeset/63773
CVE-2010-3113 (Google Chrome before 5.0.375.127, and webkitgtk before 1.2.5, does not ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=42659
	NOTE: http://trac.webkit.org/changeset/63865
CVE-2010-3112 (Google Chrome before 5.0.375.127 does not properly implement file ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 5.0.375.127~r55887-1
CVE-2010-3111 (Google Chrome before 6.0.472.53 does not properly mitigate an ...)
	- chromium-browser 5.0.375.127~r55887-1
	- webkit <not-affected> (chromium specific)
CVE-2010-3110 (Multiple buffer overflows in the Novell Client novfs module for the ...)
	NOT-FOR-US: novfs kernel module (only included in SUSE it seems)
CVE-2010-2948 (Stack-based buffer overflow in the bgp_route_refresh_receive function ...)
	{DSA-2104-1}
	- quagga 0.99.17-1 (bug #594262)
CVE-2010-2949 (bgpd in Quagga before 0.99.17 does not properly parse AS paths, which ...)
	{DSA-2104-1}
	- quagga 0.99.17-1 (bug #594262)
CVE-2010-3109 (Stack-based buffer overflow in the browser plugin in Novell iPrint ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3108 (Buffer overflow in the browser plugin in Novell iPrint Client before ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3107 (A certain ActiveX control in ienipp.ocx in the browser plugin in ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3106 (The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3105 (The PluginGetDriverFile function in Novell iPrint Client before 5.44 ...)
	NOT-FOR-US: browser plugin in Novell iPrint Client
CVE-2010-3104 (Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, ...)
	NOT-FOR-US: DeskShare AutoFTP Manager
CVE-2010-3103 (Directory traversal vulnerability in FTPGetter Team FTPGetter ...)
	NOT-FOR-US: FTPGetter
CVE-2010-3102 (Directory traversal vulnerability in SiteDesigner Technologies, Inc. ...)
	NOT-FOR-US: SiteDesigner Technologies
CVE-2010-3101 (Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 ...)
	NOT-FOR-US: FTPx Corp FTP Explorer
CVE-2010-3100 (Directory traversal vulnerability in Porta+ FTP Client 4.1, and ...)
	NOT-FOR-US: Porta+ FTP Client
CVE-2010-3099 (Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client ...)
	NOT-FOR-US: SmartSoft Ltd SmartFTP
CVE-2010-3098 (Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 ...)
	NOT-FOR-US: IoRush Software FTP Rush
CVE-2010-3097 (Directory traversal vulnerability in WinFrigate Frigate 3 FTP client ...)
	NOT-FOR-US: WinFrigate Frigate 3 FTP
CVE-2010-3096 (Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly ...)
	NOT-FOR-US: SoftX FTP Client 3.3
CVE-2010-3095 [mailscanner incomplete fix for CVE-2008-5313]
	RESERVED
	- mailscanner 4.79.11-2.1 (bug #596403)
CVE-2010-3094 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3093 (The comment module in Drupal 5.x before 5.23 and 6.x before 6.18 ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3092 (The upload module in Drupal 5.x before 5.23 and 6.x before 6.18 does ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3091 (The OpenID module in Drupal 6.x before 6.18, and the OpenID module 5.x ...)
	{DSA-2113-1}
	- drupal6 6.18-1 (low; bug #592716)
CVE-2010-3090
	REJECTED
CVE-2010-3089 (Multiple cross-site scripting (XSS) vulnerabilities in GNU Mailman ...)
	{DSA-2170-1}
	- mailman 1:2.1.13-4.1 (bug #599833)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id={631881,631859}
CVE-2010-3088 (The notify function in pidgin-knotify.c in the pidgin-knotify plugin ...)
	NOT-FOR-US: Knotify plugin for Pidgin
CVE-2010-3087 (LibTIFF before 3.9.2-5.2.1 in SUSE openSUSE 11.3 allows remote ...)
	- tiff 3.9.4-5 (bug #600188)
	- tiff3 <not-affected> (fixed before initial upload)
	[lenny] - tiff <not-affected> (Vulnerable code not present)
CVE-2010-3086 (include/asm-x86/futex.h in the Linux kernel before 2.6.25 does not ...)
	- linux-2.6 2.6.25-1
CVE-2010-3085 (The network-play implementation in Mednafen before 0.8.D might allow ...)
	- mednafen 0.8.D-1 (unimportant)
	NOTE: Extremely obscure attack vector, marking as unimportant
CVE-2010-3084 (Buffer overflow in the niu_get_ethtool_tcam_all function in ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.30)
CVE-2010-3083 (sys/ssl/SslSocket.cpp in qpidd in Apache Qpid, as used in Red Hat ...)
	- qpid-cpp <not-affected> (Fixed before initial upload to archive)
CVE-2010-3082 (Cross-site scripting (XSS) vulnerability in Django 1.2.x before 1.2.2 ...)
	- python-django 1.2.3-1 (low; bug #596205)
	NOTE: http://www.djangoproject.com/weblog/2010/sep/08/security-release/
CVE-2010-3081 (The compat_alloc_user_space functions in include/asm/compat.h files in ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-23 (high)
CVE-2010-3080 (Double free vulnerability in the snd_seq_oss_open function in ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-24
CVE-2010-3079 (kernel/trace/ftrace.c in the Linux kernel before 2.6.35.5, when ...)
	- linux-2.6 2.6.32-24
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.30)
CVE-2010-3078 (The xfs_ioc_fsgetxattr function in fs/xfs/linux-2.6/xfs_ioctl.c in the ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-24
CVE-2010-3077 (Cross-site scripting (XSS) vulnerability in util/icon_browser.php in ...)
	{DSA-2278-1}
	- horde3 3.3.8+debian0-2 (bug #598582)
	NOTE: http://seclists.org/fulldisclosure/2010/Sep/82
CVE-2010-3076 (The filter function in php/src/include.php in Simple Management for ...)
	{DSA-2103-1}
	- smbind 0.4.7-5 (high)
	NOTE: http://packetstormsecurity.org/1009-exploits/smbind-sql.txt
CVE-2010-3075 (EncFS before 1.7.0 encrypts multiple blocks by means of the CFB cipher ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Not backportable, breaks backwards-compatibility)
CVE-2010-3074 (SSL_Cipher.cpp in EncFS before 1.7.0 uses an improper combination of ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Minor issue)
CVE-2010-3073 (SSL_Cipher.cpp in EncFS before 1.7.0 does not properly handle integer ...)
	- encfs 1.7.2-1 (bug #595998)
	[lenny] - encfs <no-dsa> (Minor issue)
CVE-2010-3072 (The string-comparison functions in String.cci in Squid 3.x before ...)
	{DSA-2111-1}
	- squid3 3.1.6-1.1 (bug #596086; low)
	- squid <not-affected> (Only affects 3.x)
CVE-2010-3071 (bip before 0.8.6 allows remote attackers to cause a denial of service ...)
	- bip 0.8.6-1 (low; bug #595409)
	[lenny] - bip <not-affected> (vulnerable code ('LINK(lc)->name') not in 0.7.4-2)
	[squeeze] - bip 0.8.2-1squeeze2
CVE-2010-3070 (Cross-site scripting (XSS) vulnerability in NuSOAP 0.9.5, as used in ...)
	- nusoap 0.7.3-4 (low; bug #595248)
CVE-2010-3069 (Stack-based buffer overflow in the (1) sid_parse and (2) dom_sid_parse ...)
	{DSA-2109-1}
	- samba 2:3.5.5~dfsg-1 (bug #596891)
CVE-2010-3068
	REJECTED
CVE-2010-3067 (Integer overflow in the do_io_submit function in fs/aio.c in the Linux ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-24
CVE-2010-3066 (The io_submit_one function in fs/aio.c in the Linux kernel before ...)
	- linux-2.6 2.6.23-1
CVE-2010-3064 (Stack-based buffer overflow in the php_mysqlnd_auth_write function in ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3063 (The php_mysqlnd_read_error_from_line function in the Mysqlnd extension ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3062 (mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through ...)
	- php5 <removed> (unimportant)
	NOTE: mysqlnd not used in squeeze/sid
CVE-2010-3061 (Unspecified vulnerability in the message-protocol implementation in ...)
	NOT-FOR-US: Tivoli
CVE-2010-3060 (Unspecified vulnerability in the message-protocol implementation in ...)
	NOT-FOR-US: Tivoli
CVE-2010-3059 (Buffer overflow in the message-protocol implementation in the Server ...)
	NOT-FOR-US: Tivoli
CVE-2010-3058 (The Mount service in IBM Tivoli Storage Manager (TSM) FastBack 5.x.x ...)
	NOT-FOR-US: Tivoli
CVE-2010-3065 (The default session serializer in PHP 5.2 through 5.2.13 and 5.3 ...)
	{DSA-2089-1}
	- php5 5.3.3-1
CVE-2010-3057
	RESERVED
CVE-2010-3054 (Unspecified vulnerability in FreeType 2.3.9, and other versions before ...)
	- freetype 2.4.2-1 (unimportant)
CVE-2010-3053 (bdf/bdflib.c in FreeType before 2.4.2 allows remote attackers to cause ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-3056 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-2097-2 DSA-2097-1}
	- phpmyadmin 4:3.3.5.1-1
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
CVE-2010-3055 (The configuration setup script (aka scripts/setup.php) in phpMyAdmin ...)
	{DSA-2097-2 DSA-2097-1}
	- phpmyadmin 4:3.0.0
	NOTE: Affects only 2.x branch
CVE-2010-3052
	RESERVED
CVE-2010-3051
	RESERVED
CVE-2010-3050 (Cisco IOS before 12.2(33)SXI allows remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2010-3049 (Cisco IOS before 12.2(33)SXI allows local users to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2010-3048
	RESERVED
CVE-2010-3047
	RESERVED
CVE-2010-3046
	RESERVED
CVE-2010-3045
	RESERVED
CVE-2010-3044 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3043 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3042 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3041 (Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) ...)
	NOT-FOR-US: Cisco WebEx
CVE-2010-3040 (Multiple stack-based buffer overflows in agent.exe in Setup Manager in ...)
	NOT-FOR-US: Cisco Intelligent Contact Manager
CVE-2010-3039 (/usr/local/cm/bin/pktCap_protectData in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-3038 (Cisco Unified Videoconferencing (UVC) System 5110 and 5115, when the ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-3037 (goform/websXMLAdminRequestCgi.cgi in Cisco Unified Videoconferencing ...)
	NOT-FOR-US: Cisco Unified Videoconferencing
CVE-2010-3036 (Multiple buffer overflows in the authentication functionality in the ...)
	NOT-FOR-US: Cisco
CVE-2010-3035 (Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2010-3034 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...)
	NOT-FOR-US: Cisco
CVE-2010-3033 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...)
	NOT-FOR-US: Cisco
CVE-2010-3032 (Integer overflow in the OBGIOPServerWorker::extractHeader function in ...)
	NOT-FOR-US: SAP Crystal Reports 2008
CVE-2010-3031 (Buffer overflow in Wyse ThinOS HF 4.4.079i, and possibly other ...)
	NOT-FOR-US: Wyse ThinOS
CVE-2010-3030 (Cross-site request forgery (CSRF) vulnerability in Tomaz Muraus Open ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3029 (SQL injection vulnerability in statistics.php in PHPKick 0.8 allows ...)
	NOT-FOR-US: PHPKick
CVE-2010-3028 (The Aardvertiser component before 2.2.1 for Joomla! uses insecure ...)
	NOT-FOR-US: Joomla!
CVE-2010-3027 (SQL injection vulnerability in index.php in Tycoon Baseball Script ...)
	NOT-FOR-US: Tycoon Baseball Script
CVE-2010-3026 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3025 (Multiple cross-site scripting (XSS) vulnerabilities in Tomaz Muraus ...)
	NOT-FOR-US: Tomaz Muraus Open Blog
CVE-2010-3024 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: DiamondList
CVE-2010-3023 (Multiple cross-site scripting (XSS) vulnerabilities in DiamondList ...)
	NOT-FOR-US: DiamondList
CVE-2010-3022 (Cross-site scripting (XSS) vulnerability in the Performance logging ...)
	NOT-FOR-US: Drupal Addon
CVE-2010-3021 (Unspecified vulnerability in Opera before 10.61 allows remote ...)
	NOT-FOR-US: Opera
CVE-2010-3020 (The news-feed preview feature in Opera before 10.61 does not properly ...)
	NOT-FOR-US: Opera
CVE-2010-3019 (Heap-based buffer overflow in Opera before 10.61 allows remote ...)
	NOT-FOR-US: Opera
CVE-2010-3018 (RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before ...)
	NOT-FOR-US: RSA Access Manager
CVE-2010-3017 (Unspecified vulnerability in RSA Access Manager Agent 4.7.1 before ...)
	NOT-FOR-US: RSA Access Manager
CVE-2010-3016
	REJECTED
CVE-2010-3013 (SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 ...)
	NOT-FOR-US: Pligg
CVE-2010-3012 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3011 (CRLF injection vulnerability in HP System Management Homepage (SMH) ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3010 (Cross-site scripting (XSS) vulnerability on the HP 3Com OfficeConnect ...)
	NOT-FOR-US: HP 3Com OfficeConnect
CVE-2010-3009 (Unspecified vulnerability in HP System Management Homepage (SMH) for ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-3008 (Unspecified vulnerability in HP Data Protector Express, and Data ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2010-3007 (Unspecified vulnerability in HP Data Protector Express, and Data ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2010-3006 (Unspecified vulnerability on the HP ProLiant G6 Lights-Out 100 Remote ...)
	NOT-FOR-US: HP ProLiant G6 Lights-Out
CVE-2010-3005 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
	NOT-FOR-US: HP Operations Agents
CVE-2010-3004 (Unspecified vulnerability in HP Operations Agent 7.36 and 8.6 on ...)
	NOT-FOR-US: HP Operations Agents
CVE-2010-3003 (Cross-site scripting (XSS) vulnerability in HP Insight Diagnostics ...)
	NOT-FOR-US: HP Insight Diagnostics Online Edition
CVE-2010-3002 (Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-3001 (Unspecified vulnerability in an ActiveX control in the Internet ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-3000 (Multiple integer overflows in the ParseKnownType function in ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2999 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2998 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 and ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-2997 (Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2996 (Array index error in RealNetworks RealPlayer 11.0 through 11.1 on ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2991 (The IICAClient interface in the ICAClient library in the ICA Client ...)
	NOT-FOR-US: Citrix ICA Client
CVE-2010-2990 (Citrix Online Plug-in for Windows for XenApp &amp; XenDesktop before 11.2, ...)
	NOT-FOR-US: Citrix ICA Client
CVE-2010-2989 (nessusd_www_server.nbin in the Nessus Web Server plugin 1.2.4 for ...)
	NOT-FOR-US: Nessus
CVE-2010-2988 (Cross-site scripting (XSS) vulnerability in Cisco Unified Wireless ...)
	NOT-FOR-US: Cisco
CVE-2010-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Wireless ...)
	NOT-FOR-US: Cisco
CVE-2010-2986 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cisco
CVE-2010-2985 (Multiple cross-site scripting (XSS) vulnerabilities in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2984 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...)
	NOT-FOR-US: Cisco
CVE-2010-2983 (The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless ...)
	NOT-FOR-US: Cisco
CVE-2010-2982 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-2981 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-2980 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...)
	NOT-FOR-US: Cisco
CVE-2010-2979 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 on ...)
	NOT-FOR-US: Cisco
CVE-2010-2978 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
	NOT-FOR-US: Cisco
CVE-2010-2977 (Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 does ...)
	NOT-FOR-US: Cisco
CVE-2010-2976 (The controller in Cisco Unified Wireless Network (UWN) Solution 7.x ...)
	NOT-FOR-US: Cisco
CVE-2010-2975 (Cisco Unified Wireless Network (UWN) Solution 7.x through 7.0.98.0 ...)
	NOT-FOR-US: Cisco
CVE-2010-2974 (Stack-based buffer overflow in the IConfigurationAccess interface in ...)
	NOT-FOR-US: Wonderware Application Server
CVE-2010-2973 (Integer overflow in IOSurface in Apple iOS before 4.0.2 on the iPhone ...)
	NOT-FOR-US: Apple
CVE-2010-2972
	REJECTED
CVE-2008-7260
	RESERVED
CVE-2008-7259
	RESERVED
CVE-2010-3014 (The Coda filesystem kernel module, as used in NetBSD and FreeBSD, when ...)
	- kfreebsd-7 <unfixed>
	- kfreebsd-8 8.1-5
	- kfreebsd-9 <not-affected> (fixed prior to first upload)
	- kfreebsd-10 <not-affected> (fixed prior to first upload)
CVE-2010-3015 (Integer overflow in the ext4_ext_get_blocks function in ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-22
CVE-2010-2995 (The SigComp Universal Decompressor Virtual Machine (UDVM) in Wireshark ...)
	{DSA-2101-1}
	- wireshark 1.2.10-1
CVE-2010-2992 (packet-gsm_a_rr.c in the GSM A RR dissector in Wireshark 1.2.2 through ...)
	- wireshark 1.2.10-1
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2994 (Stack-based buffer overflow in the ASN.1 BER dissector in Wireshark ...)
	{DSA-2101-1}
	- wireshark 1.2.10-1
CVE-2010-2993 (The IPMI dissector in Wireshark 1.2.0 through 1.2.9 allows remote ...)
	- wireshark 1.2.10-1
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2010-2971 (loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly ...)
	{DSA-2081-1}
	- libmikmod 3.1.11-6.3
CVE-2010-2970 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.9.x ...)
	- moin 1.9.3-1 (low)
CVE-2010-2969 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...)
	- moin 1.9.3-1
CVE-2010-2968 (The FTP daemon in Wind River VxWorks does not close the TCP connection ...)
	NOT-FOR-US: vxworks
CVE-2010-2967 (The loginDefaultEncrypt algorithm in loginLib in Wind River VxWorks ...)
	NOT-FOR-US: vxworks
CVE-2010-2966 (The INCLUDE_SECURITY functionality in Wind River VxWorks 6.x, 5.x, and ...)
	NOT-FOR-US: vxworks
CVE-2010-2965 (The WDB target agent debug service in Wind River VxWorks 6.x, 5.x, and ...)
	NOT-FOR-US: vxworks
CVE-2010-2964
	RESERVED
CVE-2010-2963 (drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) ...)
	{DSA-2126-1}
	- linux-2.6 2.6.32-26
CVE-2010-2962 (drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2961 (mountall.c in mountall before 2.15.2 uses 0666 permissions for the ...)
	NOT-FOR-US: mountall
CVE-2010-2960 (The keyctl_session_to_parent function in security/keys/keyctl.c in the ...)
	- linux-2.6 2.6.32-23
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-2959 (Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-20
CVE-2010-2958 (Cross-site scripting (XSS) vulnerability in libraries/Error.class.php ...)
	- phpmyadmin 4:3.3.6-1
	[lenny] - phpmyadmin <not-affected> (only affects 3.x)
	NOTE: http://www.phpmyadmin.net/home_page/security/PMASA-2010-6.php
CVE-2010-2957 (Cross-site scripting (XSS) vulnerability in Serendipity before 1.5.4, ...)
	- serendipity 1.5.3-2 (bug #594905)
CVE-2010-2956 (Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not ...)
	- sudo 1.7.4p4-1 (bug #595935)
	[lenny] - sudo <not-affected> (Only affects 1.7.x)
	NOTE: http://www.sudo.ws/sudo/alerts/runas_group.html
CVE-2010-2955 (The cfg80211_wext_giwessid function in net/wireless/wext-compat.c in ...)
	- linux-2.6 2.6.32-23
CVE-2010-2954 (The irda_bind function in net/irda/af_irda.c in the Linux kernel ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-22
CVE-2010-2953 (Untrusted search path vulnerability in a certain Debian GNU/Linux ...)
	{DSA-2107-1}
	- couchdb 0.11.0-1 (low; bug #594412)
CVE-2010-2952 (Apache Traffic Server before 2.0.1, and 2.1.x before 2.1.2-unstable, ...)
	- trafficserver <not-affected> (Fixed before initial release)
CVE-2010-2951 (dns_internal.cc in Squid 3.1.6, when IPv6 DNS resolution is not ...)
	- squid3 3.1.6-1.2 (bug #599709)
	[lenny] - squid3 <not-affected> (vulnerable code introduced in 3.1.6)
	NOTE: http://marc.info/?l=squid-users&m=128263555724981&w=2
CVE-2010-2950 (Format string vulnerability in stream.c in the phar extension in PHP ...)
	- php5 5.3.3-2 (low)
	[lenny] - php5 <not-affected> (phar extension introduced in 5.3)
CVE-2010-2947 (Heap-based buffer overflow in the HX_split function in string.c in ...)
	- libhx 3.5-2 (low; bug #594393)
	[lenny] - libhx <no-dsa> (Minor issue, asked maintainer to fix through spu)
CVE-2010-2946 (fs/jfs/xattr.c in the Linux kernel before 2.6.35.2 does not properly ...)
	- linux-2.6 2.6.32-21
	[lenny] - linux-2.6 2.6.26-25
CVE-2010-2945 (The default configuration of SLiM before 1.3.2 places ./ (dot slash) ...)
	- slim 1.3.1-7 (low; bug #594414)
	[lenny] - slim 1.3.0-1+lenny3
CVE-2010-2944 (The authenticate function in LDAPUserFolder/LDAPUserFolder.py in ...)
	{DSA-2096-1}
	- zope-ldapuserfolder <removed> (high; bug #593466)
CVE-2010-2943 (The xfs implementation in the Linux kernel before 2.6.35 does not look ...)
	- linux-2.6 2.6.37-1
	[wheezy] - linux-2.6 2.6.32-31
	[squeeze] - linux-2.6 2.6.32-31
	[lenny] - linux-2.6 <not-affected> (test case fails on 2.6.26)
CVE-2010-2942 (The actions implementation in the network queueing functionality in ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 2.6.26-25
CVE-2010-2941 (ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate ...)
	{DSA-2176-1}
	- cups 1.4.4-7 (bug #603344)
CVE-2010-2940 (The auth_send function in providers/ldap/ldap_auth.c in System ...)
	- sssd 1.2.1-4 (bug #594413)
CVE-2010-2939 (Double free vulnerability in the ssl3_get_key_exchange function in the ...)
	{DSA-2100-1}
	- openssl 0.9.8o-2 (low; bug #594415)
CVE-2010-2938 (arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure ...)
	- linux-2.6 <not-affected> (affected code not present in any of the released kernels; only affects xen package itself)
	- xen 4.0.1-1
	NOTE: probably fixed well before this version, but this is the one i checked and its fixed
CVE-2010-2937 (The ReadMetaFromId3v2 function in taglib.cpp in the TagLib plugin in ...)
	- vlc 1.1.3-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
CVE-2010-2936 (Integer overflow in simpress.bin in the Impress module in ...)
	{DSA-2099-1}
	- openoffice.org 1:3.2.1-6
CVE-2010-2935 (simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x ...)
	{DSA-2099-1}
	- openoffice.org 1:3.2.1-6
CVE-2010-2934 (Multiple unspecified vulnerabilities in ZNC 0.092 allow remote ...)
	- znc 0.092-2 (unimportant; bug #599708)
CVE-2010-2933 (SQL injection vulnerability in AV Scripts AV Arcade 3 allows remote ...)
	NOT-FOR-US: AV Arcade
CVE-2010-2932 (Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control ...)
	NOT-FOR-US: BarCodeWiz BarCode
CVE-2010-2931 (Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows ...)
	NOT-FOR-US: SigPlus Pro activex control
CVE-2010-2930 (Multiple stack-based buffer overflows in hsolinkcontrol in hsolink ...)
	- hsolink <removed>
CVE-2010-2929 (Untrusted search path vulnerability in hsolinkcontrol in hsolink ...)
	- hsolink <removed>
CVE-2010-2928 (The vCenter Tomcat Management Application in VMware vCenter Server 4.1 ...)
	NOT-FOR-US: VMware vCenter Server
CVE-2010-2927 (The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) ...)
	NOT-FOR-US: Tivoli
CVE-2009-4976 (Cross-site scripting (XSS) vulnerability in webkitpart.cpp in ...)
	- webkitkde 0.4svn1059630-1
CVE-2009-4975 (Cross-site scripting (XSS) vulnerability in webview.cpp in ...)
	- rekonq 0.5.0-1
CVE-2010-2926 (SQL injection vulnerability in index.php in sNews 1.7 allows remote ...)
	NOT-FOR-US: sNews CMS
CVE-2010-2925 (SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 ...)
	NOT-FOR-US: OpenFreeway
CVE-2010-2924 (SQL injection vulnerability in myLDlinker.php in the myLinksDump ...)
	NOT-FOR-US: myLinksDump WordPress plugin
CVE-2010-2923 (SQL injection vulnerability in the YouTube (com_youtube) component 1.5 ...)
	NOT-FOR-US: com_youtube Joomla extension
CVE-2010-2922 (SQL injection vulnerability in default.asp in AKY Blog allows remote ...)
	NOT-FOR-US: Aspindir AKY Blog
CVE-2010-2921 (SQL injection vulnerability in the Golf Course Guide ...)
	NOT-FOR-US: Joomla Component com_golfcourseguide
CVE-2010-2920 (Directory traversal vulnerability in the Foobla Suggestions ...)
	NOT-FOR-US: Joomla Component Foobla Suggestions
CVE-2010-2919 (SQL injection vulnerability in the StaticXT (com_staticxt) component ...)
	NOT-FOR-US: Joomla Component StaticXT
CVE-2010-2918 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Joomla Component Visites
CVE-2010-2917 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ ...)
	NOT-FOR-US: AJ square
CVE-2010-2916 (SQL injection vulnerability in news.php in AJ Square AJ HYIP MERIDIAN ...)
	NOT-FOR-US: AJ square
CVE-2010-2915 (SQL injection vulnerability in welcome.php in AJ Square AJ HYIP PRIME ...)
	NOT-FOR-US: AJ square
CVE-2010-2914 (Cross-site scripting (XSS) vulnerability in nessusd_www_server.nbin in ...)
	NOT-FOR-US: Nessus plugin
CVE-2010-2913 (The Citibank Citi Mobile app before 2.0.3 for iOS stores account data ...)
	NOT-FOR-US: Citibank Citi Mobile app
CVE-2010-2912 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 ...)
	NOT-FOR-US: Kayako eSupport
CVE-2010-2911 (SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 ...)
	NOT-FOR-US: Kayako eSupport
CVE-2010-2910 (SQL injection vulnerability in the Ozio Gallery (com_oziogallery) ...)
	NOT-FOR-US: Ozio Gallery
CVE-2010-2909 (SQL injection vulnerability in ttvideo.php in the TTVideo ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2908 (SQL injection vulnerability in the Joomdle (com_joomdle) component ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2907 (SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2906 (SQL injection vulnerability in articlesdetails.php in ScriptsFeed and ...)
	NOT-FOR-US: ScriptsFeed / BrotherScripts
CVE-2010-2905 (SQL injection vulnerability in info.php in ScriptsFeed and ...)
	NOT-FOR-US: ScriptsFeed / BrotherScripts
CVE-2010-2904 (Multiple cross-site scripting (XSS) vulnerabilities in the System ...)
	NOT-FOR-US: System Landscape Directory
CVE-2010-2903 (Google Chrome before 5.0.375.125 performs unexpected truncation and ...)
	- webkit <not-affected> (Chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2902 (The SVG implementation in Google Chrome before 5.0.375.125 allows ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41621
	NOTE: http://trac.webkit.org/changeset/62662
	NOTE: duplicate of cve-2010-1793
CVE-2010-2901 (The rendering implementation in Google Chrome before 5.0.375.125 ...)
	{DSA-2188-1}
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41373
	NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-2900 (Google Chrome before 5.0.375.125 does not properly handle a large ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41962
	NOTE: http://trac.webkit.org/changeset/63219
CVE-2010-2899 (Unspecified vulnerability in the layout implementation in Google ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38977
	NOTE: http://trac.webkit.org/changeset/62134
CVE-2010-2898 (Google Chrome before 5.0.375.125 does not properly mitigate an ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2897 (Google Chrome before 5.0.375.125 does not properly mitigate an ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.125~r53311-1
CVE-2010-2896 (IBM FileNet Content Manager (CM) 4.0.0, 4.0.1, 4.5.0, and 4.5.1 before ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2010-XXXX [flaw that allows unsigned code to access any file on the machine (accessible to the user) and write to it.]
	- openjdk-6  6b18-1.8.1-1
CVE-2010-XXXX [flaw in NetX that allows arbitrary unsigned apps to set any java property]
	- openjdk-6  6b18-1.8.1-1
CVE-2010-2895
	RESERVED
CVE-2010-2894
	RESERVED
CVE-2010-2893
	RESERVED
CVE-2010-2892 (gsb/drivers.php in LANDesk Management Gateway 4.0 through 4.0-1.48 and ...)
	NOT-FOR-US: LANDesk Management Gateway
CVE-2010-2891 (Buffer overflow in the smiGetNode function in lib/smi.c in libsmi ...)
	{DSA-2145-1}
	- libsmi 0.4.8+dfsg2-3
CVE-2010-2890 (Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2889 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2888 (Multiple unspecified vulnerabilities in an ActiveX control in Adobe ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2887 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2010-2886 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe RoboHelp ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2010-2885 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 7 and 8, ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2010-2884 (Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2883 (Stack-based buffer overflow in CoolType.dll in Adobe Reader and ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2882 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2881 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2880 (DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2879 (Multiple integer overflows in the allocator in the TextXtra.x32 module ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2878 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2877 (Adobe Shockwave Player before 11.5.8.612 does not properly validate a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2876 (Adobe Shockwave Player before 11.5.8.612 does not properly validate ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2875 (Integer signedness error in Adobe Shockwave Player before 11.5.8.612 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2874 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2873 (Adobe Shockwave Player before 11.5.8.612 does not properly validate ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2872 (Adobe Shockwave Player before 11.5.8.612 does not properly validate an ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2871 (Integer overflow in the 3D object functionality in Adobe Shockwave ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2870 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2869 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2868 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2867 (DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2866 (Integer signedness error in the DIRAPI module in Adobe Shockwave ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2865 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2864 (IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2863 (Adobe Shockwave Player before 11.5.8.612 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2862 (Integer overflow in CoolType.dll in Adobe Reader 8.2.3 and 9.3.3, and ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2861 (Multiple directory traversal vulnerabilities in the administrator ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-2860 (The EMC Celerra Network Attached Storage (NAS) appliance accepts ...)
	NOT-FOR-US: EMC
CVE-2009-4974 (Directory traversal vulnerability in box_display.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4973 (SQL injection vulnerability in rss.php in TotalCalendar 2.4 allows ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4972 (Cross-site scripting (XSS) vulnerability in index.php (aka the log in ...)
	NOT-FOR-US: SimpleID
CVE-2009-4971 (SQL injection vulnerability in the AJAX Chat (vjchat) extension before ...)
	NOT-FOR-US: AJAX Chat
CVE-2009-4970 (SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4969 (SQL injection vulnerability in the Solidbase Bannermanagement ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4968 (SQL injection vulnerability in the Event Registration (event_registr) ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4967 (SQL injection vulnerability in the Car (car) extension before 0.1.1 ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4966 (SQL injection vulnerability in the AST ZipCodeSearch ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4965 (SQL injection vulnerability in the AIRware Lexicon (air_lexicon) ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4964 (Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers ...)
	NOT-FOR-US: KSP
CVE-2009-4963 (Cross-site scripting (XSS) vulnerability in the Commerce extension ...)
	NOT-FOR-US: Typo3 addon
CVE-2009-4962 (Stack-based buffer overflow in Fat Player 0.6b allows remote attackers ...)
	NOT-FOR-US: Fat Player
CVE-2009-4961 (Lanai Core 0.6 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: Lanai Core
CVE-2009-4960 (Directory traversal vulnerability in modules/backup/download.php in ...)
	NOT-FOR-US: Lanai Core
CVE-2009-4959 (SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) ...)
	NOT-FOR-US: T3M E-Mail Marketing Tool
CVE-2009-4958 (SQL injection vulnerability in video.php in EMO Breeder Manager (aka ...)
	NOT-FOR-US: EMO Breader Manager
CVE-2010-2859 (news.php in SimpNews 2.47.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: SimpNews
CVE-2010-2858 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: SimpNews
CVE-2010-2857 (Directory traversal vulnerability in the Music Manager component for ...)
	NOT-FOR-US: Joomla! Music Manager
CVE-2010-2856 (Cross-site scripting (XSS) vulnerability in admin/currencies.php in ...)
	NOT-FOR-US: osCSS
CVE-2010-2855 (Multiple SQL injection vulnerabilities in modfile.php in Event Horizon ...)
	NOT-FOR-US: Event Horizon
CVE-2010-2854 (Multiple cross-site scripting (XSS) vulnerabilities in modfile.php in ...)
	NOT-FOR-US: Event Horizon
CVE-2010-2853 (SQL injection vulnerability in flashPlayer/playVideo.php in iScripts ...)
	NOT-FOR-US: iScripts VisualCaster
CVE-2010-2852 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: RunCMS
CVE-2010-2851 (SQL injection vulnerability in the BookLibrary From Same Author ...)
	NOT-FOR-US: Joomla! BookLibrary From Same Author
CVE-2010-2850 (Directory traversal vulnerability in productionnu2/fileuploader.php in ...)
	NOT-FOR-US: nuBuilder
CVE-2010-2849 (Cross-site scripting (XSS) vulnerability in productionnu2/nuedit.php ...)
	NOT-FOR-US: nuBuilder
CVE-2010-2848 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2847 (Multiple SQL injection vulnerabilities in the InterJoomla ArtForms ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2846 (Cross-site scripting (XSS) vulnerability in the InterJoomla ArtForms ...)
	NOT-FOR-US: Joomla! ArtForms
CVE-2010-2845 (SQL injection vulnerability in the QuickFAQ (com_quickfaq) component ...)
	NOT-FOR-US: Joomla! QuickFAQ
CVE-2010-2844 (Cross-site scripting (XSS) vulnerability in news_show.php in Newanz ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2010-2843 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2842 (Cisco Wireless LAN Controller (WLC) software, possibly 4.2 through ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2841 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-2840 (The Presence Engine (PE) service in Cisco Unified Presence 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2010-2839 (SIPD in Cisco Unified Presence 6.x before 6.0(7) and 7.x before 7.0(8) ...)
	NOT-FOR-US: Cisco
CVE-2010-2838 (The SendCombinedStatusInfo implementation in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2010-2837 (The SIPStationInit implementation in Cisco Unified Communications ...)
	NOT-FOR-US: Cisco
CVE-2010-2836 (Memory leak in the SSL VPN feature in Cisco IOS 12.4, 15.0, and 15.1, ...)
	NOT-FOR-US: Cisco
CVE-2010-2835 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...)
	NOT-FOR-US: Cisco
CVE-2010-2834 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...)
	NOT-FOR-US: Cisco
CVE-2010-2833 (Unspecified vulnerability in the NAT for H.225.0 implementation in ...)
	NOT-FOR-US: Cisco
CVE-2010-2832 (Unspecified vulnerability in the NAT for H.323 implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2831 (Unspecified vulnerability in the NAT for SIP implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2830 (The IGMPv3 implementation in Cisco IOS 12.2, 12.3, 12.4, and 15.0 and ...)
	NOT-FOR-US: Cisco
CVE-2010-2829 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2010-2828 (Unspecified vulnerability in the H.323 implementation in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2010-2827 (Cisco IOS 15.1(2)T allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2010-2826 (SQL injection vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2010-2825 (Unspecified vulnerability in the SIP inspection feature on the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2824 (Unspecified vulnerability on the Cisco Application Control Engine ...)
	NOT-FOR-US: Cisco
CVE-2010-2823 (Unspecified vulnerability in the deep packet inspection feature on the ...)
	NOT-FOR-US: Cisco
CVE-2010-2822 (Unspecified vulnerability in the RTSP inspection feature on the Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2821 (Unspecified vulnerability on the Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2010-2820 (Unspecified vulnerability in the SunRPC inspection feature on the ...)
	NOT-FOR-US: Cisco
CVE-2010-2819 (Unspecified vulnerability in the SunRPC inspection feature on the ...)
	NOT-FOR-US: Cisco
CVE-2010-2818 (Unspecified vulnerability in the SunRPC inspection feature on the ...)
	NOT-FOR-US: Cisco
CVE-2010-2817 (Unspecified vulnerability in the IKE implementation on Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2010-2816 (Unspecified vulnerability in the SIP inspection feature on Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-2815 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
	NOT-FOR-US: Cisco
CVE-2010-2814 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
	NOT-FOR-US: Cisco
CVE-2010-2813 (functions/imap_general.php in SquirrelMail before 1.4.21 does not ...)
	{DSA-2091-1}
	- squirrelmail 2:1.4.21-1 (low)
	[lenny] - squirrelmail <no-dsa> (low-risk issue)
CVE-2010-2812 (Client.cpp in ZNC 0.092 allows remote attackers to cause a denial of ...)
	- znc 0.092-2 (unimportant; bug #599708)
CVE-2010-2811 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Virtual Desktop Server Manager
CVE-2010-2810 (Heap-based buffer overflow in the convert_to_idna function in ...)
	- lynx-cur 2.8.8dev.5-1 (bug #594300)
	[lenny] - lynx-cur <no-dsa> (Minor issue, exploit scenario really obscure)
CVE-2010-2809 (The default configuration of the &lt;Button2&gt; binding in Uzbl before ...)
	- uzbl 0.0.0~git.20100403-3 (bug #594301)
CVE-2010-2808 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2807 (FreeType before 2.4.2 uses incorrect integer data types during bounds ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2806 (Array index error in the t42_parse_sfnts function in type42/t42parse.c ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2805 (The FT_Stream_EnterFrame function in base/ftstream.c in FreeType ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-2804
	RESERVED
CVE-2010-2803 (The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-22
CVE-2010-2802 (Cross-site scripting (XSS) vulnerability in MantisBT before 1.2.2 ...)
	- mantis <not-affected> (vulnerable code introduced in 1.2.x)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
CVE-2010-2801 (Integer signedness error in the Quantum decompressor in cabextract ...)
	{DSA-2087-1}
	- cabextract 1.3-1 (bug #591552)
CVE-2010-2800 (The MS-ZIP decompressor in cabextract before 1.3 allows remote ...)
	- cabextract 1.3-1 (bug #591552; unimportant)
CVE-2010-2799 (Stack-based buffer overflow in the nestlex function in nestlex.c in ...)
	{DSA-2090-1}
	- socat 1.7.1.3-1 (bug #591443; medium)
CVE-2010-2798 (The gfs2_dirent_find_space function in fs/gfs2/dir.c in the Linux ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-20
CVE-2010-2797 (Directory traversal vulnerability in lib/translation.functions.php in ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-2796 (Cross-site scripting (XSS) vulnerability in phpCAS before 1.1.2, when ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2795 (phpCAS before 1.1.2 allows remote authenticated users to hijack ...)
	{DSA-2172-1}
	- libphp-cas <itp> (bug #495542)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	- moodle 1.9.9.dfsg2-2 (bug #601384)
CVE-2010-2794 (The SPICE (aka spice-xpi) plug-in 2.2 for Firefox allows local users ...)
	NOT-FOR-US: SPICE plugin for Firefox
CVE-2010-2793 (Race condition in the SPICE (aka spice-activex) plug-in for Internet ...)
	NOT-FOR-US: SPICE plugin for Internet Explorer
CVE-2010-2792 (Race condition in the SPICE (aka spice-xpi) plug-in 2.2 for Firefox ...)
	NOT-FOR-US: SPICE plugin for Firefox
CVE-2010-2791 (mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, ...)
	- apache2 2.2.9-10 (low)
CVE-2010-2790 (Multiple cross-site scripting (XSS) vulnerabilities in the formatQuery ...)
	- zabbix 1:1.8.3-1 (bug #594304)
	[squeeze] - zabbix 1:1.8.2-1squeeze1
	[lenny] - zabbix <no-dsa> (Minor issue)
CVE-2010-2789 (PHP remote file inclusion vulnerability in MediaWikiParserTest.php in ...)
	- mediawiki <not-affected> (Affects mediawiki 1:1.16.0beta* - was not and will not be in Debian)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2788 (Cross-site scripting (XSS) vulnerability in profileinfo.php in ...)
	- mediawiki 1:1.15.5-1 (bug #590669; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2787 (api.php in MediaWiki before 1.15.5 does not prevent use of public ...)
	- mediawiki 1:1.15.5-1 (bug #590660; low)
	[lenny] - mediawiki <no-dsa> (Minor issue)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-July/000092.html
CVE-2010-2786 (Directory traversal vulnerability in Piwik 0.6 through 0.6.3 allows ...)
	- piwik <itp> (bug #506933)
CVE-2010-2785 (The IRC Protocol component in KVIrc 3.x and 4.x before r4693 does not ...)
	{DSA-2078-1}
	- kvirc 4:4.0.0-3
CVE-2010-2784 (The subpage MMIO initialization functionality in the subpage_register ...)
	- qemu-kvm 0.12.5+dfsg-3 (bug #594478)
	- kvm <removed>
	[lenny] - kvm 72+dfsg-5~lenny6
CVE-2010-2783
	RESERVED
	- openjdk-6 6b18-1.8.1-1
CVE-2009-4957 (Directory traversal vulnerability in loadpanel.php in Interspire ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2009-4956 (Cross-site scripting (XSS) vulnerability in the Visitor Tracking ...)
	NOT-FOR-US: typo3 third party component (ws_stats)
CVE-2009-4955 (SQL injection vulnerability in the ultraCards (th_ultracards) ...)
	NOT-FOR-US: typo3 third party component (th_ultracards)
CVE-2009-4954 (SQL injection vulnerability in the Versatile Calendar Extension [VCE] ...)
	NOT-FOR-US: typo3 third party component (sk_calendar)
CVE-2009-4953 (Cross-site scripting (XSS) vulnerability in the Userdata Create/Edit ...)
	NOT-FOR-US: typo3 third party component (sg_userdata)
CVE-2009-4952 (Directory traversal vulnerability in the Directory Listing ...)
	NOT-FOR-US: typo3 third party component (dir_listing)
CVE-2009-4951 (Unspecified vulnerability in the ClickStream Analyzer [output] ...)
	NOT-FOR-US: typo3 third party component (alternet_csa_out)
CVE-2009-4950 (SQL injection vulnerability in the A21glossary Advanced Output ...)
	NOT-FOR-US: typo3 third party component (a21glossary_advanced_output)
CVE-2009-4949 (SQL injection vulnerability in the Store Locator extension before ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2009-4948 (Cross-site scripting (XSS) vulnerability in the Store Locator ...)
	NOT-FOR-US: typo3 third party component (locator)
CVE-2009-4947 (SQL injection vulnerability in frmLoginPwdReminderPopup.aspx in Q2 ...)
	NOT-FOR-US: Q2 Solutions ConnX
CVE-2009-4946 (Directory traversal vulnerability in the Messaging (com_messaging) ...)
	NOT-FOR-US: Joomla! Messaging
CVE-2010-2782
	RESERVED
CVE-2010-2781
	RESERVED
CVE-2010-2780
	RESERVED
CVE-2010-2779 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
	NOT-FOR-US: GroupWise
CVE-2010-2778 (Cross-site scripting (XSS) vulnerability in WebAccess in Novell ...)
	NOT-FOR-US: GroupWise
CVE-2010-2777 (Stack-based buffer overflow in the IMAP server component in GroupWise ...)
	NOT-FOR-US: GroupWise
CVE-2010-2776
	RESERVED
CVE-2010-2775
	RESERVED
CVE-2010-2774
	RESERVED
CVE-2010-2773
	RESERVED
CVE-2010-2772 (Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded ...)
	NOT-FOR-US: SCADA
CVE-2010-2771 (solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to ...)
	NOT-FOR-US: IBM solidDB
CVE-2009-4945 (AdPeeps 8.5d1 has a default password of admin for the admin account, ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4944 (Multiple cross-site scripting (XSS) vulnerabilities in ATRC ACollab ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4943 (index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4942 (Cross-site request forgery (CSRF) vulnerability in ACollab 1.2 allows ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4941 (Cross-site scripting (XSS) vulnerability in sign_in.php in ATRC ...)
	NOT-FOR-US: ATRC ACollab
CVE-2009-4940 (SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier ...)
	NOT-FOR-US: Zeus Cart
CVE-2009-4939 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: AdPeeps
CVE-2009-4938 (SQL injection vulnerability in the JVideo! (com_jvideo) component ...)
	NOT-FOR-US: JVideo
CVE-2009-4937 (Cross-site scripting (XSS) vulnerability in Small Pirate (SPirate) 2.1 ...)
	NOT-FOR-US: SPirate
CVE-2009-4936 (Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 ...)
	NOT-FOR-US: SPirate
CVE-2010-3484 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows ...)
	- mapserver 5.6.4-1 (low)
	[lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-3485 (SQL injection vulnerability in common.php in LightNEasy 3.2.1 allows ...)
	- mapserver 5.6.4-1 (low)
	[lenny] - mapserver <no-dsa> (Minor issue)
CVE-2010-2770 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
	- xulrunner <not-affected> (The vulnerability is MacOS-specific)
	- iceweasel <not-affected> (The vulnerability is MacOS-specific)
	- iceape <not-affected> (The vulnerability is MacOS-specific)
CVE-2010-2769 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-2124-1 DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2768 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2767 (The navigator.plugins implementation in Mozilla Firefox before 3.5.12 ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2766 (The normalizeDocument function in Mozilla Firefox before 3.5.12 and ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2765 (Integer overflow in the FRAMESET element implementation in Mozilla ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2764 (Mozilla Firefox before 3.5.12 and 3.6.x before 3.6.9, Thunderbird ...)
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	[lenny] - xulrunner <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- icedove 3.0.7-1
	[lenny] - icedove <not-affected> (Doesn't affect Xulrunner 1.9.0 code base)
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2763 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2762 (The XPCSafeJSObjectWrapper class in the SafeJSObjectWrapper (aka SJOW) ...)
	- xulrunner <not-affected> (Only affects 3.6, only in experimental)
	- iceweasel <not-affected> (Only affects 3.6, only in experimental)
CVE-2010-2761 (The multipart_init function in (1) CGI.pm before 3.50 and (2) ...)
	- perl 5.10.1-17 (bug #606995)
	- libcgi-pm-perl 3.50-1 (bug #606370)
	[lenny] - libcgi-pm-perl 3.38-2lenny2
	[squeeze] - libcgi-pm-perl 3.49-1squeeze1
	- libcgi-simple-perl 1.111-2 (bug #606379)
	[lenny] - libcgi-simple-perl 1.105-1lenny1
	[lenny] - perl 5.10.0-19lenny3 (bug #606995)
CVE-2010-2760 (Use-after-free vulnerability in the nsTreeSelection function in ...)
	{DSA-2106-1}
	- xulrunner <removed> (unimportant)
	- iceweasel 3.5.12-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- icedove 3.0.7-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.7-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-2759 (Bugzilla 2.23.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...)
	- bugzilla 3.6.2.0-1 (bug #595015; medium)
CVE-2010-2758 (Bugzilla 2.17.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2757 (The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2756 (Search.pm in Bugzilla 2.19.1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 ...)
	- bugzilla 3.6.2.0-1 (bug #595015; low)
CVE-2010-2755 (layout/generic/nsObjectFrame.cpp in Mozilla Firefox 3.6.7 does not ...)
	- xulrunner <not-affected> (Only exploitable in Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only exploitable in Firefox 3.6.x and above)
CVE-2010-2754 (dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2753 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-2752 (Integer overflow in an array class in Mozilla Firefox 3.5.x before ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-2751 (The nsDocShell::OnRedirectStateChange function in ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-2750 (Array index error in Microsoft Word 2002 SP3 and Office 2004 for Mac ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2749
	REJECTED
CVE-2010-2748 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly check ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2747 (Microsoft Word 2002 SP3 and Office 2004 for Mac do not properly handle ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-2746 (Heap-based buffer overflow in Comctl32.dll (aka the common control ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2745 (Microsoft Windows Media Player (WMP) 9 through 12 does not properly ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-2744 (The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2743 (The kernel-mode drivers in Microsoft Windows XP SP3 do not properly ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2742 (The Netlogon RPC Service in Microsoft Windows Server 2003 SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2741 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2740 (The OpenType Font (OTF) format driver in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2739 (Buffer overflow in the CreateDIBPalette function in win32k.sys in ...)
	NOT-FOR-US: Windows
CVE-2010-2738 (The Uniscribe (aka new Unicode Script Processor) implementation in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2737
	REJECTED
CVE-2010-2736
	REJECTED
CVE-2010-2735
	REJECTED
CVE-2010-2734 (Cross-site scripting (XSS) vulnerability in the mobile portal in ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2733 (Cross-site scripting (XSS) vulnerability in the Web Monitor in ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2732 (Open redirect vulnerability in the web interface in Microsoft ...)
	NOT-FOR-US: Microsoft Forefront Unified Access Gateway
CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, ...)
	NOT-FOR-US: Microsoft IIS
CVE-2010-2729 (The Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2728 (Heap-based buffer overflow in Microsoft Outlook 2002 SP3, 2003 SP3, ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2010-2727
	REJECTED
CVE-2010-2726
	REJECTED
CVE-2010-2725 (BarnOwl before 1.6.2 does not check the return code of calls to the ...)
	{DSA-2102-1}
	- barnowl 1.6.2-1 (bug #593299)
CVE-2010-2724 (Cross-site scripting (XSS) vulnerability in the Hierarchical Select ...)
	NOT-FOR-US: Drupal addon module
CVE-2010-2723 (Cross-site scripting (XSS) vulnerability in LISTSERV 15 and 16 allows ...)
	NOT-FOR-US: LISTSERV
CVE-2010-2722 (Cross-site scripting (XSS) vulnerability in index.php in RightInPoint ...)
	NOT-FOR-US: RightInPoint Lyrics Script
CVE-2010-2721 (SQL injection vulnerability in index.php in RightInPoint Lyrics Script ...)
	NOT-FOR-US: RightInPoint Lyrics Script
CVE-2010-2720 (SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and ...)
	NOT-FOR-US: phpaaCms
CVE-2010-2719 (SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and ...)
	NOT-FOR-US: phpaaCms
CVE-2010-2718 (Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware ...)
	NOT-FOR-US: CruxSoftware
CVE-2010-2717 (Cross-site scripting (XSS) vulnerability in manager/login.php in ...)
	NOT-FOR-US: CruxSoftware
CVE-2010-2716 (Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote ...)
	NOT-FOR-US: PsNews
CVE-2010-2715 (Cross-site scripting (XSS) vulnerability in photos/index.php in TCW ...)
	NOT-FOR-US: TCW PHP Album
CVE-2010-2714 (SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 ...)
	NOT-FOR-US: TCW PHP Album
CVE-2010-2713 (The vte_sequence_handler_window_manipulation function in vteseq.c in ...)
	[lenny] - vte <not-affected> (Uses a hardcoded string in the terminal icon/window title)
	- vte 1:0.24.3-1
	NOTE: http://git.gnome.org/browse/vte/commit/?id=58bc3a942f198a1a8788553ca72c19d7c1702b74
	NOTE: http://git.gnome.org/browse/vte/commit/?id=8b971a7b2c59902914ecbbc3915c45dd21530a91
CVE-2010-2712 (Unspecified vulnerability in Software Distributor (sd) in HP HP-UX ...)
	NOT-FOR-US: Software Distributor in HP HP-UX
CVE-2010-2711 (Unspecified vulnerability in the HP MagCloud app before 1.0.5 for the ...)
	NOT-FOR-US: HP MagCloud app
CVE-2010-2710 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2709 (Stack-based buffer overflow in webappmon.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2708 (Unspecified vulnerability on the HP ProCurve 2610 switch before ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2707 (Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2706 (Unspecified vulnerability in the In-band Agent on the HP ProCurve 2610 ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2705 (Unspecified vulnerability on the HP ProCurve 1800-24G switch with ...)
	NOT-FOR-US: HP ProCurve
CVE-2010-2704 (Buffer overflow in HP OpenView Network Node Manager (OV NNM) 7.51 and ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2703 (Stack-based buffer overflow in the execvp_nc function in the ov.dll ...)
	NOT-FOR-US: HP OpenView
CVE-2010-2702 (Buffer overflow in the UGameEngine::UpdateConnectingMessage function ...)
	NOT-FOR-US: Unreal engine
CVE-2010-2701 (Multiple buffer overflows in the FathFTP ActiveX control 1.7 allow ...)
	NOT-FOR-US: FathFTP ActiveX control
CVE-2010-2700 (Cross-site scripting (XSS) vulnerability in index.php in Edge PHP ...)
	NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2699 (SQL injection vulnerability in index.php in Edge PHP Clickbank ...)
	NOT-FOR-US: Edge PHP Clickbank Affiliate Marketplace Script
CVE-2010-2698 (Multiple cross-site scripting (XSS) vulnerabilities in Sijio Community ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2697 (Cross-site scripting (XSS) vulnerability in Sijio Community Software ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2696 (SQL injection vulnerability in gallery/index.php in Sijio Community ...)
	NOT-FOR-US: Sijio Community Software
CVE-2010-2695 (Directory traversal vulnerability in the SFTP/SSH2 virtual server in ...)
	NOT-FOR-US: Xlight FTP Server
CVE-2010-2694 (SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2693 (FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag ...)
	- kfreebsd-7 7.3-5
	[lenny] - kfreebsd-7 <no-dsa> (Not covered by security support in Lenny)
	- kfreebsd-8 8.0-10
CVE-2010-2692 (Cross-site scripting (XSS) vulnerability in 2daybiz Custom T-Shirt ...)
	NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2691 (Multiple SQL injection vulnerabilities in 2daybiz Custom T-Shirt ...)
	NOT-FOR-US: 2daybiz Custom T-Shirt Design Script
CVE-2010-2690 (SQL injection vulnerability in the JOOFORGE Gamesbox (com_gamesbox) ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2689 (SQL injection vulnerability in cont_form.php in Internet DM WebDM CMS ...)
	NOT-FOR-US: Internet DM WebDM CMS
CVE-2010-2688 (SQL injection vulnerability in detail.asp in Site2Nite Boat ...)
	NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2687 (SQL injection vulnerability in printdetail.asp in Site2Nite Boat ...)
	NOT-FOR-US: Site2Nite Boat Classifieds
CVE-2010-2686 (Multiple SQL injection vulnerabilities in clientes.asp in the TopManage ...)
	NOT-FOR-US: SAP module
CVE-2010-2685 (siteadmin/adduser.php in Customer Paradigm PageDirector CMS does not ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2684 (SQL injection vulnerability in index.php in Customer Paradigm ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2683 (SQL injection vulnerability in result.php in Customer Paradigm ...)
	NOT-FOR-US: Customer Paradigm PageDirector CMS
CVE-2010-2682 (Directory traversal vulnerability in the Realtyna Translator ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2681 (PHP remote file inclusion vulnerability in the SEF404x (com_sef) ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2680 (Directory traversal vulnerability in the JExtensions JE ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2679 (SQL injection vulnerability in the Weblinks (com_weblinks) component ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2678 (SQL injection vulnerability in xmap (com_xmap) component for Joomla! ...)
	NOT-FOR-US: Joomla addon
CVE-2010-2677 (PHP remote file inclusion vulnerability in mw_plugin.php in Open Web ...)
	NOT-FOR-US: Open Web Analytics
CVE-2010-2676 (Multiple directory traversal vulnerabilities in index.php in Open Web ...)
	NOT-FOR-US: Open Web Analytics
CVE-2010-2675 (Cross-site scripting (XSS) vulnerability in index.php in TSOKA:CMS ...)
	NOT-FOR-US: TSOKA:CMS
CVE-2010-2674 (SQL injection vulnerability in index.php in TSOKA:CMS 1.1, 1.9, and ...)
	NOT-FOR-US: TSOKA:CMS
CVE-2010-2673 (SQL injection vulnerability in profile_view.php in Devana 1.6.6 and ...)
	NOT-FOR-US: Devana
CVE-2010-2672 (Multiple SQL injection vulnerabilities in eZ Publish 3.7.0 through ...)
	- ezpublish <removed>
CVE-2010-2671 (Cross-site scripting (XSS) vulnerability in advancedsearch.php in eZ ...)
	- ezpublish <removed>
CVE-2010-2670 (SQL injection vulnerability in recipedetail.php in BrotherScripts ...)
	NOT-FOR-US: BrotherScripts Recipe Website
CVE-2010-2669 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Orbis CMS
CVE-2010-2668 (Unspecified vulnerability in Adaptive Micro Systems ALPHA Ethernet ...)
	NOT-FOR-US: Adaptive Micro Systems ALPHA Ethernet Adapter
CVE-2010-2667 (Multiple unspecified vulnerabilities in the Virtual Appliance ...)
	NOT-FOR-US: VMware Studio
CVE-2010-2666 (Opera before 10.54 on Windows and Mac OS X does not properly enforce ...)
	NOT-FOR-US: Opera
CVE-2010-2665 (Cross-site scripting (XSS) vulnerability in Opera before 10.54 on ...)
	NOT-FOR-US: Opera
CVE-2010-2664 (Opera before 10.60 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2010-2663 (Opera before 10.60 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2010-2662 (Opera before 10.60 allows remote attackers to bypass the popup blocker ...)
	NOT-FOR-US: Opera
CVE-2010-2661 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX ...)
	NOT-FOR-US: Opera
CVE-2010-2660 (Opera before 10.54 on Windows and Mac OS X, and before 10.60 on UNIX ...)
	NOT-FOR-US: Opera
CVE-2010-2659 (Opera before 10.50 on Windows, before 10.52 on Mac OS X, and before ...)
	NOT-FOR-US: Opera
CVE-2010-2658 (Opera before 10.60 does not properly restrict certain interaction ...)
	NOT-FOR-US: Opera
CVE-2010-2657 (Opera before 10.60 on Windows and Mac OS X does not properly prevent ...)
	NOT-FOR-US: Opera
CVE-2010-2656 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2655 (Directory traversal vulnerability in private/file_management.php on ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2654 (Multiple cross-site scripting (XSS) vulnerabilities on the IBM ...)
	NOT-FOR-US: BladeCenter software
CVE-2010-2653 (Race condition in the hvc_close function in drivers/char/hvc_console.c ...)
	- linux-2.6 2.6.32-25
CVE-2009-4935 (SQL injection vulnerability in ogp_show.php in Online Guestbook Pro ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-4934 (Cross-site scripting (XSS) vulnerability in index.php in Online Photo ...)
	NOT-FOR-US: Online Photo Pro
CVE-2009-4933 (Multiple SQL injection vulnerabilities in login.php in EZ Webitor ...)
	NOT-FOR-US: EZ Webitor
CVE-2009-4932 (Stack-based buffer overflow in 1by1 1.67 (aka 1.6.7.0) allows remote ...)
	NOT-FOR-US: 1by1
CVE-2009-4931 (Stack-based buffer overflow in Groovy Media Player 1.1.0 allows remote ...)
	NOT-FOR-US: Groovy Media Player
CVE-2009-4930 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: SunGard Banner Student System
CVE-2009-4929 (admin/manage_users.php in TotalCalendar 2.4 does not require ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4928 (PHP remote file inclusion vulnerability in config.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-4927 (WB News 2.1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: WB News
CVE-2009-4926 (Multiple cross-site scripting (XSS) vulnerabilities in Online Contact ...)
	NOT-FOR-US: Online Contact Manager
CVE-2009-4925 (Multiple SQL injection vulnerabilities in Portale e-commerce Creasito ...)
	NOT-FOR-US: Portale e-commerce Creasito
CVE-2010-2652 (Google Chrome before 5.0.375.99 does not properly implement modal ...)
	- webkit <not-affected> (chromium specific issue)
	- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2651 (The Cascading Style Sheets (CSS) implementation in Google Chrome ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38891
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=51014
	NOTE: http://trac.webkit.org/changeset/59247
CVE-2010-2650 (Unspecified vulnerability in Google Chrome before 5.0.375.99 has ...)
	- webkit <not-affected> (chromium specific)
	- chromium-browser 5.0.375.99~r51029-1
CVE-2010-2649 (Unspecified vulnerability in Google Chrome before 5.0.375.99 allows ...)
	- webkit <not-affected> (issue in chromium-specific code)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39797
	NOTE: http://trac.webkit.org/changeset/60973
	NOTE: http://trac.webkit.org/changeset/60977
CVE-2010-2648 (The implementation of the Unicode Bidirectional Algorithm (aka Bidi ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39305
	NOTE: http://trac.webkit.org/projects/webkit/changeset/61921
CVE-2010-2647 (Google Chrome before 5.0.375.99 allows remote attackers to cause a ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38627
	NOTE: http://trac.webkit.org/changeset/61667
	NOTE: http://trac.webkit.org/changeset/61669 mac fixes
	NOTE: http://trac.webkit.org/changeset/61676 chromium fixes
	NOTE: http://trac.webkit.org/changeset/61679 additional layout test
	NOTE: duplicate of cve-2010-1786
CVE-2010-2646 (Google Chrome before 5.0.375.99 does not properly isolate sandboxed ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38151
	NOTE: http://trac.webkit.org/changeset/58873
	NOTE: http://trac.webkit.org/changeset/59870 chromium updates
CVE-2010-2645 (Unspecified vulnerability in Google Chrome before 5.0.375.99, when ...)
	- webkit <not-affected> (doesn't include webgl code yet)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38039
	NOTE: http://trac.webkit.org/changeset/58957
CVE-2010-2644 (IBM WebSphere Service Registry and Repository (WSRR) 7.0.0 before FP1 ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2010-2643 (Integer overflow in the TFM font parser in the dvi-backend component ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2642 (Heap-based buffer overflow in the AFM font parser in the dvi-backend ...)
	{DSA-2388-1 DSA-2357-1}
	- evince 3.0.2-1 (bug #609534)
	[squeeze] - evince 2.30.3-2+squeeze1
	- t1lib 5.1.2-3.5
	[lenny] - t1lib 5.1.2-3+lenny1
	[squeeze] - t1lib 5.1.2-3+squeeze1
CVE-2010-2641 (Array index error in the VF font parser in the dvi-backend component ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2640 (Array index error in the PK font parser in the dvi-backend component ...)
	{DSA-2357-1}
	- evince 2.30.3-2 (bug #609534)
CVE-2010-2639 (IBM WebSphere Commerce Enterprise 7.0 before 7.0.0.2 allows remote ...)
	NOT-FOR-US: IBM WebSphere Commerce Enterprise 7.0
CVE-2010-2638 (Unspecified vulnerability in IBM WebSphere MQ 7.0 before 7.0.1.5 ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2010-2637 (IBM WebSphere MQ 6.0 before 6.0.2.9 and 7.0 before 7.0.1.1 does not ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2636 (Multiple cross-site scripting (XSS) vulnerabilities in sample store ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2635 (SQL injection vulnerability in IBM WebSphere Commerce 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2010-2634 (RSA enVision before 3.7 SP1 allows remote authenticated users to cause ...)
	NOT-FOR-US: RSA enVision
CVE-2010-2633 (Unspecified vulnerability in EMC Disk Library (EDL) before 3.2.7, ...)
	NOT-FOR-US: EMC
CVE-2010-2632 (Unspecified vulnerability in the FTP Server in Oracle Solaris 8, 9, ...)
	NOT-FOR-US: Solaris FTP server
CVE-2010-2631 (LibTIFF 3.9.0 ignores tags in certain situations during the first ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed before initial upload)
CVE-2010-2630 (The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2629 (The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 ...)
	NOT-FOR-US: Cisco
CVE-2010-2628 (The IKE daemon in strongSwan 4.3.x before 4.3.7 and 4.4.x before 4.4.1 ...)
	- strongswan 4.4.1-1
	[lenny] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
	[squeeze] - strongswan <not-affected> (Vulnerability introduced in 4.3.3)
CVE-2010-2627 (Multiple directory traversal vulnerabilities in the Refractor 2 ...)
	NOT-FOR-US: Refractor 2
CVE-2010-2626 (index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to ...)
	NOT-FOR-US: Miyabi CGI Tools SEO Links
CVE-2010-2625 (Unspecified vulnerability in the Client Service for DPM in Hitachi ...)
	NOT-FOR-US: Hitachi ServerConductor
CVE-2010-2624 (Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow ...)
	NOT-FOR-US: iScripts EasySnaps
CVE-2010-2623 (SQL injection vulnerability in pages.php in Internet DM Specialist Bed ...)
	NOT-FOR-US: Internet DM Specialist Bed and Breakfast
CVE-2010-2622 (SQL injection vulnerability in the Joomanager component, possibly ...)
	NOT-FOR-US: Joomanager
CVE-2010-2621 (The QSslSocketBackendPrivate::transmit function in ...)
	- qt4-x11 4:4.6.3-2 (low; bug #587711)
	[lenny] - qt4-x11 <no-dsa> (Harmless impact)
	NOTE: Fixed by commit c25c7c9bdfade6b906f37ac8bad44f6f0de57597
CVE-2010-2620 (Open&amp;Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote ...)
	NOT-FOR-US: Open&Compact FTP Server
CVE-2010-2619 (Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and ...)
	NOT-FOR-US: Citrix XenServer (it's based on Xen, likely a duplicate of an existing Xen issue)
CVE-2009-4924 (Dan Pascu python-cjson 1.0.5 does not properly handle a ['/'] argument ...)
	- python-cjson 1.0.5-4 (low; bug #593302)
	[lenny] - python-cjson <no-dsa> (Minor issue)
CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2010-2494 (Multiple buffer underflows in the base64 decoder in base64.c in (1) ...)
	- bogofilter 1.2.1-3 (low; bug #588090)
	[lenny] - bogofilter 1.1.7-1+lenny1
	NOTE: this is "only" null write to an invalid pointer, no arbitrary location
CVE-2010-2495 (The pppol2tp_xmit function in drivers/net/pppol2tp.c in the L2TP ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.29)
CVE-2010-2618 (PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in ...)
	NOT-FOR-US: AdaptCMS
CVE-2010-2617 (Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible ...)
	NOT-FOR-US: PHP Bible Search
CVE-2010-2616 (SQL injection vulnerability in bible.php in PHP Bible Search, probably ...)
	NOT-FOR-US: PHP Bible Search
CVE-2010-2615 (Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php ...)
	NOT-FOR-US: Grafik CMS
CVE-2010-2614 (SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, ...)
	NOT-FOR-US: Grafik CMS
CVE-2010-2613 (Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd ...)
	NOT-FOR-US: com_awd_song component for joomla!
CVE-2010-2612 (Unspecified vulnerability in the HP OpenVMS Auditing feature in ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-2611 (SQL injection vulnerability in show_search_result.php in i-netsolution ...)
	NOT-FOR-US: i-netsolution Job Search Engine
CVE-2010-2610 (Multiple SQL injection vulnerabilities in 2daybiz Job Site Script ...)
	NOT-FOR-US: 2daybiz Job Site Script
CVE-2010-2609 (SQL injection vulnerability in show_search_result.php in 2daybiz Job ...)
	NOT-FOR-US: 2daybiz Job Search Engine Script
CVE-2010-2608
	RESERVED
CVE-2010-2607
	RESERVED
CVE-2010-2606
	RESERVED
CVE-2010-2605
	RESERVED
CVE-2010-2604 (Multiple buffer overflows in the PDF Distiller in the BlackBerry ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-2603 (RIM BlackBerry Desktop Software 4.7 through 6.0 for PC, and 1.0 for ...)
	NOT-FOR-US: RIM BlackBerry Desktop Software
CVE-2010-2602 (Multiple buffer overflows in the PDF distiller component in the ...)
	NOT-FOR-US: BlackBerry Enterprise Serve
CVE-2010-2601 (Multiple buffer overflows in the PDF distiller in the Attachment ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2010-2600 (Untrusted search path vulnerability in BlackBerry Desktop Software ...)
	NOT-FOR-US: BlackBerry Desktop Software
CVE-2010-2599 (Unspecified vulnerability in Research In Motion (RIM) BlackBerry ...)
	NOT-FOR-US: BlackBerry Device Software
CVE-2010-2594 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: InterSect Allience Snare Agent
CVE-2010-2593
	RESERVED
CVE-2010-2592
	RESERVED
CVE-2010-2591
	RESERVED
CVE-2010-2590 (Heap-based buffer overflow in the ...)
	NOT-FOR-US: ActiveX
CVE-2010-2589 (Integer overflow in the dirapi.dll module in Adobe Shockwave Player ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2588 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2587 (The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2586 (Multiple integer overflows in in_nsv.dll in the in_nsv plugin in ...)
	NOT-FOR-US: Winamp
CVE-2010-2585 (Multiple buffer overflows in the RealPage Module Upload ActiveX ...)
	NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2584 (The Upload method in the RealPage Module Upload ActiveX control in ...)
	NOT-FOR-US: RealPage Module ActiveX Controls
CVE-2010-2583 (Stack-based buffer overflow in SonicWALL SSL-VPN End-Point ...)
	NOT-FOR-US: SonicWALL
CVE-2010-2582 (An unspecified function in TextXtra.x32 in Adobe Shockwave Player ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2581 (dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows remote ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-2580 (The SMTP service (MESMTPC.exe) in MailEnable 3.x and 4.25 does not ...)
	NOT-FOR-US: MailEnable
CVE-2010-2579 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealPlayer
CVE-2010-2578 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2010-2577 (Multiple SQL injection vulnerabilities in Pligg before 1.1.1 allow ...)
	NOT-FOR-US: Pligg
CVE-2010-2576 (Opera before 10.61 does not properly suppress clicks on download ...)
	NOT-FOR-US: Opera
CVE-2010-2575 (Heap-based buffer overflow in the RLE decompression functionality in ...)
	- okular 4:4.4.5-2
	[lenny] - okular 0.7-2+lenny1
	- kdegraphics 4:4.4.5-2
	[lenny] - kdegraphics <not-affected> (Lenny's kdegraphics doesn't yet contain Okular)
	NOTE: http://www.kde.org/info/security/advisory-20100825-1.txt
	NOTE: Okular was initially a single source package (lenny days), then it was merged into
	NOTE: kdegraphics (squeeze days) and later split off again (wheezy)
CVE-2010-2574 (Cross-site scripting (XSS) vulnerability in manage_proj_cat_add.php in ...)
	- mantis 1.1.8+dfsg-6 (low; bug #595510)
	[lenny] - mantis 1.1.6+dfsg-2lenny2
CVE-2010-2598 (LibTIFF in Red Hat Enterprise Linux (RHEL) 3 on x86_64 platforms, as ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2597 (The TIFFVStripSize function in tif_strip.c in LibTIFF 3.9.0 and 3.9.2 ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2596 (The OJPEGPostDecode function in tif_ojpeg.c in LibTIFF 3.9.0 and ...)
	{DLA-610-1}
	- tiff 4.0.6-1 (unimportant)
	- tiff3 <removed> (unimportant)
	NOTE: fixed by http://bugzilla.maptools.org/show_bug.cgi?id=2209
	NOTE: according to upstream http://bugzilla.maptools.org/show_bug.cgi?id=2209#c6
	NOTE: unreproducible in VCS. Confirmed for version 4.0.6 in Stretch by verifying
	NOTE: that the reproducer does not trigger the crash anymore.
	NOTE: Tom Lane's patch should be applied for tiff in Wheezy too.
	NOTE: Not confirmed which exact version should fix the issue.
CVE-2010-2595 (The TIFFYCbCrtoRGB function in LibTIFF 3.9.0 and 3.9.2, as used in ...)
	{DSA-2552-1}
	- tiff 3.9.6-1
	- tiff3 3.9.6-1
	NOTE: may have been fixed earlier
CVE-2010-2573 (Integer underflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3, ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2010-2572 (Buffer overflow in Microsoft PowerPoint 2002 SP3 and 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2010-2571 (Array index error in pubconv.dll (aka the Publisher Converter DLL) in ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2570 (Heap-based buffer overflow in pubconv.dll (aka the Publisher Converter ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2569 (pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2010-2568 (Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2010-2567 (The RPC client implementation in Microsoft Windows XP SP2 and SP3 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2566 (The Secure Channel (aka SChannel) security package in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2010-2565
	REJECTED
CVE-2010-2564 (Buffer overflow in Microsoft Windows Movie Maker (WMM) 2.1, 2.6, and ...)
	NOT-FOR-US: Microsoft
CVE-2010-2563 (The Word 97 text converter in the WordPad Text Converters in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2562 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-2561 (Microsoft XML Core Services (aka MSXML) 3.0 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2010-2560 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2010-2559 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft
CVE-2010-2558 (Race condition in Microsoft Internet Explorer 6, 7, and 8 allows ...)
	NOT-FOR-US: Microsoft
CVE-2010-2557 (Microsoft Internet Explorer 6 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft
CVE-2010-2556 (Microsoft Internet Explorer 6, 7, and 8 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2010-2555 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2010-2554 (The Tracing Feature for Services in Microsoft Windows Vista SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2010-2553 (The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2010-2552 (Stack consumption vulnerability in the SMB Server in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-2551 (The SMB Server in Microsoft Windows Vista SP1 and SP2, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2010-2550 (The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server ...)
	NOT-FOR-US: Microsoft
CVE-2010-2549 (Use-after-free vulnerability in the kernel-mode drivers in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2010-2548
	RESERVED
	- openjdk-6 6b18-1.8.1-1
CVE-2010-2547 (Use-after-free vulnerability in kbx/keybox-blob.c in GPGSM in GnuPG ...)
	{DSA-2076-1}
	- gnupg2 2.0.14-2
CVE-2010-2546 (Multiple heap-based buffer overflows in loaders/load_it.c in ...)
	{DSA-2081-1}
	- libmikmod 3.1.11-6.3
CVE-2010-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-2544 (Cross-site scripting (XSS) vulnerability in utilities.php in Cacti ...)
	- cacti 0.8.7g-1
CVE-2010-2543 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-2542 (Stack-based buffer overflow in the is_git_directory function in ...)
	{DSA-2114-1}
	- git-core 1:1.7.1-1.1 (low; bug #590026)
CVE-2010-2541 (Buffer overflow in ftmulti.c in the ftmulti demo program in FreeType ...)
	{DSA-2105-1}
	- freetype 2.4.2-1 (low)
CVE-2010-2540 (mapserv.c in mapserv in MapServer before 4.10.6 and 5.x before 5.6.4 ...)
	{DSA-2079-1}
	- mapserver 5.6.4-1
CVE-2010-2539 (Buffer overflow in the msTmpFile function in maputil.c in mapserv in ...)
	{DSA-2079-1}
	- mapserver 5.6.4-1
CVE-2010-2538 (Integer overflow in the btrfs_ioctl_clone function in fs/btrfs/ioctl.c ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
CVE-2010-2537 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the Linux kernel ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.29)
CVE-2010-2536 (Multiple cross-site scripting (XSS) vulnerabilities in rekonq 0.5 and ...)
	- rekonq 0.5.0-2 (bug #593300)
CVE-2010-2535 (Multiple cross-site scripting (XSS) vulnerabilities in the Back End in ...)
	NOT-FOR-US: Joomla
CVE-2010-2534 (The NetworkSyncCommandQueue function in network/network_command.cpp in ...)
	- openttd 1.0.3-1
	[lenny] - openttd <not-affected> (Introduced in 1.0.1)
	NOTE: http://bugs.openttd.org/task/3909
CVE-2010-2533
	REJECTED
CVE-2010-2532 (** DISPUTED ** ...)
	- lxsession 0.4.4-3 (bug #591409)
CVE-2010-2531 (The var_export function in PHP 5.2 before 5.2.14 and 5.3 before 5.3.3 ...)
	{DSA-2266-1}
	- php5 5.3.3-2 (low)
CVE-2010-2530 (Multiple integer signedness errors in smb_subr.c in the netsmb module ...)
	NOT-FOR-US: NetBSD
CVE-2010-2529 (Unspecified vulnerability in ping.c in iputils 20020927, 20070202, ...)
	{DSA-2645-1}
	- iputils 3:20100418-2
	- inetutils 2:1.9-2
	[lenny] - iputils 3:20071127-1+lenny1
CVE-2010-2528 (The clientautoresp function in family_icbm.c in the oscar protocol ...)
	- pidgin 2.7.2-1
	[lenny] - pidgin <not-affected> (Vulnerable code not present, support for X-Status was added later)
CVE-2010-2527 (Multiple buffer overflows in demo programs in FreeType before 2.4.0 ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2526 (The cluster logical volume manager daemon (clvmd) in lvm2-cluster in ...)
	{DSA-2095-1}
	- lvm2 2.02.66-3 (bug #591204)
CVE-2010-2525
	RESERVED
CVE-2010-2524 (The DNS resolution functionality in the CIFS implementation in the ...)
	{DSA-2264-1}
	- linux-2.6 2.6.32-19
CVE-2010-2523 (Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 ...)
	NOT-FOR-US: UMIP
CVE-2010-2522 (The mipv6 daemon in UMIP 0.4 does not verify that netlink messages ...)
	NOT-FOR-US: UMIP
CVE-2010-2521 (Multiple buffer overflows in fs/nfsd/nfs4xdr.c in the XDR ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-13
CVE-2010-2520 (Heap-based buffer overflow in the Ins_IUP function in ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2519 (Heap-based buffer overflow in the Mac_Read_POST_Resource function in ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2518 (Unspecified vulnerability in the P8 Content Engine (P8CE) 4.5.1 before ...)
	NOT-FOR-US: P8 Content Search Engine
CVE-2010-2517 (Multiple unspecified vulnerabilities in IBM Rational ClearQuest before ...)
	NOT-FOR-US: ClearQuest
CVE-2010-2516 (Multiple SQL injection vulnerabilities in 2daybiz Multi Level ...)
	NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2009-4923 (Unspecified vulnerability in the DTLS implementation on Cisco Adaptive ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4922 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4921 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4920 (Unspecified vulnerability in CTM on Cisco Adaptive Security Appliances ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4919 (Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4918 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4917 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4916 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4915 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4914 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5580 series ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4913 (The IPv6 implementation on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4912 (Cisco Adaptive Security Appliances (ASA) 5580 series devices with ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4911 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-4910 (Cross-site scripting (XSS) vulnerability in the WebVPN portal on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-2515 (Multiple SQL injection vulnerabilities in index.php in the JFaq ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2514 (Cross-site scripting (XSS) vulnerability in the JFaq (com_jfaq) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2513 (SQL injection vulnerability in the JE Ajax Event Calendar ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2512 (SQL injection vulnerability in customprofile.php in 2daybiz ...)
	NOT-FOR-US: 2daybiz Matrimonial Script
CVE-2010-2511 (SQL injection vulnerability in viewnews.php in 2daybiz Multi Level ...)
	NOT-FOR-US: 2daybiz Multi Level Marketing
CVE-2010-2510 (SQL injection vulnerability in customize.php in 2daybiz Web Template ...)
	NOT-FOR-US: 2daybiz Web Template
CVE-2010-2509 (Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web ...)
	NOT-FOR-US: 2daybiz Web Template
CVE-2010-2508 (SQL injection vulnerability in user-profile.php in 2daybiz Video ...)
	NOT-FOR-US: 2daybiz Video
CVE-2010-2507 (Directory traversal vulnerability in the Picasa2Gallery ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2506 (Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys ...)
	NOT-FOR-US: Linksys
CVE-2010-2505 (Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows ...)
	NOT-FOR-US: Soft SaschArt SasCAM Webcam Server
CVE-2010-2504 (Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote ...)
	NOT-FOR-US: Splunk
CVE-2010-2503 (Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 ...)
	NOT-FOR-US: Splunk
CVE-2010-2502 (Multiple directory traversal vulnerabilities in Splunk 4.0 through ...)
	NOT-FOR-US: Splunk
CVE-2010-2501
	RESERVED
CVE-2010-2500 (Integer overflow in the gray_render_span function in smooth/ftgrays.c ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2499 (Buffer overflow in the Mac_Read_POST_Resource function in ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2498 (The psh_glyph_find_strong_points function in pshinter/pshalgo.c in ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2497 (Integer underflow in glyph handling in FreeType before 2.4.0 allows ...)
	{DSA-2070-1}
	- freetype 2.4.0-1
CVE-2010-2496
	RESERVED
CVE-2010-2493 (The default configuration of the deployment descriptor (aka web.xml) ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2492 (Buffer overflow in the ecryptfs_uid_hash macro in ...)
	{DSA-2110-1}
	- linux-2.6 2.6.32-19
CVE-2010-2491 (Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup ...)
	- roundup 1.4.13-3.1 (bug #590769)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=326395
	NOTE: http://roundup.svn.sourceforge.net/viewvc/roundup?view=revision&revision=4486
CVE-2010-2490 [murmur DoS via malformed client query]
	RESERVED
	- mumble 1.2.2-4 (bug #587713)
	[lenny] - mumble <no-dsa> (Minor issue)
	- qt4-x11 <not-affected> (low; bug #587713)
CVE-2010-2489 (Buffer overflow in Ruby 1.9.x before 1.9.1-p429 on Windows might allow ...)
	- ruby1.8 <not-affected> (Windows-specific)
	- ruby1.9.1 <not-affected> (Windows-specific)
CVE-2010-2488 [znc null pointer deref]
	RESERVED
	{DSA-2069-1}
	- znc 0.090-2 (bug #584929)
CVE-2010-2487 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.7.3 ...)
	{DSA-2083-1}
	- moin 1.9.3-1 (bug #584809)
CVE-2010-2486
	RESERVED
CVE-2010-2485
	RESERVED
CVE-2010-2484 (The strrchr function in PHP 5.2 before 5.2.14 allows context-dependent ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-2483 (The TIFFRGBAImageGet function in LibTIFF 3.9.0 allows remote attackers ...)
	- tiff 3.9.4-4 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2482 (LibTIFF 3.9.4 and earlier does not properly handle an invalid ...)
	{DSA-2552-1}
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2481 (The TIFFExtractData macro in LibTIFF before 3.9.4 does not properly ...)
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-2480 (Mako before 0.3.4 relies on the cgi.escape function in the Python ...)
	- mako 0.3.4-1 (low)
	[lenny] - mako <no-dsa> (Minor issue)
CVE-2010-2478 (Integer overflow in the ethtool_get_rxnfc function in ...)
	- linux-2.6 2.6.32-19
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=608950
	NOTE: http://thread.gmane.org/gmane.linux.network/164869
CVE-2010-2477 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- paste 1.7.4-1 (low)
	[lenny] - paste 1.7.1-1+lenny1
	NOTE: http://bitbucket.org/ianb/paste/changeset/fcae59df8b56
CVE-2010-2475
	RESERVED
CVE-2010-2474 (JBoss Enterprise Service Bus (ESB) before 4.7 CP02 in JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-2470 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through ...)
	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-2476 [syscp open_basedir bypassing]
	RESERVED
	- syscp <removed> (bug #587481)
CVE-2010-2469 (The Linear eMerge 50 and 5000 uses a default password of eMerge for ...)
	NOT-FOR-US: Linear eMerge
CVE-2010-2468 (The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2467 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2466 (The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2465 (The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge ...)
	NOT-FOR-US: S2 Security NetBox
CVE-2010-2464 (Multiple cross-site scripting (XSS) vulnerabilities in the RSComments ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-2463 (Cross-site scripting (XSS) vulnerability in forum.php in Jamroom ...)
	NOT-FOR-US: Jamroom
CVE-2010-2462 (SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP ...)
	NOT-FOR-US: Toma Cero OroHYIP
CVE-2010-2461 (SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 ...)
	NOT-FOR-US: JCE-Tech Overstock
CVE-2010-2460 (SQL injection vulnerability in merchant_product_list.php in JCE-Tech ...)
	NOT-FOR-US: JCE-Tech Shareasale Script
CVE-2010-2459 (SQL injection vulnerability in video.php in 2daybiz Video Community ...)
	NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2458 (Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video ...)
	NOT-FOR-US: 2daybiz Video Community Portal Script
CVE-2010-2457 (Cross-site scripting (XSS) vulnerability in index.php in K-Search ...)
	NOT-FOR-US: K-Search
CVE-2010-2456 (Multiple directory traversal vulnerabilities in index.php in Linker ...)
	NOT-FOR-US: Linker IMG
CVE-2010-2455 (Opera does not properly manage the address bar between the request to ...)
	NOT-FOR-US: Opera
CVE-2010-2454 (Apple Safari does not properly manage the address bar between the ...)
	- webkit <not-affected> (iceweasel/safari-specific issues)
	- chromium-browser <not-affected> (iceweasel/safari-specific issues)
	NOTE: i tested both firefox and safari poc's, and neither of them caused the
	NOTE: address bar to be spoofed in either webkit or chrome
	NOTE: this will be address in iceweasel in cve-2010-1206
CVE-2010-2453 (Multiple cross-site scripting (XSS) vulnerabilities in Synology Disk ...)
	NOT-FOR-US: Synology Disk Station
CVE-2009-4909 (admin/index.php in oBlog allows remote attackers to conduct ...)
	NOT-FOR-US: oBlog
CVE-2009-4908 (Multiple cross-site scripting (XSS) vulnerabilities in oBlog allow ...)
	NOT-FOR-US: oBlog
CVE-2009-4907 (Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog ...)
	NOT-FOR-US: oBlog
CVE-2009-4906 (Cross-site request forgery (CSRF) vulnerability in index.php in Acc ...)
	NOT-FOR-US: Acc PHP eMail
CVE-2009-4905 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Acc Statistics
CVE-2009-4904 (article.php in oBlog does not properly restrict comments, which allows ...)
	NOT-FOR-US: oBlog
CVE-2009-4903 (Cross-site scripting (XSS) vulnerability in index.php in oBlog allows ...)
	NOT-FOR-US: oBlog
CVE-2010-2452 (Directory traversal vulnerability in the DCC functionality in KVIrc ...)
	{DSA-2065-1}
	- kvirc 4:4.0.0~svn4340+rc3-1
CVE-2010-2451 (Multiple format string vulnerabilities in the DCC functionality in ...)
	{DSA-2065-1}
	- kvirc 4:4.0.0~svn4340+rc3-1
CVE-2010-2443 (The OJPEGReadBufferFill function in tif_ojpeg.c in LibTIFF before ...)
	- tiff 3.9.4-1 (unimportant)
	- tiff3 <not-affected> (fixed prior to initial upload)
	NOTE: Triggers a NULL pointer deref, crasher only
CVE-2010-2442 (Microsoft Internet Explorer, possibly 8, does not properly restrict ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-2441 (WebKit does not properly restrict focus changes, which allows remote ...)
	- webkit 1.2.1-3 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-2440 (Stack-based buffer overflow in st-wizard.exe in Subtitle Translation ...)
	NOT-FOR-US: Subtitle Translation Wizard
CVE-2010-2439 (Stack-based buffer overflow in MoreAmp allows remote attackers to ...)
	NOT-FOR-US: MoreAmp
CVE-2010-2438 (SQL injection vulnerability in G.CMS generator allows remote attackers ...)
	NOT-FOR-US: G.CMS
CVE-2010-2437 (Cross-site scripting (XSS) vulnerability in class/tools.class.php in ...)
	NOT-FOR-US: AneCMS BLog
CVE-2010-2436 (SQL injection vulnerability in modules/blog/index.php in AneCMS Blog ...)
	NOT-FOR-US: AneCMS Blog
CVE-2010-2435 (Weborf HTTP Server 0.12.1 and earlier allows remote attackers to cause ...)
	- weborf 0.12.2-1
CVE-2010-2434 (Buffer overflow in Arcext.dll 2.16.1 and earlier in pon software ...)
	NOT-FOR-US: Explzh
CVE-2010-2433 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-2432 (The cupsDoAuthentication function in auth.c in the client in CUPS ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-2431 (The cupsFileOpen function in CUPS before 1.4.4 allows local users, ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-2430
	RESERVED
CVE-2010-2429 (Cross-site scripting (XSS) vulnerability in Splunk 4.0 through 4.1.2, ...)
	NOT-FOR-US: Splunk
CVE-2010-2428 (Cross-site scripting (XSS) vulnerability in admin_loginok.html in the ...)
	NOT-FOR-US: Wing FTP Server
CVE-2010-2427 (VMware Studio 2.0 does not properly write to temporary files, which ...)
	NOT-FOR-US: VMware Studio
CVE-2010-2426 (Directory traversal vulnerability in TitanFTPd in South River ...)
	NOT-FOR-US: Titan FTP Server
CVE-2010-2425 (Directory traversal vulnerability in TitanFTPd in South River ...)
	NOT-FOR-US: Titan FTP Server
CVE-2010-2424
	RESERVED
CVE-2010-2423
	RESERVED
CVE-2010-2422 (Cross-site scripting (XSS) vulnerability in PortalTransforms in Plone ...)
	- plone3 <removed>
CVE-2010-2421 (Multiple unspecified vulnerabilities in Opera before 10.54 have ...)
	NOT-FOR-US: Opera
CVE-2010-2420 (Multiple unspecified vulnerabilities in Fenrir Inc. ActiveGeckoBrowser ...)
	NOT-FOR-US: Sleipnir
CVE-2008-7258 (** DISPUTED ** ...)
	- ssmtp <unfixed> (unimportant; bug #591515)
CVE-2008-7257 (CRLF injection vulnerability in +webvpn+/index.html in WebVPN on Cisco ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2010-2479 (Cross-site scripting (XSS) vulnerability in HTML Purifier before ...)
	{DSA-2067-1}
	- php-htmlpurifier 4.1.1+dfsg1-1
	- mahara 1.2.5-1
	- moodle 1.9.9.dfsg2-1 (low; bug #593301)
	[lenny] - moodle <not-affected> (doesn't ship/use htmlpurifier)
	- knowledgeroot 0.9.9.5-5
	[lenny] - knowledgeroot <no-dsa> (low)
CVE-2010-2419 (Unspecified vulnerability in the Java Virtual Machine component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2418 (Unspecified vulnerability in the Oracle Territory Management component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2417 (Unspecified vulnerability in the Agile PLM component in Oracle Supply ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2416 (Unspecified vulnerability in the Oracle E-Business Intelligence ...)
	NOT-FOR-US: Oracle E-Business Intelligence
CVE-2010-2415 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2414 (Unspecified vulnerability in the (1) Sun Convergence 1 and (2) Sun ...)
	NOT-FOR-US: Oracle Sun Products Suite
CVE-2010-2413 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2412 (Unspecified vulnerability in the OLAP component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2411 (Unspecified vulnerability in the Job Queue component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2410 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2409 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2408 (Unspecified vulnerability in the Oracle iRecruitment component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2407 (Unspecified vulnerability in the XDK component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2406 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-2405 (Unspecified vulnerability in the Siebel Core - Highly Interactive ...)
	NOT-FOR-US: Oracle Siebel Suite
CVE-2010-2404 (Unspecified vulnerability in the Oracle iRecruitment component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2403 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2402 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2401 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2400 (Unspecified vulnerability in Oracle Solaris 9 and 10, and OpenSolaris, ...)
	NOT-FOR-US: Solaris
CVE-2010-2399 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Solaris
CVE-2010-2398 (Unspecified vulnerability in the PeopleSoft Enterprise HCM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2397 (Unspecified vulnerability in Oracle Sun Java System Application Server ...)
	NOT-FOR-US: Oracle Sun Java System Application Serve
CVE-2010-2396 (Unspecified vulnerability in the Forms component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2395 (Unspecified vulnerability in the Cabo/UIX component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2394 (Unspecified vulnerability in Oracle Solaris 10 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2010-2393 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Solaris
CVE-2010-2392 (Unspecified vulnerability in Oracle Solaris 10 and OpenSolaris allows ...)
	NOT-FOR-US: Solaris
CVE-2010-2391 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2390 (Unspecified vulnerability in the Database Control component in EM ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2389 (Unspecified vulnerability in the Perl component in Oracle Database ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-2388 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-2387 (vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x ...)
	- gdm 2.20.11-1
CVE-2010-2386 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...)
	NOT-FOR-US: Solaris
CVE-2010-2385 (Unspecified vulnerability in Oracle Sun Java System Web Proxy Server ...)
	NOT-FOR-US: Oracle Sun Java System Web Proxy Server
CVE-2010-2384 (Unspecified vulnerability in Oracle Solaris 9 and 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-2383 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and ...)
	NOT-FOR-US: Solaris
CVE-2010-2382 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-2381 (Unspecified vulnerability in the Application Server Control component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2380 (Unspecified vulnerability in the PeopleSoft Enterprise FSCM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2379 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - Time &amp; ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2378 (Unspecified vulnerability in the PeopleSoft Enterprise CRM component ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2377 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: PeopleSoft
CVE-2010-2376 (Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-2375 (Package/Privilege: Plugins for Apache, Sun and IIS web servers ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2374 (Unspecified vulnerability in Solaris Studio 12 update 1 allows local ...)
	NOT-FOR-US: Solaris
CVE-2010-2373 (Unspecified vulnerability in the Console component in Oracle ...)
	NOT-FOR-US: Oracle Enterprise Manager Grid Control
CVE-2010-2372 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2371 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle Supply Chain Products Suite
CVE-2010-2370 (Unspecified vulnerability in the Oracle Business Process Management ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-2369 (Untrusted search path vulnerability in Lhasa 0.19 and earlier allows ...)
	NOT-FOR-US: Lhasa
CVE-2010-2368 (Untrusted search path vulnerability in Lhaplus before 1.58 allows ...)
	NOT-FOR-US: Lhaplus
CVE-2010-2367 (Cross-site scripting (XSS) vulnerability in search.cgi in AD-EDIT2 ...)
	NOT-FOR-US: AD-EDIT2
CVE-2010-2366 (Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access ...)
	NOT-FOR-US: CGI Cafe Access Analyzer
CVE-2010-2365 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 ...)
	NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2364 (Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before ...)
	NOT-FOR-US: Free CGI Moo moobbs2
CVE-2010-2363 (The IPv6 Unicast Reverse Path Forwarding (RPF) implementation on the ...)
	NOT-FOR-US: SEIL/X1, SEIL/X2, and SEIL/B1 routers
CVE-2010-2362 (Winny 2.0b7.1 and earlier does not properly process node information, ...)
	NOT-FOR-US: Winny
CVE-2010-2361 (Winny 2.0b7.1 and earlier does not properly process BBS information, ...)
	NOT-FOR-US: Winny
CVE-2010-2360 (Multiple buffer overflows in Winny 2.0b7.1 and earlier might allow ...)
	NOT-FOR-US: Winny
CVE-2010-2359 (SQL injection vulnerability in eWebQuiz.asp in ActiveWebSoftwares.com ...)
	NOT-FOR-US: eWebquiz
CVE-2010-2358 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nakid CMS
CVE-2010-2357 (SQL injection vulnerability in index.php in Eicra Realestate Script ...)
	NOT-FOR-US: Eicra Realestate Script
CVE-2010-2356 (Cross-site scripting (XSS) vulnerability in subscribe.php in Pilot ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2355 (Cross-site scripting (XSS) vulnerability in error.php in Pilot Group ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2354 (SQL injection vulnerability in subscribe.php in Pilot Group (PG) eLMS ...)
	NOT-FOR-US: Pilot Group eLMS Pro
CVE-2010-2353 (The Node Reference module in Content Construction Kit (CCK) module 6.x ...)
	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2352 (The Node Reference module in Content Construction Kit (CCK) module 5.x ...)
	- drupal6-mod-cck <not-affected> (Fixed before initial upload)
CVE-2010-2351 (Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 ...)
	NOT-FOR-US: Novell Netware
CVE-2010-2350 (Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows ...)
	- ziproxy 3.1.1-1 (bug #587039)
	[lenny] - ziproxy <not-affected> (Introduced in 3.1.0)
CVE-2010-2349 (H264WebCam 3.7 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: H264WebCam
CVE-2010-2348 (Stack-based buffer overflow in Batch Audio Converter Lite Edition ...)
	NOT-FOR-US: Batch Audio Converter
CVE-2010-2347 (The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 ...)
	NOT-FOR-US: SAP J2EE Telnet Interface
CVE-2010-2346
	RESERVED
CVE-2010-2345 (Cross-site request forgery (CSRF) vulnerability in odCMS 1.06, and ...)
	NOT-FOR-US: odCMS
CVE-2010-2344 (Multiple cross-site scripting (XSS) vulnerabilities in odCMS 1.06, and ...)
	NOT-FOR-US: odCMS
CVE-2010-2343 (Stack-based buffer overflow in D.R. Software Audio Converter 8.1, ...)
	NOT-FOR-US: D.R. Software Audio Converter
CVE-2010-2342 (SQL injection vulnerability in onlinenotebookmanager.asp in DMXReady ...)
	NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2010-2341 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: EZPX Photoblog
CVE-2010-2340 (SQL injection vulnerability in members.php in Arab Portal 2.2, when ...)
	NOT-FOR-US: Arab Portal
CVE-2010-2339 (SQL injection vulnerability in admin/pages.php in Subdreamer CMS 3.x.x ...)
	NOT-FOR-US: Subdreamer CMS
CVE-2010-2338 (Multiple SQL injection vulnerabilities in redir.asp in VU Web Visitor ...)
	NOT-FOR-US: VU Web Visitor Analyst
CVE-2010-2337 (Open redirect vulnerability in RSA Federated Identity Manager 4.0 ...)
	NOT-FOR-US: RSA Federated Identity Manager
CVE-2010-2336 (index.php in Yamamah Photo Gallery 1.00 allows remote attackers to ...)
	NOT-FOR-US: Yamamah Photo Gallery
CVE-2010-2335 (SQL injection vulnerability in index.php in Yamamah Photo Gallery ...)
	NOT-FOR-US: Yamamah Photo Gallery
CVE-2010-2334 (Directory traversal vulnerability in themes/default/download.php in ...)
	NOT-FOR-US: Yamamah Phote Gallery
CVE-2010-2333 (LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows ...)
	NOT-FOR-US: LiteSpeed Web Server
CVE-2010-2332 (Impact Financials, Inc. Impact PDF Reader 2.0, 1.2, and other versions ...)
	NOT-FOR-US: Impact PDF Reader
CVE-2010-2331 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...)
	NOT-FOR-US: iSharer File Sharing Wizard
CVE-2010-2330 (Stack-based buffer overflow in iSharer File Sharing Wizard 1.5.0 ...)
	NOT-FOR-US: iSharer File Sharing Wizard
CVE-2010-2329 (Buffer overflow in Rosoft Audio Converter 4.4.4 allows remote ...)
	NOT-FOR-US: Rosoft Audio Converter
CVE-2010-2328 (The HTTP Channel in IBM WebSphere Application Server (WAS) 7.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2327 (mod_ibm_ssl in IBM HTTP Server 6.0 before 6.0.2.43, 6.1 before ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2010-2326 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11, when ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2325 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2324 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2323 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.11 on z/OS ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-2322 (Absolute path traversal vulnerability in the extract_jar function in ...)
	- fastjar 2:0.98-3 (low)
	[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-2321 (Buffer overflow in Adobe InDesign CS3 10.0 allows user-assisted remote ...)
	NOT-FOR-US: Adobe InDesign
CVE-2009-4902 (Buffer overflow in the MSGFunctionDemarshall function in ...)
	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
	NOTE: of the weird CVE assignments on this one
CVE-2009-4901 (The MSGFunctionDemarshall function in winscard_svc.c in the PC/SC ...)
	- pcsc-lite <not-affected> (Covered by initial CVE-2010-0407 fix)
	NOTE: See https://bugzilla.redhat.com/show_bug.cgi?id=596426#c20 for an explanation
	NOTE: of the weird CVE assignments on this one
CVE-2010-2320 (bozotic HTTP server (aka bozohttpd) before 20100621 allows remote ...)
	- bozohttpd 20100621-1 (low; bug #590298)
	[lenny] - bozohttpd <no-dsa> (Minor information leak)
CVE-2010-2319 (SQL injection vulnerability in index.php in IDevSpot TextAds 2.08 ...)
	NOT-FOR-US: IDevSpot TextAds
CVE-2010-2318 (Cross-site scripting (XSS) vulnerability in cms_data.php in ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-2317 (Multiple SQL injection vulnerabilities in WmsCms 2.0 and earlier allow ...)
	NOT-FOR-US: WmsCms
CVE-2010-2316 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: WmsCms
CVE-2010-2315 (PHP remote file inclusion vulnerability in picturelib.php in ...)
	NOT-FOR-US: SmartISoft phpBazar
CVE-2010-2314 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NP_Twitter Plugin
CVE-2010-2313 (Directory traversal vulnerability in index.php in Anodyne Productions ...)
	NOT-FOR-US: SIMM Management System
CVE-2010-2312 (SQL injection vulnerability in index.php in HauntmAx Haunted House ...)
	NOT-FOR-US: HauntmAx Haunted House Directory Listing CMS
CVE-2010-2311 (Stack-based buffer overflow in Power Tab Editor 1.7 build 80 allows ...)
	NOT-FOR-US: Power Tab Editor
CVE-2010-2310 (SolarWinds TFTP Server 10.4.0.13 allows remote attackers to cause a ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2309 (Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and ...)
	NOT-FOR-US: EvoLogical EvoCam
CVE-2010-2308 (Unspecified vulnerability in the filter driver (savonaccessfilter.sys) ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2010-2307 (Multiple directory traversal vulnerabilities in the web server for ...)
	NOT-FOR-US: Motorola firmware
CVE-2010-2306 (The default installation of Sourcefire 3D Sensor 1000, 2000, and 9900; ...)
	NOT-FOR-US: Sourcefire 3D Sensor
CVE-2010-2305 (Buffer overflow in an ActiveX control in SSHelper.dll for Symantec ...)
	NOT-FOR-US: Symantec Sygate Personal Firewall
CVE-2010-2304
	REJECTED
CVE-2010-2303
	REJECTED
CVE-2010-2302 (Use-after-free vulnerability in WebCore in WebKit in Google Chrome ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59876
	NOTE: duplicate of cve-2010-1771
CVE-2010-2301 (Cross-site scripting (XSS) vulnerability in editing/markup.cpp in ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59241
	NOTE: http://trac.webkit.org/changeset/59242
	NOTE: duplicate of cve-2010-1762
CVE-2010-2300 (Use-after-free vulnerability in the Element::normalizeAttributes ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: http://trac.webkit.org/changeset/59109
	NOTE: duplicate of cve-2010-1759
CVE-2010-2299 (The Clipboard::DispatchObject function in app/clipboard/clipboard.cc ...)
	- webkit <not-affected> (chromium-specific)
	- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2298 (browser/renderer_host/database_dispatcher_host.cc in Google Chrome ...)
	- webkit <not-affected> (chromium-specific)
	- chromium-browser 5.0.375.70~r48679-1
CVE-2010-2297 (rendering/FixedTableLayout.cpp in WebCore in WebKit in Google Chrome ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-2296 (The implementation of unspecified DOM methods in Google Chrome before ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
	NOTE: http://trac.webkit.org/changeset/57627
	NOTE: http://trac.webkit.org/changeset/57658
	NOTE: http://trac.webkit.org/changeset/57658
	NOTE: http://trac.webkit.org/changeset/59769
	NOTE: http://src.chromium.org/viewvc/chrome?view=rev&revision=48159
CVE-2010-2295 (page/EventHandler.cpp in WebCore in WebKit in Google Chrome before ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2009-4900 [pixelpost XSS]
	RESERVED
	- pixelpost <removed> (bug #597224)
	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4899 [pixelpost SQL injection]
	RESERVED
	- pixelpost <removed> (bug #597224)
	NOTE: http://www.pixelpost.org/blog/2009/09/02/pixelpost-173-security-update/
CVE-2009-4898 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.2 ...)
	NOT-FOR-US: TWiki
CVE-2009-4897 (Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier ...)
	{DSA-2093-1}
	- ghostscript 8.70~dfsg-1
CVE-2009-4896 (Multiple directory traversal vulnerabilities in the mlmmj-php-admin ...)
	{DSA-2073-1}
	- mlmmj 1.2.17-1.1 (bug #588038)
CVE-2010-2294 (Cross-site request forgery (CSRF) vulnerability in Plume CMS 1.2.4 and ...)
	NOT-FOR-US: Plume CMS
CVE-2010-2293 (The Ping tools web interface in Dlink Di-604 router allows remote ...)
	NOT-FOR-US: Dlink Di-604
CVE-2010-2292 (Cross-site scripting (XSS) vulnerability in the Ping tools web ...)
	NOT-FOR-US: Dlink Di-604 Router
CVE-2010-2291 (Unspecified vulnerability in the web interface in snom VoIP Phone ...)
	NOT-FOR-US: snom VoIP Phone
CVE-2010-2290 (Cross-site scripting (XSS) vulnerability in cgi-bin/cgix/help in ...)
	NOT-FOR-US: McAfee
CVE-2010-2289 (Open redirect vulnerability in dana/home/homepage.cgi in Juniper ...)
	NOT-FOR-US: Juniper Networks
CVE-2010-2288 (Cross-site scripting (XSS) vulnerability in dana/nc/ncrun.cgi in ...)
	NOT-FOR-US: Juniper Networks
CVE-2010-2282 (Cross-site request forgery (CSRF) vulnerability in TomatoCMS 2.0.6 ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-2281 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-2280 (Open redirect vulnerability in the Mobile component in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2279 (The Top Updates implementation in the Homepage component in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2278 (The bookmarklet pop-up in the Bookmarks component in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2277 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2010-2276 (The default configuration of the build process in Dojo 0.4.x before ...)
	- dojo <not-affected> (Doesn't affect the Debian packaging)
CVE-2010-2275 (Cross-site scripting (XSS) vulnerability in dijit/tests/_testCommon.js ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2274 (Multiple open redirect vulnerabilities in Dojo 1.0.x before 1.0.3, ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2273 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 1.0.x ...)
	- dojo 1.4.2+dfsg-1
CVE-2010-2272 (Unspecified vulnerability in iframe_history.html in Dojo 0.4.x before ...)
	- dojo <not-affected> (only affects 0.4 branch)
CVE-2010-2271 (Format string vulnerability in authcfg.cgi in Accoria Web Server (aka ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2270 (Accoria Web Server (aka Rock Web Server) 1.4.7 uses a predictable ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2269 (Directory traversal vulnerability in loadstatic.cgi in Accoria Web ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2268 (Cross-site request forgery (CSRF) vulnerability in authcfg.cgi in ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2267 (Multiple cross-site scripting (XSS) vulnerabilities in Accoria Web ...)
	NOT-FOR-US: Accoria Web Server
CVE-2010-2266 (nginx 0.8.36 allows remote attackers to cause a denial of service ...)
	- nginx <not-affected> (Confirmed Windows only, see bug #590768)
CVE-2009-4895 (Race condition in the tty_fasync function in drivers/char/tty_io.c in ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-9
CVE-2009-4894 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: PunBB
CVE-2009-4893 (Buffer overflow in UnrealIRCd 3.2beta11 through 3.2.8, when ...)
	- unrealircd <itp> (bug #515130)
CVE-2010-2265 (Cross-site scripting (XSS) vulnerability in the GetServerName function ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-2264 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
	- chromium-browser 6.0.466.0~r52279-1
	NOTE: This is a large series of risky behaviour-changing changesets.
	NOTE: upstream changelog says this is fixed in 1.2.3, but i'm doubtful of that
CVE-2010-2263 (nginx 0.8 before 0.8.40 and 0.7 before 0.7.66, when running on ...)
	- nginx <not-affected> (Windows-specific vulnerability when running on NTFS)
CVE-2009-4892 (SQL injection vulnerability in Content Management System WEBjump! ...)
	NOT-FOR-US: Content Management System WEBjump!
CVE-2009-4891 (SQL injection vulnerability in index.php in CS-Cart 2.0.0 Beta 3 ...)
	NOT-FOR-US: CS-Cart
CVE-2009-4890 (Multiple cross-site scripting (XSS) vulnerabilities in the login ...)
	NOT-FOR-US: vBook
CVE-2009-4889 (SQL injection vulnerability in books.php in the Book Panel ...)
	NOT-FOR-US: book_panel module for php-fusion
CVE-2009-4888 (Cross-site scripting (XSS) vulnerability in poster.php in PHortail ...)
	NOT-FOR-US: PHortail
CVE-2009-4887 (PHP remote file inclusion vulnerability in index.php in CMS S.Builder ...)
	NOT-FOR-US: CMS S.Builder
CVE-2009-4886 (Multiple directory traversal vulnerabilities in phpCommunity 2 2.1.8 ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4885 (Cross-site scripting (XSS) vulnerability in templates/1/login.php in ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4884 (Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when ...)
	NOT-FOR-US: phpCommunity
CVE-2009-4883 (SQL injection vulnerability in index.php in PHPRecipeBook 2.24 and ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2010-2283 (The SMB dissector in Wireshark 0.99.6 through 1.0.13, and 1.2.0 ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2285 (The SMB PIPE dissector in Wireshark 0.8.20 through 1.0.13 and 1.2.0 ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2284 (Buffer overflow in the ASN.1 BER dissector in Wireshark 0.10.13 ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2287 (Buffer overflow in the SigComp Universal Decompressor Virtual Machine ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2286 (The SigComp Universal Decompressor Virtual Machine dissector in ...)
	{DSA-2066-1}
	- wireshark 1.2.9-1
CVE-2010-2262 (Galileo Students Team Weborf before 0.12.1 allows remote attackers to ...)
	- weborf 0.12.1-1
CVE-2010-2261 (Linksys WAP54Gv3 firmware 3.04.03 and earlier allows remote attackers ...)
	NOT-FOR-US: Linksys WAP54Gv3
CVE-2010-2260 (Multiple cross-site scripting (XSS) vulnerabilities in Gambit Design ...)
	NOT-FOR-US: Gabmbit Design Bandwidth Meter
CVE-2010-2259 (Directory traversal vulnerability in the BF Survey (com_bfsurvey) ...)
	NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2258 (Cross-site scripting (XSS) vulnerability in signupconfirm.php in ...)
	NOT-FOR-US: phpBannerExchange
CVE-2010-2257 (SQL injection vulnerability in index_ie.php in Pay Per Minute Video ...)
	NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2256 (Multiple cross-site scripting (XSS) vulnerabilities in Pay Per Minute ...)
	NOT-FOR-US: Pay Per Minute Video Chat Script
CVE-2010-2255 (SQL injection vulnerability in the BF Survey Pro (com_bfsurvey_pro) ...)
	NOT-FOR-US: com_bfsurvey component for joomla!
CVE-2010-2254 (SQL injection vulnerability in the Shape5 Bridge of Hope template for ...)
	NOT-FOR-US: joomla!
CVE-2010-2253 (lwp-download in libwww-perl before 5.835 does not reject downloads to ...)
	- libwww-perl 5.835-1 (low)
	[lenny] - libwww-perl 5.813-1+lenny2
CVE-2010-2252 (GNU Wget 1.12 and earlier uses a server-provided filename instead of ...)
	{DSA-2088-1}
	- wget 1.12-2.1 (low; bug #590296)
CVE-2010-2251 (The get1 command, as used by lftpget, in LFTP before 4.0.6 does not ...)
	{DSA-2085-1}
	- lftp 4.0.6-1 (low)
	[lenny] - lftp <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2010-001.html
CVE-2010-2249 (Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before ...)
	{DSA-2072-1}
	- libpng 1.2.44-1 (low; bug #587670)
	- tuxonice-userui 1.0-1 (unimportant)
	NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-2248 (fs/cifs/cifssmb.c in the CIFS implementation in the Linux kernel ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-12 (low)
CVE-2010-2247 [makepasswd: insecure passwords generated with default settings]
	RESERVED
	- makepasswd 1.10-5 (low; bug #564559)
	[lenny] - makepasswd 1.10-3+lenny1
CVE-2010-2246 (feh before 1.8, when the --wget-timestamp option is enabled, might ...)
	- feh 1.8-1 (low; bug #587205)
	[lenny] - feh <no-dsa> (Minor issue)
CVE-2010-2245 (XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and ...)
	NOT-FOR-US: Apache Wink
CVE-2010-2244 (The AvahiDnsPacket function in avahi-core/socket.c in avahi-daemon in ...)
	{DSA-2086-1}
	- avahi 0.6.26-1
CVE-2010-2243 [timekeeping oops]
	RESERVED
	- linux-2.6 2.6.32-11
	[lenny] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2010-2242 (Red Hat libvirt 0.2.0 through 0.8.2 creates iptables rules with ...)
	- libvirt 0.8.3-1 (low)
	[lenny] - libvirt 0.4.6-10+lenny1
CVE-2010-2241 (The (1) setup-ds.pl and (2) setup-ds-admin.pl setup scripts for Red ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-2240 (The do_anonymous_page function in mm/memory.c in the Linux kernel ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-21
CVE-2010-2239 (Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images ...)
	- libvirt 0.8.3-1 (low)
	[lenny] - libvirt <not-affected> (only affects >= 0.6.0)
CVE-2010-2238 (Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into ...)
	- libvirt 0.8.3-1
	[lenny] - libvirt <not-affected> (only affects >= 0.7.2)
CVE-2010-2237 (Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing ...)
	- libvirt 0.8.3-1
	[lenny] - libvirt <not-affected> (only affects >= 0.6.1)
CVE-2010-2236 (The monitoring probe display in spacewalk-java before 2.1.148-1 and ...)
	NOT-FOR-US: Red Hat Satellite
CVE-2010-2235 (template_api.py in Cobbler before 2.0.7, as used in Red Hat Network ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2010-2233 (tif_getimage.c in LibTIFF 3.9.0 and 3.9.2 on 64-bit platforms, as used ...)
	- tiff 3.9.4-2
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
CVE-2010-2232 (In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://issues.apache.org/jira/browse/DERBY-2925
CVE-2010-2231 (Cross-site request forgery (CSRF) vulnerability in ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2230 (The KSES text cleaning filter in lib/weblib.php in Moodle before ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
	- wordpress 3.0.4+dfsg-1
	[lenny] - wordpress <not-affected> (2.x version is not affected)
	- egroupware <not-affected> (Only forks a minor subset of KSES)
CVE-2010-2229 (Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2228 (Cross-site scripting (XSS) vulnerability in the MNET access-control ...)
	{DSA-2115-1}
	- moodle 1.9.9-1 (bug #586280)
CVE-2010-2227 (Apache Tomcat 5.5.0 through 5.5.29, 6.0.0 through 6.0.27, and 7.0.0 ...)
	{DSA-2207-1}
	- tomcat5.5 <removed>
	- tomcat6 6.0.28-1 (bug #588813)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2010-2226 (The xfs_swapext function in fs/xfs/xfs_dfrag.c in the Linux kernel ...)
	{DSA-2094-1}
	- linux-2.6 2.6.32-19
CVE-2010-2225 (Use-after-free vulnerability in the SplObjectStorage unserializer in ...)
	{DSA-2089-1}
	- php5 5.3.3-1
CVE-2010-2224 (The snapshot merging functionality in Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Manager (RHEV-M)
CVE-2010-2223 (Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Enterprise Virtualization Hypervisor (RHEV-H)
CVE-2010-2222
	RESERVED
	NOT-FOR-US: Red Hat Directory Server
CVE-2010-2221 (Multiple buffer overflows in the iSNS implementation in isns.c in (1) ...)
	- iscsitarget 1.4.20.1-1
CVE-2010-2220 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2219 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2218 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2217 (Adobe Flash Media Server (FMS) before 3.0.6, and 3.5.x before 3.5.4, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2010-2216 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2215 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2214 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2213 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2211 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2210 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2209 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2208 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2207 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2204 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2203 (Adobe Reader and Acrobat 9.x before 9.3.3 on UNIX allow attackers to ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2200
	RESERVED
CVE-2010-2199 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...)
	- rpm <unfixed> (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2198 (lib/fsm.c in RPM 4.8.0 and earlier does not properly reset the ...)
	- rpm <unfixed> (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2197 (rpmbuild in RPM 4.8.0 and earlier does not properly parse the syntax ...)
	- rpm 4.8.1-1 (low; bug #584257)
	[lenny] - rpm <no-dsa> (Minor issue)
CVE-2005-4889 (lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of ...)
	- rpm 4.7.0-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2004-2768 (dpkg 1.9.21 does not properly reset the metadata of a file during ...)
	- dpkg 1.10.19 (bug #225692)
CVE-2010-2196
	RESERVED
CVE-2010-2195 (bozotic HTTP server (aka bozohttpd) 20090522 through 20100512 allows ...)
	- bozohttpd 20100621-1 (low; bug #590298)
	[lenny] - bozohttpd <not-affected> (Only affects 20090522 to 20100512)
CVE-2010-2194
	RESERVED
CVE-2010-2193 (Multiple unspecified vulnerabilities in the CA (1) PSFormX and (2) ...)
	NOT-FOR-US: CA Global Advisor
CVE-2010-2192 (The make_lockdir_name function in policy.c in pmount 0.9.18 allow ...)
	{DSA-2063-1}
	- pmount 0.9.23-1
CVE-2010-2191 (The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; ...)
	- php5 5.3.3-1 (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2190 (The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2189 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2188 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2187 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2186 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2185 (Buffer overflow in Adobe Flash Player before 9.0.277.0 and 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2184 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2183 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2182 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2181 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2180 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2179 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2178 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2177 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2176 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2175 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2174 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2173 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2172 (Adobe Flash Player 9 before 9.0.277.0 on unspecified UNIX platforms ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2171 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2170 (Integer overflow in Adobe Flash Player before 9.0.277.0 and 10.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2169 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-2167 (Multiple heap-based buffer overflows in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2166 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2165 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2164 (Use-after-free vulnerability in Adobe Flash Player before 9.0.277.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2163 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2162 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2161 (Array index error in Adobe Flash Player before 9.0.277.0 and 10.x ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2160 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-2159 (Dameng DM Database Server allows remote authenticated users to cause a ...)
	NOT-FOR-US: Dameng DM Database
CVE-2010-2158 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...)
	NOT-FOR-US: Storm module for Drupal
CVE-2010-2157 (Unspecified vulnerability in CA ARCserve Backup r11.5 SP4, r12.0 SP2, ...)
	NOT-FOR-US: CA ARCserve
CVE-2010-2156 (ISC DHCP 4.1 before 4.1.1-P1 and 4.0 before 4.0.2-P1 allows remote ...)
	- isc-dhcp 4.1.1-P1-1
	- dhcp3 <not-affected> (Only affects DHCP 4.x)
	- dhcp <not-affected> (Only affects DHCP 4.x)
	NOTE: http://www.isc.org/software/dhcp/advisories/cve-2010-2156
CVE-2010-2155 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-2056-1}
	- zonecheck 2.1.1-1 (bug #583290)
CVE-2010-2154 (Cross-site scripting (XSS) vulnerability in the Search Site in CMScout ...)
	NOT-FOR-US: CMScout
CVE-2010-2153 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: TCExam
CVE-2010-2152 (Unspecified vulnerability in JustSystems Ichitaro 2004 through 2009, ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2010-2151 (Cross-site request forgery (CSRF) vulnerability in Fujitsu e-Pares V01 ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2150 (Cross-site scripting (XSS) vulnerability Fujitsu e-Pares V01 L01 ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2149 (Session fixation vulnerability in Fujitsu e-Pares V01 L01, L03, L10, ...)
	NOT-FOR-US: Fujitsu e-Pares
CVE-2010-2148 (SQL injection vulnerability in the My Car (com_mycar) component 1.0 ...)
	NOT-FOR-US: My Car for Joomla
CVE-2010-2147 (Cross-site scripting (XSS) vulnerability in the My Car (com_mycar) ...)
	NOT-FOR-US: My Car for Joomla
CVE-2010-2146 (PHP remote file inclusion vulnerability in banned.php in Visitor ...)
	NOT-FOR-US: Visitor Logger
CVE-2010-2145 (Multiple PHP remote file inclusion vulnerabilities in ClearSite Beta ...)
	NOT-FOR-US: ClearSite
CVE-2010-2144 (Cross-site scripting (XSS) vulnerability in signinform.php in Zeeways ...)
	NOT-FOR-US: Zeeways eBay Clone auction script
CVE-2010-2143 (Directory traversal vulnerability in index.php in Symphony CMS 2.0.7 ...)
	NOT-FOR-US: Symphony CMS
CVE-2010-2142 (SQL injection vulnerability in default.asp in Cyberhost allows remote ...)
	NOT-FOR-US: Cyberhost
CVE-2010-2141 (SQL injection vulnerability in index.php in NITRO Web Gallery allows ...)
	NOT-FOR-US: NITRO Web Gallery
CVE-2010-2140 (SQL injection vulnerability in itemdetail.php in Multishop CMS allows ...)
	NOT-FOR-US: Multishop CMS
CVE-2010-2139 (SQL injection vulnerability in pages.php in Multishop CMS allows ...)
	NOT-FOR-US: Multishop CMS
CVE-2010-2138 (Multiple directory traversal vulnerabilities in ProMan 0.1.1 and ...)
	NOT-FOR-US: ProMan
CVE-2010-2137 (PHP remote file inclusion vulnerability in _center.php in ProMan 0.1.1 ...)
	NOT-FOR-US: ProMan
CVE-2010-2136 (Directory traversal vulnerability in admin/index.php in Article ...)
	NOT-FOR-US: Article Friendly
CVE-2010-2135 (Multiple SQL injection vulnerabilities in login.php in HazelPress Lite ...)
	NOT-FOR-US: HazelPress Lite
CVE-2010-2134 (Multiple SQL injection vulnerabilities in login.php in Project Man 1.0 ...)
	NOT-FOR-US: Project Man
CVE-2010-2133 (SQL injection vulnerability in contact.php in My Little Forum allows ...)
	NOT-FOR-US: My Little Forum
CVE-2010-2132 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
	NOT-FOR-US: Open Education System
CVE-2010-2131 (SQL injection vulnerability in the Calendar Base (cal) extension ...)
	NOT-FOR-US: Typo3 extenson Calendar Base
CVE-2010-2130 (Cross-site scripting (XSS) vulnerability in wflogin.jsp in Aris Global ...)
	NOT-FOR-US: Aris Global ARISg
CVE-2009-4882 (Cross-site scripting (XSS) vulnerability in zc/publisher/html.rb in ...)
	{DSA-2056-1}
	- zonecheck 2.1.1-1 (bug #583290)
CVE-2008-7256 (mm/shmem.c in the Linux kernel before 2.6.28-rc8, when strict ...)
	- linux-2.6 2.6.28-1 (low)
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-2129 (Directory traversal vulnerability in the JE Ajax Event Calendar ...)
	NOT-FOR-US: JE Ajax Event Calenda
CVE-2010-2128 (Directory traversal vulnerability in the JE Quotation Form ...)
	NOT-FOR-US: JE Quotation Form for Joomla
CVE-2010-2127 (PHP remote file inclusion vulnerability in gallery.php in JV2 Folder ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2010-2126 (Multiple PHP remote file inclusion vulnerabilities in Snipe Gallery ...)
	NOT-FOR-US: Snipe Gallery
CVE-2010-2125 (Multiple cross-site scripting (XSS) vulnerabilities in the Rotor ...)
	NOT-FOR-US: Rotor Banner module for Drupal
CVE-2010-2124 (SQL injection vulnerability in firma.php in Bartels Schone ConPresso ...)
	NOT-FOR-US: Bartels Schone ConPresso
CVE-2010-2123 (Multiple cross-site scripting (XSS) vulnerabilities in the Storm ...)
	NOT-FOR-US: Storm module for Drupal
CVE-2010-2122 (Directory traversal vulnerability in the SimpleDownload ...)
	NOT-FOR-US: SimpleDownload for Joomla
CVE-2010-2121 (Opera 9.52 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2010-2120 (Google Chrome 1.0.154.48 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2010-2119 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
	NOT-FOR-US: MS IE
CVE-2010-2118 (Microsoft Internet Explorer 6.0.2900.2180 and 8.0.7600.16385 allows ...)
	NOT-FOR-US: MS IE
CVE-2010-2117 (Mozilla Firefox 3.0.19, 3.5.x, and 3.6.x allows remote attackers to ...)
	- xulrunner <unfixed> (unimportant)
CVE-2009-4881 (Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in ...)
	{DSA-2058-1}
	- eglibc 2.10.1-1 (unimportant)
	- glibc 2.11.1-1 (unimportant)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=153aa31b93be22e01b236375fb02a9f9b9a0195f
CVE-2009-4880 (Multiple integer overflows in the strfmon implementation in the GNU C ...)
	{DSA-2058-1}
	- eglibc 2.11.1-1 (unimportant)
	- glibc 2.11.1-1 (unimportant)
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=199eb0de8d673fb23aa127721054b4f1803d61f3
CVE-2010-2116 (The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 ...)
	NOT-FOR-US: McAfee Email Gateway
CVE-2010-2115 (SolarWinds TFTP Server 10.4.0.10 allows remote attackers to cause a ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2010-2114 (Cross-site request forgery (CSRF) vulnerability in pbx/gate in Brekeke ...)
	NOT-FOR-US: Brekeke PBX
CVE-2010-2113 (Multiple cross-site request forgery (CSRF) vulnerabilities in The ...)
	NOT-FOR-US: The Uniform Server
CVE-2010-2112 (Directory traversal vulnerability in the FTP service in FileCOPA ...)
	NOT-FOR-US: FileCOPA
CVE-2010-2111 (Cross-site request forgery (CSRF) vulnerability in user/user-set.do in ...)
	NOT-FOR-US: Pacific Timesheet
CVE-2010-2110 (Google Chrome before 5.0.375.55 does not properly execute JavaScript ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (issue in chrome's libv8 bindings)
	NOTE: http://trac.webkit.org/changeset/58229
CVE-2010-2109 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58441
CVE-2010-2108 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-2107 (Unspecified vulnerability in Google Chrome before 5.0.375.55 allows ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (doesn't have safebrowsing feature)
CVE-2010-2106 (Unspecified vulnerability in Google Chrome before 5.0.375.55 might ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-2105 (Google Chrome before 5.0.375.55 does not properly follow the Safe ...)
	- chromium-browser 5.0.375.55~r47796-1
	- webkit <not-affected> (doesn't have safebrowsing feature)
CVE-2010-2104 (Directory traversal vulnerability in Orbit Downloader 3.0.0.4 and ...)
	NOT-FOR-US: Orbit Downloader
CVE-2010-2103 (Cross-site scripting (XSS) vulnerability in ...)
	- axis <not-affected> (axis != axis2, vulnerable code not present)
CVE-2010-2102 (Buffer overflow in Webby Webserver 1.01 allows remote attackers to ...)
	NOT-FOR-US: Webby Webserver
CVE-2010-2101 (The (1) strip_tags, (2) setcookie, (3) strtok, (4) wordwrap, (5) ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2100 (The (1) htmlentities, (2) htmlspecialchars, (3) str_getcsv, (4) ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2099 (bbcode/php.bb in e107 0.7.20 and earlier does not perform access ...)
	NOT-FOR-US: e107
CVE-2010-2098 (Incomplete blacklist vulnerability in usersettings.php in e107 0.7.20 ...)
	NOT-FOR-US: e107
CVE-2010-2097 (The (1) iconv_mime_decode, (2) iconv_substr, and (3) iconv_mime_encode ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2096 (Directory traversal vulnerability in index.php in CMSQlite 1.2 and ...)
	NOT-FOR-US: CMSQlite
CVE-2010-2095 (SQL injection vulnerability in index.php in CMSQlite 1.2 and earlier ...)
	NOT-FOR-US: CMSQlite
CVE-2010-2094 (Multiple format string vulnerabilities in the phar extension in PHP ...)
	- php5 5.3.3-1 (low)
	[lenny] - php5 <not-affected> (Vulnerable code not present)
CVE-2010-2093 (Use-after-free vulnerability in the request shutdown functionality in ...)
	- php5 5.3.3-1 (unimportant)
	NOTE: Only triggerable through malicious script
CVE-2010-2092 (SQL injection vulnerability in graph.php in Cacti 0.8.7e and earlier ...)
	{DSA-2060-1}
	- cacti 0.8.7e-4 (bug #582691)
CVE-2010-2091 (Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft OWA
CVE-2010-2090 (The npb_protocol_error function in sna V5router64 in IBM ...)
	NOT-FOR-US: IBM Communications Server
CVE-2010-2089 (The audioop module in Python 2.7 and 3.2 does not verify the ...)
	- python3.1 3.1.2+20100706-1 (low)
	- python2.7 2.7-1 (low)
	- python2.6 2.6.5+20100706-1 (low)
	- python2.5 2.5.5-10 (low; bug #599739)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-2088 (ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2087 (Oracle Mojarra 1.2_14 and 2.0.2, as used in IBM WebSphere Application ...)
	- mojarra <unfixed> (unimportant; bug #611130)
	NOTE: Affected feature is fundamentally insecure
CVE-2010-2086 (Apache MyFaces 1.1.7 and 1.2.8, as used in IBM WebSphere Application ...)
	NOT-FOR-US: Apache MyFaces
CVE-2010-2085 (The default configuration of ASP.NET in Microsoft .NET before 1.1 has ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2084 (Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property ...)
	NOT-FOR-US: Microsoft .NET
CVE-2010-2083 (Microsoft Dynamics GP has a default value of ACCESS for the system ...)
	NOT-FOR-US: Microsoft Dynamics GP
CVE-2010-2082 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...)
	NOT-FOR-US: Cisco
CVE-2010-2081
	RESERVED
CVE-2010-2080 (Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket ...)
	- otrs2 2.4.8+dfsg1-1
	[lenny] - otrs2 <not-affected> (Only affects OTRS 2.3 and 2.4)
CVE-2009-4879 (The Identity Server in Novell Access Manager before 3.1 SP1 allows ...)
	NOT-FOR-US: Novell Access Manager
CVE-2009-4878 (Unspecified vulnerability in the Administration Console in Novell ...)
	NOT-FOR-US: Novell Access Manager
CVE-2009-4877 (Multiple cross-site request forgery (CSRF) vulnerabilities in WebGUI ...)
	- webgui 7.7.22-1
CVE-2009-4876 (admin/cikkform.php in Netrix CMS 1.0 allows remote attackers to modify ...)
	NOT-FOR-US: Netrix CMS
CVE-2009-4875 (FCKeditor.Java 2.4 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FCKeditor.Java, different than fckeditor in the archive
CVE-2009-4874 (TalkBack 2.3.14 does not properly restrict access to the edit comment ...)
	NOT-FOR-US: TalkBack
CVE-2009-4873 (Stack-based buffer overflow in the HTTP server in Rhino Software ...)
	NOT-FOR-US: Rhino Software Serv-U Web Client
CVE-2010-2079 (DataTrack System 3.5 allows remote attackers to bypass intended ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2078 (DataTrack System 3.5 allows remote attackers to list the root ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2077
	REJECTED
CVE-2010-2076 (Apache CXF 2.0.x before 2.0.13, 2.1.x before 2.1.10, and 2.2.x before ...)
	NOT-FOR-US: Apache CXF
CVE-2010-2075 (UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from ...)
	- unrealircd <itp> (bug #515130)
CVE-2010-2074 (istream.c in w3m 0.5.2 and possibly other versions, when ...)
	- w3m 0.5.2-5 (low; bug #587445)
	[lenny] - w3m 0.5.2-2+lenny1
CVE-2010-2073 (auth_db_config.py in Pyftpd 0.8.4 contains hard-coded usernames and ...)
	- pyftpd 0.8.5 (low; bug #585776)
	[lenny] - pyftpd 0.8.4.6+lenny1
CVE-2010-2072 (Pyftpd 0.8.4 creates log files with predictable names in a temporary ...)
	- pyftpd 0.8.5 (low; bug #585773)
	[lenny] - pyftpd 0.8.4.6+lenny1
CVE-2010-2071 (The btrfs_xattr_set_acl function in fs/btrfs/acl.c in btrfs in the ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 <not-affected> (btrfs introduced in 2.6.29)
CVE-2010-2070 (arch/ia64/xen/faults.c in Xen 3.4 and 4.0 in Linux kernel 2.6.18, and ...)
	- xen-3 3.2.1-2
	NOTE: The respective patch is present in Lenny's version of xen-3, might be fixed even earlier
CVE-2010-2069
	REJECTED
CVE-2010-2068 (mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 ...)
	- apache2 <not-affected> (does not affect UNIX, only Windows, etc.)
CVE-2010-2067 (Stack-based buffer overflow in the TIFFFetchSubjectDistance function ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
CVE-2010-2066 (The mext_check_arguments function in fs/ext4/move_extent.c in the ...)
	- linux-2.6 2.6.32-21
	[lenny] - linux-2.6 <not-affected> (Vulnerable code introduced in 2.6.31)
CVE-2010-2065 (Integer overflow in the TIFFroundup macro in LibTIFF before 3.9.3 ...)
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
	[lenny] - tiff <not-affected> (Only affects 3.9.x)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589145
	NOTE: https://bugs.launchpad.net/ubuntu/+source/tiff/+bug/589565
CVE-2010-2064
	RESERVED
	- rpcbind 0.2.0-4.1
	NOTE: This version changed the state directory to /var/run/rpcbind, which is only writable by root
CVE-2010-2063 (Buffer overflow in the SMB1 packet chaining implementation in the ...)
	{DSA-2061-1}
	- samba 2:3.4.0~pre1-1 (high)
	NOTE: the affected code has been completely rewritten since 3.4.x
CVE-2010-2062 (Integer underflow in the real_get_rdt_chunk function in real.c, as ...)
	{DSA-2044-1 DSA-2043-1}
	- vlc 1.0.1-1
	[lenny] - vlc 0.8.6.h-4+lenny2.3
	- mplayer 2:1.0~rc3+svn20100502-3 (medium; bug #581245)
	[lenny] - mplayer 1.0~rc2-17+lenny3.2
	- xine-lib <not-affected> (immune due to additional check in xio_rw_abbort())
	NOTE: http://git.videolan.org/?p=vlc.git;a=commitdiff;h=dc74600c97eb834c08674676e209afa842053aca
	NOTE: http://dzcore.wordpress.com/2009/07/27/dzc-2009-001-the-movie-player-and-vlc-media-player-real-data-transport-parsing-integer-underflow/
	NOTE: DSA-2043 and DSA-2044
CVE-2010-2061
	RESERVED
	- rpcbind 0.2.0-4.1
CVE-2010-2060 (The put command functionality in beanstalkd 1.4.5 and earlier allows ...)
	- beanstalkd 1.4.6-1 (unimportant; bug #585162)
	NOTE: Package description reads: "Beanstalkd is meant to be ran in a trusted network,
	NOTE: "as it has no authorisation/authentication mechanisms". So this is likely a non-issue
CVE-2010-2059 (lib/fsm.c in RPM 4.8.0 and unspecified 4.7.x and 4.6.x versions, and ...)
	- rpm 4.8.1-1 (bug #584257; unimportant)
	NOTE: Marking as unimportant since rpm isn't used as a package manager
CVE-2010-2058 (setup.py in Prewikka 0.9.14 installs prewikka.conf with world-readable ...)
	- prewikka 1.0.0-1.1 (low; bug #584469)
	[lenny] - prewikka <no-dsa> (The insecure permissions only apply for a very short timeframe during pkg update)
	NOTE: FEDORA-2009-3761 http://lwn.net/Articles/330642
CVE-2010-2057 (shared/util/StateUtils.java in Apache MyFaces 1.1.x before 1.1.8, ...)
	NOT-FOR-US: Apache MyFaces
CVE-2010-2056 (GNU gv before 3.7.0 allows local users to overwrite arbitrary files ...)
	- gv 1:3.7.1-1 (low)
	[lenny] - gv <no-dsa> (Minor issue)
CVE-2010-2055 (Ghostscript 8.71 and earlier reads initialization files from the ...)
	- ghostscript 8.71~dfsg2-6.1 (bug #584653; bug #592569; bug #584663)
	[lenny] - ghostscript <no-dsa> (too risky for regressions)
CVE-2010-2054 (Integer overflow in httpAdapter.c in httpAdapter in SBLIM SFCB 1.3.4 ...)
	NOT-FOR-US: SBLIM SFCB
CVE-2010-2053 (emesenelib/ProfileManager.py in emesene before 1.6.2 allows local ...)
	- emesene 1.6.2-1 (low)
	[lenny] - emesene <not-affected> (Introduced in 1.6.1)
CVE-2010-2052
	REJECTED
CVE-2010-2051 (SQL injection vulnerability in article.php in Debliteck DBCart allows ...)
	NOT-FOR-US: Debliteck DBCart
CVE-2010-2050 (Directory traversal vulnerability in the Moron Solutions MS Comment ...)
	NOT-FOR-US: Moron Solutions MS Comment
CVE-2010-2049 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ManageEngine ADAudit Plus
CVE-2010-2048 (Multiple cross-site scripting (XSS) vulnerabilities in the Heartbeat ...)
	NOT-FOR-US: Heartbeat module for Drupal
CVE-2010-2047 (SQL injection vulnerability in index.php in JE CMS 1.0.0 and 1.1 ...)
	NOT-FOR-US: JE CMS
CVE-2010-2046 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: ActiveHelper LiveHelp for Joomla
CVE-2010-2045 (Directory traversal vulnerability in the Dione Form Wizard (aka FDione ...)
	NOT-FOR-US: Dione Form Wizard
CVE-2010-2044 (SQL injection vulnerability in the Konsultasi (com_konsultasi) ...)
	NOT-FOR-US: Konsultasi for Joomla
CVE-2010-2043 (Cross-site scripting (XSS) vulnerability in Home.aspx in DataTrack ...)
	NOT-FOR-US: DataTrack System
CVE-2010-2042 (SQL injection vulnerability in search.php in ECShop 2.7.2 allows ...)
	NOT-FOR-US: ECShop
CVE-2010-2041 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: PHP-Calendar
CVE-2010-2040 (Cross-site scripting (XSS) vulnerability in search.php in V-EVA ...)
	NOT-FOR-US: V-EVA Shopzilla script
CVE-2010-2039 (Cross-site request forgery (CSRF) vulnerability in gpEasy CMS 1.6.2, ...)
	NOT-FOR-US: gpEasy CMS
CVE-2010-2038 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: gpEasy CMS
CVE-2010-2037 (Directory traversal vulnerability in the Percha Downloads Attach ...)
	NOT-FOR-US: Percha
CVE-2010-2036 (Directory traversal vulnerability in the Percha Fields Attach ...)
	NOT-FOR-US: Percha
CVE-2010-2035 (Directory traversal vulnerability in the Percha Gallery ...)
	NOT-FOR-US: Percha
CVE-2010-2034 (Directory traversal vulnerability in the Percha Image Attach ...)
	NOT-FOR-US: Percha
CVE-2010-2033 (Directory traversal vulnerability in the Percha Multicategory Article ...)
	NOT-FOR-US: Percha
CVE-2010-2032 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Caucho Technology Resin Professional
CVE-2010-2031 (KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield ...)
	NOT-FOR-US: Kingsoft Webshield
CVE-2010-2030 (Cross-site scripting (XSS) vulnerability in the External Link Page ...)
	NOT-FOR-US: External Link Page module for Drupal
CVE-2010-2029 (Cybozu Office 7 Ktai and Dotsales do not properly restrict access to ...)
	NOT-FOR-US: Cybozu Office and Dotsales
CVE-2010-2028 (Buffer overflow in k23productions TFTPUtil GUI (aka TFTPGUI) 1.4.5 ...)
	NOT-FOR-US: k23productions TFTPGUI
CVE-2010-2027 (Mathematica 7, when running on Linux, allows local users to overwrite ...)
	NOT-FOR-US: Mathematica
CVE-2010-2026 (The web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 ...)
	NOT-FOR-US: Cisco
CVE-2010-2025 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: Cisco
CVE-2010-2024 (transports/appendfile.c in Exim before 4.72, when MBX locking is ...)
	- exim4 4.72-1 (low)
	[lenny] - exim4 <no-dsa> (Minor issue)
CVE-2010-2023 (transports/appendfile.c in Exim before 4.72, when a world-writable ...)
	- exim4 4.72-1 (low)
	[lenny] - exim4 <no-dsa> (Minor issue)
CVE-2010-2022 (jail.c in jail in FreeBSD 8.0 and 8.1-PRERELEASE, when the &quot;-l -U ...)
	- kfreebsd-6 <not-affected> (jail binary not yet provided, see bug #584930)
	- kfreebsd-7 <not-affected> (jail binary not yet provided, see bug #584930)
	- kfreebsd-8 <not-affected> (jail binary not yet provided, see bug #584930)
CVE-2010-2021 (Open redirect vulnerability in the Global Redirect module 6.x-1.x ...)
	NOT-FOR-US: Global Redirect module for Drupal is not in Debian
CVE-2010-2020 (sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (Minor issue, not enabled by default)
	- kfreebsd-7 7.3-2
	[lenny] - kfreebsd-7 <no-dsa> (Minor issue, not enabled by default)
	- kfreebsd-8 8.0-6 (bug #584930)
CVE-2010-2019 (SQL injection vulnerability in downlot.php in Lokomedia CMS 1.4.1, ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2018 (Directory traversal vulnerability in downlot.php in Lokomedia CMS ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2017 (Cross-site scripting (XSS) vulnerability in hasil-pencarian.html in ...)
	NOT-FOR-US: Lokomedia CMS
CVE-2010-2016 (SQL injection vulnerability in details.php in Iceberg CMS allows ...)
	NOT-FOR-US: Iceberg CMS
CVE-2010-2015 (Multiple SQL injection vulnerabilities in LiSK CMS 4.4 allow remote ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2014 (Cross-site scripting (XSS) vulnerability in cp/list_content.php in ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2013 (Cross-site scripting (XSS) vulnerability in cp/edit_email.php in LiSK ...)
	NOT-FOR-US: LiSK CMS
CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when ...)
	NOT-FOR-US: MigasCMS
CVE-2006-7239 (The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c ...)
	- gnutls26 <not-affected> (fix is present in lenny/sid; fixed originally in upstream 1.4.2, which precedes 26)
CVE-2010-2011 (Microsoft Dynamics GP uses a substitution cipher to encrypt the system ...)
	NOT-FOR-US: Microsoft Dynamics GP
CVE-2010-2010 (Multiple cross-site scripting (XSS) vulnerabilities in the Chaos Tool ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-2009 (Stack-based buffer overflow in the media library in BS.Global ...)
	NOT-FOR-US: BS.Global BS.Player
CVE-2010-2008 (MySQL before 5.1.48 allows remote authenticated users with alter ...)
	- mysql-5.1 5.1.48-1
	- mysql-dfsg-5.0 <not-affected> (Only affects MySQL 5.1 onwards)
CVE-2010-2007 (Multiple cross-site request forgery (CSRF) vulnerabilities in LetoDMS ...)
	- mydms <removed> (bug #590904; low)
	[lenny] - mydms <no-dsa> (Minor issue)
	NOTE: seems to have changed name to letoDMS
CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS ...)
	{DSA-2146-1}
	- mydms 1.7.2+1.7.3-1.1 (bug #582587; medium)
	NOTE: seems to have changed name to letoDMS
CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine ...)
	NOT-FOR-US: Datalife Engine
CVE-2010-2004 (Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 ...)
	NOT-FOR-US: BS.Player
CVE-2010-2003 (Cross-site scripting (XSS) vulnerability in misc/get_admin.php in ...)
	NOT-FOR-US: Advanced Poll
CVE-2010-2002 (Cross-site scripting (XSS) vulnerability in the Wordfilter module 5.x ...)
	NOT-FOR-US: Wordfilter module for Drupal
CVE-2010-2001 (Cross-site scripting (XSS) vulnerability in the CiviRegister module ...)
	NOT-FOR-US: CiviRegister module for Drupal
CVE-2010-2000 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...)
	NOT-FOR-US: Biblio module for Drupal
CVE-2010-1999 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...)
	NOT-FOR-US: OpenMairie
CVE-2010-1998 (Cross-site scripting (XSS) vulnerability in the CCK TableField module ...)
	NOT-FOR-US: CCK TableField module for Drupal
CVE-2010-1997 (Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus ...)
	NOT-FOR-US: Saurus CMS
CVE-2010-1996 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1995 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1994 (SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 ...)
	NOT-FOR-US: Tomato CMS
CVE-2010-1993 (Opera 9.52 does not properly handle an IFRAME element with a mailto: ...)
	NOT-FOR-US: Opera
CVE-2010-1992 (Google Chrome 1.0.154.48 executes a mail application in situations ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: http://translate.google.com/translate?hl=en&u=http://websecurity.com.ua/4206/&sl=uk&tl=en
	NOTE: poc is just one window, but can be changed to open many
	NOTE: this is a dos-only attack, so its considered unimportant
CVE-2010-1991 (Microsoft Internet Explorer 6.0.2900.2180, 7, and 8.0.7600.16385 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1990 (Mozilla Firefox 3.6.x, 3.5.x, 3.0.19, and earlier, and SeaMonkey, ...)
	- xulrunner <unfixed> (unimportant; bug #582590)
	- iceape <removed> (unimportant)
	NOTE: browser dos attacks are not considered security-relevant
CVE-2010-1989 (Opera 9.52 executes a mail application in situations where an IMG ...)
	NOT-FOR-US: Opera
CVE-2010-1988 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1987 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1986 (Mozilla Firefox 3.6.3 on Windows XP SP3 allows remote attackers to ...)
	- xulrunner <unfixed> (unimportant)
	- iceape <removed> (unimportant)
	NOTE: these poc's do lead to heavy resource consumption on xulrunner 1.9.1.9, but it does not crash (that may be a windows-specific symptom)
CVE-2010-1985 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Six Apart Movable type
CVE-2010-1984 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...)
	NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1983 (Directory traversal vulnerability in the redTWITTER (com_redtwitter) ...)
	NOT-FOR-US: com_redtwitter component for joomla!
CVE-2010-1982 (Directory traversal vulnerability in the JA Voice (com_javoice) ...)
	NOT-FOR-US: com_javoice component for joomla!
CVE-2010-1981 (Directory traversal vulnerability in the Fabrik (com_fabrik) component ...)
	NOT-FOR-US: com_fabrik component for joomla!
CVE-2010-1980 (Directory traversal vulnerability in joomlaflickr.php in the Joomla ...)
	NOT-FOR-US: com_joomlaflickr component for joomla!
CVE-2010-1979 (Directory traversal vulnerability in the Affiliate Datafeeds ...)
	NOT-FOR-US: com_datafeeds component for joomla!
CVE-2010-1978 (PHP remote file inclusion vulnerability in default_theme.php in ...)
	NOT-FOR-US: FreePHPBlogSoftware
CVE-2010-1977 (Directory traversal vulnerability in the J!WHMCS Integrator ...)
	NOT-FOR-US: com_jwhmcs component for joomla!
CVE-2010-1976 (Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb ...)
	NOT-FOR-US: Taxonomy Breadcrumb module for Drupal
CVE-2010-1975 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed> (low)
CVE-2010-1974
	REJECTED
CVE-2010-1973 (Unspecified vulnerability in the Auditing subsystem in HP OpenVMS 8.3, ...)
	NOT-FOR-US: OpenVMS
CVE-2010-1972 (The default configuration of HP Client Automation (HPCA) Enterprise ...)
	NOT-FOR-US: HP Client Automation
CVE-2010-1971 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
	NOT-FOR-US: HP Insight
CVE-2010-1970 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1969 (Cross-site scripting (XSS) vulnerability in HP Virtual Connect ...)
	NOT-FOR-US: HP Virtual Connect Enterprise Manager
CVE-2010-1968 (Cross-site request forgery (CSRF) vulnerability in HP Insight Software ...)
	NOT-FOR-US: HP Insight
CVE-2010-1967 (Unspecified vulnerability in HP Insight Software Installer for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1966 (Unspecified vulnerability in HP Insight Control power management for ...)
	NOT-FOR-US: HP Insight
CVE-2010-1965 (Unspecified vulnerability in HP Insight Orchestration for Windows ...)
	NOT-FOR-US: HP Insight
CVE-2010-1964 (Buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1963 (Cross-site scripting (XSS) vulnerability in HP ServiceCenter allows ...)
	NOT-FOR-US: HP ServiceCenter
CVE-2010-1962 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
	NOT-FOR-US: HP StorageWorks
CVE-2010-1961 (Buffer overflow in ovutil.dll in ovwebsnmpsrv.exe in HP OpenView ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1960 (Buffer overflow in the error handling functionality in ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1959 (Unspecified vulnerability in HP TestDirector for Quality Center 9.2 ...)
	NOT-FOR-US: HP TestDirector for Quality Center
CVE-2010-1958 (Cross-site scripting (XSS) vulnerability in the FileField module 5.x ...)
	NOT-FOR-US: Drupal addon
CVE-2010-1957 (Directory traversal vulnerability in the Love Factory ...)
	NOT-FOR-US: com_lovefactory component for joomla!
CVE-2010-1956 (Directory traversal vulnerability in the Gadget Factory ...)
	NOT-FOR-US: com_gadgetfactory component for joomla!
CVE-2010-1955 (Directory traversal vulnerability in the Deluxe Blog Factory ...)
	NOT-FOR-US: com_blogfactory component for joomla!
CVE-2010-1954 (Directory traversal vulnerability in the iNetLanka Multiple root ...)
	NOT-FOR-US: com_multiroot component for joomla!
CVE-2010-1953 (Directory traversal vulnerability in the iNetLanka Multiple Map ...)
	NOT-FOR-US: com_multimap component for joomla!
CVE-2010-1952 (Directory traversal vulnerability in the BeeHeard (com_beeheard) and ...)
	NOT-FOR-US: com_beeheard component for joomla!
CVE-2010-1951 (Multiple directory traversal vulnerabilities in 60cycleCMS allow ...)
	NOT-FOR-US: 60cycleCMS
CVE-2010-1950 (SQL injection vulnerability in the Online News Paper Manager ...)
	NOT-FOR-US: Online News Paper Manager
CVE-2010-1949 (SQL injection vulnerability in the Online News Paper Manager ...)
	NOT-FOR-US: Online News Paper Manager
CVE-2010-1948 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2010-1947 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2010-1946 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2010-1945 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2010-1944 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2010-1943 (Unspecified vulnerability in NEC CapsSuite Small Edition PatchMeister ...)
	NOT-FOR-US: NEC CapsSuite Small Edition
CVE-2010-1942 (Unspecified vulnerability in the Servlet service in Fujitsu Limited ...)
	NOT-FOR-US: Fujitsu Limited Interstage Application Server
CVE-2010-1941 (Unspecified vulnerability in NEC WebSAM DeploymentManager 5.13 and ...)
	NOT-FOR-US: NEC WebSAM DeploymentManager
CVE-2010-1940 (Apple Safari 4.0.5 on Windows sends the &quot;Authorization: Basic&quot; header ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: Safari-specific. Chromium and Safari have totally separate HTTP stacks.
CVE-2010-1939 (Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: poc seems to cause a dos in both chromium and webkit; not sure if code execution is possible
	NOTE: This is Safari only
CVE-2010-1938 (Off-by-one error in the __opiereadrec function in readrec.c in libopie ...)
	- opie 2.32.dfsg.1-0.2 (low; bug #584932)
	[lenny] - opie 2.32-10.2+lenny2
CVE-2010-1937 (Heap-based buffer overflow in httpAdapter.c in httpAdapter in SBLIM ...)
	NOT-FOR-US: SBLIM SFCB
CVE-2010-1936 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie openComInterne
CVE-2010-1935 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie Openpresse
CVE-2010-1934 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
	NOT-FOR-US: openMairie openPlanning
CVE-2010-1928 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie openPlanning
CVE-2010-1927 (Multiple PHP remote file inclusion vulnerabilities in openMairie ...)
	NOT-FOR-US: openMairie openCourrier
CVE-2010-1926 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie openCourrier
CVE-2010-1925 (SQL injection vulnerability in makale.php in tekno.Portal 0.1b allows ...)
	NOT-FOR-US: tekno.Portal
CVE-2010-1924 (SQL injection vulnerability in index.php in Hi Web Wiesbaden Live ...)
	NOT-FOR-US: Hi Web Wiesbaden Live Shopping multi Portal System
CVE-2010-1923 (SQL injection vulnerability in user.php in Hi Web Wiesbaden Web 2.0 ...)
	NOT-FOR-US: Hi Web Wiesbaden Web Social Network Community System
CVE-2010-1922 (Multiple PHP remote file inclusion vulnerabilities in 29o3 CMS 0.1 ...)
	NOT-FOR-US: 29o3 CMS
CVE-2010-1921 (Multiple PHP remote file inclusion vulnerabilities in OpenMairie ...)
	NOT-FOR-US: OpenMairie openAnnuaire
CVE-2010-1920 (Directory traversal vulnerability in scr/soustab.php in OpenMairie ...)
	NOT-FOR-US: OpenMairie openAnnuaire
CVE-2010-1933
	RESERVED
CVE-2010-1932 (Heap-based buffer overflow in XnView 1.97.4 and possibly earlier ...)
	NOT-FOR-US: XnView
CVE-2010-1931 (SQL injection vulnerability in includes/content/cart.inc.php in ...)
	NOT-FOR-US: CubeCart PHP Shopping Cart
CVE-2010-1930 (Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows ...)
	NOT-FOR-US: Novell iManager
CVE-2010-1929 (Multiple stack-based buffer overflows in the ...)
	NOT-FOR-US: Novell iImanager
CVE-2010-1919 (Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 ...)
	NOT-FOR-US: EMC
CVE-2010-1913 (The default configuration of pluginlicense.ini for the ...)
	NOT-FOR-US: Consona
CVE-2010-1912 (The SdcWebSecureBase interface in tgctlcm.dll in Consona Live ...)
	NOT-FOR-US: Consona
CVE-2010-1911 (The site-locking implementation in the SdcWebSecureBase interface in ...)
	NOT-FOR-US: Consona
CVE-2010-1910 (The Forgot Password implementation in Consona Live Assistance, Dynamic ...)
	NOT-FOR-US: Consona
CVE-2010-1909 (Buffer overflow in the RunCmd method in the SdcUser.TgConCtl ActiveX ...)
	NOT-FOR-US: Consona
CVE-2010-1908 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live ...)
	NOT-FOR-US: Consona
CVE-2010-1907 (The SdcUser.TgConCtl ActiveX control in tgctlcm.dll in Consona Live ...)
	NOT-FOR-US: ConsonA
CVE-2010-1906 (tgsrv.exe in the Repair Service in Consona Dynamic Agent, Repair ...)
	NOT-FOR-US: Consona
CVE-2010-1905 (Multiple cross-site scripting (XSS) vulnerabilities in Consona Live ...)
	NOT-FOR-US: Consona
CVE-2010-1904 (SQL injection vulnerability in EMC RSA Key Manager (RKM) C Client ...)
	NOT-FOR-US: EMC RSA key manager
CVE-2010-1903 (Microsoft Office Word 2002 SP3 and 2003 SP3, and Office Word Viewer, ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1902 (Buffer overflow in Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1901 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...)
	NOT-FOR-US: Microsoft Word
CVE-2010-1900 (Microsoft Office Word 2002 SP3, 2003 SP3, and 2007 SP2; Microsoft ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2010-1898 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0 SP1, ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2010-1897 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1896 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1895 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1894 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1893 (Integer overflow in the TCP/IP stack in Microsoft Windows Vista SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1892 (The TCP/IP stack in Microsoft Windows Vista SP1 and SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1891 (The Client/Server Runtime Subsystem (aka CSRSS) in the Win32 subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1890 (The kernel in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1889 (Double free vulnerability in the kernel in Microsoft Windows Vista SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1888 (Race condition in the kernel in Microsoft Windows XP SP3 allows local ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1887 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1886 (Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1885 (The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1884
	REJECTED
CVE-2010-1883 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1882 (Multiple buffer overflows in the MPEG Layer-3 Audio Codec for ...)
	NOT-FOR-US: MPEG Layer-3 Audio Codec for
CVE-2010-1881 (The FieldList ActiveX control in the Microsoft Access Wizard Controls ...)
	NOT-FOR-US: Microsoft
CVE-2010-1880 (Unspecified vulnerability in Quartz.dll for DirectShow on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2010-1879 (Unspecified vulnerability in Quartz.dll for DirectShow; Windows Media ...)
	NOT-FOR-US: Microsoft
CVE-2010-1878 (Directory traversal vulnerability in the OrgChart (com_orgchart) ...)
	NOT-FOR-US: com_orgchart component for joomla!
CVE-2010-1877 (SQL injection vulnerability in the JTM Reseller (com_jtm) component ...)
	NOT-FOR-US: com_jtm component for joomla!
CVE-2010-1876 (SQL injection vulnerability in index.php in AJ Shopping Cart 1.0 ...)
	NOT-FOR-US: AJ Shopping Cart
CVE-2010-1875 (Directory traversal vulnerability in the Real Estate Property ...)
	NOT-FOR-US: com_properties component for joomla!
CVE-2010-1874 (SQL injection vulnerability in the Real Estate Property ...)
	NOT-FOR-US: com_properties component for joomla!
CVE-2010-1873 (SQL injection vulnerability in the Jvehicles (com_jvehicles) component ...)
	NOT-FOR-US: com_jvehicles component for joomla!
CVE-2010-1872 (Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard ...)
	NOT-FOR-US: FlashCard
CVE-2010-1918 (SQL injection vulnerability in ask_chat.php in eFront 3.6.2 and ...)
	NOT-FOR-US: EFront ask_chat
CVE-2010-1917 (Stack consumption vulnerability in PHP 5.2 through 5.2.13 and 5.3 ...)
	{DSA-2089-1}
	- php5 5.3.3-1 (low)
	[lenny] - php5 <no-dsa> (Minor issue)
CVE-2010-1916 (The dynamic configuration feature in Xinha WYSIWYG editor 0.96 Beta 2 ...)
	- serendipity 1.5.3-1
	[lenny] - serendipity <not-affected> (Only affects >= 1.4)
	- horde3 <not-affected> (Vulnerable code not included, see bug #585165)
	- openacs <not-affected> (Doesn't use the PHP interface, see bug #585163)
	- dotlrn <not-affected> (Doesn't use the PHP interface, see bug #585164)
CVE-2010-1915 (The preg_quote function in PHP 5.2 through 5.2.13 and 5.3 through ...)
	- php5 <removed> (unimportant)
CVE-2010-1914 (The Zend Engine in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allows ...)
	- php5 <removed> (unimportant)
CVE-2010-1871 (JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1870 (The OGNL extensive expression evaluation capability in XWork in Struts ...)
	- libstruts1.2-java <not-affected> (issue involves a problem in xwork, which was introduced in struts2)
	- libspring-2.5-java <not-affected> (Vulnerable code not present)
CVE-2010-1869 (Stack-based buffer overflow in the parser function in GhostScript 8.70 ...)
	{DSA-2080-1}
	- ghostscript 8.71~dfsg-4
	NOTE: http://www.openwall.com/lists/oss-security/2010/05/11/3
CVE-2010-1868 (The (1) sqlite_single_query and (2) sqlite_array_query functions in ...)
	- php5 <removed> (unimportant)
CVE-2010-1867 (SQL injection vulnerability in the ...)
	NOT-FOR-US: Campsite
CVE-2010-1866 (The dechunk filter in PHP 5.3 through 5.3.2, when decoding an HTTP ...)
	- php5 5.3.3-1 (low)
	[lenny] - php5 <not-affected> (dechunk filter introduced in 5.3)
CVE-2010-1865 (Multiple SQL injection vulnerabilities in ClanSphere 2009.0.3 and ...)
	NOT-FOR-US: ClanSphere
CVE-2010-1864 (The addcslashes function in PHP 5.2 through 5.2.13 and 5.3 through ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-1863 (SQL injection vulnerability in the shoutbox module ...)
	NOT-FOR-US: ClanTiger
CVE-2010-1862 (The chunk_split function in PHP 5.2 through 5.2.13 and 5.3 through ...)
	- php5 <removed> (unimportant)
CVE-2010-1861 (The sysvshm extension for PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 ...)
	- php5 <removed> (unimportant)
CVE-2010-1860 (The html_entity_decode function in PHP 5.2 through 5.2.13 and 5.3 ...)
	- php5 5.3.3-1 (unimportant)
CVE-2010-1859 (SQL injection vulnerability in newpost.php in DeluxeBB 1.3 and ...)
	NOT-FOR-US: DeluxeBB
CVE-2010-1858 (Directory traversal vulnerability in the SMEStorage (com_smestorage) ...)
	NOT-FOR-US: com_smestorage component for joomla!
CVE-2010-1857 (SQL injection vulnerability in index.php in RepairShop2 1.9.023 Trial, ...)
	NOT-FOR-US: RepairShop2
CVE-2010-1856 (Cross-site scripting (XSS) vulnerability in index.php in RepairShop2 ...)
	NOT-FOR-US: RepairShop2
CVE-2010-1855 (SQL injection vulnerability in auktion.php in Pay Per Watch &amp; Bid ...)
	NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1854 (Cross-site scripting (XSS) vulnerability in auktion.php in Pay Per ...)
	NOT-FOR-US: Pay Per Watch & Bid Auktions System
CVE-2010-1853 (Multiple stack-based buffer overflows in the tr_magnetParse function ...)
	- transmission 1.92-1
	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
CVE-2010-1852 (Microsoft Internet Explorer, when the Invisible Hand extension is ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1851 (Google Chrome, when the Invisible Hand extension is enabled, uses ...)
	NOT-FOR-US: Invisible Hand extension for chromium
CVE-2009-4872 (Multiple SQL injection vulnerabilities in globepersonnel_login.asp in ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4871 (SQL injection vulnerability in globepersonnel_forum.asp in Logoshows ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4870 (Multiple SQL injection vulnerabilities in login.php in PHPCityPortal ...)
	NOT-FOR-US: PHPCityPortal
CVE-2009-4869 (Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest ...)
	NOT-FOR-US: Nasim Guest Book
CVE-2009-4868 (Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 ...)
	NOT-FOR-US: Hitron Soft Answer Me
CVE-2009-4867 (Buffer overflow in Tuniac 090517c allows remote attackers to cause a ...)
	NOT-FOR-US: Tuniac
CVE-2009-4866 (Cross-site scripting (XSS) vulnerability in search.cgi in Matt's ...)
	NOT-FOR-US: Matt's Script Archive (MSA) Simple Search
CVE-2009-4865 (Multiple SQL injection vulnerabilities in escorts_search.php in ...)
	NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4864 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: I-Escorts Directory Script and Agency Script
CVE-2009-4863 (Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows ...)
	NOT-FOR-US: UltraPlayer Media Player
CVE-2009-4862 (Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote ...)
	NOT-FOR-US: Alwasel
CVE-2009-4861 (Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO ...)
	NOT-FOR-US: SupportPRO SupportDesk
CVE-2009-4860 (SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier ...)
	NOT-FOR-US: Typing Pal
CVE-2009-4859 (Multiple cross-site scripting (XSS) vulnerabilities in Online Work ...)
	NOT-FOR-US: Online Work Order Suite (OWOS)
CVE-2009-4858 (Cross-site scripting (XSS) vulnerability in questiondetail.php in ...)
	NOT-FOR-US: Yahoo Answers Clone
CVE-2009-4857 (Cross-site scripting (XSS) vulnerability in login.php in PHP Photo ...)
	NOT-FOR-US: PHP Photo Vote
CVE-2009-4856 (Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy ...)
	NOT-FOR-US: PHP Easy Shopping Cart
CVE-2009-4855 (** DISPUTED ** ...)
	NOT-FOR-US: Bogus issue claimed for typo3
	NOTE: See http://secure.t3sec.info/blog/post/2009/08/06/typo3-cms-40-showuid-exploit-not-a-vulnerability/4.2.5-1+lenny3
CVE-2009-4854 (addons/import.php in TalkBack 2.3.14 allows remote attackers to ...)
	NOT-FOR-US: TalkBack
CVE-2009-4853 (Multiple cross-site scripting (XSS) vulnerabilities in JumpBox before ...)
	NOT-FOR-US: JumpBox
CVE-2009-4852 (Multiple cross-site scripting (XSS) vulnerabilities in SemanticScuttle ...)
	NOT-FOR-US: SemanticScuttle
CVE-2009-4851 (The activation resend function in the Profiles module in XOOPS before ...)
	NOT-FOR-US: XOOPS
CVE-2009-4850 (The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote ...)
	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer
CVE-2009-4849 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4848 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4847 (Deliantra Server before 2.82 allows remote authenticated users to ...)
	NOT-FOR-US: Deliantra Server
CVE-2009-4846 (Multiple buffer overflows in Deliantra Server before 2.82 allow remote ...)
	NOT-FOR-US: Deliantra Server
CVE-2009-4845 (The configuration page in ToutVirtual VirtualIQ Pro 3.2 build 7882 ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4844 (ToutVirtual VirtualIQ Pro 3.2 build 7882 does not restrict access to ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4843 (ToutVirtual VirtualIQ Pro before 3.5 build 8691 does not require ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2009-4842 (Multiple cross-site scripting (XSS) vulnerabilities in ToutVirtual ...)
	NOT-FOR-US: ToutVirtual VirtualIQ Pro
CVE-2010-1850 (Buffer overflow in MySQL 5.0 through 5.0.91 and 5.1 before 5.1.47 ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-XXXX [wicd changes permissions of resolv.conf]
	- wicd 1.7.0+ds1-3 (low; bug #582798)
CVE-2010-1849 (The my_net_skip_rest function in sql/net_serv.cc in MySQL 5.0 through ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-1848 (Directory traversal vulnerability in MySQL 5.0 through 5.0.91 and 5.1 ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.47-1 (bug #582526)
	- mysql-dfsg-5.0 <removed>
CVE-2010-1847 (The kernel in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1846 (Heap-based buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1845 (ImageIO in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1844 (Unspecified vulnerability in Image Capture in Apple Mac OS X 10.6.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1843 (Networking in Apple Mac OS X 10.6.2 through 10.6.4 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1842 (Buffer overflow in AppKit in Apple Mac OS X 10.6.x before 10.6.5 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1841 (Disk Images in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1840 (Stack-based buffer overflow in the password-validation functionality ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1839
	RESERVED
CVE-2010-1838 (Directory Services in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1837 (CoreText in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1836 (Stack-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1835
	RESERVED
CVE-2010-1834 (CFNetwork in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1833 (Apple Type Services (ATS) in Apple Mac OS X 10.6.x before 10.6.5 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1832 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1831 (Buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.5.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1830 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 generates ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1829 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1828 (AFP Server in Apple Mac OS X 10.5.8 and 10.6.x before 10.6.5 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1827
	RESERVED
CVE-2010-1826
	RESERVED
CVE-2010-1825 (Use-after-free vulnerability in WebKit, as used in Google Chrome ...)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/66847
CVE-2010-1824 (Use-after-free vulnerability in WebKit, as used in Apple iTunes before ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/66795
CVE-2010-1823 (Use-after-free vulnerability in WebKit before r65958, as used in ...)
	- webkit <not-affected> (vulnerable code not present in 1.2.x series)
	- chromium-browser 6.0.472.59~r59126-1
	NOTE: http://trac.webkit.org/changeset/65958
CVE-2010-1822 (WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 ...)
	- webkit <not-affected> (rendererIsNeeded function not present in 1.2.x series)
	- chromium-browser 6.0.472.62~r59676-1
CVE-2010-1821 (Apple Mac OS X 10.6 through 10.6.3 and Mac OS X Server 10.6 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1820 (Apple Filing Protocol (AFP) Server in Apple Mac OS X 10.6.x through ...)
	NOT-FOR-US: Apple Filing Protocol Server
CVE-2010-1819 (Untrusted search path vulnerability in the Picture Viewer in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-1818 (The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple ...)
	NOT-FOR-US: QuickTime
CVE-2010-1817 (Buffer overflow in ImageIO in Apple iOS before 4.1 on the iPhone and ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1816 (Buffer overflow in ImageIO in Apple Mac OS X 10.6 through 10.6.3 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1815 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-1814 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch, and ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1813 (WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/63048
CVE-2010-1812 (Use-after-free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1811 (ImageIO in Apple iOS before 4.1 on the iPhone and iPod touch allows ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1810 (FaceTime in Apple iOS before 4.1 on the iPhone and iPod touch does not ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1809 (The Accessibility component in Apple iOS before 4.1 on the iPhone and ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1808 (Stack-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1807 (WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android ...)
	- webkit 1.2.5-1 (bug #599830)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/64706
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=43461
	NOTE: the problem is that the standard-library strtod()
	NOTE: parses "NAN(payload)" as a NaN with a user-defined payload, which is bad for the nan-boxing
	NOTE: scheme used by webkit (and mozilla). The fix is not to accept "NAN(payload)".
	NOTE: test-case: -parseFloat("NAN(ffffeeeeeff0f)")
	NOTE: reproduced with epiphany
CVE-2010-1806 (Use-after-free vulnerability in Apple Safari 4.x before 4.1.2 and 5.x ...)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/63772
CVE-2010-1805 (Untrusted search path vulnerability in Apple Safari 4.x before 4.1.2 ...)
	- webkit <not-affected> (windows-specific issue)
	- chromium-browser <not-affected> (windows-specific issue)
	NOTE: This is the windows DLL planting attack
CVE-2010-1804 (Unspecified vulnerability in the network bridge functionality on the ...)
	NOT-FOR-US: Apple
CVE-2010-1803 (Time Machine in Apple Mac OS X 10.6.x before 10.6.5 does not verify ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1802 (libsecurity in Apple Mac OS X 10.5.8 and 10.6.4 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1801 (Heap-based buffer overflow in CoreGraphics in Apple Mac OS X 10.5.8 ...)
	NOT-FOR-US: CoreGraphics
CVE-2010-1800 (CFNetwork in Apple Mac OS X 10.6.3 and 10.6.4 supports anonymous SSL ...)
	NOT-FOR-US: CFNetwork
CVE-2010-1799 (Stack-based buffer overflow in the error-logging functionality in ...)
	NOT-FOR-US: Apple QuickTime on Windows
CVE-2010-1798
	RESERVED
CVE-2010-1797 (Multiple stack-based buffer overflows in the ...)
	{DSA-2105-1}
	- freetype 2.4.2-1
CVE-2010-1796 (The AutoFill feature in Apple Safari before 5.0.1 on Mac OS X 10.5 ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: Very Safari specific
CVE-2010-1795 (Untrusted search path vulnerability in Apple iTunes before 9.1, when ...)
	NOT-FOR-US: Apple iTunes on Windows
CVE-2010-1794 (The webdav_mount function in webdav_vfsops.c in the WebDAV kernel ...)
	NOT-FOR-US: Apple
CVE-2010-1793 (Multiple use-after-free vulnerabilities in WebKit in Apple Safari ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: http://trac.webkit.org/changeset/62482
	NOTE: http://trac.webkit.org/changeset/62662
	NOTE: duplicated as cve-2010-2902
CVE-2010-1792 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/62386
	NOTE: Chromium uses a totally different regexp implementation.
CVE-2010-1791 (Integer signedness error in WebKit in Apple Safari before 5.0.1 on Mac ...)
	- webkit 1.2.6-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1790 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected>
	NOTE: http://trac.webkit.org/changeset/62301
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1789 (Heap-based buffer overflow in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: this is specific to Safari's JavaScript engine
CVE-2010-1788 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40994
	NOTE: http://trac.webkit.org/changeset/62482
CVE-2010-1787 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: http://trac.webkit.org/changeset/61044
CVE-2010-1786 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: http://trac.webkit.org/changeset/61667
	NOTE: duplicated as cve-2010-2647
CVE-2010-1785 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-1
	NOTE: http://trac.webkit.org/changeset/61050
	NOTE: http://trac.webkit.org/changeset/61051
CVE-2010-1784 (The counters functionality in the Cascading Style Sheets (CSS) ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: http://trac.webkit.org/changeset/62271
CVE-2010-1783 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	{DSA-2188-1}
	- webkit 1.2.7-1
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: (Chromium Sec) This seems a duplicate of CVE-2010-2899
	NOTE: http://trac.webkit.org/changeset/62134
CVE-2010-1782 (WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.4-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.127~r55887-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=41375
	NOTE: http://trac.webkit.org/changeset/61921
CVE-2010-1781 (Double free vulnerability in WebKit in Apple iOS before 4.1 on the ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1780 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0.1 on ...)
	- webkit 1.2.5-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.125~r53311-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=40407
	NOTE: http://trac.webkit.org/changeset/60984
CVE-2010-1779
	RESERVED
CVE-2010-1778 (Cross-site scripting (XSS) vulnerability in Apple Safari before 5.0.1 ...)
	- webkit <not-affected>
	- chromium-browser <not-affected>
	NOTE: Safari only (chromium security team)
CVE-2010-1777 (Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-1776 (Find My iPhone on iOS 2.0 through 3.1.3 for iPhone 3G and later and ...)
	NOT-FOR-US: Apple iOS
CVE-2010-1775 (Race condition in Passcode Lock in Apple iOS before 4 on the iPhone ...)
	NOT-FOR-US: Apple iPhone Passcode Lock
CVE-2010-1774 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38261
	NOTE: http://trac.webkit.org/changeset/59495
CVE-2010-1773 (Off-by-one error in the toAlphabetic function in ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39508
	NOTE: http://trac.webkit.org/changeset/59950
CVE-2010-1772 (Use-after-free vulnerability in page/Geolocation.cpp in WebCore in ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39388
	NOTE: http://trac.webkit.org/changeset/59859
CVE-2010-1771 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39453
	NOTE: http://trac.webkit.org/changeset/59876
CVE-2010-1770 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38626
	NOTE: http://trac.webkit.org/changeset/59795
CVE-2010-1769 (WebKit in Apple iTunes before 9.2 on Windows, and Apple iOS before 4 ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: dupe of CVE-2010-1774
CVE-2010-1768 (Unspecified vulnerability in Apple iTunes before 9.1 allows local ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-1767 (Cross-site request forgery (CSRF) vulnerability in ...)
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36843
	NOTE: http://trac.webkit.org/changeset/57041
CVE-2010-1766 (Off-by-one error in the WebSocketHandshake::readServerHandshake ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36339
	NOTE: http://trac.webkit.org/changeset/56380
CVE-2010-1765
	RESERVED
	- webkit <not-affected> (doesn't include cf code)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37933
	NOTE: http://trac.webkit.org/changeset/57995
CVE-2010-1764 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=31410
	NOTE: http://trac.webkit.org/changeset/55157
CVE-2010-1763 (Unspecified vulnerability in WebKit in Apple iTunes before 9.2 on ...)
	- webkit <not-affected> (vulnerable code introduced in svn58950, which isn't included in 1.2.1 yet)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=39008
	NOTE: http://trac.webkit.org/changeset/59486
CVE-2010-1762 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38922
	NOTE: http://trac.webkit.org/changeset/59241
	NOTE: http://trac.webkit.org/changeset/59242
CVE-2010-1761 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37760
	NOTE: http://trac.webkit.org/changeset/59263
CVE-2010-1760 (loader/DocumentThreadableLoader.cpp in the XMLHttpRequest ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.99~r51029-2
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37781
	NOTE: http://trac.webkit.org/changeset/58409
CVE-2010-1759 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38583
	NOTE: http://trac.webkit.org/changeset/59109
CVE-2010-1758 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28697
	NOTE: http://trac.webkit.org/changeset/59098
CVE-2010-1757 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
	NOT-FOR-US: Webkit / if anything of this affects Chromium, the Chrome sec team will know and fix
CVE-2010-1756 (The Settings application in Apple iOS before 4 on the iPhone and iPod ...)
	NOT-FOR-US: Apple iPhone
CVE-2010-1755 (Safari in Apple iOS before 4 on the iPhone and iPod touch does not ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1754 (Passcode Lock in Apple iOS before 4 on the iPhone and iPod touch does ...)
	NOT-FOR-US: Apple Passcode Lock
CVE-2010-1753 (ImageIO in Apple iOS before 4 on the iPhone and iPod touch allows ...)
	NOT-FOR-US: iOS
CVE-2010-1752 (Stack-based buffer overflow in CFNetwork in Apple iOS before 4 on the ...)
	NOT-FOR-US: Apple CFNetwork
CVE-2010-1751 (Application Sandbox in Apple iOS before 4 on the iPhone and iPod touch ...)
	NOT-FOR-US: Apple Application Sandbox
CVE-2010-1750 (Use-after-free vulnerability in Apple Safari before 5.0 on Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1749 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27193
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38625
	NOTE: http://trac.webkit.org/changeset/45941
CVE-2010-1748 (The cgi_initialize_string function in cgi-bin/var.c in the web ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-1747
	RESERVED
CVE-2010-1746 (Multiple cross-site scripting (XSS) vulnerabilities in the Table JX ...)
	NOT-FOR-US: com_grid component for joomla!
CVE-2010-1745
	REJECTED
CVE-2010-1744 (SQL injection vulnerability in product.html in B2B Gold Script allows ...)
	NOT-FOR-US: B2B Gold Script
CVE-2010-1743 (SQL injection vulnerability in projects.php in Scratcher allows remote ...)
	NOT-FOR-US: Scratcher
CVE-2010-1742 (Cross-site scripting (XSS) vulnerability in projects.php in Scratcher ...)
	NOT-FOR-US: Scratcher
CVE-2010-1741 (SQL injection vulnerability in request_account.php in Billwerx RC ...)
	NOT-FOR-US: Billwerx
CVE-2010-1740 (SQL injection vulnerability in newsletter.php in GuppY 4.5.18 allows ...)
	NOT-FOR-US: GuppY
CVE-2010-1739 (SQL injection vulnerability in the Newsfeeds (com_newsfeeds) component ...)
	NOT-FOR-US: com_newsfeeds component for joomla!
CVE-2010-1738
	REJECTED
CVE-2010-1737 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Gallo
CVE-2010-1736 (KrM Haber 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: KrM Haber
CVE-2010-1735 (The SfnLOGONNOTIFY function in win32k.sys in the kernel in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1734 (The SfnINSTRING function in win32k.sys in the kernel in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1733 (Multiple SQL injection vulnerabilities in OCS Inventory NG before ...)
	- ocsinventory-server <unfixed> (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1732 (Cross-site request forgery (CSRF) vulnerability in the users module in ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2010-1731 (Google Chrome on the HTC Hero allows remote attackers to cause a ...)
	- chromium-browser 5.0.375.55~r47796-1
	NOTE: various crashes on window close after opening the file on chromium (including sometimes segfaults)
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
	NOTE: not reproducible with chromium-browser 5.0.375.55~r47796-1
CVE-2010-1730 (Dolphin Browser 2.5.0 on the HTC Hero allows remote attackers to cause ...)
	NOT-FOR-US: Dolphin browser, Konqueror not covered by security support
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
CVE-2010-1729 (WebKit.dll in WebKit, as used in Safari.exe 4.531.9.1 in Apple Safari, ...)
	- webkit <unfixed> (unimportant)
	NOTE: CVE-2010-1729/1730/1731 are the same issue but with different effects
	NOTE: dos-only on webkit
CVE-2010-1728 (Opera before 10.53 on Windows and Mac OS X does not properly handle a ...)
	NOT-FOR-US: Opera
CVE-2010-1727 (SQL injection vulnerability in type.asp in JobPost 1.0 allows remote ...)
	NOT-FOR-US: JobPost
CVE-2010-1726 (SQL injection vulnerability in offers_buy.php in EC21 Clone 3.0 allows ...)
	NOT-FOR-US: EC21
CVE-2010-1725 (SQL injection vulnerability in offers_buy.php in Alibaba Clone ...)
	NOT-FOR-US: Alibaba Clone Platinum
CVE-2010-1724 (Multiple cross-site scripting (XSS) vulnerabilities in Zikula ...)
	NOT-FOR-US: Zikula Application Framework
CVE-2009-4841 (Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in ...)
	NOT-FOR-US: Roxio CinePlayer
CVE-2009-4840 (Heap-based buffer overflow in the IAManager ActiveX control in ...)
	NOT-FOR-US: Roxio CinePlayer
CVE-2009-4839 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...)
	- acidbase 1.4.5-1 (bug #587819)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4838 (SQL injection vulnerability in base_ag_common.php in Basic Analysis ...)
	- acidbase 1.4.4-1 (low)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4837 (Multiple cross-site scripting (XSS) vulnerabilities in Basic Analysis ...)
	- acidbase 1.4.4-1 (low)
	[lenny] - acidbase <no-dsa> (Minor issue)
CVE-2009-4836 (Eval injection vulnerability in system/services/init.php in Movie PHP ...)
	NOT-FOR-US: Movie PHP Script
CVE-2009-4835 (The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, ...)
	- libsndfile 1.0.21-3 (unimportant; bug #530831)
	NOTE: application crash only, so not security-relevant
CVE-2010-1723 (Directory traversal vulnerability in the iNetLanka Contact Us Draw ...)
	NOT-FOR-US: com_drawroot component for joomla!
CVE-2010-1722 (Directory traversal vulnerability in the Online Market (com_market) ...)
	NOT-FOR-US: com_market component for joomla!
CVE-2010-1721 (SQL injection vulnerability in the Intellectual Property (aka ...)
	NOT-FOR-US: com_iproperty component for joomla!
CVE-2010-1720 (SQL injection vulnerability in the Q-Personel (com_qpersonel) ...)
	NOT-FOR-US: com_qpersonel component for joomla!
CVE-2010-1719 (Directory traversal vulnerability in the MT Fire Eagle ...)
	NOT-FOR-US: com_mtfireeagle component for joomla!
CVE-2010-1718 (Directory traversal vulnerability in archeryscores.php in the Archery ...)
	NOT-FOR-US: com_archeryscores component for joomla!
CVE-2010-1717 (Directory traversal vulnerability in the iF surfALERT ...)
	NOT-FOR-US: com_if_surfalert component for joomla!
CVE-2010-1716 (SQL injection vulnerability in the Agenda Address Book (com_agenda) ...)
	NOT-FOR-US: com_agenda component for joomla!
CVE-2010-1715 (Directory traversal vulnerability in the Online Examination (aka ...)
	NOT-FOR-US: com_onlineexam component for joomla!
CVE-2010-1714 (Directory traversal vulnerability in the Arcade Games ...)
	NOT-FOR-US: com_arcadegames component for joomla!
CVE-2010-1713 (SQL injection vulnerability in modules.php in PostNuke 0.764 allows ...)
	NOT-FOR-US: PostNuke
CVE-2010-1712 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Webmobo WB News
CVE-2010-1711 (Cross-site scripting (XSS) vulnerability in carga_foto_al.php in ...)
	NOT-FOR-US: Siestta
CVE-2010-1710 (Directory traversal vulnerability in login.php in Siestta 2.0, when ...)
	NOT-FOR-US: Siestta
CVE-2010-1709 (Multiple cross-site scripting (XSS) vulnerabilities in upload.cgi in ...)
	NOT-FOR-US: G5-Scripts
CVE-2010-1708 (Multiple SQL injection vulnerabilities in agentadmin.php in Free ...)
	NOT-FOR-US: Free Realty
CVE-2010-1707 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	- piwigo 2.0.10-1
CVE-2010-1706 (Multiple SQL injection vulnerabilities in login.php in 2daybiz Auction ...)
	NOT-FOR-US: 2daybiz Auction Script
CVE-2010-1705 (SQL injection vulnerability in casting_view.php in Modelbook allows ...)
	NOT-FOR-US: Modelbook
CVE-2010-1704 (Multiple SQL injection vulnerabilities in 2daybiz Polls (aka Advanced ...)
	NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1703 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: 2daybiz Polls Script
CVE-2010-1702 (SQL injection vulnerability in submitticket.php in WHMCompleteSolution ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2010-1701 (SQL injection vulnerability in browse.html in PHP Video Battle Script ...)
	NOT-FOR-US: PHP Video Battle Script
CVE-2010-1700
	REJECTED
CVE-2010-1699
	REJECTED
CVE-2010-1698
	REJECTED
CVE-2010-1697
	REJECTED
CVE-2010-1696
	REJECTED
CVE-2010-1695
	REJECTED
CVE-2010-1694
	REJECTED
CVE-2010-1693 (openibd in OpenFabrics Enterprise Distribution (OFED) 1.5.2 allows ...)
	NOT-FOR-US: OpenFabrics Enterprise Distribution (OFED)
	NOTE: openibd is part of ofa-kernel (ofa_1_5_kernel-20101028-0200/ofed_scripts/openibd), fixed in 2010-10-28 build
	NOTE: http://www.openfabrics.org/downloads/ofa_1_5_kernel/
	NOTE: ITP for ofa-kernel is bug #541849
CVE-2010-1692
	REJECTED
CVE-2010-1691
	REJECTED
CVE-2010-1690 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1689 (The DNS implementation in smtpsvc.dll before 6.0.2600.5949 in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1688 (Stack-based buffer overflow in 2BrightSparks SyncBack Freeware ...)
	NOT-FOR-US: 2BrightSparks SyncBack Freeware
CVE-2010-1687 (Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows ...)
	NOT-FOR-US: Mocha W32 LPD
CVE-2010-1686 (Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC ...)
	NOT-FOR-US: Urgent Backup
CVE-2010-1685 (Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows ...)
	NOT-FOR-US: CursorArts ZipWrangler
CVE-2010-1684
	RESERVED
CVE-2010-1683
	RESERVED
CVE-2010-1682
	RESERVED
CVE-2010-1681 (Buffer overflow in VISIODWG.DLL before 10.0.6880.4 in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office Visio
CVE-2010-1680
	REJECTED
CVE-2010-1679 (Directory traversal vulnerability in dpkg-source in dpkg before ...)
	{DSA-2142-1}
	- dpkg 1.15.8.8
CVE-2010-1678
	RESERVED
	- mapserver 5.6.5-2
	NOTE: http://trac.osgeo.org/mapserver/ticket/3641
CVE-2010-1677 (MHonArc 2.6.16 allows remote attackers to cause a denial of service ...)
	- mhonarc 2.6.18-1 (low)
	[squeeze] - mhonarc <no-dsa> (Minor issue)
CVE-2010-1676 (Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before ...)
	{DSA-2136-1}
	- tor 0.2.1.26-6
CVE-2010-1675 (bgpd in Quagga before 0.99.18 allows remote attackers to cause a ...)
	{DSA-2197-1}
	- quagga 0.99.18-1
CVE-2010-1674 (The extended-community parser in bgpd in Quagga before 0.99.18 allows ...)
	{DSA-2197-1}
	- quagga 0.99.18-1
CVE-2010-1673 [ikiwiki xss due to insufficient html scrubbing]
	RESERVED
	- ikiwiki 3.20101112
	[squeeze] - ikiwiki 3.20100815.2
	[lenny] - ikiwiki <not-affected>
CVE-2010-1672
	RESERVED
CVE-2010-1671 (hsolinkcontrol in hsolink 1.0.118 allows local users to gain ...)
	- hsolink <removed> (bug #590670)
CVE-2010-1670 (Mahara before 1.0.15, 1.1.x before 1.1.9, and 1.2.x before 1.2.5 has ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1669 (SQL injection vulnerability in Mahara 1.1.x before 1.1.9 and 1.2.x ...)
	- mahara 1.2.5-1
	[lenny] - mahara <not-affected>
CVE-2010-1668 (Multiple cross-site request forgery (CSRF) vulnerabilities in Mahara ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1667 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara before ...)
	{DSA-2067-1}
	- mahara 1.2.5-1
CVE-2010-1666 (Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding ...)
	{DSA-2068-1}
	- python-cjson 1.0.5-3 (bug #587700)
	NOTE: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
CVE-2010-1665 (Google Chrome before 4.1.249.1064 does not properly handle fonts, ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.2.1-3
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/58201
CVE-2010-1664 (Google Chrome before 4.1.249.1064 does not properly handle HTML5 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/57922
CVE-2010-1663 (The Google URL Parsing Library (aka google-url or GURL) in Google ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (issue is in google url; i.e. chromium-specific)
CVE-2010-1662 (Cross-site scripting (XSS) vulnerability in acpmoderate.php in ...)
	NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1661 (Multiple SQL injection vulnerabilities in PHP-Quick-Arcade (PHPQA) ...)
	NOT-FOR-US: PHP-Quick-Arcade
CVE-2010-1660 (SQL injection vulnerability in help-details.php in CLScript ...)
	NOT-FOR-US: CLScript Classifieds Script
CVE-2010-1659 (Directory traversal vulnerability in the Ultimate Portfolio ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1658 (Directory traversal vulnerability in the Code-Garage NoticeBoard ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1657 (Directory traversal vulnerability in the SmartSite (com_smartsite) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1656 (SQL injection vulnerability in the Airiny ABC (com_abc) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1655 (Cross-site scripting (XSS) vulnerability in User/User_ChkLogin.asp in ...)
	NOT-FOR-US: PowerEasy
CVE-2010-1654 (Multiple SQL injection vulnerabilities in system_member_login.php in ...)
	NOT-FOR-US: Infocus Real Estate Enterprise Edition
CVE-2010-1653 (Directory traversal vulnerability in graphics.php in the Graphics ...)
	NOT-FOR-US: Graphics component for Joomla!
CVE-2010-1652 (Directory traversal vulnerability in the HelpCenter module in Help ...)
	NOT-FOR-US: Help Center Live
CVE-2010-1651 (IBM WebSphere Application Server (WAS) 6.1.x before 6.1.0.31 and 7.0.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1650 (IBM WebSphere Application Server (WAS) 6.0.x before 6.0.2.41, 6.1.x ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1649 (Multiple cross-site scripting (XSS) vulnerabilities in the back end in ...)
	NOT-FOR-US: Joomla
CVE-2010-1648 (Cross-site request forgery (CSRF) vulnerability in the login interface ...)
	- mediawiki 1:1.15.4-1 (bug #585918; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1647 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.15 before ...)
	- mediawiki 1:1.15.4-1 (bug #585918; low)
	[lenny] - mediawiki 1:1.12.0-2lenny6
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-May/000091.html
CVE-2010-1646 (The secure path feature in env.c in sudo 1.3.1 through 1.6.9p22 and ...)
	{DSA-2062-1}
	- sudo 1.7.2p7-1 (bug #585394)
CVE-2010-1645 (Cacti before 0.8.7f, as used in Red Hat High Performance Computing ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-1644 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti before ...)
	{DSA-2384-1}
	- cacti 0.8.7g-1
CVE-2010-1643 (mm/shmem.c in the Linux kernel before 2.6.28-rc3, when strict ...)
	- linux-2.6 2.6.28-1
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1642 (The reply_sesssetup_and_X_spnego function in sesssetup.c in smbd in ...)
	- samba 2:3.5.4~dfsg-2 (unimportant)
	NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1641 (The do_gfs2_set_flags function in fs/gfs2/file.c in the Linux kernel ...)
	- linux-2.6 2.6.32-16
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1640 (Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...)
	- clamav 0.96.1+dfsg-1 (bug #584183)
	[lenny] - clamav <end-of-life>
CVE-2010-1639 (The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...)
	- clamav 0.96.1+dfsg-1 (bug #584183)
	[lenny] - clamav <end-of-life>
CVE-2010-1638 (The IMP plugin in Horde allows remote attackers to bypass firewall ...)
	- horde3 <unfixed> (unimportant)
CVE-2010-1637 (The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote ...)
	- squirrelmail 2:1.4.21-1 (unimportant)
CVE-2010-1636 (The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs ...)
	- linux-2.6 2.6.32-14
	[lenny] - linux-2.6 <not-affected> (brtfs introduced in 2.6.32)
CVE-2010-1635 (The chain_reply function in process.c in smbd in Samba before 3.4.8 ...)
	- samba 2:3.6.1-2 (unimportant)
	NOTE: http://git.samba.org/?p=samba.git;a=commitdiff;h=25452a2268ac7013da28125f3df22085139af12d
	NOTE: Only crashes a single connection, not the entire smbd
CVE-2010-1634 (Multiple integer overflows in audioop.c in the audioop module in ...)
	- python3.1 3.1.2+20100822-1 (low)
	- python2.7 2.7-1 (low)
	- python2.6 2.6.6-1 (low)
	- python2.5 2.5.5-10 (low; bug #599739)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1633 (RSA verification recovery in the EVP_PKEY_verify_recover function in ...)
	- openssl <not-affected> (This bug is only present in OpenSSL 1.0.0, first version of 1.0.0 ever uploaded was 1.0.0c)
CVE-2010-1632 (Apache Axis2 before 1.5.2, as used in IBM WebSphere Application Server ...)
	- axis2c 1.6.0-1
CVE-2010-1631
	REJECTED
CVE-2010-1630 (Unspecified vulnerability in posting.php in phpBB before 3.0.5 has ...)
	- phpbb3 3.0.7-PL1-1 (low)
	[lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1629 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 ...)
	NOT-FOR-US: Phorum
CVE-2010-1628 (Ghostscript 8.64, 8.70, and possibly other versions allows ...)
	{DSA-2093-1}
	- ghostscript 8.71~dfsg2-4 (medium; bug #584516)
	NOTE: no upstream fix available, see issue #1 in ubuntu bug report:
	NOTE: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/546009
	NOTE: http://bugs.ghostscript.com/show_bug.cgi?id=691295
CVE-2010-1627 (feed.php in phpBB 3.0.7 before 3.0.7-PL1 does not properly check ...)
	- phpbb3 3.0.7-PL1-1 (low)
	[lenny] - phpbb3 <no-dsa> (Minor issue)
CVE-2010-1626 (MySQL before 5.1.46 allows local users to delete the data and index ...)
	{DSA-2057-1}
	- mysql-5.1 5.1.46-1 (bug #582526)
	- mysql-dfsg-5.0 <removed> (low; bug #584400)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=553648
CVE-2010-1625 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer ...)
	{DSA-2092-1}
	- lxr <removed> (low; bug #588138)
	[lenny] - lxr <no-dsa> (Minor issue)
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588137)
CVE-2010-1624 (The msn_emoticon_msg function in slp.c in the MSN protocol plugin in ...)
	- pidgin 2.7.0-1 (low)
	[lenny] - pidgin 2.4.3-4lenny6
	NOTE: MSN support was disabled in 2.4.3-4lenny6
CVE-2010-1623 (Memory leak in the apr_brigade_split_line function in ...)
	{DSA-2117-1}
	- apr-util 1.3.9+dfsg-4 (medium)
	- apache2 2.2.16-3
	[lenny] - apache2 <not-affected> (vulnerable code introduced in 2.2.15-2 or -3)
CVE-2010-1622 (SpringSource Spring Framework 2.5.x before 2.5.6.SEC02, 2.5.7 before ...)
	- libspring-2.5-java 2.5.6.SEC02-1 (medium)
CVE-2010-1621 (The mysql_uninstall_plugin function in sql/sql_plugin.cc in MySQL 5.1 ...)
	- mysql-5.1 5.1.46-1
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=590190
CVE-2010-1620 (Integer overflow in the load_iface function in Tools/gdomap.c in ...)
	- gnustep-base 1.19.3-2 (bug #584401)
	[lenny] - gnustep-base <no-dsa> (Minor issue)
CVE-2010-1612 (The IBM WebSphere DataPower XML Accelerator XA35, Low Latency ...)
	NOT-FOR-US: IBM WebSphere DataPower XML Accelerator
CVE-2010-1611 (Cross-site request forgery (CSRF) vulnerability in AlegroCart 1.1 ...)
	NOT-FOR-US: AlegroCart
CVE-2010-1610 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: OpenCart
CVE-2010-1609 (Cross-site scripting (XSS) vulnerability in SAP NetWeaver 2004 before ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2010-1608 (Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-1607 (Directory traversal vulnerability in wmi.php in the Webmoney Web ...)
	NOT-FOR-US: Webmoney Web Merchant Interface component for Joomla!
CVE-2010-1606 (Multiple cross-site scripting (XSS) vulnerabilities in NCT Jobs Portal ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1605 (Multiple SQL injection vulnerabilities in isearch.php in NCT Jobs ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1604 (Multiple SQL injection vulnerabilities in admin_login.php in NCT Jobs ...)
	NOT-FOR-US: NCT Jobs Portal Script
CVE-2010-1603 (Directory traversal vulnerability in the ZiMB Core (aka ZiMBCore or ...)
	NOT-FOR-US: ZiMB Core component for Joomla!
CVE-2010-1602 (Directory traversal vulnerability in the ZiMB Comment ...)
	NOT-FOR-US: ZiMB Comment component for Joomla!
CVE-2010-1601 (Directory traversal vulnerability in the JA Comment (com_jacomment) ...)
	NOT-FOR-US: JA Comment component for Joomla!
CVE-2010-1600 (SQL injection vulnerability in the Media Mall Factory (com_mediamall) ...)
	NOT-FOR-US: Media Mall Factory component for Joomla!
CVE-2010-1599 (SQL injection vulnerability in loadorder.php in NKInFoWeb 2.5 and ...)
	NOT-FOR-US: NKInFoWeb
CVE-2010-1598 (phpThumb.php in phpThumb() 1.7.9 and possibly other versions, when ...)
	NOT-FOR-US: phpThumb()
CVE-2010-1597 (Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 ...)
	NOT-FOR-US: ZipGenius
CVE-2009-4834 (lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute ...)
	NOT-FOR-US: Zeroboard
CVE-2009-4833 (MySQL Connector/NET before 6.0.4, when using encryption, does not ...)
	NOT-FOR-US: MySQL Connector/NET
CVE-2009-4832 (The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local ...)
	NOT-FOR-US: DLPCryptCore
CVE-2009-4831 (Cerulean Studios Trillian 3.1 Basic does not check SSL certificates ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2010-1619 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (low; bug #585425)
	- wordpress <not-affected> (Vulnerable code not present)
	- egroupware <not-affected> (Vulneable code not present)
CVE-2010-1618 (Cross-site scripting (XSS) vulnerability in the phpCAS client library ...)
	{DSA-2115-1}
	- libphp-cas <itp> (bug #495542)
	- moodle 1.9.8-1 (low; bug #574757)
	- glpi <removed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2010-1617 (user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (unimportant; bug #585427)
	NOTE: i have a hard time seeing the security impact, moodle is a course management
	NOTE: system and the real names of your colleagues are probably not a secret, since
	NOTE: a patch exists I filed a bug anyway
CVE-2010-1616 (Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1615 (Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1613 (Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the &quot;Regenerate ...)
	{DSA-2115-1}
	- moodle 1.9.8-1
CVE-2010-1596 (Support Incident Tracker before 3.51, when using LDAP authentication ...)
	NOT-FOR-US: Support Incident Tracker
CVE-2010-1595 (Multiple SQL injection vulnerabilities in ocsreports/index.php in OCS ...)
	- ocsinventory-server 1.02.1-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1594 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- ocsinventory-server 1.02.1-1 (unimportant)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2010-1593 (Multiple cross-site scripting (XSS) vulnerabilities in SilverStripe ...)
	- silverstripe <itp> (bug #528461)
CVE-2010-1592 (sandra.sys 15.18.1.1 and earlier in the Sandra Device Driver in ...)
	NOT-FOR-US: SiSoftware Sandra
CVE-2010-1591 (Beijing Rising International Rising Antivirus 2008 through 2010 does ...)
	NOT-FOR-US: Beijing Rising International Rising Antivirus
CVE-2010-1590 (Cross-site scripting (XSS) vulnerability in shopsessionsubs.asp in ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1589 (Directory traversal vulnerability in shopsessionsubs.asp in Rocksalt ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1588 (SQL injection vulnerability in the Getwebsess function in ...)
	NOT-FOR-US: Rocksalt International VP-ASP Shopping Cart
CVE-2010-1587 (The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-1586 (Open redirect vulnerability in red2301.html in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-1585 (The nsIScriptableUnescapeHTML.parseFragment method in the ...)
	{DSA-2187-1 DSA-2186-1 DSA-2180-1}
	- icedove 3.0.11-2
	[lenny] - icedove <end-of-life>
	- xulrunner <removed> (unimportant)
	[lenny] - xulrunner 1.9.0.19-8
	- iceweasel 3.5.17-1
	[lenny] - iceweasel <not-affected> (Lenny's iceweasel uses Xulrunner from the xulrunner source pkg)
	- iceape 2.0.12-1
	[lenny] - iceape <not-affected> (Only a stub package)
	NOTE: xulrunner in wheezy is not covered by security support
CVE-2010-1584 (Cross-site scripting (XSS) vulnerability in the Context module before ...)
	NOT-FOR-US: Context module for drupal
CVE-2010-1583 (SQL injection vulnerability in the loadByKey function in the ...)
	NOT-FOR-US: Tirzen Framework
CVE-2010-1582
	RESERVED
CVE-2010-1581 (Unspecified vulnerability in the Transport Layer Security (TLS) ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1580 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1579 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1578 (Unspecified vulnerability in the SunRPC inspection feature on Cisco ...)
	NOT-FOR-US: Cisco ASA
CVE-2010-1577 (Directory traversal vulnerability in Cisco Internet Streamer, as used ...)
	NOT-FOR-US: Cisco
CVE-2010-1576 (The Cisco Content Services Switch (CSS) 11500 with software before ...)
	NOT-FOR-US: Cisco
CVE-2010-1575 (The Cisco Content Services Switch (CSS) 11500 with software 08.20.1.01 ...)
	NOT-FOR-US: Cisco
CVE-2010-1574 (IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 ...)
	NOT-FOR-US: Cisco
CVE-2010-1573 (Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded ...)
	NOT-FOR-US: Linksys firmware
CVE-2010-1572 (Unspecified vulnerability in the tech support diagnostic shell in ...)
	NOT-FOR-US: Cisco
CVE-2010-1571 (Directory traversal vulnerability in the bootstrap service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-1570 (The computer telephony integration (CTI) server component in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-1569
	RESERVED
CVE-2010-1568 (The Send Secure functionality in the Cisco IronPort Desktop Flag ...)
	NOT-FOR-US: Cisco IronPort Desktop Flag Plug-in for Microsoft Outlook
CVE-2010-1567 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1566
	RESERVED
CVE-2010-1565 (Unspecified vulnerability in the SIP implementation on the Cisco PGW ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1563 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1562 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1561 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-1560 (Buffer overflow in the REPEAT function in IBM DB2 9.1 before FP9 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-1559 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...)
	NOT-FOR-US: com_sermonspeaker component for joomla!
CVE-2009-4830 (Unspecified vulnerability in OpenX 2.8.1 and 2.8.2 allows remote ...)
	- openx <itp> (bug #513771)
CVE-2009-4829 (Cross-site scripting (XSS) vulnerability in the Automated Logout ...)
	NOT-FOR-US: Automated Logout module for drupal
CVE-2009-4828 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2009-4827 (Cross-site request forgery (CSRF) vulnerability in admin.php in Mail ...)
	NOT-FOR-US: Mail Manager Pro
CVE-2009-4826 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2009-4825 (8pixel.net Blog 4 stores sensitive information under the web root with ...)
	NOT-FOR-US: 8pixel.net Blog
CVE-2009-4824 (Unspecified vulnerability in Kolab Webclient before 1.2.0 in Kolab ...)
	{DSA-1897-1}
	- kolab-webclient <undetermined>
	- horde3 3.3.5+debian0-1
	NOTE: package only in experimental; claimed fixed in version 20091202, but not enough info to check
	NOTE: http://kolab.org/cgi-bin/viewcvs-kolab.cgi/*checkout*/server/patches/horde-webmail/1.2.0/tg/Attic/t_framework_H_JS_Form_FixFormSecurityForImageUploads.diff?rev=1.1.2.1&only_with_tag=kolab_2_2_branch
CVE-2009-4823 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: cPanel
CVE-2009-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-4821 (The D-Link DIR-615 with firmware 3.10NA does not require ...)
	NOT-FOR-US: D-Link DIR-615
CVE-2009-4820 (Angelo-Emlak 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2009-4819 (Multiple unrestricted file upload vulnerabilities in upload.php in ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2009-4818 (Unrestricted file upload vulnerability in upload.php in PHPSimplicity ...)
	NOT-FOR-US: PHPSimplicity of Upload
CVE-2009-4817 (Unrestricted file upload vulnerability in Element-IT Ultimate Uploader ...)
	NOT-FOR-US: Element-IT Ultimate Uploader
CVE-2009-4816 (Directory traversal vulnerability in api/download_checker.php in ...)
	NOT-FOR-US: MegaLab The Uploader
CVE-2009-4815 (Directory traversal vulnerability in Serv-U before 9.2.0.1 allows ...)
	NOT-FOR-US: Serv-U
CVE-2009-4814 (Cross-site scripting (XSS) vulnerability in Wolfram Research ...)
	NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4813 (Cross-site scripting (XSS) vulnerability in myps.php in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2009-4812 (Wolfram Research webMathematica allows remote attackers to obtain ...)
	NOT-FOR-US: Wolfram Research webMathematica
CVE-2009-4811 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...)
	NOT-FOR-US: VMware
CVE-2010-2447 [gitolite "not filtering src/ or hooks/ from pathnames"]
	RESERVED
	- gitolite 1.4.2-1 (low)
	NOTE: http://secunia.com/advisories/39587/
CVE-2010-2448 (znc.cpp in ZNC before 0.092 allows remote authenticated users to cause ...)
	- gitolite 1.4.2-1 (medium)
	NOTE: http://secunia.com/advisories/39587/
CVE-2010-1558 (Unspecified vulnerability in HP Multifunction Peripheral (MFP) Digital ...)
	NOT-FOR-US: HP MFP Digital Sending Software
CVE-2010-1557 (Multiple cross-site scripting (XSS) vulnerabilities in HP Insight ...)
	NOT-FOR-US: HP Insight Control Server Migration
CVE-2010-1556 (Unspecified vulnerability in HP Systems Insight Manager (SIM) 5.3, 5.3 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2010-1555 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1554 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1553 (Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1552 (Stack-based buffer overflow in the doLoad function in snmpviewer.exe ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1551 (Stack-based buffer overflow in the _OVParseLLA function in ov.dll in ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1550 (Format string vulnerability in ovet_demandpoll.exe in HP OpenView ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2010-1549 (Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 ...)
	NOT-FOR-US: HP LoadRunner
CVE-2010-1548 (The auto-complete functionality in the Chaos Tool Suite (aka CTools) ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1547 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1546 (Multiple eval injection vulnerabilities in the import functionality in ...)
	NOT-FOR-US: CTools module for Drupal
CVE-2010-1545
	RESERVED
CVE-2010-1544 (micro_httpd on the RCA DCM425 cable modem allows remote attackers to ...)
	NOT-FOR-US: RCA DCM425 Cable Modem
CVE-2010-1543 (Cross-site scripting (XSS) vulnerability in the eTracker module before ...)
	NOT-FOR-US: eTracker module for drupal
CVE-2010-1542 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: DFD Cart
CVE-2010-1541 (Multiple cross-site scripting (XSS) vulnerabilities in DFD Cart 1.198, ...)
	NOT-FOR-US: DFD Cart
CVE-2010-1540 (Directory traversal vulnerability in index.php in the MyBlog ...)
	NOT-FOR-US: com_myblog component for joomla!
CVE-2010-1539 (Cross-site scripting (XSS) vulnerability in the Workflow module ...)
	NOT-FOR-US: workflow module for drupal
CVE-2010-1538 (SQL injection vulnerability in print_raincheck.php in phpRAINCHECK ...)
	NOT-FOR-US: phpRAINCHECK
CVE-2010-1537 (Multiple directory traversal vulnerabilities in phpCDB 1.0 and earlier ...)
	NOT-FOR-US: phpCDB
CVE-2010-1536 (Cross-site scripting (XSS) vulnerability in the AddThis Button module ...)
	NOT-FOR-US: AddThis Button module for drupal
CVE-2010-1535 (Directory traversal vulnerability in the TRAVELbook (com_travelbook) ...)
	NOT-FOR-US: com_travelbook component for joomla!
CVE-2010-1534 (Directory traversal vulnerability in the Shoutbox Pro (com_shoutbox) ...)
	NOT-FOR-US: com_shoutbox component for joomla!
CVE-2010-1533 (Directory traversal vulnerability in the TweetLA (com_tweetla) ...)
	NOT-FOR-US: com_tweetla component for joomla!
CVE-2010-1532 (Directory traversal vulnerability in the givesight PowerMail Pro ...)
	NOT-FOR-US: com_powermail component for joomla!
CVE-2010-1531 (Directory traversal vulnerability in the redSHOP (com_redshop) ...)
	NOT-FOR-US: com_redshop component for joomla!
CVE-2010-1530 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Internationalization module for drupal
CVE-2010-1529 (SQL injection vulnerability in the Freestyle FAQs Lite (com_fsf) ...)
	NOT-FOR-US: com_fsf component for joomla!
CVE-2010-1528 (PHP remote file inclusion vulnerability in include/template.php in ...)
	NOT-FOR-US: Uiga Proxy
CVE-2010-1527 (Stack-based buffer overflow in Novell iPrint Client before 5.44 allows ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2010-1526 (Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow ...)
	- libgdiplus 2.6.7-2 (low; bug #594155)
	[lenny] - libgdiplus 1.9-1+lenny1
CVE-2010-1525 (Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1524 (The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-1523 (Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in ...)
	NOT-FOR-US: Winamp
CVE-2010-1522 (Multiple SQL injection vulnerabilities in the BookLibrary Basic ...)
	NOT-FOR-US: com_booklibrary component for joomla!
CVE-2010-1521 (SQL injection vulnerability in include/classes/tzn_user.php in ...)
	NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1520 (Cross-site scripting (XSS) vulnerability in logout.php in TaskFreak! ...)
	NOT-FOR-US: TaskFreak! Original multi user
CVE-2010-1519 (Multiple integer overflows in glpng.c in glpng 1.45 allow ...)
	- libglpng <removed> (low; bug #595171)
	[lenny] - libglpng <no-dsa> (Minor issue)
CVE-2010-1518 (Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ...)
	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1517 (The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers ...)
	NOT-FOR-US: GIGABYTE Dldrv2 ActiveX control
CVE-2010-1516 (Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to ...)
	NOT-FOR-US: SWFtools (were once packaged)
CVE-2010-1515 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-1514 (Unrestricted file upload vulnerability in TomatoCMS 2.0.6 and earlier ...)
	NOT-FOR-US: TomatoCMS
CVE-2010-1513 (Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 ...)
	- ziproxy 3.1.0-1 (bug #584933)
	[lenny] - ziproxy <no-dsa> (Minor issue, obscure attack vector)
CVE-2010-1512 (Directory traversal vulnerability in aria2 before 1.9.3 allows remote ...)
	{DSA-2047-1}
	- aria2 1.9.3-1
	NOTE: http://seclists.org/fulldisclosure/2010/May/168
CVE-2010-1511 (KGet 2.4.2 in KDE SC 4.0.0 through 4.4.3 does not properly request ...)
	- kdenetwork 4:4.4.4-1 (low)
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
	NOTE: http://seclists.org/fulldisclosure/2010/May/164
CVE-2010-1510 (Heap-based buffer overflow in IrfanView before 4.27 allows remote ...)
	NOT-FOR-US: IrfanView
CVE-2010-1509 (IrfanView before 4.27 does not properly handle an unspecified integer ...)
	NOT-FOR-US: IrfanView
CVE-2010-1508 (Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-1507 (WebYaST in yast2-webclient in SUSE Linux Enterprise (SLE) 11 on the ...)
	NOT-FOR-US: YAST
CVE-2010-1506 (The Google V8 bindings in Google Chrome before 4.1.249.1059 allow ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (doesn't use v8 bindings yet)
	NOTE: http://trac.webkit.org/changeset/45826
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37210
	NOTE: http://trac.webkit.org/changeset/57224
CVE-2010-1505 (Google Chrome before 4.1.249.1059 does not prevent pages from loading ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1504 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1503 (Cross-site scripting (XSS) vulnerability in Google Chrome before ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific issue)
CVE-2010-1502 (Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chromium-specific directory traversal)
CVE-2010-1501
	REJECTED
CVE-2010-1500 (Google Chrome before 4.1.249.1059 does not properly support forms, ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (proof-of-concept not effective; chromium-specific issue)
CVE-2010-1499 (SQL injection vulnerability in genre_artists.php in MusicBox 3.3 ...)
	NOT-FOR-US: MusicBox
CVE-2010-1498 (Multiple SQL injection vulnerabilities in dl_stats before 2.0 allow ...)
	NOT-FOR-US: dl_stats
CVE-2010-1497 (Cross-site scripting (XSS) vulnerability in download_proc.php in ...)
	NOT-FOR-US: dl_stats
CVE-2010-1496 (SQL injection vulnerability in the JoltCard (com_joltcard) component ...)
	NOT-FOR-US: com_joltcard component for joomla!
CVE-2010-1495 (Directory traversal vulnerability in the Matamko (com_matamko) ...)
	NOT-FOR-US: com_matamko component for joomla!
CVE-2010-1494 (Directory traversal vulnerability in the AWDwall (com_awdwall) ...)
	NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1493 (SQL injection vulnerability in the AWDwall (com_awdwall) component ...)
	NOT-FOR-US: com_awdwall component for joomla!
CVE-2010-1492 (Directory traversal vulnerability in help/frameRight.php in Elastix ...)
	NOT-FOR-US: Elastix
CVE-2010-1491 (Directory traversal vulnerability in the MMS Blog (com_mmsblog) ...)
	NOT-FOR-US: com_mmsblog component for joomla!
CVE-2009-4810 (The Secure Remote Password (SRP) implementation in Samhain before ...)
	- samhain 2.5.4-1 (unimportant)
	NOTE: Support for client/server operation is not enabled in the Debian packages
CVE-2009-4809 (Directory traversal vulnerability in thumbnail.ghp in Easy File ...)
	NOT-FOR-US: Easy File Sharing Web Server
CVE-2009-4808 (admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers ...)
	NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4807 (Multiple SQL injection vulnerabilities in Graugon PHP Article ...)
	NOT-FOR-US: Graugon PHP Article Publisher
CVE-2009-4806 (admin/save_user.asp in Digital Interchange Document Library 1.0.1 does ...)
	NOT-FOR-US: Digital Interchange Document Library
CVE-2009-4805 (Multiple SQL injection vulnerabilities in EZ-Blog Beta 1, when ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-4804 (Cross-site scripting (XSS) vulnerability in the Calendar Base (cal) ...)
	NOT-FOR-US: cal extension for typo3
CVE-2009-4803 (SQL injection vulnerability in the Accessibility Glossary ...)
	NOT-FOR-US: a21glossary extension for typo3
CVE-2009-4802 (SQL injection vulnerability in the Flat Manager (flatmgr) extension ...)
	NOT-FOR-US: fsatmgr extension for typo3
CVE-2009-4801 (EZ-Blog Beta 1 does not require authentication, which allows remote ...)
	NOT-FOR-US: EZ-Blog
CVE-2010-1490 (Unspecified vulnerability in IBM Cognos 8 Business Intelligence before ...)
	NOT-FOR-US: IBM Cognos
CVE-2009-4800 (Directory traversal vulnerability in Sysax Multi Server 4.3 and 4.5 ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2009-4799 (Diskos CMS 6.x stores sensitive information under the web root with ...)
	NOT-FOR-US: Diskos CMS
CVE-2009-4798 (Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote ...)
	NOT-FOR-US: Diskos CMS
CVE-2009-4797 (SQL injection vulnerability in browse.php in JobHut 1.2 and earlier ...)
	NOT-FOR-US: JobHut
CVE-2009-4796 (Multiple SQL injection vulnerabilities in the ExecuteQueries function ...)
	NOT-FOR-US: glFusion
CVE-2009-4795 (Multiple SQL injection vulnerabilities in Xlight FTP Server before ...)
	NOT-FOR-US: Xlight FTP Server
CVE-2009-4794 (Multiple SQL injection vulnerabilities in Community CMS 0.5 allow ...)
	NOT-FOR-US: Community CMS
CVE-2009-4793 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: BandSite CMS
CVE-2009-4792 (SQL injection vulnerability in includes/content/member_content.php in ...)
	NOT-FOR-US: BandSite CMS
CVE-2009-4791 (Multiple SQL injection vulnerabilities in Family Connections (aka ...)
	NOT-FOR-US: Family Connections
CVE-2009-4790 (Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 ...)
	NOT-FOR-US: Sysax Multi Server
CVE-2009-4789 (Multiple PHP remote file inclusion vulnerabilities in the MojoBlog ...)
	NOT-FOR-US: mojoblog component for joomla!
CVE-2009-4788 (Multiple open redirect vulnerabilities in Pligg 1.0.2 and earlier ...)
	NOT-FOR-US: Pligg
CVE-2009-4787 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pligg ...)
	NOT-FOR-US: Pligg
CVE-2009-4786 (Multiple cross-site scripting (XSS) vulnerabilities in Pligg before ...)
	NOT-FOR-US: Pligg
CVE-2009-4785 (SQL injection vulnerability in the Quick News (com_quicknews) ...)
	NOT-FOR-US: com_quicknews component for joomla!
CVE-2009-4784 (SQL injection vulnerability in the Joaktree (com_joaktree) component ...)
	NOT-FOR-US: com_joaktree component for joomla!
CVE-2009-4783 (Multiple SQL injection vulnerabilities in Theeta CMS, possibly 0.01, ...)
	NOT-FOR-US: Theeta CMS
CVE-2009-4782 (Multiple cross-site scripting (XSS) vulnerabilities in Theeta CMS, ...)
	NOT-FOR-US: Theeta CMS
CVE-2009-4781 (TUKEVA Password Reminder before 1.0.0.4 uses a hard-coded password for ...)
	NOT-FOR-US: TUKEVA Password Reminder
CVE-2009-4780 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2009-4779 (Multiple PHP remote file inclusion vulnerabilities in NukeHall 0.3 and ...)
	NOT-FOR-US: NukeHall
CVE-2009-4778 (Multiple unspecified vulnerabilities in the PDF distiller in the ...)
	NOT-FOR-US: BlackBerry PDF distiller
CVE-2009-4777 (Unspecified vulnerability in multiple versions of Hitachi ...)
	NOT-FOR-US: Hitachi Job Management / System Observer
CVE-2009-4776 (Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2009-4775 (Format string vulnerability in Ipswitch WS_FTP Professional 12 before ...)
	NOT-FOR-US: Ipswitch WS_FTP Professional
CVE-2009-4774 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris snv_49 ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-XXXX [prosody password world-readable]
	- prosody 0.7.0-1 (low; bug #579087)
CVE-2010-XXXX [gnome-orca: shell access without logon]
	- gnome-orca 2.30.0-2 (bug #578928)
	[lenny] - gnome-orca <not-affected> (Doesn't affect Lenny's version)
CVE-2010-1431 (SQL injection vulnerability in templates_export.php in Cacti 0.8.7e ...)
	{DSA-2039-1}
	- cacti 0.8.7e-3 (bug #578909)
	NOTE: http://seclists.org/fulldisclosure/2010/Apr/272
	NOTE: http://www.cacti.net/downloads/patches/0.8.7e/sql_injection_template_export.patch
CVE-2010-1489 (The XSS Filter in Microsoft Internet Explorer 8 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1488 (The proc_oom_score function in fs/proc/base.c in the Linux kernel ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.32)
CVE-2010-1487 (IBM Lotus Notes 7.0, 8.0, and 8.5 stores administrative credentials in ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2010-1486 (Multiple cross-site scripting (XSS) vulnerabilities in _invoice.asp in ...)
	NOT-FOR-US: CactuShop
CVE-2010-1485
	RESERVED
CVE-2010-1484
	RESERVED
CVE-2010-1483
	RESERVED
CVE-2010-1482 (Cross-site scripting (XSS) vulnerability in admin/editprefs.php in the ...)
	NOT-FOR-US: CMS Made Simple
CVE-2010-1481 (Cross-site scripting (XSS) vulnerability in the table feature in ...)
	NOT-FOR-US: PmWiki
CVE-2010-1480 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1479 (SQL injection vulnerability in the RokModule (com_rokmodule) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1478 (Directory traversal vulnerability in the Ternaria Informatica ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1477 (SQL injection vulnerability in the SermonSpeaker (com_sermonspeaker) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1476 (Directory traversal vulnerability in the AlphaUserPoints ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1475 (Directory traversal vulnerability in the Preventive &amp; Reservation ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1474 (Directory traversal vulnerability in the Sweety Keeper ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1473 (Directory traversal vulnerability in the Advertising (com_advertising) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1472 (Directory traversal vulnerability in the Daily Horoscope ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1471 (Directory traversal vulnerability in the AddressBook (com_addressbook) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1470 (Directory traversal vulnerability in the Web TV (com_webtv) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1469 (Directory traversal vulnerability in the Ternaria Informatica JProject ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-1468 (SQL injection vulnerability in the Multi-Venue Restaurant Menu Manager ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4773 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4772 (Unspecified vulnerability in the PayPal Website Payments Standard ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4771 (The PayPal Website Payments Standard functionality in the Ubercart ...)
	NOT-FOR-US: Ubercart module for Drupal
CVE-2009-4770 (The FTP server component in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 ...)
	NOT-FOR-US: httpdx
CVE-2009-4769 (Multiple format string vulnerabilities in the tolog function in httpdx ...)
	NOT-FOR-US: httpdx
CVE-2009-4768 (Unspecified vulnerability in the JASS script interpreter in Warcraft ...)
	NOT-FOR-US: World of Warcraft
CVE-2009-4767 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Plohni Shoutbox
CVE-2008-7255 (login_screen.tcl in aMSN (aka Alvaro's Messenger) before 0.97.1 saves ...)
	- amsn 0.97.1~debian-1 (low)
CVE-2010-1467 (Multiple PHP remote file inclusion vulnerabilities in openUrgence ...)
	NOT-FOR-US: openUrgence
CVE-2010-1466 (Directory traversal vulnerability in scr/soustab.php in openUrgence ...)
	NOT-FOR-US: openUrgence
CVE-2010-1465 (Stack-based buffer overflow in Trellian FTP client 3.01, including ...)
	NOT-FOR-US: Trellian FTP
CVE-2010-1464 (Multiple cross-site scripting (XSS) vulnerabilities in WebAsyst ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1463 (Multiple SQL injection vulnerabilities in WebAsyst Shop-Script FREE ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1462 (Directory traversal vulnerability in WebAsyst Shop-Script FREE has ...)
	NOT-FOR-US: WebAsyst Shop-Script FREE
CVE-2010-1461 (Directory traversal vulnerability in the Photo Battle ...)
	NOT-FOR-US: Photo Battle Component for Joomla!
CVE-2010-1460 (The IBM BladeCenter with Advanced Management Module (AMM) firmware ...)
	NOT-FOR-US: IBM BladeCenter Management Module
CVE-2010-1459 (The default configuration of ASP.NET in Mono before 2.6.4 has a value ...)
	- mono 2.4.4~svn151842-3 (bug #585440)
CVE-2010-1458 (Stack-based buffer overflow in Create and Extract Zips TweakFS Zip ...)
	NOT-FOR-US: TweakFS
CVE-2010-1167 (fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not ...)
	- fetchmail 6.3.16-2 (low)
	[lenny] - fetchmail <no-dsa> (only vulnerable when run under debug verbosity level)
	NOTE: http://www.fetchmail.info/fetchmail-SA-2010-02.txt
	NOTE: http://gitorious.org/fetchmail/fetchmail/commit/ec06293
CVE-2010-1457 (Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local ...)
	- gnustep-base 1.19.3-2 (bug #584402)
	[lenny] - gnustep-base <not-affected> (Not installed setuid root)
	NOTE: http://thread.gmane.org/gmane.comp.lib.gnustep.bugs/12336
CVE-2010-1456
	REJECTED
CVE-2010-1455 (The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 ...)
	- wireshark 1.2.8-1 (unimportant)
	NOTE: Not triggerable remotely
CVE-2010-1454 (com.springsource.tcserver.serviceability.rmi.JmxSocketListener in ...)
	NOT-FOR-US: VMware
CVE-2010-1453 (Cross-site scripting (XSS) vulnerability in the Login form in Piwik ...)
	- piwik <itp> (bug #506933)
CVE-2010-1452 (The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server ...)
	- apache2 2.2.16-1 (low)
	[lenny] - apache2 2.2.9-10+lenny10
CVE-2010-1451 (The TSB I-TLB load implementation in arch/sparc/kernel/tsb.S in the ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10
CVE-2010-1450 (Multiple buffer overflows in the RLE decoder in the rgbimg module in ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1449 (Integer overflow in rgbimgmodule.c in the rgbimg module in Python 2.5 ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2010-1448 (Cross-site scripting (XSS) vulnerability in lib/LXR/Common.pm in LXR ...)
	{DSA-2092-1}
	- lxr <removed> (low; bug #585411)
	[lenny] - lxr <no-dsa> (Minor issue)
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #588036)
	NOTE: seems to be a dupe of CVE-2010-1738
CVE-2010-1447 (The Safe (aka Safe.pm) module 2.26, and certain earlier versions, for ...)
	{DSA-2267-1 DSA-2051-1}
	- postgresql-8.4 8.4.4-1
	- postgresql-8.3 <removed>
	- perl 5.12.3-1
	NOTE: Originally attributed to Postgres, but also affects standard Perl
CVE-2010-1446 (arch/powerpc/mm/fsl_booke_mmu.c in KGDB in the Linux kernel 2.6.30 and ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12 (unimportant)
	NOTE: KGDB is not currently enabled in debian builds
CVE-2010-1445 (Heap-based buffer overflow in VideoLAN VLC media player before 1.0.6 ...)
	- vlc 1.0.6-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1444 (The ZIP archive decompressor in VideoLAN VLC media player before 1.0.6 ...)
	- vlc 1.0.6-1
	[lenny] - vlc <not-affected> (Vulnerable code not present)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1443 (The parse_track_node function in modules/demux/playlist/xspf.c in the ...)
	- vlc 1.0.6-1 (unimportant)
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1442 (VideoLAN VLC media player before 1.0.6 allows remote attackers to ...)
	- vlc 1.0.6-1
	[lenny] - vlc 0.8.6.h-4+lenny3
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1441 (Multiple heap-based buffer overflows in VideoLAN VLC media player ...)
	- vlc 1.0.6-1
	[lenny] - vlc 0.8.6.h-4+lenny3
	NOTE: http://www.videolan.org/security/sa1003.html
CVE-2010-1440 (Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live ...)
	- texlive-bin 2009-6 (low; bug #580668)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-1439 (yum-rhn-plugin in Red Hat Network Client Tools (aka rhn-client-tools) ...)
	NOT-FOR-US: Red Hat Network Client Tools
CVE-2010-1438 (Web Application Finger Printer (WAFP) 0.01-26c3 uses fixed pathnames ...)
	- wafp <itp> (bug #562949)
CVE-2010-1437 (Race condition in the find_keyring_by_name function in ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-13
CVE-2010-1436 (gfs2 in the Linux kernel 2.6.18, and possibly other versions, does not ...)
	- linux-2.6 2.6.32-25
	[lenny] - linux-2.6 2.6.26-23
CVE-2010-1435
	RESERVED
CVE-2010-1434
	RESERVED
CVE-2010-1433
	RESERVED
CVE-2010-1432
	RESERVED
CVE-2010-1430
	REJECTED
CVE-2010-1429 (Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1428 (The Web Console (aka web-console) in JBossAs in Red Hat JBoss ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-1427 (Cross-site scripting (XSS) vulnerability in the SearchHighlight plugin ...)
	NOT-FOR-US: MODx Evolution
CVE-2010-1426 (SQL injection vulnerability in MODx Evolution before 1.0.3 allows ...)
	NOT-FOR-US: MODx Evolution
CVE-2010-1425 (F-Secure Internet Security 2010 and earlier; Anti-Virus for Microsoft ...)
	NOT-FOR-US: F-Secure Internet Security
CVE-2010-1424 (Unspecified vulnerability in JustSystems Ichitaro and Ichitaro ...)
	NOT-FOR-US: JustSystems Ichitaro and Ichitaro Government
CVE-2010-1422 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26824
	NOTE: http://trac.webkit.org/changeset/58829
CVE-2010-1421 (The execCommand JavaScript function in WebKit in Apple Safari before ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=27751
	NOTE: http://trac.webkit.org/changeset/58703
CVE-2010-1420 (Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1419 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37618
	NOTE: http://trac.webkit.org/changeset/58616
CVE-2010-1418 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38260
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36502
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37031
	NOTE: http://trac.webkit.org/changeset/58844
	NOTE: http://trac.webkit.org/changeset/56651
	NOTE: http://trac.webkit.org/changeset/57627
CVE-2010-1417 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=38001
	NOTE: http://trac.webkit.org/changeset/58201
	NOTE: if this commit is correct, this is a dup of cve-2010-1665
CVE-2010-1416 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36838
	NOTE: http://trac.webkit.org/changeset/56810
CVE-2010-1415 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36000
	NOTE: http://trac.webkit.org/changeset/56420
CVE-2010-1414 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35818
	NOTE: http://trac.webkit.org/changeset/55783
CVE-2010-1413 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit <not-affected> (affected cf/iss code is not present)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37230
	NOTE: http://trac.webkit.org/changeset/57232
CVE-2010-1412 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.70~r48679-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29635
	NOTE: http://trac.webkit.org/changeset/57759
	NOTE: http://trac.webkit.org/changeset/57817
CVE-2010-1411 (Multiple integer overflows in the Fax3SetupState function in ...)
	{DSA-2084-1}
	- tiff 3.9.4-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2010-1410 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35603
	NOTE: http://trac.webkit.org/changeset/55511
CVE-2010-1409 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34451
	NOTE: http://trac.webkit.org/changeset/54193
CVE-2010-1408 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36571
	NOTE: http://trac.webkit.org/changeset/56489
	NOTE: http://trac.webkit.org/changeset/56492
	NOTE: http://trac.webkit.org/changeset/56879
CVE-2010-1407 (WebKit in Apple iOS before 4 on the iPhone and iPod touch does not ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36435
	NOTE: http://trac.webkit.org/changeset/56365
CVE-2010-1406 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30841
	NOTE: http://trac.webkit.org/changeset/50226
	NOTE: http://trac.webkit.org/changeset/50240
CVE-2010-1405 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36198
	NOTE: http://trac.webkit.org/changeset/56186
CVE-2010-1404 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35709
	NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1403 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35708
	NOTE: http://trac.webkit.org/changeset/53446
CVE-2010-1402 (Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35598
	NOTE: http://trac.webkit.org/changeset/55182
CVE-2010-1401 (Use-after-free vulnerability in the Cascading Style Sheets (CSS) ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35353
	NOTE: http://trac.webkit.org/changeset/55196
CVE-2010-1400 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34734
	NOTE: http://trac.webkit.org/changeset/54521
CVE-2010-1399 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35599
	NOTE: http://trac.webkit.org/changeset/46437
CVE-2010-1398 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35305
	NOTE: http://trac.webkit.org/changeset/55167
CVE-2010-1397 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=32842
	NOTE: http://trac.webkit.org/changeset/52034
	NOTE: http://trac.webkit.org/changeset/55114
CVE-2010-1396 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=35621
	NOTE: http://trac.webkit.org/changeset/55462
	NOTE: http://trac.webkit.org/changeset/55465
CVE-2010-1395 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=26868
	NOTE: http://trac.webkit.org/changeset/46068
CVE-2010-1394 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: http://trac.webkit.org/changeset/55203
	NOTE: http://trac.webkit.org/changeset/55212
CVE-2010-1393 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33683
	NOTE: http://trac.webkit.org/changeset/53607
CVE-2010-1392 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34641
	NOTE: http://trac.webkit.org/changeset/56297
CVE-2010-1391 (Multiple directory traversal vulnerabilities in the (a) Local Storage ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36243
	NOTE: http://trac.webkit.org/changeset/56139
CVE-2010-1390 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=29078
	NOTE: http://trac.webkit.org/changeset/49487
CVE-2010-1389 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=30019
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34148
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33970
	NOTE: http://trac.webkit.org/changeset/53442
	NOTE: http://trac.webkit.org/changeset/53835
	NOTE: http://trac.webkit.org/changeset/53659
CVE-2010-1388 (WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6, and ...)
	- webkit <not-affected> (issue in mac-specific code)
	- chromium-browser <not-affected> (issue in mac-specific code)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=28755
	NOTE: http://trac.webkit.org/changeset/47829
CVE-2010-1387 (Use-after-free vulnerability in JavaScriptCore in WebKit in Apple ...)
	- webkit 1.2.1-2
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=34321
	NOTE: http://trac.webkit.org/changeset/54129
	NOTE: http://trac.webkit.org/changeset/54141
	NOTE: http://trac.webkit.org/changeset/54265
CVE-2010-1386 (page/Geolocation.cpp in WebCore in WebKit before r56188 and before ...)
	- webkit 1.2.2-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.342.9~r43360-1
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=36255
	NOTE: http://trac.webkit.org/changeset/56188
CVE-2010-1385 (Use-after-free vulnerability in Apple Safari before 5.0 on Mac OS X ...)
	- webkit <not-affected> (this is a bug in Apple's PDFKit)
	- chromium-browser <not-affected> (this is a bug in Apple's PDFKit)
CVE-2010-1384 (Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: This is based on various misconceptions surrounding "phishing" The only supported browser security model
	NOTE: surrounding URLs is the accurate post-link-click indication of the final target URL in the URL bar.
CVE-2010-1383 (CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1382 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1381 (The default configuration of SMB File Server in Apple Mac OS X 10.5.8, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1380 (Integer overflow in the cgtexttops CUPS filter in Printing in Apple ...)
	NOT-FOR-US: Apple-specific CUPS filter "cgtexttops"
CVE-2010-1379 (Printer Setup in Apple Mac OS X 10.6 before 10.6.4 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1378 (OpenSSL in Apple Mac OS X 10.6.x before 10.6.5 does not properly ...)
	- openssl <not-affected> (fix for an apple-specific flaw)
	NOTE: sounds like a duplicate of CVE-2009-2409
CVE-2010-1377 (Open Directory in Apple Mac OS X 10.6 before 10.6.4 creates an ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1376 (Multiple format string vulnerabilities in Network Authorization in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1375 (NetAuthSysAgent in Network Authorization in Apple Mac OS X 10.5.8 does ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1374 (Directory traversal vulnerability in iChat in Apple Mac OS X 10.5.8, ...)
	NOT-FOR-US: iChat
CVE-2010-1373 (Cross-site scripting (XSS) vulnerability in Help Viewer in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-1423 (Argument injection vulnerability in the URI handler in (a) Java NPAPI ...)
	- sun-java6 6.20-1 (high)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-2449 [gource: predictable log file located in /tmp]
	RESERVED
	- gource 0.26-2 (low; bug #577958)
CVE-2010-1564
	REJECTED
CVE-2010-1372 (SQL injection vulnerability in the HD FLV Player (com_hdflvplayer) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1371 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1370 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1369 (SQL injection vulnerability in signup.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings ASP
CVE-2010-1368 (SQL injection vulnerability in index.php in GameScript (GS) 3.0 allows ...)
	NOT-FOR-US: GameScript
CVE-2010-1367 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1366 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1365 (SQL injection vulnerability in index.php in Uiga Fan Club, as ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1364 (SQL injection vulnerability in index.php in Uiga Personal Portal, as ...)
	NOT-FOR-US: Uiga Fan Club
CVE-2010-1363 (SQL injection vulnerability in the JProjects (com_j-projects) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1362 (Cross-site scripting (XSS) vulnerability in the Own Term module ...)
	NOT-FOR-US: Own Term module for Drupal
CVE-2010-1361 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PHPepperShop
CVE-2010-1360 (Multiple PHP remote file inclusion vulnerabilities in FAQEngine ...)
	NOT-FOR-US: FAQEngine
CVE-2010-1359 (SQL injection vulnerability in bluegate_seo.inc.php in the Direct URL ...)
	NOT-FOR-US: xt:Commerce
CVE-2010-1358 (Cross-site scripting (XSS) vulnerability in the Bibliography (Biblio) ...)
	NOT-FOR-US: Biblio module for Drupal
CVE-2010-1357 (Cross-site scripting (XSS) vulnerability in editors/logindialogue.php ...)
	NOT-FOR-US: SBD Directory Software
CVE-2010-1356 (Unspecified vulnerability on the TANDBERG Video Communication Server ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2010-1355 (Cross-site scripting (XSS) vulnerability on the TANDBERG Video ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4766 (YP Portal MS-Pro Surumu (aka MS-Pro Portal Scripti) 1.0 and 1.2 stores ...)
	NOT-FOR-US: MS-Pro Portal Scripti
CVE-2009-4765 (CNR Hikaye Portal 2.0 stores sensitive information under the web root ...)
	NOT-FOR-US: CNR Hikaye Portal
CVE-2010-1354 (Directory traversal vulnerability in the VJDEO (com_vjdeo) component ...)
	NOT-FOR-US: Joomla!
CVE-2010-1353 (Directory traversal vulnerability in the LoginBox Pro (com_loginbox) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1352 (Directory traversal vulnerability in the JOOFORGE Jutebox ...)
	NOT-FOR-US: Joomla!
CVE-2010-1351 (Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 ...)
	NOT-FOR-US: Nodesforum
CVE-2010-1350 (SQL injection vulnerability in the JP Jobs (com_jp_jobs) component ...)
	NOT-FOR-US: Joomla!
CVE-2010-1349 (Integer overflow in Opera 10.10 through 10.50 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2010-1348 (Unspecified vulnerability in the login process in IBM WebSphere Portal ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-1347 (Director Agent 6.1 before 6.1.2.3 in IBM Systems Director on AIX and ...)
	NOT-FOR-US: IBM AIX
CVE-2010-1346 (SQL injection vulnerability in admin/login.php in Mini CMS RibaFS 1.0, ...)
	NOT-FOR-US: Mini CMS RibaFS
CVE-2010-1345 (Directory traversal vulnerability in the Cookex Agency CKForms ...)
	NOT-FOR-US: Joomla!
CVE-2010-1344 (SQL injection vulnerability in the Cookex Agency CKForms (com_ckforms) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1343 (SQL injection vulnerability in photo.php in SiteX 0.7.4 beta allows ...)
	NOT-FOR-US: SiteX
CVE-2010-1342 (Multiple PHP remote file inclusion vulnerabilities in Direct News ...)
	NOT-FOR-US: Direct News
CVE-2010-1341 (SQL injection vulnerability in index.php in Systemsoftware Community ...)
	NOT-FOR-US: Systemsoftware Community Black Forum
CVE-2010-1340 (Directory traversal vulnerability in jresearch.php in the J!Research ...)
	NOT-FOR-US: Joomla!
CVE-2010-1339 (Cross-site scripting (XSS) vulnerability in ts_other.php in the ...)
	NOT-FOR-US: Teamsite Hack plugin
CVE-2010-1338 (SQL injection vulnerability in ts_other.php in the Teamsite Hack ...)
	NOT-FOR-US: Teamsite Hack plugin
CVE-2010-1337 (Multiple PHP remote file inclusion vulnerabilities in definitions.php ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2010-1336 (Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote ...)
	NOT-FOR-US: INVOhost
CVE-2010-1335 (Multiple PHP remote file inclusion vulnerabilities in Insky CMS ...)
	NOT-FOR-US: Insky CMS
CVE-2010-1334 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.4 allows ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-1333 (Multiple cross-site scripting (XSS) vulnerabilities in Almas Inc. ...)
	NOT-FOR-US: Almas Inc. Compiere J300_A02
CVE-2010-1332 (Cross-site scripting (XSS) vulnerability in PrettyBook PrettyFormMail ...)
	NOT-FOR-US: PrettyBook PrettyFormMail
CVE-2010-1331 (SQL injection vulnerability in Heartlogic HL-SiteManager allows remote ...)
	NOT-FOR-US: Heartlogic HL-SiteManager
CVE-2010-1330 (The regular expression engine in JRuby before 1.4.1, when $KCODE is ...)
	- jruby 1.5.0~rc1-1
CVE-2010-1329 (Imperva SecureSphere Web Application Firewall and Database Firewall ...)
	NOT-FOR-US: Imperva SecureSphere Web Application Firewall and Database Firewall
CVE-2010-1328 (Multiple cross-site scripting (XSS) vulnerabilities in TornadoStore ...)
	NOT-FOR-US: TornadoStore
CVE-2010-1327 (Multiple SQL injection vulnerabilities in TornadoStore 1.4.3 and ...)
	NOT-FOR-US: TornadoStore
CVE-2010-1326 (perms.cpp in March Hare Software CVSNT 2.0.58, 2.5.01, 2.5.02, 2.5.03 ...)
	{DSA-2108-1}
	- cvsnt 2.5.04.3236-1.2 (medium; bug #593884)
	NOTE: http://march-hare.com/cvspro/vuln.htm
CVE-2010-1325 (Cross-site request forgery (CSRF) vulnerability in the apache2-slms ...)
	NOT-FOR-US: SUSE Lifecycle Management Server
CVE-2010-1324 (MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x through 1.8.3 does not ...)
	- krb5 1.8.3+dfsg-3 (bug #605553)
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
CVE-2010-1323 (MIT Kerberos 5 (aka krb5) 1.3.x, 1.4.x, 1.5.x, 1.6.x, 1.7.x, and 1.8.x ...)
	{DSA-2129-1}
	- krb5 1.8.3+dfsg-3 (bug #605553)
CVE-2010-1322 (The merge_authdata function in kdc_authdata.c in the Key Distribution ...)
	- krb5 1.8.3+dfsg-2 (bug #599237)
	[lenny] - krb5 <not-affected> (Only affects 1.8)
	[etch] - krb5 <not-affected> (Only affects 1.8)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-006.txt
CVE-2010-1321 (The kg_accept_krb5 function in krb5/accept_sec_context.c in the ...)
	{DSA-2052-1}
	- krb5 1.8.1+dfsg-3 (low; bug #582261)
	- heimdal 1.4.0~git20100605.dfsg.1-1
	- sun-java6 6.22-1
	[lenny] - sun-java6 6-22-0lenny
CVE-2010-1320 (Double free vulnerability in do_tgs_req.c in the Key Distribution ...)
	- krb5 1.8.1+dfsg-2 (bug #577490)
	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-004.txt
CVE-2010-1319 (Integer overflow in the AgentX::receive_agentx function in AgentX++ ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1318 (Stack-based buffer overflow in the AgentX::receive_agentx function in ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1317 (Heap-based buffer overflow in the NTLM authentication functionality in ...)
	NOT-FOR-US: Real Helix Server
CVE-2010-1316 (Multiple stack-based buffer overflows in Tembria Server Monitor before ...)
	NOT-FOR-US: Tembria Server Monitor
CVE-2010-1315 (Directory traversal vulnerability in weberpcustomer.php in the ...)
	NOT-FOR-US: Joomla!
CVE-2010-1314 (Directory traversal vulnerability in the Highslide JS (com_hsconfig) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1313 (Directory traversal vulnerability in the Seber Cart (com_sebercart) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1312 (Directory traversal vulnerability in the iJoomla News Portal ...)
	NOT-FOR-US: Joomla!
CVE-2010-1311 (The qtm_decompress function in libclamav/mspack.c in ClamAV before ...)
	- clamav 0.96+dfsg-2 (bug #577462; low)
	[lenny] - clamav <end-of-life> (bug #577462; low)
	NOTE: Lenny version achieved end of life! see
	NOTE: http://www.clamav.net/lang/en/2009/10/05/eol-clamav-094/
CVE-2010-1310 (Opera 10.50 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Opera
CVE-2010-1309 (Directory traversal vulnerability in Irmin CMS (formerly Pepsi CMS) ...)
	NOT-FOR-US: Pepsi CMS
CVE-2010-1308 (Directory traversal vulnerability in the SVMap (com_svmap) component ...)
	NOT-FOR-US: Joomla!
CVE-2010-1307 (Directory traversal vulnerability in the Magic Updater ...)
	NOT-FOR-US: Joomla!
CVE-2010-1306 (Directory traversal vulnerability in the Picasa (com_joomlapicasa2) ...)
	NOT-FOR-US: Joomla!
CVE-2010-1305 (Directory traversal vulnerability in jinventory.php in the JInventory ...)
	NOT-FOR-US: Joomla!
CVE-2010-1304 (Directory traversal vulnerability in userstatus.php in the User Status ...)
	NOT-FOR-US: Joomla!
CVE-2010-1303 (Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy ...)
	NOT-FOR-US: Drupal module
CVE-2010-1302 (Directory traversal vulnerability in dwgraphs.php in the DecryptWeb DW ...)
	NOT-FOR-US: Joomla!
CVE-2010-1301 (SQL injection vulnerability in main.php in Centreon 2.1.5 allows ...)
	NOT-FOR-US: Centreon
CVE-2010-1300 (SQL injection vulnerability in index.php in Yamamah (aka Dove Photo ...)
	NOT-FOR-US: Yamamah
CVE-2010-1299 (Multiple PHP remote file inclusion vulnerabilities in DynPG CMS 4.1.0, ...)
	NOT-FOR-US: DynPG CMS
CVE-2008-7254 (Directory traversal vulnerability in includes/template-loader.php in ...)
	NOT-FOR-US: Pepsi CMS
CVE-2010-1298 (Directory traversal vulnerability in view.php in Pulse CMS 1.2.2 ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-1297 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-1296 (Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow ...)
	NOT-FOR-US: Adobe Photoshop CS4
CVE-2010-1295 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1294 (Unspecified vulnerability in Adobe ColdFusion 8.0, 8.0.1, and 9.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-1293 (Cross-site scripting (XSS) vulnerability in the Administrator page in ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-1292 (The implementation of pami RIFF chunk parsing in Adobe Shockwave ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1291 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1290 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1289 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1288 (Buffer overflow in Adobe Shockwave Player before 11.5.7.609 might ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1287 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1286 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1284 (Adobe Shockwave Player before 11.5.7.609 allows attackers to cause a ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1283 (Adobe Shockwave Player before 11.5.7.609 does not properly parse 3D ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1282 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1281 (iml32.dll in Adobe Shockwave Player before 11.5.7.609 does not ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1280 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-1279 (Multiple unspecified vulnerabilities in Adobe Photoshop CS4 11.x ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2010-1278 (Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2010-1277 (SQL injection vulnerability in the user.authenticate method in the API ...)
	- zabbix 1:1.8.2-1 (bug #577058)
	[lenny] - zabbix <not-affected> (vulnerable code not present)
	[etch] - zabbix <not-affected> (vulnerable code not present)
	NOTE: This is a bug that was introduced with the Zabbix 1.8 API
CVE-2010-1276 (Multiple cross-site scripting (XSS) vulnerabilities in BBSXP 2008 SP2 ...)
	NOT-FOR-US: BBSXP
CVE-2010-1275 (Cross-site scripting (XSS) vulnerability in ShowPost.asp in BBSXP 2008 ...)
	NOT-FOR-US: BBSXP
CVE-2010-1274 (Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 ...)
	NOT-FOR-US: Emweb Wt
CVE-2010-1273 (Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form ...)
	NOT-FOR-US: Emweb Wt
CVE-2010-1272 (PHP remote file inclusion vulnerability in includes/tgpinc.php in ...)
	NOT-FOR-US: Gnat-TGP
CVE-2010-1271 (SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows ...)
	NOT-FOR-US: smartplugs
CVE-2010-1270 (SQL injection vulnerability in auktion.php in Multi Auktions Komplett ...)
	NOT-FOR-US: Multi Auktions Komplett System
CVE-2010-1269 (SQL injection vulnerability in auktion.php in phpscripte24 Niedrig ...)
	NOT-FOR-US: Gebote Pro Auktions System
CVE-2010-1268 (Directory traversal vulnerability in index.php in justVisual CMS 2.0, ...)
	NOT-FOR-US: justVisual CMS
CVE-2010-1267 (Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta ...)
	NOT-FOR-US: WebMaid CMS
CVE-2010-1266 (Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS ...)
	NOT-FOR-US: WebMaid CMS
CVE-2010-1265 (SQL injection vulnerability in Adam Corley dcsFlashGames ...)
	NOT-FOR-US: dcsFlashGames
CVE-2010-1264 (Unspecified vulnerability in Microsoft Windows SharePoint Services 3.0 ...)
	NOT-FOR-US: Microsoft
CVE-2010-1263 (Windows Shell and WordPad in Microsoft Windows XP SP2 and SP3, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-1262 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2010-1261 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2010-1260 (The IE8 Developer Toolbar in Microsoft Internet Explorer 8 SP1, SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2010-1259 (Microsoft Internet Explorer 6 SP1 and SP2, 7, and 8 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2010-1258 (Microsoft Internet Explorer 6, 7, and 8 does not properly determine ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1257 (Cross-site scripting (XSS) vulnerability in the toStaticHTML API, as ...)
	NOT-FOR-US: Microsoft
CVE-2010-1256 (Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when ...)
	NOT-FOR-US: Microsoft
CVE-2010-1255 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-1254 (The installation for Microsoft Open XML File Format Converter for Mac ...)
	NOT-FOR-US: Microsoft
CVE-2010-1253 (Microsoft Office Excel 2002 SP3, 2007 SP1, and SP2; Office 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-1252 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2010-1251 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2010-1250 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-1249 (Buffer overflow in Microsoft Office Excel 2002 SP3, Office 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-1248 (Buffer overflow in Microsoft Office Excel 2002 SP3 and Office 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2010-1247 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 allows ...)
	NOT-FOR-US: Microsoft
CVE-2010-1246 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3 allows ...)
	NOT-FOR-US: Microsoft
CVE-2010-1245 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-XXXX [tcpdf code execution via tcpdf tag]
	- moodle <not-affected> (Vulnerable code not present)
	- phpmyadmin <not-affected> (Vulnerable code not present)
	- tcpdf 6.0.010+dfsg-1
	NOTE: http://sourceforge.net/projects/tcpdf/files/CHANGELOG.TXT/view
	NOTE: http://seclists.org/fulldisclosure/2010/Apr/104
	NOTE: setting K_TCPDF_CALLS_IN_HTML to false mitigates the problem
CVE-2010-XXXX [xmail insecure temp files handling]
	- xmail 1.27-1 (low)
	[lenny] - xmail <no-dsa> (Minor issue)
	NOTE: http://www.xmailserver.org/ChangeLog.html#feb_25__2010_v_1_27
CVE-2010-1159 (Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow ...)
	- aircrack-ng 1:1.1-1 (low; bug #577758)
	[lenny] - aircrack-ng <no-dsa> (low)
	[etch] - aircrack-ng <no-dsa> (low)
	NOTE: http://pyrit.googlecode.com/svn/tags/opt/aircrackng_exploit.py
CVE-2010-1244 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-1243 (The IBM Web Interface for Content Management (aka WEBi) before 1.0.4 ...)
	NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1242 (Multiple cross-site scripting (XSS) vulnerabilities in the IBM Web ...)
	NOT-FOR-US: IBM Web Interface for Content Management
CVE-2010-1241 (Heap-based buffer overflow in the custom heap management system in ...)
	NOT-FOR-US: Acrobat Reader
CVE-2010-1240 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-1239 (Foxit Reader before 3.2.1.0401 allows remote attackers to (1) execute ...)
	NOT-FOR-US: Foxit Reader
CVE-2010-1238 (MoinMoin 1.7.1 allows remote attackers to bypass the textcha ...)
	- moin 1.9.2-3 (bug #575995; medium)
	[lenny] - moin 1.7.1-3+lenny4 (bug #575995; medium)
	NOTE: see http://www.debian.org/security/2010/dsa-2024
CVE-2009-4764 (Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-6735 (NWFTPD.nlm before 5.08.06 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-6734 (NWFTPD.nlm before 5.08.07 in the FTP server in Novell NetWare 6.5 SP7 ...)
	NOT-FOR-US: Novell NetWare
CVE-2005-4888 (NWFTPD.nlm before 5.06.04 in the FTP server in Novell NetWare allows ...)
	NOT-FOR-US: Novell NetWare
CVE-2005-4887 (NWFTPD.nlm before 5.06.05 in the FTP server in Novell NetWare 6.5 SP5 ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...)
	NOT-FOR-US: Novell NetWare
CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...)
	NOT-FOR-US: Novell NetWare
CVE-2001-1587 (NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows ...)
	NOT-FOR-US: Novell NetWare
CVE-2000-1246 (NWFTPD.nlm before 5.01o in the FTP server in Novell NetWare 5.1 SP3 ...)
	NOT-FOR-US: Novell NetWare
CVE-2000-1245 (Multiple unspecified vulnerabilities in NWFTPD.nlm before 5.01o in the ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-1237 (Google Chrome 4.1 BETA before 4.1.249.1036 allows remote attackers to ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55511
	NOTE: evidence of memory corruption http://code.google.com/p/chromium/issues/detail?id=37061
CVE-2010-1236 (The protocolIs function in platform/KURLGoogle.cpp in WebCore in ...)
	- webkit <not-affected> (bug #577457; proof-of-concepts are not effective against webkit)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55822
CVE-2010-1235 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: issue in chrome-specific download dialog
CVE-2010-1234 (Unspecified vulnerability in Google Chrome before 4.1.249.1036 allows ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1233 (Multiple integer overflows in Google Chrome before 4.1.249.1036 allow ...)
	- webkit <not-affected> (v8 and webgl not yet included)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://trac.webkit.org/changeset/55376
CVE-2010-1232 (Google Chrome before 4.1.249.1036 allows remote attackers to cause a ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
	NOTE: http://code.google.com/p/chromium/issues/detail?id=34978
CVE-2010-1231 (Google Chrome before 4.1.249.1036 processes HTTP headers before ...)
	- webkit <not-affected> (does not yet have a "safe browsing" feature; i.e. chromium-specific issue)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1230 (Google Chrome before 4.1.249.1036 does not have the expected behavior ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1229 (The sandbox infrastructure in Google Chrome before 4.1.249.1036 does ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1228 (Multiple race conditions in the sandbox infrastructure in Google ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-1227 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communication Express
CVE-2010-1226 (The HTTP client functionality in Apple iPhone OS 3.1 on the iPhone 2G ...)
	NOT-FOR-US: Apple iPhone
CVE-2010-1225 (The memory-management implementation in the Virtual Machine Monitor ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2010-1224 (main/acl.c in Asterisk Open Source 1.6.0.x before 1.6.0.25, 1.6.1.x ...)
	- asterisk 1:1.6.2.6-1 (low; bug #576560)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
CVE-2010-1223 (Multiple buffer overflows in CA XOsoft r12.0 and r12.5 allow remote ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1222 (CA XOsoft r12.5 does not properly perform authentication, which allows ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1221 (CA XOsoft r12.0 and r12.5 does not properly perform authentication, ...)
	NOT-FOR-US: CA XOsoft
CVE-2010-1220
	RESERVED
CVE-2010-XXXX [interchange potential HTTP response splitting vulnerability]
	- interchange 5.7.6-1
CVE-2010-1219 (Directory traversal vulnerability in the JA News (com_janews) ...)
	NOT-FOR-US: com_janews component for Joomla!
CVE-2010-1218 (Cross-site scripting (XSS) vulnerability in the mm_forum extension ...)
	NOT-FOR-US: mm_forum extension for TYPO3
CVE-2010-1217 (Directory traversal vulnerability in the JE Form Creator ...)
	NOT-FOR-US: com_jeformcr component for Joomla!
CVE-2010-1216 (PHP remote file inclusion vulnerability in templates/template.php in ...)
	NOT-FOR-US: notsoPureEdit
CVE-2010-1215 (Mozilla Firefox 3.6.x before 3.6.7 and Thunderbird 3.1.x before 3.1.1 ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only affects Firefox 3.6.x and above)
CVE-2010-1214 (Integer overflow in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1213 (The importScripts Web Worker method in Mozilla Firefox 3.5.x before ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	- icedove 3.0.6-1
CVE-2010-1212 (js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6.x ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6.x and above)
	- iceweasel <not-affected> (Only affects Firefox 3.6.x and above)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
CVE-2010-1211 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - icedove <end-of-life>
	- icedove 3.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1210 (intl/uconv/util/nsUnicodeDecodeHelper.cpp in Mozilla Firefox before ...)
	- xulrunner <not-affected> (Only affects 1.9.2 and above)
	- iceweasel <not-affected> (Only affects 1.9.2 and above)
CVE-2010-1209 (Use-after-free vulnerability in the NodeIterator implementation in ...)
	- xulrunner 1.9.1.11-1
	[lenny] - xulrunner <not-affected> (Only affects 1.9.1 and above)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1208 (Use-after-free vulnerability in the attribute-cloning functionality in ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.11-1
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1207 (Mozilla Firefox before 3.6.7 and Thunderbird before 3.1.1 do not ...)
	- xulrunner <not-affected> (Only affects 1.9.2 and above)
	- iceweasel <not-affected> (Only affects 1.9.2 and above)
CVE-2010-1206 (The startDocumentLoad function in browser/base/content/browser.js in ...)
	- iceweasel 3.5.11-1
	[lenny] - iceweasel <not-affected> (Vulnerable code not present)
	NOTE: Introduced by https://bugzilla.mozilla.org/show_bug.cgi?id=254714
CVE-2010-1205 (Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before ...)
	{DSA-2075-1 DSA-2072-1}
	- libpng 1.2.44-1 (bug #587670)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- tuxonice-userui 1.0-1 (unimportant)
	NOTE: tuxonice-userui 1.0-1 was binNMUed
CVE-2010-1204 (Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 ...)
	- bugzilla 3.4.7.0-1 (low; bug #587663)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2010-1203 (The JavaScript engine in Mozilla Firefox 3.6.x before 3.6.4 allow ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
	- iceweasel <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
CVE-2010-1202 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1201 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1200 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1199 (Integer overflow in the XSLT node sorting implementation in Mozilla ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - icedove <end-of-life>
	- icedove 3.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1198 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.10 ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1197 (Mozilla Firefox 3.5.x before 3.5.10 and 3.6.x before 3.6.4, and ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1196 (Integer overflow in the nsGenericDOMDataNode::SetTextInternal function ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[lenny] - icedove <end-of-life>
	- iceape 2.0.5-1
	- icedove 3.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-1194 (The match_component function in smtp-tls.c in libESMTP 1.0.3.r1, and ...)
	- libesmtp 1.0.4-2 (bug #311191)
CVE-2010-1191 (Sahana disaster management system 0.6.2.2, and possibly other ...)
	- sahana <itp> (bug #497414)
CVE-2010-1186 (Cross-site scripting (XSS) vulnerability in xml/media-rss.php in the ...)
	NOT-FOR-US: NextGEN Gallery plugin for WordPress
CVE-2009-4763 (Unspecified vulnerability in the ClickHeat plugin, as used in ...)
	NOT-FOR-US: ClickHeat plugin
CVE-2010-1188 (Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux ...)
	- linux-2.6 2.6.20-1
CVE-2010-1187 (The Transparent Inter-Process Communication (TIPC) functionality in ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1185 (Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and ...)
	NOT-FOR-US: SAP MaxDB
CVE-2010-1184 (The Microsoft wireless keyboard uses XOR encryption with a key derived ...)
	NOT-FOR-US: Microsoft Wireless Keyboard
CVE-2010-1183 (Certain patch-installation scripts in Oracle Solaris allow local users ...)
	NOT-FOR-US: Oracle Solaris
CVE-2010-1182 (Multiple unspecified vulnerabilities in the administrative console in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-1181 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1180 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2010-1179 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1178 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1177 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1176 (Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers ...)
	- webkit <not-affected>
CVE-2010-1175 (Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 ...)
	NOT-FOR-US: Microsoft Internet Explorer 7.0
CVE-2010-1174 (Cisco TFTP Server 1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco TFTP Server
CVE-2010-1173 (The sctp_process_unk_param function in net/sctp/sm_make_chunk.c in the ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1172 (DBus-GLib 0.73 disregards the access flag of exported GObject ...)
	- dbus-glib 0.88-1 (low; bug #592753)
	[lenny] - dbus-glib <no-dsa> (Minor issue)
CVE-2010-1171 (Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2010-1170 (The PL/Tcl implementation in PostgreSQL 7.4 before 7.4.29, 8.0 before ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed>
CVE-2010-1169 (PostgreSQL 7.4 before 7.4.29, 8.0 before 8.0.25, 8.1 before 8.1.21, ...)
	{DSA-2051-1}
	- postgresql-8.4 8.4.4-1 (low)
	- postgresql-8.3 <removed>
CVE-2010-1168 (The Safe (aka Safe.pm) module before 2.25 for Perl allows ...)
	- perl 5.10.1-13 (bug #582978)
	[lenny] - perl 5.10.0-19lenny3
CVE-2010-1166 (The fbComposite function in fbpict.c in the Render extension in the X ...)
	- xorg-server <not-affected> (Xorg in Lenny onwards uses Pixman, which isn't affected)
	NOTE: https://rhn.redhat.com/errata/RHSA-2010-0382.html
CVE-2010-1165 (Atlassian JIRA 3.12 through 4.1 allows remote authenticated ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2010-1164 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2010-1163 (The command matching functionality in sudo 1.6.8 through 1.7.2p5 does ...)
	- sudo 1.7.2p6-1 (bug #578275)
	[lenny] - sudo <not-affected> (ignore_dot default value is off and can't be changed in runtime)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=580441#c3
CVE-2010-1162 (The release_one_tty function in drivers/char/tty_io.c in the Linux ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-12
CVE-2010-1161 (Race condition in GNU nano before 2.2.4, when run by root to edit a ...)
	- nano 2.2.4-1 (low; bug #577817)
	[lenny] - nano 2.0.7-5
CVE-2010-1160 (GNU nano before 2.2.4 does not verify whether a file has been changed ...)
	- nano 2.2.4-1 (low; bug #577817)
	[lenny] - nano 2.0.7-5
CVE-2010-1158 (Integer overflow in the regular expression engine in Perl 5.8.x allows ...)
	- perl <not-affected> (re engine rewritten for 5.10 to address issues such as this; and proof-of-concept not effective)
CVE-2010-1157 (Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might ...)
	{DSA-2207-1}
	- tomcat6 6.0.26-5 (bug #587447; unimportant)
	- tomcat5.5 <removed> (unimportant)
	NOTE: Negligable information disclosure
CVE-2010-1156 (core/nicklist.c in Irssi before 0.8.15 allows remote attackers to ...)
	- irssi 0.8.15-1 (low)
	[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1155 (Irssi before 0.8.15, when SSL is used, does not verify that the server ...)
	- irssi 0.8.15-1 (low)
	[lenny] - irssi <no-dsa> (Minor issue)
CVE-2010-1154
	REJECTED
CVE-2010-1153 (PHP remote file inclusion vulnerability in the autoloader in TYPO3 ...)
	- typo3-src 4.3.3-1 (bug #577993)
	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
CVE-2010-1152 (memcached.c in memcached before 1.4.3 allows remote attackers to cause ...)
	- memcached 1.4.5-1 (low; bug #579913)
	[lenny] - memcached <no-dsa> (Minor issue)
CVE-2010-1151 (Race condition in the mod_auth_shadow module for the Apache HTTP ...)
	- libapache2-mod-auth-shadow <itp> (bug #503184)
CVE-2010-1150 (MediaWiki before 1.15.3, and 1.6.x before 1.16.0beta2, does not ...)
	{DSA-2041-1}
	- mediawiki 1:1.15.3-1 (low)
CVE-2010-1149 (probers/udisks-dm-export.c in udisks before 1.0.1 exports ...)
	- udisks 1.0.1-1 (medium; bug #576687)
CVE-2010-1148 (The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerable code not yet present)
CVE-2010-1147 (Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC ...)
	- opendchub 0.8.2-1 (bug #576308)
	[lenny] - opendchub <not-affected> (Vulnerable code not present)
CVE-2010-1146 (The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem ...)
	- linux-2.6 2.6.32-12
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2010-1145
	REJECTED
CVE-2010-0751 (The ip_evictor function in ip_fragment.c in libnids 1.24, as used in ...)
	- libnids 1.23-1.2 (low; bug #576281)
	[lenny] - libnids <no-dsa> (Minor issue)
	NOTE: dsniff is the only software in Debian using this lib so the impact is pretty minor
CVE-2010-1143 (Cross-site scripting (XSS) vulnerability in VMware View (formerly ...)
	NOT-FOR-US: VMware
CVE-2010-1142 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...)
	NOT-FOR-US: VMware products
CVE-2010-1141 (VMware Tools in VMware Workstation 6.5.x before 6.5.4 build 246459; ...)
	NOT-FOR-US: VMware products
CVE-2010-1140 (The USB service in VMware Workstation 7.0 before 7.0.1 build 227600 ...)
	NOT-FOR-US: VMware products
CVE-2010-1139 (Format string vulnerability in vmrun in VMware VIX API 1.6.x, VMware ...)
	NOT-FOR-US: VMware products
CVE-2010-1138 (The virtual networking stack in VMware Workstation 7.0 before 7.0.1 ...)
	NOT-FOR-US: VMware products
CVE-2010-1137 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...)
	NOT-FOR-US: VMware Server
CVE-2009-4762 (MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs ...)
	- moin 1.9.2-1 (bug #569975; medium)
	[lenny] - moin 1.7.1-3+lenny3 (bug #569975; medium)
	NOTE: see http://www.debian.org/security/2010/dsa-2014
CVE-2009-4761 (Stack-based buffer overflow in Mini-stream RM Downloader allows remote ...)
	NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-4760 (Winn ASP Guestbook 1.01 Beta stores sensitive information under the ...)
	NOT-FOR-US: Winn ASP Guestbook
CVE-2009-4759 (Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers ...)
	NOT-FOR-US: BrotherSoft BMXPlay
CVE-2009-4758 (Stack-based buffer overflow in dicas Mpegable Player 2.12 allows ...)
	NOT-FOR-US: Mpegable Player
CVE-2009-4757 (Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows ...)
	NOT-FOR-US: BrotherSoft EW-MusicPlayer
CVE-2009-4756 (Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in ...)
	NOT-FOR-US: Beatport Player
CVE-2009-4755 (Multiple stack-based buffer overflows in Mercury Audio Player 1.21 ...)
	NOT-FOR-US: Mercury Audio Player
CVE-2009-4754 (Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote ...)
	NOT-FOR-US: Mercury Audio Player
CVE-2009-4753 (Multiple buffer overflows in the FTP server on the Addonics NAS ...)
	NOT-FOR-US: Addonics NAS Adapter NASU2FW41
CVE-2010-1136 (The Standard Remember method in TikiWiki CMS/Groupware 3.x before 3.5 ...)
	- tikiwiki <removed>
CVE-2010-1135 (The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does ...)
	- tikiwiki <removed>
CVE-2010-1134 (SQL injection vulnerability in the _find function in searchlib.php in ...)
	- tikiwiki <removed>
CVE-2010-1133 (Multiple SQL injection vulnerabilities in TikiWiki CMS/Groupware 4.x ...)
	- tikiwiki <removed>
CVE-2010-1131 (JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, ...)
	NOTE: browser crashes are not considered security-relevant
CVE-2010-1130 (session.c in the session extension in PHP before 5.2.13, and 5.3.1, ...)
	- php5 5.3.2-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2010-1129 (The safe_mode implementation in PHP before 5.2.13 does not properly ...)
	- php5 5.3.2-1 (unimportant)
	NOTE: safe_mode not supported
CVE-2010-1128 (The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not ...)
	{DSA-2195-1}
	- php5 5.3.2-1 (low)
CVE-2010-1127 (Microsoft Internet Explorer 6 and 7 does not initialize certain data ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-1126 (The JavaScript implementation in WebKit allows remote attackers to ...)
	- webkit <not-affected> (proof-of-concept not effective; windows-only?)
CVE-2010-1125 (The JavaScript implementation in Mozilla Firefox 3.x before 3.5.10 and ...)
	- xulrunner <not-affected> (Only affects Firefox 3.6, i.e xulrunner 1.9.2)
	NOTE: Description is wrong, only affects Firefox 3.6 per https://bugzilla.mozilla.org/show_bug.cgi?id=552255
CVE-2010-1124 (bos.rte.libc 5.3.9.4 on IBM AIX 5.3 does not properly support reading ...)
	NOT-FOR-US: IBM AIX
CVE-2010-1123 (Chip Salzenberg Deliver does not properly associate a lockfile with ...)
	- deliver <removed>
CVE-2009-4752 (PHP remote file inclusion vulnerability in anzeiger/start.php in ...)
	NOT-FOR-US: Swinger Club Portal
CVE-2009-4751 (SQL injection vulnerability in anzeiger/start.php in Swinger Club ...)
	NOT-FOR-US: Swinger Club Portal
CVE-2009-4750 (PHP remote file inclusion vulnerability in home.php in Top Paidmailer ...)
	NOT-FOR-US: Top Paidmailer
CVE-2009-4749 (Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2009-4748 (SQL injection vulnerability in mycategoryorder.php in the My Category ...)
	NOT-FOR-US: My Category Order plugin for wordpress
CVE-2009-4747 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2009-4746 (Cross-site scripting (XSS) vulnerability in index.php in Dreamlevels ...)
	NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4745 (Multiple SQL injection vulnerabilities in index.php in Dreamlevels ...)
	NOT-FOR-US: Dreamlevels DreamPoll
CVE-2009-4744 (Cross-site scripting (XSS) vulnerability in the Contact module in ...)
	NOT-FOR-US: Exponent CMS
CVE-2009-4743 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: AfterLogic WebMail
CVE-2009-4742 (Multiple SQL injection vulnerabilities in Docebo 3.6.0.3 allow remote ...)
	NOT-FOR-US: Docebo
CVE-2009-4741 (Unspecified vulnerability in the Extras Manager before 2.0.0.67 in ...)
	NOT-FOR-US: Skype
CVE-2009-4740 (Directory traversal vulnerability in the Webesse E-Card (ws_ecard) ...)
	NOT-FOR-US: ws_ecard extension for typo3
CVE-2009-4739 (PHP remote file inclusion vulnerability in index.php in SkaDate Dating ...)
	NOT-FOR-US: SkaDate Dating
CVE-2010-2445 (freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read ...)
	- freeciv 2.2.1-1 (low; bug #584589)
	[lenny] - freeciv <no-dsa> (Minor issue)
	NOTE: http://gna.org/bugs/?15624
CVE-2010-2446 [Rbot Owner Reaction Command Execution]
	RESERVED
	- rbot 0.9.14-2 (bug #575286)
	[lenny] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
	[etch] - rbot <not-affected> ("reaction" plugin not present in 0.9.10)
CVE-2010-1122 (Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 ...)
	- xulrunner <not-affected> (Only affects the Firefox 3.6 branch)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=552216
CVE-2010-1121 (Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-1120 (Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows ...)
	NOT-FOR-US: Apple Type Services
CVE-2010-1119 (Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on ...)
	- webkit 1.2.1-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=33850
	NOTE: http://trac.webkit.org/changeset/53501
	NOTE: http://trac.webkit.org/changeset/53504
CVE-2010-1118 (Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-1117 (Heap-based buffer overflow in Internet Explorer 8 on Microsoft Windows ...)
	NOT-FOR-US: Internet Explorer
CVE-2010-1116 (LookMer Music Portal stores sensitive information under the web root ...)
	NOT-FOR-US: LookMer Music Portal
CVE-2010-1115 (Directory traversal vulnerability in news/include/customize.php in Web ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1114 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1113 (Cross-site scripting (XSS) vulnerability in the forum page in Web ...)
	NOT-FOR-US: Web Server Creator - Web Portal
CVE-2010-1112 (Cross-site scripting (XSS) vulnerability in cat.php in KloNews 2.0 ...)
	NOT-FOR-US: KloNews
CVE-2010-1111 (Multiple cross-site scripting (XSS) vulnerabilities in Jokes Complete ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2010-1110 (Directory traversal vulnerability in index.php in phpMySport 1.4 ...)
	NOT-FOR-US: phpMySport
CVE-2010-1109 (Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, ...)
	NOT-FOR-US: phpMySport
CVE-2010-1108 (Cross-site scripting (XSS) vulnerability in the Control Panel module ...)
	NOT-FOR-US: third-party Drupal module
CVE-2010-1107 (Cross-site scripting (XSS) vulnerability in the Recent Comments module ...)
	NOT-FOR-US: third-party Drupal module
CVE-2010-1106 (PHP remote file inclusion vulnerability in cgi/index.php in ...)
	NOT-FOR-US: AdvertisementManager
CVE-2010-1105 (Cross-site scripting (XSS) vulnerability in cgi/index.php in ...)
	NOT-FOR-US: AdvertisementManager
CVE-2010-1103 (Integer overflow in Stainless allows remote attackers to bypass ...)
	NOT-FOR-US: Stainless
CVE-2010-1102 (Integer overflow in OmniWeb allows remote attackers to bypass intended ...)
	NOT-FOR-US: OmniWeb
CVE-2010-1101 (Integer overflow in Alexander Clauss iCab allows remote attackers to ...)
	NOT-FOR-US: Alexander Clauss iCab
CVE-2010-1100 (Integer overflow in Arora allows remote attackers to bypass intended ...)
	- arora <not-affected> (Advisory is wrong, URL range is protected by QUrl)
CVE-2010-1099 (Integer overflow in Apple Safari allows remote attackers to bypass ...)
	NOT-FOR-US: Apple Safari
CVE-2010-1098 (The ANI parser in Microsoft Windows before 7 on the x86 platform, as ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-1097 (include/userlogin.class.php in DeDeCMS 5.5 GBK, when ...)
	NOT-FOR-US: DeDeCMS
CVE-2010-1096 (Multiple SQL injection vulnerabilities in searchmatch.php in ...)
	NOT-FOR-US: ScriptsFeed Dating Software
CVE-2010-1095 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Tracking Requirements & Use Cases
CVE-2010-1094 (SQL injection vulnerability in news.php in DZ EROTIK Auktionshaus ...)
	NOT-FOR-US: Auktionshaus V4rgo
CVE-2010-1093 (SQL injection vulnerability in rss.php in 1024 CMS 2.1.1, when ...)
	NOT-FOR-US: 1024 CMS
CVE-2010-1092 (Multiple SQL injection vulnerabilities in login.php in ScriptsFeed ...)
	NOT-FOR-US: ScriptsFeed Business Directory
CVE-2010-1091 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
	NOT-FOR-US: phpMySite
CVE-2010-1090 (SQL injection vulnerability in index.php in phpMySite allows remote ...)
	NOT-FOR-US: phpMySite
CVE-2010-1089 (SQL injection vulnerability in vedi_faq.php in PHP Trouble Ticket 2.2 ...)
	NOT-FOR-US: PHP Trouble Ticket
CVE-2010-1088 (fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10
CVE-2010-1087 (The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-9 (low)
CVE-2010-1086 (The ULE decapsulation functionality in ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-10 (low)
CVE-2010-1085 (The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 ...)
	- linux-2.6 2.6.32-9
	[lenny] - linux-2.6 <not-affected> (affected call not present)
CVE-2010-1084 (Linux kernel 2.6.18 through 2.6.33, and possibly other versions, ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11
CVE-2010-1083 (The processcompl_compat function in drivers/usb/core/devio.c in Linux ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-9
CVE-2010-1082 (Multiple directory traversal vulnerabilities in OI.Blogs 1.0.0, when ...)
	NOT-FOR-US: OI.Blogs
CVE-2010-1081 (Directory traversal vulnerability in the Community Polls ...)
	NOT-FOR-US: com_communitypolls component for Joomla!
CVE-2010-1080 (Cross-site scripting (XSS) vulnerability in view.php in Pulse CMS ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-1079 (Cross-site scripting (XSS) vulnerability in Sawmill before 7.2.18 ...)
	NOT-FOR-US: Sawmill
CVE-2010-1078 (SQL injection vulnerability in archive.php in XlentProjects SphereCMS ...)
	NOT-FOR-US: Xlent Projects SphereCMS
CVE-2010-1077 (Directory traversal vulnerability in vbseo.php in Crawlability vBSEO ...)
	NOT-FOR-US: Crawlability vBSEO plugin for vBulletin
CVE-2010-1076 (Cross-site scripting (XSS) vulnerability in index.php in Entry Level ...)
	NOT-FOR-US: Entry Level CMS
CVE-2010-1075 (SQL injection vulnerability in index.php in Entry Level CMS (EL CMS) ...)
	NOT-FOR-US: Entry Level CMS
CVE-2010-1074 (Cross-site scripting (XSS) vulnerability in the Currency Exchange ...)
	NOT-FOR-US: Currency Exchange module for Drupal
CVE-2010-1073 (SQL injection vulnerability in the jEmbed-Embed Anything (com_jembed) ...)
	NOT-FOR-US: com_jembed component for Joomla!
CVE-2010-1072 (Cross-site scripting (XSS) vulnerability in search.php in Sniggabo CMS ...)
	NOT-FOR-US: Sniggabo CMS
CVE-2010-1071 (SQL injection vulnerability in profil.php in phpMDJ 1.0.3 allows ...)
	NOT-FOR-US: phpMDJ
CVE-2010-1070 (SQL injection vulnerability in index.php in ImagoScripts Deviant Art ...)
	NOT-FOR-US: ImagoScripts
CVE-2010-1069 (SQL injection vulnerability in games/game.php in ProArcadeScript ...)
	NOT-FOR-US: ProArcadeScript
CVE-2010-1068 (Multiple cross-site scripting (XSS) vulnerabilities in surgeftpmgr.cgi ...)
	NOT-FOR-US: NetWin SurgeFTP
CVE-2010-1067 (E-membres 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: E-membres
CVE-2010-1066 (AR Web Content Manager (AWCM) 2.1 stores sensitive information under ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2010-1065 (Lebisoft Ziyaretci Defteri 7.4 and 7.5 stores sensitive information ...)
	NOT-FOR-US: Lebisoft Ziparetci Defteri
CVE-2010-1064 (Erolife AjxGaleri VT stores sensitive information under the web root ...)
	NOT-FOR-US: Erolife AjxGaleri VT
CVE-2010-1063 (Multiple directory traversal vulnerabilities in Phpkobo Free Real ...)
	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
CVE-2010-1062 (Directory traversal vulnerability in codelib/sys/common.inc.php in ...)
	NOT-FOR-US: Phpkobo Free Real Estate Contact Form
CVE-2010-1061 (Multiple directory traversal vulnerabilities in Phpkobo Short URL ...)
	NOT-FOR-US: Phpkbo Short URL
CVE-2010-1060 (Directory traversal vulnerability in staff/app/common.inc.php in ...)
	NOT-FOR-US: Phpkobo Short URL
CVE-2010-1059 (Directory traversal vulnerability in staff/app/common.inc.php in ...)
	NOT-FOR-US: Phpkobo Address Book Script
CVE-2010-1058 (Directory traversal vulnerability in codelib/cfg/common.inc.php in ...)
	NOT-FOR-US: Phpkobo Adress Book Script
CVE-2010-1057 (Multiple directory traversal vulnerabilities in Phpkobo AdFreely (aka ...)
	NOT-FOR-US: Phpkobo AdFreely
CVE-2010-1056 (Directory traversal vulnerability in the RokDownloads ...)
	NOT-FOR-US: com_rokdownloads component for Joomla!
CVE-2010-1055 (Multiple PHP remote file inclusion vulnerabilities in osDate 2.1.9 and ...)
	NOT-FOR-US: osDate
CVE-2010-1054 (Multiple SQL injection vulnerabilities in ParsCMS allow remote ...)
	NOT-FOR-US: ParsCMS
CVE-2010-1053 (Multiple SQL injection vulnerabilities in Zen Time Tracking 2.2 and ...)
	NOT-FOR-US: Zen Time Tracking
CVE-2010-1052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: AudiStat
CVE-2010-1051 (Multiple SQL injection vulnerabilities in index.php in AudiStat 1.3 ...)
	NOT-FOR-US: AudiStat
CVE-2010-1050 (SQL injection vulnerability in index.php in AudiStat 1.3 allows remote ...)
	NOT-FOR-US: AudiStat
CVE-2010-1049 (Multiple SQL injection vulnerabilities in Uiga Business Portal allow ...)
	NOT-FOR-US: Uiga Business Portal
CVE-2010-1048 (Cross-site scripting (XSS) vulnerability in blog/index.php in Uiga ...)
	NOT-FOR-US: Uiga Business Portal
CVE-2010-1047 (SQL injection vulnerability in index.php in MASA2EL Music City 1.0 and ...)
	NOT-FOR-US: MASA2EL Music City
CVE-2010-1046 (Multiple SQL injection vulnerabilities in index.php in Rostermain 1.1 ...)
	NOT-FOR-US: Rostermain
CVE-2010-1045 (SQL injection vulnerability in the Productbook (com_productbook) ...)
	NOT-FOR-US: com_productbook component for Joomla!
CVE-2010-1044 (SQL injection vulnerability in Login.do in ManageEngine OpUtils 5.0 ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2010-1043 (Directory traversal vulnerability in index.php in jaxCMS 1.0 allows ...)
	NOT-FOR-US: jaxCMS
CVE-2010-1042 (Microsoft Windows Media Player 11 does not properly perform colorspace ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2010-1041 (Unspecified vulnerability in the single sign-on functionality in the ...)
	NOT-FOR-US: IBM DB2 Content Manager Toolkit
CVE-2010-1040 (The &quot;IP address range limitation&quot; function in OpenPNE 1.6 through 1.8, ...)
	NOT-FOR-US: OpenPNE
CVE-2010-1039 (Format string vulnerability in the _msgout function in rpc.pcnfsd in ...)
	NOT-FOR-US: HP-UX
CVE-2010-1038 (Unspecified vulnerability in HP System Insight Manager before 6.0 ...)
	NOT-FOR-US: HP System Insight Manager
CVE-2010-1037 (Cross-site request forgery (CSRF) vulnerability in HP System Insight ...)
	NOT-FOR-US: HP System Insight Manager
CVE-2010-1036 (Cross-site scripting (XSS) vulnerability in HP System Insight Manager ...)
	NOT-FOR-US: hP System Insight Manager
CVE-2010-1035 (Multiple unspecified vulnerabilities in HP Virtual Machine Manager ...)
	NOT-FOR-US: HP Virtual Machine Manager
CVE-2010-1034 (Unspecified vulnerability in HP System Management Homepage (SMH) 6.0 ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2010-1033 (Multiple stack-based buffer overflows in a certain Tetradyne ActiveX ...)
	NOT-FOR-US: HP Operations Manager
CVE-2010-1032 (Unspecified vulnerability in HP HP-UX B.11.11 allows local users to ...)
	NOT-FOR-US: HP-UX
CVE-2010-1031 (Unspecified vulnerability in HP Insight Control for Linux (aka ...)
	NOT-FOR-US: HP Insight Control
CVE-2010-1030 (Unspecified vulnerability in HP-UX B.11.31, with AudFilter rules ...)
	NOT-FOR-US: HP-UX
CVE-2010-1029 (Stack consumption vulnerability in the WebCore::CSSSelector function ...)
	- webkit <not-affected> (proof-of-concept not effective)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-1027 (SQL injection vulnerability in the Meet Travelmates (travelmate) ...)
	NOT-FOR-US: travelmate extension for typo3
CVE-2010-1026 (SQL injection vulnerability in the CleanDB - DBAL (tmsw_cleandb) ...)
	NOT-FOR-US: tmsw_cleandb extension for typo3
CVE-2010-1025 (Cross-site scripting (XSS) vulnerability in the TGM-Newsletter ...)
	NOT-FOR-US: tgm_newsletter extension for typo3
CVE-2010-1024 (SQL injection vulnerability in the TGM-Newsletter (tgm_newsletter) ...)
	NOT-FOR-US: tgm_newsletter extension for typo3
CVE-2010-1023 (Cross-site scripting (XSS) vulnerability in the UserTask Center, ...)
	NOT-FOR-US: taskcenter_recent extension for typo3
CVE-2010-1022 (The TYPO3 Security - Salted user password hashes (t3sec_saltedpw) ...)
	NOT-FOR-US: t3sec_saltedpw extension for typo3
CVE-2010-1021 (Cross-site scripting (XSS) vulnerability in the Typo3 Quixplorer ...)
	NOT-FOR-US: t3quixplorer extension for typo3
CVE-2010-1020 (Cross-site scripting (XSS) vulnerability in the Simple Gallery ...)
	NOT-FOR-US: sk_simplegallery extension for typo3
CVE-2010-1019 (SQL injection vulnerability in the Simple Gallery (sk_simplegallery) ...)
	NOT-FOR-US: sk_simplegallery extension for typo3
CVE-2010-1018 (SQL injection vulnerability in the Book Reviews (sk_bookreview) ...)
	NOT-FOR-US: sk_bookreview extension for typo3
CVE-2010-1017 (SQL injection vulnerability in the SAV Filter Months ...)
	NOT-FOR-US: sav_filter_months extension for typo3
CVE-2010-1016 (SQL injection vulnerability in the SAV Filter Selectors ...)
	NOT-FOR-US: sav_filter_selectors extension for typo3
CVE-2010-1015 (SQL injection vulnerability in the SAV Filter Alphabetic ...)
	NOT-FOR-US: sav_filter_abc extension for typo3
CVE-2010-1014 (Cross-site scripting (XSS) vulnerability in the Reports Logfile View ...)
	NOT-FOR-US: reports_logview extension for typo3
CVE-2010-1013 (SQL injection vulnerability in the Diocese of Portsmouth Database ...)
	NOT-FOR-US: pd_diocesedatabase extension for typo3
CVE-2010-1012 (SQL injection vulnerability in the CleanDB (nf_cleandb) extension ...)
	NOT-FOR-US: nf_cleandb extension for typo3
CVE-2010-1011 (Cross-site scripting (XSS) vulnerability in the myDashboard ...)
	NOT-FOR-US: mydashboard extension for typo3
CVE-2010-1010 (SQL injection vulnerability in the MK Wastebasket (mk_wastebasket) ...)
	NOT-FOR-US: mk_wastebasket extension for typo3
CVE-2010-1009 (SQL injection vulnerability in the Educator extension 0.1.5 for TYPO3 ...)
	NOT-FOR-US: educator extension for typo3
CVE-2010-1008 (Cross-site scripting (XSS) vulnerability in the Sellector.com Widget ...)
	NOT-FOR-US: chsellector extension for typo3
CVE-2010-1007 (Unspecified vulnerability in the Power Extension Manager (ch_lightem) ...)
	NOT-FOR-US: ch_lightem extension for typo3
CVE-2010-1006 (SQL injection vulnerability in the Brainstorming extension 0.1.8 and ...)
	NOT-FOR-US: brainstorming extension for typo3
CVE-2010-1005 (Cross-site scripting (XSS) vulnerability in the Yet another TYPO3 ...)
	NOT-FOR-US: yatse extension for typo3
CVE-2010-1004 (SQL injection vulnerability in the Yet another TYPO3 search engine ...)
	NOT-FOR-US: yatse extension for typo3
CVE-2009-4738 (Unspecified vulnerability in JustSystems Corporation ATOK 2006 through ...)
	NOT-FOR-US: JustSystems Corporation
CVE-2009-4737 (Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, ...)
	NOT-FOR-US: JustSystems Corporation Ichitaro
CVE-2009-4736 (Cross-site scripting (XSS) vulnerability in search.php in CommonSense ...)
	NOT-FOR-US: CommonSense CMS
CVE-2010-XXXX [phpCAS XSS in final_uri; PHPCAS-52]
	- libphp-cas <itp> (bug #495542)
	- glpi 0.72.4-2 (bug #574760; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
	NOTE: http://www.ja-sig.org/issues/browse/PHPCAS-52
CVE-2010-1028 (Integer overflow in the decompression functionality in the Web Open ...)
	- xulrunner <not-affected> (vulnerability introduced in firefox 3.6)
	- iceape <not-affected> (Vulnerable code not present)
	- calibre 2.38.0+dfsg-1 (bug #787085)
	[jessie] - calibre <no-dsa> (Minor issue)
	[wheezy] - calibre <not-affected> (src/calibre/utils/fonts/woff/ not introduced until version 0.9.33)
	NOTE: 2.38.0+dfsg-1 removed the copy of woff below src/calibre/utils/fonts/woff/
CVE-2010-XXXX [Escape href attribute in auto links]
	- redmine 0.9.3-3
CVE-2010-XXXX [Fixes permission check in QueriesController]
	- redmine 0.9.3-3
CVE-2010-1003 (Directory traversal vulnerability in ...)
	NOT-FOR-US: eFront-learning
CVE-2010-1002
	RESERVED
CVE-2010-1001
	RESERVED
CVE-2010-1000 (Directory traversal vulnerability in KGet in KDE SC 4.0.0 through ...)
	- kdenetwork 4:4.4.3-2
	[lenny] - kdenetwork <not-affected> (Metalink plugin not yet present)
	NOTE: http://seclists.org/fulldisclosure/2010/May/165
CVE-2010-0999 (Directory traversal vulnerability in Free Download Manager (FDM) ...)
	NOT-FOR-US: Free Download Manager
CVE-2010-0998 (Multiple stack-based buffer overflows in Free Download Manager (FDM) ...)
	NOT-FOR-US: Free Download Manager
CVE-2010-0997 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: e107
CVE-2010-0996 (Unrestricted file upload vulnerability in e107 before 0.7.20 allows ...)
	NOT-FOR-US: e107
CVE-2010-0995 (Stack-based buffer overflow in Internet Download Manager (IDM) before ...)
	NOT-FOR-US: Internet Download Manager
CVE-2010-0994 (Multiple buffer overflows in src/vl/vlDAT.cpp in Visualization Library ...)
	NOT-FOR-US: Visualization Library
CVE-2010-0993 (Unrestricted file upload vulnerability in Pulse CMS Basic 1.2.2 and ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-0992 (Multiple cross-site request forgery (CSRF) vulnerabilities in Pulse ...)
	NOT-FOR-US: Pulse CMS Basic
CVE-2010-0991 (Multiple heap-based buffer overflows in imlib2 1.4.3 allow ...)
	- imlib2 <not-affected> (vulnerable code introduced in 1.4.3)
CVE-2010-0990 (Stack-based buffer overflow in Creative Software AutoUpdate Engine ...)
	NOT-FOR-US: Creative Software AutoUpdate
CVE-2010-0989 (Directory traversal vulnerability in delete.php in Pulse CMS before ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-0988 (Multiple unspecified vulnerabilities in Pulse CMS before 1.2.3 allow ...)
	NOT-FOR-US: Pulse CMS
CVE-2010-0987 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.7.609 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0986 (Adobe Shockwave Player before 11.5.7.609 does not properly process ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4735 (SQL injection vulnerability in login.php in Allomani Audio &amp; Video ...)
	NOT-FOR-US: Allomani Audio & Video Library
CVE-2009-4734 (SQL injection vulnerability in login.php in Allomani Movies Library ...)
	NOT-FOR-US: Allomani Movies Library
CVE-2009-4733 (SQL injection vulnerability in checkuser.php in SimpleLoginSys 0.5, ...)
	NOT-FOR-US: SimpleLoginSys
CVE-2009-4732 (SQL injection vulnerability in tt/index.php in TT Web Site Manager ...)
	NOT-FOR-US: TT Web Site Manager
CVE-2009-4731 (SQL injection vulnerability in photos.php in Model Agency Manager PRO ...)
	NOT-FOR-US: Model Agency Manager PRO
CVE-2009-4730 (SQL injection vulnerability in report.php in x10 Adult Media Script ...)
	NOT-FOR-US: Adult Media Script
CVE-2009-4729 (Multiple cross-site scripting (XSS) vulnerabilities in x10 Adult Media ...)
	NOT-FOR-US: Adult Media Script
CVE-2009-4728 (SQL injection vulnerability in the administrative interface in ...)
	NOT-FOR-US: Questions Answered
CVE-2009-4727 (SQL injection vulnerability in x/login in JungleScripts Ajax Short Url ...)
	NOT-FOR-US: JungleScripts Ajax Short Url
CVE-2009-4726 (Directory traversal vulnerability in download.php in Quickdev 4 PHP ...)
	NOT-FOR-US: Quickdev 4 PHP
CVE-2009-4725 (Directory traversal vulnerability in modules/aljazeera/admin/setup.php ...)
	NOT-FOR-US: Arab Portal
CVE-2009-4724 (SQL injection vulnerability in shop.htm in PaymentProcessorScript.net ...)
	NOT-FOR-US: PaymentProcessorScript.net PPScript
CVE-2009-4723 (Directory traversal vulnerability in confirm.php in Netpet CMS 1.9 ...)
	NOT-FOR-US: Netpet CMS
CVE-2009-4722 (SQL injection vulnerability in the CheckLogin function in ...)
	NOT-FOR-US: Limny
CVE-2009-4721 (Multiple SQL injection vulnerabilities in Admin/index.asp in ...)
	NOT-FOR-US: Andrews-Web BannerAd
CVE-2009-4720 (SQL injection vulnerability in cgi-bin/gnudip.cgi in GnuDIP 2.1.1 ...)
	- gnudip <removed> (medium; bug #539452)
CVE-2009-4719 (SQL injection vulnerability in index.php in Discloser 0.0.4 rc2 allows ...)
	NOT-FOR-US: Discloser
CVE-2010-XXXX [dojo can be used as a redirector]
	- dojo 1.4.2+dfsg-1 (low)
	NOTE: http://web.archive.org/web/20101029020014/http://dojotoolkit.org/blog/post/dylan/2010/03/dojo-security-advisory/
	NOTE: http://bugs.dojotoolkit.org/ticket/10773
CVE-2010-0985 (Directory traversal vulnerability in the Abbreviations Manager ...)
	NOT-FOR-US: com_abbrev component for Joomla!
CVE-2010-0984 (Acidcat CMS 3.5.3 and earlier stores sensitive information under the ...)
	NOT-FOR-US: Acidcat CMS
CVE-2010-0983 (PHP remote file inclusion vulnerability in include/mail.inc.php in ...)
	NOT-FOR-US: Rezervi
CVE-2010-0982 (Directory traversal vulnerability in the CARTwebERP (com_cartweberp) ...)
	NOT-FOR-US: com_cartweberp component for Joomla!
CVE-2010-0981 (SQL injection vulnerability in the TPJobs (com_tpjobs) component for ...)
	NOT-FOR-US: com_tpjobs component for Joomla!
CVE-2010-0980 (SQL injection vulnerability in player.php in Left 4 Dead (L4D) Stats ...)
	NOT-FOR-US: Left 4 Dead Stats
CVE-2010-0979 (Cross-site scripting (XSS) vulnerability in display.php in ...)
	NOT-FOR-US: Obsession-Design Image-Gallery
CVE-2010-0978 (KMSoft Guestbook (aka GBook) 1.0 stores sensitive information under ...)
	NOT-FOR-US: KMSoft Guestbook
CVE-2010-0977 (PD PORTAL 4.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: PD PORTAL
CVE-2010-0976 (Acidcat CMS 3.5.x does not prevent access to install.asp after ...)
	NOT-FOR-US: Acidcat CMS
CVE-2010-0975 (PHP remote file inclusion vulnerability in external.php in ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-0974 (Multiple SQL injection vulnerabilities in PHPCityPortal allow remote ...)
	NOT-FOR-US: PHPCityPortal
CVE-2010-0973 (SQL injection vulnerability in index.php in phppool media Domain ...)
	NOT-FOR-US: phppool Media Domain Verkaus and Auktions Portal
CVE-2010-0972 (Directory traversal vulnerability in the GCalendar (com_gcalendar) ...)
	NOT-FOR-US: com_gcalendar component for Joomla!
CVE-2010-0971 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.6.4 ...)
	NOT-FOR-US: ATutor CMS
CVE-2010-0970 (SQL injection vulnerability in phpmylogon.php in PhpMyLogon 2 allows ...)
	NOT-FOR-US: PhpMyLogon
CVE-2010-0968 (SQL injection vulnerability in bannershow.php in Geekhelps ADMP 1.01 ...)
	NOT-FOR-US: Geekhelps ADMP
CVE-2010-0967 (Multiple directory traversal vulnerabilities in Geekhelps ADMP 1.01, ...)
	NOT-FOR-US: Geekhelps ADMP
CVE-2010-0966 (PHP remote file inclusion vulnerability in inc/config.php in deV!L`z ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2010-0965 (Jevci Siparis Formu Scripti stores sensitive information under the web ...)
	NOT-FOR-US: Jevci Siparis Formu Scripti
CVE-2010-0964 (SQL injection vulnerability in start.php in Eros Webkatalog allows ...)
	NOT-FOR-US: Eros Webkatalog
CVE-2010-0963 (Cross-site scripting (XSS) vulnerability in index.php in dl Download ...)
	NOT-FOR-US: dl Download Ticket Service
CVE-2007-6733 (The nfs_lock function in fs/nfs/file.c in the Linux kernel 2.6.9 does ...)
	- linux-2.6 2.6.10-1
CVE-2010-1195 (Cross-site scripting (XSS) vulnerability in the htmlscrubber component ...)
	{DSA-2020-1}
	- ikiwiki 3.20100312 (low)
CVE-2010-0747 [linux-2.6 drbd connector issue]
	RESERVED
	{DSA-2015-1}
	- linux-2.6 <not-affected> (drbd introduced for the first time in 2.6.32-12, which included the fix for this issue, so no supported debian kernel was ever affected)
	- drbd8 2:8.3.7-1
	[lenny] - drbd8 2:8.0.14-2+lenny1
CVE-2009-4718 (SQL injection vulnerability in visitorduration.php in Gonafish ...)
	NOT-FOR-US: Gonafish WebStatCaffe
CVE-2009-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...)
	NOT-FOR-US: Gonafish WebStatCaffe
CVE-2009-4716 (Cross-site scripting (XSS) vulnerability in results.php in EDGEPHP ...)
	NOT-FOR-US: EDGEPHP EZWebSearch
CVE-2009-4715 (Cross-site scripting (XSS) vulnerability in rates.php in Real Time ...)
	NOT-FOR-US: Real Time Currency Exchange
CVE-2009-4714 (Cross-site scripting (XSS) vulnerability in the quiz module for XOOPS ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4713 (Multiple cross-site scripting (XSS) vulnerabilities in the Qas (aka ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2009-4712 (SQL injection vulnerability in index.php in Tukanas Classifieds (aka ...)
	NOT-FOR-US: EasyClassifieds
CVE-2009-4711 (SQL injection vulnerability in the CoolURI (cooluri) extension before ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4710 (SQL injection vulnerability in the Reset backend password ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4709 (SQL injection vulnerability in the datamints Newsticker ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4708 (SQL injection vulnerability in the [Gobernalia] Front End News ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4707 (Cross-site scripting (XSS) vulnerability in the [Gobernalia] Front End ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4706 (Cross-site scripting (XSS) vulnerability in the Mailform (mailform) ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4705 (Cross-site scripting (XSS) vulnerability in the Twitter Search ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4704 (Unspecified vulnerability in the Webesse E-Card (ws_ecard) extension ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4703 (SQL injection vulnerability in the Webesse Image Gallery (ws_gallery) ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4702 (SQL injection vulnerability in the Tour Extension (pm_tour) extension ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4701 (SQL injection vulnerability in the Myth download (myth_download) ...)
	NOT-FOR-US: typo3 third-party extension
CVE-2009-4700 (Directory traversal vulnerability in index.php in SkaDate Dating ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4699 (Multiple cross-site scripting (XSS) vulnerabilities in SkaDate Dating ...)
	NOT-FOR-US: SkaDate Dating
CVE-2009-4698 (Multiple SQL injection vulnerabilities in the Qas (aka Quas) module ...)
	NOT-FOR-US: XOOPS Celepar
CVE-2010-0969 (Unbound before 1.4.3 does not properly align structures on 64-bit ...)
	- unbound 1.4.3-1
	[lenny] - unbound <not-affected> (Vulnerable code not present)
CVE-2010-XXXX [moin: hierarchical ACLs security issue]
	- moin 1.8.4-1 (low)
	[lenny] - moin 1.7.1-3+lenny3
	NOTE: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2
CVE-2010-0962 (The FTP proxy server in Apple AirPort Express, AirPort Extreme, and ...)
	NOT-FOR-US: Apple
CVE-2010-0961 (Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and ...)
	NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0960 (Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and ...)
	NOT-FOR-US: IBM AIX and VIOS
CVE-2010-0959 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2010-0958 (Directory traversal vulnerability in modules/hayoo/index.php in ...)
	NOT-FOR-US: Tribisur
CVE-2010-0957 (Directory traversal vulnerability in content.php in Saskia's ...)
	NOT-FOR-US: Saskia's Shopsystem
CVE-2010-0956 (SQL injection vulnerability in index.php in OpenCart 1.3.2 allows ...)
	NOT-FOR-US: OpenCart
CVE-2010-0955 (SQL injection vulnerability in index.php in Bild Flirt Community 2.0 ...)
	NOT-FOR-US: Bild Flirt Community
CVE-2010-0954 (SQL injection vulnerability in search_result.asp in Pre Projects Pre ...)
	NOT-FOR-US: Pre Projects Pre E-Learning Portal
CVE-2010-0953 (Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows ...)
	NOT-FOR-US: phpCOIN
CVE-2010-0952 (SQL injection vulnerability in index.php in OneCMS 2.5, when ...)
	NOT-FOR-US: OneCMS
CVE-2010-0951 (SQL injection vulnerability in go_target.php in dev4u CMS allows ...)
	NOT-FOR-US: dev4u CMS
CVE-2010-0950 (Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote ...)
	NOT-FOR-US: Natychmiast CMS
CVE-2010-0949 (Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS ...)
	NOT-FOR-US: Natychmiast CMS
CVE-2010-0948 (SQL injection vulnerability in profil.php in Bigforum 4.5, when ...)
	NOT-FOR-US: Bigforum
CVE-2010-0947 (Cross-site scripting (XSS) vulnerability in post.aspx in Max Network ...)
	NOT-FOR-US: BBSMAX
CVE-2009-4697 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: RadNICS Gold 5
CVE-2009-4696 (SQL injection vulnerability in index.php in RadNICS Gold 5 allows ...)
	NOT-FOR-US: RadNICS Gold 5
CVE-2009-4695 (SQL injection vulnerability in index.php in RadScripts RadLance Gold ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4694 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4693 (Multiple PHP remote file inclusion vulnerabilities in GraFX MiniCWB ...)
	NOT-FOR-US: GraFX MiniCWB
CVE-2009-4692 (Cross-site scripting (XSS) vulnerability in index.php in RadScripts ...)
	NOT-FOR-US: RadScripts RadLance Gold
CVE-2009-4691 (SQL injection vulnerability in addlink.php in Classified Linktrader ...)
	NOT-FOR-US: Classified Linktrader Script
CVE-2009-4690 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...)
	NOT-FOR-US: YourFreeWorld Programs Rating Script
CVE-2009-4689 (SQL injection vulnerability in index.php in PHP Shopping Cart Selling ...)
	NOT-FOR-US: PHP Shopping Cart Selling Website Script
CVE-2009-4688 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: PHP Shopping Cart Selling Website Script
CVE-2009-4687 (SQL injection vulnerability in silentum_guestbook.php in Silentum ...)
	NOT-FOR-US: Silentum Guestbook
CVE-2009-4686 (Cross-site scripting (XSS) vulnerability in account.php in phplemon ...)
	NOT-FOR-US: phplemon AdQuick
CVE-2009-4685 (Cross-site scripting (XSS) vulnerability in celebrities.php in PHP ...)
	NOT-FOR-US: PHP Scripts Now Astrology
CVE-2009-4684 (Cross-site scripting (XSS) vulnerability in index.php in EZodiak ...)
	NOT-FOR-US: EZodiak
CVE-2009-4683 (Directory traversal vulnerability in vote.php in Good/Bad Vote allows ...)
	NOT-FOR-US: Good/Bad Vote
CVE-2009-4682 (Cross-site scripting (XSS) vulnerability in vote.php in Good/Bad Vote ...)
	NOT-FOR-US: Good/Bad Vote
CVE-2009-4681 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: phpDirectorySource
CVE-2009-4680 (SQL injection vulnerability in search.php in phpDirectorySource 1.x ...)
	NOT-FOR-US: phpDirectorySource
CVE-2010-1132 (The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter ...)
	{DSA-2021-2 DSA-2021-1}
	- spamass-milter 0.3.1-9 (bug #573228)
	[lenny] - spamass-milter 0.3.1-8+lenny1
CVE-2010-1189 (MediaWiki before 1.15.2 does not prevent wiki editors from linking to ...)
	{DSA-2022-1}
	- mediawiki 1:1.15.2-1 (low)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
	[lenny] - mediawiki 1:1.12.0-2lenny4
CVE-2010-1190 (thumb.php in MediaWiki before 1.15.2, when used with ...)
	{DSA-2022-1}
	- mediawiki 1:1.15.2-1 (low)
	[lenny] - mediawiki 1:1.12.0-2lenny4
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2010-March/000088.html
CVE-2010-0946 (SQL injection vulnerability in the Keep It Simple Stupid (KISS) ...)
	NOT-FOR-US: com_ksadvertiser component for Joomla!
CVE-2010-0945 (SQL injection vulnerability in the HotBrackets Tournament Brackets ...)
	NOT-FOR-US: com_hotbrackets component for Joomla!
CVE-2010-0944 (Directory traversal vulnerability in the JCollection (com_jcollection) ...)
	NOT-FOR-US: com_jcollection component for Joomla!
CVE-2010-0943 (Directory traversal vulnerability in the JA Showcase (com_jashowcase) ...)
	NOT-FOR-US: com_jashowcase component for Joomla!
CVE-2010-0942 (Directory traversal vulnerability in the jVideoDirect ...)
	NOT-FOR-US: com_jvideodirect component for Joomla!
CVE-2010-0941 (Multiple cross-site scripting (XSS) vulnerabilities in eTek Systems ...)
	NOT-FOR-US: eTek Systems Hit Counter
CVE-2010-0940 (Cross-site scripting (XSS) vulnerability in guestbook.php in Simple ...)
	NOT-FOR-US: Simple PHP Guestbook
CVE-2010-0939 (Visialis ABB Forum 1.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Visialis ABB Forum
CVE-2010-0938 (Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo ...)
	NOT-FOR-US: Todoo Forum
CVE-2010-0937 (Multiple unspecified vulnerabilities in Visualization Library before ...)
	NOT-FOR-US: Visualization Library
CVE-2010-0936 (Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK ...)
	NOT-FOR-US: D-LINK firmware
CVE-2009-4679 (Directory traversal vulnerability in the inertialFATE iF Portfolio ...)
	NOT-FOR-US: com_if_nexus component for Joomla!
CVE-2009-4678 (Cross-site scripting (XSS) vulnerability in index.php in Winn ...)
	NOT-FOR-US: Winn Guestbook
CVE-2009-4677 (Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP ...)
	NOT-FOR-US: phpFK PHP Forum
CVE-2010-XXXX [phpbb 3.0.7 permissions bypass]
	- phpbb3 3.0.7-PL1
	[lenny] - phpbb3 <not-affected> (older version is in the archive)
	[squeeze] - phpbb3 <not-affected> (older version is in the archive)
	NOTE: http://www.phpbb.com/community/viewtopic.php?f=14&t=2014195
CVE-2010-0928 (OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx ...)
	- openssl <unfixed> (unimportant)
	NOTE: http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf
	NOTE: somewhat impractical right now, but the openssl developers are working
	NOTE: on a fix just in case
CVE-2010-0926 (The default configuration of smbd in Samba before 3.3.11, 3.4.x before ...)
	- samba 2:3.4.6~dfsg-1 (low; bug #568493; bug #572953)
	[lenny] - samba <no-dsa> (Minor issue, patch breaks existing behaviour, can be fixed through configuration modifications)
CVE-2010-0935 (Perforce Server 2009.2 and earlier, when the protection table is ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0934 (The triggers functionality in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0933 (Directory traversal vulnerability in Perforce Server 2008.1 allows ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0932 (The FTP server in Perforce Server 2008.1 allows remote attackers to ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0931 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0930 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0929 (The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote ...)
	NOT-FOR-US: Perforce Server
CVE-2010-0927 (Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2009-4676 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...)
	NOT-FOR-US: JetCast.exe
CVE-2009-4675 (admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant ...)
	NOT-FOR-US: Mole Group Gastro Portal
CVE-2009-4674 (admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script ...)
	NOT-FOR-US: Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket
CVE-2009-4673 (SQL injection vulnerability in profile.php in Mole Group Adult Portal ...)
	NOT-FOR-US: Mole Group Adult Portal Script
CVE-2009-4672 (Directory traversal vulnerability in main.php in the WP-Lytebox plugin ...)
	NOT-FOR-US: WP-Lytebox plugin for WordPress
CVE-2009-4671 (Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4670 (admin/delitem.php in RoomPHPlanning 1.6 does not require ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4669 (Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2009-4668 (Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio ...)
	NOT-FOR-US: JetCast.exe
CVE-2009-4667 (SQL injection vulnerability in form.php in WebMember 1.0 allows remote ...)
	NOT-FOR-US: WebMember
CVE-2009-4666 (Multiple PHP remote file inclusion vulnerabilities in Webradev ...)
	NOT-FOR-US: Webradev Download Protect
CVE-2009-4665 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Cute Editor
CVE-2010-0925 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0924 (cfnetwork.dll 1.450.5.0 in CFNetwork, as used by safari.exe 531.21.10 ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0923 (Race condition in workspace/krunner/lock/lockdlg.cc in the KRunner ...)
	- kdebase 4:4.4.2-1
	[lenny] - kdebase <not-affected> (Only affected version 4.4.0)
	- kdebase-workspace 4:4.4.2-1
CVE-2010-0922 (Unspecified vulnerability in secldapclntd in IBM AIX 5.3 with SP ...)
	NOT-FOR-US: IBM AIX
CVE-2010-0921 (Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0920 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0919 (Stack-based buffer overflow in the Lotus Domino Web Access ActiveX ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0918 (Multiple unspecified vulnerabilities in the UltraLite functionality in ...)
	NOT-FOR-US: IBM Lotus iNotes/IBM Domino Web Access
CVE-2010-0917 (Stack-based buffer overflow in VBScript in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0916 (Unspecified vulnerability in Oracle OpenSolaris 10 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2010-0915 (Unspecified vulnerability in the Oracle Advanced Product Catalog ...)
	NOT-FOR-US: Oracle
CVE-2010-0914 (Unspecified vulnerability in Oracle Sun Convergence 1.0 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2010-0913 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2010-0912 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2010-0911 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2010-0910 (Unspecified vulnerability in the Data Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2010-0909 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2010-0908 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2010-0907 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...)
	NOT-FOR-US: Oracle
CVE-2010-0906 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...)
	NOT-FOR-US: Oracle
CVE-2010-0905 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle
CVE-2010-0904 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...)
	NOT-FOR-US: Oracle
CVE-2010-0903 (Unspecified vulnerability in the Net Foundation Layer component in ...)
	NOT-FOR-US: Oracle
CVE-2010-0902 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2010-0901 (Unspecified vulnerability in the Export component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2010-0900 (Unspecified vulnerability in the Network Layer component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2010-0899 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...)
	NOT-FOR-US: Oracle
CVE-2010-0898 (Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows ...)
	NOT-FOR-US: Oracle
CVE-2010-0897 (Unspecified vulnerability in the Sun Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2010-0896 (Unspecified vulnerability in the Sun Convergence component in Oracle ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0895 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0894 (Unspecified vulnerability in the Sun Java System Access Manager ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0893 (Unspecified vulnerability in the Sun Convergence component in Oracle ...)
	NOT-FOR-US: Oracle sun Product Suite
CVE-2010-0892 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle
CVE-2010-0891 (Unspecified vulnerability in the Sun Management Center component in ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0890 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0889 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
	NOT-FOR-US: OpenSolaris
CVE-2010-0888 (Unspecified vulnerability in the Sun Ray Server Software component in ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0887 (Unspecified vulnerability in the New Java Plug-in component in Oracle ...)
	- sun-java6 6.20-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0886 (Unspecified vulnerability in the Java Deployment Toolkit component in ...)
	- sun-java6 6.20-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0885 (Unspecified vulnerability in the Sun Java System Communications ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0884 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0883 (Unspecified vulnerability in the Sun Cluster component in Oracle Sun ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0882 (Unspecified vulnerability in the Solaris component in Oracle Sun ...)
	NOT-FOR-US: Oracle Sun Product Suite
CVE-2010-0881 (Unspecified vulnerability in the User Interface Components in Oracle ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2010-0880 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0879 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0878 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0877 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft
CVE-2010-0876 (Unspecified vulnerability in the Life Sciences - Oracle Clinical ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0875 (Unspecified vulnerability in the Life Sciences - Oracle Thesaurus ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0874 (Unspecified vulnerability in the Communications - Oracle ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0873 (Unspecified vulnerability in the Data Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2010-0872 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0871 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0870 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0869 (Unspecified vulnerability in the Oracle Transportation Management ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0868 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0867 (Unspecified vulnerability in the JavaVM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0866 (Unspecified vulnerability in the JavaVM component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0865 (Unspecified vulnerability in the Oracle Agile Engineering Data ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0864 (Unspecified vulnerability in the Retail - Oracle Retail Place ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0863 (Unspecified vulnerability in the Retail - Oracle Retail Plan In-Season ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0862 (Unspecified vulnerability in the Retail - Oracle Retail Markdown ...)
	NOT-FOR-US: Oracle Industry Product Suite
CVE-2010-0861 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0860 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0859 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0858 (Unspecified vulnerability in the E-Business Intelligence component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0857 (Unspecified vulnerability in the Oracle Workflow Cartridge component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0856 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0855 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0854 (Unspecified vulnerability in the Audit component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0853 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0852 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0851 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0850 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0849 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0848 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0847 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0846 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0845 (Unspecified vulnerability in the HotSpot Server component in Oracle ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0844 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0843 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0842 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0841 (Unspecified vulnerability in the ImageIO component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0840 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0839 (Unspecified vulnerability in the Sound component in Oracle Java SE and ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0838 (Unspecified vulnerability in the Java 2D component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0837 (Unspecified vulnerability in the Pack200 component in Oracle Java SE ...)
	- openjdk-6 6b20~pre1-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0836 (Unspecified vulnerability in the Oracle Knowledge Management component ...)
	NOT-FOR-US: Oracle
CVE-2010-0835 (Unspecified vulnerability in the Wireless component in Oracle Fusion ...)
	NOT-FOR-US: Oracle
CVE-2010-0834 (The base-files package before 5.0.0ubuntu7.1 on Ubuntu 9.10 and before ...)
	- base-files <not-affected> (ubuntu-specific fix for their default OEM configuration on the Dell Latitude 2110, which permitted installation of unsigned packages)
CVE-2010-0833 (The pam_lsass library in Likewise Open 5.4 and CIFS 5.4 before build ...)
	NOT-FOR-US: Likewise
CVE-2010-0832 (pam_motd (aka the MOTD module) in libpam-modules before ...)
	- pam <not-affected> (flaw in ubuntu-specific changes to the package)
CVE-2010-0831 (Directory traversal vulnerability in the extract_jar function in ...)
	- fastjar 2:0.98-3 (low)
	[lenny] - fastjar <no-dsa> (Minor issue)
CVE-2010-0830 (Integer signedness error in the elf_get_dynamic_info function in ...)
	{DSA-2058-1}
	- glibc 2.11-1
	- eglibc 2.11-1
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commit;h=db07e962b6ea963dbb345439f6ab9b0cf74d87c5
CVE-2010-0829 (Multiple array index errors in set.c in dvipng 1.11 and 1.12, and ...)
	{DSA-2048-1}
	- dvipng 1.13-1 (low; bug #580628)
	- texlive-bin <not-affected> (dvipng is not shipped in texlive-bin Debian packages)
CVE-2010-0828 (Cross-site scripting (XSS) vulnerability in action/Despam.py in the ...)
	{DSA-2024-1}
	- moin 1.9.2-3 (low; bug #575995)
CVE-2010-0827 (Integer overflow in dvips in TeX Live 2009 and earlier, and teTeX, ...)
	- texlive-bin 2009-6 (low; bug #580669)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-0826 (The Free Software Foundation (FSF) Berkeley DB NSS module (aka ...)
	- libnss-db 2.2.3pre1-3.2 (low; bug #577057)
	[squeeze] - libnss-db <no-dsa> (Minor issue)
	[lenny] - libnss-db <no-dsa> (Minor issue)
CVE-2010-0825 (lib-src/movemail.c in movemail in emacs 22 and 23 allows local users ...)
	- emacs21 <removed> (low)
	[lenny] - emacs21 <no-dsa> (Minor issue)
	NOTE: Only exploitable when configured as setgid mail, which isn't set by default
	- emacs22 <removed> (low; bug #590301)
	[lenny] - emacs22 <no-dsa> (Minor issue)
	- xemacs21 21.4.22-3.1 (low)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xmacs21 <no-dsa> (Minor issue)
	- emacs23 23.2+1-1 (low)
CVE-2009-4664 (Firewall Builder 3.0.4, 3.0.5, and 3.0.6, when running on Linux, ...)
	- fwbuilder 3.0.7-1 (bug #547390; medium)
	[lenny] - fwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
	- libfwbuilder 3.0.7-1 (bug #547390; medium)
	[lenny] - libfwbuilder <not-affected> (only versions 3.0.4, 3.0.5 and 3.0.6 are affected)
	NOTE: m68k package in debports in still affected at version 3.0.5
	NOTE: see http://www.fwbuilder.org/docs/firewall_builder_release_notes.html#3.0.7
CVE-2009-4663 (Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2009-4662 (Cross-site scripting (XSS) vulnerability in the WebAccess component in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-4661 (Multiple buffer overflows in BigAnt Server 2.50 SP6 and earlier allow ...)
	NOT-FOR-US: BigAnt Server
CVE-2009-4660 (Stack-based buffer overflow in the AntServer Module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt IM Server
CVE-2009-4659 (Unspecified vulnerability in MP3-Cutter Ease Audio Cutter 1.20 allows ...)
	NOT-FOR-US: MP3-Cutter Ease Audio Cutter
CVE-2009-4658 (Xerver 4.32 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: Xerver
CVE-2009-4657 (The administrator package for Xerver 4.32 does not require ...)
	NOT-FOR-US: Xerver
CVE-2009-4656 (Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including ...)
	NOT-FOR-US: E-Soft DJ Studio Pro
CVE-2010-XXXX [esmtp: world-readable config file]
	- esmtp 1.2-3 (unimportant; bug #568925)
	NOTE: Documentation advises against adding password data to the respective config file
CVE-2010-XXXX [irssi emote leak]
	- irssi-plugin-otr 1.0.0~alpha2-1 (unimportant; bug #569506)
CVE-2010-2450 [shibboleth-sp2: world-readable key]
	RESERVED
	- shibboleth-sp2 2.3.1+dfsg-2 (low; bug #571631)
	[lenny] - shibboleth-sp2 <no-dsa> (Minor issue)
	- shibboleth-sp <not-affected> (Vulnerable code not present)
CVE-2010-1192 (libESMTP, probably 1.0.4 and earlier, does not properly handle a '\0' ...)
	- libesmtp 1.0.4-5 (bug #572960)
	[lenny] - libesmtp <no-dsa> (Minor issue)
	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/6
CVE-2010-1193 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware Server ...)
	NOT-FOR-US: VMware Server
CVE-2010-XXXX [argyll unsafe udev rules]
	- argyll <not-affected> (issue with redhat-specific changes to the package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=560050
CVE-2010-2473 [Blocked user session regeneration]
	RESERVED
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2472 [Locale module cross site scripting]
	RESERVED
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2471 [Open redirection]
	RESERVED
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-2250 [Installation cross site scripting]
	RESERVED
	{DSA-2016-1}
	- drupal6 6.18-1 (bug #592716)
CVE-2010-XXXX [linux-ftpd: null ptr dereference]
	- linux-ftpd <not-affected> (Performs proper length checks, see #572813)
CVE-2010-0824 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2010-0823 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0822 (Stack-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-0821 (Unspecified vulnerability in Microsoft Office Excel 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0820 (Heap-based buffer overflow in the Local Security Authority Subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0819 (Unspecified vulnerability in the Windows OpenType Compact Font Format ...)
	NOT-FOR-US: Microsoft
CVE-2010-0818 (The MPEG-4 codec in the Windows Media codecs in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0817 (Cross-site scripting (XSS) vulnerability in _layouts/help.aspx in ...)
	NOT-FOR-US: Microsoft SharePoint Server
CVE-2010-0816 (Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, ...)
	NOT-FOR-US: Microsoft Outlook Express, Windows Live Mail, and Windows Mail
CVE-2010-0815 (VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0814 (The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2010-0813
	REJECTED
CVE-2010-0812 (Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0811 (Multiple unspecified vulnerabilities in the Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2010-0810 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, and Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0809
	REJECTED
CVE-2010-0808 (Microsoft Internet Explorer 6 and 7 on Windows XP and Vista does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0807 (Microsoft Internet Explorer 7 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0806 (Use-after-free vulnerability in the Peer Objects component (aka ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0805 (The Tabular Data Control (TDC) ActiveX control in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0804 (Cross-site scripting (XSS) vulnerability in index.php in iBoutique 4.0 ...)
	NOT-FOR-US: iBoutique
CVE-2010-0803 (SQL injection vulnerability in the jVideoDirect (com_jvideodirect) ...)
	NOT-FOR-US: jVideoDirect
CVE-2010-0802 (SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a ...)
	NOT-FOR-US: Invision Power Board
CVE-2010-0801 (Directory traversal vulnerability in the AutartiTarot ...)
	NOT-FOR-US: Joomla!
CVE-2010-0800 (SQL injection vulnerability in the Ossolution Team Documents Seller ...)
	NOT-FOR-US: Joomla!
CVE-2010-0799 (Directory traversal vulnerability in misc/tell_a_friend/tell.php in ...)
	NOT-FOR-US: phpunity.newsmanager
CVE-2010-0798 (SQL injection vulnerability in the T3BLOG extension 0.6.2 and earlier ...)
	NOT-FOR-US: T3BLOG extension for TYPO3
CVE-2010-0797 (Cross-site scripting (XSS) vulnerability in the T3BLOG extension 0.6.2 ...)
	NOT-FOR-US: T3BLOG extension for TYPO3
CVE-2010-0796 (SQL injection vulnerability in the JE Quiz (com_jequizmanagement) ...)
	NOT-FOR-US: Joomla!
CVE-2010-0795 (SQL injection vulnerability in the JE Event Calendars ...)
	NOT-FOR-US: Joomla!
CVE-2010-0794
	RESERVED
CVE-2010-0793 (Buffer overflow in BarnOwl before 1.5.1 allows remote attackers to ...)
	{DSA-2049-1}
	- barnowl 1.5.1-1 (bug #574418)
CVE-2010-0792 (fcrontab in fcron before 3.0.5 allows local users to read arbitrary ...)
	- fcron <removed> (unimportant; bug #572587)
	NOTE: On Debian runs suid/sgid fcron and the issue is limited to the exposure
	NOTE: of the content of crontabs
CVE-2010-0791 (The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0790 (sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0789 (fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local ...)
	{DSA-1989-1}
	- fuse 2.8.1-1.2 (bug #567633)
	NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0788 (ncpfs 2.2.6 allows local users to cause a denial of service, obtain ...)
	- ncpfs 2.2.6-7 (bug #572937)
	[lenny] - ncpfs <no-dsa> (Minor issue)
CVE-2010-0787 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, ...)
	{DSA-2004-1}
	- samba 2:3.4.5~dfsg-2 (bug #567554)
	NOTE: https://bugzilla.samba.org/show_bug.cgi?id=6853
	NOTE: Initial DSA released as CVE-2009-3297
CVE-2010-0786 (The Web Services Security component in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2010-0785 (Cross-site request forgery (CSRF) vulnerability in the Administrative ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0784 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0783 (Cross-site scripting (XSS) vulnerability in the Administrative Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0782 (IBM WebSphere MQ 6.x before 6.0.2.10 and 7.x before 7.0.1.3 allows ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0781 (Unspecified vulnerability in the administrative console in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0780 (IBM WebSphere MQ 7.x before 7.0.1.4 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0779 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0778 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2010-0777 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0776 (The Web Container in IBM WebSphere Application Server (WAS) 6.0 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0775 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0774 (The (1) JAX-RPC WS-Security 1.0 and (2) JAX-WS runtime implementations ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0773
	RESERVED
CVE-2010-0772 (Unspecified vulnerability in the channel process in IBM WebSphere MQ ...)
	NOT-FOR-US: IMB WebSphere MQ
CVE-2010-0771
	REJECTED
CVE-2010-0770 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0769 (IBM WebSphere Application Server (WAS) 6.0 before 6.0.2.41, 6.1 before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0768 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2010-0767
	RESERVED
CVE-2010-0766 (Integer overflow in the Swap4 function in valet4.dll in Luxology Modo ...)
	NOT-FOR-US: Luxology Modo
CVE-2010-0765 (fipsForum 2.6 stores sensitive information under the web root with ...)
	NOT-FOR-US: fipsForum
CVE-2010-0764 (SQL injection vulnerability in index.php in KuwaitPHP eSmile allows ...)
	NOT-FOR-US: KuwaitPHP eSmile
CVE-2010-0763 (SQL injection vulnerability in index.php in CommodityRentals Vacation ...)
	NOT-FOR-US: ComodityRentals Vacation Rental Software
CVE-2010-0762 (SQL injection vulnerability in index.php in CommodityRentals CD Rental ...)
	NOT-FOR-US: CommodityRentals CD Rental Software
CVE-2010-0761 (SQL injection vulnerability in index.php in CommodityRentals ...)
	NOT-FOR-US: CommodityRentals Books/eBooks Rentals Script
CVE-2010-0760 (Multiple directory traversal vulnerabilities in the Core Design ...)
	NOT-FOR-US: Joomla!
CVE-2010-0759 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Joomla!
CVE-2010-0758 (SQL injection vulnerability in news_desc.php in Softbiz Jobs allows ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2010-0757 (Unrestricted file upload vulnerability in index.php/Attach in WikyBlog ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0756 (Session fixation vulnerability in WikyBlog 1.7.3 rc2 allows remote ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0755 (PHP remote file inclusion vulnerability in include/WBmap.php in ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0754 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WikyBlog
CVE-2010-0753 (SQL injection vulnerability in the SQL Reports (com_sqlreport) ...)
	NOT-FOR-US: Joomla!
CVE-2010-0752 (The week_post_page function in the Weekly Archive by Node Type module ...)
	NOT-FOR-US: Weekly Archive by Node Type (Drupal module)
CVE-2010-1144
	REJECTED
CVE-2010-0750 (pkexec.c in pkexec in libpolkit in PolicyKit 0.96 allows local users ...)
	- policykit-1 <not-affected> (pkexec introduced in 0.92)
	[lenny] - policykit-1 <not-affected> (pkexec introduced in 0.92)
CVE-2010-0749
	RESERVED
	- transmission 1.92-1 (unimportant; bug #574507)
CVE-2010-0748 [transmission magnet links parser buffer overflow]
	RESERVED
	- transmission 1.92-1 (medium; bug #574507)
	[lenny] - transmission <not-affected> (Support for Magnet links not yet available)
CVE-2010-0746 (Directory traversal vulnerability in DeviceKit-disks in DeviceKit, as ...)
	- udisks 1.0.0~git20100212.aae17d9-1
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=523178
	NOTE: http://cgit.freedesktop.org/DeviceKit/DeviceKit-disks/commit/?id=62f883c7d38e75d0669c162529062a1e81d00da2
	NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=23235
CVE-2010-0745 (Unspecified vulnerability in Dovecot 1.2.x before 1.2.11 allows remote ...)
	- dovecot 1:1.2.11-1 (low)
	[lenny] - dovecot <not-affected> (this problem exists only with v1.2.x, not with v1.0 or v1.1)
	NOTE: http://www.dovecot.org/list/dovecot-news/2010-March/000152.html
	[etch] - dovecot <not-affected> (Vulnerable code not present)
CVE-2010-0744 (aMSN (aka Alvaro's Messenger) 0.98.3 and earlier, when SSL is used, ...)
	- amsn 0.98.3-1 (low; bug #572818)
	[lenny] - amsn <no-dsa> (Minor issue)
CVE-2010-0743 (Multiple format string vulnerabilities in isns.c in (1) Linux SCSI ...)
	{DSA-2042-1}
	- iscsitarget 0.4.17+svn229-1.4 (medium; bug #574935)
	- tgt 1:1.0.3-2 (medium; bug #576086)
CVE-2010-0742 (The Cryptographic Message Syntax (CMS) implementation in ...)
	- openssl 1.0.0e-1 (unimportant; bug #584592)
	[lenny] - openssl <not-affected> (CMS is only present in OpenSSL 0.9.8h and later)
	NOTE: unimportant since cms is disabled by default
CVE-2010-0741 (The virtio_net_bad_features function in hw/virtio-net.c in the ...)
	- linux-2.6 2.6.26-1
CVE-2010-0740 (The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through ...)
	- openssl 0.9.8n-1 (medium; bug #575607)
	[lenny] - openssl <not-affected> (only 0.9.8m is affected with 16 bit shorts)
	NOTE: http://www.openssl.org/news/secadv/20100324.txt
CVE-2010-0739 (Integer overflow in the predospecial function in dospecial.c in dvips ...)
	- texlive-bin 2009-6 (low; bug #560668)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny3
CVE-2010-0738 (The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise ...)
	- jbossas4 <not-affected> (Only builds a few libraries, not the full application server, #581226)
CVE-2010-0737
	RESERVED
	NOT-FOR-US: JBoss Operations Network
CVE-2010-0736 (Cross-site scripting (XSS) vulnerability in the view_queryform ...)
	- viewvc 1.1.5-1 (bug #575787)
CVE-2010-0735
	REJECTED
CVE-2010-0734 (content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is ...)
	{DSA-2023-1}
	- curl 7.20.0-1 (low)
	NOTE: http://www.openwall.com/lists/oss-security/2010/03/16/11
	NOTE: depends on the application that uses libcurl
CVE-2010-0733 (Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL ...)
	- postgresql-8.4 8.4.2-1
CVE-2010-0732 (gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver ...)
	- gtk+2.0 2.18.5-1
	[lenny] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
	[etch] - gtk+2.0 <not-affected> (issue only exposed by gnome-screensaver 2.28)
	NOTE: http://www.openwall.com/lists/oss-security/2010/02/12/1
CVE-2010-0731 (The gnutls_x509_crt_get_serial function in the GnuTLS library before ...)
	- gnutls26 <not-affected> (Fixed before initial release)
	- gnutls13 1.2.1-1
CVE-2010-0730 (The MMIO instruction decoder in the Xen hypervisor in the Linux kernel ...)
	- linux-2.6 <not-affected> (redhat-specific issue in the 2.6.18 xen kernel)
CVE-2010-0729 (A certain Red Hat patch for the Linux kernel in Red Hat Enterprise ...)
	- linux-2.6 <not-affected> (vulnerability in redhat-specific patch)
CVE-2010-0728 (smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is ...)
	- samba 2:3.4.7~dfsg-1 (high; bug #573223)
	[lenny] - samba <not-affected> (Only affects 3.3.11, 3.4.6 and 3.5.0)
CVE-2010-0727 (The gfs2_lock function in the Linux kernel before ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11
CVE-2010-0726 (Cross-site scripting (XSS) vulnerability in the tb-send.rb (TrackBack ...)
	{DSA-2009-1}
	- tdiary 2.2.1-1.1 (low; bug #572417)
CVE-2010-0717 (The default configuration of cfg.packagepages_actions_excluded in ...)
	{DSA-2014-1}
	- moin 1.9.0~rc2-1
CVE-2009-4652 (The (1) Conn_GetCipherInfo and (2) Conn_UsesSSL functions in ...)
	- ngircd 15-0.1
	[lenny] - ngircd <not-affected> (SSL/TLS support not yet present)
CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2010-0725 (Cross-site scripting (XSS) vulnerability in showimg.php in Arab Cart ...)
	NOT-FOR-US: Arab Cart
CVE-2010-0724 (SQL injection vulnerability in showimg.php in Arab Cart 1.0.2.0 allows ...)
	NOT-FOR-US: Arab Cart
CVE-2010-0723 (SQL injection vulnerability in news.php in Ero Auktion 2.0 and 2010 ...)
	NOT-FOR-US: Ero Auktion
CVE-2010-0722 (SQL injection vulnerability in news.php in Php Auktion Pro allows ...)
	NOT-FOR-US: Php Auktion Pro
CVE-2010-0721 (SQL injection vulnerability in news.php in Auktionshaus Gelb 3.0 ...)
	NOT-FOR-US: Auktionshaus Gelb
CVE-2010-0720 (SQL injection vulnerability in news.php in Erotik Auktionshaus allows ...)
	NOT-FOR-US: Erotik Auktionshaus
CVE-2010-0719 (An unspecified API in Microsoft Windows 2000, Windows XP, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-0718 (Buffer overflow in Microsoft Windows Media Player 9 and 11.0.5721.5145 ...)
	NOT-FOR-US: Microsoft
CVE-2010-0716 (_layouts/Upload.aspx in the Documents module in Microsoft SharePoint ...)
	NOT-FOR-US: Microsoft
CVE-2010-0715 (Open redirect vulnerability in login.jsp in IBM WebSphere Portal, IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0714 (Cross-site scripting (XSS) vulnerability in login.jsp in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0713 (Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss ...)
	- zenoss <itp> (bug #361253)
	NOTE: http://seclists.org/fulldisclosure/2010/Jan/296
CVE-2010-0712 (Multiple SQL injection vulnerabilities in ...)
	- zenoss <itp> (bug #361253)
	NOTE: http://seclists.org/fulldisclosure/2010/Jan/241
CVE-2010-0711 (Cross-site request forgery (CSRF) vulnerability in default.asp in ...)
	NOT-FOR-US: ASPCode CMS
CVE-2010-0710 (SQL injection vulnerability in default.asp in ASPCode CMS 1.5.8, 2.0.0 ...)
	NOT-FOR-US: ASPCode CMS
CVE-2010-0709 (Multiple cross-site request forgery (CSRF) vulnerabilities in Limny ...)
	NOT-FOR-US: Limny
CVE-2010-0708 (Multiple unspecified vulnerabilities in (1) ns-slapd and (2) slapd.exe ...)
	NOT-FOR-US: Sun Directory Server Enterprise Edition
CVE-2010-0707 (Cross-site request forgery (CSRF) vulnerability in add_user.php in ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0706 (Cross-site scripting (XSS) vulnerability in the login/prompt component ...)
	NOT-FOR-US: Subex Nikira Fraud Management System
CVE-2010-0705 (Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 ...)
	NOT-FOR-US: Windows 2000
CVE-2009-4655 (The dhost web service in Novell eDirectory 8.8.5 uses a predictable ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4654 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-4653 (Stack-based buffer overflow in the dhost module in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-0704 (Cross-site scripting (XSS) vulnerability in the Portlet Palette in IBM ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2010-0703 (Cross-site scripting (XSS) vulnerability in wa/auth in PortWise SSL ...)
	NOT-FOR-US: PortWise SSL VPN
CVE-2010-0702 (SQL injection vulnerability in cisco/services/PhonecDirectory.php in ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2010-0701 (SQL injection vulnerability in ForceChangePassword.jsp in Newgen ...)
	NOT-FOR-US: Newgen Software OmniDocs
CVE-2010-0700 (Cross-site scripting (XSS) vulnerability in index.php in WampServer ...)
	NOT-FOR-US: WampServer
CVE-2010-0699 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: VideoSearchScript Pro
CVE-2010-0698 (SQL injection vulnerability in backoffice/login.asp in Dynamicsoft WSC ...)
	NOT-FOR-US: Dynamicsoft WSC CMS
CVE-2010-0697 (Cross-site scripting (XSS) vulnerability in the iTweak Upload module ...)
	NOT-FOR-US: iTweak Upload module for Drupal
CVE-2010-0696 (Directory traversal vulnerability in includes/download.php in the ...)
	NOT-FOR-US: Joomla!
CVE-2010-0695 (Cross-site scripting (XSS) vulnerability in pages/index.php in ...)
	NOT-FOR-US: BASIC-CMS
CVE-2010-0694 (SQL injection vulnerability in the PerchaGallery (com_perchagallery) ...)
	NOT-FOR-US: Joomla!
CVE-2010-0693 (SQL injection vulnerability in products.php in CommodityRentals Trade ...)
	NOT-FOR-US: CommodityRentals Trade Manager Script
CVE-2010-0692 (SQL injection vulnerability in the IP-Tech JQuarks (com_jquarks) ...)
	NOT-FOR-US: Joomla!
CVE-2010-0691 (SQL injection vulnerability in druckansicht.php in JTL-Shop 2 allows ...)
	NOT-FOR-US: JTL-Shop
CVE-2010-0690 (SQL injection vulnerability in index.php in CommodityRentals Video ...)
	NOT-FOR-US: CommodityRentals Video Games Rentals
CVE-2010-0689 (The ExecuteExe method in the DVBSExeCall Control ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2010-0688 (Stack-based buffer overflow in Orbital Viewer 1.04 allows ...)
	NOT-FOR-US: Orbital Viewer
CVE-2010-0687
	RESERVED
CVE-2010-0686 (WebAccess in VMware VirtualCenter 2.0.2 and 2.5, VMware Server 2.0, ...)
	NOT-FOR-US: VMware Server
CVE-2010-0685 (The design of the dialplan functionality in Asterisk Open Source ...)
	- asterisk 1:1.6.2.6-1
	NOTE: Design limitation documented in that version
	[lenny] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
	[squeeze] - asterisk <no-dsa> (Unfixable design issue, best practice docs need to be followed)
CVE-2010-0684 (Cross-site scripting (XSS) vulnerability in createDestination.action ...)
	NOT-FOR-US: Apache ActiveMQ
CVE-2010-0683 (Unspecified vulnerability in TIBRepoServer5.jar in TIBCO Administrator ...)
	NOT-FOR-US: TIBCO Administrator
CVE-2010-0682 (WordPress 2.9 before 2.9.2 allows remote authenticated users to read ...)
	- wordpress 2.9.2-1 (low)
	[lenny] - wordpress <not-affected> (Only affects Wordpress >= 2.9)
CVE-2010-XXXX [multiple typo issues]
	- typo3-src 4.3.2-1 (bug #571151)
	[lenny] - typo3-src 4.2.5-1+lenny3
	NOTE: DSA-2008
CVE-2010-0681 (ZeusCMS 0.2 stores sensitive information under the web root with ...)
	NOT-FOR-US: ZeusCMS
CVE-2010-0680 (Directory traversal vulnerability in index.php in ZeusCMS 0.2 allows ...)
	NOT-FOR-US: ZeusCMS
CVE-2010-0679 (Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ...)
	NOT-FOR-US: ActiveX
CVE-2010-0678 (PHP remote file inclusion vulnerability in includes/moderation.php in ...)
	NOT-FOR-US: Katalog Stron Hurricane
CVE-2010-0677 (SQL injection vulnerability in index.php in Katalog Stron Hurricane ...)
	NOT-FOR-US: Katalog Stron Hurricane
CVE-2010-0676 (Directory traversal vulnerability in index.php in the RWCards ...)
	NOT-FOR-US: RWCards component for Joomla!
CVE-2010-0675 (Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik ...)
	NOT-FOR-US: BGSvetionik BGS CMS
CVE-2010-0674 (StatCounteX 3.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: StatCounteX
CVE-2010-0673 (SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog ...)
	NOT-FOR-US: Copperleaf Photolog plugin for WordPress
CVE-2010-0672 (SQL injection vulnerability in index.php in WSN Guest 1.02 allows ...)
	NOT-FOR-US: WSN Guest
CVE-2010-0671 (SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS ...)
	NOT-FOR-US: KR MEDIA Pogodny CMS
CVE-2010-0670 (Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) ...)
	NOT-FOR-US: IP-Tech JQuarks (com_jquarks) Component
CVE-2010-0669 (MoinMoin before 1.8.7 and 1.9.x before 1.9.2 does not properly ...)
	{DSA-2014-1}
	- moin 1.9.2-1 (bug #569975)
CVE-2010-0668 (Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x ...)
	{DSA-2014-1}
	- moin 1.9.2-1 (bug #569975)
CVE-2010-0667 (MoinMoin 1.9 before 1.9.1 does not perform the expected clearing of ...)
	- moin 1.9.1-1
	[lenny] - moin <not-affected> (versions before 1.9 are not affected)
	[etch] - moin <not-affected> (versions before 1.9 are not affected)
	NOTE: http://hg.moinmo.in/moin/1.9/rev/9d8e7ce3c3a2
	NOTE: http://hg.moinmo.in/moin/1.9/rev/04afdde50094
	NOTE: http://moinmo.in/MoinMoinChat/Logs/moin-dev/2010-01-18
CVE-2010-0666 (Unspecified vulnerability in eMBox in Novell eDirectory 8.8 SP5 Patch ...)
	NOT-FOR-US: Novell eDirectory
CVE-2010-0665 (JAG (Just Another Guestbook) 1.14 stores sensitive information under ...)
	NOT-FOR-US: JAG
CVE-2009-4651 (Multiple cross-site scripting (XSS) vulnerabilities in the Webee ...)
	NOT-FOR-US: Webee Comments component for Joomla!
CVE-2009-4650 (SQL injection vulnerability in the Webee Comments (com_webeecomment) ...)
	NOT-FOR-US: Webee Comments component for Joomla!
CVE-2009-4649 (Multiple cross-site scripting (XSS) vulnerabilities in geccBBlite 0.1 ...)
	NOT-FOR-US: geccBBlite
CVE-2009-4648 (Accellion Secure File Transfer Appliance before 8_0_105 does not ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4647 (Cross-site scripting (XSS) vulnerability in Accellion Secure File ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4646 (Static code injection vulnerability in the administrative web ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4645 (Directory traversal vulnerability in web_client_user_guide.html in ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2009-4644 (Accellion Secure File Transfer Appliance before 8_0_105 allows remote ...)
	NOT-FOR-US: Accellion Secure File Transfer Appliance
CVE-2005-4886 (The selinux_parse_skb_ipv6 function in security/selinux/hooks.c in the ...)
	- linux-2.6 2.6.12-1
	- linux-2.6.24 <not-affected> (fixed before 2.6.24)
CVE-2009-5050 [konversation DoS]
	RESERVED
	- konversation 1.2.3-1 (low)
	[lenny] - konversation <not-affected> (Doesn't affect the combination of kdelibs/QT in Lenny)
	NOTE: http://bugs.kde.org/show_bug.cgi?id=219985
CVE-2010-0664 (Stack consumption vulnerability in the ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0663 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0662 (The ParamTraits&lt;SkBitmap&gt;::Read function in ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0661 (WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp in WebKit before ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (libv8 issue)
	NOTE: http://trac.webkit.org/changeset/52401
CVE-2010-0660 (Google Chrome before 4.0.249.78 sends an https URL in the Referer ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0659 (The image decoder in WebKit before r52833, as used in Google Chrome ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0658 (Multiple integer overflows in Skia, as used in Google Chrome before ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0657 (Google Chrome before 4.0.249.78 on Windows does not perform the ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
	NOTE: claimed to be a windows-only issue
CVE-2010-0656 (WebKit before r51295, as used in Google Chrome before 4.0.249.78, ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0655 (Use-after-free vulnerability in Google Chrome before 4.0.249.78 allows ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0654 (Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, ...)
	{DSA-2124-1 DSA-2075-1}
	- xulrunner 1.9.1.11-1 (bug #570743)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.6-1
	[lenny] - icedove <end-of-life>
	- iceape 2.0.6-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0653 (Opera before 10.10 permits cross-origin loading of CSS stylesheets ...)
	NOT-FOR-US: Opera
CVE-2010-0652 (Microsoft Internet Explorer permits cross-origin loading of CSS ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0651 (WebKit before r52784, as used in Google Chrome before 4.0.249.78 and ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	NOTE: http://trac.webkit.org/changeset/52784
CVE-2010-0650 (WebKit, as used in Google Chrome before 4.0.249.78 and Apple Safari, ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (unimportant)
	NOTE: http://code.google.com/p/chromium/issues/detail?id=3275
	NOTE: unimportant because this is just a popup blocker bypass
CVE-2010-0649 (Integer overflow in the CrossCallParamsEx::CreateFromBuffer function ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0648 (Mozilla Firefox, possibly before 3.6, allows remote attackers to ...)
	- xulrunner <undetermined> (bug #570743)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2010-0647 (WebKit before r53525, as used in Google Chrome before 4.0.249.89, ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (medium)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2010-0646 (Multiple integer signedness errors in factory.cc in Google V8 before ...)
	- chromium-browser 5.0.375.29~r46008-1
	- libv8 2.1.6-1
	- webkit <not-affected> (libv8 issue)
CVE-2010-0645 (Multiple integer overflows in factory.cc in Google V8 before r3560, as ...)
	- chromium-browser 5.0.375.29~r46008-1
	- libv8 2.1.6-1
	- webkit <not-affected> (libv8 issue)
CVE-2010-0644 (Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0643 (Google Chrome before 4.0.249.89 attempts to make direct connections to ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2010-0642 (Cisco Collaboration Server (CCS) 5 allows remote attackers to read the ...)
	NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0641 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cisco Collaboration Server
CVE-2010-0640 (Cross-site scripting (XSS) vulnerability in CA eHealth Performance ...)
	NOT-FOR-US: CA eHealth Performance Manager
CVE-2010-0639 (The htcpHandleTstRequest function in htcp.c in Squid 2.x before ...)
	- squid 2.7.STABLE8-1 (bug #572553)
	[lenny] - squid <no-dsa> (Minor issue, only affects non-default setup)
	- squid3 3.1.0.17-1 (bug #572554)
	[lenny] - squid3 <no-dsa> (Minor issue, only affects non-default setup)
CVE-2010-0638 (Cross-site request forgery (CSRF) vulnerability in WebCalendar 1.2.0 ...)
	- webcalendar <removed> (bug #572557)
CVE-2009-4643 (Stack-based buffer overflow in dsInstallerService.dll in the Juniper ...)
	NOT-FOR-US: Juniper Installer Service
CVE-2009-XXXX [ffmpeg potentially remaining vulnerabilities after DSA 2000]
	- ffmpeg 4:0.5.1-1 (medium; bug #570713)
	- ffmpeg-debian <end-of-life>
CVE-2010-XXXX [phpbb3 weak captcha]
	- phpbb3 3.0.7-PL1-1 (unimportant; bug #570011)
CVE-2010-0634 (Unspecified vulnerability in Fast Lexical Analyzer Generator (flex) ...)
	- flex 2.5.35-1
CVE-2010-0629 (Use-after-free vulnerability in kadmin/server/server_stubs.c in ...)
	{DSA-2031-1}
	- krb5 1.7+dfsg-1 (low)
	NOTE: http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2010-003.txt
CVE-2010-0628 (The spnego_gss_accept_sec_context function in ...)
	- krb5 1.8+dfsg-1.1 (bug #575740)
	[lenny] - krb5 <not-affected> (Only affects 1.7/1.8)
CVE-2010-2234 (Cross-site request forgery (CSRF) vulnerability in Apache CouchDB ...)
	- couchdb 0.11.0-2.1 (bug #570013)
	[lenny] - couchdb <no-dsa> (does not support authentication at all)
CVE-2010-0637 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-0636 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
	- webcalendar <removed> (bug #572557)
CVE-2010-0635 (SQL injection vulnerability in the plgSearchEventsearch::onSearch ...)
	NOT-FOR-US: JEvents Search plugin for Joomla!
CVE-2010-0633 (Unspecified vulnerability in Citrix XenServer 5.0 Update 3 and ...)
	NOT-FOR-US: Citrix XenServer
CVE-2010-0632 (SQL injection vulnerability in the Parkview Consultants SimpleFAQ ...)
	NOT-FOR-US: Parkview Consultants SimpleFAQ component for Joomla!
CVE-2010-0631 (Multiple SQL injection vulnerabilities in index.php in Eicra Car ...)
	NOT-FOR-US: Eicra Car Rental-Script
CVE-2010-0630 (SQL injection vulnerability in viewjokes.php in Evernew Free Joke ...)
	NOT-FOR-US: Evernew Free Joke Script
CVE-2010-0627
	RESERVED
CVE-2010-0626
	RESERVED
CVE-2010-0625 (Stack-based buffer overflow in NWFTPD.nlm before 5.10.01 in the FTP ...)
	NOT-FOR-US: Novell NetWare
CVE-2010-0624 (Heap-based buffer overflow in the rmt_read__ function in ...)
	- cpio 2.11-1 (low)
	- tar 1.23-1 (low)
	[lenny] - tar 1.20-1+lenny1
	[lenny] - cpio 2.9-13lenny1
CVE-2010-0621
	RESERVED
CVE-2010-0620 (Directory traversal vulnerability in the SSL Service in EMC HomeBase ...)
	NOT-FOR-US: EMC HomeBase Server
CVE-2010-0619 (Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode ...)
	NOT-FOR-US: Lexmark laser printers
CVE-2010-0618 (The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode ...)
	NOT-FOR-US: Lexmark laser and injet printers and MarkNet devices
CVE-2010-0617 (Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0616 (evalSMSI 2.1.03 stores passwords in cleartext in the database, which ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0615 (Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0614 (SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows ...)
	NOT-FOR-US: evalSMSI
CVE-2010-0613 (Directory traversal vulnerability in viewfile.php in ARWScripts Fonts ...)
	NOT-FOR-US: ARWScripts Fonts Script
CVE-2010-0612 (Unspecified vulnerability in DocumentManager before 4.0 has unknown ...)
	NOT-FOR-US: DocumentManager
CVE-2010-0611 (Multiple SQL injection vulnerabilities in adminlogin.php in Baal ...)
	NOT-FOR-US: Baal Systems
CVE-2010-0610 (Multiple SQL injection vulnerabilities in the Photoblog ...)
	NOT-FOR-US: Photoblog component for Joomla!
CVE-2010-0609 (SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows ...)
	NOT-FOR-US: NovaBoard
CVE-2010-0608 (SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows ...)
	NOT-FOR-US: NovaBoard
CVE-2010-0607 (Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 ...)
	NOT-FOR-US: Sterlite SAM300 AX Router
CVE-2010-0606 (Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2010-0605 (SQL injection vulnerability in scp/ajax.php in osTicket before 1.6.0 ...)
	NOT-FOR-US: osTicket
CVE-2010-0604 (Unspecified vulnerability in the SIP implementation on the Cisco PGW ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0603 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PWG
CVE-2010-0602 (The SIP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0601 (The MGCP implementation on the Cisco PGW 2200 Softswitch with software ...)
	NOT-FOR-US: Cisco PGW
CVE-2010-0600 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0599 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0598 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0597 (Unspecified vulnerability in Cisco Mediator Framework 1.5.1 before ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0596 (Unspecified vulnerability in Cisco Mediator Framework 2.2 before ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0595 (Cisco Mediator Framework 1.5.1 before 1.5.1.build.14-eng, 2.2 before ...)
	NOT-FOR-US: Cisco Mediator Framework
CVE-2010-0594 (Cross-site scripting (XSS) vulnerability in Cisco Router and Security ...)
	NOT-FOR-US: Cisco Router and Security Device Manager
CVE-2010-0593 (The Cisco RVS4000 4-port Gigabit Security Router before 1.3.2.0, ...)
	NOT-FOR-US: Cisco RVS4000 Router
CVE-2010-0592 (The CTI Manager service in Cisco Unified Communications Manager (aka ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0591 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0590 (The CMSIPUtility component in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0589 (The Web Install ActiveX control (CSDWebInstaller) in Cisco Secure ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0588 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0587 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2010-0586 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0585 (Cisco IOS 12.1 through 12.4, when Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0584 (Unspecified vulnerability in Cisco IOS 12.4, when NAT SCCP ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0583 (Memory leak in the H.323 implementation in Cisco IOS 12.1 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0582 (Cisco IOS 12.1 through 12.4, and 15.0M before 15.0(1)M1, allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0581 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0580 (Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 ...)
	NOT-FOR-US: CiscoIOS
CVE-2010-0579 (The SIP implementation in Cisco IOS 12.3 and 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0578 (The IKE implementation in Cisco IOS 12.2 through 12.4 on Cisco 7200 ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0577 (Cisco IOS 12.2 through 12.4, when certain PMTUD, SNAT, or window-size ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0576 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, IOS XE 2.1.x ...)
	NOT-FOR-US: Cisco IOS
CVE-2010-0575 (Cisco Wireless LAN Controller (WLC) software, possibly 6.0.x or ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-0574 (Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco WLC
CVE-2010-0573 (Unspecified vulnerability on the Cisco Digital Media Player before 5.2 ...)
	NOT-FOR-US: Cisco Digital Media Player
CVE-2010-0572 (Cisco Digital Media Manager (DMM) before 5.2 allows remote ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0571 (Unspecified vulnerability in Cisco Digital Media Manager (DMM) 5.0.x ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0570 (Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default ...)
	NOT-FOR-US: Cisco Digital Media Manager
CVE-2010-0569 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2010-0568 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2010-0567 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2010-0566 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2010-0565 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2009-4642 (gnome-screensaver 2.26.1 relies on the gnome-session D-Bus interface ...)
	- gnome-screensaver 2.26.1-2
	[lenny] - gnome-screensaver <not-affected> (vulnerability introduced in 2.26)
	NOTE: only an issue under certain desktop environments such as xfce
CVE-2009-4641 (gnome-screensaver 2.28.0 does not resume adherence to its activation ...)
	- gnome-screensaver 2.28.0-2 (low; bug #569667)
	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2001-1586 (Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2010-XXXX [multiple mod_security issues]
	- libapache-mod-security 2.5.12-1 (bug #569658)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=563455
CVE-2010-0623 (The futex_lock_pi function in kernel/futex.c in the Linux kernel ...)
	- linux-2.6 2.6.32-9
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0622 (The wake_futex_pi function in kernel/futex.c in the Linux kernel ...)
	{DSA-2012-1 DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-9
	- linux-2.6.24 <removed>
CVE-2010-0564 (Buffer overflow in Trend Micro URL Filtering Engine (TMUFE) in ...)
	NOT-FOR-US: Trend Micro URL Filtering Engine
CVE-2009-4640 (Array index error in vorbis_dec.c in FFmpeg 0.5 allows remote ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4639 (The av_rescale_rnd function in the AVI demuxer in FFmpeg 0.5 allows ...)
	- ffmpeg 7:2.4.1-1 (unimportant; bug #550442)
	- ffmpeg-debian <removed> (unimportant)
	NOTE: denial-of-service only, so not worth worrying about
	NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.devel/97154/focus=97156
	NOTE: http://thread.gmane.org/gmane.comp.video.ffmpeg.issues/6111/focus=6116
CVE-2009-4638 (Integer overflow in FFmpeg 0.5 allows remote attackers to cause a ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4637 (FFmpeg 0.5 allows remote attackers to cause a denial of service ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4636 (FFmpeg 0.5 allows remote attackers to cause a denial of service (hang) ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4635 (FFmpeg 0.5 allows remote attackers to cause a denial of service and ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4634 (Multiple integer underflows in FFmpeg 0.5 allow remote attackers to ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4633 (vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4632 (oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2009-4631 (Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows ...)
	{DSA-2000-1}
	- ffmpeg 4:0.5+svn20090706-3 (bug #550442)
	- ffmpeg-debian <removed>
CVE-2010-0563 (The Single Sign-on (SSO) functionality in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2010-0562 (The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, ...)
	- fetchmail 6.3.13-2 (low)
	[lenny] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
	[etch] - fetchmail <not-affected> (This issue was introduced in 6.3.11)
	NOTE: the conditions so that this is exploitable are rather obscure
CVE-2010-0561 (Integer signedness error in NetBSD 4.0, 5.0, and NetBSD-current before ...)
	NOT-FOR-US: NetBSD
CVE-2010-0560 (Unspecified vulnerability in the BIOS in Intel Desktop Board DB, DG, ...)
	NOT-FOR-US: Intel Desktop BIOS
CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, ...)
	NOT-FOR-US: Sun Cluster
CVE-2010-0559 (The default configuration of Oracle OpenSolaris snv_91 through snv_131 ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-0558 (The default configuration of Oracle OpenSolaris snv_77 through snv_131 ...)
	NOT-FOR-US: Oracle OpenSolaris
CVE-2010-0557 (IBM Cognos Express 9.0 allows attackers to obtain unspecified access ...)
	NOT-FOR-US: IBM Cognos Express
CVE-2010-0556 (browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit <not-affected> (chrome-specific issue)
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...)
	NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...)
	NOT-FOR-US: WebExpert
CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...)
	NOT-FOR-US: WebLogExpert
CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote ...)
	NOT-FOR-US: SurfStats
CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote ...)
	NOT-FOR-US: WebTrends
CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...)
	NOT-FOR-US: Microsoft
CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant; bug #570740)
	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
	NOTE: then that itself should be fixed
CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...)
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant; bug #570740)
	NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
	NOTE: then that itself should be fixed
CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...)
	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
	NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2010-0555 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0554 (The HTTP Authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0553 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote authenticated users ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0552 (Geo++ GNCASTER 1.4.0.7 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0551 (HTTP authentication implementation in Geo++ GNCASTER 1.4.0.7 and ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0550 (admin.htm in Geo++ GNCASTER 1.4.0.7 and earlier does not properly ...)
	NOT-FOR-US: Geo++ GNCASTER
CVE-2010-0549 (Unspecified vulnerability in the Network Controller in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2010-0548 (Multiple unspecified vulnerabilities in the Network Controller and Web ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2010-0547 (client/mount.cifs.c in mount.cifs in smbfs in Samba 3.4.5 and earlier ...)
	{DSA-2004-1}
	- samba 2:3.4.5~dfsg-2 (bug #568942; medium)
CVE-2010-0546 (Folder Manager in Apple Mac OS X 10.5.8, and 10.6 before 10.6.4, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0545 (The Finder in DesktopServices in Apple Mac OS X 10.5.8, and 10.6 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0544 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.2.1-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser <not-affected> (only Safari is affected, they have a different URL parsing implementation)
	NOTE: https://bugs.webkit.org/show_bug.cgi?id=37662
	NOTE: http://trac.webkit.org/changeset/58792
	NOTE: http://trac.webkit.org/changeset/58796
CVE-2010-0543 (ImageIO in Apple Mac OS X 10.5.8, and 10.6 before 10.6.2, allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0542 (The _WriteProlog function in texttops.c in texttops in the Text Filter ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-0541 (Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in ...)
	- ruby1.8 1.8.7.302-1
	[lenny] - ruby1.8 <no-dsa> (Minor issue)
	- ruby1.9 <removed>
	[lenny] - ruby1.9 <no-dsa> (Minor issue)
	- ruby1.9.1 1.9.2.0-1 (bug #593298)
CVE-2010-0540 (Cross-site request forgery (CSRF) vulnerability in the web interface ...)
	{DSA-2176-1}
	- cups 1.4.4-1
CVE-2010-0539 (Integer signedness error in the window drawing implementation in Apple ...)
	NOT-FOR-US: Apple Java
CVE-2010-0538 (Apple Java for Mac OS X 10.5 before Update 7 and Java for Mac OS X ...)
	NOT-FOR-US: Apple Java
CVE-2010-0537 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 does not properly ...)
	NOT-FOR-US: Apple DesktopServices
CVE-2010-0536 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0535 (Dovecot in Apple Mac OS X 10.6 before 10.6.3, when Kerberos is ...)
	- dovecot <not-affected> (Apple specific, http://marc.info/?l=oss-security&m=136546217008001&w=2)
CVE-2010-0534 (Wiki Server in Apple Mac OS X 10.6 before 10.6.3 does not enforce the ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-0533 (Directory traversal vulnerability in AFP Server in Apple Mac OS X ...)
	NOT-FOR-US: Apple AFP Server
CVE-2010-0532 (Race condition in the installation package in Apple iTunes before 9.1 ...)
	NOT-FOR-US: Apple itunes
CVE-2010-0531 (Apple iTunes before 9.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple iTunes
CVE-2010-0530 (Apple QuickTime before 7.6.9 on Windows sets weak permissions for the ...)
	NOT-FOR-US: QuickTime
CVE-2010-0529 (Heap-based buffer overflow in QuickTime.qts in Apple QuickTime before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0528 (Apple QuickTime before 7.6.6 on Windows allows remote attackers to ...)
	NOT-FOR-US: Apple Quicktime
CVE-2010-0527 (Integer overflow in Apple QuickTime before 7.6.6 on Windows allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0526 (Heap-based buffer overflow in QuickTimeMPEG.qtx in QuickTime in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0525 (Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key ...)
	NOT-FOR-US: Apple Mail
CVE-2010-0524 (The default configuration of the FreeRADIUS server in Apple Mac OS X ...)
	- freeradius <not-affected> (Apple specific configuration issue)
CVE-2010-0523 (Wiki Server in Apple Mac OS X 10.5.8 does not restrict the file types ...)
	NOT-FOR-US: Apple Wiki Server
CVE-2010-0522 (Server Admin in Apple Mac OS X Server 10.5.8 does not properly ...)
	NOT-FOR-US: Apple Server Admin
CVE-2010-0521 (Server Admin in Apple Mac OS X Server before 10.6.3 does not properly ...)
	NOT-FOR-US: Apple Server Admin
CVE-2010-0520 (Heap-based buffer overflow in QuickTimeAuthoring.qtx in QuickTime in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0519 (Integer overflow in QuickTime in Apple Mac OS X before 10.6.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0518 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0517 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0516 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0515 (QuickTime in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0514 (Heap-based buffer overflow in QuickTime in Apple Mac OS X before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0513 (Stack-based buffer overflow in PS Normalizer in Apple Mac OS X before ...)
	NOT-FOR-US: Apple PS Normalizer
CVE-2010-0512 (The Accounts Preferences implementation in Apple Mac OS X 10.6 before ...)
	NOT-FOR-US: Apple Accounts Preferences
CVE-2010-0511 (Podcast Producer in Apple Mac OS X 10.6 before 10.6.3 deletes the ...)
	NOT-FOR-US: Apple Podcast Producer
CVE-2010-0510 (Password Server in Apple Mac OS X Server before 10.6.3 does not ...)
	NOT-FOR-US: Apple Password Server
CVE-2010-0509 (SFLServer in OS Services in Apple Mac OS X before 10.6.3 allows local ...)
	NOT-FOR-US: Apple SFLServer
CVE-2010-0508 (Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules ...)
	NOT-FOR-US: Apple Mail
CVE-2010-0507 (Buffer overflow in Image RAW in Apple Mac OS X before 10.6.3 allows ...)
	NOT-FOR-US: Apple Image RAW
CVE-2010-0506 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 allows remote ...)
	NOT-FOR-US: Apple Image RAW
CVE-2010-0505 (Heap-based buffer overflow in ImageIO in Apple Mac OS X before 10.6.3 ...)
	NOT-FOR-US: Apple ImageIO
CVE-2010-0504 (Multiple stack-based buffer overflows in iChat Server in Apple Mac OS ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0503 (Use-after-free vulnerability in iChat Server in Apple Mac OS X Server ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0502 (iChat Server in Apple Mac OS X Server before 10.6.3, when group chat ...)
	NOT-FOR-US: Apple iChat
CVE-2010-0501 (Directory traversal vulnerability in FTP Server in Apple Mac OS X ...)
	NOT-FOR-US: Apple FTP Server
CVE-2010-0500 (Event Monitor in Apple Mac OS X before 10.6.3 does not properly ...)
	NOT-FOR-US: Apple Event Monitor
CVE-2010-0499
	RESERVED
CVE-2010-0498 (Directory Services in Apple Mac OS X before 10.6.3 does not properly ...)
	NOT-FOR-US: Apple Directory Services
CVE-2010-0497 (Disk Images in Apple Mac OS X before 10.6.3 does not provide the ...)
	NOT-FOR-US: Apple Disk Images
CVE-2010-0496 (FreeBit ServersMan 3.1.5 on Apple iPhone OS 3.1.2, and iPhone OS for ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2010-0495
	REJECTED
CVE-2010-0494 (Cross-domain vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0493
	REJECTED
CVE-2010-0492 (Use-after-free vulnerability in mstime.dll in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0491 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0490 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0489 (Race condition in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0488 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0487 (The Authenticode Signature verification functionality in cabview.dll ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0486 (The WinVerifyTrust function in Authenticode Signature Verification ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0485 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-0484 (The Windows kernel-mode drivers in win32k.sys in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2010-0483 (vbscript.dll in VBScript 5.1, 5.6, 5.7, and 5.8 in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0482 (The kernel in Microsoft Windows Server 2008 R2 and Windows 7 does not ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0481 (The kernel in Microsoft Windows Vista Gold, SP1, and SP2, Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0480 (Multiple stack-based buffer overflows in the MPEG Layer-3 audio codecs ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0479 (Buffer overflow in Microsoft Office Publisher 2002 SP3, 2003 SP3, and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0478 (Stack-based buffer overflow in nsum.exe in the Windows Media Unicast ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0477 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0476 (The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0475 (Cross-site scripting (XSS) vulnerability in esp/editUser.esp in the ...)
	NOT-FOR-US: Palo Alto Networks Firewall
CVE-2010-0474
	RESERVED
	{DSA-2188-1}
	- webkit 1.4.0-1
CVE-2010-0473
	RESERVED
CVE-2010-0472 (kuddb2 in Tivoli Monitoring for DB2, as distributed in IBM DB2 9.7 FP1 ...)
	NOT-FOR-US: IBM DB2
CVE-2010-0471 (SQL injection vulnerability in the comment submission interface ...)
	NOT-FOR-US: Enano CMS
CVE-2010-0470 (Cross-site scripting (XSS) vulnerability in scvrtsrv.cmd in Comtrend ...)
	NOT-FOR-US: Comtrend
CVE-2010-0469 (SQL injection vulnerability in Files2Links F2L 3000 appliance 4.0.0, ...)
	NOT-FOR-US: Files2Links
CVE-2010-0468 (Cross-site scripting (XSS) vulnerability in utilities/longproc.cfm in ...)
	NOT-FOR-US: PaperThin CommonSpot Content Server
CVE-2010-0467 (Directory traversal vulnerability in the ccNewsletter ...)
	NOT-FOR-US: ccNewsletter component for Joomla!
CVE-2010-XXXX [nautilus: file preview html script execution]
	- nautilus <not-affected> (proof-of-concept script is previewed as text, not executed)
	NOTE: http://seclists.org/fulldisclosure/2010/Feb/112
CVE-2010-XXXX [browser javascript document.write denial-of-service]
	- xulrunner <unfixed> (unimportant; bug #568486)
	- webkit <unfixed> (unimportant; bug #568485)
	- qt4-x11 <unfixed> (unimportant)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <unfixed> (unimportant)
CVE-2010-0466
	RESERVED
CVE-2010-0465 (Cross-site scripting (XSS) vulnerability in the online Documents ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2010-0464 (Roundcube 0.3.1 and earlier does not request that the web browser ...)
	- roundcube 0.3.1-3 (bug #569660)
CVE-2010-0463 (Horde IMP 4.3.6 and earlier does not request that the web browser ...)
	- imp4 4.3.7+debian0-2 (low; bug #569661)
	[lenny] - imp4 4.2-4lenny2
CVE-2010-0462 (Heap-based buffer overflow in IBM DB2 9.1 before FP9, 9.5 before FP6, ...)
	NOT-FOR-US: IBM DB2
CVE-2010-0461 (SQL injection vulnerability in the casino (com_casino) component 1.0 ...)
	NOT-FOR-US: Joomla!
CVE-2010-0460 (Multiple cross-site scripting (XSS) vulnerabilities in staff/index.php ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2010-0459 (SQL injection vulnerability in the Mochigames (com_mochigames) ...)
	NOT-FOR-US: Joomla!
CVE-2010-0458 (Multiple SQL injection vulnerabilities in NetArt Media Blog System 1.5 ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2010-0457 (SQL injection vulnerability in home.php in magic-portal 2.1 allows ...)
	NOT-FOR-US: magic-portal
CVE-2010-0456 (SQL injection vulnerability in the indianpulse Game Server ...)
	NOT-FOR-US: Joomla!
CVE-2010-0455 (Cross-site scripting (XSS) vulnerability in forum/viewtopic.php in ...)
	NOT-FOR-US: PunBB
CVE-2010-0454 (SQL injection vulnerability in cgi/cgilua.exe/sys/start.htm in ...)
	NOT-FOR-US: Publique! CMS
CVE-2010-0453 (The ucode_ioctl function in intel/io/ucode_drv.c in Sun Solaris 10 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2010-0452 (Multiple cross-site scripting (XSS) vulnerabilities in HP Project and ...)
	NOT-FOR-US: HP Project and Portfolio Management Center
CVE-2010-0451 (The installation process for NFS/ONCplus B.11.31_08 and earlier on HP ...)
	NOT-FOR-US: HP-UX
CVE-2010-0450 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0449 (Cross-site scripting (XSS) vulnerability in HP SOA Registry Foundation ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0448 (Unspecified vulnerability in HP SOA Registry Foundation 6.63 and 6.64 ...)
	NOT-FOR-US: HP SOA Registry Foundation
CVE-2010-0447 (The helpmanager servlet in the web server in HP OpenView Performance ...)
	NOT-FOR-US: HP OpenView Performance Insight
CVE-2010-0446 (Unspecified vulnerability on the HP DreamScreen 100 and 130 with ...)
	NOT-FOR-US: HP DreamScreen
CVE-2010-0445 (Unspecified vulnerability in HP Network Node Manager (NNM) 8.10, 8.11, ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2010-0444 (HP Operations Agent 8.51, 8.52, 8.53, and 8.60 on Solaris 10 uses a ...)
	NOT-FOR-US: HP Operations Agent
CVE-2010-0443 (Unspecified vulnerability in Record Management Services (RMS) before ...)
	NOT-FOR-US: HP OpenVMS
CVE-2010-0441 (Asterisk Open Source 1.6.0.x before 1.6.0.22, 1.6.1.x before 1.6.1.14, ...)
	- asterisk 1:1.6.2.2-1
	[lenny] - asterisk <not-affected> (Only affects 1.6.x)
	[etch] - asterisk <not-affected> (Only affects 1.6.x)
CVE-2010-0440 (Cross-site scripting (XSS) vulnerability in +CSCOT+/translation in ...)
	NOT-FOR-US: Cisco Secure Desktop
CVE-2010-0439 (Chip Salzenberg Deliver allows local users to cause a denial of ...)
	- deliver <removed>
CVE-2010-0438 (Multiple SQL injection vulnerabilities in Kernel/System/Ticket.pm in ...)
	{DSA-1993-1}
	- otrs <not-affected> (vulnerable code not present)
	[etch] - otrs2 <not-affected> (vulnerable code not present)
	- otrs2 2.4.7-1 (medium)
	NOTE: http://web.archive.org/web/20111224162621/http://otrs.org/advisory/OSA-2010-01-en/
CVE-2010-0437 (The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux ...)
	- linux-2.6 2.6.26-9
CVE-2010-0436 (Race condition in backend/ctrl.c in KDM in KDE Software Compilation ...)
	{DSA-2037-1}
	- kdebase 4:4.0
	- kdebase-workspace 4:4.4.3-1
	NOTE: The binary package kdm was built from kdebase in Lenny and from kdebase-workspace
	NOTE: in KDE 4.x, i.e. Squeeze onwards
CVE-2010-0435 (The Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise ...)
	{DSA-2153-1}
	- linux-2.6 2.6.32-29
CVE-2010-0434 (The ap_read_request function in server/protocol.c in the Apache HTTP ...)
	{DSA-2035-1}
	- apache2 2.2.15-1
CVE-2010-0433 (The kssl_keytab_is_available function in ssl/kssl.c in OpenSSL before ...)
	- openssl <not-affected> (Kerberos support not enabled)
	NOTE: http://www.openwall.com/lists/oss-security/2010/03/03/5
CVE-2010-0432 (Multiple cross-site scripting (XSS) vulnerabilities in the Apache Open ...)
	NOT-FOR-US: Apache Open For Business Project (OFBiz)
CVE-2010-0431 (QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat ...)
	- qemu-kvm <not-affected> (QXL support not yet present in Debian packages)
	- kvm <not-affected> (QXL support not yet present in Debian packages)
CVE-2010-0430 (libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0429 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0428 (libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) ...)
	- spice <not-affected> (Fixed before initial upload to archive)
CVE-2010-0427 (sudo 1.6.x before 1.6.9p21, when the runas_default option is used, ...)
	{DSA-2006-1}
	- sudo 1.7.0-1
	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0426 (sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a ...)
	{DSA-2006-1}
	- sudo 1.7.2p1-1.2 (bug #570737)
	NOTE: http://www.openwall.com/lists/oss-security/2010/02/23/4
CVE-2010-0425 (modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server ...)
	- apache2 <not-affected> (Windows only)
CVE-2010-0424 (The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) ...)
	- cron <not-affected> (vulnerability in redhat-specific changes to their cron forks; cronie and vixie-cron)
CVE-2010-0423 (gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0422 (gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize ...)
	- gnome-screensaver 2.28.3-1
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0421 (Array index error in the hb_ot_layout_build_glyph_classes function in ...)
	{DSA-2019-1}
	- pango1.0 1.26.2-1 (bug #574021)
CVE-2010-0420 (libpurple in Finch in Pidgin before 2.6.6, when an XMPP multi-user ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0419 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...)
	{DSA-2010-1}
	- kvm <removed>
CVE-2010-0418 (The web interface in chumby one before 1.0.4 and chumby classic before ...)
	NOT-FOR-US: Chumby device's web interface
CVE-2010-0417 (Buffer overflow in common/util/rlstate.cpp in Helix Player 1.0.6 and ...)
	NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0416 (Buffer overflow in the Unescape function in common/util/hxurl.cpp and ...)
	NOT-FOR-US: RealPlayer/Helix Player
CVE-2010-0415 (The do_pages_move function in mm/migrate.c in the Linux kernel before ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
CVE-2010-0414 (gnome-screensaver before 2.28.2 allows physically proximate attackers ...)
	- gnome-screensaver 2.28.2-1 (bug #569084)
	[etch] - gnome-screensaver <not-affected> (Vulnerable code not present)
	[lenny] - gnome-screensaver <not-affected> (Vulnerable code not present)
CVE-2010-0413
	RESERVED
CVE-2010-0412 (stap-server in SystemTap 1.1 does not properly restrict the value of ...)
	- systemtap 1.2-1 (bug #572560)
	[lenny] - systemtap <not-affected> (Server component not yet present)
	[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2010-0411 (Multiple integer signedness errors in the (1) __get_argv and (2) ...)
	- systemtap 1.2-1 (low; bug #568809)
	[lenny] - systemtap <not-affected> (Vulnerable code not present)
	[etch] - systemtap <no-dsa> (Minor issue)
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=11234 and RH
CVE-2010-0410 (drivers/connector/connector.c in the Linux kernel before 2.6.32.8 ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=f98bfbd78c37c5946cc53089da32a5f741efdeb7
CVE-2010-0409 (Buffer overflow in the GMIME_UUENCODE_LEN macro in ...)
	{DSA-2082-1}
	- gmime2.2 2.2.25-1.1 (bug #568291)
	- gmime2.4 2.4.14-1+nmu1 (bug #573877)
CVE-2010-0408 (The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp ...)
	{DSA-2035-1}
	- apache2 2.2.15-1 (low)
	[lenny] - apache2 <no-dsa> (minor issue)
	NOTE: Will be fixed in s-p-u
CVE-2010-0407 (Multiple buffer overflows in the MSGFunctionDemarshall function in ...)
	{DSA-2059-1}
	- pcsc-lite 1.5.4-1
CVE-2010-0406 (OpenTTD before 1.0.1 allows remote attackers to cause a denial of ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0405 (Integer overflow in the BZ2_decompress function in decompress.c in ...)
	{DSA-2112-1}
	- bzip2 1.0.5-6
	- clamav 0.96.3+dfsg-1
	[lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0404 (Multiple SQL injection vulnerabilities in phpGroupWare (phpgw) before ...)
	{DSA-2046-1}
	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584517)
CVE-2010-0403 (Directory traversal vulnerability in about.php in phpGroupWare (phpgw) ...)
	{DSA-2046-1}
	- phpgroupware 1:0.9.16.016+dfsg-1 (bug #584518)
CVE-2010-0402 (OpenTTD before 1.0.1 does not properly validate index values of ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0401 (OpenTTD before 1.0.1 accepts a company password for authentication in ...)
	- openttd 1.0.1-1
	[lenny] - openttd 0.6.2-1+lenny2
CVE-2010-0400 (SQL injection vulnerability in lib/user.php in mahara 1.0.4 allows ...)
	{DSA-2030-1}
	- mahara 1.2.4-1 (medium)
CVE-2010-0399
	RESERVED
CVE-2010-0398 [autokey arbitrary file overwriting via symlinks]
	RESERVED
	- autokey 0.61.3-2
CVE-2010-0397 (The xmlrpc extension in PHP 5.3.1 does not properly handle a missing ...)
	{DSA-2018-1}
	- php5 5.3.2-1 (medium; bug #573573)
CVE-2010-0396 (Directory traversal vulnerability in the dpkg-source component in dpkg ...)
	{DSA-2011-1}
	- dpkg 1.15.6
CVE-2010-0395 (OpenOffice.org 2.x and 3.0 before 3.2.1 allows user-assisted remote ...)
	{DSA-2055-1}
	- openoffice.org 1:3.2.1-1 (low)
CVE-2010-0394 (PyGIT.py in the Trac Git plugin (trac-git) before ...)
	{DSA-1990-2 DSA-1990-1}
	- trac-git 0.0.20090320-1 (high; bug #567039)
CVE-2010-0393 (The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS ...)
	{DSA-2007-1}
	- cupsys <removed>
	- cups 1.4.2-9.1
CVE-2009-4630 (Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, ...)
	- xulrunner 1.9.1-1 (low)
	[etch] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - xulrunner <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0-1 (low)
	[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	NOTE: mozilla's dns prefetching leads to disclosure of the user's network location
CVE-2009-4629 (Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other ...)
	- icedove 3.0.2-1 (unimportant)
	[etch] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - icedove <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape <removed> (unimportant)
	[etch] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
	[lenny] - iceape <not-affected> (dns prefetching implemented in xulrunner 1.9.1)
CVE-2005-4885 (Unspecified vulnerability on certain Sun StorEdge 6130 (SE6130) ...)
	NOT-FOR-US: Sun StorEdge 6130
CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server ...)
	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE ...)
	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun ...)
	NOT-FOR-US: Sun Management Center
CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling ...)
	NOT-FOR-US: VERITAS File System
CVE-2010-0392 (Stack-based buffer overflow in vpnconf.exe in TheGreenBow IPSec VPN ...)
	NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2010-0391 (Multiple stack-based buffer overflows in Embarcadero Technologies ...)
	NOT-FOR-US: InterBase SMP 2009 9.0.3.437
CVE-2010-0390 (Unrestricted file upload vulnerability in maxImageUpload/index.php in ...)
	NOT-FOR-US: PHP F1 Max's Image Uploader
CVE-2010-0389 (The admin server in Sun Java System Web Server 7.0 Update 6 allows ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0388 (Format string vulnerability in the WebDAV implementation in webservd ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0387 (Multiple heap-based buffer overflows in (1) webservd and (2) the admin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0386 (The default configuration of Sun Java System Application Server 7 and ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2010-0385 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, when ...)
	- tor 0.2.1.22-1 (low)
	[lenny] - tor <not-affected> (only affects versions > 0.2.1.6-alpha)
	NOTE: the CVE entry is wrong, only 0.2.1.6-alpha and up are affected
	NOTE: confirmed with Tor developers, Lenny is not affected
CVE-2010-0384 (Tor 0.2.2.x before 0.2.2.7-alpha, when functioning as a directory ...)
	- tor <not-affected> (only affects versions 0.2.2.x)
	[lenny] - tor <not-affected> (only affects versions 0.2.2.x)
	NOTE: does not appear to be a real vulnerability?
CVE-2010-0383 (Tor before 0.2.1.22, and 0.2.2.x before 0.2.2.7-alpha, uses deprecated ...)
	- tor 0.2.1.22-1 (medium)
	[lenny] - tor 0.2.0.35-1~lenny2 (medium)
CVE-2010-0382 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1
CVE-2010-0381 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
	NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0380 (install.php in JCE-Tech PHP Calendars, downloaded 20100121, allows ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2008-7253 (The default configuration of the web server in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino Server
CVE-2005-4884 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle Database Server
CVE-2010-XXXX [gmetad incorrect file permissions]
	- ganglia 3.1.2-3 (low; bug #567175)
CVE-2010-0442 (The bitsubstr function in backend/utils/adt/varbit.c in PostgreSQL ...)
	{DSA-2051-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 <removed> (low; bug #567058)
	- postgresql-8.4 8.4.3-1
CVE-2010-2444 (parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before ...)
	- maradns 1.4.03-1 (low; bug #584587)
	[lenny] - maradns <no-dsa> (minor issue)
	[etch] - maradns <not-affected> (vulnerable code introduced in 1.3.03)
CVE-2010-XXXX [sqlite: info leak]
	- sqlite3 3.6.21-1 (low; bug #566326)
	[lenny] - sqlite3 <no-dsa> (Minor information leak)
CVE-2010-XXXX [backup-manager: make sure password is not written to world-readable files]
	- backup-manager 0.7.9-1 (low)
	[lenny] - backup-manager 0.7.7-2
	NOTE: http://lists.debian.org/debian-release/2010/01/msg00181.html
	NOTE: checked in 0.7.9-1, but may have been fixed sooner
CVE-2010-XXXX [sudosh3: many security weaknesses]
	- sudosh3 <removed> (high; bug #566142)
CVE-2010-0379 (Multiple unspecified vulnerabilities in the Macromedia Flash ActiveX ...)
	NOT-FOR-US: Macromedia Flash ActiveX
CVE-2010-0378 (Use-after-free vulnerability in Adobe Flash Player 6.0.79, as ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2010-0377 (SQL injection vulnerability in modules/arcade/index.php in PHP MySpace ...)
	NOT-FOR-US: PHP MySpace Gold Edition
CVE-2010-0376 (Cross-site scripting (XSS) vulnerability in product_list.php in ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0375 (SQL injection vulnerability in product_list.php in JCE-Tech PHP ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2010-0374 (Cross-site scripting (XSS) vulnerability in the Marketplace ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0373 (SQL injection vulnerability in the libros (com_libros) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0372 (SQL injection vulnerability in the Articlemanager (com_articlemanager) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0371 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Hitmaaan Gallery
CVE-2010-0370 (Cross-site scripting (XSS) vulnerability in the Node Blocks module ...)
	NOT-FOR-US: Node Blocks module for Drupal
CVE-2010-0369
	RESERVED
CVE-2010-0368
	RESERVED
CVE-2010-0367 (Multiple PHP remote file inclusion vulnerabilities in BitScripts Bits ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0366 (Multiple unrestricted file upload vulnerabilities in (1) register.php ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0365 (Cross-site scripting (XSS) vulnerability in search.php in BitScripts ...)
	NOT-FOR-US: BitScripts Bits Video Script
CVE-2010-0364 (Stack-based buffer overflow in VideoLAN VLC Media Player 0.8.6 allows ...)
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	NOTE: subset of CVE-2007-6681
CVE-2010-0363 (Cross-site scripting (XSS) vulnerability in Zeus Web Server before ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0362 (Zeus Web Server before 4.3r5 does not use random transaction IDs for ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0361 (Stack-based buffer overflow in the WebDAV implementation in webservd ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0360 (Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0359 (Buffer overflow in the SSLv2 support in Zeus Web Server before 4.3r5 ...)
	NOT-FOR-US: Zeus Web Server
CVE-2010-0358 (Heap-based buffer overflow in the server in IBM Lotus Domino 7 and 8.5 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2010-0357 (Cross-site scripting (XSS) vulnerability in the Login page in IBM ...)
	NOT-FOR-US: IBM Lotus Web Content Management
CVE-2010-0356 (Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ...)
	NOT-FOR-US: ActiveX
CVE-2010-0355
	RESERVED
CVE-2010-0354
	RESERVED
CVE-2010-0353
	RESERVED
CVE-2010-0352
	RESERVED
CVE-2010-0351
	RESERVED
CVE-2009-4628 (SQL injection vulnerability in the TemplatePlaza.com TPDugg ...)
	NOT-FOR-US: Joomla
CVE-2009-4627 (Directory traversal vulnerability in sources/_template_parser.php in ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-4626 (Directory traversal vulnerability in menu.php in phpNagios 1.2.0 ...)
	NOT-FOR-US: phpNagios
CVE-2009-4625 (SQL injection vulnerability in the updateOnePage function in ...)
	NOT-FOR-US: Joomla
CVE-2009-4624 (SQL injection vulnerability in download.php in Nicecoder iDesk allows ...)
	NOT-FOR-US: Nicecoder iDesk
CVE-2009-4623 (Multiple PHP remote file inclusion vulnerabilities in Advanced Comment ...)
	NOT-FOR-US: Advanced Comment System
CVE-2009-4622 (PHP remote file inclusion vulnerability in admin/admin_news_bot.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2009-4621 (SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier ...)
	NOT-FOR-US: Discuz
CVE-2009-4620 (SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 ...)
	NOT-FOR-US: Joomla
CVE-2009-4619 (SQL injection vulnerability in the Lucy Games (com_lucygames) ...)
	NOT-FOR-US: Joomla
CVE-2009-4618 (Multiple SQL injection vulnerabilities in Tourism Script Bus Script ...)
	NOT-FOR-US: Tourism Script Bus Script
CVE-2009-4617 (Multiple SQL injection vulnerabilities in Tourism Script Accommodation ...)
	NOT-FOR-US: Tourism Script Accommodation Hotel Booking Portal Script
CVE-2009-4616 (Cross-site scripting (XSS) vulnerability in search.php in MYRE Holiday ...)
	NOT-FOR-US: MYRE Holiday Rental Manager
CVE-2009-4615 (SQL injection vulnerability in review.php in MYRE Holiday Rental ...)
	NOT-FOR-US: MYRE Holiday Rental Manager
CVE-2009-4614 (Multiple PHP remote file inclusion vulnerabilities in Moa Gallery ...)
	NOT-FOR-US: Moa Gallery
CVE-2010-1104 (Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, ...)
	- zope3 <removed> (low)
	[lenny] - zope3 <no-dsa> (Minor issue)
	- zope2.11 <removed>
	- zope2.10 <removed> (low)
	[lenny] - zope2.10 <no-dsa> (Minor issue)
	- zope2.9 <removed>
	NOTE: https://mail.zope.org/pipermail/zope-announce/2010-January/002229.html
CVE-2010-0350 (Directory traversal vulnerability in the Photo Book (goof_fotoboek) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0349 (Cross-site scripting (XSS) vulnerability in C3 Corp. WebCalenderC3 ...)
	NOT-FOR-US: WebCalenderC3
CVE-2010-0348 (Directory traversal vulnerability in C3 Corp. WebCalenderC3 0.32 and ...)
	NOT-FOR-US: WebCalenderC3
CVE-2010-0347 (Cross-site scripting (XSS) vulnerability in the VD / Geomap ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0346 (Cross-site scripting (XSS) vulnerability in the Tip many friends ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0345 (Cross-site scripting (XSS) vulnerability in the Majordomo extension ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0344 (SQL injection vulnerability in the zak_store_management extension ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0343 (SQL injection vulnerability in the Clan Users List (pb_clanlist) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0342 (SQL injection vulnerability in the Reports for Job (job_reports) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0341 (SQL injection vulnerability in the BB Simple Jobs (bb_simplejobs) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0340 (SQL injection vulnerability in the MJS Event Pro (mjseventpro) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0339 (SQL injection vulnerability in the User Links (vm19_userlinks) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0338 (SQL injection vulnerability in the TT_Products editor (ttpedit) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0337 (SQL injection vulnerability in the tt_news Mail alert ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0336 (Unspecified vulnerability in the kiddog_mysqldumper ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0335 (Cross-site scripting (XSS) vulnerability in the Vote rank for news ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0334 (SQL injection vulnerability in the Vote rank for news ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0333 (SQL injection vulnerability in the Helpdesk (mg_help) extension 1.1.6 ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0332 (SQL injection vulnerability in the TV21 Talkshow (tv21_talkshow) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0331 (Cross-site scripting (XSS) vulnerability in the TV21 Talkshow ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0330 (SQL injection vulnerability in the Googlemaps for tt_news ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0329 (SQL injection vulnerability in the powermail extension 1.5.1 and ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0328 (Cross-site scripting (XSS) vulnerability in the Unit Converter ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0327 (Cross-site scripting (XSS) vulnerability in the KJ: Imagelightbox ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0326 (Cross-site scripting (XSS) vulnerability in the Developer log (devlog) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0325 (Unspecified vulnerability in the SB Folderdownload (sb_folderdownload) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0324 (SQL injection vulnerability in the Customer Reference List (ref_list) ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0323 (Unspecified vulnerability in the Photo Book (goof_fotoboek) extension ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0322 (SQL injection vulnerability in the init function in MK-AnydropdownMenu ...)
	NOT-FOR-US: TYPO3 third party extensions
CVE-2010-0321 (Cross-site scripting (XSS) vulnerability in jobs/index.php in Jamit ...)
	NOT-FOR-US: Jamit Job Board 3.0
CVE-2010-0320 (Cross-site scripting (XSS) vulnerability in submitlink.php in Glitter ...)
	NOT-FOR-US: Glitter Central Script
CVE-2010-0319 (Cross-site scripting (XSS) vulnerability in index.php in Docmint 1.0 ...)
	NOT-FOR-US: Docmint
CVE-2010-0318 (The replay functionality for ZFS Intent Log (ZIL) in FreeBSD 7.1, 7.2, ...)
	- kfreebsd-6 <not-affected> (vulnerable code introduced in freebsd 7)
	- kfreebsd-7 7.2-10 (medium; bug #566684)
	[lenny] - kfreebsd-7 <no-dsa> (kfreebsd not support in Lenny)
	- kfreebsd-8 8.0-2 (medium)
CVE-2010-0317 (Novell Netware 6.5 SP8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Novell Netware
CVE-2010-0316 (Integer overflow in Google SketchUp before 7.1 M2 allows remote ...)
	NOT-FOR-US: Google SketchUp
CVE-2010-0315 (WebKit before r53607, as used in Google Chrome before 4.0.249.89, ...)
	- chromium-browser 5.0.375.29~r46008-1
	- webkit 1.1.21-1 (low)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
CVE-2010-0314 (Apple Safari allows remote attackers to discover a redirect's target ...)
	- webkit 1.1.90-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2010-0313 (The core_get_proxyauth_dn function in ns-slapd in Sun Java System ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2010-0312 (The do_extendedOp function in ibmslapd in IBM Tivoli Directory Server ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2010-0311 (Unspecified vulnerability in Sun Java System Identity Manager (aka ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2010-0310 (Trusted Extensions in Sun Solaris 10 allows local users to gain ...)
	NOT-FOR-US: Trusted Extensions in Sun Solaris 10
CVE-2009-4613 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2010-XXXX [zend framework multiple issues]
	- zendframework 1.9.7-1
	NOTE: http://framework.zend.com/security/advisory/ZF2010-01 - ZF2010-06
CVE-2010-XXXX [ZF2010-07]
	- zendframework 1.10.3-1
	NOTE: http://framework.zend.com/security/advisory/ZF2010-07
CVE-2009-4612 (Multiple cross-site scripting (XSS) vulnerabilities in the WebApp JSP ...)
	- jetty 6.1.22-1 (bug #575789)
CVE-2009-4611 (Mort Bay Jetty 6.x and 7.0.0 writes backtrace data without sanitizing ...)
	- jetty 6.1.22-1
CVE-2009-4610 (Multiple cross-site scripting (XSS) vulnerabilities in Mort Bay Jetty ...)
	- jetty <not-affected> (low; bug #575790)
	NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2009-4609 (The Dump Servlet in Mort Bay Jetty 6.x and 7.0.0 allows remote ...)
	- jetty <not-affected> (low; bug #575791)
	NOTE: the exploitable servlet is not shipped in Debian packages
CVE-2010-0309 (The pit_ioport_read function in the Programmable Interval Timer (PIT) ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
	NOTE: http://git.kernel.org/?p=linux/kernel/git/avi/kvm.git;a=commitdiff;h=336f40a728b9a4a5db5e1df5c89852c79ff95604
CVE-2010-0308 (lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through ...)
	{DSA-1991-1}
	- squid 2.7.STABLE8-1
	- squid3 3.1.0.16-1 (bug #575747)
CVE-2010-0307 (The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel ...)
	{DSA-1996-1}
	- linux-2.6 2.6.32-8
	- linux-2.6.24 <removed>
CVE-2010-0306 (The x86 emulator in KVM 83, when a guest is configured for Symmetric ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
CVE-2010-0305 (ejabberd_c2s.erl in ejabberd before 2.1.3 allows remote attackers to ...)
	{DSA-2033-1}
	- ejabberd 2.1.2-2 (medium; bug #568383)
	NOTE: https://support.process-one.net/browse/EJAB-1173
CVE-2010-0304 (Multiple buffer overflows in the LWRES dissector in Wireshark 0.9.15 ...)
	{DSA-1983-1}
	- wireshark 1.2.6-1
CVE-2010-0303 (mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 ...)
	{DSA-1982-1}
	- hybserv 1.9.2-4.1 (low; bug #550389)
CVE-2010-0302 (Use-after-free vulnerability in the abstract file-descriptor handling ...)
	- cups 1.4.2-10 (bug #572940)
	[lenny] - cups 1.3.8-1+lenny9
	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
	NOTE: This is for an incomplete fix for CVE-2009-3553
CVE-2010-0301 (main.C in maildrop 2.3.0 and earlier, when run by root with the -d ...)
	{DSA-1981-1}
	- maildrop 2.2.0-3.1 (low; bug #564601)
CVE-2010-0300 (cache.c in ircd-ratbox before 2.2.9 allows remote attackers to cause a ...)
	{DSA-1980-1}
	- ircd-ratbox 3.0.6.dfsg-1 (low; bug #567191)
	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (low)
CVE-2010-0299 (openSUSE 11.2 installs the devtmpfs root directory with insecure ...)
	- linux-2.6 2.6.32-6
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2010-0298 (The x86 emulator in KVM 83 does not use the Current Privilege Level ...)
	{DSA-2010-1 DSA-1996-1}
	- linux-2.6 2.6.32-8
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed>
CVE-2010-0297 (Buffer overflow in the usb_host_handle_control function in the USB ...)
	- qemu-kvm 0.11.1+dfsg-1
	- kvm <removed> (low)
	[lenny] - kvm <no-dsa> (minor issue)
CVE-2010-0296 (The encode_name macro in misc/mntent_r.c in the GNU C Library (aka ...)
	{DSA-2058-1}
	- glibc 2.11-1 (bug #583908)
	- eglibc 2.11-1
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ab00f4eac8f4932211259ff87be83144f5211540
CVE-2010-0295 (lighttpd before 1.4.26, and 1.5.x, allocates a buffer for each read ...)
	{DSA-1987-1}
	- lighttpd 1.4.26-1 (medium)
CVE-2010-0294 (chronyd in Chrony before 1.23.1, and possibly 1.24-pre1, generates a ...)
	{DSA-1992-1}
	- chrony 1.23-7 (low)
CVE-2010-0293 (The client logging functionality in chronyd in Chrony before 1.23.1 ...)
	{DSA-1992-1}
	- chrony 1.23-7 (low)
CVE-2010-0292 (The read_from_cmd_socket function in cmdmon.c in chronyd in Chrony ...)
	{DSA-1992-1}
	- chrony 1.23-7 (medium)
CVE-2010-0291 (The Linux kernel before 2.6.32.4 allows local users to gain privileges ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
CVE-2010-0290 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1 (medium)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=554851#c7
CVE-2010-0289 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (low)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://secunia.com/advisories/38205/
CVE-2010-0288 (A typo in the administrator permission check in the ACL Manager plugin ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (medium; bug #565406)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://bugs.splitbrain.org/index.php?do=details&task_id=1847
	NOTE: issue being exploited
CVE-2010-0287 (Directory traversal vulnerability in the ACL Manager plugin ...)
	{DSA-1976-1}
	- dokuwiki 0.0.20090214b-3.1 (low)
	[etch] - dokuwiki <not-affected> (Vulnerable code not present)
	NOTE: http://secunia.com/advisories/38205/
CVE-2010-0286 (Unspecified vulnerability in the OpenID Identity Authentication ...)
	- typo3-src 4.3.1-1 (bug #567163)
	[lenny] - typo3-src <not-affected> (Only affects 4.3.x)
	NOTE: http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-001/
CVE-2010-0285 (gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the ...)
	- gnome-screensaver 2.28.3-1 (low)
	[lenny] - gnome-screensaver <no-dsa> (Minor issue)
	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=2f597ea9f1f363277fd4dfc109fa41bbc6225aca
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=593616
CVE-2010-0284 (Directory traversal vulnerability in the getEntry method in the ...)
	NOT-FOR-US: Novell Access Manager
CVE-2010-0283 (The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 ...)
	- krb5 1.8+dfsg~alpha1-7
	[lenny] - krb5 <not-affected> (Only affects krb5 >= 1.7)
CVE-2010-0282
	RESERVED
CVE-2010-0281
	RESERVED
CVE-2010-0280 (Array index error in Jan Eric Kyprianidis lib3ds 1.x, as used in ...)
	- lib3ds 1.3.0-5 (low; bug #575741)
	[lenny] - lib3ds <no-dsa> (Minor issue)
	[etch] - lib3ds <no-dsa> (Minor issue)
	- openscenegraph 2.8.0-1
	[lenny] - openscenegraph 2.4.0-1.1+lenny1
	NOTE: openscenegraph embeds acopy of lib3ds
	NOTE: http://www.coresecurity.com/content/google-sketchup-vulnerability
	NOTE: issue was published saying it affects google sketchup,
	NOTE: but the vulnerable code is in lib3ds
	NOTE: http://code.google.com/p/lib3ds/issues/detail?id=9
CVE-2010-0279 (Unrestricted file upload vulnerability in upload.php in BTS-GI Read ...)
	NOT-FOR-US: BTS-GI Read excel
CVE-2010-0278 (A certain ActiveX control in msgsc.14.0.8089.726.dll in Microsoft ...)
	NOT-FOR-US: ActiveX
CVE-2009-4608 (Cross-site scripting (XSS) vulnerability in Canon IT Solutions Inc. ...)
	NOT-FOR-US: ACCESSGUARDIAN
CVE-2009-4607 (The command line interface in Overland Storage Snap Server 410 with ...)
	NOT-FOR-US: Overland Storage Snap Server
CVE-2009-4606 (South River Technologies WebDrive 9.02 build 2232 installs the ...)
	NOT-FOR-US: South River Technologies WebDrive
CVE-2009-4604 (PHP remote file inclusion vulnerability in mamboleto.php in the ...)
	NOT-FOR-US: Joomla
CVE-2009-4603 (Unspecified vulnerability in sapstartsrv.exe in the SAP Kernel 6.40, ...)
	NOT-FOR-US: SAP Kernel
CVE-2009-4602 (Cross-site scripting (XSS) vulnerability in the Randomizer module 5.x ...)
	NOT-FOR-US: Randomizer module for Drupal
CVE-2009-4601 (Cross-site scripting (XSS) vulnerability in basic_search_result.php in ...)
	NOT-FOR-US: ZeeJobsite
CVE-2009-4600 (SQL injection vulnerability in realestate20/loginaction.php in NetArt ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2009-4599 (Multiple SQL injection vulnerabilities in the JS Jobs (com_jsjobs) ...)
	NOT-FOR-US: Joomla
CVE-2009-4598 (SQL injection vulnerability in the JPhoto (com_jphoto) component 1.0 ...)
	NOT-FOR-US: Joomla
CVE-2009-4597 (Multiple SQL injection vulnerabilities in index.php in PHP Inventory ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4596 (Cross-site scripting (XSS) vulnerability in index.php in PHP Inventory ...)
	NOT-FOR-US: PHP Inventory
CVE-2009-4595 (SQL injection vulnerability in index.php in PHP Inventory 1.2 allows ...)
	NOT-FOR-US: PHP Inventory
CVE-2010-0277 (slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, ...)
	{DSA-2038-1}
	- pidgin 2.6.6-1 (low; bug #566775)
	- gaim <removed> (low)
	[lenny] - gaim <not-affected> (gaim is a transitional dummy package only)
	- qutecom 2.2~rc3.hg396~dfsg1-6 (low; bug #572946)
CVE-2010-0276 (IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.241 for ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0275 (Ultra-light Mode in IBM Lotus iNotes (aka Domino Web Access or DWA) ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0274 (Unspecified vulnerability in the Edit Contact scene in Ultra-light ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2010-0273 (Unspecified vulnerability in Sun Java System Web Server 7.0 Update 6 ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0272 (Heap-based buffer overflow in Sun Java System Web Server 7.0 Update 6 ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2010-0271 (hald in Sun OpenSolaris snv_51 through snv_130 does not have the ...)
	NOT-FOR-US: hald in Sun OpenSolaris
CVE-2010-0270 (The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0269 (The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0268 (Unspecified vulnerability in the Windows Media Player ActiveX control ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0267 (Microsoft Internet Explorer 6, 6 SP1, and 7 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0266 (Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0265 (Buffer overflow in Microsoft Windows Movie Maker 2.1, 2.6, and 6.0, ...)
	NOT-FOR-US: Microsoft Windows Movie Maker
CVE-2010-0264 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0263 (Microsoft Office Excel 2007 SP1 and SP2; Office 2008 for Mac; Open XML ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0262 (Microsoft Office Excel 2007 SP1 and SP2 and Office 2004 for Mac do not ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0261 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2 ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0260 (Heap-based buffer overflow in Microsoft Office Excel 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0259
	REJECTED
CVE-2010-0258 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0257 (Microsoft Office Excel 2002 SP3 does not properly parse the Excel file ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0256 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0255 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0254 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 and SP2 does ...)
	NOT-FOR-US: Microsoft Office
CVE-2010-0253
	REJECTED
CVE-2010-0252 (The Microsoft Data Analyzer ActiveX control (aka the Office Excel ...)
	NOT-FOR-US: Microsoft Data Analyzer ActiveX control
CVE-2010-0251
	REJECTED
CVE-2010-0250 (Heap-based buffer overflow in DirectShow in Microsoft DirectX, as used ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2010-0249 (Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2010-0248 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0247 (Microsoft Internet Explorer 5.01 SP4, 6, and 6 SP1 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0246 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0245 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0244 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0243 (Buffer overflow in MSO.DLL in Microsoft Office XP SP3 and Office 2004 ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2010-0242 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0241 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0240 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0239 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0238 (Unspecified vulnerability in registry-key validation in the kernel in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0237 (The kernel in Microsoft Windows 2000 SP4 and XP SP2 and SP3 allows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0236 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0235 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0234 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0233 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0232 (The kernel in Microsoft Windows NT 3.1 through Windows 7, including ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0231 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0230 (SUSE Linux Enterprise 10 SP3 (SLE10-SP3) and openSUSE 11.2 configures ...)
	- postfix <not-affected> (SUSE-specific packaging issue)
CVE-2010-0229 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0228 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0227 (Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash ...)
	NOT-FOR-US: Verbatim Corporate Secure
CVE-2010-0226 (SanDisk Cruzer Enterprise USB flash drives do not prevent password ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0225 (SanDisk Cruzer Enterprise USB flash drives use a fixed 256-bit key for ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0224 (SanDisk Cruzer Enterprise USB flash drives validate passwords with a ...)
	NOT-FOR-US: SanDisk Cruzer Enterprise USB flash drives
CVE-2010-0223 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0222 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0221 (Kingston DataTraveler BlackBox (DTBB), DataTraveler Secure Privacy ...)
	NOT-FOR-US: Kingston USB flash drives
CVE-2010-0220 (The nsObserverList::FillObserverArray function in ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: browser DoS not treated as security issue
CVE-2009-4605 (scripts/setup.php (aka the setup script) in phpMyAdmin 2.11.x before ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.2.4-1
	NOTE: vulnerable code does not in the 3.x series (sid and squeeze checked)
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=13149
	NOTE: there is still at least one unserialize() call on _POST data
CVE-2009-4594 (Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2009-4593 (The bftpdutmp_log function in bftpdutmp.c in Bftpd before 2.4 does not ...)
	NOT-FOR-US: Bftpd
CVE-2009-4592 (Unspecified vulnerability in base_local_rules.php in Basic Analysis ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2009-4591 (SQL injection vulnerability in Basic Analysis and Security Engine ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2009-4590 (Cross-site scripting (XSS) vulnerability in base_local_rules.php in ...)
	- acidbase 1.4.4-1
	[lenny] - acidbase <no-dsa> (Minor issue)
	[etch] - acidbase <no-dsa> (Minor issue)
	NOTE: 1.4.5 fixed more XSS issues in this file
CVE-2009-4588 (Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control ...)
	NOT-FOR-US: AwingSoft Awakening
CVE-2009-4587 (Cherokee Web Server 0.5.4 allows remote attackers to cause a denial of ...)
	- cherokee <not-affected> (Only affects Windows and DOS)
	NOTE: this only works on windows and dos as you are not allowed
	NOTE: to use a file name with AUX and any or no extension as this is a
	NOTE: reserved device name. cherokee was lacking error handling...
CVE-2009-4586 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...)
	NOT-FOR-US: Wowd client
CVE-2010-0219 (Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects ...)
	NOT-FOR-US: SAP BusinessObjects Enterprise
CVE-2010-0218 (ISC BIND 9.7.2 through 9.7.2-P1 uses an incorrect ACL to restrict the ...)
	- bind9 <not-affected> (Only affects 9.7.2, which is not yet in the archive)
	NOTE: http://ftp.isc.org/isc/bind9/9.7.2-P2/RELEASE-NOTES-BIND-9.7.2-P2.html
	NOTE: ACL bypass claimed to only affect >=9.7.2: https://lists.isc.org/pipermail/bind-announce/2010-September/000655.html
CVE-2010-0217 (Zeacom Chat Server before 5.1 uses too short a random string for the ...)
	NOT-FOR-US: Zeacom Chat Server
CVE-2010-0216 (authenticate_ad_setup_finished.cfm in MediaCAST 8 and earlier allows ...)
	NOT-FOR-US: MediaCAST
CVE-2010-0215 (ActiveCollab before 2.3.2 allows remote authenticated users to bypass ...)
	NOT-FOR-US: ActiveCollab
CVE-2010-0214 (The administrative interface on the PolyVision RoomWizard with ...)
	NOT-FOR-US: PolyVision RoomWizard
CVE-2010-0213 (BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a ...)
	- bind9 9.7.1.dfsg.P2
	[lenny] - bind9 <not-affected> (vulnerability introduced in 9.7.1)
CVE-2010-0212 (OpenLDAP 2.4.22 allows remote attackers to cause a denial of service ...)
	{DSA-2077-1}
	- openldap 2.4.23-1
CVE-2010-0211 (The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not ...)
	{DSA-2077-1}
	- openldap 2.4.23-1
CVE-2010-0210
	RESERVED
CVE-2010-0209 (Adobe Flash Player before 9.0.280 and 10.x before 10.1.82.76, and ...)
	NOT-FOR-US: Adobe Flash Plugin
CVE-2010-0208
	RESERVED
CVE-2010-0207 [xpdf: XRef table parsing infinite loop]
	RESERVED
	- kdegraphics 4:4.0.0-1 (unimportant)
	- xpdf <unfixed> (unimportant)
	- poppler 0.16.3-1 (unimportant)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=28172
	NOTE: Just a crasher, not treated as a security issue
CVE-2010-0206 [xpdf: Invalid pointer dereference by processing JBIG2 PDF stream objects]
	RESERVED
	- kdegraphics 4:4.0.0-1 (unimportant)
	- xpdf <unfixed>  (unimportant)
	- poppler 0.16.3-1 (unimportant)
	[squeeze] - poppler 0.12.4-1.2+squeeze1
	NOTE: Just a crasher, not treated as a security issue
CVE-2010-0205 (The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before ...)
	{DSA-2032-1}
	- libpng 1.2.43-1 (low; bug #572308)
	NOTE: http://www.kb.cert.org/vuls/id/576029
CVE-2010-0204 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0203 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0202 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0201 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0200
	REJECTED
CVE-2010-0199 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0198 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0197 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0196 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0195 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0194 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0193 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0192 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0191 (Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0190 (Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0189 (A certain ActiveX control in NOS Microsystems getPlus Download Manager ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2010-0188 (Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2010-0187 (Adobe Flash Player before 10.0.45.2 and Adobe AIR before 1.5.3.9130 ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2010-0186 (Cross-domain vulnerability in Adobe Flash Player before 10.0.45.2, ...)
	NOT-FOR-US: Adobe Flash plugin
CVE-2010-0185 (The default configuration of Adobe ColdFusion 9.0 does not restrict ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2010-0184 (The (1) domainutility and (2) domainutilitycmd components in TIBCO ...)
	NOT-FOR-US: TIBCO Domain Utility in TIBCO Runtime Agent
CVE-2010-0183 (Use-after-free vulnerability in the nsCycleCollector::MarkRoots ...)
	{DSA-2064-1}
	- xulrunner 1.9.1.10-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.5-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0182 (The XMLDocument::load function in Mozilla Firefox before 3.5.9 and ...)
	{DSA-2075-1}
	- xulrunner 1.9.1.9-1 (low)
	[lenny] - xulrunner <no-dsa> (Minor issue, no upstream fix for 3.0 series)
	- iceape 2.0.4-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- icedove 3.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - icedove <end-of-life>
CVE-2010-0181 (Mozilla Firefox before 3.5.9 and 3.6.x before 3.6.2, and SeaMonkey ...)
	- xulrunner 1.9.1.9-1 (unimportant)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0180 (Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when ...)
	- bugzilla <not-affected> (Only affects 3.5 to 3.7)
CVE-2010-0179 (Mozilla Firefox before 3.0.19 and 3.5.x before 3.5.8, and SeaMonkey ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0178 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0177 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0176 (Mozilla Firefox before 3.0.19, 3.5.x before 3.5.9, and 3.6.x before ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0175 (Use-after-free vulnerability in the nsTreeSelection implementation in ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0174 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2027-1}
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
CVE-2010-0173 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner 1.9.1.9-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.4-1
	- icedove 3.0.4-1
	[lenny] - icedove <end-of-life>
	[lenny] - iceape <not-affected> (Only a stub package)
	[lenny] - xulrunner <not-affected> (Only affects Firefox >= 3.5)
CVE-2010-0172 (toolkit/components/passwordmgr/src/nsLoginManagerPrompter.js in the ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0171 (Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0170 (Mozilla Firefox 3.6 before 3.6.2 does not offer plugins the expected ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0169 (The CSSLoaderImpl::DoSheetComplete function in ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceape 2.0.3-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0168 (The nsDocument::MaybePreLoadImage function in ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0167 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0166 (The gfxTextRun::SanitizeGlyphRuns function in ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0165 (The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0164 (Use-after-free vulnerability in the ...)
	- xulrunner <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceape <not-affected> (vulnerable code introduced in firefox 3.6)
	- iceweasel <not-affected> (vulnerable code introduced in firefox 3.6)
CVE-2010-0163 (Mozilla Thunderbird before 2.0.0.24 and SeaMonkey before 1.1.19 ...)
	{DSA-2025-1}
	- icedove 3.0.4-1 (medium)
CVE-2010-0162 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[etch] - xulrunner <end-of-life>
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2010-0161 (The nsAuthSSPI::Unwrap function in extensions/auth/nsAuthSSPI.cpp in ...)
	- xulrunner <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
	- iceweasel <not-affected> (Windows-specific)
CVE-2010-0160 (The Web Worker functionality in Mozilla Firefox 3.0.x before 3.0.18 ...)
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
	[lenny] - xulrunner <not-affected> (web workers introduced in gecko 1.9.1)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[etch] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
	[lenny] - iceape <not-affected> (web workers introduced in gecko 1.9.1)
CVE-2010-0159 (The browser engine in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
	[lenny] - icedove <end-of-life>
CVE-2010-0158 (** DISPUTED ** ...)
	NOT-FOR-US: JoomlaBamboo (JB) Simpla Admin template
CVE-2010-0157 (Directory traversal vulnerability in the Bible Study (com_biblestudy) ...)
	NOT-FOR-US: component for Joomla!
CVE-2010-0156 (Puppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local ...)
	- puppet 0.25.4-2
	[lenny] - puppet <no-dsa> (Minor issue)
CVE-2010-0155 (CRLF injection vulnerability in load.php in the Local Management ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0154 (Directory traversal vulnerability in sla/index.php in the Local ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0153 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0152 (Multiple cross-site scripting (XSS) vulnerabilities in the Local ...)
	NOT-FOR-US: IBM Proventia Network Mail Security System
CVE-2010-0151 (The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used ...)
	NOT-FOR-US: Cisco
CVE-2010-0150 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2010-0149 (Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2010-0148 (Unspecified vulnerability in Cisco Security Agent 5.2 before ...)
	NOT-FOR-US: Cisco Security Agent
CVE-2010-0147 (SQL injection vulnerability in the Management Center for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-0146 (Directory traversal vulnerability in the Management Center for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2010-0145 (Unspecified vulnerability in the embedded HTTPS server on the Cisco ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0144 (Unspecified vulnerability in the WebSafe DistributorServlet in the ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0143 (Unspecified vulnerability in the administrative interface in the ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2010-0142 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0141 (MeetingTime in Cisco Unified MeetingPlace 6 before MR5, and possibly ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0140 (Multiple unspecified vulnerabilities in the web server in Cisco ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0139 (Cisco Unified MeetingPlace 7 before 7.0(2.3) hotfix 5F, 6 before ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2010-0138 (Buffer overflow in Cisco CiscoWorks Internetwork Performance Monitor ...)
	NOT-FOR-US: Cisco CiscoWorks Internetwork Performance Monitor
CVE-2010-0137 (Unspecified vulnerability in the sshd_child_handler process in the SSH ...)
	NOT-FOR-US: Cisco IOS XR
CVE-2010-0136 (OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce ...)
	{DSA-1995-1}
	- openoffice.org 1:3.1.1-11
CVE-2010-0135 (Heap-based buffer overflow in the WordPerfect 5.x reader (wosr.dll), ...)
	NOT-FOR-US: WordPerfect reader on Windows
CVE-2010-0134 (Integer signedness error in rtfsr.dll in Autonomy KeyView 10.4 and ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2010-0133 (Multiple stack-based buffer overflows in the SpreadSheet Lotus 123 ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-0132 (Cross-site scripting (XSS) vulnerability in ViewVC 1.1 before 1.1.5 ...)
	- viewvc 1.1.5-1 (bug #576307)
CVE-2010-0131 (Stack-based buffer overflow in the SpreadSheet Lotus 123 reader ...)
	NOT-FOR-US: SpreadSheet Lotus 123 reader
CVE-2010-0130 (Integer overflow in Adobe Shockwave Player before 11.5.7.609 might ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0129 (Multiple integer overflows in Adobe Shockwave Player before 11.5.7.609 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0128 (Integer signedness error in dirapi.dll in Adobe Shockwave Player ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0127 (Adobe Shockwave Player before 11.5.7.609 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2010-0126 (Heap-based buffer overflow in an unspecified library in Autonomy ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2010-0125 (RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0124 (Employee Timeclock Software 0.99 places the database password on the ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0123 (The database backup implementation in Employee Timeclock Software 0.99 ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0122 (Multiple SQL injection vulnerabilities in Employee Timeclock Software ...)
	NOT-FOR-US: Employee Timeclock Software
CVE-2010-0121 (The cook codec in RealNetworks RealPlayer 11.0 through 11.1, ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0120 (Heap-based buffer overflow in RealNetworks RealPlayer 11.0 through ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0119 (Bournal before 1.4.1 on FreeBSD 8.0, when the -K option is used, ...)
	NOT-FOR-US: Bournal
CVE-2010-0118 (Bournal before 1.4.1 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Bournal
CVE-2010-0117 (RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2010-0116 (Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4585 (UranyumSoft Listing Service stores sensitive information under the web ...)
	NOT-FOR-US: UranyumSoft Listing Service
CVE-2009-4584 (admin.php in dB Masters Multimedia Links Directory 3.1.3 allows remote ...)
	NOT-FOR-US: dB Masters Multimedia Links Directory
CVE-2009-4583 (SQL injection vulnerability in the DhForum (com_dhforum) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4582 (SQL injection vulnerability in detail.php in the Dictionary module for ...)
	NOT-FOR-US: XOOPS module
CVE-2009-4581 (Directory traversal vulnerability in modules/admincp.php in ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2009-4580 (Multiple cross-site scripting (XSS) vulnerabilities in Hasta Blog 2.3 ...)
	NOT-FOR-US: Hasta Blog
CVE-2009-4579 (Cross-site scripting (XSS) vulnerability in the Artist avenue ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4578 (Cross-site scripting (XSS) vulnerability in the Facileforms ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4577 (SQL injection vulnerability in the MDForum module 2.x through 2.07 for ...)
	NOT-FOR-US: MDForum module for MAXdev MDPro
CVE-2009-4576 (SQL injection vulnerability in the BeeHeard (com_beeheard) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4575 (Cross-site scripting (XSS) vulnerability in the Q-Personel ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4574 (SQL injection vulnerability in country_escorts.php in I-Escorts ...)
	NOT-FOR-US: I-Escorts Directory Script
CVE-2009-4573 (Multiple cross-site scripting (XSS) vulnerabilities in the Joomulus ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4572 (Cross-site request forgery (CSRF) vulnerability in PhpShop 0.8.1 ...)
	NOT-FOR-US: PhpShop
CVE-2009-4571 (Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 ...)
	NOT-FOR-US: PhpShop
CVE-2009-4570 (Cross-site scripting (XSS) vulnerability in PhpShop 0.8.1 allows ...)
	NOT-FOR-US: PhpShop
CVE-2009-4569 (SQL injection vulnerability in elkagroup Image Gallery allows remote ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2009-4568 (Cross-site scripting (XSS) vulnerability in Webmin before 1.500 and ...)
	NOT-FOR-US: Webmin
CVE-2009-4567 (Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php ...)
	NOT-FOR-US: Viscacha
CVE-2009-4566 (SQL injection vulnerability in index.php in Zenphoto 1.2.5 allows ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4564 (SQL injection vulnerability in index.php in Zenphoto 1.2.5, when the ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4563 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4562 (Cross-site scripting (XSS) vulnerability in zp-core/admin.php in ...)
	NOT-FOR-US: Zenphoto
CVE-2009-4561 (Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague ...)
	NOT-FOR-US: WebLeague
CVE-2009-4560 (SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows ...)
	NOT-FOR-US: WebLeague
CVE-2009-4559 (Cross-site scripting (XSS) vulnerability in the Submitted By module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4558 (The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4557 (Cross-site scripting (XSS) vulnerability in the Image Assist module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4556 (Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security ...)
	NOT-FOR-US: Quick Heal products
CVE-2009-4555 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: AgoraCart
CVE-2009-4554 (Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2009-4553 (Stack-based buffer overflow in iRehearse allows remote attackers to ...)
	NOT-FOR-US: iRehearse
CVE-2009-4552 (Cross-site scripting (XSS) vulnerability in the Survey Pro module for ...)
	NOT-FOR-US: module for Miniweb
CVE-2009-4551 (SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 ...)
	NOT-FOR-US: module for Miniweb
CVE-2009-4550 (SQL injection vulnerability in the Kunena Forum (com_kunena) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4549 (Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote ...)
	NOT-FOR-US: A2 Media Player Pro
CVE-2009-4548 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk ...)
	NOT-FOR-US: ViArt Helpdesk
CVE-2009-4547 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x ...)
	NOT-FOR-US: ViArt CMS
CVE-2009-4546 (globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4545 (Logoshows BBS 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: Logoshows BBS
CVE-2009-4544 (Cross-site scripting (XSS) vulnerability in kbase/kbase.php in ...)
	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
CVE-2009-4543 (PHP remote file inclusion vulnerability in index.php in Cromosoft ...)
	NOT-FOR-US: Cromosoft Technologies Facil Helpdesk
CVE-2009-4542 (Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2009-4541 (Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2009-4540 (SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows ...)
	NOT-FOR-US: Mini CMS
CVE-2009-4539 (Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager ...)
	NOT-FOR-US: SQLiteManager
CVE-2010-0115 (SQL injection vulnerability in login.php in the GUI management console ...)
	NOT-FOR-US: Symantec Web Gateway
CVE-2010-0114 (fw_charts.php in the reporting module in the Manager (aka SEPM) ...)
	NOT-FOR-US: Symantec Endpoint Protection
CVE-2010-0113 (The Symantec Norton Mobile Security application 1.0 Beta for Android ...)
	NOT-FOR-US: Symantec Norton Mobile Security application 1.0
CVE-2010-0112 (Multiple SQL injection vulnerabilities in the Administrative Interface ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2010-0111 (HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2010-0110 (Multiple stack-based buffer overflows in Intel Alert Management System ...)
	NOT-FOR-US: Symantec Intel Alert Handler
CVE-2010-0109 (DBManager in Symantec Altiris Deployment Solution 6.9.x before DS 6.9 ...)
	NOT-FOR-US: Symantec
CVE-2010-0108 (Buffer overflow in the cliproxy.objects.1 ActiveX control in the ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2010-0107 (Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 ...)
	NOT-FOR-US: Symantec
CVE-2010-0106 (The on-demand scanning in Symantec AntiVirus 10.0.x and 10.1.x before ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2010-0105 (The hfs implementation in Apple Mac OS X 10.5.8 and 10.6.x before ...)
	NOT-FOR-US: Apple hfs implementation
CVE-2010-0104 (Unspecified vulnerability in the Broadcom Integrated NIC Management ...)
	NOT-FOR-US: Broadcom Integrated NIC Management Firmware
CVE-2010-0103 (UsbCharger.dll in the Energizer DUO USB battery charger software ...)
	NOT-FOR-US: Energizer DUO USB Battery Charger Software
CVE-2010-0102
	RESERVED
CVE-2010-0101 (The embedded HTTP server in multiple Lexmark laser and inkjet printers ...)
	NOT-FOR-US: Lexmark printers and MarkNet devices
CVE-2010-0100
	RESERVED
CVE-2010-0099
	REJECTED
CVE-2010-0098 (ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...)
	- clamav 0.96+dfsg-1
	[lenny] - clamav <end-of-life> (No longer supported in Lenny)
CVE-2010-0097 (ISC BIND 9.0.x through 9.3.x, 9.4 before 9.4.3-P5, 9.5 before ...)
	{DSA-2054-1}
	- bind9 1:9.7.0.dfsg-1
CVE-2010-0096
	RESERVED
CVE-2009-4538 (drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6 (low; bug #564114)
	[etch] - linux-2.6 <not-affected> (does not have e1000e driver)
	- linux-2.6.24 <removed> (low)
	NOTE: just like CVE-2009-4536 but was reported later
CVE-2009-4537 (drivers/net/r8169.c in the r8169 driver in the Linux kernel 2.6.32.3 ...)
	{DSA-2053-1}
	- linux-2.6 2.6.32-11 (medium; bug #564110; bug #591581)
	- linux-2.6.24 <removed> (medium)
CVE-2009-4536 (drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-6 (low; bug #564114)
	- linux-2.6.24 <removed> (low)
CVE-2009-4535 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Mongoose
CVE-2009-4534 (Open redirect vulnerability in the FAQ Ask module 5.x and 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4533 (The Webform module 5.x before 5.x-2.8 and 6.x before 6.x-2.8, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4532 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4531 (httpdx 1.4.4 and earlier allows remote attackers to obtain the source ...)
	NOT-FOR-US: httpdx
CVE-2009-4530 (Mongoose 2.8.0 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Mongoose
CVE-2009-4529 (InterVations NaviCOPA Web Server 3.0.1.2 and earlier allows remote ...)
	NOT-FOR-US: InterVations NaviCOPA Web Server
CVE-2009-4528 (The Organic Groups (OG) Vocabulary module 6.x before 6.x-1.0 for ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4527 (The Shibboleth authentication module 5.x before 5.x-3.4 and 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4526 (The Send by e-mail sub-module in the Print (aka Printer, e-mail and ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4525 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4524 (Cross-site scripting (XSS) vulnerability in the RealName module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4523 (Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 ...)
	NOT-FOR-US: Zainu
CVE-2009-4522 (Cross-site scripting (XSS) vulnerability in search.5.html in ...)
	NOT-FOR-US: BloofoxCMS
CVE-2009-4521 (Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse ...)
	NOT-FOR-US: Eclipse Business Intelligence and Reporting Tools
CVE-2009-4520 (The CCK Comment Reference module 5.x before 5.x-1.2 and 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4519 (Multiple unspecified vulnerabilities in Ortro before 1.3.4 have ...)
	NOT-FOR-US: Ortro
CVE-2009-4518 (Cross-site scripting (XSS) vulnerability in the Insert Node module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4517 (Cross-site request forgery (CSRF) vulnerability in the FAQ Ask module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4516 (Cross-site scripting (XSS) vulnerability in the FAQ Ask module 5.x and ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4515 (The Storm module 6.x before 6.x-1.25 for Drupal does not enforce ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4514 (Cross-site scripting (XSS) vulnerability in the OpenSocial ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4513 (Multiple cross-site scripting (XSS) vulnerabilities in the Workflow ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4512 (Directory traversal vulnerability in index.php in Oscailt 3.3, when ...)
	NOT-FOR-US: Oscailt
CVE-2009-4511 (Multiple directory traversal vulnerabilities in the web administration ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4510 (The SSH service on the TANDBERG Video Communication Server (VCS) ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4509 (The administrative web console on the TANDBERG Video Communication ...)
	NOT-FOR-US: TANDBERG Video Communication Server
CVE-2009-4508
	RESERVED
CVE-2009-4507
	RESERVED
CVE-2009-4506
	RESERVED
CVE-2009-4505 (Multiple cross-site scripting (XSS) vulnerabilities in OpenCMS OAMP ...)
	NOT-FOR-US: OpenCMS
CVE-2009-4504
	RESERVED
CVE-2009-4503
	RESERVED
CVE-2009-4502 (The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4501 (The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4500 (The process_trap function in trapper/trapper.c in Zabbix Server before ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4499 (SQL injection vulnerability in the get_history_lastid function in the ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4498 (The node_process_command function in Zabbix Server before 1.8 allows ...)
	- zabbix 1:1.8-1 (bug #562613)
CVE-2009-4497 (Cross-site scripting (XSS) vulnerability in LXR Cross Referencer 0.9.5 ...)
	{DSA-2092-1}
	- lxr-cvs 0.9.5+cvs20071020-1.1 (low; bug #575745)
	NOTE: http://sourceforge.net/mailarchive/forum.php?thread_name=E1NS2s4-0001PE-F2@3bkjzd1.ch3.sourceforge.com&forum_name=lxr-developer
CVE-2009-4496 (Boa 0.94.14rc21 writes data to a log file without sanitizing ...)
	- boa 0.94.14rc21-4 (unimportant; bug #578035)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4495 (Yaws 1.85 writes data to a log file without sanitizing non-printable ...)
	- yaws <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4494 (AOLserver 4.5.1 writes data to a log file without sanitizing ...)
	- aolserver4 <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4493 (Orion Application Server 2.0.7 writes data to a log file without ...)
	NOT-FOR-US: Orion httpd
CVE-2009-4492 (WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through ...)
	- ruby1.8 1.8.7.249-1 (unimportant; bug #564598)
	- ruby1.9 <removed> (unimportant; bug #564647)
	- ruby1.9.1 1.9.1.378-1 (unimportant; bug #564646)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
	NOTE: same as CVE-2009-4487
CVE-2009-4491 (thttpd 2.25b0 writes data to a log file without sanitizing ...)
	- thttpd <removed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4490 (mini_httpd 1.19 writes data to a log file without sanitizing ...)
	- mini-httpd <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4489 (header.c in Cherokee before 0.99.32 writes data to a log file without ...)
	- cherokee 0.99.37-1 (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4488 (** DISPUTED ** Varnish 2.0.6 writes data to a log file without ...)
	- varnish <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4487 (nginx 0.7.64 writes data to a log file without sanitizing ...)
	- nginx <unfixed> (unimportant)
	NOTE: The actual issue is within the broken terminal emulators and needs to be fixed there, see CVE-2009-4487
CVE-2009-4486 (Stack-based buffer overflow in the eDirectory plugin in Novell ...)
	NOT-FOR-US: iManager
CVE-2009-4485
	REJECTED
CVE-2009-4484 (Multiple stack-based buffer overflows in the CertDecoder::GetName ...)
	{DSA-1997-1}
	- mysql-dfsg-5.0 <removed> (medium)
	- mysql-5.1 5.1.41-4 (medium)
	- cyassl <not-affected> (Fixed before initial upload to archive)
	NOTE: http://web.archive.org/web/20100129040903/http://intevydis.blogspot.com:80/2010/01/mysq-yassl-stack-overflow.html
	NOTE: http://bazaar.launchpad.net/~mysql/mysql-server/mysql-5.0/revision/2837.1.1
CVE-2009-4483 (Unspecified vulnerability in LDAP3A.exe in MailSite 8.0.4 allows ...)
	NOT-FOR-US: MailSite
CVE-2009-4482 (Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote ...)
	NOT-FOR-US: TVersity
CVE-2009-4481
	REJECTED
CVE-2009-4480 (Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might ...)
	NOT-FOR-US: AzeoTech DAQFactory
CVE-2009-4479 (LDAP3A.exe in MailSite 8.0.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MailSite
CVE-2009-4478 (Multiple cross-site scripting (XSS) vulnerabilities in Xstate Real ...)
	NOT-FOR-US: Xstate Real Estate
CVE-2009-4477 (SQL injection vulnerability in page.html in Xstate Real Estate 1.0 ...)
	NOT-FOR-US: Xstate Real Estate
CVE-2009-4476 (Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before ...)
	NOT-FOR-US: HAURI ViRobot Desktop
CVE-2009-4475 (SQL injection vulnerability in the Joomlub (com_joomlub) component for ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4474 (SQL injection vulnerability in the Mike de Boer zoom (com_zoom) ...)
	NOT-FOR-US: Mambo component
CVE-2009-4473 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2009-4472 (Multiple PHP remote file inclusion vulnerabilities in PHPope 1.0.0 and ...)
	NOT-FOR-US: PHPope
CVE-2009-4471 (Multiple PHP remote file inclusion vulnerabilities in FreeSchool 1.1.0 ...)
	NOT-FOR-US: FreeSchool
CVE-2009-4470 (SQL injection vulnerability in boardrule.php in DVBBS 2.0 allows ...)
	NOT-FOR-US: DVBBS
CVE-2009-4469 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpPowerCards
CVE-2009-4468 (Cross-site scripting (XSS) vulnerability in misc.php in DeluxeBB 1.3 ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4467 (misc.php in DeluxeBB 1.3 allows remote attackers to register accounts ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4466 (DeluxeBB 1.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4465 (DeluxeBB 1.3 stores sensitive information under the web root with ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-4464 (Cross-site scripting (XSS) vulnerability in searchadvance.asp in ...)
	NOT-FOR-US: Active Business Directory
CVE-2009-4463 (Intellicom NetBiter WebSCADA devices use default passwords for the ...)
	NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4462 (Stack-based buffer overflow in the NetBiterConfig utility ...)
	NOT-FOR-US: Intellicom NetBiter WebSCADA
CVE-2009-4461 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.909 ...)
	- flatpress <itp> (bug #466297)
CVE-2009-4460 (Multiple cross-site scripting (XSS) vulnerabilities in Auto-Surf ...)
	NOT-FOR-US: Auto-Surf Traffic Exchange Script
CVE-2009-4459 (Redmine 0.8.7 and earlier uses the title tag before defining the ...)
	- redmine 0.9.1-1 (bug #563940)
CVE-2008-7252 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11528
CVE-2008-7251 (libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a ...)
	{DSA-2034-1}
	- phpmyadmin 4:3.0.0-1
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=11536
CVE-2008-7250 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...)
	- sarg 2.2.5-1 (low)
CVE-2008-7249 (Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and ...)
	- sarg 2.2.4-1 (medium)
CVE-2009-4565 (sendmail before 8.14.4 does not properly handle a '\0' character in a ...)
	{DSA-1985-1}
	- sendmail 8.14.3-9.1 (medium; bug #564581)
	NOTE: http://www.sendmail.org/releases/8.14.4
CVE-2009-4458 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.2 ...)
	NOT-FOR-US: FreePBX
CVE-2009-4457 (Multiple unspecified vulnerabilities in the Vsftpd Webmin module ...)
	NOT-FOR-US: Webmin
CVE-2009-4456 (SQL injection vulnerability in news_detail.php in Green Desktiny ...)
	NOT-FOR-US: Green Desktiny
CVE-2009-4455 (The default configuration of Cisco ASA 5500 Series Adaptive Security ...)
	NOT-FOR-US: Cisco
CVE-2009-4454 (vccleaner in VideoCache 1.9.2 allows local users with Squid proxy user ...)
	- videocache <itp> (bug #505329)
CVE-2009-4453 (Insecure method vulnerability in SoftCab Sound Converter ActiveX ...)
	NOT-FOR-US: SoftCab Sound Converter ActiveX
CVE-2009-4452 (Kaspersky Anti-Virus 5.0 (5.0.712); Antivirus Personal 5.0.x; ...)
	NOT-FOR-US: Kaspersky Anti-Viru
CVE-2009-4451 (Unrestricted file upload vulnerability in upper.php in kandalf upper ...)
	NOT-FOR-US: kandalf upper
CVE-2009-4450 (Multiple cross-site scripting (XSS) vulnerabilities in map.php in ...)
	NOT-FOR-US: LiveZilla
CVE-2009-4449 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2009-4448 (inc/functions_time.php in MyBB (aka MyBulletinBoard) 1.4.10, and ...)
	NOT-FOR-US: MyBB
CVE-2009-4447 (Jax Guestbook 3.5.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Jax Guestbook
CVE-2009-4446 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
	NOT-FOR-US: phpInstantGallery
CVE-2009-4445 (Microsoft Internet Information Services (IIS), when used in ...)
	NOT-FOR-US: Microsoft
CVE-2009-4444 (Microsoft Internet Information Services (IIS) 5.x and 6.x uses only ...)
	NOT-FOR-US: Microsoft
CVE-2009-4443 (Unspecified vulnerability in the psearch (aka persistent search) ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4442 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4441 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4440 (Directory Proxy Server (DPS) in Sun Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-4439 (Unspecified vulnerability in the Query Compiler, Rewrite, and ...)
	NOT-FOR-US: DB2
CVE-2009-4438 (The Query Compiler, Rewrite, and Optimizer component in IBM DB2 9.1 ...)
	NOT-FOR-US: DB2
CVE-2009-4437 (Multiple SQL injection vulnerabilities in Active Auction House 3.6 ...)
	NOT-FOR-US: Active Auction House 3.6
CVE-2009-4436 (Multiple SQL injection vulnerabilities in Active Web Softwares ...)
	NOT-FOR-US: Active Web Softwares eWebquiz
CVE-2009-4435 (Multiple directory traversal vulnerabilities in F3Site 2009 allow ...)
	NOT-FOR-US: F3Site 2009
CVE-2009-4434 (Directory traversal vulnerability in index.php in IDevSpot iSupport ...)
	NOT-FOR-US: IDevSpot
CVE-2009-4433 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot
CVE-2009-4432 (SQL injection vulnerability in index.php in CodeMight VideoCMS 3.1 ...)
	NOT-FOR-US: CodeMight VideoCMS
CVE-2009-4431 (PHP remote file inclusion vulnerability in cal_popup.php in the ...)
	NOT-FOR-US: Joomla addon
CVE-2009-4430 (SQL injection vulnerability in index.php in VirtueMart 1.0 allows ...)
	NOT-FOR-US: VirtueMart
CVE-2009-4429 (Cross-site scripting (XSS) vulnerability in the Sections module 5.x ...)
	NOT-FOR-US: Drupal addon
CVE-2009-4428 (SQL injection vulnerability in the JoomPortfolio (com_joomportfolio) ...)
	NOT-FOR-US: Joomla addon
CVE-2009-4427 (Directory traversal vulnerability in cmd.php in phpLDAPadmin 1.1.0.5 ...)
	{DSA-1965-1}
	- phpldapadmin 1.1.0.7-1.1 (medium; bug #561975)
	[etch] - phpldapadmin <not-affected> (Vulnerable code not present)
CVE-2009-4426 (Multiple directory traversal vulnerabilities in Ignition 1.2, when ...)
	NOT-FOR-US: Ignition
CVE-2009-4425 (Cross-site scripting (XSS) vulnerability in index.php in iDevCart 1.09 ...)
	NOT-FOR-US: iDevCart
CVE-2009-4424 (SQL injection vulnerability in results.php in the Pyrmont plugin 2 for ...)
	NOT-FOR-US: Wordpress plugin
CVE-2009-XXXX [ampache DoS and CSRF]
	- ampache 3.5.3-1 (low)
	[lenny] - ampache <no-dsa> (minor issue)
CVE-2009-4423 (SQL injection vulnerability in index.php in weenCompany 4.0.0 allows ...)
	NOT-FOR-US: weenCompany
CVE-2009-4422 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- libphp-jpgraph <not-affected> (Vulnerable code not present)
CVE-2009-4421 (Directory traversal vulnerability in languages_cgi.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2009-4420 (Buffer overflow in the bd daemon in F5 Networks BIG-IP Application ...)
	NOT-FOR-US: F5 Networks BIG-IP Application Security Manager (ASM) and Protocol Security Manager (PSM)
CVE-2009-4419 (Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets in the ...)
	NOT-FOR-US: Intel Q35, GM45, PM45 Express, Q45, and Q43 Express chipsets
CVE-2009-4418 (The unserialize function in PHP 5.3.0 and earlier allows ...)
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script, not treated as a security issue
	NOTE: per Debian PHP security policy
CVE-2009-4417 (The shutdown function in the Zend_Log_Writer_Mail class in Zend ...)
	NOTE: the CVE talks about the Zend Framework, but the culprit
	NOTE: is actually piwik
CVE-2009-4416 (Cross-site scripting (XSS) vulnerability in login.php in phpGroupWare ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4415 (Multiple directory traversal vulnerabilities in phpGroupWare ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4414 (SQL injection vulnerability in phpgwapi /inc/class.auth_sql.inc.php in ...)
	{DSA-1978-1}
	- phpgroupware 1:0.9.16.012+dfsg-9
CVE-2009-4412 (Unrestricted file upload vulnerability in Serendipity before 1.5 ...)
	- serendipity 1.5.3-1 (low; bug #562634)
CVE-2009-4411 (The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when ...)
	- acl 2.2.49-2 (low; bug #499076)
	[etch] - acl <not-affected> (Vulnerable code not present)
	[lenny] - acl <no-dsa> (Minor issue, symlink attack not always as root)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499076#51
CVE-2009-4409 (The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP ...)
	NOT-FOR-US: Internet Initiative Japan SEIL/B1 firmware
CVE-2009-4408 (Multiple cross-site scripting (XSS) vulnerabilities in models.parser ...)
	NOT-FOR-US: PyForum
CVE-2009-4407 (Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum ...)
	NOT-FOR-US: PyForum
CVE-2009-4406 (Cross-site scripting (XSS) vulnerability in Forms/login1 in American ...)
	NOT-FOR-US: APC Switched Rack PDU AP7932 B2
CVE-2009-4405 (Multiple unspecified vulnerabilities in Trac before 0.11.6 have ...)
	- trac 0.11.6-1 (low)
	[lenny] - trac <no-dsa> (Minor information disclosure)
CVE-2009-4404 (Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 ...)
	- t-prot 2.8-1 (low)
	[etch] - t-prot <no-dsa> (Minor issue)
	[lenny] - t-prot <no-dsa> (Minor issue)
CVE-2009-4403 (Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 ...)
	NOT-FOR-US: Rumba XML
CVE-2009-4402 (The default configuration of SQL-Ledger 2.8.24 allows remote attackers ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-4410 (The fuse_ioctl_copy_user function in the ioctl handler in ...)
	- linux-2.6 2.6.32-1 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
CVE-2009-4401 (SQL injection vulnerability in the Parish Administration Database ...)
	NOT-FOR-US: ste_parish_admin typo3 extension
CVE-2009-4400 (Cross-site scripting (XSS) vulnerability in the Parish Administration ...)
	NOT-FOR-US: ste_parish_admin typo3 extension
CVE-2009-4399 (SQL injection vulnerability in the Parish of the Holy Spirit Religious ...)
	NOT-FOR-US: hs_religiousartgallery typo3 extension
CVE-2009-4398 (Cross-site scripting (XSS) vulnerability in the Parish of the Holy ...)
	NOT-FOR-US: hs_religiousartgallery typo3 extension
CVE-2009-4397 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...)
	NOT-FOR-US: pd_resources typo3 extension
CVE-2009-4396 (SQL injection vulnerability in the Diocese of Portsmouth Resources ...)
	NOT-FOR-US: pd_resources typo3 extension
CVE-2009-4395 (Cross-site scripting (XSS) vulnerability in the Random Prayer 2 ...)
	NOT-FOR-US: ste_prayer2 typo3 extension
CVE-2009-4394 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...)
	NOT-FOR-US: ste_prayer2 typo3 extension
CVE-2009-4393 (SQL injection vulnerability in the Document Directorys ...)
	NOT-FOR-US: danp_documentdirs
CVE-2009-4392 (SQL injection vulnerability in the XDS Staff List (xds_staff) ...)
	NOT-FOR-US: xds_staff typo3 extension
CVE-2009-4391 (Cross-site scripting (XSS) vulnerability in the File list (dr_blob) ...)
	NOT-FOR-US: dr_blob typo3 extension
CVE-2009-4390 (SQL injection vulnerability in the Car (car) extension 0.1.1 for TYPO3 ...)
	NOT-FOR-US: car typo3 extension
CVE-2009-4389 (Unspecified vulnerability in the Watchdog (aba_watchdog) extension ...)
	NOT-FOR-US: aba_watchdog typo3 extension
CVE-2009-4388 (Cross-site scripting (XSS) vulnerability in the ListMan (nl_listman) ...)
	NOT-FOR-US: nl_listman typo3 extension
CVE-2009-4387 (The cross-site scripting (XSS) protection mechanism in ...)
	NOT-FOR-US: ManageEngine Password Manager Pro (PMP)
CVE-2009-4386 (SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur ...)
	NOT-FOR-US: Venalsur Booking Centre Booking System
CVE-2009-4385 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4384 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: Scriptsez.net Ez Poll Hoster
CVE-2009-4383 (Directory traversal vulnerability in Pforum.php in Rocomotion P forum ...)
	NOT-FOR-US: Rocomotion P forum
CVE-2009-4382 (Cross-site scripting (XSS) vulnerability in module.php in PHPFABER ...)
	NOT-FOR-US: PHPFABER CMS
CVE-2009-4381 (Cross-site scripting (XSS) vulnerability in index.php in texmedia ...)
	NOT-FOR-US: texmedia Million Pixel Script
CVE-2009-4380 (Multiple SQL injection vulnerabilities in Valarsoft Webmatic before ...)
	NOT-FOR-US: Valarsoft Webmatic
CVE-2009-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Valarsoft ...)
	NOT-FOR-US: Valarsoft Webmatic
CVE-2010-0095 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0094 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0093 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0092 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0091 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0090 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0089 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0088 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b18-1.8-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0087 (Unspecified vulnerability in the Java Web Start, Java Plug-in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0086 (Unspecified vulnerability in the Portal component in Oracle Fusion ...)
	NOT-FOR-US: Oracle Fusion Middleware
CVE-2010-0085 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0084 (Unspecified vulnerability in the Java Runtime Environment component in ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0083 (Unspecified vulnerability in Oracle OpenSolaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2010-0082 (Unspecified vulnerability in the HotSpot Server component in Oracle ...)
	- openjdk-6 6b17-1
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2010-0081 (Unspecified vulnerability in the Application Server Control component ...)
	NOT-FOR-US: Oracle Fusion
CVE-2010-0080 (Unspecified vulnerability in the PeopleSoft Enterprise HCM - eProfile ...)
	NOT-FOR-US: PeopleSoft Enterprise HCM
CVE-2010-0079 (Multiple vulnerabilities in the JRockit component in BEA Product Suite ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0078 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0077 (Unspecified vulnerability in the CRM Technical Foundation (mobile) ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0076 (Unspecified vulnerability in the Application Express Application ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0075 (Unspecified vulnerability in the Oracle HRMS (Self Service) component ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2010-0074 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0073 (Unspecified vulnerability in the WebLogic Server in Oracle WebLogic ...)
	NOT-FOR-US: Oracle WebLogic Server
CVE-2010-0072 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2010-0071 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2010-0070 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0069 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0068 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2010-0067 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle Application Server
CVE-2010-0066 (Unspecified vulnerability in the Access Manager Identity Server ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-4378 (The IPMI dissector in Wireshark 1.2.0 through 1.2.4 on Windows allows ...)
	- wireshark <not-affected> (Windows-specific)
CVE-2009-4377 (The (1) SMB and (2) SMB2 dissectors in Wireshark 0.9.0 through 1.2.4 ...)
	{DSA-1983-1}
	- wireshark 1.2.5-1
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-4376 (Buffer overflow in the daintree_sna_read function in the Daintree SNA ...)
	- wireshark 1.2.5-1
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-4375 (SQL injection vulnerability in repository/repository_attachment.php in ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4374 (Directory traversal vulnerability in ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4373 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4372 (AlienVault Open Source Security Information Management (OSSIM) 2.1.5, ...)
	NOT-FOR-US: AlienVault Open Source Security Information Management
CVE-2009-4371 (Cross-site scripting (XSS) vulnerability in the Locale module ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4370 (Cross-site scripting (XSS) vulnerability in the Menu module ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4369 (Cross-site scripting (XSS) vulnerability in the Contact module ...)
	- drupal6 6.15-1 (low; bug #562165)
	[lenny] - drupal6 6.6-3lenny4
	- drupal5 5.21-1 (low)
	[lenny] - drupal5 <no-dsa> (Minor issue, requires auth)
CVE-2009-4368 (Multiple unspecified vulnerabilities in Centreon before 2.1.4 have ...)
	NOT-FOR-US: Centreon
CVE-2009-4367 (The Staging Webservice (&quot;sitecore modules/staging/service/api.asmx&quot;) ...)
	NOT-FOR-US: Sitecore Staging Module
CVE-2009-4366 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4365 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4364 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
	NOT-FOR-US: ScriptsEz Ez Blog
CVE-2009-4363 (Text_Filter/lib/Horde/Text/Filter/Xss.php in Horde Application ...)
	{DSA-1966-1}
	- horde3 3.3.6+debian0-1 (low)
CVE-2009-4362 (Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users ...)
	NOT-FOR-US: IBM AIX
CVE-2009-4361 (Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users ...)
	NOT-FOR-US: IBM AIX
CVE-2009-4360 (SQL injection vulnerability in modules/content/index.php in the ...)
	NOT-FOR-US: XOOPS
CVE-2009-4359 (Cross-site scripting (XSS) vulnerability in folder.php in the ...)
	NOT-FOR-US: XOOPS
CVE-2009-4358 (freebsd-update in FreeBSD 8.0, 7.2, 7.1, 6.4, and 6.3 uses insecure ...)
	NOT-FOR-US: freebsd-update
CVE-2009-4357 (CQWeb (aka the web interface) in IBM Rational ClearQuest before 7.1.1 ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-4356 (Multiple integer overflows in the jpeg.w5s and png.w5s filters in ...)
	NOT-FOR-US: Winamp
CVE-2009-4355 (Memory leak in the zlib_stateful_finish function in ...)
	{DSA-1970-1}
	- openssl 0.9.8k-8 (low)
	[etch] - openssl <not-affected> (affects only 0.9.8f and later)
	NOTE: apache2 packages in squeeze/sid do not seem to allow exploit
CVE-2009-4354 (TransWARE Active! mail 2003 build 2003.0139.0871 and earlier does not ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4353 (The Mobile Edition of TransWARE Active! mail 2003 build 2003.0139.0871 ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4352 (Multiple cross-site scripting (XSS) vulnerabilities in TransWARE ...)
	NOT-FOR-US: TransWARE Active
CVE-2009-4351 (SQL injection vulnerability in ADMIN/loginaction.php in WSCreator 1.1, ...)
	NOT-FOR-US: WSCreator
CVE-2009-4350 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.1.1 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2009-4349 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Link Up Gold
CVE-2009-4348 (Cross-site scripting (XSS) vulnerability in index.php in Harold ...)
	NOT-FOR-US: Harold Bakker's NewsScript
CVE-2009-4347 (Cross-site scripting (XSS) vulnerability in daloradius-users/login.php ...)
	NOT-FOR-US: daloRADIUS
CVE-2009-4346 (Cross-site scripting (XSS) vulnerability in the Frontend news ...)
	NOT-FOR-US: fe_rtenews typo3 extension
CVE-2009-4345 (Cross-site scripting (XSS) vulnerability in the vShoutbox (vshoutbox) ...)
	NOT-FOR-US: vShoutbox typo3 extension
CVE-2009-4344 (Cross-site scripting (XSS) vulnerability in the ZID Linkliste ...)
	NOT-FOR-US: zid_linklist typo3 extension
CVE-2009-4343 (Cross-site scripting (XSS) vulnerability in the Training Company ...)
	NOT-FOR-US: trainincdb typo3 extension
CVE-2009-4342 (SQL injection vulnerability in the Job Exchange (jobexchange) ...)
	NOT-FOR-US: jobexchange typo3 extension
CVE-2009-4341 (SQL injection vulnerability in the No indexed Search ...)
	NOT-FOR-US: no_indexed_search typo3 extension
CVE-2009-4340 (Cross-site scripting (XSS) vulnerability in the No indexed Search ...)
	NOT-FOR-US: no_indexed_search typo3 extension
CVE-2009-4339 (SQL injection vulnerability in the Subscription (mf_subscription) ...)
	NOT-FOR-US: mf_subscription typo3 extension
CVE-2009-4338 (SQL injection vulnerability in the Flash SlideShow (slideshow) ...)
	NOT-FOR-US: slideshow typo3 extension
CVE-2009-4337 (SQL injection vulnerability in the Diocese of Portsmouth Calendar ...)
	NOT-FOR-US: pd_calendar typo3 extension
CVE-2009-4336 (Cross-site scripting (XSS) vulnerability in the Diocese of Portsmouth ...)
	NOT-FOR-US: pd_calendar typo3 extension
CVE-2009-4335 (Multiple unspecified vulnerabilities in bundled stored procedures in ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4334 (The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4333 (The Relational Data Services component in IBM DB2 9.5 before FP5 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4332 (db2pd in the Problem Determination component in IBM DB2 9.1 before FP7 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4331 (The Install component in IBM DB2 9.5 before FP5 and 9.7 before FP1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4330 (Unspecified vulnerability in db2licm in the Engine Utilities component ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4329 (Unspecified vulnerability in the Engine Utilities component in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4328 (Unspecified vulnerability in the DRDA Services component in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4327 (The Common Code Infrastructure component in IBM DB2 9.5 before FP5 and ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4326 (The RAND scalar function in the Common Code Infrastructure component ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4325 (The Client Interfaces component in IBM DB2 8.2 before FP18, 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2009-XXXX [libhaml-ruby XSS issue]
	- libhaml-ruby 2.2.8-1
CVE-2009-XXXX [roundup: unspecified issue]
	- roundup 1.4.11-1
CVE-2010-0065 (Disk Images in Apple Mac OS X before 10.6.3 allows user-assisted ...)
	NOT-FOR-US: Apple Disk Images
CVE-2010-0064 (DesktopServices in Apple Mac OS X 10.6 before 10.6.3 preserves file ...)
	NOT-FOR-US: Apple DesktopServices
CVE-2010-0063 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
	NOT-FOR-US: Apple CoreTypes
CVE-2010-0062 (Heap-based buffer overflow in quicktime.qts in CoreMedia and QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2010-0061
	RESERVED
CVE-2010-0060 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
	NOT-FOR-US: Apple CoreAudio
CVE-2010-0059 (CoreAudio in Apple Mac OS X before 10.6.3 allows remote attackers to ...)
	NOT-FOR-US: Apple CoreAudio
CVE-2010-0058 (freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...)
	- clamav <not-affected> (apple-specific configuration issue)
CVE-2010-0057 (AFP Server in Apple Mac OS X before 10.6.3 does not prevent guest use ...)
	NOT-FOR-US: Apple AFP Server
CVE-2010-0056 (Buffer overflow in Cocoa spell checking in AppKit in Apple Mac OS X ...)
	NOT-FOR-US: Apple AppKit
CVE-2010-0055 (xar in Apple Mac OS X 10.5.8 does not properly validate package ...)
	- xar <removed> (bug #572556)
	[lenny] - xar <no-dsa> (Minor issue)
CVE-2010-0054 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/53812
	NOTE: http://trac.webkit.org/changeset/53813
	NOTE: http://trac.webkit.org/changeset/54242
CVE-2010-0053 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/50466
CVE-2010-0052 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/51877
CVE-2010-0051 (WebKit in Apple Safari before 4.0.5 does not properly validate the ...)
	NOTE: http://trac.webkit.org/changeset/52784
	NOTE: duplicate of CVE-2010-0651
CVE-2010-0050 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/52073
CVE-2010-0049 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/52527
CVE-2010-0048 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/51962
CVE-2010-0047 (Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/50698
CVE-2010-0046 (The Cascading Style Sheets (CSS) implementation in WebKit in Apple ...)
	- chromium-browser 6.0.466.0~r52279-1
	- webkit 1.1.90-1 (bug #574064)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/51727
CVE-2010-0045 (Apple Safari before 4.0.5 on Windows does not properly validate ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0044 (PubSub in Apple Safari before 4.0.5 does not properly implement use of ...)
	NOT-FOR-US: Apple PubSub
	NOTE: apple's pubsub is rss-oriented and all debian packages with pubsub
	NOTE: components are not; hence this is very likely an issue specifically with
	NOTE: their own code, or their wrapper code around another PubSub library
CVE-2010-0043 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0042 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0041 (ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0040 (Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, ...)
	NOT-FOR-US: Apple Safari
CVE-2010-0039 (The Application-Level Gateway (ALG) on the Apple Time Capsule, AirPort ...)
	NOT-FOR-US: Apple
CVE-2010-0038 (Recovery Mode in Apple iPhone OS 1.0 through 3.1.2, and iPhone OS for ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2010-0037 (Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0036 (Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2010-0035 (The Key Distribution Center (KDC) in Kerberos in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0034 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0033 (Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0032 (Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0031 (Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0030 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0029 (Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2010-0028 (Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft Paint
CVE-2010-0027 (The URL validation functionality in Microsoft Internet Explorer 5.01, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2010-0026 (The Hyper-V server implementation in Microsoft Windows Server 2008 ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2010-0025 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0024 (The SMTP component in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0023 (The Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0022 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0021 (Multiple race conditions in the SMB implementation in the Server ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2010-0020 (The SMB implementation in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0019 (Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before ...)
	NOT-FOR-US: Microsoft Silverlight on Windows
CVE-2010-0018 (Integer overflow in the Embedded OpenType (EOT) Font Engine ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0017 (Race condition in the SMB client implementation in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2010-0016 (The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2010-0015 (nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6) 2.7 ...)
	{DSA-1973-1}
	- eglibc 2.10.2-4 (medium; bug #560333)
	- glibc 2.10.2-4 (medium)
CVE-2010-0014 (System Security Services Daemon (SSSD) before 1.0.1, when the krb5 ...)
	- sssd 1.0.5-1
CVE-2010-0013 (Directory traversal vulnerability in slp.c in the MSN protocol plugin ...)
	- pidgin 2.6.5-1 (medium; bug #563206)
	[lenny] - pidgin <not-affected> (vulnerable code not present)
	- gaim <not-affected> (vulnerable code not present)
	NOTE: http://events.ccc.de/congress/2009/Fahrplan/attachments/1483_26c3_ipv4_fuckups.pdf
CVE-2010-0012 (Directory traversal vulnerability in libtransmission/metainfo.c in ...)
	{DSA-1967-1}
	- transmission 1.77-1 (low)
	NOTE: http://trac.transmissionbt.com/changeset/9829/
	NOTE: https://bugs.launchpad.net/ubuntu/+source/transmission/+bug/500625
CVE-2010-0011 (The eval_js function in uzbl-core.c in Uzbl before 2010.01.05 exposes ...)
	- uzbl 0.0.0~git.20100105-1 (medium)
	NOTE: http://www.uzbl.org/news.php?id=22
	NOTE: maintainer is aware of it
CVE-2010-0010 (Integer overflow in the ap_proxy_send_fb function in ...)
	- apache <removed> (low)
	NOTE: Exploitability is fairly limited: Can only be exploited by a malicious server,
	NOTE: not by a client. No sane person uses apache 1.3 as forward proxy and in reverse
	NOTE: proxy situations, the backend server is usually trusted, anyway.
CVE-2010-0009 (Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain ...)
	- couchdb 0.11.0-1 (bug #576304)
	[lenny] - couchdb <no-dsa> (Minor information leak)
CVE-2010-0008 (The sctp_rcv_ootb function in the SCTP implementation in the Linux ...)
	- linux-2.6 2.6.23-1
CVE-2010-0007 (net/bridge/netfilter/ebtables.c in the ebtables module in the ...)
	{DSA-2005-1 DSA-2003-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
	- linux-2.6.24 <removed>
CVE-2010-0006 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...)
	- linux-2.6 2.6.32-6
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
CVE-2010-0005 (query.py in the query interface in ViewVC before 1.1.3 does not reject ...)
	- viewvc 1.1.5-1 (bug #575777)
CVE-2010-0004 (ViewVC before 1.1.3 composes the root listing view without using the ...)
	- viewvc 1.1.5-1 (bug #575777)
CVE-2010-0003 (The print_fatal_signal function in kernel/signal.c in the Linux kernel ...)
	{DSA-2005-1 DSA-1996-1}
	- linux-2.6 2.6.32-6
	[etch] - linux-2.6 <not-affected> (does not have print-fatal-signals)
	- linux-2.6.24 <removed>
CVE-2010-0002 (The /etc/profile.d/60alias.sh script in the Mandriva bash package for ...)
	- bash <not-affected> (mandriva-specific packaging issue)
CVE-2010-0001 (Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 ...)
	{DSA-2074-1 DSA-1974-1}
	- gzip 1.3.12-9 (medium; bug #566002)
	- linux-2.6 <not-affected> (does not include unlzw.c in its gzip code copy)
	- klibc <not-affected> (does not include unlzw.c in its gzip code copy)
	- busybox <not-affected> (does not include unlzw.c in its gzip code copy)
	- pristine-tar <not-affected> (does not include unlzw.c in its gzip code copy)
	- ncompress 4.2.4.3-1
CVE-2009-4324 (Use-after-free vulnerability in the Doc.media.newPlayer method in ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-4323 (The installation for Zen Cart stores sensitive information and ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4322 (extras/ipn_test_return.php in Zen Cart allows remote attackers to ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4321 (extras/curltest.php in Zen Cart 1.3.8 and 1.3.8a, and possibly other ...)
	NOT-FOR-US: Zen Cart
CVE-2009-4320 (Cross-site scripting (XSS) vulnerability in searchform.php in The Next ...)
	NOT-FOR-US: The Next Generation of Genealogy Sitebuilding
CVE-2009-4319 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: eoCMS
CVE-2009-4318 (Cross-site scripting (XSS) vulnerability in index.php in Real Estate ...)
	NOT-FOR-US: Real Estate Manager
CVE-2009-4317 (Cross-site scripting (XSS) vulnerability in index.php in ScriptsEz Ez ...)
	NOT-FOR-US: ScriptsEz
CVE-2009-4316 (Cross-site scripting (XSS) vulnerability in searchresults_main.php in ...)
	NOT-FOR-US: ZeeLyrics
CVE-2009-4315 (Directory traversal vulnerability in admin/ajaxsave.php in Nuggetz CMS ...)
	NOT-FOR-US: Nuggetz CMS
CVE-2009-4314 (Sun Ray Server Software 4.1 on Solaris 10, when Automatic Multi-Group ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4313 (ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4312 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4311 (Unspecified vulnerability in the Indeo codec in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2009-4310 (Stack-based buffer overflow in the Intel Indeo41 codec for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2009-4309 (Heap-based buffer overflow in the Intel Indeo41 codec for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2009-4308 (The ext4_decode_error function in fs/ext4/super.c in the ext4 ...)
	{DSA-2005-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (ext4 introduced in 2.6.19)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4307 (The ext4_fill_flex_info function in fs/ext4/super.c in the Linux ...)
	{DSA-2443-1}
	- linux-2.6 2.6.32-2 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.27)
CVE-2009-4306 (Unspecified vulnerability in the EXT4_IOC_MOVE_EXT (aka move extents) ...)
	- linux-2.6 2.6.32-2 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-4291
	RESERVED
CVE-2009-4290
	RESERVED
CVE-2009-4289
	RESERVED
CVE-2009-4288
	RESERVED
CVE-2009-4287
	RESERVED
CVE-2009-4286
	RESERVED
CVE-2009-4285
	RESERVED
CVE-2009-4284
	RESERVED
CVE-2009-4283
	RESERVED
CVE-2009-4282
	RESERVED
CVE-2009-4281
	RESERVED
CVE-2009-4280
	RESERVED
CVE-2009-4279
	RESERVED
CVE-2009-4278
	RESERVED
CVE-2009-4277
	RESERVED
CVE-2009-4276
	REJECTED
CVE-2009-4275
	REJECTED
CVE-2009-4274 (Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm ...)
	{DSA-2026-1 DTSA-206-1}
	- netpbm-free 2:10.0-12.2 (medium; bug #569060)
CVE-2009-4273 (stap-server in SystemTap before 1.1 allows remote attackers to execute ...)
	- systemtap 1.1-1 (bug #568865)
	[lenny] - systemtap <not-affected> (Server component not yet present)
	[etch] - systemtap <not-affected> (Server component not yet present)
CVE-2009-4272 (A certain Red Hat patch for net/ipv4/route.c in the Linux kernel ...)
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.27)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545411
CVE-2009-4271 (The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 ...)
	- linux-2.6 2.6.18-1
CVE-2009-4270 (Stack-based buffer overflow in the errprintf function in base/gsmisc.c ...)
	{DSA-2080-1}
	- ghostscript 8.70~dfsg-2.1 (medium; bug #562643)
CVE-2009-4269 (The password hash generation algorithm in the BUILTIN authentication ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: https://issues.apache.org/jira/browse/DERBY-4483
CVE-2009-4268
	REJECTED
CVE-2009-4267 (The console in Apache jUDDI 3.0.0 does not properly escape line feeds, ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-XXXX [gnome-screensaver inhibitor not removed when connection is closed]
	- gnome-screensaver 2.28.0-2 (low; bug #560895)
	[etch] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
	[lenny] - gnome-screensaver <not-affected> (vulnerable code introduced in 2.28)
	NOTE: the code in etch's version is more different but it seems to be affected
	NOTE: http://git.gnome.org/browse/gnome-screensaver/commit/?id=284c9924969a49dbf2d5fae1d680d3310c4df4a3
CVE-2009-5018 (Stack-based buffer overflow in gif2png.c in gif2png 2.5.3 and earlier ...)
	- gif2png 2.5.2-1 (low; bug #550978)
	[etch] - gif2png <no-dsa> (minor issue)
	[lenny] - gif2png <no-dsa> (minor issue)
CVE-2009-XXXX [browser-based css info disclosure]
	- xulrunner <unfixed> (unimportant; bug #560108)
	- webkit <unfixed> (unimportant; bug #560870)
	- qt4-x11 <unfixed> (unimportant; bug #561754)
	- kdelibs <unfixed> (unimportant; bug #561752)
	- kde4libs <unfixed> (unimportant; bug #561753)
	- kazehakase <unfixed> (unimportant; bug #560871)
	- epiphany-browser <unfixed> (unimportant; bug #560872)
	- galeon <unfixed> (unimportant; bug #560873)
	- dillo <unfixed> (unimportant; bug #560874)
	NOTE: Minor design issue
CVE-2009-XXXX [xpat2: save game permissions issue]
	- xpat2 1.07-17 (unimportant; bug #560087)
CVE-2009-4144 (NetworkManager (NM) 0.7.2 does not ensure that the configured ...)
	- network-manager-applet 0.7.2-2 (low; bug #560067)
	[lenny] - network-manager-applet <not-affected> (WPA/enterprise was added in 0.7.2)
	- network-manager <not-affected> (vulnerable code is in -applet, which is a source package on its own as of 0.6.5)
CVE-2009-XXXX [unsafe xfs]
	- xfs 1:1.0.8-6 (low; bug #521107)
	[etch] - xfs <no-dsa> (minor issue)
	[lenny] - xfs 1:1.0.8-2.2+lenny1
CVE-2009-XXXX [xserver-xorg: inherits user's mask]
	- xorg-server 2:1.7.2-1 (low; bug #555308)
	[lenny] - xorg-server 2:1.4.2-10.lenny3
CVE-2009-4296 (SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and ...)
	NOT-FOR-US: Taxonomy Timer module for Drupal
CVE-2009-4295 (Sun Ray Server Software 4.0 and 4.1 does not generate a unique DSA ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4294 (Unspecified vulnerability in the Authentication Manager (aka utauthd) ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-4293 (Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.30 ...)
	NOT-FOR-US: Internet Initiative Japan
CVE-2009-4292 (Buffer overflow in the URL filtering function in Internet Initiative ...)
	NOT-FOR-US: Internet Initiative Japan
CVE-2009-4266 (Cross-site scripting (XSS) vulnerability in search.php in YABSoft ...)
	NOT-FOR-US: YABSoft Advanced Image Hosting (AIH) Script
CVE-2009-4265 (Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and ...)
	NOT-FOR-US: Ideal Administration
CVE-2009-4264 (PHP remote file inclusion vulnerability in components/core/connect.php ...)
	NOT-FOR-US: AROUNDMe
CVE-2009-4263 (SQL injection vulnerability in main_forum.php in PTCPay GeN3 forum 1.3 ...)
	NOT-FOR-US: PTCPay
CVE-2009-4262 (Harold Bakker's NewsScript (HB-NS) 1.3 allows remote attackers to ...)
	NOT-FOR-US: Harold Bakker's Newscript HB-NS
CVE-2009-XXXX [php-net-ping argument injection]
	- php-net-ping 2.4.2-1.1 (medium)
	[etch] - php-net-ping 2.4.2-1+etch1
	[lenny] - php-net-ping 2.4.2-1+lenny1
CVE-2009-4305 (SQL injection vulnerability in the SCORM module in Moodle 1.8 before ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (medium; bug #559531)
	NOTE: MSA-09-0031
CVE-2009-4304 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not use a random ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (bug #559531)
	[lenny] - moodle <no-dsa> (Minor issue)
	[etch] - moodle <no-dsa> (Minor issue)
	NOTE: MSA-09-0029
CVE-2009-4303 (Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores (1) password ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0028
CVE-2009-4302 (login/index_form.html in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0027
CVE-2009-4301 (mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0026
CVE-2009-4300 (Multiple unspecified authentication plugins in Moodle 1.8 before ...)
	{DSA-2115-1}
	- moodle 1.9.8-1 (bug #559531)
	[lenny] - moodle <no-dsa> (Minor issue)
	[etch] - moodle <no-dsa> (Minor issue)
	NOTE: MSA-09-0025
CVE-2009-4299 (mod/glossary/showentry.php in the Glossary module for Moodle 1.8 ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0024
CVE-2009-4298 (The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0023
CVE-2009-4297 (Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle ...)
	{DSA-1986-1}
	- moodle 1.8.2.dfsg-6 (bug #559531)
	NOTE: MSA-09-0022
CVE-2009-5042 [docutils insecure usage of temporary files]
	RESERVED
	- python-docutils 0.6-2 (low; bug #560755)
	[etch] - python-docutils <not-affected> (vulnerable code introduced in 0.5)
	[lenny] - python-docutils 0.5-2+lenny1
	NOTE: cve requested
CVE-2009-4261 (Multiple directory traversal vulnerabilities in the iallocator ...)
	{DSA-1959-1}
	- ganeti 2.0.5-1 (low)
	NOTE: http://www.ocert.org/advisories/ocert-2009-019.html
CVE-2009-4260
	RESERVED
CVE-2009-4259
	RESERVED
CVE-2009-4258
	RESERVED
CVE-2009-4257 (Heap-based buffer overflow in datatype/smil/common/smlpkt.cpp in ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4256 (Multiple SQL injection vulnerabilities in cource.php in AlefMentor 2.0 ...)
	NOT-FOR-US: AlefMentor
CVE-2009-4255 (Cross-site scripting (XSS) vulnerability in the You!Hostit! template ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4254 (PowerPhlogger 2.2.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PowerPhlogger
CVE-2009-4253 (Cross-site scripting (XSS) vulnerability in dspStats.php in ...)
	NOT-FOR-US: PowerPhlogger
CVE-2009-4252 (Cross-site scripting (XSS) vulnerability in images.php in Image ...)
	NOT-FOR-US: Image Hosting Script DPI
CVE-2009-4251 (Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel ...)
	NOT-FOR-US: Jasc Paint Shop Pro
CVE-2009-4250 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...)
	NOT-FOR-US: CuteNews
CVE-2009-4249 (Multiple cross-site scripting (XSS) vulnerabilities in CutePHP ...)
	NOT-FOR-US: CuteNews
CVE-2009-4248 (Buffer overflow in the RTSPProtocol::HandleSetParameterRequest ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4247 (Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4246 (Stack-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4245 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4244 (Heap-based buffer overflow in RealNetworks RealPlayer 10; RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4243 (RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4242 (Heap-based buffer overflow in the CGIFCodec::GetPacketBuffer function ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4241 (Heap-based buffer overflow in RealNetworks RealPlayer 10, RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2009-4240 (Multiple buffer overflows in unspecified setuid executables in the ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4239 (Cross-site scripting (XSS) vulnerability in the Web console in IBM ...)
	NOT-FOR-US: IBM InfoSphere Information Server
CVE-2009-4238 (Multiple SQL injection vulnerabilities in TestLink before 1.8.5 allow ...)
	NOT-FOR-US: TestLink
CVE-2009-4237 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2009-4236 (The process function in ...)
	NOT-FOR-US: EC-CUBE
CVE-2009-4235 (acpid 1.0.4 sets an unrestrictive umask, which might allow local users ...)
	{DSA-1960-1}
	- acpid 1.0.6 (low; bug #560771)
	NOTE: all versions set umask(0), might be worth double-checking what it opens
CVE-2009-4234 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Micronet Network Access Controller
CVE-2009-4233 (Cross-site scripting (XSS) vulnerability in modules/mod_yj_whois.php ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4232 (The Kide Shoutbox (com_kide) component 0.4.6 for Joomla! does not ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4231 (Directory traversal vulnerability in as/lib/plugins.php in SweetRice ...)
	NOT-FOR-US: SweetRice
CVE-2009-4230 (Multiple stack-based buffer overflows in src/Task.cc in the FastCGI ...)
	NOT-FOR-US: IIPImage Server
CVE-2009-4229 (Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active ...)
	NOT-FOR-US: ActiveWebSoftwares Active Bids
CVE-2009-4226 (Race condition in the IP module in the kernel in Sun OpenSolaris ...)
	NOT-FOR-US: OpenSolaris kernel
CVE-2009-4225 (Stack-based buffer overflow in the PestPatrol ActiveX control ...)
	NOT-FOR-US: PestPatrol
CVE-2009-4228 (Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and ...)
	- xfig <unfixed> (unimportant)
CVE-2009-4227 (Stack-based buffer overflow in the read_1_3_textobject function in ...)
	- xfig 1:3.2.5.b-1 (low; bug #559274)
	[lenny] - xfig <no-dsa> (Minor issue)
	[etch] - xfig <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=543905
CVE-2009-4413 (The httpClientDiscardBody function in client.c in Polipo 0.9.8, ...)
	{DSA-2002-1}
	- polipo 1.0.4-2 (low; bug #560779)
	[etch] - polipo <no-dsa> (Minor issue)
	[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-4224 (Multiple PHP remote file inclusion vulnerabilities in SweetRice 0.5.4, ...)
	NOT-FOR-US: SweetRice
CVE-2009-4223 (PHP remote file inclusion vulnerability in adm/krgourl.php in KR-Web ...)
	NOT-FOR-US: KR-Web
CVE-2009-4222 (phpBazar 2.1.1fix and earlier does not require administrative ...)
	NOT-FOR-US: phpBazar
CVE-2009-4221 (SQL injection vulnerability in classified.php in phpBazar 2.1.1fix and ...)
	NOT-FOR-US: phpBazar
CVE-2009-4220 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PointComma
CVE-2009-4219 (Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX ...)
	NOT-FOR-US: Haihaisoft Universal Player
CVE-2009-4218 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...)
	NOT-FOR-US: JiRo's Banner System eXperience (JBSX)
CVE-2009-4217 (SQL injection vulnerability in the Itamar Elharar MusicGallery ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4216 (Directory traversal vulnerability in funzioni/lib/menulast.php in ...)
	NOT-FOR-US: klinza
CVE-2009-4215 (Panda Global Protection 2010, Internet Security 2010, and Antivirus ...)
	NOT-FOR-US: Panda
CVE-2009-4213
	RESERVED
CVE-2009-4212 (Multiple integer underflows in the (1) AES and (2) RC4 decryption ...)
	{DSA-1969-1}
	- krb5 1.8+dfsg~alpha1-1
CVE-2009-4211 (The U.S. Defense Information Systems Agency (DISA) Security Readiness ...)
	NOT-FOR-US: U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script
CVE-2009-4210 (The Indeo codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and ...)
	NOT-FOR-US: Microsoft
CVE-2009-4209 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: moziloCMS
CVE-2009-4208 (SQL injection vulnerability in the os_news module in Open-school (OS) ...)
	NOT-FOR-US: Open-school
CVE-2009-4207 (Cross-site scripting (XSS) vulnerability in the Webform module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4206 (SQL injection vulnerability in admin.link.modify.php in Million Dollar ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-4205 (Directory traversal vulnerability in admin.php in Flashlight Free ...)
	NOT-FOR-US: Flashlight Free Edition
CVE-2009-4204 (SQL injection vulnerability in read.php in Flashlight Free Edition ...)
	NOT-FOR-US: Flashlight Free Edition
CVE-2009-4203 (Multiple SQL injection vulnerabilities in admin/aclass/admin_func.php ...)
	NOT-FOR-US: Arab Portal
CVE-2009-4202 (Directory traversal vulnerability in the Omilen Photo Gallery ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4201 (Multiple stack-based buffer overflows in Mp3 Tag Assistant ...)
	NOT-FOR-US: Mp3 Tag Assistant Professional
CVE-2009-4200 (SQL injection vulnerability in the Seminar (com_seminar) component ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4199 (Multiple SQL injection vulnerabilities in the Mambo Resident (aka Mos ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4198 (SQL injection vulnerability in my_orders.php in MyMiniBill allows ...)
	NOT-FOR-US: MyMiniBill
CVE-2009-4197 (rpwizPppoe.htm in Huawei MT882 V100R002B020 ARG-T running firmware ...)
	NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4196 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
	NOT-FOR-US: Huawei MT882 V100R002B020
CVE-2009-4195 (Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2009-4194 (Directory traversal vulnerability in Golden FTP Server 4.30 Free and ...)
	NOT-FOR-US: Golden FTP
CVE-2009-4192 (Directory traversal vulnerability in dialog/file_manager.php in ...)
	NOT-FOR-US: Interspire Knowledge Manager
CVE-2009-4191 (Unspecified vulnerability in the kernel in Sun Solaris 10 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4190 (Unspecified vulnerability in the kernel in Sun OpenSolaris 2009.06 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4189 (HP Operations Manager has a default password of OvW*busr1 for the ...)
	NOT-FOR-US: HP Operations Manager
CVE-2009-4188 (HP Operations Dashboard has a default password of j2deployer for the ...)
	NOT-FOR-US: HP Operations Dashboard
CVE-2009-4187 (Multiple cross-site scripting (XSS) vulnerabilities in the Gateway ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2009-4186 (Stack consumption vulnerability in Apple Safari 4.0.3 on Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-4185 (Cross-site scripting (XSS) vulnerability in proxy/smhui/getuiinfo in ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2009-4184 (Unspecified vulnerability in HP Enterprise Cluster Master Toolkit ...)
	NOT-FOR-US: HP Enterprise Cluster Master Toolkit
CVE-2009-4183 (Unspecified vulnerability in HP OpenView Storage Data Protector 6.00 ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2009-4182 (Multiple unspecified vulnerabilities in HP Web Jetadmin 10.2, when a ...)
	NOT-FOR-US: HP Web Jetadmin
CVE-2009-4181 (Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4180 (Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4179 (Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4178 (Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4177 (Buffer overflow in webappmon.exe in HP OpenView Network Node Manager ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4176 (Multiple heap-based buffer overflows in ovsessionmgr.exe in HP ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-4175 (CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2009-4174 (The editnews module in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2009-4173 (Cross-site request forgery (CSRF) vulnerability in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2009-4172 (Cross-site scripting (XSS) vulnerability in index.php in CutePHP ...)
	NOT-FOR-US: CuteNews
CVE-2009-4171 (An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger ...)
	NOT-FOR-US: ActiveX
CVE-2009-4170 (WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4169 (Cross-site scripting (XSS) vulnerability in wp-cumulus.php in the ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4168 (Cross-site scripting (XSS) vulnerability in Roy Tanck tagcloud.swf, as ...)
	NOT-FOR-US: WP-Cumulus Plug-in 1.20 for WordPress
CVE-2009-4167 (Unspecified vulnerability in the Automatic Base Tags for RealUrl ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4166 (SQL injection vulnerability in the Trips (mchtrips) extension 2.0.0 ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4165 (SQL injection vulnerability in the simple Glossar (simple_glossar) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4164 (Cross-site scripting (XSS) vulnerability in the simple Glossar ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4163 (SQL injection vulnerability in the TW Productfinder (tw_productfinder) ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4162 (Unspecified vulnerability in the DB Integration (wfqbe) extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4161 (Cross-site scripting (XSS) vulnerability in the [AN] Search it! ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4160 (Unspecified vulnerability in the Simple download-system with counter ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4159 (Cross-site scripting (XSS) vulnerability in the newsletter ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4158 (SQL injection vulnerability in the Calendar Base (cal) extension ...)
	NOT-FOR-US: TYPO3 extension
CVE-2009-4157 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Joomla
CVE-2009-4156 (PHP remote file inclusion vulnerability in modules/pms/index.php in ...)
	NOT-FOR-US: Ciamos CMS
CVE-2009-4155 (Multiple SQL injection vulnerabilities in Eshopbuilde CMS allow remote ...)
	NOT-FOR-US: Eshopbuilde
CVE-2009-4154 (Directory traversal vulnerability in includes/feedcreator.class.php in ...)
	NOT-FOR-US: Elxis CMS
CVE-2009-4153 (Unspecified vulnerability in the XMLAccess component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-4152 (Cross-site scripting (XSS) vulnerability in the Collaboration ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-4151 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
	{DSA-1944-1}
	- request-tracker3.6 3.6.9-2 (low)
	- request-tracker3.4 <removed>
CVE-2009-4150 (dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and ...)
	NOT-FOR-US: IBM DB2
CVE-2009-4149 (Cross-site scripting (XSS) vulnerability in the web interface in CA ...)
	NOT-FOR-US: CA Service Desk
CVE-2009-4148 (DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers ...)
	NOT-FOR-US: DAZ Studio
CVE-2009-4147 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
	- kfreebsd-6 <not-affected> (the affected file -rtld.c-  is not in the archive, not even kFreeBSD)
CVE-2009-4146 (The _rtld function in the Run-Time Link-Editor (rtld) in ...)
	- kfreebsd-6 <not-affected> (the affected file -rtld.c-  is not in the archive, not even kFreeBSD)
CVE-2009-4145 (nm-connection-editor in NetworkManager (NM) 0.7.x exports connection ...)
	- network-manager-applet 0.7.2-2 (low; bug #563371)
	- network-manager <not-affected> (-editor introduced in 0.7 on the -applet package)
	[lenny] - network-manager-applet <not-affected> (-editor was introduced in 0.7)
CVE-2009-4143 (PHP before 5.2.12 does not properly handle session data, which has ...)
	{DSA-2001-1}
	- php5 5.2.12.dfsg.1-1 (low)
CVE-2009-4142 (The htmlspecialchars function in PHP before 5.2.12 does not properly ...)
	{DSA-2001-1}
	- php5 5.2.12.dfsg.1-1 (medium)
CVE-2009-4141 (Use-after-free vulnerability in the fasync_helper function in ...)
	- linux-2.6 2.6.32-6
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.28)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=53281b6d3
CVE-2009-4140 (Unrestricted file upload vulnerability in ofc_upload_image.php in Open ...)
	- piwik <itp> (bug #506933)
CVE-2009-4139 (Cross-site request forgery (CSRF) vulnerability in the Spacewalk Java ...)
	NOT-FOR-US: spacewalk-java
CVE-2009-4138 (drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when ...)
	{DSA-2005-1}
	- linux-2.6 2.6.32-3 (medium)
	[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4137 (The loadContentFromCookie function in core/Cookie.php in Piwik before ...)
	- piwik <itp> (bug #506933)
CVE-2009-4136 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
	{DSA-1964-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 8.3.9-1 (low)
	- postgresql-8.4 8.4.2-1 (low)
CVE-2009-4135 (The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 ...)
	- coreutils <not-affected> (this issue only affects the coreutils build process; bug #560898)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=545439
CVE-2009-4134 (Buffer underflow in the rgbimg module in Python 2.5 allows remote ...)
	- python3.1 <not-affected> (rgbimgmodule no longer included in source)
	- python2.7 <not-affected> (rgbimgmodule no longer included in source)
	- python2.6 <not-affected> (rgbimgmodule no longer included in source)
	- python2.5 2.5.5-11 (low; bug #603162)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	- python2.4 <removed> (low)
	[lenny] - python2.4 <no-dsa> (Minor issue)
CVE-2009-4133 (Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2009-4132
	REJECTED
CVE-2009-4131 (The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ...)
	- linux-2.6 2.6.32-2 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (introduced in 2.6.31)
CVE-2009-XXXX [monkey DoS]
	- monkey 0.9.3-1 (low)
	[lenny] - monkey <no-dsa> (Minor issue, fringe package)
CVE-2009-4130 (Visual truncation vulnerability in the MakeScriptDialogTitle function ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-4129 (Race condition in Mozilla Firefox allows remote attackers to produce a ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-4128 (GNU GRand Unified Bootloader (GRUB) 2 1.97 only compares the submitted ...)
	- grub2 1.97+20091115-1 (bug #555195)
	[lenny] - grub2 <not-affected> (Password authentication not yet present)
	- grub <not-affected> (only affects grub2)
CVE-2009-4127 (Unspecified vulnerability in Wikipedia Toolbar extension before ...)
	NOT-FOR-US: Wikipedia Toolbar extension for Firefox
CVE-2009-4126
	RESERVED
CVE-2009-4125
	RESERVED
CVE-2009-4124 (Heap-based buffer overflow in the rb_str_justify function in string.c ...)
	- ruby1.9.1 1.9.1.376-1
	- ruby1.9 <removed> (bug #572817)
	- ruby1.8 <not-affected>
	NOTE: http://www.ruby-lang.org/en/news/2009/12/07/heap-overflow-in-string/
CVE-2009-4123
	RESERVED
CVE-2009-4122
	RESERVED
CVE-2009-4121 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Quick CMS
CVE-2009-4120 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Quick.Cart
CVE-2009-4119 (Cross-site scripting (XSS) vulnerability in Feed Element Mapper module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4118 (The StartServiceCtrlDispatcher function in the cvpnd service ...)
	NOT-FOR-US: Cisco VPN client for Windows
CVE-2009-4117 (Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before ...)
	NOT-FOR-US: MuPDF
CVE-2009-4116 (Multiple directory traversal vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CutePHP
CVE-2009-4115 (Multiple static code injection vulnerabilities in the Categories ...)
	NOT-FOR-US: CutePHP CuteNews
CVE-2009-4114 (kl1.sys in Kaspersky Anti-Virus 2010 9.0.0.463, and possibly other ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-4113 (Static code injection vulnerability in the Categories module in ...)
	NOT-FOR-US: CutePHP CuteNews
CVE-2009-4110 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-4109 (The install wizard in DotNetNuke 4.0 through 5.1.4 does not prevent ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-4108 (XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2009-4107 (Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted ...)
	NOT-FOR-US: Invisible Browsing
CVE-2009-4106 (Unrestricted file upload vulnerability in admintools/editpage-2.php in ...)
	NOT-FOR-US: Agoko CMS
CVE-2009-4105 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2009-4104 (SQL injection vulnerability in Lyften Designs LyftenBloggie ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4103 (Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, ...)
	NOT-FOR-US: Robo-FTP
CVE-2009-4102 (Sage 1.4.3 and earlier extension for Firefox performs certain ...)
	{DSA-1951-1}
	- firefox-sage 1.4.3-4 (medium; bug #559267)
CVE-2009-4101 (infoRSS 1.1.4.2 and earlier extension for Firefox performs certain ...)
	NOT-FOR-US: infoRSS extension for Firefox
CVE-2009-4100 (Yoono extension before 6.1.1 for Firefox performs certain operations ...)
	NOT-FOR-US: Yoono extension for Firefox
CVE-2009-4099 (SQL injection vulnerability in the Google Calendar GCalendar ...)
	NOT-FOR-US: Joomla! Component
CVE-2009-4098 (Unrestricted file upload vulnerability in banner-edit.php in OpenX ...)
	- openx <itp> (bug #513771)
CVE-2009-4097 (Stack-based buffer overflow in the MplayInputFile function in Serenity ...)
	NOT-FOR-US: Serenity Audio Player
CVE-2009-4096 (RADIO istek scripti 2.5 stores sensitive information under the web ...)
	NOT-FOR-US: RADIO istek scripti
CVE-2009-4095 (myPhile 1.2.1 allows remote attackers to bypass authentication via an ...)
	NOT-FOR-US: myPhile
CVE-2009-4094 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Joomla! component
CVE-2009-4093 (Multiple cross-site scripting (XSS) vulnerabilities in comments.php in ...)
	NOT-FOR-US: Simplog
CVE-2009-4092 (Cross-site request forgery (CSRF) vulnerability in user.php in Simplog ...)
	NOT-FOR-US: Simplog
CVE-2009-4091 (comments.php in Simplog 0.9.3.2, and possibly earlier, does not ...)
	NOT-FOR-US: Simplog
CVE-2009-4090 (Unrestricted file upload vulnerability in ajax/addComment.php in ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4089 (telepark.wiki 2.4.23 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4088 (Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4087 (Cross-site scripting (XSS) vulnerability in index.php in telepark.wiki ...)
	NOT-FOR-US: telepark.wiki
CVE-2009-4086 (CRLF injection vulnerability in Xerver HTTP Server 4.31 and 4.32 ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-4085 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Traverser
CVE-2009-4084 (SQL injection vulnerability in the search feature in e107 0.7.16 and ...)
	NOT-FOR-US: e107
CVE-2009-4083 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.16 and ...)
	NOT-FOR-US: e107
CVE-2009-4082 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2009-4081 (Untrusted search path vulnerability in dstat before r3199 allows local ...)
	- dstat <not-affected> (Fixed/tracked as CVE-2009-3894)
	NOTE: This second ID is about the same issue, but for an older version, see
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=293497
	NOTE: For Debian we'll just use CVE-2009-3894 and mark this one as not-affected
CVE-2009-4080 (Multiple unspecified vulnerabilities in ldap_cachemgr (aka the LDAP ...)
	NOT-FOR-US: ldap_cachemgr in Sun Solaris
CVE-2009-4079 (Cross-site request forgery (CSRF) vulnerability in Redmine 0.8.5 and ...)
	- redmine 0.9.0~svn2902-1
CVE-2009-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Redmine 0.8.5 ...)
	- redmine 0.9.0~svn2902-1
CVE-2009-4077 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
	- roundcube 0.3-1
CVE-2009-4076 (Cross-site request forgery (CSRF) vulnerability in Roundcube Webmail ...)
	- roundcube 0.3-1
CVE-2009-4075 (Unspecified vulnerability in the timeout mechanism in sshd in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-4074 (The XSS Filter in Microsoft Internet Explorer 8 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2008-7247 (sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, ...)
	- mysql-5.1 5.1.49-3 (low; bug #569484)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
CVE-2009-4214 (Cross-site scripting (XSS) vulnerability in the strip_tags function in ...)
	{DSA-2301-1 DSA-2260-1}
	- rails 2.2.3-2 (low; bug #558685)
	NOTE: http://groups.google.com/group/rubyonrails-security/browse_thread/thread/4d4f71f2aef4c0ab?pli=1
CVE-2008-7248 (Ruby on Rails 2.1 before 2.1.3 and 2.2.x before 2.2.2 does not verify ...)
	- rails 2.2.3-1 (medium; bug #558685)
	[lenny] - rails <not-affected> (Vulnerable code not present)
	NOTE: http://weblog.rubyonrails.org/2008/11/18/potential-circumvention-of-csrf-protection-in-rails-2-1
CVE-2009-4073 (The printing functionality in Microsoft Internet Explorer 8 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer 8
CVE-2009-4072 (Unspecified vulnerability in Opera before 10.10 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2009-4071 (Opera before 10.10, when exception stacktraces are enabled, places ...)
	NOT-FOR-US: Opera
CVE-2009-4070 (SQL injection vulnerability in GForge 4.5.14, 4.7.3, and possibly ...)
	{DSA-1818-1}
	- gforge 4.7.3-2
CVE-2009-4069 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5.14, ...)
	{DSA-1818-1}
	- gforge 4.7.3-2
CVE-2009-4068
	RESERVED
CVE-2009-4067
	RESERVED
	{DSA-2310-1}
	- linux-2.6 2.6.28-1 (low)
	NOTE: Driver was removed in 2.6.27
CVE-2009-4066 (Multiple cross-site request forgery (CSRF) vulnerabilities in the &quot;My ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4065 (Cross-site scripting (XSS) vulnerability in the settings page in the ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4064 (Cross-site scripting (XSS) vulnerability in the Gallery Assist module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4063 (Cross-site scripting (XSS) vulnerability in the Subgroups for Organic ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4062 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4061 (Multiple cross-site scripting (XSS) vulnerabilities in the Agreement ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4060 (SQL injection vulnerability in includes/content/viewProd.inc.php in ...)
	NOT-FOR-US: CubeCart
CVE-2009-4059 (SQL injection vulnerability in the JoomClip (com_joomclip) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4058 (SQL injection vulnerability in allauctions.php in Telebid Auction ...)
	NOT-FOR-US: Telebid Auction Script
CVE-2009-4057 (SQL injection vulnerability in the inertialFATE iF Portfolio Nexus ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-4056 (Directory traversal vulnerability in admin/popup.php in Betsy CMS 3.5 ...)
	NOT-FOR-US: Betsy CMS
CVE-2009-4055 (rtp.c in Asterisk Open Source 1.2.x before 1.2.37, 1.4.x before ...)
	{DSA-1952-1}
	- asterisk 1:1.6.2.0~rc7-1 (bug #559103)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-4054
	REJECTED
CVE-2009-4053 (Multiple directory traversal vulnerabilities in Home FTP Server ...)
	NOT-FOR-US: Home FTP Server
CVE-2009-4052 (Multiple cross-site scripting (XSS) vulnerabilities in the JSF Widget ...)
	NOT-FOR-US: IBM Rational Application Developer for WebSphere
CVE-2009-4051 (Home FTP Server 1.10.1.139 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Home FTP Server
CVE-2009-4050 (Directory traversal vulnerability in get_file.php in phpMyBackupPro ...)
	NOT-FOR-US: phpMyBackupPro
CVE-2009-4049 (Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in ...)
	NOT-FOR-US: avast
CVE-2009-4048 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote authenticated ...)
	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-4047 (Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk ...)
	NOT-FOR-US: PHD Help Desk
CVE-2009-4112 (Cacti 0.8.7e and earlier allows remote authenticated administrators to ...)
	- cacti <unfixed> (unimportant; bug #561339)
	NOTE: 4B0E1566.1070509@moritz-naumann.com in bugtraq
	NOTE: as one requires admin access to cacti, upstream will implement a whitelist
	NOTE: https://github.com/Cacti/cacti/issues/1072
CVE-2009-4032 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7e ...)
	{DSA-1954-1}
	- cacti 0.8.7e-1.1 (low; bug #561338)
	NOTE: http://docs.cacti.net/#cross-site_scripting_fixes
	NOTE: http://www.cacti.net/download_patches.php
	NOTE: incomplete, probably another CVE id will be allocated: https://bugzilla.redhat.com/show_bug.cgi?id=541279#c17
CVE-2009-4046 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) 2.2.x ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4045 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4044 (The Web Services module 6.x for Drupal does not perform the expected ...)
	NOT-FOR-US: Web Services module for Drupal
CVE-2009-4043 (Cross-site scripting (XSS) vulnerability in the AddToAny module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-4042 (Cross-site scripting (XSS) vulnerability in the RootCandy theme 6.x ...)
	NOT-FOR-US: theme for Drupal
CVE-2009-4041 (UseBB 1.0.9 before 1.0.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: UseBB
CVE-2009-4040 (Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.0.17 and ...)
	NOT-FOR-US: phpMyFAQ
CVE-2009-4039 (Cross-site scripting (XSS) vulnerability in Piwigo before 2.0.6 allows ...)
	- piwigo <not-affected> (Fixed before initial upload to the archive)
CVE-2009-4038 (Multiple cross-site scripting (XSS) vulnerabilities in NCH Software ...)
	NOT-FOR-US: NCH Software Axon Virtual PBX
CVE-2009-4037 (Multiple SQL injection vulnerabilities in FrontAccounting (FA) before ...)
	NOT-FOR-US: FrontAccounting
CVE-2009-4036
	REJECTED
CVE-2009-4035 (The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...)
	- kdegraphics 4:4.0.0-1
	- xpdf 3.01-1
	- poppler 0.5.1-1
	- swftools 0.9.2+ds1-2
	NOTE: was silently fixed by upstream xpdf, fix propagated to poppler in 4b4fc5c017b/2005-09-14
	NOTE: but at least version 0.4.5 does *not* contain the ship.
	NOTE: Was fixed somewhere between 0.4.5 and 0.5.1
CVE-2009-4034 (PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before ...)
	{DSA-1964-1}
	- postgresql-7.4 <removed>
	- postgresql-8.1 <removed>
	- postgresql-8.2 <removed>
	- postgresql-8.3 8.3.9-1 (low)
	- postgresql-8.4 8.4.2-1 (low)
CVE-2009-4033 (A certain Red Hat patch for acpid 1.0.4 effectively triggers a call to ...)
	- acpid <not-affected> (problem in redhat-specific patch; debian uses sensible permissions 0664)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=515062
CVE-2009-4031 (The do_insn_fetch function in arch/x86/kvm/emulate.c in the x86 ...)
	{DSA-1962-1}
	- linux-2.6 2.6.32-3 (low)
	[lenny] - linux-2.6 2.6.26-21
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm <removed> (low; bug #562075)
CVE-2009-4030 (MySQL 5.1.x before 5.1.41 allows local users to bypass certain ...)
	{DSA-1997-1}
	- mysql-5.1 5.1.43-1
	- mysql-dfsg-5.0 <removed>
CVE-2009-4029 (The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, ...)
	- automake 1:1.4-p6-13.1
	[lenny] - automake <no-dsa> (Minor issue)
	- automake1.9 1.9.6+nogfdl-3.1
	[lenny] - automake1.9 <no-dsa> (Minor issue)
	- automake1.7 1.7.9-9.1
	[lenny] - automake1.7 <no-dsa> (Minor issue)
	- automake1.10 1:1.10.3-1
	[lenny] - automake1.10 <no-dsa> (Minor issue)
	NOTE: spu will be released to avoid spreading the bug even further
	NOTE: http://lists.gnu.org/archive/html/automake/2009-12/msg00012.html
CVE-2009-4028 (The vio_verify_callback function in viosslfactories.c in MySQL 5.0.x ...)
	- mysql-5.1 <not-affected> (Vulnerable code not present)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present)
	NOTE: built with --without-openssl
CVE-2009-4027 (Race condition in the mac80211 subsystem in the Linux kernel before ...)
	{DSA-1996-1 DTSA-204-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.26)
	- linux-2.6.24 <not-affected> (introduced in 2.6.26)
CVE-2009-4026 (The mac80211 subsystem in the Linux kernel before ...)
	{DTSA-204-1}
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.30)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.30)
	- linux-2.6.24 <not-affected> (introduced in 2.6.30)
CVE-2009-4025 (Argument injection vulnerability in the traceroute function in ...)
	NOT-FOR-US: Net_Traceroute PEAR module
CVE-2009-4024 (Argument injection vulnerability in the ping function in Ping.php in ...)
	{DSA-1949-1}
	- php-net-ping 2.4.2-1.1 (medium)
	NOTE: fix applied by upstream is incomplete, reported to oss-sec
CVE-2009-4111 (Argument injection vulnerability in Mail/sendmail.php in the Mail ...)
	{DSA-1938-1}
	- php-mail 1.1.14-2 (medium; bug #557121)
	[lenny] - php-mail  1.1.14-1+lenny1
	[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4023 (Argument injection vulnerability in the sendmail implementation of the ...)
	{DSA-1938-1}
	- php-mail 1.1.14-2 (medium; bug #557121)
	[lenny] - php-mail  1.1.14-1+lenny1
	[etch] - php-mail 1.1.6-2+etch1
CVE-2009-4022 (Unspecified vulnerability in ISC BIND 9.0.x through 9.3.x, 9.4 before ...)
	{DSA-1961-1}
	- bind9 1:9.6.1.dfsg.P2-1 (medium)
	NOTE: https://www.isc.org/node/504
	NOTE: Only affects installations with trust anchors, but then the
	NOTE: consequences are quite severe.
CVE-2009-4020 (Stack-based buffer overflow in the hfs subsystem in the Linux kernel ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-3 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-4019 (mysqld in MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 does not ...)
	{DSA-1997-1}
	- mysql-5.1 5.1.41-1
	- mysql-dfsg-5.0 <removed>
	NOTE: http://web.archive.org/web/20140722233305/http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html
	NOTE: http://web.archive.org/web/20140723045533/http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html
	NOTE: http://bugs.mysql.com/47780
	NOTE: http://bugs.mysql.com/48291
CVE-2009-4018 (The proc_open function in ext/standard/proc_open.c in PHP before ...)
	- php5 5.2.11.dfsg.1-1 (unimportant)
	NOTE: safe_mode bypass
CVE-2005-4883 (Race condition in Philippe Jounin Tftpd32 before 2.80 allows remote ...)
	NOT-FOR-US: Tftpd32
CVE-2005-4882 (tftpd in Philippe Jounin Tftpd32 2.74 and earlier, as used in Wyse ...)
	NOT-FOR-US: Tftpd32
CVE-2009-4016 (Integer underflow in the clean_string function in irc_string.c in (1) ...)
	{DSA-1980-1}
	- ircd-ratbox 3.0.6.dfsg-1 (medium; bug #567191)
	- ircd-hybrid 1:7.2.2.dfsg.2-6.1 (medium; bug #567192)
	- oftc-hybrid 1.6.3.dfsg-1.1 (medium; bug #567193)
CVE-2009-4015 (Lintian 1.23.x through 1.23.28, 1.24.x through 1.24.2.1, and 2.x ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4014 (Multiple format string vulnerabilities in Lintian 1.23.x through ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4013 (Multiple directory traversal vulnerabilities in Lintian 1.23.x through ...)
	{DSA-1979-1}
	- lintian 2.3.2 (medium)
CVE-2009-4012 (Multiple integer overflows in LibThai before 0.1.13 might allow ...)
	{DSA-1971-1}
	- libthai 0.1.13-1
CVE-2009-4011 [dtc-xen race condition]
	RESERVED
	- dtc-xen 0.5.4-1
	[lenny] - dtc-xen <not-affected> (Only affects 0.5.x)
CVE-2009-4010 (Unspecified vulnerability in PowerDNS Recursor before 3.1.7.2 allows ...)
	{DSA-1968-2 DSA-1968-1}
	- pdns-recursor 3.1.7.2-1 (high)
CVE-2009-4009 (Buffer overflow in PowerDNS Recursor before 3.1.7.2 allows remote ...)
	{DSA-1968-1}
	- pdns-recursor 3.1.7.2-1 (high)
	[etch] - pdns-recursor <not-affected> (vulnerable code not present)
CVE-2009-4008 (Unbound before 1.4.4 does not send responses for signed zones after ...)
	{DSA-2243-1}
	- unbound 1.4.4-1 (low)
CVE-2009-4007 (Unspecified vulnerability in the NormaliseTrainConsist function in ...)
	- openttd 0.7.5-1
	[lenny] - openttd 0.6.2-1+lenny1
CVE-2009-4006 (Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft ...)
	NOT-FOR-US: Serv-U FTP server
CVE-2009-4005 (The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
CVE-2009-4003 (Multiple integer overflows in Adobe Shockwave Player before 11.5.6.606 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4002 (Heap-based buffer overflow in Adobe Shockwave Player before 11.5.6.606 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-4001 (Integer overflow in XnView before 1.97.2 might allow remote attackers ...)
	NOT-FOR-US: XnView
CVE-2009-4000 (Directory traversal vulnerability in goform/formExportDataLogs in HP ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-3999 (Stack-based buffer overflow in goform/formExportDataLogs in HP Power ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-3998
	RESERVED
CVE-2009-3997 (Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in ...)
	NOT-FOR-US: winamp
CVE-2009-3996 (Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder ...)
	{DSA-2071-1}
	- libmikmod 3.1.11-6.2 (bug #575742)
	- pysol-sound-server <removed> (unimportant)
	NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files
CVE-2009-3995 (Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module ...)
	{DSA-2081-1 DSA-2071-1}
	- libmikmod 3.1.11-6.2 (bug #575742)
	- pysol-sound-server <removed> (unimportant)
	NOTE: pysol-sound-server embeds a mikmod copy, but only reads to local files
CVE-2009-3994 (Stack-based buffer overflow in the GetUID function in ...)
	- devil 1.7.8-6 (low; bug #560080)
	[lenny] - devil <no-dsa> (Minor issue)
	[etch] - devil <no-dsa> (Minor issue)
CVE-2009-3993
	REJECTED
CVE-2009-3992
	REJECTED
CVE-2009-3991
	REJECTED
CVE-2009-3990
	REJECTED
CVE-2009-3989 (Bugzilla before 3.0.11, 3.2.x before 3.2.6, 3.4.x before 3.4.5, and ...)
	- bugzilla 3.4.7.0-1 (unimportant)
	NOTE: http://www.bugzilla.org/security/3.0.10/
CVE-2009-3988 (Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
CVE-2009-3987 (The GeckoActiveXObject function in Mozilla Firefox before 3.0.16 and ...)
	- xulrunner <not-affected> (Windows-specific vulnerability)
CVE-2009-3986 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3985 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3984 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3983 (Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, and SeaMonkey ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3982 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	- xulrunner 1.9.1.6-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3981 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1
	NOTE: Only affects Firefox 3
CVE-2009-3980 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner 1.9.1.6-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3979 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-1956-1}
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3978 (The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp ...)
	- xulrunner 1.9.1.5-1 (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-3977 (Multiple buffer overflows in a certain ActiveX control in ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3976 (Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to ...)
	NOT-FOR-US: Labtam ProFTP
CVE-2009-3975 (SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and ...)
	NOT-FOR-US: Moa Gallery
CVE-2009-3974 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB or ...)
	NOT-FOR-US: Invision Power Board
CVE-2009-3973 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2009-3972 (SQL injection vulnerability in the Q-Proje Siirler Bileseni ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3971 (SQL injection vulnerability in the jTips (com_jtips) component 1.0.7 ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3970 (SQL injection vulnerability in index.php in PHP Dir Submit (aka ...)
	NOT-FOR-US: PHP Dir Submit
CVE-2009-3969 (Stack-based buffer overflow in Faslo Player 7.0 allows remote ...)
	NOT-FOR-US: Faslo Player
CVE-2009-3968 (Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote ...)
	NOT-FOR-US: ITechBids
CVE-2009-3967 (SQL injection vulnerability in browse.php in Ed Charkow SuperCharged ...)
	NOT-FOR-US: Ed Charkow SuperCharged Linking
CVE-2009-3966 (Arcade Trade Script 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Arcade Trade Script
CVE-2009-3965 (SQL injection vulnerability in rating.php in New 5 star Rating 1.0 ...)
	NOT-FOR-US: New 5 star Rating
CVE-2009-3964 (SQL injection vulnerability in the NinjaMonials (com_ninjacentral) ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3898 (Directory traversal vulnerability in ...)
	- nginx 0.7.63-1 (low; bug #557389)
	[etch] - nginx <no-dsa> (upload rights required)
	[lenny] - nginx <no-dsa> (upload rights required)
CVE-2009-3897 (Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of ...)
	- dovecot 1:1.2.8-1 (medium; bug #557601)
	[lenny] - dovecot <not-affected> (Only affects 1.2.x)
	[etch] - dovecot <not-affected> (Only affects 1.2.x)
CVE-2009-4017 (PHP before 5.2.12 and 5.3.x before 5.3.1 does not restrict the number ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-2 (medium)
	- php4 <removed> (medium)
	NOTE: workarounds include using 5.3.1 or php5-suhosin
	NOTE: 4B068517.802@acunetix.com on bugtraq explains it
CVE-2009-3080 (Array index error in the gdth_read_event function in ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=690e744869f3262855b83b4fb59199cf142765b0
CVE-2009-4021 (The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.32-1 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=538734
CVE-2009-3963 (Multiple unspecified vulnerabilities in XOOPS before 2.4.0 Final have ...)
	NOT-FOR-US: XOOPS
CVE-2009-3962 (The management interface on the 2wire Gateway 1700HG, 1701HG, 1800HW, ...)
	NOT-FOR-US: 2wire Gateway
CVE-2009-3961 (SQL injection vulnerability in user.php in Super Serious Stats (aka ...)
	NOT-FOR-US: Super Serious Stats
CVE-2009-3960 (Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in ...)
	NOT-FOR-US: LiveCycle
CVE-2009-3959 (Integer overflow in the U3D implementation in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3958 (Multiple stack-based buffer overflows in the NOS Microsystems getPlus ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3957 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3956 (The default configuration of Adobe Reader and Acrobat 9.x before 9.3, ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3955 (Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3954 (The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3953 (The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x ...)
	NOT-FOR-US: Adobe Reader and Acrobat 8.0
CVE-2009-3952 (Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2009-3951 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Flash Player
CVE-2009-3950 (Multiple cross-site scripting (XSS) vulnerabilities in Bractus ...)
	NOT-FOR-US: Bractus SunTrack
CVE-2009-3949 (cp/profile.php in VivaPrograms Infinity 2.0.5 and earlier does not ...)
	NOT-FOR-US: VivaPrograms Infinity
CVE-2009-3948 (JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a ...)
	NOT-FOR-US: JetAudio
CVE-2009-3947 (Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows ...)
	NOT-FOR-US: Tandberg MXP F7.0
CVE-2009-3946 (Joomla! before 1.5.15 allows remote attackers to read an extension's ...)
	NOT-FOR-US: Joomla!
CVE-2009-3945 (Unspecified vulnerability in the Front-End Editor in the com_content ...)
	NOT-FOR-US: component in Joomla!
CVE-2009-3944 (Research In Motion (RIM) BlackBerry Browser on the BlackBerry 8800 ...)
	NOT-FOR-US: BlackBerry Browser on the BlackBerry 8800
CVE-2009-3943 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3942 (Martin Lambers msmtp before 1.4.19, when OpenSSL is used, does not ...)
	- msmtp <not-affected> (uses GnuTLS and not OpenSSL; bug #557324)
CVE-2009-3941 (Martin Lambers mpop before 1.0.19, when OpenSSL is used, does not ...)
	- mpop <not-affected> (uses GnuTLS and not OpenSSL; bug #557326)
CVE-2009-3940 (Unspecified vulnerability in Guest Additions in Sun xVM VirtualBox ...)
	- virtualbox-guest-additions 3.0.10-1
CVE-2009-3939 (The poll_mode_io file for the megaraid_sas driver in the Linux kernel ...)
	{DSA-1996-1}
	- linux-2.6 2.6.32-6 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <removed> (low)
CVE-2009-4004 (Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in ...)
	- linux-2.6 2.6.32-1 (medium)
	[etch] - linux-2.6 <not-affected> (kvm introduced in 2.6.25)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 <not-affected> (kvm introduced in 2.6.25)
	- kvm 88+dfsg-2 (medium; bug #557736)
	[lenny] - kvm <not-affected> (vulnerable code not present)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=a9e38c3e01ad242fe2a625354cf065c34b01e3aa
CVE-2009-3937 (Memory leak in Solaris TCP sockets in Sun OpenSolaris snv_106 through ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-3936 (Unspecified vulnerability in Citrix Online Plug-in for Windows 11.0.x ...)
	NOT-FOR-US: Citrix Online Plug-in
CVE-2009-3935 (Multiple unspecified vulnerabilities in the Advanced Management Module ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-3934 (The WebFrameLoaderClient::dispatchDidChangeLocationWithinPage function ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-3933 (WebKit before r50173, as used in Google Chrome before 3.0.195.32, ...)
	- webkit <not-affected> (chromium-specific issue in their timer)
	- qt4-x11 <not-affected> (chromium-specific issue in their timer)
	- kdelibs <not-affected> (chromium-specific issue in their timer)
	- kde4libs <not-affected> (chromium-specific issue in their timer)
	- chromium-browser <not-affected> (Only 0.x is affected)
CVE-2009-3932 (The Gears plugin in Google Chrome before 3.0.195.32 allows ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (gears is only implemented in chromium)
CVE-2009-3931 (Incomplete blacklist vulnerability in browser/download/download_exe.cc ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-3930 (Multiple integer overflows in Christos Zoulas file before 5.02 allow ...)
	- file 5.03-1
	[lenny] - file <not-affected>
	[etch] - file <not-affected>
CVE-2009-3929
	REJECTED
CVE-2009-3928
	REJECTED
CVE-2009-3927
	REJECTED
CVE-2009-3926
	REJECTED
CVE-2009-3925
	REJECTED
CVE-2009-XXXX [eglibc: ldd arbitrary code execution]
	- eglibc 2.10.1-7 (unimportant; bug #552518)
	- glibc 2.10.1-7 (unimportant; bug #552518)
CVE-2009-3924 (Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2009-3923 (The VirtualBox 2.0.8 and 2.0.10 web service in Sun Virtual Desktop ...)
	NOT-FOR-US: Sun Virtual Desktop Infrastructure
CVE-2009-3922 (Multiple cross-site request forgery (CSRF) vulnerabilities in the User ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3921 (The Smartqueue_og module 5.x before 5.x-1.3 and 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3920 (An administration page in the NGP COO/CWP Integration (crmngp) module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3919 (Cross-site scripting (XSS) vulnerability in the NGP COO/CWP ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3918 (Cross-site scripting (XSS) vulnerability in the Zoomify module 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3917 (Cross-site scripting (XSS) vulnerability in the S5 Presentation Player ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3916 (Cross-site scripting (XSS) vulnerability in the Node Hierarchy module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3915 (Cross-site scripting (XSS) vulnerability in the &quot;Separate title and ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3914 (Cross-site scripting (XSS) vulnerability in the Temporary Invitation ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3913 (SQL injection vulnerability in summary.php in Xerox Fiery Webtools ...)
	NOT-FOR-US: Xerox Fiery Webtools
CVE-2009-3912 (Directory traversal vulnerability in index.php in TFTgallery 0.13 ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3911 (Cross-site scripting (XSS) vulnerability in settings.php in TFTgallery ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3910
	RESERVED
CVE-2009-3909 (Integer overflow in the read_channel_data function in ...)
	- gimp 2.6.7-1.1 (medium; bug #556750)
	NOTE: http://secunia.com/secunia_research/2009-43/
CVE-2009-3908
	REJECTED
CVE-2009-3907
	REJECTED
CVE-2009-3906
	REJECTED
CVE-2009-3905 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...)
	NOT-FOR-US: e-Courier CMS
CVE-2009-3904 (classes/session/cc_admin_session.php in CubeCart 4.3.4 does not ...)
	NOT-FOR-US: CubeCart
CVE-2009-3903 (Multiple cross-site scripting (XSS) vulnerabilities in jspui/index.jsp ...)
	NOT-FOR-US: ManageEngine Netflow Analyzer 7.5 build 7500
CVE-2009-3902 (Directory traversal vulnerability in Cherokee Web Server 0.5.4 and ...)
	- cherokee <not-affected> (Only windows version is affected)
CVE-2009-3901 (Multiple cross-site scripting (XSS) vulnerabilities in e-Courier CMS ...)
	NOT-FOR-US: e-Courier CMS
CVE-2009-3900 (Unspecified vulnerability in the Cluster Management component in IBM ...)
	NOT-FOR-US: IBM PowerHA
CVE-2009-3899 (Memory leak in the Sockets Direct Protocol (SDP) driver in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3896 (src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through ...)
	{DSA-1920-1}
	- nginx 0.7.62-1
CVE-2009-3895 (Heap-based buffer overflow in the exif_entry_fix function (aka the tag ...)
	- libexif 0.6.19-1 (medium; bug #557137)
	[lenny] - libexif <not-affected> (Only 0.6.18 is affected)
	[etch] - libexif <not-affected> (Only 0.6.18 is affected)
CVE-2009-3894 (Multiple untrusted search path vulnerabilities in dstat before 0.7.0 ...)
	- dstat 0.7.0-1 (low; bug #557989)
	[lenny] - dstat <no-dsa> (Minor issue)
	[etch] - dstat <no-dsa> (Minor issue)
	NOTE: http://svn.rpmforge.net/svn/trunk/tools/dstat/ChangeLog
CVE-2009-3893
	RESERVED
CVE-2009-3891 (Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php in ...)
	- wordpress 2.8.6-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3890 (Unrestricted file upload vulnerability in the wp_check_filetype ...)
	- wordpress 2.8.6-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
CVE-2009-3889 (The dbg_lvl file for the megaraid_sas driver in the Linux kernel ...)
	{DSA-2005-1}
	- linux-2.6 2.6.27-1 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (low)
CVE-2009-3888 (The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before ...)
	- linux-2.6 <not-affected> (Vulnerable code not built)
	- linux-2.6.24 <not-affected> (Vulnerable code not built)
CVE-2009-3887 [ytnef path traversal]
	RESERVED
	- ytnef <removed> (bug #567631)
	[lenny] - ytnef <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
	NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3886 (The Java Web Start implementation in Sun Java SE 6 before Update 17 ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3885 (Sun Java SE 5.0 before Update 22 and 6 before Update 17 on Windows ...)
	- openjdk-6 <not-affected> (a problem in code that is unused on non-windows platforms)
	- sun-java6 <not-affected> (a problem in code that is unused on non-windows platforms)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=530114
CVE-2009-3884 (The TimeZone.getTimeZone method in Sun Java SE 5.0 before Update 22 ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3883 (Multiple unspecified vulnerabilities in the Windows Pluggable Look and ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3882 (Multiple unspecified vulnerabilities in the Swing implementation in ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3881 (Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3880 (The Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3879 (Multiple unspecified vulnerabilities in the (1) X11 and (2) ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3878 (Buffer overflow in Sun Java System Web Server 7.0 Update 6 has ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2009-3877 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3876 (Unspecified vulnerability in Sun Java SE in JDK and JRE 5.0 before ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3875 (The MessageDigest.isEqual function in Java Runtime Environment (JRE) ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3874 (Integer overflow in the JPEGImageReader implementation in the ImageI/O ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3873 (The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3872 (Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3871 (Heap-based buffer overflow in the setBytePixels function in the ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3869 (Stack-based buffer overflow in the setDiffICM function in the Abstract ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3868 (Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3867 (Stack-based buffer overflow in the HsbParser.getSoundBank function in ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3866 (The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3865 (The launch method in the Deployment Toolkit plugin in Java Runtime ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3864 (The Java Update functionality in Java Runtime Environment (JRE) in Sun ...)
	- openjdk-6 6b17 (unimportant)
	- sun-java6 6-17-1 (unimportant)
	NOTE: a problem in their updater, which is irrelevant since debian
	NOTE: updates are provided by the security team
CVE-2009-3863 (Buffer overflow in the gxmim1.dll ActiveX control in Novell Groupwise ...)
	NOT-FOR-US: ActiveX
CVE-2009-3862 (The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-3861 (Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and ...)
	NOT-FOR-US: SafeNet SoftRemote
CVE-2009-3860 (Multiple insecure method vulnerabilities in Idefense Labs COMRaider ...)
	NOT-FOR-US: Idefense Labs COMRaider
CVE-2009-3859 (Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in ...)
	NOT-FOR-US: Retina Network Security Scanner
CVE-2009-3858 (Cross-site scripting (XSS) vulnerability in GejoSoft allows remote ...)
	NOT-FOR-US: GejoSoft
CVE-2009-3857 (Buffer overflow in Softonic International SciTE 1.72 allows ...)
	NOT-FOR-US: Softonic International SciTE
CVE-2009-3856 (Cross-site scripting (XSS) vulnerability in the default URI in news/ ...)
	NOT-FOR-US: Twilight CMS
CVE-2009-3855 (Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3854 (Buffer overflow in the traditional client scheduler in the client in ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3853 (Stack-based buffer overflow in the client acceptor daemon (CAD) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-3852 (Unspecified vulnerability in the XML component in IBM Runtimes for ...)
	NOT-FOR-US: IBM Runtimes for Java Technology 5.0.0
CVE-2009-3851 (Trusted Extensions in Sun Solaris 10 interferes with the operation of ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-3850 (Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to ...)
	- blender <unfixed> (unimportant)
	NOTE: attack vector is social engineering to get the user to open
	NOTE: a malicious .blend file. by design, blend files support
	NOTE: all python operations, so ultimately any code can be executed
CVE-2009-3849 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3848 (Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3847 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3846 (Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3845 (The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-3844 (Stack-based buffer overflow in the OmniInet process in HP OpenView ...)
	NOT-FOR-US: HP OpenView Data Protector Application
CVE-2009-3843 (HP Operations Manager 8.10 on Windows contains a &quot;hidden account&quot; in ...)
	NOT-FOR-US: HP Operations Manager
CVE-2009-3842 (Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction ...)
	NOT-FOR-US: HP Color LaserJet
CVE-2009-3841 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping
CVE-2009-3840 (The embedded database engine service (aka ovdbrun.exe) in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2009-3839 (Unspecified vulnerability in the Solaris Trusted Extensions Policy ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3838 (Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly ...)
	NOT-FOR-US: Pegasus Mail
CVE-2009-3837 (Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 ...)
	NOT-FOR-US: Eureka Email
CVE-2009-3836 (ArubaOS 3.3.1.x, 3.3.2.x, RN 3.1.x, 3.4.x, and 3.3.2.x-FIPS on the ...)
	NOT-FOR-US: ArubaOS
CVE-2009-3835 (SQL injection vulnerability in the JShop (com_jshop) component for ...)
	NOT-FOR-US: Joomla
CVE-2009-3834 (SQL injection vulnerability in the Photoblog (com_photoblog) component ...)
	NOT-FOR-US: Joomla
CVE-2009-3833 (Cross-site scripting (XSS) vulnerability in index.php in TFTgallery ...)
	NOT-FOR-US: TFTgallery
CVE-2009-3832 (Opera before 10.01 on Windows does not prevent use of Web fonts in ...)
	NOT-FOR-US: Opera
CVE-2009-3831 (Opera before 10.01 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2009-3830 (The download functionality in Team Services in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2009-3829 (Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows ...)
	{DSA-1942-1}
	- wireshark 1.2.2-1 (bug #553583)
CVE-2009-3828 (The web interface for Everfocus EDR1600 DVR allows remote attackers to ...)
	NOT-FOR-US: Everfocus EDR1600 DVR
CVE-2009-3827
	RESERVED
CVE-2009-3826 (Multiple buffer overflows in squidGuard 1.4 allow remote attackers to ...)
	{DSA-2040-1}
	- squidguard 1.2.0-9 (low; bug #553319)
CVE-2009-3825 (Multiple directory traversal vulnerabilities in GenCMS 2006 allow ...)
	NOT-FOR-US: GenCMS
CVE-2009-3824 (Directory traversal vulnerability in include/processor.php in ...)
	NOT-FOR-US: Greenwood PHP Content Manager
CVE-2009-3823 (Directory traversal vulnerability in myhtml.php in Mobilelib GOLD 3.0, ...)
	NOT-FOR-US: Mobilelib GOLD
CVE-2009-3822 (PHP remote file inclusion vulnerability in Fiji Web Design Ajax Chat ...)
	NOT-FOR-US: com_ajaxchat component for Joomla
CVE-2009-3821 (Cross-site scripting (XSS) vulnerability in the Apache Solr Search ...)
	NOT-FOR-US: Apache Solr Search extension for TYPO3
CVE-2009-3820 (SQL injection vulnerability in the Flagbit Filebase (fb_filebase) ...)
	NOT-FOR-US: Flagbit Filebase extension for TYPO3
CVE-2009-3819 (Unspecified vulnerability in the Random Images (maag_randomimage) ...)
	NOT-FOR-US: Random Images extension for TYPO3
CVE-2009-3818 (Unspecified vulnerability in the session handling feature in freeCap ...)
	NOT-FOR-US: freeCap CAPTCHA for TYPO3
CVE-2009-3817 (PHP remote file inclusion vulnerability in doc/releasenote.php in the ...)
	NOT-FOR-US: com_booklibrary component for Joomla!
CVE-2009-3816 (Multiple cross-site scripting (XSS) vulnerabilities in Activities ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2009-3815 (RunCMS 2M1, when running with certain error_reporting levels, allows ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3814 (Static code injection vulnerability in RunCMS 2M1 allows remote ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3813 (Multiple SQL injection vulnerabilities in RunCMS 2M1 allow remote ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3812 (Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio ...)
	NOT-FOR-US: OtsAV products
CVE-2009-3811 (Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows ...)
	NOT-FOR-US: Music Tag Editor
CVE-2009-3810 (Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows ...)
	NOT-FOR-US: Acoustica MP3 Audio Mixer
CVE-2009-3809 (Acoustica MP3 Audio Mixer 1.0 and possibly 2.471 allows remote ...)
	NOT-FOR-US: Acoustica MP3 Audio Mixer
CVE-2009-3808 (MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MixSense DJ Studio
CVE-2009-3807 (Stack-based buffer overflow in MixVibes 7.043 Pro allows remote ...)
	NOT-FOR-US: MixVibes
CVE-2009-3806 (SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows ...)
	NOT-FOR-US: DedeCMS
CVE-2009-3805 (gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows ...)
	NOT-FOR-US: Gpg4win
	NOTE: looks like an issue in gpg2 for windows (gpg4win.org), not specific
	NOTE: to kleopatra
CVE-2009-3804 (Multiple SQL injection vulnerabilities in modules/forum/post.php in ...)
	NOT-FOR-US: RunCMS 2M1
CVE-2009-3803 (Multiple cross-site scripting (XSS) vulnerabilities in Amiro.CMS ...)
	NOT-FOR-US: Amiro.CMS
CVE-2009-3802 (Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Amiro.CMS
CVE-2009-3801 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-XXXX [multiple missing input sanity checks in KDE]
	- kdelibs 4:3.5.10.dfsg.1-3 (low)
	- kde4libs 4:4.3.4-1 (low)
	[lenny] - kde4libs <no-dsa> (Minor issue)
	[lenny] - kdelibs <no-dsa> (minor and unlikely to be exploited)
	[etch] - kdelibs <no-dsa> (minor and unlikely to be exploited)
	NOTE: http://www.ocert.org/advisories/ocert-2009-015.html
	NOTE: https://www.portcullis-security.com/security-research-and-downloads/security-advisories/pre-2014-advisories/
	NOTE: advisory mentions kmail and ark (from kdepim and kdeutils, respectively)
	NOTE: but the "fixes" linked from the advisory only change code in kdelibs
	NOTE: more info at oss-sec threads
CVE-2009-3800 (Multiple unspecified vulnerabilities in Adobe Flash Player before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3799 (Integer overflow in the Verifier::parseExceptionHandlers function in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3798 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3797 (Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3796 (Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3795
	REJECTED
CVE-2009-3794 (Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3793 (Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-3792 (Directory traversal vulnerability in Adobe Flash Media Server (FMS) ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3791 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-3790 (Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation ...)
	NOT-FOR-US: FormMax
CVE-2009-3789 (Multiple cross-site scripting (XSS) vulnerabilities in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-3788 (SQL injection vulnerability in index.php in OpenDocMan 1.2.5 allows ...)
	NOT-FOR-US: OpenDocMan
CVE-2009-3787 (files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct ...)
	NOT-FOR-US: Vivvo CMS
CVE-2009-3786 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3785 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3784 (Open redirect vulnerability in Simplenews Statistics 6.x before ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3783 (Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3782 (Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3781 (The filefield_file_download function in FileField 6.x-3.1, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3780 (Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3779 (Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3778 (SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, ...)
	NOT-FOR-US: module for Drupal
CVE-2009-5045 [multiple vulnerabilities in jetty]
	RESERVED
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5046 [multiple vulnerabilities in jetty]
	RESERVED
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5047 [multiple vulnerabilities in jetty]
	RESERVED
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5048 [multiple vulnerabilities in jetty]
	RESERVED
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-5049 [multiple vulnerabilities in jetty]
	RESERVED
	- jetty 6.1.22-1 (unimportant; bug #553644)
	NOTE: http://www.ush.it/team/ush/hack-jetty6x7x/jetty-adv.txt
	NOTE: The affected apps are not shipped in the package, see #553644
CVE-2009-XXXX [cherokee 0.5.4 DoS]
	- cherokee <not-affected> (not reproducible)
	NOTE: <4089.110.37.64.157.1256562313.squirrel@mail.xc0re.net> in bugtraq
	NOTE: not reproducible in etch's 0.5.5 nor sid's 0.99.22-1.1
CVE-2009-3777
	RESERVED
CVE-2009-3776
	RESERVED
CVE-2009-3775
	RESERVED
CVE-2009-3774
	RESERVED
CVE-2009-3773
	RESERVED
CVE-2009-3772
	RESERVED
CVE-2009-3771
	RESERVED
CVE-2009-3770
	RESERVED
CVE-2009-3769
	RESERVED
CVE-2009-3768
	RESERVED
CVE-2009-3767 (libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other ...)
	{DSA-1943-1}
	- openldap 2.4.17-2.1 (low; bug #553432)
	- openldap2.3 <removed>
CVE-2009-3766 (mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when ...)
	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
	NOTE: our mutt is linked against gnutls, bug #553433
CVE-2009-3765 (mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not ...)
	- mutt <not-affected> (uses GnuTLS and not OpenSSL)
	NOTE: our mutt is linked against gnutls
CVE-2009-3764 (Unspecified vulnerability in the OpenSSO component in Oracle OpenSSO ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3763 (Unspecified vulnerability in the Access Manager / OpenSSO component in ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3762 (Unspecified vulnerability in Oracle OpenSSO Enterprise 8.0 allows ...)
	NOT-FOR-US: Oracle OpenSSO
CVE-2009-3761
	RESERVED
CVE-2009-3760 (Static code injection vulnerability in config/writeconfig.php in the ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3759 (Multiple cross-site request forgery (CSRF) vulnerabilities in sample ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3758 (SQL injection vulnerability in login.php in sample code in the ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3757 (Multiple cross-site scripting (XSS) vulnerabilities in sample code in ...)
	NOT-FOR-US: Citrix XenCenterWeb
CVE-2009-3756 (phpBMS 0.96 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: phpBMS
CVE-2009-3755 (Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 ...)
	NOT-FOR-US: phpBMS
CVE-2009-3754 (Multiple SQL injection vulnerabilities in phpBMS 0.96 allow remote ...)
	NOT-FOR-US: phpBMS
CVE-2009-3753 (Unrestricted file upload vulnerability in Opial 1.0 allows remote ...)
	NOT-FOR-US: Opial
CVE-2009-3752 (SQL injection vulnerability in home.php in Opial 1.0 allows remote ...)
	NOT-FOR-US: Opial
CVE-2009-3751 (Cross-site scripting (XSS) vulnerability in home.php in Opial 1.0 ...)
	NOT-FOR-US: Opial
CVE-2009-3750 (SQL injection vulnerability in read.php in ToyLog 0.1 allows remote ...)
	NOT-FOR-US: ToyLog
CVE-2009-3749 (The Web Administrator service (STEMWADM.EXE) in Websense Personal ...)
	NOT-FOR-US: Websense Personal Email Manager
CVE-2009-3748 (Multiple cross-site scripting (XSS) vulnerabilities in the Web ...)
	NOT-FOR-US: Websense Personal Email Manager
CVE-2009-3747 (Cross-site scripting (XSS) vulnerability in index.php in TBmnetCMS 1.0 ...)
	NOT-FOR-US: TBmnetCMS
CVE-2009-3746 (XScreenSaver in Sun Solaris 10, when the accessibility feature is ...)
	NOT-FOR-US: XScreenSaver in Sun Solaris 10
CVE-2009-3745 (Cross-site scripting (XSS) vulnerability in the help pages in IBM ...)
	NOT-FOR-US: IBM Rational AppScan Enterprise Edition
CVE-2009-3744 (rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote ...)
	NOT-FOR-US: EMC RepliStor
CVE-2009-3743 (Off-by-one error in the Ins_MINDEX function in the TrueType bytecode ...)
	- ghostscript 8.71~dfsg-1
CVE-2009-3742 (Cross-site scripting (XSS) vulnerability in Liferay Portal before ...)
	- liferay-portal <itp> (bug #569819)
CVE-2009-3741
	REJECTED
CVE-2009-3740
	RESERVED
CVE-2009-3739 (Multiple unspecified vulnerabilities on the Rockwell Automation AB ...)
	NOT-FOR-US: Micrologix
CVE-2009-3738
	RESERVED
CVE-2009-3737 (The Oracle Siebel Option Pack for IE ActiveX control does not properly ...)
	NOT-FOR-US: Oracle Siebel Option Pack
CVE-2009-3736 (ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as ...)
	{DSA-1958-1}
	- libtool 2.2.6b-1 (low; bug #559797)
	- arts <not-affected> (Uses absolute path to the sound backend)
	- bochs <not-affected> (additional hardening in this package prevents this type of attack; bug #559799)
	- camserv <removed> (low; bug #559800)
	NOTE: requested camserv removal
	[lenny] - camserv <no-dsa> (Minor issue)
	[etch] - camserv <no-dsa> (Minor issue)
	- collectd 4.8.2-1 (low; bug #559801)
	[lenny] - collectd <no-dsa> (Minor issue)
	[etch] - collectd <no-dsa> (Minor issue)
	- cvsnt 2.5.04.3236-1.2 (low; bug #559803)
	[etch] - cvsnt <no-dsa> (Minor issue)
	[lenny] - cvsnt <no-dsa> (Minor issue)
	- ggobi 2.1.9~20091212-1 (low; bug #559806)
	[etch] - ggobi <no-dsa> (Minor issue)
	[lenny] - ggobi <no-dsa> (Minor issue)
	- gnash 0.8.7-2 (low; bug #559808)
	[lenny] - gnash <no-dsa> (Minor issue)
	- gnu-smalltalk 3.1-2 (low; bug #559809)
	[lenny] - gnu-smalltalk <no-dsa> (Minor issue)
	[etch] - gnu-smalltalk <no-dsa> (Minor issue)
	- graphicsmagick 1.3.5-6 (low; bug #559811)
	[lenny] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
	[etch] - graphicsmagick <no-dsa> (Minor issue, can be fixed along with later updates)
	- guile-1.6 1.6.8-7 (low; bug #559813)
	[etch] - guile-1.6 <no-dsa> (Minor issue)
	[lenny] - guile-1.6 <no-dsa> (Minor issue)
	- hamlib 1.2.10-1 (low; bug #559814)
	[lenny] - hamlib 1.2.7.1-1+lenny1
	[etch] - hamlib <no-dsa> (Minor issue)
	- hercules 3.06-1.2 (low; bug #559815)
	[lenny] - hercules <no-dsa> (Minor issue)
	[etch] - hercules <no-dsa> (Minor issue)
	- jags 1.0.4-1 (low; bug #559816)
	- kdelibs <not-affected> (dl_open open loads from fixed paths)
	- libannodex <removed> (low; bug #559818)
	[lenny] - libannodex <no-dsa> (Minor issue)
	[etch] - libannodex <no-dsa> (Minor issue)
	- libextractor 0.5.23+dfsg-4 (low; bug #559819)
	[etch] - libextractor <no-dsa> (Minor issue)
	[lenny] - libextractor <no-dsa> (Minor issue)
	- libmcrypt <not-affected> (not included in any of the binary packages; bug #559820)
	- libtunepimp 0.5.3-7.3 (low; bug #559821)
	[lenny] - libtunepimp <no-dsa> (Minor issue)
	[etch] - libtunepimp <no-dsa> (Minor issue)
	- mp4h 1.3.1-4.1 (low; bug #559822)
	[etch] - mp4h <no-dsa> (Minor issue)
	[lenny] - mp4h <no-dsa> (Minor issue)
	- naim <removed> (low; bug #559823)
	[lenny] - naim <no-dsa> (Minor issue)
	[etch] - naim <no-dsa> (Minor issue)
	- parser-mysql 10.3-2 (unimportant; bug #559824)
	- pinball 0.3.1-11 (low; bug #559825)
	[lenny] - pinball <no-dsa> (Minor issue)
	[etch] - pinball <no-dsa> (Minor issue)
	- redland 1.0.10-1 (low; bug #559826)
	[etch] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
	[lenny] - redland <not-affected> (Versions prior to 1.0.9 don't use libtool/libltdl)
	- siproxd 1:0.8.1-1 (low; bug #559827)
	[lenny] - siproxd <no-dsa> (Minor issue)
	[etch] - siproxd <no-dsa> (Minor issue)
	- ski <removed> (low; bug #559828)
	- synfig 0.62.00-1 (low; bug #559829)
	[lenny] - synfig <no-dsa> (Minor issue)
	- xmlsec1 1.2.14-1 (unimportant; bug #559831)
	NOTE: Embedded code copy isn't used
	- clamav 0.95+dfsg-1 (low; bug #559832)
	[lenny] - clamav <no-dsa> (Minor issue)
	[etch] - clamav <no-dsa> (Minor issue)
	- imagemagick 6:6.2.3.1-1 (low; bug #559833)
	[lenny] - imagemagick <no-dsa> (Minor issue)
	[etch] - imagemagick <no-dsa> (Minor issue)
	- hypre 2.4.0b-5 (low; bug #559834)
	[etch] - hypre <no-dsa> (Minor issue)
	[lenny] - hypre <no-dsa> (Minor issue)
	- lam 7.1.2-1.6 (low; bug #559835)
	[lenny] - lam <no-dsa> (Minor issue)
	[etch] - lam <no-dsa> (Minor issue)
	- openmpi 1.3.3-4 (low; bug #559836)
	[lenny] - openmpi <no-dsa> (Minor issue)
	[etch] - openmpi <no-dsa> (Minor issue)
	- parser 3.4.0-2 (unimportant; bug #559837)
	NOTE: users with write access can modify configuration to load new extensions, see #559837
	- pdsh <not-affected> (Only loads from /usr/lib/pdsh, which is controlled by root)
	- sdcc 2.9.0-5 (low; bug #559840)
	[lenny] - sdcc <no-dsa> (Minor issue)
	[etch] - sdcc <no-dsa> (Minor issue)
	- proftpd-dfsg <not-affected> (Only loads from /usr/lib/proftpd)
	- babel 1.4.0.dfsg-5 (low; bug #559843)
	[lenny] - babel <no-dsa> (Minor issue)
	- libprelude 0.9.14-2 (low; bug #559844)
	[etch] - libprelude <no-dsa> (Minor issue)
	- heartbeat 2.1.4-7 (unimportant; bug #559845)
	NOTE: the dlopened path is always below /usr/lib/heartbeat, which isn't under control of an attacker
	NOTE: From Squeeze onwards the system copy of ltdl is used, use the current version from Squeeze,
	NOTE: might've been fixed earlier
	- graphviz 2.26.3-14 (low; bug #702436)
	[squeeze] - graphviz 2.26.3-5+squeeze1
CVE-2009-3735 (The ActiveScan Installer ActiveX control in as2stubie.dll before ...)
	NOT-FOR-US: ActiveScan Installer ActiveX control
CVE-2009-3734 (Unspecified vulnerability in the management console in the S2 Security ...)
	NOT-FOR-US: S2 Security Linear eMerge Access Control System
CVE-2009-XXXX [mandos 0600 file being included in initrd]
	- mandos 1.0.13-1 (bug #551907)
CVE-2009-3733 (Directory traversal vulnerability in VMware Server 1.x before 1.0.10 ...)
	- vmware-package <removed>
CVE-2009-3732 (Format string vulnerability in vmware-vmrc.exe build 158248 in VMware ...)
	NOT-FOR-US: VMware
CVE-2009-3731 (Multiple cross-site scripting (XSS) vulnerabilities in WebWorks Help ...)
	NOT-FOR-US: WebWorks Help
CVE-2009-3730 (Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help ...)
	NOT-FOR-US: ReqWeb
CVE-2009-3729 (Unspecified vulnerability in the TrueType font parsing functionality ...)
	- openjdk-6 6b17-1.7-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3728 (Directory traversal vulnerability in the ICC_Profile.getInstance ...)
	- openjdk-6 6b17~pre3-1 (medium; bug #560908)
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-3727 (Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.3, ...)
	{DSA-1952-1}
	- asterisk 1:1.6.2.0~rc6-1
	[lenny] - asterisk <no-dsa> (Minor issue)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3726 (The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client ...)
	{DSA-2005-1 DSA-2003-1}
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed> (medium)
CVE-2009-3725 (The connector layer in the Linux kernel before 2.6.31.5 does not ...)
	{DSA-2012-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <removed> (medium)
CVE-2009-3724
	RESERVED
	NOT-FOR-US: python-markdown2 (not our markdown, different code base)
CVE-2009-3723 [Unauthorized calls allowed on prohibited networks in asterisk]
	RESERVED
	[etch] - asterisk <not-affected>
	[lenny] - asterisk <not-affected>
	- asterisk 1:1.6.2.0~rc3-2 (medium; bug #552756)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-007.html
CVE-2009-3722 (The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in ...)
	{DSA-1962-1}
	[etch] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
	[lenny] - linux-2.6 <not-affected> (issue introduced in 2.6.30-rc1)
	- linux-2.6 2.6.31-1 (low)
	- kvm 88+dfsg-2 (low; bug #557739)
	NOTE: http://bugzilla.redhat.com/531660
	NOTE: https://git.kernel.org/linus/0a79b009525b160081d75cef5dbf45817956acf2
CVE-2009-3721 [ytnef buffer overflow]
	RESERVED
	- ytnef <removed> (bug #567631)
	[lenny] - ytnef <no-dsa> (Minor issue)
	NOTE: http://www.ocert.org/advisories/ocert-2009-013.html
	NOTE: This doesn't affect Evolution, the TNEF plugin is external
CVE-2009-3720 (The updatePosition function in lib/xmltok_impl.c in libexpat in Expat ...)
	{DSA-1977-1 DSA-1921-1}
	- expat 2.0.1-5 (low; bug #551936)
	- mcabber 0.10.0-1 (low; bug #601053)
	[lenny] - mcabber <no-dsa> (Minor issue)
	- w3c-libwww <removed> (low; bug #551938)
	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
	- python-xml <removed> (low; bug #560951)
	[etch] - python-xml <no-dsa> (minor issue)
	[lenny] - python-xml 0.8.4-10.1+lenny1
	- python2.5 2.5.4-3.1 (low; bug #560912)
	- python2.4 2.4.4-3etch3 (low; bug #560913)
	- python-4suite 1.0.2-7.2 (low; bug #560914)
	[etch] - python-4suite <no-dsa> (Minor issue)
	[lenny] - python-4suite <no-dsa> (Minor issue)
	- wxwindows2.4 <removed> (unimportant; bug #560915)
	- wxwidgets2.6 2.6.3.2.2-4 (unimportant; bug #560916)
	- wxwidgets2.8 2.8.10.1-2 (unimportant; bug #560917)
	- audacity 1.3.2-1 (unimportant; bug #560919)
	- matanza <unfixed> (unimportant; bug #560920)
	- tdom 0.8.3~20080525-1 (low; bug #560921)
	[etch] - tdom <no-dsa> (minor issue)
	- udunits 2.1.8-4 (unimportant; bug #560922)
	- ayttm 0.6.1-2 (low; bug #560924)
	[etch] - ayttm <no-dsa> (minor issue)
	[lenny] - ayttm <no-dsa> (minor issue)
	- cableswig <removed> (unimportant; bug #560925)
	- cadaver <unfixed> (unimportant; bug #560926)
	- centerim 4.22.10-1 (low)
	[lenny] - centerim <no-dsa> (Minor issue)
	- cmake 2.6.0-6 (unimportant; bug #560927)
	- coin3 <unfixed> (unimportant; bug #560928)
	- gdcm 2.0.14-2 (low; bug #560929)
	- ghostscript 8.71~dfsg-2 (unimportant; bug #560930)
	- gs-gpl <removed> (unimportant)
	- grmonitor <removed> (unimportant; bug #560931)
	- iceape <removed> (unimportant; bug #560932)
	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
	- paraview 3.6.2-1 (unimportant; bug #560935)
	- poco 1.3.6p1-1 (unimportant; bug #560936)
	- simgear 2.10.0-1 (unimportant; bug #560937)
	- smart 1.2-5 (low; bug #560953)
	[etch] - smart <no-dsa> (minor issue)
	[lenny] - smart <no-dsa> (minor issue)
	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
	[lenny] - tla 1.3.5+dfsg-14+lenny1
	- xmlrpc-c 1.06.27-1.1 (low; bug #560942)
	[etch] - xmlrpc-c <no-dsa> (minor issue)
	[lenny] - xmlrpc-c <no-dsa> (minor issue)
	- iceweasel <not-affected> (uses xulrunner; bug #560943)
	- kompozer 1:0.8~b1-2 (unimportant; bug #560944)
	- vxl 1.13.0-2 (low; bug #560945)
	- xulrunner <unfixed> (unimportant; bug #560946)
	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
	- vnc4 <not-affected> (Not affected, see bug #560949)
	- xotcl 1.6.5-1.2 (low; bug #560950)
	[lenny] - xotcl <no-dsa> (minor issue)
CVE-2009-3719 (Cross-site scripting (XSS) vulnerability in comment.asp in Battle Blog ...)
	NOT-FOR-US: Battle Blog
CVE-2009-3718 (SQL injection vulnerability in admin/authenticate.asp in Battle Blog ...)
	NOT-FOR-US: Battle Blog
CVE-2009-3717 (Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote ...)
	NOT-FOR-US: LucVil PatPlayer
CVE-2009-3716 (Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3715 (Multiple SQL injection vulnerabilities in scr_login.php in MCshoutbox ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3714 (Cross-site scripting (XSS) vulnerability in admin_login.php in ...)
	NOT-FOR-US: MCshoutbox
CVE-2009-3713 (SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and ...)
	NOT-FOR-US: MorcegoCMS
CVE-2009-3712 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-3711 (Stack-based buffer overflow in the h_handlepeer function in http.cpp ...)
	NOT-FOR-US: httpdx
CVE-2009-3710 (RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username ...)
	NOT-FOR-US: RioRey RIOS
CVE-2009-3709 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...)
	NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3708 (Stack-based buffer overflow in the Meta Content Optimizer in Konae ...)
	NOT-FOR-US: Konae Technologies Alleycode HTML Editor
CVE-2009-3707 (VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware ...)
	NOT-FOR-US: VMware
CVE-2009-3706 (Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and ...)
	NOT-FOR-US: ZFS filesystem in Sun Solaris
CVE-2009-3705 (PHP remote file inclusion vulnerability in debugger.php in Achievo ...)
	NOT-FOR-US: Achievo
CVE-2009-3704 (ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, ...)
	NOT-FOR-US: ZoIPer
CVE-2009-3703 (Multiple SQL injection vulnerabilities in the WP-Forum plugin before ...)
	NOT-FOR-US: WordPress plugin
CVE-2009-3702 (Multiple absolute path traversal vulnerabilities in PHP-Calendar 1.1 ...)
	NOT-FOR-US: PHP-Calendar
CVE-2009-3701 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	{DSA-1966-1}
	- horde3 3.3.6+debian0-1 (low)
	NOTE: In order to successfully exploit this vulnerability the targeted user has to be logged as an administrator.
CVE-2009-3700 (Buffer overflow in sgLog.c in squidGuard 1.3 and 1.4 allows remote ...)
	{DSA-2040-1}
	- squidguard 1.2.0-9 (low; bug #553319)
CVE-2009-3699 (Stack-based buffer overflow in libcsa.a (aka the calendar daemon ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3698 (An unspecified function in the Dalvik API in Android 1.5 and earlier ...)
	NOT-FOR-US: Dalvik API in Android
CVE-2009-3697 (SQL injection vulnerability in the PDF schema generator functionality ...)
	{DSA-1918-1}
	- phpmyadmin 4:3.2.2.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-3696 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.11.x before ...)
	{DSA-1918-1}
	- phpmyadmin 4:3.2.2.1-1
CVE-2009-3610
	REJECTED
CVE-2009-3695 (Algorithmic complexity vulnerability in the forms library in Django ...)
	{DSA-1905-1}
	- python-django 1.1.1-1 (medium; bug #550457)
	[etch] - python-django <not-affected> (introduced in 1.0)
	[lenny] - python-django 1.0.2-1+lenny2
CVE-2009-3694 (Directory traversal vulnerability in config/config.php in ezRecipe-Zee ...)
	NOT-FOR-US: ezRecipe-Zee 91
CVE-2009-3693 (Directory traversal vulnerability in the Persits.XUpload.2 ActiveX ...)
	NOT-FOR-US: Persits.XUpload.2 ActiveX
CVE-2009-3691 (Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM ...)
	NOT-FOR-US: IBM Informix Client SDK
CVE-2009-3690
	RESERVED
CVE-2009-3689
	REJECTED
CVE-2009-3688
	REJECTED
CVE-2009-3687
	REJECTED
CVE-2009-3686
	REJECTED
CVE-2009-3685
	REJECTED
CVE-2009-3684
	REJECTED
CVE-2009-3683
	REJECTED
CVE-2009-3682
	REJECTED
CVE-2009-3681
	REJECTED
CVE-2009-3680
	REJECTED
CVE-2009-3679
	REJECTED
CVE-2009-3678 (Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-3677 (The Internet Authentication Service (IAS) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Internet Authentication Service
CVE-2009-3676 (The SMB client in the kernel in Microsoft Windows Server 2008 R2 and ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2009-3675 (LSASS.exe in the Local Security Authority Subsystem Service (LSASS) in ...)
	NOT-FOR-US: Microsoft Local Security Authority Subsystem Service
CVE-2009-3674 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3673 (Microsoft Internet Explorer 7 and 8 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3672 (Microsoft Internet Explorer 6 and 7 does not properly handle objects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3671 (Microsoft Internet Explorer 8 does not properly handle objects in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3670 (Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 ...)
	NOT-FOR-US: KSP Sound Player
CVE-2009-3669 (SQL injection vulnerability in the foobla Suggestions ...)
	NOT-FOR-US: Joomla! component
CVE-2009-3668 (Cross-site scripting (XSS) vulnerability in ardguest.php in Ardguest ...)
	NOT-FOR-US: Ardguest 1.8
CVE-2009-3667 (SQL injection vulnerability in admin/index.php in AdsDX 3.05 allows ...)
	NOT-FOR-US: AdsDX
CVE-2009-3666 (Cross-site scripting (XSS) vulnerability in index.php in Nullam Blog ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3665 (Multiple SQL injection vulnerabilities in index.php in Nullam Blog ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3664 (Multiple directory traversal vulnerabilities in index.php in Nullam ...)
	NOT-FOR-US: Nullam Blog
CVE-2009-3663 (Format string vulnerability in the h_readrequest function in http.c in ...)
	NOT-FOR-US: httpdx
CVE-2009-3662 (FileCopa FTP Server 5.01 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FileCopa FTP Server
CVE-2009-3661 (Multiple SQL injection vulnerabilities in the DJ-Catalog ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3660 (PHP remote file inclusion vulnerability in libraries/database.php in ...)
	NOT-FOR-US: Efront
CVE-2009-3659 (SQL injection vulnerability in file/stats.php in BS Counter 2.5.3 ...)
	NOT-FOR-US: BS Counter
CVE-2009-3658 (Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control ...)
	NOT-FOR-US: Sb.SuperBuddy.1 ActiveX
CVE-2009-3657 (Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3656 (Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3655 (Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers ...)
	NOT-FOR-US: Rhino Software Serv-U
CVE-2009-3654 (Unspecified vulnerability in Boost before 6.x-1.03, a module for ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3653 (Cross-site scripting (XSS) vulnerability in the additional links ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3652 (Cross-site scripting (XSS) vulnerability in Organic Groups (OG) ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3651 (Cross-site scripting (XSS) vulnerability in the &quot;Monitor browsers' ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3650 (Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3649 (Cross-site scripting (XSS) vulnerability in forums/index.php in Power ...)
	NOT-FOR-US: PBBoard
CVE-2009-3648 (Cross-site scripting (XSS) vulnerability in Service Links 6.x-1.0, a ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3647 (Cross-site scripting (XSS) vulnerability in emaullinks.php in YABSoft ...)
	NOT-FOR-US: YABSoft Mega File Hosting Script (aka MFH or MFHS)
CVE-2009-3646 (InterVations NaviCOPA Web Server 3.01 allows remote attackers to ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2009-3645 (SQL injection vulnerability in the JoomlaCache CB Resume Builder ...)
	NOT-FOR-US: JoomlaCache
CVE-2009-3644 (SQL injection vulnerability in the Soundset (com_soundset) component ...)
	NOT-FOR-US: Joomla component
CVE-2009-3643 (Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to ...)
	NOT-FOR-US: Dxmsoft XM Easy Personal FTP Server
CVE-2009-3642 (Multiple SQL injection vulnerabilities in the Call Logging feature in ...)
	NOT-FOR-US: FrontRange HEAT
CVE-2009-3641 (Snort before 2.8.5.1, when the -v option is enabled, allows remote ...)
	- snort 2.8.5.2-1 (unimportant; bug #553584)
	NOTE: current debian packages are not compiled with support for ipv6
CVE-2009-3640 (The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM ...)
	- linux-2.6 2.6.31-1 (medium)
	[lenny] - linux-2.6 <not-affected> (introduced post 2.6.27)
	[etch] - linux-2.6 <not-affected> (introduced post 2.6.27)
	- linux-2.6.24 <not-affected> (introduced post 2.6.27)
	- kvm 88+dfsg-2 (medium; bug #557737)
	[lenny] - kvm <not-affected> (Vulnerable code not present)
CVE-2009-3639 (The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before ...)
	{DSA-1925-1}
	- proftpd-dfsg 1.3.2a-2 (low)
	NOTE: http://bugs.proftpd.org/show_bug.cgi?id=3275
CVE-2009-3638 (Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in ...)
	{DSA-1962-1 DSA-1927-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
	NOTE: fixed in upstream 2.6.32-rc4
	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
	- kvm <removed> (medium; bug #562076)
CVE-2009-3637 (Stack-based buffer overflow in the M_AddToServerList function in ...)
	- alien-arena 7.33-1 (medium; bug #552038)
	[lenny] - alien-arena 7.0-1+lenny1
CVE-2009-3636 (Cross-site scripting (XSS) vulnerability in the Install Tool ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3635 (The Install Tool subcomponent in TYPO3 4.0.13 and earlier, 4.1.x ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3634 (Cross-site scripting (XSS) vulnerability in the Frontend Login Box ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3633 (Cross-site scripting (XSS) vulnerability in the ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3632 (SQL injection vulnerability in the traditional frontend editing ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3631 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3630 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3629 (Multiple cross-site scripting (XSS) vulnerabilities in the Backend ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3628 (The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before ...)
	{DSA-1926-1}
	- typo3-src 4.2.10-1 (medium; bug #552020)
CVE-2009-3627 (The decode_entities function in util.c in HTML-Parser before 3.63 ...)
	{DSA-1923-1}
	- libhtml-parser-perl 3.64-1 (bug #552531)
	NOTE: http://secunia.com/advisories/37155/
CVE-2009-3626 (Perl 5.10.1 allows context-dependent attackers to cause a denial of ...)
	- perl 5.10.1-6 (bug #552291)
	[lenny] - perl <not-affected> (Vulnerable code not present)
	[etch] - perl <not-affected> (Vulnerable code not present)
CVE-2009-3625 (Directory traversal vulnerability in www/index.php in Sahana 0.6.2.2 ...)
	- sahana <itp> (bug #497414)
CVE-2009-3624 (The get_instantiation_keyring function in security/keys/keyctl.c in ...)
	- linux-2.6 2.6.31-2 (low)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
	NOTE: fixed upstream in 2.6.32-rc5
CVE-2009-3623 (The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 ...)
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2009-3622 (Algorithmic complexity vulnerability in wp-trackback.php in WordPress ...)
	- wordpress 2.8.5-1
	[lenny] - wordpress 2.5.1-11+lenny3
	[etch] - wordpress 2.0.10-1etch6
	NOTE: http://seclists.org/fulldisclosure/2009/Oct/263
CVE-2009-3621 (net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3620 (The ATI Rage 128 (aka r128) driver in the Linux kernel before ...)
	{DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.32-1 (medium)
	- linux-2.6.24 <removed> (medium)
	NOTE: https://git.kernel.org/linus/7dc482dfeeeefcfd000d4271c4626937406756d7
CVE-2009-3619 (Unspecified vulnerability in ViewVC 1.0 before 1.0.9 and 1.1 before ...)
	- viewvc 1.0.9-1 (low; bug #545779; bug #560903)
CVE-2009-3618 (Cross-site scripting (XSS) vulnerability in viewvc.py in ViewVC 1.0 ...)
	- viewvc 1.0.9-1 (low; bug #545779; bug #560903)
CVE-2009-3617 (Format string vulnerability in the AbstractCommand::onAbort function ...)
	- aria2 1.6.2-1 (low)
	[lenny] - aria2 <not-affected> (Vulnerable code not present)
	[etch] - aria2 <not-affected> (Vulnerable code not present)
CVE-2009-3616 (Multiple use-after-free vulnerabilities in vnc.c in the VNC server in ...)
	- qemu 0.11.0-1 (medium; bug #553589)
	[lenny] - qemu <not-affected> (Vulnerable code not present)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm <removed> (medium; bug #553590)
	[lenny] - kvm <not-affected> (Vulnerable code not present)
CVE-2009-3615 (The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and ...)
	{DSA-1932-1}
	- pidgin 2.6.3-1
	NOTE: http://pidgin.im/news/security/?id=41
CVE-2009-3614 [oping suid 0 arbitrary file disclosure]
	RESERVED
	- liboping 1.3.3-1 (low; bug #548684)
	[lenny] - liboping <not-affected> (doesn't have -f option yet)
	[etch] - liboping <not-affected> (doesn't have -f option yet)
CVE-2009-3613 (The swiotlb functionality in the r8169 driver in drivers/net/r8169.c ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.29-1 (medium)
	- linux-2.6.24 <removed>
	NOTE: http://www.openwall.com/lists/oss-security/2009/10/15/4
CVE-2009-3612 (The tcf_fill_node function in net/sched/cls_api.c in the netlink ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3611 (common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes ...)
	- backintime 0.9.26-3 (bug #543785)
CVE-2009-3609 (Integer overflow in the ImageStream::ImageStream function in Stream.cc ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3608 (Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3607 (Integer overflow in the create_surface_from_thumbnail_data function in ...)
	{DSA-1941-1}
	- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3606 (Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3605 (Multiple integer overflows in Poppler 0.10.5 and earlier allow remote ...)
	{DSA-1941-1}
	- poppler 0.12.2-1 (medium; bug #551289)
CVE-2009-3604 (The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3603 (Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf ...)
	{DSA-2050-1 DSA-2028-1 DSA-1941-1}
	- xpdf 3.02-2 (medium; bug #551287)
	- poppler 0.12.2-1 (medium; bug #551289)
	- kdegraphics 4:4.0 (medium; bug #551290)
	- swftools 0.9.2+ds1-2
CVE-2009-3591 (Dopewars 1.5.12 allows remote attackers to cause a denial of service ...)
	- dopewars 1.5.12-9 (low; bug #550913)
	[etch] - dopewars <no-dsa> (negligible issue)
	[lenny] - dopewars <no-dsa> (neglibigble issue)
CVE-2009-3589 (incron 0.5.5 does not initialize supplementary groups when running a ...)
	- incron 0.5.7-1
CVE-2009-3588 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2009-3587 (Unspecified vulnerability in the arclib component in the Anti-Virus ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2009-3586 (Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows ...)
	NOT-FOR-US: CoreHTTP
CVE-2009-3585 (Session fixation vulnerability in html/Elements/SetupSessionCookie in ...)
	{DSA-1944-1}
	- request-tracker3.4 <removed>
	- request-tracker3.6 3.6.9-2 (low)
CVE-2009-3584 (SQL-Ledger 2.8.24 does not set the secure flag for the session cookie ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3583 (Directory traversal vulnerability in the Preferences menu item in ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3582 (Multiple SQL injection vulnerabilities in the delete subroutine in ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3581 (Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3580 (Cross-site request forgery (CSRF) vulnerability in am.pl in SQL-Ledger ...)
	- sql-ledger <unfixed> (unimportant; bug #562639)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2009-3578 (Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya ...)
	NOT-FOR-US: Autodesk Maya
CVE-2009-3577 (Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 ...)
	NOT-FOR-US: Autodesk
CVE-2009-3576 (Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to ...)
	NOT-FOR-US: Autodesk Softimage
CVE-2009-3575 (Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, ...)
	{DSA-1957-1}
	- aria2 1.2.0-1 (low; bug #551070)
	[etch] - aria2 <not-affected> (Vulnerable code not present)
CVE-2009-3571 (Unspecified vulnerability in OpenOffice.org (OOo) has unknown impact ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3570 (Unspecified vulnerability in OpenOffice.org (OOo) has unspecified ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3569 (Stack-based buffer overflow in OpenOffice.org (OOo) allows remote ...)
	NOT-FOR-US: Unidentified exploit for OpenOffice, hasn't materialised in any form
CVE-2009-3568 (Comment RSS 5.x before 5.x-2.2 and 6.x before 6.x-2.2, a module for ...)
	NOT-FOR-US: module for Drupal
CVE-2009-3692 (Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in ...)
	- virtualbox-ose 3.0.8-dfsg-1
	[lenny] - virtualbox-ose <not-affected> (vulnerable code not present)
CVE-2009-3602 (Unbound before 1.3.4 does not properly verify signatures for NSEC3 ...)
	{DSA-1963-1}
	- unbound 1.3.4-1 (low)
	NOTE: http://unbound.net/pipermail/unbound-users/2009-October/000852.html
CVE-2009-3601 (Cross-site scripting (XSS) vulnerability in demo_page.php in Scriptsez ...)
	NOT-FOR-US: Scriptsez Ultimate Poll
CVE-2009-3600 (HUBScript 1.0 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: HUBScript
CVE-2009-3599 (Cross-site scripting (XSS) vulnerability in single_winner1.php in ...)
	NOT-FOR-US: HUBScript
CVE-2009-3598 (Cross-site scripting (XSS) vulnerability in survey_result.php in ...)
	NOT-FOR-US: eCardMAX FormXP
CVE-2009-3597 (Digitaldesign CMS 0.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Digitaldesign CMS
CVE-2009-3596 (JoxTechnology Ajox Poll does not properly restrict access to ...)
	NOT-FOR-US: JoxTechnology Ajox Poll
CVE-2009-3595 (SQL injection vulnerability in results.php in VS PANEL 7.5.5 allows ...)
	NOT-FOR-US: VS PANEL
CVE-2009-3594 (Cross-site scripting (XSS) vulnerability in bpost.php in BLOB Blog ...)
	NOT-FOR-US: BLOB Blog System
CVE-2009-3593 (Multiple cross-site scripting (XSS) vulnerabilities in Freelancers 1.0 ...)
	NOT-FOR-US: Freelancers
CVE-2009-3592 (Cross-site scripting (XSS) vulnerability in customer/home.php in ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2009-3590 (SQL injection vulnerability in showcat.php in VS PANEL 7.3.6 allows ...)
	NOT-FOR-US: VS PANEL
CVE-2009-3574 (Tuniac 090517c allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tuniac
CVE-2009-3573 (Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ...)
	NOT-FOR-US: ActiveX
CVE-2009-3572 (OpenBSD 4.4, 4.5, and 4.6, when running on an i386 kernel, does not ...)
	NOT-FOR-US: OpenBSD
CVE-2009-3567 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Kayako SupportSuite and eSupport
CVE-2009-3579 (Cross-site scripting (XSS) vulnerability in the CookieDump.java sample ...)
	- jetty <unfixed> (unimportant)
	NOTE: http://www.coresecurity.com/content/jetty-persistent-xss
	NOTE: only an example application
CVE-2009-3566 (McAfee IntruShield Network Security Manager (NSM) before 5.1.11.8.1 ...)
	NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3565 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: McAfee IntruShield Network Security Manager
CVE-2009-3564 (puppetmasterd in puppet 0.24.6 does not reset supplementary groups ...)
	- puppet 0.25.1-3 (low; bug #551073)
	[etch] - puppet <no-dsa> (minor issue)
	[lenny] - puppet <no-dsa> (minor issue)
CVE-2009-3563 (ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote ...)
	{DSA-1948-1}
	- ntp 1:4.2.4p8+dfsg-1 (medium; bug #560074)
CVE-2009-3562 (Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3561 (Directory traversal vulnerability in Xerver HTTP Server 4.32 allows ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3560 (The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, ...)
	{DSA-1977-1 DSA-1953-2 DSA-1953-1}
	- expat 2.0.1-6 (low; bug #560901)
	- mcabber 0.10.0-1 (low; bug #601053)
	[lenny] - mcabber <no-dsa> (Minor issue)
	- w3c-libwww <removed>
	[etch] - w3c-libwww <no-dsa> (Minor issue, only used by fringe apps)
	- python-xml <removed> (low; bug #560951)
	[etch] - python-xml <no-dsa> (minor issue)
	[lenny] - python-xml 0.8.4-10.1+lenny1
	- python2.5 2.5.4-3.1 (low; bug #560912)
	- python2.4 2.4.4-3+etch3 (low; bug #560913)
	- python2.6 2.6.4-4
	- python-4suite 1.0.2-7.2 (low; bug #560914)
	[etch] - python-4suite <no-dsa> (Minor issue)
	[lenny] - python-4suite <no-dsa> (Minor issue)
	- wxwindows2.4 <removed> (unimportant; bug #560915)
	- wxwidgets2.6 2.6.3.2.2-4 (unimportant; bug #560916)
	- wxwidgets2.8 2.8.10.1-2 (unimportant; bug #560917)
	- audacity 1.3.2-1 (unimportant; bug #560919)
	- matanza <unfixed> (unimportant; bug #560920)
	- tdom 0.8.3~20080525-1 (low; bug #560921)
	[etch] - tdom <no-dsa> (minor issue)
	- udunits 2.1.8-4 (unimportant; bug #560922)
	- ayttm 0.6.1-2 (low; bug #560924)
	[etch] - ayttm <no-dsa> (minor issue)
	[lenny] - ayttm <no-dsa> (minor issue)
	- cableswig <removed> (unimportant; bug #560925)
	- cadaver <unfixed> (unimportant; bug #560926)
	- cmake 2.6.0-6 (unimportant; bug #560927)
	- coin3 <unfixed> (unimportant; bug #560928)
	- gdcm 2.0.14-2 (low; bug #560929)
	- ghostscript 8.71~dfsg-2 (unimportant; bug #560930)
	- gs-gpl <removed> (unimportant)
	- grmonitor <removed> (unimportant; bug #560931)
	- iceape <removed> (unimportant; bug #560932)
	- insighttoolkit 3.16.0-1 (unimportant; bug #560933)
	- paraview 3.6.2-1 (unimportant; bug #560935)
	- poco 1.3.6p1-1 (unimportant; bug #560936)
	- simgear 2.10.0-1 (unimportant; bug #560937)
	- smart 1.2-5.1 (low; bug #560953)
	[etch] - smart <no-dsa> (minor issue)
	[lenny] - smart <no-dsa> (minor issue)
	- tla 1.3.5+dfsg-15 (unimportant; bug #560940)
	[lenny] - tla 1.3.5+dfsg-14+lenny1
	- xmlrpc-c 1.06.27-1.1 (low; bug #560942)
	[etch] - xmlrpc-c <no-dsa> (minor issue)
	[lenny] - xmlrpc-c <no-dsa> (minor issue)
	- iceweasel <not-affected> (uses xulrunner; bug #560943)
	- kompozer 1:0.8~b1-2 (low; bug #560944)
	- vxl 1.13.0-2 (low; bug #560945)
	- xulrunner <unfixed> (unimportant; bug #560946)
	- texlive-bin <not-affected> (Files are not compiled in, see #560948)
	- vnc4 <not-affected> (Not affected, see bug #560949)
	- xotcl <not-affected> (Vulnerable code not present in embedded Expat copy)
CVE-2009-3559 (** DISPUTED ** ...)
	- php5 <removed> (unimportant)
	NOTE: safe_mode regression
CVE-2009-3558 (The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 ...)
	- php5 5.2.12.dfsg.1-1 (unimportant)
	NOTE: open_basedir bypass
CVE-2009-3557 (The tempnam function in ext/standard/file.c in PHP before 5.2.12 and ...)
	- php5 5.2.12.dfsg.1-1 (unimportant)
	NOTE: safe_mode bypass
CVE-2009-3556 (A certain Red Hat configuration step for the qla2xxx driver in the ...)
	- linux-2.6 <not-affected> (redhat-specific configuration issue)
	- linux-2.6.24 <not-affected> (redhat-specific configuration issue)
CVE-2009-3555 (The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as ...)
	{DSA-3253-1 DSA-2626-1 DSA-2141-2 DSA-2141-1 DSA-1934-1 DLA-400-1}
	- apache2 2.2.14-2
	- openssl 0.9.8k-6
	- nss 3.12.6-1
	- sun-java5 <removed>
	[lenny] - sun-java5 <no-dsa> (Minor issue)
	- sun-java6 6.19-1
	[lenny] - sun-java6 6-22-0lenny
	NOTE: Update 22 for Sun Java implemented the new RFC extension
	- openjdk-6 6b18-1.8.2-1
	- nginx 0.7.64-1
	- matrixssl 1.8.8-1
	[lenny] - matrixssl <no-dsa> (Fringe SSL implementation, can be fixed in spu)
	- tomcat-native 1.1.18-1
	[lenny] - tomcat-native <no-dsa> (Minor issue)
	- gnutls26 <not-affected> (safely handles renegotiation; however support for RFC 5746 would be useful)
	- polarssl 1.2.0-1 (bug #704946)
	- classpath <removed>
	- zorp 3.9.2-1
	[squeeze] - zorp <no-dsa> (Minor issue)
	[lenny] - zorp <no-dsa> (Minor issue)
	- lighttpd 1.4.30-1
	- pound 2.6-6.1 (bug #765649)
	[jessie] - pound <no-dsa> (Minor issue)
	NOTE: the anti_beast.patch in pound 2.6-2 has some provision for this issue too but it seems to be broken, cf #765649
	NOTE: for any of the currently unfixed implementations, you can solve the problem by disabling renegotiation
	NOTE: the following implement RFC 5746:
	NOTE: - openssl 0.9.8m-1
	NOTE: - apache 2.2.15-1
	NOTE: - nss 3.12.6-1
	NOTE: - sun-java6 6.19-1
CVE-2009-3554 (Twiddle in Red Hat JBoss Enterprise Application Platform (aka JBoss ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-3553 (Use-after-free vulnerability in the abstract file-descriptor handling ...)
	{DSA-2176-1}
	- cups 1.4.2-4 (low; bug #557740)
	[lenny] - cups <no-dsa> (Minor issue)
	- cupsys <not-affected> (vulnerable code introduced in 1.3.x)
	NOTE: http://www.cups.org/newsgroups.php/s1+gcups.bugs?s1+gcups.bugs+v4+T+Q3200
CVE-2009-3552
	RESERVED
	NOT-FOR-US: Red Hat Enterprise Virtualization Manager
CVE-2009-3551 (Off-by-one error in the dissect_negprot_response function in ...)
	- wireshark 1.2.3-1 (low; bug #553583)
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3550 (The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 ...)
	{DSA-1942-1}
	- wireshark 1.2.3-1 (low; bug #553583)
CVE-2009-3549 (packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through ...)
	- wireshark 1.2.3-1 (low; bug #553583)
	[lenny] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
	[etch] - wireshark <not-affected> (Only affects Wireshark 1.2.x)
CVE-2009-3548 (The Windows installer for Apache Tomcat 6.0.0 through 6.0.20, 5.5.0 ...)
	- tomcat6 <not-affected> (Windows only)
CVE-2009-3547 (Multiple race conditions in fs/pipe.c in the Linux kernel before ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-2 (high)
	- linux-2.6.24 <removed> (high)
CVE-2009-3546 (The _gdGetColors function in gd_gd.c in PHP 5.2.11 and 5.3.x before ...)
	{DSA-1936-1}
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.36~rc1~dfsg-3.1 (medium; bug #552534)
	- php5 <not-affected> (the php packages use the system libgd2)
	NOTE: http://svn.php.net/viewvc?view=revision&revision=289557
	NOTE: <20091015173822.084de220@redhat.com> in OSS-sec
CVE-2009-3545 (DataWizard Technologies FtpXQ FTP Server 3.0 allows remote ...)
	NOT-FOR-US: DataWizard Technologies FtpXQ FTP Server
CVE-2009-3544 (Xerver HTTP Server 4.32 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Xerver HTTP Server
CVE-2009-3527 (Race condition in the Pipe (IPC) close function in FreeBSD 6.3 and 6.4 ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-3526
	RESERVED
CVE-2011-1072 (The installer in PEAR before 1.9.2 allows local users to overwrite ...)
	{DSA-2408-1}
	- php5 5.3.6-1 (low; bug #546164)
CVE-2009-XXXX [kfreebsd: Devfs / VFS NULL pointer race condition]
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-9 (bug #549871)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-3543 (SQL injection vulnerability in _phenotype/admin/login.php in Phenotype ...)
	NOT-FOR-US: Phenotype CMS
CVE-2009-3542 (Directory traversal vulnerability in ls.php in LittleSite (aka LS or ...)
	NOT-FOR-US: LittleSite
CVE-2009-3541 (PHP remote file inclusion vulnerability in CoupleDB.php in ...)
	NOT-FOR-US: PHPGenealogy
CVE-2009-3540 (Cross-site scripting (XSS) vulnerability in listads.php in ...)
	NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
CVE-2009-3539 (Multiple cross-site scripting (XSS) vulnerabilities in YourFreeWorld ...)
	NOT-FOR-US: YourFreeWorld Ultra Classifieds Pro
CVE-2009-3538 (Directory traversal vulnerability in thumb.php in Clear Content 1.1 ...)
	NOT-FOR-US: Clear Content
CVE-2009-3537 (Multiple stack-based buffer overflows in EpicDJSoftware EpicDJ 1.3.9.1 ...)
	NOT-FOR-US: EpicDJSoftware EpicDJ
CVE-2009-3536 (Multiple stack-based buffer overflows in EpicDJSoftware EpicVJ 1.2.8.0 ...)
	NOT-FOR-US: EpicDJSoftware EpicVJ
CVE-2009-3535 (Directory traversal vulnerability in image.php in Clear Content 1.1 ...)
	NOT-FOR-US: Clear Content
CVE-2009-3534 (Directory traversal vulnerability in index.php in LionWiki 3.0.3, when ...)
	NOT-FOR-US: LionWiki
CVE-2009-3533 (SQL injection vulnerability in report.php in Meeting Room Booking ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2009-3532 (Multiple SQL injection vulnerabilities in login.asp (aka the login ...)
	NOT-FOR-US: LogRover
CVE-2009-3531 (SQL injection vulnerability in vnews.php in Universe CMS 1.0.6 allows ...)
	NOT-FOR-US: Universe CMS
CVE-2009-3530 (Cross-site scripting (XSS) vulnerability in storefront.php in ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2009-3529 (SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2009-3528 (SQL injection vulnerability in Profile.php in MyMsg 1.0.3 allows ...)
	NOT-FOR-US: MyMsg
CVE-2009-3525 (The pyGrub boot loader in Xen 3.0.3, 3.3.0, and Xen-3.3.1 does not ...)
	- xen-3 <unfixed> (unimportant)
	- xen-unstable <removed> (unimportant)
	NOTE: This is an enhancement, not a security issue.
	NOTE: A user must have access to a guest hard drive image in order to boot it,
	NOTE: so he can simply mount the drive and remove the password option.
CVE-2009-5041 [buffer overflow in overkill]
	RESERVED
	- overkill 0.16-14.1 (bug #549310; low)
	[lenny] - overkill <no-dsa> (Minor issue)
	[etch] - overkill <no-dsa> (Minor issue)
CVE-2009-3524 (Unspecified vulnerability in ashWsFtr.dll in avast! Home and ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3523 (aavmKer4.sys in avast! Home and Professional for Windows before ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3522 (Stack-based buffer overflow in aswMon2.sys in avast! Home and ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2009-3521 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WebSphere
CVE-2009-3520 (Cross-site request forgery (CSRF) vulnerability in the Your_account ...)
	NOT-FOR-US: CMSphp
CVE-2009-3519 (Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-3518 (Argument injection vulnerability in the iim: URI handler in IBMIM.exe ...)
	NOT-FOR-US: IBM Installation Manager
CVE-2009-3517 (nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3516 (gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not ...)
	NOT-FOR-US: IBM AIX
CVE-2009-3515 (Directory traversal vulnerability in dnet_admin/index.php in d.net CMS ...)
	NOT-FOR-US: d.net CMS
CVE-2009-3514 (Multiple SQL injection vulnerabilities in d.net CMS allow remote ...)
	NOT-FOR-US: d.net CMS
CVE-2009-3513 (Multiple cross-site scripting (XSS) vulnerabilities in Pilot Group ...)
	NOT-FOR-US: Pilot Group (PG) eTraining
CVE-2009-3512 (Multiple cross-site scripting (XSS) vulnerabilities in MyWeight 1.0 ...)
	NOT-FOR-US: MyWeight
CVE-2009-3511 (Multiple PHP remote file inclusion vulnerabilities in justVisual 1.2 ...)
	NOT-FOR-US: justVisual
CVE-2009-3510 (SQL injection vulnerability in viewListing.php in linkSpheric 0.74 ...)
	NOT-FOR-US: linkSpheric
CVE-2009-3509 (Cross-site scripting (XSS) vulnerability in admin/admin_index.php in ...)
	NOT-FOR-US: CJ Dynamic Poll PRO
CVE-2009-3508 (Multiple directory traversal vulnerabilities in MUJE CMS 1.0.4.34 ...)
	NOT-FOR-US: MUJE CMS
CVE-2009-3507 (Directory traversal vulnerability in modules.php in CMSphp 0.21 allows ...)
	NOT-FOR-US: CMSphp
CVE-2009-3506 (Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 ...)
	NOT-FOR-US: CMSphp
CVE-2009-3505 (SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG ...)
	NOT-FOR-US: Vastal I-Tech MMORPG Zone
CVE-2009-3504 (SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 ...)
	NOT-FOR-US: Alibaba Clone
CVE-2009-3503 (Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse ...)
	NOT-FOR-US: BPowerHouse BPHolidayLettings
CVE-2009-3502 (SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 ...)
	NOT-FOR-US: BPowerHouse BPMusic
CVE-2009-3501 (SQL injection vulnerability in students.php in BPowerHouse BPStudents ...)
	NOT-FOR-US: BPowerHouse BPStudents
CVE-2009-3500 (Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 ...)
	NOT-FOR-US: BPowerHouse BPGames
CVE-2009-3499 (SQL injection vulnerability in employee.aspx in BPowerHouse ...)
	NOT-FOR-US: BPowerHouse BPLawyerCaseDocuments
CVE-2009-3498 (SQL injection vulnerability in php/update_article_hits.php in HBcms ...)
	NOT-FOR-US: HBcms
CVE-2009-3497 (SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent ...)
	NOT-FOR-US: Vastal I-Tech Agent
CVE-2009-3496 (Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal ...)
	NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3495 (SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone ...)
	NOT-FOR-US: Vastal I-Tech DVD Zone
CVE-2009-3494 (Multiple SQL injection vulnerabilities in index.php in T-HTB Manager ...)
	NOT-FOR-US: T-HTB Manager
CVE-2009-3493 (Multiple cross-site scripting (XSS) vulnerabilities in Zenas ...)
	NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3492 (Multiple PHP remote file inclusion vulnerabilities in Loggix Project ...)
	NOT-FOR-US: Loggix Project
CVE-2009-3491 (SQL injection vulnerability in the Kinfusion SportFusion ...)
	NOT-FOR-US: Kinfusion SportFusion
CVE-2009-3490 (GNU Wget before 1.12 does not properly handle a '\0' character in a ...)
	{DSA-1904-1}
	- wget 1.12-1 (medium; bug #549293)
CVE-2009-3489 (Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 ...)
	NOT-FOR-US: Adobe Photoshop Elements
CVE-2009-3488 (Cross-site scripting (XSS) vulnerability in the Bibliography (aka ...)
	NOT-FOR-US: Drupal Bibliography Module
CVE-2009-3487 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3486 (Multiple cross-site scripting (XSS) vulnerabilities in the J-Web ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3485 (Cross-site scripting (XSS) vulnerability in the J-Web interface in ...)
	NOT-FOR-US: J-Web interface in Juniper JUNOS
CVE-2009-3484 (Stack-based buffer overflow in Core FTP 2.1 build 1612 allows ...)
	NOT-FOR-US: Core FTP
CVE-2009-3483 (Heap-based buffer overflow in the Create New Site feature in ...)
	NOT-FOR-US: CuteFTP
CVE-2009-3482 (TrustPort Antivirus before 2.8.0.2266 and PC Security before ...)
	NOT-FOR-US: TrustPort Antivirus and PC Security
CVE-2009-3481 (A certain interface in the iCRM Basic (com_icrmbasic) component ...)
	NOT-FOR-US: Joomla component
CVE-2009-3480 (SQL injection vulnerability in the iCRM Basic (com_icrmbasic) ...)
	NOT-FOR-US: Joomla component
CVE-2009-3479 (Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x ...)
	NOT-FOR-US: Bibliography
CVE-2009-3478 (Argument injection vulnerability in (1) ...)
	NOT-FOR-US: Bibliography
CVE-2009-3477 (The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before ...)
	NOT-FOR-US: Blackberry Browser in RIM BlackBerry Device Software
CVE-2009-3476 (Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml <removed>
	- opensaml2 2.2.1-1
	- shibboleth-sp <removed>
	- shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3475 (Internet2 Shibboleth Service Provider software 1.3.x before 1.3.3 and ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml <removed>
	- opensaml2 2.2.1-1
	- shibboleth-sp <removed>
	- shibboleth-sp2 2.2.1+dfsg-1
CVE-2009-3474 (OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by ...)
	{DSA-1895-2 DSA-1896-1 DSA-1895-1}
	- xmltooling 1.2.2-1
	- opensaml <removed>
	- opensaml2 2.2.1-1
	- shibboleth-sp <removed>
	- shibboleth-sp2 2.2.1+dfsg-1
	[lenny] - opensaml 1.1.1-2+lenny1
	[lenny] - opensaml2 2.0-2+lenny1
CVE-2009-3473 (IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3472 (IBM DB2 8 before FP18, 9.1 before FP8, and 9.5 before FP4 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3471 (IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before ...)
	NOT-FOR-US: IBM DB2
CVE-2009-3470 (IBM Informix Dynamic Server (IDS) 10.00 before 10.00.xC11, 11.10 ...)
	NOT-FOR-US: IBM Informix Dynamic Server (IDS)
CVE-2009-3469 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2009-3468 (Multiple unspecified vulnerabilities in Common Desktop Environment ...)
	NOT-FOR-US: Common Desktop Environment (CDE) in Sun Solaris
CVE-2009-3467 (Cross-site scripting (XSS) vulnerability in an unspecified method in ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-3466 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3465 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3464 (Adobe Shockwave Player before 11.5.2.602 allows remote attackers to ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3463 (Array index error in Adobe Shockwave Player before 11.5.2.602 allows ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-3462 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-3461 (Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows ...)
	NOT-FOR-US: Adobe
CVE-2009-3460 (Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x ...)
	NOT-FOR-US: Adobe
CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-3457 (Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) ...)
	NOT-FOR-US: Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF)
CVE-2009-3456 (Google Chrome, possibly 3.0.195.21 and earlier, does not properly ...)
	- chromium-browser <not-affected>
	- webkit <not-affected>
	NOTE: This was caused by a bug in NSS (CVE-2009-2408). chromium-browser uses libnss3
CVE-2009-3455 (Apple Safari, possibly before 4.0.3, on Mac OS X does not properly ...)
	NOT-FOR-US: Apple Safari
CVE-2009-3454
	REJECTED
CVE-2009-3453 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2009-3452 (WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-3451 (Directory traversal vulnerability in WebCoreModule.ashx in RADactive ...)
	NOT-FOR-US: RADactive
CVE-2009-3450 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-3449 (MP3 Collector 2.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MP3 Collector
CVE-2009-3448 (npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote ...)
	NOT-FOR-US: BakBone NetVault Backup
CVE-2009-3447 (Unrestricted file upload vulnerability in RADactive I-Load before ...)
	NOT-FOR-US: RADactive I-Load
CVE-2009-XXXX [xen-tools: world readable disk image files]
	- xen-tools 4.2~beta1-1 (low; bug #548909)
	[lenny] - xen-tools 3.9-4+lenny1
CVE-2009-3446 (SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) ...)
	NOT-FOR-US: com_mytube component for Joomla!
CVE-2009-3445 (Unspecified vulnerability in Code-Crafters Ability Mail Server before ...)
	NOT-FOR-US: Ability Mail Server
CVE-2009-3444 (Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 ...)
	NOT-FOR-US: e107
CVE-2009-3443 (SQL injection vulnerability in the Fastball (com_fastball) component ...)
	NOT-FOR-US: com_fastball component for Joomla!
CVE-2009-3442 (The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does ...)
	NOT-FOR-US: Nodewords module for Drupal
CVE-2009-3441 (Open Source Security Information Management (OSSIM) before 2.1.2 ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3440 (Cross-site scripting (XSS) vulnerability in Open Source Security ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3439 (Multiple SQL injection vulnerabilities in Open Source Security ...)
	NOT-FOR-US: Open Source Security Information Management
CVE-2009-3438 (SQL injection vulnerability in the JoomlaFacebook (com_facebook) ...)
	NOT-FOR-US: com_facebook component for Joomla!
CVE-2009-3437 (Cross-site scripting (XSS) vulnerability in the live preview feature ...)
	NOT-FOR-US: Markdown Preview module for Drupal
CVE-2009-3436 (Multiple SQL injection vulnerabilities in forum.asp in MaxWebPortal ...)
	NOT-FOR-US: MaxWebPortal
CVE-2009-3435 (Cross-site scripting (XSS) vulnerability in the variable editor in the ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2009-3434 (SQL injection vulnerability in the Tupinambis (com_tupinambis) ...)
	NOT-FOR-US: com_tupinambis for Mambo and Joomla!
CVE-2009-3433 (Unspecified vulnerability in clsetup in the configuration utility in ...)
	NOT-FOR-US: Sun Solaris Cluster
CVE-2009-3432 (Unspecified vulnerability in xscreensaver in Sun Solaris 10, and ...)
	NOT-FOR-US: Sun OpenSolaris xscreensaver
CVE-2009-3431 (Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2009-3892 (Cross-site scripting (XSS) vulnerability in Best Practical Solutions ...)
	- request-tracker3.8 3.8.5-1 (bug #546829)
	- request-tracker3.6 3.6.9-1 (bug #546778)
	[etch] - request-tracker3.6 <not-affected> (vulnerable code not present)
	[lenny] - request-tracker3.6 3.6.7-5+lenny2
	NOTE: CVE id requested
CVE-2009-3430 (SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows ...)
	NOT-FOR-US: Allomani Mobile
CVE-2009-3429 (Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 ...)
	NOT-FOR-US: Pirate Radio Destiny Media Player
CVE-2009-3428 (Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote ...)
	NOT-FOR-US: Easy Music Player
CVE-2009-3427 (Cross-site scripting (XSS) vulnerability in Kayako SupportSuite ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2009-3426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3425 (Directory traversal vulnerability in ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3424 (Multiple PHP remote file inclusion vulnerabilities in MaxCMS 3.11.20b, ...)
	NOT-FOR-US: MaxCMS
CVE-2009-3423 (login.php in Zenas PaoLink 1.0, when register_globals is enabled, ...)
	NOT-FOR-US: Zenas PaoLink
CVE-2009-3422 (login.php in Zenas PaoLiber 1.1, when register_globals is enabled, ...)
	NOT-FOR-US: Zenas PaoLiber
CVE-2009-3421 (login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is ...)
	NOT-FOR-US: Zenas PaoBacheca Guestbook
CVE-2009-3420 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Miniweb Publisher module
CVE-2009-3419 (SQL injection vulnerability in index.php in the Publisher module 2.0 ...)
	NOT-FOR-US: Miniweb Publisher module
CVE-2009-3418 (Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) ...)
	NOT-FOR-US: Plume CMS
CVE-2009-3417 (SQL injection vulnerability in the IDoBlog (com_idoblog) component 1.1 ...)
	NOT-FOR-US: IDoBlog component Joomla
CVE-2009-3416 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3415 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3414 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3413 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3412 (Unspecified vulnerability in the Unzip component in Oracle Database ...)
	NOT-FOR-US: Oracle Database and Oracle Application Server
CVE-2009-3411 (Unspecified vulnerability in the Oracle Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3410 (Unspecified vulnerability in the RDBMS component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-3409 (Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3408 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3407 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-3406 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3405 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3404 (Unspecified vulnerability in the PeopleSoft PeopleTools &amp; Enterprise ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-3403 (Unspecified vulnerability in the JRockit component in BEA Product ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3402 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3401 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3400 (Unspecified vulnerability in the Oracle Advanced Benefits component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3399 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3398
	REJECTED
CVE-2009-3397 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3396 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-3395 (Unspecified vulnerability in the AutoVue component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3394
	REJECTED
CVE-2009-3393 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-3392 (Unspecified vulnerability in the Agile Engineering Data Management ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-4193 (Merkaartor 0.14 allows local users to append data to arbitrary files ...)
	- merkaartor 0.14+svnfixes~20090912-2 (low; bug #548546)
	[lenny] - merkaartor <not-affected> (vulnerable code not present)
	NOTE: does not run as root so minor issue.
CVE-2009-XXXX [SA-CORE-2009-008]
	- drupal6 6.14-1 (bug #547140)
	[lenny] - drupal6 6.6-3lenny3
CVE-2009-3391
	RESERVED
CVE-2009-3390 (Multiple unspecified vulnerabilities in the (1) iscsiadm and (2) ...)
	NOT-FOR-US: iscsiadm and iscsitadm programs in Sun Solaris 10
CVE-2009-3389 (Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used ...)
	{DSA-2045-1}
	- libtheora 1.1 (bug #572950)
	[etch] - libtheora <not-affected> (vulnerable code not present)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3388 (liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before ...)
	- liboggplay 0.2.1~git20091227-1.1 (bug #575743)
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- xulrunner 1.9.1.6-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	[lenny] - xulrunner <not-affected> (Video playback capabilities were added in 3.5)
CVE-2009-3387 (Bugzilla 3.3.1 through 3.4.4, 3.5.1, and 3.5.2 does not allow group ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3386 (Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3385 (The mail component in Mozilla SeaMonkey before 1.1.19 does not ...)
	{DSA-1922-1}
	- xulrunner 1.9.0.15-1
	- iceweasel 3.5.11-2
	[lenny] - iceweasel <not-affected> (Iceweasel in Lenny links against xulrunner)
	- iceape 2.0-1
	[lenny] - iceape <not-affected> (stub package)
CVE-2009-3384 (Multiple unspecified vulnerabilities in WebKit in Apple Safari before ...)
	- webkit 1.1.17-2 (medium; bug #559759)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <not-affected> (vulnerable code not present)
	- kde4libs <not-affected> (vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/48725
CVE-2009-3383 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3382 (layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3381 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3380 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3379 (Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla ...)
	{DSA-1939-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.3-1 (medium)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
CVE-2009-3378 (The oggplay_data_handle_theora_frame function in ...)
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (ogg support added in firefox 3.5)
	[lenny] - xulrunner <not-affected> (ogg support added in firefox 3.5)
	- liboggplay 0.2.1~git20091120-1 (medium; bug #552743)
CVE-2009-3377 (Multiple unspecified vulnerabilities in liboggz before ...)
	- xulrunner 1.9.1.4-1
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5)
	- liboggz 0.9.9-1 (low)
	[lenny] - liboggz <no-dsa> (Too intrusive to backport, needs to be updated to 0.9.9. Requires additional rebuild of rev dep)
CVE-2009-3376 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3375 (content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
CVE-2009-3374 (The XPCVariant::VariantDataToJS function in the XPCOM implementation ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3373 (Heap-based buffer overflow in the GIF image parser in Mozilla Firefox ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.x)
CVE-2009-3372 (Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <no-dsa> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3371 (Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 ...)
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
	[lenny] - xulrunner <not-affected> (web workers introduced in firefox 3.5)
	- kompozer <unfixed> (unimportant; bug #555326)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-3370 (Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3368 (Cross-site scripting (XSS) vulnerability in the Hotel Booking ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3367 (Multiple cross-site scripting (XSS) vulnerabilities in An image ...)
	NOT-FOR-US: An image gallery 1.0
CVE-2009-3366 (Directory traversal vulnerability in navigation.php in An image ...)
	NOT-FOR-US: An image gallery 1.0
CVE-2009-3365 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Aurora CMS
CVE-2009-3364 (Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote ...)
	NOT-FOR-US: FTPShell Client
CVE-2009-3363 (Cross-site scripting (XSS) vulnerability in the BUEditor module 5.x ...)
	NOT-FOR-US: a module for Drupal
CVE-2009-3362 (PHP remote file inclusion vulnerability in printnews.php3 in SZNews ...)
	NOT-FOR-US: SZNews
CVE-2009-3361 (SQL injection vulnerability in index.php in PHP-IPNMonitor allows ...)
	NOT-FOR-US: PHP-IPNMonitor
CVE-2009-3360 (Multiple cross-site scripting (XSS) vulnerabilities in Datemill 1.0 ...)
	NOT-FOR-US: Datemill
CVE-2009-3359 (Multiple cross-site scripting (XSS) vulnerabilities in Match Agency ...)
	NOT-FOR-US: Match Agency BiZ
CVE-2009-3358 (SQL injection vulnerability in profile.php in Tourism Scripts Adult ...)
	NOT-FOR-US: Tourism Scripts Adult
CVE-2009-3357 (Multiple SQL injection vulnerabilities in the Hotel Booking ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3356 (SQL injection vulnerability in index.php in Image voting 1.0 allows ...)
	NOT-FOR-US: Image voting
CVE-2009-3355 (Cross-site scripting (XSS) vulnerability in profile.php in Datetopia ...)
	NOT-FOR-US: Datetopia Buy Dating Site
CVE-2009-3354 (Multiple unspecified vulnerabilities in the Rest API module for Drupal ...)
	NOT-FOR-US: Rest API module for Drupal
CVE-2009-3353 (Multiple unspecified vulnerabilities in the Node2Node module for ...)
	NOT-FOR-US: Node2Node module for Drupal
CVE-2009-3352 (Multiple unspecified vulnerabilities in the quota_by_role (Quota by ...)
	NOT-FOR-US: quota_by_role (Quota by role) module for Drupal
CVE-2009-3351 (Multiple unspecified vulnerabilities in the Node Browser module for ...)
	NOT-FOR-US: Node Browser module for Drupal
CVE-2009-3350 (Multiple unspecified vulnerabilities in the Subdomain Manager module ...)
	NOT-FOR-US: Subdomain Manager module for Drupal
CVE-2009-3349 (SQL injection vulnerability in Datavore Gyro 5.0 allows remote ...)
	NOT-FOR-US: Datavore Gyro
CVE-2009-3348 (Cross-site scripting (XSS) vulnerability in Datavore Gyro 5.0 allows ...)
	NOT-FOR-US: Datavore Gyro
CVE-2009-3347 (Buffer overflow on the D-Link DIR-400 wireless router allows remote ...)
	NOT-FOR-US: D-Link DIR-400 wireless router
CVE-2009-3346 (Unspecified vulnerability in SAP Crystal Reports Server 2008 allows ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3345 (Heap-based buffer overflow in SAP Crystal Reports Server 2008 has ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3344 (Unspecified vulnerability in SAP Crystal Reports Server 2008 on ...)
	NOT-FOR-US: SAP Crystal Reports Server
CVE-2009-3343 (SQL injection vulnerability in details.asp in HotWeb Rentals allows ...)
	NOT-FOR-US: HotWeb Rentals
CVE-2009-3342 (SQL injection vulnerability in frontend/assets/ajax/checkusername.php ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3341 (Buffer overflow on the Linksys WRT54GL wireless router allows remote ...)
	NOT-FOR-US: Linksys WRT54GL wireless router
CVE-2009-3340 (Unspecified vulnerability in FreeSSHD 1.2.4 allows remote attackers to ...)
	NOT-FOR-US: FreeSSHD
CVE-2009-3339 (Unspecified vulnerability in McAfee Email and Web Security Appliance ...)
	NOT-FOR-US: McAfee Email and Web Security Appliance
CVE-2009-3338 (Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b ...)
	NOT-FOR-US: Magic Morph
CVE-2009-3337 (SQL injection vulnerability in the Freetag (serendipity_event_freetag) ...)
	NOT-FOR-US: plugin for Serendipity
CVE-2009-3336 (SQL injection vulnerability in auction_details.php in PHP Pro Bid ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2009-3335 (SQL injection vulnerability in the TurtuShout component 0.11 for ...)
	NOT-FOR-US: TurtuShout component 0.11 for Joomla!
CVE-2009-3334 (SQL injection vulnerability in the Lhacky! Extensions Cave Joomla! ...)
	NOT-FOR-US: Lhacky! Extensions Cave Joomla!
CVE-2009-3333 (PHP remote file inclusion vulnerability in koesubmit.php in the ...)
	NOT-FOR-US: koeSubmit (com_koesubmit) component 1.0 for Mambo
CVE-2009-3332 (SQL injection vulnerability in the JBudgetsMagic (com_jbudgetsmagic) ...)
	NOT-FOR-US: BudgetsMagic (com_jbudgetsmagic) component for Joomla!
CVE-2009-3331 (Multiple PHP remote file inclusion vulnerabilities in DDL CMS 1.0 ...)
	NOT-FOR-US: DDL CMS
CVE-2009-3330 (SQL injection vulnerability in index.php in cP Creator 2.7.1, when ...)
	NOT-FOR-US: cP Creator
CVE-2009-3329 (Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted ...)
	NOT-FOR-US: Winplot
CVE-2009-3328 (Cross-site scripting (XSS) vulnerability in sign.php in WX-Guestbook ...)
	NOT-FOR-US: WX-Guestbook
CVE-2009-3327 (Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow ...)
	NOT-FOR-US: WX-Guestbook
CVE-2009-3326 (SQL injection vulnerability in index.php in CMScontrol Content ...)
	NOT-FOR-US: CMScontrol
CVE-2009-3325 (SQL injection vulnerability in the Focusplus Developments Survey ...)
	NOT-FOR-US: Survey Manager (com_surveymanager) component 1.5.0 for Joomla!
CVE-2009-3324 (PHP remote file inclusion vulnerability in include/prodler.class.php ...)
	NOT-FOR-US: ProdLer
CVE-2009-3323 (Multiple PHP remote file inclusion vulnerabilities in BAnner ROtation ...)
	NOT-FOR-US: BAnner ROtation System mini (BAROSmini)
CVE-2009-3322 (The Siemens Gigaset SE361 WLAN router allows remote attackers to cause ...)
	NOT-FOR-US: Siemens Gigaset SE361 WLAN router
CVE-2009-3321 (SQL injection vulnerability in SaphpLesson 4.3, when magic_quotes_gpc ...)
	NOT-FOR-US: SaphpLesson
CVE-2009-3320 (Cross-site scripting (XSS) vulnerability in scrivi.php in Zenas ...)
	NOT-FOR-US: Zenas PaoLink (aka Pao-Link)
CVE-2009-3319 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
	NOT-FOR-US: DCI-Designs Dawaween
CVE-2009-3318 (Directory traversal vulnerability in the Roland Breedveld Album ...)
	NOT-FOR-US: Roland Breedveld Album (com_album) component 1.14 for Joomla!
CVE-2009-3317 (PHP remote file inclusion vulnerability in pages/pageHeader.php in ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2009-3316 (SQL injection vulnerability in the JReservation (com_jreservation) ...)
	NOT-FOR-US: JReservation (com_jreservation) component 1.0 and 1.5 for Joomla!
CVE-2009-3315 (SQL injection vulnerability in admin/index.php in NeLogic Nephp ...)
	NOT-FOR-US: NeLogic Nephp Publisher Enterprise
CVE-2009-3314 (SQL injection vulnerability in ladders.php in Elite Gaming Ladders 3.2 ...)
	NOT-FOR-US: Elite Gaming Ladders
CVE-2009-3313 (Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote ...)
	NOT-FOR-US: FMyClone
CVE-2009-3312 (PHP remote file inclusion vulnerability in php/init.poll.php in ...)
	NOT-FOR-US: phpPollScript
CVE-2009-3311 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: RSSMediaScript
CVE-2009-3310 (SQL injection vulnerability in index.php in Zainu 1.0 allows remote ...)
	NOT-FOR-US: Zainu
CVE-2009-3309 (SQL injection vulnerability in index.cfm in CF ShopKart 5.4 beta ...)
	NOT-FOR-US: CF ShopKart
CVE-2009-3308 (SQL injection vulnerability in show-cat.php in FanUpdate 2.2.1 allows ...)
	NOT-FOR-US: FanUpdate
CVE-2009-3307 (Multiple PHP remote file inclusion vulnerabilities in FSphp 0.2.1 ...)
	NOT-FOR-US: FSphp
CVE-2009-3306 (PHP remote file inclusion vulnerability in include/header.php in ...)
	NOT-FOR-US: ClearSite
CVE-2009-3305 (Polipo 1.0.4, and possibly other versions, allows remote attackers to ...)
	{DSA-2002-1}
	- polipo 1.0.4-1.1 (low; bug #547047)
	[etch] - polipo <no-dsa> (Minor issue)
	[lenny] - polipo <no-dsa> (Minor issue)
CVE-2009-3304 (GForge 4.5.14, 4.7 rc2, and 4.8.2 allows local users to overwrite ...)
	{DSA-1945-1}
	- gforge  4.8.2-1
CVE-2009-3303 (Cross-site scripting (XSS) vulnerability in www/help/tracker.php in ...)
	{DSA-1937-1}
	- gforge 4.8.1-3 (low)
CVE-2009-3302 (filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-3301 (Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-3300 (Multiple cross-site scripting (XSS) vulnerabilities in the Identity ...)
	{DSA-1947-1}
	- shibboleth-sp2 2.3+dfsg-1 (medium; bug #555608)
	- shibboleth-sp <removed> (medium)
	- opensaml2 2.3-1 (medium)
	NOTE: xmltooling also needs to be updated, changed in sid in 1.3.1-1
CVE-2009-3299 (Cross-site scripting (XSS) vulnerability in the resume blocktype in ...)
	{DSA-1924-1}
	- mahara 1.1.7-1 (low)
	NOTE: http://mahara.org/interaction/forum/topic.php?id=1170
CVE-2009-3298 (Mahara before 1.0.13, and 1.1.x before 1.1.7, allows remote ...)
	{DSA-1924-1}
	- mahara 1.1.7-1 (low)
	NOTE: http://mahara.org/interaction/forum/topic.php?id=1169
CVE-2009-3297 [mount race conditions]
	REJECTED
CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow ...)
	{DSA-1912-2 DSA-1912-1}
	- camlimages 1:3.0.1-5 (low)
	- advi 1.6.0-15 (low; bug #551282)
CVE-2009-3295 (The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm ...)
	- krb5 1.7+dfsg-4 (medium)
	[lenny] - krb5 <not-affected> (code introduced in 1.7)
	[etch] - krb5 <not-affected> (code introduced in 1.7)
CVE-2009-3294 (The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and ...)
	- php5 <not-affected> (win32-specific)
CVE-2009-3293 (Unspecified vulnerability in the imagecolortransparent function in PHP ...)
	- php5 <not-affected> (the php packages use the system libgd2)
	- php4 <not-affected> (the php packages use the system libgd2)
	NOTE: the transparent colours functionality is only on php5's bundled libgd2
CVE-2009-3292 (Unspecified vulnerability in PHP before 5.2.11, and 5.3.x before ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low)
	NOTE: unknown impact, it is related to missing sanity checks
	NOTE: when determining the length of sections of jpg headers
	NOTE: a missing limit on the nesting level of TIFF files, and
	NOTE: missing EOF checks, possibly leading to NULL dereferences
	NOTE: experimental is likely to be affected (as of 5.3.0)
CVE-2009-3291 (The php_openssl_apply_verification_policy function in PHP before ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low)
	[lenny] - php5 <no-dsa> (rather unimportant)
	[etch] - php5 <no-dsa> (rather unimportant)
	NOTE: seems to be related to handling of \0 on CN
	NOTE: not worth a dsa on its own, php doesn't verify certificates by default
	NOTE: experimental is likely to be affected (as of 5.3.0)
CVE-2009-3289 (The g_file_copy function in glib 2.0 sets the permissions of a target ...)
	- glib2.0 2.22.0-1 (low)
	[lenny] - glib2.0 2.16.6-3
	[etch] - glib2.0 <no-dsa> (Minor issue)
CVE-2009-3287 (lib/thin/connection.rb in Thin web server before 1.2.4 relies on the ...)
	- thin 1.2.4-1 (low)
CVE-2009-3285
	RESERVED
CVE-2009-3284 (Directory traversal vulnerability in phpspot PHP BBS, PHP Image ...)
	NOT-FOR-US: phpspot Products
CVE-2009-3283 (Cross-site scripting (XSS) vulnerability in phpspot PHP BBS, PHP Image ...)
	NOT-FOR-US: phpspot Products
CVE-2009-3282 (Integer overflow in the vmx86 kernel extension in VMware Fusion before ...)
	NOT-FOR-US: VMware Fusion
CVE-2009-3281 (The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 ...)
	NOT-FOR-US: VMware Fusion
CVE-2009-3280 (Integer signedness error in the find_ie function in ...)
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <not-affected> (vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2009-3279 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3278 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639
CVE-2009-3277 (DataVault.Tesla/Impl/TypeSystem/AssociationHelper.cs in datavault ...)
	NOT-FOR-US: datavault
CVE-2009-3276 (Zoran/WinFormsAdvansed/RegeularDataToXML/Form1.cs in WinFormsAdvansed ...)
	NOT-FOR-US: NASD CORE.NET Terelik (aka corenet1)
CVE-2009-3275 (Blocks/Common/Src/Configuration/Manageability/Adm/AdmContentBuilder.cs ...)
	NOT-FOR-US: Microsoft patterns & practices Enterprise Library
CVE-2009-3274 (Mozilla Firefox 3.6a1, 3.5.3, 3.5.2, and earlier 3.5.x versions, and ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.4-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3273 (iPhone Mail in Apple iPhone OS, and iPhone OS for iPod touch, does not ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-3272 (Stack consumption vulnerability in WebKit.dll in WebKit in Apple ...)
	- qt4-x11 <unfixed> (unimportant)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <unfixed> (unimportant)
	NOTE: browser crashers are not considered security-relevant
CVE-2009-3271 (Apple Safari on iPhone OS 3.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple Safari on iPhone OS 3.0.1
CVE-2009-3290 (The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...)
	{DSA-1915-1 DSA-1907-1 DTSA-203-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.25)
	- linux-2.6.24 <not-affected> (introduced in 2.6.25)
	- kvm 85+dfsg-4.1 (high; bug #548975)
CVE-2009-3288 (The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel ...)
	- linux-2.6 2.6.31-1 (low)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-3286 (NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-3270 (Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2009-3269 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2009-3268 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	NOTE: browser denial of services not considered security-relevant
CVE-2009-3267 (Microsoft Internet Explorer 6 through 6.0.2900.2180, and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3266 (Opera before 10.01 does not properly restrict HTML in a (1) RSS or (2) ...)
	NOT-FOR-US: Opera
CVE-2009-3265 (Cross-site scripting (XSS) vulnerability in Opera 9 and 10 allows ...)
	NOT-FOR-US: Opera
CVE-2009-3264 (The getSVGDocument method in Google Chrome before 3.0.195.21 omits an ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-3263 (Cross-site scripting (XSS) vulnerability in Google Chrome 2.x and 3.x ...)
	- chromium-browser <not-affected> (Only 3.x is affected)
	- webkit <not-affected> (chrome-specific issue)
	NOTE: http://seclists.org/fulldisclosure/2009/Sep/201
	NOTE: other browsers are not affected (only chrome and opera)
CVE-2009-3262 (Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) ...)
	NOT-FOR-US: IBM Tivoli Identity Manager
CVE-2009-3261 (update/update_0.1.2_to_0.2.php in LiveStreet 0.2 does not require ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3260 (Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3259 (Multiple SQL injection vulnerabilities in RASH Quote Management System ...)
	NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3258 (vtiger CRM before 5.1.0 allows remote authenticated users, with ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3257 (vtiger CRM before 5.1.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3256 (Cross-site scripting (XSS) vulnerability in include/ajax/blogInfo.php ...)
	NOT-FOR-US: LiveStreet
CVE-2009-3255 (SQL injection vulnerability in RASH Quote Management System (RQMS) ...)
	NOT-FOR-US: RASH Quote Management System (RQMS)
CVE-2009-3254 (Multiple stack-based buffer overflows in Ultimate Player 1.56 beta ...)
	NOT-FOR-US: Ultimate Player
CVE-2009-3253 (Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 ...)
	NOT-FOR-US: TriceraSoft Swift Ultralite
CVE-2009-3252 (Multiple SQL injection vulnerabilities in news.php in Rock Band CMS ...)
	NOT-FOR-US: Rock Band CMS
CVE-2009-3251 (include/utils/ListViewUtils.php in vtiger CRM before 5.1.0 allows ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3250 (The saveForwardAttachments procedure in the Compose Mail functionality ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3249 (Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3248 (Cross-site request forgery (CSRF) vulnerability in the RSS module in ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3247 (Cross-site scripting (XSS) vulnerability in the Activities module in ...)
	NOT-FOR-US: vtiger CRM
CVE-2009-3246 (SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX ...)
	NOT-FOR-US: MyBuxScript PTC-BUX
CVE-2008-7246 (Google Chrome 0.2.149.29 and earlier allows remote attackers to cause ...)
	- chromium-browser <unfixed> (unimportant)
	NOTE: browser denial of services aren't considered security-relevant
CVE-2008-7245 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2008-7244 (Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: browser denial-of-services are unimportant
CVE-2009-3245 (OpenSSL before 0.9.8m does not check for a NULL return value from ...)
	- openssl 0.9.8m-1 (low; bug #575433)
	[lenny] - openssl 0.9.8g-15+lenny7
CVE-2009-3244 (Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe ...)
	NOT-FOR-US: Adobe ShockWave Player
CVE-2009-3243 (Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and ...)
	- wireshark <not-affected> (Windows-only issue)
CVE-2009-3242 (Unspecified vulnerability in packet.c in the GSM A RR dissector in ...)
	- wireshark 1.2.2-1 (low; bug #547704)
	[etch] - wireshark <not-affected> (Only affects 1.2.x)
	[lenny] - wireshark <not-affected> (Only affects 1.2.x)
CVE-2009-3241 (Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark ...)
	{DSA-1942-1}
	- wireshark 1.2.2-1 (low; bug #547704)
	[etch] - wireshark <not-affected> (Only affects >= 0.99.6)
	[lenny] - wireshark 1.0.2-3+lenny6
CVE-2009-3240 (Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section ...)
	NOT-FOR-US: module for XOOPS
CVE-2009-3239
	REJECTED
CVE-2009-3238 (The get_random_int function in drivers/char/random.c in the Linux ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.30-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-3237 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	{DSA-1966-1}
	- horde3 3.3.5+debian0-1 (low)
	[lenny] - horde3 3.2.2+debian0-2+lenny1
	NOTE: horde3 issue fixed in backport of latest DSA, DSA however did not fix etch
CVE-2009-3235 (Multiple stack-based buffer overflows in the Sieve plugin in Dovecot ...)
	{DSA-1893-1 DSA-1892-1}
	- cyrus-imapd-2.2 2.2.13-17 (medium; bug #547947)
	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
	- dovecot 1:1.2.1-1 (medium; bug #546656)
	NOTE: This is a different vulnerability than CVE-2009-2632, it covers a few additional buffer overflows
CVE-2009-3228 (The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem ...)
	{DSA-1929-1 DSA-1928-1 DSA-1927-1}
	- linux-2.6 2.6.31-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2005-4881 (The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and ...)
	- linux-2.6 2.6.13-1 (low)
	- linux-2.6.24 <not-affected> (fixed prior to first upload of 2.6.24)
CVE-2009-3236 (The form library in Horde Application Framework 3.2 before 3.2.5 and ...)
	{DSA-1897-1}
	- horde3 3.3.5+debian0-1 (medium; bug #547318)
CVE-2008-7243 (Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS ...)
	NOT-FOR-US: MODx CMS
CVE-2008-7242 (Multiple cross-site scripting (XSS) vulnerabilities in MODx CMS ...)
	NOT-FOR-US: MODx CMS
CVE-2008-7241 (Cross-site request forgery (CSRF) vulnerability in PunBB before 1.2.17 ...)
	NOT-FOR-US: PunBB
CVE-2008-7240 (Directory traversal vulnerability in include/unverified.inc.php in ...)
	NOT-FOR-US: Linux Web Shop (LWS) php User Base
CVE-2009-3234 (Buffer overflow in the perf_copy_attr function in ...)
	- linux-2.6 <not-affected> (Introduced in 2.6.31, fixed in Debian package before initial 2.6.31 upload)
	- linux-2.6.24 <not-affected> (Introduced in 2.6.31)
CVE-2009-3227 (Cross-site scripting (XSS) vulnerability in index.php in AlmondSoft ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3226 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Ads Enterprise
CVE-2009-3225 (Multiple cross-site scripting (XSS) vulnerabilities in AlmondSoft ...)
	NOT-FOR-US: AlmondSoft Almond Classifieds Wap and Pro
CVE-2009-3224 (SQL injection vulnerability in index.php in Super Mod System, when ...)
	NOT-FOR-US: Super Mod System
CVE-2009-3223 (SQL injection vulnerability in ppc-add-keywords.php in Inout Adserver ...)
	NOT-FOR-US: Inout Adserver
CVE-2009-3222 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: FreeWebScriptz Honest Traffic
CVE-2009-3221 (Stack-based buffer overflow in Audio Lib Player (ALP) allows remote ...)
	NOT-FOR-US: Audio Lib Player (ALP)
CVE-2009-3220 (PHP remote file inclusion vulnerability in cp_html2txt.php in All In ...)
	NOT-FOR-US: All In One Control Panel
CVE-2009-3219 (Directory traversal vulnerability in a.php in AR Web Content Manager ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2009-3218 (SQL injection vulnerability in control/login.php in AR Web Content ...)
	NOT-FOR-US: AR Web Content Manager
CVE-2009-3217 (SQL injection vulnerability in the admin module in iWiccle 1.01 allows ...)
	NOT-FOR-US: iWiccle
CVE-2009-3216 (Multiple directory traversal vulnerabilities in iWiccle 1.01, when ...)
	NOT-FOR-US: iWiccle
CVE-2009-3215 (SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, ...)
	NOT-FOR-US: IXXO Cart Standalone
CVE-2009-3214 (Multiple stack-based buffer overflows in Photodex ProShow Gold ...)
	NOT-FOR-US: Photodex ProShow Gold
CVE-2009-3213 (Stack-based buffer overflow in broid 1.0 Beta 3a allows remote ...)
	NOT-FOR-US: broid
CVE-2009-3212 (SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, ...)
	NOT-FOR-US: VivaPrograms Infinity Script
CVE-2009-3211 (Directory traversal vulnerability in VivaPrograms Infinity Script ...)
	NOT-FOR-US: VivaPrograms Infinity Script
CVE-2009-3210 (Multiple cross-site scripting (XSS) vulnerabilities in the Print (aka ...)
	NOT-FOR-US: Print (aka Printer, e-mail and PDF versions) Drupal module (3rd party module)
CVE-2009-3209 (SQL injection vulnerability in remove.php in PHP eMail Manager 3.3.0 ...)
	NOT-FOR-US: PHP eMail Manager
CVE-2009-3208 (Multiple SQL injection vulnerabilities in phpfreeBB 1.0 allow remote ...)
	NOT-FOR-US: phpfreeBB
CVE-2009-3207 (The ImageCache module 5.x before 5.x-2.5 and 6.x before ...)
	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
CVE-2009-3206 (Multiple cross-site scripting (XSS) vulnerabilities in the ImageCache ...)
	NOT-FOR-US: ImageCache module for Drupal (3rd party module)
CVE-2009-3205 (SQL injection vulnerability in main.php in CBAuthority allows remote ...)
	NOT-FOR-US: CBAuthority
CVE-2009-3204 (Multiple cross-site scripting (XSS) vulnerabilities in Stiva Forum 1.0 ...)
	NOT-FOR-US: Stiva Forum
CVE-2009-3203 (SQL injection vulnerability in store.php in AJ Auction Pro OOPD 2.x ...)
	NOT-FOR-US: AJ Auction Pro OOPD
CVE-2009-3202 (Cross-site scripting (XSS) vulnerability in search.php in ULoKI PHP ...)
	NOT-FOR-US: ULoKI PHP Forum
CVE-2009-3201 (Integer overflow in Media Player Classic 6.4.9 allows user-assisted ...)
	NOT-FOR-US: Media Player Classic
CVE-2009-3200 (The QNAP TS-239 Pro and TS-639 Pro with firmware 2.1.7 0613, 3.1.0 ...)
	NOT-FOR-US: QNAP TS-239 Pro and TS-639 Pro
CVE-2009-3199 (Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2009-3198 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech ...)
	NOT-FOR-US: Affiliate Master
CVE-2009-3197 (Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP ...)
	NOT-FOR-US: JCE-Tech PHP Calendars
CVE-2009-3196 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP ...)
	NOT-FOR-US: JCE-Tech PHP Video Script
CVE-2009-3195 (Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech ...)
	NOT-FOR-US: JCE-Tech Auction RSS Content Script
CVE-2009-3194 (Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech ...)
	NOT-FOR-US: JCE-Tech SearchFeed Script
CVE-2009-3193 (SQL injection vulnerability in the DigiFolio (com_digifolio) component ...)
	NOT-FOR-US: component for Joomla!
CVE-2009-3192 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: LinkorCMS
CVE-2009-3191 (Multiple cross-site scripting (XSS) vulnerabilities in PAD Site ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-3190 (Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-3189 (Cross-site scripting (XSS) vulnerability in search.php in DigiOz ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2009-3188 (PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 ...)
	NOT-FOR-US: phpSANE
CVE-2009-3187 (Cross-site scripting (XSS) vulnerability in gamelist.php in Stand ...)
	NOT-FOR-US: Stand Alone Arcade
CVE-2009-3186 (Multiple cross-site scripting (XSS) vulnerabilities in VideoGirls BiZ ...)
	NOT-FOR-US: VideoGirls BiZ
CVE-2009-3185 (SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 ...)
	NOT-FOR-US: Crazy Star plugin 2.0 for Discuz!
CVE-2009-3184 (Multiple SQL injection vulnerabilities in index.php in Pirates of The ...)
	NOT-FOR-US: Pirates of The Caribbean
CVE-2009-3233 (changetrack 4.3 allows local users to execute arbitrary commands via ...)
	{DSA-1891-1}
	- changetrack 4.5-2 (medium; bug #546791)
CVE-2008-7228 (Multiple format string vulnerabilities in White_Dune before ...)
	- whitedune <not-affected> (bug #546903)
	NOTE: The debian binary versions are not compiled with the --with-aflockdebug option
CVE-2008-7224 (Buffer overflow in entity_cache in ELinks before 0.11.4rc0 allows ...)
	{DSA-1902-1}
	- elinks 0.11.3-1 (low; bug #380347)
CVE-2009-3183 (Heap-based buffer overflow in w in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-7239 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7238 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-7237 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7236 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7235 (Unspecified vulnerability in the Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7234 (Unspecified vulnerability in the Oracle BPEL Worklist Application ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-7233 (Unspecified vulnerability in the E-Business Application client, as ...)
	NOT-FOR-US: E-Business Application client
CVE-2008-7232 (Buffer overflow in the report function in xtacacsd 4.1.2 and earlier ...)
	NOT-FOR-US: xtacacsd
CVE-2008-7231 (Cross-site scripting (XSS) vulnerability in Meridio Document and ...)
	NOT-FOR-US: Meridio Document and Records Management
CVE-2008-7230 (Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before ...)
	NOT-FOR-US: Small Footprint CIM Broker
CVE-2008-7229 (GreenSQL Firewall (greensql-fw) before 0.9.2 allows remote attackers ...)
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-7227 (PartialBufferOutputStream2 in GeoServer before 1.6.1 and 1.7.0-beta1 ...)
	NOT-FOR-US: GeoServer
CVE-2008-7226 (SQL injection vulnerability in index.php in the Recipes module 1.3, ...)
	NOT-FOR-US: Recipes module for PHP-Nuke
CVE-2008-7225 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
	NOT-FOR-US: Foxit Remote Access Server
CVE-2008-7223 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2008-7222 (Cross-site scripting (XSS) vulnerability in system/admin.php in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-7221 (Cross-site request forgery (CSRF) vulnerability in RunCMS 1.6.1 allows ...)
	NOT-FOR-US: RunCMS
CVE-2009-3166 (token.cgi in Bugzilla 3.4rc1 through 3.4.1 places a password in a URL ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3165 (SQL injection vulnerability in the Bug.create WebService function in ...)
	{DSA-1913-1}
	- bugzilla 3.2.5.0-1 (low; bug #547132)
	[etch] - bugzilla <not-affected> (Vulnerable code not present)
	NOTE: Introduced in 2.23.4
CVE-2008-7220 (Unspecified vulnerability in Prototype JavaScript framework ...)
	{DSA-1952-1}
	- prototypejs 1.6.0.2-1
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby 1.1.4-1 (low; bug #555223)
	[lenny] - libjson-ruby 1.1.2-1+lenny1
	- lucene2 2.9.1+ds1-2 (unimportant; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	NOTE: prototype.js copy unused per #555225
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Vulnerable code not present)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd 0.2.4+r1376-1.1+etch3
	- mediatomb 0.12.0~svn2018-5 (low; bug #555232)
	[lenny] - mediatomb <no-dsa> (minor issue)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers 0.3.4-2 (low; bug #555239)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress 2.5.0-2 (low; bug #555242)
	[etch] - wordpress <not-affected> (prototype.js not present)
	- exaile 0.2.14+debian-2.2 (low; bug #555244)
	[lenny] - exaile <no-dsa> (minor issue)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (prototype.js not included in the binary package; bug #555258)
	- scriptaculous 1.8.3-1 (low; bug #555259)
	[lenny] - scriptaculous <no-dsa> (Minor issue)
	- activeldap 1.0.9-1 (unimportant; bug #555263)
	NOTE: Only shipped in an example
	- otrs2 2.3.4-6 (low; bug #555266)
	[etch] - otrs2 <not-affected> (prototype.js not present)
	[lenny] - otrs2 <not-affected> (prototype.js not present)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (prototype.js not included in any of the binary packages; bug #555266)
	- webcit <not-affected> (fixed since initial inclusion)
	- zabbix <not-affected> (fixed since initial inclusion)
	- chora2 <not-affected> (fixed since initial inclusion)
	- gollem <not-affected> (fixed since initial inclusion)
	- ingo1 <not-affected> (fixed since initial inclusion)
	- kronolith2 <not-affected> (fixed since initial inclusion)
	- jifty <not-affected> (fixed since initial inclusion)
	- jquery <not-affected> (fixed since initial inclusion)
	- passenger <not-affected> (fixed since initial inclusion)
CVE-2008-7219 (Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 ...)
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7218 (Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 ...)
	{DSA-1897-1}
	- horde3 3.1.6-1
	- turba2 2.1.7-1
	- kronolith2 2.1.7-1
	- nag2 2.1.4-1
	- mnemo2 2.1.2-1
CVE-2008-7217 (Microsoft Office 2008 for Mac, when running on Macintosh systems that ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-6732 (Multiple buffer overflows in the dtt_load function in ...)
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2007-6731 (Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers ...)
	- xmp 2.6.1-1 (low; bug #546730)
	[etch] - xmp <no-dsa> (Minor issue, fringe app/formats)
	[lenny] - xmp <no-dsa> (Minor issue, fringe app/formats)
CVE-2009-3182 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3181 (Directory traversal vulnerability in Anantasoft Gazelle CMS 1.0 allows ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3180 (Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3179 (Multiple unspecified vulnerabilities in Symantec Altiris Deployment ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3178 (Unspecified vulnerability in mm.exe in Symantec Altiris Deployment ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3177 (Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2009-3176 (Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-3175 (Multiple SQL injection vulnerabilities in Model Agency Manager PRO ...)
	NOT-FOR-US: Model Agency Manager PRO
CVE-2009-3174 (PHP remote file inclusion vulnerability in fonctions_racine.php in ...)
	NOT-FOR-US: OBOphiX
CVE-2009-3173 (Unrestricted file upload vulnerability in admin/add_album.php in The ...)
	NOT-FOR-US: Rat CMS Alpha
CVE-2009-3172 (Unspecified vulnerability in Hitachi Groupmax Groupware Server 07-00 ...)
	NOT-FOR-US: Hitachi Groupmax Groupware Server
CVE-2009-3171 (Multiple cross-site scripting (XSS) vulnerabilities in Anantasoft ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2009-3170 (Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) ...)
	NOT-FOR-US: AIMP2 Audio Converter
CVE-2009-3169 (Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission ...)
	NOT-FOR-US: Hitachi
CVE-2009-3168 (Mevin Productions Basic PHP Events Lister 2.0 does not properly ...)
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2009-3167 (Directory traversal vulnerability in index.php in Anantasoft Gazelle ...)
	NOT-FOR-US: Anantasoft Gazelle CMS
CVE-2008-7216 (Peter's Math Anti-Spam Spinoff plugin for WordPress generates audio ...)
	NOT-FOR-US: Math Anti-Spam Spinoff plugin for WordPress
CVE-2008-7215 (The Image Manager in MOStlyCE before 2.4, as used in Mambo 4.6.3 and ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7214 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7213 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7212 (MOStlyCE before 2.4, as used in Mambo 4.6.3 and earlier, allows remote ...)
	NOT-FOR-US: MOStlyCE
CVE-2008-7211 (CreativeLabs es1371mp.sys 5.1.3612.0 WDM audio driver, as used in ...)
	NOT-FOR-US: CreativeLabs WDM audio driver
CVE-2008-7210 (directory.php in AJchat 0.10 allows remote attackers to bypass input ...)
	NOT-FOR-US: AJchat
CVE-2008-7209 (Unrestricted file upload vulnerability in the add2 action in ...)
	NOT-FOR-US: OneCMS
CVE-2008-7208 (Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly ...)
	NOT-FOR-US: OneCMS
CVE-2008-7207 (RivetTracker before 1.0 stores passwords in cleartext in config.php, ...)
	NOT-FOR-US: RivetTracker
CVE-2008-7206 (Unspecified vulnerability in Electronic Logbook (ELOG) before 2.7.2 ...)
	NOT-FOR-US: Electronic Logbook
CVE-2008-7205 (Unspecified vulnerability in the product view functionality in ...)
	NOT-FOR-US: VirtueMart
CVE-2008-7204 (Cross-site request forgery (CSRF) vulnerability in VirtueMart 1.0.13a ...)
	NOT-FOR-US: VirtueMart
CVE-2008-7203 (Valve Software Half-Life Counter-Strike 1.6 allows remote attackers to ...)
	NOT-FOR-US: Valve Software Half-Life Counter-Strike
CVE-2009-3232 (pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian ...)
	- pam 1.0.1-10 (bug #519927)
	[lenny] - pam <not-affected> (pam-auth-update not yet present)
	[etch] - pam <not-affected> (pam-auth-update not yet present)
CVE-2009-3229 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <not-affected>
	- postgresql-7.4 <not-affected>
CVE-2009-3230 (The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <removed>
	- postgresql-7.4 <removed>
CVE-2009-3231 (The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 ...)
	{DSA-1900-1}
	- postgresql-8.4 8.4.1-1
	- postgresql-8.3 8.3.8-1
	- postgresql-8.1 <not-affected>
	- postgresql-7.4 <not-affected>
CVE-2009-3164 (Unspecified vulnerability in the IPv6 networking stack in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2009-3163 (Multiple format string vulnerabilities in lib/silcclient/command.c in ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (medium)
	- silc-client 1.1-2 (medium)
	- silc-server 1.1.2-1 (medium)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3145
	REJECTED
CVE-2009-3144
	REJECTED
CVE-2009-3143
	REJECTED
CVE-2009-3142
	REJECTED
CVE-2009-3141
	REJECTED
CVE-2009-3140
	REJECTED
CVE-2009-3139
	REJECTED
CVE-2009-3138
	REJECTED
CVE-2009-3137
	REJECTED
CVE-2009-3136
	REJECTED
CVE-2009-3135 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3134 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3133 (Microsoft Office Excel 2002 SP3, Office 2004 and 2008 for Mac, and ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3132 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3131 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3130 (Heap-based buffer overflow in Microsoft Office Excel 2002 SP3, Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3129 (Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3128 (Microsoft Office Excel 2002 SP3 and 2003 SP3, and Office Excel Viewer ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3127 (Microsoft Office Excel 2002 SP3 and 2003 SP3, Office 2004 and 2008 for ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-3126 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3162 (Cross-site scripting (XSS) vulnerability in Multi Website 1.5 allows ...)
	NOT-FOR-US: Multi Website
CVE-2009-3161 (The server in IBM WebSphere MQ 7.0.0.1, 7.0.0.2, and 7.0.1.0 allows ...)
	NOT-FOR-US: IBM WebSpHere MQ
CVE-2009-3160 (IBM WebSphere MQ 6.x through 6.0.2.7, 7.0.0.0, 7.0.0.1, 7.0.0.2, and ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3159 (Unspecified vulnerability in the rriDecompress function in IBM ...)
	NOT-FOR-US: IBM WebSphere MQ
CVE-2009-3158 (admin/files.php in simplePHPWeb 0.2 does not require authentication, ...)
	NOT-FOR-US: simplePHPWeb
CVE-2009-3157 (Cross-site scripting (XSS) vulnerability in the Calendar module 6.x ...)
	NOT-FOR-US: Calendar module for Drupal
CVE-2009-3156 (Cross-site scripting (XSS) vulnerability in the Date Tools sub-module ...)
	NOT-FOR-US: Date module for Drupal
CVE-2009-3155 (Cross-site scripting (XSS) vulnerability in gmap.php in the Almond ...)
	NOT-FOR-US: Almond Classifieds component for Joomla!
CVE-2009-3154 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...)
	NOT-FOR-US: Almond Classifieds component for Joomla!
CVE-2009-3153 (Multiple cross-site scripting (XSS) vulnerabilities in x10 MP3 Search ...)
	NOT-FOR-US: x10 MP3 Search engine
CVE-2009-3152 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: NTSOFT BBS E-Market Professional
CVE-2009-3151 (Directory traversal vulnerability in actions/downloadFile.php in ...)
	NOT-FOR-US: Ultrize TimeSheet
CVE-2009-3150 (SQL injection vulnerability in index.php in Multi Website 1.5 allows ...)
	NOT-FOR-US: Multi Website
CVE-2009-3149 (Directory traversal vulnerability in _css/js.php in Elgg 1.5, when ...)
	- elgg <itp> (bug #526197)
CVE-2009-3148 (Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 ...)
	NOT-FOR-US: PortalXP Teacher Edition
CVE-2009-3147 (Cross-site scripting (XSS) vulnerability in showproduct.php in ...)
	NOT-FOR-US: ReviewPost Pro
CVE-2009-3146 (Cross-site scripting (XSS) vulnerability in search_advance.php in ...)
	NOT-FOR-US: ArticleFriend Script
CVE-2009-3125 (SQL injection vulnerability in the Bug.search WebService function in ...)
	- bugzilla 3.4.7.0-1
	[lenny] - bugzilla <not-affected> (Only Bugzilla >= 3.3 is affected)
CVE-2009-3124 (Directory traversal vulnerability in get_message.cgi in QuarkMail ...)
	NOT-FOR-US: QuarkMail
CVE-2009-3123 (Directory traversal vulnerability in gallery/gallery.php in Wap-Motor ...)
	NOT-FOR-US: Wap-Motor
CVE-2009-3122 (The Ajax Table module 5.x for Drupal does not perform access control, ...)
	NOT-FOR-US: Ajax Table module module for Drupal
CVE-2009-3121 (Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x ...)
	NOT-FOR-US: Ajax Table module module for Drupal
CVE-2009-3120 (Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE ...)
	NOT-FOR-US: BIGACE Web CMS
CVE-2009-3119 (SQL injection vulnerability in screen.php in the Download System mSF ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-3118 (SQL injection vulnerability in mod/poll/comment.php in the vote module ...)
	NOT-FOR-US: Danneo CMS
CVE-2009-3117 (SQL injection vulnerability in category.php in Snow Hall Silurus ...)
	NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3116 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...)
	NOT-FOR-US: Uiga Church Portal
CVE-2009-3115 (SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2009-3114 (The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2009-3113 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
	NOT-FOR-US: OXID eShop Professional
CVE-2009-3112 (Unspecified vulnerability in OXID eShop Professional, Enterprise, and ...)
	NOT-FOR-US: OXID eShop Professional
CVE-2009-3111 (The rad_decode function in FreeRADIUS before 1.1.8 allows remote ...)
	- freeradius 2.0.0-1 (low)
CVE-2008-7202 (Multiple cross-site scripting (XSS) vulnerabilities in OpenWebMail ...)
	NOT-FOR-US: OpenWebMail
CVE-2008-7201 (Lantronix MSS485-T allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Lantronix MSS485-T
CVE-2008-7200 (Double free vulnerability in Deliantra server engine before 2.4 has ...)
	NOT-FOR-US: Deliantra server engine
CVE-2008-7199 (Phoenix Contact FL IL 24 BK-PAC allows remote attackers to cause a ...)
	NOT-FOR-US: Phoenix Contact FL IL 24 BK-PAC
CVE-2008-7198 (Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have ...)
	NOT-FOR-US: phpns
CVE-2008-7197 (Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have ...)
	NOT-FOR-US: G15Daemon
CVE-2008-7196 (Unspecified vulnerability in metashell before 0.03 has unknown impact ...)
	NOT-FOR-US: metashell
CVE-2008-7195 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7194 (Unspecified vulnerability in Fujitsu Interstage HTTP Server, as used ...)
	NOT-FOR-US: Fujitsu Interstage HTTP Server
CVE-2008-7193 (PHPKIT 1.6.4 PL1 includes the session ID in the URL, which allows ...)
	NOT-FOR-US: PHPKIT
CVE-2008-7192 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-7191 (Unspecified vulnerability in Polipo before 1.0.4 allows remote ...)
	- polipo 1.0.4-1 (low)
CVE-2008-7190 (Unspecified vulnerability in Adium before 1.2 has unknown impact and ...)
	NOT-FOR-US: Adium
CVE-2008-7189 (Multiple unspecified vulnerabilities in Local Media Browser before 0.1 ...)
	NOT-FOR-US: Local Media Browser
CVE-2008-7188 (ClipShare 2.6 does not properly restrict access to certain ...)
	NOT-FOR-US: ClipShare
CVE-2008-7187 (Coppermine Photo Gallery (CPG) 1.4.14 allows remote attackers to ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-7186 (Coppermine Photo Gallery (CPG) 1.4.14 does not restrict access to ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-6730 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: ZyXEL P-330W
CVE-2007-6729 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: ZyXEL P-330W
CVE-2009-3110 (Race condition in the file transfer functionality in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3109 (Unspecified vulnerability in the AClient agent in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3108 (The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3107 (Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2009-3106 (The Servlet Engine/Web Container component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-3105 (Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka ...)
	NOT-FOR-US: IBM Lotus iNotes
CVE-2009-3104 (Unspecified vulnerability in Symantec Norton AntiVirus 2005 through ...)
	NOT-FOR-US: Symantec Norton AntiVirus
CVE-2009-3103 (Array index error in the SMBv2 protocol implementation in srv2.sys in ...)
	NOT-FOR-US: Microsoft
CVE-2009-3102 (The doHotCopy subroutine in socket-server.pl in Zmanda Recovery ...)
	NOT-FOR-US: Zmanda Recovery Manager
CVE-2009-3101 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 10, and ...)
	- xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3100 (xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, ...)
	- xscreensaver <not-affected> (OpenSolaris-specific, patch 120094-22 causes this)
CVE-2009-3099 (Unspecified vulnerability in HP OpenView Operations Manager 8.1 on ...)
	NOT-FOR-US: HP OpenView Operations Manager
CVE-2009-3098 (Unspecified vulnerability in the Portal in HP Operations Dashboard 2.1 ...)
	NOT-FOR-US: HP Operations Dashboard
CVE-2009-3097 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 on ...)
	NOT-FOR-US: HP Performance Insight
CVE-2009-3096 (Multiple unspecified vulnerabilities in HP Performance Insight 5.3 ...)
	NOT-FOR-US: HP Performance Insight
CVE-2009-3095 (The mod_proxy_ftp module in the Apache HTTP Server allows remote ...)
	{DSA-1934-1}
	- apache2 2.2.13-2 (low; bug #545951)
	[etch] - apache2 <no-dsa> (minor issue)
	[lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
	NOTE: The attacker needs to have valid credentials for the FTP server, which
	NOTE: makes this irrelevant in most cases. Based on a VulnDisco commercial 0day.
CVE-2009-3094 (The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the ...)
	{DSA-1934-1}
	- apache2 2.2.13-2 (low; bug #545951)
	[etch] - apache2 <no-dsa> (minor issue)
	[lenny] - apache2 2.2.9-10+lenny5 (low; bug #545951)
CVE-2009-3093 (Unspecified vulnerability on the ASUS WL-500W wireless router has ...)
	NOT-FOR-US: ASUS WL-500W
CVE-2009-3092 (Buffer overflow on the ASUS WL-500W wireless router has unknown impact ...)
	NOT-FOR-US: ASUS WL-500W
CVE-2009-3091 (Unspecified vulnerability on the ASUS WL-330gE has unknown impact and ...)
	NOT-FOR-US: ASUS WL-330gE
CVE-2009-3090 (Unspecified vulnerability in IBM Tivoli Directory Server (TDS) 6.0 on ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3089 (IBM Tivoli Directory Server (TDS) 6.0 allows remote attackers to cause ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3088 (Heap-based buffer overflow in ibmdiradm in IBM Tivoli Directory Server ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2009-3087 (Unspecified vulnerability in nserver.exe in the server in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2009-3086 (A certain algorithm in Ruby on Rails 2.1.0 through 2.2.2, and 2.3.x ...)
	{DSA-2260-1}
	- rails 2.2.3-1 (low; bug #545063)
	[etch] - rails <no-dsa> (Minor issue)
CVE-2009-3085 (The XMPP protocol plugin in libpurple in Pidgin before 2.6.2 does not ...)
	- pidgin 2.6.2-1 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
CVE-2009-3084 (The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c ...)
	{DSA-2038-1}
	- pidgin 2.6.2-1 (low)
CVE-2009-3083 (The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the ...)
	{DSA-2038-1}
	- pidgin 2.6.2-1 (low)
CVE-2008-7185 (GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of ...)
	- rhythmbox <unfixed> (unimportant)
	NOTE: No practical security impact
CVE-2008-7184 (Cross-site scripting (XSS) vulnerability in Diigo Toolbar and Diigolet ...)
	NOT-FOR-US: Diigo Toolbar and Diigolet
CVE-2008-7183 (PHP remote file inclusion vulnerability in eva/index.php in EVA CMS ...)
	NOT-FOR-US: EVA CMS
CVE-2009-3082 (SQL injection vulnerability in wcategory.php in Snow Hall Silurus ...)
	NOT-FOR-US: Snow Hall Silurus System
CVE-2009-3081 (SQL injection vulnerability in index.php in Uiga Church Portal allows ...)
	NOT-FOR-US: Uiga Church Portal
CVE-2009-3079 (Unspecified vulnerability in Mozilla Firefox before 3.0.14, and 3.5.x ...)
	{DSA-1886-1}
	- iceweasel 3.0.14-1
	[etch] - iceweasel <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-3078 (Visual truncation vulnerability in Mozilla Firefox before 3.0.14, and ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3077 (Mozilla Firefox before 3.0.14, and 3.5.x before 3.5.3, does not ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3076 (Mozilla Firefox before 3.0.14 does not properly implement certain ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3075 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-2025-1 DSA-1885-1}
	- xulrunner 1.9.0.14-1
	- icedove 3.0~rc2-2
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3074 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3073 (Unspecified vulnerability in the JavaScript engine in Mozilla Firefox ...)
	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
CVE-2009-3072 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-2025-1 DSA-1885-1}
	- xulrunner 1.9.0.14-1
	- icedove 3.0~rc2-2
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3071 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3070 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-1885-1}
	- xulrunner 1.9.0.14-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-3069 (Unspecified vulnerability in the browser engine in Mozilla Firefox ...)
	- xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[lenny] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
	[etch] - xulrunner <not-affected> (Only affects Firefox 3.5.x)
CVE-2008-7182 (Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and ...)
	NOT-FOR-US: Surgemail
CVE-2008-7181 (Butterfly Organizer 2.0.0 allows remote attackers to (1) delete ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-7180 (del_query1.php in Telephone Directory 2008 allows remote attackers to ...)
	NOT-FOR-US: Telephone Directory
CVE-2008-7179 (OTManager CMS 2.4 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: OTManager
CVE-2008-7178 (Directory traversal vulnerability in Uploader module 1.1 for XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-7177 (Buffer overflow in the listing module in Netwide Assembler (NASM) ...)
	- nasm 2.03.01-1 (low)
CVE-2008-7176 (Multiple directory traversal vulnerabilities in Facil CMS 0.1RC allow ...)
	NOT-FOR-US: Facil CMS
CVE-2008-7175 (Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in ...)
	NOT-FOR-US: NextGEN Gallery third party plugin for wordpress
CVE-2008-7174 (Multiple buffer overflows in the Jura Internet Connection Kit for the ...)
	NOT-FOR-US: Jura Impressa
CVE-2008-7173 (The Jura Internet Connection Kit for the Jura Impressa F90 coffee ...)
	NOT-FOR-US: Jura Impressa
CVE-2008-7172 (Lightweight news portal (LNP) 1.0b does not properly restrict access ...)
	NOT-FOR-US: Lightweight news portal
CVE-2008-7171 (Multiple cross-site scripting (XSS) vulnerabilities in Lightweight ...)
	NOT-FOR-US: Lightweight news portal
CVE-2008-7170 (GSC build 2067 and earlier relies on the client to enforce ...)
	NOT-FOR-US: GSC build
CVE-2008-7169 (SQL injection vulnerability in Jabode horoscope extension (com_jabode) ...)
	NOT-FOR-US: Joomla
CVE-2008-7168 (Insecure method vulnerability in the UUSee UUUpgrade ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2008-7167 (Unrestricted file upload vulnerability in upload.php in Page Manager ...)
	NOT-FOR-US: Page Manager
CVE-2009-3068 (Unrestricted file upload vulnerability in the RoboHelpServer Servlet ...)
	NOT-FOR-US: Adobe RoboHelp Server
CVE-2009-3067 (Cross-site scripting (XSS) vulnerability in index.php in Reservation ...)
	NOT-FOR-US: Reservation Manager
CVE-2009-3066 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PropertyWatchScript.com Property Watch
CVE-2009-3065 (PHP remote file inclusion vulnerability in editor/edit_htmlarea.php in ...)
	NOT-FOR-US: Ve-EDIT
CVE-2009-3064 (Directory traversal vulnerability in debugger/debug_php.php in Ve-EDIT ...)
	NOT-FOR-US: Ve-EDIT
CVE-2009-3063 (SQL injection vulnerability in the Game Server (com_gameserver) ...)
	NOT-FOR-US: Joomla!
CVE-2009-3062 (SQL injection vulnerability in message_box.php in OSI Codes PHP Live! ...)
	NOT-FOR-US: OSI Codes PHP Live!
CVE-2009-3061 (SQL injection vulnerability in lesson.php in Alqatari Q R Script 1.0 ...)
	NOT-FOR-US: Alqatari Q R Script
CVE-2009-3060 (Multiple cross-site scripting (XSS) vulnerabilities in Joker Board ...)
	NOT-FOR-US: Joker Board
CVE-2009-3059 (Multiple SQL injection vulnerabilities in Joker Board (aka JBoard) 2.0 ...)
	NOT-FOR-US: Joker Board
CVE-2009-3058 (Stack-based buffer overflow in akPlayer 1.9.0 allows remote attackers ...)
	NOT-FOR-US: akPlayer
CVE-2009-3057 (Multiple cross-site scripting (XSS) vulnerabilities in AOM Software ...)
	NOT-FOR-US: AOM Software Beex
CVE-2009-3056 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: KingCMS
CVE-2009-3055 (PHP remote file inclusion vulnerability in engine/api/api.class.php in ...)
	NOT-FOR-US: DataLife Engine
CVE-2009-3054 (SQL injection vulnerability in the Artetics.com Art Portal ...)
	NOT-FOR-US: Joomla!
CVE-2009-3053 (Directory traversal vulnerability in the Agora (com_agora) component ...)
	NOT-FOR-US: Joomla!
CVE-2009-3052 (SQL injection vulnerability in root/includes/prime_quick_style.php in ...)
	NOT-FOR-US: Prime Quick Style addon
CVE-2008-7166 (Buffer overflow in the web interface in BitTorrent 6.0.1 (build 7859) ...)
	NOT-FOR-US: web interface in BitTorrent 6.0.1 (build 7859)
CVE-2008-7165 (Cross-site request forgery in cp06_wifi_m_nocifr.cgi in the ...)
	NOT-FOR-US: TELECOM ITALIA Alice Gate2 Plus Wi-Fi
CVE-2008-7164 (Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have ...)
	NOT-FOR-US: Shareaza
CVE-2008-7163 (Directory traversal vulnerability in mods/Integrated/index.php in ...)
	NOT-FOR-US: SineCMS
CVE-2008-7162 (Buffer overflow in Hero Super Player 3000 allows remote attackers to ...)
	NOT-FOR-US: Hero Super Player
CVE-2008-7161 (Fortinet FortiGuard Fortinet FortiGate-1000 3.00 build 040075,070111 ...)
	NOT-FOR-US: Fortinet FortiGuard Fortinet
CVE-2008-7159 (The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in ...)
	{DSA-1879-1}
	[lenny] - silc-toolkit 1.1.7-2+lenny1
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server <not-affected> (Vulnerable code not present)
	NOTE: silc-client uses libsilc from silc-toolkit since 1.1-2
CVE-2009-3051 (Multiple format string vulnerabilities in ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (medium)
	- silc-client 1.1-2 (medium)
	- silc-server 1.1.2-1 (medium)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2008-7160 (The silc_http_server_parse function in lib/silchttp/silchttpserver.c ...)
	{DSA-1879-1}
	- silc-toolkit 1.1.10-1 (low)
	- silc-client 1.1-2 (low)
	- silc-server 1.1.2-1 (low)
	NOTE: silc-client/silc-server use libsilc from silc-toolkit since 1.1-2
CVE-2009-3050 (Buffer overflow in the set_page_size function in util.cxx in HTMLDOC ...)
	- htmldoc 1.8.27-4.1 (low; bug #537637)
	[etch] - htmldoc <no-dsa> (Minor issue)
	[lenny] - htmldoc <no-dsa> (Minor issue)
CVE-2009-3049 (Opera before 10.00 does not properly display all characters in ...)
	NOT-FOR-US: Opera
CVE-2009-3048 (Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly ...)
	NOT-FOR-US: Opera
CVE-2009-3047 (Opera before 10.00, when a collapsed address bar is used, does not ...)
	NOT-FOR-US: Opera
CVE-2009-3046 (Opera before 10.00 does not check all intermediate X.509 certificates ...)
	NOT-FOR-US: Opera
CVE-2009-3045 (Opera before 10.00 trusts root X.509 certificates signed with the MD2 ...)
	NOT-FOR-US: Opera
CVE-2009-3044 (Opera before 10.00 does not properly handle a (1) '\0' character or ...)
	NOT-FOR-US: Opera
CVE-2009-3043 (The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux ...)
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.31)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.31)
CVE-2008-7158 (Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-7157 (Unrestricted file upload vulnerability in EkinBoard 1.1.0 and earlier ...)
	NOT-FOR-US: EkinBoard
CVE-2008-7156 (EkinBoard 1.1.0 and earlier, when register_globals is enabled, allows ...)
	NOT-FOR-US: EkinBoard
CVE-2008-7155 (NetRisk 1.9.7 does not properly restrict access to ...)
	NOT-FOR-US: NetRisk
CVE-2008-7154 (Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Docebo
CVE-2008-7153 (SQL injection vulnerability in the autoDetectRegion function in ...)
	NOT-FOR-US: Docebo
CVE-2009-3039
	RESERVED
CVE-2009-3038 (A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research ...)
	NOT-FOR-US: ActiveX
CVE-2009-3037 (Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka ...)
	NOT-FOR-US: Autonomy KeyView XLS viewer
CVE-2008-7152 (Multiple PHP remote file inclusion vulnerabilities in Specimen Image ...)
	NOT-FOR-US: Specimen Image Database
CVE-2008-7151 (Cross-site request forgery (CSRF) vulnerability in Live 5.x before ...)
	NOT-FOR-US: Live third-party Drupal module
CVE-2008-7150 (Cross-site scripting (XSS) vulnerability in Refine by Taxonomy 5.x ...)
	NOT-FOR-US: Refine by Taxonomy
CVE-2008-7149 (Unspecified vulnerability in AgileWiki before 0.10.1 has unknown ...)
	NOT-FOR-US: AgileWiki
CVE-2008-7148 (Unspecified vulnerability in Synfig Animation Studio before 0.61.08 ...)
	- synfig 0.61.08-1
CVE-2008-7147 (Multiple cross-site scripting (XSS) vulnerabilities in IntraLearn ...)
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7146 (IntraLearn Software IntraLearn 2.1, and possibly other versions before ...)
	NOT-FOR-US: IntraLearn Software IntraLearn
CVE-2008-7145 (Multiple SQL injection vulnerabilities in index.php in CoronaMatrix ...)
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-7144 (Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have ...)
	NOT-FOR-US: RARLAB WinRAR
CVE-2008-7143 (phpBB 2.0.23 includes the session ID in a request to modcp.php when ...)
	- phpbb2 <removed>
CVE-2008-7142 (Absolute path traversal vulnerability in the Disk Usage module ...)
	NOT-FOR-US: cPanel
CVE-2008-7141 (Cross-site scripting (XSS) vulnerability in setup.php in @lex Poll 2.1 ...)
	NOT-FOR-US: @lex Poll
CVE-2008-7140 (Multiple cross-site scripting (XSS) vulnerabilities in @lex Guestbook ...)
	NOT-FOR-US: @lex Guestbook
CVE-2008-7139 (Multiple cross-site request forgery (CSRF) vulnerabilities in WS-Proxy ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7138 (The Manager in Eye-Fi 1.1.2 generates predictable snonce values based ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7137 (WS-Proxy in Eye-Fi 1.1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eye-Fi
CVE-2008-7136 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...)
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7135 (toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers ...)
	NOT-FOR-US: ICQ Toolbar
CVE-2008-7134 (Multiple cross-site scripting (XSS) vulnerabilities in the default URI ...)
	NOT-FOR-US: Chris LaPointe RedGalaxy Download Center
CVE-2008-7133 (Multiple cross-site scripting (XSS) vulnerabilities in onlinetools.org ...)
	NOT-FOR-US: onlinetools.org EasyImageCatalogue
CVE-2008-7132 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...)
	NOT-FOR-US: Nuked-Klan
CVE-2009-3036 (Cross-site scripting (XSS) vulnerability in the console in Symantec IM ...)
	NOT-FOR-US: Symantec IM Manager
CVE-2009-3035 (The web console in Symantec Altiris Notification Server 6.0.x before ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3034
	REJECTED
CVE-2009-3033 (Buffer overflow in the RunCmd method in the Altiris eXpress NS Console ...)
	NOT-FOR-US: ActiveX
CVE-2009-3032 (Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the ...)
	NOT-FOR-US: Autonomy KeyView
CVE-2009-3031 (Stack-based buffer overflow in the BrowseAndSaveFile method in the ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2009-3030 (Cross-site scripting (XSS) vulnerability in Symantec ...)
	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3029 (Cross-site scripting (XSS) vulnerability in the console in Symantec ...)
	NOT-FOR-US: Symantec SecurityExpressions Audit and Compliance Server
CVE-2009-3028 (The Altiris eXpress NS SC Download ActiveX control in ...)
	NOT-FOR-US: Symantec
CVE-2009-3027 (VRTSweb.exe in VRTSweb in Symantec Backup Exec Continuous Protection ...)
	NOT-FOR-US: Symantec Backup Exec Continuous Protection Server
CVE-2009-3025 (Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to ...)
	- pidgin 2.6.1-1 (low)
	[lenny] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
	[etch] - pidgin <not-affected> (Vulnerable code introduced in 2.6.0)
CVE-2009-3024 (The verify_hostname_of_cert function in the certificate checking ...)
	- libio-socket-ssl-perl 1.30-1
	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
	[etch] - libio-socket-ssl-perl <not-affected> (Affected functionality introduced in 1.14)
CVE-2009-3023 (Buffer overflow in the FTP Service in Microsoft Internet Information ...)
	NOT-FOR-US: Microsoft IIS
CVE-2009-3022 (Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and ...)
	NOT-FOR-US: bingo!CMS
CVE-2009-3021 (Cross-site scripting (XSS) vulnerability in Site Calendar 'mycaljp' ...)
	NOT-FOR-US: Site Calendar 'mycaljp' plugin
CVE-2009-3020 (win32k.sys in Microsoft Windows Server 2003 SP2 allows remote ...)
	NOT-FOR-US: Microsoft Windows Server
CVE-2009-3019 (Microsoft Internet Explorer 6 on Windows XP SP2 and SP3, and Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3018 (Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block ...)
	NOT-FOR-US: Maxthon Browser
CVE-2009-3017 (Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh ...)
	NOT-FOR-US: Orca Browser
CVE-2009-3016 (Apple Safari 4.0.3 does not properly block javascript: and data: URIs ...)
	NOT-FOR-US: Apple Safari
CVE-2009-3015 (QtWeb 3.0 Builds 001 and 003 does not properly block javascript: and ...)
	- qt4-x11 <unfixed> (unimportant)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <unfixed> (unimportant)
	NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3014 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
	- iceweasel <removed> (unimportant)
CVE-2009-3013 (Opera 9.52 and earlier, and 10.00 Beta 3 Build 1699, does not properly ...)
	NOT-FOR-US: Opera
CVE-2009-3012 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
CVE-2009-3011 (Google Chrome 1.0.154.48 and earlier, 2.0.172.28, 2.0.172.37, and ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2009-3010 (Mozilla Firefox 3.0.13 and earlier, 3.5, 3.6 a1 pre, and 3.7 a1 pre; ...)
	NOTE: This is a web site issue (open redirector), not a browser problem.
	- iceweasel <removed> (unimportant)
CVE-2009-3009 (Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before ...)
	{DSA-1887-1}
	- rails 2.2.3-1 (low; bug #545063)
	[etch] - rails <no-dsa> (Unsupported)
CVE-2009-3008 (K-Meleon 1.5.3 allows context-dependent attackers to spoof the address ...)
	NOT-FOR-US: K-Meleon
CVE-2009-3007 (Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow ...)
	{DSA-1922-1}
	- xulrunner 1.9.1.3-3 (low)
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 2.0-1 (low)
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceape <not-affected> (Iceape from Lenny only provides NSS libs)
	- webkit <not-affected> (proof-of-concept did not work)
CVE-2009-3006 (Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the ...)
	NOT-FOR-US: Maxthon Browser
CVE-2009-3005 (Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address ...)
	NOT-FOR-US: Lunascape
CVE-2009-3004 (Avant Browser 11.7 Builds 35 and 36 allows remote attackers to spoof ...)
	NOT-FOR-US: Avant Browser
CVE-2009-3003 (Microsoft Internet Explorer 6 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-3002 (The Linux kernel before 2.6.31-rc7 does not initialize certain data ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	NOTE: minor info leaks
CVE-2009-3001 (The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	NOTE: minor info leak
CVE-2009-3000 (The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-7131 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...)
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7130 (Unspecified vulnerability in DB2 Monitoring Console 2.2.4 and earlier ...)
	NOT-FOR-US: DB2 Monitoring Console
CVE-2008-7129 (XySSL before 0.9 allows remote attackers to cause a denial of service ...)
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7128 (The ssl_parse_client_key_exchange function in XySSL before 0.9 does ...)
	- xyssl 0.9-1
	- polarssl <not-affected> (fixed in xyssl before polarssl was forked from it)
	- pdkim <itp> (bug #543150)
	NOTE: check pdkim if/when it enters unstable (contains polarssl code copy)
CVE-2008-7127 (osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and ...)
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7126 (Integer overflow in osagent.exe in Borland VisiBroker Smart Agent ...)
	NOT-FOR-US: Borland VisiBroker Smart Agent
CVE-2008-7125 (pphoto in Ariadne before 2.6 allows remote authenticated users with ...)
	NOT-FOR-US: Ariadne
CVE-2008-7124 (zKup CMS 2.0 through 2.3 does not require administrative ...)
	NOT-FOR-US: zKup CMS
CVE-2008-7123 (Static code injection vulnerability in ...)
	NOT-FOR-US: zKup CMS
CVE-2008-7122 (Multiple insecure method vulnerabilities in an ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-7121 (Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7120 (SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-7119 (SQL injection vulnerability in item.php in WeBid auction script 0.5.4 ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7118 (WeBid auction script 0.5.4 stores sensitive information under the web ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7117 (eledicss.php in WeBid auction script 0.5.4 allows remote attackers to ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7116 (SQL injection vulnerability in the admin panel (admin/) in WeBid ...)
	NOT-FOR-US: WeBid auction script
CVE-2008-7115 (The web interface to the Belkin Wireless G router and ADSL2 modem ...)
	NOT-FOR-US: Belkin Wireless G
CVE-2008-7114 (SQL injection vulnerability in members_search.php in iFusion Services ...)
	NOT-FOR-US: iFusion Services
CVE-2008-7113 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7112 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7111 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7110 (Directory traversal vulnerability in the Scanner File Utility (aka ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7109 (The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 ...)
	NOT-FOR-US: Kyocera Mita
CVE-2008-7108 (Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart ...)
	NOT-FOR-US: Carmosa phpCart
CVE-2008-7107 (easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to ...)
	NOT-FOR-US: ESET Smart Security
CVE-2009-2999 (The com.android.phone process in Android 1.5 CRBxx allows remote ...)
	NOT-FOR-US: Android
CVE-2009-XXXX [serveez: buffer overflow in header parser]
	- serveez <removed> (low)
	[lenny] - serveez 0.1.5-2.1+lenny1
	[etch] - serveez 0.1.5-2+etch1
CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before ...)
	NOT-FOR-US: Adobe
CVE-2009-2996 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2995 (Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, ...)
	NOT-FOR-US: Adobe
CVE-2009-2994 (Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2993 (The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before ...)
	NOT-FOR-US: Adobe
CVE-2009-2992 (An unspecified ActiveX control in Adobe Reader and Acrobat 9.x before ...)
	NOT-FOR-US: Adobe
CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and ...)
	NOT-FOR-US: Adobe
CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2989 (Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, ...)
	NOT-FOR-US: Adobe
CVE-2009-2988 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2987 (Unspecified vulnerability in an ActiveX control in Adobe Reader and ...)
	NOT-FOR-US: Adobe
CVE-2009-2986 (Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2984 (Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2983 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
	NOT-FOR-US: Adobe
CVE-2009-2982 (An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, ...)
	NOT-FOR-US: Adobe
CVE-2009-2981 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2980 (Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x ...)
	NOT-FOR-US: Adobe
CVE-2009-2979 (Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and ...)
	NOT-FOR-US: Adobe
CVE-2009-2978 (SQL injection vulnerability in SugarCRM 4.5.1o and earlier, 5.0.0k and ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2977 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2009-2976 (Cisco Aironet Lightweight Access Point (AP) devices send the contents ...)
	NOT-FOR-US: Cisco
CVE-2009-2975 (Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly ...)
	- xulrunner <not-affected> (unimportant)
	NOTE: browser crashes not treated as security issues
	NOTE: not reproducible, probably only Firefox in Windows XP is affected
CVE-2009-2974 (Google Chrome 1.0.154.65, 1.0.154.48, and earlier allows remote ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't support 'chromehtml' protocol)
CVE-2009-2973 (Google Chrome before 2.0.172.43 does not prevent SSL connections to a ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2972 (in.lpd in the print service in Sun Solaris 8 and 9 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-7106 (The installation of Sophos PureMessage for Microsoft Exchange 3.0 ...)
	NOT-FOR-US: Microsoft Exchange
CVE-2008-7105 (Sophos PureMessage for Microsoft Exchange 3.0 before 3.0.2 allows ...)
	NOT-FOR-US: Sophos PureMessage for Microsoft Exchange
CVE-2008-7104 (Sophos PureMessage Scanner service (PMScanner.exe) in PureMessage for ...)
	NOT-FOR-US: Sophos PureMessage Scanner service
CVE-2008-7103 (Stack-based buffer overflow in an ActiveX control in ...)
	NOT-FOR-US: Toolbar 2.0.4.1
CVE-2008-7102 (DotNetNuke 2.0 through 4.8.4 allows remote attackers to load .ascx ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7101 (Unspecified vulnerability in DotNetNuke 4.0 through 4.8.4 and 5.0 ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7100 (Unspecified vulnerability in DotNetNuke 4.4.1 through 4.8.4 allows ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-7099 (Unspecified vulnerability in the Manage Templates feature in Qsoft ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7098 (Multiple cross-site scripting (XSS) vulnerabilities in Qsoft K-Rate ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7097 (Multiple SQL injection vulnerabilities in Qsoft K-Rate Premium allow ...)
	NOT-FOR-US: Qsoft K-Rate Premium
CVE-2008-7096 (Intel Desktop and Intel Mobile Boards with BIOS firmware DQ35JO, ...)
	NOT-FOR-US: Intel Desktop and Intel Mobile Boards
CVE-2008-7095 (The SNMP daemon in ArubaOS 3.3.2.6 in Aruba Mobility Controller does ...)
	NOT-FOR-US: ArubaOS
CVE-2009-2971
	RESERVED
CVE-2009-2970 (Stack-based buffer overflow in the GetUiDllVersion function in an ...)
	NOT-FOR-US: UiTV UiPlayer
CVE-2009-2969
	RESERVED
CVE-2009-2968 (Directory traversal vulnerability in a support component in the web ...)
	NOT-FOR-US: VMware Studio
CVE-2009-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 ...)
	- buildbot 0.7.11p3-1
	[lenny] - buildbot <no-dsa> (Minor issue)
	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
CVE-2008-7094 (Campaign/CampaignListener in the listener server in Unica Affinium ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7093 (Multiple directory traversal vulnerabilities in Unica Affinium ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7092 (Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium ...)
	NOT-FOR-US: Affinium Campaign
CVE-2008-7091 (Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow ...)
	NOT-FOR-US: Pligg
CVE-2008-7090 (Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier ...)
	NOT-FOR-US: Pligg
CVE-2008-7089 (Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier ...)
	NOT-FOR-US: Pligg
CVE-2008-7088 (Unrestricted file upload vulnerability in upload.php in PhotoPost ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-7087 (PHP remote file inclusion vulnerability in search_wA.php in OpenPro ...)
	NOT-FOR-US: OpenPro
CVE-2008-7086 (Maian Greetings 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Maian Greetings
CVE-2008-7085 (Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS ...)
	NOT-FOR-US: TheHockeyStop HockeySTATS Online
CVE-2008-7084 (Directory traversal vulnerability in the web server 1.0 in Velocity ...)
	NOT-FOR-US: Velocity Security Management System
CVE-2009-2966 (avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2009-2965 (Cross-site scripting (XSS) vulnerability in entry/index.jsp in ...)
	NOT-FOR-US: Radvision Scopia
CVE-2009-2964 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	{DSA-2091-1}
	- squirrelmail 2:1.4.20~rc2-1 (low; bug #543818)
CVE-2009-2963 (Unspecified vulnerability in the update feature in Toolbar Uninstaller ...)
	NOT-FOR-US: Toolbar Uninstaller
CVE-2009-2961 (Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows ...)
	NOT-FOR-US: Thaddy de Konng KOL Player
CVE-2009-2960 (CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to ...)
	NOT-FOR-US: CuteFlow
CVE-2009-2959 (Cross-site scripting (XSS) vulnerability in the waterfall web status ...)
	- buildbot 0.7.11p3-1 (low; bug #543822)
	[lenny] - buildbot <no-dsa> (Minor issue)
	[etch] - buildbot <not-affected> (According to the vendor 0.7.5 and earlier are not affected)
CVE-2009-2958 (The tftp_request function in tftp.c in dnsmasq before 2.50, when ...)
	{DSA-1876-1}
	- dnsmasq 2.50-1
	[etch] - dnsmasq <not-affected>
CVE-2009-2957 (Heap-based buffer overflow in the tftp_request function in tftp.c in ...)
	{DSA-1876-1}
	- dnsmasq 2.50-1
	[etch] - dnsmasq <not-affected>
CVE-2009-2956 (The (1) Net.Commerce and (2) Net.Data components in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2955 (Google Chrome 1.0.154.48 and earlier allows remote attackers to cause ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	NOTE: browser denial of services are not considered security-relevant
CVE-2009-2954 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2009-2953 (Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote ...)
	- xulrunner <unfixed> (unimportant; bug #557753)
	NOTE: browser denial-of-services are considered unimportant
CVE-2009-2952 (Unspecified vulnerability in the pollwakeup function in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2951 (Phenotype CMS before 2.9 does not use a random salt value for password ...)
	NOT-FOR-US: Phenotype CMS
CVE-2008-7083 (Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter ...)
	NOT-FOR-US: ReVou Micro Blogging Twitter clone
CVE-2008-7082 (MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2008-7081 (userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 ...)
	NOT-FOR-US: RaidSonic ICY BOX NAS firmware
CVE-2008-7080 (Team PHP PHP Classifieds Script stores sensitive information under the ...)
	NOT-FOR-US: Team PHP PHP Classifieds Script
CVE-2008-7079 (Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to ...)
	NOT-FOR-US: Nero ShowTime
CVE-2008-7078 (Multiple buffer overflows in Rumpus before 6.0.1 allow remote ...)
	NOT-FOR-US: Rumpus
CVE-2008-7077 (Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow ...)
	NOT-FOR-US: SailPlanner
CVE-2008-7076 (Unrestricted file upload vulnerability in user.modify.profile.php in ...)
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7075 (Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star ...)
	NOT-FOR-US: Kalptaru Infotech Ltd. Star Articles
CVE-2008-7074 (Format string vulnerability in MemeCode Software i.Scribe 1.88 through ...)
	NOT-FOR-US: MemeCode Software i.Scribe
CVE-2008-7073 (PHP remote file inclusion vulnerability in lib/action/rss.php in RSS ...)
	NOT-FOR-US: RSS module 0.1 for Pie Web M{a,e}sher
CVE-2008-7072 (Cross-site scripting (XSS) vulnerability in index.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7071 (SQL injection vulnerability in authenticate.php in Chipmunk Topsites ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2008-7070 (Argument injection vulnerability in the URI handler in KVIrc 3.4.2 ...)
	- kvirc <not-affected> (Only affects Windows builds)
	NOTE: https://svn.kvirc.de/kvirc/ticket/274#comment:8
CVE-2008-7069 (All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-7067 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PageTree CMS
CVE-2008-7066 (OpenForum 0.66 Beta allows remote attackers to bypass authentication ...)
	NOT-FOR-US: OpenForum
CVE-2008-7065 (Siemens C450 IP and C475 IP VoIP devices allow remote attackers to ...)
	NOT-FOR-US: Siemens C450 IP and C475 IP VoIP devices
CVE-2008-7064 (Directory traversal vulnerability in the get_lang function in ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-7063 (Ocean12 FAQ Manager Pro stores sensitive data under the web root with ...)
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-7062 (Unrestricted file upload vulnerability in admin/index.php in Download ...)
	NOT-FOR-US: Download Manager module 1.0 for LoveCMS
CVE-2008-7061 (The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-7060 (Multiple cross-site scripting (XSS) vulnerabilities in One-News Beta 2 ...)
	NOT-FOR-US: One-News
CVE-2008-7059 (SQL injection vulnerability in index.php in One-News Beta 2 allows ...)
	NOT-FOR-US: One-News
CVE-2008-7058 (Cross-site request forgery (CSRF) vulnerability in BandSite CMS 1.1.4 ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7057 (Cross-site scripting (XSS) vulnerability in merchandise.php in ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7056 (BandSite CMS 1.1.4 does not perform access control for ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-7055 (module.php in ezContents 2.0.3 allows remote attackers to bypass the ...)
	NOT-FOR-US: ezContents
CVE-2008-7054 (Multiple directory traversal vulnerabilities in ezContents 2.0.3 allow ...)
	NOT-FOR-US: ezContents
CVE-2008-7053 (LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows ...)
	NOT-FOR-US: LogMeIn
CVE-2009-2950 (Heap-based buffer overflow in the ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-2949 (Integer overflow in the XPMReader::ReadXPM function in ...)
	{DSA-1995-1 DTSA-205-1}
	- openoffice.org 1:3.1.1-16
CVE-2009-2948 (mount.cifs in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (medium; bug #550423)
CVE-2009-2947 (Cross-site scripting (XSS) vulnerability in Xapian Omega before 1.0.16 ...)
	{DSA-1882-1}
	- xapian-omega 1.0.15-2
CVE-2009-2946 (Eval injection vulnerability in scripts/uscan.pl before Rev 1984 in ...)
	{DSA-1878-2 DSA-1878-1}
	- devscripts 2.10.54
CVE-2009-2945 (weblogin/login.fcgi (aka the WebLogin login script) in Stanford ...)
	- webauth 3.6.2-1 (low)
	[lenny] - webauth 3.6.0-1+lenny1
	[etch] - webauth <not-affected> (Vulnerable code not present)
CVE-2009-2944 (Incomplete blacklist vulnerability in the teximg plugin in ikiwiki ...)
	{DSA-1875-1}
	- ikiwiki 3.1415926
CVE-2009-2943 (The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL ...)
	{DSA-1909-1}
	- postgresql-ocaml 1.12.1-1 (low)
CVE-2009-2942 (The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the ...)
	{DSA-1910-1}
	- mysql-ocaml 1.0.4-7 (low)
CVE-2009-2941
	RESERVED
CVE-2009-2940 (The pygresql module 3.8.1 and 4.0 for Python does not properly support ...)
	{DSA-1911-1}
	- pygresql 1:4.0-1 (low)
CVE-2009-2939 (The postfix.postinst script in the Debian GNU/Linux and Ubuntu postfix ...)
	- postfix 2.6.5-3 (low)
	[lenny] - postfix 2.5.5-1.1+lenny1
	[etch] - postfix <no-dsa> (Minor issue)
CVE-2009-2938
	RESERVED
CVE-2009-2937 (Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet ...)
	- planet <removed> (low; bug #546178)
	[lenny] - planet <no-dsa> (Minor issue)
	[etch] - planet <no-dsa> (Minor issue)
	- planet-venus 0~bzr116-1 (low; bug #546179)
	[lenny] - planet-venus 0~bzr95-2+lenny1
	[etch] - planet-venus <no-dsa> (Minor issue)
CVE-2009-2936 (** DISPUTED ** The Command Line Interface (aka Server CLI or ...)
	- varnish 2.1.0-2 (unimportant)
	NOTE: Only a security issue if used against best practices
CVE-2009-2935 (Google V8, as used in Google Chrome before 2.0.172.43, allows remote ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-2934 (Multiple stack-based buffer overflows in xaudio.dll in Programmed ...)
	NOT-FOR-US: Programmed Integration PIPL
CVE-2009-2933 (SQL injection vulnerability in comments.php in Piwigo before 2.0.3 ...)
	- piwigo <not-affected> (Fixed before initial upload to the archive)
CVE-2009-2932 (Cross-site scripting (XSS) vulnerability in uddiclient/process in the ...)
	NOT-FOR-US: SAP NetWeaver
CVE-2009-2931 (Directory traversal vulnerability in p.php in SlideShowPro Director ...)
	NOT-FOR-US: SlideShowPro Director
CVE-2009-2930 (Cross-site scripting (XSS) vulnerability in the Search feature in elka ...)
	NOT-FOR-US: elka CMS (aka Elkapax)
CVE-2009-2929 (Multiple SQL injection vulnerabilities in TGS Content Management 0.x ...)
	NOT-FOR-US: TGS Content Management
CVE-2009-2928 (Cross-site scripting (XSS) vulnerability in login.php in TGS Content ...)
	NOT-FOR-US: TGS Content Management
CVE-2009-2927 (SQL injection vulnerability in DetailFile.php in DigitalSpinners DS ...)
	NOT-FOR-US: DigitalSpinners DS CMS
CVE-2009-2926 (Multiple SQL injection vulnerabilities in PHP Competition System BETA ...)
	NOT-FOR-US: PHP Competition System BETA
CVE-2008-7052 (Unrestricted file upload vulnerability in profile.php in Pre Projects ...)
	NOT-FOR-US: Pre Projects Pre Real Estate Listings
CVE-2008-7051 (AJ Square AJ Article allows remote attackers to bypass authentication ...)
	NOT-FOR-US: AJ Square AJ Article
CVE-2008-7050 (The password_check function in auth/auth_phpbb3.php in WoW Raid ...)
	NOT-FOR-US: WoW Raid Manager
CVE-2008-7049 (Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 ...)
	NOT-FOR-US: NatterChat
CVE-2008-7048 (Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 ...)
	NOT-FOR-US: NatterChat
CVE-2008-7047 (NatterChat 1.1 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: NatterChat
CVE-2008-7046 (AJ Square Free Polling Script (AJPoll) allows remote attackers to ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7045 (AJ Square Free Polling Script (AJPoll) Database version allows remote ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7044 (SQL injection vulnerability in admin/include/newpoll.php in AJ Square ...)
	NOT-FOR-US: AJ Square Free Polling Script
CVE-2008-7043 (Cross-site scripting (XSS) vulnerability in register.php in ...)
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7042 (PHP remote file inclusion vulnerability in url.php in FreshScripts ...)
	NOT-FOR-US: FreshScripts Fresh Email Script
CVE-2008-7041 (AJ Classifieds allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: AJ Classifieds
CVE-2008-7040 (SQL injection vulnerability in ahah/sf-profile.php in the Yellow ...)
	NOT-FOR-US: Yellow Swordfish Simple Forum module for Wordpress
CVE-2008-7039 (Cross-site scripting (XSS) vulnerability in admin/comments.php in ...)
	NOT-FOR-US: Gelato CMS
CVE-2008-7038 (SQL injection vulnerability in the My_eGallery module for PHP-Nuke ...)
	NOT-FOR-US: My_eGallery module for PHP-Nuke
CVE-2008-7037 (The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for ...)
	NOT-FOR-US: ITN News Gadget
CVE-2008-7036 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: DevTracker module 3.0 for bcoos
CVE-2008-7035 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
	NOT-FOR-US: Simple Machines phpRaider
CVE-2008-7034 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-7033 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: component for Joomla!
CVE-2008-7032 (Web Management Console Cross-site request forgery (CSRF) vulnerability ...)
	NOT-FOR-US: web management console in F5 BIG-IP
CVE-2008-7031 (Heap-based buffer overflow in Foxit Remote Access Server (aka WAC ...)
	NOT-FOR-US: Foxit Remote Access Server (aka WAC Server)
CVE-2008-7030 (Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web ...)
	NOT-FOR-US: Site2Nite Real Estate Web
CVE-2008-7029 (Unrestricted file upload vulnerability in usercp.php in AlilG ...)
	NOT-FOR-US: AlilG Application AliBoard
CVE-2008-7028 (RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: RPG.Board
CVE-2008-7027 (Libra File Manager 1.18 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-7026 (Unrestricted file upload vulnerability in filesystem3.class.php in ...)
	NOT-FOR-US: eFront
CVE-2008-7025 (TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe ...)
	NOT-FOR-US: Check Point ZoneAlarm
CVE-2008-7024 (admin.php in Arz Development The Gemini Portal 4.7 and earlier allows ...)
	NOT-FOR-US: Arz Development The Gemini Portal
CVE-2008-7023 (Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other ...)
	NOT-FOR-US: ArubaOS
CVE-2008-7022 (Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat ...)
	NOT-FOR-US: Chilkat Software IMAP ActiveX control
CVE-2008-7021 (Unrestricted file upload vulnerability in editlogo.php in AvailScript ...)
	NOT-FOR-US: AvailScript Jobs Portal Script
CVE-2008-7020 (McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores ...)
	NOT-FOR-US: McAfee SafeBoot Device Encryption
CVE-2008-7019 (Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Esqlanelapse
CVE-2008-7018 (Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar ...)
	NOT-FOR-US: NashTech Easy PHP Calendar
CVE-2008-7017 (Cross-site scripting (XSS) vulnerability in analyse.php in CAcert ...)
	NOT-FOR-US: CAcert
CVE-2008-7016 (tnftpd before 20080929 splits large command strings into multiple ...)
	NOT-FOR-US: tnftpd
CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...)
	- tikiwiki <removed>
CVE-2009-3026 (protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly ...)
	- pidgin 2.6.1-1 (low; bug #542891)
	[lenny] - pidgin 2.4.3-4lenny4
	NOTE: gaim nof affected, it never claimed to support TLS/SSL
	NOTE: http://developer.pidgin.im/ticket/8131
	NOTE: http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279
CVE-2009-2962
	REJECTED
CVE-2009-2925 (Directory traversal vulnerability in DJcalendar.cgi in DJCalendar ...)
	NOT-FOR-US: DJCalendar
CVE-2009-2924 (Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 ...)
	NOT-FOR-US: Videos Broadcast Yourself 2
CVE-2009-2923 (Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance ...)
	NOT-FOR-US: BitmixSoft PHP-Lance
CVE-2009-2922 (Absolute path traversal vulnerability in pixaria.image.php in Pixaria ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2009-2921 (Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP ...)
	NOT-FOR-US: MOC Designs PHP News
CVE-2009-2920 (Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 ...)
	NOT-FOR-US: Elvin
CVE-2009-2919 (Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 ...)
	NOT-FOR-US: Boonex Orca
CVE-2009-2918 (The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows ...)
	NOT-FOR-US: TheGreenBow IPSec VPN Client
CVE-2009-2917 (Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote ...)
	NOT-FOR-US: ImTOO MPEG Encoder
CVE-2009-2916 (Format string vulnerability in the CNS_AddTxt function in logs.dll in ...)
	NOT-FOR-US: 2K Games Vietcong
CVE-2009-2915 (SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery ...)
	NOT-FOR-US: 2FLY Gift Delivery System
CVE-2009-2914 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
	NOT-FOR-US: XZero Community Classified
CVE-2009-2913 (Cross-site scripting (XSS) vulnerability in index.php in XZero ...)
	NOT-FOR-US: XZero Community Classified
CVE-2009-2912 (The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2911 (SystemTap 1.0, when the --unprivileged option is used, does not ...)
	- systemtap 1.0-2 (bug #551918)
	[lenny] - systemtap <not-affected> (Affected functionality only added in 1.0)
CVE-2009-2910 (arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <unfixed> (medium)
CVE-2009-2909 (Integer signedness error in the ax25_setsockopt function in ...)
	{DSA-1929-1 DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2908 (The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.19)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2907 (Multiple cross-site scripting (XSS) vulnerabilities in SpringSource tc ...)
	NOT-FOR-US: SpringSource tc Server, Application Management Suite, Hyperic HQ Open Source, and Hyperic Enterprise
CVE-2009-2906 (smbd in Samba 3.0 before 3.0.37, 3.2 before 3.2.15, 3.3 before 3.3.8, ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (low; bug #550423)
CVE-2009-2905 (Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and ...)
	{DSA-1894-1}
	- newt 0.52.10-4.1 (medium; bug #548198)
CVE-2009-2904 (A certain Red Hat modification to the ChrootDirectory feature in ...)
	- openssh <not-affected> (issue with homechroot patch specific to Red Hat)
CVE-2009-2903 (Memory leak in the appletalk subsystem in the Linux kernel 2.4.x ...)
	{DSA-1928-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-2902 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
	{DSA-2207-1}
	- tomcat6 6.0.24-1 (low)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5.5 <removed>
CVE-2009-2901 (The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and ...)
	- tomcat6 <not-affected> (Windows-only)
	- tomcat5.5 <not-affected> (Windows-only)
CVE-2009-2900
	RESERVED
CVE-2009-2899 (The monitor perl script in the Sybase database plug-in in SpringSource ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2898 (Cross-site scripting (XSS) vulnerability in the Alerts list feature in ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2897 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: SpringSource Hyperic HQ
CVE-2009-2896 (Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote ...)
	NOT-FOR-US: KMPlayer: http://www.kmplayer.com
CVE-2009-2895 (SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate ...)
	NOT-FOR-US: Ultimate Regnow Affiliate
CVE-2009-2894 (Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2893 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2009-2892 (Multiple SQL injection vulnerabilities in header.php in Scripteen Free ...)
	NOT-FOR-US: Scripteen Free Image Hosting Script
CVE-2009-2891 (SQL injection vulnerability in list.php in PHP Scripts Now Riddles ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2890 (Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2889 (Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Now Riddles
CVE-2009-2888 (SQL injection vulnerability in index.php in PHP Scripts Now Hangman ...)
	NOT-FOR-US: PHP Scripts Now Hangman
CVE-2009-2887 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Now President Bios
CVE-2009-2886 (SQL injection vulnerability in bios.php in PHP Scripts Now President ...)
	NOT-FOR-US: PHP Scripts Now President
CVE-2009-2885 (SQL injection vulnerability in bios.php in PHP Scripts Now World's ...)
	NOT-FOR-US: PHP Scripts Now World's
CVE-2009-2884 (Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts ...)
	NOT-FOR-US: PHP Scripts Now World's Tallest Buildings
CVE-2009-2883 (SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, ...)
	NOT-FOR-US: SaphpLesson
CVE-2009-2882 (Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking ...)
	NOT-FOR-US: PG MatchMaking
CVE-2009-2881 (Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote ...)
	NOT-FOR-US: Basilic
CVE-2009-3369 (CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in ...)
	- backuppc 3.1.0-8 (low; bug #542218)
	[etch] - backuppc <not-affected> (No configuration GUI)
	[lenny] - backuppc 3.1.0-4lenny2
CVE-2009-5043 [burn: Insecure escaping of file names]
	RESERVED
	- burn 0.4.5-1 (low; bug #542329)
	[lenny] - burn 0.4.3-2.1+lenny1
	[etch] - burn <no-dsa> (Minor issue)
CVE-2009-2880 (Buffer overflow in atrpui.dll in the Cisco WebEx WRF Player 26.x ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2879 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2878 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2877 (Stack-based buffer overflow in ataudio.dll in the Cisco WebEx WRF ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2876 (Heap-based buffer overflow in atas32.dll in the Cisco WebEx WRF Player ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2875 (Buffer overflow in atas32.dll in the Cisco WebEx WRF Player 26.x ...)
	NOT-FOR-US: Cisco WebEx WRF Player
CVE-2009-2874 (The TimesTenD process in Cisco Unified Presence 1.x, 6.x before ...)
	NOT-FOR-US: Cisco Unified Presence
CVE-2009-2873 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2872 (Cisco IOS 12.0 through 12.4, when IP-based tunnels and the Cisco ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2871 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when SSLVPN ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2870 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when the ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2869 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2868 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4, when ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2867 (Unspecified vulnerability in Cisco IOS 12.2XNA, 12.2XNB, 12.2XNC, ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2866 (Unspecified vulnerability in Cisco IOS 12.2 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2865 (Buffer overflow in the login implementation in the Extension Mobility ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2864 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco
CVE-2009-2863 (Race condition in the Firewall Authentication Proxy feature in Cisco ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2862 (The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2009-2861 (The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet ...)
	NOT-FOR-US: Cisco
CVE-2009-2860 (Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows ...)
	NOT-FOR-US: db2jds in IBM DB2
CVE-2009-2859 (IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access ...)
	NOT-FOR-US: IBM DB2
CVE-2009-2858 (Memory leak in the Security component in IBM DB2 8.1 before FP18 on ...)
	NOT-FOR-US: IBM DB2
CVE-2009-2857 (The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before ...)
	NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2856 (Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding ...)
	NOT-FOR-US: Sun Virtual Desktop Infrastructure
CVE-2009-2855 (The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 ...)
	{DSA-1991-1}
	- squid 2.7.STABLE7-1 (low; bug #534982)
	- squid3 3.0.STABLE19-1
CVE-2009-2854 (Wordpress before 2.8.3 does not check capabilities for certain ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1
CVE-2009-2853 (Wordpress before 2.8.3 allows remote attackers to gain privileges via ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1
CVE-2009-2852 (WP-Syntax plugin 0.9.1 and earlier for Wordpress, with ...)
	NOT-FOR-US: WP-Syntax plugin
CVE-2009-2851 (Cross-site scripting (XSS) vulnerability in the administrator ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low)
CVE-2009-2850 (Multiple buffer overflows in NASA Common Data Format (CDF) allow ...)
	NOT-FOR-US: NASA Common Data Format
CVE-2009-2845
	REJECTED
CVE-2008-7015 (Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-7014 (fhttpd 0.4.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: fhttpd
CVE-2008-7013 (NetService.dll in Baidu Hi IM allows remote servers to cause a denial ...)
	NOT-FOR-US: Baidu Hi IM
CVE-2008-7012 (courier/1000@/api_error_email.html (aka &quot;error reporting page&quot;) in ...)
	NOT-FOR-US: Accellion File Transfer Appliance
CVE-2008-7011 (The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-7010 (Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers ...)
	NOT-FOR-US: Skalfa Software SkaLinks Exchange Script
CVE-2008-7009 (Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security ...)
	NOT-FOR-US: Check Point ZoneAlarm Security Suite
CVE-2008-7008 (HyperStop Web Host Directory 1.2 allows remote attackers to bypass ...)
	NOT-FOR-US: HyperStop Web Host Directory
CVE-2008-7007 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...)
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7006 (Free PHP VX Guestbook 1.06 allows remote attackers to bypass ...)
	NOT-FOR-US: Free PHP VX Guestbook
CVE-2008-7005 (include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) ...)
	NOT-FOR-US: Minb Is Not a Blog
CVE-2008-7004 (Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown ...)
	NOT-FOR-US: Electronic Logbook
CVE-2009-2849 (The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-4 (medium)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (medium)
CVE-2009-2848 (The execve function in the Linux kernel, possibly 2.6.30-rc6 and ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-7 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2847 (The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-6 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2846 (The eisa_eeprom_read function in the parisc isa-eeprom component ...)
	{DSA-1928-1 DSA-1872-1}
	- linux-2.6 2.6.30-6 (low)
	- linux-2.6.24 <removed>
	[lenny] - linux-2.6 2.6.26-19 (low)
CVE-2009-2844 (cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and ...)
	- linux-2.6 2.6.30-7 (medium)
	[etch] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
	[lenny] - linux-2.6 <not-affected> (vulnerability introduced in 2.6.30)
	- linux-2.6.24 <not-affected> (vulnerability introduced in 2.6.30)
CVE-2009-2843 (Java for Mac OS X 10.5 before Update 6 and 10.6 before Update 1 ...)
	NOT-FOR-US: Mac OS X
CVE-2009-2842 (Apple Safari before 4.0.4 does not properly implement certain (1) Open ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2841 (The HTMLMediaElement::loadResource function in ...)
	- webkit 1.1.21-1 (medium; bug #559759)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	NOTE: http://trac.webkit.org/changeset/49480
	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- kdelibs <not-affected> (No support for HTML5 video tags)
CVE-2009-2840 (Spotlight in Apple Mac OS X 10.5.8 does not properly handle temporary ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2839 (Screen Sharing in Apple Mac OS X 10.5.8 allows remote VNC servers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2838 (Integer overflow in QuickLook in Apple Mac OS X 10.5.8 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2837 (Heap-based buffer overflow in QuickDraw Manager in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2836 (Race condition in Login Window in Apple Mac OS X 10.6.x before 10.6.2, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2835 (The kernel in Apple Mac OS X before 10.6.2 does not properly handle ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2834 (IOKit in Apple Mac OS X before 10.6.2 allows local users to modify the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2833 (Buffer overflow in the UCCompareTextDefault API in International ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2832 (Buffer overflow in FTP Server in Apple Mac OS X before 10.6.2 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2831 (Dictionary in Apple Mac OS X 10.5.8 allows remote attackers to create ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2830 (Multiple buffer overflows in Christos Zoulas file before 5.03 in Apple ...)
	- file 5.03-1
	[lenny] - file <not-affected>
	[etch] - file <not-affected>
CVE-2009-2829 (Event Monitor in Apple Mac OS X 10.5.8 does not properly handle ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2828 (The server in DirectoryService in Apple Mac OS X 10.5.8 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2827 (Heap-based buffer overflow in Disk Images in Apple Mac OS X 10.5.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2826 (Multiple integer overflows in CoreGraphics in Apple Mac OS X 10.5.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2825 (Certificate Assistant in Apple Mac OS X before 10.6.2 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2824 (Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2823 (The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2822 (AirPort Utility before 5.5.1 for Apple AirPort Base Station does not ...)
	NOT-FOR-US: AirPort Utility
CVE-2009-2821
	RESERVED
CVE-2009-2820 (The web interface in CUPS before 1.4.2, as used on Apple Mac OS X ...)
	{DSA-1933-1}
	- cups 1.4.2-1 (low; bug #555666)
	- cupsys <removed>
CVE-2009-2819 (AFP Client in Apple Mac OS X 10.5.8 allows remote AFP servers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2818 (Adaptive Firewall in Apple Mac OS X before 10.6.2 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2817 (Buffer overflow in Apple iTunes before 9.0.1 allows remote attackers ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-2816 (The implementation of Cross-Origin Resource Sharing (CORS) in WebKit, ...)
	- webkit 1.1.21-1 (low; bug #559759)
	[lenny] - webkit <not-affected> (vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/47494
CVE-2009-2815 (The Telephony component in Apple iPhone OS before 3.1 does not ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2814 (Cross-site scripting (XSS) vulnerability in the Wiki Server in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2813 (Samba 3.4 before 3.4.2, 3.3 before 3.3.8, 3.2 before 3.2.15, and ...)
	{DSA-1908-1}
	- samba 2:3.4.2-1 (bug #550422)
	NOTE: requires an administrator to manually configure a user account without
	NOTE: a home dir, otherwise, this is ineffective
CVE-2009-2812 (Launch Services in Apple Mac OS X 10.5.8 does not properly recognize ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2811 (Incomplete blacklist vulnerability in Launch Services in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2810 (Launch Services in Apple Mac OS X 10.6.x before 10.6.2 recursively ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2809 (ImageIO in Apple Mac OS X 10.4.11 and 10.5.8 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2808 (Help Viewer in Apple Mac OS X before 10.6.2 does not use an HTTPS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2807 (Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS ...)
	- cupsys <not-affected> (issue in darwin-specific code; bug #550150)
	- cups <not-affected> (issue in darwin-specific code; bug #550150)
CVE-2009-2806
	RESERVED
CVE-2009-2805 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.8 ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-2804 (Integer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5.8, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2803 (CarbonCore in Apple Mac OS X 10.4.11 and 10.5.8 allows attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2802
	RESERVED
	- mantis <not-affected> (Only affects 1.2.x)
	NOTE: http://www.mantisbt.org/bugs/view.php?id=11952
	NOTE: http://www.mantisbt.org/blog/?p=113
CVE-2009-2801 (The Application Firewall in Apple Mac OS X 10.5.8 drops unspecified ...)
	NOT-FOR-US: Apple Application Firewall
CVE-2009-2800 (Buffer overflow in Alias Manager in Apple Mac OS X 10.4.11 and 10.5.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2799 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2798 (Heap-based buffer overflow in Apple QuickTime before 7.6.4 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2797 (The WebKit component in Safari in Apple iPhone OS before 3.1, and ...)
	- webkit 1.1.21-1 (low; bug #559759)
	[lenny] - webkit <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (Too intrusive to backport, disk of regression higher than impact at hand)
	NOTE: http://trac.webkit.org/changeset/42483
CVE-2009-2796 (The UIKit component in Apple iPhone OS 3.0, and iPhone OS 3.0.1 for ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2795 (Heap-based buffer overflow in the Recovery Mode component in Apple ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2794 (The Exchange Support component in Apple iPhone OS before 3.1, and ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2793 (The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms ...)
	NOT-FOR-US: NetBSD kernel
CVE-2009-2792 (Directory traversal vulnerability in plugings/pagecontent.php in ...)
	NOT-FOR-US: Really Simple CMS
CVE-2009-2791 (PHP remote file inclusion vulnerability in pda_projects.php in ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2009-2790 (SQL injection vulnerability in cat_products.php in SoftBiz Dating ...)
	NOT-FOR-US: SoftBiz Dating
CVE-2009-2789 (SQL injection vulnerability in the Permis (com_groups) component 1.0 ...)
	NOT-FOR-US: com_groups component for Joomla!
CVE-2009-2788 (Multiple SQL injection vulnerabilities in Mobilelib GOLD 3 allow ...)
	NOT-FOR-US: Mobilelib GOLD
CVE-2009-2787 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Reputation plugin for PunBB
CVE-2009-2786 (SQL injection vulnerability in reputation.php in the Reputation plugin ...)
	NOT-FOR-US: Reputation plugin for PunBB
CVE-2009-2785 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Open ...)
	NOT-FOR-US: PHP Open Classifieds Script
CVE-2009-2784 (Multiple directory traversal vulnerabilities in dit.cms 1.3, when ...)
	NOT-FOR-US: dit.cms
CVE-2009-2783 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 ...)
	NOT-FOR-US: XOOPS
CVE-2009-2782 (SQL injection vulnerability in the JFusion (com_jfusion) component for ...)
	NOT-FOR-US: com_jfusion component for Joomla!
CVE-2009-2781 (SQL injection vulnerability in forum.php in Arab Portal 2.x, when ...)
	NOT-FOR-US: Arab Portal
CVE-2009-2780 (Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds ...)
	NOT-FOR-US: 68 Classifieds
CVE-2009-2779 (SQL injection vulnerability in index.php in AJ Matrix DNA allows ...)
	NOT-FOR-US: AJ Matrix DNA
CVE-2008-7003 (Multiple SQL injection vulnerabilities in login.php in The Rat CMS ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-7002 (PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir ...)
	- php5 (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2008-7001 (Unrestricted file upload vulnerability in the file manager in Creative ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-7000 (PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 ...)
	NOT-FOR-US: phpAuction
CVE-2008-6999 (phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote ...)
	NOT-FOR-US: phpAuction
CVE-2008-6998 (Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6997 (Google Chrome 0.2.149.27 allows user-assisted remote attackers to ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6996 (Google Chrome BETA (0.2.149.27) does not prompt the user before saving ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6995 (Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6994 (Stack-based buffer overflow in the SaveAs feature ...)
	- chromium-browser <not-affected> (Only 0.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2008-6993 (Siemens Gigaset WLAN Camera 1.27 has an insecure default password, ...)
	NOT-FOR-US: Siemens Gigaset WLAN Camera
CVE-2008-6992 (GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, ...)
	NOT-FOR-US: GreenSQL Firewall
CVE-2008-6991 (SQL injection vulnerability in public/page.php in Websens CMSbright ...)
	NOT-FOR-US: CMSbright
CVE-2008-6990 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6989 (SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6988 (Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-6987 (Unrestricted file upload vulnerability in eZoneScripts Dating Website ...)
	NOT-FOR-US: eZoneScripts Dating Website script
CVE-2008-6986 (SQL injection vulnerability in the actionMultipleAddProduct function ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6985 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6984 (Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, ...)
	NOT-FOR-US: Plesk
CVE-2008-6983 (modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers ...)
	NOT-FOR-US: devalcms
CVE-2008-6982 (Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a ...)
	NOT-FOR-US: devalcms
CVE-2008-6981 (index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6980 (SQL injection vulnerability in as_archives.php in phpAdultSite CMS, ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6979 (Cross-site scripting (XSS) vulnerability in as_archives.php in ...)
	NOT-FOR-US: phpAdultSite CMS
CVE-2008-6978 (Unrestricted file upload vulnerability in Full Revolution aspWebAlbum ...)
	NOT-FOR-US: aspWebAlbum
CVE-2008-6977 (Cross-site scripting (XSS) vulnerability in album.asp in Full ...)
	NOT-FOR-US: aspWebAlbum
CVE-2008-6976 (MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2009-2778 (Cross-site scripting (XSS) vulnerability in visitor/view.php in ...)
	NOT-FOR-US: GarageSales script
CVE-2009-2777 (SQL injection vulnerability in visitor/view.php in GarageSales Script ...)
	NOT-FOR-US: GarageSales Script
CVE-2009-2776 (SQL injection vulnerability in showresult.asp in Smart ASP Survey ...)
	NOT-FOR-US: Smart ASP Survey
CVE-2009-2775 (SQL injection vulnerability in linkout.php in PHPArcadeScript (PHP ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2009-2774 (SQL injection vulnerability in paidbanner.php in PHP Paid 4 Mail ...)
	NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2773 (PHP remote file inclusion vulnerability in home.php in PHP Paid 4 Mail ...)
	NOT-FOR-US: PHP Paid 4 Mail
CVE-2009-2772 (Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2009-2771 (Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 ...)
	NOT-FOR-US: Free Arcade Script
CVE-2009-2770 (PowerUpload 2.4 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: PowerUpload
CVE-2009-2769 (PHP remote file inclusion vulnerability in include/timesheet.php in ...)
	NOT-FOR-US: Ultrize TimeSheet
CVE-2009-2768 (The load_flat_shared_library function in fs/binfmt_flat.c in the flat ...)
	- linux-2.6 2.6.30-6 (medium)
	[etch] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (kernel/cred.c introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (kernel/cred.c introduced in 2.6.29)
CVE-2009-2767 (The init_posix_timers function in kernel/posix-timers.c in the Linux ...)
	- linux-2.6 2.6.30-6 (medium)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.28)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (introduced in 2.6.28)
CVE-2009-2766 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1 does not ...)
	NOT-FOR-US: DD-WRT
CVE-2009-2765 (httpd.c in httpd in the management GUI in DD-WRT 24 sp1, and other ...)
	NOT-FOR-US: DD-WRT
CVE-2009-2764 (Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 ...)
	NOT-FOR-US: Microsoft
CVE-2008-6975 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: DD-WRT
CVE-2008-6974 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: DD-WRT
CVE-2009-3040 (Multiple SQL injection vulnerabilities in Open Computer and Software ...)
	- ocsinventory-server 1.02.1-2 (unimportant; bug #541995)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2009-3042 (SQL injection vulnerability in machine.php in Open Computer and ...)
	- ocsinventory-server 1.02.1-2 (unimportant; bug #541995)
	NOTE: Authentication is needed, only supported in trusted environments, see debtags
CVE-2009-2763
	RESERVED
CVE-2009-XXXX [logrotate race condition could lead to file disclosure]
	- logrotate 3.7.8-4 (low; bug #388608)
	[lenny] - logrotate <no-dsa> (Minor issue)
CVE-2008-6973 (Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6961 (mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before ...)
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-XXXX [XSS in drupal printing module]
	- drupal6 <removed> (unimportant)
	NOTE: you need admin privs in orde to exploit this
	NOTE: http://lampsecurity.org/drupal-print-module-vulnerabilities
CVE-2009-2761 (Unquoted Windows search path vulnerability in the scheduler ...)
	NOT-FOR-US: Avira AntiVir
CVE-2008-6972 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal Content ...)
	NOT-FOR-US: Drupal Content Construction Kit (third-party module)
CVE-2008-6971 (The password reset functionality in Simple Machines Forum (SMF) 1.0.x ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6970 (SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 ...)
	NOT-FOR-US: UBB.threads
CVE-2008-6969 (Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in ...)
	NOT-FOR-US: Avactis Shopping Cart
CVE-2008-6968 (Multiple SQL injection vulnerabilities in submit.php in Pligg CMS ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-6967 (Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2008-6966 (AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does ...)
	NOT-FOR-US: AJ Square AJ Auction Pro Platinum Skin #1
CVE-2008-6965 (AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, ...)
	NOT-FOR-US: AJ Square AJ Auction OOPD
CVE-2008-6964 (SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows ...)
	NOT-FOR-US: X7 Chat
CVE-2008-6963 (admin.php in TurnkeyForms Text Link Sales allows remote attackers to ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-6962 (Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, ...)
	NOT-FOR-US: Avira AntiVir Premium
CVE-2009-2760
	RESERVED
CVE-2009-2759
	RESERVED
CVE-2009-2758
	RESERVED
CVE-2009-2757
	RESERVED
CVE-2009-2756
	RESERVED
CVE-2009-2755
	RESERVED
CVE-2009-2754 (Integer signedness error in the authentication functionality in ...)
	NOT-FOR-US: Informix Storage Manager
CVE-2009-2753 (Multiple buffer overflows in the authentication functionality in ...)
	NOT-FOR-US: Informix Storage Manager
CVE-2009-2752 (IBM WebSphere Commerce 7.0 does not properly encrypt data in a ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2751 (IBM WebSphere Commerce 7.0 uses the same cryptographic key for session ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2750 (IBM WebSphere Service Registry and Repository (WSRR) 6.3.0 before FP2 ...)
	NOT-FOR-US: IBM WebSphere Service Registry and Repository
CVE-2009-2749 (Feature Pack for Communications Enabled Applications (CEA) before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2748 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2747 (The Java Naming and Directory Interface (JNDI) implementation in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2746 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2745
	RESERVED
CVE-2009-2744 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2743 (IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.27, and 7.0 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2742 (Cross-site scripting (XSS) vulnerability in Eclipse Help in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2741 (Unspecified vulnerability in the wberuntimeear application in the test ...)
	NOT-FOR-US: IBM WebSphere Business Events
CVE-2009-2740 (kmxIds.sys before 7.3.1.18 in CA Host-Based Intrusion Prevention ...)
	NOT-FOR-US: CA Host-Based Intrusion Prevention System (HIPS)
CVE-2009-2739 (Cross-site scripting (XSS) vulnerability in FreeNAS before 0.69.2 ...)
	NOT-FOR-US: FreeNAS
CVE-2009-2738 (Cross-site request forgery (CSRF) vulnerability in the WebGUI in ...)
	NOT-FOR-US: FreeNAS
CVE-2008-6960 (download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 ...)
	NOT-FOR-US: X10media
CVE-2008-6959 (Insecure method vulnerability in the Chilkat Socket ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2008-6958 (wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote ...)
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6957 (member.php in Crossday Discuz! Board allows remote attackers to reset ...)
	NOT-FOR-US: Crossday Discuz! Board
CVE-2008-6956 (Static code injection vulnerability in admin/admin.php in mxCamArchive ...)
	NOT-FOR-US: mxCamArchive
CVE-2008-6955 (mxCamArchive 2.2 stores sensitive information under the web root with ...)
	NOT-FOR-US: mxCamArchive
CVE-2008-6954 (The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote ...)
	- cobbler <not-affected> (Fixed before initial upload)
CVE-2008-6953 (Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other ...)
	NOT-FOR-US: ooVoo
CVE-2008-6952 (SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier ...)
	NOT-FOR-US: MauryCMS
CVE-2008-6951 (MauryCMS 0.53.2 and earlier does not require administrative ...)
	NOT-FOR-US: MauryCMS
CVE-2008-6950 (Multiple SQL injection vulnerabilities in login.asp in Bankoi ...)
	NOT-FOR-US: Bankoi WebHosting Control Panel
CVE-2008-6949 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Collabtive
CVE-2008-6948 (Unrestricted file upload vulnerability in Collabtive 0.4.8 allows ...)
	NOT-FOR-US: Collabtive
CVE-2008-6947 (Collabtive 0.4.8 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Collabtive
CVE-2008-6946 (Cross-site scripting (XSS) vulnerability in manageproject.php in ...)
	NOT-FOR-US: Collabtive
CVE-2008-6945 (Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 ...)
	- interchange 5.6.1-1 (low; bug #505732)
CVE-2008-6944 (Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds ...)
	NOT-FOR-US: ScriptsFeed Auto Classifieds
CVE-2008-6943 (Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing ...)
	NOT-FOR-US: ScriptsFeed Recipes Listing Portal
CVE-2008-6942 (Unrestricted file upload vulnerability in ScriptsFeed Realtor ...)
	NOT-FOR-US: ScriptsFeed Realtor Classifieds System
CVE-2008-6941 (SQL injection vulnerability in the login functionality in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6940 (TurnkeyForms Web Hosting Directory stores sensitive information under ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6939 (TurnkeyForms Web Hosting Directory allows remote attackers to bypass ...)
	NOT-FOR-US: TurnkeyForms Web Hosting Directory
CVE-2008-6938 (Pi3Web 2.0.3 before PL2, when installed on Windows as a desktop ...)
	NOT-FOR-US: Pi3Web
CVE-2008-6937 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
	NOT-FOR-US: Exodus
CVE-2008-6936 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
	NOT-FOR-US: Exodus
CVE-2008-6935 (Argument injection vulnerability in Exodus 0.10 allows remote ...)
	NOT-FOR-US: Exodus
CVE-2008-6934 (Static code injection vulnerability in Sanus|artificium (aka Sanusart) ...)
	NOT-FOR-US: Sanus|artificium (aka Sanusart)
CVE-2008-6933 (Directory traversal vulnerability in index.php in MiniGal b13 (aka ...)
	NOT-FOR-US: MiniGal
CVE-2008-6932 (Unrestricted file upload vulnerability in submit_file.php in ...)
	NOT-FOR-US: AlstraSoft SendIt Pro
CVE-2008-6931 (Unrestricted file upload vulnerability in PHPStore Job Search (aka ...)
	NOT-FOR-US: PHPStore Job Search (aka PHPCareers)
CVE-2008-6930 (Unrestricted file upload vulnerability in PHPStore Real Estate allows ...)
	NOT-FOR-US: PHPStore Real Estate
CVE-2008-6929 (Unrestricted file upload vulnerability in PHPStore Auto Classifieds ...)
	NOT-FOR-US: PHPStore Auto Classifieds
CVE-2008-6928 (Unrestricted file upload vulnerability in PHPStore Complete ...)
	NOT-FOR-US: PHPStore Complete Classifieds
CVE-2009-2737 (The EditCSVAction function in cgi/actions.py in Roundup 1.2 before ...)
	{DSA-1754-1}
	- roundup 1.4.4-4+lenny1 (bug #518768)
CVE-2009-2736 (Static code injection vulnerability in admin.php in sun-jester ...)
	NOT-FOR-US: OpenNews
CVE-2009-2735 (SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, ...)
	NOT-FOR-US: OpenNews
CVE-2009-2734 (SQL injection vulnerability in the get_employee function in ...)
	NOT-FOR-US: Achievo
CVE-2009-2733 (Multiple cross-site scripting (XSS) vulnerabilities in Achievo before ...)
	NOT-FOR-US: Achievo
CVE-2009-2732 (The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier ...)
	- ntop 3:3.3-12 (low; bug #543312)
	[lenny] - ntop <no-dsa> (Minor issue)
	[etch] - ntop <no-dsa> (Minor issue)
CVE-2009-2731
	RESERVED
CVE-2009-2730 (libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' ...)
	{DSA-1935-1}
	- gnutls26 2.8.3-1 (low; bug #541439)
	- gnutls13 <removed>
CVE-2009-2729
	RESERVED
CVE-2009-2728
	RESERVED
CVE-2009-2727 (Stack-based buffer overflow in the _tt_internal_realpath function in ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2726 (The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, ...)
	- asterisk 1:1.6.2.0~dfsg~rc1-1 (bug #541441)
	[squeeze] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
	[lenny] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
	[etch] - asterisk <not-affected> (Doesn't permit SIP packets to exceed 1500 bytes total)
CVE-2009-2725
	RESERVED
CVE-2009-2724 (Race condition in the java.lang package in Sun Java SE 5.0 before ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2723 (Unspecified vulnerability in deserialization in the Provider class in ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2722 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2721 (Multiple unspecified vulnerabilities in the Provider class in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	NOTE: unknown impact and attack vectors
CVE-2009-2720 (Unspecified vulnerability in the ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2719 (The Java Web Start implementation in Sun Java SE 6 before Update 15 ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2718 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2717 (The Abstract Window Toolkit (AWT) implementation in Sun Java SE 6 ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2009-2716 (The plugin functionality in Sun Java SE 6 before Update 15 does not ...)
	- sun-java6 6-15-1
	[etch] - sun-java6 <no-dsa> (Non-free not supported)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1 (medium; bug #560908)
CVE-2008-6927 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: cPanel
CVE-2008-6926 (Directory traversal vulnerability in ...)
	NOT-FOR-US: cPanel
CVE-2008-6925 (Cross-site scripting (XSS) vulnerability in function.php in Zenphoto ...)
	NOT-FOR-US: Zenphoto
CVE-2008-6924 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: eSyndiCat Directory
CVE-2008-6923 (SQL injection vulnerability in the content component (com_content) ...)
	NOT-FOR-US: Joomla!
CVE-2008-6922 (Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer ...)
	NOT-FOR-US: CMailServer
CVE-2008-6921 (Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 ...)
	NOT-FOR-US: phpAdBoard
CVE-2008-6920 (Unrestricted file upload vulnerability in auth.php in phpEmployment ...)
	NOT-FOR-US: phpEmployment
CVE-2008-6919 (profileedit.php TaskDriver 1.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: TaskDriver 1.3
CVE-2008-6918 (Unrestricted file upload vulnerability in admin/galeria.php in ...)
	NOT-FOR-US: ThePortal2
CVE-2009-2762 (wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to ...)
	- wordpress 2.8.3-2 (unimportant; bug #541102)
	[lenny] - wordpress <not-affected> (Vulnerable code not present)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: not really a security issue in my opinion, just an annoying bug
CVE-2008-7291 [gri: insecure temp file generation]
	RESERVED
	- gri 2.12.18-1 (low)
	[etch] - gri <no-dsa> (Minor issue)
	[lenny] - gri <no-dsa> (Minor issue)
CVE-2009-2715 (Sun VirtualBox 2.2 through 3.0.2 r49928 allows guest OS users to cause ...)
	- virtualbox-ose 3.0.4-dfsg-1 (medium)
	[lenny] - virtualbox-ose <not-affected> (Doesn't affect 1.6.x)
CVE-2009-2714 (Unspecified vulnerability in Sun VirtualBox 3.0.0 and 3.0.2 allows ...)
	- virtualbox-ose 3.0.4-dfsg-1
	[lenny] - virtualbox-ose <not-affected> (Only 3.0.x affected per Sun advisory)
CVE-2009-2713 (The CDCServlet component in Sun Java System Access Manager 7.0 2005Q4 ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2712 (Sun Java System Access Manager 6.3 2005Q1, 7.0 2005Q4, and 7.1; and ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2711 (XScreenSaver in Sun Solaris 9 and 10, OpenSolaris before snv_120, and ...)
	NOT-FOR-US: XScreenSaver in Sun Solaris
CVE-2008-6917 (SQL injection vulnerability in admin.php in Exocrew ExoPHPDesk 1.2 ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2008-6916 (Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote ...)
	NOT-FOR-US: Siemens SpeedStream 5200
CVE-2008-6915 (Cross-site scripting (XSS) vulnerability in view_prop_details.php in ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6914 (Unrestricted file upload vulnerability in viewprofile.php in Zeeways ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6913 (Unrestricted file upload vulnerability in editresume_next.php in ...)
	NOT-FOR-US: Zeeways ZEEPROPERTY
CVE-2008-6912 (Zeeways SHAADICLONE 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Zeeways SHAADICLONE
CVE-2009-XXXX [mantis: information leak]
	- mantis 1.1.8+dfsg-2 (medium; bug #425010)
	[lenny] - mantis 1.1.6+dfsg-2lenny1
	NOTE: cve id requested on oss-sec
CVE-2009-3041 (SPIP 1.9 before 1.9.2i and 2.0.x through 2.0.8 does not use proper ...)
	- spip 2.0.9-1 (medium)
CVE-2009-XXXX [rubygems: integrity violation]
	- libgems-ruby <not-affected> (Debian's version installs gems packages to /var/lib/gems, bug #540610)
	NOTE: so no opportunity to overwrite system files
	NOTE: CVE id already requested
CVE-2009-XXXX [bugzilla: unauthorized bug modification]
	- bugzilla 3.2.4-1 (low)
	[etch] - bugzilla <no-dsa> (minor issue)
	[lenny] - bugzilla <no-dsa> (minor issue)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495257
CVE-2009-5044 (contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows ...)
	- groff 1.20.1-5 (low; bug #538330)
	[etch] - groff <not-affected> (pdfroff not yet present)
	[lenny] - groff <not-affected> (pdfroff not yet present)
	NOTE: requested CVE ids
CVE-2009-XXXX [xscreensaver: local screen lock bypassable via low resolution video devices]
	- xscreensaver 5.05-3+nmu1 (low; bug #539699)
	[etch] - xscreensaver <not-affected> (vulnerable code not present)
	[lenny] - xscreensaver 5.05-3+lenny1
CVE-2009-2626 (The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, ...)
	{DSA-1940-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #540605)
	[etch] - php5 <no-dsa> (too risky to fix it there)
	NOTE: requires the script itself to set and then restore a config var
CVE-2009-XXXX [php5: 'open_basedir' bypass]
	- php5 5.3.1-1 (unimportant; bug #540606)
	NOTE: only affects 5.3.0 in experimental, open_basedir unsupported
CVE-2009-2710
	REJECTED
CVE-2009-2709
	REJECTED
CVE-2009-2708
	REJECTED
CVE-2009-2707 (Unspecified vulnerability in ia32el (aka the IA 32 emulation ...)
	NOT-FOR-US: SUSE Linux
CVE-2009-2706
	REJECTED
CVE-2008-6911 (SQL injection vulnerability in the authenticateUser function in ...)
	NOT-FOR-US: BrewBlogger
CVE-2008-6910 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6909 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6908 (Services 5.x before 5.x-0.92 and 6.x before 6.x-0.13, a module for ...)
	NOT-FOR-US: module for Drupal
CVE-2008-6907 (Multiple SQL injection vulnerabilities in checkuser.php in 2532designs ...)
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6906 (Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard ...)
	NOT-FOR-US: BabbleBoard
CVE-2008-6905 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: BabbleBoard
CVE-2009-2705 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...)
	NOT-FOR-US: SiteMinder
CVE-2009-2704 (CA SiteMinder allows remote attackers to bypass cross-site scripting ...)
	NOT-FOR-US: SiteMinder
CVE-2009-2703 (libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple ...)
	- pidgin 2.6.2 (low)
	[lenny] - pidgin <no-dsa> (Minor issue)
	[etch] - pidgin <no-dsa> (Minor issue)
	[lenny] - gaim <not-affected> (Only a transitional package)
	- gaim <removed>
	NOTE: this is only a null ptr dereference and can only be triggered by a rogue irc server
CVE-2009-2702 (KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a ...)
	{DSA-1916-1}
	- kdelibs 4:3.5.10.dfsg.1-2.1 (low; bug #546212)
	- kde4libs 4:4.3.2-1 (low; bug #546218)
	[lenny] - kde4libs <no-dsa> (Minor issue)
CVE-2009-2701 (Unspecified vulnerability in the Zope Enterprise Objects (ZEO) ...)
	- zodb 1:3.9.0-1
	[etch] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
	[lenny] - zodb <not-affected> (The vulnerability was introduced in ZODB 3.8)
CVE-2009-2700 (src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not ...)
	{DSA-1988-1}
	- qt4-x11 4:4.5.3-1 (medium; bug #545793)
	[etch] - qt4-x11 <not-affected> (QSsl* classes were introduced in Qt 4.3)
CVE-2009-2699 (The Solaris pollset feature in the Event Port backend in ...)
	- apr <not-affected> (does not affect Linux or kFreeBSD)
CVE-2009-2698 (The udp_sendmsg function in the UDP implementation in (1) ...)
	{DSA-1872-1}
	- linux-2.6 2.6.19-1 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.19)
CVE-2009-2697 (The Red Hat build script for the GNOME Display Manager (GDM) before ...)
	- gdm <not-affected> (TCP Wrappers support enabled correctly)
CVE-2009-2696 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...)
	NOT-FOR-US: Red-Hat-specific patching problem in Tomcat
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=616717
CVE-2009-2695 (The Linux kernel before 2.6.31-rc7 does not properly prevent mmap ...)
	{DSA-2005-1 DSA-1915-1}
	- linux-2.6 2.6.31-1 (medium)
	[etch] - linux-2.6 <not-affected> (2.6.18 does not have mmap_min_addr)
	- linux-2.6.24 <removed> (medium)
CVE-2009-2694 (The msn_slplink_process_msg function in ...)
	{DSA-1870-1}
	- pidgin 2.5.9-1 (medium; bug #542486)
	[lenny] - gaim <not-affected> (Only a transitional package)
	- gaim <removed>
CVE-2009-2693 (Directory traversal vulnerability in Apache Tomcat 5.5.0 through ...)
	{DSA-2207-1}
	- tomcat6 6.0.24-1 (low)
	[lenny] - tomcat6 <not-affected> (The package only ships the servlet packages)
	- tomcat5.5 <removed>
CVE-2009-2692 (The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, ...)
	{DSA-1864-1 DSA-1865-1 DSA-1862-1}
	- linux-2.6 2.6.30-6 (high; bug #541403)
	- linux-2.6.24 <removed>
CVE-2009-2691 (The mm_for_maps function in fs/proc/base.c in the Linux kernel ...)
	{DSA-2005-1}
	- linux-2.6 2.6.30-7 (low)
	[lenny] - linux-2.6 2.6.26-21
	- linux-2.6.24 <removed>
CVE-2009-2690 (The encoder in Sun Java SE 6 before Update 15, and OpenJDK, grants ...)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2689 (JDK13Services.getProviders in Sun Java SE 5.0 before Update 20 and 6 ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2688 (Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when ...)
	- xemacs21 21.4.22-3 (low; bug #540470)
	[etch] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
	[lenny] - xemacs21 <no-dsa> (Minor issue, obscure attack vector)
CVE-2009-2686 (Unspecified vulnerability in HP NonStop G06.12.00 through G06.32.00, ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-2685 (Stack-based buffer overflow in the login form in the management web ...)
	NOT-FOR-US: HP Power Manager
CVE-2009-2684 (Multiple cross-site scripting (XSS) vulnerabilities in Jetdirect and ...)
	NOT-FOR-US: Embedded Web Server in HP printers
CVE-2009-2683 (Unspecified vulnerability in the Sender module in HP Remote Graphics ...)
	NOT-FOR-US: HP Remote Graphics
CVE-2009-2682 (Unspecified vulnerability in Role-Based Access Control (RBAC) in HP ...)
	NOT-FOR-US: HP-UX
CVE-2009-2681 (Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) ...)
	NOT-FOR-US: HP ProCurve Identity Driven Manager
CVE-2009-2680 (Unspecified vulnerability in the Remote Management Interface (RMI) for ...)
	NOT-FOR-US: HP StorageWorks
CVE-2009-2679 (Unspecified vulnerability in bootpd in HP HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP HP-UX
CVE-2009-2678 (Unspecified vulnerability in Open System Services (OSS) Name Server on ...)
	NOT-FOR-US: Open System Services (OSS) Name Server on HP NonStop
CVE-2009-2677 (Cross-site request forgery (CSRF) vulnerability in HP Insight Control ...)
	NOT-FOR-US: HP Insight Control Suite For Linux (aka ICE-LX)
CVE-2009-2676 (Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <undetermined> (bug #566769)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2009-2675 (Integer overflow in the unpack200 utility in Sun Java Runtime ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <undetermined> (bug #566769)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2009-2674 (Integer overflow in javaws.exe in Sun Java Web Start in Sun Java ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2673 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2672 (The proxy mechanism implementation in Sun Java Runtime Environment ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2671 (The SOCKS proxy implementation in Sun Java Runtime Environment (JRE) ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2670 (The audio system in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2669 (A certain debugging component in IBM AIX 5.3 and 6.1 does not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2668 (Microsoft Internet Explorer 6 through 6.0.2900.2180 and 7 through ...)
	NOT-FOR-US: Microsoft
CVE-2009-2667 (Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) ...)
	NOT-FOR-US: IBM Tivoli Key Lifecycle Manager
CVE-2008-6904 (Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for ...)
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6903 (Sophos Anti-Virus for Windows before 7.6.3, Anti-Virus for Windows ...)
	NOT-FOR-US: Sophos SAVScan
CVE-2008-6902 (Unrestricted file upload vulnerability in upload_flyer.php in ...)
	NOT-FOR-US: 2532designs
CVE-2008-6901 (Multiple directory traversal vulnerabilities in 2532designs 2532|Gigs ...)
	NOT-FOR-US: 2532designs
CVE-2008-6900 (Unrestricted file upload vulnerability in &quot;Add Pen/Author Name&quot; ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6899 (Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated ...)
	NOT-FOR-US: freeSSHd
CVE-2008-6898 (Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for ...)
	NOT-FOR-US: ActiveX control
CVE-2008-6897 (Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 ...)
	NOT-FOR-US: Andres Garcia Getleft
CVE-2009-2666 (socket.c in fetchmail before 6.3.11 does not properly handle a '\0' ...)
	{DSA-1852-1}
	- fetchmail 6.3.9~rc2-6
CVE-2009-2665 (The nsDocument::SetScriptGlobalObject function in ...)
	- xulrunner 1.9.1.8-1
	[lenny] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
	[etch] - xulrunner <not-affected> (vulnerability introduced in firefox 3.5)
CVE-2009-2664 (The js_watch_set function in js/src/jsdbgapi.cpp in the JavaScript ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1
	[etch] - xulrunner <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2663 (libvorbis before r16182, as used in Mozilla Firefox 3.5.x before 3.5.2 ...)
	{DSA-1939-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-6 (medium; bug #540958)
	- xulrunner 1.9.1.2-1 (medium; bug #540961)
	[etch] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
	[lenny] - xulrunner <not-affected> (vulnerability introduced in 1.9.1.0)
CVE-2009-2662 (The browser engine in Mozilla Firefox 3.5.x before 3.5.2 allows remote ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2661 (The asn1_length function in strongSwan 2.8 before 2.8.11, 4.2 before ...)
	{DSA-1899-1}
	- strongswan 4.3.2-1.1 (bug #540144)
CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow ...)
	{DSA-1912-2 DSA-1912-1 DSA-1857-1}
	- camlimages 1:3.0.1-3 (low; bug #540146)
	- advi 1.6.0-15 (low; bug #551282)
CVE-2009-2657 (nilfs-utils before 2.0.14 installs multiple programs with unnecessary ...)
	- nilfs2-tools <not-affected> (dh_fixperms removes the setuid and setgid bits from all files)
CVE-2009-2656 (Unspecified vulnerability in the com.android.phone process in Android ...)
	NOT-FOR-US: Android
CVE-2008-6896 (login.php in 3CX Phone System 6.0.806.0, when 100% disk capacity is ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6895 (3CX Phone System 6.0.806.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6894 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: 3CX Phone System
CVE-2008-6893 (Cross-site scripting (XSS) vulnerability in Alt-N MDaemon WorldClient ...)
	NOT-FOR-US: MDaemon WorldClient
CVE-2008-6892 (SQL injection vulnerability in lire/index.php in Peel 3.1 allows ...)
	NOT-FOR-US: Peel
CVE-2009-2655 (mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2654 (Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote ...)
	{DSA-1873-1}
	- xulrunner 1.9.0.13-1 (low; bug #539891)
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2653 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2652 (Unspecified vulnerability in Solaris Trusted Extensions in Sun Solaris ...)
	NOT-FOR-US: Solaris Trusted Extensions
CVE-2008-6891 (Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum ...)
	NOT-FOR-US: ASP Forum Script
CVE-2008-6890 (SQL injection vulnerability in messages.asp in ASP Forum Script allows ...)
	NOT-FOR-US: ASP Forum Script
CVE-2008-6889 (SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 ...)
	NOT-FOR-US: ASPReferral
CVE-2008-6888 (Cross-site scripting (XSS) vulnerability in signup.asp in Pre ...)
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6887 (SQL injection vulnerability in detailad.asp in Pre Classified Listings ...)
	NOT-FOR-US: Pre Classified Listings
CVE-2008-6886 (RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict ...)
	NOT-FOR-US: RSA EnVision
CVE-2008-6885 (Cross-site scripting (XSS) vulnerability in pmlite.php in XOOPS 2.3.1 ...)
	NOT-FOR-US: XOOPS
CVE-2008-6884 (Multiple directory traversal vulnerabilities in XOOPS 2.3.1, when ...)
	NOT-FOR-US: XOOPS
CVE-2009-3938 (Buffer overflow in the ABWOutputDev::endWord function in ...)
	{DSA-1941-1}
	- poppler 0.12.2-2.1 (low; bug #534680)
	[etch] - poppler <not-affected> (Vulnerable code not present)
CVE-2009-2408 (Mozilla Network Security Services (NSS) before 3.12.3, Firefox before ...)
	{DSA-2025-1 DSA-1874-1}
	- nss 3.12.3-1 (medium; bug #539934)
	- icedove 2.0.0.24-1 (medium)
CVE-2009-2651 (main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote ...)
	- asterisk 1:1.6.2.0~dfsg~rc1-1 (low; bug #539473)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
	[lenny] - asterisk <not-affected> (Vulnerable code not present)
	[squeeze] - asterisk <not-affected> (Vulnerable code not present)
	NOTE: AST-2009-004
CVE-2009-2650 (Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 ...)
	NOT-FOR-US: Sorcerer Software MultiMedia Jukebox
CVE-2009-2649 (The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev ...)
	- kfreebsd-8 8.0-1 (bug #572811)
	- kfreebsd-7 7.3-1 (bug #572811)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed> (bug #572811)
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
CVE-2009-2648 (FlashDen Guestbook allows remote attackers to obtain configuration ...)
	NOT-FOR-US: FlashDen Guestbook
CVE-2009-2647 (Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-2646 (Multiple unspecified vulnerabilities in the PDF distiller in the ...)
	NOT-FOR-US: Research In Motion (RIM) BlackBerry Enterprise Server (BES)
CVE-2009-2645
	REJECTED
CVE-2009-2644 (Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6883 (SQL injection vulnerability in the Live Chat (com_livechat) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-6882 (Live Chat (com_livechat) component 1.0 for Joomla! allows remote ...)
	NOT-FOR-US: Joomla!
CVE-2008-6881 (Multiple SQL injection vulnerabilities in the Live Chat (com_livechat) ...)
	NOT-FOR-US: Joomla!
CVE-2008-6880 (SQL injection vulnerability in joke.php in EasySiteNetwork Free Jokes ...)
	NOT-FOR-US: EasySiteNetwork Free Jokes Website
CVE-2008-6879 (Cross-site scripting (XSS) vulnerability in Apache Roller 2.3, 3.0, ...)
	NOT-FOR-US: Apache Roller
CVE-2009-2659 (The Admin media handler in core/servers/basehttp.py in Django 1.0 and ...)
	- python-django 1.1-1 (low; bug #539134)
	[etch] - python-django <no-dsa> (Minor issue)
	[lenny] - python-django 1.0.2-1+lenny1
CVE-2009-2643 (Multiple unspecified vulnerabilities in the PDF distiller in the ...)
	NOT-FOR-US: BlackBerry Products
CVE-2009-XXXX [ser2net DoS]
	- ser2net 2.6-1 (low; bug #535159)
	[etch] - ser2net <no-dsa> (Minor issue)
	[lenny] - ser2net <no-dsa> (Minor issue)
CVE-2009-2642 (index.php in Desi Short URL Script 1.0 allows remote attackers to ...)
	NOT-FOR-US: Desi Short URL
CVE-2009-2641 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: School Data Navigator
CVE-2009-2640 (Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy ...)
	NOT-FOR-US: Interlogy Profile Manager Basic
CVE-2009-2639 (SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System ...)
	NOT-FOR-US: MRCGIGUY
CVE-2009-2638 (SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2637 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2636 (Cross-site scripting (XSS) vulnerability in the Integration page in ...)
	NOT-FOR-US: WebMail component in Kerio MailServer
CVE-2009-2635 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2634 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2633 (PHP remote file inclusion vulnerability in toolbar_ext.php in the ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2632 (Buffer overflow in the SIEVE script component (sieve/script.c), as ...)
	{DSA-1893-1 DSA-1892-1 DSA-1881-1}
	- cyrus-imapd-2.2 2.2.13-15 (medium)
	- kolab-cyrus-imapd 2.2.13-5.1 (medium; bug #547712)
	- dovecot 1:1.2.1-1 (medium; bug #546656)
CVE-2009-2631 (Multiple clientless SSL VPN products that run in web browsers, ...)
	NOT-FOR-US: Commercial SSL VPN products
CVE-2009-2630
	RESERVED
CVE-2009-2629 (Buffer underflow in src/http/ngx_http_parse.c in nginx 0.1.0 through ...)
	{DSA-1884-1}
	- nginx 0.7.61-3 (medium)
CVE-2009-2628 (The VMnc media codec in vmnc.dll in VMware Movie Decoder before 6.5.3 ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-2627 (Insecure method vulnerability in the Acer LunchApp (aka ...)
	NOT-FOR-US: Acer LunchApp
CVE-2009-2625 (XMLScanner.java in Apache Xerces2 Java, as used in Sun Java Runtime ...)
	{DSA-1984-1}
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
	- libxerces2-java 2.9.1-4.1 (bug #548358)
CVE-2009-2624 (The huft_build function in inflate.c in gzip before 1.3.13 creates a ...)
	{DSA-1974-1}
	- gzip 1.3.12-8 (medium; bug #507263)
CVE-2009-2623
	RESERVED
CVE-2009-2620 (src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before ...)
	- firebird2.0 2.0.5.13206-0.ds2-4 (low; bug #539477)
	[lenny] - firebird2.0 2.0.4.13130-1.ds1-4+lenny1
	- firebird2.1 2.1.2.18118-0.ds1-4 (low; bug #539478)
CVE-2009-2619 (SQL injection vulnerability in login.asp in DataCheck Solutions ...)
	NOT-FOR-US: DataCheck Solutions V-SpacePal
CVE-2009-2618 (SQL injection vulnerability in the Surveys (aka NS-Polls) module in ...)
	NOT-FOR-US: MDPro module
CVE-2009-2617 (Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 ...)
	NOT-FOR-US: BaoFeng Storm
CVE-2009-2616 (SQL injection vulnerability in z_admin_login.asp in DataCheck ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2615 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2614 (SQL injection vulnerability in z_admin_login.asp in DataCheck ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2613 (Multiple cross-site scripting (XSS) vulnerabilities in DataCheck ...)
	NOT-FOR-US: DataCheck Solutions
CVE-2009-2612 (SQL injection vulnerability in login.aspx in ProSMDR allows remote ...)
	NOT-FOR-US: ProSMDR
CVE-2009-2611 (Directory traversal vulnerability in ...)
	NOT-FOR-US: MyFusion
CVE-2009-2610 (Cross-site scripting (XSS) vulnerability in the Links Related module ...)
	NOT-FOR-US: Drupal module
CVE-2009-2609 (SQL injection vulnerability in the amoCourse (com_amocourse) component ...)
	NOT-FOR-US: Joomla! module
CVE-2009-2608 (Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow ...)
	NOT-FOR-US: PHP Address Book
CVE-2009-2607 (SQL injection vulnerability in the com_pinboard component for Joomla! ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2606 (ASP Football Pool 2.3 stores sensitive information under the web root ...)
	NOT-FOR-US: ASP Football Pool
CVE-2009-2605 (Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up ...)
	NOT-FOR-US: Traidnt up
CVE-2009-2604 (Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help ...)
	NOT-FOR-US: Zen Help Desk
CVE-2009-2603 (Multiple SQL injection vulnerabilities in index.php in Escon ...)
	NOT-FOR-US: Escon SupportPortal Pro
CVE-2009-2602 (R2 Newsletter Lite, Pro, and Stats stores sensitive information under ...)
	NOT-FOR-US: R2 Newsletter Store
CVE-2009-2601 (SQL injection vulnerability in the Joomlaequipment (aka JUser or ...)
	NOT-FOR-US: Joomla! component
CVE-2009-2600 (Multiple directory traversal vulnerabilities in view.php in Webboard ...)
	NOT-FOR-US: Webboard
CVE-2009-2599 (SQL injection vulnerability in index.php in RadCLASSIFIEDS Gold 2.0 ...)
	NOT-FOR-US: RadCLASSIFIEDS
CVE-2009-2598 (Multiple SQL injection vulnerabilities in Online Grades &amp; Attendance ...)
	NOT-FOR-US: Online Grades & Attendance
CVE-2009-2597 (The Sun Java System (SJS) Access Manager Policy Agent module 2.2 for ...)
	NOT-FOR-US: Sun Java System (SJS) Access Manager Policy Agent module 2.2 for SJS Web Proxy Server
CVE-2009-2596 (Unspecified vulnerability in the Solaris Auditing subsystem in Sun ...)
	NOT-FOR-US: Solaris Auditing subsystem
CVE-2008-6878 (** DISPUTED ** Directory traversal vulnerability in ...)
	NOT-FOR-US: Zen Cart
CVE-2008-6877 (** DISPUTED ** ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2622 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote ...)
	{DSA-1843-2 DSA-1843-1}
	- squid3 3.0.STABLE18-1 (medium; bug #538989)
	- squid <not-affected> (see NOTE)
	NOTE: squid 2.x not affected, according to
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2621 (Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not ...)
	{DSA-1843-2 DSA-1843-1}
	- squid3 3.0.STABLE18-1 (medium; bug #538989)
	- squid <not-affected> (see NOTE)
	NOTE: squid 2.x not affected, according to
	NOTE: http://www.squid-cache.org/Advisories/SQUID-2009_2.txt
CVE-2009-2595 (Cross-site scripting (XSS) vulnerability in productSearch.html in ...)
	NOT-FOR-US: Censura
CVE-2009-2594 (Cross-site scripting (XSS) vulnerability in censura.php in Censura ...)
	NOT-FOR-US: Censura
CVE-2009-2593 (SQL injection vulnerability in censura.php in Censura 1.16.04 allows ...)
	NOT-FOR-US: Censura
CVE-2009-2592 (SQL injection vulnerability in guestbook.php in PHPJunkYard GBook 1.6 ...)
	NOT-FOR-US: PHPJunkYard
CVE-2009-2591 (SQL injection vulnerability in the MyAnnonces module for E-Xoopport ...)
	NOT-FOR-US: MyAnnonces module for E-Xoopport
CVE-2009-2590 (SQL injection vulnerability in showcategory.php in Hutscripts PHP ...)
	NOT-FOR-US: Hutscripts PHP
CVE-2009-2589 (Multiple cross-site scripting (XSS) vulnerabilities in Hutscripts PHP ...)
	NOT-FOR-US: Hutscripts PHP
CVE-2009-2588 (Multiple cross-site scripting (XSS) vulnerabilities in Hotscripts Type ...)
	NOT-FOR-US: Hotscripts Type PHP Clone Script
CVE-2009-2587 (Multiple cross-site scripting (XSS) vulnerabilities in DragDropCart ...)
	NOT-FOR-US: DragDropCart
CVE-2009-2586 (Cross-site scripting (XSS) vulnerability in articles.php in EDGEPHP ...)
	NOT-FOR-US: EZArticles
CVE-2009-2585 (SQL injection vulnerability in index.php in Mlffat 2.2 allows remote ...)
	NOT-FOR-US: Mlffat
CVE-2008-6876 (Cross-site scripting (XSS) vulnerability in login.php in EsPartenaires ...)
	NOT-FOR-US: EsPartenaires
CVE-2008-6875 (SQL injection vulnerability in default.asp in ASP Product Catalog ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2008-6874 (Multiple SQL injection vulnerabilities in ASP SiteWare autoDealer 1 ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2009-XXXX [nilfs-tools privilege escalation]
	- nilfs2-tools <not-affected> (We don't install this with setuid)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=505374
CVE-2009-XXXX [XSS in drupal 6 calendar field]
	- drupal6 <removed> (unimportant)
	NOTE: you need to be able to create new calendar items, e.g. admistrative
	NOTE: access in order to exploit that
	NOTE: http://lists.grok.org.uk/pipermail/full-disclosure/2009-July/069849.html
CVE-2009-2584 (Off-by-one error in the options_write function in ...)
	- linux-2.6 2.6.31-2 (high)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	[lenny] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 <not-affected> (vulnerable code not present)
	NOTE: exploit code exists
CVE-2009-2583 (Multiple session fixation vulnerabilities in IBM Tivoli Identity ...)
	NOT-FOR-US: IBM Tivoli
CVE-2009-2582 (Stack-based buffer overflow in manager.exe in Akamai Download Manager ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2009-2581 (Cross-site scripting (XSS) vulnerability in modifier.php in ...)
	NOT-FOR-US: EditeurScripts EsNews
CVE-2009-2580
	REJECTED
CVE-2009-2579 (SQL injection vulnerability in reward_points.post.php in the Reward ...)
	NOT-FOR-US: CS-Cart
CVE-2009-2578 (Google Chrome 2.x through 2.0.172 allows remote attackers to cause a ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	NOTE: browser denial of services not considered security-relevant
CVE-2009-2577 (Opera 9.52 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2009-2576 (Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2575 (The Research In Motion (RIM) BlackBerry 8800 allows remote attackers ...)
	NOT-FOR-US: BlackBerry
CVE-2009-2574 (index.php in MiniTwitter 0.2 beta allows remote authenticated users to ...)
	NOT-FOR-US: MiniTwitter
CVE-2009-2573 (Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when ...)
	NOT-FOR-US: MiniTwitter
CVE-2009-2572 (Cross-site request forgery (CSRF) vulnerability in the Fivestar module ...)
	NOT-FOR-US: Drupal Module
CVE-2009-2571 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VerliAdmin
CVE-2009-2570 (Stack-based buffer overflow in the Symantec.FaxViewerControl.1 ActiveX ...)
	NOT-FOR-US: Symantec WinFax Pro
CVE-2009-2569 (Multiple cross-site scripting (XSS) vulnerabilities in Verlihub ...)
	NOT-FOR-US: vhcp
CVE-2009-2568 (Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) ...)
	NOT-FOR-US: Sorinara Streaming Audio Player
CVE-2009-2567 (SQL injection vulnerability in the Almond Classifieds (com_aclassf) ...)
	NOT-FOR-US: Joomla! component
CVE-2008-6873 (SQL injection vulnerability in Active Web Mail 4.0 allows remote ...)
	NOT-FOR-US: Active Web Mail 4.0
CVE-2008-6872 (ASPThai.NET ASPThai Forums 8.5 stores sensitive information under the ...)
	NOT-FOR-US: ASPThai.NET ASPThai Forums
CVE-2008-6871 (Merlix Educate Server stores db.mdb under the web root with ...)
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6870 (Merlix Educate Server allows remote attackers to bypass intended ...)
	NOT-FOR-US: Merlix Educate Server
CVE-2008-6869 (Oramon Oracle Database Monitoring Tool 2.0.1 stores sensitive ...)
	NOT-FOR-US: Oramon Oracle Database Monitoring Tool
CVE-2008-6868 (Cross-site scripting (XSS) vulnerability in default/login.php in ...)
	NOT-FOR-US: EsBaseAdmin
CVE-2009-2566 (Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly ...)
	NOT-FOR-US: TFM MMPlayer
CVE-2009-2565 (Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. ...)
	NOT-FOR-US: Perl CGI's By Mrs. Shiromuku shiromuku
CVE-2009-2564 (NOS Microsystems getPlus Download Manager, as used in Adobe Reader ...)
	NOT-FOR-US: Adobe
CVE-2009-2563 (Unspecified vulnerability in the Infiniband dissector in Wireshark ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.0.6 to 1.2.0)
CVE-2009-2562 (Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 ...)
	{DSA-1942-1}
	- wireshark 1.2.1-1 (low; bug #538237)
	[lenny] - wireshark 1.0.2-3+lenny6
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-2561 (Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2560 (Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote ...)
	{DSA-1942-1}
	- wireshark 1.2.1-1 (bug #538237)
CVE-2009-2559 (Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote ...)
	- wireshark 1.2.1-1 (bug #538237)
	[etch] - wireshark <not-affected> (Only affects 1.2.0)
	[lenny] - wireshark <not-affected> (Only affects 1.2.0)
CVE-2009-2558 (system/message.php in Admin News Tools 2.5 does not properly restrict ...)
	NOT-FOR-US: Admin News Tools
CVE-2009-2557 (Directory traversal vulnerability in system/download.php in Admin News ...)
	NOT-FOR-US: Admin News Tools
CVE-2009-2556 (Google Chrome before 2.0.172.37 allows attackers to leverage renderer ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specfic renderer issue)
CVE-2009-2555 (Heap-based buffer overflow in src/jsregexp.cc in Google V8 before ...)
	- chromium-browser <not-affected> (Only 1.x and 2.x are affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-2658 (Directory traversal vulnerability in ZNC before 0.072 allows remote ...)
	{DSA-1848-1}
	- znc 0.074-1 (medium; bug #537977)
	NOTE: http://znc.svn.sourceforge.net/viewvc/znc?view=rev&sortby=rev&sortdir=down&revision=1570
	NOTE: CVE id requested
CVE-2009-2554 (SQL injection vulnerability in the search method in jobline.class.php ...)
	NOT-FOR-US: Joomla!
CVE-2009-2553 (Multiple SQL injection vulnerabilities in comments.php in Super Simple ...)
	NOT-FOR-US: Super Simple Blog Script
CVE-2009-2552 (Multiple directory traversal vulnerabilities in comments.php in Super ...)
	NOT-FOR-US: Super Simple Blog Script
CVE-2009-2551 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptsEz Easy ...)
	NOT-FOR-US: ScriptsEz Easy Image Downloader
CVE-2009-2550 (Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote ...)
	NOT-FOR-US: Hamster Audio Player
CVE-2009-2549 (Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2548 (Format string vulnerability in Armed Assault (aka ArmA) 1.14 and ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2547 (Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and ...)
	NOT-FOR-US: Armed Assault
CVE-2009-2546 (Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2009-2545 (SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2009-2544 (Directory traversal vulnerability in the Marcelo Costa FileServer ...)
	NOT-FOR-US: Marcelo Costa FileServer
CVE-2009-2543 (Multiple unspecified vulnerabilities in the IBM Proventia engine ...)
	NOT-FOR-US: IBM Proventia engine
CVE-2009-2542 (Netscape 6 and 8 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Netscape 6 and 8
CVE-2009-2541 (The web browser on the Sony PLAYSTATION 3 (PS3) allows remote ...)
	NOT-FOR-US: Sony PLAYSTATION 3
CVE-2009-2540 (Opera, possibly 9.64 and earlier, allows remote attackers to cause a ...)
	NOT-FOR-US: Opera
CVE-2009-2539 (The Aigo P8860 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Aigo P8860
CVE-2009-2538 (The Nokia N95 running Symbian OS 9.2, N82, and N810 Internet Tablet ...)
	NOT-FOR-US: Nokia N95
CVE-2009-2537 (KDE Konqueror allows remote attackers to cause a denial of service ...)
	- kdebase <unfixed> (unimportant; bug #537931)
CVE-2009-2536 (Microsoft Internet Explorer 5 through 8 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer 5
CVE-2009-2535 (Mozilla Firefox before 2.0.0.19 and 3.x before 3.0.5, SeaMonkey, and ...)
	- iceweasel 3.0.5-1 (unimportant)
	[etch] - iceweasel 2.0.0.19-0etch1 (unimportant)
CVE-2009-2534 (RealNetworks Helix Server and Helix Mobile Server before 13.0.0 allow ...)
	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2533 (rmserver in RealNetworks Helix Server and Helix Mobile Server before ...)
	NOT-FOR-US: RealNetworks Helix Server and Helix Mobile Server
CVE-2009-2532 (Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2531 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2530 (Microsoft Internet Explorer 6, 6 SP1, 7, and 8 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2529 (Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2528 (GDI+ in Microsoft Office XP SP3 does not properly handle malformed ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2527 (Heap-based buffer overflow in Microsoft Windows Media Player 6.4 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2009-2526 (Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2009-2525 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
	NOT-FOR-US: Microsoft Windows Media Runtime
CVE-2009-2524 (Integer underflow in the NTLM authentication feature in the Local ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-2523 (The License Logging Server (llssrv.exe) in Microsoft Windows 2000 SP4 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2522
	REJECTED
CVE-2009-2521 (Stack consumption vulnerability in the FTP Service in Microsoft ...)
	NOT-FOR-US: Microsoft Internet Information Server
CVE-2009-2520
	REJECTED
CVE-2009-2519 (The DHTML Editing Component ActiveX control in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2518 (Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2517 (The kernel in Microsoft Windows Server 2003 SP2 does not properly ...)
	NOT-FOR-US: Microsoft Windows Server 2003
CVE-2009-2516 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2515 (Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2514 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2513 (The Graphics Device Interface (GDI) in win32k.sys in the kernel in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2512 (The Web Services on Devices API (WSDAPI) in Windows Vista Gold, SP1, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2511 (Integer overflow in the CryptoAPI component in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2510 (The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2009-2509 (Active Directory Federation Services (ADFS) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2508 (The single sign-on implementation in Active Directory Federation ...)
	NOT-FOR-US: Microsoft Active Directory Federation Services
CVE-2009-2507 (A certain ActiveX control in the Indexing Service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2506 (Integer overflow in the text converters in Microsoft Office Word 2002 ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-2505 (The Internet Authentication Service (IAS) in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-2504 (Multiple integer overflows in unspecified APIs in GDI+ in Microsoft ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2503 (GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2502 (Buffer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2501 (Heap-based buffer overflow in GDI+ in Microsoft Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2500 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2499 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11; and Microsoft ...)
	NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2498 (Microsoft Windows Media Format Runtime 9.0, 9.5, and 11 and Windows ...)
	NOT-FOR-US: Microsoft Windows Media Format Runtime
CVE-2009-2497 (The Common Language Runtime (CLR) in Microsoft .NET Framework 2.0, 2.0 ...)
	NOT-FOR-US: Microsoft products
CVE-2009-2496 (Heap-based buffer overflow in the Office Web Components ActiveX ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-2495 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2494 (The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-2493 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-2492 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
	- movabletype-opensource 4.2.6.1-1 (low; bug #537935)
	[lenny] - movabletype-opensource 4.2.3-1+lenny1
CVE-2009-4589 (Cross-site scripting (XSS) vulnerability in the Special:Block ...)
	- mediawiki 1:1.15.0-1.1 (low; bug #537634)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
	[etch] - mediawiki1.7 <not-affected> (vulnerably code introduced in 1.14.0)
	[lenny] - mediawiki <not-affected> (vulnerably code introduced in 1.14.0)
	NOTE: fixed in upstream 1.15.1
CVE-2009-XXXX [insecure tmp file vulnerability in slim]
	- slim <removed> (unimportant; bug #537604)
	NOTE: exploit scenario too constructed
	[lenny] - slim 1.3.0-1+lenny2
CVE-2009-2484 (Stack-based buffer overflow in the Win32AddConnection function in ...)
	- vlc <not-affected> (The vulnerability affects Windows builds only)
CVE-2009-2479 (Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote ...)
	- xulrunner 1.9.1.1-1
	[etch] - xulrunner <not-affected> (only affects firefox 3.5)
	[lenny] - xulrunner <not-affected> (only affects firefox 3.5)
CVE-2009-2478 (Mozilla Firefox 3.5 allows remote attackers to cause a denial of ...)
	- xulrunner <not-affected> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2009-2476 (The Java Management Extensions (JMX) implementation in Sun Java SE 6 ...)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2475 (Sun Java SE 5.0 before Update 20 and 6 before Update 15, and OpenJDK, ...)
	- sun-java5 1.5.0-20-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
CVE-2009-2474 (neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly ...)
	- neon27 0.28.6-1 (low; bug #542926)
	[lenny] - neon27 <no-dsa> (Minor issue)
	- neon26 0.26.4-3 (low; bug #542926)
	[lenny] - neon26 <no-dsa> (Minor issue)
	- neon <removed> (low; bug #542926)
	[etch] - neon <no-dsa> (Minor issue)
	- gnome-vfs2 <removed>
	NOTE: affected neon code copy present in gnome-vfs2 [./imported/*]
	- litmus 0.13-1
	NOTE: affected neon code copy present in litmus [./libneon/*]
	NOTE: The new reintroduced litmus package removes the embedded copy
CVE-2009-2473 (neon before 0.28.6, when expat is used, does not properly detect ...)
	- neon27 <not-affected> (neon27 is compiled to use libxml2 instead of expat)
	- neon26 <not-affected> (neon26 is compiled to use libxml2 instead of expat)
	- neon <removed>
	[etch] - neon <not-affected> (neon is compiled to use libxml2 instead of expat)
CVE-2009-2472 (Mozilla Firefox before 3.0.12 does not always use ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2471 (The setTimeout function in Mozilla Firefox before 3.0.12 does not ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2470 (Mozilla Firefox before 3.0.12, and 3.5.x before 3.5.2, allows remote ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2469 (Mozilla Firefox before 3.0.12 does not properly handle an SVG element ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2468 (Integer overflow in Apple CoreGraphics, as used in Safari before ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
	NOTE: related issue to CVE-2009-1194
CVE-2009-2467 (Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2466 (The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2465 (Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2464 (The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2463 (Multiple integer overflows in the (1) PL_Base64Decode and (2) ...)
	{DSA-2025-1 DSA-1931-1}
	- nspr 4.8.2-1
	- icedove 3.0~rc2-2
	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
CVE-2009-2462 (The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird ...)
	{DSA-1840-1}
	- xulrunner 1.9.0.12-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-2491 (The utaudiod daemon in Sun Ray Server Software (SRSS) 4.0, when ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2490 (Unspecified vulnerability in the utaudiod daemon in Sun Ray Server ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2489 (Unspecified vulnerability in the utdmsession program in Sun Ray Server ...)
	NOT-FOR-US: Sun Ray Server Software
CVE-2009-2488 (Unspecified vulnerability in the NFSv4 module in the kernel in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2487 (Use-after-free vulnerability in the frpr_icmp function in the ipfilter ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2486 (Unspecified vulnerability in the SCTP implementation in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2485 (Stack-based buffer overflow in HT-MP3Player 1.0 allows remote ...)
	NOT-FOR-US: HT-MP3Player
CVE-2009-2483 (libprop/prop_object.c in proplib in NetBSD 4.0 and 4.0.1 allows local ...)
	NOT-FOR-US: NetBSD
CVE-2009-2482 (The pam_unix module in OpenPAM in NetBSD 4.0 before 4.0.2 and 5.0 ...)
	NOT-FOR-US: NetBSD OpenPAM
CVE-2009-2481 (mt-wizard.cgi in Six Apart Movable Type before 4.261, when global ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2009-2480 (Cross-site scripting (XSS) vulnerability in mt-wizard.cgi in Six Apart ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2009-2461 (mathtex.cgi in mathTeX, when downloaded before 20090713, does not ...)
	- mathtex 1.03-1 (low; bug #537253)
CVE-2009-2460 (Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when ...)
	- mathtex 1.03-1 (medium; bug #537253)
	NOTE: severity set to medium as this is used in several web applications for conversions
CVE-2009-2459 (Multiple unspecified vulnerabilities in mimeTeX, when downloaded ...)
	{DSA-1917-1}
	- mimetex 1.50-1.1 (medium; bug #537254)
	NOTE: set impact to medium as this is used in several web applications for conversions
CVE-2009-2458 (Unspecified vulnerability in Sun Fire V215 Server, when using XVR-100 ...)
	NOT-FOR-US: Sun Fire V215 Server
CVE-2009-2457 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-2456 (The DS\NDSD component in Novell eDirectory 8.8 before SP5 allows ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-2455 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: @mail
CVE-2009-2454 (Cross-site scripting (XSS) vulnerability in Citrix Web Interface 4.6, ...)
	NOT-FOR-US: Citrix Web Interface
CVE-2009-2453 (Citrix XenApp (formerly Presentation Server) 4.5 Hotfix Rollup Pack 3 ...)
	NOT-FOR-US: Citrix XenApp
CVE-2009-2452 (Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have ...)
	NOT-FOR-US: Citrix Licensing
CVE-2009-2451 (Multiple SQL injection vulnerabilities in index.php in MIM:InfiniX ...)
	NOT-FOR-US: MIM:InfiniX
CVE-2008-6867 (SQL injection vulnerability in content.php in Scripts For Sites (SFS) ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6866 (SQL injection vulnerability in modules.php in the Current_Issue module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6865 (SQL injection vulnerability in modules.php in the Sectionsnew module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6864 (Xigla Software Absolute Live Support .NET 5.1 allows remote attackers ...)
	NOT-FOR-US: Xigla Software Absolute Live Support .NET
CVE-2008-6863 (Xigla Software Absolute Form Processor .NET 4.0 allows remote ...)
	NOT-FOR-US: Xigla Software
CVE-2008-6862 (Absolute Content Rotator 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Absolute Content Rotator
CVE-2008-6861 (Xigla Software Absolute Newsletter 6.0 and 6.1 allows remote attackers ...)
	NOT-FOR-US: Xigla Software Absolute Newsletter
CVE-2008-6860 (Xigla Software Absolute Poll Manager XE 4.1 allows remote attackers to ...)
	NOT-FOR-US: Xigla Software Absolute Poll Manager
CVE-2008-6859 (Xigla Software Absolute Control Panel XE 1.5 allows remote attackers ...)
	NOT-FOR-US: Xigla Software Absolute Control Panel
CVE-2008-6858 (Absolute Banner Manager .NET 4.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Absolute Banner Manager .NET
CVE-2008-6857 (Absolute Podcast .NET 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Absolute Podcast .NET
CVE-2008-6856 (Xigla Software Absolute News Manager.NET 5.1 allows remote attackers ...)
	NOT-FOR-US: Xigla Software Absolute News Manager.NET
CVE-2008-6855 (Xigla Software Absolute News Feed 1.0 and possibly 1.5 allows remote ...)
	NOT-FOR-US: Xigla Software Absolute News Feed
CVE-2008-6854 (Xigla Software Absolute FAQ Manager.NET 6.0 allows remote attackers to ...)
	NOT-FOR-US: Xigla Software Absolute FAQ Manager.NET
CVE-2009-2477 (js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka ...)
	- xulrunner 1.9.1.2-1 (bug #537104)
	[lenny] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
	[etch] - xulrunner <not-affected> (vulnerable code introduced in firefox 3.5)
CVE-2009-2450 (The OAmon.sys kernel driver 3.1.0.0 and earlier in Tall Emu Online ...)
	NOT-FOR-US: Tall Emu Online Armor Personal Firewall
CVE-2009-2449 (Directory traversal vulnerability in ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-2448 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2447 (Multiple cross-site scripting (XSS) vulnerabilities in ogp_show.php in ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2445 (Oracle iPlanet Web Server (formerly Sun Java System Web Server or Sun ...)
	NOT-FOR-US: Sun ONE Web Server
CVE-2009-2444 (Directory traversal vulnerability in maillinglist/setup/step1.php.inc ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-2443 (Siteframe 3.2.3, and other 3.2.x versions, allows remote attackers to ...)
	NOT-FOR-US: Siteframe
CVE-2009-2442 (Cross-site scripting (XSS) vulnerability in public/index.php in ...)
	NOT-FOR-US: Linea21
CVE-2009-2441 (Cross-site scripting (XSS) vulnerability in ogp_show.php in Online ...)
	NOT-FOR-US: Online Guestbook Pro
CVE-2009-2440 (Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook ...)
	NOT-FOR-US: JNM Guestbook
CVE-2009-2439 (Multiple SQL injection vulnerabilities in Web Development House ...)
	NOT-FOR-US: Web Development House Alibaba
CVE-2009-2438 (Cross-site scripting (XSS) vulnerability in index.php in the search ...)
	NOT-FOR-US: ClanSphere
CVE-2009-2437 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MyPHPDating
CVE-2009-2436 (SQL injection vulnerability in page.php in Online Dating Software ...)
	NOT-FOR-US: MyPHPDating
CVE-2009-2435 (The Sametime server in IBM Lotus Instant Messaging and Web ...)
	NOT-FOR-US: IBM Lotus
CVE-2009-2434 (Buffer overflow in the syscall implementation in IBM AIX 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2009-2433 (Stack-based buffer overflow in the AddFavorite method in Microsoft ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2432 (WordPress and WordPress MU before 2.8.1 allow remote attackers to ...)
	- wordpress 2.8.3-1 (unimportant; bug #537146)
	NOTE: Installation path is a known fact on a Debian package installation
CVE-2009-2431 (WordPress 2.7.1 places the username of a post's author in an HTML ...)
	- wordpress 2.8.3-1 (unimportant; bug #537146)
	NOTE: Minor information leak
CVE-2009-2430 (Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2429 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...)
	NOT-FOR-US: SmartFilter Web Gateway Security
CVE-2009-2428 (Multiple SQL injection vulnerabilities in Tausch Ticket Script 3 allow ...)
	NOT-FOR-US: Tausch Ticket Script
CVE-2009-2427 (SQL injection vulnerability in co-profile.php in Jobbr 2.2.7 allows ...)
	NOT-FOR-US: Jobbr
CVE-2009-2426 (The connection_edge_process_relay_cell_not_open function in ...)
	- tor 0.2.0.35-1 (low; bug #537148)
	[lenny] - tor 0.2.0.35-1~lenny1
CVE-2009-2425 (Tor before 0.2.0.35 allows remote attackers to cause a denial of ...)
	- tor 0.2.0.35-1 (low; bug #537148)
	[lenny] - tor 0.2.0.35-1~lenny1
CVE-2009-2424 (Cross-site scripting (XSS) vulnerability in search.php in Ebay Clone ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2423 (SQL injection vulnerability in category.php in Ebay Clone 2009 allows ...)
	NOT-FOR-US: Ebay Clone 2009
CVE-2009-2422 (The example code for the digest authentication functionality ...)
	- rails 2.3.5-1 (bug #535896)
	[lenny] - rails <not-affected> (vulnerable code not present, introduced in 2.3.x)
CVE-2009-2446 (Multiple format string vulnerabilities in the dispatch_command ...)
	{DSA-1877-1}
	- mysql-dfsg-5.0 <removed> (low; bug #536726)
	[squeeze] - mysql-dfsg-5.0 5.0.51a-24+lenny2
CVE-2009-XXXX [libio-socket-ssl-perl: partial hostname matching vulnerability]
	- libio-socket-ssl-perl 1.26-1 (low; bug #535946)
	[lenny] - libio-socket-ssl-perl 1.16-1+lenny1
	NOTE: hostname validition is not implemented until 1.14, so etch
	NOTE: is in a way is not affected, but in another sense, it is
	NOTE: completely affected since no validation done at all
CVE-2009-2421 (The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2420 (Apple Safari 3.2.3 does not properly implement the file: protocol ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2419 (Use-after-free vulnerability in the servePendingRequests function in ...)
	- webkit 1.1.10-1
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
CVE-2009-2418
	REJECTED
CVE-2009-2417 (lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is ...)
	{DSA-1869-1}
	- curl 7.19.5-1.1 (medium; bug #541991)
CVE-2009-2416 (Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, ...)
	{DSA-1861-1 DSA-1859-1}
	- libxml2 2.7.3.dfsg-2.1 (low; bug #540865)
	- libxml <removed>
CVE-2009-2415 (Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote ...)
	{DSA-1853-1}
	- memcached 1.4.1-1 (medium; bug #540379)
	- memcachedb 1.2.0-5 (medium; bug #540381)
	NOTE: the impact varies, on etch this runs as root and is not bound
	NOTE: to the loopback interface by default, memcached is even distributed
	NOTE: but fortunately not in a stable release.
CVE-2009-2414 (Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, ...)
	{DSA-1861-1 DSA-1859-1}
	- libxml2 2.7.3.dfsg-2.1 (medium; bug #540865)
	- libxml <removed>
CVE-2009-2413
	REJECTED
CVE-2009-2412 (Multiple integer overflows in the Apache Portable Runtime (APR) ...)
	{DSA-1854-1}
	- apr 1.3.8-1
	- apr-util 1.3.9+dfsg-1
CVE-2009-2411 (Multiple integer overflows in the libsvn_delta library in Subversion ...)
	{DSA-1855-1}
	- subversion 1.6.4dfsg-1
CVE-2009-2410 (The local_handler_callback function in ...)
	- sssd <not-affected> (Fixed before initial upload to the archive)
CVE-2009-2409 (The Network Security Services (NSS) library before 3.12.3, as used in ...)
	{DSA-1935-1 DSA-1888-1 DSA-1874-1}
	- nss 3.12.3-1 (low; bug #539895)
	- openssl 0.9.8k-4 (low; bug #539899)
	[etch] - openssl 0.9.8c-4etch8
	- gnutls26 2.4.2-5 (low; bug #539901)
	- openjdk-6 6b17~pre3-1 (low)
	- gnutls13 <removed>
	- sun-java6 6-17-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-2407 (Heap-based buffer overflow in the parse_tag_3_packet function in ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-5 (medium)
	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
	- linux-2.6.24 <removed>
CVE-2009-2406 (Stack-based buffer overflow in the parse_tag_11_packet function in ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-5 (medium)
	[etch] - linux-2.6 <not-affected> (ecryptfs not yet present)
	- linux-2.6.24 <removed>
CVE-2009-2405 (Multiple cross-site scripting (XSS) vulnerabilities in the Web Console ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-2404 (Heap-based buffer overflow in a regular-expression parser in Mozilla ...)
	{DSA-2025-1 DSA-1874-1}
	- nss 3.12.3-1 (low; bug #539934)
	- icedove 2.0.0.24-1 (low)
CVE-2009-2403 (Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to ...)
	NOT-FOR-US: SCMPX
CVE-2009-2402 (SQL injection vulnerability in index.php in the forum module in ...)
	NOT-FOR-US: PHPEcho
CVE-2009-2401 (Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows ...)
	NOT-FOR-US: PHPEcho
CVE-2009-2400 (SQL injection vulnerability in the PHP (com_php) component for Joomla! ...)
	NOT-FOR-US: Joomla
CVE-2009-2399 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DM FileManager
CVE-2009-2398 (Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 ...)
	NOT-FOR-US: PHP-Sugar
CVE-2009-2397 (Directory traversal vulnerability in download.php in Audio Article ...)
	NOT-FOR-US: Audio Article Directory
CVE-2009-2396 (PHP remote file inclusion vulnerability in template/album.php in DM ...)
	NOT-FOR-US: DM Albums
CVE-2009-2395 (SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta ...)
	NOT-FOR-US: Joomla
CVE-2009-2394 (SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp ...)
	NOT-FOR-US: SMSPages
CVE-2009-2393 (admin/index.php in Virtuenetz Virtue Online Test Generator does not ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2392 (SQL injection vulnerability in text.php in Virtuenetz Virtue Online ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2391 (Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz ...)
	NOT-FOR-US: Virtuenetz Virtue Online Test Generator
CVE-2009-2390 (SQL injection vulnerability in the BookFlip (com_bookflip) component ...)
	NOT-FOR-US: Joomla
CVE-2009-2389 (Multiple SQL injection vulnerabilities in newsscript.php in USOLVED ...)
	NOT-FOR-US: USOLVED NEWSolved
CVE-2009-2388 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...)
	NOT-FOR-US: Opial
CVE-2009-2387 (Unspecified vulnerability in the proc filesystem in Sun OpenSolaris ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-2386 (Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer ...)
	NOT-FOR-US: Awingsoft Awakening Winds3D Viewer plugin
CVE-2009-2369 (Integer overflow in the wxImage::Create function in ...)
	{DSA-1890-1}
	- wxwidgets2.8 2.8.7.1-2 (medium; bug #537174)
	- wxwidgets2.6 2.6.3.2.2-3.1 (medium; bug #537175)
	- wxwindows2.4 <removed> (medium)
CVE-2009-2360 (Cross-site scripting (XSS) vulnerability in passwd/main.php in the ...)
	{DSA-1829-1}
	- sork-passwd-h3 3.1-1.1 (low; bug #536554)
CVE-2009-2385 (SQL injection vulnerability in the awardsMembers function in ...)
	NOT-FOR-US: Member Awards component for Simple Machines Forum
CVE-2009-2384 (Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows ...)
	NOT-FOR-US: Brothersoft PEamp
CVE-2009-2383 (SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites ...)
	NOT-FOR-US: Related Sites plugin for WordPress
CVE-2009-2382 (admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to ...)
	NOT-FOR-US: phpMyBlockchecker
CVE-2009-2381 (Gizmo 3.1.0.79 on Linux does not verify a server's SSL certificate, ...)
	NOT-FOR-US: Gizmo
CVE-2009-2380 (Cross-site scripting (XSS) vulnerability in includes/functions.php in ...)
	NOT-FOR-US: 4images
CVE-2009-2379 (Directory traversal vulnerability in public/index.php in BIGACE Web ...)
	NOT-FOR-US: BIGACE Web CMS
CVE-2009-2378 (PHP remote file inclusion vulnerability in formmailer.admin.inc.php in ...)
	NOT-FOR-US: Jax FormMailer
CVE-2009-2377 (Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in ...)
	NOT-FOR-US: AVAX-software Avax Vector ActiveX
CVE-2009-2376 (Cross-site scripting (XSS) vulnerability in the Html::textarea ...)
	NOT-FOR-US: TangoCMS
CVE-2009-2375 (Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly ...)
	NOT-FOR-US: Photo DVD Maker
CVE-2009-2371 (Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not ...)
	NOT-FOR-US: Advanced Forum module for Drupal
CVE-2009-2370 (Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before ...)
	NOT-FOR-US: Advanced Forum module for Drupal
CVE-2009-2368 (Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown ...)
	NOT-FOR-US: Socks Server
CVE-2009-2367 (cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable ...)
	NOT-FOR-US: Iomega StorCenter Pro
CVE-2009-2366 (SQL injection vulnerability in login.asp in DataCheck Solutions ...)
	NOT-FOR-US: DataCheck Solutions ForumPal FE
CVE-2009-2365 (SQL injection vulnerability in login.asp in DataCheck Solutions ...)
	NOT-FOR-US: DataCheck Solutions GalleryPal FE
CVE-2009-2364 (Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers ...)
	NOT-FOR-US: Mp3-Nator
CVE-2009-2363 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows ...)
	NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2362 (Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows ...)
	NOT-FOR-US: KUDRSOFT AudioPLUS
CVE-2009-2361 (SQL injection vulnerability in include/class.staff.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2009-2359 (Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2358 (TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2357 (The default configuration of TekRADIUS 3.0 uses the sa account to ...)
	NOT-FOR-US: TekRADIUS
CVE-2009-2356 (Multiple stack-based buffer overflows in the pgsqlQuery function in ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2355 (The forum module in NullLogic Groupware 1.2.7 allows remote ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2354 (SQL injection vulnerability in the auth_checkpass function in the ...)
	NOT-FOR-US: NullLogic Groupware
CVE-2009-2353 (encoder.php in eAccelerator allows remote attackers to execute ...)
	- eaccelerator-src <itp> (bug #460341)
CVE-2009-2352 (Google Chrome 1.0.154.48 and earlier does not block javascript: URIs ...)
	- chromium-browser 5.0.375.70~r48679-2
	- webkit <not-affected> (doesn't have a 'view-source' handler)
	NOTE: poc didn't seem to work against 5.0.375.70~r48679-2
	NOTE: chromium security team doesn't consider this a valid security issue
	NOTE: http://crbug.com/40086
CVE-2009-2351 (Opera 9.52 and earlier does not block javascript: URIs in Refresh ...)
	NOT-FOR-US: Opera
CVE-2009-2350 (Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2349
	RESERVED
CVE-2009-2348 (Android 1.5 CRBxx allows local users to bypass the (1) ...)
	NOT-FOR-US: Android
CVE-2009-2347 (Multiple integer overflows in inter-color spaces conversion tools in ...)
	{DSA-1835-1}
	- tiff 3.8.2-13
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2009-2346 (The IAX2 protocol implementation in Asterisk Open Source 1.2.x before ...)
	- asterisk 1:1.6.2.0~dfsg~beta3-1 (bug #539473)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Intrusive protocol-level vulnerabilitity, see http://downloads.asterisk.org/pub/security/IAX2-security.pdf)
CVE-2009-2345 (Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 ...)
	NOT-FOR-US: ClanSphere
CVE-2009-2344 (The web-based management interfaces in Sourcefire Defense Center (DC) ...)
	NOT-FOR-US: Sourcefire
CVE-2009-2342 (Cross-site scripting (XSS) vulnerability in admin.php (aka the login ...)
	NOT-FOR-US: CMME
CVE-2009-2341 (SQL injection vulnerability in albumdetail.php in Opial 1.0 allows ...)
	NOT-FOR-US: Opial
CVE-2009-2340 (SQL injection vulnerability in admin/index.php in Opial 1.0 allows ...)
	NOT-FOR-US: Opial
CVE-2009-2339 (SQL injection vulnerability in index.php in Rentventory allows remote ...)
	NOT-FOR-US: Rentventory
CVE-2009-2338 (Directory traversal vulnerability in includes/startmodules.inc.php in ...)
	NOT-FOR-US: FreeWebshop.org
CVE-2009-2337 (SQL injection vulnerability in includes/module/book/index.inc.php in ...)
	NOT-FOR-US: w3b|cms
CVE-2008-6853 (SQL injection vulnerability in modules/poll/index.php in AIST NetCat ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-6852 (SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 ...)
	NOT-FOR-US: Joomla! component
CVE-2008-6851 (SQL injection vulnerability in page.php in PHP Link Directory (phpLD) ...)
	NOT-FOR-US: PHP Link Directory
CVE-2008-6850 (Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-6849 (Unrestricted file upload vulnerability in index.php in phpGreetCards ...)
	NOT-FOR-US: phpGreetCards
CVE-2008-6848 (Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards ...)
	NOT-FOR-US: phpGreetCards
CVE-2009-2336 (The forgotten mail interface in WordPress and WordPress MU before ...)
	- wordpress 2.8.3-1 (unimportant; bug #536724)
	NOTE: Minor information leak
CVE-2009-2335 (WordPress and WordPress MU before 2.8.1 exhibit different behavior for ...)
	- wordpress 2.8.3-1 (unimportant; bug #536724)
	NOTE: Minor information leak
CVE-2009-2334 (wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #536724)
CVE-2009-2333 (Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2332 (CMS Chainuk 1.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2331 (Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2330 (Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in ...)
	NOT-FOR-US: CMS Chainuk
CVE-2009-2329 (KerviNet Forum 1.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2328 (admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2327 (Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2326 (Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2325 (Directory traversal vulnerability in index.php in Clicknet CMS 2.1 ...)
	NOT-FOR-US: Clicknet CMS
CVE-2009-2324 (Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor ...)
	{DSA-1836-1}
	- fckeditor 1:2.6.4.1-1 (low; bug #536051)
	- moin 1.8.2-2
	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
	[lenny] - moin <no-dsa> (unimportant; provides FCKeditor as example files in /usr/share/doc, but not executable in general case)
	[etch] - moin <not-affected> (doesn't provide FCKeditor sample files)
	- knowledgeroot 0.9.8.5-3
	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
	[etch] - knowledgeroot <not-affected> (doesn't provide FCKeditor sample files)
	- karrigell <removed>
	[etch] - karrigell <not-affected> (doesn't provide FCKeditor sample files)
	- gforge 4.6.99+svn6225-1
	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
	- egroupware <not-affected> (doesn't provide FCKeditor sample files)
	- request-tracker3.8 <not-affected> (doesn't provide FCKeditor sample files)
CVE-2009-2323 (The web interface on the Axesstel MV 410R redirects users back to the ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2322 (Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2321 (cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2320 (The web interface on the Axesstel MV 410R relies on client-side ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2319 (The default configuration of the Wi-Fi component on the Axesstel MV ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2318 (The Axesstel MV 410R allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2317 (The Axesstel MV 410R has a certain default administrator password, and ...)
	NOT-FOR-US: Axesstel MV 410R
CVE-2009-2316 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli
CVE-2009-2315
	REJECTED
CVE-2009-2314 (Race condition in the Sun Lightweight Availability Collection Tool 3.0 ...)
	NOT-FOR-US: Lightweight Availability Collection Tool
CVE-2007-6728 (Cross-site scripting (XSS) vulnerability in XMB 1.5 allows remote ...)
	NOT-FOR-US: XMB
CVE-2007-6727 (SQL injection vulnerability in topic.php in KerviNet Forum 1.1 allows ...)
	NOT-FOR-US: KerviNet Forum
CVE-2009-2687 (The exif_read_data function in the Exif module in PHP before 5.2.10 ...)
	{DSA-1940-1}
	- php5 5.2.10.dfsg.1-2 (low; bug #535888)
	- php4 <removed> (low; bug #535897)
	NOTE: 5.3.0 (in experimental) is not affected
CVE-2009-XXXX [apache2: htaccess override]
	- apache2 2.2.9-1 (low; bug #535886)
	[etch] - apache2 2.2.3-4+etch8
	NOTE: fixed in etch in DSA-1816-1
CVE-2009-XXXX [xscreensaver: symlink attack enables local information disclosure]
	- xscreensaver <not-affected> (does not run setuid in debian)
	NOTE: http://bugs.debian.org/535870
CVE-2009-XXXX [libdkim: signature parsing is not thread-safe]
	- libdkim 1:1.0.19-4 (unimportant; bug #532740)
	NOTE: This is mostly a missing feature, it's unlikely that any threaded application
	NOTE: is using libdkim in the current state, so the practical impact is none
CVE-2009-XXXX [mimedecode: potential dos/crash due to invalid input]
	- mimedecode <removed> (low; bug #530430)
	[etch] - mimedecode <no-dsa> (minor issue)
	[lenny] - mimedecode <no-dsa> (minor issue)
CVE-2009-2313 (Directory traversal vulnerability in index.php in Jinzora Media ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2009-2312 (SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in ...)
	NOT-FOR-US: Secure Computing SmartFilter
CVE-2009-2311 (SQL injection vulnerability in the rGallery plugin 1.2.3 for WoltLab ...)
	NOT-FOR-US: rGallery plugin for WoltLab
CVE-2009-2310 (SQL injection vulnerability in include/get_read.php in ...)
	NOT-FOR-US: Extensible-BioLawCom CMS
CVE-2009-2309 (SQL injection vulnerability in index.php in Codice CMS 2 allows remote ...)
	NOT-FOR-US: Codice CMS 2
CVE-2009-2308 (Multiple SQL injection vulnerabilities in affiliates.php in the ...)
	NOT-FOR-US: PunBB
CVE-2009-2307 (SQL injection vulnerability in the CWGuestBook module 2.1 and earlier ...)
	NOT-FOR-US: MDPro
CVE-2009-2306 (The ARD-9808 DVR card security camera stores sensitive information ...)
	NOT-FOR-US: ARD-9808 DVR card security camera
CVE-2009-2305 (The ARD-9808 DVR card security camera allows remote attackers to cause ...)
	NOT-FOR-US: ARD-9808 DVR card security camera
CVE-2009-2304 (index.php in Aardvark Topsites PHP 5.2.0 and earlier allows remote ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2303 (index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2302 (Cross-site scripting (XSS) vulnerability in index.php in Aardvark ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2009-2301 (The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with ...)
	NOT-FOR-US: AppWall Web Application Firewall
CVE-2009-2300 (The management interface in the phion airlock Web Application Firewall ...)
	NOT-FOR-US: phion airlock Web Application Firewall
CVE-2009-2299 (The Artofdefence Hyperguard Web Application Firewall (WAF) module ...)
	NOT-FOR-US: Artofdefence Hyperguard Web Application Firewall
CVE-2009-2298 (Stack-based buffer overflow in rping in HP OpenView Network Node ...)
	NOT-FOR-US: HP Network Node Manager rping
CVE-2009-2297 (Unspecified vulnerability in the udp subsystem in the kernel in Sun ...)
	NOT-FOR-US: kernel in Sun Solaris
CVE-2009-2296 (The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris ...)
	NOT-FOR-US: kernel module in Sun Solaris
CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow ...)
	{DSA-1912-2 DSA-1832-1}
	- camlimages 1:3.0.1-2 (low; bug #535909)
	- advi 1.6.0-15 (low; bug #550440)
CVE-2009-2294 (Integer overflow in the Png_datainfo_callback function in Dillo 2.1 ...)
	- dillo 3.0-1 (medium; bug #535788)
CVE-2009-2293 (Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote ...)
	NOT-FOR-US: Optimum Web Design Tutorial Share
CVE-2009-2292 (Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 ...)
	NOT-FOR-US: Appleple a-News
CVE-2009-2291 (Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a ...)
	NOT-FOR-US: LoginToboggan module for Drupal
CVE-2009-2290 (SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) ...)
	NOT-FOR-US: Joomla!
CVE-2009-2289 (Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade ...)
	NOT-FOR-US: Arcade Trade Script
CVE-2009-2287 (The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel ...)
	{DSA-1846-1 DSA-1845-1}
	- linux-2.6 2.6.30-2 (low)
	- linux-2.6.24 <removed>
	- kvm 88+dfsg-2 (low; bug #557737)
CVE-2009-2285 (Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 ...)
	{DSA-1835-1}
	- tiff 3.8.2-12 (low; bug #534137)
	- tiff3 <not-affected> (fixed prior to initial upload)
	NOTE: this doesn't allow code execution, only a crash.
CVE-2009-2283 (Multiple cross-site scripting (XSS) vulnerabilities in the help jsp ...)
	NOT-FOR-US: Sun Java Web Console in Solaris
CVE-2009-2282 (The Virtual Network Terminal Server daemon (vntsd) for Logical Domains ...)
	NOT-FOR-US: LDoms in Sun Solaris
CVE-2008-6847 (Cross-site scripting (XSS) vulnerability in Employee/emp_login.asp in ...)
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6846 (Multiple stack-based buffer overflows in avast! Linux Home Edition ...)
	NOT-FOR-US: avast! Linux Home Edition
CVE-2008-6845 (The unpack feature in ClamAV 0.93.3 and earlier allows remote ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <no-dsa> (Support was discontinued)
CVE-2008-6844 (The registration view (/user/register) in eZ Publish 3.5.6 and ...)
	NOT-FOR-US: eZ Publish
CVE-2008-6843 (Directory traversal vulnerability in index.php in Fantastico, as used ...)
	NOT-FOR-US: Fantastico
CVE-2008-6842 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Pluck
CVE-2008-6841 (PHP remote file inclusion vulnerability in the Green Mountain ...)
	NOT-FOR-US: component for Joomla!
CVE-2008-6840 (Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 ...)
	NOT-FOR-US: V-webmail
CVE-2009-2373 (Cross-site scripting (XSS) vulnerability in the Forum module in Drupal ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (low; bug #535435)
	- drupal5 <not-affected> (Vulnerable code not present)
	NOTE: http://drupal.org/node/507572
	NOTE: requested CVE id
CVE-2009-2372 (Drupal 6.x before 6.13 does not prevent users from modifying user ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (medium; bug #535435)
	- drupal5 <not-affected> (Vulnerable code not present)
	NOTE: http://drupal.org/node/507572
	NOTE: marked as medium as this might lead to code execution if the php filter is enabled
	NOTE: requested CVE id
CVE-2009-2374 (Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize ...)
	{DSA-1930-1}
	- drupal6 6.12-1.1 (low; bug #535435)
	- drupal5 5.18-1.1 (low; bug #535476)
	NOTE: http://drupal.org/node/507572
	NOTE: requested CVE id
CVE-2009-2284 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 ...)
	- phpmyadmin 4:3.2.0.1-1 (medium; bug #535890)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: affects 3.x branch only
CVE-2009-2280
	RESERVED
CVE-2009-2279
	RESERVED
CVE-2009-2278
	RESERVED
CVE-2009-2277 (Cross-site scripting (XSS) vulnerability in WebAccess in VMware ...)
	NOT-FOR-US: VMware
CVE-2009-2276 (SQL injection vulnerability in voteforus.php in the Vote For Us ...)
	NOT-FOR-US: voteforus.php extension for PunBB
CVE-2009-2275 (Directory traversal vulnerability in frontend/x3/stats/lastvisit.html ...)
	NOT-FOR-US: cPanel
CVE-2009-2274 (The Huawei D100 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2273 (The default configuration of the Wi-Fi component on the Huawei D100 ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2272 (The Huawei D100 stores the administrator's account name and password ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2271 (The Huawei D100 has (1) a certain default administrator password for ...)
	NOT-FOR-US: Huawei D100
CVE-2009-2270 (Unrestricted file upload vulnerability in member/uploads_edit.php in ...)
	NOT-FOR-US: dedecms
CVE-2009-2269 (SQL injection vulnerability in Empire CMS 5.1 allows remote attackers ...)
	NOT-FOR-US: Empire CMS
CVE-2009-2268 (Cross-site scripting (XSS) vulnerability in the Cross-Domain ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-2267 (VMware Workstation 6.5.x before 6.5.3 build 185404, VMware Player ...)
	- vmware-package <removed>
CVE-2009-2266 (OXID eShop 4.x before 4.1.4-21266, 3.x, and 2.x allows remote ...)
	NOT-FOR-US: OXID eShop
CVE-2009-2281 (Multiple heap-based buffer underflows in the readPostBody function in ...)
	{DSA-1914-1}
	- mapserver 5.4.2-1 (medium; bug #535340)
	NOTE: http://www.openwall.com/lists/oss-security/2009/06/22/2
CVE-2009-2265 (Multiple directory traversal vulnerabilities in FCKeditor before ...)
	{DSA-1836-1}
	- fckeditor 1:2.6.4.1-1 (medium; bug #536051)
	NOTE: http://dev.fckeditor.net/changeset/3815/FCKeditor/trunk/editor/filemanager
	- moin 1.8.2-2
	NOTE: moin from 1.8.2-2 uses systemwide copy of fckeditor
	[lenny] - moin <unfixed> (unimportant)
	[etch] - moin <not-affected> (Vulnerable code not present)
	NOTE: moin in lenny provides FCKeditor as example files (/usr/share/doc)
	- request-tracker3.8 <not-affected> (Vulnerable code not present)
	- egroupware 1.6.002+dfsg-1 (low)
	[lenny] - egroupware 1.4.004-2.dfsg-4.2
	- gforge 4.6.99+svn6225-1
	[etch] - gforge <not-affected> (doesn't contain FCKeditor)
	- knowledgeroot 0.9.8.5-3 (medium; bug #538722)
	- karrigell <removed>
	[etch] - karrigell <not-affected> (Vulnerable code not present)
	NOTE: knowledgeroot from 0.9.8.5-3 uses systemwide copy of fckeditor
CVE-2009-2264
	RESERVED
CVE-2009-2263 (Directory traversal vulnerability in index.php in Awesome PHP Mega ...)
	NOT-FOR-US: Mega File Manager
CVE-2009-2262 (PHP remote file inclusion vulnerability in install/di.php in ...)
	NOT-FOR-US: AjaxPortal
CVE-2009-2261 (PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted ...)
	NOT-FOR-US: PeaZIP
CVE-2009-2260 (stardict 3.0.1, when Enable Net Dict is configured, sends the contents ...)
	- stardict 3.0.1-5 (low; bug #534731)
	[etch] - stardict <not-affected> (netdict plugin not yet present)
	[lenny] - stardict 3.0.1-4+lenny1
CVE-2009-2259
	REJECTED
CVE-2009-2258 (Directory traversal vulnerability in cgi-bin/webcm in the ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2257 (The administrative web interface on the Netgear DG632 with firmware ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2256 (The administrative web interface on the Netgear DG632 with firmware ...)
	NOT-FOR-US: Netgear DG632
CVE-2009-2255 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2254 (Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative ...)
	NOT-FOR-US: Zen Cart
CVE-2009-2253
	RESERVED
CVE-2009-2252
	RESERVED
CVE-2009-2251
	RESERVED
CVE-2009-2250
	RESERVED
CVE-2009-2249
	RESERVED
CVE-2009-2248
	RESERVED
CVE-2009-2247
	RESERVED
CVE-2009-2246
	RESERVED
CVE-2009-2245
	RESERVED
CVE-2009-2244
	RESERVED
CVE-2009-2243 (SQL injection vulnerability in active_appointments.asp in ASP Inline ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2242 (SQL injection vulnerability in active_appointments.asp in ASP Inline ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2241 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Inline ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2009-2240 (Cross-site scripting (XSS) vulnerability in AD2000 free-sw leger (aka ...)
	NOT-FOR-US: Web Conference Room Free
CVE-2009-2239 (SQL injection vulnerability in the (1) casinobase (com_casinobase), ...)
	NOT-FOR-US: Joomla! components
CVE-2009-2238 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: DMXReady Registration Manager
CVE-2009-2237 (Unspecified vulnerability in Views Bulk Operations 5.x-1.x before ...)
	NOT-FOR-US: contributed Views Bulk Operations module for Drupal
CVE-2009-2236 (SQL injection vulnerability in yad-admin/login.php in Your Article ...)
	NOT-FOR-US: Your Articles Directory
CVE-2009-2235 (SQL injection vulnerability in page.php in Your Articles Directory ...)
	NOT-FOR-US: Your Articles Directory
CVE-2009-2234 (Multiple SQL injection vulnerabilities in admin.php in VICIDIAL Call ...)
	NOT-FOR-US: VICIDIAL Call Center Suite
CVE-2009-2210 (Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow ...)
	{DSA-1830-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceape 1.1.17-1
	[squeeze] - iceape <not-affected> (only provides a stub for XPCOM)
	[lenny] - iceape <not-affected> (Only provides a stub for XPCOM)
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <not-affected> (mail suite not compiled)
	NOTE: http://www.mozilla.org/security/announce/2009/mfsa2009-33.html
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=495057
CVE-2008-6839 (Multiple cross-site scripting (XSS) vulnerabilities in TGS Content ...)
	NOT-FOR-US: TGS Content Management
CVE-2008-6838 (Cross-site scripting (XSS) vulnerability in search.php in Zoph 0.7.2.1 ...)
	- zoph 0.8.0.1-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: it seems a duplicate of CVE-2008-3258
CVE-2008-6837 (SQL injection vulnerability in Zoph 0.7.2.1 allows remote attackers to ...)
	- zoph 0.8.0.1-1 (bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: the details are unknown
CVE-2009-2343 (Cross-site scripting (XSS) vulnerability in people.php in Zoph before ...)
	- zoph 0.7.5-1 (low; bug #535188)
	[lenny] - zoph <no-dsa> (Minor issue, fringe package)
	NOTE: http://sourceforge.net/tracker/?func=detail&aid=2815898&group_id=69353&atid=524249
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=694128
CVE-2008-6836 (Cross-site request forgery (CSRF) vulnerability in OpenID 5.x before ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-6835 (Cross-site scripting (XSS) vulnerability in OpenID 5.x before 5.x-1.2, ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2009-XXXX [udev: creates aacraid devices that are rw by group floppy]
	- udev 0.141-1 (low; bug #530245; bug #462655; bug #404927)
	[lenny] - udev <no-dsa> (Minor issue)
	[etch] - udev <no-dsa> (minor issue)
CVE-2009-2288 (statuswml.cgi in Nagios before 3.1.1 allows remote attackers to ...)
	{DSA-1825-1}
	- nagios3 3.0.6-5
	- nagios2 <removed>
	NOTE: http://secunia.com/advisories/35543
CVE-2009-2286 (Buffer overflow in compface 1.5.2 and earlier allows user-assisted ...)
	- libcompface 1:1.5.2-5 (unimportant; bug #534973)
CVE-2009-2233 (The admin interface in AWScripts.com Gallery Search Engine 1.5 allows ...)
	NOT-FOR-US: AWScripts.com Gallery Search Engine
CVE-2009-2232 (SQL injection vulnerability in image.php in Softbiz Banner Ad ...)
	NOT-FOR-US: Softbiz Banner Ad Management Script
CVE-2009-2231 (MIDAS 1.43 allows remote attackers to bypass authentication and obtain ...)
	NOT-FOR-US: MIDAS
CVE-2009-2230 (SQL injection vulnerability in inc/datahandlers/user.php in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2009-2229 (Directory traversal vulnerability in engine.php in Kasseler CMS 1.3.5 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-2228 (Cross-site scripting (XSS) vulnerability in engine.php in Kasseler CMS ...)
	NOT-FOR-US: Kasseler CMS
CVE-2009-2227 (Stack-based buffer overflow in B Labs Bopup Communication Server ...)
	NOT-FOR-US: Bopup Communication Server
CVE-2009-2226 (Cross-site scripting (XSS) vulnerability in Let's PHP! Tree BBS ...)
	NOT-FOR-US: Let's PHP! Tree BBS
CVE-2009-2225 (Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial ...)
	NOT-FOR-US: SureThing CD/DVD Labeler
CVE-2009-2224 (Directory traversal vulnerability in ang/shared/flags.php in AN ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-2223 (Directory traversal vulnerability in locms/smarty.php in LightOpenCMS ...)
	NOT-FOR-US: LightOpenCMS
CVE-2009-2222 (Directory traversal vulnerability in PHP-I-BOARD 1.2 and earlier ...)
	NOT-FOR-US: PHP-I-BOARD
CVE-2009-2221 (Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and ...)
	NOT-FOR-US: PHP-I-BOARD
CVE-2009-2220 (Multiple directory traversal vulnerabilities in Tribiq CMS 5.0.12c, ...)
	NOT-FOR-US: Tribiq CMS
CVE-2009-2219 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2218 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2217 (Cross-site scripting (XSS) vulnerability in NBBC before 1.4.2 allows ...)
	NOT-FOR-US: NBBC
CVE-2009-2216 (Cross-site scripting (XSS) vulnerability in CMD_REDIRECT in ...)
	NOT-FOR-US: DirectAdmin
CVE-2009-2215 (Multiple cross-site scripting (XSS) vulnerabilities in URD before ...)
	NOT-FOR-US: URD
CVE-2009-2214 (The Secure Gateway service in Citrix Secure Gateway 3.1 and earlier ...)
	NOT-FOR-US: Citrix Secure Gateway
CVE-2009-2213 (The default configuration of the Security global settings on the ...)
	NOT-FOR-US: Citrix NetScaler Access Gateway
CVE-2009-2212 (The CQWeb server in IBM Rational ClearQuest 7.0.0 before 7.0.0.6 and ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-2211 (Cross-site scripting (XSS) vulnerability in the CQWeb server in IBM ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2009-2209 (SQL injection vulnerability in rscms_mod_newsview.php in RS-CMS 2.1 ...)
	NOT-FOR-US: RS-CMS
CVE-2009-2208 (FreeBSD 6.3, 6.4, 7.1, and 7.2 does not enforce permissions on the ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-2
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
	NOTE: http://security.freebsd.org/advisories/FreeBSD-SA-09:10.ipv6.asc
CVE-2009-2207 (The MobileMail component in Apple iPhone OS 3.0 and 3.0.1, and iPhone ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2206 (Multiple heap-based buffer overflows in the AudioCodecs library in the ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2205 (Stack-based buffer overflow in the Java Web Start command launcher in ...)
	NOT-FOR-US: Mac OS X
CVE-2009-2204 (Unspecified vulnerability in the CoreTelephony component in Apple ...)
	NOT-FOR-US: Apple iPhone OS
CVE-2009-2203 (Buffer overflow in Apple QuickTime before 7.6.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2202 (Apple QuickTime before 7.6.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-2201 (The screensharing feature in the Admin application in Apple Xsan ...)
	NOT-FOR-US: Admin application in Apple Xsan
CVE-2009-2200 (WebKit in Apple Safari before 4.0.3 does not properly restrict the URL ...)
	- kdelibs <not-affected>
	- webkit <not-affected> (gtk-based frame loader not affected)
	- qt4-x11 <not-affected>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
	NOTE: http://trac.webkit.org/changeset/44905
	NOTE: http://trac.webkit.org/changeset/44909
CVE-2009-2199 (Incomplete blacklist vulnerability in WebKit in Apple Safari before ...)
	- kdelibs <not-affected>
	- webkit <not-affected> (problem with look-alike character rendering with mac-specific fonts)
	- qt4-x11 <not-affected>
CVE-2009-2198 (Apple GarageBand before 5.1 reconfigures Safari to accept all cookies ...)
	NOT-FOR-US: Apple GarageBand
CVE-2009-2197 (Apple Safari before 9.1 allows remote attackers to spoof the user ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2196 (Unspecified vulnerability in Apple Safari 4 before 4.0.3 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2195 (Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote ...)
	- webkit 1.1.12-1 (medium)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 <not-affected>
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=517273
	NOTE: http://trac.webkit.org/changeset/45696
CVE-2009-2194 (Apple Mac OS X 10.5 before 10.5.8 does not properly share file ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-2193 (Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 ...)
	NOT-FOR-US: kernel in Apple Mac OS X
CVE-2009-2192 (MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete ...)
	NOT-FOR-US: MobileMe in Apple Mac OS X
CVE-2009-2191 (Format string vulnerability in Login Window in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Login Window in Apple Mac OS X
CVE-2009-2190 (launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers ...)
	NOT-FOR-US: launchd in Apple Mac OS X
CVE-2009-2189 (The ICMPv6 implementation on the Apple Time Capsule, AirPort Extreme ...)
	NOT-FOR-US: Apple
CVE-2009-2188 (Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and ...)
	NOT-FOR-US: ImageIO in Apple Mac OS X
CVE-2009-2187 (Multiple memory leaks in the (1) IP and (2) IPv6 multicast ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2186 (Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 ...)
	NOT-FOR-US: Adobe Shockwave Playe
CVE-2009-2185 (The ASN.1 parser (pluto/asn1.c, libstrongswan/asn1/asn1.c, ...)
	{DSA-1899-1 DSA-1898-1}
	- strongswan 4.2.14-1.2 (bug #533837)
	- openswan 1:2.6.22+dfsg-1
CVE-2009-2184 (Absolute path traversal vulnerability in forcedownload.php in Gravy ...)
	NOT-FOR-US: Gravy Media Photo
CVE-2009-2183 (Directory traversal vulnerability in admin-files/ad.php in Campsite ...)
	NOT-FOR-US: Campsite
CVE-2009-2182 (Multiple PHP remote file inclusion vulnerabilities in Campsite 3.3.0 ...)
	NOT-FOR-US: Campsite
CVE-2009-2181 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Campsite
CVE-2009-2180 (Multiple directory traversal vulnerabilities in upfiles/index.php in ...)
	NOT-FOR-US: Pc4 Uploader
CVE-2009-2179 (SQL injection vulnerability in search.php in phpDatingClub 3.7 allows ...)
	NOT-FOR-US: phpDatingClub
CVE-2009-2178 (Cross-site scripting (XSS) vulnerability in website.php in ...)
	NOT-FOR-US: phpDatingClub
CVE-2009-2177 (code/display.php in fuzzylime (cms) 3.03a and earlier, when ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2176 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.03a ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2175 (Stack-based buffer overflow in the flattenIncrementally function in ...)
	- gnome-xcf-thumbnailer 1.0-1.1 (low; bug #601735)
	[lenny] - gnome-xcf-thumbnailer <no-dsa> (Minor issue)
	- xcftools 1.0.7-1 (low; bug #533361)
	[etch] - xcftools 1.0.4-1+etch1
	[lenny] - xcftools 1.0.4-1+lenny1
CVE-2009-2174 (GUPnP 0.12.7 allows remote attackers to cause a denial of service ...)
	- gupnp 0.12.6-3.1 (low; bug #534594)
	[etch] - gupnp <no-dsa> (Minor issue)
	[lenny] - gupnp <no-dsa> (Minor issue)
CVE-2009-2173 (The LAN game feature in Carom3D 5.06 allows remote authenticated users ...)
	NOT-FOR-US: Carom3D
CVE-2009-2172 (Cross-site scripting (XSS) vulnerability in forum/radioandtv.php in ...)
	NOT-FOR-US: Radio and TV Player addon for vBulletin
CVE-2009-2169 (Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX ...)
	NOT-FOR-US: Edraw PDF Viewer
CVE-2009-2168 (cpanel/login.php in EgyPlus 7ammel (aka 7ml) 1.0.1 and earlier sends a ...)
	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2167 (Multiple SQL injection vulnerabilities in cpanel/login.php in EgyPlus ...)
	NOT-FOR-US: EgyPlus 7ammel (aka 7ml)
CVE-2009-2166 (Absolute path traversal vulnerability in cvs.php in OCS Inventory NG ...)
	- ocsinventory-server 1.02.1-1 (unimportant; bug #531735)
	NOTE: README.Debian states Important: access to the reports server should be restricted
CVE-2009-2165 (SerendipityNZ (aka SimpleBoxes) Serene Bach 2.20R and earlier, and ...)
	NOT-FOR-US: SerendipityNZ (aka SimpleBoxes) Serene Bach
CVE-2009-2164 (Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, ...)
	NOT-FOR-US: kjtechforce
CVE-2009-2163 (Cross-site scripting (XSS) vulnerability in login/default.aspx in ...)
	NOT-FOR-US: Sitecore CMS
CVE-2009-2162 (Cross-site scripting (XSS) vulnerability in the XOOPS MANIAC ...)
	NOT-FOR-US: XOOPS MANIAC PukiWikiMod module
CVE-2009-2161 (Directory traversal vulnerability in backend/admin-functions.php in ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2160 (TorrentTrader Classic 1.09 allows remote attackers to (1) obtain ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2159 (backup-database.php in TorrentTrader Classic 1.09 does not require ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2158 (account-recover.php in TorrentTrader Classic 1.09 chooses random ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2157 (Multiple SQL injection vulnerabilities in TorrentTrader Classic 1.09 ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2156 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentTrader ...)
	NOT-FOR-US: TorrentTrader
CVE-2009-2155 (Cross-site scripting (XSS) vulnerability in report/ReportViewAction.do ...)
	NOT-FOR-US: WebNMS
CVE-2009-2154 (SQL injection vulnerability in admin/login.php in Impleo Music ...)
	NOT-FOR-US: Impleo Music Collection
CVE-2009-2153 (Cross-site scripting (XSS) vulnerability in index.php in Impleo Music ...)
	NOT-FOR-US: Impleo Music Collection
CVE-2009-2152 (SQL injection vulnerability in a_index.php in AdaptWeb 0.9.2 allows ...)
	NOT-FOR-US: AdaptWeb
CVE-2009-2151 (Directory traversal vulnerability in index.php in AdaptWeb 0.9.2 ...)
	NOT-FOR-US: AdaptWeb
CVE-2009-2150 (Multiple cross-site request forgery (CSRF) vulnerabilities in Campus ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2149 (Multiple cross-site scripting (XSS) vulnerabilities in Campus ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2148 (SQL injection vulnerability in news/index.php in Campus Virtual-LMS ...)
	NOT-FOR-US: Campus Virtual-LMS
CVE-2009-2147 (SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and ...)
	NOT-FOR-US: phpWebThings
CVE-2009-2146 (Unrestricted file upload vulnerability in the Compose Email feature in ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2009-2145 (Multiple cross-site scripting (XSS) vulnerabilities in transLucid 1.75 ...)
	NOT-FOR-US: transLucid
CVE-2009-2144 (SQL injection vulnerability in the FireStats plugin before ...)
	NOT-FOR-US: FireStats plugin for WordPress
CVE-2009-2143 (PHP remote file inclusion vulnerability in firestats-wordpress.php in ...)
	NOT-FOR-US: FireStats plugin for WordPress
CVE-2009-2142 (Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store ...)
	NOT-FOR-US: Zip Store Chat
CVE-2009-2141 (Multiple cross-site scripting (XSS) vulnerabilities in TBDev.NET ...)
	NOT-FOR-US: TBDev.NET
CVE-2008-6834 (Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 ...)
	NOT-FOR-US: fuzzylime
CVE-2008-6833 (Directory traversal vulnerability in commsrss.php in fuzzylime (cms) ...)
	NOT-FOR-US: fuzzylime
CVE-2009-2140 (Multiple heap-based buffer overflows in ...)
	- openoffice.org <not-affected> (bug introduced by a patch not applied to the deb)
CVE-2009-2139 (Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-2138 (Multiple open redirect vulnerabilities in TBDev.NET 01-01-08 allow ...)
	NOT-FOR-US: TBDev.NET
CVE-2009-2137 (Memory leak in the Ultra-SPARC T2 crypto provider device driver (aka ...)
	NOT-FOR-US: Ultra-SPARC T2 crypto provider device driver in Sun Solaris 10
CVE-2009-2136 (Unspecified vulnerability in the TCP/IP networking stack in Sun ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-2135 (Multiple race conditions in the Solaris Event Port API in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2009-2134 (pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to ...)
	NOT-FOR-US: Pivot
CVE-2009-2133 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.40.4 ...)
	NOT-FOR-US: Pivot
CVE-2009-2132 (Directory traversal vulnerability in global.php in 4images before ...)
	NOT-FOR-US: 4images
CVE-2009-2131 (Cross-site scripting (XSS) vulnerability in 4images 1.7.7 and earlier ...)
	NOT-FOR-US: 4images
CVE-2009-2130 (Elvin 1.2.0 allows remote attackers to read the PHP source code of (1) ...)
	NOT-FOR-US: Elvin
CVE-2009-2129 (Cross-site request forgery (CSRF) vulnerability in login.php in Elvin ...)
	NOT-FOR-US: Elvin
CVE-2009-2128 (SQL injection vulnerability in close_bug.php in Elvin before 1.2.1 ...)
	NOT-FOR-US: Elvin
CVE-2009-2127 (Cross-site scripting (XSS) vulnerability in show_activity.php in Elvin ...)
	NOT-FOR-US: Elvin
CVE-2009-2126 (Cross-site scripting (XSS) vulnerability in close_bug.php in Elvin ...)
	NOT-FOR-US: Elvin
CVE-2009-2125 (delete_bug.php in Elvin before 1.2.1 does not require administrative ...)
	NOT-FOR-US: Elvin
CVE-2009-2124 (Directory traversal vulnerability in page.php in Elvin 1.2.0 allows ...)
	NOT-FOR-US: Elvin
CVE-2009-2123 (Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote ...)
	NOT-FOR-US: Elvin
CVE-2009-2122 (SQL injection vulnerability in viewimg.php in the Paolo Palmonari ...)
	NOT-FOR-US: Photoracer plugin for WordPress
CVE-2009-2121 (Buffer overflow in the browser kernel in Google Chrome before ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2170 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...)
	{DSA-1822-1}
	- mahara 1.1.5-1 (low)
CVE-2009-2171 (Mahara 1.1 before 1.1.5 does not apply permission checks when saving a ...)
	- mahara 1.1.5-1 (low)
	[lenny] - mahara <not-affected> (vulnerable code introduced in 1.1)
CVE-2009-2120 (Multiple SQL injection vulnerabilities in TekBase All-in-One 3.1 allow ...)
	NOT-FOR-US: TekBase
CVE-2009-2119 (Cross-site scripting (XSS) vulnerability in the login interface ...)
	NOT-FOR-US: FirePass
CVE-2009-2118 (Integer overflow in IrfanView 4.23, when the resampling or screen ...)
	NOT-FOR-US: IrfanView
CVE-2009-2117 (uye_paneli.php in phPortal 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: phPortal
CVE-2009-2116 (Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2115 (admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2114 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	NOT-FOR-US: SkyBlueCanvas
CVE-2009-2113 (Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote ...)
	NOT-FOR-US: FretsWeb
CVE-2009-2112 (Directory traversal vulnerability in include/page_bottom.php in phpFK ...)
	NOT-FOR-US: phpFK
CVE-2009-2111 (Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 ...)
	NOT-FOR-US: DB Top Site
CVE-2009-2110 (Multiple directory traversal vulnerabilities in DB Top Sites 1.0, when ...)
	NOT-FOR-US: DB Top Sites 1.0
CVE-2009-2109 (Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow ...)
	NOT-FOR-US: FretsWeb
CVE-2009-2108 (git-daemon in git 1.4.4.5 through 1.6.3 allows remote attackers to ...)
	{DSA-1841-2 DSA-1841-1}
	- git-core 1:1.6.3.3-1 (medium; bug #532935)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=73bb33a9
CVE-2009-XXXX [moin: heirarchical ACL vulnerability]
	- moin 1.8.4-1 (unimportant; bug #533673)
	NOTE: Not a specific vulnerability, rather a security-related behaviour change, see bug
	[etch] - moin <not-affected> (vulnerable code not present in 1.5.3-1.2etch2)
CVE-2009-XXXX [pcsc-lite: creates world-writable directory]
	- pcsc-lite 1.5.4-1 (low; bug #533670)
	[etch] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
	[lenny] - pcsc-lite <not-affected> (directory introduced in 1.5.0)
CVE-2009-XXXX ["slowloris" denial-of-service vulnerabilty in webservers]
	- squid <not-affected>
	- squid3 <not-affected>
	NOTE: http://www.squid-cache.org/bugs/show_bug.cgi?id=2694
	- lighttpd <not-affected>
CVE-2009-2107 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2009-XXXX [ShowConfigTab unintentionally grants rights intended for SuperUsers]
	- request-tracker3.6 3.6.8-1 (low; bug #532990)
	[lenny] - request-tracker3.6 3.6.7-5+lenny1
	[etch] - request-tracker3.6 <not-affected> (flaw introduced in 3.6.2)
	- request-tracker3.4 <not-affected> (flaw introduced in 3.6.2; bug #534498)
	- request-tracker3.8 3.8.4-1
CVE-2009-2106 (SQL injection vulnerability in the Virtual Civil Services (civserv) ...)
	NOT-FOR-US: Virtual Civil Services extension for TYPO3
CVE-2009-2105 (SQL injection vulnerability in the References database (t3references) ...)
	NOT-FOR-US: References database extension for TYPO3
CVE-2009-2104 (Cross-site scripting (XSS) vulnerability in the Modern Guestbook / ...)
	NOT-FOR-US: Modern Guestbook extension for TYPO3
CVE-2009-2103 (SQL injection vulnerability in the Frontend MP3 Player (fe_mp3player) ...)
	NOT-FOR-US: Frontend MP3 Player extension for TYPO3
CVE-2009-2102 (SQL injection vulnerability in the Jumi (com_jumi) component 2.0.3 and ...)
	NOT-FOR-US: Jumi component for Joomla
CVE-2009-2101 (Directory traversal vulnerability in archive.php in TorrentVolve 1.4, ...)
	NOT-FOR-US: TorrentVolve
CVE-2009-2100 (Directory traversal vulnerability in the JoomlaPraise Projectfork ...)
	NOT-FOR-US: JoomlaPraise component for Joomla
CVE-2009-2099 (SQL injection vulnerability in the iJoomla RSS Feeder ...)
	NOT-FOR-US: iJoomla RSS Feeder component for Joomla
CVE-2009-2098 (SQL injection vulnerability in topicler.php in phPortal 1.0 allows ...)
	NOT-FOR-US: phPortal
CVE-2009-2097 (SQL injection vulnerability in ...)
	NOT-FOR-US: Zoki Catalog
CVE-2009-2096 (SQL injection vulnerability in house/listing_view.php in ...)
	NOT-FOR-US: phpCollegeExchange
CVE-2009-2095 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mundi Mail
CVE-2009-2094 (Unspecified vulnerability in IBM WebSphere Commerce 6.0 Enterprise ...)
	NOT-FOR-US: IBM WebSphere Commerce
CVE-2009-2093 (SQL injection vulnerability in the console in IBM WebSphere Partner ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2092 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.5 does not ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2091 (The System Management/Repository component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2090 (Unspecified vulnerability in wsadmin in the System ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2089 (The Migration component in IBM WebSphere Application Server (WAS) 6.1 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2088 (The Servlet Engine/Web Container component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2087 (The Web Services functionality in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2086
	REJECTED
CVE-2009-2085 (The Security component in IBM WebSphere Application Server (WAS) 6.1 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-2084 (Simple Linux Utility for Resource Management (SLURM) 1.2 and 1.3 ...)
	{DSA-1776-1}
	- slurm-llnl 1.3.15-1 (bug #524980)
	[lenny] - slurm-llnl 1.3.6-1lenny3
CVE-2009-2083 (Cross-site scripting (XSS) vulnerability in the term data detail page ...)
	NOT-FOR-US: Taxonomy
CVE-2009-2082 (SQL injection vulnerability in insidepage.php in Creative Web ...)
	NOT-FOR-US: Creative Web Solutions Multi-Level CMS
CVE-2009-2081 (Directory traversal vulnerability in help.php in phpWebThings 1.5.2 ...)
	NOT-FOR-US: phpWebThings
CVE-2009-2080 (admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict ...)
	NOT-FOR-US: MRCGIGUY
CVE-2009-2079 (Cross-site scripting (XSS) vulnerability in the administrative page ...)
	NOT-FOR-US: Taxonomy
CVE-2009-2078 (Multiple cross-site scripting (XSS) vulnerabilities in Booktree 5.x ...)
	NOT-FOR-US: Booktree module for drupal
CVE-2009-2077 (Drupal 6.x before 6.x-2.6, a module for Drupal, allows remote ...)
	- drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2076 (Cross-site scripting (XSS) vulnerability in Views 6.x before 6.x-2.6, ...)
	- drupal6-mod-views <not-affected> (Fixed before initial upload)
CVE-2009-2075 (Nodequeue 5.x before 5.x-2.7 and 6.x before 6.x-2.2, a module for ...)
	NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-2074 (Cross-site scripting (XSS) vulnerability in Nodequeue 5.x before ...)
	NOT-FOR-US: Nodequeue module for Drupal
CVE-2009-XXXX [backuppc: web frontend installed insecurely by default]
	- backuppc 3.1.0-6
	[lenny] - backuppc 3.1.0-4lenny1
CVE-2009-XXXX [clamav scanner bypass with archives]
	- clamav 0.95.2+dfsg-1 (low; bug #535881)
	[lenny] - clamav <no-dsa> (Inherent to the concept of malware concept)
	[etch] - clamav <no-dsa> (Support was discontinued)
	NOTE: http://blog.zoller.lu/2009/05/advisory-clamav-generic-bypass.html
CVE-2009-2073 (Cross-site request forgery (CSRF) vulnerability in Linksys WRT160N ...)
	NOT-FOR-US: Linksys
CVE-2009-2072 (Apple Safari does not require a cached certificate before displaying a ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2071 (Google Chrome before 1.0.154.53 displays a cached certificate for a ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2070 (Opera displays a cached certificate for a (1) 4xx or (2) 5xx CONNECT ...)
	NOT-FOR-US: Opera
CVE-2009-2069 (Microsoft Internet Explorer before 8 displays a cached certificate for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2068 (Google Chrome detects http content in https web pages only when the ...)
	- chromium-browser 5.0.342.9~r43360-1
CVE-2009-2067 (Opera detects http content in https web pages only when the top-level ...)
	NOT-FOR-US: Opera
CVE-2009-2066 (Apple Safari detects http content in https web pages only when the ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2065 (Mozilla Firefox 3.0.10, and possibly other versions, detects http ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-2064 (Microsoft Internet Explorer 8, and possibly other versions, detects ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2063 (Opera, possibly before 9.25, processes a 3xx HTTP CONNECT response ...)
	NOT-FOR-US: Opera
CVE-2009-2062 (Apple Safari before 3.2.2 processes a 3xx HTTP CONNECT response before ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2061 (Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-2060 (src/net/http/http_transaction_winhttp.cc in Google Chrome before ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-2059 (Opera, possibly before 9.25, uses the HTTP Host header to determine ...)
	NOT-FOR-US: Opera
CVE-2009-2058 (Apple Safari before 3.2.2 uses the HTTP Host header to determine the ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2057 (Microsoft Internet Explorer before 8 uses the HTTP Host header to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-2056 (Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: Cisco
CVE-2009-2055 (Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2054 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco
CVE-2009-2053 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco
CVE-2009-2052 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco
CVE-2009-2051 (Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x ...)
	NOT-FOR-US: Cisco
CVE-2009-2050 (Cisco Unified Communications Manager (aka CUCM, formerly CallManager) ...)
	NOT-FOR-US: Cisco
CVE-2009-2049 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-2048 (Cross-site scripting (XSS) vulnerability in the Administration ...)
	NOT-FOR-US: Cisco
CVE-2009-2047 (Directory traversal vulnerability in the Administration interface in ...)
	NOT-FOR-US: Cisco
CVE-2009-2046 (The embedded web server on the Cisco Video Surveillance 2500 Series IP ...)
	NOT-FOR-US: Cisco
CVE-2009-2045 (The Cisco Video Surveillance Stream Manager firmware before 5.3, as ...)
	NOT-FOR-US: Cisco
CVE-2009-2044 (Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to ...)
	- xulrunner <not-affected> (uses external cairo library)
	- cairo 1.8.8-2 (unimportant)
	NOTE: http://cgit.freedesktop.org/cairo/commit/?id=2cf82eaf0d08e68b787bb0792da97e73d8d4ce38
	NOTE: Just a crasher
CVE-2009-2043 (nsViewManager.cpp in Mozilla Firefox 3.0.2 through 3.0.10 allows ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-2042 (libpng before 1.2.37 does not properly parse 1-bit interlaced images ...)
	{DSA-2032-1}
	- libpng 1.2.37-1 (low; bug #533676)
	[etch] - libpng <no-dsa> (Minor issue, only exploitable in rare setups)
	- xulrunner <not-affected> (xulrunner dynamically linked against libpng; embeded code copy not used)
CVE-2009-2041 (Cross-site scripting (XSS) vulnerability in A51 D.O.O. activeCollab ...)
	NOT-FOR-US: activeCollab
CVE-2009-2040 (admin/options.php in Grestul 1.2 does not properly restrict access, ...)
	NOT-FOR-US: Grestul
CVE-2009-2039 (Unspecified vulnerability in the Luottokunta module before 1.3 for ...)
	NOT-FOR-US: Luottokunta module for osCommerce
CVE-2009-2038 (Unspecified vulnerability in the Finnish Bank Payment module 2.2 for ...)
	NOT-FOR-US: Finnish Bank Payment module 2.2 for osCommerce
CVE-2009-2037 (Multiple directory traversal vulnerabilities in Online Grades &amp; ...)
	NOT-FOR-US: Online Grades
CVE-2009-2036 (SQL injection vulnerability in index.php in Open Biller 0.1 allows ...)
	NOT-FOR-US: Open Biller
CVE-2009-2035 (Unspecified vulnerability in Services 6.x before 6.x-0.14, a module ...)
	NOT-FOR-US: Service module for Drupal
CVE-2009-2034 (SQL injection vulnerability in writemessage.php in Yogurt 0.3, when ...)
	NOT-FOR-US: Yogurt
CVE-2009-2033 (Cross-site scripting (XSS) vulnerability in index.php in Yogurt 0.3 ...)
	NOT-FOR-US: Yogurt
CVE-2009-2032 (Cross-site scripting (XSS) vulnerability in search.asp in PDshopPro, ...)
	NOT-FOR-US: PDshopPro
CVE-2009-2031 (smbfs in Sun OpenSolaris snv_84 through snv_110, when default mount ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-2030 (Unspecified vulnerability in the XML Digital Signature verification ...)
	NOT-FOR-US: IBM OS/400
CVE-2009-2029 (Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-2028 (Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 ...)
	NOT-FOR-US: Adobe
CVE-2009-2027 (The Installer in Apple Safari before 4.0 on Windows allows local users ...)
	NOT-FOR-US: Apple Safari
CVE-2009-2026 (Stack-based buffer overflow in a token searching function in the ...)
	NOT-FOR-US: CA Software Delivery
CVE-2009-2025 (admin/login.php in DM FileManager 3.9.2 allows remote attackers to ...)
	NOT-FOR-US: DM FileManager
CVE-2009-2024 (Vlad Titarenko ASP VT Auth 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Vlad Titarenko ASP VT Auth
CVE-2009-2023 (SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when ...)
	NOT-FOR-US: Shop-Script
CVE-2009-2022 (fipsCMS Light 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: fipsCMS
CVE-2009-2021 (SQL injection vulnerability in search.php in Virtue Classifieds allows ...)
	NOT-FOR-US: Virtue Classifieds allows
CVE-2009-2020 (Cross-site scripting (XSS) vulnerability in news_detail.php in Virtue ...)
	NOT-FOR-US: News Manager
CVE-2009-2019 (SQL injection vulnerability in news_detail.php in Virtue News Manager ...)
	NOT-FOR-US: Virtue News Manager
CVE-2009-2018 (SQL injection vulnerability in admin/index.php in Jared Eckersley ...)
	NOT-FOR-US: Jared Eckersley MyCars
CVE-2009-2017 (SQL injection vulnerability in products.php in Virtue Book Store ...)
	NOT-FOR-US: Virtue Book Store
CVE-2009-2016 (SQL injection vulnerability in products.php in Virtue Shopping Mall ...)
	NOT-FOR-US: Virtue Shopping Mall
CVE-2009-2015 (Directory traversal vulnerability in includes/file_includer.php in the ...)
	NOT-FOR-US: com_moofaq for Joomla!
CVE-2009-2014 (SQL injection vulnerability in the ComSchool (com_school) component ...)
	NOT-FOR-US: com_school for Joomla!
CVE-2009-2013 (SQL injection vulnerability in bin/aps_browse_sources.php in Frontis ...)
	NOT-FOR-US: Frontis
CVE-2009-2012 (Unspecified vulnerability in idmap in Sun OpenSolaris snv_88 through ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-2011 (Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and ...)
	NOT-FOR-US: Worldweaver DX Studio Player
CVE-2009-2010 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2009-2009 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...)
	NOT-FOR-US: Dokeos
CVE-2009-2008 (Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly ...)
	NOT-FOR-US: Dokeos
CVE-2009-2007 (Multiple directory traversal vulnerabilities in Dokeos 1.8.5, and ...)
	NOT-FOR-US: Dokeos
CVE-2009-2006 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.5, ...)
	NOT-FOR-US: Dokeos
CVE-2009-2005 (Cross-site request forgery (CSRF) vulnerability in Dokeos 1.8.5, and ...)
	NOT-FOR-US: Dokeos
CVE-2009-2004 (Multiple SQL injection vulnerabilities in main/mySpace/myStudents.php ...)
	NOT-FOR-US: Dokeos
CVE-2009-2003 (Ascad Networks Password Protector SD 1.3.1 allows remote attackers to ...)
	NOT-FOR-US: Ascad Networks Password Protector
CVE-2009-2002 (Unspecified vulnerability in the WebLogic Portal component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-2001 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-2000 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1999 (Unspecified vulnerability in the Business Intelligence Enterprise ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1998 (Unspecified vulnerability in the Oracle Communications Order and ...)
	NOT-FOR-US: Oracle Industry Applications
CVE-2009-1997 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1996 (Unspecified vulnerability in the Logical Standby component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1995 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1994 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1993 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1992 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1991 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1990 (Unspecified vulnerability in the Business Intelligence Enterprise ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1989 (Unspecified vulnerability in the PeopleSoft Enterprise FMS component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1988 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS eProfile ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1987 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools - ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1986 (Unspecified vulnerability in the Oracle Applications Manager component ...)
	NOT-FOR-US: Oracle Applications Manager
CVE-2009-1985 (Unspecified vulnerability in the Network Authentication component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1984 (Unspecified vulnerability in the Application Install component in ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1983 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1982 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1981 (Unspecified vulnerability in the Highly Interactive Client component ...)
	NOT-FOR-US: Siebel Product Suite
CVE-2009-1980 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-1979 (Unspecified vulnerability in the Network Authentication component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1978 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2009-1977 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle Secure Backup
CVE-2009-1976 (Unspecified vulnerability in the HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1975 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2009-1974 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2009-1973 (Unspecified vulnerability in the Virtual Private Database component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1972 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1971 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1970 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1969 (Unspecified vulnerability in the Auditing component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1968 (Unspecified vulnerability in the Secure Enterprise Search component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1967 (Unspecified vulnerability in the Config Management component in (1) ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1966 (Unspecified vulnerability in the Config Management component in (1) ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1965 (Unspecified vulnerability in the Net Foundation Layer component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1964 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1963 (Unspecified vulnerability in the Network Foundation component in ...)
	NOT-FOR-US: Oracle Database
CVE-2008-6832 (Cross-site request forgery (CSRF) vulnerability in Atlassian JIRA ...)
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6831 (Multiple cross-site scripting (XSS) vulnerabilities in Atlassian JIRA ...)
	NOT-FOR-US: Atlassian JIRA Enterprise Edition
CVE-2008-6830 (The disconnection feature in Citrix Web Interface 5.0 and 5.0.1 for ...)
	NOT-FOR-US: Java Application Servers
CVE-2008-6829 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: VicFTPS
CVE-2008-6828 (Symantec Altiris Deployment Solution 6.x before 6.9.355 SP1 stores the ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6827 (The ListView control in the Client GUI (AClient.exe) in Symantec ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-6826 (dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: MHF Media Pro
CVE-2009-XXXX [predictable random number generator used in web browsers]
	- webkit 1.2 (low; bug #532514)
	NOTE: The implementations for UNIX seems fine, might be fixed earlier
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdebase <unfixed> (unimportant; bug #532519)
	- w3m <unfixed> (unimportant; bug #532521)
	NOTE: w3m doesn't have Javascript support and the boundary issue is harmles
	- chromium-browser 26.0.1410.43-1 (bug #520324)
	[squeeze] - chromium-browser <end-of-life>
	NOTE: chromium has provides window.crypto.getRandomValues as a strong random number generator
	NOTE: https://code.google.com/p/chromium/issues/detail?id=246054
	- lynx 2.8.7rel.1-1 (unimportant; bug #532520)
	NOTE: lynx doesn't have Javascript and form-data support
	- dillo <not-affected> (bug #532522)
	NOTE: These issues can be fixed in more recent upstream versions, but the risk
	NOTE: of regression doesn't outweigh the issue at hand
CVE-2009-1961 (The inode double locking code in fs/ocfs2/file.c in the Linux kernel ...)
	{DSA-1844-1}
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Affected code was introduced in 2.6.19)
	[lenny] - linux-2.6 2.6.26-16
	- linux-2.6.24 <removed>
	NOTE: fixed in lenny 5.0.2 release
CVE-2009-1959 (Off-by-one error in the event_wallops function in ...)
	- irssi 0.8.13-2 (low; bug #532607; bug #531357)
	[lenny] - irssi 0.8.12-7
	[etch] - irssi 0.8.10-3
	NOTE: exploitability limited, DoS rather obscure attack scenario
CVE-2009-1956 (Off-by-one error in the apr_brigade_vprintf function in Apache ...)
	- apr-util 1.3.7+dfsg-1 (low)
	[lenny] - apr-util 1.2.12+dfsg-8+lenny3
CVE-2009-1955 (The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in ...)
	{DSA-1812-1}
	- apr-util 1.3.7+dfsg-1 (medium)
CVE-2009-1954 (Unspecified vulnerability in portmapper (aka portmap) in IBM AIX 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2009-1953 (IBM FileNet Content Manager 4.0, 4.0.1, and 4.5, as used in IBM ...)
	NOT-FOR-US: IBM FileNet Content Manager
CVE-2009-1952 (Multiple SQL injection vulnerabilities in the administrative login ...)
	NOT-FOR-US: PropertyMax
CVE-2009-1951 (Cross-site scripting (XSS) vulnerability in index.php in PropertyMax ...)
	NOT-FOR-US: PropertyMax
CVE-2009-1950 (SQL injection vulnerability in yorum.asp in WebEyes Guest Book 3 ...)
	NOT-FOR-US: WebEyes Guest Book
CVE-2009-1949 (import_wbb1.php in Unclassified NewsBoard (UNB) 1.6.4 allows remote ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1948 (Multiple directory traversal vulnerabilities in forum.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1947 (SQL injection vulnerability in the UnbDbEncode function in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2009-1946 (PHP remote file inclusion vulnerability in latestposts.php in AdaptBB ...)
	NOT-FOR-US: AdaptBB
CVE-2009-1945 (SQL injection vulnerability in webCal3_detail.asp in WebCal 3.04 ...)
	NOT-FOR-US: cWebCal
CVE-2009-1944 (Stack-based buffer overflow in AIMP 2.51 build 330 allows remote ...)
	NOT-FOR-US: AIMP
CVE-2009-1943 (Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet ...)
	NOT-FOR-US: SafeNet SoftRemote
CVE-2009-1942 (Cross-site scripting (XSS) vulnerability in the Quiz module 5.x, ...)
	NOT-FOR-US: Quiz module for Drupal
CVE-2009-1941 (PAD Site Scripts 3.6 stores sensitive information under the web ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-1940 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: Joomla!
CVE-2009-1939 (Cross-site scripting (XSS) vulnerability in the JA_Purity template for ...)
	NOT-FOR-US: Joomla!
CVE-2009-1938 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x through ...)
	NOT-FOR-US: Joomla!
CVE-2009-1937 (Cross-site scripting (XSS) vulnerability in the comment posting ...)
	NOT-FOR-US: LightNEasy
CVE-2009-1936 (_functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a ...)
	NOT-FOR-US: cpCommerce
CVE-2009-1935 (Integer overflow in the pipe_build_write_buffer function ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.2-2
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2009-1934 (Cross-site scripting (XSS) vulnerability in the Reverse Proxy Plug-in ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2009-1933 (Kerberos in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_117, ...)
	NOT-FOR-US: Solaris
CVE-2008-6825 (Directory traversal vulnerability in user/index.php in Fonality ...)
	NOT-FOR-US: trixbox
CVE-2009-XXXX [pgp4pine off-by-one]
	- pgp4pine <removed> (bug #457947; medium)
	[etch] - pgp4pine <no-dsa> (Contrib not supported)
	[lenny] - pgp4pine <no-dsa> (Contrib not supported)
	NOTE: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0122.html
	NOTE: unlike the note states this is not just an off-by-one, classic stack-based buffer overflow
CVE-2009-1932 (Multiple integer overflows in the (1) user_info_callback, (2) ...)
	{DSA-1839-1}
	- gst-plugins-good0.10 0.10.15-2 (medium; bug #531631; bug #532352)
CVE-2009-1931
	RESERVED
CVE-2009-1930 (The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1929 (Heap-based buffer overflow in the Microsoft Terminal Services Client ...)
	NOT-FOR-US: ActiveX
CVE-2009-1928 (Stack consumption vulnerability in the LDAP service in Active ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1927
	REJECTED
CVE-2009-1926 (Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1925 (The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2009-1924 (Integer overflow in the Windows Internet Name Service (WINS) component ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1923 (Heap-based buffer overflow in the Windows Internet Name Service (WINS) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1922 (The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1921
	REJECTED
CVE-2009-1920 (The JScript scripting engine 5.1, 5.6, 5.7, and 5.8 in JScript.dll in ...)
	NOT-FOR-US: Microsoft
CVE-2009-1919 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1918 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1; Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1917 (Microsoft Internet Explorer 6 SP1; Internet Explorer 6 for Windows XP ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1916 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...)
	NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1915 (Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ...)
	NOT-FOR-US: ICQ
CVE-2009-1914 (The pci_register_iommu_region function in ...)
	{DSA-1844-1}
	- linux-2.6 2.6.29-1 (low; bug #532722)
	[lenny] - linux-2.6 2.6.26-16
	- linux-2.6.24 <removed>
	NOTE: updated in lenny 5.0.2 release
CVE-2009-1913 (SQL injection vulnerability in manager.php in LuxBum 0.5.5, when ...)
	NOT-FOR-US: LuxBum
CVE-2009-1912 (Directory traversal vulnerability in src/func/language.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2009-1911 (Directory traversal vulnerability in .include/init.php (aka ...)
	NOT-FOR-US: QuiXplorer
CVE-2009-1910 (SQL injection vulnerability in index.php in RTWebalbum 1.0.462 allows ...)
	NOT-FOR-US: RTWebalbum
CVE-2009-1909 (SQL injection vulnerability in Skip 1.0.2 and earlier, and 1.1RC2 and ...)
	NOT-FOR-US: Skip
CVE-2009-1908 (Cross-site scripting (XSS) vulnerability in Skip 1.0.2 and earlier, ...)
	NOT-FOR-US: Skip
CVE-2009-1907 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2008-6824 (The management interface on the A-LINK WL54AP3 and WL54AP2 access ...)
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6823 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: A-LINK WL54AP3 and WL54AP2 access points
CVE-2008-6822 (Unrestricted file upload vulnerability in uploadp.php in New Earth ...)
	NOT-FOR-US: NEPT Image Uploader
CVE-2009-1906 (The DRDA Services component in IBM DB2 9.1 before FP7 and 9.5 before ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1905 (The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1904 (The BigDecimal library in Ruby 1.8.6 before p369 and 1.8.7 before p173 ...)
	{DSA-1860-1}
	- ruby1.8 1.8.7.173-1 (low; bug #532689)
	- ruby1.9 <removed> (bug #575778)
	NOTE: http://www.ruby-lang.org/en/news/2009/06/09/dos-vulnerability-in-bigdecimal/
CVE-2009-1903 (The PDF XSS protection feature in ModSecurity before 2.5.8 allows ...)
	- libapache-mod-security 2.5.9-1
CVE-2009-1902 (The multipart processor in ModSecurity before 2.5.9 allows remote ...)
	- libapache-mod-security 2.5.9-1
CVE-2009-1901 (The Security component in IBM WebSphere Application Server (WAS) 6.0.2 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1900 (The Configservice APIs in the Administrative Console component in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1899 (Unspecified vulnerability in the Administrative Configservice API in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-1898 (The secure login page in the Administrative Console component in IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6821 (Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before ...)
	NOT-FOR-US: IBM DB2
CVE-2008-6820 (The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-1960 (inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, ...)
	- dokuwiki 0.0.20090214b-1 (unimportant)
	NOTE: we don't support setups with register_globals enabled
CVE-2009-1897 (The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in ...)
	- linux-2.6 2.6.30-3 (high; bug #537409)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
	NOTE: http://seclists.org/fulldisclosure/2009/Jul/0241.html
CVE-2009-1896 (The Java Web Start framework in IcedTea in OpenJDK before ...)
	- openjdk-6 6b16-1.6-1 (bug #542210)
CVE-2009-1895 (The personality subsystem in the Linux kernel before 2.6.31-rc3 has a ...)
	{DSA-1845-1 DSA-1844-1}
	- linux-2.6 2.6.30-3 (low)
	[etch] - linux-2.6 <not-affected> (mmap_min_addr first indroduced in 2.6.23)
	- linux-2.6.24 <removed>
CVE-2009-1894 (Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local ...)
	{DSA-1838-1}
	- pulseaudio 0.9.15-4.1 (high; bug #537351)
	[etch] - pulseaudio <not-affected> (vulnerable code not present)
CVE-2009-1893 (The configtest function in the Red Hat dhcpd init script for DHCP ...)
	NOT-FOR-US: Red Hat dhcpd init script for DHCP
CVE-2009-1892 (dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and ...)
	{DSA-1833-2}
	- isc-dhcp 3.1.2p1-2 (low; bug #539492)
	- dhcp3 3.1.2p1-2 (low; bug #549584)
	[etch] - dhcp3 <not-affected> (problematic assert is not present)
	[lenny] - dhcp3 3.1.1-6+lenny2
CVE-2009-1891 (The mod_deflate module in Apache httpd 2.2.11 and earlier compresses ...)
	{DSA-1834-1}
	- apache2 2.2.11-7 (medium; bug #534712)
CVE-2009-1890 (The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy ...)
	{DSA-1834-1}
	- apache2 2.2.11-7 (medium; bug #536718)
	[etch] - apache2 <not-affected> (bug introduced in 2.2.5)
	[lenny] - apache2 2.2.9-10+lenny4
CVE-2009-1889 (The OSCAR protocol implementation in Pidgin before 2.5.8 misinterprets ...)
	- pidgin 2.5.8-1 (low; bug #535790)
	[lenny] - pidgin <no-dsa> (Minor issue)
	NOTE: http://developer.pidgin.im/ticket/9483
	NOTE: http://developer.pidgin.im/viewmtn/revision/info/9bac0a540156fb1848eedd61c8630737dee752c7
CVE-2009-1888 (The acl_group_override function in smbd/posix_acls.c in smbd in Samba ...)
	{DSA-1823-1}
	- samba 2:3.3.6-1 (low)
	[etch] - samba <not-affected> (Vulnerable code not present)
	NOTE: Successful exploitation requires that "dos filemode" is set to "yes" in smb.conf.
CVE-2009-1887 (agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise ...)
	- net-snmp <not-affected> (Vulnerable code not present)
	NOTE: Red Hat incorrect fix for CVE-2008-4309. Checked code in oldstable and stable.
CVE-2009-1886 (Multiple format string vulnerabilities in client/client.c in smbclient ...)
	{DSA-1823-1}
	- samba 2:3.3.6-1
	[etch] - samba <not-affected> (Vulnerable code not present)
	NOTE: Only the 3.2.x branch was affected, so marking 3.3 as affected
CVE-2009-1885 (Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in ...)
	- xerces-c 3.0.1-2 (low; bug #540297)
	[etch] - xerces-c <no-dsa> (Minor issue)
	[lenny] - xerces-c <no-dsa> (Minor issue)
	- xerces-c2 2.8.0+deb1-2 (low; bug #541986)
	[lenny] - xerces-c2 2.8.0-3+lenny1
	- xerces27 <removed>
	[etch] - xerces27 <no-dsa> (Minor issue)
CVE-2009-1884 (Off-by-one error in the bzinflate function in Bzip2.xs in the ...)
	- libcompress-raw-bzip2-perl 2.018-1 (medium; bug #542777)
	[lenny] - libcompress-raw-bzip2-perl 2.011-2lenny1
CVE-2009-1883 (The z90crypt_unlocked_ioctl function in the z90crypt driver in the ...)
	{DSA-1929-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (problem was fixed before first upload, 2.6.19)
	NOTE: See Solar Designer's posting to oss-security
CVE-2009-1882 (Integer overflow in the XMakeImage function in magick/xwindow.c in ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.5.1.0-1.1 (medium; bug #530838)
	- graphicsmagick 1.3.5-5.1 (medium; bug #530946)
CVE-2009-1881 (Cross-site scripting (XSS) vulnerability in MT312 IMG-BBS allows ...)
	NOT-FOR-US: MT312
CVE-2009-1880 (Cross-site scripting (XSS) vulnerability in MT312 REP-BBS allows ...)
	NOT-FOR-US: MT312
CVE-2009-XXXX [OCS Inventory NG SQL Injection Vulnerability]
	- ocsinventory-server 1.02.1-1 (unimportant; bug #531735)
	NOTE: README.Debian states Important: access to the reports server should be restricted
	NOTE: can be exploited only if magic_quotes is off
CVE-2009-3870
	REJECTED
CVE-2009-1879 (Cross-site scripting (XSS) vulnerability in index.template.html in the ...)
	NOT-FOR-US: Adobe Flex
CVE-2009-1878 (Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1877 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 8.0.1 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1876 (Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1875 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2009-1874 (Multiple cross-site scripting (XSS) vulnerabilities in the Management ...)
	NOT-FOR-US: Adobe JRun
CVE-2009-1873 (Directory traversal vulnerability in logging/logviewer.jsp in the ...)
	NOT-FOR-US: Adobe JRun
CVE-2009-1872 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe ...)
	NOT-FOR-US: Adobe ColdFusion Server
CVE-2009-1871
	REJECTED
CVE-2009-1870 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1869 (Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1868 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1867 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1866 (Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1865 (Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1864 (Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1863 (Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1862 (Unspecified vulnerability in Adobe Reader and Acrobat 9.x through ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-1861 (Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1860 (Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 ...)
	NOT-FOR-US: Adobe Shockwave Player
CVE-2009-1859 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1858 (The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1854 (Million Dollar Text Links 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2009-1853 (Multiple SQL injection vulnerabilities in index.php in Kensei Board ...)
	NOT-FOR-US: Kensei Board
CVE-2009-1852 (Multiple SQL injection vulnerabilities in Graphiks MyForum 1.3 allow ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2009-1851 (SQL injection vulnerability in include.php in phpBugTracker 1.0.4 and ...)
	NOT-FOR-US: phpBugTracker
CVE-2009-1850 (SQL injection vulnerability in index.php in phpBugTracker 1.0.3 allows ...)
	NOT-FOR-US: phpBugTracker
CVE-2009-1849 (Cross-site scripting (XSS) vulnerability in the Monitor_Bandwidth ...)
	NOT-FOR-US: PRTG Traffic Grapher
CVE-2009-1848 (SQL injection vulnerability in the JoomlaMe AgoraGroups (aka AG or ...)
	NOT-FOR-US: JoomlaMe
CVE-2009-1847 (Directory traversal vulnerability in index.php in Easy PX 41 CMS 9.0 ...)
	NOT-FOR-US: Easy PX 41 CMS
CVE-2009-1846 (Multiple directory traversal vulnerabilities in SiteX 0.7.4 Build 418 ...)
	NOT-FOR-US: SiteX
CVE-2009-1845 (Cross-site scripting (XSS) vulnerability in ajax/updatecheck.php in ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2009-1844 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
	{DSA-1808-1}
	- drupal5 5.17-1.1 (low; bug #529191)
	- drupal6 6.11-1.1 (low; bug #529190; bug #531386)
CVE-2009-1843 (Multiple SQL injection vulnerabilities in Flash Quiz Beta 2 allow ...)
	NOT-FOR-US: Flash Quiz
CVE-2009-1842 (SQL injection vulnerability in main/tracking/userLog.php in Francisco ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6819 (win32k.sys in Microsoft Windows Server 2003 and Vista allows local ...)
	NOT-FOR-US: Microsoft Windows Server 2003 and Vista
CVE-2008-6818 (Mole Group Real Estate Script 1.1 and earlier stores passwords in ...)
	NOT-FOR-US: Mole Group Real Estate Script
CVE-2008-6817 (Mole Group Lastminute Script 4.0 and earlier stores passwords in ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2004-2764 (Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2004-2763 (The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 ...)
	NOT-FOR-US: Sun ONE iPlanet Web Server
CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2009-1957 (charon/sa/ike_sa.c in the charon daemon in strongSWAN before 4.3.1 ...)
	{DSA-1899-1}
	- strongswan 4.2.14-1.1 (medium; bug #531612)
	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1958 (charon/sa/tasks/child_create.c in the charon daemon in strongSWAN ...)
	{DSA-1899-1}
	- strongswan 4.2.14-1.1 (medium; bug #531612)
	[etch] - strongswan <not-affected> (Vulnerable code not present, IKEv2 was introduced in 4.3)
CVE-2009-1841 (js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1840 (Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1839 (Mozilla Firefox 3 before 3.0.11 associates an incorrect principal with ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1838 (The garbage-collection implementation in Mozilla Firefox before ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1837 (Race condition in the NPObjWrapper_NewResolve function in ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <not-affected> (Doesn't affect Gecko 1.8)
CVE-2009-1836 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1835 (Mozilla Firefox before 3.0.11 and SeaMonkey before 1.1.17 associate ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1834 (Visual truncation vulnerability in netwerk/dns/src/nsIDNService.cpp in ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1833 (The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird ...)
	{DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1832 (Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1828 (Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1827 (The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1831 (The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2009-1830 (Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote ...)
	NOT-FOR-US: Soulseek
CVE-2009-1826 (modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require ...)
	NOT-FOR-US: myGesuad
CVE-2009-1825 (modules/admuser.php in myColex 1.4.2 does not require administrative ...)
	NOT-FOR-US: myColex
CVE-2009-1824 (The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus ...)
	NOT-FOR-US: ArcaBit ArcaVir
CVE-2009-1823 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
	NOT-FOR-US: 3rd party Printer, e-mail and PDF module for Drupal
CVE-2009-1822 (Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ...)
	NOT-FOR-US: Joomla!
CVE-2009-1821 (DMXReady Registration Manager 1.1 stores sensitive information under ...)
	NOT-FOR-US: DMXReady Registration Manager
CVE-2009-1820 (Cross-site scripting (XSS) vulnerability in product.php in 2daybiz ...)
	NOT-FOR-US: 2daybiz Custom T-shirt Design Script
CVE-2009-1819 (SQL injection vulnerability in product.php in 2daybiz Custom T-shirt ...)
	NOT-FOR-US: 2daybiz Custom T-shirt Design Script
CVE-2009-1818 (SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 ...)
	NOT-FOR-US: MaxCMS
CVE-2009-1817 (Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote ...)
	NOT-FOR-US: DigiMode Maya
CVE-2009-1816 (SQL injection vulnerability in admin.php in My Game Script 2.0 allows ...)
	NOT-FOR-US: My Game Script
CVE-2009-1815 (Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b ...)
	NOT-FOR-US: Sonic Spot Audioactive Player
CVE-2009-1814 (SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier ...)
	NOT-FOR-US: PHPenpals
CVE-2009-1813 (Multiple SQL injection vulnerabilities in admin/index.php in Submitter ...)
	NOT-FOR-US: Submitter Script
CVE-2009-1812 (Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) ...)
	NOT-FOR-US: myGesuad
CVE-2009-1811 (Multiple cross-site scripting (XSS) vulnerabilities in myGesuad 0.9.14 ...)
	NOT-FOR-US: myGesuad
CVE-2009-1810 (Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote ...)
	NOT-FOR-US: myColex
CVE-2009-1809 (Multiple cross-site scripting (XSS) vulnerabilities in myColex 1.4.2 ...)
	NOT-FOR-US: myColex
CVE-2009-1829 (Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 ...)
	{DSA-1942-1}
	- wireshark 1.0.8-1 (low; bug #533347)
	[lenny] - wireshark 1.0.2-3+lenny6
	[etch] - wireshark <no-dsa> (Minor issue)
CVE-2009-1808 (Microsoft Windows XP SP3 allows local users to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2009-1807 (Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 ...)
	NOT-FOR-US: Baofeng
CVE-2009-1806 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-1805 (Unspecified vulnerability in the VMware Descheduled Time Accounting ...)
	NOT-FOR-US: VMware (experimental feature anyway)
CVE-2009-1804 (Multiple SQL injection vulnerabilities in admin/index.php in ...)
	NOT-FOR-US: videoscript
CVE-2009-1803 (FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, ...)
	NOT-FOR-US: FreePBX
CVE-2009-1802 (Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX ...)
	NOT-FOR-US: FreePBX
CVE-2009-1801 (Multiple cross-site scripting (XSS) vulnerabilities in FreePBX 2.5.1, ...)
	NOT-FOR-US: FreePBX
CVE-2009-1800 (Stack-based buffer overflow in the Chinagames CGAgent ActiveX control ...)
	NOT-FOR-US: Chinagames
CVE-2009-1799 (Multiple SQL injection vulnerabilities in the getGalleryImage function ...)
	NOT-FOR-US: ST-Gallery
CVE-2008-6816 (Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows ...)
	NOT-FOR-US: Eaton
CVE-2008-6815 (mykdownload.php in MyKtools 2.4 does not require administrative ...)
	NOT-FOR-US: MyKtools
CVE-2008-6814 (Unrestricted file upload vulnerability in image_upload.php in the ...)
	NOT-FOR-US: SimpleBoard for Mambo
CVE-2009-1798 (Multiple cross-site scripting (XSS) vulnerabilities on the Network ...)
	NOT-FOR-US: APC
CVE-2009-1797 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: APC
CVE-2009-1796 (Cross-site scripting (XSS) vulnerability in Sun Java System Portal ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2009-1795
	RESERVED
CVE-2009-1794
	RESERVED
CVE-2009-1793
	RESERVED
CVE-2009-1792 (The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka ...)
	NOT-FOR-US: StoneTrip Ston3D StandalonePlayer
CVE-2009-1790 (Cross-site scripting (XSS) vulnerability in CGI RESCUE Trees before ...)
	NOT-FOR-US: CGI Rescue Trees
CVE-2009-1787 (Multiple SQL injection vulnerabilities in PHP Dir Submit (aka ...)
	NOT-FOR-US: PHP Dir Submit
CVE-2009-1786 (The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users ...)
	NOT-FOR-US: IBM AIX libc
CVE-2009-1785 (Cross-site scripting (XSS) vulnerability in Ulteo Open Virtual Desktop ...)
	NOT-FOR-US: Ulteo Open Virtual Desktop
CVE-2009-1784 (The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus ...)
	NOT-FOR-US: AVG anti-virus
CVE-2009-1783 (Multiple FRISK Software F-Prot anti-virus products, including ...)
	NOT-FOR-US: FRISK Software F-Prot anti-virus
CVE-2009-1782 (Multiple F-Secure anti-virus products, including Anti-Virus for ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2009-1781 (Static code injection vulnerability in admin.php in Frax.dk Php ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1780 (admin.php in Frax.dk Php Recommend 1.3 and earlier does not require ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1779 (PHP remote file inclusion vulnerability in admin.php in Frax.dk Php ...)
	NOT-FOR-US: Frax.dk Php Recommend
CVE-2009-1778 (SQL injection vulnerability in the new user registration feature in ...)
	NOT-FOR-US: BigACE CMS
CVE-2009-1777 (CRLF injection vulnerability in FormMail.pl in Matt Wright FormMail ...)
	NOT-FOR-US: Matt Wright FormMail
CVE-2009-1776 (Multiple cross-site scripting (XSS) vulnerabilities in FormMail.pl in ...)
	NOT-FOR-US: Matt Wright FormMail
CVE-2009-1775 (Multiple cross-site scripting (XSS) vulnerabilities in Ulteo Open ...)
	NOT-FOR-US: Ulteo Open Virtual Desktop
CVE-2009-1774 (Directory traversal vulnerability in plugins/ddb/foot.php in ...)
	NOT-FOR-US: Strawberry
CVE-2009-1773 (activeCollab 2.1 Corporate allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: activeCollab
CVE-2009-1772 (Cross-site scripting (XSS) vulnerability in activeCollab 2.1 Corporate ...)
	NOT-FOR-US: activeCollab
CVE-2009-1771 (index.php in Flyspeck CMS 6.8 does not require administrative ...)
	NOT-FOR-US: Flyspeck CMS
CVE-2009-1770 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Flyspeck CMS
CVE-2009-1769 (The web interface in Open Computer and Software Inventory Next ...)
	- ocsinventory-server 1.02.1-1 (unimportant; bug #529344)
	NOTE: README.Debian states Important: access to the reports server should be restricted
CVE-2009-1768 (Directory traversal vulnerability in download.php in Rama Zaiten CMS ...)
	NOT-FOR-US: Rama Zaiten CMS
CVE-2009-1767 (admin/edituser.php in 2daybiz Template Monster Clone does not require ...)
	NOT-FOR-US: 2daybiz Template Monster Clone
CVE-2009-1766 (SQL injection vulnerability in index.php in LightOpenCMS 0.1 allows ...)
	NOT-FOR-US: LightOpenCMS
CVE-2009-1765 (Multiple directory traversal vulnerabilities in pluck 4.6.2, when ...)
	NOT-FOR-US: pluck CMS
CVE-2009-1764 (SQL injection vulnerability in inc/ajax.asp in MaxCMS 2.0 allows ...)
	NOT-FOR-US: MaxCMS
CVE-2009-1763 (Unspecified vulnerability in the Solaris Secure Digital slot driver ...)
	NOT-FOR-US: Solaris
CVE-2009-1762 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-XXXX [radare-common insecure temp files handling]
	- radare 1.4-1 (low)
CVE-2009-1761 (The message engine in CA ARCserve Backup r12.0 and r12.0 SP1 for ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2009-1760 (Directory traversal vulnerability in src/torrent_info.cpp in Rasterbar ...)
	{DSA-1815-1}
	- libtorrent-rasterbar 0.14.4-1 (medium)
CVE-2009-1759 (Stack-based buffer overflow in the btFiles::BuildFromMI function ...)
	{DSA-1817-1}
	- ctorrent 1.3.4-dnh3.2-1.1 (medium; bug #530255)
CVE-2009-1758 (The hypervisor_callback function in Xen, possibly before 3.4.0, as ...)
	{DSA-1809-1}
	- linux-2.6 2.6.28-1 (low; bug #536148)
	- linux-2.6.24 <removed>
CVE-2009-1757 (Cross-site request forgery (CSRF) vulnerability in Transmission 1.5 ...)
	- transmission 1.61-1 (low)
	[lenny] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
	[etch] - transmission <not-affected> (Vulnerable code not present, the web interface was introduced in 1.30)
CVE-2009-1754 (The PackageManagerService class in ...)
	NOT-FOR-US: Android
CVE-2009-1752 (exJune Office Message System 1 does not properly restrict access to ...)
	NOT-FOR-US: exJune Office Message System
CVE-2009-1751 (SQL injection vulnerability in list_list.php in Realty Webware ...)
	NOT-FOR-US: Realty Web-Base
CVE-2009-1750 (Unrestricted file upload vulnerability in VidSharePro allows remote ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1749 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Catviz
CVE-2009-1748 (Multiple directory traversal vulnerabilities in index.php in Catviz ...)
	NOT-FOR-US: Catviz
CVE-2009-1747 (SQL injection vulnerability in index.php in 26th Avenue bSpeak 1.10 ...)
	NOT-FOR-US: bSpeak
CVE-2009-1746 (SQL injection vulnerability in berita.php in Dian Gemilang DGNews 3.0 ...)
	NOT-FOR-US: Dian Gemilang DGNews
CVE-2009-1745 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1744 (InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in ...)
	NOT-FOR-US: Pinnacle
CVE-2009-1743 (Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in ...)
	NOT-FOR-US: Pinnacle
CVE-2009-1742 (code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for ...)
	NOT-FOR-US: PC4Arb Pc4 Uploader
CVE-2009-1741 (Multiple SQL injection vulnerabilities in login.php in DM FileManager ...)
	NOT-FOR-US: DM FileManager
CVE-2009-1740 (Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ...)
	NOT-FOR-US: D-Link MPEG4 Viewer
CVE-2009-1739 (PAD Site Scripts 3.6 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: PAD Site Scripts
CVE-2009-1738 (Cross-site scripting (XSS) vulnerability in Feed Block 6.x-1.x before ...)
	NOT-FOR-US: Feed Block
CVE-2009-1737 (Directory traversal vulnerability in bom.php in MyPic 2.1 allows ...)
	NOT-FOR-US: MyPic
CVE-2009-1736 (SQL injection vulnerability in the GridSupport (GS) Ticket System ...)
	NOT-FOR-US: GridSupport component for Joomla
CVE-2009-1735 (Cross-site scripting (XSS) vulnerability in search.php in VidSharePro ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1734 (SQL injection vulnerability in listing_video.php in VidSharePro allows ...)
	NOT-FOR-US: VidSharePro
CVE-2009-1733 (Cross-site request forgery (CSRF) vulnerability in IPplan 4.91a allows ...)
	- ipplan 4.91a-1.1 (unimportant; bug #530271)
	NOTE: Only exploitable with admin rights
CVE-2009-1732 (Cross-site scripting (XSS) vulnerability in admin/usermanager in ...)
	{DSA-1827-1}
	- ipplan 4.91a-1.1 (low; bug #530271)
CVE-2009-1731 (SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows ...)
	NOT-FOR-US: MLFFAT
CVE-2009-1730 (Multiple directory traversal vulnerabilities in NetMechanica ...)
	NOT-FOR-US: NetDecision TFTP Server
CVE-2009-1729 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2009-1728 (Stack-based buffer overflow in Image RAW in Apple Mac OS X 10.5 before ...)
	NOT-FOR-US: Image RAW in Apple Mac OS X
CVE-2009-1727 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X 10.5 ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2009-1726 (Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: ColorSync in Apple Mac OS X
CVE-2009-1725 (WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.13-1 (medium; bug #538346)
	- qt4-x11 4:4.5.2-2 (medium; bug #538347)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	- kdelibs <not-affected> (medium; bug #538350)
	- kde4libs <not-affected> (medium; bug #538349)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=513813#c18
	NOTE: patch http://trac.webkit.org/changeset/44799/
	NOTE: PoC http://web.archive.org/web/20110813092643/https://cevans-app.appspot.com/static/webkitentityoffbyone.html
CVE-2009-1724 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- qt4-x11 <not-affected> (bug #538403)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- webkit 1.1.13-1 (low; bug #538402)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <unfixed> (unimportant)
	NOTE: http://www.thespanner.co.uk/2009/06/19/minor-safari-cross-domain-bug/
CVE-2009-1723 (CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL ...)
	NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-1722 (Heap-based buffer overflow in the compression implementation in ...)
	{DSA-1842-1}
	- openexr 1.6.1-1 (medium; bug #540424)
CVE-2009-1721 (The decompression implementation in the Imf::hufUncompress function in ...)
	{DSA-1842-1}
	- openexr 1.6.1-4.1 (medium; bug #540424)
CVE-2009-1720 (Multiple integer overflows in OpenEXR 1.2.2 and 1.6.1 allow ...)
	{DSA-1842-1}
	- openexr 1.6.1-4.1 (medium; bug #540424)
CVE-2009-1719 (The Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X ...)
	NOT-FOR-US: Aqua Look and Feel for Java implementation in Java 1.5 on Mac OS X
CVE-2009-1718 (WebKit in Apple Safari before 4.0 allows user-assisted remote ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <unfixed> (unimportant)
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/44010
CVE-2009-1717 (Integer overflow in Terminal in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1716 (CFNetwork in Apple Safari before 4.0 on Windows does not properly ...)
	NOT-FOR-US: CFNetwork in Apple
CVE-2009-1715 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/31890
CVE-2009-1714 (Cross-site scripting (XSS) vulnerability in Web Inspector in WebKit in ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.3-1 (low)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: http://trac.webkit.org/changeset/36359
CVE-2009-1713 (The XSLT functionality in WebKit in Apple Safari before 4.0 does not ...)
	{DSA-1988-1}
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	NOTE: http://trac.webkit.org/changeset/34533
CVE-2009-1712 (WebKit in Apple Safari before 4.0 does not prevent remote loading of ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	NOTE: http://trac.webkit.org/changeset/41568
CVE-2009-1711 (WebKit in Apple Safari before 4.0 does not properly initialize memory ...)
	{DSA-1988-1 DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	NOTE: http://trac.webkit.org/changeset/36918
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-1
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1710 (WebKit in Apple Safari before 4.0 allows remote attackers to spoof the ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/35157
CVE-2009-1709 (Use-after-free vulnerability in the garbage-collection implementation ...)
	{DSA-1866-1}
	- webkit 0~svn32442-1
	NOTE: fixed in upstream commit http://trac.webkit.org/changeset/32230
	- kdelibs <not-affected> (vulnerable code in kdegraphics)
	- kde4libs <not-affected> (Vulnerable code not present)
	- kdegraphics 4:4.0 (medium; bug #534951)
	NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series)
CVE-2009-1708 (Apple Safari before 4.0 does not prevent calls to the open-help-anchor ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1707 (Race condition in the Reset Safari implementation in Apple Safari ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1706 (The Private Browsing feature in Apple Safari before 4.0 on Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1705 (CoreGraphics in Apple Safari before 4.0 on Windows does not properly ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1704 (CFNetwork in Apple Safari before 4.0 misinterprets downloaded image ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1703 (WebKit in Apple Safari before 4.0 does not prevent references to file: ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (medium; bug #561760)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <not-affected> (HTML video support introduced in version 4.5)
	NOTE: http://trac.webkit.org/changeset/42533
CVE-2009-1702 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42216
CVE-2009-1701 (Use-after-free vulnerability in the JavaScript DOM implementation in ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained, only affects fringe apps)
	- kdelibs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: invasive patch to backport.
	NOTE: http://trac.webkit.org/changeset/40881
CVE-2009-1700 (The XSLT implementation in WebKit in Apple Safari before 4.0, iPhone ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <no-dsa> (Unmaintained in Lenny, only affects fringe apps)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/38065
CVE-2009-1699 (The XSL stylesheet implementation in WebKit in Apple Safari before ...)
	{DSA-1988-1}
	- webkit 1.0.1-4 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.5.2-2
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1698 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	NOTE: http://trac.webkit.org/changeset/42081
	- qt4-x11 4:4.5.2-1
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534949)
	- kde4libs 4:4.3.0-1 (medium)
CVE-2009-1697 (CRLF injection vulnerability in WebKit in Apple Safari before 4.0, ...)
	{DSA-1950-1}
	- webkit 1.1.15.2-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/41262
CVE-2009-1696 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/39510
	NOTE: http://trac.webkit.org/changeset/39553
CVE-2009-1695 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <not-affected> (Vulnerable code not present)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42223
CVE-2009-1694 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/35935
CVE-2009-1693 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (medium; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: http://trac.webkit.org/changeset/35928
CVE-2009-1692 (WebKit before r41741, as used in Apple iPhone OS 1.0 through 2.2.1, ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <unfixed> (unimportant)
	- kde4libs <unfixed> (unimportant)
	- qt4-x11 4:4.6.2-4 (unimportant)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: upstream (undisclosed) bug report is https://bugs.webkit.org/show_bug.cgi?id=23319
	NOTE: http://trac.webkit.org/changeset/41741
CVE-2009-1691 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	NOTE: http://trac.webkit.org/changeset/32791
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
CVE-2009-1690 (Use-after-free vulnerability in WebKit, as used in Apple Safari before ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	NOTE: http://trac.webkit.org/changeset/42532
	- kdelibs 4:3.5.10.dfsg.1-2.1 (medium; bug #534952)
	- kde4libs 4:4.3.0-1 (medium; bug #534949)
	NOTE: http://websvn.kde.org/?view=rev&revision=983316
	- qt4-x11 4:4.5.2-1 (medium; bug #534947)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1689 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
	NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1688 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.1.12-1 (low; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4.4.3-1
	NOTE: QT4 might be fixed earlier, but only Lenny version was checked
	NOTE: http://trac.webkit.org/changeset/32791
CVE-2009-1687 (The JavaScript garbage collector in WebKit in Apple Safari before 4.0, ...)
	{DSA-1988-1 DSA-1950-1 DSA-1868-1 DSA-1867-1}
	- webkit 1.1.5-1 (medium; bug #534946)
	- kdelibs 4:3.5.10.dfsg.1-2.1 (bug #534952)
	- kde4libs 4:4.3.0-1
	NOTE: http://trac.webkit.org/changeset/41854
	- qt4-x11 4:4.5.2-1 (medium; bug #534946)
	[etch] - qt4-x11 <not-affected> (QTWebkit was introduced in 4.4)
CVE-2009-1686 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
	- webkit 1.1.12-1 (medium; bug #535793)
	[lenny] - webkit <not-affected> (Vulnerable code not present)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/31431
CVE-2009-1685 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	- webkit 1.0.1-4 (bug #535793)
	- kdelibs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34574
CVE-2009-1684 (Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/42365
CVE-2009-1683 (The Telephony component in Apple iPhone OS 1.0 through 2.2.1 and ...)
	NOT-FOR-US: iPhone
CVE-2009-1682 (Apple Safari before 4.0 does not properly check for revoked Extended ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1681 (WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and ...)
	{DSA-1950-1}
	- webkit 1.1.12-1 (low; bug #535793)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
	- qt4-x11 4:4.6.2-4 (low)
	[lenny] - qt4-x11 <no-dsa> (qtwebkit not supported security-wise)
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/42333
CVE-2009-1680 (Safari in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod ...)
	NOT-FOR-US: Safari in Apple iPhone OS
CVE-2009-1679 (The Profiles component in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
	NOT-FOR-US: iPhone
CVE-2008-6813 (SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL ...)
	NOT-FOR-US: phpWebNews
CVE-2008-6812 (SQL injection vulnerability in bukutamu.php in phpWebNews 0.2 MySQL ...)
	NOT-FOR-US: phpWebNews
CVE-2009-1756 (SLiM Simple Login Manager 1.3.0 places the X authority magic cookie ...)
	- slim 1.3.1-2 (low; bug #529306)
	[lenny] - slim 1.3.0-1+lenny2
CVE-2009-1755 (Off-by-one error in the packet_read_query_section function in packet.c ...)
	{DSA-1803-1}
	- nsd3 3.2.2-1 (medium; bug #529418)
	- nsd 2.3.7-3 (medium; bug #529420)
	NOTE: VU#710316
CVE-2009-1753 (Coccinelle 0.1.7 allows local users to overwrite arbitrary files via a ...)
	- coccinelle 0.1.7.deb-3 (low)
CVE-2009-1678 (Directory traversal vulnerability in the saveFeed function in ...)
	NOT-FOR-US: Bitweaver
CVE-2009-1677 (Multiple static code injection vulnerabilities in the saveFeed ...)
	NOT-FOR-US: Bitweaver
CVE-2009-1676
	REJECTED
CVE-2009-1675 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1674 (Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows ...)
	NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1673 (The kernel in Sun Solaris 9 allows local users to cause a denial of ...)
	NOT-FOR-US: SunOS
CVE-2009-1672 (The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in ...)
	NOT-FOR-US: ActiveX
CVE-2009-1671 (Multiple buffer overflows in the Deployment Toolkit ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2009-1670 (user/index.php in TCPDB 3.8 does not require administrative ...)
	NOT-FOR-US: TCPDB
CVE-2009-1669 (The smarty_function_math function in libs/plugins/function.math.php in ...)
	{DSA-1919-1}
	- smarty 2.6.26-0.1 (low; bug #529810)
	[etch] - smarty <not-affected> (Vulnerable code not present)
	[lenny] - smarty <no-dsa> (Minor issue)
CVE-2009-1668 (TYPSoft FTP Server 1.11 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: TYPSoft
CVE-2009-1667 (Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows ...)
	NOT-FOR-US: CastRipper
CVE-2009-1666 (Multiple unspecified vulnerabilities in CycloMedia CycloScopeLite ...)
	NOT-FOR-US: CycloMedia CycloScopeLite
CVE-2009-1665 (myaccount.php in Easy Scripts Answer and Question Script allows remote ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1664 (myaccount.php in Easy Scripts Answer and Question Script does not ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1663 (Unrestricted file upload vulnerability in myaccount.php in Easy ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1662 (Multiple SQL injection vulnerabilities in admin/login.php in Wright ...)
	NOT-FOR-US: Wright Way Services Recipe Script
CVE-2009-1661 (SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when ...)
	NOT-FOR-US: uTopic
CVE-2009-1660 (Stack-based buffer overflow in URUWorks ViPlay3 3.0 and earlier allows ...)
	NOT-FOR-US: ViPlay3
CVE-2009-1659 (Unrestricted file upload vulnerability in admin/uploadimage.php in ...)
	NOT-FOR-US: eLitius
CVE-2009-1658 (Multiple SQL injection vulnerabilities in admin/admin.php in Realty ...)
	NOT-FOR-US: Web-Base
CVE-2009-1657 (Multiple SQL injection vulnerabilities in the Starrating plugin before ...)
	NOT-FOR-US: Starrating plugin for b2evolution
CVE-2009-1656 (Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and ...)
	NOT-FOR-US: Xerox
CVE-2009-1655 (Multiple SQL injection vulnerabilities in myaccount.php in Easy ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1654 (Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy ...)
	NOT-FOR-US: Easy Scripts Answer and Question Script
CVE-2009-1653 (Directory traversal vulnerability in ...)
	NOT-FOR-US: TinyButStrong
CVE-2009-1652 (admin/adminaddeditdetails.php in Business Community Script does not ...)
	NOT-FOR-US: Business Community Script
CVE-2009-1651 (SQL injection vulnerability in admin/member_details.php in 2daybiz ...)
	NOT-FOR-US: 2daybiz
CVE-2009-1650 (Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 ...)
	NOT-FOR-US: Shutter
CVE-2009-1649 (Directory traversal vulnerability in arch.php in beLive 0.2.3 allows ...)
	NOT-FOR-US: beLive
CVE-2009-1648 (The YaST2 LDAP module in yast2-ldap-server on SUSE Linux Enterprise ...)
	NOT-FOR-US: yast2-ldap-server on SUSE
CVE-2009-1647 (Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2009-1646 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
	NOT-FOR-US: Mini-stream RM Downloader
CVE-2009-1645 (Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 ...)
	NOT-FOR-US: Mini-stream Easy RM-MP Converter
CVE-2009-1644 (Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 ...)
	NOT-FOR-US: Streaming Audio Player
CVE-2009-1643 (Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows ...)
	NOT-FOR-US: Sorinara Soritong MP3 Player
CVE-2009-1642 (Multiple stack-based buffer overflows in Mini-stream ASX to MP3 ...)
	NOT-FOR-US: Mini-stream ASX to MP3 Converter
CVE-2009-1641 (Multiple stack-based buffer overflows in Mini-stream Ripper 3.0.1.1 ...)
	NOT-FOR-US: Mini-stream Ripper
CVE-2009-1640 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery ...)
	NOT-FOR-US: Nucleus Data Recovery Kernel Recovery
CVE-2009-1639 (Stack-based buffer overflow in Nucleus Data Recovery Kernel Recovery ...)
	NOT-FOR-US: Nucleus Data Recovery Kernel Recovery
CVE-2009-1638 (Techno Dreams Job Career Package 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Techno Dreams Job Career Package
CVE-2009-1637 (profile.php in Simple Customer 1.3 does not require administrative ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6811 (Unrestricted file upload vulnerability in image_processing.php in the ...)
	NOT-FOR-US: e-Commerce Plugin for Wordpress
CVE-2008-6810 (Multiple SQL injection vulnerabilities in admin/checklogin.php in ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6809 (SQL injection vulnerability in hotel_habitaciones.php in Venalsur ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2009-1788 (Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 ...)
	{DSA-1814-1 DTSA-202-1}
	- libsndfile 1.0.20-1 (low; bug #528650)
CVE-2009-1791 (Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 ...)
	{DSA-1814-1 DTSA-202-1}
	- libsndfile 1.0.20-1 (low; bug #528650)
CVE-2009-1636 (Multiple buffer overflows in the Internet Agent (aka GWIA) component ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1635 (Multiple cross-site scripting (XSS) vulnerabilities in the WebAccess ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1634 (The WebAccess component in Novell GroupWise 7.x before 7.03 HP3 and ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-1633 (Multiple buffer overflows in the cifs subsystem in the Linux kernel ...)
	{DSA-1865-1 DSA-1844-1 DSA-1809-1}
	- linux-2.6 2.6.30-1
	- linux-2.6.24 <removed>
CVE-2009-1632 (Multiple memory leaks in Ipsec-tools before 0.7.2 allow remote ...)
	{DSA-1804-1}
	- ipsec-tools 1:0.7.1-1.5 (medium; bug #528933)
CVE-2009-1631 (The Mailer component in Evolution 2.26.1 and earlier uses ...)
	- evolution 2.29.90-1 (unimportant; bug #526409)
	NOTE: Mostly a security enhancement, only for local users/mail and open homedirs
CVE-2009-1630 (The nfs_permission function in fs/nfs/dir.c in the NFS client ...)
	{DSA-1865-1 DSA-1844-1 DSA-1809-1}
	- linux-2.6 2.6.30-1
	- linux-2.6.24 <removed>
CVE-2009-1629 (ajaxterm.js in AjaxTerm 0.10 and earlier generates session IDs with ...)
	{DSA-1994-1}
	- ajaxterm 0.10-5 (medium; bug #528938)
CVE-2009-1789 (mod/server.mod/servmsg.c in Eggheads Eggdrop and Windrop 1.6.19 and ...)
	{DSA-1826-1}
	- eggdrop 1.6.19-1.2 (medium; bug #528778)
CVE-2009-XXXX [cron: Incomplete fix for CVE-2006-2607 (setgid() and initgroups() not checked]
	- cron 3.0pl1-106 (low; bug #528434)
	[lenny] - cron <no-dsa> (Minor issue)
	[etch] - cron <no-dsa> (Minor issue)
CVE-2009-1628 (Stack-based buffer overflow in mnet.exe in Unisys Business Information ...)
	NOT-FOR-US: Unisys Business Information Server
CVE-2009-1627 (Stack-based buffer overflow in Streaming Download Project (SDP) ...)
	NOT-FOR-US: Streaming Download Project (SDP)
CVE-2009-1626 (SQL injection vulnerability in public/specific.php in EZ-Blog before ...)
	NOT-FOR-US: EZ-Blog
CVE-2009-1625 (Directory traversal vulnerability in index.php in Thickbox Gallery 2 ...)
	NOT-FOR-US: Thickbox Gallery 2
CVE-2009-1624 (Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 ...)
	NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1623 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: Dew-NewPHPLinks 2.0
CVE-2009-1622 (SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote ...)
	NOT-FOR-US: EcShop 2.5.0
CVE-2009-1621 (Directory traversal vulnerability in index.php in OpenCart 1.1.8 ...)
	NOT-FOR-US: OpenCart
CVE-2009-1620 (Multiple cross-site scripting (XSS) vulnerabilities in input.php in ...)
	NOT-FOR-US: MataChat
CVE-2009-1619 (Teraway FileStream 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Teraway FileStream
CVE-2009-1618 (Teraway LiveHelp 2.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Teraway LiveHelp
CVE-2009-1617 (Teraway LinkTracker 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Teraway LinkTracker
CVE-2008-6808 (SQL injection vulnerability in links.php in Scripts for Sites (SFS) EZ ...)
	NOT-FOR-US: SFS Link Directory
CVE-2008-6807 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...)
	NOT-FOR-US: osprey
CVE-2008-6806 (Unrestricted file upload vulnerability in includes/imageupload.php in ...)
	NOT-FOR-US: 7Shop
CVE-2009-1616 (Cross-site scripting (XSS) vulnerability in docs/showdoc.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2009-1615 (Unrestricted file upload vulnerability in Leap CMS 0.1.4 allows remote ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1614 (Multiple cross-site scripting (XSS) vulnerabilities in Leap CMS 0.1.4 ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1613 (Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, ...)
	NOT-FOR-US: Leap CMS
CVE-2009-1612 (Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2009-1611 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1610 (admin/changepassword.php in Job Script Job Board Software 2.0 allows ...)
	NOT-FOR-US: Job Script Job Board Software
CVE-2009-1609 (Unrestricted file upload vulnerability in admin/uploadform.asp in ...)
	NOT-FOR-US: Battle Blog
CVE-2009-1608 (Multiple buffer overflows in Microchip MPLAB IDE 8.30 and possibly ...)
	NOT-FOR-US: Microchip MPLAB IDE
CVE-2009-1607 (Cross-site scripting (XSS) vulnerability in the administrator panel in ...)
	NOT-FOR-US: LinkBase
CVE-2009-1606 (Multiple stack-based and heap-based buffer overflows in Dafolo ...)
	NOT-FOR-US: Dafolo DafoloControl ActiveX
CVE-2009-1605 (Heap-based buffer overflow in the loadexponentialfunc function in ...)
	NOT-FOR-US: MuPDF
CVE-2009-1604 (Unspecified vulnerability in LimeSurvey before 1.82 allows remote ...)
	- limesurvey <itp> (bug #472802)
CVE-2009-1603 (src/tools/pkcs11-tool.c in pkcs11-tool in OpenSC 0.11.7, when used ...)
	- opensc 0.11.8 (high; bug #527640)
	[etch] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
	[lenny] - opensc <not-affected> (vulnerable code introduced in 0.11.7)
	NOTE: checked code, public exponent set correctly in etch/lenny versions (CK_BYTE publicExponent[] = { 3 };)
CVE-2009-1602 (Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote ...)
	NOT-FOR-US: Pablo Software
CVE-2009-1601 (The Ubuntu clamav-milter.init script in clamav-milter before ...)
	- clamav <not-affected> (Vulnerable code not present)
	NOTE: from what I see this code was never uploaded to the debian archive
CVE-2009-1600 (Apple Safari executes DOM calls in response to a javascript: URI in ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1599 (Opera executes DOM calls in response to a javascript: URI in the ...)
	NOT-FOR-US: Opera
CVE-2009-1598 (Google Chrome executes DOM calls in response to a javascript: URI in ...)
	- chromium-browser <unfixed> (unimportant)
	- webkit <not-affected> (chrome-specific issue)
	NOTE: it sounds like a "researcher misconception bug" (as seeming explained by Abobe) rather than a security issue
CVE-2009-1597 (Mozilla Firefox executes DOM calls in response to a javascript: URI in ...)
	- xulrunner <undetermined> (bug #565521)
	[wheezy] - xulrunner <end-of-life> (no detailed information available)
CVE-2009-1596 (Ignite Realtime Openfire before 3.6.5 does not properly implement the ...)
	NOT-FOR-US: Openfire
CVE-2009-1595 (The jabber:iq:auth implementation in IQAuthHandler.java in Ignite ...)
	NOT-FOR-US: Openfire
CVE-2008-6805 (Multiple SQL injection vulnerabilities in Mic_Blog 0.0.3, when ...)
	NOT-FOR-US: Mic_Blog
CVE-2008-6804 (** DISPUTED ** Tribiq CMS 5.0.9a beta allows remote attackers to ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-6803 (SQL injection vulnerability in diziler.asp in Yigit Aybuga Dizi ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2009-XXXX [More file buffer overflows]
	- file 5.03-1 (bug #525820)
	[etch] - file <not-affected> (CDF code not yet present in 4.x)
	[lenny] - file <not-affected> (CDF code not yet present in 4.x)
CVE-2009-1594 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1593 (Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x ...)
	NOT-FOR-US: Armorlogic Profense Web Application Firewall
CVE-2009-1592 (Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows ...)
	NOT-FOR-US: ElectraSoft 32bit FTP
CVE-2009-1591 (CRLF injection vulnerability in CGI RESCUE Web Mailer before 1.04 ...)
	NOT-FOR-US: CGI RESCUE Web Mailer
CVE-2009-1590 (Unspecified vulnerability in CGI RESCUE FORM2MAIL before 1.42 allows ...)
	NOT-FOR-US: CGI RESCUE FORM2MAIL
CVE-2009-1589 (Unspecified vulnerability in CGI RESCUE MiniBBS22 before 1.01 allows ...)
	NOT-FOR-US: CGI RESCUE MiniBBS
CVE-2009-1588 (Cross-site scripting (XSS) vulnerability in CGI RESCUE MiniBBS 8t ...)
	NOT-FOR-US: CGI RESCUE MiniBBS
CVE-2009-XXXX [hex-a-hop: buffer overflow in loading save games]
	- hex-a-hop <unfixed> (unimportant; bug #528250)
	NOTE: That's a simple bug, it's silly to treat this as a security issue
CVE-2009-1587 (index.php in PHP Site Lock 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PHP Site Lock
CVE-2009-1586 (Stack-based buffer overflow in the NZB importer feature in GrabIt ...)
	NOT-FOR-US: GrabIt
CVE-2009-1585 (Multiple SQL injection vulnerabilities in TemaTres 1.031, when ...)
	NOT-FOR-US: TemaTres
CVE-2009-1584 (Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, ...)
	NOT-FOR-US: TemaTres
CVE-2009-1583 (Multiple cross-site scripting (XSS) vulnerabilities in TemaTres 1.0.3 ...)
	NOT-FOR-US: TemaTres
CVE-2009-1582 (Million Dollar Text Links 1.0 does not properly restrict administrator ...)
	NOT-FOR-US: Million Dollar Text Links
CVE-2008-6802 (Multiple SQL injection vulnerabilities in index.php in phPhotoGallery ...)
	NOT-FOR-US: phPhotoGallery
CVE-2008-6801 (Cross-site request forgery (CSRF) vulnerability in Vivvo CMS before ...)
	NOT-FOR-US: Vivvo CMS
CVE-2008-6800
	REJECTED
CVE-2008-6799 (connection.php in FlashChat 5.0.8 allows remote attackers to bypass ...)
	NOT-FOR-US: FlashChat
CVE-2008-6798 (Multiple SQL injection vulnerabilities in login.php in Pre Projects ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6797 (The server in Mitel NuPoint Messenger R11 and R3 sends usernames and ...)
	NOT-FOR-US: Mitel NuPoint Messenger
CVE-2008-6796 (SQL injection vulnerability in manager/login.php in Pre Projects Pre ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-6795 (SQL injection vulnerability in view_news.php in nicLOR ...)
	NOT-FOR-US: nicLOR Vibro-School-CMS
CVE-2008-6794 (SQL injection vulnerability in directory.php in Scripts For Sites ...)
	NOT-FOR-US: Scripts For Sites (SFS)
CVE-2008-6793 (The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, ...)
	NOT-FOR-US: DFLabs
CVE-2008-6792 (system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used ...)
	- system-tools-backends 2.6.0-6.1 (low; bug #527952)
	[lenny] - system-tools-backends 2.6.0-2lenny3
	[etch] - system-tools-backends <not-affected> (SHA was added to crypt(3) post-etch)
CVE-2009-1581 (functions/mime.php in SquirrelMail before 1.4.18 does not protect the ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13667
CVE-2009-1580 (Session fixation vulnerability in SquirrelMail before 1.4.18 allows ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13676
CVE-2009-1579 (The map_yp_alias function in functions/imap_general.php in ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (medium; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13674
	NOTE: doesn't affect every setup
CVE-2009-1578 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-1802-1}
	- squirrelmail 2:1.4.18-1 (low; bug #528528)
	NOTE: http://squirrelmail.svn.sourceforge.net/viewvc/squirrelmail?view=rev&revision=13670
CVE-2009-1577 (Multiple stack-based buffer overflows in the putstring function in ...)
	- cscope 15.6-1
CVE-2009-1576 (Unspecified vulnerability in Drupal 5.x before 5.17 and 6.x before ...)
	{DSA-1792-1}
	- drupal6 6.11-1 (bug #526378)
	- drupal5 5.17-1
CVE-2009-1575 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.17 and ...)
	{DSA-1792-1}
	- drupal6 6.11-1 (bug #526378)
	- drupal5 5.17-1
CVE-2009-1574 (racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote ...)
	{DSA-1804-1}
	- ipsec-tools 1:0.7.1-1.4 (medium; bug #527634)
CVE-2009-1571 (Use-after-free vulnerability in the HTML parser in Mozilla Firefox ...)
	{DSA-1999-1}
	- xulrunner 1.9.1.8-1
	[etch] - xulrunner <end-of-life>
	- iceape 2.0.3-1
	[lenny] - iceape <not-affected> (Lenny package only provide xpcom stubs)
	- icedove 3.0.2-1
CVE-2009-1570 (Integer overflow in the ReadImage function in ...)
	- gimp 2.6.7-1.1 (medium; bug #555929)
CVE-2009-1569 (Multiple stack-based buffer overflows in Novell iPrint Client 4.38, ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-1568 (Stack-based buffer overflow in ienipp.ocx in Novell iPrint Client ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2009-1567 (Multiple stack-based buffer overflows in the Lateral Arts Photobox ...)
	NOT-FOR-US: ActiveX
CVE-2009-1566 (Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio ...)
	NOT-FOR-US: Roxio Easy Media Creator
CVE-2009-1565 (vmnc.dll in the VMnc media codec in VMware Movie Decoder before 6.5.4 ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-1564 (Heap-based buffer overflow in vmnc.dll in the VMnc media codec in ...)
	NOT-FOR-US: VMwar
CVE-2009-1563
	REJECTED
CVE-2009-1562
	RESERVED
CVE-2009-1561 (Cross-site request forgery (CSRF) vulnerability in administration.cgi ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1560 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1559 (Absolute path traversal vulnerability in adm/file.cgi on the Cisco ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1558 (Directory traversal vulnerability in adm/file.cgi on the Cisco Linksys ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1557 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1556 (img/main.cgi on the Cisco Linksys WVC54GCA wireless video camera with ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1555 (The Cisco Linksys WVC54GCA wireless video camera with firmware 1.00R22 ...)
	NOT-FOR-US: Cisco Linksys
CVE-2009-1554 (Cross-site scripting (XSS) vulnerability in ThemeServlet.java in Sun ...)
	NOT-FOR-US: Sun Woodstock
CVE-2009-1553 (Multiple cross-site scripting (XSS) vulnerabilities in the Admin ...)
	NOT-FOR-US: Sun GlassFish Enterprise Server
CVE-2009-1552 (Unspecified vulnerability in the IGMP driver in SCO Unixware Release ...)
	NOT-FOR-US: SCO UnixWare
CVE-2009-1551 (Multiple PHP remote file inclusion vulnerabilities in Qt quickteam 2 ...)
	NOT-FOR-US: Qt quickteam
CVE-2009-1550 (Zakkis Technology ABC Advertise 1.0 does not properly restrict access ...)
	NOT-FOR-US: Zakkis Technology ABC Advertise
CVE-2009-1549 (AGTC MyShop 3.2b allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: AGTC MyShop
CVE-2009-1548 (SQL injection vulnerability in index.php in BluSky CMS allows remote ...)
	NOT-FOR-US: BluSky CMS
CVE-2009-XXXX [prelude-manager: password world-readable]
	- prelude-manager <not-affected> (The postinst sets correct permissions, see bug #527344)
	NOTE: FEDORA-2009-3931 http://lwn.net/Articles/331612
CVE-2009-XXXX [bash-completion: does not properly quote characters]
	- bash-completion 200811xx~bzr1223 (bug #259987)
	NOTE: adding this reference to track the fact that this has already been addressed by debian security
	NOTE: fixed over a year ago in debian; but fedora finally got around to addressing the issue recently
	NOTE: FEDORA-2009-3639 http://lwn.net/Articles/331605
CVE-2009-1547 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1546 (Integer overflow in Avifil32.dll in the Windows Media file handling ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1545 (Unspecified vulnerability in Avifil32.dll in the Windows Media file ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1544 (Double free vulnerability in the Workstation service in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1543
	REJECTED
CVE-2009-1542 (The Virtual Machine Monitor (VMM) in Microsoft Virtual PC 2004 SP1, ...)
	NOT-FOR-US: Microsoft
CVE-2009-1541
	REJECTED
CVE-2009-1540
	REJECTED
CVE-2009-1539 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1538 (The QuickTime Movie Parser Filter in quartz.dll in DirectShow in ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1537 (Unspecified vulnerability in the QuickTime Movie Parser Filter in ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2009-1536 (ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-1535 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...)
	NOT-FOR-US: IIS
CVE-2009-1534 (Buffer overflow in the Office Web Components ActiveX Control in ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2009-1533 (Buffer overflow in the Works for Windows document converters in ...)
	NOT-FOR-US: Microsoft
CVE-2009-1532 (Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1531 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1530 (Use-after-free vulnerability in Microsoft Internet Explorer 7 for ...)
	NOT-FOR-US: Microsoft
CVE-2009-1529 (Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1528 (Microsoft Internet Explorer 6 and 7 for Windows XP SP2 and SP3; 6 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-1527 (Race condition in the ptrace_attach function in kernel/ptrace.c in the ...)
	- linux-2.6 2.6.29-5 (high)
	[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
CVE-2009-1526 (JBMC Software DirectAdmin before 1.334 allows local users to create or ...)
	NOT-FOR-US: Directadmin
CVE-2009-1525 (CMD_DB in JBMC Software DirectAdmin before 1.334 allows remote ...)
	NOT-FOR-US: Directadmin
CVE-2009-1524 (Cross-site scripting (XSS) vulnerability in Mort Bay Jetty before ...)
	- jetty 6.1.19-1 (low; bug #527571)
CVE-2009-1523 (Directory traversal vulnerability in the HTTP server in Mort Bay Jetty ...)
	- jetty 6.1.19-1 (low; bug #528389)
CVE-2009-1522 (The IBM Tivoli Storage Manager (TSM) client 5.5.0.0 through 5.5.1.17 ...)
	NOT-FOR-US: Tivoli
CVE-2009-1521 (Unspecified vulnerability in the Java GUI in the IBM Tivoli Storage ...)
	NOT-FOR-US: Tivoli
CVE-2009-1520 (Buffer overflow in the Web GUI in the IBM Tivoli Storage Manager (TSM) ...)
	NOT-FOR-US: Tivoli
CVE-2009-XXXX [moin: XSS in AttachFile.py via attachements]
	- moin 1.8.3-1 (low; bug #526594)
	[lenny] - moin 1.7.1-3+lenny2
	[etch] - moin <not-affected> (Vulnerable code not present)
	NOTE: http://hg.moinmo.in/moin/1.8/rev/269a1fbc3ed7
	NOTE: CVE id requested
CVE-2009-1513 (Buffer overflow in the PATinst function in src/load_pat.cpp in ...)
	{DSA-1850-1}
	- libmodplug 1:0.8.7-1 (medium; bug #526084)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present; bug #527077)
	[etch] - libmodplug <not-affected> (Vulnerable code not present)
	NOTE: gst-plugins-bad0.10 in testing and unstable builds against an external libmodplug.
CVE-2009-1519 (Directory traversal vulnerability in index.php in Pecio CMS 1.1.5 ...)
	NOT-FOR-US: Pecio CMS
CVE-2009-1518 (Cross-site request forgery (CSRF) vulnerability in Beltane before ...)
	NOT-FOR-US: Beltane
CVE-2009-1517 (Multiple insecure method vulnerabilities in the Symantec.EasySetup.1 ...)
	NOT-FOR-US: ActiveX
CVE-2009-1516 (Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2009-1514 (Google Chrome 1.0.154.53 allows remote attackers to cause a denial of ...)
	- chromium-browser 5.0.375.38~r46659-1 (low)
	NOTE: proof of concept maximum impact against webkit is dos-only
CVE-2008-6791 (PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: PumpKIN TFTP Server
CVE-2008-6790 (The admin module in MindDezign Photo Gallery 2.2 allows remote ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6789 (SQL injection vulnerability in MindDezign Photo Gallery 2.2 allows ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2008-6788 (SQL injection vulnerability in MindDezign Photo Gallery 2.2, when ...)
	NOT-FOR-US: MindDezign Photo Gallery
CVE-2009-1573 (xvfb-run 1.6.1 in Debian GNU/Linux, Ubuntu, Fedora 10, and possibly ...)
	- xorg-server 2:1.6.1.901-3 (low; bug #526678)
	[etch] - xorg-server <no-dsa> (minor issue)
	[lenny] - xorg-server <no-dsa> (minor issue)
CVE-2009-1515 (Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c ...)
	- file 5.02-1
	[lenny] - file <not-affected> (Vulnerable code not present)
	[etch] - file <not-affected> (Vulnerable code not present)
	NOTE: code introduced in 5.xx series
CVE-2009-1512 (Static code injection vulnerability in X-Forum 0.6.2 allows remote ...)
	NOT-FOR-US: X-Forum
CVE-2009-1511 (GDI+ in Microsoft Windows XP SP3 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1510 (Multiple directory traversal vulnerabilities in KoschtIT Image Gallery ...)
	NOT-FOR-US: KoschtIT Image Gallery
CVE-2009-1509 (SQL injection vulnerability in ajaxp_backend.php in MyioSoft ...)
	NOT-FOR-US: MyioSoft AjaxPortal
CVE-2009-1508 (SQL injection vulnerability in the xforum_validateUser function in ...)
	NOT-FOR-US: X-Forum
CVE-2009-1507 (The Node Access User Reference module 5.x before 5.x-2.0-beta4 and 6.x ...)
	NOT-FOR-US: Node Access User Reference module for Drupal
CVE-2009-1506 (SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows ...)
	NOT-FOR-US: eLitius
CVE-2009-1505 (SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 ...)
	NOT-FOR-US: News Page module for Drupal
CVE-2009-1504 (Absolute Form Processor XE 1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: Absolute Form Processor XE
CVE-2009-1503 (Multiple SQL injection vulnerabilities in login.php in Tiger Document ...)
	NOT-FOR-US: Tiger Document Management System
CVE-2009-1502 (Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable ...)
	NOT-FOR-US: S-Cms
CVE-2009-1501 (Cross-site scripting (XSS) vulnerability in the Exif module 5.x-1.x ...)
	NOT-FOR-US: EXIF module for Drupal
CVE-2009-1500 (SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows ...)
	NOT-FOR-US: ProjectCMS
CVE-2009-1499 (SQL injection vulnerability in the MailTo (aka com_mailto) component ...)
	NOT-FOR-US: com_mailto component for Joomla!
CVE-2009-1498 (Directory traversal vulnerability in inc/profilemain.php in Game Maker ...)
	NOT-FOR-US: Game Maker 2k Internet Discussion Boards
CVE-2009-1497 (Stack-based buffer overflow in srt2smi.exe in Gretech Online Movie ...)
	NOT-FOR-US: GOM Player
CVE-2009-1496 (Directory traversal vulnerability in the Cmi Marketplace ...)
	NOT-FOR-US: com_cmimarketplace component for Joomla!
CVE-2009-1495 (Web File Explorer 3.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Web File Explorer
CVE-2008-6787 (SQL injection vulnerability in administrator/index.php in Lizardware ...)
	NOT-FOR-US: Lizardware CMS
CVE-2008-6786 (Multiple directory traversal vulnerabilities in geekigeeki.py in ...)
	NOT-FOR-US: GeekiGeeki
CVE-2008-6785 (Unrestricted file upload vulnerability in Mini File Host 1.5 allows ...)
	NOT-FOR-US: Mini File Host
CVE-2008-6784 (SQL injection vulnerability in directory.php in Scripts For Sites ...)
	NOT-FOR-US: EZ Adult Directory
CVE-2008-6783 (SQL injection vulnerability in directory.php in Sites for Scripts ...)
	NOT-FOR-US: EZ Home Business Directory
CVE-2008-6782 (SQL injection vulnerability in directory.php in Sites for Scripts ...)
	NOT-FOR-US: EZ Hosting Directory
CVE-2008-6781 (SQL injection vulnerability in directory.php in Sites for Scripts ...)
	NOT-FOR-US: Gaming Directory
CVE-2008-6780 (SQL injection vulnerability in directory.php in Scripts for Sites ...)
	NOT-FOR-US: EZ Affiliate
CVE-2008-6779 (SQL injection vulnerability in the Sarkilar module for PHP-Nuke allows ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6778 (SQL injection vulnerability in viewfaqs.php in Scripts for Sites (SFS) ...)
	NOT-FOR-US: EZ Auction
CVE-2008-6777 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-6776 (SQL injection vulnerability in viewcomments.php in Scripts For Sites ...)
	NOT-FOR-US: EZ Hot or Not
CVE-2008-6775 (HTC Touch Pro and HTC Touch Cruise vCard allows remote attackers to ...)
	NOT-FOR-US: HTC Touch
CVE-2009-1494 (The process_stat function in Memcached 1.2.8 discloses ...)
	- memcached 1.2.8-1 (low; bug #526554)
	[lenny] - memcached <not-affected> (Affected compile-time options not set)
	[etch] - memcached <not-affected> (Affected compile-time options not set)
CVE-2009-1493 (The customDictionaryOpen spell method in the JavaScript API in Adobe ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1492 (The getAnnots Doc method in the JavaScript API in Adobe Reader and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-1491 (McAfee GroupShield for Microsoft Exchange on Exchange Server 2000, and ...)
	NOT-FOR-US: McAfee GroupShield for Microsoft Exchange
CVE-2009-1490 (Heap-based buffer overflow in Sendmail before 8.13.2 allows remote ...)
	- sendmail 8.13.2-0
CVE-2009-XXXX [samba: Account locking out doesnt work with an LDAP backend]
	- samba 2:3.2.6 (bug #514151)
	[lenny] - samba 2:3.2.5-4lenny1
	[etch] - samba <not-affected> (Bug not yet present in Etch's version)
CVE-2009-1572 (The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote ...)
	{DSA-1788-1}
	- quagga 0.99.11-2 (high; bug #526270)
	[lenny] - quagga 0.99.10-1lenny2
	[etch] - quagga <not-affected> (no AS4 code)
CVE-2009-1489 (includes/user.php in Fungamez RC1 allows remote attackers to bypass ...)
	NOT-FOR-US: Fungamez
CVE-2009-1488 (Directory traversal vulnerability in admin/load.php in FunGamez RC1 ...)
	NOT-FOR-US: Fungamez
CVE-2009-1487 (SQL injection vulnerability in pages/login.php in FunGamez RC1 allows ...)
	NOT-FOR-US: Fungamez
CVE-2009-1486 (Directory traversal vulnerability in pmscript.php in Flatchat 3.0 ...)
	NOT-FOR-US: Flatchat
CVE-2009-1485 (The logging feature in eMule Plus before 1.2e allows remote attackers ...)
	NOT-FOR-US: eMule Plus
CVE-2009-1484 (Cross-site scripting (XSS) vulnerability in the web mail interface ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2009-1483 (Unrestricted file upload vulnerability in upload-file.php in Adam ...)
	NOT-FOR-US: Adam Patterson Studio Lounge Address Book
CVE-2009-1482 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1791-1}
	- moin 1.8.3-1 (low; bug #526594)
	[etch] - moin <not-affected> (Not exploitable)
	NOTE: http://hg.moinmo.in/moin/1.8/rev/5f51246a4df1
CVE-2009-1481 (SQL injection vulnerability in action.asp in PuterJam's Blog (PJBlog3) ...)
	NOT-FOR-US: PuterJam's Blog
CVE-2009-1480 (SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows ...)
	NOT-FOR-US: Pragyan CMS
CVE-2009-1479 (Directory traversal vulnerability in client/desktop/default.htm in ...)
	NOT-FOR-US: Boxalino
CVE-2009-1478 (Multiple unspecified vulnerabilities in the DTrace ioctl handlers in ...)
	NOT-FOR-US: Solaris
CVE-2008-6774 (internettoolbar/edit.php in YourPlace 1.0.2 and earlier does not end ...)
	NOT-FOR-US: YourPlace
CVE-2008-6773 (Static code injection vulnerability in user/internettoolbar/edit.php ...)
	NOT-FOR-US: YourPlace
CVE-2008-6772 (login/register_form.php in YourPlace 1.0.2 and earlier does not check ...)
	NOT-FOR-US: YourPlace
CVE-2008-6771 (YourPlace 1.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: YourPlace
CVE-2008-6770 (YourPlace 1.0.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: YourPlace
CVE-2008-6769 (Unrestricted file upload vulnerability in upload.php in YourPlace ...)
	NOT-FOR-US: YourPlace
CVE-2008-6768 (Unrestricted file upload vulnerability in admin/editor/images.php in ...)
	NOT-FOR-US: K&S Shopsoftware
CVE-2009-1477 (The https web interfaces on the ATEN KH1516i IP KVM switch with ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1476 (Buffer overflow in lib/load_http.c in ippool in Darren Reed IPFilter ...)
	NOT-FOR-US: IPFilter
CVE-2009-1475
	RESERVED
CVE-2009-1474 (The ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1473 (The (1) Windows and (2) Java client programs for the ATEN KH1516i IP ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1472 (The Java client program for the ATEN KH1516i IP KVM switch with ...)
	NOT-FOR-US: ATEN IP KVM Switch
CVE-2009-1471
	RESERVED
CVE-2009-1470
	RESERVED
CVE-2009-1469 (CRLF injection vulnerability in the Forgot Password implementation in ...)
	NOT-FOR-US: IceWarp
CVE-2009-1468 (Multiple SQL injection vulnerabilities in the search form in ...)
	NOT-FOR-US: IceWarp
CVE-2009-1467 (Multiple cross-site scripting (XSS) vulnerabilities in IceWarp eMail ...)
	NOT-FOR-US: IceWarp
CVE-2009-1466 (Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1465 (Application Access Server (A-A-S) 2.0.48 has &quot;wildbat&quot; as its default ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1464 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2009-1463 (Static code injection vulnerability in razorCMS before 0.4 allows ...)
	NOT-FOR-US: razorCMS
CVE-2009-1462 (The Security Manager in razorCMS before 0.4 does not verify the ...)
	NOT-FOR-US: razorCMS
CVE-2009-1461 (Cross-site scripting (XSS) vulnerability in the Create New Page form ...)
	NOT-FOR-US: razorCMS
CVE-2009-1460 (razorCMS before 0.4 uses weak permissions for (1) ...)
	NOT-FOR-US: razorCMS
CVE-2009-1459 (Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 ...)
	NOT-FOR-US: razorCMS
CVE-2009-1458 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: razorCMS
CVE-2009-1457 (Cross-site scripting (XSS) vulnerability in player.php in Nuke ...)
	NOT-FOR-US: Nuke Evolution Xtreme
CVE-2009-1456 (Directory traversal vulnerability in admin.php in Malleo 1.2.3 allows ...)
	NOT-FOR-US: Malleo
CVE-2009-1455 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: WebCollab
CVE-2009-1454 (Cross-site scripting (XSS) vulnerability in tasks.php in WebCollab ...)
	NOT-FOR-US: WebCollab
CVE-2009-1453 (SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 ...)
	NOT-FOR-US: Tiny Blogr
CVE-2009-1452 (Multiple PHP remote file inclusion vulnerabilities in theme/format.php ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1451 (Cross-site scripting (XSS) vulnerability in startpage.php in SMA-DB ...)
	NOT-FOR-US: SMA-DB
CVE-2009-1450 (PHP remote file inclusion vulnerability in format.php in SMA-DB 0.3.12 ...)
	NOT-FOR-US: SMA-DB
CVE-2008-6767 (wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6766 (cart_save.php in ViArt Shop (aka Shopping Cart) 3.5 allows remote ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6765 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to access ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6764 (Cross-site scripting (XSS) vulnerability in login.php in Silentum ...)
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6763 (login2.php in Silentum LoginSys 1.0.0 allows remote attackers to ...)
	NOT-FOR-US: Silentum LoginSys
CVE-2008-6762 (Open redirect vulnerability in wp-admin/upgrade.php in WordPress, ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.8.3-1 (low; bug #531736)
	NOTE: low impact, probably no-dsa
CVE-2008-6761 (Static code injection vulnerability in admin/install.php in ...)
	NOT-FOR-US: Flexcustomer
CVE-2008-6760 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6759 (ViArt Shop (aka Shopping Cart) 3.5 allows remote attackers to obtain ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6758 (Cross-site request forgery (CSRF) vulnerability in cart_save.php in ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2008-6757 (Cross-site scripting (XSS) vulnerability in manuals_search.php in ...)
	NOT-FOR-US: ViArt Shop (aka Shopping Cart)
CVE-2009-1449 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
	NOT-FOR-US: CoolPlayer
CVE-2009-1448 (Cross-site scripting (XSS) vulnerability in apricot.php in LovPop.net ...)
	NOT-FOR-US: LovPop.net
CVE-2009-1447 (Unrestricted file upload vulnerability in admin/editor/image.php in ...)
	NOT-FOR-US: e-cart.biz Free Shopping Car
CVE-2009-1446 (Unrestricted file upload vulnerability in upload.php in Elkagroup ...)
	NOT-FOR-US: Elkagroup Image Gallery
CVE-2009-1445 (Multiple directory traversal vulnerabilities in WebPortal CMS 0.8-beta ...)
	NOT-FOR-US: WebPortal CMS
CVE-2009-1444 (PHP remote file inclusion vulnerability in indexk.php in WebPortal CMS ...)
	NOT-FOR-US: WebPortal CMS
CVE-2009-1443 (Multiple unspecified vulnerabilities in the Server component in OCS ...)
	- ocsinventory-server 1.02-1 (unimportant)
	NOTE: Only supported in trusted environments, see debtags
CVE-2009-1442 (Multiple integer overflows in Skia, as used in Google Chrome 1.x ...)
	NOT-FOR-US: skia
CVE-2009-1441 (Heap-based buffer overflow in the ParamTraits&lt;SkBitmap&gt;::Read function ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-1439 (Buffer overflow in fs/cifs/connect.c in CIFS in the Linux kernel ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-2 (bug #523365)
	- linux-2.6.24 <removed>
CVE-2009-1438 (Integer overflow in the CSoundFile::ReadMed function ...)
	{DSA-1851-1 DSA-1850-1}
	- libmodplug 1:0.8.7-1 (low; bug #526657; bug #527076)
	- gst-plugins-bad0.10 0.10.10.2-1 (bug #527075)
	NOTE: gstreamer in unstable dynamically linked to external libmodplug
CVE-2009-1437 (Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka ...)
	NOT-FOR-US: CoolPlayer
CVE-2009-1436 (The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and ...)
	- kfreebsd-7 <not-affected> (Debian/kfreebsd uses glibc)
CVE-2009-1435 (NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2009-1434 (Cross-site request forgery (CSRF) vulnerability in Foswiki before ...)
	- foswiki <itp> (bug #509864)
CVE-2008-6756 (ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for ...)
	- zoneminder 1.22.3-5
CVE-2008-6755 (ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to ...)
	- zoneminder 1.24.1-1 (unimportant; bug #528252)
	NOTE: we are also affected but this is not a security issue by itself even if it's ugly
CVE-2008-6754 (The Personal Sticky Threads addon 1.0.3c for vBulletin allows remote ...)
	NOT-FOR-US: vBullerin addon
CVE-2008-6753 (SQL injection vulnerability in SilverStripe before 2.2.2 allows remote ...)
	NOT-FOR-US: SilverStripe
CVE-2009-1433 (SQL injection vulnerability in File::find (filesystem/File.php) in ...)
	NOT-FOR-US: SilverStripe
CVE-2009-1432 (Symantec Reporting Server, as used in Symantec AntiVirus (SAV) ...)
	NOT-FOR-US: Symantec
CVE-2009-1431 (XFR.EXE in the Intel File Transfer service in the console in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2009-1430 (Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert ...)
	NOT-FOR-US: Symantec
CVE-2009-1429 (The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management ...)
	NOT-FOR-US: Symantec
CVE-2009-1428 (Multiple cross-site scripting (XSS) vulnerabilities in ccLgView.exe in ...)
	NOT-FOR-US: Symantec
CVE-2009-1427 (Unspecified vulnerability in HP-UX B.11.31 allows local users to cause ...)
	NOT-FOR-US: HP-UX
CVE-2009-1426 (Unspecified vulnerability on HP ProLiant DL and ML 100 Series G5, G5p, ...)
	NOT-FOR-US: HP ProLiant
CVE-2009-1425 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1424 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1423 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1422 (Unspecified vulnerability in HP ProCurve Threat Management Services zl ...)
	NOT-FOR-US: HP ProCurve
CVE-2009-1421 (Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 ...)
	NOT-FOR-US: ONCplus on HP HP-UX
CVE-2009-1420 (Stack-based buffer overflow in rping in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-1419 (Unspecified vulnerability in HP Discovery &amp; Dependency Mapping ...)
	NOT-FOR-US: HP Discovery & Dependency Mapping Inventory
CVE-2009-1418 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2009-1417 (gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and ...)
	- gnutls26 2.6.6-1 (low; bug #528281)
	[lenny] - gnutls26 <no-dsa> (Minor issue, explicitly labeled as a test program)
	- gnutls13 <removed>
	[etch] - gnutls13 <no-dsa> (Minor issue, explicitly labeled as a test program)
CVE-2009-1416 (lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates ...)
	- gnutls26 2.6.6-1 (medium)
	- gnutls13 <removed>
	[lenny] - gnutls26 <not-affected> (Vulnerable code not present, only affects 2.6.x)
	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1415 (lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not ...)
	- gnutls26 2.6.6-1 (medium)
	- gnutls13 <removed>
	[lenny] - gnutls26 <not-affected> (Vulnerable code not present)
	[etch] - gnutls26 <not-affected> (Vulnerable code not present)
	[etch] - gnutls13 <not-affected> (Vulnerable code not present, only affects 2.6.x)
CVE-2009-1414 (Google Chrome 2.0.x lets modifications to the global object persist ...)
	- chromium-browser <not-affected> (Only 2.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-1413 (Google Chrome 1.0.x does not cancel timeouts upon a page transition, ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-1412 (Argument injection vulnerability in the chromehtml: protocol handler ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (doesn't have a 'chromehtml' handler)
CVE-2009-XXXX [iodine: DoS against iodined triggerable by authenticated users]
	- iodine 0.5.1 (low)
	[lenny] - iodine 0.4.2-2~lenny1
CVE-2009-XXXX [ntop: access.log permissions]
	- ntop <not-affected> (fedora-specific configuration issue; debian package not affected)
	NOTE: bug #524801 (http://bugs.debian.org/524801)
CVE-2009-1402
	RESERVED
CVE-2009-1401
	RESERVED
CVE-2009-1400
	RESERVED
CVE-2009-1399
	RESERVED
CVE-2009-1398
	RESERVED
CVE-2009-1397
	RESERVED
CVE-2009-1396
	RESERVED
CVE-2009-1395
	RESERVED
CVE-2009-1394 (Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows ...)
	NOT-FOR-US: Motorola Timbuktu Pro
CVE-2009-1393
	RESERVED
CVE-2009-1392 (The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird ...)
	{DSA-1830-1 DSA-1820-1}
	- xulrunner 1.9.0.11-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-1391 (Off-by-one error in the inflate function in Zlib.xs in ...)
	- perl 5.10.0-23 (low; bug #532736)
	[etch] - perl <not-affected> (Doesn't yet include Compress-Raw-Zlib)
	- libcompress-raw-zlib-perl 2.015-2 (low; bug #532738)
	[lenny] - libcompress-raw-zlib-perl 2.012-1lenny1
	[lenny] - perl 5.10.0-19lenny1
CVE-2009-1390 (Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) ...)
	- mutt 1.5.20-1
	[lenny] - mutt <not-affected> (Affected code was introduced in 1.5.19)
	[etch] - mutt <not-affected> (Affected code was introduced in 1.5.19)
	[squeeze] - mutt <not-affected> (Affected code was introduced in 1.5.19)
CVE-2009-1389 (Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the ...)
	{DSA-1865-1 DSA-1844-1}
	- linux-2.6 2.6.26-16 (high; bug #532376)
	- linux-2.6.24 <removed>
	NOTE: potential for kernel memory corruption by remote attacker
CVE-2009-1388 (The ptrace_start function in kernel/ptrace.c in the Linux kernel ...)
	- linux-2.6 <not-affected> (problem in redhat-specific kernel patches)
	- linux-2.6.24 <not-affected> (problem in redhat-specific kernel patches)
CVE-2009-1387 (The dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in ...)
	- openssl 0.9.8k-2 (low; bug #532037)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1386 (ssl/s3_pkt.c in OpenSSL before 0.9.8i allows remote attackers to cause ...)
	- openssl 0.9.8k-1 (low; bug #532037)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1385 (Integer underflow in the e1000_clean_rx_irq function in ...)
	{DSA-1865-1 DSA-1844-1}
	- linux-2.6 2.6.26-16 (low; bug #532721)
	- linux-2.6.24 <removed>
CVE-2009-1384 (pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux ...)
	- libpam-krb5 <not-affected> (different code base than Debian's libpam-krb5)
CVE-2009-1383 (The getdirective function in mathtex.cgi in mathTeX, when downloaded ...)
	- mathtex 1.03-1 (medium; bug #537258)
CVE-2009-1382 (Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when ...)
	{DSA-1917-1}
	- mimetex 1.50-1.1 (medium; bug #537254)
CVE-2009-1381 (The map_yp_alias function in functions/imap_general.php in ...)
	{DSA-1802-2}
	- squirrelmail 2:1.4.19-1
CVE-2009-1380 (Cross-site scripting (XSS) vulnerability in JMX-Console in JBossAs in ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-1379 (Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1378 (Multiple memory leaks in the dtls1_process_out_of_seq_message function ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1377 (The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and ...)
	- openssl 0.9.8k-1 (low; bug #530400)
	[lenny] - openssl 0.9.8g-15+lenny3
	[etch] - openssl 0.9.8c-4etch9
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2009-1376 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1375 (The PurpleCircBuffer implementation in Pidgin (formerly Gaim) before ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1374 (Buffer overflow in the decrypt_out function in Pidgin (formerly Gaim) ...)
	- pidgin 2.5.6-1
	[lenny] - pidgin <not-affected> (QQ support not yet present)
	- gaim <not-affected> (QQ support not yet present)
CVE-2009-1373 (Buffer overflow in the XMPP SOCKS5 bytestream server in Pidgin ...)
	{DSA-1805-1}
	- pidgin 2.5.6-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (Only a transitional package)
CVE-2009-1365 (Unspecified vulnerability in Adobe Flash Media Server (FMS) before ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2009-1364 (Use-after-free vulnerability in the embedded GD library in libwmf ...)
	{DSA-1796-1}
	- libwmf 0.2.8.4-6.1 (low; bug #526434)
CVE-2009-1363
	RESERVED
CVE-2009-1360 (The __inet6_check_established function in net/ipv6/inet6_hashtables.c ...)
	- linux-2.6 2.6.29-1 (low; bug #529342)
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	[lenny] - linux-2.6 <not-affected> (Introduced in 2.6.27)
	- linux-2.6.24 <not-affected> (Introduced in 2.6.27)
CVE-2009-1411 (SQL injection vulnerability in events/inc/events.inc.php in the Events ...)
	NOT-FOR-US: Seditio CMS
CVE-2009-1410 (SQL injection vulnerability in index.php in Quick.Cms.Lite 0.5 allows ...)
	NOT-FOR-US: Quick.Cms.Lite
CVE-2009-1409 (SQL injection vulnerability in usersettings.php in e107 0.7.15 and ...)
	NOT-FOR-US: e107
CVE-2009-1408 (Cross-site scripting (XSS) vulnerability in webSPELL 4.2.0c allows ...)
	NOT-FOR-US: webSPELL
CVE-2009-1407 (Directory traversal vulnerability in config.php in NotFTP 1.3.1 allows ...)
	NOT-FOR-US: NotFTP
CVE-2009-1406 (Directory traversal vulnerability in cms_detect.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2009-1405 (Directory traversal vulnerability in index.php in PastelCMS 0.8.0, ...)
	NOT-FOR-US: PastelCMS
CVE-2009-1404 (SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when ...)
	NOT-FOR-US: PastelCMS
CVE-2009-1403 (SQL injection vulnerability in product_info.php in CRE Loaded 6.2 ...)
	NOT-FOR-US: CRE Loaded
CVE-2009-1370 (Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video ...)
	NOT-FOR-US: Xilisoft Video Converter
CVE-2009-1369 (moziloCMS 1.11 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1368 (Directory traversal vulnerability in index.php in moziloCMS 1.11 ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1367 (Cross-site scripting (XSS) vulnerability in index.php in moziloCMS ...)
	NOT-FOR-US: moziloCMS
CVE-2009-1366 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-1362 (SQL injection vulnerability in administration/index.php in chCounter ...)
	NOT-FOR-US: chCounter
CVE-2009-1361 (dig.php in GScripts.net DNS Tools allows remote attackers to execute ...)
	NOT-FOR-US: GScripts.net DNS Tools
CVE-2009-1359 (Unspecified vulnerability in the SCTP sockets implementation in Sun ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2008-6752 (adminlogin/password.php in the Twitter Clone (TClone) plugin for ReVou ...)
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6751 (Unrestricted file upload vulnerability in index.php in the Twitter ...)
	NOT-FOR-US: Twitter Clone (TClone) plugin for ReVou Micro Blogging
CVE-2008-6750 (Unrestricted file upload vulnerability in add.php in FlexPHPDirectory ...)
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6749 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
	NOT-FOR-US: FlexPHPDirectory
CVE-2008-6748 (Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers ...)
	NOT-FOR-US: Megacubo
CVE-2008-6747 (dotProject before 2.1.2 does not properly restrict access to ...)
	NOT-FOR-US: dotProject
CVE-2008-6746 (Cross-site scripting (XSS) vulnerability in the contact display view ...)
	NOT-FOR-US: Turba Contact Manager
CVE-2008-6745 (index.php in BlogPHP 2.0 allows remote attackers to gain administrator ...)
	NOT-FOR-US: BlogPHP
CVE-2008-6744 (Cross-site request forgery (CSRF) vulnerability in Cybozu Office 6, ...)
	NOT-FOR-US: Cybozu Office
CVE-2008-6743 (RSMScript 1.21 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: RSMScript
CVE-2009-1357 (CRLF injection vulnerability in da/DA/Login in Sun Java System ...)
	NOT-FOR-US: Sun Java System Delegated Administrator
CVE-2009-1356 (Stack-based buffer overflow in Elecard AVC HD Player allows remote ...)
	NOT-FOR-US: Elecard AVC HD Player
CVE-2009-1355 (Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 ...)
	NOT-FOR-US: IBM AIX
CVE-2009-1354 (Directory traversal vulnerability in Mongoose 2.4 allows remote ...)
	NOT-FOR-US: Mongoose
CVE-2009-1353 (Buffer overflow in the http_parse_hex function in libz/misc.c in ...)
	NOT-FOR-US: Zervit Webserver
CVE-2009-1352 (Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote ...)
	NOT-FOR-US: PowerCHM
CVE-2009-1351 (Heap-based buffer overflow in Apollo 37zz allows remote attackers to ...)
	NOT-FOR-US: Apollo 37zz
CVE-2009-1350 (Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client ...)
	NOT-FOR-US: Novell NetIdentity Client
CVE-2009-1349 (Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 ...)
	NOT-FOR-US: C2Net Stronghold
CVE-2008-6742 (Foxy P2P software allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxy P2P
CVE-2008-6741 (SQL injection vulnerability in Load.php in Simple Machines Forum (SMF) ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6740 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-6739 (Todd Woolums ASP Download management script 1.03 does not require ...)
	NOT-FOR-US: Todd Woolums ASP Download management script
CVE-2008-6738 (MyShoutPro 1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: MyShoutPro
CVE-2008-6737 (Crysis 1.21 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Crysis
CVE-2008-6736 (Flat Calendar 1.1 does not properly restrict access to administrative ...)
	NOT-FOR-US: Flat Calendar
CVE-2008-6735 (Directory traversal vulnerability in qc/index.php in ThaiQuickCart 3 ...)
	NOT-FOR-US: ThaiQuickCart
CVE-2008-6734 (Directory traversal vulnerability in Public/index.php in Keller Web ...)
	NOT-FOR-US: Keller Web Admin CMS
CVE-2008-6733 (Cross-site scripting (XSS) vulnerability in the error handling page in ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6732 (Cross-site scripting (XSS) vulnerability in the Language skin object ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-7238 (Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 ...)
	NOT-FOR-US: MyShoutPro
CVE-2009-1358 (apt-get in apt before 0.7.21 does not check for the correct error code ...)
	{DSA-1779-1 DTSA-199-1}
	- apt 0.7.21 (bug #433091)
CVE-2009-1440 (Incomplete blacklist vulnerability in DownloadListCtrl.cpp in amule ...)
	{DSA-1821-1}
	- amule 2.2.5-1.1 (low; bug #525078)
	[etch] - amule <not-affected> (Doesn't support preview of complete files, which is the vulnerable part)
CVE-2009-1348 (The AV engine before DAT 5600 in McAfee VirusScan, Total Protection, ...)
	NOT-FOR-US: Various AV junk
CVE-2009-1347 (Multiple SQL injection vulnerabilities in stats/index.php in chCounter ...)
	NOT-FOR-US: chCounter
CVE-2009-1346 (SQL injection vulnerability in publico/ficha.php in NetHoteles 3.0 ...)
	NOT-FOR-US: NetHoteles
CVE-2009-1345 (SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows ...)
	NOT-FOR-US: cpCommerce
CVE-2009-1344 (Cross-site scripting (XSS) vulnerability in the Localization client ...)
	NOT-FOR-US: Localization client for drupal
CVE-2009-1343 (Cross-site scripting (XSS) vulnerability in the Print (aka Printer, ...)
	NOT-FOR-US: Print module for Drupal
CVE-2009-1342 (Cross-site scripting (XSS) vulnerability in the CCK comment reference ...)
	NOT-FOR-US: CCK comment module for Drupal
CVE-2008-6731 (Unrestricted file upload vulnerability in submitlink.php in ...)
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6730 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
	NOT-FOR-US: FlexPHPLink Pro
CVE-2008-6729 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PHPmotion
CVE-2008-6728 (SQL injection vulnerability in the Sections module in PHP-Nuke, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-6727 (Cross-site scripting (XSS) vulnerability in Ultimate PHP Board (UPB) ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2009-XXXX [git-core in Debian has non-root-owned files under /usr]
	- git-core 1:1.6.2.1-1 (bug #516669)
	[lenny] - git-core 1:1.5.6.5-3+lenny3.2
	NOTE: fixed accidently through spu
CVE-2009-1341 (Memory leak in the dequote_bytea function in quote.c in the DBD::Pg ...)
	{DSA-1780-1}
	- libdbd-pg-perl 2.1.3-1
CVE-2009-1340
	RESERVED
CVE-2009-1339 (Cross-site request forgery (CSRF) vulnerability in TWiki before 4.3.1 ...)
	- twiki <removed> (bug #526258)
	NOTE: We should probably request removal from unstable, replaced by foswiki
CVE-2009-1338 (The kill_something_info function in kernel/signal.c in the Linux ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1337 (The exit_notify function in kernel/exit.c in the Linux kernel before ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-5
	- linux-2.6.24 <removed>
CVE-2009-1336 (fs/nfs/client.c in the Linux kernel before 2.6.23 does not properly ...)
	{DSA-1794-1}
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2009-1335 (Microsoft Internet Explorer 7 and 8 on Windows XP and Vista allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-1334 (Cross-site scripting (XSS) vulnerability in login/FilepathLogin.html ...)
	NOT-FOR-US: IBM Tivoli Continuous Data Protection
CVE-2009-1333 (Cross-site scripting (XSS) vulnerability in refresh_rate.htm in the ...)
	NOT-FOR-US: HP Deskjet
CVE-2009-1332 (The Online Help feature in Sun Java System Directory Server 5.2 and ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2009-1331 (Integer overflow in Microsoft Windows Media Player (WMP) ...)
	NOT-FOR-US: Windows Media Player
CVE-2009-XXXX [pptp-linux: unrestrictive pptpsetup permissions]
	- pptp-linux 1.7.2-3 (low; bug #523476)
	[lenny] - pptp-linux <no-dsa> (Minor issue)
	[etch] - pptp-linux <no-dsa> (Minor issue)
CVE-2009-1330 (Stack-based buffer overflow in Easy RM to MP3 Converter allows remote ...)
	NOT-FOR-US: Easy RM to MP3 Converter
CVE-2009-1329 (Stack-based buffer overflow in Mini-stream Shadow Stream Recorder ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1328 (Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1327 (Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1326 (Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1325 (Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1324 (Stack-based buffer overflow in Mini-stream ASX to MP3 Converter ...)
	NOT-FOR-US: Mini-stream
CVE-2009-1323 (SQL injection vulnerability in body.asp in Web File Explorer 3.1 ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1322 (ASP Product Catalog 1.0 stores sensitive information under the web ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2009-1321 (Cross-site scripting (XSS) vulnerability in search.asp in ASP Product ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2009-1320 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Zazzle Store Builder
CVE-2009-1319 (Directory traversal vulnerability in includes/ini.inc.php in GuestCal ...)
	NOT-FOR-US: GuestCal
CVE-2009-1318 (Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 ...)
	NOT-FOR-US: Jamroom
CVE-2009-1317 (Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when ...)
	NOT-FOR-US: Aqua CMS
CVE-2009-1316 (Multiple SQL injection vulnerabilities in AbleSpace 1.0 allow remote ...)
	NOT-FOR-US: AbleSpace
CVE-2009-1315 (Multiple cross-site scripting (XSS) vulnerabilities in AbleSpace 1.0 ...)
	NOT-FOR-US: Ablespace
CVE-2009-1314 (body.asp in Web File Explorer 3.1 allows remote attackers to create ...)
	NOT-FOR-US: Web File Explorer
CVE-2009-1313 (The nsTextFrame::ClearTextRun function in ...)
	- xulrunner 1.9.0.10-1 (low)
	[etch] - xulrunner <not-affected> (introduced in 1.9.0.9)
	[lenny] - xulrunner <not-affected> (introduced in 1.9.0.9)
CVE-2009-1312 (Mozilla Firefox before 3.0.9 and SeaMonkey 1.1.17 do not block ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1311 (Mozilla Firefox before 3.0.9 and SeaMonkey before 1.1.17 allow ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1310 (Cross-site scripting (XSS) vulnerability in the MozSearch plugin ...)
	{DSA-1886-1}
	- iceweasel 3.0.9-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1309 (Mozilla Firefox before 3.0.9, Thunderbird, and SeaMonkey do not ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1308 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1307 (The view-source: URI implementation in Mozilla Firefox before 3.0.9, ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1306 (The jar: URI implementation in Mozilla Firefox before 3.0.9, ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1305 (The JavaScript engine in Mozilla Firefox before 3.0.9, Thunderbird ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer <unfixed> (unimportant)
	NOTE: kompozer shares the browser engine with Firefox, but JavaScript is not enabled
CVE-2009-1304 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
	{DSA-1797-1}
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1303 (The browser engine in Mozilla Firefox before 3.0.9, Thunderbird before ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1302 (The browser engine in Mozilla Firefox 3.x before 3.0.9, Thunderbird ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-1301 (Integer signedness error in the store_id3_text function in the ID3v2 ...)
	- mpg123 1.7.2-1 (low)
	[etch] - mpg123 <no-dsa> (Minor issue)
	[lenny] - mpg123 <no-dsa> (Minor issue)
	NOTE: http://secunia.com/advisories/34587/3/
	NOTE: unlike secunia states I can't see that this allows code execution but is just an invalid read
	NOTE: crashing the application
CVE-2009-1300 (apt 0.7.20 does not check when the date command returns an &quot;invalid ...)
	{DSA-1779-1 DTSA-199-1}
	- apt 0.7.21 (bug #523213)
CVE-2008-6726 (Multiple directory traversal vulnerabilities in CMScout 2.06, when ...)
	NOT-FOR-US: CMScout
CVE-2008-6725 (Multiple SQL injection vulnerabilities in CMScout 2.06 allow remote ...)
	NOT-FOR-US: CMScout
CVE-2008-6724 (Cross-site scripting (XSS) vulnerability in index.pl in Perl Nopaste ...)
	NOT-FOR-US: Perl Nopaste
CVE-2009-1299 (The pa_make_secure_dir function in core-util.c in PulseAudio 0.9.10 ...)
	{DSA-2017-1}
	- pulseaudio 0.9.21-1.1 (bug #573615)
CVE-2009-1298 (The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux ...)
	{DTSA-204-1}
	- linux-2.6 2.6.32-1 (low)
	[etch] - linux-2.6 <not-affected> (introduced in 2.6.29)
	[lenny] - linux-2.6 <not-affected> (introduced in 2.6.29)
	- linux-2.6.24 <not-affected> (introduced in 2.6.29)
CVE-2009-1297 (iscsi_discovery in open-iscsi in SUSE openSUSE 10.3 through 11.1 and ...)
	- open-iscsi 2.0.871-1 (low; bug #547011)
	[lenny] - open-iscsi 2.0.870~rc3-0.4.1
	[etch] - open-iscsi <not-affected> (Vulnerable script not yet present)
CVE-2009-1296 (The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on ...)
	- ecryptfs-utils 75-2 (unimportant; bug #532372)
	NOTE: this is a non-issue as the debian installer doesn't support per user
	NOTE: encrypted home directories with ecryptfs, so no passphrase is stored in the
	NOTE: installer logs on disk
CVE-2009-1295 (Apport before 0.108.4 on Ubuntu 8.04 LTS, before 0.119.2 on Ubuntu ...)
	[experimental] - apport <not-affected> (Fixed before initial upload into Debian)
CVE-2009-1294 (Multiple cross-site scripting (XSS) vulnerabilities in web/guest/home ...)
	NOT-FOR-US: Novell Teaming
CVE-2009-1293 (The web login functionality (c/portal/login) in Novell Teaming 1.0 ...)
	NOT-FOR-US: Novell Teaming
CVE-2009-1292 (UCM-CQ in IBM Rational ClearCase 7.0.0.x before 7.0.0.5, 7.0.1.x ...)
	NOT-FOR-US: ClearCase
CVE-2008-6723 (TurnkeyForms Entertainment Portal 2.0 allows remote attackers to ...)
	NOT-FOR-US: TurnkeyForms
CVE-2008-6722 (Novell Access Manager 3 SP4 does not properly expire X.509 certificate ...)
	NOT-FOR-US: Novell Access Manager
CVE-2008-6721 (SQL injection vulnerability in index.php in AJ Square AJ Article ...)
	NOT-FOR-US: AJ Square AJ Article
CVE-2009-1371 (The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552
CVE-2009-1372 (Stack-based buffer overflow in the cli_url_canon function in ...)
	- clamav 0.95.1+dfsg-1
	[etch] - clamav <not-affected> (vulnerable code not present)
	[lenny] - clamav <not-affected> (vulnerable code not present)
	NOTE: https://bugzilla.clamav.net/show_bug.cgi?id=1552
CVE-2009-1291 (Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, ...)
	NOT-FOR-US: SmartSockets
CVE-2009-1290 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1289 (private/login.ssi in the Advanced Management Module (AMM) on the IBM ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1288 (Multiple cross-site scripting (XSS) vulnerabilities in the Advanced ...)
	NOT-FOR-US: IBM BladeCenter
CVE-2009-1287 (Cross-site scripting (XSS) vulnerability in Cisco Subscriber Edge ...)
	NOT-FOR-US: Cisco Subscriber Edge Services Manager
CVE-2009-1286 (The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-6720 (SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-6719 (U&amp;M Software Event Lister (aka JustListIt) 1.0 does not require ...)
	NOT-FOR-US: Software Event Lister
CVE-2008-6718 (U&amp;M Software JustBookIt 1.0 does not require administrative ...)
	NOT-FOR-US: JustBookIt
CVE-2008-6717 (U&amp;M Software Signup 1.0 and 1.1 does not require administrative ...)
	NOT-FOR-US: Software Signup
CVE-2008-6716 (homeadmin/adminhome.php in Pre ADS Portal 2.0 and earlier does not ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-6715 (Multiple cross-site scripting (XSS) vulnerabilities in Pre ADS Portal ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2009-1285 (Static code injection vulnerability in the getConfigFile function in ...)
	- phpmyadmin 4:3.1.3.2-1 (unimportant; bug #524804)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2008-6714 (admin.php in xeCMS 1.0.0 RC2 and earlier allows remote attackers to ...)
	NOT-FOR-US: xeCMS
CVE-2008-6713 (World in Conflict (WIC) 1.008 and earlier allows remote attackers to ...)
	NOT-FOR-US: World in Conflict
CVE-2008-6712 (The HTTP/XML-RPC service in Crysis 1.21 (game version 1.1.1.6156) and ...)
	NOT-FOR-US: Crysis
CVE-2008-6711 (Unspecified vulnerability in the Web administration interface in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6710 (Unspecified vulnerability in the Web administration interface in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6709 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6708 (Unspecified vulnerability in the Web management interface in Avaya SIP ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6707 (The Web management interface in Avaya SIP Enablement Services (SES) ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6706 (Multiple unspecified vulnerabilities in the Web management interface ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-6705 (The MultipacketReciever::RecievePacket function in S.T.A.L.K.E.R.: ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6704 (Integer overflow in the NET_Compressor::Decompress function in ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6703 (Stack-based buffer overflow in the IPureServer::_Recieve function in ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6702 (S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote ...)
	NOT-FOR-US: S.T.A.L.K.E.R.: Shadow of Chernobyl
CVE-2008-6701 (NetScout (formerly Network General) Visualizer V2100 and InfiniStream ...)
	NOT-FOR-US: NetScout Visualizer
CVE-2008-6700 (Multiple cross-site scripting (XSS) vulnerabilities in Butterfly ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6699 (Cross-site scripting (XSS) vulnerability in Resource Library ...)
	NOT-FOR-US: Resource Library extension for TYPO3
CVE-2008-6698 (Cross-site scripting (XSS) vulnerability in TARGET-E WorldCup Bets ...)
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6697 (SQL injection vulnerability in TARGET-E WorldCup Bets (worldcup) 2.0.0 ...)
	NOT-FOR-US: WorldCup Bets extension for TYPO3
CVE-2008-6696 (SQL injection vulnerability in Fussballtippspiel (toto) 0.1.1 and ...)
	NOT-FOR-US: Fussballtippspiel extension for TYPO3
CVE-2008-6695 (SQL injection vulnerability in TIMTAB social bookmark icons ...)
	NOT-FOR-US: TIMTAB social bookmark icons extension for TYPO3
CVE-2008-6694 (SQL injection vulnerability in Random Prayer (ste_prayer) 0.0.1 for ...)
	NOT-FOR-US: Random Prayer extension for TYPO3
CVE-2008-6693 (SQL injection vulnerability in Download system (sb_downloader) ...)
	NOT-FOR-US: Download system extension for TYPO3
CVE-2008-6692 (SQL injection vulnerability in Diocese of Portsmouth Training Courses ...)
	NOT-FOR-US: Training Courses extension for TYPO3
CVE-2008-6691 (SQL injection vulnerability in Diocese of Portsmouth Calendar Today ...)
	NOT-FOR-US: Calendar Today extension for TYPO3
CVE-2008-6690 (Unspecified vulnerability in nepa-design.de Spam Protection ...)
	NOT-FOR-US: Spam Protection extension for TYPO3
CVE-2008-6689 (SQL injection vulnerability in JobControl (dmmjobcontrol) 1.15.0 and ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6688 (Cross-site scripting (XSS) vulnerability in JobControl (dmmjobcontrol) ...)
	NOT-FOR-US: JobControl extension for TYPO3
CVE-2008-6687 (Cross-site scripting (XSS) vulnerability in DCD GoogleMap ...)
	NOT-FOR-US: DCD GoogleMap extension for TYPO3
CVE-2008-6686 (SQL injection vulnerability in CoolURI (cooluri) 1.0.11 and earlier ...)
	NOT-FOR-US: CoolURI extension for TYPO3
CVE-2008-6685 (Unspecified vulnerability in Frontend Filemanager (air_filemanager) ...)
	NOT-FOR-US: Frontend Filemanager extension for TYPO3
CVE-2008-6684 (Unrestricted file upload vulnerability in editimage.php in Apartment ...)
	NOT-FOR-US: Apartment Search Script
CVE-2008-6683 (Cross-site scripting (XSS) vulnerability in listtest.php in Apartment ...)
	NOT-FOR-US: Apartment Search Script
CVE-2009-1284 (Buffer overflow in BibTeX 0.99 allows context-dependent attackers to ...)
	- texlive-bin 2009-1 (low; bug #520920)
	[etch] - texlive-bin <no-dsa> (Minor issue)
	[lenny] - texlive-bin 2007.dfsg.2-4+lenny2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=492136
CVE-2009-1283 (glFusion before 1.1.3 performs authentication with a user-provided ...)
	NOT-FOR-US: glFusion
CVE-2009-1282 (SQL injection vulnerability in private/system/lib-session.php in ...)
	NOT-FOR-US: glFusion
CVE-2009-1281 (Cross-site scripting (XSS) vulnerability in glFusion before 1.1.3 ...)
	NOT-FOR-US: glFusion
CVE-2009-1280 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Joomla
CVE-2009-1279 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 ...)
	NOT-FOR-US: Joomla
CVE-2009-1278 (Static code injection vulnerability in forms/ajax/configure.php in ...)
	NOT-FOR-US: Gravity Board
CVE-2009-1277 (SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 ...)
	NOT-FOR-US: Gravity Board
CVE-2009-1276 (XScreenSaver in Sun Solaris 10 and OpenSolaris before snv_109, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-1275 (Apache Tiles 2.1 before 2.1.2, as used in Apache Struts and other ...)
	- tiles 2.2.0-1
CVE-2008-6682 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts ...)
	- libstruts1.2-java <not-affected> (Only affects Struts 2)
CVE-2008-6681 (Cross-site scripting (XSS) vulnerability in dijit.Editor in Dojo ...)
	NOT-FOR-US: Dojo
CVE-2007-6726 (Multiple cross-site scripting (XSS) vulnerabilities in Dojo 0.4.1 and ...)
	NOT-FOR-US: Dojo
CVE-2009-1273 (pam_ssh 1.92 and possibly other versions, as used when PAM is compiled ...)
	- libpam-ssh 1.92-7 (low; bug #535877)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[lenny] - libpam-ssh 1.91.0-9.3+lenny1
CVE-2009-1272 (The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3
	[etch] - php5 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
	- php4 <not-affected> (this is caused by the fix for CVE-2008-5658, which was not applied to php4)
CVE-2009-1271 (The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before ...)
	{DSA-1789-1 DSA-1775-1}
	- php5 5.2.9.dfsg.1-1
	- php4 <not-affected> (the JSON extension was introduced in php5.2)
	- php-json-ext <unfixed>
CVE-2009-1269 (Unspecified vulnerability in Wireshark 0.99.6 through 1.0.6 allows ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark <not-affected> (Vulnerable code not present; introduced in 0.99.6)
CVE-2009-1268 (The Check Point High-Availability Protocol (CPHAP) dissector in ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark 0.99.4-5.etch.4
CVE-2009-1267 (Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 ...)
	- wireshark <not-affected> (Only affects Wireshark on Windows)
CVE-2009-1266 (Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact ...)
	NOTE: Dupe of CVE-2009-1210
CVE-2009-1265 (Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-4
	- linux-2.6.24 <removed>
CVE-2009-1264 (Frontend User Registration (sr_feuser_register) extension 2.5.20 and ...)
	NOT-FOR-US: Frontend User Registration (sr_feuser_register) extension
CVE-2009-1263 (SQL injection vulnerability in sub_commententry.php in the BookJoomlas ...)
	NOT-FOR-US: Joomla
CVE-2009-1262 (Format string vulnerability in Fortinet FortiClient 3.0.614, and ...)
	NOT-FOR-US: Fortinet FortiClient
CVE-2009-1261 (Multiple cross-site scripting (XSS) vulnerabilities in Web Help Desk ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-1260 (Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and ...)
	NOT-FOR-US: UltraISO
CVE-2009-1259 (SQL injection vulnerability in inc/bb/topic.php in Insane Visions ...)
	NOT-FOR-US: Insane Visions AdaptBB
CVE-2009-1258 (SQL injection vulnerability in the RD-Autos (com_rdautos) component ...)
	NOT-FOR-US: Joomla
CVE-2009-1257 (Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows ...)
	NOT-FOR-US: Magic ISO Maker
CVE-2009-1256 (SQL injection vulnerability in FlexCMS 2.5 allows remote attackers to ...)
	NOT-FOR-US: FlexCMS
CVE-2009-1255 (The process_stat function in (1) Memcached before 1.2.8 and (2) ...)
	- memcached 1.2.8-1 (low)
	[etch] - memcached <no-dsa> (Minor issue)
	[lenny] - memcached <no-dsa> (Minor issue)
	[squeeze] - memcached <no-dsa> (Minor issue)
	- memcachedb 1.2.0-3 (low; bug #527330)
	[squeeze] - memcachedb <no-dsa> (Minor issue)
	NOTE: why are weaknesses in security hardening features like ASLR considered minor?
	NOTE: even though this is not directly a vulnerability itself, part of this application's armor is now missing; making it easier for unknown vulnerabilities to be effective.
CVE-2008-6679 (Buffer overflow in the BaseFont writer module in Ghostscript 8.62, and ...)
	{DSA-2080-1}
	- ghostscript 8.64~dfsg-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2008-6678 (SQL injection vulnerability in asp/includes/contact.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6677 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6676 (QuickerSite 1.8.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6675 (Multiple cross-site scripting (XSS) vulnerabilities in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6674 (mailPage.asp in QuickerSite 1.8.5 allows remote attackers to flood ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6673 (asp/bs_login.asp in QuickerSite 1.8.5 does not properly restrict ...)
	NOT-FOR-US: QuickerSite
CVE-2008-6672 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6671 (Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6670 (Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote ...)
	NOT-FOR-US: Vertex4 SunAge
CVE-2008-6669 (viewrq.php in nweb2fax 0.2.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: nweb2fax
CVE-2008-6668 (Multiple directory traversal vulnerabilities in nweb2fax 0.2.7 and ...)
	NOT-FOR-US: nweb2fax
CVE-2008-6667 (A+ PHP Scripts News Management System (NMS) allows remote attackers to ...)
	NOT-FOR-US: A+ PHP Scripts News Management System (NMS)
CVE-2008-6666 (Multiple cross-site scripting (XSS) vulnerabilities in Kronos webTA ...)
	NOT-FOR-US: Kronos webTA
CVE-2008-6665 (change.php in Ananta CMS 1.0b5, with magic_quotes_gpc disabled, allows ...)
	NOT-FOR-US: Ananta CMS
CVE-2008-6664 (action.php in SH-News 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: SH-News
CVE-2008-6663 (SQL injection vulnerability in profile.php in PHPAuctions.info ...)
	NOT-FOR-US: PHPAuctions
CVE-2008-6662 (AVG Anti-Virus for Linux 7.5.51, and possibly earlier, allows remote ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-6661 (Multiple integer overflows in the scanning engine in Bitdefender for ...)
	NOT-FOR-US: Bitdefender
CVE-2008-6660 (Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov ...)
	NOT-FOR-US: Alexey Ozerov BigDump
CVE-2008-6659 (Directory traversal vulnerability in index.php in Simple Machines ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6658 (Directory traversal vulnerability in index.php in Simple Machines ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6657 (Cross-site request forgery (CSRF) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-6725 (The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly ...)
	{DSA-2080-1}
	- ghostscript 8.63.dfsg.1-1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2008-6680 (libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2009-1270 (libclamav/untar.c in ClamAV before 0.95 allows remote attackers to ...)
	{DSA-1771-1}
	- clamav 0.95.1+dfsg-1 (medium; bug #523016)
CVE-2009-1254 (James Stone Tunapie 2.1 allows remote attackers to execute arbitrary ...)
	{DSA-1764-1}
	- tunapie 2.1.17-1
CVE-2009-1253 (James Stone Tunapie 2.1 allows local users to overwrite arbitrary ...)
	{DSA-1764-1}
	- tunapie 2.1.17-1
CVE-2009-1252 (Stack-based buffer overflow in the crypto_recv function in ...)
	{DSA-1801-1}
	- ntp 1:4.2.4p6+dfsg-2 (high; bug #525373)
	NOTE: VU#853097
CVE-2009-1251 (Heap-based buffer overflow in the cache manager in the client in ...)
	{DSA-1768-1}
	- openafs 1.4.10+dfsg1-1
CVE-2009-1250 (The cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 ...)
	{DSA-1768-1}
	- openafs 1.4.10+dfsg1-1
	[etch] - openafs 1.4.2-6etch3
CVE-2009-1249 (Cross-site scripting (XSS) vulnerability in Feed element mapper 5.x ...)
	NOT-FOR-US: Feed element mapper for Drupal
CVE-2009-1248 (Multiple PHP remote file inclusion vulnerabilities in Acute Control ...)
	NOT-FOR-US: Acute Control Panel
CVE-2009-1247 (SQL injection vulnerability in login.php in Acute Control Panel 1.0.0 ...)
	NOT-FOR-US: Acute Control Panel
CVE-2009-1246 (Multiple directory traversal vulnerabilities in Blogplus 1.0 allow ...)
	NOT-FOR-US: Blogplus
CVE-2009-1245 (Multiple SQL injection vulnerabilities in the insert_to_pastebin ...)
	NOT-FOR-US: CCCP Community Clan Portal Pastebin
CVE-2009-1244 (Unspecified vulnerability in the virtual machine display function in ...)
	NOT-FOR-US: VMware
CVE-2009-1243 (net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an ...)
	- linux-2.6 <not-affected> (Issue was introduced after 2.6.27 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.27 release)
CVE-2009-1242 (The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.30-1
	[etch] - linux-2.6 <not-affected> (Doesn't include KVM yet)
	- linux-2.6.24 <removed>
CVE-2008-6656 (Multiple SQL injection vulnerabilities in Open Auto Classifieds 1.4.3b ...)
	NOT-FOR-US: Open Auto Classifieds
CVE-2008-6655 (Multiple cross-site scripting (XSS) vulnerabilities in GEDCOM_TO_MYSQL ...)
	NOT-FOR-US: GEDCOM_TO_MYSQL
CVE-2008-6654 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
	NOT-FOR-US: InfoBiz Server
CVE-2008-6653 (SQL injection vulnerability in webhosting.php in the Webhosting ...)
	NOT-FOR-US: Joomla
CVE-2008-6652 (SQL injection vulnerability in asd.php in OneCMS 2.5 allows remote ...)
	NOT-FOR-US: OneCMS
CVE-2008-6651 (Static code injection vulnerability in edithistory.php in OxYProject ...)
	NOT-FOR-US: OxYProject OxYBox
CVE-2008-6650 (del.php in miniBloggie 1.0 allows remote attackers to delete arbitrary ...)
	NOT-FOR-US: miniBloggie
CVE-2008-6649 (SQL injection vulnerability in manager/image_details_editor.php in ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6648 (SQL injection vulnerability in crumbs.php in Ktools PhotoStore 3.4.3 ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6647 (SQL injection vulnerability in gallery.php in Ktools PhotoStore 3.4.3 ...)
	NOT-FOR-US: Ktools PhotoStore
CVE-2008-6646 (Cross-site scripting (XSS) vulnerability in index.php in CoronaMatrix ...)
	NOT-FOR-US: CoronaMatrix phpAddressBook
CVE-2008-6645 (Cross-site scripting (XSS) vulnerability in Opencosmo VisualSentinel ...)
	NOT-FOR-US: Opencosmo VisualSentinel
CVE-2008-6644 (Cross-site scripting (XSS) vulnerability in Default.aspx in DotNetNuke ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6643 (LokiCMS 0.3.4 and possibly earlier versions does not properly restrict ...)
	NOT-FOR-US: LokiCMS
CVE-2008-6642 (SQL injection vulnerability in view.php in DotContent FluentCMS 4.x ...)
	NOT-FOR-US: DotContent FluentCMS
CVE-2008-6641 (Multiple SQL injection vulnerabilities in Shader TV (Beta) allow ...)
	NOT-FOR-US: Shader TV
CVE-2008-6640 (Multiple SQL injection vulnerabilities in BatmanPorTaL allow remote ...)
	NOT-FOR-US: BatmanPorTaL
CVE-2008-6639 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	- ajaxplorer <itp> (bug #668381)
CVE-2008-6638 (Insecure method vulnerability in the Versalsoft HTTP Image Uploader ...)
	NOT-FOR-US: Versalsoft HTTP Image Uploader ActiveX
CVE-2008-6637 (Multiple cross-site scripting (XSS) vulnerabilities in forgotPW.php in ...)
	NOT-FOR-US: Library Video Company SAFARI Montage
CVE-2008-6636 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...)
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6635 (PHP remote file inclusion vulnerability in skins/default.php in Geody ...)
	NOT-FOR-US: Geody Labs Dagger
CVE-2008-6634 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6633 (SQL injection vulnerability in RoomPHPlanning 1.5 allows remote ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-6632 (SQL injection vulnerability in func/login.php in MercuryBoard 1.1.5 ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-6631 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: BlogPHP
CVE-2008-6630 (Directory traversal vulnerability in the wt_gallery extension 2.5.0 ...)
	NOT-FOR-US: wt_gallery extension for TYPO3
CVE-2008-6629 (Cross-site scripting (XSS) vulnerability in detail.php in WEBBDOMAIN ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6628
	REJECTED
CVE-2008-6627 (SQL injection vulnerability in getin.php in WEBBDOMAIN WebShop 1.2, ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6626 (SQL injection vulnerability in getin.php in WEBBDOMAIN Quiz 1.02 and ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6625 (SQL injection vulnerability in getin.php in WEBBDOMAIN Polls (aka ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6624 (SQL injection vulnerability in getin.php in WEBBDOMAIN Petition 1.02, ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6623 (SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6622 (SQL injection vulnerability in choosecard.php in WEBBDOMAIN Post Card ...)
	NOT-FOR-US: WEBBDOMAIN Multi Languages WebShop Online
CVE-2008-6621 (Unspecified vulnerability in GraphicsMagick before 1.2.3 allows remote ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6620 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: GraFX miniCWB
CVE-2008-6619 (Unrestricted file upload vulnerability in class/ApplyDB.php in ...)
	NOT-FOR-US: ClassSystem
CVE-2008-6618 (Multiple SQL injection vulnerabilities in ClassSystem 2.3 allow remote ...)
	NOT-FOR-US: ClassSystem
CVE-2008-6617 (Unrestricted file upload vulnerability in adm/visual/upload.php in ...)
	NOT-FOR-US: SiteXS CMS
CVE-2008-6616 (Cross-site scripting (XSS) vulnerability in index.php in Zen Software ...)
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6615 (SQL injection vulnerability in index.php in Zen Software Zen Cart 2008 ...)
	NOT-FOR-US: Zen Software Zen Cart
CVE-2008-6614 (Multiple SQL injection vulnerabilities in microcms-admin-login.php in ...)
	NOT-FOR-US: Micro CMS
CVE-2008-6613 (uploader.php in minimal-ablog 0.4 does not properly restrict access, ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6612 (Unrestricted file upload vulnerability in admin/uploader.php in ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6611 (SQL injection vulnerability in index.php in Minimal ABlog 0.4 allows ...)
	NOT-FOR-US: minimal-ablog
CVE-2008-6610 (Absolute path traversal vulnerability in phpcksec.php in Stefan Ott ...)
	NOT-FOR-US: phpcksec
CVE-2008-6609 (Cross-site scripting (XSS) vulnerability in phpcksec.php in Stefan Ott ...)
	NOT-FOR-US: phpcksec
CVE-2008-6608 (Multiple SQL injection vulnerabilities in DevelopItEasy Events ...)
	NOT-FOR-US: DevelopItEasy Events Calendar
CVE-2008-6607 (Cross-site scripting (XSS) vulnerability in view.php in MatPo Link 1.2 ...)
	NOT-FOR-US: MatPo Link
CVE-2008-6606 (SQL injection vulnerability in view.php in MatPo Link 1.2 Beta allows ...)
	NOT-FOR-US: MatPo Link
CVE-2008-6605 (Cross-site request forgery (CSRF) vulnerability in the xslt script in ...)
	NOT-FOR-US: 2wire
CVE-2009-1241 (Unspecified vulnerability in ClamAV before 0.95 allows remote ...)
	- clamav 0.95+dfsg-1 (medium; bug #526042)
	[etch] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
	[lenny] - clamav <not-affected> (debian package does not use the rar code in clamav at the current time)
CVE-2009-1240 (Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 ...)
	NOT-FOR-US: IBM Proventia
CVE-2009-1239 (IBM DB2 9.1 before FP7 returns incorrect query results in certain ...)
	NOT-FOR-US: IBM DB2
CVE-2008-6604 (Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 ...)
	NOT-FOR-US: PicoFlat CMS
CVE-2008-6603 (MoinMoin 1.6.2 and 1.7 does not properly enforce ACL checks when ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable code not present)
CVE-2008-6602 (Unspecified vulnerability in Download Center Lite before 2.1 has ...)
	NOT-FOR-US: Download Center Lite
CVE-2008-6601 (Unspecified vulnerability in Epona 1.5rc3 allows remote attackers to ...)
	NOT-FOR-US: Epona
CVE-2008-6600 (Cross-site scripting (XSS) vulnerability in the search feature in ...)
	NOT-FOR-US: XMLPortal
CVE-2008-6599 (cookiecheck.php in CookieCheck 1.0 stores tmp/cc_sessions under the ...)
	NOT-FOR-US: CookieCheck
CVE-2008-6598 (Multiple race conditions in WANPIPE before 3.3.6 have unknown impact ...)
	NOT-FOR-US: WANPIPE
CVE-2008-6597 (Cross-site scripting (XSS) vulnerability in upload/install/index.php ...)
	NOT-FOR-US: PHCDownload
CVE-2008-6596 (SQL injection vulnerability in admin/index.php in PHCDownload 1.1 ...)
	NOT-FOR-US: PHCDownload
CVE-2008-6595 (SQL injection vulnerability in the pmk_rssnewsexport extension for ...)
	NOT-FOR-US: pmk_rssnewsexport extension for TYPO3
CVE-2008-6594 (SQL injection vulnerability in the cm_rdfexport extension for TYPO3 ...)
	NOT-FOR-US: 3dparty typo3 extension
CVE-2008-6593 (SQL injection vulnerability in LightNEasy/lightneasy.php in LightNEasy ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6592 (thumbsup.php in Thumbs-Up 1.12, as used in LightNEasy &quot;no database&quot; ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6591 (LightNEasy &quot;no database&quot; (aka flat) version 1.2.2, and possibly SQLite ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6590 (Multiple directory traversal vulnerabilities in LightNEasy &quot;no ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6589 (Multiple cross-site scripting (XSS) vulnerabilities in LightNEasy &quot;no ...)
	NOT-FOR-US: LightNEasy SQLite
CVE-2008-6588 (Aztech ADSL2/2+ 4-port router has a default &quot;isp&quot; account with a ...)
	NOT-FOR-US: Aztech port router
CVE-2008-6587 (Cross-site request forgery (CSRF) vulnerability in index.tmpl in Vuze ...)
	NOT-FOR-US: Azureus HTML WebUI
CVE-2008-6586 (Cross-site request forgery (CSRF) vulnerability in gui/index.php in ...)
	NOT-FOR-US: ?Torrent (uTorrent) WebUI
CVE-2008-6585 (Cross-site request forgery (CSRF) vulnerability in html/admin.php in ...)
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6584 (html/index.php in TorrentFlux 2.3 allows remote authenticated users to ...)
	- torrentflux <not-affected> (Debian packaging uses a different directory layout, see bug #531614)
CVE-2008-6583 (Buffer overflow in BS.player 2.27 build 959 allows remote attackers to ...)
	NOT-FOR-US: BS.player
CVE-2009-1274 (Integer overflow in the qt_error parse_trak_atom function in ...)
	- xine-lib 1.1.16.3-1 (medium; bug #522811)
	- vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-1238 (Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1237 (Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1236 (Heap-based buffer overflow in the AppleTalk networking stack in XNU ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1235 (XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does ...)
	NOT-FOR-US: Mac OS X
CVE-2009-1234 (Opera 9.64 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2009-1233 (Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to ...)
	NOT-FOR-US: Safari on Windows
CVE-2009-1232 (Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-1231 (Unspecified vulnerability in the eClient in IBM DB2 Content Manager ...)
	NOT-FOR-US: DB2
CVE-2009-1230 (Static code injection vulnerability in index.php in Podcast Generator ...)
	NOT-FOR-US: Podcast Generator
CVE-2009-1229 (SQL injection vulnerability in Arcadwy Arcade Script allows remote ...)
	NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1228 (Cross-site scripting (XSS) vulnerability in register.php in Arcadwy ...)
	NOT-FOR-US: Arcadwy Arcade Script
CVE-2009-1227 (** DISPUTED ** ...)
	NOT-FOR-US: Check Point
CVE-2009-1226 (core/admin/delete.php in Podcast Generator 1.1 and earlier does not ...)
	NOT-FOR-US: Podcast Generator
CVE-2009-1225 (Cross-site scripting (XSS) vulnerability in index.php in Turnkey Ebook ...)
	NOT-FOR-US: Turnkey Ebook Store
CVE-2009-1224 (SQL injection vulnerability in ...)
	NOT-FOR-US: vsp stats processor
CVE-2009-1223 (aspWebCalendar Free Edition stores sensitive information under the web ...)
	NOT-FOR-US: aspWebCalendar Free Edition
CVE-2009-1222 (Directory traversal vulnerability in index.php in webEdition 6.0.0.4 ...)
	NOT-FOR-US: webEdition
CVE-2008-6582 (SQL injection vulnerability in index.php in Miniweb 2.0 allows remote ...)
	NOT-FOR-US: Miniweb
CVE-2008-6581 (login.php in PhpAddEdit 1.3 allows remote attackers to bypass ...)
	NOT-FOR-US: PhpAddEdit
CVE-2008-6580 (The Red_Reservations script for ColdFusion stores sensitive ...)
	NOT-FOR-US: ColdFusion
CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Web Wiz Guestbook
CVE-2009-1221
	RESERVED
CVE-2009-1220 (Cross-site scripting (XSS) vulnerability in +webvpn+/index.html in ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1219 (Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun ...)
	NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1218 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Calendar ...)
	NOT-FOR-US: Sun Calendar Express Web Server
CVE-2009-1217 (Off-by-one error in the GpFont::SetData function in gdiplus.dll in ...)
	NOT-FOR-US: Windows GDI+
CVE-2009-1216 (Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c ...)
	NOTE: Duplicate of CVE-2006-4335, confirmed by Microsoft. They're working on
	NOTE: getting it rejected
CVE-2008-6579 (Nortel Communication Server 1000 4.50.x allows remote attackers to ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6578 (Multiple unspecified vulnerabilities in Nortel Communication Server ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6577 (Nortel MG1000S, Signaling Server, and Call Server on the ...)
	NOT-FOR-US: Nortel appliances
CVE-2008-6576 (Unspecified vulnerability in the &quot;session limitation technique&quot; in the ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6575 (Unspecified vulnerability in the SIP server in SIP Enablement Services ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6574 (Unspecified vulnerability in SIP Enablement Services (SES) in Avaya ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-6573 (Multiple SQL injection vulnerabilities in Avaya SIP Enablement ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2009-1215 (Race condition in GNU screen 4.0.3 allows local users to create or ...)
	- screen 4.0.3-13 (low; bug #521123)
	[etch] - screen <not-affected> (etch version predates #433338)
	[lenny] - screen 4.0.3-11+lenny1
CVE-2009-1214 (GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with ...)
	- screen 4.0.3-13 (bug #521123)
	[lenny] - screen 4.0.3-11+lenny1
	NOTE: documented behaviour "or the public accessible screen-exchange", see man screen
CVE-2009-1213 (Cross-site request forgery (CSRF) vulnerability in attachment.cgi in ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
	NOTE: should this really be considered minor?  see fedora bug and FSA:
	NOTE: - https://bugzilla.redhat.com/show_bug.cgi?id=494398
	NOTE: - https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00191.html
CVE-2009-1212 (Multiple insecure method vulnerabilities in PRECIS~2.DLL in the ...)
	NOT-FOR-US: PrecisionID Datamatrix ActiveX control
CVE-2009-1211 (Blue Coat ProxySG, when transparent interception mode is enabled, uses ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2009-1210 (Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in ...)
	{DSA-1785-1}
	- wireshark 1.0.7-1 (low)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
CVE-2009-1209 (Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows ...)
	- amaya <removed>
CVE-2009-1208 (SQL injection vulnerability in auth2db 0.2.5, and possibly other ...)
	{DSA-1757-1}
	- auth2db 0.2.5-2+dfsg-1.1 (bug #521823; low)
CVE-2009-1207 (Race condition in the dircmp script in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Solaris
CVE-2009-1206 (Unspecified vulnerability in futomi's CGI Cafe Access Analyzer CGI ...)
	NOT-FOR-US: Cafe Access Analyzer CGI Professional
CVE-2009-1205
	REJECTED
CVE-2009-1204 (Cross-site scripting (XSS) vulnerability in TikiWiki (Tiki) ...)
	- tikiwiki <removed>
CVE-2009-1203 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...)
	NOT-FOR-US: Cisco
CVE-2009-1202 (WebVPN on the Cisco Adaptive Security Appliances (ASA) device with ...)
	NOT-FOR-US: Cisco
CVE-2009-1201 (Eval injection vulnerability in the csco_wrap_js function in ...)
	NOT-FOR-US: Cisco
CVE-2009-1200
	RESERVED
CVE-2009-1199
	RESERVED
CVE-2009-1198 (Cross-site scripting (XSS) vulnerability in Apache jUDDI before 2.0 ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-1197 (Apache jUDDI before 2.0 allows attackers to spoof entries in log files ...)
	NOT-FOR-US: Apache jUDDI
CVE-2009-1196 (The directory-services functionality in the scheduler in CUPS 1.1.17 ...)
	- cups 1.1.99.b1.r4748-1
	- cupsys <removed>
	[etch] - cupsys 1.1.99.b1.r4748-1
CVE-2009-1195 (The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not ...)
	{DSA-1816-1}
	- apache2 2.2.11-6 (low; bug #530834)
CVE-2009-1194 (Integer overflow in the pango_glyph_string_set_size function in ...)
	{DSA-1798-1}
	- pango1.0 1.24.0-2 (medium; bug #527474)
CVE-2009-1193
	REJECTED
CVE-2009-1192 (The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-4
	- linux-2.6.24 <removed>
CVE-2009-1191 (mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server ...)
	- apache2 2.2.11-4 (low)
	[etch] - apache2 <not-affected> (introduced in 2.2.11)
	[lenny] - apache2 <not-affected> (introduced in 2.2.11)
CVE-2009-1190 (Algorithmic complexity vulnerability in the ...)
	- libspring-2.5-java 2.5.6.SEC01-1
CVE-2009-1189 (The _dbus_validate_signature_with_reason function ...)
	{DSA-1837-1}
	- dbus 1.2.14-1 (high; bug #532720)
	NOTE: remote signature spoofing possible, and this was supposed to be
	NOTE: originally fixed with the updates for CVE-2008-3834
CVE-2009-1188 (Integer overflow in the JBIG2 decoding feature in the ...)
	{DSA-2050-1 DSA-2028-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[etch] - poppler <not-affected> (SplashBitmap code not present)
	[lenny] - poppler 0.8.7-3.1
	- xpdf 3.02-2 (bug #575779)
	- kdegraphics 4:4.0
	- swftools 0.9.2+ds1-2
CVE-2009-1187 (Integer overflow in the JBIG2 decoding feature in Poppler before ...)
	{DSA-1941-1}
	- poppler 0.10.6-1 (medium; bug #524806)
CVE-2009-1186 (Buffer overflow in the util_path_encode function in ...)
	{DSA-1772-1}
	- udev 0.141-1 (medium)
CVE-2009-1185 (udev before 1.4.1 does not verify whether a NETLINK message originates ...)
	{DSA-1772-1}
	- udev 0.141-1 (medium)
CVE-2009-1184 (The selinux_ip_postroute_iptables_compat function in ...)
	{DSA-1809-1 DSA-1800-1}
	- linux-2.6 2.6.29-5
	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
CVE-2009-1183 (The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1182 (Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1181 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1180 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1179 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0-1 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-1178 (Unspecified vulnerability in the server in IBM Tivoli Storage Manager ...)
	NOT-FOR-US: Tivoli
CVE-2009-1177 (Multiple stack-based buffer overflows in maptemplate.c in mapserv in ...)
	- mapserver 5.2.2-1 (medium; bug #523027)
	[lenny] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch)
	[etch] - mapserver <not-affected> (Vulnerable code not present or covered by 02_CVE-2009-840-CVE-2009-2281.dpatch)
CVE-2009-1176 (mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (low; bug #523027)
	NOTE: covered by 02_CVE-2009-840-CVE-2009-2281.dpatch as well
CVE-2008-6572 (SQL injection vulnerability in search_results.php in ABK-Soft ...)
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6571 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2008-6570 (Cross-site scripting (XSS) vulnerability in the RSS reader in Cybozu ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6569 (Session fixation vulnerability in Cybozu Garoon 2.0.0 through 2.1.3 ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2008-6568 (Unrestricted file upload vulnerability in Yehe 2.0 allows remote ...)
	NOT-FOR-US: Yehe
CVE-2008-6567 (Multiple cross-site scripting (XSS) vulnerabilities in Gallarific Free ...)
	NOT-FOR-US: Gallarific Free Edition
CVE-2008-6566 (Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown ...)
	NOT-FOR-US: Octopussy
CVE-2008-6565 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-6564 (Nortel UNIStim protocol, as used in Communication Server 1000 and ...)
	NOT-FOR-US: Nortel Communication Server
CVE-2008-6563 (Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly ...)
	NOT-FOR-US: Trillian
CVE-2008-6562 (Cross-site scripting (XSS) vulnerability in jax_linklists.php in Jack ...)
	NOT-FOR-US: Jack (tR) Jax LinkLists
CVE-2008-6561 (Citrix Presentation Server Client for Windows before 10.200 does not ...)
	NOT-FOR-US: Citrix
CVE-2007-6724 (Vidalia bundle before 0.1.2.18, when running on Windows, installs ...)
	NOT-FOR-US: Vidalia
CVE-2007-6723 (TorK before 0.22, when running on Windows and Mac OS X, installs ...)
	- tork <not-affected> (Affects only Windows and MacOS)
CVE-2007-6722 (Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, ...)
	NOT-FOR-US: Vidalia
CVE-2006-7237 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ixprim
CVE-2005-4880 (Jax Guestbook 3.1 and 3.31 stores sensitive information under the web ...)
	NOT-FOR-US: Jax Guestbook
CVE-2005-4879 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Jax Guestbook
CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x ...)
	NOT-FOR-US: Tivoli
CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before ...)
	NOT-FOR-US: Tivoli
CVE-2009-1175 (Cross-site scripting (XSS) vulnerability in apps/web/vs_diag.cgi in ...)
	- banshee <unfixed> (unimportant)
	NOTE: banshee is intented as a desktop music player with no serious
	NOTE: login credentials that an attacker could use remote
CVE-2009-1174 (The Web Services Security component in IBM WebSphere Application ...)
	NOT-FOR-US: WebSphere
CVE-2009-1173 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3 uses weak ...)
	NOT-FOR-US: WebSphere
CVE-2009-1172 (The JAX-RPC WS-Security runtime in the Web Services Security component ...)
	NOT-FOR-US: WebSphere
CVE-2009-1171 (The TeX filter in Moodle 1.6 before 1.6.9+, 1.7 before 1.7.7+, 1.8 ...)
	{DSA-1761-1}
	- moodle 1.8.2.dfsg-5 (medium; bug #522116)
	NOTE: this applies only to people who have a complete tex environment and
	NOTE: aren't just using mimetex to render the tex
CVE-2009-1170 (Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-1169 (The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox ...)
	{DSA-1756-1}
	- xulrunner 1.9.0.8-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-1168 (Cisco IOS 12.0(32)S12 through 12.0(32)S13 and 12.0(33)S3 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-1167 (Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1166 (The administrative web interface on the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1165 (Memory leak on the Cisco Wireless LAN Controller (WLC) platform 4.x ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1164 (The administrative web interface on the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco Wireless LAN Controller
CVE-2009-1163 (Memory leak on the Cisco Physical Access Gateway with software before ...)
	NOT-FOR-US: Cisco
CVE-2009-1162 (Cross-site scripting (XSS) vulnerability in the Spam Quarantine login ...)
	NOT-FOR-US: Cisco IronPort AsyncOS
CVE-2009-1161 (Directory traversal vulnerability in the TFTP service in Cisco ...)
	NOT-FOR-US: CiscoWorks
CVE-2009-1160 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1159 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1158 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1157 (Memory leak on Cisco Adaptive Security Appliances (ASA) 5500 Series ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1156 (Unspecified vulnerability on Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1155 (Cisco Adaptive Security Appliances (ASA) 5500 Series and PIX Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliances
CVE-2009-1154 (Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2009-1153
	REJECTED
CVE-2009-1152 (Siemens Gigaset SE461 WiMAX router 1.5-BL024.9.6401, and possibly ...)
	NOT-FOR-US: Siemens router
CVE-2009-1151 (Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x ...)
	{DSA-1824-1}
	- phpmyadmin 4:3.1.3.1-1
CVE-2009-1150 (Multiple cross-site scripting (XSS) vulnerabilities in the export page ...)
	{DSA-1824-1}
	- phpmyadmin 4:3.1.3.1-1
CVE-2009-1149 (CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB ...)
	- phpmyadmin 4:3.1.3.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1148 (Directory traversal vulnerability in bs_disp_as_mime_type.php in the ...)
	- phpmyadmin 4:3.1.3.1-1
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[lenny] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2009-1147 (Unspecified vulnerability in vmci.sys in the Virtual Machine ...)
	NOT-FOR-US: VmWare
CVE-2009-1146 (Unspecified vulnerability in an ioctl in hcmon.sys in VMware ...)
	NOT-FOR-US: VmWare
CVE-2009-1145
	RESERVED
CVE-2009-1144 (Untrusted search path vulnerability in the Gentoo package of Xpdf ...)
	- xpdf <not-affected> (Gentoo specific vulnerability in building xpdf)
CVE-2009-1143
	RESERVED
CVE-2009-1142
	RESERVED
CVE-2009-1141 (Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1140 (Microsoft Internet Explorer 5.01 SP4; 6 SP1; 6 and 7 for Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2009-1139 (Memory leak in the LDAP service in Active Directory on Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2009-1138 (The LDAP service in Active Directory on Microsoft Windows 2000 SP4 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1137 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft
CVE-2009-1136 (The Microsoft Office Web Components Spreadsheet ActiveX control (aka ...)
	NOT-FOR-US: ActiveX
CVE-2009-1135 (Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration (ISA) Server
CVE-2009-1134 (Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2009-1133 (Heap-based buffer overflow in Microsoft Remote Desktop Connection ...)
	NOT-FOR-US: Microsoft
CVE-2009-1132 (Heap-based buffer overflow in the Wireless LAN AutoConfig Service (aka ...)
	NOT-FOR-US: Microsoft Windows Vista Gold
CVE-2009-1131 (Multiple stack-based buffer overflows in Microsoft Office PowerPoint ...)
	NOT-FOR-US: Microsoft
CVE-2009-1130 (Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-1129 (Multiple stack-based buffer overflows in the PowerPoint 95 importer ...)
	NOT-FOR-US: Microsoft
CVE-2009-1128 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft
CVE-2009-1127 (win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-1126 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...)
	NOT-FOR-US: Microsoft
CVE-2009-1125 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1124 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1123 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2009-1122 (The WebDAV extension in Microsoft Internet Information Services (IIS) ...)
	NOT-FOR-US: Microsoft
CVE-2009-1121
	RESERVED
CVE-2009-1120
	RESERVED
CVE-2009-1119 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 before SP5 ...)
	NOT-FOR-US: EMC RepliStor
CVE-2009-1118
	RESERVED
CVE-2009-1117
	RESERVED
CVE-2009-1116
	RESERVED
CVE-2009-1115
	RESERVED
CVE-2009-1114
	RESERVED
CVE-2009-1113
	RESERVED
CVE-2009-1112
	RESERVED
CVE-2009-1111
	RESERVED
CVE-2009-1110
	RESERVED
CVE-2009-1109
	RESERVED
CVE-2009-1108
	RESERVED
CVE-2009-1086 (Heap-based buffer overflow in the ldns_rr_new_frm_str_internal ...)
	{DSA-1795-1}
	- ldns 1.5.1-1
CVE-2008-6560 (Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on ...)
	- redhat-cluster 2.20081102-1
	NOTE: This seems like a non-issue, since the config file should be under control
	NOTE: of the admin?
	NOTE: Fixed in 2.03.09 upstream version.
CVE-2008-6559 (Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-6558 (Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-6557 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6556 (cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6555 (cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote ...)
	NOT-FOR-US: Puppet Master WebUtit, different than puppetmaster from puppet
CVE-2008-6554 (cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 ...)
	NOT-FOR-US: Aztech router
CVE-2008-6553 (microcms-admin-home.php in Implied by Design Micro CMS (Micro-CMS) 3.5 ...)
	NOT-FOR-US: Micro CMS
CVE-2008-6552 (Red Hat Cluster Project 2.x allows local users to modify or overwrite ...)
	- redhat-cluster 2.20081102-1
	NOTE: Fixed in 2.03.09 upstream version.
	NOTE: Similar to CVE-2008-4192 and CVE-2008-4579
CVE-2008-6551 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.0.2 and ...)
	NOT-FOR-US: e-vision CMS
CVE-2008-6550 (Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire ...)
	NOT-FOR-US: Glossaire
CVE-2008-6549 (The password_checker function in config/multiconfig.py in MoinMoin ...)
	- moin 1.6.2-1 (low)
CVE-2008-6548 (The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check ...)
	- moin 1.6.2-1 (low)
CVE-2008-6547 (schema.py in FormEncode for Python (python-formencode) 1.0 does not ...)
	- python-formencode 1.0.1-1
	[etch] - python-formencode <not-affected> (Vulnerable code was introduced in 1.0)
CVE-2008-6546 (Unspecified vulnerability in phpns before 2.1.3 has unknown impact and ...)
	NOT-FOR-US: phpns
CVE-2008-6545 (PHP remote file inclusion vulnerability in news/include/createdb.php ...)
	NOT-FOR-US: Web Server Creator Web Portal
CVE-2008-6544 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-6543 (Multiple PHP remote file inclusion vulnerabilities in ComScripts TEAM ...)
	NOT-FOR-US: ComScripts TEAM Quick Classifieds
CVE-2008-6542 (Unspecified vulnerability in the Skin Manager in DotNetNuke before ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6541 (Unrestricted file upload vulnerability in the file manager module in ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6540 (DotNetNuke before 4.8.2, during installation or upgrade, does not warn ...)
	NOT-FOR-US: DotNetNuke
CVE-2008-6539 (Static code injection vulnerability in user/settings/ in DeStar ...)
	- destar <removed> (bug #522123)
CVE-2008-6538 (DeStar 0.2.2-5 allows remote attackers to add arbitrary users via a ...)
	- destar <not-affected> (bug #522123)
	NOTE: we include a default configuration user which can be changed with instructions in README.Debian
CVE-2008-6537 (LightNEasy/lightneasy.php in LightNEasy No database version 1.2 allows ...)
	NOT-FOR-US: LightNEasy No database
CVE-2008-6536 (Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and ...)
	- p7zip 4.57~dfsg.1-1
CVE-2008-6535 (admin/settings.php in PayPal eStores allows remote attackers to bypass ...)
	NOT-FOR-US: PayPal eStores
CVE-2008-6534 (Incomplete blacklist vulnerability in NULL FTP Server Free and Pro ...)
	NOT-FOR-US: NULL FTP Server
CVE-2008-6533 (Drupal 5.x before 5.13 and 6.x before 6.7 does not delete all related ...)
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6532 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	- drupal5 5.14-1 (low)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6531 (The WebWork 1 web application framework in Atlassian JIRA before ...)
	NOT-FOR-US: Atlassian JIRA
CVE-2008-6530 (Unrestricted file upload vulnerability in editimage.php in ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6529 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-6528 (NTFS TmaxSoft JEUS 5 before Fix 26 allows remote attackers to read the ...)
	NOT-FOR-US: NTFS TmaxSoft JEUS 5
CVE-2007-6721 (The Legion of the Bouncy Castle Java Cryptography API before release ...)
	- bouncycastle 1.38-1
CVE-2009-1107 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1106 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1105 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1104 (The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1103 (Unspecified vulnerability in the Java Plug-in in Java SE Development ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1102 (Unspecified vulnerability in the Virtual Machine in Java SE ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1101 (Unspecified vulnerability in the lightweight HTTP server ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1100 (Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1099 (Integer signedness error in Java SE Development Kit (JDK) and Java ...)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1098 (Buffer overflow in Java SE Development Kit (JDK) and Java Runtime ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1097 (Multiple buffer overflows in Java SE Development Kit (JDK) and Java ...)
	{DSA-1769-1}
	- sun-java6 6-13-1
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1096 (Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1095 (Integer overflow in unpack200 in Java SE Development Kit (JDK) and ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1094 (Unspecified vulnerability in the LDAP implementation in Java SE ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
	- sun-java5 1.5.0-18-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2009-1093 (LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java ...)
	{DSA-1769-1}
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 6-20-0lenny1
CVE-2009-1962 (Xfig, possibly 3.2.5, allows local users to read and write arbitrary ...)
	- xfig 1:3.2.5.a-1
	[etch] - xfig <no-dsa> (Minor issue)
	[lenny] - xfig <no-dsa> (Minor issue)
CVE-2009-1092 (Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX ...)
	NOT-FOR-US: LIVEAUDIO.LiveAudioCtrl.1 ActiveX
CVE-2009-1091 (Cross-site scripting (XSS) vulnerability in upload.php in Rapidleech ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1090 (Directory traversal vulnerability in upload.php in Rapidleech rev.36 ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1089 (Absolute path traversal vulnerability in upload.php in Rapidleech ...)
	NOT-FOR-US: Rapidleech
CVE-2009-1088 (Hannon Hill Cascade Server 5.7 and other versions allows remote ...)
	NOT-FOR-US: Hannon Hill Cascade Server
CVE-2009-1087 (Multiple argument injection vulnerabilities in PPLive.exe in PPLive ...)
	NOT-FOR-US: PPLive
CVE-2009-1085 (Piwik 0.2.32 and earlier stores sensitive information under the web ...)
	- piwik <itp> (bug #506933)
CVE-2009-1084 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1083 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1082 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1081 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1080 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1079 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1078 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1077 (The Change My Password implementation in the admin interface in Sun ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1076 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1075 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 responds ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2009-1074 (Sun Java System Identity Manager (IdM) 7.0 through 8.0 does not use ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-6527 (SQL injection vulnerability in forum.asp in GO4I.NET ASP Forum 1.0 ...)
	NOT-FOR-US: GO4I.NET ASP Forum
CVE-2008-6526 (SQL injection vulnerability in index.php in BosDev BosClassifieds ...)
	NOT-FOR-US: BosClassifieds
CVE-2008-6525 (SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script ...)
	NOT-FOR-US: Nice PHP FAQ Script
CVE-2008-6524 (resetpass.php in openInvoice 0.90 beta and earlier allows remote ...)
	NOT-FOR-US: openInvoice
CVE-2008-6523 (auth.php in openInvoice 0.90 beta and earlier allows remote attackers ...)
	NOT-FOR-US: openInvoice
CVE-2008-6522 (Multiple directory traversal vulnerabilities in the RenderFile ...)
	NOT-FOR-US: OpenTerracotta
CVE-2008-6521 (index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote ...)
	NOT-FOR-US: OpenTerracotta
CVE-2008-6520 (Multiple format string vulnerabilities in the SSI filter in Xitami Web ...)
	NOT-FOR-US: Xitami Web Server
CVE-2008-6519 (Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, ...)
	NOT-FOR-US: Xitami Web Server
CVE-2008-6518 (Unrestricted file upload vulnerability in the profile feature in ...)
	NOT-FOR-US: VidiScript
CVE-2008-6517 (SQL injection vulnerability in NewsHOWLER 1.03 Beta allows remote ...)
	NOT-FOR-US: NewsHOWLER
CVE-2008-6516 (Multiple directory traversal vulnerabilities in phpKF-Portal 1.10 ...)
	NOT-FOR-US: phpKF-Portal
CVE-2009-1073 (nss-ldapd before 0.6.8 uses world-readable permissions for the ...)
	{DSA-1758-1}
	- nss-ldapd 0.6.8
CVE-2009-1072 (nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD ...)
	{DSA-1800-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release)
CVE-2009-0934 (Cross-site scripting (XSS) vulnerability in ejabberd before 2.0.4 ...)
	{DSA-1774-1}
	- ejabberd 2.0.5-1 (bug #520852)
	[etch] - ejabberd <not-affected> (Vulnerable expression not present)
CVE-2009-1071 (Stack-based buffer overflow in Icarus 2.0 allows remote attackers to ...)
	NOT-FOR-US: Icarus
CVE-2009-1070 (Cross-site scripting (XSS) vulnerability in system/index.php in ...)
	NOT-FOR-US: ExpressionEngine
CVE-2009-1069 (Multiple cross-site scripting (XSS) vulnerabilities in the node edit ...)
	NOT-FOR-US: Drupal module
CVE-2009-1068 (Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 ...)
	NOT-FOR-US: BS.Player
CVE-2009-1067 (Cross-site scripting (XSS) vulnerability in index.php in Pixie CMS ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1066 (SQL injection vulnerability in the referral function in ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1065 (SQL injection vulnerability in index.php in Pixie CMS 1.01a allows ...)
	NOT-FOR-US: Pixie CMS
CVE-2009-1064 (Argument injection vulnerability in orbitmxt.dll 2.1.0.2 in the Orbit ...)
	NOT-FOR-US: Orbit Downloader
CVE-2009-1063 (Buffer overflow in eXeScope 6.50 allows user-assisted remote attackers ...)
	NOT-FOR-US: eXeScope
CVE-2009-1062 (Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 ...)
	NOT-FOR-US: Acrobat Reader
CVE-2009-1061 (Unspecified vulnerability in Adobe Acrobat Reader 9 before 9.1, 8 ...)
	NOT-FOR-US: Acrobat Reader
CVE-2009-1060 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1059 (Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote ...)
	NOT-FOR-US: Trident PowerZip
CVE-2009-1058 (Stack-based buffer overflow in ZipGenius might allow remote attackers ...)
	NOT-FOR-US: ZipGenius
CVE-2009-1057 (MicroSmarts Enterprise ZipItFast! 3.0 allows remote attackers to ...)
	NOT-FOR-US: MicroSmarts Enterprise ZipItFast!
CVE-2009-1056 (IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers ...)
	NOT-FOR-US: IBM Rational AppScan Enterprise
CVE-2009-1055 (Unspecified vulnerability in the web service in Sitecore CMS 5.3.1 ...)
	NOT-FOR-US: Sitecore CMS
CVE-2009-1054 (Unspecified vulnerability in JustSystems Ichitaro 13, 2004 through ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2009-1053 (chaozzDB 1.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: chaozzDB
CVE-2009-1052 (FireAnt 1.3 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: FireAnt
CVE-2009-1051 (FubarForum 1.6 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: FubarForum
CVE-2009-1050 (Bloginator 1A allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Bloginator
CVE-2009-1049 (SQL injection vulnerability in articleCall.php in Bloginator 1A allows ...)
	NOT-FOR-US: Bloginator
CVE-2008-6515 (Cross-site scripting (XSS) vulnerability in Fritz Berger yet another ...)
	NOT-FOR-US: yappa-ng
CVE-2008-6514 (The Expo plugin in Compiz Fusion 0.7.8 allows local users with ...)
	- compiz-fusion-plugins-main 0.8.2-1 (low)
	[lenny] - compiz-fusion-plugins-main <no-dsa> (Minor issue)
CVE-2008-6513 (Unrestricted file upload vulnerability in saa.php in Andy's PHP ...)
	NOT-FOR-US: Andy's PHP Knowledgebase
CVE-2008-6512 (Cross-domain vulnerability in the WorkerPool API in Google Gears ...)
	NOT-FOR-US: Google Gears
CVE-2009-1048 (The web interface on the snom VoIP phones snom 300, snom 320, snom ...)
	NOT-FOR-US: snom VoIP phones
CVE-2009-1047 (Cross-site scripting (XSS) vulnerability in the Send by e-mail module ...)
	NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1046 (The console selection feature in the Linux kernel 2.6.28 before ...)
	{DSA-1800-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23-rc1)
CVE-2009-1045 (requests/status.xml in VLC 0.9.8a allows remote attackers to cause a ...)
	- vlc 0.9.9a-1 (unimportant; bug #522170)
	NOTE: access is limited to localhost
CVE-2009-1044 (Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute ...)
	{DSA-1756-1}
	- xulrunner 1.9.0.8-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-1043 (Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows ...)
	NOT-FOR-US: Microsoft
CVE-2009-1042 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5.6 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-1041 (The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 ...)
	- kfreebsd-7 7.1-3
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-6511 (Open redirect vulnerability in login.jsp in Openfire 3.6.0a and ...)
	NOT-FOR-US: Openfire
CVE-2008-6510 (Cross-site scripting (XSS) vulnerability in login.jsp in the Admin ...)
	NOT-FOR-US: Openfire
CVE-2008-6509 (SQL injection vulnerability in CallLogDAO in SIP Plugin in Openfire ...)
	NOT-FOR-US: Openfire
CVE-2008-6508 (Directory traversal vulnerability in the AuthCheck filter in the Admin ...)
	NOT-FOR-US: Openfire
CVE-2008-6507 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...)
	- phpbb3 3.0.2-4
CVE-2008-6505 (Multiple directory traversal vulnerabilities in Apache Struts 2.0.x ...)
	- libstruts1.2-java <not-affected> (Vulnerable code not present)
	NOTE: looks like this was introduced in 2.x, see upstream trunk r688095
CVE-2008-6504 (ParametersInterceptor in OpenSymphony XWork 2.0.x before 2.0.6 and ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2009-1040 (Buffer overflow in WinAsm Studio 5.1.5.0 allows user-assisted remote ...)
	NOT-FOR-US: WinAsm
CVE-2009-1039 (Buffer overflow in CDex 1.70b2 allows remote attackers to execute ...)
	NOT-FOR-US: CDex
CVE-2009-1038 (Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote ...)
	NOT-FOR-US: YAP Blog
CVE-2009-1037 (Unspecified vulnerability in the Send by e-mail module in the ...)
	NOT-FOR-US: Send by e-mail module for Drupal
CVE-2009-1036 (Cross-site request forgery (CSRF) vulnerability in the Plus 1 module ...)
	NOT-FOR-US: Plus 1 module for Drupal
CVE-2009-1035 (Cross-site scripting (XSS) vulnerability in the Tasklist module ...)
	NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1034 (SQL injection vulnerability in the Tasklist module 5.x-1.x before ...)
	NOT-FOR-US: Tasklist module for Drupal
CVE-2009-1033 (SQL injection vulnerability in misc.php in DeluxeBB 1.3 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2009-1032 (SQL injection vulnerability in gallery_list.php in YABSoft Advanced ...)
	NOT-FOR-US: YABSoft Advanced Image Gallery
CVE-2009-1031 (Directory traversal vulnerability in the FTP server in Rhino Software ...)
	NOT-FOR-US: FTP Rhino Software Serv-U
CVE-2009-1030 (Cross-site scripting (XSS) vulnerability in the choose_primary_blog ...)
	- wordpress-mu 2.9.1-1 (bug #399756)
CVE-2009-1029 (Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows ...)
	NOT-FOR-US: POP Peeper
CVE-2009-1028 (Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote ...)
	NOT-FOR-US: ediSys eZip Wizard
CVE-2009-1027 (SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers ...)
	NOT-FOR-US: OpenCart
CVE-2009-1026 (Multiple SQL injection vulnerabilities in login.php in Kim Websites ...)
	NOT-FOR-US: Kim Websites
CVE-2009-1025 (PHP remote file inclusion vulnerability in linkadmin.php in Beerwin ...)
	NOT-FOR-US: Beerwin PHPLinkAdmin
CVE-2009-1024 (Multiple SQL injection vulnerabilities in Beerwin PHPLinkAdmin 1.0 ...)
	NOT-FOR-US: Beerwin PHPLinkAdmin
CVE-2009-1023 (SQL injection vulnerability in index.php in phpComasy 0.9.1 allows ...)
	NOT-FOR-US: phpComasy
CVE-2009-1022 (Heap-based buffer overflow in the Preview/ Set Segment function in ...)
	NOT-FOR-US: Gretech GOMlab GOM Encoder
CVE-2009-1021 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1020 (Unspecified vulnerability in the Network Foundation component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1019 (Unspecified vulnerability in the Network Authentication component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1018 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1017 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1016 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1015 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1014 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1013 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-1012 (Unspecified vulnerability in the plug-ins for Apache and IIS web ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1011 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1010 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1009 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1008 (Unspecified vulnerability in the Outside In Technology component in ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-1007 (Unspecified vulnerability in the Data Mining component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-1006 (Unspecified vulnerability in the JRockit component in BEA Product ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1005 (Unspecified vulnerability in the Oracle Data Service Integrator ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1004 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1003 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1002 (Unspecified vulnerability in Oracle BEA WebLogic Server 10.3, 10.0 ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1001 (Unspecified vulnerability in Oracle BEA WebLogic Portal 8.1 Gold ...)
	NOT-FOR-US: BEA Product Suite
CVE-2009-1000 (The Oracle Applications Framework component in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0999 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0998 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...)
	NOT-FOR-US: PeopleSoft Enterprise HRMS
CVE-2009-0997 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0996 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0995 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2009-0994 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0993 (Unspecified vulnerability in the OPMN component in Oracle Application ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0992 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0991 (Unspecified vulnerability in the Listener component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0990 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0989 (Unspecified vulnerability in the BI Publisher component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0988 (Unspecified vulnerability in the Password Policy component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0987 (Unspecified vulnerability in the Upgrade component in Oracle Database ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0986 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0985 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0984 (Unspecified vulnerability in the Database Vault component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0983 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0982 (Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2009-0981 (Unspecified vulnerability in the Application Express component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0980 (Unspecified vulnerability in the SQLX Functions component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0979 (Unspecified vulnerability in the Resource Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0978 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0977 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0976 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0975 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0974 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2009-0973 (Unspecified vulnerability in the Cluster Ready Services component in ...)
	NOT-FOR-US: Oracle Database
CVE-2009-0972 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle Database
CVE-2008-6503 (Multiple cross-site scripting (XSS) vulnerabilities in PrestaShop ...)
	NOT-FOR-US: PrestaShop
CVE-2008-6502 (Directory traversal vulnerability in Pro Chat Rooms 3.0.2 allows ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6501 (Cross-site scripting (XSS) vulnerability in profiles/index.php in Pro ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-6500 (Cross-site scripting (XSS) vulnerability in CodeToad ASP Shopping Cart ...)
	NOT-FOR-US: CodeToad ASP Shopping Cart Script
CVE-2008-6499 (security/xamppsecurity.php in XAMPP 1.6.8 performs an extract ...)
	NOT-FOR-US: XAMPP
CVE-2008-6498 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: XAMPP
CVE-2008-6497 (The Neostrada Livebox ADSL Router allows remote attackers to cause a ...)
	NOT-FOR-US: Neostrada Livebox ADSL Router
CVE-2008-6496 (Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX ...)
	NOT-FOR-US: VSPDFEditorX.ocx
CVE-2008-6495 (Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger ...)
	NOT-FOR-US: Fritz Berger yet another php photo album - next generation
CVE-2008-6494 (ASP User Engine.NET stores sensitive information under the web root ...)
	NOT-FOR-US: ASP User Engine.NET
CVE-2008-6493 (Easy Content Management Publishing stores sensitive information under ...)
	NOT-FOR-US: Easy Content Management Publishing
CVE-2008-6492 (Unrestricted file upload vulnerability in process.php in Tizag ...)
	NOT-FOR-US: Tizag Countdown Creator
CVE-2009-0971 (Cross-site scripting (XSS) vulnerability in futomi's CGI Cafe Access ...)
	NOT-FOR-US: futomi's CGI Cafe Access Analyzer CGI Standard Version
CVE-2009-0970 (PHP remote file inclusion vulnerability in includes/class_image.php in ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2009-0969 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: phpFoX
CVE-2009-0968 (SQL injection vulnerability in fmoblog.php in the fMoblog plugin 2.1 ...)
	NOT-FOR-US: fMoblog plugin for WordPress
CVE-2009-0967 (The FTP server in Serv-U 7.0.0.1 through 7.4.0.1 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2009-0966 (PHP remote file inclusion vulnerability in cross.php in YABSoft Mega ...)
	NOT-FOR-US: YABSoft Mega File Hosting
CVE-2009-0965 (SQL injection vulnerability in functions/browse.php in Ganesha Digital ...)
	NOT-FOR-US: Ganesha Digital Library
CVE-2009-0964 (UserView_list.php in PHPRunner 4.2, and possibly earlier, stores ...)
	NOT-FOR-US: PHPRunner
CVE-2009-0963 (Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly ...)
	NOT-FOR-US: PHPRunner
CVE-2009-0962 (Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI ...)
	NOT-FOR-US: Futomi's CGI Cafe MP Form Mail CGI eCommerce
CVE-2009-0961 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0960 (The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0959 (The MPEG-4 video codec in Apple iPhone OS 1.0 through 2.2.1 and iPhone ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0958 (Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 ...)
	NOT-FOR-US: Apple iPhone
CVE-2009-0957 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0956 (Apple QuickTime before 7.6.2 does not properly initialize memory ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0955 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0954 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0953 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0952 (Buffer overflow in Apple QuickTime before 7.6.2 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0951 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0950 (Stack-based buffer overflow in Apple iTunes before 8.2 allows remote ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0949 (The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 ...)
	{DSA-1811-1}
	- cups 1.3.10-1
CVE-2009-0948
	RESERVED
	- file 5.02-1
CVE-2009-0947
	RESERVED
	- file 5.02-1
CVE-2009-0946 (Multiple integer overflows in FreeType 2.3.9 and earlier allow remote ...)
	{DSA-1784-1}
	- freetype 2.3.9-4.1 (medium; bug #524925)
CVE-2009-0945 (Array index error in the insertItemBefore method in WebKit, as used in ...)
	{DSA-1988-1 DSA-1950-1 DSA-1866-1}
	- qt4-x11 4:4.5.2-1 (medium; bug #532718)
	[etch] - qt4-x11 <not-affected> (webkit support introduced in version 4.4)
	- webkit 1.1.5-1 (medium; bug #532724; bug #532725)
	NOTE: http://trac.webkit.org/changeset/43590
	- kde4libs 4:4.3.0-1 (medium; bug #534917)
	[lenny] - kde4libs <not-affected> (khtml doesn't have SVG support)
	NOTE: http://websvn.kde.org/?view=rev&revision=983302
	- kdegraphics 4:4.0 (medium; bug #534918)
	NOTE: kdegraphics >4.0 not affected since ksvg is only in 3.5.x series
	NOTE: http://websvn.kde.org/?view=rev&revision=983306
CVE-2009-0944 (The Microsoft Office Spotlight Importer in Spotlight in Apple Mac OS X ...)
	NOT-FOR-US: Microsoft Office Spotlight
CVE-2009-0943 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not ...)
	NOT-FOR-US: Help Viewer in Apple Mac OS X
CVE-2009-0942 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 does not ...)
	NOT-FOR-US: Help Viewer in Apple Mac OS X
CVE-2009-0941 (The HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline ...)
	NOT-FOR-US: HP Embedded Web Server
CVE-2009-0940 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HP ...)
	NOT-FOR-US: HP Embedded Web Server
CVE-2008-6491 (PHP remote file inclusion vulnerability in connexion.php in PHPGKit ...)
	NOT-FOR-US: PHPGKit
CVE-2008-6490 (function/update_xml.php in FLABER 1.1 and earlier allows remote ...)
	NOT-FOR-US: FLABER
CVE-2008-6489 (SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for ...)
	NOT-FOR-US: MyAlbum component (com_myalbum) for Joomla!
CVE-2008-6488 (SQL injection vulnerability in index.php in SoftComplex PHP Image ...)
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6487 (Multiple SQL injection vulnerabilities in login.asp in Digiappz ...)
	NOT-FOR-US: Digiappz DigiAffiliate
CVE-2008-6486 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: sharedlog CMS
CVE-2008-6485 (SQL injection vulnerability in index.php in SoftComplex PHP Image ...)
	NOT-FOR-US: SoftComplex PHP Image Gallery
CVE-2008-6484 (SQL injection vulnerability in login.php in Mole Group Taxi Map Script ...)
	NOT-FOR-US: Mole Group Taxi Map Script
CVE-2008-6483 (PHP remote file inclusion vulnerability in admin.googlebase.php in the ...)
	NOT-FOR-US: Ecom Solutions VirtueMart Google Base (aka com_googlebase or Froogle) component for Joomla!
CVE-2008-6482 (PHP remote file inclusion vulnerability in admin.treeg.php in the ...)
	NOT-FOR-US: Flash Tree Gallery (com_treeg) component for Joomla!
CVE-2009-0939 (Tor before 0.2.0.34 treats incomplete IPv4 addresses as valid, which ...)
	- tor 0.2.0.34-1
CVE-2009-0938 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...)
	- tor 0.2.0.34-1 (bug #512728)
CVE-2009-0937 (Unspecified vulnerability in Tor before 0.2.0.34 allows directory ...)
	- tor 0.2.0.34-1 (bug #514580)
CVE-2009-0936 (Unspecified vulnerability in Tor before 0.2.0.34 allows attackers to ...)
	- tor 0.2.0.34-1
CVE-2009-0935 (The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, ...)
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
	[lenny] - linux-2.6 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
	- linux-2.6.24 <not-affected> (Vulnerability was introduced in 2.6.27-rc9)
CVE-2009-0933 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	- dotclear <not-affected> (Fixed before initial upload to archive)
CVE-2009-0932 (Directory traversal vulnerability in framework/Image/Image.php in ...)
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #513265; medium)
CVE-2009-0931 (Cross-site scripting (XSS) vulnerability in the tag cloud search ...)
	- horde3 3.2.2+debian0-2 (bug #513265)
	[etch] - horde3 <not-affected> (Vulnerable code not present)
CVE-2009-0930 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP ...)
	{DSA-1770-1}
	- imp4 4.2-4 (medium; bug #513266)
CVE-2009-0929 (Directory traversal vulnerability in the media manager in Nucleus CMS ...)
	NOT-FOR-US: Nucleus CMS
CVE-2009-0928 (Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0927 (Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before ...)
	NOT-FOR-US: Adobe Reader and Adobe Acrobat
CVE-2009-0926 (Unspecified vulnerability in the UFS filesystem functionality in Sun ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-0925 (Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0924 (Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, ...)
	NOT-FOR-US: Sun OpenSolaris
CVE-2009-0923 (Unspecified vulnerability in Kerberos Incremental Propagation in ...)
	NOT-FOR-US: Solaris
CVE-2009-0922 (PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows ...)
	- postgresql-8.3 8.3.7-1 (bug #517405)
	[lenny] - postgresql-8.3 8.3.7-0lenny1
	- postgresql-8.1 <removed>
	- postgresql-7.4 <removed>
	[etch] - postgresql-8.1 8.1.17-0etch1
	[etch] - postgresql-7.4 <no-dsa> (Minor issue)
CVE-2008-6481 (SQL injection vulnerability in the Versioning component ...)
	NOT-FOR-US: Versioning component (com_versioning) in Joomla! and Mambo
CVE-2009-0921 (Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP ...)
	NOT-FOR-US: HP Openview
CVE-2009-0920 (Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView ...)
	NOT-FOR-US: HP Openview
CVE-2009-0919 (XAMPP installs multiple packages with insecure default passwords, ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0918 (Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0917 (Cross-site scripting (XSS) vulnerability in DFLabs PTK 1.0.0 through ...)
	NOT-FOR-US: DFLabs PTK
CVE-2009-0916 (Unspecified vulnerability in Opera before 9.64 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2009-0915 (Opera before 9.64 allows remote attackers to conduct cross-domain ...)
	NOT-FOR-US: Opera
CVE-2009-0914 (Opera before 9.64 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2009-0913 (Unspecified vulnerability in the keysock kernel module in Solaris 10 ...)
	NOT-FOR-US: Solaris
CVE-2009-0912 (perl-MDK-Common 1.1.11 and 1.1.24, 1.2.9 through 1.2.14, and possibly ...)
	NOT-FOR-US: perl-MDK-Common
CVE-2009-0911
	RESERVED
CVE-2008-6480 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Datalife Engine
CVE-2008-6479 (Cross-site request forgery (CSRF) vulnerability in the &quot;change ...)
	NOT-FOR-US: swsoft
CVE-2008-6478 (Cross-site request forgery (CSRF) vulnerability in the file manager in ...)
	NOT-FOR-US: swsoft
CVE-2008-6477 (SQL injection vulnerability in Mumbo Jumbo Media OP4 allows remote ...)
	NOT-FOR-US: Mumbo Jumbo Media
CVE-2008-6476 (Cross-site scripting (XSS) vulnerability in blog/search.aspx in ...)
	NOT-FOR-US: BlogEngine.NET
CVE-2008-6475 (SQL injection vulnerability in the guestbook component ...)
	NOT-FOR-US: Drake CMS
CVE-2008-6474 (The management interface in F5 BIG-IP 9.4.3 allows remote ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-6473 (_blogadata/include/init_pass2.php in Blogator-script 0.95 allows ...)
	NOT-FOR-US: Blogator-script
CVE-2009-0910 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...)
	NOT-FOR-US: VmWare
CVE-2009-0909 (Heap-based buffer overflow in the VNnc Codec in VMware Workstation ...)
	NOT-FOR-US: VmWare
CVE-2009-0908 (Unspecified vulnerability in the ACE shared folders implementation in ...)
	NOT-FOR-US: VmWare
CVE-2009-0907
	REJECTED
CVE-2009-0906 (The Service Component Architecture (SCA) feature pack for IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0905 (IBM WebSphere MQ 6.0 before 6.0.2.8 and 7.0 before 7.0.1.0 does not ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0904 (The IBM Stax XMLStreamWriter in the Web Services component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0903 (IBM WebSphere Application Server (WAS) 7.0 before 7.0.0.3, and the ...)
	NOT-FOR-US: WebSphere
CVE-2009-0902
	RESERVED
CVE-2009-0901 (The Active Template Library (ATL) in Microsoft Visual Studio .NET 2003 ...)
	NOT-FOR-US: Microsoft Visual Studio .NET
CVE-2009-0900 (Heap-based buffer overflow in the client in IBM WebSphere MQ 6.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0899 (IBM WebSphere Application Server (WAS) 6.1 through 6.1.0.24 and 7.0 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0898 (Stack-based buffer overflow in HP OpenView Network Node Manager (OV ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0897 (IBM WebSphere Partner Gateway (WPG) 6.1.0 before 6.1.0.1 and 6.1.1 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0896 (Buffer overflow in the queue manager in IBM WebSphere MQ 6.x before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0895 (Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-0894 (Heap-based buffer overflow in the decoder_create function in the ...)
	- xvidcore <not-affected> (Fixed before initial release)
CVE-2009-0893 (Multiple heap-based buffer overflows in xvidcore/src/decoder.c in the ...)
	- xvidcore <not-affected> (Fixed before initial release)
CVE-2009-0892 (The administrative console in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0891 (The Web Services Security component in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0890
	RESERVED
CVE-2009-0889 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0888 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0887 (Integer signedness error in the _pam_StrTok function in ...)
	- pam 1.0.1-10 (low; bug #520115)
	[lenny] - pam 1.0.1-5+lenny1
	[etch] - pam 0.79-5+etch1
CVE-2009-0886 (Directory traversal vulnerability in login.php in OneOrZero Helpdesk ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2009-0885 (Multiple heap-based buffer overflows in Media Commands 1.0 allow ...)
	NOT-FOR-US: Media Commands
CVE-2009-0884 (Buffer overflow in FileZilla Server before 0.9.31 allows remote ...)
	NOT-FOR-US: FileZilla Server (only client packaged in debian)
CVE-2009-0883 (SQL injection vulnerability in Blue Eye CMS 1.0.0 and earlier, when ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0882 (Multiple SQL injection vulnerabilities in nForum 1.5 allow remote ...)
	NOT-FOR-US: nForum
CVE-2009-0881 (SQL injection vulnerability in ejemplo/paises.php in isiAJAX 1 allows ...)
	NOT-FOR-US: isiAJAX
CVE-2009-0880 (Directory traversal vulnerability in the CIM server in IBM Director ...)
	NOT-FOR-US: Windows
CVE-2009-0879 (The CIM server in IBM Director before 5.20.3 Service Update 2 on ...)
	NOT-FOR-US: Windows
CVE-2009-0878 (The read_game_map function in src/terrain_translation.cpp in Wesnoth ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2009-0876 (Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and ...)
	- virtualbox-ose <not-affected> (Vulnerable code not present, Debian version patches localconf)
	[lenny] - virtualbox-ose <not-affected> (lenny version doesn't install binaries with suid 0)
CVE-2009-0875 (Race condition in the Doors subsystem in the kernel in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0874 (Multiple unspecified vulnerabilities in the Doors subsystem in the ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6472 (The WLCCP dissector in Wireshark 0.99.7 through 1.0.4 allows remote ...)
	[etch] - wireshark <not-affected> (vulnerable code not present)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-6471 (SQL injection vulnerability in detail.php in MountainGrafix easyLink ...)
	NOT-FOR-US: MountainGrafix easyLink
CVE-2008-6470 (Multiple unspecified vulnerabilities in ClanSphere before 2008.2.1 ...)
	NOT-FOR-US: ClanSphere
CVE-2008-6469 (SQL injection vulnerability in index.php in PlainCart 1.1.2 allows ...)
	NOT-FOR-US: PlainCart
CVE-2008-6468 (SQL injection vulnerability in index.php in Diesel Pay allows remote ...)
	NOT-FOR-US: Diesel Pay
CVE-2008-6467 (SQL injection vulnerability in jobs/jobseekers/job-info.php in Diesel ...)
	NOT-FOR-US: Diesel Pay
CVE-2008-6466 (SQL injection vulnerability in image_gallery.php in the Akira Powered ...)
	NOT-FOR-US: e107
CVE-2008-6465 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: Parallels H-Sphere
CVE-2008-6464 (SQL injection vulnerability in event.php in Mevin Productions Basic ...)
	NOT-FOR-US: Mevin Productions Basic PHP Events Lister
CVE-2008-6463 (SQL injection vulnerability in the Diocese of Portsmouth Church Search ...)
	NOT-FOR-US: Diocese of Portsmouth Church Search extension for Typo3
CVE-2008-6462 (SQL injection vulnerability in the My quiz and poll (myquizpoll) ...)
	NOT-FOR-US: My quiz and poll
CVE-2008-6461 (SQL injection vulnerability in the Random Prayer 2 (ste_prayer2) ...)
	NOT-FOR-US: Typo3 addon Random Prayer
CVE-2008-6460 (SQL injection vulnerability in the Simple Random Objects ...)
	NOT-FOR-US: Typo3 addon Simple Random Objects
CVE-2008-6459 (SQL injection vulnerability in the auto BE User Registration ...)
	NOT-FOR-US: Typo3 addon auto BE User Registration
CVE-2008-6458 (SQL injection vulnerability in the FE address edit for tt_address &amp; ...)
	NOT-FOR-US: Typo3 addon
CVE-2008-6457 (SQL injection vulnerability in the Swigmore institute (cgswigmore) ...)
	NOT-FOR-US: Typo3 addon
CVE-2008-6456 (SQL injection vulnerability in the HBook (h_book) extension 2.3.0 and ...)
	NOT-FOR-US: Typo3 addon
CVE-2008-6455 (Session fixation vulnerability in Edikon phpShop 0.8.1 allows remote ...)
	NOT-FOR-US: Edikon phpShop
CVE-2008-6454 (SQL injection vulnerability in section.php in 6rbScript 3.3 allows ...)
	NOT-FOR-US: 6rbScript
CVE-2008-6453 (Directory traversal vulnerability in section.php in 6rbScript 3.3, ...)
	NOT-FOR-US: 6rbScript
CVE-2008-6452 (SQL injection vulnerability in show_vote.php in Oceandir 2.9 and ...)
	NOT-FOR-US: Oceandir
CVE-2008-6451 (SQL injection vulnerability in humor.php in jPORTAL 2 allows remote ...)
	NOT-FOR-US: jPORTAL
CVE-2009-0873 (The NFS daemon (aka nfsd) in Sun Solaris 10 and OpenSolaris before ...)
	NOT-FOR-US: Solaris
CVE-2009-0872 (The NFS server in Sun Solaris 10, and OpenSolaris before snv_111, does ...)
	NOT-FOR-US: Solaris
CVE-2009-0871 (The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and ...)
	- asterisk <not-affected> (Vulnerable code introduced in 1.4.22)
CVE-2009-0870 (The NFSv4 Server module in the kernel in Sun Solaris 10, and ...)
	NOT-FOR-US: Solaris
CVE-2009-0869 (Buffer overflow in the client in IBM Tivoli Storage Manager (TSM) HSM ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2009-0868 (CRLF injection vulnerability in the WebLink template in Fujitsu ...)
	NOT-FOR-US: Fujitsu Jasmine2000 Enterprise Edition
CVE-2009-0867 (The HRM-S service in Fujitsu Enhanced Support Facility 3.0 and 3.0.1 ...)
	NOT-FOR-US: Fujitsu Enhanced Support Facility
CVE-2009-0866 (pHNews Alpha 1 stores sensitive information under the web root with ...)
	NOT-FOR-US: pHNews
CVE-2009-0865 (Directory traversal vulnerability in the SnapShotToFile method in the ...)
	NOT-FOR-US: GeoVision
CVE-2009-0864 (S-Cms 1.1 Stable allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: S-Cms
CVE-2009-0863 (SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 ...)
	NOT-FOR-US: S-Cms
CVE-2009-0862 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: TangoCMS
CVE-2009-0861 (Cross-site scripting (XSS) vulnerability in phpDenora before 1.2.3 ...)
	NOT-FOR-US: phpDenora
CVE-2009-0860 (Cross-site scripting (XSS) vulnerability in the web user interface in ...)
	NOT-FOR-US: NetMRI
CVE-2009-0859 (The shm_get_stat function in ipc/shm.c in the shm subsystem in the ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	NOTE: All Debian kernels set CONFIG_SHMEM, so this is moot except
	NOTE: for locally modified configs and even for that I fail to
	NOTE: see why anyone would run a kernel w/o CONFIG_SHMEM?
CVE-2009-0858 (The response_addname function in response.c in Daniel J. Bernstein ...)
	{DSA-1831-1}
	- djbdns 1:1.05-5 (low; bug #518169; bug #517631)
CVE-2009-0857 (Cross-site scripting (XSS) vulnerability in /prm/reports in the ...)
	NOT-FOR-US: SunMC
CVE-2009-0856 (Multiple cross-site scripting (XSS) vulnerabilities in sample ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0855 (Cross-site scripting (XSS) vulnerability in the administrative console ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0853 (login.php in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allows ...)
	NOT-FOR-US: CelerBB
CVE-2009-0852 (showme.php in CelerBB 0.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: CelerBB
CVE-2009-0851 (Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when ...)
	NOT-FOR-US: CelerBB
CVE-2009-0850 (Cross-site scripting (XSS) vulnerability in BitDefender Internet ...)
	NOT-FOR-US: BitDefender
CVE-2009-0849 (Stack-based buffer overflow in the DtbClsLogin function in NovaStor ...)
	NOT-FOR-US: NovaNET
CVE-2009-0848 (Untrusted search path vulnerability in GTK2 in OpenSUSE 11.0 and 11.1 ...)
	- gtk+2.0 <not-affected> (suse specific patch)
CVE-2009-0847 (The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Affected code present, but not exploitable before 1.6.3)
CVE-2009-0846 (The asn1_decode_generaltime function in lib/krb5/asn.1/asn1_decode.c ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
CVE-2009-0845 (The spnego_gss_accept_sec_context function in ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0844 (The get_input_token function in the SPNEGO implementation in MIT ...)
	{DSA-1766-1}
	- krb5 1.6.dfsg.4~beta1-13
	[etch] - krb5 <not-affected> (Vulnerable code was introduced in 1.5)
CVE-2009-0843 (The msLoadQuery function in mapserv in MapServer 4.x before 4.10.4 and ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (bug #523027)
	NOTE: this can only probe for files that are not present, useless when not
	NOTE: in combination with another attack
CVE-2009-0842 (mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 allows ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (low; bug #523027)
CVE-2009-0841 (Directory traversal vulnerability in mapserv.c in mapserv in MapServer ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (bug #523027)
	NOTE: this doesn't work under linux as the root from the directory traversal needs to exist
CVE-2009-0840 (Heap-based buffer underflow in the readPostBody function in cgiutil.c ...)
	{DSA-1914-1}
	- mapserver 5.4.2-1 (medium; bug #523027)
	NOTE: Initial fix was incomplete
CVE-2009-0839 (Stack-based buffer overflow in mapserv.c in mapserv in MapServer 4.x ...)
	{DSA-1914-1}
	- mapserver 5.2.2-1 (medium; bug #523027)
CVE-2009-0838 (The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris ...)
	NOT-FOR-US: Solaris
CVE-2009-0837 (Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0836 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-6450 (Cross-site scripting (XSS) vulnerability in Under Construction, Baby ...)
	NOT-FOR-US: Under Construction, Baby
CVE-2008-6449 (Cross-site request forgery (CSRF) vulnerability in multiple Century ...)
	NOT-FOR-US: Century Systems routers
CVE-2008-6448 (Cross-site scripting (XSS) vulnerability in install.cgi in SKYARC ...)
	NOT-FOR-US: SKYARC System MTCMS WYSIWYG Editor
CVE-2008-6447 (Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail ...)
	NOT-FOR-US: QuikSoft EasyMail
CVE-2008-6446 (Static code injection vulnerability in the Guestbook component in CMS ...)
	NOT-FOR-US: CMS MAXSITE
CVE-2008-6445 (Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact ...)
	NOT-FOR-US: YourPlace
CVE-2008-6444 (Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might ...)
	NOT-FOR-US: Baidu Hi IM
CVE-2008-6443 (SQL injection vulnerability in forum_duzen.php in phpKF allows remote ...)
	NOT-FOR-US: phpKF
CVE-2008-6442 (Insecure method vulnerability in Sina Inc. DLoader Class ActiveX ...)
	NOT-FOR-US: Sina Inc. DLoader Class ActiveX
CVE-2008-6441 (Format string vulnerability in the Epic Games Unreal engine client, as ...)
	NOT-FOR-US: Epic Games Unreal engine client
CVE-2008-6440 (Cerberus Helpdesk before 4.0 (Build 600) allows remote attackers to ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2008-6439 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
	NOT-FOR-US: ABK-Soft AbleDating
CVE-2008-6438 (SQL injection vulnerability in macgurublog_menu/macgurublog.php in the ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-6437 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum ...)
	NOT-FOR-US: PHPFreeForum
CVE-2008-6436 (Cross-site scripting (XSS) vulnerability in the Web Server in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-6435 (Multiple cross-site scripting (XSS) vulnerabilities in phpSQLiteCMS 1 ...)
	NOT-FOR-US: phpSQLiteCMS
CVE-2008-6434 (SQL injection vulnerability in index.cfm in Blue River Interactive ...)
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6433 (Cross-site scripting (XSS) vulnerability in index.cfm in Blue River ...)
	NOT-FOR-US: Blue River Interactive Group Sava CMS
CVE-2008-6431 (Multiple cross-site scripting (XSS) vulnerabilities in BMForum 5.6 ...)
	NOT-FOR-US: BMForum
CVE-2008-6430 (SQL injection vulnerability in the MyContent (com_mycontent) component ...)
	NOT-FOR-US: Joomla
CVE-2008-6429 (SQL injection vulnerability in the PrayerCenter (com_prayercenter) ...)
	NOT-FOR-US: Joomla
CVE-2008-6428 (The CGI framework in Kaya 0.4.0 allows remote attackers to inject ...)
	- kaya 0.4.2-1 (low)
	[etch] - kaya <no-dsa> (Minor issue)
	NOTE: the fix checks with a regex for malicious characters in the HTTP header, see CGI.k changes
CVE-2008-6427 (SQL injection vulnerability in index.php in Hivemaker Professional ...)
	NOT-FOR-US: Hivemaker Professional
CVE-2008-6425 (SQL injection vulnerability in news.php in ComicShout 2.8 allows ...)
	NOT-FOR-US: ComicShout
CVE-2008-6424 (Directory traversal vulnerability in FFFTP 1.96b allows remote FTP ...)
	NOT-FOR-US: FFFTP
CVE-2008-6423 (Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 ...)
	NOT-FOR-US: PassWiki
CVE-2008-6422 (Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and ...)
	NOT-FOR-US: PsychoStats
CVE-2008-6421 (PHP remote file inclusion vulnerability in social_game_play.php in ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6420 (Social Site Generator (SSG) 2.0 allows remote attackers to read ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6419 (Multiple SQL injection vulnerabilities in Social Site Generator (SSG) ...)
	NOT-FOR-US: Social Site Generator
CVE-2008-6418 (SQL injection vulnerability in scrape.php in TorrentTrader before ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-6417 (Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows ...)
	NOT-FOR-US: GreenSQL-Console
CVE-2008-6416 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: GreenSQL-Console
CVE-2009-0854 (Untrusted search path vulnerability in dash 0.5.4, when used as a ...)
	- dash <not-affected> (Debian uses upstream's patch to implement -l)
CVE-2009-0835 (The __secure_computing function in kernel/seccomp.c in the seccomp ...)
	{DSA-1800-1}
	- linux-2.6 2.6.30-1 (low)
	[etch] - linux-2.6 <not-affected> (Not enabled in 2.6.18)
	- linux-2.6.24 <removed>
	[etch] - linux-2.6.24 <no-dsa> (unimportant)
	NOTE: CONFIG_SECCOMP has only been enabled in 2.6.26
CVE-2009-0834 (The audit_syscall_entry function in the Linux kernel 2.6.28.7 and ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0833 (Heap-based buffer overflow in gen_msn.dll in the gen_msn plugin 0.31 ...)
	NOT-FOR-US: Winamp
CVE-2009-0832 (SQL injection vulnerability in items.php in the E-Cart module 1.3 for ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-0831 (SQL injection vulnerability in members.php in the Members CV (job) ...)
	NOT-FOR-US: PHP-Fusion
CVE-2009-0830 (Cross-site scripting (XSS) vulnerability in QuoteBook allows remote ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0829 (Multiple SQL injection vulnerabilities in QuoteBook allow remote ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0828 (QuoteBook stores quotes.inc under the web root with insufficient ...)
	NOT-FOR-US: QuoteBook
CVE-2009-0827 (PollHelper stores poll.inc under the web root with insufficient access ...)
	NOT-FOR-US: PollHelper
CVE-2009-0826 (BlogHelper stores common_db.inc under the web root with insufficient ...)
	NOT-FOR-US: BlogHelper
CVE-2009-0825 (SQL injection vulnerability in system/rss.php in TinX/cms 3.x before ...)
	NOT-FOR-US: TinX/cms
CVE-2009-0824 (Elaborate Bytes ElbyCDIO.sys 6.0.2.0 and earlier, as distributed in ...)
	NOT-FOR-US: Elaborate Bytes ElbyCDIO.sys
CVE-2009-0823
	RESERVED
CVE-2009-0822
	RESERVED
CVE-2008-6415 (Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers ...)
	NOT-FOR-US: CCProxy
CVE-2008-6414 (SQL injection vulnerability in detail.php in AJ Auction Pro Platinum ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6413 (Cross-site scripting (XSS) vulnerability in the Answers module ...)
	NOT-FOR-US: Answers module for Drupal
CVE-2008-6412 (Unspecified vulnerability in Vignette Content Management 7.3.0.5, ...)
	NOT-FOR-US: Vignette Content Management
CVE-2008-6411 (Explay CMS 2.1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Explay CMS
CVE-2008-6410 (Directory traversal vulnerability in show.php in ol'bookmarks manager ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6409 (SQL injection vulnerability in index.php in ol'bookmarks manager 0.7.5 ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6408 (PHP remote file inclusion vulnerability in frame.php in ol'bookmarks ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6407 (Directory traversal vulnerability in frame.php in ol'bookmarks manager ...)
	NOT-FOR-US: ol'bookmarks manager
CVE-2008-6406 (Cross-site scripting (XSS) vulnerability in admin.php in DataLife ...)
	NOT-FOR-US: DataLife Engine
CVE-2008-6405 (SQL injection vulnerability in showcategory.php in Hotscripts Clone ...)
	NOT-FOR-US: Hotscripts Clone
CVE-2008-6404 (Cross-site scripting (XSS) vulnerability in add_calendars.php in ...)
	NOT-FOR-US: eXtrovert Software Thyme
CVE-2008-6403 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenRat
CVE-2008-6402 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sofi WebGui
CVE-2008-6401 (SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote ...)
	NOT-FOR-US: JETIK-WEB
CVE-2008-6400 (Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 ...)
	NOT-FOR-US: refbase
CVE-2008-6399 (Unspecified vulnerability in DotNetNuke 4.5.2 through 4.9 allows ...)
	NOT-FOR-US: DotNetNuke
CVE-2009-0821 (Mozilla Firefox 2.0.0.20 and earlier allows remote attackers to cause ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser DoS not treated as security issues
CVE-2009-0820 (Multiple eval injection vulnerabilities in phpScheduleIt before 1.2.11 ...)
	NOT-FOR-US: phpScheduleIt
CVE-2009-0819 (sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced in 5.1.5)
	- mysql-5.1 5.1.32-1
CVE-2009-0818 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Taxonomy Theme module for Drupal
CVE-2009-0817 (Cross-site scripting (XSS) vulnerability in the Protected Node module ...)
	NOT-FOR-US: Protected Node module for Drupal
CVE-2009-0816 (Multiple cross-site scripting (XSS) vulnerabilities in the backend ...)
	{DTSA-193-1}
	- typo3-src 4.2.6-1 (low; bug #514713)
	[etch] - typo3-src 4.0.2+debian-8
CVE-2009-0815 (The jumpUrl mechanism in class.tslib_fe.php in TYPO3 3.3.x through ...)
	{DTSA-193-1}
	- typo3-src 4.2.6-1 (medium; bug #514713)
	[etch] - typo3-src 4.0.2+debian-8
CVE-2009-0814 (Cross-site scripting (XSS) vulnerability in Widgets.aspx in Blogsa 1.0 ...)
	NOT-FOR-US: Blogsa
CVE-2009-0813 (Insecure method vulnerability in the ImeraIEPlugin ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2009-0812 (Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2009-0811 (Insecure method vulnerability in the SopCast SopCore ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2009-0810 (SQL injection vulnerability in login.php in xGuestbook 2.0 allows ...)
	NOT-FOR-US: xGuestbook
CVE-2009-0809 (The Web Editor in Dassault Systemes ENOVIA SmarTeam V5 before Release ...)
	NOT-FOR-US: Dassault Systemes ENOVIA SmarTeam
CVE-2009-0808 (Multiple SQL injection vulnerabilities in SimpleCMMS before 0.1.0 ...)
	NOT-FOR-US: SimpleCMMS
CVE-2009-0807 (zFeeder 1.6 allows remote attackers to gain administrative access via ...)
	NOT-FOR-US: zFeeder
CVE-2009-0806 (Unspecified vulnerability in OpenGoo before 1.2.1 allows remote ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0805 (Cross-site scripting (XSS) vulnerability in piCal 0.91h and earlier, a ...)
	NOT-FOR-US: piCal
CVE-2009-0804 (Ziproxy 2.6.0, when transparent interception mode is enabled, uses the ...)
	- ziproxy 2.7.2-1 (low; bug #521051)
	[lenny] - ziproxy <no-dsa> (Minor issue)
CVE-2009-0803 (SmoothWall SmoothGuardian, as used in SmoothWall Firewall, ...)
	NOT-FOR-US: SmoothWall
CVE-2009-0802 (Qbik WinGate, when transparent interception mode is enabled, uses the ...)
	NOT-FOR-US: Qbik WinGate
CVE-2009-0801 (Squid, when transparent interception mode is enabled, uses the HTTP ...)
	- squid <unfixed> (unimportant; bug #521053)
	- squid3 3.3.3-1 (unimportant; bug #521052)
	NOTE: This only affects HTTP connections and only in transparent mode
	NOTE: Also, same origin validations in the browsers still apply and keep this mostly harmless
	NOTE: http://marc.info/?l=squid-dev&m=123542836103750&w=4
CVE-2009-0800 (Multiple &quot;input validation flaws&quot; in the JBIG2 decoder in Xpdf 3.02pl2 ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0  (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0799 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0798 (ACPI Event Daemon (acpid) before 1.0.10 allows remote attackers to ...)
	{DSA-1786-1}
	- acpid 1.0.10-1 (medium)
CVE-2009-0797
	REJECTED
CVE-2009-0796 (Cross-site scripting (XSS) vulnerability in Status.pm in ...)
	- libapache2-mod-perl2 2.0.4-6 (low; bug #567635)
	[lenny] - libapache2-mod-perl2 2.0.4-5+lenny1
	- apache <removed>
	[etch] - apache <no-dsa> (minor issue)
CVE-2009-0795
	REJECTED
CVE-2009-0794 (Integer overflow in the PulseAudioTargetDataL class in ...)
	- openjdk-6 6b16-1
	[lenny] - openjdk-6 <not-affected> (no PulseAudio support included)
CVE-2009-0793 (cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK ...)
	{DSA-1769-1}
	- openjdk-6 6b16-1
	- lcms 1.18.dfsg-1.1 (low; bug #530785)
	[lenny] - lcms <no-dsa> (Minor issue)
	[etch] - lcms <no-dsa> (Minor issue)
CVE-2009-0792 (Multiple integer overflows in icc.c in the International Color ...)
	{DSA-2080-1 DTSA-198-1}
	- argyll 1.0.3-3 (medium; bug #523472; bug #524802)
	- ghostscript 8.64~dfsg-1.1 (medium; bug #524915)
	- gs-gpl <removed> (medium; bug #561717)
CVE-2009-0791 (Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as ...)
	- cupsys <removed> (medium; bug #535488)
	- cups 1.3.10-1 (medium; bug #535489)
	[etch] - cupsys <not-affected> (pdftops source included, but not built)
	[lenny] - cups <not-affected> (pdftops source included, but not built)
CVE-2009-0790 (The pluto IKE daemon in Openswan and Strongswan IPsec 2.6 before ...)
	{DSA-1760-1 DSA-1759-1}
	- openswan 1:2.6.21+dfsg-1 (medium; bug #521949)
	- strongswan 4.2.14-1 (medium; bug #521950)
CVE-2009-0789 (OpenSSL before 0.9.8k on WIN64 and certain other platforms does not ...)
	- openssl <not-affected> (only non-Debian architectures affected)
CVE-2009-0788 (Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2009-0787 (The ecryptfs_write_metadata_to_contents function in the eCryptfs ...)
	- linux-2.6 2.6.29-1 (medium; bug #529326)
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.28)
	- linux-2.6.24 <not-affected> (vulnerabile code introduced in 2.6.28)
CVE-2009-0786
	REJECTED
CVE-2009-0785
	RESERVED
CVE-2009-0784 (Race condition in the SystemTap stap tool 0.0.20080705 and ...)
	{DSA-1755-1}
	- systemtap 0.0.20090314-2
	[etch] - systemtap <not-affected> (vulnerable code not present)
CVE-2009-0783 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
	{DSA-2207-1}
	- tomcat5.5 <removed> (low; bug #532366)
	- tomcat6 6.0.20-1 (low; bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (low; bug #532363)
CVE-2009-0782
	REJECTED
CVE-2009-0781 (Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the ...)
	{DSA-2207-1}
	- tomcat5.5 <removed> (unimportant; bug #532366)
	- tomcat6 6.0.20-1 (unimportant; bug #532362)
	- tomcat5 <removed> (unimportant; bug #532363)
	NOTE: Just examples on how to use Tomcat, not for production
CVE-2009-0780 (The aspath_prepend function in rde_attr.c in bgpd in OpenBSD 4.3 and ...)
	NOT-FOR-US: openbsd
CVE-2009-0779 (Buffer overflow in pppdial in IBM AIX 5.3 and 6.1 allows local users ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0778 (The icmp_send function in net/ipv4/icmp.c in the Linux kernel before ...)
	- linux-2.6 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
	- linux-2.6.24 <not-affected> (Issue was introduced after 2.6.24 release and fixed before release of 2.6.25)
CVE-2009-0777 (Mozilla Firefox before 3.0.7, Thunderbird before 2.0.0.21, and ...)
	- iceweasel 3.0.7-1 (low; bug #576466)
	[lenny] - iceweasel <no-dsa> (minor issue)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0776 (nsIRDFService in Mozilla Firefox before 3.0.7, Thunderbird before ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- kompozer 1:0.8~alpha2+dfsg+svn129-3
CVE-2009-0775 (Double free vulnerability in Mozilla Firefox before 3.0.7, Thunderbird ...)
	{DSA-1751-1}
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0774 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0773 (The JavaScript engine in Mozilla Firefox before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
CVE-2009-0772 (The layout engine in Mozilla Firefox 2 and 3 before 3.0.7, Thunderbird ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0771 (The layout engine in Mozilla Firefox before 3.0.7, Thunderbird before ...)
	{DSA-1830-1 DSA-1751-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.7-1
	[etch] - xulrunner <not-affected> (Vulnerable code not present)
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0769 (QIP 2005 build 8082 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: QIP
CVE-2009-0768 (SQL injection vulnerability in forumhop.php in YapBB 1.2 and earlier ...)
	NOT-FOR-US: YapBB
CVE-2009-0767 (Kipper 2.01 stores sensitive information under the web root with ...)
	NOT-FOR-US: Kipper
CVE-2009-0766 (Directory traversal vulnerability in default.php in Kipper 2.01 allows ...)
	NOT-FOR-US: Kipper
CVE-2009-0765 (Directory traversal vulnerability in index.php in Kipper 2.01 allows ...)
	NOT-FOR-US: Kipper
CVE-2009-0764 (Multiple cross-site scripting (XSS) vulnerabilities in Kipper 2.01 ...)
	NOT-FOR-US: Kipper
CVE-2009-0763 (Cross-site scripting (XSS) vulnerability in default.php in Kipper 2.01 ...)
	NOT-FOR-US: Kipper
CVE-2009-0762 (Cross-site scripting (XSS) vulnerability in ScriptsEz Ez PHP Comment ...)
	NOT-FOR-US: ScriptsEz Ez PHP Comment
CVE-2009-0761 (Cross-site scripting (XSS) vulnerability in online.asp in Team Board ...)
	NOT-FOR-US: Team Board
CVE-2009-0760 (Team Board 1.x and 2.x stores sensitive information under the web root ...)
	NOT-FOR-US: Team Board
CVE-2009-0759 (Multiple CRLF injection vulnerabilities in webadmin in ZNC before ...)
	{DSA-1735-1}
	- znc 0.066-1 (bug #516950)
CVE-2009-0758 (The originates_from_local_legacy_unicast_socket function in ...)
	{DSA-2086-1}
	- avahi 0.6.24-3 (low; bug #517683)
	[etch] - avahi <no-dsa> (Minor issue)
	NOTE: reflector is off by default
CVE-2009-0757 (Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent ...)
	- mpfr 2.4.0-5 (low; bug #527475)
	[lenny] - mpfr <not-affected> (Vulnerable code not yet present)
	[etch] - mpfr <not-affected> (Vulnerable code not yet present)
CVE-2009-0756 (The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 ...)
	- poppler 0.10.6-1 (low; bug #518478)
	[lenny] - poppler 0.8.7-2
	[etch] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
	NOTE: poppler in lenny fixed in batch of CVEs pushed out in 5.0.2 release
CVE-2009-0755 (The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 ...)
	{DSA-1941-1}
	- poppler 0.10.6-1 (low; bug #518478)
	[lenny] - poppler <no-dsa> (Application crash only, could be fixed with further issues)
	[etch] - poppler <not-affected> (vulnerable code not present; forms introduced after 0.4.5)
CVE-2009-0754 (PHP 4.4.4, 5.1.6, and other versions, when running on Apache, allows ...)
	{DSA-1789-1}
	- php4 <removed> (low)
	- php5 5.2.9.dfsg.1-2 (low; bug #523049)
CVE-2008-6398 (sng_regress in SNG 1.0.2 allows local users to overwrite arbitrary ...)
	- sng 1.0.2-6 (bug #496407; unimportant)
CVE-2008-6397 (rlatex in AlcoveBook sgml2x 1.0.0 allows local users to overwrite ...)
	- sgml2x 1.0.0-11.2 (bug #496368; low)
	[etch] - sgml2x <no-dsa> (Minor issue)
CVE-2008-6396 (Cross-site scripting (XSS) vulnerability in account.php in Celerondude ...)
	NOT-FOR-US: Celerondude Uploader
CVE-2008-6395 (The web management interface in 3Com Wireless 8760 Dual Radio 11a/b/g ...)
	NOT-FOR-US: web management interface in 3Com Wireless
CVE-2008-6394 (SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and ...)
	NOT-FOR-US: CS-Cart
CVE-2008-6393 (PSI Jabber client before 0.12.1 allows remote attackers to cause a ...)
	{DSA-1741-1}
	- psi 0.12.1-1 (low; bug #518468)
	[etch] - psi <not-affected> (Vulnerable code not present)
CVE-2009-0752 (Unspecified vulnerability in Movable Type Pro and Community Solution ...)
	- movabletype-opensource <not-affected> (bug #518469)
	NOTE: http://www.sixapart.com/pipermail/mtos-dev/2009-March/002677.html
CVE-2009-0751 (Yaws before 1.80 allows remote attackers to cause a denial of service ...)
	{DSA-1740-1}
	- yaws 1.80-1
CVE-2009-0750 (SQL injection vulnerability in login.php in the smNews example script ...)
	NOT-FOR-US: txtSQL
CVE-2008-6392 (SQL injection vulnerability in showads.php in Z1Exchange allows remote ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6391 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
	NOT-FOR-US: Jbook
CVE-2008-6390 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6389 (SQL injection vulnerability in asadmin/default.asp in Rae Media ...)
	NOT-FOR-US: Rae Media Contact Management Software
CVE-2008-6388 (Rapid Classified 3.1 and 3.15 stores sensitive information under the ...)
	NOT-FOR-US: Rapid Classified
CVE-2008-6387 (Quick Tree View .NET 3.1 stores sensitive information under the web ...)
	NOT-FOR-US: Quick Tree View .NET
CVE-2008-6386 (Cross-site scripting (XSS) vulnerability in showads.php in Z1Exchange ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6385 (Cross-site scripting (XSS) vulnerability in index.php in W3matter ...)
	NOT-FOR-US: W3matter RevSense
CVE-2008-6384 (Multiple cross-site request forgery (CSRF) vulnerabilities in Comment ...)
	NOT-FOR-US: Comment Mail
CVE-2008-6383 (SQL injection vulnerability in SpeedTech Organization and Resource ...)
	NOT-FOR-US: SpeedTech Organization and Resource Manager
CVE-2008-6382 (ASP Portal 3.2.5 stores sensitive information under the web root with ...)
	NOT-FOR-US: ASP Portal
CVE-2008-6381 (SQL injection vulnerability in modules/adresses/viewcat.php in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2008-6380 (SQL injection vulnerability in default.aspx in Active Web Helpdesk 2.0 ...)
	NOT-FOR-US: Active Web Helpdesk
CVE-2008-6379 (SQL injection vulnerability in pics_pre.asp in Gallery MX 2.0.0 allows ...)
	NOT-FOR-US: Gallery MX
CVE-2008-6378 (SQL injection vulnerability in calendar_Eventupdate.asp in Calendar Mx ...)
	NOT-FOR-US: Calendar Mx Professional
CVE-2008-6377 (PHP remote file inclusion vulnerability in include/global.php in Multi ...)
	NOT-FOR-US: Multi SEO phpBB
CVE-2008-6376 (SQL injection vulnerability in main.asp in Jbook allows remote ...)
	NOT-FOR-US: Jbook
CVE-2008-6375 (JBook stores sensitive information under the web root with ...)
	NOT-FOR-US: JBook
CVE-2008-6374 (CodefixerSoftware MailingListPro Free Edition stores sensitive ...)
	NOT-FOR-US: MailingListPro Free Edition
CVE-2008-6373 (Unspecified vulnerability in Nagios before 3.0.6 has unspecified ...)
	- nagios3 3.0.6-3
	[etch] - nagios2 <no-dsa> (Related to CVE-2008-5028, which has minimal attack vector)
CVE-2008-6372 (SQL injection vulnerability in default.asp in Ocean12 FAQ Manager Pro ...)
	NOT-FOR-US: Ocean12 FAQ Manager Pro
CVE-2008-6371 (SQL injection vulnerability in login.asp in Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2008-6370 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...)
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6369 (SQL injection vulnerability in default.asp in Ocean12 Contact Manager ...)
	NOT-FOR-US: Ocean12 Contact Manager Pro
CVE-2008-6368 (SQL injection vulnerability in index.php in Chipmunk Guestbook 1.4m ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2008-6367 (Unrestricted file upload vulnerability in Photos/create_album.php in ...)
	NOT-FOR-US: Social Groupie
CVE-2008-6366 (SQL injection vulnerability in logon.jsp in Ad Server Solutions ...)
	NOT-FOR-US: Ad Server Solutions Affiliate Software Java
CVE-2008-6365 (SQL injection vulnerability in logon.jsp in Ad Server Solutions Ad ...)
	NOT-FOR-US: Ad Server Solutions Ad Management Software Java
CVE-2008-6364 (SQL injection vulnerability in logon_process.jsp in Ad Server ...)
	NOT-FOR-US: Ad Server Solutions Banner Exchange Solution Java
CVE-2008-6363 (Stack-based buffer overflow in DesignWorks Professional 4.3.1 and ...)
	NOT-FOR-US: DesignWorks Professional
CVE-2008-6362 (SQL injection vulnerability in sitepage.php in Multiple Membership ...)
	NOT-FOR-US: Multiple Membership Script
CVE-2008-6361 (Directory traversal vulnerability in index.php in InSun Feed CMS 1.7.3 ...)
	NOT-FOR-US: InSun Feed CMS
CVE-2008-6360 (Cross-site scripting (XSS) vulnerability in the userranks feature in ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-6359 (Cross-site scripting (XSS) vulnerability in index.php in Max's ...)
	NOT-FOR-US: Max's Guestbook
CVE-2008-6358 (SQL injection vulnerability in group_index.php in Social Groupie ...)
	NOT-FOR-US: Social Groupie
CVE-2008-6357 (MyCal Personal Events Calendar stores sensitive information under the ...)
	NOT-FOR-US: MyCal Personal Events Calendar
CVE-2008-6356 (evCal Events Calendar stores sensitive information under the web root ...)
	NOT-FOR-US: evCal Events Calendar
CVE-2008-6355 (The Net Guys ASPired2Protect stores sensitive information under the ...)
	NOT-FOR-US: ASPired2poll
CVE-2008-6354 (The Net Guys ASPired2poll stores sensitive information under the web ...)
	NOT-FOR-US: ASPired2poll
CVE-2008-6353 (SQL injection vulnerability in index.asp in ASP-CMS 1.0 allows remote ...)
	NOT-FOR-US: ASP-CMS
CVE-2008-6352 (SQL injection vulnerability in home.html in Xpoze Pro 4.10 allows ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-6351 (Cross-site scripting (XSS) vulnerability in listtest.php in ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6350 (SQL injection vulnerability in listtest.php in TurnkeyForms Local ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6349 (SQL injection vulnerability in survey_results_text.php in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Business Survey Pro
CVE-2008-6348 (Multiple SQL injection vulnerabilities in DevelopItEasy Photo Gallery ...)
	NOT-FOR-US: DevelopItEasy Photo Gallery
CVE-2008-6347 (PHP remote file inclusion vulnerability in lib/onguma.class.php in the ...)
	NOT-FOR-US: Onguma Time Sheet component for Joomla!
CVE-2009-0748 (The ext4_fill_super function in fs/ext4/super.c in the Linux kernel ...)
	{DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0747 (The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 ...)
	{DSA-1749-1}
	- linux-2.6 2.6.28-2 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0746 (The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel ...)
	{DSA-1749-1}
	- linux-2.6 2.6.28-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0745 (The ext4_group_add function in fs/ext4/resize.c in the Linux kernel ...)
	{DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	[etch] - linux-2.6 <not-affected> (ext4 not yet present)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Since the feature is experimental until 2.6.27, I don't think we need to fix this
CVE-2009-0744 (Apple Safari 4 Beta build 528.16 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0743 (Cross-site scripting (XSS) vulnerability in the edit account page in ...)
	NOT-FOR-US: Cisco Unified MeetingPlace Web Conferencing
CVE-2009-0742 (The username command in Cisco ACE Application Control Engine Module ...)
	NOT-FOR-US: Cisco
CVE-2008-6346 (Cross-site scripting (XSS) vulnerability in the DR Wiki (dr_wiki) ...)
	NOT-FOR-US: DR Wiki extension for TYPO3
CVE-2008-6345 (SQL injection vulnerability in Forum.php in SolarCMS 0.53.8 and 1.0 ...)
	NOT-FOR-US: SolarCMS
CVE-2008-6344 (SQL injection vulnerability in the TU-Clausthal Staff (tuc_staff) ...)
	NOT-FOR-US: TU-Clausthal Staff extension for TYPO3
CVE-2008-6343 (Cross-site scripting (XSS) vulnerability in the TU-Clausthal ODIN ...)
	NOT-FOR-US: TU-Clausthal ODIN extension for TYPO3
CVE-2008-6342 (Unspecified vulnerability in the TYPO3 Simple File Browser ...)
	NOT-FOR-US: Simple File Browser extension for TYPO3
CVE-2008-6341 (Cross-site scripting (XSS) vulnerability in the SB Universal Plugin ...)
	NOT-FOR-US: SB Universal Plugin extension for TYPO3
CVE-2008-6340 (Cross-site scripting (XSS) vulnerability in the Vox populi ...)
	NOT-FOR-US: Vox populi extension for TYPO3
CVE-2008-6338 (SQL injection vulnerability in the WEBERkommunal Facilities ...)
	NOT-FOR-US: WEBERkommunal Facilities extension for TYPO3
CVE-2008-6337 (SQL injection vulnerability in the Volunteer Management System ...)
	NOT-FOR-US: Volunteer Management System module for Joomla!
CVE-2008-6336 (Directory traversal vulnerability in download.php in Text Lines ...)
	NOT-FOR-US: Text Lines Rearrange Script
CVE-2008-6335 (Directory traversal vulnerability in download.php in eMetrix Online ...)
	NOT-FOR-US: eMetrix Online Keyword Research Tool
CVE-2008-6334 (Directory traversal vulnerability in download.php in eMetrix Extract ...)
	NOT-FOR-US: eMetrix Extract Website
CVE-2008-6333 (SQL injection vulnerability in news.php in RSS Simple News (RSSSN), ...)
	NOT-FOR-US: RSS Simple News
CVE-2008-6332 (SQL injection vulnerability in login.php in Simple Customer 1.2 allows ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6331 (Multiple cross-site request forgery (CSRF) vulnerabilities in Streber ...)
	NOT-FOR-US: Streber
CVE-2008-6330 (SQL injection vulnerability in index.php in MyTopix 1.3.0 and earlier ...)
	NOT-FOR-US: MyTopix
CVE-2008-6329 (SQL injection vulnerability in Employee/login.asp in Pre ASP Job Board ...)
	NOT-FOR-US: Pre ASP Job Board
CVE-2008-6328 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.0 ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6327 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...)
	NOT-FOR-US: ProQuiz
CVE-2008-6326 (SQL injection vulnerability in login.php in Simple Customer as ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6325 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz ...)
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6324 (SQL injection vulnerability in forummessages.cfm in CF_Forum allows ...)
	NOT-FOR-US: CF_Forum
CVE-2008-6323 (SQL injection vulnerability in forummessages.cfm in CFMSource ...)
	NOT-FOR-US: CFMSource CF_Auction
CVE-2008-6322 (SQL injection vulnerability in index.cfm in CFMSource CFMBlog allows ...)
	NOT-FOR-US: CFMSource CFMBlog
CVE-2008-6321 (CF Shopkart 5.2.2 stores cfshopkart52.mdb under the web root with ...)
	NOT-FOR-US: CF Shopkart
CVE-2008-6320 (SQL injection vulnerability in index.cfm in CF Shopkart 5.2.2 allows ...)
	NOT-FOR-US: CF Shopkart
CVE-2008-6319 (SQL injection vulnerability in calendarevent.cfm in CF_Calendar allows ...)
	NOT-FOR-US: CF_Calendar
CVE-2008-6318 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6317 (Directory traversal vulnerability in ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6316 (Directory traversal vulnerability in _conf/core/common-tpl-vars.php in ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6315 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-6314 (SQL injection vulnerability in tag_board.php in the Tag Board module ...)
	NOT-FOR-US: Tag Board module
CVE-2008-6313 (Directory traversal vulnerability in addedit-render.php in phpAddEdit ...)
	NOT-FOR-US: phpAddEdit
CVE-2008-6312 (SQL injection vulnerability in index.php in ProQuiz 1.0 allows remote ...)
	NOT-FOR-US: ProQuiz
CVE-2008-6311 (SQL injection vulnerability in view.php in Butterfly Organizer 2.0.1 ...)
	NOT-FOR-US: Butterfly Organizer
CVE-2008-6310 (SQL injection vulnerability in index.php in W3matter RevSense 1.0 ...)
	NOT-FOR-US: W3matter RevSense
CVE-2008-6309 (SQL injection vulnerability in index.php in W3matter AskPert allows ...)
	NOT-FOR-US: W3matter AskPert
CVE-2008-6308 (Multiple directory traversal vulnerabilities in Private Messaging ...)
	NOT-FOR-US: Private Messaging System
CVE-2008-6307 (E-topbiz Link Back Checker 1 allows remote attackers to bypass ...)
	NOT-FOR-US: E-topbiz Link Back Checker
CVE-2008-6306 (Cross-site scripting (XSS) vulnerability in signinform.php in Softbiz ...)
	NOT-FOR-US: Softbiz Classifieds Script
CVE-2008-6305 (PHP remote file inclusion vulnerability in init.php in Free Directory ...)
	NOT-FOR-US: Free Directory Script
CVE-2008-6304 (SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6303 (SQL injection vulnerability in tourview.php in ToursManager allows ...)
	NOT-FOR-US: ToursManager
CVE-2008-6302 (TurnkeyForms Local Classifieds allows remote attackers to bypass ...)
	NOT-FOR-US: TurnkeyForms Local Classifieds
CVE-2008-6301 (SQL injection vulnerability in shoutbox_view.php in the Small ShoutBox ...)
	NOT-FOR-US: Small ShoutBox module
CVE-2008-6300 (Galatolo WebManager 1.3a allows remote attackers to bypass ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6299 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5.7 ...)
	NOT-FOR-US: Joomla!
CVE-2008-6298 (Unspecified vulnerability in sISAPILocation before 1.0.2.2 allows ...)
	NOT-FOR-US: sISAPILocation
CVE-2008-6297 (Cross-site scripting (XSS) vulnerability in order.php in DHCart allows ...)
	NOT-FOR-US: DHCart
CVE-2008-6296 (admin.php in Maran PHP Shop allows remote attackers to bypass ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-6295 (Multiple cross-site scripting (XSS) vulnerabilities in Camera Life ...)
	NOT-FOR-US: Camera Life
CVE-2008-6294 (admin/Index.php in Acc Statistics 1.1 allows remote attackers to ...)
	NOT-FOR-US: Acc Statistics
CVE-2008-6293 (admin/Index.php in Acc Real Estate 4.0 allows remote attackers to ...)
	NOT-FOR-US: Acc Real Estate
CVE-2008-6292 (Acc Autos 4.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Acc Autos
CVE-2008-6291 (Acc PHP eMail 1.1 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Acc PHP eMail
CVE-2008-6290 (Directory traversal vulnerability in includefile.php in nicLOR Sito, ...)
	NOT-FOR-US: nicLOR Sito
CVE-2008-6289 (SQL injection vulnerability in cityview.php in Tours Manager 1.0 ...)
	NOT-FOR-US: Tours Manager
CVE-2009-0770 (dkim-milter 2.6.0 through 2.8.0 allows remote attackers to cause a ...)
	{DSA-1728-1}
	- dkim-milter 2.6.0.dfsg-2 (low)
	[lenny] - dkim-milter 2.6.0.dfsg-1+lenny1
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2508602&group_id=139420&atid=744358
CVE-2009-0749 (Use-after-free vulnerability in the GIFReadNextExtension function in ...)
	- optipng 0.6.2.1-1 (low)
	[etch] - optipng 0.5.5-2
	[lenny] - optipng 0.6.1.1-2
CVE-2009-0741 (SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home ...)
	NOT-FOR-US: Craft Silicon Banking@Home
CVE-2009-0740 (SQL injection vulnerability in login.php in BlueBird Prelease allows ...)
	NOT-FOR-US: BlueBird Prelease
CVE-2009-0739 (SQL injection vulnerability in login.php in MyNews 0.10 allows remote ...)
	NOT-FOR-US: MyNews
CVE-2009-0738 (SQL injection vulnerability in login.php in Auth Php 1.0 allows remote ...)
	NOT-FOR-US: Auth Php
CVE-2009-0736 (Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows ...)
	NOT-FOR-US: Pebble
CVE-2009-0735 (Directory traversal vulnerability in lib/classes/message_class.php in ...)
	NOT-FOR-US: Papoo CMS
CVE-2009-0734 (Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia ...)
	NOT-FOR-US: MultimediaPlayer.exe
CVE-2009-0733 (Multiple stack-based buffer overflows in the ReadSetOfCurves function ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
	- openjdk-6 6b18-1.8.13-0+squeeze2
	NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier
CVE-2009-0732 (Downloadcenter 2.1 stores common.h under the web root with ...)
	NOT-FOR-US: Downloadcenter
CVE-2009-0731 (Directory traversal vulnerability in pages/play.php in Free Arcade ...)
	NOT-FOR-US: Free Arcade Script
CVE-2009-0730 (Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) ...)
	NOT-FOR-US: GigCalendar
CVE-2009-0729 (Multiple directory traversal vulnerabilities in Page Engine CMS 2.0 ...)
	NOT-FOR-US: Page Engine CMS
CVE-2009-0728 (SQL injection vulnerability in the My_eGallery module for MAXdev MDPro ...)
	NOT-FOR-US: MAXdev MDPro/Postnuke
CVE-2009-0727 (SQL injection vulnerability in jobdetails.php in taifajobs 1.0 and ...)
	NOT-FOR-US: taifajobs
CVE-2009-0726 (SQL injection vulnerability in the GigCalendar (com_gigcal) component ...)
	NOT-FOR-US: Joomla
CVE-2009-0725
	RESERVED
CVE-2009-0724
	RESERVED
CVE-2009-0723 (Multiple integer overflows in LittleCMS (aka lcms or liblcms) before ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
	- openjdk-6 6b18-1.8.13-0+squeeze2
	NOTE: Marking the current oldstable version as fixed, but likely fixed way earlier
CVE-2009-0722 (Directory traversal vulnerability in admin.php in Potato News 1.0.0 ...)
	NOT-FOR-US: Potato News
CVE-2009-0721 (Unspecified vulnerability in Easy Login in the Sender module in HP ...)
	NOT-FOR-US: HP Remote Graphics
CVE-2009-0720 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2009-0719 (Unspecified vulnerability in useradd in HP HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2009-0718 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0717 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0716 (Unspecified vulnerability in HP StorageWorks Storage Mirroring 5 ...)
	NOT-FOR-US: HP StorageWorks Storage Mirroring
CVE-2009-0715 (Unspecified vulnerability in Secure NaviCLI in HP Storage Essentials ...)
	NOT-FOR-US: HP Storage Essentials
CVE-2009-0714 (Unspecified vulnerability in the dpwinsup module (dpwinsup.dll) for ...)
	NOT-FOR-US: HP Data Protector Express
CVE-2009-0713 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...)
	NOT-FOR-US: WMI Mapper
CVE-2009-0712 (Unspecified vulnerability in WMI Mapper for HP Systems Insight Manager ...)
	NOT-FOR-US: WMI Mapper
CVE-2009-0711 (filter.php in PHPFootball 1.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0710 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFootball 1.6 ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0709 (SQL injection vulnerability in login.php in PHPFootball 1.6 allows ...)
	NOT-FOR-US: PHPFootball
CVE-2009-0708 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: SemanticScuttle
CVE-2009-0707 (SQL injection vulnerability in admin/index.php in PowerClan 1.14a ...)
	NOT-FOR-US: PowerClan
CVE-2009-0706 (SQL injection vulnerability in the Simple Review (com_simple_review) ...)
	NOT-FOR-US: Joomla
CVE-2009-0705 (SQL injection vulnerability in news.php in PowerScripts PowerNews ...)
	NOT-FOR-US: PowerScripts PowerNews
CVE-2009-0704 (SQL injection vulnerability in search.php in WSN Guest 1.23 allows ...)
	NOT-FOR-US: WSN Guest
CVE-2009-0703 (SQL injection vulnerability in bview.asp in ASPThai.Net Webboard 6.0 ...)
	NOT-FOR-US: ASPThai.Net Webboard
CVE-2009-0702 (SQL injection vulnerability in the Phoca Documentation ...)
	NOT-FOR-US: Joomla
CVE-2009-0701 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Cybershade
CVE-2009-0700 (Plunet BusinessManager 4.1 and earlier allows remote authenticated ...)
	NOT-FOR-US: Plunet BusinessManager
CVE-2009-0699 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Plunet BusinessManager
CVE-2009-0698 (Integer overflow in the 4xm demuxer (demuxers/demux_4xm.c) in xine-lib ...)
	- xine-lib 1.1.16.2-1 (bug #517792; bug #523475; medium)
	- vlc <not-affected> (affected part of xine-lib code not present)
CVE-2009-0697
	RESERVED
CVE-2009-0696 (The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 ...)
	{DSA-1847-1}
	- bind9 1:9.6.1.dfsg.P1-1 (bug #538975; high)
	NOTE: See also http://www.kb.cert.org/vuls/id/725188
CVE-2009-0695 (hagent.exe in Wyse Device Manager (WDM) 4.7.x does not require ...)
	NOT-FOR-US: Wyse Device Manager not in Debian
CVE-2009-0694
	RESERVED
CVE-2009-0693 (Multiple buffer overflows in Wyse Device Manager (WDM) 4.7.x allow ...)
	NOT-FOR-US: Wyse Device Manager not in Debian
CVE-2009-0692 (Stack-based buffer overflow in the script_write_params method in ...)
	{DSA-1833-2 DSA-1833-1}
	- dhcp3 3.1.2p1-1 (medium)
	NOTE: dhcp in etch is not affected.
CVE-2009-0691 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...)
	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0690 (The Foxit JPEG2000/JBIG2 Decoder add-on before 2.0.2009.616 for Foxit ...)
	NOT-FOR-US: Foxit JPEG2000/JBIG2 Decoder add-on
CVE-2009-0689 (Array index error in the (1) dtoa implementation in dtoa.c (aka ...)
	{DSA-1998-1 DSA-1931-1 DLA-376-1}
	- nspr 4.8-2
	[etch] - nspr <end-of-life> (Mozilla packages from oldstable no longer covered by security support)
	- kdelibs 4:3.5.10.dfsg.1-3 (medium; bug #559265)
	- kde4libs 4:4.3.4-1 (medium; bug #559266)
	[lenny] - kde4libs <no-dsa> (Only uses by a few packages in Lenny, hardly any attack vector)
	- mono 4.2.1.102+dfsg2-4
	[jessie] - mono <no-dsa> (Minor issue)
	[wheezy] - mono <no-dsa> (Minor issue)
	NOTE: http://www.mono-project.com/docs/about-mono/vulnerabilities/
	NOTE: https://gist.github.com/directhex/01e853567fd2cc74ed39
CVE-2009-0688 (Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 ...)
	{DSA-1807-1 DTSA-200-1 DTSA-201-1}
	- cyrus-sasl2 2.1.23.dfsg1-1 (bug #528749)
	- cyrus-sasl2-heimdal 2.1.23.dfsg1-1
	NOTE: VU#238019
CVE-2009-0687 (The pf_test_rule function in OpenBSD Packet Filter (PF), as used in ...)
	NOT-FOR-US: OpenBSD Packet Filter
CVE-2009-0686 (The TrendMicro Activity Monitor Module (tmactmon.sys) 2.52.0.1002 in ...)
	NOT-FOR-US: Trend Micro Internet Pro
CVE-2009-0685
	RESERVED
CVE-2009-0684
	RESERVED
CVE-2009-0683
	RESERVED
CVE-2009-0682 (vetmonnt.sys in CA Internet Security Suite r3, vetmonnt.sys before ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2009-0681 (PGP Desktop before 9.10 allows local users to (1) cause a denial of ...)
	NOT-FOR-US: PGP Desktop
CVE-2009-0680 (cgi-bin/welcome/VPN_only in the web interface in Netgear SSL312 allows ...)
	NOT-FOR-US: Netgear
CVE-2009-0679 (Cross-site scripting (XSS) vulnerability in the Your Account module in ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0678 (images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0677 (avatarlist.php in the Your Account module, reached through ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0676 (The sock_getsockopt function in net/core/sock.c in the Linux kernel ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <unfixed> (low)
	NOTE: Original fix was incomplete/risky, see:
	NOTE: <http://marc.info/?l=linux-kernel&m=123540732700371&w=2>
	NOTE: Reproducer in <https://bugzilla.redhat.com/show_bug.cgi?id=486305>
	NOTE: lacks initialzer for len. Leak confirmed with fixed reproducer.
CVE-2009-0675 (The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed> (low)
CVE-2009-0674 (images/captcha.php in Raven Web Services RavenNuke 2.30, when ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0673 (Eval injection vulnerability in the Custom Fields feature in the Your ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0672 (SQL injection vulnerability in the Resend_Email module in Raven Web ...)
	NOT-FOR-US: RavenNuke
CVE-2009-0671
	REJECTED
CVE-2009-0670
	RESERVED
CVE-2009-0669 (Zope Object Database (ZODB) before 3.8.2, when certain Zope Enterprise ...)
	{DSA-2234-1 DSA-1863-1}
	- zope3 <removed> (bug #540462)
	- zope2.11 2.11.4-1 (bug #540463)
	- zope2.10 2.10.9-1 (bug #540464)
	- zope2.9 <removed>
	- zodb 1:3.8.2-1 (bug #540465)
CVE-2009-0668 (Unspecified vulnerability in Zope Object Database (ZODB) before 3.8.2, ...)
	{DSA-2234-1 DSA-1863-1}
	- zope3 <removed> (medium; bug #540462)
	- zope2.11 2.11.4-1 (medium; bug #540463)
	- zope2.10 2.10.9-1 (medium; bug #540464)
	- zope2.9 <removed>
	- zodb 1:3.8.2-1 (medium; bug #540465)
CVE-2009-0667 (Untrusted search path vulnerability in Agent/Backend.pm in ...)
	{DSA-1828-1}
	- ocsinventory-agent 1:0.0.9.2repack1-5 (medium; bug #506416)
CVE-2009-0666
	RESERVED
CVE-2009-0665
	RESERVED
CVE-2009-0664 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0.x ...)
	{DSA-1778-1}
	- mahara 1.1.3-1 (low)
CVE-2009-0663 (Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or ...)
	{DSA-1780-1}
	- libdbd-pg-perl 2.1.3-1
CVE-2009-0662 (The PlonePAS product 3.x before 3.9 and 3.2.x before 3.2.2, a product ...)
	- plone3 <removed> (medium; bug #525943)
CVE-2009-0661 (Wee Enhanced Environment for Chat (WeeChat) 0.2.6 allows remote ...)
	{DSA-1744-1}
	- weechat 0.2.6.1-1 (medium; bug #519940)
	[etch] - weechat <not-affected> (vulnerable code not present)
CVE-2009-0660 (Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 ...)
	{DSA-1736-1}
	- mahara 1.1.2-1 (low)
CVE-2009-0659 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
	NOT-FOR-US: TPTEST
CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0657 (Toshiba Face Recognition 2.0.2.32 allows physically proximate ...)
	NOT-FOR-US: Toshiba Face Recognition
CVE-2009-0656 (Asus SmartLogon 1.0.0005 allows physically proximate attackers to ...)
	NOT-FOR-US: Asus SmartLogon
CVE-2009-0655 (Lenovo Veriface III allows physically proximate attackers to login to ...)
	NOT-FOR-US: Lenovo Veriface
CVE-2009-0654 (Tor 0.2.0.28, and probably 0.2.0.34 and earlier, allows remote ...)
	- tor <unfixed> (unimportant)
	NOTE: attacker already controls entry and exit node at this stage
CVE-2009-0653 (OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an ...)
	- openssl 0.9.8-1 (bug #517791)
CVE-2009-0652 (The Internationalized Domain Names (IDN) blacklist in Mozilla Firefox ...)
	{DSA-1830-1 DSA-1797-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- xulrunner 1.9.0.9-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0651 (Unspecified vulnerability in the Veritas network daemon (aka vnetd) in ...)
	NOT-FOR-US: Veritas network daemon
CVE-2009-0650 (Stack-based buffer overflow in the GetStatsFromLine function in TPTEST ...)
	NOT-FOR-US: TPTEST
CVE-2009-0649 (The web browser in Symbian OS on the Nokia N95 cell phone allows ...)
	NOT-FOR-US: Symbian OS
CVE-2008-6288 (Directory traversal vulnerability in download.php in Interface Medien ...)
	NOT-FOR-US: Interface Medien ibase
CVE-2008-6287 (Multiple PHP remote file inclusion vulnerabilities in Broadcast ...)
	NOT-FOR-US: Broadcast Machine
CVE-2008-6286 (Multiple SQL injection vulnerabilities in SubscriberStart.asp in ...)
	NOT-FOR-US: Active Newsletter
CVE-2008-6285 (SQL injection vulnerability in index.php in PHP TV Portal 2.0 and ...)
	NOT-FOR-US: PHP TV Portal
CVE-2008-6284 (SQL injection vulnerability in edit.php in Z1Exchange 1.0 allows ...)
	NOT-FOR-US: Z1Exchange
CVE-2008-6283 (Cross-site scripting (XSS) vulnerability in Subtext 2.0 allows remote ...)
	NOT-FOR-US: Subtext
CVE-2008-6282 (SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS ...)
	NOT-FOR-US: CMS Ortus
CVE-2008-6281 (SQL injection vulnerability in index.php in Bluo CMS 1.2 allows remote ...)
	NOT-FOR-US: Bluo CMS
CVE-2008-6280 (Cross-site scripting (XSS) vulnerability in apply.cgi on the Linksys ...)
	NOT-FOR-US: Linksys WRT160N
CVE-2008-6279 (RakhiSoftware Price Comparison Script (aka Shopping Cart) allows ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6278 (Multiple cross-site scripting (XSS) vulnerabilities in product.php in ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6277 (SQL injection vulnerability in product.php in RakhiSoftware Price ...)
	NOT-FOR-US: RakhiSoftware Price Comparison Script
CVE-2008-6276 (Multiple SQL injection vulnerabilities in the User Karma module 5.x ...)
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6275 (Cross-site scripting (XSS) vulnerability in the User Karma module 5.x ...)
	NOT-FOR-US: User Karma module for Drupal
CVE-2008-6274 (Multiple SQL injection vulnerabilities in index.php in FamilyProject ...)
	NOT-FOR-US: FamilyProject
CVE-2008-6273 (Directory traversal vulnerability in configuration_script.php in ...)
	NOT-FOR-US: MyKtools
CVE-2008-6272 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll ...)
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6271 (Directory traversal vulnerability in index.php in TBmnetCMS 1.0, when ...)
	NOT-FOR-US: TBmnetCMS
CVE-2008-6270 (SQL injection vulnerability in admin/index.php in Dragan Mitic Apoll ...)
	NOT-FOR-US: Dragan Mitic Apoll
CVE-2008-6269 (Joovili 3.1.4 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Joovili
CVE-2008-6268 (SQL injection vulnerability in detail.php in WEBBDOMAIN Multi ...)
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6267 (Cross-site scripting (XSS) vulnerability in detail.php in Multi ...)
	NOT-FOR-US: Multi Languages WebShop Online
CVE-2008-6266 (SQL injection vulnerability in links.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2008-6265 (Directory traversal vulnerability in portfolio/css.php in Cyberfolio ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-6264 (SQL injection vulnerability in admin/admin.php in E-topbiz Slide ...)
	NOT-FOR-US: E-topbiz Slide Popups
CVE-2008-6263 (SQL injection vulnerability in lib/user/t_user.php in SaturnCMS allows ...)
	NOT-FOR-US: SaturnCMS
CVE-2008-6262 (SQL injection vulnerability in lib/url/meta_url.php in SaturnCMS ...)
	NOT-FOR-US: SaturnCMS
CVE-2008-6261 (SQL injection vulnerability in view.php in E-topbiz AdManager 4 allows ...)
	NOT-FOR-US: E-topbiz AdManager
CVE-2008-6260 (SQL injection vulnerability in index.php in Ultrastats 0.2.144 and ...)
	NOT-FOR-US: Ultrastats
CVE-2008-6259 (Cross-site scripting (XSS) vulnerability in search.asp in QuadComm ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6258 (SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2008-6257 (SQL injection vulnerability in default.asp in Openasp 3.0 and earlier ...)
	NOT-FOR-US: Openasp
CVE-2008-6256 (SQL injection vulnerability in admincp/admincalendar.php in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2008-6255 (Multiple SQL injection vulnerabilities in vBulletin 3.7.4 allow remote ...)
	NOT-FOR-US: vBulletin
CVE-2008-6254 (SQL injection vulnerability in scripts/documents.php in Jadu Galaxies ...)
	NOT-FOR-US: Jadu Galaxies
CVE-2008-6253 (Directory traversal vulnerability in data/inc/lib/pcltar.lib.php in ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-6252 (Stack-based buffer overflow in the smc program in smcFanControl 2.1.2 ...)
	NOT-FOR-US: smcFanControl
CVE-2008-6251 (PHP remote file inclusion vulnerability in includes/init.php in phpFan ...)
	NOT-FOR-US: phpFan
CVE-2008-6250 (SQL injection vulnerability in Comdev Web Blogger 4.1.3 and earlier ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2008-6249 (SQL injection vulnerability in plugins/users/index.php in Galatolo ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6248 (Cross-site scripting (XSS) vulnerability in all.php in Galatolo ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6247 (SQL injection vulnerability in topsite.php in Scripts For Sites (SFS) ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6246 (SQL injection vulnerability in category.php in Scripts For Sites (SFS) ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6245 (SQL injection vulnerability in track.php in Scripts For Sites (SFS) EZ ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6244 (SQL injection vulnerability in view_reviews.php in Scripts for Sites ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6243 (SQL injection vulnerability in showcategory.php in Scripts For Sites ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6242 (SQL injection vulnerability in SearchResults.php in Scripts For Sites ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6241 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
	NOT-FOR-US: FlexPHPSite
CVE-2008-6240 (Cross-site scripting (XSS) vulnerability in data/views/index.html in ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6239 (Cross-site request forgery (CSRF) vulnerability in OpenEdit Digital ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6238 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: OpenEdit Digital Asset Management
CVE-2008-6237 (SQL injection vulnerability in software-description.php in Scripts For ...)
	NOT-FOR-US: Scripts For Sites
CVE-2008-6236 (SQL injection vulnerability in login.php in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2008-6235 (The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted ...)
	- vim 2:7.2.148-1 (low)
	[lenny] - vim <not-affected> (proof-of-concept does not work)
	[etch] - vim <no-dsa> (Minor issue)
CVE-2008-6234 (SQL injection vulnerability in the com_musica module in Joomla! and ...)
	NOT-FOR-US: Joomla
CVE-2008-6233 (SQL injection vulnerability in index.php in Five Dollar Scripts Drinks ...)
	NOT-FOR-US: Five Dollar Scripts Drinks script
CVE-2008-6232 (Pre Shopping Mall allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-6231 (Pre Classified Listing PHP allows remote attackers to bypass ...)
	NOT-FOR-US: Pre Classified Listing PHP
CVE-2008-6230 (SQL injection vulnerability in Tour.php in Pre Projects Pre Podcast ...)
	NOT-FOR-US: Pre Projects Pre Podcast Portal
CVE-2008-6229 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: CCK module for Drupal
CVE-2008-6228 (Pre Multi-Vendor Shopping Malls allows remote attackers to bypass ...)
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6227 (SQL injection vulnerability in buyer_detail.php in Pre Multi-Vendor ...)
	NOT-FOR-US: Pre Multi-Vendor Shopping Malls
CVE-2008-6226 (SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto ...)
	NOT-FOR-US: Pre Projects PHP Auto Listings Script
CVE-2008-6225 (** DISPUTED ** ...)
	NOT-FOR-US: Mole Group Airline Ticket Sale Script
CVE-2008-6224 (Directory traversal vulnerability in visualizza.php in Way Of The ...)
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6223 (PHP remote file inclusion vulnerability in visualizza.php in Way Of ...)
	NOT-FOR-US: Way Of The Warrior
CVE-2008-6222 (Directory traversal vulnerability in the Pro Desk Support Center ...)
	NOT-FOR-US: Joomla
CVE-2008-6221 (PHP remote file inclusion vulnerability in config.dadamail.php in the ...)
	NOT-FOR-US: Joomla
CVE-2008-6220 (SQL injection vulnerability in login.php in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2008-6219 (nsrexecd.exe in multiple EMC Networker products including EMC ...)
	NOT-FOR-US: EMC Networker products
CVE-2008-6218 (Memory leak in the png_handle_tEXt function in pngrutil.c in libpng ...)
	{DSA-1750-1}
	- libpng 1.2.33-1
CVE-2008-6217 (Cross-site scripting (XSS) vulnerability in index.php in Extrakt ...)
	NOT-FOR-US: Extrakt Framework
CVE-2008-6216 (SQL injection vulnerability in cadena_ofertas_ext.php in Venalsur ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6215 (Cross-site scripting (XSS) vulnerability in cadena_ofertas_ext.php in ...)
	NOT-FOR-US: Venalsur Booking center Booking System
CVE-2008-6214 (SQL injection vulnerability in poll_results.php in Harlandscripts Pro ...)
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2008-6213 (SQL injection vulnerability in mypage.php in Harlandscripts Pro ...)
	NOT-FOR-US: Harlandscripts Pro Traffic One
CVE-2009-XXXX [thunar: potential exploits via  application launchers]
	- thunar <unfixed> (bug #517020; unimportant)
	NOTE: Minor impact, any attack would still require a significant amount of social engineering
CVE-2009-XXXX [sysvinit: no-root option in expert installer exposes locally exploitable security flaw]
	- sysvinit <unfixed> (bug #517018; unimportant)
	NOTE: hardly a security issue, if an attacker has local access to the machine and you
	NOTE: don't use encryption or something similar you have lost anyway
	NOTE: - this ^ philosophy is flawed; it should not be trivial to get root just because you
	NOTE:   have local access to the machine. it is worth it to make it as difficult as
	NOTE:   possible without impacting authorized users. otherwise, why spend so much effort
	NOTE:   to make sure xscreensaver, gdm, and login are rock solid?
	NOTE: - i would like to track as low, rather than unimportant
CVE-2009-0753 (Absolute path traversal vulnerability in MLDonkey 2.8.4 through 2.9.7 ...)
	{DSA-1739-1}
	- mldonkey 3.0.0-1 (bug #516829; medium)
	[etch] - mldonkey <not-affected> (vulnerable code not present)
	NOTE: daemon is run as non-root and can only be exploited via localhost
CVE-2009-0648 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Falt4 CMS
CVE-2009-0647 (msnmsgr.exe in Windows Live Messenger (WLM) 2009 build 14.0.8064.206, ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2008-6212 (Cross-site scripting (XSS) vulnerability in admin.php in Php-Stats ...)
	NOT-FOR-US: Php-Stats
CVE-2008-6211 (Multiple cross-site scripting (XSS) vulnerabilities in PhpForums.net ...)
	NOT-FOR-US: PhpForums.net mcGallery
CVE-2008-6210 (SQL injection vulnerability in index.php in dream4 Koobi 4.4 and 5.4 ...)
	NOT-FOR-US: dream4 Koobi
CVE-2008-6209 (SQL injection vulnerability in view_product.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Software Zone
CVE-2008-6208 (Cross-site scripting (XSS) vulnerability in submitnews.php in e107 CMS ...)
	NOT-FOR-US: e107 CMS
CVE-2008-6207 (Unrestricted file upload vulnerability in form_upload.php in PHPG ...)
	NOT-FOR-US: PHPG Upload
CVE-2008-6206 (Multiple PHP remote file inclusion vulnerabilities in RobotStats 0.1 ...)
	NOT-FOR-US: RobotStats
CVE-2008-6205 (Cross-site scripting (XSS) vulnerability in seeurl.php in Xavier ...)
	NOT-FOR-US: Xavier Flahaut URLStreet
CVE-2008-6204 (Multiple SQL injection vulnerabilities in SuperNET Shop 1.0 and ...)
	NOT-FOR-US: SuperNET Shop
CVE-2008-6203 (SQL injection vulnerability in adminler.asp in CoBaLT 2.0 allows ...)
	NOT-FOR-US: CoBaLT
CVE-2008-6202 (SQL injection vulnerability in CoBaLT 1.0 allows remote attackers to ...)
	NOT-FOR-US: CoBaLT
CVE-2008-6201 (Directory traversal vulnerability in help.php in the eskuel module in ...)
	NOT-FOR-US: KwsPHP
CVE-2008-6200 (Multiple cross-site scripting (XSS) vulnerabilities in Swiki 1.5 allow ...)
	NOT-FOR-US: Swiki
CVE-2008-6199 (2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: 2532designs 2532|Gigs
CVE-2008-6198 (SQL injection vulnerability in pages.php in Custom Pages 1.0 plugin ...)
	NOT-FOR-US: Custom Pages 1.0 plugin for MyBulletinBoard
CVE-2008-6197 (SQL injection vulnerability in index.php in the galerie module for ...)
	NOT-FOR-US: KwsPHP
CVE-2008-6196 (Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT ...)
	NOT-FOR-US: Philippe CROCHAT EasySite
CVE-2008-6195 (Directory traversal vulnerability in the PXE TFTP Service ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-6194 (Memory leak in the DNS server in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-6193 (Sam Crew MyBlog stores passwords in cleartext in a MySQL database, ...)
	NOT-FOR-US: Sam Crew MyBlog
CVE-2008-6192 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2008-6191 (Conductor.exe in Intrinsic Swimage Encore before 5.0.1.21 contains a ...)
	NOT-FOR-US: Intrinsic Swimage Encore
CVE-2008-6190 (Cross-site scripting (XSS) vulnerability in index.php in EEBCMS 0.95 ...)
	NOT-FOR-US: EEBCMS
CVE-2008-6189 (SQL injection vulnerability in GForge 4.5.19 allows remote attackers ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6188 (SQL injection vulnerability in people/editprofile.php in Gforge 4.6 ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6187 (SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-5
CVE-2008-6186 (Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote ...)
	NOT-FOR-US: RaidenFTPD
CVE-2008-6185 (NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-6184 (SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-6183 (Multiple directory traversal vulnerabilities in index.php in My PHP ...)
	NOT-FOR-US: My PHP Indexer
CVE-2008-6182 (SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) ...)
	NOT-FOR-US: Joomla!
CVE-2008-6181 (SQL injection vulnerability in the Mad4Joomla Mailforms ...)
	NOT-FOR-US: Joomla!
CVE-2008-6180 (SQL injection vulnerability in system/nlb_user.class.php in NewLife ...)
	NOT-FOR-US: NewLife Blogger
CVE-2008-6179 (SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows ...)
	NOT-FOR-US: IndexScript
CVE-2008-6178 (Unrestricted file upload vulnerability in ...)
	NOTE: Alleged exploit does not work.
CVE-2008-6177 (Multiple directory traversal vulnerabilities in LightBlog 9.8, when ...)
	NOT-FOR-US: LightBlog
CVE-2008-6176
	REJECTED
CVE-2008-6175 (SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SilverSHielD
CVE-2008-6174 (Cross-site scripting (XSS) vulnerability in admin/postlister/index.php ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-6173 (Cross-site scripting (XSS) vulnerability in fullscreen.php in ...)
	NOT-FOR-US: ClipShare Pro
CVE-2008-6172 (Directory traversal vulnerability in captcha/captcha_image.php in the ...)
	NOT-FOR-US: Joomla!
CVE-2008-6171 (includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, ...)
	- drupal5 5.12-1 (low; bug #519114)
	- drupal6 6.6-1 (low; bug #519115)
CVE-2008-6170 (Cross-site scripting (XSS) vulnerability in Drupal 5.x before 5.12 and ...)
	- drupal6 6.9-1 (low)
	[lenny] - drupal6 6.6-1.1
CVE-2008-6169 (Cross-site request forgery (CSRF) vulnerability in the Localization ...)
	NOT-FOR-US: Localization modules for Drupal
CVE-2008-6168 (Cross-site scripting (XSS) vulnerability in search.php in miniPortail ...)
	NOT-FOR-US: miniPortail
CVE-2008-6167 (Directory traversal vulnerability in search.php in miniPortail 2.2 and ...)
	NOT-FOR-US: miniPortail
CVE-2009-0646 (Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier ...)
	NOT-FOR-US: 4Site CMS
CVE-2009-0645 (Directory traversal vulnerability in index.php in Jaws 0.8.8 allows ...)
	NOT-FOR-US: Jaws
CVE-2009-0644 (The HTTP interface in Swann DVR4-SecuraNet has a certain default ...)
	NOT-FOR-US: Swann DVR4-SecuraNet
CVE-2009-0643 (Static code injection vulnerability in post.php in Simple PHP News 1.0 ...)
	NOT-FOR-US: Simple PHP News
CVE-2009-0642 (ext/openssl/ossl_ocsp.c in Ruby 1.8 and 1.9 does not properly check ...)
	{DSA-1860-1}
	- ruby1.9 1.9.0.5-1 (bug #513528)
	- ruby1.8 1.8.7.72-3.1 (medium; bug #517639; bug #522939)
CVE-2009-0641 (sys_term.c in telnetd in FreeBSD 7.0-RELEASE and other 7.x versions ...)
	NOT-FOR-US: FreeBSD telnetd (apparently there's some common code base in netkit-telnet, but it's not affected
CVE-2009-0640 (Directory traversal vulnerability in the administrative web server in ...)
	NOT-FOR-US: Swann DVR4-SecuraNet
CVE-2009-0639 (PHP remote file inclusion vulnerability in moduli/libri/index.php in ...)
	NOT-FOR-US: phpyabs
CVE-2008-6166 (SQL injection vulnerability in the KBase (com_kbase) 1.2 component for ...)
	NOT-FOR-US: Joomla!
CVE-2008-6165 (SQL injection vulnerability in gestion.php in CSPartner 0.1, when ...)
	NOT-FOR-US: CSPartner
CVE-2008-6164 (Cross-site scripting (XSS) vulnerability in index.php in DreamCost ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2008-6163 (SQL injection vulnerability in www/delivery/ac.php in OpenX 2.6.1 ...)
	- openx <itp> (bug #513771)
CVE-2008-6162 (Bux.to Clone script allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Bux.to Clone script
CVE-2008-6161 (Cross-site scripting (XSS) vulnerability in WOW Raid Manager (WRM) ...)
	NOT-FOR-US: WOW Raid Manager
CVE-2008-6160 (Semantically-Interconnected Online Communities (SIOC) 5.x before ...)
	NOT-FOR-US: Semantically-Interconnected Online Communities
CVE-2008-6159 (Content Management Made Easy (CMME) 1.19 allows remote attackers to ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2005-4878 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	- acidbase 1.2.1-1
CVE-2009-0638 (The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2009-0637 (The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0636 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0635 (Memory leak in the Cisco Tunneling Control Protocol (cTCP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0634 (Multiple unspecified vulnerabilities in the home agent (HA) ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0633 (Multiple unspecified vulnerabilities in the (1) Mobile IP NAT ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0632 (The IP Phone Personal Address Book (PAB) Synchronizer feature in Cisco ...)
	NOT-FOR-US: Cisco Unified Communications Manager
CVE-2009-0631 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0630 (The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0629 (The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0628 (Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0627 (Unspecified vulnerability in Cisco NX-OS before 4.0(1a)N2(1), when ...)
	NOT-FOR-US: Cisco NX-OS
CVE-2009-0626 (The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0625 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
	NOT-FOR-US: Cisco
CVE-2009-0624 (Unspecified vulnerability in the SNMPv2c implementation in Cisco ACE ...)
	NOT-FOR-US: Cisco
CVE-2009-0623 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
	NOT-FOR-US: Cisco
CVE-2009-0622 (Unspecified vulnerability in Cisco ACE Application Control Engine ...)
	NOT-FOR-US: Cisco
CVE-2009-0621 (Cisco ACE 4710 Application Control Engine Appliance before A1(8a) uses ...)
	NOT-FOR-US: Cisco
CVE-2009-0620 (Cisco ACE Application Control Engine Module for Catalyst 6500 Switches ...)
	NOT-FOR-US: Cisco
CVE-2009-0619 (Unspecified vulnerability in the Session Border Controller (SBC) ...)
	NOT-FOR-US: Cisco
CVE-2009-0618 (Unspecified vulnerability in the Java agent in Cisco Application ...)
	NOT-FOR-US: Cisco
CVE-2009-0617 (Cisco Application Networking Manager (ANM) before 2.0 uses a default ...)
	NOT-FOR-US: Cisco
CVE-2009-0616 (Cisco Application Networking Manager (ANM) before 2.0 uses default ...)
	NOT-FOR-US: Cisco
CVE-2009-0615 (Directory traversal vulnerability in Cisco Application Networking ...)
	NOT-FOR-US: Cisco
CVE-2009-0614 (Unspecified vulnerability in the Web Server in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2009-0613 (Trend Micro InterScan Web Security Suite (IWSS) 3.1 before build 1237 ...)
	NOT-FOR-US: Trend Micro
CVE-2009-0612 (Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 3.x and ...)
	NOT-FOR-US: Trend Micro
CVE-2009-0611 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2009-0610 (Multiple static code injection vulnerabilities in post.php in Simple ...)
	NOT-FOR-US: Simple PHP News
CVE-2009-0609 (Sun Java System Directory Proxy Server in Sun Java System Directory ...)
	NOT-FOR-US: Sun Java System Directory Server Enterprise Edition
CVE-2009-0608 (Integer overflow in the showLog function in fake_log_device.c in ...)
	NOT-FOR-US: Android
CVE-2009-0607 (Multiple integer overflows in malloc_leak.c in Bionic in Open Handset ...)
	NOT-FOR-US: Android
CVE-2009-0606 (The link_image function in linker/linker.c in the dynamic linker in ...)
	NOT-FOR-US: Android
CVE-2009-0605 (Stack consumption vulnerability in the do_page_fault function in ...)
	- linux-2.6 <not-affected> (CONFIG_KPROBES is not enabled)
	- linux-2.6.24 <not-affected> (CONFIG_KPROBES is not enabled)
CVE-2008-6158 (Multiple unspecified vulnerabilities in the admin backend in w3b&gt;cms ...)
	NOT-FOR-US: w3blabor CMS
CVE-2008-6157 (SepCity Classified Ads stores the admin password in cleartext in ...)
	NOT-FOR-US: SepCity Classified Ads
CVE-2009-0604 (SQL injection vulnerability in index.php in PHP Director 0.21 and ...)
	NOT-FOR-US: PHP Director
CVE-2009-0603 (Cross-site scripting (XSS) vulnerability in index.php in the Link ...)
	NOT-FOR-US: Link drupal module
CVE-2009-0602 (Unrestricted file upload vulnerability in upload.php in WikkiTikkiTavi ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2009-0601 (Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.8)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0600 (Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.6)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0599 (Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through ...)
	- wireshark 1.0.6-1
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny4
CVE-2009-0598 (SQL injection vulnerability in index.php in PhpMesFilms 1.0 and 1.8 ...)
	NOT-FOR-US: PhpMesFilms
CVE-2009-0597 (SQL injection vulnerability in admin/index.php in w3b&gt;cms (aka ...)
	NOT-FOR-US: w3b>cms
CVE-2009-0596 (Directory traversal vulnerability in skysilver/login.tpl.php in ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0595 (PHP remote file inclusion vulnerability in skysilver/login.tpl.php in ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0594 (Cross-site scripting (XSS) vulnerability in index.php in phpSkelSite ...)
	NOT-FOR-US: phpSkelSite
CVE-2009-0593 (SQL injection vulnerability in members.php in plx Auto Reminder 3.7 ...)
	NOT-FOR-US: plx Auto Reminder
CVE-2009-0592 (Multiple directory traversal vulnerabilities in PNphpBB2 1.2i and ...)
	NOT-FOR-US: PNphpBB2
CVE-2008-6156 (SQL injection vulnerability in editCampaign.php in AdMan 1.1.20070907 ...)
	NOT-FOR-US: AdMan
CVE-2008-6155 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...)
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6154 (SQL injection vulnerability in index.php in Hispah Text Links Ads 1.1 ...)
	NOT-FOR-US: Hispah Text Links Ads
CVE-2008-6153 (SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo ...)
	NOT-FOR-US: Jay Patel Pixel8 Web Photo
CVE-2008-6152 (SQL injection vulnerability in deptdisplay.asp in SepCity Faculty ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6151 (SQL injection vulnerability in shpdetails.asp in SepCity Shopping Mall ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6150 (SQL injection vulnerability in classdis.asp in SepCity Classified Ads ...)
	NOT-FOR-US: SepCity Faculty Portal
CVE-2008-6149 (SQL injection vulnerability in the mDigg (com_mdigg) component 2.2.8 ...)
	NOT-FOR-US: Joomla
CVE-2008-6148 (SQL injection vulnerability in the Live Ticker (com_liveticker) module ...)
	NOT-FOR-US: Joomla
CVE-2008-6147 (ForumApp 3.3 stores sensitive information under the web root with ...)
	NOT-FOR-US: ForumApp
CVE-2008-6146 (SQL injection vulnerability in pm.php in DeluxeBB 1.2 and earlier, ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-6145 (Multiple SQL injection vulnerabilities in the WEC Discussion Forum ...)
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6144 (Multiple cross-site scripting (XSS) vulnerabilities in the WEC ...)
	NOT-FOR-US: WEC Discussion Forum (wec_discussion) extension TYPO3
CVE-2008-6143 (OwenPoll 1.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: OwenPoll
CVE-2008-6142 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
	NOT-FOR-US: FlexPHPic
CVE-2009-0591 (The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is ...)
	- openssl <not-affected> (vulnerable versions not uploaded to Debian)
CVE-2009-0590 (The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows ...)
	{DSA-1763-1}
	- openssl 0.9.8g-16 (low; bug #522002)
CVE-2009-0589
	REJECTED
CVE-2009-0588 (agent/request/op.cgi in the Registration Authority (RA) component in ...)
	NOT-FOR-US: Registration Authority (RA) component in Red Hat Certificate System (RHCS)
CVE-2009-0587 (Multiple integer overflows in Evolution Data Server (aka ...)
	{DSA-1813-1}
	- evolution-data-server 2.22.3-1 (medium)
	NOTE: this version doesnt fix the overflows but uses the glib functions for decoding instead
CVE-2009-0586 (Integer overflow in the gst_vorbis_tag_add_coverart function ...)
	- gst-plugins-base0.10 0.10.22-4
	[lenny] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present)
	[etch] - gst-plugins-base0.10 <not-affected> (Vulnerable lib calls not present)
CVE-2009-0585 (Integer overflow in the soup_base64_encode function in soup-misc.c in ...)
	{DSA-1748-1}
	- libsoup 2.2.105-4 (medium; bug #520039)
CVE-2009-0584 (icc.c in the International Color Consortium (ICC) Format library (aka ...)
	{DSA-1746-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
	- argyll 1.0.3-2 (bug #522448)
	- gs-gpl <removed> (medium)
	- gs-esp <removed>
CVE-2009-0583 (Multiple integer overflows in icc.c in the International Color ...)
	{DSA-1746-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #522416)
	- argyll 1.0.3-2 (bug #522448)
	- gs-gpl <removed> (medium)
	- gs-esp <removed>
CVE-2009-0582 (The ntlm_challenge function in the NTLM SASL authentication mechanism ...)
	{DSA-1813-1}
	- evolution-data-server 2.26.1.1-1
CVE-2009-0581 (Memory leak in LittleCMS (aka lcms or liblcms) before 1.18beta2, as ...)
	{DSA-1769-1 DSA-1745-1}
	- lcms 1.18.dfsg-1 (bug #522446)
CVE-2009-0580 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
	{DSA-2207-1}
	- tomcat6 6.0.20-1 (low; bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (low; bug #532363)
	- tomcat5.5 <removed> (low; bug #532366)
CVE-2009-0579 (Linux-PAM before 1.0.4 does not enforce the minimum password age ...)
	- pam 1.0.1-10 (unimportant; bug #514437)
	NOTE: the ability to change a password earlier than scheduled is not a security
	NOTE: vulnerability in itself (unless the user changes their password back to
	NOTE: their previous password; thus violating the security policy as defined by
	NOTE: the administrator)
CVE-2009-0578 (GNOME NetworkManager before 0.7.0.99 does not properly verify ...)
	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
	[lenny] - network-manager-applet <not-affected> (Bug affected the 0.7.x series)
CVE-2009-0577 (Integer overflow in the WriteProlog function in texttops in CUPS ...)
	NOT-FOR-US: RedHat specific, because they had a problem applying the fix for CVE-2008-3640
CVE-2009-0576 (Unspecified vulnerability in Sun Java System Directory Server 5.2 p6 ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2009-0575 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Views Bulk Operations
CVE-2009-0574 (SQL injection vulnerability in index.php in Easy CafeEngine allows ...)
	NOT-FOR-US: Easy CafeEngine
CVE-2009-0573 (Multiple cross-site scripting (XSS) vulnerabilities in FotoWeb 6.0 ...)
	NOT-FOR-US: FotoWeb
CVE-2009-0572 (PHP remote file inclusion vulnerability in include/flatnux.php in ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2009-0571 (admin.php in Ninja Designs Mailist 3.0 stores backup copies of ...)
	NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0570 (Directory traversal vulnerability in send.php in Ninja Designs Mailist ...)
	NOT-FOR-US: Ninja Designs Mailist
CVE-2009-0569 (Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows ...)
	NOT-FOR-US: Becky! Internet Mail
CVE-2009-0568 (The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0567
	REJECTED
CVE-2009-0566 (Microsoft Office Publisher 2007 SP1 does not properly calculate object ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2009-0565 (Buffer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, and 2007 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0564
	RESERVED
CVE-2009-0563 (Stack-based buffer overflow in Microsoft Office Word 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0562 (The Office Web Components ActiveX Control in Microsoft Office XP SP3, ...)
	NOT-FOR-US: ActiveX
CVE-2009-0561 (Integer overflow in Excel in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0560 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0559 (Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-0558 (Array index error in Excel in Microsoft Office 2000 SP3 and Office ...)
	NOT-FOR-US: Microsoft
CVE-2009-0557 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0556 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-0555 (Microsoft Windows Media Runtime, as used in DirectShow WMA Voice ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0554 (Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0553 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0552 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0551 (Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2009-0550 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0549 (Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0548 (Cross-site scripting (XSS) vulnerability in the Additional Report ...)
	NOT-FOR-US: Additional Report Settings interface in ESET Remote Administrator
CVE-2009-0547 (Evolution 2.22.3.1 checks S/MIME signatures against a copy of the ...)
	{DSA-1813-1}
	- evolution-data-server 2.24.5-2 (low; bug #508479)
CVE-2009-0546 (Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2009-0545 (cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote ...)
	NOT-FOR-US: ZeroShell
CVE-2009-0544 (Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote ...)
	{DSA-1726-1}
	- python-crypto 2.0.1+dfsg1-3 (bug #516660)
CVE-2009-0543 (ProFTPD Server 1.3.1, with NLS support enabled, allows remote ...)
	{DSA-1730-1 DSA-1727-1}
	- proftpd-dfsg 1.3.2-1 (medium; bug #516388)
	[etch] - proftpd-dfsg <not-affected> (etch version not affected)
	[lenny] - proftpd-dfsg 1.3.1-17lenny2
CVE-2009-0542 (SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 ...)
	{DSA-1730-1 DSA-1727-1}
	- proftpd-dfsg 1.3.2-1 (medium; bug #516388)
	[etch] - proftpd-dfsg <not-affected> (etch version not affected)
	[lenny] - proftpd-dfsg 1.3.1-17lenny2
CVE-2009-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Magento 1.2.0 ...)
	NOT-FOR-US: Magento
CVE-2009-0540 (Cross-site scripting (XSS) vulnerability in Libero 5.3 SP5, and ...)
	NOT-FOR-US: Libero
CVE-2009-0539
	RESERVED
CVE-2009-0538 (Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2009-0537 (Integer overflow in the fts_build function in fts.c in libc in (1) ...)
	- glibc <not-affected> (Vulnerable code not present)
	NOTE: glibc checks the comlete path length being not longer than USHRT_MAX
	NOTE: and closes the directory path + free of structures in case , io/fts.c line 727
CVE-2009-0536 (at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0535 (Directory traversal vulnerability in export.php in Thyme 1.3 and ...)
	NOT-FOR-US: Thyme
CVE-2009-0534 (SQL injection vulnerability in FlexCMS allows remote attackers to ...)
	NOT-FOR-US: FlexCMS
CVE-2009-0533 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...)
	NOT-FOR-US: Sites EZ Reminder
CVE-2009-0532 (Cross-site scripting (XSS) vulnerability in password.php in Scripts ...)
	NOT-FOR-US: Scripts For Sites (SFS) EZ Baby
CVE-2009-0531 (SQL injection vulnerability in gallery/view.asp in A Better ...)
	NOT-FOR-US: A Better Member-Based ASP Photo Gallery
CVE-2009-0530 (Multiple PHP remote file inclusion vulnerabilities in SnippetMaster ...)
	NOT-FOR-US: SnippetMaster
CVE-2009-0529 (Cross-site scripting (XSS) vulnerability in index.php in SnippetMaster ...)
	NOT-FOR-US: SnippetMaster
CVE-2009-0528 (SQL injection vulnerability in frame.php in Rhadrix If-CMS 2.07 and ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2009-0527 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AdaptCMS
CVE-2009-0526 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: AdaptCMS
CVE-2009-0525 (Cross-site scripting (XSS) vulnerability in the sajax_get_common_js ...)
	NOT-FOR-US: Sajax
CVE-2008-6141 (Unspecified vulnerability in Avaya IP Softphone 6.0 SP4 and 6.01.85 ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2008-6140 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2008-6139 (Directory traversal vulnerability in faqsupport/wce.download.php in ...)
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6138 (PHP remote file inclusion vulnerability in adminhead.php in ...)
	NOT-FOR-US: WebBiscuits Modules Controller
CVE-2008-6137 (EveryBlog 5.x and 6.x, a module for Drupal, allows remote attackers to ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6136 (Unspecified vulnerability in EveryBlog 5.x and 6.x, a module for ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6135 (Cross-site scripting (XSS) vulnerability in EveryBlog 5.x and 6.x, a ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6134 (SQL injection vulnerability in EveryBlog 5.x and 6.x, a module for ...)
	NOT-FOR-US: EveryBlog
CVE-2008-6133 (SQL injection vulnerability in arsaprint.php in Full PHP Emlak Script ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-6132 (Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-6131 (Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6130 (Cross-site scripting (XSS) vulnerability in index.php in moziloWiki ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6129 (Directory traversal vulnerability in print.php in moziloWiki 1.0.1 and ...)
	NOT-FOR-US: moziloWiki
CVE-2008-6128 (Session fixation vulnerability in moziloCMS 1.10.2 and earlier allows ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6127 (Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6126 (Multiple directory traversal vulnerabilities in moziloCMS 1.10.2 and ...)
	NOT-FOR-US: moziloCMS
CVE-2008-6125 (Unspecified vulnerability in the user editing interface in Moodle ...)
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6124 (SQL injection vulnerability in the hotpot_delete_selected_attempts ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-2
CVE-2008-6123 (The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp ...)
	- net-snmp 5.4.3~dfsg-1 (low; bug #516801)
	[etch] - net-snmp <no-dsa> (Minor issue)
	[lenny] - net-snmp <no-dsa> (Minor issue)
CVE-2008-6122 (The web management interface in Netgear WGR614v9 allows remote ...)
	NOT-FOR-US: Netgear WGR614v9
CVE-2008-6121 (CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier ...)
	NOT-FOR-US: SocialEngine
CVE-2008-6120 (SQL injection vulnerability in profile_comments.php in SocialEngine ...)
	NOT-FOR-US: SocialEngine
CVE-2008-6119 (Static code injection vulnerability in ...)
	NOT-FOR-US: Goople CMS
CVE-2008-6118 (win/content/upload.php in Goople CMS 1.7 allows remote attackers to ...)
	NOT-FOR-US: Goople CMS
CVE-2008-6117 (SQL injection vulnerability in homepage.php in PG Job Site Pro allows ...)
	NOT-FOR-US: PG Job Site Pro
CVE-2008-6116 (SQL injection vulnerability in the EXtrovert Software Thyme ...)
	NOT-FOR-US: Joomla
CVE-2008-6115 (SQL injection vulnerability in directory.php in Prozilla Hosting Index ...)
	NOT-FOR-US: Prozilla Hosting Index
CVE-2008-6114 (SQL injection vulnerability in product_details.php in the Mytipper ...)
	NOT-FOR-US: Mytipper Zogo-shop
CVE-2008-6113 (Cross-site scripting (XSS) vulnerability in SemanticScuttle before ...)
	NOT-FOR-US: SemanticScuttle
CVE-2008-6112 (Multiple directory traversal vulnerabilities in Ez Ringtone Manager ...)
	NOT-FOR-US: Ez Ringtone Manager
CVE-2008-6111 (SQL injection vulnerability in blog.php in NetArt Media Vlog System ...)
	NOT-FOR-US: NetArt Media Vlog System
CVE-2009-XXXX [nautilus: potential exploits via application launchers]
	- nautilus 2.26.2-1 (low; bug #515104)
	[lenny] - nautilus <no-dsa> (Minor issue)
	[etch] - nautilus <no-dsa> (Minor issue)
	NOTE: need to submit a request for CVE id
CVE-2009-XXXX [konqueror: potential exploits via application launchers]
	- kdebase <unfixed> (unimportant; bug #515106)
	NOTE: Minor impact, any attack would still require a significant amount of social engineering
CVE-2009-0737 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
	{DSA-1901-1}
	- mediawiki 1:1.14.0-1 (low; bug #514547)
	- mediawiki1.7 <removed>
	[lenny] - mediawiki 1:1.12.0-2lenny3
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2009-0524 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp 6 and 7, ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2009-0523 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
	NOT-FOR-US: Adobe RoboHelp
CVE-2009-0522 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0521 (Untrusted search path vulnerability in Adobe Flash Player 9.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0520 (Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0519 (Unspecified vulnerability in Adobe Flash Player 9.x before 9.0.159.0 ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2009-0518 (VI Client in VMware VirtualCenter before 2.5 Update 4, VMware ESXi 3.5 ...)
	NOT-FOR-US: VMware
CVE-2009-0517 (Eval injection vulnerability in index.php in phpSlash 0.8.1.1 and ...)
	NOT-FOR-US: phpSlash
CVE-2009-0516 (SQL injection vulnerability in the classified page (classified.php) in ...)
	NOT-FOR-US: BusinessSpace
CVE-2009-0515 (Directory traversal vulnerability in check_lang.php in Yet Another ...)
	NOT-FOR-US: YANOCC
CVE-2009-0514 (Multiple directory traversal vulnerabilities in WebFrame 0.76 allow ...)
	NOT-FOR-US: WebFrame
CVE-2009-0513 (Multiple PHP remote file inclusion vulnerabilities in WebFrame 0.76 ...)
	NOT-FOR-US: WebFrame
CVE-2009-0512 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0511 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0510 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0508 (The Servlet Engine/Web Container and JSP components in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0507 (IBM WebSphere Process Server (WPS) 6.1.2 before 6.1.2.3 and 6.2 before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0506 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0505 (The CICS listener in IBM TXSeries for Multiplatforms 6.2 GA waits for ...)
	NOT-FOR-US: IBM TXSeries
CVE-2009-0504 (WSPolicy in the Web Services component in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0503 (IBM WebSphere Message Broker 6.1.x before 6.1.0.2 writes a database ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6110 (Unspecified vulnerability in SemanticScuttle before 0.90 has unknown ...)
	NOT-FOR-US: SemanticScuttle
CVE-2008-6109 (Robin Rawson-Tetley Animal Shelter Manager (ASM) before 2.2.2 does not ...)
	NOT-FOR-US: Robin Rawson-Tetley Animal Shelter Manager
CVE-2008-6108 (Cross-site scripting (XSS) vulnerability in result.php in Galatolo ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-6107 (The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, ...)
	- linux-2.6 2.6.25-4 (low)
	- linux-2.6.24 <removed>
CVE-2008-6106 (Cross-site request forgery (CSRF) vulnerability in IBM Workplace for ...)
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6105 (Cross-site scripting (XSS) vulnerability in IBM Workplace for Business ...)
	NOT-FOR-US: IBM Workplace for Business Controls
CVE-2008-6104 (SQL injection vulnerability in A4Desk PHP Event Calendar allows remote ...)
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6103 (PHP remote file inclusion vulnerability in index.php in A4Desk Event ...)
	NOT-FOR-US: A4Desk PHP Event Calendar
CVE-2008-6102 (SQL injection vulnerability in ratelink.php in Link Trader Script ...)
	NOT-FOR-US: Link Trader Script
CVE-2008-6101 (SQL injection vulnerability in click.php in Adult Banner Exchange ...)
	NOT-FOR-US: Adult Banner Exchange Website
CVE-2008-6100 (Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, ...)
	NOT-FOR-US: Discussion Forums
CVE-2008-6099 (PHP remote file inclusion vulnerability in index.php in RPortal 1.1 ...)
	NOT-FOR-US: RPortal
CVE-2009-0502 (Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php ...)
	{DSA-1724-1}
	- moodle 1.8.2.dfsg-3 (low)
	NOTE: MSA-09-0004
CVE-2009-0501 (Unspecified vulnerability in the Calendar export feature in Moodle 1.8 ...)
	{DTSA-195-1}
	- moodle 1.8.2.dfsg-4 (low)
	[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0500 (Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle ...)
	{DSA-1724-1 DTSA-195-1}
	- moodle 1.8.2.dfsg-3 (low)
CVE-2009-0499 (Cross-site request forgery (CSRF) vulnerability in the forum code in ...)
	- moodle 1.8.2.dfsg-3 (low)
	[etch] - moodle <not-affected> (Vulnerable code not present)
CVE-2009-0498 (Virtual GuestBook (vgbook) 2.1 stores sensitive information under the ...)
	NOT-FOR-US: Virtual GuestBook
CVE-2009-0497 (Directory traversal vulnerability in log.jsp in Ignite Realtime ...)
	NOT-FOR-US: Openfire
CVE-2009-0496 (Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime ...)
	NOT-FOR-US: Openfire
CVE-2009-0495 (PHP remote file inclusion vulnerability in include/define.php in ...)
	NOT-FOR-US: REALTOR
CVE-2009-0494 (SQL injection vulnerability in the Portfol (com_portfol) 1.2 component ...)
	NOT-FOR-US: Joomla
CVE-2009-0493 (SQL injection vulnerability in login.php in IT!CMS 2.1a and earlier ...)
	NOT-FOR-US: IT CMS
CVE-2009-0492 (Unspecified vulnerability in SimpleIrcBot before 1.0 Stable has ...)
	NOT-FOR-US: SimpleIrcBot
CVE-2009-0491 (Stack-based buffer overflow in Elecard MPEG Player 5.5 build ...)
	NOT-FOR-US: Elecard MPEG Player
CVE-2009-0488 (Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 ...)
	NOT-FOR-US: Phorum
CVE-2009-0486 (Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls ...)
	- bugzilla 3.2.4.0-1 (bug #514143)
	[etch] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
	[lenny] - bugzilla <not-affected> (Versions before 3.2.1, 3.0.7, and 3.3.2 were not affected)
CVE-2009-0485 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.17 to ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0484 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 3.0 before ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0483 (Cross-site request forgery (CSRF) vulnerability in Bugzilla 2.22 ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0482 (Cross-site request forgery (CSRF) vulnerability in Bugzilla before 3.2 ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0481 (Bugzilla 2.x before 2.22.7, 3.0 before 3.0.7, 3.2 before 3.2.1, and ...)
	- bugzilla 3.2.4.0-1 (low; bug #514143)
	[etch] - bugzilla <no-dsa> (Minor issue)
	[lenny] - bugzilla <no-dsa> (Minor issue)
CVE-2009-0480 (The IP implementation in Sun Solaris 8 through 10, and OpenSolaris ...)
	NOT-FOR-US: Solaris
CVE-2008-6098 (Bugzilla 3.2 before 3.2 RC2, 3.0 before 3.0.6, 2.22 before 2.22.6, ...)
	- bugzilla <unfixed> (unimportant)
CVE-2008-6097 (Multiple cross-site scripting (XSS) vulnerabilities in WikyBlog before ...)
	NOT-FOR-US: WikyBlog
CVE-2008-6096 (Cross-site scripting (XSS) vulnerability in Juniper NetScreen ScreenOS ...)
	NOT-FOR-US: Juniper NetScreen ScreenOS
CVE-2008-6095 (Cross-site scripting (XSS) vulnerability in surveillanceView.htm in ...)
	NOT-FOR-US: OpenNMS
CVE-2008-6094 (Cross-site scripting (XSS) vulnerability in user.do in Celoxis ...)
	NOT-FOR-US: Celoxis Technologies Celoxis
CVE-2008-6093 (SQL injection vulnerability in index.php in Noname CMS 1.0, when ...)
	NOT-FOR-US: Noname CMS
CVE-2008-6092 (phpscripts Ranking Script allows remote attackers to bypass ...)
	NOT-FOR-US: phpscripts Ranking Script
CVE-2008-6091 (SQL injection vulnerability in plugins.php in BMForum 5.6, when ...)
	NOT-FOR-US: BMForum
CVE-2009-0489 (The DBus configuration file for Wicd before 1.5.9 allows arbitrary ...)
	- wicd 1.5.9-1
CVE-2009-0479 (Multiple SQL injection vulnerabilities in admin/admin_login.php in ...)
	NOT-FOR-US: Online Grades
CVE-2009-0477 (Unspecified vulnerability in the process (aka proc) filesystem in Sun ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0476 (Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 ...)
	NOT-FOR-US: MultiMedia Soft audio components
CVE-2009-0475 (Integer underflow in the Huffman decoding functionality ...)
	NOT-FOR-US: OpenCORE
CVE-2009-0474 (The web interface in the Rockwell Automation ControlLogix 1756-ENBT/A ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0473 (Open redirect vulnerability in the web interface in the Rockwell ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0472 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Rockwell EtherNet/IP Bridge Module
CVE-2009-0471 (Cross-site request forgery (CSRF) vulnerability in the HTTP server in ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0470 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2009-0469 (Unspecified vulnerability in futomi's CGI Cafe Fulltext search CGI ...)
	NOT-FOR-US: futomi's CGI Cafe
CVE-2009-0468 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Profense Web Application Firewall
CVE-2009-0467 (Cross-site scripting (XSS) vulnerability in proxy.html in Profense Web ...)
	NOT-FOR-US: Profense Web Application Firewall
CVE-2009-0466 (Cross-site scripting (XSS) vulnerability in Vivvo CMS before 4.1.1 ...)
	NOT-FOR-US: Vivvo CMS
CVE-2009-0465 (The SaveDoc method in the All_In_The_Box.AllBox ActiveX control in ...)
	NOT-FOR-US: Synactis ALL In-The-Box ActiveX 3
CVE-2009-0464 (PHP remote file inclusion vulnerability in includes/header.php in ...)
	NOT-FOR-US: Groone GBook
CVE-2009-0463 (PHP remote file inclusion vulnerability in includes/header.php in ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0462 (Multiple SQL injection vulnerabilities in customer_login_check.asp in ...)
	NOT-FOR-US: ClickTech ClickCart
CVE-2009-0461 (Whole Hog Password Protect: Enhanced 1.x allows remote attackers to ...)
	NOT-FOR-US: Whole Hog Password Protect
CVE-2009-0460 (Whole Hog Ware Support 1.x allows remote attackers to bypass ...)
	NOT-FOR-US: Whole Hog Ware Support
CVE-2009-0459 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...)
	NOT-FOR-US: Whole Hog Password Protect
CVE-2009-0458 (Multiple SQL injection vulnerabilities in admin/login_submit.php in ...)
	NOT-FOR-US: Whole Hog Ware Support
CVE-2009-0457 (Multiple directory traversal vulnerabilities in AJA Portal 1.2 allow ...)
	NOT-FOR-US: AJA Portal
CVE-2009-0456 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: patForms
CVE-2009-0455 (Cross-site scripting (XSS) vulnerability in the anonymous comments ...)
	NOT-FOR-US: glFusion
CVE-2009-0454 (Multiple SQL injection vulnerabilities in DMXReady Online Notebook ...)
	NOT-FOR-US: DMXReady Online Notebook Manager
CVE-2009-0453 (Online Grades 3.2.4 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: Online Grades
CVE-2009-0452 (Multiple SQL injection vulnerabilities in parents/login.php in Online ...)
	NOT-FOR-US: Online Grades
CVE-2009-0451 (SQL injection vulnerability in Skalfa SkaLinks 1.5 allows remote ...)
	NOT-FOR-US: Skalfa SkaLinks
CVE-2009-0450 (Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier ...)
	NOT-FOR-US: BlazeVideo
CVE-2009-0449 (Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2009-0448 (Directory traversal vulnerability in admin/modules/aa/preview.php in ...)
	NOT-FOR-US: Syntax Desktop
CVE-2009-0447 (Multiple SQL injection vulnerabilities in default.asp in MyDesign ...)
	NOT-FOR-US: MyDesign Sayac
CVE-2009-0446 (SQL injection vulnerability in photo.php in WEBalbum 2.4b allows ...)
	NOT-FOR-US: WEBalbum
CVE-2009-0445 (SQL injection vulnerability in index.php in Dreampics Gallery Builder ...)
	NOT-FOR-US: Dreampics Gallery Builder
CVE-2009-0444 (Multiple PHP remote file inclusion vulnerabilities in GRBoard 1.8, ...)
	NOT-FOR-US: GRBoard
CVE-2009-0443 (Stack-based buffer overflow in Elecard AVC HD PLAYER 5.5.90116 allows ...)
	NOT-FOR-US: Elecard AVC HD PLAYER
CVE-2009-0442 (Directory traversal vulnerability in bbcode.php in PHPbbBook 1.3 and ...)
	NOT-FOR-US: PHPbbBook
CVE-2009-0441 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Technote
CVE-2009-0440 (IBM WebSphere Partner Gateway (WPG) 6.0.0 through 6.0.0.7 does not ...)
	NOT-FOR-US: IBM WebSphere Partner Gateway
CVE-2009-0439 (Unspecified vulnerability in the queue manager in IBM WebSphere MQ ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0438 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0437 (The Installation Factory installation process for IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0436 (The (1) mod_ibm_ssl and (2) mod_cgid modules in IBM HTTP Server 6.0.x ...)
	NOT-FOR-US: IBM HTTP Server
CVE-2009-0435 (Unspecified vulnerability in the IBM Asynchronous I/O (aka AIO or ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0434 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0433 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2009-0432 (The installation process for the File Transfer servlet in the System ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-6090 (Directory traversal vulnerability in members.php in ScriptsEz Mini ...)
	NOT-FOR-US: ScriptsEz Mini Hosting Panel
CVE-2008-6089 (Directory traversal vulnerability in main.php in ScriptsEz Easy Image ...)
	NOT-FOR-US: ScriptsEz
CVE-2008-6088 (SQL injection vulnerability in the Joomtracker (com_joomtracker) 1.01 ...)
	NOT-FOR-US: Joomla
CVE-2008-6087 (Cross-site scripting (XSS) vulnerability in topic.php in Camera Life ...)
	NOT-FOR-US: Camera Life
CVE-2008-6086 (SQL injection vulnerability in album.php in Camera Life 2.6.2b4 allows ...)
	NOT-FOR-US: Camera Life
CVE-2008-6085 (Integer overflow in multiple F-Secure anti-virus products, including ...)
	NOT-FOR-US: F-Secure
CVE-2008-6084 (Unrestricted file upload vulnerability in pages/download.php in Iamma ...)
	NOT-FOR-US: Iamma Simple Gallery
CVE-2008-6083 (Directory traversal vulnerability in header.php in TXTshop beta 1.0 ...)
	NOT-FOR-US: TXTshop
CVE-2008-6082 (Titan FTP Server 6.26 build 630 allows remote attackers to cause a ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-6081 (SQL injection vulnerability in contact.php in Simple Customer 1.2 ...)
	NOT-FOR-US: Simple Customer
CVE-2008-6080 (Directory traversal vulnerability in download.php in the ionFiles ...)
	NOT-FOR-US: Joomla
CVE-2008-6079 (imlib2 before 1.4.2 allows context-dependent attackers to have an ...)
	{DSA-2029-1}
	- imlib2 1.4.2-1 (bug #576469)
	NOTE: poked upstream for more details
CVE-2008-6078 (SQL injection vulnerability in open.php in the Private Messaging ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-6077 (SQL injection vulnerability in loudblog/ajax.php in LoudBlog 0.8.0a ...)
	NOT-FOR-US: LoudBlog
CVE-2008-6076 (SQL injection vulnerability in the Daily Message (com_dailymessage) ...)
	NOT-FOR-US: Joomla
CVE-2008-6075 (SQL injection vulnerability in aspkat.asp in Bahar Download Script 2.0 ...)
	NOT-FOR-US: Bahar Download Script
CVE-2008-6074 (Directory traversal vulnerability in frame.php in phpcrs 2.06 and ...)
	NOT-FOR-US: phpcrs
CVE-2008-6073 (StorageCrypt 2.0.1 does not properly encrypt disks, which allows local ...)
	NOT-FOR-US: StorageCrypt
CVE-2008-6072 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.1.14, ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6071 (Heap-based buffer overflow in the DecodeImage function in ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6070 (Multiple heap-based buffer underflows in the ReadPALMImage function in ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.3-1
CVE-2008-6069 (SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 ...)
	NOT-FOR-US: eChat plugin
CVE-2008-6068 (SQL injection vulnerability in the JoomlaDate (com_joomladate) ...)
	NOT-FOR-US: Joomla
CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...)
	NOT-FOR-US: Windows
CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2008-7272 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
	RESERVED
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2008-7273 [iceweasel-firegpg: Passphrase and Cleartext Recovery]
	RESERVED
	- iceweasel-firegpg <removed> (bug #514386)
CVE-2009-0431 (SQL injection vulnerability in Default.asp in LinksPro Standard ...)
	NOT-FOR-US: LinksPro
CVE-2009-0430 (Multiple cross-site scripting (XSS) vulnerabilities in Active Bids ...)
	NOT-FOR-US: Active Bids
CVE-2009-0429 (Multiple SQL injection vulnerabilities in Active Bids allow remote ...)
	NOT-FOR-US: Active Bids
CVE-2009-0428 (SQL injection vulnerability in ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0427 (SQL injection vulnerability in ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0426 (SQL injection vulnerability in ...)
	NOT-FOR-US: DMXReady Secure Document
CVE-2009-0425 (SQL injection vulnerability in index.php in Blue Eye CMS 1.0.0 and ...)
	NOT-FOR-US: Blue Eye CMS
CVE-2009-0424 (Cross-site scripting (XSS) vulnerability in sign1.php in AN Guestbook ...)
	NOT-FOR-US: AN Guestbook
CVE-2009-0423 (Directory traversal vulnerability in index.php in Php Photo Album ...)
	NOT-FOR-US: Php Photo Album
CVE-2009-0422 (Dynamic variable evaluation vulnerability in lists/admin.php in ...)
	NOT-FOR-US: phpList
CVE-2009-0421 (SQL injection vulnerability in the Eventing (com_eventing) 1.6.x ...)
	NOT-FOR-US: Joomla
CVE-2009-0420 (SQL injection vulnerability in the RD-Autos (com_rdautos) 1.5.5 Stable ...)
	NOT-FOR-US: Joomla
CVE-2009-0419 (Microsoft XML Core Services, as used in Microsoft Expression Web, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0418 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in HP HP-UX ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-6067
	REJECTED
CVE-2008-6066 (Multiple PHP remote file inclusion vulnerabilities in Meet#Web 0.8 ...)
	NOT-FOR-US: Meet#Web
CVE-2008-6065 (Oracle Database Server 10.1, 10.2, and 11g grants directory WRITE ...)
	NOT-FOR-US: Oracle Database Server
CVE-2008-6064 (Multiple SQL injection vulnerabilities in DomPHP 0.81 allow remote ...)
	NOT-FOR-US: DomPHP
CVE-2008-6063 (Microsoft Word 2007, when the &quot;Save as PDF&quot; add-on is enabled, places ...)
	NOT-FOR-US: Microsoft
CVE-2008-6062 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
	NOT-FOR-US: Adobe Dreamweaver
CVE-2008-6061 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
	NOT-FOR-US: Techsmith Camtasia Studio
CVE-2008-6060 (Cross-site scripting (XSS) vulnerability in ActionScript in arbitrary ...)
	NOT-FOR-US: InfoSoft FusionCharts
CVE-2008-6059 (xml/XMLHttpRequest.cpp in WebCore in WebKit before r38566 does not ...)
	- webkit <not-affected> (bug #516555; low)
	NOTE: webkit in linux needs libsoup for cookie support
CVE-2008-6058 (Syslserve 1.058 and earlier, and probably 1.059, allows remote ...)
	NOT-FOR-US: Syslserve
CVE-2008-6057 (Doug Luxem Liberum Help Desk 0.97.3 stores db/helpdesk2000.mdb under ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2008-6056 (Multiple cross-site scripting (XSS) vulnerabilities in World Recipe ...)
	NOT-FOR-US: World Recipe
CVE-2008-6055 (PreProjects Pre Classified Listings stores pclasp.mdb under the web ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6054 (PreProjects Pre Courier and Cargo Business stores dbcourior.mdb under ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6053 (PreProjects Pre Resume Submitter stores onlineresume.mdb under the web ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6052 (PreProjects Pre E-Learning Portal stores db_elearning.mdb under the ...)
	NOT-FOR-US: PreProjects Pre Classified Listings
CVE-2008-6051 (MetaCart Free stores metacart.mdb under the web root with insufficient ...)
	NOT-FOR-US: MetaCart Free
CVE-2008-6050 (SQL injection vulnerability in the Tech Articles (com_tech_article) ...)
	NOT-FOR-US: Tech Articles
CVE-2008-6049
	REJECTED
CVE-2008-6048 (Multiple cross-site request forgery (CSRF) vulnerabilities in TangoCMS ...)
	NOT-FOR-US: TangoCMS
CVE-2008-6047 (Cross-site scripting (XSS) vulnerability in ADbNewsSender before 1.5.2 ...)
	NOT-FOR-US: ADbNewsSender
CVE-2008-6046 (SQL injection vulnerability in ADbNewsSender before 1.5.2 allows ...)
	NOT-FOR-US: ADbNewsSender
CVE-2009-0417 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Agavi
CVE-2009-0416 (The SSL certificate setup program (genSslCert.sh) in Standards Based ...)
	NOT-FOR-US: sblim-sfcb
CVE-2009-0415 (Untrusted search path vulnerability in trickle 1.07 allows local users ...)
	- trickle 1.07-6 (bug #513456; low)
	[etch] - trickle <no-dsa> (Minor issue)
CVE-2009-0413 (Cross-site scripting (XSS) vulnerability in RoundCube Webmail ...)
	- roundcube 0.2~stable-1 (low; bug #514179)
	[lenny] - roundcube <not-affected> (Vulnerable code not present)
CVE-2009-0412 (The ProcessLogin function in class.auth.php in Interspire Shopping ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2009-0411 (Google Chrome before 1.0.154.46 does not properly restrict access from ...)
	- chromium-browser <not-affected> (Only 1.x is affected)
	- webkit <not-affected> (chrome-specific issue)
CVE-2009-0410 (Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0409 (SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0408 (Cross-site request forgery (CSRF) vulnerability in osCommerce 2.2 RC ...)
	NOT-FOR-US: osCommerce
CVE-2009-0407 (SQL injection vulnerability in admin/login.php in PHP-CMS Project 1 ...)
	NOT-FOR-US: PHP-CMS
CVE-2009-0406 (SQL injection vulnerability in index.php in Community CMS 0.4 and ...)
	NOT-FOR-US: Community CMS
CVE-2009-0405 (SQL injection vulnerability in articles.php in smartSite CMS 1.0 ...)
	NOT-FOR-US: smartSite CMS
CVE-2009-0404 (Multiple cross-site scripting (XSS) vulnerabilities in Bioinformatics ...)
	NOT-FOR-US: Bioinformatics htmLawed
CVE-2009-0403 (SQL injection vulnerability in admin/authenticate.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0402 (SQL injection vulnerability in client/new_account.php in Domain ...)
	NOT-FOR-US: Domain Technologie Control
CVE-2009-0401 (SQL injection vulnerability in browsecats.php in E-Php CMS allows ...)
	NOT-FOR-US: E-Php CMS
CVE-2009-0400 (SQL injection vulnerability in blog.php in SocialEngine 3.06 trial ...)
	NOT-FOR-US: SocialEngine
CVE-2009-0399 (Chipmunk Blogger Script allows remote attackers to gain administrator ...)
	NOT-FOR-US: Chipmunk Blogger Script
CVE-2009-0398 (Array index error in the gst_qtp_trak_handler function in ...)
	- gst-plugins-good0.10 <not-affected> (Vulnerable code not present)
	- gst-plugins-bad0.10 <not-affected> (Vulnerable code not present)
CVE-2009-0397 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0396 (The Sony Ericsson W910i, W660i, K618i, K610i, Z610i, K810i, K660i, ...)
	NOT-FOR-US: Sony Ericsson
CVE-2009-0395 (SQL injection vulnerability in the login feature in NetArt Media Car ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2009-0394 (SQL injection vulnerability in login.php in Pre Lecture Exercises ...)
	NOT-FOR-US: Pre Lecture Exercises
CVE-2009-0393 (Cross-site scripting (XSS) vulnerability in sysconf.cgi in Motorola ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0392 (Directory traversal vulnerability in sysconf.cgi in Motorola Wimax ...)
	NOT-FOR-US: Motorola Wimax
CVE-2009-0391 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform ...)
	NOT-FOR-US: Enomaly Elastic Computing Platform
CVE-2009-0389 (Multiple insecure method vulnerabilities in the Web On Windows (WOW) ...)
	NOT-FOR-US: ActiveX
CVE-2009-0388 (Multiple integer signedness errors in (1) UltraVNC 1.0.2 and 1.0.5 and ...)
	- tightvnc <not-affected> (bug in the windows-specific client connection code)
	NOTE: http://bugs.debian.org/528204
CVE-2009-0387 (Array index error in the qtdemux_parse_samples function in ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0386 (Heap-based buffer overflow in the qtdemux_parse_samples function in ...)
	{DSA-1729-1}
	- gst-plugins-good0.10 0.10.8-4.1 (bug #514177)
	[lenny] - gst-plugins-good0.10 0.10.8-4.1~lenny1
	[etch] - gst-plugins-good0.10 <not-affected> (plugin in other package)
	- gst-plugins-bad0.10 0.10.4-1
CVE-2009-0384 (SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows ...)
	NOT-FOR-US: OwnRS CMS
CVE-2009-0383 (delete.php in Max.Blog 1.0.6 does not properly restrict access, which ...)
	NOT-FOR-US: Max.Blog
CVE-2009-0382 (Unspecified vulnerability in Internationalization (i18n) Translation ...)
	- drupal5 <not-affected> (Translation module not packaged)
	- drupal6 <not-affected> (Issue only affects the 5.x branch)
CVE-2009-0381 (SQL injection vulnerability in the BazaarBuilder Ecommerce Shopping ...)
	NOT-FOR-US: BazaarBuilder Ecommerce Shopping Cart
CVE-2009-0380 (** DISPUTED ** ...)
	NOT-FOR-US: Sigsiu Online Business Index
CVE-2009-0379 (SQL injection vulnerability in the Prince Clan Chess Club ...)
	NOT-FOR-US: Prince Clan Chess Club
CVE-2009-0378 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: Joomla
CVE-2009-0377 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla
CVE-2009-0376 (Heap-based buffer overflow in a DLL file in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2009-0375 (Buffer overflow in a DLL file in RealNetworks RealPlayer 10, ...)
	NOT-FOR-US: RealPlayer
CVE-2009-0374 (** DISPUTED ** ...)
	- chromium-browser <unfixed> (unimportant)
	- webkit <not-affected> (poc doesn't work)
CVE-2009-0373 (SQL injection vulnerability in the ElearningForce Flash Magazine ...)
	NOT-FOR-US: Joomla
CVE-2009-0372 (Unrestricted file upload vulnerability in index.php in Miltenovik ...)
	NOT-FOR-US: Miltenovik Manojlo MemHT Portal
CVE-2009-0371 (Directory traversal vulnerability in post.php in SiteXS CMS 0.1.1 and ...)
	NOT-FOR-US: SiteXS CMS
CVE-2009-0370 (Multiple unspecified vulnerabilities in IBM AIX 5.2.0 through 6.1.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2009-0369 (Microsoft Internet Explorer 7 allows remote attackers to trick a user ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-6045 (Session fixation vulnerability in shopping_cart.php in xt:Commerce ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6044 (Cross-site scripting (XSS) vulnerability in advanced_search_result.php ...)
	NOT-FOR-US: xt:Commerce
CVE-2008-6043 (Multiple SQL injection vulnerabilities in PHP Pro Bid (PPB) 6.04 allow ...)
	NOT-FOR-US: PHP Pro Bid
CVE-2008-6042 (SQL injection vulnerability in the re_search module in NetArtMedia ...)
	NOT-FOR-US: NetArtMedia Real Estate Portal
CVE-2008-6041 (Multiple cross-site scripting (XSS) vulnerabilities in Index.asp in ...)
	NOT-FOR-US: Dataspade
CVE-2008-6040 (SQL injection vulnerability in index.php in Arcadem Pro 2.700 through ...)
	NOT-FOR-US: Arcadem Pro
CVE-2008-6039 (Session fixation vulnerability in BLUEPAGE CMS 2.5 and earlier allows ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6038 (SQL injection vulnerability in index.php in MapCal 0.1 allows remote ...)
	NOT-FOR-US: MapCal
CVE-2008-6037 (SQL injection vulnerability in view.php in AvailScript Article Script ...)
	NOT-FOR-US: AvailScript Article Script
CVE-2008-6036 (PHP remote file inclusion vulnerability in main.inc.php in BaseBuilder ...)
	NOT-FOR-US: BaseBuilder
CVE-2008-6035 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...)
	NOT-FOR-US: Achievo
CVE-2008-6034 (Cross-site scripting (XSS) vulnerability in dispatch.php in Achievo ...)
	NOT-FOR-US: Achievo
CVE-2008-6033 (SQL injection vulnerability in comments.php in WSN Links 2.20 allows ...)
	NOT-FOR-US: WSN Links
CVE-2008-6032 (SQL injection vulnerability in comments.php in WSN Links Free 4.0.34P ...)
	NOT-FOR-US: WSN Links
CVE-2008-6031 (SQL injection vulnerability in vote.php in WSN Links 2.22 and 2.23 ...)
	NOT-FOR-US: WSN Links
CVE-2008-6030 (Multiple SQL injection vulnerabilities in NetArtMedia Jobs Portal 1.3 ...)
	NOT-FOR-US: NetArtMedia Jobs Portal
CVE-2008-6029 (SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-6028 (SQL injection vulnerability in list.php in University of Queensland ...)
	NOT-FOR-US: Library Fez
CVE-2008-6027 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: BLUEPAGE CMS
CVE-2008-6026 (SQL injection vulnerability in tienda.php in BlueCUBE CMS allows ...)
	NOT-FOR-US: BlueCUBE CMS
CVE-2008-6025 (Directory traversal vulnerability in scr/form.php in openElec 3.01 and ...)
	NOT-FOR-US: openElec
CVE-2008-6024 (Unspecified vulnerability in the NFSv4 client module in the kernel on ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-6023 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Xnova
CVE-2008-6022 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Xnova
CVE-2008-6021 (Multiple unspecified vulnerabilities in Attachmate Reflection for ...)
	NOT-FOR-US: Attachmate Reflection
CVE-2008-6020 (SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for ...)
	NOT-FOR-US: View module (drupal module)
CVE-2008-6019 (SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows ...)
	NOT-FOR-US: EACOMM DO-CMS
CVE-2008-6018 (Directory traversal vulnerability in index.php in MyPHPSite, when ...)
	NOT-FOR-US: MyPHPSite
CVE-2008-6017 (SQL injection vulnerability in messages.php in I-Rater Basic allows ...)
	NOT-FOR-US: I-Rater Basic
CVE-2008-6016 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...)
	NOT-FOR-US: EsFaq
CVE-2008-6015 (Multiple SQL injection vulnerabilities in search.php in EsFaq 2.0 ...)
	NOT-FOR-US: EsFaq
CVE-2008-6014 (SQL injection vulnerability in scripts/links.php in Rianxosencabos CMS ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-6013 (Multiple SQL injection vulnerabilities in Freeway before 1.4.3.210 ...)
	NOT-FOR-US: Freeway
CVE-2008-6012 (Directory traversal vulnerability in index.php in Pritlog 0.4 and ...)
	NOT-FOR-US: Pritlog
CVE-2008-6011 (SQL injection vulnerability in index.php in SG Real Estate Portal 2.0 ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6010 (Multiple directory traversal vulnerabilities in SG Real Estate Portal ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6009 (SG Real Estate Portal 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: SG Real Estate Portal
CVE-2008-6008 (hyBook Guestbook Script stores sensitive information under the web ...)
	NOT-FOR-US: hyBook Guestbook Script
CVE-2008-6007 (SQL injection vulnerability in view_group.php in QuidaScript BookMarks ...)
	NOT-FOR-US: QuidaScript BookMarks Favourites Script
CVE-2008-6006 (Multiple PHP remote file inclusion vulnerabilities in Micronation ...)
	NOT-FOR-US: Micronation Banking System
CVE-2009-0487 (Cross-site scripting (XSS) vulnerability in Mahara before 1.0.9 allows ...)
	- mahara 1.0.9-1 (low)
	[lenny] - mahara 1.0.4-4
CVE-2009-0478 (Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 ...)
	{DSA-1732-1}
	- squid 2.7.STABLE3-4.1 (medium; bug #514142)
	- squid3 3.0.STABLE8-3 (medium)
	[etch] - squid <not-affected> (Vulnerable code not present)
CVE-2009-XXXX [glpi sql injection]
	- glpi 0.71.5-1 (bug #513611; unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2009-0490 (Stack-based buffer overflow in the String_parse::get_nonspace_quoted ...)
	{DTSA-192-1}
	- audacity 1.3.6-1 (bug #514138)
	[lenny] - audacity 1.3.5-2+lenny1
CVE-2009-0368 (OpenSC before 0.11.7 allows physically proximate attackers to bypass ...)
	{DSA-1734-1}
	- opensc 0.11.7-1
	[etch] - opensc <not-affected> (vulnerable code not present)
CVE-2009-0367 (The Python AI module in Wesnoth 1.4.x and 1.5 before 1.5.11 allows ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0366 (The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth ...)
	{DSA-1737-1}
	- wesnoth 1:1.4.7-4
CVE-2009-0365 (nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an ...)
	{DSA-1955-1}
	- network-manager-applet 0.7.0.99-1 (medium; bug #519801)
	- network-manager 0.6.5-1 (medium)
	NOTE: network-manager in lenny not affected, because it is in network-manager-applet
CVE-2009-0364 (Format string vulnerability in the mini_calendar component in ...)
	{DSA-1752-1}
	- webcit 7.38b-dfsg-2 (low)
CVE-2009-0363 (Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl ...)
	{DTSA-197-1}
	- barnowl 1.0.5-1
	[lenny] - barnowl 1.0.1-4
	- owl 2.2.2-1 (bug #515118)
	[lenny] - owl <no-dsa> (Minor issue)
	[etch] - owl <no-dsa> (Minor issue)
CVE-2009-0362 (filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular ...)
	- fail2ban 0.8.3-2sid1 (low; bug #514163)
CVE-2009-0361 (Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in ...)
	{DSA-1722-1 DSA-1721-1}
	- libpam-heimdal 3.10-2.1 (bug #516695)
	- libpam-krb5 3.13-2
	[lenny] - libpam-krb5 3.11-4
CVE-2009-0360 (Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, ...)
	{DSA-1721-1}
	- libpam-krb5 3.13-2
	[lenny] - libpam-krb5 3.11-4
CVE-2009-0359 (Multiple cross-site scripting (XSS) vulnerabilities in Samizdat before ...)
	{DTSA-194-1}
	- samizdat 0.6.2-2
CVE-2009-0358 (Mozilla Firefox 3.x before 3.0.6 does not properly implement the (1) ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0357 (Mozilla Firefox before 3.0.6 and SeaMonkey before 1.1.15 do not ...)
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0356 (Mozilla Firefox before 3.0.6 and SeaMonkey do not block links to the ...)
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- kompozer <not-affected> (.desktop file support is not available)
CVE-2009-0355 (components/sessionstore/src/nsSessionStore.js in Mozilla Firefox ...)
	- iceweasel 3.0.6-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
CVE-2009-0354 (Cross-domain vulnerability in js/src/jsobj.cpp in Mozilla Firefox 3.x ...)
	- iceweasel 3.0
	[etch] - iceweasel <not-affected> (Only affects Firefox 3.x)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Only affects Xulrunner 1.9)
CVE-2009-0353 (Unspecified vulnerability in Mozilla Firefox 3.x before 3.0.6, ...)
	{DSA-1830-1}
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
CVE-2009-0352 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1830-1}
	- iceweasel 3.0
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceweasel in Lenny links against Xulrunner
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	- iceape 1.1.14-1.1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Iceape in Lenny only provides XPCOM libs
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- kompozer 1:0.8~alpha2+dfsg+svn129-1
CVE-2009-0343 (Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform ...)
	NOT-FOR-US: Systrace
CVE-2009-0342 (Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows ...)
	NOT-FOR-US: Systrace
CVE-2009-0351 (Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows ...)
	NOT-FOR-US: WinFTP
CVE-2009-0350 (Stack-based buffer overflow in Merak Media Player 3.2 allows remote ...)
	NOT-FOR-US: Merak Media Player
CVE-2009-0349 (Stack-based buffer overflow in FTPShell Server 4.3 allows ...)
	NOT-FOR-US: FTPShell Server
CVE-2009-0348 (The login module in Sun Java System Access Manager 6 2005Q1 (aka 6.3), ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0347 (Open redirect vulnerability in cs.html in the Autonomy (formerly ...)
	NOT-FOR-US: Autonomy (formerly Verity) Ultraseek search engine
CVE-2009-0346 (The IP-in-IP packet processing implementation in the IPsec and IP ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0345 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0344 (Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on ...)
	NOT-FOR-US: Embedded Lights Out Manager (ELOM)
CVE-2009-0341 (The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2009-0340 (Multiple directory traversal vulnerabilities in Simple PHP Newsletter ...)
	NOT-FOR-US: Simple PHP Newsletter
CVE-2009-0339 (SQL injection vulnerability in inc_webblogmanager.asp in DMXReady Blog ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0338 (Cross-site scripting (XSS) vulnerability in inc_webblogmanager.asp in ...)
	NOT-FOR-US: DMXReady Blog Manager
CVE-2009-0337 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0336 (Katy Whitton BlogIt! stores sensitive information under the web root ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0335 (Cross-site scripting (XSS) vulnerability in index.asp in Katy Whitton ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0334 (SQL injection vulnerability in index.asp in Katy Whitton BlogIt! ...)
	NOT-FOR-US: Katy Whitton BlogIt!
CVE-2009-0333 (SQL injection vulnerability in the WebAmoeba (WA) Ticket System ...)
	NOT-FOR-US: Joomla!
CVE-2009-0332 (Multiple SQL injection vulnerabilities in AV Book Library before 1.1 ...)
	NOT-FOR-US: AV Book Library
CVE-2009-0331 (Directory traversal vulnerability in gallery/comment.php in Enhanced ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery (ESPG)
CVE-2009-0330 (Directory traversal vulnerability in index.php in Simple Content ...)
	NOT-FOR-US: Simple Content Management System (SCMS)
CVE-2009-0329 (SQL injection vulnerability in the PcCookBook (com_pccookbook) ...)
	NOT-FOR-US: Joomla!
CVE-2009-0328 (ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) ...)
	NOT-FOR-US: ROBS-PROJECTS Digital Sales IPN
CVE-2009-0327 (SQL injection vulnerability in readbible.php in Free Bible Search PHP ...)
	NOT-FOR-US: Free Bible Search PHP Script
CVE-2009-0326 (SQL injection vulnerability in login.php in Dark Age CMS 0.2c beta ...)
	NOT-FOR-US: Dark Age CMS
CVE-2009-0325 (Directory traversal vulnerability in entries/index.php in Ninja Blog ...)
	NOT-FOR-US: Ninja Blog
CVE-2009-0324 (Multiple SQL injection vulnerabilities in BibCiter 1.4 allow remote ...)
	NOT-FOR-US: BibCiter
CVE-2009-0322 (drivers/firmware/dell_rbu.c in the Linux kernel before 2.6.27.13, and ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0321 (Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2009-0320 (Microsoft Windows XP, Server 2003 and 2008, and Vista exposes I/O ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0319 (Unspecified vulnerability in the autofs module in the kernel in Sun ...)
	NOT-FOR-US: Solaris
CVE-2008-6004 (Cross-site scripting (XSS) vulnerability in search.php in AJ Auction ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6003 (SQL injection vulnerability in sellers_othersitem.php in AJ Auction ...)
	NOT-FOR-US: AJ Auction Pro Platinum
CVE-2008-6002 (Absolute path traversal vulnerability in sendfile.php in web-cp 0.5.7, ...)
	NOT-FOR-US: web-cp
CVE-2008-6001 (index.php in ADN Forum 1.0b and earlier allows remote attackers to ...)
	NOT-FOR-US: ADN Forum
CVE-2008-6000 (The GDTdiIcpt.sys driver in G DATA AntiVirus 2008, InternetSecurity ...)
	NOT-FOR-US: G DATA AntiVirus
CVE-2008-5999 (Cross-site scripting (XSS) vulnerability in the Ajax Checklist module ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5998 (Multiple SQL injection vulnerabilities in the ajax_checklist_save ...)
	NOT-FOR-US: Ajax Checklist module for Drupal
CVE-2008-5997 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: Omnicom Content Platform
CVE-2008-5996 (Cross-site scripting (XSS) vulnerability in the Simplenews module 5.x ...)
	NOT-FOR-US: Simplenews module for Drupal
CVE-2008-5995 (Cross-site scripting (XSS) vulnerability in the freeCap CAPTCHA ...)
	NOT-FOR-US: freeCap CAPTCHA extension for Typo3
CVE-2008-5994 (Cross-site scripting (XSS) vulnerability in index.php in Check Point ...)
	NOT-FOR-US: Check Point Connectra
CVE-2008-5993 (Directory traversal vulnerability in image.php in Barcode Generator 1D ...)
	NOT-FOR-US: Barcode Generator 1D
CVE-2008-5992 (Multiple SQL injection vulnerabilities in Jetik Emlak Sistem A (ESA) ...)
	NOT-FOR-US: Jetik Emlak Sistem
CVE-2008-5991 (Directory traversal vulnerability in docs.php in MailWatch for ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2008-5990 (Directory traversal vulnerability in connect/init.inc in emergecolab ...)
	NOT-FOR-US: emergecolab
CVE-2008-5989 (Directory traversal vulnerability in defs.php in PHPcounter 1.3.2 and ...)
	NOT-FOR-US: PHPcounterJadu CMS
CVE-2008-5988 (SQL injection vulnerability in scripts/recruit_details.php in Jadu CMS ...)
	NOT-FOR-US: Jadu CMS
CVE-2008-XXXX [minor cyrus sasl DoS]
	- cyrus-sasl2 2.1.22.dfsg1-18 (bug #465561)
	[etch] - cyrus-sasl2 <no-dsa> (Minor issue)
CVE-2009-0385 (Integer signedness error in the fourxm_read_header function in ...)
	{DSA-1782-1 DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-16 (medium; bug #524799)
	- ffmpeg 0.svn20080206-16
	- xmovie <removed>
	- mplayer 1.0~rc2-14 (medium; bug #524805)
	NOTE: MPlayer links against libavformat since 1.0~rc2-14, etch Mplayer still needs a fix
	NOTE: http://git.ffmpeg.org/?p=ffmpeg;a=commitdiff;h=72e715fb798f2cb79fd24a6d2eaeafb7c6eeda17
CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter ...)
	{DTSA-190-1}
	- gnumeric 1.8.4-3 (low; bug #513418)
	[etch] - gnumeric 1.6.3-5.1+etch2
CVE-2009-0317 (Untrusted search path vulnerability in the Python language bindings ...)
	- nautilus-python 0.4.3-3.2 (low; bug #513419)
CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python ...)
	- vim 2:7.2.025-2 (low; bug #493937)
	[lenny] - vim 1:7.1.314-3+lenny2
	[squeeze] - vim 1:7.1.314-3+lenny2
	[etch] - vim <no-dsa> (Minor issue)
	NOTE: Not included in this round, could be fixed via next DSA with other issues
CVE-2009-0315 (Untrusted search path vulnerability in the Python module in xchat ...)
	- xchat 2.8.6-2.1 (low; bug #513509)
	[etch] - xchat <no-dsa> (Minor issue)
CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit ...)
	{DTSA-191-1}
	- gedit 2.22.3-2 (low; bug #513513)
	[etch] - gedit <no-dsa> (Minor issue)
CVE-2009-0313 (winetricks before 20081223 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: winetricks
CVE-2009-0311 (The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 ...)
	NOT-FOR-US: EMC AutoStart
CVE-2009-0310 (Buffer overflow in SUSE blinux (aka sbl) in SUSE openSUSE 10.3 through ...)
	NOT-FOR-US: SuSE blinux
CVE-2009-0309
	RESERVED
CVE-2009-0308
	RESERVED
CVE-2009-0307 (Cross-site scripting (XSS) vulnerability in the &quot;Customize Statistics ...)
	NOT-FOR-US: Motion (RIM) BlackBerry Enterprise Server
CVE-2009-0306 (Buffer overflow in the IBM Lotus Notes Intellisync ActiveX control in ...)
	NOT-FOR-US: IBM Lotus Notes Intellisync ActiveX
CVE-2009-0305 (Multiple stack-based buffer overflows in the Research in Motion RIM ...)
	NOT-FOR-US: ActiveX
CVE-2009-0304 (The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before ...)
	NOT-FOR-US: Solaris
CVE-2009-0303 (Cross-site scripting (XSS) vulnerability in Web Help Desk before ...)
	NOT-FOR-US: Web Help Desk
CVE-2009-0302 (SQL injection vulnerability in the Downloads module for PHP-Nuke 8.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2009-0301 (Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX ...)
	NOT-FOR-US: FlexCell Grid Control
CVE-2009-0300
	REJECTED
CVE-2009-0299 (SQL injection vulnerability in index.php in Groone GLinks 2.1 allows ...)
	NOT-FOR-US: Groone GLinks
CVE-2009-0298 (Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control ...)
	NOT-FOR-US: MW6 Technologies Barcode
CVE-2009-0297 (SQL injection vulnerability in login_check.asp in ClickAuction allows ...)
	NOT-FOR-US: ClickAuction
CVE-2009-0296 (SQL injection vulnerability in shop_display_products.php in Script ...)
	NOT-FOR-US: Script Toko Online
CVE-2009-0295 (SQL injection vulnerability in index.php in Information Technology ...)
	NOT-FOR-US: ITLPoll
CVE-2009-0294 (Multiple PHP remote file inclusion vulnerabilities in WB News 2.0.1, ...)
	NOT-FOR-US: WB News
CVE-2009-0293 (SQL injection vulnerability in profile_view.php in Wazzum Dating ...)
	NOT-FOR-US: Wazzum Dating Software
CVE-2009-0292 (SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows ...)
	NOT-FOR-US: SHOP-INET
CVE-2009-0291 (Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows ...)
	- openx <itp> (bug #513771)
CVE-2009-0290 (Directory traversal vulnerability in common.php in SIR GNUBoard ...)
	NOT-FOR-US: GNUBoard
CVE-2009-0289 (k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0288 (Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 ...)
	NOT-FOR-US: k23productions TFTPUtil GUI
CVE-2009-0287 (SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before ...)
	NOT-FOR-US: KEEP Toolkit
CVE-2009-0286 (Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, ...)
	NOT-FOR-US: OpenGoo
CVE-2009-0285 (Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 ...)
	NOT-FOR-US: BBSXP
CVE-2009-0284 (SQL injection vulnerability in category.php in Flax Article Manager ...)
	NOT-FOR-US: Flax Article Manager
CVE-2009-0283 (Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows ...)
	NOT-FOR-US: Oblog
CVE-2009-0281 (SQL injection vulnerability in login.aspx in WarHound Walking Club ...)
	NOT-FOR-US: WarHound Walking Club
CVE-2009-0280 (Asp Project Management 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Asp Project Management
CVE-2009-0279 (SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and ...)
	NOT-FOR-US: Pardal CMS
CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in Eye of ...)
	- eog 2.22.3-2 (bug #504352; low)
	[etch] - eog <not-affected> (Vulnerable code not present)
CVE-2008-5986 (Untrusted search path vulnerability in the (1) &quot;VST plugin with Python ...)
	- csound 5.08.2~dfsg-1.1 (bug #504359; low)
	[lenny] - csound 1:5.08.0.dfsg2-8+lenny2 (bug #504359; low)
	[etch] - csound <not-affected> (Vulnerable code not present)
CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in ...)
	- epiphany-browser 2.22.3-7 (bug #504363; low)
	[etch] - epiphany-browser <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5984 (Untrusted search path vulnerability in the Python plugin in Dia ...)
	- dia 0.96.1-7.1 (low; bug #504251)
	[etch] - dia <no-dsa> (Minor issue, only vulnerable when called from certain dir)
CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function ...)
	- python3.1 3.1.2+20100703-1 (low; bug #575780)
	- python2.6 2.6.5+20100529-1 (low; bug #572010)
	- python2.5 <unfixed> (low)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[lenny] - python2.5 <no-dsa> (Minor issue)
	[squeeze] - python2.5 <no-dsa> (Minor issue, patch only introduces a new, more secure API)
	- python2.4 <unfixed> (low)
	[etch] - python2.4 <no-dsa> (Minor issue)
	[lenny] - python2.4 <no-dsa> (Minor issue)
	NOTE: I suppose the behaviour will be changed in a future Python release, but
	NOTE: a backport has a significant risk of breakage for little gain. If a
	NOTE: proper upstream patch should be available, this can be re-evaluated
	NOTE: http://bugs.python.org/issue5753
CVE-2008-5982 (Format string vulnerability in BMC PATROL Agent before 3.7.30 allows ...)
	NOT-FOR-US: BMC PATROL Agent
CVE-2009-0323 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 ...)
	- amaya <removed> (medium; bug #507587)
	NOTE: http://www.coresecurity.com/content/amaya-buffer-overflows
CVE-2009-0282 (Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 ...)
	{DSA-1714-1 DSA-1713-1 DSA-1712-1}
	- rt2400 1.2.2+cvs20080623-3 (bug #512999)
	- rt2500 1:1.1.0-b4+cvs20080623-3 (bug #513000)
	- rt2570 1.1.0+cvs20080623-2 (bug #513001)
	- rt73 1:1.0.3.6-cvs20080623-dfsg1-3 (bug #512995)
CVE-2009-0312 (Cross-site scripting (XSS) vulnerability in the antispam feature ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (low)
	NOTE: http://hg.moinmo.in/moin/1.7/rev/89b91bf87dad
CVE-2009-0276 (Cross-domain vulnerability in the V8 JavaScript engine in Google ...)
	- chromium-browser <not-affected> (only 1.x is affected)
	- libv8 1.3.11+dfsg-1
	- webkit <not-affected> (libv8 issue)
CVE-2009-0274 (Unspecified vulnerability in WebAccess in Novell GroupWise 6.5, 7.0, ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0273 (Multiple cross-site scripting (XSS) vulnerabilities in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0272 (Cross-site request forgery (CSRF) vulnerability in Novell GroupWise ...)
	NOT-FOR-US: Novell GroupWise
CVE-2009-0269 (fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel ...)
	{DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1
	[etch] - linux-2.6 <not-affected> (ecryptfs was merged in 2.6.19)
	- linux-2.6.24 <removed>
CVE-2009-0265 (Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not ...)
	- bind9 <not-affected> (vulnerable code not present, introduced in 9.6.x)
CVE-2008-5968 (Directory traversal vulnerability in print.php in PHP iCalendar 2.24 ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5967 (admin/index.php in PHP iCalendar 2.3.4, 2.24, and earlier does not ...)
	- phpicalendar <removed> (bug #513517)
CVE-2009-0278 (Sun Java System Application Server (AS) 8.1 and 8.2 allows remote ...)
	NOT-FOR-US: Sun Java System Application Server (AS)
CVE-2009-0277 (Unspecified vulnerability in the kernel in OpenSolaris snv_100 through ...)
	NOT-FOR-US: OpenSolaris
CVE-2009-0275 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0271 (Directory traversal vulnerability in the TFTP service in Fujitsu ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0270 (Stack-based buffer overflow in PXEService.exe in Fujitsu ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2009-0268 (Race condition in the pseudo-terminal (aka pty) driver module in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0267 (libike in Sun Solaris 9 and 10, and OpenSolaris before snv_100, does ...)
	NOT-FOR-US: Sun Solaris
CVE-2009-0266 (Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0264 (Buffer overflow in the Registry Setting Tool in Fujitsu ...)
	NOT-FOR-US: Fujitsu SystemcastWizard Lite
CVE-2008-5981 (PacPoll 4.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: PacPoll
CVE-2008-5980 (Ocean12 Mailing List Manager Gold stores sensitive data under the web ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5979 (Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5978 (Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager ...)
	NOT-FOR-US: Ocean12 Mailing List Manager Gold
CVE-2008-5977 (SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5976 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP JOBWEBSITE PRO
CVE-2008-5975 (SQL injection vulnerability in links.asp in Active Price Comparison ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5974 (Multiple SQL injection vulnerabilities in login.aspx in Active Price ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5973 (SQL injection vulnerability in login.aspx in Active Web Mail 4.0 ...)
	NOT-FOR-US: Active Web Mail
CVE-2008-5972 (SQL injection vulnerability in default.asp in Active Business ...)
	NOT-FOR-US: Active Business Directory
CVE-2008-5971 (Cross-site scripting (XSS) vulnerability in profile_social.php in ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5970 (SQL injection vulnerability in profile_social.php in i-Net Solution ...)
	NOT-FOR-US: i-Net Solution Orkut Clone
CVE-2008-5969 (SQL injection vulnerability in popupproduct.php in Sunbyte e-Flower ...)
	NOT-FOR-US: Sunbyte e-Flower
CVE-2008-5966 (globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Globsy
CVE-2008-5965 (Directory traversal vulnerability in index.php in LokiCMS 0.3.4 and ...)
	NOT-FOR-US: LokiCMS
CVE-2009-0263 (Multiple buffer overflows in Winamp 5.541 and earlier allow remote ...)
	NOT-FOR-US: Winamp
CVE-2009-0262 (Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 ...)
	NOT-FOR-US: Triologic Media Player
CVE-2009-0261 (Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 ...)
	NOT-FOR-US: EffectMatrix Total Video Player
CVE-2009-0260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1715-1 DTSA-187-1}
	- moin 1.8.1-1.1 (bug #513158; low)
CVE-2008-5964 (Session fixation vulnerability in Social ImpressCMS before 1.1.1 RC1 ...)
	NOT-FOR-US: Social ImpressCMS
CVE-2008-5963 (Eval injection vulnerability in library/setup/rpc.php in Gravity ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5962 (Directory traversal vulnerability in library/setup/rpc.php in Gravity ...)
	NOT-FOR-US: Gravity Getting Things Done
CVE-2008-5961 (Cross-site scripting (XSS) vulnerability in index.php in Tribiq CMS ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5960 (SQL injection vulnerability in index.php in Tribiq CMS Community ...)
	NOT-FOR-US: Tribiq CMS Community
CVE-2008-5959 (Multiple SQL injection vulnerabilities in start.asp in Active Test 2.1 ...)
	NOT-FOR-US: Active Test
CVE-2008-5958 (Multiple SQL injection vulnerabilities in Active Test 2.1 allow remote ...)
	NOT-FOR-US: Active Test
CVE-2008-5957 (SQL injection vulnerability in the Mydyngallery (com_mydyngallery) ...)
	NOT-FOR-US: Joomla
CVE-2008-5956 (Wbstreet (aka PHPSTREET Webboard) 1.0 stores sensitive information ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5955 (SQL injection vulnerability in show.php in Wbstreet (aka PHPSTREET ...)
	NOT-FOR-US: Wbstreet
CVE-2008-5954 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5953 (Directory traversal vulnerability in KTP Computer Customer Database ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5952 (SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) ...)
	NOT-FOR-US: KTP Computer Customer Database (KTPCCD) CMS
CVE-2008-5951 (ASP Template Creature stores sensitive information under the web root ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5950 (SQL injection vulnerability in media/media_level.asp in ASP Template ...)
	NOT-FOR-US: ASP Template Creature
CVE-2008-5949 (Multiple PHP remote file inclusion vulnerabilities in ccTiddly 1.7.4 ...)
	NOT-FOR-US: ccTiddly
CVE-2008-5948 (Directory traversal vulnerability in index.php in BNCwi 1.04 and ...)
	NOT-FOR-US: BNCwi
CVE-2009-0259 (The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote ...)
	- openoffice.org 2.0.4.dfsg.2-7
	NOTE: Checked with maintainer and issue was fixed long ago, marking etch version as fixed for now
CVE-2009-0254 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0253 (Mozilla Firefox 3.0.5 allows remote attackers to trick a user into ...)
	NOTE: Mozilla #474967, upstream disputes this being a bug
CVE-2009-0252 (Multiple SQL injection vulnerabilities in default.asp in Enthrallweb ...)
	NOT-FOR-US: Enthrallweb eReservations
CVE-2009-0251 (Static code injection vulnerability in admin.php in Ryneezy phoSheezy ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0250 (Ryneezy phoSheezy 0.2 stores sensitive information under the web root ...)
	NOT-FOR-US: Ryneezy phoSheezy
CVE-2009-0249 (Katy Whitton RankEm stores sensitive information under the web root ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0248 (Cross-site scripting (XSS) vulnerability in rankup.asp in Katy Whitton ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2009-0247 (The server for 53KF Web IM 2009 Home, Professional, and Enterprise ...)
	NOT-FOR-US: 53KF Web IM
CVE-2009-0246 (Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted ...)
	NOT-FOR-US: easyHDR PRO
CVE-2009-0414 (Unspecified vulnerability in Tor before 0.2.0.33 has unspecified ...)
	- tor 0.2.0.33-1
CVE-2009-0245 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2009-0244 (Directory traversal vulnerability in the OBEX FTP Service in the ...)
	NOT-FOR-US: Microsoft product
CVE-2009-0243 (Microsoft Windows does not properly enforce the Autorun and ...)
	NOT-FOR-US: Microsoft product
CVE-2008-5947 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: YapBB
CVE-2008-5946 (SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5945 (Nukeviet 2.0 Beta allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Nukeviet
CVE-2008-5944 (Cross-site scripting (XSS) vulnerability in modules.php in NavBoard 16 ...)
	NOT-FOR-US: NavBoard
CVE-2008-5943 (Multiple directory traversal vulnerabilities in NavBoard 16 (2.6.0) ...)
	NOT-FOR-US: NavBoard
CVE-2008-5942 (Multiple cross-site scripting (XSS) vulnerabilities in MODx before ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5941 (Cross-site request forgery (CSRF) vulnerability in MODx 0.9.6.1p2 and ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5940 (SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5939 (Cross-site scripting (XSS) vulnerability in index.php in MODx CMS ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5938 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MODx CMS
CVE-2008-5937 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...)
	NOT-FOR-US: AyeView
CVE-2008-5936 (front-end/edit.php in mini-pub 0.3 and earlier allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5935 (Facto stores sensitive information under the web root with ...)
	NOT-FOR-US: Facto
CVE-2008-5934 (SQL injection vulnerability in index.php in CMS ISWEB 3.0 allows ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5933 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CMS ISWEB
CVE-2008-5932 (CodeAvalanche FreeForum stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeForum
CVE-2008-5931 (The Net Guys ASPired2Blog stores sensitive information under the web ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5930 (SQL injection vulnerability in admin/blog_comments.asp in The Net Guys ...)
	NOT-FOR-US: ASPired2Blog
CVE-2008-5929 (VP-ASP Shopping Cart 6.50 stores sensitive information under the web ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-5928 (SQL injection vulnerability in redir.php in Free Links Directory ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5927 (Multiple SQL injection vulnerabilities in admin/usercheck.php in ...)
	NOT-FOR-US: FlexPHPNews
CVE-2008-5926 (Multiple SQL injection vulnerabilities in login.asp in ASP-DEv ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5925 (ASP-DEv XM Events Diary stores sensitive information under the web ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5924 (SQL injection vulnerability in diary_viewC.asp in ASP-DEv XM Events ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5923 (SQL injection vulnerability in default.asp in ASP-DEv XM Events Diary ...)
	NOT-FOR-US: ASP-DEv
CVE-2008-5922 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Cant Find A Gaming CMS
CVE-2008-5921 (SQL injection vulnerability in albums.php in Umer Inc Songs Portal ...)
	NOT-FOR-US: Umer Inc Songs Portal
CVE-2009-0255 (The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0256 (Session fixation vulnerability in the authentication library in TYPO3 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0257 (Multiple cross-site scripting (XSS) vulnerabilities in TYPO3 4.0.0 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0258 (The Indexed Search Engine (indexed_search) system extension in TYPO3 ...)
	{DSA-1711-1}
	- typo3-src 4.2.4-1
CVE-2009-0242
	REJECTED
CVE-2009-0241 (Stack-based buffer overflow in the process_path function in ...)
	{DSA-1710-1}
	- ganglia-monitor-core 2.5.7-5 (medium; bug #512637)
CVE-2009-0240 (listing.php in WebSVN 2.0 and possibly 1.7 beta, when using an SVN ...)
	{DSA-1725-1}
	- websvn 2.0-4+lenny1 (bug #512191)
	[etch] - websvn <not-affected> (authenthication doesn't exist in that version)
CVE-2009-0239 (Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for ...)
	NOT-FOR-US: Microsoft
CVE-2009-0238 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2009-0237 (Cross-site scripting (XSS) vulnerability in cookieauth.dll in the HTML ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2009-0236
	REJECTED
CVE-2009-0235 (Stack-based buffer overflow in the Word 97 text converter in WordPad ...)
	NOT-FOR-US: Microsoft WordPad
CVE-2009-0234 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0233 (The DNS Resolver Cache Service (aka DNSCache) in Windows DNS Server in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0232 (Integer overflow in the Embedded OpenType (EOT) Font Engine in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0231 (The Embedded OpenType (EOT) Font Engine (T2EMBED.DLL) in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0230 (The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-0229 (The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2009-0228 (Stack-based buffer overflow in the EnumeratePrintShares function in ...)
	NOT-FOR-US: Microsoft
CVE-2009-0227 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter ...)
	NOT-FOR-US: Microsoft
CVE-2009-0226 (Stack-based buffer overflow in the PowerPoint 4.2 conversion filter in ...)
	NOT-FOR-US: Microsoft
CVE-2009-0225 (Microsoft Office PowerPoint 2002 SP3 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2009-0224 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0223 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft
CVE-2009-0222 (Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows ...)
	NOT-FOR-US: Microsoft
CVE-2009-0221 (Integer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 ...)
	NOT-FOR-US: Microsoft
CVE-2009-0220 (Multiple stack-based buffer overflows in the PowerPoint 4.0 importer ...)
	NOT-FOR-US: Microsoft
CVE-2009-0219 (The PDF distiller in the Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2009-0218 (Insecure method vulnerability in Particle Software IntraLaunch ...)
	NOT-FOR-US: IntraLaunch Application Launcher ActiveX control
CVE-2009-0217 (The design of the W3C XML Signature Syntax and Processing (XMLDsig) ...)
	{DSA-1995-1 DSA-1849-1 DTSA-205-1}
	- xml-security-c 1.4.0-4
	- xmlsec1 1.2.12-1
	[lenny] - xmlsec1 <no-dsa> (Minor issue)
	- mono 2.4.2.3+dfsg-1
	NOTE: http://www.w3.org/QA/2009/07/hmac_truncation_in_xml_signatu.html
	NOTE: http://web.archive.org/web/20090124230233/http://anonsvn.mono-project.com:80/viewvc?view=rev
	NOTE: http://www.aleksey.com/xmlsec/download.html (1.2.12 has fix)
	- sun-java6 6-15-1
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b16-1.6-1 (medium; bug #542210)
	- openoffice.org 1:3.1.1-16
CVE-2009-0216 (GE Fanuc iFIX 5.0 and earlier relies on client-side authentication ...)
	NOT-FOR-US: GE Fanuc iFIX
CVE-2009-0215 (Stack-based buffer overflow in the GetXMLValue method in the IBM ...)
	NOT-FOR-US: IBM Access Support ActiveX
CVE-2009-0214 (Unspecified vulnerability in the WebFGServer application in AREVA ...)
	NOT-FOR-US: WebFGServer
CVE-2009-0213 (Unspecified vulnerability in the NETIO application in AREVA ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0212 (Unspecified vulnerability in the WebFGServer application in AREVA ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0211 (Unspecified vulnerability in the WebFGServer application in AREVA ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0210 (Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and ...)
	NOT-FOR-US: AREVA e-terrahabitat
CVE-2009-0209 (PI Server in OSIsoft PI System before 3.4.380.x does not properly use ...)
	NOT-FOR-US: OSIsoft PI System
CVE-2009-0208 (Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, ...)
	NOT-FOR-US: HP Virtual Rooms Client
CVE-2009-0207 (Unspecified vulnerability in HP-UX B.11.11 running VERITAS Oracle Disk ...)
	NOT-FOR-US: VERITAS Oracle Disk Manager
CVE-2009-0206 (Unspecified vulnerability in NFS in HP ONCplus B.11.31.05 and earlier ...)
	NOT-FOR-US: HP ONCplus
CVE-2009-0205
	RESERVED
CVE-2009-0204 (Cross-site scripting (XSS) vulnerability in HP Select Access 6.1 and ...)
	NOT-FOR-US: HP Select Access
CVE-2009-0203
	RESERVED
CVE-2009-0202 (Array index error in FL21WIN.DLL in the PowerPoint Freelance Windows ...)
	NOT-FOR-US: Microsoft
CVE-2009-0201 (Heap-based buffer overflow in OpenOffice.org (OOo) before 3.1.1 and ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0200 (Integer underflow in OpenOffice.org (OOo) before 3.1.1 and ...)
	{DSA-1880-1}
	- openoffice.org 1:3.1.1~ooo310m15-1
CVE-2009-0199 (Heap-based buffer overflow in the VMnc media codec in vmnc.dll in ...)
	NOT-FOR-US: VMware Movie Decoder
CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2009-0197 (Integer overflow in the FORMATS Plugin before 4.23 for IrfanView ...)
	NOT-FOR-US: IrfanView
CVE-2009-0196 (Heap-based buffer overflow in the big2_decode_symbol_dict function ...)
	{DSA-2080-1 DTSA-198-1}
	- ghostscript 8.64~dfsg-1.1 (medium; bug #524803)
	- gs-gpl <removed> (medium; bug #561717)
	- jbig2dec <not-affected> (already fixed in initial upload)
CVE-2009-0195 (Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, ...)
	{DSA-1790-1}
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
CVE-2009-0194 (The domain-locking implementation in the ...)
	NOT-FOR-US: Garmin Communicator Plug-In
CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2009-0192 (Off-by-one error in the iMonitor component in Novell eDirectory 8.8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2009-0191 (Foxit Reader 2.3 before Build 3902 and 3.0 before Build 1506, ...)
	NOT-FOR-US: Foxit Reader
CVE-2009-0190
	REJECTED
CVE-2009-0189
	REJECTED
CVE-2009-0188 (Apple QuickTime before 7.6.2 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0187 (Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and ...)
	NOT-FOR-US: Orbit Downloader
CVE-2009-0186 (Integer overflow in libsndfile 1.0.18, as used in Winamp and other ...)
	{DSA-1742-1 DTSA-202-1}
	- libsndfile 1.0.19-1 (medium)
CVE-2009-0185 (Heap-based buffer overflow in Apple QuickTime before 7.6.2 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0184 (Multiple buffer overflows in the torrent parsing implementation in ...)
	NOT-FOR-US: Free Download Manager
CVE-2009-0183 (Stack-based buffer overflow in Remote Control Server in Free Download ...)
	NOT-FOR-US: Free Download Manager
CVE-2009-0182 (Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0181 (Buffer overflow in VUPlayer allows user-assisted attackers to have an ...)
	NOT-FOR-US: VUPlayer
CVE-2009-0180 (Certain Fedora build scripts for nfs-utils before 1.1.2-9.fc9 on ...)
	NOT-FOR-US: Fedora specific issue
CVE-2009-0179 (libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other ...)
	- libmikmod 3.1.11-6.1 (low; bug #476339)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
CVE-2009-0178 (Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2009-0177 (vmwarebase.dll, as used in the vmware-authd service (aka ...)
	NOT-FOR-US: vmware-authd
CVE-2009-0176 (Multiple heap-based buffer overflows in the PDF distiller in the ...)
	NOT-FOR-US: Attachment Service in Research in Motion
CVE-2009-0175 (Heap-based buffer overflow in Heathco Software MP3 TrackMaker 1.5 ...)
	NOT-FOR-US: Heathco Software MP3 TrackMaker
CVE-2009-0174 (Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers ...)
	NOT-FOR-US: VUPlayer
CVE-2008-5920 (The create_anchors function in utils.inc in WebSVN 1.x allows remote ...)
	- websvn 1.61-21 (bug #503330)
CVE-2008-5917 (Cross-site scripting (XSS) vulnerability in the XSS filter ...)
	{DSA-1765-1}
	- horde3 3.2.2+debian0-2 (bug #512592)
CVE-2008-5916 (gitweb/gitweb.perl in gitweb in Git 1.6.x before 1.6.0.6, 1.5.6.x ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low)
CVE-2008-5915 (An unspecified function in the JavaScript implementation in Google ...)
	NOT-FOR-US: Google
CVE-2008-5914 (An unspecified function in the JavaScript implementation in Apple ...)
	NOT-FOR-US: Apple
CVE-2008-5913 (The Math.random function in the JavaScript implementation in Mozilla ...)
	- xulrunner 1.9.1.10-1 (unimportant; bug #559792; bug #532516)
	- iceape 2.0.5-1 (unimportant)
	[lenny] - iceape <not-affected> (Just a stub package)
	NOTE: Limited to browser life time
CVE-2008-5912 (An unspecified function in the JavaScript implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-5911 (Multiple buffer overflows in RealNetworks Helix Server and Helix ...)
	NOT-FOR-US: RealNetworks Helix
CVE-2007-6720 (libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and ...)
	- libmikmod 3.1.11-6.1 (low; bug #461519)
	[etch] - libmikmod <no-dsa> (Minor issue)
	[lenny] - libmikmod <no-dsa> (Minor issue)
	- sdl-mixer1.2 1.2.8-1 (low; bug #422021)
	[etch] - sdl-mixer1.2 <no-dsa> (Minor issue)
CVE-2009-0173 (Unspecified vulnerability in the server in IBM DB2 8 before FP17a, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2009-0172 (Unspecified vulnerability in IBM DB2 8 before FP17a, 9.1 before FP6a, ...)
	NOT-FOR-US: IBM DB2 9.1
CVE-2009-0171 (The Sun SPARC Enterprise M4000 and M5000 Server, within a certain ...)
	NOT-FOR-US: Sun SPARC Enterprise M4000 and M5000 Server
CVE-2009-0170 (Sun Java System Access Manager 6.3 2005Q1, 7 2005Q4, and 7.1 allows ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0169 (Sun Java System Access Manager 7.1 allows remote authenticated ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2009-0168 (Unspecified vulnerability in ppdmgr in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: ppdmgr in Sun Solaris 10 and OpenSolaris
CVE-2009-0167 (Unspecified vulnerability in lpadmin in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: lpadmin in Sun Solaris 10 and OpenSolaris
CVE-2009-0166 (The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0165 (Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...)
	{DSA-1793-1 DSA-1790-1}
	- xpdf 3.02-1.4+lenny1 (low; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (low; bug #528369)
CVE-2009-0164 (The web interface for CUPS before 1.3.10 does not validate the HTTP ...)
	- cups 1.3.10-1 (low)
	[lenny] - cups <no-dsa> (Minor issue, needs several prerequirements for attack)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Minor issue, needs several prerequirements for attack)
CVE-2009-0163 (Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and ...)
	{DSA-1773-1}
	- cups 1.3.10-1
	- cupsys <removed>
CVE-2009-0162 (Cross-site scripting (XSS) vulnerability in Safari before 3.2.3, and 4 ...)
	NOT-FOR-US: Safari
CVE-2009-0161 (The OpenSSL::OCSP module for Ruby in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: Mac OS X
	NOTE: dupe of CVE-2009-0642
CVE-2009-0160 (QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 ...)
	NOT-FOR-US: QuickDraw Manager
CVE-2009-0159 (Stack-based buffer overflow in the cookedprint function in ntpq/ntpq.c ...)
	{DSA-1801-1}
	- ntp 1:4.2.4p6+dfsg-2 (low; bug #525373)
CVE-2009-0158 (Stack-based buffer overflow in telnet in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: telnet in Apple Mac OS X
CVE-2009-0157 (Heap-based buffer overflow in CFNetwork in Apple Mac OS X 10.5 before ...)
	NOT-FOR-US: CFNetwork in Apple
CVE-2009-0156 (Launch Services in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 ...)
	NOT-FOR-US: Launch Services in Apple Mac OS
CVE-2009-0155 (Integer underflow in CoreGraphics in Apple Mac OS X 10.5 before ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS
CVE-2009-0154 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Type Services
CVE-2009-0153 (International Components for Unicode (ICU) 4.0, 3.6, and other 3.x ...)
	{DSA-1889-1}
	- icu 4.0.1-1 (low; bug #534590)
CVE-2009-0152 (iChat in Apple Mac OS X 10.5 before 10.5.7 disables SSL for AOL ...)
	NOT-FOR-US: iChat in Apple Mac OS X
CVE-2009-0151 (The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not ...)
	NOT-FOR-US: screen saver in Dock in Apple Mac OS X
CVE-2009-0150 (Stack-based buffer overflow in Apple Mac OS X 10.5 before 10.5.7 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0149 (Apple Mac OS X 10.4.11 and 10.5 before 10.5.7 allows local users to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0148 (Multiple buffer overflows in Cscope before 15.7a allow remote ...)
	{DSA-1806-1}
	- cscope 15.7a-1 (low; bug #528510)
CVE-2009-0147 (Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (low; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0146 (Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ...)
	{DSA-1793-1 DSA-1790-1}
	- poppler 0.10.6-1 (medium; bug #524806)
	[lenny] - poppler 0.8.7-2
	- cups <not-affected> (Uses poppler's pdftops)
	- xpdf 3.02-1.4+lenny1 (medium; bug #524809)
	[squeeze] - xpdf 3.02-1.4+lenny1
	- kdegraphics 4:4.0 (medium; bug #524810)
	- swftools 0.9.2+ds1-2
CVE-2009-0145 (CoreGraphics in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, iPhone ...)
	NOT-FOR-US: CoreGraphics in Apple Mac OS X
CVE-2009-0144 (CFNetwork in Apple Mac OS X 10.5 before 10.5.7 does not properly parse ...)
	NOT-FOR-US: CFNetwork in Apple Mac OS X
CVE-2009-0143 (Apple iTunes before 8.1 does not properly inform the user about the ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0142 (Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0141 (XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, ...)
	NOT-FOR-US: XTerm in Apple Mac OS X
CVE-2009-0140 (Unspecified vulnerability in the SMB component in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0139 (Integer overflow in the SMB component in Apple Mac OS X 10.5.6 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0138 (servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0137 (Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0134 (Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX ...)
	NOT-FOR-US: EasyGrid.SGCtrl.32 ActiveX control
CVE-2008-5910 (Unspecified vulnerability in txzonemgr in Sun OpenSolaris has unknown ...)
	NOT-FOR-US: txzonemgr in Sun OpenSolaris
CVE-2008-5909 (Unspecified vulnerability in conv_lpd in Sun OpenSolaris has unknown ...)
	NOT-FOR-US: conv_lpd in Sun OpenSolaris
CVE-2008-5908 (Unspecified vulnerability in the root/boot archive tool in Sun ...)
	NOT-FOR-US: root/boot archive tool in Sun OpenSolaris
CVE-2009-0135 (Multiple integer overflows in the Audible::Tag::readTag function in ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0136 (Multiple array index errors in the Audible::Tag::readTag function in ...)
	{DSA-1706-1}
	- amarok 1.4.10-2 (medium)
CVE-2009-0133 (Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier ...)
	NOT-FOR-US: Microsoft HTML Help Workshop
CVE-2009-0132 (Integer overflow in the aio_suspend function in Sun Solaris 8 through ...)
	NOT-FOR-US: Solaris
CVE-2009-0131 (The UFS implementation in the kernel in Sun OpenSolaris snv_29 through ...)
	NOT-FOR-US: UFS in OpenSolaris
CVE-2009-0130 (** DISPUTED ** lib/crypto/c_src/crypto_drv.c in erlang does not ...)
	- erlang <unfixed> (unimportant; bug #511520)
	NOTE: the return value is passed to the caller (lib/crypto/src/crypto.erl) which
	NOTE: only return success in case of DSA_do_verify returning 1 and failure otherwise
	NOTE: this is likely to be rejected
CVE-2009-0129 (libcrypt-openssl-dsa-perl does not properly check the return value ...)
	- libcrypt-openssl-dsa-perl 0.13-4 (bug #511519)
CVE-2009-0128 (plugins/crypto/openssl/crypto_openssl.c in Simple Linux Utility for ...)
	{DTSA-185-1}
	- slurm-llnl 1.3.13-1 (bug #511511)
CVE-2009-0127 (** DISPUTED ** M2Crypto does not properly check the return value from ...)
	- m2crypto <unfixed> (bug #511515; unimportant)
	NOTE: m2crypto provides a direct mapping of the OpenSSL functions, no incorrect
	NOTE: call sites are known, if such are found they should be fixed in the respective
	NOTE: applications
CVE-2009-0126 (The decrypt_public function in lib/crypt.cpp in the client in Berkeley ...)
	{DSA-1718-1}
	- boinc 6.2.14-3 (bug #511521)
CVE-2009-0125 (** DISPUTED ** ...)
	- libnasl <removed> (unimportant; bug #511517)
CVE-2009-0124 (The tqsl_verifyDataBlock function in openssl_cert.cpp in American ...)
	- tqsllib 2.0-8 (low; bug #511509)
	[etch] - tqsllib <no-dsa> (Minor issue)
CVE-2009-0123 (Unspecified vulnerability in Apple Safari on Mac OS X 10.5 and Windows ...)
	NOT-FOR-US: Apple Safari
CVE-2009-0122 (hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and ...)
	- hplip <not-affected> (only a bug in ubuntus postinst script, we use our own postinst which is not vulnerable)
CVE-2008-5907 (The png_check_keyword function in pngwutil.c in libpng before 1.0.42, ...)
	{DSA-1750-1}
	- libpng 1.2.35-1 (bug #512665)
	NOTE: Only an issues when using libpng to create out-of-spec images
CVE-2008-5906 (Eval injection vulnerability in the web interface plugin in KTorrent ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2008-5905 (The web interface plugin in KTorrent before 3.1.4 allows remote ...)
	- ktorrent2.2 2.2.8.dfsg.1-1 (bug #504178)
	- ktorrent 3.1.4+dfsg.1-1
	[etch] - ktorrent <not-affected> (Doesn't include the web interface)
CVE-2009-XXXX [unspecified multiple Drupal vulnerabilies, likely some overlap with the next temp entry]
	- drupal6 6.6-3
CVE-2009-XXXX [unspecified Drupal SQL injection]
	- drupal5 5.15-1
CVE-2009-0121 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0120 (The IBM WebSphere DataPower XML Security Gateway XS40 with firmware ...)
	NOT-FOR-US: Web Sphere
CVE-2009-0119 (Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2009-0118
	RESERVED
CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information ...)
	NOT-FOR-US: IIS
CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log ...)
	NOT-FOR-US: IIS
CVE-1999-1593 (Windows Internet Naming Service (WINS) allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2009-0117
	RESERVED
CVE-2009-0116
	RESERVED
CVE-2009-0115 (The Device Mapper multipathing driver (aka multipath-tools or ...)
	{DSA-1767-1}
	- multipath-tools 0.4.8-15 (low; bug #522813)
CVE-2008-5901 (iyzi Forum 1.0 beta 3 stores sensitive information under the web root ...)
	NOT-FOR-US: iyzi Forum
CVE-2008-5900 (CodeAvalanche Articles stores sensitive information under the web root ...)
	NOT-FOR-US: CodeAvalanche Articles
CVE-2008-5899 (CodeAvalanche FreeForAll stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeForAll
CVE-2008-5898 (CodeAvalanche Directory stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche Directory
CVE-2008-5897 (CodeAvalanche FreeWallpaper stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche FreeWallpaper
CVE-2008-5896 (CodeAvalanche RateMySite stores sensitive information under the web ...)
	NOT-FOR-US: CodeAvalanche RateMySite
CVE-2008-5895 (SQL injection vulnerability in connection.php in Mediatheka 4.2 and ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5894 (Directory traversal vulnerability in index.php in Mediatheka 4.2 ...)
	NOT-FOR-US: Mediatheka
CVE-2008-5893 (Cross-site scripting (XSS) vulnerability in admin_dblayers.asp in ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5892 (Multiple SQL injection vulnerabilities in ClickAndEmail allow remote ...)
	NOT-FOR-US: ClickAndEmail
CVE-2008-5891 (Cross-site scripting (XSS) vulnerability in the profile editing ...)
	NOT-FOR-US: Injader
CVE-2008-5890 (SQL injection vulnerability in feeds.php in Injader before 2.1.2 ...)
	NOT-FOR-US: Injader
CVE-2008-5889 (Cross-site scripting (XSS) vulnerability in user.asp in Click&amp;Rank ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5888 (Multiple SQL injection vulnerabilities in Click&amp;Rank allow remote ...)
	NOT-FOR-US: Click&Rank
CVE-2008-5887 (phplist before 2.10.8 allows remote attackers to include files via ...)
	NOT-FOR-US: phplist
CVE-2008-5886 (TAKempis Discussion Web 4.0 stores sensitive information under the web ...)
	NOT-FOR-US: TAKempis Discussion Web
CVE-2008-5885 (The Net Guys ASPired2Quote stores sensitive information under the web ...)
	NOT-FOR-US: Net Guys ASPired2Quote
CVE-2008-5884 (AyeView 2.20 allows user-assisted attackers to cause a denial of ...)
	NOT-FOR-US: AyeView
CVE-2008-5883 (Absolute path traversal vulnerability in front-end/dir.php in mini-pub ...)
	NOT-FOR-US: mini-pub
CVE-2008-5904 (The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5903 (Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-5902 (Buffer overflow in the xrdp_bitmap_invalidate function in ...)
	- xrdp 0.4.0~dfsg-9 (bug #511641)
CVE-2008-6005 (Multiple buffer overflows in the CheckUniqueName function in W3C Amaya ...)
	- amaya <removed> (medium; bug #507587)
	NOTE: different vector than described in CVE-2008-5282, see 507587#15
CVE-2009-XXXX [openslp: insecure cert validation through openssl api misuse]
	- openslp-dfsg <not-affected> (Debian's openslp doesn't build with SSL support)
CVE-2009-0114 (Unspecified vulnerability in the Settings Manager in Adobe Flash ...)
	NOT-FOR-US: Flash
CVE-2009-0113 (Directory traversal vulnerability in attachmentlibrary.php in the ...)
	NOT-FOR-US: Joomla! component
CVE-2009-0112 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: PollPro
CVE-2009-0111 (SQL injection vulnerability in frontpage.php in Goople CMS 1.8.2 and ...)
	NOT-FOR-US: Goople CMS
CVE-2009-0110 (SQL injection vulnerability in read.php in RiotPix 0.61 and earlier ...)
	NOT-FOR-US: RiotPix
CVE-2009-0109 (SQL injection vulnerability in index.php in RiotPix 0.61 and earlier ...)
	NOT-FOR-US: RiotPix
CVE-2009-0108 (PHPAuctions (aka PHPAuctionSystem) allows remote attackers to bypass ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0107 (Cross-site scripting (XSS) vulnerability in profile.php in PHPAuctions ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0106 (SQL injection vulnerability in profile.php in PHPAuctions (aka ...)
	NOT-FOR-US: PHPAuctions
CVE-2009-0105 (Cross-site scripting (XSS) vulnerability in index.php in EZpack 4.2b2 ...)
	NOT-FOR-US: EZpack
CVE-2009-0104 (SQL injection vulnerability in index.php in EZpack 4.2b2 allows remote ...)
	NOT-FOR-US: EZpack
CVE-2009-0103 (Multiple PHP remote file inclusion vulnerabilities in playSMS 0.9.3 ...)
	NOT-FOR-US: playSMS
CVE-2008-5882 (SQL injection vulnerability in login.asp in Citrix Application Gateway ...)
	NOT-FOR-US: Citrix
CVE-2008-5881 (Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow ...)
	NOT-FOR-US: playSMS
CVE-2009-0102 (Microsoft Project 2000 SR1 and 2002 SP1, and Office Project 2003 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2009-0101
	REJECTED
CVE-2009-0100 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 SP1; ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2009-0099 (The Electronic Messaging System Microsoft Data Base (EMSMDB32) ...)
	NOT-FOR-US: Microsoft
CVE-2009-0098 (Microsoft Exchange 2000 Server SP3, Exchange Server 2003 SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2009-0097 (Microsoft Office Visio 2002 SP2 and 2003 SP3 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2009-0096 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...)
	NOT-FOR-US: Microsoft
CVE-2009-0095 (Microsoft Office Visio 2002 SP2, 2003 SP3, and 2007 SP1 does not ...)
	NOT-FOR-US: Microsoft
CVE-2009-0094 (The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0093 (Windows DNS Server in Microsoft Windows 2000 SP4, Server 2003 SP1 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0092
	REJECTED
CVE-2009-0091 (Microsoft .NET Framework 2.0, 2.0 SP1, and 3.5 does not properly ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0090 (Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2009-0089 (Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0088 (The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft ...)
	NOT-FOR-US: Microsoft Office
CVE-2009-0087 (Unspecified vulnerability in the Word 6 text converter in WordPad in ...)
	NOT-FOR-US: Microsoft Word
CVE-2009-0086 (Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0085 (The Secure Channel (aka SChannel) authentication component in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0084 (Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 ...)
	NOT-FOR-US: DirectX
CVE-2009-0083 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0082 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0081 (The graphics device interface (GDI) implementation in the kernel in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2009-0080 (The ThreadPool class in Windows Vista Gold and SP1, and Server 2008, ...)
	NOT-FOR-US: Windows Vista
CVE-2009-0079 (The RPCSS service in Microsoft Windows XP SP2 and SP3 and Server 2003 ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-0078 (The Windows Management Instrumentation (WMI) provider in Microsoft ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2009-0077 (The firewall engine in Microsoft Forefront Threat Management Gateway, ...)
	NOT-FOR-US: Microsoft Forefront Threat Management Gateway
CVE-2009-0076 (Microsoft Internet Explorer 7, when XHTML strict mode is used, allows ...)
	NOT-FOR-US: Microsoft
CVE-2009-0075 (Microsoft Internet Explorer 7 does not properly handle errors during ...)
	NOT-FOR-US: Microsoft
CVE-2009-0074
	REJECTED
CVE-2009-0073
	REJECTED
CVE-2009-0072 (Microsoft Internet Explorer 6.0 through 8.0 beta2 allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2009-0071 (Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2009-0070 (Integer signedness error in Apple Safari allows remote attackers to ...)
	NOT-FOR-US: Apple Safari
CVE-2008-5880 (admin/auth.php in Gobbl CMS 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Gobbl CMS
CVE-2008-5879 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5878 (Multiple directory traversal vulnerabilities in Phpclanwebsite (aka ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5877 (Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2008-5876 (Buffer overflow in Irrlicht before 1.5 allows remote attackers to ...)
	- irrlicht <not-affected> (package was first introduced in version 1.5)
CVE-2008-5875 (SQL injection vulnerability in the com_lowcosthotels component in the ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5874 (Multiple SQL injection vulnerabilities in the Hotel Booking ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5873 (Yerba SACphp 6.3 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Yerba
CVE-2008-5872 (Multiple unspecified vulnerabilities in the UNIStim File Transfer ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5871 (Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not ...)
	NOT-FOR-US: Nortel Multimedia Communication Server
CVE-2008-5870 (FastStone Image Viewer 3.6 allows user-assisted attackers to cause a ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2008-5869 (Cross-site scripting (XSS) vulnerability in the Proxim Wireless ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5868 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...)
	NOT-FOR-US: IntelliTamper
CVE-2009-0069 (Unspecified vulnerability in the nfs4rename_persistent_fh function in ...)
	NOT-FOR-US: Solaris
CVE-2009-0068 (Interaction error in xdg-open allows remote attackers to execute ...)
	- xdg-utils <not-affected> (xdg-open is not added to mailcap)
CVE-2009-0067
	RESERVED
CVE-2009-0066 (Multiple unspecified vulnerabilities in Intel system software for ...)
	NOT-FOR-US: Intel system software for TXT
CVE-2009-0065 (Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
CVE-2009-0064 (Multiple unspecified vulnerabilities in the Control Center in Symantec ...)
	NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0063 (Cross-site scripting (XSS) vulnerability in the Control Center in ...)
	NOT-FOR-US: Symantec Brightmail Gateway Appliance
CVE-2009-0062 (Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), ...)
	NOT-FOR-US: Cisco
CVE-2009-0061 (Unspecified vulnerability in the Wireless LAN Controller (WLC) TSEC ...)
	NOT-FOR-US: Cisco
CVE-2009-0060
	RESERVED
CVE-2009-0059 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...)
	NOT-FOR-US: Cisco
CVE-2009-0058 (The Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless ...)
	NOT-FOR-US: Cisco
CVE-2009-0057 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2009-0056 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0055 (Cross-site request forgery (CSRF) vulnerability in the administration ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0054 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0053 (PXE Encryption in Cisco IronPort Encryption Appliance 6.2.4 before ...)
	NOT-FOR-US: Cisco IronPort Encryption Appliance
CVE-2009-0052 (The Atheros wireless driver, as used in Netgear WNDAP330 Wi-Fi access ...)
	NOT-FOR-US: Netgear WNDAP330 Access Point
CVE-2009-0051 (ZXID 0.29 and earlier does not properly check the return value from ...)
	NOT-FOR-US: ZXID
CVE-2009-0050 (Lasso 2.2.1 and earlier does not properly check the return value from ...)
	{DSA-1700-1}
	- lasso 2.2.1-2 (bug #511262)
CVE-2009-0049 (Belgian eID middleware (eidlib) 2.6.0 and earlier does not properly ...)
	{DSA-1946-1}
	- belpic 2.6.0-6 (bug #511261)
CVE-2009-0048 (OpenEvidence 1.0.6 and earlier does not properly check the return ...)
	NOT-FOR-US: OpenEvidence
CVE-2009-0047 (Gale 0.99 and earlier does not properly check the return value from ...)
	NOT-FOR-US: Gale
CVE-2009-0046 (Sun GridEngine 5.3 and earlier does not properly check the return ...)
	NOT-FOR-US: Sun GridEngine
CVE-2009-0045
	RESERVED
CVE-2009-0044
	RESERVED
CVE-2009-0043 (The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 ...)
	NOT-FOR-US: CA Service Metric Analysis r11.0 through r11.1 SP1 and Service
CVE-2009-0042 (Multiple unspecified vulnerabilities in the Arclib library ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2009-0041 (IAX2 in Asterisk Open Source 1.2.x before 1.2.31, 1.4.x before ...)
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg~rc3-1 (low; bug #513413)
	[lenny] - asterisk <no-dsa> (Minor issue)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5867 (Directory traversal vulnerability in Yerba SACphp 6.3 allows remote ...)
	NOT-FOR-US: Yerba
CVE-2008-5866 (The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public ...)
	NOT-FOR-US: Proxim Wireless Tsunami
CVE-2008-5865 (SQL injection vulnerability in the com_hbssearch component 1.0 in the ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5864 (SQL injection vulnerability in the Top Hotel (com_tophotelmodule) ...)
	NOT-FOR-US: Hotel Booking Reservation System for Joomla
CVE-2008-5863 (SQL injection vulnerability in locator.php in the Userlocator module ...)
	NOT-FOR-US: Module for Woltlab Burning Board
CVE-2008-5862 (Directory traversal vulnerability in webcamXP 5.3.2.375 and 5.3.2.410 ...)
	NOT-FOR-US: webcamXP
CVE-2008-5861 (Directory traversal vulnerability in source.php in FreeLyrics 1.0 ...)
	NOT-FOR-US: FreeLyrics
CVE-2008-5860 (Directory traversal vulnerability in backend/template.php in ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5859 (SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5858 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5857 (The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote ...)
	NOT-FOR-US: KnowledgeTree
CVE-2008-5856 (Directory traversal vulnerability in scripts/export.php in ClaSS ...)
	NOT-FOR-US: ClaSS
CVE-2008-5855 (myPHPscripts Login Session 2.0 stores sensitive information under the ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5854 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: myPHPscripts Login Session
CVE-2008-5853 (Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier ...)
	NOT-FOR-US: ChoCoMaS
CVE-2008-5852 (Emefa Guestbook 3.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2008-5851 (SQL injection vulnerability in index.php in My PHP Baseball Stats ...)
	NOT-FOR-US: My PHP Baseball Stats
CVE-2008-5850
	REJECTED
CVE-2008-5849 (Check Point VPN-1 R55, R65, and other versions, when Port Address ...)
	NOT-FOR-US: Check Point
CVE-2008-5848 (The Advantech ADAM-6000 module has 00000000 as its default password, ...)
	NOT-FOR-US: Advantech ADAM-6000 module
CVE-2008-5847 (Constructr CMS 3.02.5 and earlier stores passwords in cleartext in a ...)
	NOT-FOR-US: Constructr CMS
CVE-2008-5846 (Six Apart Movable Type (MT) before 4.23 allows remote authenticated ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5845 (Multiple cross-site scripting (XSS) vulnerabilities in Six Apart ...)
	- movabletype-opensource 4.2.3-1 (low)
CVE-2008-5844 (PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW ...)
	- php5 <not-affected> (vulnerable code introduced in 5.2.7, we have 5.2.6 and 5.2.8 was released in the meantime)
	[etch] - php4 <not-affected> (vulnerable code introduced in php5 5.2.7)
CVE-2008-5843 (Multiple untrusted search path vulnerabilities in pdfjam allow local ...)
	- pdfjam <not-affected> (the debian package sets pdflatex and thus dirname can't result in returning .)
	NOTE: it is also not possible to include a crafted sed or pdflatex executable in the pdflatex call
	NOTE: as our version uses random names, see #510584
CVE-2008-5842 (Multiple cross-site scripting (XSS) vulnerabilities in Fujitsu-Siemens ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which ...)
	NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
CVE-2008-XXXX [auctex insecure temp file]
	- auctex 11.83-7.3 (low; bug #506961)
	[etch] - auctex <no-dsa> (Minor issue)
CVE-2008-5841 (Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier ...)
	NOT-FOR-US: iGaming
CVE-2008-5840 (PHP iCalendar 2.24 and earlier allows remote attackers to bypass ...)
	- phpicalendar <removed> (bug #513517)
CVE-2008-5839 (Buffer overflow in Foxmail 6.5 allows remote attackers to execute ...)
	NOT-FOR-US: Foxmail
CVE-2008-5838 (SQL injection vulnerability in search_results.php in E-Php Scripts ...)
	NOT-FOR-US: E-Php Scripts E-Shop Shopping Cart
CVE-2008-5837
	RESERVED
CVE-2008-5836
	RESERVED
CVE-2008-5835
	RESERVED
CVE-2008-5834
	RESERVED
CVE-2008-5833
	RESERVED
CVE-2008-5832
	RESERVED
CVE-2008-5831
	RESERVED
CVE-2008-5830
	RESERVED
CVE-2008-5829
	RESERVED
CVE-2008-5828 (Microsoft Windows Live Messenger Client 8.5.1 and earlier, when MSN ...)
	NOT-FOR-US: Microsoft
CVE-2008-5827 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5826 (The Nokia 6131 Near Field Communication (NFC) phone with 05.12 ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5825 (The SmartPoster implementation on the Nokia 6131 Near Field ...)
	NOT-FOR-US: Nokia Firmware
CVE-2008-5823 (An ActiveX control in prtstb06.dll in Microsoft Money 2006, when used ...)
	NOT-FOR-US: Microsoft Money
CVE-2008-5822 (Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other ...)
	- xulrunner <unfixed> (unimportant)
	NOTE: Just a crash, no security impact
CVE-2008-5821 (Memory leak in WebKit.dll in WebKit, as used by Apple Safari 3.2 on ...)
	NOT-FOR-US: Webkit on Windows
CVE-2008-5820 (SQL injection vulnerability in eDNews_view.php in eDreamers eDNews 2 ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5819 (Directory traversal vulnerability in eDNews_archive.php in eDreamers ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5818 (Directory traversal vulnerability in index.php in eDreamers ...)
	NOT-FOR-US: eDreamers eDNews
CVE-2008-5817 (Multiple SQL injection vulnerabilities in index.php in Web Scribble ...)
	NOT-FOR-US: Web Scribble Solutions webClassifieds
CVE-2008-5816 (SQL injection vulnerability in repository.php in ILIAS 3.7.4 and ...)
	NOT-FOR-US: ILIAS
CVE-2008-5815 (SQL injection vulnerability in Acomment.php in phpAlumni allows remote ...)
	NOT-FOR-US: phpAlumni
CVE-2008-5814 (Cross-site scripting (XSS) vulnerability in PHP, possibly 5.2.7 and ...)
	{DSA-1789-1}
	- php5 5.2.11.dfsg.1-1 (low; bug #523028)
	NOTE: I don't know in which version this was fixed specifically, but
	NOTE: I've checked that the patch is present in this version
	- php4 <removed> (low; bug #523028)
CVE-2008-5813 (SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before ...)
	- spip 2.0.6-1
CVE-2008-5812 (Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 ...)
	- spip 2.0.6-1
CVE-2008-5811 (SQL injection vulnerability in the PaxGallery (com_paxgallery) ...)
	NOT-FOR-US: joomla
CVE-2008-5810 (WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, ...)
	NOT-FOR-US: Fujitsu-Siemens WebTransactions
CVE-2008-5809 (futomi CGI Cafe Access Analyzer CGI Standard 4.0.1 and earlier and ...)
	NOT-FOR-US: futomi CGI Cafe Access Analyzer CGI Standard
CVE-2008-5808 (Cross-site scripting (XSS) vulnerability in Six Apart Movable Type ...)
	NOT-FOR-US: Six Apart Movable Type Enterprise
CVE-2006-7236 (The default configuration of xterm on Debian GNU/Linux sid and ...)
	{DTSA-182-1}
	- xterm 238-1 (medium; bug #510030)
	[etch] - xterm <not-affected> (allowWindowOps disabled in configuration)
	NOTE: Somewhat mitigated by a filter for control characters in
	NOTE: post-etch versions.
CVE-2008-5807 (Multiple cross-site scripting (XSS) vulnerabilities in TestLink before ...)
	NOT-FOR-US: TestLink
CVE-2008-5806 (SQL injection vulnerability in login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5805 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2008-5804 (SQL injection vulnerability in admin/admin_catalog.php in e-topbiz ...)
	NOT-FOR-US: e-topbiz Number Links 1 Php Script
CVE-2008-5803 (SQL injection vulnerability in admin/login.php in E-topbiz Online ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5802 (SQL injection vulnerability in index.php in E-topbiz Online Store 1.0 ...)
	NOT-FOR-US: E-topbiz
CVE-2008-5801 (Unspecified vulnerability in the Dictionary (rtgdictionary) extension ...)
	NOT-FOR-US: Dictionary (rtgdictionary) extension for TYPO3
CVE-2008-5800 (SQL injection vulnerability in the Wir ber uns [sic] (fsmi_people) ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5799 (Cross-site scripting (XSS) vulnerability in the Wir ber uns ...)
	NOT-FOR-US: fsmi_people extension for TYPO3
CVE-2008-5798 (SQL injection vulnerability in the CMS Poll system (cms_poll) ...)
	NOT-FOR-US: CMS Poll system for TYPO3
CVE-2008-5797 (SQL injection vulnerability in the advCalendar extension 0.3.1 and ...)
	NOT-FOR-US: advCalendar extension for TYPO3
CVE-2008-5796 (SQL injection vulnerability in the eluna Page Comments ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5795 (Cross-site scripting (XSS) vulnerability in the eluna Page Comments ...)
	NOT-FOR-US: Page Comments extension for TYPO3
CVE-2008-5794 (Directory traversal vulnerability in system/admin/images.php in ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5793 (Multiple PHP remote file inclusion vulnerabilities in the Clickheat - ...)
	NOT-FOR-US: Clickheat - Heatmap stats (com_clickheat) component 1.0.1 for Joomla!
CVE-2008-5792 (PHP remote file inclusion vulnerability in show_joined.php in ...)
	NOT-FOR-US: Indiscripts Enthusiast
CVE-2008-5791 (Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution ...)
	NOT-FOR-US: PrestaShop e-Commerce Solution
CVE-2008-5790 (Multiple PHP remote file inclusion vulnerabilities in the ...)
	NOT-FOR-US: Recly!Competitions (com_competitions) component 1.0 for Joomla!
CVE-2008-5789 (Multiple PHP remote file inclusion vulnerabilities in the Recly ...)
	NOT-FOR-US: Recly Interactive Feederator (com_feederator) component 1.0.5 for Joomla!
CVE-2008-5788 (SQL injection vulnerability in index.php in Domain Seller Pro 1.5 ...)
	NOT-FOR-US: Domain Seller
CVE-2008-5787 (Directory traversal vulnerability in mod.php in Arab Portal 2.1 on ...)
	NOT-FOR-US: Arab Portal
CVE-2008-5786 (Cross-site scripting (XSS) vulnerability in the Silva Find extension ...)
	NOT-FOR-US: Silva Find
CVE-2008-5785 (SQL injection vulnerability in V3 Chat - Profiles/Dating Script 3.0.2 ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5784 (V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to ...)
	NOT-FOR-US: V3 Chat - Profiles/Dating Script
CVE-2008-5783 (admin/index.php in V3 Chat Live Support 3.0.4 allows remote attackers ...)
	NOT-FOR-US: V3 Chat
CVE-2008-5782 (SQL injection vulnerability in bannerclick.php in ZeeMatri 3.0 allows ...)
	NOT-FOR-US: ZeeMatri
CVE-2008-5781 (SQL injection vulnerability in right.php in Cant Find A Gaming CMS ...)
	NOT-FOR-US: Cant Find A Gaming CMS (CFAGCMS)
CVE-2008-5780 (Forest Blog 1.3.2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Forest Blog
CVE-2008-5779 (SQL injection vulnerability in lpro.php in Free Links Directory Script ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5778 (SQL injection vulnerability in report.php in Free Links Directory ...)
	NOT-FOR-US: Free Links Directory Script
CVE-2008-5777 (SQL injection vulnerability in index.php in CadeNix allows remote ...)
	NOT-FOR-US: CadeNix
CVE-2008-5776 (Multiple directory traversal vulnerabilities in Aperto Blog 0.1.1 ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5775 (SQL injection vulnerability in categories.php in Aperto Blog 0.1.1 ...)
	NOT-FOR-US: Aperto Blog
CVE-2008-5774 (Multiple SQL injection vulnerabilities in ASPSiteWare HomeBuilder 1.0 ...)
	NOT-FOR-US: ASPSiteWare HomeBuilder
CVE-2008-5773 (Nukedit 4.9.8 stores sensitive information under the web root with ...)
	NOT-FOR-US: Nukedit
CVE-2008-5772 (Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings ...)
	NOT-FOR-US: ASPSiteWare RealtyListings
CVE-2008-5771 (Directory traversal vulnerability in test.php in PHP Weather 2.2.2 ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5770 (Cross-site scripting (XSS) vulnerability in config/make_config.php in ...)
	NOT-FOR-US: PHP Weather
CVE-2008-5769 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5768 (SQL injection vulnerability in print.php in the AM Events (aka ...)
	NOT-FOR-US: AM Events
CVE-2008-5767 (SQL injection vulnerability in authors.asp in gNews Publisher allows ...)
	NOT-FOR-US: gNews Publisher
CVE-2008-5766 (SQL injection vulnerability in download.php in Farsi Script Faupload ...)
	NOT-FOR-US: Farsi Script Faupload
CVE-2008-5765 (WorkSimple 1.2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5764 (PHP remote file inclusion vulnerability in calendar.php in WorkSimple ...)
	NOT-FOR-US: WorkSimple
CVE-2008-5763 (PHP remote file inclusion vulnerability in slogin_lib.inc.php in ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5762 (Simple Text-File Login Script (SiTeFiLo) 1.0.6 stores sensitive ...)
	NOT-FOR-US: Simple Text-File Login Script (SiTeFiLo)
CVE-2008-5761 (Multiple cross-site scripting (XSS) vulnerabilities in FlatnuX CMS ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5760 (Cross-site scripting (XSS) vulnerability in error413.php in Kerio ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-5759 (Cross-site scripting (XSS) vulnerability in FlatnuX CMS (aka ...)
	NOT-FOR-US: FlatnuX CMS
CVE-2008-5758 (Cross-site request forgery (CSRF) vulnerability in PHParanoid before ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5757 (Cross-site scripting (XSS) vulnerability in textarea/index.php in ...)
	- textpattern 4.0.6-1
CVE-2008-5756 (Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows ...)
	NOT-FOR-US: BreakPoint Software Hex Workshop
CVE-2008-5755 (Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-5754 (Stack-based buffer overflow in BulletProof FTP Client allows ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5753 (Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 ...)
	NOT-FOR-US: BulletProof FTP Client
CVE-2008-5752 (Directory traversal vulnerability in getConfig.php in the Page Flip ...)
	NOT-FOR-US: Page Flip Image Gallery plugin for WordPress
CVE-2008-5751 (SQL injection vulnerability in index.php in AlstraSoft Web Email ...)
	NOT-FOR-US: AlstraSoft Web Email Script Enterprise
CVE-2008-5750 (Argument injection vulnerability in Microsoft Internet Explorer 8 beta ...)
	NOT-FOR-US: Microsoft
CVE-2008-5749 (** DISPUTED ** ...)
	NOT-FOR-US: Unclear, historic Chrome issue
CVE-2008-5748 (Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2008-5747 (F-Prot 4.6.8 for GNU/Linux allows remote attackers to bypass ...)
	NOT-FOR-US: F-Prot
CVE-2008-5746 (Sun SNMP Management Agent (SUNWmasf) 1.4u2 through 1.5.4 allows local ...)
	NOT-FOR-US: Sun SNMP Management Agent
CVE-2008-5745 (Integer overflow in quartz.dll in the DirectShow framework in ...)
	NOT-FOR-US: Microsoft
CVE-2008-5824 (Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile ...)
	{DSA-1972-1}
	- audiofile 0.2.6-7.1 (medium; bug #510205)
CVE-2008-5744 (Array index error in the dahdi/tor2.c driver in Zaptel (aka DAHDI) ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3 (bug #510583)
CVE-2008-5743 (pdfjam creates the (1) pdf90, (2) pdfjoin, and (3) pdfnup files with a ...)
	- pdfjam 1.10-1 (low; bug #510584)
CVE-2008-5742 (Multiple open redirect vulnerabilities in AIST NetCat 3.12 and earlier ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5741
	RESERVED
CVE-2008-5740
	RESERVED
CVE-2008-5739 (SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-5738 (Nodstrum MySQL Calendar 1.1 and 1.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5737 (SQL injection vulnerability in index.php in Nodstrum MySQL Calendar ...)
	NOT-FOR-US: Nodstrum MySQL Calendar
CVE-2008-5736 (Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-5735 (Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-5734 (Cross-site scripting (XSS) vulnerability in WebMail Pro in IceWarp ...)
	NOT-FOR-US: IceWarp Software Merak Mail Server
CVE-2008-5733 (SQL injection vulnerability in blog.php in the Team Impact TI Blog ...)
	NOT-FOR-US: Team Impact TI Blog System mod for PHP-Fusion
CVE-2008-5732 (Unrestricted file upload vulnerability in lib/image_upload.php in ...)
	NOT-FOR-US: KafooeyBlog
CVE-2008-5731 (The PGPwded device driver (aka PGPwded.sys) in PGP Corporation PGP ...)
	NOT-FOR-US: PGP Desktop
CVE-2008-5730 (Multiple CRLF injection vulnerabilities in AIST NetCat 3.12 and ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5729 (Multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5728 (Multiple directory traversal vulnerabilities in AIST NetCat 3.12 and ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5727 (SQL injection vulnerability in modules/auth/password_recovery.php in ...)
	NOT-FOR-US: AIST NetCat
CVE-2008-5726 (SQL injection vulnerability in thread.php in stormBoards 1.0.1 allows ...)
	NOT-FOR-US: stormBoards
CVE-2008-5725 (The NT kernel-mode driver (aka pstrip.sys) 5.0.1.1 and earlier in ...)
	NOT-FOR-US: EnTech Taiwan PowerStrip
CVE-2008-5724 (The Personal Firewall driver (aka epfw.sys) 3.0.672.0 and earlier in ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5723 (Directory traversal vulnerability in CGI RESCUE KanniBBS2000 (aka ...)
	NOT-FOR-US: CGI RESCUE KanniBBS2000
CVE-2008-5722 (Buffer overflow in SAWStudio 3.9i allows user-assisted remote ...)
	NOT-FOR-US: SAWStudio
CVE-2008-5721 (SapporoWorks BlackJumboDog (BJD) before 4.2.3 allows remote attackers ...)
	NOT-FOR-US: BlackJumboDog
CVE-2008-5720 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.23 allows ...)
	NOT-FOR-US: Mayaa
CVE-2008-5719 (Cross-site scripting (XSS) vulnerability in Hitachi Groupmax Web ...)
	NOT-FOR-US: Hitachi
CVE-2008-5718 (The papd daemon in Netatalk before 2.0.4-beta2, when using certain ...)
	{DSA-1705-1 DTSA-183-1}
	- netatalk 2.0.4~beta2-1 (medium; bug #510585)
CVE-2008-5717 (Cross-site scripting (XSS) vulnerability in Hitachi JP1/Integrated ...)
	NOT-FOR-US: Hitachi
CVE-2008-5716 (xend in Xen 3.3.0 does not properly restrict a guest VM's write access ...)
	- xen-3 <not-affected> (Vulnerable code never entered Debian)
	- xen-unstable <not-affected> (Vulnerable code never entered Debian)
	NOTE: this issue was introduced as a fix to CVE-2008-4405, which has not
	NOTE: yet been fixed in Debian
CVE-2008-5715 (Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5714 (Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for ...)
	{DSA-1907-1 DTSA-203-1}
	- qemu 0.9.1-10 (low; bug #509882)
	[etch] - qemu <not-affected> (Vulnerable code not present)
	- kvm 82-1 (low; bug #509997)
	[lenny] - kvm <no-dsa> (Minor issue)
CVE-2008-5713 (The __qdisc_run function in net/sched/sch_generic.c in the Linux ...)
	{DSA-1794-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 <removed>
CVE-2008-5712 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security issues
CVE-2008-5711 (Heap-based buffer overflow in the Facebook PhotoUploader ActiveX ...)
	NOT-FOR-US: Facebook PhotoUploader ActiveX
CVE-2008-5710 (Multiple unspecified vulnerabilities in the web management interface ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5709 (Multiple unspecified vulnerabilities in the web management interface ...)
	NOT-FOR-US: Avaya Communication Manager
CVE-2008-5708 (redirect.php in SlimCMS 1.0.0 does not require authentication, which ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5707 (SQL injection vulnerability in urunler.asp in Iltaweb Alisveris ...)
	NOT-FOR-US: Iltaweb Alisveris Sistemi
CVE-2008-5704 (src/unit_test.c in gpsdrive (aka gpsdrive-scripts) 2.10~pre4 might ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5703 (gpsdrive (aka gpsdrive-scripts) 2.10~pre4 allows local users to ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508597)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5702 (Buffer underflow in the ibwdt_ioctl function in ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5701 (Array index error in arch/mips/kernel/scall64-o32.S in the Linux ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5700 (libata in the Linux kernel before 2.6.27.9 does not set minimum ...)
	{DSA-1787-1}
	- linux-2.6 2.6.26-13
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, was introduced later)
	- linux-2.6.24 <removed>
CVE-2008-5699 (The name service cache daemon (nscd) in Sun Solaris 10 and OpenSolaris ...)
	NOT-FOR-US: Solaris
CVE-2008-5698 (HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crashes not treated as security issues
CVE-2008-5697 (The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 ...)
	NOT-FOR-US: Skype extension
CVE-2008-5696 (Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-5695 (wp-admin/options.php in WordPress MU before 1.3.2, and WordPress 2.3.2 ...)
	- wordpress 2.3.2 (low; bug #510786; bug #513959)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: only the admin has manage_options capabilities by default and only editors
	NOTE: have upload_files capabilities
	NOTE: Only versions prior to 2.3.2 are affected according to the Debian maintainer
CVE-2008-5694 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sandbox
CVE-2008-5693 (Ipswitch WS_FTP Server Manager 6.1.0.0 and earlier, and possibly other ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5692 (Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other ...)
	NOT-FOR-US: Ipswitch WS_FTP Server Manager
CVE-2008-5691 (Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX ...)
	NOT-FOR-US: Phoenician Casino FlashAX ActiveX
CVE-2008-5690 (The Kerberos credential renewal feature in Sun Solaris 8, 9, and 10, ...)
	NOT-FOR-US: Solaris
CVE-2008-5689 (tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 ...)
	NOT-FOR-US: Solaris
CVE-2008-5688 (MediaWiki 1.8.1, and other versions before 1.13.3, when the ...)
	- mediawiki 1:1.13.3-1 (unimportant)
	- mediawiki1.7 <removed> (unimportant)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2008-5687 (MediaWiki 1.11, and other versions before 1.13.3, does not properly ...)
	{DTSA-186-1}
	- mediawiki 1:1.13.3-1 (low)
	- mediawiki1.7 <removed>
	[etch] - mediawiki1.7 <not-affected> (The backup feature was introduced in 1.11)
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5686 (IBM Tivoli Provisioning Manager (TPM) before 5.1.1.1 IF0006, when its ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2008-5685 (Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun ...)
	NOT-FOR-US: Sun ScApp firmware
CVE-2008-5684 (Unspecified vulnerability in the X Inter Client Exchange library (aka ...)
	NOT-FOR-US: Solaris
CVE-2008-5683 (Unspecified vulnerability in Opera before 9.63 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-5682 (Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows ...)
	NOT-FOR-US: Opera
CVE-2008-5681 (Opera before 9.63 does not block unspecified &quot;scripted URLs&quot; during ...)
	NOT-FOR-US: Opera
CVE-2008-5680 (Multiple buffer overflows in Opera before 9.63 might allow (1) remote ...)
	NOT-FOR-US: Opera
CVE-2008-5679 (The HTML parsing engine in Opera before 9.63 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-5678 (Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote ...)
	NOT-FOR-US: OLIB7 WebView
CVE-2008-5677 (Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and ...)
	NOT-FOR-US: Kwalbum
CVE-2008-5676 (Multiple unspecified vulnerabilities in the ModSecurity (aka ...)
	- libapache-mod-security 2.5.6-1
CVE-2008-5675 (Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-5674 (Multiple array index errors in the HTTP server in Darkwet Network ...)
	NOT-FOR-US: Darkwet Network webcamXP
CVE-2008-5673 (PHParanoid before 0.4 does not properly restrict access to the members ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5672 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: PHParanoid
CVE-2008-5671 (PHP remote file inclusion vulnerability in index.php in Joomla! 1.0.11 ...)
	NOT-FOR-US: Joomla
CVE-2008-5670 (Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5669 (index.php in the comments preview section in Textpattern (aka Txp CMS) ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5668 (Multiple cross-site scripting (XSS) vulnerabilities in Textpattern ...)
	- textpattern 4.0.6-1 (low)
CVE-2008-5667 (The scanning engine in VirusBlokAda VBA32 Personal Antivirus 3.12.8.x ...)
	NOT-FOR-US: VBA32 Personal Antivirus
CVE-2008-5666 (WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows ...)
	NOT-FOR-US: WinFTP
CVE-2008-5665 (SQL injection vulnerability in index.php in the xhresim module in ...)
	NOT-FOR-US: XOOPS
CVE-2008-5664 (Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound ...)
	NOT-FOR-US: Realtek Media Player
CVE-2008-5663 (Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and ...)
	NOT-FOR-US: Kusaba
CVE-2008-5662 (Multiple buffer overflows in Sun Java Wireless Toolkit (WTK) for CLDC ...)
	NOT-FOR-US: Sun Java Wireless Toolkit
CVE-2008-5661 (The IPv4 Forwarding feature in Sun Solaris 10 and OpenSolaris snv_47 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-5659 (The gnu.java.security.util.PRNG class in GNU Classpath 0.97.2 and ...)
	- classpath 2:0.98-1 (bug #512532; low)
	[lenny] - classpath <no-dsa> (Minor issue)
	- libgnucrypto-java <removed> (low; bug #559789)
	[lenny] - libgnucrypto-java <no-dsa> (Minor issue)
CVE-2008-5657 (CRLF injection vulnerability in Quassel Core before 0.3.0.3 allows ...)
	- quassel 0.2~rc1-1.1 (bug #506550)
CVE-2008-5656 (Cross-site scripting (XSS) vulnerability in the frontend plugin for ...)
	- typo3-src 4.2.3-1 (bug #505325)
	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
CVE-2008-5655 (Multiple SQL injection vulnerabilities in MyioSoft EasyBookMarker 4.0 ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5654 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5653 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5652 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5651 (SQL injection vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-5650 (SQL injection vulnerability in the login directory in AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5649 (SQL injection vulnerability in admin/admin.php in AlstraSoft Article ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2008-5648 (SQL injection vulnerability in admin/login.php in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Shop
CVE-2008-5647 (Unspecified vulnerability in the HTML sanitizer filter in Trac before ...)
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5646 (Unspecified vulnerability in Trac before 0.11.2 allows attackers to ...)
	- trac 0.11.1-2.1 (low; bug #509342; bug #505197)
	[etch] - trac <no-dsa> (Minor issue)
CVE-2008-5645 (Directory traversal vulnerability in the media server in Orb Networks ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5644 (Cross-site scripting (XSS) vulnerability in the file backend module in ...)
	- typo3-src 4.2.3-1 (bug #505324)
	[etch] - typo3-src <not-affected> (Only Typo3 4.2.2 is affected)
CVE-2008-5643 (SQL injection vulnerability in the Books (com_books) component for ...)
	NOT-FOR-US: Joomla
CVE-2008-5642 (Directory traversal vulnerability in admin/login.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2008-5641 (SQL injection vulnerability in account.asp in Active Photo Gallery 6.2 ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2008-5640 (SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 ...)
	NOT-FOR-US: Active Bids
CVE-2008-5639 (Directory traversal vulnerability in index.php in TxtBlog 1.0 Alpha ...)
	NOT-FOR-US: TxtBlog
CVE-2008-5638 (Multiple SQL injection vulnerabilities in Active Price Comparison 4 ...)
	NOT-FOR-US: Active Price Comparison
CVE-2008-5637 (SQL injection vulnerability in blog.asp in ParsBlogger (Pb) allows ...)
	NOT-FOR-US: ParsBlogger
CVE-2008-5636 (SQL injection vulnerability in cate.php in Lito Lite CMS, when ...)
	NOT-FOR-US: Lito Lite CMS
CVE-2008-5635 (SQL injection vulnerability in account.asp in Active Membership 2.0 ...)
	NOT-FOR-US: Active Membership
CVE-2008-5634 (SQL injection vulnerability in account.asp in Active Force Matrix 2.0 ...)
	NOT-FOR-US: Active Force Matrix
CVE-2008-5633 (SQL injection vulnerability in register.asp in ActiveVotes 2.2 allows ...)
	NOT-FOR-US: ActiveVotes
CVE-2008-5632 (SQL injection vulnerability in Account.asp in Active Time Billing 3.2 ...)
	NOT-FOR-US: Active Time Billing
CVE-2008-5631 (SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows ...)
	NOT-FOR-US: Active eWebquiz
CVE-2008-5630 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
	NOT-FOR-US: Post Affiliate
CVE-2008-5629 (SQL injection vulnerability in index.php in Turnkey Arcade Script ...)
	NOT-FOR-US: Turnkey Arcade Script
CVE-2008-5628 (SQL injection vulnerability in index.php in CMS little 0.0.1 allows ...)
	NOT-FOR-US: CMS little
CVE-2008-5627 (SQL injection vulnerability in account.asp in Active Trade 2 allows ...)
	NOT-FOR-US: Active Trade
CVE-2008-5626 (XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2008-5623
	RESERVED
CVE-2008-5620 (RoundCube Webmail (roundcubemail) before 0.2-beta allows remote ...)
	- roundcube 0.1.1-10 (low; bug #509596)
CVE-2008-5618 (imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 ...)
	- rsyslog 3.18.6-1 (low; bug #510906)
CVE-2008-5615
	RESERVED
CVE-2008-5614
	RESERVED
CVE-2008-5613
	RESERVED
CVE-2008-5612
	RESERVED
CVE-2008-5611
	RESERVED
CVE-2008-5610
	RESERVED
CVE-2008-5609 (SQL injection vulnerability in the Commerce extension 0.9.6 and ...)
	NOT-FOR-US: Commerce extension
CVE-2008-5608 (ASP AutoDealer stores sensitive information under the web root with ...)
	NOT-FOR-US: AutoDealer
CVE-2008-5607 (SQL injection vulnerability in the JMovies (aka JM or com_jmovies) ...)
	NOT-FOR-US: joomla
CVE-2008-5606 (Gazatem QMail Mailing List Manager 1.2 stores sensitive information ...)
	NOT-FOR-US: Gazatem QMail Mailing List Manager
CVE-2008-5605 (Multiple SQL injection vulnerabilities in ASP Portal allow remote ...)
	NOT-FOR-US: ASP Portal
CVE-2008-5604 (Directory traversal vulnerability in index.php in My Simple Forum 3.0 ...)
	NOT-FOR-US: My Simple Forum
CVE-2008-5603 (ASPTicker 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: ASPTicker
CVE-2008-5602 (Natterchat 1.12 stores sensitive information under the web root with ...)
	NOT-FOR-US: Natterchat
CVE-2008-5601 (User Engine Lite ASP stores sensitive information under the web root ...)
	NOT-FOR-US: User Engine Lite ASP
CVE-2008-5600 (Merlix Teamworx Server stores sensitive information under the web root ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5599 (SQL injection vulnerability in default.asp in Merlix Teamworx Server ...)
	NOT-FOR-US: Merlix Teamworx Server
CVE-2008-5598 (Directory traversal vulnerability in index.php in PHPmyGallery 1.51 ...)
	NOT-FOR-US: PHPmyGallery
CVE-2008-5597 (Cold BBS stores sensitive information under the web root with ...)
	NOT-FOR-US: Cold BBS
CVE-2008-5596 (Ikon AdManager 2.1 and earlier stores sensitive information under the ...)
	NOT-FOR-US: Ikon AdManager
CVE-2008-5595 (SQL injection vulnerability in detail.asp in ASP AutoDealer allows ...)
	NOT-FOR-US: ASP AutoDealer
CVE-2008-5594 (Multiple directory traversal vulnerabilities in index.php in Mini Blog ...)
	NOT-FOR-US: Mini Blog
CVE-2008-5593 (Multiple directory traversal vulnerabilities in index.php in Mini CMS ...)
	NOT-FOR-US: Mini CMS
CVE-2008-5592 (Nightfall Personal Diary 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5591 (Cross-site scripting (XSS) vulnerability in login.asp in Nightfall ...)
	NOT-FOR-US: Nightfall Personal Diary
CVE-2008-5590 (SQL injection vulnerability in customer.forumtopic.php in Kalptaru ...)
	NOT-FOR-US: Kalptaru Infotech Product Sale Framework
CVE-2008-5589 (SQL injection vulnerability in processlogin.asp in Katy Whitton RankEm ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5588 (SQL injection vulnerability in rankup.asp in Katy Whitton RankEm ...)
	NOT-FOR-US: Katy Whitton RankEm
CVE-2008-5587 (Directory traversal vulnerability in libraries/lib.inc.php in ...)
	{DSA-1693-1}
	- phppgadmin 4.2.1-1.1 (low; bug #508026)
	NOTE: register_globals=on is required
	NOTE: http://www.milw0rm.com/exploits/7363
CVE-2008-5586 (SQL injection vulnerability in findoffice.php in Check Up New ...)
	NOT-FOR-US: Check Up New Generation
CVE-2008-5585 (Multiple PHP remote file inclusion vulnerabilities in lcxBBportal 0.1 ...)
	NOT-FOR-US: lcxBBportal
CVE-2007-XXXX [tdiary XSS]
	- tdiary 2.2.0-1 (bug #464778)
	[etch] - tdiary 2.0.2+20060303-5
	NOTE: fixed in r6 point update
	NOTE: http://www.tdiary.org/20071215.html
CVE-2009-0040 (The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before ...)
	{DSA-1830-1 DSA-1750-1}
	- icedove 2.0.0.22-1 (bug #535124)
	[squeeze] - icedove 2.0.0.22-0lenny1
	- libpng 1.2.35-1 (bug #516256)
CVE-2009-0039 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	- geronimo <itp> (bug #481869)
CVE-2009-0038 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	- geronimo <itp> (bug #481869)
CVE-2009-0037 (The redirect implementation in curl and libcurl 5.11 through 7.19.3, ...)
	{DSA-1738-1}
	- curl 7.18.2-8.1 (bug #518423)
CVE-2009-0036 (Buffer overflow in the proxyReadClientSocket function in ...)
	- libvirt 0.5.1-7 (unimportant)
	NOTE: not building libvirt proxy from libvirt source package
CVE-2009-0035 [alsainfo insecure temp file usage]
	RESERVED
	- alsa-driver 1.0.20-1 (unimportant)
	NOTE: alsainfo not built into source package
CVE-2009-0034 (parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret ...)
	- sudo 1.6.9p17-2 (medium)
	[etch] - sudo <not-affected> (Vulnerable code not present)
CVE-2009-0033 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 ...)
	{DSA-2207-1}
	- tomcat6 6.0.28-1
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
	- tomcat5 <removed> (medium; bug #532363)
	- tomcat5.5 <removed> (medium; bug #532366)
CVE-2009-0032 (CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) ...)
	NOT-FOR-US: issue affects pdfdistiller
CVE-2009-0031 (Memory leak in the keyctl_join_session_keyring function ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (low)
	- linux-2.6.24 <removed>
CVE-2009-0030 (A certain Red Hat patch for SquirrelMail 1.4.8 sets the same SQMSESSID ...)
	- squirrelmail <not-affected> (RedHat-specific regression)
CVE-2009-0029 (The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, ...)
	{DSA-1794-1 DSA-1787-1 DSA-1749-1}
	- linux-2.6 2.6.29-1 (medium; bug #536147)
	- linux-2.6.24 <removed>
CVE-2009-0028 (The clone system call in the Linux kernel 2.6.28 and earlier allows ...)
	{DSA-1800-1 DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.29-1
	- linux-2.6.24 <removed>
CVE-2009-0027 (The request handler in JBossWS in JBoss Enterprise Application ...)
	- jbossas4 4.2.2.GA-1 (bug #562000)
	[lenny] - jbossas4 <no-dsa> (Contrib not supported)
CVE-2009-0026 (Multiple cross-site scripting (XSS) vulnerabilities in Apache ...)
	NOT-FOR-US: Apache Jackrabbit
CVE-2009-0025 (BIND 9.6.0, 9.5.1, 9.5.0, 9.4.3, and earlier does not properly check ...)
	{DSA-1703-1}
	- bind9 1:9.5.1.dfsg.P1-1 (low; bug #511936)
	NOTE: unlike the advisory states it is DSA_do_verify not DSA_verify
	NOTE: low severity because it is believed hard to trigger and only
	NOTE: affects DNSSEC with DSA, which is supposedly rarely used.
CVE-2009-0024 (The sys_remap_file_pages function in mm/fremap.c in the Linux kernel ...)
	- linux-2.6 2.6.24-4
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.23)
	NOTE: Fixed in 2.6.24 before initial upload
CVE-2009-0023 (The apr_strmatch_precompile function in strmatch/apr_strmatch.c in ...)
	{DSA-1812-1}
	- apr-util 1.3.7+dfsg-1
CVE-2009-0022 (Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows ...)
	- samba 2:3.2.5-3
	[etch] - samba <not-affected> (Only 3.2.x affected)
CVE-2009-0021 (NTP 4.2.4 before 4.2.4p5 and 4.2.5 before 4.2.5p150 does not properly ...)
	{DSA-1702-1}
	- ntp 1:4.2.4p4+dfsg-8
CVE-2009-0020 (Unspecified vulnerability in CarbonCore in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0019 (Remote Apple Events in Apple Mac OS X 10.4.11 and 10.5.6 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0018 (The Remote Apple Events server in Apple Mac OS X 10.4.11 and 10.5.6 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0017 (csregprinter in the Printing component in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0016 (Apple iTunes before 8.1 on Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Apple iTunes
CVE-2009-0015 (Unspecified vulnerability in fseventsd in the FSEvents framework in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0014 (Folder Manager in Apple Mac OS X 10.5.6 uses insecure default ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0013 (dscl in DS Tools in Apple Mac OS X 10.4.11 and 10.5.6 requires that ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0012 (Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0011 (Certificate Assistant in Apple Mac OS X 10.5.6 allows local users to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0010 (Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: QuickDraw Manager in Apple Mac OS X
CVE-2009-0009 (Unspecified vulnerability in the Pixlet codec in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2009-0008 (Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0007 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0006 (Integer signedness error in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0005 (Unspecified vulnerability in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0004 (Buffer overflow in Apple QuickTime before 7.6 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0003 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0002 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2009-0001 (Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-5622
	REJECTED
CVE-2008-5621 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.11.x ...)
	{DSA-1723-1}
	- phpmyadmin 4:2.11.8.1-5
CVE-2008-5584 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectPier 0.8 ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5583 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: ProjectPier
CVE-2008-5582 (SQL injection vulnerability in utilities/login.asp in Nukedit 4.9.x, ...)
	NOT-FOR-US: Nukedit
CVE-2008-5581 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mini-pub
CVE-2008-5580 (mini-pub.php/front-end/cat.php in mini-pub 0.3 allows remote attackers ...)
	NOT-FOR-US: mini-pub
CVE-2008-5579 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: mini-pub
CVE-2008-5578 (Multiple SQL injection vulnerabilities in index.php in sCssBoard 1.0, ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5577 (PHP remote file inclusion vulnerability in index.php in sCssBoard 1.0, ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5576 (admin/forums.php in sCssBoard 1.0, 1.1, 1.11, and 1.12 allows remote ...)
	NOT-FOR-US: sCssBoard
CVE-2008-5575 (Session fixation vulnerability in Pro Clan Manager 0.4.2 and earlier ...)
	NOT-FOR-US: Pro Clan Manager
CVE-2008-5574 (SQL injection vulnerability in member.php in Webmaster Marketplace ...)
	NOT-FOR-US: Webmaster Marketplace
CVE-2008-5573 (SQL injection vulnerability in the login feature in Poll Pro 2.0 ...)
	NOT-FOR-US: Poll Pro
CVE-2008-5572 (Professional Download Assistant 0.1 stores sensitive information under ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5571 (SQL injection vulnerability in admin/login.asp in Professional ...)
	NOT-FOR-US: Professional Download Assistant
CVE-2008-5570 (Directory traversal vulnerability in index.php in PHP Multiple ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5569 (Multiple cross-site scripting (XSS) vulnerabilities in PHPepperShop ...)
	NOT-FOR-US: PHPepperShop
CVE-2008-5568 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...)
	NOT-FOR-US: IPN Pro
CVE-2008-5567 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Bonza Cart
CVE-2008-5566 (Cross-site scripting (XSS) vulnerability in index.php in Triangle ...)
	NOT-FOR-US: Multiple Newsletters
CVE-2008-5565 (Cross-site request forgery (CSRF) vulnerability in admin/settings.php ...)
	NOT-FOR-US: DL PayCart
CVE-2008-5564 (Unspecified vulnerability in the media server in Orb Networks Orb ...)
	NOT-FOR-US: Orb Networks Orb
CVE-2008-5563 (Aruba Mobility Controller 2.4.8.x-FIPS, 2.5.x, 3.1.x, 3.2.x, 3.3.1.x, ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-5562 (ASPPortal stores sensitive information under the web root with ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5561 (SQL injection vulnerability in Netref 4.0 allows remote attackers to ...)
	NOT-FOR-US: Netref
CVE-2008-5560 (PostEcards stores sensitive information under the web root with ...)
	NOT-FOR-US: PostEcards
CVE-2008-5559 (SQL injection vulnerability in sendcard.cfm in PostEcards allows ...)
	NOT-FOR-US: PostEcards
CVE-2008-5558 (Asterisk Open Source 1.2.26 through 1.2.30.3 and Business Edition ...)
	- asterisk 1:1.4.0~dfsg-1 (bug #509686)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5557 (Heap-based buffer overflow in ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (bug #511493)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny1
	NOTE: according to bug report, this was fixed in lenny prior to the release, but was not marked as such at the time
CVE-2008-6506 (Unspecified vulnerability in phpBB before 3.0.4 allows attackers to ...)
	- phpbb3 3.0.2-4 (low; bug #508872)
CVE-2008-5556 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5555 (Microsoft Internet Explorer 8.0 Beta 2 relies on the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5554 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 does not ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5553 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 disables ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5552 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5551 (The XSS Filter in Microsoft Internet Explorer 8.0 Beta 2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5550 (Open redirect vulnerability in console/faces/jsp/login/BeginLogin.jsp ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5549 (Unspecified vulnerability in the Sun Java Web Console components in ...)
	NOT-FOR-US: Sun Java Web Console
CVE-2008-5548 (VirusBuster 4.5.11.0, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-5547 (HAURI ViRobot 2008.12.4.1499 and possibly 2008.9.12.1375, when ...)
	NOT-FOR-US: HAURI ViRobot
CVE-2008-5546 (VirusBlokAda VBA32 3.12.8.5, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: VirusBlokAda VBA32
CVE-2008-5545 (Trend Micro VSAPI 8.700.0.1004 in Trend Micro AntiVirus, when Internet ...)
	NOT-FOR-US: Trend Micro VSAPI
CVE-2008-5544 (Hacksoft The Hacker 6.3.1.2.174 and possibly 6.3.0.9.081, when ...)
	NOT-FOR-US: Hacksoft The Hacker
CVE-2008-5543 (Symantec AntiVirus (SAV) 10, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2008-5542 (Sunbelt VIPRE 3.1.1832.2 and possibly 3.1.1633.1, when Internet ...)
	NOT-FOR-US: Sunbelt VIPRE
CVE-2008-5541 (Sophos Anti-Virus 4.33.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-5540 (Secure Computing Secure Web Gateway (aka Webwasher), when Internet ...)
	NOT-FOR-US: Webwasher
CVE-2008-5539 (RISING Antivirus 21.06.31.00 and possibly 20.61.42.00, when Internet ...)
	NOT-FOR-US: RISING Antivirus
CVE-2008-5538 (Prevx Prevx1 2, when Internet Explorer 6 or 7 is used, allows remote ...)
	NOT-FOR-US: Prevx Prevx1 2
CVE-2008-5537 (PC Tools AntiVirus 4.4.2.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2008-5536 (Panda Antivirus 9.0.0.4, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Panda Antivirus
CVE-2008-5535 (Norman Antivirus 5.80.02, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Norman Antivirus
CVE-2008-5534 (ESET NOD32 Antivirus 3662 and possibly 3440, when Internet Explorer 6 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2008-5533 (K7AntiVirus 7.10.541 and possibly 7.10.454, when Internet Explorer 6 ...)
	NOT-FOR-US: K7AntiVirus
CVE-2008-5532 (Ikarus Virus Utilities T3.1.1.45.0 and possibly T3.1.1.34.0, when ...)
	NOT-FOR-US: Ikarus Virus Utilities
CVE-2008-5531 (Fortinet Antivirus 3.113.0.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2008-5530 (Ewido Security Suite 4.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: Ewido Security Suite
CVE-2008-5529 (CA eTrust Antivirus 31.6.6086, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: CA eTrust Antivirus
CVE-2008-5528 (Aladdin eSafe 7.0.17.0, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: Aladdin eSafe
CVE-2008-5527 (ESET Smart Security, when Internet Explorer 6 or 7 is used, allows ...)
	NOT-FOR-US: ESET Smart Security
CVE-2008-5526 (DrWeb Anti-virus 4.44.0.09170, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: DrWeb Anti-virus
CVE-2008-5525 (ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...)
	- clamav <not-affected> (medium; bug #526041)
	NOTE: this issue refers to a clamav antivirus bypass that occurs when the user
	NOTE: is using IE6 or IE7 to open a malicious page with an MZ header
	NOTE: - all other browsers are not vulnerable
	NOTE: - see http://xforce.iss.net/xforce/xfdb/47435 and bug report for details
CVE-2008-5524 (CAT-QuickHeal 10.00 and possibly 9.50, when Internet Explorer 6 or 7 ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2008-5523 (avast! antivirus 4.8.1281.0, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: avast! antivirus
CVE-2008-5522 (AVG Anti-Virus 8.0.0.161, when Internet Explorer 6 or 7 is used, ...)
	NOT-FOR-US: AVG Anti-Virus
CVE-2008-5521 (Avira AntiVir 7.9.0.36 and possibly 7.8.1.28, when Internet Explorer 6 ...)
	NOT-FOR-US: Avira AntiVir
CVE-2008-5520 (AhnLab V3 2008.12.4.1 and possibly 2008.9.13.0, when Internet Explorer ...)
	NOT-FOR-US: AhnLab V3
CVE-2008-5519 (The JK Connector (aka mod_jk) 1.2.0 through 1.2.26 in Apache Tomcat ...)
	{DSA-1810-1}
	- libapache-mod-jk 1:1.2.26-2.1 (bug #523054)
CVE-2008-5518 (Multiple directory traversal vulnerabilities in the web administration ...)
	- geronimo <itp> (bug #481869)
CVE-2008-5517 (The web interface in git (gitweb) 1.5.x before 1.5.6 allows remote ...)
	{DSA-1708-1}
	- git-core 1:1.5.6.5-2 (low; bug #512330)
CVE-2008-5516 (The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote ...)
	{DSA-1708-1}
	- git-core 1:1.5.6-1
CVE-2008-5515 (Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 ...)
	{DSA-2207-1}
	- tomcat5 <removed> (bug #532363)
	- tomcat5.5 <removed> (bug #532366)
	- tomcat6 6.0.20-1 (bug #532362)
	[lenny] - tomcat6 <not-affected> (Only ships the servlet package)
CVE-2008-5514 (Off-by-one error in the rfc822_output_char function in the ...)
	{DTSA-174-2}
	- uw-imap 2007b~dfsg-1.1 (medium; bug #510918)
	[etch] - uw-imap <not-affected> (Vulnerable code not present)
	- alpine 2.02-3.1 (low)
	[lenny] - alpine <no-dsa> (Minor issue)
	[squeeze] - alpine  2.00+dfsg-6+squeeze1
CVE-2008-5513 (Unspecified vulnerability in the session-restore feature in Mozilla ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
CVE-2008-5512 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5511 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5510 (The CSS parser in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
	{DSA-1707-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch will be checked for icedove/iceape/xulrunner by Alexander for next round
CVE-2008-5509
	RESERVED
CVE-2008-5508 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5507 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5506 (Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5505 (Mozilla Firefox 3.x before 3.0.5 allows remote attackers to bypass ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch now available and will be checked for next patch round
CVE-2008-5504 (Mozilla Firefox 2.x before 2.0.0.19 allows remote attackers to run ...)
	{DSA-1707-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	[etch] - xulrunner <not-affected> (The vulnerable feature is only included in 1.8.1 branch)
	NOTE: Original fix for CVE-2008-3836 was incomplete
CVE-2008-5503 (The loadBindingDocument function in Mozilla Firefox 2.x before ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1 (low)
	NOTE: JavaScript for mails is disabled by default and if users enable it ...
CVE-2008-5502 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5501 (The layout engine in Mozilla Firefox 3.x before 3.0.5, Thunderbird 2.x ...)
	- iceweasel 3.0.5-1
	[etch] - iceweasel <not-affected> (Firefox 2.x not affected)
	- xulrunner 1.9.0.5-1
	[etch] - xulrunner <not-affected> (Xulrunner 1.8 not affected)
	- icedove <not-affected> (This issue was FF3 only, CVE-2008-5500 affects icedove)
CVE-2008-5500 (The layout engine in Mozilla Firefox 3.x before 3.0.5 and 2.x before ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1 DSA-1696-1}
	- iceweasel 3.0.5-1
	- icedove 2.0.0.19-1
	- iceape 1.1.14-1
	- xulrunner 1.9.0.5-1
CVE-2008-5499 (Unspecified vulnerability in Adobe Flash Player for Linux 10.0.12.36, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5498 (Array index error in the imageRotate function in PHP 5.2.8 and earlier ...)
	- php5 <not-affected> (php5 links to the shared lib)
	- libgd2 <not-affected> (code is specific to php's libgd)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/NEWS?r1=1.2027.2.547.2.1360&r2=1.2027.2.547.2.1361
CVE-2008-5497 (BandSite CMS 1.1.4 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: BandSite CMS
CVE-2008-5496 (SQL injection vulnerability in showcategory.php in PozScripts Business ...)
	NOT-FOR-US: PozScripts Business Directory Script
CVE-2008-5495 (Unspecified vulnerability in the GungHo LoadPrgAx ActiveX control ...)
	NOT-FOR-US: GungHo LoadPrgAx
CVE-2008-5494 (SQL injection vulnerability in the Contact Information Module ...)
	NOT-FOR-US: Contact Information Module (com_contactinfo) component for Joomla!
CVE-2008-5493 (SQL injection vulnerability in track.php in PHPStore Wholesales (aka ...)
	NOT-FOR-US: PHPStore Wholesales
CVE-2008-5492 (Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX ...)
	NOT-FOR-US: PDFVIEW.PdfviewCtrl.1
CVE-2008-5491 (SQL injection vulnerability in edit.php in SlimCMS 1.0.0 and earlier ...)
	NOT-FOR-US: SlimCMS
CVE-2008-5490 (SQL injection vulnerability in index.php in PHPStore Yahoo Answers ...)
	NOT-FOR-US: PHPStore Yahoo Answers
CVE-2008-5489 (SQL injection vulnerability in channel_detail.php in ClipShare Pro 4, ...)
	NOT-FOR-US: ClipShare
CVE-2008-5488 (SQL injection vulnerability in admin.php in E-topbiz Domain Shop 2 ...)
	NOT-FOR-US: E-topbiz Domain Shop
CVE-2008-5487 (Cross-site scripting (XSS) vulnerability in admin.php in TurnkeyForms ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5486 (SQL injection vulnerability in admin.php in TurnkeyForms Text Link ...)
	NOT-FOR-US: TurnkeyForms Text Link Sales
CVE-2008-5616 (Stack-based buffer overflow in the demux_open_vqf function in ...)
	{DSA-1782-1 DTSA-181-1}
	- mplayer 1.0~rc2-19 (low; bug #508803)
CVE-2008-XXXX [axel URL parser buffer overflow]
	- axel 2.2 (unimportant)
	[etch] - axel <no-dsa> (Minor issue)
	NOTE: http://alioth.debian.org/forum/forum.php?forum_id=2846
	NOTE: this only work for non-interactive sessions which is a quite exotic usecase
CVE-2008-5619 (html2text.php in Chuggnutt HTML to Text Converter, as used in ...)
	- roundcube 0.1.1-9 (high; bug #508628; bug #536498)
	NOTE: According to the bug report, this is being exploited.
	- moodle 1.8.2.dfsg-2 (bug #508909)
	[etch] - moodle <not-affected> (Vulnerable code not present)
	NOTE: moodle recently copied roundcube's html2text due to their copy being non-free
	- mahara 1.1.3-1 (high; bug #524778)
	[lenny] - mahara <not-affected> (html2text.php wasn't yet included)
	- atmailopen <removed>
CVE-2008-5485
	REJECTED
CVE-2008-5484
	REJECTED
CVE-2008-5483
	REJECTED
CVE-2008-5482
	REJECTED
CVE-2008-5481
	REJECTED
CVE-2008-5480
	REJECTED
CVE-2008-5479
	REJECTED
CVE-2008-5478
	REJECTED
CVE-2008-5477
	REJECTED
CVE-2008-5476
	REJECTED
CVE-2008-5475
	REJECTED
CVE-2008-5474
	REJECTED
CVE-2008-5473
	REJECTED
CVE-2008-5472
	REJECTED
CVE-2008-5471
	REJECTED
CVE-2008-5470
	REJECTED
CVE-2008-5469
	REJECTED
CVE-2008-5468
	REJECTED
CVE-2008-5467
	REJECTED
CVE-2008-5466
	REJECTED
CVE-2008-5465
	REJECTED
CVE-2008-5464
	REJECTED
CVE-2008-5463 (Unspecified vulnerability in the PeopleSoft Enterprise Campus ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5462 (Unspecified vulnerability in the WebLogic Portal component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5461 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5460 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5459 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-5458 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2008-5457 (Unspecified vulnerability in the Oracle BEA WebLogic Server Plugins ...)
	NOT-FOR-US: Oracle
CVE-2008-5456 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle
CVE-2008-5455 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS - ...)
	NOT-FOR-US: Oracle
CVE-2008-5454 (Unspecified vulnerability in the iProcurement component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5453
	REJECTED
CVE-2008-5452 (Unspecified vulnerability in the PeopleSoft Enterprise HRMS component ...)
	NOT-FOR-US: Oracle
CVE-2008-5451 (Unspecified vulnerability in the JD Edwards Tools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5450 (Unspecified vulnerability in the Oracle Applications Platform ...)
	NOT-FOR-US: Oracle
CVE-2008-5449 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5448 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5447 (Unspecified vulnerability in the Oracle Enterprise Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-5446 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2008-5445 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5444 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5443 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5442 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5441 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5440 (Unspecified vulnerability in the TimesTen Data Server component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5439 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...)
	NOT-FOR-US: Oracle
CVE-2008-5438 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5437 (Unspecified vulnerability in the Job Queue component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5436 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-5435 (Cross-site scripting (XSS) vulnerability in moderate.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2008-5434 (Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow ...)
	NOT-FOR-US: PunBB
CVE-2008-5433 (Cross-site scripting (XSS) vulnerability in login.php in PunBB 1.3 and ...)
	NOT-FOR-US: PunBB
CVE-2008-5432 (Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 ...)
	{DSA-1691-1}
	- moodle 1.8.2.dfsg-1 (bug #508593)
CVE-2008-5431 (Teamtek Universal FTP Server 1.0.44 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5430 (Mozilla Thunderbird 2.0.14 does not properly handle (1) ...)
	- icedove <unfixed> (unimportant)
	NOTE: crashes icedove, but no security impact
CVE-2008-5429 (Incredimail build 5853710 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: Incredimail
CVE-2008-5428 (Opera 9.51 on Windows XP does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: Opera
CVE-2008-5427 (Norton Antivirus in Norton Internet Security 15.5.0.23 does not ...)
	NOT-FOR-US: Norton Internet Security
CVE-2008-5426 (Kaspersky Internet Security Suite 2009 does not properly handle (1) ...)
	NOT-FOR-US: Kaspersky Internet Security Suite
CVE-2008-5425 (ESet NOD32 2.70.0039.0000 does not properly handle (1) multipart/mixed ...)
	NOT-FOR-US: NOD32
CVE-2008-5424 (The MimeOleClearDirtyTree function in InetComm.dll in Microsoft ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-5423 (Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector ...)
	NOT-FOR-US: Sun Ray Software
CVE-2008-5422 (Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict ...)
	NOT-FOR-US: Sun Sun Ray Server Software
CVE-2008-5421 (The SSL web administration service in NetWin SmsGate 1.1n and earlier ...)
	NOT-FOR-US: NetWin SmsGate
CVE-2006-7235 (Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a ...)
	NOT-FOR-US: Teamtek Universal FTP Server
CVE-2008-5420 (The SAN Manager Master Agent service (aka msragent.exe) in EMC Control ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5419 (Stack-based buffer overflow in SAN Manager Master Agent service (aka ...)
	NOT-FOR-US: SAN Manager Master Agent
CVE-2008-5418 (Directory traversal vulnerability in login.php in the PunPortal module ...)
	NOT-FOR-US: PunBB
CVE-2008-5417 (HP DECnet-Plus 8.3 before ECO03 for OpenVMS on the Alpha platform uses ...)
	NOT-FOR-US: HP DECnet-Plus
CVE-2008-5416 (Heap-based buffer overflow in Microsoft SQL Server 2000 SP4, ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-5415 (The LDBserver service in the server in CA ARCserve Backup 11.1 through ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-5414 (Unspecified vulnerability in the Feature Pack for Web Services in the ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5413 (PerfServlet in the PMI/Performance Tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5412 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) 7 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5411 (IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 sends SSL ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-5410 (The PK11_SESSION cache in the OpenSSL PKCS#11 engine in Sun Solaris 10 ...)
	NOT-FOR-US: Solaris
CVE-2008-5409 (Unspecified vulnerability in the pdf.xmd module in (1) BitDefender ...)
	NOT-FOR-US: itDefender Free Edition and Antivirus Standard, BullGuard Internet Security and Software602 Groupware Server
CVE-2008-5408 (Buffer overflow in the data management protocol in Symantec Backup ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5407 (Multiple unspecified vulnerabilities in the Backup Exec remote-agent ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2008-5406 (Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes ...)
	NOT-FOR-US: Apple QuickTime Player and iTunes
CVE-2008-5405 (Stack-based buffer overflow in the RDP protocol password decoder in ...)
	NOT-FOR-US: Cain & Abel
CVE-2008-5404 (Insecure method vulnerability in the FlexCell.Grid ActiveX control in ...)
	NOT-FOR-US: FlexCell
CVE-2008-5403 (Heap-based buffer overflow in the XML parser in the AIM plugin in ...)
	NOT-FOR-US: Trillian
CVE-2008-5402 (Double free vulnerability in the XML parser in Trillian before ...)
	NOT-FOR-US: Trillian
CVE-2008-5401 (Stack-based buffer overflow in the image tooltip implementation in ...)
	NOT-FOR-US: Trillian
CVE-2008-5400 (Multiple cross-site request forgery (CSRF) vulnerabilities in mvnForum ...)
	NOT-FOR-US: mvnForum
CVE-2008-5399 (Cross-site scripting (XSS) vulnerability in the listonlineusers (aka ...)
	NOT-FOR-US: mvnForum
CVE-2008-5398 (Tor before 0.2.0.32 does not properly process the ...)
	- tor 0.2.0.32-1
CVE-2008-5397 (Tor before 0.2.0.32 does not properly process the (1) User and (2) ...)
	- tor 0.2.0.32-1 (bug #505178)
CVE-2008-5396 (Array index error in the (1) torisa.c and (2) dahdi/tor2.c drivers in ...)
	{DSA-1699-1}
	- zaptel 1:1.4.11~dfsg-3
CVE-2008-5395 (The parisc_show_stack function in arch/parisc/kernel/traps.c in the ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-13
	- linux-2.6.24 <removed>
CVE-2008-5393 (UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes ...)
	NOT-FOR-US: Ubuntu Privacy Remix
CVE-2008-5392
	REJECTED
CVE-2008-5391
	REJECTED
CVE-2008-5390
	REJECTED
CVE-2008-5389
	REJECTED
CVE-2008-5388
	REJECTED
CVE-2008-5387 (Buffer overflow in autoconf6 in IBM AIX 6.1.0 through 6.1.2, when ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5386 (Buffer overflow in ndp in IBM AIX 6.1.0 through 6.1.2, when the netcd ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5385 (enq in bos.rte.printers in IBM AIX 6.1.0 through 6.1.2, when a print ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5384 (crontab in bos.rte.cron in IBM AIX 6.1.0 through 6.1.2 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2008-5383 (Stack-based buffer overflow in National Instruments Electronics ...)
	NOT-FOR-US: National Instruments Electronics Workbench
CVE-2008-5382 (Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE ...)
	NOT-FOR-US: I-O firmware
CVE-2008-5381 (Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) ...)
	NOT-FOR-US: ffdshow
CVE-2008-5380 (gpsdrive (aka gpsdrive-scripts) 2.09 allows local users to overwrite ...)
	- gpsdrive 2.10~pre4-6.dfsg-2 (low; bug #508595)
	[etch] - gpsdrive <no-dsa> (Minor issue)
	[lenny] - gpsdrive 2.10~pre4-6.dfsg-1+lenny1
CVE-2008-5379 (netdisco-mibs-installer 1.0 allows local users to overwrite arbitrary ...)
	- netdisco-mibs-installer 1.4 (low; bug #508940)
	[lenny] - netdisco-mibs-installer <no-dsa> (Contrib not supported)
CVE-2008-5378 (arb-kill in arb 0.0.20071207.1 allows local users to overwrite ...)
	- arb 0.0.20071207.1-6 (low; bug #508942)
CVE-2008-5377 (pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files ...)
	- cups 1.3.8-1lenny1 (low)
	- cupsys <removed>
	[etch] - cupsys <no-dsa> (Example script)
CVE-2008-5376 (editcomment in crip 3.7 allows local users to overwrite arbitrary ...)
	- crip 3.7-5 (low; bug #509275)
	[etch] - crip 3.7-3+etch1
CVE-2008-5375 (cmus-status-display in cmus 2.2.0 allows local users to overwrite ...)
	- cmus 2.2.0-1.1 (unimportant; bug #509277)
	NOTE: Just an example script
CVE-2008-5374 (bash-doc 3.2 allows local users to overwrite arbitrary files via a ...)
	- bash 4.0-2 (unimportant; bug #509279)
	NOTE: scripts are examples
CVE-2008-5373 (mtx-changer.Adic-Scalar-24 in bacula-common 2.4.2 allows local users ...)
	- bacula 2.4.0-1 (unimportant; bug #509301)
	NOTE: script is an example
CVE-2008-5372 (sdm-login in sdm-terminal 0.4.0b allows local users to overwrite ...)
	- sdm 0.4.1-1 (unimportant; bug #509331)
	NOTE: Not really a bug since only "touch" is used on the temp file
CVE-2008-5371 (screenie in screenie 1.30.0 allows local users to overwrite arbitrary ...)
	- screenie 1.30.0-5.1 (low; bug #509332)
CVE-2008-5370 (pvpgn-support-installer in pvpgn 1.8.1 allows local users to overwrite ...)
	- pvpgn 1.8.1-2 (low; bug #509336)
	[etch] - pvpgn <no-dsa> (Contrib not supported)
CVE-2008-5369 (noip2 in noip2 2.1.7 allows local users to overwrite arbitrary files ...)
	- no-ip 2.1.9-1 (unimportant; bug #509348)
	NOTE: original issue doesn't seem to be present, however there is a tmprace in the init
	NOTE: script if it is used to debug with strace and a missing check for mkstemp failing
	NOTE: but these situations are really corner cases
CVE-2008-5368 (muttprint in muttprint 0.72d allows local users to overwrite arbitrary ...)
	- muttprint 0.72d-10 (low; bug #509487)
	[etch] - muttprint 0.72d-8etch1
CVE-2008-5367 (ip-up in ppp-udeb 2.4.4rel on Debian GNU/Linux allows local users to ...)
	- ppp <unfixed> (unimportant)
	NOTE: insecure temp file handling in udeb is not an issue, since it is during the installation
CVE-2008-5366 (The postinst script in ppp 2.4.4rel on Debian GNU/Linux allows local ...)
	- ppp <unfixed> (unimportant; bug #509488)
	NOTE: Package postinst isn't vulnerable, only .tmp files in /etc
CVE-2008-5365 (SQL injection vulnerability in VoteHistory.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: ActiveWebSoftwares
CVE-2008-5364 (Stack-based buffer overflow in the getPlus ActiveX control in gp.ocx ...)
	NOT-FOR-US: getPlus
CVE-2008-5363 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5362 (The DefineConstantPool action in the ActionScript 2 virtual machine in ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5361 (The ActionScript 2 virtual machine in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-5617 (The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does ...)
	- rsyslog 3.18.6-1 (bug #508027)
CVE-2008-5624 (PHP 5 before 5.2.7 does not properly initialize the page_uid and ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-1 (medium; bug #508021)
	- php4 <removed> (medium; bug #559787)
CVE-2008-5660 (Format string vulnerability in the vinagre_utils_show_error function ...)
	- vinagre 0.5.1-2
CVE-2008-5360 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 1.5.0-17-0.1 (low; bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (low; bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5359 (Buffer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5358 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5357 (Integer overflow in Java Runtime Environment (JRE) for Sun JDK and JRE ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5356 (Heap-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (uses system's freetype library)
CVE-2008-5355 (The &quot;Java Update&quot; feature for Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 <not-affected> (Java update not used in Debian)
	- sun-java6 <not-affected> (Java update not used in Debian)
	- openjdk-6 <not-affected> (Java update not used in Debian)
CVE-2008-5354 (Stack-based buffer overflow in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5353 (The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5352 (Integer overflow in the JAR unpacking utility (unpack200) in the ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5351 (Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5350 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5349 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5348 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5347 (Multiple unspecified vulnerabilities in Java Runtime Environment (JRE) ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 6b11-9.1 (bug #510972)
CVE-2008-5346 (Unspecified vulnerability in Java Runtime Environment (JRE) for Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
CVE-2008-5345 (Unspecified vulnerability in Java Runtime Environment (JRE) with Sun ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (bug in plugin code)
	NOTE: For OpenJDK, see: http://mail.openjdk.java.net/pipermail/core-libs-dev/2009-June/001784.html
CVE-2008-5344 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5343 (Java Web Start (JWS) and Java Plug-in with Sun JDK and JRE 6 Update 10 ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5342 (Unspecified vulnerability in the BasicService for Java Web Start (JWS) ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5341 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5340 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5339 (Unspecified vulnerability in Java Web Start (JWS) and Java Plug-in ...)
	- sun-java5 1.5.0-17-0.1 (bug #508194)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 1.5.0-22-0lenny1
	- sun-java6 6-12-1 (bug #508195)
	[lenny] - sun-java6 6-20-0lenny1
	- openjdk-6 <not-affected> (browser plugin is different code base)
CVE-2008-5338 (Cross-site scripting (XSS) vulnerability in info.php in Bandwebsite ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5337 (SQL injection vulnerability in lyrics.php in Bandwebsite (aka Bandsite ...)
	NOT-FOR-US: Bandwebsite
CVE-2008-5336 (SQL injection vulnerability in index.php in WebStudio CMS allows ...)
	NOT-FOR-US: WebStudio CMS
CVE-2008-5335 (SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5334 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: NitroTech
CVE-2008-5333 (SQL injection vulnerability in members.php in NitroTech 0.0.3a allows ...)
	NOT-FOR-US: NitroTech
CVE-2008-5332 (Multiple PHP remote file inclusion vulnerabilities in Pie 0.5.3 allow ...)
	NOT-FOR-US: Pie Web M{a,e}sher
CVE-2008-5331 (Adobe Acrobat 9 uses more efficient encryption than previous versions, ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-5330 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: ClearCase RWP IBM
CVE-2008-5329 (ClearQuest Web in IBM Rational ClearQuest MultiSite before 7.1 allows ...)
	NOT-FOR-US: IBM
CVE-2008-5328 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest before 7 ...)
	NOT-FOR-US: IBM
CVE-2008-5327 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7 before ...)
	NOT-FOR-US: IBM
CVE-2008-5326 (The ClearQuest Maintenance Tool in IBM Rational ClearQuest 7.0.0 ...)
	NOT-FOR-US: IBM
CVE-2008-5325 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM ...)
	NOT-FOR-US: IBM
CVE-2008-5324 (Multiple cross-site scripting (XSS) vulnerabilities in CQ Web in IBM ...)
	NOT-FOR-US: IBM
CVE-2007-6719 (SQL injection vulnerability in Wiz-Ad 1.3 allows remote attackers to ...)
	NOT-FOR-US: Wiz-Ad
CVE-2008-5658 (Directory traversal vulnerability in the ZipArchive::extractTo ...)
	{DSA-1789-1 DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507857)
	- php4 <removed>
CVE-2008-5323 (Cross-site scripting (XSS) vulnerability in index.php in Wysi Wiki Wyg ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5322 (Wysi Wiki Wyg 1.0 allows remote attackers to obtain system information ...)
	NOT-FOR-US: Wysi Wiki Wyg
CVE-2008-5321 (SQL injection vulnerability in index.php in GesGaleri, a module for ...)
	NOT-FOR-US: XOOPS module
CVE-2008-5320 (SQL injection vulnerability in usersettings.php in e107 0.7.13 and ...)
	NOT-FOR-US: e107
CVE-2008-5319 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact ...)
	- tikiwiki <removed>
CVE-2008-5318 (Unspecified vulnerability in Tikiwiki before 2.2 has unknown impact ...)
	- tikiwiki <removed>
CVE-2008-5317 (Integer signedness error in the cmsAllocGamma function in ...)
	{DSA-1684-1}
	- lcms 1.17-1
	- openjdk-6 6b16-1 (medium; bug #542210)
CVE-2008-5316 (Buffer overflow in the ReadEmbeddedTextTag function in src/cmsio1.c in ...)
	{DSA-1684-1}
	- lcms 1.16-1
CVE-2008-5315 (Directory traversal vulnerability in the web interface in Apple iPhone ...)
	NOT-FOR-US: Apple iPhone Configuration Web Utility
CVE-2008-XXXX [Insecure tmpdir creation]
	[lenny] - devscripts 2.10.35lenny1 (low)
	- devscripts 2.10.42 (low; bug #507482)
	[etch] - devscripts 2.9.26etch2
CVE-2008-XXXX [Insecure tempfile creation]
	- devscripts 2.10.42 (low; bug #508111)
	[etch] - devscripts <not-affected> (vulnerable code not present)
	[lenny] - devscripts 2.10.35lenny1 (low)
CVE-2008-5314 (Stack consumption vulnerability in libclamav/special.c in ClamAV ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.2-1 (medium; bug #507624)
CVE-2008-5311 (SQL injection vulnerability in image.php in NetArt Media Blog System ...)
	NOT-FOR-US: NetArt Media Blog System
CVE-2008-5310 (SQL injection vulnerability in image.php in NetArt Media Car Portal ...)
	NOT-FOR-US: NetArt Media Car Portal
CVE-2008-5309 (SQL injection vulnerability in NetArt Media Real Estate Portal 1.2 ...)
	NOT-FOR-US: NetArt Media Real Estate Portal
CVE-2008-5308 (The Simple Forum 3.1d module for LoveCMS 1.6.2 Final does not properly ...)
	NOT-FOR-US: LoveCMS
CVE-2008-5307 (SQL injection vulnerability in admin/index.php in PG Roommate Finder ...)
	NOT-FOR-US: PG Roommate Finder Solution
CVE-2008-5306 (SQL injection vulnerability in admin/index.php in PG Real Estate ...)
	NOT-FOR-US: PG Real Estate Solution
CVE-2008-5305 (Eval injection vulnerability in TWiki before 4.2.4 allows remote ...)
	- twiki <removed> (medium; bug #508257)
CVE-2008-5304 (Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows ...)
	- twiki <removed> (low; bug #508256)
CVE-2008-5303 (Race condition in the rmtree function in File::Path 1.08 ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5302 (Race condition in the rmtree function in File::Path 1.08 and 2.07 ...)
	{DSA-1678-1}
	- perl 5.10.0-18
CVE-2008-5301 (Directory traversal vulnerability in the ManageSieve implementation in ...)
	- dovecot 1:1.0.15-2.3 (bug #506031)
CVE-2008-5300 (Linux kernel 2.6.28 allows local users to cause a denial of service ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5296 (Gallery 1.5.x before 1.5.10 and 1.6 before 1.6-RC3, when ...)
	- gallery 1.5.9-1.2 (low; bug #506824)
	[etch] - gallery <not-affected> (vulnerable code introduced in 1.5.8-svn-b34)
CVE-2008-5295 (SQL injection vulnerability in index.php in Jamit Job Board 3.4.10 ...)
	NOT-FOR-US: Jamit Job Board
CVE-2008-5294 (SQL injection vulnerability in index.php in WebStudio eCatalogue ...)
	NOT-FOR-US: WebStudio eCatalogue
CVE-2008-5293 (SQL injection vulnerability in index.php in WebStudio eHotel allows ...)
	NOT-FOR-US: WebStudio eHotel
CVE-2008-5292 (SQL injection vulnerability in view_snaps.php in VideoGirls BiZ allows ...)
	NOT-FOR-US: VideoGirls
CVE-2008-5291 (Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 ...)
	NOT-FOR-US: FuzzyLime
CVE-2008-5290 (Cross-site scripting (XSS) vulnerability in full_txt.php in Werner ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5289 (SQL injection vulnerability in full_txt.php in Werner Hilversum Clean ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5288 (PHP remote file inclusion vulnerability in include/header.php in ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5287 (SQL injection vulnerability in catagorie.php in Werner Hilversum FAQ ...)
	NOT-FOR-US: Werner Hilversum Clean CMS
CVE-2008-5284 (The web server in IEA Software RadiusNT and RadiusX 5.1.38 and other ...)
	NOT-FOR-US: IEA Software RadiusNT and RadiusX
CVE-2008-5283 (Google Hack Honeypot (GHH) File Upload Manager 1.3 allows remote ...)
	NOT-FOR-US: File Upload Manager
CVE-2008-5282 (Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 ...)
	NOTE: neither in Etch nor Lenny, removal has been proposed
	- amaya <removed> (bug #507587)
CVE-2008-5281 (Heap-based buffer overflow in Titan FTP Server 6.05 build 550 allows ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-5280 (The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5279 (The Local ZIM Server (zcs.exe) in Zilab Chat and Instant Messaging ...)
	NOT-FOR-US: Zilab Chat and Instant Messaging
CVE-2008-5277 (PowerDNS before 2.9.21.2 allows remote attackers to cause a denial of ...)
	- pdns 2.9.21.2-1 (low)
	[etch] - pdns <not-affected> (old version of HINFO parser)
CVE-2008-5275 (Multiple directory traversal vulnerabilities in the (a) &quot;Unzip ...)
	NOT-FOR-US: net2ftp
CVE-2008-5274 (Todd Woolums ASP News Management 2.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5273 (SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-5272 (Multiple directory traversal vulnerabilities in Fred Stuurman ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5271 (Cross-site scripting (XSS) vulnerability in index.php in Fred Stuurman ...)
	NOT-FOR-US: SyndeoCMS
CVE-2008-5270 (SQL injection vulnerability in view.topics.php in Yuhhu Superstar 2008 ...)
	NOT-FOR-US: Yuhhu Superstar
CVE-2008-5269 (SQL injection vulnerability in index.php in pSys 0.7.0 alpha allows ...)
	NOT-FOR-US: pSys
CVE-2008-5268 (SQL injection vulnerability in content/forums/reply.asp in ASPPortal ...)
	NOT-FOR-US: ASPPortal
CVE-2008-5267 (SQL injection vulnerability in answer.php in Experts 1.0.0, when ...)
	NOT-FOR-US: Experts
CVE-2008-5266 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-5265 (Directory traversal vulnerability in index.php in TNT Forum 0.9.4, ...)
	NOT-FOR-US: TNT Forum
CVE-2008-5264 (Cross-site scripting (XSS) vulnerability in searcher.exe in Tornado ...)
	NOT-FOR-US: Tornado Knowledge Retrieval System
CVE-2008-5263 (Multiple stack-based buffer overflows in the mt_codec::getHdrHead ...)
	NOT-FOR-US: ksquirrel
CVE-2008-5262 (Multiple stack-based buffer overflows in the iGetHdrHeader function in ...)
	{DSA-1717-1 DTSA-184-1}
	- devil 1.7.5-4 (low; bug #511844; bug #512122)
	NOTE: fix for 1.7.5-3 incomplete, see #512122
CVE-2008-5261
	RESERVED
CVE-2008-5260 (Heap-based buffer overflow in the CamImage.CamImage.1 ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2008-5259 (Integer signedness error in DivX Web Player 1.4.2.7, and possibly ...)
	NOT-FOR-US: DivX Web Player
CVE-2008-5258
	RESERVED
CVE-2008-5257 (webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for ...)
	NOT-FOR-US: WebSEAL
CVE-2008-5255
	RESERVED
CVE-2008-5254
	RESERVED
CVE-2008-5253
	RESERVED
CVE-2008-5252 (Cross-site request forgery (CSRF) vulnerability in the Special:Import ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508870)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5251
	RESERVED
CVE-2008-5250 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.6.11, ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508869)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5249 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.0 through ...)
	{DSA-1901-1 DTSA-186-1}
	- mediawiki 1:1.13.3-1 (bug #508868)
	- mediawiki1.7 <removed>
	[etch] - mediawiki <not-affected> (metapackage)
CVE-2008-5276 (Integer overflow in the ReadRealIndex function in real.c in the Real ...)
	- vlc 0.9.8a-1 (low)
	[etch] - vlc <not-affected> (vulnerable code not present)
	[lenny] - vlc <not-affected> (vulnerable code not present)
CVE-2008-7068 (The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent ...)
	{DTSA-188-1}
	- php5 5.2.6.dfsg.1-3 (bug #507101)
	[lenny] - php5 5.2.6.dfsg.1-1+lenny2
	- php4 <removed>
	NOTE: if a user has write access to a file he simply can use fopen()
CVE-2008-5278 (Cross-site scripting (XSS) vulnerability in the self_link function in ...)
	- wordpress 2.5.1-11 (low; bug #507193)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: introduced in 2.5
CVE-2008-5286 (Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 ...)
	{DSA-1677-1}
	- cups 1.3.8-1lenny4 (bug #507183; medium)
CVE-2008-XXXX [geda-gnetlist: sch2eaglepos.sh has insecure temp file handling ]
	- geda-gnetlist 1:1.4.0-3 (bug #506625; unimportant)
	NOTE: sch2eaglepos.sh only used as example script
CVE-2008-5248 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5247 (The real_parse_audio_specific_data function in demux_real.c in ...)
	- xine-lib <unfixed> (unimportant; bug #508715)
	NOTE: a devide by 0 because of a crafted media file is hardly a security issue,
	NOTE: the integer overflows covered by the ocert advisory in the same code snippet
	NOTE: got an own identifier
CVE-2008-5246 (Multiple heap-based buffer overflows in xine-lib before 1.1.15 allow ...)
	- xine-lib 1.1.14-3 (low; bug #507184; bug #498243)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5245 (xine-lib before 1.1.15 performs V4L video frame preallocation before ...)
	- xine-lib 1.1.14-3 (low)
	[etch] - xine-lib <not-affected> (The version from Etch doesn't yet perform pre-allocation)
CVE-2008-5244 (Unspecified vulnerability in xine-lib before 1.1.15 has unknown impact ...)
	- xine-lib 1.1.14-3 (unimportant)
	- faad2 2.6.1-1 (unimportant)
	- mplayer 1.0~rc2-20 (unimportant; bug #407010)
	NOTE: overlaps with CVE-2008-4610, same aac issue
	NOTE: just a crasher, no security implications known so far
CVE-2008-5243 (The real_parse_headers function in demux_real.c in xine-lib 1.1.12, ...)
	- xine-lib 1.1.16-1 (bug #508716)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
	NOTE: these are just invalid reads that result in segfaults, denial of service doesnt
	NOTE: apply here as xine reading a file is no service -> application bug
CVE-2008-5242 (demux_qt.c in xine-lib 1.1.12, and other 1.1.15 and earlier versions, ...)
	- xine-lib 1.1.16-1 (medium; bug #507165; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5241 (Integer underflow in demux_qt.c in xine-lib 1.1.12, and other 1.1.15 ...)
	- xine-lib 1.1.16-1 (low; bug #509008)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5240 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, relies on an ...)
	- xine-lib 1.1.16-2 (low; bug #509352)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5239 (xine-lib 1.1.12, and other 1.1.15 and earlier versions, does not ...)
	- xine-lib 1.1.16-2 (medium; bug #509353)
	[lenny] - xine-lib 1.1.14-5
	[squeeze] - xine-lib 1.1.14-5
CVE-2008-5238 (Integer overflow in the real_parse_mdpr function in demux_real.c in ...)
	- xine-lib 1.1.14-3 (low)
	NOTE: code execution shouldn't work here as if 0xff will be extended to 0xffffffff
	NOTE: memcpy fails for copying from the complete addressable address space long before any code is executed
	NOTE: the malloc check for type_specific_data is missing, minor issue filed as #508065
CVE-2008-5237 (Multiple integer overflows in xine-lib 1.1.12, and other 1.1.15 and ...)
	- xine-lib 1.1.16-1 (bug #509265; low)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5236 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
	- xine-lib 1.1.16-1 (bug #509521)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5235 (Heap-based buffer overflow in the demux_real_send_chunk function in ...)
	- xine-lib 1.1.14-3
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5234 (Multiple heap-based buffer overflows in xine-lib 1.1.12, and other ...)
	- xine-lib 1.1.16-1 (medium; bug #508313; bug #498243)
	[lenny] - xine-lib 1.1.14-4
	[squeeze] - xine-lib 1.1.14-4
CVE-2008-5233 (xine-lib 1.1.12, and other versions before 1.1.15, does not check for ...)
	- xine-lib 1.1.14-3 (low)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2008-5232 (Buffer overflow in the CallHTMLHelp method in the Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows Media Services
CVE-2008-5231 (Stack-based buffer overflow in the ExecuteRequest method in the Novell ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-5230 (The Temporal Key Integrity Protocol (TKIP) implementation in ...)
	NOT-FOR-US: WPA weakness
CVE-2008-5229 (Stack-based buffer overflow in Microsoft Device IO Control in ...)
	NOT-FOR-US: Microsoft Device IO Control
CVE-2008-5228 (Cross-site scripting (XSS) vulnerability in IBM Workplace Content ...)
	NOT-FOR-US: IBM Workplace Content Management
CVE-2008-5227 (Unspecified vulnerability in PHPCow allows remote attackers to execute ...)
	NOT-FOR-US: PHPCow
CVE-2008-5226 (SQL injection vulnerability in the MambAds (com_mambads) component 1.0 ...)
	NOT-FOR-US: com_mambads component for Mambo
CVE-2008-5225 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox DocuShare ...)
	NOT-FOR-US: Xerox DocuShare
CVE-2008-5224 (Cross-site scripting (XSS) vulnerability in Kent Web Mart 1.61 and ...)
	NOT-FOR-US: Kent Web Mart
CVE-2008-5223 (SQL injection vulnerability in index.php in Airvae Commerce 3.0 allows ...)
	NOT-FOR-US: Airvae Commerce
CVE-2008-5222 (SQL injection vulnerability in login.asp in Dvbbs 8.2.0 allows remote ...)
	NOT-FOR-US: Dvbbs
CVE-2008-5221 (The account_save action in admin/userinfo.php in wPortfolio 0.3 and ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5220 (Unrestricted file upload vulnerability in admin/upload_form.php in ...)
	NOT-FOR-US: wPortfolio
CVE-2008-5219 (The password change feature (admin/cp.php) in VideoScript 4.0.1.50 and ...)
	NOT-FOR-US: VideoScript
CVE-2008-5218 (ScriptsEz FREEze Greetings 1.0 stores pwd.txt under the web root with ...)
	NOT-FOR-US: ScriptsEz FREEze Greetings
CVE-2008-5217 (Directory traversal vulnerability in index.php in txtCMS 0.3, when ...)
	NOT-FOR-US: textCMS
CVE-2008-5216 (SQL injection vulnerability in category_list.php in AJ Square ZeusCart ...)
	NOT-FOR-US: AJ Square ZeusCart
CVE-2008-5215 (SQL injection vulnerability in service/profil.php in ClanLite ...)
	NOT-FOR-US: ClanLite
CVE-2008-5214 (Cross-site scripting (XSS) vulnerability in service/calendrier.php in ...)
	NOT-FOR-US: ClanLite
CVE-2008-5213 (SQL injection vulnerability in featured_article.php in AJ Article 1.0 ...)
	NOT-FOR-US: AJ Article
CVE-2008-5212 (SQL injection vulnerability in classifide_ad.php in AJ Auction 6.2.1 ...)
	NOT-FOR-US: AJ Auction
CVE-2008-5211 (Cross-site scripting (XSS) vulnerability in search.php in Sphider ...)
	NOT-FOR-US: Sphider
CVE-2008-5210 (Multiple PHP remote file inclusion vulnerabilities in PhpBlock A8.5 ...)
	NOT-FOR-US: PhpBlock
CVE-2008-5209 (Directory traversal vulnerability in modules/download/get_file.php in ...)
	NOT-FOR-US: Admidio
CVE-2008-5208 (SQL injection vulnerability in sub_votepic.php in the Datsogallery ...)
	NOT-FOR-US: Datsogallery joomla module
CVE-2008-5207 (Multiple directory traversal vulnerabilities in Jonascms 1.2 allow ...)
	NOT-FOR-US: Jonascms
CVE-2008-5206 (PHP remote file inclusion vulnerability in modules/mod_mainmenu.php in ...)
	NOT-FOR-US: MosXML
CVE-2008-5205 (Cross-site scripting (XSS) vulnerability in edit.php in wellyblog ...)
	NOT-FOR-US: wellyblog
CVE-2008-5204 (Multiple directory traversal vulnerabilities in PowerAward 1.1.0 RC1, ...)
	NOT-FOR-US: PowerAward
CVE-2008-5203 (Cross-site scripting (XSS) vulnerability in external_vote.php in ...)
	NOT-FOR-US: PowerAward
CVE-2008-5202 (Cross-site scripting (XSS) vulnerability in index.php in OTManager CMS ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5201 (Directory traversal vulnerability in index.php in OTManager CMS 24a ...)
	NOT-FOR-US: OTManager CMS
CVE-2008-5200 (SQL injection vulnerability in the Xe webtv (com_xewebtv) component ...)
	NOT-FOR-US: Xe webtv
CVE-2008-5199 (PHP remote file inclusion vulnerability in include.php in ...)
	NOT-FOR-US: PHPOutsourcing IdeaBox
CVE-2008-5198 (SQL injection vulnerability in memberlist.php in Acmlmboard 1.A2 ...)
	NOT-FOR-US: Acmlmboard
CVE-2008-5197 (SQL injection vulnerability in classifieds.php in PHP-Fusion allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-5196 (SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 ...)
	NOT-FOR-US: Kroax
CVE-2008-5195 (Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow ...)
	NOT-FOR-US: SebracCMS
CVE-2008-5194 (SQL injection vulnerability in checkavail.php in SoftVisions Software ...)
	NOT-FOR-US: SoftVisions Software Online Booking Manager
CVE-2008-5193 (Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5192 (SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-5191 (Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote ...)
	NOT-FOR-US: SePortal
CVE-2008-5190 (SQL injection vulnerability in index.php in eSHOP100 allows remote ...)
	NOT-FOR-US: eSHOP100
CVE-2008-5285 (Wireshark 1.0.4 and earlier allows remote attackers to cause a denial ...)
	[lenny] - wireshark 1.0.2-3+lenny3
	- wireshark 1.0.5-1 (low; bug #506741)
CVE-2008-5394 (/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other ...)
	{DSA-1709-1}
	- shadow 1:4.1.1-6 (bug #505271)
CVE-2008-5706 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
	- verlihub <removed> (low; bug #506530)
CVE-2008-5705 (The cTrigger::DoIt function in src/ctrigger.cpp in the trigger ...)
	- verlihub <removed> (low; bug #506530)
CVE-2008-5189 (CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows ...)
	- rails 2.1.0-6 (low)
CVE-2008-5188 (The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and ...)
	- ecryptfs-utils 66-1 (low)
	[lenny] - ecryptfs-utils <no-dsa> (Minor issue)
CVE-2008-5184 (The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the ...)
	- cups 1.3.8-1
	[etch] - cupsys <not-affected> (cupsys doesn't crash, code base changed, guest username not submitted)
CVE-2008-5182 (The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5181 (Microsoft Communicator allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5180 (Microsoft Communicator, and Communicator in Microsoft Office 2010 ...)
	NOT-FOR-US: Microsoft Communicator
CVE-2008-5179 (Unspecified vulnerability in Microsoft Office Communications Server ...)
	NOT-FOR-US: Microsoft Office Communications Server
CVE-2008-5178 (Heap-based buffer overflow in Opera 9.62 on Windows allows remote ...)
	NOT-FOR-US: Opera on Windows
CVE-2008-5177 (Stack-based buffer overflow in the DtbClsLogin function in Yosemite ...)
	NOT-FOR-US: Yosemite Backup
CVE-2008-5176 (Multiple buffer overflows in Client Software WinCom LPD Total ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5187 (The load function in the XPM loader for imlib2 1.4.2, and possibly ...)
	{DSA-1672-1}
	- imlib2 1.4.0-1.2 (bug #505714)
CVE-2008-5625 (PHP 5 before 5.2.7 does not enforce the error_log safe_mode ...)
	- php5 <removed> (unimportant)
	NOTE: http://securityreason.com/achievement_securityalert/57
CVE-2008-5312 (mailscanner 4.55.10 and other versions before 4.74.16-1 might allow ...)
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5313
CVE-2008-5313 (mailscanner 4.68.8 and other versions before 4.74.16-1 might allow ...)
	- mailscanner 4.74.16-1 (bug #506353)
	[etch] - mailscanner <no-dsa> (Minor issue)
	NOTE: there is no difference apart from the versions to CVE-2008-5312
CVE-2008-5175 (Directory traversal vulnerability in the FTP client in AceFTP Freeware ...)
	NOT-FOR-US: AceFTP
CVE-2008-5174 (SQL injection vulnerability in joke.php in Jokes Complete Website ...)
	NOT-FOR-US: Jokes Complete Website
CVE-2008-5173 (Unspecified vulnerability in testMaker before 3.0p16 allows remote ...)
	NOT-FOR-US: testMaker
CVE-2008-5172 (Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum ...)
	NOT-FOR-US: Yazd Forum Software
CVE-2008-5171 (Multiple directory traversal vulnerabilities in admin/minibb/index.php ...)
	NOT-FOR-US: phpBLASTER CMS
CVE-2008-5170 (SQL injection vulnerability in item.php in Cheats Complete Website ...)
	NOT-FOR-US: Cheats Complete Website
CVE-2008-5169 (SQL injection vulnerability in drinks/drink.php in Drinks Complete ...)
	NOT-FOR-US: Drinks Complete Website
CVE-2008-5168 (SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 ...)
	NOT-FOR-US: Tips Complete Website
CVE-2008-5167 (PHP remote file inclusion vulnerability in layout/default/params.php ...)
	NOT-FOR-US: Orca Interactive Forum Script
CVE-2008-5166 (SQL injection vulnerability in riddle.php in Riddles Website 1.2.1 ...)
	NOT-FOR-US: Riddles Website
CVE-2008-5165 (Multiple SQL injection vulnerabilities in eTicket 1.5.7 allow remote ...)
	NOT-FOR-US: eTicket
CVE-2008-5164 (Multiple cross-site scripting (XSS) vulnerabilities in The Rat CMS ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5163 (Multiple SQL injection vulnerabilities in The Rat CMS Pre-Alpha 2 ...)
	NOT-FOR-US: The Rat CMS
CVE-2008-5162 (The arc4random function in the kernel in FreeBSD 6.3 through 7.1 does ...)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 7.1-1
	[lenny] - kfreebsd-7 7.0-7lenny1
CVE-2008-5161 (Error handling in the SSH protocol in (1) SSH Tectia Client and Server ...)
	- openssh 1:5.1p1-5 (low; bug #506115)
	[etch] - openssh <no-dsa> (Minor issue, see http://www.openssh.org/txt/cbc.adv)
CVE-2008-5185 (The highlighting functionality in geshi.php in GeSHi before 1.0.8 ...)
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (medium)
CVE-2008-5160 (Unspecified vulnerability in MyServer 0.8.11 allows remote attackers ...)
	- msp-webserver <removed> (bug #506268)
CVE-2008-5159 (Integer overflow in the remote administration protocol processing in ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5158 (Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote ...)
	NOT-FOR-US: WinCom LPD
CVE-2008-5157 (tau 2.16.4 allows local users to overwrite arbitrary files via a ...)
	- tau 2.16.4-1.3 (bug #506348)
	[etch] - tau <no-dsa> (Minor issue)
CVE-2008-5156 (si_mkbootserver in systemimager-server 3.6.3 allows local users to ...)
	- systemimager <removed> (bug #506269)
	[etch] - systemimager <no-dsa> (Minor issue)
CVE-2008-5155 (mail2sms.sh in smsclient 2.0.8z allows local users to overwrite ...)
	- smsclient <unfixed> (unimportant; bug #498901)
CVE-2008-5154 (bluetooth.rc in p3nfs 5.19 allows local users to overwrite arbitrary ...)
	- p3nfs 5.19-1.2 (low; bug #506270)
	[etch] - p3nfs <no-dsa> (Minor issue)
CVE-2008-5153 (spell-check-logic.cgi in Moodle 1.8.2 allows local users to overwrite ...)
	{DSA-1724-1}
	- moodle 1.8.2.2dfsg-4
	[lenny] - moodle 1.8.2.dfsg-3+lenny1
	NOTE: manual editing of file is required to run the unsafe code
CVE-2008-5152 (inmail-show in mh-book 200605 allows local users to overwrite ...)
	- mh-book <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5151 (test_parser.py in mayavi 1.5 allows local users to overwrite arbitrary ...)
	- mayavi <unfixed> (unimportant)
	NOTE: just a comment, not code
CVE-2008-5150 (sample.sh in maildirsync 1.1 allows local users to append data to ...)
	- maildirsync <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5149 (fwd_check.sh in libncbi6 6.1.20080302 allows local users to overwrite ...)
	- ncbi-tools6 6.1.20080302-4 (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5148 (sch2eaglepos.sh in geda-gnetlist 1.4.0 allows local users to overwrite ...)
	- geda-gnetlist <unfixed> (unimportant)
	NOTE: unsafe code is an example script
CVE-2008-5147 (test-pipe-to-pyodconverter.org.sh in docvert 2.4 allows local users to ...)
	- docvert 3.4-7 (unimportant)
	NOTE: unsafe code is in test script with multiple hardcoded files
CVE-2008-5146 (add-accession-numbers in ctn 3.0.6 allows local users to overwrite ...)
	- ctn <unfixed> (unimportant)
	NOTE: unsafe code is in example script
CVE-2008-5145 (ltpmenu in ltp 20060918 allows local users to overwrite arbitrary ...)
	- ltp 20060918-3 (low; bug #506272)
	[etch] - ltp <no-dsa> (Minor issue)
	NOTE: this is not the same as CVE-2008-4969
CVE-2008-5144 (nvidia-cg-toolkit-installer in nvidia-cg-toolkit 2.0.0015 allows local ...)
	- nvidia-cg-toolkit <unfixed> (unimportant)
	NOTE: -installer can be run from postinst but unsafe code is only executed when a special option is used when manually running the installer
CVE-2008-5143 (mgt-helper in multi-gnome-terminal 1.6.2 allows local users to ...)
	[etch] - multi-gnome-terminal <no-dsa> (Symlink issue not run as root)
	- multi-gnome-terminal <removed>
CVE-2008-5142 (sendbug in freebsd-sendpr 3.113+5.3 on Debian GNU/Linux allows local ...)
	- freebsd-sendpr <unfixed> (unimportant)
	NOTE: code is only executed when the script to send bug reports fails
CVE-2008-5141 (flamethrower in flamethrower 0.1.8 allows local users to overwrite ...)
	{DSA-1676-1}
	- flamethrower 0.1.8-2 (low; bug #506350)
CVE-2008-5140 (trend-autoupdate.new in mailscanner 4.55.10 and other versions before ...)
	- mailscanner 4.57.6-1 (unimportant)
	NOTE: script should only be used when the private Trend Micro antivirus is installed
CVE-2008-5139 (updatejail in jailer 0.4 allows local users to overwrite arbitrary ...)
	{DSA-1674-1}
	- jailer 0.4-10 (bug #410548; low)
CVE-2008-5138 (passwdehd in libpam-mount 0.43 allows local users to overwrite ...)
	- libpam-mount 1.2+gitaa4791f-1 (low)
	[lenny] - libpam-mount 0.44-1+lenny2
CVE-2008-5137 (tkman in tkman 2.2 allows local users to overwrite arbitrary files via ...)
	- tkman 2.2-4 (low; bug #506496)
	[etch] - tkman 2.2-2etch1
CVE-2008-5136 (tkusr in tkusr 0.82 allows local users to overwrite arbitrary files ...)
	[etch] - tkusr <no-dsa> (Minor issue)
	- tkusr <removed> (low)
CVE-2008-5135 (** DISPUTED ** ...)
	- os-prober <unfixed> (unimportant)
CVE-2008-5134 (Buffer overflow in the lbs_process_bss function in ...)
	{DSA-1681-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5133 (ipnat in IP Filter in Sun Solaris 10 and OpenSolaris before snv_96, ...)
	NOT-FOR-US: ipnat
CVE-2008-5183 (cupsd in CUPS 1.3.9 and earlier allows local users, and possibly ...)
	{DSA-2176-1}
	- cups 1.3.9-13 (low; bug #506180)
	[lenny] - cups <no-dsa> (Minor issue)
	[etch] - cupsys <not-affected> (RSS subscription code not yet present)
CVE-2008-5297 (Buffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP ...)
	{DSA-1686-1}
	- no-ip 2.1.7-11 (bug #506179)
CVE-2008-5132 (SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-5131 (Multiple SQL injection vulnerabilities in Develop It Easy News And ...)
	NOT-FOR-US: Develop It Easy News And Article System
CVE-2008-5130 (Ocean12 Calendar Manager Gold 2.04 stores sensitive information under ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5129 (Ocean12 Poll Manager Pro 1.00 stores sensitive information under the ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5128 (Ocean12 Membership Manager Pro stores sensitive information under the ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5127 (Ocean12 Contact Manager Pro 1.02 stores sensitive information under ...)
	NOT-FOR-US: Ocean12 software
CVE-2008-5126 (Cross-site scripting (XSS) vulnerability in search.php in BoutikOne ...)
	NOT-FOR-US: BoutikOne
CVE-2008-5125 (admin.php in CCleague Pro 1.2 allows remote attackers to bypass ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5124 (JSCAPE Secure FTP Applet 4.8.0 and earlier does not ask the user to ...)
	NOT-FOR-US: JSCAPE Secure FTP Applet
CVE-2008-5123 (SQL injection vulnerability in admin.php in CCleague Pro 1.2 allows ...)
	NOT-FOR-US: CCleague Pro
CVE-2008-5122 (SQL injection vulnerability in WorkArea/ContentRatingGraph.aspx in ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-5121 (dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 ...)
	NOT-FOR-US: Citrix Deterministic Network Enhancer
CVE-2008-5120 (Stack-based buffer overflow in the Process Software MultiNet finger ...)
	NOT-FOR-US: MultiNet finger service
CVE-2008-5119 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: Scripts4Profit DXShopCart
CVE-2008-5118 (Sun Java System Identity Manager 6.0 through 6.0 SP4, 7.0, and 7.1 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5117 (Open redirect vulnerability in Sun Java System Identity Manager 6.0 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5116 (Directory traversal vulnerability in idm/includes/helpServer.jsp in ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5115 (Cross-site request forgery (CSRF) vulnerability in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5114 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-5112 (The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2008-5111 (Unspecified vulnerability in the socket function in Sun Solaris 10 and ...)
	NOT-FOR-US: Solaris
CVE-2008-5109 (The default configuration of Adobe Flash Media Server (FMS) 3.0 does ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2008-5108 (Unspecified vulnerability in Adobe AIR 1.1 and earlier allows ...)
	NOT-FOR-US: Adobe AIR
CVE-2008-5107 (The installation process for Citrix Presentation Server 4.5 and ...)
	NOT-FOR-US: Citrix PS
CVE-2008-5106 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.x allows remote ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5105 (KarjaSoft Sami FTP Server 2.0.x allows remote attackers to cause a ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2008-5104 (Ubuntu 6.06 LTS, 7.10, 8.04 LTS, and 8.10, when installed as a virtual ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5103 (The (1) python-vm-builder and (2) ubuntu-vm-builder implementations in ...)
	NOT-FOR-US: VMBuilder
CVE-2008-5102 (PythonScripts in Zope 2 2.11.2 and earlier, as used in Conga and other ...)
	- zope2.10 <unfixed> (unimportant)
	NOTE: this only affects installations in which users have unrestricted access to the management
	NOTE: interface. On Debian there one admin user is added for this at installation time and
	NOTE: non-trustworthy users shouldn't have access to the interface.
	- zope3 <not-affected> (Vulnerable code not present)
CVE-2008-5100 (The strong name (SN) implementation in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-5099 (Sun Logical Domain Manager (aka LDoms Manager or ldm) 1.0 through ...)
	NOT-FOR-US: Sun Logical Domain Manager
CVE-2008-5098 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
	NOT-FOR-US: Sun Java System Messaging Serve
CVE-2008-5110 (syslog-ng does not call chdir when it calls chroot, which might allow ...)
	- syslog-ng 2.0.9-4.1 (unimportant; bug #505791)
	NOTE: no security flaw by itself, still it should be fixed
CVE-2008-5097 (SQL injection vulnerability in index.php in MyFWB 1.0 allows remote ...)
	NOT-FOR-US: MyFWB
CVE-2008-5096 (Unspecified vulnerability in the TYPO3 File List (file_list) extension ...)
	NOT-FOR-US: Typo3 third party extension "file_list"
CVE-2008-5095 (Cross-site scripting (XSS) vulnerability in the Novell User ...)
	NOT-FOR-US: Novell User Application
CVE-2008-5094 (Heap-based buffer overflow in the NDS Service in Novell eDirectory ...)
	NOT-FOR-US: eDirectory
CVE-2008-5093 (Cross-site scripting (XSS) vulnerability in the HTTP Protocol Stack ...)
	NOT-FOR-US: eDirectory
CVE-2008-5092 (Heap-based buffer overflows in Novell eDirectory HTTP protocol stack ...)
	NOT-FOR-US: eDirectory
CVE-2008-5091 (Buffer overflow in the LDAP Service in Novell eDirectory 8.7.3 before ...)
	NOT-FOR-US: eDirectory
CVE-2008-5090 (Electron Inc. Advanced Electron Forum before 1.0.7 allows remote ...)
	NOT-FOR-US: Advanced Electron Forum
CVE-2008-5089 (Multiple insecure method vulnerabilities in the ...)
	NOT-FOR-US: Data Dynamics ActiveReports ActiveX control
CVE-2008-5088 (Multiple SQL injection vulnerabilities in PHPKB Knowledge Base ...)
	NOT-FOR-US: PHPKB
CVE-2008-5087 (SQL injection vulnerability in TYPO3 Another Backend Login ...)
	NOT-FOR-US: wrg_anotherbelogin extension for typo3
CVE-2008-5086 (Multiple methods in libvirt 0.3.2 through 0.5.1 do not check if a ...)
	- libvirt 0.4.6-10
CVE-2008-5085
	RESERVED
CVE-2008-5084
	RESERVED
CVE-2008-5083
	RESERVED
	NOT-FOR-US: Red Hat JBoss Operations Network
CVE-2008-5082 (The verifyProof function in the Token Processing System (TPS) ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-5081 (The originates_from_local_legacy_unicast_socket function ...)
	{DSA-1690-1 DTSA-189-1}
	- avahi 0.6.23-3 (bug #508700; low)
CVE-2008-5080 (awstats.pl in AWStats 6.8 and earlier does not properly remove quote ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
CVE-2008-5079 (net/atm/svc.c in the ATM subsystem in the Linux kernel 2.6.27.8 and ...)
	{DSA-1787-1 DSA-1687-1}
	- linux-2.6 2.6.26-12
	- linux-2.6.24 <removed>
	NOTE: http://marc.info/?l=linux-netdev&m=122841256115780&w=2
CVE-2008-5078 (Multiple buffer overflows in the (1) recognize_eps_file function ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-5077 (OpenSSL 0.9.8i and earlier does not properly check the return value ...)
	{DSA-1701-1}
	- openssl 0.9.8g-15
CVE-2008-5075 (Multiple SQL injection vulnerabilities in E-Uploader Pro 1.0 (aka ...)
	NOT-FOR-US: E-Uploader Pro
CVE-2008-5074 (SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 ...)
	NOT-FOR-US: Freshlinks module for PHP-Fusion
CVE-2008-5073 (Heap-based buffer overflow in an ActiveX control in Novell ZENworks ...)
	NOT-FOR-US: Novell ZENworks ActiveX control
CVE-2008-5072 (vsfilter.dll in K-Lite Mega Codec Pack 3.5.7.0 allows remote attackers ...)
	NOT-FOR-US: K-Lite Mega Codec Pack
CVE-2008-5071 (Multiple eval injection vulnerabilities in itpm_estimate.php in Yoxel ...)
	NOT-FOR-US: Yoxel
CVE-2008-5070 (SQL injection vulnerability in Pro Chat Rooms 3.0.3, when ...)
	NOT-FOR-US: Pro Chat Rooms
CVE-2008-5069 (SQL injection vulnerability in go.php in Panuwat PromoteWeb MySQL, ...)
	NOT-FOR-US: Panuwat PromoteWeb MySQL
CVE-2008-5068 (Multiple cross-site scripting (XSS) vulnerabilities in Kmita Gallery ...)
	NOT-FOR-US: Kmita Gallery
CVE-2008-5067 (Cross-site scripting (XSS) vulnerability in search.php in Kmita ...)
	NOT-FOR-US: Kmita Catalogue
CVE-2008-5066 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agares Media ThemeSiteScript
CVE-2008-5065 (TlGuestBook 1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: TlGuestBook
CVE-2008-5064 (SQL injection vulnerability in liga.php in H&amp;H WebSoccer 2.80 allows ...)
	NOT-FOR-US: H&H WebSoccer
CVE-2008-5063 (PHP remote file inclusion vulnerability in Admin/ADM_Pagina.php in ...)
	NOT-FOR-US: OTManager
CVE-2008-5062 (Directory traversal vulnerability in php/cal_pdf.php in Mini Web ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5061 (Cross-site scripting (XSS) vulnerability in php/cal_default.php in ...)
	NOT-FOR-US: Mini Web Calendar
CVE-2008-5060 (Multiple PHP remote file inclusion vulnerabilities in ModernBill 4.4 ...)
	NOT-FOR-US: ModernBill
CVE-2008-5059 (Cross-site scripting (XSS) vulnerability in index.php in ModernBill ...)
	NOT-FOR-US: ModernBill
CVE-2008-5058 (SQL injection vulnerability in siteadmin/loginsucess.php in Pre Simple ...)
	NOT-FOR-US: Pre Simple CMS
CVE-2008-5057 (SQL injection vulnerability in film.asp in Yigit Aybuga Dizi Portali ...)
	NOT-FOR-US: Yigit Aybuga Dizi Portali
CVE-2008-5056 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5055 (SQL injection vulnerability in department_offline_context.php in ...)
	NOT-FOR-US: ActiveCampaign TrioLive
CVE-2008-5054 (Multiple SQL injection vulnerabilities in Develop It Easy Membership ...)
	NOT-FOR-US: Develop It Easy Membership System
CVE-2008-5053 (PHP remote file inclusion vulnerability in admin.rssreader.php in the ...)
	NOT-FOR-US: com_rssreader component for Joomla!
CVE-2008-5052 (The AppendAttributeValue function in the JavaScript engine in Mozilla ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5051 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...)
	NOT-FOR-US: joomla
CVE-2008-5049 (Buffer overflow in AKEProtect.sys 3.3.3.0 in ISecSoft Anti-Keylogger ...)
	NOT-FOR-US: ISecSoft Anti-Keylogger
CVE-2008-5048 (Buffer overflow in Atepmon.sys in ISecSoft Anti-Trojan Elite 4.2.1 and ...)
	NOT-FOR-US: ISecSoft Anti-Trojan
CVE-2008-5047 (SQL injection vulnerability in admin/index.php in Mole Group Rental ...)
	NOT-FOR-US: Mole Group Rental Script
CVE-2008-5046 (SQL injection vulnerability in index.php in Mole Group Pizza Script ...)
	NOT-FOR-US: Mole Group Pizza Script
CVE-2008-5045 (Heap-based buffer overflow in Network-Client FTP Now 2.6, and possibly ...)
	NOT-FOR-US: Network-Client FTP Now
CVE-2008-5044 (Race condition in Microsoft Windows Server 2003 and Vista allows local ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-5043 (Multiple cross-site scripting (XSS) vulnerabilities in the web-based ...)
	NOT-FOR-US: IBM Metrica Service Assurance Framework
CVE-2008-5042 (Zeeways PhotoVideoTube 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Zeeways PhotoVideoTube
CVE-2008-5041 (Sweex RO002 Router with firmware Ts03-072 has &quot;rdc123&quot; as its default ...)
	NOT-FOR-US: Sweex RO002 Router
CVE-2008-5040 (Graphiks MyForum 1.3 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-5039 (Cross-site scripting (XSS) vulnerability in the League module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-5038 (Use-after-free vulnerability in the NetWare Core Protocol (NCP) ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-5037 (SQL injection vulnerability in view.php in ElkaGroup Image Gallery 1.0 ...)
	NOT-FOR-US: ElkaGroup Image Gallery
CVE-2008-XXXX [typo3: passwords are not changeable bug in the backend]
	- typo3-src 4.2.3-1 (bug #505326)
	[etch] - typo3-src <not-affected> (Typo3 versions below 4.2.x are not affected)
CVE-2008-5919 (Directory traversal vulnerability in rss.php in WebSVN 2.0 and ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5918 (Cross-site scripting (XSS) vulnerability in the ...)
	- websvn 2.0-4 (bug #503330)
	[etch] - websvn <not-affected> (vulnerable code not present)
CVE-2008-5033 (The chip_command function in drivers/media/video/tvaudio.c in the ...)
	- linux-2.6 2.6.26-11
	- linux-2.6.24 <not-affected> (Vulnerable code not present; different ioctls3B)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present; different ioctls)
CVE-2008-5031 (Multiple integer overflows in Python 2.2.3 through 2.5.1, and 2.6, ...)
	- python2.5 2.5.2-11.1
	[etch] - python2.5 <no-dsa> (Minor issue)
	[etch] - python2.4 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #507317; bug #504620)
	NOTE: definitely fixed in 2.5.2-11.1 for lenny/unstable (svn-updates.dpatch)
	NOTE: maybe fixed earlier, doko is not able to tell the exact version atm
CVE-2008-5030 (Heap-based buffer overflow in the cddb_read_disc_data function in ...)
	{DSA-1665-1}
	- libcdaudio 0.99.12p2-7 (bug #505478)
CVE-2008-5024 (Mozilla Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5023 (Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey ...)
	{DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-5022 (The nsXMLHttpRequest::NotifyEventListeners method in Firefox 3.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5021 (nsFrameManager in Firefox 3.x before 3.0.4, Firefox 2.x before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5020
	REJECTED
CVE-2008-5019 (The session restore feature in Mozilla Firefox 3.x before 3.0.4 and ...)
	{DSA-1671-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - xulrunner <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: patch for xulrunner currently not suitable, Alexander will check this further
CVE-2008-5018 (The JavaScript engine in Mozilla Firefox 3.x before 3.0.4, Firefox 2.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5017 (Integer overflow in xpcom/io/nsEscape.cpp in the browser engine in ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5016 (The layout engine in Mozilla Firefox 3.x before 3.0.4, Thunderbird 2.x ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - iceape <not-affected> (Doesn't affect Firefox 2.x et al)
	[etch] - icedove <not-affected> (Doesn't affect Firefox 2.x et al)
CVE-2008-5015 (Mozilla Firefox 3.x before 3.0.4 assigns chrome privileges to a file: ...)
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	[etch] - iceweasel <not-affected> (Doesn't affect Firefox 2.x)
	[etch] - xulrunner <not-affected> (Doesn't affect Firefox 2.x)
CVE-2008-5014 (jslock.cpp in Mozilla Firefox 3.x before 3.0.2, Firefox 2.x before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- icedove 2.0.0.19-1
	- iceape 1.1.13-1
CVE-2008-5013 (Mozilla Firefox 2.x before 2.0.0.18 and SeaMonkey 1.x before 1.1.13 do ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
CVE-2008-5012 (Mozilla Firefox 2.x before 2.0.0.18, Thunderbird 2.x before 2.0.0.18, ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- iceape 1.1.13-1
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.19-1
CVE-2008-5010 (in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: in.dhcpd
CVE-2008-5101 (Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows ...)
	- optipng 0.6.1.1-1 (bug #505399)
	[etch] - optipng <not-affected> (Vulnerable code not present referring to upstream)
CVE-2008-5035 (The Resource Monitoring and Control (RMC) daemon in IBM Hardware ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2008-5026 (Microsoft SharePoint uses URLs with the same hostname and port number ...)
	NOT-FOR-US: Microsoft
CVE-2008-5011 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-5009 (Race condition in the s_xout kernel module in Sun Solstice X.25 9.2, ...)
	NOT-FOR-US: Sun Solstice X.25
CVE-2008-5025 (Stack-based buffer overflow in the hfs_cat_find_brec function in ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5029 (The __scm_destroy function in net/core/scm.c in the Linux kernel ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-5008 (Buffer overflow in src/src_sinc.c in Secret Rabbit Code (aka SRC or ...)
	- libsamplerate 0.1.4-1 (low)
	[etch] - libsamplerate <no-dsa> (Minor issue)
CVE-2008-5006 (smtp.c in the c-client library in University of Washington IMAP ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	- uw-imap 7:2007d~dfsg-1
CVE-2008-5005 (Multiple stack-based buffer overflows in (1) University of Washington ...)
	{DSA-1685-1 DTSA-174-1 DTSA-174-2}
	[lenny] - uw-imap 2007b~dfsg-4+lenny1
	- uw-imap 7:2007d~dfsg-1
	- alpine <not-affected> (vulnerable code present but tmail/dmail wont be installed)
CVE-2008-5004 (SQL injection vulnerability in genscode.php in myWebland Bloggie Lite ...)
	NOT-FOR-US: myWebland Bloggie Lite
CVE-2008-5003 (SQL injection vulnerability in ndetail.php in Shahrood allows remote ...)
	NOT-FOR-US: Shahrood
CVE-2008-5002 (Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ...)
	NOT-FOR-US: ActiveX
CVE-2008-5001 (Multiple stack-based buffer overflows in multiple functions in ...)
	NOT-FOR-US: UltraVNC
CVE-2008-5000 (SQL injection vulnerability in admin/includes/news.inc.php in PHPX ...)
	NOT-FOR-US: PHPX
CVE-2008-4999 (Nortel Networks UNIStim IP Phone 0604DAS allows remote attackers to ...)
	NOT-FOR-US: Nortel Networks UNIStim IP Phone
CVE-2008-4997 (** DISPUTED ** ...)
	- pilot-qof <unfixed> (unimportant; bug #496429)
CVE-2008-4996 (** DISPUTED ** ...)
	- initramfs-tools <unfixed> (unimportant; bug #496386)
CVE-2008-4992 (The SPARC hypervisor in Sun System Firmware 6.6.3 through 6.6.5 and ...)
	NOT-FOR-US: Sun System Firmware
CVE-2008-5050 (Off-by-one error in the get_unicode_name function ...)
	{DSA-1680-1}
	- clamav 0.94.dfsg.1-1 (bug #505134)
CVE-2008-4991 (SQL injection vulnerability in LOCKON CO.,LTD. EC-CUBE 2.3.0 and ...)
	NOT-FOR-US: LOCKON CO.,LTD. EC-CUBE
CVE-2008-XXXX [yzis insecure temp file]
	- yzis 1.0~alpha1-2 (bug #504680)
CVE-2008-5113 (WordPress 2.6.3 relies on the REQUEST superglobal array in certain ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-10 (bug #504771)
CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before ...)
	NOT-FOR-US: Enomalism
CVE-2008-4989 (The _gnutls_x509_verify_certificate function in lib/x509/verify.c in ...)
	{DSA-1719-1}
	- gnutls26 2.4.2-3 (bug #505360)
	- gnutls13 <removed>
CVE-2008-4963 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) ...)
	NOT-FOR-US: Cisco IOS and CatOS
CVE-2008-4962
	RESERVED
CVE-2008-4961
	RESERVED
CVE-2008-4953 (** DISPUTED ** ...)
	- firehol <unfixed> (unimportant; bug #496424)
	NOTE: attack unfeasible because of $$-${RANDOM}-${RANDOM}
CVE-2008-4950 (** DISPUTED ** gccross in dpkg-cross 2.3.0 allows local users to ...)
	- dpkg-cross <unfixed> (unimportant; bug #496413)
	NOTE: executed under a chroot when a package failed to cross-build
CVE-2008-4938 (aegis 4.24 and aegis-web 4.24 allow local users to overwrite arbitrary ...)
	- aegis 4.24-3.1 (low; bug #496400)
	[etch] - aegis <no-dsa> (Minor issue)
CVE-2008-4934 (The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4933 (Buffer overflow in the hfsplus_find_cat function in ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4932 (webmail/modules/filesystem/edit.php in U-Mail Webmail server 4.91 ...)
	NOT-FOR-US: U-Mail Webmail server
CVE-2008-XXXX [universalindentgui insecure usage of temp files]
	- universalindentgui 0.8.1-1.2 (low; bug #504726)
CVE-2008-5032 (Stack-based buffer overflow in VideoLAN VLC media player 0.5.0 through ...)
	{DSA-1819-1 DTSA-176-1}
	- vlc 0.8.6.h-5 (medium; bug #504639)
CVE-2008-5036 (Stack-based buffer overflow in VideoLAN VLC media player 0.9.x before ...)
	- vlc 1.0.3-1 (low)
	[etch] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
	[lenny] - vlc <not-affected> (Vulnerable code not present in 0.8.x)
CVE-2008-4931 (Cross-site scripting (XSS) vulnerability in the account module in ...)
	NOT-FOR-US: firmCHANNEL Digital Signage
CVE-2008-4930 (MyBB (aka MyBulletinBoard) 1.4.2 does not properly handle an uploaded ...)
	NOT-FOR-US: MyBB
CVE-2008-4929 (MyBB (aka MyBulletinBoard) 1.4.2 uses insufficient randomness to ...)
	NOT-FOR-US: MyBB
CVE-2008-4928 (Cross-site scripting (XSS) vulnerability in the redirect function in ...)
	NOT-FOR-US: MyBB
CVE-2008-4927 (Microsoft Windows Media Player (WMP) 9.0 through 11 allows ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-4926 (Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ...)
	NOT-FOR-US: MW6 Technologies PDF417 ActiveX
CVE-2008-4925 (Multiple insecure method vulnerabilities in MW6 Technologies ...)
	NOT-FOR-US: MW6 Technologies DataMatrix ActiveX
CVE-2008-4924 (Multiple insecure method vulnerabilities in MW6 Technologies 1D ...)
	NOT-FOR-US: MW6 Technologies 1D Barcode ActiveX
CVE-2008-4923 (Multiple insecure method vulnerabilities in MW6 Technologies Aztec ...)
	NOT-FOR-US: MW6 Technologies Aztec ActiveX
CVE-2008-4922 (Buffer overflow in the DjVu ActiveX Control 3.0 for Microsoft Office ...)
	NOT-FOR-US: DjVu ActiveX
CVE-2008-4921 (board/admin/reguser.php in Chipmunk CMS 1.3 allows remote attackers to ...)
	NOT-FOR-US: Chipmunk CMS
CVE-2008-4920
	REJECTED
CVE-2008-4919 (Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ...)
	NOT-FOR-US: eXPert PDF Viewer X ActiveX
CVE-2008-4918 (Cross-site scripting (XSS) vulnerability in SonicWALL SonicOS Enhanced ...)
	NOT-FOR-US: SonicOS Enhanced
CVE-2008-5027 (The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor ...)
	- nagios3 <removed> (unimportant)
	NOTE: the nagios process shouldnt have rights to execute important commands and non-trusted
	NOTE: users shouldn't have access to nagios anyway
CVE-2008-5028 (Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) ...)
	- nagios3 3.0.6-1 (low; bug #504894)
	[etch] - nagios2 <no-dsa> (CSRF can only cause DoS and needs admin's browser)
CVE-2008-4917 (Unspecified vulnerability in VMware Workstation 5.5.8 and earlier, and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4916 (Unspecified vulnerability in a guest virtual device driver in VMware ...)
	NOT-FOR-US: VMWare
CVE-2008-4915 (The CPU hardware emulation in VMware Workstation 6.0.5 and earlier and ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4914 (Unspecified vulnerability in VMware ESXi 3.5 before ...)
	NOT-FOR-US: VMware
CVE-2008-4913 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4912 (SQL injection vulnerability in popup_img.php in the fotogalerie module ...)
	NOT-FOR-US: RS MAXSOFT
CVE-2008-4911 (PHP remote file inclusion vulnerability in read.php in Chattaitaliano ...)
	NOT-FOR-US: Chattaitaliano Istant-Replay
CVE-2008-4910 (The BasicService in Sun Java Web Start allows remote attackers to ...)
	NOT-FOR-US: Sun Java Web Start
CVE-2008-4909 (Cross-site request forgery (CSRF) vulnerability in CompactCMS 1.1 and ...)
	NOT-FOR-US: CompactCMS
CVE-2008-4908 (maps/Info/combine.pl in CrossFire crossfire-maps 1.11.0 allows local ...)
	- crossfire-maps 1.11.0-2 (low; bug #496358; bug #504561)
	[etch] - crossfire-maps <no-dsa> (Minor issue)
CVE-2008-4906 (SQL injection vulnerability in lyrics_song.php in the Lyrics ...)
	NOT-FOR-US: Lyrics (lyrics_menu) plugin for e107
CVE-2008-4905 (Typo 5.1.3 and earlier uses a hard-coded salt for calculating password ...)
	- typo <itp> (bug #379399)
CVE-2008-4904 (SQL injection vulnerability in the &quot;Manage pages&quot; feature ...)
	- typo <itp> (bug #379399)
CVE-2008-4903 (Cross-site scripting (XSS) vulnerability in the leave comment ...)
	- typo <itp> (bug #379399)
CVE-2008-4902 (SQL injection vulnerability in contact_author.php in Article Publisher ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4901 (SQL injection vulnerability in admin/admin.php in Article Publisher ...)
	NOT-FOR-US: Article Publisher
CVE-2008-4900 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4899 (Cross-site request forgery (CSRF) vulnerability in Planetluc RateMe ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4898 (Cross-site scripting (XSS) vulnerability in planetluc RateMe 1.3.3 ...)
	NOT-FOR-US: Planetluc RateMe
CVE-2008-4897 (SQL injection vulnerability in fichiers/add_url.php in Logz podcast ...)
	NOT-FOR-US: Logz podcast CMS
CVE-2008-4896 (Cross-site scripting (XSS) vulnerability in fichiers/add_url.php in ...)
	NOT-FOR-US: Logz CMS
CVE-2008-4895 (SQL injection vulnerability in tr.php in YourFreeWorld Downline ...)
	NOT-FOR-US: YourFreeWorld Downline
CVE-2008-4894 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4893 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Tribiq CMS
CVE-2008-4892 (Cross-site scripting (XSS) vulnerability in gallery.inc.php in ...)
	NOT-FOR-US: Planetluc MyGallery
CVE-2008-4891 (Cross-site scripting (XSS) vulnerability in signme.inc.php in ...)
	NOT-FOR-US: SignMe
CVE-2008-4890 (SQL injection vulnerability in products.php in 1st News 4 Professional ...)
	NOT-FOR-US: 1st News 4 Professional
CVE-2008-4889 (SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) ...)
	NOT-FOR-US: deV!L'z Clanportal
CVE-2008-4888 (Cross-site scripting (XSS) vulnerability in error.php in NetRisk 2.0 ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4887 (SQL injection vulnerability in index.php in NetRisk 2.0 and earlier ...)
	NOT-FOR-US: NetRisk 2.0
CVE-2008-4886 (SQL injection vulnerability in index.php in YourFreeWorld Shopping ...)
	NOT-FOR-US: YourFreeWorld Shopping
CVE-2008-4885 (SQL injection vulnerability in tr1.php in YourFreeWorld Scrolling Text ...)
	NOT-FOR-US: YourFreeWorld Scrolling Text
CVE-2008-4884 (SQL injection vulnerability in tr.php in YourFreeWorld Classifieds ...)
	NOT-FOR-US: YourFreeWorld Classifieds
CVE-2008-4883 (SQL injection vulnerability in tr.php in YourFreeWorld Blog Blaster ...)
	NOT-FOR-US: YourFreeWorld Blog Blaster
CVE-2008-4882 (SQL injection vulnerability in tr.php in YourFreeWorld Autoresponder ...)
	NOT-FOR-US: YourFreeWorld Autoresponder
CVE-2008-4881 (SQL injection vulnerability in tr.php in YourFreeWorld Reminder ...)
	NOT-FOR-US: YourFreeWorld Reminder
CVE-2008-4880 (SQL injection vulnerability in prodshow.php in Maran PHP Shop allows ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4879 (SQL injection vulnerability in prod.php in Maran PHP Shop allows ...)
	NOT-FOR-US: Maran PHP Shop
CVE-2008-4907 (The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the ...)
	- dovecot 1:1.1.7-1 (low)
	[etch] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
	[lenny] - dovecot <not-affected> (Vulnerable code not present prior to 1.1.4)
CVE-2008-5186 (** DISPUTED ** ...)
	{DTSA-179-1}
	- geshi 1.0.8.1-1 (bug #504445)
	NOTE: its rather an application bug if the input to set_language_path is unfiltered user input
	NOTE: http://comments.gmane.org/gmane.comp.security.oss.general/1152
	- dokuwiki 0.0.20080505-3.1 (unimportant; bug #504682)
	NOTE: DokuWiki passes a static string to $path parameter
	- pgfouine 1.0-1.1 (unimportant; bug #504681)
	NOTE: pgfouine too does not override default language files path
CVE-2008-6432
	REJECTED
CVE-2008-4878 (Unrestricted file upload vulnerability in the &quot;Add Image Macro&quot; ...)
	NOT-FOR-US: WebCards
CVE-2008-4877 (SQL injection vulnerability in admin.php in WebCards 1.3, when ...)
	NOT-FOR-US: WebCards
CVE-2008-4876 (Cross-site scripting (XSS) vulnerability in the web server component ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4875 (Directory traversal vulnerability in the web server in Philips ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4874 (The web component in Philips Electronics VOIP841 DECT Phone with ...)
	NOT-FOR-US: Philips Electronics VOIP841 DECT Phone
CVE-2008-4873 (board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute ...)
	NOT-FOR-US: Sepal SPBOARD
CVE-2008-4872 (Cross-site scripting (XSS) vulnerability in bidhistory.php in ...)
	NOT-FOR-US: iTechBids Gold
CVE-2008-4871 (Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and ...)
	NOT-FOR-US: My Little Forum
CVE-2008-4870 (dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly ...)
	- dovecot <unfixed> (unimportant)
	NOTE: by default this file doesnt containt sensitive information and administrator
	NOTE: changing this should ensure on its own that the mode is secure
CVE-2008-4869 (FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers ...)
	- ffmpeg-debian 0.svn20080206-15 (unimportant; bug #504977)
	NOTE: A regular bug, but hardly a security issue
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
CVE-2008-4868 (Unspecified vulnerability in the avcodec_close function in ...)
	- ffmpeg <not-affected> (Vulnerable code not present)
	- ffmpeg-debian <not-affected> (Vulnerable code not present)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4867 (Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as ...)
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	[etch] - mplayer <not-affected> (Vulnerable code not present)
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4866 (Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 ...)
	{DSA-1782-1}
	- ffmpeg 0.svn20080206-14
	- ffmpeg-debian 0.svn20080206-14 (bug #504977)
	[etch] - ffmpeg <not-affected> (Vulnerable code not present)
	- mplayer 1.0~rc2-14
	- kino 1.0.0-1
	[etch] - kino <not-affected> (Does not ship ffmpeg)
	- gstreamer0.10-ffmpeg 0.10.3-2
	[etch] - gstreamer0.10-ffmpeg <not-affected> (Vulnerable code not present)
CVE-2008-4865 (Untrusted search path vulnerability in valgrind before 3.4.0 allows ...)
	- valgrind 1:3.3.1-3 (unimportant; bug #507312)
	NOTE: That's hardly an issue
CVE-2008-4864 (Multiple integer overflows in imageop.c in the imageop module in ...)
	- python2.5 2.5.2-12 (low; bug #504619)
	[etch] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.5-6 (low; bug #504620)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 ...)
	- blender 2.46+dfsg-5 (bug #503632; low)
	[etch] - blender 2.42a-8
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4862
	REJECTED
CVE-2008-4861
	REJECTED
CVE-2008-4860
	REJECTED
CVE-2008-4859
	REJECTED
CVE-2008-4858
	REJECTED
CVE-2008-4857
	REJECTED
CVE-2008-4856
	REJECTED
CVE-2008-4855
	REJECTED
CVE-2008-4854
	REJECTED
CVE-2008-4853
	REJECTED
CVE-2008-4852
	REJECTED
CVE-2008-4851
	REJECTED
CVE-2008-4850
	REJECTED
CVE-2008-4849
	REJECTED
CVE-2008-4848
	REJECTED
CVE-2008-4847
	REJECTED
CVE-2008-4846
	REJECTED
CVE-2008-4845
	REJECTED
CVE-2008-4844 (Use-after-free vulnerability in the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4843
	REJECTED
CVE-2008-4842
	REJECTED
CVE-2008-4841 (The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4840
	REJECTED
CVE-2008-4839
	REJECTED
CVE-2008-4838
	REJECTED
CVE-2008-4837 (Stack-based buffer overflow in Microsoft Office Word 2000 SP3, 2002 ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4836
	REJECTED
CVE-2008-4835 (SMB in the Server service in Microsoft Windows 2000 SP4, XP SP2 and ...)
	NOT-FOR-US: Windows
CVE-2008-4834 (Buffer overflow in SMB in the Server service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2008-4833
	REJECTED
CVE-2008-4832 (rc.sysinit in initscripts 8.12-8.21 and 8.56.15-0.1 on rPath allows ...)
	NOT-FOR-US: rPath
CVE-2008-4831 (Unspecified vulnerability in Adobe ColdFusion 8 and 8.0.1 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-4830 (Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI ...)
	NOT-FOR-US: KWEdit ActiveX control
CVE-2008-4829 (Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow ...)
	{DSA-1683-1}
	- streamripper 1.63.5-2 (bug #506377)
CVE-2008-4828 (Multiple stack-based buffer overflows in dsmagent.exe in the Remote ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4827 (Multiple heap-based buffer overflows in the AddTab method in the (1) ...)
	NOT-FOR-US: ComponentOne SizerOne
CVE-2008-4826
	REJECTED
CVE-2008-4825 (Multiple buffer overflows in UltraISO 9.3.1.2633, and possibly other ...)
	NOT-FOR-US: UltraISO
CVE-2008-4824 (Multiple unspecified vulnerabilities in Adobe Flash Player 10.x before ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4823 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4822 (Adobe Flash Player 9.0.124.0 and earlier does not properly interpret ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4821 (Adobe Flash Player 9.0.124.0 and earlier, when a Mozilla browser is ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4820 (Unspecified vulnerability in the Flash Player ActiveX control in Adobe ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4819 (Unspecified vulnerability in Adobe Flash Player 9.0.124.0 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4818 (Cross-site scripting (XSS) vulnerability in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4817 (The Download Manager in Adobe Acrobat Professional and Reader 8.1.2 ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4816 (Unspecified vulnerability in the Download Manager in Adobe Reader ...)
	NOT-FOR-US: Adobe Reader on Windows
CVE-2008-4815 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4814 (Unspecified vulnerability in a JavaScript method in Adobe Reader and ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4813 (Adobe Reader and Acrobat 8.1.2 and earlier, and before 7.1.1, allow ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-4812 (Array index error in Adobe Reader and Acrobat, and the Explorer ...)
	NOT-FOR-US: Adobe Reader Explorer extension
CVE-2008-4811 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
	{DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	[lenny] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	[etch] - smarty <no-dsa> (Minor issue, fix will change behaviour)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is *not* fixed in r2797
CVE-2008-4810 (The _expand_quoted_text function in libs/Smarty_Compiler.class.php in ...)
	{DSA-1919-1 DSA-1691-1}
	- smarty 2.6.26-0.1 (bug #504328)
	- moodle 1.8.2-2 (bug #504345)
	- gallery2 2.2.5-2
	NOTE: This attack vector is fixed in r2797
CVE-2008-4809 (Multiple unspecified vulnerabilities in the Profiles search pages in ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4808 (IBM Lotus Connections 2.x before 2.0.1 allows attackers to discover ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4807 (IBM Lotus Connections 2.x before 2.0.1 stores the password for the ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4806 (Multiple SQL injection vulnerabilities in IBM Lotus Connections 2.x ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4805 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Connections
CVE-2008-4804 (SQL injection vulnerability in the Gallery module 1.3 for PHP-Nuke ...)
	NOT-FOR-US: NFU Gallery module 1.3 for PHP-Nuke
CVE-2008-4803 (Cross-site scripting (XSS) vulnerability in index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Scripts gallery
CVE-2008-4802 (Cross-site scripting (XSS) vulnerability in complete.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Scripts blog
CVE-2008-5076 (htop 0.7 writes process names to a terminal without sanitizing ...)
	- htop 0.8.1-2 (unimportant; bug #504144)
	NOTE: That scenario is too constructed to call it a security issue, especially
	NOTE: given that the standard top will display the maliciously hidden processes
	NOTE: just fine.
CVE-2008-5256 (The AcquireDaemonLock function in ipcdUnix.cpp in Sun Innotek ...)
	- virtualbox-ose 1.6.6-dfsg-3 (low; bug #504149)
CVE-2008-4801 (Heap-based buffer overflow in the Data Protection for SQL CAD service ...)
	NOT-FOR-US: SQL CAD service
CVE-2008-4800 (The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4799 (pamperspective in Netpbm before 10.35.48 does not properly calculate a ...)
	- netpbm-free <not-affected> (Vulnerable code not present)
CVE-2008-4798 (The loadModule function in lib/WebGUI/Asset.pm in WebGUI before 7.5.30 ...)
	NOT-FOR-US: WebGUI
CVE-2008-4797 (Directory traversal vulnerability in Arihiro Kurata Kantan WEB Server ...)
	NOT-FOR-US: Arihiro Kurata Kantan WEB Server
CVE-2008-4796 (The _httpsrequest function (Snoopy/Snoopy.class.php) in Snoopy 1.2.3 ...)
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- libphp-snoopy 1.2.4-1 (bug #504168; medium)
	- ampache 3.4.1-2 (bug #504169)
	- mahara 1.0.5-2 (bug #504170)
	[lenny] - mahara 1.0.4-3
	- pixelpost 1.7.1-5 (bug #504171)
	- mediamate 0.9.3.6-5 (bug #504172; unimportant)
	NOTE: mediamate does not use snoopy in https requests
	- opendb <removed> (unimportant; bug #504173)
	- wordpress 2.5.1-9 (bug #504234)
	- moodle 1.8.2-2 (bug #504235)
	- gforge-plugin-scmcvs <removed>
	[etch] - gforge-plugin-scmcvs <not-affected> (Snoopy function not used on URLs that come from user input)
	- magpierss <not-affected> (Fixed in all supported distributions)
CVE-2008-4795 (The links panel in Opera before 9.62 processes Javascript within the ...)
	NOT-FOR-US: Opera
CVE-2008-4794 (Opera before 9.62 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Opera
CVE-2008-4793 (The node module API in Drupal 5.x before 5.11 allows remote attackers ...)
	- drupal5 5.10-3 (low)
	- drupal6 <not-affected> (Vulnerable code not present)
CVE-2008-4792 (The core BlogAPI module in Drupal 5.x before 5.11 and 6.x before 6.5 ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4791 (The user module in Drupal 5.x before 5.11 and 6.x before 6.5 might ...)
	- drupal5 5.10-3 (low)
	- drupal6 6.4-2 (low)
CVE-2008-4790 (The core upload module in Drupal 5.x before 5.11 allows remote ...)
	- drupal5 5.10-3 (low)
CVE-2008-4789 (The validation functionality in the core upload module in Drupal 6.x ...)
	- drupal6 6.4-2 (low)
CVE-2008-4788 (Microsoft Internet Explorer 6 omits high-bit URL-encoded characters ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4787 (Visual truncation vulnerability in Microsoft Internet Explorer 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer 6
CVE-2008-4786 (SQL injection vulnerability in easyshop.php in the EasyShop plugin for ...)
	NOT-FOR-US: EasyShop plugin for e107
CVE-2008-4785 (SQL injection vulnerability in newuser.php in the alternate_profiles ...)
	NOT-FOR-US: e107
CVE-2008-4784 (aflog 1.01 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: aflog
CVE-2008-4783 (tlAds 1.0 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: tlAds
CVE-2008-4782 (SQL injection vulnerability in public/code/cp_polls_results.php in All ...)
	NOT-FOR-US: AIOCP
CVE-2008-4781 (Directory traversal vulnerability in update.php in MyKtools 2.4 allows ...)
	NOT-FOR-US: MyKtools
CVE-2008-4780 (Directory traversal vulnerability in admin/centre.php in MyForum 1.3, ...)
	NOT-FOR-US: MyForum
CVE-2008-4779 (Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers ...)
	NOT-FOR-US: TUGzip
CVE-2008-4778 (SQL injection vulnerability in the gallery module in Koobi CMS 4.3.0 ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-4777 (SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) ...)
	NOT-FOR-US: Showroom Joomlearn LMS
CVE-2008-4774 (Cross-site scripting (XSS) vulnerability in main/main.php in QuestCMS ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4773 (Directory traversal vulnerability in main/main.php in QuestCMS allows ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4772 (SQL injection vulnerability in main/main.php in QuestCMS allows remote ...)
	NOT-FOR-US: QuestCMS
CVE-2008-4771 (Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-4770 (The CMsgReader::readRect function in the VNC Viewer component in ...)
	{DSA-1716-1}
	- vnc4 4.1.1+X4.3.0-31 (medium; bug #513531)
CVE-2008-4776 (libgadu before 1.8.2 allows remote servers to cause a denial of ...)
	{DSA-1664-1}
	- libgadu 1:1.8.0+r592-3 (low; bug #503916)
	- kadu 0.6.0.2-3 (low; bug #504429)
	- ekg 1:1.8~rc0-1 (low)
	- centerim 4.22.9-1 (low; bug #559782)
	[lenny] - centerim <no-dsa> (Minor issue)
	NOTE: claimed to be fixed in point update but is not: [lenny] - centerim 4.22.5-1+lenny1
	- qutecom <not-affected> (does not use libgadu embed; bug #559784)
CVE-2008-4769 (Directory traversal vulnerability in the get_category_template ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-1
CVE-2008-4768 (SQL injection vulnerability in TLM CMS 3.1 allows remote attackers to ...)
	NOT-FOR-US: TLM CMS
CVE-2008-4767 (Unrestricted file upload vulnerability in the DownloadsPlus module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-4766 (SQL injection vulnerability in member.php in Oxygen Bulletin Board ...)
	NOT-FOR-US: Oxygen Bulletin Board
CVE-2008-4765 (SQL injection vulnerability in pollBooth.php in osCommerce Poll Booth ...)
	NOT-FOR-US: osCommerce Poll Booth Add-On
CVE-2008-4764 (Directory traversal vulnerability in the eXtplorer module ...)
	NOT-FOR-US: eXtplorer module in Joomla!
CVE-2008-4763 (Multiple cross-site scripting (XSS) vulnerabilities in sample.php in ...)
	NOT-FOR-US: WiKID wClient-PHP
CVE-2008-4762 (Stack-based buffer overflow in freeSSHd 1.2.1 allows remote ...)
	NOT-FOR-US: freeSSHd
CVE-2008-4761 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Kayako eSupport
CVE-2008-4760 (SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, ...)
	NOT-FOR-US: Graphiks MyForum
CVE-2008-4759 (Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 ...)
	NOT-FOR-US: BuzzyWall
CVE-2008-4758 (Directory traversal vulnerability in download_file.php in PHP-Daily ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4757 (Multiple SQL injection vulnerabilities in PHP-Daily allow remote ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4756 (Cross-site scripting (XSS) vulnerability in add_prest_date.php in ...)
	NOT-FOR-US: PHPdaily
CVE-2008-4755 (SQL injection vulnerability in gotourl.php in PozScripts Classified ...)
	NOT-FOR-US: PozScripts Classified Auctions Script
CVE-2008-4754 (SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez ...)
	NOT-FOR-US: Scripts for Sites Ez Forum
CVE-2008-4753 (SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader ...)
	NOT-FOR-US: AJ Square RSS Reader
CVE-2008-4752 (TlNews 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: TlNews
CVE-2008-4751 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
	NOT-FOR-US: iPei Guestbook
CVE-2008-4750 (Stack-based buffer overflow in the VImpX.VImpAX ActiveX control ...)
	NOT-FOR-US: ActiveX
CVE-2008-4749 (Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2008-4747 (Unspecified vulnerability in the search feature in Sun Java System ...)
	NOT-FOR-US: Sun Java System LDAP JDK
CVE-2008-4746 (Multiple SQL injection vulnerabilities in Uniwin eCart Professional ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4745 (Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin ...)
	NOT-FOR-US: Uniwin eCart Professional
CVE-2008-4744 (SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc ...)
	NOT-FOR-US: DXShopCart
CVE-2008-4743 (SQL injection vulnerability in index.php in QuidaScript FAQ Management ...)
	NOT-FOR-US: QuidaScript FAQ Management Script
CVE-2008-4742 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: TimeTrex
CVE-2008-4741 (Directory traversal vulnerability in index.php in FAR-PHP 1.00, when ...)
	NOT-FOR-US: FAR-PHP
CVE-2008-4740 (Directory traversal vulnerability in templater.php in the ZZ_Templater ...)
	NOT-FOR-US: ZZ_Templater module in TinyCMS
CVE-2006-7234 (Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows ...)
	- lynx-cur 2.8.7dev4-1 (low)
	- lynx <not-affected> (Doesn't include the current directory in the search path)
CVE-2008-4748 (Format string vulnerability in the URI handler in KVirc 3.4.0, when ...)
	- kvirc <not-affected> (Windows-specific vulnerability)
CVE-2008-XXXX [balazar3: insecure temp file handling]
	- balazar3 0.1-2 (bug #503750)
CVE-2008-4775 (Cross-site scripting (XSS) vulnerability in pmd_pdf.php in phpMyAdmin ...)
	- phpmyadmin 4:2.11.8.1-4 (low)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: http://www.securityfocus.com/archive/1/497815
CVE-2008-4739 (Directory traversal vulnerability in index.php in PlugSpace 0.1, when ...)
	NOT-FOR-US: PlugSpace
CVE-2008-4738 (SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows ...)
	NOT-FOR-US: MyCard
CVE-2008-4737 (Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite ...)
	NOT-FOR-US: WhoDomLite
CVE-2008-4736 (SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and ...)
	NOT-FOR-US: RPG.Board
CVE-2008-4735 (PHP remote file inclusion vulnerability in header.php in Concord ...)
	NOT-FOR-US: Concord software
CVE-2008-4734 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4733 (Cross-site scripting (XSS) vulnerability in wpcommentremix.php in WP ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4732 (SQL injection vulnerability in ajax_comments.php in the WP Comment ...)
	NOT-FOR-US: WP Comment Remix plugin
CVE-2008-4731 (Multiple unspecified vulnerabilities in YaCy before 0.61 have unknown ...)
	- yacy <itp> (bug #452422)
CVE-2008-4730 (Cross-site scripting (XSS) vulnerability in MyID.php in phpMyID 0.9 ...)
	- phpmyid <itp> (bug #492325)
CVE-2008-4729 (Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX ...)
	NOT-FOR-US: Hummingbird Xweb
CVE-2008-4728 (Multiple insecure method vulnerabilities in the ...)
	NOT-FOR-US: Hummingbird Deployment Wizard
CVE-2008-4727 (Cross-site scripting (XSS) vulnerability in the contact update page ...)
	NOT-FOR-US: SunGard Banner Student
CVE-2008-4726 (Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 ...)
	NOT-FOR-US: GoodTech SSH
CVE-2008-4725 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera 9.52 ...)
	NOT-FOR-US: Opera
CVE-2008-4724 (Multiple cross-site scripting (XSS) vulnerabilities in Google Chrome ...)
	- webkit 1.1.7-1 (low; bug #520052)
	[lenny] - webkit <no-dsa> (Minor issue)
	- kdelibs <not-affected>
	- kde4libs <not-affected>
CVE-2008-4723 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	- iceweasel <not-affected>
	NOTE: firefox not affected, see https://bugzilla.redhat.com/468397
CVE-2008-4722 (Unspecified vulnerability in Sun Integrated Lights-Out Manager (ILOM) ...)
	NOT-FOR-US: Sun ILOM
CVE-2008-4721 (PHP Jabbers Post Comment 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PHP Jabbers
CVE-2008-4720 (Multiple PHP remote file inclusion vulnerabilities in The Gemini ...)
	NOT-FOR-US: The Gemini Portal
CVE-2008-4719 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: openEngine
CVE-2008-4718 (Directory traversal vulnerability in help/mini.php in X7 Chat 2.0.1 A1 ...)
	NOT-FOR-US: X7 Chat
CVE-2008-4717 (SQL injection vulnerability in bannerclick.php in ZEELYRICS 2.0 allows ...)
	NOT-FOR-US: ZEELYRICS
CVE-2008-4716 (SQL injection vulnerability in show.php in BitmixSoft PHP-Lance 1.52 ...)
	NOT-FOR-US: PHP-Lance
CVE-2008-4715 (SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for ...)
	NOT-FOR-US: com_jpad for Joomla!
CVE-2008-4714 (Atomic Photo Album 1.1.0 pre4 does not properly handle the ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4713 (SQL injection vulnerability in view.php in 212cafe Board 0.07 allows ...)
	NOT-FOR-US: 212cafe Board
CVE-2008-4712 (Directory traversal vulnerability in pages/showblog.php in LnBlog ...)
	NOT-FOR-US: LnBlog
CVE-2008-4711 (SQL injection vulnerability in Joovili 3.0 and earlier, when ...)
	NOT-FOR-US: Joovili
CVE-2008-4710 (Cross-site scripting (XSS) vulnerability in the stock quotes page in ...)
	NOT-FOR-US: Stock module for Drupal
CVE-2008-4709 (SQL injection vulnerability in news_read.php in Pilot Group (PG) ...)
	NOT-FOR-US: PG eTraining
CVE-2008-4708 (BbZL.PhP 0.92 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4707 (Directory traversal vulnerability in index.php in BbZL.PhP 0.92 allows ...)
	NOT-FOR-US: BbZL.PhP
CVE-2008-4706 (SQL injection vulnerability in VBGooglemap Hotspot Edition 1.0.3, a ...)
	NOT-FOR-US: VBGooglemap Hotspot Edition
CVE-2008-4705 (SQL injection vulnerability in success_story.php in php Online Dating ...)
	NOT-FOR-US: MyPHPDating
CVE-2008-4704 (PHP remote file inclusion vulnerability in SezHooTabsAndActions.php in ...)
	NOT-FOR-US: SezHoo
CVE-2008-4703 (SQL injection vulnerability in news.php in BosDev BosNews 4.0 allows ...)
	NOT-FOR-US: BosDev BosNews
CVE-2008-4702 (Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4701 (SQL injection vulnerability in admin.php in Libera CMS 1.12, when ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4700 (SQL injection vulnerability in admin.php in Libera CMS 1.12 and ...)
	NOT-FOR-US: Libera CMS
CVE-2008-4699 (Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in ...)
	NOT-FOR-US: Peachtree Accounting
CVE-2008-4698 (Opera before 9.61 does not properly block scripts during preview of a ...)
	NOT-FOR-US: Opera
CVE-2008-4697 (The Fast Forward feature in Opera before 9.61, when a page is located ...)
	NOT-FOR-US: Opera
CVE-2008-4696 (Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before ...)
	NOT-FOR-US: Opera
CVE-2008-4695 (Opera before 9.60 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Opera
CVE-2008-4694 (Unspecified vulnerability in Opera before 9.60 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-4693 (The SORT/LIST SERVICES component in IBM DB2 9.1 before FP6 and 9.5 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4692 (The Native Managed Provider for .NET component in IBM DB2 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4691 (Unspecified vulnerability in the SQLNLS_UNPADDEDCHARLEN function in ...)
	NOT-FOR-US: IBM DB2
CVE-2008-4690 (lynx 2.8.6dev.15 and earlier, when advanced mode is enabled and lynx ...)
	- lynx <not-affected> (advanced mode is not switched on in Debian configurations and lynxcgi handlers are really unlikely)
CVE-2008-4689 (Mantis before 1.1.3 does not unset the session cookie during logout, ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4688 (core/string_api.php in Mantis before 1.1.3 does not check the ...)
	- mantis 1.1.2+dfsg-9 (low; bug #503588)
CVE-2008-4685 (Use-after-free vulnerability in the dissect_q931_cause_ie function in ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4684 (packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4683 (The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL ...)
	{DSA-1673-1}
	- wireshark 1.0.4-1 (low; bug #503589)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4682 (wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4681 (Unspecified vulnerability in the Bluetooth RFCOMM dissector in ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4680 (packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 ...)
	- wireshark 1.0.4-1 (low; bug #503589)
	[etch] - wireshark <not-affected> (Vulnerable code not present, introduced in 0.99.7)
	[lenny] - wireshark 1.0.2-3+lenny2
CVE-2008-4679 (The Web Services Security component in IBM WebSphere Application ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4678 (The HTTP_Request_Parser method in the HTTP Transport component in IBM ...)
	NOT-FOR-US: IBM Websphere
CVE-2008-4677 (autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions ...)
	- vim <unfixed> (unimportant)
	NOTE: documented in netrw documentation
CVE-2008-XXXX [local file inclusion in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 5.10-3 (low; bug #503217)
CVE-2008-XXXX [XSS in book module in drupal]
	- drupal6 6.6-1 (low; bug #503222)
	- drupal5 <not-affected> (vulnerable code not present)
CVE-2008-4676 (Unspecified vulnerability in Citrix XenApp (formerly Presentation ...)
	NOT-FOR-US: Citrix XenApp
CVE-2008-4675 (SQL injection vulnerability in index.php in PHPcounter 1.3.2 and ...)
	NOT-FOR-US: PHPcounter
CVE-2008-4674 (SQL injection vulnerability in realestate-index.php in Conkurent Real ...)
	NOT-FOR-US: Conkurent Real Estate Manager
CVE-2008-4673 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WebBiscuits Software Events Calendar
CVE-2008-4672 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
	NOT-FOR-US: buymyscripts Lyrics Script
CVE-2008-4671 (Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in ...)
	- wordpress <not-affected> (Vulnerable code only in mulitiuser wordpress)
CVE-2008-4670 (Cross-site scripting (XSS) vulnerability in search.php in Ed Pudol ...)
	NOT-FOR-US: Ed Pudol Clickbank Portal
CVE-2008-4669 (Cross-site scripting (XSS) vulnerability in search.php in Dan Fletcher ...)
	NOT-FOR-US: Dan Fletcher Recipe Script
CVE-2008-4668 (Directory traversal vulnerability in the Image Browser ...)
	NOT-FOR-US: com_imagebrowser for Joomla!
CVE-2008-4667 (Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 ...)
	NOT-FOR-US: ArabCMS
CVE-2008-4666 (SQL injection vulnerability in webboard.php in Ultimate Webboard 3.00 ...)
	NOT-FOR-US: Ultimate Webboard
CVE-2008-4665 (SQL injection vulnerability in PG Matchmaking allows remote attackers ...)
	NOT-FOR-US: PG Matchmaking
CVE-2008-4664 (Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control ...)
	NOT-FOR-US: QvodInsert
CVE-2008-4663 (Cross-site scripting (XSS) vulnerability in analysis.cgi 1.44, as used ...)
	NOT-FOR-US: K's CGI Access Log Kaiseki
CVE-2008-4662 (Directory traversal vulnerability in admin.php in LokiCMS 0.3.4, when ...)
	NOT-FOR-US: LokiCMS
CVE-2008-4661 (Cross-site scripting (XSS) vulnerability in the Page Improvements ...)
	NOT-FOR-US: sm_pageimprovements for Typo3
CVE-2008-4660 (SQL injection vulnerability in the M1 Intern (m1_intern) 1.0.0 ...)
	NOT-FOR-US: m1_intern for Typo3
CVE-2008-4659 (SQL injection vulnerability in the Mannschaftsliste ...)
	NOT-FOR-US: kiddog_playerlist for Typo3
CVE-2008-4658 (SQL injection vulnerability in the JobControl (dmmjobcontrol) 1.15.4 ...)
	NOT-FOR-US: dmmjobcontrol for Typo3
CVE-2008-4657 (SQL injection vulnerability in the Econda Plugin (econda) 0.0.2 and ...)
	NOT-FOR-US: econda for Typo3
CVE-2008-4656 (SQL injection vulnerability in the Frontend Users View (feusersview) ...)
	NOT-FOR-US: fersview for Typo3
CVE-2008-4655 (SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 ...)
	NOT-FOR-US: simplesurvey for Typo3
CVE-2008-4653 (SQL injection vulnerability in makale.php in Makale 0.26 and possibly ...)
	NOT-FOR-US: Makale module for XOOPS
CVE-2008-4652 (Buffer overflow in the ActiveX control (DartFtp.dll) in Dart ...)
	NOT-FOR-US: Dart Communications PowerTCP FTP
CVE-2008-4651 (Multiple SQL injection vulnerabilities in Jetbox CMS 2.1 allow remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2008-4650 (SQL injection vulnerability in viewevent.php in myEvent 1.6 allows ...)
	NOT-FOR-US: myEvent
CVE-2008-4649 (Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 ...)
	NOT-FOR-US: Elxis
CVE-2008-4648 (Cross-site scripting (XSS) vulnerability in index.php in Elxis CMS ...)
	NOT-FOR-US: Elxis
CVE-2008-4647 (SQL injection vulnerability in index.php in sweetCMS 1.5.2 allows ...)
	NOT-FOR-US: sweetCMS
CVE-2008-4646 (The Websense Reporter Module in Websense Enterprise 6.3.2 stores the ...)
	NOT-FOR-US: Websense Enterprise
CVE-2008-4645 (plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4644 (hits.php in myWebland myStats allows remote attackers to bypass IP ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4643 (SQL injection vulnerability in hits.php in myWebland myStats allows ...)
	NOT-FOR-US: myWebland myStats
CVE-2008-4642 (SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows ...)
	NOT-FOR-US: AstroSPACES
CVE-2008-4641 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...)
	- jhead 2.84-2 (low; bug #503645)
CVE-2008-4640 (The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and ...)
	- jhead 2.85-1 (unimportant; bug #504194)
	NOTE: no issue, jhead is just unlinking the output file if it already exists, this is not following symlinks
CVE-2008-4639 (jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users ...)
	- jhead 2.84-1 (low)
CVE-2008-4638 (qioadmin in the Quick I/O for Database feature in Symantec Veritas ...)
	NOT-FOR-US: Symantec VxFS
CVE-2008-4637 (Cross-site scripting (XSS) vulnerability in cpCommerce before 1.2.4 ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4636 (yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux ...)
	NOT-FOR-US: SUSE Linux and Novell Linux (yast2-backup)
CVE-2008-4635 (Unspecified vulnerability in Hisanaga Electric Co, Ltd. hisa_cart 1.29 ...)
	NOT-FOR-US: XOOPS module
CVE-2008-4634 (Cross-site scripting (XSS) vulnerability in Movable Type 4 through ...)
	- movabletype-opensource 4.2.1-3 (low; bug #503114)
CVE-2008-4633 (SQL injection vulnerability in Node Vote 5.x before 5.x-1.1 and 6.x ...)
	NOT-FOR-US: Node Vote
CVE-2008-4632 (Multiple directory traversal vulnerabilities in index.php in Kure ...)
	NOT-FOR-US: Kure
CVE-2008-4631 (Stack-based buffer overflow in the Message::AddToString function in ...)
	NOT-FOR-US: MUSCLE, NOTE this is not the multiple alignment program for protein sequences in Debian
CVE-2008-4630 (Multiple unspecified vulnerabilities in Midgard Components (MidCOM) ...)
	NOT-FOR-US: Midgard Components Framework
CVE-2008-4629 (Cross-site scripting (XSS) vulnerability in Usagi Project MyNETS 1.2.0 ...)
	NOT-FOR-US: Usagi Project MyNETS
CVE-2008-4628 (SQL injection vulnerability in del.php in myWebland miniBloggie 1.0 ...)
	NOT-FOR-US: myWebland miniBloggie
CVE-2008-4627 (SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-4626 (Directory traversal vulnerability in index.php in Fritz Berger yet ...)
	NOT-FOR-US: yappa-ng
CVE-2008-4625 (SQL injection vulnerability in stnl_iframe.php in the ShiftThis ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-4624 (PHP remote file inclusion vulnerability in init.php in Fast Click SQL ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2008-4623 (SQL injection vulnerability in the DS-Syndicate (com_ds-syndicate) ...)
	NOT-FOR-US: DS-Syndicate
CVE-2008-4622 (The isLoggedIn function in fastnews-code.php in phpFastNews 1.0.0 ...)
	NOT-FOR-US: phpFastNews
CVE-2008-4621 (SQL injection vulnerability in bannerclick.php in ZeeScripts ...)
	NOT-FOR-US: ZeeScripts Zeeproperty
CVE-2008-4620 (SQL injection vulnerability in Meeting Room Booking System (MRBS) ...)
	NOT-FOR-US: Meeting Room Booking System
CVE-2008-4619 (The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4618 (The Stream Control Transmission Protocol (sctp) implementation in the ...)
	{DSA-1681-1}
	- linux-2.6 2.6.26-10
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: ba0166708ef4da7eeb61dd92bbba4d5a749d6561
CVE-2008-4617 (SQL injection vulnerability in the actualite module 1.0 for Joomla! ...)
	NOT-FOR-US: actualite module for Joomla!
CVE-2008-4616 (The SpamBam plugin for WordPress allows remote attackers to bypass ...)
	NOT-FOR-US: SpamBam plugin for WordPress
CVE-2008-4615 (Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has ...)
	NOT-FOR-US: PortalApp
CVE-2008-4614 (PortalApp 4.0 does not require authentication for (1) forums.asp and ...)
	NOT-FOR-US: PortalApp
CVE-2008-4613 (SQL injection vulnerability in forums.asp in PortalApp 4.0 allows ...)
	NOT-FOR-US: PortalApp
CVE-2008-4612 (Cross-site scripting (XSS) vulnerability in PortalApp 4.0 allows ...)
	NOT-FOR-US: PortalApp
CVE-2008-4611 (SQL injection vulnerability in index.php in PHP Arsivimiz Php ...)
	NOT-FOR-US: PHP Arsivimiz Php Ziyaretci Defteri
CVE-2008-4610 (MPlayer allows remote attackers to cause a denial of service ...)
	{DTSA-181-1}
	- mplayer 1.0~rc2-20 (bug #407010)
	NOTE: only the aac issue affected mplayer because it built against a copy of faad
	NOTE: the ogm issue is a problem in ffmpeg
	- ffmpeg-debian <unfixed> (unimportant; bug #509616)
	- ffmpeg 7:2.4.1-1 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: just a crasher, no security implications known so far
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4609 (The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: this is a design flaw in TCP itself; maximum impact is a denial-of-service
	NOTE: there is no upstream solution
	NOTE: see http://kbase.redhat.com/faq/docs/DOC-18730 for possible mitigation via iptables
	NOTE: also see usage of ipt_connlimit as a mitigation strategy
CVE-2008-4608
	REJECTED
CVE-2008-4607
	REJECTED
CVE-2008-4606 (Multiple SQL injection vulnerabilities in IP Reg 0.4 and earlier allow ...)
	NOT-FOR-US: IP Reg
CVE-2008-4605 (SQL injection vulnerability in CafeEngine allows remote attackers to ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4604 (SQL injection vulnerability in index.php in Easy CafeEngine 1.1 allows ...)
	NOT-FOR-US: CafeEngine
CVE-2008-4603 (SQL injection vulnerability in search.php in iGaming CMS 2.0 Alpha 1 ...)
	NOT-FOR-US: iGaming CM
CVE-2008-4602 (Directory traversal vulnerability in index.php in Post Affiliate Pro ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2008-4601 (Cross-site scripting (XSS) vulnerability in the login feature in ...)
	NOT-FOR-US: Habari CMS
CVE-2008-4600 (configure.php in PokerMax Poker League Tournament Script 0.13 allows ...)
	NOT-FOR-US: PokerMax Poker League Tournament Script
CVE-2008-4599 (SQL injection vulnerability in category.php in Mosaic Commerce allows ...)
	NOT-FOR-US: Mosaic Commerce
CVE-2008-4598 (Unspecified vulnerability in Shindig-Integrator 5.x, a module for ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4597 (Shindig-Integrator 5.x, a module for Drupal, does not properly ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4596 (Cross-site scripting (XSS) vulnerability in Shindig-Integrator 5.x, a ...)
	NOT-FOR-US: Shindig-Integrator module for Drupal
CVE-2008-4595 (Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus ...)
	NOT-FOR-US: Slaytanic Scripts Content Plus
CVE-2008-4594 (Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N ...)
	NOT-FOR-US: Linksys WAP4400N firmware
CVE-2008-4593 (Apple iPhone 2.1 with firmware 5F136, when Require Passcode is enabled ...)
	NOT-FOR-US: Apple iPhone 2.1 with firmware 5F136
CVE-2007-6718 (MPlayer, possibly 1.0rc1, allows remote attackers to cause a denial of ...)
	- mplayer 1.0~rc3+svn20100502-1 (low; bug #407010)
	[lenny] - mplayer <no-dsa> (Some have been fixed in Lenny/libavcodec, some crashers left)
	NOTE: http://sam.zoy.org/blog/2007-01-16-exposing-file-parsing-vulnerabilities
CVE-2008-4654 (Stack-based buffer overflow in the parse_master function in the Ty ...)
	- vlc 1.0.3-1 (low; bug #502726)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4686 (Multiple integer overflows in ty.c in the TY demux plugin (aka the ...)
	{DSA-1819-1 DTSA-175-1}
	- vlc 0.8.6.h-4.1 (medium; bug #503118)
CVE-2008-4687 (manage_proj_page.php in Mantis before 1.1.4 allows remote ...)
	- mantis 1.1.2+dfsg-7 (medium; bug #502728)
	NOTE: only registered users can perform this
CVE-2008-4592 (Directory traversal vulnerability in index.php in Sports Clubs Web ...)
	NOT-FOR-US: Sports Clubs Web Panel
CVE-2008-4591 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-4590 (Multiple SQL injection vulnerabilities in Stash 1.0.3 allow remote ...)
	NOT-FOR-US: Stash
CVE-2008-4589 (Heap-based buffer overflow in the tvtumin.sys kernel driver in Lenovo ...)
	NOT-FOR-US: Lenovo Rescue and Recovery
CVE-2008-4588 (Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, ...)
	NOT-FOR-US: Etype Eserv
CVE-2008-4587 (Insecure method vulnerability in the ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4586 (Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ...)
	NOT-FOR-US: Macrovision FLEXnet Connect
CVE-2008-4585 (Belong Software Site Builder 0.1 beta allows remote attackers to ...)
	NOT-FOR-US: Software Site Builder
CVE-2008-4584 (Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control ...)
	NOT-FOR-US: Chilkat Mail
CVE-2008-4583 (Insecure method vulnerability in the Chilkat FTP 2.0 ActiveX component ...)
	NOT-FOR-US: Chilkat FTP
CVE-2008-4582 (Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and ...)
	{DSA-1697-1 DSA-1696-1 DSA-1671-1 DSA-1669-1}
	- xulrunner 1.9.0.4-1
	- iceweasel 3.0.4-1
	- iceape 1.1.13-1
	- icedove 2.0.0.19-1
CVE-2008-4581 (The Editor in IBM ENOVIA SmarTeam 5 before release 18 SP5, and release ...)
	NOT-FOR-US: IBM ENOVIA SmarTeam
CVE-2008-4580 (fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows ...)
	- redhat-cluster 2.20080801-1 (low; bug #496410)
	[etch] - redhat-cluster <no-dsa> (Minor issue)
	NOTE: already fixed in lenny
CVE-2008-4579 (The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) ...)
	- redhat-cluster 2.20081102-1 (low; bug #496410)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
	[etch] - redhat-cluster <no-dsa> (Minor issue)
CVE-2008-4578 (The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass ...)
	- dovecot 1:1.1.9-1 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
	[lenny] - dovecot <no-dsa> (Minor issue)
CVE-2008-4577 (The ACL plugin in Dovecot before 1.1.4 treats negative access rights ...)
	- dovecot 1:1.0.15-2.2 (low; bug #502967)
	[etch] - dovecot <no-dsa> (Minor issue)
CVE-2008-4576 (sctp in Linux kernel before 2.6.25.18 allows remote attackers to cause ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4575 (Buffer overflow in the DoCommand function in jhead before 2.84 might ...)
	- jhead 2.84-1 (bug #502353; low)
CVE-2008-4571 (Cross-site scripting (XSS) vulnerability in the LiveSearch module in ...)
	- plone3 3.0.4-1 (low)
CVE-2008-4569 (SQL injection vulnerability in xlacomments.asp in XIGLA Software ...)
	NOT-FOR-US: XIGLA Software Absolute Poll Manager
CVE-2008-4574 (SQL injection vulnerability in default.asp in Ayco Okul Portali allows ...)
	NOT-FOR-US: Ayco Okul Portali
CVE-2008-4573 (SQL injection vulnerability in kategori.asp in MunzurSoft Wep Portal ...)
	NOT-FOR-US: MunzurSoft Wep Portal W3
CVE-2008-4572 (GuildFTPd 0.999.14, and possibly other versions, allows remote ...)
	NOT-FOR-US: GuildFTPd
CVE-2008-4570 (SQL injection vulnerability in index.php in Real Estate Classifieds ...)
	NOT-FOR-US: Real Estate Classifieds
CVE-2008-4568
	RESERVED
CVE-2008-4567
	RESERVED
CVE-2008-4566
	RESERVED
CVE-2008-4565
	RESERVED
CVE-2008-4564 (Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK ...)
	NOT-FOR-US: Autonomy KeyView SDK
CVE-2008-4563 (Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-4562 (Buffer overflow in the ovlaunch CGI program in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4561
	RESERVED
CVE-2008-4560 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4559 (HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-4557 (plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 ...)
	NOT-FOR-US: CuteNews.ru
CVE-2008-4556 (Stack-based buffer overflow in the adm_build_path function in sadmind ...)
	NOT-FOR-US: Sun Solstice AdminSuite
CVE-2008-4555 (Stack-based buffer overflow in the push_subg function in parser.y ...)
	- graphviz 2.20.2-3 (low)
	[etch] - graphviz 2.8-3+etch1
	NOTE: minor issue fixed in etch r6 point update
CVE-2008-4554 (The do_splice_from function in fs/splice.c in the Linux kernel before ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-9
	- linux-2.6.24 2.6.24-6~etchnhalf.7
CVE-2008-4553 (qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local ...)
	{DSA-1657-1}
	- qemu 0.9.1-6 (low; bug #496394)
CVE-2008-4552 (The good_client function in nfs-utils 1.0.9, and possibly other ...)
	- nfs-utils 1:1.1.3-1
	[lenny] - nfs-utils 1:1.1.2-6lenny1
	[etch] - nfs-utils <no-dsa> (Minor issue)
CVE-2008-4551 (strongSwan 4.2.6 and earlier allows remote attackers to cause a denial ...)
	- strongswan 4.2.4-5 (bug #502676)
	[etch] - strongswan <not-affected> (Vulnerable code not present)
CVE-2008-4550
	RESERVED
CVE-2008-4549 (The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ...)
	NOT-FOR-US: ImageShack Toolbar ActiveX control
CVE-2008-4548 (Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control ...)
	NOT-FOR-US: PTZCamPanelCtrl ActiveX control
CVE-2008-4547 (Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control ...)
	NOT-FOR-US: DVRHOST Web CMS
CVE-2008-4546 (Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4558 (Array index error in VLC media player 0.9.2 allows remote attackers to ...)
	- vlc 0.9.3-1 (medium; bug #502314)
	[etch] - vlc <not-affected> (introduced in 0.9.0)
	[lenny] - vlc <not-affected> (introduced in 0.9.0)
CVE-2008-4545 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...)
	NOT-FOR-US: Cisco
CVE-2008-4544 (Unspecified vulnerability in an unspecified Microsoft API, as used by ...)
	NOT-FOR-US: Microsoft
CVE-2008-4543 (Cisco Unity 4.x before 4.2(1)ES161, 5.x before 5.0(1)ES53, and 7.x ...)
	NOT-FOR-US: Cisco
CVE-2008-4542 (Cross-site scripting (XSS) vulnerability in Cisco Unity 4.x before ...)
	NOT-FOR-US: Cisco
CVE-2008-4541 (Heap-based buffer overflow in the FTP subsystem in Sun Java System Web ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-4540 (Windows Mobile 6 on the HTC Hermes device makes WLAN passwords ...)
	NOT-FOR-US: Windows Mobile
CVE-2008-4539 (Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM ...)
	{DSA-1799-1}
	- qemu 0.9.1+svn20081101-1 (low; bug #526040)
	[etch] - qemu <not-affected> (Vulnerable code not present)
CVE-2008-4538
	RESERVED
CVE-2008-4537 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4536 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver1 1.4.6 and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4535 (Cross-site scripting (XSS) vulnerability in EC-CUBE Ver2 2.1.2a and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-4534 (SQL injection vulnerability in EC-CUBE Ver2 2.1.2a and earlier, and ...)
	NOT-FOR-US: EC-CUBE
CVE-2008-5299 (chm2pdf 0.9 allows user-assisted local users to delete arbitrary files ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-5298 (chm2pdf 0.9 uses temporary files in directories with fixed names, ...)
	- chm2pdf 0.9.1-1.1 (low; bug #501959)
CVE-2008-4533 (Cross-site scripting (XSS) vulnerability in Kantan WEB Server 1.8 and ...)
	NOT-FOR-US: Kantan WEB Server
CVE-2008-4532 (Cross-site scripting (XSS) vulnerability in index.php in MaxiScript ...)
	NOT-FOR-US: MaxiScript Website Directory
CVE-2008-4531 (SQL injection vulnerability in Brilliant Gallery 5.x before 5.x-4.2, a ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4530 (Cross-site scripting (XSS) vulnerability in Brilliant Gallery 5.x ...)
	NOT-FOR-US: Brilliant Gallery (drupal module)
CVE-2008-4529 (Multiple PHP remote file inclusion vulnerabilities in asiCMS alpha ...)
	NOT-FOR-US: asiCMS
CVE-2008-4528 (Directory traversal vulnerability in notes.php in Phlatline's Personal ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4527 (SQL injection vulnerability in recept.php in the Recepies (Recept) ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-4526 (Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote ...)
	NOT-FOR-US: CCMS
CVE-2008-4525 (SQL injection vulnerability in index.php in AmpJuke 0.7.5 allows ...)
	NOT-FOR-US: AmpJuke
CVE-2008-4524 (SQL injection vulnerability in the &quot;Check User&quot; feature ...)
	NOT-FOR-US: AdaptCMS
CVE-2008-4523 (SQL injection vulnerability in login.php in IP Reg 0.4 and earlier ...)
	NOT-FOR-US: IP Reg
CVE-2008-4522 (Multiple directory traversal vulnerabilities in JMweb MP3 Music Audio ...)
	NOT-FOR-US: JMweb MP3 Music Audio Search and Download Script
CVE-2008-4521 (SQL injection vulnerability in thisraidprogress.php in the World of ...)
	NOT-FOR-US: World of Warcraft tracker
CVE-2008-4520 (Cross-site scripting (XSS) vulnerability in bulk_update.pl in ...)
	NOT-FOR-US: AutoNessus
CVE-2008-4519 (Multiple directory traversal vulnerabilities in Fastpublish CMS 1.9999 ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4518 (Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d ...)
	NOT-FOR-US: Fastpublish CMS
CVE-2008-4517 (SQL injection vulnerability in leggi.php in geccBBlite 2.0 allows ...)
	NOT-FOR-US: geccBBlite
CVE-2008-4516 (SQL injection vulnerability in galerie.php in Galerie 3.2 allows ...)
	NOT-FOR-US: Galerie
CVE-2008-4515 (Blue Coat K9 Web Protection 4.0.230 Beta relies on client-side ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2008-4514 (The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser crash is a non-issue
CVE-2008-4513 (Cross-site scripting (XSS) vulnerability in BBcode API module in ...)
	NOT-FOR-US: Phorum
CVE-2008-4512 (ASP/MS Access Shoutbox, probably 1.1 beta, stores db/shoutdb.mdb under ...)
	NOT-FOR-US: ASP/MS Access Shoutbox
CVE-2008-4511 (Todd Woolums ASP News Management, possibly 2.21, stores db/news.mdb ...)
	NOT-FOR-US: Todd Woolums ASP News Management
CVE-2008-4510 (Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2008-4509 (Unrestricted file upload vulnerability in processFiles.php in FOSS ...)
	NOT-FOR-US: FOSS Gallery
CVE-2008-4508 (Stack-based buffer overflow in the file parsing function in Tonec ...)
	NOT-FOR-US: Tonec Internet Download Manager
CVE-2008-4507 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4506 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4505 (Unspecified vulnerability in IBM Lotus Quickr 8.1 before Fix pack 1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-4504 (Heap-based buffer overflow in Mplayer.exe in Herosoft Inc. Hero DVD ...)
	NOT-FOR-US: Herosoft Inc. Hero DVD Player
CVE-2008-4503 (The Settings Manager in Adobe Flash Player 9.0.124.0 and earlier ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4482 (The XML parser in Xerces-C++ before 3.0.0 allows context-dependent ...)
	- xerces-c2 <unfixed> (unimportant; bug #502102)
	NOTE: Hardly a security issue, anyone who's concerned about this should use Xerces 3
CVE-2008-4480 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4479 (Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4478 (Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-4473 (Multiple heap-based buffer overflows in Adobe Flash CS3 Professional ...)
	NOT-FOR-US: Flash CS3 Professional
CVE-2008-4502 (Multiple PHP remote file inclusion vulnerabilities in DataFeedFile ...)
	NOT-FOR-US: DataFeedFile PHP Framework API
CVE-2008-4501 (Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 ...)
	NOT-FOR-US: Serv-U
CVE-2008-4500 (Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2008-4499 (Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b ...)
	NOT-FOR-US: PHP Web Explorer
CVE-2008-4498 (SQL injection vulnerability in searchresults.php in PHP Autos 2.9.1 ...)
	NOT-FOR-US: PHP Autos
CVE-2008-4497 (SQL injection vulnerability in event_detail.php in Built2Go Real ...)
	NOT-FOR-US: Built2Go Real Estate Listings
CVE-2008-4496 (SQL injection vulnerability in view_cat.php in PHP Realtor 1.5 allows ...)
	NOT-FOR-US: PHP Realtor
CVE-2008-4495 (SQL injection vulnerability in view_cat.php in PHP Auto Dealer 2.7 ...)
	NOT-FOR-US: PHP Auto Dealer
CVE-2008-4494 (SQL injection vulnerability in completed-advance.php in TorrentTrader ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2008-4493 (Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as ...)
	NOT-FOR-US: PicturePusher ActiveX
CVE-2008-4492 (SQL injection vulnerability in referrals.php in YourOwnBux 4.0 allows ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4491 (Apple Mail.app 3.5 on Mac OS X, when &quot;Store draft messages on the ...)
	NOT-FOR-US: Mac OS
CVE-2008-4490 (Directory traversal vulnerability in config.inc.php in phpAbook 0.8.8b ...)
	NOT-FOR-US: phpAbook
CVE-2008-4489 (Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4488 (Cross-site scripting (XSS) vulnerability in ap-pages.php in Atarone ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4487 (SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows ...)
	NOT-FOR-US: Atarone CMS
CVE-2008-4486 (Directory traversal vulnerability in index.php in SAC.php (SACphp), as ...)
	NOT-FOR-US: SACphp
CVE-2008-4485 (Cross-site scripting (XSS) vulnerability in the ICAP patience page in ...)
	NOT-FOR-US: Blue Coat Security Gateway OS
CVE-2008-4484 (main.php in Crux Gallery 1.32 and earlier allows remote attackers to ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4483 (Directory traversal vulnerability in index.php in Crux Gallery 1.32 ...)
	NOT-FOR-US: Crux Gallery
CVE-2008-4481 (Cross-site scripting (XSS) vulnerability in Redmine 0.7.2 and earlier ...)
	NOT-FOR-US: Redmine
CVE-2008-4472 (The UpdateEngine class in the LiveUpdate ActiveX control ...)
	NOT-FOR-US: LiveUpdate ActiveX
CVE-2008-4471 (Directory traversal vulnerability in the CExpressViewerControl class ...)
	NOT-FOR-US: DWF Viewer ActiveX
CVE-2008-4470 (Stack-based buffer overflow in Numark CUE 5.0 rev2 allows ...)
	NOT-FOR-US: Numark
CVE-2008-4469 (SQL injection vulnerability in view_cresume.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4468 (SQL injection vulnerability in view_news.php in Vastal I-Tech Share ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4467 (SQL injection vulnerability in show_series_ink.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4466 (SQL injection vulnerability in view_products_cat.php in Vastal I-Tech ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4465 (SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4464 (SQL injection vulnerability in view_mags.php in Vastal I-Tech Mag Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4463 (SQL injection vulnerability in view_news.php in Vastal I-Tech Jobs ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4462 (SQL injection vulnerability in view_news.php in Vastal I-Tech Visa ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4461 (SQL injection vulnerability in advanced_search_results.php in Vastal ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4460 (SQL injection vulnerability in game.php in Vastal I-Tech MMORPG Zone ...)
	NOT-FOR-US: Vastal I-Tech Freelance Zone
CVE-2008-4459 (SQL injection vulnerability in pick_users.php in the groups module in ...)
	NOT-FOR-US: eXtrovert Thyme
CVE-2008-4458 (SQL injection vulnerability in listings.php in E-Php B2B Trading ...)
	NOT-FOR-US: E-Php B2B Trading Marketplace Script
CVE-2008-4457 (SQL injection vulnerability in inc/inc_statistics.php in MemHT Portal ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4456 (Cross-site scripting (XSS) vulnerability in the command-line client in ...)
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51-1 (low; bug #526254)
CVE-2008-4455 (Directory traversal vulnerability in index.php in EKINdesigns MySQL ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4454 (Directory traversal vulnerability in EKINdesigns MySQL Quick Admin ...)
	NOT-FOR-US: EKINdesigns MySQL Quick Admin
CVE-2008-4453 (The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ...)
	NOT-FOR-US: ActiveX control
CVE-2008-4452 (Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 ...)
	NOT-FOR-US: Cambridge Computer Corporation vxFtpSrv
CVE-2008-4451 (The SysInspector AntiStealth driver (esiasdrv.sys) 3.0.65535.0 in ESET ...)
	NOT-FOR-US: ESET System Analyzer Tool
CVE-2008-4450 (Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for ...)
	NOT-FOR-US: XAMPP
CVE-2008-4449 (Stack-based buffer overflow in mIRC 6.34 allows remote attackers to ...)
	NOT-FOR-US: mIRC
CVE-2008-4448 (Cross-site request forgery (CSRF) vulnerability in actions.php in ...)
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4447 (Cross-site scripting (XSS) vulnerability in actions.php in Positive ...)
	NOT-FOR-US: Positive Software H-Sphere WebShell
CVE-2008-4446 (Cross-site scripting (XSS) vulnerability in Nucleus EUC-JP 3.31 SP1 ...)
	NOT-FOR-US: Nucleus EUC-JP
CVE-2008-4445 (The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.6
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-4444 (Cisco Unified IP Phone (aka SIP phone) 7960G and 7940G with firmware ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2008-4443
	RESERVED
CVE-2008-4442
	RESERVED
CVE-2008-4441 (The Marvell driver for the Linksys WAP4400N Wi-Fi access point with ...)
	NOT-FOR-US: Linksys
CVE-2008-4439 (PHP remote file inclusion vulnerability in admin/bin/patch.php in ...)
	NOT-FOR-US: MartinWood Datafeed Studio
CVE-2008-4438 (Cross-site scripting (XSS) vulnerability in search.php in Datafeed ...)
	NOT-FOR-US: Datafeed Studio
CVE-2008-4437 (Directory traversal vulnerability in importxml.pl in Bugzilla before ...)
	{DTSA-170-1}
	- bugzilla 3.0.5.0-1 (low; bug #502019)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-4436 (SQL injection vulnerability in bblog_plugins/builtin.help.php in bBlog ...)
	NOT-FOR-US: bBlog
CVE-2008-4435 (Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT ...)
	NOT-FOR-US: RMSOFT Downloads Plus
CVE-2008-4434 (Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and ...)
	NOT-FOR-US: uTorrent/Bittorrent
CVE-2008-4433 (SQL injection vulnerability in search.php in the RMSOFT MiniShop ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4432 (Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT ...)
	NOT-FOR-US: RMSOFT MiniShop (xoops)
CVE-2008-4431 (SQL injection vulnerability in index.php in IceBB 1.0-rc9.3 and ...)
	NOT-FOR-US: IceBB
CVE-2008-4430
	REJECTED
CVE-2008-4429 (Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 ...)
	NOT-FOR-US: SOURCENEXT Virus Security ZERO
CVE-2008-4428 (Unrestricted file upload vulnerability in upload.php in Phlatline's ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4427 (changepassword.php in Phlatline's Personal Information Manager (pPIM) ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4426 (Cross-site scripting (XSS) vulnerability in events.php in Phlatline's ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4425 (Directory traversal vulnerability in upload.php in Phlatline's ...)
	NOT-FOR-US: Phlatline's Personal Information Manager
CVE-2008-4424 (Cross-site scripting (XSS) vulnerability in index.php in Domain Group ...)
	NOT-FOR-US: Domain Group Network GooCMS
CVE-2008-4423 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...)
	NOT-FOR-US: Ovidentia
CVE-2008-4422
	REJECTED
CVE-2008-4421 (Directory traversal vulnerability in MetaGauge 1.0.0.17, and probably ...)
	NOT-FOR-US: MetaGauge
CVE-2008-4420 (Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in ...)
	NOT-FOR-US: DynaZip Max
CVE-2008-4419 (Directory traversal vulnerability in the HP JetDirect web ...)
	NOT-FOR-US: HP-ChaiSOE
CVE-2008-4418 (Unspecified vulnerability in DCE in HP HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2008-4417
	REJECTED
CVE-2008-4416 (Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows ...)
	NOT-FOR-US: HP-UX
CVE-2008-4415 (Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 ...)
	NOT-FOR-US: HP Service Manager (HPSM)
CVE-2008-4414 (Unspecified vulnerability in the AdvFS showfile command in HP Tru64 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2008-4413 (Unspecified vulnerability in HP System Management Homepage (SMH) 2.2.6 ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4412 (Unspecified vulnerability in HP Systems Insight Manager (SIM) before ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2008-4411 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-4410 (The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the ...)
	- linux-2.6 2.6.26-8
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2008-4409 (libxml2 2.7.0 and 2.7.1 does not properly handle &quot;predefined entities ...)
	- libxml2 <not-affected>
	[lenny] - libxml2 <not-affected> (Vulnerable code not present)
	[etch] - libxml2 <not-affected> (Vulnerable code not present)
	NOTE: The bug affects only to 2.7.0 and 2.7.1
CVE-2008-4406 (A certain Debian patch to the run scripts for sabre (aka xsabre) ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4405 (xend in Xen 3.0.3 does not properly limit the contents of the ...)
	- xen-3 3.4.0-1 (bug #503811)
	- xen-unstable <removed>
	NOTE: a proposed patch leads to new problems, see CVE-2008-5716
CVE-2008-4404 (The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM ...)
	NOT-FOR-US: IPv6 NDP on IBM zSeries
CVE-2008-4403 (The CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4402 (Multiple buffer overflows in CGI modules in the server in Trend Micro ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-4408 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.13.1, 1.12.0, ...)
	{DTSA-171-1}
	- mediawiki 1:1.13.2-1 (low; bug #501115)
	[etch] - mediawiki <not-affected> (Vulnerable code not present)
CVE-2008-4475 (ibackup 2.27 allows local users to overwrite arbitrary files via a ...)
	- ibackup <removed> (low; bug #496432)
	[etch] - ibackup <no-dsa> (Minor issues)
CVE-2008-4401 (ActionScript in Adobe Flash Player 9.0.124.0 and earlier does not ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-4400 (Unspecified vulnerability in asdbapi.dll in CA ARCserve Backup ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4399 (Unspecified vulnerability in the database engine service in ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4398 (Unspecified vulnerability in the tape engine service in asdbapi.dll in ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4397 (Directory traversal vulnerability in the RPC interface (asdbapi.dll) ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-4396 (Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and ...)
	NOT-FOR-US: Safer Networking FileAlyzer
CVE-2008-4969 (ltp-network-test 20060918 allows local users to overwrite arbitrary ...)
	- ltp 20060918-3 (low; bug #496411)
	[etch] - ltp <no-dsa> (Documented to be only suitable for single user setups currently)
CVE-2008-4954 (mead.pl in fml 4.0.3 allows local users to overwrite arbitrary files ...)
	- fml <removed> (low; bug #496370)
	[etch] - fml <no-dsa> (Minor issue)
CVE-2008-4957 (find_flags in Kitware GCC-XML (gccxml) 0.9.0 allows local users to ...)
	- gccxml 0.9.0+cvs20100501-1 (unimportant; bug #496391)
	NOTE: Only applies to a script used for an obscure SGI compiler
CVE-2008-4943 (bulmages-servers 0.11.1 allows local users to overwrite arbitrary ...)
	- bulmages <removed> (unimportant; bug #496382)
	NOTE: Only present in example scripts
CVE-2008-5034 (** DISPUTED ** ...)
	- printfilters-ppd <unfixed> (unimportant; bug #496417)
	NOTE: Only exploitable when modifying master-filter by hand
CVE-2008-4955 (freevo.real in freevo 1.8.1 allows local users to overwrite arbitrary ...)
	- freevo <unfixed> (unimportant; bug #496373)
	NOTE: Only exploitable when modifying script by hand
CVE-2008-4974 (rrdedit in netmrg 0.20 allows local users to overwrite arbitrary files ...)
	- netmrg 0.20-2 (low; bug #496384)
	[etch] - netmrg <no-dsa> (Minor issue)
CVE-2008-4960 (impose in impose+ 0.2 allows local users to overwrite arbitrary files ...)
	- impose+ 0.2-11.1 (low; bug #496435)
	[etch] - impose+ <no-dsa> (Minor issue)
CVE-2008-4964 (filters/any-UTF8 in konwert 1.8 allows local users to delete arbitrary ...)
	- konwert 1.8-11.2 (low; bug #496379)
	[etch] - konwert <no-dsa> (Minor issue)
CVE-2008-4986 (wims 3.62 allows local users to overwrite arbitrary files via a ...)
	- wims 3.62-13.1 (low; bug #496387)
	[etch] - wims <no-dsa> (Minor issue)
CVE-2008-4474 (freeradius-dialupadmin in freeradius 2.0.4 allows local users to ...)
	- freeradius 2.0.4+dfsg-6 (low; bug #496389)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2008-4995 (redirect.pl in bk2site 1.1.9 allows local users to overwrite arbitrary ...)
	- bk2site <removed> (unimportant; bug #496430)
	NOTE: Only debug code, script needs to be edited to exploit this
CVE-2008-4983 (scilab-bin 4.1.2 allows local users to overwrite arbitrary files via a ...)
	- scilab 4.1.2-6 (low; bug #496414)
	[etch] - scilab <no-dsa> (Non-free not supported)
CVE-2008-4395 (Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux ...)
	{DSA-1731-1}
	- ndiswrapper 1.53-2 (medium; bug #504696)
CVE-2008-4394 (Multiple untrusted search path vulnerabilities in Portage before ...)
	NOT-FOR-US: Gentoo package manager Portage
CVE-2008-4393 (Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery ...)
	NOT-FOR-US: VeriSign Kontiki
CVE-2008-4392 (dnscache in Daniel J. Bernstein djbdns 1.05 does not prevent ...)
	- djbdns <removed> (high; bug #516394)
CVE-2008-4391 (Stack-based buffer overflow in the SetSource method in the ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4390 (The Cisco Linksys WVC54GC wireless video camera before firmware 1.25 ...)
	NOT-FOR-US: Cisco Linksys WVC54GC
CVE-2008-4389 (Symantec AppStream 5.2.x and Symantec Workspace Streaming (SWS) 6.1.x ...)
	NOT-FOR-US: Symantec AppStream
CVE-2008-4388 (The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in ...)
	NOT-FOR-US: LaunchObj ActiveX
CVE-2008-4387 (Unspecified vulnerability in the Simba MDrmSap ActiveX control in ...)
	NOT-FOR-US: ActiveX
CVE-2008-4386
	RESERVED
CVE-2008-4385 (Husdawg, LLC Systems Requirements Lab 3, as used by Instant Expert ...)
	NOT-FOR-US: LLC Systems Requirements Lab
CVE-2008-4384 (Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX ...)
	NOT-FOR-US: LPViewer ActiveX
CVE-2008-4383 (Stack-based buffer overflow in the Agranet-Emweb embedded management ...)
	NOT-FOR-US: Agranet-Emweb
CVE-2008-4382 (Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of ...)
	- kdebase <unfixed> (unimportant)
	NOTE: browser dos not treated as security issue. This is the same like CVE-2008-4381
	NOTE: which will work in every JS browser as the PoC just creates a large string passing
	NOTE: it to alert and thus eating memory, no security issue.
CVE-2008-4381 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4380 (The web interface in Samsung DVR SHR2040 allows remote attackers to ...)
	NOT-FOR-US: Samsung DVR SHR2040
CVE-2008-4379 (Cross-site scripting (XSS) vulnerability in report.php in Mr. CGI Guy ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4378 (SQL injection vulnerability in report.php in Mr. CGI Guy Hot Links ...)
	NOT-FOR-US: Mr. CGI Guy Hot Links SQL-PHP
CVE-2008-4377 (SQL injection vulnerability in index.asp in Creative Mind Creator CMS ...)
	NOT-FOR-US: Creative Mind Creator CMS
CVE-2008-4376 (SQL injection vulnerability in index.php in Live TV Script allows ...)
	NOT-FOR-US: Live TV Script
CVE-2008-4375 (SQL injection vulnerability in viewprofile.php in Availscript ...)
	NOT-FOR-US: Availscript
CVE-2008-4374 (SQL injection vulnerability in index.php in CMS Buzz allows remote ...)
	NOT-FOR-US: CMS Buzz
CVE-2008-4373 (SQL injection vulnerability in job_seeker/applynow.php in AvailScript ...)
	NOT-FOR-US: Availscript
CVE-2008-4372 (Cross-site scripting (XSS) vulnerability in articles.php in ...)
	NOT-FOR-US: Availscript
CVE-2008-4371 (SQL injection vulnerability in articles.php in AvailScript Article ...)
	NOT-FOR-US: Availscript
CVE-2008-4370 (Multiple cross-site scripting (XSS) vulnerabilities in Availscript ...)
	NOT-FOR-US: Availscript
CVE-2008-4369 (SQL injection vulnerability in pics.php in Availscript Photo Album ...)
	NOT-FOR-US: Availscript
CVE-2008-4368 (The default configuration of Java 1.5 on Apple Mac OS X 10.5.4 and ...)
	NOT-FOR-US: Java on OSX
CVE-2008-4367
	RESERVED
CVE-2008-4965 (liguidsoap.py in liguidsoap 0.3.8.1+2 allows local users to overwrite ...)
	{DTSA-177-1 DTSA-178-1}
	- liquidsoap 0.3.8.1+2-2 (low; bug #496360)
	[lenny] - liquidsoap 0.3.6-4+lenny1
CVE-2008-4966 (linux-patch-openswan 2.4.12 allows local users to overwrite arbitrary ...)
	- openswan 1:2.6.21+dfsg-2 (unimportant; bug #496376)
	NOTE: Only unused packaging bits
CVE-2008-4941 (arb-common 0.0.20071207.1 allows local users to overwrite arbitrary ...)
	- arb 0.0.20071207.1-5 (low; bug #496396)
CVE-2008-4940 (xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary ...)
	- aptoncd 0.1-1.2 (bug #496390; low)
CVE-2008-4947 (dhis-dummy-log-engine in dhis-server 5.3 allows local users to ...)
	- dhis-server 5.3-1.2 (bug #496388; unimportant)
CVE-2008-4967 (linuxtrade 3.65 allows local users to overwrite arbitrary files via a ...)
	- linuxtrade <removed> (unimportant; bug #496372)
	NOTE: unimportant since the program is dysfunctional with the current
	NOTE: trading website and thus not exploitable for practical purposes
CVE-2008-4980 (delqueueask in rccp 0.9 allows local users to overwrite arbitrary ...)
	- rccp 0.9-2.1 (low; bug #496364)
	[etch] - rccp <no-dsa> (Minor issue)
CVE-2008-4948 (fest.pl in digitaldj 0.7.5 allows local users to overwrite arbitrary ...)
	- digitaldj 0.7.5-6.1 (low; bug #496399)
	[etch] - digitaldj <no-dsa> (Minor issue)
CVE-2008-4945 (amlabel-cdrw in cdrw-taper 0.4 might allow local users to overwrite ...)
	- cdrw-taper 0.4-2.1 (low; bug #496380)
	[etch] - cdrw-taper <no-dsa> (Minor issue)
CVE-2008-4958 (gdrae in gdrae 0.1 allows local users to overwrite arbitrary files via ...)
	- gdrae 0.1-1.1 (low; bug #496378)
	[etch] - gdrae <no-dsa> (Minor issue)
CVE-2008-4407 (XRunSabre in sabre (aka xsabre) 0.2.4b relies on the ability to create ...)
	- sabre 0.2.4b-25 (low; bug #433996)
	[etch] - sabre <no-dsa> (Game not qualified as multi-user system, thus minor issue)
CVE-2008-4366 (Unrestricted file upload vulnerability in the image upload component ...)
	NOT-FOR-US: Camera Life
CVE-2008-4365 (Cross-site scripting (XSS) vulnerability in search.php in Siteman ...)
	NOT-FOR-US: Siteman
CVE-2008-4364 (SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb ...)
	NOT-FOR-US: ParsaGostar ParsaWeb CMS
CVE-2008-4363 (DLMFENC.sys 1.0.0.28 in DESlock+ 3.2.7 allows local users to cause a ...)
	NOT-FOR-US: DESlock
CVE-2008-4362 (The Virtual Token driver (vdlptokn.sys) 1.0.2.43 in DESlock+ 3.2.7 ...)
	NOT-FOR-US: DESlock
CVE-2008-4361 (Directory traversal vulnerability in PowerPortal 2.0.13 allows remote ...)
	NOT-FOR-US: PowerPortal
CVE-2008-4360 (mod_userdir in lighttpd before 1.4.20, when a case-insensitive ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_06.txt
CVE-2008-4359 (lighttpd before 1.4.20 compares URIs to patterns in the (1) ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (low)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_05.txt
CVE-2008-4358 (Unspecified vulnerability in class/theme.class.php in SPAW Editor PHP ...)
	NOT-FOR-US: SPAW Editor PHP
CVE-2008-4357 (SQL injection vulnerability in linkto.php in Powie pLink 2.07 allows ...)
	NOT-FOR-US: Powie pLink
CVE-2008-4356 (Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-4355 (SQL injection vulnerability in showprofil.php in Powie PSCRIPT Forum ...)
	NOT-FOR-US: Powie PSCRIPT Forum
CVE-2008-4354 (SQL injection vulnerability in the products module in NetArt Media ...)
	NOT-FOR-US: NetArt Media iBoutique
CVE-2008-4353 (SQL injection vulnerability in link.php in Linkarity allows remote ...)
	NOT-FOR-US: Linkarity
CVE-2008-4352 (SQL injection vulnerability in inc/pages/viewprofile.php in ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4351 (Directory traversal vulnerability in index.php in phpSmartCom 0.2 ...)
	NOT-FOR-US: phpSmartCom
CVE-2008-4350 (SQL injection vulnerability in main.php in vbLOGIX Tutorial Script 1.0 ...)
	NOT-FOR-US: vbLOGIX Tutorial Script
CVE-2008-4349 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: s0nic Paranews
CVE-2008-4348 (SQL injection vulnerability in photo.php in PHPortfolio, possibly 1.3, ...)
	NOT-FOR-US: PHPortfolio
CVE-2008-4347 (SQL injection vulnerability in newskom.php in Powie pNews 2.03 allows ...)
	NOT-FOR-US: Powie pNews
CVE-2008-4346 (Directory traversal vulnerability in TalkBack 2.3.6 and 2.3.6.4 allows ...)
	NOT-FOR-US: TalkBack
CVE-2008-4345 (SQL injection vulnerability in download.php in WebPortal CMS 0.7.4 and ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-4344 (SQL injection vulnerability in cat.php in 6rbScript allows remote ...)
	NOT-FOR-US: 6rbScript
CVE-2008-4343 (The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) ...)
	NOT-FOR-US: Chilkat XML ChilkatUtil.CkData.1 ActiveX control
CVE-2008-4342 (NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2008-4341 (add.php in MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: MyBlog
CVE-2008-4340 (Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to ...)
	- chromium-browser <not-affected> (only 0.x is affected)
	- webkit <not-affected> (poc not effective)
CVE-2008-4339 (Unspecified vulnerability in the Java Administration GUI (jnbSA) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup Server
CVE-2008-4338 (SQL injection vulnerability in the brilliant_gallery_checklist_save ...)
	NOT-FOR-US: drupal brilliant gallery 3rd party module
CVE-2008-4337 (Cross-site scripting (XSS) vulnerability in Bitweaver 2.0.2 allows ...)
	NOT-FOR-US: Bitweaver
CVE-2008-4336 (Cross-site scripting (XSS) vulnerability in album.php in Atomic Photo ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4335 (SQL injection vulnerability in album.php in Atomic Photo Album (APA) ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2008-4334 (PHP infoBoard V.7 Plus allows remote attackers to bypass ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4333 (Cross-site scripting (XSS) vulnerability in PHP infoBoard V.7 Plus ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4332 (SQL injection vulnerability in the showjavatopic function in func.php ...)
	NOT-FOR-US: PHP infoBoard
CVE-2008-4331 (Directory traversal vulnerability in library/pagefunctions.inc.php in ...)
	NOT-FOR-US: phpOCS
CVE-2008-4330 (Directory traversal vulnerability in index.php in LanSuite 3.3.2 ...)
	NOT-FOR-US: LanSuite
CVE-2008-4329 (PHP remote file inclusion vulnerability in cms/system/openengine.php ...)
	NOT-FOR-US: openEngine
CVE-2008-4328 (SQL injection vulnerability in site_search.php in EasyRealtorPRO 2008 ...)
	NOT-FOR-US: EasyRealtorPRO
CVE-2008-4327 (gdiplus.dll in GDI+ in Microsoft Windows XP SP3 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2008-4326 (The PMA_escapeJsString function in libraries/js_escape.lib.php in ...)
	{DSA-1675-1}
	- phpmyadmin 4:2.11.8.1-3
CVE-2008-4325 (lib/viewvc.py in ViewVC 1.0.5 uses the content-type parameter in the ...)
	- viewvc 1.0.9-1 (bug #500779; unimportant)
CVE-2008-4324 (The user interface event dispatcher in Mozilla Firefox 3.0.3 on ...)
	- iceweasel <removed> (unimportant)
	NOTE: reproducible but browser DoS not treated as security issue
CVE-2008-4323 (Windows Explorer in Microsoft Windows XP SP3 allows user-assisted ...)
	NOT-FOR-US: Windows Explorer
CVE-2008-4322 (Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin ...)
	NOT-FOR-US: Microsoft
CVE-2008-4321 (Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP ...)
	NOT-FOR-US: FlashGet FTP
CVE-2008-4320 (Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before ...)
	NOT-FOR-US: OpenNMS
CVE-2008-4319 (fileadmin.php in Libra File Manager (aka Libra PHP File Manager) 1.18 ...)
	NOT-FOR-US: Libra File Manager
CVE-2008-4318 (Observer 0.3.2.1 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Observer
CVE-2008-4317
	REJECTED
CVE-2008-4316 (Multiple integer overflows in glib/gbase64.c in GLib before 2.20 allow ...)
	{DSA-1747-1}
	- glib2.0 2.20.0-1 (medium; bug #520046)
CVE-2008-4315 (tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4314 (smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to ...)
	- samba 2:3.2.5-1
	[etch] - samba <not-affected> (Vulnerable code not present)
CVE-2008-4313 (A certain Red Hat patch for tog-pegasus in OpenGroup Pegasus 2.7.0 ...)
	NOT-FOR-US: OpenPegasus
CVE-2008-4312
	REJECTED
CVE-2008-4311 (The default configuration of system.conf in D-Bus (aka DBus) before ...)
	- dbus 1.2.1-5 (low; bug #508032)
	[etch] - dbus <no-dsa> (Backport for Etch too risky for regressions for too little gain)
CVE-2008-4310 (httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat ...)
	- ruby <not-affected> (bug #508030)
	NOTE: Red Hat-specific
CVE-2008-4309 (Integer overflow in the netsnmp_create_subtree_cache function in ...)
	{DSA-1663-1}
	- net-snmp 5.4.1~dfsg-11 (bug #504150)
CVE-2008-4308 (The doRead method in Apache Tomcat 4.1.32 through 4.1.34 and 5.5.10 ...)
	- tomcat5.5 5.5.23-1 (low)
CVE-2008-4307 (Race condition in the do_setlk function in fs/nfs/file.c in the Linux ...)
	{DSA-1794-1 DSA-1787-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <removed>
CVE-2008-4306 (Buffer overflow in enscript before 1.6.4 has unknown impact and attack ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-4305 (Static code injection vulnerability in installation/setup.php in ...)
	NOT-FOR-US: phpCollab
CVE-2008-4304 (general/login.php in phpCollab 2.5 rc3 and earlier allows remote ...)
	NOT-FOR-US: phpCollab
CVE-2008-4303 (Multiple SQL injection vulnerabilities in phpCollab 2.5 rc3, 2.4, and ...)
	NOT-FOR-US: phpCollab
CVE-2008-4302 (fs/splice.c in the splice subsystem in the Linux kernel before ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-4 (low)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-4301 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2008-4300 (A certain ActiveX control in adsiis.dll in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2008-4299 (A certain ActiveX control in the Microsoft Internet Authentication ...)
	NOT-FOR-US: Microsoft
CVE-2008-4297 (Mercurial before 1.0.2 does not enforce the allowpull permission ...)
	- mercurial 1.0.1-5.1 (low; bug #500781)
	NOTE: the package doesnt install this script by default but ships it with the examples
	[etch] - mercurial <no-dsa> (Only shipped in examples)
CVE-2008-4296 (The Cisco Linksys WRT350N with firmware 1.0.3.7 has &quot;admin&quot; as its ...)
	NOT-FOR-US: Cisco Linksys WRT350N
CVE-2008-4295 (Microsoft Windows Mobile 6.0 on HTC Wiza 200 and HTC MDA 8125 devices ...)
	NOT-FOR-US: Microsoft
CVE-2008-4294 (IBM Tivoli Netcool/Webtop 2.1 before 2.1.0.5 preserves cached user ...)
	NOT-FOR-US: IBM Tivoli Netcool/Webtop
CVE-2008-4293 (Unspecified vulnerability in Opera before 9.52 on Windows, when ...)
	NOT-FOR-US: Opera
CVE-2008-4292 (Opera before 9.52 does not check the CRL override upon encountering a ...)
	NOT-FOR-US: Opera
CVE-2008-4291
	RESERVED
CVE-2008-4290
	RESERVED
CVE-2008-4289
	RESERVED
CVE-2008-4288
	RESERVED
CVE-2008-4287
	RESERVED
CVE-2008-4286
	RESERVED
CVE-2008-4285 (Unspecified vulnerability in the Performance Monitoring Infrastructure ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4284 (Open redirect vulnerability in the ibm_security_logout servlet in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4283 (CRLF injection vulnerability in the WebContainer component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4282
	RESERVED
CVE-2008-4281 (Directory traversal vulnerability in VMWare ESXi 3.5 before ...)
	NOT-FOR-US: VMWare ESXi
CVE-2008-4280
	RESERVED
CVE-2008-4279 (The CPU hardware emulation for 64-bit guest operating systems in ...)
	NOT-FOR-US: VMware Workstation
CVE-2008-4278 (VMware VirtualCenter 2.5 before Update 3 build 119838 on Windows ...)
	NOT-FOR-US: VMWare VirtualCenter
CVE-2008-4277
	REJECTED
CVE-2008-4276
	REJECTED
CVE-2008-4275
	REJECTED
CVE-2008-4274
	REJECTED
CVE-2008-4273
	REJECTED
CVE-2008-4272
	REJECTED
CVE-2008-4271
	REJECTED
CVE-2008-4270
	REJECTED
CVE-2008-4269 (The search-ms protocol handler in Windows Explorer in Microsoft ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2008-4268 (The Windows Search component in Microsoft Windows Vista Gold and SP1 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4267
	REJECTED
CVE-2008-4266 (Array index vulnerability in Microsoft Office Excel 2000 SP3, 2002 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4265 (Microsoft Office Excel 2000 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4264 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-4263
	REJECTED
CVE-2008-4262
	REJECTED
CVE-2008-4261 (Stack-based buffer overflow in Microsoft Internet Explorer 5.01 SP4, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4260 (Microsoft Internet Explorer 7 sometimes attempts to access a deleted ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4259 (Microsoft Internet Explorer 7 sometimes attempts to access ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4258 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 does not properly ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4257
	REJECTED
CVE-2008-4256 (The Charts ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4255 (Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4254 (Multiple integer overflows in the Hierarchical FlexGrid ActiveX ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4253 (The FlexGrid ActiveX control in Microsoft Visual Basic 6.0, Visual ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4252 (The DataGrid ActiveX control in Microsoft Visual Basic 6.0 and Visual ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-4251
	REJECTED
CVE-2008-4250 (The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4249
	REJECTED
CVE-2008-4248
	REJECTED
CVE-2008-4246 (Unspecified vulnerability in Denora IRC Stats Server before 1.4.1 ...)
	NOT-FOR-US: Denora IRC Stats Server
CVE-2008-4245 (The Admin Control Panel in Rianxosencabos CMS 0.9 does not require ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4244 (Rianxosencabos CMS 0.9 allows remote attackers to bypass ...)
	NOT-FOR-US: Rianxosencabos CMS
CVE-2008-4243 (Directory traversal vulnerability in ImageServer (aka UTImageServer) ...)
	NOT-FOR-US: Epic Games Unreal Tournament
CVE-2008-4242 (ProFTPD 1.3.1 interprets long commands from an FTP client as multiple ...)
	{DSA-1689-1}
	- proftpd-dfsg 1.3.1-15 (low; bug #502674)
CVE-2008-4241 (SQL injection vulnerability in CJ Ultra Plus 1.0.4 and earlier allows ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2008-4240
	RESERVED
CVE-2008-4239
	RESERVED
CVE-2008-4238
	RESERVED
CVE-2008-4237 (Managed Client in Apple Mac OS X before 10.5.6 sometimes misidentifies ...)
	NOT-FOR-US: Managed Client Mac OS X
CVE-2008-4236 (Apple Type Services (ATS) in Apple Mac OS X 10.5 before 10.5.6 allows ...)
	NOT-FOR-US: Apple Type Services
CVE-2008-4235
	RESERVED
CVE-2008-4234 (Incomplete blacklist vulnerability in the Quarantine feature in ...)
	NOT-FOR-US: CoreTypes Apple Mac OS X
CVE-2008-4233 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4232 (Safari in Apple iPhone OS 2.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Safari
CVE-2008-4231 (Safari in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch ...)
	NOT-FOR-US: Apple
CVE-2008-4230 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...)
	NOT-FOR-US: Apple
CVE-2008-4229 (Race condition in the Passcode Lock feature in Apple iPhone OS 2.0 ...)
	NOT-FOR-US: Apple
CVE-2008-4228 (The Passcode Lock feature in Apple iPhone OS 1.0 through 2.1 and ...)
	NOT-FOR-US: Apple
CVE-2008-4227 (Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 ...)
	NOT-FOR-US: Apple
CVE-2008-4226 (Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4225 (Integer overflow in the xmlBufferResize function in libxml2 2.7.2 ...)
	{DSA-1666-1}
	- libxml2 2.6.32.dfsg-5
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-4224 (UDF in Apple Mac OS X before 10.5.6 allows user-assisted attackers to ...)
	NOT-FOR-US: UDF Mac OS X
CVE-2008-4223 (Podcast Producer in Apple Mac OS X 10.5 before 10.5.6 allows remote ...)
	NOT-FOR-US: Podcast Producer Mac OS X
CVE-2008-4222 (natd in network_cmds in Apple Mac OS X before 10.5.6, when Internet ...)
	NOT-FOR-US: natd Mac OS X
CVE-2008-4221 (The strptime API in Libsystem in Apple Mac OS X before 10.5.6 allows ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4220 (Integer overflow in the inet_net_pton API in Libsystem in Apple Mac OS ...)
	NOT-FOR-US: Libsystem Mac OS X
CVE-2008-4219 (The kernel in Apple Mac OS X before 10.5.6 allows local users to cause ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4218 (Multiple integer overflows in the kernel in Apple Mac OS X before ...)
	NOT-FOR-US: kernel Mac OS X
CVE-2008-4217 (Integer signedness error in BOM in Apple Mac OS X before 10.5.6 allows ...)
	NOT-FOR-US: BOM Apple Mac OS X
CVE-2008-4216 (The plug-in interface in WebKit in Apple Safari before 3.2 does not ...)
	NOT-FOR-US: Safari
CVE-2008-4215 (Weblog in Mac OS X Server 10.4.11 does not properly check an error ...)
	NOT-FOR-US: Weblog Mac OS X
CVE-2008-4214 (Unspecified vulnerability in Script Editor in Mac OS X 10.4.11 and ...)
	NOT-FOR-US: Script Editor in Mac OS X
CVE-2008-4213
	RESERVED
CVE-2008-4212 (Unspecified vulnerability in rlogind in the rlogin component in Mac OS ...)
	NOT-FOR-US: MacOS-only issue
CVE-2008-4211 (Integer signedness error in (1) QuickLook in Apple Mac OS X 10.5.5 and ...)
	NOT-FOR-US: QuickLook Mac OS X
CVE-2008-4210 (fs/open.c in the Linux kernel before 2.6.22 does not properly strip ...)
	{DSA-1653-1}
	- linux-2.6 2.6.22-1
	- linux-2.6.24 <not-affected> (Vulnerable code not prsent)
	NOTE: easily exploitable but of limited use as the attacker already needs access to a
	NOTE: directory that is setgid to the group he wants to get privileges for
CVE-2008-4209
	RESERVED
CVE-2008-4208 (Unspecified vulnerability in OSADS Alliance Database before 2.1 has ...)
	NOT-FOR-US: OSADS Alliance Database
CVE-2008-4207 (Attachmax Dolphin 2.1.0 and earlier does not properly protect info.php ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4206 (PHP remote file inclusion vulnerability in config.php in Attachmax ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4205 (SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 ...)
	NOT-FOR-US: Attachmax Dolphin
CVE-2008-4204 (SQL injection vulnerability in city.asp in SoftAcid Hotel Reservation ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-4203 (SQL injection vulnerability in cn_users.php in CzarNews 1.20 and ...)
	NOT-FOR-US: CzarNews
CVE-2008-4202 (SQL injection vulnerability in index.php in Gonafish LinksCaffePRO 4.5 ...)
	NOT-FOR-US: Gonafish LinksCaffePRO
CVE-2008-4200 (Opera before 9.52 does not ensure that the address field of a news ...)
	NOT-FOR-US: Opera
CVE-2008-4199 (Opera before 9.52 does not prevent use of links from web pages to feed ...)
	NOT-FOR-US: Opera
CVE-2008-4198 (Opera before 9.52, when rendering an http page that has loaded an ...)
	NOT-FOR-US: Opera
CVE-2008-4197 (Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when ...)
	NOT-FOR-US: Opera
CVE-2008-4196 (Cross-site scripting (XSS) vulnerability in Opera before 9.52 allows ...)
	NOT-FOR-US: Opera
CVE-2008-4195 (Opera before 9.52 does not properly restrict the ability of a framed ...)
	NOT-FOR-US: Opera
CVE-2008-4194 (The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par ...)
	- pdnsd 1.2.6-par-10 (bug #500910)
CVE-2008-4193 (Stack-based buffer overflow in SecurityGateway.dll in Alt-N ...)
	NOT-FOR-US: Alt-N Technologies SecurityGateway
CVE-2008-4192 (The pserver_shutdown function in fence_egenera in cman 2.20080629 and ...)
	- redhat-cluster 2.20081102-1 (bug #496410; low)
	[lenny] - redhat-cluster 2.20080801-4+lenny1
CVE-2008-4191 (extract-table.pl in Emacspeak 26 and 28 allows local users to ...)
	- emacspeak 28.0-2 (bug #496431; low)
	[lenny] - emacspeak 26.0-3+lenny1
	[etch] - emacspeak <no-dsa> (Minor issue)
CVE-2008-4190 (The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x ...)
	{DSA-1760-1}
	- openswan 1:2.4.12+dfsg-1.3 (bug #496374; low)
	[etch] - openswan <no-dsa> (Vulnerable code only in example script)
CVE-2008-XXXX [jumpnbump: insecure temp file]
	- jumpnbump 1.50+dfsg1-1 (low; bug #500611)
	[etch] - jumpnbump 1.50-6+etch1
CVE-2008-4959 (geo-code in gpsdrive-scripts 2.10~pre4 allows local users to overwrite ...)
	- gpsdrive 2.10~pre4-6.dfsg-1 (low; bug #496436)
	[etch] - gpsdrive <no-dsa> (Minor issue)
CVE-2008-4949 (dist 3.5 allows local users to overwrite arbitrary files via a symlink ...)
	- dist 1:3.5-17-2 (low; bug #496412)
	[etch] - dist 3.70-31etch1
CVE-2008-4970 (runiozone in lustre 1.6.5 allows local users to overwrite arbitrary ...)
	- lustre 1.6.5.1-1 (low; bug #496371)
CVE-2008-4247 (ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly ...)
	- linux-ftpd-ssl 0.17.27+0.3-3 (bug #500518)
	[etch] - linux-ftpd-ssl 0.17.18+0.3-6etch1
	- linux-ftpd 0.17-29 (bug #500278)
	[etch] - linux-ftpd <no-dsa> (Minor issue)
CVE-2008-XXXX [possible script injection via /etc/wordpress/wp-config.php]
	- wordpress 2.8.4-1 (bug #500295; unimportant)
	NOTE: bigger problems, if attacker has access to /etc/wordpress/*
CVE-2008-4298 (Memory leak in the http_request_parse function in request.c in ...)
	{DSA-1645-1}
	- lighttpd 1.4.19-5 (medium)
	NOTE: http://www.lighttpd.net/security/lighttpd_sa_2008_07.txt
CVE-2008-XXXX [unsafe usage of temp file]
	- chillispot 1.0-10 (low; bug #500181)
	NOTE: the changelog doesn't mention the fix but its included in -10
	[etch] - chillispot <no-dsa> (minor issue)
CVE-2008-XXXX [unsafe usage of temp file]
	- debtorrent 0.1.10 (unimportant; bug #500180)
	NOTE: Only exploitable when upgrading from an ancient version, package also not in Etch
CVE-2008-4189
	REJECTED
CVE-2008-4188 (Unspecified vulnerability in the TYPO3 Secure Directory (kw_secdir) ...)
	NOT-FOR-US: kw_secdir extension for TYPO3
CVE-2008-4187 (Directory traversal vulnerability in index.php in ProActive CMS allows ...)
	NOT-FOR-US: ProActive CMS
CVE-2008-4186 (SQL injection vulnerability in index.php in webCMS Portal Edition ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4185 (SQL injection vulnerability in index.php in webCMS Portal Edition ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4184 (Cross-site scripting (XSS) vulnerability in index.php in webCMS Portal ...)
	NOT-FOR-US: webCMS Portal Edition
CVE-2008-4183 (IntegraMOD 1.4.x stores sensitive information under the web root with ...)
	NOT-FOR-US: IntegraMOD
CVE-2008-4182 (Cross-site scripting (XSS) vulnerability in imp/test.php in Horde ...)
	{DSA-1770-1}
	- turba2 2.2.1-2 (bug #500114; low)
	[etch] - turba2 <no-dsa> (Minor issue)
	- imp4 4.2-3 (bug #500553; low)
CVE-2008-4181 (Directory traversal vulnerability in includes/xml.php in the Netenberg ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe module for cPanel
CVE-2008-4180 (Unspecified vulnerability in db.php in NooMS 1.1 allows remote ...)
	NOT-FOR-US: NooMS
CVE-2008-4179 (Multiple cross-site scripting (XSS) vulnerabilities in NooMS 1.1 allow ...)
	NOT-FOR-US: NooMS
CVE-2008-4178 (SQL injection vulnerability in tr.php in DownlineGoldmine Special ...)
	NOT-FOR-US: DownlineGoldmine, etc.
CVE-2008-4177 (SQL injection vulnerability in search.php in Pre Real Estate Listings ...)
	NOT-FOR-US: Pre Real Estate Listings
CVE-2008-4176 (SQL injection vulnerability in izle.asp in FoT Video scripti 1.1 beta ...)
	NOT-FOR-US: FoT Video scripti
CVE-2008-4175 (Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow ...)
	NOT-FOR-US: Link Bid Script
CVE-2008-4174 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Dynamic MP3 Lister
CVE-2008-4173 (SQL injection vulnerability in ProArcadeScript 1.3 allows remote ...)
	NOT-FOR-US: ProArcadeScript
CVE-2008-4172 (SQL injection vulnerability in page.php in Cars &amp; Vehicle (aka ...)
	NOT-FOR-US: Cars & Vehicle
CVE-2008-4171 (SQL injection vulnerability in xmlout.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-4170 (create_account.php in osCommerce 2.2 RC 2a allows remote attackers to ...)
	NOT-FOR-US: osCommerce
CVE-2008-4169 (SQL injection vulnerability in detaillist.php in iScripts EasyIndex, ...)
	NOT-FOR-US: iScripts EasyIndex
CVE-2008-4168 (Cross-site scripting (XSS) vulnerability in verify_login.jsp in ...)
	NOT-FOR-US: Pro2col Stingray FTS
CVE-2008-4167 (useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not ...)
	NOT-FOR-US: Easy Photo Gallery
CVE-2008-4166 (Integer overflow in the JavaScript engine in Avant Browser 11.7 Build ...)
	NOT-FOR-US: Avant Browser
CVE-2008-4165 (admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a ...)
	NOT-FOR-US: Kolab Groupware Server 1.0.0
	NOTE: Debian has kolabd and kolab-webadmin, but neither has the file create_user.php.
	NOTE: But we have only 0.4 (in etch) and 2.1 (in lenny+sid), maybe 1.0 is different.
CVE-2008-4164 (cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: MemHT Portal
CVE-2008-4163 (Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and ...)
	- bind9 <not-affected> (windows specific issue)
CVE-2008-4162 (Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows ...)
	NOT-FOR-US: NooMS
CVE-2008-4161 (SQL injection vulnerability in search_inv.php in Assetman 2.5b allows ...)
	NOT-FOR-US: Assetman
CVE-2008-4160 (Unspecified vulnerability in the UFS module in Sun Solaris 8 through ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4159 (SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS ...)
	NOT-FOR-US: Jaw Portal and Zanfi CMS
CVE-2008-4158 (Multiple directory traversal vulnerabilities in index.php in Zanfi CMS ...)
	NOT-FOR-US: Zanfi CMS
CVE-2008-4157 (SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-4156 (SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming ...)
	NOT-FOR-US: CustomCms (CCMS) Gaming Portal
CVE-2008-4155 (Multiple directory traversal vulnerabilities in EasySite 2.3 allow ...)
	NOT-FOR-US: EasySite
CVE-2008-4154 (SQL injection vulnerability in living-e webEdition CMS allows remote ...)
	NOT-FOR-US: living-e webEdition CMS
CVE-2008-4153 (The Talk module 5.x before 5.x-1.3 and 6.x before 6.x-1.5, a module ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4152 (Cross-site scripting (XSS) vulnerability in the Talk module 5.x before ...)
	NOT-FOR-US: Talk module for Drupal
CVE-2008-4151 (Directory traversal vulnerability in collect.php in CYASK 3.x allows ...)
	NOT-FOR-US: CYASK
CVE-2008-4150 (SQL injection vulnerability in picture_category.php in Diesel Joke ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2008-4149 (Cross-site scripting (XSS) vulnerability in the Greg Holsclaw Link to ...)
	NOT-FOR-US: Greg Holsclaw Link to Us module for Drupal
CVE-2008-4148 (SQL injection vulnerability in the Mailhandler module 5.x before ...)
	NOT-FOR-US: Mailhandler module for Drupal
CVE-2008-4147 (Cross-site scripting (XSS) vulnerability in the Mailsave module 5.x ...)
	NOT-FOR-US: Mailsave module for Drupal
CVE-2008-4146 (Addalink 1.0 beta 4 and earlier allows remote attackers to (1) approve ...)
	NOT-FOR-US: Addalink
CVE-2008-4145 (SQL injection vulnerability in user_read_links.php in Addalink 1.0 ...)
	NOT-FOR-US: Addalink
CVE-2008-4144 (SQL injection vulnerability in index.php in ACG-ScriptShop E-Gold ...)
	NOT-FOR-US: ACG-ScriptShop E-Gold Script Shop
CVE-2008-4143 (SQL injection vulnerability in category_search.php in RazorCommerce ...)
	NOT-FOR-US: RazorCommerce Shopping Cart
CVE-2008-4142 (SQL injection vulnerability in article.php in E-Php CMS allows remote ...)
	NOT-FOR-US: E-Php CMS
CVE-2008-4141 (Multiple PHP remote file inclusion vulnerabilities in x10Media x10 ...)
	NOT-FOR-US: x10Media x10 Automatic MP3 Script
CVE-2008-4140 (Cross-site scripting (XSS) vulnerability in admin.php in Quick.Cart ...)
	NOT-FOR-US: Quick.Cart
CVE-2008-4139 (Cross-site scripting (XSS) vulnerability in admin.php in OpenSolution ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2008-4138 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Technote
CVE-2008-4137 (PHP remote file inclusion vulnerability in footer.php in PHP-Crawler ...)
	NOT-FOR-US: PHP-Crawler
CVE-2008-4136 (Michael Roth Software Personal FTP Server (PFT) 6.0f allows remote ...)
	NOT-FOR-US: Michael Roth Software Personal FTP Server (PFT)
CVE-2008-4135 (Symbian OS S60 3rd edition on the Nokia E90 Communicator 07.40.1.2 ...)
	NOT-FOR-US: Symbian
CVE-2008-4134 (PHP remote file inclusion vulnerability in manager/static/view.php in ...)
	NOT-FOR-US: phpRealty
CVE-2008-4133 (The web proxy service on the D-Link DIR-100 with firmware 1.12 and ...)
	NOT-FOR-US: D-Link
CVE-2008-4132 (Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX ...)
	NOT-FOR-US: SFlexGrid.VSFlexGridL ActiveX
CVE-2008-4131 (Multiple unspecified vulnerabilities in Sun Solaris 8 through 10 allow ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-4130 (Cross-site scripting (XSS) vulnerability in Gallery 2.x before 2.2.6 ...)
	- gallery2 2.2.6-1
CVE-2008-4129 (Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ...)
	- gallery 1.5.9-1 (medium)
	- gallery2 2.2.6-1 (medium)
CVE-2008-4128 (Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2008-4127 (Mshtml.dll in Microsoft Internet Explorer 7 Gold 7.0.5730 and 8 Beta ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-4126 (PyDNS (aka python-dns) before 2.3.1-5 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (bug #490217)
CVE-2008-4125 (The search function in phpBB 2.x provides a search_id value that leaks ...)
	- phpbb2 2.0.23+repack-3 (low; bug #500086)
	[etch] - phpbb2 <no-dsa> (Minor issue)
	- phpbb3 <not-affected> (vulnerable code not present)
	NOTE: this is actually a bug in the seeding by PHP, not phpBB per se, but
	NOTE: fixing it nonetheless as a workaround.
CVE-2008-4124
	RESERVED
CVE-2008-4123
	RESERVED
CVE-2008-4122 (Joomla! 1.5.8 does not set the secure flag for the session cookie in ...)
	NOT-FOR-US: Joomla
CVE-2008-4121 (Multiple cross-site scripting (XSS) vulnerabilities in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2008-4120 (Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 ...)
	NOT-FOR-US: FlatPress
CVE-2008-4119 (Multiple cross-site scripting (XSS) vulnerabilities in CA Service Desk ...)
	NOT-FOR-US: CA Service Desk
CVE-2008-4118 (Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd ...)
	NOT-FOR-US: High Norm Sound Master
CVE-2008-4117 (Unspecified vulnerability in a web page in the PRM module in Sun ...)
	NOT-FOR-US: Sun Management Center (SunMC)
CVE-2008-4116 (Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote ...)
	NOT-FOR-US: Apple
CVE-2008-4201 (Heap-based buffer overflow in the decodeMP4file function ...)
	- faad2 2.6.1-3.1 (bug #499899)
	NOTE: http://bugs.gentoo.org/show_bug.cgi?id=238445
	NOTE: http://www.audiocoding.com/
	NOTE: http://www.audiocoding.com/patch/main_overflow.diff
CVE-2008-4115 (TalkBack 2.3.6 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: TalkBack
CVE-2008-4114 (srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4113 (The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the ...)
	{DSA-1655-1}
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-4112
	REJECTED
CVE-2008-4111 (Unspecified vulnerability in Servlet Engine/Web Container in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-4110 (Buffer overflow in the SQLVDIRLib.SQLVDirControl ActiveX control in ...)
	NOT-FOR-US: Microsoft
CVE-2008-4107 (The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce ...)
	- php5 <removed> (unimportant; bug #500087)
	NOTE: the rand() and mt_rand() functions were never said to be cryptographically strong
	NOTE: http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/efaq.html
CVE-2008-4106 (WordPress before 2.6.2 does not properly handle MySQL warnings about ...)
	{DSA-1871-2 DSA-1871-1}
	- wordpress 2.5.1-8 (bug #500115)
CVE-2008-4105 (JRequest in Joomla! 1.5 before 1.5.7 does not sanitize variables that ...)
	NOT-FOR-US: Joomla
CVE-2008-4104 (Multiple open redirect vulnerabilities in Joomla! 1.5 before 1.5.7 ...)
	NOT-FOR-US: Joomla
CVE-2008-4103 (The mailto (aka com_mailto) component in Joomla! 1.5 before 1.5.7 ...)
	NOT-FOR-US: Joomla
CVE-2008-4102 (Joomla! 1.5 before 1.5.7 initializes PHP's PRNG with a weak seed, ...)
	NOT-FOR-US: Joomla
CVE-2008-4101 (Vim 3.0 through 7.x before 7.2.010 does not properly escape ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (low; bug #500381)
	[lenny] - vim 1:7.1.314-3+lenny1
	[squeeze] - vim 1:7.1.314-3+lenny1
CVE-2008-4098 (MySQL before 5.0.67 allows local users to bypass certain privilege ...)
	{DSA-1662-1}
	- mysql-dfsg-5.0 5.0.67-1
	[lenny] - mysql-dfsg-5.0 5.0.51a-18
	[squeeze] - mysql-dfsg-5.0 5.0.51a-18
CVE-2008-4097 (MySQL 5.0.51a allows local users to bypass certain privilege checks by ...)
	{DSA-1608-1}
	- mysql-dfsg-5.0 5.0.51a-10
CVE-2008-4095 (Multiple unspecified vulnerabilities in the Importer in Flip4Mac WMV ...)
	NOT-FOR-US: Flip4Mac WMV
CVE-2008-4094 (Multiple SQL injection vulnerabilities in Ruby on Rails before 2.1.1 ...)
	- rails 2.1.0-1 (medium; bug #500791)
	NOTE: in mysql this only allows information disclosure as multiline statements are
	NOTE: not allowed by default
CVE-2008-4093 (SQL injection vulnerability in memberstats.php in YourOwnBux 3.1 and ...)
	NOT-FOR-US: YourOwnBux
CVE-2008-4092 (SQL injection vulnerability in printfeature.php in myPHPNuke (MPN) ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4091 (SQL injection vulnerability in index.php in Web Directory Script 1.5.3 ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-4090 (SQL injection vulnerability in index.php in PHP Coupon Script 4.0 ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2008-4089 (Cross-site scripting (XSS) vulnerability in print.php in myPHPNuke ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4088 (SQL injection vulnerability in print.php in myPHPNuke (MPN) before ...)
	NOT-FOR-US: myPHPNuke
CVE-2008-4087 (Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 ...)
	NOT-FOR-US: Acoustica Beatcraft
CVE-2008-4086 (SQL injection vulnerability in index.php in Reciprocal Links Manager ...)
	NOT-FOR-US: Reciprocal Links Manager
CVE-2008-4085 (plaiter in Plait before 1.6 allows local users to overwrite arbitrary ...)
	- plait 1.5.2-2 (low; bug #496381)
CVE-2008-4084 (SQL injection vulnerability in staticpages/easyclassifields/index.php ...)
	NOT-FOR-US: MyioSoft EasyClassifields
CVE-2008-4083 (Cross-site scripting (XSS) vulnerability in the Bookmarks plugin in ...)
	NOT-FOR-US: Brim
CVE-2008-4082 (SQL injection vulnerability in the Tasks plugin in Brim 2.0.0, when ...)
	NOT-FOR-US: Brim
CVE-2008-4081 (admin/login.php in Stash 1.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: Stash
CVE-2008-4080 (SQL injection vulnerability in Stash 1.0.3, when magic_quotes_gpc is ...)
	NOT-FOR-US: Stash
CVE-2008-4079 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 4.x ...)
	- movabletype-opensource 4.2~rc5-1 (low; bug #499252)
CVE-2008-4078 (SQL injection vulnerability in the AR/AP transaction report in (1) ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone, see README.Debian
CVE-2008-4077 (The CGI scripts in (1) LedgerSMB (LSMB) before 1.2.15 and (2) ...)
	- sql-ledger <unfixed> (unimportant)
	NOTE: Only supported behind an authenticated HTTP zone
CVE-2008-4076 (Cross-site scripting (XSS) vulnerability in (1) Tor World Tor Board ...)
	NOT-FOR-US: Tor World Software
CVE-2008-4075 (Directory traversal vulnerability in index.php in D-iscussion Board ...)
	NOT-FOR-US: D-iscussion Board
CVE-2008-4074 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4073 (SQL injection vulnerability in index.php in Zanfi Autodealers CMS ...)
	NOT-FOR-US: Zanfi Autodealers CMS
CVE-2008-4072 (Multiple SQL injection vulnerabilities in index.php in phsBlog 0.2 ...)
	NOT-FOR-US: phsBlog
CVE-2008-4071 (A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-4070 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.17 and ...)
	{DSA-1697-1 DSA-1696-1}
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-4069 (The XBM decoder in Mozilla Firefox before 2.0.0.17 and SeaMonkey ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-4068 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4067 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.17 ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4066 (Mozilla Firefox 2.0.0.14, and other versions before 2.0.0.17, allows ...)
	{DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
	[etch] - iceape <end-of-life> (Etch Packages no longer covered by security support)
	- icedove 2.0.0.17-1
CVE-2008-4065 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4064 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4063 (Multiple unspecified vulnerabilities in Mozilla Firefox 3.x before ...)
	{DSA-1669-1}
	- xulrunner 1.9.0.3-1
	- iceweasel 3.0.3-1
	[etch] - iceweasel <not-affected> (Vulnerable code not present)
CVE-2008-4062 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4061 (Integer overflow in the MathML component in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4060 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, Thunderbird ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4059 (The XPConnect component in Mozilla Firefox before 2.0.0.17 allows ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4058 (The XPConnect component in Mozilla Firefox before 2.0.0.17 and 3.x ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.3-1
	- iceape 1.1.12-1
	- iceweasel 3.0.3-1
	- icedove 2.0.0.17-1
CVE-2008-4057 (Unspecified vulnerability in Objective Development Sharity 3 before ...)
	NOT-FOR-US: Objective Development Sharity
CVE-2008-4056 (Cross-site scripting (XSS) vulnerability in admin/login.php in ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-4055 (SQL injection vulnerability in tops_top.php in Million Pixel Ad Script ...)
	NOT-FOR-US: Million Pixel Ad Script
CVE-2008-4054 (SQL injection vulnerability in indir.php in Kolifa.net Download Script ...)
	NOT-FOR-US: Kolifa.net Download Script
CVE-2008-4053 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Bluemoon PopnupBLOG
CVE-2008-4052 (Stack-based buffer overflow in SMGSHR.EXE in OpenVMS for Integrity ...)
	NOT-FOR-US: OpenVMS for Integrity Servers
CVE-2008-4051 (Cross-site scripting (XSS) vulnerability in surveyresults.asp in Smart ...)
	NOT-FOR-US: Smart Survey
CVE-2008-4050 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4049 (A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4048 (Heap-based buffer overflow in a certain ActiveX control in ...)
	NOT-FOR-US: Friendly Technologies FriendlyPPPoE Client
CVE-2008-4047 (Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) ...)
	NOT-FOR-US: Novell Forum
CVE-2008-4046 (SQL injection vulnerability in index.php in eliteCMS 1.0 allows remote ...)
	NOT-FOR-US: eliteCMS
CVE-2008-4045 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 ...)
	NOT-FOR-US: @Mail
CVE-2008-4044 (SQL injection vulnerability in article/readarticle.php in AJ Square ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4043 (Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-4042
	REJECTED
CVE-2008-4041 (The IMAP server in Softalk Mail Server (formerly WorkgroupMail) ...)
	NOT-FOR-US: Softalk Mail Server
CVE-2008-4040 (Directory traversal vulnerability in the Kyocera Command Center in ...)
	NOT-FOR-US: Kyocera FS-118MFP
CVE-2008-4039 (SQL injection vulnerability in index.php in Spice Classifieds allows ...)
	NOT-FOR-US: Spice Classifieds
CVE-2008-4038 (Buffer underflow in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4037 (Microsoft Windows 2000 Gold through SP4, XP Gold through SP3, Server ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4036 (Integer overflow in Memory Manager in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4035
	REJECTED
CVE-2008-4034
	REJECTED
CVE-2008-4033 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 through ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4032 (Microsoft Office SharePoint Server 2007 Gold and SP1 and Microsoft ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4031 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4030 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4029 (Cross-domain vulnerability in Microsoft XML Core Services 3.0 and 4.0, ...)
	NOT-FOR-US: Microsoft XML Core
CVE-2008-4028 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4027 (Double free vulnerability in Microsoft Office Word 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4026 (Microsoft Office Word 2000 SP3, 2002 SP3, 2003 SP3, and 2007 Gold and ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4025 (Integer overflow in Microsoft Office Word 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4024 (Microsoft Office Word 2000 SP3 and 2002 SP3 and Office 2004 for Mac ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-4023 (Active Directory in Microsoft Windows 2000 SP4 does not properly ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-4022
	REJECTED
CVE-2008-4021
	REJECTED
CVE-2008-4020 (Cross-site scripting (XSS) vulnerability in Microsoft Office XP SP3 ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4019 (Integer overflow in the REPT function in Microsoft Excel 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-4109 (A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before ...)
	{DSA-1638-1 CVE-2006-5051}
	- openssh 1:4.6p1-1 (low)
	NOTE: The patch backported for CVE-2006-5051 was incorrect and did not
	NOTE: fully address the issue. The upstream fix in 4.4p1 was
	NOTE: right, and it the next unstable upload after that was 4.6p1.
CVE-2008-4100 (GNU adns 1.4 and earlier uses a fixed source port and sequential ...)
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not supported in untrusted contexts, fix documents this in README.Debian
CVE-2008-4099 (PyDNS (aka python-dns) before 2.3.1-4 in Debian GNU/Linux does not use ...)
	{DSA-1619-1}
	- python-dns 2.3.1-5 (low; bug #490217)
CVE-2008-4096 (libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8.1-2 (medium)
CVE-2008-XXXX [unsafe use of tempfile in ssmclient]
	- smsclient <unfixed> (unimportant; bug #498901)
	NOTE: script is not in use and only a suggestion for users
CVE-2008-4108 (Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) ...)
	- python-defaults <unfixed> (unimportant; bug #498899)
	NOTE: script is an example, which can be used by users
CVE-2008-4018 (swcons in bos.rte.console in IBM AIX 5.2.0 through 6.1.1 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2008-4017 (Unspecified vulnerability in the OC4J component in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2008-4016 (Unspecified vulnerability in the Collaborative Workspaces component in ...)
	NOT-FOR-US: Oracle
CVE-2008-4015 (Unspecified vulnerability in the Oracle Streams component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-4014 (Unspecified vulnerability in the Oracle BPEL Process Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-4013 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4012 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4011 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4010 (Unspecified vulnerability in the WebLogic Workshop component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4009 (Unspecified vulnerability in the WebLogic Server component in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4008 (Unspecified vulnerability in the WebLogic Server Plugins for Apache ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-4007 (Unspecified vulnerability in the PeopleSoft Enterprise Components ...)
	NOT-FOR-US: Oracle
CVE-2008-4006 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-4005 (Unspecified vulnerability in the Oracle Application Express component ...)
	NOT-FOR-US: Oracle
CVE-2008-4004 (Unspecified vulnerability in the JDE EnterpriseOne Business Service ...)
	NOT-FOR-US: Oracle
CVE-2008-4003 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-4002 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-4001 (Unspecified vulnerability in the PeopleSoft Enterprise Portal ...)
	NOT-FOR-US: Oracle
CVE-2008-4000 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3999 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3998 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3997 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3996 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3995 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3994 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3993 (Unspecified vulnerability in the Oracle Applications Framework ...)
	NOT-FOR-US: Oracle
CVE-2008-3992 (Unspecified vulnerability in the Oracle Data Mining component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3991 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3990 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3989 (Unspecified vulnerability in the Oracle Data Mining component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3988 (Unspecified vulnerability in the iSupplier Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3987 (Unspecified vulnerability in the Oracle Discoverer Desktop component ...)
	NOT-FOR-US: Oracle
CVE-2008-3986 (Unspecified vulnerability in the Oracle Discoverer Administrator ...)
	NOT-FOR-US: Oracle
CVE-2008-3985 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle
CVE-2008-3984 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3983 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3982 (Unspecified vulnerability in the Workspace Manager component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3981 (Unspecified vulnerability in the Oracle Secure Backup component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3980 (Unspecified vulnerability in the Upgrade component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2008-3979 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3978 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3977 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3976 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3975 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3974 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3973 (Unspecified vulnerability in the SQL*Plus Windows GUI component in ...)
	NOT-FOR-US: Oracle
CVE-2008-3972 (pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to ...)
	{DSA-1627-2}
	- opensc 0.11.4-5
CVE-2008-3971 (Heap-based buffer overflow in the open_man_file function in ...)
	- gmanedit 0.4.1-1.1 (low; bug #497835)
	[etch] - gmanedit <no-dsa> (Minor issue)
CVE-2008-3970 (pam_mount 0.10 through 0.45, when luserconf is enabled, does not ...)
	{DTSA-169-1}
	- libpam-mount 0.48-1 (low; bug #499841)
CVE-2008-3969 (Multiple unspecified vulnerabilities in BitlBee before 1.2.3 allow ...)
	- bitlbee 1.2.3-1 (bug #498159)
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-3968 (Cross-site scripting (XSS) vulnerability in userlist.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2008-3967 (moderation.php in MyBB (aka MyBulletinBoard) before 1.4.1 does not ...)
	NOT-FOR-US: MyBB
CVE-2008-3966 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka ...)
	NOT-FOR-US: MyBB
CVE-2008-3965 (SQL injection vulnerability in misc.php in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB
CVE-2008-3961 (Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on ...)
	NOT-FOR-US: Adobe Illustrator
CVE-2008-3960 (Unspecified vulnerability in the JDBC Applet Server Service (aka ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3959 (IBM DB2 UDB 8.1 before FixPak 16, 8.2 before FixPak 9, and 9.1 before ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3958 (IBM DB2 UDB 8 before Fixpak 17 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM DB2 UDB
CVE-2008-3957 (The Microsoft Windows Image Acquisition Logger ActiveX control allows ...)
	NOT-FOR-US: Microsoft
CVE-2008-3956 (orgchart.exe in Microsoft Organization Chart 2.00 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2008-3955 (SQL injection vulnerability in index.php in Masir Camp E-Shop Module ...)
	NOT-FOR-US: Masir Camp E-Shop Module
CVE-2008-3954 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-3953 (SQL injection vulnerability in keyword_search_action.php in Vastal ...)
	NOT-FOR-US: Vastal I-Tech Shaadi Zone
CVE-2008-3952 (SQL injection vulnerability in questions.php in EsFaq 2.0 allows ...)
	NOT-FOR-US: EsFaq
CVE-2008-3951 (SQL injection vulnerability in view_ann.php in Vastal I-Tech Agent ...)
	NOT-FOR-US: The Real Estate Script
CVE-2008-3950 (Off-by-one error in the ...)
	- webkit <not-affected> (Vulnerable code not present)
	NOTE: bug #500306
CVE-2008-3949 (emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python ...)
	- emacs22 22.2+2-4 (low; bug #499568)
	- emacs21 <not-affected> (doesn't provide the python functionality)
	- xemacs21 <not-affected> (doesn't provide the python functionality)
	NOTE: This can happen with any Python script, just because Emacs autoloads one
	NOTE: doesn't make it much worse
CVE-2008-3948 (SQL injection vulnerability in admin/users/self-2.php in XRMS allows ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3947 (DCL (aka the CLI) in OpenVMS Alpha 8.3 allows local users to gain ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3946 (The finger client in HP TCP/IP Services for OpenVMS 5.x allows local ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3945 (SQL injection vulnerability in index.php in Words tag 1.2 allows ...)
	NOT-FOR-US: Words tag
CVE-2008-3944 (SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3943 (SQL injection vulnerability in listtest.php in eZoneScripts Living ...)
	NOT-FOR-US: eZoneScripts Living Local
CVE-2008-3942 (SQL injection vulnerability in landsee.php in Full PHP Emlak Script ...)
	NOT-FOR-US: Full PHP Emlak Script
CVE-2008-3941 (Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and ...)
	NOT-FOR-US: BizDirectory
CVE-2008-3940 (Format string vulnerability in the finger client in HP TCP/IP Services ...)
	NOT-FOR-US: OpenVMS
CVE-2008-3939 (Directory traversal vulnerability in the web interface in AVTECH PageR ...)
	NOT-FOR-US: AVTECH PageR Enterprise
CVE-2008-3938 (Cross-site request forgery (CSRF) vulnerability in user_admin.php in ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3937 (Multiple cross-site scripting (XSS) vulnerabilities in Open Media ...)
	NOT-FOR-US: Open Media Collectors Database
CVE-2008-3936 (The web interface in Dreambox DM500C allows remote attackers to cause ...)
	NOT-FOR-US: Dreambox DM500C
CVE-2008-3935 (Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and ...)
	NOT-FOR-US: DIC shop_v50
CVE-2008-3931 (javareconf in R 2.7.2 allows local users to overwrite arbitrary files ...)
	- r-base-core-ra 1.1.1-2 (low; bug #496363)
	- r-base 2.7.2-1 (low; bug #496418)
	[etch] - r-base <no-dsa> (Minor issue)
	[lenny] - r-base 2.7.1-1+lenny1
CVE-2008-3930 (migrate_aliases.sh in Citadel Server 7.37 allows local users to ...)
	- citadel 7.37-3 (low; bug #496359)
CVE-2008-3929 (gather-messages.sh in Ampache 3.4.1 allows local users to overwrite ...)
	- ampache 3.4.1-2 (unimportant; bug #496369)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: when translating ampache to a new language
CVE-2008-3928 (test.sh in Honeyd 1.5c might allow local users to overwrite arbitrary ...)
	- honeyd 1.5c-5 (unimportant; bug #496365)
	NOTE: Script not used by package, only a manual test script
CVE-2008-3927 (genmsgidx in Tiger 3.2.2 allows local users to overwrite or delete ...)
	- tiger 1:3.2.2-4 (unimportant; bug #496415)
	NOTE: Tracking as unimportant, since the script is only used
	NOTE: during build time
CVE-2008-3926 (Multiple directory traversal vulnerabilities in Content Management ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3925 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3924 (The &quot;Make a backup&quot; functionality in Content Management Made Easy ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3923 (Multiple cross-site scripting (XSS) vulnerabilities in statistics.php ...)
	NOT-FOR-US: Content Management Made Easy
CVE-2008-3922 (awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3921 (Multiple cross-site scripting (XSS) vulnerabilities in AWStats Totals ...)
	NOT-FOR-US: AWStats Totals
CVE-2008-3919 (Unspecified vulnerability in multiple JustSystems Ichitaro products ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2008-3918 (SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3917 (Cross-site scripting (XSS) vulnerability in index.php in Ovidentia ...)
	NOT-FOR-US: Ovidentia
CVE-2008-3916 (Heap-based buffer overflow in the strip_escapes function in signal.c ...)
	- ed 0.7-2 (low)
	[etch] - ed <no-dsa> (Minor issue)
CVE-2008-3915 (Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-5
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.19)
	NOTE: 91b80969ba466ba4b915a4a1d03add8c297add3f
CVE-2008-3911 (The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel ...)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
CVE-2008-3906 (CRLF injection vulnerability in Sys.Web in Mono 2.0 and earlier allows ...)
	- mono 1.9.1+dfsg-4 (low; bug #498894)
CVE-2008-3905 (resolv.rb in Ruby 1.8.5 and earlier, 1.8.6 before 1.8.6-p287, 1.8.7 ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #498978)
	- ruby1.9 1.9.0.2-6 (bug #498977)
CVE-2008-3903 (Asterisk Open Source 1.2.x before 1.2.32, 1.4.x before 1.4.24.1, and ...)
	{DSA-1952-1}
	- asterisk 1:1.6.1.0~dfsg-1 (low; bug #522528)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - asterisk <no-dsa> (Minor issue)
	NOTE: http://downloads.asterisk.org/pub/security/AST-2009-003.html
CVE-2008-3902 (HP firmware 68DTT F.0D stores pre-boot authentication passwords in the ...)
	NOT-FOR-US: HP firmware 68DTT
CVE-2007-6717 (Buffer overflow in tftp in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6716 (fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 ...)
	{DSA-1653-1}
	- linux-2.6 2.6.23-1
	- linux-2.6.24 <not-affected> (Vulnerable code not present)
	NOTE: 848c4dd5153c7a0de55470ce99a8e13a63b4703f
CVE-2008-3962 (The from_format function in ssmtp.c in ssmtp 2.61 and 2.62, in certain ...)
	- ssmtp 2.62-1.1 (low; bug #498366)
	[etch] - ssmtp <no-dsa> (Minor issue, only affects rare corner cases)
CVE-2008-3963 (MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does ...)
	{DSA-1783-1}
	- mysql-dfsg-5.0 5.0.51a-15 (low; bug #498362)
CVE-2008-3964 (Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 ...)
	- libpng 1.2.27-2 (low; bug #501109)
	[etch] - libpng <not-affected> (Vulnerable code not present)
	NOTE: off-by-one error in pngpread.c is not present, must have
	NOTE: been introduced later, but pngtest.c is affected. However, there
	NOTE: is no known exploit.
CVE-2008-3912 (libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3913 (Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3914 (Multiple unspecified vulnerabilities in ClamAV before 0.94 have ...)
	{DSA-1660-1}
	- clamav 0.94.dfsg-1
CVE-2008-3934 (Unspecified vulnerability in Wireshark (formerly Ethereal) 0.99.6 ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (bug #497878)
	[etch] - wireshark <not-affected> (Only >= 0.99.6)
CVE-2008-3933 (Wireshark (formerly Ethereal) 0.10.14 through 1.0.2 allows attackers ...)
	{DSA-1673-1 DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3932 (Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allows attackers to ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (low; bug #497878)
CVE-2008-3904 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
	- gpicview 0.1.9-2 (low; bug #498022)
CVE-2008-3909 (The administration application in Django 0.91, 0.95, and 0.96 stores ...)
	{DSA-1640-1}
	- python-django 1.0-1
	NOTE: http://www.djangoproject.com/weblog/2008/sep/02/security/
CVE-2008-3910 (dns2tcp before 0.4.1 does not properly handle negative values in a ...)
	- dns2tcp 0.4.dfsg-2 (medium; bug #497730)
CVE-2008-3901 (Software suspend 2 2-2.2.1, when used with the Linux kernel 2.6.16, ...)
	- linux-patch-tuxonice <not-affected> (Fixed before initial upload)
CVE-2008-3900 (Intel firmware PE94510M.86A.0050.2007.0710.1559 stores pre-boot ...)
	NOT-FOR-US: Intel firmware
CVE-2008-3899 (TrueCrypt 5.0 stores pre-boot authentication passwords in the BIOS ...)
	NOT-FOR-US: TrueCrypt
CVE-2008-3898 (Secu Star DriveCrypt Plus Pack 3.9 stores pre-boot authentication ...)
	NOT-FOR-US: Secu Star DriveCrypt
CVE-2008-3897 (DiskCryptor 0.2.6 on Windows stores pre-boot authentication passwords ...)
	NOT-FOR-US: DiskCryptor
CVE-2008-3896 (Grub Legacy 0.97 and earlier stores pre-boot authentication passwords ...)
	- grub <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can easily edit menu.lst anyway
CVE-2008-3895 (LILO 22.6.1 and earlier stores pre-boot authentication passwords in ...)
	- lilo <unfixed> (unimportant)
	NOTE: you need to be root on linux to do this, root can edit the configuration anyway
CVE-2008-3894 (IBM Lenovo firmware 7CETB5WW 2.05 stores pre-boot authentication ...)
	NOT-FOR-US: IBM Lenovo firmware
CVE-2008-3893 (Microsoft Bitlocker in Windows Vista before SP1 stores pre-boot ...)
	NOT-FOR-US: Bitlocker
CVE-2008-3892 (Buffer overflow in a certain ActiveX control in the COM API in VMware ...)
	NOT-FOR-US: VMware COM API
CVE-2008-3891 (The SAML Single Sign-On (SSO) Service for Google Apps allows remote ...)
	NOT-FOR-US: SAML Service for Google Apps
CVE-2008-3890 (The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3888 (SQL injection vulnerability in members.asp in Mini-NUKE Freehost 2.3 ...)
	NOT-FOR-US: Mini-NUKE Freehost
CVE-2008-3887 (Multiple SQL injection vulnerabilities in index.php in dotProject ...)
	NOT-FOR-US: dotProject
CVE-2008-3886 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: dotProject
CVE-2008-3885 (Cross-site request forgery (CSRF) vulnerability in Blogn (BURO GUN) ...)
	NOT-FOR-US: Blogn
CVE-2008-3884 (Cross-site scripting (XSS) vulnerability in Blogn (BURO GUN) 1.9.7 and ...)
	NOT-FOR-US: Blogn
CVE-2008-3883 (configvar in Caudium 1.4.12 allows local users to overwrite arbitrary ...)
	- caudium 1.4.12-11.1 (low; bug #496404)
CVE-2008-3882 (Unspecified &quot;Command Injection&quot; vulnerability in ZoneMinder 1.23.3 and ...)
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3881 (Multiple cross-site scripting (XSS) vulnerabilities in ZoneMinder ...)
	- zoneminder 1.24.1-1 (low; bug #497640)
CVE-2008-3880 (SQL injection vulnerability in zm_html_view_event.php in ZoneMinder ...)
	- zoneminder 1.24.1-1 (bug #497640)
CVE-2008-3879 (The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3878 (Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control ...)
	NOT-FOR-US: ActiveX control in OfficeCtrl.ocx
CVE-2008-3877 (Stack-based buffer overflow in Acoustica Mixcraft 4.1 Build 96 and 4.2 ...)
	NOT-FOR-US: Acoustica Mixcraft
CVE-2008-3876 (Apple iPhone 2.0.2, in some configurations, allows physically ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-3875 (The kernel in Sun Solaris 8 through 10 and OpenSolaris before snv_90 ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-3874 (Cross-site scripting (XSS) vulnerability in account.php in Lussumo ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2008-3873 (The System.setClipboard method in ActionScript in Adobe Flash Player ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3872 (Adobe Flash Player 8.0.39.0 and earlier, and 9.x up to 9.0.115.0, ...)
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3871 (Multiple format string vulnerabilities in UltraISO 9.3.1.2633, and ...)
	NOT-FOR-US: UltraISO
CVE-2008-3870 (Integer overflow in sadmind in Sun Solaris 8 and 9 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-3869 (Heap-based buffer overflow in sadmind in Sun Solaris 8 and 9 allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-3868 (Cross-site request forgery (CSRF) vulnerability in Interact 2.4.1 ...)
	NOT-FOR-US: Interact
CVE-2008-3867 (SQL injection vulnerability in spaces/emailuser.php in Interact 2.4.1 ...)
	NOT-FOR-US: Interact
CVE-2008-3866 (The Trend Micro Personal Firewall service (aka TmPfw.exe) in Trend ...)
	NOT-FOR-US: Trend Micro Personal Firewall
CVE-2008-3865 (Multiple heap-based buffer overflows in the ApiThread function in the ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3864 (The ApiThread function in the firewall service (aka TmPfw.exe) in ...)
	NOT-FOR-US: Trend Micro Network Security Component
CVE-2008-3863 (Stack-based buffer overflow in the read_special_escape function in ...)
	{DSA-1670-1}
	- enscript 1.6.4-13 (bug #506261)
CVE-2008-3862 (Stack-based buffer overflow in CGI programs in the server in Trend ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-3861 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 and ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3860 (Multiple cross-site scripting (XSS) vulnerabilities (1) in the WYSIWYG ...)
	NOT-FOR-US: IBM, Lotus Quickr 8.1
CVE-2008-3859 (Davlin Thickbox Gallery 2 allows remote attackers to obtain the ...)
	NOT-FOR-US: Davlin Thickbox Gallery
CVE-2008-3858 (The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3857 (The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3856 (The routine infrastructure component in IBM DB2 8 before FP17, 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3855 (Unspecified vulnerability in the DB2 Administration Server (DAS) in ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3854 (Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3853 (Buffer overflow in the DAS server program in the Core DAS function ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3852 (Unspecified vulnerability in the CLR stored procedure deployment from ...)
	NOT-FOR-US: IBM DB2
CVE-2008-3851 (Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3850 (Cross-site scripting (XSS) vulnerability in Accellion File Transfer ...)
	NOT-FOR-US: Accellion File Transfer
CVE-2008-3849 (Cross-site scripting (XSS) vulnerability in the calendar controller in ...)
	NOT-FOR-US: Civic Website Manager
CVE-2008-3848 (SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows ...)
	NOT-FOR-US: Z-Breaknews
CVE-2008-3847 (Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-3846 (Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and ...)
	NOT-FOR-US: mysql-lists
CVE-2008-3845 (Multiple SQL injection vulnerabilities in Crafty Syntax Live Help ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion ...)
	NOT-FOR-US: Old CVE id
CVE-2008-XXXX [nfdump vulnerable to symlink attacks]
	- nfdump 1.5.7-5 (bug #497452)
CVE-2008-3889 (Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before ...)
	- postfix 2.5.5-1 (low)
	[etch] - postfix <not-affected> (Vulnerable code not present)
	NOTE: http://www.postfix.org/announcements/20080902.html
CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow ...)
	{DSA-1634-1 DTSA-163-1}
	- wordnet 1:3.0-12 (medium; bug #497441)
	[lenny] - wordnet 3.0-11+lenny1
	[etch] - wordnet 1:2.1-4+etch1
	NOTE: 1:3.0-12 had a regression and the patch was slightly updated
	NOTE: by 1:3.0-13 to fix this bug
CVE-2008-3907 (The open-in-browser command in newsbeuter before 1.1 allows remote ...)
	{DTSA-164-1 DTSA-164-2}
	[lenny] - newsbeuter 0.9.1-1+lenny3
	- newsbeuter 1.2-1 (medium)
	NOTE: medium as versions < 1.0-1 didn't include a patch to wrap long article URLs so the
	NOTE: crafted part of the URL can be hidden. This of course only affects people not reading
	NOTE: articles in the built-in reader.
CVE-2008-3920 (Unspecified vulnerability in BitlBee before 1.2.2 allows remote ...)
	- bitlbee 1.2.2-1
	[etch] - bitlbee <not-affected> (1.0.x not affected)
CVE-2008-4978 (radiance 3R9+20080530 allows local users to overwrite arbitrary files ...)
	- radiance 3R9+20080530-4 (low; bug #496423)
CVE-2008-3844 (Certain Red Hat Enterprise Linux (RHEL) 4 and 5 packages for OpenSSH, ...)
	NOT-FOR-US: Red Hat services issue
CVE-2008-3843 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3842 (Request Validation (aka the ValidateRequest filters) in ASP.NET in ...)
	NOT-FOR-US: Microsoft .NET Framework
CVE-2008-3841 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
	NOT-FOR-US: Freeway eCommerce
CVE-2008-3840 (Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3839 (Unspecified vulnerability in the NFS module in the kernel in Sun ...)
	NOT-FOR-US: Solaris
CVE-2008-3838 (Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) ...)
	NOT-FOR-US: Solaris
CVE-2008-3837 (Mozilla Firefox before 2.0.0.17 and 3.x before 3.0.2, and SeaMonkey ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.3-1 (low)
	- xulrunner 1.9.0.3-1 (low)
	- iceape 1.1.12-1 (low)
CVE-2008-3836 (feedWriter in Mozilla Firefox before 2.0.0.17 allows remote attackers ...)
	{DSA-1697-1 DSA-1669-1 DSA-1649-1}
	- iceweasel 3.0.1-1
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-3835 (The nsXMLDocument::OnChannelRedirect function in Mozilla Firefox ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-3834 (The dbus_signature_validate function in the D-bus library (libdbus) ...)
	{DSA-1658-1}
	- dbus 1.2.1-4 (bug #501443)
CVE-2008-3833 (The generic_file_splice_write function in fs/splice.c in the Linux ...)
	{DSA-1653-1}
	- linux-2.6 2.6.19-1
	- linux-2.6.24 <not-affected> (Fixed in upstream before 2.6.24)
CVE-2008-3832 (A certain Fedora patch for the utrace subsystem in the Linux kernel ...)
	- linux-2.6 <not-affected> (Fedora-specific patch)
	- linux-2.6.24 <not-affected> (Fedora-specific patch)
CVE-2008-3831 (The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel ...)
	{DSA-1655-1}
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6 2.6.26-9
CVE-2008-3830 (Condor before 7.0.5 does not properly handle when the configuration ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3829 (Unspecified vulnerability in the condor_ schedd daemon in Condor ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3828 (Stack-based buffer overflow in the condor_ schedd daemon in Condor ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3827 (Multiple integer underflows in the Real demuxer (demux_real.c) in ...)
	{DSA-1644-1 DTSA-168-1}
	- mplayer 1.0~rc2-18 (medium; bug #500683)
	NOTE: http://www.ocert.org/advisories/ocert-2008-013.html
CVE-2008-3826 (Unspecified vulnerability in Condor before 7.0.5 allows attackers to ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3825 (pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when ...)
	NOT-FOR-US: Different code base than Debian's libpam-krb5
CVE-2008-3824 (Cross-site scripting (XSS) vulnerability in (1) ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3823 (Cross-site scripting (XSS) vulnerability in MIME/MIME/Contents.php in ...)
	{DSA-1642-1 DTSA-165-1}
	- horde3 3.2.2+debian0-1 (low; bug #499579)
CVE-2008-3822
	REJECTED
CVE-2008-3821 (Multiple cross-site scripting (XSS) vulnerabilities in the HTTP server ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3820 (Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event ...)
	NOT-FOR-US: Cisco Security Manager
CVE-2008-3819 (dnsserver in Cisco Application Control Engine Global Site Selector ...)
	NOT-FOR-US: Cisco Application Control Engine Global Site Selector (GSS)
CVE-2008-3818 (Cisco ONS 15310-CL, 15310-MA, 15327, 15454, 15454 SDH, and 15600 with ...)
	NOT-FOR-US: Cisco ONS
CVE-2008-3817 (Memory leak in Cisco Adaptive Security Appliances (ASA) 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2008-3816 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2008-3815 (Unspecified vulnerability in Cisco Adaptive Security Appliances (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2008-3814 (Unspecified vulnerability in Cisco Unity 4.x before 4.2(1)ES161, 5.x ...)
	NOT-FOR-US: Cisco
CVE-2008-3813 (Unspecified vulnerability in Cisco IOS 12.2 and 12.4, when the L2TP ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3812 (Cisco IOS 12.4, when IOS firewall Application Inspection Control (AIC) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3811 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3810 (Cisco IOS 12.2 and 12.4, when NAT Skinny Call Control Protocol (SCCP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3809 (Cisco IOS 12.0 through 12.4 on Gigabit Switch Router (GSR) devices ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3808 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3807 (Cisco IOS 12.2 and 12.3 on Cisco uBR10012 series devices, when ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3806 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3805 (Cisco IOS 12.0 through 12.4 on Cisco 10000, uBR10012 and uBR7200 ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3804 (Unspecified vulnerability in the Multi Protocol Label Switching (MPLS) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3803 (A &quot;logic error&quot; in Cisco IOS 12.0 through 12.4, when a Multiprotocol ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3802 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3801 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3800 (Unspecified vulnerability in the Session Initiation Protocol (SIP) ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3799 (Memory leak in the Session Initiation Protocol (SIP) implementation in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3798 (Cisco IOS 12.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-3797
	RESERVED
CVE-2008-3796 (Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of ...)
	- swfdec0.6 0.6.8-1
CVE-2008-3795 (Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3793
	RESERVED
	NOT-FOR-US: Adobe Flash Player
CVE-2008-3792 (net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-4
	[etch] - linux-2.6 <not-affected>
CVE-2008-3788 (Multiple SQL injection vulnerabilities in PICTURESPRO Photo Cart 3.9, ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3787 (SQL injection vulnerability in listing_view.php in Web Directory ...)
	NOT-FOR-US: Web Directory Script
CVE-2008-3786 (Cross-site scripting (XSS) vulnerability in index.php in PICTURESPRO ...)
	NOT-FOR-US: PICTURESPRO Photo Cart 3.9
CVE-2008-3785 (Multiple SQL injection vulnerabilities in the com_content component in ...)
	NOT-FOR-US: MiaCMS
CVE-2008-3784 (SQL injection vulnerability in scrape.php in BtiTracker 1.4.7 and ...)
	NOT-FOR-US: BtiTracker
CVE-2008-3783 (Multiple SQL injection vulnerabilities in index.php in Matterdaddy ...)
	NOT-FOR-US: Matterdaddy Market
CVE-2008-3782 (Multiple cross-site scripting (XSS) vulnerabilities in admin/index.php ...)
	NOT-FOR-US: ACG-PTP
CVE-2008-3781 (Cross-site scripting (XSS) vulnerability in GMOD GBrowse before 1.69 ...)
	NOT-FOR-US: GMOD GBrowse
CVE-2008-3780 (SQL injection vulnerability in recommend.php in Five Star Review ...)
	NOT-FOR-US: Five Star Review Script
CVE-2008-3779 (Cross-site scripting (XSS) vulnerability in search/index.php in Five ...)
	NOT-FOR-US: Five Star Review Script
CVE-2008-3778 (The remote management interface in SIP Enablement Services (SES) ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3777 (The SIP Enablement Services (SES) Server in Avaya SIP Enablement ...)
	NOT-FOR-US: Avaya SIP Enablement Services
CVE-2008-3776 (Directory traversal vulnerability in Fujitsu Web-Based Admin View ...)
	NOT-FOR-US: Fujitsu Web-Based Admin View
CVE-2008-3775 (Folder Lock 5.9.5 and earlier uses weak encryption (ROT-25) for the ...)
	NOT-FOR-US: Folder Lock
CVE-2008-3774 (SQL injection vulnerability in index.php in Simasy CMS allows remote ...)
	NOT-FOR-US: Simasy CMS
CVE-2008-3773 (Cross-site scripting (XSS) vulnerability in vBulletin 3.7.2 PL1 and ...)
	NOT-FOR-US: vBulletin
CVE-2008-3772 (SQL injection vulnerability in categories_portal.php in Pars4u ...)
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3771 (Cross-site scripting (XSS) vulnerability in members.php in Pars4u ...)
	NOT-FOR-US: Pars4u Videosharing
CVE-2008-3770 (Multiple directory traversal vulnerabilities in Freeway 1.4.1.171, ...)
	NOT-FOR-US: Freeway
CVE-2008-3769 (PHP remote file inclusion vulnerability in admin/create_order_new.php ...)
	NOT-FOR-US: Freeway
CVE-2008-3768 (Multiple SQL injection vulnerabilities in class.ajax.php in Turnkey ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-3767 (SQL injection vulnerability in classified.php in phpBazar 2.0.2 allows ...)
	NOT-FOR-US: phpBazar
CVE-2008-3766 (Realtime Internet Band Rehearsal Low-Latency (Internet) Connection ...)
	NOT-FOR-US: Realtime Internet Band Rehearsal Low-Latency (Internet) Connection tool (llcon)
CVE-2008-3765 (SQL injection vulnerability in code.php in Quick Poll Script allows ...)
	NOT-FOR-US: Quick Poll Script
CVE-2008-3764 (Eval injection vulnerability in globalsoff.php in Turnkey PHP Live ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3763 (Variable overwrite vulnerability in libsecure.php in Turnkey PHP Live ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3762 (SQL injection vulnerability in onlinestatus_html.php in Turnkey PHP ...)
	NOT-FOR-US: Turnkey PHP Live Helper
CVE-2008-3761 (hcmon.sys in VMware Workstation 6.5.1 and earlier, VMware Player 2.5.1 ...)
	NOT-FOR-US: VMware Workstation
	NOTE: we only share a package to build VMware
CVE-2008-3760 (Cross-site request forgery (CSRF) vulnerability in the sign-out page ...)
	NOT-FOR-US: Vanilla
CVE-2008-3759 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Vanilla
CVE-2008-3758 (Multiple cross-site scripting (XSS) vulnerabilities in Lussumo Vanilla ...)
	NOT-FOR-US: Vanilla
CVE-2008-3757 (SQL injection vulnerability in tr1.php in YourFreeWorld Forced Matrix ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3756 (SQL injection vulnerability in tr.php in YourFreeWorld Viral Marketing ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3755 (SQL injection vulnerability in view.php in YourFreeWorld Classifieds ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3754 (SQL injection vulnerability in trl.php in YourFreeWorld Stylish Text ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3753 (SQL injection vulnerability in details.php in YourFreeWorld Programs ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3752 (SQL injection vulnerability in tr.php in YourFreeWorld Ad-Exchange ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3751 (SQL injection vulnerability in tr.php in YourFreeWorld Short Url &amp; Url ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3750 (SQL injection vulnerability in tr.php in YourFreeWorld URL Rotator ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-3749 (SQL injection vulnerability in tr.php in YourFreeWorld Banner ...)
	NOT-FOR-US: Banner Management Script
CVE-2008-3748 (SQL injection vulnerability in view_group.php in Active PHP Bookmarks ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2008-4952 (emacs-jabber in emacs-jabber 0.7.91 allows local users to overwrite ...)
	- emacs-jabber 0.7.91-2 (low; bug #496428)
	[etch] - emacs-jabber <no-dsa> (Minor issue)
CVE-2008-4987 (xastir 1.9.2 allows local users to overwrite arbitrary files via a ...)
	- xastir 1.9.2-1.1 (low; bug #496383)
	[etch] - xastir <no-dsa> (Minor issue)
CVE-2008-4477 (alert.d/test.alert in mon 0.99.2 allows local users to overwrite ...)
	{DSA-1648-1}
	- mon 0.99.2-13 (medium; bug #496398)
CVE-2008-3790 (The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #496808)
	- ruby1.9 1.9.0.2-6 (bug #497610)
CVE-2008-4939 (apertium 3.0.7 allows local users to overwrite arbitrary files via a ...)
	- apertium 3.0.7+1-1.1 (low; bug #496395)
	[etch] - apertium <no-dsa> (Minor issue)
CVE-2008-4946 (convirt 0.8.2 allows local users to overwrite arbitrary files via a ...)
	- convirt 0.9.6-1 (medium; bug #496419)
CVE-2008-4942 (audiolink in audiolink 0.05 allows local users to overwrite arbitrary ...)
	- audiolink 0.05-1.1 (low; bug #496433)
	[etch] - audiolink <no-dsa> (Minor issue)
CVE-2008-4968 (The (1) rccs and (2) STUFF scripts in lmbench 3.0-a7 allow local users ...)
	- lmbench 3.0-a9-1 (low; bug #496427)
	[etch] - lmbench <no-dsa> (Non-free not supported)
CVE-2008-4975 (mkmailpost in newsgate 1.6 allows local users to overwrite arbitrary ...)
	- newsgate <removed> (low; bug #496437)
	[etch] - newsgate <no-dsa> (Non-free not supported)
CVE-2008-4973 (i2myspell in myspell 3.1 allows local users to overwrite arbitrary ...)
	- myspell 1:3.0+pre3.1-21 (low; bug #496392)
	[etch] - myspell <no-dsa> (Minor issue)
CVE-2008-4976 (ogle 0.9.2 and ogle-mmx 0.9.2 allow local users to overwrite arbitrary ...)
	- ogle <removed> (unimportant; bug #496420; bug #496425)
	NOTE: This only affects debugging scripts not present in standard path
CVE-2008-3789 (Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb ...)
	{DTSA-161-1}
	- samba 2:3.2.3-1 (bug #496073; medium)
	[etch] - samba <not-affected> (Only affects Samba 3.2.x)
CVE-2008-XXXX [insecure temp file in nvi]
	- nvi 1.81.6-4 (low; bug #496462)
	[etch] - nvi <no-dsa> (Minor issue, only exploitable in postinst)
CVE-2008-4982 (rkhunter in rkhunter 1.3.2 allows local users to overwrite arbitrary ...)
	- rkhunter 1.3.2-6 (low; bug #496375)
	[etch] - rkhunter <no-dsa> (Minor issue, only in debug mode)
CVE-2008-4984 (scratchbox2 1.99.0.24 allows local users to overwrite arbitrary files ...)
	- scratchbox2 1.99.0.24-2 (low; bug #496409)
CVE-2008-4981 (perl.robot in realtimebattle 1.0.8 allows local users to overwrite ...)
	- realtimebattle 1.0.8-8 (low; bug #496385)
	[etch] - realtimebattle <no-dsa> (Minor issue)
CVE-2008-4972 (mailgo in mgt 2.31 allows local users to overwrite arbitrary files via ...)
	- mgt 2.31-6 (low; bug #496434)
	[etch] - mgt <no-dsa> (Minor issue)
CVE-2008-4998 (** DISPUTED ** ...)
	- twiki 1:4.1.2-4 (low; bug #494648)
CVE-2008-4971 (mafft-homologs in mafft 6.240 allows local users to overwrite ...)
	- mafft 6.240-2 (low; bug #496366)
CVE-2008-4993 (qemu-dm.debug in Xen 3.2.1 allows local users to overwrite arbitrary ...)
	- xen-3 3.4.0-1 (low; bug #496367)
	[etch] - xen-3 <no-dsa> (Minor issue)
CVE-2008-4936 (faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary ...)
	- mgetty 1.1.36-1.3 (low; bug #496403)
	[etch] - mgetty <no-dsa> (Minor issue)
CVE-2008-4476 (sympa.pl in sympa 5.3.4 allows local users to overwrite arbitrary ...)
	- sympa 5.3.4-5.1 (low; bug #496405; bug #494969)
	[etch] - sympa <no-dsa> (Minor issues)
CVE-2008-4935 (asciiview in aview 1.3.0 allows local users to overwrite arbitrary ...)
	- aview 1.3.0rc1-8.1 (low; bug #496422)
	[etch] - aview <no-dsa> (Minor issue)
CVE-2008-4956 (fwb_install in fwbuilder 2.1.19 allows local users to overwrite ...)
	- fwbuilder 2.1.19-5 (low; bug #496406)
	[etch] - fwbuilder <no-dsa> (Minor issue)
CVE-2008-4440 (The to-upgrade plugin in feta 1.4.16 allows local users to overwrite ...)
	{DSA-1643-1}
	- feta 1.4.16+nmu1 (low; bug #496397)
CVE-2008-4977 (** DISPUTED ** ...)
	- postfix <unfixed> (unimportant; bug #496401)
	NOTE: Not enabled by default, needs manual modification of a script
CVE-2008-4944 (writtercontrol in cdcontrol 1.90 allows local users to overwrite ...)
	- cdcontrol <removed> (low; bug #496438)
	[etch] - cdcontrol <no-dsa> (Minor issue)
CVE-2008-4951 (dtc 0.29.6 allows local users to overwrite arbitrary files via a ...)
	- dtc 0.29.10-1 (low; bug #496362)
CVE-2008-4994 (The (1) ncsarmt and (2) ncsawrap scripts in xmcd 2.6 allows local ...)
	- xmcd 2.6-21 (low; bug #496416)
	[etch] - xmcd <no-dsa> (Minor issue)
CVE-2008-4988 (pscal in xcal 4.1 allows local users to overwrite arbitrary files via ...)
	- xcal 4.1-19 (low; bug #496393)
	[etch] - xcal <no-dsa> (Minor issue)
CVE-2008-3791 (src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop ...)
	- gpicview 0.1.9-2 (low; bug #495968)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019481&group_id=180858&atid=894869
CVE-2008-XXXX [Overwrite symlink without check]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019485&group_id=180858&atid=894869
	NOTE: CVE id requested
	NOTE: non-issue, not exploitable by other users
CVE-2008-XXXX [Overwrite certain images without notice]
	- gpicview 0.1.10-1 (unimportant; bug #497005)
	NOTE: http://sourceforge.net/tracker/index.php?func=detail&aid=2019492&group_id=180858&atid=894869
	NOTE: non-issue, not exploitable by other users
	NOTE: CVE id requested
CVE-2008-4937 (senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite ...)
	- openoffice.org 1:2.4.1-8 (low; bug #496361)
	[etch] - openoffice.org <not-affected> (Vulnerable code not present)
	NOTE: also not present in 3.0.0, only in 2.4.1. Fix pending upload.
CVE-2008-4979 (getipacctg in rancid 2.3.2~a8 allows local users to overwrite ...)
	- rancid 2.3.2~a8-2 (low; bug #496426)
	[etch] - rancid <no-dsa> (Minor issue)
CVE-2008-4985 (vdrleaktest in Video Disk Recorder (aka vdr-dbg or vdr) 1.6.0 allows ...)
	- vdr 1.6.0-6 (low; bug #496421)
	[etch] - vdr <not-affected> (Vulnerable code not present)
CVE-2008-5007 (create_lazarus_export_tgz.sh in lazarus 0.9.24 allows local users to ...)
	- lazarus 0.9.24-0-11 (unimportant; bug #496377)
	NOTE: vulnerable script only called when updating the source
	NOTE: thus neither actively used nor invoked automatically
CVE-2008-3794 (Integer signedness error in the mms_ReceiveCommand function in ...)
	{DSA-1819-1 DTSA-166-1}
	- vlc 0.8.6.h-4 (medium; bug #496265)
CVE-2008-3747 (The (1) get_edit_post_link and (2) get_edit_comment_link functions in ...)
	- wordpress 2.5.1-6 (low; bug #497216)
	[etch] - wordpress <not-affected> (Does not have force-sll mechanism)
CVE-2008-3746 (neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of ...)
	- neon27 0.28.2-4
	- neon26 <not-affected> (Issue was introduced in 0.28)
CVE-2008-3739 (Cross-site scripting (XSS) vulnerability in (1) System Consultants ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3738 (Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier ...)
	NOT-FOR-US: SpaceTag LacoodaST
CVE-2008-3737 (Unspecified vulnerability in (1) System Consultants La!Cooda WIZ 1.4.0 ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3736 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: La!Cooda WIZ
CVE-2008-3735 (Cross-site scripting (XSS) vulnerability in index.php in PHPizabi ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3734 (Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and ...)
	NOT-FOR-US: WS_FTP Home
CVE-2008-3733 (Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote ...)
	NOT-FOR-US: EO Video
CVE-2008-3732 (Integer overflow in the Open function in modules/demux/tta.c in VLC ...)
	{DTSA-166-1}
	- vlc 0.8.6.h-2
	[etch] - vlc <not-affected> (TTA module not present)
CVE-2008-3731 (Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other ...)
	NOT-FOR-US: Serv-U File
CVE-2008-3730 (Cross-site scripting (XSS) vulnerability in Nordicwind Document ...)
	NOT-FOR-US: NOAH
CVE-2008-3729 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3728 (Web Based Administration in MicroWorld Technologies MailScan 5.6.a ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3727 (Directory traversal vulnerability in Web Based Administration in ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3726 (Cross-site scripting (XSS) vulnerability in Web Based Administration ...)
	NOT-FOR-US: MicroWorld Technologies MailScan
CVE-2008-3725 (SQL injection vulnerability in trr.php in YourFreeWorld Ad Board ...)
	NOT-FOR-US: YourFreeWorld Ad Board Script
CVE-2008-3724 (SQL injection vulnerability in index.php in Papoo before 3.7.2 allows ...)
	NOT-FOR-US: Papoo
CVE-2008-3723 (Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3722 (SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3721 (PHP remote file inclusion vulnerability in user_language.php in DeeEmm ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3720 (SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 ...)
	NOT-FOR-US: DeeEmm CMS
CVE-2008-3719 (SQL injection vulnerability in directory.php in SFS Affiliate ...)
	NOT-FOR-US: SFS Affiliate Directory
CVE-2008-3718 (Multiple SQL injection vulnerabilities in cyberBB 0.6 allow remote ...)
	NOT-FOR-US: cyberBB
CVE-2008-3717 (Harmoni before 1.6.0 does not require administrative privileges to ...)
	NOT-FOR-US: Harmoni
CVE-2008-3716 (Cross-site request forgery (CSRF) vulnerability in Harmoni before ...)
	NOT-FOR-US: Harmoni
CVE-2008-3715 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: FlexCMS
CVE-2008-3714 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 ...)
	{DSA-1679-1}
	- awstats 6.7.dfsg-5.1 (bug #495432; low)
	NOTE: upstream bug 2001151
CVE-2008-3713 (SQL injection vulnerability in product.php in PHPBasket allows remote ...)
	NOT-FOR-US: PHPBasket
CVE-2008-3712 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.2 and ...)
	NOT-FOR-US: Mambo
CVE-2008-3711 (SQL injection vulnerability in index.php in PHPArcadeScript (PHP ...)
	NOT-FOR-US: PHPArcadeScript
CVE-2008-3710 (Multiple directory traversal vulnerabilities in CyBoards PHP Lite 1.21 ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3709 (Multiple cross-site scripting (XSS) vulnerabilities in CyBoards PHP ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3708 (Multiple directory traversal vulnerabilities in dotCMS 1.6.0.9 allow ...)
	NOT-FOR-US: dotCMS
CVE-2008-3707 (Multiple PHP remote file inclusion vulnerabilities in CyBoards PHP ...)
	NOT-FOR-US: CyBoards PHP Lite
CVE-2008-3706 (SQL injection vulnerability in bannerclick.php in ZEEJOBSITE 2.0 ...)
	NOT-FOR-US: ZEEJOBSITE
CVE-2008-3705 (Stack-based buffer overflow in the CLogger::WriteFormated function in ...)
	NOT-FOR-US: EchoVNC Linux
CVE-2008-3704 (Heap-based buffer overflow in the MaskedEdit ActiveX control in ...)
	NOT-FOR-US: Msmask32.ocx
CVE-2008-3703 (The management console in the Volume Manager Scheduler Service (aka ...)
	NOT-FOR-US: Symantec Veritas Storage Foundation
CVE-2008-3702 (Multiple stack-based buffer overflows in the Animation GIF ActiveX ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3701 (SQL injection vulnerability in staff/index.php in Kayako SupportSuite ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3700 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-3698 (Unspecified vulnerability in the OpenProcess function in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3697 (An unspecified ISAPI extension in VMware Server before 1.0.7 build ...)
	NOT-FOR-US: VMware Server on Windows
CVE-2008-3696 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3695 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3694 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3693 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3692 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3691 (Unspecified vulnerability in a certain ActiveX control in VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-3690
	RESERVED
CVE-2008-3689
	RESERVED
CVE-2008-3688 (sockethandler.cpp in HTTP Antivirus Proxy (HAVP) 0.88 allows remote ...)
	{DTSA-159-1}
	- havp 0.88-1.1 (bug #496034)
CVE-2008-3687 (Heap-based buffer overflow in the flask_security_label function in Xen ...)
	- xen-3 <not-affected> (Not compiled with XSM:FLASK)
CVE-2008-3686 (The rt6_fill_node function in net/ipv6/route.c in Linux kernel ...)
	- linux-2.6.24 <not-affected> (Vulnerable code was introduced in 2.6.26)
	- linux-2.6 2.6.26-5
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.26)
CVE-2008-3685 (Directory traversal vulnerability in aws_tmxn.exe in the Admin Agent ...)
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3684 (Heap-based buffer overflow in aws_tmxn.exe in the Admin Agent service ...)
	NOT-FOR-US: EMC Documentum ApplicationXtender Workflow
CVE-2008-3683 (Unspecified vulnerability in the FTP subsystem in Sun Java System Web ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2008-3682 (SQL injection vulnerability in dpage.php in YPN PHP Realty allows ...)
	NOT-FOR-US: YPN PHP Realty
CVE-2008-3681 (components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does ...)
	NOT-FOR-US: Joomla
CVE-2008-3680 (The decryption function in Flagship Industries Ventrilo 3.0.2 and ...)
	NOT-FOR-US: Flagship Industries Ventrilo
CVE-2008-3679 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2008-3678 (Cross-site scripting (XSS) vulnerability in admin/search_links.php in ...)
	NOT-FOR-US: Freeway
CVE-2008-3677 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Freeway
CVE-2008-3676 (Unspecified vulnerability in the IMAP server in hMailServer 4.4.1 ...)
	NOT-FOR-US: hMailServer
CVE-2008-3675 (Directory traversal vulnerability in classes/imgsize.php in Gelato ...)
	NOT-FOR-US: Gelato
CVE-2008-3674 (SQL injection vulnerability in ugroups.php in PozScripts TubeGuru ...)
	NOT-FOR-US: PozScripts TubeGuru Video Sharing Script
CVE-2008-3673 (SQL injection vulnerability in browsecats.php in PozScripts Classified ...)
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3672 (SQL injection vulnerability in showcategory.php in PozScripts ...)
	NOT-FOR-US: PozScripts Classified Ads
CVE-2008-3671 (Acronis True Image Echo Server 9.x build 8072 on Linux does not ...)
	NOT-FOR-US: Echo Server
CVE-2008-3670 (SQL injection vulnerability in authordetail.php in Article Friendly ...)
	NOT-FOR-US: Article Friendly Pro
CVE-2008-3669 (SQL injection vulnerability in comments.php in ZeeScripts Reviews ...)
	NOT-FOR-US: ZeeScripts Reviews Opinions Rating Posting Engine Web-Site PHP
CVE-2008-3668 (Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt ...)
	NOT-FOR-US: XOOPS
CVE-2008-3667 (Stack-based buffer overflow in Maxthon Browser 2.0 and earlier allows ...)
	NOT-FOR-US: Maxthon Browser
CVE-2006-7233 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4877 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2005-4876 (Cross-site scripting (XSS) vulnerability in the login form (login.jsp) ...)
	NOT-FOR-US: Openfire
CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real ...)
	NOT-FOR-US: Oracle
CVE-2008-3699 (The MagnatuneBrowser::listDownloadComplete function in ...)
	- amarok 1.4.10-1 (unimportant; bug #494765)
	[etch] - amarok <not-affected>
	NOTE: The code in question doesn't dereference the symlink, tested with Etch
	NOTE: and Lenny. Given that it only takes a minute to test this, it's surprising
	NOTE: that at least one vendor issued an advisory and upstream pushed a new release...
CVE-2008-3740 (Cross-site scripting (XSS) vulnerability in the output filter in ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3741 (The private filesystem in Drupal 5.x before 5.10 and 6.x before 6.4 ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3742 (Unrestricted file upload vulnerability in the BlogAPI module in Drupal ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (medium; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3743 (Multiple cross-site request forgery (CSRF) vulnerabilities in forms in ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code not present)
	- drupal-4.7 <removed>
CVE-2008-3744 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
	{DTSA-156-1}
	- drupal5 5.10-1 (low; bug #495122)
	- drupal-4.7 <removed>
CVE-2008-3745 (The Upload module in Drupal 6.x before 6.4 allows remote authenticated ...)
	{DTSA-156-1}
	- drupal5 <not-affected> (Vulnerable code only present in 6.x)
	- drupal-4.7 <removed>
CVE-2008-3666 (Unspecified vulnerability in Sun Solaris 10 and OpenSolaris before ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2008-3665
	RESERVED
CVE-2008-3664 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3663 (Squirrelmail 1.4.15 does not set the secure flag for the session ...)
	- squirrelmail 2:1.4.15-3 (low; bug #499942)
	[etch] - squirrelmail <no-dsa> (less important and fix changes behaviour)
	NOTE: only relevant for installations that are also offered over http
	NOTE: which isn't normally a good idea anyway. Fixing in stable will
	NOTE: change behaviour so not really suited for DSA.
CVE-2008-3662 (Gallery before 1.5.9, and 2.x before 2.2.6, does not set the secure ...)
	- gallery 1.5.9-1
	- gallery2 2.2.6-1
CVE-2008-3661 (Drupal, probably 5.10 and 6.4, does not set the secure flag for the ...)
	- drupal5 5.10-2 (low; bug #501063)
	- drupal6 6.4-2 (low; bug #501058)
	NOTE: drupal upstreams advise the users to set session.cookie_secure in the php configuration
	NOTE: to fix this has been documented in README.Debian
CVE-2008-3660 (PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI ...)
	{DSA-1647-1}
	- php5 5.2.6-4 (medium)
	- php4 <removed>
	NOTE: *not* duplicate after all, needs review
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/sapi/cgi/cgi_main.c?r1=1.267.2.15.2.57&r2=1.267.2.15.2.58&view=patch
CVE-2008-3659 (Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: php5 -d memory_limit=256M -r '$res = explode(str_repeat("A",145999999),1);'
	NOTE: (From upstream's ext/standard/tests/strings/explode_bug.phpt)
	NOTE: could not reproduce locally
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3658 (Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP ...)
	{DSA-1647-1}
	- php4 <removed>
	- php5 5.2.6-4 (medium)
	NOTE: fix in pkg-php svn for both etch and sid
CVE-2008-3657 (The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3656 (Algorithmic complexity vulnerability in the ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3655 (Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through ...)
	{DSA-1652-1 DSA-1651-1}
	- ruby1.8 1.8.7.72-1 (bug #494401)
	- ruby1.9 1.9.0.2-6 (bug #494402)
	NOTE: http://www.ruby-lang.org/en/news/2008/08/08/multiple-vulnerabilities-in-ruby/
CVE-2008-3654 (Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows ...)
	- tikiwiki <removed>
CVE-2008-3653 (Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before ...)
	- tikiwiki <removed>
CVE-2008-3652 (src/racoon/handler.c in racoon in ipsec-tools does not remove an ...)
	- ipsec-tools 0.7.1-1.2 (low; bug #501026)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
	NOTE: attacker needs to be authenticated, see https://bugzilla.redhat.com/show_bug.cgi?id=456660
CVE-2008-3651 (Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools ...)
	- ipsec-tools 1:0.7.1-1 (low; bug #495214)
	[etch] - ipsec-tools <no-dsa> (Minor issue)
CVE-2008-3650 (Multiple unspecified vulnerabilities in Horde Groupware Webmail before ...)
	- horde3 3.2.1+debian0-1 (low; bug #495332)
	- turba2 2.2.1-1
	[etch] - turba2 <not-affected> (Vulnerable code not present)
	[etch] - horde3 <not-affected> (dup of CVE-2008-3330)
	NOTE: this is actually two issues:
	NOTE: - one a dup of CVE-2008-3330 in horde3
	NOTE: - another an issue in turba2
CVE-2008-3649 (SQL injection vulnerability in categorydetail.php in Article Friendly ...)
	NOT-FOR-US: Article Friendly Standard
CVE-2008-3648 (nslookup.exe in Microsoft Windows XP SP2 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3647 (Buffer overflow in PSNormalizer in Mac OS X 10.4.11 and 10.5.5 allows ...)
	NOT-FOR-US: Mac OS
CVE-2008-3646 (The Postfix configuration file in Mac OS X 10.5.5 causes Postfix to be ...)
	NOT-FOR-US: MacOS-only problem
CVE-2008-3645 (Heap-based buffer overflow in the local IPC component in the ...)
	NOT-FOR-US: Mac OS
CVE-2008-3644 (Apple Safari before 3.2 does not properly prevent caching of form data ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3643 (Unspecified vulnerability in Finder in Mac OS X 10.5.5 allows ...)
	NOT-FOR-US: Mac OS
CVE-2008-3642 (Buffer overflow in ColorSync in Mac OS X 10.4.11 and 10.5.5 allows ...)
	NOT-FOR-US: Mac OS
CVE-2008-3641 (The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3640 (Integer overflow in the WriteProlog function in texttops in CUPS ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3639 (Heap-based buffer overflow in the read_rle16 function in imagetops in ...)
	{DSA-1656-1}
	- cupsys <removed>
	- cups 1.3.8-1lenny2 (medium)
CVE-2008-3638 (Java on Apple Mac OS X 10.5.4 and 10.5.5 does not prevent applets from ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3637 (The Hash-based Message Authentication Code (HMAC) provider in Java on ...)
	NOT-FOR-US: Mac OSX
CVE-2008-3636 (Integer overflow in the IopfCompleteRequest API in the kernel in ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3635 (Stack-based buffer overflow in QuickTimeInternetExtras.qtx in an ...)
	NOT-FOR-US: Apple Quick Times
CVE-2008-3634 (Apple iTunes before 8.0 on Mac OS X 10.4.11, when iTunes Music Sharing ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3633
	RESERVED
CVE-2008-3632 (Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through ...)
	- webkit 1.0.1-4 (bug #499771)
	- qt4-x11 4:4.6.2-4 (bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	NOTE: http://trac.webkit.org/changeset/34815
CVE-2008-3631 (Application Sandbox in Apple iPod touch 2.0 through 2.0.2, and iPhone ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3630 (mDNSResponder in Apple Bonjour for Windows before 1.0.5, when an ...)
	NOT-FOR-US: Apple Bonjour
CVE-2008-3629 (Apple QuickTime before 7.5.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3628 (Apple QuickTime before 7.5.5 on Windows allows remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3627 (Apple QuickTime before 7.5.5 does not properly handle (1) MDAT atoms ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3626 (The CallComponentFunctionWithStorage function in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3625 (Stack-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3624 (Heap-based buffer overflow in Apple QuickTime before 7.5.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3623 (Heap-based buffer overflow in CoreGraphics in Apple Safari before 3.2 ...)
	NOT-FOR-US: Apple Safari on Windows
CVE-2008-3622 (Cross-site scripting (XSS) vulnerability in Wiki Server in Apple Mac ...)
	NOT-FOR-US: Mac OS X
CVE-2008-3621 (VideoConference in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3620
	RESERVED
CVE-2008-3619 (Time Machine in Apple Mac OS X 10.5 through 10.5.4 uses weak ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3618 (The File Sharing pane in the Sharing preference pane in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3617 (Remote Management and Screen Sharing in Apple Mac OS X 10.5 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3616 (Multiple integer overflows in the SearchKit API in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3615 (ir50_32.qtx in an unspecified third-party Indeo v5 codec for ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3614 (Integer overflow in Apple QuickTime before 7.5.5 on Windows allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-3613 (Finder in Apple Mac OS X 10.5.2 through 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3612 (The Networking subsystem in Apple iPod touch 2.0 through 2.0.2, and ...)
	NOT-FOR-US: Apple iPod
CVE-2008-3611 (Login Window in Apple Mac OS X 10.4.11 does not clear the current ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3610 (Race condition in Login Window in Apple Mac OS X 10.5 through 10.5.4, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3609 (The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3608 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3607 (The IMAP server in NoticeWare Email Server NG 4.6.3 and earlier allows ...)
	NOT-FOR-US: NoticeWare Email Server NG
CVE-2008-3606 (Heap-based buffer overflow in the IMAP service in Qbik WinGate ...)
	NOT-FOR-US: Qbik WinGate
CVE-2008-3605 (Unspecified vulnerability in McAfee Encrypted USB Manager 3.1.0.0, ...)
	NOT-FOR-US: McAfee Encrypted USB Manager
CVE-2008-3604 (SQL injection vulnerability in bannerclick.php in ZeeBuddy 2.1 allows ...)
	NOT-FOR-US: ZeeBuddy
CVE-2008-3603 (SQL injection vulnerability in index.php in Vacation Rental Script 3.0 ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2008-3602 (admin/wr_admin.php in PHP-Ring Webring System (aka uPHP_ring_website) ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2008-3601 (SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2008-3600 (Directory traversal vulnerability in contrib/phpBB2/modules.php in ...)
	- gallery <removed> (unimportant)
	- gallery2 <not-affected> (Vulnerable code not present)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-3599 (SQL injection vulnerability in image.php in OpenImpro 1.1 allows ...)
	NOT-FOR-US: OpenImpro
CVE-2008-3598 (Multiple SQL injection vulnerabilities in psipuss 1.0 allow remote ...)
	NOT-FOR-US: psipuss
CVE-2008-3597 (Skulltag before 0.97d2-RC6 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Skulltag
CVE-2008-3596 (Cross-site scripting (XSS) vulnerability in Harmoni before 1.4.7 ...)
	NOT-FOR-US: Harmoni
CVE-2008-3595 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: txtSQL
CVE-2008-3594 (SQL injection vulnerability in viewdetails.php in MagicScripts E-Store ...)
	NOT-FOR-US: MagicScripts E-Store
CVE-2008-3593 (Directory traversal vulnerability in index.php in SyzygyCMS 0.3 allows ...)
	NOT-FOR-US: SyzygyCMS
CVE-2008-3592 (Unrestricted file upload vulnerability in the File Manager in the ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3591 (SQL injection vulnerability in lib/class.admin.php in Twentyone ...)
	NOT-FOR-US: Twentyone Degrees Symphony 1.7.01
CVE-2008-3590 (Multiple SQL injection vulnerabilities in admin/login.asp in E. Z. ...)
	NOT-FOR-US: E. Z. Poll 2
CVE-2008-3589 (Directory traversal vulnerability in download.php in moziloCMS 1.10.1, ...)
	NOT-FOR-US: mozilo CMS 1.10.1
CVE-2008-3588 (Multiple SQL injection vulnerabilities in phsBlog 0.1.1 allow remote ...)
	NOT-FOR-US: phsBlog 0.1.1
CVE-2008-3587 (Cross-site scripting (XSS) vulnerability in result.php in Chris ...)
	NOT-FOR-US: Homes 4 Sale
CVE-2008-3586 (SQL injection vulnerability in the EZ Store (com_ezstore) component ...)
	NOT-FOR-US: EZ Store (com_ezstore) component for Joomla!
CVE-2008-3585 (Multiple SQL injection vulnerabilities in PozScripts GreenCart PHP ...)
	NOT-FOR-US: PozScripts GreenCart PHP Shopping Cart
CVE-2008-3584 (NetBSD 3.0, 3.1, and 4.0, when a pppoe instance exists, does not ...)
	NOT-FOR-US: NetBSD
CVE-2008-3583 (Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTamper 2.07
CVE-2008-3582 (SQL injection vulnerability in login.php in Keld PHP-MySQL News Script ...)
	NOT-FOR-US: Keld PHP-MySQL News Script 0.7.1
CVE-2008-3581 (Cross-site scripting (XSS) vulnerability in index.php in Qsoft K-Links ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3580 (Multiple SQL injection vulnerabilities in Qsoft K-Links allow remote ...)
	NOT-FOR-US: Qsoft K-Links
CVE-2008-3579 (Calacode @Mail 5.41 on Linux does not require administrative ...)
	NOT-FOR-US: Calacode Atmail
CVE-2008-3578 (HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: HydraIRC
CVE-2008-3577 (Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows ...)
	- openttd 0.6.2-1 (unimportant)
	NOTE: no vulnerability at all, not exploitable remote or local, openttd
CVE-2008-3576 (Buffer overflow in the TruncateString function in src/gfx.cpp in ...)
	- openttd 0.6.2-1
CVE-2008-3575 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ezContents CMS
CVE-2008-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Pluck 4.5.2, ...)
	NOT-FOR-US: Pluck CMS
CVE-2008-3573 (The CAPTCHA implementation in (1) Pligg 9.9.5 and possibly (2) ...)
	NOT-FOR-US: Pligg
CVE-2008-3572 (Cross-site scripting (XSS) vulnerability in index.php in Pligg 9.9.5 ...)
	NOT-FOR-US: Pligg
CVE-2008-3571 (The Xerox Phaser 8400 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Xerox Phaser 8400
CVE-2008-3570 (PHP remote file inclusion vulnerability in index.php in Africa Be Gone ...)
	NOT-FOR-US: Africa Be Gone
CVE-2008-3569 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.6.7, ...)
	NOT-FOR-US: XAMPP
CVE-2008-3568 (Absolute path traversal vulnerability in ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: unak specific change, see fckeditor/unak_changes.txt in source
CVE-2008-3567 (Cross-zone scripting vulnerability in the NowPlaying functionality in ...)
	NOT-FOR-US: NullSoft Winamp
CVE-2008-3566 (Cross-site scripting (XSS) vulnerability in ZoneO-soft freeForum 1.7 ...)
	NOT-FOR-US: ZoneO-soft freeForum
CVE-2008-3565 (Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room ...)
	NOT-FOR-US: Meeting Room Booking System (MRBS)
CVE-2008-3564 (Multiple directory traversal vulnerabilities in index.php in Dayfox ...)
	NOT-FOR-US: Dayfox Blog
CVE-2008-3563 (Multiple SQL injection vulnerabilities in Plogger 3.0 and earlier ...)
	NOT-FOR-US: Plogger
CVE-2008-3562 (Directory traversal vulnerability in index.php in the Contact module ...)
	NOT-FOR-US: Chupix CMS
CVE-2008-3561 (SQL injection vulnerability in s03.php in Powergap Shopsystem, when ...)
	NOT-FOR-US: Powergap Shopsystem
CVE-2008-3560 (Cross-site scripting (XSS) vulnerability in kshop_search.php in the ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2008-3559 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-3558 (Stack-based buffer overflow in the WebexUCFObject ActiveX control in ...)
	NOT-FOR-US: Webex Meeting Manager (Windows)
CVE-2008-3557 (Free Hosting Manager 1.2 and 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Free Hosting Manager
CVE-2008-3556 (Multiple SQL injection vulnerabilities in index.php in Battle.net Clan ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-3555 (Directory traversal vulnerability in index.php in (1) WSN Forum 4.1.43 ...)
	NOT-FOR-US: Wsn Knowledge Base
CVE-2008-3554 (SQL injection vulnerability in index.php in Discuz! 6.0.1 allows ...)
	NOT-FOR-US: Discuz!
CVE-2008-3553 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3552 (Multiple unspecified vulnerabilities in Nokia Series 40 3rd edition ...)
	NOT-FOR-US: Nokia Series 40 3rd edition devices
CVE-2008-3551 (Multiple unspecified vulnerabilities in Sun Java Platform Micro ...)
	NOT-FOR-US: Sun Java Platform Micro Edition
CVE-2008-3550 (The CQWeb login page in IBM Rational ClearQuest 7.0.1 allows remote ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-3549 (Unspecified vulnerability in the pthread_mutex_reltimedlock_np API in ...)
	NOT-FOR-US: Sun Solaris 10 and OpenSolaris
CVE-2008-3548 (Unspecified vulnerability in the Sun Netra T5220 Server with firmware ...)
	NOT-FOR-US: Sun Netra T5220 Server
CVE-2008-3545 (Unspecified vulnerability in ovtopmd in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3544 (Multiple stack-based buffer overflows in ovalarmsrv in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2008-3543 (Unspecified vulnerability in NFS / ONCplus B.11.31_04 and earlier on ...)
	NOT-FOR-US: HP-UX
CVE-2008-3542 (Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 ...)
	NOT-FOR-US: HP Insight Diagnostics
CVE-2008-3541
	REJECTED
CVE-2008-3540
	RESERVED
CVE-2008-3539 (Unspecified vulnerability in HP OpenView Select Identity (HPSI) ...)
	NOT-FOR-US: HP OpenView Select Identity (HPSI)
CVE-2008-3538 (Unspecified vulnerability in HP Enterprise Discovery 2.0 through 2.52 ...)
	NOT-FOR-US: HP Enterprise Discovery
CVE-2008-3537 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3536 (Unspecified vulnerability in ovalarmsrv in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-3535 (Off-by-one error in the iov_iter_advance function in mm/filemap.c in ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	NOTE: 94ad374a0751f40d25e22e036c37f7263569d24c
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3534 (The shmem_delete_inode function in mm/shmem.c in the tmpfs ...)
	{DSA-1636-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: 14fcc23fdc78e9d32372553ccf21758a9bd56fa1
	NOTE: Fixed in 2.6.25.14 and 2.6.26.1
CVE-2008-3533 (Format string vulnerability in the window_error function in ...)
	{DTSA-154-1}
	- yelp 2.22.1-4 (low)
	[etch] - yelp <not-affected> (Vulnerable code not present)
CVE-2008-3531 (Stack-based buffer overflow in sys/kern/vfs_mount.c in the kernel in ...)
	- kfreebsd-7 7.0-5
CVE-2008-3530 (sys/netinet6/icmp6.c in the kernel in FreeBSD 6.3 through 7.1, NetBSD ...)
	- kfreebsd-6 6.3-7
	- kfreebsd-7 7.0-5
CVE-2008-3529 (Heap-based buffer overflow in the xmlParseAttValueComplex function in ...)
	{DSA-1654-1}
	- libxml2 2.6.32.dfsg-4 (bug #498768)
CVE-2008-3528 (The error-reporting functionality in (1) fs/ext2/dir.c, (2) ...)
	{DSA-1687-1 DSA-1681-1}
	- linux-2.6 2.6.26-11
	- linux-2.6.24 2.6.24-6~etchnhalf.7
	NOTE: cdbf6dba28e8e6268c8420857696309470009fd9 (ext3)
	NOTE: bd39597cbd42a784105a04010100e27267481c67 (ext2)
	NOTE: 9d9f177572d9e4eba0f2e18523b44f90dd51fe74 (ext4)
	NOTE: Comment from tytso:
	NOTE: Note: some people thinks this represents a security bug, since it
	NOTE: might make the system go away while it is printing a large number of
	NOTE: console messages, especially if a serial console is involved. Hence,
	NOTE: it has been assigned CVE-2008-3528, but it requires that the attacker
	NOTE: either has physical access to your machine to insert a USB disk with a
	NOTE: corrupted filesystem image (at which point why not just hit the power
	NOTE: button), or is otherwise able to convince the system administrator to
	NOTE: mount an arbitrary filesystem image (at which point why not just
	NOTE: include a setuid shell or world-writable hard disk device file or some
	NOTE: such). Me, I think they're just being silly.
CVE-2008-3527 (arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects ...)
	{DSA-1687-1}
	- linux-2.6 2.6.21-1
CVE-2008-3526 (Integer overflow in the sctp_setsockopt_auth_key function in ...)
	{DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	[etch] - linux-2.6 <not-affected>
CVE-2008-3525 (The sbni_ioctl function in drivers/net/wan/sbni.c in the wan subsystem ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-7
	- linux-2.6.24 2.6.24-6~etchnhalf.6
CVE-2008-3524 (rc.sysinit in initscripts before 8.76.3-1 on Fedora 9 and other Linux ...)
	NOT-FOR-US: rc.sysinit on Fedora
CVE-2008-3523
	RESERVED
CVE-2008-3522 (Buffer overflow in the jas_stream_printf function in ...)
	{DSA-2080-1}
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (medium; bug #559778)
	- gs-gpl <removed> (medium; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3521 (Race condition in the jas_stream_tmpfile function in ...)
	- jasper 1.900.1-5.1 (unimportant; bug #501021)
	NOTE: file is opened with O_EXCL even if tmpnam is used in this case
CVE-2008-3520 (Multiple integer overflows in JasPer 1.900.1 might allow ...)
	- jasper 1.900.1-5.1 (medium; bug #501021)
	- ghostscript 8.64~dfsg-2 (low; bug #559778)
	[lenny] - ghostscript <not-affected> (Too intrusive to backport)
	- gs-gpl <removed> (low; bug #561717)
	- netpbm-free <not-affected> (dynamically links to ghostscript if available)
CVE-2008-3519 (The default configuration of the JBossAs component in Red Hat JBoss ...)
	- jbossas4 <not-affected> (configuration not yet included in Debian package)
CVE-2008-3518
	REJECTED
CVE-2008-3517
	REJECTED
CVE-2008-3516 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3515 (Multiple cross-site scripting (XSS) vulnerabilities in files generated ...)
	NOT-FOR-US: Adobe Presenter
CVE-2008-3514 (VMware VirtualCenter 2.5 before Update 2 and 2.0.2 before Update 5 ...)
	NOT-FOR-US: VMware VirtualCenter
CVE-2008-3513 (SQL injection vulnerability in the Book Catalog module 1.0 for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3512 (SQL injection vulnerability in the Kleinanzeigen module for PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Image ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2008-3510 (Cross-site scripting (XSS) vulnerability in livehelp_js.php in Crafty ...)
	NOT-FOR-US: Crafty Syntax Live Help (CSLH)
CVE-2008-3509 (LoveCMS 1.6.2 does not require administrative authentication for (1) ...)
	NOT-FOR-US: LoveCMS
CVE-2008-3508 (LiteNews 0.1 (aka 01), and possibly 1.2 and earlier, allows remote ...)
	NOT-FOR-US: LiteNews
CVE-2008-3507 (SQL injection vulnerability in index.php in LiteNews 0.1 (aka 01), and ...)
	NOT-FOR-US: LiteNews
CVE-2008-3506 (SQL injection vulnerability in PolyPager 1.0 rc2 and earlier allows ...)
	NOT-FOR-US: PolyPager
CVE-2008-3505 (Cross-site scripting (XSS) vulnerability in PolyPager 1.0 rc2 and ...)
	NOT-FOR-US: PolyPager
CVE-2008-3504 (Unspecified vulnerability in mask PHP File Manager (mPFM) before 2.3 ...)
	NOT-FOR-US: mask PHP File Manager (mPFM)
CVE-2008-3503 (RSSFromParent in Plain Black WebGUI before 7.5.13 does not restrict ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-3502 (Unspecified vulnerability in Best Practical Solutions RT 3.0.0 through ...)
	NOT-FOR-US: Best Practical Solutions RT
CVE-2008-3501 (Cross-site scripting (XSS) vulnerability in the WebAccess simple ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-3500 (Cross-site scripting (XSS) vulnerability in the Suggested Terms module ...)
	NOT-FOR-US: suggested terms, additional drupal module
CVE-2008-3499 (Unspecified vulnerability in &quot;a page in the workarea folder&quot; in Ektron ...)
	NOT-FOR-US: Ektron CMS400.NET
CVE-2008-3498 (SQL injection vulnerability in the nBill (com_netinvoice) component ...)
	NOT-FOR-US: nBill, joomla component
CVE-2008-3497 (SQL injection vulnerability in pages.php in MyPHP CMS 0.3.1 allows ...)
	NOT-FOR-US: MyPHP CMS
CVE-2008-3496 (Buffer overflow in format descriptor parsing in the uvc_parse_format ...)
	- linux-2.6 2.6.26-2
	[etch] - linux-2.6 <not-affected> (code not present)
	- linux-2.6.24 <not-affected> (code not present)
CVE-2008-3495 (SQL injection vulnerability in kategori.asp in Pcshey Portal allows ...)
	NOT-FOR-US: Pcshey Portal
CVE-2008-3494 (8e6 R3000 Internet Filter 2.0.12.10 allows remote attackers to bypass ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-3493 (vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC ...)
	NOT-FOR-US: RealVNC Windows Client
CVE-2008-3492 (America's Army (aka AA or Army Game Project) 2.8.3.1 and earlier ...)
	NOT-FOR-US: America's Army (aka AA or Army Game Project)
CVE-2008-3491 (SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and ...)
	NOT-FOR-US: Scripts24 iPost
CVE-2008-3490 (SQL injection vulnerability in members/mail.php in E-topbiz Online ...)
	NOT-FOR-US: E-topbiz Online Dating 3
CVE-2008-3489 (SQL injection vulnerability in checkCookie function in ...)
	NOT-FOR-US: PHPX
CVE-2008-3488 (Unspecified vulnerability in Novell iManager before 2.7 SP1 (2.7.1) ...)
	NOT-FOR-US: Novell iManager
CVE-2008-3487 (SQL injection vulnerability in profile.php in PHPAuction GPL Enhanced ...)
	NOT-FOR-US: PHPAuction GPL Enhanced
CVE-2008-3486 (Directory traversal vulnerability in the user_get_profile function in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3485 (Untrusted search path vulnerability in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix MetaFrame Presentation Server
CVE-2008-3532 (The NSS plugin in libpurple in Pidgin 2.4.3 does not verify SSL ...)
	- pidgin 2.4.3-2 (bug #492434)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: http://developer.pidgin.im/ticket/6500
CVE-2008-3546 (Stack-based buffer overflow in the (1) diff_addremove and (2) ...)
	{DSA-1637-1 DTSA-153-1 DTSA-153-2}
	- git-core 1:1.5.6.5 (medium; bug #494097)
CVE-2008-3484 (SQL injection vulnerability in eStoreAff 0.1 allows remote attackers ...)
	NOT-FOR-US: eStoreAff
CVE-2008-3483 (Cross-site scripting (XSS) vulnerability in ScrewTurn Wiki 2.0.29 and ...)
	NOT-FOR-US: ScrewTurn Wiki
CVE-2008-3482 (Cross-site scripting (XSS) vulnerability in the error page feature in ...)
	NOT-FOR-US: Panasonic Network Camera
CVE-2008-3481 (themes/sample/theme.php in Coppermine Photo Gallery (CPG) 1.4.18 and ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-3480 (Stack-based buffer overflow in the Anzio Web Print Object (WePO) ...)
	NOT-FOR-US: Anzio Web Print Object
CVE-2008-3479 (Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3478
	REJECTED
CVE-2008-3477 (Microsoft Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3 does not ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-3476 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2008-3475 (Microsoft Internet Explorer 6 does not properly handle errors related ...)
	NOT-FOR-US: Microsoft
CVE-2008-3474 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
	NOT-FOR-US: Microsoft
CVE-2008-3473 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
	NOT-FOR-US: Microsoft
CVE-2008-3472 (Microsoft Internet Explorer 6 and 7 does not properly determine the ...)
	NOT-FOR-US: Microsoft
CVE-2008-3471 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2008-3470
	REJECTED
CVE-2008-3469
	REJECTED
CVE-2008-3468
	REJECTED
CVE-2008-3467
	REJECTED
CVE-2008-3466 (Microsoft Host Integration Server (HIS) 2000, 2004, and 2006 does not ...)
	NOT-FOR-US: Microsoft
CVE-2008-3465 (Heap-based buffer overflow in an API in GDI in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-3464 (afd.sys in the Ancillary Function Driver (AFD) component in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-3463
	REJECTED
CVE-2008-3462
	REJECTED
CVE-2008-3461
	REJECTED
CVE-2008-3460 (WPGIMP32.FLT in Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3459 (Unspecified vulnerability in OpenVPN 2.1-beta14 through 2.1-rc8, when ...)
	- openvpn 2.1~rc9-1 (low; bug #493488)
	NOTE: pull/push needs to be allowed, successful authentication, compromised or malicious server
	[etch] - openvpn <not-affected> (Upstream states that the 2.0.x versions are unaffected)
CVE-2008-3458 (Vtiger CRM before 5.0.4 stores sensitive information under the web ...)
	NOT-FOR-US: Vtiger CRM
CVE-2008-3457 (Cross-site scripting (XSS) vulnerability in setup.php in phpMyAdmin ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1
	NOTE: if an attacker can write arbitrary content to config/config.php you have way more problems than this XSS
CVE-2008-3455 (PHP remote file inclusion vulnerability in include/admin.php in ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3454 (JnSHosts PHP Hosting Directory 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: JnSHosts PHP Hosting Directory
CVE-2008-3453 (Multiple unspecified vulnerabilities in ImpressCMS 1.0 have unknown ...)
	NOT-FOR-US: ImpressCMS
CVE-2008-3452 (SQL injection vulnerability in the Calendar module in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia
CVE-2008-3451 (PhpWebGallery 1.7.0 and 1.7.1 allows remote authenticated users with ...)
	NOT-FOR-US: PhpWebGallery
CVE-2008-3450 (Unspecified vulnerability in the namefs kernel module in Sun Solaris 8 ...)
	NOT-FOR-US: Solaris
CVE-2008-3449 (MailEnable Professional 3.5.2 and Enterprise 3.52 allow remote ...)
	NOT-FOR-US: MailEnable
CVE-2008-3448 (Cross-site scripting (XSS) vulnerability in index.php in common ...)
	NOT-FOR-US: csphonebook
CVE-2008-3447 (The scanning engine in F-Prot Antivirus 6.2.1 4252 allows remote ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3446 (Directory traversal vulnerability in inc/wysiwyg.php in LetterIt 2 ...)
	NOT-FOR-US: LetterIt
CVE-2008-3445 (SQL injection vulnerability in index.php in phpMyRealty (PMR) 2.0.0 ...)
	NOT-FOR-US: phpMyRealty
CVE-2008-3444 (The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows ...)
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
CVE-2008-3443 (The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, ...)
	{DSA-1695-1}
	- ruby1.8 1.8.7.72-1 (low; bug #494401)
	- ruby1.9 1.9.0.2-9 (low)
	NOTE: Upstream commits 18212 (for 1.8) and 18213 (for 1.9).
	NOTE: this specific problem does not exist in ruby1.9 but a very similar problem
	NOTE: that has been fixed in this version (308_regexp_segv.dpatch)
CVE-2008-3442 (WinZip before 11.0 does not properly verify the authenticity of ...)
	NOT-FOR-US: WinZip
CVE-2008-3441 (Nullsoft Winamp before 5.24 does not properly verify the authenticity ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2008-3440 (Sun Java 1.6.0_03 and earlier versions, and possibly later versions, ...)
	- sun-java5 <not-affected> (only java updater for windows affected)
	- sun-java6 <not-affected> (only java updater for windows affected)
CVE-2008-3439 (SpeedBit Video Acceleration before 2.2.1.8 does not properly verify ...)
	NOT-FOR-US: SpeedBit Video Acceleration
CVE-2008-3438 (Apple Mac OS X does not properly verify the authenticity of updates, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-3437 (OpenOffice.org (OOo) before 2.1.0 does not properly verify the ...)
	- openoffice.org <not-affected> (update feature disabled)
CVE-2008-3436 (The GUP generic update process in Notepad++ before 4.8.1 does not ...)
	NOT-FOR-US: Notepad++
CVE-2008-3435 (LinkedIn Browser Toolbar 3.0.3.1100 and earlier does not properly ...)
	NOT-FOR-US: LinkedIn
CVE-2008-3434 (Apple iTunes before 10.5.1 does not properly verify the authenticity ...)
	NOT-FOR-US: Apple iTunes
CVE-2008-3433 (SpeedBit Download Accelerator Plus (DAP) before 8.6.3.9 does not ...)
	NOT-FOR-US: SpeedBit Download Accelerator Plus
CVE-2008-3432 (Heap-based buffer overflow in the mch_expand_wildcards function in ...)
	- vim <not-affected> (Vulnerable code only present in 6.2 and 6.3, none of them in the archive anymore)
CVE-2008-3430 (Buffer overflow in the CoVideoWindow.ocx ActiveX control 5.0.907.1 in ...)
	NOT-FOR-US: Eyeball MessengerSDK
CVE-2008-3428 (Session fixation vulnerability in phpFreeChat 1.1 allows remote ...)
	NOT-FOR-US: phpFreeChat
CVE-2008-3427
	REJECTED
CVE-2008-3426 (Unspecified vulnerability in the Solaris Platform Information and ...)
	NOT-FOR-US: Solaris
CVE-2008-3425 (Unspecified vulnerability in the Sun Java System Web Server 7.0 plugin ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-3424 (Condor before 7.0.4 does not properly handle wildcards in the ...)
	- condor <not-affected> (Fixed before initial upload to archive)
CVE-2008-3423 (IBM WebSphere Portal 5.1 through 6.1.0.0 allows remote attackers to ...)
	NOT-FOR-US: IBM WebSphere Portal
CVE-2008-3422 (Multiple cross-site scripting (XSS) vulnerabilities in the ASP.net ...)
	- mono 1.9.1+dfsg-4 (low; bug #494406)
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=413534
	NOTE: http://n2.nabble.com/-PATCH--HTML-encode-attributes-that-might-need-encoding-td584193.html
CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately ...)
	- openssh 1:3.6p1-1 (unimportant)
CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...)
	- openssh 1:3.8.1p1-8.sarge.4 (low)
CVE-2008-3431 (The VBoxDrvNtDeviceControl function in VBoxDrv.sys in Sun xVM ...)
	- virtualbox-ose <not-affected> (affects only windows host systems)
	NOTE: CORE-2008-0716
CVE-2008-3456 (phpMyAdmin before 2.11.8 does not sufficiently prevent its pages from ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.8~rc1-1 (low)
	NOTE: exploitation circumstances are rare or require other vulnerabilities to be present already. may fix combined with another issue but doesn't warrant DSA on its own
CVE-2008-3547 (Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows ...)
	- openttd 0.6.2-1 (medium; bug #493714)
CVE-2008-3421 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-3420 (Multiple SQL injection vulnerabilities in Mobius for Mimsy XG 1 ...)
	NOT-FOR-US: Mobius Web Publishing Software
CVE-2008-3419 (SQL injection vulnerability in ugroups.php in Youtuber Clone allows ...)
	NOT-FOR-US: Youtuber Clone
CVE-2008-3418 (SQL injection vulnerability in browse.php in TriO 2.1 and earlier ...)
	NOT-FOR-US: TriO
CVE-2008-3417 (SQL injection vulnerability in home/index.asp in fipsCMS light 2.1 and ...)
	NOT-FOR-US: fipsCMS
CVE-2008-3416 (SQL injection vulnerability in modules/members.php in IceBB before ...)
	NOT-FOR-US: IceBB
CVE-2008-3415 (Directory traversal vulnerability in common.php in CMScout 2.05, when ...)
	NOT-FOR-US: CMScout
CVE-2008-3414 (SQL injection vulnerability in line2.php in SiteAdmin allows remote ...)
	NOT-FOR-US: SiteAdmin
CVE-2008-3413 (SQL injection vulnerability in category.php in Greatclone GC Auction ...)
	NOT-FOR-US: Greatclone GC Auction Platinum
CVE-2008-3412 (SQL injection vulnerability in Comsenz EPShop (aka ECShop) before 3.0 ...)
	NOT-FOR-US: Comsenz EPShop
CVE-2008-3411 (The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 ...)
	NOT-FOR-US: The Axesstel AXW-D800 modem
CVE-2008-3410 (Unreal Tournament 3 1.3beta4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3409 (Buffer overflow in Unreal Tournament 3 1.3beta4 and earlier allows ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3408 (Stack-based buffer overflow in CoolPlayer 2.18, and possibly other ...)
	NOT-FOR-US: CoolPlayer
CVE-2008-3407 (phpLinkat 0.1 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3406 (SQL injection vulnerability in showcat.php in phpLinkat 0.1 allows ...)
	NOT-FOR-US: phpLinkat
CVE-2008-3405 (Directory traversal vulnerability in index.php in Ricardo Amaral ...)
	NOT-FOR-US: Ricardo Amaral nzFotolog
CVE-2008-3404 (Cross-site scripting (XSS) vulnerability in guestbook.js.php in ...)
	NOT-FOR-US: MJGuest
CVE-2008-3403 (SQL injection vulnerability in mojoClassified.cgi in MojoPersonals ...)
	NOT-FOR-US: MojoPersonals
CVE-2008-3402 (Multiple PHP remote file inclusion vulnerabilities in HIOX Browser ...)
	NOT-FOR-US: HIOX Browser Statistics
CVE-2008-3401 (PHP remote file inclusion vulnerability in hioxRandomAd.php in HIOX ...)
	NOT-FOR-US: HIOX Random Ad
CVE-2008-3400 (XRMS CRM 1.99.2 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3399 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3398 (Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 ...)
	NOT-FOR-US: XRMS CRM
CVE-2008-3397 (Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS ...)
	NOT-FOR-US: Runesoft Cerberus CMS
CVE-2008-3396 (Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote ...)
	NOT-FOR-US: Unreal Tournament
CVE-2008-3395 (Calacode @Mail 5.41 on Linux uses weak world-readable permissions for ...)
	NOT-FOR-US: Calacode
CVE-2008-3394 (Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in ...)
	NOT-FOR-US: BookMine
CVE-2008-3393 (SQL injection vulnerability in events.cfm in BookMine allows remote ...)
	NOT-FOR-US: BookMine
CVE-2008-3392 (Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3391 (Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum ...)
	NOT-FOR-US: Web Wiz Forum
CVE-2008-3390 (Directory traversal vulnerability in libraries/general.init.php in ...)
	NOT-FOR-US: Minishowcase Image Gallery
CVE-2008-3389 (Stack-based buffer overflow in the libbecompat library in Ingres 2.6, ...)
	NOT-FOR-US: Ingres
CVE-2008-3388 (Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote ...)
	NOT-FOR-US: Def-Blog
CVE-2008-3387 (SQL injection vulnerability in show.php in PHPFootball 1.6 allows ...)
	NOT-FOR-US: PHPFootball
CVE-2008-3386 (SQL injection vulnerability in album.php in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2008-3385 (Directory traversal vulnerability in include/head_chat.inc.php in php ...)
	NOT-FOR-US: Help Agent
CVE-2008-3384 (Multiple directory traversal vulnerabilities in help/help.php in ...)
	NOT-FOR-US: Interact Learning Community Environment Interact
CVE-2008-3383 (SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote ...)
	NOT-FOR-US: MojoAuto
CVE-2008-3382 (SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds ...)
	NOT-FOR-US: MojoClassifieds
CVE-2008-3381 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- moin 1.7.1-1 (low)
	[etch] - moin <not-affected> (Vulnerable macro not present)
CVE-2008-3380 (Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in ...)
	NOT-FOR-US: MyioSoft EasyBookMarker
CVE-2008-3379 (Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 ...)
	NOT-FOR-US: Snark VisualPic
CVE-2008-3378 (SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows ...)
	NOT-FOR-US: Fizzmedia
CVE-2008-3377 (SQL injection vulnerability in picture.php in phpTest 0.6.3 allows ...)
	NOT-FOR-US: phpTest
CVE-2008-3376 (Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have ...)
	NOT-FOR-US: JamRoom
CVE-2008-3375 (The jrCookie function in includes/jamroom-misc.inc.php in JamRoom ...)
	NOT-FOR-US: JamRoom
CVE-2008-3374 (SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier ...)
	NOT-FOR-US: Gregarius
CVE-2008-3373 (The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2008-3372 (SQL injection vulnerability in search_form.php in Getacoder Clone ...)
	NOT-FOR-US: Getacoder Clone
CVE-2008-3371 (Directory traversal vulnerability in install/help.php in TalkBack ...)
	NOT-FOR-US: TalkBack
CVE-2008-3370 (SQL injection vulnerability in the CUA Login Module in EMC Centera ...)
	NOT-FOR-US: CUA Login Module in EMC Centera Universal Access
CVE-2008-3369 (SQL injection vulnerability in products_rss.php in ViArt Shop 3.5 and ...)
	NOT-FOR-US: ViArt Shop
CVE-2008-3368 (PHP remote file inclusion vulnerability in tools/packages/import.php ...)
	NOT-FOR-US: ATutor
CVE-2008-3367 (Cross-site scripting (XSS) vulnerability in RTE_popup_link.asp in Web ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-3366 (SQL injection vulnerability in story.php in Pligg CMS Beta 9.9.0 ...)
	NOT-FOR-US: Pligg CMS
CVE-2008-3365 (Directory traversal vulnerability in index.php in Pixelpost 1.7.1 on ...)
	- pixelpost <not-affected> (Exploit relies on register_globals to be on)
CVE-2008-3364 (Buffer overflow in the ObjRemoveCtrl Class ActiveX control in ...)
	NOT-FOR-US: Trend Micro OfficeScan Corp Edition Web-Deployment
CVE-2008-3363 (Directory traversal vulnerability in user_portal.php in the Dokeos ...)
	NOT-FOR-US: Dokeos E-Learning System
CVE-2008-3362 (Unrestricted file upload vulnerability in upload.php in the Giulio ...)
	NOT-FOR-US: Giulio Ganci Wp Downloads Manager module
CVE-2008-3361 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote web ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3360 (Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 ...)
	NOT-FOR-US: IntelliTamper
CVE-2008-3359 (SQL injection vulnerability in register.php in Steve Bourgeois and ...)
	- owl-dms 0.95-1.1 (bug #493372)
CVE-2008-3358 (Cross-site scripting (XSS) vulnerability in Web Dynpro (WD) in the SAP ...)
	NOT-FOR-US: SAP NetWeaver portal
CVE-2008-3357 (Untrusted search path vulnerability in ingvalidpw in Ingres 2.6, ...)
	NOT-FOR-US: Ingres
CVE-2008-3356 (verifydb in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres ...)
	NOT-FOR-US: Ingres
CVE-2008-3355 (SQL injection vulnerability in sitemap.xml.php in Camera Life 2.6.2 ...)
	NOT-FOR-US: Camera Life
CVE-2008-3354 (Multiple PHP remote file inclusion vulnerabilities in the Newbb Plus ...)
	NOT-FOR-US: Newbb Plus
CVE-2008-3353 (Multiple cross-site scripting (XSS) vulnerabilities in Pure Software ...)
	NOT-FOR-US: Pure Software Lore
CVE-2008-3352 (SQL injection vulnerability in index.php in Live Music Plus 1.1.0 ...)
	NOT-FOR-US: Live Music Plus
CVE-2008-3351 (SQL injection vulnerability in atomPhotoBlog.php in Atom PhotoBlog ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2008-3350 (dnsmasq 2.43 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.44-1 (low)
	[etch] - dnsmasq <not-affected> (Issue was introduced in 2.43)
CVE-2008-3349 (Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on ...)
	NOT-FOR-US: NetApp Data ONTAP
CVE-2008-3348 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3347 (SQL injection vulnerability in staticpages/easycalendar/index.php in ...)
	NOT-FOR-US: MyioSoft EasyDynamicPages
CVE-2008-3346 (SQL injection vulnerability in product_detail.php in ShopCart DX ...)
	NOT-FOR-US: ShopCart DX
CVE-2008-3345 (SQL injection vulnerability in staticpages/easyecards/index.php in ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3344 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: MyioSoft EasyE-Cards
CVE-2008-3343 (SQL injection vulnerability in staticpages/easypublish/index.php in ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3342 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyPublish
CVE-2008-3341 (Multiple SQL injection vulnerabilities in search_result.cfm in Jobbex ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3340 (Cross-site scripting (XSS) vulnerability in search_result.cfm in ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3339 (search_result.cfm in Jobbex JobSite allows remote attackers to obtain ...)
	NOT-FOR-US: Jobbex JobSite
CVE-2008-3429 (Buffer overflow in URI processing in HTTrack and WinHTTrack before ...)
	{DSA-1626-1}
	- httrack 3.42.3-1 (low)
CVE-2008-3338 (Multiple buffer overflows in TIBCO Hawk (1) AMI C library ...)
	NOT-FOR-US: TIBCO Hawk
CVE-2008-3337 (PowerDNS Authoritative Server before 2.9.21.1 drops malformed queries, ...)
	{DSA-1628-1}
	- pdns 2.9.21.1-1 (low)
CVE-2008-3336 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB before ...)
	NOT-FOR-US: PunBB
CVE-2008-3335 (Unspecified vulnerability in PunBB before 1.2.19 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2008-3334 (Cross-site scripting (XSS) vulnerability in MyBB 1.2.x before 1.2.14 ...)
	NOT-FOR-US: MyBB
CVE-2008-3333 (Directory traversal vulnerability in core/lang_api.php in Mantis ...)
	- mantis 1.1.2+dfsg-2
	NOTE: I've marked the above version as fixed, however I am not sure if it wasn't fixed
	NOTE: earlier. However, lenny is fixed and it is not in etch and sarge is not supported anymore.
CVE-2008-3332 (Eval injection vulnerability in adm_config_set.php in Mantis before ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3331 (Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php ...)
	- mantis 1.1.2+dfsg-2
CVE-2008-3329 (Unspecified vulnerability in Links before 2.1, when &quot;only proxies&quot; is ...)
	- links2 2.1pre37-1.1 (low; bug #492744)
	[etch] - links2 <no-dsa> (Minor information leak)
CVE-2008-3328 (Cross-site scripting (XSS) vulnerability in the wiki engine in Trac ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-3324 (The PartyGaming PartyPoker client program 121/120 does not properly ...)
	NOT-FOR-US: PartyGaming PartyPoker
CVE-2008-3323 (setup.exe before 2.573.2.3 in Cygwin does not properly verify the ...)
	NOT-FOR-US: Cygwin
CVE-2008-3322 (admin/index.php in Maian Recipe 1.2 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3321 (admin/index.php in Maian Uploader 4.0 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3320 (admin/index.php in Maian Guestbook 3.2 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3319 (admin/index.php in Maian Links 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Maian *
CVE-2008-3318 (admin/index.php in Maian Weblog 4.0 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3317 (admin/index.php in Maian Search 1.1 and earlier allows remote ...)
	NOT-FOR-US: Maian *
CVE-2008-3316 (Cross-site scripting (XSS) vulnerability in the search feature in the ...)
	NOT-FOR-US: Geeklog
CVE-2008-3315 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2008-3314 (ZDaemon 1.08.07 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: ZDaemon
CVE-2008-3313 (Multiple PHP remote file inclusion vulnerabilities in CreaCMS 1.0 ...)
	NOT-FOR-US: CreaCMS
CVE-2008-3312 (Directory traversal vulnerability in ...)
	- fckeditor <not-affected> (Vulnerable code not present)
	NOTE: lemon cms patched sources, vulnerable code not present in plain fckeditor in no version.
	NOTE: if in doubt contact the fsckeditor people.
CVE-2008-3311 (PHP remote file inclusion vulnerability in config.php in Adam ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2008-3310 (SQL injection vulnerability in default.asp in Pre Survey Poll allows ...)
	NOT-FOR-US: Pre Survey Poll
CVE-2008-3309 (SQL injection vulnerability in info_book.asp in DigiLeave 1.2 and ...)
	NOT-FOR-US: DigiLeave
CVE-2008-3308 (PHP remote file inclusion vulnerability in cuenta/cuerpo.php in C. ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3307 (SQL injection vulnerability in todos.php in C. Desseno YouTube Blog ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3306 (SQL injection vulnerability in info.php in C. Desseno YouTube Blog ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3305 (Cross-site scripting (XSS) vulnerability in mensaje.php in C. Desseno ...)
	NOT-FOR-US: C. Desseno YouTube Blog
CVE-2008-3304 (BilboBlog 0.2.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3303 (admin/login.php in BilboBlog 0.2.1, when register_globals is enabled, ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3302 (SQL injection vulnerability in admin/delete.php in BilboBlog 0.2.1, ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3301 (Multiple cross-site scripting (XSS) vulnerabilities in BilboBlog 0.2.1 ...)
	NOT-FOR-US: BilboBlog
CVE-2008-3300 (AlphAdmin CMS 1.0.5/03 allows remote attackers to bypass ...)
	NOT-FOR-US: AlphAdmin CMS
CVE-2008-3299 (eSyndiCat 1.6 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: eSyndiCat
CVE-2008-3298 (SocialEngine (SE) before 2.83 grants certain write privileges for ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3297 (Multiple SQL injection vulnerabilities in SocialEngine (SE) before ...)
	NOT-FOR-US: SocialEngine
CVE-2008-3296 (Directory traversal vulnerability in modules/system/admin.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-3295 (Cross-site scripting (XSS) vulnerability in modules/system/admin.php ...)
	NOT-FOR-US: XOOPS
CVE-2008-3294 (src/configure.in in Vim 5.0 through 7.1, when used for a build with ...)
	- vim <not-affected> (Build issue)
	NOTE: It looks like the vulnerability only occurs during build, so it shouldn't be an issue for Debian
CVE-2008-3293 (Directory traversal vulnerability in download.php in EZWebAlbum allows ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3292 (constants.inc in EZWebAlbum 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: EZWebAlbum
CVE-2008-3291 (SQL injection vulnerability in index.php in AproxEngine (aka Aprox CMS ...)
	NOT-FOR-US: AproxEngine
CVE-2008-3290 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3289 (EMC Dantz Retrospect Backup Client 7.5.116 sends the password hash in ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3288 (The Server Authentication Module in EMC Dantz Retrospect Backup Server ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Server
CVE-2008-3287 (retroclient.exe in EMC Dantz Retrospect Backup Client 7.5.116 allows ...)
	NOT-FOR-US: EMC Dantz Retrospect Backup Client
CVE-2008-3286 (SWAT 4 1.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SWAT 4
CVE-2008-3285 (The Filesys::SmbClientParser module 2.7 and earlier for Perl allows ...)
	NOT-FOR-US: Filesys::SmbClientParser
CVE-2008-3284
	REJECTED
CVE-2008-3283 (Multiple memory leaks in Red Hat Directory Server 7.1 before SP7, Red ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-3282 (Integer overflow in the rtl_allocateMemory function in ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-3281 (libxml2 2.6.32 and earlier does not properly detect recursion during ...)
	{DSA-1631-1 DTSA-158-1}
	- libxml2 2.6.32.dfsg-3 (medium)
	- chromium-browser 5.0.375.29~r46008-1
CVE-2008-3280
	RESERVED
CVE-2008-3279 (Untrusted search path vulnerability in libbrlttybba.so in brltty 3.7.2 ...)
	- brltty <not-affected> (RedHat-specific)
CVE-2008-3278
	RESERVED
	- frysk <removed>
CVE-2008-3277 (Untrusted search path vulnerability in a certain Red Hat build script ...)
	- ibutils <not-affected> (RedHat-specific)
CVE-2008-3276 (Integer overflow in the dccp_setsockopt_change function in ...)
	{DSA-1653-1 DSA-1636-1}
	- linux-2.6 2.6.26-4
	- linux-2.6.24 2.6.24-6~etchnhalf.5
CVE-2008-3275 (The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: d70b67c8bc72ee23b55381bd6a884f4796692f77
CVE-2008-3274 (The default configuration of Red Hat Enterprise IPA 1.0.0 and FreeIPA ...)
	NOT-FOR-US: FreeIPA
CVE-2008-3273 (JBoss Enterprise Application Platform (aka JBossEAP or EAP) before ...)
	- jbossas4 <not-affected> (Only provides a few class libs)
CVE-2008-3272 (The snd_seq_oss_synth_make_info function in ...)
	{DSA-1636-1 DSA-1630-1}
	- linux-2.6.24 2.6.24-6~etchnhalf.5
	- linux-2.6 2.6.26-2
	NOTE: 82e68f7ffec3800425f2391c8c86277606860442
CVE-2008-3271 (Apache Tomcat 5.5.0 and 4.1.0 through 4.1.31 allows remote attackers ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.1
	- tomcat6 <not-affected>
	NOTE: It is unlikely that this is exploitable in real world scenarios.
CVE-2008-3270 (yum-rhn-plugin in Red Hat Enterprise Linux (RHEL) 5 does not verify ...)
	NOT-FOR-US: Red Hat
CVE-2008-3269 (WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full ...)
	NOT-FOR-US: WinRemotePC
CVE-2008-3268 (Unspecified vulnerability in phpScheduleIt 1.2.0 through 1.2.9, when ...)
	NOT-FOR-US: phpScheduleIt
CVE-2008-3267 (SQL injection vulnerability in mojoJobs.cgi in MojoJobs allows remote ...)
	NOT-FOR-US: MojoJobs
CVE-2008-3266 (SQL injection vulnerability in picture_pic_bv.asp in SoftAcid Hotel ...)
	NOT-FOR-US: SoftAcid Hotel Reservation System
CVE-2008-3265 (SQL injection vulnerability in the DT Register (com_dtregister) 2.2.3 ...)
	NOT-FOR-US: DT Register
CVE-2008-3264 (The FWDOWNL firmware-download implementation in Asterisk Open Source ...)
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-011.html
CVE-2008-3263 (The IAX2 protocol implementation in Asterisk Open Source 1.0.x, 1.2.x ...)
	- asterisk 1:1.4.21.2~dfsg-1
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: http://downloads.digium.com/pub/security/AST-2008-010.html
CVE-2008-3262 (Cross-site request forgery (CSRF) vulnerability in Claroline before ...)
	NOT-FOR-US: Claroline
CVE-2008-3261 (Open redirect vulnerability in claroline/redirector.php in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2008-3260 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2008-3259 (OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the ...)
	- openssh <not-affected> (linux check that the effective userid matches or that bind addresses dont overlap on rebind)
CVE-2008-3258 (Multiple SQL injection vulnerabilities in Zoph before 0.7.0.5 allow ...)
	- zoph 0.7.1-1
	NOTE: http://sourceforge.net/project/shownotes.php?group_id=69353&release_id=614672
CVE-2008-3257 (Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-3256 (SQL injection vulnerability in folder.php in Siteframe CMS 3.2.3 and ...)
	NOT-FOR-US: Siteframe CMS
CVE-2008-3255 (Cross-site scripting (XSS) vulnerability in LunarNight Laboratory ...)
	NOT-FOR-US: LunarNight Laboratory WebProxy
CVE-2008-3254 (SQL injection vulnerability in index.php in preCMS 1 allows remote ...)
	NOT-FOR-US: preCMS
CVE-2008-3253 (Cross-site scripting (XSS) vulnerability in the XenAPI HTTP interfaces ...)
	NOT-FOR-US: Citrix XenServer Express
CVE-2008-3252 (Stack-based buffer overflow in the read_article function in ...)
	{DSA-1622-1}
	- newsx 1.6-3 (bug #492742)
CVE-2008-3251 (Multiple SQL injection vulnerabilities in tplSoccerSite 1.0 allow ...)
	NOT-FOR-US: tplSoccerSite
CVE-2008-3250 (SQL injection vulnerability in index.php in Arctic Issue Tracker 2.0.0 ...)
	NOT-FOR-US: Arctic Issue Tracker
CVE-2008-3249 (The client in Lenovo System Update before 3.14 does not properly ...)
	NOT-FOR-US: Lenovo System Update
CVE-2008-3248 (qiomkfile in the Quick I/O for Database feature in Symantec Veritas ...)
	NOT-FOR-US: Symantec Veritas File System on HP-UX
CVE-2008-3247 (The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 ...)
	- linux-2.6 2.6.25-7
	[etch] - linux-2.6 <not-affected> (2.6.25-only issue)
	- linux-2.6.24 <not-affected> (2.6.25-only issue)
CVE-2008-3246 (Unspecified vulnerability in the PDF distiller component in the ...)
	NOT-FOR-US: BlackBerry Attachment Service
CVE-2008-3245 (SQL injection vulnerability in phpHoo3.php in phpHoo3 4.3.9, 4.3.10, ...)
	NOT-FOR-US: phpHoo3
CVE-2008-3244 (The scanning engine before 4.4.4 in F-Prot Antivirus before 6.0.9.0 ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3243 (Multiple unspecified vulnerabilities in the scanning engine before ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2008-3242 (Heap-based buffer overflow in the PPMedia Class ActiveX control in ...)
	NOT-FOR-US: PPMate
CVE-2008-3241 (SQL injection vulnerability in players-detail.php in UltraStats ...)
	NOT-FOR-US: UltraStats
CVE-2008-3240 (SQL injection vulnerability in index.php in AlstraSoft Affiliate ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2008-3239 (Unrestricted file upload vulnerability in the writeLogEntry function ...)
	NOT-FOR-US: PHPizabi
CVE-2008-3238 (Multiple SQL injection vulnerabilities in ITechBids 7.0 Gold allow ...)
	NOT-FOR-US: ITechBids
CVE-2008-3237 (Cross-site scripting (XSS) vulnerability in forward_to_friend.php in ...)
	NOT-FOR-US: ITechBids
CVE-2008-3236 (Unspecified vulnerability in Wsadmin in the System ...)
	NOT-FOR-US: Wsadmin
CVE-2008-3235 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-3234 (sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH ...)
	- openssh <unfixed> (unimportant)
	NOTE: this is by design
CVE-2008-3233 (Cross-site scripting (XSS) vulnerability in WordPress before 2.6, SVN ...)
	- wordpress <not-affected> (Code was only present in svn versions)
CVE-2008-3232 (Unrestricted file upload vulnerability in ecrire/images.php in ...)
	NOT-FOR-US: dotclear
CVE-2008-3231 (xine-lib before 1.1.15 allows remote attackers to cause a denial of ...)
	- xine-lib 1.1.14-2 (bug #492870; unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3230 (The ffmpeg lavf demuxer allows user-assisted attackers to cause a ...)
	- ffmpeg-debian 0.svn20080206-16 (unimportant; bug #498764; bug #498766)
	- ffmpeg 0.svn20080206-16 (unimportant)
	- xmovie <removed> (unimportant)
	NOTE: Only a NULL pointer deference, hardly security relevant
CVE-2008-3228 (Joomla! before 1.5.4 does not configure .htaccess to apply certain ...)
	NOT-FOR-US: Joomla
CVE-2008-3227 (Unspecified vulnerability in Joomla! before 1.5.4 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2008-3226 (The file caching implementation in Joomla! before 1.5.4 allows ...)
	NOT-FOR-US: Joomla
CVE-2008-3225 (Joomla! before 1.5.4 allows attackers to access administration ...)
	NOT-FOR-US: Joomla
CVE-2008-3217 (PowerDNS Recursor before 3.1.6 does not always use the strongest ...)
	{DSA-1544-2}
	- pdns-recursor 3.1.7-1 (low; bug #493576)
CVE-2008-3215 (libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...)
	{DSA-1616-2}
	- clamav 0.93.1.dfsg-1.1 (medium)
CVE-2008-3214 (dnsmasq 2.25 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.26-1 (medium)
CVE-2008-3213 (SQL injection vulnerability in secciones/tablon/tablon.php in WebCMS ...)
	NOT-FOR-US: WebCMS
CVE-2008-3212 (Multiple SQL injection vulnerabilities in Scripteen Free Image Hosting ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3211 (Scripteen Free Image Hosting Script 1.2 and 1.2.1 allows remote ...)
	NOT-FOR-US: Scripteen Free Image Hosting
CVE-2008-3210 (rutil/dns/DnsStub.cxx in ReSIProcate 1.3.2, as used by repro, allows ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3209 (Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in ...)
	NOT-FOR-US: Black Ice Document Imaging SDK
CVE-2008-3208 (Simple DNS Plus 4.1, 5.0, and possibly other versions before 5.1.101 ...)
	NOT-FOR-US: Simple DNS Plus
CVE-2008-3207 (PHP remote file inclusion vulnerability in cms/modules/form.lib.php in ...)
	NOT-FOR-US: Pragyan CMS
CVE-2008-3206 (SQL injection vulnerability in browse.groups.php in Yuhhu Pubs Black ...)
	NOT-FOR-US: Yuhhu Pubs Black Cat
CVE-2008-3205 (Directory traversal vulnerability in index.php in Easy-Script Wysi ...)
	NOT-FOR-US: Easy-Script Wysi Wiki Wyg
CVE-2008-3204 (SQL injection vulnerability in tops_top.php in E-topbiz Million Pixels ...)
	NOT-FOR-US: E-topbiz Million Pixels
CVE-2008-3203 (js/pages/pages_data.php in AuraCMS 2.2 through 2.2.2 does not perform ...)
	NOT-FOR-US: AuraCMS
CVE-2008-3202 (Cross-site scripting (XSS) vulnerability in index.php in Xomol CMS 1.2 ...)
	NOT-FOR-US: Xomol
CVE-2008-3201 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Pagefusion
CVE-2008-3200 (SQL injection vulnerability in vlc_forum.php in Avlc Forum as of ...)
	NOT-FOR-US: Avlc Forum
CVE-2008-3199 (Multiple unspecified vulnerabilities in ReSIProcate before 1.3.4 allow ...)
	NOT-FOR-US: ReSIProcate
CVE-2008-3198 (Mozilla Firefox 3.x before 3.0.1 allows remote attackers to inject ...)
	{DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-35.html
CVE-2008-3195 (Directory traversal vulnerability in bin/configure in TWiki before ...)
	{DSA-1639-1}
	- twiki 1:4.1.2-5 (low; bug #499534)
	NOTE: access to configure script is restricted to localhost on Debian
CVE-2008-3194 (Multiple directory traversal vulnerabilities in ...)
	NOT-FOR-US: pluck CMS
CVE-2008-3193 (SQL injection vulnerability in jSite 1.0 OE allows remote attackers to ...)
	NOT-FOR-US: jSite
CVE-2008-3192 (Directory traversal vulnerability in index.php in jSite 1.0 OE allows ...)
	NOT-FOR-US: jSite
CVE-2008-3191 (Multiple SQL injection vulnerabilities in usercp.php in mForum 0.1a, ...)
	NOT-FOR-US: mForum
CVE-2008-3190 (Directory traversal vulnerability in list.php in 1Scripts CodeDB 1.1.1 ...)
	NOT-FOR-US: CodeDB
CVE-2008-3189 (SQL injection vulnerability in dreamnews-rss.php in DreamNews Manager ...)
	NOT-FOR-US: DreamNews Manager
CVE-2008-3188 (libxcrypt in SUSE openSUSE 11.0 uses the DES algorithm when the ...)
	- libxcrypt <not-affected> (Suse issue)
CVE-2008-3187 (zypp-refresh-patches in zypper in SUSE openSUSE 10.2, 10.3, and 11.0 ...)
	NOT-FOR-US: SUSE Zypper
CVE-2008-3330 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-1765-1}
	- horde3 3.2.1+debian0-1 (low; bug #492578)
	- turba2 2.2.1-1 (low)
	[etch] - turba2 <not-affected> (only version 2.2 contains vulnerable code, etch has 2.1)
CVE-2008-3325 (Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before ...)
	{DSA-1691-1}
	- moodle 1.8.1-1 (low)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101405
CVE-2008-3326 (Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle ...)
	{DSA-1691-1}
	- moodle 1.8.2-2 (low; bug #492492)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101401
CVE-2008-3327 (Moodle 1.6.5, when display_errors is enabled, allows remote attackers ...)
	- moodle <removed> (unimportant)
	NOTE: http://moodle.org/mod/forum/discuss.php?d=101403
	NOTE: Does not allow any attack vectors, apart from gaining non-sensible information
CVE-2008-XXXX [mantis multiple issues]
	- mantis 1.1.2+dfsg-1 (low)
	NOTE: http://www.mantisbt.org/bugs/changelog_page.php
	NOTE: CVE id requested by redhat
	NOTE: 0008975 (CSRF) covered by CVE-2008-2276
	NOTE: 0008976 remote code execution only possible with valid administrator account
CVE-2008-3196 (skeleton.c in yacc does not properly handle reduction of a rule with ...)
	- byacc 20070509-1.1 (low; bug #491182)
	[etch] - byacc <no-dsa> (Minor issue)
CVE-2008-XXXX [libetpan NULL deref]
	- libetpan 0.54-3 (low)
	[etch] - libetpan <no-dsa> (Minor issue)
	NOTE: http://lwn.net/Alerts/287640/
	NOTE: http://libetpan.cvs.sourceforge.net/libetpan/libetpan/src/low-level/imf/mailimf.c?view=diff&r1=1.46&r2=1.47
CVE-2008-XXXX [XSS in press-this of wordpress]
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: this code was never present in a released wordpress version
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/15/5
CVE-2008-3224 (Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and ...)
	- phpbb3 3.0.2-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-3197 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin before ...)
	{DSA-1641-1}
	- phpmyadmin 4:2.11.7.1-1 (low)
	NOTE: this only allows via csrf to create an empty database.
	NOTE: this would take a lot of work to get it only to the 'annoying' level, let alone a DoS
CVE-2008-3186 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Blog ...)
	NOT-FOR-US: Chipmunk Blog
CVE-2008-3185 (SQL injection vulnerability in index.php in Relative Real Estate ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-3184 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2008-3183 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: gapicms
CVE-2008-3182 (Stack-based buffer overflow in DAP.exe in Download Accelerator Plus ...)
	NOT-FOR-US: Download Accelerator Plus
CVE-2008-3181 (Unrestricted file upload vulnerability in upload.php in ContentNow CMS ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3180 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ContentNow CMS
CVE-2008-3179 (Directory traversal vulnerability in website.php in Web 2 Business ...)
	NOT-FOR-US: phpDatingClub
CVE-2008-3178 (Unrestricted file upload vulnerability in upload_pictures.php in ...)
	NOT-FOR-US: WebXell Editor
CVE-2008-3177 (Sophos virus detection engine 2.75 on Linux and Unix, as used in ...)
	NOT-FOR-US: Sophos virus detection engine
CVE-2008-3176
	RESERVED
CVE-2008-3175 (Integer underflow in rxRPC.dll in the LGServer service in the ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-3174 (Unspecified vulnerability in the kmxfw.sys driver in CA Host-Based ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System (HIPS))
CVE-2008-3173 (Microsoft Internet Explorer allows web sites to set cookies for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3172 (Opera allows web sites to set cookies for country-specific top-level ...)
	NOT-FOR-US: Opera
CVE-2008-3171 (Apple Safari sends Referer headers containing https URLs to different ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3170 (Apple Safari allows web sites to set cookies for country-specific ...)
	NOT-FOR-US: Apple Safari
CVE-2008-3169 (Multiple heap-based buffer overflows in Empire Server before 4.3.15 ...)
	NOT-FOR-US: Empire Server
CVE-2008-3168 (The files utility in Empire Server before 4.3.15 discloses the world ...)
	NOT-FOR-US: Empire Server
CVE-2008-3167 (Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2008-3166 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BoonEx Ray
CVE-2008-3165 (Directory traversal vulnerability in rss.php in fuzzylime (cms) 3.01a ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3164 (Directory traversal vulnerability in blog.php in fuzzylime (cms) 3.01, ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3163 (Directory traversal vulnerability in dodosmail.php in DodosMail 2.5 ...)
	NOT-FOR-US: DodosMail
CVE-2008-3162 (Stack-based buffer overflow in the str_read_packet function in ...)
	{DSA-1781-1}
	- ffmpeg-debian 0.svn20080206-10 (bug #489965; low)
	- ffmpeg 0.svn20080206-10
	- xmovie <removed>
CVE-2008-3161 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: IBM Maximo
CVE-2008-3160 (Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2008-3159 (Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory ...)
	NOT-FOR-US: eDirectory
CVE-2008-3158 (Unspecified vulnerability in NWFS.SYS in Novell Client for Windows ...)
	NOT-FOR-US: Novell Client for Windows
CVE-2008-3157 (Nortel SIP Multimedia PC Client 4.x MCS5100 and MCS5200 does not limit ...)
	NOT-FOR-US: Nortel SIP Multimedia PC Client
CVE-2008-3156 (The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3155 (Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2008-3154 (SQL injection vulnerability in index.php in WebBlizzard CMS allows ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2008-3153 (SQL injection vulnerability in Triton CMS Pro allows remote attackers ...)
	NOT-FOR-US: Triton CMS Pro
CVE-2008-3152 (SQL injection vulnerability in directory.php in SmartPPC and SmartPPC ...)
	NOT-FOR-US: SmartPPC
CVE-2008-3151 (SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke ...)
	NOT-FOR-US: PHP-NUke
CVE-2008-3150 (Directory traversal vulnerability in index.php in Neutrino Atomic ...)
	NOT-FOR-US: Neutrino Atomic Edition
CVE-2008-3149 (The SNMP daemon in the F5 FirePass 1200 6.0.2 hotfix 3 allows remote ...)
	NOT-FOR-US: F5 FirePass
CVE-2008-3148 (Stack-based buffer overflow in (1) OllyDBG 1.10 and (2) ImpREC 1.7f ...)
	NOT-FOR-US: OllyDBG/ImpREC
CVE-2008-3147 (WeFi 3.2.1.4.1, when diagnostic mode is enabled, stores (1) WEP, (2) ...)
	NOT-FOR-US: WeFi
CVE-2008-3146 (Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly ...)
	{DTSA-167-1}
	- wireshark 1.0.3-1 (medium; bug #497878)
CVE-2008-3144 (Multiple integer overflows in the PyOS_vsnprintf function in ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.4 2.4.5-5
	- python2.5 2.5.2-7
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
CVE-2008-3143 (Multiple integer overflows in Python before 2.5.2 might allow ...)
	{DSA-1667-1}
	- python2.4 2.4.5-1
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.5 2.5.2-1
CVE-2008-3142 (Multiple buffer overflows in Python 2.5.2 and earlier on 32bit ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-3136 (SQL injection vulnerability in catalogue.php in AShop Deluxe 4.x ...)
	NOT-FOR-US: AShop Delux
CVE-2008-3135 (Soldner Secret Wars 33724 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Soldner Secret Wars
CVE-2008-3134 (Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 ...)
	{DSA-1903-1}
	- graphicsmagick 1.2.4-1 (bug #491439)
	- imagemagick <unfixed> (unimportant; bug #559775)
	NOTE: several DoS fixed in 1.2.4 according to upstream
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=610253
CVE-2008-3133 (SQL injection vulnerability in admin/index.php in BareNuked CMS 1.1.0, ...)
	NOT-FOR-US: BareNuked CMS
CVE-2008-3132 (SQL injection vulnerability in the beamospetition (com_beamospetition) ...)
	NOT-FOR-US: Joomla component
CVE-2008-3131 (SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when ...)
	NOT-FOR-US: PSys
CVE-2008-3130 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: OpenCart
CVE-2008-3129 (Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta ...)
	NOT-FOR-US: Catviz
CVE-2008-3128 (Directory traversal vulnerability in search.php in Pivot 1.40.5 allows ...)
	NOT-FOR-US: Pivot
CVE-2008-3127 (PHP remote file inclusion vulnerability in hioxBannerRotate.php in ...)
	NOT-FOR-US: HIOX Banner Rotator
CVE-2008-3126 (Multiple stack-based buffer overflows in the ServerView web interface ...)
	NOT-FOR-US: Fujitsu Siemens Computers ServerView
CVE-2008-3125 (SQL injection vulnerability in index.php in Mole Group Lastminute ...)
	NOT-FOR-US: Mole Group Lastminute Script
CVE-2008-3124 (SQL injection vulnerability in index.php in Mole Group Hotel Script ...)
	NOT-FOR-US: Mole Group
CVE-2008-3123 (SQL injection vulnerability in index.php in Mole Group Real Estate ...)
	NOT-FOR-US: Mole Group
CVE-2008-3122 (Multiple SQL injection vulnerabilities in Xerox CentreWare Web (CWW) ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3121 (Multiple cross-site scripting (XSS) vulnerabilities in Xerox ...)
	NOT-FOR-US: Xerox CentreWare Web
CVE-2008-3120
	REJECTED
CVE-2008-3119 (SQL injection vulnerability in index.php in DreamPics Builder allows ...)
	NOT-FOR-US: DreamPics Builder
CVE-2008-3118 (SQL injection vulnerability in play.php in PHPmotion 2.0 and earlier ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3117 (Unrestricted file upload vulnerability in update_profile.php in ...)
	NOT-FOR-US: PHPmotion
CVE-2008-3116 (Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou ...)
	NOT-FOR-US: Snail Game
CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...)
	NOT-FOR-US: ancient issue
CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...)
	NOT-FOR-US: ancient issue
CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...)
	NOT-FOR-US: ancient issue
CVE-2008-3229 (Stack-based buffer overflow in op before Changeset 563, when xauth ...)
	- op <not-affected> (not configured with xauth support)
CVE-2008-3218 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x ...)
	- drupal5 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, feature introduced in 6.0)
CVE-2008-3219 (The Drupal filter_xss_admin function in 5.x before 5.8 and 6.x before ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3220 (Cross-site request forgery (CSRF) vulnerability in Drupal 5.x before ...)
	- drupal5 5.8-1 (low; bug #490559)
	- drupal-4.7 <not-affected> (Vulnerable code not present)
	NOTE: drupal-4.7 uses the locale_admin_string_delete callback which returns a confirmation dialog
CVE-2008-3221 (Cross-site request forgery (CSRF) vulnerability in Drupal 6.x before ...)
	- drupal5 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, openids introduced in 6.0)
CVE-2008-3222 (Session fixation vulnerability in Drupal 5.x before 5.9 and 6.x before ...)
	- drupal5 5.9-1 (low; bug #490559)
	- drupal-4.7 <removed>
CVE-2008-3223 (SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 ...)
	- drupal5 <not-affected> (Vulnerable code not present, introduced in 6.0)
	- drupal-4.7 <not-affected> (Vulnerable code not present, introduced in 6.0)
CVE-2008-3145 (The fragment_add_work function in epan/reassemble.c in Wireshark ...)
	{DSA-1673-1}
	- wireshark 1.0.2-1 (low)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-04.html
CVE-2008-3115 (Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3114 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 6 ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3113 (Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3112 (Directory traversal vulnerability in Sun Java Web Start in JDK and JRE ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
	- openjdk-6 <undetermined> (bug #566770)
	[wheezy] - openjdk-6 <end-of-life>
CVE-2008-3111 (Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-04-1 (bug #490260)
CVE-2008-3110 (Unspecified vulnerability in scripting language support in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3109 (Unspecified vulnerability in scripting language support in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3108 (Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE ...)
	- sun-java5 1.5.0-10-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 <not-affected> (Only for sun-java5)
CVE-2008-3107 (Unspecified vulnerability in the Virtual Machine in Sun Java Runtime ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3106 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) in JDK ...)
	- sun-java5 1.5.0-16-1 (bug #490260)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3105 (Unspecified vulnerability in the JAX-WS client and service in Sun Java ...)
	- sun-java5 <not-affected> (Only for sun-java6)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3104 (Multiple unspecified vulnerabilities in Sun Java Runtime Environment ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3103 (Unspecified vulnerability in the Java Management Extensions (JMX) ...)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java5 1.5.0-16-1 (bug #490260)
	- sun-java6 6-07-1 (bug #490260)
CVE-2008-3102 (Mantis 1.1.x through 1.1.2 and 1.2.x through 1.2.0a2 does not set the ...)
	- mantis 1.1.2+dfsg-6 (low; bug #501179)
CVE-2008-3101 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
	NOT-FOR-US: vtiger CRM
CVE-2008-3100 (Cross-site scripting (XSS) vulnerability in lib/owl.lib.php in Steve ...)
	- owl-dms 0.95-1.1 (low; bug #493579)
CVE-2008-3099
	RESERVED
CVE-2008-3098 (Cross-site scripting (XSS) vulnerability in admin/usercheck.php in ...)
	NOT-FOR-US: fuzzylime
CVE-2008-3097 (Cross-site scripting (XSS) vulnerability in the Tinytax module (aka ...)
	NOT-FOR-US: additional drupal module Tinytax
CVE-2008-3096 (The Outline Designer module 5.x before 5.x-1.4 for Drupal changes each ...)
	NOT-FOR-US: additional drupal module Outline Designer
CVE-2008-3095 (Cross-site scripting (XSS) vulnerability in the Organic Groups (OG) ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3094 (The Organic Groups (OG) module 5.x before 5.x-7.3 and 6.x before ...)
	NOT-FOR-US: additional drupal module Organic Groups
CVE-2008-3093 (Unrestricted file upload vulnerability in ImperialBB 2.3.5 and earlier ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3092 (SQL injection vulnerability in the Taxonomy Autotagger module 5.x ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3091 (Cross-site scripting (XSS) vulnerability in the Taxonomy Autotagger ...)
	NOT-FOR-US: additional drupal module Taxonomy Autotagger
CVE-2008-3090 (Multiple SQL injection vulnerabilities in index.php in BlognPlus (BURO ...)
	NOT-FOR-US: BlognPlus
CVE-2008-3089 (SQL injection vulnerability in user.html in Xpoze Pro 3.06 (aka Xpoze ...)
	NOT-FOR-US: ImperialBB
CVE-2008-3088 (Cross-site scripting (XSS) vulnerability in the Files module in ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3087 (Directory traversal vulnerability in Kasseler CMS 1.3.0 allows remote ...)
	NOT-FOR-US: Kasseler CMS
CVE-2008-3086
	REJECTED
CVE-2008-3085
	REJECTED
CVE-2008-3084
	REJECTED
CVE-2008-3216 (The save function in br/prefmanager.d in projectl 1.001 creates a ...)
	- projectl 1.001.dfsg1-2 (low; bug #489988)
	[etch] - projectl <no-dsa> (Minor issue)
CVE-2008-3083 (SQL injection vulnerability in Brightcode Weblinks ...)
	NOT-FOR-US: com_brightweblinks omponent for Joomla!
CVE-2008-3082 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Commtouch Enterprise Anti-Spam Gateway
CVE-2008-3081 (Multiple unspecified &quot;input validation&quot; vulnerabilities in the Web ...)
	NOT-FOR-US: Avaya Message Storage Server
CVE-2008-3080 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: myBloggie
CVE-2008-3079 (Unspecified vulnerability in Opera before 9.51 on Windows allows ...)
	NOT-FOR-US: Opera
CVE-2008-3078 (Opera before 9.51 does not properly manage memory within functions ...)
	NOT-FOR-US: Opera
CVE-2008-3077 (arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the ...)
	- linux-2.6 2.6.25-7
	- linux-2.6.24 <not-affected> (Vulnerable code added later)
	[etch] - linux-2.6 <not-affected> (Vulnerable code added later)
	NOTE: 1e9a615bfce7996ea4d815d45d364b47ac6a74e8
CVE-2008-3076 (The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3075 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3074 (The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, ...)
	{DSA-1733-1}
	- vim 2:7.2.010-1 (bug #506919)
	[lenny] - vim 1:7.1.314-3+lenny1 (bug #506919)
	[squeeze] - vim 1:7.1.314-3+lenny1 (bug #506919)
CVE-2008-3073 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3072 (Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-3071 (Directory traversal vulnerability in inc/class_language.php in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2008-3070 (Unspecified vulnerability in inc/datahandler/user.php in MyBB before ...)
	NOT-FOR-US: MyBB
CVE-2008-3069 (Multiple cross-site scripting (XSS) vulnerabilities in MyBB before ...)
	NOT-FOR-US: MyBB
CVE-2008-3068 (Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, ...)
	NOT-FOR-US: Microsoft Crypto API
CVE-2008-3067 (sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when ...)
	- sudo 1.6.9p12-1
	[etch] - sudo <not-affected> (Issue was introduced in 1.6.9)
CVE-2008-3066 (Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3065
	RESERVED
CVE-2008-3064 (Unspecified vulnerability in RealNetworks RealPlayer Enterprise, ...)
	NOT-FOR-US: RealNetworks RealPlayer Enterprise
CVE-2008-3063 (SQL injection vulnerability in login.php in V-webmail 1.5.0 might ...)
	NOT-FOR-US: V-webmail
CVE-2008-3062
	RESERVED
CVE-2008-3061 (Open redirect vulnerability in redirect.php in V-webmail 1.5.0 allows ...)
	NOT-FOR-US: V-webmail
CVE-2008-3060 (V-webmail 1.5.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: V-webmail
CVE-2008-3059 (member/settings_account.php in Octeth Oempro 3.5.5.1, and possibly ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3058 (Multiple SQL injection vulnerabilities in Octeth Oempro 3.5.5.1, and ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3057 (Octeth Oempro 3.5.5.1, and possibly other versions before 4, does not ...)
	NOT-FOR-US: Octeth Oempro
CVE-2008-3056 (SQL injection vulnerability in the Codeon Petition (cd_petition) ...)
	NOT-FOR-US: cd_petition extension for TYPO3
CVE-2008-3055 (SQL injection vulnerability in the Support view (ext_tbl) extension ...)
	NOT-FOR-US: ext_tbl extension for TYPO3
CVE-2008-3054 (SQL injection vulnerability in the Branchenbuch (aka Yellow Pages ...)
	NOT-FOR-US: mh_branchenbuch extension for TYPO3
CVE-2008-3053 (SQL injection vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3052 (Unspecified vulnerability in the SQL Frontend (mh_omsqlio) extension ...)
	NOT-FOR-US: mh_omsqlio extension for TYPO3
CVE-2008-3051 (SQL injection vulnerability in the Pinboard extension 0.0.6 and ...)
	NOT-FOR-US: Pinboard extension for TYPO3
CVE-2008-3050 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3049 (The PDF Generator 2 (pdf_generator2) extension 0.5.0 and earlier for ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3048 (Unspecified vulnerability in the PDF Generator 2 (pdf_generator2) ...)
	NOT-FOR-US: pdfcreator extension for TYPO3
CVE-2008-3047 (Incomplete blacklist vulnerability in the KB Unpack (kb_unpack) ...)
	NOT-FOR-US: kb_unpack extension for TYPO3
CVE-2008-3046 (Incomplete blacklist vulnerability in the Packman (kb_packman) ...)
	NOT-FOR-US: kb_packman extension for TYPO3
CVE-2008-3045 (Unspecified vulnerability in the Industry Database (aka ...)
	NOT-FOR-US: pro_industrydb extension for TYPO3
CVE-2008-3044 (SQL injection vulnerability in the News Calendar (newscalendar) ...)
	NOT-FOR-US: newscalendar extension for TYPO3
CVE-2008-3043 (Unspecified vulnerability in the WEC Discussion Forum (wec_discussion) ...)
	NOT-FOR-US: wec_discussion extension for TYPO3
CVE-2008-3042 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3041 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3040 (Unspecified vulnerability in the DAM Frontend (dam_frontend) extension ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3039 (SQL injection vulnerability in the DAM Frontend (dam_frontend) ...)
	NOT-FOR-US: dam_frontend extension for TYPO3
CVE-2008-3038 (SQL injection vulnerability in the Address Directory (sp_directory) ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3037 (Cross-site scripting (XSS) vulnerability in the Address Directory ...)
	NOT-FOR-US: sp_directory extension for TYPO3
CVE-2008-3036 (Directory traversal vulnerability in index.php in CMS little 0.0.1 ...)
	NOT-FOR-US: CMS little
CVE-2008-3035 (SQL injection vulnerability in newThread.php in XchangeBoard 1.70 ...)
	NOT-FOR-US: XchangeBoard
CVE-2008-3034 (Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3033 (RSS-aggregator 1.0 does not require administrative authentication for ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-3032 (Cross-site scripting (XSS) vulnerability in the phpMyAdmin ...)
	NOT-FOR-US: phpmyadmin extension for TYPO3
CVE-2008-3031 (Directory traversal vulnerability in index.php in Simple PHP Agenda ...)
	NOT-FOR-US: Simple PHP Agenda
CVE-2008-3030 (SQL injection vulnerability in default.asp in EfesTECH Shop 2.0 allows ...)
	NOT-FOR-US: EfesTECH Shop
CVE-2008-3029 (Cross-site scripting (XSS) vulnerability in the WEC Discussion Forum ...)
	NOT-FOR-US: WEC Discussion Forum
CVE-2008-3028 (Multiple cross-site scripting (XSS) vulnerabilities in the Send-A-Card ...)
	NOT-FOR-US: sr_sendcard extension for TYPO3
CVE-2008-3027 (SQL injection vulnerability in get_article.php in VanGogh Web CMS 0.9 ...)
	NOT-FOR-US: VanGogh Web CMS
CVE-2008-3026 (SQL injection vulnerability in index.php in OneClick CMS (aka Sisplet ...)
	NOT-FOR-US: OneClick CMS
CVE-2008-3025 (SQL injection vulnerability in ad.php in plx Ad Trader 3.2 allows ...)
	NOT-FOR-US: plx Ad Trader
CVE-2008-3024 (Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) ...)
	NOT-FOR-US: phgrafx in QNX Momentics
CVE-2008-3023 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.6.2 and ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2008-3022 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: PHPortal
CVE-2008-3021 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3020 (Microsoft Office 2000 SP3 and XP SP3; Office Converter Pack; and Works ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3019 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3018 (Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter ...)
	NOT-FOR-US: Microsoft Office 2000
CVE-2008-3017
	REJECTED
CVE-2008-3016
	REJECTED
CVE-2008-3015 (Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3014 (Buffer overflow in gdiplus.dll in GDI+ in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3013 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3012 (gdiplus.dll in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-3011
	REJECTED
CVE-2008-3010 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3009 (Microsoft Windows Media Player 6.4, Windows Media Format Runtime 7.1 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-3008 (Stack-based buffer overflow in the WMEncProfileManager ActiveX control ...)
	NOT-FOR-US: Microsoft Windows Media Encoder
CVE-2008-3007 (Argument injection vulnerability in a URI handler in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office XP
CVE-2008-3006 (Microsoft Office Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3005 (Array index vulnerability in Microsoft Office Excel 2000 SP3 and 2002 ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3004 (Microsoft Office Excel 2000 SP3, 2002 SP3, and 2003 SP2 and SP3; ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3003 (Microsoft Office Excel 2007 Gold and SP1 does not properly delete the ...)
	NOT-FOR-US: Microsoft Office Excel
CVE-2008-3002
	REJECTED
CVE-2008-3001 (The Aggregation module 5.x before 5.x-4.4 for Drupal allows remote ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-3000 (The Aggregation module 5.x before 5.x-4.4 for Drupal, when node access ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2999 (Multiple SQL injection vulnerabilities in the Aggregation module 5.x ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2998 (Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation ...)
	NOT-FOR-US: additional drupal module Aggregation module
CVE-2008-2997 (Cross-site scripting (XSS) vulnerability in index.php in Gravity Board ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2996 (Multiple SQL injection vulnerabilities in index.php in Gravity Board X ...)
	NOT-FOR-US: Gravity Board
CVE-2008-2995 (Multiple SQL injection vulnerabilities in PHPEasyData 1.5.4 allow ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2994 (Multiple cross-site scripting (XSS) vulnerabilities in PHPEasyData ...)
	NOT-FOR-US: PHPEasyData
CVE-2008-2993 (Multiple directory traversal vulnerabilities in index.php in FOG Forum ...)
	NOT-FOR-US: FOG Forum
CVE-2008-2992 (Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2008-2991 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 ...)
	NOT-FOR-US: Adobe RoboHelp Server 7
CVE-2008-2990 (PHP remote file inclusion vulnerability in facileforms.frame.php in ...)
	NOT-FOR-US: FacileForms
CVE-2008-2989 (SQL injection vulnerability in index.php in HoMaP-CMS 0.1 allows ...)
	NOT-FOR-US: HoMaP-CMS
CVE-2008-2988 (Unrestricted file upload vulnerability in admin/upload.php in Benja ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2987 (Multiple cross-site scripting (XSS) vulnerabilities in Benja CMS 0.1 ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2986 (Multiple PHP remote file inclusion vulnerabilities in phpDMCA 1.0.0 ...)
	NOT-FOR-US: phpDMCA
CVE-2008-2985 (Directory traversal vulnerability in load_language.php in CMReams CMS ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2984 (Cross-site scripting (XSS) vulnerability in backend/umleitung.php in ...)
	NOT-FOR-US: CMReams CMS
CVE-2008-2983 (SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows ...)
	NOT-FOR-US: Demo4 CMS
CVE-2008-2982 (Multiple directory traversal vulnerabilities in HomePH Design 2.10 ...)
	NOT-FOR-US: HomePH
CVE-2008-2981 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: HomePH
CVE-2008-2980 (Multiple cross-site scripting (XSS) vulnerabilities in HomePH Design ...)
	NOT-FOR-US: HomePH
CVE-2008-2979 (Multiple cross-site scripting (XSS) vulnerabilities in phpi/login.php ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2978 (Directory traversal vulnerability in phpi/rss.php in Ourvideo CMS 9.5, ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2977 (Multiple PHP remote file inclusion vulnerabilities in Ourvideo CMS 9.5 ...)
	NOT-FOR-US: Ourvideo CMS
CVE-2008-2976 (Multiple directory traversal vulnerabilities in TinX/cms 1.1, when ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2975 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: TinX/cms
CVE-2008-2974 (Directory traversal vulnerability in chatconfig.php in MM Chat 1.5, ...)
	NOT-FOR-US: MM Chat
CVE-2008-2973 (Multiple cross-site scripting (XSS) vulnerabilities in chathead.php in ...)
	NOT-FOR-US: MM Chat
CVE-2008-2972 (SQL injection vulnerability in index.php in KbLance allows remote ...)
	NOT-FOR-US: KbLance
CVE-2008-2971 (SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows ...)
	NOT-FOR-US: CiBlog
CVE-2008-2970 (Multiple session fixation vulnerabilities in Academic Web Tools (AWT ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2969 (Directory traversal vulnerability in download.php in Academic Web ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2968 (SQL injection vulnerability in rating.php in Academic Web Tools (AWT ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2967 (Multiple cross-site scripting (XSS) vulnerabilities in Academic Web ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2966 (Directory traversal vulnerability in viewprofile.php in JaxUltraBB 2.0 ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2965 (Cross-site scripting (XSS) vulnerability in viewforum.php in ...)
	NOT-FOR-US: JaxUltraBB
CVE-2008-2964 (SQL injection vulnerability in guide.php in ResearchGuide 0.5 allows ...)
	NOT-FOR-US: ResearchGuide
CVE-2008-2963 (Multiple SQL injection vulnerabilities in MyBlog allow remote ...)
	NOT-FOR-US: MyBlog
CVE-2008-2962 (Multiple cross-site scripting (XSS) vulnerabilities in MyBlog allow ...)
	NOT-FOR-US: MyBlog
CVE-2008-2961 (Multiple directory traversal vulnerabilities in view/index.php in CMS ...)
	NOT-FOR-US: CMS Mini
CVE-2008-2959 (Buffer overflow in a certain ActiveX control (vb6skit.dll) in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2951 (Open redirect vulnerability in the search script in Trac before 0.10.5 ...)
	- trac 0.11-1
	[etch] - trac 0.10.3-1etch4
CVE-2008-2949 (Cross-domain vulnerability in Microsoft Internet Explorer 6 and 7 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2948 (Cross-domain vulnerability in Microsoft Internet Explorer 7 and 8 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2947 (Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2946 (The SNMP-DMI mapper subagent daemon (aka snmpXdmid) in Solstice ...)
	NOT-FOR-US: Solstice Enterprise Agents in Sun Solaris
CVE-2008-2945 (Sun Java System Access Manager 6.3 through 7.1 and Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2944 (Double free vulnerability in the utrace support in the Linux kernel, ...)
	- linux-2.6 <not-affected>
	[etch] - linux-2.6 <not-affected>
	- linux-2.6.24 <not-affected>
CVE-2008-2943 (Double free vulnerability in IBM Tivoli Directory Server (TDS) 6.1.0.0 ...)
	NOT-FOR-US: IBM Tivoli Directory Server
CVE-2008-2941 (The hpssd message parser in hpssd.py in HP Linux Imaging and Printing ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2940 (The alert-mailing implementation in HP Linux Imaging and Printing ...)
	- hplip 2.8.6-1 (low; bug #499842)
	[etch] - hplip <no-dsa> (Minor issue)
	NOTE: Does not affect current version in lenny, marking as fixed in current upstream release
CVE-2008-2939 (Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the ...)
	- apache2 2.2.9-7 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2938 (Directory traversal vulnerability in Apache Tomcat 4.1.0 through ...)
	NOTE: This is an issue in the respective JVMs, Tomcat only includes a workaround
	NOTE: Check status of free JVMs
	- tomcat5.5 5.5.26-5 (unimportant; bug #496309)
CVE-2008-2937 (Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a ...)
	- postfix 2.5.4-1 (low)
	[etch] - postfix <no-dsa> (minor issue)
CVE-2008-2936 (Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 ...)
	{DSA-1629-2 DSA-1629-1 DTSA-155-1}
	- postfix 2.5.4-1
CVE-2008-2935 (Multiple heap-based buffer overflows in the rc4 (1) encryption (aka ...)
	{DSA-1624-1 DTSA-152-1}
	- libxslt 1.1.24-2 (bug #493162)
	NOTE: http://www.ocert.org/advisories/ocert-2008-009.html
CVE-2008-2934 (Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to ...)
	- iceweasel <not-affected> (MacOS-specific)
CVE-2008-2933 (Mozilla Firefox before 2.0.0.16, and 3.x before 3.0.1, interprets '|' ...)
	{DSA-1697-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0.1-1 (low)
	- xulrunner 1.9.0.1-1
	- iceape 1.1.12-1
CVE-2008-2932 (Heap-based buffer overflow in Red Hat adminutil 1.1.6 allows remote ...)
	NOT-FOR-US: Red Hat adminutil
CVE-2008-2931 (The do_change_type function in fs/namespace.c in the Linux kernel ...)
	{DSA-1630-1}
	- linux-2.6 2.6.22
	NOTE: ee6f958291e2a768fd727e7a67badfff0b67711a
CVE-2008-2930 (Red Hat Directory Server 7.1 before SP7, Red Hat Directory Server 8, ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2929 (Multiple cross-site scripting (XSS) vulnerabilities in the adminutil ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2928 (Multiple buffer overflows in the adminutil library in CGI applications ...)
	NOT-FOR-US: Red Hat Directory Server / Fedora Directory Server
CVE-2008-2926 (The kmxfw.sys driver in CA Host-Based Intrusion Prevention System ...)
	NOT-FOR-US: r8 (Host-Based Intrusion Prevention System)
CVE-2008-2925 (SQL injection vulnerability in Webmatic before 2.8 allows remote ...)
	NOT-FOR-US: Webmatic
CVE-2008-2924 (Cross-site scripting (XSS) vulnerability in Webmatic before 2.8 allows ...)
	NOT-FOR-US: Webmatic
CVE-2008-2923 (Cross-site scripting (XSS) vulnerability in read/search/results in ...)
	NOT-FOR-US: Lyris ListManager
CVE-2008-2922 (Stack-based buffer overflow in artegic Dana IRC client 1.3 and earlier ...)
	NOT-FOR-US: Dana IRC client
CVE-2008-2921 (SQL injection vulnerability in index.php in EZTechhelp EZCMS 1.2 and ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2920 (admin/filemanager/ (aka the File Manager) in EZTechhelp EZCMS 1.2 and ...)
	NOT-FOR-US: EZTechhelp
CVE-2008-2919 (SQL injection vulnerability in listing.php in Gryphon gllcTS2 4.2.4 ...)
	NOT-FOR-US: Gryphon
CVE-2008-2918 (SQL injection vulnerability in details.php in Application Dynamics ...)
	NOT-FOR-US: Application Dynamics Cartweaver
CVE-2008-2917 (SQL injection vulnerability in productsofcat.asp in E-SMART CART ...)
	NOT-FOR-US: E-SMART CART
CVE-2008-2916 (Multiple SQL injection vulnerabilities in Pre ADS Portal 2.0 and ...)
	NOT-FOR-US: Pre ADS Portal
CVE-2008-2915 (Multiple SQL injection vulnerabilities in jobseekers/JobSearch.php ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2914 (SQL injection vulnerability in jobseekers/JobSearch3.php (aka the ...)
	NOT-FOR-US: Pre Job Board
CVE-2008-2913 (Directory traversal vulnerability in func.php in Devalcms 1.4a, when ...)
	NOT-FOR-US: Devalcms
CVE-2008-2912 (Multiple PHP remote file inclusion vulnerabilities in Contenido CMS ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2911 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Contenido CMS
CVE-2008-2910 (Buffer overflow in the DXTTextOutEffect ActiveX control (aka the ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2909 (SQL injection vulnerability in results.php in Clever Copy 3.0 allows ...)
	NOT-FOR-US: Clever Copy
CVE-2008-2908 (Multiple stack-based buffer overflows in a certain ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2907 (SQL injection vulnerability in admin/index.php in WebChamado 1.1, when ...)
	NOT-FOR-US: WebChamado
CVE-2008-2906 (SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 ...)
	NOT-FOR-US: WebChamado
CVE-2008-2905 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is only in experimental
	NOTE: filed removal bug for Mambo from experimental #490291
CVE-2008-2904 (SQL injection vulnerability in shop.php in Conkurent PHPMyCart allows ...)
	NOT-FOR-US: Conkurent PHPMyCart
CVE-2008-2903 (SQL injection vulnerability in news.php in Advanced Webhost Billing ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2008-2902 (SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2901 (Multiple SQL injection vulnerabilities in Haudenschilt Family ...)
	NOT-FOR-US: Haudenschilt Family Connections CMS
CVE-2008-2900 (SQL injection vulnerability in item.php in PHPAuction 3.2 allows ...)
	NOT-FOR-US: PHPAuction
CVE-2008-2899 (Unspecified vulnerability in includes/classes/page.php in j00lean-CMS ...)
	NOT-FOR-US: j00lean-CMS
CVE-2008-2898 (Directory traversal vulnerability in includes/header.php in ...)
	NOT-FOR-US: Hedgehog-CMS
CVE-2008-2897 (SQL injection vulnerability in index.php in PageSquid CMS 0.3 Beta ...)
	NOT-FOR-US: PageSquid
CVE-2008-2896 (Directory traversal vulnerability in index.php in FireAnt 1.3 allows ...)
	NOT-FOR-US: FireAnt
CVE-2008-2895 (Directory traversal vulnerability in index.php in AproxEngine 5.1.0.4 ...)
	NOT-FOR-US: AproxEngine
CVE-2008-2894 (Directory traversal vulnerability in the FTP client in NCH Software ...)
	NOT-FOR-US: NCH Software Classic FTP Windows
CVE-2008-2893 (SQL injection vulnerability in news.php in AJ Square aj-hyip (aka AJ ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2892 (SQL injection vulnerability in the EXP Shop (com_expshop) component ...)
	NOT-FOR-US: Joomla
CVE-2008-2891 (SQL injection vulnerability in index.php in eMuSOFT emuCMS 0.3 allows ...)
	NOT-FOR-US: emuCMS
CVE-2008-2890 (Multiple SQL injection vulnerabilities in Online Fantasy Football ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2008-2889 (Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP ...)
	NOT-FOR-US: AceBIT WISE-FTP
CVE-2008-2888 (Multiple PHP remote file inclusion vulnerabilities in MiGCMS 2.0.5, ...)
	NOT-FOR-US: MiGCMS
CVE-2008-2887 (Directory traversal vulnerability in index.php in chaozz@work ...)
	NOT-FOR-US: FubarForum
CVE-2008-2886 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jamroom
CVE-2008-2885 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Open Digital Assets Repository System
CVE-2008-2884 (PHP remote file inclusion vulnerability in display.php in ...)
	NOT-FOR-US: RSS-aggregator
CVE-2008-2883 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jamroom
CVE-2008-2882 (upgrade.asp in sHibby sHop 2.2 and earlier does not require ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2881 (Relative Real Estate Systems 3.0 and earlier stores passwords in ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2008-2880 (Heap-based buffer overflow in the IBM AFP Viewer Plug-in 2.0.7.1 and ...)
	NOT-FOR-US: IBM AFP Viewer Plug-in
CVE-2008-2879 (Benja CMS 0.1 does not require authentication for access to admin/, ...)
	NOT-FOR-US: Benja CMS
CVE-2008-2878 (Open redirect vulnerability in rss_getfile.php in Academic Web Tools ...)
	NOT-FOR-US: Academic Web Tools
CVE-2008-2877 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: cmsWorks
CVE-2008-2876 (Directory traversal vulnerability in index.php in mUnky 0.0.1 allows ...)
	NOT-FOR-US: mUnky
CVE-2008-2875 (SQL injection vulnerability in index.php in Webdevindo-CMS 1.0.0 ...)
	NOT-FOR-US: Webdevindo-CMS
CVE-2008-2874 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny Pics ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics
CVE-2008-2873 (sHibby sHop 2.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2872 (SQL injection vulnerability in default.asp in sHibby sHop 2.2 and ...)
	NOT-FOR-US: sHibby sHop
CVE-2008-2871 (Multiple cross-site scripting (XSS) vulnerabilities in template2.php ...)
	NOT-FOR-US: PEGames
CVE-2008-2870 (Multiple SQL injection vulnerabilities in ShareCMS 0.1 Beta allow ...)
	NOT-FOR-US: ShareCMS
CVE-2008-2869 (SQL injection vulnerability in out.php in E-topbiz Link ADS 1 allows ...)
	NOT-FOR-US: E-topbiz Link ADS
CVE-2008-2868 (SQL injection vulnerability in detail.asp in DUware DUcalendar 1.0 and ...)
	NOT-FOR-US: ware DUcalendar
CVE-2008-2867 (SQL injection vulnerability in adclick.php in E-topbiz Viral DX 1 2.07 ...)
	NOT-FOR-US: E-topbiz Viral
CVE-2008-2866 (SQL injection vulnerability in csc_article_details.php in Caupo.net ...)
	NOT-FOR-US: CaupoShop Classic
CVE-2008-2865 (SQL injection vulnerability in index.php in Kalptaru Infotech PHP Site ...)
	NOT-FOR-US: Kalptaru Infotech PHP Site
CVE-2008-2864 (eLineStudio Site Composer (ESC) 2.6 and earlier allows remote ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2863 (Multiple absolute path traversal vulnerabilities in eLineStudio Site ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2862 (Multiple SQL injection vulnerabilities in eLineStudio Site Composer ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2861 (Multiple cross-site scripting (XSS) vulnerabilities in eLineStudio ...)
	NOT-FOR-US: eLineStudio Site Composer
CVE-2008-2860 (SQL injection vulnerability in category.php in AJSquare AJ Auction Pro ...)
	NOT-FOR-US: AJSquare AJ Auction Pro Web
CVE-2008-2859 (Unspecified vulnerability in the IMAP service in NetWin SurgeMail ...)
	NOT-FOR-US: NetWin SurgeMail
CVE-2008-2858 (SQL injection vulnerability in index.php in WebChamado 1.1 allows ...)
	NOT-FOR-US: WebChamado
CVE-2008-2857 (AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2008-2856 (SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows ...)
	NOT-FOR-US: OwnRS
CVE-2008-2855 (Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 ...)
	NOT-FOR-US: OwnRS
CVE-2008-2854 (Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 ...)
	NOT-FOR-US: Orlando CMS
CVE-2008-2853 (SQL injection vulnerability in index.php in Easy Webstore 1.2 allows ...)
	NOT-FOR-US: Easy Webstore
CVE-2008-2852 (Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when ...)
	- cgiwrap <removed> (low; bug #497761)
	[etch] - cgiwrap <no-dsa> (Minor issue)
	NOTE: only applies to certain character sets and only works with
	NOTE: browsers. There isn't a good solution available, the patch uses
	NOTE: a compile-time charset specification. All in all not a real
	NOTE: priority to fix in etch.
CVE-2008-2851 (Multiple buffer overflows in OFF System before 0.19.14 allow remote ...)
	NOT-FOR-US: OFF System
CVE-2008-2850 (SQL injection vulnerability in the TrailScout module 5.x before ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2849 (Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x ...)
	NOT-FOR-US: additional drupal module TrailScout
CVE-2008-2848 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: MindTouch DekiWiki
CVE-2008-2847 (SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 ...)
	NOT-FOR-US: Maxtrade
CVE-2008-2846 (SQL injection vulnerability in index.php in BoatScripts Classifieds ...)
	NOT-FOR-US: BoatScripts Classifieds
CVE-2008-2845 (SQL injection vulnerability in index.php in MyBizz-Classifieds allows ...)
	NOT-FOR-US: MyBizz-Classifieds
CVE-2008-2844 (SQL injection vulnerability in index.php in Carscripts Classifieds ...)
	NOT-FOR-US: Carscripts Classifieds
CVE-2008-2843 (Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2842 (Cross-site scripting (XSS) vulnerability in edit/showmedia.asp in ...)
	NOT-FOR-US: doITLive CMS
CVE-2008-2950 (The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and ...)
	{DTSA-146-1}
	- poppler 0.8.4-1.1 (medium; bug #489756)
	[etch] - poppler <not-affected> (Vulnerable code not present)
	- xpdf <not-affected> (Page.cc is not allocating the widget and therefore not vulnerable in the destructor, attrs initialized)
CVE-2008-2927 (Multiple integer overflows in the msn_slplink_process_msg functions in ...)
	{DSA-1805-1 DSA-1610-1}
	- pidgin 2.4.3-1
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=453764
CVE-2008-3137 (The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3138 (The (1) PANA and (2) KISMET dissectors in Wireshark (formerly ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3139 (The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 0.99.8 to 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3140 (The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows ...)
	- wireshark 1.0.1-1 (low; bug #488834)
	[etch] - wireshark <not-affected> (Only affects 1.0.0)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-3141 (Unspecified vulnerability in the RMI dissector in Wireshark (formerly ...)
	{DSA-1673-1}
	- wireshark 1.0.1-1 (low; bug #488834)
	NOTE: http://www.wireshark.org/security/wnpa-sec-2008-03.html
CVE-2008-2952 (liblber/io.c in OpenLDAP 2.2.4 to 2.4.10 allows remote attackers to ...)
	{DSA-1650-1 DTSA-151-1}
	- openldap2.3 <removed> (low; bug #488710)
	- openldap 2.4.10-3 (low; bug #488710)
CVE-2008-2955 (Pidgin 2.4.1 allows remote attackers to cause a denial of service ...)
	- pidgin 2.4.3-1 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
CVE-2008-2956 (** DISPUTED ** ...)
	- pidgin <unfixed> (unimportant; bug #488632)
	NOTE: Non-issue per analysis of Pidgin upstream developers, should be rejected
CVE-2008-2957 (The UPnP functionality in Pidgin 2.0.0, and possibly other versions, ...)
	- pidgin 2.4.3-4 (low; bug #488632)
	- gaim <removed>
	[lenny] - gaim <not-affected> (gaim is now a transitional package depending on pidgin with its own source package)
	NOTE: probably only a bandwidth issue
CVE-2008-2942 (Directory traversal vulnerability in patch.py in Mercurial 1.0.1 ...)
	- mercurial 1.0.1-2 (low; bug #488628)
	[etch] - mercurial <not-affected> (Vulnerable functionality not present)
CVE-2008-2953 (Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2954 (client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows ...)
	- linuxdcpp 1.0.1-2 (low; bug #488630)
	[etch] - linuxdcpp <no-dsa> (Minor issue)
CVE-2008-2958 (Race condition in (1) checkinstall 1.6.1 and (2) installwatch allows ...)
	- checkinstall 1.6.1-7 (low; bug #488140)
CVE-2008-XXXX [werkzeug hashes its secret instead of using hmac]
	- python-werkzeug 0.3.1-1
	NOTE: http://web.archive.org/web/20081229140824/http://lucumr.pocoo.org:80/cogitations/2008/06/24/werkzeug-031-released/
CVE-2008-2841 (Argument injection vulnerability in XChat 2.8.7b and earlier on ...)
	- xchat <not-affected> (Windows specific problem)
CVE-2008-2840 (Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and ...)
	NOT-FOR-US: Exero CMS
CVE-2008-2839 (Cross-site scripting (XSS) vulnerability in the search module in ...)
	NOT-FOR-US: Traindepot
CVE-2008-2838 (Directory traversal vulnerability in index.php in Traindepot 0.1 ...)
	NOT-FOR-US: Traindepot
CVE-2008-2837 (SQL injection vulnerability in index.php in CMS-BRD allows remote ...)
	NOT-FOR-US: CMS-BRD
CVE-2008-2836 (PHP remote file inclusion vulnerability in send_reminders.php in ...)
	- webcalendar 1.0.5-1 (low)
	- gforge <not-affected> (code in lenny internally sets its own path)
CVE-2008-2835 (SQL injection vulnerability in cgi-bin/igsuite in IGSuite 3.2.4 allows ...)
	NOT-FOR-US: IGSuite
CVE-2008-2834 (SQL injection vulnerability in projects.php in Scientific Image ...)
	NOT-FOR-US: Scientific Image DataBase
CVE-2008-2833 (admin/upload.php in le.cms 1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: le.cms
CVE-2008-2832 (Unrestricted file upload vulnerability in calendar_admin.asp in Full ...)
	NOT-FOR-US: aspWebCalendar 2008
CVE-2008-2831 (Multiple cross-site scripting (XSS) vulnerabilities in the delegated ...)
	NOT-FOR-US: MailMarshal
CVE-2008-2830 (Open Scripting Architecture in Apple Mac OS X 10.4.11 and 10.5.4, and ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-2829 (php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete ...)
	{DTSA-144-1}
	- php5 5.2.6-2 (low)
	[etch] - php5 <no-dsa> (Fix not feasible for etch, low priority issue)
	NOTE: the fix sent to t-s and unstable does not seem possible in etch due to
	NOTE: missing api features from the version of libc-client in etch.
CVE-2008-2826 (Integer overflow in the sctp_getsockopt_local_addrs_old function in ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-6 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.4 (low)
	NOTE: 735ce972fbc8a65fb17788debd7bbe7b4383cc62, present in 2.6.25.9
CVE-2008-2825 (Cross-site scripting (XSS) vulnerability in the embedded Web Server in ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2824 (Unspecified vulnerability in the Extensible Interface Platform in Web ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2008-2823 (SQL injection vulnerability in newsarchive.php in PHPeasyblog ...)
	NOT-FOR-US: PHPeasyblog
CVE-2008-2822 (Multiple directory traversal vulnerabilities in the FTP client in ...)
	NOT-FOR-US: 3D-FTP Client
CVE-2008-2821 (Directory traversal vulnerability in the FTP client in Glub Tech ...)
	NOT-FOR-US: Glub Tech Secure FTP
CVE-2008-2820 (Directory traversal vulnerability in lang/lang-system.php in Open ...)
	NOT-FOR-US: Open Azimyt CMS
CVE-2008-2819 (SQL injection vulnerability in BlognPlus (BURO GUN +) 2.5.4 and ...)
	NOT-FOR-US: BlognPlus
CVE-2008-2818 (Directory traversal vulnerability in Easy-Clanpage 3.0 b1 allows ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-2817 (SQL injection vulnerability in albums.php in NiTrO Web Gallery 1.4.3 ...)
	NOT-FOR-US: NiTrO Web Gallery
CVE-2008-2816 (SQL injection vulnerability in post.php in Oxygen (aka O2PHP Bulletin ...)
	NOT-FOR-US: Oxygen
CVE-2008-2815 (SQL injection vulnerability in shopping/index.php in MyMarket 1.72 ...)
	NOT-FOR-US: MyMarket
CVE-2008-2814 (Cross-site scripting (XSS) vulnerability in WallCity-Server Shoutcast ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2813 (Directory traversal vulnerability in index.php in WallCity-Server ...)
	NOT-FOR-US: WallCity-Server
CVE-2008-2812 (The Linux kernel before 2.6.25.10 does not properly perform tty ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-7
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-2811 (The block reflow implementation in Mozilla Firefox before 2.0.0.15, ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2810 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	- iceweasel <not-affected> (Windows-specific)
	- iceape <not-affected> (Windows-specific)
CVE-2008-2809 (Mozilla 1.9 M8 and earlier, Mozilla Firefox 2 before 2.0.0.15, ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2808 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2807 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2806 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 on Mac OS ...)
	- iceweasel <not-affected> (MacOS-specific)
	- iceape <not-affected> (MacOS-specific)
CVE-2008-2805 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0
	NOTE: Firefox 3 not affected
	- iceape 1.1.10
	- xulrunner 1.9.0.1-1
CVE-2008-2804
	REJECTED
CVE-2008-2803 (The mozIJSSubScriptLoader.LoadScript function in Mozilla Firefox ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2802 (Mozilla Firefox before 2.0.0.15, Thunderbird 2.0.0.14 and earlier, and ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- icedove 2.0.0.16-1
	- xulrunner 1.9.0.1-1
CVE-2008-2801 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 do not ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2800 (Mozilla Firefox before 2.0.0.15 and SeaMonkey before 1.1.10 allow ...)
	{DSA-1697-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
CVE-2008-2799 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2798 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1607-1}
	- iceweasel 3.0~b2-1
	- iceape 1.1.10-1
	- xulrunner 1.9.0.1-1
	- icedove 2.0.0.16-1
CVE-2008-2797 (Cross-site scripting (XSS) vulnerability in MainLayout.do in ...)
	NOT-FOR-US: ManageEngine OpUtils
CVE-2008-2796 (SQL injection vulnerability in index.php in FreeCMS 0.2 allows remote ...)
	NOT-FOR-US: FreeCMS
CVE-2008-2795 (Directory traversal vulnerability in the FTP and SFTP clients in IDM ...)
	NOT-FOR-US: IDM Computer Solutions Inc UltraEdit
CVE-2008-2794 (Unspecified vulnerability in the GUI in Symantec Altiris Notification ...)
	NOT-FOR-US: Symantec Altiris Notification
CVE-2008-2793 (SQL injection vulnerability in group_posts.php in ClipShare before ...)
	NOT-FOR-US: ClipShare
CVE-2008-2792 (SQL injection vulnerability in index.php in eroCMS 1.4 and earlier ...)
	NOT-FOR-US: eroCMS
CVE-2008-2791 (SQL injection vulnerability in product.detail.php in Kalptaru Infotech ...)
	NOT-FOR-US: Kalptaru Infotech
CVE-2008-2790 (SQL injection vulnerability in detail.php in MountainGrafix easyTrade ...)
	NOT-FOR-US: MountainGrafix easyTrade
CVE-2008-2789 (SQL injection vulnerability in pages/index.php in BASIC-CMS allows ...)
	NOT-FOR-US: BASIC-CMS
CVE-2008-2788 (Cross-site scripting (XSS) vulnerability in index.php in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2787 (Cross-site scripting (XSS) vulnerability in out.php in OpenDocMan ...)
	NOT-FOR-US: OpenDocMan
CVE-2008-2960 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.11.7, ...)
	- phpmyadmin 4:2.11.7~rc2-1 (unimportant)
	NOTE: We haven't supported installations with register_globals enabled since a long time
CVE-2008-2827 (The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly ...)
	{DTSA-142-1}
	- perl 5.10.0-11 (bug #487319; medium)
	[etch] - perl <not-affected> (doesn't change link target permissions)
	NOTE: affects other packages like debsums, see bugreport
CVE-2008-2828 (Stack-based buffer overflow in tmsnc allows remote attackers to cause ...)
	- tmsnc 0.3.2-1.1 (low; bug #487222)
CVE-2008-2786 (Buffer overflow in Firefox 3.0 and 2.0.x has unknown impact and attack ...)
	NOT-FOR-US: Just hashes posted to full-disclosure, no specific information
	NOTE: Unless more specific information pops up, this can be considered covered by
	NOTE: CVE-2008-2785
CVE-2008-2785 (Mozilla Firefox before 2.0.0.16 and 3.x before 3.0.1, Thunderbird ...)
	{DSA-1697-1 DSA-1621-1 DSA-1615-1 DSA-1614-1}
	- iceweasel 3.0 (medium; bug #488358)
	- icedove 2.0.0.16-1
	- iceape 1.1.11-1 (bug #491163)
	- xulrunner 1.9.0.1-1 (bug #491161)
	NOTE: Since 3.0 iceweasel links against xulrunner, marking it as fixed, since also need to track etch
	NOTE: http://www.mozilla.org/security/announce/2008/mfsa2008-34.html
CVE-2008-2784 (The smtp_filter function in spamdyke before 3.1.8 does not filter RCPT ...)
	NOT-FOR-US: spamdyke
CVE-2008-2783 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	- kronolith2 <not-affected> (unimportant; Nonreproducable 'issue')
	- horde3 <not-affected> (unimportant; Nonreproducable 'issue')
	NOTE: not reproducible, redhat also seems to have problems reproducing this https://bugzilla.redhat.com/show_bug.cgi?id=452209
CVE-2008-2782 (Multiple directory traversal vulnerabilities in OtomiGenX 2.2 allow ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2781 (SQL injection vulnerability in index.php in DZOIC Handshakes 3.5 ...)
	NOT-FOR-US: DZOIC Handshakes
CVE-2008-2780 (The Anubis (aka Anubis+Ripe160) plugin before 1.3 for encrypt stores ...)
	NOT-FOR-US: Anubis
CVE-2008-2779 (Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 ...)
	NOT-FOR-US: GlobalSCAPE CuteFTP Home
CVE-2008-2778 (SQL injection vulnerability in inc/class_search.php in the Search ...)
	NOT-FOR-US: RevokeBB
CVE-2008-2777 (Cross-site scripting (XSS) vulnerability in Ortro before 1.3.1 allows ...)
	NOT-FOR-US: Ortro
CVE-2008-2776 (Cross-site scripting (XSS) vulnerability in search.asp in DT ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2775 (SQL injection vulnerability in search.asp in DT Centrepiece 4.0 allows ...)
	NOT-FOR-US: DT Centrepiece
CVE-2008-2774 (SQL injection vulnerability in item.php in CartKeeper CKGold Shopping ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2008-2773 (Cross-site scripting (XSS) vulnerability in the Taxonomy Image module ...)
	NOT-FOR-US: Taxonomy Image module for Drupal
CVE-2008-2772 (The Magic Tabs module 5.x before 5.x-1.1 for Drupal allows remote ...)
	NOT-FOR-US: Magic Tabs module for Drupal
CVE-2008-2771 (The Node Hierarchy module 5.x before 5.x-1.1 and 6.x before 6.x-1.0 ...)
	NOT-FOR-US: Node Hierarchy module for Drupal
CVE-2008-2770 (SQL injection vulnerability in index.php in MycroCMS 0.5, when ...)
	NOT-FOR-US: MycroCMS
CVE-2008-2769 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpRaider
CVE-2008-2768 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2767 (SQL injection vulnerability in search.asp in Xigla Poll Manager XE ...)
	NOT-FOR-US: Xigla Poll Manager XE
CVE-2008-2766 (Cross-site scripting (XSS) vulnerability in Xigla Absolute Image ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2765 (SQL injection vulnerability in gallery.asp in Xigla Absolute Image ...)
	NOT-FOR-US: Xigla Absolute Image Gallery XE
CVE-2008-2764 (Cross-site scripting (XSS) vulnerability in admin/search.asp in Xigla ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2763 (SQL injection vulnerability in search.asp in Xigla Absolute Live ...)
	NOT-FOR-US: Xigla Absolute Live Support XE
CVE-2008-2762 (SQL injection vulnerability in search.asp in Xigla Absolute Form ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2761 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2760 (SQL injection vulnerability in searchbanners.asp in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute Banner Manager XE
CVE-2008-2759 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute Form Processor XE
CVE-2008-2758 (Multiple cross-site scripting (XSS) vulnerabilities in Xigla Absolute ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2757 (SQL injection vulnerability in search.asp in Xigla Absolute News ...)
	NOT-FOR-US: Xigla Absolute News Manager XE
CVE-2008-2756 (Cross-site scripting (XSS) vulnerability in admin/users.asp in Xigla ...)
	NOT-FOR-US: Xigla Absolute Control Panel XE
CVE-2008-2755 (SQL injection vulnerability in index.php in JAMM CMS allows remote ...)
	NOT-FOR-US: JAMM CMS
CVE-2008-2754 (SQL injection vulnerability in toplists.php in eFiction 3.0 and 3.4.3, ...)
	NOT-FOR-US: eFiction
CVE-2008-2753 (Multiple SQL injection vulnerabilities in Pooya Site Builder (PSB) 6.0 ...)
	NOT-FOR-US: Pooya Site Builder
CVE-2008-2752 (Microsoft Word 2000 9.0.2812 and 2003 11.8106.8172 does not properly ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-2751 (Multiple cross-site scripting (XSS) vulnerabilities in the Glassfish ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2750 (The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux ...)
	- linux-2.6 2.6.26
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.23)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: 6b6707a50c7598a83820077393f8823ab791abf8
CVE-2008-2749 (Unspecified vulnerability in cshttpd in Sun Java System Calendar ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2748 (Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Skulltag
CVE-2008-2747 (No-IP Dynamic Update Client (DUC) 2.2.1 on Windows uses weak ...)
	NOT-FOR-US: Windows
CVE-2008-2746 (SQL injection vulnerability in login.php in Gryphon gllcTS2 4.2.4 ...)
	NOT-FOR-US: Gryphon gllcTS2
CVE-2008-2745 (Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in ...)
	NOT-FOR-US: BiAnno ActiveX Control
CVE-2008-2744 (Cross-site scripting (XSS) vulnerability in vBulletin 3.6.10 and 3.7.1 ...)
	NOT-FOR-US: vBulletin
CVE-2008-2743 (Cross-site scripting (XSS) vulnerability in the embedded web server in ...)
	NOT-FOR-US: web server Xerox
CVE-2008-2742 (Unrestricted file upload in the mcpuk file editor ...)
	NOT-FOR-US: Achievo
CVE-2008-2741
	RESERVED
CVE-2008-2740
	RESERVED
CVE-2008-2739 (The SERVICE.DNS signature engine in the Intrusion Prevention System ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-2738
	RESERVED
CVE-2008-2737
	REJECTED
CVE-2008-2736 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2735 (The HTTP server in Cisco Adaptive Security Appliance (ASA) 5500 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2734 (Memory leak in the crypto functionality in Cisco Adaptive Security ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2733 (Cisco PIX and Adaptive Security Appliance (ASA) 5500 devices 7.2 ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2732 (Multiple unspecified vulnerabilities in the SIP inspection ...)
	NOT-FOR-US: Cisco Adaptive Security Appliance (ASA)
CVE-2008-2731
	RESERVED
CVE-2008-2730 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: cisco
CVE-2008-2729 (arch/x86_64/lib/copy_user.S in the Linux kernel before 2.6.19 on some ...)
	{DSA-1630-1}
	- linux-2.6 2.6.19-1
	NOTE: 3022d734a54cbd2b65eea9a024564821101b4a9a
CVE-2008-2728
	REJECTED
CVE-2008-2727
	REJECTED
CVE-2008-2726 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2725 (Integer overflow in the (1) rb_ary_splice function in Ruby 1.8.4 and ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2718 (Cross-site scripting (XSS) vulnerability in fe_adminlib.inc in TYPO3 ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2716 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-2715 (Unspecified vulnerability in Opera before 9.5 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2008-2714 (Opera before 9.26 allows remote attackers to misrepresent web page ...)
	NOT-FOR-US: Opera
CVE-2008-2710 (Integer signedness error in the ip_set_srcfilter function in the IP ...)
	NOT-FOR-US: Solaris
CVE-2008-2709 (Buffer overflow in the BrSmRcvAndCheck function in the RCHMGR module ...)
	NOT-FOR-US: Solaris
CVE-2008-2708 (Unspecified vulnerability in the Sun (1) UltraSPARC T2 and (2) ...)
	NOT-FOR-US: Solaris
CVE-2008-2707 (Unspecified vulnerability in the e1000g driver in Sun Solaris 10 and ...)
	NOT-FOR-US: Solaris
CVE-2008-2706 (Unspecified vulnerability in the event port implementation in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2705 (Unspecified vulnerability in Sun Java System Access Manager (AM) 7.1, ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2008-2704 (Novell GroupWise Messenger (GWIM) before 2.0.3 Hot Patch 1 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2703 (Multiple stack-based buffer overflows in Novell GroupWise Messenger ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2702 (Directory traversal vulnerability in the FTP client in ALTools ESTsoft ...)
	NOT-FOR-US: ALTools ESTsoft ALFTP
CVE-2008-2701 (SQL injection vulnerability in the GameQ (com_gameq) component 4.0 and ...)
	NOT-FOR-US: joomla extension
CVE-2008-2700 (SQL injection vulnerability in view.php in Galatolo WebManager 1.0 and ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2699 (Multiple directory traversal vulnerabilities in Galatolo WebManager ...)
	NOT-FOR-US: Galatolo WebManager
CVE-2008-2698 (Multiple cross-site scripting (XSS) vulnerabilities in photo_add-c.php ...)
	NOT-FOR-US: WEBalbum
CVE-2008-2697 (SQL injection vulnerability in the Rapid Recipe (com_rapidrecipe) ...)
	NOT-FOR-US: joomla extension
CVE-2008-2695 (Directory traversal vulnerability in entry.php in phpInv 0.8.0 allows ...)
	NOT-FOR-US: phpInv
CVE-2008-2694 (Cross-site scripting (XSS) vulnerability in search.php in phpInv 0.8.0 ...)
	NOT-FOR-US: phpInv
CVE-2008-2693 (Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control ...)
	NOT-FOR-US: ActiveX control
CVE-2008-2692 (SQL injection vulnerability in the yvComment (com_yvcomment) component ...)
	NOT-FOR-US: Joomla!
CVE-2008-2691 (SQL injection vulnerability in read.asp in JiRo's FAQ Manager ...)
	NOT-FOR-US: JiRo's FAQ Manager eXperience
CVE-2008-2690 (Multiple PHP remote file inclusion vulnerabilities in BrowserCRM ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2689 (PHP remote file inclusion vulnerability in pub/clients.php in ...)
	NOT-FOR-US: BrowserCRM
CVE-2008-2688 (SQL injection vulnerability in pilot.asp in ASPilot Pilot Cart 7.3 ...)
	NOT-FOR-US: ASPilot Pilot Cart
CVE-2008-2687 (Directory traversal vulnerability in inc/config.php in ProManager 0.73 ...)
	NOT-FOR-US: ProManager
CVE-2008-2686 (webinc/bxe/scripts/loadsave.php in Flux CMS 1.5.0 and earlier allows ...)
	NOT-FOR-US: Flux CMS
CVE-2008-XXXX [insecure tempfile in wdiff]
	- wdiff 0.5-18 (low; bug #425254)
	[etch] - wdiff  <no-dsa> (Minor issue)
CVE-2008-2719 (Off-by-one error in the ppscan function (preproc.c) in Netwide ...)
	- nasm 2.03.01-1 (low; bug #486715)
	[etch] - nasm <not-affected> (vulnerable code not present)
CVE-2008-2712 (Vim 7.1.314, 6.4, and other versions allows user-assisted remote ...)
	{DSA-1733-1 DTSA-143-1}
	- vim 1:7.1.314-3 (low; bug #486502)
CVE-2008-2696 (Exiv2 0.16 allows user-assisted remote attackers to cause a denial of ...)
	- exiv2 0.17-1 (low; bug #486328)
	[etch] - exiv2 <no-dsa> (Minor issue)
	NOTE: http://dev.robotbattle.com/cgi-bin/viewvc.cgi/exiv2/trunk/src/nikonmn.cpp?r1=1473&r2=1499
CVE-2008-2713 (libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...)
	{DSA-1616-2 DTSA-138-1}
	- clamav 0.93.1.dfsg-1.1 (low; bug #490925)
CVE-2008-2711 (fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, ...)
	- fetchmail 6.3.9~rc2-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	NOTE: http://www.openwall.com/lists/oss-security/2008/06/13/1
	NOTE: -vv is only used for debugging purposes so this does not
	NOTE: prevent a victim from getting mails. -vv is not used in non-interactive
	NOTE: use.
CVE-2008-2720 (Cross-site scripting (XSS) vulnerability in Menalto Gallery before ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2721 (Unspecified vulnerability in the album-select module in Menalto ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2722 (Menalto Gallery before 2.2.5 allows remote attackers to bypass ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2723 (embed.php in Menalto Gallery before 2.2.5 allows remote attackers to ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2724 (Menalto Gallery before 2.2.5 does not enforce permissions for ...)
	- gallery2 2.2.5-1 (low; bug #485947)
	- gallery <not-affected> (Vulnerable code not present, different codebase)
CVE-2008-2717 (TYPO3 4.0.x before 4.0.9, 4.1.x before 4.1.7, and 4.2.x before 4.2.1, ...)
	{DSA-1596-1}
	- typo3-src 4.1.7-1 (bug #485814)
CVE-2008-2685 (SQL injection vulnerability in article.asp in Battle Blog 1.25 Build 4 ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2684 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2683 (The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black ...)
	NOT-FOR-US: Black Ice Barcode
CVE-2008-2682 (_RealmAdmin/login.asp in Realm CMS 2.3 and earlier allows remote ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2681 (Realm CMS 2.3 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2680 (Multiple cross-site scripting (XSS) vulnerabilities in _db/compact.asp ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2679 (SQL injection vulnerability in the KeyWordsList function in ...)
	NOT-FOR-US: Realm CMS
CVE-2008-2678 (Multiple SQL injection vulnerabilities in Telephone Directory 2008, ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2677 (Cross-site scripting (XSS) vulnerability in edit1.php in Telephone ...)
	NOT-FOR-US: Telephone Directory 2008
CVE-2008-2676 (SQL injection vulnerability in the iJoomla News Portal ...)
	NOT-FOR-US: com_news_portal component for Joomla!
CVE-2008-2675 (Cross-site scripting (XSS) vulnerability in index.php in PHP Image ...)
	NOT-FOR-US: PHP Image Gallery
CVE-2008-2674 (Unspecified vulnerability in the Interstage Management Console, as ...)
	NOT-FOR-US: Interstage Management Console
CVE-2008-2673 (SQL injection vulnerability in index.php in Powie pNews 2.08 and 2.10, ...)
	NOT-FOR-US: pNews
CVE-2008-2672 (Multiple directory traversal vulnerabilities in ErfurtWiki R1.02b and ...)
	- ewiki <removed> (unimportant)
	NOTE: register_globals is not supported
CVE-2008-2671 (SQL injection vulnerability in comments.php in DCFM Blog 0.9.4 allows ...)
	NOT-FOR-US: DCFM Blog
CVE-2008-2670 (Multiple SQL injection vulnerabilities in index.php in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2008-2669 (Multiple SQL injection vulnerabilities in yBlog 0.2.2.2 allow remote ...)
	NOT-FOR-US: yBlog
CVE-2008-2668 (Multiple cross-site scripting (XSS) vulnerabilities in yBlog 0.2.2.2 ...)
	NOT-FOR-US: yBlog
CVE-2008-2666 (Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier ...)
	- php5 <removed> (unimportant)
	NOTE: safe mode not supported
CVE-2008-2665 (Directory traversal vulnerability in the posix_access function in PHP ...)
	- php5 5.2.6.dfsg.1-3 (unimportant)
	NOTE: safe mode not supported
CVE-2008-2664 (The rb_str_format function in Ruby 1.8.4 and earlier, 1.8.5 before ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2663 (Multiple integer overflows in the rb_ary_store function in Ruby 1.8.4 ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2662 (Multiple integer overflows in the rb_str_buf_append function in Ruby ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-1
	- ruby1.8 1.8.7.22-1
CVE-2008-2661
	RESERVED
CVE-2008-2660
	RESERVED
CVE-2008-2659
	RESERVED
CVE-2008-2658
	RESERVED
CVE-2008-2657
	RESERVED
CVE-2008-2656
	RESERVED
CVE-2008-2655
	RESERVED
CVE-2008-2653
	RESERVED
CVE-2008-2652 (Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2651 (SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB ...)
	NOT-FOR-US: com_joobb component for Joomla!
CVE-2008-2650 (Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, ...)
	NOT-FOR-US: CMSimple
CVE-2008-2649 (Multiple PHP remote file inclusion vulnerabilities in DesktopOnNet 3 ...)
	NOT-FOR-US: DesktopOnNet
CVE-2008-2648 (Unrestricted file upload vulnerability in upload/uploader.html in ...)
	NOT-FOR-US: meBiblio
CVE-2008-2647 (SQL injection vulnerability in admin/journal_change_mask.inc.php in ...)
	NOT-FOR-US: meBiblio
CVE-2008-2646 (Multiple cross-site scripting (XSS) vulnerabilities in meBiblio 0.4.7 ...)
	NOT-FOR-US: meBiblio
CVE-2008-2645 (Multiple PHP remote file inclusion vulnerabilities in Brim (formerly ...)
	NOT-FOR-US: Brim
CVE-2008-2644 (Multiple cross-site scripting (XSS) vulnerabilities in SMEWeb 1.4b and ...)
	NOT-FOR-US: SMEWeb
CVE-2008-2643 (SQL injection vulnerability in the Bible Study (com_biblestudy) ...)
	NOT-FOR-US: com_biblestudy component for Joomla!
CVE-2008-2642 (SQL injection vulnerability in login.php in OtomiGenX 2.2 allows ...)
	NOT-FOR-US: OtomiGenX
CVE-2008-2641 (Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and ...)
	NOT-FOR-US: Adobe Reader and Acrobat
CVE-2008-2640 (Multiple cross-site scripting (XSS) vulnerabilities in the Flex 3 ...)
	NOT-FOR-US: Adobe Flex
CVE-2008-2639 (Stack-based buffer overflow in the ODBC server service in Citect ...)
	NOT-FOR-US: Citect CitectSCADA
CVE-2008-2638 (Static code injection vulnerability in guestbook.php in 1Book 1.0.1 ...)
	NOT-FOR-US: 1Book
CVE-2008-2637 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5 FirePass SSL VPN
CVE-2008-2636 (The HTTP service on the Cisco Linksys WRH54G with firmware 1.01.03 ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-2635 (Multiple directory traversal vulnerabilities in BitKinex 2.9.3 allow ...)
	NOT-FOR-US: BitKinex
CVE-2008-2634 (SQL injection vulnerability in index.asp in I-Pos Internet Pay Online ...)
	NOT-FOR-US: I-Pos Internet Pay Online Store
CVE-2008-2633 (Multiple SQL injection vulnerabilities in the EXP JoomRadio ...)
	NOT-FOR-US: com_joomradio component for Joomla!
CVE-2008-2632 (SQL injection vulnerability in the acctexp (com_acctexp) component ...)
	NOT-FOR-US: com_acctexp component for Joomla!
CVE-2008-2631 (The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows ...)
	NOT-FOR-US: MDaemon
CVE-2008-2630 (SQL injection vulnerability in the JooBlog (com_jb2) component 0.1.1 ...)
	NOT-FOR-US: com_jb2 component for Joomla!
CVE-2008-2629 (SQL injection vulnerability in the LifeType (formerly pLog) module for ...)
	NOT-FOR-US: LifeType module for Drupal
CVE-2008-2628 (SQL injection vulnerability in the eQuotes (com_equotes) component ...)
	NOT-FOR-US: com_equotes component for Joomla!
CVE-2008-2627 (SQL injection vulnerability in the IDoBlog (com_idoblog) component b24 ...)
	NOT-FOR-US: com_idoblog for Joomla!
CVE-2008-2626 (SQL injection vulnerability in comment.asp in Battle Blog 1.25 and ...)
	NOT-FOR-US: Battle Blog
CVE-2008-2625 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2624 (Unspecified vulnerability in the Oracle OLAP component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2623 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle Application Server
CVE-2008-2622 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2621 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2620 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2619 (Unspecified vulnerability in the Oracle Reports Developer component in ...)
	NOT-FOR-US: Oracle
CVE-2008-2618 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2617 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2616 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2615 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2614 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise
CVE-2008-2613 (Unspecified vulnerability in the Database Scheduler component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2612 (Unspecified vulnerability in the Hyperion BI Plus component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2611 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2610 (Unspecified vulnerability in the Oracle Applications Technology Stack ...)
	NOT-FOR-US: Oracle database
CVE-2008-2609 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2608 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2607 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2606 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle database
CVE-2008-2605 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2604 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2603 (Unspecified vulnerability in the Resource Manager component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2602 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2601 (Unspecified vulnerability in the Oracle iStore component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2600 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2599 (Unspecified vulnerability in the TimesTen Client/Server component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2598 (Unspecified vulnerability in the TimesTen Client/Server component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2597 (Unspecified vulnerability in the TimesTen Client/Server component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2596 (Unspecified vulnerability in the Mobile Application Server component ...)
	NOT-FOR-US: Oracle database
CVE-2008-2595 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle database
CVE-2008-2594 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2593 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2592 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2591 (Unspecified vulnerability in the Oracle Database Vault component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2590 (Unspecified vulnerability in the Instance Management component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2589 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle database
CVE-2008-2588 (Unspecified vulnerability in the Oracle JDeveloper component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-2587 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2586 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle database
CVE-2008-2585 (Unspecified vulnerability in the Oracle Report Manager component in ...)
	NOT-FOR-US: Oracle database
CVE-2008-2584
	REJECTED
CVE-2008-2583 (Unspecified vulnerability in the sample Discussion Forum Portlet for ...)
	NOT-FOR-US: Oracle database
CVE-2008-2582 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2581 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2580 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2579 (Unspecified vulnerability in the WebLogic Server Plugins for Apache, ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2578 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2577 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2576 (Unspecified vulnerability in the WebLogic Server component in Oracle ...)
	NOT-FOR-US: BEA Product Suite
CVE-2008-2574 (Unrestricted file upload vulnerability in admin/Editor/imgupload.php ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2573 (Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote ...)
	NOT-FOR-US: freeSSHd
CVE-2008-2572 (SQL injection vulnerability in php/leer_comentarios.php in FlashBlog ...)
	NOT-FOR-US: FlashBlog
CVE-2008-2571 (Cross-site request forgery (CSRF) vulnerability in LimeSurvey ...)
	- limesurvey <itp> (bug #472802)
CVE-2008-2570 (Multiple unspecified vulnerabilities in LimeSurvey (formerly ...)
	- limesurvey <itp> (bug #472802)
CVE-2008-2569 (SQL injection vulnerability in the EasyBook (com_easybook) component ...)
	NOT-FOR-US: com_easybook component for Joomla!
CVE-2008-2568 (SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) ...)
	NOT-FOR-US: com_simpleshop component for Joomla!
CVE-2008-2567 (Cross-site scripting (XSS) vulnerability in Fenriru Sleipnir 2.7.1 ...)
	NOT-FOR-US: Fenriru Sleipnir
CVE-2008-2566 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Address ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2565 (Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and ...)
	NOT-FOR-US: PHP Address Book
CVE-2008-2564 (SQL injection vulnerability in the JotLoader (com_jotloader) component ...)
	NOT-FOR-US: com_jotloader component for Joomla!
CVE-2008-2563 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: SamTodo
CVE-2008-2562 (SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and ...)
	NOT-FOR-US: PowerPhlogger
CVE-2008-2561 (Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 ...)
	NOT-FOR-US: 427BB
CVE-2008-2560 (SQL injection vulnerability in showpost.php in 427BB 2.3.1 allows ...)
	NOT-FOR-US: 427BB
CVE-2008-2654 (Off-by-one error in the read_client function in webhttpd.c in Motion ...)
	- motion 3.2.9-3 (low; bug #484572)
	[etch] - motion <no-dsa> (minor issue)
CVE-2008-2667 (SQL injection vulnerability in the Courier Authentication Library (aka ...)
	{DSA-1688-1}
	- courier-authlib 0.60.1-2.1 (bug #485424)
CVE-2008-XXXX [missing sanity checks allow DoS via mis-formated timestamp]
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
CVE-2008-2559 (Integer overflow in Borland Interbase 2007 SP2 (8.1.0.256) allows ...)
	NOT-FOR-US: Borland Interbase
CVE-2008-2558 (CRE Loaded 6.2.13.1 and earlier does not set the &quot;Secure&quot; attribute ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2557 (Cross-site scripting (XSS) vulnerability in CRE Loaded 6.2.13.1 and ...)
	NOT-FOR-US: CRE Loaded
CVE-2008-2556 (SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and ...)
	NOT-FOR-US: PHP Visit Counter
CVE-2008-2555 (SQL injection vulnerability in index.php in EasyWay CMS allows remote ...)
	NOT-FOR-US: EasyWay CMS
CVE-2008-2554 (Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote ...)
	NOT-FOR-US: BP Blog
CVE-2008-2553 (Cross-site scripting (XSS) vulnerability in Slashdot Like Automated ...)
	{DSA-1633-1}
	- slash 2.2.6-8etch1 (low; bug #484499)
	NOTE: See CVE-2008-2231
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2552 (Unspecified vulnerability in the Service Tag Registry on Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2551 (The DownloaderActiveX Control (DownloaderActiveX.ocx) in Icona SpA C6 ...)
	NOT-FOR-US: DownloaderActiveX Control
CVE-2008-2550 (Unspecified vulnerability in the Web Services Security component in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-2549 (Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows ...)
	NOT-FOR-US: Acrobat Reader
CVE-2008-2548 (Stack-based buffer overflow in the JPEG thumbprint component in the ...)
	NOT-FOR-US: JPEG thumbprint component in the EXIF parser on Motorola cell phones
CVE-2008-2547 (Stack-based buffer overflow in msiexec.exe 3.1.4000.1823 and ...)
	NOT-FOR-US: Microsoft Windows Installer
CVE-2008-2546
	REJECTED
CVE-2008-2545 (Skype 3.6.0.248, and other versions before 3.8.0.139, uses a ...)
	NOT-FOR-US: Skype
CVE-2008-2544
	RESERVED
	- linux <unfixed> (unimportant)
	NOTE: non-issue, cf. https://bugzilla.redhat.com/show_bug.cgi?id=449089#c22
CVE-2008-2543 (The ooh323 channel driver in Asterisk Addons 1.2.x before 1.2.9 and ...)
	- asterisk-addons 1.4.7-1 (bug #484796)
CVE-2008-2542 (Stack-based buffer overflow in the getline function in Ppm/ppm.C in ...)
	NOT-FOR-US: NASA Ames Research Center BigView
CVE-2008-2541 (Multiple stack-based buffer overflows in the HTTP Gateway Service ...)
	NOT-FOR-US: CA eTrust
CVE-2008-2540 (Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2539 (The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2538 (Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2008-2537 (SQL injection vulnerability in cat.php in HispaH Model Search allows ...)
	NOT-FOR-US: HispaH Model Search
CVE-2008-2536 (SQL injection vulnerability in out.php in YABSoft Advanced Image ...)
	NOT-FOR-US: YABSoft Advanced Image
CVE-2008-2535 (Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2534 (Directory traversal vulnerability in admin/admin_frame.php in Phoenix ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2533 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View ...)
	NOT-FOR-US: Phoenix View CMS Pre Alpha2
CVE-2008-2532 (SQL injection vulnerability in forum/topic_detail.php in AJ Square ...)
	NOT-FOR-US: AJ Square aj-hyip
CVE-2008-2531 (Cross-site scripting (XSS) vulnerability in the search script in Build ...)
	NOT-FOR-US: Build A Niche Store
CVE-2008-2530 (Multiple SQL injection vulnerabilities in Concepts &amp; Solutions ...)
	NOT-FOR-US: Concepts & Solutions QuickUpCMS
CVE-2008-2529 (SQL injection vulnerability in read.php in Advanced Links Management ...)
	NOT-FOR-US: Advanced Links Management
CVE-2008-2528 (Unspecified vulnerability in Citrix Access Gateway Standard Edition ...)
	NOT-FOR-US: Citrix Access Gateway Standard Edition
CVE-2008-2527 (Cross-site scripting (XSS) vulnerability in view.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Server
CVE-2008-2526 (Cross-site scripting (XSS) vulnerability in the WT Gallery (aka ...)
	NOT-FOR-US: WT Gallery
CVE-2008-2525 (Cross-site scripting (XSS) vulnerability in the Event Database (aka ...)
	NOT-FOR-US: typo3 extension Event Database
CVE-2008-2524 (BlogPHP 2.0 allows remote attackers to bypass authentication, and post ...)
	NOT-FOR-US: BlogPHP
CVE-2008-2523 (SQL injection vulnerability in the Autopatcher server plugin in RakNet ...)
	NOT-FOR-US: RakNet
CVE-2008-2522 (SQL injection vulnerability in members.php in Battle.net Clan Script ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2008-2521 (SQL injection vulnerability in members.php in YABSoft Mega File ...)
	NOT-FOR-US: YABSoft Mega File
CVE-2008-2520 (Multiple PHP remote file inclusion vulnerabilities in BigACE 2.4, when ...)
	NOT-FOR-US: BigACE
CVE-2008-2519 (Directory traversal vulnerability in Core FTP client 2.1 Build 1565 ...)
	NOT-FOR-US: Core FTP client
CVE-2008-2518 (Cross-site scripting (XSS) vulnerability in the advanced search ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2008-2517 (The sarab.sh script in SaraB before 0.2.4 places the dar program's ...)
	NOT-FOR-US: SaraB
CVE-2008-2515 (Unspecified vulnerability in iostat in IBM AIX 5.2, 5.3, and 6.1 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2514 (Buffer overflow in errpt in IBM AIX 5.2, 5.3, and 6.1 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2513 (Buffer overflow in the kernel in IBM AIX 5.2, 5.3, and 6.1 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-2512 (Directory traversal vulnerability in Symantec Backup Exec System ...)
	NOT-FOR-US: Symantec Backup Exec System Recovery Manager
CVE-2008-2511 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: CA Internet Security Suite
CVE-2008-2510 (SQL injection vulnerability in wp-uploadfile.php in the Upload File ...)
	NOT-FOR-US: Upload File plugin for WordPress
CVE-2008-2509 (SQL injection vulnerability in pwd.asp in Excuse Online allows remote ...)
	NOT-FOR-US: Excuse Online
CVE-2008-2508 (Cross-site scripting (XSS) vulnerability in news.php in Tr Script News ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2507 (Cross-site scripting (XSS) vulnerability in Calcium40.pl in Brown Bear ...)
	NOT-FOR-US: Brown Bear Software Calcium
CVE-2008-2506 (Multiple SQL injection vulnerabilities in Simpel Side Weblosning 1 ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2505 (Cross-site scripting (XSS) vulnerability in result.php in Simpel Side ...)
	NOT-FOR-US: Simpel Side Weblosning
CVE-2008-2504 (Multiple SQL injection vulnerabilities in Simpel Side Netbutik 1 ...)
	NOT-FOR-US: Simpel Side Netbutik
CVE-2008-2503 (Buffer overflow in Uploadlist in eMule X-Ray before 1.4 has unknown ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2502 (Unspecified vulnerability in the web server in eMule X-Ray before 1.4 ...)
	NOT-FOR-US: eMule X-Ray
CVE-2008-2501 (Multiple SQL injection vulnerabilities in PHPhotoalbum 0.5 allow ...)
	NOT-FOR-US: PHPhotoalbum
CVE-2008-2500 (Cross-site scripting (XSS) vulnerability in the MOStlyContent Editor ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2008-2499 (Stack-based buffer overflow in the Community Services Multiplexer (aka ...)
	NOT-FOR-US: Community Services Multiplexer
CVE-2008-2498 (Multiple SQL injection vulnerabilities in index.php in Mambo before ...)
	NOT-FOR-US: Mambo
CVE-2008-2497 (CRLF injection vulnerability in Mambo before 4.6.4 allows remote ...)
	NOT-FOR-US: Mambo
CVE-2008-2496 (Multiple cross-site scripting (XSS) vulnerabilities in Quate CMS 0.3.4 ...)
	NOT-FOR-US: Quate CMS
CVE-2008-2495 (Directory traversal vulnerability in index.php in Zina 1.0 RC3 allows ...)
	NOT-FOR-US: Zina
CVE-2008-2494 (Cross-site scripting (XSS) vulnerability in index.php in Zina 1.0 RC3 ...)
	NOT-FOR-US: Zina
CVE-2008-2493 (Cross-site scripting (XSS) vulnerability in post3/Book.asp in Campus ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2492 (Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 ...)
	NOT-FOR-US: Campus Bulletin Board
CVE-2008-2491 (SQL injection vulnerability in adv_cat.php in AbleSpace 1.0 allows ...)
	NOT-FOR-US: AbleSpace
CVE-2008-2490 (Cross-site scripting (XSS) vulnerability in the KJ Image Lightbox 2 ...)
	NOT-FOR-US: KJ Image Lightbox 2
CVE-2008-2489 (SQL injection vulnerability in the Library for Frontend Plugins (aka ...)
	NOT-FOR-US: Library for Frontend Plugins sg_zfelib
CVE-2008-2488 (admin/userform.php in RoomPHPlanning 1.5 does not require ...)
	NOT-FOR-US: RoomPHPlanning
CVE-2008-2487 (SQL injection vulnerability in index.php in MAXSITE 1.10 and earlier ...)
	NOT-FOR-US: MAXSITE
CVE-2008-2486 (Unspecified vulnerability in eMule Plus before 1.2d has unknown impact ...)
	- amule <not-affected> (Different code)
CVE-2008-2485 (Cross-site scripting (XSS) vulnerability in the URL redirection script ...)
	NOT-FOR-US: PCPIN chat
CVE-2008-2484 (SQL injection vulnerability in index.php in Xomol CMS 1.20071213, when ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2483 (Directory traversal vulnerability in index.php in Xomol CMS 1.20071213 ...)
	NOT-FOR-US: Xomol CMS
CVE-2008-2482 (Directory traversal vulnerability in install_mod.php in insanevisions ...)
	NOT-FOR-US: OneCMS
CVE-2008-2481 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpRaider
CVE-2008-2480 (PHP remote file inclusion vulnerability in plus.php in plusPHP Short ...)
	NOT-FOR-US: plusPHP
CVE-2008-2479 (Multiple SQL injection vulnerabilities in phpFix 2.0 allow remote ...)
	NOT-FOR-US: phpFix
CVE-2008-2478 (** DISPUTED ** ...)
	NOT-FOR-US: cPanel
CVE-2008-2477 (SQL injection vulnerability in index.php in MxBB (aka MX-System) ...)
	NOT-FOR-US: MxBB (MX-System)
CVE-2008-2476 (The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) ...)
	- kfreebsd-7 7.0-6
	NOTE: IPv6 NDP flaw not affecting Linux
CVE-2008-2475 (eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) ...)
	NOT-FOR-US: eBay Enhanced Picture Uploader ActiveX control
CVE-2008-2474 (Buffer overflow in x87 before 3.5.5 in ABB Process Communication Unit ...)
	NOT-FOR-US: ABB Process Communication Unit
CVE-2008-2473
	RESERVED
CVE-2008-2472
	RESERVED
CVE-2008-2471
	RESERVED
CVE-2008-2470 (The InstallShield Update Service Agent ActiveX control in isusweb.dll ...)
	NOT-FOR-US: InstallShield
CVE-2008-2469 (Heap-based buffer overflow in the SPF_dns_resolv_lookup function in ...)
	{DSA-1659-1 DTSA-172-1}
	- libspf2 1.2.9-1 (high)
CVE-2008-2468 (Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-2467
	RESERVED
CVE-2008-2466
	RESERVED
CVE-2008-2465
	RESERVED
CVE-2008-2464 (The mld_input function in sys/netinet6/mld6.c in the kernel in NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2008-2463 (The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx ...)
	NOT-FOR-US: Microsoft Office Snapshot Viewer ActiveX
CVE-2008-2462 (Cross-site scripting (XSS) vulnerability in the viewfile documentation ...)
	NOT-FOR-US: Caucho Resin
CVE-2008-2461 (SQL injection vulnerability in index.php in Netious CMS 0.4 allows ...)
	NOT-FOR-US: Netious
CVE-2008-2460 (SQL injection vulnerability in faq.php in vBulletin 3.7.0 Gold allows ...)
	NOT-FOR-US: vBulletin
CVE-2008-2459 (Directory traversal vulnerability in page.php in EntertainmentScript ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2458 (Cross-site scripting (XSS) vulnerability in index.php in Starsgames ...)
	NOT-FOR-US: Starsgames
CVE-2008-2457 (SQL injection vulnerability in jokes_category.php in PHP-Jokesite 2.0 ...)
	NOT-FOR-US: PHP-Jokesite
CVE-2008-2456 (SQL injection vulnerability in index.php in ComicShout 2.5 and earlier ...)
	NOT-FOR-US: ComicShout
CVE-2008-2455 (SQL injection vulnerability in comment.php in the MacGuru BLOG Engine ...)
	NOT-FOR-US: MacGuru BLOG Engine
CVE-2008-2454 (SQL injection vulnerability in the xsstream-dm (com_xsstream-dm) ...)
	NOT-FOR-US: xsstream-dm
CVE-2008-2453 (Multiple SQL injection vulnerabilities in PHP Classifieds Script allow ...)
	NOT-FOR-US: PHP Classifieds Script
CVE-2008-2452 (Cross-site scripting (XSS) vulnerability in the Questionaire (aka ...)
	NOT-FOR-US: Questionaire pbsurvey
CVE-2008-2451 (Multiple SQL injection vulnerabilities in the Statistics (aka ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the Statistics ...)
	NOT-FOR-US: Statistics ke_stats
CVE-2008-2449 (Multiple cross-site scripting (XSS) vulnerabilities in Isaac McGowan ...)
	NOT-FOR-US: phpInstantGallery
CVE-2008-2448 (Multiple SQL injection vulnerabilities in Meto Forum 1.1 allow remote ...)
	NOT-FOR-US: Meto Forum
CVE-2008-2447 (SQL injection vulnerability in products.php in the Mytipper ZoGo-shop ...)
	NOT-FOR-US: Mytipper ZoGo-shop
CVE-2008-2446 (Multiple SQL injection vulnerabilities in Web Group Communication ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2445 (Cross-site scripting (XSS) vulnerability in profile.php in Web Group ...)
	NOT-FOR-US: Web Group Communication Center
CVE-2008-2444 (SQL injection vulnerability in userreg.php in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2008-2443 (SQL injection vulnerability in dpage.php in The Real Estate Script ...)
	NOT-FOR-US: Real Estate Script
CVE-2008-2442
	RESERVED
CVE-2008-2441 (Cisco Secure ACS 3.x before 3.3(4) Build 12 patch 7, 4.0.x, 4.1.x ...)
	NOT-FOR-US: Cisco Secure ACS
CVE-2008-2440
	RESERVED
CVE-2008-2439 (Directory traversal vulnerability in the UpdateAgent function in ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2438 (Integer overflow in ovalarmsrv.exe in HP OpenView Network Node Manager ...)
	NOT-FOR-US: HP OpenView
CVE-2008-2437 (Stack-based buffer overflow in cgiRecvFile.exe in Trend Micro ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2436 (Multiple heap-based buffer overflows in the IppCreateServerRef ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-2435 (Use-after-free vulnerability in the Trend Micro HouseCall ActiveX ...)
	NOT-FOR-US: ActiveX
CVE-2008-2434 (The Trend Micro HouseCall ActiveX control 6.51.0.1028 and 6.6.0.1278 ...)
	NOT-FOR-US: ActiveX
CVE-2008-2433 (The web management console in Trend Micro OfficeScan 7.0 through 8.0, ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2008-2432 (Insecure method vulnerability in the GetFileList method in an ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2431 (Multiple buffer overflows in Novell iPrint Client before 5.06 allow ...)
	NOT-FOR-US: Novell iPrint
CVE-2008-2430 (Integer overflow in the Open function in modules/demux/wav.c in VLC ...)
	{DSA-1819-1 DTSA-148-1}
	- vlc 0.8.6.h-1 (medium; bug #489004)
CVE-2008-2429 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
	NOT-FOR-US: Calendarix
CVE-2008-2428 (Multiple SQL injection vulnerabilities in TorrentTrader 1.08 Classic ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-2427 (Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView ...)
	NOT-FOR-US: NConvert, GFL SDK, XnView
CVE-2008-2426 (Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 ...)
	{DSA-1594-1}
	- imlib2 1.4.0-1.1 (medium; bug #483816)
	- imlib <not-affected> (Partly not present / partly fixed)
CVE-2008-2425 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...)
	NOT-FOR-US: FicHive
CVE-2008-2422 (SQL injection vulnerability in index.php in Web Slider 0.6 allows ...)
	NOT-FOR-US: Web Slider
CVE-2008-2421 (Cross-site scripting (XSS) vulnerability in the Web GUI in SAP Web ...)
	NOT-FOR-US: Web GUI in SAP Web Application Server (WAS)
CVE-2008-2419 (Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of ...)
	NOTE: Mozilla bug 435130, not reproducible by upstream, Debian bug #484484
CVE-2008-2418 (Race condition in the STREAMS Administrative Driver (sad) in Sun ...)
	NOT-FOR-US: STREAMS Administrative Driver SUN
CVE-2008-2417 (SQL injection vulnerability in showQAnswer.asp in How2ASP.net Webboard ...)
	NOT-FOR-US: Webboard
CVE-2008-2416 (SQL injection vulnerability in index.php in FicHive 1.0 allows remote ...)
	NOT-FOR-US: FicHive
CVE-2008-2415 (Directory traversal vulnerability in ...)
	NOT-FOR-US: DigitalHive
CVE-2008-2414 (Cross-site scripting (XSS) vulnerability in send_email.php in AN ...)
	NOT-FOR-US: AN Guestbook
CVE-2008-2413 (Cross-site scripting (XSS) vulnerability in glossaire.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2008-2412 (SQL injection vulnerability in glossaire.php in ACGV News 0.9.1 allows ...)
	NOT-FOR-US: ACGV News
CVE-2008-2411 (SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, ...)
	NOT-FOR-US: SazCart
CVE-2008-2410 (Cross-site scripting (XSS) vulnerability in the servlet engine and Web ...)
	NOT-FOR-US: Web Server service in IBM Lotus Domino
CVE-2008-2409 (Stack-based buffer overflow in Cerulean Studios Trillian before ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2408 (Heap-based buffer overflow in the XML parsing functionality in ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2407 (Stack-based buffer overflow in AIM.DLL in Cerulean Studios Trillian ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2008-2406 (The administration application server in Sun Java Active Server Pages ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2405 (Sun Java Active Server Pages (ASP) Server before 4.0.3 allows remote ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2404 (Stack-based buffer overflow in the request handling implementation in ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2403 (Multiple directory traversal vulnerabilities in unspecified ASP ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2402 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2401 (The Admin Server in Sun Java Active Server Pages (ASP) Server before ...)
	NOT-FOR-US: Sun Java System Active Server Pages
CVE-2008-2400 (Unspecified vulnerability in stunnel before 4.23, when running as a ...)
	- stunnel4 <not-affected> (Windows specific issue)
CVE-2008-2399 (Directory traversal vulnerability in the FireFTP add-on before ...)
	NOT-FOR-US: FireFTP
CVE-2008-2575 (cbrPager before 0.9.17 allows user-assisted remote attackers to ...)
	- cbrpager 0.9.17-1 (low; bug #482853)
	[etch] - cbrpager 0.9.14-3+etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-XXXX [resizing the monitor with xrandr can crash xscreensaver]
	- xscreensaver 5.05-3 (unimportant; bug #482385)
CVE-2008-2516 (pam_sm_authenticate in pam_pgsql.c in libpam-pgsql 0.6.3 does not ...)
	- pam-pgsql 0.6.3-2 (medium; bug #481970)
	[etch] - pam-pgsql <not-affected> (Vulnerable code not present)
	NOTE: pam_pgsql is not configured as "sufficient" in Debian default configuration
CVE-2008-2424 (Unspecified vulnerability in the 404 error page for the &quot;Standard ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2423 (Unspecified vulnerability in Interchange before 5.6.0 and before 5.5.2 ...)
	- interchange 5.5.1 (low; bug #482636)
CVE-2008-2420 (The OCSP functionality in stunnel before 4.24 does not properly search ...)
	- stunnel4 3:4.22-1.1 (low; bug #482644)
CVE-2008-2398 (Cross-site scripting (XSS) vulnerability in index.php in AppServ Open ...)
	NOT-FOR-US: AppServ Open Project
CVE-2008-2397 (Cross-site scripting (XSS) vulnerability in search-results.dot in ...)
	NOT-FOR-US: dotCMS
CVE-2008-2396 (PHP remote file inclusion vulnerability in index.php in Wajox Software ...)
	NOT-FOR-US: microSSys
CVE-2008-2395 (SQL injection vulnerability in thread.php in AlkalinePHP 0.80.00 beta ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2394 (Multiple SQL injection vulnerabilities in TAGWORX.CMS 3.00.02 allow ...)
	NOT-FOR-US: TAGWORX.CMS
CVE-2008-2393 (SQL injection vulnerability in play.php in EntertainmentScript 1.4.0 ...)
	NOT-FOR-US: EntertainmentScript
CVE-2008-2392 (Unrestricted file upload vulnerability in WordPress 2.5.1 and earlier ...)
	- wordpress 2.5.1-4 (low; bug #485807)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Unrestricted file upload vulnerability was introduced in 2.3.0
CVE-2008-2391 (SubSonic allows remote attackers to bypass pagesize limits and cause a ...)
	NOT-FOR-US: SubSonic
CVE-2008-2390 (Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ...)
	NOT-FOR-US: HP Software Update
CVE-2008-2389 (opensuse-updater in openSUSE 10.2 allows local users to access ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2388 (Multiple off-by-one errors in opensuse-updater in openSUSE 10.2 have ...)
	NOT-FOR-US: opensuse-updater
CVE-2008-2387
	RESERVED
CVE-2008-2386
	RESERVED
CVE-2008-2385
	RESERVED
CVE-2008-2384 (SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql ...)
	- mod-auth-mysql 4.3.9-11 (medium)
CVE-2008-2383 (CRLF injection vulnerability in xterm allows user-assisted attackers ...)
	{DSA-1694-1 DTSA-182-1}
	- xterm 238-2 (medium; bug #510030)
CVE-2008-2382 (The protocol_client_msg function in vnc.c in the VNC server in (1) ...)
	- qemu 0.9.1-9
	[etch] - qemu <not-affected> (Tested by maintainer)
	- kvm 72+dfsg-4
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2008-2381 (SQL injection vulnerability in the create function in ...)
	{DSA-1698-1}
	- gforge 4.7~rc2-7
CVE-2008-2380 (SQL injection vulnerability in authpgsqllib.c in Courier-Authlib ...)
	{DSA-1688-1 DTSA-180-1}
	- courier-authlib 0.61.0-1+lenny1
CVE-2008-2379 (Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 ...)
	{DSA-1682-1}
	- squirrelmail 2:1.4.15-4
CVE-2008-2378 (Untrusted search path vulnerability in hfkernel in hf 0.7.3 and 0.8 ...)
	{DSA-1668-1}
	- hf 0.8-8.1 (medium; bug #504182)
CVE-2008-2377 (Use-after-free vulnerability in the ...)
	- gnutls26 2.4.1-1 (medium)
	- gnutls13 <not-affected> (Problem was introduced in 2.3.5)
CVE-2008-2376 (Integer overflow in the rb_ary_fill function in array.c in Ruby before ...)
	{DSA-1618-1 DSA-1612-1}
	- ruby1.9 1.9.0.2-2
	- ruby1.8 1.8.7.22-2
	NOTE: http://www.openwall.com/lists/oss-security/2008/07/02/3
CVE-2008-2375 (Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on ...)
	- vsftpd <not-affected> (debian versions all include the fix)
CVE-2008-2374 (src/sdp.c in bluez-libs 3.30 in BlueZ, and other bluez-libs before ...)
	- bluez-libs 3.34 (low)
	[etch] - bluez-libs <no-dsa> (Minor issue)
	- bluez-utils 3.34 (low)
	[etch] - bluez-utils <no-dsa> (Minor issue)
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2374
CVE-2008-2373
	REJECTED
CVE-2008-2372 (The Linux kernel 2.6.24 and 2.6.25 before 2.6.25.9 allows local users ...)
	- linux-2.6 2.6.26-1
	[etch] - linux-2.6 <not-affected> (Introduced between 2.6.23 and 2.6.24)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: IMO this is a lack of optimisation, not a security issue? - jmm
	NOTE: 89f5b7da2a6bad2e84670422ab8192382a5aeb9f
CVE-2008-2371 (Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible ...)
	{DSA-1602-1 DTSA-145-1}
	- pcre3 7.6-2.1 (medium; bug #488919)
CVE-2008-2370 (Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 ...)
	- tomcat5.5 5.5.26-4 (bug #494504)
CVE-2008-2369 (manzier.pxt in Red Hat Network Satellite Server before 5.1.1 has a ...)
	NOT-FOR-US: Red Hat Network Satellite Server
CVE-2008-2368 (Red Hat Certificate System 7.2 stores passwords in cleartext in the ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2367 (Red Hat Certificate System 7.2 uses world-readable permissions for ...)
	NOT-FOR-US: Red Hat Certificate System
CVE-2008-2366 (Untrusted search path vulnerability in a certain Red Hat build script ...)
	- openoffice.org <not-affected> (RedHat-specific packaging flaw)
CVE-2008-2365 (Race condition in the ptrace and utrace support in the Linux kernel ...)
	- linux-2.6 2.6.17
	NOTE: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 f5b40e363ad6041a96e3da32281d8faa191597b9
	NOTE: f358166a9405e4f1d8e50d8f415c26d95505b6de
CVE-2008-2364 (The ap_proxy_http_process_response function in mod_proxy_http.c in the ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	- apache <not-affected> (vulnerable code not present)
CVE-2008-2363 (The PartsBatch class in Pan 0.132 and earlier does not properly manage ...)
	- pan 0.132-3.1 (bug #483562)
	[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
	NOTE: see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
CVE-2008-2362 (Multiple integer overflows in the Render extension in the X server 1.4 ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2361 (Integer overflow in the ProcRenderCreateCursor function in the Render ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2360 (Integer overflow in the AllocateGlyph function in the Render extension ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-2359 (The default configuration of consolehelper in system-config-network ...)
	NOT-FOR-US: system-config-network Fedora
CVE-2008-2358 (Integer overflow in the dccp_feat_change function in net/dccp/feat.c ...)
	{DSA-1592-1}
	- linux-2.6 2.6.20-1
	NOTE: DCCP feature sanitising was introduced in 2.6.20
	NOTE: this version casts sizeof to int. This is a module, not a compiled in feature in Debian
CVE-2008-2357 (Stack-based buffer overflow in the split_redraw function in split.c in ...)
	{DSA-1587-1}
	- mtr 0.73-1
CVE-2008-2356 (SQL injection vulnerability in index.php in Archangel Weblog 0.90.02 ...)
	NOT-FOR-US: Archangel Weblog
CVE-2008-2355 (Directory traversal vulnerability in index.php in WR-Meeting 1.0, when ...)
	NOT-FOR-US: WR-Meeting
CVE-2008-2354 (Unspecified vulnerability in the data export function in testMaker ...)
	NOT-FOR-US: testMaker
CVE-2008-2353 (Directory traversal vulnerability in admin.php in GNU/Gallery 1.1.1.0 ...)
	NOT-FOR-US: GNU/Gallery
CVE-2008-2352 (Directory traversal vulnerability in index.php in Smeego 1.0, when ...)
	NOT-FOR-US: Smeego
CVE-2008-2351 (Multiple SQL injection vulnerabilities in index.php in CMS ...)
	NOT-FOR-US: WebManager-Pro
CVE-2008-2350 (Directory traversal vulnerability in highlight.php in bcoos 1.0.9 ...)
	NOT-FOR-US: bcoos
CVE-2008-2349 (Zomplog 3.8.2 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: Zomplog
CVE-2008-2348 (MeltingIce File System 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: MeltingIce File System
CVE-2008-2347 (MyPicGallery 1.0 allows remote attackers to bypass application ...)
	NOT-FOR-US: MyPicGallery
CVE-2008-2346 (AlkalinePHP 0.77.35 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: AlkalinePHP
CVE-2008-2345 (Unspecified vulnerability in the air_filemanager 0.6.0 and earlier ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2344 (Cross-site scripting (XSS) vulnerability in the air_filemanager 0.6.0 ...)
	NOT-FOR-US: air_filemanager extension for typo3
CVE-2008-2343 (News Manager 2.0 allows remote attackers to bypass restrictions and ...)
	NOT-FOR-US: News Manager
CVE-2008-2342 (Directory traversal vulnerability in attachments.php in News Manager ...)
	NOT-FOR-US: News Manager
CVE-2008-2341 (PHP remote file inclusion vulnerability in ch_readalso.php in News ...)
	NOT-FOR-US: News Manager
CVE-2008-2340 (Multiple SQL injection vulnerabilities in News Manager 2.0 allow ...)
	NOT-FOR-US: News Manager
CVE-2008-2339 (SQL injection vulnerability in index.php in Turnkey Web Tools SunShop ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2008-2338 (Interspire ActiveKB 1.5 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: Interspire ActiveKB
CVE-2008-2337 (Multiple SQL injection vulnerabilities in IMGallery 2.5, when ...)
	NOT-FOR-US: IMGallery
CVE-2008-2336 (SQL injection vulnerability in category.php in 68 Classifieds 4.0.1 ...)
	NOT-FOR-US: 68 Classifieds
CVE-2008-2335 (Cross-site scripting (XSS) vulnerability in search_results.php in ...)
	NOT-FOR-US: Vastal I-Tech phpVID
CVE-2008-2334 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 0.5 allow ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-2333 (Cross-site scripting (XSS) vulnerability in ldap_test.cgi in Barracuda ...)
	NOT-FOR-US: Barracuda
CVE-2008-2332 (ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2331 (Finder in Apple Mac OS X 10.5 through 10.5.4 does not properly update ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2330 (slapconfig in Directory Services in Apple Mac OS X 10.5 through 10.5.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2329 (Directory Services in Apple Mac OS X 10.5 through 10.5.4, when Active ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2328
	RESERVED
CVE-2008-2327 (Multiple buffer underflows in the (1) LZWDecode, (2) LZWDecodeCompat, ...)
	{DSA-1632-1 DTSA-160-1}
	- tiff 3.8.2-11 (medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2008-2326 (mDNSResponder in the Bonjour Namespace Provider in Apple Bonjour for ...)
	NOT-FOR-US: Apple Bonjour for Windows
CVE-2008-2325 (QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2324 (The Repair Permissions tool in Disk Utility in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2323 (Unspecified vulnerability in Data Detectors Engine in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2322 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2321 (Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2320 (Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
	NOTE: the original apple advisory (HT3613) is completely different from the current CVE
	NOTE: description. it claims that this is a webkit issue, which is completely wrong
CVE-2008-2319
	RESERVED
CVE-2008-2318 (The WOHyperlink implementation in WebObjects in Apple Xcode tools ...)
	NOT-FOR-US: Apple Xcode
CVE-2008-2317 (WebCore in Apple Safari does not properly perform garbage collection ...)
	NOT-FOR-US: Safari
CVE-2008-2316 (Integer overflow in _hashopenssl.c in the hashlib module in Python ...)
	{DSA-1977-1 DTSA-157-1}
	- python2.5 2.5.2-11 (low; bug #493797)
	- python2.4 <not-affected> (hashlib module introduced in python2.5)
CVE-2008-2315 (Multiple integer overflows in Python 2.5.2 and earlier allow ...)
	{DSA-1667-1 DTSA-157-1}
	- python2.5 2.5.2-10
	[etch] - python2.5 <no-dsa> (Minor issue, not the default Python runtime)
	- python2.4 2.4.5-5
CVE-2008-2314 (Dock in Apple Mac OS X 10.5 before 10.5.4, when Expos&#233; hot corners is ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2313 (Apple Mac OS X before 10.5 uses weak permissions for the User Template ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2312 (Network Preferences in Apple Mac OS X 10.4.11 stores PPP passwords in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-2311 (Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is ...)
	NOT-FOR-US: Mac OS X
CVE-2008-2310 (Format string vulnerability in c++filt in Apple Mac OS X 10.5 before ...)
	- binutils 2.18.1~cvs20080103-1 (low)
	[etch] - binutils <no-dsa> (Minor issue)
CVE-2008-2309 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
	NOT-FOR-US: CoreTypes in Apple Mac OS X
CVE-2008-2308 (Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 ...)
	NOT-FOR-US: Alias Manager in Apple Mac OS X
CVE-2008-2307 (Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as ...)
	- webkit 1.0.1-1
	- qt4-x11 4:4.6.2-4
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against
	NOTE: http://trac.webkit.org/changeset/34204
CVE-2008-2306 (Apple Safari before 3.1.2 on Windows does not properly interpret the ...)
	NOT-FOR-US: Windows issue
CVE-2008-2305 (Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac ...)
	NOT-FOR-US: Apple Type Services (ATS)
CVE-2008-2304 (Buffer overflow in Apple Core Image Fun House 2.0 and earlier in ...)
	NOT-FOR-US: Apple Core Image Fun House
CVE-2008-2303 (Integer signedness error in Safari on Apple iPhone before 2.0 and iPod ...)
	NOT-FOR-US: Safari
CVE-2008-2301 (SQL injection vulnerability in Kostenloses Linkmanagementscript allows ...)
	NOT-FOR-US: Kostenloses Linkmanagementscript
CVE-2008-2300 (Unspecified vulnerability in Citrix Presentation Server 4.5 and ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2299 (Unspecified vulnerability in SecureICA and ICA Basic encryption of ...)
	NOT-FOR-US: Citrix Software
CVE-2008-2298 (Admin.php in Web Slider 0.6 allows remote attackers to bypass ...)
	NOT-FOR-US: Web Slider
CVE-2008-2297 (The admin.php file in Rantx allows remote attackers to bypass ...)
	NOT-FOR-US: Rantx
CVE-2008-2296 (PHP remote file inclusion vulnerability in include/bbs.lib.inc.php in ...)
	NOT-FOR-US: Rgboard
CVE-2008-2295 (Cross-site scripting (XSS) vulnerability in rg_search.php in Rgboard ...)
	NOT-FOR-US: Rgboard
CVE-2008-2294 (Pet Grooming Management System 2.0 allows remote attackers to gain ...)
	NOT-FOR-US: Pet Grooming Management System
CVE-2008-2293 (admin.php in Multi-Page Comment System (MPCS) 1.0 and 1.1 allows ...)
	NOT-FOR-US: Multi-Page Comment System
CVE-2008-2292 (Buffer overflow in the __snprint_value function in snmp_get in ...)
	{DSA-1663-1 DTSA-134-1}
	- net-snmp 5.4.1~dfsg-8 (medium; bug #482333)
CVE-2008-2291 (axengine.exe in Symantec Altiris Deployment Solution 6.8.x and 6.9.x ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2290 (Unspecified vulnerability in the Agent user interface in Symantec ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2289 (Unspecified vulnerability in a tooltip element in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2288 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2287 (Symantec Altiris Deployment Solution 6.8.x and 6.9.x before 6.9.176 ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2286 (SQL injection vulnerability in axengine.exe in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2008-2285 (The ssh-vulnkey tool on Ubuntu Linux 7.04, 7.10, and 8.04 LTS does not ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-10
CVE-2008-2284 (PHP remote file inclusion vulnerability in fusebox5.php in Fusebox ...)
	NOT-FOR-US: Fusebox
CVE-2008-2283 (IDAutomation allows remote attackers to overwrite arbitrary files via ...)
	NOT-FOR-US: IDAutomation
CVE-2008-2282 (admin.php in Internet Photoshow and Internet Photoshow Special Edition ...)
	NOT-FOR-US: Internet Photoshow
CVE-2008-2281 (Cross-zone scripting vulnerability in the Print Table of Links feature ...)
	NOT-FOR-US: Internet Explorer
CVE-2005-4875 (TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive ...)
	- typo3-src 4.0.2-1
CVE-2008-2280 (Cross-site scripting (XSS) vulnerability in admin/index.php in Script ...)
	NOT-FOR-US: PHP PicEngine
CVE-2008-2279 (Freelance Auction Script 1.0 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2278 (SQL injection vulnerability in browseproject.php in Freelance Auction ...)
	NOT-FOR-US: Freelance Auction Script
CVE-2008-2277 (SQL injection vulnerability in detail.php in Feedback and Rating ...)
	NOT-FOR-US: Feedback and Rating Script
CVE-2008-2275 (Unspecified vulnerability in sr_feuser_register 1.4.0, 1.6.0, 2.2.1 to ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2274 (Cross-site scripting (XSS) vulnerability in the sr_feuser_register ...)
	NOT-FOR-US: sr_feuser_register extension for TYPO3
CVE-2008-2273 (Unspecified vulnerability in the TACACS authentication component in ...)
	NOT-FOR-US: TACACS authentication component in Aruba Mobility Controller
CVE-2008-2272 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-2271 (The Site Documentation Drupal module 5.x before 5.x-1.8 and 6.x before ...)
	NOT-FOR-US: Site Documentation Drupal module
CVE-2008-2270 (Multiple PHP remote file inclusion vulnerabilities in PHPWAY ...)
	NOT-FOR-US: PHPWAY Linkmanagementscript
CVE-2008-2269 (AustinSmoke GasTracker (AS-GasTracker) 1.0.0 allows remote attackers ...)
	NOT-FOR-US: GasTracker
CVE-2008-2268 (Open redirect vulnerability in interface/redirect.htm.php in Mjguest ...)
	NOT-FOR-US: Mjguest
CVE-2008-2267 (Incomplete blacklist vulnerability in javaUpload.php in Postlet in the ...)
	NOT-FOR-US: Postlet
CVE-2008-2265 (SQL injection vulnerability in news.php in EMO Realty Manager allows ...)
	NOT-FOR-US: EMO Realty Manager
CVE-2008-2264 (Cross-site scripting (XSS) vulnerability in index.php in CyrixMED 1.4 ...)
	NOT-FOR-US: CyrixMED
CVE-2008-2263 (SQL injection vulnerability in linking.page.php in Automated Link ...)
	NOT-FOR-US: Automated Link Exchange Portal
CVE-2008-2262
	REJECTED
CVE-2008-2261
	REJECTED
CVE-2008-2260
	REJECTED
CVE-2008-2259 (Microsoft Internet Explorer 6 and 7 does not perform proper &quot;argument ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2258 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2257 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2256 (Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2255 (Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2254 (Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-2253 (Unspecified vulnerability in Microsoft Windows Media Player 11 allows ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2008-2252 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2008-2251 (Double free vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-2250 (The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2008-2249 (Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-2248 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2247 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Exchange Server
CVE-2008-2246 (Microsoft Windows Vista through SP1 and Server 2008 do not properly ...)
	NOT-FOR-US: Microsoft Windows Vista
CVE-2008-2245 (Heap-based buffer overflow in the InternalOpenColorProfile function in ...)
	NOT-FOR-US: Microsoft Windows Image Color Management System (MSCMS)
CVE-2008-2244 (Microsoft Office Word 2002 SP3 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Office Word
CVE-2008-2243
	REJECTED
CVE-2008-2242 (Multiple buffer overflows in xdr functions in the server in CA ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2241 (Directory traversal vulnerability in caloggerd in CA BrightStor ...)
	NOT-FOR-US: CA BrightStor ARCServe Backup
CVE-2008-2240 (Stack-based buffer overflow in the Web Server service in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2008-2239
	RESERVED
CVE-2008-2238 (Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2237 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 ...)
	{DSA-1661-1}
	- openoffice.org 1:2.4.1-12
CVE-2008-2236 (Cross-site scripting (XSS) vulnerability in blosxom.cgi in Blosxom ...)
	- blosxom 2.1.2-1 (low; bug #500873)
	[etch] - blosxom 2.0-14+etch1 (low; bug #500873)
CVE-2008-2235 (OpenSC before 0.11.5 uses weak permissions (ADMIN file control ...)
	{DSA-1627-2}
	- opensc 0.11.4-4
	NOTE: https://web.archive.org/web/20081222095654/http://www.opensc-project.org/security.html
CVE-2008-2234 (Multiple buffer overflows in Openwsman 1.2.0 and 2.0.0 allow remote ...)
	NOT-FOR-US: Openwsman
CVE-2008-2233 (The client in Openwsman 1.2.0 and 2.0.0, in unknown configurations, ...)
	NOT-FOR-US: Openwsman
CVE-2008-2232 (The expand_template function in afuse.c in afuse 0.2 allows local ...)
	{DSA-1611-1 DTSA-149-1}
	- afuse 0.2-3 (bug #490921; medium)
CVE-2008-2231 (SQL injection vulnerability in Slashdot Like Automated Storytelling ...)
	{DSA-1633-1}
	- slash <removed> (medium; bug #484499)
	NOTE: See CVE-2008-2553
	NOTE: maintainer wants to remove package from unstable and move to experimental
CVE-2008-2230 (Untrusted search path vulnerability in (1) reportbug 3.8 and 3.31, and ...)
	- reportbug 3.41 (low; bug #484311)
	- reportbug-ng 0.2008.03.28 (low; bug #484474)
	[etch] - reportbug <no-dsa> (Unlikely attack scenario)
CVE-2008-2229
	RESERVED
CVE-2008-2228 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cyberfolio
CVE-2008-2227 (Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-2226 (Unspecified vulnerability in the export feature in OpenKM before 2.0 ...)
	NOT-FOR-US: OpenKM
CVE-2008-2225 (SQL injection vulnerability in index.php in gameCMS Lite 1.0 allows ...)
	NOT-FOR-US: gameCMS
CVE-2008-2224 (Multiple PHP remote file inclusion vulnerabilities in SazCart 1.5.1, ...)
	NOT-FOR-US: SazCart
CVE-2008-2223 (SQL injection vulnerability in group_posts.php in vShare YouTube Clone ...)
	NOT-FOR-US: vShare YouTube Clone
CVE-2008-2222 (SQL injection vulnerability in login.php in EQdkp 1.3.2f allows remote ...)
	NOT-FOR-US: EQdkp
CVE-2008-2221 (Unspecified vulnerability in the Java plugin in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-2220 (Multiple PHP remote file inclusion vulnerabilities in Interact ...)
	NOT-FOR-US: Interact Learning Community Environment
CVE-2008-2219 (Cross-site scripting (XSS) vulnerability in install.php in C-News.fr ...)
	NOT-FOR-US: C-News.fr
CVE-2008-2218 (Buffer overflow in the Multimedia PC Client in Nortel Multimedia ...)
	NOT-FOR-US: Nortel Multimedia
CVE-2008-2217 (Directory traversal vulnerability in cm/graphie.php in Content ...)
	NOT-FOR-US: CMS Phprojekt
CVE-2008-2216 (Unrestricted file upload vulnerability in src/yopy_upload.php in ...)
	NOT-FOR-US: PBCS
CVE-2008-2215 (Multiple directory traversal vulnerabilities in Project-Based ...)
	NOT-FOR-US: PBCS
CVE-2008-2214 (Stack-based buffer overflow in the Network Manager in Castle Rock ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2008-2213 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Links
CVE-2008-2212 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Cart 1.1 ...)
	NOT-FOR-US: Maian Cart
CVE-2008-2211 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Guestbook
CVE-2008-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Support ...)
	NOT-FOR-US: Maian Support
CVE-2008-2209 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2208 (SQL injection vulnerability in index.php in Maian Greeting 2.1 allows ...)
	NOT-FOR-US: Maian Greeting
CVE-2008-2207 (Cross-site scripting (XSS) vulnerability in admin/index.php in Maian ...)
	NOT-FOR-US: Maian Gallery
CVE-2008-2206 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Music 1.1 ...)
	NOT-FOR-US: Maian Music
CVE-2008-2205 (SQL injection vulnerability in index.php in Maian Music 1.1 allows ...)
	NOT-FOR-US: Maian Music
CVE-2008-2204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Search
CVE-2008-2203 (SQL injection vulnerability in search.php in Maian Search 1.1 allows ...)
	NOT-FOR-US: Maian Search
CVE-2008-2202 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader ...)
	NOT-FOR-US: Maian Uploader
CVE-2008-2201 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Maian Recipe
CVE-2008-2200 (Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog ...)
	NOT-FOR-US: Maian Weblog
CVE-2008-2199 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kmita Mail
CVE-2008-2198 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kmita Tellfriend
CVE-2008-2197 (SQL injection vulnerability in the blogwriter module 2.0 for Miniweb ...)
	NOT-FOR-US: Miniweb
CVE-2008-2196 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...)
	NOT-FOR-US: LifeType
CVE-2008-2195 (Static code injection vulnerability in admincp.php in DeluxeBB 1.2 and ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2194 (SQL injection vulnerability in forums.php in DeluxeBB 1.2 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-2193 (PHP remote file inclusion vulnerability in example.php in Thomas ...)
	NOT-FOR-US: ScorpNews
CVE-2008-2192 (Static code injection vulnerability in box/minichat/boxpop.php in ...)
	NOT-FOR-US: itcms
CVE-2008-2191 (SQL injection vulnerability in the pnEncyclopedia module 0.2.0 and ...)
	NOT-FOR-US: pnEncyclopedia
CVE-2008-2190 (SQL injection vulnerability in index.php in Online Rent (aka Online ...)
	NOT-FOR-US: Online Rental Property Script
CVE-2008-2189 (SQL injection vulnerability in viewfaqs.php in AnServ Auction XL ...)
	NOT-FOR-US: Online AnServ Auction XL
CVE-2008-2188 (Multiple cross-site scripting (XSS) vulnerabilities in EJ3 BlackBook ...)
	NOT-FOR-US: EJ3 BlackBook
CVE-2008-2187 (Cross-site scripting (XSS) vulnerability in mjguest.php in Mjguest 6.7 ...)
	NOT-FOR-US: Mjguest
CVE-2008-2186 (Cross-site scripting (XSS) vulnerability in index.php in Chilek ...)
	NOT-FOR-US: Chilek CMS
CVE-2008-2185 (Directory traversal vulnerability in index.php in SMartBlog (aka ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2184 (Multiple SQL injection vulnerabilities in SMartBlog (aka SMBlog) 1.3 ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2183 (SQL injection vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 ...)
	NOT-FOR-US: SMartBlog (SMBlog)
CVE-2008-2182 (Cross-site scripting (XSS) vulnerability in the powermail extension ...)
	NOT-FOR-US: powermail extension for TYPO3
CVE-2008-2181 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: cpLinks
CVE-2008-2180 (Multiple SQL injection vulnerabilities in cpLinks 1.03, when ...)
	NOT-FOR-US: cpLinks
CVE-2008-2179 (Cross-site scripting (XSS) vulnerability in SystemList.jsp in SysAid ...)
	NOT-FOR-US: SysAid
CVE-2008-2178 (Cross-site scripting (XSS) vulnerability in admin.php in LifeType ...)
	NOT-FOR-US: LifeType
CVE-2008-2177 (Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, ...)
	NOT-FOR-US: phpDirectorySource
CVE-2008-2176 (Cross-site scripting (XSS) vulnerability in admin/category.php in ...)
	NOT-FOR-US: Zomplog
CVE-2008-2175 (SQL injection vulnerability in comments.php in Gamma Scripts BlogMe ...)
	NOT-FOR-US: Gamma Scripts BlogMe PHP
CVE-2008-2174 (Multiple unspecified vulnerabilities in Robin Rawson-Tetley Animal ...)
	NOT-FOR-US: Animal Shelter Manager
CVE-2008-2173 (Unspecified vulnerability in Yamaha routers allows remote attackers to ...)
	NOT-FOR-US: Yamaha routers
CVE-2008-2172 (Unspecified vulnerability in Hitachi GR routers allows remote ...)
	NOT-FOR-US: Hitachi GR routers
CVE-2008-2171 (Unspecified vulnerability in AlaxalA AX routers allows remote ...)
	NOT-FOR-US: AlaxalA AX routers
CVE-2008-2170 (Unspecified vulnerability in Century routers allows remote attackers ...)
	NOT-FOR-US: Century routers
CVE-2008-2169 (Unspecified vulnerability in Avici routers allows remote attackers to ...)
	NOT-FOR-US: Avici routers
CVE-2008-2168 (Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier ...)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch4 (low)
	NOTE: This is really a browser issue. Recent apache versions add a workaround.
CVE-2008-2167 (Cross-site scripting (XSS) vulnerability in ZyXEL ZyWALL 100 allows ...)
	NOT-FOR-US: ZyXEL ZyWALL
CVE-2008-2166 (Cross-site scripting (XSS) vulnerability in the search module in Sun ...)
	NOT-FOR-US: Sun Java System
CVE-2008-2165 (Cross-site scripting (XSS) vulnerability in AccessCodeStart.asp in ...)
	NOT-FOR-US: Cisco Building Broadband Service Manager (BBSM) Captive Portal
CVE-2008-2164
	RESERVED
CVE-2008-2163 (Cross-site scripting (XSS) vulnerability in IBM Lotus Quickr 8.1 ...)
	NOT-FOR-US: IBM Lotus Quickr
CVE-2008-2276 (Cross-site request forgery (CSRF) vulnerability in ...)
	- mantis 1.0.8-4.1 (bug #481504)
CVE-2008-2266 (uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and ...)
	- uudeview 0.5.20-3.1 (low; bug #480972)
	[etch] - uudeview <no-dsa> (Minor issue)
	- libconvert-uulib-perl <not-affected> (Code patched by libconver-uulib upstream to use mkstemp)
	- pan <not-affected> (Code patched to use g_mkstemp)
	NOTE: See CVE-2004-2265, where the problem occured as well
CVE-2008-2302 (Cross-site scripting (XSS) vulnerability in the login form in the ...)
	- python-django 0.96.2-1 (bug #481164; low)
	[etch] - python-django 0.95.1-1etch1
	NOTE: Minor issue fixed in 4.0r4 point release
CVE-2008-2162 (Cross-site scripting (XSS) vulnerability in SonicWall Email Security ...)
	NOT-FOR-US: SonicWall Email Security
CVE-2008-2161 (Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly ...)
	NOT-FOR-US: TFTP Server SP 1.4 and 1.5 on Windows
CVE-2008-2160 (Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image ...)
	NOT-FOR-US: Microsoft Windows CE 5.0
CVE-2008-2159 (Microsoft Internet Explorer 7 can save encrypted pages in the cache ...)
	NOT-FOR-US: Microsoft Internet Explorer 7
CVE-2008-2158 (Multiple stack-based buffer overflows in the Command Line Interface ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2157 (robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows ...)
	NOT-FOR-US: AlphaStor
CVE-2008-2156
	RESERVED
CVE-2008-2155
	RESERVED
CVE-2008-2154 (IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 provides an ...)
	NOT-FOR-US: IBM DB2
CVE-2008-2153
	RESERVED
CVE-2008-2152 (Integer overflow in the rtl_allocateMemory function in ...)
	- openoffice.org <not-affected> (openoffice in Debian does not use the custom allocations but g/malloc)
	NOTE: see ooo-build/distro-configs/CommonLinux.conf.in, openoffice builds on Debian using
	NOTE: --with-alloc=system which causes the build scripts to use the system allocators instead of the
	NOTE: custom ones
CVE-2008-2151
	RESERVED
CVE-2008-2150
	RESERVED
CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, ...)
	{DSA-1634-1}
	- wordnet 1:3.0-10 (bug #481186)
	NOTE: wordnet can be used as a backend to web applications
CVE-2008-2148 (The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and ...)
	- linux-2.6 2.6.25-3 (bug #481195)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: utimensat() was introduced in 2.6.22 and sched_slice() in 2.6.24
CVE-2008-2145 (Stack-based buffer overflow in Novell Client 4.91 SP4 and earlier ...)
	NOT-FOR-US: Novell Client 4.91 SP4
CVE-2008-2144 (Multiple unspecified vulnerabilities in Solaris print service for Sun ...)
	NOT-FOR-US: Solaris print service
CVE-2008-2143 (Unspecified versions of Microsoft Outlook Web Access (OWA) use the ...)
	NOT-FOR-US: Microsoft Outlook Web Access (OWA)
CVE-2008-2141
	RESERVED
CVE-2008-2140 (Cross-site request forgery (CSRF) vulnerability in the rootpw plugin ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2139 (The rootpw plugin in rPath Appliance Platform Agent 2 and 3 does not ...)
	NOT-FOR-US: rpath Appliance Platform Agent
CVE-2008-2138 (Oracle Application Server (OracleAS) Portal 10g allows remote ...)
	NOT-FOR-US: Oracle Application Server (OracleAS) Portal 10g
CVE-2008-2137 (The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 5816339310b2d9623cf413d33e538b45e815da5d, part of 2.6.25.3
CVE-2008-2136 (Memory leak in the ipip6_rcv function in net/ipv6/sit.c in the Linux ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-3
	- linux-2.6.24 2.6.24-6~etchnhalf.3
	NOTE: Upstream commit: 36ca34cc3b8335eb1fe8bd9a1d0a2592980c3f02, part of 2.6.25.3
CVE-2008-2135 (Multiple SQL injection vulnerabilities in VisualShapers ezContents ...)
	NOT-FOR-US: VisualShapers ezContents
CVE-2008-2134 (The Journal module in Tru-Zone Nuke ET 3.x allows remote attackers to ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2133 (Cross-site scripting (XSS) vulnerability in the Journal module in ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2008-2132 (SQL injection vulnerability in step1.asp in Systementor PostcardMentor ...)
	NOT-FOR-US: Systementor PostcardMentor
CVE-2008-2131 (Cross-site scripting (XSS) vulnerability in mvnForum 1.1 GA allows ...)
	NOT-FOR-US: mvnForum
CVE-2008-2130 (SQL injection vulnerability in poll_vote.php in iGaming CMS 1.5 allows ...)
	NOT-FOR-US: iGaming
CVE-2008-2129 (SQL injection vulnerability in index.php in Galleristic 1.0, when ...)
	NOT-FOR-US: Galleristic
CVE-2008-2128 (PHP remote file inclusion vulnerability in templates/header.php in CMS ...)
	NOT-FOR-US: Faethon
CVE-2008-2127 (Cross-site scripting (XSS) vulnerability in search.php in CMS Faethon ...)
	NOT-FOR-US: Faethon
CVE-2008-2126 (Multiple cross-site scripting (XSS) vulnerabilities in Tux CMS 0.1 ...)
	NOT-FOR-US: Tux CMS
CVE-2008-2125 (SQL injection vulnerability in viewalbums.php in Musicbox 2.3.6 and ...)
	NOT-FOR-US: Musicbox
CVE-2008-2124 (SQL injection vulnerability in modules/print.asp in fipsASP fipsCMS ...)
	NOT-FOR-US: fipsASP
CVE-2008-2123 (Cross-site scripting (XSS) vulnerability in WGate in SAP Internet ...)
	NOT-FOR-US: WGate
CVE-2008-2122 (IBM Rational Build Forge 7.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: IBM Rational Build Forge
CVE-2008-2121 (The TCP implementation in Sun Solaris 8, 9, and 10 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2120 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2008-2119 (Asterisk Open Source 1.0.x and 1.2.x before 1.2.29 and Business ...)
	- asterisk 1.4
	NOTE: http://downloads.digium.com/pub/security/AST-2008-008.html
CVE-2008-2118 (SQL injection vulnerability in info.php in Project Alumni 1.0.9 allows ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2117 (Cross-site scripting (XSS) vulnerability in pages/news.page.inc in ...)
	NOT-FOR-US: Project Alumni
CVE-2008-2116 (Multiple directory traversal vulnerabilities in editor.php in ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2115 (Multiple cross-site scripting (XSS) vulnerabilities in editor.php in ...)
	NOT-FOR-US: ScriptsEZ.net Power Editor
CVE-2008-2114 (SQL injection vulnerability in emall/search.php in Pre Shopping Mall ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2008-2113 (SQL injection vulnerability in annuaire.php in PHPEasyData 1.5.4 ...)
	NOT-FOR-US: PHPEasyData
CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to ...)
	- fnord 1.7-1 (low)
CVE-2008-2142 (Emacs 21 and XEmacs automatically load and execute .flc (fast lock) ...)
	- emacs22 22.2+2-3 (low; bug #480885)
	- xemacs21-packages 2009.02.17-1 (low; bug #480886)
	[etch] - xemacs21-packages <no-dsa> (Minor issue)
	[lenny] - xemacs21-packages <no-dsa> (Minor issue)
	[etch] - xemacs21 <no-dsa> (Minor issue)
	[lenny] - xemacs21 <no-dsa> (Minor issue)
	- emacs21 21.4a+1-5.5 (low; bug #480877)
	[etch] - emacs21 <no-dsa> (Minor issue)
CVE-2008-2147 (Untrusted search path vulnerability in VideoLAN VLC before 0.9.0 ...)
	{DSA-1819-1 DTSA-132-1}
	- vlc 0.8.6.e-2.2 (low; bug #480724)
	NOTE: https://trac.videolan.org/vlc/ticket/1578
	NOTE: http://git.videolan.org/?p=vlc.git;a=commit;h=c7cef4fdd8dd72ce0a45be3cda8ba98df5e83181
CVE-2008-6339
	REJECTED
CVE-2008-2112 (Unspecified vulnerability in Sun Ray Kiosk Mode 4.0 allows local and ...)
	NOT-FOR-US: Sun Ray Kiosk Mode
CVE-2008-2111 (The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and ...)
	NOT-FOR-US: Yahoo Assistant
CVE-2008-2110 (Unrestricted file upload vulnerability in qtofm.php in QTOFileManager ...)
	NOT-FOR-US: QTOFileManager
CVE-2008-2109 (field.c in the libid3tag 0.15.0b library allows context-dependent ...)
	- libid3tag 0.15.1b-8 (low; bug #480187)
	[etch] - libid3tag <no-dsa> (Minor issue)
	NOTE: totally different approach to fix the bug, see Kurts comments in the bug report
CVE-2008-2108 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: http://web.archive.org/web/20120118120046/http://www.sektioneins.de/advisories/SE-2008-02.txt
CVE-2008-2107 (The GENERATE_SEED macro in PHP 4.x before 4.4.8 and 5.x before 5.2.5, ...)
	{DSA-1789-1}
	- php5 5.2.2-1 (low)
	NOTE: closely related to CVE-2008-2108
CVE-2008-2106 (Call of Duty 4 (CoD4) 1.5 and earlier allows remote authenticated ...)
	NOT-FOR-US: Call of Duty
CVE-2008-2105 (email_in.pl in Bugzilla 2.23.4, 3.0.x before 3.0.4, and 3.1.x before ...)
	- bugzilla 3.0.4-1 (low)
	[etch] - bugzilla <not-affected> (vulnerable code introduced in 2.23.4)
CVE-2008-2104 (The WebService in Bugzilla 3.1.3 allows remote authenticated users ...)
	- bugzilla <not-affected> (regression introduced in 3.1.3 referring to upstream)
CVE-2008-2103 (Cross-site scripting (XSS) vulnerability in Bugzilla 2.17.2 and later ...)
	- bugzilla 3.0.4-1 (low; bug #480190)
	[etch] - bugzilla <no-dsa> (Minor issue)
CVE-2008-2102
	RESERVED
CVE-2008-2101 (The VMware Consolidated Backup (VCB) command-line utilities in VMware ...)
	NOT-FOR-US: VMware ESX
CVE-2008-2100 (Multiple buffer overflows in VIX API 1.1.x before 1.1.4 build 93057 on ...)
	- vmware-package <removed> (low; bug #485919)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2099 (Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 ...)
	- vmware-package <not-affected> (Windows issue according to CVE)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2008-2098 (Heap-based buffer overflow in the VMware Host Guest File System (HGFS) ...)
	- vmware-package <removed> (low; bug #484491)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-2097 (Buffer overflow in the openwsman management service in VMware ESXi 3.5 ...)
	NOT-FOR-US: Vmware ESX/i
CVE-2008-2096 (SQL injection vulnerability in BackLinkSpider allows remote attackers ...)
	NOT-FOR-US: BackLinkSpider
CVE-2008-2095 (SQL injection vulnerability in index.php in the FlippingBook ...)
	NOT-FOR-US: FlippingBook
CVE-2008-2094 (SQL injection vulnerability in article.php in the Article module for ...)
	NOT-FOR-US: XOOPS
CVE-2008-2093 (SQL injection vulnerability in the Profiler (com_comprofiler) ...)
	NOT-FOR-US: JOOMLA extra component
CVE-2008-2092 (Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause ...)
	NOT-FOR-US: Linksys SPA-2102 Phone Adapter
CVE-2008-2091 (Directory traversal vulnerability in ipn.php in KubeLabs Kubelance ...)
	NOT-FOR-US: Kubelance
CVE-2008-2090 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2089 (Unspecified vulnerability in the SCTP protocol implementation in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-2088 (SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 ...)
	NOT-FOR-US: PHP Forge
CVE-2008-2087 (SQL injection vulnerability in search_result.php in Softbiz Web Host ...)
	NOT-FOR-US: Softbiz Web Host Directory Script
CVE-2008-2086 (Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and ...)
	- openjdk-6 <not-affected> (browser plugin is different code base)
	- sun-java5 <removed>
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
	[lenny] - sun-java5 <no-dsa> (Non-free not supported)
	- sun-java6 6-10-1
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
CVE-2008-2084 (SQL injection vulnerability in topics.php in the MyArticles 0.6 beta-1 ...)
	NOT-FOR-US: MyArticles
CVE-2008-2083 (SQL injection vulnerability in directory.php in Prozilla Hosting ...)
	NOT-FOR-US: Prozilla Hosting
CVE-2008-2082 (Cross-site scripting (XSS) vulnerability in index.php in Siteman ...)
	NOT-FOR-US: Siteman
CVE-2008-2081 (Directory traversal vulnerability in index.php in Siteman 2.0.x2 ...)
	NOT-FOR-US: Siteman
CVE-2008-2080 (Stack-based buffer overflow in the Read32s_64 function in ...)
	NOT-FOR-US: NASA Goddard Space Flight Center Common Data Format (CDF) library
CVE-2008-2079 (MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, ...)
	{DSA-1608-1 DTSA-150-1}
	- mysql-dfsg-5.0 5.0.51a-10 (low; bug #480292)
CVE-2008-2078 (Robocode before 1.6.0 allows user-assisted remote attackers to &quot;access ...)
	- robocode 1.6.0~beta2-1 (low)
CVE-2008-2077 (Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-2076 (Directory traversal vulnerability in admin.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts
CVE-2008-2075 (Cross-site scripting (XSS) vulnerability in pic.php in AstroCam 2.5.0 ...)
	NOT-FOR-US: AstroCam
CVE-2008-2074 (Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin ...)
	NOT-FOR-US: Harris Yusuf Arifin Harris Wap Chat 1.0
CVE-2008-2073 (Directory traversal vulnerability in include/global.inc.php in Virtual ...)
	NOT-FOR-US: vlbook
CVE-2008-2072 (Cross-site scripting (XSS) vulnerability in index.php in Virtual ...)
	NOT-FOR-US: vlbook
CVE-2008-2071 (Multiple cross-site request forgery (CSRF) vulnerabilities in the WHM ...)
	NOT-FOR-US: cPanel
CVE-2008-2070 (The WHM interface 11.15.0 for cPanel 11.18 before 11.18.4 and 11.22 ...)
	NOT-FOR-US: cPanel
CVE-2008-2069 (Buffer overflow in Novell GroupWise 7 allows remote attackers to cause ...)
	NOT-FOR-US: Novell GroupWise
CVE-2008-2068 (Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows ...)
	- wordpress 2.5.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2008-2067 (SQL injection vulnerability in bb_admin.php in miniBB 2.2a allows ...)
	NOT-FOR-US: miniBB
CVE-2008-2066 (Cross-site scripting (XSS) vulnerability in bb_admin.php in miniBB ...)
	NOT-FOR-US: miniBB
CVE-2008-2065 (SQL injection vulnerability in jokes.php in YourFreeWorld Jokes Site ...)
	NOT-FOR-US: YourFreeWorld
CVE-2008-2064 (Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have ...)
	{DSA-1580-1}
	- phpgedview 4.1.e+4.1.5-1
CVE-2008-2063 (SQL injection vulnerability in browse.videos.php in Joovili 3.1 allows ...)
	NOT-FOR-US: Joovili
CVE-2008-2062 (The Real-Time Information Server (RIS) Data Collector service in Cisco ...)
	NOT-FOR-US: Cisco Real-Time Information Server (RIS) Data Collector service
CVE-2008-2061 (The Computer Telephony Integration (CTI) Manager service in Cisco ...)
	NOT-FOR-US: Cisco Computer Telephony Integration (CTI) Manager service
CVE-2008-2060 (Unspecified vulnerability in Cisco Intrusion Prevention System (IPS) ...)
	NOT-FOR-US: Cisco
CVE-2008-2059 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2058 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2057 (The Instant Messenger (IM) inspection engine in Cisco Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2008-2056 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2055 (Cisco Adaptive Security Appliance (ASA) and Cisco PIX security ...)
	NOT-FOR-US: Cisco
CVE-2008-2054 (Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 ...)
	NOT-FOR-US: Cisco CiscoWorks Common Services
CVE-2008-2053 (Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) ...)
	NOT-FOR-US: Cisco Unified Customer Voice Portal
CVE-2008-2052 (Open redirect vulnerability in redirect.php in Bitrix Site Manager 6.5 ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2008-2049 (The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows ...)
	NOT-FOR-US: E-Post Mail Server
CVE-2008-2048 (Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2047 (Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow ...)
	NOT-FOR-US: Angelo-Emlak
CVE-2008-2046 (Cross-site scripting (XSS) vulnerability in index.php in Softpedia ...)
	NOT-FOR-US: Softpedia
CVE-2008-2045 (Absolute path traversal vulnerability in SugarCRM Sugar Community ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2008-2044 (includes/library.php in netOffice Dwins 1.3 p2 compares the ...)
	NOT-FOR-US: netOffice Dwins
CVE-2008-2043 (Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, ...)
	NOT-FOR-US: cPanel
CVE-2008-2085 (Multiple stack-based buffer overflows in the (1) get_remote_ip_media ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-2051 (The escapeshellcmd API function in PHP before 5.2.6 has unknown impact ...)
	{DSA-1578-1 DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://www.php.net/ChangeLog-5.php
	NOTE: http://web.archive.org/web/20120524033327/http://www.sektioneins.de/advisories/SE-2008-03.txt
CVE-2008-2050 (Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: php4 not affected, the vulnerable code isn't present
	NOTE: http://www.php.net/ChangeLog-5.php
CVE-2008-2042 (The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-2039
	REJECTED
CVE-2008-2038 (Multiple SQL injection vulnerabilities in admin/adminindex.php in ...)
	NOT-FOR-US: Tunkey WebTools
CVE-2008-2037 (Multiple cross-site scripting (XSS) vulnerabilities in EditeurScripts ...)
	NOT-FOR-US: EidteurScripts
CVE-2008-2036 (SQL injection vulnerability in index.php in dream4 Koobi Pro 6.25 ...)
	NOT-FOR-US: Koobi Pro
CVE-2008-2035 (Cross-site scripting (XSS) vulnerability in the Bluemoon, Inc. (1) ...)
	NOT-FOR-US: Bluemoon
CVE-2008-2034 (SQL injection vulnerability in wp-download_monitor/download.php in the ...)
	NOT-FOR-US: wordpress Download Monitor 2.0.6 plugin
CVE-2008-2033
	REJECTED
CVE-2008-2032 (The FTP service in Acritum Femitter Server 1.03 allows remote ...)
	NOT-FOR-US: Acritum Femitter Server
CVE-2008-2031 (VicFTPS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: VicFTPS
CVE-2008-2030 (Cross-site scripting (XSS) vulnerability in installControl.php3 in F5 ...)
	NOT-FOR-US: FirePass
CVE-2008-2029 (Multiple SQL injection vulnerabilities in (1) setup_mysql.php and (2) ...)
	NOT-FOR-US: miniBB
CVE-2008-2028 (miniBB 2.2, and possibly earlier, when register_globals is enabled, ...)
	NOT-FOR-US: miniBB
CVE-2008-2027 (Open redirect vulnerability in WebID/IISWebAgentIF.dll in RSA ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2026 (Cross-site scripting (XSS) vulnerability in WebID/IISWebAgentIF.dll in ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2008-2025 (Cross-site scripting (XSS) vulnerability in Apache Struts before ...)
	- libstruts1.2-java 1.2.9-3.1 (low; bug #528352)
	[lenny] - libstruts1.2-java <no-dsa> (Minor issue)
CVE-2008-2024 (Cross-site scripting (XSS) vulnerability in index.php in miniBB 2.2, ...)
	NOT-FOR-US: miniBB
CVE-2008-2023 (Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2022 (Mulatiple cross-site scripting (XSS) vulnerabilities in PD9 Software ...)
	NOT-FOR-US: MegaBBS
CVE-2008-2021 (Heap-based buffer overflow in Lhaplus before 1.57 allows remote ...)
	NOT-FOR-US: Lhaplus
CVE-2008-2020 (The CAPTCHA implementation as used in (1) Francisco Burzi PHP-Nuke 7.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-2019 (Simple Machines Forum (SMF), probably 1.1.4, relies on &quot;randomly ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-2018 (The AssignUser function in template.class.php in PHPizabi 0.848b C1 ...)
	NOT-FOR-US: PHPizabi
CVE-2008-2017 (Directory traversal vulnerability in Chilek Content Management System ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2016 (PHP remote file inclusion vulnerability in Chilek Content Management ...)
	NOT-FOR-US: Chilek Content Management System
CVE-2008-2015 (Multiple absolute path traversal vulnerabilities in certain ActiveX ...)
	NOT-FOR-US: WatchFire
CVE-2008-2014 (Mozilla Firefox 3.0 beta 5 allows remote attackers to cause a denial ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes / hangs not treated as security issues
CVE-2008-2013 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
	NOT-FOR-US: pnFlashGames
CVE-2008-2012 (SQL injection vulnerability in index.php in the PostSchedule 1.0 ...)
	NOT-FOR-US: PostSchedule
CVE-2008-2011 (Cross-site scripting (XSS) vulnerability in the National Rail ...)
	NOT-FOR-US: National Rail Enquiries Live Departure Boards gadget
CVE-2008-2010 (Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 ...)
	NOT-FOR-US: Windows
CVE-2008-2009 (Xiph.org libvorbis before 1.0 does not properly check for ...)
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-4 (bug #482039)
	[etch] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	[lenny] - libvorbis <not-affected> (actual vulnerability fixed pre-1.0)
	NOTE: additional hardening features have already been added to the unstable
	NOTE: packages that would be useful to have in stable, so proposing as spu/ospu
CVE-2008-2008 (Buffer overflow in the Display Names message feature in Cerulean ...)
	NOT-FOR-US: Cerulean Studios Trillian Basic
CVE-2008-2007
	REJECTED
CVE-2008-2006 (Apple iCal 3.0.1 on Mac OS X allows remote CalDAV servers, and ...)
	NOT-FOR-US: Apple iCal
CVE-2008-2005 (The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before ...)
	NOT-FOR-US: SuiteLink
CVE-2008-2004 (The drive_init function in QEMU 0.9.1 determines the format of a raw ...)
	{DTSA-133-1}
	- qemu 0.9.1-5
	- kvm 66+dfsg-1.1 (bug #481204)
	- xen-3 3.4.0-1 (bug #490409)
	- xen-unstable <removed> (bug #490411)
	- xen-3.0 <removed>
CVE-2008-2003 (BadBlue 2.72 Personal Edition stores multiple programs in the web ...)
	NOT-FOR-US: BadBlue
CVE-2008-2002 (Multiple cross-site request forgery (CSRF) vulnerabilities on Motorola ...)
	NOT-FOR-US: Motorola software
CVE-2008-2001 (Apple Safari 3.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
CVE-2008-2000 (Unspecified vulnerability in Apple Safari 3.1.1 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1999 (Apple Safari 3.1.1 allows remote attackers to spoof the address bar by ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1998 (The NNSTAT (aka SYSPROC.NNSTAT) procedure in IBM DB2 8 before FP16, ...)
	NOT-FOR-US: Windows specific
CVE-2008-1997 (Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-1996 (licq before 1.3.6 allows remote attackers to cause a denial of service ...)
	- licq 1.3.5-6 (low; bug #479036)
	[etch] - licq <no-dsa> (Minor issue)
CVE-2008-1995 (Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a ...)
	NOT-FOR-US: Sun Java System Directory Proxy Server
CVE-2008-1994 (Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and ...)
	- acon 1.0.5-6.1 (low; bug #475733)
CVE-2008-1993 (Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, ...)
	NOT-FOR-US: Acidcat
CVE-2008-1992 (Acidcat CMS 3.4.1 does not properly restrict access to (1) ...)
	NOT-FOR-US: Acidcat
CVE-2008-1991 (Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in ...)
	NOT-FOR-US: Acidcat
CVE-2008-1990 (Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow ...)
	NOT-FOR-US: Acidcat
CVE-2008-1989 (PHP remote file inclusion vulnerability in 123flashchat.php in the 123 ...)
	NOT-FOR-US: Flash Chat
CVE-2008-1988 (Unrestricted file upload vulnerability in the file_upload function in ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1987 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1986 (Cross-site scripting (XSS) vulnerability in liste_article.php in Blog ...)
	NOT-FOR-US: PixelMotion
CVE-2008-1985 (Cross-site scripting (XSS) vulnerability in base.php in DigitalHive ...)
	NOT-FOR-US: DigitalHive
CVE-2008-1984 (The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure ...)
	NOT-FOR-US: eTrust
CVE-2008-1983 (Cross-site scripting (XSS) vulnerability in Advanced Electron Forum ...)
	NOT-FOR-US: Advanced Electron Forum (AEF)
CVE-2008-1982 (SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) ...)
	NOT-FOR-US: Wordpress Spreadsheet plugin
CVE-2008-1981 (Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x ...)
	NOT-FOR-US: e-publish
CVE-2008-1980 (Cross-site scripting (XSS) vulnerability in E-Publish 5.x before ...)
	NOT-FOR-US: e-publish
CVE-2008-1979 (The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2008-1978 (Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before ...)
	NOT-FOR-US: Ubercart
CVE-2008-1977 (Cross-site request forgery (CSRF) vulnerability in the ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1976 (Multiple cross-site scripting (XSS) vulnerabilities in the Drupal ...)
	NOT-FOR-US: Drupal internationalization and localizer module
CVE-2008-1975 (SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote ...)
	NOT-FOR-US: E-RESERV
CVE-2008-1973 (Heap-based buffer overflow in SubEdit Player build 4056 and 4066 ...)
	NOT-FOR-US: SubEdit Player
CVE-2008-1972 (Multiple cross-site scripting (XSS) vulnerabilities in the user ...)
	NOT-FOR-US: Exponent CMS
CVE-2008-1971 (phShoutBox Final 1.5 and earlier only checks passwords when specified ...)
	NOT-FOR-US: phShoutBox
CVE-2008-1970 (muCommander before 0.8.2 stores credentials.xml with insecure ...)
	NOT-FOR-US: muCommander
CVE-2008-1969 (Multiple cross-site scripting (XSS) vulnerabilities in Cezanne 6.5.1 ...)
	NOT-FOR-US: Cezanne
CVE-2008-1968 (Multiple SQL injection vulnerabilities in Cezanne 7 allow remote ...)
	NOT-FOR-US: Cezanne
CVE-2008-1967 (Cross-site scripting (XSS) vulnerability in CFLogon/CFLogon.asp in ...)
	NOT-FOR-US: Cezanne
CVE-2008-1966 (Multiple buffer overflows in the JAR file administration routines in ...)
	NOT-FOR-US: Windows specific
CVE-2008-1965 (Argument injection vulnerability in the cai: URI handler in ...)
	NOT-FOR-US: Lotus Expeditor
CVE-2008-1964 (** DISPUTED ** ...)
	- xine-lib <not-affected> (nsf support disabled by maintainer)
	NOTE: xine-lib (1.1.12) uses strndup to allocate the needed memory and limits it to 32 bytes
	NOTE: while copyright is 100 bytes long (+ padding for chunks)
CVE-2008-1963 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Quate Grape Web Statistics
CVE-2008-1962 (Multiple directory traversal vulnerabilities in Aterr 0.9.1 allow ...)
	NOT-FOR-US: Aterr
CVE-2008-1961 (SQL injection vulnerability in index.php in Voice Of Web AllMyGuests ...)
	NOT-FOR-US: Voice Of Web AllMyGuests
CVE-2008-1960 (Cross-site scripting (XSS) vulnerability in cgi-bin/contray/search.cgi ...)
	NOT-FOR-US: ContRay
CVE-2008-1959 (Stack-based buffer overflow in the get_remote_video_port_media ...)
	- sip-tester 2.0.1-1.2 (low; bug #479039)
	[etch] - sip-tester <no-dsa> (Minor issue)
CVE-2008-1958 (Unrestricted file upload vulnerability in the ajout_cat mode in ...)
	NOT-FOR-US: Tr Script News
CVE-2008-1957 (SQL injection vulnerability in news.php in Tr Script News 2.1 allows ...)
	NOT-FOR-US: Tr Script News
CVE-2008-2146 (wp-includes/vars.php in Wordpress before 2.2.3 does not properly ...)
	{DSA-1564-1}
	- wordpress 2.2.3-1
	NOTE: http://trac.wordpress.org/ticket/4748
	NOTE: fixed in DSA-1564-1
CVE-2008-2040 (Stack-based buffer overflow in the HTTP::getAuthUserPass function ...)
	{DSA-1583-1 DSA-1582-1}
	- peercast 0.1218+svn20080104-1.1 (medium; bug #478573)
	- gnome-peercast <removed>
	NOTE: etch version tested with PoC, affected
CVE-2008-1974 (Cross-site scripting (XSS) vulnerability in addevent.php in Horde ...)
	{DSA-1560-1}
	- kronolith2 2.1.8-1
CVE-2008-1956 (Cross-site scripting (XSS) vulnerability in index.php in Wikepage Opus ...)
	NOT-FOR-US: Wikepage Opus
CVE-2008-1955 (Cross-site scripting (XSS) vulnerability in rep.php in Martin BOUCHER ...)
	NOT-FOR-US: Martin BOUCHER MyBoard
CVE-2008-1954 (SQL injection vulnerability in one_day.php in Web Calendar Pro 4.1 and ...)
	NOT-FOR-US: Web Calendar Pro
CVE-2008-1953 (Cross-site scripting (XSS) vulnerability in the Sitedesigner before ...)
	NOT-FOR-US: Sitedesigner
CVE-2008-1952 (The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable <not-affected> (Vulnerable code not present, introduced in changeset 17630)
	NOTE: vulnerable code no longer present as of xen 3.4 (xenfb.c has been removed)
CVE-2008-1951 (Untrusted search path vulnerability in a certain Red Hat build script ...)
	NOT-FOR-US: Red Hat issue
CVE-2008-1950 (Integer signedness error in the _gnutls_ciphertext2compressed function ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1949 (The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (low)
	- gnutls26 2.2.5-1 (low)
CVE-2008-1948 (The _gnutls_server_name_recv_params function in lib/ext_server_name.c ...)
	{DSA-1581-1}
	- gnutls13 2.0.4-4 (medium)
	- gnutls26 2.2.5-1 (medium)
CVE-2008-1947 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 5.5.9 ...)
	{DSA-1593-1}
	- tomcat5.5 5.5.26-3 (low; bug #484643)
	- tomcat5 <removed>
CVE-2008-1946 (The default configuration of su in /etc/pam.d/su in GNU coreutils ...)
	- coreutils 5.93-1
CVE-2008-1945 (QEMU 0.9.0 does not properly handle changes to removable media, which ...)
	{DSA-1799-1}
	- qemu 0.9.1-5 (low; bug #526013)
CVE-2008-1944 (Buffer overflow in the backend framebuffer of XenSource Xen ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1943 (Buffer overflow in the backend of XenSource Xen Para Virtualized Frame ...)
	- xen-3 3.2.1-2 (medium; bug #487095)
	- xen-unstable 3.3-unstable+hg17602-1 (medium; bug #487097)
CVE-2008-1942 (Foxit Reader 2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1941 (Cross-site scripting (XSS) vulnerability in the profile update feature ...)
	NOT-FOR-US: Akiva WebBoard
CVE-2008-1940 (The RBAC functionality in grsecurity before 2.1.11-2.6.24.5 and ...)
	- linux-patch-grsecurity2 2.1.11+2.6.24.5+200804211829-1 (bug #478133)
CVE-2008-1939 (Multiple SQL injection vulnerabilities in W1L3D4 Philboard 1.0 allow ...)
	NOT-FOR-US: W1L3D4 Philboard
CVE-2008-1938 (Sony Mylo COM-2 Japanese model firmware before 1.002 does not properly ...)
	NOT-FOR-US: Sony firmware
CVE-2008-1937 (The user form processing (userform.py) in MoinMoin before 1.6.3, when ...)
	- moin 1.6.3-1
	[etch] - moin <not-affected> (1.5.x is not affected)
	NOTE: acl_hierarchic was introduced in 1.6.0
	NOTE: userform processing issue was introduced in 1.6.1
CVE-2008-1936 (SQL injection vulnerability in index.php in Classifieds Caffe allows ...)
	NOT-FOR-US: Classifieds Caffe
CVE-2008-1935 (SQL injection vulnerability in the Filiale 1.0.4 component for Joomla! ...)
	NOT-FOR-US: Filiale
CVE-2008-1934 (SQL injection vulnerability in commentaires.php in Crazy Goomba 1.2.1 ...)
	NOT-FOR-US: Crazy Goomba
CVE-2008-1933 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Zune
CVE-2008-1932 (Integer overflow in Realtek HD Audio Codec Drivers RTKVHDA.sys and ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1931 (Realtek HD Audio Codec Drivers RTKVHDA.sys and RTKVHDA64.sys before ...)
	NOT-FOR-US: Realtek HD Audio Codec
CVE-2008-1929
	RESERVED
CVE-2008-1928 (Buffer overflow in Imager 0.42 through 0.63 allows attackers to cause ...)
	- libimager-perl 0.64-1
CVE-2008-1926 (Argument injection vulnerability in login (login-utils/login.c) in ...)
	{DTSA-126-1}
	- util-linux 2.13.1.1-1 (low; bug #478135)
	[etch] - util-linux <not-affected> (Audit support not available in Etch's version)
CVE-2008-1923 (The IAX2 channel driver (chan_iax2) in Asterisk 1.2 before revision ...)
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
	[etch] - asterisk <end-of-life> (Etch Packages no longer covered by security support)
CVE-2008-1922 (Multiple stack-based buffer overflows in Sarg might allow attackers to ...)
	- sarg 2.2.4-1
CVE-2008-1921 (SQL injection vulnerability in store_pages/category_list.php in 5th ...)
	NOT-FOR-US: 5th Avenue Shopping Cart
CVE-2008-1920 (Heap-based buffer overflow in the boxelyRenderer module in the ...)
	NOT-FOR-US: ICQ
CVE-2008-1919 (SQL injection vulnerability in listtest.php in YourFreeWorld Apartment ...)
	NOT-FOR-US: YourFreeWorld Apartment Search Script
CVE-2008-1918 (SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2008-1917 (Multiple cross-site scripting (XSS) vulnerabilities in AMFPHP 1.2 ...)
	NOT-FOR-US: AMFPHP
CVE-2008-1916 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
	NOT-FOR-US: Ubercart (drupal module)
CVE-2008-1915 (SQL injection vulnerability in view.asp in DevWorx BlogWorx 1.0 allows ...)
	NOT-FOR-US: BlogWorx
CVE-2008-1930 (The cookie authentication method in WordPress 2.5 relies on a hash of ...)
	- wordpress 2.5.1-1 (medium; bug #477910)
	NOTE: only exploitable in blogs that allow user registering
	[etch] - wordpress <not-affected> (Vulnerable code was introduced in 2.5)
CVE-2008-1927 (Double free vulnerability in Perl 5.8.8 allows context-dependent ...)
	{DSA-1556-2}
	- perl 5.10.0-1 (bug #454792)
CVE-2008-1925 (Buffer overflow in InspIRCd before 1.1.18, when using the namesx and ...)
	- inspircd 1.1.18+dfsg-1 (low)
CVE-2008-1924 (Unspecified vulnerability in phpMyAdmin before 2.11.5.2, when running ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5.2-1
	NOTE: PMASA-2008-3
	NOTE: http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/QA_2_9/phpMyAdmin/libraries/tbl_replace_fields.inc.php?r1=11211&r2=11210&pathrev=11211
CVE-2008-1914 (Stack-based buffer overflow in the AntServer module (AntServer.exe) in ...)
	NOT-FOR-US: BigAnt Messenger
CVE-2008-1913 (SQL injection vulnerability in index.php in Lasernet CMS 1.5 and 1.11, ...)
	NOT-FOR-US: Lasernet CMS
CVE-2008-1912 (Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and ...)
	NOT-FOR-US: DivX Player
CVE-2008-1911 (SQL injection vulnerability in includes/system.php in 1024 CMS 1.4.2 ...)
	NOT-FOR-US: 1024 CMS
CVE-2008-1910 (Stack-based buffer overflow in the database service (ibserver.exe) in ...)
	NOT-FOR-US: Borland InterBase
CVE-2008-1909 (SQL injection vulnerability in comment.php in PHP Knowledge Base ...)
	NOT-FOR-US: PHPKB
CVE-2008-1908 (Multiple directory traversal vulnerabilities in cpCommerce 1.1.0 allow ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1907 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1906 (Cross-site scripting (XSS) vulnerability in calendar.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2008-1905 (NMMediaServer.exe in Nero MediaHome 3.3.3.0 and earlier, as used in ...)
	NOT-FOR-US: Nero MediaHome
CVE-2008-1904 (Cicoandcico CcMail 1.0.1 and earlier does not verify that the ...)
	NOT-FOR-US: CcMail
CVE-2008-1903 (PHP remote file inclusion vulnerability in news_show.php in Newanz ...)
	NOT-FOR-US: Newanz NewsOffice
CVE-2008-1902 (The GUI for aptlinex before 0.91 does not sufficiently warn the user ...)
	- aptlinex 0.91-1 (low; bug #476572)
	NOTE: the user gets a confirmation dialog
CVE-2008-1901 (aptlinex before 0.91 allows local users to overwrite arbitrary files ...)
	- aptlinex 0.91-1 (medium; bug #476588)
	NOTE: code execution via /tmp/gambas-apt-exec is also possible, maintainer confirmed this
CVE-2008-1900 (option_Update.asp in Carbon Communities 2.4 and earlier allows remote ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1899
	RESERVED
CVE-2008-1898 (A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed ...)
	NOT-FOR-US: Microsoft Works
CVE-2008-1897 (The IAX2 channel driver (chan_iax2) in Asterisk Open Source 1.0.x, ...)
	{DSA-1563-1}
	- asterisk 1:1.4.19.1~dfsg-1 (medium)
CVE-2008-1896 (Multiple cross-site scripting (XSS) vulnerabilities in Carbon ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1895 (Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and ...)
	NOT-FOR-US: Carbon Communities
CVE-2008-1894 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: BusinessObjects InfoView
CVE-2008-1893 (PHP remote file inclusion vulnerability in index.php in W2B Online ...)
	NOT-FOR-US: W2B Online Banking
CVE-2008-1892 (Cross-site scripting (XSS) vulnerability in bs_auth.php in ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1891 (Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and ...)
	- ruby1.8 1.8.7.22-1 (unimportant)
	- ruby1.9 1.9.0.2-1 (unimportant)
	NOTE: corner-case only exploitable if web application is run on windows fs
CVE-2008-1890 (SQL injection vulnerability in the Jom Comment 2.0 build 345 component ...)
	NOT-FOR-US: Jom Comment for Joomla!
CVE-2008-1889 (SQL injection vulnerability in viewcat.php in XplodPHP AutoTutorials ...)
	NOT-FOR-US: XplodPHP AutoTutorials
CVE-2008-1888 (Cross-site scripting (XSS) vulnerability in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2008-1886 (The NeffyLauncher 1.0.5 ActiveX control (NeffyLauncher.dll) in ...)
	NOT-FOR-US: CDNetworks Nefficient Download
CVE-2008-1885 (Directory traversal vulnerability in the NeffyLauncher 1.0.5 ActiveX ...)
	NOT-FOR-US: NeffyLauncher
CVE-2008-1884 (Directory traversal vulnerability in index.php in Wikepage Opus 13 ...)
	NOT-FOR-US: Wikepage
CVE-2008-1883 (The server in Blackboard Academic Suite 7.x stores MD5 password hashes ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1882
	RESERVED
CVE-2008-1881 (Stack-based buffer overflow in the ParseSSA function ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #477805)
CVE-2008-1880 (The default configuration of Firebird before 2.0.3.12981.0-r6 on ...)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Firebird 1.5 no longer supported, see last DSA)
	- firebird2.0 2.0.3.12981.ds1-14 (bug #481389)
	NOTE: on debian after the installation firebird2.0-super is disabled, to enable it
	NOTE: you need to call dpkg-reconfigure
CVE-2008-1879
	RESERVED
CVE-2007-6715 (Mozilla Firefox allows remote attackers to cause a denial of service ...)
	- iceweasel <removed> (unimportant)
	NOTE: browser dos not treated as security issues
	NOTE: cant reproduce on 2.0.0.12-1 and 2.0.0.14-2, already fixed?
CVE-2008-2041 (Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have ...)
	- egroupware 1.4.004-2.dfsg-1 (bug #476977)
CVE-2008-1876 (PHP remote file inclusion vulnerability in index.php in VisualPic ...)
	NOT-FOR-US: VisualPic
CVE-2008-1875 (SQL injection vulnerability in index.php in Terong PHP Photo Gallery ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1874 (SQL injection vulnerability in account/user/mail.html in Xpoze Pro ...)
	NOT-FOR-US: Xpoze Pro
CVE-2008-1873 (Cross-site scripting (XSS) vulnerability in the private message ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1872 (SQL injection vulnerability in home.news.php in Comdev News Publisher ...)
	NOT-FOR-US: Comdev News Publisher
CVE-2008-1871 (SQL injection vulnerability in links.php in Scriptsagent.com Links ...)
	NOT-FOR-US: Scriptsagent.com
CVE-2008-1870 (SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and ...)
	NOT-FOR-US: PIGMy-SQL
CVE-2008-1869 (SQL injection vulnerability in Site Sift Listings allows remote ...)
	NOT-FOR-US: Site Sift Listings
CVE-2008-1868 (admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1867 (SQL injection vulnerability in Blog Pixel Motion (aka Blog ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1866 (admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2008-1865 (Stack-based buffer overflow in the msx_readnode function in libmosix.c ...)
	NOT-FOR-US: openmosix-tools
CVE-2008-1864 (SQL injection vulnerability in project.php in Prozilla Freelancers ...)
	NOT-FOR-US: Prozilla Freelancers
CVE-2008-1863 (SQL injection vulnerability in view_reviews.php in Prozilla Cheat ...)
	NOT-FOR-US: Prozilla Cheat Script
CVE-2008-1862 (ExBB Italia 0.22 and earlier only checks GET requests that use the ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1861 (Directory traversal vulnerability in modules/threadstop/threadstop.php ...)
	NOT-FOR-US: ExBB Italia
CVE-2008-1860 (Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and ...)
	NOT-FOR-US: LokiCMS
CVE-2008-1859 (SQL injection vulnerability in events.php in iScripts SocialWare ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1858 (SQL injection vulnerability in index.php in 724Networks 724CMS 4.01 ...)
	NOT-FOR-US: 724Networks 724CMS
CVE-2008-1857 (Multiple directory traversal vulnerabilities in viewsource.php in Make ...)
	NOT-FOR-US: Mole
CVE-2008-1856 (plugins/maps/db_handler.php in LinPHA 1.3.3 and earlier does not ...)
	NOT-FOR-US: LinPHA
CVE-2008-1855 (FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 ...)
	NOT-FOR-US: McAfee
CVE-2008-1854 (Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in ...)
	NOT-FOR-US: SmarterMail Web Server
CVE-2008-1853 (The ovtopmd service in HP OpenView Network Node Manager (OV NNM) 7.51, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1852 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1851 (ovalarmsrv in HP OpenView Network Node Manager (OV NNM) 7.51, 7.53, ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1850 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: Omnistar Interactive OSI Affiliate
CVE-2008-1849 (Directory traversal vulnerability in index.php in the joomlaXplorer ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla! component
CVE-2008-1848 (Cross-site scripting (XSS) vulnerability in the joomlaXplorer ...)
	NOT-FOR-US: com_joomlaxplorer Mambo/Joomla!
CVE-2008-1847 (SQL injection vulnerability in view.php in CoronaMatrix phpAddressBook ...)
	NOT-FOR-US: phpAddressBook
CVE-2008-1846 (The default configuration of SAP NetWeaver before 7.0 SP15 does not ...)
	NOT-FOR-US: SAP
CVE-2008-1845 (The Korn shell (aka mksh) before R33d on MirOS (aka MirBSD) does not ...)
	- mksh 33.4-1 (low)
	[etch] - mksh 28.0-3
CVE-2008-1844 (SQL injection vulnerability in cat.php in W2B phpHotResources allows ...)
	NOT-FOR-US: W2B phpHotResources
CVE-2008-1843 (SQL injection vulnerability in browse.php in W2B DatingClub (aka ...)
	NOT-FOR-US: W2B DatingClub
CVE-2008-1842 (Integer signedness error in ovspmd.exe in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2008-1841 (SQL injection vulnerability in the session handling functionality in ...)
	NOT-FOR-US: Coppermine
CVE-2008-1840 (SQL injection vulnerability in upload.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine
CVE-2008-1839 (Multgiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2008-1838 (SQL injection vulnerability in BosClassifieds Classified Ads System ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1836 (The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...)
	- clamav <not-affected> (Vulnerable code introduced later, checked back with upstream)
CVE-2008-1834 (swfdec_load_object.c in Swfdec before 0.6.4 does not properly restrict ...)
	- swfdec0.6 0.6.4-1 (low)
	- swfdec0.5 <removed> (low; bug #477037)
CVE-2008-1833 (Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1.1 (medium; bug #476694)
CVE-2007-6713 (Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown ...)
	NOT-FOR-US: Flip4Mac
CVE-2007-6714 (DBMail before 2.2.9, when using authldap with an LDAP server that ...)
	- dbmail 2.2.9
CVE-2008-1878 (Stack-based buffer overflow in the demux_nsf_send_chunk function in ...)
	{DSA-1586-1 DTSA-128-1}
	- xine-lib 1.1.12-2 (medium; bug #476990)
	NOTE: not patched but disabled in testing/unstable
CVE-2008-1831 (Multiple unspecified vulnerabilities in the Siebel SimBuilder ...)
	NOT-FOR-US: Oracle Siebel Enterprise
CVE-2008-1830 (Unspecified vulnerability in the PeopleSoft HCM ePerformance component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1829 (Unspecified vulnerability in the PeopleSoft HCM Recruiting component ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1828 (Unspecified vulnerability in the PeopleSoft PeopleTools component in ...)
	NOT-FOR-US: Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne
CVE-2008-1827 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1826 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2008-1825 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1824 (Unspecified vulnerability in the Oracle Dynamic Monitoring Service ...)
	NOT-FOR-US: Oracle
CVE-2008-1823 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1822 (Unspecified vulnerability in the Oracle Application Express component ...)
	NOT-FOR-US: Oracle
CVE-2008-1821 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1820 (Unspecified vulnerability in the Data Pump component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1819 (Unspecified vulnerability in the Oracle Net Services component in ...)
	NOT-FOR-US: Oracle
CVE-2008-1818 (Unspecified vulnerability in the Authentication component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-1817 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1816 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2008-1815 (Unspecified vulnerability in the Change Data Capture component in ...)
	NOT-FOR-US: Oracle
CVE-2008-1814 (Unspecified vulnerability in the Oracle Secure Enterprise Search or ...)
	NOT-FOR-US: Oracle
CVE-2008-1813 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-1812 (Unspecified vulnerability in the Oracle Enterprise Manager component ...)
	NOT-FOR-US: Oracle
CVE-2008-1811 (Unspecified vulnerability in Oracle Application Express 3.0.1 has ...)
	NOT-FOR-US: Oracle
CVE-2008-1810 (Untrusted search path vulnerability in dbmsrv in SAP MaxDB 7.6.03.15 ...)
	NOT-FOR-US: SAP MaxDB
CVE-2008-1809 (Heap-based buffer overflow in Novell eDirectory 8.7.3 before ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1808 (Multiple off-by-one errors in FreeType2 before 2.3.6 allow ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (low; bug #485841)
CVE-2008-1807 (FreeType2 before 2.3.6 allow context-dependent attackers to execute ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1806 (Integer overflow in FreeType2 before 2.3.6 allows context-dependent ...)
	{DSA-1635-1 DTSA-139-1}
	- freetype 2.3.6-1 (medium; bug #485841)
CVE-2008-1805 (Incomplete blacklist vulnerability in Skype 3.6.0.248, and other ...)
	NOT-FOR-US: Skype
CVE-2008-1804 (preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not ...)
	{DTSA-173-1}
	- snort 2.7.0-20 (low; bug #483160)
	[lenny] - snort 2.7.0-20.2 (low; bug #483160)
	[etch] - snort <not-affected> (Only 2.6 and 2.8 are affected)
CVE-2008-1803 (Integer signedness error in the xrealloc function (rdesktop.c) in ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480135)
CVE-2008-1802 (Buffer overflow in the process_redirect_pdu (rdp.c) function in ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480134)
CVE-2008-1801 (Integer underflow in the iso_recv_msg function (iso.c) in rdesktop ...)
	{DSA-1573-1}
	- rdesktop 1.5.0-4+cvs20071006 (bug #480133)
CVE-2008-1800 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: DivXDB
CVE-2008-1799 (Directory traversal vulnerability in thumbnails.php in sabros.us 1.75 ...)
	NOT-FOR-US: sabros.us
CVE-2008-1798 (Directory traversal vulnerability in forum/kietu/libs/calendrier.php ...)
	NOT-FOR-US: Dragoon
CVE-2008-1797 (Unspecified vulnerability in Secure Computing Webwasher 5.30 before ...)
	NOT-FOR-US: Secure Computing Webwasher
CVE-2008-1796 (Comix 3.6.4 creates temporary directories with predictable names, ...)
	- comix 3.6.4-1.1 (unimportant)
	NOTE: only exploitable with insecure umask settings
CVE-2008-1795 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2008-1794 (Multiple cross-site scripting (XSS) vulnerabilities in the Webform ...)
	NOT-FOR-US: Webform Drupal module
CVE-2008-1793 (Multiple cross-site scripting (XSS) vulnerabilities in view.cgi in ...)
	NOT-FOR-US: Smart
CVE-2008-1792 (Cross-site scripting (XSS) vulnerability in the insertion filter in ...)
	NOT-FOR-US: Flickr Drupal module
CVE-2008-1791 (SQL injection vulnerability in ladder.php in My Gaming Ladder 7.5 and ...)
	NOT-FOR-US: My Gaming Ladder
CVE-2008-1790 (Unrestricted file upload vulnerability in iScripts SocialWare allows ...)
	NOT-FOR-US: iScripts
CVE-2008-1789 (SQL injection vulnerability in forum.php in Prozilla Forum allows ...)
	NOT-FOR-US: Prozilla Forum
CVE-2008-1788 (SQL injection vulnerability in directory.php in Prozilla Entertainers ...)
	NOT-FOR-US: Prozilla Entertainers
CVE-2008-1787 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2008-1786 (The DSM gui_cm_ctrls ActiveX control (gui_cm_ctrls.ocx), as used in ...)
	NOT-FOR-US: CA products
CVE-2008-1785 (delete.php in Prozilla Top 100 1.2 allows remote authenticated users ...)
	NOT-FOR-US: Prozilla Top 100
CVE-2008-1784 (Prozilla Topsites 1.0 allows remote attackers to perform ...)
	NOT-FOR-US: Prozilla Topsites
CVE-2008-1783 (Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users ...)
	NOT-FOR-US: Prozilla Reviews
CVE-2008-1782 (phpdemo/viewsource.php in Advanced Software Engineering ChartDirector ...)
	NOT-FOR-US: Advanced Software Engineering ChartDirector
CVE-2008-1837 (libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1835 (ClamAV before 0.93 allows remote attackers to bypass the scanning ...)
	- clamav <not-affected> (Debian doesn't include libunrar since it's non-free)
CVE-2008-1832 (lib/prefs.tcl in Cecilia 2.0.5 allows local users to overwrite ...)
	- cecilia 2.0.5-2.1 (low; bug #476321)
	[etch] - cecilia <no-dsa> (Minor issue)
CVE-2008-1781
	REJECTED
CVE-2008-1780 (Unspecified vulnerability in the labeled networking functionality in ...)
	NOT-FOR-US: Solaris
CVE-2008-1779 (Sun Solaris 8, 9, and 10 allows &quot;remote privileged&quot; users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2008-1778 (Unspecified vulnerability in the floating point context switch ...)
	NOT-FOR-US: Solaris
CVE-2008-1777 (The eDirectory Host Environment service (dhost.exe) in Novell ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-1776 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PhpBlock
CVE-2008-1775 (Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2008-1774 (SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows ...)
	NOT-FOR-US: Pligg
CVE-2008-1773 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
	NOT-FOR-US: Dragoon
CVE-2008-1772 (iScripts SocialWare stores passwords in cleartext in a database, which ...)
	NOT-FOR-US: iScripts SocialWare
CVE-2008-1771 (Integer overflow in the ws_getpostvars function in Firefly Media ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.3 (medium; bug #476241)
CVE-2008-1770 (CRLF injection vulnerability in Akamai Download Manager ActiveX ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2008-1769 (VLC before 0.8.6f allow remote attackers to cause a denial of service ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (low; bug #478140)
CVE-2008-1768 (Multiple integer overflows in VLC before 0.8.6f allow remote attackers ...)
	{DSA-1819-1 DTSA-125-1}
	- vlc 0.8.6.e-2.1 (medium; bug #478140)
CVE-2008-1767 (Buffer overflow in pattern.c in libxslt before 1.1.24 allows ...)
	{DSA-1589-1}
	- libxslt 1.1.24-1 (bug #482664)
CVE-2008-1766 (Multiple unspecified vulnerabilities in phpBB before 3.0.1 have ...)
	- phpbb3 3.0.1-1 (low)
	- phpbb2 <not-affected> (Vulnerable code not present)
CVE-2008-1765 (Buffer overflow in Adobe Photoshop Album Starter Edition 3.2, and ...)
	NOT-FOR-US: Adobe
CVE-2008-1764 (Unspecified vulnerability in Opera before 9.27 has unknown impact and ...)
	NOT-FOR-US: Opera
CVE-2008-1763 (SQL injection vulnerability in _blogadata/include/sond_result.php in ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1762 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1761 (Opera before 9.27 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2008-1760 (Multiple PHP remote file inclusion vulnerabilities in Blogator-script ...)
	NOT-FOR-US: Blogator-script
CVE-2008-1759 (SQL injection vulnerability in the jeuxflash module for KwsPHP allows ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1758 (SQL injection vulnerability in the ConcoursPhoto module for KwsPHP ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1757 (Cross-site scripting (XSS) vulnerability in index.php in the ...)
	NOT-FOR-US: KwsPHP
CVE-2008-1756 (Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine ...)
	NOT-FOR-US: Sun
CVE-2008-1755 (Directory traversal vulnerability in the showSource function in ...)
	NOT-FOR-US: World of Phaos
CVE-2008-1754 (Symantec Altiris Deployment Solution before 6.9.164 stores the ...)
	NOT-FOR-US: Symantec
CVE-2008-1753 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1752 (ezRADIUS 0.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: ezRADIUS
CVE-2008-1751 (Multiple directory traversal vulnerabilities in index.php in Ksemail ...)
	NOT-FOR-US: Ksemail
CVE-2008-1750 (SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and ...)
	NOT-FOR-US: LiveCart
CVE-2008-1749 (Memory leak in Cisco Content Switching Module (CSM) 4.2(3) up to ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1748 (Cisco Unified Communications Manager 4.1 before 4.1(3)SR7, 4.2 before ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1747 (Unspecified vulnerability in Cisco Unified Communications Manager 4.1 ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1746 (The SNMP Trap Agent service in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1745 (Cisco Unified Communications Manager (CUCM) 5.x before 5.1(2) and 6.x ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1744 (The Certificate Authority Proxy Function (CAPF) service in Cisco ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1743 (Memory leak in the Certificate Trust List (CTL) Provider service in ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1742 (Memory leak in the Certificate Trust List (CTL) Provider service in ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1741 (The SIP Proxy (SIPD) service in Cisco Unified Presence before 6.0(3) ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1740 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
	NOT-FOR-US: Cisco firmware
CVE-2008-1739 (Apple QuickTime before 7.4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1738 (Rising Antivirus 2008 before 20.38.20 allows local users to cause a ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1737 (Sophos Anti-Virus 7.0.5, and other 7.x versions, when Runtime ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2008-1736 (Comodo Firewall Pro before 3.0 does not properly validate certain ...)
	NOT-FOR-US: Comodo Firewall
CVE-2008-1735 (BitDefender Antivirus 2008 20080118 and earlier allows local users to ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2008-1734 (Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux ...)
	NOT-FOR-US: PHP Toolkit (Gentoo specific)
CVE-2008-1733 (SQL injection vulnerability in puarcade.class.php 2.2 and earlier in ...)
	NOT-FOR-US: Joomla component Pragmatic Utopia PU Arcade
CVE-2008-1732 (SQL injection vulnerability in showpredictionsformatch.php in ...)
	NOT-FOR-US: Prediction Football
CVE-2008-1731 (The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not ...)
	NOT-FOR-US: Drupal module Simple Access
CVE-2008-1730 (Directory traversal vulnerability in download.html in ARWScripts ...)
	NOT-FOR-US: ARWScripts Gallery Script Lite
CVE-2008-1729 (The menu system in Drupal 6 before 6.2 has incorrect menu settings, ...)
	NOT-FOR-US: Drupal 6 (not packaged yet)
CVE-2008-1728 (ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows ...)
	NOT-FOR-US: Ignite Realtime Openfire
CVE-2008-1727 (KnowledgeQuest 2.5 and 2.6 does not require authentication for access ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1726 (Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6, when ...)
	NOT-FOR-US: KnowledgeQuest
CVE-2008-1725 (The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz ...)
	NOT-FOR-US: ActiveX
CVE-2008-1724 (Stack-based buffer overflow in the IActiveXTransfer.FileTransfer ...)
	NOT-FOR-US: ActiveX
CVE-2008-1723
	RESERVED
CVE-2008-1722 (Multiple integer overflows in (1) filter/image-png.c and (2) ...)
	{DSA-1625-1}
	- cups 1.3.7-2 (medium; bug #476305)
	- cupsys 1.3.7-2 (medium; bug #476305)
CVE-2008-1721 (Integer signedness error in the zlib extension module in Python 2.5.2 ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1719 (Multiple cross-site request forgery (CSRF) vulnerabilities in Nuke ET ...)
	NOT-FOR-US: Nuke ET
CVE-2008-1718 (Buffer overflow in mimesr.dll in Autonomy (formerly Verity) KeyView, ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1717 (WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1716 (Cross-site scripting (XSS) vulnerability in WoltLab Community ...)
	NOT-FOR-US: WoltLab Community Framework
CVE-2008-1715 (SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1714 (SQL injection vulnerability in show.php in FaScript FaPhoto 1.0, when ...)
	NOT-FOR-US: FaScript FaPhoto
CVE-2008-1713 (MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote ...)
	NOT-FOR-US: NoticeWare Email Server
CVE-2008-1712 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mx_blogs
CVE-2008-1711 (Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 stores ...)
	NOT-FOR-US: Terong PHP Photo Gallery
CVE-2008-1710 (Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1709 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-1708 (IBM solidDB 06.00.1018 and earlier does not validate a certain field ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1707 (IBM solidDB 06.00.1018 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1706 (Uncontrolled array index in IBM solidDB 06.00.1018 and earlier allows ...)
	NOT-FOR-US: IBM solidDB
CVE-2008-1705 (Format string vulnerability in the logging function in IBM solidDB ...)
	NOT-FOR-US: IBM solidDB
CVE-2007-6712 (Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux ...)
	{DSA-1588-1}
	- linux-2.6 2.6.26-1
	- linux-2.6.24 <not-affected>
	NOTE: upstream commit 13788ccc41ceea5893f9c747c59bc0b28f2416c2, not present in 2.6.25.x,
	NOTE: but fixed in git, so marking as fixed in 2.6.26-1
CVE-2008-1887 (Python 2.5.2 and earlier allows context-dependent attackers to execute ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1877 (tss 0.8.1 allows local users to read arbitrary files via the -a ...)
	- tss <removed> (medium; bug #475747; bug #475736)
CVE-2008-1720 (Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute ...)
	{DSA-1545-1}
	- rsync 3.0.2-1
	NOTE: Etch is affected (it enables the acl upstream patch)
	NOTE: http://samba.anu.edu.au/rsync/security.html#s3_0_2
CVE-2008-1704 (Multiple buffer overflows in TIBCO Software Enterprise Message Service ...)
	NOT-FOR-US: TIBCO
CVE-2008-1703 (Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, ...)
	NOT-FOR-US: TIBCO
CVE-2008-1702 (Absolute path traversal vulnerability in dload.php in the my_gallery ...)
	NOT-FOR-US: my_gallery plugin for e107
CVE-2008-1701 (Novell NetWare 6.5 allows attackers to cause a denial of service ...)
	NOT-FOR-US: Novell NetWare
CVE-2008-1700 (The Web TransferCtrl Class 8,2,1,4 (iManFile.cab), as used in WorkSite ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1699 (SQL injection vulnerability in permalink.php in Desi Quintans Writer's ...)
	NOT-FOR-US: Desi Quintans Writer's Block CMS
CVE-2008-1698 (Cross-site scripting (XSS) vulnerability in gallery.php in Simple ...)
	NOT-FOR-US: Simple Gallery
CVE-2008-1697 (Stack-based buffer overflow in ovwparser.dll in HP OpenView Network ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-1696 (Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, ...)
	NOT-FOR-US: DaZPHPNews
CVE-2008-1695
	RESERVED
CVE-2008-1694 (vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local ...)
	- emacs21 21.4a+1-5.6 (low; bug #476612)
	[etch] - emacs21 <no-dsa> (Minor issue)
	- emacs22 22.2+2-2 (low; bug #476611)
	- xemacs21 21.4.21-4 (low; bug #476613)
	[etch] - xemacs21 <no-dsa> (Minor issue)
CVE-2008-1693 (The CairoFont::create function in CairoFontEngine.cc in Poppler, ...)
	{DSA-1606-1 DSA-1548-1}
	- xpdf 3.02
	- poppler 0.6.4-1 (bug #476842)
	- kdegraphics <not-affected> (Vulnerable code not present)
	- texlive-bin <not-affected> (code already has the needed fix)
	NOTE: see GfxFont.cc GfxFont::readEmbFontFile, line 362 checks if the font file is
	NOTE: a stream or not. Anyone knows a fixed version?
	- texlive-base <not-affected> (Vulnerable code not present)
	- swftools <not-affected> (Vulnerable file/code not present)
CVE-2008-1692 (Eterm 0.9.4 opens a terminal window on :0 if -display is not specified ...)
	- eterm 0.9.4.0debian1-2.1 (unimportant; bug #473127)
CVE-2008-1691 (Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1690 (WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1689 (Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and ...)
	NOT-FOR-US: SLMail Pro
CVE-2008-1688 (Unspecified vulnerability in GNU m4 before 1.4.11 might allow ...)
	- m4 <unfixed> (unimportant)
	NOTE: The file name is passed through a cmdline argument and m4 doesn't run with
	NOTE: elevated privileges.
CVE-2008-1687 (The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before ...)
	- m4 <unfixed> (unimportant)
	NOTE: This is more a generic bug and not a security issue: the random output would
	NOTE: need to match the name of an existing macro
CVE-2008-1686 (Array index vulnerability in Speex 1.1.12 and earlier, as used in ...)
	{DSA-1586-1 DSA-1585-1 DSA-1584-1 DTSA-127-1 DTSA-128-1 DTSA-129-1}
	- speex 1.2~beta2-1 (medium)
	- libfishsound 0.7.0-2.2 (medium; bug #475152)
	- xine-lib 1.1.12-1 (medium)
CVE-2008-1685 (** DISPUTED ** ...)
	- gcc-4.3 4.3.1-1 (bug #482698; unimportant)
	NOTE: dup of CVE-2006-1902 which is fixed in Debian?
CVE-2008-1684 (inetd on Sun Solaris 10, when debug logging is enabled, allows local ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1683
	REJECTED
CVE-2008-1682 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: com_onlineflashquiz component for Joomla!
CVE-2008-1681 (Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 ...)
	NOT-FOR-US: IBM DB2IBM DB2
CVE-2008-1680 (PHP-Nuke Platinum 7.6.b.5 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1679 (Multiple integer overflows in imageop.c in Python before 2.5.3 allow ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.5-2
	- python2.5 2.5.2-3
CVE-2008-1678 (Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c ...)
	{DTSA-131-1}
	- apache2 2.2.8-4
	[etch] - apache2 <not-affected> (only a problem with openssl 0.9.8f or later)
	NOTE: https://issues.apache.org/bugzilla/show_bug.cgi?id=44975
CVE-2008-1677 (Buffer overflow in the regular expression handler in Red Hat Directory ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-1676 (Red Hat PKI Common Framework (rhpki-common) in Red Hat Certificate ...)
	NOT-FOR-US: Red Hat Issue
CVE-2008-1675 (The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux ...)
	- linux-2.6 2.6.25-2 (low)
	[etch] - linux-2.6 <not-affected> (Tehuti driver not in 2.6.18)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: Fixed in 2.6.24.6 and 2.6.25.1
CVE-2008-1674
	REJECTED
CVE-2008-1673 (The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 ...)
	{DSA-1592-1}
	- linux-2.6 2.6.25-5 (bug #485944)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1672 (OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-1671 (start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, ...)
	{DSA-1867-1}
	- kdelibs 4:3.5.9.dfsg.1-4 (low; bug #478024)
	[etch] - kdelibs <no-dsa> (Minor issue)
CVE-2008-1670 (Heap-based buffer overflow in the progressive PNG Image loader ...)
	- kdelibs <not-affected> (Vulnerable code introduce in kde 4.0)
	- kde4libs 4:4.0.72-1 (bug #478283)
CVE-2008-1669 (Linux kernel before 2.6.25.2 does not apply a certain protection ...)
	{DSA-1575-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
	NOTE: 0b2bac2f1ea0d33a3621b27ca68b9ae760fca2e9, fixed in 2.6.24.7 and 2.6.25.2
CVE-2008-1668 (ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns ...)
	NOT-FOR-US: wu-ftpd in HP-UX
CVE-2008-1667 (The Probe Builder Service (aka PBOVISServer.exe) in European ...)
	NOT-FOR-US: Probe Builder 2.2
CVE-2008-1666 (Unspecified vulnerability in HP Oracle for OpenView (OfO) 8.1.7, ...)
	NOT-FOR-US: HP Oracle for OpenView
CVE-2008-1665 (Multiple unspecified vulnerabilities in HP Select Identity (HPSI) ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-1664 (Unspecified vulnerability in libc on HP HP-UX B.11.23 and B.11.31 ...)
	NOT-FOR-US: HP HP-UX
CVE-2008-1663 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2008-1662 (Unspecified vulnerability in the HP System Administration Manager ...)
	NOT-FOR-US: HP System Administration Manager
CVE-2008-1661 (Stack-based buffer overflow in DoubleTake.exe in HP StorageWorks ...)
	NOT-FOR-US: HP StorageWorks
CVE-2008-1660 (Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and ...)
	NOT-FOR-US: HP-UX
CVE-2008-1659 (Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 ...)
	NOT-FOR-US: HP LDAP-UX
CVE-2008-1658 (Format string vulnerability in the grant helper ...)
	- policykit-1 0.8-1 (medium; bug #476615; bug #476616)
CVE-2008-1657 (OpenSSH 4.4 up to versions before 4.9 allows remote authenticated ...)
	- openssh 1:4.7p1-8 (low; bug #475156)
	[etch] - openssh <not-affected> (Vulnerable functionality was introduced in 4.4)
CVE-2008-1656 (Adobe ColdFusion 8 and 8.0.1 does not properly implement the public ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1655 (Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier, ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2008-1654 (Interaction error between Adobe Flash and multiple Universal Plug and ...)
	- flashplugin-nonfree 1:1.4
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2008-1653 (Directory traversal vulnerability in index.php in Sava's Link Manager ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1652 (Directory traversal vulnerability in the _serve_request_multiple ...)
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1651 (Directory traversal vulnerability in admin/login.php in EasyNews 4.0 ...)
	NOT-FOR-US: EasyNews
CVE-2008-1650 (SQL injection vulnerability in dynamicpages/index.php in EasyNews 4.0 ...)
	NOT-FOR-US: EasyNews
CVE-2008-1649 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: EasyNews
CVE-2008-1648 (Sympa before 5.4 allows remote attackers to cause a denial of service ...)
	{DSA-1600-1}
	- sympa 5.3.4-4 (medium; bug #475163)
CVE-2008-1647 (The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ...)
	NOT-FOR-US: ChilkatHttp
CVE-2008-1646 (SQL injection vulnerability in wp-download.php in the WP-Download 1.2 ...)
	NOT-FOR-US: WP-Download plugin for WordPress
CVE-2008-1645 (Directory traversal vulnerability in body.php in phpSpamManager ...)
	NOT-FOR-US: phpSpamManager
CVE-2008-1644 (SQL injection vulnerability in viewlinks.php in Sava's Link Manager ...)
	NOT-FOR-US: Sava's Link Manager
CVE-2008-1643 (Directory traversal vulnerability in the PXE TFTP Service ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2008-1642 (Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 ...)
	NOT-FOR-US: Sava's GuestBook
CVE-2008-1641 (SQL injection vulnerability in default.asp in EfesTECH Video 5.0 ...)
	NOT-FOR-US: EfesTECH Video
CVE-2008-1640 (SQL injection vulnerability in jgs_treffen.php in the JGS-XA ...)
	NOT-FOR-US: JGS-Treffen
CVE-2008-1639 (SQL injection vulnerability in index.php in Neat weblog 0.2 allows ...)
	NOT-FOR-US: Neat weblog
CVE-2008-1638 (Nik Sharpener Pro, possibly 2.0, uses world-writable permissions for ...)
	NOT-FOR-US: Nik Sharpener Pro
CVE-2008-1637 (PowerDNS Recursor before 3.1.5 uses insufficient randomness to ...)
	{DSA-1544-2 DSA-1544-1}
	- pdns-recursor 3.1.7-1
	NOTE: Fix in 3.1.5 was incomplete, see CVE-2008-3217
CVE-2008-1636 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Quick ...)
	NOT-FOR-US: JV2 Quick Gallery
CVE-2008-1635 (Directory traversal vulnerability in view_private.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book
CVE-2008-1634 (Cross-site scripting (XSS) vulnerability in index.php in JV2 Folder ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2008-1633 (Unspecified vulnerability in Mondo Rescue before 2.2.5 has unknown ...)
	- mondo 1:2.2.7-1 (bug #475221)
CVE-2008-1632 (Multiple SQL injection vulnerabilities in CuteFlow 2.10.0 allow remote ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1631 (SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1630 (Multiple cross-site scripting (XSS) vulnerabilities in CuteFlow 1.5.0 ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1629 (Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows ...)
	NOT-FOR-US: PHPkrm
CVE-2008-1628 (Stack-based buffer overflow in the audit_log_user_command function in ...)
	{DTSA-123-1}
	- audit 1.5.3-2.1 (medium; bug #475227)
	NOTE: auditd runs as root
CVE-2008-1627 (CDS Invenio 0.92.1 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: CDS Invenio
CVE-2008-1626 (SQL injection vulnerability in eggBlog before 4.0.1 allows remote ...)
	NOT-FOR-US: eggBlog
CVE-2008-1625 (aavmker4.sys in avast! Home and Professional 4.7 for Windows does not ...)
	NOT-FOR-US: avast! Home and Professional
CVE-2008-1624 (Directory traversal vulnerability in v2demo/page.php in Jshop Server ...)
	NOT-FOR-US: Jshop Server
CVE-2008-1623 (SQL injection vulnerability in admin_view_image.php in Smoothflash ...)
	NOT-FOR-US: Smoothflash
CVE-2008-1622 (Multiple PHP remote file inclusion vulnerabilities in GeeCarts allow ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1621 (Multiple cross-site scripting (XSS) vulnerabilities in GeeCarts allow ...)
	NOT-FOR-US: GeeCarts
CVE-2008-1620 (Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) ...)
	NOT-FOR-US: ThinClientServer
CVE-2008-1619 (The ssm_i emulation in Xen 5.1 on IA64 architectures allows attackers ...)
	- xen-3 <not-affected> (Debian Xen does not support ia64)
	- xen-unstable <not-affected> (Debian Xen does not support ia64)
	- xen-3.0 <not-affected> (Debian Xen does not support ia64)
CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing ...)
	NOT-FOR-US: Watchguard Firebox
CVE-2008-1617 (Double free vulnerability in Web TransferCtrl Class 8,2,1,4 ...)
	NOT-FOR-US: WorkSite Web
CVE-2008-1616
	RESERVED
CVE-2008-1615 (Linux kernel 2.6.18, and possibly other versions, when running on ...)
	{DSA-1588-1}
	- linux-2.6 2.6.25-1 (medium; bug #480390)
	- linux-2.6.24 2.6.24-6~etchnhalf.3
CVE-2008-1614 (suPHP before 0.6.3 allows local users to gain privileges via (1) a ...)
	{DSA-1550-1 DTSA-124-1}
	- suphp 0.6.2-2.1 (low; bug #475431)
CVE-2008-1613 (SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build ...)
	NOT-FOR-US: RedDot CMS
CVE-2008-1612 (The arrayShrink function (lib/Array.c) in Squid 2.6.STABLE17 allows ...)
	{DSA-1646-2}
	- squid 2.6.18-1 (medium)
CVE-2008-1611 (Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows ...)
	NOT-FOR-US: TFTP Server for Windows
CVE-2008-1610 (Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 ...)
	NOT-FOR-US: TFTP Server Pro
CVE-2008-1609 (Multiple PHP remote file inclusion vulnerabilities in just another ...)
	NOT-FOR-US: JAF CMS
CVE-2008-1608 (SQL injection vulnerability in postview.php in Clever Copy 3.0 allows ...)
	NOT-FOR-US: Clever Copy
CVE-2008-1607 (SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba ...)
	NOT-FOR-US: Serbay Arslanhan Bomba Haber
CVE-2008-1606 (Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 ...)
	NOT-FOR-US: Elastic Path
CVE-2008-1605 (The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ...)
	NOT-FOR-US: LEADTOOLS
CVE-2008-1604 (Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 ...)
	NOT-FOR-US: PerlMailer
CVE-2008-1603 (Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 ...)
	NOT-FOR-US: GNB DesignForm
CVE-2008-1602 (Stack-based buffer overflow in Orbit downloader 2.6.3 and 2.6.4 allows ...)
	NOT-FOR-US: Orbit downloader
CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...)
	- spamassassin 3.1.7-2
CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI ...)
	NOT-FOR-US: CGI City CC Guestbook
CVE-2008-1601 (Stack-based buffer overflow in the reboot program on IBM AIX 5.2 and ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1600 (The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1599 (The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1598 (The kernel in IBM AIX 6.1 allows local users with ProbeVue privileges ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1597 (The WPAR system call implementation in the kernel in IBM AIX 6.1 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1596 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1595 (The proc filesystem in the kernel in IBM AIX 5.2 and 5.3 does not ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1594 (The kernel in IBM AIX 5.2 and 5.3 does not properly handle resizing ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1593 (The checkpoint and restart feature in the kernel in IBM AIX 5.2, 5.3, ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1592 (MQSeries 5.1 in IBM WebSphere MQ 5.1 through 5.3.1 on the HP NonStop ...)
	NOT-FOR-US: IBM WebSphere
CVE-2008-1591 (The pnVarPrepForStore function in PostNuke 0.764 and earlier skips ...)
	NOT-FOR-US: PostNuke
CVE-2008-1590 (JavaScriptCore in WebKit on Apple iPhone before 2.0 and iPod touch ...)
	NOT-FOR-US: iPhone
CVE-2008-1589 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 ...)
	NOT-FOR-US: iPhone
CVE-2008-1588 (Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows ...)
	- webkit <not-affected> (mac-specific issue)
	NOTE: http://trac.webkit.org/changeset/23963
	NOTE: as of 1.1.21, all mac-specific code is no longer even present
CVE-2008-1587
	RESERVED
CVE-2008-1586 (ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod ...)
	NOT-FOR-US: Apple ImageIO
CVE-2008-1585 (Apple QuickTime before 7.5 uses the url.dll!FileProtocolHandler ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1584 (Stack-based buffer overflow in Indeo.qtx in Apple QuickTime before 7.5 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1583 (Heap-based buffer overflow in Apple QuickTime before 7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1582 (Unspecified vulnerability in Apple QuickTime before 7.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1581 (Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1580 (CFNetwork in Safari in Apple Mac OS X before 10.5.3 automatically ...)
	NOT-FOR-US: CFNetwork Safari Apple Mac OS
CVE-2008-1579 (Wiki Server in Apple Mac OS X 10.5 before 10.5.3 allows remote ...)
	NOT-FOR-US: Wiki Server Apple Mac OS
CVE-2008-1578 (The sso_util program in Single Sign-On in Apple Mac OS X before 10.5.3 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1577 (Unspecified vulnerability in the Pixlet codec in Apple Pixlet Video in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1576 (Mail in Apple Mac OS X before 10.5, when an IPv6 SMTP server is used, ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1575 (Unspecified vulnerability in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1574 (Integer overflow in ImageIO in Apple Mac OS X before 10.5.3 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1573 (The BMP and GIF image decoding engine in ImageIO in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1572 (Image Capture in Apple Mac OS X before 10.5 does not properly use ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1571 (Directory traversal vulnerability in the embedded web server in Image ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-1566 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-1565 (Directory traversal vulnerability in forum/irc/irc.php in the PJIRC ...)
	NOT-FOR-US: PJIRC module for phpBB
CVE-2008-1564 (Directory traversal vulnerability in Dan Costin File Transfer before ...)
	NOT-FOR-US: Dan Costin File Transfer
CVE-2008-1563 (The &quot;decode as&quot; feature in packet-bssap.c in the SCCP dissector in ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.6 to 0.99.8 are affected)
CVE-2008-1562 (The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through ...)
	- wireshark <not-affected> (Only Windows builds are affected according to #1613)
CVE-2008-1561 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
	- wireshark 1.0.0-1 (low)
	[etch] - wireshark <not-affected> (Only 0.99.5 to 0.99.8 are affected)
CVE-2008-1560 (Multiple cross-site scripting (XSS) vulnerabilities in Digiappz ...)
	NOT-FOR-US: Digiappz DigiDomain
CVE-2008-1559 (SQL injection vulnerability in the Bernard Gilly AlphaContent ...)
	NOT-FOR-US: com_alphacontent component for Joomla!
CVE-2008-1558 (Uncontrolled array index in the sdpplin_parse function in ...)
	{DSA-1552-1 DTSA-121-1}
	- mplayer 1.0~rc2-10 (medium; bug #473056)
CVE-2008-1557 (BolinOS 4.6.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: BolinOS
CVE-2008-1556 (Multiple cross-site scripting (XSS) vulnerabilities in BolinOS 4.6.1 ...)
	NOT-FOR-US: BolinOS
CVE-2008-1555 (Directory traversal vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2008-1554 (SQL injection vulnerability in account/index.php in TopperMod 2.0, ...)
	NOT-FOR-US: TopperMod
CVE-2008-1553 (Directory traversal vulnerability in mod.php in TopperMod 1.0 allows ...)
	NOT-FOR-US: TopperMod
CVE-2008-1552 (The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) ...)
	- silc-toolkit 1.1.7-1 (low)
	- silc-client <not-affected> (links against libsilc)
	NOTE: this can't result code execution but only in a crash as data_len - i always results
	NOTE: in -1 and malloc will never succeed and thus not reaching any free
CVE-2008-1551 (SQL injection vulnerability in viewcat.php in the Photo 3.02 module ...)
	NOT-FOR-US: RunCMS
CVE-2008-1550 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CubeCart
CVE-2008-1549 (Multiple SQL injection vulnerabilities in Aeries Browser Interface ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1548 (Multiple cross-site scripting (XSS) vulnerabilities in Aeries Browser ...)
	NOT-FOR-US: Eagle Software Aries Student Information System
CVE-2008-1547 (Open redirect vulnerability in exchweb/bin/redir.asp in Microsoft ...)
	NOT-FOR-US: Outlook
CVE-2008-1546 (servlet/MIMEReceiveServlet in the web controller for Mitsubishi ...)
	NOT-FOR-US: Mitsubishi Electric GB-50 and GB-50A air-conditioning control systems
CVE-2008-1545 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1544 (The setRequestHeader method of the XMLHttpRequest object in Microsoft ...)
	NOT-FOR-US: Microsoft IE7
CVE-2008-1543 (The Advanced User Interface Pages in the ProST Web Management ...)
	NOT-FOR-US: Airspan WiMAX ProST
CVE-2008-1542 (Airspan Base Station Distribution Unit (BSDU) has &quot;topsecret&quot; as its ...)
	NOT-FOR-US: BSDU
CVE-2008-1541 (Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS ...)
	NOT-FOR-US: HIS Webshop
CVE-2008-1540 (SQL injection vulnerability in the Datsogallery (com_datsogallery) ...)
	NOT-FOR-US: com_datsogallery module for Joomla!
CVE-2008-1539 (SQL injection vulnerability in includes/dynamic_titles.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke Platinum
CVE-2008-1538 (Cross-site scripting (XSS) vulnerability in searchAction.do in ...)
	NOT-FOR-US: ManageEngine EventLog Analyzer
CVE-2008-1537 (Directory traversal vulnerability in pb_inc/admincenter/index.php in ...)
	NOT-FOR-US: PowerScripts PowerBook
CVE-2008-1536 (Cross-site scripting (XSS) vulnerability in index.php in Pictures Pro ...)
	NOT-FOR-US: Photo Cart
CVE-2008-1535 (SQL injection vulnerability in the Matti Kiviharju rekry (aka ...)
	NOT-FOR-US: com_rekry component for Joomla!
CVE-2008-1534 (Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b ...)
	NOT-FOR-US: PowerPHPBoard
CVE-2008-1533 (Unspecified vulnerability in the XML-RPC Blogger API plugin in Joomla! ...)
	NOT-FOR-US: Joomla
CVE-2008-1532 (Perlbal before 1.70, when buffered upload is enabled, allows remote ...)
	- perlbal <not-affected> (Fixed before initial upload to archive)
CVE-2008-1531 (The connection_state_machine function (connections.c) in lighttpd ...)
	{DSA-1540-1}
	- lighttpd 1.4.19-2 (low; bug #475438)
CVE-2005-4874 (The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE ...)
	- iceweasel <not-affected> (old version and CVE)
CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ScozNet ScozBook
CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ...)
	NOT-FOR-US: ScozNet ScozBook
CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores ...)
	NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System
CVE-2008-1570 (Race condition in the create_lockpath function in policyd-weight ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
	NOTE: http://www.mail-archive.com/policyd-weight-list%40ek-muc.de/msg00798.html
CVE-2008-1569 (policyd-weight 0.1.14 beta-16 and earlier allows local users to modify ...)
	{DSA-1531-2}
	- policyd-weight 0.1.14.17-1 (low)
CVE-2008-1568 (comix 3.6.4 allows attackers to execute arbitrary commands via a ...)
	- comix 3.6.4-1.1 (low; bug #462840)
	[etch] - comix <no-dsa> (Minor issue)
	NOTE: comix can't be used in a non-interactive setup thus the impact level
CVE-2008-1567 (phpMyAdmin before 2.11.5.1 stores the MySQL (1) username and (2) ...)
	{DSA-1557-1}
	- phpmyadmin 2.11.5.1
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2008-2
	NOTE: It is a workaround for the limited security that PHP has for
	NOTE: session files on a shared host. This limitation is documented with
	NOTE: PHP, warned against and not a specific vulnerability in phpMyAdmin.
	NOTE: I hence consider it a security enhancement/feature, not a vulnerability.
CVE-2008-1530 (GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial ...)
	- gnupg <not-affected> (Only 1.4.8 is affected)
	NOTE: The next upload was 1.4.9-1, so no vulnerable version was ever in the
	NOTE: archive
	[etch] - gnupg <not-affected> (Only 1.4.8 is affected)
	[sarge] - gnupg <not-affected> (Only 1.4.8 is affected)
	- gnupg2 2.0.9-1 (bug #472928)
	[etch] - gnupg2 <not-affected> (Only 2.0.8 is affected)
	[sarge] - gnupg2 <not-affected> (Only 2.0.8 is affected)
CVE-2008-1529 (ZyXEL Prestige routers have a minimum password length for the admin ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1528 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1527 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1526 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1525 (The default SNMP configuration on ZyXEL Prestige routers, including ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1524 (The SNMP service on ZyXEL Prestige routers, including P-660 and P-661 ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1523 (ZyXEL Prestige routers, including P-660, P-661, and P-662 models with ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1522 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1521 (ZyXEL Prestige routers, including P-660 and P-661 models with firmware ...)
	NOT-FOR-US: ZyXEL Prestige router firmware
CVE-2008-1520
	RESERVED
CVE-2008-1519
	RESERVED
CVE-2008-1518 (Stack-based buffer overflow in kl1.sys in Kaspersky Anti-Virus 6.0 and ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2008-1517 (Array index error in the xnu (Mach) kernel in Apple Mac OS X 10.5 ...)
	NOT-FOR-US: Apple Mac OS X xnu Kernel
CVE-2008-1516
	RESERVED
CVE-2008-1515 (The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 ...)
	- otrs2 2.2.5-2
	[etch] - otrs2 <not-affected> (Vulnerable code not present)
	[etch] - otrs <not-affected> (Vulnerable code not present)
	[sarge] - otrs <not-affected> (Vulnerable code not present)
	NOTE: http://packages.qa.debian.org/o/otrs2/news/20080320T211729Z.html
CVE-2008-1514 (arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions ...)
	{DSA-1655-1 DSA-1653-1}
	- linux-2.6 2.6.26-8
	NOTE: s390 specific issue, counterpart for x86 not reproducible with 2.6.24 here
CVE-2008-1513 (SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and ...)
	NOT-FOR-US: Danneo CMS
CVE-2008-1512 (Directory traversal vulnerability in admin/admin_xs.php in eXtreme ...)
	NOT-FOR-US: XS module for phpBB
CVE-2008-1511 (Multiple PHP remote file inclusion vulnerabilities in ooComments 1.0 ...)
	NOT-FOR-US: ooComments
CVE-2008-1510 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Alkacon OpenCMS
CVE-2008-1509 (SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier ...)
	NOT-FOR-US: XLPortal
CVE-2008-1508 (SQL injection vulnerability in EfesTech E-Kont&#246;r and earlier allows ...)
	NOT-FOR-US: EfesTech E-Kontoer
CVE-2008-1507 (PEEL, possibly 3.x and earlier, has (1) a default info@peel.fr account ...)
	NOT-FOR-US: Peel
CVE-2008-1506 (PEEL, possibly 3.x and earlier, allows remote attackers to obtain ...)
	NOT-FOR-US: Peel
CVE-2008-1505 (PHP remote file inclusion vulnerability in the SSTREAMTV custompages ...)
	NOT-FOR-US: com_custompages component for Joomla!
CVE-2008-1504 (Cross-site scripting (XSS) vulnerability in setup.php3 in phpHeaven ...)
	NOT-FOR-US: phpMyChat
CVE-2008-1503 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-1501 (The send_user_mode function in s_user.c in (1) Undernet ircu ...)
	- ircd-ircu <not-affected> (Vulnerable code not present)
	NOTE: vulnerable code introduced later than 2.0.12.10, see: http://hg.quakenet.org/snircd/rev/1ee48bee2f20
	NOTE: no other possible NULL ptr dereferences of p found and PoC not reproducible
CVE-2008-1500 (Cross-site scripting (XSS) vulnerability in index.php in TinyPortal ...)
	NOT-FOR-US: TinyPortal
CVE-2008-1499 (Cross-site scripting (XSS) vulnerability in frontend/x/manpage.html in ...)
	NOT-FOR-US: cPanel
CVE-2008-1498 (Stack-based buffer overflow in the IMAP service in NetWin Surgemail ...)
	NOT-FOR-US: Surgemail
CVE-2008-1497 (Stack-based buffer overflow in the IMAP service in NetWin SurgeMail ...)
	NOT-FOR-US: Surgemail
CVE-2008-1496 (Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and ...)
	NOT-FOR-US: PEEL
CVE-2008-1495 (Unrestricted file upload vulnerability in administrer/produits.php in ...)
	NOT-FOR-US: PEEL
CVE-2008-1494 (SQL injection vulnerability in inc/module/online.php in Easy-Clanpage ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1493 (Directory traversal vulnerability in login.php in Cuteflow Bin 1.5.0 ...)
	- cuteflow <itp> (bug #465372)
CVE-2008-1492 (Multiple directory traversal vulnerabilities in CoronaMatrix ...)
	NOT-FOR-US: CoronaMatrix
CVE-2008-1491 (Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ...)
	NOT-FOR-US: ASUS Remote Console
CVE-2008-1490 (Buffer overflow in a certain Aurigma ActiveX control in ...)
	NOT-FOR-US: ImageUploader4
CVE-2008-1489 (Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC ...)
	{DSA-1543-1 DTSA-119-1}
	- vlc 0.8.6.e-1.1 (medium; bug #472635)
CVE-2008-1488 (Stack-based buffer overflow in apc.c in Alternative PHP Cache (APC) ...)
	- php-apc <not-affected> (Fixed before initial upload)
CVE-2008-1487 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2008-1486 (SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft ...)
	NOT-FOR-US: Phorum
CVE-2008-1485 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.16 and earlier ...)
	NOT-FOR-US: PunBB
CVE-2008-1484 (The password reset feature in PunBB 1.2.16 and earlier uses ...)
	NOT-FOR-US: PunBB
CVE-2008-1483 (OpenSSH 4.3p2, and probably other versions, allows local users to ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-5 (bug #463011)
CVE-2008-1482 (Multiple integer overflows in xine-lib 1.1.11 and earlier allow remote ...)
	{DSA-1586-1 DTSA-120-1}
	- xine-lib 1.1.11.1-1 (medium; bug #472639)
CVE-2008-1481 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2008-1480 (rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1479 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: cfnetgs
CVE-2008-1478 (Home FTP Server 1.4.5.89 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Home FTP Server
CVE-2008-1477 (Multiple cross-site scripting (XSS) vulnerabilities in busca.php in ...)
	NOT-FOR-US: eForum
CVE-2008-1475 (The xml-rpc server in Roundup 1.4.4 does not check property ...)
	- roundup 1.4.4-1.1 (medium; bug #484728)
	[etch] - roundup <not-affected> (xml-rpc code introduced in 1.4.0)
CVE-2008-1474 (Multiple unspecified vulnerabilities in Roundup before 1.4.4 have ...)
	{DSA-1554-1}
	- roundup 1.3.3-3.1 (low; bug #472643)
CVE-2008-1473 (The Altiris Client Service (AClient.exe) in Symantec Altiris ...)
	NOT-FOR-US: Symantec Altiris
CVE-2008-1472 (Stack-based buffer overflow in the ListCtrl ActiveX Control ...)
	NOT-FOR-US: ARCserve Backup
CVE-2008-1471 (The cpoint.sys driver in Panda Internet Security 2008 and Antivirus+ ...)
	NOT-FOR-US: Panda Internet Security/Antivirus+ Firewall
CVE-2008-1470 (Incomplete blacklist vulnerability in IISWebAgentIF.dll in the WebID ...)
	NOT-FOR-US: WebID RSA Authentication Agent
CVE-2008-1469 (Gallarific Free Edition 1.1 does not require authentication for (1) ...)
	NOT-FOR-US: Gallarific
CVE-2008-1468 (Cross-site scripting (XSS) vulnerability in namazu.cgi in Namazu ...)
	- namazu2 2.0.18-0.1 (low; bug #472644)
CVE-2008-1467 (** DISPUTED ** ...)
	- centerim 4.22.3-1 (unimportant; bug #472649)
	NOTE: the victim needs to list the URLs in the message with F2 and press enter on it
	NOTE: the victim can see the complete URL including the commands however so the impact is really low
CVE-2008-1466 (Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 ...)
	NOT-FOR-US: W-Agora
CVE-2008-1465 (SQL injection vulnerability in the Detodas Restaurante ...)
	NOT-FOR-US: com_restaurante component for Mambo and Joomla!
CVE-2008-1464 (Multiple SQL injection vulnerabilities in Gallarific Free Edition 1.1 ...)
	NOT-FOR-US: Gallarific
CVE-2008-1463 (Cross-site scripting (XSS) vulnerability in the management GUI in ...)
	NOT-FOR-US: Imperva SecureSphere MX Management Server
CVE-2008-1462 (SQL injection vulnerability in the sections (Section) module in RunCMS ...)
	NOT-FOR-US: RunCMS
CVE-2008-1461 (Buffer overflow in XnView 1.92.1 allows user-assisted remote attackers ...)
	NOT-FOR-US: XnView
CVE-2008-1460 (SQL injection vulnerability in the Joovideo (com_joovideo) 1.0 and ...)
	NOT-FOR-US: com_joovideo component for Mambo and Joomla!
CVE-2008-1459 (SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and ...)
	NOT-FOR-US: com_alberghi component for Mambo and Joomla!
CVE-2008-1458 (Cross-site scripting (XSS) vulnerability in index.php in CS-Cart 1.3.2 ...)
	NOT-FOR-US: CS-Cart
CVE-2008-1457 (The Event System in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1456 (Array index vulnerability in the Event System in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows 2000
CVE-2008-1455 (A &quot;memory calculation error&quot; in Microsoft Office PowerPoint 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office PowerPoint
CVE-2008-1454 (Unspecified vulnerability in Microsoft DNS in Windows 2000 SP4, Server ...)
	NOT-FOR-US: Windows issue
CVE-2008-1453 (The Bluetooth stack in Microsoft Windows XP SP2 and SP3, and Vista ...)
	NOT-FOR-US: Windows Xp
CVE-2008-1452
	REJECTED
CVE-2008-1451 (The WINS service on Microsoft Windows 2000 SP4, and Server 2003 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1450
	REJECTED
CVE-2008-1449
	REJECTED
CVE-2008-1448 (The MHTML protocol handler in a component of Microsoft Outlook Express ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2008-1447 (The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, ...)
	{DSA-1605-1 DSA-1604-1 DSA-1623-1 DSA-1619-1 DSA-1617-1 DSA-1603-1 DTSA-147-1}
	- bind9 1:9.5.0.dfsg-5 (high)
	NOTE: glibc stub resolver relies on source port randomisation in kernel
	- dnsmasq 2.43-1 (medium; bug #490123)
	- refpolicy 2:0.0.20080702-1
	- pdnsd 1.2.6-par-11 (bug #502275)
	- python-dns 2.3.1-5 (low; bug #490217)
	- dnspython <unfixed> (unimportant; bug #492465)
	NOTE: Just a stub resolver Linux kernel provides source port randomisation
	- adns 1.4-2 (unimportant; bug #492698)
	NOTE: adns is not suitable to use with untrusted responses, documented in README.Debian
	- udns 0.2-1 (bug #493599)
	- libnet-dns-perl 0.63-2 (low; bug #492700)
	NOTE: Source port randomization from Lenny kernel should provide sufficient protection
	NOTE: since this is just a Perl nodule for DNS queries and not a high-profile server app like
	NOTE: Bind, it's unlikely that a home-grown fix will provide an implementation of higher
	NOTE: cryptographical quality. Marking the version from Lenny as fixed, since Lenny includes
	NOTE: a kernel which provides source port randomization
	- ruby1.9 1.9.0.2-6 (low)
	NOTE: Unbound, djbdns, pdnsd and PowerDNS are affected by the underlying protocol issue, but
	NOTE: already use source port randomization.
	NOTE: Marking non-caching stub resolvers as low since these really should be fixed,
	NOTE: but are much less vulnerable than a caching server.
CVE-2008-1446 (Integer overflow in the Internet Printing Protocol (IPP) ISAPI ...)
	NOT-FOR-US: Microsoft
CVE-2008-1445 (Active Directory on Microsoft Windows 2000 Server SP4, XP Professional ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1444 (Stack-based buffer overflow in Microsoft DirectX 7.0 and 8.1 on ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1443
	REJECTED
CVE-2008-1442 (Heap-based buffer overflow in the substringData method in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1441 (Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1440 (Microsoft Windows XP SP2 and SP3, and Server 2003 SP1 and SP2, does ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-1439
	REJECTED
CVE-2008-1438 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1437 (Unspecified vulnerability in Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft Malware Protection Engine
CVE-2008-1436 (Microsoft Windows XP Professional SP2, Vista, and Server 2003 and 2008 ...)
	NOT-FOR-US: Windows
CVE-2008-1435 (Windows Explorer in Microsoft Windows Vista up to SP1, and Server ...)
	NOT-FOR-US: Windows issue
CVE-2008-1434 (Use-after-free vulnerability in Microsoft Word in Office 2000 and XP ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1433
	REJECTED
CVE-2008-1432 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
	NOT-FOR-US: ManageEngine SupportCenter Plus
CVE-2008-1431 (RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a ...)
	NOT-FOR-US: RaidSonic NAS-4220-B firmware
CVE-2008-1430 (SQL injection vulnerability in links.asp in ASPapp allows remote ...)
	NOT-FOR-US: ASPapp
CVE-2008-1429 (Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows ...)
	- silc-server 1.1.1-1 (medium)
CVE-2008-1428 (Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart ...)
	NOT-FOR-US: Ubercart
CVE-2008-1427 (SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 ...)
	NOT-FOR-US: com_acajoom component for Joomla!
CVE-2008-1426 (SQL injection vulnerability in album.asp in KAPhotoservice allows ...)
	NOT-FOR-US: KAPhotoservice
CVE-2008-1425 (SQL injection vulnerability in index.php in the gallery module in ...)
	NOT-FOR-US: Easy-Clanpage
CVE-2008-1424
	RESERVED
CVE-2008-1423 (Integer overflow in a certain quantvals and quantlist calculation in ...)
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1422
	REJECTED
CVE-2008-1421
	REJECTED
CVE-2008-1420 (Integer overflow in residue partition value (aka partvals) evaluation ...)
	{DSA-1591-1}
	- libvorbisidec <not-affected> (Vulnerable code not present)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1419 (Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero ...)
	{DSA-1591-1}
	- libvorbisidec 1.0.2+svn18153-0.1 (bug #669196)
	[squeeze] - libvorbisidec <no-dsa> (Minor issue, no dev-deps)
	- libvorbis 1.2.0.dfsg-3.1 (bug #482518)
CVE-2008-1418
	RESERVED
CVE-2008-1416 (Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL ...)
	NOT-FOR-US: PHPauction GPL
CVE-2008-1415 (Directory traversal vulnerability in index.php in Multiple Time Sheets ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1414 (Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) ...)
	NOT-FOR-US: Multiple Time Sheets
CVE-2008-1413 (Cross-site scripting (XSS) vulnerability in search.php in SNewsCMS Rus ...)
	NOT-FOR-US: SNewsCMS Rus
CVE-2008-1412 (Unspecified vulnerability in multiple F-Secure anti-virus products, ...)
	NOT-FOR-US: F-Secure anti-virus
CVE-2008-1411 (The PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1410 (Directory traversal vulnerability in the PXE Server (pxesrv.exe) in ...)
	NOT-FOR-US: Acronis Snap Deploy
CVE-2008-1409 (Multiple directory traversal vulnerabilities in the Default theme in ...)
	NOT-FOR-US: Exero CMS
CVE-2008-1408 (SQL injection vulnerability in includes/functions/banners-external.php ...)
	NOT-FOR-US: phpBP
CVE-2008-1407 (SQL injection vulnerability in index.php in the WebChat 1.60 module ...)
	NOT-FOR-US: WebChat module for eXV2
CVE-2008-1406 (SQL injection vulnerability in annonces-p-f.php in the MyAnnonces 1.8 ...)
	NOT-FOR-US: MyAnnonces
CVE-2008-1405 (PHP remote file inclusion vulnerability in code/display.php in ...)
	NOT-FOR-US: fuzzylime
CVE-2008-1404 (SQL injection vulnerability in index.php in the Viso (Industry Book) ...)
	NOT-FOR-US: Viso module for eXV2
CVE-2008-1403 (Stack-based buffer overflow in the TFTP server in BootManage TFTPD ...)
	NOT-FOR-US: BootManage TFTPD
CVE-2008-1402 (MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1401 (Format string vulnerability in the Net Inspector HTTP server (mghttpd) ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1400 (Directory traversal vulnerability in the Net Inspector HTTP Server ...)
	NOT-FOR-US: MG-SOFT Net Inspector
CVE-2008-1399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Clansphere
CVE-2008-1398 (SQL injection vulnerability in online.php in AuraCMS 2.0 through 2.2.1 ...)
	NOT-FOR-US: AuraCMS
CVE-2008-1397 (Check Point VPN-1 Power/UTM, with NGX R60 through R65 and NG AI R55 ...)
	NOT-FOR-US: Check Point VPN
CVE-2008-1396 (Plone CMS 3.x uses invariant data (a client username and a server ...)
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1395 (Plone CMS does not record users' authentication states, and implements ...)
	- plone3 <removed> (low; bug #473571)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1394 (Plone CMS before 3 places a base64 encoded form of the username and ...)
	- zope-cmfplone <removed>
	[etch] - zope-cmfplone <no-dsa> (low)
	NOTE: doesn't apply to v3
	NOTE: more a security enhancement
CVE-2008-1393 (Plone CMS 3.0.5, and probably other 3.x versions, places a base64 ...)
	- plone3 <removed> (low; bug #473571; bug #486333)
	[lenny] - plone3 <no-dsa> (Only an issue if not following best practices, see bug #473571)
CVE-2008-1392 (The default configuration of VMware Workstation 6.0.2, VMware Player ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-6711 (Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, ...)
	NOT-FOR-US: FreeWebShop.org
CVE-2005-4873 (Multiple stack-based buffer overflows in the phpcups PHP module for ...)
	- cups 1.1.23-10sarge1
	- cupsys 1.1.23-10sarge1
CVE-2008-1476 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
	{DSA-1528-1}
	- serendipity 1.3-1
	NOTE: http://blog.s9y.org/archives/192-Serendipity-1.3-released-addresses-security.html
CVE-2008-1502 (The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in ...)
	{DSA-1871-2 DSA-1871-1 DSA-1691-1}
	- egroupware 1.4.002.dfsg-2.1 (bug #471839)
	- wordpress 2.5.0-1 (bug #504243)
	- moodle 1.8.2-1.3 (bug #489533)
CVE-2008-1391 (Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, ...)
	{DSA-2058-1}
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- glibc 2.11-1 (low)
	- eglibc 2.11-1 (low)
	[lenny] - glibc <no-dsa> (minor issue)
	NOTE: not sure if it is a security bug, an attacker should not be able to change the format string
	NOTE: http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=199eb0de8d
	NOTE: http://sourceware.org/bugzilla/show_bug.cgi?id=10600
	NOTE: PoC php -r 'money_format("%.1073741821i",1);' I can reproduce on 32bit, not 64bit
CVE-2008-1390 (The AsteriskGUI HTTP server in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.19.1~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x affected)
CVE-2008-1389 (libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows ...)
	- clamav 0.94.dfsg-1
	[etch] - clamav <not-affected> (parsing does not continue on error)
	NOTE: see <20081203184852.GB30968@l03.local>
CVE-2008-1388
	RESERVED
CVE-2008-1387 (ClamAV before 0.93 allows remote attackers to cause a denial of ...)
	- clamav 0.92.1~dfsg2-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-1386 (Multiple cross-site scripting (XSS) vulnerabilities in the installer ...)
	- serendipity <not-affected> (Vulnerable code not present)
	NOTE: we do not ship the serendipity installer
CVE-2008-1385 (Cross-site scripting (XSS) vulnerability in the Top Referrers (aka ...)
	- serendipity 1.3.1-1 (low)
	NOTE: etch affected, but only in specific plugin.
CVE-2008-1384 (Integer overflow in PHP 5.2.5 and earlier allows context-dependent ...)
	{DSA-1572-1 DTSA-135-1}
	- php5 5.2.6-1
	NOTE: http://securityreason.com/achievement_securityalert/52
	NOTE: Only exploitable through malicious script
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/formatted_print.c?r1=1.104&r2=1.105&diff_format=u
CVE-2008-1383 (The docert function in ssl-cert.eclass, when used by src_compile or ...)
	NOT-FOR-US: Gentoo Linux Ebuilds
CVE-2008-1382 (libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 ...)
	- libpng 1.2.26-1 (low; bug #476669)
	NOTE: 1.2.26-1 contains a patch to fix that
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2008-1381 (ZoneMinder before 1.23.3 allows remote authenticated users, and ...)
	{DTSA-130-1}
	- zoneminder 1.23.3-1 (medium; bug #479034)
	NOTE: http://www.awe.com/mark/blog/200804272230.html
CVE-2008-1380 (The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird ...)
	{DSA-1696-1 DSA-1562-1 DSA-1558-1 DSA-1555-1}
	- iceweasel 2.0.0.14-1
	- icedove 2.0.0.14-1
	- iceape 1.1.9-2
	- xulrunner 1.8.1.14-1
CVE-2008-1379 (Integer overflow in the fbShmPutImage function in the MIT-SHM ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1378
	REJECTED
CVE-2008-1377 (The (1) SProcRecordCreateContext and (2) SProcRecordRegisterClients ...)
	{DSA-1595-1 DTSA-141-1}
	- xorg-server 2:1.4.1~git20080517-2
CVE-2008-1376 (A certain Red Hat build script for nfs-utils before 1.0.9-35z.el5_2 on ...)
	NOT-FOR-US: Red Hat build script
CVE-2008-1375 (Race condition in the directory notification subsystem (dnotify) in ...)
	{DSA-1565-1}
	- linux-2.6 2.6.25-2 (low)
	- linux-2.6.24 2.6.24-6~etchnhalf.2
CVE-2008-1374 (Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux ...)
	- cupsys <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
	- cups <not-affected> (Redhat-specific incomplete patch, upstream patch is complete)
CVE-2008-1373 (Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows ...)
	{DSA-1625-1 DTSA-122-1}
	- cupsys 1.3.7-1 (medium)
	- cups 1.3.7-1 (medium)
CVE-2008-1372 (bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to ...)
	- bzip2 1.0.5-0.1 (low; bug #471670)
	[etch] - bzip2 <no-dsa> (Pure crasher, no code injection, mostly a regular bug)
CVE-2008-1371 (Absolute path traversal vulnerability in install/index.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2008-1370 (PHP remote file inclusion vulnerability in index.php in wildmary Yap ...)
	NOT-FOR-US: wildmary Yap Blog
CVE-2008-1369 (A certain incorrect Sun Solaris 10 image on SPARC Enterprise T5120 and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1368 (CRLF injection vulnerability in Microsoft Internet Explorer 5 and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-1367 (gcc 4.3.x does not generate a cld instruction while compiling ...)
	- linux-2.6 2.6.24-5 (bug #469058)
	[etch] - linux-2.6 <not-affected> (Only exposed with GCC 4.3)
	- kfreebsd-6 6.3-4 (bug #469564)
	- kfreebsd-7 7.0-2 (bug #469565)
	- gcc-4.3 4.3.0-2 (bug #469567)
	- glibc 2.7-8 (bug #465583)
	[etch] - glibc <not-affected> (Problem only exposed with GCC 4.3)
CVE-2008-1366 (Trend Micro OfficeScan Corporate Edition 8.0 Patch 2 build 1189 and ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1365 (Stack-based buffer overflow in Trend Micro OfficeScan Corporate ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2008-1364 (Unspecified vulnerability in the DHCP service in VMware Workstation ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1363 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1362 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1361 (VMware Workstation 6.0.x before 6.0.3 and 5.5.x before 5.5.6, VMware ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-1359 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-1358 (Stack-based buffer overflow in the IMAP server in Alt-N Technologies ...)
	NOT-FOR-US: MDaemon
CVE-2008-1357 (Format string vulnerability in the logDetail function of applib.dll in ...)
	NOT-FOR-US: McAfee Common Management Agent
CVE-2008-1356 (Unspecified vulnerability in xscreensaver in Sun Solaris 10 Java ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1355 (Cross-site scripting (XSS) vulnerability in index.php in Jeebles ...)
	NOT-FOR-US: Jeebles Directory
CVE-2008-1354 (SQL injection vulnerability in MyIssuesView.asp in Advanced Data ...)
	NOT-FOR-US: VSO-XP
CVE-2008-1353 (zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a ...)
	- zabbix 1:1.4.5-1 (low; bug #471678)
	[etch] - zabbix <no-dsa> (Minor issue)
CVE-2008-1352 (Directory traversal vulnerability in search.php in EdiorCMS (ecms) 3.0 ...)
	NOT-FOR-US: EdiorCMS
CVE-2008-1351 (SQL injection vulnerability in the Tutorials 2.1b module for XOOPS ...)
	NOT-FOR-US: Tutorials module for XOOPS
CVE-2008-1350 (SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) ...)
	NOT-FOR-US: Fully Modded phpBB
CVE-2008-1349 (SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama ...)
	NOT-FOR-US: bamaGalerie
CVE-2008-1348 (Cross-site scripting (XSS) vulnerability in index.php in the eWebsite ...)
	NOT-FOR-US: eWeather module for PHP-Nuke
CVE-2008-1347 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1346 (SQL injection vulnerability in staticpages/easygallery/index.php in ...)
	NOT-FOR-US: MyioSoft EasyGallery
CVE-2008-1345 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1344 (Multiple SQL injection vulnerabilities in MyioSoft EasyCalendar 4.0tr ...)
	NOT-FOR-US: MyioSoft EasyCalendar
CVE-2008-1343 (Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO ...)
	NOT-FOR-US: SCO Unixware
CVE-2008-1342 (Multiple cross-site scripting (XSS) vulnerabilities in the search ...)
	NOT-FOR-US: Polymita BPM-Suite and CollagePortal
CVE-2008-1341 (SQL injection vulnerability in SearchResults.aspx in LaGarde ...)
	NOT-FOR-US: LaGarde StoreFront
CVE-2008-1340 (Virtual Machine Communication Interface (VMCI) in VMware Workstation ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-1339
	RESERVED
CVE-2008-1338 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1337 (The instant message service in Timbuktu Pro 8.6.5 RC 229 and earlier ...)
	NOT-FOR-US: Timbuktu Pro for Windows
CVE-2008-1336 (SQL injection vulnerability in Koobi CMS 4.2.3 through 4.3.0 allows ...)
	NOT-FOR-US: Koobi CMS
CVE-2008-1335 (The ipsec4_get_ulp function in the kernel in NetBSD 2.0 through 3.1 ...)
	NOT-FOR-US: NetBSD
CVE-2008-1334 (cgi/b on the BT Home Hub router allows remote attackers to bypass ...)
	NOT-FOR-US: BT Home Hub router
CVE-2008-1333 (Format string vulnerability in Asterisk Open Source 1.6.x before ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	NOTE: Etch's release is unimportant, since not exploitable, but was fixed anyway
	[sarge] - asterisk <not-affected> (Only 1.6.x affected)
CVE-2008-1332 (Unspecified vulnerability in Asterisk Open Source 1.2.x before 1.2.27, ...)
	{DSA-1525-1}
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
CVE-2008-1331 (cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access ...)
	NOT-FOR-US: OmniPCX Office
CVE-2008-1330 (Unspecified vulnerability in the Windows client API in Novell ...)
	NOT-FOR-US: Novell Groupwise
CVE-2008-1329 (Unspecified vulnerability in the NetBackup service in CA ARCserve ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1328 (Buffer overflow in the LGServer service in CA ARCserve Backup for ...)
	NOT-FOR-US: CA ARCserve
CVE-2008-1327 (Gallarific does not require authentication for (1) users.php and (2) ...)
	NOT-FOR-US: Gallarific
CVE-2008-1326 (Cross-site scripting (XSS) vulnerability in search.php in Gallarific ...)
	NOT-FOR-US: Gallarific
CVE-2008-1325 (Multiple directory traversal vulnerabilities in index.php in Uberghey ...)
	NOT-FOR-US: Uberghey CMS
CVE-2008-1324 (Multiple directory traversal vulnerabilities in index.php in ...)
	NOT-FOR-US: Travelsized CMS
CVE-2008-1323 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-1322 (The File Check Utility (fcheck.exe) in ASG-Sentry Network Manager ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1321 (The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1320 (Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and ...)
	NOT-FOR-US: ASG-Sentry Network Manager
CVE-2008-1319 (Untrusted search path and argument injection vulnerability in the ...)
	NOT-FOR-US: Versant Object Database
CVE-2008-1317 (Unspecified vulnerability in the Inter-Process Communication (IPC) ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1316 (SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute ...)
	NOT-FOR-US: QuickTalk Forum
CVE-2008-1315 (SQL injection vulnerability in the ZClassifieds module for PHP-Nuke ...)
	NOT-FOR-US: ZClassifieds module for PHP-Nuke
CVE-2008-1314 (SQL injection vulnerability in the Johannes Hass gaestebuch 2.2 module ...)
	NOT-FOR-US: Johannes Hass gaestebuch
CVE-2008-1313 (Multiple SQL injection vulnerabilities in index.php in Bloo 1.00 and ...)
	NOT-FOR-US: Bloo
CVE-2008-1312 (Unspecified vulnerability in the TFTP server in PacketTrap Networks ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1311 (The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1310 (Directory traversal vulnerability in the TFTP server in PacketTrap ...)
	NOT-FOR-US: PacketTrap Networks Tool Suite
CVE-2008-1309 (The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in ...)
	NOT-FOR-US: RealPlayer
CVE-2008-1308 (SQL injection vulnerability in the Sudirman Angriawan NukeC30 3.0 ...)
	NOT-FOR-US: NukeC30 module for PHP-Nuke
CVE-2008-1307 (Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in ...)
	NOT-FOR-US: KingSoft Antivirus
CVE-2008-1306 (Multiple cross-site scripting (XSS) vulnerabilities in Savvy Content ...)
	NOT-FOR-US: Savvy Content Manager
CVE-2008-1305 (SQL injection vulnerability in filebase.php in the Filebase mod for ...)
	NOT-FOR-US: Filebase mod for phpBb
CVE-2008-1304 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.3.2 ...)
	- wordpress <not-affected> (Vulnerable code not present)
	NOTE: referring to upstream this only affected wordpress.com and not the regular wordpress code
CVE-2008-1303 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1302 (The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and ...)
	NOT-FOR-US: Perforce Server
CVE-2008-1301 (Absolute path traversal vulnerability in ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1300 (Cross-site scripting (XSS) vulnerability in the Logfile Viewer ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2008-1299 (Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ...)
	NOT-FOR-US: ManageEngine ServiceDesk Plus
CVE-2008-1298 (SQL injection vulnerability in Hadith module for PHP-Nuke allows ...)
	NOT-FOR-US: Hadith module for PHP-Nuke
CVE-2008-1297 (SQL injection vulnerability in index.php in the eWriting ...)
	NOT-FOR-US: com_ewriting module for Mambo and Joomla!
CVE-2008-1296 (Multiple cross-site scripting (XSS) vulnerabilities in EncapsGallery ...)
	NOT-FOR-US: EncapsGallery
CVE-2008-1295 (SQL injection vulnerability in archives.php in Gregory Kokanosky (aka ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2008-1292 (ViewVC before 1.0.5 provides revision metadata without properly ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1291 (ViewVC before 1.0.5 stores sensitive information under the web root ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1290 (ViewVC before 1.0.5 includes &quot;all-forbidden&quot; files within search ...)
	- viewvc 1.0.5-0.1 (bug #471380)
CVE-2008-1289 (Multiple buffer overflows in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.18.1~dfsg-1 (medium)
	[etch] - asterisk <not-affected> (Only 1.4.x and above affected)
	[sarge] - asterisk <not-affected> (Only 1.4.x and above affected)
CVE-2007-6710
	RESERVED
CVE-2007-6709 (The Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.01.03 and ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6708 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Cisco Linksys
CVE-2007-6707 (Multiple cross-site scripting (XSS) vulnerabilities on the Cisco ...)
	NOT-FOR-US: Cisco Linksys
CVE-2008-1360 (Cross-site scripting (XSS) vulnerability in Nagios before 2.11 allows ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.11-1 (low)
CVE-2008-1417 (The prerm script in axyl 2.1.7 allows local users to overwrite ...)
	- axyl 2.2.0 (low; bug #471227)
	[sarge] - axyl <not-affected> (Vulnerable code not present)
	[etch] - axyl <not-affected> (Vulnerable code not present)
CVE-2008-1294 (Linux kernel 2.6.17, and other versions before 2.6.22, does not check ...)
	{DSA-1565-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2008-1318 (Unspecified vulnerability in MediaWiki 1.11 before 1.11.2 allows ...)
	- mediawiki 1:1.11.2-1
	[etch] - mediawiki <not-affected> (Versions prior to 1.11 do not include callback feature)
	NOTE: http://lists.wikimedia.org/pipermail/mediawiki-announce/2008-March/000070.html
CVE-2008-1288 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 might allow local or ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1287 (IBM Rational ClearQuest 7.0.1.1 and 7.0.0.2 generates different error ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2008-1286 (Unspecified vulnerability in Sun Java Web Console 3.0.2, 3.0.3, and ...)
	NOT-FOR-US: Sun Javav Web Console
CVE-2008-1285 (Cross-site scripting (XSS) vulnerability in Sun Java Server Faces ...)
	NOT-FOR-US: Sun Java Server Faces
CVE-2008-1284 (Directory traversal vulnerability in Horde 3.1.6, Groupware before ...)
	{DSA-1519-1}
	- horde3 3.1.7-1 (medium; bug #470640)
CVE-2008-1283 (Cross-site scripting (XSS) vulnerability in Neptune Web Server 3.0 ...)
	NOT-FOR-US: Neptune Web Server
CVE-2008-1282 (Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup ...)
	NOT-FOR-US: B21Soft BFup
CVE-2008-1281 (Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, ...)
	NOT-FOR-US: Argon Technology Client Management Services
CVE-2008-1280 (Acronis True Image Windows Agent 1.0.0.54 and earlier, included in ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1279 (Acronis True Image Group Server 1.5.19.191 and earlier, included in ...)
	NOT-FOR-US: Acronis True Image
CVE-2008-1278 (The RemotelyAnywhere.exe service in the Remotely Anywhere Server and ...)
	NOT-FOR-US: Remotely Anywhere
CVE-2008-1277 (The IMAP service (MEIMAPS.exe) in MailEnable Professional Edition and ...)
	NOT-FOR-US: MailEnable
CVE-2008-1276 (Multiple buffer overflows in the IMAP service (MEIMAPS.EXE) in ...)
	NOT-FOR-US: MailEnable
CVE-2008-1275 (Multiple unspecified vulnerabilities in the SMTP service in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2008-1274 (Untrusted search path vulnerability in man in IBM AIX 6.1.0 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-1273 (Multiple cross-site scripting (XSS) vulnerabilities in imageVue 1.7 ...)
	NOT-FOR-US: imageVue
CVE-2008-1272 (Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and ...)
	NOT-FOR-US: BM Classifieds
CVE-2008-1271
	REJECTED
CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in ...)
	NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS
CVE-2008-1270 (mod_userdir in lighttpd 1.4.18 and earlier, when userdir.path is not ...)
	{DSA-1521-1}
	- lighttpd 1.4.19-1
	NOTE: user configuration error, default documented in moduserdir documentation
CVE-2008-1269 (cp06_wifi_m_nocifr.cgi in the admin panel on the Alice Gate 2 Plus ...)
	NOT-FOR-US: Alice Gate 2 Plus router firmware
CVE-2008-1268 (The FTP server on the Linksys WRT54G 7 router with 7.00.1 firmware ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1267 (The Siemens SpeedStream 6520 router allows remote attackers to cause a ...)
	NOT-FOR-US: Siemens SpeedStream
CVE-2008-1266 (Multiple buffer overflows in the web interface on the D-Link DI-524 ...)
	NOT-FOR-US: D-Link router
CVE-2008-1265 (The Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1264 (The Linksys WRT54G router has &quot;admin&quot; as its default FTP password, ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1263 (The Linksys WRT54G router stores passwords and keys in cleartext in ...)
	NOT-FOR-US: Linksys WRT54G
CVE-2008-1262 (The administration panel on the Airspan WiMax ProST 4.1 antenna with ...)
	NOT-FOR-US: Airspan WiMax ProST antenna
CVE-2008-1261 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware provides ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1260 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1259 (The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1258 (Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link ...)
	NOT-FOR-US: D-Link router
CVE-2008-1257 (Cross-site scripting (XSS) vulnerability in Forms/DiagGeneral_2 on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1256 (The ZyXEL P-660HW series router has &quot;admin&quot; as its default password, ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1255 (The ZyXEL P-660HW series router maintains authentication state by IP ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1254 (Multiple cross-site request forgery (CSRF) vulnerabilities on the ...)
	NOT-FOR-US: Zyxel router
CVE-2008-1253 (Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the ...)
	NOT-FOR-US: D-Link router
CVE-2008-1252 (b_banner.stm (aka the login page) on the Deutsche Telekom Speedport ...)
	NOT-FOR-US: Telekom Speedport W500 DSL router
CVE-2008-1251 (Cross-site scripting (XSS) vulnerability in the web interface on the ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1250 (Multiple cross-site request forgery (CSRF) vulnerabilities in the web ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1249 (snomControl.swf in the central phone server for the Snom 320 SIP Phone ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1248 (The web interface on the central phone server for the Snom 320 SIP ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2008-1247 (The web interface on the Linksys WRT54g router with firmware 1.00.9 ...)
	NOT-FOR-US: Linksys WRT54g router
CVE-2008-1246 (** DISPUTED ** ...)
	NOT-FOR-US: Cisco PIX/ASA Finesse Operation System
CVE-2008-1245 (cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with ...)
	NOT-FOR-US: Belkin router
CVE-2008-1244 (cgi-bin/setup_dns.exe on the Belkin F5D7230-4 router with firmware ...)
	NOT-FOR-US: Belkin router
CVE-2008-1243 (Cross-site scripting (XSS) vulnerability on the Linksys WRT300N router ...)
	NOT-FOR-US: Linksys WRT300N router
CVE-2008-1242 (The control panel on the Belkin F5D7230-4 router with firmware 9.01.10 ...)
	NOT-FOR-US: Belkin router
CVE-2008-1241 (GUI overlay vulnerability in Mozilla Firefox before 2.0.0.13 and ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1240 (LiveConnect in Mozilla Firefox before 2.0.0.13 and SeaMonkey before ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1239
	RESERVED
CVE-2008-1238 (Mozilla Firefox before 2.0.0.13 and SeaMonkey before 1.1.9, when ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-1237 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1236 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1235 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1234 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1233 (Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, ...)
	{DSA-1574-1 DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
	- icedove 2.0.0.14-1
CVE-2008-1232 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1.0 ...)
	- tomcat5.5 5.5.26-4 (low; bug #494504)
CVE-2008-1231 (Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1230 (Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1229 (Cross-site scripting (XSS) vulnerability in Edit.jsp in JSPWiki ...)
	- jspwiki 2.8.0-1 (bug #470477)
CVE-2008-1228 (Cross-site scripting (XSS) vulnerability in admin.php in MG2 (formerly ...)
	NOT-FOR-US: MG2
CVE-2008-1227 (Stack-based buffer overflow in the silc_fingerprint function in ...)
	- silc-toolkit 1.1.6-1
CVE-2008-1226 (Multiple cross-site scripting (XSS) vulnerabilities in Zimbra ...)
	NOT-FOR-US: Zimbra Collaboration Suite
CVE-2008-1225 (Multiple cross-site scripting (XSS) vulnerabilities in WebCT Campus ...)
	NOT-FOR-US: WebCT Campus Edition
CVE-2008-1224 (Cross-site scripting (XSS) vulnerability in account.php in ...)
	NOT-FOR-US: BosClassifieds Classified Ads System
CVE-2008-1223 (Unspecified vulnerability in Dokeos 1.8.4 before SP3 allows attackers ...)
	NOT-FOR-US: Dokeos
CVE-2008-1222 (Cross-site scripting (XSS) vulnerability in Dokeos 1.8.4 before SP3 ...)
	NOT-FOR-US: Dokeos
CVE-2008-1221 (Absolute path traversal vulnerability in the FTP server in MicroWorld ...)
	NOT-FOR-US: MicroWorld eScan
CVE-2008-1220 (SQL injection vulnerability in the 4nChat 0.91 module for PHP-Nuke ...)
	NOT-FOR-US: 4nChat for PHP-Nuke
CVE-2008-1219 (SQL injection vulnerability in the Kutub-i Sitte (KutubiSitte) 1.1 ...)
	NOT-FOR-US: Kutub-i Sitte for PHP-Nuke
CVE-2008-1217 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1216 (IBM Lotus Quickr 8.0 server, and possibly QuickPlace 7.x, does not ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-1215 (Stack-based buffer overflow in the command_Expand_Interpret function ...)
	NOT-FOR-US: BSD net/userppp
CVE-2008-1214 (MRcgi/MRProcessIncomingForms.pl in Numara FootPrints 8.1 on Linux ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1213 (Cross-site scripting (XSS) vulnerability in Numara FootPrints for ...)
	NOT-FOR-US: Numara FootPrints
CVE-2008-1212 (Cross-site scripting (XSS) vulnerability in set_permissions.php in ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1211 (Cross-site scripting (XSS) vulnerability in BosDates 3.x and 4.x ...)
	NOT-FOR-US: BosDates
CVE-2008-1210 (Stack-based buffer overflow in the ctags parsing code in Programmer's ...)
	NOT-FOR-US: Programmer's Notepad
CVE-2008-1209 (Cross-site scripting (XSS) vulnerability in redirect.do in Xitex ...)
	NOT-FOR-US: Xitex WebContent M1
CVE-2008-1208 (Cross-site scripting (XSS) vulnerability in the login page in Check ...)
	NOT-FOR-US: CheckPoint VPN-1
CVE-2008-1207 (Multiple unspecified vulnerabilities in Fujitsu Interstage Smart ...)
	NOT-FOR-US: Fujitsu Interstage
CVE-2008-1206 (Format string vulnerability in the log_message function in lks.c in ...)
	NOT-FOR-US: Linux Kiss Server
CVE-2008-1205 (Unspecified vulnerability in the ipsecah kernel module in Sun Solaris ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1204 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Sun Java System
CVE-2008-1203 (The administrator interface for Adobe ColdFusion 8 and ColdFusion MX7 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-1202 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Adobe LiveCycle Workflow
CVE-2008-1201 (Multiple unspecified vulnerabilities in FLA file parsing in Adobe ...)
	NOT-FOR-US: Adobe Flash CS3 Professional
CVE-2008-1200 (Unspecified vulnerability in Microsoft Access allows remote ...)
	NOT-FOR-US: Microsoft Access
CVE-2008-1198 (The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 ...)
	NOT-FOR-US: Red Hat specific
CVE-2008-1197 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1196 (Stack-based buffer overflow in Java Web Start (javaws.exe) in Sun JDK ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1195 (Unspecified vulnerability in Sun JDK and Java Runtime Environment ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1194 (Multiple unspecified vulnerabilities in the color management library ...)
	- sun-java6 6-05-1 (unimportant)
	- sun-java5 1.5.0-15-1 (unimportant)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1193 (Unspecified vulnerability in Java Runtime Environment Image Parsing ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1192 (Unspecified vulnerability in the Java Plug-in for Sun JDK and JRE 6 ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1191 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1190 (Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 <not-affected> (No more information by sun)
CVE-2008-1189 (Buffer overflow in Java Web Start in Sun JDK and JRE 6 Update 4 and ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1188 (Multiple buffer overflows in the useEncodingDecl function in Java Web ...)
	- sun-java6 6-05-1 (medium)
	- sun-java5 1.5.0-15-1 (medium)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1187 (Unspecified vulnerability in Sun Java Runtime Environment (JRE) and ...)
	- sun-java6 6-05-1 (low)
	- sun-java5 1.5.0-15-1 (low)
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1186 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1185 (Unspecified vulnerability in the Virtual Machine for Sun Java Runtime ...)
	- sun-java6 6-05-1
	- sun-java5 1.5.0-15-1
	[etch] - sun-java5 <no-dsa> (Non-free not supported)
CVE-2008-1184 (The DNSSEC validation library (libval) library in dnssec-tools before ...)
	- dnssec-tools <not-affected> (first version in Debian was 1.4.1)
CVE-2008-1183 (Multiple cross-site scripting (XSS) vulnerabilities in Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-1182 (Cross-site scripting (XSS) vulnerability in BSD Perimeter pfSense ...)
	NOT-FOR-US: BSD Perimeter pfSense
CVE-2008-1181 (Juniper Networks Secure Access 2000 5.5 R1 (build 11711) allows remote ...)
	NOT-FOR-US: Juniper
CVE-2008-1180 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Juniper
CVE-2008-1179 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Centreon
CVE-2008-1178 (Directory traversal vulnerability in include/doc/index.php in Centreon ...)
	NOT-FOR-US: Centreon
CVE-2008-1177 (SQL injection vulnerability in shop/detail.php in Affiliate Market ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1176 (Cross-site scripting (XSS) vulnerability in function/sideblock.php in ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-1175 (Cross-site scripting (XSS) vulnerability in AuthentiX 6.3b1 Trial ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1174 (Cross-site scripting (XSS) vulnerability in editUser.asp in AuthentiX ...)
	NOT-FOR-US: AuthentiX
CVE-2008-1173 (Cross-site scripting (XSS) vulnerability in account-inbox.php in ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1172 (Cross-site request forgery (CSRF) vulnerabilities in account-inbox.php ...)
	NOT-FOR-US: TorrentTrader
CVE-2008-1171 (** DISPUTED ** ...)
	NOT-FOR-US: 123 Flash Chat Module for phpBB
CVE-2008-1170 (Multiple PHP remote file inclusion vulnerabilities in KCWiki 1.0 allow ...)
	NOT-FOR-US: KCWiki
CVE-2008-1169 (Directory traversal vulnerability in the embedded HTTP server in SCI ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2008-1168 (Cross-site scripting (XSS) vulnerability in Squid Analysis Report ...)
	- sarg 2.2.5-1
CVE-2008-1167 (Stack-based buffer overflow in the useragent function in useragent.c ...)
	- sarg 2.2.4-1
CVE-2008-1166 (Flyspray 0.9.9.4 generates different error messages depending on ...)
	- flyspray <removed>
CVE-2008-1165 (Multiple cross-site scripting (XSS) vulnerabilities in Flyspray 0.9.9 ...)
	- flyspray <removed>
CVE-2008-1164 (SQL injection vulnerability in index.php in phpComasy 0.8 allows ...)
	NOT-FOR-US: phpComasy CMS
CVE-2008-1163 (SQL injection vulnerability in index.php in phpArcadeScript 1.0 ...)
	NOT-FOR-US: phpArcadeScript
CVE-2008-1162 (SQL injection vulnerability in album.php in PHP WEB SCRIPT Dynamic ...)
	NOT-FOR-US: phpwebscript
CVE-2008-1161 (Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in ...)
	{DSA-1536-1}
	- xine-lib 1.1.10.1-1 (medium)
CVE-2008-1160 (ZyXEL ZyWALL 1050 has a hard-coded password for the Quagga and Zebra ...)
	NOT-FOR-US: ZyXEL ZyWALL 1050
CVE-2008-1159 (Multiple unspecified vulnerabilities in the SSH server in Cisco IOS ...)
	NOT-FOR-US: Cisco ssh server
CVE-2008-1158 (The Presence Engine (PE) service in Cisco Unified Presence before ...)
	NOT-FOR-US: Presence Engine (PE) Cisco Unified Presence
CVE-2008-1157 (Cisco CiscoWorks Internetwork Performance Monitor (IPM) 2.6 creates a ...)
	NOT-FOR-US: Cisco IPM
CVE-2008-1156 (Unspecified vulnerability in the Multicast Virtual Private Network ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1155 (Cisco Network Admission Control (NAC) Appliance 3.5.x, 3.6.x before ...)
	NOT-FOR-US: Cisco
CVE-2008-1154 (The Disaster Recovery Framework (DRF) master server in Cisco Unified ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1153 (Cisco IOS 12.1, 12.2, 12.3, and 12.4, with IPv4 UDP services and the ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1152 (The data-link switching (DLSw) component in Cisco IOS 12.0 through ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1151 (Memory leak in the virtual private dial-up network (VPDN) component in ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1150 (The virtual private dial-up network (VPDN) component in Cisco IOS ...)
	NOT-FOR-US: Cisco IOS
CVE-2008-1149 (phpMyAdmin before 2.11.5 accesses $_REQUEST to obtain some parameters ...)
	{DSA-1557-1}
	- phpmyadmin 4:2.11.5-1 (low)
	[etch] - phpmyadmin <no-dsa> (Minor issue)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	NOTE: PMASA-2008-1. SQL injection if you can set local cookies, which means
	NOTE: you must be able to create pages in the same cookie domain, which seems
	NOTE: rare and unwise. low priority.
CVE-2008-1148 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
	NOT-FOR-US: OpenBSD / NetBSD
CVE-2008-1147 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (KFreebsd not supported)
	- kfreebsd-6 <removed>
	[lenny] - kfreebsd-6 <no-dsa> (KFreebsd not supported)
	- kfreebsd-7 <removed> (bug #559107)
	[lenny] - kfreebsd-7 <no-dsa> (KFreebsd not supported)
CVE-2008-1146 (A certain pseudo-random number generator (PRNG) algorithm that uses ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1144 (The Marvell driver for the Netgear WN802T Wi-Fi access point with ...)
	NOT-FOR-US: Marvell driver for the Netgear WN802T Wi-Fi access point
CVE-2008-1143
	RESERVED
CVE-2008-1141 (Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier ...)
	NOT-FOR-US: DESlock+
CVE-2008-1140 (DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users ...)
	NOT-FOR-US: DESlock+
CVE-2008-1139 (DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys ...)
	NOT-FOR-US: DESlock+
CVE-2008-1138 (DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users ...)
	NOT-FOR-US: DESlock+
CVE-2008-1137 (SQL injection vulnerability in the Garys Cookbook (com_garyscookbook) ...)
	NOT-FOR-US: com_garyscookbook component for Mambo and Joomla!
CVE-2008-1136 (The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through ...)
	- vdccm <removed>
CVE-2008-1135 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates ...)
	NOT-FOR-US: OMEGA
CVE-2008-1134 (OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 supports ...)
	NOT-FOR-US: OMEGA
CVE-2008-1133 (The Drupal.checkPlain function in Drupal 6.0 only escapes the first ...)
	- drupal5 <not-affected> (Vulnerable code introduced in 6.x)
CVE-2007-6706 (Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6705 (The WebSphere MQ XA 5.3 before FP13 and 6.0.x before 6.0.2.1 client ...)
	NOT-FOR-US: WebSphere
CVE-2007-6704 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass ...)
	NOT-FOR-US: F5 FirePass
CVE-2007-6703 (Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) ...)
	- vdccm <removed>
CVE-2007-6702 (goform/QuickStart_c0 on the GoAhead Web Server on the FS4104-AW (aka ...)
	NOT-FOR-US: FS4104-AW firmware
CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...)
	NOT-FOR-US: Uploader
CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before ...)
	NOT-FOR-US: Novell GroupWise
CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: XOOPS
CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the ...)
	NOT-FOR-US: Splatt Forum module for PHP-Nuke
CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased ...)
	NOT-FOR-US: Filebased guestbook
CVE-2008-1218 (Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and ...)
	{DSA-1516-1}
	- dovecot 1:1.0.13-1
	[etch] - dovecot <not-affected> (Vulnerable code not present)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	NOTE: exploitable through code introduced in 1.0.11
	NOTE: http://www.dovecot.org/list/dovecot-news/2008-March/000064.html
CVE-2008-1293 (ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac ...)
	{DSA-1561-1 DTSA-118-1}
	- ldm 2:0.1~bzr20080308-1 (bug #469462)
	- ltsp 5.0.40~bzr20071229-1
	NOTE: In revision 5.0.40~bzr20071229-1 ldm has been split into a separate source package
CVE-2008-1145 (Directory traversal vulnerability in WEBrick in Ruby 1.8 before ...)
	- ruby1.8 1.8.6.114-1 (unimportant; bug #469475)
	- ruby1.9 1.9.0.1-1 (unimportant; bug #469482)
	[sarge] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.8 <no-dsa> (case insensitive FS, corner case)
	[etch] - ruby1.9 <no-dsa> (case insensitive FS, corner case)
	NOTE: http://www.ruby-lang.org/en/news/2008/03/03/webrick-file-access-vulnerability/
CVE-2008-1199 (Dovecot before 1.0.11, when configured to use mail_extra_groups to ...)
	{DSA-1516-1}
	- dovecot 1:1.0.12-1 (medium; bug #469457)
CVE-2008-1132 (Untrusted search path vulnerability in src/mainwindow.c in Net ...)
	NOT-FOR-US: Net Activity Viewer
CVE-2008-1131 (Cross-site scripting (XSS) vulnerability in Drupal 6.0 allows remote ...)
	- drupal <not-affected> (Vulnerable code not present, affects only 6.x branch)
	- drupal5 <not-affected> (Vulnerable code not present, affects only 6.x branch)
CVE-2008-1130 (Unspecified vulnerability in IBM WebSphere MQ 6.0.x before 6.0.2.2 and ...)
	NOT-FOR-US: WebSphere
CVE-2008-1129 (Cross-site scripting (XSS) vulnerability in admin/users/self.php in ...)
	NOT-FOR-US: XRMS
CVE-2008-1128 (PHP remote file inclusion vulnerability in tourney/index.php in ...)
	NOT-FOR-US: phpMyTourney
CVE-2008-1127 (Format string vulnerability in the cryactio function in Crysis ...)
	NOT-FOR-US: Crysis
CVE-2008-1126 (PHP remote file inclusion vulnerability in main.php in Barryvan Compo ...)
	NOT-FOR-US: Barryvan Compo Manager
CVE-2008-1125 (Multiple directory traversal vulnerabilities in Podcast Generator 1.0 ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1124 (Multiple PHP remote file inclusion vulnerabilities in Podcast ...)
	NOT-FOR-US: Podcast Generator
CVE-2008-1123 (Multiple PHP remote file inclusion vulnerabilities in SiteBuilder ...)
	NOT-FOR-US: SiteBuilder
CVE-2008-1122 (SQL injection vulnerability in the downloads module in Koobi Pro 5.7 ...)
	NOT-FOR-US: Koobi
CVE-2008-1121 (SQL injection vulnerability in index.php in eazyPortal 1.0 and earlier ...)
	NOT-FOR-US: eazyPortal
CVE-2008-1120 (Format string vulnerability in the embedded Internet Explorer ...)
	NOT-FOR-US: ICQ
CVE-2008-1119 (Directory traversal vulnerability in include/doc/get_image.php in ...)
	NOT-FOR-US: Centreon
CVE-2008-1118 (Timbuktu Pro 8.6.5 for Windows, and possibly 8.7 for Mac OS X, does ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1117 (Directory traversal vulnerability in the Notes (aka Flash Notes or ...)
	NOT-FOR-US: Timbuktu Pro
CVE-2008-1116 (Insecure method vulnerability in the Web Scan Object ActiveX control ...)
	NOT-FOR-US: Rising Antivirus
CVE-2008-1115 (Unspecified vulnerability in Sun Solaris 8 directory functions allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1114 (Vocera Communications wireless handsets, when using Protected ...)
	NOT-FOR-US: Vocera
CVE-2008-1113 (Cisco Unified Wireless IP Phone 7921, when using Protected Extensible ...)
	NOT-FOR-US: Cisco
CVE-2008-1112
	REJECTED
CVE-2008-1110 (Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the ...)
	- xine-lib 1.1.10-1
	[etch] - xine-lib <not-affected> (Not affected per assessment of maintainer)
	[sarge] - xine-lib <not-affected> (Not affected per assessment of maintainer)
CVE-2008-1109 (Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the user accepts the iCalendar request and replies
	NOTE: to it from the "Calendars" window.
CVE-2008-1108 (Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is ...)
	- evolution 2.22.2-1.1 (low; bug #484639)
	[etch] - evolution <no-dsa> (Minor issue)
	NOTE: Requires that the ITip Formatter plugin is disabled, which is enabled by default.
CVE-2008-1107 (Multiple stack-based buffer overflows in the Danske Bank e-Sec Control ...)
	NOT-FOR-US: Danske Bank e-Sec Control Module
CVE-2008-1106 (The management interface in Akamai Client (formerly Red Swoosh) 3322 ...)
	NOT-FOR-US: Akamai Client
CVE-2008-1105 (Heap-based buffer overflow in the receive_smb_raw function in ...)
	{DSA-1590-1}
	- samba 1:3.0.30-1 (medium; bug #483410)
CVE-2008-1104 (Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 ...)
	NOT-FOR-US: Foxit Reader
CVE-2008-1103 (Multiple unspecified vulnerabilities in Blender have unknown impact ...)
	- blender 2.40-1 (low)
CVE-2008-1102 (Stack-based buffer overflow in the imb_loadhdr function in Blender ...)
	{DSA-1567-1}
	- blender 2.45-5 (medium; bug #477808)
CVE-2008-1101 (Buffer overflow in kvdocve.dll in the KeyView document viewing engine ...)
	NOT-FOR-US: KeyView
CVE-2008-1100 (Buffer overflow in the cli_scanpe function in libclamav ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1
CVE-2008-1099 (_macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1098 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-1097 (Heap-based buffer overflow in the ReadPCXImage function in the PCX ...)
	{DSA-1858-1}
	- graphicsmagick 1.1.7-13
	- imagemagick 7:6.2.4.5.dfsg1-1
CVE-2008-1096 (The load_tile function in the XCF coder in coders/xcf.c in (1) ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.3.7.9.dfsg1-2.1 (medium; bug #414370)
	[lenny] - imagemagick 7:6.3.7.9.dfsg1-2.1+lenny1
	- graphicsmagick 1.1.11-3.2 (medium; bug #414370)
CVE-2008-1095 (Unspecified vulnerability in the Internet Protocol (IP) implementation ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-1094 (SQL injection vulnerability in index.cgi in the Account View page in ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2008-1093 (Acresso InstallShield Update Agent does not properly verify the ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2008-1092 (Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet ...)
	NOT-FOR-US: Microsoft Jet Database Engine
CVE-2008-1091 (Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, ...)
	NOT-FOR-US: Microsoft Word
CVE-2008-1090 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2008-1089 (Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2008-1088 (Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2008-1087 (Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2008-1086 (The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2008-1085 (Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-1084 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2008-1083 (Heap-based buffer overflow in the CreateDIBPatternBrushPt function in ...)
	NOT-FOR-US: Microsoft
CVE-2008-1082 (Opera before 9.26 allows remote attackers to &quot;bypass sanitization ...)
	NOT-FOR-US: Opera
CVE-2008-1081 (Opera before 9.26 allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: Opera
CVE-2008-1080 (Opera before 9.26 allows user-assisted remote attackers to read ...)
	NOT-FOR-US: Opera
CVE-2008-1079 (The outboxWriteUnsent function in FTPThread.class in SendFile.jar for ...)
	NOT-FOR-US: Beehive Software SendFile.NET
CVE-2008-1078 (expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and ...)
	- am-utils <not-affected> (Affected code not present in the binary package)
	NOTE: sendmail includes a copy of the script, which has been fixed since
	NOTE: several years
CVE-2008-1077 (SQL injection vulnerability in index.php in the Simpleboard ...)
	NOT-FOR-US: com_simpleboard component for Mambo and Joomla!
CVE-2008-1076 (Cross-site scripting (XSS) vulnerability in search.php in Interspire ...)
	NOT-FOR-US: Interspire Shopping Cart
CVE-2008-1075 (Cross-site scripting (XSS) vulnerability in index.php in Maian Cart ...)
	NOT-FOR-US: Maian Cart
CVE-2008-1074 (PHP remote file inclusion vulnerability in lib/head_auth.php in ...)
	NOT-FOR-US: GROUP-E
CVE-2008-1073 (Cross-site scripting (XSS) vulnerability in the report interface in ...)
	NOT-FOR-US: Internet Security Systems
CVE-2008-1072 (The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affected in conjunction with later libcairo)
	[sarge] - ethereal <not-affected> (Only affected in conjunction with later libcairo)
CVE-2008-1071 (The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.6 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.6 onwards)
CVE-2008-1070 (The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through ...)
	- wireshark 0.99.8-1 (low; bug #469488)
	[etch] - wireshark <not-affected> (Only affects 0.99.5 onwards)
	[sarge] - ethereal <not-affected> (Only affects 0.99.5 onwards)
CVE-2008-1069 (Multiple PHP remote file inclusion vulnerabilities in Quantum Game ...)
	NOT-FOR-US: Quantum Game Library
CVE-2008-1068 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-1067 (Multiple PHP remote file inclusion vulnerabilities in phpQLAdmin 2.2.7 ...)
	- phpqladmin <removed>
CVE-2008-1066 (The modifier.regex_replace.php plugin in Smarty before 2.6.19, as used ...)
	{DSA-1520-1}
	- smarty 2.6.18-1.1 (low; bug #469492)
	- moodle <not-affected> (low; bug #471158)
	- gallery2 2.2.5-2 (low; bug #471160)
	- mahara 0.9.2-2 (low; bug #471201)
	NOTE: Moodle ships Smarty but uses it in only one file, which doesn't use regex_replace
CVE-2008-1065 (Multiple SQL injection vulnerabilities in index.php in the ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1064 (Cross-site scripting (XSS) vulnerability in images.php in the Red ...)
	NOT-FOR-US: rmgs module for XOOPs
CVE-2008-1063 (Cross-site scripting (XSS) vulnerability index.php in the ...)
	NOT-FOR-US: xmmemberstats module for XOOPS
CVE-2008-1062 (InterVideo IMC Server (aka IMCSvr.exe) and InterVideo Home Theater ...)
	NOT-FOR-US: InterVideo IMC Server/InterVideo Home Theater
CVE-2008-1061 (Multiple cross-site scripting (XSS) vulnerabilities in the Sniplets ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1060 (Eval injection vulnerability in modules/execute.php in the Sniplets ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1059 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sniplets plugin for WordPress
CVE-2008-1058 (The tcp_respond function in netinet/tcp_subr.c in OpenBSD 4.1 and 4.2 ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1057 (The ip6_check_rh0hdr function in netinet6/ip6_input.c in OpenBSD 4.2 ...)
	NOT-FOR-US: OpenBSD
CVE-2008-1056 (Multiple stack-based buffer overflows in Symark PowerBroker 2.8 ...)
	NOT-FOR-US: Symark PowerBroker
CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php ...)
	NOT-FOR-US: nukestyles.com addon for PHP-Nuke
CVE-2008-1111 (mod_cgi in lighttpd 1.4.18 sends the source code of CGI scripts ...)
	{DSA-1513-1}
	- lighttpd 1.4.18-4 (low; bug #469307)
CVE-2008-1142 (rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment ...)
	- rxvt 1:2.6.4-13 (unimportant; bug #469296)
CVE-2008-1055 (Format string vulnerability in webmail.exe in NetWin SurgeMail 38k4 ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1054 (Stack-based buffer overflow in the _lib_spawn_user_getpid function in ...)
	NOT-FOR-US: SurgeMail
CVE-2008-1053 (Multiple SQL injection vulnerabilities in the Kose_Yazilari module for ...)
	NOT-FOR-US: Kose_Yazilari module for PHP-Nuke
CVE-2008-1052 (The administration web interface in NetWin SurgeFTP 2.3a2 and earlier ...)
	NOT-FOR-US: SurgeFTP
CVE-2008-1051 (PHP remote file inclusion vulnerability in include/body_comm.inc.php ...)
	NOT-FOR-US: phpProfiles
CVE-2008-1050 (SQL injection vulnerability in index.php in Softbiz Jokes &amp; Funny Pics ...)
	NOT-FOR-US: Softbiz Jokes & Funny Pics Script
CVE-2008-1049 (Unspecified vulnerability in Parallels SiteStudio before 1.7.2, and ...)
	NOT-FOR-US: Parallels SiteStudio
CVE-2008-1048 (Cross-site scripting (XSS) vulnerability in manager/xmedia.php in ...)
	NOT-FOR-US: Plume CMS
CVE-2008-1047 (Cross-site scripting (XSS) vulnerability in tiki-edit_article.php in ...)
	- tikiwiki <removed>
CVE-2008-1046 (PHP remote file inclusion vulnerability in footer.php in Quinsonnas ...)
	NOT-FOR-US: Quinsonnas Mail Checker
CVE-2008-1045 (Cross-site scripting (XSS) vulnerability in the file tree navigation ...)
	NOT-FOR-US: OpenCMS
CVE-2008-1044 (Stack-based buffer overflow in the Quantum Streaming Player (Quantum ...)
	NOT-FOR-US: Quantum Streaming Player
CVE-2008-1043 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1042 (Directory traversal vulnerability in include/body.inc.php in Linux Web ...)
	NOT-FOR-US: Linux Web Shop
CVE-2008-1041 (Cross-site scripting (XSS) vulnerability in mwhois.php in Matt Wilson ...)
	NOT-FOR-US: MWhois
CVE-2008-1040 (Buffer overflow in the Single Sign-On function in Fujitsu Interstage ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2008-1039 (SQL injection vulnerability in question.asp in PORAR WEBBOARD allows ...)
	NOT-FOR-US: PORAR WEBBOARD
CVE-2008-1038 (PHP remote file inclusion vulnerability in mod/mod.extmanager.php in ...)
	NOT-FOR-US: DBHcms
CVE-2008-1037 (Cross-site scripting (XSS) vulnerability in the file listing function ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2008-1036 (The International Components for Unicode (ICU) library in Apple Mac OS ...)
	{DSA-1762-1}
	- icu 4.0.1-1
CVE-2008-1035 (Use-after-free vulnerability in Apple iCal 3.0.1 on Mac OS X allows ...)
	NOT-FOR-US: Apple iCal
CVE-2008-1034 (Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1033 (The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug ...)
	- cups 1.3.7-1
CVE-2008-1032 (Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1031 (CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1030 (Integer overflow in the CFDataReplaceBytes function in the CFData API ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1029
	RESERVED
CVE-2008-1028 (Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1027 (Apple Filing Protocol (AFP) Server in Apple Mac OS X before 10.5.3 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2008-1026 (Integer overflow in the PCRE regular expression compiler ...)
	- webkit 0~svn31841-1
	- qt4-x11 <not-affected> (vulnerable code not present referring to upstream)
	NOTE: for qt, referring to upstream this only applies to optimized code in safari 3.1
	NOTE: branch and qt 4.4 is based on safari 3.0
CVE-2008-1025 (Cross-site scripting (XSS) vulnerability in Apple WebKit, as used in ...)
	- qt4-x11 <not-affected> (QUrl handles URLs and is not vulnerable to this CVE, see bug #479644)
	- webkit 0~svn31841-1 (medium)
CVE-2008-1024 (Apple Safari before 3.1.1, when running on Windows XP or Vista, allows ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1023 (Heap-based buffer overflow in Clip opcode parsing in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1022 (Stack-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1021 (Heap-based buffer overflow in Animation codec content handling in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1020 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1019 (Heap-based buffer overflow in quickTime.qts in Apple QuickTime before ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1018 (Heap-based buffer overflow in Apple QuickTime before 7.4.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1017 (Heap-based buffer overflow in clipping region (aka crgn) atom handling ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1016 (Apple QuickTime before 7.4.5 does not properly handle movie media ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1015 (Buffer overflow in the data reference atom handling in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1014 (Apple QuickTime before 7.4.5 does not properly handle external URLs in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1013 (Apple QuickTime before 7.4.5 enables deserialization of QTJava objects ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-1012 (Unspecified vulnerability in Apple AirPort Extreme Base Station ...)
	NOT-FOR-US: Apple AirPort
CVE-2008-1011 (Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple ...)
	NOTE: As far as I can see this has been addressed in revision 30871.
	NOTE: Please doublecheck.
CVE-2008-1010 (Buffer overflow in WebKit, as used in Apple Safari before 3.1, allows ...)
	NOTE: As far as I can see this has been addressed in revision 31388.
	NOTE: Please doublecheck.
CVE-2008-1009 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1008 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1007 (WebCore, as used in Apple Safari before 3.1, does not enforce the ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1006 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1005 (WebCore, as used in Apple Safari before 3.1, does not properly mask ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1004 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1003 (Cross-site scripting (XSS) vulnerability in WebCore, as used in Apple ...)
	NOT-FOR-US: WebCore (Apple Safari)
CVE-2008-1002 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1 ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1001 (Cross-site scripting (XSS) vulnerability in Apple Safari before 3.1, ...)
	NOT-FOR-US: Apple Safari
CVE-2008-1000 (Directory traversal vulnerability in ContentServer.py in the Wiki ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0999 (Apple Mac OS X 10.5.2 allows user-assisted attackers to cause a denial ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0998 (Unspecified vulnerability in NetCfgTool in the System Configuration ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0997 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0996 (The Printing component in Apple Mac OS X 10.5.2 might save ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0995 (The Printing component in Apple Mac OS X 10.5.2 uses 40-bit RC4 when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0994 (Preview in Apple Mac OS X 10.5.2 uses 40-bit RC4 when saving a PDF ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0993 (Podcast Capture in Podcast Producer for Apple Mac OS X 10.5.2 invokes ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0992 (Array index error in pax in Apple Mac OS X 10.5.2 allows ...)
	- pax <not-affected> (issue specific to Apple's version of pax)
CVE-2008-0991
	RESERVED
CVE-2008-0990 (notifyd in Apple Mac OS X 10.4.11 does not verify that Mach port death ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0989 (Format string vulnerability in mDNSResponderHelper in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0988 (Off-by-one error in the Libsystem strnstr API in libc on Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0987 (Stack-based buffer overflow in Image Raw in Apple Mac OS X 10.5.2, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0986 (Integer overflow in the BMP::readFromStream method in the libsgl.so ...)
	NOT-FOR-US: Google Android
CVE-2008-0985 (Heap-based buffer overflow in the GIF library in the WebKit framework ...)
	NOT-FOR-US: Google Android
CVE-2006-7232 (sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 ...)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.32-1
CVE-2008-0984 (The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as ...)
	{DSA-1543-1 DTSA-116-1}
	- vlc 0.8.6.e-1 (medium; bug #467652)
CVE-2008-6426
	REJECTED
CVE-2008-0982 (Spyce - Python Server Pages (PSP) 2.1.3 allows remote attackers to ...)
	NOT-FOR-US: Spyce
CVE-2008-0981 (Open redirect vulnerability in spyce/examples/redirect.spy in Spyce - ...)
	NOT-FOR-US: Spyce
CVE-2008-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Spyce - Python ...)
	NOT-FOR-US: Spyce
CVE-2008-0979 (Stack consumption vulnerability in Double-Take 5.0.0.2865 and earlier, ...)
	NOT-FOR-US: Double-Take
CVE-2008-0978 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0977 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0976 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0975 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0974 (Double-Take 5.0.0.2865 and earlier, distributed under the HP ...)
	NOT-FOR-US: Double-Take
CVE-2008-0973 (Buffer overflow in Double-Take (aka HP StorageWorks Storage Mirroring) ...)
	NOT-FOR-US: Double-Take
CVE-2008-0972
	RESERVED
CVE-2008-0971 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Barracuda Networks products
CVE-2008-0970
	RESERVED
CVE-2008-0969
	RESERVED
CVE-2008-0968
	RESERVED
CVE-2008-0967 (Untrusted search path vulnerability in vmware-authd in VMware ...)
	- vmware-package <removed> (low; bug #486110)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2008-0966
	RESERVED
CVE-2008-0965 (Multiple format string vulnerabilities in snoop on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0964 (Multiple stack-based buffer overflows in snoop on Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris and OpenSolaris
CVE-2008-0963 (Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0962 (Stack-based buffer overflow in the File System Manager for EMC ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0961 (EMV DiskXtender 6.20.060 has a hard-coded login and password, which ...)
	NOT-FOR-US: EMC DiskXtender
CVE-2008-0960 (SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x ...)
	{DSA-1663-1 DTSA-137-1}
	- net-snmp 5.4.1~dfsg-8.1 (medium; bug #485945)
CVE-2008-0959 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0958 (Multiple stack-based buffer overflows in the Online Media Technologies ...)
	NOT-FOR-US: Online Media Technologies NCTSoft NCTAudioInformation2
CVE-2008-0957 (Multiple stack-based buffer overflows in the PhotoStockPlus Uploader ...)
	NOT-FOR-US: PhotoStockPlus Uploader Tool ActiveX control
CVE-2008-0956 (Multiple stack-based buffer overflows in the BackWeb Lite Install ...)
	NOT-FOR-US: BackWeb Lite Install
CVE-2008-0955 (Stack-based buffer overflow in the Creative Software AutoUpdate Engine ...)
	NOT-FOR-US: CTSUEng.ocx
CVE-2008-0954
	RESERVED
CVE-2008-0953 (The StartApp function in the HPISDataManagerLib.Datamgr ActiveX ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0952 (The AppendStringToFile function in the HPISDataManagerLib.Datamgr ...)
	NOT-FOR-US: ActiveX control
CVE-2008-0951 (Microsoft Windows Vista does not properly enforce the ...)
	NOT-FOR-US: Windows Vista
CVE-2008-0950
	RESERVED
CVE-2008-0949 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) 7.x ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0948 (Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by ...)
	- krb5 1.3-1 (unimportant)
	NOTE: glibc properly defines FD_SETSIZE
CVE-2008-0947 (Buffer overflow in the RPC library used by libgssrpc and kadmind in ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0946 (Directory traversal vulnerability in the IM Server (aka IMserve or ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0945 (Format string vulnerability in the logging function in the IM Server ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0944 (Ipswitch Instant Messaging (IM) 2.0.8.1 and earlier allows remote ...)
	NOT-FOR-US: Ipswitch Instant Messaging
CVE-2008-0943 (Multiple SQL injection vulnerabilities in Eagle Software Aeries ...)
	NOT-FOR-US: Eagle Software Aeries
CVE-2008-0942 (SQL injection vulnerability in GradebookStuScores.asp in Eagle ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0941 (Cross-site scripting (XSS) vulnerability in Eagle Software Aeries ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2008-0940 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2008-0939 (Multiple SQL injection vulnerabilities in wppa.php in the WP Photo ...)
	NOT-FOR-US: WP Photo Album plugin for WordPress
CVE-2008-0938 (Unspecified vulnerability in the dynamic tracing framework (DTrace) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0937 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0936 (SQL injection vulnerability in index.php in the Prayer List ...)
	NOT-FOR-US: XOOPS module
CVE-2008-0935 (Stack-based buffer overflow in the Novell iPrint Control ActiveX ...)
	NOT-FOR-US: Novell iPrint Client
CVE-2008-0934 (SQL injection vulnerability in modules.php in the NukeC 2.1 module for ...)
	NOT-FOR-US: NukeC phpnuke module
CVE-2008-0933 (Multiple race conditions in the CPU Performance Counters (cpc) ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0931 (w_export.c in XWine 1.0.1 on Debian GNU/Linux sets insecure ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0930 (w_editeur.c in XWine 1.0.1 for Debian GNU/Linux allows local users to ...)
	{DSA-1526-1}
	- xwine <removed> (low; bug #468050)
CVE-2008-0929
	REJECTED
CVE-2008-0928 (Qemu 0.9.1 and earlier does not perform range checks for block device ...)
	{DSA-1799-1 DTSA-133-1}
	- qemu 0.9.1+svn20081207-1 (low; bug #469649)
	- xen-unstable 3.2.0-4 (bug #469654)
	- xen-3 3.2.0-4 (bug #469662)
	- xen-3.0 <removed>
	- kvm 63+dfsg-1 (bug #469666)
CVE-2008-0927 (dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0926 (The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0925 (Cross-site scripting (XSS) vulnerability in the iMonitor interface in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0924 (Stack-based buffer overflow in the DoLBURPRequest function in libnldap ...)
	NOT-FOR-US: Novell eDirectory
CVE-2008-0923 (Directory traversal vulnerability in the Shared Folders feature for ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2008-0922 (SQL injection vulnerability in the Manuales 0.1 module for PHP-Nuke ...)
	NOT-FOR-US: Manuales module for PHP-Nuke
CVE-2008-0921 (SQL injection vulnerability in news.php in beContent 0.3.1 allows ...)
	NOT-FOR-US: beContent
CVE-2008-0920 (SQL injection vulnerability in port/modifyportform.php in Open Source ...)
	NOT-FOR-US: OSSIM
CVE-2008-0919 (Cross-site scripting (XSS) vulnerability in session/login.php in Open ...)
	NOT-FOR-US: OSSIM
CVE-2008-0918 (SQL injection vulnerability in includes/count_dl_or_link.inc.php in ...)
	NOT-FOR-US: astatsPRO component for Joomla!
CVE-2008-0917 (Cross-site scripting (XSS) vulnerability in Tor World Tor Search 1.1 ...)
	NOT-FOR-US: TorWorld software
CVE-2008-0916 (SQL injection vulnerability in the Highwood Design hwdVideoShare ...)
	NOT-FOR-US: com_hwdvideoshare component for Joomla!
CVE-2008-0915 (The Mediation server in IPdiva SSL VPN Server 2.2 before 2.2.8.84 and ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0914 (Multiple cross-site scripting (XSS) vulnerabilities in the Mediation ...)
	NOT-FOR-US: IPdiva SSL VPN Server
CVE-2008-0913 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB ...)
	NOT-FOR-US: Invision Power Board
CVE-2008-0912 (Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink ...)
	NOT-FOR-US: Sybase MobiLink
CVE-2008-0911 (SQL injection vulnerability in productdetails.php in iScripts ...)
	NOT-FOR-US: iScripts MultiCart
CVE-2008-0910 (Multiple F-Secure anti-virus products, including Internet Security ...)
	NOT-FOR-US: Internet Security, Anti-Virus, F-Secure Protection Service
CVE-2008-0909 (Cross-site scripting (XSS) vulnerability in browse.asp in Schoolwires ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0908 (SQL injection vulnerability in browse.asp in Schoolwires Academic ...)
	NOT-FOR-US: Schoolwires Academic Portal
CVE-2008-0907 (SQL injection vulnerability in the Inhalt module for PHP-Nuke allows ...)
	NOT-FOR-US: Inhalt module for PHP-Nuke
CVE-2008-0906 (SQL injection vulnerability in the Docum module in PHP-Nuke allows ...)
	NOT-FOR-US: Docum module for PHP-Nuke
CVE-2008-0905 (Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 ...)
	NOT-FOR-US: Globsy
CVE-2008-0904 (Unspecified vulnerability in the download servlet in BEA Plumtree ...)
	NOT-FOR-US: BEA Plumtree Collaboration and AquaLogic Interaction
CVE-2008-0903 (Unspecified vulnerability in the BEA WebLogic Server and Express proxy ...)
	NOT-FOR-US: BEA WebLogic Server and Express proxy plugin
CVE-2008-0902 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0901 (BEA WebLogic Server and Express 7.0 through 10.0 allows remote ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0900 (Session fixation vulnerability in BEA WebLogic Server and Express 8.1 ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0899 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0898 (The distributed queue feature in JMS in BEA WebLogic Server 9.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0897 (Unspecified vulnerability in BEA WebLogic Server 9.0 through 10.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2008-0896 (BEA WebLogic Portal 10.0 and 9.2 through MP1, when an administrator ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2008-0895 (BEA WebLogic Server and WebLogic Express 6.1 through 10.0 allows ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2008-0894 (Apple Safari might allow remote attackers to obtain potentially ...)
	NOT-FOR-US: Apple Safari
CVE-2008-0893 (Red Hat Administration Server, as used by Red Hat Directory Server 8.0 ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0892 (The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat ...)
	NOT-FOR-US: Red Hat Administration Server
CVE-2008-0891 (Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS ...)
	{DTSA-136-1}
	- openssl 0.9.8g-10.1 (bug #483379)
	[etch] - openssl <not-affected> (Vulnerable code (TLS extensions) not present)
CVE-2008-0890 (Red Hat Directory Server 7.1 before SP4 uses insecure permissions for ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0889 (Red Hat Directory Server 8.0, when running on Red Hat Enterprise ...)
	NOT-FOR-US: Red Hat Directory Server
CVE-2008-0888 (The NEEDBITS macro in the inflate_dynamic function in inflate.c for ...)
	{DSA-1522-1}
	- unzip 5.52-11
CVE-2008-0887 (gnome-screensaver before 2.22.1, when a remote authentication server ...)
	- gnome-screensaver 2.22.2-1 (low; bug #475154)
	[etch] - gnome-screensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2008-0886
	REJECTED
CVE-2008-0885
	RESERVED
CVE-2008-0884 (The Replace function in the capp-lspp-config script in the (1) ...)
	NOT-FOR-US: Red Hat Enterprise Linux
	NOTE: Seems Redhat specific
CVE-2008-0882 (Double free vulnerability in the process_browse_data function in CUPS ...)
	{DSA-1530-1 DTSA-117-1}
	- cupsys 1.3.6-1 (medium; bug #467653)
	- cups 1.3.6-1 (medium; bug #467653)
	[sarge] - cupsys <no-dsa> (Remote DoS is minor issue)
CVE-2008-0881 (SQL injection vulnerability in modules.php in the Okul 1.0 module for ...)
	NOT-FOR-US: Okul module for PHP-Nuke
CVE-2008-0880 (SQL injection vulnerability in modules.php in the EasyContent module ...)
	NOT-FOR-US: EasyContent module for PHP-Nuke
CVE-2008-0879 (SQL injection vulnerability in modules.php in the Web_Links module for ...)
	NOT-FOR-US: Web_Links module for PHP-Nuke
CVE-2008-0878 (SQL injection vulnerability in index.php in the MyAnnonces 1.7 and ...)
	NOT-FOR-US: MyAnnonces module for RunCMS
CVE-2008-0877 (Multiple cross-site scripting (XSS) vulnerabilities in Jinzora Media ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2008-0876 (Unspecified vulnerability in the SEWB3 messaging service in Hitachi ...)
	NOT-FOR-US: Hitachi SEWB3
CVE-2008-0875 (Unspecified vulnerability in Hitachi EUR Print Manager, and related ...)
	NOT-FOR-US: Hitachi EUR Print Manager
CVE-2008-0874 (SQL injection vulnerability in index.php in the eEmpregos module for ...)
	NOT-FOR-US: eEmpregos module for XOOPS
CVE-2008-0873 (SQL injection vulnerability in index.php in the jlmZone Classifieds ...)
	NOT-FOR-US: jlmZone Classifieds module for XOOPS
CVE-2008-0872 (Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail ...)
	NOT-FOR-US: SmarterTools SmarterMail Enterprise
CVE-2008-0871 (Multiple stack-based buffer overflows in Now SMS/MMS Gateway ...)
	NOT-FOR-US: Now SMS/MMS Gateway
CVE-2008-0870 (BEA WebLogic Portal 10.0 and 9.2 through Maintenance Pack 2, under ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0869 (Cross-site scripting (XSS) vulnerability in BEA WebLogic Workshop 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0868 (Cross-site scripting (XSS) vulnerability in Groupspace in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0867 (Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0866 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0865 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0864 (Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0863 (BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2008-0862 (IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2008-0861 (Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus ...)
	NOT-FOR-US: IBM Lotus Quickplace
CVE-2008-0860 (Unspecified vulnerability in the AVG plugin in Kerio MailServer before ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0859 (Unspecified vulnerability in Kerio MailServer before 6.5.0 allows ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0858 (Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer ...)
	NOT-FOR-US: Kerio MailServer
CVE-2008-0857 (SQL injection vulnerability in index.php in WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2008-0856 (Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow ...)
	NOT-FOR-US: e-Vision CMS
CVE-2008-0855 (SQL injection vulnerability in the Facile Forms (com_facileforms) ...)
	NOT-FOR-US: com_facileforms component for Joomla! and Mambo
CVE-2008-0854 (SQL injection vulnerability in the com_salesrep component for Joomla! ...)
	NOT-FOR-US: com_salesrep component for Joomla! and Mambo
CVE-2008-0853 (SQL injection vulnerability in the com_detail component for Joomla! ...)
	NOT-FOR-US: com_detail component for Joomla! and Mambo
CVE-2008-0852 (freeSSHd 1.2 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: freeSSHd
CVE-2008-0851 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...)
	- dokeos <itp> (bug #433352)
CVE-2008-0850 (Multiple SQL injection vulnerabilities in Dokeos 1.8.4 allow remote ...)
	- dokeos <itp> (bug #433352)
CVE-2008-0849 (SQL injection vulnerability in index.php in the Downloads ...)
	NOT-FOR-US: com_downloads component for Mambo and Joomla!
CVE-2008-0848 (Cross-site scripting (XSS) vulnerability in lostsheep.php in Crafty ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2008-0847 (SQL injection vulnerability in print.php in the myTopics module for ...)
	NOT-FOR-US: myTopics module for XOOPS
CVE-2008-0846 (SQL injection vulnerability in index.php in the com_profile component ...)
	NOT-FOR-US: com_profile component for Mambo and Joomla!
CVE-2008-0845 (SQL injection vulnerability in wp-people-popup.php in Dean Logan ...)
	NOT-FOR-US: WP-People plugin for WordPress
CVE-2008-0844 (SQL injection vulnerability in index.php in the PccookBook ...)
	NOT-FOR-US: com_pccookbook component for Joomla!
CVE-2008-0843 (StatCounteX 3.0 and 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: StatCounteX
CVE-2008-0842 (SQL injection vulnerability in index.php in the Classifier ...)
	NOT-FOR-US: com_clasifier component for Joomla!
CVE-2008-0841 (SQL injection vulnerability in index.php in the Giorgio Nordo Ricette ...)
	NOT-FOR-US: com_ricette component for Joomla!
CVE-2008-0840 (Directory traversal vulnerability in view_member.php in Public ...)
	NOT-FOR-US: LightBlog
CVE-2008-0839 (SQL injection vulnerability in refer.php in the astatsPRO ...)
	NOT-FOR-US: com_astatspro component for Joomla!
CVE-2008-0838 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Sophos, Email Security Appliance
CVE-2008-0837 (Cross-site scripting (XSS) vulnerability in the log feature in the ...)
	NOT-FOR-US: John Godley Search Unleashed plugin for WordPress
CVE-2008-0836 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0835 (SQL injection vulnerability in indexen.php in Simple CMS 1.0.3 and ...)
	NOT-FOR-US: Simple CMS
CVE-2008-0834 (Cross-site scripting (XSS) vulnerability in Lotus Quickr for i5/OS ...)
	NOT-FOR-US: Lotus Quickr
CVE-2008-0833 (SQL injection vulnerability in index.php in the com_galeria component ...)
	NOT-FOR-US: com_galeria component for Joomla!
CVE-2008-0832 (SQL injection vulnerability in index.php in the Kemas Antonius ...)
	NOT-FOR-US: com_quran component for Mambo and Joomla!
CVE-2008-0831 (Multiple SQL injection vulnerabilities in the Rapid Recipe ...)
	NOT-FOR-US: com_rapidrecipe component for Joomla!
CVE-2008-0830 (The Digital Photo Access Protocol (DPAP) server for iPhoto 4.0.3 ...)
	NOT-FOR-US: DPAP server for iPhoto
CVE-2008-0829 (SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! ...)
	NOT-FOR-US: com_jooget component for Joomla! and Mambo
CVE-2008-0828 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.5 ...)
	NOT-FOR-US: ATutor
CVE-2008-0827 (SQL injection vulnerability in the Books module of PHP-Nuke allows ...)
	NOT-FOR-US: Books module of PHP-Nuke
CVE-2008-0826 (Cross-site scripting (XSS) vulnerability in Claroline before 1.8.9 ...)
	NOT-FOR-US: Claroline
CVE-2008-0825 (SQL injection vulnerability in Claroline before 1.8.9 allows remote ...)
	NOT-FOR-US: Claroline
CVE-2008-0824 (Unspecified vulnerability in the php2phps function in Claroline before ...)
	NOT-FOR-US: Claroline
CVE-2008-0823 (Unspecified vulnerability in the Header Image Module before 5.x-1.1 ...)
	NOT-FOR-US: Header Image Module for Drupal
CVE-2008-0822 (Directory traversal vulnerability in index.php in Scribe 0.2 allows ...)
	NOT-FOR-US: Scribe
CVE-2008-0821 (SQL injection vulnerability in admin/traffic/knowledge_searchm.php in ...)
	NOT-FOR-US: PHP Live!
CVE-2008-0820 (** DISPUTED ** ...)
	NOT-FOR-US: Etomite CMS
CVE-2008-0819 (Directory traversal vulnerability in index.php in PlutoStatus Locator ...)
	NOT-FOR-US: PlutoStatus Locator
CVE-2008-0818 (Multiple directory traversal vulnerabilities in freePHPgallery 0.6 ...)
	NOT-FOR-US: freePHPgallery
CVE-2008-0817 (SQL injection vulnerability in the com_filebase component for Joomla! ...)
	NOT-FOR-US: com_filebase component for Joomla! and Mambo
CVE-2008-0816 (SQL injection vulnerability in the com_sg component for Joomla! and ...)
	NOT-FOR-US: com_sg component for Joomla! and Mambo
CVE-2008-0815 (SQL injection vulnerability in the com_mezun component for Joomla! ...)
	NOT-FOR-US: com_mezun component for Joomla!
CVE-2008-0814 (Directory traversal vulnerability in download.php in Tracking ...)
	NOT-FOR-US: TRUC
CVE-2008-0813 (Directory traversal vulnerability in Download.php in XPWeb 3.0.1, ...)
	NOT-FOR-US: XPWeb
CVE-2008-0812 (Directory traversal vulnerability in DMS/index.php in BanPro DMS 1.0 ...)
	NOT-FOR-US: BanPro DMS
CVE-2008-0811 (Multiple SQL injection vulnerabilities in AuraCMS 1.62 allow remote ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0810 (SQL injection vulnerability in the com_scheduling module for Joomla! ...)
	NOT-FOR-US: com_scheduling module for Joomla! and Mambo
CVE-2008-0805 (Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b ...)
	NOT-FOR-US: PHPizabi
CVE-2008-0804 (PHP remote file inclusion vulnerability in usrgetform.html in Thecus ...)
	NOT-FOR-US: Thecus N5200Pro NAS Server
CVE-2008-0983 (lighttpd 1.4.18, and possibly other versions before 1.5.0, does not ...)
	{DSA-1609-1}
	- lighttpd 1.4.18-2 (medium; bug #466663)
CVE-2008-0883 (acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite ...)
	NOT-FOR-US: Adobe Acrobat Reader
	NOTE: http://www.openwall.com/lists/oss-security/2008/02/21/5
CVE-2008-0803 (Multiple PHP remote file inclusion vulnerabilities in LookStrike Lan ...)
	NOT-FOR-US: LookStrike Lan Manager
CVE-2008-0802 (SQL injection vulnerability in index.php in the MediaSlide ...)
	NOT-FOR-US: Joomla component
CVE-2008-0801 (SQL injection vulnerability in index.php in the PAXXGallery ...)
	NOT-FOR-US: Joomla component
CVE-2008-0800 (SQL injection vulnerability in index.php in the McQuiz (com_mcquiz) ...)
	NOT-FOR-US: Joomla component
CVE-2008-0799 (SQL injection vulnerability in index.php in the Quiz (com_quiz) 0.81 ...)
	NOT-FOR-US: Joomla component
CVE-2008-0798 (Multiple directory traversal vulnerabilities in artmedic webdesign ...)
	NOT-FOR-US: artmedic webdesign
CVE-2008-0797 (Directory traversal vulnerability in lib/download.php in iTheora 1.0 ...)
	NOT-FOR-US: iTheora
CVE-2008-0796 (SQL injection vulnerability in threads.php in Nuboard 0.5 allows ...)
	NOT-FOR-US: Nuboard
CVE-2008-0795 (SQL injection vulnerability in index.php in the MGFi XfaQ (com_xfaq) ...)
	NOT-FOR-US: Joomla component
CVE-2008-0794 (Directory traversal vulnerability in user/header.php in Affiliate ...)
	NOT-FOR-US: Affiliate Market
CVE-2008-0793 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
	NOT-FOR-US: Tendenci CMS
CVE-2008-0792 (Multiple F-Secure anti-virus products, including Internet Security ...)
	NOT-FOR-US: F-Secure
CVE-2008-0791 (ipdsserver.exe in Intermate WinIPDS 3.3 G52-33-021 allows remote ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0790 (Directory traversal vulnerability in ipdsserver.exe in Intermate ...)
	NOT-FOR-US: Intermate WinIPDS
CVE-2008-0789 (SQL injection vulnerability in countdown.php in LI-Scripts ...)
	NOT-FOR-US: LI Countdown
CVE-2008-0788 (Multiple cross-site request forgery (CSRF) vulnerabilities in MyBB ...)
	NOT-FOR-US: MyBB
CVE-2008-0787 (SQL injection vulnerability in inc/datahandlers/pm.php in MyBB before ...)
	NOT-FOR-US: MyBB
CVE-2008-0786 (CRLF injection vulnerability in Cacti 0.8.7 before 0.8.7b and 0.8.6 ...)
	- cacti 0.8.7b-1
	[etch] - cacti <not-affected> (Not exploitable with Etch PHP version)
	NOTE: this is prevented by PHP since 4.4.2/5.1.2.
CVE-2008-0785 (Multiple SQL injection vulnerabilities in Cacti 0.8.7 before 0.8.7b ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
CVE-2008-0784 (graph.php in Cacti 0.8.7 before 0.8.7b and 0.8.6 before 0.8.6k allows ...)
	- cacti 0.8.7b-1 (unimportant)
	NOTE: paths on Debian already known
CVE-2008-0783 (Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 ...)
	{DSA-1569-1}
	- cacti 0.8.7b-1 (low; bug #530919)
	[etch] - cacti 0.8.6i-3.3
CVE-2008-0782 (Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0781 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0780 (Cross-site scripting (XSS) vulnerability in MoinMoin 1.5.x through ...)
	{DSA-1514-1}
	- moin 1.5.8-5.1
CVE-2008-0932 (diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows ...)
	{DSA-1508-1}
	- sword 1.5.9-8 (high; bug #466449)
	NOTE: source package named sword, binary package named diatheke
CVE-2008-0806 (wyrd 1.4.3b allows local users to overwrite arbitrary files via a ...)
	- wyrd 1.4.3b-4 (low; bug #466382)
	[etch] - wyrd <no-dsa> (Minor issue)
CVE-2008-0807 (lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before ...)
	{DSA-1507-1}
	- turba2 2.1.7-1 (bug #464058)
CVE-2008-0779 (The fortimon.sys device driver in Fortinet FortiClient Host Security ...)
	NOT-FOR-US: Fortinet FortiClient 3.0
CVE-2008-0778 (Multiple stack-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: QuickTime
CVE-2008-0777 (The sendfile system call in FreeBSD 5.5 through 7.0 does not check the ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 6.3-3 (bug #483152)
	- kfreebsd-7 7.0-1 (bug #483152)
CVE-2008-0776 (SQL injection vulnerability in detail.php in iTechBids Gold 6.0 allows ...)
	NOT-FOR-US: iTechBids
CVE-2008-0775 (Cross-site scripting (XSS) vulnerability in sboxDB.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0774 (Cross-site scripting (XSS) vulnerability in search.cgi in Loris Hotel ...)
	NOT-FOR-US: Loris Hotel Reservations
CVE-2008-0773 (SQL injection vulnerability in Phil Taylor Comments (com_comments, aka ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0772 (SQL injection vulnerability in index.php in the com_doc component for ...)
	NOT-FOR-US: Mambo plugin
CVE-2008-0771 (Multiple SQL injection vulnerabilities in default.asp in Site2Nite ...)
	NOT-FOR-US: Site2Nite
CVE-2008-0770 (SQL injection vulnerability in arcade.php in ibProArcade 3.3.0 and ...)
	NOT-FOR-US: ibProArcade
CVE-2008-0769 (Cross-site scripting (XSS) vulnerability in Livelink ECM 9.0.0 through ...)
	NOT-FOR-US: Livelink
CVE-2008-0768 (Multiple stack-based and heap-based buffer overflows in the Windows ...)
	NOT-FOR-US: IBM Informix
CVE-2008-0767 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0766 (Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print ...)
	NOT-FOR-US: Brooks Remote Print Manager
CVE-2008-0765 (Multiple cross-site scripting (XSS) vulnerabilities in artmedic ...)
	NOT-FOR-US: artmedic
CVE-2008-0764 (Format string vulnerability in the logging function in Larson Network ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0763 (Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print ...)
	NOT-FOR-US: Larson Network Print Server
CVE-2008-0762 (SQL injection vulnerability in index.php in the com_iomezun component ...)
	NOT-FOR-US: com_iomezun component for Joomla!
CVE-2008-0761 (SQL injection vulnerability in index.php in the Prince Clan Chess Club ...)
	NOT-FOR-US: Prince Clan Chess Club component for Joomla!
CVE-2008-0760 (Directory traversal vulnerability in SafeNet Sentinel Protection ...)
	NOT-FOR-US: SafeNet Sentinel Protection Server
CVE-2008-0759 (ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0758 (Multiple directory traversal vulnerabilities in the Zidget/HTTP ...)
	NOT-FOR-US: ExtremeZ-IP
CVE-2008-0757 (Cross-site scripting (XSS) vulnerability in index.php in MercuryBoard ...)
	NOT-FOR-US: MercuryBoard
CVE-2008-0756 (The LPD server in cyan soft Opium OPI Server 4.10.1028 and earlier; ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0755 (Format string vulnerability in the ReportSysLogEvent function in the ...)
	NOT-FOR-US: cyan soft Opium OPI software
CVE-2008-0754 (Multiple SQL injection vulnerabilities in index.php in the Rapid ...)
	NOT-FOR-US: Rapid Recipe component for Joomla!
CVE-2008-0753 (SQL injection vulnerability in calendar.php in Virtual War (VWar) 1.5 ...)
	NOT-FOR-US: Virtual War
CVE-2008-0752 (SQL injection vulnerability in index.php in the Neogallery ...)
	NOT-FOR-US: Neogallery component for Joomla!
CVE-2008-0751 (Cross-site scripting (XSS) vulnerability in the Freetag before 2.96 ...)
	NOT-FOR-US: Spartacus plugin (freetag) for serendipity
CVE-2008-0750 (SQL injection vulnerability in philboard_forum.asp in Husrev ...)
	NOT-FOR-US: Husrev BlackBoard
CVE-2008-0749 (Cross-site scripting (XSS) vulnerability in index.php in Calimero.CMS ...)
	NOT-FOR-US: Calimero.CMS
CVE-2008-0748 (Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX ...)
	NOT-FOR-US: Sony ImageStation
CVE-2008-0747 (Stack-based buffer overflow in COWON America jetAudio 7.0.5 and ...)
	NOT-FOR-US: COWON America jetAudio
CVE-2008-0746 (SQL injection vulnerability in index.php in the Gallery (com_gallery) ...)
	NOT-FOR-US: Gallery component for Mambo and Joomla!
CVE-2008-0745 (Directory traversal vulnerability in aides/index.php in DomPHP 0.82 ...)
	NOT-FOR-US: DomPHP
CVE-2008-0744 (SQL injection vulnerability in user_login.asp in PreProjects.com Pre ...)
	NOT-FOR-US: Pre Hotels & Resorts Management System
CVE-2008-0743 (PHP remote file inclusion vulnerability in members_help.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2008-0742 (Multiple directory traversal vulnerabilities in PowerScripts PowerNews ...)
	NOT-FOR-US: PowerNews
CVE-2008-0741 (Unspecified vulnerability in the PropFilePasswordEncoder utility in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0740 (IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0739 (SQL injection vulnerability in admin/SA_shipFedExMeter.asp in ...)
	NOT-FOR-US: CandyPress
CVE-2008-0738 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...)
	NOT-FOR-US: CandyPress
CVE-2008-0737 (SQL injection vulnerability in admin/utilities_ConfigHelp.asp in ...)
	NOT-FOR-US: CandyPress
CVE-2008-0736 (admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and possibly ...)
	NOT-FOR-US: CandyPress
CVE-2008-0735 (SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0734 (SQL injection vulnerability in class_auth.php in Limbo CMS 1.0.4.2, ...)
	NOT-FOR-US: Limbo CMS
CVE-2008-0733 (SQL injection vulnerability in index.php in CS Team Counter Strike ...)
	NOT-FOR-US: CS Team Counter Strike Portals
CVE-2007-6701 (Multiple stack-based buffer overflows in the Spooler service ...)
	NOT-FOR-US: Novell Client
CVE-2006-7231 (SQL injection vulnerability in display.asp in Civica Software Civica ...)
	NOT-FOR-US: Civica Software Civica
CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...)
	NOT-FOR-US: Windows
CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...)
	NOT-FOR-US: Bajie Http Web Server
CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...)
	NOT-FOR-US: phpWebFileManager
CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...)
	NOT-FOR-US: PlanetMoon Guestbook
CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...)
	NOT-FOR-US: WF-Chat
CVE-2008-0732 (The init script for Apache Geronimo on SUSE Linux follows symlinks ...)
	NOT-FOR-US: Apache Geronimo
CVE-2008-0731 (The Linux kernel before 2.6.18.8-0.8 in SUSE openSUSE 10.2 does not ...)
	NOT-FOR-US: SuSE kernel/apparmor
CVE-2008-0730 (The (1) Simplified Chinese, (2) Traditional Chinese, (3) Korean, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0729 (Mobile Safari on Apple iPhone 1.1.2 and 1.1.3 allows remote attackers ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0728 (The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...)
	- clamav 0.92.1~dfsg-1
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2008-0727 (Multiple buffer overflows in oninit.exe in IBM Informix Dynamic Server ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0726 (Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0725 (Multiple heap-based buffer overflows in the (1) FTP service and (2) ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0724 (The Everything Development Engine in The Everything Development System ...)
	NOT-FOR-US: The Everything Development System
CVE-2008-0723 (Cross-site scripting (XSS) vulnerability in mynews.inc.php in MyNews ...)
	NOT-FOR-US: MyNews
CVE-2008-0722 (Cross-site scripting (XSS) vulnerability in index.php in Pagetool ...)
	NOT-FOR-US: Pagetool
CVE-2008-0721 (SQL injection vulnerability in index.php in the Sermon (com_sermon) ...)
	NOT-FOR-US: Sermon component for Mambo
CVE-2008-0720 (Cross-site scripting (XSS) vulnerability in Webmin 1.370 and 1.390 and ...)
	- webmin <removed>
CVE-2008-0719 (SQL injection vulnerability in customer_testimonials.php in the ...)
	NOT-FOR-US: osCommerce Online Merchant
CVE-2008-0718 (Unspecified vulnerability in the USB Mouse STREAMS module (usbms) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0717 (Cross-site scripting (XSS) vulnerability in Caching Proxy (CP) 5.1 ...)
	NOT-FOR-US: IBM WebSphere Edge Server
CVE-2008-0716 (The agent in Symantec Altiris Notification Server before 6.0 SP3 R7 ...)
	NOT-FOR-US: Symantec Altiris Notification Server
CVE-2008-0715 (Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows ...)
	NOT-FOR-US: ACDSee
CVE-2008-0714 (SQL injection vulnerability in users.php in Mihalism Multi Host allows ...)
	NOT-FOR-US: Mihalism Multi Host
CVE-2008-0713 (Unspecified vulnerability in the FTP server for HP-UX B.11.11, ...)
	NOT-FOR-US: HP-UX B
CVE-2008-0712 (Unspecified vulnerability in the HP HPeDiag (aka eSupportDiagnostics) ...)
	NOT-FOR-US: HP HPeDiag
CVE-2008-0711 (Unspecified vulnerability in the embedded management console in HP ...)
	NOT-FOR-US: HP iLO-2 management processors
CVE-2008-0710
	REJECTED
CVE-2008-0709 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0708 (HP USB 2.0 Floppy Drive Key product options (1) 442084-B21 and (2) ...)
	NOT-FOR-US: HP USB 2.0 Floppy Drive Key
CVE-2008-0707 (HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2008-0706 (Unspecified vulnerability in the BIOS F.26 and earlier for the HP ...)
	NOT-FOR-US: BIOS F.26
CVE-2008-0705
	REJECTED
CVE-2008-0704 (Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP ...)
	NOT-FOR-US: HP OpenVMS
CVE-2008-0703 (Multiple directory traversal vulnerabilities in sflog! 0.96 allow ...)
	NOT-FOR-US: sflog!
CVE-2008-0702 (Multiple heap-based buffer overflows in Titan FTP Server 6.03 and ...)
	NOT-FOR-US: Titan FTP Server
CVE-2008-0701 (ActivationHandler in Magnolia CE 3.5.x before 3.5.4 does not check ...)
	NOT-FOR-US: Magnolia CE
CVE-2008-0700 (Cross-site scripting (XSS) vulnerability in search.php in Crux ...)
	NOT-FOR-US: CruxCMS
CVE-2008-0699 (Unspecified vulnerability in the ADMIN_SP_C procedure ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0698 (Buffer overflow in the DAS server in IBM DB2 UDB before 8.2 Fixpak 16 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0697 (Unspecified vulnerability in DB2PD in IBM DB2 UDB before 8.2 Fixpak 16 ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0696 (IBM DB2 UDB before 8.2 Fixpak 16 does not properly check authorization ...)
	NOT-FOR-US: IBM DB2
CVE-2008-0695 (SQL injection vulnerability in index.php in BookmarkX script 2007 ...)
	NOT-FOR-US: BookmarkX
CVE-2008-0694 (Cross-site scripting (XSS) vulnerability in the HTTP Server in IBM ...)
	NOT-FOR-US: IBM OS/400 V5R3M0 and V5R4M0
CVE-2008-0693 (Stack-based buffer overflow in PQCore.exe in Print Manager Plus 2008 ...)
	NOT-FOR-US: Print Manager Plus
CVE-2008-0692 (SQL injection vulnerability in bidhistory.php in iTechBids 3 Gold and ...)
	NOT-FOR-US: iTechBids
CVE-2008-0691 (Multiple cross-site scripting (XSS) vulnerabilities in admin_panel.php ...)
	NOT-FOR-US: WP-Footnotes plugin for WordPress
CVE-2008-0690 (SQL injection vulnerability in index.php in the mosDirectory ...)
	NOT-FOR-US: mosDirectory component for Joomla!
CVE-2008-0689 (SQL injection vulnerability in index.php in the Marketplace ...)
	NOT-FOR-US: Marketplace component for Joomla!
CVE-2008-0688 (Cross-site scripting (XSS) vulnerability in catalog.php in Smartscript ...)
	NOT-FOR-US: Smartscript Domain Trader
CVE-2008-0687 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Youtube Clone Script
CVE-2008-0686 (SQL injection vulnerability in index.php in the NeoReferences ...)
	NOT-FOR-US: NeoReferences component for Joomla!
CVE-2008-0685 (SQL injection vulnerability in ViewCat.php in iTechClassifieds 3.0 ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0684 (Cross-site scripting (XSS) vulnerability in ViewCat.php in ...)
	NOT-FOR-US: iTechClassifieds
CVE-2008-0683 (SQL injection vulnerability in shiftthis-preview.php in the ShiftThis ...)
	NOT-FOR-US: st_newsletter plugin for WordPress
CVE-2008-0682 (SQL injection vulnerability in wordspew-rss.php in the Wordspew plugin ...)
	NOT-FOR-US: Wordspew plugin for Wordpress
CVE-2008-0681 (SQL injection vulnerability in index.php in PHPShop 0.8.1 allows ...)
	NOT-FOR-US: PHPShop
CVE-2008-0680 (SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: MicroTik RouterOS
CVE-2008-0679 (Cross-site scripting (XSS) vulnerability in index.php in BlogPHP 2.0 ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0678 (SQL injection vulnerability in index.php in BlogPHP 2.0 allows remote ...)
	NOT-FOR-US: BlogPHP
CVE-2008-0677 (SQL injection vulnerability in blog.php in A-Blog 2 allows remote ...)
	NOT-FOR-US: A-Blog
CVE-2008-0676 (Cross-site scripting (XSS) vulnerability in search.php in A-Blog 2 ...)
	NOT-FOR-US: A-Blog
CVE-2008-0675 (SQL injection vulnerability in cms/index.pl in The Everything ...)
	NOT-FOR-US: Everything Development System
CVE-2008-0674 (Buffer overflow in PCRE before 7.6 allows remote attackers to execute ...)
	{DSA-1499-1 DTSA-115-1}
	- pcre3 7.6-1 (medium)
	- php5 <not-affected> (Uses sytem copy)
CVE-2008-0673 (TinTin++ 1.97.9 and WinTin++ 1.97.9 open files on the basis of an ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0672 (The process_chat_input function in TinTin++ 1.97.9 and WinTin++ 1.97.9 ...)
	- tintin++ 1.97.9-2 (low; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0671 (Stack-based buffer overflow in the add_line_buffer function in ...)
	- tintin++ 1.97.9-2 (medium; bug #465643)
	[etch] - tintin++ <no-dsa> (Minor issue)
CVE-2008-0670 (SQL injection vulnerability in index.php in the Noticias ...)
	NOT-FOR-US: Noticias component for Joomla!
CVE-2008-0669 (Cross-site scripting (XSS) vulnerability in search.cgi in Sift Unity ...)
	NOT-FOR-US: Sift Unity
CVE-2008-0668 (The excel_read_HLINK function in plugins/excel/ms-excel-read.c in ...)
	{DSA-1546-1}
	- gnumeric 1.8.1-1 (medium)
CVE-2008-0667 (The DOC.print function in the Adobe JavaScript API, as used by Adobe ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2008-0663 (Novell Challenge Response Client (LCM) 2.7.5 and earlier, as used with ...)
	NOT-FOR-US: Novell Challenge Response Client
CVE-2008-0662 (The Auto Local Logon feature in Check Point VPN-1 ...)
	NOT-FOR-US: SecuRemote/SecureClient NGX R60 and R56
CVE-2008-0661 (Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote ...)
	NOT-FOR-US: dBpowerAMP Audio Player
CVE-2008-0660 (Multiple stack-based buffer overflows in Aurigma Image Uploader ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0659 (Stack-based buffer overflow in Aurigma Image Uploader ActiveX control ...)
	NOT-FOR-US: Aurigma Image Uploader
CVE-2008-0658 (slapd/back-bdb/modrdn.c in the BDB backend for slapd in OpenLDAP ...)
	{DSA-1541-1}
	- openldap2.3 2.4.7-6.1 (low; bug #465875)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built from this version)
	NOTE: only authenticated users can exploit this
CVE-2008-0657 (Multiple unspecified vulnerabilities in the Java Runtime Environment ...)
	- sun-java6 6-02-1
	- sun-java5 1.5.0-14-1
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2008-0656 (Unrestricted file upload vulnerability in dmclTrace.jsp in EMC ...)
	NOT-FOR-US: Documentum Administrator and Webtop
CVE-2008-0655 (Multiple unspecified vulnerabilities in Adobe Reader and Acrobat ...)
	NOT-FOR-US: Adobe Reader
CVE-2008-0654 (Multiple directory traversal vulnerabilities in Azucar CMS 1.3 allow ...)
	NOT-FOR-US: Azucar CMS
CVE-2008-0653 (SQL injection vulnerability in index.php in the Ynews (com_ynews) ...)
	NOT-FOR-US: Ynews component for Joomla!
CVE-2008-0652 (SQL injection vulnerability in index.php in the Downloads ...)
	NOT-FOR-US: Downloads for Mambo and Joomla!
CVE-2008-0651 (SQL injection vulnerability in login.php in Pedro Santana Codice CMS ...)
	NOT-FOR-US: Pedro Santana Codice CMS
CVE-2008-0650 (SQL injection vulnerability in login.php in Simple OS CMS 0.1c beta ...)
	NOT-FOR-US: Simple OS CMS
CVE-2008-0649 (SQL injection vulnerability in detail.php in Astanda Directory Project ...)
	NOT-FOR-US: Astanda Directory Project
CVE-2008-0648 (Multiple PHP remote file inclusion vulnerabilities in OpenSiteAdmin ...)
	NOT-FOR-US: OpenSiteAdmin
CVE-2008-0647 (Multiple stack-based buffer overflows in the ...)
	NOT-FOR-US: Ourgame GLWorld
CVE-2008-0646 (The bdecode_recursive function in include/libtorrent/bencode.hpp in ...)
	- deluge-torrent 0.5.8.3-1 (bug #463357)
CVE-2008-0645 (Multiple PHP remote file inclusion vulnerabilities in Portail Web Php ...)
	NOT-FOR-US: Portail Web Php
CVE-2008-0644 (Adobe ColdFusion MX 7 and ColdFusion 8 allows remote attackers to ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0643 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 and ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2008-0642 (Cross-site scripting (XSS) vulnerability in files created by Adobe ...)
	NOT-FOR-US: Adobe
CVE-2008-0808 (Cross-site scripting (XSS) vulnerability in the meta plugin in Ikiwiki ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0809 (Cross-site scripting (XSS) vulnerability in the htmlscrubber in ...)
	{DSA-1523-1}
	- ikiwiki 2.31.1 (low; bug #465110)
CVE-2008-0641
	RESERVED
CVE-2008-0640 (Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 ...)
	NOT-FOR-US: Symantec Ghost Solution Suite
CVE-2008-0639 (Stack-based buffer overflow in the EnumPrinters function in the ...)
	NOT-FOR-US: Novell Client
CVE-2008-0638 (Heap-based buffer overflow in the Veritas Enterprise Administrator ...)
	NOT-FOR-US: Veritas Enterprise Administrator service
CVE-2008-0637
	RESERVED
CVE-2008-0636 (Level Platforms, Inc. (LPI) Managed Workplace Service Center 4.x, 5.x ...)
	NOT-FOR-US: Managed Workplace Service Center
CVE-2008-0635 (Unspecified vulnerability in the delivery engine in Openads 2.4.0 ...)
	NOT-FOR-US: Openads
CVE-2008-0634 (Buffer overflow in the NamoInstaller.NamoInstall.1 ActiveX control in ...)
	NOT-FOR-US: NamoInstaller
CVE-2008-0633 (Buffer overflow in Anon Proxy Server 0.102 and earlier, when user ...)
	NOT-FOR-US: Anon Proxy Server
	NOTE: this is not anon-proxy
CVE-2008-0632 (Unrestricted file upload vulnerability in cp_upload_image.php in ...)
	NOT-FOR-US: LightBlog
CVE-2008-0631 (Multiple ActiveX controls in MailBee.dll in MailBee Objects 5.5 allow ...)
	NOT-FOR-US: MailBee Objects
CVE-2008-0630 (Buffer overflow in url.c in MPlayer 1.0rc2 and SVN before r25823 ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464532)
CVE-2008-0629 (Buffer overflow in stream_cddb.c in MPlayer 1.0rc2 and SVN before ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (medium; bug #464533)
CVE-2008-0628 (The XML parsing code in Sun Java Runtime Environment JDK and JRE 6 ...)
	- sun-java6 6-04-1
	- sun-java5 <not-affected> (referring to sun this vulnerability is not present in java5)
CVE-2008-0627
	REJECTED
CVE-2008-0626
	REJECTED
CVE-2008-0625 (Buffer overflow in the MediaGrid ActiveX control (mediagrid.dll) in ...)
	NOT-FOR-US: Yahoo! Music Jukebox
CVE-2008-0624 (Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0623 (Stack-based buffer overflow in the YMP Datagrid ActiveX control ...)
	NOT-FOR-US: Yahoo! JukeBox
CVE-2008-0622 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD 2.0.19 and ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2008-0621 (Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 ...)
	NOT-FOR-US: SAP GUI
CVE-2008-0620 (SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before ...)
	NOT-FOR-US: SAPSprint
CVE-2008-0619 (Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 ...)
	NOT-FOR-US: Nero Media Player
CVE-2008-0618 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0617 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0616 (SQL injection vulnerability in the administration panel in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0615 (Directory traversal vulnerability in wp-admin/admin.php in the ...)
	NOT-FOR-US: DMSGuestbook for wordpress
CVE-2008-0614 (SQL injection vulnerability in index.php in Photokorn Gallery 1.543 ...)
	NOT-FOR-US: Photokorn Gallery
CVE-2008-0613 (Open redirect vulnerability in htdocs/user.php in XOOPS 2.0.18 allows ...)
	NOT-FOR-US: XOOPS
CVE-2008-0612 (Directory traversal vulnerability in htdocs/install/index.php in XOOPS ...)
	NOT-FOR-US: XOOPS
CVE-2008-0611 (SQL injection vulnerability in rmgs/images.php in the RMSOFT Gallery ...)
	NOT-FOR-US: RMSOFT Gallery module for XOOPS
CVE-2008-0610 (Stack-based buffer overflow in the ...)
	NOT-FOR-US: UltraVNC
CVE-2008-0609 (Directory traversal vulnerability in index.php in DivideConcept VHD ...)
	NOT-FOR-US: Web Pack 2.0
CVE-2008-0608 (The Logging Server (ftplogsrv.exe) 7.9.14.0 and earlier in IPSwitch ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2008-0607 (SQL injection vulnerability in index.php in the Sigsiu Online Business ...)
	NOT-FOR-US: Sigsiu Online Business Index 2 component for Joomla! and Mambo
CVE-2008-0606 (SQL injection vulnerability in index.php in the Shambo2 (com_shambo2) ...)
	NOT-FOR-US: Shambo2 component for Mambo and Joomla!
CVE-2008-0605 (Multiple cross-site scripting (XSS) vulnerabilities in AstroSoft ...)
	NOT-FOR-US: AstroSoft HelpDesk
CVE-2008-0604 (The LDAP authentication feature in XLight FTP Server before 2.83, when ...)
	NOT-FOR-US: XLight FTP Server
CVE-2008-0603 (SQL injection vulnerability in index.php in the amazOOP Awesom! ...)
	NOT-FOR-US: amazOOP Awesom! component for Mambo and Joomla!
CVE-2008-0602 (Directory traversal vulnerability in index.php in All Club CMS (ACCMS) ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0601 (SQL injection vulnerability in index.php in All Club CMS (ACCMS) ...)
	NOT-FOR-US: All Club CMS (ACCMS)
CVE-2008-0600 (The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 ...)
	{DSA-1494-1 DTSA-113-1}
	- linux-2.6 2.6.24-4 (high)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
CVE-2008-0599 (The init_request_info function in sapi/cgi/cgi_main.c in PHP before ...)
	{DTSA-135-1}
	- php5 5.2.6-1
	[etch] - php5 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
	[etch] - php4 <not-affected> (Vulnerable code not yet present, introduced in 5.2.3)
CVE-2008-0598 (Unspecified vulnerability in the 32-bit and 64-bit emulation in the ...)
	{DSA-1630-1}
	- linux-2.6 2.6.26-4 (bug #490910)
	- linux-2.6.24 2.6.24-6~etchnhalf.4
CVE-2008-0597 (Use-after-free vulnerability in CUPS before 1.1.22, and possibly other ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: (mimeDeleteType included since 1.2.x
	NOTE: according to maintainer, applies to 1.1.x series only. exact fixed
	NOTE: version in 1.1 unknown but irrelevant. cups package never had 1.1
	NOTE: versions in Debian.
CVE-2008-0596 (Memory leak in CUPS before 1.1.22, and possibly other versions, allows ...)
	- cupsys 1.2.1-1
	- cups <not-affected> (Vulnerable code not present)
	NOTE: see CVE-2008-0597
CVE-2008-0595 (dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes ...)
	{DSA-1599-1}
	- dbus 1.1.20-1
CVE-2008-0594 (Mozilla Firefox before 2.0.0.12 does not always display a web forgery ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0593 (Gecko-based browsers, including Mozilla Firefox before 2.0.0.12 and ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0592 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0591 (Mozilla Firefox before 2.0.0.12 and Thunderbird before 2.0.0.12 does ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.9-1
	- icedove 2.0.0.12-1
CVE-2008-0590 (Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows ...)
	NOT-FOR-US: WS_FTP Server with SSH
CVE-2008-0589 (The ps program in bos.rte.control in IBM AIX 5.2, 5.3, and 6.1 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0588 (Buffer overflow in the utape program in devices.scsi.tape.diag in IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0587 (Buffer overflow in the uspchrp program in devices.chrp.base.diag in ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0586 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users to ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0585 (sysmgt.websm.webaccess in IBM AIX 5.2 and 5.3 has world writable ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0584 (Multiple buffer overflows in bos.rte.control in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0583 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
	NOT-FOR-US: Skype
CVE-2008-0582 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
	NOT-FOR-US: Skype
CVE-2008-0581 (Geert Moernaut LSrunasE allows local users to gain privileges by ...)
	NOT-FOR-US: LSrunasE
CVE-2008-0580 (Geert Moernaut LSrunasE and Supercrypt use an encryption key composed ...)
	NOT-FOR-US: LSrunasE and Supercrypt
CVE-2008-0579 (SQL injection vulnerability in index.php in the buslicense ...)
	NOT-FOR-US: buslicense component for Joomla!
CVE-2008-0578 (Cross-site scripting (XSS) vulnerability in the web management login ...)
	NOT-FOR-US: Tripwire Enterprise/Server Management Web Interface
CVE-2008-0577 (The Project Issue Tracking module 5.x-2.x-dev before 20080130 in the ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0576 (Cross-site scripting (XSS) vulnerability in the Project Issue Tracking ...)
	NOT-FOR-US: Project Issue Tracking module for Drupal
CVE-2008-0575 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: webSPELL
CVE-2008-0574 (Cross-site scripting (XSS) vulnerability in index.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2008-0573 (IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote ...)
	NOT-FOR-US: SafeNET HighAssurance Remote and SoftRemote
CVE-2008-0572 (Multiple PHP remote file inclusion vulnerabilities in Mindmeld ...)
	NOT-FOR-US: Mindmeld
CVE-2008-0571 (The point moderation form in the Userpoints 4.7.x before 4.7.x-2.3, ...)
	NOT-FOR-US: Userpoints module for Drupal
CVE-2008-0570 (The OpenID 5.x-1.0 and earlier module for Drupal does not properly ...)
	NOT-FOR-US: OpenID module for Drupal
CVE-2008-0569 (The Comment Upload 4.7.x before 4.7.x-0.1 and 5.x before 5.x-0.1 ...)
	NOT-FOR-US: Comment upload module for Drupal
CVE-2008-0568 (Unspecified vulnerability in the IP-authentication feature in the ...)
	NOT-FOR-US: Secure Site module for Drupal
CVE-2008-0567 (Multiple PHP remote file inclusion vulnerabilities in ChronoEngine ...)
	NOT-FOR-US: ChronoEngine ChronoForms component for Joomla!
CVE-2008-0566 (PHP remote file inclusion vulnerability in includes/smarty.php in ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0565 (SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 ...)
	NOT-FOR-US: DeltaScripts PHP Links
CVE-2008-0563 (Cross-site request forgery (CSRF) vulnerability in ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0562 (SQL injection vulnerability in index.php in the Restaurant ...)
	NOT-FOR-US: Restaurant component for Mambo and Joomla!
CVE-2008-0561 (SQL injection vulnerability in index.php in the Arthur Konze ...)
	NOT-FOR-US: AkoGallery component for Mambo and Joomla!
CVE-2008-0560 (** DISPUTED ** ...)
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0559 (Multiple directory traversal vulnerabilities in Nilson's Blogger 0.11 ...)
	NOT-FOR-US: cforms wordpress plugin
CVE-2008-0558 (Cross-site scripting (XSS) vulnerability in Uniwin eCart Professional ...)
	NOT-FOR-US: Uniwin eCart Professiona
CVE-2008-0557 (SQL injection vulnerability in index.php in the CatalogShop ...)
	NOT-FOR-US: CatalogShop componenent for Mambo and Joomla!
CVE-2008-0556 (Cross-site request forgery (CSRF) vulnerability in OpenCA PKI 0.9.2.5, ...)
	NOT-FOR-US: OpenCA PKI Project
CVE-2008-0555 (The ExpandCert function in Apache-SSL before apache_1.3.41+ssl_1.59 ...)
	- apache <removed>
	[etch] - apache <no-dsa> (only exploitable in very specific setups)
	NOTE: Only affects the apache-ssl package, not apache or apache-perl.
	NOTE: Only relevant if the attacker can get a CA that is trusted by the server
	NOTE: to sign client certs with arbitrary CN, but cannot influence the contents
	NOTE: of the other DN fields.
	NOTE: OTOH, the configuration used in Debian's apache-ssl 1.55 (per-dir
	NOTE: ssl-renegotiation switched off), has obviously not been tested by upstream
	NOTE: with 1.59 (it doesn't even compile).
	NOTE: Also, upstream's fix breaks API/ABI compatibility in some corner cases.
	NOTE: While these cases are not really supported by Debian, all in all the low
	NOTE: severity of the issue is not in proportion to the risk of breaking something
	NOTE: with the fix.
CVE-2008-0552 (Cross-site scripting (XSS) vulnerability in index.php in eTicket ...)
	NOT-FOR-US: eTicket
CVE-2008-0551 (The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll ...)
	NOT-FOR-US: Namo Web Editor
CVE-2008-0550 (Off-by-one error in Steamcast 0.9.75 and earlier allows remote ...)
	NOT-FOR-US: Steamcast
CVE-2008-0549 (Integer overflow in the OggHeaderParse function in Steamcast 0.9.75 ...)
	NOT-FOR-US: Steamcast
CVE-2008-0548 (Steamcast 0.9.75 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Steamcast
CVE-2008-0547 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: CandyPress
CVE-2008-0546 (Multiple SQL injection vulnerabilities in CandyPress (CP) 4.1.1.26, ...)
	NOT-FOR-US: CandyPress
CVE-2008-0545 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0543 (Multiple SQL injection vulnerabilities in Pre Dynamic Institution ...)
	NOT-FOR-US: Pre Dynamic Institution
CVE-2008-0542 (Directory traversal vulnerability in thumbnail.php in Gerd Tentler ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0541 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php in ...)
	NOT-FOR-US: Simple Forum
CVE-2008-0540 (Multiple cross-site scripting (XSS) vulnerabilities in trixbox 2.4.2.0 ...)
	NOT-FOR-US: trixbox
CVE-2008-0539 (Cross-site scripting (XSS) vulnerability in dms/policy/rep_request.php ...)
	NOT-FOR-US: F5 BIG-IP Application Security Manager
CVE-2008-0538 (Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow ...)
	NOT-FOR-US: phpIP Management
CVE-2008-0537 (Unspecified vulnerability in the Supervisor Engine 32 (Sup32), ...)
	NOT-FOR-US: Cisco
CVE-2008-0536 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...)
	NOT-FOR-US: Cisco
CVE-2008-0535 (Unspecified vulnerability in the SSH server in (1) Cisco Service ...)
	NOT-FOR-US: Cisco
CVE-2008-0534 (The SSH server in (1) Cisco Service Control Engine (SCE) before 3.1.6, ...)
	NOT-FOR-US: Cisco
CVE-2008-0533 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0532 (Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in ...)
	NOT-FOR-US: Cisco ACS
CVE-2008-0531 (Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, ...)
	NOT-FOR-US: Cisco
CVE-2008-0530 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0529 (Buffer overflow in the telnet server in Cisco Unified IP Phone 7906G, ...)
	NOT-FOR-US: Cisco
CVE-2008-0528 (Buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G ...)
	NOT-FOR-US: Cisco
CVE-2008-0527 (The HTTP server in Cisco Unified IP Phone 7935 and 7936 running SCCP ...)
	NOT-FOR-US: Cisco
CVE-2008-0526 (Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SCCP ...)
	NOT-FOR-US: Cisco
CVE-2008-0525 (PatchLink Update client for Unix, as used by Novell ZENworks Patch ...)
	NOT-FOR-US: PatchLink Update client for Unix
CVE-2008-0524 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: Yamaha router firmware
CVE-2008-0523 (Multiple cross-site scripting (XSS) vulnerabilities in SoftCart.exe in ...)
	NOT-FOR-US: SoftCart
CVE-2008-0522 (Cross-site scripting (XSS) vulnerability in multiple Hal Networks ...)
	NOT-FOR-US: Hal Networks shopping-cart products
CVE-2008-0521 (Multiple directory traversal vulnerabilities in Bubbling Library 1.32 ...)
	NOT-FOR-US: Bubbling Library
CVE-2008-0520 (Multiple SQL injection vulnerabilities in main.php in the WassUp ...)
	NOT-FOR-US: WassUp plugin for WordPress
CVE-2008-0519 (SQL injection vulnerability in index.php in the Atapin Jokes ...)
	NOT-FOR-US: Atapin Jokes component for Mambo and Joomla!
CVE-2008-0518 (SQL injection vulnerability in index.php in the Recipes (com_recipes) ...)
	NOT-FOR-US: Recipes component for Mambo and Joomla!
CVE-2008-0517 (SQL injection vulnerability in index.php in the Darko Selesi ...)
	NOT-FOR-US: EstateAgent component for Mambo and Joomla!
CVE-2008-0516 (PHP remote file inclusion vulnerability in spaw/dialogs/confirm.php in ...)
	NOT-FOR-US: SQLiteManager
CVE-2008-0515 (SQL injection vulnerability in index.php in the musepoes ...)
	NOT-FOR-US: musepoes component for Mambo and Joomla!
CVE-2008-0514 (SQL injection vulnerability in index.php in the Glossary ...)
	NOT-FOR-US: Glossary component for Mambo and Joomla!
CVE-2008-0513 (Directory traversal vulnerability in ...)
	NOT-FOR-US: phpCMS
CVE-2008-0512 (SQL injection vulnerability in index.php in the fq (com_fq) component ...)
	NOT-FOR-US: fq component for Mambo and Joomla!
CVE-2008-0511 (SQL injection vulnerability in index.php in the MaMML (com_mamml) ...)
	NOT-FOR-US: MaMML component for Mambo and Joomla!
CVE-2008-0510 (SQL injection vulnerability in index.php in the Newsletter ...)
	NOT-FOR-US: Newsletter component for Mambo and Joomla!
CVE-2008-0509 (Multiple buffer overflows in IBM AIX 4.3 allow remote attackers to ...)
	NOT-FOR-US: IBM AIX
CVE-2008-0508 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Dean's Permalinks Migration plugin for WordPress
CVE-2008-0507 (SQL injection vulnerability in adclick.php in the AdServe 0.2 plugin ...)
	NOT-FOR-US: AdServe plugin for WordPress
CVE-2008-0506 (include/imageObjectIM.class.php in Coppermine Photo Gallery (CPG) ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0505 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0504 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2008-0503 (Eval injection vulnerability in admin/op/disp.php in Netwerk Smart ...)
	NOT-FOR-US: Netwerk Smart Publisher
CVE-2008-0502 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-6700 (Cross-site scripting (XSS) vulnerability in cgi-bin/bgplg in the web ...)
	NOT-FOR-US: openbsd
CVE-2007-6699 (Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control ...)
	NOT-FOR-US: AIM PicEditor
CVE-2007-6698 (The BDB backend for slapd in OpenLDAP before 2.3.36 allows remote ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-6696 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
	- webcalendar 1.1.6-7 (bug #466935)
	[lenny] - webcalendar <not-affected> (See http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=466935#37)
CVE-2007-6695 (Cross-site scripting (XSS) vulnerability in index.php in Drake CMS ...)
	NOT-FOR-US: Drake CMS
CVE-2008-0664 (The XML-RPC implementation (xmlrpc.php) in WordPress before 2.3.3, ...)
	{DSA-1601-1}
	- wordpress 2.3.3-1 (medium; bug #464170)
	[etch] - wordpress <not-affected> (vulnerable code not present)
	NOTE: The blog has to provide user accounts
	NOTE: A crafted XML-RPC request referring to a valid user can exploit this
	NOTE: This is specific to wordpress' implementation of xmlrpc.php, which is
	NOTE: not included in any other packages.
	- libwordpress-xmlrpc-perl <removed>
CVE-2008-0553 (Stack-based buffer overflow in the ReadImage function in tkImgGIF.c in ...)
	{DSA-1598-1 DSA-1491-1 DSA-1490-1 DTSA-140-1}
	- tk8.5 8.5.0-3
	- tk8.4 8.4.17-2
	- tk8.3 8.3.5-12
	- libtk-img 1:1.3-release-7 (bug #485785)
CVE-2008-0554 (Buffer overflow in the readImageData function in giftopnm.c in netpbm ...)
	{DSA-1579-1}
	- netpbm-free 10.0-11.1 (medium; bug #464056)
CVE-2008-0564 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
	- mailman 1:2.1.10~b3-1 (low)
	[etch] - mailman <no-dsa> (Minor issue)
	[sarge] - mailman <no-dsa> (Minor issue)
	NOTE: Someone authenticated as list admin can insert malicious script
	NOTE: into list templates. This already consists of a high degree of
	NOTE: control over the mailinglist, so not a very important issue.
	NOTE: This enhances the fix for CVE-2006-3636.
	NOTE: http://mail.python.org/pipermail/mailman-announce/2008-February/000095.html
CVE-2008-0665 (wml_backend/p1_ipp/ipp.src in Website META Language (WML) 2.0.11 ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0666 (Website META Language (WML) 2.0.11 allows local users to overwrite ...)
	{DSA-1492-1}
	- wml 2.0.11-3.1 (low; bug #463907)
	[sarge] - wml <not-affected> (Vulnerable code is patched to use mkdtemp)
CVE-2008-0501 (Directory traversal vulnerability in phpMyClub 0.0.1 allows remote ...)
	NOT-FOR-US: phpMyClub
CVE-2008-0500 (Multiple unspecified vulnerabilities in Mambo LaiThai 4.5.5 have ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0499 (SQL injection vulnerability in Mambo LaiThai 4.5.5 allows remote ...)
	NOT-FOR-US: MamboXChange LaiThai
CVE-2008-0498 (SQL injection vulnerability in main_bigware_53.tpl.php in Bigware Shop ...)
	NOT-FOR-US: Bigware Shop
CVE-2008-0497 (Cross-site scripting (XSS) vulnerability in action.php in Nucleus CMS ...)
	NOT-FOR-US: Nucleus CMS
CVE-2008-0496 (Cross-site scripting (XSS) vulnerability in index.php in AmpJuke 0.7.0 ...)
	NOT-FOR-US: AmpJuke
CVE-2008-0495 (Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware ...)
	NOT-FOR-US: Pegasus CIM Server
CVE-2008-0494 (Cross-site scripting (XSS) vulnerability in vpnum/userslist.php in ...)
	NOT-FOR-US: Endian Firewall
CVE-2008-0493 (fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows ...)
	NOT-FOR-US: FlashPix plugin for IrfanView
CVE-2008-0492 (Stack-based buffer overflow in the Persits.XUpload.2 ActiveX control ...)
	NOT-FOR-US: Persits XUpload
CVE-2008-0491 (SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 ...)
	NOT-FOR-US: fGallery for WordPress
CVE-2008-0490 (SQL injection vulnerability in functions/editevent.php in the WP-Cal ...)
	NOT-FOR-US: WP-Cal plugin for WordPress
CVE-2008-0489 (Directory traversal vulnerability in install.php in Clansphere ...)
	NOT-FOR-US: Clansphere
CVE-2008-0488 (Directory traversal vulnerability in tseekdir.cgi in VB Marketing ...)
	NOT-FOR-US: VB Marketing
CVE-2008-0487 (Multiple SQL injection vulnerabilities in login.asp in ASPired2Protect ...)
	NOT-FOR-US: ASPired2Protect
CVE-2008-0486 (Array index vulnerability in libmpdemux/demux_audio.c in MPlayer ...)
	{DSA-1536-1 DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
	- xine-lib 1.1.10.1-1 (bug #464696)
	[sarge] - xine-lib <not-affected> (Vulnerable code not present)
CVE-2008-0485 (Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and ...)
	{DSA-1496-1 DTSA-114-1}
	- mplayer 1.0~rc2-8 (bug #464060)
CVE-2008-0484
	RESERVED
CVE-2008-0483
	RESERVED
CVE-2008-0482
	RESERVED
CVE-2008-0481 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0480 (Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2008-0479 (Directory traversal vulnerability in RTE_file_browser.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz NewsPad
CVE-2008-0478 (Directory traversal vulnerability in index.php in SetCMS 3.6.5 allows ...)
	NOT-FOR-US: SetCMS
CVE-2008-0477 (Stack-based buffer overflow in the QMPUpgrade.Upgrade.1 ActiveX ...)
	NOT-FOR-US: Move Networks Upgrade Manager
CVE-2008-0476 (ManageEngine Applications Manager 8.1 build 8100 does not check ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0475 (ManageEngine Applications Manager 8.1 build 8100 allows remote ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0474 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine Applications Manager
CVE-2008-0473 (RTE_popup_save_file.asp in Web Wiz Rich Text Editor 4.0 allows remote ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0472 (Cross-site request forgery (CSRF) vulnerability in modcp.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2008-0471 (Cross-site request forgery (CSRF) vulnerability in privmsg.php in ...)
	{DSA-1488-1}
	- phpbb2 2.0.22-3 (low; bug #463589)
CVE-2008-0470 (A certain ActiveX control in Comodo AntiVirus 2.0 allows remote ...)
	NOT-FOR-US: Comodo AntiVirus
CVE-2008-0469 (SQL injection vulnerability in index.php in Tiger Php News System ...)
	NOT-FOR-US: Tiger Php News System
CVE-2008-0468 (SQL injection vulnerability in category.php in Flinx 1.3 and earlier ...)
	NOT-FOR-US: Flinx
CVE-2008-0467 (Stack-based buffer overflow in Firebird before 2.0.4, and 2.1.x before ...)
	{DSA-1529-1}
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 2.0.3.12981.ds1-5 (medium; bug #463596)
CVE-2008-0466 (Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor ...)
	NOT-FOR-US: Web Wiz Rich Text Editor
CVE-2008-0465 (Directory traversal vulnerability in optimizer.php in Seagull 0.6.3 ...)
	NOT-FOR-US: Seagull
CVE-2008-0464 (Directory traversal vulnerability in archiv.cgi in absofort aconon ...)
	NOT-FOR-US: aconon Mail Enterprise SQL
CVE-2008-0463 (Cross-site scripting (XSS) vulnerability in the Workflow 4.7.x before ...)
	NOT-FOR-US: Workflow module for Drupal
CVE-2008-0462 (Cross-site scripting (XSS) vulnerability in the Archive 5.x before ...)
	NOT-FOR-US: Archive module for Drupal
CVE-2008-0461 (SQL injection vulnerability in index.php in the Search module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2008-0460 (Cross-site scripting (XSS) vulnerability in api.php in (1) MediaWiki ...)
	- mediawiki 1:1.11.1-1 (low)
	[etch] - mediawiki <not-affected> (Doesn't include API functionality)
CVE-2008-0459 (Directory traversal vulnerability in update/index.php in Liquid-Silver ...)
	NOT-FOR-US: Liquit-Silver CMS
CVE-2008-0458 (Directory traversal vulnerability in function/sources.php in SLAED CMS ...)
	NOT-FOR-US: SLAED CMS
CVE-2008-0457 (Unrestricted file upload vulnerability in the FileUpload class running ...)
	NOT-FOR-US: Symantec LiveState Apache Tomcat server
CVE-2008-0456 (CRLF injection vulnerability in the mod_negotiation module in the ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0455 (Cross-site scripting (XSS) vulnerability in the mod_negotiation module ...)
	- apache <removed> (unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: This is only relevant if an attacker can upload files with arbitrary names
	NOTE: but not with arbitrary contents.
CVE-2008-0454 (Cross-zone scripting vulnerability in the Internet Explorer web ...)
	NOT-FOR-US: Skype
CVE-2008-0453 (SQL injection vulnerability in list.php in Easysitenetwork Recipe ...)
	NOT-FOR-US: Easysitenetwork Recipe
CVE-2008-0452 (Directory traversal vulnerability in articles.php in Siteman 1.1.9 ...)
	NOT-FOR-US: Siteman
CVE-2008-0451 (Multiple SQL injection vulnerabilities in PacerCMS 0.6 allow remote ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0450 (Multiple PHP remote file inclusion vulnerabilities in BLOG:CMS 4.2.1.c ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0449 (SQL injection vulnerability in paypalresult.asp in VP-ASP Shopping ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2008-0448 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpSearch
CVE-2008-0447 (SQL injection vulnerability in index.php in Foojan WMS PHP Weblog 1.0 ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0446 (SQL injection vulnerability in voircom.php in LulieBlog 1.02 allows ...)
	NOT-FOR-US: Foojan WMS PHP Weblog
CVE-2008-0445 (The replace_inline_img function in elogd in Electronic Logbook (ELOG) ...)
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0444 (Cross-site scripting (XSS) vulnerability in Electronic Logbook (ELOG) ...)
	- elog 2.9.2+2014.05.11git44800a7-1 (low; bug #463600)
CVE-2008-0443 (Heap-based buffer overflow in the FileUploader.FUploadCtl.1 ActiveX ...)
	NOT-FOR-US: Lycos FileUploader Module
CVE-2008-0442 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0441 (IBM Tivoli Business Service Manager (TBSM) 4.1.1 stores passwords in ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2008-0440 (AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0439 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DeluxeBB
CVE-2008-0438 (Cross-site scripting (XSS) vulnerability in the font rendering ...)
	NOT-FOR-US: Novemberborn sIFR
CVE-2008-0437 (Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0436 (Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2008-0435 (Directory traversal vulnerability in index.php in OZJournals 2.1.1 ...)
	NOT-FOR-US: OZJournals
CVE-2008-0434 (Format string vulnerability in the AXIMilter module in AXIGEN Mail ...)
	NOT-FOR-US: AXIGEN Mail Server
CVE-2008-0433 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0432 (Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2008-0431 (Directory traversal vulnerability in administrator/download.php in ...)
	NOT-FOR-US: IDMOS
CVE-2008-0430 (SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows ...)
	NOT-FOR-US: 360 Web Manager
CVE-2008-0429 (SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per ...)
	NOT-FOR-US: AlstraSoft Forum Pay Per Post Exchange
CVE-2008-0428 (Multiple SQL injection vulnerabilities in the login function in ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0427 (Directory traversal vulnerability in file.php in bloofoxCMS 0.3 allows ...)
	NOT-FOR-US: bloofoxCMS
CVE-2008-0426 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
	NOT-FOR-US: PacerCMS
CVE-2008-0425 (Absolute path traversal vulnerability in explorerdir.php in Frimousse ...)
	NOT-FOR-US: Frimousse
CVE-2008-0424 (SQL injection vulnerability in blog.php in Mooseguy Blog System (MGBS) ...)
	NOT-FOR-US: Mooseguy Blog System
CVE-2008-0423 (Multiple PHP remote file inclusion vulnerabilities in Lama Software ...)
	NOT-FOR-US: Lama Software
CVE-2008-0422 (SQL injection vulnerability in mail.php in boastMachine (aka bMachine) ...)
	NOT-FOR-US: bMachine
CVE-2008-0421 (SQL injection vulnerability in Invision Gallery 2.0.7 and earlier ...)
	NOT-FOR-US: Invision Gallery
CVE-2008-0420 (modules/libpr0n/decoders/bmp/nsBMPDecoder.cpp in Mozilla Firefox ...)
	{DSA-1534-1 DSA-1484-1}
	- iceape 1.1.8-1
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	NOTE: The initial advisory claimed Thunderbird/Icedove were vulnerable, but clarified
	NOTE: later, see http://www.mozilla.org/security/announce/2008/mfsa2008-07.html
CVE-2008-0419 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0418 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.12, ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0417 (CRLF injection vulnerability in Mozilla Firefox before 2.0.0.12 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0416 (Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.13-1
	- iceape 1.1.9-1
CVE-2008-0415 (Mozilla Firefox before 2.0.0.12, Thunderbird before 2.0.0.12, and ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
	- xulrunner 1.8.1.12-1
CVE-2008-0414 (Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0413 (The JavaScript engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0412 (The browser engine in Mozilla Firefox before 2.0.0.12, Thunderbird ...)
	{DSA-1506-1 DSA-1489-1 DSA-1485-2 DSA-1484-1}
	- iceweasel 2.0.0.12-1
	- xulrunner 1.8.1.12-1
	- iceape 1.1.8-1
	- icedove 2.0.0.12-1
CVE-2008-0411 (Stack-based buffer overflow in the zseticcspace function in zicc.c in ...)
	{DSA-1510-1}
	- ghostscript 8.61.dfsg.1-1.1 (medium; bug #468190)
	- gs-gpl <removed> (medium)
CVE-2007-6694 (The chrp_show_cpuinfo function (chrp/setup.c) in Linux kernel 2.4.21 ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 9ac71d00398674aaec664f30559f0a21d963862f, part of 2.6.24
CVE-2008-XXXX [exempi buffer overflow in GIF ReadHeader() function]
	- exempi 1.99.7-1 (bug #454297)
CVE-2008-0544 (Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-3 (medium)
CVE-2007-6697 (Buffer overflow in the LWZReadByte function in IMG_gif.c in SDL_image ...)
	{DSA-1493-2 DSA-1493-1}
	- sdl-image1.2 1.2.6-2 (medium)
CVE-2008-0410 (HTTP File Server (HFS) before 2.2c allows remote attackers to obtain ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0409 (Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0408 (HTTP File Server (HFS) before 2.2c allows remote attackers to append ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0407 (HTTP File Server (HFS) before 2.2c tags HTTP request log entries with ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0406 (HTTP File Server (HFS) before 2.2c, when account names are used as log ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0405 (Multiple directory traversal vulnerabilities in HTTP File Server (HFS) ...)
	NOT-FOR-US: HTTP File Server
CVE-2008-0404 (Cross-site scripting (XSS) vulnerability in Mantis before 1.1.1 allows ...)
	- mantis <not-affected> (Vulnerable code not present)
	NOTE: code was introduced in the 1.1.x series, which are not shipped by us yet
CVE-2008-0403 (The web server in Belkin Wireless G Plus MIMO Router F5D9230-4 does ...)
	NOT-FOR-US: Belkin Wireless firmware
CVE-2008-0402 (Unspecified vulnerability in IBM WebSphere Business Modeler Basic and ...)
	NOT-FOR-US: IBM WebSphere Business Modeler
CVE-2008-0401 (Buffer overflow in the logging functionality of the HTTP server in IBM ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager for OS Deployment before
CVE-2008-0400 (Cross-site scripting (XSS) vulnerability in header.tpl.php in the ...)
	NOT-FOR-US: Singapore
CVE-2008-0399 (Multiple buffer overflows in Toshiba Surveillance (Surveillix) ...)
	NOT-FOR-US: Toshiba Surveillance
CVE-2008-0398 (Cross-site scripting (XSS) vulnerability in aflog 1.01, and possibly ...)
	NOT-FOR-US: aflog
CVE-2008-0397 (Multiple SQL injection vulnerabilities in aflog 1.01, and possibly ...)
	NOT-FOR-US: aflog
CVE-2008-0396 (Directory traversal vulnerability in BitDefender Update Server ...)
	NOT-FOR-US: BitDefender Update Server
CVE-2008-0395 (Kayako SupportSuite 3.11.01 allows remote attackers to obtain server ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2008-0394 (Buffer overflow in Citadel SMTP server 7.10 and earlier allows remote ...)
	NOT-FOR-US: Citadel SMTP server
CVE-2008-0393 (Directory traversal vulnerability in info.php in GradMan 0.1.3 and ...)
	NOT-FOR-US: GradMan
CVE-2008-0392 (Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2008-0391 (inc/elementz.php in aliTalk 1.9.1.1 does not properly verify ...)
	NOT-FOR-US: aliTalk
CVE-2008-0390 (stat.php in AuraCMS 1.62, and Mod Block Statistik for AuraCMS, allows ...)
	NOT-FOR-US: AuraCMS
CVE-2008-0389 (Unspecified vulnerability in the serveServletsByClassnameEnabled ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2008-0388 (SQL injection vulnerability in the WP-Forum 1.7.4 plugin for WordPress ...)
	NOT-FOR-US: WP-Forum plugin for WordPress
CVE-2008-0387 (Integer overflow in Firebird SQL 1.0.3 and earlier, 1.5.x before ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-4 (bug #460048)
	[lenny] - firebird2.0 2.0.3.12981.ds1-1+lenny1
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
CVE-2008-0386 (Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to ...)
	- xdg-utils <not-affected> (Ships a patch that modifies the vulnerable code and uses sed secure)
	NOTE: xdg-open-generic replaces the vulnerable code and runs view-mailcap or sensible-browser
CVE-2008-0385 (SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 ...)
	NOT-FOR-US: Urulu
CVE-2008-0384 (OpenBSD 4.2 allows local users to cause a denial of service (kernel ...)
	NOT-FOR-US: OpenBSD
CVE-2008-0383 (Multiple SQL injection vulnerabilities in MyBB 1.2.10 and earlier ...)
	NOT-FOR-US: MyBB
CVE-2008-0382 (Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier ...)
	NOT-FOR-US: MyBB
CVE-2008-0381 (Unspecified vulnerability in Mahara before 0.9.1 has unknown impact ...)
	- mahara 0.9.1-1 (low)
CVE-2008-0380 (Buffer overflow in the Digital Data Communications RtspVaPgCtrl ...)
	NOT-FOR-US: Digital Data Communications
CVE-2008-0379 (Race condition in the Enterprise Tree ActiveX control ...)
	NOT-FOR-US: Crystal Reports
CVE-2008-0378 (Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when ...)
	NOT-FOR-US: SocksCap
CVE-2008-0377 (MicroNews allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: MicroNews
CVE-2008-0376 (PHP remote file inclusion vulnerability in inc/linkbar.php in Small ...)
	NOT-FOR-US: Small Axe Weblog
CVE-2008-0375 (Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0374 (OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web ...)
	NOT-FOR-US: OKI C5510MFP Printer firmware
CVE-2008-0373 (Unrestricted file upload vulnerability in PHP F1 Max's File Uploader ...)
	NOT-FOR-US: PHP F1 Max's File Uploader
CVE-2008-0372 (8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2008-0371 (Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when ...)
	NOT-FOR-US: aliTalk
CVE-2008-0370 (Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2008-0369 (Multiple unspecified programs in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0368 (onedcu in IBM Informix Dynamic Server (IDS) 10.x before 10.00.xC8 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2008-0367 (Mozilla Firefox 2.0.0.11, 3.0b2, and possibly earlier versions, when ...)
	- iceweasel 3.0 (low)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	NOTE: Mozilla #244273
CVE-2008-0366 (CORE FORCE before 0.95.172 does not properly validate arguments to ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0365 (Multiple buffer overflows in CORE FORCE before 0.95.172 allow local ...)
	NOT-FOR-US: CORE FORCE
CVE-2008-0364 (Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent ...)
	NOT-FOR-US: BitTorrent/uTorrent
CVE-2008-0363 (Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0362 (Cross-site scripting (XSS) vulnerability in gallery.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2008-0361 (Directory traversal vulnerability in agregar_info.php in GradMan 0.1.3 ...)
	NOT-FOR-US: GradMan
CVE-2008-0360 (Multiple SQL injection vulnerabilities in BLOG:CMS 4.2.1b allow remote ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0359 (Multiple cross-site scripting (XSS) vulnerabilities in BLOG:CMS 4.2.1b ...)
	NOT-FOR-US: BLOG:CMS
CVE-2008-0358 (SQL injection vulnerability in index.php in Pixelpost 1.7 allows ...)
	NOT-FOR-US: Pixelpost
CVE-2008-0357 (Directory traversal vulnerability in pages/upload.php in Galaxyscripts ...)
	NOT-FOR-US: Galaxyscripts
CVE-2008-0356 (Buffer overflow in the Independent Management Architecture (IMA) ...)
	NOT-FOR-US: Citrix Presentation Server
CVE-2008-0355 (SQL injection vulnerability in index.php in the forum module in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2008-0354 (Cross-site scripting (XSS) vulnerability in the chat client in IBM ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2008-0353 (SQL injection vulnerability in visualizza_tabelle.php in php-residence ...)
	NOT-FOR-US: php-residence
CVE-2008-XXXX [apt-cacher arbitrary command execution]
	- apt-cacher 1.6.1
	[etch] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
	[sarge] - apt-cacher <not-affected> (vulnerable code introduced in 1.6.0)
CVE-2008-0352 (The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced after 2.6.19 release)
CVE-2008-0351 (admin/config.php in Evilsentinel 1.0.9 and earlier allows remote ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0350 (admin/index.php in Evilsentinel 1.0.9 and earlier sends a redirect to ...)
	NOT-FOR-US: EvilSentinel
CVE-2008-0349 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0348 (Multiple unspecified vulnerabilities in the PeopleTools component in ...)
	NOT-FOR-US: Oracle
CVE-2008-0347 (Unspecified vulnerability in the Oracle Ultra Search component in ...)
	NOT-FOR-US: Oracle
CVE-2008-0346 (Unspecified vulnerability in the Oracle Jinitiator component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0345 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0344 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0343 (Unspecified vulnerability in the Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0342 (Unspecified vulnerability in the Upgrade/Downgrade component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0341 (Unspecified vulnerability in the Advanced Queuing component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2008-0340 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5 FIPS+, ...)
	NOT-FOR-US: Oracle
CVE-2008-0339 (Unspecified vulnerability in the XML DB component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2008-0338 (Directory traversal vulnerability in the mwGetLocalFileName function ...)
	NOT-FOR-US: miniweb
CVE-2008-0337 (Heap-based buffer overflow in the _mwProcessReadSocket function in ...)
	NOT-FOR-US: miniweb
CVE-2008-0336 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0335 (Cross-site scripting (XSS) vulnerability in BugTracker.NET before ...)
	NOT-FOR-US: BugTracker.NET
CVE-2008-0334 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: pMachine
CVE-2008-0333 (Directory traversal vulnerability in download_view_attachment.aspx in ...)
	NOT-FOR-US: AfterLogic MailBee WebMail Pro 4.1 for ASP.NET
CVE-2008-0332 (Directory traversal vulnerability in arias/help/effect.php in aria ...)
	NOT-FOR-US: Aria ERP (not the aria we ship)
CVE-2008-0331 (Unspecified vulnerability in Funkwerk System Software before 7.4.1 ...)
	NOT-FOR-US: Funkwerk
CVE-2008-0330 (Open System Consultants (OSC) Radiator before 4.0 allows remote ...)
	NOT-FOR-US: Radiator
CVE-2008-0329 (LulieBlog 1.0.1 and 1.0.2 does not restrict access to (1) ...)
	NOT-FOR-US: LulieBlog
CVE-2008-0328 (SQL injection vulnerability in page.php in FaScript FaName 1.0 allows ...)
	NOT-FOR-US: FaScript
CVE-2008-0327 (SQL injection vulnerability in show.php in FaScript FaMp3 1.0 allows ...)
	NOT-FOR-US: FaScript
CVE-2008-0326 (SQL injection vulnerability in class/show.php in FaScript ...)
	NOT-FOR-US: FaScript
CVE-2008-0325 (SQL injection vulnerability in show.php in FaScript FaPersian Petition ...)
	NOT-FOR-US: FaScript
CVE-2008-0324 (Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 ...)
	NOT-FOR-US: Cisco
CVE-2008-0323
	RESERVED
CVE-2008-0322 (The I2O Utility Filter driver (i2omgmt.sys) 5.1.2600.2180 for ...)
	NOT-FOR-US: Microsoft Windows XP driver
CVE-2008-0321
	RESERVED
CVE-2008-0320 (Heap-based buffer overflow in the OLE importer in OpenOffice.org ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2008-0319
	RESERVED
CVE-2008-0318 (Integer overflow in the cli_scanpe function in libclamav in ClamAV ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (medium)
CVE-2008-0317
	RESERVED
CVE-2008-0316
	RESERVED
CVE-2008-0315
	RESERVED
CVE-2008-0314 (Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 ...)
	{DSA-1549-1}
	- clamav 0.92.1~dfsg2-1 (medium)
CVE-2008-0313 (The ActiveDataInfo.LaunchProcess method in the ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0312 (Stack-based buffer overflow in the AutoFix Support Tool ActiveX ...)
	NOT-FOR-US: Symantec Norton products
CVE-2008-0311 (Stack-based buffer overflow in the PGMWebHandler::parse_request ...)
	NOT-FOR-US: Borland CaliberRM
CVE-2008-0310 (Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 ...)
	NOT-FOR-US: SCO UnixWare
CVE-2008-0309 (Stack-based buffer overflow in Symantec Decomposer, as used in certain ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0308 (Symantec Decomposer, as used in certain Symantec antivirus products ...)
	NOT-FOR-US: Symantec Decomposer
CVE-2008-0307 (Integer signedness error in vserver in SAP MaxDB 7.6.0.37, and ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0306 (sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows ...)
	- maxdb-7.5.00 <removed>
CVE-2008-0305
	RESERVED
CVE-2008-0304 (Heap-based buffer overflow in Mozilla Thunderbird before 2.0.0.12 and ...)
	{DSA-1697-1 DSA-1621-1}
	- icedove 2.0.0.12-1 (medium)
	- iceape 1.1.8-1 (medium)
CVE-2008-0303 (The FTP print feature in multiple Canon printers, including ...)
	NOT-FOR-US: Canon printer firmware
CVE-2008-0301 (Multiple SQL injection vulnerabilities in Mapbender 2.4.4 allow remote ...)
	NOT-FOR-US: Mapbender
CVE-2008-0300 (mapFiler.php in Mapbender 2.4 to 2.4.4 allows remote attackers to ...)
	NOT-FOR-US: Mapbender
CVE-2008-0298 (KHTML WebKit as used in Apple Safari 2.x allows remote attackers to ...)
	- webkit <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- qt4-x11 <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kdelibs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	- kde4libs <not-affected> (Not reproducible, browser crashes not treated as security issues)
	NOTE: Not reproducible, might be fixed before all the forks went off
CVE-2008-0297 (PhotoKorn allows remote attackers to obtain database credentials via a ...)
	NOT-FOR-US: PhotoKorn
CVE-2008-0296 (Heap-based buffer overflow in the libaccess_realrtsp plugin in ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
CVE-2008-0295 (Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in ...)
	{DSA-1543-1 DTSA-111-1}
	- vlc 0.8.6.c-6 (bug #461544; medium)
	NOTE: this does not affect xine-lib itself, its just vlc that ships a really old version of it
CVE-2008-0294 (Unspecified vulnerability in the seat-locking implementation in ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0293 (Unspecified vulnerability in cron.php in FreeSeat before 1.1.5d, when ...)
	NOT-FOR-US: FreeSeat
CVE-2008-0292 (Cross-site scripting (XSS) vulnerability in photo_album.pl in Dansie ...)
	NOT-FOR-US: Dansie Photo Album
CVE-2008-0291 (SQL injection vulnerability in showproduct.asp in RichStrong CMS ...)
	NOT-FOR-US: RichStrong CMS
CVE-2007-6693 (Unspecified vulnerability in the WebCam module in Menalto Gallery ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6692 (Open redirect vulnerability in Menalto Gallery before 2.2.4 allows ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6691 (Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6690 (The Gallery Remote module in Menalto Gallery before 2.2.4 does not ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6689 (Menalto Gallery before 2.2.4 does not properly check for malicious ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6688 (Unspecified vulnerability in the Installation application in Menalto ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2007-6687 (Multiple cross-site scripting (XSS) vulnerabilities in Menalto Gallery ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6686 (The URL rewrite module in Menalto Gallery before 2.2.4 allows ...)
	- gallery2 2.2.4-1 (bug #457644)
	- gallery <not-affected> (Vulnerable code not present)
CVE-2007-6685 (Unspecified vulnerability in the Publish XP module Menalto Gallery ...)
	- gallery <not-affected> (Vulnerable code not present)
	- gallery2 2.2.4-1 (bug #457644)
CVE-2008-0161
	RESERVED
CVE-2008-0290 (Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and ...)
	NOT-FOR-US: Digital Hive
CVE-2008-0289 (PHP remote file inclusion vulnerability in view_func.php in Member ...)
	NOT-FOR-US: Member Area System
CVE-2008-0288 (Multiple SQL injection vulnerabilities in ImageAlbum 2.0.0b2 allow ...)
	NOT-FOR-US: ImageAlbum
CVE-2008-0287 (PHP remote file inclusion vulnerability in VisionBurst vcart 3.3.2 ...)
	NOT-FOR-US: VisionBurst vcart
CVE-2008-0286 (SQL injection vulnerability in admin/login.php in Article Dashboard ...)
	NOT-FOR-US: Article Dashboard
CVE-2008-0285 (ngIRCd 0.10.x before 0.10.4 and 0.11.0 before 0.11.0-pre2 allows ...)
	- ngircd 0.10.3-2 (bug #461067; low)
	[etch] - ngircd <no-dsa> (Minor issue)
CVE-2008-0284 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2008-0283 (PHP remote file inclusion vulnerability in /aides/index.php in DomPHP ...)
	NOT-FOR-US: DomPHP
CVE-2008-0282 (SQL injection vulnerability in welcome/inscription.php in DomPHP 0.81 ...)
	NOT-FOR-US: DomPHP
CVE-2008-0281 (SQL injection vulnerability in liste.php in ID-Commerce 2.0 and ...)
	NOT-FOR-US: ID-Commerce
CVE-2008-0280 (SQL injection vulnerability in index.php in MTCMS 2.0 and possibly ...)
	NOT-FOR-US: MTCMS
CVE-2008-0279 (SQL injection vulnerability in liretopic.php in Xforum 1.4 and ...)
	NOT-FOR-US: Xforum
CVE-2008-0278 (SQL injection vulnerability in index.php in X7 Chat 2.0.5 and possibly ...)
	NOT-FOR-US: X7 Chat
CVE-2008-0277 (Unspecified vulnerability in the Fileshare module for Drupal allows ...)
	NOT-FOR-US: Fileshare module for Drupal
CVE-2008-0276 (Cross-site scripting (XSS) vulnerability in the Devel module before ...)
	NOT-FOR-US: Devel module for Drupal
CVE-2008-0275 (The Atom 4.7 before 4.7.x-1.0 and 5.x before 5.x-1.0 module for Drupal ...)
	NOT-FOR-US: Atom module for Drupal
CVE-2008-0274 (Cross-site scripting (XSS) vulnerability in Drupal 4.7.x and 5.x, when ...)
	- drupal5 5.6-1 (unimportant)
	NOTE: needs register_globals on
CVE-2008-0273 (Interpretation conflict in Drupal 4.7.x before 4.7.11 and 5.x before ...)
	- drupal5 5.6-1 (low)
CVE-2008-0272 (Cross-site request forgery (CSRF) vulnerability in the aggregator ...)
	- drupal5 5.6-1 (low)
CVE-2008-0271 (The editor deletion form in BUEditor 4.7.x before 4.7.x-1.0 and 5.x ...)
	NOT-FOR-US: BUEditor
CVE-2008-0270 (SQL injection vulnerability in index.php in TaskFreak! 0.6.1 and ...)
	NOT-FOR-US: TaskFreak!
CVE-2008-0269 (Unspecified vulnerability in the dotoprocs function in Sun Solaris 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2008-0268 (Cross-site scripting (XSS) vulnerability in view.php in eTicket ...)
	NOT-FOR-US: eTicket
CVE-2008-0267 (Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote ...)
	NOT-FOR-US: eTicket
CVE-2008-0266 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: eTicket
CVE-2008-0265 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
	NOT-FOR-US: F5 BIG-IP
CVE-2008-0264 (Unspecified vulnerability in the Meta Tags (aka Nodewords) 5.x-1.6 ...)
	NOT-FOR-US: Meta Tags module for Drupal
CVE-2008-0263 (The SIP module in Ingate Firewall before 4.6.1 and SIParator before ...)
	NOT-FOR-US: Ingate Firewall
CVE-2008-0262 (SQL injection vulnerability in includes/articleblock.php in Agares ...)
	NOT-FOR-US: Agares PhpAutoVideo
CVE-2008-0261 (Unspecified vulnerability in the search component and module in Mambo ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2008-0260 (minimal Gallery 0.8 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0259 (Multiple directory traversal vulnerabilities in _mg/php/mg_thumbs.php ...)
	NOT-FOR-US: minimal Gallery
CVE-2008-0258 (Cross-site scripting (XSS) vulnerability in index.php in PHP Running ...)
	NOT-FOR-US: PHP Running Management
CVE-2008-0257 (Cross-site scripting (XSS) vulnerability in search.pl in Dansie Search ...)
	NOT-FOR-US: Dansie Search
CVE-2008-0256 (Multiple SQL injection vulnerabilities in Matteo Binda ASP Photo ...)
	NOT-FOR-US: Matteo Binda ASP Photo Gallery
CVE-2008-0255 (SQL injection vulnerability in archive.php in iGaming 1.5, and 1.3.1 ...)
	NOT-FOR-US: iGaming
CVE-2008-0254 (SQL injection vulnerability in activate.php in TutorialCMS (aka ...)
	NOT-FOR-US: TutorialCMS
CVE-2008-0253 (SQL injection vulnerability in full_text.php in Binn SBuilder allows ...)
	NOT-FOR-US: Binn SBuilder
CVE-2008-0252 (Directory traversal vulnerability in the _get_file_path function in ...)
	{DSA-1481-1}
	- python-cherrypy 2.2.1-3.1 (low; bug #461069)
	- cherrypy3 3.0.2-2
CVE-2008-0251 (Unrestricted file upload vulnerability in PhotoPost vBGallery before ...)
	NOT-FOR-US: PhotoPost vBGallery
CVE-2008-0250 (Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows ...)
	NOT-FOR-US: Microsoft Visual InterDev
CVE-2008-0249 (PHP Webquest 2.6 allows remote attackers to retrieve database ...)
	NOT-FOR-US: PHP Webquest
CVE-2008-0248 (Buffer overflow in an ActiveX control in ccpm_0237.dll for StreamAudio ...)
	NOT-FOR-US: StreamAudio ChainCast ProxyManager
CVE-2008-0247 (Heap-based buffer overflow in the Express Backup Server service ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2008-0246 (admin.php in UploadScript 1.0 does not check for the original password ...)
	NOT-FOR-US: UploadScript
CVE-2008-0245 (admin.php in UploadImage 1.0 does not check for the original password ...)
	NOT-FOR-US: UploadImage
CVE-2008-0244 (SAP MaxDB 7.6.03 build 007 and earlier allows remote attackers to ...)
	- maxdb-7.5.00 <removed> (medium; bug #461444)
	NOTE: see #461456 for removal explanation
CVE-2008-0243 (Unspecified vulnerability in Lotus Domino 7.0.2 before Fix Pack 3 ...)
	NOT-FOR-US: Lotus Domino
CVE-2008-0242 (Unspecified vulnerability in libdevinfo in Sun Solaris 10 allows local ...)
	NOT-FOR-US: Sun Solari
CVE-2008-0241 (Open redirect vulnerability in /idm/user/login.jsp in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0240 (/idm/help/index.jsp in Sun Java System Identity Manager 6.0 SP1 ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Identity Manager
CVE-2008-0238 (Multiple heap-based buffer overflows in the rmff_dump_cont function in ...)
	NOTE: Dupe of CVE-2008-0225
CVE-2008-0299 (common.py in Paramiko 1.7.1 and earlier, when using threads or forked ...)
	- paramiko 1.6.4-1.1 (low; bug #460706)
	[etch] - paramiko <no-dsa> (Minor issue)
	NOTE: http://web.archive.org/web/20100715101310/http://www.lag.net/pipermail/paramiko/2008-January/000599.html
CVE-2008-0237 (The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 ...)
	NOT-FOR-US: Microsoft Rich Textbox ActiveX Control
CVE-2008-0236 (An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2008-0235 (The Microsoft VFP_OLE_Server ActiveX control allows remote attackers ...)
	NOT-FOR-US: Microsoft VFP_OLE_Server ActiveX control
CVE-2008-0234 (Buffer overflow in Apple Quicktime Player 7.3.1.70 and other versions ...)
	NOT-FOR-US: Apple Quicktime Player
CVE-2008-0233 (Unrestricted file upload vulnerability in Zero CMS 1.0 Alpha and ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0232 (Multiple SQL injection vulnerabilities in Zero CMS 1.0 Alpha allow ...)
	NOT-FOR-US: Zero CMS
CVE-2008-0231 (Multiple directory traversal vulnerabilities in index.php in Tuned ...)
	NOT-FOR-US: Tune Studio
CVE-2008-0230 (PHP remote file inclusion vulnerability in php121db.php in osDate ...)
	NOT-FOR-US: osDate
CVE-2008-0229 (The telnet service in LevelOne WBR-3460 4-Port ADSL 2/2+ Wireless ...)
	NOT-FOR-US: LevelOne router firmware
CVE-2008-0228 (Cross-site request forgery (CSRF) vulnerability in apply.cgi in the ...)
	NOT-FOR-US: Linksys WRT54GL firmware
CVE-2008-0227 (yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (low; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0226 (Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL ...)
	{DSA-1478-1}
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg-5.0 5.0.51-3 (medium; bug #460873)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2008-0225 (Heap-based buffer overflow in the rmff_dump_cont function in ...)
	{DSA-1472-1 DTSA-109-1}
	- xine-lib 1.1.10-1 (medium; bug #460551)
CVE-2008-0224 (SQL injection vulnerability in index.php in the Newbb_plus 0.92 and ...)
	NOT-FOR-US: RunCMS
CVE-2008-0223 (Buffer overflow in JustSystems JSFC.DLL, as used in multiple ...)
	NOT-FOR-US: JustSystem
CVE-2008-0222 (Unrestricted file upload vulnerability in ajaxfilemanager.php in the ...)
	NOT-FOR-US: Wp-FileManager plugin for WordPress
CVE-2008-0221 (Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0220 (Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 ...)
	NOT-FOR-US: Gateway Weblaunch
CVE-2008-0219 (SQL injection vulnerability in soporte_horizontal_w.php in PHP ...)
	NOT-FOR-US: Webquest
CVE-2008-0218 (Cross-site scripting (XSS) vulnerability in admin/index.html in Merak ...)
	NOT-FOR-US: Merak IceWarp Mail Server
CVE-2008-0217 (The script program in FreeBSD 5.0 through 7.0-PRERELEASE invokes ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0216 (The ptsname function in FreeBSD 6.0 through 7.0-PRERELEASE does not ...)
	- kfreebsd-5 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-7 <not-affected> (see bug #483152)
CVE-2008-0215 (Multiple unspecified vulnerabilities in HP Storage Essentials Storage ...)
	NOT-FOR-US: HP SRM
CVE-2008-0214 (Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, ...)
	NOT-FOR-US: HP Select Identity
CVE-2008-0213 (Unspecified vulnerability in a certain ActiveX control for HP Virtual ...)
	NOT-FOR-US: HP Virtual Rooms
CVE-2008-0212 (ovtopmd in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2008-0211 (Unspecified vulnerability in the BIOS F.04 through F.11 for the HP ...)
	NOT-FOR-US: BIOS F.04
CVE-2008-0210 (Uebimiau Webmail 2.7.10 and 2.7.2 does not protect authentication ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0209 (Open redirect vulnerability in Forums/login.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0208 (Cross-site scripting (XSS) vulnerability in login.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0207 (Multiple cross-site scripting (XSS) vulnerabilities in PRO-Search 0.17 ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0206 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Captcha!
CVE-2008-0205 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0204 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Math Comment Spam Protection plugin for WordPress
CVE-2008-0203 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cryptographp plugin for WordPress
CVE-2008-0202 (CRLF injection vulnerability in index.php in ExpressionEngine 1.2.1 ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0201 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: ExpressionEngine
CVE-2008-0200 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: RotaBanner
CVE-2008-0199 (PRO-Search 0.17 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: PRO-Search
CVE-2008-0198 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0197 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WP-ContactForm plugin for WordPress
CVE-2008-0196 (Multiple directory traversal vulnerabilities in WordPress 2.0.11 and ...)
	- wordpress 2.3.3-1
	[etch] - wordpress <no-dsa> (Auth is needed and attacker should have permissions to edit files)
CVE-2008-0195 (WordPress 2.0.11 and earlier allows remote attackers to obtain ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0194 (Directory traversal vulnerability in wp-db-backup.php in WordPress ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0193 (Cross-site scripting (XSS) vulnerability in wp-db-backup.php in ...)
	{DSA-1502-1}
	- wordpress 2.1.0-1
	NOTE: Vulnerable code removed since 2.1 release
CVE-2008-0192 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 ...)
	- wordpress 2.0.10-1
	NOTE: poked hendry
CVE-2008-0191 (WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive ...)
	- wordpress <unfixed> (unimportant)
	NOTE: full path and DB structure already known on Debian
	NOTE: poked hendry
CVE-2008-0190 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: AwesomeTemplateEngine
CVE-2008-0189
	REJECTED
CVE-2008-0188
	REJECTED
CVE-2008-0187 (SQL injection vulnerability in songinfo.php in SAM Broadcaster ...)
	NOT-FOR-US: SAM Broadcaster samPHPweb
CVE-2008-0186 (Cross-site scripting (XSS) vulnerability in index.php in NetRisk 1.9.7 ...)
	NOT-FOR-US: NetRisk
CVE-2008-0185 (SQL injection vulnerability in index.php in NetRisk 1.9.7 and possibly ...)
	NOT-FOR-US: NetRisk
CVE-2008-0184 (Absolute path traversal vulnerability in index.php in Sys-Hotel on ...)
	NOT-FOR-US: Sys-Hotel
CVE-2008-0183
	RESERVED
CVE-2008-0182 (Cross-site request forgery (CSRF) vulnerability in the Admin portlet ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0181 (Cross-site scripting (XSS) vulnerability in the Admin portlet in ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0180 (Cross-site scripting (XSS) vulnerability in ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0179 (Cross-site scripting (XSS) vulnerability in ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0178 (Cross-site scripting (XSS) vulnerability in the Enterprise Admin ...)
	- liferay-portal <itp> (bug #569819)
CVE-2008-0177 (The ipcomp6_input function in sys/netinet6/ipcomp_input.c in the KAME ...)
	- kfreebsd-7 <not-affected> (see bug #483152)
	- kfreebsd-6 <not-affected> (see bug #483152)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (FreeBSD not supported)
	NOTE: Linux kernel code is not affected, the proper check is there
	NOTE: (somewhat difficult to spot, it happens in the caller).
CVE-2008-0176 (Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI ...)
	NOT-FOR-US: GE Fanuc CIMPLICITY
CVE-2008-0175 (Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0174 (GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier uses ...)
	NOT-FOR-US: GE Fanuc Proficy Real-Time Information Portal
CVE-2008-0172 (The get_repeat_type function in basic_regex_creator.hpp in the Boost ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0171 (regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library ...)
	- boost 1.34.1-5 (low; bug #461236)
	[etch] - boost <no-dsa> (Minor issue)
CVE-2008-0170
	RESERVED
CVE-2008-0169 (Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 ...)
	- ikiwiki 2.48 (medium; bug #483770)
	[etch] - ikiwiki <not-affected> (Vulnerable code introduced in 1.34)
CVE-2008-0168
	RESERVED
CVE-2008-0167 (The write_array_file function in utils/include.pl in GForge 4.5.14 ...)
	{DSA-1577-1}
	- gforge 4.6.99+svn6496-1 (low)
	NOTE: https://rt.debian.org/Ticket/Display.html?id=672
CVE-2008-0166 (OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based ...)
	{DSA-1576-1 DSA-1571-1}
	- openssl 0.9.8g-9 (high)
	[sarge] - openssl <not-affected> (Vulnerable code not present)
	- openssh 4.7p1-9 (high)
	NOTE: http://www.debian.org/security/key-rollover/
CVE-2008-0165 (Cross-site request forgery (CSRF) vulnerability in Ikiwiki before 2.42 ...)
	{DSA-1553-1}
	- ikiwiki 2.42
CVE-2008-0164 (Multiple cross-site request forgery (CSRF) vulnerabilities in Plone ...)
	- plone3 3.1.1-1 (bug #473571)
CVE-2008-0163 (Linux kernel 2.6, when using vservers, allows local users to access ...)
	{DSA-1494-1}
	- linux-2.6 2.6.25-1 (high)
CVE-2008-0162 (misc.c in splitvt 1.6.6 and earlier does not drop group privileges ...)
	{DSA-1500-1}
	- splitvt 1.6.6-4
CVE-2008-0302 (Untrusted search path vulnerability in apt-listchanges.py in ...)
	{DSA-1465-2}
	- apt-listchanges 2.82 (medium)
	[sarge] - apt-listchanges <not-affected> (Vulnerable code not present)
	NOTE: see http://web.archive.org/web/20080206193307/http://git.madism.org:80/?p=apt-listchanges.git;a=commitdiff;h=1bcfbf3dc55413bb83a1782dc9a54515a963fb32
CVE-2008-0160
	RESERVED
CVE-2007-6680 (Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument ...)
	NOT-FOR-US: IBM AIX
CVE-2007-6679 (Unspecified vulnerability in the Administrative Console in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-6678
	REJECTED
CVE-2007-6677 (Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam ...)
	NOT-FOR-US: Peter's Random Anti-Spam Image
CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...)
	NOT-FOR-US: ONEdotOH Simple File
CVE-2008-0173 (SQL injection vulnerability in Gforge 4.6.99 and earlier allows remote ...)
	{DSA-1459-1}
	- gforge 4.6.99+svn6330-1 (medium)
	NOTE: this is exploitable by unauthenticated users
	NOTE: Requires register_globals to be On, unsupported in lenny+sid.
	NOTE: In lenny+sid these scripts just don't work, so no security issue.
	NOTE: In etch+sarge we support gforge with rg On, unfortunately.
CVE-2008-0159 (SQL injection vulnerability in index.php in eggBlog 3.1.0 and earlier ...)
	NOT-FOR-US: eggBlog
CVE-2008-0158 (Directory traversal vulnerability in index.php in Shop-Script 2.0 and ...)
	NOT-FOR-US: Shop-Script
CVE-2008-0157 (SQL injection vulnerability in FlexBB 0.6.3 and earlier allows remote ...)
	NOT-FOR-US: FlexBB
CVE-2008-0156 (Absolute path traversal vulnerability in index.php in Million Dollar ...)
	NOT-FOR-US: Million Dollar Script
CVE-2008-0155 (Cross-site scripting (XSS) vulnerability in index.php in EvilBoard ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0154 (SQL injection vulnerability in index.php in EvilBoard 0.1a (Alpha) ...)
	NOT-FOR-US: EvilBoard
CVE-2008-0153 (telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers ...)
	NOT-FOR-US: Pragma TelnetServer
CVE-2008-0152 (SLnet.exe in SeattleLab SLNet RF Telnet Server 4.1.1.3758 and earlier ...)
	NOT-FOR-US: SeattleLab SLNet RF Telnet Server
CVE-2008-0151 (Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build ...)
	NOT-FOR-US: Foxit WAC Server
CVE-2008-0150 (Unspecified vulnerability in the LDAP authentication feature in Aruba ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2008-0149 (TUTOS 1.3 allows remote attackers to read system information via a ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0148 (TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows ...)
	- tutos <removed>
	- tutos2 <not-affected> (vulnerable code not present)
CVE-2008-0147 (SQL injection vulnerability in index.php in SmallNuke 2.0.4 and ...)
	NOT-FOR-US: SmallNuke
CVE-2008-0146 (Cross-site scripting (XSS) vulnerability in the error page in W3-mSQL ...)
	NOT-FOR-US: W3-mSQL
CVE-2008-0145 (Unspecified vulnerability in glob in PHP before 4.4.8, when ...)
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2008-0144 (PHP remote file inclusion vulnerability in index.php in NetRisk 1.9.7 ...)
	NOT-FOR-US: NetRisk
CVE-2008-0143 (PHP remote file inclusion vulnerability in common/db.php in samPHPweb, ...)
	NOT-FOR-US: samPHPweb
CVE-2008-0142 (Multiple SQL injection vulnerabilities in WebPortal CMS 0.6-beta allow ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0141 (actions.php in WebPortal CMS 0.6-beta generates predictable passwords ...)
	NOT-FOR-US: WebPortal CMS
CVE-2008-0140 (Directory traversal vulnerability in error.php in Uebimiau Webmail ...)
	NOT-FOR-US: Uebimiau Webmail
CVE-2008-0139 (Eval injection vulnerability in loudblog/inc/parse_old.php in Loudblog ...)
	NOT-FOR-US: Loudblog
CVE-2008-0138 (PHP remote file inclusion vulnerability in xoopsgallery/init_basic.php ...)
	NOT-FOR-US: XOOPS
CVE-2008-0137 (PHP remote file inclusion vulnerability in config.inc.php in SNETWORKS ...)
	NOT-FOR-US: SNETWORKS
CVE-2008-0136 (Snitz Forums 2000 3.4.05 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0135 (Snitz Forums 2000 3.4.06 and earlier stores sensitive information ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0134 (Cross-site scripting (XSS) vulnerability in Forums/setup.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2008-0133 (Multiple SQL injection vulnerabilities in Tribisur 2.1 and earlier ...)
	NOT-FOR-US: Tribisur
CVE-2008-0132 (Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long ...)
	NOT-FOR-US: Pragma FortressSSH
CVE-2008-0131 (Cross-site scripting (XSS) vulnerability in login_form.asp in Instant ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0130 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2008-0129 (SQL injection vulnerability in starnet/addons/slideshow_full.php in ...)
	NOT-FOR-US: Site@School
CVE-2008-0128 (The SingleSignOn Valve ...)
	{DSA-1468-1}
	- tomcat5 <removed> (unimportant)
	NOTE: SSO cookies not working in 5.0, have only been fixed in 5.5.13, see #34724
	- tomcat5.5 5.5.23-1 (low)
	NOTE: SSO cookies sent over secure connections do not require
	NOTE: secure connections, possibly defeating HTTPS encryption.
	NOTE: See: http://issues.apache.org/bugzilla/show_bug.cgi?id=41217
CVE-2008-0127 (The administration interface in McAfee E-Business Server 8.5.2 and ...)
	NOT-FOR-US: McAfee E-Business Server
CVE-2008-0126
	RESERVED
CVE-2008-0125 (Cross-site scripting (XSS) vulnerability in phpstats.php in Michael ...)
	NOT-FOR-US: Michael Wagner phpstats
CVE-2008-0124 (Cross-site scripting (XSS) vulnerability in Serendipity (S9Y) before ...)
	{DSA-1528-1}
	- serendipity 1.3~b1-1 (low; bug #469667)
CVE-2008-0123 (Cross-site scripting (XSS) vulnerability in install.php for Moodle ...)
	- moodle 1.9.8-1 (unimportant)
	NOTE: the issue itself has a quite small attack vector
	NOTE: and considering that the apache configuration that comes
	NOTE: with moodle limits connections to localhost this is no issue
CVE-2008-0122 (Off-by-one error in the inet_network function in libbind in ISC BIND ...)
	- bind <removed>
	[sarge] - bind <no-dsa> (applications will use inet_network in libc)
	[etch] - bind <no-dsa> (applications will use inet_network in libc)
	- bind9 <not-affected> (does not build libbind)
	- glibc 2.2-1
	NOTE: The fix for the BIND-based resolver in GNU libc was made in 2000.
	NOTE: libbind9 is distinct code, not related to the old libbind.
CVE-2008-0121 (A &quot;memory calculation error&quot; in Microsoft PowerPoint Viewer 2003 ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0120 (Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote ...)
	NOT-FOR-US: Microsoft PowerPoint Viewer
CVE-2008-0119 (Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP ...)
	NOT-FOR-US: Microsoft Publisher
CVE-2008-0118 (Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0117 (Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0116 (Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0115 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0114 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0113 (Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0112 (Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0111 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2008-0110 (Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2008-0109 (Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0108 (Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0107 (Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0106 (Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0105 (Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0104 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0103 (Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0102 (Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, ...)
	NOT-FOR-US: Microsoft Office
CVE-2008-0101 (Format string vulnerability in the swDebugf function in DuneApp.cpp in ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0100 (Stack-based buffer overflow in the Scene::errorf function in Scene.cpp ...)
	- whitedune 0.28.13-1 (medium)
CVE-2008-0099 (Multiple SQL injection vulnerabilities in MyPHP Forum 3.0 and earlier ...)
	NOT-FOR-US: MyPHP Forum
CVE-2008-0098 (Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote ...)
	NOT-FOR-US: RealPlayer
CVE-2008-0097 (Format string vulnerability in the log function in Georgia SoftWorks ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0096 (Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) ...)
	NOT-FOR-US: Georgia SoftWorks SSH2 Server
CVE-2008-0095 (The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, ...)
	- asterisk 1:1.4.17~dfsg-1 (medium; bug #458952)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x affected)
CVE-2008-0094 (Multiple directory traversal vulnerabilities in MODx Content ...)
	NOT-FOR-US: MODx Content Management System
CVE-2008-0093 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
	NOT-FOR-US: eTicket
CVE-2007-6676 (The default configuration of Uber Uploader (UU) 5.3.6 and earlier does ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-6675 (The b_system_comments_show function in ...)
	NOT-FOR-US: XOOPS
CVE-2007-6674 (Cross-site scripting (XSS) vulnerability in Default.asp in RapidShare ...)
	NOT-FOR-US: RapidShare Database
CVE-2007-6673 (Cross-site scripting (XSS) vulnerability in Makale Scripti allows ...)
	NOT-FOR-US: Makale Scripti
CVE-2007-6672 (Mortbay Jetty 6.1.5 and 6.1.6 allows remote attackers to bypass ...)
	- jetty 6.1.18-1 (medium; bug #462793; bug #559765)
CVE-2007-6671 (SQL injection vulnerability in login_form.asp in Instant Softwares ...)
	NOT-FOR-US: Instant Softwares Dating Site
CVE-2007-6670 (SQL injection vulnerability in search.php in PHCDownload 1.1.0 allows ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6669 (Cross-site scripting (XSS) vulnerability in search.php in PHCDownload ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6668 (admin/uploadgames.php in MySpace Content Zone (MCZ) 3.x does not ...)
	NOT-FOR-US: MySpace Content Zone
CVE-2008-0092 (Cross-site scripting (XSS) vulnerability in index.php in the search ...)
	NOT-FOR-US: Appalachian State University phpWebSite
CVE-2008-0091 (Directory traversal vulnerability in download2.php in AGENCY4NET ...)
	NOT-FOR-US: AGENCY4NET WEBFTP
CVE-2008-0090 (A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows ...)
	NOT-FOR-US: DivX Player
CVE-2008-0089 (SQL injection vulnerability in uprofile.php in ClipShare allows remote ...)
	NOT-FOR-US: ClipShare
CVE-2008-0088 (Unspecified vulnerability in Active Directory on Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2008-0087 (The DNS client in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0086 (Buffer overflow in the convert function in Microsoft SQL Server 2000 ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0085 (SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2008-0084 (Unspecified vulnerability in the TCP/IP support in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2008-0083 (The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2008-0082 (An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 ...)
	NOT-FOR-US: Windows Messenger
CVE-2008-0081 (Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2008-0080 (Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft ...)
	NOT-FOR-US: Windows
CVE-2008-0079
	REJECTED
CVE-2008-0078 (Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0077 (Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0076 (Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0075 (Unspecified vulnerability in Microsoft Internet Information Services ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0074 (Unspecified vulnerability in Microsoft Internet Information Services ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2008-0073 (Array index error in the sdpplin_parse function in ...)
	{DSA-1543-1 DSA-1536-1 DTSA-119-1 DTSA-128-1}
	- xine-lib 1.1.11-1 (medium)
	- vlc 0.8.6.e-2 (medium; bug #473057)
	NOTE: http://bugs.xine-project.org/show_bug.cgi?id=58
CVE-2008-0072 (Format string vulnerability in the emf_multipart_encrypted function in ...)
	{DSA-1512-1}
	- evolution 2.12.3-1.1
	NOTE: SA29057
CVE-2008-0071 (The Web UI interface in (1) BitTorrent before 6.0.3 build 8642 and (2) ...)
	NOT-FOR-US: uTorrent 1.7.7 (build 8179) / BitTorrent 6.0.1 (build 7859)
CVE-2008-0070 (Integer overflow in Orb Networks Orb 2.00.1014 and Winamp Remote BETA ...)
	NOT-FOR-US: Orb Networks Orb and Winamp Remote BETA
CVE-2008-0069 (Stack-based buffer overflow in XnView 1.92 and 1.92.1 allows ...)
	NOT-FOR-US: XnView
CVE-2008-0068 (Directory traversal vulnerability in OpenView5.exe in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2008-0067 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager (OV NNM)
CVE-2008-0066 (Multiple buffer overflows in htmsr.dll in the HTML speed reader in ...)
	NOT-FOR-US: KeyView
CVE-2008-0065 (Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, ...)
	NOT-FOR-US: Winamp
CVE-2008-0064 (Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView ...)
	NOT-FOR-US: XnView, nconvert GFL SDK for Windows
CVE-2008-0063 (The Kerberos 4 support in KDC in MIT Kerberos 5 (krb5kdc) does not ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (medium)
CVE-2008-0062 (KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for ...)
	{DSA-1524-1}
	- krb5 1.6.dfsg.3~beta1-4 (high)
CVE-2008-0060 (Help Viewer in Apple Mac OS X 10.4.11 and 10.5.2 allows remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0059 (Race condition in NSXML in Foundation for Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0058 (Race condition in the NSURLConnection cache management functionality ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0057 (Multiple integer overflows in a &quot;legacy serialization format&quot; parser ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0056 (Stack-based buffer overflow in Foundation in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0055 (Foundation in Apple Mac OS X 10.4.11 creates world-writable ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0054 (Foundation in Apple Mac OS X 10.4.11 might allow context-dependent ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0053 (Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS ...)
	{DSA-1625-1}
	- cupsys 1.3.6-1
	- cups 1.3.6-1
	NOTE: https://bugzilla.redhat.com/attachment.cgi?id=298651
CVE-2008-0052 (CoreServices in Apple Mac OS X 10.4.11 treats .ief as a safe file ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0051 (Integer overflow in CoreFoundation in Apple Mac OS X 10.4.11 might ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0050 (CFNetwork in Apple Mac OS X 10.4.11 allows remote HTTPS proxy servers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0049 (AppKit in Apple Mac OS X 10.4.11 inadvertently makes an NSApplication ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0048 (Stack-based buffer overflow in AppKit in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0047 (Heap-based buffer overflow in the cgiCompileSearch function in CUPS ...)
	{DSA-1530-1}
	- cupsys 1.3.6-3 (medium; bug #472105)
	- cups 1.3.6-3 (medium; bug #472105)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2008-0046 (The Application Firewall in Apple Mac OS X 10.5.2 has an incorrect ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0045 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0044 (Multiple buffer overflows in AFP Client in Apple Mac OS X 10.4.11 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2008-0043 (Format string vulnerability in Apple iPhoto before 7.1.2 allows remote ...)
	NOT-FOR-US: Apple iPhoto
CVE-2008-0042 (Argument injection vulnerability in Terminal.app in Terminal in Apple ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0041 (Parental Controls in Apple Mac OS X 10.5 through 10.5.1 contacts ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0040 (Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0039 (Unspecified vulnerability in Mail in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0038 (Launch Services in Apple Mac OS X 10.5 through 10.5.1 allows an ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0037 (X11 in Apple Mac OS X 10.5 through 10.5.1 does not properly handle ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2008-0036 (Buffer overflow in Apple QuickTime before 7.4 allows remote attackers ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0035 (Unspecified vulnerability in Foundation, as used in Apple iPhone 1.0 ...)
	NOT-FOR-US: Apple cocoa Foundation
	NOTE: AFAICS this is not the same as libfoundation in Debian
CVE-2008-0034 (Unspecified vulnerability in Passcode Lock in Apple iPhone 1.0 through ...)
	NOT-FOR-US: Apple iPhone
CVE-2008-0033 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0032 (Apple QuickTime before 7.4 allows remote attackers to execute ...)
	NOT-FOR-US: Apple QuickTime
CVE-2008-0031 (Unspecified vulnerability in Apple QuickTime before 7.4 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6667 (SQL injection vulnerability in faq.php in MyPHP Forum 3.0 and earlier ...)
	NOT-FOR-US: MyPHP Forum
CVE-2007-6666 (SQL injection vulnerability in rss.php in Zenphoto 1.1 through 1.1.3 ...)
	NOT-FOR-US: Zenphoto
CVE-2007-6665 (SQL injection vulnerability in admin/login.asp in Netchemia oneSCHOOL ...)
	NOT-FOR-US: Netchemia
CVE-2007-6664 (SQL injection vulnerability in index.php in WebPortal CMS 0.6.0 and ...)
	NOT-FOR-US: WebPortal
CVE-2007-6663 (SQL injection vulnerability in (1) Puarcade.php and (2) ...)
	NOT-FOR-US: Pragmatic Utopia PU Arcade
CVE-2007-6662 (Directory traversal vulnerability in file.php in CuteNews 2.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2007-6661 (2z project 0.9.6.1 allows attackers to change the password without ...)
	NOT-FOR-US: 2z project
CVE-2007-6660 (2z project 0.9.6.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: 2z project
CVE-2007-6659 (Multiple cross-site scripting (XSS) vulnerabilities in 2z project ...)
	NOT-FOR-US: 2z project
CVE-2007-6658 (SQL injection vulnerability in admin.php/vars.php in CustomCMS (CCMS) ...)
	NOT-FOR-US: CCMS
CVE-2007-6657 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mihalism
CVE-2007-6656 (SQL injection vulnerability in content_css.php in the TinyMCE module ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-6655 (PHP remote file inclusion vulnerability in includes/function.php in ...)
	NOT-FOR-US: Kontakt Formular
CVE-2007-6654 (Buffer overflow in a certain ActiveX control in Macrovision ...)
	NOT-FOR-US: Macrovision InstallShield Update Service Web Agent
CVE-2007-6653 (Directory traversal vulnerability in download.php in Mihalism Multi ...)
	NOT-FOR-US: Mihalism
CVE-2007-6652 (cpie.php in XCMS 1.83 and earlier sends a redirect to the web browser ...)
	NOT-FOR-US: XCMS
CVE-2007-6651 (Directory traversal vulnerability in wiki/edit.php in Bitweaver R2 CMS ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6650 (Unrestricted file upload vulnerability in fisheye/upload.php in ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6649 (PHP remote file inclusion vulnerability in includes/tumbnail.php in ...)
	NOT-FOR-US: MatPo Bilder Gallery
CVE-2007-6648 (Directory traversal vulnerability in index.php in SanyBee Gallery ...)
	NOT-FOR-US: SanyBee Gallery
CVE-2007-6647 (SQL injection vulnerability in index.php in w-Agora 4.2.1 and earlier ...)
	NOT-FOR-US: w-Agora
CVE-2007-6646 (Multiple cross-site scripting (XSS) vulnerabilities in LiveCart 1.0.1, ...)
	NOT-FOR-US: LiveCart
CVE-2007-6645 (Unspecified vulnerability in Joomla! before 1.5 RC4 allows remote ...)
	NOT-FOR-US: Joomla
CVE-2007-6644 (Joomla! before 1.5 RC4 allows remote authenticated administrators to ...)
	NOT-FOR-US: Joomla
CVE-2007-6643 (Cross-site scripting (XSS) vulnerability in the com_poll component in ...)
	NOT-FOR-US: Joomla
CVE-2007-6642 (Multiple cross-site request forgery (CSRF) vulnerabilities in Joomla! ...)
	NOT-FOR-US: Joomla
CVE-2007-6641 (Cross-site scripting (XSS) vulnerability in dir.php in milliscripts ...)
	NOT-FOR-US: milliscripts
CVE-2007-6640 (Creammonkey 0.9 through 1.1 and GreaseKit 1.2 through 1.3 does not ...)
	NOT-FOR-US: Creammonkey and GreaseKit
CVE-2007-6639 (SQL injection vulnerability in index.php in IPTBB 0.5.4 and earlier ...)
	NOT-FOR-US: IPTBB
CVE-2007-6638 (March Networks DVR 3204 stores sensitive information under the web ...)
	NOT-FOR-US: March Networks
CVE-2007-6637 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...)
	- flashplugin-nonfree 1:1.4 (bug #459071)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	NOTE: http://www.adobe.com/support/security/advisories/apsa07-06.html
CVE-2007-6636 (Unspecified vulnerability in the StorageFarabDb module in Bitflu ...)
	NOT-FOR-US: Bitflu
CVE-2007-6635 (FAQMasterFlexPlus, possibly 1.5 or 1.52, stores the admin password in ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6634 (Multiple SQL injection vulnerabilities in FAQMasterFlexPlus, possibly ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6633 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: FAQMasterFlexPlus
CVE-2007-6632 (showCode.php in xml2owl 0.1.1 allows remote attackers to execute ...)
	NOT-FOR-US: xml2owl
CVE-2007-6631 (Multiple buffer overflows in LScube libnemesi 0.6.4-rc1 and earlier ...)
	NOT-FOR-US: LScube libnemesi
CVE-2007-6630 (The Url_init function in utils/url.c in Netembryo 0.0.4, when used by ...)
	NOT-FOR-US: Netembryo
CVE-2007-6629 (Interpretation conflict in LScube Feng 0.1.15 and earlier allows ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6628 (LScube Feng 0.1.15 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6627 (Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6626 (Multiple buffer overflows in the RTSP_valid_response_msg function in ...)
	NOT-FOR-US: LScube Feng
CVE-2007-6625 (The Platform Service Process (asampsp) in Fan-Out Driver Platform ...)
	NOT-FOR-US: Platform Service Process (asampsp)
CVE-2007-6624 (Directory traversal vulnerability in printview.php in PNphpBB2 1.2i ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-6623 (Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6622 (SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier ...)
	NOT-FOR-US: ZeusCMS
CVE-2007-6621 (Directory traversal vulnerability in joovili.images.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2007-6620 (Directory traversal vulnerability in include/images.inc.php in Joovili ...)
	NOT-FOR-US: Joovili
CVE-2007-6619 (The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 ...)
	NOT-FOR-US: Setup Wizard in Atlassian JIRA Enterprise Edition
CVE-2007-6618 (JIRA Enterprise Edition before 3.12.1 allows remote attackers to ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6617 (Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA ...)
	NOT-FOR-US: JIRA Enterprise Edition
CVE-2007-6616 (Cross-site scripting (XSS) vulnerability in simpleforum.cgi in ...)
	NOT-FOR-US: SimpleForum
CVE-2007-6615 (Directory traversal vulnerability in includes/block.php in Agares ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6614 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
	NOT-FOR-US: Agares Media phpAutoVideo
CVE-2007-6613 (Stack-based buffer overflow in the print_iso9660_recurse function in ...)
	- libcdio 0.78.2+dfsg1-2 (low; bug #459129)
	[sarge] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	[etch] - libcdio <not-affected> (Packages prior to 0.78.2 didn't build the tools into binary package)
	NOTE: applications that use libcdio are not vulnerable, problem only lies in the info tool
CVE-2007-6610 (unp 1.0.12, and other versions before 1.0.14, does not properly escape ...)
	- unp 1.0.13 (bug #448437; low)
	[etch] - unp <no-dsa> (Only used as archiver in third-party software)
CVE-2007-6609 (Multiple stack-based buffer overflows in the CPLI_ReadTag_OGG function ...)
	NOT-FOR-US: CoolPlayer
CVE-2007-6608 (Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6607 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6606 (OpenBiblio 0.5.2-pre4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-6605 (Buffer overflow in a certain ActiveX control in SkyFexClient.ocx ...)
	NOT-FOR-US: SkyFex Client
CVE-2007-6604 (Multiple directory traversal vulnerabilities in index.php in XCMS 1.82 ...)
	NOT-FOR-US: XCMS
CVE-2007-6603 (Hot or Not Clone has insufficient access control for producing and ...)
	NOT-FOR-US: Hot or Not Clone
CVE-2007-6602 (SQL injection vulnerability in app/models/identity.php in NoseRub ...)
	NOT-FOR-US: NoseRub
CVE-2007-6601 (The DBLink module in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
CVE-2007-6600 (PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	[sarge] - postgresql <unfixed>
CVE-2007-6597 (Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before ...)
	NOT-FOR-US: IPortalX
CVE-2007-6599 (Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 ...)
	{DSA-1458-1}
	- openafs 1.4.6.dfsg1-1 (medium)
	NOTE: http://www.openafs.org/security/OPENAFS-SA-2007-003.txt
CVE-2007-6595 (ClamAV 0.92 allows local users to overwrite arbitrary files via a ...)
	{DSA-1497-1}
	- clamav 0.92.1~dfsg-1 (low; bug #458532)
	[etch] - clamav <not-affected> (Minor issue, first issue doesn't apply)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
CVE-2007-6596 (ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...)
	- clamav 0.92.1~dfsg-1 (unimportant; bug #458532)
	[etch] - clamav <no-dsa> (Minor issue)
	[sarge] - clamav <no-dsa> (Security Support has stopped)
	NOTE: this is more a feature request than a bug
CVE-2007-6594 (IBM Lotus Notes 8 for Linux before 8.0.1 uses (1) unspecified weak ...)
	NOT-FOR-US: Lotus Notes
CVE-2007-6593 (Multiple stack-based buffer overflows in l123sr.dll in Autonomy ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-6592 (Apple Safari 2, when a user accepts an SSL server certificate on the ...)
	NOT-FOR-US: Safari
CVE-2007-6591 (KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server ...)
	- kdebase 4:4.0.3-1 (low; bug #458968)
	[etch] - kdebase <no-dsa> (Minor issue)
	[lenny] - kdebase <no-dsa> (Minor issue)
	NOTE: filed http://bugs.kde.org/show_bug.cgi?id=154921
	NOTE: No longer occurs in KDE 4.0.3 according to upstream bug
CVE-2007-6590
	REJECTED
CVE-2007-6589 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...)
	{DSA-1534-1}
	- iceape 1.1.7-1 (medium)
	- iceweasel 2.0.0.10-1 (medium)
CVE-2007-6588 (Cross-site scripting (XSS) vulnerability in PHCDownload 1.10 allows ...)
	NOT-FOR-US: PHCDownload
CVE-2007-6587 (SQL injection vulnerability in plog-rss.php in Plogger 1.0 Beta 3.0 ...)
	NOT-FOR-US: Plogger
CVE-2007-6586 (SQL injection vulnerability in sezione_news.php in nicLOR-CMS allows ...)
	NOT-FOR-US: nicLOR-CMS
CVE-2007-6585 (PHP remote file inclusion vulnerability in confirmUnsubscription.php ...)
	NOT-FOR-US: NmnNewsletter
CVE-2007-6584 (Multiple directory traversal vulnerabilities in 1024 CMS 1.3.1 allow ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6583 (SQL injection vulnerability in admin/ops/findip/ajax/search.php in ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-6582 (Directory traversal vulnerability in index.php in mBlog 1.2 allows ...)
	NOT-FOR-US: mBlog
CVE-2007-6581 (Multiple directory traversal vulnerabilities in Social Engine 2.0 ...)
	NOT-FOR-US: Social Engine
CVE-2007-6580 (Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow ...)
	NOT-FOR-US: Wallpaper Site
CVE-2007-6579 (Multiple SQL injection vulnerabilities in Ip Reg 0.3 allow remote ...)
	NOT-FOR-US: Ip Reg
CVE-2007-6578 (SQL injection vulnerability in go.php in PHP ZLink 0.3 allows remote ...)
	NOT-FOR-US: PHP ZLink
CVE-2007-6577 (Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow ...)
	NOT-FOR-US: zBlog
CVE-2007-6576 (Multiple SQL injection vulnerabilities in Adult Script 1.6.5 and ...)
	NOT-FOR-US: Adult Script
CVE-2007-6575 (SQL injection vulnerability in default.php in MMSLamp allows remote ...)
	NOT-FOR-US: MMSLamp
CVE-2007-6574 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.4 ...)
	NOT-FOR-US: Dokeos
CVE-2007-6573 (QK SMTP Server 3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: QK SMTP
CVE-2007-6572 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Server ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-6571 (Cross-site scripting (XSS) vulnerability in Sun Java System Web Proxy ...)
	NOT-FOR-US: Sun Java System Web Proxy
CVE-2007-6570 (Cross-site scripting (XSS) vulnerability in the View URL Database ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6569 (Cross-site scripting (XSS) vulnerability in the View Error Log ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2007-6568 (PHP remote file inclusion vulnerability in config.inc.php in XZero ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6567 (Directory traversal vulnerability in index.php in XZero Community ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6566 (SQL injection vulnerability in post.php in XZero Community Classifieds ...)
	NOT-FOR-US: XZero Community Classifieds
CVE-2007-6565 (Multiple SQL injection vulnerabilities in Blakord Portal 1.3.A Beta ...)
	NOT-FOR-US: Blakord Portal
CVE-2007-6611 (Cross-site scripting (XSS) vulnerability in view.php in Mantis before ...)
	{DSA-1467-1}
	- mantis 1.0.8-4 (low; bug #458377)
CVE-2007-6683 (The browser plugin in VideoLAN VLC 0.8.6d allows remote attackers to ...)
	{DSA-1543-1 DTSA-132-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	- mozilla-browser-plugin 0.8.6.e-2.2 (bug #480370)
	NOTE: the plugin is in the same srcpkg but has its own implementation for VLCOPT
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see https://trac.videolan.org/vlc/ticket/1371
CVE-2007-6682 (Format string vulnerability in the httpd_FileCallBack function ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (medium; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6681 (Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN ...)
	{DSA-1543-1}
	- vlc 0.8.6.c-4.1 (low; bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: see http://www.securityfocus.com/archive/1/485488/30/0/threaded
CVE-2007-6684 (The RTSP module in VideoLAN VLC 0.8.6d allows remote attackers to ...)
	- vlc 0.8.6.c-4.1 (bug #458318)
	[lenny] - vlc 0.8.6.c-4.1~lenny1
	NOTE: That's hardly a security problem, just a bug
CVE-2007-6598 (Dovecot before 1.0.10, with certain configuration options including ...)
	{DSA-1457-1}
	- dovecot 1:1.0.10-1 (low; bug #458315)
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
	[etch] - dovecot <no-dsa> (very minor issue)
	NOTE: http://dovecot.org/list/dovecot-news/2007-December/000057.html
	NOTE: low, because issue is only with quite rare configurations
CVE-2007-6612 (Directory traversal vulnerability in DirHandler ...)
	- mongrel 1.1.3-1 (medium)
CVE-2007-6564 (Cross-site scripting (XSS) vulnerability in admin.php in Limbo CMS ...)
	NOT-FOR-US: Limbo CMS
CVE-2007-6563 (Heap-based buffer overflow in WinAce 2.65 and earlier, and possibly ...)
	NOT-FOR-US: WinAce
CVE-2007-6562 (Multiple stack-based buffer overflows in the use of FD_SET in TCPreen ...)
	{DSA-1443-1}
	- tcpreen 1.4.3-0.3 (medium; bug #457781)
CVE-2007-6561 (Multiple stack-based buffer overflows in PDFLib allow user-assisted ...)
	NOT-FOR-US: PDFLib
CVE-2007-6560 (Multiple cross-site scripting (XSS) vulnerabilities in Logaholic ...)
	NOT-FOR-US: Logaholic
CVE-2007-6559 (Multiple SQL injection vulnerabilities in Logaholic before 2.0 RC8 ...)
	NOT-FOR-US: Logaholic
CVE-2007-6558 (TotalPlayer 3.0 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: TotalPlayer
CVE-2007-6557 (Multiple SQL injection vulnerabilities in MeGaCheatZ 1.1 allow remote ...)
	NOT-FOR-US: MeGaCheatZ
CVE-2007-6556 (Multiple SQL injection vulnerabilities in websihirbazi 5.1.1 allow ...)
	NOT-FOR-US: websihirbazi
CVE-2007-6555 (PHP remote file inclusion vulnerability in modules/mod_pxt_latest.php ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6554 (Multiple directory traversal vulnerabilities in TeamCal Pro 3.1.000 ...)
	NOT-FOR-US: TeamCal
CVE-2007-6553 (Multiple PHP remote file inclusion vulnerabilities in TeamCal Pro ...)
	NOT-FOR-US: TeamCal
CVE-2007-6552 (Directory traversal vulnerability in index.php in AuraCMS 2.2 allows ...)
	NOT-FOR-US: AuraCMS
CVE-2007-6551 (SQL injection vulnerability in showMsg.php in MailMachine Pro 2.2.4, ...)
	NOT-FOR-US: MailMachine
CVE-2007-6550 (form.php in PMOS Help Desk 2.4 and earlier sends a redirect to the web ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2007-6549 (Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact ...)
	NOT-FOR-US: RunCMS
CVE-2007-6548 (Multiple direct static code injection vulnerabilities in RunCMS before ...)
	NOT-FOR-US: RunCMS
CVE-2007-6547 (RunCMS before 1.6.1 does not require entry of the old password during ...)
	NOT-FOR-US: RunCMS
CVE-2007-6546 (RunCMS before 1.6.1 uses a predictable session id, which makes it ...)
	NOT-FOR-US: RunCMS
CVE-2007-6545 (Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before ...)
	NOT-FOR-US: RunCMS
CVE-2007-6544 (Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow ...)
	NOT-FOR-US: RunCMS
CVE-2007-6543 (SQL injection vulnerability in suggest-link.php in eSyndiCat Link ...)
	NOT-FOR-US: eSyndiCat Link Exchange Script
CVE-2007-6542 (PHP remote file inclusion vulnerability in admin/frontpage_right.php ...)
	NOT-FOR-US: Arcadem LEArcadem LE
CVE-2007-6541 (Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 ...)
	NOT-FOR-US: neuron news
CVE-2007-6540 (SQL injection vulnerability in neuron news 1.0 allows remote attackers ...)
	NOT-FOR-US: neuron news
CVE-2007-6539 (PHP local file inclusion vulnerability in index.php in IDevspot ...)
	NOT-FOR-US: IDevspot iSupport
CVE-2007-6538 (SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php ...)
	- moodle <not-affected> (Vulnerable code not present, third party module)
CVE-2007-6537 (Stack-based buffer overflow in the zfile_gunzip function in zfile.c in ...)
	NOT-FOR-US: WinUAE
CVE-2007-6536 (The Custom Button Installer dialog in Google Toolbar 4 and 5 beta ...)
	NOT-FOR-US: Google Toolbar
CVE-2007-6535 (Buffer overflow in the YShortcut ActiveX control in YShortcut.dll ...)
	NOT-FOR-US: YShortcut ActiveX control
CVE-2007-6534 (Multiple unspecified vulnerabilities in Microsoft Office Publisher ...)
	NOT-FOR-US: Microsoft Office Publisher
CVE-2007-6533 (Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows ...)
	NOT-FOR-US: Zoom Player
CVE-2007-6532 (Double free vulnerability in the Widget Library (libxfcegui4) in Xfce ...)
	- libxfcegui4 4.4.2 (low)
	[sarge] - libxfcegui4 <no-dsa> (Minor issue)
	[etch] - libxfcegui4 <no-dsa> (Minor issue)
CVE-2007-6531 (Stack-based buffer overflow in the Panel (xfce4-panel) component in ...)
	- xfce4-panel 4.4.2 (low)
	[sarge] - xfce4-panel <no-dsa> (Minor issue)
	[etch] - xfce4-panel <no-dsa> (Minor issue)
CVE-2007-6530 (Buffer overflow in the XUpload.ocx ActiveX control in Persits Software ...)
	NOT-FOR-US: XUpload
CVE-2007-6529 (Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have ...)
	- tikiwiki <removed>
CVE-2007-6528 (Directory traversal vulnerability in tiki-listmovies.php in TikiWiki ...)
	- tikiwiki <removed>
CVE-2007-6527 (uploadimg.php in the Automatic Image Upload with Thumbnails ...)
	NOT-FOR-US: PunBB
CVE-2007-6526 (Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in ...)
	- tikiwiki <removed>
CVE-2007-6525 (Unspecified vulnerability in eClient in IBM DB2 Content Manager (CM) ...)
	NOT-FOR-US: IBM DB2 Content Manager
CVE-2007-6524 (Opera before 9.25 allows remote attackers to obtain potentially ...)
	NOT-FOR-US: Opera
CVE-2007-6523 (Algorithmic complexity vulnerability in Opera 9.50 beta and 9.x before ...)
	NOT-FOR-US: Opera
CVE-2007-6522 (The rich text editing functionality in Opera before 9.25 allows remote ...)
	NOT-FOR-US: Opera
CVE-2007-6521 (Unspecified vulnerability in Opera before 9.25 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-6520 (Opera before 9.25 allows remote attackers to conduct cross-domain ...)
	NOT-FOR-US: Opera
CVE-2007-6519 (Unspecified vulnerability in the File-on-File Mounting File System ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-6518 (Multiple SQL injection vulnerabilities in search.php in WoltLab ...)
	NOT-FOR-US: WoltLab Burning Board
CVE-2007-6517 (SQL injection vulnerability in the forget password section ...)
	NOT-FOR-US: Eagle Software Aeries Browser Interface
CVE-2007-6516 (Buffer overflow in RavWare Software MAS Flic ActiveX Control ...)
	NOT-FOR-US: RavWare Software MAS Flic ActiveX Control
CVE-2007-6515 (support/dispatch.cgi in SiteScape Forum allows remote attackers to ...)
	NOT-FOR-US: SiteScape
CVE-2007-6513 (HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports ...)
	NOT-FOR-US: HP eSupportDiagnostics ActiveX control
CVE-2007-6512 (PHP MySQL Banner Exchange 2.2.1 stores sensitive information under the ...)
	NOT-FOR-US: PHP MySQL Banner Exchange
CVE-2007-6511 (Websense Enterprise 6.3.1 allows remote attackers to bypass content ...)
	NOT-FOR-US: Websense Enterprise
CVE-2007-6510 (Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 ...)
	NOT-FOR-US: ProWizard
CVE-2007-6509 (Unspecified vulnerability in Appian Enterprise Business Process ...)
	NOT-FOR-US: Appian Enterprise Business Process Management Suite
CVE-2007-6508 (Directory traversal vulnerability in view.php in xeCMS 1.0 allows ...)
	NOT-FOR-US: xeCMS
CVE-2007-6514 (Apache HTTP Server, when running on Linux with a document root on a ...)
	- linux-2.6 2.6.17-1 (low; bug #529318)
	- linux-2.6.24 <not-affected> (Fixed before initial upload, 2.6.17)
	NOTE: While labeled as an Apache flaw, fix required in smbfs
CVE-2007-XXXX [venkman preinst symlink dos]
	- venkman 0.9.87.2-1 (bug #456520)
	[lenny] - venkman <not-affected> (Vulnerable code not present)
	[sarge] - venkman <not-affected> (Vulnerable code not present)
	[etch] - venkman <not-affected> (Vulnerable code not present)
CVE-2007-XXXX [unace unspecified security issue related to uninitialized variable]
	- unace-nonfree 2.5-3
	[etch] - unace-nonfree 2.5-1etch1
CVE-2007-6507 (SpntSvc.exe daemon in Trend Micro ServerProtect 5.58 for Windows, ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-6506 (The HPRulesEngine.ContentCollection.1 ActiveX Control in ...)
	NOT-FOR-US: HP Software Update
CVE-2007-6505 (Solaris 9, with Solaris Auditing enabled and certain patches for sshd ...)
	NOT-FOR-US: Solaris
CVE-2007-6504 (Unspecified vulnerability in IIS/iibind.asp in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6503 (Multiple unspecified vulnerabilities in Hosting Controller 6.1 Hot fix ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6502 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6501 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6500 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6499 (Unspecified vulnerability in Hosting Controller 6.1 Hot fix 3.3 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6498 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 Hot ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6497 (Hosting Controller 6.1 Hot fix 3.3 and earlier (1) allows remote ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6496 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6495 (inc_newuser.asp in Hosting Controller 6.1 Hot fix 3.3 and earlier ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6494 (Hosting Controller 6.1 Hot fix 3.3 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2007-6493 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...)
	NOT-FOR-US: iMesh
CVE-2007-6492 (The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and ...)
	NOT-FOR-US: iMesh
CVE-2007-6491 (Multiple SQL injection vulnerabilities in Kvaliitti WebDoc 3.0 CMS ...)
	NOT-FOR-US: Kvaliitti WebDoc CMS
CVE-2007-6490 (Cross-site request forgery (CSRF) vulnerability in Falcon Series One ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6489 (Multiple cross-site scripting (XSS) vulnerabilities in Falcon Series ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6488 (Multiple PHP remote file inclusion vulnerabilities in Falcon Series ...)
	NOT-FOR-US: Falcon Series One CMS
CVE-2007-6487 (Unspecified vulnerability in Plain Black WebGUI 7.4.0 through 7.4.17 ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-6486 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php (aka ...)
	NOT-FOR-US: LineShout
CVE-2007-6485 (Multiple PHP remote file inclusion vulnerabilities in Centreon 1.4.1 ...)
	NOT-FOR-US: Centreon
CVE-2007-6484 (SQL injection vulnerability in index.php in phpRPG 0.8 allows remote ...)
	NOT-FOR-US: phpRPG
CVE-2007-6483 (Directory traversal vulnerability in SafeNet Sentinel Protection ...)
	NOT-FOR-US: SafeNet Sentinel Protection and Keys Server
CVE-2007-6482 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6481 (Unspecified vulnerability in the Device Manager daemon (utdevmgrd) in ...)
	NOT-FOR-US: utdevmgrd in Sun Ray Server Software
CVE-2007-6480 (The Oracle database component in Sun Management Center (Sun MC) 3.6.1, ...)
	NOT-FOR-US: Oracle database component in Sun Management Center
CVE-2007-6479 (Unrestricted file upload vulnerability in the &quot;My productions&quot; ...)
	NOT-FOR-US: Dokeos
CVE-2007-6478 (Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and ...)
	NOT-FOR-US: Rosoft Media Player
CVE-2007-6477 (Cross-site scripting (XSS) vulnerability in the on-line help feature ...)
	NOT-FOR-US: Citrix Web Interface and NFuse
CVE-2007-6476 (GF-3XPLORER 2.4 allows remote attackers to obtain configuration ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6475 (Multiple directory traversal vulnerabilities in GF-3XPLORER 2.4 allow ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6474 (Multiple cross-site scripting (XSS) vulnerabilities in GF-3XPLORER 2.4 ...)
	NOT-FOR-US: GF-3XPLORER
CVE-2007-6473 (Heap-based buffer overflow in Texas Imperial Software WFTPD Pro ...)
	NOT-FOR-US: WFTPD Explorer Pro
CVE-2007-6472 (Multiple SQL injection vulnerabilities in phpMyRealty (PMR) 1.0.9 ...)
	NOT-FOR-US: phpMyRealty
CVE-2007-6471 (Incomplete blacklist vulnerability in main.php in phPay 2.02.01 on ...)
	NOT-FOR-US: phPay
CVE-2007-6470 (phpRPG 0.8 stores sensitive information under the web root with ...)
	NOT-FOR-US: phpRPG
CVE-2007-6469 (SQL injection vulnerability in index.php in phpRPG 0.8, when ...)
	NOT-FOR-US: phpRPG
CVE-2007-6468 (Buffer overflow in the HuffDecode function in ...)
	NOT-FOR-US: Hammer of Thyrion
CVE-2007-6467 (SQL injection vulnerability in index.php in MKPortal 1.1 RC1 allows ...)
	NOT-FOR-US: MKPortal
CVE-2007-6466 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2007-6465 (Multiple cross-site scripting (XSS) vulnerabilities in ganglia-web in ...)
	- ganglia-monitor-core <not-affected> (ganglia web-frontend not included)
CVE-2007-6464 (Multiple PHP remote file inclusion vulnerabilities in Form tools ...)
	NOT-FOR-US: Form tools
CVE-2007-6463 (Multiple cross-site scripting (XSS) vulnerabilities in the admin panel ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6462 (SQL injection vulnerability in fullnews.php in PHP Real Estate ...)
	NOT-FOR-US: PHP Real Estate Classifieds
CVE-2007-6461 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	- flyspray <removed>
CVE-2007-6460 (Multiple cross-site scripting (XSS) vulnerabilities in Anon Proxy ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6459 (Anon Proxy Server 0.100, and probably 0.101, allows remote attackers ...)
	NOT-FOR-US: Anon Proxy Server
CVE-2007-6458 (SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 ...)
	NOT-FOR-US: 123tkShop
CVE-2007-6457 (Stack-based buffer overflow in the webmail feature in SurgeMail 38k4 ...)
	NOT-FOR-US: NetWin SurgeMail 38k4
CVE-2007-6456 (Unspecified vulnerability in OpenOffice.org code in Planamesa ...)
	NOT-FOR-US: Planamesa NeoOffice
	NOTE: referring to OpenOffice security team this is what is described in CVE-2007-4575 for OO
CVE-2007-6455 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Mambo
	NOTE: Mambo is in experimental
CVE-2007-6454 (Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp ...)
	{DSA-1583-1 DSA-1441-1}
	- peercast 0.1218+svn20071220+2 (medium; bug #457300)
	- gnome-peercast 0.5.4-1.2 (medium; bug #466539)
CVE-2007-6453 (Directory traversal vulnerability in raidenhttpd-admin/workspace.php ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-6452 (Unspecified vulnerability in the benchmark reporting system in Google ...)
	- gwt 1.6.4-1 (low; bug #563542)
CVE-2007-6451 (Unspecified vulnerability in the CIP dissector in Wireshark (formerly ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6450 (The RPL dissector in Wireshark (formerly Ethereal) 0.9.8 to 0.99.6 ...)
	{DSA-1446-1 DTSA-104-1}
	- wireshark 0.99.7-1
	- ethereal <removed>
CVE-2007-6449
	REJECTED
CVE-2007-6448
	REJECTED
CVE-2007-6447
	REJECTED
CVE-2007-6446
	REJECTED
CVE-2007-6445
	REJECTED
CVE-2007-6444
	REJECTED
CVE-2007-6443
	REJECTED
CVE-2007-6442
	REJECTED
CVE-2007-6441 (The WiMAX dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6440
	REJECTED
CVE-2007-6439 (Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6438 (Unspecified vulnerability in the SMB dissector in Wireshark (formerly ...)
	{DTSA-104-1}
	- wireshark 0.99.7-1
	[sarge] - ethereal <not-affected> (vulnerable code introduced in 0.99.6)
	[etch] - wireshark <not-affected> (vulnerable code introduced in 0.99.6)
CVE-2007-6437 (Balabit syslog-ng 2.0.x before 2.0.6 and 2.1.x before 2.1.8 allows ...)
	{DSA-1464-1 DTSA-105-1}
	- syslog-ng 2.0.6-1 (low; bug #457334)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...)
	NOT-FOR-US: predating security tracker
CVE-2008-0030
	REJECTED
CVE-2008-0029 (Cisco Application Velocity System (AVS) before 5.1.0 is installed with ...)
	NOT-FOR-US: Cisco
CVE-2008-0028 (Unspecified vulnerability in Cisco PIX 500 Series Security Appliance ...)
	NOT-FOR-US: Cisco
CVE-2008-0027 (Heap-based buffer overflow in the Certificate Trust List (CTL) ...)
	NOT-FOR-US: Cisco
CVE-2008-0026 (SQL injection vulnerability in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2007-6436 (Stack-based buffer overflow in JSGCI.DLL in JustSystems Ichitaro 2005, ...)
	NOT-FOR-US: JustSystems
CVE-2007-6435 (Stack-based buffer overflow in Novell GroupWise before 6.5.7, when ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-6434 (Linux kernel 2.6.23 allows local users to create low pages in virtual ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Only Linux 2.6.23 and above affected)
CVE-2007-6433 (The getRenderedEjbql method in the org.jboss.seam.framework.Query ...)
	- jbosseam <itp> (bug #451956)
CVE-2007-6432 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6431 (Unspecified vulnerability in Adobe Flash Media Server 2 before 2.0.5, ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6430 (Asterisk Open Source 1.2.x before 1.2.26 and 1.4.x before 1.4.16, and ...)
	{DSA-1525-1}
	- asterisk 1:1.4.16.2~dfsg-1 (low; bug #457063)
	[etch] - asterisk <no-dsa> (Minor issue, eventually fix in a later DSA)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6429 (Multiple integer overflows in X.Org Xserver before 1.4.1 allow ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6428 (The ProcGetReservedColormapEntries function in the TOG-CUP extension ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6427 (The XInput extension in X.Org Xserver before 1.4.1 allows ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-6426 (Multiple heap-based buffer overflows in EMC RepliStor 6.2 SP2, and ...)
	NOT-FOR-US: EMC RepliStor
CVE-2007-6425 (Unspecified vulnerability in HP-UX B.11.31, when running ARPA ...)
	NOT-FOR-US: HP-UX
CVE-2007-6424 (registry.pl in Fonality Trixbox 2.0 PBX products, when running in ...)
	NOT-FOR-US: Fonality Trixbox
CVE-2007-6423 (** DISPUTED ** ...)
	- apache2 <not-affected> (disputed / only for Windows)
CVE-2007-6422 (The balancer_handler function in mod_proxy_balancer in the Apache HTTP ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6421 (Cross-site scripting (XSS) vulnerability in balancer-manager in ...)
	- apache2 2.2.8-1 (low)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2007-6420 (Cross-site request forgery (CSRF) vulnerability in the ...)
	- apache2 2.2.9-1 (low)
	[etch] - apache2 <no-dsa> (minor issue)
	[sarge] - apache2 <not-affected> (vulnerable code introduced in 2.2)
	NOTE: Won't be fixed in etch.
CVE-2007-6419 (Unspecified vulnerability in rpc.yppasswdd in HP HP-UX B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2007-6417 (The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6416 (The copy_to_user function in the PAL emulation functionality for Xen ...)
	- xen-unstable <not-affected> (We only have xen for i386 and amd64)
	- xen-3 <not-affected> (We only have xen for i386 and amd64)
	- xen-3.0 <not-affected> (We only have xen for i386 and amd64)
CVE-2007-6415 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
	{DSA-1473-1}
	- scponly 4.6-1.2 (high)
CVE-2007-6414 (admin/administrator.php in Adult Script 1.6 and earlier sends a ...)
	NOT-FOR-US: Adult ScriptAdult Script
CVE-2007-6413 (Sun Solaris 10 with the 120011-04 and 120012-04 patches, and later ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6412 (Direct static code injection vulnerability in wiki/index.php in ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6411 (Multiple buffer overflows in the HandleEmotsConfig function in the GG ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6410 (Gadu-Gadu does not properly perform protocol handling, which allows ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6409 (The gg protocol handler in Gadu-Gadu, when this product is installed ...)
	NOT-FOR-US: Gadu-Gadu client
CVE-2007-6408 (IBM Tivoli Provisioning Manager Express provides unspecified ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6407 (Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager Express
CVE-2007-6406 (Multiple cross-site scripting (XSS) vulnerabilities in CA (formerly ...)
	NOT-FOR-US: CA eTrust Threat Management Console
CVE-2007-6405 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6404 (Directory traversal vulnerability in Sergey Lyubka Simple HTTPD ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6403 (Stack-based buffer overflow in Nullsoft Winamp 5.32 allows ...)
	NOT-FOR-US: Winamp
CVE-2007-6402 (Stack-based buffer overflow in mplayerc.exe in Media Player Classic ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-6401 (Stack-based buffer overflow in mplayer2.exe in Microsoft Windows Media ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6400 (Directory traversal vulnerability in download_file.php in PolDoc CMS ...)
	NOT-FOR-US: PolDoc CMS
CVE-2007-6399 (index.php in Flat PHP Board 1.2 and earlier allows remote ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6398 (Flat PHP Board 1.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6397 (Multiple directory traversal vulnerabilities in index.php in Flat PHP ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6396 (Direct static code injection vulnerability in index.php in Flat PHP ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6395 (Flat PHP Board 1.2 and earlier stores sensitive information under the ...)
	NOT-FOR-US: Flat PHP Board
CVE-2007-6394 (SQL injection vulnerability in index.php in Content Injector 1.53 ...)
	NOT-FOR-US: Content Injector
CVE-2007-6393 (SQL injection vulnerability in albums.php in Ace Image Hosting Script ...)
	NOT-FOR-US: Ace Image Hosting Script
CVE-2007-6392 (SQL injection vulnerability in DWdirectory 2.1 and earlier allows ...)
	NOT-FOR-US: DWdirectory
CVE-2007-6391 (SQL injection vulnerability in patch/comments.php in SH-News 3.0 ...)
	NOT-FOR-US: SH-News
CVE-2007-6390 (Cross-site request forgery (CSRF) vulnerability in the mycalendar ...)
	- serendipity <not-affected> (This is an external plugin not included in our packages)
CVE-2007-6389 (The notify feature in GNOME screensaver (gnome-screensaver) 2.20.0 ...)
	- gnome-screensaver 2.22.0-1 (low; bug #455484)
	[etch] - gnome-screensaver <no-dsa> (Minor issue)
CVE-2007-6388 (Cross-site scripting (XSS) vulnerability in mod_status in the Apache ...)
	- apache <removed> (low)
	- apache2 2.2.8-1 (low)
	[etch] - apache2 2.2.3-4+etch6
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-6358 (pdftops.pl before 1.20 in alternate pdftops filter allows local users ...)
	{DSA-1437-1}
	- cups 1.3.5-1 (low; bug #456960)
	- cupsys 1.3.5-1 (low; bug #456960)
	[sarge] - cupsys <no-dsa> (Minor issue)
	NOTE: the debian package is a bit confusing here as it also ships a pdftops
	NOTE: wrapper script as an example but the original script is installed
	NOTE: under /usr/lib/cups/filters
CVE-2007-6356 (exiftags before 1.01 allows attackers to cause a denial of service ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (low; bug #457062)
CVE-2007-6355 (Integer overflow in exiftags before 1.01 has unknown impact and attack ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6354 (Unspecified vulnerability in exiftags before 1.01 has unknown impact ...)
	{DSA-1533-2 DSA-1533-1}
	- exiftags 1.01-0.1 (bug #457062)
CVE-2007-6352 (Integer overflow in libexif 0.6.16 and earlier allows ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (medium; bug #457330)
CVE-2007-6351 (libexif 0.6.16 and earlier allows context-dependent attackers to cause ...)
	{DSA-1487-1}
	- libexif 0.6.16-2.1 (low; bug #457330)
CVE-2007-6349 (P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on ...)
	NOT-FOR-US: P4Web
CVE-2007-6418 (The libdspam7-drv-mysql cron job in Debian GNU/Linux includes the ...)
	{DSA-1501-1}
	- dspam 3.6.8-5.1 (low; bug #448519)
CVE-2008-0025
	RESERVED
CVE-2008-0024
	RESERVED
CVE-2008-0023
	RESERVED
CVE-2008-0022
	RESERVED
CVE-2008-0021
	RESERVED
CVE-2008-0020 (Unspecified vulnerability in the Load method in the IPersistStreamInit ...)
	NOT-FOR-US: Microsoft
CVE-2008-0019
	RESERVED
CVE-2008-0018
	RESERVED
CVE-2008-0017 (The http-index-format MIME type parser (nsDirIndexParser) in Firefox ...)
	{DSA-1697-1 DSA-1671-1 DSA-1669-1}
	- iceweasel 3.0.4-1
	- xulrunner 1.9.0.4-1
	- iceape 1.1.13-1
CVE-2008-0016 (Stack-based buffer overflow in the URL parsing implementation in ...)
	{DSA-1697-1 DSA-1696-1 DSA-1669-1 DSA-1649-1}
	- xulrunner 1.9.0.1-1
	- iceweasel 3.0.1-1
	- iceape 1.1.12-1
	- icedove 2.0.0.17-1
CVE-2008-0015 (Stack-based buffer overflow in the CComVariant::ReadFromStream ...)
	NOT-FOR-US: Microsoft
CVE-2008-0014 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0013 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0012 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2008-0011 (Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-6387 (Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ...)
	NOT-FOR-US: Vantage Linguistics AnswerWorks ActiveX
CVE-2007-6386 (Stack-based buffer overflow in PccScan.dll before build 1451 in Trend ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-6385 (The proxy server in Kerio WinRoute Firewall before 6.4.1 does not ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2007-6384 (Unspecified vulnerability in the Image Converter functionality in BEA ...)
	NOT-FOR-US: BEA WebLogic Mobility Server
CVE-2007-6383 (The DAV component in Chandler Server (Cosmo) before 0.10.1 does not ...)
	NOT-FOR-US: Chandler
CVE-2007-6382 (The Event Dispatch Thread in Robocode before 1.5.1 allows remote ...)
	NOT-FOR-US: Robocode
CVE-2007-6381 (SQL injection vulnerability in the indexed_search system extension in ...)
	{DSA-1439-1}
	- typo3-src 4.1.5-1 (low; bug #457446)
	NOTE: you need to be a logged in backend user to exploit this
CVE-2007-6380 (Multiple SQL injection vulnerabilities in e-Xoops (exoops) 1.08, and ...)
	NOT-FOR-US: e-Xoops
CVE-2007-6379 (BadBlue 2.72b and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BadBlue
CVE-2007-6378 (Directory traversal vulnerability in upload.dll in BadBlue 2.72b and ...)
	NOT-FOR-US: BadBlue
CVE-2007-6377 (Stack-based buffer overflow in the PassThru functionality in ext.dll ...)
	NOT-FOR-US: BadBlue
CVE-2007-6376 (Directory traversal vulnerability in autohtml.php in Francisco Burzi ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-6375 (Multiple SQL injection vulnerabilities in Bitweaver 2.0.0 and earlier ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6374 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-6373 (Multiple SQL injection vulnerabilities in GestDown 1.00 Beta allow ...)
	NOT-FOR-US: GestDown
CVE-2007-6372 (Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows ...)
	NOT-FOR-US: JUNOS
CVE-2007-6371 (Nokia N95 cell phone with RM-159 12.0.013 firmware allows remote ...)
	NOT-FOR-US: Nokia N95
CVE-2007-6370
	REJECTED
CVE-2007-6369 (Multiple directory traversal vulnerabilities in resize.php in the ...)
	NOT-FOR-US: PictPress
CVE-2007-6368 (Directory traversal vulnerability in index.php in ezContents 1.4.5 ...)
	NOT-FOR-US: ezContents
CVE-2007-6367 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
	NOT-FOR-US: SineCMS
CVE-2007-6366 (Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier ...)
	NOT-FOR-US: SineCMS
CVE-2007-6365 (Cross-site scripting (XSS) vulnerability in modules/ecal/display.php ...)
	NOT-FOR-US: bcoos
CVE-2007-6364 (Cross-site scripting (XSS) vulnerability in modificarPerfil.php in ...)
	NOT-FOR-US: JLMForo System
CVE-2007-6363 (IBM Tivoli Netcool Security Manager 1.3.0 before Interim Fix 1, when ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6362 (SQL injection vulnerability in index.php in the RSGallery ...)
	NOT-FOR-US: RSGallery
CVE-2007-6361 (Gekko 0.8.2 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: Gekko
CVE-2007-6360 (Unspecified vulnerability in the Sun eXtended System Control Facility ...)
	NOT-FOR-US: Sun eXtended System Control Facility
CVE-2007-6359 (The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6357 (Stack-based buffer overflow in Microsoft Office Access allows remote, ...)
	NOT-FOR-US: Microsoft Office Access
CVE-2007-6353 (Integer overflow in exif.cpp in exiv2 library allows context-dependent ...)
	{DSA-1474-1}
	- exiv2 0.15-2 (medium; bug #456760)
CVE-2007-6350 (scponly 4.6 and earlier allows remote authenticated users to bypass ...)
	{DSA-1473-1}
	- scponly 4.6-1.1 (high; bug #437148)
CVE-2007-6348 (SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net ...)
	- squirrelmail <not-affected> (Compromised packages were never in Debian)
CVE-2007-6347 (PHP remote file inclusion vulnerability in blocks/block_site_map.php ...)
	NOT-FOR-US: ViArt, CMS, HelpDesk, Shop Evaluation, Shop Free
CVE-2007-6346 (Cross-site scripting (XSS) vulnerability in Rainboard before 2.10 ...)
	NOT-FOR-US: Rainboard
CVE-2007-6345 (SQL injection vulnerability in aurora framework before 20071208 allows ...)
	NOT-FOR-US: aurora
CVE-2007-6344 (Directory traversal vulnerability in modules/cms/index.php in Mcms ...)
	NOT-FOR-US: Mcms Easy Web Make
CVE-2007-6343 (Cross-site scripting (XSS) vulnerability in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2007-6342 (SQL injection vulnerability in the David Castro AuthCAS module ...)
	NOT-FOR-US: Apache AuthCAS module
CVE-2007-6341 (Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.63-1 (low; bug #457445)
	NOTE: maybe this should be unimportant as applications using net-dns should handle this croak
CVE-2007-6340 (Geert Moernaut LSrunasE 1.0 and Supercrypt 1.0 use the RC4 stream ...)
	NOT-FOR-US: Geert Moernaut LSrunasE and Supercrypt
CVE-2007-6339 (The Akamai Download Manager (aka DLM or dlmanager) ActiveX control ...)
	NOT-FOR-US: Akamai Download Manager
CVE-2007-6338 (SQL injection vulnerability in userlogin.jsp in Trivantis CourseMill ...)
	NOT-FOR-US: Trivantis CourseMill Enterprise Learning Management System
CVE-2007-6337 (Unspecified vulnerability in the bzip2 decompression algorithm in ...)
	{DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	[etch] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6336 (Off-by-one error in ClamAV before 0.92 allows remote attackers to ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6335 (Integer overflow in libclamav in ClamAV before 0.92 allows remote ...)
	{DSA-1435-1 DTSA-101-1}
	- clamav 0.92~dfsg-1~volatile2
	[sarge] - clamav <not-affected> (Vulnerable code not present)
CVE-2007-6334 (Ingres 2.5 and 2.6 on Windows, as used in multiple CA products and ...)
	NOT-FOR-US: Ingres on Windows
CVE-2007-6333 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6332 (The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as ...)
	NOT-FOR-US: HP Info Center HP Quick Launch Buttons
CVE-2007-6331 (Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ...)
	NOT-FOR-US: HP Info Center / HP Quick Launch Buttons
CVE-2007-6330 (Meridian Prolog Manager 2007, and 7.5 and earlier, sends all usernames ...)
	NOT-FOR-US: Meridian Prolog Manager
CVE-2007-6329 (Microsoft Office 2007 12.0.6015.5000 and MSO 12.0.6017.5000 do not ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-6328 (** DISPUTED ** ...)
	- dosbox 0.72-1 (unimportant; bug #458950)
	NOTE: this is not a security issue, its a feature of dosbox and the first
	NOTE: thing documented in the manpage
CVE-2007-6327 (Buffer overflow in a certain ActiveX control in Online Media ...)
	NOT-FOR-US: Online Media Technologies
CVE-2007-6326 (Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-6325 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Fastpublish
CVE-2007-6324 (PHP remote file inclusion vulnerability in head.php in CityWriter ...)
	NOT-FOR-US: CityWriter
CVE-2007-6323 (Multiple directory traversal vulnerabilities in MMS Gallery PHP 1.0 ...)
	NOT-FOR-US: MMS Gallery PHP
CVE-2007-6322 (Directory traversal vulnerability in filedownload.php in xml2owl 0.1.1 ...)
	NOT-FOR-US: xml2owl
CVE-2007-6320 (Feature 4.7.x-dev and 5.x-dev before 20071206, a Drupal module, does ...)
	NOT-FOR-US: Feature (third party drupal module)
CVE-2007-6319 (Multiple unspecified vulnerabilities in Lyris ListManager 8.x before ...)
	NOT-FOR-US: Lyris ListManager
CVE-2007-6318 (SQL injection vulnerability in wp-includes/query.php in WordPress ...)
	- wordpress 2.3.2-1 (low; bug #459305)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: Patch: https://bugs.edge.launchpad.net/ubuntu/+source/wordpress/+bug/181416
CVE-2007-6317 (Multiple directory traversal vulnerabilities in BarracudaDrive Web ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6316 (Cross-site scripting (XSS) vulnerability in BarracudaDrive Web Server ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6315 (Group Chat in BarracudaDrive Web Server before 3.8 allows remote ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6314 (BarracudaDrive Web Server before 3.8 allows remote attackers to read ...)
	NOT-FOR-US: BarracudaDrive
CVE-2007-6313 (MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check ...)
	- mysql-dfsg-5.0 <not-affected> (this only affects >= 5.1.x, update for experimental is on its way)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6312 (Cross-site scripting (XSS) vulnerability in the logon page in Web ...)
	NOT-FOR-US: Web Security Suite
CVE-2007-6311 (SQL injection vulnerability in (1) index.php, and possibly (2) ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6310 (Multiple cross-site scripting (XSS) vulnerabilities in Falt4Extreme ...)
	NOT-FOR-US: Falt4Extreme
CVE-2007-6309 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: webSPELL
CVE-2007-6308 (Cross-site scripting (XSS) vulnerability in HttpLogger 0.8.1 allows ...)
	NOT-FOR-US: HttpLogger
CVE-2007-6307 (Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php ...)
	NOT-FOR-US: wwwstats
CVE-2007-6306 (Multiple cross-site scripting (XSS) vulnerabilities in the image map ...)
	- libjfreechart-java 1.0.9-1 (low; bug #456148)
	[sarge] - libjfreechart-java <no-dsa> (Contrib not supported)
CVE-2007-6305 (Multiple unspecified vulnerabilities in IBM Hardware Management ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6302 (Multiple heap-based buffer overflows in avirus.exe in Novell NetMail ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-6301 (Cross-site scripting (XSS) vulnerability in compose.php in ...)
	NOT-FOR-US: OpenNewsletter
CVE-2007-6300 (Cross-site request forgery (CSRF) vulnerability in Fusion News 3.9.0 ...)
	NOT-FOR-US: Fusion News
CVE-2007-6298 (Cross-site scripting (XSS) vulnerability in the Shoutbox module for ...)
	NOT-FOR-US: shoutbox (third party module for Drupal)
CVE-2007-6297 (Multiple cross-site scripting (XSS) vulnerabilities in PHPMyChat ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6296 (PHP remote file inclusion vulnerability in users_popupL.php3 in ...)
	NOT-FOR-US: PHPMyChat
CVE-2007-6295 (Cross-site scripting (XSS) vulnerability in the WebRunMenuFrame page ...)
	NOT-FOR-US: IBM Lotus Sametime
CVE-2007-6294 (Multiple unspecified vulnerabilities in IBM Hardware Management ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6293 (Multiple unspecified vulnerabilities in IBM Hardware Management ...)
	NOT-FOR-US: IBM Hardware Management Console
CVE-2007-6292 (SQL injection vulnerability in leggi_commenti.asp in MWOpen 1.4 and ...)
	NOT-FOR-US: MWOpen
CVE-2007-6291 (SQL injection vulnerability in abm.aspx in Xigla Absolute Banner ...)
	NOT-FOR-US: Xigla Absolute Banner Manager .NET
CVE-2007-6290 (Multiple directory traversal vulnerabilities in js/get_js.php in ...)
	NOT-FOR-US: SERWeb
CVE-2007-6289 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 2.0.0 ...)
	NOT-FOR-US: SERWeb
CVE-2007-6288 (Multiple SQL injection vulnerabilities in TCExam before 5.1.000 allow ...)
	NOT-FOR-US: TCExam
CVE-2007-6287 (Cross-site scripting (XSS) vulnerability in the login page in Lxlabs ...)
	NOT-FOR-US: HyperVM
CVE-2007-6286 (Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the ...)
	- tomcat5.5 <not-affected> (Does not use apr connector)
	- tomcat5 <removed>
CVE-2007-6285 (The default configuration for autofs 5 (autofs5) in some Linux ...)
	- autofs <not-affected> (-hosts feature not present, auto.net has nosuid,nodev)
	- autofs5 5.0.3-1
	NOTE: for autofs5 see 12disable_default_auto_master.dpatch
CVE-2007-6284 (The xmlCurrentChar function in libxml2 before 2.6.31 allows ...)
	{DSA-1461-1}
	- libxml2 2.6.30.dfsg-3.1 (medium; bug #460292)
	- libxml 1.8.17-14.1 (medium)
CVE-2007-6283 (Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key ...)
	- bind9 <not-affected> (On Debian this file is rw for user bind and just readable for group bind)
CVE-2007-6282 (The IPsec implementation in Linux kernel before 2.6.25 allows remote ...)
	{DSA-1630-1}
	- linux-2.6 2.6.25-1
	- linux-2.6.24 2.6.24-6~etchnhalf.4
	NOTE: Upstream commit 920fc941a9617f95ccb283037fe6f8a38d95bb69
CVE-2007-6281 (Heap-based buffer overflow in Open File Manager service (ofmnt.exe) in ...)
	NOT-FOR-US: St. Bernard Open File Manager
CVE-2007-6304 (The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
CVE-2007-6303 (MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 ...)
	- mysql-dfsg-5.0 5.0.45-5 (low; bug #455737)
	- mysql-dfsg-4.1 <removed>
	[etch] - mysql-dfsg-5.0 <not-affected> (Vulnerable code introduced after 5.0.32)
CVE-2007-6299 (Multiple SQL injection vulnerabilities in Drupal and vbDrupal 4.7.x ...)
	- drupal5 5.5-1
	- drupal 4.7.10-1
CVE-2007-6321 (Cross-site scripting (XSS) vulnerability in RoundCube webmail 0.1rc2, ...)
	- roundcube 0.1~rc2-6 (low; bug #455840)
	NOTE: http://seclists.org/bugtraq/2007/Dec/0107.html
CVE-2007-6280
	RESERVED
CVE-2007-6279 (Multiple double free vulnerabilities in Free Lossless Audio Codec ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: According to upstream this issue is not exploitable for code injection
	NOTE: due to the layout of the seektable memory
CVE-2007-6278 (Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows ...)
	- flac 1.2.1-1 (unimportant)
	NOTE: Such validations are within the responsibility of the respective applications
CVE-2007-6277 (Multiple buffer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
	{DSA-1469-1}
	- flac 1.2.1-1
CVE-2007-6276 (The accept_connections function in the virtual private network daemon ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6275 (SQL injection vulnerability in modules/adresses/ratefile.php in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-6274 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: bcoos
CVE-2007-6273 (Multiple format string vulnerabilities in the configuration file in ...)
	NOT-FOR-US: SonicWALL GLobal VPN Client
CVE-2007-6272 (Multiple SQL injection vulnerabilities in index.php in Joomla! 1.5 RC3 ...)
	NOT-FOR-US: Joomla
CVE-2007-6271 (Absolute News Manager.NET 5.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6270 (Multiple cross-site scripting (XSS) vulnerabilities in Absolute News ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6269 (Multiple SQL injection vulnerabilities in xlaabsolutenm.aspx in ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6268 (Directory traversal vulnerability in pages/default.aspx in Absolute ...)
	NOT-FOR-US: Absolute News Manager.NET
CVE-2007-6267 (Citrix EdgeSight 4.2 and 4.5 for Presentation Server, EdgeSight 4.2 ...)
	NOT-FOR-US: Citrix EdgeSight
CVE-2007-6266 (Multiple SQL injection vulnerabilities in bcoos 1.0.10 and earlier ...)
	NOT-FOR-US: bcoos
CVE-2007-6265 (Unspecified vulnerability in avast! 4 Home and Professional Editions ...)
	NOT-FOR-US: avast!
CVE-2007-6264
	RESERVED
CVE-2007-6263 (The dataconn function in ftpd.c in netkit ftpd (netkit-ftpd) 0.17, ...)
	- linux-ftpd-ssl 0.17.18+0.3-9.1 (low; bug #454733)
	[sarge] - linux-ftpd-ssl <no-dsa> (Minor issue)
	[etch] - linux-ftpd-ssl <no-dsa> (Minor issue)
CVE-2007-6262 (A certain ActiveX control in axvlc.dll in VideoLAN VLC 0.8.6 before ...)
	- vlc <not-affected> (Windows only issue)
CVE-2007-6261 (Integer overflow in the load_threadstack function in the Mach-O loader ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6260 (The installation process for Oracle 10g and llg uses accounts with ...)
	NOT-FOR-US: Oracle
CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol ...)
	NOT-FOR-US: Sun SunForum
CVE-2007-6259
	RESERVED
CVE-2007-6258 (Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV ...)
	- libapache2-mod-jk2 2.0.4-1
CVE-2007-6257
	RESERVED
CVE-2007-6256
	REJECTED
CVE-2007-6255 (Buffer overflow in the Microsoft HeartbeatCtl ActiveX control in ...)
	NOT-FOR-US: Microsoft HRTBEAT.OCX
CVE-2007-6254 (Stack-based buffer overflow in the SAP Business Objects ...)
	NOT-FOR-US: SAP
CVE-2007-6253 (Multiple buffer overflows in Adobe Form Designer 5.0 and Form Client ...)
	NOT-FOR-US: Adobe Form Designer
CVE-2007-6252 (Multiple stack-based buffer overflows in the Learn2 Corporation ...)
	NOT-FOR-US: Street Technologies
CVE-2007-6251
	RESERVED
CVE-2007-6250 (Stack-based buffer overflow in AOL AOLMediaPlaybackControl ...)
	NOT-FOR-US: AmpX ActiveX control
CVE-2007-6249 (etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the ...)
	NOT-FOR-US: Gentoo portage
CVE-2007-6248
	RESERVED
CVE-2007-6247
	REJECTED
CVE-2007-6246 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6245 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6244 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6243 (Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x up ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6242 (Unspecified vulnerability in Adobe Flash Player 9.0.48.0 and earlier ...)
	- flashplugin-nonfree 9.0.115.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-6241 (Multiple unspecified vulnerabilities in Beehive Forum 0.7.1 have ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6240 (SQL injection vulnerability in active.asp in Snitz Forums 2000 3.4.06 ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-6239 (The &quot;cache update reply processing&quot; functionality in Squid 2.x before ...)
	{DSA-1646-2 DSA-1482-1}
	- squid 2.6.17-1 (medium; bug #455910)
CVE-2007-6238 (Unspecified vulnerability in Apple QuickTime 7.2 on Windows XP allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6237 (cp.php in DeluxeBB 1.09 does not verify that the membercookie ...)
	NOT-FOR-US: DeluxeBB
CVE-2007-6236 (Microsoft Windows Media Player (WMP) allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2007-6235 (A certain ActiveX control in RealNetworks RealPlayer 11 allows remote ...)
	NOT-FOR-US: RealNetworks RealPlayer 11
CVE-2007-6234 (index.php in FTP Admin 0.1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6233 (Directory traversal vulnerability in index.php in FTP Admin 0.1.0 ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6232 (Cross-site scripting (XSS) vulnerability in index.php in FTP Admin ...)
	NOT-FOR-US: FTP Admin 0.1.0
CVE-2007-6231 (Multiple PHP remote file inclusion vulnerabilities in tellmatic 1.0.7 ...)
	NOT-FOR-US: tellmatic
CVE-2007-6230 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Rayzz
CVE-2007-6229 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Rayzz
CVE-2007-6228 (Stack-based buffer overflow in the Helper class in the yt.ythelper.2 ...)
	NOT-FOR-US: Yahoo! Toolbar
CVE-2007-6227 (QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating ...)
	- qemu <not-affected> (Windows issue)
CVE-2007-6226 (The American Power Conversion (APC) AP7932 0u 30amp Switched Rack ...)
	NOT-FOR-US: American Power Conversion (APC)
CVE-2007-6225 (Unspecified vulnerability in Sun Solaris 10, when 64bit mode is used ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-6224 (The RealNetworks RealAudioObjects.RealAudio ActiveX control in ...)
	NOT-FOR-US: RealAudioObjects.RealAudio ActiveX
CVE-2007-6223 (SQL injection vulnerability in garage.php in phpBB Garage 1.2.0 Beta3 ...)
	NOT-FOR-US: phpBB Garage
CVE-2007-6222 (The CheckCustomerAccess function in functions.php in CRM-CTT ...)
	NOT-FOR-US: Interleave
CVE-2007-6221 (TuMusika Evolution 1.7R5 allows remote attackers to obtain ...)
	NOT-FOR-US: TuMusika
CVE-2007-6220 (typespeed before 0.6.4 allows remote attackers to cause a denial of ...)
	- typespeed 0.6.4-1 (unimportant; bug #454527)
CVE-2007-6219 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Netcool ...)
	NOT-FOR-US: IBM Tivoli Netcool Security Manager
CVE-2007-6218 (Multiple PHP remote file inclusion vulnerabilities in Ossigeno CMS 2.2 ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-6217 (Multiple SQL injection vulnerabilities in login.asp in Irola My-Time ...)
	NOT-FOR-US: Irola My-Time
CVE-2007-6216 (Race condition in the Fibre Channel protocol (fcp) driver and Devices ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-6215 (Multiple directory traversal vulnerabilities in play.php in Web-MeetMe ...)
	NOT-FOR-US: Web-MeetMe
CVE-2007-6214 (Directory traversal vulnerability in include/file_download.php in ...)
	NOT-FOR-US: LearnLoop
CVE-2007-6213 (Multiple directory traversal vulnerabilities in mod/chat/index.php in ...)
	NOT-FOR-US: WebED
CVE-2007-6212 (Directory traversal vulnerability in region.php in KML share 1.1 ...)
	NOT-FOR-US: KML share
CVE-2008-0010 (The copy_from_user_mmap_sem function in fs/splice.c in the Linux ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0009 (The vmsplice_to_user function in fs/splice.c in the Linux kernel ...)
	- linux-2.6 2.6.24-4
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	[etch] - linux-2.6 <not-affected> (vulnerable code not present)
CVE-2008-0008 (The pa_drop_root function in PulseAudio 0.9.8, and a certain 0.9.9 ...)
	{DSA-1476-1}
	- pulseaudio 0.9.9-1
CVE-2008-0007 (Linux kernel before 2.6.22.17, when using certain drivers that ...)
	{DSA-1565-1 DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6.24 <not-affected> (Fixed before initial upload, in 2.6.24-4 of linux-2.6)
	- linux-2.6 2.6.24-4
CVE-2008-0006 (Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
	- libxfont 1:1.3.1-2
	[etch] - libxfont 1:1.2.2-2.etch1
CVE-2008-0005 (mod_proxy_ftp in Apache 2.2.x before 2.2.7-dev, 2.0.x before ...)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache <no-dsa> (browser issue; low impact)
	[sarge] - apache2 <no-dsa> (browser issue; low impact)
	[etch] - apache2 2.2.3-4+etch4 (low)
CVE-2008-0004
	REJECTED
CVE-2008-0003 (Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback ...)
	NOT-FOR-US: OpenPegasus CIM management server
CVE-2008-0002 (Apache Tomcat 6.0.0 through 6.0.15 processes parameters in the context ...)
	- tomcat5.5 <not-affected> (Only Tomcat 6 is affected, according to upstream)
CVE-2008-0001 (VFS in the Linux kernel before 2.6.22.16, and 2.6.23.x before ...)
	{DSA-1479-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6207 (Xen 3.x, possibly before 3.1.2, when running on IA64 systems, does not ...)
	- xen-3 3.1.2-1
CVE-2007-6206 (The do_coredump function in fs/exec.c in Linux kernel 2.4.x and 2.6.x ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
CVE-2007-6205 (Cross-site scripting (XSS) vulnerability in the remote RSS sidebar ...)
	{DSA-1528-1}
	- serendipity 1.2.1-1 (low)
CVE-2007-6204 (Multiple stack-based buffer overflows in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView
CVE-2007-6203 (Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method ...)
	- apache2 2.2.6-3 (low)
	[sarge] - apache2 <no-dsa> (minor issue)
	- apache <not-affected> (vulnerable code not present)
	NOTE: Might be exploitable with older flash plugins via HTTP Request Splitting
	[etch] - apache2 2.2.3-4+etch4
CVE-2007-6208 (sylprint.pl in claws mail tools (claws-mail-tools) allows local users ...)
	- claws-mail 3.1.0-2 (low; bug #454089)
CVE-2007-6210 (zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs &quot;UserParameter&quot; ...)
	{DSA-1420-1 DTSA-93-1}
	- zabbix 1:1.4.2-4 (bug #452682)
CVE-2007-6202 (SQL injection vulnerability in plugins/search/search.php in Neocrome ...)
	NOT-FOR-US: Neocrome Seditio CMS
CVE-2007-6211 (Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users ...)
	- sing 1.1-16 (low; bug #454167)
	[etch] - sing 1.1-13etch1
	[sarge] - sing 1.1-9sarge1
CVE-2007-6209 (Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary ...)
	- zsh 4.3.4-dev-3-2 (low; bug #454073)
	[etch] - zsh <no-dsa> (Minor issue)
	[sarge] - zsh <no-dsa> (Minor issue)
CVE-2007-6201 (Unspecified vulnerability in Wesnoth 1.2.x before 1.2.8, and 1.3.x ...)
	- wesnoth 1:1.2.8-1 (low)
	[etch] - wesnoth 1.2-4
	[sarge] - wesnoth 0.9.0-8
CVE-2007-6200 (Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...)
	- rsync 2.6.9-6 (low; bug #453652)
	[etch] - rsync <no-dsa> (Minor issue)
CVE-2007-6199 (rsync before 3.0.0pre6, when running a writable rsync daemon that is ...)
	- rsync 2.6.9-6 (unimportant; bug #453652)
	NOTE: Security feature enhancement, not really a security problem
CVE-2007-6198 (portal/server.pt in the Plumtree portal in BEA AquaLogic Interaction ...)
	NOT-FOR-US: Plumtree
CVE-2007-6197 (The Plumtree portal in BEA AquaLogic Interaction 5.0.2 through 5.0.4 ...)
	NOT-FOR-US: Plumtree
CVE-2007-6196 (Cross-site scripting (XSS) vulnerability in util.php in Calacode @Mail ...)
	NOT-FOR-US: Calacode
CVE-2007-6195 (Buffer overflow in the sw_rpc_agent_init function in swagentd in ...)
	NOT-FOR-US: HP-UX
CVE-2007-6194 (Unspecified vulnerability in HP Select Identity 4.01 before 4.01.012 ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-6193 (The web management interface in Citrix NetScaler 8.0 build 47.8 stores ...)
	NOT-FOR-US: Citrix
CVE-2007-6192 (The web management interface in Citrix NetScaler 8.0 build 47.8 uses ...)
	NOT-FOR-US: Citrix
CVE-2007-6191 (Multiple PHP remote file inclusion vulnerabilities in Armin Burger ...)
	NOT-FOR-US: Armin Burger p.mapper
CVE-2007-6190 (The HTTP daemon in the Cisco Unified IP Phone, when the Extension ...)
	NOT-FOR-US: Cisco Unified IP Phone
CVE-2007-6189 (A certain ActiveX control in (1) OScan8.ocx and (2) Oscan81.ocx in ...)
	NOT-FOR-US: BitDefender Online Anti-Virus Scanner
CVE-2007-6188 (Multiple directory traversal vulnerabilities in TuMusika Evolution ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-6187 (Multiple directory traversal vulnerabilities in PHP Content Architect ...)
	NOT-FOR-US: PHP Content Architect
CVE-2007-6186 (Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6185 (Directory traversal vulnerability in users/files.php in Eurologon CMS ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6184 (Directory traversal vulnerability in index.php in Project Alumni 1.0.9 ...)
	NOT-FOR-US: Project Alumni
CVE-2007-6182 (The responder program in ISPsystem ISPmanager (aka ISPmgr) 4.2.15.1 ...)
	NOT-FOR-US: ISPmanager
CVE-2007-6181 (Heap-based buffer overflow in cygwin1.dll in Cygwin 1.5.7 and earlier ...)
	NOT-FOR-US: Cygwin
CVE-2007-6180 (Race condition in the Remote Procedure Call kernel module (rpcmod) in ...)
	NOT-FOR-US: Solaris
CVE-2007-6179 (Multiple PHP remote file inclusion vulnerabilities in Charray's CMS ...)
	NOT-FOR-US: Charray's CMS
CVE-2007-6178 (Multiple PHP remote file inclusion vulnerabilities in Easy Hosting ...)
	NOT-FOR-US: Easy Hosting Control Panel for Ubuntu
CVE-2007-6177 (PHP remote file inclusion vulnerability in Exchange/include.php in ...)
	NOT-FOR-US: PHP-CON
CVE-2007-6176 (kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote ...)
	NOT-FOR-US: KB-Bestellsystem
CVE-2007-6175 (Buffer overflow in Lhaplus 1.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: Lhaplus
CVE-2007-6174 (PHPDevShell before 0.7.0 allows remote authenticated users to gain ...)
	NOT-FOR-US: PHPDevShell
CVE-2007-6173 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...)
	- liferay-portal <itp> (bug #569819)
CVE-2007-6172 (Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote ...)
	NOT-FOR-US: wpQuiz
CVE-2007-6169 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6168 (SQL injection vulnerability in default.asp in VU Case Manager allows ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6167 (Untrusted search path vulnerability in yast2-core in SUSE Linux might ...)
	NOT-FOR-US: Yast2
CVE-2007-6166 (Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-6165 (Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-6164 (Multiple SQL injection vulnerabilities in Eurologon CMS allow remote ...)
	NOT-FOR-US: Eurologon CMS
CVE-2007-6163 (SQL injection vulnerability in admin/index2.asp in GOUAE DWD Realty ...)
	NOT-FOR-US: GOUAE DWD Realty
CVE-2007-6162 (Cross-site scripting (XSS) vulnerability in index.php in FMDeluxe ...)
	NOT-FOR-US: FMDeluxe
CVE-2007-6161 (index.php in Tilde CMS 4.x and earlier allows remote attackers to ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6160 (Cross-site scripting (XSS) vulnerability in index.php in Tilde CMS 4.x ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6159 (SQL injection vulnerability in index.php in Tilde CMS 4.x and earlier ...)
	NOT-FOR-US: Tilde CMS
CVE-2007-6158 (Multiple SQL injection vulnerabilities in caladmin.inc.php in Proverbs ...)
	NOT-FOR-US: Proverbs Web Calendar
CVE-2007-6157 (Cross-site scripting (XSS) vulnerability in index.php in SimpleGallery ...)
	NOT-FOR-US: SimpleGallery
CVE-2007-6156 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- acidbase 1.3.9-1 (low; bug #453838)
	[etch] - acidbase <not-affected> (vulnerable code not present, in etch acidbase exits in this case)
CVE-2007-6155
	RESERVED
CVE-2007-6154
	RESERVED
CVE-2007-6153
	RESERVED
CVE-2007-6152
	RESERVED
CVE-2007-6151 (The isdn_ioctl function in isdn_common.c in Linux kernel 2.6.23 allows ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1479-1}
	- linux-2.6 2.6.23-2
CVE-2007-6149 (Multiple integer overflows in the Edge server in Adobe Flash Media ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6148 (Use-after-free vulnerability in the Edge server in Adobe Flash Media ...)
	NOT-FOR-US: Adobe Flash Media Server
CVE-2007-6147 (Multiple PHP remote file inclusion vulnerabilities in IAPR COMMENCE ...)
	NOT-FOR-US: IAPR COMMENCE
CVE-2007-6146 (Hitachi JP1/File Transmission Server/FTP 01-00 through 08-10-02 on ...)
	NOT-FOR-US: JP1/File Transmission Server/FTP on windows
CVE-2007-6145 (Unspecified vulnerability in Hitachi JP1/File Transmission Server/FTP ...)
	NOT-FOR-US: Hitachi JP1/File Transmission Server/FTP
CVE-2007-6144 (Heap-based buffer overflow in the PPlayer.XPPlayer.1 ActiveX control ...)
	NOT-FOR-US: Xunlei Thunder
CVE-2007-6143 (SQL injection vulnerability in default.asp (aka the Login Page) in VU ...)
	NOT-FOR-US: VU Case Manager
CVE-2007-6142 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: JAF CMS
CVE-2007-6141 (Cross-site scripting (XSS) vulnerability in vBTube.php in vBTube 1.1 ...)
	NOT-FOR-US: vBTube
CVE-2007-6140 (Multiple SQL injection vulnerabilities in Dora Emlak 2.0 allow remote ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-6139 (PHP remote file inclusion vulnerability in index.php in Mp3 ToolBox ...)
	NOT-FOR-US: Mp3 ToolBox
CVE-2007-6138 (SQL injection vulnerability in redir.asp in VU Mass Mailer allows ...)
	NOT-FOR-US: VU Mass Mailer
CVE-2007-6137 (SQL injection vulnerability in news.php in Content Injector 1.52 ...)
	NOT-FOR-US: Content Injector
CVE-2007-6136 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: M2Scripts MySpace Scripts
CVE-2007-6135 (Cross-site scripting (XSS) vulnerability in phpslideshow.php in ...)
	NOT-FOR-US: PHPSlideShow
CVE-2007-6134 (SQL injection vulnerability in pkinc/public/article.php in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2007-6133 (PHP remote file inclusion vulnerability in admin/kfm/initialise.php in ...)
	NOT-FOR-US: DevMass Shopping Cart
CVE-2007-6183 (Format string vulnerability in the mdiag_initialize function in ...)
	{DSA-1431-1 DTSA-102-1}
	- ruby-gnome2 0.16.0-10 (medium; bug #453689)
CVE-2007-6171 (SQL injection vulnerability in the Postgres Realtime Engine ...)
	- asterisk 1:1.4.15~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Vulnerable code not present)
	[etch] - asterisk <not-affected> (Vulnerable code not present)
CVE-2007-6170 (SQL injection vulnerability in the Call Detail Record Postgres logging ...)
	{DSA-1417-1}
	- asterisk 1:1.4.15~dfsg-1 (medium)
CVE-2007-6150 (The &quot;internal state tracking&quot; code for the random and urandom devices ...)
	- kfreebsd-7 7.0~cvs20080107-1
	- kfreebsd-6 6.3~cvs20080107-1
	- kfreebsd-5 <removed> (medium; bug #453944)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-6132
	REJECTED
CVE-2007-6131 (buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite ...)
	- scanbuttond 0.2.3-6 (unimportant; bug #453239)
	NOTE: this is just an example script, maintainer adds a note about it
	NOTE: 0.2.3-6 adds a security note about this script
CVE-2007-6130 (gnump3d 2.9final does not apply password protection to its plugins, ...)
	- gnump3d 3.0-1 (medium)
	[sarge] - gnump3d <not-affected> (Vulnerable code not present)
	[etch] - gnump3d <not-affected> (Vulnerable code not present)
CVE-2007-6129 (Directory traversal vulnerability in scripts/include/show_content.php ...)
	NOT-FOR-US: Amber script
CVE-2007-6128 (SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 ...)
	NOT-FOR-US: WorkingOnWeb
CVE-2007-6127 (Multiple SQL injection vulnerabilities in project alumni 1.0.9 and ...)
	NOT-FOR-US: Alumni
CVE-2007-6126 (Multiple cross-site scripting (XSS) vulnerabilities in project alumni ...)
	NOT-FOR-US: Alumni
CVE-2007-6125 (SQL injection vulnerability in search_form.php in Softbiz Freelancers ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6124 (Cross-site scripting (XSS) vulnerability in signin.php in Softbiz ...)
	NOT-FOR-US: Softbiz Freelancers Script
CVE-2007-6123 (Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and ...)
	NOT-FOR-US: IRC Services
CVE-2007-6122 (The default_encrypt function in encrypt.c in IRC Services before ...)
	NOT-FOR-US: IRC Services
CVE-2007-6110 (Cross-site scripting (XSS) vulnerability in htsearch in htdig 3.2.0b6 ...)
	{DSA-1429-1}
	- htdig 1:3.2.0b6-4 (low; bug #453278)
	[sarge] - htdig <not-affected> (Vulnerable code not present)
CVE-2007-6109 (Stack-based buffer overflow in emacs allows user-assisted attackers to ...)
	{DTSA-98-1 DTSA-99-1}
	- emacs22 22.1+1-2.2 (bug #455432)
	- emacs21 21.4a+1-5.2 (bug #455433)
	[etch] - emacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
	- xemacs21 21.4.21-4 (bug #457764)
	[etch] - xemacs21 <no-dsa> (Minor issue, .el scripts opened need to be trusted)
CVE-2007-6108
	RESERVED
CVE-2007-6107
	RESERVED
CVE-2007-6106 (SQL injection vulnerability in index.php in AlstraSoft E-Friends 4.98 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-6105 (Multiple PHP remote file inclusion vulnerabilities in TalkBack 2.2.7 ...)
	NOT-FOR-US: TalkBack
CVE-2007-6104 (Cross-site scripting (XSS) vulnerability in the Instant Web Publishing ...)
	NOT-FOR-US: FileMaker Pro
CVE-2007-6103 (I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) ...)
	- ihu 0.5.6-3.1 (unimportant; bug #453280)
	NOTE: Would only terminate normal phone call by hanging up, not a real security bug
CVE-2007-6102 (Cross-site scripting (XSS) vulnerability in Feed to JavaScript ...)
	NOT-FOR-US: feed2js
CVE-2007-6101 (Ability Mail Server before 2.61 allows remote authenticated users to ...)
	NOT-FOR-US: Ability Mail Server
CVE-2007-6100 (Cross-site scripting (XSS) vulnerability in ...)
	- phpmyadmin 4:2.11.2.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-6099 (Unspecified vulnerability in Ingate Firewall before 4.6.0 and ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6098 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 do not log ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6097 (Unspecified vulnerability in the ICMP implementation in Ingate ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6096 (Ingate Firewall before 4.6.0 and SIParator before 4.6.0 use cleartext ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6095 (The SIP component in Ingate Firewall before 4.6.0 and SIParator before ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6094 (The IPsec module in the VPN component in Ingate Firewall before 4.6.0 ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6093 (The SRTP implementation in Ingate Firewall before 4.6.0 and SIParator ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6092 (Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and ...)
	NOT-FOR-US: Ingate Firewall Siparator
CVE-2007-6091 (Multiple SQL injection vulnerabilities in files/login.asp in JiRo's ...)
	NOT-FOR-US: JiRo's Banner System (JBS)
CVE-2007-6090 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-Klan ...)
	NOT-FOR-US: Nuked-Klan
CVE-2007-6089 (PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 ...)
	NOT-FOR-US: meBiblio
CVE-2007-6088 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBBViet
CVE-2007-6087 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6086 (Directory traversal vulnerability in index.php in VigileCMS 1.4 allows ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6085 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VigileCMS
CVE-2007-6084 (SQL injection vulnerability in software-description.php in HotScripts ...)
	NOT-FOR-US: HotScripts Clone script
CVE-2007-6083 (SQL injection vulnerability in admin/index.php in IceBB 1.0-rc6 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-6082 (Direct static code injection vulnerability in acp/savenews.php in ...)
	NOT-FOR-US: Sciurus Hosting Panel
CVE-2007-6081 (AdventNet EventLog Analyzer build 4030 for Windows, and possibly other ...)
	NOT-FOR-US: Windows
CVE-2007-6080 (SQL injection vulnerability in modules/banners/click.php in the ...)
	NOT-FOR-US: bcoos
CVE-2007-6079 (Directory traversal vulnerability in include/common.php in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-6078 (Multiple SQL injection vulnerabilities in SkyPortal RC6 allow remote ...)
	NOT-FOR-US: SkyPortal
CVE-2007-6076
	RESERVED
CVE-2007-6075
	RESERVED
CVE-2007-6074
	RESERVED
CVE-2007-6073
	RESERVED
CVE-2007-6072
	RESERVED
CVE-2007-6071
	RESERVED
CVE-2007-6070
	RESERVED
CVE-2007-6069
	RESERVED
CVE-2007-6068
	RESERVED
CVE-2007-6067 (Algorithmic complexity vulnerability in the regular expression parser ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-6066
	RESERVED
CVE-2007-6065
	RESERVED
CVE-2007-6064
	RESERVED
CVE-2007-6063 (Buffer overflow in the isdn_net_setcfg function in isdn_net.c in Linux ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-6062 (irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause ...)
	- ngircd 0.10.3-1 (bug #451875)
	[etch] - ngircd 0.10.0-2etch1
CVE-2007-6061 (Audacity 1.3.2 creates a temporary directory with a predictable name ...)
	- audacity 1.3.4-1.1 (bug #453283; low)
	[etch] - audacity <no-dsa> (Minor issue)
CVE-2007-6060 (AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a ...)
	NOT-FOR-US: AhnLab Antivirus 3 Internet Security 2008 Platinum
CVE-2007-6059 (** DISPUTED ** ...)
	NOT-FOR-US: Javamail
CVE-2007-6058 (Multiple SQL injection vulnerabilities in index.php in ProfileCMS 1.0 ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-6057 (PHP remote file inclusion vulnerability in index.php in datecomm ...)
	NOT-FOR-US: datecomm Social Networking Script
CVE-2007-6056 (frame.html in Aida-Web (Aida Web) allows remote attackers to bypass a ...)
	NOT-FOR-US: Aida-Web
CVE-2007-6055 (Cross-site scripting (XSS) vulnerability in c/portal/login in Liferay ...)
	- liferay-portal <itp> (bug #569819)
CVE-2007-6054 (Cross-site scripting (XSS) vulnerability in the login page in the ...)
	NOT-FOR-US: Aruba 800 Mobility Controller
CVE-2007-6053 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6052 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6051 (IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6050 (Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6049 (Unspecified vulnerability in the SSL LOAD GSKIT action in IBM DB2 UDB ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6048 (IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6047 (Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6046 (Unspecified vulnerability in unspecified setuid programs in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6045 (Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-6044 (Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-6043 (The CryptGenRandom function in Microsoft Windows 2000 generates ...)
	NOT-FOR-US: Windows
CVE-2007-6042 (PHP remote file inclusion vulnerability in fehler.inc.php in SWSoft ...)
	NOT-FOR-US: SWSoft Confixx Professional
CVE-2007-6041 (Buffer overflow in the Sequencer::queueMessage function in ...)
	NOT-FOR-US: Rigs of Rods (RoR)
CVE-2007-6040 (The Belkin F5D7230-4 Wireless G Router allows remote attackers to ...)
	NOT-FOR-US: Belkin F5D7230-4 Wireless G Router
CVE-2007-6039 (PHP 5.2.5 and earlier allows context-dependent attackers to cause a ...)
	- php5 5.2.5-1 (unimportant; bug #453295)
	NOTE: Not a vulnerability per Debian PHP security policy, requires malicious
	NOTE: script to trigger this issue
CVE-2007-6077 (The session fixation protection mechanism in cgi_process.rb in Rails ...)
	- rails 1.2.6-1 (low; bug #452748)
CVE-2007-6111 (Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6112 (Buffer overflow in the PPP dissector Wireshark (formerly Ethereal) ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6113 (Integer signedness error in the DNP3 dissector in Wireshark (formerly ...)
	{DTSA-92-1}
	- wireshark 0.99.6pre1-1 (low)
	[etch] - wireshark <no-dsa> (Minor issue, exotic dissector, very intrusive backport)
CVE-2007-6114 (Multiple buffer overflows in Wireshark (formerly Ethereal) 0.99.0 ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6115 (Buffer overflow in the ANSI MAP dissector for Wireshark (formerly ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (medium; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6116 (The Firebird/Interbase dissector in Wireshark (formerly Ethereal) ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6117 (Unspecified vulnerability in the HTTP dissector for Wireshark ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6118 (The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6119 (The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows ...)
	{DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[etch] - wireshark <not-affected> (Vulnerable code not present)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6120 (The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-6121 (Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers ...)
	{DSA-1414-1 DTSA-92-1}
	- wireshark 0.99.7~pre1-1 (low; bug #452381)
CVE-2007-6038 (PHP remote file inclusion vulnerability in xajax_functions.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6037 (Cross-site scripting (XSS) vulnerability in ws/generic_api_call.pl in ...)
	NOT-FOR-US: Citrix NetScaler
CVE-2007-6036 (The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 ...)
	NOT-FOR-US: LIVE555 Media Server
CVE-2007-6034
	REJECTED
CVE-2007-6033 (Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure ...)
	NOT-FOR-US: Invensys Wonderware InTouch
CVE-2007-6032 (SQL injection vulnerability in calendar/page.asp in Aleris Web ...)
	NOT-FOR-US: Aleris Web Publishing Server
CVE-2007-6031 (Unspecified vulnerability in VanDyke VShell 3.0.1 allows remote ...)
	NOT-FOR-US: VanDyke VShell
CVE-2007-6030 (Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has ...)
	NOT-FOR-US: Weird Solutions BOOTPTurbo
CVE-2007-6029 (Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-6028 (Multiple stack-based buffer overflows in the VSFlexGrid.VSFlexGridL ...)
	NOT-FOR-US: ComponentOne FlexGrid
CVE-2007-6027 (PHP remote file inclusion vulnerability in admin.jjgallery.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-6026 (Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka ...)
	NOT-FOR-US: Microsoft Jet Engine
CVE-2007-6025 (Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 ...)
	- wpasupplicant 0.6.0-4
	[etch] - wpasupplicant <not-affected> (Vulnerable code not present)
	[sarge] - wpasupplicant <not-affected> (Vulnerable code not present)
CVE-2007-6024
	RESERVED
CVE-2007-6023
	RESERVED
CVE-2007-6022
	RESERVED
CVE-2007-6021 (Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-6020 (Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat ...)
	NOT-FOR-US: KeyView
CVE-2007-6019 (Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, ...)
	- flashplugin-nonfree 1:1.4
CVE-2007-6018 (IMP Webmail Client 4.1.5, Horde Application Framework 3.1.5, and Horde ...)
	{DSA-1470-1}
	- horde3 3.1.6-1 (bug #461131; low)
	- imp4 <not-affected> (xss.php is only present in horde3 package)
CVE-2007-6017 (The PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6016 (Multiple stack-based buffer overflows in the ...)
	NOT-FOR-US: Symantec Backup Exec
CVE-2007-6015 (Stack-based buffer overflow in the send_mailslot function in nmbd in ...)
	{DSA-1427-1 DTSA-100-1}
	- samba 3.0.28-1 (high)
CVE-2007-6014 (SQL injection vulnerability in post.php in Beehive Forum 0.7.1 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-6013 (Wordpress 1.5 through 2.3.1 uses cookie values based on the MD5 hash ...)
	- wordpress 2.5.0-1 (low; bug #452251)
	[etch] - wordpress <no-dsa> (Minor issue)
	NOTE: if untrusted people are allowed to read the database they could still
	NOTE: crack the hash with more work, so maybe this is unimportant?
CVE-2007-6012 (SQL injection vulnerability in SearchR.asp in DocuSafe 4.1.0 and 4.1.2 ...)
	NOT-FOR-US: DocuSafe
CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in ...)
	NOT-FOR-US: Novell iChain
CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops ...)
	NOT-FOR-US: Xoops
CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...)
	NOT-FOR-US: predating security tracker
CVE-2007-6035 (SQL injection vulnerability in graph.php in Cacti before 0.8.7a allows ...)
	{DSA-1418-1}
	- cacti 0.8.7a-1 (medium; bug #452085)
CVE-2007-6011 (Unspecified vulnerability in main.php of BugHotel Reservation System ...)
	NOT-FOR-US: BugHotel
CVE-2007-6010 (Unspecified vulnerability in pioneers (formerly gnocatan) 0.11.3 ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2007-6009 (Multiple buffer overflows in ACD products allow user-assisted remote ...)
	NOT-FOR-US: ACD products
CVE-2007-6008 (Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy ...)
	NOT-FOR-US: Autonomy
CVE-2007-6007 (Integer overflow in the ID_PSP.apl plug-in for ACD ACDSee Photo ...)
	NOT-FOR-US: Pro Photo Manager
CVE-2007-6006 (TestLink before 1.7.1 does not enforce an unspecified authorization ...)
	NOT-FOR-US: TestLink
CVE-2007-6005 (Unspecified vulnerability in the GpcContainer.GpcContainer.1 ActiveX ...)
	NOT-FOR-US: WebEx
CVE-2007-6004 (Multiple SQL injection vulnerabilities in index.php in Toko Instan 7.6 ...)
	NOT-FOR-US: Toko Instan
CVE-2007-6003 (Cross-site scripting (XSS) vulnerability in cgi/b/ic/connect in the ...)
	NOT-FOR-US: SpeedTouch
CVE-2007-6002 (Cross-site scripting (XSS) vulnerability in Fenriru (1) Sleipnir ...)
	NOT-FOR-US: Fenriru
CVE-2007-6001 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-6000 (KDE Konqueror 3.5.6 and earlier allows remote attackers to cause a ...)
	- kdebase <unfixed> (unimportant; bug #451794)
	NOTE: not reproducible with 4:3.5.8.dfsg.1-1, poked maintainer
	NOTE: it seems konqueror only treats the cookie value until some special length
	NOTE: as cookie, after this length it will open the rest as site content. This eats alot
	NOTE: ram and cpu but depending on how much ram the system has, konqueror will die after
	NOTE: no memory is left, not treated as security problem.
CVE-2007-5999 (SQL injection vulnerability in product_desc.php in Softbiz Auctions ...)
	NOT-FOR-US: Softbiz
CVE-2007-5998 (SQL injection vulnerability in ads.php in Softbiz Ad Management plus ...)
	NOT-FOR-US: Softbiz
CVE-2007-5997 (SQL injection vulnerability in campaign_stats.php in Softbiz Banner ...)
	NOT-FOR-US: Softbiz Banner Exchange Network Script
CVE-2007-5996 (SQL injection vulnerability in searchresult.php in Softbiz Link ...)
	NOT-FOR-US: Softbiz Link Directory Script
CVE-2007-5995 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: patBBcode
CVE-2007-5994 (PHP remote file inclusion vulnerability in check_noimage.php in Fritz ...)
	NOT-FOR-US: php photo album
CVE-2007-5993 (Cross-site scripting (XSS) vulnerability in Visionary Technology in ...)
	NOT-FOR-US: vtls
CVE-2007-5992 (SQL injection vulnerability in index.php in datecomm Social Networking ...)
	NOT-FOR-US: Social Networking Script
CVE-2007-5991 (SQL injection vulnerability in index.php in ExoPHPdesk allows remote ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2007-5990 (Cross-site scripting (XSS) vulnerability in ExoPHPdesk allows remote ...)
	NOT-FOR-US: ExoPHPdesk
CVE-2006-7230 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...)
	{DSA-1570-1}
	- pcre3 7.0-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...)
	NOT-FOR-US: Symantec Web Security
CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and ...)
	NOT-FOR-US: YaBB
CVE-2007-5989 (Unspecified vulnerability in the skype4com URI handler in Skype before ...)
	NOT-FOR-US: Skype
CVE-2007-5988 (blocks/shoutbox_block.php in BtiTracker 1.4.4 does not verify user ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5987 (details.php in BtiTracker before 1.4.5, when torrent viewing is ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5986 (SQL injection vulnerability in include/functions.php in BtiTracker ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5985 (Multiple cross-site scripting (XSS) vulnerabilities in BtiTracker ...)
	NOT-FOR-US: BtiTracker
CVE-2007-5984 (classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5983 (Cross-site scripting (XSS) vulnerability in index.php in Justin ...)
	NOT-FOR-US: AutoIndex
CVE-2007-5982 (Multiple cross-site scripting (XSS) vulnerabilities in X7 Chat 2.0.4, ...)
	NOT-FOR-US: X7 Chat
CVE-2007-5981 (Lantronix SCS3200 does not properly handle public-key requests, which ...)
	NOT-FOR-US: Lantronix
CVE-2007-5980 (Cross-site scripting (XSS) vulnerability in home/rss.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2007-5979 (Cross-site scripting (XSS) vulnerability in download_plugin.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass
CVE-2007-5978 (SQL injection vulnerability in brokenlink.php in the mylinks module ...)
	NOT-FOR-US: XOOPS
CVE-2007-5977 (Cross-site scripting (XSS) vulnerability in db_create.php in ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
	[etch] - phpmyadmin <not-affected> (Vulnerable code not present)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-5976 (SQL injection vulnerability in db_create.php in phpMyAdmin before ...)
	- phpmyadmin 4:2.11.2.1-1 (unimportant; bug #451465)
CVE-2007-5975 (SQL injection vulnerability in index.php in TBSource, as used in (1) ...)
	NOT-FOR-US: TBSource
CVE-2007-5974 (SQL injection vulnerability in mailer.php in JPortal 2 allows remote ...)
	NOT-FOR-US: JPortal
CVE-2007-5973 (SQL injection vulnerability in articles.php in JPortal 2.3.1 and ...)
	NOT-FOR-US: JPortal
CVE-2007-5972 (Double free vulnerability in the krb5_def_store_mkey function in ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: potential attackers must have privileges to store the krb5kdc master key
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5971 (Double free vulnerability in the gss_krb5int_make_seal_token_v3 ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5970 (MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote ...)
	- mysql-dfsg-5.0 <not-affected> (Vulnerable code not present referring to maintainer)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
	NOTE: version in experimental is affected by this
	NOTE: the debian maintainers do not yet have access to this issue: http://lists.mysql.com/packagers/377
CVE-2007-5969 (MySQL Community Server 5.0.x before 5.0.51, Enterprise Server 5.0.x ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-4 (low; bug #455010)
	- mysql-dfsg-4.1 <removed>
CVE-2007-5968
	REJECTED
CVE-2007-5967
	RESERVED
CVE-2007-5966 (Integer overflow in the hrtimer_start function in kernel/hrtimer.c in ...)
	{DSA-1436-1}
	- linux-2.6 2.6.23-2
CVE-2007-5965 (QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly ...)
	- qt4-x11 4.3.3-1
	[etch] - qt4-x11 <not-affected> (Vulnerable code was introduced in 4.3)
	- qt-x11-free <not-affected> (Vulnerable code was introduced in 4.3)
CVE-2007-5964 (The default configuration of autofs 5 in some Linux distributions, ...)
	- autofs 3.1.4-8 (medium)
	- autofs5 5.0.3-1
CVE-2007-5963 (Unspecified vulnerability in kdebase allows local users to cause a ...)
	- kdebase <unfixed> (unimportant)
	NOTE: This has only theoretical security impact
CVE-2007-5962 (Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red ...)
	- vsftpd <not-affected> (Vulnerability in Red Hat-specific patch)
CVE-2007-5961 (Cross-site scripting (XSS) vulnerability in the Red Hat Network ...)
	NOT-FOR-US: Red Hat Network channel search feature
CVE-2007-5960 (Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-39
CVE-2007-5959 (Multiple unspecified vulnerabilities in Mozilla Firefox before ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-38
CVE-2007-5958 (X.Org Xserver before 1.4.1 allows local users to determine the ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2006-7229 (The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Ubuntu-specific regression)
CVE-2006-7228 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2006-7227 (Integer overflow in Perl-Compatible Regular Expression (PCRE) library ...)
	{DSA-1570-1}
	- pcre3 6.2-1
	- kazehakase 0.5.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2005-4872 (Perl-Compatible Regular Expression (PCRE) library before 6.2 does not ...)
	- pcre3 6.2-1
	[sarge] - pcre3 4.5+7.4-1
	NOTE: http://www.pcre.org/changelog.txt states fixed in 6.2
CVE-2007-5957 (Unspecified vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5956 (Directory traversal vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2007-5955 (Cross-site scripting (XSS) vulnerability in updir.php in UPDIR.NET ...)
	NOT-FOR-US: UPDIR.NET
CVE-2007-5954 (Cross-site scripting (XSS) vulnerability in buscador.php in JLMForo ...)
	NOT-FOR-US: JLMForo System
CVE-2007-5953 (Unspecified vulnerability in Really Simple CalDAV Store (RSCDS) before ...)
	NOT-FOR-US: Really Simple CalDAV Store
CVE-2007-5952 (Cross-site scripting (XSS) vulnerability in admin/index.php in Helios ...)
	NOT-FOR-US: Helios Calendar
CVE-2007-5951 (SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows ...)
	NOT-FOR-US: E-Vendejo
CVE-2007-5950 (Cross-site scripting (XSS) vulnerability in NetCommons before 1.0.11, ...)
	NOT-FOR-US: NetCommons
CVE-2007-5949 (Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk ...)
	NOT-FOR-US: IBM Tivoli Service Desk
CVE-2007-5948 (Multiple cross-site scripting (XSS) vulnerabilities in main.php in ...)
	NOT-FOR-US: SF-Shoutbox
CVE-2007-5947 (The jar protocol handler in Mozilla Firefox before 2.0.0.10 and ...)
	{DSA-1506-1 DSA-1425-1 DSA-1424-1}
	- iceweasel 2.0.0.10-1 (low; bug #451624)
	- iceape 1.1.7-1
	- xulrunner 1.8.1.11-1
	NOTE: MFSA2007-37
CVE-2007-5946 (Unspecified vulnerability in the Aries PA-RISC emulator on HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2007-5945 (USVN before 0.6.5 allows remote attackers to obtain a list of ...)
	NOT-FOR-US: usvn
CVE-2007-5944 (Cross-site scripting (XSS) vulnerability in Servlet Engine / Web ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-5943 (Simple Machines Forum (SMF) 1.1.4 allows remote attackers to read a ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5942 (Bandersnatch 0.4 allows remote attackers to obtain sensitive ...)
	- bandersnatch <removed> (unimportant; bug #451365)
	NOTE: Installation path disclosure not treated as a security issue
CVE-2007-5941 (Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in ...)
	NOT-FOR-US: Adobe Shockwave
CVE-2007-5940 (feynmf.pl in feynmf 1.08, as used in TeXLive 2007, allows local users ...)
	- texlive-bin 2005.dfsg.2-1
	- feynmf 1.08-1
CVE-2007-5939 (The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 ...)
	- heimdal <not-affected> (vulnerable code not present, ticketfile is just unlinked which is ok)
CVE-2007-5938 (The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi ...)
	- linux-2.6 2.6.23-2
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
	NOTE: we ship the iwl code in /debian/patches/features/all/v7-iwlwifi-add-iwlwifi-wireless-drivers.patch
CVE-2007-5937 (Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5936 (dvips in teTeX and TeXlive 2007 and earlier allows local users to ...)
	- texlive-bin 2007-13
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5935 (Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive ...)
	{DTSA-97-1}
	- texlive-bin 2007.dfsg.1-1
	[etch] - texlive-bin <no-dsa> (Minor issue)
CVE-2007-5934 (The LOB functionality in PEAR MDB2 before 2.5.0a1 interprets a request ...)
	- php-mdb2 2.5.0b2-1
CVE-2007-5933 (Pioneers (formerly gnocatan) before 0.11.3 allows remote attackers to ...)
	{DTSA-89-1}
	- pioneers 0.11.3-2 (low; bug #449541)
	[etch] - pioneers <no-dsa> (Minor issue)
CVE-2006-7226 (Perl-Compatible Regular Expression (PCRE) library before 6.7 does not ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2006-7225 (Perl-Compatible Regular Expression (PCRE) library before 6.7 allows ...)
	- pcre3 6.7-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
	[sarge] - pcre3 4.5+7.4-1
	[etch] - pcre3 6.7+7.4-2
CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
	NOT-FOR-US: PostNuke
CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 ...)
	NOT-FOR-US: JBrowser
CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire ...)
	NOT-FOR-US: 2Wire Gateway
CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...)
	NOT-FOR-US: PostNuke
CVE-2007-5932 (Multiple cross-site scripting (XSS) vulnerabilities in Fatwire Content ...)
	NOT-FOR-US: Fatwire Content Server
CVE-2007-5931 (The reDirect function in lib/controllers/RepViewController.php in ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-5930 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Cerberus Ftp Server
CVE-2007-5929 (Buffer overflow in OpenBase 10.0.5 and earlier might allow remote ...)
	NOT-FOR-US: OpenBase
CVE-2007-5928 (OpenBase 10.0.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: OpenBase
CVE-2007-5927 (Directory traversal vulnerability in OpenBase 10.0.5 and earlier ...)
	NOT-FOR-US: OpenBase
CVE-2007-5926 (OpenBase 10.0.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: OpenBase
CVE-2007-5925 (The convert_search_mode_to_innobase function in ha_innodb.cc in the ...)
	{DSA-1413-1 DTSA-91-1}
	- mysql-dfsg-5.0 5.0.45-3 (medium; bug #451235)
	- mysql-dfsg-4.1 <removed>
	- mysql-dfsg <removed>
CVE-2007-5924 (Cross-site scripting (XSS) vulnerability in the Web Server (HTTP) task ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5923 (Cross-site scripting (XSS) vulnerability in forms/smpwservices.fcc in ...)
	NOT-FOR-US: eTrust SiteMinder Agent
CVE-2007-5922 (The modules/mdop.m in the Cypress 1.0k script for BitchX, as ...)
	- ircii-pana <not-affected> (Does not ship this script)
CVE-2007-5921 (Unspecified vulnerability in the ioctl interface in the Solaris Volume ...)
	NOT-FOR-US: Solaris
CVE-2007-5920 (index.php in Domenico Mancini PicoFlat CMS before 0.4.18 allows remote ...)
	NOT-FOR-US: Domenico Mancini PicoFlat CMS
CVE-2007-5919 (MyWebFTP, possibly 5.3.2, stores sensitive information under the web ...)
	NOT-FOR-US: MyWebFTP
CVE-2007-5918 (Cross-site request forgery (CSRF) vulnerability in edit.php in the MS ...)
	NOT-FOR-US: MS TopSites
CVE-2007-5917 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Skalinks
CVE-2007-5916 (SQL injection vulnerability in the login page in phphelpdesk 0.6.16 ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5915 (Directory traversal vulnerability in index.php in phphelpdesk 0.6.16 ...)
	NOT-FOR-US: phphelpdesk
CVE-2007-5914 (Direct static code injection vulnerability in ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5913 (dirsys/modules/auth.php in JBC Explorer 7.20 RC1 and earlier does not ...)
	NOT-FOR-US: JBC Explorer
CVE-2007-5912 (SQL injection vulnerability in mailer.php in jPORTAL 2 allows remote ...)
	NOT-FOR-US: jPORTAL
CVE-2007-5911 (Multiple stack-based buffer overflows in the AxMetaStream ActiveX ...)
	NOT-FOR-US: Viewpoint Media Player
CVE-2007-5910 (Stack-based buffer overflow in Autonomy (formerly Verity) KeyView ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5909 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
	NOT-FOR-US: IBM Lotus Notes, Symantec Mail Security, and others
CVE-2007-5908
	REJECTED
CVE-2007-5907 (Xen 3.1.1 does not prevent modification of the CR4 TSC from ...)
	- xen-3 3.1.2-1 (unimportant; bug #451626)
	- xen-3.0 <removed> (unimportant)
	NOTE: CONFIG_SECCOMP isn't activated in Debian kernels
CVE-2007-5906 (Xen 3.1.1 allows virtual guest system users to cause a denial of ...)
	- xen-3 3.1.2-1 (medium; bug #451626)
	- xen-3.0 <removed>
CVE-2007-5905 (Adobe ColdFusion 8 and MX 7 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2007-5904 (Multiple buffer overflows in CIFS VFS in Linux kernel 2.6.23 and ...)
	{DSA-1428-1}
	- linux-2.6 2.6.24-1
	- linux-2.6.24 <not-affected> (Fixed before initial upload, upstream in 2.6.24)
	NOTE: Upstream commit 133672efbc1085f9af990bdc145e1822ea93bcf3
CVE-2007-5903
	RESERVED
CVE-2007-5902 (Integer overflow in the svcauth_gss_get_principal function in ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5901 (Use-after-free vulnerability in the gss_indicate_mechs function in ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2007-5900 (PHP before 5.2.5 allows local users to bypass protection mechanisms ...)
	NOTE: Apparently a dupe of CVE-2007-4659 due to temporary revoke of the patch
	NOTE: from CVS and later re-introduction
	NOTE: http://bugs.php.net/bug.php?id=41561
CVE-2007-5899 (The output_add_rewrite_var function in PHP before 5.2.5 rewrites local ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/url_scanner_ex.re?r1=1.76.2.2.2.1&r2=1.76.2.2.2.2&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5898 (The (1) htmlentities and (2) htmlspecialchars functions in PHP before ...)
	{DSA-1444-1}
	- php5 5.2.5-1 (bug #453295)
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/html.c?r1=1.111.2.2.2.14&r2=1.111.2.2.2.15&view=patch
	NOTE: fixed in php5/etch svn
CVE-2007-5897 (Buffer overflow in MDSYS.SDO_CS in Oracle Database Server 8iR3, 9iR1, ...)
	NOT-FOR-US: Oracle
CVE-2007-5896 (Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5895
	RESERVED
CVE-2007-5894 (** DISPUTED ** ...)
	- krb5 1.6.dfsg.4~beta1-1 (unimportant; bug #454974)
	NOTE: Not exploitable in real-world circumstances:
	NOTE: http://mailman.mit.edu/pipermail/kerberos/2007-December/012717.html
CVE-2006-7224
	REJECTED
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition ...)
	NOT-FOR-US: WebTrends Reporting Center
CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...)
	NOT-FOR-US: Quick 'n Easy FTP Server (Windows only)
CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo ...)
	NOT-FOR-US: XTREME ASP Photo Gallery
CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx ...)
	NOT-FOR-US: Codeworx Technologies DCP-Portal
CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full ...)
	NOT-FOR-US: Justice Guestbook
CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice ...)
	NOT-FOR-US: Justice Guestbook
CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows ...)
	NOT-FOR-US: PhpPass
CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows ...)
	NOT-FOR-US: PhpMyShop
CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi ...)
	NOT-FOR-US: Lilikoi Software Ceilidh
CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...)
	- phpbb2 <not-affected> (Vulnerable versions too old to have been in Debian)
CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk ...)
	NOT-FOR-US: Seagull Software Systems J Walk
CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ...)
	NOT-FOR-US: Fujitsu Siemens NetWorker
CVE-2007-5893 (HTTPSocket.cpp in the C++ Sockets Library before 2.2.5 allows remote ...)
	NOT-FOR-US: Sockets Library
CVE-2007-5892 (Stack-based buffer overflow in the pdg2.dll ActiveX control in ...)
	NOT-FOR-US: SSReader
CVE-2007-5891 (Multiple cross-site scripting (XSS) vulnerabilities in jsp/Login.do in ...)
	NOT-FOR-US: ManageEngine OpManager and OpManager
CVE-2007-5890 (Directory traversal vulnerability in index.php in easyGB 2.1.1 allows ...)
	NOT-FOR-US: easyGB
CVE-2007-5889 (Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha ...)
	NOT-FOR-US: IDMOS
CVE-2007-5888 (Cross-site scripting (XSS) vulnerability in displayecard.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-5887 (SQL injection vulnerability in boards/printer.asp in ASP Message Board ...)
	NOT-FOR-US: ASP Message Board
CVE-2007-5886
	RESERVED
CVE-2007-5885
	RESERVED
CVE-2007-5884
	RESERVED
CVE-2007-5883
	RESERVED
CVE-2007-5882
	RESERVED
CVE-2007-5881
	RESERVED
CVE-2007-5880
	RESERVED
CVE-2007-5879
	RESERVED
CVE-2007-5878
	RESERVED
CVE-2007-5877
	RESERVED
CVE-2007-5876
	RESERVED
CVE-2007-5875
	RESERVED
CVE-2007-5874
	RESERVED
CVE-2007-5873
	RESERVED
CVE-2007-5872
	RESERVED
CVE-2007-5871
	RESERVED
CVE-2007-5870
	RESERVED
CVE-2007-5869
	RESERVED
CVE-2007-5868
	RESERVED
CVE-2007-5867
	RESERVED
CVE-2007-5866
	RESERVED
CVE-2007-5865
	RESERVED
CVE-2007-5864
	RESERVED
CVE-2007-5863 (Software Update in Apple Mac OS X 10.5.1 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5862 (Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to ...)
	NOT-FOR-US: Cisco IP Phone 7940
CVE-2007-5861 (Unspecified vulnerability in Spotlight in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-5860 (Unspecified vulnerability in Spin Tracer in Apple Mac OS X 10.5.1 ...)
	NOT-FOR-US: Spin Tracer (Apple Mac OS X)
CVE-2007-5859 (Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Safari RSS (Apple Mac OS X)
CVE-2007-5858 (WebKit in Safari in Apple Mac OS X 10.4.11 and 10.5.1, iPhone 1.0 ...)
	NOT-FOR-US: Safari (Apple Mac OS X)
CVE-2007-5857 (Quick Look in Apple Mac OS X 10.5.1 does not prevent a movie from ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5856 (Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does ...)
	NOT-FOR-US: Quick Look (Apple Mac OS X)
CVE-2007-5855 (Mail in Apple Mac OS X 10.4.11 and 10.5.1, when an SMTP account has ...)
	NOT-FOR-US: Mail (Apple Mac OS X)
CVE-2007-5854 (Launch Services in Apple Mac OS X 10.4.11 and 10.5.1 does not treat ...)
	NOT-FOR-US: Launch Services (Apple Mac OS X)
CVE-2007-5853 (Unspecified vulnerability in IO Storage Family in Apple Mac OS X ...)
	NOT-FOR-US: IO Storage Family (Apple Mac OS X)
CVE-2007-5852
	RESERVED
CVE-2007-5851 (iChat in Apple Mac OS X 10.4.11 allows network-adjacent remote ...)
	NOT-FOR-US: iChat (Apple Mac OS X)
CVE-2007-5850 (Heap-based buffer overflow in Desktop Services in Apple Mac OS X ...)
	NOT-FOR-US: Desktop Services (Apple Mac OS X)
CVE-2007-5849 (Integer underflow in the asn1_get_string function in the SNMP back end ...)
	{DSA-1437-1}
	- cupsys 1.3.5-1 (medium; bug #457453)
	- cups 1.3.5-1 (medium; bug #457453)
	[sarge] - cupsys <not-affected> (Vulnerable code not present)
CVE-2007-5848 (Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin ...)
	- cupsys 1.2.0
	- cups 1.2.0
	NOTE: This only affects the Cups 1.1 series
	[sarge] - cupsys <no-dsa> (Minor issue, may only lead to an infinite loop)
CVE-2007-5847 (Race condition in the CFURLWriteDataAndPropertiesToResource API in ...)
	NOT-FOR-US: Core Foundation (Apple Mac OS X)
CVE-2007-5846 (The SNMP agent (snmp_agent.c) in net-snmp before 5.4.1 allows remote ...)
	{DSA-1483-1 DTSA-88-1}
	- net-snmp 5.4.1~dfsg-1
	NOTE: 5.4.1 already includes a fix by the upstream author
CVE-2007-5845 (Directory traversal vulnerability in error.php in GuppY 4.6.3, 4.5.16, ...)
	NOT-FOR-US: GuppY
CVE-2007-5844 (Directory traversal vulnerability in inc/includes.inc in GuppY 4.6.3 ...)
	NOT-FOR-US: GuppY
CVE-2007-5843 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: scWiki
CVE-2007-5842 (Multiple PHP remote file inclusion vulnerabilities in Vortex Portal ...)
	NOT-FOR-US: Vortex Portal
CVE-2007-5841 (PHP remote file inclusion vulnerability in admin/index.php in nuBoard ...)
	NOT-FOR-US: nuBoard
CVE-2007-5840 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SyndeoCMS
CVE-2007-5838 (Aclient in Symantec Altiris Deployment Solution 6.x before 6.8.380.0 ...)
	NOT-FOR-US: Symantec
CVE-2007-5837 (GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, ...)
	{DSA-1477-1}
	- yarssr 0.2.2-3 (bug #448721)
CVE-2007-5836 (SQL injection vulnerability in Amazing Flash AFCommerce allows remote ...)
	NOT-FOR-US: Amazing Flash AFCommerce
CVE-2007-5835 (Install.php in BosDev BosNews 4 and 5 does not require authentication ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5834 (Cross-site scripting (XSS) vulnerability in BosDev BosNews 4 allows ...)
	NOT-FOR-US: BosDev BosNews
CVE-2007-5833 (Multiple cross-site scripting (XSS) vulnerabilities in BosDev ...)
	NOT-FOR-US: BosDev BosMarket Business Directory System
CVE-2007-5832 (Unspecified vulnerability in selectLanguage.do in SSL-Explorer before ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5831 (Directory traversal vulnerability in fileSystem.do in SSL-Explorer ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-5830 (Unspecified vulnerability in the administrative interface in Avaya ...)
	NOT-FOR-US: Avaya Messaging Storage Server
CVE-2007-5829 (The Disk Mount scanner in Symantec AntiVirus for Macintosh 9.x and ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-5828 (** DISPUTED ** ...)
	- python-django 1.2.1 (unimportant)
	NOTE: this is documented in docs/csrf.txt included in the python-django package and
	NOTE: there is a plugin enabling this feature. This is intended behaviour pre-1.2.
	NOTE: https://docs.djangoproject.com/en/1.10/ref/csrf/#using-csrf
CVE-2007-5827 (iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for ...)
	{DTSA-106-1}
	- iscsitarget 0.4.15-5 (bug #448873)
	NOTE: init script has "dump" function, which marks conffile correctly
CVE-2007-5826 (Absolute path traversal vulnerability in the EDraw Flowchart ActiveX ...)
	NOT-FOR-US: EDraw Flowchart
CVE-2007-5825 (Format string vulnerability in the ws_addarg function in webserver.c ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1 (bug #459961)
CVE-2007-5824 (webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier ...)
	{DSA-1597-1}
	- mt-daapd 0.9~r1696-1.1 (bug #459961)
CVE-2007-5823 (Directory traversal vulnerability in forum.php in Ben Ng Scribe 0.2 ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5822 (Direct static code injection vulnerability in forum.php in Ben Ng ...)
	NOT-FOR-US: Ben Ng Scribe
CVE-2007-5821 (Multiple directory traversal vulnerabilities in DM Guestbook 0.4.1 and ...)
	NOT-FOR-US: DM Guestbook
CVE-2007-5820 (Directory traversal vulnerability in index.php in Ax Developer CMS ...)
	NOT-FOR-US: Ax Developer CMS
CVE-2007-5819 (IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak ...)
	NOT-FOR-US: IBM Tivoli
CVE-2007-5818 (Cross-site request forgery (CSRF) vulnerability in blocks_edit_do.php ...)
	NOT-FOR-US: sBlog
CVE-2007-5817 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5816 (dialog.php in CONTENTCustomizer 3.1mp and earlier allows remote ...)
	NOT-FOR-US: CONTENTCustomizer
CVE-2007-5815 (Absolute path traversal vulnerability in the WebCacheCleaner ActiveX ...)
	NOT-FOR-US: WebCacheCleaner
CVE-2007-5814 (Multiple buffer overflows in the SonicWall SSL-VPN NetExtender ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5813 (Multiple directory traversal vulnerabilities in download.php in ...)
	NOT-FOR-US: ISPworker
CVE-2007-5812 (Directory traversal vulnerability in ...)
	NOT-FOR-US: ModuleBuilder
CVE-2007-5811 (** DISPUTED ** ...)
	NOT-FOR-US: phpMyConferences
CVE-2007-5810 (Hitachi Web Server 01-00 through 03-00-01, as used by certain ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5809 (Cross-site scripting (XSS) vulnerability in Hitachi Web Server 01-00 ...)
	NOT-FOR-US: Hitachi Web Server
CVE-2007-5808 (Unspecified vulnerability in the Groupmax Collaboration - Schedule ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal
CVE-2007-5807 (Buffer overflow in the register function in Ultra Star Reader ActiveX ...)
	NOT-FOR-US: SSReader
CVE-2007-5806 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: ILIAS
CVE-2007-5805 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5804 (cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5803 (Multiple cross-site scripting (XSS) vulnerabilities in CGI programs in ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 <removed> (low; bug #482445)
	- nagios3 3.0.2-1 (low; bug #485439)
CVE-2007-5802 (Directory traversal vulnerability in index.php in Firewolf ...)
	NOT-FOR-US: Firewolf Technologies Synergiser
CVE-2007-5801 (Unspecified vulnerability in WORK system e-commerce before 4.0.2 has ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-5800 (Multiple PHP remote file inclusion vulnerabilities in the ...)
	NOT-FOR-US: BackUpWordPress
CVE-2007-5799 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5797 (SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an ...)
	- geronimo <itp> (bug #481869)
CVE-2007-5796 (Cross-site scripting (XSS) vulnerability in the management console in ...)
	NOT-FOR-US: Blue Coat ProxySG
CVE-2007-5794 (Race condition in nss_ldap, when used in applications that are linked ...)
	{DSA-1430-1}
	- libnss-ldap 256-1 (bug #453868)
CVE-2007-5839 (The e_hostname function in commands.c in BitchX 1.1a allows local ...)
	- ircii-pana <removed> (low; bug #449149)
	[etch] - ircii-pana <no-dsa> (Minor issue)
	[sarge] - ircii-pana <no-dsa> (Minor issue)
CVE-2007-5795 (The hack-local-variables function in Emacs before 22.2, when ...)
	{DTSA-79-1}
	- emacs22 22.1+1-2.1 (medium; bug #449008)
	NOTE: Emacs 21 is not affected
CVE-2007-5793 (Stonesoft StoneGate IPS before 4.0 does not properly decode ...)
	NOT-FOR-US: Stonesoft StoneGate IPS
CVE-2007-5792 (The Vonage Motorola Phone Adapter VT 2142-VD does not encrypt RTP ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5791 (The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify ...)
	NOT-FOR-US: Vonage Motorola Phone Adapter
CVE-2007-5790 (The Globe7 soft phone client 7.3 uses weak cryptography (reversed ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5789 (The Grandstream HT-488 0.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5788 (Buffer overflow in the SIP parser on the Grandstream HT-488 0.1 allows ...)
	NOT-FOR-US: Grandstream HT-488
CVE-2007-5787 (Micro Login System 1.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Micro Login System
CVE-2007-5786 (Multiple PHP remote file inclusion vulnerabilities in GoSamba 1.0.1 ...)
	NOT-FOR-US: GoSamba
CVE-2007-5785 (SQL injection vulnerability in file.php in JobSite Professional 2.0 ...)
	NOT-FOR-US: JobSite
CVE-2007-5784 (PHP remote file inclusion vulnerability in index.php in CaupoShop Pro ...)
	NOT-FOR-US: CaupoShop Pro
CVE-2007-5783 (SQL injection vulnerability in emc.asp in emagiC CMS.Net 4.0 allows ...)
	NOT-FOR-US: emagiC cms
CVE-2007-5782 (Directory traversal vulnerability in dl.php in FireConfig 0.5 allows ...)
	NOT-FOR-US: FireConfig
CVE-2007-5781 (PHP remote file inclusion vulnerability in inc/sige_init.php in Sige ...)
	NOT-FOR-US: Sige
CVE-2007-5780 (PHP remote file inclusion vulnerability in pub/pub08_comments.php in ...)
	NOT-FOR-US: teatro
CVE-2007-5779 (Buffer overflow in the GomManager (GomWeb Control) ActiveX control in ...)
	NOT-FOR-US: Gretech Online Movie Player
CVE-2007-5778 (Mobile Spy (1) stores login credentials in cleartext under the ...)
	NOT-FOR-US: Mobile Spy
CVE-2007-5777 (Blue-Collar Productions i-Gallery 3.4 stores sensitive information ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5776 (Directory traversal vulnerability in igallery.asp in Blue-Collar ...)
	NOT-FOR-US: Blue-Collar Productions i-Gallery
CVE-2007-5775 (Unspecified vulnerability in BitDefender allows attackers to execute ...)
	NOT-FOR-US: BitDefender
CVE-2007-5774 (index.php in the File Manager module in Flatnuke 3 allows remote ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5773 (Cross-site request forgery (CSRF) vulnerability in index.php in the ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5772 (Direct static code injection vulnerability in the download module in ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5771 (Flatnuke 3 (aka FlatnuX) allows remote attackers to obtain ...)
	NOT-FOR-US: Flatnuke
CVE-2007-5770 (The (1) Net::ftptls, (2) Net::telnets, (3) Net::imap, (4) Net::pop, ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1
	- ruby1.8 1.8.6.111-1 (low; bug #451374)
CVE-2007-5769 (Double free vulnerability in the getreply function in ftp.c in netkit ...)
	- netkit-ftp <not-affected> (Vulnerable code not present)
CVE-2007-5768 (The Globe7 soft phone client 7.3 sends username and password ...)
	NOT-FOR-US: Globe7 soft phone client
CVE-2007-5767 (Heap-based buffer overflow in the Client Trust application ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5766 (SQL injection vulnerability in okxLOV.jsp in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-5765
	RESERVED
CVE-2007-5764 (Buffer overflow in the pioout program in printers.rte in IBM AIX 5.2, ...)
	NOT-FOR-US: IBM AIX
CVE-2007-5763
	REJECTED
CVE-2007-5762 (NICM.SYS driver 3.0.0.4, as used in Novell NetWare Client 4.91 SP4, ...)
	NOT-FOR-US: Novell NetWare Client
CVE-2007-5761 (The NantSys device 5.0.0.115 in Motorola netOctopus 5.1.2 build 1011 ...)
	NOT-FOR-US: Motorola netOctopus
CVE-2007-5760 (Array index error in the XFree86-Misc extension in X.Org Xserver ...)
	{DSA-1466-2 DTSA-110-1}
	- xorg-server 2:1.4.1~git20080105-2
CVE-2007-5759
	REJECTED
CVE-2007-5758 (Stack-based buffer overflow in db2dasrrm in the DB2 Administration ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5757 (Untrusted search path vulnerability in db2pd in IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5756 (Multiple array index errors in the bpf_filter_init function in NPF.SYS ...)
	NOT-FOR-US: WinPcap
CVE-2007-5755 (Multiple stack-based buffer overflows in the AOL AmpX ActiveX control ...)
	NOT-FOR-US: AOL Radio
CVE-2007-5754 (PHP remote file inclusion vulnerability in urlinn_includes/config.php ...)
	NOT-FOR-US: phpFaber
CVE-2007-5753 (Unspecified vulnerability in Light FMan PHP (lfman or lightfman) ...)
	NOT-FOR-US: Light FMan PHP
CVE-2007-5752 (adduser.php in PHP-AGTC Membership (AGTC-Membership) System 1.1a does ...)
	NOT-FOR-US: PHP-AGTC Membership
CVE-2007-5750
	RESERVED
CVE-2007-5749
	RESERVED
CVE-2007-5748
	RESERVED
CVE-2007-5747 (Integer underflow in OpenOffice.org before 2.4 allows remote attackers ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5746 (Integer overflow in OpenOffice.org before 2.4 allows remote attackers ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5745 (Multiple heap-based buffer overflows in OpenOffice.org before 2.4 ...)
	{DSA-1547-1}
	- openoffice.org 2.4.0~ooh680m5-1
CVE-2007-5744
	RESERVED
CVE-2007-5743
	RESERVED
	- viewvc 1.0.3-2.1 (bug #416696)
CVE-2007-5742 (Directory traversal vulnerability in the WML engine preprocessor for ...)
	{DSA-1421-1 DTSA-90-1}
	- wesnoth 1:1.2.8-1 (medium; bug #453500)
CVE-2007-5741 (Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers ...)
	{DSA-1405-2 DSA-1405-1}
	- zope-cmfplone 2.5.2-2 (bug #449523)
	[sarge] - zope-cmfplone <not-affected> (Upstream confirms that 2.0 branch is not vulnerable)
	NOTE: Fix available:
	NOTE: http://plone.org/about/security/advisories/cve-2007-5741
CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies ...)
	NOT-FOR-US: Anteco Visual Technologies OwnServer
CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2379 (** DISPUTED ** ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5740 (The format string protection mechanism in IMAPD for Perdition Mail ...)
	{DSA-1398-1 DTSA-84-1}
	- perdition 1.17.1-1 (medium; bug #448853)
CVE-2007-5751 (Liferea before 1.4.6 uses weak permissions (0644) for the ...)
	{DTSA-107-1}
	- liferea 1.4.6-1 (low; bug #448850)
	[etch] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	[sarge] - liferea <not-affected> (backup feedlist introduced in 1.2.7)
	NOTE: this file can contain credentials for rss feeds
CVE-2007-5739 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5738 (The FlashUpload component in Korean GHBoard uses a client-side ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5737 (Unrestricted file upload vulnerability in component/upload.jsp in ...)
	NOT-FOR-US: Korean GHBoard
CVE-2007-5736 (Unrestricted file upload vulnerability in upload.php in SeeBlick 1.0 ...)
	NOT-FOR-US: SeeBlick
CVE-2007-5735 (eFileMan 7.1.0.87-88 stores sensitive information under the web root ...)
	NOT-FOR-US: eFileMan
CVE-2007-5734 (Unrestricted file upload vulnerability in eFileMan 7.1.0.87-88 allows ...)
	NOT-FOR-US: eFileMan
CVE-2007-5733 (Unrestricted file upload vulnerability in upload/upload.php in ...)
	NOT-FOR-US: Japanese PHP Gallery Hosting
CVE-2007-5732 (Directory traversal vulnerability in downloadfile.php in eLouai's ...)
	NOT-FOR-US: eLouai's Force Download
CVE-2007-5731 (Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and ...)
	- slide-webdavclient <not-affected> (Vulnerable code is only in the server part, but debian only has the client part)
CVE-2007-5730 (Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5729 (The NE2000 emulator in QEMU 0.8.2 allows local users to execute ...)
	{DSA-1284-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 72+dfsg-1
	- linux-2.6 <not-affected> (vulnerability does not affected kernel module)
	- linux-2.6.24 <not-affected> (vulnerability does not affected kernel module)
CVE-2007-5728 (Cross-site scripting (XSS) vulnerability in phpPgAdmin 3.5 to 4.1.1, ...)
	{DSA-1693-1}
	- phppgadmin 4.1.3-0.1 (bug #449103; low)
CVE-2007-5727 (Incomplete blacklist vulnerability in the stripScripts function in ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2007-5726 (Unspecified vulnerability in the Stream Control Transmission Protocol ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5725 (Multiple cross-site scripting (XSS) vulnerabilities in Smart-Shop ...)
	NOT-FOR-US: Smart-Shop
CVE-2007-5724 (Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live ...)
	NOT-FOR-US: Omnistar Live
CVE-2007-5723 (Heap-based buffer overflow in the samp_send function in nuauth/sasl.c ...)
	{DTSA-82-1}
	- nufw 2.2.7-1 (low)
	[etch] - nufw <not-affected> (Vulnerable code not present)
CVE-2007-5722 (Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx ...)
	NOT-FOR-US: GlobalLink
CVE-2007-5721 (PHP remote file inclusion vulnerability in _theme/breadcrumb.php in ...)
	NOT-FOR-US: MySpacePros MySpace Resource Script
CVE-2007-5720 (Unrestricted file upload vulnerability in the profiles script in ...)
	NOT-FOR-US: ProfileCMS
CVE-2007-5719 (SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows ...)
	NOT-FOR-US: miniBB
CVE-2007-5717 (Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5716 (Unspecified vulnerability in the Internet Protocol (IP) functionality ...)
	NOT-FOR-US: Sun Solaris 10
CVE-2007-5715 (DenyHosts 2.6 processes OpenSSH sshd &quot;not listed in AllowUsers&quot; log ...)
	- denyhosts 2.6-2 (low)
	[etch] - denyhosts <no-dsa> (Minor issue)
	NOTE: bug was fixed with 06_permit_rootlogin_no.dpatch
CVE-2007-5714 (The Gentoo ebuild of MLDonkey before 2.9.0-r3 has a p2p user account ...)
	- mldonkey <not-affected> (Gentoo-specific packaging flaw)
CVE-2007-5713 (Off-by-one error in the GeoIP module in the AMX Mod X 1.76d plugin for ...)
	NOT-FOR-US: Half-Life Server
CVE-2007-5712 (The internationalization (i18n) framework in Django 0.91, 0.95, ...)
	{DSA-1640-1}
	- python-django 0.96-1.1 (low; bug #448838)
CVE-2007-5711 (Massive Entertainment World in Conflict 1.001 and earlier allows ...)
	NOT-FOR-US: Conflict
CVE-2007-5710 (Cross-site scripting (XSS) vulnerability in ...)
	- wordpress 2.3.1-1 (unimportant)
	NOTE: requires register_globals On, which we don't support
CVE-2007-5709 (Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 ...)
	NOT-FOR-US: Sony SonicStage CONNECT Player
CVE-2007-5718 (vobcopy 0.5.14 allows local users to append data to an arbitrary file, ...)
	- vobcopy 1.0.2-1 (low; bug #448319)
	[etch] - vobcopy <no-dsa> (Minor issue)
	[sarge] - vobcopy <no-dsa> (Minor issue)
CVE-2007-5706 (Absolute path traversal vulnerability in download.php in Jeebles ...)
	NOT-FOR-US: Jeebles
CVE-2007-5705 (Unspecified vulnerability in the Settings component in the ...)
	NOT-FOR-US: Jeebles
CVE-2007-5704 (Multiple SQL injection vulnerabilities in CodeWidgets.com Online Event ...)
	NOT-FOR-US: CodeWidgets
CVE-2007-5703 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: RSA KEON
CVE-2007-5702 (Cross-site scripting (XSS) vulnerability in swamp/action/LoginActions ...)
	NOT-FOR-US: SWAMP OpenSUSE
CVE-2007-5701 (Incomplete blacklist vulnerability in the Certificate Authority (CA) ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5700 (The Evaluate LotusScript method in IBM Lotus Domino before 7.0.3 uses ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-5699 (Stack-based buffer overflow in eIQNetworks Enterprise Security ...)
	NOT-FOR-US: eIQNetworks
CVE-2007-5698 (Cross-site scripting (XSS) vulnerability in default.asp in CREApark ...)
	NOT-FOR-US: CREApark GOLD KOY PORTALI
CVE-2007-5697 (Multiple PHP remote file inclusion vulnerabilities in PHP Image 1.2 ...)
	NOT-FOR-US: phpImage
CVE-2007-5696 (PHP remote file inclusion vulnerability in includes.php in phpBasic ...)
	NOT-FOR-US: phpBasic
CVE-2007-5695 (Open redirect vulnerability in command.php in SiteBar 3.3.8 allows ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448690)
	NOTE: there is no real exploit scenario
CVE-2007-5694 (Absolute path traversal vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5693 (Eval injection vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #447135)
CVE-2007-5692 (Multiple cross-site scripting (XSS) vulnerabilities in SiteBar 3.3.8 ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (low; bug #448689)
CVE-2007-5691 (ParseFTPList.cpp in Mozilla Firefox 2.0.0.7 allows remote FTP servers ...)
	- iceweasel 2.0.0.8-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-5690 (** DISPUTED ** ...)
	- zaptel 1:1.4.8~dfsg-1 (unimportant; bug #448763)
	NOTE: zaptel does copy argv[1] into ifr_name but zaptel is not suid root or something
	NOTE: similar so this is no security issue in Debian even if sethdl-new will segfault
CVE-2007-5689 (The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5688 (Multiple SQL injection vulnerabilities in directory.php in the ...)
	NOT-FOR-US: Multi Host Forum Pro
CVE-2007-5687 (Multiple buffer overflows in the rich text processing functionality in ...)
	NOT-FOR-US: JustSystems Ichitaro
CVE-2007-5686 (initscripts in rPath Linux 1 sets insecure permissions for the ...)
	- shadow <unfixed> (unimportant)
	NOTE: See #290803, on Debian LOG_UNKFAIL_ENAB in login.defs is set to no so
	NOTE: unknown usernames are not recorded on login failures
CVE-2007-5685 (The safe_path function in shttp before 0.0.5 allows remote attackers ...)
	NOT-FOR-US: shttp
CVE-2007-5684 (Multiple directory traversal vulnerabilities in TikiWiki 1.9.8.1 and ...)
	- tikiwiki <removed>
CVE-2007-5683 (Multiple cross-site scripting (XSS) vulnerabilities in TikiWiki ...)
	- tikiwiki <removed>
CVE-2007-5682 (Incomplete blacklist vulnerability in tiki-graph_formula.php in ...)
	- tikiwiki <removed>
CVE-2007-5681
	RESERVED
CVE-2007-5680
	RESERVED
CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2324 (The &quot;System Restore&quot; directory and subdirectories, and possibly other ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2313 (Eudora email client 5.1.1, with &quot;use Microsoft viewer&quot; enabled, allows ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...)
	NOT-FOR-US: not processed, predates tracker
CVE-2007-5707 (OpenLDAP before 2.3.39 allows remote attackers to cause a denial of ...)
	{DSA-1541-1}
	- openldap2.3 2.3.38-1 (medium; bug #440632)
	- openldap2.2 <removed>
	- openldap2 <not-affected> (slapd not built)
CVE-2007-5708 (slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, ...)
	{DSA-1541-1 DTSA-87-1}
	- openldap2.3 2.3.39-1 (medium; bug #448644)
CVE-2007-2983 (Multiple buffer overflows in the British Telecommunications Consumer ...)
	NOT-FOR-US: British Telecommunications Consumer webhelper
CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5679 (SQL injection vulnerability in index.php in DeeEmm.com DM CMS ...)
	NOT-FOR-US: DM CMS
CVE-2007-5678 (SQL injection vulnerability in the Music module in phpBasic allows ...)
	NOT-FOR-US: phpBasic
CVE-2007-5677 (Cross-site scripting (XSS) vulnerability in shoutbox/blocco.php in ...)
	NOT-FOR-US: Hackish
CVE-2007-5676 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5675 (Stack-based buffer overflow in the DebugPrint function in MultiXTpm ...)
	NOT-FOR-US: MultiXTpm Application Server
CVE-2007-5674 (Directory traversal vulnerability in index.php in InstaGuide Weather ...)
	NOT-FOR-US: InstaGuide Weather
CVE-2007-5673 (Cross-site scripting (XSS) vulnerability in cgi-bin/webif.exe in ifnet ...)
	NOT-FOR-US: ifnet WebIf
CVE-2007-5672
	RESERVED
CVE-2007-5671 (HGFS.sys in the VMware Tools package in VMware Workstation 5.x before ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-5670
	REJECTED
CVE-2007-5669
	RESERVED
CVE-2007-5668
	RESERVED
CVE-2007-5667 (NWFILTER.SYS in Novell Client 4.91 SP 1 through SP 4 for Windows 2000, ...)
	NOT-FOR-US: Novell Client
CVE-2007-5666 (Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.1 ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5665 (STEngine.exe 3.5.0.20 in Novell ZENworks Endpoint Security Management ...)
	NOT-FOR-US: Novell ZENworks Endpoint Security Management
CVE-2007-5664 (db2dasrrm in the DB2 Administration Server (DAS) in IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5663 (Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5662
	RESERVED
CVE-2007-5661 (The Macrovision InstallShield InstallScript One-Click Install (OCI) ...)
	NOT-FOR-US: Macrovision InstallShield
CVE-2007-5660 (Unspecified vulnerability in the Update Service ActiveX control in ...)
	NOT-FOR-US: MacroVision FLEXnet Connect and InstallShield 2008
CVE-2007-5659 (Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-5658 (Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5657 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5656 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5655 (TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, ...)
	NOT-FOR-US: TIBCO SmartSockets RTserver
CVE-2007-5654 (LiteSpeed Web Server before 3.2.4 allows remote attackers to trigger ...)
	NOT-FOR-US: LiteSpeed
CVE-2007-5653 (The Component Object Model (COM) functions in PHP 5.x on Windows do ...)
	- php5 <not-affected> (windows only)
CVE-2007-5652 (IBM DB2 UDB 9.1 before Fixpak 4 does not properly manage storage of a ...)
	NOT-FOR-US: IBM DB2
CVE-2007-5651 (Unspecified vulnerability in the Extensible Authentication Protocol ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-5650 (Directory traversal vulnerability in system.php in ReloadCMS 1.2.7 ...)
	NOT-FOR-US: ReloadCMS
CVE-2007-5649 (Cross-site scripting (XSS) vulnerability in lostpwd.php in Creative ...)
	NOT-FOR-US: Creative Digital Resources SocketMail
CVE-2007-5648 (Multiple cross-site scripting (XSS) vulnerabilities in rnote.php in ...)
	NOT-FOR-US: rnote
CVE-2007-5647 (Multiple cross-site scripting (XSS) vulnerabilities in SocketKB 1.1.5 ...)
	NOT-FOR-US: SocketKB
CVE-2007-5646 (SQL injection vulnerability in Sources/Search.php in Simple Machines ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-5644 (Lussumo Vanilla 1.1.3 and earlier does not require admin privileges ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5643 (Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and ...)
	NOT-FOR-US: Lussumo Vanilla
CVE-2007-5642 (Multiple directory traversal vulnerabilities in PHP Project Management ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5641 (Multiple PHP remote file inclusion vulnerabilities in PHP Project ...)
	NOT-FOR-US: PHP Project Management
CVE-2007-5640 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5639 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and other Nortel ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5638 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5637 (The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5636 (Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote ...)
	NOT-FOR-US: Nortel VOIP products
CVE-2007-5635 (Multiple unspecified vulnerabilities in Salford Software Support ...)
	NOT-FOR-US: Salford Software Support Incident Tracke
CVE-2007-5634 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5633 (Speedfan.sys in Alfredo Milani Comparetti SpeedFan 4.33, when used on ...)
	NOT-FOR-US: SpeedFan
CVE-2007-5632 (Multiple unspecified vulnerabilities in the kernel in Sun Solaris 8 ...)
	NOT-FOR-US: Solaris
CVE-2007-5631 (Multiple PHP remote file inclusion vulnerabilities in PeopleAggregator ...)
	NOT-FOR-US: PeopleAggregator
CVE-2007-5630 (SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS ...)
	NOT-FOR-US: BBsProcesS BBPortalS
CVE-2007-5629 (Cross-site scripting (XSS) vulnerability in admin/logon.asp in ...)
	NOT-FOR-US: ShoppingTree CandyPress Store #
CVE-2007-5628 (PHP remote file inclusion vulnerability in src/scripture.php in The ...)
	NOT-FOR-US: TOWeLS
CVE-2007-5627 (PHP remote file inclusion vulnerability in content/fnc-readmail3.php ...)
	NOT-FOR-US: Socketmail
CVE-2007-5626 (make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a ...)
	- bacula 5.0.0-1 (unimportant; bug #446809)
	NOTE: this script needs the default database password and name needs to be set which
	NOTE: would be a bigger problem in a non-trusted environment. Apart from
	NOTE: this is documented in the bacula documentation
	NOTE: Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, which is not affected
CVE-2007-5625 (Cross-site scripting (XSS) vulnerability in filename.asp in ASP Site ...)
	NOT-FOR-US: Site Search SearchSimon Lite
CVE-2007-5624 (Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 ...)
	{DSA-1883-2 DSA-1883-1}
	- nagios2 2.9-1.1 (low; bug #448371)
CVE-2007-5623 (Buffer overflow in the check_snmp function in Nagios Plugins ...)
	{DSA-1495-1}
	- nagios-plugins 1.4.8-2.2 (medium; bug #448372)
	[sarge] - nagios-plugins <not-affected> (Vulnerable code not present)
CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to ...)
	NOT-FOR-US: SonicWall Pro
CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read ...)
	NOT-FOR-US: Truegalerie
CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...)
	NOT-FOR-US: Truegalerie
CVE-2003-1487 (Multiple &quot;command injection&quot; vulnerabilities in Phorum 3.4 through ...)
	NOT-FOR-US: Phorum
CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full ...)
	NOT-FOR-US: Phorum
CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1469 (The default configuration of ColdFusion MX has the &quot;Enable Robust ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ...)
	NOT-FOR-US: HP-UX
CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5622 (Double free vulnerability in the ftpprchild function in ftppr in ...)
	NOT-FOR-US: 3proxy
CVE-2007-5621 (Multiple cross-site scripting (XSS) vulnerabilities in the Token ...)
	NOT-FOR-US: Token Drupal
	NOTE: Token is not included in the drupal packages
CVE-2007-5620 (Directory traversal vulnerability in admin/inc/help.php in ...)
	NOT-FOR-US: ZZ:FlashChat
CVE-2007-5619 (Unspecified vulnerability in VMware Server before 1.0.4 causes user ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5618 (Unquoted Windows search path vulnerability in the Authorization and ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
CVE-2007-5617 (Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 ...)
	- vmware-package <removed> (low; bug #486177)
	[etch] - vmware-package <no-dsa> (Contrib not supported)
	NOTE: vmware-package just builds vmware from downloaded tarballs, the package itself
	NOTE: does not download them, however it needs to update its hashes for upstream tarballs
CVE-2007-5616 (ssh-signer in SSH Tectia Client and Server 5.x before 5.2.4, and 5.3.x ...)
	NOT-FOR-US: SSH Tectia Client and Server
CVE-2007-5615 (CRLF injection vulnerability in Mortbay Jetty before 6.1.6rc0 allows ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5614 (Mortbay Jetty before 6.1.6rc1 does not properly handle &quot;certain quote ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5613 (Cross-site scripting (XSS) vulnerability in Dump Servlet in Mortbay ...)
	- jetty 6.1.19-1 (low; bug #454529)
CVE-2007-5612 (CIM Server in IBM Director 5.20.1 and earlier allows remote attackers ...)
	NOT-FOR-US: IBM Director
CVE-2007-5611
	RESERVED
CVE-2007-5610 (The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5609
	RESERVED
CVE-2007-5608 (The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5607 (Buffer overflow in the RegistryString function in the ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5606 (Buffer overflow in the MoveFile function in the ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5605 (Buffer overflow in the GetFileTime function in the ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5604 (Buffer overflow in the ExtractCab function in the ...)
	NOT-FOR-US: ActiveX control
CVE-2007-5603 (Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender ...)
	NOT-FOR-US: SonicWall SSL-VPN NetExtender
CVE-2007-5602 (Multiple stack-based buffer overflows in SwiftView Viewer before ...)
	NOT-FOR-US: SwiftView Viewer
CVE-2007-5601 (Stack-based buffer overflow in the Database Component in MPAMedia.dll ...)
	NOT-FOR-US: RealPlayer (windows only issue)
CVE-2007-5600 (Incomplete blacklist vulnerability in index.php in Artmedic CMS 3.4 ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5599 (Multiple PHP remote file inclusion vulnerabilities in awrate 1.0 allow ...)
	NOT-FOR-US: awrate
CVE-2007-5598 (Cross-site scripting (XSS) vulnerability in Weblinks for Drupal 4.7.x ...)
	- drupal5 <not-affected> (bug #447748)
	- drupal <not-affected> (bug #447746)
	NOTE: drupal weblinks is not included in the drupal package in debian
CVE-2007-5597 (The hook_comments API in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5596 (The core Upload module in Drupal 4.7.x before 4.7.8 and 5.x before 5.3 ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5595 (CRLF injection vulnerability in the drupal_goto function in ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5594 (Drupal 5.x before 5.3 does not apply its Drupal Forms API protection ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5593 (install.php in Drupal 5.x before 5.3, when the configured database ...)
	- drupal5 5.3-1
	- drupal 4.7.8-1
CVE-2007-5592 (Multiple PHP remote file inclusion vulnerabilities in awzMB 4.2 beta 1 ...)
	NOT-FOR-US: awzMB
CVE-2007-5591 (The CS1000 signaling server in Nortel Enterprise VoIP-Core-CS 1000M ...)
	NOT-FOR-US: Nortel Enterprise VoIP-Core-CS
CVE-2007-5590 (Multiple buffer overflows in Miranda before 0.7.1 allow remote ...)
	NOT-FOR-US: Miranda
CVE-2007-5588 (Cross-site scripting (XSS) vulnerability in mnoGoSearch before 3.2.43 ...)
	{DTSA-103-1}
	- mnogosearch 3.3.4-4.1 (low; bug #447753)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
	[etch] - mnogosearch <no-dsa> (Minor issue)
CVE-2007-5587 (Buffer overflow in Macrovision SafeDisc secdrv.sys before 4.3.86.0, as ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5586
	REJECTED
CVE-2007-5585 (xscreensaver 5.03 and earlier, when running without ...)
	{DTSA-83-1}
	- xscreensaver 5.03-3.1 (medium; bug #448157)
	[etch] - xscreensaver <not-affected> (Vulnerable code not present)
	[sarge] - xscreensaver <not-affected> (Vulnerable code not present)
CVE-2007-5584 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2007-5583 (Cisco IP Phone 7940 with firmware P0S3-08-7-00 allows remote attackers ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-5582 (Cross-site scripting (XSS) vulnerability in the login page in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-5581 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Cisco Unified MeetingPlace
CVE-2007-5580 (Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 ...)
	NOT-FOR-US: Cisco
CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1411 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2007-5589 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1
CVE-2007-5579 (login.php in Pligg CMS 9.5 uses a guessable confirmation code when ...)
	NOT-FOR-US: Pligg CMS
CVE-2007-5578 (Basic Analysis and Security Engine (BASE) before 1.3.8 sends a ...)
	- acidbase 1.3.8 (low)
	[etch] - acidbase <no-dsa> (Minor issue)
CVE-2007-5577 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2007-5576 (BEA Tuxedo 8.0 before RP392 and 8.1 before RP293, and WebLogic ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2007-5575 (Cross-site request forgery (CSRF) vulnerability in 1024 CMS 1.2.5 ...)
	NOT-FOR-US: 1024 CMS
CVE-2007-5574 (PHP remote file inclusion vulnerability in djpage.php in PHPDJ 0.5 ...)
	NOT-FOR-US: PHPDJPHPDJ
CVE-2007-5573 (PHP remote file inclusion vulnerability in classes/core/language.php ...)
	- limesurvey <itp> (bug #472802)
CVE-2007-5572 (Multiple cross-site request forgery (CSRF) vulnerabilities in Simple ...)
	NOT-FOR-US: SPHPBlog
CVE-2007-5571 (Cisco Firewall Services Module (FWSM) 3.1(6), and 3.2(2) and earlier, ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5570 (Cisco Firewall Services Module (FWSM) 3.2(1), and 3.1(5) and earlier, ...)
	NOT-FOR-US: Cisco Firewall Services Module
CVE-2007-5569 (Cisco PIX and ASA appliances with 7.1 and 7.2 software, when ...)
	NOT-FOR-US: Cisco
CVE-2007-5568 (Cisco PIX and ASA appliances with 7.0 through 8.0 software, and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-5567 (PHP remote file inclusion vulnerability in ...)
	- moin <not-affected> (Does not contain the vulnerable code)
	- karrigell <not-affected> (Does not contain the vulnerable code)
	- knowledgeroot <not-affected> (Does not contain the vulnerable code)
CVE-2007-5566 (** DISPUTED ** ...)
	NOT-FOR-US: PHPBlog
CVE-2007-5565 (** DISPUTED ** ...)
	NOT-FOR-US: phpSCMS
CVE-2007-5564 (Multiple cross-site scripting (XSS) vulnerabilities in NSSboard ...)
	NOT-FOR-US: NSSboard
CVE-2007-5563 (Unspecified vulnerability in VirtueMart before 1.0.13 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2007-5562 (Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the ...)
	NOT-FOR-US: Netgear firmware
CVE-2007-5561 (Format string vulnerability in the logging function in the Oracle OPMN ...)
	NOT-FOR-US: Oracle
CVE-2007-5560 (Heap-based buffer overflow in the Juniper HTTP Service allows remote ...)
	NOT-FOR-US: Juniper HTTP Service
CVE-2007-5559 (Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows ...)
	NOT-FOR-US: IBM ThinkVantage TPM Service
CVE-2007-5558 (Integer overflow in the LG Mobile handset allows remote attackers to ...)
	NOT-FOR-US: LG Mobile handset
CVE-2007-5557 (Unspecified vulnerability in the NEC mobile handset allows remote ...)
	NOT-FOR-US: NEC mobile handset
CVE-2007-5556 (Unspecified vulnerability in the Avaya VoIP Handset allows remote ...)
	NOT-FOR-US: Avaya VoIP Handset
CVE-2007-5555 (Unspecified vulnerability in Symantec Altiris Deployment Solution ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-5554 (Oracle allows remote attackers to obtain server memory contents via ...)
	NOT-FOR-US: Oracle
CVE-2007-5553
	REJECTED
CVE-2007-5552 (Integer overflow in Cisco IOS allows remote attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-2007-5551 (Off-by-one error in Cisco IOS allows remote attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-2007-5550 (Unspecified vulnerability in Cisco IOS allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2007-5549 (Unspecified vulnerability in Command EXEC in Cisco IOS allows local ...)
	NOT-FOR-US: Cisco
CVE-2007-5548 (Multiple stack-based buffer overflows in Command EXEC in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2007-5547 (Cross-site scripting (XSS) vulnerability in Cisco IOS allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-5546 (Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5545 (Format string vulnerability in TIBCO SmartPGM FX allows remote ...)
	NOT-FOR-US: TIBCO SmartPGM FX
CVE-2007-5544 (IBM Lotus Notes before 6.5.6, and 7.x before 7.0.3; and Domino before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-5543 (Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows ...)
	NOT-FOR-US: Miranda
CVE-2007-5542 (Stack-based buffer overflow in Miranda IM 0.6.8 allows remote ...)
	NOT-FOR-US: Miranda
CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module ...)
	NOT-FOR-US: PhpNuke
CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...)
	- eject 2.0.13-1
CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts ...)
	NOT-FOR-US: Cisco
CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote ...)
	NOT-FOR-US: Opera
CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...)
	NOT-FOR-US: KaZaA Media Desktop
CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information ...)
	NOT-FOR-US: CoffeeCup Software Password Wizard
CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to ...)
	NOT-FOR-US: Gupta SQLBase
CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without ...)
	NOT-FOR-US: CryptoBuddy
CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, ...)
	NOT-FOR-US: Opera
CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ...)
	NOT-FOR-US: AXIS 2400 Video Server
CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ...)
	NOT-FOR-US: Invision Power Board
CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor ...)
	NOT-FOR-US: PY-Livredor
CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: WEB-ERP
CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...)
	NOT-FOR-US: ISMail
CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for ...)
	NOT-FOR-US: AMX Half-Life Server
CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 ...)
	NOT-FOR-US: BisonFTP Server
CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to ...)
	NOT-FOR-US: clarkconnectd
CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...)
	NOT-FOR-US: Smart IRC Daemon
CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected ...)
	NOT-FOR-US: WinZip 8.0
CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...)
	NOT-FOR-US: HP-UX 10.20
CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to ...)
	NOT-FOR-US: HP-UX 11.0
CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...)
	NOT-FOR-US: KaZaA Media Desktop
CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows ...)
	NOT-FOR-US: Immobilier
CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in ...)
	NOT-FOR-US: MyPHPLinks
CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...)
	NOT-FOR-US: ShopFactory
CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify ...)
	NOT-FOR-US: ShopFactory
CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...)
	NOT-FOR-US: Lawson Financials
CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com ...)
	NOT-FOR-US: 3Com NBX ftpd
CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware ...)
	NOT-FOR-US: Thatware
CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3 ...)
	NOT-FOR-US: Thatware
CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware ...)
	NOT-FOR-US: Thatware
CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another ...)
	NOT-FOR-US: YABB
CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 ...)
	NOT-FOR-US: Pico Server
CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, ...)
	NOT-FOR-US: Symantec Raptor
CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...)
	NOT-FOR-US: Webshots Desktop screensaver
CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon ...)
	NOT-FOR-US: Remote Console Applet in Halycon
CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ...)
	NOT-FOR-US: Calisto Internet Talker
CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows ...)
	NOT-FOR-US: BadBlue
CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB ...)
	NOT-FOR-US: phpBB Advanced Quick Reply Hack
CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote ...)
	NOT-FOR-US: apt-www-proxy
CVE-2002-2285 (eTrust InoculateIT 6.0 with the &quot;Incremental Scan&quot; option enabled may ...)
	NOT-FOR-US: eTrust
CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...)
	NOT-FOR-US: aldap
CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...)
	NOT-FOR-US: PortailPHP
CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the ...)
	NOT-FOR-US: PHP Board
CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the ...)
	NOT-FOR-US: Fortres
CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the ...)
	NOT-FOR-US: akfingerd
CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client ...)
	NOT-FOR-US: BigFun
CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, and ...)
	NOT-FOR-US: HP-UX
CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to ...)
	NOT-FOR-US: Webster HTTP Server
CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite ...)
	- bogofilter 0.9.0.5
CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or ...)
	NOT-FOR-US: NetScreen
CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of Open ...)
	NOT-FOR-US: Open Source Internet Solutions
CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...)
	NOT-FOR-US: Internet Group Management Protocol
CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 ...)
	NOT-FOR-US: HP-UX Visualize Conference
CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...)
	NOT-FOR-US: HP-UX xntpd
CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass ...)
	- sendmail 8.12.7
CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in ...)
	{DSA-218}
	- bugzilla 2.14.2-1
CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1244 (Computer Associates InoculateIT Agent for Exchange Server does not ...)
	NOT-FOR-US: Exchange Server
CVE-2007-5541 (Unspecified vulnerability in Opera before 9.24, when using an ...)
	NOT-FOR-US: Opera
CVE-2007-5540 (Unspecified vulnerability in Opera before 9.24 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-5539 (Unspecified vulnerability in Cisco Unified Intelligent Contact ...)
	NOT-FOR-US: Cisco
CVE-2007-5538 (Buffer overflow in the Centralized TFTP File Locator Service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-5537 (Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-5536 (Unspecified vulnerability in OpenSSL before A.00.09.07l on HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2007-5535 (Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown ...)
	NOT-FOR-US: RunCms
CVE-2007-5534 (Unspecified vulnerability in the HCM component in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2007-5533 (Unspecified vulnerability in the People Tools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5532 (Unspecified vulnerability in the People Tools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5531 (Unspecified vulnerability in Oracle Help for Web, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5530 (Unspecified vulnerability in the Database Control component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5529 (Unspecified vulnerability in the Oracle Self-Service Web Applications ...)
	NOT-FOR-US: Oracle
CVE-2007-5528 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 ...)
	NOT-FOR-US: Oracle
CVE-2007-5527 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-5526 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5525 (Unspecified vulnerability in the Oracle Single Sign-On component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5524 (Unspecified vulnerability in the Oracle Single Sign-On component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5523 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle
CVE-2007-5522 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5521 (Unspecified vulnerability in the Oracle Containers for J2EE component ...)
	NOT-FOR-US: Oracle
CVE-2007-5520 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle
CVE-2007-5519 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5518 (Unspecified vulnerability in the Oracle HTTP Server component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5517 (Unspecified vulnerability in the Oracle Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-5516 (Unspecified vulnerability in the Oracle Process Mgmt &amp; Notification ...)
	NOT-FOR-US: Oracle
CVE-2007-5515 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-5514 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
	NOT-FOR-US: Oracle
CVE-2007-5513 (The XML DB (XMLDB) component in Oracle Database 9.2.0.8, 9.2.0.8DV, ...)
	NOT-FOR-US: Oracle
CVE-2007-5512 (Unspecified vulnerability in the Oracle Database Vault component in ...)
	NOT-FOR-US: Oracle
CVE-2007-5511 (SQL injection vulnerability in Workspace Manager for Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-5510 (Multiple unspecified vulnerabilities in the Workspace Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-5509 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2007-5508 (Multiple SQL injection vulnerabilities in the CTXSYS Intermedia ...)
	NOT-FOR-US: Oracle
CVE-2007-5507 (The GIOP service in TNS Listener in the Oracle Net Services component ...)
	NOT-FOR-US: Oracle
CVE-2007-5506 (The Core RDBMS component in Oracle Database 9.0.1.5+, 9.2.0.8, ...)
	NOT-FOR-US: Oracle
CVE-2007-5505 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
	NOT-FOR-US: Oracle
CVE-2007-5504 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+ and ...)
	NOT-FOR-US: Oracle
CVE-2007-5503 (Multiple integer overflows in Cairo before 1.4.12 might allow remote ...)
	{DSA-1542-1 DTSA-96-1}
	- libcairo 1.4.10-1.1 (medium; bug #453686)
CVE-2007-5502 (The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does ...)
	NOT-FOR-US: OpenSSL Fips object module
CVE-2007-5501 (The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux ...)
	- linux-2.6 2.6.23-1 (high)
	[etch] - linux-2.6 <not-affected> (Vulnerable code was introduced in 2.6.21)
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=96a2d41a3e495734b63bff4e5dd0112741b93b38
CVE-2007-5500 (The wait_task_stopped function in the Linux kernel before 2.6.23.8 ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-2
CVE-2007-5499
	REJECTED
CVE-2007-5498 (The Xen hypervisor block backend driver for Linux kernel 2.6.18, when ...)
	- xen-unstable <not-affected> (Vulnerable code not present)
	- xen-3 <not-affected> (Vulnerable code not present)
CVE-2007-5497 (Multiple integer overflows in libext2fs in e2fsprogs before 1.40.3 ...)
	{DSA-1422-1 DTSA-95-1}
	- e2fsprogs 1.40.3-1 (bug #454760)
CVE-2007-5496 (Cross-site scripting (XSS) vulnerability in setroubleshoot 2.0.5 ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5495 (sealert in setroubleshoot 2.0.5 allows local users to overwrite ...)
	NOT-FOR-US: setroubleshoot
CVE-2007-5494 (Memory leak in the Red Hat Content Accelerator kernel patch in Red Hat ...)
	- linux-2.6 <not-affected> (RedHat specific patch)
CVE-2007-5493 (The SMS handler for Windows Mobile 2005 Pocket PC Phone edition allows ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-5492 (Static code injection vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5491 (Directory traversal vulnerability in the translation module ...)
	{DSA-1423-1}
	- sitebar 3.3.8-12.1 (bug #447135)
CVE-2007-5490 (SQL injection vulnerability in default.asp in Okul Otomasyon Portal ...)
	NOT-FOR-US: Okul Otomasyon Portal
CVE-2007-5489 (Directory traversal vulnerability in index.php in Artmedic CMS 3.4 and ...)
	NOT-FOR-US: Artmedic CMS
CVE-2007-5487 (Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 ...)
	NOT-FOR-US: COWON America jetAudioc
CVE-2007-5486 (dotProject before 2.1 does not properly check privileges when invoking ...)
	NOT-FOR-US: dotProject
CVE-2007-5485 (SQL injection vulnerability in index.php in the mg2 1.0 module for ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5484 (Directory traversal vulnerability in wxis.exe in WWWISIS 7.1 allows ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5483 (Unspecified vulnerability in the Administrative Scripting Tools (such ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-5482 (Unspecified vulnerability in the FTP service in Sun ...)
	NOT-FOR-US: Sun firmware
CVE-2007-5481 (Distributed Checksum Clearinghouse (DCC) 1.3.65 allows remote ...)
	- dcc <not-affected> (vulnerable code introduced in 1.3.65)
CVE-2007-5480 (Multiple cross-site scripting (XSS) vulnerabilities in InnovaAge ...)
	NOT-FOR-US: ZInnovaAge InnovaShop
CVE-2007-5479 (Cross-site scripting (XSS) vulnerability in Search.asp in Xcomputer ...)
	NOT-FOR-US: Xcomputer
CVE-2007-5478 (Cross-site scripting (XSS) vulnerability in projects in Nabh ...)
	NOT-FOR-US: Sbportal
CVE-2007-5477 (Cross-site scripting (XSS) vulnerability in auth.w in djeyl.net WebMod ...)
	NOT-FOR-US: djeyl.net WebMod
CVE-2007-5476 (Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, ...)
	NOT-FOR-US: Opera specific flash vulnerability
CVE-2007-5475 (Multiple buffer overflows in the Marvell wireless driver, as used in ...)
	NOT-FOR-US: Linksys WAP4400N Wi-Fi access point
CVE-2007-5474 (The driver for the Linksys WRT350N Wi-Fi access point with firmware ...)
	NOT-FOR-US: Linksys WRT350N Wi-Fi access point
CVE-2007-5473 (StaticFileHandler.cs in System.Web in Mono before 1.2.5.2, when ...)
	- mono <not-affected> (Windows-specific vulnerability)
CVE-2007-5472 (Cross-site scripting (XSS) vulnerability in the Server component in CA ...)
	NOT-FOR-US: HIPS
CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
	- phpbb2 <not-affected> (phpbb was the vulnerable one)
CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...)
	NOT-FOR-US: myPHPNuke
CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote ...)
	NOT-FOR-US: ByteCatcher FTP client
CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...)
	NOT-FOR-US: 32bit FTP client
CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and ...)
	NOT-FOR-US: Majordomo
CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...)
	NOT-FOR-US: OpenBSD 2.0
CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...)
	NOT-FOR-US: CGI::Lite 2.0
CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly ...)
	NOT-FOR-US: HP-UX
CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli ...)
	NOT-FOR-US: HP-UX
CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) ...)
	NOT-FOR-US: HP-UX
CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...)
	NOT-FOR-US: HP-UX
CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment ...)
	NOT-FOR-US: HP-UX
CVE-2007-5488 (Multiple SQL injection vulnerabilities in cdr_addon_mysql in ...)
	- asterisk-addons 1.4.4-1
CVE-2007-5471 (libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in ...)
	- libgssapi 0.8-1
CVE-2007-5470 (Microsoft Expression Media stores the catalog password in cleartext in ...)
	NOT-FOR-US: Microsoft Expression Media
CVE-2007-5469 (** DISPUTED ** ...)
	- openser 1.3.0-1 (unimportant; bug #446956)
	NOTE: should be only "exploitable" in local network with untrusted users
CVE-2007-5468 (Cisco CallManager 5.1.1.3000-5 does not verify the Digest ...)
	NOT-FOR-US: Cisco
CVE-2007-5467 (Integer overflow in eXtremail 2.1.1 and earlier allows remote ...)
	NOT-FOR-US: eXtremail
CVE-2007-5466 (Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote ...)
	NOT-FOR-US: eXtremail
CVE-2007-5465 (Directory traversal vulnerability in doop CMS 1.3.7 and earlier allows ...)
	NOT-FOR-US: doop CMS
CVE-2007-5464 (Stack-based buffer overflow in Live for Speed 0.5X10 and earlier ...)
	NOT-FOR-US: Live for Speed
CVE-2007-5463 (ideal_process.php in the iDEAL payment module in ViArt Shop 3.3 beta ...)
	NOT-FOR-US: ViArt Shop
CVE-2007-5462 (Unspecified vulnerability in the Sun Solaris RPC services library ...)
	NOT-FOR-US: Solaris
CVE-2007-5460 (Microsoft ActiveSync 4.1, as used in Windows Mobile 5.0, uses weak ...)
	NOT-FOR-US: Microsoft ActiveSync
CVE-2007-5459 (Cross-site scripting (XSS) vulnerability in the sidebar HTML page in ...)
	NOT-FOR-US: MouseoverDictionary
CVE-2007-5458 (SQL injection vulnerability in index.php in the newsletter module 1.0 ...)
	NOT-FOR-US: KwsPHP
CVE-2007-5457 (Multiple PHP remote file inclusion vulnerabilities in Michael Dempfle ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5456 (Microsoft Internet Explorer 7 and earlier allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5455 (Cross-site scripting (XSS) vulnerability in wxis.exe in WWWISIS 7.1 ...)
	NOT-FOR-US: WWWISIS
CVE-2007-5454 (Directory traversal vulnerability in index.php in PHP File Sharing ...)
	NOT-FOR-US: PHP File Sharing
CVE-2007-5453 (Multiple eval injection vulnerabilities in Php-Stats 0.1.9.2 allow ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5452 (Multiple SQL injection vulnerabilities in php-stats.recjs.php in ...)
	NOT-FOR-US: Php-Stats
CVE-2007-5451 (PHP remote file inclusion vulnerability in admin.color.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5450 (Unspecified vulnerability in Safari on the Apple iPod touch (aka ...)
	NOT-FOR-US: Apple firmware
CVE-2007-5449 (SQL injection vulnerability in searchresult.php in Softbiz Recipes ...)
	NOT-FOR-US: Softbiz Recipes Portal Script
CVE-2007-5448 (Madwifi 0.9.3.2 and earlier allows remote attackers to cause a denial ...)
	- madwifi 1:0.9.3.2-2 (medium; bug #446824)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch2
CVE-2007-5447 (ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP ...)
	NOT-FOR-US: ionCube
CVE-2007-5446 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: PBEmail
CVE-2007-5445 (Buffer overflow in the DB Software Laboratory VImpX (VImpAX1) ActiveX ...)
	NOT-FOR-US: VImpX
CVE-2007-5444 (CMS Made Simple 1.1.3.1 allows remote attackers to obtain the full ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5443 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5442 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5441 (CMS Made Simple 1.1.3.1 does not check the permissions assigned to ...)
	NOT-FOR-US: CMS Made Simpe
CVE-2007-5440 (** DISPUTED ** ...)
	NOT-FOR-US: Crs Manager
CVE-2007-5439 (CA (formerly Computer Associates) eTrust ITM (Threat Manager) 8.1 ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5438 (Unspecified vulnerability in a certain ActiveX control in Reconfig.DLL ...)
	- vmware-package <not-affected> (Windows only)
CVE-2007-5437 (The web console in CA (formerly Computer Associates) eTrust ITM ...)
	NOT-FOR-US: eTrust ITM
CVE-2007-5436 (Buffer overflow in a certain ActiveX control in ScanObjectBrowser.DLL ...)
	NOT-FOR-US: G DATA Antivirus
CVE-2007-5435 (Unspecified vulnerability in CA ERwin Process Modeler (formerly ...)
	NOT-FOR-US: CA ERwin Process Modeler
CVE-2007-5434 (Cross-site scripting (XSS) vulnerability in PRO-search 0.17.1 and ...)
	NOT-FOR-US: PRO-search
CVE-2007-5433 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Site-Up
CVE-2007-5432 (Stride 1.0 has a default administrator username of &quot;scott&quot; with the ...)
	NOT-FOR-US: Stride
CVE-2007-5431 (include/imageupload.js in the MyFTPUploader module in Stride 1.0 ...)
	NOT-FOR-US: Stride module
CVE-2007-5430 (Multiple SQL injection vulnerabilities in Stride 1.0 allow remote ...)
	NOT-FOR-US: Stride
CVE-2007-5429 (Cross-site scripting (XSS) vulnerability in index.php in Nucleus 3.01 ...)
	NOT-FOR-US: Nucleus
CVE-2007-5428 (Cross-site scripting (XSS) vulnerability in UMI CMS allows remote ...)
	NOT-FOR-US: UMI CMS
CVE-2007-5427 (Cross-site scripting (XSS) vulnerability in the com_search component ...)
	NOT-FOR-US: Joomla
CVE-2007-5426 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveKB NX ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5425 (SQL injection vulnerability in admin/index.php in Interspire ActiveKB ...)
	NOT-FOR-US: ActiveKB NX
CVE-2007-5424 (The disable_functions feature in PHP 4 and 5 allows attackers to ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: if the function is blacklisted but not its alias it is a configuration
	NOTE: issue of the site not a vulnerability in php
CVE-2007-5423 (tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to ...)
	- tikiwiki <removed>
CVE-2007-5422 (Unspecified vulnerability in &quot;Solaris Auditing&quot; in the Basic Security ...)
	NOT-FOR-US: Solaris Auditing
CVE-2007-5421
	REJECTED
CVE-2007-5420 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when remote ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5419 (The 3Com 3CRWER100-75 router with 1.2.10ww software, when enabling an ...)
	NOT-FOR-US: 3Com 3CRWER100-75
CVE-2007-5418 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 2G 2.2 ...)
	NOT-FOR-US: CARE2X
CVE-2007-5417 (Directory traversal vulnerability in index.php in boastMachine (aka ...)
	NOT-FOR-US: boastMachine
CVE-2007-5416 (Drupal 5.2 and earlier does not properly unset variables when the ...)
	- drupal5 <unfixed> (unimportant; bug #446887)
	- drupal <unfixed> (unimportant)
	NOTE: The underlying PHP issue has been fixed in DSA 1206.
	NOTE: Plus, register_globals is not supported in Debian
CVE-2007-5415 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 2.0, when ...)
	- iceweasel <removed> (unimportant)
	NOTE: if you are on a site which allows UTF-7 sure you need to sanitize the
	NOTE: equivalent strings in UTF-7
	NOTE: referring to the mozilla security team this is a non-issue and a duplicate of
	NOTE: CVE-2007-5414, mailed mitre
CVE-2007-5414 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	- iceweasel 2.0+dfsg-1
CVE-2007-5413 (httpd.tkd in Radia Integration Server in Hewlett-Packard (HP) OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2007-5412 (Multiple PHP remote file inclusion vulnerabilities in the Quoc-Huy MP3 ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5411 (Cross-site scripting (XSS) vulnerability in the Linksys SPA941 VoIP ...)
	NOT-FOR-US: Linksys
CVE-2007-5410 (PHP remote file inclusion vulnerability in admin.wmtrssreader.php in ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5409 (PHP remote file inclusion vulnerability in admin/nuseo_admin_d.php in ...)
	NOT-FOR-US: NuSEO
CVE-2007-5408 (SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows ...)
	NOT-FOR-US: cpDynaLinks
CVE-2007-5407 (Multiple PHP remote file inclusion vulnerabilities in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5406 (kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the Applix Presents reader in ...)
	NOT-FOR-US: KeyView
CVE-2007-5405 (Multiple buffer overflows in kpagrdr.dll 2.0.0.2 and 10.3.0.0 in the ...)
	NOT-FOR-US: KeyView
CVE-2007-5404 (Layton HelpBox 3.7.1 generates different responses depending on ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5403 (Multiple cross-site scripting (XSS) vulnerabilities in Layton HelpBox ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5402 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.7.1 allow ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5401 (Unrestricted file upload vulnerability in uploadrequest.asp in Layton ...)
	NOT-FOR-US: Layton HelpBox
CVE-2007-5400 (Heap-based buffer overflow in the Shockwave Flash (SWF) frame handling ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5399 (Multiple heap-based buffer overflows in emlsr.dll in the EML reader in ...)
	NOT-FOR-US: KeyView
CVE-2007-5398 (Stack-based buffer overflow in the reply_netbios_packet function in ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high)
CVE-2007-5397 (Heap-based buffer overflow in the activePDF Server service (aka ...)
	NOT-FOR-US: activePDF Server
CVE-2007-5396 (Format string vulnerability in the ext_yahoo_contact_added function in ...)
	NOT-FOR-US: Miranda
CVE-2007-5395 (Stack-based buffer overflow in the separate_word function in ...)
	{DSA-1432-1}
	- link-grammar 4.2.5-1 (medium; bug #450695)
CVE-2007-5394 (Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5393 (Heap-based buffer overflow in the CCITTFaxStream::lookChar method in ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DSA-1408-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-5392 (Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (we use xpdf-utils in sarge and poppler-utils since etch to not embedd this code)
	NOTE: cups uses xpdf-utils and poppler-utils
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...)
	NOT-FOR-US: ProxyView
CVE-2003-1356 (The &quot;file handling&quot; in sort in HP-UX 10.01 through 10.20, and 11.00 ...)
	NOT-FOR-US: HP-UX
CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 ...)
	NOT-FOR-US: Battlefield
CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...)
	NOT-FOR-US: Battlefield
CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...)
	NOT-FOR-US: Outreach
CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...)
	- gabber 0.8.8-1
	- gabber2 <not-affected> (No code to send data to update@jabber.org)
CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...)
	NOT-FOR-US: EditTag
CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...)
	NOT-FOR-US: List Site Pro 2.0
CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...)
	NOT-FOR-US: NITE ftp-server
CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...)
	NOT-FOR-US: Guestbook
CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 ...)
	NOT-FOR-US: Geeklog
CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 ...)
	NOT-FOR-US: DWL-900AP
CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...)
	NOT-FOR-US: WebCollection
CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote ...)
	NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 ...)
	NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows ...)
	NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Moby NetSuite
CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c ...)
	NOT-FOR-US: libcgi
	NOTE: this is another libcgi than the one we ship
CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...)
	NOT-FOR-US: pWins
CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...)
	- phpbb2 2.0.13-6sarge3
	NOTE: might be fixed in prior versions
CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...)
	- linux-2.6 <not-affected> (Fixed before initial upload into the archive, during 2.4)
CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...)
	- libsieve <not-affected> (was fixed in 2.1.3 before debian version was uploaded)
CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and ...)
	NOT-FOR-US: Thatware
CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos ...)
	NOT-FOR-US: Marcos Luiz Onisto
CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 ...)
	NOT-FOR-US: Sybase
CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows ...)
	NOT-FOR-US: News Evolution
CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...)
	NOT-FOR-US: Netscape
CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 ...)
	NOT-FOR-US: Mambo
	NOTE: mambo is in experimental
CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before ...)
	NOT-FOR-US: VisNetic Website
CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a ...)
	NOT-FOR-US: NetBSD ftpd
CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...)
	NOT-FOR-US: Akfingerd
CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...)
	NOT-FOR-US: Akfingerd
CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file ...)
	NOT-FOR-US: Apple Package Manager of KisMAC
CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before ...)
	NOT-FOR-US: Deerfield VisNetic WebSite
CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows ...)
	NOT-FOR-US: MyServer
CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...)
	NOT-FOR-US: Cisco
CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...)
	NOT-FOR-US: Kunani ODBC FTP Server
CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: tftp32 TFTP
CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy ...)
	NOT-FOR-US: apt-www-proxy
CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...)
	NOT-FOR-US: vBulletin
CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...)
	NOT-FOR-US: Enceladus Server Suite
CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...)
	NOT-FOR-US: Enceladus Server Suite
CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
	NOT-FOR-US: Ikonboard
CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows ...)
	NOT-FOR-US: Ikonboard
CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...)
	NOT-FOR-US: WebReflex
CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...)
	- mailscanner 4.22.5-1
CVE-2007-5461 (Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-2 (low; bug #448664)
	- tomcat5 <removed>
	NOTE: patch: http://mail-archives.apache.org/mod_mbox/tomcat-users/200710.mbox/%3C47135C2D.1000705@apache.org%3E
CVE-2007-5391 (Unspecified vulnerability in HP Select Identity 4.01 through 4.01.010 ...)
	NOT-FOR-US: HP Select Identity
CVE-2007-5390 (PHP remote file inclusion vulnerability in index.php in PicoFlat CMS ...)
	NOT-FOR-US: PicoFlat
CVE-2007-5389 (** DISPUTED ** ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5388 (Multiple PHP remote file inclusion vulnerabilities in WebDesktop 0.1 ...)
	NOT-FOR-US: WebDesktop
CVE-2007-5387 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Pindorama
CVE-2007-5386 (Cross-site scripting (XSS) vulnerability in scripts/setup.php in ...)
	{DSA-1403-1}
	- phpmyadmin 4:2.11.1.2-1 (bug #446451)
	[sarge] - phpmyadmin <not-affected> (vulnerable script not present)
CVE-2007-5385 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5384 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5383 (The Thomson/Alcatel SpeedTouch 7G router, as used for the BT Home Hub ...)
	NOT-FOR-US: Thomson/Alcatel SpeedTouch 7G router
CVE-2007-5382 (The conversion utility for converting CiscoWorks Wireless LAN Solution ...)
	NOT-FOR-US: CiscoWorks
CVE-2007-5381 (Stack-based buffer overflow in the Line Printer Daemon (LPD) in Cisco ...)
	NOT-FOR-US: Line Printer Daemon (LPD) Cisco
CVE-2007-5380 (Session fixation vulnerability in Rails before 1.2.4, as used for Ruby ...)
	- rails 1.2.5-1
CVE-2007-5379 (Rails before 1.2.4, as used for Ruby on Rails, allows remote attackers ...)
	- rails 1.2.5-1
	[etch] - rails <not-affected> (Vulnerable code not present)
CVE-2007-5378 (Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk ...)
	{DSA-1743-1 DSA-1416-1 DSA-1415-1}
	- tk8.3 8.3.5-10 (medium; bug #446465)
	- tk8.4 8.4.16-1 (medium)
	- libtk-img 1.3-release-8 (medium)
CVE-2007-5377 (The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file ...)
	- tramp <not-affected> (the version we ship still uses make-temp-file)
	- emacs22 <not-affected> (the version we ship still uses make-temp-file)
CVE-2007-5376
	RESERVED
CVE-2007-5375 (Interpretation conflict in the Sun Java Virtual Machine (JVM) allows ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5374 (cp_memberedit.php in LightBlog 8.4.1.1 does not check for ...)
	NOT-FOR-US: LightBlog
CVE-2007-5373 (ldapscripts 1.4 and 1.7 sends a password as a command line argument ...)
	{DSA-1517-1 DTSA-68-1}
	- ldapscripts 1.7.1-2 (bug #445582; medium)
CVE-2007-5372 (Multiple SQL injection vulnerabilities in (a) LedgerSMB 1.0.0 through ...)
	- sql-ledger <unfixed> (unimportant; bug #446366)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-5371 (Multiple SQL injection vulnerabilities in mutate_content.dynamic.php ...)
	NOT-FOR-US: MODx
CVE-2007-5370 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: NetWin
CVE-2007-5369 (The GetMagicNumberString function in Massive Entertainment World in ...)
	NOT-FOR-US: conflict
CVE-2007-5368 (Multiple unspecified vulnerabilities in labeld in Trusted Extensions ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5367 (Unspecified vulnerability in the Virtual File System (VFS) in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5366 (The Tomcat 4.1-based Servlet Service in Fujitsu Interstage Application ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-5365 (Stack-based buffer overflow in the cons_options function in options.c ...)
	{DSA-1388-3 DSA-1388-1}
	- dhcp 2.0pl5dfsg1-20.2 (medium; bug #446354)
	- dhcp3 <not-affected> (dhcp3 does enforce a fixed minimum paket size if it is lower, see line 513 in options.c)
	NOTE: dhcp has a request for removal #446386
CVE-2007-5364 (** DISPUTED ** ...)
	NOT-FOR-US: ViArt Shopping Cart
CVE-2007-5363 (PHP remote file inclusion vulnerability in admin.panoramic.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5362 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: Joomla! and mambo extension
CVE-2007-5361 (The Communication Server in Alcatel-Lucent OmniPCX Enterprise 7.1 and ...)
	NOT-FOR-US: Alcatel-Lucent OmniPCX Enterprise
CVE-2007-5360 (Buffer overflow in OpenPegasus Management server, when compiled to use ...)
	NOT-FOR-US: OpenPegasus Management server
CVE-2007-5359
	RESERVED
CVE-2007-5358 (Multiple buffer overflows in the voicemail functionality in Asterisk ...)
	- asterisk 1:1.4.13~dfsg-1 (medium)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
CVE-2007-5357
	REJECTED
CVE-2007-5356
	REJECTED
CVE-2007-5355 (The Web Proxy Auto-Discovery (WPAD) feature in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5354
	REJECTED
CVE-2007-5353
	REJECTED
CVE-2007-5352 (Unspecified vulnerability in Local Security Authority Subsystem ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-5351 (Unspecified vulnerability in Server Message Block Version 2 (SMBv2) ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5350 (Unspecified vulnerability in the Windows Advanced Local Procedure Call ...)
	NOT-FOR-US: Microsoft Vista
CVE-2007-5349
	REJECTED
CVE-2007-5348 (Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5347 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5346
	REJECTED
CVE-2007-5345
	REJECTED
CVE-2007-5344 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5343
	REJECTED
CVE-2007-5342 (The default catalina.policy in the JULI logging component in Apache ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-4 (low; bug #458237)
	- tomcat5 <not-affected> (Vulnerable code not present)
CVE-2007-5341 (Remote code execution in the Venkman script debugger in Mozilla ...)
	- iceweasel 2.0.0.8-1
CVE-2007-5340 (Multiple vulnerabilities in the Javascript engine in Mozilla Firefox ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5 (high)
	NOTE: MFSA2007-29
CVE-2007-5339 (Multiple vulnerabilities in Mozilla Firefox before 2.0.0.8, ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DSA-1391-1 DTSA-69-1 DTSA-71-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (high)
	- xulrunner 1.8.1.9-1 (bug #447734; high)
	- icedove 2.0.0.9-1 (low)
	- iceape 1.1.5
	NOTE: MFSA2007-29
CVE-2007-5338 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 allow remote ...)
	{DSA-1534-2 DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-35
CVE-2007-5337 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5, when ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-34
CVE-2007-5336
	REJECTED
CVE-2007-5335 (Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain ...)
	{DSA-1396-1}
	- iceweasel 2.0.0.8-1 (low)
	NOTE: Firefox 2.0-specific issue, doesn't affect xulrunner, iceape or icedove
	NOTE: not mentioned in debian changelog, but mozilla #390983 confirms it went into 2.0.0.8
CVE-2007-5334 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 can hide the ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-33
CVE-2007-5333 (Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 ...)
	- tomcat5.5 5.5.26-1 (low; bug #465645)
	- tomcat5 <removed>
CVE-2007-5332 (Multiple unspecified vulnerabilities in (1) mediasvr and (2) caloggerd ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5331 (Queue.dll for the message queuing service (LQserver.exe) in CA ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5330 (The cadbd RPC service in CA BrightStor ARCServe BackUp v9.01 through ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5329 (Unspecified vulnerability in dbasvr in CA BrightStor ARCServe BackUp ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5328 (The Message Engine RPC service in CA BrightStor ARCServe BackUp v9.01 ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5327 (Stack-based buffer overflow in the RPC interface for the Message ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5326 (Multiple buffer overflows in (1) RPC and (2) rpcx.dll in CA BrightStor ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5325 (Multiple buffer overflows in (1) the Message Engine and (2) AScore.dll ...)
	NOT-FOR-US: ARCServe BackUp
CVE-2007-5324
	REJECTED
CVE-2007-5323 (The RepliStor Server Service in EMC Replistor 6.1.3 allows remote ...)
	NOT-FOR-US: RepliStor Server Service
CVE-2007-5322 (Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-5321 (Directory traversal vulnerability in index.php in Verlihub Control ...)
	NOT-FOR-US: Verlihub Control Panel
CVE-2007-5320 (Multiple absolute path traversal vulnerabilities in Pegasus Imaging ...)
	NOT-FOR-US: Imaging ImagXpress
CVE-2007-5319 (Unspecified vulnerability in the vuidmice STREAMS modules in Sun ...)
	NOT-FOR-US: Solaris
CVE-2007-5318 (Unspecified vulnerability in preview.php in TYPOlight webCMS 2.4.6 ...)
	NOT-FOR-US: Typolight webCMS
CVE-2007-5317
	REJECTED
CVE-2007-5316 (SQL injection vulnerability in browsecats.php in Softbiz Jobs and ...)
	NOT-FOR-US: Softbiz Jobs
CVE-2007-5315 (PHP remote file inclusion vulnerability in common.php in LiveAlbum ...)
	NOT-FOR-US: LiveAlbum
CVE-2007-5314 (PHP remote file inclusion vulnerability in system/funcs/xkurl.php in ...)
	NOT-FOR-US: xKiosk WEB
CVE-2007-5313 (PHP remote file inclusion vulnerability in install/config.php in ...)
	NOT-FOR-US: Picturesolution
CVE-2007-5312 (Cross-site scripting (XSS) vulnerability in TorrentTrader Classic 1.07 ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5311 (Directory traversal vulnerability in backend/admin-functions.php in ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5310 (PHP remote file inclusion vulnerability in admin.wmtportfolio.php in ...)
	NOT-FOR-US: TorrentTrader Classic
CVE-2007-5309 (PHP remote file inclusion vulnerability in admin.wmtgallery.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5308 (SQL injection vulnerability in galerie.php in PHP Homepage M (phpHPm) ...)
	NOT-FOR-US: phpHPm)
CVE-2007-5307 (ELSEIF CMS Beta 0.6 does not properly unset variables when the input ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5306 (ELSEIF CMS Beta 0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5305 (Multiple PHP remote file inclusion vulnerabilities in ELSEIF CMS Beta ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5304 (Multiple cross-site scripting (XSS) vulnerabilities in ELSEIF CMS Beta ...)
	NOT-FOR-US: ELSEIF CMS
CVE-2007-5303 (Cross-site scripting (XSS) vulnerability in news_page.php in SnewsCMS ...)
	NOT-FOR-US: SnewsCMS
CVE-2007-5302 (Multiple cross-site scripting (XSS) vulnerabilities in HP System ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-5300 (Off-by-one error in the do_login_loop function in ...)
	{DSA-1452-1}
	- wzdftpd 0.8.2-2.1 (medium; bug #446192)
CVE-2007-5299 (Multiple directory traversal vulnerabilities in SkaDate 5.0 and 6.0, ...)
	NOT-FOR-US: SkaDate
CVE-2007-5298 (Multiple PHP remote file inclusion vulnerabilities in CMS Creamotion ...)
	NOT-FOR-US: CMS Creamotion
CVE-2007-5297 (Cross-site scripting (XSS) vulnerability in index.php in Minki 1.30 ...)
	NOT-FOR-US: Minki
CVE-2007-5296 (Multiple cross-site scripting (XSS) vulnerabilities in dblisttest.asp ...)
	NOT-FOR-US: dbList
CVE-2007-5295 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Wikepage Opus
CVE-2007-5294 (PHP remote file inclusion vulnerability in core/aural.php in IDMOS ...)
	NOT-FOR-US: IDMOS
CVE-2007-5293 (Multiple cross-site scripting (XSS) vulnerabilities in IDMOS 1.0-beta ...)
	NOT-FOR-US: IDMOS
CVE-2007-5292 (Cross-site scripting (XSS) vulnerability in photos.cfm in Directory ...)
	NOT-FOR-US: Directory Image Gallery
CVE-2007-5291 (Cross-site scripting (XSS) vulnerability in Edit.asp in DB Manager 2.0 ...)
	NOT-FOR-US: DB Manager
CVE-2007-5290 (Multiple cross-site scripting (XSS) vulnerabilities in MailBee WebMail ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-5289 (HP Mercury Quality Center (QC) 9.2 and earlier, and possibly ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-5301 (Buffer overflow in the vorbis_stream_info function in ...)
	{DSA-1538-1 DTSA-66-1}
	- alsaplayer 0.99.80~rc4-1 (low; bug #446034)
CVE-2007-5288
	REJECTED
CVE-2007-5287
	REJECTED
CVE-2007-5286
	REJECTED
CVE-2007-5285
	REJECTED
CVE-2007-5284
	REJECTED
CVE-2007-5283 (The TSC Domain Manager in Hitachi TPBroker Object Transaction Monitor ...)
	NOT-FOR-US: Hitachi TPBroker
CVE-2007-5282 (Hitachi Cosminexus Agent 03-00 through 03-05, and Cosminexus Library ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5281 (The Java Secure Socket Extension (JSSE) in the Hitachi Cosminexus ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-5280 (Multiple cross-site scripting (XSS) vulnerabilities in messages.jsp in ...)
	NOT-FOR-US: Appfuse
CVE-2007-5279 (Heap-based buffer overflow in ConeXware PowerArchiver before 10.20.21 ...)
	NOT-FOR-US: PowerArchiver
CVE-2007-5278 (Zomplog 3.8.1 and earlier stores potentially sensitive information ...)
	NOT-FOR-US: Zomplog
CVE-2007-5277 (Microsoft Internet Explorer 6 drops DNS pins based on failed ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-5276 (Opera 9 drops DNS pins based on failed connections to irrelevant TCP ...)
	NOT-FOR-US: Opera
CVE-2007-5275 (The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause ...)
	- flashplugin-nonfree 9.0.115.0.1 (bug #449110)
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2007-5274 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5273 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5272 (SQL injection vulnerability in kategori.asp in Furkan Tastan Blog ...)
	NOT-FOR-US: Furkan Tastan Blog
CVE-2007-5271 (Multiple PHP remote file inclusion vulnerabilities in Trionic Cite CMS ...)
	NOT-FOR-US: Trionic Cite CMS
CVE-2007-5270 (Unspecified vulnerability in the Boost module before 4.7.x-1.0, and ...)
	- drupal <not-affected> (does not ship this module)
CVE-2007-5269 (Certain chunk handlers in libpng before 1.0.29 and 1.2.x before 1.2.21 ...)
	- libpng 1.2.15~beta5-3 (low; bug #446308)
	[sarge] - libpng <no-dsa> (Minor issue)
	[etch] - libpng 1.2.15~beta5-1+etch2
CVE-2007-5268 (pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) ...)
	- libpng <not-affected> (Vulnerable code not present in Debian version, introduced in 1.2.19)
CVE-2007-5267 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5266 (Off-by-one error in ICC profile chunk handling in the png_set_iCCP ...)
	- libpng <not-affected> (vulnerable code not present)
	NOTE: the version in Debian does not use strncpy to copy the buffer so this off-by-one
	NOTE: is not present in this old version. Instead it allocates space for strlen(name)+1
	NOTE: and uses strcpy(new_iccp_name, name) which is not nice but safe
CVE-2007-5265 (Multiple format string vulnerabilities in websrv.cpp in Dawn of Time ...)
	NOT-FOR-US: Dawn of Time
CVE-2007-5264 (Battlefront Dropteam 1.3.3 and earlier sends the client's online ...)
	NOT-FOR-US: Battlefront
CVE-2007-5263 (Multiple buffer overflows in Battlefront Dropteam 1.3.3 and earlier ...)
	NOT-FOR-US: Battlefront
CVE-2007-5262 (Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 ...)
	NOT-FOR-US: Battlefront
CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has ...)
	NOT-FOR-US: Tincan Limited PHPlist
CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote ...)
	NOT-FOR-US: Mega Upload Progress Bar
CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in ...)
	NOT-FOR-US: Crystal Enterprise
CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the &quot;help window&quot; ...)
	- horde2 <removed>
CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ...)
	NOT-FOR-US: Zero board
CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...)
	NOT-FOR-US: NetSupport DNA HelpDesk
CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: Polar HelpDesk
CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier ...)
	NOT-FOR-US: P4DB
CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Netbilling
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 2.6.18-1
	NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions
CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, ...)
	NOT-FOR-US: PsTools
CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 ...)
	NOT-FOR-US: MailEnable
CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly ...)
	NOT-FOR-US: MailEnable
CVE-2007-5261 (Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote ...)
	NOT-FOR-US: MultiCart
CVE-2007-5260 (ASP-CMS 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: ASP-CMS
CVE-2007-5259 (Cross-site request forgery (CSRF) vulnerability in Ilient SysAid ...)
	NOT-FOR-US: SysAid
CVE-2007-5258 (PHP remote file inclusion vulnerability in log.php in phpFreeLog alpha ...)
	NOT-FOR-US: FreeLog
CVE-2007-5257 (Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-5256 (Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and ...)
	NOT-FOR-US: FSD
CVE-2007-5255 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google Mini Search Appliance
CVE-2007-5254 (VirusBlokAda Vba32 AntiVirus 3.12.2 uses weak permissions ...)
	NOT-FOR-US: VirusBlokAda Vba32 AntiVirus
CVE-2007-5253 (c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote ...)
	NOT-FOR-US: Cart32
CVE-2007-5252 (Buffer overflow in NetSupport Manager (NSM) Client 10.00 and 10.20, ...)
	NOT-FOR-US: NetSupport Manager/School Student
CVE-2007-5251 (Multiple cross-site scripting (XSS) vulnerabilities in Helm 3.2.16 ...)
	NOT-FOR-US: Helm
CVE-2007-5250 (The Windows dedicated server for the Unreal engine, as used by ...)
	NOT-FOR-US: Americas Army
CVE-2007-5249 (Multiple buffer overflows in the logging function in the Unreal ...)
	NOT-FOR-US: Americas Army
CVE-2007-5248 (Multiple format string vulnerabilities in the ID Software Doom 3 ...)
	NOT-FOR-US: Doom 3 engine
CVE-2007-5247 (Multiple format string vulnerabilities in the Monolith Lithtech ...)
	NOT-FOR-US: Monolith engine
CVE-2007-5246 (Multiple stack-based buffer overflows in Firebird LI 2.0.0.12748 and ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446472)
CVE-2007-5245 (Multiple stack-based buffer overflows in Firebird LI 1.5.3.4870 and ...)
	- firebird2.0 2.0.3.12981.ds1-1
	- firebird1.5 <removed> (medium; bug #446475)
CVE-2007-5244 (Stack-based buffer overflow in Borland InterBase LI 8.0.0.53 through ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5243 (Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-5242 (Unspecified vulnerability in (1) SYS$EI1000.EXE and (2) ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5241 (Buffer overflow in NET$CSMACD.EXE in HP OpenVMS 8.3 and earlier allows ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-5240 (Visual truncation vulnerability in the Java Runtime Environment in Sun ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5239 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5238 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier, JDK and JRE ...)
	- sun-java6 6-03-1 (unimportant)
	- sun-java5 1.5.0-13-1 (unimportant)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
	NOTE: Leaked information hardly sensitive
CVE-2007-5237 (Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not ...)
	- sun-java6 6-03-1 (medium)
	- sun-java5 1.5.0-13-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5236 (Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK ...)
	- sun-java6 <not-affected> (Windows only)
	- sun-java5 <not-affected> (Windows only)
	- openjdk-6 <not-affected> (Windows only)
CVE-2007-5235 (Cross-site scripting (XSS) vulnerability in index.php in Uebimiau ...)
	NOT-FOR-US: Uebimiau
CVE-2007-5234 (PHP remote file inclusion vulnerability in upload/common/footer.php in ...)
	NOT-FOR-US: Ossigeno CMS
CVE-2007-5233 (SQL injection vulnerability in index.php in Web Template Management ...)
	NOT-FOR-US: Web Template Management System
CVE-2007-5232 (Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 2 and ...)
	- sun-java6 6-03-1 (low)
	- sun-java5 1.5.0-13-1 (low)
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-5231 (Unrestricted file upload vulnerability in admin/upload_files.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-5230 (admin/upload_files.php in Zomplog 3.8.1 and earlier does not check for ...)
	NOT-FOR-US: Zomplog
CVE-2007-5229 (Cross-site request forgery (CSRF) vulnerability in the FeedBurner ...)
	NOT-FOR-US: FeedBurner FeedSmith wordpress plugin
CVE-2007-5228 (Cross-site scripting (XSS) vulnerability in the subscription ...)
	- drupal <not-affected> (does not shipt this module)
CVE-2007-5227 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: BlackBoard Learning System
CVE-2007-5226 (irc_server.c in dircproxy 1.2.0 and earlier allows remote attackers to ...)
	- dircproxy 1.0.5-5.1 (low; bug #445883)
	[sarge] - dircproxy <no-dsa> (Minor issue)
	[etch] - dircproxy 1.0.5-5etch1
CVE-2005-4871 (Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4870 (Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4869 (The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4868 (Shared memory sections and events in IBM DB2 8.1 have default ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4867 (Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4866 (Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4865 (Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4864 (Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4863 (Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...)
	NOT-FOR-US: Aztek Forum
CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause ...)
	NOT-FOR-US: Chat Anywhere
CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session ...)
	NOT-FOR-US: NessusWXdd
CVE-2004-2722 (** DISPUTED ** ...)
	- nessus-core <unfixed> (unimportant)
	NOTE: this is no security issue assuming correct permissions
CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public ...)
	NOT-FOR-US: openSkat
CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail ...)
	NOT-FOR-US: Foxmail
CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows ...)
	- wmaker 0.90-1
CVE-2004-2713 (** DISPUTED ** ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) ...)
	- pvpgn 1.6.4+20040826-1
CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...)
	- hastymail <removed>
CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...)
	NOT-FOR-US: Plesk
CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with ...)
	- imwheel 1.0.0pre12-1
CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...)
	NOT-FOR-US: InvScoutd
CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code ...)
	NOT-FOR-US: vBulletin
CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Outlook
CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries ...)
	NOT-FOR-US: HP-UX
CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe ...)
	NOT-FOR-US: php-exec-dir patch
CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with ...)
	NOT-FOR-US: 3Com firmware
CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP ...)
	NOT-FOR-US: NewsPHP
CVE-2001-1585 (SSH protocol 2 (aka SSH-2) public key authentication in the ...)
	- openssh <not-affected> (fixed in 2001)
CVE-2001-1584 (CardBoard 2.4 greeting card CGI by Michael Barretto allows remote ...)
	NOT-FOR-US: CardBoard
CVE-2007-5225 (Integer signedness error in FIFO filesystems (named pipes) on Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-5224 (inc/exif.inc.php in Original Photo Gallery 0.11.2 and earlier allows ...)
	NOT-FOR-US: Original Photo Gallery
CVE-2007-5223 (Multiple unspecified vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-5222 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...)
	NOT-FOR-US: MAXdev
CVE-2007-5221 (PHP remote file inclusion vulnerability in mail/childwindow.inc.php in ...)
	NOT-FOR-US: Poppawid
CVE-2007-5220 (SQL injection vulnerability in catalog.asp in ASP Product Catalog ...)
	NOT-FOR-US: ASP Product Catalog
CVE-2007-5219 (Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ...)
	NOT-FOR-US: CyberLink Power DVD
CVE-2007-5218 (Cross-site scripting (XSS) vulnerability in index.php in Don Barnes ...)
	NOT-FOR-US: Don Barnes DRBGuestbook
CVE-2007-5217 (Stack-based buffer overflow in the ADM4 ActiveX control in adm4.dll in ...)
	NOT-FOR-US: Altnet Download Manager
CVE-2007-5216 (Multiple PHP remote file inclusion vulnerabilities in eArk (e-Ark) 1.0 ...)
	NOT-FOR-US: eArk
CVE-2007-5215 (Multiple PHP remote file inclusion vulnerabilities in Jacob Hinkle ...)
	NOT-FOR-US: GodSend
CVE-2007-5214 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5213 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5212 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 2100 ...)
	NOT-FOR-US: Axis Network Camera
CVE-2007-5211 (Multiple cross-site scripting (XSS) vulnerabilities in Arbor Networks ...)
	NOT-FOR-US: Peakflow
CVE-2007-5210 (Arbor Networks Peakflow SP before 3.5.1 patch 14, and 3.6.x before ...)
	NOT-FOR-US: Peakflow
CVE-2007-5209 (Stack-based buffer overflow in DriveLock.exe in CenterTools DriveLock ...)
	NOT-FOR-US: CenterTools
CVE-2007-5208 (hpssd in Hewlett-Packard Linux Imaging and Printing Project (hplip) ...)
	{DSA-1462-1 DTSA-72-1}
	- hplip 1.6.10-4.3 (medium; bug #447341)
	[sarge] - hplip <not-affected> (This code was using smtp directly)
CVE-2007-5206
	RESERVED
CVE-2007-5205
	RESERVED
CVE-2007-5204
	RESERVED
CVE-2007-5203
	RESERVED
CVE-2007-5202
	RESERVED
CVE-2007-5201 (The FTP backend for Duplicity before 0.4.9 sends the password as a ...)
	- duplicity 0.4.3-2 (low; bug #442840)
	[etch] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	[sarge] - duplicity <not-affected> (Vulnerable code introduced in 0.4.3)
	NOTE: ftp is an inherently insecure protocol, any security-sensitive data would
	NOTE: be transferred through the scp, sftp or rsync backends.
	NOTE: http://lists.debian.org/debian-release/2008/01/msg00190.html
CVE-2007-5200 (hugin, as used on various operating systems including SUSE openSUSE ...)
	{DTSA-74-1}
	- hugin 0.6.1-1.1 (low; bug #447344)
	[etch] - hugin <no-dsa> (Minor issue)
CVE-2007-5199 (A single byte overflow in catalogue.c in X.Org libXfont 1.3.1 allows ...)
	- libxfont 1:1.3.2-1
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=327854
	NOTE: https://cgit.freedesktop.org/xorg/lib/libXfont/commit/?id=5bf703700ee4a5d6eae20da07cb7a29369667aef
CVE-2007-5198 (Buffer overflow in the redir function in check_http.c in Nagios ...)
	{DSA-1495-1 DTSA-67-1}
	- nagios-plugins 1.4.8-2.2 (low; bug #445475)
	NOTE: Requires the webserver, which has to be checked, to be compromised
CVE-2007-5197 (Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and ...)
	{DSA-1397-1 DTSA-76-1}
	- mono 1.2.5.1-2
CVE-2007-5196 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5195 (Unspecified vulnerability in the SSL implementation in Groupwise ...)
	NOT-FOR-US: novell-groupwise-client
CVE-2007-5194 (The Chroot server in rMake 1.0.11 creates a /dev/zero device file with ...)
	NOT-FOR-US: rMake
CVE-2007-5192
	RESERVED
CVE-2007-5191 (mount and umount in util-linux and loop-aes-utils call the setuid and ...)
	{DSA-1450-1 DSA-1449-1 DTSA-64-1 DTSA-70-1}
	- util-linux 2.13-8 (low)
	- loop-aes-utils 2.13-2 (low)
CVE-2007-5190 (Multiple cross-site scripting (XSS) vulnerabilities in Alcatel ...)
	NOT-FOR-US: Alcatel OmniVista
CVE-2007-5189 (Multiple SQL injection vulnerabilities in mes_add.php in x-script ...)
	NOT-FOR-US: X-Script
CVE-2007-5188 (Unspecified vulnerability in the XOOPS uploader class in Xoops ...)
	NOT-FOR-US: Xoops
CVE-2007-5187 (SQL injection vulnerability in ...)
	NOT-FOR-US: Php-Fusion
CVE-2007-5186 (PHP remote file inclusion vulnerability in index.php in Segue CMS ...)
	NOT-FOR-US: Segue CMS
CVE-2007-5185 (Multiple PHP remote file inclusion vulnerabilities in phpWCMS XT 0.0.7 ...)
	NOT-FOR-US: phpWCMS XT
CVE-2007-5184 (Format string vulnerability in the SMBDirList function in dirlist.c in ...)
	NOT-FOR-US: smbFtpd
CVE-2007-5183 (Cross-site scripting (XSS) vulnerability in Mailbox.mws in ...)
	NOT-FOR-US: OdysseySuite
CVE-2007-5182 (Cross-site scripting (XSS) vulnerability in mail.asp in Netkamp Emlak ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5181 (SQL injection vulnerability in detay.asp in Netkamp Emlak Scripti ...)
	NOT-FOR-US: Netkamp Emlak Scripti
CVE-2007-5180 (Multiple SQL injection vulnerabilities in Ohesa Emlak Portali allow ...)
	NOT-FOR-US: Ohesa Emlak Portali
CVE-2007-5179 (Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in ...)
	NOT-FOR-US: Iletisim Formu
CVE-2007-5178 (contrib/mx_glance_sdesc.php in the mx_glance 2.3.3 module for mxBB ...)
	NOT-FOR-US: mxBB
CVE-2007-5177 (SQL injection vulnerability in index.php in the MambAds (com_mambads) ...)
	NOT-FOR-US: Mambo extension
CVE-2007-5176 (Multiple cross-site scripting (XSS) vulnerabilities in GroupLink ...)
	NOT-FOR-US: eHelpDesk
CVE-2007-5175 (PHP remote file inclusion vulnerability lib/base.php in actSite 1.991 ...)
	NOT-FOR-US: actSite
CVE-2007-5174 (Directory traversal vulnerability in phpinc/news.php in actSite 1.56 ...)
	NOT-FOR-US: actSite
CVE-2007-5173 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB Openid
CVE-2007-5207 (guilt 0.27 allows local users to overwrite arbitrary files via a ...)
	- guilt 0.27-1.2 (medium; bug #445308)
CVE-2007-5193 (The default configuration for twiki 4.1.2 on Debian GNU/Linux, and ...)
	- twiki 1:4.1.2-3 (bug #444982; low)
	[etch] - twiki <no-dsa> (Minor packaging flaw, doesn't warrant an update)
CVE-2007-5172 (Quicksilver Forums before 1.4.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5171 (Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2007-5170 (Unspecified vulnerability in the embedded service processor (SP) ...)
	NOT-FOR-US: Sun Fire
CVE-2007-5169 (Stack-based buffer overflow in MAIPM6.dll in Adobe PageMaker 7.0.1 and ...)
	NOT-FOR-US: Adobe PageMaker
CVE-2007-5168 (Multiple PHP remote file inclusion vulnerabilities in ClanLite ...)
	NOT-FOR-US: Clan lite
CVE-2007-5167 (PHP remote file inclusion vulnerability in .systeme/fonctions.php in ...)
	NOT-FOR-US: phpLister
CVE-2007-5166 (Multiple PHP remote file inclusion vulnerabilities in SiteSys 1.0a ...)
	NOT-FOR-US: SiteSys
CVE-2007-5165 (** DISPUTED ** ...)
	NOT-FOR-US: myIpacNG-stats
CVE-2007-5164 (** DISPUTED ** ...)
	NOT-FOR-US: UniversiBO
CVE-2007-5163 (** DISPUTED ** ...)
	NOT-FOR-US: nexty
CVE-2007-5162 (The connect method in lib/net/http.rb in the (1) Net::HTTP and (2) ...)
	{DSA-1412-1 DSA-1411-1 DSA-1410-1}
	- ruby1.9 1.9.0+20071016-1 (low)
	- ruby1.8 1.8.6.111-1 (low; bug #444929)
	NOTE: fix for 1.8 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=rev&revision=13504
CVE-2007-5161 (Cross-zone scripting vulnerability in the internal browser in ...)
	NOT-FOR-US: Feedreader 3
	NOTE: editor not included in native wordpress
CVE-2007-5160 (Multiple PHP remote file inclusion vulnerabilities in Thierry Leriche ...)
	NOT-FOR-US: Thierry Leriche Restaurant Management System
CVE-2007-5159 (The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g ...)
	- ntfs-3g 1:1.913-2 (medium; bug #445315)
CVE-2007-5158 (The focus handling for the onkeydown event in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-5157 (PHP remote file inclusion vulnerability in phfito-post.php in Alex ...)
	NOT-FOR-US: PHP Fidonet Tosser
CVE-2007-5156 (Incomplete blacklist vulnerability in ...)
	- knowledgeroot 0.9.8.4-1.1 (unimportant; bug #444928)
	- moin 1.5.8-4.1 (unimportant)
	NOTE: This problem should rather be addressed by proper httpd config
	NOTE: The change only adds a workaround for insecure configs
	- karrigell <not-affected> (Does not include vulnerable php code)
	- gforge 4.6.99+svn6169-1 (low; bug #447590)
	[etch] - gforge <not-affected> (fckeditor is not shipped in these versions)
	[sarge] - gforge <not-affected> (fckeditor is not shipped in these versions)
CVE-2007-5155 (IceGUI.DLL in ICEOWS 4.20b invokes a function with incorrect ...)
	NOT-FOR-US: ICEOWS
CVE-2007-5154 (Session fixation vulnerability in Aipo and Aipo ASP 3.0.1.0 and ...)
	NOT-FOR-US: Aipo
CVE-2007-5153 (Unspecified vulnerability in Sun Java System Access Manager 7.1, when ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5152 (Sun Java System Access Manager 7.1, when installed in a Sun Java ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-5151 (SQL injection vulnerability in the abget_admin function in ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5150 (SQL injection vulnerability in the is_god function in ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-5149 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: North Country Public Radio Public Media Manager
CVE-2007-5148 (** DISPUTED ** ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-5147 (Multiple PHP remote file inclusion vulnerabilities in Puzzle Apps CMS ...)
	NOT-FOR-US: Puzzle Apps CMS
CVE-2007-5146 (Multiple PHP remote file inclusion vulnerabilities in dedi-group Der ...)
	NOT-FOR-US: Der Dirigent
CVE-2007-5145 (Multiple buffer overflows in system DLL files in Microsoft Windows XP, ...)
	NOT-FOR-US: Windows XP
CVE-2007-5144 (Buffer overflow in the GDI engine in Windows Live Messenger, as used ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2007-5143 (F-Secure Anti-Virus for Windows Servers 7.0 64-bit edition allows ...)
	NOT-FOR-US: Anti-Virus for Windows Servers
CVE-2007-5142 (Cross-site scripting (XSS) vulnerability in buscar.asp in Solidweb ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5141 (SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta ...)
	NOT-FOR-US: SiteX
CVE-2007-5140 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: IntegraMOD Nederland
CVE-2007-5139 (PHP remote file inclusion vulnerability in admin/include/header.php in ...)
	NOT-FOR-US: Chupix
CVE-2007-5138 (PHP remote file inclusion vulnerability in forum/forum.php in ...)
	NOT-FOR-US: lustig.cms
CVE-2007-5137 (Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl ...)
	{DSA-1743-1}
	- tk8.4 8.4.16-1
	[etch] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	[sarge] - tk8.4 <not-affected> (Vulnerability was introduced in 8.4.13)
	- tk8.3 <not-affected> (Vulnerability was introduced in 8.4.13)
	- libtk-img 1.3-release-8
CVE-2007-5136 (Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5134 (Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-5133 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-5132 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2007-5131 (SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x ...)
	NOT-FOR-US: ActiveKB
CVE-2007-5130 (SimpGB 1.46.02 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SimpGB
CVE-2007-5129 (SimpGB 1.46.02 stores sensitive information under the web root with ...)
	NOT-FOR-US: SimpGB
CVE-2007-5128 (SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows ...)
	NOT-FOR-US: SimpNews
CVE-2007-5127 (Multiple cross-site scripting (XSS) vulnerabilities in SimpGB 1.46.02 ...)
	NOT-FOR-US: SimpGB
CVE-2007-5126 (Unspecified vulnerability in the client in Symantec Veritas Backup ...)
	NOT-FOR-US: Symantec Veritas Backup Exec
CVE-2007-5125
	REJECTED
CVE-2007-5124 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Messenger
CVE-2007-5123 (SQL injection vulnerability in notas.asp in Novus 1.0 allows remote ...)
	NOT-FOR-US: Solidweb Novus
CVE-2007-5122 (SQL injection vulnerability in store_info.php in SoftBiz Classifieds ...)
	NOT-FOR-US: SoftBiz Classifieds PLUS
CVE-2007-5121 (Cross-site scripting (XSS) vulnerability in JSPWiki 2.5.139-beta ...)
	- jspwiki <not-affected> (The version we ship does not process a redirect parameter in Login.jsp and other source files)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5120 (Multiple cross-site scripting (XSS) vulnerabilities in JSPWiki 2.4.103 ...)
	- jspwiki 2.5.139-1 (medium; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5119 (JSPWiki 2.4.103 and 2.5.139-beta allows remote attackers to obtain ...)
	- jspwiki 2.5.139-1 (unimportant; bug #445477)
	[sarge] - jspwiki <no-dsa> (Contrib not supported)
CVE-2007-5118 (Unspecified vulnerability in the HID (Human Interface Device) class ...)
	NOT-FOR-US: Solaris
CVE-2007-5117 (Multiple PHP remote file inclusion vulnerabilities in FrontAccounting ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-5116 (Buffer overflow in the polymorphic opcode support in the Regular ...)
	{DSA-1400-1 DTSA-78-1}
	- perl 5.8.8-12 (medium; bug #450794)
	NOTE: http://public.activestate.com/cgi-bin/perlbrowse/30647
CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5135 (Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL ...)
	{DSA-1379-1}
	- openssl 0.9.8e-9 (low; bug #444435)
	[sarge] - openssl 0.9.7e-3sarge5
CVE-2007-5115 (Multiple PHP remote file inclusion vulnerabilities in Ekke Doerre ...)
	NOT-FOR-US: Ekke Doerre Contenido
CVE-2007-5114 (** DISPUTED ** ...)
	NOT-FOR-US: phpmyProfiler
CVE-2007-5113 (report.cgi in Google Urchin allows remote attackers to bypass ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5112 (Cross-site scripting (XSS) vulnerability in session.cgi (aka the login ...)
	NOT-FOR-US: Google Urchin
CVE-2007-5111 (A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5110 (Absolute path traversal vulnerability in the ...)
	NOT-FOR-US: ebCrypt
CVE-2007-5109 (Cross-site request forgery (CSRF) vulnerability in index.php in ...)
	NOT-FOR-US: flatnuke
CVE-2007-5108 (Unspecified vulnerability in IAC Search &amp; Media ask.com toolbar has ...)
	NOT-FOR-US: IAC Search & Media ask.com toolbar
CVE-2007-5107 (Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ...)
	NOT-FOR-US: AskJeevesToolBar
CVE-2007-5106 (Cross-site scripting (XSS) vulnerability in wp-register.php in ...)
	- wordpress 2.0.2-1 (low)
CVE-2007-5105 (Cross-site scripting (XSS) vulnerability in wp-register.php in ...)
	- wordpress 2.0.4-1 (low)
CVE-2007-5104 (SQL injection vulnerability in index.php in the Arcade module in bcoos ...)
	NOT-FOR-US: bcoos
CVE-2007-5103 (Directory traversal vulnerability in config.inc.php in Wordsmith 1.0 ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5102 (PHP remote file inclusion vulnerability in config.inc.php in Wordsmith ...)
	NOT-FOR-US: Wordsmith
CVE-2007-5101 (ChironFS before 1.0 RC7 sets user/group ownership to the mounter ...)
	NOT-FOR-US: ChironFS
CVE-2007-5100 (Multiple PHP remote file inclusion vulnerabilities in phpBB Plus 1.53, ...)
	NOT-FOR-US: phpBB plus (phpbb2 does not include this module)
CVE-2007-5099 (PHP remote file inclusion vulnerability in show.php in David Watters ...)
	NOT-FOR-US: helplink
CVE-2007-5098 (Multiple PHP remote file inclusion vulnerabilities in DFD Cart 1.1.4 ...)
	NOT-FOR-US: DFD Cart
CVE-2007-5097 (** DISPUTED ** ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-5096 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: guanxiCRM Business Solution
CVE-2007-5095 (Microsoft Windows Media Player (WMP) 9 on Windows XP SP2 invokes ...)
	NOT-FOR-US: Windows Media Player
CVE-2007-5094 (Heap-based buffer overflow in iaspam.dll in the SMTP Server in ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-5093 (The disconnect method in the Philips USB Webcam (pwc) driver in Linux ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1381-2}
	- linux-2.6 2.6.23-1
CVE-2007-5092 (Directory traversal vulnerability in index.php in the Dance Music ...)
	NOT-FOR-US: phpNuke module
CVE-2007-5091 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
	- egroupware 1.2.107-2.dfsg-2 (low; bug #444351)
CVE-2007-5090 (Unspecified vulnerability in IBM Rational ClearQuest (CQ), when a ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-5089 (PHP remote file inclusion vulnerability in php-inc/log.inc.php in ...)
	NOT-FOR-US: Sklog
CVE-2007-5088 (Cross-site scripting (XSS) vulnerability in search/cust_bill_event.cgi ...)
	NOT-FOR-US: freeside
CVE-2007-5087 (The ATM module in the Linux kernel before 2.4.35.3, when CLIP support ...)
	- linux-2.6 <not-affected> (2.6 code base handles ARP entries differently)
CVE-2007-5086 (Kaspersky Anti-Virus (KAV) and Internet Security 7.0 build 125 do not ...)
	NOT-FOR-US: Kaspersky Anti-Virus and Internet Security 7.0
CVE-2007-5085 (Unspecified vulnerability in the management EJB (MEJB) in Apache ...)
	NOT-FOR-US: Geronimo Apache
CVE-2007-5084 (Multiple SQL injection vulnerabilities in Computer Associates (CA) ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5083 (Multiple integer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2007-5082 (Multiple stack-based buffer overflows in Computer Associates (CA) ...)
	NOT-FOR-US: CA BrightStor Hierarchical Storage Manager
CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers ...)
	- ssldump 0.9b3-1 (low)
CVE-2007-5081 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5080 (Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne ...)
	NOT-FOR-US: RealPlayer
CVE-2007-5079 (Red Hat Enterprise Linux 4 does not properly compile and link gdm with ...)
	- gdm <not-affected> (Red Hat-specific packaging flaw)
CVE-2007-5078 (Multiple cross-site scripting (XSS) vulnerabilities in eGov Manager ...)
	NOT-FOR-US: eGov Manager
CVE-2007-5077
	RESERVED
CVE-2007-5076
	RESERVED
CVE-2007-5075
	RESERVED
CVE-2007-5074
	RESERVED
CVE-2007-5073
	RESERVED
CVE-2007-5072 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5071 (Incomplete blacklist vulnerability in upload_img_cgi.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2007-5070 (Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX ...)
	NOT-FOR-US: Easy Mail Message Printer
CVE-2007-5069 (Directory traversal vulnerability in data/compatible.php in the Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-5068 (SQL injection vulnerability in index.php in phpFullAnnu (PFA) 6.0 ...)
	NOT-FOR-US: phpFullAnnu
CVE-2007-5067 (Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow ...)
	NOT-FOR-US: iMatix Xitami Web Server
CVE-2007-5066 (Unspecified vulnerability in Webmin before 1.370 on Windows allows ...)
	- webmin <removed>
CVE-2007-5065 (PHP remote file inclusion vulnerability in admin.slideshow1.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-5064 (Buffer overflow in a certain ActiveX control in Xunlei Web Thunder ...)
	NOT-FOR-US: Xunlei Web Thunder
CVE-2007-5063 (Adam Scheinberg Flip 3.0 and earlier stores sensitive information ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5062 (account.php in Adam Scheinberg Flip 3.0 and earlier allows remote ...)
	NOT-FOR-US: Adam Scheinberg Flip
CVE-2007-5061 (SQL injection vulnerability in mods/banners/navlist.php in Clansphere ...)
	NOT-FOR-US: Clansphere
CVE-2007-5060 (Cross-site request forgery (CSRF) vulnerability in the cpass ...)
	NOT-FOR-US: XCMS
CVE-2007-5059 (Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL allow ...)
	NOT-FOR-US: GreenSQL
CVE-2007-5058 (Cross-site scripting (XSS) vulnerability in the Web administration ...)
	NOT-FOR-US: Barracuda
CVE-2007-5057 (NetSupport Manager Client before 10.20.0004 allows remote attackers to ...)
	NOT-FOR-US: NetSupport Manager Client
CVE-2007-5056 (Eval injection vulnerability in adodb-perf-module.inc.php in ADOdb ...)
	NOT-FOR-US: ADOdb Lite
CVE-2007-5055 (Multiple directory traversal vulnerabilities in iziContents 1 RC6 and ...)
	NOT-FOR-US: iziContents
CVE-2007-5054 (Multiple PHP remote file inclusion vulnerabilities in iziContents 1 ...)
	NOT-FOR-US: iziContents
CVE-2007-5053 (Multiple incomplete blacklist vulnerabilities in iziContents 1 RC6 and ...)
	NOT-FOR-US: iziContents
CVE-2007-5052 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Vigile CMS
CVE-2007-5051 (Multiple cross-site scripting (XSS) vulnerabilities in PhpGedView ...)
	{DSA-1559-1}
	- phpgedview 4.1.e+4.1.1-2 (low; bug #443901)
CVE-2007-5050 (Directory traversal vulnerability in index.php in Neuron News 1.0 ...)
	NOT-FOR-US: Neuron News
CVE-2007-5049
	REJECTED
CVE-2007-5048 (Heap-based buffer overflow in Lhaplus before 1.55 allows remote ...)
	NOT-FOR-US: lhaplus
CVE-2007-5047 (Norton Internet Security 2008 15.0.0.60 does not properly validate ...)
	NOT-FOR-US: Norton Internet Security
CVE-2007-5046 (Cross-site scripting (XSS) vulnerability in the Webmail interface for ...)
	NOT-FOR-US: IceWarp Merak Mail Server
CVE-2007-5045 (Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
CVE-2007-5044 (ZoneAlarm Pro 7.0.362.000 does not properly validate certain ...)
	NOT-FOR-US: ZoneAlam Pro
CVE-2007-5043 (Kaspersky Internet Security 7.0.0.125 does not properly validate ...)
	NOT-FOR-US: Kaspersky Internet Security
CVE-2007-5042 (Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-5041 (G DATA InternetSecurity 2007 does not properly validate certain ...)
	NOT-FOR-US: G DATA InternetSecurity
CVE-2007-5040 (Ghost Security Suite alpha 1.200 does not properly validate certain ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5039 (Ghost Security Suite beta 1.110 does not properly validate certain ...)
	NOT-FOR-US: Ghost Security Suite
CVE-2007-5038 (The offer_account_by_email function in User.pm in the WebService for ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-5037 (Buffer overflow in the inotifytools_snprintf function in ...)
	{DSA-1440-1}
	- inotify-tools 3.11-1 (medium; bug #443913)
CVE-2007-5036 (Multiple buffer overflows in the AirDefense Airsensor M520 with ...)
	NOT-FOR-US: AirDefense firmware
CVE-2007-5035 (** DISPUTED ** ...)
	NOT-FOR-US: openEngine
CVE-2007-5034 (ELinks before 0.11.3, when sending a POST request for an https URL, ...)
	{DSA-1380-1}
	- elinks 0.11.1-1.5 (low; bug #443914)
CVE-2007-5033 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB XS 2 ...)
	NOT-FOR-US: phpBB XS
CVE-2007-5032 (Cross-site request forgery (CSRF) vulnerability in admin.php in ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-5031 (The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5030 (Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5029 (Dibbler 0.6.0 does not verify that certain length parameters are ...)
	- dibbler 0.6.1-1 (low; bug #444002)
CVE-2007-5028 (Dibbler 0.6.0 on Linux uses weak world-writable permissions for ...)
	- dibbler 0.6.1-1 (medium; bug #444002)
CVE-2007-5027 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/ddns in ...)
	NOT-FOR-US: WBR3404TX firmware
CVE-2007-5026 (dBlog CMS, probably 2.0, stores sensitive information under the web ...)
	NOT-FOR-US: dBlog CMS
CVE-2007-5025 (Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 ...)
	NOT-FOR-US: VMware
CVE-2007-5024 (EMC VMware Server before 1.0.4 Build 56528 writes passwords in ...)
	NOT-FOR-US: VMware
CVE-2007-5023 (Unquoted Windows search path vulnerability in EMC VMware Workstation ...)
	NOT-FOR-US: VMware
CVE-2007-5022 (Unspecified vulnerability in certain IBM Tivoli Storage Manager (TSM) ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-5021
	REJECTED
CVE-2007-5020 (Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows ...)
	NOT-FOR-US: Acrobat Reader
CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to ...)
	- distcc 2.18.1-1 (low)
	NOTE: since 2.18.1-1 there is the --allow switch to control network access
CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in ...)
	NOT-FOR-US: Solaris
CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...)
	NOT-FOR-US: eZnet
CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...)
	NOT-FOR-US: Abyss Web Server
CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...)
	NOT-FOR-US: mIRC
CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote ...)
	NOT-FOR-US: Tftpd32
CVE-2001-1583 (lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2001-1582 (Buffer overflow in the LDAP naming services library (libsldap) in Sun ...)
	NOT-FOR-US: Solaris
CVE-2007-XXXX [mimep insecure tempfile usage and insecure calls to LaTeX and dvips]
	- mp 3.7.1-8 (low)
	[sarge] - mp <no-dsa> (Minor issue)
	[etch] - mp <no-dsa> (Minor issue)
	NOTE: Can be fixed in a point update
CVE-2007-5019 (Buffer overflow in the Sun Java Web Start ActiveX control in Java ...)
	- sun-java6 <removed> (unimportant)
	- sun-java5 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: exploiting this would not work under Linux
CVE-2007-5018 (Stack-based buffer overflow in IMAPD in Mercury/32 4.52 allows remote ...)
	NOT-FOR-US: Pegasus Mail Mercury
CVE-2007-5017 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-5016 (SQL injection vulnerability in userreviews.php in OneCMS 2.4 allows ...)
	NOT-FOR-US: OneCMS
CVE-2007-5015 (Multiple PHP remote file inclusion vulnerabilities in Streamline PHP ...)
	NOT-FOR-US: Streamline
CVE-2007-5014 (Multiple PHP remote file inclusion vulnerabilities in pSlash 0.70 ...)
	NOT-FOR-US: pSlash
CVE-2007-5013 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Phormer
CVE-2007-5012 (Cross-site scripting (XSS) vulnerability in picture.php in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2007-5011 (webbatch.exe in WebBatch allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: WebBatch
CVE-2007-5010 (Cross-site scripting (XSS) vulnerability in WebBatch allows remote ...)
	NOT-FOR-US: WebBatch
CVE-2007-5009 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Phpbb Plus
	NOTE: vulnerable code not included in phpbb2
CVE-2007-5008 (The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not ...)
	NOT-FOR-US: HP-UX
CVE-2007-5007 (Stack-based buffer overflow in the ir_fetch_seq function in balsa ...)
	- balsa 2.3.20-1 (low)
	[etch] - balsa 2.3.13-3
	NOTE: Minor issue fixed in 4.0r4 point release
	[sarge] - balsa <no-dsa> (Minor issue)
	NOTE: attacker needs to get the victim a prepared server to use
CVE-2007-5006 (Multiple command handlers in CA (Computer Associates) BrightStor ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5005 (Directory traversal vulnerability in rxRPC.dll in CA (Computer ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5004 (Integer overflow in CA (Computer Associates) BrightStor ARCserve ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5003 (Multiple stack-based buffer overflows in CA (Computer Associates) ...)
	NOT-FOR-US: CA ARCserve Backup
CVE-2007-5002
	RESERVED
CVE-2007-5001 (Linux kernel before 2.4.21 allows local users to cause a denial of ...)
	- linux-2.6 <not-affected> (RedHat/RHEL3 specific patch only)
CVE-2007-5000 (Cross-site scripting (XSS) vulnerability in the (1) mod_imap module in ...)
	[sarge] - apache2 <no-dsa> (minor issue)
	[sarge] - apache <no-dsa> (minor issue)
	- apache2 2.2.8-1 (low)
	- apache <removed> (low)
	[etch] - apache2 2.2.3-4+etch4
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-4999 (libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, ...)
	- pidgin 2.2.2-1 (medium)
CVE-2007-4998 (cp, when running with an option to preserve symlinks on multiple OSes, ...)
	- coreutils 4.1.2
	NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=356471
CVE-2007-4997 (Integer underflow in the ieee80211_rx function in ...)
	{DSA-1428-1}
	- linux-2.6 2.6.23-1
CVE-2007-4996 (libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge ...)
	- pidgin 2.2.1-1 (medium)
	NOTE: Gaim not affected, vulnerable code was introduced in 2.2.0
CVE-2007-4995 (Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before ...)
	{DSA-1571-1}
	- openssl 0.9.8f-1 (low)
	- openssl097 <not-affected> (DTLS support was introduced in 0.9.8)
	- openssl096 <not-affected> (DTLS support was introduced in 0.9.8)
	[sarge] - openssl <not-affected> (DTLS support was introduced in 0.9.8)
CVE-2007-4994 (Certificate Server 7.2 in Red Hat Certificate System (RHCS) does not ...)
	NOT-FOR-US: Redhat Certificate Server
CVE-2007-4993 (pygrub (tools/pygrub/src/GrubConf.py) in Xen 3.0.3, when booting a ...)
	{DSA-1384-1}
	- xen-3 3.1.1-1 (medium; bug #444430)
	- xen-3.0 <removed>
CVE-2007-4992 (Stack-based buffer overflow in the process_packet function in ...)
	- firebird1.5 <removed> (medium; bug #446373)
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
CVE-2007-4991 (The SOCKS4 Proxy in Microsoft Internet Security and Acceleration (ISA) ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration
CVE-2007-4990 (The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4989
	REJECTED
CVE-2007-4988 (Sign extension error in the ReadDIBImage function in ImageMagick ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4987 (Off-by-one error in the ReadBlobString function in blob.c in ...)
	{DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
CVE-2007-4986 (Multiple integer overflows in ImageMagick before 6.3.5-9 allow ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4985 (ImageMagick before 6.3.5-9 allows context-dependent attackers to cause ...)
	{DSA-1903-1 DSA-1858-1 DTSA-63-1}
	- imagemagick 7:6.2.4.5.dfsg1-2 (medium; bug #444267)
	- graphicsmagick 1.1.11-1 (medium; bug #444266)
CVE-2007-4984 (SQL injection vulnerability in index.php in the Ktauber.com StylesDemo ...)
	NOT-FOR-US: StylesDemo
CVE-2007-4983 (Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX ...)
	NOT-FOR-US: jetAudio
CVE-2007-4982 (Multiple absolute path traversal vulnerabilities in the ...)
	NOT-FOR-US: QRCode
CVE-2007-4981 (Cross-site scripting (XSS) vulnerability in the save function in ...)
	NOT-FOR-US: Obedit
CVE-2007-4980 (The readRequest method in org/gcaldaemon/core/http/HTTPListener.java ...)
	NOT-FOR-US: GCALDaemon
CVE-2007-4979 (SQL injection vulnerability in index.php in the sondages module in ...)
	NOT-FOR-US: KwsPHP
CVE-2007-4978 (Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 ...)
	NOT-FOR-US: phpSyncML
CVE-2007-4977 (Cross-site scripting (XSS) vulnerability in mode.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4976 (Directory traversal vulnerability in viewlog.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-4975 (Cross-site scripting (XSS) vulnerability in hilfe.php in b1gMail 6.3.1 ...)
	NOT-FOR-US: b1gMail
CVE-2007-4974 (Heap-based buffer overflow in the flac_buffer_copy function in ...)
	{DSA-1442-1}
	- libsndfile 1.0.17-4 (bug #443386; medium)
	[sarge] - libsndfile <not-affected> (Vulnerable code not present)
	- ardour 1:2.1-1.1 (medium; bug #445889)
	[sarge] - ardour <not-affected> (Vulnerable code not present)
	[etch] - ardour <not-affected> (Vulnerable code not present)
CVE-2007-4973
	RESERVED
CVE-2007-4972 (RegMon 7.04 does not properly validate certain parameters to System ...)
	NOT-FOR-US: NtRegmon
CVE-2007-4971 (ProSecurity 1.40 Beta 2 does not properly validate certain parameters ...)
	NOT-FOR-US: ProSecurity
CVE-2007-4970 (ProcessGuard 3.410 does not properly validate certain parameters to ...)
	NOT-FOR-US: ProcessGuard
CVE-2007-4969 (Process Monitor 1.22 does not properly validate certain parameters to ...)
	NOT-FOR-US: Process Monitor
CVE-2007-4968 (Privatefirewall 5.0.14.2 does not properly validate certain parameters ...)
	NOT-FOR-US: Privatefirewal
CVE-2007-4967 (Online Armor Personal Firewall 2.0.1.215 does not properly validate ...)
	NOT-FOR-US: Online Armor Personal Firewall
CVE-2007-4966 (SQL injection vulnerability in www/people/editprofile.php in GForge ...)
	NOTE: Duplicate of CVE-2007-3913
CVE-2007-4965 (Multiple integer overflows in the imageop module in Python 2.5.1 and ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.5 2.5.1-6 (low; bug #443333)
	[etch] - python2.5 <no-dsa> (Minor issue)
	[sarge] - python2.5 <no-dsa> (Minor issue)
	- python2.4 2.4.4-7 (low; bug #443335)
	[etch] - python2.4 <no-dsa> (Minor issue)
CVE-2007-4964 (WinImage 8.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinImage
CVE-2007-4963 (Visual truncation vulnerability in WinImage 8.10 and earlier allows ...)
	NOT-FOR-US: WinImage
CVE-2007-4962 (Directory traversal vulnerability in WinImage 8.10 and earlier allows ...)
	NOT-FOR-US: WinImage
CVE-2007-4961 (The login_to_simulator method in Linden Lab Second Life, as used by ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4960 (Argument injection vulnerability in the Linden Lab Second Life ...)
	- secondlife-client <itp> (low; bug #406335)
CVE-2007-4959 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: osCMax
CVE-2007-4958 (Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery ...)
	NOT-FOR-US: TinyWebGallery
CVE-2007-4957 (Multiple directory traversal vulnerabilities in download.php in Chupix ...)
	NOT-FOR-US: ChupixCMS
CVE-2007-4956 (Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4955 (PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4954 (PHP remote file inclusion vulnerability in admin.joom12pic.php in the ...)
	NOT-FOR-US: Joomla! extension
CVE-2007-4953 (SQL injection vulnerability in index.php in SimpCMS allows remote ...)
	NOT-FOR-US: SimpCMS
CVE-2007-4952 (SQL injection vulnerability in article.php in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2007-4951 (** DISPUTED ** ...)
	NOT-FOR-US: YaPiG
CVE-2007-4950 (** DISPUTED ** ...)
	NOT-FOR-US: Phportal
CVE-2007-4949 (** DISPUTED ** ...)
	NOT-FOR-US: phpreactor
CVE-2007-4948 (Multiple PHP remote file inclusion vulnerabilities in Webmedia ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2007-4947 (Multiple PHP remote file inclusion vulnerabilities in myphpPagetool ...)
	NOT-FOR-US: myphpPagetool
CVE-2007-4946 (LetterGrade allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4945 (Multiple cross-site scripting (XSS) vulnerabilities in LetterGrade ...)
	NOT-FOR-US: LetterGrade
CVE-2007-4944 (The canvas.createPattern function in Opera 9.x before 9.22 for Linux, ...)
	NOT-FOR-US: Opera
CVE-2007-4943 (Multiple buffer overflows in a certain ActiveX control in sparser.dll ...)
	NOT-FOR-US: Baofeng Storm
CVE-2007-4942 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4941 (KMPlayer 2.9.3.1210 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: KMPlayer for windows
	NOTE: its not kmplayer we ship its a windows only media player
CVE-2007-4940 (Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4939 (Heap-based buffer overflow in mplayerc.exe in Media Player Classic ...)
	NOT-FOR-US: Media Player Classic
CVE-2007-4938 (Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 ...)
	{DTSA-65-1}
	- mplayer 1.0~rc1-16.1 (bug #443478)
CVE-2007-4937 (CS Guestbook stores sensitive information under the web root with ...)
	NOT-FOR-US: CS Guestbook
CVE-2007-4936 (Unspecified vulnerability in Office Efficiencies SafeSquid 4.1.x has ...)
	NOT-FOR-US: SafeSquid
CVE-2007-4935 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
	NOT-FOR-US: phpFFL
CVE-2007-4934 (Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 ...)
	NOT-FOR-US: phpFFL
CVE-2007-4933 (Direct static code injection vulnerability in ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4932 (admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the ...)
	NOT-FOR-US: Shop-Script FREE
CVE-2007-4931 (HP System Management Homepage (SMH) for Windows, when used in ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-4930 (Multiple cross-site request forgery (CSRF) vulnerabilities in the AXIS ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4929 (Multiple cross-site scripting (XSS) vulnerabilities in the AXIS 207W ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4928 (The AXIS 207W camera stores a WEP or WPA key in cleartext in the ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4927 (axis-cgi/buffer/command.cgi on the AXIS 207W camera allows remote ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4926 (The AXIS 207W camera uses a base64-encoded cleartext username and ...)
	NOT-FOR-US: Axis firmware
CVE-2007-4925 (The ewirePC_Decrypt function in ewirepcfunctions.php in eWire Payment ...)
	NOT-FOR-US: eWire Payment Client
CVE-2007-4924 (The Open Phone Abstraction Library (opal), as used by (1) Ekiga before ...)
	- opal 2.2.11~dfsg1-1 (low)
	[etch] - opal 2.2.3.dfsg-3+etch1 (bug #454141)
	NOTE: will be fixed by regular stable update
CVE-2007-4923 (PHP remote file inclusion vulnerability in admin.joomlaradiov5.php in ...)
	NOT-FOR-US: Joomla extension
CVE-2007-4922 (SQL injection vulnerability in play.php in the jeuxflash 1.0 module ...)
	NOT-FOR-US: KwsPhp
CVE-2007-4921 (PHP remote file inclusion vulnerability in _includes/settings.inc.php ...)
	NOT-FOR-US: Ajax File Browser
CVE-2007-4920 (SQL injection vulnerability in soporte_derecha_w.php in PHP Webquest ...)
	NOT-FOR-US: Webquest
CVE-2007-4919 (Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote ...)
	NOT-FOR-US: Jblog
CVE-2007-4918 (SQL injection vulnerability in classes/gelato.class.php in Gelato ...)
	NOT-FOR-US: Gelato
CVE-2007-4917 (Cross-site scripting (XSS) vulnerability in tracking.php in PHP-Stats ...)
	NOT-FOR-US: Php-Stats
CVE-2007-4916 (Heap-based buffer overflow in the FileFind::FindFile method in (1) ...)
	NOT-FOR-US: MFC Library
CVE-2007-4915 (The Intersil isl3893 extensions for Boa 0.93.15, as used on the ...)
	- boa <not-affected> (We don't ship this extension)
CVE-2007-4914 (Unspecified vulnerability in the subscriptions manager in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4913 (ips_kernel/class_upload.php in Invision Power Board (IPB or IP.Board) ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4912 (Cross-site scripting (XSS) vulnerability in ips_kernel/class_ajax.php ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4911 (JSMP3OGGWt.dll in JetCast Server 2.0.0.4308 allows remote attackers to ...)
	NOT-FOR-US: JetCast Server
CVE-2007-4910 (Unspecified vulnerability in netInvoicing before 2.7.3 has unknown ...)
	NOT-FOR-US: Netinvoicing
CVE-2007-4909 (Interpretation conflict in WinSCP before 4.0.4 allows remote attackers ...)
	NOT-FOR-US: WinSCP
CVE-2007-4908 (Directory traversal vulnerability in index.php in AuraCMS 2.1 and ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4907 (Multiple PHP remote file inclusion vulnerabilities in X-Cart allow ...)
	NOT-FOR-US: X-Cart
CVE-2007-4906 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NuclearBB
CVE-2007-4905 (Unrestricted file upload vulnerability in mod/contak.php in AuraCMS ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4904 (RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player ...)
	- helix-player <unfixed> (unimportant; bug #443130)
	NOTE: Just a floating point exception by via a crafted .au file)
CVE-2007-4903 (Multiple buffer overflows in a certain ActiveX control in CryptoX.dll ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4902 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Ultra Crypto Component
CVE-2007-4901 (The embedded Internet Explorer server control in AOL Instant Messenger ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-4900 (Cross-site scripting (XSS) vulnerability in the logon page in RSA ...)
	NOT-FOR-US: RSA EnVision
CVE-2007-4899 (Multiple cross-site scripting (XSS) vulnerabilities in Boinc Forum ...)
	NOT-FOR-US: Boinc Forum
CVE-2007-4898 (Unspecified vulnerability in the Multiwiki plugin in XWiki before 1.1 ...)
	NOT-FOR-US: Xwiki
CVE-2007-4897 (pwlib, as used by Ekiga 2.0.5 and possibly other products, allows ...)
	{DTSA-94-1}
	- pwlib 1.10.10-1.1 (low; bug #454133)
	- pwlib-titan 1.11.2-1.1 (low; bug #454139)
	[etch] - pwlib 1.10.2-2+etch1
	[sarge] - pwlib 1.8.4-1+sarge1.1
CVE-2007-4896 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4895 (Directory traversal vulnerability in dwoprn.php in Sisfo Kampus 2006 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4894 (Multiple SQL injection vulnerabilities in Wordpress before 2.2.3 and ...)
	- wordpress 2.2.3-1 (medium)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4893 (wp-admin/admin-functions.php in Wordpress before 2.2.3 and Wordpress ...)
	- wordpress 2.2.3-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not yet introduced)
CVE-2007-4892 (Multiple SQL injection vulnerabilities in SWSoft Plesk 7.6.1, 8.1.0, ...)
	NOT-FOR-US: Plesk (Windows)
CVE-2007-XXXX [libgd2: gdImageColorTransparent can write outside buffer]
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	- libgd2 2.0.35.dfsg-3
	[etch] - libgd2 2.0.33-5.2etch1
CVE-2007-4891 (A certain ActiveX control in PDWizard.ocx 6.0.0.9782 and earlier in ...)
	NOT-FOR-US: PDWizard
CVE-2007-4890 (Absolute directory traversal vulnerability in a certain ActiveX ...)
	NOT-FOR-US: Microsoft Visual Studio
CVE-2007-4889 (The MySQL extension in PHP 5.2.4 and earlier allows remote attackers ...)
	- php5 <removed> (unimportant)
	NOTE: basedir and safemode not supported
CVE-2007-4888 (The &quot;You are not allowed...&quot; error handler in XWiki 1.0 B1 and 1.0 B2 ...)
	NOT-FOR-US: Xwiki
CVE-2007-4887 (The dl function in PHP 5.2.4 and earlier allows context-dependent ...)
	- php5 5.2.5-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4886 (Incomplete blacklist vulnerability in index.php in AuraCMS 1.x and ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4885 (Avnex AV MP3 Player allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Avnex AV MP3 Player
CVE-2007-4884 (Media Player Classic (MPC) allows user-assisted remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2007-4883 (Cross-site scripting (XSS) vulnerability in the BotQuery extension in ...)
	- mediawiki-extensions <not-affected> (We don't ship this extension)
CVE-2007-4882 (Multiple cross-site scripting (XSS) vulnerabilities in TechExcel ...)
	NOT-FOR-US: TechExcel CustomerWise
CVE-2007-4881 (SQL injection vulnerability in profile/myprofile.php in psi-labs.com ...)
	NOT-FOR-US: Psilabs
CVE-2007-4880 (Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in ...)
	NOT-FOR-US: IBM Tivoli Storage Manager (TSM)
CVE-2007-4879 (Mozilla Firefox before Firefox 2.0.0.13, and SeaMonkey before 1.1.9, ...)
	{DSA-1534-2 DSA-1535-1 DSA-1534-1 DSA-1532-1}
	- iceweasel 2.0.0.13-1 (low; bug #444803)
	- iceape 1.1.9-1 (low; bug #444805)
	- xulrunner 1.8.1.13-1
CVE-2007-4878
	RESERVED
CVE-2007-4877
	RESERVED
CVE-2007-4876
	RESERVED
CVE-2007-4875
	RESERVED
CVE-2007-4874 (Multiple cross-site scripting (XSS) vulnerabilities in SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2007-4873 (SimpNews 2.41.03 stores sensitive information under the web root with ...)
	NOT-FOR-US: SimpNews
CVE-2007-4872 (SimpNews 2.41.03 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: SimpNews
CVE-2007-4871
	RESERVED
CVE-2007-4870
	RESERVED
CVE-2007-4869
	RESERVED
CVE-2007-4868
	RESERVED
CVE-2007-4867
	RESERVED
CVE-2007-4866
	RESERVED
CVE-2007-4865
	RESERVED
CVE-2007-4864
	RESERVED
CVE-2007-4863 (SQL injection vulnerability in example.php in SAXON 5.4 allows remote ...)
	NOT-FOR-US: SAXON
CVE-2007-4862 (Cross-site scripting (XSS) vulnerability in admin/menu.php in SAXON ...)
	NOT-FOR-US: SAXON
CVE-2007-4861 (SAXON 5.4, with display_errors enabled, allows remote attackers to ...)
	NOT-FOR-US: SAXON
CVE-2007-4860
	RESERVED
CVE-2007-4859
	RESERVED
CVE-2007-4858
	RESERVED
CVE-2007-4857
	RESERVED
CVE-2007-4856
	RESERVED
CVE-2007-4855
	RESERVED
CVE-2007-4854
	RESERVED
CVE-2007-4853
	RESERVED
CVE-2007-4852
	RESERVED
CVE-2007-4851
	REJECTED
CVE-2006-7223 (PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the ...)
	NOT-FOR-US: Xwiki
CVE-2005-4862 (The search functionality in XWiki 0.9.793 indexes cleartext user ...)
	NOT-FOR-US: Xwiki
CVE-2007-4850 (curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and ...)
	- php4 <removed> (unimportant)
	- php5 5.2.6-1 (unimportant)
	NOTE: Safe mode bypasses not treated as security problems
CVE-2007-4849 (JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1 (bug #442245; low)
CVE-2007-4848 (Microsoft Internet Explorer 4.0 through 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4847 (Google Picasa allows remote attackers to read image files stored by ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4846 (SQL injection vulnerability in start.php in Webace-Linkscript (wls) ...)
	NOT-FOR-US: Webace-Linkscript
CVE-2007-4845 (Multiple SQL injection vulnerabilities in UPLOAD/index.php in ...)
	NOT-FOR-US: RW::Download
CVE-2007-4844 (X-Diesel Unreal Commander 0.92 build 565 and 573 does not properly ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4843 (Directory traversal vulnerability in X-Diesel Unreal Commander 0.92 ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4842 (Directory traversal vulnerability in Enriva Development Magellan ...)
	NOT-FOR-US: Magellan Explorer
CVE-2007-4841 (Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and ...)
	- iceweasel <not-affected> (windows only issue)
	- iceape <not-affected> (windows only issue)
	- xulrunner <not-affected> (windows only issue)
	- icedove <not-affected> (windows only issue)
	NOTE: MFSA2007-36
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=394974
CVE-2007-4840 (PHP 5.2.4 and earlier allows context-dependent attackers to cause a ...)
	- glibc 2.7-1 (unimportant)
	NOTE: Original PHP issue only triggerable by malicious script
CVE-2007-4839 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4838 (Multiple buffer overflows in CellFactor Revolution 1.03 and earlier ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4837 (SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows ...)
	NOT-FOR-US: Proxy Anket
CVE-2007-4836 (Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4835 (SQL injection vulnerability in index.php in phpMyQuote 0.20 allows ...)
	NOT-FOR-US: phpMyQuote
CVE-2007-4834 (Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 ...)
	NOT-FOR-US: phpRealty
CVE-2007-4833 (Unspecified vulnerability in the Edge Component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-4832 (Format string vulnerability in CellFactor Revolution 1.03 and earlier ...)
	NOT-FOR-US: CellFactor Revolution
CVE-2007-4831 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4830 (Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-4829 (Directory traversal vulnerability in the Archive::Tar Perl module 1.36 ...)
	- perl 5.10.0-19
	[etch] - perl <not-affected> (Was merged into Perl as of 5.10)
	- libarchive-tar-perl 1.38-1 (low; bug #449544)
	[sarge] - libarchive-tar-perl <no-dsa> (Minor issue)
	[etch] - libarchive-tar-perl <no-dsa> (Minor issue)
CVE-2007-4828 (Cross-site scripting (XSS) vulnerability in the API pretty-printing ...)
	- mediawiki 1.10.2-1 (low; bug #442255)
	[etch] - mediawiki <not-affected> (Does not include the vulnerable code)
CVE-2007-4827 (Unspecified vulnerability in the Modbus/TCP Diagnostic function in ...)
	NOT-FOR-US: Modbus Slave ActiveX Control
CVE-2007-4826 (bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to ...)
	{DSA-1382-1}
	- quagga 0.99.9-1 (low; bug #442133)
	NOTE: Upstream says that this can only be exploited by configured peers.
CVE-2007-4825 (Directory traversal vulnerability in PHP 5.2.4 and earlier allows ...)
	- php5 5.2.5-1 (unimportant)
	- php4 <not-affected> (error message "Allowed memory size of 8388608 bytes exhausted...")
	NOTE: php5 PoC can be reproduced, basedir violations not treated as security problems
CVE-2007-4824 (Multiple cross-application scripting (XAS) vulnerabilities in Google ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4823 (Multiple buffer overflows in Google Picasa have unspecified attack ...)
	NOT-FOR-US: Google Picasa
CVE-2007-4822 (Cross-site request forgery (CSRF) vulnerability in the device ...)
	NOT-FOR-US: Buffalo AirStation firmware
CVE-2007-4821 (Buffer overflow in a certain ActiveX control in officeviewer.ocx ...)
	NOT-FOR-US: EDraw Office Viewer
CVE-2007-4820 (Absolute path traversal vulnerability in blanko.preview.php in Sisfo ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2007-4819 (Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4818 (Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 ...)
	NOT-FOR-US: Txx CMS
CVE-2007-4817 (Unrestricted file upload vulnerability in the Restaurante ...)
	NOT-FOR-US: Joomla component
	NOTE: not included in standard joomla installation, joomla has an itp though
CVE-2007-4816 (Multiple buffer overflows in the BaoFeng2 storm ActiveX control in ...)
	NOT-FOR-US: BaoFeng2
CVE-2007-4815 (Multiple PHP remote file inclusion vulnerabilities in WebED in Markus ...)
	NOT-FOR-US: WebED
CVE-2007-4814 (Buffer overflow in the SQLServer ActiveX control in the Distributed ...)
	NOT-FOR-US: Microsoft SQL Server Enterprise Manager
CVE-2007-4813 (Cross-site scripting (XSS) vulnerability in Domino Blogsphere 3.01 ...)
	NOT-FOR-US: Domino Blogsphere
CVE-2007-4812 (Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions ...)
	NOT-FOR-US: Mac OS
CVE-2007-4811 (Multiple cross-site scripting (XSS) vulnerabilities in Netjuke 1.0-rc2 ...)
	NOT-FOR-US: Netjuke
CVE-2007-4810 (Multiple SQL injection vulnerabilities in Netjuke 1.0-rc2 allow remote ...)
	NOT-FOR-US: Netjuke
CVE-2007-4809 (Multiple PHP remote file inclusion vulnerabilities in Online Fantasy ...)
	NOT-FOR-US: Online Fantasy Football League
CVE-2007-4808 (Multiple SQL injection vulnerabilities in TLM CMS 3.2 allow remote ...)
	NOT-FOR-US: TLM CMS
CVE-2007-4807 (Multiple PHP remote file inclusion vulnerabilities in Focus/SIS 2.2 ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4806 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Focus/SIS
CVE-2007-4805 (Directory traversal vulnerability in getgalldata.php in fuzzylime ...)
	NOT-FOR-US: Fuzzylime CMS
CVE-2007-4804 (Multiple SQL injection vulnerabilities in AuraCMS 1.5rc allow remote ...)
	NOT-FOR-US: AuraCMS
CVE-2007-4803 (Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-4802 (Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow ...)
	NOT-FOR-US: GlobalLink
CVE-2007-4801
	RESERVED
CVE-2007-4800
	RESERVED
CVE-2007-4799 (The perfstat kernel extension in bos.perf.perfstat in AIX 5.3 does not ...)
	NOT-FOR-US: AIX perfstat kernel extension
CVE-2007-4798 (Unspecified vulnerability in invscout in Inventory Scout in ...)
	NOT-FOR-US: invscout
CVE-2007-4797 (Multiple buffer overflows in unspecified svprint (System V print) ...)
	NOT-FOR-US: System V print
CVE-2007-4796 (Buffer overflow in uucp in bos.net.uucp in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: uucp IBM AIX
CVE-2007-4795 (Buffer overflow in mkpath in bos.rte.methods in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: mkpath IBM AIX
CVE-2007-4794 (Buffer overflow in fcstat in devices.common.IBM.fc.rte in IBM AIX 5.2 ...)
	NOT-FOR-US: fcstat IBM AIX
CVE-2007-4793 (Buffer overflow in xlplm in plm.server.rte in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: xlplm IBM AIX
CVE-2007-4792 (Buffer overflow in ibstat in devices.common.IBM.ib.rte in IBM AIX 5.3 ...)
	NOT-FOR-US: ibstat IBM AIX
CVE-2007-4791 (Buffer overflow in the swcons command in bos.rte.console in IBM AIX ...)
	NOT-FOR-US: swcons IBM AIX
CVE-2007-4790 (Stack-based buffer overflow in certain ActiveX controls in (1) ...)
	NOT-FOR-US: Microsoft Visual FoxPro
CVE-2007-4789 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.7, and Cisco ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4788 (Cisco Content Switching Modules (CSM) 4.2 before 4.2.3a, and Cisco ...)
	NOT-FOR-US: Cisco CSM
CVE-2007-4787 (The virus detection engine in Sophos Anti-Virus before 2.49.0 does not ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2007-4786 (Cisco Adaptive Security Appliance (ASA) running PIX 7.0 before ...)
	NOT-FOR-US: Cisco ASA
CVE-2007-4785 (Sony Micro Vault Fingerprint Access Software, as distributed with Sony ...)
	NOT-FOR-US: Sony Micro Vault
CVE-2007-4784 (The setlocale function in PHP before 5.2.4 allows context-dependent ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4783 (The iconv_substr function in PHP 5.2.4 and earlier allows ...)
	- php5 5.2.5-1 (unimportant; bug #441972)
	NOTE: Only triggerable by malicious script
CVE-2007-4782 (PHP before 5.2.3 allows context-dependent attackers to cause a denial ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-4781 (administrator/index.php in the installer component (com_installer) in ...)
	NOT-FOR-US: Joomla
CVE-2007-4780 (Joomla! 1.5 before RC2 (aka Endeleo) allows remote attackers to obtain ...)
	NOT-FOR-US: Joomla
CVE-2007-4779 (Cross-site scripting (XSS) vulnerability in Joomla! 1.5 before RC2 ...)
	NOT-FOR-US: Joomla
CVE-2007-4778 (Multiple SQL injection vulnerabilities in the content component ...)
	NOT-FOR-US: Joomla
CVE-2007-4777 (SQL injection vulnerability in Joomla! 1.5 before RC2 (aka Endeleo) ...)
	NOT-FOR-US: Joomla
CVE-2007-4776 (Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-4775
	RESERVED
CVE-2007-4774
	RESERVED
CVE-2007-4773
	RESERVED
CVE-2007-4772 (The regular expression parser in TCL before 8.4.17, as used in ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 8.3.5-13 (low)
	[etch] - tcl8.3 <no-dsa> (Minor issue)
	- tcl8.4 8.4.17-1 (low)
	[etch] - tcl8.4 <no-dsa> (Minor issue)
	[sarge] - postgresql <unfixed>
CVE-2007-4771 (Heap-based buffer overflow in the doInterval function in regexcmp.cpp ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4770 (libicu in International Components for Unicode (ICU) 3.8.1 and earlier ...)
	{DSA-1511-1}
	- icu 3.8-6 (bug #463688)
CVE-2007-4769 (The regular expression parser in TCL before 8.4.17, as used in ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.2 8.2.6-1
	- postgresql-8.1 8.1.11-1
	- tcl8.3 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	- tcl8.4 <not-affected> (only builds with UCS-4 internal char encoding affected, Debian builds use UCS-2 referring to maintainer)
	[sarge] - postgresql <unfixed>
CVE-2007-4768 (Heap-based buffer overflow in Perl-Compatible Regular Expression ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4767 (Perl-Compatible Regular Expression (PCRE) library before 7.3 does not ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4766 (Multiple integer overflows in Perl-Compatible Regular Expression ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-4765
	RESERVED
CVE-2007-4764 (Directory traversal vulnerability in pawfaliki.php in Pawfaliki 0.5.1 ...)
	NOT-FOR-US: Pawfaliki
CVE-2007-4763 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPOF
CVE-2007-4762 (Multiple SQL injection vulnerabilities in embadmin/login.asp in ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-4761 (Unrestricted file upload vulnerability in upload.php in Barbo91 1.1 ...)
	NOT-FOR-US: Barbo91
CVE-2007-4760 (The javadoc tool in Cosminexus Developer's Kit for Java in Cosminexus ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4759 (Multiple unspecified vulnerabilities in the image-processing APIs in ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4758 (Multiple buffer overflows in the image-processing APIs in Cosminexus ...)
	NOT-FOR-US: Cosminexus Developer's Kit
CVE-2007-4757 (PHP remote file inclusion vulnerability in menu.php in phpMytourney ...)
	NOT-FOR-US: phpMytourney
CVE-2007-4756 (Directory traversal vulnerability in the FTP client in Total Commander ...)
	NOT-FOR-US: Total Commander
CVE-2007-4755 (Alien Arena 2007 6.10 and earlier allows remote attackers to cause a ...)
	- alien-arena 6.05-4.1 (low; bug #442075)
CVE-2007-4754 (Format string vulnerability in the safe_bprintf function in ...)
	- alien-arena 6.05-4.1 (medium; bug #442075)
CVE-2007-4753 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4751 (RemoteDocs R-Viewer before 1.6.3768 stores encrypted RDZ file data in ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4750 (Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 ...)
	NOT-FOR-US: RemoteDocs R-Viewer
CVE-2007-4749 (The cmdjob utility in Autodesk Backburner 3.0.2 allows remote ...)
	NOT-FOR-US: Autodesk Backburner
CVE-2007-4752 (ssh in OpenSSH before 4.7 does not properly handle when an untrusted ...)
	{DSA-1576-1}
	- openssh 1:4.7p1-1 (low; bug #444738)
	[etch] - openssh <no-dsa> (minor issue in weak security measure)
	[sarge] - openssh <no-dsa> (minor issue in weak security measure)
	NOTE: An exploit needs limited control over the machine running a
	NOTE: trusted X client, so this is only a slight privilege
	NOTE: escalation. The X Security extension is merely an afterthought
	NOTE: and is unlikely to provide strong security guarantees.
CVE-2007-4748 (Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream ...)
	NOT-FOR-US: PowerPlayer
CVE-2007-4747 (The telnet service in Cisco Video Surveillance IP Gateway ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4746 (The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone ...)
	NOT-FOR-US: Cisco firmware
CVE-2007-4745 (Multiple cross-site scripting (XSS) vulnerabilities in the AkoBook ...)
	NOT-FOR-US: AkoBook
CVE-2007-4744 (PHP remote file inclusion vulnerability in environment.php in ...)
	NOT-FOR-US: AnyInventory
CVE-2007-4742 (Claroline before 1.8.6 allows remote authenticated administrators to ...)
	NOT-FOR-US: Claroline
CVE-2007-4741 (Cross-site scripting (XSS) vulnerability in admin/adminusers.php in ...)
	NOT-FOR-US: Claroline
CVE-2007-4740 (The HPRevolutionRegistryManager ActiveX control in ...)
	NOT-FOR-US: HPRevolutionRegistryManager
CVE-2007-4739 (reprepro 1.3.0 through 2.2.3 does not properly verify signatures when ...)
	{DSA-1394-1}
	- reprepro 2.2.4-1 (high; bug #440535)
	NOTE: patch for etch in the BTS
	[sarge] - reprepro <not-affected> (Vulnerable code introduced in 1.3.0)
CVE-2007-4738 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4737 (Multiple PHP remote file inclusion vulnerabilities in SpeedTech PHP ...)
	NOT-FOR-US: SpeedTech PHP Library
CVE-2007-4736 (SQL injection vulnerability in category.php in CartKeeper CKGold ...)
	NOT-FOR-US: CartKeeper CKGold Shopping Cart
CVE-2007-4735 (Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 ...)
	NOT-FOR-US: Virtual DJ
CVE-2007-4734 (Buffer overflow in Ots Labs OTSTurntables 1.00 allows user-assisted ...)
	NOT-FOR-US: OTSTurntables
CVE-2007-4733 (The Aztech DSL600EU router, when WAN access to the web interface is ...)
	NOT-FOR-US: Aztech firmware
CVE-2007-4732 (Unspecified vulnerability in the strfreectty function in the Special ...)
	NOT-FOR-US: Special File System
CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote ...)
	NOT-FOR-US: Ccproxy
CVE-2007-4743 (The original patch for CVE-2007-3999 in svc_auth_gss.c in the ...)
	{DSA-1387-1 DSA-1367-1}
	- krb5 1.6.dfsg.1-7 (high; bug #441209)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
	- librpcsecgss 0.14-4 (high; bug #441393)
	NOTE: http://article.gmane.org/gmane.comp.encryption.kerberos.announce/86
	NOTE: 1.6.dfsg.1-7 somehow already includes the updated version
CVE-2007-4731 (Stack-based buffer overflow in the TMregChange function in TMReg.dll ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4730 (Buffer overflow in the compNewPixmap function in compalloc.c in the ...)
	{DSA-1372-1 DTSA-73-1}
	- xorg-server 2:1.4-1
	NOTE: XFree86 is not affected
CVE-2007-4729
	RESERVED
CVE-2007-4728
	RESERVED
CVE-2007-4727 (Buffer overflow in the fcgi_env_add function in ...)
	{DSA-1362-1}
	- lighttpd 1.4.18-1 (medium; bug #441555)
	NOTE: http://www.lighttpd.net/assets/2007/9/9/lighttpd_sa_2007_12.txt
	NOTE: http://www.lighttpd.net/download/lighttpd-1.4.x_mod_fastcgi_overrun.patch
	NOTE: http://www.milw0rm.com/exploits/4391
CVE-2007-4726 (Directory traversal vulnerability in Web Oddity 0.09b allows remote ...)
	NOT-FOR-US: Web Oddity
CVE-2007-4725 (Stack consumption vulnerability in AkkyWareHOUSE 7-zip32.dll before ...)
	NOT-FOR-US: AkkyWareHOUSE
CVE-2007-4724 (Cross-site request forgery (CSRF) vulnerability in cal2.jsp in the ...)
	- tomcat5.5 <not-affected> (Version already ships fixed files)
	- tomcat5 <removed> (unimportant; bug #441205)
	- libservlet2.4-java 5.0.30-6 (unimportant)
	NOTE: DSA should not be required, minor issue, jsp just present as example
CVE-2007-4723 (Directory traversal vulnerability in Ragnarok Online Control Panel ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4722 (Multiple stack-based buffer overflows in the Quantum Streaming ...)
	NOT-FOR-US: Quantum Streaming
CVE-2007-4721
	REJECTED
CVE-2007-4720 (Unspecified vulnerability in the Shared Trace Service in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2007-4719 (SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta ...)
	NOT-FOR-US: 212cafeBoard
CVE-2007-4718 (Directory traversal vulnerability in inc/lib/language.lib.php in ...)
	NOT-FOR-US: Claroline
CVE-2007-4717 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline ...)
	NOT-FOR-US: Claroline
CVE-2007-4716 (Multiple SQL injection vulnerabilities in PHD Help Desk before 1.31 ...)
	NOT-FOR-US: PHD Help Desk
CVE-2007-4715 (Multiple PHP remote file inclusion vulnerabilities in Weblogicnet ...)
	NOT-FOR-US: Weblogicnet
CVE-2007-4714 (SQL injection vulnerability in error_view.php in Yvora 1.0 allows ...)
	NOT-FOR-US: Yvora
CVE-2007-4713 (Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in ...)
	NOT-FOR-US: Urchin
CVE-2007-4712 (PHP remote file inclusion vulnerability in index.php in eNetman 1 ...)
	NOT-FOR-US: eNetman
CVE-2007-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Toms Gaestebuch ...)
	NOT-FOR-US: Toms Gaestebuch
CVE-2007-4710 (Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4709 (Directory traversal vulnerability in CFNetwork in Apple Mac OS X ...)
	NOT-FOR-US: CFNetwork (Apple Mac OS X)
CVE-2007-4708 (Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 ...)
	NOT-FOR-US: Address Book (Apple Mac OS X)
CVE-2007-4707 (Multiple unspecified vulnerabilities in the Flash media handler in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4706 (Heap-based buffer overflow in Apple QuickTime before 7.3.1 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4705
	RESERVED
CVE-2007-4704 (The Application Firewall in Apple Mac OS X 10.5 does not apply changed ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4703 (The Application Firewall in Apple Mac OS X 10.5 does not prevent a ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4702 (The Application Firewall in Apple Mac OS X 10.5, when &quot;Block all ...)
	NOT-FOR-US: Mac OS X
CVE-2007-4701 (WebKit on Apple Mac OS X 10.4 through 10.4.10 does not create ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4700 (Unspecified vulnerability in WebKit on Apple Mac OS X 10.4 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4699 (The default configuration of Safari in Apple Mac OS X 10.4 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4698 (Apple Safari 3 before Beta Update 3.0.4 on Windows, and Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X, Windows
CVE-2007-4697 (Unspecified vulnerability in WebCore in Apple Mac OS X 10.4 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4696 (Race condition in WebCore in Apple Mac OS X 10.4 through 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4695 (Unspecified &quot;input validation&quot; vulnerability in WebCore in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4694 (Safari in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4693 (The SecurityAgent component in Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4692 (The tabbed browsing feature in Apple Safari 3 before Beta Update 3.0.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4691 (The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4690 (Double free vulnerability in the NFS component in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4689 (Double free vulnerability in the Networking component in Apple Mac OS ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4688 (The Networking component in Apple Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4687 (The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4686 (Integer signedness error in the ttioctl function in bsd/kern/tty.c in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4685 (The kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4684 (Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4683 (Directory traversal vulnerability in the kernel in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4682 (CoreText in Apple Mac OS X 10.4 through 10.4.10 allows attackers to ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4681 (Buffer overflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4680 (CFNetwork in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4679 (CFFTP in CFNetwork for Apple Mac OS X 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4678 (AppleRAID in Apple Mac OS X 10.3.9 and 10.4 through 10.4.10 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4677 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4676 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4675 (Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4674 (An &quot;integer arithmetic&quot; error in Apple QuickTime 7.2 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4673 (Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4672 (Stack-based buffer overflow in Apple QuickTime before 7.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-4671 (Unspecified vulnerability in Safari in Apple iPhone 1.1.1, and Safari ...)
	NOT-FOR-US: Safari
CVE-2007-4670 (Unspecified vulnerability in PHP before 5.2.4 has unknown impact and ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: This refers to an improved fix for MOPB 03-2007, which is CVE-2007-1285 and a non-issue
CVE-2007-4669 (The Services API in Firebird before 2.0.2 allows remote authenticated ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4668 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4667 (Unspecified vulnerability in the Services API in Firebird before 2.0.2 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4666 (Unspecified vulnerability in the server in Firebird before 2.0.2, when ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4665 (Unspecified vulnerability in the server in Firebird before 2.0.2 ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4664 (Unspecified vulnerability in the (1) attach database and (2) create ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-4663 (Directory traversal vulnerability in PHP before 5.2.4 allows attackers ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir not supported
CVE-2007-4662 (Buffer overflow in the php_openssl_make_REQ function in PHP before ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: fix is at http://cvs.php.net/viewcvs.cgi/php-src/ext/openssl/openssl.c?r1=1.146&r2=1.147
CVE-2007-4661 (The chunk_split function in string.c in PHP 5.2.3 does not properly ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: This CVE refers to an incomplete fix for CVE-2007-2872, an issue only
	NOTE: triggerable by malicious script
CVE-2007-4660 (Unspecified vulnerability in the chunk_split function in PHP before ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.60&r2=1.445.2.14.2.61&pathrev=PHP_5_2
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.61&r2=1.445.2.14.2.62&pathrev=PHP_5_2
CVE-2007-4659 (The zend_alter_ini_entry function in PHP before 5.2.4 does not ...)
	{DTSA-61-1}
	- php5 5.2.4-1 (low)
	[etch] - php5 <no-dsa> (Backport prone to regressions, causes more problems that it does resolved, minor issue anyway)
CVE-2007-4658 (The money_format function in PHP 5 before 5.2.4, and PHP 4 before ...)
	{DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641, starting "Line 7667"
	NOTE: limited format string vulnerability, the will be put into strfmon and the format string chars are limited to i,n and %
CVE-2007-4657 (Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1
	- php4 <removed>
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.640&r2=1.641
	NOTE: Only exploitable by malicious script
CVE-2007-4656 (backup-manager-upload in Backup Manager before 0.6.3 provides the FTP ...)
	{DSA-1518-1}
	- backup-manager 0.7.6-3 (bug #439392)
CVE-2007-4655 (Multiple directory traversal vulnerabilities in CGI RESCUE Shopping ...)
	NOT-FOR-US: CGI RESCUE Shopping Basket
CVE-2007-4654 (Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on ...)
	NOT-FOR-US: SSHield
CVE-2007-4653 (SQL injection vulnerability in links.php in the Links MOD 1.2.2 and ...)
	NOT-FOR-US: Cisco Content Services Switch
CVE-2007-4652 (The session extension in PHP before 5.2.4 might allow local users to ...)
	- php5 5.2.4-1 (unimportant)
	NOTE: open_basedir() not supported
CVE-2007-4651 (Unspecified vulnerability in Adobe Connect Enterprise Server 6 allows ...)
	NOT-FOR-US: Adobe Connect Enterprise Server
CVE-2007-4650 (Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow ...)
	{DSA-1404-1}
	- gallery2 2.2.3-1
	NOTE: does not affect gallery 1.x (package 'gallery')
CVE-2005-4861 (functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows ...)
	NOT-FOR-US: Ragnarok
CVE-2007-4649 (MicroWorld eScan Virus Control 9.0.722.1, Anti-Virus 9.0.722.1, and ...)
	NOT-FOR-US: MicroWorld eScan Virus Contro
CVE-2007-4648 (The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak ...)
	NOT-FOR-US: Norman Virus Control
CVE-2007-4647 (newswire/uploadmedia.cgi in 2coolcode Our Space (Ourspace) 2.0.9 ...)
	NOT-FOR-US: Ourspace
CVE-2007-4646 (Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite ...)
	NOT-FOR-US: Hexamail
CVE-2007-4645 (SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-4644 (Format string vulnerability in the Cl_GetPackets function in cl_main.c ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4643 (Integer underflow in Doomsday (aka deng) 1.9.0-beta5.1 and earlier ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4642 (Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and ...)
	NOT-FOR-US: Doomsday/deng
CVE-2007-4641 (Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4640 (Unrestricted file upload vulnerability in index.php in Pakupaku CMS ...)
	NOT-FOR-US: Pakupaku
CVE-2007-4639 (EnterpriseDB Advanced Server 8.2 does not properly handle certain ...)
	NOT-FOR-US: EnterpriseDB
CVE-2007-4638 (Blizzard Entertainment StarCraft Brood War 1.15.1 and earlier allows ...)
	NOT-FOR-US: StarCraft
CVE-2007-4637 (xGB.php in xGB 2.0 does not require authentication for an admin edit ...)
	NOT-FOR-US: xGB
CVE-2007-4636 (Multiple PHP remote file inclusion vulnerabilities in phpBG 0.9.1 ...)
	NOT-FOR-US: phpBG
CVE-2007-4635 (Yahoo! Messenger 8.1.0.209 and 8.1.0.402 allows remote attackers to ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4634 (Multiple SQL injection vulnerabilities in Cisco CallManager and ...)
	NOT-FOR-US: Cisco
CVE-2007-4633 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-4632 (Cisco IOS 12.2E, 12.2F, and 12.2S places a &quot;no login&quot; line into the ...)
	NOT-FOR-US: Cisco
CVE-2007-4631 (The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and ...)
	- qgit 1.5.5-1.1 (bug #440950; low)
	[etch] - qgit <no-dsa> (Minor issue)
CVE-2008-0061 (MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before ...)
	{DSA-1445-1}
	- maradns 1.2.12.08-1
	NOTE: http://marc.info/?l=maradns-list&m=118842373527534&w=2
CVE-2007-4630 (Cross-site scripting (XSS) vulnerability in xlaapmview.asp in Absolute ...)
	NOT-FOR-US: Absolute Poll Manager
CVE-2007-4629 (Buffer overflow in the processLine function in maptemplate.c in ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1
CVE-2007-4628 (SQL injection vulnerability in shownews.php in phpns 1.1 allows remote ...)
	NOT-FOR-US: phpns
CVE-2007-4627 (SQL injection vulnerability in index.php in ABC eStore 3.0 allows ...)
	NOT-FOR-US: ABC eStore
CVE-2007-4626 (Unspecified vulnerability in Polipo before 1.0.2 allows remote ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4625 (Polipo before 1.0.2 allows remote HTTP servers to cause a denial of ...)
	- polipo 1.0.2-1 (low)
	[sarge] - polipo <no-dsa> (Minor issue)
	[etch] - polipo <no-dsa> (Minor issue)
CVE-2007-4624 (Cross-site scripting (XSS) vulnerability in pframe.php in AbleDesign ...)
	NOT-FOR-US: AbleDesign Dynamic Picture Frame
CVE-2007-4623 (Stack-based buffer overflow in the sendrmt function in bellmail in IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4622 (Integer underflow in the dns_name_fromtext function in (1) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4621 (Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4620 (Multiple stack-based buffer overflows in Computer Associates (CA) ...)
	NOT-FOR-US: CA products
CVE-2007-4619 (Multiple integer overflows in Free Lossless Audio Codec (FLAC) libFLAC ...)
	{DSA-1469-1}
	- flac 1.2.1-1 (medium)
CVE-2007-4618 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4617 (Unspecified vulnerability in BEA WebLogic Server 6.1 Gold through SP7, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4616 (The SSL server implementation in BEA WebLogic Server 7.0 Gold through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4615 (The SSL client implementation in BEA WebLogic Server 7.0 SP7, 8.1 SP2 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4614 (BEA WebLogic Server 9.1 does not properly handle propagation of an ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4613 (SSL libraries in BEA WebLogic Server 6.1 Gold through SP7, 7.0 Gold ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-4612 (CRLF injection vulnerability in contact.php in Moonware (aka Dale ...)
	NOT-FOR-US: Moonware
CVE-2007-4611 (SQL injection vulnerability in viewevent.php in Moonware (aka Dale ...)
	NOT-FOR-US: Moonware
CVE-2007-4610 (Unrestricted file upload vulnerability in config/upload.php in ...)
	NOT-FOR-US: Moonware
CVE-2007-4609 (eyeOS uses predictable checksum values in the checknum parameter for ...)
	NOT-FOR-US: eyeOS
CVE-2007-4608 (PHP remote file inclusion vulnerability in protection.php in ...)
	NOT-FOR-US: ePersonnel
CVE-2007-4607 (Buffer overflow in the EasyMailSMTPObj ActiveX control in emsmtp.dll ...)
	NOT-FOR-US: EasyMailSMTPObj ActiveX control
CVE-2007-4606 (PHP remote file inclusion vulnerability in convert/mvcw_conver.php in ...)
	NOT-FOR-US: Php-Nuke
CVE-2007-4605 (PHP remote file inclusion vulnerability in convert/mvcw.php in Virtual ...)
	NOT-FOR-US: Vwar
CVE-2007-4604 (SQL injection vulnerability in viewitem.php in DL PayCart 1.01 allows ...)
	NOT-FOR-US: DL PayCart
CVE-2007-4603 (Multiple SQL injection vulnerabilities in index.php in ACG News 1.0 ...)
	NOT-FOR-US: ACG news
CVE-2007-4602 (SQL injection vulnerability in cms/revert-content.php in Implied by ...)
	NOT-FOR-US: Micro-CMS
CVE-2007-4600 (The &quot;Protect Worksheet&quot; functionality in Mathsoft Mathcad 12 through ...)
	NOT-FOR-US: Mathsoft Mathcad
CVE-2007-4599 (Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly ...)
	NOT-FOR-US: RealPlayer
CVE-2007-4598 (IBM SurePOS 500 has (1) a default password of &quot;12345&quot; for the manager ...)
	NOT-FOR-US: IBM
CVE-2007-4597 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-4596 (The perl extension in PHP does not follow safe_mode restrictions, ...)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not treated as vulnerabilities
CVE-2007-4595 (Cross-site scripting (XSS) vulnerability in Mayaa before 1.1.12 allows ...)
	NOT-FOR-US: Mayaa
CVE-2007-4594 (Entrust Entelligence Security Provider (ESP) 8 does not properly ...)
	NOT-FOR-US: Entrust Entelligence Security Provider
CVE-2007-4593 (Unspecified vulnerability in vstor2-ws60.sys in VMWare Workstation 6.0 ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4592 (Multiple cross-site scripting (XSS) vulnerabilities in the web ...)
	NOT-FOR-US: Rational
CVE-2007-4591 (vstor-ws60.sys in VMWare Workstation 6.0 allows local users to cause a ...)
	- vmware-package <not-affected> (Only vulnerable on windows hosted systems)
CVE-2007-4590 (The get_system_info command in Ignite-UX C.7.0 through C.7.3, and ...)
	NOT-FOR-US: Ignite-UX
CVE-2007-4589 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4588 (Multiple cross-site scripting (XSS) vulnerabilities in InterWorx ...)
	NOT-FOR-US: InterWorx Hosting Control Panel
CVE-2007-4587 (Cross-site scripting (XSS) vulnerability in Easy Software Cafeteria ...)
	NOT-FOR-US: escafeWeb
CVE-2007-4586 (Multiple buffer overflows in php_iisfunc.dll in the iisfunc extension ...)
	NOT-FOR-US: iisfunc (windows only)
CVE-2007-4585 (Directory traversal vulnerability in activateuser.php in 2532|Gigs ...)
	NOT-FOR-US: 2532|Gigs
CVE-2007-4584 (Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC ...)
	- ircii-pana <removed> (medium; bug #443544)
CVE-2007-4583 (Multiple absolute path traversal vulnerabilities in the ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4582 (Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX ...)
	NOT-FOR-US: ACTi Network Video Recorder
CVE-2007-4581 (SQL injection vulnerability in acrotxt.php in WBB2-Addon: Acrotxt 1 ...)
	NOT-FOR-US: WBB2-Addon: Acrotxt 1
CVE-2007-4601 (A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might ...)
	- tcp-wrappers 7.6.dbs-12 (bug #405342; medium)
	[etch] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
	[sarge] - tcp-wrappers <not-affected> (Vulnerability was introduced in -10)
CVE-2007-4580 (Buffer underflow in redlight.sys in BufferZone 2.1 and 2.5 allows ...)
	NOT-FOR-US: BufferZone (Windows)
CVE-2007-4579
	REJECTED
CVE-2007-4578 (Sophos Anti-Virus for Windows and for Unix/Linux before 2.48.0 allows ...)
	NOT-FOR-US: Sophos
CVE-2007-4577 (Sophos Anti-Virus for Unix/Linux before 2.48.0 allows remote attackers ...)
	NOT-FOR-US: Sophos
CVE-2007-4576
	REJECTED
CVE-2007-4575 (HSQLDB before 1.8.0.9, as used in OpenOffice.org (OOo) 2 before 2.3.1, ...)
	{DSA-1419-1}
	- openoffice.org 2.3.1~rc1-1 (medium; bug #454463)
	- hsqldb 1.8.0.9-1
CVE-2007-4574 (Unspecified vulnerability in the &quot;stack unwinder fixes&quot; in kernel in ...)
	- linux-2.6 <not-affected> (Redhat specific vulnerability)
	NOTE: I contacted the redhat security team about this, this was caused by an incomplete
	NOTE: backport for stack unwinder fixes in the linux kernel made by them.
	NOTE: redhat sent a reproducer to the vendor-sec list
CVE-2007-4573 (The IA32 system call emulation functionality in Linux kernel 2.4.x and ...)
	{DSA-1504-1 DSA-1381-2 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22-5 (medium)
CVE-2007-4572 (Stack-based buffer overflow in nmbd in Samba 3.0.0 through 3.0.26a, ...)
	{DSA-1409-3 DSA-1409-2 DSA-1409-1}
	- samba 3.0.27-1 (high; bug #451385)
CVE-2007-4571 (The snd_mem_proc_read function in sound/core/memalloc.c in the ...)
	{DSA-1505-1 DSA-1479-1}
	- linux-2.6 2.6.22-5 (low; bug #444571)
	- alsa-driver 1.0.15-1
	NOTE: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=600
	NOTE: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=ccec6e2c4a74adf76ed4e2478091a311b1806212
	NOTE: very easy to exploit locally
CVE-2007-4570 (Algorithmic complexity vulnerability in the MCS translation daemon in ...)
	NOT-FOR-US: MCS translation daemon
CVE-2007-4569 (backend/session.c in KDM in KDE 3.3.0 through 3.5.7, when autologin is ...)
	{DSA-1376-1 DTSA-60-1}
	- kdebase 4:3.5.7-4
	[sarge] - kdebase <not-affected> (problem not present in code)
	NOTE: http://www.kde.org/info/security/advisory-20070919-1.txt
CVE-2007-4568 (Integer overflow in the build_range function in X.Org X Font Server ...)
	{DSA-1385-1}
	- xfs 1:1.0.5-1
CVE-2007-4567 (The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel ...)
	- linux-2.6 2.6.22-1
	[etch] - linux-2.6 <not-affected> (Introduced in 2.6.20)
CVE-2007-4566 (Multiple buffer overflows in the login mechanism in sidvault in Alpha ...)
	NOT-FOR-US: SIDVault
CVE-2007-4565 (sink.c in fetchmail before 6.3.9 allows context-dependent attackers to ...)
	{DSA-1377-2}
	- fetchmail 6.3.8-8 (bug #440006; low)
	[etch] - fetchmail <no-dsa> (Hardly a security problem)
	[sarge] - fetchmail <not-affected> (problem not present in source)
CVE-2007-4564 (Cosminexus Manager in Cosminexus Application Server 07-00 and later ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4563 (Cosminexus Manager in Cosminexus Application Server 06-50 and later ...)
	NOT-FOR-US: Hitachi Cosminexus
CVE-2007-4562 (Unspecified vulnerability in Hitachi DABroker before 03-02-/D and ...)
	NOT-FOR-US: Hitachi DABroker
CVE-2007-4561 (Heap-based buffer overflow in the RTSP service in Helix DNA Server ...)
	NOT-FOR-US: Helix DNA Server
CVE-2007-4560 (clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1 (high)
CVE-2007-4559 (Directory traversal vulnerability in the (1) extract and (2) ...)
	- python2.3 <removed> (unimportant)
	- python2.4 <unfixed> (unimportant; bug #440097)
	- python2.5 <unfixed> (unimportant; bug #440099)
	NOTE: According to upstream this is the intended behaviour for the module.
	NOTE: Since this is a library interface to embed Tar functionality into applications
	NOTE: it is in order to not provide the full security safety belts one might
	NOTE: expect from an enduser application like tar(1). Plus, addressing this would
	NOTE: mean to diverge from upstream permanently and could break the behaviour
	NOTE: of external apps. Anyone who wants to see this "fixed" should rather file
	NOTE: a PEP on an improved tar interface with additional security guarantees
	NOTE: provided by design.
CVE-2007-4558
	REJECTED
CVE-2007-4557 (Cross-site scripting (XSS) vulnerability in the webacc servlet in ...)
	NOT-FOR-US: Novell
CVE-2007-4556 (Struts support in OpenSymphony XWork before 1.2.3, and 2.x before ...)
	NOT-FOR-US: OpenSymphony XWork
CVE-2007-4555 (Cross-site scripting (XSS) vulnerability in Ipswitch WS_FTP allows ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-4554 (Cross-site scripting (XSS) vulnerability in tiki-remind_password.php ...)
	- tikiwiki <removed>
CVE-2007-4553 (The Thomson ST 2030 SIP phone with software 1.52.1 allows remote ...)
	NOT-FOR-US: Thomson ST 2030 SIP phone
CVE-2007-4552 (SQL injection vulnerability in index.php in Agares Media Arcadem 2.01 ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4551 (PHP remote file inclusion vulnerability in index.php in Agares Media ...)
	NOT-FOR-US: Agares Media Arcadem
CVE-2007-4550 (Format string vulnerability in ALPass 2.7 English and 3.02 Korean ...)
	NOT-FOR-US: ALPass
CVE-2007-4549 (Multiple buffer overflows in ALPass 2.7 English and 3.02 Korean allow ...)
	NOT-FOR-US: ALPass
CVE-2007-4548 (The login method in LoginModule implementations in Apache Geronimo 2.0 ...)
	NOT-FOR-US: Apache Geronimo
CVE-2007-4547 (Unreal Commander 0.92 build 565 and 573 writes portions of heap memory ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4546 (Unreal Commander 0.92 build 565 and 573 lists the filenames from the ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4545 (Multiple directory traversal vulnerabilities in Unreal Commander 0.92 ...)
	NOT-FOR-US: Unreal Commander
CVE-2007-4544 (Cross-site scripting (XSS) vulnerability in wp-newblog.php in ...)
	NOT-FOR-US: WordPress multi-user (MU)
CVE-2007-4543 (Cross-site scripting (XSS) vulnerability in enter_bug.cgi in Bugzilla ...)
	- bugzilla 2.22.1-2.2 (low; bug #440106)
	[etch] - bugzilla <no-dsa> (Affected code only shipped in example, minor issue anyway)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-4542 (Multiple cross-site scripting (XSS) vulnerabilities in MapServer ...)
	{DSA-1539-1}
	- mapserver 4.10.3-1 (bug #439346)
CVE-2007-4541 (Multiple cross-site scripting (XSS) vulnerabilities in Olate Download ...)
	NOT-FOR-US: Olate Download
CVE-2007-4540 (Multiple SQL injection vulnerabilities in download.php in Olate ...)
	NOT-FOR-US: Olate Download
CVE-2007-4539 (The WebService (XML-RPC) interface in Bugzilla 2.23.3 through 3.0.0 ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4538 (email_in.pl in Bugzilla 2.23.4 through 3.0.0 allows remote attackers ...)
	- bugzilla <not-affected> (Affected versions were never present in the archive)
CVE-2007-4537 (Heap-based buffer overflow in the Huffman decompression algorithm ...)
	NOT-FOR-US: Skulltag
CVE-2007-4536 (TorrentTrader 1.07 and earlier sets insecure permissions for files in ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4535 (The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows ...)
	NOT-FOR-US: Vavoom
CVE-2007-4534 (Buffer overflow in the VThinker::BroadcastPrintf function in ...)
	NOT-FOR-US: Vavoom
CVE-2007-4533 (Format string vulnerability in the Say command in sv_main.cpp in ...)
	NOT-FOR-US: Vavoom
CVE-2007-4532 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4531 (Soldat game server 1.4.2 and earlier, and dedicated server 2.6.2 and ...)
	NOT-FOR-US: Soldat game server
CVE-2007-4530 (Multiple cross-site scripting (XSS) vulnerabilities in TeamSpeak ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4529 (The WebAdmin interface in TeamSpeak Server 2.0.20.1 allows remote ...)
	- teamspeak-server 2.0.23.19-1
CVE-2007-4528 (The Foreign Function Interface (ffi) extension in PHP 5.0.5 does not ...)
	NOT-FOR-US: ffi extension for php
CVE-2007-4527 (Unrestricted file upload vulnerability in phUploader.php in phphq.Net ...)
	NOT-FOR-US: phUploader
CVE-2007-4526 (The Client Login Extension (CLE) in Novell Identity Manager before ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2007-4525 (** DISPUTED ** ...)
	- spip 2.0.6-1
CVE-2007-4524 (PHP remote file inclusion vulnerability in adisplay.php in PhPress ...)
	NOT-FOR-US: PhPress
CVE-2007-4523 (Multiple cross-site scripting (XSS) vulnerabilities in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4522 (Multiple SQL injection vulnerabilities in Ripe Website Manager 0.8.9 ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an ...)
	- asterisk <not-affected> (The voicemail backend is not enabled in Debian)
	[sarge] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	[etch] - asterisk <not-affected> (Only Asterisk 1.4.x is affected)
	NOTE: Patch: http://lists.digium.com/pipermail/asterisk-commits/2007-August/015743.html
	NOTE: the backend will be enabled in future uploads with a fixed package.
CVE-2007-4520
	RESERVED
CVE-2007-4519
	RESERVED
CVE-2007-4518
	RESERVED
CVE-2007-4517 (Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA ...)
	NOT-FOR-US: Oracle
CVE-2007-4516 (The Volume Manager Scheduler Service (aka VxSchedService.exe) in ...)
	NOT-FOR-US: Volume Manager Scheduler Service
CVE-2007-4515 (Buffer overflow in a certain ActiveX control in YVerInfo.dll before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-4514 (Unspecified vulnerability in HP ProCurve Manager and HP ProCurve ...)
	NOT-FOR-US: HP ProCurve Manager
CVE-2007-4513 (Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4512 (Cross-site scripting (XSS) vulnerability in Sophos Anti-Virus for ...)
	NOT-FOR-US: Sophos Anti-Virus for Windows
CVE-2007-4511 (The Sun Admin Console in Sun Application Server 9.0_0.1 does not apply ...)
	NOT-FOR-US: Sun Application Server
CVE-2007-4510 (ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...)
	{DSA-1366-1}
	- clamav 0.91.2-1~volatile1
	[sarge] - clamav <not-affected> (Vulnerable code not present)
	NOTE: Only exploitable if CL_EXPERIMENTAL is set
CVE-2007-4509 (SQL injection vulnerability in index.php in the EventList component ...)
	NOT-FOR-US: EventList component for Joomla!
CVE-2007-4508 (Stack-based buffer overflow in Rebellion Asura engine, as used for the ...)
	NOT-FOR-US: Rebellion Asura engine
CVE-2007-4507 (Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 ...)
	NOT-FOR-US: External PHP component only relevant for Windows
CVE-2007-4506 (SQL injection vulnerability in index.php in the NeoRecruit component ...)
	NOT-FOR-US: NeoRecruit component for Joomla!
CVE-2007-4505 (SQL injection vulnerability in index.php in the RemoSitory component ...)
	NOT-FOR-US: RemoSitory component for Mambo
CVE-2007-4504 (Directory traversal vulnerability in index.php in the RSfiles ...)
	NOT-FOR-US: RSfiles component for Joomla!
CVE-2007-4503 (SQL injection vulnerability in index.php in the Nice Talk component ...)
	NOT-FOR-US: Nice Talk component for Joomla!
CVE-2007-4502 (SQL injection vulnerability in index.php in the BibTeX component ...)
	NOT-FOR-US: BibTeX component for Joomla!
CVE-2007-4501 (Unspecified vulnerability in PassphraseRequester in SSHKeychain before ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4500 (Unspecified vulnerability in TunnelRunner in SSHKeychain before 0.8.2 ...)
	NOT-FOR-US: SSHKeychain
CVE-2007-4499 (Unrestricted file upload vulnerability in output.php in American ...)
	NOT-FOR-US: American Financing eMail Image Upload
CVE-2007-4498 (The Grandstream SIP Phone GXV-3000 with firmware 1.0.1.7, Loader ...)
	NOT-FOR-US: Grandstream SIP Phone
CVE-2007-4497 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4496 (Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build ...)
	- vmware-package 0.16
CVE-2007-4495 (Unspecified vulnerability in the ata disk driver in Sun Solaris 10 on ...)
	NOT-FOR-US: Solaris
CVE-2007-4494 (The tipafriend function in eZ publish before 3.8.9, and 3.9 before ...)
	- ezpublish <removed>
CVE-2007-4493 (eZ publish before 3.8.9, and 3.9 before 3.9.3, does not properly check ...)
	- ezpublish <removed>
CVE-2007-4492 (Multiple unspecified vulnerabilities in the ata disk driver in Sun ...)
	NOT-FOR-US: Solaris
CVE-2007-4491 (SQL injection vulnerability in uyeler2.php in Gurur haber 2.0 allows ...)
	NOT-FOR-US: Gurur haber
CVE-2007-4490 (Multiple buffer overflows in EarthAgent.exe in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-4489 (Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 ...)
	NOT-FOR-US: eCentrex VOIP
CVE-2007-4488 (Multiple cross-site scripting (XSS) vulnerabilities in the Siemens ...)
	NOT-FOR-US: Siemens GigaSet firmware
CVE-2007-4487 (Cross-site scripting (XSS) vulnerability in D22-Shoutbox for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-4486 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Linkliste
CVE-2007-4485 (PHP remote file inclusion vulnerability in visitor.php in Butterfly ...)
	NOT-FOR-US: Butterfly online visitors counter
CVE-2007-4484 (PHP remote file inclusion vulnerability in login.php in My_REFERER ...)
	NOT-FOR-US: My_REFERER
CVE-2007-4483 (Cross-site scripting (XSS) vulnerability in index.php in the WordPress ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-4482 (Cross-site scripting (XSS) vulnerability in index.php in the Pool ...)
	NOT-FOR-US: Pool 1.0.7 theme for WordPress
CVE-2007-4481 (Cross-site scripting (XSS) vulnerability in index.php in the (1) Blix ...)
	NOT-FOR-US: Rus themes for WordPress
CVE-2007-4480 (Cross-site scripting (XSS) vulnerability in index.php in the Sirius ...)
	NOT-FOR-US: Sirius 1.0 theme for WordPress
CVE-2007-4479 (Cross-site scripting (XSS) vulnerability in search.html in Search ...)
	NOT-FOR-US: Search Engine Builder
CVE-2007-4478 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-4477 (The administration interface in the Planet VC-200M VDSL2 router allows ...)
	NOT-FOR-US: Planet VC-200M VDSL2 router
CVE-2007-4476 (Buffer overflow in the safer_name_suffix function in GNU tar has ...)
	{DSA-1566-1 DSA-1438-1}
	- tar 1.18-1 (low; bug #441444)
	- cpio 2.9-5 (low; bug #449222)
CVE-2007-4475 (Stack-based buffer overflow in EAI WebViewer3D ActiveX control ...)
	NOT-FOR-US: EAI WebViewer3D ActiveX control
CVE-2007-4474 (Multiple stack-based buffer overflows in the IBM Lotus Domino Web ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2007-4473 (Gesytec Easylon OPC Server before 2.3.44 does not properly validate ...)
	NOT-FOR-US: Gesytec Easylon OPC Server
CVE-2007-4472 (Multiple buffer overflows in the Broderbund Expressit 3DGreetings ...)
	NOT-FOR-US: Broderbund Expressit
CVE-2007-4471 (Multiple unspecified vulnerabilities in the Intuit QuickBooks Online ...)
	NOT-FOR-US: QuickBooks
CVE-2007-4470 (Multiple stack-based buffer overflows in the Earth Resource Mapping ...)
	NOT-FOR-US: Earth Resource Mapping NCSView
CVE-2007-4469
	RESERVED
CVE-2007-4468
	RESERVED
CVE-2007-4467 (Multiple stack-based buffer overflows in the Oracle JInitiator ActiveX ...)
	NOT-FOR-US: Oracle
CVE-2007-4466 (Multiple stack-based buffer overflows in Electronic Arts (EA) ...)
	NOT-FOR-US: Electronic Arts (EA) SnoopyCtrl ActiveX
CVE-2006-7222 (Buffer overflow in the CFLICStream::_deltachunk function in ...)
	NOT-FOR-US: Media Player Classic
CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...)
	NOT-FOR-US: snif
CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...)
	NOT-FOR-US: snif
CVE-2007-4465 (Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the ...)
	- apache <removed> (low)
	- apache2 2.2.6-1 (bug #453783)
	[sarge] - apache <no-dsa> (browser issue, low impact)
	[sarge] - apache2 <no-dsa> (browser issue, low impact)
	NOTE: This is really a browser bug, see CVE-2006-5152. But still unfixed in MSIE.
	NOTE: Etch's default configuration not vulnerable due to AddDefaultCharset,
	NOTE: but many users change this.
	NOTE: The apache2 fix is actually a workaround. It will not be applied to apache 1.3.
CVE-2007-4464 (CRLF injection vulnerability in the Fileinfo 2.0.9 plugin for Total ...)
	NOT-FOR-US: Total Commander
CVE-2007-4463 (The Fileinfo 2.0.9 plugin for Total Commander allows user-assisted ...)
	NOT-FOR-US: Total Commander
CVE-2007-4462 (lib/Locale/Po4a/Po.pm in po4a before 0.32 allows local users to ...)
	- po4a 0.31-1 (bug #439226)
	[etch] - po4a 0.29-1etch1
	[sarge] - po4a 0.20-2sarge1
CVE-2007-4461 (NuFW 2.2.3, and certain other versions after 2.0, allows remote ...)
	- nufw 2.2.4-1 (bug #439227)
	[etch] - nufw <not-affected>
CVE-2007-4460 (The RenderV2ToFile function in tag_file.cpp in id3lib (aka libid3) ...)
	{DSA-1365-3 DSA-1365-2 DSA-1365-1}
	- id3lib3.8.3 3.8.3-7 (low; bug #438540)
CVE-2007-4459 (Cisco IP Phone 7940 and 7960 with P0S3-08-6-00 firmware, and other SIP ...)
	NOT-FOR-US: Cisco IP Phone
CVE-2007-4458 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Firesoft
CVE-2007-4457 (Directory traversal vulnerability in forumreply.php in Dalai Forum 1.1 ...)
	NOT-FOR-US: Dalai Forum
CVE-2007-4456 (SQL injection vulnerability in index.php in the SimpleFAQ ...)
	NOT-FOR-US: mambo
	NOTE: mambo is in experimental though
CVE-2007-4455 (The SIP channel driver (chan_sip) in Asterisk Open Source 1.4.x before ...)
	- asterisk 1:1.4.11~dfsg-1
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4454 (Eval injection vulnerability in environment.php in Olate Download (od) ...)
	NOT-FOR-US: Olate Download
CVE-2007-4453 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-4452 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
	NOT-FOR-US: Toribash
CVE-2007-4451 (The server in Toribash 2.71 and earlier on Windows allows remote ...)
	NOT-FOR-US: Toribash
CVE-2007-4450 (The server in Toribash 2.71 and earlier does not properly handle long ...)
	NOT-FOR-US: Toribash
CVE-2007-4449 (The client in Toribash 2.71 and earlier allows remote attackers to ...)
	NOT-FOR-US: Toribash
CVE-2007-4448 (The server in Toribash 2.71 and earlier does not properly handle ...)
	NOT-FOR-US: Toribash
CVE-2007-4447 (Multiple buffer overflows in the client in Toribash 2.71 and earlier ...)
	NOT-FOR-US: Toribash
CVE-2007-4446 (Format string vulnerability in the server in Toribash 2.71 and earlier ...)
	NOT-FOR-US: Toribash
CVE-2007-4445 (Image Space rFactor 1.250 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4444 (Multiple buffer overflows in Image Space rFactor 1.250 and earlier ...)
	NOT-FOR-US: Image space rfactor
CVE-2007-4443 (The UCC dedicated server for the Unreal engine, possibly 2003 and ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4442 (Stack-based buffer overflow in the logging function in the Unreal ...)
	NOT-FOR-US: Unreal on Windows
CVE-2007-4441 (Buffer overflow in php_win32std.dll in the win32std extension for PHP ...)
	- php5 <not-affected> (Windows-specific)
CVE-2007-4440 (Stack-based buffer overflow in the MercuryS SMTP server in Mercury ...)
	NOT-FOR-US: Mercury mail system
CVE-2007-4439 (PHP remote file inclusion vulnerability in popup_window.php in ...)
	NOT-FOR-US: Squirrelcart
CVE-2007-4438 (Session fixation vulnerability in Ampache before 3.3.3.5 allows remote ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4437 (SQL injection vulnerability in albums.php in Ampache before 3.3.3.5 ...)
	- ampache 3.3.3.5-dfsg-1 (bug #407337)
CVE-2007-4436 (The Drupal Project module before 5.x-1.0, 4.7.x-2.3, and 4.7.x-1.3 and ...)
	- drupal <not-affected> (External addon, see bug #439379)
CVE-2007-4435 (Multiple SQL injection vulnerabilities in TorrentTrader before 1.07 ...)
	NOT-FOR-US: TorrentTrader
CVE-2007-4434 (Cross-site scripting (XSS) vulnerability in textfilesearch.asp in the ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4433 (Cross-site scripting (XSS) vulnerability in textfilesearch.aspx in the ...)
	NOT-FOR-US: Text File Search ASP
CVE-2007-4432 (Untrusted search path vulnerability in the wrapper scripts for the (1) ...)
	NOT-FOR-US: SUSE
CVE-2007-4431 (Cross-domain vulnerability in Apple Safari for Windows 3.0.3 and ...)
	NOT-FOR-US: Safari/windows
CVE-2007-4430 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows ...)
	NOT-FOR-US: Cisco IOS
CVE-2007-4429 (Unspecified vulnerability in Skype allows remote attackers to cause a ...)
	NOT-FOR-US: Skype
CVE-2007-4428 (Lhaz 1.33 allows remote attackers to execute arbitrary code via ...)
	NOT-FOR-US: lhaz
CVE-2007-4427 (Unspecified vulnerability in the login page redirection logic in the ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-4426 (Live for Speed (LFS) S1 and S2 allows remote attackers to cause a ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4425 (Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4424 (Apple Safari for Windows 3.0.3 and earlier does not prompt the user ...)
	NOT-FOR-US: Safari
CVE-2007-4423 (Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4422 (The login interface in Symantec Enterprise Firewall 6.x, when a VPN ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2007-4421 (SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 ...)
	NOT-FOR-US: Olate Download
CVE-2007-4420 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-4419 (Admin.php in Olate Download (od) 3.4.1 uses an MD5 hash of the admin ...)
	NOT-FOR-US: Olate Download
CVE-2007-4418 (IBM DB2 UDB 8 before Fixpak 15 does not properly check authorization, ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4417 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4416 (** DISPUTED ** ...)
	NOT-FOR-US: BellaBook
CVE-2007-4415 (Cisco VPN Client on Windows before 5.0.01.0600, and the 5.0.01.0600 ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4414 (Cisco VPN Client on Windows before 4.8.02.0010 allows local users to ...)
	NOT-FOR-US: Cisco VPN client/windows
CVE-2007-4413 (Direct static code injection vulnerability in admincp/user_help.php in ...)
	NOT-FOR-US: Headstart Solutions DeskPRO 3.0.2
CVE-2007-4412 (Multiple cross-site scripting (XSS) vulnerabilities in Headstart ...)
	NOT-FOR-US: Deskpro
CVE-2007-4411 (ircu 2.10.12.05 and earlier allows remote attackers to discover the ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4410 (ircu 2.10.12.05 and earlier does not properly synchronize a kick ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4409 (Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4408 (ircu 2.10.12.05 and earlier ignores timestamps in bounces, which ...)
	- ircd-ircu 2.10.12.10.dfsg1-1 (low; bug #439314)
	[etch] - ircd-ircu <no-dsa> (Minor issue)
CVE-2007-4407 (ircu 2.10.12.03 and 2.10.12.04 does not associate a timestamp with ops ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4406 (ircu 2.10.12.01 through 2.10.12.04 does not remove ops privilege after ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4405 (ircu 2.10.12.02 through 2.10.12.04 allows remote attackers to cause a ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4404 (ircu 2.10.12.01 allows remote attackers to (1) cause a denial of ...)
	- ircd-ircu <not-affected> (Version affected not yet in unstable, maintainer informed)
CVE-2007-4403 (The mIRC Control Plug-in for Winamp allows user-assisted remote ...)
	NOT-FOR-US: mirc/winamp
CVE-2007-4402 (Multiple unspecified scripts in mIRC allow user-assisted remote ...)
	NOT-FOR-US: mirc
CVE-2007-4401 (Multiple CRLF injection vulnerabilities in the Advanced mIRC ...)
	NOT-FOR-US: mirc
CVE-2007-4400 (CRLF injection vulnerability in the included media script in ...)
	- konversation 1.0.1-4 (low; bug #439837)
	[etch] - konversation <no-dsa> (minor issue)
	[sarge] - konversation <no-dsa> (minor issue)
CVE-2007-4399 (CRLF injection vulnerability in the xmms.bx 1.0 script for BitchX ...)
	NOT-FOR-US: xmms.bx 1.0 script for BitchX (not included in Debian package)
CVE-2007-4398 (Multiple CRLF injection vulnerabilities in the (1) now-playing.rb and ...)
	- irssi-scripts 20070925 (low; bug #439840)
	- weechat-scripts 20070425-0.1 (low; bug #439839)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[etch] - weechat-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
CVE-2007-4397 (Multiple CRLF injection vulnerabilities in (1) xmms-thing 1.0, (2) ...)
	NOT-FOR-US: various IRC now_playing scripts
CVE-2007-4396 (Multiple CRLF injection vulnerabilities in (1) ixmmsa.pl 0.3, (2) ...)
	- irssi-scripts 20070925 (low; bug #439840)
	[etch] - irssi-scripts <no-dsa> (minor issue)
	[sarge] - irssi-scripts <no-dsa> (minor issue)
	NOTE: weechat-scripts does not include the mentioned scripts
CVE-2007-4395 (Multiple unspecified vulnerabilities in the Role Based Access Control ...)
	NOT-FOR-US: Sun Solaris 8
CVE-2007-4394 (Unspecified vulnerability in a &quot;core clean&quot; cron job created by the ...)
	NOT-FOR-US: findutils-locate on SUSE Linux
CVE-2007-4393 (The installation script for orarun on SUSE Linux before 20070810 ...)
	NOT-FOR-US: oracle
CVE-2007-4392 (Winamp 5.35 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: winamp
CVE-2007-4391 (Heap-based buffer overflow in Kakadu kdu_v32m.dll in Yahoo! Messenger ...)
	NOT-FOR-US: kakadu
CVE-2007-4390 (The Command Line Interface (CLI), aka Adonis Administration Console, ...)
	NOT-FOR-US: BlueCat
CVE-2007-4389 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
	NOT-FOR-US: 2wire
CVE-2007-4388 (2wire 1701HG and 2071 Gateway routers, with 5.29.51 and possibly ...)
	NOT-FOR-US: 2wire
CVE-2007-4387 (Cross-site request forgery (CSRF) vulnerability in /xslt in 2wire ...)
	NOT-FOR-US: 2wire
CVE-2007-4386 (SQL injection vulnerability in search.php in GetMyOwnArcade allows ...)
	NOT-FOR-US: GetMyOwnArcade
CVE-2007-4385 (OWASP Stinger before 2.5 allows remote attackers to bypass input ...)
	NOT-FOR-US: Stinger
CVE-2007-4384 (Multiple PHP remote file inclusion vulnerabilities in depouilg.php3 in ...)
	NOT-FOR-US: Stephane Pineau VOTE
CVE-2007-4383 (** DISPUTED ** ...)
	NOT-FOR-US: Trackeur
CVE-2007-4382 (CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote ...)
	NOT-FOR-US: CounterPath X-Lite
CVE-2007-4381 (Unspecified vulnerability in the font parsing implementation in Sun ...)
	- sun-java5 1.5.0-10-1
CVE-2007-4380 (Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2007-4379 (Babo Violent 2 2.08.00 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4378 (Multiple format string vulnerabilities in Babo Violent 2 2.08.00 and ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4377 (Stack-based buffer overflow in the IMAP service in SurgeMail 38k ...)
	NOT-FOR-US: SurgeMail
CVE-2007-4376 (Unrestricted file upload vulnerability in banner-upload.php in Szymon ...)
	NOT-FOR-US: Szymon Kosok Best Top List
CVE-2007-4375 (The administrative interface (aka DkService.exe) in Diskeeper 9 ...)
	NOT-FOR-US: Diskeeper
CVE-2007-4374 (Babo Violent 2 2.08.00 does not validate the sender field of a chat ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4373 (The server in Babo Violent 2 2.08.00 and earlier does not properly ...)
	NOT-FOR-US: Babo Violent
CVE-2007-4372 (Unspecified vulnerability in NetWin SurgeMail 38k on Windows Server ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems ...)
	NOT-FOR-US: InterSystems Cache
CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in ...)
	NOT-FOR-US: InterSystems Cache
CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-XXXX [pam usb wrongly allows authentication without password in ssh sessions]
	- libpam-usb 0.4.1-1 (medium)
	NOTE: see http://sourceforge.net/mailarchive/forum.php?thread_name=7D75703BC8E1C149BF78A1E79AAAB169B8A2E4%40svits28.main.ad.rit.edu&forum_name=pamusb-devel
CVE-2007-XXXX [lwat sometimes logs passwords in access.log]
	- lwat 0.15-2 (low)
CVE-2007-4371 (Unrestricted file upload vulnerability in admin/pages/blog-add.php in ...)
	NOT-FOR-US: Neuron Blog
CVE-2007-4370 (Multiple buffer overflows in the (1) client and (2) server in Racer ...)
	NOT-FOR-US: Racer
CVE-2007-4369 (Directory traversal vulnerability in go/_files in SOTEeSKLEP before ...)
	NOT-FOR-US: SOTEeSKLEP
CVE-2007-4368 (SQL injection vulnerability in /main in IBM Rational ClearQuest (CQ) ...)
	NOT-FOR-US: IBM Rational ClearQuest (CQ)
CVE-2007-4367 (Opera before 9.23 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Opera
CVE-2007-4366 (WengoPhone 2.1 allows remote attackers to cause a denial of service ...)
	- wengophone 2.1.1.dfsg0-3 (bug #438419)
CVE-2007-4365 (Cross-site scripting (XSS) vulnerability in eXV2 CMS 2.0.5 and earlier ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-4364 (Fedora Commons before 2.2.1 does not properly handle certain ...)
	NOT-FOR-US: Fedora Commons
CVE-2007-4363 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Drupal Content Construction Kit (CCK)
CVE-2007-4362 (SQL injection vulnerability in category.php in Prozilla Webring allows ...)
	NOT-FOR-US: Prozilla Webring
CVE-2007-4361 (NETGEAR (formerly Infrant) ReadyNAS RAIDiator before 4.00b2-p2-T1 beta ...)
	NOT-FOR-US: ReadyNAS RAIDiator
CVE-2007-4360 (Unspecified vulnerability in Dell Remote Access Card 4 (DRAC4) with ...)
	NOT-FOR-US: Dell
CVE-2007-4359 (Multiple SQL injection vulnerabilities in SkilMatch Staffing Systems ...)
	NOT-FOR-US: JobLister3
CVE-2007-4358 (Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Zoidcom
CVE-2007-4357 (Mozilla Firefox 2.0.0.6 and earlier allows remote attackers to spoof ...)
	- mozilla-firefox <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- iceape <removed> (unimportant)
CVE-2007-4356 (Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4355 (Buffer overflow in the at program on IBM AIX 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2007-4354 (Buffer overflow in fileplace in bos.perf.tools in IBM AIX 5.2 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2007-4353 (Multiple buffer overflows in IBM AIX 5.2 and 5.3 allow local users in ...)
	NOT-FOR-US: AIX
CVE-2007-4352 (Array index error in the DCTStream::readProgressiveDataUnit method in ...)
	{DSA-1537-1 DSA-1509-1 DSA-1480-1 DTSA-85-1 DTSA-86-1}
	- poppler 0.6.2-1 (medium; bug #450628)
	- kdegraphics 4:3.5.8-2 (medium; bug #450630)
	[etch] - kdegraphics <not-affected> (Vulnerable code not used)
	- xpdf 3.02-1.3 (medium; bug #450629)
	- koffice 1:1.6.3-4 (medium; bug #450631)
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	- gpdf <removed>
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	NOTE: cups uses xpdf-utils and poppler-utils since version 1.1.22-7
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- swftools 0.9.2+ds1-2
CVE-2007-4351 (Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 ...)
	{DSA-1407-1 DTSA-81-1}
	- cupsys 1.3.4-1 (medium; bug #448866)
	- cups 1.3.4-1 (medium; bug #448866)
	[sarge] - cupsys <not-affected> (Only vulnerable to code injection since 1.2.x, effects are harmless otherwise)
CVE-2007-4350 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: HP SiteScope
CVE-2007-4349 (The Shared Trace Service (aka OVTrace) in HP Performance Agent C.04.70 ...)
	NOT-FOR-US: HP OpenView Report
CVE-2007-4348 (Cross-site scripting (XSS) vulnerability in the CAD service in IBM ...)
	NOT-FOR-US: IBM Tivoli Storage Manager
CVE-2007-4347 (Multiple integer overflows in the Job Engine (bengine.exe) service in ...)
	NOT-FOR-US: Job Engine
CVE-2007-4346 (The Job Engine (bengine.exe) service in Symantec Backup Exec for ...)
	NOT-FOR-US: Job Engine
CVE-2007-4345 (Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail ...)
	NOT-FOR-US: IMail Client
CVE-2007-4344 (Multiple input validation errors in ACD ACDSee Photo Manager 9.0 build ...)
	NOT-FOR-US: ACDSee
CVE-2007-4343 (Stack-based buffer overflow in IrfanView 3.99 and 4.00 allows ...)
	NOT-FOR-US: IrfanView
CVE-2007-4342 (PHP remote file inclusion vulnerability in include.php in PHPCentral ...)
	NOT-FOR-US: PHPCentral
CVE-2007-4341 (PHP remote file inclusion vulnerability in adm/my_statistics.php in ...)
	NOT-FOR-US: Omnistar Lib2 PHP
CVE-2007-4340 (PHP remote file inclusion vulnerability in index.php in phpDVD 1.0.4 ...)
	NOT-FOR-US: phpDVD
CVE-2007-4339 (Multiple PHP remote file inclusion vulnerabilities in PHPCentral Poll ...)
	NOT-FOR-US: PHPCentral Poll Script
CVE-2007-4338 (index.php in Ryan Haudenschilt Family Connections (FCMS) before 0.9 ...)
	NOT-FOR-US: Family Connections
CVE-2007-4337 (Multiple buffer overflows in the httplib_parse_sc_header function in ...)
	{DSA-1683-1}
	- streamripper 1.62.2-1 (low)
CVE-2007-4336 (Buffer overflow in the Live Picture Corporation ...)
	NOT-FOR-US: Microsoft
CVE-2007-4335 (Format string vulnerability in the SMTP server component in Qbik ...)
	NOT-FOR-US: Qbik WinGate
CVE-2007-4334 (Cross-site scripting (XSS) vulnerability in whois.php in Php-stats ...)
	NOT-FOR-US: Php-stats
CVE-2007-4333 (Multiple cross-site scripting (XSS) vulnerabilities in signup.php in ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4332 (SQL injection vulnerability in article.php in Article Dashboard, when ...)
	NOT-FOR-US: Article Dashboard
CVE-2007-4331 (PHP remote file inclusion vulnerability in index.php in FindNix allows ...)
	NOT-FOR-US: FindNix
CVE-2007-4330 (PHP remote file inclusion vulnerability in shoutbox.php in Shoutbox ...)
	NOT-FOR-US: Shoutbox
CVE-2007-4329 (Multiple PHP remote file inclusion vulnerabilities in Web News 1.1 ...)
	NOT-FOR-US: Web News
CVE-2007-4328 (Multiple PHP remote file inclusion vulnerabilities in Mapos Bilder ...)
	NOT-FOR-US: Bilder Galerie
CVE-2007-4327 (Multiple PHP remote file inclusion vulnerabilities in File Uploader ...)
	NOT-FOR-US: File Uploader
CVE-2007-4326 (Multiple PHP remote file inclusion vulnerabilities in Bilder Uploader ...)
	NOT-FOR-US: Bilder Uploader
CVE-2007-4325 (PHP remote file inclusion vulnerability in index.php in Gaestebuch 1.5 ...)
	NOT-FOR-US: Gaestebuch
CVE-2007-4324 (ActionScript 3 (AS3) in Adobe Flash Player 9.0.47.0, and other ...)
	- flashplugin-nonfree 9.0.115.0.1
	[etch] - flashplugin-nonfree 9.0.115.0.1~etch1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
CVE-2007-4323 (DenyHosts 2.6 does not properly parse sshd log files, which allows ...)
	- denyhosts 2.6-2.1 (bug #438162; medium)
	[etch] - denyhosts 2.6-1etch1
CVE-2007-4322 (BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) ...)
	NOT-FOR-US: BlockHosts
CVE-2007-4321 (fail2ban 0.8 and earlier does not properly parse sshd log files, which ...)
	{DSA-1456-1}
	- fail2ban 0.8.0-4 (bug #438187; medium)
CVE-2007-4320 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ncaster
CVE-2007-4319 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...)
	NOT-FOR-US: Zyxel
CVE-2007-4318 (Cross-site scripting (XSS) vulnerability in Forms/General_1 in the ...)
	NOT-FOR-US: Zyxel
CVE-2007-4317 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: Zyxel
CVE-2007-4316 (The management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel ...)
	NOT-FOR-US: Zyxel
CVE-2007-4315 (The AMD ATI atidsmxx.sys 3.0.502.0 driver on Windows Vista allows ...)
	NOT-FOR-US: ATI
CVE-2007-4314 (pixlie.php in Pixlie 1.7 allows remote attackers to trigger the ...)
	NOT-FOR-US: Pixlie
CVE-2007-4313 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4312 (SQL injection vulnerability in index.php in Php Blue Dragon CMS 3.0.0 ...)
	NOT-FOR-US: Php Blue Dragon CMS
CVE-2007-4311 (The xfer_secondary_pool function in drivers/char/random.c in the Linux ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 <not-affected> (buffer is local to the function that uses sizeof on it)
CVE-2007-4310 (The finger daemon (in.fingerd) in Sun Solaris 7 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2007-4309 (IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4308 (The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1}
	- linux-2.6 2.6.22-4 (medium; bug #443694)
CVE-2007-4307 (Multiple cross-site scripting (XSS) vulnerabilities in Storesprite 7 ...)
	NOT-FOR-US: Storesprite
CVE-2007-4306 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin <unfixed> (unimportant)
	[sarge] - phpmyadmin <not-affected>
	NOTE: It seems that this requires knowledge of a unguessable session token.
	NOTE: Confirmed by upstream. Sarge is not affected at all.
CVE-2007-4305 (Multiple race conditions in the (1) Sudo monitor mode and (2) Sysjail ...)
	NOT-FOR-US: NetBSD and OpenBSD
CVE-2007-4304 (CerbNG for FreeBSD 4.8 does not properly implement VM protection when ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4303 (Multiple race conditions in (1) certain rules and (2) argument copying ...)
	NOT-FOR-US: CerbNG for FreeBSD
CVE-2007-4302 (Multiple race conditions in certain system call wrappers in Generic ...)
	NOT-FOR-US: Generic Software Wrappers Toolkit
CVE-2007-4301 (Multiple cross-site scripting (XSS) vulnerabilities in the management ...)
	NOT-FOR-US: WebCart
CVE-2007-4300
	RESERVED
CVE-2007-4299
	RESERVED
CVE-2007-4298
	RESERVED
CVE-2007-4297 (Multiple cross-site scripting (XSS) vulnerabilities in yorumkaydet.asp ...)
	NOT-FOR-US: Modulu
CVE-2007-4296 (Unspecified vulnerability in assp.pl in Anti-Spam SMTP Proxy Server ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy Server
CVE-2007-4295 (Unspecified vulnerability in Cisco IOS 12.0 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-4294 (Unspecified vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2007-4293 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2007-4292 (Multiple memory leaks in Cisco IOS 12.0 through 12.4 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2007-4291 (Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2007-4290 (** DISPUTED ** ...)
	NOT-FOR-US: Guestbook Script
CVE-2007-4289 (Sun Java System Portal Server 7.0 does not properly process XSLT ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2007-4288 (Microsoft Windows Media Player 11 (wmplayer.exe) allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-4287 (PHP remote file inclusion vulnerability in fc_functions/fc_example.php ...)
	NOT-FOR-US: FishCart
CVE-2007-4286 (Buffer overflow in the Next Hop Resolution Protocol (NHRP) ...)
	NOT-FOR-US: Cisco
CVE-2007-4285 (Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to ...)
	NOT-FOR-US: Cisco
CVE-2007-4284 (Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified ...)
	NOT-FOR-US: Cisco
CVE-2007-4283 (PHP remote file inclusion vulnerability in bridge/yabbse.inc.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2007-4282 (The &quot;Extended properties for entries&quot; (entryproperties) plugin in ...)
	- serendipity 1.1.4-1
	[etch] - serendipity <not-affected> (introduced in 1.1.x)
CVE-2007-4281 (Cross-site scripting (XSS) vulnerability in KnowledgeTree Open Source ...)
	- knowledgetree <removed>
CVE-2007-4279 (PHP remote file inclusion vulnerability in config.php in ...)
	NOT-FOR-US: FrontAccounting
CVE-2007-4278 (Stack-based buffer overflow in the giomgr process in ESRI ArcSDE ...)
	NOT-FOR-US: ESRI ArcSDE
CVE-2007-4277 (The Trend Micro AntiVirus scan engine before 8.550-1001, as used in ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-4276 (Stack-based buffer overflow in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4275 (Multiple untrusted search path vulnerabilities in IBM DB2 UDB 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4274
	REJECTED
CVE-2007-4273 (IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4272 (Multiple vulnerabilities in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4271 (Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4270 (Multiple race conditions in IBM DB2 UDB 8 before Fixpak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-4269 (Integer overflow in the Networking component in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4268 (Integer signedness error in the Networking component in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4267 (Stack-based buffer overflow in the Networking component in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-4266
	RESERVED
CVE-2007-4265 (Multiple cross-site scripting (XSS) vulnerabilities in VisionProject ...)
	NOT-FOR-US: VisionProject
CVE-2007-4264 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: snif
CVE-2007-4280 (The Skinny channel driver (chan_skinny) in Asterisk Open Source before ...)
	- asterisk 1:1.4.10~dfsg-1
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-019.htm
	[sarge] - asterisk <not-affected> (not affected according to advisory)
	[etch] - asterisk <not-affected> (not affected according to advisory)
CVE-2007-4263 (Unspecified vulnerability in the server side of the Secure Copy (SCP) ...)
	NOT-FOR-US: Cisco
CVE-2007-4262 (Unrestricted file upload vulnerability in EZPhotoSales 1.9.3 and ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4261 (EZPhotoSales 1.9.3 and earlier stores sensitive information under the ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4260 (EZPhotoSales 1.9.3 and earlier has a default &quot;admin&quot; account for ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4259 (EZPhotoSales 1.9.3 and earlier allows remote attackers to download ...)
	NOT-FOR-US: EZPhotoSales
CVE-2007-4258 (SQL injection vulnerability in directory.php in Prozilla Pub Site ...)
	NOT-FOR-US: Prozilla
CVE-2007-4257 (Multiple buffer overflows in Live for Speed (LFS) S1 and S2 allow ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4256 (Directory traversal vulnerability in showpage.cgi in YNP Portal System ...)
	NOT-FOR-US: YNP Portal System
CVE-2007-4255 (Buffer overflow in the mSQL extension in PHP 5.2.3 allows ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-4254 (Stack-based buffer overflow in a certain ActiveX control in VDT70.DLL ...)
	NOT-FOR-US: Microsoft
CVE-2007-4253 (SQL injection vulnerability in the News module in modules.php in ...)
	NOT-FOR-US: Envolution
CVE-2007-4252 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: CHILKAT ASP String
CVE-2007-4251 (OpenOffice.org (OOo) 2.2 does not properly handle files with multiple ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: Only a crasher with malformed documents
CVE-2007-4250 (The isChecked function in Toolbar.DLL in Advanced Searchbar before ...)
	NOT-FOR-US: Advanced Searchbar
CVE-2007-4249 (The isChecked function in Toolbar.DLL in the ExportNation toolbar for ...)
	NOT-FOR-US: ExportNation toolbar
CVE-2007-4248 (The CallCmd function in toolbar_gaming.dll in the Toolbar Gaming ...)
	NOT-FOR-US: Toolbar Gaming toolbar
CVE-2007-4247 (Windows Calendar on Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-4246 (Unspecified vulnerability, possibly a buffer overflow, in Justsystem ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2007-4245 (Cross-site scripting (XSS) vulnerability in Search.php in DiMeMa ...)
	NOT-FOR-US: DiMeMa CONTENTdm
CVE-2007-4244 (PHP remote file inclusion vulnerability in langset.php in J! ...)
	NOT-FOR-US: Joomla
CVE-2007-4243 (Unspecified vulnerability in pfilter-reporter.pl in Astaro Security ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4242 (The pop3 Proxy in Astaro Security Gateway (ASG) 7 does not perform ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-4241 (Buffer overflow in ldcconn in Hewlett-Packard (HP) Controller for ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2007-4240 (The check_logout function in class/auth.php in Help Center Live (hcl) ...)
	NOT-FOR-US: Help Center Live
CVE-2007-4239 (Cross-site scripting (XSS) vulnerability in user/forgotPassStep2.jsp ...)
	NOT-FOR-US: C-SAM oneWallet
CVE-2007-4238 (AIX 5.2 and 5.3 install pioinit with user and group ownership of bin, ...)
	NOT-FOR-US: AIX
CVE-2007-4237 (Buffer overflow in the atm subset in arp in devices.common.IBM.atm.rte ...)
	NOT-FOR-US: AIX
CVE-2007-4236 (Buffer overflow in lpd in bos.rte.printers in AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: AIX
CVE-2007-4235 (Multiple PHP remote file inclusion vulnerabilities in VietPHP allow ...)
	NOT-FOR-US: VietPHP
CVE-2007-4234 (Unspecified vulnerability in Camera Life before 2.6 allows remote ...)
	NOT-FOR-US: Camera Life
CVE-2007-4233 (Multiple unspecified vulnerabilities in Camera Life before 2.6 allow ...)
	NOT-FOR-US: Camera Life
CVE-2007-4232 (PHP remote file inclusion vulnerability in admin/inc/change_action.php ...)
	NOT-FOR-US: PHPNews
CVE-2007-4231 (PHP remote file inclusion vulnerability in order/login.php in IDevSpot ...)
	NOT-FOR-US: PhpHostBot
CVE-2007-4230 (** DISPUTED ** ...)
	NOT-FOR-US: BellaBiblio
CVE-2007-4229 (Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows ...)
	- kdebase <unfixed> (unimportant)
	NOTE: Browser DoS not treated as vulnerabilities
CVE-2007-4228 (rmpvc on IBM AIX 4.3 allows local users to cause a denial of service ...)
	NOT-FOR-US: AIX
CVE-2007-4227 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-4226 (Directory traversal vulnerability in the BlueCat Networks Proteus IPAM ...)
	NOT-FOR-US: BlueCat Networks Proteus IPAM appliance
CVE-2007-4225 (Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4224 (KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
CVE-2007-4223 (Dbgv.sys in Microsoft Sysinternals DebugView before 4.72 provides an ...)
	NOT-FOR-US: Microsoft Sysinternals DebugView
CVE-2007-4222 (Buffer overflow in the TagAttributeListCopy function in nnotes.dll in ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2007-4221 (Multiple buffer overflows in Motorola Timbuktu Pro before 8.6.5 for ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4220 (Directory traversal vulnerability in Motorola Timbuktu Pro before ...)
	NOT-FOR-US: Motorola Timbuktu
CVE-2007-4219 (Integer overflow in the RPCFN_SYNC_TASK function in StRpcSrv.dll, as ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4218 (Multiple buffer overflows in the ServerProtect service (SpntSvc.exe) ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-4217 (Stack-based buffer overflow in the domacro function in ftp in IBM AIX ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4216 (vsdatant.sys 6.5.737.0 in Check Point Zone Labs ZoneAlarm before ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-4215
	RESERVED
CVE-2007-4214
	RESERVED
CVE-2007-4213 (Palm OS on Treo 650, 680, 700p, and 755p Smart phones allows remote ...)
	NOT-FOR-US: Palm OS
CVE-2007-4212 (Multiple cross-site scripting (XSS) vulnerabilities in the Search ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-4211 (The ACL plugin in Dovecot before 1.0.3 allows remote authenticated ...)
	- dovecot 1:1.0.3-2 (low)
	[etch] - dovecot <no-dsa> (minor issue)
	[sarge] - dovecot <no-dsa> (minor issue)
CVE-2007-4210 (Multiple SQL injection vulnerabilities in module.php in LANAI (la-nai) ...)
	NOT-FOR-US: LANAI CMS
CVE-2007-4209 (SQL injection vulnerability in Recherche.php in Aceboard forum allows ...)
	NOT-FOR-US: Aceboard forum
CVE-2007-4208 (SQL injection vulnerability in default.asp in Next Gen Portfolio ...)
	NOT-FOR-US: Next Gen Portfolio Manager
CVE-2007-4207 (SQL injection vulnerability in admin_console/index.asp in Gallery In A ...)
	NOT-FOR-US: Gallery In A Box
CVE-2007-4206 (Kaspersky Anti-Spam 3.0 MP1 before Critical Fix 2 (3.0.278.4) sets ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-4205 (XHA (Linux-HA) on the BlueCat Networks Adonis DNS/DHCP Appliance ...)
	NOT-FOR-US: BlueCat Networks Adonis
CVE-2007-4204 (Hitachi Groupmax Collaboration - Schedule, as used in Groupmax ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration
CVE-2007-4203 (Session fixation vulnerability in Mambo 4.6.2 CMS allows remote ...)
	NOT-FOR-US: Mambo
CVE-2007-4202 (Guidance Software EnCase Enterprise Edition (EEE) 6 does not properly ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4201 (Guidance Software EnCase 6.2 and 6.5 does not properly handle a volume ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4200 (ntfs.c in fsstat in Brian Carrier The Sleuth Kit (TSK) before 2.09 ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4199 (Brian Carrier The Sleuth Kit (TSK) before 2.09 allows user-assisted ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4198 (The fs_data_put_str function in ntfs.c in fls in Brian Carrier The ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4197 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 omits NULL ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4196 (icat in Brian Carrier The Sleuth Kit (TSK) before 2.09 misinterprets a ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4195 (Use-after-free vulnerability in ext2fs.c in Brian Carrier The Sleuth ...)
	- sleuthkit 2.09-1 (unimportant)
	NOTE: Labelling this as a security problem is a bit far-fetched.
CVE-2007-4194 (Guidance Software EnCase 5.0 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Guidance Software EnCase
CVE-2007-4193 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4192 (Multiple cross-site scripting (XSS) vulnerabilities in IDE Group DVD ...)
	NOT-FOR-US: DVD Rental System
CVE-2007-4191 (Panda Antivirus 2008 stores service executables under the product's ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-4190 (CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...)
	NOT-FOR-US: Joomla
CVE-2007-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2007-4188 (Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) ...)
	NOT-FOR-US: Joomla
CVE-2007-4187 (Multiple eval injection vulnerabilities in the com_search component in ...)
	NOT-FOR-US: Joomla
CVE-2007-4186 (PHP remote file inclusion vulnerability in admin.tour_toto.php in the ...)
	NOT-FOR-US: Joomla! addon
CVE-2007-4185 (Joomla! 1.0.12 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Joomla
CVE-2007-4184 (SQL injection vulnerability in administrator/popups/pollwindow.php in ...)
	NOT-FOR-US: Joomla
CVE-2007-4183 (SQL injection vulnerability in main.php in paBugs 2.0 Beta 3 and ...)
	NOT-FOR-US: paBugs
CVE-2007-4182 (Unrestricted file upload vulnerability in index.php in WikiWebWeaver ...)
	NOT-FOR-US: WikiWebWeaver
CVE-2007-4181 (** DISPUTED ** ...)
	NOT-FOR-US: Pluck
CVE-2007-4180 (** DISPUTED ** ...)
	NOT-FOR-US: Pluck
CVE-2007-4179 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HPUX
CVE-2007-4178 (Cross-site scripting (XSS) vulnerability in index.php in WebDirector ...)
	NOT-FOR-US: Webdirector
CVE-2007-4177 (Multiple cross-site scripting (XSS) vulnerabilities in Interact before ...)
	NOT-FOR-US: Interact
CVE-2007-4176 (Multiple unspecified vulnerabilities in EQDKP Plus before 0.4.4.5 have ...)
	NOT-FOR-US: EQDKP Plus
CVE-2007-4175 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Openrat CMS
CVE-2007-4174 (Tor before 0.1.2.16, when ControlPort is enabled, does not properly ...)
	- tor 0.1.2.16-1 (medium)
CVE-2007-4173 (SQL injection vulnerability in duyuruoku.asp in Hunkaray Okul Portali ...)
	NOT-FOR-US: Hunkaray Okul Portali
CVE-2007-4172 (Multiple cross-site scripting (XSS) vulnerabilities in Open Webmail ...)
	NOT-FOR-US: Openwebmail
CVE-2007-4171 (SQL injection vulnerability in komentar.php in the Forum Module for ...)
	NOT-FOR-US: Aura CMS
CVE-2007-4170 (Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 ...)
	NOT-FOR-US: AL-Athkar
CVE-2007-4169 (** DISPUTED ** ...)
	NOT-FOR-US: vgallite
CVE-2007-4167 (PHP remote file inclusion vulnerability in cat_viewed.php in ...)
	NOT-FOR-US: AL-Caricatier
CVE-2007-4166 (Cross-site scripting (XSS) vulnerability in index.php in the Unnamed ...)
	NOT-FOR-US: Xu Yiyang
CVE-2007-4165 (Cross-site scripting (XSS) vulnerability in index.php in the Blue ...)
	- wordpress <not-affected> (Wordpress doesn't ship this theme)
CVE-2007-4164 (CRLF injection vulnerability in the redirect feature in Sun Java ...)
	NOT-FOR-US: IndexScript
CVE-2007-4163 (Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 ...)
	NOT-FOR-US: IndexScript
CVE-2007-4162 (TIBCO Rendezvous (RV) 7.5.2 does not protect confidentiality or ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4161 (rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4160 (The default configuration of TIBCO Rendezvous (RV) 7.5.2 clients, when ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4159 (index.html in the HTTP administration interface in certain daemons in ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4158 (Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and ...)
	NOT-FOR-US: TIBCO Rendezvous (RV)
CVE-2007-4157 (PHPBlogger stores sensitive information under the web root with ...)
	NOT-FOR-US: PHPBlogger
CVE-2007-4156 (Multiple SQL injection vulnerabilities in wolioCMS allow remote ...)
	NOT-FOR-US: wolioCMS
CVE-2007-4155 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	- vmware-package 0.16
CVE-2007-4154 (SQL injection vulnerability in options.php in WordPress 2.2.1 allows ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-4153 (Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1 (low)
	NOTE: see issue 4690 and 4691 in wordpress trac
CVE-2007-4152 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4151 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4150 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4149 (The Visionsoft Audit on Demand Service (VSAOD) in Visionsoft Audit ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4148 (Heap-based buffer overflow in the Visionsoft Audit on Demand Service ...)
	NOT-FOR-US: Visionsoft Audit on Demand Service
CVE-2007-4147 (Multiple unspecified vulnerabilities in Interspire ArticleLive NX ...)
	NOT-FOR-US: Interspire ArticleLive NX
CVE-2007-4146 (Cross-site scripting (XSS) vulnerability in webevent.cgi in WebEvent ...)
	NOT-FOR-US: WebEvent
CVE-2007-4145 (Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX ...)
	NOT-FOR-US: BlueSkychat
CVE-2007-4144 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MitriDAT eMail Form Processor Pro
CVE-2007-4143 (user.php in the Billing Control Panel in phpCoupon allows remote ...)
	NOT-FOR-US: Billing Control Panel in phpCoupon
CVE-2007-4142 (Cross-site scripting (XSS) vulnerability in IBM Lotus Sametime Server ...)
	NOT-FOR-US: IBM Lotus Sametime Server
CVE-2007-4141 (OpenRat CMS 0.8-beta1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: OpenRat CMS
CVE-2007-4140 (Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows ...)
	NOT-FOR-US: Live for Speed
CVE-2007-4139 (Cross-site scripting (XSS) vulnerability in the Temporary Uploads ...)
	NOT-FOR-US: Temporary Uploads
CVE-2007-4138 (The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in ...)
	- samba 3.0.26-1
	[etch] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
	[sarge] - samba <not-affected> (Vulnerable code was introduced in 3.0.25)
CVE-2007-4137 (Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-8 (medium; bug #442780)
	- qt4-x11 <not-affected> (Not exploitable according to upstream)
CVE-2007-4136 (The ricci daemon in Red Hat Conga 0.10.0 allows remote attackers to ...)
	NOT-FOR-US: Conga
CVE-2007-4135 (The NFSv4 ID mapper (nfsidmap) before 0.17 does not properly handle ...)
	- libnfsidmap 0.18-0 (low; bug #442935)
	NOTE: https://issues.rpath.com/browse/RPL-1731
CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 ...)
	- star 1.5a67-1.1 (bug #440100; low)
	[etch] - star <no-dsa> (Minor issue)
CVE-2007-4133 (The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions ...)
	{DSA-1504-1 DSA-1381-2}
	- linux-2.6 2.6.20-1
CVE-2007-4132 (Unspecified vulnerability in Red Hat Network Satellite Server 5.0.0 ...)
	NOT-FOR-US: Red Hat Satellite Server
CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in ...)
	{DSA-1438-1}
	- tar 1.18-2 (medium; bug #439335)
CVE-2007-4130 (The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux ...)
	- linux-2.6 2.6.12-1 (low)
	NOTE: a fix is included in 2.6, see line 854 mempolicy.c
	NOTE: it was maybe fixed earlier, 2.6.12 is the first version in git
	NOTE: which I can see and ships the fix
CVE-2007-4129 (CoolKey 1.1.0 allows local users to overwrite arbitrary files via a ...)
	- coolkey 1.1.0-3
CVE-2007-4128 (SQL injection vulnerability in index.php in the Firestorm Technologies ...)
	NOT-FOR-US: com_gmaps for Joomla!
CVE-2007-4127 (** DISPUTED ** ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2007-4126 (Unspecified vulnerability in the dynamic tracing framework (DTrace) on ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-4125 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2007-4124 (The session failover function in Cosminexus Component Container in ...)
	NOT-FOR-US: Cosminexus
CVE-2007-4123 (The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-4122 (Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) ...)
	NOT-FOR-US: Hitachi Hierarchical Viewer
CVE-2007-4121 (Multiple SQL injection vulnerabilities in admin.aspx in E-Commerce ...)
	NOT-FOR-US: E-Commerce Scripts Shopping Cart Script
CVE-2007-4120 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-4119 (Multiple SQL injection vulnerabilities in yonetici.asp in Berthanas ...)
	NOT-FOR-US: Defteri
CVE-2007-4118 (PHP remote file inclusion vulnerability in includes/functions.inc.php ...)
	NOT-FOR-US: phpVoter
CVE-2007-4117 (** DISPUTED ** ...)
	NOT-FOR-US: phpVoter
CVE-2005-4860 (Spectrum Cash Receipting System before 6.504 uses weak cryptography ...)
	NOT-FOR-US: Spectrum Cash Receipting System
CVE-2007-XXXX [teamspeak-server arbitrary file disclosure]
	- teamspeak-server 2.0.23.19-1 (bug #435707; medium)
CVE-2007-XXXX [tor insufficient authentication on control port]
	- tor 0.1.2.16-1
CVE-2007-4116 (SQL injection vulnerability in philboard_forum.asp in Metyus Forum ...)
	NOT-FOR-US: Metyus Forum Portal
CVE-2007-4115 (Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) ...)
	NOT-FOR-US: IT!CMS (itcms)
CVE-2007-4114 (Multiple SQL injection vulnerabilities in unuttum.asp in ...)
	NOT-FOR-US: SuskunDuygular Uyelik Sistemi
CVE-2007-4113 (Unspecified vulnerability in Advanced Webhost Billing System (AWBS) ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4112 (Multiple SQL injection vulnerabilities in Advanced Webhost Billing ...)
	NOT-FOR-US: Advanced Webhost Billing System (AWBS)
CVE-2007-4111 (SQL injection vulnerability in the login script in Real Estate listing ...)
	NOT-FOR-US: Real Estate listing website
CVE-2007-4110 (SQL injection vulnerability in sign_in.aspx in Message Board / ...)
	NOT-FOR-US: Message Board / Threaded Discussion Forum Application Template
CVE-2007-4109 (SQL injection vulnerability in sign_in.aspx in WebStore (Online Store ...)
	NOT-FOR-US: WebStore (Online StoreWebStore (Online Store Application Template)
CVE-2007-4108 (SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2007-4107 (SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 ...)
	NOT-FOR-US: phpMyForum
CVE-2007-4106 (SQL injection vulnerability in login.asp in CodeWidgets Pay Roll - ...)
	NOT-FOR-US: CodeWidgets Pay Roll - Time Sheet and Punch Card Application With Web Interface
CVE-2007-4105 (A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 ...)
	NOT-FOR-US: Baidu Soba Search Bar
CVE-2007-4104 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: WP-FeedStats plugin for WordPress
CVE-2007-4103 (The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before ...)
	- asterisk 1:1.4.9~dfsg-1
	[etch] - asterisk <not-affected> (Only 1.2.20, 1.2.21, 1.2.21.1 and 1.2.22 affected)
	[sarge] - asterisk <not-affected> (1.0 not affected)
CVE-2007-4102 (Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 ...)
	NOT-FOR-US: sBlog
CVE-2007-4101 (Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 ...)
	NOT-FOR-US: Madoa Poll
CVE-2007-4100 (MLDonkey before 2.9.0 does not load certain code from ...)
	- mldonkey 2.9.0-1 (bug #435439)
	[etch] - mldonkey <no-dsa> (Minor issue)
CVE-2007-4099 (Tor before 0.1.2.15 can select a guard node beyond the first listed ...)
	- tor 0.1.2.15-1
CVE-2007-4098 (Tor before 0.1.2.15 does not properly distinguish &quot;streamids from ...)
	- tor 0.1.2.15-1
CVE-2007-4097 (Tor before 0.1.2.15 sends &quot;destroy cells&quot; containing the reason for ...)
	- tor 0.1.2.15-1
CVE-2007-4096 (Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, ...)
	- tor 0.1.2.15-1
CVE-2007-4095 (SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows ...)
	NOT-FOR-US: BSM Store Dependent Forums
CVE-2007-4094 (PHP remote file inclusion vulnerability in library/authorize.php in ...)
	NOT-FOR-US: IDevSpot PhpHostBot
CVE-2007-4093 (Minb Is Not a Blog (minb) stores sensitive information under the web ...)
	NOT-FOR-US: Minb Is Not a Blog (minb)
CVE-2007-4092 (Directory traversal vulnerability in index.php in iFoto 1.0.1 and ...)
	NOT-FOR-US: iFoto
CVE-2007-4091 (Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...)
	{DSA-1360-1}
	- rsync 2.6.9-5 (bug #438125; medium)
CVE-2007-4090 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4089 (Vikingboard 0.1.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4088 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2007-4087 (AlstraSoft Video Share Enterprise allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4086 (Multiple SQL injection vulnerabilities in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-4085 (Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4084 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2007-4083 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft AskMe Pro
CVE-2007-4082 (Cross-site scripting (XSS) vulnerability in contact_author.php ...)
	NOT-FOR-US: AlstraSoft Article Manager Pro
CVE-2007-4081 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Affiliate Network Pro
CVE-2007-4080 (Cross-site scripting (XSS) vulnerability in index.php AlstraSoft ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4079 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft SMS ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4078 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Text ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4077 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft
CVE-2007-4076 (Multiple SQL injection vulnerabilities in index.asp in Alisveris ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4075 (Cross-site scripting (XSS) vulnerability in index.asp in Alisveris ...)
	NOT-FOR-US: Alisveris Sitesi Scripti
CVE-2007-4074 (The default configuration of Centre for Speech Technology Research ...)
	- festival 1.96~beta-6 (bug #435445; low)
	[etch] - festival <no-dsa> (Minor issue)
CVE-2007-4073 (Webbler CMS before 3.1.6 does not properly restrict use of &quot;mail a ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4072 (Webbler CMS before 3.1.6 provides the full installation path within ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4071 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Webbler CMS
CVE-2007-4070 (Unspecified vulnerability in Low Bandwidth X proxy (lbxproxy) on Sun ...)
	- lbxproxy <removed>
CVE-2007-4069 (SQL injection vulnerability in show_cat.php in IndexScript 2.8 and ...)
	NOT-FOR-US: IndexScript
CVE-2007-4068 (Multiple SQL injection vulnerabilities in Webyapar 2.0 allow remote ...)
	NOT-FOR-US: Webyapar
CVE-2007-4067 (Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ...)
	NOT-FOR-US: Clever Internet ActiveX Suite
CVE-2007-4066 (Multiple buffer overflows in Xiph.Org libvorbis before 1.2.0 allow ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: svn revisionsions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4065 (lib/vorbisfile.c in libvorbisfile in Xiph.Org libvorbis before 1.2.0 ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1
	NOTE: Just an infinite loop in an enduser multimedia libarary, not treated as a vulnerability
	NOTE: svn revisionions fixing this: https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4064 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 5.x ...)
	- drupal 4.7.7-1 (low)
	- drupal5 5.2-1 (low)
	[sarge] - drupal <not-affected> (Only Drupal 5.x is affected)
CVE-2007-4063 (Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal ...)
	- drupal5 5.2-1 (low)
	NOTE: DRUPAL-SA-2007-017
CVE-2007-4062 (The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4061 (Directory traversal vulnerability in a certain ActiveX control in ...)
	- nessus-core <not-affected> (Windows only)
CVE-2007-4060 (Multiple buffer overflows in the HttpSprockMake function in http.c in ...)
	NOT-FOR-US: corehttp
CVE-2007-4059 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	- vmware-package 0.16
CVE-2007-4058 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	- vmware-package 0.16
CVE-2007-4057 (Unrestricted file upload vulnerability in pfs.php in Neocrome Seditio ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2007-4056 (SQL injection vulnerability in directory.php in Prozilla Adult ...)
	NOT-FOR-US: Adult Directory
CVE-2007-4055 (SQL injection vulnerability in comments_get.asp in SimpleBlog 3.0 ...)
	NOT-FOR-US: SimpleBlog
CVE-2007-4054 (SQL injection vulnerability in category.php in PHP123 Top Sites allows ...)
	NOT-FOR-US: PHP123 Top Sites
CVE-2007-4053 (SQL injection vulnerability in include/img_view.class.php in LinPHA ...)
	NOT-FOR-US: LinPHA
CVE-2007-4052 (Cross-site scripting (XSS) vulnerability in utilities/login.asp in ...)
	NOT-FOR-US: nukedit
CVE-2007-4051 (Heap-based buffer overflow in the FindFiles function in UltraDefrag ...)
	NOT-FOR-US: UltraDefrag
CVE-2007-4050 (Unspecified vulnerability in WebUI in ADempiere Bazaar before 3.3 beta ...)
	NOT-FOR-US: ADempiere Bazaar
CVE-2007-4049
	REJECTED
CVE-2007-4048 (Cross-site scripting (XSS) vulnerability in index.php in phpSysInfo ...)
	{DTSA-58-1}
	- phpsysinfo 2.5.1-6.1 (unimportant; bug #435935)
	- phpgroupware 0.9.16.012-1 (low; bug #435936; bug #472685)
	[etch] - phpgroupware <not-affected> (Affected code is not used in phpgroupware)
	- egroupware 1.2.107-2.dfsg-1.1 (low; bug #435937)
	NOTE: phpsysinfo alone doesn't maintain any data, which makes this an issue
CVE-2007-4047 (geoBlog (aka BitDamaged) 1 does not require authentication for (1) ...)
	NOT-FOR-US: geoBlog
CVE-2007-4046 (SQL injection vulnerability in index.php in the Pony Gallery ...)
	NOT-FOR-US: Pony Gallery
CVE-2007-4045 (The CUPS service, as used in SUSE Linux before 20070720 and other ...)
	- cupsys 1.2
	- cups 1.2
	NOTE: Since 1.2 allocation has changed and this issue is no longer exploitable
CVE-2007-4044
	REJECTED
CVE-2007-4043 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-4042 (Multiple argument injection vulnerabilities in Netscape Navigator 9 ...)
	NOT-FOR-US: Netscape Navigator
CVE-2007-4041 (Multiple argument injection vulnerabilities in Mozilla Firefox 2.0.0.5 ...)
	{DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1}
	- iceweasel 2.0.0.6-1
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5-1
CVE-2007-4040 (Argument injection vulnerability involving Microsoft Outlook and ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2007-4039 (Argument injection vulnerability involving Mozilla, when certain URIs ...)
	- icedove <not-affected> (Windows-specific)
CVE-2007-4038 (Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, ...)
	{DSA-1338-1}
	- iceweasel 2.0.0.5-1
CVE-2007-4037 (** DISPUTED ** ...)
	NOT-FOR-US: Guidance Software
CVE-2007-4036 (** DISPUTED ** ...)
	NOT-FOR-US: Guidance Software
CVE-2007-4035 (** DISPUTED ** ...)
	NOT-FOR-US: Guidance Software
CVE-2007-4034 (Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! ...)
	NOT-FOR-US: Yahoo! Widgets
CVE-2007-4033 (Buffer overflow in the intT1_EnvGetCompletePath function in ...)
	{DSA-1390-1}
	- t1lib 5.1.0-3 (bug #439927)
	NOTE: originally posted as a php vuln, actually in libt1
	NOTE: http://www.securityfocus.com/bid/25079 (particularly the discussions)
CVE-2007-4032 (Buffer overflow in CrystalPlayer Pro 1.98 allows user-assisted remote ...)
	NOT-FOR-US: CrystalPlayer
CVE-2007-4031 (Directory traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Nessus ActiveX control
CVE-2007-4030
	RESERVED
CVE-2007-4029 (libvorbis 1.1.2, and possibly other versions before 1.2.0, allows ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium; bug #437916)
	NOTE: svn revisions fixing this https://bugzilla.redhat.com/show_bug.cgi?id=249780
CVE-2007-4028 (Absolute path traversal vulnerability in index.php in Webspell 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-4027 (Buffer overflow in cli32 in Areca CLI 1.72.250 and earlier might allow ...)
	NOT-FOR-US: Areca
CVE-2007-4026 (epesi framework before 0.8.6 does not properly verify file extensions, ...)
	NOT-FOR-US: epesi
CVE-2007-4025 (Unspecified vulnerability in Sun Java System (SJS) Application Server ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2007-4024 (Cross-site scripting (XSS) vulnerability in W1L3D4_aramasonuc.asp in ...)
	NOT-FOR-US: W1L3D4
CVE-2007-4023 (Cross-site scripting (XSS) vulnerability in the login CGI program in ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-4022 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: cPanel
CVE-2007-4021 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: Brain Book Software Secure
CVE-2007-4020 (Multiple cross-site scripting (XSS) vulnerabilities in login.php in ...)
	NOT-FOR-US: AdMan
CVE-2007-4019
	REJECTED
CVE-2007-5645
	REJECTED
CVE-2007-4018 (Citrix Access Gateway Advanced Edition before firmware 4.5.5 allows ...)
	NOT-FOR-US: Citrix
CVE-2007-4017 (Cross-site request forgery (CSRF) vulnerability in the web-based ...)
	NOT-FOR-US: Citrix
CVE-2007-4016 (Unspecified vulnerability in the client components in Citrix Access ...)
	NOT-FOR-US: Citrix
CVE-2007-4015
	REJECTED
CVE-2007-4014 (Cross-site scripting (XSS) vulnerability in a certain index.php ...)
	NOT-FOR-US: Blix themes for WordPress
CVE-2007-4013 (Multiple unspecified vulnerabilities in (1) Net6Helper.DLL (aka ...)
	NOT-FOR-US: Citrix
CVE-2007-4012 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
	NOT-FOR-US: Cisco
CVE-2007-4011 (Cisco 4100 and 4400, Airespace 4000, and Catalyst 6500 and 3750 ...)
	NOT-FOR-US: Cisco
CVE-2007-4010 (The win32std extension in PHP 5.2.3 does not follow safe_mode and ...)
	- php5 <not-affected> (Windows-specific issue)
CVE-2007-4009 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2007-4008 (Directory traversal vulnerability in custom.php in Entertainment Media ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-4007 (PHP remote file inclusion vulnerability in index.php in Article ...)
	NOT-FOR-US: Article Directory
CVE-2007-4006 (Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4005 (Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) ...)
	NOT-FOR-US: Mike Dubman Windows RSH daemon
CVE-2007-4004 (Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4003 (pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code ...)
	NOT-FOR-US: IBM AIX
CVE-2007-4002
	RESERVED
CVE-2007-4001
	RESERVED
CVE-2007-4000 (The kadm5_modify_policy_internal function in ...)
	- krb5 1.6.dfsg.1-7 (high)
	[etch] - krb5 <not-affected> (Vulnerable code not present)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3999 (Stack-based buffer overflow in the svcauth_gss_validate function in ...)
	{DSA-1368-1 DSA-1367-1}
	- librpcsecgss 0.14-3
	- krb5 1.6.dfsg.1-7 (high)
	[sarge] - krb5 <not-affected> (Vulnerable code not present)
CVE-2007-3998 (The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	- php5 5.2.4-1 (low)
	- php4 <removed> (low)
	NOTE: this applies to php4 as well
	NOTE: i think it is medium since it can be easily used to DoS on shared hosting systems
	NOTE: a diff between 5.2.3 (debian) and 5.2.4 (upstream) of ext/standard/string.c
	NOTE: so maybe this is already fixed in 5.2.3, not sure
	NOTE: fixed in php5/etch svn
	NOTE: http://cvs.php.net/viewcvs.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.63&r2=1.445.2.14.2.64
CVE-2007-3997 (The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP ...)
	- php5 5.2.4-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: only exploitable by malicious script
CVE-2007-3996 (Multiple integer overflows in libgd in PHP before 5.2.4 allow remote ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #443456; medium)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: Debian's PHP packages are linked dynamically against libgd
	NOTE: see http://www.php.net/releases/5_2_4.php
CVE-2007-3995
	RESERVED
CVE-2007-3994
	RESERVED
CVE-2007-3993 (Unspecified vulnerability in the attachment filter in Kerio MailServer ...)
	NOT-FOR-US: Kerio MailServer
CVE-2007-3992 (SQL injection vulnerability in vir_login.asp in iExpress Property Pro ...)
	NOT-FOR-US: iExpress Property Pro
CVE-2007-3991 (Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp ...)
	NOT-FOR-US: Asp cvmatik
CVE-2007-3990 (SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3989 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: Dora Emlak
CVE-2007-3988 (Session fixation vulnerability in Virtual Hosting Control System ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2007-3987 (SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, ...)
	NOT-FOR-US: ImageRacer
CVE-2007-3986 (file.cgi in Secure Computing SecurityReporter (aka Network Security ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3985 (Directory traversal vulnerability in file.cgi in Secure Computing ...)
	NOT-FOR-US: Secure Computing SecurityReporter
CVE-2007-3984 (Buffer overflow in a certain ActiveX control in the NixonMyPrograms ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3983 (Absolute path traversal vulnerability in the Data Dynamics ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3982 (Absolute path traversal vulnerability in the Data Dynamics ...)
	NOT-FOR-US: ActiveReports
CVE-2007-3981 (SQL injection vulnerability in index.php in WSN Links Basic Edition ...)
	NOT-FOR-US: WSN Links
CVE-2007-3980 (PHP remote file inclusion vulnerability in page.php in RCMS Pro ...)
	NOT-FOR-US: RCMS Pro RGameScript Pro
CVE-2007-3979 (SQL injection vulnerability in index.php in BlogSite Professional (aka ...)
	NOT-FOR-US: BlogSite Professional
CVE-2007-3978 (Session fixation vulnerability in bwired allows remote attackers to ...)
	NOT-FOR-US: bwired
CVE-2007-3977 (Cross-site scripting (XSS) vulnerability in bwired allows remote ...)
	NOT-FOR-US: bwired
CVE-2007-3976 (SQL injection vulnerability in index.php in bwired allows remote ...)
	NOT-FOR-US: bwired
CVE-2007-3975 (Cross-site scripting (XSS) vulnerability in index.php in Elite Forum ...)
	NOT-FOR-US: Elite Forum
CVE-2007-3974 (admin/ajoutaut.php in JBlog 1.0 does not require authentication, which ...)
	NOT-FOR-US: JBlog
CVE-2007-3973 (Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow ...)
	NOT-FOR-US: JBlog
CVE-2007-3972 (ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3971 (Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3970 (Race condition in ESET NOD32 Antivirus before 2.2289 allows remote ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-3969 (Buffer overflow in Panda Antivirus before 20070720 allows remote ...)
	NOT-FOR-US: Panda Antivirus
CVE-2007-3968 (index.php in dirLIST before 0.1.1 allows remote attackers to list the ...)
	NOT-FOR-US: dirLIST
CVE-2007-3967 (Directory traversal vulnerability in index.php in PHP Directory Lister ...)
	NOT-FOR-US: dirLIST
CVE-2007-3966 (SQL injection vulnerability in Munch Pro allows remote attackers to ...)
	NOT-FOR-US: Munch Pro
CVE-2007-3965 (Unspecified vulnerability in uFMOD before 1.2.5 has unknown impact and ...)
	NOT-FOR-US: uFMOD
CVE-2007-3964 (Itaka before 0.2.1, when using Authentication mode, allows remote ...)
	NOT-FOR-US: Itaka
CVE-2007-3963 (Multiple cross-site scripting (XSS) vulnerabilities in UseBB 1.0.7, ...)
	NOT-FOR-US: UseBB
CVE-2007-3962 (Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3961 (Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib ...)
	NOT-FOR-US: fsplib, vulnerable code not present in lib.c from fsp source package
CVE-2007-3960 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2007-3959 (The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier ...)
	NOT-FOR-US: Ipswitch Collaboration Suite (ICS)
CVE-2007-3958 (Microsoft Windows Explorer (explorer.exe) allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-3957 (Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote ...)
	NOT-FOR-US: Nipun Jain xserver
CVE-2007-3956 (TeamSpeak WebServer 2.0 for Windows does not validate parameter value ...)
	- teamspeak-server 2.0.23.19-1 (bug #435707)
CVE-2007-3955 (Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in ...)
	NOT-FOR-US: LinkedIn Toolbar
CVE-2007-3954 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
	NOT-FOR-US: Microsoft
CVE-2007-3953 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3952 (The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3951 (Multiple buffer overflows in Norman Antivirus 5.90 allow remote ...)
	NOT-FOR-US: Norman Antivirus
CVE-2007-3950 (lighttpd 1.4.15, when run on 32 bit platforms, allows remote attackers ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3949 (mod_access.c in lighttpd 1.4.15 ignores trailing / (slash) characters ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3948 (connections.c in lighttpd before 1.4.16 might accept more connections ...)
	- lighttpd 1.4.16-1 (low; bug #434888)
CVE-2007-3947 (request.c in lighttpd 1.4.15 allows remote attackers to cause a denial ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #428368)
	[etch] - libghttpd <no-dsa> (Accidentally omitted in DSA, but doesn't warrant another update itself)
CVE-2007-3946 (mod_auth (http_auth.c) in lighttpd before 1.4.16 allows remote ...)
	{DSA-1362-1}
	- lighttpd 1.4.16-1 (bug #434888)
CVE-2007-3945 (Rule Set Based Access Control (RSBAC) before 1.3.5 does not properly ...)
	NOT-FOR-US: Rule Set Based Access Control (RSBAC)
CVE-2007-3944 (Multiple heap-based buffer overflows in the Perl Compatible Regular ...)
	NOT-FOR-US: MobileSafari
CVE-2007-3943 (SQL injection vulnerability in Infinite Responder before 1.48 allows ...)
	NOT-FOR-US: Infinite Responder
CVE-2007-3942 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3941 (Cross-site scripting (XSS) vulnerability in profile.php in Jasmine CMS ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3940 (Cross-site scripting (XSS) vulnerability in default.asp in QuickerSite ...)
	NOT-FOR-US: QuickerSite
CVE-2007-3939 (SQL injection vulnerability in index.php in SpoonLabs Vivvo Article ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-3938 (SQL injection vulnerability in index.php in MAXdev MDPro (MD-Pro) ...)
	NOT-FOR-US: MAXdev MDPro (MD-Pro)
CVE-2007-3937 (Multiple SQL injection vulnerabilities in A-shop 0.70 and earlier ...)
	NOT-FOR-US: A-shop
CVE-2007-3936 (Directory traversal vulnerability in admin/filebrowser.asp in A-shop ...)
	NOT-FOR-US: A-shopA-shop
CVE-2007-3935 (PHP remote file inclusion vulnerability in link_main.php in the ...)
	NOT-FOR-US: SupaNav
CVE-2007-3934 (PHP remote file inclusion vulnerability in postscript/postscript.php ...)
	NOT-FOR-US: BBS E-Market
CVE-2007-3933 (SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and ...)
	NOT-FOR-US: QuickEStore
CVE-2007-3932 (uploadimg.php in the Expose RC35 and earlier (com_expose) component ...)
	NOT-FOR-US: Expose RC35 for Joomla
CVE-2007-3931 (The wrap_setuid_third_party_application function in the installation ...)
	NOT-FOR-US: Samsung SCX-4200 Driver installation script
CVE-2007-3930 (Interpretation conflict between Microsoft Internet Explorer and ...)
	NOT-FOR-US: Microsoft
CVE-2007-3929 (Use-after-free vulnerability in the BitTorrent support in Opera before ...)
	NOT-FOR-US: Opera
CVE-2007-3928 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3927 (Multiple buffer overflows in Ipswitch IMail Server 2006 before 2006.21 ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3926 (Ipswitch IMail Server 2006 before 2006.21 allows remote attackers to ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3925 (Multiple buffer overflows in the IMAP service (imapd32.exe) in ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2007-3924 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
	NOT-FOR-US: Microsoft
CVE-2007-3923 (The Common Internet File System (CIFS) optimization in Cisco Wide Area ...)
	NOT-FOR-US: Cisco
CVE-2007-3922 (Unspecified vulnerability in the Java Runtime Environment (JRE) Applet ...)
	- sun-java5 1.5.0-12-2
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3921 (gforge 3.1 and 4.5.14 allows local users to truncate arbitrary files ...)
	{DSA-1402-1}
	- gforge 4.6.99+svn6169-1
CVE-2007-3920 (GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not ...)
	{DTSA-75-1}
	[etch] - gnome-screensaver <not-affected> (Affected Compiz not present in Etch version)
	[etch] - xorg-server <not-affected> (Affected Compiz not present in Etch version)
	- gnome-screensaver 2.20.0-1.1
	- xorg-server 2:1.4.1~git20080118-1 (bug #449108; medium)
CVE-2007-3919 ((1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local ...)
	{DSA-1395-1}
	- xen-unstable 3.0-unstable+hg11561-1 (low; bug #464044)
	- xen-3 3.1.2-1 (low)
CVE-2007-3918 (Cross-site scripting (XSS) vulnerability in account/verify.php in ...)
	{DSA-1383-1}
	- gforge 4.6.99+svn6094-1
CVE-2007-3917 (The multiplayer engine in Wesnoth 1.2.x before 1.2.7 and 1.3.x before ...)
	{DSA-1386-1}
	- wesnoth 1.2.7-1
CVE-2007-3916 (The main function in skkdic-expr.c in SKK Tools 1.2 allows local users ...)
	- skktools 1.2+0.20061004-3 (low)
	[sarge] - skktools <no-dsa> (Minor issue)
	[etch] - skktools <no-dsa> (Minor issue)
CVE-2007-3915 [mondo insecure handling of temporary files]
	RESERVED
	- mondo 2.24-2 (low)
CVE-2007-3914
	RESERVED
CVE-2007-3913 (SQL injection vulnerability in Gforge before 3.1 allows remote ...)
	{DSA-1369-1 DTSA-57-1}
	- gforge 4.6.99+svn6086-1
CVE-2007-3912 (checkrestart in debian-goodies before 0.34 allows local users to gain ...)
	{DSA-1527-1}
	- debian-goodies 0.34 (bug #440411; medium)
CVE-2007-3911 (Multiple heap-based buffer overflows in (1) clsscheduler.exe (aka ...)
	NOT-FOR-US: BakBone NetVault Reporter
CVE-2007-3910 (Cross-site scripting (XSS) vulnerability in Bandersnatch 0.4 allows ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3909 (Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow ...)
	- bandersnatch <removed> (low; bug #435709)
CVE-2007-3908 (Unspecified vulnerability in HP ServiceGuard for Linux for Red Hat ...)
	NOT-FOR-US: HP ServiceGuard
CVE-2007-3907 (Unspecified vulnerability in login.pl in LedgerSMB 1.2.0 through 1.2.6 ...)
	NOT-FOR-US: LedgerSMB
CVE-2007-3906 (Unspecified vulnerability in Kaspersky Anti-Virus for Check Point ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-3905 (SQL injection vulnerability in Zoph before 0.7.0.1 might allow remote ...)
	{DSA-1389-2 DSA-1389-1}
	- zoph 0.7.0.2-1 (bug #435711)
CVE-2007-3904
	REJECTED
CVE-2007-3903 (Microsoft Internet Explorer 6 and 7 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3902 (Use-after-free vulnerability in the CRecalcProperty function in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3901 (Stack-based buffer overflow in the DirectShow Synchronized Accessible ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3900
	REJECTED
CVE-2007-3899 (Unspecified vulnerability in Microsoft Word 2000 SP3, Word 2002 SP3, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-3898 (The DNS server in Microsoft Windows 2000 Server SP4, and Server 2003 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3897 (Heap-based buffer overflow in Microsoft Outlook Express 6 and earlier, ...)
	NOT-FOR-US: Outlook Express
CVE-2007-3896 (The URL handling in Shell32.dll in the Windows shell in Microsoft ...)
	NOT-FOR-US: Windows
CVE-2007-3895 (Buffer overflow in Microsoft DirectShow in Microsoft DirectX 7.0 ...)
	NOT-FOR-US: Microsoft DirectX
CVE-2007-3894
	REJECTED
CVE-2007-3893 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3892 (Microsoft Internet Explorer 5.01 through 7 allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-3891 (Unspecified vulnerability in Windows Vista Weather Gadgets in Windows ...)
	NOT-FOR-US: Windows Vista
CVE-2007-3890 (Microsoft Excel in Office 2000 SP3, Office XP SP3, Office 2003 SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2007-3889 (Multiple SQL injection vulnerabilities in Insanely Simple Blog 0.5 and ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3888 (Multiple cross-site scripting (XSS) vulnerabilities in Insanely Simple ...)
	NOT-FOR-US: Insanely Simple Blog
CVE-2007-3887 (Multiple cross-site scripting (XSS) vulnerabilities in mesaj_formu.asp ...)
	NOT-FOR-US: ASP Ziyaretci Defteri
CVE-2007-3886 (Cross-site scripting (XSS) vulnerability in default.asp in Element CMS ...)
	NOT-FOR-US: Element CMS
CVE-2007-3885 (Cross-site scripting (XSS) vulnerability in philboard_search.asp in ...)
	NOT-FOR-US: husrevforum
CVE-2007-3884 (SQL injection vulnerability in philboard_forum.asp in husrevforum ...)
	NOT-FOR-US: husrevforum
CVE-2007-3883 (The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and ...)
	NOT-FOR-US: Data Dynamics ActiveBar ActiveX control
CVE-2007-3882 (SQL injection vulnerability in index.php in Expert Advisor allows ...)
	NOT-FOR-US: Expert Advisor
CVE-2007-3881 (SQL injection vulnerability in index.php in Pictures Rating (Picture ...)
	NOT-FOR-US: Pictures Rating
CVE-2007-3880 (Format string vulnerability in srsexec in Sun Remote Services (SRS) ...)
	NOT-FOR-US: Net Connect
CVE-2007-3879
	RESERVED
CVE-2007-3878
	RESERVED
CVE-2007-3877
	RESERVED
CVE-2007-3876 (Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows ...)
	NOT-FOR-US: SMB (Apple Mac OS X)
CVE-2007-3875 (arclib.dll before 7.3.0.9 in CA Anti-Virus (formerly eTrust Antivirus) ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-3874 (Directory traversal vulnerability in the tftp/mftp daemon in the PXE ...)
	NOT-FOR-US: Symantec Altiris Deployment Solution
CVE-2007-3873 (Stack-based buffer overflow in vstlib32.dll 1.2.0.1012 in the SSAPI ...)
	NOT-FOR-US: SSAPI Engine
CVE-2007-3872 (Multiple stack-based buffer overflows in the Shared Trace Service ...)
	NOT-FOR-US: HP OpenView
CVE-2007-3871 (Stampit Web uses guessable id values for online stamp purchases, which ...)
	NOT-FOR-US: Stampit
CVE-2006-7221 (Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow ...)
	- gftp 2.0.18-17 (unimportant; bug #437710)
CVE-2007-XXXX [dokuwiki XSS in spellchecker]
	- dokuwiki 0.0.20070626b-1 (unimportant; bug #434134)
	NOTE: IE browser bug are not treated as security issues in packages applications
CVE-2007-3870 (Multiple unspecified vulnerabilities in the Human Capital Management ...)
	NOT-FOR-US: Oracle
CVE-2007-3869 (Multiple unspecified vulnerabilities in the Customer Relationship ...)
	NOT-FOR-US: Oracle
CVE-2007-3868 (Multiple unspecified vulnerabilities in PeopleTools in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-3867 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-3866 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-3865 (Unspecified vulnerability in the Oracle Customer Intelligence ...)
	NOT-FOR-US: Oracle
CVE-2007-3864 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-3863 (Unspecified vulnerability in Oracle JDeveloper for Application Server ...)
	NOT-FOR-US: Oracle
CVE-2007-3862 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
	NOT-FOR-US: Oracle
CVE-2007-3861 (Unspecified vulnerability in Oracle Jdeveloper in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2007-3860 (Unspecified vulnerability in Oracle Application Express (formerly ...)
	NOT-FOR-US: Oracle
CVE-2007-3859 (Unspecified vulnerability in the Oracle Internet Directory component ...)
	NOT-FOR-US: Oracle
CVE-2007-3858 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3857 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 allow ...)
	NOT-FOR-US: Oracle
CVE-2007-3856 (Unspecified vulnerability in the Oracle Data Mining component for ...)
	NOT-FOR-US: Oracle
CVE-2007-3855 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
	NOT-FOR-US: Oracle
CVE-2007-3854 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, ...)
	NOT-FOR-US: Oracle
CVE-2007-3853 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2007-3852 (The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates ...)
	- sysstat <not-affected> (We have our own init script not prone to this vulnerability)
CVE-2007-3851 (The drm/i915 component in the Linux kernel before 2.6.22.2, when used ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3850 (The eHCA driver in Linux kernel 2.6 before 2.6.22, when running on ...)
	- linux-2.6 <not-affected> (Debian's kernel doesn't enable CONFIG_PPC_64K_PAGES)
CVE-2007-3849 (Red Hat Enterprise Linux (RHEL) 5 ships the rpm for the Advanced ...)
	NOT-FOR-US: RedHat Advanced Intrusion Detection Environment
CVE-2007-3848 (Linux kernel 2.4.35 and other versions allows local users to send ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-4
CVE-2007-3847 (The date handling code in modules/proxy/proxy_util.c (mod_proxy) in ...)
	- apache2 2.2.6-1 (bug #441845; low)
	[etch] - apache2 2.2.3-4+etch3 (bug #441845; low)
	- apache <removed> (unimportant)
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-3846 (Directory traversal vulnerability in Subversion before 1.4.5, as used ...)
	NOT-FOR-US: TortoiseSVN on Windows
CVE-2007-3845 (Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-27
CVE-2007-3844 (Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and ...)
	{DSA-1391-1 DSA-1346-1 DSA-1345-1 DSA-1344-1 DTSA-51-1 DTSA-52-1 DTSA-53-1 DTSA-71-1}
	- iceweasel 2.0.0.6-1 (medium)
	- xulrunner 1.8.1.6-1 (medium)
	- iceape 1.1.3-2 (medium)
	- icedove 2.0.0.6-1 (medium)
	NOTE: MFSA2007-26
CVE-2007-3843 (The Linux kernel before 2.6.23-rc1 checks the wrong global variable ...)
	{DSA-1363-1}
	- linux-2.6 2.6.23-1 (bug #446073)
CVE-2007-3842 (Cross-site scripting (XSS) vulnerability in the 8e6 R3000 Enterprise ...)
	NOT-FOR-US: 8e6 R3000 Enterprise Filter
CVE-2007-3841 (Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux ...)
	NOTE: this information is based upon a vague advisory by a vulnerability
	NOTE: information sales organization that does not coordinate with vendors or
	NOTE: release actionable advisories. So maybe it is not fixed _but_ since it is
	NOTE: not disclosed it would be hard to fix and track it.
CVE-2007-3840 (SQL injection vulnerability in referralUrl.php in Traffic Stats allows ...)
	NOT-FOR-US: Traffic Stats
CVE-2007-3839 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3838 (Cross-site scripting (XSS) vulnerability in takeprofedit.php in ...)
	NOT-FOR-US: TBDev.NET
CVE-2007-3837 (Heap-based buffer overflow in HydraIRC 0.3.151 allows remote IRC ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3836 (Format string vulnerability in HydraIRC 0.3.151 allows remote ...)
	NOT-FOR-US: HydraIRC
CVE-2007-3835 (Cross-site scripting (XSS) vulnerability in Ex Libris MetaLib 3.13 and ...)
	NOT-FOR-US: Ex Libris MetaLib
CVE-2007-3834 (Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH ...)
	NOT-FOR-US: Ex Libris ALEPH
CVE-2007-3833 (The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios ...)
	NOT-FOR-US: Trillian
CVE-2007-3832 (Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in ...)
	NOT-FOR-US: Trillian
CVE-2007-3831 (PHP remote file inclusion in main.php in ISS Proventia Network IPS ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3830 (Cross-site scripting (XSS) vulnerability in alert.php in ISS Proventia ...)
	NOT-FOR-US: ISS Proventia Network IPS
CVE-2007-3829 (Multiple stack-based buffer overflows in (a) InterActual Player ...)
	NOT-FOR-US: InterActual Player
CVE-2007-3828 (Unspecified vulnerability in mDNSResponder in Apple Mac OS X allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3827 (Mozilla Firefox allows for cookies to be set with a null domain (aka ...)
	NOTE: Unreproducible for upstream
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=388097
CVE-2007-3826 (Microsoft Internet Explorer 7 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3825 (Multiple stack-based buffer overflows in the RPC implementation in ...)
	NOT-FOR-US: CA Alert Notification Server
CVE-2007-3824 (SQL injection vulnerability in katgoster.asp in MzK Blog (tr) allows ...)
	NOT-FOR-US: MzK Blog
CVE-2007-3823 (The Logging Server (Logsrv.exe) in IPSwitch WS_FTP 7.5.29.0 allows ...)
	NOT-FOR-US: IPSwitch WS_FTP
CVE-2007-3822 (Multiple cross-site scripting (XSS) vulnerabilities in Webcit before ...)
	NOT-FOR-US: Webcit
CVE-2007-3821 (Cross-site request forgery (CSRF) vulnerability in Webcit before 7.11 ...)
	NOT-FOR-US: Webcit
CVE-2007-3819 (Opera 9.21 allows remote attackers to spoof the data: URI scheme in ...)
	NOT-FOR-US: Opera
CVE-2007-3818 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3817 (Cross-site scripting (XSS) vulnerability in the LoginToboggan module ...)
	NOT-FOR-US: LoginToboggan
CVE-2007-3816 (** DISPUTED ** ...)
	NOT-FOR-US: JWIG
CVE-2007-3815 (Buffer overflow in pirs32.exe in Poslovni informator Republike ...)
	NOT-FOR-US: Poslovni informator Republike Slovenije
CVE-2007-3814 (Multiple SQL injection vulnerabilities in MKPortal 1.1.1 allow remote ...)
	NOT-FOR-US: MKPortal
CVE-2007-3813 (PHP remote file inclusion vulnerability in include/user.php in the ...)
	NOT-FOR-US: NoBoard BETA module for MKPortal
CVE-2007-3812 (SQL injection vulnerability in forums.php in CMScout 1.23 and earlier ...)
	NOT-FOR-US: CMScout
CVE-2007-3811 (Multiple SQL injection vulnerabilities in eSyndiCat allow remote ...)
	NOT-FOR-US: eSyndiCat
CVE-2007-3810 (SQL injection vulnerability in index.php in Realtor 747 allows remote ...)
	NOT-FOR-US: Realtor 747
CVE-2007-3809 (Multiple SQL injection vulnerabilities in Prozilla Directory Script ...)
	NOT-FOR-US: Prozilla Directory Script
CVE-2007-3808 (SQL injection vulnerability in includes/search.php in paFileDB 3.6 ...)
	NOT-FOR-US: paFileDB
CVE-2007-3807 (Multiple cross-site scripting (XSS) vulnerabilities in SiteScape Forum ...)
	NOT-FOR-US: SiteScape Forum
CVE-2007-3806 (The glob function in PHP 5.2.3 allows context-dependent attackers to ...)
	{DSA-1578-1 DSA-1572-1 DTSA-61-1}
	- php5 5.2.4-1 (medium; bug #441433)
	- php4 <removed>
	[etch] - php5 <no-dsa> (requires malicious script)
	[etch] - php4 <no-dsa> (requires malicious script)
	[sarge] - php4 <no-dsa> (requires malicious script)
CVE-2007-3805 (The IKE implementation in Clavister CorePlus before 8.80.03, and ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3804 (The AntiVirus engine in the HTTP-ALG in Clavister CorePlus before ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3803 (The SMTP ALG in Clavister CorePlus before 8.80.04, and 8.81.00, does ...)
	NOT-FOR-US: Clavister CorePlus
CVE-2007-3802
	REJECTED
CVE-2007-3801
	REJECTED
CVE-2007-3800 (Unspecified vulnerability in the Real-time scanner (RTVScan) component ...)
	NOT-FOR-US: Symantec
CVE-2007-3799 (The session_start function in ext/session in PHP 4.x up to 4.4.7 and ...)
	{DSA-1578-1 DSA-1444-1 DTSA-61-1}
	NOTE: this does not affect default installs, only those who have written
	NOTE: custom session handlers (which isn't *that* uncommon though), and
	NOTE: also may not work if other cookie values are set.
	NOTE: fix sneaked into php 5.2.3 sans-mention:
	NOTE: http://cvs.php.net/viewvc.cgi/php-src/ext/session/session.c?r1=1.417.2.8.2.36&r2=1.417.2.8.2.37&pathrev=PHP_5_2
	NOTE: fixed in php4/etch, php5/etch, php4/sarge svn
	- php4 <removed> (low)
	- php5 5.2.4-1 (low; bug #441433)
CVE-2007-3798 (Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 ...)
	{DSA-1353-1}
	- tcpdump 3.9.5-3 (bug #434030)
CVE-2007-3797
	RESERVED
CVE-2007-3796 (The password reset feature in the Spam Quarantine HTTP interface for ...)
	NOT-FOR-US: Spam Quarantine HTTP interface for MailMarshal SMTP
CVE-2007-3795 (Unspecified vulnerability in Hitachi TP1/Server Base before 03-05-/P, ...)
	NOT-FOR-US: Hitachi
CVE-2007-3794 (Buffer overflow in Hitachi Cosminexus V4 through V7, Processing Kit ...)
	NOT-FOR-US: Hitachi
CVE-2007-3793 (SQL injection vulnerability in Job Management Partner 1/NETM/DM ...)
	NOT-FOR-US: Job Management Partner
CVE-2007-3792 (Multiple PHP remote file inclusion vulnerabilities in AzDG Dating Gold ...)
	NOT-FOR-US: AzDG Dating Gold
CVE-2007-3791 (Buffer overflow in the w_read function in sockets.c in Cami Sardinha ...)
	{DSA-1361-1}
	- postfix-policyd 1.80-2.2 (bug #435735)
CVE-2007-3790 (The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 ...)
	- php5 <not-affected> (com_print_typeinfo is a windows only func)
	- php4 <not-affected> (com_print_typeinfo is a windows only func)
CVE-2007-3789 (SQL injection vulnerability in admin/index.php in Inmostore 4.0 allows ...)
	NOT-FOR-US: Inmostore
CVE-2007-3788 (The eSoft InstaGate EX2 UTM device stores the admin password within ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3787 (The eSoft InstaGate EX2 UTM device does not require entry of the old ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3786 (** DISPUTED ** ...)
	NOT-FOR-US: eSoft InstaGate
CVE-2007-3785 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: EldoS SecureBlackbox
CVE-2007-3784 (Cross-site scripting (XSS) vulnerability in the Belkin G Plus Router ...)
	NOT-FOR-US: Belkin
CVE-2007-3783 (SQL injection vulnerability in default.asp in enVivo!CMS allows remote ...)
	NOT-FOR-US: enVivo!CMS
CVE-2007-3782 (MySQL Community Server before 5.0.45 allows remote authenticated users ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality was introduced in 5.0)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality was introduced in 5.0)
CVE-2007-3781 (MySQL Community Server before 5.0.45 does not require privileges such ...)
	{DSA-1451-1}
	- mysql-dfsg-5.0 5.0.45-1
	[etch] - mysql-dfsg-5.0 <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg <no-dsa> (Minor issue, too intrusive to backport)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Minor issue, too intrusive to backport)
CVE-2007-3780 (MySQL Community Server before 5.0.45 allows remote attackers to cause ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.44
	[sarge] - mysql-dfsg <not-affected> (Introduced with SSL support in 4.1)
CVE-2007-3779 (PHP local file inclusion vulnerability in gpg_pop_init.php in the ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3778 (The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3777 (avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2007-3776 (Cisco Unified Communications Manager (CUCM, formerly CallManager) and ...)
	NOT-FOR-US: Cisco
CVE-2007-3775 (Unspecified vulnerability in Cisco Unified Communications Manager ...)
	NOT-FOR-US: Cisco
CVE-2007-3774 (Dvbbs 7.1.0 SP1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Dvbbs
CVE-2007-3773 (Cross-site request forgery (CSRF) vulnerability in the Email-Template ...)
	NOT-FOR-US: Generic YouTube Clone Script
CVE-2007-3772 (Directory traversal vulnerability in news/show.php in PsNews 1.1 ...)
	NOT-FOR-US: PsNews
CVE-2007-3771 (Stack-based buffer overflow in the Internet E-mail Auto-Protect ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2007-3770 (The terminal_helper_execute function in terminal/terminal.c in Xfce ...)
	{DSA-1393-1}
	- xfce4-terminal 0.2.6-3 (bug #437454)
CVE-2007-3769 (Cross-site scripting (XSS) vulnerability in the mirrored server ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3768 (The mirror mechanism in SurgeFTP 2.3a1 allows user-assisted, remote ...)
	NOT-FOR-US: SurgeFTP
CVE-2007-3767
	RESERVED
CVE-2007-3766
	RESERVED
CVE-2007-3765 (The STUN implementation in Asterisk 1.4.x before 1.4.8, AsteriskNOW ...)
	- asterisk 1:1.4.8~dfsg-1 (bug #433681)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-017.htm
CVE-2007-3764 (The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-016.htm
CVE-2007-3763 (The IAX2 channel driver (chan_iax2) in Asterisk before 1.2.22 and ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-015.htm
CVE-2007-3762 (Stack-based buffer overflow in the IAX2 channel driver (chan_iax2) in ...)
	{DSA-1358-1}
	- asterisk 1:1.4.8~dfsg-1 (high)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-014.htm
CVE-2007-3820 (konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to ...)
	- kdebase 4:3.5.7-3 (bug #433072; low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: http://marc.info/?l=full-disclosure&m=118437069815691&w=2
CVE-2007-3761 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...)
	NOT-FOR-US: Safari
CVE-2007-3760 (Cross-site scripting (XSS) vulnerability in Safari in Apple iPhone ...)
	NOT-FOR-US: Safari
CVE-2007-3759 (Safari in Apple iPhone 1.1.1, when requested to disable Javascript, ...)
	NOT-FOR-US: Safari
CVE-2007-3758 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3757 (Safari in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...)
	NOT-FOR-US: Safari
CVE-2007-3756 (Safari in Apple iPhone 1.1.1, and Safari 3 before Beta Update 3.0.4 on ...)
	NOT-FOR-US: Safari
CVE-2007-3755 (Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3754 (Mail in Apple iPhone 1.1.1, when using SSL, does not warn the user ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3753 (Apple iPhone 1.1.1, with Bluetooth enabled, allows physically ...)
	NOT-FOR-US: Aplle iPhone
CVE-2007-3752 (Heap-based buffer overflow in Apple iTunes before 7.4 allows remote ...)
	NOT-FOR-US: iTunes
CVE-2007-3751 (Unspecified vulnerability in QuickTime for Java in Apple QuickTime ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3750 (Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-3749 (The kernel in Apple Mac OS X 10.4 through 10.4.10 does not reset the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3748 (Buffer overflow in the UPnP IGD (Internet Gateway Device Standardized ...)
	NOT-FOR-US: iChat on Apple Mac OS X
CVE-2007-3747 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3746 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3745 (The Java interface to CoreAudio on Apple Mac OS X 10.3.9 and 10.4.10 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-3744 (Heap-based buffer overflow in the UPnP IGD (Internet Gateway Device ...)
	NOT-FOR-US: Apple Mac OSX
CVE-2007-3743 (Stack-based buffer overflow in bookmark handling in Apple Safari 3 ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3742 (WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3741 (The (1) psp (aka .tub), (2) bmp, (3) pcx, and (4) psd plugins in gimp ...)
	- gimp 2.2.17-1 (unimportant)
	NOTE: Only DoS by memleaks or double-frees, not treated as security problems
CVE-2007-3740 (The CIFS filesystem in the Linux kernel before 2.6.22, when Unix ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.22
CVE-2007-3739 (mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not ...)
	{DSA-1504-1 DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.20-1
CVE-2007-3738 (Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.5 ...)
	{DSA-1534-2 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (medium)
	- xulrunner 1.8.1.5-1 (medium)
	- iceweasel 2.0.0.5-1 (medium)
	NOTE: MFSA2007-25
CVE-2007-3737 (Mozilla Firefox before 2.0.0.5 allows remote attackers to execute ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	- iceweasel 2.0.0.5-1 (high)
	NOTE: MFSA2007-21
CVE-2007-3736 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-19
CVE-2007-3735 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (low)
	NOTE: Affects only broken setups, enabling js in Icedove is strongly not recommended
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3734 (Multiple unspecified vulnerabilities in the browser engine in Mozilla ...)
	{DSA-1391-1 DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1 DTSA-71-1}
	- iceweasel 2.0.0.5-1 (high)
	- icedove 2.0.0.6-1 (high; bug #444010)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-18
CVE-2007-3733
	RESERVED
CVE-2007-3732
	RESERVED
	- linux-2.6 2.6.23-1
	NOTE: Upstream fix: https://git.kernel.org/linus/a10d9a71bafd3a283da240d2868e71346d2aef6f (v2.6.23-rc1)
CVE-2007-3731 (The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid ...)
	{DSA-1378-2 DSA-1378-1}
	- linux-2.6 2.6.23-1
CVE-2007-3730 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3729 (The default configuration of the POP server in TCP/IP Services 5.6 for ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-3728 (Buffer overflow in lib/silcclient/client_notify.c of SILC Client and ...)
	- silc-toolkit 1.1.2-1
	[etch] - silc-toolkit <not-affected> (Only the 1.1.x branch is affected)
	NOTE: http://silcnet.org/docs/changelog/SILC Toolkit 1.1.2
CVE-2007-3727 (Multiple unspecified vulnerabilities in Webmatic before 2.7 have ...)
	NOT-FOR-US: WebMatic
CVE-2007-3726 (Integer signedness error in the SET_VALUE function in rarvm.cpp in ...)
	- unrar-nonfree 3.7.3-1.1 (low; bug #437703)
	[etch] - unrar-nonfree <no-dsa> (Non-free not supported)
	[sarge] - unrar-nonfree <no-dsa> (Non-free not supported)
	- rar 1:3.7b1-1 (low; bug #437704)
	[etch] - rar <not-affected> (Vulnerable code was fixed already)
	[sarge] - rar <no-dsa> (Non-free not supported)
CVE-2007-3725 (The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...)
	{DSA-1340-1 DTSA-43-1}
	- clamav 0.91-1
	[sarge] - clamav <not-affected> (Vulnerable code was introduced in 0.9x)
CVE-2007-3724 (The process scheduler in the Microsoft Windows XP kernel does not make ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-3723 (The process scheduler in the Sun Solaris kernel does not make use of ...)
	NOT-FOR-US: Solaris
CVE-2007-3722 (The 4BSD process scheduler in the FreeBSD kernel performs scheduling ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3721 (The ULE process scheduler in the FreeBSD kernel gives preference to ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (kfreebsd not supported)
CVE-2007-3720 (The process scheduler in the Linux kernel 2.4 performs scheduling ...)
	- linux-2.6 <not-affected> (There's a separate ID for 2.6, see CVE-2007-3719)
CVE-2007-3719 (The process scheduler in the Linux kernel 2.6.16 gives preference to ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: This is the existing default behaviour of the scheduler, can be tuned
	NOTE: to suit individual needs
CVE-2007-3718 (Multiple unspecified vulnerabilities in the SVG parsing engine in ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3717 (rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3716 (The Java XML Digital Signature implementation in Sun JDK and JRE 6 ...)
	- sun-java6 6-02-1 (medium)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3715 (Sun Java System Application Server and Web Server 7.0 through 9.0 ...)
	NOT-FOR-US: Sun Java System Application Server and Web Server
CVE-2007-3714 (Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 ...)
	NOT-FOR-US: Ada Image Server
CVE-2007-3713 (Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow ...)
	{DSA-1433-1 DTSA-55-1}
	- centericq 4.22.1-2.1 (bug #438511; medium)
	- centerim 4.22.1-2.1 (medium)
CVE-2007-3712 (Multiple cross-site scripting (XSS) vulnerabilities in HiddenChest &quot;is ...)
	NOT-FOR-US: HiddenChest
CVE-2007-3711 (Unspecified vulnerability in TOS 2.1.x, 2.2.x before 2.2.5, and 2.5.x ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3710 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Comet-Server
CVE-2007-3709 (CRLF injection vulnerability in the redirect function in ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3708 (Cross-site scripting (XSS) vulnerability in CodeIgniter 1.5.3 before ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3707 (Directory traversal vulnerability in index.php in CodeIgniter 1.5.3 ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3706 (The _sanitize_globals function in CodeIgniter 1.5.3 before 20070628 ...)
	NOT-FOR-US: CodeIgniter
CVE-2007-3705 (SQL injection vulnerability in FuseTalk 2.0 allows remote attackers to ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3704 (Entertainment CMS allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Entertainment CMS
CVE-2007-3703 (Stack-based buffer overflow in a certain ActiveX control in sasatl.dll ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3702 (Directory traversal vulnerability in the load function in ...)
	NOT-FOR-US: Mail Machine
CVE-2007-3701 (TippingPoint IPS before 20070710 does not properly handle a ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-3700 (Sun Java System Access Manager (formerly Java System Identity Server) ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-3699 (The Decomposer component in multiple Symantec products allows remote ...)
	NOT-FOR-US: Symantec
CVE-2007-3698 (The Java Secure Socket Extension (JSSE) in Sun JDK and JRE 6 Update 1 ...)
	- sun-java5 1.5.0-12-1
	- sun-java6 6-02-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3697 (PHP remote file inclusion vulnerability in phpbb/sendmsg.php in ...)
	NOT-FOR-US: FlashBB
CVE-2007-3696 (CA ERwin Data Model Validator (formerly AllFusion Data Model ...)
	NOT-FOR-US: CA ERwin Data Model Validator
CVE-2007-3695 (Buffer overflow in LICRCMD.EXE in CA ERwin Process Modeler (formerly ...)
	NOT-FOR-US: CA ERwin
CVE-2007-3694 (Cross-site scripting (XSS) vulnerability in login.php in Miro Project ...)
	NOT-FOR-US: Broadcast Machine
CVE-2007-3693 (Cross-site scripting (XSS) vulnerability in Gobi as of 20070711, built ...)
	NOT-FOR-US: gobi
CVE-2007-3692 (Directory traversal vulnerability in download.cgi in EZFactory KDDI ...)
	NOT-FOR-US: EZFactory KDDI Download CGI
CVE-2007-3691 (Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3690 (The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal ...)
	NOT-FOR-US: Forward module for Drupal
CVE-2007-3689 (The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal ...)
	NOT-FOR-US: Print module for Drupal
CVE-2007-3688 (Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2007-3687 (SQL injection vulnerability in inferno.php in the Inferno Technologies ...)
	NOT-FOR-US: Inferno Technologies
CVE-2007-3686 (CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3685 (Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3684 (Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating ...)
	NOT-FOR-US: Unobtrusive Ajax Star Rating Bar
CVE-2007-3683 (SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and ...)
	NOT-FOR-US: Aigaion
CVE-2007-3682 (SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier ...)
	NOT-FOR-US: OpenLD
CVE-2007-3681 (The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in ...)
	NOT-FOR-US: WinPcap
CVE-2007-3680 (Stack-based buffer overflow in the odm_searchpath function in libodm ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3679 (The Citrix EPA ActiveX control (aka the &quot;endpoint checking control&quot; or ...)
	NOT-FOR-US: Citrix
CVE-2007-3678 (Stack-based buffer overflow in the MSWord text-import extension (Word ...)
	NOT-FOR-US: QuarkXPress
CVE-2007-3677 (Multiple SQL injection vulnerabilities in Maxsi eVisit Analyst allow ...)
	NOT-FOR-US: Maxsi eVisit Analyst
CVE-1999-1592 (Multiple unspecified vulnerabilities in sendmail 5, as installed on ...)
	- sendmail <not-affected> (Concerns only ancient sendmail V5)
CVE-2007-3676 (IBM DB2 Universal Database (UDB) Administration Server (DAS) 8 before ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3675 (Multiple format string vulnerabilities in the kavwebscan.CKAVWebScan ...)
	NOT-FOR-US: Kaspersky Online Scanner
CVE-2007-3674
	RESERVED
CVE-2007-3673 (Symantec symtdi.sys before 7.0.0, as distributed in Symantec AntiVirus ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2007-3672 (Cross-site scripting (XSS) vulnerability in ecrire/tools.php in ...)
	NOT-FOR-US: DotClear
CVE-2007-3671 (Unspecified vulnerability in the kernel in Microsoft Windows Vista has ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-3670 (Argument injection vulnerability in Microsoft Internet Explorer, when ...)
	- iceweasel <not-affected> (Only affects Firefox/Thunderbird on Windows)
	- icedove <not-affected> (Only affects Firefox/Thunderbird on Windows)
	NOTE: MFSA2007-23
CVE-2007-3669 (Multiple unspecified vulnerabilities in the Innovasys DockStudioXP ...)
	NOT-FOR-US: InnovaDSXP2.OCX ActiveX Control
CVE-2007-3668 (Multiple unspecified vulnerabilities in NMSDVDXU.DLL in NuMedia ...)
	NOT-FOR-US: NMSDVDXLib
CVE-2007-3667 (Unspecified vulnerability in EXCLEXPT.DLL in ActiveReportsExcelReport ...)
	NOT-FOR-US: ActiveReportsExcelReport
CVE-2007-3666 (Buffer overflow in RemoteCommand.DLL in Symantec Norton Ghost 12.0 ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3665 (Multiple unspecified vulnerabilities in FileBackup.DLL in Symantec ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3664 (Multiple unspecified vulnerabilities in Eltima Software RunService ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3663 (Divide-by-zero error in Media Player Classic (MPC) 6.4.9.0 allows ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3662 (Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-3661 (Eltima Software Virtual Serial Port (VSPAX) ActiveX control ...)
	NOT-FOR-US: Eltima Software
CVE-2007-3660 (The Nonnoi ASP/Barcode ActiveX control (nonnoi_ASPBarcode.dll) allows ...)
	NOT-FOR-US: Nonnoi
CVE-2007-3659 (Buffer overflow in the doBrowserAction function in FreeWRL 1.19.3 ...)
	NOT-FOR-US: FreeWRL
CVE-2007-3658 (Unspecified vulnerability in Microsoft Register Server (REGSVR) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-3657 (** DISPUTED ** ...)
	NOTE: Disputed Firefox issue, browser crashes not treated as security problems anyway
CVE-2007-3656 (Mozilla Firefox before 1.8.0.13 and 1.8.1.x before 1.8.1.5 does not ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (high)
	- iceape 1.1.3-1 (high)
	- xulrunner 1.8.1.5-1 (high)
	NOTE: MFSA2007-24
CVE-2007-3655 (Stack-based buffer overflow in javaws.exe in Sun Java Web Start in JRE ...)
	- sun-java5 1.5.0-12-1
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-02-1
CVE-2007-3654 (The display driver allocattr functions in NetBSD 3.0 through ...)
	NOT-FOR-US: NetBSD
CVE-2007-3653 (Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3652 (SQL injection vulnerability in class/page.php in Farsi Script (aka ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3651 (class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote ...)
	NOT-FOR-US: Farsi Script
CVE-2007-3650 (myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-3649 (Absolute path traversal vulnerability in a certain ActiveX control in ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3648 (SQL injection vulnerability in Webmatic before 2.6.2, and possibly ...)
	NOT-FOR-US: WebMatic
CVE-2007-3647 (The isloggedin function in Php/login.inc.php in phpTrafficA 1.4.3 and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3646 (SQL injection vulnerability in index.php in FlashGameScript 1.7 and ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-3645 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3644 (archive_read_support_format_tar.c in libarchive before 2.2.4 allows ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3643 (admin/index.php in AV Arcade 2.1b grants administrative privileges ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3642 (The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-2
CVE-2007-3641 (archive_read_support_format_tar.c in libarchive before 2.2.4 does not ...)
	{DSA-1455-1}
	- libarchive 2.2.4-1 (bug #432924; low)
CVE-2007-3640 (Adobe Integrated Runtime (AIR, aka Apollo) allows context-dependent ...)
	NOT-FOR-US: Adobe Apollo
CVE-2007-3639 (WordPress before 2.2.2 allows remote attackers to redirect visitors to ...)
	{DSA-1564-1}
	- wordpress 2.2.2-1
CVE-2007-3638 (Buffer overflow in Yahoo! Messenger 8.1 allows user-assisted remote ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-3637 (SQL injection vulnerability in MKPortal 1.1.1 allows remote attackers ...)
	NOT-FOR-US: MKPortal
CVE-2007-3636 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3635 (Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3634 (Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for ...)
	NOT-FOR-US: G/PGP (GPG) Plugin for Squirrelmail
CVE-2007-3633 (Absolute path traversal vulnerability in the Chilkat Software Chilkat ...)
	NOT-FOR-US: Chilkat Software
CVE-2007-3632 (Multiple PHP remote file inclusion vulnerabilities in LimeSurvey (aka ...)
	NOTE: Moodle contains a copy of the files, but not the string
	NOTE: "homedir", so it is not affected.
CVE-2007-3631 (SQL injection vulnerability in index.php in GameSiteScript (gss) 3.1 ...)
	NOT-FOR-US: GameSiteScript
CVE-2007-3630 (changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require ...)
	NOT-FOR-US: AV Tutorial
CVE-2007-3629 (SQL injection vulnerability in oku.asp in Levent Veysi Portal 1.0 ...)
	NOT-FOR-US: Levent Veysi Portal
CVE-2007-3628 (Unspecified vulnerability in the fetch function in MDB2.php in PEAR ...)
	NOT-FOR-US: Structures-DataGrid-DataSource-MDB2
CVE-2007-3627 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2007-3626 (Unspecified vulnerability in the ADM daemon in Hitachi TPBroker before ...)
	NOT-FOR-US: Hitachi
CVE-2007-3625 (The Program Neighborhood Agent in Citrix Presentation Server Clients ...)
	NOT-FOR-US: Citrix
CVE-2007-3624 (Heap-based buffer overflow in the Message HTTP Server in SAP Message ...)
	NOT-FOR-US: SAP
CVE-2007-3623 (Cross-site scripting (XSS) vulnerability in the Hitachi JP1/HiCommand ...)
	NOT-FOR-US: Hitachi
CVE-2007-3622 (Unspecified vulnerability in DomainPOP in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: MDaemon
CVE-2007-3621 (Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex ...)
	NOT-FOR-US: AsteriDex
CVE-2007-3620 (Multiple directory traversal vulnerabilities in Maia Mailguard 1.0.2 ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3619 (Directory traversal vulnerability in login.php in Maia Mailguard 1.0.2 ...)
	NOT-FOR-US: Maia Mailguard
CVE-2007-3618 (Stack-based buffer overflow in the NetWorker Remote Exec Service ...)
	NOT-FOR-US: EMC Software NetWorker
CVE-2007-3617 (The report module in vtiger CRM before 5.0.3 does not properly apply ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3616 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3615 (Internet Communication Manager (aka ICMAN.exe or ICM) in SAP NetWeaver ...)
	NOT-FOR-US: SAP
CVE-2007-3614 (Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB ...)
	NOT-FOR-US: SAP DB Web Server
CVE-2007-3613 (Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP ...)
	NOT-FOR-US: SAP
CVE-2007-3612 (Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC ...)
	NOT-FOR-US: Visual IRC
CVE-2007-3611 (admin.php in VRNews 1.1.1, and possibly other 1.x versions, does not ...)
	NOT-FOR-US: VRNews
CVE-2007-3610 (SQL injection vulnerability in categories_type.php in phpVID 0.9.9 ...)
	NOT-FOR-US: phpVID
CVE-2007-3609 (Multiple SQL injection vulnerabilities in eMeeting Online Dating ...)
	NOT-FOR-US: eMeeting
CVE-2007-3608 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
	NOT-FOR-US: SAP
CVE-2007-3607 (Multiple unspecified vulnerabilities in ActiveX controls in the ...)
	NOT-FOR-US: SAP
CVE-2007-3606 (Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX ...)
	NOT-FOR-US: SAP
CVE-2007-3605 (Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX ...)
	NOT-FOR-US: SAP
CVE-2007-3604 (vtiger CRM before 5.0.3 allows remote authenticated users with access ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3603 (SQL injection vulnerability in the dashboard ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3602 (The SOAP webservice in vtiger CRM before 5.0.3 does not ensure that ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3601 (vtiger CRM before 5.0.3, when a migrated build is used, allows remote ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3600 (WordPlugin in the wordintegration component in vtiger CRM before 5.0.3 ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3599 (vtiger CRM before 5.0.3 allows remote authenticated users to import ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3598 (index.php in vtiger CRM before 5.0.3 allows remote authenticated users ...)
	NOT-FOR-US: vtiger CRM
CVE-2007-3597 (Session fixation vulnerability in Zen Cart 1.3.7 and earlier allows ...)
	NOT-FOR-US: Zen Cart
CVE-2007-3596 (inc/vul_check.inc in phpVideoPro before 0.8.8 permits non-alphanumeric ...)
	NOT-FOR-US: phpVideoPro
CVE-2007-3595
	REJECTED
CVE-2007-3594 (Multiple cross-site scripting (XSS) vulnerabilities in AdventNet ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2007-3593 (Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2007-3592 (PM.php in Elite Bulletin Board before 1.0.10 allows remote ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3591 (Unspecified vulnerability in Profile.php in Elite Bulletin Board ...)
	NOT-FOR-US: Elite Bulletin Board
CVE-2007-3590 (Cross-site scripting (XSS) vulnerability in visitenkarte.php in b1gBB ...)
	NOT-FOR-US: b1gBB
CVE-2007-3589 (Multiple SQL injection vulnerabilities in b1gbb 2.24.0 allow remote ...)
	NOT-FOR-US: b1gbb
CVE-2007-3588 (SQL injection vulnerability in reply.php in VBZooM 1.12 allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2007-3587 (MyCMS 0.9.8 and earlier allows remote attackers to gain privileges via ...)
	NOT-FOR-US: MyCMS
CVE-2007-3586 (Multiple direct static code injection vulnerabilities in MyCMS 0.9.8 ...)
	NOT-FOR-US: MyCMS
CVE-2007-3585 (PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 ...)
	NOT-FOR-US: MyCMS
CVE-2007-3584 (SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and ...)
	NOT-FOR-US: PNphpBB2
CVE-2007-3583 (SQL injection vulnerability in details_news.php in Girlserv ads 1.5 ...)
	NOT-FOR-US: Girlserv ads
CVE-2007-3582 (SQL injection vulnerability in index.php in SuperCali PHP Event ...)
	NOT-FOR-US: SuperCali PHP Event Calendar
CVE-2007-3581 (The Jedox Palo 1.5 client transmits the password in cleartext, which ...)
	NOT-FOR-US: Jedox
CVE-2007-3580 (PHPIDS does not properly handle certain code containing newlines, as ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3579 (PHPIDS before 20070703 does not properly handle setting the .text ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3578 (PHPIDS before 20070703 does not properly handle (1) arithmetic ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3577 (PHPIDS before 20070703 does not properly handle use of the substr ...)
	NOT-FOR-US: PHPIDS
CVE-2007-3576 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2007-3575 (SQL injection vulnerability in includes/functions in FreeDomain.co.nr ...)
	NOT-FOR-US: FreeDomain.co.nr Clone
CVE-2007-3574 (Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on ...)
	NOT-FOR-US: Linksys
CVE-2007-3573 (Multiple SQL injection vulnerabilities in akocomment allow remote ...)
	NOT-FOR-US: AkoComment
CVE-2007-3572 (Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in ...)
	NOT-FOR-US: Yoggie
CVE-2007-3571 (The Apache Web Server as used in Novell NetWare 6.5 and GroupWise ...)
	NOT-FOR-US: Novell
CVE-2007-3570 (The Linux Access Gateway in Novell Access Manager before 3.0 SP1 ...)
	NOT-FOR-US: Novell
CVE-2007-3569 (Multiple cross-site scripting (XSS) vulnerabilities in Oliver Library ...)
	NOT-FOR-US: Oliver Library Management System
CVE-2007-3568 (The _LoadBMP function in imlib 1.9.15 and earlier allows ...)
	- imlib 1.9.15-3 (bug #437708; low)
	[sarge] - imlib <no-dsa> (Minor issue, just a crash)
	[etch] - imlib <no-dsa> (Minor issue, just a crash)
CVE-2007-3567 (MySQLDumper 1.21b through 1.23 REV227 uses a &quot;Limit GET&quot; statement in ...)
	NOT-FOR-US: MysqlDumper
CVE-2007-3566 (Stack-based buffer overflow in the database service (ibserver.exe) in ...)
	NOT-FOR-US: Borland InterBase
CVE-2007-3565
	RESERVED
CVE-2007-3564 (libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does ...)
	{DSA-1333-1}
	- curl 7.16.4-1 (low)
CVE-2007-3563 (SQL injection vulnerability in includes/view_page.php in AV Arcade ...)
	NOT-FOR-US: AV Arcade
CVE-2007-3562 (SQL injection vulnerability in videos.php in PHP Director 0.21 and ...)
	NOT-FOR-US: PHP Director
CVE-2007-3561 (Cross-site scripting (XSS) vulnerability in ara.asp in Efendy Blog 1.0 ...)
	NOT-FOR-US: Efendy Blog
CVE-2007-3560 (Multiple unspecified vulnerabilities in Esqlanelapse before 2.6 have ...)
	NOT-FOR-US: Esqlanelapse
CVE-2007-3559 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2007-3558 (SQL injection vulnerability in Coppermine Photo Gallery (CPG) before ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-3557 (SQL injection vulnerability in admin/login.php in Wheatblog (wB) 1.1, ...)
	NOT-FOR-US: Wheatblog
CVE-2007-3556 (Liesbeth base CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: Liesbeth
CVE-2007-3555 (Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 ...)
	{DSA-1691-1}
	- moodle 1.8.2-1 (low; bug #432264)
CVE-2007-3554 (Stack-based buffer overflow in the HPSDDX Class (SDD) ActiveX control ...)
	NOT-FOR-US: HP
CVE-2007-3553 (Cross-site scripting (XSS) vulnerability in Rapid Install Web Server ...)
	NOT-FOR-US: Oracle
CVE-2007-3552 (Multiple unspecified vulnerabilities in bbs100 before 3.2 allow remote ...)
	NOT-FOR-US: bbs100
CVE-2007-3551 (Buffer overflow in bbs100 before 3.2 allows remote attackers to cause ...)
	NOT-FOR-US: bbs100
CVE-2007-3550 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3549 (SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3548 (Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers ...)
	NOT-FOR-US: W3Filer
CVE-2007-3547 (Directory traversal vulnerability in qti_checkname.php in QuickTicket ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3546 (Cross-site scripting (XSS) vulnerability in the Windows GUI in Nessus ...)
	NOT-FOR-US: Nessus Windows GUI
CVE-2007-3545 (Buffer overflow in Warzone 2100 Resurrection before 2.0.7 allows ...)
	NOT-FOR-US: Warzone
CVE-2007-3544 (Unrestricted file upload vulnerability in (1) wp-app.php and (2) ...)
	- wordpress 2.2.2-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3543 (Unrestricted file upload vulnerability in WordPress before 2.2.1 and ...)
	- wordpress 2.2.1-1
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-3542 (Cross-site scripting (XSS) vulnerability in admin/auth.php in Pluxml ...)
	NOT-FOR-US: Pluxml
CVE-2007-3541 (Cross-site scripting (XSS) vulnerability in Kurinton sHTTPd 20070408 ...)
	NOT-FOR-US: Kurinton sHTTPd
CVE-2007-3540 (Multiple cross-site scripting (XSS) vulnerabilities in search.asp in ...)
	NOT-FOR-US: rwAuction
CVE-2007-3539 (Multiple SQL injection vulnerabilities in QuickTicket 1.2 ...)
	NOT-FOR-US: QuickTicket
CVE-2007-3538 (SQL injection vulnerability in qtg_msg_view.php in QuickTalk guestbook ...)
	NOT-FOR-US: QuickTalk
CVE-2007-3537 (IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-3536 (Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX ...)
	NOT-FOR-US: AMX NetLinx VNC
CVE-2007-3535 (Multiple directory traversal vulnerabilities in GL-SH Deaf Forum 6.4.4 ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2007-3534 (SQL injection vulnerability in login.php in WebChat 0.78 allows remote ...)
	NOT-FOR-US: WebChat
CVE-2007-3533 (The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote ...)
	NOT-FOR-US: 3Com
CVE-2007-3532 (NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and ...)
	- nvidia-kernel-common 20051028+1-0.1 (bug #434398; low)
	[sarge] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
	[etch] - nvidia-kernel-common <no-dsa> (Contrib and non-free not supported)
CVE-2007-3531 (The set_default_speeds function in backend/backend.c in NVidia NVClock ...)
	- nvclock 0.8b-1 (low)
CVE-2007-3530 (PHPDirector 0.21 and earlier stores the admin account name and ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3529 (videos.php in PHPDirector 0.21 and earlier allows remote attackers to ...)
	NOT-FOR-US: PHPDirector
CVE-2007-3528 (The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC ...)
	- dar 2.3.3-1 (low; bug #425335)
	[etch] - dar <no-dsa> (Minor issue)
	[sarge] - dar <no-dsa> (Minor issue)
CVE-2007-3527 (Integer overflow in Firebird 2.0.0 allows remote authenticated users ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (bug #441405)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed>
CVE-2007-3526 (Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier ...)
	NOT-FOR-US: Buddy Zone
CVE-2007-3525 (Ripe Website Manager 0.8.9 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3524 (Multiple PHP remote file inclusion vulnerabilities in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-3523 (Multiple directory traversal vulnerabilities in Module/Galerie.php in ...)
	NOT-FOR-US: XCMS
CVE-2007-3522 (Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 ...)
	NOT-FOR-US: sPHPell
CVE-2007-3521 (SQL injection vulnerability in ArcadeBuilder Game Portal Manager 1.7 ...)
	NOT-FOR-US: ArcadeBuilder Game Portal Manager
CVE-2007-3520 (SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store ...)
	NOT-FOR-US: Easybe
CVE-2007-3519 (SQL injection vulnerability in eventdisplay.php in phpEventCalendar ...)
	NOT-FOR-US: phpEventCalendar
CVE-2007-3518 (SQL injection vulnerability in msg.php in HispaH YouTube Clone Script ...)
	NOT-FOR-US: HispaH YouTube Clone Script
CVE-2007-3517 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.8.3 ...)
	NOT-FOR-US: Claroline
CVE-2007-3516 (Multiple cross-site scripting (XSS) vulnerabilities in kayit.asp in ...)
	NOT-FOR-US: Gorki Online Santrac Sitesi
CVE-2007-3515 (SQL injection vulnerability in view_event.php in TotalCalendar 2.402 ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7220 (Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote ...)
	NOT-FOR-US: SAP SAPLPD
CVE-2006-7219 (eZ publish before 3.8.5 does not properly enforce permissions for ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7218 (eZ publish before 3.8.1 does not properly enforce permissions for ...)
	- ezpublish <not-affected> (Debian's version is too old)
CVE-2006-7217 (Apache Derby before 10.2.1.6 does not determine schema privilege ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-1858
CVE-2006-7216 (Apache Derby before 10.2.1.6 does not determine privilege requirements ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-1708
CVE-2006-7215 (The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop ...)
	NOT-FOR-US: Intel processor
CVE-2005-4859 (mimicboard2 (Mimic2) 086 and earlier stores sensitive information ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4858 (Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in ...)
	NOT-FOR-US: mimicboard2
CVE-2005-4857 (eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and ...)
	- ezpublish <removed>
CVE-2005-4856 (The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, ...)
	- ezpublish <removed>
CVE-2005-4855 (Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4854 (eZ publish 3.5 through 3.7 before 20050830 does not use a folder's ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4853 (The default configuration of the forum package in eZ publish 3.5 ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4852 (The siteaccess URIMatching implementation in eZ publish 3.5 through ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4851 (eZ publish 3.4.4 through 3.7 before 20050722 applies certain ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4850 (eZ publish 3.5 through 3.7 before 20050608 requires both edit and ...)
	- ezpublish <removed> (bug #424790)
CVE-2005-4849 (Apache Derby before 10.1.2.1 exposes the (1) user and (2) password ...)
	- derby <not-affected> (Fixed before initial upload to Debian)
	NOTE: http://issues.apache.org/jira/browse/DERBY-530
	NOTE: http://issues.apache.org/jira/browse/DERBY-559
CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which ...)
	- matrixssl 1.1-1
CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely ...)
	- matrixssl 1.1-1
CVE-1999-1591 (Microsoft Internet Information Services (IIS) server 4.0 SP4, without ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-3514 (Cross-domain vulnerability in Apple Safari for Windows 3.0.2 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3513 (The lcd_write function in drivers/usb/misc/usblcd.c in the Linux ...)
	{DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 5afeb104e7901168b21aad0437fb51dc620dfdd3
	NOTE: in Linus' tree.
CVE-2007-3512 (Stack-based buffer overflow in Lhaca File Archiver before 1.22 allows ...)
	NOT-FOR-US: Lhaca
CVE-2007-3511 (The focus handling for the onkeydown event in Mozilla Firefox ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (bug #438873; low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-32
CVE-2007-3510 (Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-3509 (Heap-based buffer overflow in the RPC subsystem in Symantec Backup ...)
	NOT-FOR-US: Symantec
CVE-2007-3508 (** DISPUTED ** ...)
	- glibc 2.6-2 (unimportant; bug #431858)
	NOTE: Not security-relevant
CVE-2007-3507 (Stack-based buffer overflow in the local__vcentry_parse_value function ...)
	- flac123 0.0.11-1 (low; bug #432008)
	[etch] - flac123 <no-dsa> (Minor issue)
CVE-2007-3506 (The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType ...)
	- freetype 2.3.4 (bug #432013)
	[sarge] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[etch] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
	[lenny] - freetype <not-affected> (Vulnerable code introduced in 2.3.x)
CVE-2007-3505 (Multiple directory traversal vulnerabilities in QuickTalk forum 1.3 ...)
	NOT-FOR-US: QuickTalk forum
CVE-2007-3504 (Directory traversal vulnerability in the PersistenceService in Sun ...)
	- sun-java5 <not-affected>
	NOTE: Sun Alert ID 102957 says issue is Windows only
CVE-2007-3503 (The Javadoc tool in Sun JDK 6 and JDK 5.0 Update 11 can generate HTML ...)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java5 1.5.0-12-1
	[etch] - sun-java6 <no-dsa> (non-free)
	- sun-java6 6-01-1 (bug #432006)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-3502 (Unspecified vulnerability in the web-based product configuration ...)
	NOT-FOR-US: Kaspersky Anti-Spam
CVE-2007-3501 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-3500 (Xeweb XEForum allows remote attackers to gain privileges via a ...)
	NOT-FOR-US: Xeweb XEForum
CVE-2007-3499 (SlackRoll before 8 accepts gpg exit codes other than 0 and 1 as ...)
	NOT-FOR-US: SlackRoll
CVE-2007-3498 (Cross-site scripting (XSS) vulnerability in smoketests/configForm.php ...)
	NOT-FOR-US: HTML Purifier
CVE-2007-3497 (Microsoft Internet Explorer 7 allows remote attackers to determine the ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3496 (Cross-site scripting (XSS) vulnerability in SAP Web Dynpro Java ...)
	NOT-FOR-US: SAP Web Dynpro Java
CVE-2007-3495 (Multiple cross-site scripting (XSS) vulnerabilities in the SAP ...)
	NOT-FOR-US: SAP Internet Communication Framework
CVE-2007-3494 (Papoo CMS 3.6, and possibly earlier, does not verify user privileges ...)
	NOT-FOR-US: Papoo CMS
CVE-2007-3493 (A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in ...)
	NOT-FOR-US: NCTAudioStudio
CVE-2007-3492 (Conti FtpServer 1.0 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Conti FtpServer
CVE-2007-3491 (Buffer overflow in _mprosrv in Progress Software OpenEdge before ...)
	NOT-FOR-US: Progress Software OpenEdge
CVE-2007-3490 (Unspecified vulnerability in Microsoft Excel 2003 SP2 allows remote ...)
	NOT-FOR-US: Microsoft Excel 2003 SP2
CVE-2007-3489 (Cross-site request forgery (CSRF) vulnerability in pop/WizU.html in ...)
	NOT-FOR-US: Check Point VPN-1 Edge X
CVE-2007-3488 (Heap-based buffer overflow in the viewer ActiveX control in Sony ...)
	NOT-FOR-US: Sony Network Camera SNC-P5 1.0
CVE-2007-3487 (Absolute path traversal in a certain ActiveX control in hpqxml.dll ...)
	NOT-FOR-US: Hewlett-Packard (HP) Photo Digital Imaging ActiveX control
CVE-2007-3486 (Cross-site scripting (XSS) vulnerability in AltaVista search engine ...)
	NOT-FOR-US: AltaVista
CVE-2007-3485 (Multiple cross-site scripting (XSS) vulnerabilities in Yandex.Server ...)
	NOT-FOR-US: Yandex.Server
CVE-2007-3484 (** DISPUTED ** ...)
	NOT-FOR-US: Google Custom Search Engine
CVE-2007-3483 (Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3482 (Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3481 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3480 (PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3479 (Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows ...)
	NOT-FOR-US: PCSoft WinDEV
CVE-2007-3478 (Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is a crash, and does not seem to be attacker controlled.
CVE-2007-3477 (The (a) imagearc and (b) imagefilledarc functions in GD Graphics ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed>  (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: CPU consumption DoS
CVE-2007-3476 (Array index error in gd_gif_in.c in the GD Graphics Library (libgd) ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	- libwmf <unfixed> (unimportant)
	- racket 5.0.2-1 (unimportant; bug #601525)
	NOTE: Only present in one of the sample pl-scheme packages (plot)
	NOTE: can write a 0 to a 4k window in heap, very unlikely to be controllable.
CVE-2007-3475 (The GD Graphics Library (libgd) before 2.0.35 allows user-assisted ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: out-of-band memory read, does not appear attacker controlled.
CVE-2007-3474 (Multiple unspecified vulnerabilities in the GIF reader in the GD ...)
	NOTE: appears to be prophylactic dup of CVE-2007-3476.
CVE-2007-3473 (The gdImageCreateXbm function in the GD Graphics Library (libgd) ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash (same as CVE-2007-3472)
CVE-2007-3472 (Integer overflow in gdImageCreateTrueColor function in the GD Graphics ...)
	- libgd2 2.0.35.dfsg-1 (unimportant)
	NOTE: this is only a NULL deref crash.
CVE-2007-3471 (Buffer overflow in the dtsession Common Desktop Environment (CDE) ...)
	NOT-FOR-US: Sun Solaris dtsession
CVE-2007-3470 (Multiple unspecified vulnerabilities in the KSSL kernel module in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3469 (Unspecified vulnerability in the TCP Loopback/Fusion implementation in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3468 (input.c in VideoLAN VLC Media Player before 0.8.6c allows remote ...)
	{DSA-1332-1}
	- vlc 0.8.6.c.debian-1 (bug #429726)
CVE-2007-3467 (Integer overflow in the __status_Update function in stats.c VideoLAN ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (bug #429726)
CVE-2007-3466
	RESERVED
CVE-2007-3465 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3464 (Check Point SofaWare Safe@Office, with firmware before Embedded NGX ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3463 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft Windows XP SP2
CVE-2007-3462 (Cross-site request forgery (CSRF) vulnerability in Check Point ...)
	NOT-FOR-US: Check Point SofaWare Safe
CVE-2007-3461 (SQL injection vulnerability in property.php in elkagroup Image Gallery ...)
	NOT-FOR-US: elkagroup Image Gallery
CVE-2007-3460 (Multiple PHP remote file inclusion vulnerabilities in index.php3 in ...)
	NOT-FOR-US: EVA-Web
CVE-2007-3459 (A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax ...)
	NOT-FOR-US: Civitech Avax Vector
CVE-2007-3458 (The libsldap library in Sun Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris libsldap
CVE-2007-3457 (Adobe Flash Player 8.0.34.0 and earlier insufficiently validates HTTP ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2007-3456 (Integer overflow in Adobe Flash Player 9.0.45.0 and earlier might ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (non-free not supported)
CVE-2006-7214 (Multiple unspecified vulnerabilities in Firebird 1.5 allow remote ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7213 (Firebird 1.5 allows remote authenticated users without SYSDBA and ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7212 (Multiple buffer overflows in Firebird 1.5, one of which affects WNET, ...)
	{DSA-1529-1}
	- firebird1.5 <removed> (bug #432753)
	- firebird2 <removed>
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
CVE-2006-7211 (fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the ...)
	{DSA-1529-1}
	- firebird1.5 <not-affected> (fixed before rename to firebird1.5)
	- firebird2 1.5.3.4870-4 (low; bug #362001)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	- firebird2.0 <not-affected> (fixed in 2.0)
	[sarge] - firebird2 <no-dsa> (Minor issue)
CVE-2006-7210 (Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to ...)
	NOT-FOR-US: Windows
CVE-2005-4848 (Buffer overflow in the decompression algorithm in Research in Motion ...)
	NOT-FOR-US: BlackBerry Enterprise Server
CVE-2007-3455 (cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3454 (Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in ...)
	NOT-FOR-US: Trend Micro OfficeScan Corporate Edition
CVE-2007-3453 (SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows ...)
	NOT-FOR-US: Papoo
CVE-2007-3452 (SQL injection vulnerability in essentials/minutes/doc.php in eDocStore ...)
	NOT-FOR-US: eDocStore
CVE-2007-3451 (PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3450 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3449 (SQL injection vulnerability in member.php in 6ALBlog allows remote ...)
	NOT-FOR-US: 6ALBlog
CVE-2007-3448 (Cross-site scripting (XSS) vulnerability in index.php in BugMall ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3447 (SQL injection vulnerability in BugMall Shopping Cart 2.5 and earlier ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3446 (BugMall Shopping Cart 2.5 and earlier has a default username &quot;demo&quot; ...)
	NOT-FOR-US: BugMall Shopping Cart
CVE-2007-3445 (Buffer overflow in SJ Labs SJphone 1.60.303c, running under Windows ...)
	NOT-FOR-US: SJphone
CVE-2007-3444 (The Research in Motion BlackBerry 7270 with 4.0 SP1 Bundle 83 allows ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3443 (The Research in Motion BlackBerry 7270 before 4.0 SP1 Bundle 108 does ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3442 (Format string vulnerability on the Research in Motion BlackBerry 7270 ...)
	NOT-FOR-US: BlackBerry 7270
CVE-2007-3441 (Format string vulnerability in the Aastra 9112i SIP Phone with ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3440 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3439 (The Snom 320 SIP Phone, running snom320 linux 3.25, snom320-SIP 6.2.3, ...)
	NOT-FOR-US: Snom 320 SIP Phone
CVE-2007-3438 (Buffer overflow in the SIP header parsing module in the Nortel PC ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3437 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-3436 (Microsoft MSN Messenger 4.7 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-3435 (Stack-based buffer overflow in the BeginPrint method in a certain ...)
	NOT-FOR-US: BarCodeAx.dll
CVE-2007-3434 (index.php in Pharmacy System 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3433 (SQL injection vulnerability in index.php in Pharmacy System 2 and ...)
	NOT-FOR-US: Pharmacy System
CVE-2007-3432 (Unrestricted file upload vulnerability in admin/images.php in Pluxml ...)
	NOT-FOR-US: Pluxml
CVE-2007-3431 (PHP remote file inclusion vulnerability in cal.func.php in Valerio ...)
	NOT-FOR-US: Dagger
CVE-2007-3430 (SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-3429 (Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and ...)
	NOT-FOR-US: e107
CVE-2007-3428 (Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3427 (SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3426 (Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3425 (Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-3424 (The moveim function in cgi-bin/cgi-lib/instantmessage.pl in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3423 (cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 ...)
	NOT-FOR-US: WebAPP
CVE-2007-3422 (The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-3421 (The (1) login, (2) admin profile edit, (3) reminder, (4) edit profile, ...)
	NOT-FOR-US: WebAPP
CVE-2007-3420 (The Random Cookie Password functionality in the loaduser function in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3419 (The editprofile3 function in cgi-bin/cgi-lib/user.pl in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-3418 (The displaypost function in cgi-bin/cgi-lib/forum_display.pl in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3417 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WebAPP
CVE-2007-3416 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: WebAPP
CVE-2007-3415 (Multiple SQL injection vulnerabilities in index.php in phpRaider 1.0.0 ...)
	NOT-FOR-US: phpRaider
CVE-2007-3414 (Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 ...)
	NOT-FOR-US: access2asp
CVE-2007-3413 (Multiple cross-site scripting (XSS) vulnerabilities in bosDataGrid ...)
	NOT-FOR-US: bosDataGrid
CVE-2007-3412 (Cross-site scripting (XSS) vulnerability in edit_image.asp in ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3411 (SQL injection vulnerability in edit_image.asp in ClickGallery Server ...)
	NOT-FOR-US: ClickGallery Server
CVE-2007-3410 (Stack-based buffer overflow in the SmilTimeValue::parseWallClockValue ...)
	- helix-player <not-affected> (Debian versions of Helix player not affected according to maintainer)
CVE-2007-3409 (Net::DNS before 0.60, a Perl module, allows remote attackers to cause ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3408 (Multiple unspecified vulnerabilities in Dia before 0.96.1-6 have ...)
	- dia <not-affected> (Windows packaging with bundled FreeType libs)
CVE-2007-3407 (Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to ...)
	NOT-FOR-US: Simple HTTPD
CVE-2007-3406 (Multiple absolute path traversal vulnerabilities in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3405 (Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp ...)
	NOT-FOR-US: Lebisoft zdefter
CVE-2007-3404 (Directory traversal vulnerability in ShowImage.php in SiteDepth CMS ...)
	NOT-FOR-US: SiteDepth CMS
CVE-2007-3403 (Unrestricted file upload vulnerability in upload.php in dreamLog (aka ...)
	NOT-FOR-US: dreamLog
CVE-2007-3402 (SQL injection vulnerability in index.php in pagetool 1.07 allows ...)
	NOT-FOR-US: pagetool
CVE-2007-3401 (PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB ...)
	NOT-FOR-US: B1GBB
CVE-2007-3400 (The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as ...)
	NOT-FOR-US: NCTAudioEditor2 ActiveX control
CVE-2007-3399 (SQL injection vulnerability in include/get_userdata.php in Power ...)
	NOT-FOR-US: Power Phlogger
CVE-2007-3398 (LiteWEB 2.7 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: LiveWEB
CVE-2007-3397 (The web container in IBM WebSphere Application Server (WAS) before ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3396 (Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) ...)
	NOT-FOR-US: KeyFocus
CVE-2007-3395
	REJECTED
CVE-2007-3394 (Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote ...)
	NOT-FOR-US: eNdonesia
CVE-2007-3388 (Multiple format string vulnerabilities in (1) qtextedit.cpp, (2) ...)
	{DSA-1426-1}
	- qt-x11-free 3:3.3.7-6
	- qt4-x11 <not-affected> (This problem is not present in any version of Qt 4)
	NOTE: http://web.archive.org/web/20080206133848/http://trolltech.com:80/company/newsroom/announcements/press.2007-07-27.7503755960
CVE-2007-3387 (Integer overflow in the StreamPredictor::StreamPredictor function in ...)
	{DSA-1357-1 DSA-1355-1 DSA-1354-1 DSA-1352-1 DSA-1350-1 DSA-1349-1 DSA-1348-1 DSA-1347-1 DTSA-49-1 DTSA-50-1 DTSA-54-1 DTSA-62-1}
	- poppler 0.5.4-6.1 (bug #435460)
	- gpdf <removed>
	- xpdf 3.02-1.1 (bug #435462)
	- kdegraphics 4:3.5.7-3
	- koffice 1:1.6.3-2
	- pdftohtml <removed>
	[etch] - pdftohtml 0.36-13etch1
	- tetex-bin 3.0-12
	NOTE: pdftex links to poppler since 3.0-12, thus marking as fixed
	- cupsys <not-affected> (unimportant; bug #436099)
	- cups <not-affected> (unimportant; bug #436099)
	NOTE: cups uses xpdf-utils
	- pdfkit.framework 0.8-4
	NOTE: links to poppler since 0.8-4, thus marking as fixed
	- libextractor 0.5.12-1
	NOTE: libextractor uses internal pdf decoder since 0.5.12-1, thus marking as fixed
	- ipe <not-affected> (Does not include the vulnerable code)
	- swftools 0.9.2+ds1-2
CVE-2007-3386 (Cross-site scripting (XSS) vulnerability in the Host Manager Servlet ...)
	{DSA-1447-1}
	- tomcat5.5 5.5.25-1
CVE-2007-3385 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3384 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: tomcat 3.3
CVE-2007-3383 (Cross-site scripting (XSS) vulnerability in SendMailServlet in the ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
	NOTE: affects example app in tomcat4-webapps
CVE-2007-3382 (Apache Tomcat 6.0.0 to 6.0.13, 5.5.0 to 5.5.24, 5.0.0 to 5.0.30, 4.1.0 ...)
	{DSA-1453-1 DSA-1447-1}
	- tomcat5.5 5.5.25-1
	- tomcat5 <removed>
CVE-2007-3381 (The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x ...)
	- gdm 2.18.4-1 (low)
	[sarge] - gdm <no-dsa> (Minor issue)
	[etch] - gdm <no-dsa> (Minor issue)
CVE-2007-3380 (The Distributed Lock Manager (DLM) in the cluster manager for Linux ...)
	- linux-2.6 2.6.23-1
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-3379 (Unspecified vulnerability in the kernel in Red Hat Enterprise Linux ...)
	- linux-2.6 <not-affected> (Red Hat-specific vulnerability)
CVE-2007-3378 (The (1) session_save_path, (2) ini_set, and (3) error_log functions in ...)
	- php4 <removed> (unimportant)
	- php5 5.2.4-1 (unimportant)
CVE-2007-3377 (Header.pm in Net::DNS before 0.60, a Perl module, (1) generates ...)
	{DSA-1515-1}
	- libnet-dns-perl 0.60-1 (low)
CVE-2007-3376 (Buffer overflow in Apple Safari 3.0.2 on Windows XP SP2 allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3375 (Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows ...)
	NOT-FOR-US: Lhaca
CVE-2007-3374 (Buffer overflow in cluster/cman/daemon/daemon.c in cman ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2007-3373 (daemon.c in cman (redhat-cluster-suite) before 20070622 does not clear ...)
	- redhat-cluster <not-affected> (Just relevant in newer versions, we don't ship this file)
CVE-2006-7209 (Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA ...)
	NOT-FOR-US: phpTrafficA
CVE-2006-7208 (PHP remote file inclusion vulnerability in download.php in the Adam ...)
	NOT-FOR-US: phpBB component com_forum
CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba ...)
	- samba <not-affected> (Vulnerable version not in any suite)
CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...)
	- mysql-dfsg-5.0 <not-affected> (Newer versions in all suites apart oldstable)
	NOTE: oldstable is affected, everything else uses libmysqlclient15
CVE-2007-3389 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3390 (Wireshark 0.99.5 and 0.10.x up to 0.10.14, when running on certain ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3391 (Wireshark 0.99.5 allows remote attackers to cause a denial of service ...)
	- wireshark 0.99.6pre1-1
	[etch] - wireshark <not-affected> (Only affected 0.99.5)
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3392 (Wireshark before 0.99.6 allows remote attackers to cause a denial of ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3393 (Off-by-one error in the DHCP/BOOTP dissector in Wireshark before ...)
	{DSA-1322-1}
	- wireshark 0.99.6pre1-1
	- ethereal <not-affected> (Vulnerable code not present)
CVE-2007-3372 (The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a ...)
	{DSA-1690-1}
	- avahi 0.6.20-2 (low)
	[etch] - avahi <no-dsa> (Minor issue, only affects local users)
CVE-2007-3371 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Powl
CVE-2007-3370 (Multiple PHP remote file inclusion vulnerabilities in Sun Board ...)
	NOT-FOR-US: Sun Board
CVE-2007-3369 (Buffer overflow in the Polycom SoundPoint IP 601 SIP phone with ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3368 (Buffer overflow in the HTTP server on the Polycom SoundPoint IP 601 ...)
	NOT-FOR-US: Polycom SoundPoint IP 601 SIP phone
CVE-2007-3367 (Simple CGI Wrapper (scgiwrap) in cPanel before 10.9.1, and 11.x before ...)
	NOT-FOR-US: cPanel
CVE-2007-3366 (Cross-site scripting (XSS) vulnerability in Simple CGI Wrapper ...)
	NOT-FOR-US: cPanel
CVE-2007-3365 (MyServer 0.8.9 and earlier does not properly handle uppercase ...)
	NOT-FOR-US: MyServer
CVE-2007-3364 (Cross-site scripting (XSS) vulnerability in the cgi-bin/post.mscgi ...)
	NOT-FOR-US: MyServer
CVE-2007-3363 (Multiple unspecified vulnerabilities in ageet AGEphone before 1.6.3 ...)
	NOT-FOR-US: AGEphone
CVE-2007-3362 (ageet AGEphone before 1.6.2, running on Windows Mobile 5 on the HTC ...)
	NOT-FOR-US: AGEphone
CVE-2007-3361 (The Nortel PC Client SIP Soft Phone 4.1 3.5.208[20051015] allows ...)
	NOT-FOR-US: Nortel PC Client SIP Soft Phone
CVE-2007-3360 (hook.c in BitchX 1.1-final allows remote IRC servers to execute ...)
	- ircii-pana <removed> (medium; bug #432120)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=10;filename=bitchx_CVE-2007-3360.patch;att=1;bug=432120
CVE-2007-3359 (Multiple PHP remote file inclusion vulnerabilities in SerWeb 0.9.6 and ...)
	NOT-FOR-US: SerWeb
CVE-2007-3358 (PHP remote file inclusion vulnerability in html/load_lang.php in ...)
	NOT-FOR-US: SerWeb
CVE-2007-3357 (NetClassifieds Premium Edition does not use encryption for (1) stored ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3356 (NetClassifieds Premium Edition allows remote attackers to obtain ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3355 (Multiple cross-site scripting (XSS) vulnerabilities in NetClassifieds ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3354 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2007-3353 (** DISPUTED ** ...)
	NOT-FOR-US: MyEvent
CVE-2007-3352 (Cross-site scripting (XSS) vulnerability in the preview form in ...)
	NOT-FOR-US: Stephen Ostermiller Contact Form
CVE-2007-3351 (The SJPhone SIP soft phone 1.60.303c, when installed on the Dell Axim ...)
	NOT-FOR-US: SJPhone SIP
CVE-2007-3350 (AOL Instant Messenger (AIM) 6.1.32.1 on Windows XP allows remote ...)
	NOT-FOR-US: AIM
CVE-2007-3349 (The Aastra 9112i SIP Phone with firmware 1.4.0.1048 and boot version ...)
	NOT-FOR-US: Aastra 9112i SIP Phone
CVE-2007-3348 (The D-Link DPH-540/DPH-541 phone allows remote attackers to cause a ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3347 (The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are ...)
	NOT-FOR-US: D-Link DPH-540/DPH-541 phone
CVE-2007-3346 (Directory traversal vulnerability in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3345 (Multiple SQL injection vulnerabilities in index.php in PHPAccounts 0.5 ...)
	NOT-FOR-US: PHPAccounts
CVE-2007-3344 (Multiple cross-site scripting (XSS) vulnerabilities in netjukebox ...)
	NOT-FOR-US: netjukebox
CVE-2007-3343 (Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2007-3342 (Multiple cross-site scripting (XSS) vulnerabilities in Movable Type ...)
	NOT-FOR-US: Movable Type
CVE-2007-3341 (Unspecified vulnerability in the FTP implementation in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-3340 (BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3339 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ColdFusion
CVE-2007-3338 (Multiple stack-based buffer overflows in Ingres database server 2006 ...)
	NOT-FOR-US: Ingres
CVE-2007-3337 (wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used ...)
	NOT-FOR-US: Ingres
CVE-2007-3336 (Multiple &quot;pointer overwrite&quot; vulnerabilities in Ingres database server ...)
	NOT-FOR-US: Ingres
CVE-2007-3335 (Multiple SQL injection vulnerabilities in the admin panel in PHPEcho ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-3334 (Multiple heap-based buffer overflows in the (1) Communications Server ...)
	NOT-FOR-US: Ingres
CVE-2007-3333 (Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 ...)
	NOT-FOR-US: IBM AIX
CVE-2007-3332 (Directory traversal vulnerability in Satellite.php in Satel Lite for ...)
	NOT-FOR-US: Satel Lite for PhpNuke
CVE-2007-3331 (Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3330 (Cross-site scripting (XSS) vulnerability in STphp EasyNews PRO 4.0 ...)
	NOT-FOR-US: STphp EasyNews PRO
CVE-2007-3329 (Multiple array index errors in the (1) get_intra_block, (2) ...)
	NOT-FOR-US: Xvid
CVE-2007-3328 (Multiple cross-site scripting (XSS) vulnerabilities in Interact 2.4 ...)
	NOT-FOR-US: Interact
CVE-2007-3327 (httpsv.exe in HTTP Server 1.6.2 allows remote attackers to obtain ...)
	NOT-FOR-US: HTTP Server 1.6.2
CVE-2007-3326 (Multiple directory traversal vulnerabilities in vBulletin 3.x.x allow ...)
	NOT-FOR-US: vBulletin
CVE-2007-3325 (PHP remote file inclusion vulnerability in lib/language.php in LAN ...)
	NOT-FOR-US: LAN Management System
CVE-2007-3324 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus Cart ...)
	NOT-FOR-US: Comersus Cart
CVE-2007-3323 (SQL injection vulnerability in comersus_optReviewReadExec.asp in ...)
	NOT-FOR-US: Comersus Shop Cart
CVE-2006-7207 (Buffer overflow in ageet AGEphone before 1.4.0 might allow remote ...)
	NOT-FOR-US: AGEphone
CVE-2006-7206 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-4168
	REJECTED
CVE-2007-3322 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3321 (The Avaya 4602 SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3320 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3319 (The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP ...)
	NOT-FOR-US: Avaya IP Phone
CVE-2007-3318 (Buffer overflow in the Session Initiation Protocol (SIP) User Access ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3317 (The Session Initiation Protocol (SIP) User Access Client (UAC) message ...)
	NOT-FOR-US: Avaya one-X Desktop Edition
CVE-2007-3316 (Multiple format string vulnerabilities in plugins in VideoLAN VLC ...)
	{DSA-1332-1}
	- vlc 0.8.6.c-1 (medium; bug #429726)
CVE-2007-3315 (Multiple PHP remote file inclusion vulnerabilities in YourFreeScreamer ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3314 (Stack-based buffer overflow in peviewer.spl in Altap Servant ...)
	NOT-FOR-US: Altap Servant Salamander
CVE-2007-3313 (Multiple SQL injection vulnerabilities in Jasmine CMS 1.0 allow remote ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3312 (Directory traversal vulnerability in admin/plugin_manager.php in ...)
	NOT-FOR-US: Jasmine CMS
CVE-2007-3311 (SQL injection vulnerability in print.php in the Articles 1.02 and ...)
	NOT-FOR-US: Articles
CVE-2007-3310 (Cross-site scripting (XSS) vulnerability in arama.asp in TDizin allows ...)
	NOT-FOR-US: TDizin
CVE-2007-3309 (Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3308 (Simple Machines Forum (SMF) 1.1.2 uses a concatenation method with ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-3307 (SQL injection vulnerability in game_listing.php in Solar Empire ...)
	NOT-FOR-US: Solar Empire
CVE-2007-3306 (PHP remote file inclusion vulnerability in crontab/run_billing.php in ...)
	NOT-FOR-US: MiniBill
CVE-2007-3305 (Heap-based buffer overflow in Cerulean Studios Trillian 3.x before ...)
	NOT-FOR-US: Cerulean Studios Trillian
CVE-2007-3304 (Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, ...)
	- apache <removed> (low)
	- apache2 2.2.4-2 (low)
	[etch] - apache2 2.2.3-4+etch2
	[sarge] - apache2 2.0.54-5sarge2 (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-3303 (Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows ...)
	- apache2 <unfixed> (unimportant)
	NOTE: If you can execute arbitrary code, a DoS is not a problem.
CVE-2007-3302 (The CallCode ActiveX control in caller.dll 3.0 before 20070713, and ...)
	NOT-FOR-US: CA
CVE-2007-3301 (SQL injection vulnerability in forum/include/error/autherror.cfm in ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3300 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
	NOT-FOR-US: F-Secure
CVE-2007-3299 (Cross-site scripting (XSS) vulnerability in AWFFull before 3.7.4, when ...)
	- awffull 3.7.4final-1 (unimportant)
	NOTE: awffull (a webalizer fork) does not have any cookie based authentication
	NOTE: or other sensitive data that could be leaked through this
CVE-2007-3298 (SQL injection vulnerability in Spey before 0.4.1 allows remote ...)
	NOT-FOR-US: Spey
CVE-2007-3297 (Multiple PHP remote file inclusion vulnerabilities in Musoo 0.21 allow ...)
	NOT-FOR-US: Musoo
CVE-2007-3296 (The ThunderServer.webThunder.1 ActiveX control in xunlei Web ...)
	NOT-FOR-US: Web Thunderbolt
CVE-2007-3295 (Directory traversal vulnerability in Yet another Bulletin Board (YaBB) ...)
	NOT-FOR-US: YaBB
CVE-2007-3294 (Multiple buffer overflows in libtidy, as used in the Tidy extension ...)
	- php5 <removed> (unimportant)
	NOTE: Only exploitable by malicious script
CVE-2007-3293 (SQL injection vulnerability in categoria.php in LiveCMS 3.4 and ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3292 (Unrestricted file upload vulnerability in LiveCMS 3.4 and earlier ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3291 (Cross-site scripting (XSS) vulnerability in LiveCMS 3.4 and earlier ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3290 (categoria.php in LiveCMS 3.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: LiveCMS
CVE-2007-3289 (PHP remote file inclusion vulnerability in spaw/spaw_control.class.php ...)
	NOT-FOR-US: WiwiMod for XOOPS
CVE-2007-3288 (Cross-site scripting (XSS) vulnerability in the skeltoac stats ...)
	NOT-FOR-US: skeltoac stats plugin for WordPress
CVE-2007-3287
	RESERVED
CVE-2007-3286 (Multiple buffer overflows in unspecified ActiveX controls in COM ...)
	NOT-FOR-US: Avaya IP Softphone
CVE-2007-3285 (Mozilla Firefox before 2.0.0.5, when run on Windows, allows remote ...)
	- iceweasel <not-affected> (Affects only Firefox in Windows)
	NOTE: MFSA2007-22
CVE-2007-3284 (corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3283 (GNOME XScreenSaver in Sun Solaris 8 and 9 before 20070417, when root ...)
	- xscreensaver <not-affected> (Not a security issue: works as documented)
CVE-2007-3282 (Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-3281 (Cross-site scripting (XSS) vulnerability in index.php in Php Hosting ...)
	NOT-FOR-US: Php Hosting Biller
CVE-2007-3280 (The Database Link library (dblink) in PostgreSQL 8.1 implements ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3279 (PostgreSQL 8.1 and probably later versions, when the PL/pgSQL ...)
	- postgresql-8.1 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
	- postgresql-8.2 <not-affected> (Neither PL/pgsql nor dblink are enabled by default)
CVE-2007-3278 (PostgreSQL 8.1 and probably later versions, when local trust ...)
	{DSA-1463-1 DSA-1460-1}
	- postgresql-8.1 <not-affected> (local trust authentication is not enabled in Debian)
	- postgresql-8.2 <not-affected> (local trust authentication is not enabled in Debian)
CVE-2007-3277 (Unspecified vulnerability in the localization before 1.2 module for ...)
	NOT-FOR-US: localization module for WIKINDX
CVE-2007-3276 (Cross-site scripting (XSS) vulnerability in index.php in Site@School ...)
	NOT-FOR-US: Site
CVE-2007-3275 (MailWasher Server before 2.2.1, when used with LDAP or Active ...)
	NOT-FOR-US: MailWasher Server
CVE-2007-3274 (Apple Safari 3.0 and 3.0.1 on Windows XP SP2 allows attackers to cause ...)
	NOT-FOR-US: Apple Safari
CVE-2007-3273 (SQL injection vulnerability in index.cfm in FuseTalk 2.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2007-3272 (Directory traversal vulnerability in index.php in MiniBB 2.0.5 allows ...)
	NOT-FOR-US: MiniBB
CVE-2007-3271 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: YourFreeScreamer
CVE-2007-3270 (PHP remote file inclusion vulnerability in Includes/global.inc.php in ...)
	NOT-FOR-US: phpMyInventory
CVE-2007-3269 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo Light 3.6 ...)
	NOT-FOR-US: Papoo Light
CVE-2007-3268 (The TFTP implementation in IBM Tivoli Provisioning Manager for OS ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-3267 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3266 (Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows ...)
	NOT-FOR-US: WEBIF
CVE-2007-3265 (Cross-site scripting (XSS) vulnerability in the Samples component in ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3264 (Unspecified vulnerability in the PD tools component in IBM WebSphere ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3263 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3262 (Unspecified vulnerability in the Default Messaging Component in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-3261 (Cross-site scripting (XSS) vulnerability in widgets/widget_search.php ...)
	NOT-FOR-US: dKret
CVE-2007-3260 (HP System Management Homepage (SMH) before 2.1.9 for Linux, when used ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3259 (Calendarix 0.7.20070307 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Calendarix
CVE-2007-3258 (calendar.php in Calendarix 0.7.20070307 allows remote attackers to ...)
	NOT-FOR-US: Calendarix
CVE-2007-3257 (Camel (camel-imap-folder.c) in the mailer component for Evolution Data ...)
	{DSA-1325-1 DSA-1321-1}
	- evolution 2.12.0-1
	- evolution-data-server 1.10.2-2 (bug #429876)
	[sarge] - evolution-data-server <not-affected> (Vulnerable code present in a different source package)
CVE-2007-3256 (Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3255 (Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3254 (Multiple cross-site scripting (XSS) vulnerabilities in Xythos ...)
	NOT-FOR-US: Xythos Enterprise Document Manager
CVE-2007-3253 (Multiple unspecified vulnerabilities in Astaro Security Gateway (ASG) ...)
	NOT-FOR-US: Astaro Security Gateway
CVE-2007-3252 (PortalApp stores sensitive information under the web root with ...)
	NOT-FOR-US: PortalApp
CVE-2007-3251 (Multiple directory traversal vulnerabilities in e-Vision CMS 2.02 and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3250 (SQL injection vulnerability in mod_banners.php in Elxis CMS before ...)
	NOT-FOR-US: Elxis CMS
CVE-2007-3249 (Cross-site scripting (XSS) vulnerability in mod_lettermansubscribe.php ...)
	NOT-FOR-US: Letterman Subscriber
CVE-2007-3248 (Unspecified vulnerability in Sun Solaris 10 before 20070614, when IPv6 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3247 (SQL injection vulnerability in VirtueMart before 1.0.11 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2005-4847 (Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack ...)
	NOT-FOR-US: Spey
CVE-2005-4846 (Format string vulnerability in Logger.cc for Spey 0.3.3 allows ...)
	NOT-FOR-US: Spey
CVE-2007-3246 (The do_set_password function in modules/chanserv/set.c in IRC Services ...)
	NOT-FOR-US: IRC Services
CVE-2007-3245 (IRC Services before 5.0.62, and 5.1 before 5.1pre3, allows remote ...)
	NOT-FOR-US: IRC Services
CVE-2007-3244 (SQL injection vulnerability in bb-includes/formatting-functions.php in ...)
	NOT-FOR-US: bbPress
CVE-2007-3243 (Cross-site scripting (XSS) vulnerability in bb-login.php in bbPress ...)
	NOT-FOR-US: bbPress
CVE-2007-3242 (The Menu Manager Mod for (1) web-app.net WebAPP (aka WebAPP NE) ...)
	NOT-FOR-US: WebAPP
CVE-2007-3241 (Cross-site scripting (XSS) vulnerability in blogroll.php in the ...)
	NOT-FOR-US: cordobo-green-park theme for WordPress
CVE-2007-3240 (Cross-site scripting (XSS) vulnerability in 404.php in the ...)
	NOT-FOR-US: Vistered-Little theme for WordPress
CVE-2007-3239 (Cross-site scripting (XSS) vulnerability in searchform.php in the ...)
	NOT-FOR-US: AndyBlue theme for WordPress
CVE-2007-3238 (Cross-site scripting (XSS) vulnerability in functions.php in the ...)
	{DSA-1502-1}
	- wordpress 2.2.2-1 (low)
CVE-2007-3237 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3236 (PHP remote file inclusion vulnerability in footer.php in the Horoscope ...)
	NOT-FOR-US: XOOPS
CVE-2007-3235 (Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3234 (SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows ...)
	NOT-FOR-US: Fuzzylime Forum
CVE-2007-3233 (The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 ...)
	NOT-FOR-US: TEC-IT
CVE-2007-3232 (The IBM TotalStorage DS400 with firmware 4.15 uses a blank password ...)
	NOT-FOR-US: IBM
CVE-2007-3231 (Buffer overflow in MeCab before 0.96 has unknown impact and attack ...)
	- mecab 0.95-1.1 (bug #429174; low)
	[etch] - mecab <no-dsa> (Minor issue)
	[sarge] - mecab <no-dsa> (Minor issue)
CVE-2007-3230 (PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer ...)
	NOT-FOR-US: PHP::HTML
CVE-2007-3229 (index.php in Singapore Gallery allows remote attackers to obtain ...)
	NOT-FOR-US: Singapore Gallery
CVE-2007-3228 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sitellite CMS
CVE-2007-3227 (Cross-site scripting (XSS) vulnerability in the to_json ...)
	- rails 1.2.5-1 (bug #429177)
CVE-2007-3226 (Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 ...)
	NOT-FOR-US: dotProject
CVE-2007-3225 (Unspecified vulnerability in Sun Java System Directory Server (slapd) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3224 (Unspecified vulnerability in Sun ONE/Java System Directory Server ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-3223 (Unspecified vulnerability in the NFS server in Sun Solaris 10 before ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3222 (PHP remote file inclusion vulnerability in modify.php in the XFsection ...)
	NOT-FOR-US: XOOPS
CVE-2007-3221 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3220 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3219 (Unspecified vulnerability in sources/action_public/xmlout.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2007-3218 (Cross-site scripting (XSS) vulnerability in request.php in PHP Live! ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3217 (Multiple PHP remote file inclusion vulnerabilities in Prototype of an ...)
	NOT-FOR-US: Prototype of an PHP application
CVE-2007-3216 (Multiple buffer overflows in the LGServer component of CA (Computer ...)
	NOT-FOR-US: CA BrightStor products
CVE-2007-3215 (PHPMailer 1.7, when configured to use sendmail, allows remote ...)
	{DSA-1315-1}
	- libphp-phpmailer 1.73-4 (high; bug #429179)
	- flyspray 0.9.8-12 (bug #429191; bug #429195)
	[etch] - flyspray <not-affected> (Vulnerable code not)
	[sarge] - flyspray <not-affected> (Vulnerable code not included)
	- moodle 1.8.2-2 (bug #429190)
	- owl-dms 0.94-2 (bug #429197)
	- knowledgeroot 0.9.8.2-2 (bug #429196)
	[etch] - knowledgeroot <not-affected> (Vulnerable code not used)
	[etch] - owl-dms <not-affected> (Vulnerable code not used)
	- ipplan 4.85-2 (bug #429193)
	- glpi 0.68.3.2-1 (bug #429192)
	[etch] - glpi <not-affected> (Vulnerable code not used)
	- wordpress 2.2.1-1 (bug #429194)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	- mahara 1.0.5-2 (bug #504253)
	[lenny] - mahara 1.0.4-3
	[etch] - phpgroupware <not-affected> (bug #504255; Vulnerable code not used)
	- phpgroupware 0.9.16.012+dfsg-9 (medium; bug #504255)
	- egroupware <not-affected> (bug #504283; Vulnerable code not used)
CVE-2007-3214 (SQL injection vulnerability in style.php in e-Vision CMS 2.02 and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2007-3213 (Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in ...)
	NOT-FOR-US: Sporum Forum
CVE-2007-3212 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
	NOT-FOR-US: Beehive Forum
CVE-2007-3211 (Cross-site scripting (XSS) vulnerability in 404.php in Domain ...)
	NOT-FOR-US: Domain Technologie Control (DTC)
CVE-2007-3210 (Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens ...)
	NOT-FOR-US: Cellosoft Tokens Object
CVE-2007-3209 (Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses ...)
	- mail-notification 4.0.dfsg.1-2 (low; bug #428157)
	[sarge] - mail-notification <not-affected> (Only affects 3.x and 4.x)
	[etch] - mail-notification <no-dsa> (Minor issue, needs proper documentation in errata)
CVE-2007-3208 (CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 ...)
	NOT-FOR-US: YaBB
CVE-2007-3207 (Buffer overflow in the NFS mount daemon (XNFS.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell NetWare
CVE-2007-3206
	RESERVED
CVE-2007-3205 (The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: That's by design
CVE-2007-3204 (SQL injection vulnerability in auth.php in Just For Fun Network ...)
	NOTE: This is an jffnms ID, which has been wrongly reported by an external party,
	NOTE: The data is sufficiently sanitised with the Debian fix for CVE-2007-3192
CVE-2007-3203 (Stack-based buffer overflow in smtpdll.dll in the SMTP service in ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2007-3202 (Cross-site scripting (XSS) vulnerability in the rich text editor in ...)
	NOT-FOR-US: Webwiz
CVE-2007-3201 (Visual truncation vulnerability in Windows Privacy Tray (WinPT) 1.2.0 ...)
	NOT-FOR-US: Windows Privacy Tray (WinPT)
CVE-2007-3200 (NMASINST in Novell Modular Authentication Service (NMAS) 3.1.2 and ...)
	NOT-FOR-US: Novell
CVE-2007-3199 (Unrestricted file upload vulnerability in Link Request Contact Form ...)
	NOT-FOR-US: Link Request Contact Form
CVE-2007-3198 (Cross-site scripting (XSS) vulnerability in comments.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Blog
CVE-2007-3197 (SQL injection vulnerability in vBSupport.php in vBSupport 1.1 before ...)
	NOT-FOR-US: vBulletin
CVE-2007-3196 (SQL injection vulnerability in vBSupport.php in vSupport Integrated ...)
	NOT-FOR-US: VBulletin
CVE-2007-3195 (Cross-site scripting (XSS) vulnerability in index.php in ERFAN WIKI ...)
	NOT-FOR-US: ERFAN WIKI
CVE-2007-3194 (** DISPUTED ** ...)
	NOT-FOR-US: myBloggie
CVE-2007-3193 (lib/WikiUser/LDAP.php in PhpWiki before 1.3.13p1, when the ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (low; bug #429201)
CVE-2007-3192 (admin/setup.php in Just For Fun Network Management System (JFFNMS) ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4 (medium)
	NOTE: 20_security.dpatch is addressing this bug however the maintainer didn't include
	NOTE: a note about the CVE id.
CVE-2007-3191 (Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3190 (Multiple SQL injection vulnerabilities in auth.php in Just For Fun ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3189 (Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun ...)
	{DSA-1374-1}
	- jffnms 0.8.3dfsg.1-4
CVE-2007-3188 (SQL injection vulnerability in down_indir.asp in Fullaspsite GeometriX ...)
	NOT-FOR-US: Fullaspsite GeometriX Download Portal
CVE-2007-3187 (Multiple unspecified vulnerabilities in Apple Safari for Windows allow ...)
	NOT-FOR-US: Apple
CVE-2007-3186 (Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2007-3185 (Apple Safari Beta 3.0.1 for Windows public beta allows remote ...)
	NOT-FOR-US: Apple
CVE-2007-3184 (Cisco Trust Agent (CTA) before 2.1.104.0, when running on MacOS X, ...)
	NOT-FOR-US: Cisco
CVE-2007-3183 (Multiple SQL injection vulnerabilities in Calendarix 0.7.20070307, ...)
	NOT-FOR-US: Calendarix
CVE-2007-3182 (Multiple cross-site scripting (XSS) vulnerabilities in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2007-3181 (Buffer overflow in fbserver.exe in Firebird SQL 2 before 2.0.1 allows ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (medium)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (medium)
	NOTE: maybe fixed prior to 2.0.3.12981.ds1-1 (2.0.1) but couldn't find any earlier source code
	NOTE: in the pool to check and since this version is in testing and unstable...
CVE-2007-3180 (Buffer overflow in Help and Support Center before 4.4 C on HP Windows ...)
	NOT-FOR-US: HP
CVE-2007-3179 (Multiple SQL injection vulnerabilities in archives.php in Particle ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-3178 (Multiple SQL injection vulnerabilities in Zindizayn Okul Web Sistemi ...)
	NOT-FOR-US: Sistemi
CVE-2007-3177 (Ingate Firewall and SIParator before 4.5.2 allow remote attackers to ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3176 (Unspecified vulnerability in Ingate Firewall and SIParator before ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2007-3175 (Multiple SQL injection vulnerabilities in W2B Online Banking allow ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3174 (Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online ...)
	NOT-FOR-US: W2B Online Banking
CVE-2007-3173 (Almnzm allows remote attackers to obtain sensitive information via an ...)
	NOT-FOR-US: Almnzm
CVE-2007-3172 (Directory traversal vulnerability in demo/pop3/error.php in Uebimiau ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3171 (Uebimiau Webmail allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UebiMiau
CVE-2007-3170 (Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau ...)
	NOT-FOR-US: Uebimiau
CVE-2007-3169 (Buffer overflow in a certain ActiveX control in the EDraw Office ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3168 (A certain ActiveX control in the EDraw Office Viewer Component ...)
	NOT-FOR-US: EDraw Office Viewer Component
CVE-2007-3167 (Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control ...)
	NOT-FOR-US: Vivotek
CVE-2007-3166 (Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, ...)
	NOT-FOR-US: Qualcomm Eudora
CVE-2007-3165 (Tor before 0.1.2.14 can construct circuits in which an entry guard is ...)
	- tor 0.1.2.14-1 (medium)
CVE-2007-3164 (Microsoft Internet Explorer 7, when prompting for HTTP Basic ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3163 (Incomplete blacklist vulnerability in the filemanager in Frederico ...)
	- moin 1.5.8-4.1 (unimportant; bug #429205)
	- knowledgeroot 0.9.8.2-2 (unimportant; bug #429204)
	- karrigell <removed> (unimportant; bug #429207)
	NOTE: This is only exploitable on NTFS filesystems
	NOTE: Given the state of Linux' NTFS support it seems highly unlikely
	NOTE: and given the state of ext3/XFS highly stupid to run a Debian-based
	NOTE: web server with NTFS
CVE-2007-3162 (Buffer overflow in the NotSafe function in the idaiehlp ActiveX ...)
	NOT-FOR-US: Internet Download Accelerator
CVE-2007-3161 (Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote ...)
	NOT-FOR-US: Ace-FTP Client
CVE-2007-3160 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...)
	NOT-FOR-US: PHP Real Estate Classifieds Premium Plus
CVE-2007-3159 (http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a ...)
	NOT-FOR-US: MiniWeb
CVE-2007-3158 (download_script.asp in ASP Folder Gallery allows remote attackers to ...)
	NOT-FOR-US: ASP Folder Gallery
CVE-2007-3157 (IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build ...)
	NOT-FOR-US: SafeNET
CVE-2007-3156 (Multiple cross-site scripting (XSS) vulnerabilities in pam_login.cgi ...)
	- webmin <removed>
CVE-2007-3155 (Unspecified vulnerability in eGroupWare before 1.2.107-2 has unknown ...)
	- egroupware 1.2.107-2.dfsg-1 (bug #429208)
CVE-2007-3154 (Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka ...)
	NOTE: Apparently a bogus issue; upstream developer of wz_tooltip.js isn't aware
	NOTE: of any security problem, see #429215, #429209, #429214, #429213
CVE-2007-3153 (The ares_init:randomize_key function in c-ares, on platforms other ...)
	NOT-FOR-US: c-ares
CVE-2007-3152 (c-ares before 1.4.0 uses a predictable seed for the random number ...)
	NOT-FOR-US: c-ares
CVE-2007-3151 (rpttop.htm in the web management interface in Packeteer PacketShaper ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-3150 (Google Desktop allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: Google Desktop
CVE-2007-3149 (sudo, when linked with MIT Kerberos 5 (krb5), does not properly check ...)
	- sudo <not-affected> (Not linked with krb5)
CVE-2007-3148 (Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ...)
	NOT-FOR-US: Yahoo! Webcam Viewer
CVE-2007-3147 (Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ...)
	NOT-FOR-US: Yahoo! Webcam Upload
CVE-2007-3146 (Zen Help Desk 2.1 stores sensitive information under the web root with ...)
	NOT-FOR-US: Zen Help Desk
CVE-2007-3145 (Visual truncation vulnerability in Galeon 2.0.1 allows remote ...)
	- galeon <removed> (unimportant; bug #429216)
	NOTE: Hardly a problem, Galeon's rotting any way and doesn't offer up-to-date
	NOTE: phishing protections anyway
CVE-2007-3144 (Visual truncation vulnerability in Mozilla 1.7.12 allows remote ...)
	NOTE: Minor issue, exact details unknown to upstream
CVE-2007-3143 (Visual truncation vulnerability in Konqueror 3.5.5 allows remote ...)
	- kdebase 4:3.5.7-3 (low)
	[sarge] - kdebase <no-dsa> (Minor issue)
	[etch] - kdebase <no-dsa> (Minor issue)
	NOTE: referring to maintainer this is definetly fixed in 4:3.5.7-3
CVE-2007-3142 (Visual truncation vulnerability in Opera 9.21 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-3141 (PHP remote file inclusion vulnerability in core/editor.php in ...)
	NOT-FOR-US: phpWebThings
CVE-2007-3140 (SQL injection vulnerability in xmlrpc.php in WordPress 2.2 allows ...)
	- wordpress 2.2.1-1 (bug #428073)
	[etch] - wordpress <not-affected> (Doesn't affect 2.0.x branch)
CVE-2007-3139 (config/general.php in Quick.Cart 2.2 and earlier uses a default ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3138 (Directory traversal vulnerability in index.php in Open Solution ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-3137 (Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in ...)
	NOT-FOR-US: WmsCMS
CVE-2007-3136 (PHP remote file inclusion vulnerability in inc/nuke_include.php in ...)
	NOT-FOR-US: newsSync
CVE-2007-3135 (Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom ...)
	NOT-FOR-US: Atom Photoblog
CVE-2007-3134 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Atom PhotoBlog
CVE-2007-3133 (SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 ...)
	NOT-FOR-US: W1L3D4
CVE-2007-3132 (Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and ...)
	NOT-FOR-US: Symantec Ghost
CVE-2007-3131 (Cross-site scripting (XSS) vulnerability in add_comment.php in Light ...)
	NOT-FOR-US: Light Blog
CVE-2007-3130 (Multiple PHP remote file inclusion vulnerabilities in the OpenWiki ...)
	NOT-FOR-US: OpenWiki
CVE-2005-4845 (The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and ...)
	NOT-FOR-US: Sun Java on Microsoft Windows
CVE-2005-4844 (The CLSID_ApprenticeICW control allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-4843 (The SmartConnect Class control allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-4842 (The System Monitor Source Properties control allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2005-4841 (The Outlook Progress Ctl control allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2007-3129 (Cross-site scripting (XSS) vulnerability in login.php in Utopia News ...)
	NOT-FOR-US: Utopia News Pro
CVE-2007-3128 (SQL injection vulnerability in content.php in WSPortal 1.0, when ...)
	NOT-FOR-US: WSPortal
CVE-2007-3127 (content.php in WSPortal 1.0, when magic_quotes_gpc is disabled, allows ...)
	NOT-FOR-US: WSPortal
CVE-2007-3126 (Gimp before 2.8.22 allows context-dependent attackers to cause a ...)
	- gimp 2.8.22-1 (unimportant; bug #885382)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=773233
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=46bcd82800e37b0f5aead76184430ef2fe802748 (master)
	NOTE: https://git.gnome.org/browse/gimp/commit/?id=323ecb73f7bf36788fb7066eb2d6678830cd5de7 (gimp-2-8)
CVE-2007-3125
	REJECTED
CVE-2007-3124 (Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in ...)
	NOT-FOR-US: FreeVMS
CVE-2007-3123 (unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3122 (The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3121 (Buffer overflow in the CCdecode function in contrib/ntsc-cc.c in the ...)
	- zvbi 0.2.25-1 (bug #429221; unimportant)
	NOTE: Only exploitable through malformed closed captions
	NOTE: Malicious TV networks have more subtle methods to control people...
CVE-2007-3120 (Cross-site scripting (XSS) vulnerability in public/code/cp_dpage.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-3119 (SQL injection vulnerability in news.asp in Kartli Alisveris Sistemi ...)
	NOT-FOR-US: Kartli Alisveris Sistemi
CVE-2007-3118 (Multiple PHP remote file inclusion vulnerabilities in Kravchuk letter ...)
	NOT-FOR-US: Kravchuk letter
CVE-2007-3117 (Cross-site scripting (XSS) vulnerability in the SEO module in ADPLAN 3 ...)
	NOT-FOR-US: ADPLAN
CVE-2007-3116 (Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3115 (Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, ...)
	{DSA-1319-1}
	- maradns 1.2.12.06-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3114 (Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x ...)
	{DSA-1319-1}
	- maradns 1.2.12.05-1
	[sarge] - maradns <not-affected> (1.0.x branch not affected)
CVE-2007-3113 (Cacti 0.8.6i, and possibly other versions, allows remote authenticated ...)
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3112 (graph_image.php in Cacti 0.8.6i, and possibly other versions, allows ...)
	{DSA-1954-1}
	- cacti 0.8.6j-1.1 (low; bug #429224)
	[sarge] - cacti <no-dsa> (Minor issue, would only be run within authentication)
	[etch] - cacti <no-dsa> (Minor issue, would only be run within authentication)
CVE-2007-3111 (Buffer overflow in the Provideo Camimage ActiveX control in ...)
	NOT-FOR-US: Provideo Camimage
CVE-2007-3110 (Cross-site scripting (XSS) vulnerability in the Andy Frank Beatnik 1.0 ...)
	NOT-FOR-US: Andy Frank Beatnik
CVE-2007-3109 (The CERN Image Map Dispatcher (htimage.exe) in Microsoft FrontPage ...)
	NOT-FOR-US: Microsoft FrontPage
CVE-2007-3108 (The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL ...)
	{DSA-1571-1}
	- openssl 0.9.8e-6 (bug #438142; low)
	- openssl097 <removed> (bug #438180)
	[sarge] - openssl <no-dsa> (Not exploitable in a real-world scenario)
	[etch] - openssl097 <no-dsa> (Not exploitable in a real-world scenario)
CVE-2007-3107 (The signal handling in the Linux kernel before 2.6.22, including ...)
	- linux-2.6 2.6.22-1 (unimportant)
	NOTE: Not reproducibly reliably by an attacker, mostly a bug
	NOTE: This is fixed by 9a08e732533b940d2d31f4e9999dfee5e1ca3914
	NOTE: in Linus' tree.
CVE-2007-3106 (lib/info.c in libvorbis 1.1.2, and possibly other versions before ...)
	{DSA-1471-1}
	- libvorbisidec 1.0.2+svn16259-2 (bug #669196)
	- libvorbis 1.2.0.dfsg-1 (medium)
CVE-2007-3105 (Stack-based buffer overflow in the random number generator (RNG) ...)
	{DSA-1504-1 DSA-1363-1}
	- linux-2.6 2.6.22-4
CVE-2007-3104 (The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat ...)
	{DSA-1428-1}
	- linux-2.6 2.6.22-4 (low)
CVE-2007-3103 (The init.d script for the X.Org X11 xfs font server on various Linux ...)
	{DSA-1342-1}
	- xfs 1:1.0.8-2.1 (low)
	NOTE: i've checked 1.0.8, and this problem is no longer present
CVE-2007-3102 (Unspecified vulnerability in the linux_audit_record_event function in ...)
	- openssh <not-affected> (This is a redhat/fedora specific issue)
	NOTE: this issue was introduced by a patch of redhat (openssh-4.3p1-audit.patch)
	NOTE: The patch fixing this (openssh-4.3p2-cve-2007-3102.patch) can be found on:
	NOTE: http://mirror.linux.duke.edu/pub/fedora/linux/core/updates/6/SRPMS/openssh-4.3p2-25.fc6.src.rpm
CVE-2007-3101 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSF ...)
	NOT-FOR-US: Apache MyFaces Tomahawk
CVE-2007-3100 (usr/log.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (low; bug #429225)
CVE-2007-3099 (usr/mgmt_ipc.c in iscsid in open-iscsi (iscsi-initiator-utils) before ...)
	{DSA-1314-1}
	- open-iscsi 2.0.865-1 (medium; bug #429225)
CVE-2007-3098 (The SNMPc Server (crserv.exe) process in Castle Rock Computing SNMPc ...)
	NOT-FOR-US: Castle Rock Computing SNMPc
CVE-2007-3097 (my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2007-3096 (Directory traversal vulnerability in login.php in PBLang (PBL) ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2007-3095 (Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and ...)
	NOT-FOR-US: Symantec Reporting Server
CVE-2007-3094 (Unspecified vulnerability in the authentication mechanism in Solaris ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3093 (Unspecified vulnerability in the logging mechanism in Solaris ...)
	NOT-FOR-US: Solaris Management Console
CVE-2007-3092 (Microsoft Internet Explorer 6 allows remote attackers to spoof the URL ...)
	NOT-FOR-US: MSIE6
CVE-2007-3091 (Race condition in Microsoft Internet Explorer 6 SP1; 6 and 7 for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3090
	REJECTED
CVE-2007-3089 (Mozilla Firefox before 2.0.0.5 does not prevent use of document.write ...)
	{DSA-1339-1 DSA-1338-1 DSA-1337-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.5-1 (low; bug #427691)
	- iceape 1.1.3-1 (low)
	- xulrunner 1.8.1.5-1 (low)
	NOTE: MFSA2007-20
CVE-2007-3088 (SQL injection vulnerability in index.php in Comicsense allows remote ...)
	NOT-FOR-US: Comicsense
CVE-2007-3087 (Peercast places a cleartext password in a query string, which might ...)
	NOT-FOR-US: PeerCast
CVE-2007-3086 (Unrestricted critical resource lock in Agnitum Outpost Firewall PRO ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2007-3085 (Multiple PHP remote file inclusion vulnerabilities in PBSite allow ...)
	NOT-FOR-US: PBSite
CVE-2007-3084 (PHP remote file inclusion vulnerability in sampleblogger.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2007-3083 (Z-Blog 1.7 stores sensitive information under the web root with ...)
	NOT-FOR-US: Z-Blog
CVE-2007-3082 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-3081 (PHP remote file inclusion vulnerability in sampleecommerce.php in ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2007-3080 (SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly ...)
	NOT-FOR-US: Hunkaray Okul Portaly
CVE-2007-3079 (listmembers.php in EQdkp 1.3.2c and earlier allows remote attackers to ...)
	NOT-FOR-US: EQdkp
CVE-2007-3078 (Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before ...)
	NOT-FOR-US: Aigaion
CVE-2007-3077 (SQL injection vulnerability in listmembers.php in EQdkp 1.3.2 and ...)
	NOT-FOR-US: EQdkp
CVE-2007-3076 (A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-3075 (Directory traversal vulnerability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3074 (Mozilla Firefox 2.0.0.4 and earlier allows remote attackers to read ...)
	{DSA-1707-1 DSA-1704-1 DSA-1697-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-3073 (Directory traversal vulnerability in Mozilla Firefox 2.0.0.4 and ...)
	NOTE: Duplicate of CVE-2008-4067
CVE-2007-3072 (Directory traversal vulnerability in Mozilla Firefox before 2.0.0.4 on ...)
	- iceweasel <not-affected> (Only affects Windows versions of Firefox)
CVE-2007-3071 (Buffer overflow in the GetWebStoreURL function in a certain ActiveX ...)
	NOT-FOR-US: eSellerate
CVE-2007-3070 (Cross-site scripting (XSS) vulnerability in index.php in BDigital Web ...)
	NOT-FOR-US: BDigital Web Solutions WebStudio
CVE-2007-3069 (xscreensaver in Sun Solaris 10 before 20070604, when a GNOME session ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-3068 (Stack-based buffer overflow in DVD X Player 4.1 Professional allows ...)
	NOT-FOR-US: DVD X Player
CVE-2007-3067 (Cross-site scripting (XSS) vulnerability in the Attunement and Key ...)
	NOT-FOR-US: EQdkp
CVE-2007-3066 (Multiple PHP remote file inclusion vulnerabilities in php(Reactor) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-3065 (SQL injection vulnerability in viewimage.php in Particle Soft Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-3064 (Cross-site scripting (XSS) vulnerability in diary.php in My Databook ...)
	NOT-FOR-US: My Datebook
CVE-2007-3063 (SQL injection vulnerability in diary.php in My Databook allows remote ...)
	NOT-FOR-US: My Datebook
CVE-2007-3062 (Cross-site scripting (XSS) vulnerability in HP System Management ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2007-3061 (Cactushop 6 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: Cactushop
CVE-2007-3060 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2007-3059 (SendCard 3.3.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SendCard
CVE-2007-3058 (Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-3057 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2007-3056 (Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN ...)
	- websvn 1.61-22.3 (unimportant; bug #439337)
	NOTE: Websvn does not have cookie based authentication by itself.
	NOTE: I therefore don't think this is serious enough for a stable update.
CVE-2007-3055 (Cross-site scripting (XSS) vulnerability in index.php in Codelib ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3054 (Cross-site scripting (XSS) vulnerability in search.php in Codelib ...)
	NOT-FOR-US: Codelib Linker
CVE-2007-3053 (Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier ...)
	NOT-FOR-US: Calimero
CVE-2007-3052 (SQL injection vulnerability in index.php in the PNphpBB2 1.2i and ...)
	NOT-FOR-US: PostNuke
CVE-2007-3051 (SQL injection vulnerability in inc/class_users.php in RevokeSoft ...)
	NOT-FOR-US: RevokeSoft RevokeBB
CVE-2007-3050 (Session fixation vulnerability in chameleon cms 3.0 and earlier allows ...)
	NOT-FOR-US: chameleon cms
CVE-2007-3049 (Cross-site scripting (XSS) vulnerability in index.php in Buttercup web ...)
	NOT-FOR-US: Buttercup BWFM
CVE-2007-3048 (** DISPUTED ** ...)
	- screen <not-affected> (not reproducible)
CVE-2007-3047 (The Vonage VoIP Telephone Adapter has a default administrator username ...)
	NOT-FOR-US: Vonage
CVE-2007-3046 (Buffer overflow in Advanced Software Production Line Vortex Library ...)
	NOT-FOR-US: Advanced Software Production Line Vortex Library
CVE-2007-3045 (Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on ...)
	NOT-FOR-US: Hitachi TP1
CVE-2007-3044 (Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi ...)
	NOT-FOR-US: Hitachi
CVE-2007-3043 (Cross-site scripting (XSS) vulnerability in Collaboration - File ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-3042 (Cross-site scripting (XSS) vulnerability in Meneame before 2 allows ...)
	NOT-FOR-US: Meneame
CVE-2007-3041 (Unspecified vulnerability in the pdwizard.ocx ActiveX object for ...)
	NOT-FOR-US: Microsoft
CVE-2007-3040 (Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft ...)
	NOT-FOR-US: Windows
CVE-2007-3039 (Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) ...)
	NOT-FOR-US: Windows
CVE-2007-3038 (The Teredo interface in Microsoft Windows Vista and Vista x64 Edition ...)
	NOT-FOR-US: Microsoft
CVE-2007-3037 (Microsoft Windows Media Player 7.1, 9, 10, and 11 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-3036 (Unspecified vulnerability in the (1) Windows Services for UNIX 3.0 and ...)
	NOT-FOR-US: Windows Services for UNIX
CVE-2007-3035 (Unspecified vulnerability in Microsoft Windows Media Player 7.1, 9, ...)
	NOT-FOR-US: Microsoft
CVE-2007-3034 (Integer overflow in the AttemptWrite function in Graphics Rendering ...)
	NOT-FOR-US: Microsoft
CVE-2007-3033 (Cross-site scripting (XSS) vulnerability in Windows Vista Feed ...)
	NOT-FOR-US: Microsoft
CVE-2007-3032 (Unspecified vulnerability in Windows Vista Contacts Gadget in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-3031
	REJECTED
CVE-2007-3030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3029 (Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-3028 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-3027 (Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-3026 (Integer overflow in Panda Software AdminSecure allows remote attackers ...)
	NOT-FOR-US: Panda
CVE-2007-3025 (Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...)
	- clamav <not-affected> (Solaris-specific bug)
CVE-2007-3024 (libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3023 (unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.3-1
CVE-2007-3022 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
	NOT-FOR-US: Symantec
CVE-2007-3021 (Symantec Reporting Server 1.0.197.0, and other versions before ...)
	NOT-FOR-US: Symantec
CVE-2007-3020
	RESERVED
CVE-2007-3019
	RESERVED
CVE-2007-3018 (activeWeb contentserver CMS before 5.6.2964 does not limit the ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3017 (The WYSIWYG editor applet in activeWeb contentserver CMS before ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3016
	RESERVED
CVE-2007-3015
	RESERVED
CVE-2007-3014 (Multiple cross-site scripting (XSS) vulnerabilities in activeWeb ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3013 (SQL injection vulnerability in activeWeb contentserver before 5.6.2964 ...)
	NOT-FOR-US: activeWeb contentserver CMS
CVE-2007-3012 (The web interface in Fujitsu-Siemens Computers PRIMERGY BX300 Switch ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3011 (The DBAsciiAccess CGI Script in the web interface in Fujitsu-Siemens ...)
	NOT-FOR-US: Fujitsu-Siemens
CVE-2007-3010 (masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX ...)
	NOT-FOR-US: Alcatel OmniPCX Enterprise Communication Server
CVE-2007-3009 (Format string vulnerability in the MprLogToFile::logEvent function in ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3008 (Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has ...)
	NOT-FOR-US: Mbedthis AppWeb
CVE-2007-3007 (PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode ...)
	- php5 5.2.3-1 (unimportant)
CVE-2007-3006 (Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted ...)
	NOT-FOR-US: Acoustica MP3 CD Burner
CVE-2007-3005
	REJECTED
CVE-2007-3004
	REJECTED
CVE-2007-3003 (Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier ...)
	NOT-FOR-US: myBloggie
CVE-2007-3002 (PHP JackKnife (PHPJK) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3001 (Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-3000 (Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow ...)
	NOT-FOR-US: PHP JackKnife
CVE-2007-2999 (Microsoft Windows Server 2003, when time restrictions are in effect ...)
	NOT-FOR-US: Microsoft
CVE-2007-2998 (The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS ...)
	NOT-FOR-US: OpenVMS
CVE-2007-2997 (** DISPUTED ** ...)
	NOT-FOR-US: SalesCart Shopping Cart
CVE-2007-2996 (Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2995 (Unspecified vulnerability in sysmgt.websm.rte in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: IBM AIX
CVE-2007-2994 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
	NOT-FOR-US: DGNews
CVE-2007-2993 (Multiple cross-site scripting (XSS) vulnerabilities in OmegaMw7.asp in ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2992 (Multiple SQL injection vulnerabilities in OmegaMw7.asp in OMEGA (aka ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2007-2991 (Cross-site scripting (XSS) vulnerability in includes/send.inc.php in ...)
	NOT-FOR-US: Evenzia CMS
CVE-2007-2990 (Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2989 (The libike library in Sun Solaris 9 before 20070529 contains a logic ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2988 (A certain admin script in Inout Meta Search Engine sends a redirect to ...)
	NOT-FOR-US: Inout Meta Search Engine
CVE-2007-2987 (Multiple buffer overflows in certain ActiveX controls in sasatl.dll in ...)
	NOT-FOR-US: Zenturi ProgramChecker
CVE-2007-2986 (PHP remote file inclusion vulnerability in lib/live_status.lib.php in ...)
	NOT-FOR-US: AdminBot
CVE-2007-2985 (Pheap 2.0 allows remote attackers to bypass authentication by setting ...)
	NOT-FOR-US: Pheap
CVE-2007-2984 (Multiple stack-based buffer overflows in the Media Technology Group ...)
	NOT-FOR-US: Media Technology Group CDPass
CVE-2007-2982 (Multiple buffer overflows in the British Telecommunications Business ...)
	NOT-FOR-US: British Telecommunications Business Connect
CVE-2007-2981 (Buffer overflow in a certain ActiveX control in LEAD Technologies ...)
	NOT-FOR-US: LeadTools
CVE-2007-2980 (Heap-based buffer overflow in a certain ActiveX control in LEADTOOLS ...)
	NOT-FOR-US: LeadTools
CVE-2007-2979 (Techno Dreams Web Directory / Search Engine 2.0 stores sensitive ...)
	NOT-FOR-US: Techno Dreams Web Directory / Search Engine
CVE-2007-2978 (Session fixation vulnerability in eggblog 3.1.0 and earlier allows ...)
	NOT-FOR-US: eggblog
CVE-2007-2977 (Buffer overflow in the receive function in submit/submitcommon.c in ...)
	NOT-FOR-US: DOMjudge
CVE-2007-2976 (Centrinity FirstClass 8.3 and earlier, and Server and Internet ...)
	NOT-FOR-US: Centrinity
CVE-2007-2975 (The admin console in Ignite Realtime Openfire 3.3.0 and earlier ...)
	NOT-FOR-US: Ignite Realtime
CVE-2007-2974 (Buffer overflow in the file parsing engine in Avira Antivir Antivirus ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2973 (Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2972 (The file parsing engine in Avira Antivir Antivirus before 7.04.00.24 ...)
	NOT-FOR-US: Avira Antivirus
CVE-2007-2971 (SQL injection vulnerability in getnewsitem.php in gCards 1.46 and ...)
	NOT-FOR-US: gCards
CVE-2007-2970 (Multiple cross-site scripting (XSS) vulnerabilities in cgi/block.cgi ...)
	NOT-FOR-US: 8e6 R3000 Internet Filter
CVE-2007-2969 (PHP remote file inclusion vulnerability in newsletter.php in ...)
	NOT-FOR-US: WAnewsletter
CVE-2007-2968 (Cross-site scripting (XSS) vulnerability in register.php in cpCommerce ...)
	NOT-FOR-US: cpCommerce
CVE-2005-4840 (The Outlook Express Address Book control, when using Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-1243 (Privacy leak in Dansie Shopping Cart 3.04, and probably earlier ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2007-XXXX [webpy HTTP response splitting vulnerability]
	- webpy 0.210-1 (bug #427715; unimportant)
	NOTE: This is not a vulnerability, but an additional precaution function for
	NOTE: a development framework. If someone wants to have this updated in Etch, this
	NOTE: needs to go through a point update
CVE-2006-XXXX [Owl Intranet Engine multiple cross-site scripting, SQL-injection]
	- owl-dms 0.94-1 (medium; bug #416296)
CVE-2007-2967 (Multiple F-Secure anti-virus products for Microsoft Windows and Linux ...)
	NOT-FOR-US: F-Secure
CVE-2007-2966 (Buffer overflow in the LHA decompression component in F-Secure ...)
	NOT-FOR-US: F-Secure
CVE-2007-2965 (Unspecified vulnerability in the Real-time Scanning component in ...)
	NOT-FOR-US: F-Secure
CVE-2007-2964 (The fsmsh.dll host module in F-Secure Policy Manager Server 7.00 and ...)
	NOT-FOR-US: F-Secure
CVE-2007-2963 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2962 (Cross-site scripting (XSS) vulnerability in search.php in Particle ...)
	NOT-FOR-US: Particle Gallery
CVE-2007-2961 (Unrestricted file upload vulnerability in FileCloset before 1.1.5 ...)
	NOT-FOR-US: FileCloset
CVE-2007-2960 (Multiple directory traversal vulnerabilities in Scallywag 2005-04-25 ...)
	NOT-FOR-US: Scallywag
CVE-2007-2959 (SQL injection vulnerability in manufacturer.php in cpCommerce before ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2958 (Format string vulnerability in the inc_put_error function in src/inc.c ...)
	- sylpheed-claws 1.0.5-5.2 (low; bug #441854)
	[etch] - sylpheed-claws <no-dsa> (Minor issue)
	[sarge] - sylpheed-claws <no-dsa> (Minor issue)
	- sylpheed 2.4.5-1 (low)
	[etch] - sylpheed <no-dsa> (Minor issue)
	[sarge] - sylpheed <no-dsa> (Minor issue)
	NOTE: the cvs referenced in redhat bugzilla is not available anymore however
	NOTE: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153 fixes the bug
CVE-2007-2957 (Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, ...)
	NOT-FOR-US: McAfee on Solaris
CVE-2007-2956 (Stack-based buffer overflow in the readRadianceHeader function in (1) ...)
	NOT-FOR-US: Qtpfsgui and pfstools
CVE-2007-2955 (Multiple unspecified &quot;input validation error&quot; vulnerabilities in ...)
	NOT-FOR-US: Norton Antivirus/Internet Security/System Works
CVE-2007-2954 (Multiple stack-based buffer overflows in the Spooler service ...)
	NOT-FOR-US: Novell Client
CVE-2007-2953 (Format string vulnerability in the helptags_one function in ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-056+1 (low)
CVE-2007-2952 (Multiple stack-based buffer overflows in the filter service (aka ...)
	NOT-FOR-US: Blue Coat K9 Web Protection
CVE-2007-2951 (The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc ...)
	- kvirc 2:3.2.4-5 (bug #434419; medium)
CVE-2007-2950 (Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara ...)
	NOT-FOR-US: Centennial
CVE-2007-2949 (Integer overflow in the seek_to_and_unpack_pixeldata function in the ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	- ingimp 2.2.16.20070710-1
	NOTE: http://secunia.com/secunia_research/2007-63/advisory
CVE-2007-2948 (Multiple stack-based buffer overflows in stream/stream_cddb.c in ...)
	{DSA-1313-1}
	- mplayer 1.0~rc1-14
CVE-2007-2947 (Multiple PHP remote file inclusion vulnerabilities in OpenBASE Alpha ...)
	NOT-FOR-US: OpenBASE Alpha
CVE-2007-2946 (Buffer overflow in a certain ActiveX control in LeadTools Raster ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2945 (RMForum stores sensitive information under the web root with ...)
	NOT-FOR-US: RMForum
CVE-2007-2944 (WabCMS 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: WabCMS
CVE-2007-2943 (PHP remote file inclusion vulnerability in class/class.php in Webavis ...)
	NOT-FOR-US: Webavis
CVE-2007-2942 (SQL injection vulnerability in user.php in My Little Forum 1.7 and ...)
	NOT-FOR-US: My Little Forum
CVE-2007-2941 (Multiple PHP remote file inclusion vulnerabilities in the creator in ...)
	NOT-FOR-US: vBulletin Google Yahoo Site Map
CVE-2007-2940 (Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 ...)
	NOT-FOR-US: FlaP
CVE-2007-2939 (Multiple PHP remote file inclusion vulnerabilities in Mazen's PHP Chat ...)
	NOT-FOR-US: Mazen's PHP Chat
CVE-2007-2938 (Buffer overflow in the BaseRunner ActiveX control in the Ademco ...)
	NOT-FOR-US: BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module
CVE-2007-2937 (PHP remote file inclusion vulnerability in admin/admin.php in TROforum ...)
	NOT-FOR-US: TROforum
CVE-2007-2936 (Multiple PHP remote file inclusion vulnerabilities in Frequency Clock ...)
	NOT-FOR-US: Frequency Clock
CVE-2007-2935 (core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows ...)
	NOT-FOR-US: Fundanemt
CVE-2007-2934 (Directory traversal vulnerability in skins/common.css.php in Vistered ...)
	NOT-FOR-US: Vistered Little
CVE-2007-2933 (SQL injection vulnerability in index.php in the Phil-a-Form ...)
	NOT-FOR-US: Phil-a-Form
CVE-2007-2932 (Cross-site scripting (XSS) vulnerability in index.php in BoastMachine ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2931 (Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and ...)
	NOT-FOR-US: MSN Messenger
CVE-2007-2930 (The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC ...)
	- bind <removed> (bug #442910)
	[etch] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
	[sarge] - bind <no-dsa> (It's documented in README.Debian that Bind 8 has architectual limitations and should not be used unless you know what you're doing)
CVE-2007-2929 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2928 (Format string vulnerability in the IBM Lenovo Access Support acpRunner ...)
	NOT-FOR-US: IBM Lenovo Access Support
CVE-2007-2927 (Unspecified vulnerability in Atheros 802.11 a/b/g wireless adapter ...)
	NOT-FOR-US: Windows Atheros drivers
CVE-2007-2926 (ISC BIND 9 through 9.5.0a5 uses a weak random number generator during ...)
	{DSA-1341-2}
	- bind9 1:9.4.1-P1-1
CVE-2007-2925 (The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and ...)
	- bind9 1:9.4.1-P1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
	[sarge] - bind9 <not-affected> (Only 9.4.x and 9.5.x are affected)
CVE-2007-2924 (Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX ...)
	NOT-FOR-US: RealNetworks GameHouse
CVE-2007-2923 (The launch method in the LocalExec ActiveX control (LocalExec.ocx) in ...)
	NOT-FOR-US: LocalExec ActiveX control
CVE-2007-2922
	RESERVED
CVE-2007-2921 (Multiple buffer overflows in acgm.dll in the Corel / Micrografx ...)
	NOT-FOR-US: Corel
CVE-2007-2920 (Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX ...)
	NOT-FOR-US: Zoomify Viewer
CVE-2007-2919 (Multiple stack-based buffer overflows in the FViewerLoading ActiveX ...)
	NOT-FOR-US: FViewerLoading
CVE-2007-2918 (Multiple stack-based buffer overflows in ActiveX controls (1) VibeC in ...)
	NOT-FOR-US: Logitech
CVE-2007-2917 (Multiple buffer overflows in a certain ActiveX control in odapi.dll in ...)
	NOT-FOR-US: Authentium
CVE-2007-2916 (Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music ...)
	NOT-FOR-US: GMTT Music Distro
CVE-2007-2915 (Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2914 (Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2913 (Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 ...)
	NOT-FOR-US: ClonusWiki
CVE-2007-2912 (Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2911 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2910 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2909 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2007-2908 (Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-2907 (Unspecified vulnerability in SSL-Explorer before 0.2.13 allows remote ...)
	NOT-FOR-US: SSL-Explorer
CVE-2007-2906 (Java Embedding Plugin 0.9.6.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Java Embedding Plugin for Mac OS X
CVE-2007-2905 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2904 (Cross-site scripting (XSS) vulnerability in Sun Java System Messaging ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2007-2903 (Buffer overflow in the HelpPopup method in the Microsoft Office 2000 ...)
	NOT-FOR-US: Microsoft Office ActiveX control
CVE-2007-2902 (SQL injection vulnerability in main/auth/my_progress.php in Dokeos ...)
	NOT-FOR-US: Dokeos
CVE-2007-2901 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 1.8.0 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2900 (Multiple PHP remote file inclusion vulnerabilities in Scallywag ...)
	NOT-FOR-US: Scallywag
CVE-2007-2899 (Direct static code injection vulnerability in admin_config.php in ...)
	NOT-FOR-US: Navboard
CVE-2007-2898 (SQL injection vulnerability in includes/rating.php in 2z Project 0.9.5 ...)
	NOT-FOR-US: 2z Project
CVE-2007-2897 (Microsoft Internet Information Services (IIS) 6.0 allows remote ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2896 (Race condition in the Symantec Enterprise Security Manager (ESM) 6.5.3 ...)
	NOT-FOR-US: Symantec
CVE-2007-2895 (Buffer overflow in a certain ActiveX control in LTRDF14e.DLL 14.5.0.44 ...)
	NOT-FOR-US: LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL)
CVE-2007-2894 (The emulated floppy disk controller in Bochs 2.3 allows local users of ...)
	- bochs <unfixed> (unimportant)
CVE-2007-2893 (Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in ...)
	{DSA-1351-1}
	- bochs 2.3+20070705-1 (low; bug #427144)
	NOTE: kvm/qemu are tracked as CVE-2007-5729 and CVE-2007-5730
CVE-2007-2892 (Cross-site scripting (XSS) vulnerability in news.asp in ASP-Nuke 2.0.7 ...)
	NOT-FOR-US: ASP-Nuke
CVE-2007-2891 (Multiple PHP remote file inclusion vulnerabilities in FirmWorX 0.1.2 ...)
	NOT-FOR-US: FirmWorX
CVE-2007-2890 (SQL injection vulnerability in category.php in cpCommerce 1.1.0 and ...)
	NOT-FOR-US: cpCommerce
CVE-2007-2889 (SQL injection vulnerability in tracking/courseLog.php in Dokeos 1.6.5 ...)
	NOT-FOR-US: Dokeos
CVE-2007-2888 (Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows ...)
	NOT-FOR-US: UltraISO
CVE-2007-2887 (Cross-site scripting (XSS) vulnerability in index.php in Web Icerik ...)
	NOT-FOR-US: WIYS
CVE-2007-2886 (Unspecified vulnerability in the Nortel CS 1000 M media card in ...)
	NOT-FOR-US: Nortel
CVE-2007-2885 (The NotSafe function in the MSVDTDatabaseDesigner7 ActiveX control in ...)
	NOT-FOR-US: Microsoft Visual Database Tools
CVE-2007-2884 (Multiple stack-based buffer overflows in Microsoft Visual Basic 6 ...)
	NOT-FOR-US: Microsoft Visual Basic
CVE-2007-2883 (Credant Mobile Guardian Shield for Windows 5.2.1.105 and earlier ...)
	NOT-FOR-US: Credant
CVE-2007-2882 (Unspecified vulnerability in the NFS client module in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2881 (Multiple stack-based buffer overflows in the SOCKS proxy support ...)
	NOT-FOR-US: Sun Java Web Proxy Server
CVE-2007-2880 (Multiple cross-site scripting (XSS) vulnerabilities in Digirez 3.4 ...)
	NOT-FOR-US: Digirez
CVE-2007-2879 (Cross-site scripting (XSS) vulnerability in mods.php in GTP GNUTurk ...)
	NOT-FOR-US: GNUTurk
CVE-2007-2878 (The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run ...)
	{DSA-1479-1}
	- linux-2.6 2.6.21-3
CVE-2007-2877 (Buffer overflow in tcl/win/tclWinReg.c in Tcl (Tcl/Tk) before 8.5a6 ...)
	NOTE: Not a security issue; Windows-only anyway.
CVE-2007-2876 (The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2) ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2875 (Integer underflow in the cpuset_tasks_read function in the Linux ...)
	{DSA-1363-1}
	- linux-2.6 2.6.21-5 (medium)
CVE-2007-2874 (Buffer overflow in the wpa_printf function in the debugging code in ...)
	- wpasupplicant <not-affected> (Fedora-only issue)
CVE-2007-2873 (SpamAssassin 3.1.x, 3.2.0, and 3.2.1 before 20070611, when running as ...)
	- spamassassin 3.2.1-1 (low)
	[sarge] - spamassassin <no-dsa> (Only obscure setups affected, only locally exploitable)
	[etch] - spamassassin 3.1.7-2etch1
	NOTE: Minor issue fixed in etch r6 point update
	NOTE: Only obscure setups affected, only locally exploitable
CVE-2007-2872 (Multiple integer overflows in the chunk_split function in PHP 5 before ...)
	- php5 5.2.3-1 (unimportant)
	NOTE: Only triggerable by malicious script
	NOTE: Fix from 5.2.3 was ineffective
CVE-2007-2871 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-17
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-2870 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-16
	- iceweasel 2.0.0.4-1 (medium)
	- iceape 1.1.2-1 (medium)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.1.4-1 (medium)
CVE-2007-2869 (The form autocomplete feature in Mozilla Firefox 1.5.x before ...)
	{DSA-1308-1 DSA-1306-1 DTSA-45-1 DTSA-51-1}
	NOTE: MFSA2007-13
	- iceweasel 2.0.0.4-1
	- iceape 1.1.2-1
	- mozilla <removed>
	- xulrunner 1.8.1.4-1
CVE-2007-2868 (Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2867 (Multiple vulnerabilities in the layout engine for Mozilla Firefox ...)
	{DSA-1308-1 DSA-1306-1 DSA-1305-1 DSA-1300-1 DTSA-45-1 DTSA-46-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-12
	- iceweasel 2.0.0.4-1 (high)
	- iceape 1.1.2-1 (high)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-2866 (Multiple SQL injection vulnerabilities in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-2865 (Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin ...)
	{DSA-1693-1}
	- phppgadmin 4.1.2-1 (low; bug #427151)
	[sarge] - phppgadmin <not-affected> (Vulnerable code not present)
	NOTE: http://phppgadmin.cvs.sourceforge.net/phppgadmin/webdb/classes/Misc.php?r1=1.156&r2=1.157&pathrev=MAIN
CVE-2007-2864 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2863 (Stack-based buffer overflow in the Anti-Virus engine before content ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2862 (Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow ...)
	NOT-FOR-US: CubeCart
CVE-2007-2861 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
	NOT-FOR-US: SAXON
CVE-2007-2860 (user.php in BoastMachine 3.0 platinum allows remote authenticated ...)
	NOT-FOR-US: BoastMachine
CVE-2007-2859 (Multiple PHP remote file inclusion vulnerabilities in SimpGB 1.46.0 ...)
	NOT-FOR-US: SimpGB
CVE-2007-2858 (SQL injection vulnerability in the IP-Search functionality in the ...)
	NOT-FOR-US: IP-Tracking Mod for phpBB
CVE-2007-2857 (PHP remote file inclusion vulnerability in sample/xls2mysql in ABC ...)
	NOT-FOR-US: ABC Excel Parser Pro
CVE-2007-2856 (Buffer overflow in the Dart Communications PowerTCP ZIP Compression ...)
	NOT-FOR-US: Dart Communications PowerTCP
CVE-2007-2855 (Buffer overflow in a certain ActiveX control in DartZipLite.dll ...)
	NOT-FOR-US: Dart ZipLite
CVE-2007-2854 (Multiple SQL injection vulnerabilities in account_change.php in ...)
	NOT-FOR-US: BtiTracker
CVE-2007-2853 (The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD ...)
	NOT-FOR-US: Virtual CD
CVE-2007-2852 (Multiple stack-based buffer overflows in ESET NOD32 Antivirus before ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2007-2851 (A certain ActiveX control in LeadTools Raster Variant Object Library ...)
	NOT-FOR-US: LeadTools
CVE-2007-2850 (The Session Reliability Service (XTE) in Citrix MetaFrame Presentation ...)
	NOT-FOR-US: Citrix
CVE-2007-2849 (KnowledgeTree Document Management (aka KnowledgeTree Open Source) ...)
	- knowledgetree <removed> (bug #432123)
CVE-2007-2848 (Stack-based buffer overflow in the SetPath function in the shComboBox ...)
	NOT-FOR-US: Sky Software
CVE-2007-2847 (Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in ...)
	NOT-FOR-US: HLstats
CVE-2007-2846 (Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus ...)
	NOT-FOR-US: Avast
CVE-2007-2845 (Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus ...)
	NOT-FOR-US: Avast
CVE-2007-2844 (PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, ...)
	- php5 <not-affected> (Multi-threaded operation not supported in Debian)
	- php4 <not-affected> (Multi-threaded operation not supported in Debian)
CVE-2007-2843 (Cross-domain vulnerability in Apple Safari 2.0.4 allows remote ...)
	NOT-FOR-US: Apple Safari
	NOTE: Does not seem to work with Konqueror.
CVE-2007-2842
	RESERVED
CVE-2007-2841 [lighttpd DoS]
	RESERVED
	- lighttpd 1.4.16-1 (bug #428368)
	NOTE: Duplicate of CVE-2007-3947, was assigned from Debian CNA and clashed with MITRE
	NOTE: assignment
CVE-2007-2840
	RESERVED
CVE-2007-2839 (gfax 0.4.2 and probably other versions creates temporary files ...)
	{DSA-1329-1}
	- gfax 0.6 (bug #431893; low)
	NOTE: Vulnerable code no longer present since 0.6, so marking this as fixed version
CVE-2007-2838 (The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 ...)
	{DSA-1327-1}
	- gsambad 0.1.6-2 (bug #431331)
CVE-2007-2837 (The (1) getRule and (2) getChains functions in server/rules.cpp in ...)
	{DSA-1326-1}
	- fireflier 1.1.7
CVE-2007-2836 (Directory traversal vulnerability in session.rb in Hiki 0.8.0 through ...)
	{DSA-1324-1}
	- hiki 0.8.7-1 (bug #430691; medium)
	[sarge] - hiki <not-affected> (Vulnerable code not present)
CVE-2007-2835 (Multiple stack-based buffer overflows in (1) CCE_pinyin.c and (2) ...)
	{DSA-1328-1}
	- unicon 3.0.4-12 (bug #431336)
CVE-2007-2834 (Integer overflow in the TIFF parser in OpenOffice.org (OOo) before ...)
	{DSA-1375-1}
	- openoffice.org 2.2.1-9 (medium)
	[sarge] - openoffice.org 1.1.3-9sarge8
CVE-2007-2833 (Emacs 21 allows user-assisted attackers to cause a denial of service ...)
	{DSA-1316-1}
	- emacs21 21.4a+1-5.1 (bug #408929; low)
	- emacs-snapshot <removed>
	NOTE: The bug is not present in emacs22 22.2+1-1. It was probably
	NOTE: fixed before the first emacs22 upload.
CVE-2007-2832 (Cross-site scripting (XSS) vulnerability in the web application ...)
	NOT-FOR-US: Cisco
CVE-2007-2831 (Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ...)
	- madwifi 1:0.9.3-2 (high; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2830 (The ath_beacon_config function in if_ath.c in MadWifi before 0.9.3.1 ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2829 (The 802.11 network stack in net80211/ieee80211_input.c in MadWifi ...)
	- madwifi 1:0.9.3-2 (medium; bug #425738)
	[etch] - madwifi 1:0.9.2+r1842.20061207-2etch1
CVE-2007-2828 (Cross-site request forgery (CSRF) vulnerability in adsense-deluxe.php ...)
	NOT-FOR-US: AdSense-Deluxe
CVE-2007-2827 (Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX ...)
	NOT-FOR-US: LeadTools
CVE-2007-2826 (PHP remote file inclusion vulnerability in lib/addressbook.php in ...)
	NOT-FOR-US: Madirish Webmail
CVE-2007-2825 (Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in ...)
	NOT-FOR-US: @Mail
CVE-2007-2824 (SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2007-2823 (Multiple buffer overflows in HT Editor before 2.0.6 might allow remote ...)
	NOT-FOR-US: HT Editor
CVE-2007-2822 (TutorialCMS 1.01 and earlier, when register_globals is enabled, allows ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2821 (SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress ...)
	{DSA-1502-1}
	- wordpress 2.2-1 (high)
	NOTE: seems present in etch even though admin-ajax.php was not shipped yet
CVE-2007-2820 (Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX ...)
	NOT-FOR-US: KSign
CVE-2007-2819 (Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ ...)
	NOT-FOR-US: Track+
CVE-2007-2818 (Cross-site scripting (XSS) vulnerability in cand_login.asp in ...)
	NOT-FOR-US: Parodia
CVE-2007-2817 (SQL injection vulnerability in read/index.php in ol'bookmarks 0.7.4 ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2816 (Multiple PHP remote file inclusion vulnerabilities in ol'bookmarks ...)
	NOT-FOR-US: ol'bookmarks
CVE-2007-2815 (The &quot;hit-highlighting&quot; functionality in webhits.dll in Microsoft ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-2814 (Multiple stack-based buffer overflows in the Pegasus ImagN' ActiveX ...)
	NOT-FOR-US: Pegasus ImagN'
CVE-2007-2813 (Cisco IOS 12.4 and earlier, when using the crypto packages and SSL ...)
	NOT-FOR-US: Cisco
CVE-2007-2812 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
	NOT-FOR-US: HLstats
CVE-2007-2811 (Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and ...)
	NOT-FOR-US: OSK Advance-Flow
CVE-2007-2810 (SQL injection vulnerability in down_indir.asp in Gazi Download Portal ...)
	NOT-FOR-US: Gazi Download Portal
CVE-2007-2809 (Buffer overflow in the transfer manager in Opera before 9.21 for ...)
	NOT-FOR-US: Opera
CVE-2007-2808 (Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb ...)
	{DSA-1486-1}
	- gnatsweb 4.00-1.1 (low; bug #427156)
CVE-2007-2807 (Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop ...)
	{DSA-1826-1 DSA-1448-1}
	- eggdrop 1.6.18-1.1 (medium; bug #427157)
CVE-2007-2806 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: GaliX
CVE-2007-2805 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ClientExec
CVE-2007-2804 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: CandyPress Store
CVE-2007-2803 (SQL injection vulnerability in default.asp in Vizayn Urun Tanitim ...)
	NOT-FOR-US: Vizayn Urun Tanitim Sitesi
CVE-2007-2802 (Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in ...)
	NOT-FOR-US: RM EasyMail Plus
CVE-2007-2801 (Multiple cross-site scripting (XSS) vulnerabilities in open.php in ...)
	NOT-FOR-US: eTicket
CVE-2007-2800 (index.php in eTicket 1.5.5.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: eTicket
CVE-2007-2799 (Integer overflow in the &quot;file&quot; program 4.20, when running on 32-bit ...)
	{DSA-1343-2 DSA-1343-1}
	- file 4.21-1 (medium; bug #428293)
CVE-2007-2798 (Stack-based buffer overflow in the rename_principal_2_svc function in ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (high; bug #430785)
CVE-2006-7205 (The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local DoS when Apache memory limit is set high
CVE-2006-7204 (The imap_body function in PHP before 4.4.4 does not implement safemode ...)
	- php4 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom &quot;on ...)
	NOT-FOR-US: MAILsweeper
CVE-2001-1581 (The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows ...)
	NOT-FOR-US: MAILsweeper
CVE-2007-XXXX [mantis multiple issues fixed in 1.0.7]
	- mantis 1.0.7+dfsg-1
	[sarge] - mantis 0.19.2-5sarge5
	NOTE: "email notifications bypass security on custom fields" and "XSS vulnerabilities"
CVE-2007-XXXX [NTFS driver for FUSE unspecified issue]
	- ntfs-3g 1:1.516-1
	NOTE: local root exploit
CVE-2007-2797 (xterm, including 192-7.el4 in Red Hat Enterprise Linux and 208-3.1 in ...)
	- xterm <not-affected> (Debian uses safe compile-time settings)
CVE-2007-2796 (Arris Cadant C3 CMTS allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Arris Cadant
CVE-2007-2795 (Multiple buffer overflows in Ipswitch IMail before 2006.21 allow ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2007-2794
	RESERVED
CVE-2007-2793 (PHP remote file inclusion vulnerability in ImageImageMagick.php in ...)
	NOT-FOR-US: Geeklog
CVE-2007-2792 (SQL injection vulnerability in the Yet another Newsletter Component ...)
	NOT-FOR-US: com_yanc for Mambo
	NOTE: com_yanc component not in Mambo Debian package
CVE-2007-2791 (Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX ...)
	NOT-FOR-US: HP Tru64
CVE-2007-2790 (Cross-site scripting (XSS) vulnerability in shopcontent.asp in VP-ASP ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2007-2789 (The BMP image parser in Sun Java Development Kit (JDK) before ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2788 (Integer overflow in the embedded ICC profile image parser in Sun Java ...)
	- sun-java5 1.5.0-11-1 (medium)
	[etch] - sun-java5 1.5.0-14-1etch1
	- sun-java6 6-01-1 (bug #422403)
	- openjdk-6 6b08-1 (bug #566766)
CVE-2007-2787 (Stack-based buffer overflow in the BrowseDir function in the (1) ...)
	NOT-FOR-US: LeadTools Raster Thumbnail Object Library
CVE-2007-2786 (Ratbox IRC Daemon (aka ircd-ratbox) 2.2.5 and earlier allows remote ...)
	NOT-FOR-US: ircd-ratbox
CVE-2007-2785 (manage-admins.php in eSyndiCat Pro 1.x allows remote attackers to ...)
	NOT-FOR-US: eSyndiCat Pro
CVE-2007-2784 (Unspecified vulnerability in globus-job-manager in Globus Toolkit ...)
	NOT-FOR-US: Globus Toolkit
CVE-2007-2783 (Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 ...)
	NOT-FOR-US: Rational Soft Hidden Administrator
CVE-2007-2782 (Packeteer PacketShaper uses fixed increments in TCP initial sequence ...)
	NOT-FOR-US: Packeteer PacketShaper
CVE-2007-2781 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: WikyBlog
CVE-2007-2780 (PsychoStats 3.0.6b and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: PsychoStats
CVE-2007-2779 (PHP remote file inclusion vulnerability in template_csv.php in ...)
	NOT-FOR-US: Libstats
CVE-2007-2778 (Multiple directory traversal vulnerabilities in MolyX BOARD 2.5.0 ...)
	NOT-FOR-US: MolyX BOARD
CVE-2007-2777 (Unrestricted file upload vulnerability in admin/addsptemplate.php in ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2776 (AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2007-2775 (AlstraSoft Live Support 1.21 sends a redirect to the web browser but ...)
	NOT-FOR-US: AlstraSoft Live Support
CVE-2007-2774 (Multiple PHP remote file inclusion vulnerabilities in SunLight CMS 5.3 ...)
	NOT-FOR-US: SunLight CMS
CVE-2007-2773 (SQL injection vulnerability in plugins/mp3playlist/mp3playlist.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2772 ((1) caloggerd.exe (camt70.dll) and (2) mediasvr.exe (catirpc.dll and ...)
	NOT-FOR-US: CA BrightStor Backup
CVE-2007-2771 (Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG ...)
	NOT-FOR-US: LeadTools JPEG 2000
CVE-2007-2770 (Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote ...)
	NOT-FOR-US: Eudora
CVE-2007-2769 (BES before 3.5.0 in OPeNDAP 4 (Hydrax) before 1.2.1 does not properly ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2768 (OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=112279
CVE-2007-2767 (Unspecified vulnerability in BES before 3.5.0 in OPeNDAP 4 (Hydrax) ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2766 (lib/backup-methods.sh in Backup Manager before 0.7.6 provides the ...)
	- backup-manager 0.7.6-1 (low)
	[sarge] - backup-manager <no-dsa> (Minor issue)
	[etch] - backup-manager 0.7.5-5
CVE-2007-2765 (blockhosts.py in BlockHosts before 2.0.3 does not properly parse ...)
	NOT-FOR-US: BlockHosts
CVE-2007-2764 (The embedded Linux kernel in certain Sun-Brocade SilkWorm switches ...)
	NOT-FOR-US: Sun-Brocade SilkWorm
CVE-2007-2763 (Buffer overflow in the UnlockSupport function in the LockModules ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2762 (Multiple PHP remote file inclusion vulnerabilities in Build it Fast ...)
	NOT-FOR-US: Build it Fast
CVE-2007-2761 (Stack-based buffer overflow in MagicISO 5.4 build 239 and earlier ...)
	NOT-FOR-US: MagicISO
CVE-2007-2760 (The canUpdate function in model/MRole.java in Adempiere before 3.1.6 ...)
	NOT-FOR-US: Adempiere
CVE-2007-2759 (Multiple SQL injection vulnerabilities in the insert function in the ...)
	NOT-FOR-US: Adempiere
CVE-2007-2758 (Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted ...)
	NOT-FOR-US: WinImage
CVE-2007-2757 (Multiple cross-site scripting (XSS) vulnerabilities in Redoable 1.2 ...)
	NOT-FOR-US: Redoable
CVE-2007-2756 (The gdPngReadData function in libgd 2.0.34 allows user-assisted ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (bug #426100; bug #426099; bug #425584; low)
	[etch] - libgd <no-dsa> (Minor issue)
	[sarge] - libgd <no-dsa> (Minor issue)
	[etch] - libgd2 <no-dsa> (Minor issue)
	[sarge] - libgd2 <no-dsa> (Minor issue)
	NOTE: https://web.archive.org/web/20090212193455/http://bugs.libgd.org/?do=details&task_id=86
CVE-2007-2755 (The PrecisionID Barcode 1.9 ActiveX control in ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2754 (Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and ...)
	{DSA-1334-1 DSA-1302-1}
	- freetype 2.2.1-6 (bug #425625)
	[sarge] - freetype 2.1.7-8
CVE-2007-2753 (RunawaySoft Haber portal 1.0 stores sensitive information under the ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2752 (SQL injection vulnerability in devami.asp in RunawaySoft Haber portal ...)
	NOT-FOR-US: RunawaySoft
CVE-2007-2751 (Multiple PHP remote file inclusion vulnerabilities in PHPGlossar 0.8 ...)
	NOT-FOR-US: PHPGlossar
CVE-2007-2750 (SQL injection vulnerability in print.php in SimpNews 2.40.01 and ...)
	NOT-FOR-US: SimpNews
CVE-2007-2749 (SQL injection vulnerability in question.php in FAQEngine 4.16.03 and ...)
	NOT-FOR-US: FAQEngine
CVE-2007-2748 (The substr_count function in PHP 5.2.1 and earlier allows ...)
	- php4 <not-affected> (Debian shipped the correct fix from the beginning)
	- php5 <not-affected> (Debian shipped the correct fix from the beginning)
CVE-2007-2747 (Directory traversal vulnerability in rdw_helpers.py in rdiffWeb before ...)
	NOT-FOR-US: rdiffWeb
CVE-2007-2746 (The viewList function in lib/WebGUI/Asset/Wobject/DataForm.pm in Plain ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-2745 (Cross-site scripting (XSS) vulnerability in printcal.pl in vDesk ...)
	NOT-FOR-US: vDesk Webmail
CVE-2007-2744 (Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2743 (PHP remote file inclusion vulnerability in custom_vars.php in ...)
	NOT-FOR-US: GlossWord
CVE-2007-2742 (Unrestricted file upload vulnerability in labs.beffa.org w2box 4.0.0 ...)
	NOT-FOR-US: w2box
CVE-2007-2741 (Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows ...)
	- lcms 1.15-1 (medium)
CVE-2007-2740 (Unspecified vulnerability in xajax before 0.2.5 has unknown impact and ...)
	- php-xajax 0.2.5-1 (bug #426103; unimportant)
	NOTE: This issue was created because of an upstream changelog entry, which however
	NOTE: was meant for the XSS, which is the general issue.
CVE-2007-2739 (Cross-site scripting (XSS) vulnerability in xajax before 0.2.5 allows ...)
	{DSA-1692-1}
	- php-xajax 0.2.5-1 (bug #426103; low)
CVE-2007-2738 (SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2007-2737 (SQL injection vulnerability in index.php in the MyConference 1.0 ...)
	NOT-FOR-US: MyConference for Xoops
CVE-2007-2736 (PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 ...)
	NOT-FOR-US: Achievo
CVE-2007-2735 (SQL injection vulnerability in edit_day.php in the ResManager 1.2.1 ...)
	NOT-FOR-US: ResManager for Xoops
CVE-2007-2734 (The 3Com TippingPoint IPS do not properly handle certain full-width ...)
	NOT-FOR-US: 3Com TippingPoint IPS
CVE-2007-2733 (Unrestricted file upload vulnerability in Jetbox CMS allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2732 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2731 (CRLF injection vulnerability in formmail.php in Jetbox CMS 2.1 might ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2730 (Check Point ZoneAlarm Pro before 6.5.737.000 does not properly test ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2729 (Comodo Firewall Pro 2.4.18.184 and Comodo Personal Firewall 2.3.6.81, ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2007-2728 (The soap extension in PHP calls php_rand_r with an uninitialized seed ...)
	- php5 5.2.3-1 (low)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php4 <not-affected> (no soap functions in php4)
CVE-2007-2727 (The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before ...)
	[etch] - php5 <not-affected> (Version from 5.2.0 correctly uses rand())
	- php5 5.2.2-1 (low)
	NOTE: Code not present in PHP 4.
CVE-2007-2726 (BitsCast 0.13.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BitsCast
CVE-2007-2725 (The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control ...)
	NOT-FOR-US: DeWizardX
CVE-2007-2724 (Cross-site scripting (XSS) vulnerability in all_photos.html in fotolog ...)
	NOT-FOR-US: fotolog
CVE-2007-2723 (Media Player Classic 6.4.9.0 allows user-assisted remote attackers to ...)
	NOT-FOR-US: guliverkli Media Player Classic
CVE-2007-2722 (Unspecified vulnerability in NewzCrawler 1.8 allows remote attackers ...)
	NOT-FOR-US: NewzCrawler
CVE-2007-2721 (The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer ...)
	{DSA-2036-1}
	- jasper 1.900.1-6 (medium; bug #413033; bug #528543)
	NOTE: Jasper was initially fixed in 1.900.1-3, but the fix got dropped later, see #528543
	- ghostscript 8.61.dfsg.1~svn8187-1.1 (medium; bug #447188)
	- gs-gpl <removed> (medium; bug #561717)
	NOTE: see http://ghostscript.com/pipermail/gs-cvs/2007-October/007877.html
CVE-2007-2720 (Group-Office before 2.16-13 does not properly validate user IDs, which ...)
	NOT-FOR-US: Group-Office
CVE-2007-2719 (Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2007-2718 (Cross-site scripting (XSS) vulnerability in the WebMail system in ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2007-2717 (SQL injection vulnerability in shop/page.php in iGeneric (iG) Shop 1.4 ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2007-2716 (Multiple cross-site scripting (XSS) vulnerabilities in EQdkp 1.3.2c ...)
	NOT-FOR-US: EQdkp
CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on &quot;operating systems that only ...)
	- wu-ftpd 2.6.2-4
CVE-2007-2715 (Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to ...)
	NOT-FOR-US: Snaps! Gallery
CVE-2007-2714 (Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet ...)
	- wordpress 2.2-1
	NOTE: See http://plugins.trac.wordpress.org/changeset/12812/akismet/trunk/akismet.php
CVE-2007-2713 (ifdate 2.x sends a redirect to the web browser but does not exit when ...)
	NOT-FOR-US: iFdate
CVE-2007-2712 (Unspecified vulnerability in MH Software Connect Daily before 3.3.3 ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2007-2711 (Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows ...)
	NOT-FOR-US: TinyIdentD
CVE-2007-2710 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2709 (PHP remote file inclusion vulnerability in functions/prepend_adm.php ...)
	NOT-FOR-US: NagiosQL
CVE-2007-2708 (PHP remote file inclusion vulnerability in newsadmin.php in Feindt ...)
	NOT-FOR-US: News-Script
CVE-2007-2707 (PHP remote file inclusion vulnerability in linksnet_linkslog_rss.php ...)
	NOT-FOR-US: Linksnet Newsfeed
CVE-2007-2706 (PHP remote file inclusion vulnerability in maint/ftpmedia.php in Media ...)
	NOT-FOR-US: Geeklog
CVE-2007-2705 (Directory traversal vulnerability in the Test View Console in BEA ...)
	NOT-FOR-US: BEA WebLogic Integration
CVE-2007-2704 (BEA WebLogic Server 9.0 through 9.2 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2007-2703 (BEA WebLogic Portal 9.2 GA can corrupt a visitor entitlements role if ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2702 (Cross-site scripting (XSS) vulnerability in the GroupSpace application ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2007-2701 (The JMS Message Bridge in BEA WebLogic Server 7.0 through SP7 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2700 (The WLST script generated by the configToScript command in BEA ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2699 (The Administration Console in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2698 (The Administration Console in BEA WebLogic Server 9.0 may show ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2697 (The embedded LDAP server in BEA WebLogic Express and WebLogic Server ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2696 (The JMS Server in BEA WebLogic Server 6.1 through SP7, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2695 (The HttpClusterServlet and HttpProxyServlet in BEA WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2694 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2007-2693 (MySQL before 5.1.18 allows remote authenticated users without SELECT ...)
	- mysql-dfsg-5.0 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Only MySQL 5.1 affected)
	[sarge] - mysql-dfsg <not-affected> (Only MySQL 5.1 affected)
CVE-2007-2692 (The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.42 (bug #424778)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable functionality not implemented)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: http://bugs.mysql.com/bug.php?id=28499
CVE-2007-2691 (MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41a-1 (bug #424778; bug #424830)
CVE-2007-2690 (Multiple IBM ISS Proventia Series products, including the A, G, and M ...)
	NOT-FOR-US: ISS
CVE-2007-2689 (Check Point Web Intelligence does not properly handle certain ...)
	NOT-FOR-US: Check Point
CVE-2007-2688 (The Cisco Intrusion Prevention System (IPS) and IOS with Firewall/IPS ...)
	NOT-FOR-US: Cisco
CVE-2007-2687 (Stack-based buffer overflow in the MicroWorld Agent service ...)
	NOT-FOR-US: MicroWorld
CVE-2007-2686 (Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2685 (Multiple SQL injection vulnerabilities in index.php in Jetbox CMS 2.1 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2684 (Jetbox CMS 2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-2683 (Buffer overflow in Mutt 1.4.2 might allow local users to execute ...)
	- mutt 1.5.15+20070608-1 (low; bug #426116)
	[etch] - mutt <no-dsa> (Minor issue, hardly exploitable)
	[sarge] - mutt <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-2682 (The installer for Adobe Version Cue CS3 Server on Apple Mac OS X, as ...)
	NOT-FOR-US: Adobe
CVE-2007-2681 (Directory traversal vulnerability in blogs/index.php in b2evolution ...)
	- b2evolution <unfixed> (unimportant)
	NOTE: This is a register_globals=on issue.
	NOTE: More than just blogs/index.php is affected (that file isn't
	NOTE: installed by the Debian package).
CVE-2007-2680 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: Canon
CVE-2007-2679 (PHP file inclusion vulnerability in index.php in Ivan Peevski gallery ...)
	NOT-FOR-US: Simple PHP Scripts
CVE-2007-2678 (Buffer overflow in the isChecked function in toolbar.dll in Netsprint ...)
	NOT-FOR-US: Netsprint
CVE-2007-2677 (Multiple PHP remote file inclusion vulnerabilities in phpChess ...)
	NOT-FOR-US: phpChess
CVE-2007-2676 (PHP remote file inclusion vulnerability in skins/header.php in Open ...)
	NOT-FOR-US: Open Translation Engine
CVE-2007-2675 (SQL injection vulnerability in search.php in Pre Classifieds Listings ...)
	NOT-FOR-US: Pre Classifieds Listings
CVE-2007-2674 (SQL injection vulnerability in detail.php in Pre Shopping Mall 1.0 ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2007-2673 (SQL injection vulnerability in includes/funcs_vendors.php in Censura ...)
	NOT-FOR-US: Censura
CVE-2007-2672 (SQL injection vulnerability in index.php in PHP Coupon Script 3.0 ...)
	NOT-FOR-US: PHP Coupon Script
CVE-2007-2671 (Mozilla Firefox 2.0.0.3 allows remote attackers to cause a denial of ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-2670 (PHPChain 1.0 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: PHPChain
CVE-2007-2669 (Multiple cross-site scripting (XSS) vulnerabilities in PHPChain 1.0 ...)
	NOT-FOR-US: PHPChain
CVE-2007-2668 (Buffer overflow in webdesproxy 0.0.1 allows remote attackers to ...)
	NOT-FOR-US: webdesproxy
CVE-2007-2667 (Buffer overflow in the DB Software Laboratory VImpX ActiveX control in ...)
	NOT-FOR-US: VImpX
CVE-2007-2666 (Stack-based buffer overflow in LexRuby.cxx (SciLexer.dll) in Scintilla ...)
	NOT-FOR-US: notepad++
CVE-2007-2665 (PHP remote file inclusion vulnerability in block.php in PhpFirstPost ...)
	NOT-FOR-US: PhpFirstPost
CVE-2007-2664 (PHP remote file inclusion vulnerability in includes/common.php in Yaap ...)
	NOT-FOR-US: Yaap
CVE-2007-2663 (PHP remote file inclusion vulnerability in language/1/splash.lang.php ...)
	NOT-FOR-US: Beacon
CVE-2007-2662 (SQL injection vulnerability in EfesTECH Haber 5.0 allows remote ...)
	NOT-FOR-US: EfesTECH
CVE-2007-2661 (SQL injection vulnerability in archshow.asp in BlogMe 3.0 allows ...)
	NOT-FOR-US: BlogMe
CVE-2007-2660 (** DISPUTED ** ...)
	NOT-FOR-US: PhpConcept
CVE-2007-2659 (Directory traversal vulnerability in index.php in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2007-2658 (Unspecified vulnerability in the ID Automation Linear Barcode 1.6.0.5 ...)
	NOT-FOR-US: ID Automation
CVE-2007-2657 (Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX ...)
	NOT-FOR-US: PrecisionID
CVE-2007-2656 (Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ...)
	NOT-FOR-US: HP
CVE-2007-2655 (Unspecified vulnerability in NetWin Webmail 3.1s-1 in SurgeMail before ...)
	NOT-FOR-US: NetWin
CVE-2007-2654 (xfs_fsr in xfsdump creates a .fsr temporary directory with insecure ...)
	- xfsdump 2.2.45-1 (bug #417894; low)
	[etch] - xfsdump <no-dsa> (Minor issue)
CVE-2007-2653
	REJECTED
CVE-2007-2652 (Multiple unspecified vulnerabilities in Free-SA before 1.2.2 allow ...)
	NOT-FOR-US: Free-SA
CVE-2007-2651 (Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow ...)
	NOT-FOR-US: VooDoo cIRCle
CVE-2007-2650 (The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...)
	{DSA-1320-1 DTSA-43-1}
	- clamav 0.90.2-1
CVE-2007-2649 (Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for ...)
	NOT-FOR-US: Speedport W 700v
CVE-2007-2648 (Stack-based buffer overflow in the Clever Database Comparer 2.2 ...)
	NOT-FOR-US: Clever Database Comparer
CVE-2007-2647 (Static code injection vulnerability in admin/admin_configuration.php ...)
	NOT-FOR-US: MonAlbum
CVE-2007-2646 (Heap-based buffer overflow in yEnc32 1.0.7.207 allows user-assisted ...)
	NOT-FOR-US: yEnc32
CVE-2007-2645 (Integer overflow in the exif_data_load_data_entry function in ...)
	{DSA-1487-1}
	- libexif 0.6.15-1 (bug #424775)
CVE-2007-2644 (A certain ActiveX control in Morovia Barcode ActiveX Professional ...)
	NOT-FOR-US: Morovia
CVE-2007-2643 (Directory traversal vulnerability in phpThumb.php in PinkCrow Designs ...)
	NOT-FOR-US: maGAZIn
CVE-2007-2642 (Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 ...)
	NOT-FOR-US: R2K Gallery
CVE-2007-2641 (SQL injection vulnerability in W1L3D4_bolum.asp in W1L3D4 Philboard ...)
	NOT-FOR-US: W1L3D4
CVE-2007-2640 (LibTMCG before 1.1.1 does not perform a range check to avoid &quot;trivial ...)
	NOT-FOR-US: LibTMCG
CVE-2007-2639 (Directory traversal vulnerability in TFTPdWin 0.4.2 allows remote ...)
	NOT-FOR-US: TFTPDWIN
CVE-2007-2638 (eFileCabinet 3.3 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: eFileCabinet
CVE-2007-2637 (MoinMoin before 20070507 does not properly enforce ACLs for calendars ...)
	{DSA-1514-1}
	- moin 1.5.7-2 (low)
CVE-2007-2636 (Unspecified vulnerability in phpTodo before 0.8.1 allows remote ...)
	NOT-FOR-US: phpTodo
CVE-2007-2635 (Unspecified vulnerability in Interchange before 5.4.2 allows remote ...)
	- interchange 5.4.2-1 (low)
CVE-2007-2634 (PHP remote file inclusion vulnerability in common/errormsg.php in ...)
	NOT-FOR-US: aForum
CVE-2007-2633 (Directory traversal vulnerability in H-Sphere SiteStudio 1.6 allows ...)
	NOT-FOR-US: H-Sphere
CVE-2007-2632 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Multi User ...)
	NOT-FOR-US: phpMUR
CVE-2007-2631 (Cross-site request forgery (CSRF) vulnerability in SquirrelMail ...)
	NOTE: Duplicate of CVE-2007-2589
CVE-2007-2630 (Incomplete blacklist vulnerability in ...)
	- moin 1.5.8-4.1 (unimportant)
	- karrigell <not-affected> (Vulnerable php code not present)
	- knowledgeroot 0.9.8.2-2 (unimportant)
CVE-2007-2629 (Bradford CampusManager Network Control Application Server 3.1(6) ...)
	NOT-FOR-US: Bradford
CVE-2007-2628 (PHP remote file inclusion vulnerability in include/logout.php in ...)
	NOT-FOR-US: PHPSecurityAdmin
CVE-2007-2627 (Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress, ...)
	- wordpress 2.2.2-1 (low)
	[etch] - wordpress <not-affected> (Vulnerable code not present)
CVE-2007-2626 (** DISPUTED ** ...)
	NOT-FOR-US: SchoolBoard
CVE-2007-2625 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2624 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-2623 (Multiple buffer overflows in RControl.dll in Remote Display Dev kit ...)
	NOT-FOR-US: Remote Display Dev kit
CVE-2007-2622 (Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier ...)
	NOT-FOR-US: TaskDriver
CVE-2007-2621 (SQL injection vulnerability in event_view.php in Thyme Calendar 1.3 ...)
	NOT-FOR-US: Thyme Calendar
CVE-2007-2620 (PHP remote file inclusion vulnerability in inc/config.inc.php in Jakub ...)
	NOT-FOR-US: Jakub Steiner (aka jimmac) original
CVE-2007-2619 (Symantec pcAnywhere 11.5.x and 12.0.x retains unencrypted login ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2007-2618 (CRLF injection vulnerability in index.php in Drake CMS 0.4.0 allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-2617 (srsexec in Sun Remote Services (SRS) Net Connect Software Proxy Core ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2616 (Stack-based buffer overflow in the SSL version of the NMDMC.EXE ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-2615 (Multiple PHP remote file inclusion vulnerabilities in Crie seu ...)
	NOT-FOR-US: PHPLojaFacil
CVE-2007-2614 (PHP remote file inclusion vulnerability in examples/widget8.php in ...)
	NOT-FOR-US: phpHtmlLib
CVE-2007-2613 (WikkaWiki (Wikka Wiki) before 1.1.6.3 allows attackers in a shared ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2612 (SQL injection vulnerability in libs/Wakka.class.php in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2611 (Multiple PHP remote file inclusion vulnerabilities in CGX 20050314 ...)
	NOT-FOR-US: CGX
CVE-2007-2610 (Cross-site scripting (XSS) vulnerability in OpenLD before 1.1.9, and ...)
	NOT-FOR-US: OpenLD
CVE-2007-2609 (Multiple PHP remote file inclusion vulnerabilities in gnuedu 1.3b2 ...)
	NOT-FOR-US: gnuedu
CVE-2007-2608 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Miplex2
CVE-2007-2607 (PHP remote file inclusion vulnerability in views/print/printbar.php in ...)
	NOT-FOR-US: LaVague
CVE-2007-2606 (Multiple buffer overflows in Firebird 2.1 allow attackers to trigger ...)
	{DSA-1529-1}
	- firebird2.0 2.0.3.12981.ds1-1 (low; bug #444976)
	[etch] - firebird2 <no-dsa> (Fixed packages have been released through backports.org, see #1529)
	[sarge] - firebird2 <unfixed> (low)
	NOTE: Minor issue, because conffile is restricted
CVE-2007-2605 (Unspecified vulnerability in the GetPropertyById function in ...)
	NOT-FOR-US: Brujula Toolbar
CVE-2007-2604 (Unspecified vulnerability in the FlexLabel ActiveX control allows ...)
	NOT-FOR-US: FlexLabel
CVE-2007-2603 (Unspecified vulnerability in the Init function in the Audio CD Ripper ...)
	NOT-FOR-US: Audio CD Ripper
CVE-2007-2602 (Buffer overflow in MIBEXTRA.EXE in Ipswitch WhatsUp Gold 11 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2007-2601 (Buffer overflow in a certain ActiveX control in the GDivX Zenith ...)
	NOT-FOR-US: GDivX Zenith Player
CVE-2007-2600 (Multiple cross-site scripting (XSS) vulnerabilities in TutorialCMS ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2599 (Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop ...)
	NOT-FOR-US: TutorialCMS
CVE-2007-2598 (SQL injection vulnerability in print.php in SimpleNews 1.0.0 FINAL ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2007-2597 (Multiple PHP remote file inclusion vulnerabilities in telltarget CMS ...)
	NOT-FOR-US: telltarget CMS
CVE-2007-2596 (PHP remote file inclusion vulnerability in common/func.php in aForum ...)
	NOT-FOR-US: aForum
CVE-2007-2595 (RSAuction 2.73.1.3 allows remote authenticated users to move their own ...)
	NOT-FOR-US: RSAuction
CVE-2007-2594 (PHP remote file inclusion vulnerability in inc/articles.inc.php in ...)
	NOT-FOR-US: phpMyPortal
CVE-2007-2593 (The Terminal Server in Microsoft Windows 2003 Server, when using TLS, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2592 (Multiple cross-site scripting (XSS) vulnerabilities in Nokia ...)
	NOT-FOR-US: Nokia
CVE-2007-2591 (usrmgr/userList.asp in Nokia Intellisync Mobile Suite 6.4.31.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2590 (Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, ...)
	NOT-FOR-US: Nokia
CVE-2007-2589 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1 (low)
	NOTE: CVE id has later been assigned to a part of this issue
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...)
	- wu-ftpd 2.6.2-26 (unimportant; bug #425162)
	NOTE: Linux' limit is 4096 chars
CVE-2006-7203 (The compat_sys_mount function in fs/compat.c in Linux kernel 2.6.20 ...)
	{DSA-1504-1}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
CVE-2007-2588 (Multiple buffer overflows in the Office Viewer OCX ActiveX control ...)
	NOT-FOR-US: Office Viewer OCX ActiveX
CVE-2007-2587 (The IOS FTP Server in Cisco IOS 11.3 through 12.4 allows remote ...)
	NOT-FOR-US: Cisco
CVE-2007-2586 (The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check ...)
	NOT-FOR-US: Cisco
CVE-2007-2585 (Stack-based buffer overflow in the Verify function in the BarCodeWiz ...)
	NOT-FOR-US: BarCodeWiz ActiveX control
CVE-2007-2584 (Buffer overflow in the IsOldAppInstalled function in the ...)
	NOT-FOR-US: Subscription Manager ActiveX control
CVE-2007-2583 (The in_decimal::set function in item_cmpfunc.cc in MySQL before ...)
	{DSA-1413-1}
	- mysql-dfsg-5.0 5.0.41-1 (low; bug #426353)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable functionality not implemented)
	NOTE: [sarge] Not affected, test case doesn't crash the daemon
CVE-2007-2582 (Multiple buffer overflows in the DB2 JDBC Applet Server (DB2JDS) ...)
	NOT-FOR-US: IBM DB2
CVE-2007-2581 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-2580 (Unspecified vulnerability in Apple Safari allows local users to obtain ...)
	NOT-FOR-US: Safari
CVE-2007-2579 (Multiple cross-site scripting (XSS) vulnerabilities in ACP3 4.0 beta 3 ...)
	NOT-FOR-US: ACP3
CVE-2007-2578 (Unspecified vulnerability in search/list/action_search/index.php in ...)
	NOT-FOR-US: ACP3
CVE-2007-2577 (Multiple SQL injection vulnerabilities in ACP3 4.0 beta 3 allow remote ...)
	NOT-FOR-US: ACP3
CVE-2007-2576 (Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ...)
	NOT-FOR-US: advdaudio.ocx ActiveX control
CVE-2007-2575 (PHP remote file inclusion vulnerability in watermark.php in the vm ...)
	NOT-FOR-US: vm watermark 0.4.1 mod for Gallery
CVE-2007-2574 (Directory traversal vulnerability in index.php in Archangel Weblog ...)
	NOT-FOR-US: Archangel Weblog
CVE-2007-2573 (PHP remote file inclusion vulnerability in plugin/HP_DEV/cms2.php in ...)
	NOT-FOR-US: PHPtree
CVE-2007-2572 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoAh (aka PHP Content Architect, phparch)
CVE-2007-2571 (SQL injection vulnerability in index.php in the wfquotes 1.0 0 module ...)
	NOT-FOR-US: wfquotes module for XOOPS
CVE-2007-2570 (PHP remote file inclusion vulnerability in handlers/page/show.php in ...)
	NOT-FOR-US: Wikivi5
CVE-2007-2569 (Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 ...)
	NOT-FOR-US: Friendly
CVE-2007-2568 (Multiple stack-based buffer overflows in VCDGear 3.55 allow ...)
	NOT-FOR-US: VCDGear
CVE-2007-2567 (Buffer overflow in the SaveBarCode function in the Taltech Tal Bar ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2566 (The SaveBarCode function in the Taltech Tal Bar Code ActiveX control ...)
	NOT-FOR-US: Taltech Tal Bar Code ActiveX control
CVE-2007-2565 (Cdelia Software ImageProcessing allows user-assisted remote attackers ...)
	NOT-FOR-US: Cdelia Software ImageProcessing
CVE-2007-2564 (Multiple stack-based buffer overflows in the Sienzo Digital Music ...)
	NOT-FOR-US: Sienzo Digital Music Mentor ActiveX control
CVE-2007-2563 (Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ...)
	NOT-FOR-US: VersalSoft HTTP File Upload ActiveX control
CVE-2007-2562 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2007-2561 (SQL injection vulnerability in index.asp in fipsCMS 2.1 allows remote ...)
	NOT-FOR-US: fipsCMS
CVE-2007-2560 (Directory traversal vulnerability in theme/acgv.php in ACGVannu 1.3 ...)
	NOT-FOR-US: ACGVannu
CVE-2007-2559 (Multiple PHP remote file inclusion vulnerabilities in american cart ...)
	NOT-FOR-US: american cart
CVE-2007-2558 (** DISPUTED ** ...)
	NOT-FOR-US: pfa CMS
CVE-2007-2557 (MOStlyDB Admin in Mambo 4.6.1 does not properly check privileges, ...)
	NOT-FOR-US: Mambo
CVE-2007-2556 (SQL injection vulnerability in Nuked-klaN 1.7.6 allows remote ...)
	NOT-FOR-US: Nuked-klaN
CVE-2007-2555 (Unspecified vulnerability in Default.aspx in Podium CMS allows remote ...)
	NOT-FOR-US: Podium CMS
CVE-2007-2554 (Associated Press (AP) Newspower 4.0.1 and earlier uses a default blank ...)
	NOT-FOR-US: Newspower
CVE-2007-2553 (Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-2552 (The RecentChanges feature in WikkaWiki (Wikka Wiki) before 1.1.6.3 ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2551 (Cross-site scripting (XSS) vulnerability in usersettings.php in ...)
	NOT-FOR-US: WikkaWiki
CVE-2007-2550 (Multiple CRLF injection vulnerabilities in Devellion CubeCart 3.0.15 ...)
	NOT-FOR-US: CubeCart
CVE-2007-2549 (SQL injection vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2548 (Unspecified vulnerability in index.php in TurnkeyWebTools SunShop ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2547 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TurnkeyWebTools
CVE-2007-2546 (Session fixation vulnerability in Simple Machines Forum (SMF) 1.1.2 ...)
	NOT-FOR-US: SMF
CVE-2007-2545 (Multiple PHP remote file inclusion vulnerabilities in Persism CMS ...)
	NOT-FOR-US: Persism
CVE-2007-2544 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TopTree BBS
CVE-2007-2543 (SQL injection vulnerability in game.php in the Flashgames 1.0.1 module ...)
	NOT-FOR-US: XOOPS
CVE-2007-2542 (PHP remote file inclusion vulnerability in header.php in workbench ...)
	NOT-FOR-US: workbench survival guide
CVE-2007-2541 (PHP remote file inclusion vulnerability in includes/ajax_listado.php ...)
	NOT-FOR-US: Versado
CVE-2007-2540 (Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and ...)
	NOT-FOR-US: PMECMS
CVE-2007-2539 (The show_files function in RunCms 1.5.2 and earlier allows remote ...)
	NOT-FOR-US: RunCms
CVE-2007-2538 (SQL injection vulnerability in class/debug/debug_show.php in RunCms ...)
	NOT-FOR-US: RunCms
CVE-2007-2537 (Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 ...)
	NOT-FOR-US: NPDS
CVE-2007-2536 (PicoZip allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: Picozip
CVE-2007-2535 (WinAce allows remote attackers to cause a denial of service (infinite ...)
	NOT-FOR-US: WinAce
CVE-2007-2534 (** DISPUTED ** ...)
	NOT-FOR-US: phpHoo3
CVE-2007-2533 (Multiple buffer overflows in Trend Micro ServerProtect 5.58 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2532 (Multiple cross-site scripting (XSS) vulnerabilities in Minh Nguyen ...)
	NOT-FOR-US: Minh Nguyen Duong Obie Website Mini Web Shop
CVE-2007-2531 (PHP remote file inclusion vulnerability in berylium-classes.php in ...)
	NOT-FOR-US: Berylium2
CVE-2007-2530 (Multiple PHP remote file inclusion vulnerabilities in Tropicalm ...)
	NOT-FOR-US: Tropicalm
CVE-2007-2529 (Integer signedness error in the acl (facl) system call in Solaris 10 ...)
	NOT-FOR-US: Solaris 10
CVE-2007-2528 (Buffer overflow in AgRpcCln.dll for Trend Micro ServerProtect 5.58 for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-2527 (Multiple PHP remote file inclusion vulnerabilities in DynamicPAD ...)
	NOT-FOR-US: DynamicPAD
CVE-2007-2526 (Heap-based buffer overflow in the ConnectAsyncEx function in VNC ...)
	NOT-FOR-US: VNC Viewer ActiveX control
CVE-2007-2525 (Memory leak in the PPP over Ethernet (PPPoE) socket implementation in ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1
	NOTE: Fixed in commit 202a03acf9994076055df40ae093a5c5474ad0bd in
	NOTE: Linus' tree.
CVE-2007-2524 (Cross-site scripting (XSS) vulnerability in index.pl in Open Ticket ...)
	{DSA-1298-1}
	- otrs2 2.1.1-1 (bug #423524)
	NOTE: 2.1 and 2.2 are not affected, so recording earliest 2.1 version as fix
CVE-2007-2523 (CA Anti-Virus for the Enterprise r8 and Threat Manager r8 before ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2522 (Stack-based buffer overflow in the inoweb Console Server in CA ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2007-2521 (PHP remote file inclusion vulnerability in common.php in E-GADS! ...)
	NOT-FOR-US: E-GADS!
CVE-2007-2520 (SQL injection vulnerability in admin.php in MyNews 0.10, when ...)
	NOT-FOR-US: MyNews
CVE-2007-2519 (Directory traversal vulnerability in the installer in PEAR 1.0 through ...)
	- php5 5.2.3-1 (unimportant; bug #441433)
	- php4 <removed> (unimportant)
	NOTE: The installation of the PEAR needs to be trusted anyway, this doesn't
	NOTE: cross trust boundaries
CVE-2007-2518
	REJECTED
CVE-2007-2517
	RESERVED
CVE-2007-2516
	RESERVED
CVE-2007-2515
	RESERVED
CVE-2007-2514 (Stack-based buffer overflow in XferWan.exe as used in multiple ...)
	NOT-FOR-US: Symantec
CVE-2007-2513 (Novell GroupWise 7 before SP2 20070524, and GroupWise 6 before 6.5 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2512 (Alcatel-Lucent IP-Touch Telephone running OmniPCX Enterprise 7.0 and ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-2511 (Buffer overflow in the user_filter_factory_create function in PHP ...)
	{DTSA-39-1}
	- php5 5.2.2-1
	NOTE: Only triggerable by malicious script
CVE-2007-2510 (Buffer overflow in the make_http_soap_request function in PHP before ...)
	{DSA-1295-1 DTSA-39-1}
	- php5 5.2.2-1 (low)
CVE-2007-2509 (CRLF injection vulnerability in the ftp_putcmd function in PHP before ...)
	{DSA-1296-1 DSA-1295-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.2-1 (low)
	- php4 4.4.7-1 (low)
CVE-2007-2508 (Multiple stack-based buffer overflows in Trend Micro ServerProtect ...)
	NOT-FOR-US: Trend Micro
CVE-2007-2507 (Directory traversal vulnerability in includes/download.php in Treble ...)
	NOT-FOR-US: Treble Designs 1024 CMS
CVE-2007-2506 (WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and ...)
	NOT-FOR-US: OpenEdge WebSpeed
CVE-2007-2505 (Stack-based buffer overflow in InterVations MailCOPA 8.01 20070323 ...)
	NOT-FOR-US: MailCOPA
CVE-2007-2504 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2503 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Turbulence
CVE-2007-2502 (Unspecified vulnerability in HP ProCurve 9300m Series switches with ...)
	NOT-FOR-US: HP ProCurve 9300m Series switches
CVE-2007-2501 (Eval injection vulnerability in codepress.html in CodePress before ...)
	NOT-FOR-US: CodePress
CVE-2007-2500 (server/parser/sprite_definition.cpp in GNU Gnash (aka GNU Flash ...)
	{DTSA-48-1}
	- gnash 0.7.2+cvs20070518.1557-1 (bug #423433)
CVE-2007-2499 (Multiple cross-site scripting (XSS) vulnerabilities in DVDdb 0.6 and ...)
	NOT-FOR-US: DVDdb
CVE-2007-2498 (libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote ...)
	NOT-FOR-US: Winamp
CVE-2007-2497 (RealNetworks RealPlayer 10 Gold allows remote attackers to cause a ...)
	NOT-FOR-US: RealPlayer
	NOTE: helix-player not affected
CVE-2007-2496 (The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote ...)
	NOT-FOR-US: WordViewer.ocx
CVE-2007-2495 (Multiple stack-based buffer overflows in the ExcelOCX ActiveX control ...)
	NOT-FOR-US: ExcelViewer .ocx
CVE-2007-2494 (Multiple stack-based buffer overflows in the PowerPointOCX ActiveX ...)
	NOT-FOR-US: PowerPointViewer .ocx
CVE-2007-2493 (PHP remote file inclusion vulnerability in faq.php in the FAQ &amp; RULES ...)
	NOT-FOR-US: FAQ & RULES module for mxBB
CVE-2007-2492 (SQL injection vulnerability in index.php in the v4bJournal module for ...)
	NOT-FOR-US: v4bJournal module for PostNuke
CVE-2007-2491 (The PIIX4 power management subsystem in EMC VMware Workstation ...)
	NOT-FOR-US: EMC VMware
CVE-2007-2490 (Unspecified vulnerability in LiveData Server before 5.00.62 allows ...)
	NOT-FOR-US: LiveData Server
CVE-2007-2489 (Heap-based buffer overflow in LiveData Protocol Server 5.00.045, and ...)
	NOT-FOR-US: LiveData Protocol Server
CVE-2007-2487 (Stack-based buffer overflow in AtomixMP3 allows remote attackers to ...)
	NOT-FOR-US: AtomixMP3
CVE-2007-2486 (Directory traversal vulnerability in download.asp in Motobit 1.3 and ...)
	NOT-FOR-US: Motobit
CVE-2007-2485 (PHP remote file inclusion vulnerability in myflash-button.php in the ...)
	NOT-FOR-US: myflash plugin for WordPress
CVE-2007-2484 (PHP remote file inclusion vulnerability in js/wptable-button.php in ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2483 (Directory traversal vulnerability in js/wptable-button.php in the ...)
	NOT-FOR-US: wp-Table plugin for WordPress
CVE-2007-2482 (Directory traversal vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2007-2481 (PHP remote file inclusion vulnerability in wordtube-button.php in the ...)
	NOT-FOR-US: wordTube plugin for WordPress
CVE-2006-7202 (The dofreePDF function in includes/pdf.php in Mambo 4.6.1 does not ...)
	NOT-FOR-US: Mambo
CVE-2007-XXXX [schroot may use outdated configuration information]
	- schroot <not-affected> (Upstream: "This bug was never present in a Debian release.")
CVE-2007-2488 (The IAX2 channel driver (chan_iax2) in Asterisk before 20070504 does ...)
	{DSA-1358-1}
	- asterisk 1:1.4.5~dfsg-1 (low)
	NOTE: no-dsa / unimportant candidate, the opposite side of the telephone line
	NOTE: could just as well hang-up
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-013.htm
CVE-2007-2480 (The _udp_lib_get_port function in net/ipv4/udp.c in Linux kernel ...)
	- linux-2.6 2.6.22-1 (medium)
CVE-2007-2479 (Cerulean Studios Trillian Pro before 3.1.5.1 allows remote attackers ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2478 (Multiple heap-based buffer overflows in the IRC component in Cerulean ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2477 (** DISPUTED ** ...)
	NOT-FOR-US: phpMyChat
CVE-2007-2476 (Unspecified vulnerability in Novell SecureLogin (NSL) 6 SP1 before ...)
	NOT-FOR-US: Novell
CVE-2007-2475 (Unspecified vulnerability in the ADSCHEMA utility in Novell ...)
	NOT-FOR-US: Novell
CVE-2007-2474 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2007-2473 (SQL injection vulnerability in stylesheet.php in CMS Made Simple 1.0.5 ...)
	NOT-FOR-US: CMS Made Simple
CVE-2007-2472 (Cross-site scripting (XSS) vulnerability in sendcard.php in Sendcard ...)
	NOT-FOR-US: Sendcard
CVE-2007-2471 (Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 ...)
	NOT-FOR-US: Sendcard
CVE-2007-2470 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FileRun
CVE-2007-2469 (SQL injection vulnerability in index.php in FileRun 1.0 and earlier ...)
	NOT-FOR-US: FileRun
CVE-2007-2468 (Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2007-2467 (ZoneAlarm Pro 6.5.737.000, 6.1.744.001, and possibly earlier versions ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2466 (Unspecified vulnerability in the LDAP Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2007-2465 (Unspecified vulnerability in Sun Solaris 9, when Solaris Auditing ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2464 (Race condition in Cisco Adaptive Security Appliance (ASA) and PIX 7.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-2463 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2462 (Unspecified vulnerability in Cisco Adaptive Security Appliance (ASA) ...)
	NOT-FOR-US: Cisco
CVE-2007-2461 (The DHCP relay agent in Cisco Adaptive Security Appliance (ASA) and ...)
	NOT-FOR-US: Cisco
CVE-2007-2460 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FireFly
CVE-2007-2459 (Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl ...)
	{DSA-1498-1}
	- libimager-perl 0.58-1 (bug #421582)
CVE-2007-2458 (Multiple PHP remote file inclusion vulnerabilities in Pixaria Gallery ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2457 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Pixaria Gallery
CVE-2007-2456 (Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 ...)
	NOT-FOR-US: FireFly
CVE-2007-2455 (Parallels allows local users to cause a denial of service (virtual ...)
	NOT-FOR-US: Parallels
CVE-2007-2454 (Heap-based buffer overflow in the VGA device in Parallels allows local ...)
	NOT-FOR-US: Parallels
CVE-2007-2453 (The random number feature in Linux kernel 2.6 before 2.6.20.13, and ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-5 (low)
CVE-2007-2452 (Heap-based buffer overflow in the visit_old_format function in ...)
	- findutils 4.2.31-1 (low; bug #426862)
	[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)
	[etch] - findutils 4.2.28-1etch1 (low)
CVE-2007-2451 (Unspecified vulnerability in drivers/crypto/geode-aes.c in GEODE-AES ...)
	- linux-2.6 2.6.21-3
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present, introduced in 2.6.20)
CVE-2007-2450 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Manager ...)
	{DSA-1468-1}
	- tomcat4 <removed> (low)
	- tomcat5 <removed> (low)
	- tomcat5.5 5.5.25-1 (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-2449 (Multiple cross-site scripting (XSS) vulnerabilities in certain JSP ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Only present in the examples, not in production code
CVE-2007-2448 (Subversion 1.4.3 and earlier does not properly implement the &quot;partial ...)
	- subversion 1.4.4dfsg1-1 (bug #428194; low)
	[etch] - subversion <no-dsa> (Minor issue)
	[sarge] - subversion <no-dsa> (Minor issue)
CVE-2007-2447 (The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2446 (Multiple heap-based buffer overflows in the NDR parsing in smbd in ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1 (high)
CVE-2007-2445 (The png_handle_tRNS function in pngrutil.c in libpng before 1.0.25 and ...)
	{DSA-1613-1}
	- libgd2 2.0.35.dfsg-1 (low)
	[etch] - libgd2 2.0.33-5.2etch1 (low)
	- libpng 1.2.15~beta5-2
	- libpng3 <not-affected>
	[etch] - libpng 1.2.15~beta5-1+etch2
	NOTE: Only a crash, no code injection. Calling this DoS stretches things rather far
CVE-2007-2444 (Logic error in the SID/Name translation functionality in smbd in Samba ...)
	{DSA-1291-2 DTSA-41-1}
	- samba 3.0.25-1
CVE-2007-2443 (Integer signedness error in the gssrpc__svcauth_unix function in ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; medium)
CVE-2007-2442 (The gssrpc__svcauth_gssapi function in the RPC library in MIT Kerberos ...)
	{DSA-1323-1}
	- krb5 1.6.dfsg.1-5 (bug #430787; high)
CVE-2007-2441 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2440 (Directory traversal vulnerability in Caucho Resin Professional 3.1.0 ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2439 (Caucho Resin Professional 3.1.0 and Caucho Resin 3.1.0 and earlier for ...)
	NOT-FOR-US: Caucho Resin Professional
CVE-2007-2438 (The sandbox for vim allows dangerous functions such as (1) writefile, ...)
	{DSA-1364-2 DSA-1364-1}
	- vim 1:7.1-022+1 (bug #435401; low)
	[sarge] - vim <not-affected> (Vulnerable code not present)
	NOTE: Exploitable through modelines, needs to be used with care in any case
CVE-2007-2437 (The X render (Xrender) extension in X.org X Window System 7.0, 7.1, ...)
	- xorg-server 2:1.3.0.0.dfsg-4 (unimportant; bug #422936)
	NOTE: etch vulnerable (patch below applies)
	NOTE: git url to fix the issue
	NOTE: http://gitweb.freedesktop.org/?p=xorg/xserver.git;a=commitdiff;h=71fc5b3e9309182978ead676965d65ca93a4e3b9
	NOTE: Not considered a security problem, only exploitable by authenticated users
	NOTE: If an attacker convinces such a user to run his exploit code blindly she could
	NOTE: just as well provide a binary which does more harm
CVE-2007-2436
	REJECTED
CVE-2007-2435 (Sun Java Web Start in JDK and JRE 5.0 Update 10 and earlier, and Java ...)
	- sun-java5 1.5.0-11-1 (medium; bug #423062)
	[etch] - sun-java5 1.5.0-14-1etch1
CVE-2007-2434 (Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows ...)
	NOT-FOR-US: Aventail Connect
CVE-2007-2433 (Cross-site scripting (XSS) vulnerability in index.php in Ariadne 2.4.1 ...)
	NOT-FOR-US: Ariadne
CVE-2007-2432 (Cross-site scripting (XSS) vulnerability in utilities/search.asp in ...)
	NOT-FOR-US: Nukedit
CVE-2007-2431 (Dynamic variable evaluation vulnerability in ...)
	NOT-FOR-US: TCExam
CVE-2007-2430 (shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote ...)
	NOT-FOR-US: TCExam
CVE-2007-2429 (ManageEngine PasswordManager Pro (PMP) allows remote attackers to ...)
	NOT-FOR-US: ManageEngine PasswordManager Pro (PMP)
CVE-2007-2428 (Multiple PHP remote file inclusion vulnerabilities in page.php in ...)
	NOT-FOR-US: Ahhp-Portal
CVE-2007-2427 (SQL injection vulnerability in index.php in the pnFlashGames 1.5 ...)
	NOT-FOR-US: pnFlashGames
CVE-2007-2426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: myGallery
CVE-2007-2425 (Directory traversal vulnerability in fileview.php in Imageview 5.3 ...)
	NOT-FOR-US: Imageview
CVE-2007-2424 (PHP remote file inclusion vulnerability in help/index.php in The ...)
	NOT-FOR-US: The Merchant
CVE-2007-2423 (Cross-site scripting (XSS) vulnerability in index.php in MoinMoin ...)
	{DSA-1514-1}
	- moin 1.5.7-3 (medium; bug #422408)
CVE-2007-2422 (** DISPUTED ** ...)
	NOT-FOR-US: Comdev One Admin
CVE-2007-2421 (Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2007-2420 (SQL injection vulnerability in bry.asp in Burak Yilmaz Blog 1.0 allows ...)
	NOT-FOR-US: Burak Yilmaz Blog
CVE-2007-2419 (Multiple buffer overflows in an ActiveX control (boisweb.dll) in ...)
	NOT-FOR-US: Macrovision
CVE-2007-2418 (Heap-based buffer overflow in the Rendezvous / Extensible Messaging ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2007-2417 (Heap-based buffer overflow in _mprosrv.exe in Progress Software ...)
	NOT-FOR-US: Progress Software Progress and OpenEdge
CVE-2007-2416 (SQL injection vulnerability in home.php in E-Annu allows remote ...)
	NOT-FOR-US: E-Annu
CVE-2007-2415 (Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Pi3Web Web Server
CVE-2007-2414 (MyServer before 0.8.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: MyServer
CVE-2007-2413
	REJECTED
CVE-2007-2412 (** DISPUTED ** ...)
	NOT-FOR-US: Seir Anphin
CVE-2007-2411 (** DISPUTED ** ...)
	NOT-FOR-US: Sphider
CVE-2007-2410 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10 retains properties of ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2409 (Cross-domain vulnerability in WebCore on Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2408 (WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2407 (The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows ...)
	- samba <not-affected> (MacOS/Apple-specific vulnerability)
CVE-2007-2406 (Quartz Composer on Apple Mac OS X 10.4.10 does not initialize a ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2405 (Integer underflow in Preview in PDFKit on Apple Mac OS X 10.4.10 ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2404 (CRLF injection vulnerability in CFNetwork on Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2403 (CFNetwork on Apple Mac OS X 10.3.9 and 10.4.10 does not properly ...)
	NOT-FOR-US: Mac OS X
CVE-2007-2402 (QuickTime for Java in Apple Quicktime before 7.2 does not perform ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2401 (CRLF injection vulnerability in WebCore in Apple Mac OS X 10.3.9, ...)
	NOT-FOR-US: Apple
CVE-2007-2400 (Race condition in Apple Safari 3 Beta before 3.0.2 on Mac OS X, ...)
	NOT-FOR-US: Apple
CVE-2007-2399 (WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before ...)
	NOT-FOR-US: Apple
CVE-2007-2398 (Apple Safari 3.0.1 beta (522.12.12) on Windows allows remote attackers ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2397 (QuickTime for Java in Apple Quicktime before 7.2 does not properly ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2396 (The JDirect support in QuickTime for Java in Apple Quicktime before ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2395 (Unspecified vulnerability in Apple QuickTime before 7.3 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2394 (Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2393 (The design of QuickTime for Java in Apple Quicktime before 7.2 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2392 (Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-2391 (Cross-site scripting (XSS) vulnerability in Apple Safari Beta 3.0.1 ...)
	NOT-FOR-US: Apple
CVE-2007-2390 (Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows ...)
	NOT-FOR-US: Apple
CVE-2007-2389 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not clear ...)
	NOT-FOR-US: Apple
CVE-2007-2388 (Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not ...)
	NOT-FOR-US: Apple
CVE-2007-2387 (Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel ...)
	NOT-FOR-US: Apple
CVE-2007-2386 (Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 ...)
	NOT-FOR-US: Apple mDNSResponder
CVE-2007-2385 (The Yahoo! UI framework exchanges data using JavaScript Object ...)
	- yui <removed> (unimportant; bug #557745)
	- bcfg2 <not-affected> (present in source but not included in any binary files)
	- serendipity 1.5.3-1 (low; bug #557746)
	- moodle <not-affected> (uses system libjs-yui)
	- jifty 0.91117-1 (low; bug #557748)
	- webgui <not-affected> (uses system libjs-yui)
	- loggerhead <not-affected> (uses system libjs-yui)
	NOTE: see https://web.archive.org/web/20071105202514/http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2384 (The Script.aculo.us framework exchanges data using JavaScript Object ...)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2383 (The Prototype (prototypejs) framework before 1.5.1 RC3 exchanges data ...)
	{DSA-1952-1}
	- prototypejs <not-affected> (fixed before initial upload)
	- auth2db 0.2.5-2+dfsg-1 (low; bug #555217)
	- asterisk 1:1.6.2.0~rc3-1 (low; bug #555220)
	[etch] - asterisk <no-dsa> (minor issue)
	[lenny] - asterisk <no-dsa> (minor issue)
	- libaws 2.7-1 (low; bug #555221)
	[etch] - libaws <no-dsa> (minor issue)
	[lenny] - libaws <no-dsa> (minor issue)
	- libjson-ruby <not-affected> (has prototype.js >= 1.5.1)
	- lucene2 2.9.1+ds1-2 (low; bug #555225)
	[etch] - lucene2 <not-affected> (prototype.js not present)
	[lenny] - lucene2 <no-dsa> (minor issue)
	- glpi 0.72.3-1 (low; bug #555228)
	[etch] - glpi <no-dsa> (minor issue)
	[lenny] - glpi <no-dsa> (minor issue)
	- knowledgeroot 0.9.9.5-1 (low; bug #555229)
	[etch] - knowledgeroot <no-dsa> (minor issue)
	[lenny] - knowledgeroot <not-affected> (Uses the prototype.js copy from scriptaculous)
	- mt-daapd 0.9~r1696.dfsg-6 (low; bug #555231)
	[etch] - mt-daapd <no-dsa> (minor issue)
	- mediatomb 0.11.0-3 (low; bug #555232)
	- op-panel 0.30~dfsg-1 (low; bug #555234)
	- ebug-http 0.31-2.1 (low; bug #555235)
	[lenny] - ebug-http <no-dsa> (Minor issue)
	- poker-network 1.7.6-1 (low; bug #555237)
	[etch] - poker-network <no-dsa> (minor issue)
	- webhelpers <not-affected> (fixed since initial inclusion)
	- qwik <removed> (low; bug #555240)
	[etch] - qwik <no-dsa> (minor issue)
	[lenny] - qwik <no-dsa> (minor issue)
	- wordpress <not-affected> (fixed since initial inclusion)
	- exaile <not-affected> (fixed since initial inclusion)
	- hobix 0.5~svn20070319-4 (low; bug #555246)
	[lenny] - hobix <no-dsa> (minor issue)
	- pixelpost 1.7.1-6 (low; bug #555248)
	[lenny] - pixelpost <no-dsa> (minor issue)
	- symfony 1.0.21-1.1 (low; bug #555250)
	[lenny] - symfony <no-dsa> (minor issue)
	- jscropperui 1.2.1-1 (low; bug #555255)
	[lenny] - jscropperui <no-dsa> (minor issue)
	- rt-extension-emailcompletion <not-affected> (fixed since initial inclusion)
	- scriptaculous <not-affected> (fixed since initial inclusion)
	- activeldap <not-affected> (fixed since initial inclusion)
	- mantis <not-affected> (fixed since initial inclusion)
	- otrs2 <not-affected> (fixed since initial inclusion)
	- webcalendar 1.2~b1-2 (low; bug #555268)
	[lenny] - webcalendar <not-affected> (prototype.js not present)
	- plone3 <removed> (low; bug #555274)
	- wesnoth <not-affected> (fixed since initial inclusion)
	- libhtml-prototype-perl 1.48-3 (low; bug #558977)
	[etch] - libhtml-prototype-perl <no-dsa> (minor issue)
	[lenny] - libhtml-prototype-perl <no-dsa> (minor issue)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2382 (The Moo.fx framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Moo.fx framework
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2381 (The MochiKit framework exchanges data using JavaScript Object Notation ...)
	NOTE: see http://www.fortifysoftware.com/servlet/downloads/public/JavaScript_Hijacking.pdf
	NOTE: This allows to steal data from affected websites. Therefore web applications should
	NOTE: only be considered vunerabile if they process confidential data.
	NOTE: The frameworks should be fixed in any case.
CVE-2007-2380 (The Microsoft Atlas framework exchanges data using JavaScript Object ...)
	NOT-FOR-US: Microsoft Atlas
CVE-2007-2379 (The jQuery framework exchanges data using JavaScript Object Notation ...)
	- jquery <unfixed> (unimportant)
	NOTE: the paper in this reference is a guideline on how to avoid writing unsafe jquery applications. there really isn't anything to fix in the library itself.
	NOTE: https://www.fortify.com/vulncat/en/vulncat/javascript/javascript_hijacking_ad_hoc_ajax.html
CVE-2007-2378 (The Google Web Toolkit (GWT) framework exchanges data using JavaScript ...)
	- gwt <removed> (unimportant; bug #563542)
	NOTE: javascript security guidelines provided to developers to avoid these issues
	NOTE: https://developers.google.com/web-toolkit/articles/security_for_gwt_applications
CVE-2007-2377 (The Getahead Direct Web Remoting (DWR) framework 1.1.4 exchanges data ...)
	NOT-FOR-US: Getahead Direct Web Remoting
CVE-2007-2376 (The Dojo framework exchanges data using JavaScript Object Notation ...)
	NOT-FOR-US: Dojo
CVE-2007-2375 (The agent remote upgrade interface in Symantec Enterprise Security ...)
	NOT-FOR-US: Symantec
CVE-2007-2374 (Unspecified vulnerability in Microsoft Windows 2000, XP, and Server ...)
	NOT-FOR-US: Microsoft
CVE-2007-2373 (SQL injection vulnerability in viewcat.php in the WF-Links (wflinks) ...)
	NOT-FOR-US: WF-Links (wflinks) module for XOOPS
CVE-2007-2372 (admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2371 (admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2007-2370 (SQL injection vulnerability in index.php in the John Mordo Jobs 2.4 ...)
	NOT-FOR-US: Jobs module for XOOPS
CVE-2007-2369 (Directory traversal vulnerability in picture.php in WebSPELL 4.01.02 ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2368 (picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: WebSPELL
CVE-2007-2367 (Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) ...)
	NOT-FOR-US: Wserve HTTP Server (whttp)
CVE-2007-2366 (Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted ...)
	NOT-FOR-US: Corel
CVE-2007-2365 (Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements ...)
	NOT-FOR-US: Adobe
CVE-2007-2364 (Multiple PHP remote file inclusion vulnerabilities in burnCMS 0.2 and ...)
	NOT-FOR-US: burnCMS
CVE-2007-2363 (Buffer overflow in IrfanView 4.00 and earlier allows user-assisted ...)
	NOT-FOR-US: IrfanView
CVE-2007-2362 (Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) ...)
	{DSA-1434-1 DTSA-36-1}
	- mydns 1:1.1.0-8
	[sarge] - mydns <not-affected> (Vulnerable code not present)
CVE-2007-2361 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2360 (Symantec Norton Ghost, Norton Save &amp; Recovery, LiveState Recovery, and ...)
	NOT-FOR-US: Symantec
CVE-2007-2359 (Buffer overflow in Ghost Service Manager, as used in Symantec Norton ...)
	NOT-FOR-US: Symantec
CVE-2007-2358 (** DISPUTED ** ...)
	- b2evolution <not-affected> (Debian's version does not contain the affected variables)
CVE-2007-2357 (Cross-site scripting (XSS) vulnerability in mods/Core/result.php in ...)
	NOT-FOR-US: SineCms
CVE-2007-2356 (Stack-based buffer overflow in the set_color_table function in ...)
	{DSA-1301-1}
	- gimp 2.2.14-2
CVE-2007-2355 (The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP ...)
	NOT-FOR-US: OPeNDAP
CVE-2007-2354 (Progress Webspeed Messenger allows remote attackers to obtain ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2353 (Apache Axis 1.0 allows remote attackers to obtain sensitive ...)
	- axis <unfixed> (unimportant)
	NOTE: only path disclosure
CVE-2007-2352 (Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2351 (Unspecified vulnerability in the HP Power Manager Remote Agent (RA) ...)
	NOT-FOR-US: HP Power Manager Remote Agent
CVE-2007-2350 (admin/config.php in the music-on-hold module in freePBX 2.2.x allows ...)
	NOT-FOR-US: freePBX
CVE-2007-2349 (Cross-site scripting (XSS) vulnerability in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2007-2348 (mirror --script in lftp before 3.5.9 does not properly quote shell ...)
	- lftp <unfixed> (unimportant)
	NOTE: Non-issue, also already documented as potentially risky
CVE-2007-2347 (PHP remote file inclusion vulnerability in main/forum/komentar.php in ...)
	NOT-FOR-US: OneClick CMS
CVE-2007-2346 (Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 ...)
	NOT-FOR-US: PHP-Generics
CVE-2007-2345 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBrowse
CVE-2007-2344 (The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight ...)
	NOT-FOR-US: Enterasys
CVE-2007-2343 (Stack-based buffer overflow in the TFTPD component in Enterasys ...)
	NOT-FOR-US: Enterasys
CVE-2007-2342 (SQL injection vulnerability in error.asp in CreaScripts CreaDirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2007-2341 (PHP remote file inclusion vulnerability in suite/index.php in ...)
	NOT-FOR-US: phpBandManager
CVE-2007-2340 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phporacleview
CVE-2007-2339 (Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow ...)
	NOT-FOR-US: Phorum
CVE-2007-2338 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: Phorum
CVE-2007-2337 (Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2336 (Unspecified vulnerability in InterVations NaviCOPA Web Server 2.01 ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-2335 (Cross-site scripting (XSS) vulnerability in the RSS feed reader ...)
	NOT-FOR-US: Lunascape
CVE-2007-2334 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2333 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2007-2332 (Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before ...)
	NOT-FOR-US: Nortel
CVE-2006-7201 (EMC RSA Security SiteKey does not set the secure qualifier on the ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7200 (EMC RSA Security SiteKey issues challenge-bypass tokens that persist ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7199 (EMC RSA Security SiteKey allows remote attackers to display the ...)
	NOT-FOR-US: EMC RSA Security SiteKey
CVE-2006-7198 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4839 (PureTLS before 0.9b5 does not clear optional Extensions and ...)
	NOT-FOR-US: PureTLS
CVE-2007-2331 (PHP remote file inclusion vulnerability in cart.php in Shop-Script 2.0 ...)
	NOT-FOR-US: Shop-Script
CVE-2007-2330 (PHP remote file inclusion vulnerability in includes_handler.php in ...)
	NOT-FOR-US: DynaTracker
CVE-2007-2329 (PHP remote file inclusion vulnerability in searchbot.php in ...)
	NOT-FOR-US: Searchactivity
CVE-2007-2328 (PHP remote file inclusion vulnerability in addvip.php in phpMYTGP 1.4b ...)
	NOT-FOR-US: phpMYTGP
CVE-2007-2327 (PHP remote file inclusion vulnerability in _editor.php in HTMLeditbox ...)
	NOT-FOR-US: HTMLeditbox
CVE-2007-2326 (Multiple PHP remote file inclusion vulnerabilities in HYIP Manager Pro ...)
	- smarty <removed> (unimportant; bug #488523)
	- moodle 1.8.2-2 (unimportant; bug #488525)
	- gallery2 2.2.5-2 (unimportant; bug #488527)
	NOTE: this is a non-issue
	NOTE: to exploit this, the smarty files need to be installed in a http daemon accessible directory
	NOTE: (should be the case for embedded copies), however
	NOTE: additionally this relies on register_globals being switched on.
CVE-2007-2325 (PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) ...)
	NOT-FOR-US: MyNewsGroups
CVE-2007-2324 (Directory traversal vulnerability in file.php in JulmaCMS 1.4 allows ...)
	NOT-FOR-US: JulmaCMS
CVE-2007-2323 (Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo ...)
	NOT-FOR-US: InterVideo
CVE-2007-2322 (NMMediaServer.exe in Nero MediaHome 2.5.5.0 and CE 1.3.0.4 allows ...)
	NOT-FOR-US: Nero
CVE-2007-2321 (Unspecified vulnerability in the search functionality in SilverStripe ...)
	NOT-FOR-US: SilverStripe
CVE-2007-2320 (SQL injection vulnerability in kontakt.php in Papoo 3.02 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2007-2319 (PHP remote file inclusion vulnerability in the AutoStand 1.1 and ...)
	NOT-FOR-US: AutoStand
CVE-2007-2318 (Multiple format string vulnerabilities in FileZilla before 2.2.32 ...)
	- filezilla 3.0.0~beta2-3 (bug #421776)
	NOTE: http://sourceforge.net/project/shownotes.php?release_id=501534&group_id=21558
CVE-2007-2317 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2007-2316 (Unspecified vulnerability in the admin script in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2007-2315 (MiniShare 1.5.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: MiniShare
CVE-2007-2314 (Multiple SQL injection vulnerabilities in Crea-Book 1.0, and possibly ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2313 (PHP remote file inclusion vulnerability in getinfo1.php in the ...)
	NOT-FOR-US: Shotcast module for mxBB
CVE-2007-2312 (Multiple SQL injection vulnerabilities in the Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2311 (** DISPUTED ** ...)
	NOT-FOR-US: BlooFoxCMS
CVE-2007-2310 (Cross-site scripting (XSS) vulnerability in plugins/spaw/img_popup.php ...)
	NOT-FOR-US: BloofoxCMS
CVE-2007-2309 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2308 (Cross-site scripting (XSS) vulnerability in cas.php in FloweRS 2.0 ...)
	NOT-FOR-US: FloweRS
CVE-2007-2307 (PHP remote file inclusion vulnerability in engine/engine.inc.php in ...)
	NOT-FOR-US: WebKalk2
CVE-2007-2306 (Multiple cross-site scripting (XSS) vulnerabilities in the Virtual War ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2007-2305 (Multiple SQL injection vulnerabilities in authenticate.php in Quick ...)
	NOT-FOR-US: QDBlog
CVE-2007-2304 (Multiple directory traversal vulnerabilities in Quick and Dirty Blog ...)
	NOT-FOR-US: QDBlog
CVE-2007-2303 (Directory traversal vulnerability in includes/footer.php in News ...)
	NOT-FOR-US: NMDeluxe
CVE-2007-2302 (PHP remote file inclusion vulnerability in autoindex.php in Expow 0.8 ...)
	NOT-FOR-US: Expow
CVE-2007-2301 (Multiple PHP remote file inclusion vulnerabilities in audioCMS arash ...)
	NOT-FOR-US: audioCMS
CVE-2007-2300 (Multiple cross-site scripting (XSS) vulnerabilities in Endy Kristanto ...)
	NOT-FOR-US: phpwebnews
CVE-2007-2299 (Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier ...)
	NOT-FOR-US: CMS Frogss
CVE-2007-2298 (Multiple PHP remote file inclusion vulnerabilities in Garennes 0.6.1 ...)
	NOT-FOR-US: Garennes
CVE-2007-2297 (The SIP channel driver (chan_sip) in Asterisk before 1.2.18 and 1.4.x ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-1 (medium; bug #419820)
	[sarge] - asterisk <not-affected> (correctly logs a warning)
CVE-2007-2296 (Integer overflow in the FlipFileTypeAtom_BtoN function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2295 (Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2294 (The Manager Interface in Asterisk before 1.2.18 and 1.4.x before 1.4.3 ...)
	{DSA-1358-1}
	- asterisk 1:1.4.3~dfsg-1 (low)
	NOTE: Etch and Sarge affected
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-012.htm
CVE-2007-2293 (Multiple stack-based buffer overflows in the process_sdp function in ...)
	- asterisk 1:1.4.3~dfsg-1 (high)
	[sarge] - asterisk <not-affected> (1.0.x not affected)
	[etch] - asterisk <not-affected> (1.2.x not affected)
	[lenny] - asterisk <not-affected> (vulnerable code not present)
	NOTE: https://downloads.avaya.com/elmodocs2/security/ASA-2007-010.htm
CVE-2007-2292 (CRLF injection vulnerability in the Digest Authentication support for ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2007-2291 (CRLF injection vulnerability in the Digest Authentication support for ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2290 (Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and ...)
	NOT-FOR-US: B2 Weblog
	NOTE: Debian's b2evolution does not contain the string "b2inc",
	NOTE: and does not seem to suffer from this vulnerability.
CVE-2007-2289 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2288 (PHP remote file inclusion vulnerability in info.php in Doruk100.net ...)
	NOT-FOR-US: doruk100net
CVE-2007-2287 (PHP remote file inclusion vulnerability in accept.php in comus 2.0 ...)
	NOT-FOR-US: comus
CVE-2007-2286 (PHP remote file inclusion vulnerability in config.php in Built2Go PHP ...)
	NOT-FOR-US: Built2Go
CVE-2007-2285 (Directory traversal vulnerability in examples/layout/feed-proxy.php in ...)
	NOT-FOR-US: Jack Slocum Ext
CVE-2007-2284 (Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote ...)
	NOT-FOR-US: ABC-View Manager
CVE-2007-2283 (Buffer overflow in Fresh View 7.15 allows user-assisted remote ...)
	NOT-FOR-US: Fresh View
CVE-2007-2282 (Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before ...)
	NOT-FOR-US: Cisco
CVE-2007-2281 (Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2280 (Stack-based buffer overflow in OmniInet.exe (aka the backup client ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2007-2279 (The Scheduler Service (VxSchedService.exe) in Symantec Storage ...)
	NOT-FOR-US: Symantec
CVE-2007-2278 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2007-2277 (Session fixation vulnerability in Plogger allows remote attackers to ...)
	NOT-FOR-US: Plogger
CVE-2007-2276 (** DISPUTED ** ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2007-2275 (Unspecified vulnerability in HP StorageWorks Command View Advanced ...)
	NOT-FOR-US: HP StorageWorks
CVE-2007-2274 (The BitTorrent implementation in Opera 9.2 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-2273 (PHP remote file inclusion vulnerability in include/loading.php in ...)
	NOT-FOR-US: wavewoo
CVE-2007-2272 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2007-2271 (Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS ...)
	NOT-FOR-US: TotaRam
CVE-2007-2270 (The Linksys SPA941 VoIP Phone allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2007-2269 (Directory traversal vulnerability in top.php3 in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2268 (Multiple directory traversal vulnerabilities in SWsoft Plesk for ...)
	NOT-FOR-US: Plesk
CVE-2007-2267 (Unspecified vulnerability in Sun Cluster 3.1 and Solaris Cluster 3.2 ...)
	NOT-FOR-US: Sun Cluster
CVE-2007-2266 (Progress Webspeed Messenger allows remote attackers to read, create, ...)
	NOT-FOR-US: Progress Webspeed Messenger
CVE-2007-2265 (Cross-site scripting (XSS) vulnerability in YA Book 0.98-alpha allows ...)
	NOT-FOR-US: YA Book
CVE-2007-2264 (Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2007-2263 (Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and ...)
	NOT-FOR-US: RealPlayer
CVE-2006-7197 (The AJP connector in Apache Tomcat 5.5.15 uses an incorrect length for ...)
	- tomcat5.5 5.5.17-1 (low)
CVE-2005-4838 (Multiple cross-site scripting (XSS) vulnerabilities in the example web ...)
	- tomcat5.5 5.5.15-1 (low)
CVE-2007-2262 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: jmuffin
CVE-2007-2261 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: C-Arbre
CVE-2007-2260 (Multiple PHP remote file inclusion vulnerabilities in bibtex mase beta ...)
	NOT-FOR-US: bibtex mase
CVE-2007-2259 (SQL injection vulnerability in forum.php in EsForum 3.0 allows remote ...)
	NOT-FOR-US: EsForum
CVE-2007-2258 (PHP remote file inclusion vulnerability in includes/init.inc.php in ...)
	NOT-FOR-US: PHPMyBibli
CVE-2007-2257 (PHP remote file inclusion vulnerability in subscp.php in Fully Modded ...)
	NOT-FOR-US: Fully Modded phpBB2
CVE-2007-2256 (Cross-site scripting (XSS) vulnerability in you.php in TJSChat 0.95 ...)
	NOT-FOR-US: TJSChat
CVE-2007-2255 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2007-2254 (PHP remote file inclusion vulnerability in admin/setup/level2.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2007-2253 (Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2252 (Directory traversal vulnerability in iconspopup.php in Exponent CMS ...)
	NOT-FOR-US: Exponent CMS
CVE-2007-2251 (Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and ...)
	NOT-FOR-US: Xaraya
CVE-2007-2250 (admin.php in Phorum before 5.1.22 allows remote attackers to obtain ...)
	NOT-FOR-US: Phorum
CVE-2007-2249 (include/controlcenter/users.php in Phorum before 5.1.22 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2007-2248 (Multiple cross-site scripting (XSS) vulnerabilities in admin.php in ...)
	NOT-FOR-US: Phorum
CVE-2007-2247 (SQL injection vulnerability in modules/news/article.php in phpMySpace ...)
	NOT-FOR-US: phpMySpace
CVE-2007-2246 (Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running ...)
	NOT-FOR-US: HP-UX
CVE-2007-2245 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.1-1 (low)
	NOTE: http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-4
CVE-2007-2244 (Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator ...)
	NOT-FOR-US: Adobe Photoshop
CVE-2007-2243 (OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is ...)
	- openssh <unfixed> (bug #436571; unimportant)
	[etch] - openssh <no-dsa> (Minor issue)
	[sarge] - openssh <no-dsa> (Minor issue)
CVE-2007-2242 (The IPv6 protocol allows remote attackers to cause a denial of service ...)
	{DSA-1356-1}
	- linux-2.6 2.6.21-1 (low; bug #421595)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (No security support for KFreeBSD)
	NOTE: This should be off by default, tweakable by a simple knob.
	NOTE: (FreeBSD has it turned on for hosts, too.)
CVE-2007-2241 (Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 ...)
	- bind9 1:9.4.1-1 (medium)
	[etch] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
	[sarge] - bind9 <not-affected> (Only 9.4/9.5 branches affected)
CVE-2007-2240 (The IBM Lenovo Access Support acpRunner ActiveX control, as ...)
	NOT-FOR-US: IBM Lenovo Access Support acpRunner ActiveX control
CVE-2007-2239 (Stack-based buffer overflow in the SaveBMP method in the AXIS Camera ...)
	NOT-FOR-US: AXIS Camera Control
CVE-2007-2238 (Multiple stack-based buffer overflows in the Whale Client Components ...)
	NOT-FOR-US: Whale Client Components ActiveX control
CVE-2007-2237 (Microsoft Windows Graphics Device Interface (GDI+, GdiPlus.dll) allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2236 (footer.php in PunBB 1.2.14 and earlier allows remote attackers to ...)
	NOT-FOR-US: PunBB
CVE-2007-2235 (Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 ...)
	NOT-FOR-US: PunBB
CVE-2007-2234 (include/common.php in PunBB 1.2.14 and earlier does not properly ...)
	NOT-FOR-US: PunBB
CVE-2007-2233 (cosign-bin/cosign.cgi in Cosign 2.0.2 and earlier allows remote ...)
	NOT-FOR-US: CoSign
CVE-2007-2232 (The CHECK command in Cosign 2.0.1 and earlier allows remote attackers ...)
	NOT-FOR-US: CoSign
CVE-2007-2231 (Directory traversal vulnerability in index/mbox/mbox-storage.c in ...)
	{DSA-1359-1}
	- dovecot 1.0.rc29-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2007-2230 (SQL injection vulnerability in CA Clever Path Portal allows remote ...)
	NOT-FOR-US: CA Clever Path
CVE-2007-2229 (Microsoft Windows Vista uses insecure default permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2228 (rpcrt4.dll (aka the RPC runtime library) in Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Windows
CVE-2007-2227 (The MHTML protocol handler in Microsoft Outlook Express 6 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2226
	REJECTED
CVE-2007-2225 (A component in Microsoft Outlook Express 6 and Windows Mail in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-2224 (Object linking and embedding (OLE) Automation, as used in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-2223 (Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote ...)
	NOT-FOR-US: Microsoft XML
CVE-2007-2222 (Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and ...)
	NOT-FOR-US: Microsoft
CVE-2007-2221 (Unspecified vulnerability in the mdsauth.dll COM object in Microsoft ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2220
	REJECTED
CVE-2007-2219 (Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2007-2218 (Unspecified vulnerability in the Windows Schannel Security Package for ...)
	NOT-FOR-US: Microsoft
CVE-2007-2217 (Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP ...)
	NOT-FOR-US: Kodak Image Viewer
CVE-2007-2216 (The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2215
	REJECTED
CVE-2007-2214 (Unrestricted file upload vulnerability in includes/upload_file.php in ...)
	NOT-FOR-US: DmCMS
CVE-2007-2213 (Unspecified vulnerability in the Initialize function in ...)
	NOT-FOR-US: WS_FTP
CVE-2007-2212 (Multiple SQL injection vulnerabilities in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2211 (SQL injection vulnerability in calendar.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-2210 (A certain ActiveX control in askPopStp.dll in Netsprint Ask IE Toolbar ...)
	NOT-FOR-US: Netsprint
CVE-2007-2209 (Buffer overflow in igcore15d.dll 15.1.2.0 and 15.2.0.0 for AccuSoft ...)
	NOT-FOR-US: AccuSoft
CVE-2007-2208 (Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 ...)
	NOT-FOR-US: Extreme PHPBB2
CVE-2007-2207 (SQL injection vulnerability in contact/index.php in Ripe Website ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2206 (Cross-site scripting (XSS) vulnerability in contact/index.php in Ripe ...)
	NOT-FOR-US: Ripe Website Manager
CVE-2007-2205 (PHP remote file inclusion vulnerability in modules/rtmessageadd.php in ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2204 (Multiple PHP remote file inclusion vulnerabilities in GPL PHP Board ...)
	NOT-FOR-US: GPL PHP Board
CVE-2007-2203 (Cross-site scripting (XSS) vulnerability in Big Blue Guestbook allows ...)
	NOT-FOR-US: Big Blue Guestbook
CVE-2007-2202 (PHP remote file inclusion vulnerability in inc_ACVS/SOAP/Transport.php ...)
	NOT-FOR-US: Accueil et Conseil en Visites et Sejours Web Services
CVE-2007-2201 (Multiple PHP remote file inclusion vulnerabilities in Post Revolution ...)
	NOT-FOR-US: Post Revolution
CVE-2007-2200 (Directory traversal vulnerability in navigator/navigator_ok.php in ...)
	NOT-FOR-US: Pagode
CVE-2007-2199 (PHP remote file inclusion vulnerability in lib/pcltar.lib.php (aka ...)
	NOT-FOR-US: Joomla
CVE-2007-2198 (Cross-site scripting (XSS) vulnerability in LAN Management System ...)
	NOT-FOR-US: LAN Management System
CVE-2007-2197 (Race condition in the NeatUpload ASP.NET component 1.2.11 through ...)
	NOT-FOR-US: NeatUpload
CVE-2007-2196 (** DISPUTED ** ...)
	NOT-FOR-US: Jambook module for Mambo and Joomla
CVE-2007-2195 (aMSN (aka Alvaro's Messenger) 0.96 and earlier allows remote attackers ...)
	- amsn <not-affected> (Appears bogus, no such port is opened; bug #557754)
CVE-2007-2194 (Stack-based buffer overflow in XnView 1.90.3 allows user-assisted ...)
	NOT-FOR-US: XnView
CVE-2007-2193 (Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build ...)
	NOT-FOR-US: ACDSee
CVE-2007-2192 (Buffer overflow in Photofiltre Studio 8.1.1 allows user-assisted ...)
	NOT-FOR-US: Photofiltre
CVE-2007-2191 (Multiple cross-site scripting (XSS) vulnerabilities in freePBX 2.2.x ...)
	NOT-FOR-US: freePBX
CVE-2007-2190 (PHP remote file inclusion vulnerability in admin/public/webpages.php ...)
	NOT-FOR-US: Eba News
CVE-2007-2189 (PHP remote file inclusion vulnerability in admin/admin_album_otf.php ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2007-2188 (eXtremail 2.1.1 and earlier does not verify the ID field (aka ...)
	NOT-FOR-US: eXtremail
CVE-2007-2187 (Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows ...)
	NOT-FOR-US: eXtremail
CVE-2007-2186 (Foxit Reader 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Foxit Reader
CVE-2007-2185 (Multiple PHP remote file inclusion vulnerabilities in Supasite 1.23b ...)
	NOT-FOR-US: Supasite
CVE-2007-2184 (Directory traversal vulnerability in imgsrv.php in jchit counter 1.0.0 ...)
	NOT-FOR-US: jchit
CVE-2007-2183 (SQL injection vulnerability in index.php in PHP-Ring Webring System ...)
	NOT-FOR-US: PHP-Ring Webring System
CVE-2007-2182 (Unrestricted file upload vulnerability in forum_write.php in Maran PHP ...)
	NOT-FOR-US: Maran PHP Forum
CVE-2007-2181 (PHP remote file inclusion vulnerability in admin/login.php in Webinsta ...)
	NOT-FOR-US: WEBInsta
CVE-2007-2180 (Buffer overflow in Nullsoft Winamp 5.3 allows user-assisted remote ...)
	NOT-FOR-US: Nullsoft Winamp
CVE-2007-2179 (Multiple unspecified vulnerabilities in IXceedCompression in ...)
	NOT-FOR-US: RaidenFTPD
CVE-2007-2178 (Multiple unspecified vulnerabilities in Objective Development Sharity ...)
	NOT-FOR-US: Sharity
CVE-2007-2177 (Stack-based buffer overflow in the Microgaming Download Helper ActiveX ...)
	NOT-FOR-US: Microgaming Download Helper
CVE-2007-2176 (Unspecified vulnerability in Mozilla Firefox allows remote attackers ...)
	NOT-FOR-US: Related to Apple QuickTime as well, no information about Mozilla being affected is available
CVE-2007-2175 (Apple QuickTime Java extensions (QTJava.dll), as used in Safari and ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-2174 (The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal ...)
	NOT-FOR-US: ZoneAlarm
CVE-2007-2173 (Eval injection vulnerability in (1) courier-imapd.indirect and (2) ...)
	NOT-FOR-US: Gentoo's packaging of courier
CVE-2007-2172 (A typo in Linux kernel 2.6 before 2.6.21-rc6 and 2.4 before 2.4.35 ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1363-1 DSA-1356-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-2171 (Stack-based buffer overflow in the base64_decode function in ...)
	NOT-FOR-US: Novell GroupWise
CVE-2007-2170 (The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2007-2169 (Static code injection vulnerability in add.php in Mozzers SubSystem ...)
	NOT-FOR-US: Mozzers SubSystem
CVE-2007-2168 (Static code injection vulnerability in process.php in AimStats 3.2 and ...)
	NOT-FOR-US: AimStats
CVE-2007-2167 (Static code injection vulnerability in process.php in AimStats 3.2 ...)
	NOT-FOR-US: AimStats
CVE-2007-2166 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenSurveyPilot
CVE-2007-2165 (The Auth API in ProFTPD before 20070417, when multiple simultaneous ...)
	- proftpd 1.3.0-24 (low)
	[sarge] - proftpd <no-dsa> (Minor issue)
	- proftpd-dfsg 1.3.0-24 (low)
	[etch] - proftpd-dfsg 1.3.0-19etch1
	NOTE: Minor issue Fixed in 4.0r4 point release
CVE-2007-2164 (Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2163 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Apple Safari
CVE-2007-2162 ((1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes are not treated as security problems
CVE-2007-2161 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-2160 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2159 (Multiple cross-site scripting (XSS) vulnerabilities in the Database ...)
	NOT-FOR-US: dba module for Drupal
CVE-2007-2158 (PHP remote file inclusion vulnerability in index.php in jGallery 1.3 ...)
	NOT-FOR-US: jGallery
CVE-2007-2157 (Directory traversal vulnerability in upload/force_download.php in ...)
	NOT-FOR-US: Zomplog
CVE-2007-2156 (Multiple PHP remote file inclusion vulnerabilities in Rezervi Generic ...)
	NOT-FOR-US: Rezervi Generic
CVE-2007-2155 (Directory traversal vulnerability in template.php in in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2007-2154 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cabron Connector
CVE-2007-2153 (Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 ...)
	NOT-FOR-US: @Mail
CVE-2007-2152 (Buffer overflow in the On-Access Scanner in McAfee VirusScan ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2007-2151 (The administration server in McAfee e-Business Server before 8.1.1 and ...)
	NOT-FOR-US: McAfee
CVE-2007-2150 (BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b ...)
	NOT-FOR-US: BlueArc
CVE-2007-2149 (Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores ...)
	NOT-FOR-US: Chatness
CVE-2007-2148 (Direct static code injection vulnerability in admin/save.php in ...)
	NOT-FOR-US: Chatness
CVE-2007-2147 (admin/options.php in Stephen Craton (aka WiredPHP) Chatness 2.5.3 and ...)
	NOT-FOR-US: Chatness
CVE-2007-2146 (The imagecomments function in classes.php in MiniGal b13 allow remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2145 (The imagecomments function in classes.php in MiniGal b13 allows remote ...)
	NOT-FOR-US: MiniGal
CVE-2007-2144 (PHP remote file inclusion vulnerability in includes/CAltInstaller.php ...)
	NOT-FOR-US: JoomlaPack
CVE-2007-2143 (PHP remote file inclusion vulnerability in index.php in the Be2004-2 ...)
	NOT-FOR-US: Be2004-2 template for Joomla
CVE-2007-2142 (Multiple PHP remote file inclusion vulnerabilities in AjPortal2Php ...)
	NOT-FOR-US: AjPortal2Php
CVE-2007-2141 (Direct static code injection vulnerability in shoutbox.php in ShoutPro ...)
	NOT-FOR-US: ShoutPro
CVE-2007-2140 (PHP remote file inclusion vulnerability in everything.php in Franklin ...)
	NOT-FOR-US: Flip-search-add-on
CVE-2007-2139 (Multiple stack-based buffer overflows in the SUN RPC service in CA ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-2137 (Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express ...)
	NOT-FOR-US: Tivoli
CVE-2007-2136 (Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2007-2135 (The ADI_BINARY component in the Oracle E-Business Suite allows remote ...)
	NOT-FOR-US: Oracle
CVE-2007-2134 (Unspecified vulnerability in the HTML Server in Oracle JD Edwards ...)
	NOT-FOR-US: Oracle
CVE-2007-2133 (Unspecified vulnerability in the PeopleSoft Enterprise Human Capital ...)
	NOT-FOR-US: Oracle
CVE-2007-2132 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2131 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2007-2130 (Unspecified vulnerability in Workflow Cartridge, as used in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2129 (Unspecified vulnerability in the Agent component in Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2007-2128 (Unspecified vulnerability in the Sales Online component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2127 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2007-2126 (Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has ...)
	NOT-FOR-US: Oracle
CVE-2007-2125 (Unspecified vulnerability in Collaborative Workspace in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2124 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2123 (Unspecified vulnerability in the Portal component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2122 (Unspecified vulnerability in the Wireless component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2121 (Unspecified vulnerability in the COREid Access component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2120 (The Oracle Discoverer servlet in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-2119 (Cross-site scripting (XSS) vulnerability in boundary_rules.jsp in the ...)
	NOT-FOR-US: Oracle
CVE-2007-2118 (Unspecified vulnerability in the Upgrade/Downgrade component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2117 (Unspecified vulnerability in the Oracle Text component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2116 (Unspecified vulnerability in the Advanced Replication component in ...)
	NOT-FOR-US: Oracle
CVE-2007-2115 (Unspecified vulnerability in the Change Data Capture (CDC) component ...)
	NOT-FOR-US: Oracle
CVE-2007-2114 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2007-2113 (SQL injection vulnerability in the Upgrade/Downgrade component ...)
	NOT-FOR-US: Oracle
CVE-2007-2112 (Unspecified vulnerability in the Authentication component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2111 (SQL injection vulnerability in the SYS.DBMS_AQADM_SYS package in ...)
	NOT-FOR-US: Oracle
CVE-2007-2110 (Unspecified vulnerability in the Core RDBMS component for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2007-2109 (Multiple unspecified vulnerabilities in Oracle Database 10.2.0.3 have ...)
	NOT-FOR-US: Oracle
CVE-2007-2108 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-7196 (Cross-site scripting (XSS) vulnerability in the calendar application ...)
	- tomcat5.5 5.5.16-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2006-7195 (Cross-site scripting (XSS) vulnerability in implicit-objects.jsp in ...)
	- tomcat5.5 5.5.20-1 (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat4 <removed> (unimportant)
	NOTE: Only present in an example, not in production code
CVE-2007-XXXX [buffer overflow in mixmaster importing type 2 messages]
	- mixmaster 3.0b2-5 (low; bug #418662)
	[etch] - mixmaster 3.0b2-4.etch1
	[sarge] - mixmaster <not-affected> (Code generation in Sarge pads over this)
CVE-2007-XXXX [heap-based buffer overflow in git-blame with long file names]
	[etch] - git-core <not-affected> (1.4.4.4 tagged 2007-1-8, bug introduced 2007-1-30)
	- git-core 1:1.5.1.2-1 (low)
	NOTE: http://git.kernel.org/?p=git/git.git;a=commit;h=1bb88be99e4fdedcd5cc5292c11b566a00028deb
	NOTE: http://git.kernel.org/?p=git/git.git;a=commitdiff;h=1cfe77333f274c9ba9879c2eb61057a790eb050f
	NOTE: http://git.kernel.org/?p=git/git.git;a=tag;h=ae9ced19800491a5d80de5ee36bc07d68868a4dd
CVE-2007-2138 (Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...)
	{DSA-1311-1 DSA-1309-1}
	- postgresql-8.2 8.2.4-1
	- postgresql-8.1 8.1.9-1
	- postgresql-7.4 1:7.4.17-1
CVE-2007-2107 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-2106 (Directory traversal vulnerability in index.php in Kai Content ...)
	NOT-FOR-US: Kai Content Management System
CVE-2007-2105 (Directory traversal vulnerability in admin/index.php in Monkey CMS ...)
	NOT-FOR-US: Monkey CMS
CVE-2007-2104 (Multiple directory traversal vulnerabilities in iXon CMS 0.30 allow ...)
	NOT-FOR-US: iXon CMS
CVE-2007-2103 (Multiple PHP remote file inclusion vulnerabilities in my little forum ...)
	NOT-FOR-US: my little forum
CVE-2007-2102 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2007-2101 (FAC Guestbook 3.01 stores sensitive information under the web root ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2100 (FAC Guestbook 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: FAC Guestbook
CVE-2007-2099 (Cross-site scripting (XSS) vulnerability in htdocs/php.php in ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2098 (Multiple cross-site scripting (XSS) vulnerabilities in showpic.php in ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2007-2097 (** DISPUTED ** ...)
	NOT-FOR-US: OpenConcept Back-End CMS
CVE-2007-2096 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: PHPHD Download System
CVE-2007-2095 (PHP remote file inclusion vulnerability in chat.php in MySpeach 1.9 ...)
	NOT-FOR-US: MySpeach
CVE-2007-2094 (PHP remote file inclusion vulnerability in index.php in Anthologia ...)
	NOT-FOR-US: Anthologia
CVE-2007-2093 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2092 (Direct static code injection vulnerability in index.php in Limesoft ...)
	NOT-FOR-US: Limesoft Guestbook
CVE-2007-2091 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: tsdisplay4xoops
CVE-2007-2090 (Cross-site scripting (XSS) vulnerability in index.php in TuMusika ...)
	NOT-FOR-US: TuMusika Evolution
CVE-2007-2089 (Multiple PHP remote file inclusion vulnerabilities in the Jx ...)
	NOT-FOR-US: Jx Development Article component for Mambo and Joomla
CVE-2007-2088 (Multiple PHP remote file inclusion vulnerabilities in Sitebar 3.3.5 ...)
	- sitebar 3.3.8-7 (low)
	NOTE: this was register globals only and is fixed in Debian anyway
CVE-2007-2087 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.12, ...)
	NOT-FOR-US: CNStats
CVE-2007-2086 (Multiple PHP remote file inclusion vulnerabilities in CNStats 2.9 ...)
	NOT-FOR-US: CNStats
CVE-2007-2085 (Cross-site scripting (XSS) vulnerability in oe2edit.cgi in oe2edit CMS ...)
	NOT-FOR-US: oe2edit CMS
CVE-2007-2084 (** DISPUTED ** ...)
	NOT-FOR-US: MobilePublisherphp
CVE-2007-2083 (vsdatant.sys in Check Point Zone Labs ZoneAlarm Pro before 7.0.302.000 ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2007-2082 (Direct static code injection vulnerability in admin/settings.php in ...)
	NOT-FOR-US: MyBlog
CVE-2007-2081 (MyBlog 0.9.8 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: MyBlog
CVE-2007-2080 (Multiple SQL injection vulnerabilities in XAMPP 1.6.0a for Windows ...)
	NOT-FOR-US: XAMPP
CVE-2007-2079 (The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and ...)
	NOT-FOR-US: XAMPP
CVE-2007-2078 (** DISPUTED ** ...)
	NOT-FOR-US: Maian Weblog
CVE-2007-2077 (PHP remote file inclusion vulnerability in search.php in Maian Search ...)
	NOT-FOR-US: Maian Search
CVE-2007-2076 (PHP remote file inclusion vulnerability in index.php in Maian Gallery ...)
	NOT-FOR-US: Maian Gallery
CVE-2007-2075 (ScramDisk 4 Linux before 1.0-1 does not perform permission checks on ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2074 (Certain programs in containers in ScramDisk 4 Linux before 1.0-1 ...)
	NOT-FOR-US: ScramDisk
CVE-2007-2073 (PHP remote file inclusion vulnerability in index.php in Ivan Gallery ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2072 (** DISPUTED ** ...)
	NOT-FOR-US: Ivan Gallery Script
CVE-2007-2071 (Multiple cross-site scripting (XSS) vulnerabilities in Open-gorotto ...)
	NOT-FOR-US: Open-gorotto
CVE-2007-2070 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: SunShop Shopping Cart
CVE-2007-2069 (Directory traversal vulnerability in scr/soustab.php in openMairie ...)
	NOT-FOR-US: openMairie
CVE-2007-2068 (Multiple PHP remote file inclusion vulnerabilities in the StoreFront ...)
	NOT-FOR-US: StoreFront extension for Gallery
CVE-2007-2067 (Multiple PHP remote file inclusion vulnerabilities in Marco Antonio ...)
	NOT-FOR-US: WebSlider
CVE-2007-2066 (UseBB before 1.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: UseBB
CVE-2007-2065 (PHP remote file inclusion vulnerability in db/PollDB.php in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2064 (Multiple PHP remote file inclusion vulnerabilities in Robert ...)
	NOT-FOR-US: ActionPoll
CVE-2007-2063 (SSH Tectia Server for IBM z/OS before 5.4.0 uses insecure ...)
	NOT-FOR-US: IBM zOS
CVE-2007-2062 (Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows ...)
	NOT-FOR-US: VCDGear
CVE-2007-2061 (Cross-site scripting (XSS) vulnerability in check_login.asp in ...)
	NOT-FOR-US: MailBee WebMail Pro
CVE-2007-2060 (Cross-zone scripting vulnerability in the Wizz RSS Reader before 2.1.9 ...)
	NOT-FOR-US: Wizz RSS Reader
CVE-2007-2059 (Multiple buffer overflows in the ESA protocol implementation in ...)
	NOT-FOR-US: eIQnetworks Enterprise Security Analyzer
CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows ...)
	NOT-FOR-US: Acubix PicoZip
CVE-2007-2057 (Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows ...)
	{DSA-1280-1 DTSA-35-1}
	- aircrack-ng 1:0.7-3 (medium)
	NOTE: http://trac.aircrack-ng.org/changeset/288
CVE-2007-2056
	REJECTED
CVE-2007-2055 (AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2054 (Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2053 (Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow ...)
	NOT-FOR-US: AFFLIB
CVE-2007-2052 (Off-by-one error in the PyLocale_strxfrm function in ...)
	{DSA-1620-1 DSA-1551-1}
	- python2.4 2.4.4-3 (bug #416931; low)
	- python2.5 2.5.1-1 (bug #416934; low)
	- python2.3 <removed> (low)
CVE-2007-2051 (Buffer overflow in the parsecmd function in bftpd before 1.8 has ...)
	NOT-FOR-US: bftpd
CVE-2007-2050 (Multiple directory traversal vulnerabilities in header.php in ...)
	NOT-FOR-US: RicarGBooK
CVE-2007-2049 (Multiple PHP remote file inclusion vulnerabilities in the Calendar ...)
	NOT-FOR-US: Calendar Module for Mambo
CVE-2007-2048 (Directory traversal vulnerability in /console in the Management ...)
	NOT-FOR-US: webMethods Glue
CVE-2007-2047 (CRLF injection vulnerability in www/delivery/ck.php in Openads 2.3 ...)
	NOT-FOR-US: Openads
CVE-2007-2046 (Multiple CRLF injection vulnerabilities in adclick.php in (a) Openads ...)
	NOT-FOR-US: Openads
CVE-2007-2045 (Unspecified vulnerability in the IP implementation in Sun Solaris 8 ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-2044 (PHP remote file inclusion vulnerability in mod_weather.php in the ...)
	NOT-FOR-US: Weather module for Mambo and Joomla
CVE-2007-2043 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2042 (Multiple PHP remote file inclusion vulnerabilities in the Avant-Garde ...)
	NOT-FOR-US: MOSMedia Lite
CVE-2007-2041 (Cisco Wireless LAN Controller (WLC) before 4.0.206.0 saves the WLAN ...)
	NOT-FOR-US: Cisco
CVE-2007-2040 (Cisco Aironet 1000 Series and 1500 Series Lightweight Access Points ...)
	NOT-FOR-US: Cisco
CVE-2007-2039 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2038 (The Network Processing Unit (NPU) in the Cisco Wireless LAN Controller ...)
	NOT-FOR-US: Cisco
CVE-2007-2037 (Cisco Wireless LAN Controller (WLC) before 3.2.116.21, and 4.0.x ...)
	NOT-FOR-US: Cisco
CVE-2007-2036 (The SNMP implementation in the Cisco Wireless LAN Controller (WLC) ...)
	NOT-FOR-US: Cisco
CVE-2007-2035 (Cisco Wireless Control System (WCS) before 4.0.66.0 stores sensitive ...)
	NOT-FOR-US: Cisco
CVE-2007-2034 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2033 (Unspecified vulnerability in Cisco Wireless Control System (WCS) ...)
	NOT-FOR-US: Cisco
CVE-2007-2032 (Cisco Wireless Control System (WCS) before 4.0.96.0 has a hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2007-2031 (Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, ...)
	NOT-FOR-US: 3proxy
CVE-2007-2030 (lharc.c in lha does not securely create temporary files, which might ...)
	- lha 1.14i-10.2 (bug #437621; low)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2007-2029 (File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (low; bug #418849)
	NOTE: closed report: https://bugzilla.clamav.net/show_bug.cgi?id=459
	NOTE: Commit r3021 looks as if it's just a null pointer dereference.
CVE-2007-2028 (Memory leak in freeRADIUS 1.1.5 and earlier allows remote attackers to ...)
	- freeradius 1.1.6-1 (low)
	[sarge] - freeradius <no-dsa> (Minor issue)
	[etch] - freeradius <no-dsa> (Minor issue)
CVE-2007-2027 (Untrusted search path vulnerability in the add_filename_to_string ...)
	- elinks 0.11.1-1.4 (bug #417789; low)
	[sarge] - elinks <no-dsa> (Hardly exploitable)
	[etch] - elinks <no-dsa> (Hardly exploitable)
	NOTE: Unrealistic attack vector, no evidence code injection is possible
CVE-2007-2026 (The gnu regular expression code in file 4.20 allows context-dependent ...)
	- file 4.20-6 (low)
	[etch] - file 4.17-5etch3
	[sarge] - file <not-affected> (version too old)
CVE-2007-2025 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2024 (Unrestricted file upload vulnerability in the UpLoad feature ...)
	{DSA-1371-1}
	- phpwiki 1.3.12p3-6.1 (bug #441390)
CVE-2007-2023 (USB20.dll in Secustick USB flash drive decouples the authorization and ...)
	NOT-FOR-US: Secustick USB flash drive
CVE-2007-2022 (Adobe Macromedia Flash Player 7 and 9, when used with Opera before ...)
	- flashplugin-nonfree 9.0.48.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	[etch] - flashplugin-nonfree <no-dsa> (Non-free not supported)
	NOTE: Flash Plugin has a vulnerablity, which will only be disclosed in a few months
	NOTE: Some browser vendors produce updates, which fix this issue on the browser side,
	NOTE: but that it not of concern for Debian
CVE-2007-2021 (Multiple PHP remote file inclusion vulnerabilities in Pineapple ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2007-2020 (** DISPUTED ** ...)
	NOT-FOR-US: xodagallery
CVE-2007-2019 (PHP remote file inclusion vulnerability in init.gallery.php in ...)
	NOT-FOR-US: phpGalleryScript
CVE-2007-2018 (SQL injection vulnerability in msg.php in AlstraSoft Video Share ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2017 (siteadmin/useredit.php in AlstraSoft Video Share Enterprise does not ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2007-2016 (Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in ...)
	- phpmyadmin 4:2.6.2-3 (unimportant)
CVE-2007-2015 (PHP remote file inclusion vulnerability in index.php in Request It ...)
	NOT-FOR-US: Request It
CVE-2007-2014 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-2013 (Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme ...)
	NOT-FOR-US: Passworschutz
CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX ...)
	NOT-FOR-US: CompreXX
CVE-2007-2011 (Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 ...)
	NOT-FOR-US: DeskPro
CVE-2007-2010 (Double free vulnerability in bftpd before 1.8 allows remote ...)
	NOT-FOR-US: bftpd
CVE-2007-2009 (PHP remote file inclusion vulnerability in index.php in SimpCMS Light ...)
	NOT-FOR-US: SimpCMS Light
CVE-2007-2008 (Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2007 (admin.php in pL-PHP beta 0.9 allows remote attackers to bypass ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2006 (Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 ...)
	NOT-FOR-US: pL-PHP
CVE-2007-2005 (Multiple PHP remote file inclusion vulnerabilities in the Taskhopper ...)
	NOT-FOR-US: Taskhopper component for Mambo and Joomla
CVE-2007-2004 (Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2003 (InoutMailingListManager 3.1 and earlier sends a Location redirect ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2002 (InoutMailingListManager 3.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: InoutMailingListManager
CVE-2007-2001 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: Crea-Book
CVE-2007-2000 (Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book ...)
	NOT-FOR-US: Crea-Book
CVE-2007-1999 (PHP remote file inclusion vulnerability in index.php in Weatimages ...)
	NOT-FOR-US: Weatimages
CVE-2007-1998 (Direct static code injection vulnerability in HIOX Guest Book (HGB) ...)
	NOT-FOR-US: HIOX Guest Book
CVE-2007-1997 (Integer signedness error in the (1) cab_unstore and (2) cab_extract ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1996 (PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, ...)
	NOT-FOR-US: CodeBreak
CVE-2007-1995 (bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier ...)
	{DSA-1293-1}
	- quagga 0.99.6-5 (low; bug #418323)
	NOTE: The attributes are non-transitive, which means that they
	NOTE: are not propagated via BGP and therefore must originate
	NOTE: from a peer (which is explicitly configured).
CVE-2007-1994 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX ARPA transport
CVE-2007-1993 (Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File ...)
	NOT-FOR-US: HP-UX Portable File System
CVE-2007-1992 (Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 ...)
	NOT-FOR-US: com_zoom
CVE-2007-1991 (Cross-site scripting (XSS) vulnerability in mail/signup.asp in ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1990 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1989 (Multiple cross-site scripting (XSS) vulnerabilities in DotClear before ...)
	NOT-FOR-US: DotClear
CVE-2007-1988 (Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1987 (** DISPUTED ** ...)
	NOT-FOR-US: PHPEcho CMS
CVE-2007-1986 (Multiple PHP remote file inclusion vulnerabilities in barnraiser ...)
	NOT-FOR-US: AROUNDMe
CVE-2007-1985 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: phpexplorator
CVE-2007-1984 (PHP remote file inclusion vulnerability in index.php in lite-cms 0.2.1 ...)
	NOT-FOR-US: lite-cms
CVE-2007-1983 (PHP remote file inclusion vulnerability in include/default_header.php ...)
	NOT-FOR-US: Cyboards PHP Lite
CVE-2007-1982 (Multiple PHP remote file inclusion vulnerabilities in Really Simple ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1981 (The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on ...)
	NOT-FOR-US: Metamod-P
CVE-2007-1980 (SQL injection vulnerability in index.php in the Topliste 1.0 module ...)
	NOT-FOR-US: Topliste module for PHP-Fusion
CVE-2007-1979 (SQL injection vulnerability in index.php in the PopnupBlog 2.52 and ...)
	NOT-FOR-US: PopnupBlog module for Xoops
CVE-2007-1978 (SQL injection vulnerability in index.php in the Arcade 1.00 module for ...)
	NOT-FOR-US: Arcade module for PHP-Fusion
CVE-2007-1977 (Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS ...)
	NOT-FOR-US: holaCMS
CVE-2007-1976 (** DISPUTED ** ...)
	NOT-FOR-US: Virii Info module for Xoops
CVE-2007-1975 (Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 ...)
	NOT-FOR-US: SLAED CMS
CVE-2007-1974 (SQL injection vulnerability in the getArticle function in ...)
	NOT-FOR-US: Xoops modules
CVE-2007-1973 (Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1972 (** DISPUTED ** ...)
	NOT-FOR-US: BMC Patrol PerformAgent
CVE-2006-7194 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Agora
CVE-2006-7193 (** DISPUTED ** ...)
	NOT-FOR-US: disputed (SMARTY_DIR is a constant)
CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
	NOT-FOR-US: Half-Life
CVE-2007-XXXX [mydms SQL injection]
	- mydms 1.4.4+1-5
CVE-2007-1971 (SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi ...)
	NOT-FOR-US: fotokategori.asp
CVE-2007-1970 (Mozilla Firefox does not warn the user about HTTP elements on an HTTPS ...)
	- iceweasel <removed> (unimportant; bug #556267)
	[etch] - iceweasel <end-of-life> (Etch Packages no longer covered by security support)
	[lenny] - iceweasel <no-dsa> (Minor issue)
CVE-2007-1969 (Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam ...)
	NOT-FOR-US: MyBlog
CVE-2007-1968 (PHP remote file inclusion vulnerability in games.php in Sam Crew ...)
	NOT-FOR-US: MyBlog
CVE-2007-1967 (** DISPUTED ** ...)
	NOT-FOR-US: stat12
CVE-2007-1966 (Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1965 (Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS ...)
	NOT-FOR-US: eXV2 CMS
CVE-2007-1964 (member.php in MyBB (aka MyBulletinBoard), when debug mode is ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1963 (SQL injection vulnerability in the create_session function in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-1962 (SQL injection vulnerability in index.php in the WF-Snippets 1.02 and ...)
	NOT-FOR-US: WF-Snippets module for Xoops
CVE-2007-1961 (PHP remote file inclusion vulnerability in mutant_functions.php in the ...)
	NOT-FOR-US: Mutant portal for phpBB
CVE-2007-1960 (SQL injection vulnerability in visit.php in the Rha7 Downloads ...)
	NOT-FOR-US: Rha7 Downloads
CVE-2007-1959 (Unspecified vulnerability in the process_cmdent function in ...)
	- tinymux <unfixed> (unimportant)
CVE-2007-1958 (Buffer overflow in TinyMUX before 2.4 allows attackers to cause a ...)
	- tinymux 2.4.3.31-1
CVE-2007-1957 (Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web Php
CVE-2007-1956 (SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2007-1955 (Multiple stack-based buffer overflows in the SignKorea SKCrypAX ...)
	NOT-FOR-US: SKCrypAX ActiveX control
CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 ...)
	NOT-FOR-US: ArchiveXpert
CVE-2007-1953 (Session fixation vulnerability in onelook courts on-line allows remote ...)
	NOT-FOR-US: onelook courts on-line
CVE-2007-1952 (Session fixation vulnerability in onelook onebyone CMS allows remote ...)
	NOT-FOR-US: onelook onebyone CMS
CVE-2007-1951 (Session fixation vulnerability in onelook obo Shop allows remote ...)
	NOT-FOR-US: onelook obo Shop
CVE-2007-1950 (Cross-site scripting (XSS) vulnerability in index_cms.php in ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1949 (Session fixation vulnerability in WebBlizzard CMS allows remote ...)
	NOT-FOR-US: WebBlizzard CMS
CVE-2007-1948 (Buffer overflow in IrfanView 3.99 allows context-dependent attackers ...)
	NOT-FOR-US: IrfanView
CVE-2007-1947 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1946 (Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might ...)
	NOT-FOR-US: WIndows Explorer
CVE-2007-1945 (Unspecified vulnerability in the Servlet Engine/Web Container in IBM ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1944 (The Java Message Service (JMS) in IBM WebSphere Application Server ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1943 (Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent ...)
	NOT-FOR-US: ACDSee Photo Manager
CVE-2007-1942 (Integer overflow in FastStone Image Viewer 2.9 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1941 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: Domino Web Access
CVE-2007-1940 (IBM Tivoli Business Service Manager (TBSM) 4.1 before Interim Fix 1 ...)
	NOT-FOR-US: IBM Tivoli Business Service Manager
CVE-2007-1939 (Cross-site scripting (XSS) vulnerability in the embedded webserver in ...)
	NOT-FOR-US: LanguageTool
CVE-2007-1938 (Ichitaro 2005 through 2007, and possibly related products, allows ...)
	NOT-FOR-US: Ichitaro
CVE-2007-1937 (PHP remote file inclusion vulnerability in smilies.php in Scorp Book ...)
	NOT-FOR-US: Scorp Book
CVE-2007-1936 (PHP remote file inclusion vulnerability in scaradcontrol.php in ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1935 (PHP file inclusion vulnerability in admin/index.php in ScarAdControl ...)
	NOT-FOR-US: ScarAdControl
CVE-2007-1934 (Directory traversal vulnerability in member.php in the eBoard 1.0.7 ...)
	NOT-FOR-US: eBoard module for PHP-Nuke
CVE-2007-1933 (Multiple directory traversal vulnerabilities in PcP-Guestbook ...)
	NOT-FOR-US: PcP-Guestbook
CVE-2007-1932 (Directory traversal vulnerability in scarnews.inc.php in ScarNews ...)
	NOT-FOR-US: ScarNews
CVE-2007-1931 (SQL injection vulnerability in index.php in the slownik module in ...)
	NOT-FOR-US: SmodCMS
CVE-2007-1930 (Directory traversal vulnerability in download2.php in cattaDoc 2.21, ...)
	NOT-FOR-US: cattaDoc
CVE-2007-1929 (Directory traversal vulnerability in downloadpic.php in Beryo 2.0, and ...)
	NOT-FOR-US: Beryo
CVE-2007-1928 (Directory traversal vulnerability in index.php in witshare 0.9 allows ...)
	NOT-FOR-US: witshare
CVE-2007-1927 (Cross-site scripting (XSS) vulnerability in signup.asp in CmailServer ...)
	NOT-FOR-US: CmailServer WebMail
CVE-2007-1926 (Cross-site scripting (XSS) vulnerability in JBMC Software DirectAdmin ...)
	NOT-FOR-US: JBMC Software DirectAdmin
CVE-2007-1925 (The borrado function in modules/Your_Account/index.php in Tru-Zone ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2007-1924 (** DISPUTED ** ...)
	NOT-FOR-US: phpContact
CVE-2007-1923 ((1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
CVE-2007-1922 (The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in ...)
	NOT-FOR-US: Winamp
CVE-2007-1921 (LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other ...)
	NOT-FOR-US: Winamp
CVE-2007-1920 (SQL injection vulnerability in index.php in the aktualnosci module in ...)
	NOT-FOR-US: aktualnosci module in SmodBIP
CVE-2007-1919 (Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream ...)
	NOT-FOR-US: Arizona Dream Livre d'or
CVE-2007-1918 (The RFC_SET_REG_SERVER_PROPERTY function in the SAP RFC Library 6.40 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1917 (Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1916 (Buffer overflow in the RFC_START_GUI function in the SAP RFC Library ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1915 (Buffer overflow in the RFC_START_PROGRAM function in the SAP RFC ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1914 (The RFC_START_PROGRAM function in the SAP RFC Library 6.40 and 7.00 ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1913 (The TRUSTED_SYSTEM_SECURITY function in the SAP RFC Library 6.40 and ...)
	NOT-FOR-US: SAP RFC Library
CVE-2007-1912 (Heap-based buffer overflow in Microsoft Windows allows user-assisted ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1911 (Multiple unspecified vulnerabilities in Microsoft Word 2007 allow ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1910 (Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1909 (SQL injection vulnerability in login.php in Ryan Haudenschilt ...)
	NOT-FOR-US: Battle.net Clan Script
CVE-2007-1908 (PHP file inclusion vulnerability in php121db.php in PHP121 Instant ...)
	NOT-FOR-US: PHP121 Instant Messenger
CVE-2007-1907 (PHP remote file inclusion vulnerability in warn.php in Pathos Content ...)
	NOT-FOR-US: Pathos CMS
CVE-2007-1906 (Directory traversal vulnerability in richedit/keyboard.php in eCardMAX ...)
	NOT-FOR-US: eCardMAX HotEditor
CVE-2007-1905 (Cross-site scripting (XSS) vulnerability in auth.php in Pineapple ...)
	NOT-FOR-US: QuizShock
CVE-2007-1904 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 5.9 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2007-1903 (Cross-site scripting (XSS) vulnerability in search.php in SonicBB 1.0 ...)
	NOT-FOR-US: SonicBB
CVE-2007-1902 (Multiple SQL injection vulnerabilities in SonicBB 1.0 allow remote ...)
	NOT-FOR-US: SonicBB
CVE-2007-1901 (SonicBB 1.0 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: SonicBB
CVE-2007-1900 (CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
CVE-2007-1899 (Multiple SQL injection vulnerabilities in myWebland myBloggie 2.1.6 ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2007-1898 (formmail.php in Jetbox CMS 2.1 allows remote attackers to send ...)
	NOT-FOR-US: Jetbox CMS
CVE-2007-1897 (SQL injection vulnerability in xmlrpc (xmlrpc.php) in WordPress 2.1.2, ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1896 (Directory traversal vulnerability in chat.php in Sky GUNNING MySpeach ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1895 (PHP remote file inclusion vulnerability in chat.php in Sky GUNNING ...)
	NOT-FOR-US: Sky GUNNING MySpeach
CVE-2007-1894 (Cross-site scripting (XSS) vulnerability in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1893 (xmlrpc (xmlrpc.php) in WordPress 2.1.2, and probably earlier, allows ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1892 (Stack-based buffer overflow in Akamai Technologies Download Manager ...)
	NOT-FOR-US: Akamai
CVE-2007-1891 (Stack-based buffer overflow in the GetPrivateProfileSectionW function ...)
	NOT-FOR-US: Akamai
CVE-2007-1890 (Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: local code execution only, possibly only on FreeBSD
CVE-2007-1889 (Integer signedness error in the _zend_mm_alloc_int function in the ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1888 (Buffer overflow in the sqlite_decode_binary function in src/encode.c ...)
	- sqlite 2.8.17-2.1 (unimportant; bug #441233; bug #526328)
	NOTE: this is really just an "unsafe" API, not really a security issue against sqlite itself.
	NOTE: SQLite 3 no longer contains the affected function.
CVE-2007-1887 (Buffer overflow in the sqlite_decode_binary function in the bundled ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <not-affected> (SQLite not enabled in PHP 4 packages)
	- php5 5.2.0-11 (medium)
	- php4-sqlite <removed> (medium; bug #420456)
	NOTE: php5 is vulnerable due to improper use of the system sqlite libs
CVE-2007-1886 (Integer overflow in the str_replace function in PHP 4.4.5 and PHP ...)
	NOTE: Duplicate of CVE-2007-1885
CVE-2007-1885 (Integer overflow in the str_replace function in PHP 4 before 4.4.5 and ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1884 (Multiple integer signedness errors in the printf function family in ...)
	NOTE: Dupe of CVE-2007-0909; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1883 (PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1882 (qcbin/servlet/tdservlet/TDAPI_GeneralWebTreatment in HP Mercury ...)
	NOT-FOR-US: HP Mercury Quality Center
CVE-2007-1881 (Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1880 (Integer overflow in the _NtSetValueKey function in klif.sys in ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1879 (The StartUploading function in KL.SysInfo ActiveX control ...)
	NOT-FOR-US: KL.SysInfo ActiveX control
CVE-2007-1878 (Cross-zone scripting vulnerability in the DOM templates (domplates) ...)
	NOT-FOR-US: Firebug extension for Firefox
CVE-2007-1877 (VMware Workstation before 5.5.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: VMware
CVE-2007-1876 (VMware Workstation before 5.5.4, when running a 64-bit Windows guest ...)
	NOT-FOR-US: VMware
CVE-2007-1875
	RESERVED
CVE-2007-1874 (Adobe ColdFusion MX 7 for Linux and Solaris uses insecure permissions ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2007-1873 (Cross-site scripting (XSS) vulnerability in Mephisto 0.7.3 allows ...)
	NOT-FOR-US: mephisto
CVE-2007-1872 (Cross-site scripting (XSS) vulnerability in toendaCMS 1.5.3 allows ...)
	NOT-FOR-US: toendaCMS
CVE-2007-1871 (Cross-site scripting (XSS) vulnerability in chcounter 3.1.3 allows ...)
	NOT-FOR-US: chcounter
CVE-2007-1870 (lighttpd before 1.4.14 allows attackers to cause a denial of service ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (low; bug #422254)
CVE-2007-1869 (lighttpd 1.4.12 and 1.4.13 allows remote attackers to cause a denial ...)
	{DSA-1303-1}
	- lighttpd 1.4.15-1 (medium; bug #422254)
CVE-2007-1868 (The management service in IBM Tivoli Provisioning Manager for OS ...)
	NOT-FOR-US: IBM Tivoli Provisioning Manager
CVE-2007-1867 (Buffer overflow in IrfanView 3.99 allows remote attackers to execute ...)
	NOT-FOR-US: IrfanView
CVE-2007-1866 (Stack-based buffer overflow in the dns_decode_reverse_name function in ...)
	NOT-FOR-US: dproxy-nexgen
CVE-2007-1865 (** DISPUTED ** ...)
	NOT-FOR-US: not a bug
CVE-2007-1864 (Buffer overflow in the bundled libxmlrpc library in PHP before 4.4.7, ...)
	{DSA-1331-1 DSA-1330-1}
	- php4 <removed>
	- php5 5.2.2-1
CVE-2007-1863 (cache_util.c in the mod_cache module in Apache HTTP Server (httpd), ...)
	- apache2 2.2.4-1 (low)
	- apache <removed> (unimportant)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	NOTE: Apache 1.3 is non-threaded, therefore unimportant
CVE-2007-1862 (The recall_headers function in mod_mem_cache in Apache 2.2.4 does not ...)
	- apache2 <not-affected> (Only Apache 2.2.4 was affected, and all versions of 2.2.4 in Debian are fixed)
CVE-2007-1861 (The nl_fib_lookup function in net/ipv4/fib_frontend.c in Linux Kernel ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1
CVE-2007-1860 (mod_jk in Apache Tomcat JK Web Server Connector 1.2.x before 1.2.23 ...)
	{DSA-1312-1}
	- libapache-mod-jk 1:1.2.23-1 (bug #425836)
CVE-2007-1859 (XScreenSaver 4.10, when using a remote directory service for ...)
	- xscreensaver 5.03-1 (low; bug #433964)
	[etch] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
	[sarge] - xscreensaver <no-dsa> (Minor issue, requires attacker with high level of control, see #433964)
CVE-2007-1858 (The default SSL cipher configuration in Apache Tomcat 4.1.28 through ...)
	NOTE: insecure ciphers should not be (and usually are not) enabled in browsers
	[sarge] - tomcat4 <no-dsa> (low)
	[etch] - tomcat5 <no-dsa> (low; bug #423435)
	- tomcat5 <removed> (low; bug #423435)
	- tomcat5.5 5.5.17-1 (low)
	- tomcat4 <removed> (low)
CVE-2007-1857
	RESERVED
CVE-2007-1856 (Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure ...)
	- cron <not-affected> (Debian uses proper permission scheme)
CVE-2007-1855 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Shop-Script
CVE-2007-1854 (Unspecified vulnerability in Hitachi Cosminexus Component Container ...)
	NOT-FOR-US: Hitachi Cosminexus Component Container
CVE-2007-1853 (Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, ...)
	NOT-FOR-US: Hitachi DeviceManager
CVE-2007-1852 (** DISPUTED ** ...)
	NOT-FOR-US: 2BGal
CVE-2007-1851 (Multiple directory traversal vulnerabilities in Really Simple PHP and ...)
	NOT-FOR-US: Really Simple PHP and Ajax
CVE-2007-1850 (Directory traversal vulnerability in classes/captcha/captcha.jpg.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1849 (Directory traversal vulnerability in 404.php in Drake CMS allows ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1848 (Cross-site scripting (XSS) vulnerability in admin/classes/ui.dta.php ...)
	NOT-FOR-US: Drake CMS
CVE-2007-1847 (SQL injection vulnerability in viewcat.php in the Repository module ...)
	NOT-FOR-US: Repository module for Xoops
CVE-2007-1846 (SQL injection vulnerability in index.php in the MyAds 2.04jp and ...)
	NOT-FOR-US: MyAds
CVE-2007-1845 (SQL injection vulnerability in show_event.php in the Expanded Calendar ...)
	NOT-FOR-US: Expanded Calendar module for PHP-Fusion
CVE-2007-1844 (Multiple PHP remote file inclusion vulnerabilities in Aardvark ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2007-1843 (PHP remote file inclusion vulnerability in gmapfactory/params.php in ...)
	NOT-FOR-US: MapLab
CVE-2007-1842 (Directory traversal vulnerability in login.php in JSBoard before ...)
	NOT-FOR-US: JSBoard
CVE-2007-1841 (The isakmp_info_recv function in src/racoon/isakmp_inf.c in racoon in ...)
	{DSA-1299-1 DTSA-42-1}
	- ipsec-tools 1:0.6.6-3.2 (medium; bug #423252)
	[sarge] - ipsec-tools <not-affected> (the older stream of development used in the sarge package is not vulnerable - a code change that went into that branch coincidentally fixed it and this change was already there in sarge)
CVE-2006-7192 (Microsoft ASP .NET Framework 2.0.50727.42 does not properly handle ...)
	NOT-FOR-US: Microsoft ASP .NET Framework
CVE-2005-4837 (snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before ...)
	- net-snmp 5.2.2-1 (medium)
CVE-2005-4836 (The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not ...)
	[sarge] - tomcat4 <no-dsa> (affects deprecated HTTP/1.1 connector only)
CVE-2007-XXXX [initramfs-tools creates /dev/root world-readable]
	- initramfs-tools 0.85g (low; bug #417995)
CVE-2007-1840 (lib/modules.inc in LDAP Account Manager (LAM) before 1.3.0 does not ...)
	{DSA-1287-1}
	- ldap-account-manager 1.1.1-2 (medium; bug #415379)
CVE-2007-1839 (Multiple PHP remote file inclusion vulnerabilities in CodeBB 1.1b3 and ...)
	NOT-FOR-US: CodeBB
CVE-2007-1838 (SQL injection vulnerability in view.php in the Friendfinder 3.3 and ...)
	NOT-FOR-US: Friendfinder module for Xoops
CVE-2007-1837 (Multiple PHP remote file inclusion vulnerabilities in MangoBery CMS ...)
	NOT-FOR-US: MangoBery CMS
CVE-2007-1836 (The command line administration interface in Data Domain OS before ...)
	NOT-FOR-US: Data Domain OS
CVE-2007-1835 (PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-1834 (Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1833 (The Skinny Call Control Protocol (SCCP) implementation in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1832 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1831 (web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to ...)
	NOT-FOR-US: WebAPP
CVE-2007-1830 (Unspecified vulnerability in the Username Hijacking Patch 20070312 for ...)
	NOT-FOR-US: WebAPP
CVE-2007-1829 (Multiple unspecified vulnerabilities in web-app.net WebAPP have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1828 (Multiple cross-site scripting (XSS) vulnerabilities in web-app.org ...)
	NOT-FOR-US: WebAPP
CVE-2007-1827 (Multiple unspecified vulnerabilities in form input validation in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1826 (Unspecified vulnerability in the IPSec Manager Service for Cisco ...)
	NOT-FOR-US: Cisco
CVE-2007-1825 (Buffer overflow in the imap_mail_compose function in PHP 5 before ...)
	NOTE: Dupe of CVE-2007-0906; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1824 (Buffer overflow in the php_stream_filter_create function in PHP 5 ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1823 (T-Mobile voice mail systems allow remote attackers to retrieve or ...)
	NOT-FOR-US: T-Mobile
CVE-2007-1822 (Alcatel-Lucent Lucent Technologies voice mail systems allow remote ...)
	NOT-FOR-US: Alcatel-Lucent
CVE-2007-1821 (Sprint Nextel Sprint voice mail systems allow remote attackers to ...)
	NOT-FOR-US: Sprint Nextel
CVE-2007-1820 (Nortel Networks CallPilot and Meridian Mail voicemail systems, when a ...)
	NOT-FOR-US: Nortel Networks
CVE-2007-1819 (Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control ...)
	NOT-FOR-US: ActiveX control in TestDirector
CVE-2007-1818 (PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php ...)
	NOT-FOR-US: Forum picture and META tags module for phpBB
CVE-2007-1817 (SQL injection vulnerability in index.php in the Lykos Reviews ...)
	NOT-FOR-US: Lykos Reviews module for Xoops
CVE-2007-1816 (SQL injection vulnerability in viewcat.php in the Tutoriais module for ...)
	NOT-FOR-US: Tutorials module for Xoops
CVE-2007-1815 (SQL injection vulnerability in viewcat.php in the Library module for ...)
	NOT-FOR-US: Library module for Xoops
CVE-2007-1814 (SQL injection vulnerability in viewcat.php in the Core module for ...)
	NOT-FOR-US: Core module for Xoops
CVE-2007-1813 (SQL injection vulnerability in display.php in the eCal 2.24 and ...)
	NOT-FOR-US: eCal module for Xoops
CVE-2007-1812 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BT-Sondage
CVE-2007-1811 (SQL injection vulnerability in index.php in the Tiny Event (tinyevent) ...)
	NOT-FOR-US: Tiny Event module for Xoops
CVE-2007-1810 (SQL injection vulnerability in product_details.php in the Kshop 1.17 ...)
	NOT-FOR-US: Kshop module for Xoops
CVE-2007-1809 (Multiple PHP remote file inclusion vulnerabilities in GraFX Company ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1808 (SQL injection vulnerability in show.php in the Camportail 1.1 and ...)
	NOT-FOR-US: Camportail module for Xoops
CVE-2007-1807 (SQL injection vulnerability in modules/myalbum/viewcat.php in the ...)
	NOT-FOR-US: myAlbum-P module for Xoops
CVE-2007-1806 (SQL injection vulnerability in categos.php in the RM+Soft Gallery ...)
	NOT-FOR-US: RM+Soft Gallery module for Xoops
CVE-2007-1805 (SQL injection vulnerability in genre.php in the debaser 0.92 and ...)
	NOT-FOR-US: debaser module for Xoops
CVE-2007-1804 (PulseAudio 0.9.5 allows remote attackers to cause a denial of service ...)
	{DTSA-44-1}
	- pulseaudio 0.9.6-1 (low)
	[etch] - pulseaudio <no-dsa> (Minor issue)
CVE-2007-1803 (Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1802 (Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier ...)
	NOT-FOR-US: MailDwarf
CVE-2007-1801 (Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta ...)
	NOT-FOR-US: sBLOG
CVE-2007-1800 (Cisco Secure ACS does not require authentication when Cisco Trust ...)
	NOT-FOR-US: Cisco
CVE-2007-1799 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	{DSA-1373-2 DSA-1373-1}
	- ktorrent 2.1.4.dfsg.1-1 (medium; bug #432007)
CVE-2007-1798 (Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2007-1797 (Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote ...)
	{DSA-1903-1 DSA-1858-1}
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	- graphicsmagick 1.1.7-15 (medium)
CVE-2007-1796 (Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 ...)
	NOT-FOR-US: URLshrink
CVE-2007-1795 (JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: URLshrink
CVE-2007-1794 (The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, ...)
	NOTE: Duplicate of CVE-2006-3805
CVE-2007-1793 (SPBBCDrv.sys in Symantec Norton Personal Firewall 2006 9.1.0.33 and ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1792 (libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1791 (SQL injection vulnerability in wall.php in Picture-Engine 1.2.0 and ...)
	NOT-FOR-US: Picture-Engine
CVE-2007-1790 (Multiple PHP remote file inclusion vulnerabilities in Kaqoo Auction ...)
	NOT-FOR-US: Kaqoo Auction Software
CVE-2007-1789 (Flyspray 0.9.9 allows remote attackers to obtain sensitive information ...)
	- flyspray <not-affected> (Code was introduced in 0.9.9, not sensitive anyway)
CVE-2007-1788 (Flyspray 0.9.9, when output_buffering is disabled or &quot;set to a low ...)
	- flyspray 0.9.8-10 (medium)
	[sarge] - flyspray <not-affected> (Vulnerable code not present)
CVE-2007-1787 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Time-Assistant
CVE-2007-1786 (SQL injection vulnerability in Hitachi Collaboration - Online ...)
	NOT-FOR-US: Hitachi Collaboration
CVE-2007-1785 (The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserve Backup
CVE-2007-1784 (The JNILoader ActiveX control (STJNILoader.ocx) 3.1.0.26 in IBM Lotus ...)
	NOT-FOR-US: JNILoader ActiveX control
CVE-2007-1783
	REJECTED
CVE-2006-7191 (Untrusted search path vulnerability in lamdaemon.pl in LDAP Account ...)
	{DSA-1287-1}
	- ldap-account-manager 1.0.0-1 (medium)
CVE-2006-7190 (Cross-site scripting (XSS) vulnerability in cgi-bin/user-lib/topics.pl ...)
	NOT-FOR-US: WebAPP
CVE-2006-7189 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin/logs.cgi in ...)
	NOT-FOR-US: WebAPP
CVE-2006-7188 (The search function in cgi-lib/user-lib/search.pl in web-app.net ...)
	NOT-FOR-US: WebAPP
CVE-2006-7187 (Cross-site scripting (XSS) vulnerability in the show_recent_searches ...)
	NOT-FOR-US: WebAPP
CVE-2006-7186 (cgi-lib/subs.pl in web-app.net WebAPP before 0.9.9.3.5 allows ...)
	NOT-FOR-US: WebAPP
CVE-2006-7185 (PHP remote file inclusion vulnerability in includes/user_standard.php ...)
	NOT-FOR-US: CMSmelborp
CVE-2006-7184 (Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-7183 (PHP remote file inclusion vulnerability in styles.php in Exhibit ...)
	NOT-FOR-US: Exhibit Engine
CVE-2007-XXXX [low-entropy default passphrase in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414480)
CVE-2007-XXXX [file permission race conidition in Debian's dtc-xen]
	- dtc-xen 0.2.8-1 (low; bug #414482)
CVE-2007-XXXX [too lenient UTF-8 decoder in kjs/function.cpp]
	- kdelibs 4:3.5.5a.dfsg.1-8
CVE-2007-XXXX [double-free vulnerability in the Real Media demuxer]
	- ffmpeg 0.cvs20060823-8 (low; bug #379922)
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [various crashes and infinite loops in ffmpeg]
	- ffmpeg 0.cvs20060823-8 (low; bug #407003)
	- xmovie <removed>
CVE-2007-1782 (CruiseWorks 1.09e and earlier does not properly restrict user access ...)
	NOT-FOR-US: CruiseWorks
CVE-2007-1781 (Minna De Office 1.x and 2.x does not properly restrict user access to ...)
	NOT-FOR-US: Minna De Office
CVE-2007-1780 (Cross-site scripting (XSS) vulnerability in the DHT shell (owdhtshell) ...)
	NOT-FOR-US: Overlay Weaver
CVE-2007-1779 (Multiple SQL injection vulnerabilities in the MySQL back-end in ...)
	NOT-FOR-US: Advanced Website Creator
CVE-2007-1778 (PHP remote file inclusion vulnerability in db/mysql.php in the ...)
	NOT-FOR-US: Eve-Nuke
CVE-2007-1777 (Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (medium)
	- php5 5.2.0-11 (medium)
CVE-2007-1776 (SQL injection vulnerability in index.php in the DesignForJoomla.com ...)
	NOT-FOR-US: D4J eZine
CVE-2007-1775 (Unrestricted file upload vulnerability in upload.php3 in JBrowser 2.4 ...)
	NOT-FOR-US: JBrowser
CVE-2007-1774 (Multiple cross-site scripting (XSS) vulnerabilities in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1773 (Multiple directory traversal vulnerabilities in aBitWhizzy allow ...)
	NOT-FOR-US: aBitWhizzy
CVE-2007-1772 (The FTP service in HP JetDirect print servers allows remote attackers ...)
	NOT-FOR-US: HP JetDirect
CVE-2007-1771 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ay System Solutions Web Content System
CVE-2007-1770 (Buffer overflow in the ArcSDE service (giomgr) in Environmental ...)
	NOT-FOR-US: ArcSDE
CVE-2007-1769
	REJECTED
CVE-2007-1768 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Mephisto
CVE-2007-1767 (Unspecified vulnerability in (1) Deskbar.dll and (2) Toolbar.dll in ...)
	NOT-FOR-US: AOL
CVE-2007-1766 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Advanced Login
CVE-2007-1765 (Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1764 (Stack-based buffer overflow in FastStone Image Viewer 2.8 allows ...)
	NOT-FOR-US: FastStone Image Viewer
CVE-2007-1763 (The ATI kernel driver (atikmdag.sys) in Microsoft Windows Vista allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1762 (Mozilla Firefox 2.0.0.1 through 2.0.0.3 does not canonicalize URLs ...)
	- iceweasel 3.0.1-1 (unimportant; bug #445515)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1761
	REJECTED
CVE-2007-1760
	REJECTED
CVE-2007-1759
	REJECTED
CVE-2007-1758
	REJECTED
CVE-2007-1757
	REJECTED
CVE-2007-1756 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and Office ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1755
	REJECTED
CVE-2007-1754 (PUBCONV.DLL in Microsoft Office Publisher 2007 does not properly clear ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1753
	REJECTED
CVE-2007-1752
	REJECTED
CVE-2007-1751 (Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1750 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
	NOT-FOR-US: Microsoft
CVE-2007-1749 (Integer underflow in the CDownloadSink class code in the Vector Markup ...)
	NOT-FOR-US: Vector Markup Language
CVE-2007-1748 (Stack-based buffer overflow in the RPC interface in the Domain Name ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1747 (Unspecified vulnerability in MSO.dll in Microsoft Office 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1746
	RESERVED
CVE-2007-1745 (The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...)
	{DSA-1281-1 DTSA-37-1}
	- clamav 0.90.2-1 (high)
CVE-2007-1744 (Directory traversal vulnerability in the Shared Folders feature for ...)
	NOT-FOR-US: VMware
CVE-2007-1743 (suexec in Apache HTTP Server (httpd) 2.2.3 does not verify ...)
	- apache2 <unfixed> (unimportant)
CVE-2007-1742 (suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1741 (Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 ...)
	- apache2 2.2.8-5 (unimportant)
CVE-2007-1740
	REJECTED
CVE-2007-1739 (Heap-based buffer overflow in the LDAP server in IBM Lotus Domino ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1738 (TrueCrypt 4.3, when installed setuid root, allows local users to cause ...)
	NOT-FOR-US: TrueCrypt
CVE-2007-1737 (Opera 9.10 does not check URLs embedded in (1) object or (2) iframe ...)
	NOT-FOR-US: Opera
CVE-2007-1736 (Mozilla Firefox 2.0.0.3 does not check URLs embedded in (1) object or ...)
	- iceweasel <removed> (unimportant)
	NOTE: I don't believe this has relevant security impact, such a black list
	NOTE: will register URLs found in the wild and the used adresses will be
	NOTE: volatile anyway
CVE-2007-1735 (Stack-based buffer overflow in Corel WordPerfect Office X3 ...)
	NOT-FOR-US: Corel WordPerfect
CVE-2007-1734 (The DCCP support in the do_dccp_getsockopt function in ...)
	- linux-2.6 2.6.20-1 (medium; bug #420875)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1733 (Buffer overflow in InterVations NaviCOPA HTTP Server 2.01 allows ...)
	NOT-FOR-US: NaviCOPA HTTP Server
CVE-2007-1732 (** DISPUTED ** ...)
	- wordpress 2.1.3-1 (unimportant)
	NOTE: Administrators can post full HTML, that is a feature. Rightly disputed.
CVE-2007-1731 (Multiple stack-based buffer overflows in High Performance Anonymous ...)
	NOT-FOR-US: hpaftpd
CVE-2007-1730 (Integer signedness error in the DCCP support in the do_dccp_getsockopt ...)
	- linux-2.6 2.6.21-1 (medium)
	[etch] - linux-2.6 <not-affected> (Vulnerable code not present)
CVE-2007-1729 (SQL injection vulnerability in includes/start.php in Flexbb 1.0.0 ...)
	NOT-FOR-US: Flexbb
CVE-2007-1728 (The Remote Play feature in Sony Playstation 3 (PS3) 1.60 and ...)
	NOT-FOR-US: Sony Playstation 3
CVE-2007-1727 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: HP OpenView
CVE-2007-1726 (Unrestricted file upload vulnerability in index.php in IceBB 1.0-rc5 ...)
	NOT-FOR-US: IceBB
CVE-2007-1725 (SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows ...)
	NOT-FOR-US: IceBB
CVE-2007-1724 (Unspecified vulnerability in ReactOS 0.3.1 has unknown impact and ...)
	NOT-FOR-US: ReactOS
CVE-2007-1723 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: IronMail
CVE-2007-1722 (Buffer overflow in the DownloadCertificateExt function in SignKorea ...)
	NOT-FOR-US: SKCommAX ActiveX control
CVE-2007-1721 (Multiple PHP remote file inclusion vulnerabilities in C-Arbre 0.6PR7 ...)
	NOT-FOR-US: C-Arbre
CVE-2007-1720 (Directory traversal vulnerability in addressbook.php in the ...)
	NOT-FOR-US: Addressbook 1.2 module for PHP-Nuke
CVE-2007-1719 (Buffer overflow in eject.c in Jason W. Bacon mcweject 0.9 on FreeBSD, ...)
	NOT-FOR-US: mcweject
CVE-2007-1718 (CRLF injection vulnerability in the mail function in PHP 4.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 <removed> (medium)
	[sarge] - php4 <not-affected> (Vulnerable code not present)
	- php5 5.2.0-11 (medium)
CVE-2007-1717 (The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php4 6:4.4.6-2 (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: This is a regular bug, not a security problem
CVE-2007-1716 (pam_console does not properly restore ownership for certain console ...)
	NOT-FOR-US: pam_console
CVE-2007-1715 (PHP remote file inclusion vulnerability in frontpage.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2007-1714 (Cross-site scripting (XSS) vulnerability in index.php in CcCounter 2.0 ...)
	NOT-FOR-US: CcCounter
CVE-2007-1713 (CRLF injection vulnerability in BSMTP.DLL in B21Soft BASP21 2003.0211, ...)
	NOT-FOR-US: BASP21
CVE-2007-1712 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Auction Pro
CVE-2007-1711 (Double free vulnerability in the unserializer in PHP 4.4.5 and 4.4.6 ...)
	{DSA-1283-1 DSA-1282-1}
	- php4 6:4.4.6-2
	- php5 5.2.0-9
	NOTE: register_globals not supported
CVE-2007-1710 (The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2007-1709 (Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC ...)
	NOT-FOR-US: PECL phpDOC
CVE-2007-1708 (PHP remote file inclusion vulnerability in lib/db/ez_sql.php in ttCMS ...)
	NOT-FOR-US: ttCMS
CVE-2007-1707 (PHP remote file inclusion vulnerability in index.php in Net Side ...)
	NOT-FOR-US: Net-Side.net CMS
CVE-2007-1706 (SQL injection vulnerability in eWebQuiz.asp in eWebQuiz 8 allows ...)
	NOT-FOR-US: eWebQuiz
CVE-2007-1705 (SQL injection vulnerability in default.asp in Active Trade 2 allows ...)
	NOT-FOR-US: Active Trade
CVE-2007-1704 (SQL injection vulnerability in index.php in the Car Manager ...)
	NOT-FOR-US: Joomla module Car Manager
CVE-2007-1703 (SQL injection vulnerability in index.php in the RWCards (com_rwcards) ...)
	NOT-FOR-US: Joomla module RWCards
CVE-2007-1702 (PHP remote file inclusion vulnerability in mod_flatmenu.php in the ...)
	NOT-FOR-US: Flatmenu
CVE-2007-1701 (PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is ...)
	- php5 5.2.0-9 (unimportant)
	- php4 6:4.4.4-9 (unimportant)
	NOTE: register_globals not supported
	NOTE: Dupe of CVE-2007-0910
CVE-2007-1700 (The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-9
	- php4 6:4.4.4-9
	[etch] - php5 5.2.0-8+etch1
	[etch] - php4 6:4.4.4-8+etch1
	[sarge] - php4 4:4.3.10-21
	NOTE: This was fixed as a side-effect of previous security fixes, noting the
	NOTE: status as of DSA-1286 as fixed version. likewise the oldstable
	NOTE: version was fixed.
CVE-2007-1699 (Multiple PHP remote file inclusion vulnerabilities in the SWmenu ...)
	NOT-FOR-US: Mambo module SWmenu
CVE-2007-1698 (download.php in Philex 0.2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Philex
CVE-2007-1697 (PHP remote file inclusion vulnerability in header.inc.php in Philex ...)
	NOT-FOR-US: Philex
CVE-2007-1696 (SQL injection vulnerability in ViewNewspapers.asp in Active Newsletter ...)
	NOT-FOR-US: Active Newsletter
CVE-2007-1695 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (requires register_globals to exploit)
	NOTE: Vulnerability is disputed, but is a non-issue anyway.
CVE-2007-1694
	RESERVED
CVE-2007-1693 (The SIP channel module in Yet Another Telephony Engine (Yate) before ...)
	- yate 1.2.0-1.dfsg-1 (low; bug #421994)
	[etch] - yate <no-dsa> (Minor issue, fringe application)
CVE-2007-1692 (The default configuration of Microsoft Windows uses the Web Proxy ...)
	NOT-FOR-US: Microsoft
CVE-2007-1691 (Stack-based buffer overflow in Second Sight Software ActiveMod ActiveX ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1690 (Multiple stack-based buffer overflows in Second Sight Software ...)
	NOT-FOR-US: Second Sight Software
CVE-2007-1689 (Buffer overflow in the ISAlertDataCOM ActiveX control in ISLALERT.DLL ...)
	NOT-FOR-US: Norton
CVE-2007-1688 (Buffer overflow in the PhPInfo ActiveX control in PhPCtrl.dll in ...)
	NOT-FOR-US: PhPInfo ActiveX control
CVE-2007-1687 (Multiple buffer overflows in the Internet Pictures Corporation iPIX ...)
	NOT-FOR-US: iPIX Image Well ActiveX control
CVE-2007-1686
	RESERVED
CVE-2007-1685 (Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, ...)
	NOT-FOR-US: BlueCoat
CVE-2007-1684 (The Run function in SolidWorks sldimdownload ActiveX control in ...)
	NOT-FOR-US: sldimdownload ActiveX control
CVE-2007-1683 (Stack-based buffer overflow in the DoWebMenuAction function in the ...)
	NOT-FOR-US: IncrediMail
CVE-2007-1682 (Multiple stack-based buffer overflows in the FileManager ActiveX ...)
	NOT-FOR-US: FileManager ActiveX
CVE-2007-1681 (Format string vulnerability in libwebconsole_services.so in Sun Java ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-1680 (Stack-based buffer overflow in the createAndJoinConference function in ...)
	NOT-FOR-US: AudioConf ActiveX control
CVE-2007-1679 (** DISPUTED ** ...)
	NOTE: Allegedly a duplicate of CVE-2006-4255.
	NOTE: The other issue needs a CSRF attack to exploit.
CVE-2007-1678 (Cross-site scripting (XSS) vulnerability in the Fizzle 0.5 extension ...)
	NOT-FOR-US: Fizzle 0.5 extension for Firefox
CVE-2007-1677 (Multiple buffer overflows in the ISO network protocol support in the ...)
	NOT-FOR-US: NetBSD
CVE-2007-1676
	RESERVED
CVE-2007-1675 (Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-1674 (Stack-based buffer overflow in the Alert Service (aolnsrvr.exe) in ...)
	NOT-FOR-US: LANDesk Management Suite
CVE-2007-1673 (unzoo.c, as used in multiple products including AMaViS 2.4.1 and ...)
	[sarge] - zoo <no-dsa> (Minor issue)
	[etch] - zoo <no-dsa> (Minor issue)
	- zoo 2.10-19 (bug #424686)
	- unzoo 4.4-7 (bug #424690)
	[sarge] - unzoo <no-dsa> (Minor issue)
	[etch] - unzoo <no-dsa> (Minor issue)
CVE-2007-1672 (avast! antivirus before 4.7.981 allows remote attackers to cause a ...)
	NOT-FOR-US: avast
CVE-2007-1671 (avpack32.dll before 7.3.0.6 in Avira AntiVir allows remote attackers ...)
	NOT-FOR-US: Avira
CVE-2007-1670 (Panda Software Antivirus before 20070402 allows remote attackers to ...)
	NOT-FOR-US: Panda
CVE-2007-1669 (zoo decoder 2.10 (zoo-2.10), as used in multiple products including ...)
	NOT-FOR-US: Barracuda
CVE-2007-1668
	RESERVED
CVE-2007-1666 (The processor_request function in the debugger server for DataRescue ...)
	NOT-FOR-US: IDA Pro
CVE-2007-1665 (Memory leak in the token OCR functionality in ekg before ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1664 (ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1663 (Memory leak in the image message functionality in ekg before ...)
	{DSA-1318-1}
	- ekg 1:1.7~rc2-2 (low)
	[sarge] - ekg <not-affected> (Vulnerable code not present)
CVE-2007-1662 (Perl-Compatible Regular Expression (PCRE) library before 7.3 reads ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1661 (Perl-Compatible Regular Expression (PCRE) library before 7.3 ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1660 (Perl-Compatible Regular Expression (PCRE) library before 7.0 does not ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- pcre3 7.3-1
	- kazehakase 0.5.2-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1659 (Perl-Compatible Regular Expression (PCRE) library before 7.3 allows ...)
	{DSA-1570-1 DSA-1399-1 DTSA-77-1}
	- kazehakase 0.5.2-1
	- pcre3 7.3-1
	- glib2.0 2.14.3-1 (unimportant)
	NOTE: glib only embeds pcre in the udeb, no attack vector
CVE-2007-1658 (Windows Mail in Microsoft Windows Vista might allow user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-1657 (Stack-based buffer overflow in the file_compress function in minigzip ...)
	- python2.5 <not-affected> (does not build minigzip.c)
CVE-2007-1656 (Multiple SQL injection vulnerabilities in index.php in Katalog Plyt ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1655 (Buffer overflow in the fun_ladd function in funmath.cpp in TinyMUX ...)
	{DSA-1317-1}
	- tinymux 2.4.3.31-1.1 (bug #417539)
CVE-2007-1654 (Buffer overflow in the Ne7sshSftp::addOpenHandle function in ...)
	NOT-FOR-US: ne7ssh
CVE-2007-1653 (GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: GlowWorm FW
CVE-2007-1652 (OpenID allows remote attackers to forcibly log a user into an OpenID ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1651 (Cross-site request forgery (CSRF) vulnerability in OpenID allows ...)
	NOT-FOR-US: MyOpenID.com
CVE-2007-1650 (pcapsipdump.cpp in pcapsipdump before 0.1.3 allows remote attackers to ...)
	NOT-FOR-US: pcapsipdump
CVE-2007-1649 (PHP 5.2.1 allows context-dependent attackers to read portions of heap ...)
	- php5 5.2.2-1
	[etch] - php5 <not-affected> (Only affects PHP 5.2.1)
CVE-2007-1648 (0irc 1345 build 20060823 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: 0irc
CVE-2007-1647 (Moodle 1.5.2 and earlier stores sensitive information under the web ...)
	- moodle 1.5.3-1 (low)
CVE-2007-1646 (Multiple cross-site scripting (XSS) vulnerabilities in SubHub 2.3.0 ...)
	NOT-FOR-US: SubHub
CVE-2007-1645 (Buffer overflow in FutureSoft TFTP Server 2000 on Microsoft Windows ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2007-1644 (The dynamic DNS update mechanism in the DNS Server service on ...)
	NOT-FOR-US: Microsoft DNS Server
CVE-2007-1643 (Multiple PHP remote file inclusion vulnerabilities in LAN Management ...)
	NOT-FOR-US: LAN Management System
CVE-2007-1642 (Unspecified vulnerability in ManageEngine Firewall Analyzer allows ...)
	NOT-FOR-US: ManageEngine Firewall Analyzer
CVE-2007-1641 (SQL injection vulnerability in index.php in PortailPHP 2.0 allows ...)
	NOT-FOR-US: PortailPHP
CVE-2007-1640 (Multiple PHP remote file inclusion vulnerabilities in ClassWeb 2.03 ...)
	NOT-FOR-US: ClassWeb
CVE-2007-1639 (Unrestricted file upload vulnerability in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1638 (Multiple cross-site request forgery (CSRF) vulnerabilities in the ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1637 (Multiple buffer overflows in the IMAILAPILib ActiveX control ...)
	NOT-FOR-US: IMAILAPILib ActiveX control
CVE-2007-1636 (Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 ...)
	NOT-FOR-US: RoseOnlineCMS
CVE-2007-1635 (Static code injection vulnerability in admin/settings.php in Net ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1634 (Variable extraction vulnerability in grab_globals.php in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2007-1633 (Directory traversal vulnerability in bbcode_ref.php in the Giorgio ...)
	NOT-FOR-US: Splatt Forum
CVE-2007-1632 (Unspecified vulnerability in TYPOlight webCMS before 2.2 Build 5 has ...)
	NOT-FOR-US: webCMS
CVE-2007-1631 (** DISPUTED ** ...)
	NOT-FOR-US: CLBOX
CVE-2007-1630 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Link Engine
CVE-2007-1629 (SQL injection vulnerability in default.asp in ActiveWebSoftwares ...)
	NOT-FOR-US: Active Photo Gallery
CVE-2007-1628 (Multiple PHP remote file inclusion vulnerabilities in Study planner ...)
	NOT-FOR-US: Study planner
CVE-2007-1627
	REJECTED
CVE-2007-1626 (PHP remote file inclusion vulnerability in iframe.php in the iFrame ...)
	NOT-FOR-US: iFrame Module for PHP-NUKE
CVE-2007-1625 (Cross-site scripting (XSS) vulnerability in save_entry.php in ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1624 (Multiple SQL injection vulnerabilities in realGuestbook 5.01 allow ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1623 (Multiple cross-site scripting (XSS) vulnerabilities in realGuestbook ...)
	NOT-FOR-US: realGuestbook
CVE-2007-1622 (Cross-site scripting (XSS) vulnerability in wp-admin/vars.php in ...)
	{DSA-1285-1}
	- wordpress 2.1.3-1 (medium)
CVE-2007-1621 (PHP remote file inclusion vulnerability in templates/head.php in ...)
	NOT-FOR-US: Active PHP Bookmark Notes
CVE-2007-1620 (Multiple PHP remote file inclusion vulnerabilities in PHP DB Designer ...)
	NOT-FOR-US: PHP DB Designer
CVE-2007-1619 (SQL injection vulnerability in viewcomments.php in ScriptMagix Photo ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1618 (SQL injection vulnerability in index.php in ScriptMagix FAQ Builder ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1617 (SQL injection vulnerability in index.php in ScriptMagix Recipes 2.0 ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1616 (SQL injection vulnerability in index.php in ScriptMagix Lyrics 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1615 (SQL injection vulnerability in index.php in ScriptMagix Jokes 2.0 and ...)
	NOT-FOR-US: ScriptMagix
CVE-2007-1614 (Stack-based buffer overflow in the zzip_open_shared_io function in ...)
	{DTSA-56-1}
	- zziplib 0.13.49-0 (bug #436701; low)
	[etch] - zziplib <no-dsa> (Minor issue)
	NOTE: http://www.securitylab.ru/forum/read.php?FID=21&TID=40858&MID=326187#message326187
	NOTE: If an attacker can supply arbitrary file names, we likely suffer from
	NOTE: an information disclosure issue anyway.
CVE-2007-1613 (Directory traversal vulnerability in view.php in MPM Chat 2.5 allows ...)
	NOT-FOR-US: MPM Chat
CVE-2007-1612 (SQL injection vulnerability in index.php in Katalog Plyt Audio 1.0 and ...)
	NOT-FOR-US: Plyt Audio
CVE-2007-1611 (Cross-site scripting (XSS) vulnerability in the RSS reader in a ...)
	NOT-FOR-US: IKANARI JIJYOU
CVE-2007-1610 (Cross-site scripting (XSS) vulnerability in the RSS reader in Glue ...)
	NOT-FOR-US: NewsGlue
CVE-2007-1609 (Cross-site scripting (XSS) vulnerability in servlet/Spy in Dynamic ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-1608 (CRLF injection vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2007-1607 (search.php in w-Agora (Web-Agora) allows remote attackers to obtain ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1606 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1605 (w-Agora (Web-Agora) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1604 (Multiple unrestricted file upload vulnerabilities in w-Agora ...)
	NOT-FOR-US: Web-Agora
CVE-2007-1603 (admin/contest.php in Weekly Drawing Contest 0.0.1 allows remote ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1602 (SQL injection vulnerability in check_vote.php in Weekly Drawing ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1601 (** DISPUTED ** ...)
	NOT-FOR-US: Weekly Drawing Contest
CVE-2007-1600 (PHP remote file inclusion vulnerability in module.php in Digital Eye ...)
	NOT-FOR-US: Digital Eye Gallery
CVE-2007-1599 (wp-login.php in WordPress allows remote attackers to redirect ...)
	{DSA-1601-1}
	- wordpress 2.2.2-1 (bug #437085; low)
CVE-2007-1598 (Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 ...)
	NOT-FOR-US: FileCOPA FTP
CVE-2007-1597 (Unclassified NewsBoard 1.6.3 stores sensitive information under the ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2007-1596 (Multiple PHP remote file inclusion vulnerabilities in the NFN Address ...)
	NOT-FOR-US: NFN Address Book
CVE-2007-1595 (The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk ...)
	- asterisk 1:1.4.0~dfsg-1 (low)
	[etch] - asterisk <not-affected> (Only affects 1.4.x)
	[sarge] - asterisk <not-affected> (Only affects 1.4.x)
CVE-2007-1593 (The administrative service in Symantec Veritas Volume Replicator (VVR) ...)
	NOT-FOR-US: Symantec
CVE-2007-1592 (net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1591 (VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus ...)
	NOT-FOR-US: Trend Micro
CVE-2006-7182 (PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 ...)
	NOT-FOR-US: MNews
CVE-2006-7181 (** DISPUTED ** ...)
	NOT-FOR-US: Morcego CMS
CVE-2006-7180 (ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7179 (ieee80211_input.c in MadWifi before 0.9.3 does not properly process ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7178 (MadWifi before 0.9.3 does not properly handle reception of an AUTH ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7177 (MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-7176 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
	- sendmail <not-affected> (Not a program flaw, a DNS error)
CVE-2006-7175 (The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update ...)
	- sendmail <not-affected> (Debian compiles with FFR_TLS correctly)
CVE-2005-4835 (The ath_rate_sample function in the ath_rate/sample/sample.c sample ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (low)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...)
	NOT-FOR-US: Elm, removed in 2002
CVE-2007-1590 (The Grandstream BudgeTone 200 IP phone, with program 1.1.1.14 and ...)
	NOT-FOR-US: Grandstream
CVE-2007-1589 (TrueCrypt before 4.3, when set-euid mode is used on Linux, allows ...)
	NOT-FOR-US: Truecrypt
CVE-2007-1588 (server.cpp in MyServer 0.8.5 calls Process::setuid before calling ...)
	NOT-FOR-US: MyServer
CVE-2007-1587 (templates/config/mail.tpl in Tim Soderstrom StatsDawg 0.92 allows ...)
	NOT-FOR-US: StatsDawg
CVE-2007-1586 (ZynOS 3.40 allows remote attackers to cause a denial of service (link ...)
	NOT-FOR-US: Zyxel
CVE-2007-1585 (The Linksys WAG200G with firmware 1.01.01, WRT54GC 2 with firmware ...)
	NOT-FOR-US: Cisco
CVE-2007-1584 (Buffer underflow in the header function in PHP 5.2.0 allows ...)
	NOTE: Dupe of CVE-2007-0907; Fixed in DSA-1264, php5 5.2.0-9, php4 6:4.4.4-9
CVE-2007-1583 (The mb_parse_str function in PHP 4.0.0 through 4.4.6 and 5.0.0 through ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 <removed> (medium)
CVE-2007-1582 (The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1581 (The resource system in PHP 5.0.0 through 5.2.1 allows ...)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1580 (FTPDMIN 0.96 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FTPDMIN
CVE-2007-1579 (Stack-based buffer overflow in Atrium MERCUR IMAPD allows remote ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1578 (Multiple integer signedness errors in the NTLM implementation in ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1577 (Directory traversal vulnerability in index.php in GeBlog 0.1 allows ...)
	NOT-FOR-US: GeBlog
CVE-2007-1576 (Multiple cross-site scripting (XSS) vulnerabilities in PHProjekt ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1575 (Multiple SQL injection vulnerabilities in PHProjekt 5.2.0, when ...)
	NOT-FOR-US: PHProjekt
CVE-2007-1574 (CARE2X 2.2, and possibly earlier, allows remote attackers to obtain ...)
	NOT-FOR-US: CARE2X
CVE-2007-1573 (SQL injection vulnerability in admincp/attachment.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2007-1572 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and ...)
	NOT-FOR-US: JGBBS
CVE-2007-1571 (PHP remote file inclusion vulnerability in includes/base.php in ...)
	NOT-FOR-US: Activist Mobilization Platform
CVE-2007-1570
	REJECTED
CVE-2007-1569 (Stack-based buffer overflow in NewsBin Pro 4.32 allows remote ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1568 (Stack-based buffer overflow in DaanSystems NewsReactor 20070220.21 ...)
	NOT-FOR-US: NewsReactor
CVE-2007-1567 (Stack-based buffer overflow in War FTP Daemon 1.65, and possibly ...)
	NOT-FOR-US: WarFTPd
CVE-2007-1566 (SQL injection vulnerability in News/page.asp in NetVIOS Portal allows ...)
	NOT-FOR-US: NetVIOS Portal
CVE-2007-1565 (Konqueror 3.5.5 allows remote attackers to cause a denial of service ...)
	- kdelibs <unfixed> (unimportant)
CVE-2007-1564 (The FTP protocol implementation in Konqueror 3.5.5 allows remote ...)
	- kdelibs 4:3.5.5a.dfsg.1-7
CVE-2007-1563 (The FTP protocol implementation in Opera 9.10 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2007-1562 (The FTP protocol implementation in Mozilla Firefox before 1.5.0.11 and ...)
	- iceweasel 2.0.0.3-1 (low)
CVE-2007-1560 (The clientProcessRequest() function in src/client_side.c in Squid 2.6 ...)
	- squid 2.6.5-6 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-1559 (Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in ...)
	NOT-FOR-US: Roxio
CVE-2007-1558 (The APOP protocol allows remote attackers to guess the first 3 ...)
	{DSA-1305-1 DSA-1300-1 DTSA-46-1 DTSA-47-1}
	NOTE: Affects various clients, but no practical security implications
	NOTE: MFSA2007-15
	- icedove 2.0.0.4-1
	- iceape 1.1.2-1
	- fetchmail 6.3.8-1 (unimportant)
	[etch] - fetchmail 6.3.6-1etch3
	- mailfilter 0.8.2-1 (unimportant)
	- mutt 1.5.18-6 (unimportant)
	NOTE: i couldn't pinpoint exact mutt fixed version, but lenny's version has the
	NOTE: patch and etch's version does not (http://dev.mutt.org/trac/ticket/2846)
	- balsa 2.3.17-1 (unimportant)
	- claws-mail 2.9.1-1 (unimportant)
CVE-2007-1557 (Format string vulnerability in F-Secure Anti-Virus Client Security ...)
	NOT-FOR-US: F-Secure
CVE-2007-1556 (SQL injection vulnerability in kommentare.php in Creative Files 1.2 ...)
	NOT-FOR-US: Creative Files
CVE-2007-1555 (SQL injection vulnerability in forum.php in the Minerva mod 2.0.21 ...)
	NOT-FOR-US: Minerva module of phpBB
CVE-2007-1554 (Direct static code injection vulnerability in admin/configuration.php ...)
	NOT-FOR-US: Guestbara
CVE-2007-1553 (admin/configuration.php in Guestbara 1.2 and earlier allows remote ...)
	NOT-FOR-US: Guestbara
CVE-2007-1552 (Unrestricted file upload vulnerability in usercp.php in MetaForum ...)
	NOT-FOR-US: MetaForum
CVE-2007-1551 (Multiple cross-site scripting (XSS) vulnerabilities in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1550 (Multiple SQL injection vulnerabilities in phpx 3.5.15 allow remote ...)
	NOT-FOR-US: phpx
CVE-2007-1549 (Unrestricted file upload vulnerability in gallery.php in phpx 3.5.15 ...)
	NOT-FOR-US: phpx
CVE-2007-1548 (SQL injection vulnerability in functions/functions_filters.asp in Web ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2007-1547 (The ReadRequestFromClient function in server/os/io.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1546 (Array index error in Network Audio System (NAS) before 1.8a SVN 237 ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1545 (The AddResource function in server/dia/resource.c in Network Audio ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1544 (Integer overflow in the ProcAuWriteElement function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (low; bug #416038)
CVE-2007-1543 (Stack-based buffer overflow in the accept_att_local function in ...)
	{DSA-1273-1}
	- nas 1.8-4 (medium; bug #416038)
CVE-2007-1542 (Unspecified vulnerability in the Cisco IP Phone 7940 and 7960 running ...)
	NOT-FOR-US: Cisco
CVE-2007-1541 (Directory traversal vulnerability in am.pl in SQL-Ledger 2.6.27 only ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1540 (Directory traversal vulnerability in am.pl in (1) SQL-Ledger 2.6.27 ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1539 (Directory traversal vulnerability in inc/map.func.php in pragmaMX ...)
	NOT-FOR-US: pragmaMX Landkarten
CVE-2007-1538 (** DISPUTED ** ...)
	NOT-FOR-US: McAfee
CVE-2007-1537 (\Device\NdisTapi (NDISTAPI.sys) in Microsoft Windows XP SP2 and 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2007-1536 (Integer underflow in the file_printf function in the &quot;file&quot; program ...)
	{DSA-1274-1}
	- file 4.20-1 (bug #415362; high)
	NOTE: Has got lots of reverse dependencies.
	NOTE: Some of them process remotely supplied untrusted input.
CVE-2007-1535 (Microsoft Windows Vista establishes a Teredo address without user ...)
	NOT-FOR-US: Microsoft
CVE-2007-1534 (DFSR.exe in Windows Meeting Space in Microsoft Windows Vista remains ...)
	NOT-FOR-US: Microsoft
CVE-2007-1533 (The Teredo implementation in Microsoft Windows Vista uses the same ...)
	NOT-FOR-US: Microsoft
CVE-2007-1532 (The neighbor discovery implementation in Microsoft Windows Vista ...)
	NOT-FOR-US: Microsoft
CVE-2007-1531 (Microsoft Windows XP and Vista overwrites ARP table entries included ...)
	NOT-FOR-US: Microsoft
CVE-2007-1530 (The LLTD Mapper in Microsoft Windows Vista does not properly gather ...)
	NOT-FOR-US: Microsoft
CVE-2007-1529 (The LLTD Responder in Microsoft Windows Vista does not send the Mapper ...)
	NOT-FOR-US: Microsoft
CVE-2007-1528 (The LLTD Mapper in Microsoft Windows Vista allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-1527 (The LLTD Mapper in Microsoft Windows Vista does not verify that an IP ...)
	NOT-FOR-US: Microsoft
CVE-2007-1526 (Sun Java System Web Server 6.1 before 20070314 allows remote ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1525 (Direct static code injection vulnerability in postpost.php in Dayfox ...)
	NOT-FOR-US: Dayfox Blog
CVE-2007-1524 (Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 ...)
	NOT-FOR-US: ZomPlog
CVE-2007-1523 (Heap-based buffer overflow in the kernel in NetBSD 3.0, certain ...)
	NOT-FOR-US: NetBSD
CVE-2007-1522 (Double free vulnerability in the session extension in PHP 5.2.0 and ...)
	{DSA-1283-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1521 (Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php5 5.2.0-11 (medium)
	- php4 6:4.4.6-2 (medium)
CVE-2007-1520 (The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1519 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1518 (SQL injection vulnerability in usergroups.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1517 (SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 ...)
	NOT-FOR-US: WSN Guest
CVE-2006-7174 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Dimension module of phpBB
CVE-2006-7173 (Direct static code injection vulnerability in admin.php in PHP-Stats ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-7172 (Multiple SQL injection vulnerabilities in php-stats.recphp.php in ...)
	NOT-FOR-US: PHP-Stats
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
	NOT-FOR-US: MERCUR IMAPD
CVE-2007-1561 (The channel driver in Asterisk before 1.2.17 and 1.4.x before 1.4.2 ...)
	{DSA-1358-1}
	- asterisk 1:1.4.2~dfsg-5 (bug #415466; medium)
	NOTE: http://voipsa.org/pipermail/voipsec_voipsa.org/2007-March/002275.html
CVE-2007-1594 (The handle_response function in chan_sip.c in Asterisk before 1.2.17 ...)
	NOTE: Duplicate of CVE-2007-2297
CVE-2007-1516 (PHP remote file inclusion vulnerability in functions/update.php in ...)
	NOT-FOR-US: CcMail
CVE-2007-1515 (Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 ...)
	- imp4 4.1.3-4 (medium; bug #415117)
CVE-2007-1514 (PHP remote file inclusion vulnerability in index.php in ViperWeb ...)
	NOT-FOR-US: ViperWeb Portal
CVE-2007-1513 (PHP remote file inclusion vulnerability in comanda.php in GraFX ...)
	NOT-FOR-US: WebSite Builder
CVE-2007-1512 (Stack-based buffer overflow in the AfxOleSetEditMenu function in the ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1511 (Buffer overflow in FrontBase Relational Database Server 4.2.7 and ...)
	NOT-FOR-US: FrontBase Relational Database Server
CVE-2007-1510 (SQL injection vulnerability in post.php in Particle Blogger 1.0.0 ...)
	NOT-FOR-US: Particle Blogger
CVE-2007-1509 (Directory traversal vulnerability in enkrypt.php in Sascha Schroeder ...)
	NOT-FOR-US: krypt
CVE-2007-1508 (Cross-site scripting (XSS) vulnerability in CMD_USER_STATS in ...)
	NOT-FOR-US: DirectAdmin
CVE-2007-1507 (The default configuration in OpenAFS 1.4.x before 1.4.4 and 1.5.x ...)
	{DSA-1271-1}
	- openafs 1.4.2-6 (medium)
CVE-2007-1506 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Oracle Portal
CVE-2007-1505 (Fujitsu FENCE-Pro before V5L01, and Systemwalker Desktop Encryption ...)
	NOT-FOR-US: Fujistu FENCE-Pro
CVE-2007-1504 (Cross-site scripting (XSS) vulnerability in the Servlet Service in ...)
	NOT-FOR-US: Fujitsu Interstage Application Server
CVE-2007-1503 (Multiple format string vulnerabilities in comm.c in Rhapsody IRC 0.28b ...)
	- rhapsody <removed> (medium)
CVE-2007-1502 (Multiple buffer overflows in Rhapsody IRC 0.28b allow remote attackers ...)
	- rhapsody <removed> (medium)
CVE-2007-1501 (Stack-based buffer overflow in Avant Browser 11.0 build 26 allows ...)
	NOT-FOR-US: Avant Browse
CVE-2007-1500 (The Linux Security Auditing Tool (LSAT) allows local users to ...)
	NOT-FOR-US: Linux Security Auditing Tool
CVE-2007-1499 (Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-1498 (Multiple stack-based buffer overflows in the SiteManager.SiteMgr.1 ...)
	NOT-FOR-US: SiteManager.SiteMgr.1 ActiveX control
CVE-2007-1497 (nf_conntrack in netfilter in the Linux kernel before 2.6.20.3 does not ...)
	{DSA-1289-1}
	- linux-2.6 2.6.20-1 (medium)
CVE-2007-1496 (nfnetlink_log in netfilter in the Linux kernel before 2.6.20.3 allows ...)
	{DSA-1289-1}
	- linux-2.6 2.6.21-1 (medium)
CVE-2007-1495 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1494 (Cross-site scripting (XSS) vulnerability in NukeSentinel before 2.5.06 ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1493 (nukesentinel.php in NukeSentinel 2.5.06 and earlier uses a permissive ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1492 (winmm.dll in Microsoft Windows XP allows user-assisted remote ...)
	NOT-FOR-US: Microsoft Windows XP
CVE-2007-1491 (Apache Tomcat in Avaya S87XX, S8500, and S8300 before CM 3.1.3, and ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1490 (Unspecified maintenance web pages in Avaya S87XX, S8500, and S8300 ...)
	NOT-FOR-US: Avaya S87XX
CVE-2007-1489 (Unspecified vulnerability in web-app.org Web Automated Perl Portal ...)
	NOT-FOR-US: WebAPP
CVE-2007-1488 (Unspecified vulnerability in Sun Java System Web Server 6.0 and 6.1 ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2007-1487 (Directory traversal vulnerability in index.php in Sascha Schroeder ...)
	NOT-FOR-US: CyberTeddy WebLog
CVE-2007-1486 (PHP remote file inclusion vulnerability in template.class.php in ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2007-1485 (** DISPUTED ** ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1484 (The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x ...)
	- php4 <removed> (unimportant)
	- php5 5.2.2-1 (unimportant)
	NOTE: local malicious scripts only
CVE-2007-1483 (Multiple PHP remote file inclusion vulnerabilities in WebCalendar ...)
	- webcalendar 1.0.5-1 (high)
	[sarge] - webcalendar 0.9.45-4sarge7
	NOTE: This was fixed in Sarge as a side-effect of an earlier fix, marking current
	NOTE: Sarge version as fixed version
CVE-2007-1482 (Cross-site scripting (XSS) vulnerability in index.php in WBBlog allows ...)
	NOT-FOR-US: WBBlog
CVE-2007-1481 (SQL injection vulnerability in index.php in WBBlog allows remote ...)
	NOT-FOR-US: WBBlog
CVE-2007-1480 (Creative Guestbook 1.0 allows remote attackers to add an ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1479 (Cross-site scripting (XSS) vulnerability in Guestbook.php in Creative ...)
	NOT-FOR-US: Creative Guestbook
CVE-2007-1478 (download.php in McGallery 0.5b allows remote attackers to read ...)
	NOT-FOR-US: McGallery
CVE-2007-1477 (** DISPUTED ** ...)
	NOT-FOR-US: Point Of Sale for osCommerce
CVE-2007-1476 (The SymTDI device driver (SYMTDI.SYS) in Symantec Norton Personal ...)
	NOT-FOR-US: Symantec Norton Personal Firewall
CVE-2007-1475 (Multiple buffer overflows in the (1) ibase_connect and (2) ...)
	- php4 <removed> (unimportant)
	NOTE: Can only be triggered by malicious script
CVE-2007-1474 (Argument injection vulnerability in the cleanup cron script in Horde ...)
	{DSA-1406-1}
	- horde3 3.1.3-4 (medium)
CVE-2007-1473 (Cross-site scripting (XSS) vulnerability in framework/NLS/NLS.php in ...)
	{DSA-1406-1}
	- horde3 3.1.4-1 (low; bug #434045)
CVE-2007-1472 (Variable overwrite vulnerability in groupit/base/groupit.start.inc in ...)
	NOT-FOR-US: Groupit
CVE-2007-1471 (admin/default.asp in Orion-Blog 2.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Orion-Blog
CVE-2007-1470 (Multiple buffer overflows in LIBFtp 5.0 allow user-assisted remote ...)
	NOT-FOR-US: LIBFtp
CVE-2007-1469 (SQL injection vulnerability in gallery.asp in Absolute Image Gallery ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2007-1468 (Cross-site scripting (XSS) vulnerability in IBM Rational ClearQuest ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2007-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Cisco
CVE-2007-1466 (Integer overflow in the WP6GeneralTextPacket::_readContents function ...)
	- libwpd 0.8.9-1 (medium)
	[etch] - libwpd 0.8.7-6
CVE-2007-1465 (Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 ...)
	NOT-FOR-US: dproxy
CVE-2007-1464 (Format string vulnerability in the whiteboard Jabber protocol in ...)
	- inkscape 0.45.1-1 (medium)
	[etch] - inkscape <not-affected> (Versions prior to 0.45 used loudmouth, which isn't affected)
CVE-2007-1463 (Format string vulnerability in Inkscape before 0.45.1 allows ...)
	- inkscape 0.45.1-1 (low)
	[etch] - inkscape <no-dsa> (Minor issue)
	[sarge] - inkscape <no-dsa> (Minor issue)
	NOTE: shell code would be prominently inside the file names
CVE-2007-1462 (The luci server component in conga preserves the password between page ...)
	NOT-FOR-US: conga
CVE-2007-1461 (The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1460 (The zip:// URL wrapper provided by the PECL zip extension in PHP ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Safemode and open_basedir bypasses not supported
CVE-2007-1459 (Multiple PHP remote file inclusion vulnerabilities in WebCreator ...)
	NOT-FOR-US: WebCreator
CVE-2007-1458 (Multiple PHP remote file inclusion vulnerabilities in CARE2X 1.1 allow ...)
	NOT-FOR-US: CARE2X
CVE-2007-1457 (Buffer overflow in the urarlib_get function in Christian Scheurer ...)
	NOT-FOR-US: UniquE RAR File Library
CVE-2007-1456 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Photo Album
CVE-2007-1455 (Multiple absolute path traversal vulnerabilities in Fantastico, as ...)
	NOT-FOR-US: Fantastico
CVE-2007-1454 (ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1453 (Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (medium)
CVE-2007-1452 (The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement ...)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1451 (GuppY 4.0 allows remote attackers to delete arbitrary files via a ...)
	NOT-FOR-US: GuppY
CVE-2007-1450 (SQL injection vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1449 (Directory traversal vulnerability in mainfile.php in PHP-Nuke 8.0 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1448 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1447 (The Tape Engine in CA (formerly Computer Associates) BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2007-1446 (Multiple PHP remote file inclusion vulnerabilities in Open Education ...)
	NOT-FOR-US: Open Education System
CVE-2007-1445 (SQL injection vulnerability in the heme preview feature for ...)
	NOT-FOR-US: BP Blog
CVE-2007-1444 (netserver in netperf 2.4.3 allows local users to overwrite arbitrary ...)
	- netperf 2.4.3-8 (bug #413658; medium)
	[sarge] - netperf <no-dsa> (Non-free not supported)
	[etch] - netperf <no-dsa> (Non-free not supported)
CVE-2007-1443 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-1442 (Oracle Database 10g uses a NULL pDacl parameter when calling the ...)
	NOT-FOR-US: Oracle Database
CVE-2007-1441 (The 4thPass browser (BlackBerry Browser) on the RIM BlackBerry 8100 ...)
	NOT-FOR-US: BlackBerry 8100
CVE-2007-1440 (SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 allows ...)
	NOT-FOR-US: JGBBS
CVE-2007-1439 (PHP remote file inclusion vulnerability in ressourcen/dbopen.php in ...)
	NOT-FOR-US: MySQL Commander
CVE-2007-1438 (SQL injection vulnerability in devami.asp in X-Ice News System 1.0 ...)
	NOT-FOR-US: X-Ice News System
CVE-2006-7171 (product_review.php in Koan Software Mega Mall allows remote attackers ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7170 (Multiple SQL injection vulnerabilities in Koan Software Mega Mall ...)
	NOT-FOR-US: Mega Mall
CVE-2006-7169 (PHP remote file inclusion vulnerability in includes/header_simple.php ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-7168 (PHP remote file inclusion vulnerability in includes/not_mem.php in the ...)
	NOT-FOR-US: phpBB module Add Name
CVE-2006-7167 (Unspecified vulnerability in ProRat Server 1.9 Fix2 allows remote ...)
	NOT-FOR-US: ProRat Server
CVE-2006-7166 (IBM WebSphere Application Server (WAS) 5.1.1.9 and earlier allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7165 (IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-7164 (SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4834 (IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2005-4833 (IBM WebSphere Application Server (WAS) 6.0 before 20050201, when ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
	NOT-FOR-US: Avant Browser
CVE-2007-1437 (Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1436 (Unspecified vulnerability in admin.pl in SQL-Ledger before 2.6.26 and ...)
	- sql-ledger 2.8.14-1 (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1435 (Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: D-Link TFTP Server
CVE-2007-1434 (SQL injection vulnerability in Grayscale Blog 0.8.0, and possibly ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1433 (Cross-site scripting (XSS) vulnerability in Grayscale Blog 0.8.0, and ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1432 (Grayscale Blog 0.8.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Grayscale Blog
CVE-2007-1431 (Multiple unspecified vulnerabilities in PennMUSH 1.8.3 before 1.8.3p1 ...)
	- pennmush 1.8.2p7-1 (low; bug #436249)
	[sarge] - pennmush <no-dsa> (Minor issue)
	[etch] - pennmush <no-dsa> (Minor issue)
CVE-2007-1430 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ClipShare
CVE-2007-1429 (Multiple PHP remote file inclusion vulnerabilities in Moodle 1.7.1 ...)
	- moodle <not-affected>
	NOTE: Security problem with the Windows version
	NOTE: Debian Maintainer and Upstream state that debian is not affected
	NOTE: and the problem is not reproducible there
CVE-2007-1428 (SQL injection vulnerability in search.php in PHP Labs JobSitePro 1.0 ...)
	NOT-FOR-US: JobSitePro
CVE-2007-1427 (Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a ...)
	NOT-FOR-US: AssetMan
CVE-2007-1426 (The web interface in AstroCam 2.0.0 through 2.6.5 allows remote ...)
	NOT-FOR-US: AstroCam
CVE-2007-1425 (SQL injection vulnerability in index.php in Triexa SonicMailer Pro ...)
	NOT-FOR-US: SonicMailer Pro
CVE-2007-1424 (Multiple PHP remote file inclusion vulnerabilities in Softnews Media ...)
	NOT-FOR-US: DataLife Engine
CVE-2007-1423 (Multiple PHP remote file inclusion vulnerabilities in WORK system ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2007-1422 (SQL injection vulnerability in goster.asp in fystyq Duyuru Scripti ...)
	NOT-FOR-US: Duyuru Scripti
CVE-2007-1421 (Multiple PHP remote file inclusion vulnerabilities in Premod SubDog 2 ...)
	NOT-FOR-US: SubDog
CVE-2007-1420 (MySQL 5.x before 5.0.36 allows local users to cause a denial of ...)
	- mysql-dfsg-5.0 5.0.32-8 (bug #414790)
	[etch] - mysql-dfsg-5.0 5.0.32-7etch1
CVE-2007-1419 (The Java Management Extensions Remote API Remote Method Invocation ...)
	NOT-FOR-US: JMX RMI-IIOP
CVE-2007-1418 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: DekiWiki
CVE-2007-1417 (SQL injection vulnerability in index.php in HC NEWSSYSTEM 1.0-4 allows ...)
	NOT-FOR-US: NEWSSYSTEM
CVE-2007-1416 (PHP remote file inclusion vulnerability in createurl.php in JCcorp ...)
	NOT-FOR-US: URLshrink
CVE-2007-1415 (Multiple PHP remote file inclusion vulnerabilities in PMB Services ...)
	NOT-FOR-US: PMB Services
CVE-2007-1414 (Multiple PHP remote file inclusion vulnerabilities in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1413 (Buffer overflow in the snmpget function in the snmp extension in PHP ...)
	- php4 <removed> (unimportant)
	- php5 <removed> (unimportant)
	NOTE: Only triggerable by malicious script
CVE-2007-1412 (The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 ...)
	- php4 <not-affected> (cpdf extension not enabled in binary build)
	- php5 <not-affected> (cpdf extension not enabled in binary build)
CVE-2007-1411 (Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 ...)
	- php4 <not-affected> (no mssql extension in Debian)
	- php5 <not-affected> (no mssql extension in Debian)
CVE-2007-1410 (SQL injection vulnerability in kategori.asp in GaziYapBoz Game Portal ...)
	NOT-FOR-US: GaziYapBoz Game Portal
CVE-2007-1409 (WordPress allows remote attackers to obtain sensitive information via ...)
	- wordpress <not-affected> (Path disclosure)
CVE-2007-1408 (Multiple vulnerabilities in (1) bank.php, (2) landfill.php, (3) ...)
	NOT-FOR-US: Vallheru
CVE-2007-1407 (Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has ...)
	NOT-FOR-US: Quick.Cart
CVE-2007-1406 (Trac before 0.10.3.1 does not send a Content-Disposition HTTP header ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1405 (Cross-site scripting (XSS) vulnerability in the &quot;download wiki page as ...)
	[etch] - trac 0.10.3-1etch1
	- trac 0.10.4-1 (bug #414134; bug #420219)
	NOTE: Browser bug, only exploitable on IE, still fixed in a point release
CVE-2007-1404 (tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 allows remote ...)
	NOT-FOR-US: ProSysInfo TFTP Server
CVE-2007-1403 (Multiple stack-based buffer overflows in an ActiveX control in ...)
	NOT-FOR-US: ActiveX control
CVE-2007-1402 (The Rediff Toolbar 2.0 ActiveX control in redifftoolbar.dll allows ...)
	NOT-FOR-US: Rediff Toolbar ActiveX control
CVE-2007-1401 (Buffer overflow in the crack extension (CrackLib), as bundled with PHP ...)
	NOT-FOR-US: php doesn't ship with cracklib activated in debian.
CVE-2007-1400 (Plash permits sandboxed processes to open /dev/tty, which allows local ...)
	NOT-FOR-US: Plash
CVE-2007-1399 (Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP ...)
	{DSA-1330-1}
	- php5 5.2.2-1 (medium)
CVE-2007-1398 (The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when ...)
	- snort <not-affected> (Vulnerable code not present)
CVE-2007-1397 (Multiple stack-based buffer overflows in the (1) ExtractRnick and (2) ...)
	NOT-FOR-US: FiSH IRC Encryption
CVE-2007-1396 (The import_request_variables function in PHP 4.0.7 through 4.4.6, and ...)
	- php5 5.2.2-1 (unimportant)
	NOTE: Non-issue
CVE-2007-1395 (Incomplete blacklist vulnerability in index.php in phpMyAdmin 2.8.0 ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1394 (Direct static code injection vulnerability in startsession.php in Flat ...)
	NOT-FOR-US: Flat Chat
CVE-2007-1393 (PHP remote file inclusion vulnerability in mysave.php in Magic CMS ...)
	NOT-FOR-US: Magic CMS
CVE-2007-1392 (Directory traversal vulnerability in down.php in netForo! 0.1g allows ...)
	NOT-FOR-US: netForo!
CVE-2007-1391 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBO
CVE-2007-1390 (Multiple cross-site scripting (XSS) vulnerabilities in dynaliens 2.0 ...)
	NOT-FOR-US: dynalias
CVE-2007-1389 (dynaliens 2.0 and 2.1 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: dynalias
CVE-2007-1388 (The do_ipv6_setsockopt function in net/ipv6/ipv6_sockglue.c in Linux ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-1387 (The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; low)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; low)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
CVE-2007-1386
	RESERVED
CVE-2007-1385 (chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1384 (Directory traversal vulnerability in torrent.cpp in KTorrent before ...)
	- ktorrent 2.0.3+dfsg1-2.1 (bug #414832; medium)
CVE-2007-1383 (Integer overflow in the 16 bit variable reference counter in PHP 4 ...)
	- php4 <removed> (unimportant)
	NOTE: Only triggerable by malicious PHP scripts, PHP5 not "affected"
CVE-2007-1382 (The PHP COM extensions for PHP on Windows systems allow ...)
	NOT-FOR-US: Windows PHP COM extensions
CVE-2007-1381 (The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and ...)
	- php5 <not-affected> (Affected only a php5 CVS version, not a release)
CVE-2007-1380 (The php_binary serialization handler in the session extension in PHP ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1379 (The ovrimos_close function in the Ovrimos extension for PHP before ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1378 (The ovrimos_longreadlen function in the Ovrimos extension for PHP ...)
	- php4 <not-affected> (Ovrimus support not included in Debian's PHP packages)
CVE-2007-1377 (AcroPDF.DLL in Adobe Reader 8.0, when accessed from Mozilla Firefox, ...)
	NOT-FOR-US: Adobe Reader
CVE-2007-1376 (The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x ...)
	{DSA-1283-1 DTSA-39-1}
	- php4 <removed>
	- php5 5.2.0-11
	NOTE: Only triggerable by malicious script
CVE-2007-1375 (Integer overflow in the substr_compare function in PHP 5.2.1 and ...)
	{DSA-1283-1 DTSA-39-1}
	- php5 5.2.0-11 (low)
	NOTE: Should be fixed, could be used as a stepstone for further attacks
CVE-2007-1374 (Cross-site scripting (XSS) vulnerability in pop_profile.asp in Snitz ...)
	NOT-FOR-US: Snitz Forums
CVE-2007-1373 (Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2007-1372 (PHP remote file inclusion vulnerability in styles/internal/header.php ...)
	NOT-FOR-US: PostGuestbook
CVE-2007-1371 (Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local ...)
	- conquest 8.2b-1 (low)
	[sarge] - conquest <no-dsa> (Minor issue)
	[etch] - conquest <no-dsa> (Minor issue)
CVE-2007-1370 (Zend Platform 2.2.3 and earlier has incorrect ownership for scd.sh and ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1369 (ini_modifier (sgid-zendtech) in Zend Platform 2.2.3 and earlier allows ...)
	NOT-FOR-US: Zend Platform
CVE-2007-1368 (The Project issue tracking module before 4.7.x-1.3, 4.7.x-2.* before ...)
	NOT-FOR-US: Drupal module Project
CVE-2007-1367 (Cross-site scripting (XSS) vulnerability in the login page in Avaya ...)
	NOT-FOR-US: Avaya Communications Manager
CVE-2007-1366 (QEMU 0.8.2 allows local users to crash a virtual machine via the ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1365 (Buffer overflow in kern/uipc_mbuf2.c in OpenBSD 3.9 and 4.0 allows ...)
	NOT-FOR-US: OpenBSD Kernel
CVE-2007-1364 (DropAFew before 0.2.1 does not require authorization for certain ...)
	NOT-FOR-US: DropAFew
CVE-2007-1363 (Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow ...)
	NOT-FOR-US: DropAFew
CVE-2007-1362 (Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	NOTE: MFSA2007-14
	- iceape 1.1.2-1 (low)
	- iceweasel 2.0.0.4-1 (low)
	- xulrunner 1.8.1.4-1 (low)
CVE-2007-1361 (Cross-site scripting (XSS) vulnerability in virtuemart_parser.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1360 (Unspecified vulnerability in the Nodefamily module for Drupal 5.x ...)
	NOT-FOR-US: Drupal module Nodefamily
CVE-2007-1359 (Interpretation conflict in ModSecurity (mod_security) 2.1.0 and ...)
	- libapache-mod-security 2.1.2-1
CVE-2007-1358 (Cross-site scripting (XSS) vulnerability in certain applications using ...)
	- tomcat4 <removed> (low)
	[sarge] - tomcat4 <no-dsa> (Contrib not supported)
CVE-2007-1357 (The atalk_sum_skb function in AppleTalk for Linux kernel 2.6.x before ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-1356
	REJECTED
CVE-2007-1355 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	- tomcat4 <removed> (unimportant)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.25-1 (unimportant)
	NOTE: Just an example application for documentation purposes
CVE-2007-1354 (The Access Control functionality (JMXOpsAccessControlFilter) in JMX ...)
	NOT-FOR-US: JBoss Application Server
CVE-2007-1353 (The setsockopt function in the L2CAP and HCI Bluetooth support in the ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1 DSA-1356-1}
	- linux-2.6 2.6.22-1 (low)
CVE-2007-1352 (Integer overflow in the FontFileInitTable function in X.Org libXfont ...)
	{DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
CVE-2007-1351 (Integer overflow in the bdfReadCharacters function in bdfread.c in (1) ...)
	{DSA-1454-1 DSA-1294-1}
	- libxfont 1:1.2.2-2 (medium)
	- freetype 2.3.5-1 (medium; bug #426771)
CVE-2007-1350 (Stack-based buffer overflow in webadmin.exe in Novell NetMail 3.5.2 ...)
	NOT-FOR-US: Novell NetMail
CVE-2007-1349 (PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in ...)
	- apache <removed> (low)
	- libapache2-mod-perl2 2.0.2-5 (low; bug #433549)
	[etch] - libapache2-mod-perl2 <no-dsa> (Minor issue)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2007-1348
	REJECTED
CVE-2007-1347 (Microsoft Windows Explorer on Windows 2000 SP4 FR and XP SP2 FR, and ...)
	NOT-FOR-US: Microsoft Windows Explorer
CVE-2007-1346 (Unspecified vulnerability in ipmitool for Sun Fire X2100M2 and X2200M2 ...)
	NOT-FOR-US: Sun Fire Server
CVE-2007-1345 (Unspecified vulnerability in cube.exe in the GINA component for CA ...)
	NOT-FOR-US: CA eTrust Admin
CVE-2007-1344 (Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 ...)
	NOT-FOR-US: Ezstream
CVE-2007-1343 (includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does ...)
	{DSA-1267-1}
	- webcalendar 1.0.5-1 (high)
CVE-2007-1342 (Cross-site scripting (XSS) vulnerability in admincp/index.php in ...)
	NOT-FOR-US: vBulletin
CVE-2007-1341 (include/auth/auth.php in Simple Invoices before 2007 03 05 does not ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-1340 (PHP remote file inclusion vulnerability in eintrag.php in Weltennetz ...)
	NOT-FOR-US: News-Letterman
CVE-2007-1339 (SQL injection vulnerability in index.php in Links Management ...)
	NOT-FOR-US: Links Management Application
CVE-2007-1338 (The default configuration of the AirPort utility in Apple AirPort ...)
	NOT-FOR-US: Apple AirPort Extreme
CVE-2007-1337 (The virtual machine process (VMX) in VMware Workstation before 5.5.4 ...)
	NOT-FOR-US: VMware
CVE-2007-1336
	RESERVED
CVE-2007-1335
	RESERVED
CVE-2007-1334
	RESERVED
CVE-2007-1333
	RESERVED
CVE-2007-1332 (Multiple cross-site request forgery (CSRF) vulnerabilities in TKS ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1331 (Multiple cross-site scripting (XSS) vulnerabilities in TKS Banking ...)
	NOT-FOR-US: TKS Banking Solutions ePortfolio
CVE-2007-1330 (Comodo Firewall Pro (CFP) (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1329 (Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before ...)
	- sql-ledger <unfixed> (unimportant; bug #409703)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
CVE-2007-1328 (Cross-site scripting (XSS) vulnerability in formulaire.php in Bernard ...)
	NOT-FOR-US: JOLY BJ Webring
CVE-2007-1327 (The SILC_SERVER_CMD_FUNC function in apps/silcd/command.c in ...)
	NOT-FOR-US: silc daemon
CVE-2007-1326 (SQL injection vulnerability in index.php in Serendipity 1.1.1 allows ...)
	- serendipity <removed> (unimportant)
	NOTE: http://blog.s9y.org/archives/164-Serendipity-1.1.2-released.html
CVE-2007-1325 (The PMA_ArrayWalkRecursive function in libraries/common.lib.php in ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.10.0.2-1
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-1324 (SnapGear 560, 585, 580, 640, 710, and 720 appliances before the ...)
	NOT-FOR-US: SnapGear
CVE-2007-1323
	REJECTED
CVE-2007-1322 (QEMU 0.8.2 allows local users to halt a virtual machine by executing ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1321 (Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used ...)
	{DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
CVE-2007-1320 (Multiple heap-based buffer overflows in the cirrus_invalidate_region ...)
	{DSA-1384-1 DSA-1284-1 DTSA-38-1 DTSA-133-1}
	- qemu 0.9.0-2 (bug #424070)
	- kvm 66+dfsg-1.1
	- xen-3 3.1.0-2 (bug #444007; medium)
	- xen-3.0 <removed>
CVE-2007-1319 (Unspecified vulnerability in the IOPCServer::RemoveGroup function in ...)
	NOT-FOR-US: DeviceXPlorer OLE
CVE-2007-1318
	RESERVED
CVE-2007-1317
	RESERVED
CVE-2007-1316
	RESERVED
CVE-2007-1315
	RESERVED
CVE-2007-1314
	RESERVED
CVE-2007-1313 (NETxAutomation NETxEIB OPC Server before 3.0.1300 does not properly ...)
	NOT-FOR-US: NETxAutomation NETxEIB OPC Server
CVE-2007-1312
	RESERVED
CVE-2007-1311
	RESERVED
CVE-2007-1310
	RESERVED
CVE-2007-1309 (Novell Access Management 3 SSLVPN Server allows remote authenticated ...)
	NOT-FOR-US: Novell Access Management
CVE-2007-1308 (ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE ...)
	- kdelibs <unfixed> (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2007-1307 (Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before ...)
	NOT-FOR-US: Microsoft Windows Driver for Intel PRO/1000 LAN
CVE-2007-1306 (Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote ...)
	{DSA-1358-1}
	- asterisk 1:1.2.16~dfsg-1 (medium)
CVE-2007-1305 (Multiple cross-site scripting (XSS) vulnerabilities in add2.php in ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1304 (Multiple SQL injection vulnerabilities in add2.php in Sava's Guestbook ...)
	NOT-FOR-US: Sava's Guestbook
CVE-2007-1303 (Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and ...)
	NOT-FOR-US: RRDBrowse
CVE-2007-1302 (SQL injection vulnerability in guestbook.php in LI-Guestbook 1.1, when ...)
	NOT-FOR-US: LI-Guestbook
CVE-2007-1301 (Stack-based buffer overflow in the IMAP service in MailEnable ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2007-1300 (DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier ...)
	NOT-FOR-US: ISPUtil
CVE-2007-1299 (PHP remote file inclusion vulnerability in index.php in Mani Stats ...)
	NOT-FOR-US: Mani Stats Reader
CVE-2007-1298 (SQL injection vulnerability in subcat.php in AJ Auction 1.0 allows ...)
	NOT-FOR-US: AJ Auction
CVE-2007-1297 (SQL injection vulnerability in view_profile.php in AJDating 1.0 allows ...)
	NOT-FOR-US: AJ Dating
CVE-2007-1296 (SQL injection vulnerability in postingdetails.php in AJ Classifieds ...)
	NOT-FOR-US: AJ Classifieds
CVE-2007-1295 (SQL injection vulnerability in topic_title.php in AJ Forum 1.0 allows ...)
	NOT-FOR-US: AJ Forum
CVE-2007-1294 (A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in ...)
	NOT-FOR-US: DivXBrowserPlugin ActiveX control
CVE-2007-1293 (SQL injection vulnerability in Rigter Portal System (RPS) 6.2, when ...)
	NOT-FOR-US: Rigter Portal System
CVE-2007-1292 (SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2007-1291 (Multiple cross-site scripting (XSS) vulnerabilities in Tyger Bug ...)
	NOT-FOR-US: TygerBT
CVE-2007-1290 (SQL injection vulnerability in ViewReport.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1289 (SQL injection vulnerability in ViewBugs.php in Tyger Bug Tracking ...)
	NOT-FOR-US: TygerBT
CVE-2007-1288 (Multiple PHP remote file inclusion vulnerabilities in Webmobo WB News ...)
	NOT-FOR-US: WB News
CVE-2006-7163 (DreameeSoft Password Master 1.0 stores the database in an unencrypted ...)
	NOT-FOR-US: DreameeSoft Password Master
CVE-2006-7162 (PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files ...)
	- putty 0.59-1 (bug #400804; unimportant)
	NOTE: Unsafe default, but not a vulnerability
	NOTE: Sensitive operations like key generation should only be done in private home
CVE-2006-7161 (SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows ...)
	NOT-FOR-US: Hazir Site
CVE-2006-7160 (The Sandbox.sys driver in Outpost Firewall PRO 4.0, and possibly ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-7159 (Directory traversal vulnerability in include/prune_torrents.php in ...)
	NOT-FOR-US: BTI-Tracker
CVE-2006-7158 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle Application Express
CVE-2006-7157 (Buffer overflow in Google Earth v4.0.2091 (beta) allows remote ...)
	NOT-FOR-US: Google Earth
CVE-2006-7156 (PHP remote file inclusion vulnerability in addon_keywords.php in ...)
	NOT-FOR-US: miniBB module Keyword Replacer
CVE-2006-7155 (Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-7154 (Iono allows remote attackers to obtain the full server path via ...)
	NOT-FOR-US: Iono
CVE-2006-7153 (PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-7152 (default.asp in ASP-Nuke Community 1.5 and earlier allows remote ...)
	NOT-FOR-US: ASP-Nuke Community
CVE-2006-7151 (Untrusted search path vulnerability in the libtool-ltdl library ...)
	- libtool <not-affected> (Specific to Fedora build)
CVE-2006-7150 (Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote ...)
	NOT-FOR-US: Mambo
CVE-2006-7149 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo 4.6.x ...)
	NOT-FOR-US: Mambo
CVE-2006-7148 (PHP remote file inclusion vulnerability in includes/bb_usage_stats.php ...)
	NOT-FOR-US: phpBB module maluinfo
CVE-2006-7147 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB module Import Tools
CVE-2006-7146 (** DISPUTED ** ...)
	NOT-FOR-US: communityPortals
CVE-2006-7145 (edit_user.php in Call Center Software 0.93 and earlier allows remote ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7144 (SQL injection vulnerability in Call Center Software 0.93 and earlier ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7143 (Cross-site scripting (XSS) vulnerability in Call Center Software 0.93 ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7142 (The centralized management feature for Utimaco Safeguard stores ...)
	NOT-FOR-US: Utimaco Safeguard
CVE-2006-7141 (** DISPUTED ** ...)
	NOT-FOR-US: Oracle Database
CVE-2006-7140 (The libike library, as used by in.iked, elfsign, and kcfd in Sun ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7139 (Kmail 1.9.1 on KDE 3.5.2, with &quot;Prefer HTML to Plain Text&quot; enabled, ...)
	- kdepim <unfixed> (unimportant)
	NOTE: Annoying bug, but neglectable "security implications"
CVE-2006-7138 (SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in ...)
	NOT-FOR-US: Oracle APEX
CVE-2006-7137 (Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 ...)
	NOT-FOR-US: TinyPortal
CVE-2006-7136 (Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2006-7135 (PHP remote file inclusion vulnerability in lib/functions.inc.php in ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2007-XXXX [unsafe temporary file in lintian's objdump-info]
	- lintian 1.23.28 (low)
	[sarge] - lintian <not-affected> (Vulnerable code not present)
CVE-2007-1287 (A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and ...)
	- php4 <removed> (unimportant)
	[sarge] - php4 <not-affected> (Regression introduced in 4.4.3)
	NOTE: Non-issue, explicit debug feature
CVE-2007-1286 (Integer overflow in PHP 4.4.4 and earlier allows remote ...)
	{DSA-1283-1 DSA-1282-1 DTSA-39-1 DTSA-40-1}
	- php4 6:4.4.6-1 (low)
	- php5 5.2.0-11 (low)
CVE-2007-1285 (The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows ...)
	- php5 5.2.2-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Needs to be sanisited within apps, only crashes the current instance anyway
CVE-2007-1284
	RESERVED
CVE-2007-1283
	RESERVED
CVE-2007-1282 (Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey ...)
	{DSA-1336-1}
	- icedove 1.5.0.10.dfsg1-1 (medium)
CVE-2007-1281 (Kaspersky AntiVirus Engine 6.0.1.411 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky AntiVirus Engine
CVE-2007-1280 (Cross-site scripting (XSS) vulnerability in Adobe RoboHelp X5, 6, and ...)
	NOT-FOR-US: Adobe
CVE-2007-1279 (Unspecified vulnerability in the installer for Adobe Bridge 1.0.3 ...)
	NOT-FOR-US: Adobe
CVE-2007-1278 (Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 ...)
	NOT-FOR-US: Adobe JRun and Coldfusion
CVE-2007-1277 (WordPress 2.1.1, as downloaded from some official distribution sites ...)
	- wordpress <not-affected> (orig.tar.gz not compromised)
CVE-2007-1276 (Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in ...)
	- webmin <removed>
CVE-2007-1275
	RESERVED
CVE-2007-1274
	RESERVED
CVE-2006-7134 (Unrestricted file upload vulnerability in main_user.php in Upload Tool ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7133 (Directory traversal vulnerability in upload/bin/download.php in Upload ...)
	NOT-FOR-US: Upload Tool for PHP
CVE-2006-7132 (Directory traversal vulnerability in pmd-config.php in PHPMyDesk ...)
	NOT-FOR-US: PHPMyDesk
CVE-2006-7131 (PHP remote file inclusion vulnerability in extras/mt.php in Jinzora ...)
	NOT-FOR-US: Jinzora
CVE-2006-7130 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jinzora
CVE-2006-7129 (ISS BlackICE PC Protection 3.6 cpj and cpu, and possibly earlier ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-7128 (PHP remote file inclusion vulnerability in forum/forum.php JAF CMS 4.0 ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7127 (Multiple PHP remote file inclusion vulnerabilities in JAF CMS 4.0 and ...)
	NOT-FOR-US: JAF CMS
CVE-2006-7126 (SQL injection vulnerability in Joomla BSQ Sitestats 1.8.0 and 2.2.1 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7125 (Cross-site scripting (XSS) vulnerability in Joomla BSQ Sitestats 1.8.0 ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7124 (PHP remote file inclusion vulnerability in external/rssfeeds.php in ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7123 (Multiple SQL injection vulnerabilities in BSQ Sitestats (component for ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7122 (Cross-site scripting (XSS) vulnerability in the IP Address Lookup ...)
	NOT-FOR-US: Joomla component BSQ Sitestats
CVE-2006-7121 (The HTTP server in Linksys SPA-921 VoIP Desktop Phone allows remote ...)
	NOT-FOR-US: Linksys SPA-921
CVE-2006-7120 (** DISPUTED ** ...)
	NOT-FOR-US: OSL maintain
CVE-2006-7119 (PHP remote file inclusion vulnerability in kernel/system/startup.php ...)
	NOT-FOR-US: PHPGiggle
CVE-2006-7118 (SQL injection vulnerability in index.asp in DMXReady Site Engine ...)
	NOT-FOR-US: DMXReady Site Engine Manager
CVE-2006-7117 (Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier ...)
	NOT-FOR-US: Kubix
CVE-2006-7116 (SQL injection vulnerability in includes/functions.php in Kubix 0.7 and ...)
	NOT-FOR-US: Kubix
CVE-2006-7115 (SQL injection vulnerability in PHPKit 1.6.1 RC2 allows remote ...)
	NOT-FOR-US: PHPKit
CVE-2006-7114 (P-News 2.0 stores db/user.txt under the web document root with ...)
	NOT-FOR-US: P-News
CVE-2006-7113 (Unrestricted file upload vulnerability in P-News 2.0 allows remote ...)
	NOT-FOR-US: P-News
CVE-2006-7112 (Directory traversal vulnerability in error.php in MD-Pro 1.0.76 and ...)
	NOT-FOR-US: MD-Pro
CVE-2006-7111 (Unspecified vulnerability in Futomi's CGI Cafe KMail CGI 1.0.3 and ...)
	NOT-FOR-US: KMail CGI
CVE-2006-7110 (Directory traversal vulnerability in the delete function in IMCE ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2006-7109 (Unrestricted file upload vulnerability in IMCE before 1.6, a Drupal ...)
	NOT-FOR-US: Drupal module IMCE
CVE-2007-XXXX [buffer overruns in GIT's http-push.c, fixed in 1.5.0.3]
	- git-core 1:1.5.0.3-1 (bug #413629; low)
	[etch] - git-core 1:1.4.4.4-2 (bug #413629; low)
CVE-2007-1273 (Integer overflow in the ktruser function in NetBSD-current before ...)
	NOT-FOR-US: NetBSD Kernel
CVE-2007-1272
	RESERVED
CVE-2007-1271 (Buffer overflow in VMware ESX Server 3.0.0 and 3.0.1 might allow ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1270 (Double free vulnerability in VMware ESX Server 3.0.0 and 3.0.1 allows ...)
	NOT-FOR-US: VMware ESX Server
CVE-2007-1269 (GNUMail 1.1.2 and earlier does not properly use the --status-fd ...)
	- gnumail <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1268 (Mutt 1.5.13 and earlier does not properly use the --status-fd argument ...)
	- mutt <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1267 (Sylpheed 2.2.7 and earlier does not properly use the --status-fd ...)
	- sylpheed <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1266 (Evolution 2.8.1 and earlier does not properly use the --status-fd ...)
	- evolution <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1265 (KMail 1.9.5 and earlier does not properly use the --status-fd argument ...)
	- kdepim <unfixed> (unimportant)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1264 (Enigmail 0.94.2 and earlier does not properly use the --status-fd ...)
	- enigmail 2:0.95.0+1-1 (unimportant; bug #415225)
	NOTE: this is a "feature request", since gnupg is fixed from CVE-2007-1263
CVE-2007-1263 (GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the ...)
	{DSA-1266-1}
	- gnupg 1.4.6-2 (bug #413922; low)
	- gpgme1.0 1.1.2-3 (bug #414170; low)
	- gnupg2 2.0.3-1
	[sarge] - gnupg2 <no-dsa> (Minor issue)
	[etch] - gnupg2 <no-dsa> (Minor issue)
CVE-2007-1262 (Multiple cross-site scripting (XSS) vulnerabilities in the HTML filter ...)
	{DSA-1290-1}
	- squirrelmail 2:1.4.10a-1
CVE-2007-1261 (Unspecified vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2007-1260 (Stack-based buffer overflow in the connectHandle function in ...)
	NOT-FOR-US: WebMod
CVE-2007-1259 (Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have ...)
	NOT-FOR-US: WebAPP
CVE-2007-1258 (Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and ...)
	NOT-FOR-US: Cisco
CVE-2007-1257 (The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, ...)
	NOT-FOR-US: Cisco
CVE-2007-1256 (Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address ...)
	- iceweasel <removed> (unimportant)
	NOTE: Not exploitable
CVE-2007-1255 (Unrestricted file upload vulnerability in admin.bbcode.php in ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1254 (SQL injection vulnerability in part.userprofile.php in Connectix ...)
	NOT-FOR-US: Connectix Boards
CVE-2007-1253 (Eval injection vulnerability in the (a) kmz_ImportWithMesh.py Script ...)
	- blender 2.42a-6 (medium)
	[sarge] - blender <not-affected> (bug was introduced in version 2.42)
	NOTE: http://lists.alioth.debian.org/pipermail/secure-testing-team/2007-March/001095.html
CVE-2007-1252 (Buffer overflow in Symantec Mail Security for SMTP 5.0 before Patch ...)
	NOT-FOR-US: Symantec Mail Security
CVE-2007-1251 (Format string vulnerability in the new_warning function in ...)
	NOT-FOR-US: Netrek Vanilla Server
CVE-2007-1250 (SQL injection vulnerability in section/default.asp in ANGEL Learning ...)
	NOT-FOR-US: Learning Management Suite
CVE-2007-1249 (MoveSortedContentAction in C1 Financial Services Contelligent 9.1.4 ...)
	NOT-FOR-US: Contelligent
CVE-2007-1248 (Multiple cross-site scripting (XSS) vulnerabilities in built2go News ...)
	NOT-FOR-US: News Manager Blog
CVE-2007-1247 (Multiple PHP remote file inclusion vulnerabilities in aWeb Labs ...)
	NOT-FOR-US: aWebNews
CVE-2007-1246 (The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in ...)
	{DSA-1536-1}
	- mplayer 1.0~rc1-13 (bug #414075; medium)
	- xine-lib 1.1.2+dfsg-3 (bug #414072; medium)
	[etch] - mplayer 1.0~rc1-12etch
	[sarge] - xine-lib <no-dsa> (Only affects external, proprietary w32codecs addons)
	NOTE: vlc checked, and is not affected.
CVE-2007-1245 (IrfanView 3.99 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: IrfanView
CVE-2007-1244 (Cross-site request forgery (CSRF) vulnerability in the AdminPanel in ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1243 (Audins Audiens 3.3 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1242 (SQL injection vulnerability in system/index.php in Audins Audiens 3.3 ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1241 (Cross-site scripting (XSS) vulnerability in setup.php in Audins ...)
	NOT-FOR-US: Audins Audiens
CVE-2007-1240 (Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS ...)
	NOT-FOR-US: Docebo CMS
CVE-2007-1239 (Microsoft Excel 2003 does not properly parse .XLS files, which allows ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1238 (Microsoft Office 2003 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1237 (sitex allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: sitex
CVE-2007-1236 (sitex allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: sitex
CVE-2007-1235 (Unrestricted file upload vulnerability in sitex allows remote ...)
	NOT-FOR-US: sitex
CVE-2007-1234 (Multiple cross-site scripting (XSS) vulnerabilities in sitex allow ...)
	NOT-FOR-US: sitex
CVE-2007-1233 (PHP remote file inclusion vulnerability in downloadcounter.php in ...)
	NOT-FOR-US: STWC-Counter
CVE-2007-1232 (Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1231 (Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager ...)
	NOT-FOR-US: SQLiteManager
CVE-2007-1230 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.1.2-1 (medium)
	[etch] - wordpress 2.0.10
CVE-2007-1229 (Cross-site scripting (XSS) vulnerability in the Nullsoft ...)
	NOT-FOR-US: Nullsoft ShoutcastServer
CVE-2007-1228 (IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1227 (VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1226 (McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak ...)
	NOT-FOR-US: McAfee VirusScan
CVE-2007-1225 (The connection log file implementation in Grok Developments NetProxy ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1224 (Grok Developments NetProxy 4.03 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Grok Developments NetProxy
CVE-2007-1223 (Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows ...)
	NOT-FOR-US: Hitachi OSAS/FT/W
CVE-2007-1222 (Parallels Desktop for Mac before 20070216 implements Drag and Drop by ...)
	NOT-FOR-US: Parallels Desktop
CVE-2007-1221 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1220 (The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 does not ...)
	NOT-FOR-US: Microsoft Xbox 360
CVE-2007-1219 (PHP remote file inclusion vulnerability in actions/del.php in Admin ...)
	NOT-FOR-US: Phorum
CVE-2007-1217 (Buffer overflow in the bufprint function in capiutil.c in libcapi, as ...)
	- isdnutils 1:3.9.20060704-3 (bug #408530; low)
	[sarge] - isdnutils <no-dsa> (Not exploitable over ISDN network)
	- asterisk-chan-capi 0.7.1-1.1 (bug #411293; unimportant)
	- linux-2.6 2.6.21-1 (bug #411294; unimportant)
	NOTE: Not exploitable over ISDN network, only theoretically through a dedicated CAPI server
CVE-2007-1216 (Double free vulnerability in the GSS-API library ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-1215 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1214 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2003 Viewer, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1213 (The TrueType Fonts rasterizer in Microsoft Windows 2000 SP4 allows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1212 (Buffer overflow in the Graphics Device Interface (GDI) in Microsoft ...)
	NOT-FOR-US: Microsoft GDI
CVE-2007-1211 (Unspecified kernel GDI functions in Microsoft Windows 2000 SP4; XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1210
	REJECTED
CVE-2007-1209 (Use-after-free vulnerability in the Client/Server Run-time Subsystem ...)
	NOT-FOR-US: Windows Vista
CVE-2007-1208
	REJECTED
CVE-2007-1207
	REJECTED
CVE-2007-1206 (The Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1205 (Unspecified vulnerability in Microsoft Agent (msagent\agentsvr.exe) in ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1204 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1203 (Unspecified vulnerability in Microsoft Excel 2000 SP3, 2002 SP3, 2003 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-1202 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-1201 (Unspecified vulnerability in certain COM objects in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1200
	RESERVED
CVE-2007-1199 (Adobe Reader and Acrobat Trial allow remote attackers to read ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-1198 (Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-1197 (Multiple unspecified vulnerabilities in Epiware before 4.7.5 have ...)
	NOT-FOR-US: Epiware
CVE-2007-1196 (Unspecified vulnerability in Citrix Presentation Server Client for ...)
	NOT-FOR-US: Citrix
CVE-2007-1195 (Multiple buffer overflows in XM Easy Personal FTP Server 5.3.0 allow ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2007-1194 (Norman SandBox Analyzer does not use the proper range for Interrupt ...)
	NOT-FOR-US: SandBox Analyzer
CVE-2007-1193 (Multiple unspecified vulnerabilities in the Login page in OrangeHRM ...)
	NOT-FOR-US: OrangeHRM
CVE-2007-1192 (Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive ...)
	NOT-FOR-US: HyperBook Guestbook
CVE-2007-1191 (The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes ...)
	NOT-FOR-US: Quicksilver plugin Social Bookmarks
CVE-2007-1190 (Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX ...)
	NOT-FOR-US: EmbeddedWB ActiveX control
CVE-2007-1189 (Integer overflow in the envwrite function in the Alcatel-Lucent Bell ...)
	NOT-FOR-US: Alcatel-Lucent Bell Labs Plan 9
CVE-2007-1188 (WebAPP before 0.9.9.5 allows remote attackers to submit Search form ...)
	NOT-FOR-US: WebAPP
CVE-2007-1187 (WebAPP before 0.9.9.5 allows remote authenticated users, without admin ...)
	NOT-FOR-US: WebAPP
CVE-2007-1186 (WebAPP before 0.9.9.5 does not &quot;censor&quot; the Latest Member real name, ...)
	NOT-FOR-US: WebAPP
CVE-2007-1185 (The (1) Search, (2) Edit Profile, (3) Recommend, and (4) User Approval ...)
	NOT-FOR-US: WebAPP
CVE-2007-1184 (The default configuration of WebAPP before 0.9.9.5 has a CAPTCHA ...)
	NOT-FOR-US: WebAPP
CVE-2007-1183 (WebAPP before 0.9.9.5 allows remote authenticated users to spoof ...)
	NOT-FOR-US: WebAPP
CVE-2007-1182 (WebAPP before 0.9.9.5 allows remote Guest users to edit a Guest ...)
	NOT-FOR-US: WebAPP
CVE-2007-1181 (WebAPP before 0.9.9.5 passes (1) Unused Informations and (2) the ...)
	NOT-FOR-US: WebAPP
CVE-2007-1180 (WebAPP before 0.9.9.5 does not check referrers in certain forms, which ...)
	NOT-FOR-US: WebAPP
CVE-2007-1179 (WebAPP before 0.9.9.5 does not properly manage e-mail addresses in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1178 (WebAPP before 0.9.9.5 does not check access in certain contexts ...)
	NOT-FOR-US: WebAPP
CVE-2007-1177 (WebAPP before 0.9.9.5 does not properly filter certain characters in ...)
	NOT-FOR-US: WebAPP
CVE-2007-1176 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1175 (Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2007-1174 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP before ...)
	NOT-FOR-US: WebAPP
CVE-2007-1173 (Multiple buffer overflows in the CentennialIPTransferServer service ...)
	NOT-FOR-US: CentennialIPTransferServer
CVE-2007-1172 (SQL injection vulnerability in nukesentinel.php in NukeSentinel ...)
	NOT-FOR-US: WebAPP
CVE-2007-1171 (SQL injection vulnerability in includes/nsbypass.php in NukeSentinel ...)
	NOT-FOR-US: NukeSentinel
CVE-2007-1170 (SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends ...)
	NOT-FOR-US: SimBin Racing
CVE-2007-1169 (The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1168 (Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1167 (inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and ...)
	NOT-FOR-US: Clanportal
CVE-2007-1166 (SQL injection vulnerability in result.php in Nabopoll 1.2 allows ...)
	NOT-FOR-US: Nabopoll
CVE-2007-1165 (Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 ...)
	NOT-FOR-US: DBGuestbook
CVE-2007-1164 (Multiple PHP remote file inclusion vulnerabilities in DBImageGallery ...)
	NOT-FOR-US: DBImageGallery
CVE-2007-1163 (SQL injection vulnerability in printview.php in webSPELL 4.01.02 and ...)
	NOT-FOR-US: webSPELL
CVE-2007-1162 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls ActiveX control
CVE-2007-1161 (Cross-site scripting (XSS) vulnerability in call_entry.php in Call ...)
	NOT-FOR-US: Call Center Software
CVE-2006-7108 (login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when ...)
	- util-linux 2.17.2-9 (unimportant)
	NOTE: likely fixed far before this, which is the version in squeeze that was checked
CVE-2006-7107 (PHP remote file inclusion vulnerability in upgrade.php in Coalescent ...)
	NOT-FOR-US: freePBX
CVE-2006-7106 (PHP remote file inclusion vulnerability in config.inc.php3 in Power ...)
	NOT-FOR-US: Power Phlogger
CVE-2006-7105 (** DISPUTED ** ...)
	- smarty <not-affected> (described vulnerability never existed)
CVE-2006-7104 (PHP remote file inclusion vulnerability in htmltemplate.php in the ...)
	NOT-FOR-US: MOStlyContent Editor
CVE-2006-7103 (Multiple directory traversal vulnerabilities in EZOnlineGallery 1.3 ...)
	NOT-FOR-US: EZOnlineGallery
CVE-2006-7102 (Multiple PHP remote file inclusion vulnerabilities in phpBurningPortal ...)
	NOT-FOR-US: phpBurningPortal quiz-modul
CVE-2006-7101 (SQL injection vulnerability in admin.php in PHPWind 5.0.1 and earlier ...)
	NOT-FOR-US: PHPWind
CVE-2006-7100 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB Insert User
CVE-2006-7099 (Directory traversal vulnerability in index.php in SolarPay allows ...)
	NOT-FOR-US: SolarPay
CVE-2006-7098 (The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server ...)
	- apache 1.3.34-4.1 (low; bug #357561)
CVE-2006-7097 (Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have ...)
	NOT-FOR-US: TaskFreak!
CVE-2006-7096 (Buffer overflow in the network_host_handle_join function in host.c in ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7095 (Integer signedness error in the network_receive_packet function in ...)
	NOT-FOR-US: dimension 3 engine
CVE-2006-7094 (ftpd, as used by Gentoo and Debian Linux, sets the gid to the ...)
	- linux-ftpd 0.17-23 (bug #384454; low)
CVE-2005-4832 (SQL injection vulnerability in the Oracle Database Server 10g allows ...)
	NOT-FOR-US: Oracle Database Server
CVE-2005-4831 (viewcvs in ViewCVS 0.9.2 allows remote attackers to set the ...)
	- viewvc 0.9.4+svn20060318-1 (low)
CVE-2005-4830 (CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote ...)
	- viewvc 0.9.4+svn20060318-1 (low)
	NOTE: referring to http://www.securityfocus.com/archive/1/461427/100/0/threaded this
	NOTE: has been fixed in cvs for 0.9.3
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
	- libapache2-mod-python 3.2.8-1 (low)
CVE-2007-1218 (Off-by-one buffer overflow in the parse_elements function in the ...)
	{DSA-1272-1}
	- tcpdump 3.9.5-2 (bug #413430; low)
CVE-2007-1160 (webSPELL 4.0, and possibly later versions, allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1159 (Cross-site scripting (XSS) vulnerability in modules/out.php in ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1158 (Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 ...)
	NOT-FOR-US: Pagesetter
CVE-2007-1157 (Cross-site request forgery (CSRF) vulnerability in ...)
	NOT-FOR-US: JBoss
CVE-2007-1156 (JBrowser allows remote attackers to bypass authentication and access ...)
	NOT-FOR-US: JBrowser
CVE-2007-1155 (Unrestricted file upload vulnerability in webSPELL allows remote ...)
	NOT-FOR-US: webSPELL
CVE-2007-1154 (SQL injection vulnerability in webSPELL allows remote attackers to ...)
	NOT-FOR-US: webSPELL
CVE-2007-1153 (Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2007-1152 (Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 ...)
	NOT-FOR-US: Pyrophobia
CVE-2007-1151 (Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1150 (Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1149 (Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1148 (PHP remote file inclusion vulnerability in install/index.php in ...)
	NOT-FOR-US: LoveCMS
CVE-2007-1147 (PHP remote file inclusion vulnerability in view.php in hbm allows ...)
	NOT-FOR-US: hbm
CVE-2007-1146 (PHP remote file inclusion vulnerability in function.php in arabhost ...)
	NOT-FOR-US: arabhost
CVE-2007-1145 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2007-1144 (Directory traversal vulnerability in jwpn-photos.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1143 (Directory traversal vulnerability in pn-menu.php in J-Web Pics ...)
	NOT-FOR-US: J-Web Pics Navigator
CVE-2007-1142 (Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1141 (PHP remote file inclusion vulnerability in preview.php in Magic News ...)
	NOT-FOR-US: Magic News Plus
CVE-2007-1140 (Directory traversal vulnerability in edit.php in pheap allows remote ...)
	NOT-FOR-US: pheap
CVE-2007-1139 (Unrestricted file upload vulnerability in Cromosoft Simple Plantilla ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1138 (Absolute path traversal vulnerability in list_main_pages.php in ...)
	NOT-FOR-US: Simple Plantilla PHP
CVE-2007-1137 (putmail.py in Putmail before 1.4 does not detect when a user attempts ...)
	NOT-FOR-US: Putmail
CVE-2007-1136 (index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1135 (Multiple SQL injection vulnerabilities in WebMplayer before ...)
	NOT-FOR-US: WebMplayer
CVE-2007-1134 (Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown ...)
	NOT-FOR-US: Watchtower
CVE-2007-1133 (PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 ...)
	NOT-FOR-US: FCRing
CVE-2007-1132 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;Contact ...)
	NOT-FOR-US: MTCMS
CVE-2007-1131 (PHP remote file inclusion vulnerability in sinapis.php in Sinapis ...)
	NOT-FOR-US: Sinapis Forum
CVE-2007-1130 (PHP remote file inclusion vulnerability in sinagb.php in Sinapis ...)
	NOT-FOR-US: Sinapis Gastebuch
CVE-2007-1129 (Multiple unrestricted file upload vulnerabilities in MTCMS 3.2 allow ...)
	NOT-FOR-US: MTCMS
CVE-2007-1128 (shopkitplus allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1127 (Directory traversal vulnerability in enc/stylecss.php in shopkitplus ...)
	NOT-FOR-US: shopkitplus
CVE-2007-1126 (Directory traversal vulnerability in index.php in xtcommerce allows ...)
	NOT-FOR-US: xtcommerce
CVE-2007-1125 (Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1124 (Directory traversal vulnerability in gallery.php in XeroXer Simple ...)
	NOT-FOR-US: XeroXer Simple
CVE-2007-1123 (Multiple PHP remote file inclusion vulnerabilities in ZPanel 2.0 allow ...)
	NOT-FOR-US: ZPanel
CVE-2007-1122 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1121 (Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ...)
	NOT-FOR-US: ZephyrSoft Toolbox Address Book Continued
CVE-2007-1120 (The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions ...)
	NOT-FOR-US: TeeChart Pro ActiveX control
CVE-2007-1119 (Unspecified vulnerability in Novell ZENworks 7 Desktop Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2007-1118 (Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 ...)
	NOT-FOR-US: eFiction
CVE-2007-1117 (Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-1116 (The CheckLoadURI function in Mozilla Firefox 1.8 lists the about: URI ...)
	{DSA-1308-1 DSA-1306-1 DSA-1300-1 DTSA-45-1 DTSA-47-1 DTSA-51-1}
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.1.2-1 (low)
	- xulrunner 1.8.1.4-1 (bug #415919; bug #415944; bug #415945; low)
	NOTE: according to a blog comment at http://www.gnucitizen.org/projects/hscan-redux/,
	NOTE: older mozillas are not vulnerable
CVE-2007-1115 (The child frames in Opera 9 before 9.20 inherit the default charset ...)
	NOT-FOR-US: Opera
CVE-2007-1114 (The child frames in Microsoft Internet Explorer 7 inherit the default ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1113
	RESERVED
CVE-2007-1112 (Kaspersky Anti-Virus 6.0 and Internet Security 6.0 exposes unsafe ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-1111 (Multiple cross-site scripting (XSS) vulnerabilities in ActiveCalendar ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1110 (Directory traversal vulnerability in data/showcode.php in ...)
	NOT-FOR-US: ActiveCalendar
CVE-2007-1109 (Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery ...)
	NOT-FOR-US: Phpwebgallery
CVE-2007-1108 (PHP remote file inclusion vulnerability in index.php in Christian ...)
	NOT-FOR-US: CS-Gallery
CVE-2007-1107 (SQL injection vulnerability in thumbnails.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-1106 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NoMoKeTos Rules
CVE-2007-1105 (PHP remote file inclusion vulnerability in functions.php in Extreme ...)
	NOT-FOR-US: phpBB Extreme
CVE-2007-1104 (PHP remote file inclusion vulnerability in top.php in PHP Module ...)
	NOT-FOR-US: PHP Module Implementation
CVE-2007-1103 (Tor does not verify a node's uptime and bandwidth advertisements, ...)
	- tor <unfixed> (unimportant)
	NOTE: Minor issue, just puts more noise on the node
CVE-2007-1102 (Photostand 1.2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Photostand
CVE-2007-1101 (Multiple cross-site scripting (XSS) vulnerabilities in Photostand ...)
	NOT-FOR-US: Photostand
CVE-2007-1100 (Directory traversal vulnerability in download.php in Ahmet Sacan ...)
	NOT-FOR-US: Pickle
CVE-2007-1099 (dbclient in Dropbear SSH client before 0.49 does not sufficiently warn ...)
	- dropbear 0.49-1 (unimportant; bug #412899)
	[etch] - dropbear 0.48.1-2 (unimportant)
	NOTE: That's a lack of a security feature (strict hostkey checking in openssh
	NOTE: termininoloy) and an awkward interface, but not a vulnerability per se
	NOTE: Especially as dropbear is specifically labeled a stripped down SSH implementation
CVE-2007-1098 (Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have ...)
	NOT-FOR-US: ScryMUD
CVE-2007-1097 (Unrestricted file upload vulnerability in the onAttachFiles function ...)
	NOT-FOR-US: Wiclear
CVE-2007-1096 (Cross-site scripting (XSS) vulnerability in ps_cart.php in VirtueMart ...)
	NOT-FOR-US: VirtueMart
CVE-2007-1095 (Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not ...)
	{DSA-1401-1 DSA-1396-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8-1 (low; bug #445514)
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
	NOTE: MFSA2007-30
CVE-2007-1094 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1093 (Multiple unspecified vulnerabilities in JP1/Cm2/Network Node Manager ...)
	NOT-FOR-US: Network Node Manager
CVE-2007-1092 (Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
CVE-2007-1091 (Microsoft Internet Explorer 7 allows remote attackers to prevent users ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-1090 (Microsoft Windows Explorer on Windows XP and 2003 allows remote ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-1089 (IBM DB2 Universal Database (UDB) 9.1 GA through 9.1 FP1 allows local ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1088 (Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1087 (IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1086 (Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1085 (Cross-site scripting (XSS) vulnerability in Google Desktop allows ...)
	NOT-FOR-US: Google Desktop
CVE-2007-1084 (Mozilla Firefox 2.0.0.1 and earlier does not prompt users before ...)
	- iceweasel <removed> (unimportant; bug #556268)
	- iceape <removed> (unimportant)
	- epiphany-browser <unfixed> (unimportant; bug #556272)
	NOTE: only epiphany-gecko backend affected
	- galeon 2.0.7-2 (unimportant; bug #556270)
	- kazehakase 0.5.8-2 (bug #556271)
	[lenny] - kazehakase 0.5.4-2lenny1
	- conkeror <not-affected> (doesn't support bookmarks)
	- webkit <not-affected> (doesn't support javascript embedded in bookmarks)
CVE-2007-1083 (Buffer overflow in the Configuration Checker (ConfigChk) ActiveX ...)
	NOT-FOR-US: ConfigChk ActiveX control
CVE-2007-1082 (FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, ...)
	NOT-FOR-US: FTP Explorer
CVE-2007-1081 (The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, ...)
	- typo3-src 4.0.5+debian-1
	[etch] - typo3-src 4.0.2+debian-3
CVE-2007-1080 (Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1079 (Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager ...)
	NOT-FOR-US: FTP Voyager
CVE-2007-1078 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: FlashGameScript
CVE-2007-1077 (SQL injection vulnerability in page.asp in Design4Online UserPages2 ...)
	NOT-FOR-US: UserPages2
CVE-2007-1076 (Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and ...)
	NOT-FOR-US: phpTrafficA
CVE-2007-1075 (TurboFTP 5.30 Build 572 allows remote servers to cause a denial of ...)
	NOT-FOR-US: TurboFTP
CVE-2007-1074 (Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x ...)
	NOT-FOR-US: NewsBin Pro
CVE-2007-1073 (Static code injection vulnerability in install.php in mcRefer allows ...)
	NOT-FOR-US: mcRefer
CVE-2007-1072 (The command line interface (CLI) in Cisco Unified IP Phone 7906G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1071 (Integer overflow in the gifGetBandProc function in ImageIO in Apple ...)
	NOT-FOR-US: Apple ImageIO
CVE-2007-1069 (The memory management in VMware Workstation before 5.5.4 allows ...)
	NOT-FOR-US: VMware
CVE-2007-1068 (The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, ...)
	NOT-FOR-US: Cisco
CVE-2007-1067 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1066 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1065 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1064 (Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, ...)
	NOT-FOR-US: Cisco
CVE-2007-1063 (The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, ...)
	NOT-FOR-US: Cisco
CVE-2007-1062 (The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and ...)
	NOT-FOR-US: Cisco
CVE-2007-1061 (SQL injection vulnerability in index.php in Francisco Burzi PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-1060 (Multiple PHP remote file inclusion vulnerabilities in Interspire ...)
	NOT-FOR-US: SendStudio
CVE-2007-1059 (PHP remote file inclusion vulnerability in function.php in Ultimate ...)
	NOT-FOR-US: Ultimate Fun Book
CVE-2007-1058 (SQL injection vulnerability in user_pages/page.asp in Online Web ...)
	NOT-FOR-US: Online Web Building
CVE-2007-1057 (The Net Direct client for Linux before 6.0.5 in Nortel Application ...)
	NOT-FOR-US: Nortel Application Switch
CVE-2007-1056 (VMware Workstation 5.5.3 build 34685 does not provide per-user ...)
	NOT-FOR-US: VMware
CVE-2007-1055 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1054 (Cross-site scripting (XSS) vulnerability in the AJAX features in ...)
	- mediawiki 1.7.1-9 (bug #406238; medium)
CVE-2007-1053 (** DISPUTED ** ...)
	NOT-FOR-US: phpXmms
CVE-2007-1052 (** DISPUTED ** ...)
	NOT-FOR-US: PBLang
CVE-2007-1051 (Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-1050 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MyCalendar
CVE-2007-1048 (PHP remote file inclusion vulnerability in admin_rebuild_search.php in ...)
	NOT-FOR-US: phpbb_wordsearch
CVE-2007-1047 (Unspecified vulnerability in Distributed Checksum Clearinghouse (DCC) ...)
	- dcc <removed> (medium; bug #439718)
CVE-2007-1046 (Dem_trac allows remote attackers to read log file contents via a ...)
	NOT-FOR-US: Dem_trac
CVE-2007-1045 (mAlbum 0.3 has default accounts (1) &quot;login&quot;/&quot;pass&quot; for its ...)
	NOT-FOR-US: mAlbum
CVE-2007-1044 (Pearson Education PowerSchool 4.3.6 allows remote attackers to list ...)
	NOT-FOR-US: PowerSchool
CVE-2007-1043 (Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass ...)
	NOT-FOR-US: Ezboo
CVE-2007-1042 (Directory traversal vulnerability in news.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1041 (Multiple stack-based buffer overflows in S&amp;H Computer Systems News ...)
	NOT-FOR-US: News Rover
CVE-2007-1040 (Directory traversal vulnerability in archives.php in Xpression News ...)
	NOT-FOR-US: Xpression News
CVE-2007-1039 (Unspecified vulnerability in Peanut Knowledge Base (PeanutKB) 0.0.3 ...)
	NOT-FOR-US: Peanut Knowledge Base
CVE-2007-1038 (Shemes.com Grabit 1.5.3, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: Grabit
CVE-2007-1037 (Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier ...)
	NOT-FOR-US: News File Grabber
CVE-2006-7093 (Cross-site scripting (XSS) vulnerability in Mambo LaiThai 4.5.4 ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7092 (SQL injection vulnerability in includes/mambo.php in Mambo LaiThai ...)
	NOT-FOR-US: Mambo LaiThai
CVE-2006-7091 (PHP remote file inclusion vulnerability in config.php in phpht ...)
	NOT-FOR-US: Topsites FREE
CVE-2006-7090 (PHP remote file inclusion vulnerability in phpbb_security.php in phpBB ...)
	NOT-FOR-US: phpBB Security
CVE-2006-7089 (SQL injection vulnerability in connexion.php in Ban 0.1 allows remote ...)
	NOT-FOR-US: Ban
CVE-2006-7088 (Multiple SQL injection vulnerabilities in Simple PHP Forum before 0.4 ...)
	NOT-FOR-US: Simple PHP Forum
CVE-2006-7087 (CRLF injection vulnerability in the mail function in Dotdeb PHP before ...)
	NOT-FOR-US: Dotdeb PHP
CVE-2006-7086 (The (1) dlback.php and (2) dlback.cgi scripts in Hot Links allow ...)
	NOT-FOR-US: Hot Links
CVE-2006-7085 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7084
	REJECTED
CVE-2006-7083 (Directory traversal vulnerability in index.php in Rigter Portal System ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7082 (Rigter Portal System (RPS) 1.0, 2.0, and 3.0 allows remote attackers ...)
	NOT-FOR-US: Rigter Portal System
CVE-2006-7081 (Multiple PHP remote file inclusion vulnerabilities in PhpNews 1.0 ...)
	NOT-FOR-US: PhpNews
CVE-2006-7080 (Directory traversal vulnerability in the avatar upload feature in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7079 (Variable extraction vulnerability in include/common.php in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-7078 (Multiple cross-site scripting (XSS) vulnerabilities in Professional ...)
	NOT-FOR-US: Professional Home Page Tools Login Script
CVE-2006-7077 (SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7076 (Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-7075 (Buffer overflow in the meta_read_flac function in meta_decoder.c for ...)
	- aqualung 0.9~beta6-1 (medium)
CVE-2006-7074 (admin.php in SmartSiteCMS 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-7073 (Cross-site scripting (XSS) vulnerability in Opentools Attachment Mod ...)
	NOT-FOR-US: Opentools Attachment Mod
CVE-2006-7072 (Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise ...)
	NOT-FOR-US: GeoClassifieds Enterprise
CVE-2006-7071 (SQL injection vulnerability in classes/class_session.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7070 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-7069 (PHP remote file inclusion vulnerability in smarty_config.php in ...)
	NOT-FOR-US: Socketwiz Bookmarks
CVE-2006-7068 (PHP remote file inclusion vulnerability in CliServ Web Community 0.65 ...)
	NOT-FOR-US: CliServ Web Community
CVE-2006-7067 (Oracle 10g R2 and possibly other versions allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2006-7066 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7065 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7064 (Cross-site scripting (XSS) vulnerability in forum/admin.php for ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-7063 (Directory traversal vulnerability in profile.php in TinyPHPforum 3.6 ...)
	NOT-FOR-US: TinyPHPforum
CVE-2006-7062 (calendar.php in Kamgaing Email System (kmail) 2.3 and earlier allows ...)
	NOT-FOR-US: Kamgaing Email System
CVE-2006-7061 (Scriptsez.net E-Dating System stores data files with predictable names ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7060 (cindex.php in Scriptsez.net E-Dating System allows remote attackers to ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7059 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: E-Dating System
CVE-2006-7058 (Multiple cross-site scripting (XSS) vulnerabilities in Sphider before ...)
	NOT-FOR-US: Sphider
CVE-2006-7057 (SQL injection vulnerability in search.php in Sphider before 1.3.1c ...)
	NOT-FOR-US: Sphider
CVE-2006-7056 (Multiple PHP remote file inclusion vulnerabilities in DreamCost ...)
	NOT-FOR-US: HostAdmin
CVE-2006-7055 (PHP remote file inclusion vulnerability in index.php in TotalCalendar ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-7054 (The DNS module in Arkoon FAST360 UTM appliances 3.0 up to 3.0/29, 3.1 ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7053 (Unspecified vulnerability in Arkoon FAST360 UTM appliances 3.0 through ...)
	NOT-FOR-US: FAST360 UTM
CVE-2006-7052 (Multiple PHP remote file inclusion vulnerabilities in DotWidget For ...)
	NOT-FOR-US: DotWidget
CVE-2006-7051 (The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x ...)
	- linux-2.6 2.6.23-1 (low)
	[etch] - linux-2.6 <no-dsa> (Design limitation, use resource limits if it poses a problem)
CVE-2006-7050 (Cross-site scripting (XSS) vulnerability in WikkaWiki (Wikka Wiki) ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7049 (The Method method in WikkaWiki (Wikka Wiki) before 1.1.6.2 calls the ...)
	NOT-FOR-US: WikkaWiki
CVE-2006-7048 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
	NOT-FOR-US: Claroline
CVE-2006-7047 (include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ...)
	NOT-FOR-US: Shoutpro
CVE-2006-7046 (PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7045 (PHP remote file inclusion vulnerability in Clan Manager Pro (CMPRO) ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7044 (PHP remote file inclusion vulnerability in comment.core.inc.php in ...)
	NOT-FOR-US: Clan Manager Pro
CVE-2006-7043 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7042 (Cross-site scripting (XSS) vulnerability in directory/index.php in ...)
	NOT-FOR-US: Chipmunk
CVE-2006-7041 (The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7040 (Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7039 (The IMAP4 service in MERCUR Messaging 2005 before Service Pack 4 ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7038 (Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack ...)
	NOT-FOR-US: MERCUR Messaging
CVE-2006-7037 (Mathcad 12 through 13.1 allows local users to bypass the security ...)
	NOT-FOR-US: MathCAD
CVE-2006-7036 (PHP remote file inclusion vulnerability in register.php for Andys Chat ...)
	NOT-FOR-US: Andy's Chat
CVE-2006-7035 (Directory traversal vulnerability in make_thumbnail.php in Super Link ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7034 (SQL injection vulnerability in directory.php in Super Link Exchange ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7033 (Cross-site scripting (XSS) vulnerability in Super Link Exchange Script ...)
	NOT-FOR-US: Super Link Exchange Script
CVE-2006-7032 (PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB ...)
	NOT-FOR-US: FlashBB
CVE-2006-7031 (Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7030 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7029 (Microsoft Internet Explorer 6 SP2 and earlier allows remote attackers ...)
	NOT-FOR-US: Microsoft IE
CVE-2006-7028 (Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-7027 (Microsoft Internet Security and Acceleration (ISA) Server 2004 logs ...)
	NOT-FOR-US: Microsoft ISA
CVE-2006-7026 (PHP remote file inclusion vulnerability in sources/join.php in ...)
	NOT-FOR-US: Topsites PHP
CVE-2006-7025 (SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and ...)
	NOT-FOR-US: Bookmark4U
CVE-2005-4829 (VirtueMart before 1.0.1 does not properly handle errors when a user is ...)
	NOT-FOR-US: VirtueMart
CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to ...)
	NOT-FOR-US: CheckPoint Firewall
CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP ...)
	NOT-FOR-US: QwikMail SMTP
CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: SonicWALL
CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SafeNet VPN
CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 ...)
	NOT-FOR-US: PGPFreeware
CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to ...)
	NOT-FOR-US: NetScreen-Remote
CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...)
	NOT-FOR-US: FreeBSD
CVE-2007-XXXX [vserver patch allows renice of processes in different context]
	- linux-2.6 2.6.18.dfsg.1-12 (bug #412143)
CVE-2007-XXXX [apg generates insecure passwords on 64-bit architectures]
	- apg 2.2.3.dfsg.1-2 (low; bug #412618)
	[etch] - apg <no-dsa> (Minor issue)
	[sarge] - apg <no-dsa> (Minor issue)
CVE-2007-XXXX [mt-daapd remote access & default password]
	- mt-daapd 0.9~r1586-1 (unimportant; bug #404640)
	NOTE: User-unfriendly packaging flaw, but not a vulnerability per se
CVE-2007-XXXX [amavids-new uses contrib/non-free packers without security support in default config]
	- amavisd-new 1:2.5.2-1 (unimportant; bug #410588)
	NOTE: Doesn't affect a standard Debian installation, only users, which install
	NOTE: proprietary apps, it should be fixed for sanity, but not a direct vulnerability
CVE-2006-XXXX [pure-ftpd-mysql: any problems with a home dir will allow rw to the entire filesystem]
	- pure-ftpd 1.0.21-1 (low)
	NOTE: oldstable is affected
CVE-2007-1049 (Cross-site scripting (XSS) vulnerability in the wp_explain_nonce ...)
	{DTSA-34-1}
	- wordpress 2.1.1-1 (low)
CVE-2007-1070 (Multiple stack-based buffer overflows in Trend Micro ServerProtect for ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2007-1036 (The default configuration of JBoss does not restrict access to the (1) ...)
	NOT-FOR-US: JBoss
CVE-2007-1035 (Unspecified vulnerability in certain demonstration scripts in getID3 ...)
	NOT-FOR-US: Mediafield and Audio modules for Drupal
	NOTE: this is not a php-getid3 problem, but related to the way these modules embed getid3
CVE-2007-1034 (SQL injection vulnerability in the category file in modules.php in the ...)
	NOT-FOR-US: Emporium for PHP-Nuke
CVE-2007-1033 (Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and ...)
	NOT-FOR-US: Secure site for Drupal
CVE-2007-1032 (Unspecified vulnerability in phpMyFAQ 1.6.9 and earlier, when ...)
	NOT-FOR-US: phpMyFAQ
CVE-2007-1031 (Directory traversal vulnerability in include/db_conn.php in SpoonLabs ...)
	NOT-FOR-US: Vivvo Article Management CMS
CVE-2007-1030 (Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a ...)
	- libevent <not-affected> (vulnerable version 1.2 was never uploaded)
CVE-2007-1029 (Stack-based buffer overflow in the Connect method in the IMAP4 ...)
	NOT-FOR-US: Quiksoft EasyMail Objects
CVE-2007-1028 (Cross-site scripting (XSS) vulnerability in the Barry Jaspan Image ...)
	NOT-FOR-US: Image Pager
CVE-2007-1027 (Certain setuid DB2 binaries in IBM DB2 before 9 Fix Pack 2 for Linux ...)
	NOT-FOR-US: IBM DB2
CVE-2007-1026 (SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier ...)
	NOT-FOR-US: XLAtunes
CVE-2007-1025 (PHP remote file inclusion vulnerability in inc/functions_inc.php in ...)
	NOT-FOR-US: VS-Link-Partner
CVE-2007-1024 (PHP remote file inclusion vulnerability in include.php in Meganoide's ...)
	NOT-FOR-US: Meganoide's news
CVE-2007-1023 (SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums 2000
CVE-2007-1022 (SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 ...)
	NOT-FOR-US: Turuncu Portal
CVE-2007-1021 (SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2007-1020 (Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 ...)
	NOT-FOR-US: CedStat
CVE-2007-1019 (SQL injection vulnerability in news.php in webSPELL 4.01.02, when ...)
	NOT-FOR-US: webSPELL
CVE-2007-1018 (PHP remote file inclusion vulnerability in tpl/header.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1017 (PHP remote file inclusion vulnerability in show_news_inc.php in ...)
	NOT-FOR-US: VS-News-System
CVE-2007-1016 (SQL injection vulnerability in Aktueldownload Haber script allows ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1015 (SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber ...)
	NOT-FOR-US: Aktueldownload Haber
CVE-2007-1014 (Stack-based buffer overflow in VicFTPS before 5.0 allows remote ...)
	NOT-FOR-US: VicFTPS
CVE-2007-1013 (PHP remote file inclusion vulnerability in generate.php in ...)
	NOT-FOR-US: VirtualSystem Htaccess Password Generator
CVE-2007-1012 (Cross-site scripting (XSS) vulnerability in faq.php in DeskPRO 1.1.0 ...)
	NOT-FOR-US: DeskPRO
CVE-2007-1011 (PHP remote file inclusion vulnerability in functions_inc.php in ...)
	NOT-FOR-US: VS-Gastebuch
CVE-2007-1010 (Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, ...)
	NOT-FOR-US: ZebraFeeds
CVE-2007-1009 (Macrovision InstallAnywhere Enterprise before 8.0.1 uses the ...)
	NOT-FOR-US: InstallAnywhere
CVE-2007-1008 (Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a ...)
	NOT-FOR-US: Apple iTunes
CVE-2007-1007 (Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows ...)
	{DSA-1262-1}
	- gnomemeeting <removed> (high)
CVE-2007-1006 (Multiple format string vulnerabilities in the ...)
	- ekiga 2.0.3-2.1 (bug #411944; high)
CVE-2007-1005 (Heap-based buffer overflow in SW3eng.exe in the eID Engine service in ...)
	NOT-FOR-US: eTrust Intrusion Detection
CVE-2007-1004 (Mozilla Firefox might allow remote attackers to conduct spoofing and ...)
	- iceweasel 2.0.0.4-1 (low)
	- iceape 1.0.9-1 (low)
	- xulrunner 1.8.0.4-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=370555
CVE-2007-1003 (Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList ...)
	{DSA-1294-1}
	- xorg-server 2:1.1.1-21 (medium)
CVE-2007-1002 (Format string vulnerability in the write_html function in ...)
	{DSA-1325-1}
	- evolution 2.10.2-1
	[sarge] - evolution <not-affected> (Vulnerable code not present)
CVE-2007-1001 (Multiple integer overflows in the (1) createwbmp and (2) readwbmp ...)
	- libgd2 2.0.33-1 (medium)
	NOTE: This has been fixed in libgd2 for a while, and php is linked against libgd2.
CVE-2007-1000 (The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the ...)
	- linux-2.6 2.6.18.dfsg.1-12 (medium)
CVE-2007-0999 (Format string vulnerability in Ekiga 2.0.3, and probably other ...)
	- ekiga 2.0.3-5 (bug #414069; high)
CVE-2007-0998 (The VNC server implementation in QEMU, as used by Xen and possibly ...)
	- xen-3.0 <removed> (bug #436250; medium)
	[etch] - xen-3.0 <unfixed>
	NOTE: Fedora disabled the VNC access to the Qemu monitor
	NOTE: An adjusted patch has been sent to the debian bugreport
CVE-2007-0997 (Race condition in the tee (sys_tee) system call in the Linux kernel ...)
	- linux-2.6 2.6.18-1
CVE-2007-0996 (The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0995 (Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0994 (A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x ...)
	{DSA-1336-1}
	- iceweasel 2.0.0.2+dfsg-2 (medium)
CVE-2007-0993
	REJECTED
CVE-2007-0992
	REJECTED
CVE-2007-0991
	REJECTED
CVE-2007-0990
	REJECTED
CVE-2007-0989
	REJECTED
CVE-2007-0988 (The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before ...)
	{DSA-1264-1}
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	- php5 5.2.0-9
CVE-2007-0987 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.5 ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0986 (PHP remote file inclusion vulnerability in index.php in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0985 (SQL injection vulnerability in nickpage.php in phpCC 4.2 beta and ...)
	NOT-FOR-US: phpCC
CVE-2007-0984 (SQL injection vulnerability in admin_poll.asp in PollMentor 2.0 allows ...)
	NOT-FOR-US: PollMentor
CVE-2007-0983 (PHP remote file inclusion vulnerability in _admin/nav.php in AT ...)
	NOT-FOR-US: AT Contenator
CVE-2007-0982 (Cross-site scripting (XSS) vulnerability in error.php in TaskFreak! ...)
	NOT-FOR-US: TaskFreak!
CVE-2007-0981 (Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-07
	- iceweasel 2.0.0.1+dfsg-3 (bug #411192; high)
	- xulrunner 1.8.0.10-1 (high)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0980 (Unspecified vulnerability in HP Serviceguard for Linux; packaged for ...)
	NOT-FOR-US: HP Serviceguard
CVE-2007-0979 (Unspecified vulnerability in LifeType before 1.1.6, and 1.2 before ...)
	NOT-FOR-US: LifeType
CVE-2007-0978 (Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0977 (IBM Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0976 (Buffer overflow in the ActSoft DVD-Tools ActiveX control ...)
	NOT-FOR-US: ActSoft DVD-Tools ActiveX control
CVE-2007-0975 (Variable extraction vulnerability in Ian Bezanson Apache Stats before ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0974 (Multiple unspecified vulnerabilities in Ian Bezanson DropBox before ...)
	NOT-FOR-US: DropBox
CVE-2007-0973 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0972 (Unrestricted file upload vulnerability in modules/emoticons.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0971 (Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow ...)
	NOT-FOR-US: Jupiter CMS
CVE-2007-0970 (Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and ...)
	NOT-FOR-US: WebTester
CVE-2007-0969 (Multiple cross-site scripting (XSS) vulnerabilities in WebTester ...)
	NOT-FOR-US: WebTester
CVE-2007-0968 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) ...)
	NOT-FOR-US: Cisco
CVE-2007-0967 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.1) allows ...)
	NOT-FOR-US: Cisco
CVE-2007-0966 (Cisco Firewall Services Module (FWSM) 3.x before 3.1(3.11), when the ...)
	NOT-FOR-US: Cisco
CVE-2007-0965 (Cisco FWSM 3.x before 3.1(3.2), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0964 (Cisco FWSM 3.x before 3.1(3.18), when authentication is configured to ...)
	NOT-FOR-US: Cisco
CVE-2007-0963 (Unspecified vulnerability in Cisco Firewall Services Module (FWSM) 3.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0962 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.0 before ...)
	NOT-FOR-US: Cisco
CVE-2007-0961 (Cisco PIX 500 and ASA 5500 Series Security Appliances 6.x before ...)
	NOT-FOR-US: Cisco
CVE-2007-0960 (Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series ...)
	NOT-FOR-US: Cisco
CVE-2007-0959 (Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when ...)
	NOT-FOR-US: Cisco
CVE-2007-0958 (Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable ...)
	{DSA-1304 DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0957 (Stack-based buffer overflow in the krb5_klog_syslog function in the ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0956 (The telnet daemon (telnetd) in MIT krb5 before 1.6.1 allows remote ...)
	{DSA-1276-1}
	- krb5 1.4.4-8 (high)
CVE-2007-0955 (The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable ...)
	NOT-FOR-US: Mail Enable Professional
CVE-2007-0954 (MOHA Chat 0.1b7 and earlier does not require authentication for use of ...)
	NOT-FOR-US: MOHA Chat
CVE-2007-0953 (Cross-site scripting (XSS) vulnerability in search.pl in @Mail 4.61 ...)
	NOT-FOR-US: @Mail
CVE-2007-0952 (Multiple cross-site scripting (XSS) vulnerabilities in Scriptsez.net ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0951 (SQL injection vulnerability in listmain.asp in Fullaspsite ASP Hosting ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0950 (Cross-site scripting (XSS) vulnerability in listmain.asp in ...)
	NOT-FOR-US: Fullaspsite ASP Hosting Site
CVE-2007-0949 (Stack-based buffer overflow in iTinySoft Studio Total Video Player ...)
	NOT-FOR-US: iTinySoft
CVE-2007-0948 (Heap-based buffer overflow in Microsoft Virtual PC 2004 and PC for Mac ...)
	NOT-FOR-US: Microsoft Virtual PC
CVE-2007-0947 (Use-after-free vulnerability in Microsoft Internet Explorer 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0946 (Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0945 (Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0944 (Unspecified vulnerability in the CTableCol::OnPropertyChange method in ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0943 (Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0942 (Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2007-0941
	REJECTED
CVE-2007-0940 (Unspecified vulnerability in the Cryptographic API Component Object ...)
	NOT-FOR-US: Microsoft CAPICOM
CVE-2007-0939 (Cross-site scripting (XSS) vulnerability in Microsoft Content ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0938 (Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does ...)
	NOT-FOR-US: Microsoft Content Management Server
CVE-2007-0937
	REJECTED
CVE-2007-0936 (Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow ...)
	NOT-FOR-US: Microsoft
CVE-2007-0935
	REJECTED
CVE-2007-0934 (Unspecified vulnerability in Microsoft Visio 2002 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0933 (Buffer overflow in the wireless driver 6.0.0.18 for D-Link DWL-G650+ ...)
	NOT-FOR-US: D-Link
CVE-2007-0932 (The (1) Aruba Mobility Controllers 200, 600, 2400, and 6000 and (2) ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0931 (Heap-based buffer overflow in the management interfaces in (1) Aruba ...)
	NOT-FOR-US: Aruba Mobility Controller
CVE-2007-0930 (Variable extract vulnerability in Apache Stats before 0.0.3beta allows ...)
	NOT-FOR-US: Apache Stats
CVE-2007-0929 (Directory traversal vulnerability in php rrd browser before 0.2.1 ...)
	NOT-FOR-US: prb (php rrd browser)
CVE-2007-0928 (Virtual Calendar stores sensitive information under the web root with ...)
	NOT-FOR-US: Virtual Calendar
CVE-2007-0927 (Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to ...)
	NOT-FOR-US: uTorrent
CVE-2007-0926 (The dologin function in guestbook.php in KvGuestbook 1.0 Beta allows ...)
	NOT-FOR-US: KvGuestbook
CVE-2007-0925 (Cross-site scripting (XSS) vulnerability in search/SearchResults.aspx ...)
	NOT-FOR-US: Community Server
CVE-2007-0924 (Till Gerken phpPolls 1.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpPolls
CVE-2007-0923 (buscador/buscador.htm in Portal Search allows remote attackers to ...)
	NOT-FOR-US: Portal Search
CVE-2007-0922 (Cross-site scripting (XSS) vulnerability in buscador/buscador.htm in ...)
	NOT-FOR-US: Portal Search
CVE-2007-0921 (Portal Search allows remote attackers to redirect a URL to an ...)
	NOT-FOR-US: Portal Search
CVE-2007-0920 (SQL injection vulnerability in philboard_forum.asp in Philboard 1.14 ...)
	NOT-FOR-US: Philboard
CVE-2007-0919 (Directory traversal vulnerability in Nickolas Grigoriadis Mini Web ...)
	NOT-FOR-US: MiniWebsvr
CVE-2007-0918 (The ATOMIC.TCP signature engine in the Intrusion Prevention System ...)
	NOT-FOR-US: Cisco
CVE-2007-0917 (The Intrusion Prevention System (IPS) feature for Cisco IOS 12.4XE to ...)
	NOT-FOR-US: Cisco
CVE-2007-0916 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2007-0915 (Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2007-0914 (Race condition in the TCP subsystem for Solaris 10 allows remote ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0913 (Unspecified vulnerability in Microsoft Powerpoint allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-7024 (Multiple PHP remote file inclusion vulnerabilities in Harpia CMS 1.0.5 ...)
	NOT-FOR-US: Harpia CMS
CVE-2006-7023 (Multiple cross-site scripting (XSS) vulnerabilities in fx-APP 0.0.8.1 ...)
	NOT-FOR-US: fx-APP
CVE-2006-7022 (The Tools module in fx-APP 0.0.8.1 allows remote attackers to ...)
	NOT-FOR-US: fx-APP
CVE-2006-7021 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Plume CMS
CVE-2006-7020 (CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php ...)
	NOT-FOR-US: phpwcms
CVE-2006-7019 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
	NOT-FOR-US: phpwcms
CVE-2006-7018 (phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote ...)
	NOT-FOR-US: phpwcms
CVE-2006-7017 (Multiple PHP remote file inclusion vulnerabilities in Indexu 5.0.1 ...)
	NOT-FOR-US: Indexu
CVE-2006-7016 (phpjobboard allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Jobline
CVE-2006-7015 (** DISPUTED ** ...)
	NOT-FOR-US: Jobline
CVE-2006-7014 (admin.php in BloggIT 1.01 and earlier does not properly establish a ...)
	NOT-FOR-US: BloggIT
CVE-2006-7013 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-7012 (scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: SCart
CVE-2006-7011 (** DISPUTED ** ...)
	NOT-FOR-US: FlashChat
CVE-2007-0912 (Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php ...)
	NOT-FOR-US: JPortal
CVE-2007-0911 (Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow ...)
	- php5 5.2.2-1 (bug #410561; bug #410995; medium)
	[etch] - php5 <not-affected> (A regression only affecting 5.2.1)
CVE-2007-0910 (Unspecified vulnerability in PHP before 5.2.1 allows attackers to ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0909 (Multiple format string vulnerabilities in PHP before 5.2.1 might allow ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
CVE-2007-0908 (The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and ...)
	{DSA-1264-1}
	- php5 5.2.0-9
	[etch] - php5 5.2.0-8+etch1
	- php4 6:4.4.4-9
	NOTE: this extension is not enabled by default in the php packages
CVE-2007-0907 (Buffer underflow in PHP before 5.2.1 allows attackers to cause a ...)
	{DSA-1264-1}
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0906 (Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause ...)
	{DSA-1264-1}
	NOTE: (4) is a non-issue, as we don't use the bundled sqlite
	- php5 5.2.0-9 (bug #410561; bug #410995; medium)
	- php4 6:4.4.4-9
	[etch] - php4 6:4.4.4-8+etch1
	[etch] - php5 5.2.0-8+etch1
CVE-2007-0905 (PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir ...)
	- php5 5.2.0-9 (bug #410561; bug #410995; unimportant)
	NOTE: we normally don't spend much time on safe_mode and open_basedir
	NOTE: issues, but the because the attack vectors are "unspecified", it
	NOTE: might be harder for us to try and sort out the fixes for this
	NOTE: from the session fixes in CVE-2007-0906 (see there for more info)
CVE-2007-0904 (SQL injection vulnerability in projects.php in LightRO CMS 1.0 allows ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0903 (Unspecified vulnerability in the mod_roster_odbc module in ejabberd ...)
	- ejabberd 1.1.2-5
CVE-2007-0902 (Unspecified vulnerability in the &quot;Show debugging information&quot; feature ...)
	- moin <unfixed> (unimportant)
	NOTE: this is a version information disclosure.
CVE-2007-0901 (Multiple cross-site scripting (XSS) vulnerabilities in Info pages in ...)
	- moin 1.5 (bug #411084; medium)
	NOTE: Despite what the CVE says, this is not a problem in the 1.5.x code
CVE-2007-0900 (Multiple PHP remote file inclusion vulnerabilities in TagIt! Tagboard ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2007-0899 [Possible heap overflow in libclamav/fsg.c]
	RESERVED
	{DSA-1263-1}
	- clamav 0.90-1
	[etch] - clamav	0.88.7-2
CVE-2007-0898 (Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411117)
	[etch] - clamav	0.88.7-2
CVE-2007-0897 (Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...)
	{DSA-1263-1}
	- clamav 0.90-1 (bug #411118)
	[etch] - clamav	0.88.7-2
CVE-2007-0896 (Cross-site scripting (XSS) vulnerability in the (1) Sage before ...)
	- firefox-sage 1.3.10-1
	[etch] - firefox-sage <not-affected> (HTML mode not enabled in Etch)
	NOTE: http://secunia.com/advisories/24086/
	NOTE: might not affect Debian version because HTML mode is disabled. sf: pinged maintainer
CVE-2007-0451 (Apache SpamAssassin before 3.1.8 allows remote attackers to cause a ...)
	- spamassassin 3.1.7-2 (bug #410843)
	NOTE: http://issues.apache.org/SpamAssassin/show_bug.cgi?id=5318
CVE-2007-0895 (Race condition in recursive directory deletion with the (1) -r or (2) ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0894 (MediaWiki before 1.9.2 allows remote attackers to obtain sensitive ...)
	- mediawiki <removed> (unimportant)
	NOTE: Only path disclosure
CVE-2007-0893 (Directory traversal vulnerability in phpMyVisites before 2.2 allows ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0892 (CRLF injection vulnerability in phpMyVisites before 2.2 allows remote ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0891 (Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath ...)
	NOT-FOR-US: phpMyVisites
CVE-2007-0890 (Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in ...)
	NOT-FOR-US: cPanel
CVE-2007-0889 (Kiwi CatTools before 3.2.0 beta uses weak encryption (&quot;reversible ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0888 (Directory traversal vulnerability in the TFTP server in Kiwi CatTools ...)
	NOT-FOR-US: Kiwi CatTools
CVE-2007-0887 (axigen 1.2.6 through 2.0.0b1 does not properly parse login ...)
	NOT-FOR-US: Axigen
CVE-2007-0886 (Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows ...)
	NOT-FOR-US: Axigen
CVE-2007-0885 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Rainbow.Zen
CVE-2007-0884 (Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows ...)
	- mimedefang <not-affected> (Only versions 2.59 and 2.60 vulnerable)
CVE-2007-0883 (Directory traversal vulnerability in ...)
	NOT-FOR-US: IP3 NetAccess
CVE-2007-0882 (Argument injection vulnerability in the telnet daemon (in.telnetd) in ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0881 (PHP remote file inclusion vulnerability in the Seitenschutz plugin for ...)
	NOT-FOR-US: OPENi-CMS
CVE-2007-0880 (Capital Request Forms stores sensitive information under the web root ...)
	NOT-FOR-US: Capital Request Forms
CVE-2007-0879 (Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows ...)
	NOT-FOR-US: PEBrowse
CVE-2007-0878 (Unspecified vulnerability in Microsoft Internet Explorer on Windows ...)
	NOT-FOR-US: Microsoft
CVE-2007-0877 (Unspecified vulnerability in March Networks DVR 3000 and 4000 Digital ...)
	NOT-FOR-US: March Networks DVR
CVE-2007-0876 (Cross-site scripting (XSS) vulnerability in Quick Digital Image ...)
	NOT-FOR-US: Quick Digital Image Gallery
CVE-2007-0875 (** DISPUTED ** ...)
	NOT-FOR-US: mcRefer
CVE-2007-0874 (Allons_voter 1.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Allons_voter
CVE-2007-0873 (nabopoll 1.1.2 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: nabopoll
CVE-2007-0872 (Directory traversal vulnerability in the Plain Old Webserver (POW) ...)
	NOT-FOR-US: Plain Old Webserver
CVE-2007-0871 (Unrestricted file upload vulnerability in eXtremePow eXtreme File ...)
	NOT-FOR-US: eXtreme File Hosting
CVE-2006-7010 (The mosgetparam implementation in Joomla! before 1.0.10, does not set ...)
	NOT-FOR-US: Joomla
CVE-2006-7009 (Joomla! before 1.0.10 allows remote attackers to spoof the frontend ...)
	NOT-FOR-US: Joomla
CVE-2006-7008 (Unspecified vulnerability in Joomla! before 1.0.10 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2006-7007 (Buffer overflow in Tiny FTPd 1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Tiny FTPd
CVE-2006-7006 (** DISPUTED ** ...)
	NOT-FOR-US: Somery
CVE-2006-7005 (SQL injection vulnerability in item.php in PSY Auction allows remote ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7004 (Cross-site scripting (XSS) vulnerability in email_request.php in PSY ...)
	NOT-FOR-US: PSY Auction
CVE-2006-7003 (PHP remote file inclusion vulnerability in admin/index.php in Fusion ...)
	NOT-FOR-US: Fusion Polls
CVE-2006-7002 (Cross-site scripting (XSS) vulnerability in add_comment.php in ...)
	NOT-FOR-US: Wheatblog
CVE-2006-7001 (Directory traversal vulnerability in avatar.php in PhpMyChat Plus 1.9 ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-7000 (Headstart Solutions DeskPRO allows remote attackers to obtain the full ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6999 (attachment.php in Headstart Solutions DeskPRO allows remote attackers ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6998 (install/loader_help.php in Headstart Solutions DeskPRO allows remote ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6997 (Unspecified vulnerability in a cryptographic feature in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2006-6996 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-6995 (mycontacts.php in V3 Chat allows remote authenticated users to gain ...)
	NOT-FOR-US: V3 Chat
CVE-2006-6994 (Unrestricted file upload vulnerability in add.asp in OzzyWork Gallery, ...)
	NOT-FOR-US: OzzyWork Gallery
CVE-2006-6993 (Multiple SQL injection vulnerabilities in pages/addcomment2.php in ...)
	NOT-FOR-US: Neuron Blog
CVE-2005-4828 (Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large ...)
	- kolabd <not-affected> (Only vulnerable in 2.0-2.1; not packaged Debian)
CVE-2007-XXXX [dokuwiki conf directory accessible by web users]
	- dokuwiki 0.0.20061106-3 (bug #410557)
CVE-2007-0870 (Unspecified vulnerability in Microsoft Word 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2007-0869 (Cross-site scripting (XSS) vulnerability in the Attachment Manager ...)
	NOT-FOR-US: vBulletin
CVE-2007-0868 (Unspecified vulnerability in the Chat Room functionality in Yahoo! ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0867 (PHP remote file inclusion vulnerability in classes/menu.php in ...)
	NOT-FOR-US: Site-Assistant
CVE-2007-0866 (Unspecified vulnerability in HP OpenView Storage Data Protector on ...)
	NOT-FOR-US: HP OpenView
CVE-2007-0865 (SQL injection vulnerability in comments.php in LushiNews 1.01 and ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0864 (SQL injection vulnerability in register.php in LushiWarPlaner 1.0 ...)
	NOT-FOR-US: LushiWarPlaner
CVE-2007-0863 (** DISPUTED ** ...)
	NOT-FOR-US: Trevorchan
CVE-2007-0862 (** DISPUTED ** ...)
	NOT-FOR-US: gnopaste
CVE-2007-0861 (** DISPUTED ** ...)
	NOT-FOR-US: phpCOIN
CVE-2007-0860 (** DISPUTED ** ...)
	NOT-FOR-US: local Calendar System
CVE-2007-0859 (The Find feature in Palm OS Treo smart phones operates despite the ...)
	NOT-FOR-US: Palm OS Treo
CVE-2006-6992 (Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote ...)
	NOT-FOR-US: GoSuRF Browser
CVE-2006-6991 (Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote ...)
	NOT-FOR-US: Fast Browser Pro
CVE-2006-6990 (Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote ...)
	NOT-FOR-US: Enigma Browser
CVE-2006-6989 (Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows ...)
	NOT-FOR-US: NetCaptor
CVE-2006-6988 (Cross-domain vulnerability in Slim Browser 4.07 build 100 allows ...)
	NOT-FOR-US: Slim Browser
CVE-2006-6987 (Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote ...)
	NOT-FOR-US: FineBrowser Freeware
CVE-2006-6986 (Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers ...)
	NOT-FOR-US: PhaseOut
CVE-2006-6985 (Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote ...)
	NOT-FOR-US: Maxthon
CVE-2006-6984 (Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote ...)
	NOT-FOR-US: GreenBrowser
CVE-2006-6983 (Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote ...)
	NOT-FOR-US: MYweb4net Browser
CVE-2007-XXXX [ikiwiki allows web user to edit images and other non-page format files in the wiki]
	- ikiwiki 1.42 (low)
	[etch] - ikiwiki 1.33.1
CVE-2007-0858
	RESERVED
CVE-2007-0857 (Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin before ...)
	- moin 1.5.3-1.2 (bug #410338; medium; bug #410552)
CVE-2007-0856 (TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module ...)
	NOT-FOR-US: Trend Micro Anti-Rootkit Common Module
CVE-2007-0855 (Stack-based buffer overflow in RARLabs Unrar, as packaged in WinRAR ...)
	- rar 1:3.7b1-1 (high; bug #410582)
	[sarge]	- rar <no-dsa> (Non-free)
	[etch] - rar <no-dsa> (Non-free)
	- unrar-nonfree 1:3.7.3-1 (high; bug #410580)
	[sarge] - unrar-nonfree 1:3.5.2-0.2
	[etch] - unrar-nonfree 1:3.5.4-1.1
	NOTE: amavid-new automatically uses "rar -p-" or "unrar -p-",
	NOTE: which probably turns this into remote code execution
	NOTE: clamav can also call unrar -p-, but AFAICS not in default configuration
	NOTE: unrar-free and clamav (which embeds unrar-free code) not affected
CVE-2007-0854 (Remote file inclusion vulnerability in scripts2/objcache in cPanel ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2007-0853 (SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers ...)
	NOT-FOR-US: DevTrack
CVE-2007-0852 (Cross-site scripting (XSS) vulnerability in DevTrack 6.x allows remote ...)
	NOT-FOR-US: DevTrack
CVE-2007-0851 (Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before ...)
	NOT-FOR-US: Trend Micro Scan Engine
CVE-2007-0850 (scripts/cronscript.php in SysCP 1.2.15 and earlier includes and ...)
	NOT-FOR-US: SysCP
CVE-2007-0849 (scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly ...)
	NOT-FOR-US: SysCP
CVE-2007-0848 (PHP remote file inclusion vulnerability in classes/class_mail.inc.php ...)
	NOT-FOR-US: Maian Recipe
CVE-2007-0847 (SQL injection vulnerability in mod/PM/reply.php in Open Tibia Server ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0846 (Cross-site scripting (XSS) vulnerability in forum.php in Open Tibia ...)
	NOT-FOR-US: Open Tibia Server CMS
CVE-2007-0845 (admin/index.php in Advanced Poll 2.0.0 through 2.0.5-dev allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2007-0843 (The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0842 (The 64-bit versions of Microsoft Visual C++ 8.0 standard library ...)
	NOT-FOR-US: Microsoft
CVE-2007-0841 (Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have ...)
	NOT-FOR-US: vbDrupal
CVE-2007-0840 (Cross-site scripting (XSS) vulnerability in HLstats before 1.35 allows ...)
	NOT-FOR-US: HLstats
CVE-2007-0839 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: WebMatic
CVE-2007-0838 (FreeProxy before 3.92 Build 1626 allows malicious users to cause a ...)
	NOT-FOR-US: FreeProxy
CVE-2007-0837 (PHP remote file inclusion vulnerability in examples/inc/top.inc.php in ...)
	NOT-FOR-US: AgerMenu
CVE-2007-0836 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0835 (admin.php in Coppermine Photo Gallery 1.4.10, and possibly earlier, ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0834 (Cross-site scripting (XSS) vulnerability in FlashChat 4.7.8 allows ...)
	NOT-FOR-US: FlashChat
CVE-2007-0833 (VMware Workstation 5.5.3 34685, when the &quot;Enable copy and paste to and ...)
	NOT-FOR-US: VMware
CVE-2007-0832 (VMware Workstation 5.5.3 34685 does not immediately change the ...)
	NOT-FOR-US: VMware
CVE-2007-0831 (** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Atsphp
CVE-2007-0830 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2007-0829 (avast! Server Edition before 4.7.726 does not demand a password in a ...)
	NOT-FOR-US: avast!
CVE-2007-0828 (PHP remote file inclusion vulnerability in affichearticles.php3 in ...)
	NOT-FOR-US: MySQLNewsEngine
CVE-2007-0827 (The Alibaba Alipay PTA Module ActiveX control (PTA.DLL) allows remote ...)
	NOT-FOR-US: Alibaba Alipay PTA Module ActiveX control
CVE-2007-0826 (SQL injection vulnerability in forum.asp in Kisisel Site 2007 allows ...)
	NOT-FOR-US: Kisisel Site
CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of ...)
	NOT-FOR-US: FlashFXP
CVE-2007-0824 (PHP remote file inclusion vulnerability in inhalt.php in LightRO CMS ...)
	NOT-FOR-US: LightRO CMS
CVE-2007-0823 (xterm on Slackware Linux 10.2 stores information that had been ...)
	- xterm <not-affected> (Not a security problem)
CVE-2007-0822 (umount, when running with the Linux 2.6.15 kernel on Slackware Linux ...)
	- util-linux <not-affected> (Not a security problem)
CVE-2007-0821 (Multiple directory traversal vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0820 (Multiple PHP remote file inclusion vulnerabilities in Cedric CLAIRE ...)
	NOT-FOR-US: PortailPhp
CVE-2007-0819 (HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 ...)
	NOT-FOR-US: HP Network Node Manager
CVE-2007-0818
	REJECTED
CVE-2007-0817 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion web ...)
	NOT-FOR-US: Adobe ColdFusion web server
CVE-2007-0816 (The RPC Server service (catirpc.exe) in CA (formerly Computer ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0815 (Cross-site scripting (XSS) vulnerability in images_archive.asp in ...)
	NOT-FOR-US: Uphotogallery
CVE-2007-0814 (Multiple cross-site scripting (XSS) vulnerabilities in Adrenalin's ASP ...)
	NOT-FOR-US: ASP Chat
CVE-2007-0813 (Cross-site scripting (XSS) vulnerability in Home production ...)
	NOT-FOR-US: MySearchEngine
CVE-2007-0812 (SQL injection vulnerability in pms.php in Woltlab Burning Board (wBB) ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0811 (Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on ...)
	NOT-FOR-US: Microsoft
CVE-2007-0810 (PHP remote file inclusion vulnerability in MVCnPHP/BaseView.php in ...)
	NOT-FOR-US: GeekLog
CVE-2007-0809 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Categories Hierarchy
CVE-2007-0808 (PHP remote file inclusion vulnerability in Mina Ajans Script allows ...)
	NOT-FOR-US: Mina Ajans Script
CVE-2007-0807 (Cross-site scripting (XSS) vulnerability in info.php in flashChat ...)
	NOT-FOR-US: flashChat
CVE-2007-0806 (Les News 2.2 allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Les News
CVE-2007-0805 (The ps (/usr/ucb/ps) command on HP Tru64 UNIX 5.1 1885 allows local ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2007-0804 (Directory traversal vulnerability in admin/subpages.php in GGCMS 1.1.0 ...)
	NOT-FOR-US: GGCMS
CVE-2007-0803 (Multiple buffer overflows in STLport before 5.0.3 allow remote ...)
	- stlport5 5.0.3-1 (bug #410864; low)
	[etch] - stlport5 5.0.2-12
	[sarge] - stlport5 <not-affected> (Vulnerable code not compiled in)
CVE-2007-0802 (Mozilla Firefox 2.0.0.1 allows remote attackers to bypass the Phishing ...)
	- iceweasel 2.0.0.16-1 (low)
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=367538
CVE-2007-0801 (The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox ...)
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
CVE-2007-0800 (Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0799 (SQL injection vulnerability in badword.asp in Ublog Reload 1.0.5 ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0798 (Multiple cross-site scripting (XSS) vulnerabilities in Ublog Reload ...)
	NOT-FOR-US: Ublog Reload
CVE-2007-0797 (PHP remote file inclusion vulnerability in theme/settings.php in ...)
	NOT-FOR-US: SMA-DB
CVE-2007-0796 (Blue Coat Systems WinProxy 6.1a and 6.0 r1c, and possibly earlier, ...)
	NOT-FOR-US: WinProxy
CVE-2007-0795 (Multiple PHP remote file inclusion vulnerabilities in Wap Portal ...)
	NOT-FOR-US: Wap Portal Server
CVE-2007-0794 (** DISPUTED ** ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0793 (PHP remote file inclusion vulnerability in inc/common.php in ...)
	NOT-FOR-US: GlobalMegaCorp dvddb
CVE-2007-0792 (The mod_perl initialization script in Bugzilla 2.23.3 does not set the ...)
	- bugzilla <not-affected> (Only development version 2.23.3 is affected)
CVE-2007-0791 (Cross-site scripting (XSS) vulnerability in Atom feeds in Bugzilla ...)
	- bugzilla 2.22.1-2.1 (bug #409824; low)
	[etch] - bugzilla <no-dsa> (Minor issue, far-fetched attack, minor impact)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0789 (SQL injection vulnerability in Mambo before 4.5.5 allows remote ...)
	- mambo 4.6.1-1 (medium)
	NOTE: only the 4.5.x tree was vulnerable
CVE-2007-0788 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.9.x before ...)
	- mediawiki <not-affected> (Only in 1.9 branch, fixed in 1.9.2)
CVE-2007-0787 (PHP remote file inclusion vulnerability in controller.php in Simple ...)
	NOT-FOR-US: Simple Invoices
CVE-2007-0786 (SQL injection vulnerability in view.php in Noname Media Photo Galerie ...)
	NOT-FOR-US: Noname Media Photo Galerie Standard
CVE-2007-0785 (PHP remote file inclusion vulnerability in previewtheme.php in ...)
	NOT-FOR-US: Flipsource Flip
CVE-2007-0784 (SQL injection vulnerability in login.asp for tPassword in the Raymond ...)
	NOT-FOR-US: RBL ASP tPassword
CVE-2007-0783
	RESERVED
CVE-2007-0782
	RESERVED
CVE-2007-0781
	RESERVED
CVE-2007-0780 (browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before ...)
	NOTE: MFSA-2007-05
	- iceweasel 2.0.0.2+dfsg-1 (medium)
	- iceape 1.0.8-1 (medium)
	- xulrunner 1.8.0.10-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
CVE-2007-0779 (GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and ...)
	NOTE: MFSA-2007-04
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <not-affected> (introduced in firefox 1.5)
CVE-2007-0778 (The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-03
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0777 (The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0776 (Heap-based buffer overflow in the _cairo_pen_init function in Mozilla ...)
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla-thunderbird <not-affected> (Only affected Firefox 2.0 et al)
	[sarge] - mozilla <not-affected> (Only affected Firefox 2.0 et al)
CVE-2007-0775 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-01
	- iceweasel 2.0.0.2+dfsg-1 (high)
	- iceape 1.0.8-1 (high)
	- icedove 1.5.0.10.dfsg1-1 (low)
	- xulrunner 1.8.0.10-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	NOTE: Only one of the crashes can be triggered in Sarge, 326864
CVE-2007-0774 (Stack-based buffer overflow in the map_uri_to_worker function ...)
	- libapache-mod-jk 1:1.2.21-1 (medium)
	[sarge] - libapache-mod-jk <not-affected>
	[etch] - libapache-mod-jk <not-affected>
	NOTE: affects only 1.2.19 and 1.2.20
CVE-2007-0773 (The Linux kernel before 2.6.9-42.0.8 in Red Hat 4.4 allows local users ...)
	- linux-2.6 2.6.12-1
CVE-2007-0772 (The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows ...)
	- linux-2.6 2.6.18.dfsg.1-11
CVE-2007-0771 (The utrace support in Linux kernel 2.6.18, and other versions, allows ...)
	- linux-2.6 <not-affected> (RHEL-specific backport, only present in -mm tree)
CVE-2007-0770 (Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted ...)
	{DSA-1260}
	- graphicsmagick 1.1.7-12
	- imagemagick 7:6.2.4.5.dfsg1-0.14 (bug #410435)
CVE-2007-1667 (Multiple integer overflows in (1) the XGetPixel function in ImUtil.c ...)
	{DSA-1903-1 DSA-1858-1 DSA-1294-1}
	- xfree86 <removed> (bug #414046; medium)
	- libx11 2:1.0.3-7 (bug #414045; medium)
	- graphicsmagick 1.1.7-14 (bug #417862; medium)
	- imagemagick 7:6.2.4.5.dfsg1-1 (medium)
	NOTE: Discovered through CVE-2007-0770.
	NOTE: With certain mail user agents, this issue is likely exploitable
	NOTE: without much user interaction.
CVE-2006-6982 (3proxy 0.5 to 0.5.2 does not offer NTLM authentication before basic ...)
	NOT-FOR-US: 3proxy
CVE-2006-6981 (3proxy 0.5 to 0.5.2, when NT-encoded passwords are being used, allows ...)
	NOT-FOR-US: 3proxy
CVE-2006-6980 (The magnatune.com album browser in Amarok allows attackers to cause a ...)
	- amarok 1.4.4-4 (bug #410850; unimportant)
	NOTE: This could only be exploited through the Magnatune shop
CVE-2006-6979 (The ruby handlers in the Magnatune component in Amarok do not properly ...)
	- amarok 1.4.4-1 (bug #410850; low)
	[sarge] - amarok <not-affected> (Vulnerable code not present)
CVE-2006-6978 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
	NOT-FOR-US: FCKEditor
CVE-2006-6977 (Cross-site scripting (XSS) vulnerability in the &quot;Basic Toolbar ...)
	NOT-FOR-US: FreeTextBox
CVE-2006-6976 (PHP remote file inclusion vulnerability in centipaid_class.php in ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6975 (** DISPUTED ** ...)
	NOT-FOR-US: CentiPaid
CVE-2006-6974 (Headstart Solutions DeskPRO stores sensitive information under the web ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6973 (Headstart Solutions DeskPRO does not require authentication for ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6972 (SQL injection in torrents.php in BtitTracker 1.3.2 and earlier allows ...)
	NOT-FOR-US: BtitTracker
CVE-2006-6971 (Mozilla Firefox 2.0, possibly only when running on Windows, allows ...)
	- iceweasel <not-affected> (Windows only)
CVE-2006-6970 (Opera 9.10 Final allows remote attackers to bypass the Fraud ...)
	NOT-FOR-US: Opera
CVE-2006-6969 (Jetty before 4.2.27, 5.1 before 5.1.12, 6.0 before 6.0.2, and 6.1 ...)
	- jetty 5.1.10-4 (medium; bug #445283)
	NOTE: http://jetty.cvs.sourceforge.net/jetty/Jetty/src/org/mortbay/jetty/servlet/AbstractSessionManager.java?r1=1.52&r2=1.53&view=patch
CVE-2005-4827 (Internet Explorer 6.0, and possibly other versions, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...)
	NOT-FOR-US: SmartFTP
CVE-2007-0844 (The auth_via_key function in pam_ssh.c in pam_ssh before 1.92, when ...)
	- libpam-ssh 1.91.0-9.2 (bug #410236; low)
	[etch] - libpam-ssh <no-dsa> (Minor issue)
	[sarge] - libpam-ssh <no-dsa> (Minor issue)
CVE-2007-0769 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2007-0768 (Multiple cross-site scripting (XSS) vulnerabilities in the Contact ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2007-0767 (Cross-site scripting (XSS) vulnerability in the core in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2007-0766 (Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows ...)
	NOT-FOR-US: .NET Explorer
CVE-2007-0765 (SQL injection vulnerability in news.php in dB Masters Curium CMS 1.03 ...)
	NOT-FOR-US: Curium CMS
CVE-2007-0764 (Unrestricted file upload vulnerability in F3Site 2.1 and earlier ...)
	NOT-FOR-US: F3Site
CVE-2007-0763 (Cross-site scripting (XSS) vulnerability in the news comment ...)
	NOT-FOR-US: F3Site
CVE-2007-0762 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB++
CVE-2007-0761 (PHP remote file inclusion vulnerability in config.php in phpBB ezBoard ...)
	NOT-FOR-US: phpBB ezBoard converter
CVE-2007-0760 (EQdkp 1.3.1 and earlier authenticates administrative requests by ...)
	NOT-FOR-US: EQdkp
CVE-2007-0759 (Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow ...)
	NOT-FOR-US: EasyMoblog
CVE-2007-0758 (PHP remote file inclusion vulnerability in lang.php in PHPProbid 5.24 ...)
	NOT-FOR-US: PHPProbid
CVE-2007-0757 (PHP remote file inclusion vulnerability in index.php in Miguel Nunes ...)
	NOT-FOR-US: CoD2 DreamStats
CVE-2007-0756 (Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Chicken of the VNC
CVE-2007-0755
	RESERVED
CVE-2007-0754 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0753 (Format string vulnerability in the VPN daemon (vpnd) in Apple Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0752 (The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the ...)
	NOT-FOR-US: Apple
CVE-2007-0751 (A cleanup script in crontabs in Apple Mac OS X 10.3.9 and 10.4.9 might ...)
	NOT-FOR-US: Apple
CVE-2007-0750 (Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 ...)
	NOT-FOR-US: Apple
CVE-2007-0749 (Multiple stack-based buffer overflows in the is_command function in ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0748 (Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2007-0747 (load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0746 (Heap-based buffer overflow in the VideoConference framework in Apple ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0745 (The Apple Security Update 2007-004 uses an incorrect configuration ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0744 (SMB in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0743 (URLMount in Apple Mac OS X 10.3.9 through 10.4.9 passes the username ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0742 (The WebFoundation framework in Apple Mac OS X 10.3.9 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0741 (Buffer overflow in natd in network_cmds in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0740 (Alias Manager in Apple Mac OS X 10.3.9 and 10.4.9 does not display ...)
	NOT-FOR-US: Apple
CVE-2007-0739 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 displays the ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0738 (The Login Window in Apple Mac OS X 10.4 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0737 (The Login Window in Apple Mac OS X 10.3.9 through 10.4.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0736 (Integer overflow in the RPC library in Libinfo in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0735 (Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0734 (fsck, as used by the AirPort Disk feature of the AirPort Extreme Base ...)
	NOT-FOR-US: AirPort Extreme Base Station
CVE-2007-0733 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 ...)
	NOT-FOR-US: Apple Mac ImageIO
CVE-2007-0732 (Unspecified vulnerability in the CoreServices daemon in CarbonCore in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0731 (Stack-based buffer overflow in the Apple-specific Samba module (SMB ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0730 (Server Manager (servermgrd) in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac Server Manager
CVE-2007-0729 (Apple File Protocol (AFP) Client in Apple Mac OS X 10.3.9 through ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0728 (Unspecified vulnerability in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0727
	REJECTED
CVE-2007-0726 (The SSH key generation process in OpenSSH in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple OpenSSH
CVE-2007-0725 (Buffer overflow in the AirPortDriver module for AirPort in Apple Mac ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0724 (The IOKit HID interface in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0723 (Unspecified vulnerability in the authentication feature for ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0722 (Integer overflow in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0721 (Unspecified vulnerability in diskimages-helper in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0720 (The CUPS service on multiple platforms allows remote attackers to ...)
	- cups 1.2.7-1 (bug #434734; low)
	- cupsys 1.2.7-1 (bug #434734; low)
	[sarge] - cupsys <no-dsa> (Minor, conceptual design problem)
	[etch] - cupsys <no-dsa> (Minor, conceptual design problem)
CVE-2007-0719 (Stack-based buffer overflow in Apple Mac OS X 10.3.9 and 10.4 through ...)
	NOT-FOR-US: Apple Mac
CVE-2007-0718 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0717 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0716 (Stack-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0715 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0714 (Integer overflow in Apple QuickTime before 7.1.5 allows remote ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0713 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0712 (Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0711 (Integer overflow in Apple QuickTime before 7.1.5, when installed on ...)
	NOT-FOR-US: Apple QuickTime
CVE-2007-0710 (The Bonjour functionality in iChat in Apple Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0709 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0708 (cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) ...)
	NOT-FOR-US: Comodo Firewall Pro
CVE-2007-0707 (Stack-based buffer overflow in GOM Player 2.0.12.3375 allows ...)
	NOT-FOR-US: GOM Player
CVE-2007-0706 (Cross-zone scripting vulnerability in Darksky RSS bar for Internet ...)
	NOT-FOR-US: Darksky RSS
CVE-2007-0705 (Cross-zone scripting vulnerability in Sleipnir 2.49 and earlier, and ...)
	NOT-FOR-US: Sleipnir
CVE-2007-0704 (PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 ...)
	NOT-FOR-US: Somery
CVE-2007-0703 (PHP remote file inclusion vulnerability in library/StageLoader.php in ...)
	NOT-FOR-US: WebBuilder
CVE-2007-0702 (Multiple PHP remote file inclusion vulnerabilities in phpEventMan ...)
	NOT-FOR-US: phpEventMan
CVE-2007-0701 (PHP remote file inclusion vulnerability in inc/common.inc.php in ...)
	NOT-FOR-US: Epistemon
CVE-2007-0700 (Directory traversal vulnerability in index.php in Guernion Sylvain ...)
	NOT-FOR-US: Portail Web
CVE-2007-0699 (PHP remote file inclusion vulnerability in includes/includes.php in ...)
	NOT-FOR-US: Portail Web
CVE-2007-0698 (Multiple SQL injection vulnerabilities in ACGVannu 1.3 and earlier ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0697 (index2.php in ACGVannu 1.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: ACGVannu
CVE-2007-0696 (Cross-site scripting (XSS) vulnerability in error messages in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0695 (Multiple SQL injection vulnerabilities in Free LAN In(tra|ter)net ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0694 (Cross-site scripting (XSS) vulnerability in footer.php in DGNews 2.1 ...)
	NOT-FOR-US: DGNews
CVE-2007-0693 (SQL injection vulnerability in news.php in DGNews 2.1 allows remote ...)
	NOT-FOR-US: DGNews
CVE-2007-0692 (DGNews 2.1 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: DGNews
CVE-2007-0691
	REJECTED
CVE-2007-0690 (myEvent 1.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: myEvent
CVE-2007-0689 (MyBB 1.2.4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-6968 (Cross-site scripting (XSS) vulnerability in the group moderation ...)
	NOT-FOR-US: Phorum
CVE-2006-6967
	REJECTED
CVE-2006-6966 (phpGraphy before 0.9.13a does not properly unset variables when the ...)
	NOT-FOR-US: phpGraphy
CVE-2007-XXXX [remctl ACL bypass vulnerability]
	- remctl 2.2-2
	[sarge] - remctl <not-affected> (Vulnerable code not present)
CVE-2007-0688 (SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti ...)
	NOT-FOR-US: Hunkaray Duyuru Scripti
CVE-2007-0687 (SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc ...)
	NOT-FOR-US: L2J Dropcalc
CVE-2007-0686 (The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) ...)
	NOT-FOR-US: Intel 2200BG Cards drive.
CVE-2007-0685 (Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Internet Explorer
CVE-2007-0684 (PHP remote file inclusion vulnerability in portal.php in Cerulean ...)
	NOT-FOR-US: Cerulean Portal System
CVE-2007-0683 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Omegaboard
CVE-2007-0682 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: JV2 Folder Gallery
CVE-2007-0681 (profile.php in ExtCalendar 2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ExtCalendar
CVE-2007-0680 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Phpbb Tweaked it is a module to phpbb
CVE-2007-0679 (PHP remote file inclusion vulnerability in lang/leslangues.php in ...)
	NOT-FOR-US: PHPMyRing
CVE-2007-0678 (SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting ...)
	NOT-FOR-US: Fullaspsite Asp Hosting Sites
CVE-2007-0677 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Cadre PHP Framework
CVE-2007-0676 (SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier ...)
	NOT-FOR-US: ExoPHPDesk
CVE-2007-0675 (A certain ActiveX control in sapi.dll (aka the Speech API) in Speech ...)
	NOT-FOR-US: Windows Vista
CVE-2007-0674 (Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and ...)
	NOT-FOR-US: Windows Mobile
CVE-2007-0673 (LGSERVER.EXE in BrightStor ARCserve Backup for Laptops &amp; Desktops ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0672 (LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers ...)
	NOT-FOR-US: (CA) BrightStor
CVE-2007-0671 (Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0670 (Buffer overflow in bos.rte.libc in IBM AIX 5.2 and 5.3 allows local ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0669 (Unspecified vulnerability in Twiki 4.0.0 through 4.1.0 allows local ...)
	- twiki 1:4.0.5-9 (bug #410256)
CVE-2007-0668 (The Loopback Filesystem (LOFS) in Sun Solaris 10 allows local users in ...)
	NOT-FOR-US: Sun Solaris.
CVE-2007-0667 (The redirect function in Form.pm for (1) LedgerSMB before 1.1.5 and ...)
	- sql-ledger <unfixed> (bug #409703; unimportant)
	NOTE: It's documented behaviour that SQL-Ledger should only be run in an
	NOTE: authenticated HTTP zone and without untrusted users
	[etch] - sql-ledger <no-dsa> (Should only be used with trusted users)
	NOTE: sql-ledger 2.6.22-2 adds a note to README.Debian that sql-ledger
	NOTE: is not secure with untrusted users.
CVE-2007-0666 (Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0665 (Format string vulnerability in the SCP module in Ipswitch WS_FTP 2007 ...)
	NOT-FOR-US: WS_FTP Server
CVE-2007-0664 (thttpd before 2.25b-r6 in Gentoo Linux is started from the system root ...)
	- thttpd <not-affected> (Gentoo-specific packaging flaw)
	NOTE: In accordance with Debian Policy is not possible start Webserver
	NOTE: in root directory (/).
CVE-2007-0663 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0662 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Hailboards
CVE-2007-0661 (Intel Enterprise Southbridge 2 Baseboard Management Controller (BMC), ...)
	NOT-FOR-US: Intel BMC
CVE-2007-0660 (Cross-site scripting (XSS) vulnerability in the IFrame module before ...)
	NOT-FOR-US: DotNetNuke
CVE-2007-0659 (download.php in the MuddyDogPaws FileDownload snippet before 2.5 for ...)
	NOT-FOR-US: MODx MuddyDogPaws FileDownload
CVE-2007-0658 (The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module ...)
	NOT-FOR-US: Drupal addon module "Textimage"
CVE-2007-0657 (Unspecified vulnerability in Nexuiz 2.2.2 allows remote attackers to ...)
	- nexuiz 2.2.3-1 (medium)
	[etch] - nexuiz <not-affected> (Vulnerable code not present, was introduced in 2.2.2)
CVE-2007-0656 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB2-MODificat it is a module to phpbb2
CVE-2007-0655 (The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan ...)
	NOT-FOR-US: MicroWorld
CVE-2007-0654 (Integer underflow in X MultiMedia System (xmms) 1.2.10 allows ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0653 (Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly ...)
	{DSA-1277-1}
	- xmms 1:1.2.10+20070301-2 (bug #416423; low)
CVE-2007-0652 (Cross-site request forgery (CSRF) vulnerability in MailEnable Professional ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0651 (Multiple cross-site scripting (XSS) vulnerabilities in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2007-0650 (Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 ...)
	- tetex-bin <not-affected> (Only vulnerable if compiled w/o kpathsea support, Debian does)
CVE-2007-0649 (Variable overwrite vulnerability in interface/globals.php in OpenEMR ...)
	NOT-FOR-US: OpenEMR
CVE-2007-0648 (Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice ...)
	NOT-FOR-US: Cisco
CVE-2007-0647 (Format string vulnerability in Help Viewer 3.0.0 allows remote ...)
	NOT-FOR-US: AppleKit
CVE-2007-0646 (Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple ...)
	NOT-FOR-US: iMovie
CVE-2007-0645 (Format string vulnerability in iPhoto 6.0.5 allows remote ...)
	NOT-FOR-US: iPhoto
CVE-2007-0644 (Format string vulnerability in Apple Safari 2.0.4 (419.3) allows ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0643 (Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows ...)
	NOT-FOR-US: Bloodshed Dev-C++
CVE-2007-0642 (SQL injection vulnerability in tForum 2.00 in the Raymond BERTHOU ...)
	NOT-FOR-US: Raymond BERTHOU script collection
CVE-2007-0641 (Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 ...)
	NOT-FOR-US: Shaffer Solutions (SSC)
CVE-2007-0640 (Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack ...)
	- zabbix 1:1.1.4-8 (bug #409257)
CVE-2007-0639 (Multiple static code injection vulnerabilities in error.php in GuppY ...)
	NOT-FOR-US: GuppY
CVE-2007-0638 (show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers ...)
	NOT-FOR-US: PHPFootball
CVE-2007-0637 (Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 ...)
	NOT-FOR-US: Galeria Zdjec
CVE-2007-0636 (Unspecified vulnerability in inotify before 0.3.5 has unknown impact ...)
	NOT-FOR-US: incron
CVE-2007-0635 (Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 ...)
	NOT-FOR-US: EncapsCMS
CVE-2007-0634 (Unspecified vulnerability in Sun Solaris 10 before 20070130 allows ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-XXXX [kaya buffer overflow, cross-site scripting and data leak]
	- kaya 0.2.0-6 (bug #409062)
CVE-2007-XXXX [file descriptor leak when a Compose file uses the "include" directive]
	- libx11 2:1.0.3-5 (low)
	NOTE: https://bugs.freedesktop.org/show_bug.cgi?id=9279
CVE-2007-0633 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNews
CVE-2007-0632 (SQL injection vulnerability in artreplydelete.asp in ASP EDGE 1.3a and ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0631 (SQL injection vulnerability in index.php in Eclectic Designs ...)
	NOT-FOR-US: Eclectic Designs CascadianFAQ
CVE-2007-0630 (Multiple SQL injection vulnerabilities in the generate_csv function in ...)
	NOT-FOR-US: xNews
CVE-2007-0629 (The www_purgeList method in Plain Black WebGUI before 7.3.8 does not ...)
	NOT-FOR-US: Plain Black WebGUI
CVE-2007-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Java System ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2007-0627 (Michael Still gtalkbot before 1.2 places username and password ...)
	NOT-FOR-US: gtalkbot
CVE-2007-0626 (The comment_form_add_preview function in comment.module in Drupal ...)
	- drupal 4.7.6-1
CVE-2007-0625 (nxconfigure.sh in NoMachine NX Server before 2.1.0-18 does not ...)
	NOT-FOR-US: NoMachine NX Server
CVE-2007-0624 (user.php in MAXdev MDPro 1.0.76 allows remote attackers to obtain the ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0623 (SQL injection vulnerability in index.php in MAXdev MDPro 1.0.76 allows ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2007-0622 (Cross-site request forgery (CSRF) vulnerability in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0621
	REJECTED
CVE-2007-0620 (download.php in FD Script 1.3.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FD Script
CVE-2007-0619 (chmlib before 0.39 allows user-assisted remote attackers to execute ...)
	- chmlib 2:0.39-1 (bug #408603; medium)
CVE-2007-0618 (Unspecified vulnerability in (1) pop3d, (2) pop3ds, (3) imapd, and (4) ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0617 (The SpamBlocker.dll ActiveX control in Earthlink TotalAccess is marked ...)
	NOT-FOR-US: Earthlink TotalAccess
CVE-2007-0616 (Directory traversal vulnerability in zen/template-functions.php in ...)
	NOT-FOR-US: zenphoto
CVE-2007-0615 (Unspecified vulnerability in Hitachi JP1/HIBUN Advanced Edition ...)
	NOT-FOR-US: Hitachi
CVE-2007-0614 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0613 (The Bonjour functionality in mDNSResponder, iChat 3.1.6, and ...)
	NOT-FOR-US: Apple
CVE-2007-0612 (Multiple ActiveX controls in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft ActiveX
CVE-2007-0611 (Multiple cross-site scripting (XSS) vulnerabilities in Free LAN ...)
	NOT-FOR-US: Free LAN Intranet Portal
CVE-2007-0610 (Cross-site scripting (XSS) vulnerability in the mailform feature in ...)
	NOT-FOR-US: CMSimple
CVE-2007-0609 (Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0608 (Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0607 (W-Agora (Web-Agora) 4.2.1, when register_globals is enabled, stores ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0606 (w-agora 4.2.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Web-Agora
CVE-2007-0605 (Cross-site scripting (XSS) vulnerability in picture.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0604 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) before ...)
	NOT-FOR-US: Movable Type
CVE-2007-0603 (PGP Desktop before 9.5.1 does not validate data objects received over ...)
	NOT-FOR-US: PGP Desktop
CVE-2007-0602 (Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2007-0601 (common/safety.php in Aztek Forum 4.00 allows remote attackers to enter ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0600 (SQL injection vulnerability in news_page.asp in Martyn Kilbryde ...)
	NOT-FOR-US: makit news
CVE-2007-0599 (Variable overwrite vulnerability in common/config.php in Aztek Forum ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0598 (SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0597 (Aztek Forum 4.00 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0596 (PHP remote file inclusion vulnerability in index/main.php in Aztek ...)
	NOT-FOR-US: Aztek Forum
CVE-2007-0595 (Cross-site scripting (XSS) vulnerability in search in High 5 Review ...)
	NOT-FOR-US: high5 Review
CVE-2007-0594 (Siteman 2.0.x2 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0593 (Siteman 1.1.11 stores sensitive information under the web root with ...)
	NOT-FOR-US: Siteman
CVE-2007-0592 (Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows ...)
	NOT-FOR-US: EzDatabase
CVE-2007-0591 (PHP remote file inclusion vulnerability in configure.php in Vu Le An ...)
	NOT-FOR-US: VirtualPath
CVE-2007-0590 (Cross-site scripting (XSS) vulnerability in busca2.asp in Forum Livre ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0589 (SQL injection vulnerability in Forum Livre 1.0 allows remote attackers ...)
	NOT-FOR-US: Forum Livre
CVE-2007-0588 (The InternalUnpackBits function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0587
	RESERVED
CVE-2007-0586
	RESERVED
CVE-2007-0585 (include/debug.php in Webfwlog 0.92 and earlier, when register_globals ...)
	NOT-FOR-US: Webfwlog
CVE-2007-0584 (PHP remote file inclusion vulnerability in membres/membreManager.php ...)
	NOT-FOR-US: PhP Generic
CVE-2007-0583 (Multiple cross-site scripting (XSS) vulnerabilities in HTTP Commander ...)
	NOT-FOR-US: HTTP Commander
CVE-2007-0582 (SQL injection vulnerability in default.asp in ChernobiLe 1.0 allows ...)
	NOT-FOR-US: ChernobiLe
CVE-2007-0581 (PHP remote file inclusion vulnerability in functions.php in EclipseBB ...)
	NOT-FOR-US: EclipseBB
CVE-2007-0580 (PHP remote file inclusion vulnerability in menu.php in Foro Domus 2.10 ...)
	NOT-FOR-US: Foro Domus
CVE-2007-0579 (Unspecified vulnerability in the calendar component in Horde Groupware ...)
	NOT-FOR-US: Horde Groupware
CVE-2007-0578 (The http_open function in httpget.c in mpg123 before 0.64 allows ...)
	- mpg123 0.61-5 (bug #409296; unimportant)
	NOTE: Not much of a security problem; user will abort mpg123 and never listen to
	NOTE: the faulty stream again
CVE-2007-0577 (PHP remote file inclusion vulnerability in function.inc.php in ...)
	NOT-FOR-US: ACGVclick
CVE-2007-0576 (PHP remote file inclusion vulnerability in xt_counter.php in Xt-Stats ...)
	NOT-FOR-US: Xt-Stats
CVE-2007-0575 (Multiple SQL injection vulnerabilities in the administrative login ...)
	NOT-FOR-US: ASPCode.net AdMentor
CVE-2007-0574 (SQL injection vulnerability in rss/show_webfeed.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2007-0573 (PHP remote file inclusion vulnerability in includes/config.inc.php in ...)
	NOT-FOR-US: nsGalPHP
CVE-2007-0572 (PHP remote file inclusion vulnerability in include/irc/phpIRC.php in ...)
	NOT-FOR-US: Drunken:Golem Gaming Portal
CVE-2007-0571 (PHP remote file inclusion vulnerability in include/lib/lib_head.php in ...)
	NOT-FOR-US: phpMyReports
CVE-2007-0570 (PHP remote file inclusion vulnerability in ains_main.php in Johannes ...)
	NOT-FOR-US: Ad Fundum Integratable News Script
CVE-2007-0569 (SQL injection vulnerability in xNews.php in xNews 1.3 allows remote ...)
	NOT-FOR-US: xNews
CVE-2007-0568 (PHP remote file inclusion vulnerability in system/lib/package.php in ...)
	NOT-FOR-US: MyPHPCommander
CVE-2007-0567 (Cross-site scripting (XSS) vulnerability in admin.php in ...)
	NOT-FOR-US: Interactive-Scripts.Com
CVE-2007-0566 (SQL injection vulnerability in news_detail.asp in ASP NEWS 3 and ...)
	NOT-FOR-US: ASP NEWS
CVE-2007-0565 (CGI-Rescue Shopping Basket Professional 7.50 and earlier allows remote ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0564 (The license registering interface in Symantec Web Security (SWS) ...)
	NOT-FOR-US: Symantec
CVE-2007-0563 (Multiple cross-site scripting (XSS) vulnerabilities in Symantec Web ...)
	NOT-FOR-US: Symantec
CVE-2007-0562 (Windows Explorer (explorer.exe) 6.0.2900.2180 in Microsoft Windows XP ...)
	NOT-FOR-US: Windows Explorer
CVE-2007-0561 (Multiple PHP remote file inclusion vulnerabilities in Xero Portal 1.2 ...)
	NOT-FOR-US: Xero Portal
CVE-2007-0560 (SQL injection vulnerability in user.asp in ASP EDGE 1.2b and earlier ...)
	NOT-FOR-US: ASP EDGE
CVE-2007-0559 (PHP remote file inclusion vulnerability in config.php in RPW 1.0.2 ...)
	NOT-FOR-US: RPW
CVE-2007-0558 (PHP remote file inclusion vulnerability in modules/mail/main.php in ...)
	NOT-FOR-US: vHostAdmin
CVE-2005-4826 (Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2007-0557 (rMake before 1.0.4 drops root privileges in a way that retains the ...)
	NOT-FOR-US: rPath
CVE-2007-0556 (The query planner in PostgreSQL before 8.0.11, 8.1 before 8.1.7, and ...)
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 <not-affected> (only PostgreSQL 8.x)
	- postgresql <not-affected> (only PostgreSQL 8.x)
CVE-2007-0555 (PostgreSQL 7.3 before 7.3.13, 7.4 before 7.4.16, 8.0 before 8.0.11, ...)
	{DSA-1261-1}
	- postgresql-8.2 8.2.2-1
	- postgresql-8.1 8.1.7-1
	- postgresql-7.4 1:7.4.16-1
	- postgresql <not-affected> (only transitional package)
CVE-2007-0554 (SQL injection vulnerability in print.asp in Guo Xu Guos Posting System ...)
	NOT-FOR-US: Guos Posting System
CVE-2007-0553 (Multiple cross-site scripting (XSS) vulnerabilities in index.inc.php ...)
	NOT-FOR-US: PHProxy
CVE-2007-0552 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Onnac
CVE-2007-0551 (Multiple PHP remote file inclusion vulnerabilities in cmsimple/cms.php ...)
	NOT-FOR-US: CMSimple
CVE-2007-0550 (Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0549 (Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0548 (KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: KarjaSoft
CVE-2007-0547 (Cross-site scripting (XSS) vulnerability in CGI-RESCUE WebFORM 4.3 and ...)
	NOT-FOR-US: CGI RESCUE
CVE-2007-0546 (Toxiclab Shoutbox 1 stores sensitive information under the web root ...)
	NOT-FOR-US: Toxiclab Shoutbox
CVE-2007-0545 (Maxtricity Tagger 0.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Maxtricity Tagger
CVE-2007-0544 (Cross-site scripting (XSS) vulnerability in private.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2007-0543 (ZixForum 1.14 and earlier stores sensitive information under the web ...)
	NOT-FOR-US: ZixForum
CVE-2007-0542 (Cross-site scripting (XSS) vulnerability in show.php in 212cafe ...)
	NOT-FOR-US: 212cafe Guestbook
CVE-2007-0541 (WordPress allows remote attackers to determine the existence of ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0540 (WordPress allows remote attackers to cause a denial of service ...)
	{DSA-1564-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0539 (The wp_remote_fopen function in WordPress before 2.1 allows remote ...)
	{DTSA-33-1}
	- wordpress 2.1.0-1 (low)
CVE-2007-0538 (Telligent Community Server 2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Telligent
CVE-2007-0537 (The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not ...)
	- kdelibs 4:3.5.5a.dfsg.1-6 (bug #409868; medium)
CVE-2007-0536 (The chroot helper in rMake for rPath Linux 1 does not drop ...)
	NOT-FOR-US: rPath
CVE-2007-0535 (Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0534 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) Project ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0533 (The AToZed IntraWeb component 8.0 and earlier for Borland Delphi and ...)
	NOT-FOR-US: Borland Delphi
CVE-2007-0532 (Tuan Do Uploader (aka php-uploader) 6 beta 1 stores sensitive ...)
	NOT-FOR-US: Uploader
CVE-2007-0531 (PHP remote file inclusion vulnerability in includes/login.php in ...)
	NOT-FOR-US: FreeWebShop
CVE-2007-0530 (** DISPUTED ** ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2007-0529 (Cross-site scripting (XSS) vulnerability in index.html (aka the ...)
	NOT-FOR-US: PHP Link Directory
CVE-2007-0528 (The admin web console implemented by the Centrality Communications ...)
	NOT-FOR-US: Centrality Communications
CVE-2007-0527 (SQL injection vulnerability in the is_remembered function in ...)
	NOT-FOR-US: Website Baker
CVE-2007-0526 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.3.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2007-0525 (Multiple buffer overflows in Nickolas Grigoriadis Mini Web server ...)
	NOT-FOR-US: Mini Web server
CVE-2007-0524 (The LG Chocolate KG800 phone allows remote attackers to cause a denial ...)
	NOT-FOR-US: LG
CVE-2007-0523 (The Nokia N70 phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Nokia
CVE-2007-0522 (The Motorola MOTORAZR V3 phone allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola
CVE-2007-0521 (The Sony Ericsson K700i and W810i phones allow remote attackers to ...)
	NOT-FOR-US: Sony Ericsson
CVE-2007-0520 (SQL injection vulnerability in banner.php in Unique Ads (UDS) 1.x ...)
	NOT-FOR-US: Unique Ads
CVE-2007-0519 (Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U ...)
	NOT-FOR-US: XMB Host
CVE-2007-0518 (Scriptsez Smart PHP Subscriber (aka subscribe) stores sensitive ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0517 (Scriptsez Random PHP Quote 1.0 stores sensitive information under the ...)
	NOT-FOR-US: Scriptsez
CVE-2007-0516 (Yana Framework before 2.8.5a allows remote authenticated users with ...)
	NOT-FOR-US: Yana
CVE-2007-0515 (Unspecified vulnerability in Microsoft Word allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2007-0514 (Multiple cross-site scripting (XSS) vulnerabilities in multiple ...)
	NOT-FOR-US: Hitachi
CVE-2007-0513 (Hitachi HiRDB Datareplicator 7HiRDB, 7(64), 6, 6(64), 5.0, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0512 (Hitachi TP1/LiNK 05-00 through 05-03-/F, 03-04 through 03-06-/K, and ...)
	NOT-FOR-US: Hitachi
CVE-2007-0511 (Multiple PHP remote file inclusion vulnerabilities in phpXMLDOM ...)
	NOT-FOR-US: phpXD
CVE-2007-0510 (Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) ...)
	- awffull <unfixed> (unimportant)
	NOTE: This appears to be a bug without a vulnerability vector.
CVE-2007-0509 (Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have ...)
	NOT-FOR-US: MaklerPlus
CVE-2007-0507 (SQL injection vulnerability in the Acidfree module for Drupal before ...)
	NOT-FOR-US: Drupal module "Acidfree"
CVE-2007-0506 (The project_issue_access function in the Project issue tracking 4.7.0 ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0505 (Unrestricted file upload vulnerability in the Project issue tracking ...)
	NOT-FOR-US: Drupal module "Project"
CVE-2007-0504 (Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and ...)
	NOT-FOR-US: Vote! Pro
CVE-2007-0503 (Unspecified vulnerability in kcms_calibrate in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Sun
CVE-2007-0502 (SQL injection vulnerability in gallery.php in webSPELL 4.01.02 allows ...)
	NOT-FOR-US: webSPELL
CVE-2007-0501 (PHP remote file inclusion vulnerability in index.php in Mafia Scum ...)
	NOT-FOR-US: Advanced Random Generators
CVE-2007-0500 (PHP remote file inclusion vulnerability in include/includes.php in ...)
	NOT-FOR-US: Bradabra
CVE-2007-0499 (PHP remote file inclusion vulnerability in config.php in Sangwan Kim ...)
	NOT-FOR-US: phpIndexPage
CVE-2007-0498 (PHP remote file inclusion vulnerability in up.php in MySpeach 2.1 beta ...)
	NOT-FOR-US: MySpeach
CVE-2007-0497 (PHP remote file inclusion vulnerability in upload/top.php in ...)
	NOT-FOR-US: Upload-Service
CVE-2007-0496 (PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs ...)
	NOT-FOR-US: Neon Lab
CVE-2007-0495 (PHP remote file inclusion vulnerability in include/config.inc.php in ...)
	NOT-FOR-US: PhpSherpa
CVE-2007-0492 (Multiple SQL injection vulnerabilities in gallery.php in webSPELL ...)
	NOT-FOR-US: webSPELL
CVE-2007-0491 (PHP remote file inclusion vulnerability in up.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2007-0490 (index.php in Open-Realty 2.3.4 allows remote attackers to obtain ...)
	NOT-FOR-US: Open-Realty
CVE-2007-0489 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: VisoHotlink
CVE-2007-0488 (The Huawei Versatile Routing Platform 1.43 2500E-003 firmware on the ...)
	NOT-FOR-US: Huawei
CVE-2007-0487 (** DISPUTED ** ...)
	NOT-FOR-US: FreeForum
CVE-2007-0486 (** DISPUTED ** ...)
	NOT-FOR-US: Openads
CVE-2007-0485 (PHP remote file inclusion vulnerability in defines.php in WebChat 0.77 ...)
	NOT-FOR-US: Webdev
CVE-2007-0484 (Multiple SQL injection vulnerabilities in Enthusiast 3.1 allow remote ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0483 (Multiple cross-site scripting (XSS) vulnerabilities in Enthusiast 3.1 ...)
	NOT-FOR-US: ReviewPost
CVE-2007-0482 (cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 ...)
	NOT-FOR-US: Sun
CVE-2007-0481 (Cisco IOS allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Cisco
CVE-2007-0480 (Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0479 (Memory leak in the TCP listener in Cisco IOS 9.x, 10.x, 11.x, and 12.x ...)
	NOT-FOR-US: Cisco
CVE-2007-0478 (WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does ...)
	NOT-FOR-US: Apple Safari
CVE-2007-0477 (Cross-site scripting (XSS) vulnerability in Openads 2.0.x before ...)
	NOT-FOR-US: Openads
CVE-2007-0476 (The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, ...)
	- openldap2 <not-affected> (Gentoo packaging bug)
CVE-2007-0475 (Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not all problems fixed in 0.8.0
CVE-2007-0474 (Smb4K before 0.8.0 allow local users, when present on the Smb4K ...)
	- smb4k 0.8.1-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
	NOTE: not fixed in 0.8.0, see
	NOTE: https://web.archive.org/web/20070712072042/http://developer.berlios.de/bugs/?func=detailbug&bug_id=9631&group_id=769
CVE-2007-0473 (The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2007-0472 (Multiple race conditions in Smb4K before 0.8.0 allow local users to ...)
	- smb4k 0.8.0-1 (low)
	[etch] - smb4k <no-dsa> (Minor issue)
CVE-2006-6965 (CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki ...)
	- dokuwiki 0.0.20061106-1 (low)
CVE-2006-6964 (MailEnable Professional before 1.78 provides a cleartext user password ...)
	NOT-FOR-US: MailEnable
CVE-2006-6963 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 3.0.3 ...)
	NOT-FOR-US: Docebo
CVE-2006-6962 (PHP remote file inclusion vulnerability in rsgallery2.html.php in the ...)
	NOT-FOR-US: RS Gallery2
CVE-2006-6961 (WebRoot Spy Sweeper 4.5.9 and earlier does not detect malware based on ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6960 (The Compression Sweep feature in WebRoot Spy Sweeper 4.5.9 and earlier ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2006-6958 (Multiple PHP remote file inclusion vulnerabilities in phpBlueDragon ...)
	NOT-FOR-US: phpBlueDragon CMS
CVE-2006-6957 (PHP remote file inclusion vulnerability in addons/mod_media/body.php ...)
	NOT-FOR-US: Docebo
CVE-2006-6956 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-6955 (Opera allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2006-6954 (Flock beta 1 0.7 allows remote attackers to cause a denial of service ...)
	- iceweasel <removed> (unimportant)
	NOTE: Browser crashes not treated as security problems
	NOTE: Tested the proof of concept in iceweasel 2.0.0.1 and it crash.
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=239840
CVE-2006-6953 (The virtual keyboard implementation in GlobeTrotter Mobility Manager ...)
	NOT-FOR-US: GlobeTrotter Mobility Manager
CVE-2006-6952 (Computer Associates Host Intrusion Prevention System (HIPS) drivers ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2005-4825 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
	NOT-FOR-US: Cisco
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2007-0508 (PHP remote file inclusion vulnerability in lib/selectlang.php in ...)
	- bbclone 0.4.6-8 (bug #408839; medium)
CVE-2007-XXXX [hinfo code injection]
	- hinfo 1.02-3.1 (bug #402316; low)
	[sarge] - hinfo <no-dsa> (Package completely broken, hardly usable for an attack)
CVE-2007-0494 (ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 ...)
	{DSA-1254-1}
	- bind9 1:9.3.4-2 (medium; bug #408432)
	- bind <not-affected>
CVE-2007-0493 (Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up ...)
	- bind9 1:9.3.4-2 (medium; bug #408432)
	[sarge] - bind9 <not-affected> (Vulnerable code not present)
	- bind <not-affected>
CVE-2007-XXXX [gstreamer ffmpeg missing checks of packet sizes, chunk sizes, and fragment positions]
	- gstreamer0.10-ffmpeg 0.10.1-6
	- gst-ffmpeg 0.8.7-10
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
	- mplayer 1.0~rc1-12
CVE-2007-0471 (sre/params.php in the Integrity Clientless Security (ICS) component in ...)
	NOT-FOR-US: Check Point
CVE-2007-0470 (Multiple unspecified vulnerabilities in tip in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0469 (The extract_files function in installer.rb in RubyGems before 0.9.1 ...)
	- libgems-ruby 0.9.3-1 (low; bug #408299)
	[etch] - libgems-ruby <no-dsa> (Minor issue, needs implicit trust on installed data)
CVE-2007-0468 (Stack-based buffer overflow in rcdll.dll in msdev.exe in Visual C++ ...)
	NOT-FOR-US: Visual C++
CVE-2007-0467 (crashdump in Apple Mac OS X 10.4.8 allows local users in the admin ...)
	NOT-FOR-US: Apple
CVE-2007-0466 (Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 ...)
	NOT-FOR-US: Telestream
CVE-2007-0465 (Format string vulnerability in Apple Installer 2.1.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0464 (The _CFNetConnectionWillEnqueueRequests function in CFNetwork 129.19 ...)
	NOT-FOR-US: CFNetwork on Apple Mac OS
CVE-2007-0463 (Format string vulnerability in Apple Software Update 2.0.5 on Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2007-0462 (The _GetSrcBits32ARGB function in Apple QuickDraw, as used by ...)
	NOT-FOR-US: Apple
CVE-2007-0461 (Multiple memory leaks in the Dazuko anti-virus helper module before ...)
	- dazuko-source <removed> (bug #408300)
	[sarge] - dazuko-source <not-affected> (Vulnerable code not present)
CVE-2007-0460 (Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and ...)
	- ulogd 1.23-6 (medium)
CVE-2007-0459 (packet-tcp.c in the TCP dissector in Wireshark (formerly Ethereal) ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0458 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0457 (Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0456 (Unspecified vulnerability in the LLT dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-5 (low)
	[sarge] - ethereal <not-affected> (Vulnerable code not present)
CVE-2007-0455 (Buffer overflow in the gdImageStringFTEx function in gdft.c in GD ...)
	{DSA-1936-1}
	- libgd2 2.0.35.dfsg-1 (bug #408982; low)
	[sarge] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
	[etch] - libgd2 <no-dsa> (Minor issue, hardly exploitable)
CVE-2007-0454 (Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 ...)
	{DSA-1257}
	- samba 3.0.23d-5 (medium)
CVE-2007-0453 (Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 ...)
	- samba <not-affected> (Solaris-specific vulnerability)
CVE-2007-0452 (smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users ...)
	{DSA-1257}
	- samba 3.0.23d-5 (low)
CVE-2007-0450 (Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x ...)
	- tomcat5 <removed> (unimportant)
	- tomcat5.5 5.5.23-1 (unimportant)
	NOTE: This only adds an additional control settings for path delimiters, the
	NOTE: necessary proxies still need to be secured or fixed individually (e.g.
	NOTE: as done for mod_jk in a DSA
CVE-2007-0449 (Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve ...)
	NOT-FOR-US: CA BrightStor
CVE-2007-0448 (The fopen function in PHP 5.2.0 does not properly handle invalid URI ...)
	- php5 <removed> (unimportant)
	NOTE: open_basedir bypasses not supported
CVE-2007-0447 (Heap-based buffer overflow in the Decomposer component in multiple ...)
	NOT-FOR-US: Symantec
CVE-2007-0446 (Stack-based buffer overflow in magentproc.exe for Hewlett-Packard ...)
	NOT-FOR-US: HP Mercury
CVE-2007-0445 (Heap-based buffer overflow in the arj.ppl module in the OnDemand ...)
	NOT-FOR-US: Kaspersky Anti-Virus
CVE-2007-0444 (Stack-based buffer overflow in the print provider library (cpprov.dll) ...)
	NOT-FOR-US: Citrix
CVE-2007-0443 (Multiple buffer overflows in the CDDBControl ActiveX control in ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2007-0442 (Unspecified vulnerability in IBM OS/400 R530 and R535 has unknown ...)
	NOT-FOR-US: IBM OS/400
CVE-2007-0441 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2007-0440
	RESERVED
CVE-2007-0439
	RESERVED
CVE-2007-0438
	RESERVED
CVE-2007-0437 (Multiple cross-site scripting (XSS) vulnerabilities in the sample ...)
	NOT-FOR-US: InterSystems Cache
CVE-2007-0436 (Barron McCann X-Kryptor Driver BMS1446HRR (Xgntr BMS1351 Install ...)
	NOT-FOR-US: X-Kryptor
CVE-2005-4824 (PHP remote file inclusion vulnerability in web/classes.php in ...)
	NOT-FOR-US: siteframe
CVE-2007-0435 (T-Com Speedport 500V routers with firmware 1.31 allow remote attackers ...)
	NOT-FOR-US: T-Com Speedport
CVE-2007-0434 (BEA AquaLogic Enterprise Security 2.0 through 2.0 SP2, 2.1 through 2.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0433 (Unspecified vulnerability in BEA AquaLogic Enterprise Security 2.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0432 (BEA AquaLogic Service Bus 2.0, 2.1, and 2.5 does not properly reject ...)
	NOT-FOR-US: BEA
CVE-2007-0431 (AVM Fritz!Box 7050, and possibly other product models, allows remote ...)
	NOT-FOR-US: AVM
CVE-2007-0430 (The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0429 (DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed ...)
	NOT-FOR-US: DivX Web Player
CVE-2007-0428 (Unspecified vulnerability in the chtbl_lookup function in hash.c for ...)
	- wzdftpd 0.8.1-1 (medium)
CVE-2007-0427 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0426 (BEA WebLogic Portal 9.2, when running in a WebLogic Server clustered ...)
	NOT-FOR-US: BEA
CVE-2007-0425 (Unspecified vulnerability in BEA WebLogic Platform and Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0424 (Unspecified vulnerability in the BEA WebLogic Server proxy plug-in for ...)
	NOT-FOR-US: BEA
CVE-2007-0423 (BEA WebLogic Portal 9.2 does not properly handle when an administrator ...)
	NOT-FOR-US: BEA
CVE-2007-0422 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold, when running on Solaris 9, ...)
	NOT-FOR-US: BEA
CVE-2007-0421 (BEA WebLogic Server 6.1 through 6.1 SP7, and 7.0 through 7.0 SP7 ...)
	NOT-FOR-US: BEA
CVE-2007-0420 (BEA WebLogic Server 9.0, 9.1, and 9.2 Gold allows remote attackers to ...)
	NOT-FOR-US: BEA
CVE-2007-0419 (The BEA WebLogic Server proxy plug-in before June 2006 for the Apache ...)
	NOT-FOR-US: BEA
CVE-2007-0418 (BEA WebLogic Server 7.0 through 7.0 SP6, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0417 (BEA WebLogic Server 7.0 through 7.0 SP7, 8.1 through 8.1 SP5, 9.0, and ...)
	NOT-FOR-US: BEA
CVE-2007-0416 (The WSEE runtime (WS-Security runtime) in BEA WebLogic Server 9.0 and ...)
	NOT-FOR-US: BEA
CVE-2007-0415 (BEA WebLogic Server 8.1 through 8.1 SP5 does not properly enforce ...)
	NOT-FOR-US: BEA
CVE-2007-0414 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP6, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0413 (BEA WebLogic Server 8.1 through 8.1 SP5 stores cleartext data in a ...)
	NOT-FOR-US: BEA
CVE-2007-0412 (BEA WebLogic Server 6.1 through 6.1 SP7, 7.0 through 7.0 SP7, and 8.1 ...)
	NOT-FOR-US: BEA
CVE-2007-0411 (BEA WebLogic Server 8.1 through 8.1 SP5, 9.0, 9.1, and 9.2 Gold, when ...)
	NOT-FOR-US: BEA
CVE-2007-0410 (Unspecified vulnerability in the thread management in BEA WebLogic 7.0 ...)
	NOT-FOR-US: BEA
CVE-2007-0409 (BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial ...)
	NOT-FOR-US: BEA
CVE-2007-0408 (BEA Weblogic Server 8.1 through 8.1 SP4 does not properly validate ...)
	NOT-FOR-US: BEA
CVE-2007-0407 (Cross-site scripting (XSS) vulnerability in Operation/User.pm in Plain ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0406 (Multiple buffer overflows in the (1) main function in (a) client.c, ...)
	- gxine 0.5.8-2 (medium; bug #405876)
CVE-2007-0405 (The LazyUser class in the AuthenticationMiddleware for Django 0.95 ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0404 (bin/compile-messages.py in Django 0.95 does not quote argument strings ...)
	- python-django 0.95.1-1 (bug #407786)
CVE-2007-0403 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0402 (Cross-site scripting (XSS) vulnerability in admin/edit_member.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0401 (SQL injection vulnerability in admin/memberlist.php in Easebay ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0400 (Cross-site scripting (XSS) vulnerability in admin/memberlist.php in ...)
	NOT-FOR-US: Easebay Resources
CVE-2007-0399 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2007-0398 (Multiple cross-site scripting (XSS) vulnerabilities in forum.php3 in ...)
	NOT-FOR-US: MisterSPa-forum
CVE-2006-6951 (Cross-site scripting (XSS) vulnerability in blog.php in OdysseusBlog ...)
	NOT-FOR-US: Odysseus Blog
CVE-2006-6950 (Directory traversal vulnerability in Conti FTPServer 1.0 Build 2.8 ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6949 (Conti FTPServer 1.0 Build 2.8 stores user passwords in cleartext in ...)
	NOT-FOR-US: Conti FtpServer
CVE-2006-6948 (MyODBC Japanese conversion edition 3.51.06, 2.50.29, and 2.50.25 ...)
	NOT-FOR-US: JVN
CVE-2006-6947 (The FTP server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2006-6946 (The web server in the NEC MultiWriter 1700C allows remote attackers to ...)
	NOT-FOR-US: NEC
CVE-2007-XXXX [wordpress unregister_globals workaround from 2.0.7]
	- wordpress 2.0.7 (bug #407116; unimportant)
	NOTE: Non-issue, hash issue fixed since months in Sarge and Etch,
	NOTE: register_globals unsupported anyway
CVE-2007-0397 (The Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2007-0396 (Unspecified vulnerability in HP-UX B.11.23, when running IPFilter in ...)
	NOT-FOR-US: HP-UX
CVE-2007-0395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ComVironment
CVE-2007-0394 (HP HP-UX B11.11 does not properly verify the status of file ...)
	NOT-FOR-US: HP-UX
CVE-2007-0393 (Sun Solaris 9 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: Sun Solaris
CVE-2007-0392 (IBM AIX 5.3 does not properly verify the status of file descriptors ...)
	NOT-FOR-US: IBM AIX
CVE-2007-0391 (Format string vulnerability in the log creation functionality of ...)
	NOT-FOR-US: BitDefender
CVE-2007-0390 (Cross-site scripting (XSS) vulnerability in index.php in sabros.us 1.7 ...)
	NOT-FOR-US: sabros.us
CVE-2007-0389 (Directory traversal vulnerability in ArsDigita Community System (ACS) ...)
	NOT-FOR-US: ArsDigita Community System
CVE-2007-0388 (SQL injection vulnerability in search.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2007-0387 (SQL injection vulnerability in models/category.php in the Weblinks ...)
	NOT-FOR-US: Joomla
CVE-2007-0386 (Unspecified vulnerability in the rating section in PostNuke 0.764 has ...)
	NOT-FOR-US: PostNuke
CVE-2007-0385 (The faq section in PostNuke 0.764 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2007-0384 (Cross-site scripting (XSS) vulnerability in preview in the reviews ...)
	NOT-FOR-US: PostNuke
CVE-2007-0383 (** DISPUTED ** ...)
	NOT-FOR-US: WDaemon
CVE-2007-0382 (Multiple SQL injection vulnerabilities in letterman.class.php in the ...)
	NOT-FOR-US: Letterman 1.2.3 (com_letterman) component for Joomla!
CVE-2007-0381 (Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote ...)
	NOT-FOR-US: ATutor
CVE-2007-0380 (DocMan 1.3 RC2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: DocMan
CVE-2007-0379 (Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows ...)
	NOT-FOR-US: DocMan
CVE-2007-0378 (Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow ...)
	NOT-FOR-US: DocMan
CVE-2007-0377 (Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote ...)
	NOT-FOR-US: Xoops
CVE-2007-0376 (Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows ...)
	NOT-FOR-US: Virtuemart
CVE-2007-0375 (Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Joomla
CVE-2007-0374 (SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and ...)
	- mambo 4.6.1-5 (bug #407995; low)
CVE-2007-0373 (Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow ...)
	NOT-FOR-US: Joomla
CVE-2007-0372 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0371 (A certain ActiveX control in the Common Controls Replacement Project ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0370 (Unrestricted file upload vulnerability in index.php in phpBP RC3 ...)
	NOT-FOR-US: phpBP
CVE-2007-0369 (SQL injection vulnerability in phpBP RC3 (2.204) and earlier allows ...)
	NOT-FOR-US: phpBP
CVE-2007-0368 (Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local ...)
	NOT-FOR-US: mbse
CVE-2007-0367 (Rumpus 5.1 and earlier has weak permissions for certain files and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0366 (Untrusted search path vulnerability in Rumpus 5.1 and earlier allows ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0365 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel
CVE-2007-0364 (Multiple cross-site scripting (XSS) vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: nicecoder.com INDEXU
CVE-2006-6945 (SQL injection vulnerability in Virtuemart 1.0.7 allows remote ...)
	NOT-FOR-US: VirtueMart
CVE-2007-XXXX [libjabber DoS]
	- centericq 4.21.0-18 (unimportant; bug #406982)
	NOTE: Affected function isn't used in the source
CVE-2007-XXXX [python-django flup/FastCGI/debugging issue]
	- python-django 0.95.1-1 (bug #407607)
CVE-2007-XXXX [gstreamer-ffmpeg unspecified issue related to sps and pps ids]
	- gstreamer0.10-ffmpeg 0.10.1-5
	- gst-ffmpeg 0.8.7-9
	- mplayer 1.0~rc1-12
	[etch] - ffmpeg 0.cvs20060823-5
	- ffmpeg 0.cvs20060823-6
	- xmovie <not-affected> (this is not an issue in the avformat ffmpeg code copy)
CVE-2007-XXXX [netpbm heap corruption]
	- netpbm-free 2:10.0-11 (bug #407605)
CVE-2007-0363 (Cross-site scripting (XSS) vulnerability in admin-search.php in (1) ...)
	NOT-FOR-US: Openads
CVE-2007-0362 (Cross-site scripting (XSS) vulnerability in the RSS feed component in ...)
	NOT-FOR-US: FreshReader
CVE-2007-0361 (PHP remote file inclusion vulnerability in mep/frame.php in ...)
	NOT-FOR-US: PHPMyphorum
CVE-2007-0360 (PHP remote file inclusion vulnerability in lang/index.php in Oreon ...)
	NOT-FOR-US: Oreon
CVE-2007-0359 (PHP remote file inclusion vulnerability in frontpage.php in Uberghey ...)
	NOT-FOR-US: Travelsized CMS
CVE-2007-0358 (Unspecified vulnerability in the FTP server implementation in HP ...)
	NOT-FOR-US: HP Jetdirect
CVE-2007-0357 (Directory traversal vulnerability in the AVM IGD CTRL Service in ...)
	NOT-FOR-US: AVM
CVE-2007-0356 (The Common Controls Replacement Project (CCRP) FolderTreeview (FTV) ...)
	NOT-FOR-US: Common Controls Replacement Project (CCRP)
CVE-2007-0355 (Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in ...)
	NOT-FOR-US: Apple
CVE-2007-0354 (SQL injection vulnerability in email.php in MGB OpenSource Guestbook ...)
	NOT-FOR-US: MGB OpenSource Guestbook
CVE-2007-0353 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: myBloggie
CVE-2007-0352 (Stack-based buffer overflow in Microsoft Help Workshop 4.03.0002 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0351 (Microsoft Windows XP and Windows Server 2003 do not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2007-0350 (Multiple SQL injection vulnerabilities in (a) index.php and (b) dl.php ...)
	NOT-FOR-US: FileMailer
CVE-2007-0349 (Directory traversal vulnerability in upgrade.php in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2007-0348 (Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in ...)
	NOT-FOR-US: ActiveX control in InterActual Player
CVE-2007-0347 (The is_eow function in format.c in CVSTrac before 2.0.1 does not ...)
	- cvstrac 2.0.1-1
	[etch] - cvstrac <not-affected> (Vulnerable code not present)
	[sarge] - cvstrac <not-affected> (Vulnerable code not present)
	NOTE: the vulnerable code can't be found on other places in 1.1.5 and also similar things
	NOTE: are done like using %q instead of %s for user supplied data
CVE-2007-0346 (SQL injection vulnerability in index.php in SmE FileMailer 1.21 allows ...)
	NOT-FOR-US: FileMailer
CVE-2007-0345 (The (1) Activity Monitor.app/Contents/Resources/pmTool, (2) Keychain ...)
	NOT-FOR-US: Apple
CVE-2007-0344 (Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) ...)
	- colloquy <removed>
CVE-2007-0343 (OpenBSD before 20070116 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2007-0342 (WebCore in Apple WebKit build 18794 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple WebKit
CVE-2007-0341 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.1 and ...)
	- phpmyadmin 4:2.9.1.1-2 (medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2007-0340 (SQL injection vulnerability in inc/header.inc.php in ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2007-0339 (SQL injection vulnerability in index.php (aka the login form) in ...)
	NOT-FOR-US: FileMailer
CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2007-0337 (Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and ...)
	NOT-FOR-US: KGB
CVE-2007-0336 (Undercover.app/Contents/Resources/uc in Rixstep Undercover allows ...)
	NOT-FOR-US: Rixstep
CVE-2007-0335 (Multiple directory traversal vulnerabilities in Jax Petition Book ...)
	NOT-FOR-US: Jax Petition Book
CVE-2007-0334 (Unspecified vulnerability in the SIP module in InGate Firewall and ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0333 (Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2007-0332 ((1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0331 (Cross-site scripting (XSS) vulnerability in liens.php3 in ...)
	NOT-FOR-US: liens_dynamiques
CVE-2007-0330 (Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch ...)
	NOT-FOR-US: Ipswitch WS_FTP
CVE-2007-0329 (download.php in Joonas Viljanen JV2 Folder Gallery allows remote ...)
	NOT-FOR-US: Joonas Viljanen JV2 Folder Gallery
CVE-2007-0328 (The DWUpdateService ActiveX control in the agent (agent.exe) in ...)
	NOT-FOR-US: Macrovision
CVE-2007-0327
	RESERVED
CVE-2007-0326 (Multiple stack-based buffer overflows in the PhotoChannel Networks PNI ...)
	NOT-FOR-US: PNI Digital Media Photo Upload
CVE-2007-0325 (Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2007-0324 (Multiple buffer overflows in the LizardTech DjVu Browser Plug-in ...)
	NOT-FOR-US: LizardTech DjVu Browser Plug-in
CVE-2007-0323 (Buffer overflow in the SetLanguage function in Research In Motion ...)
	NOT-FOR-US: Research In Motion (RIM) TeamOn Import Object ActiveX control
CVE-2007-0322 (Multiple stack-based buffer overflows in the Intuit QuickBooks Online ...)
	NOT-FOR-US: Intuit QuickBooks
CVE-2007-0321 (Buffer overflow in the Update Service Agent ActiveX Control in ...)
	NOT-FOR-US: FLEXnet Connect
CVE-2007-0320 (Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) ...)
	NOT-FOR-US: InstallFromTheWeb
CVE-2007-0319 (Multiple stack-based buffer overflows in the Motive ...)
	NOT-FOR-US: Motive ActiveEmailTest
CVE-2007-0318 (The do_hfs_truncate function in Mac OS X 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0317 (Format string vulnerability in the LogMessage function in FileZilla ...)
	- filezilla 3.0.0~beta2-3 (medium; bug #407683)
CVE-2007-0316 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0315 (Multiple buffer overflows in FileZilla before 2.2.30a allow remote ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2007-0314 (Multiple PHP remote file inclusion vulnerabilities in Article System ...)
	NOT-FOR-US: Article System
CVE-2007-0313 (Unspecified vulnerability in GONICUS System Administration (GOsa) ...)
	- gosa 2.5.8-1 (medium)
	[etch] - gosa 2.5.6-2.1
CVE-2007-0312 (wcSimple Poll stores sensitive information under the web root with ...)
	NOT-FOR-US: wcSimple
CVE-2007-0311 (Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2007-0310 (BMC Remedy Action Request System 5.01.02 Patch 1267 generates ...)
	NOT-FOR-US: BMC Software
CVE-2007-0309 (SQL injection vulnerability in blocks/block-Old_Articles.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2007-0308 (Cross-site scripting (XSS) vulnerability in Plain Black WebGUI before ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0307 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: Poplar Gedcom Viewer
CVE-2007-0306 (SQL injection vulnerability in visu_user.asp in Digiappz DigiAffiliate ...)
	NOT-FOR-US: Digiappz
CVE-2007-0305 (SQL injection vulnerability in etkinlikbak.asp in Okul Web Otomasyon ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2007-0304 (SQL injection vulnerability in duyuru.asp in MiNT Haber Sistemi 2.7 ...)
	NOT-FOR-US: MiNT Haber Sistemi
CVE-2007-0303 (Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have ...)
	NOT-FOR-US: Zina
CVE-2007-0302 (Multiple cross-site scripting (XSS) vulnerabilities in InstantASP ...)
	NOT-FOR-US: InstantASP
CVE-2007-0301 (PHP remote file inclusion vulnerability in _admin/admin_menu.php in ...)
	NOT-FOR-US: FdWeB
CVE-2007-0300 (PHP remote file inclusion vulnerability in i-accueil.php in TLM CMS ...)
	NOT-FOR-US: TLM CMS
CVE-2007-0299 (Integer overflow in the byte_swap_sbin function in ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0298 (PHP remote file inclusion vulnerability in show.php in LunarPoll, when ...)
	NOT-FOR-US: LunarPoll
CVE-2006-6944 (phpMyAdmin before 2.9.1.1 allows remote attackers to bypass Allow/Deny ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
CVE-2006-6943 (PhpMyAdmin before 2.9.1.1 allows remote attackers to obtain the full ...)
	- phpmyadmin 4:2.9.1.1-2 (unimportant)
	NOTE: Only path disclosure
CVE-2006-6942 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyAdmin ...)
	{DSA-1370-2 DSA-1370-1}
	- phpmyadmin 4:2.9.1.1-2 (medium)
	NOTE: All versions 2.9.1 is vulnerable, solution is 2.9.1.1 or newer.
CVE-2006-6941 (index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-6940 (Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP ...)
	NOT-FOR-US: OWA
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Twilight Webserver
CVE-2007-0297 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0296 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0295 (Unspecified vulnerability in Oracle PeopleSoft Enterprise and JD ...)
	NOT-FOR-US: Oracle
CVE-2007-0294 (Unspecified vulnerability in Oracle Enterprise Manager 10.2.0.1 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0293 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0292 (Multiple unspecified vulnerabilities in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2007-0291 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2007-0290 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2007-0289 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2007-0288 (Unspecified vulnerability in Oracle Application Server 10.1.4.0 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0287 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0286 (Unspecified vulnerability in Oracle Application Server 10.1.2.0.2 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0285 (Unspecified vulnerability in Oracle Application Server 9.0.4.3, ...)
	NOT-FOR-US: Oracle
CVE-2007-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2007-0283 (Unspecified vulnerability in Oracle Application Server 9.0.4.3 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0282 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0281 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0280 (Unspecified vulnerability in Oracle HTTP Server 9.0.1.5, Application ...)
	NOT-FOR-US: Oracle
CVE-2007-0279 (Multiple unspecified vulnerabilities in Oracle HTTP Server 9.2.0.8 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0278 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2007-0277 (Unspecified vulnerability in Oracle Database client-only 10.1.0.4 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0276 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0275 (Cross-site scripting (XSS) vulnerability in Oracle Reports Web ...)
	NOT-FOR-US: Oracle
CVE-2007-0274 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0273 (Unspecified vulnerability in Oracle Database 9.0.1.5, 9.2.0.8, ...)
	NOT-FOR-US: Oracle
CVE-2007-0272 (Multiple buffer overflows in MDSYS.MD in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2007-0271 (Unspecified vulnerability in Oracle Database 9.0.1.5 and 9.2.0.7 has ...)
	NOT-FOR-US: Oracle
CVE-2007-0270 (Buffer overflow in SYS.DBMS_DRS in Oracle Database 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2007-0269 (Unspecified vulnerability in Oracle Database 9.2.0.8, 10.1.0.5, and ...)
	NOT-FOR-US: Oracle
CVE-2007-0268 (Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2007-0267 (The ufs_lookup function in the Mac OS X 10.4.8 and FreeBSD 6.1 kernels ...)
	NOT-FOR-US: UFS filesystem on MacOS/FreeBSD
CVE-2007-0266 (SQL injection vulnerability in boxx/ShowAppendix.asp in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0265 (Multiple cross-site scripting (XSS) vulnerabilities in Ezboxx Portal ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0264 (Buffer overflow in Winzip32.exe in WinZip 9.0 allows local users to ...)
	NOT-FOR-US: Winzip
CVE-2007-0263 (Unspecified vulnerability in Total Commander before 6.5.6 allows ...)
	NOT-FOR-US: Total Commander
CVE-2007-0262 (WordPress 2.0.6, and 2.1Alpha 3 (SVN:4662), does not properly verify ...)
	{DTSA-33-1}
	- wordpress 2.0.8-1 (bug #407289)
CVE-2007-0261 (snews.php in sNews 1.5.30 and earlier does not properly exit when ...)
	NOT-FOR-US: sNews
CVE-2007-0260 (** DISPUTED ** ...)
	NOT-FOR-US: Naig
CVE-2007-0259 (Ezboxx Portal System Beta 0.7.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ezboxx Portal
CVE-2007-0258 (Cross-site scripting (XSS) vulnerability in index.php in (1) Fastilo ...)
	NOT-FOR-US: Fastilo
CVE-2007-0257 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 2.1.10-1 (bug #407350)
	NOTE: exploitable as per http://grsecurity.net/pipermail/grsecurity/2007-January/000830.html
CVE-2007-0256 (VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of ...)
	- vlc 0.8.6.c-1 (unimportant; bug #407290)
CVE-2007-0255 (XINE 0.99.4 allows user-assisted remote attackers to cause a denial of ...)
	NOTE: I've been looking into this, but I can't find a copy of the VLC code anywhere
	NOTE: This appears to be a generic crash
CVE-2007-0254 (Format string vulnerability in the errors_create_window function in ...)
	- xine-ui 0.99.4+dfsg+cvs20061111-1 (low; bug #407369)
	NOTE: If've verified the Etch version to contain the necessary format strings
CVE-2007-0253 (** DISPUTED ** ...)
	- kernel-patch-grsecurity2 2.1.10-1 (unimportant; bug #407350)
	NOTE: See CVE-2007-0257
CVE-2007-0252 (Unspecified vulnerability in easy-content filemanager allows remote ...)
	NOT-FOR-US: easy-content
CVE-2007-0251 (Integer underflow in the DecodeGRE function in src/decode.c in Snort ...)
	- snort <not-affected> (DecodeGRE function not in unstable version)
	NOTE: unstable contains version 2.3.3-11, and the last upstream is 2.6.1.2
	NOTE: This is fixed in upstream CVS so it's very likely to never affect Debian.
CVE-2007-0250 (index.php in Nwom topsites 3.0 allows remote attackers to obtain ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0249 (Cross-site scripting (XSS) vulnerability in index.php in Nwom topsites ...)
	NOT-FOR-US: NWOM Topsites 3.0
CVE-2007-0247 (squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers ...)
	- squid 2.6.5-4 (low)
	[sarge] - squid <not-affected> (Vulnerable code not present)
CVE-2007-0246 (plugins/scmcvs/www/cvsweb.php in the CVSWeb CGI in GForge 4.5.16 ...)
	{DSA-1297-1}
	- gforge-plugin-scmcvs 4.5.14-6
CVE-2007-0245 (Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier ...)
	{DSA-1307-1}
	- openoffice.org 2.2.1~rc1-1
	[lenny] - openoffice.org 2.0.4.dfsg.2-7etch1
CVE-2007-0244 (pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before ...)
	{DSA-1288-2 DSA-1288-1}
	- pptpd 1.3.4-1
CVE-2007-0243 (Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 ...)
	- sun-java5 1.5.0-10-1
CVE-2007-0242 (The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does ...)
	{DSA-1292-1}
	- qt4-x11 4.2.2-2
	- qt-x11-free 3:3.3.7-4
CVE-2007-0241
	RESERVED
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0240 (Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier ...)
	{DSA-1275-1}
	- zope2.9 2.9.7-1
	[etch] - zope2.9 2.9.6-4etch1
CVE-2007-0239 (OpenOffice.org (OOo) Office Suite allows user-assisted remote ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0238 (Stack-based buffer overflow in filter\starcalc\scflt.cxx in the ...)
	{DSA-1270-1}
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
CVE-2007-0237 (The ndeb-binary feature in Lookup (lookup-el) allows local users to ...)
	{DSA-1269-1}
	- lookup-el 1.4-5 (low)
CVE-2007-0236 (Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0235 (Stack-based buffer overflow in the glibtop_get_proc_map_s function in ...)
	{DSA-1255-1}
	- libgtop2 2.14.4-3 (medium; bug #407020)
	NOTE: libgtop does not contain the affected code.
CVE-2007-0234
	REJECTED
CVE-2007-0233 (wp-trackback.php in WordPress 2.0.6 and earlier does not properly ...)
	- wordpress 2.1.0-1 (unimportant)
	NOTE: This is argubly a php bug, CVE-2006-3017
CVE-2007-0232 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Jshop Server
CVE-2007-0231 (Cross-site scripting (XSS) vulnerability in Movable Type (MT) 3.33, ...)
	NOT-FOR-US: Movable Type
CVE-2007-0230 (** DISPUTED ** PHP remote file inclusion vulnerability in install.php ...)
	NOT-FOR-US: CS-Cart
CVE-2007-0229 (Integer overflow in the ffs_mountfs function in Mac OS X 10.4.8 and ...)
	NOT-FOR-US: MacOS X
CVE-2007-0228 (The DataCollector service in EIQ Networks Network Security Analyzer ...)
	NOT-FOR-US: EIQ Networks Network Security Analyzer
CVE-2007-0227 (slocate 3.1 does not properly manage database entries that specify ...)
	- slocate 3.1-1.1 (bug #411937; low)
	[sarge] - slocate <not-affected> (Performs correct access checks)
	[etch] - slocate <no-dsa> (Minor issue)
	NOTE: slocate will allow users to find files in directories with the
	NOTE: executable bit set but without the readable bit set. This is
	NOTE: an information leak.
CVE-2007-0226 (SQL injection vulnerability in wbsearch.aspx in uniForum 4 and earlier ...)
	NOT-FOR-US: uniForum
CVE-2007-0225 (Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0224 (SQL injection vulnerability in shopgiftregsearch.asp in VP-ASP ...)
	NOT-FOR-US: Shopping Cart
CVE-2007-0223 (SQL injection vulnerability in shared/code/cp_functions_downloads.php ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2007-0222 (Directory traversal vulnerability in the EmChartBean server side ...)
	NOT-FOR-US: Oracle Application Server
CVE-2007-0221 (Integer overflow in the IMAP (IMAP4) support in Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-2007-0220 (Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) ...)
	NOT-FOR-US: Microsoft
CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2007-0218 (Microsoft Internet Explorer 5.01 and 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0216 (wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2007-0215 (Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0214 (The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0213 (Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does ...)
	NOT-FOR-US: Microsoft
CVE-2007-0212
	REJECTED
CVE-2007-0211 (The hardware detection functionality in the Windows Shell in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0210 (The Window Image Acquisition (WIA) Service in Microsoft Windows XP SP2 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0209 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0208 (Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works ...)
	NOT-FOR-US: Microsoft
CVE-2007-0207
	REJECTED
CVE-2007-0206 (Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) ...)
	NOT-FOR-US: OpenView Network Node Manager
CVE-2006-6939 (GNU ed before 0.3 allows local users to overwrite arbitrary files via ...)
	- ed 0.2-19
CVE-2006-6938 (Directory traversal vulnerability in includes/common.php in NitroTech ...)
	NOT-FOR-US: NitroTech CMS
CVE-2006-6937 (SQL injection vulnerability in displaypic.asp in Xtreme ASP Photo ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6936 (Cross-site scripting (XSS) vulnerability in Xtreme ASP Photo Gallery ...)
	NOT-FOR-US: ASP Photo Gallery
CVE-2006-6935 (SQL injection vulnerability in the login component in Portix-PHP 0.4.2 ...)
	NOT-FOR-US: Portix
CVE-2006-6934 (Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP ...)
	NOT-FOR-US: Portix
CVE-2006-6933 (Easy Chat Server 2.1 stores sensitive information under the web root ...)
	NOT-FOR-US: Easy Chat Server
CVE-2006-6932 (Multiple SQL injection vulnerabilities in Image Gallery with Access ...)
	NOT-FOR-US: Image Gallery
CVE-2006-6931 (Algorithmic complexity vulnerability in Snort before 2.6.1, during ...)
	- snort 2.7.0-1 (low; bug #407421)
	[sarge] - snort <no-dsa> (Minor issue)
	[etch] - snort <no-dsa> (Minor issue)
CVE-2006-6930 (SQL injection vulnerability in viewad.asp in Rapid Classified 3.1 ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6929 (Multiple cross-site scripting (XSS) vulnerabilities in Rapid ...)
	NOT-FOR-US: Rapid Classified
CVE-2006-6928 (Multiple cross-site scripting (XSS) vulnerabilities in Rialto 1.6 ...)
	NOT-FOR-US: Rialto
CVE-2006-6927 (Multiple SQL injection vulnerabilities in Rialto 1.6 allow remote ...)
	NOT-FOR-US: Rialto
CVE-2006-6926 (Buffer overflow in eXtremail 2.1 has unknown impact and attack ...)
	NOT-FOR-US: eXtremail
CVE-2006-6925 (Multiple cross-site scripting (XSS) vulnerabilities in bitweaver 1.3.1 ...)
	NOT-FOR-US: bitweaver
CVE-2006-6924 (bitweaver 1.3.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: bitweaver
CVE-2006-6923 (SQL injection vulnerability in newsletters/edition.php in bitweaver ...)
	NOT-FOR-US: bitweaver
CVE-2006-6922 (SQL injection vulnerability in Deadlock User Management System ...)
	NOT-FOR-US: Deadlock
CVE-2006-6921 (Unspecified versions of the Linux kernel allow local users to cause a ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2005-4823 (Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP ...)
	NOT-FOR-US: HP
CVE-2007-XXXX [udev wrong permissions on raid devices]
	- udev 0.105-2 (bug #404927)
	[sarge] - udev <not-affected> (Doesn't affect Sarge)
CVE-2007-XXXX [yacas insecure rpath]
	- yacas 1.0.57-3 (bug #399226; bug #399227; low)
CVE-2007-0248 (The aclMatchExternal function in Squid before 2.6.STABLE7 allows ...)
	- squid 2.6.5-4 (low; bug #407202)
	[sarge] - squid <not-affected> (Vulnerable code not present)
	NOTE: reference - http://secunia.com/advisories/23767/
CVE-2007-XXXX [bcfg2 password disclosure]
	- bcfg2 0.8.7.3-1 (low; bug #406285)
	[etch] - bcfg2 0.8.6.1-1.1etch1
CVE-2007-XXXX [mysql 5.0 several DoS vulns]
	- mysql-dfsg-5.0 5.0.32-1
CVE-2007-0205 (Directory traversal vulnerability in admin/skins.php for @lex ...)
	NOT-FOR-US: @alex
CVE-2006-6920 (Cross-site scripting (XSS) vulnerability in Nucleus before 3.24 allows ...)
	NOT-FOR-US: Nucleus
CVE-2006-6919 (Firefox Sage extension 1.3.8 and earlier allows remote attackers to ...)
	- firefox-sage 1.3.6-3
	NOTE: 1.3.6-3 disabled HTML mode entirely
CVE-2006-6918 (Unspecified vulnerability in the Admin login for Georgian discussion ...)
	NOT-FOR-US: GeoBB
CVE-2006-6917 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2006-6916 (Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0204 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
CVE-2007-0203 (Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 ...)
	- phpmyadmin 4:2.9.1.1-2 (bug #406486; low)
	[sarge] - phpmyadmin <not-affected> (vulnerable code not present)
	NOTE: duplicate of CVE-2006-6374?
CVE-2007-0202 (SQL injection vulnerability in index.php in @lex Guestbook 4.0.2 and ...)
	NOT-FOR-US: @lex
CVE-2007-0201 (Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet ...)
	NOT-FOR-US: TIS
CVE-2007-0200 (PHP remote file inclusion vulnerability in template.php in Geoffrey ...)
	NOT-FOR-US: Geoffrey Golliher Axiom Photo/News Gallery
CVE-2007-0199 (The Data-link Switching (DLSw) feature in Cisco IOS 11.0 through 12.4 ...)
	NOT-FOR-US: Cisco
CVE-2007-0198 (The JTapi Gateway process in Cisco Unified Contact Center Enterprise, ...)
	NOT-FOR-US: Cisco
CVE-2007-0197 (Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote ...)
	NOT-FOR-US: Apple Mac OS
CVE-2007-0196 (SQL injection vulnerability in admin_check_user.asp in Motionborg Web ...)
	NOT-FOR-US: Motionborg Web Real Estate
CVE-2007-0195 (my.activation.php3 in F5 FirePass 5.4 through 5.5.1 and 6.0 displays ...)
	NOT-FOR-US: F5
CVE-2007-0194 (admin.php in MKPortal M1.1 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: MKPortal
CVE-2007-0193 (FON La Fonera routers do not properly limit DNS service access by ...)
	NOT-FOR-US: FON La Fonera
CVE-2007-0192 (Cross-site request forgery (CSRF) vulnerability in the save_main ...)
	NOT-FOR-US: MKPortal
CVE-2007-0191 (Cross-site scripting (XSS) vulnerability in admin.php in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2007-0190 (PHP remote file inclusion vulnerability in edit_address.php in edit-x ...)
	NOT-FOR-US: edit-x ecommerce
CVE-2007-0189 (** DISPUTED ** ...)
	NOT-FOR-US: GeoBB
CVE-2007-0188 (F5 FirePass 5.4 through 5.5.1 does not properly enforce host access ...)
	NOT-FOR-US: F5
CVE-2007-0187 (F5 FirePass 5.4 through 5.5.2 and 6.0 allows remote attackers to ...)
	NOT-FOR-US: F5
CVE-2007-0186 (Multiple cross-site scripting (XSS) vulnerabilities in F5 FirePass SSL ...)
	NOT-FOR-US: F5
CVE-2007-0185 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0184 (Getahead Direct Web Remoting (DWR) before 1.1.4 allows attackers to ...)
	NOT-FOR-US: Getahead
CVE-2007-0183 (Cross-site scripting (XSS) vulnerability in /search in iPlanet Web ...)
	NOT-FOR-US: iPlanet Web
CVE-2007-0182 (Multiple PHP remote file inclusion vulnerabilities in magic photo ...)
	NOT-FOR-US: Magic photo storage website
CVE-2007-0181 (PHP remote file inclusion vulnerability in include/common_function.php ...)
	NOT-FOR-US: Magic Photo Storage website
CVE-2007-0180 (Stack-based buffer overflow in EF Commander 5.75 allows user-assisted ...)
	NOT-FOR-US: EF Commander
CVE-2007-0179 (SQL injection vulnerability in comment.php in PHPKIT 1.6.1 R2 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2007-0178 (PHP remote file inclusion vulnerability in info.php in Easy Banner Pro ...)
	NOT-FOR-US: Easy Banner Pro
CVE-2007-0177 (Cross-site scripting (XSS) vulnerability in the AJAX module in ...)
	- mediawiki 1.7.1-6 (bug #406238; medium)
	NOTE: vendor advisory: http://sourceforge.net/forum/forum.php?forum_id=652721
CVE-2007-0176 (Cross-site scripting (XSS) vulnerability in search/advanced_search.php ...)
	{DSA-1475-1}
	- gforge 4.6.99+svn6347-1 (low; bug #406244)
	[sarge] - gforge <not-affected> (Vulnerable code not present)
CVE-2007-0175 (Cross-site scripting (XSS) vulnerability in htsrv/login.php in ...)
	{DSA-1568-1}
	- b2evolution 0.9.2-4 (bug #410568; low)
CVE-2007-0174 (Multiple stack-based multiple buffer overflows in the BRWOSSRE2UC.dll ...)
	NOT-FOR-US: Sina UC2006
CVE-2007-0173 (Directory traversal vulnerability in index.php in L2J Statistik Script ...)
	NOT-FOR-US: L2J Statistik Script
CVE-2007-0172 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuest
CVE-2007-0171 (PHP remote file inclusion vulnerability in index.php in AllMyLinks ...)
	NOT-FOR-US: AllMyLinks
CVE-2007-0170 (PHP remote file inclusion vulnerability in index.php in AllMyVisitors ...)
	NOT-FOR-US: AllmyVisitors
CVE-2007-0169 (Multiple buffer overflows in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0168 (The Tape Engine service in Computer Associates (CA) BrightStor ...)
	NOT-FOR-US: Computer Associates (CA)
CVE-2007-0167 (Multiple PHP file inclusion vulnerabilities in WGS-PPC (aka PPC Search ...)
	NOT-FOR-US: PPC Search
CVE-2007-0166 (The jail rc.d script in FreeBSD 5.3 up to 6.2 does not verify ...)
	- kfreebsd-5 <not-affected>
CVE-2007-0165 (Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2007-0164 (Camouflage 1.2.1 embeds password information in the carrier file, ...)
	NOT-FOR-US: Camouflage
CVE-2007-0163 (SecureKit Steganography 1.7.1 and 1.8 embeds password information in ...)
	NOT-FOR-US: Steganography
CVE-2007-0162 (Unsanity Application Enhancer (APE) 2.0.2 installs with insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2007-0161 (The PML Driver HPZ12 (HPZipm12.exe) in the HP all-in-one drivers, as ...)
	NOT-FOR-US: HP all-in-one drivers
CVE-2007-0160 (Stack-based buffer overflow in the LiveJournal support ...)
	- centericq 4.21.0-17 (low)
	[sarge] - centericq <no-dsa> (Not exploitable with official LiveJournal server)
	NOTE: The bug really exist but, is not exploitable because the LiveJournal server
	NOTE: has a length restriction on both the username (15 characters) and the real name
	NOTE: (50 characters). In my opnion is only exploitable if the user try connect in
	NOTE: fake LiveJournal server. All version of Debian centericq packages have a
	NOTE: compromised code.
CVE-2007-0159 (Directory traversal vulnerability in the GeoIP_update_database_general ...)
	- geoip 1.3.17-1.1 (bug #406628; low)
	[sarge] - geoip <no-dsa> (Minor issue)
CVE-2007-0158
	RESERVED
CVE-2007-0157 (Array index error in the uri_lookup function in the URI parser for ...)
	- neon26 0.26.2-3.1 (medium; bug #404723)
	NOTE: neon25 doesn't have the uri_lookup macro
CVE-2007-0156 (M-Core stores the database under the web document root, which allows ...)
	NOT-FOR-US: M-Core
CVE-2007-0155 (HarikaOnline 2.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: HarikaOnline
CVE-2007-0154 (Webulas stores sensitive information under the web root with ...)
	NOT-FOR-US: Webulas
CVE-2007-0153 (AJLogin 3.5 stores sensitive information under the web root with ...)
	NOT-FOR-US: AJLogin
CVE-2007-0152 (OhhASP stores sensitive information under the web root with ...)
	NOT-FOR-US: OhhASP
CVE-2007-0151 (MitiSoft stores sensitive information under the web root with ...)
	NOT-FOR-US: MitiSoft
CVE-2007-0150 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Dayfox
CVE-2007-0149 (EMembersPro 1.0 stores sensitive information under the web root with ...)
	NOT-FOR-US: EMembersPro
CVE-2007-0148 (Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote ...)
	NOT-FOR-US: OminiGroup
CVE-2007-0147 (Cuyahoga before 1.0.1 installs the FCKEditor component with an ...)
	NOT-FOR-US: Cuyahoga
CVE-2007-0146 (Multiple cross-site scripting (XSS) vulnerabilities in Fix and Chips ...)
	NOT-FOR-US: Fix and Chips
CVE-2007-0145 (PHP remote file inclusion vulnerability in bn_smrep1.php in BinGoPHP ...)
	NOT-FOR-US: BinGoPHP
CVE-2007-0144 (Cross-site scripting (XSS) vulnerability in search.asp in Digitizing ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2007-0143 (Multiple PHP remote file inclusion vulnerabilities in NUNE News Script ...)
	NOT-FOR-US: NUNE News
CVE-2007-0142 (SQL injection vulnerability in orange.asp in ShopStoreNow E-commerce ...)
	NOT-FOR-US: ShopStoreNow
CVE-2007-0141 (Cross-site scripting (XSS) vulnerability in yald.php in Yet Another ...)
	NOT-FOR-US: YALD
CVE-2007-0140 (SQL injection vulnerability in down.asp in Kolayindir Download ...)
	NOT-FOR-US: Kolayindir
CVE-2006-6915 (ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to ...)
	NOT-FOR-US: IBM
CVE-2006-6914 (Unspecified vulnerability in ftpd in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: IBM
CVE-2006-6913 (Unspecified vulnerability in phpMyFAQ 1.6.7 and earlier allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6912 (SQL injection vulnerability in phpMyFAQ 1.6.7 and earlier allows ...)
	NOT-FOR-US: phpMyFAQ
CVE-2006-6911 (SQL injection vulnerability in search.asp in Digitizing Quote And ...)
	NOT-FOR-US: DIGITIZING QUOTE AND ORDERING SYSTEM
CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2007-0139 (Unspecified vulnerability in the DECnet-Plus 7.3-2 feature in ...)
	NOT-FOR-US: DECnet-Plus
CVE-2007-0138 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0137 (Cross-site scripting (XSS) vulnerability in SimpleBoxes/SerendipityNZ ...)
	NOT-FOR-US: Serene Bach
CVE-2007-0136 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal before ...)
	- drupal 4.7.5-1
	NOTE: vendor advisory: http://drupal.org/node/104233 - DRUPAL-SA-2007-001
CVE-2007-0135 (PHP remote file inclusion vulnerability in inc/init.inc.php in Aratix ...)
	NOT-FOR-US: Aratix
CVE-2007-0134 (Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow ...)
	NOT-FOR-US: IG Shop
CVE-2007-0133 (Multiple SQL injection vulnerabilities in display_review.php in ...)
	NOT-FOR-US: IG Shop
CVE-2007-0132 (SQL injection vulnerability in compare_product.php in iGeneric iG Shop ...)
	NOT-FOR-US: IG Shop
CVE-2007-0131 (JAMWiki before 0.5.0 does not properly check permissions during moves ...)
	NOT-FOR-US: JAMWiki
CVE-2007-0130 (SQL injection vulnerability in user.php in iGeneric iG Calendar 1.0 ...)
	NOT-FOR-US: iG Calendar
CVE-2007-0129 (SQL injection vulnerability in main.asp in LocazoList 2.01a beta5 and ...)
	NOT-FOR-US: LocazoList
CVE-2007-0128 (SQL injection vulnerability in info_book.asp in Digirez 3.4 and ...)
	NOT-FOR-US: Digirez
CVE-2007-0127 (The Javascript SVG support in Opera before 9.10 does not properly ...)
	NOT-FOR-US: Opera
CVE-2007-0126 (Heap-based buffer overflow in Opera 9.02 allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2007-0125 (Kaspersky Labs Antivirus Engine 6.0 for Windows and 5.5-10 for Linux ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2007-0124 (Unspecified vulnerability in Drupal before 4.6.11, and 4.7 before ...)
	- drupal 4.7.5-1 (low)
CVE-2007-0123 (Unrestricted file upload vulnerability in Uber Uploader 4.2 allows ...)
	NOT-FOR-US: Uber Uploader
CVE-2007-0122 (Multiple SQL injection vulnerabilities in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0121 (Cross-site scripting (XSS) vulnerability in search.asp in RI Blog 1.3 ...)
	NOT-FOR-US: RI Blog
CVE-2007-0120 (Acunetix Web Vulnerability Scanner (WVS) 4.0 Build 20060717 and ...)
	NOT-FOR-US: Acunetix Web Vulnerability Scanner
CVE-2007-0119 (Multiple cross-site scripting (XSS) vulnerabilities in EditTag 1.2 ...)
	NOT-FOR-US: EditTag
CVE-2007-0118 (Multiple absolute path traversal vulnerabilities in EditTag 1.2 allow ...)
	NOT-FOR-US: EditTag
CVE-2007-0117 (DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2007-0116 (Digger Solutions Intranet Open Source (IOS) stores sensitive ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2007-0115 (Static code injection vulnerability in Coppermine Photo Gallery 1.4.10 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2007-0114 (Sun Java System Content Delivery Server 5.0 and 5.0 PU1 allows remote ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2007-0113 (Buffer overflow in Packeteer PacketShaper PacketWise 8.x allows remote ...)
	NOT-FOR-US: PacketWise
CVE-2007-0112 (SQL injection vulnerability in cats.asp in createauction allows remote ...)
	NOT-FOR-US: createauction
CVE-2007-0111 (Buffer overflow in Resco Photo Viewer for PocketPC 4.11 and 6.01, as ...)
	NOT-FOR-US: PocketPC
CVE-2007-0110 (Cross-site scripting (XSS) vulnerability in nidp/idff/sso in Novell ...)
	NOT-FOR-US: Novell Access Manager
CVE-2007-0109 (wp-login.php in WordPress 2.0.5 and earlier displays different error ...)
	- wordpress 2.0.6-1 (low)
	NOTE: http://trac.wordpress.org/changeset/4665
CVE-2007-0108 (nwgina.dll in Novell Client 4.91 SP3 for Windows 2000/XP/2003 does not ...)
	NOT-FOR-US: Novell Client
CVE-2007-0105 (Stack-based buffer overflow in the CSAdmin service in Cisco Secure ...)
	NOT-FOR-US: Cisco
CVE-2007-0104 (The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 ...)
	- kdegraphics 4:3.5.5-3 (unimportant)
	- koffice <unfixed> (unimportant)
	- poppler 0.4.5-5.1 (unimportant)
	- xpdf 3.02 (bug #406852; unimportant)
	- swftools <not-affected> (first version that entered the archive is based on xpdf 3.02)
	NOTE: hardly a security issue; if someone sends someone a crafted PDF file triggering
	NOTE: such an endless loop the user will simply abort kpdf and never look at
	NOTE: that file again, this is only denial of service by a _very_ far stretch
	NOTE: of imagination. I suppose KDE Security only issued an update for it
	NOTE: because the shared underlying code was part of the Month of Apple Bugs
	NOTE: and they wanted to debunk claims of code injection.
CVE-2007-0103 (The Adobe PDF specification 1.3, as implemented by Adobe Acrobat ...)
	NOT-FOR-US: Acrobat Reader
CVE-2007-0102 (The Adobe PDF specification 1.3, as implemented by Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0101 (Cross-site request forgery (CSRF) vulnerability in SPINE allows remote ...)
	NOT-FOR-US: SPINE
CVE-2007-0100 (The Perforce client does not restrict the set of files that it ...)
	NOT-FOR-US: Perforce
CVE-2007-0099 (Race condition in the msxml3 module in Microsoft XML Core Services ...)
	NOT-FOR-US: Microsoft
CVE-2007-0098 (Directory traversal vulnerability in language.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2007-0097 (Multiple stack-based buffer overflows in the (1) LoadTree and (2) ...)
	NOT-FOR-US: ConeXware PowerArchive
CVE-2007-0096 (CarbonCommunities stores sensitive information under the web root with ...)
	NOT-FOR-US: Carbon Communities
CVE-2007-0095 (phpMyAdmin 2.9.1.1 allows remote attackers to obtain sensitive ...)
	- phpmyadmin 4:2.9.1.1-1 (bug #399329; unimportant)
	NOTE: Only path disclosure
CVE-2007-0094 (Sven Moderow GuestBook 0.3a stores sensitive information under the web ...)
	NOT-FOR-US: Sven Moderow GuestBook
CVE-2007-0093 (SQL injection vulnerability in page.php in Simple Web Content ...)
	NOT-FOR-US: Simple Web Content Management System
CVE-2007-0092 (SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 ...)
	NOT-FOR-US: E-SMARTCART
CVE-2007-0091 (newsCMSlite stores sensitive information under the web root with ...)
	NOT-FOR-US: newsCMSlite
CVE-2007-0090 (WineGlass stores sensitive information under the web root with ...)
	NOT-FOR-US: WineGlass
CVE-2007-0089 (jgbbs stores sensitive information under the web root with ...)
	NOT-FOR-US: jgbbs
CVE-2007-0088 (Multiple directory traversal vulnerabilities in openmedia allow remote ...)
	NOT-FOR-US: openmedia
CVE-2007-0087 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft IIS
CVE-2007-0086 (** DISPUTED ** ...)
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2007-0085 (Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics ...)
	NOT-FOR-US: OpenBSD VGA wscons driver
CVE-2007-0084 (** DISPUTED ** ...)
	NOT-FOR-US: Windows NT
CVE-2007-0083 (Cross-site scripting (XSS) vulnerability in Nuked Klan 1.7 and earlier ...)
	NOT-FOR-US: Nuked Klan
CVE-2007-0082 (users_adm/start1.php in IMGallery 2.5 and earlier does not properly ...)
	NOT-FOR-US: IMGallery
CVE-2007-0081 (Sunbelt Kerio Personal Firewall (SKPF) 4.3.268 and 4.3.246, and ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2007-0080 (** DISPUTED ** ...)
	- freeradius <unfixed> (unimportant)
	NOTE: Data triggering the buffer overflow can only be controlled by root
CVE-2007-0079 (rblog stores sensitive information under the web root with ...)
	NOT-FOR-US: rblog
CVE-2007-0078 (BattleBlog stores sensitive information under the web root with ...)
	NOT-FOR-US: BattleBlog
CVE-2007-0077 (lblog stores sensitive information under the web root with ...)
	NOT-FOR-US: lblog
CVE-2007-0076 (Openforum stores sensitive information under the web root with ...)
	NOT-FOR-US: Openforum
CVE-2007-0075 (AspBB stores sensitive information under the web root with ...)
	NOT-FOR-US: AspBB
CVE-2007-0074 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0073 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0072 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2007-0071 (Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and ...)
	- flashplugin-nonfree 1:1.4
	NOTE: Fix came from Adobe via new Adobe Flash Player, debian package didn't change
CVE-2007-0070
	RESERVED
CVE-2007-0069 (Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0068 (IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2007-0067 (Unspecified vulnerability in the Lotus Domino Web Server 6.0, 6.5.x ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2007-0066 (The kernel in Microsoft Windows 2000 SP4, XP SP2, and Server 2003, ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0065 (Heap-based buffer overflow in Object Linking and Embedding (OLE) ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0064 (Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, ...)
	NOT-FOR-US: Windows
CVE-2007-0063 (Integer underflow in the DHCP server in EMC VMware Workstation before ...)
	- vmware-package 0.16
CVE-2007-0062 (Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before ...)
	- vmware-package 0.16
CVE-2007-0061 (The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and ...)
	- vmware-package 0.16
CVE-2007-0060 (Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in ...)
	NOT-FOR-US: CA
CVE-2007-0059 (Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0058 (Cisco Clean Access (CCA) 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 ...)
	NOT-FOR-US: Cisco
CVE-2007-0057 (Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through ...)
	NOT-FOR-US: Cisco
CVE-2007-0056 (Multiple cross-site scripting (XSS) vulnerabilities in AShop Deluxe ...)
	NOT-FOR-US: AShop Deluxe
CVE-2007-0055 (Directory traversal vulnerability in formbankcgi.exe/AbfrageForm in ...)
	NOT-FOR-US: Formbankserver
CVE-2007-0054 (Cross-site scripting (XSS) vulnerability in gbrowse.php in Belchior ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2007-0053 (SQL injection vulnerability in detail.asp in ASP SiteWare autoDealer ...)
	NOT-FOR-US: ASP SiteWare autoDealer
CVE-2007-0052 (SQL injection vulnerability in haberdetay.asp in Vizayn Haber allows ...)
	NOT-FOR-US: Vizayn Haber
CVE-2007-0051 (Format string vulnerability in Apple iPhoto 6.0.5 (316), and other ...)
	NOT-FOR-US: Apple iPhoto
CVE-2006-6910 (formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO ...)
	NOT-FOR-US: Fersch Formbankserver
CVE-2006-6909 (Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka ...)
	NOT-FOR-US: Karl Dahlke Edbrowse
CVE-2006-6908 (Buffer overflow in the Bluetooth Stack COM Server in the Widcomm ...)
	NOT-FOR-US: Bluetooth Stack COM Server (Windows)
CVE-2006-6907 (Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown ...)
	NOT-FOR-US: Bluesoil Bluetooth
CVE-2006-6906 (Unspecified vulnerability in the Bluetooth stack on Mac OS 10.4.7 and ...)
	NOT-FOR-US: Bluetooth stack on Mac OS
CVE-2006-6905 (Unspecified vulnerability in the Widcomm Bluetooth stack allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6904 (Unspecified vulnerability in the Broadcom Bluetooth stack allows ...)
	NOT-FOR-US: Broadcom
CVE-2006-6903 (Unspecified vulnerability in the Toshiba Bluetooth stack allows remote ...)
	NOT-FOR-US: Toshiba Bluetooth stack
CVE-2006-6902 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
	NOT-FOR-US: Windows Mobile
CVE-2006-6901 (Unspecified vulnerability in the Bluetooth stack in Microsoft Windows ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-6900 (Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-6899 (hidd in BlueZ (bluez-utils) before 2.25 allows remote attackers to ...)
	- bluez-utils 3.7-1 (bug #408889; medium)
CVE-2006-6898 (Widcomm Bluetooth for Windows (BTW) before 4.0.1.1500 allows remote ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6897 (Directory traversal vulnerability in Widcomm Bluetooth for Windows ...)
	NOT-FOR-US: Widcomm Bluetooth
CVE-2006-6896 (The Bluetooth stack in the Plantronic Headset does not properly ...)
	NOT-FOR-US: Plantronic Headset
CVE-2006-6895 (The Bluetooth stack in the Sony Ericsson T60 does not properly ...)
	NOT-FOR-US: Sony Ericsson T60
CVE-2006-6894 (Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown ...)
	NOT-FOR-US: SPINE
CVE-2006-6893 (Tor allows remote attackers to discover the IP address of a hidden ...)
	- tor <unfixed> (unimportant)
	NOTE: It could be argued that this is a laws-of-physics vulnerability
	NOTE: that is a fundamental design limitation of certain hardware
	NOTE: implementations.
CVE-2006-6892 (Cross-site scripting (XSS) vulnerability in the GetLocation function ...)
	NOT-FOR-US: Jonathon J. Freeman OvBB
CVE-2006-6891 (Vz (Adp) Forum 2.0.3 stores sensitive information under the web root ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-6890 (Voodoo chat 1.0RC1b stores sensitive information under the web root ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-6889 (FreeStyle Wiki (fswiki) 3.6.2 and earlier stores sensitive information ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-6888 (P-News 1.16 and 1.17 store sensitive information under the web root ...)
	NOT-FOR-US: P-News
CVE-2006-6887 (Unrestricted file upload vulnerability in logahead UNU 1.0 allows ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6886 (phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: phpwcms
CVE-2006-6885 (An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6884 (Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka ...)
	NOT-FOR-US: Sky Software
CVE-2006-6883 (** DISPUTED ** ...)
	NOT-FOR-US: PHPIrc_bot
CVE-2006-6882 (Cross-site scripting (XSS) vulnerability in golden book allows remote ...)
	NOT-FOR-US: Golden Book
CVE-2006-6881 (Buffer overflow in the Get_Wep function in cofvnet.c for ATMEL Linux ...)
	NOT-FOR-US: ATMEL WLAN drivers
CVE-2006-6880 (Multiple SQL injection vulnerabilities in code/guestadd.php in ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6879 (Unrestricted file upload vulnerability in admin/uploads.php in ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6878 (admin/uploads.php in PHP-Update 2.7 and earlier allows remote ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6877 (Directory traversal vulnerability in index.php in Matteo Lucarelli ...)
	NOT-FOR-US: Matteo Lucarelli 3editor
CVE-2006-6876 (Buffer overflow in the fetchsms function in the SMS handling module ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6875 (Buffer overflow in the validateospheader function in the Open ...)
	- openser 1.1.1-1 (medium)
	[etch] - openser 1.1.0-9etch1
	NOTE: http://web.archive.org/web/20151126200215/http://www.openser.org/pub/openser/1.1.1/ChangeLog
CVE-2006-6874 (Multiple cross-site scripting (XSS) vulnerabilities in friend.php in ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6873 (Multiple SQL injection vulnerabilities in mod.php in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6872 (Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6871 (Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-6869 (Directory traversal vulnerability in ...)
	NOT-FOR-US: MAXdev
CVE-2006-6868 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web ...)
	NOT-FOR-US: Zen Cart
CVE-2006-6867 (Multiple PHP remote file inclusion vulnerabilities in Vladimir ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6866 (STphp EasyNews PRO 4.0 stores sensitive information under the web root ...)
	NOT-FOR-US: Ahead4
CVE-2006-6865 (Directory traversal vulnerability in SAFileUpSamples/util/viewsrc.asp ...)
	NOT-FOR-US: Softartisans
CVE-2006-6864 (PHP remote file inclusion vulnerability in E2_header.inc.php in ...)
	NOT-FOR-US: Enigma2
CVE-2006-6863 (** DISPUTED ** ...)
	NOT-FOR-US: Enigma2
CVE-2006-6862 (Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6861 (Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 ...)
	NOT-FOR-US: Outfront Spooky Login
CVE-2006-6860 (Buffer overflow in the sendToMythTV function in MythControlServer.c in ...)
	NOT-FOR-US: MythControl
CVE-2006-6859 (SQL injection vulnerability in coupon_detail.asp in Website Designs ...)
	NOT-FOR-US: Website Designs for Less
CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in ...)
	NOT-FOR-US: eNdonesia
CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2006-XXXX [ssmtp password leak]
	- ssmtp 2.61-10.1 (bug #369542; low)
CVE-2006-6870 (The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 ...)
	- avahi 0.6.16-1 (low)
CVE-2007-0106 (Cross-site scripting (XSS) vulnerability in the CSRF protection scheme ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_022007.141.html
CVE-2007-0107 (WordPress before 2.0.6, when mbstring is enabled for PHP, decodes ...)
	- wordpress 2.0.6-1 (bug #405691; medium)
	NOTE: http://www.hardened-php.net/advisory_012007.140.html
CVE-2007-0050 (** DISPUTED ** ...)
	NOT-FOR-US: OpenPinboard
CVE-2007-0049 (Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: TaskTracker
CVE-2007-0048 (Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0047 (CRLF injection vulnerability in Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader with Internet Explorer
CVE-2007-0046 (Double free vulnerability in the Adobe Acrobat Reader Plugin before ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0045 (Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat ...)
	{DSA-1336-1}
	NOT-FOR-US: Adobe Acrobat Reader Plugin
	NOTE: a fix for this is also in iceweasle 2.0.0.2+dfsg-1 (MFSA-2007-02)
	NOTE: and icape 1.0.8-1
CVE-2007-0044 (Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet ...)
	NOT-FOR-US: Adobe Acrobat Reader Plugin
CVE-2007-0043 (The Just In Time (JIT) Compiler service in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0042 (Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0041 (The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 ...)
	NOT-FOR-US: Microsoft .NET
CVE-2007-0040 (The LDAP service in Windows Active Directory in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft Windows
CVE-2007-0039 (The Exchange Collaboration Data Objects (EXCDO) functionality in ...)
	NOT-FOR-US: Microsoft
CVE-2007-0038 (Stack-based buffer overflow in the animated cursor code in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2007-0037
	REJECTED
CVE-2007-0036
	REJECTED
CVE-2007-0035 (Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Word
CVE-2007-0034 (Buffer overflow in the Advanced Search (Finder.exe) feature of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0033 (Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2007-0032
	REJECTED
CVE-2007-0031 (Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0030 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0029 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0028 (Microsoft Excel 2000, 2002, 2003, Viewer 2003, Office 2004 for Mac, ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0027 (Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac ...)
	NOT-FOR-US: Microsoft Excel
CVE-2007-0026 (The OLE Dialog component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0025 (The MFC component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2007-0024 (Integer overflow in the Vector Markup Language (VML) implementation ...)
	NOT-FOR-US: Microsoft IE
CVE-2007-0023 (The CFUserNotificationSendRequest function in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0022 (Untrusted search path vulnerability in writeconfig in Apple Mac OS X ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2007-0021 (Format string vulnerability in Apple iChat 3.1.6 allows remote ...)
	NOT-FOR-US: Apple iChat
CVE-2007-0020 (Heap-based buffer overflow in the SFTP protocol handler for Panic ...)
	NOT-FOR-US: Panic Transmit
CVE-2007-0019 (Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and ...)
	NOT-FOR-US: Maxum Rumpus
CVE-2007-0018 (Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX ...)
	NOT-FOR-US: NCTAudioFile2 ActiveX control
CVE-2007-0017 (Multiple format string vulnerabilities in (1) the cdio_log_handler ...)
	{DSA-1252-1}
	- vlc 0.8.6-svn20061012.debian-1.2 (bug #405425; medium)
CVE-2007-0016 (Stack-based buffer overflow in MoviePlay 4.76 allows remote attackers ...)
	NOT-FOR-US: MoviePlay
CVE-2006-6858 (Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo ...)
	- miredo 1.0.4-2 (bug #405412; bug #405111; medium)
CVE-2006-6857 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-6856 (Direct static code injection vulnerability in WebText CMS 0.4.5.2 and ...)
	NOT-FOR-US: WebText CMS
CVE-2006-6855 (AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to ...)
	NOT-FOR-US: AIDeX Mini-WebServer
CVE-2006-6854 (The qcamvc_video_init function in qcamvc.c in De Marchi Daniele ...)
	NOT-FOR-US: QuickCam VC (linux-uvc and qc-usb in Debian are not related)
CVE-2006-6853 (Buffer overflow in Durian Web Application Server 3.02 freeware on ...)
	NOT-FOR-US: Durian Web Application Server
CVE-2006-6852 (Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 ...)
	- tdiary 2.0.2+20060303-5 (bug #403345; bug #404940; medium)
CVE-2006-6851 (Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php ...)
	NOT-FOR-US: ac4p Mobilelib gold
CVE-2006-6850 (PHP remote file inclusion vulnerability in include.php in the Roster ...)
	NOT-FOR-US: Shadowed Portal / Roster Module
CVE-2006-6849 (administration/index.php in Cahier de texte (CDT) 2.2 does not ...)
	NOT-FOR-US: Cahier de texte (CDT)
CVE-2006-6848 (SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows ...)
	NOT-FOR-US: ASPTicker
CVE-2006-6847 (An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 ...)
	NOT-FOR-US: RealPlayer for Windows
CVE-2006-6846 (Multiple SQL injection vulnerabilities in While You Were Out (WYWO) ...)
	NOT-FOR-US: WYWO - InOut Board
CVE-2006-6845 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6844 (Cross-site scripting (XSS) vulnerability in the optional user comment ...)
	NOT-FOR-US: CMS Made Simple
CVE-2006-6843 (PHP remote file inclusion vulnerability in the BE IT EasyPartner 0.0.9 ...)
	NOT-FOR-US: EasyPartner component for Joomla!
CVE-2006-6842 (SQL injection vulnerability in admin/admin_acronyms.php in the Acronym ...)
	NOT-FOR-US: Acronym Mod for phpBB2
CVE-2006-6841 (Certain forms in phpBB before 2.0.22 lack session checks, which has ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6840 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6839 (Unspecified vulnerability in phpBB before 2.0.22 has unknown impact ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-6 (bug #405980)
CVE-2006-6838 (Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to ...)
	NOT-FOR-US: Rediff Bol Downloader ActiveX (OCX) control
CVE-2006-6837 (Multiple stack-based buffer overflows in the (1) LoadTree, (2) ...)
	NOT-FOR-US: Total Commander
CVE-2007-XXXX [webcam-server unspecified vulnerability]
	- webcam-server 0.50-2
CVE-2007-0015 (Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to ...)
	NOT-FOR-US: Apple Quicktime
CVE-2007-0014 (ChainKey Java Code Protection allows attackers to decompile Java class ...)
	NOT-FOR-US: ChainKey Java Code Protection
CVE-2007-0013
	RESERVED
CVE-2007-0012 (Sun JRE 5.0 before update 14 allows remote attackers to cause a denial ...)
	- sun-java5 <removed> (unimportant)
	- sun-java6 <removed> (unimportant)
	- openjdk-6 <removed> (unimportant)
	NOTE: not a security issue, browser dos treated as regular bugs, also likely Windows-specific
CVE-2007-0011 (The web portal interface in Citrix Access Gateway (aka Citrix Advanced ...)
	NOT-FOR-US: Citrix Access Gateway
CVE-2006-6836 (Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 ...)
	NOT-FOR-US: IBM
CVE-2006-6835 (SQL injection vulnerability in Journal.inc.php in Neocrome Land Down ...)
	NOT-FOR-US: Land Down Under
CVE-2006-6834 (Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have ...)
	NOT-FOR-US: Joomla
CVE-2006-6833 (com_categories in Joomla! before 1.0.12 does not validate input, which ...)
	NOT-FOR-US: Joomla
CVE-2006-6832 (Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 ...)
	NOT-FOR-US: Joomla
CVE-2006-6831 (SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote ...)
	NOT-FOR-US: aFAQ
CVE-2006-6830 (PHP remote file inclusion vulnerability in b2verifauth.php in b2 Blog ...)
	NOT-FOR-US: b2 Blog
CVE-2006-6829 (Efkan Forum 1.0 and earlier store sensitive information under the web ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6828 (Multiple SQL injection vulnerabilities in Efkan Forum 1.0 and earlier ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6827 (Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a ...)
	- flashplugin-nonfree <not-affected> (Windows-specific)
CVE-2006-6826 (Unspecified vulnerability in the tab editor for Personal .NET Portal ...)
	NOT-FOR-US: Personal .NET Portal
CVE-2006-6825 (Calendar MX BASIC 1.0.2 and earlier store sensitive information under ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6824 (Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad ...)
	NOT-FOR-US: iCalendar
CVE-2006-6823 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Yrch!
CVE-2006-6822 (myprofile.asp in Enthrallweb eClassifieds does not properly validate ...)
	NOT-FOR-US: Enthrallweb eClassifieds
CVE-2006-6821 (myprofile.asp in Enthrallweb eNews does not properly validate the ...)
	NOT-FOR-US: Enthrallweb eNews
CVE-2006-6820 (myprofile.asp in Enthrallweb eCoupons does not properly validate the ...)
	NOT-FOR-US: Enthrallweb eCoupons
CVE-2006-6819 (AlstraSoft Web Host Directory stores sensitive information under the ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6818 (AlstraSoft Web Host Directory allows remote attackers to bypass ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6817 (AlstraSoft Web Host Directory allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-6816 (Multiple SQL injection vulnerabilities in DMXReady Secure Login ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6815 (Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure ...)
	NOT-FOR-US: DMXReady Secure Login Manager
CVE-2006-6814 (Directory traversal vulnerability in FolderManager/FolderManager.aspx ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-6813 (SQL injection vulnerability in detail.asp in Mxmania File Upload ...)
	NOT-FOR-US: Mxmania File Upload Manager
CVE-2006-6812 (Multiple PHP remote file inclusion vulnerabilities in myPHPCalendar ...)
	NOT-FOR-US: myPHPCalendar
CVE-2006-6811 (KsIRC 1.3.12 allows remote attackers to cause a denial of service ...)
	- kdenetwork 4:3.5.5-4 (low; bug #405828)
	[sarge] - kdenetwork <no-dsa> (Minor issue)
CVE-2006-6810 (Unspecified vulnerability in the clear_user_list function in ...)
	NOT-FOR-US: DB Hub
CVE-2006-6809 (Multiple PHP remote file inclusion vulnerabilities in process.php in ...)
	NOT-FOR-US: buratinable templator (aka bubla)
CVE-2006-6808 (Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in ...)
	- wordpress 2.0.6-1 (bug #405299)
CVE-2006-6807 (SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda ...)
	NOT-FOR-US: Ananda Real Estate
CVE-2006-6806 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates ...)
	NOT-FOR-US: Enthrallweb eMates
CVE-2006-6805 (SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs ...)
	NOT-FOR-US: Enthrallweb eJobs
CVE-2006-6804 (SQL injection vulnerability in bus_details.asp in Dragon Business ...)
	NOT-FOR-US: Dragon Business Directory - Pro
CVE-2006-6803 (SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 ...)
	NOT-FOR-US: Enthrallweb eCars
CVE-2006-6802 (SQL injection vulnerability in actualpic.asp in Enthrallweb ePages ...)
	NOT-FOR-US: Enthrallweb ePages
CVE-2006-6801 (PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, ...)
	NOT-FOR-US: SH-News
CVE-2006-6800 (PHP remote file inclusion in eventcal/mod_eventcal.php in the event ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-6799 (SQL injection vulnerability in Cacti 0.8.6i and earlier, when ...)
	{DSA-1250-1}
	- cacti 0.8.6i-3 (bug #404818; high)
CVE-2006-6798
	RESERVED
CVE-2006-6797 (The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6796 (PHP remote file inclusion vulnerability in admin/admin_settings.php in ...)
	NOT-FOR-US: MTCMS
CVE-2006-6795 (PHP remote file inclusion vulnerability in gallery/displayCategory.php ...)
	NOT-FOR-US: myPHPNuke
CVE-2006-6794 (SQL injection vulnerability in default.asp in Efkan Forum 1.0 allows ...)
	NOT-FOR-US: Efkan Forum
CVE-2006-6793 (PHP remote file inclusion vulnerability in ataturk.php in Okul Merkezi ...)
	NOT-FOR-US: Okul Merkezi Portal
CVE-2006-6792 (SQL injection vulnerability in calendar_detail.asp in Calendar MX ...)
	NOT-FOR-US: Calendar MX
CVE-2006-6791 (SQL injection vulnerability in SelGruFra.asp in chatwm 1.0 allows ...)
	NOT-FOR-US: chatwm
CVE-2006-6790 (Direct static code injection vulnerability in chat/login.php in ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-6789 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Phpbbxtra
CVE-2006-6788 (Multiple PHP remote file inclusion vulnerabilities in LuckyBot 3 allow ...)
	NOT-FOR-US: LuckyBot
CVE-2006-6787 (SQL injection vulnerability in admin/admin_mail_adressee.asp in ...)
	NOT-FOR-US: Newsletter MX
CVE-2006-6786 (Open Newsletter 2.5 and earlier allows remote authenticated ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6785 (The (1) settings.php and (2) subscribers.php scripts in Open ...)
	NOT-FOR-US: Open Newsletter
CVE-2006-6784 (SQL injection vulnerability in Netbula Anyboard allows remote ...)
	NOT-FOR-US: Netbula Anyboard
CVE-2006-6783 (logahead UNU 1.0 before 20061226 allows remote attackers to upload ...)
	NOT-FOR-US: logahead UNU
CVE-2006-6782 (Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and ...)
	NOT-FOR-US: pnamazu
CVE-2006-6781 (HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: HLstats
CVE-2006-6780 (SQL injection vulnerability in the login form in HLstats 1.20 through ...)
	NOT-FOR-US: HLstats
CVE-2006-6779 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows ...)
	NOT-FOR-US: vBulletin
CVE-2006-6778 (Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf ...)
	NOT-FOR-US: TimberWolf
CVE-2006-6777 (Cross-site scripting (XSS) vulnerability in index.cfm in Future ...)
	NOT-FOR-US: Future Internet
CVE-2006-6776 (Multiple SQL injection vulnerabilities in Future Internet allow remote ...)
	NOT-FOR-US: Future Internet
CVE-2006-6775 (acFTP 1.5 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: acFTP
CVE-2006-6774 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Content Federator
CVE-2006-6773 (pages/register/register.php in Fishyshoop 0.930 beta allows remote ...)
	NOT-FOR-US: Fishyshoop
CVE-2006-6772 (Format string vulnerability in the inputAnswer function in file.c in ...)
	- w3m 0.5.1-5.1 (bug #404564; low)
	- w3mmee <not-affected> (Does not include this format string vuln in the code)
	[sarge] - w3m <no-dsa> (Minor issue, only exploitable in dump mode)
CVE-2006-6771 (Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 ...)
	NOT-FOR-US: Irokez CMS
CVE-2006-6770 (Multiple PHP remote file inclusion vulnerabilities in Jinzora Media ...)
	NOT-FOR-US: Jinzora Media Jukebox
CVE-2006-6769 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 ...)
	NOT-FOR-US: PHP Live!
CVE-2005-4822 (SQL injection vulnerability in projects/project-edit.asp in Digger ...)
	NOT-FOR-US: Digger Solutions Intranet Open Source (IOS)
CVE-2005-4821 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4820 (SMC Wireless Router model SMC7904WBRA allows remote attackers to cause ...)
	NOT-FOR-US: SMC
CVE-2005-4819 (Cross-site scripting (XSS) vulnerability in Lotus Domino versions ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-4818 (Multiple SQL injection vulnerabilities in Copernicus Europa allow ...)
	NOT-FOR-US: Copernicus Europa
CVE-2005-4817 (Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) ...)
	- tmsnc 0.2.5-1
CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 ...)
	NOT-FOR-US: Land Down Under
CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote ...)
	- interchange 4.9.8-1
CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before ...)
	NOT-FOR-US: Lotus Domino
CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...)
	NOT-FOR-US: Land Down Under (LDU)
CVE-2006-6768 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6767 (oftpd before 0.3.7 allows remote attackers to cause a denial of ...)
	- oftpd <removed>
CVE-2006-6766 (Multiple SQL injection vulnerabilities in cwmExplorer 1.1.0 and ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6765 (Multiple PHP file inclusion vulnerabilities in src/admin/pt_upload.php ...)
	NOT-FOR-US: Pagetool
CVE-2006-6764 (PHP remote file inclusion vulnerability in authenticate.php in Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6763 (Multiple PHP remote file inclusion vulnerabilities in the Keep It ...)
	NOT-FOR-US: Keep It Simple Guest Book (KISGB)
CVE-2006-6762 (The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6761 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6760 (Multiple PHP remote file inclusion vulnerabilities in template.php in ...)
	NOT-FOR-US: phpMyAnime (aka phpmymanga)
CVE-2006-6759 (A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer ...)
	NOT-FOR-US: RealNetworks RealPlayer
CVE-2006-6758 (Directory traversal vulnerability in Http explorer 1.02 allows remote ...)
	NOT-FOR-US: Http explorer
CVE-2006-6757 (Directory traversal vulnerability in index.php in cwmExplorer 1.0 ...)
	NOT-FOR-US: cwmExplorer
CVE-2006-6756 (The code function in install.fct.php in Ixprim 1.2 produces a ...)
	NOT-FOR-US: Ixprim
CVE-2006-6755 (Ixprim 1.2 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Ixprim
CVE-2006-6754 (Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote ...)
	NOT-FOR-US: Ixprim
CVE-2006-6753 (Event Viewer (eventvwr.exe) in Microsoft Windows does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2006-6752 (Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain ...)
	NOT-FOR-US: FTPRush
CVE-2006-6751 (Format string vulnerability in XM Easy Personal FTP Server 5.2.1 ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6750 (Format string vulnerability in XM Easy Personal FTP Server 5.0.1 ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-6748 (PHP remote file inclusion vulnerability in i-accueil.php in Newxooper ...)
	NOT-FOR-US: Newxooper
CVE-2006-6747 (SQL injection vulnerability in show_news.php in Xt-News 0.1 allows ...)
	NOT-FOR-US: Xt-News
CVE-2006-6746 (Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 ...)
	NOT-FOR-US: Xt-News
CVE-2006-6745 (Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6744 (phpProfiles before 2.1.1 does not have an index.php or other index ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6743 (phpProfiles before 2.1.1 uses world writable permissions for certain ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6742 (Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP ...)
	NOT-FOR-US: HP
CVE-2006-6741 (Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal ...)
	NOT-FOR-US: MKPortal
CVE-2006-6740 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles ...)
	NOT-FOR-US: phpProfiles
CVE-2006-6739 (PHP remote file inclusion vulnerability in buycd.php in Paristemi ...)
	NOT-FOR-US: Paristemi
CVE-2006-6738 (PHP remote file inclusion vulnerability in statistic.php in cwmCounter ...)
	NOT-FOR-US: cwmCounter
CVE-2006-6737 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6736 (Unspecified vulnerability in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-07-1
CVE-2006-6735 (modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6734 (Cross-site scripting (XSS) vulnerability in modules/viewcategory.php ...)
	NOT-FOR-US: Website Mini Web Shop
CVE-2006-6733 (Cross-site scripting (XSS) vulnerability in support/view.php in ...)
	NOT-FOR-US: Support Cards 1 (osTicket)
CVE-2006-6732 (PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 ...)
	NOT-FOR-US: cwmVote
CVE-2006-6731 (Multiple buffer overflows in Sun Java Development Kit (JDK) and Java ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6730 (OpenBSD and NetBSD permit usermode code to kill the display server and ...)
	NOTE: Access to DMA-capable hardware such as graphics cards can,
	NOTE: by design, bypass security restrictions. Not a real issue.
CVE-2006-6729 (Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier ...)
	NOT-FOR-US: a-blog
CVE-2006-6728 (Unspecified vulnerability in the info request mechanism in LAN ...)
	NOT-FOR-US: LAN Messenger
CVE-2006-6727 (PHP remote file inclusion vulnerability in inertianews_class.php in ...)
	NOT-FOR-US: inertianews
CVE-2006-6726 (PHP remote file inclusion vulnerability in inertianews_main.php in ...)
	NOT-FOR-US: inertianews
CVE-2006-6725 (Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and ...)
	NOT-FOR-US: PHPBuilder
CVE-2006-6724 (BolinTech Dream FTP Server 1.02 allows remote authenticated users, ...)
	NOT-FOR-US: BolinTech Dream FTP Server
CVE-2006-6723 (The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6722 (Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers ...)
	NOT-FOR-US: Bandwebsite (aka Bandsite portal system)
CVE-2006-6721 (Multiple cross-site scripting (XSS) vulnerabilities in shout.php in ...)
	NOT-FOR-US: Knusperleicht ShoutBox
CVE-2006-6720 (PHP remote file inclusion vulnerability in admin/index_sitios.php in ...)
	NOT-FOR-US: Azucar CMS
CVE-2006-6719 (The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) ...)
	- wget 1.13-1 (unimportant)
	NOTE: An FTP server crashing a download utility is a bug, but not a DoS security issue
	NOTE: http://git.savannah.gnu.org/cgit/wget.git/commit/?id=bd7f4ef701ce5db64659db496d3f47aeedfadac2 (v1.13)
CVE-2006-6718 (The Allied Telesis AT-9000/24 Ethernet switch has a default password ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6717 (The Allied Telesis AT-9000/24 Ethernet switch accepts management ...)
	NOT-FOR-US: Allied Telesis
CVE-2006-6716 (SQL injection vulnerability in administration/administre2.php in Eric ...)
	NOT-FOR-US: uploader&downloader
CVE-2006-6715 (PHP remote file inclusion vulnerability in footer.inc.php in PowerClan ...)
	NOT-FOR-US: PowerClan
CVE-2006-6714 (Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6713 (Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before ...)
	NOT-FOR-US: Hitachi Directory Server
CVE-2006-6712 (Cross-site scripting (XSS) vulnerability in SugarCRM Open Source ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-6711 (PHP remote file inclusion vulnerability in compteur/mapage.php in ...)
	NOT-FOR-US: Newxooper
CVE-2006-6710 (Multiple PHP remote file inclusion vulnerabilities in PgmReloaded ...)
	NOT-FOR-US: PgmReloaded
CVE-2006-6709 (Multiple SQL injection vulnerabilities in MGinternet Property Site ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6708 (Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet ...)
	NOT-FOR-US: MGinternet Property Site Manager
CVE-2006-6707 (Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ...)
	NOT-FOR-US: NeoTraceExplorer.NeoTraceLoader ActiveX control
CVE-2006-6706 (SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6705 (Multiple unspecified vulnerabilities in the template files in Soumu ...)
	NOT-FOR-US: Soumu Workflow
CVE-2006-6704 (Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail ...)
	NOT-FOR-US: @Mail
CVE-2006-6703 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6702 (Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before ...)
	NOT-FOR-US: @Mail
CVE-2006-6701 (Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail ...)
	NOT-FOR-US: @Mail
CVE-2006-6700 (Cross-site scripting (XSS) vulnerability in @Mail WebMail allows ...)
	NOT-FOR-US: @Mail
CVE-2006-6699 (Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and ...)
	NOT-FOR-US: Oracle Portal
CVE-2006-6698 (The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files ...)
	- gconf2 2.24.0-1 (unimportant; bug #404743)
	NOTE: Minor nuisance, not much of a security problem
CVE-2005-4816 (Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote ...)
	{DSA-1245-1}
	- proftpd-dfsg 1.2.10+1.3.0rc5-1 (bug #404751; medium)
CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...)
	NOT-FOR-US: EternalMart Guestbook (EMGB)
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart ...)
	NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
CVE-2006-6749 (Buffer overflow in the parse_expression function in parse_config in ...)
	- openser 1.1.0-8 (medium; bug #404591)
CVE-2006-XXXX [insecure rpath in libflash-mozplugin]
	- libflash 0.4.13-9 (low; bug #399508)
	[etch] - libflash <no-dsa> (Not exploitable through directory writable by an unprivileged user)
CVE-2006-6697 (CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-6696 (Double free vulnerability in Microsoft Windows 2000, XP, 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-6695 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6694 (Directory traversal vulnerability in include/config.php in E-Uploader ...)
	NOT-FOR-US: E-Uploader
CVE-2006-6693 (Multiple buffer overflows in zabbix before 20061006 allow attackers to ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6692 (Multiple format string vulnerabilities in zabbix before 20061006 allow ...)
	- zabbix 1:1.1.2-4 (medium; bug #391388)
CVE-2006-6691 (Multiple PHP remote file inclusion vulnerabilities in Valdersoft ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-6690 (rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through ...)
	- typo3-src 4.0.2+debian-2 (high; bug #403906)
	NOTE: http://typo3.org/news-single-view/?tx_newsimporter_pi1%5BshowItem%5D=0&cHash=e4a40a11a9
CVE-2006-6689 (Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 ...)
	NOT-FOR-US: Paristemi
CVE-2006-6688 (Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6687 (Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal ...)
	NOT-FOR-US: Web Automated Perl Portal (WebAPP)
CVE-2006-6686 (PHP remote file inclusion vulnerability in sender.php in Carsen Klock ...)
	NOT-FOR-US: Carsen Klock TextSend
CVE-2006-6685 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6684 (Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6683 (Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6682 (Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6681 (Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6680 (Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need ...)
	- chetcpasswd <removed> (low)
CVE-2006-6679 (Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6678 (The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier ...)
	{DSA-1251-1}
	- netrik 1.15.3-1.1 (medium; bug #404233)
CVE-2006-6677 (ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6676 (Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 ...)
	NOT-FOR-US: ESET NOD32 Antivirus
CVE-2006-6675 (Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support ...)
	NOT-FOR-US: Novell
CVE-2006-6674 (Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and ...)
	NOT-FOR-US: Ozeki HTTP-SMS Gateway
CVE-2006-6673 (WinFtp Server 2.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinFtp Server
CVE-2006-6672 (Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal ...)
	NOT-FOR-US: Download Portal
CVE-2006-6671 (SQL injection vulnerability in down.asp in Burak Yylmaz Download ...)
	NOT-FOR-US: Download Portal
CVE-2006-6670 (Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown ...)
	NOT-FOR-US: Nortel CallPilot
CVE-2006-6669 (Cross-site scripting (XSS) vulnerability in export_handler.php in ...)
	{DSA-1279-1}
	- webcalendar 1.0.5-2 (low; bug #404234)
CVE-2006-6668 (Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6667 (Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6666 (PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 ...)
	NOT-FOR-US: VerliAdmin
CVE-2006-6665 (Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier ...)
	NOT-FOR-US: DeepBurner
CVE-2006-6664 (Format string vulnerability in Marathon Aleph One before 0.17.1 and ...)
	NOT-FOR-US: Aleph One
CVE-2006-6663 (The server component in Marathon Aleph One before 0.17.1 and ...)
	NOT-FOR-US: Aleph One
CVE-2006-6662 (Unspecified vulnerability in Linux User Management (novell-lum) on ...)
	NOT-FOR-US: Linux User Management (novell-lum)
CVE-2006-6661 (Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and ...)
	NOT-FOR-US: PHP-Update
CVE-2006-6660 (The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by ...)
	- kdelibs <not-affected> (at least it is fixed in 4:3.5.5a.dfsg.1-5)
	NOTE: is DoS only, anyway
CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when ...)
	- chetcpasswd <removed> (medium)
CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows ...)
	- chetcpasswd <removed> (low)
CVE-2007-0010 (The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) ...)
	{DSA-1256-1}
	- gtk+2.0 2.8.20-5
CVE-2007-0009 (Stack-based buffer overflow in the SSLv2 support in Mozilla Network ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0008 (Integer underflow in the SSLv2 support in Mozilla Network Security ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-06
	- iceweasel 2.0.0.2+dfsg-1 (low)
	- iceape 1.0.8-1 (low)
	- xulrunner 1.8.0.10-1 (low)
	- icedove 1.5.0.10.dfsg1-1
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2007-0007 (gnucash 2.0.4 and earlier allows local users to overwrite arbitrary ...)
	- gnucash 2.0.5-1 (bug #411942; medium)
CVE-2007-0006 (The key serial number collision avoidance code in the key_alloc_serial ...)
	- linux-2.6 2.6.18.dfsg.1-12
CVE-2007-0005 (Multiple buffer overflows in the (1) read and (2) write handlers in ...)
	{DSA-1286-1}
	- linux-2.6 2.6.20-1
CVE-2007-0004 (The NFS client implementation in the kernel in Red Hat Enterprise ...)
	NOTE: if security relevant at all, it's 2.4.* only
	- linux-2.6 <not-affected> (2.4 only)
CVE-2007-0003 (pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers ...)
	- pam <not-affected> (Only pam 0.99.7 affected)
CVE-2007-0002 (Multiple heap-based buffer overflows in WordPerfect Document ...)
	{DSA-1270-1 DSA-1268-1}
	- libwpd 0.8.9-1
	NOTE: openoffice.org changelog indicates libwpd is included but not used
	- openoffice.org 2.0.4.dfsg.2-6
	[etch] - openoffice.org 2.0.4.dfsg.2-5etch1
	[etch] - libwpd 0.8.7-6
CVE-2007-0001 (The file watch implementation in the audit subsystem (auditctl -w) in ...)
	- linux-2.6 <not-affected> (Red Hat specific vulnerability)
CVE-2006-6659 (The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-6658 (Inktomi Search 4.1.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Inktomi
CVE-2006-6657 (The if_clone_list function in NetBSD-current before 20061027, NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2006-6656 (Unspecified vulnerability in ptrace in NetBSD-current before 20061027, ...)
	NOT-FOR-US: NetBSD
CVE-2006-6655 (The procfs implementation in NetBSD-current before 20061023, NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2006-6654 (The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6653 (The accept function in NetBSD-current before 20061023, NetBSD 3.0 and ...)
	NOT-FOR-US: NetBSD
CVE-2006-6652 (Buffer overflow in the glob implementation (glob.c) in libc in ...)
	NOT-FOR-US: NetBSD
CVE-2006-6651 (Race condition in W29N51.SYS in the Intel 2200BG wireless driver ...)
	NOT-FOR-US: Intel
CVE-2006-6650 (PHP remote file inclusion vulnerability in charts_constants.php in the ...)
	NOT-FOR-US: mxBB
CVE-2006-6649 (Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 ...)
	NOT-FOR-US: HyperVM
CVE-2006-6648 (PHP remote file inclusion vulnerability in main.inc.php in ...)
	NOT-FOR-US: RateMe
CVE-2006-6647 (Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before ...)
	NOT-FOR-US: MySite for Drupal
CVE-2006-6646 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) ...)
	NOT-FOR-US: Drupal Project Issue Tracking
CVE-2006-6645 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web Links module for mxBB
CVE-2006-6644 (PHP remote file inclusion vulnerability in pages/meeting_constants.php ...)
	NOT-FOR-US: Meeting module for mxBB
CVE-2006-6643 (Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to ...)
	NOT-FOR-US: Fightersoft Multimedia Star FTP server
CVE-2006-6642 (SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 ...)
	NOT-FOR-US: Sistemi
CVE-2006-6641 (Unspecified vulnerability in CA CleverPath Portal before maintenance ...)
	NOT-FOR-US: CA CleverPath Portal
CVE-2006-6640 (Multiple cross-site scripting (XSS) vulnerabilities in Omniture ...)
	NOT-FOR-US: SiteCatalyst
CVE-2006-6639 (Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local ...)
	- chetcpasswd <removed> (medium)
CVE-2006-6638 (IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial ...)
	NOT-FOR-US: IBM
CVE-2006-6637 (The Servlet Engine and Web Container in IBM WebSphere Application ...)
	NOT-FOR-US: IBM
CVE-2006-6636 (Unspecified vulnerability in the Utility Classes for IBM WebSphere ...)
	NOT-FOR-US: IBM
CVE-2006-6635 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: JumbaCMS
CVE-2006-6634 (Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai ...)
	NOT-FOR-US: ExtCalThai for Mambo
CVE-2006-6633 (PHP remote file inclusion vulnerability in include/yapbb_session.php ...)
	NOT-FOR-US: YapBB
CVE-2006-6632 (PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 ...)
	NOT-FOR-US: Genepi
CVE-2006-6631 (PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php ...)
	NOT-FOR-US: osprey
CVE-2006-6630 (PHP remote file inclusion vulnerability in ListRecords.php in osprey ...)
	NOT-FOR-US: osprey
CVE-2006-6629 (lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) ...)
	NOT-FOR-US: WeBWorK
CVE-2006-6628 (Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted ...)
	- openoffice.org 2.0.4.dfsg.2-3 (unimportant; bug #404105)
	NOTE: No code injection possible, just a crash
CVE-2006-6627 (Integer overflow in the packed PE file parsing implementation in ...)
	NOT-FOR-US: BitDefender
CVE-2006-6626 (Cross-site scripting (XSS) vulnerability in an unspecified component ...)
	- moodle 1.6-1
	NOTE: Does not affect moodle 1.6 according to SecurityFocus.
CVE-2006-6625 (Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in ...)
	- moodle 1.6.3-2 (low)
	NOTE: "SC#341 fixed initilaization of navtail variable"
	NOTE: http://moodle.cvs.sourceforge.net/moodle/moodle/mod/forum/discuss.php?view=log
CVE-2006-6624 (The FTP Server in Sambar Server 6.4 allows remote authenticated users ...)
	NOT-FOR-US: Sambar
CVE-2006-6623 (Sygate Personal Firewall 5.6.2808 relies on the Process Environment ...)
	NOT-FOR-US: Sygate
CVE-2006-6622 (Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the ...)
	NOT-FOR-US: Soft4Ever Look 'n' Stop
CVE-2006-6621 (Filseclab Personal Firewall 3.0.0.8686 relies on the Process ...)
	NOT-FOR-US: Filseclab Personal Firewall
CVE-2006-6620 (Comodo Personal Firewall 2.3.6.81 relies on the Process Environment ...)
	NOT-FOR-US: Comodo Personal Firewall
CVE-2006-6619 (AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment ...)
	NOT-FOR-US: AVG Anti-Virus plus Firewall
CVE-2006-6618 (AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block ...)
	NOT-FOR-US: AntiHook 3.0.0.23 - Desktop
CVE-2006-6617 (projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-6616 (index.php in w00t Gallery 1.4.0 allows remote authenticated users with ...)
	NOT-FOR-US: w00t Gallery
CVE-2006-6615 (PHP remote file inclusion vulnerability in includes/act_constants.php ...)
	NOT-FOR-US: Activity Games module for mxBB
CVE-2006-6614 (The save_log_local function in Fully Automatic Installation (FAI) ...)
	- fai 3.1.3 (low; bug #402644)
	[sarge] - fai <no-dsa> (Minor issue, only in rare configs and use cases)
CVE-2006-6613 (Directory traversal vulnerability in language.php in phpAlbum 0.4.1 ...)
	NOT-FOR-US: phpAlbum
CVE-2006-6612 (PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms ...)
	NOT-FOR-US: PhpMyCms
CVE-2006-6611 (PHP remote file inclusion vulnerability in interface.php in Barman ...)
	NOT-FOR-US: Barman
CVE-2006-6610 (clientcommands in Nexuiz before 2.2.1 has unknown impact and remote ...)
	- nexuiz 2.2.1-1 (low)
	NOTE: Only game console command execution possible, not shell commands
CVE-2006-6609 (Nexuiz before 2.2.1 allows remote attackers to cause a denial of ...)
	- nexuiz 2.2.1-1
CVE-2006-6608 (Unspecified vulnerability in SSH key based authentication in HP ...)
	NOT-FOR-US: HP
CVE-2006-6607 (The Java Key Store (JKS) for WebSphere Application Server (WAS) for ...)
	NOT-FOR-US: IBM
CVE-2006-6606 (Multiple SQL injection vulnerabilities in Clarens jclarens before ...)
	NOT-FOR-US: jclarens
CVE-2006-6605 (Stack-based buffer overflow in the POP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-6604 (Directory traversal vulnerability in downloaddetails.php in ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6603 (Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) ...)
	NOT-FOR-US: YMMAPI.YMailAttach
CVE-2006-6602 (explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2006-6601 (Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-6600 (Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6599 (maketorrent.php in TorrentFlux 2.2 allows remote authenticated users ...)
	- torrentflux 2.1-7 (medium; bug #400582)
CVE-2006-6598 (Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux ...)
	- torrentflux 2.1-6
CVE-2006-6597 (Argument injection vulnerability in HyperAccess 8.4 allows ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6596 (HyperAccess 8.4 allows user-assisted remote attackers to execute ...)
	NOT-FOR-US: HyperAccess
CVE-2006-6595 (Multiple SQL injection vulnerabilities in ScriptMate User Manager 2.1 ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6594 (SQL injection vulnerability in utilities/usermessages.asp in ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6593 (PHP remote file inclusion vulnerability in zufallscodepart.php in ...)
	NOT-FOR-US: AMAZONIA MOD for phpBB
CVE-2006-6592 (Multiple PHP remote file inclusion vulnerabilities in Bloq 0.5.4 allow ...)
	NOT-FOR-US: Bloq
CVE-2006-6591 (PHP remote file inclusion vulnerability in fonctions/template.php in ...)
	NOT-FOR-US: EXlor
CVE-2006-6590 (PHP remote file inclusion vulnerability in usercp_menu.php in AR ...)
	NOT-FOR-US: AR Memberscript
CVE-2006-6589 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6588 (The forum implementation in the ecommerce component in the Apache Open ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6587 (Cross-site scripting (XSS) vulnerability in the forum implementation ...)
	NOT-FOR-US: Apache Open For BusinessProject (OFBiz)
CVE-2006-6586 (Multiple PHP remote file inclusion vulnerabilities in Vortex Blog ...)
	NOT-FOR-US: Vortex Blog
CVE-2006-6585 (The Extensions manager in Mozilla Firefox 2.0 does not properly ...)
	- iceweasel 2.0.0.1+dfsg-1
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
CVE-2006-6584 (Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow ...)
	NOT-FOR-US: italkplus (Italk+)
CVE-2006-6583 (ScriptMate User Manager 2.1 and earlier allow remote attackers to ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6582 (Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User ...)
	NOT-FOR-US: ScriptMate User Manager
CVE-2006-6581 (PHP remote file inclusion vulnerability in tests/debug_test.php in ...)
	NOT-FOR-US: PHP_Debug
CVE-2006-6580 (admin/change.php in ProNews 1.5 does not check whether a user is ...)
	NOT-FOR-US: ProNews
CVE-2006-6579 (Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and ...)
	NOT-FOR-US: Microsoft
CVE-2006-6578 (Microsoft Internet Information Services (IIS) 5.1 permits the ...)
	NOT-FOR-US: Microsoft
CVE-2006-6577 (SQL injection vulnerability in polls.php in Neocrome Land Down Under ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6576 (Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 ...)
	NOT-FOR-US: Golden FTP Server
CVE-2006-6575 (PHP remote file inclusion vulnerability in ldap.php in Brian Drawert ...)
	NOT-FOR-US: Yet Another PHP LDAP Admin Project (yaplap)
CVE-2006-6574 (Mantis before 1.1.0a2 does not implement per-item access control for ...)
	{DSA-1467-1}
	- mantis 1.0.6+dfsg-3 (bug #402802)
	[sarge] - mantis 0.19.2-5sarge5
CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...)
	- mantis 0.19.2-1
CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2006-XXXX [gaim crash when receiving an invalid UPnP response]
	- gaim 1:2.0.0+beta5-9 (low)
	[sarge] - gaim <no-dsa> (minor issue)
CVE-2006-XXXX [dsniff urlsnarf missing output sanitization]
	- dsniff 2.4b1+debian-16 (unimportant; bug #400624)
	NOTE: While older terminals were vulnerable to some attacks involving terminal
	NOTE: sequences, the lack of shell escaping is not a vulnerability in dsniff
CVE-2006-XXXX [archivemail insecure temporary file issues]
	- archivemail 0.6.2-2
	[sarge] - archivemail <no-dsa> (minor issue)
CVE-2006-XXXX [pythonpaste web root esacpe]
	- paste 1.0.1-1
	NOTE: http://pythonpaste.org/archives/message/20061218.050654.e8997561.en.html
CVE-2006-XXXX [moodle unspecified security bug in the forum module (discuss.php)]
	- moodle 1.6.3-2
CVE-2006-XXXX [znc file access security hole]
	- znc 0.045-3 (bug #403141; medium)
CVE-2006-6573 (Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced ...)
	NOT-FOR-US: Citrix
CVE-2006-6572 (Unspecified vulnerability in Citrix Advanced Access Control (AAC) ...)
	NOT-FOR-US: Citrix
CVE-2006-6571 (Multiple cross-site scripting (XSS) vulnerabilities in form.php in ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6570 (Unrestricted file upload vulnerability in upload.php in GenesisTrader ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6569 (form.php in GenesisTrader 1.0 allows remote attackers to read source ...)
	NOT-FOR-US: GenesisTrader
CVE-2006-6568 (Directory traversal vulnerability in includes/kb_constants.php in the ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6567 (PHP remote file inclusion vulnerability in includes/kb_constants.php ...)
	NOT-FOR-US: Knowledge Base (mx_kb) 2.0.2 module for mxBB
CVE-2006-6566 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Profile Control Panel (CPanel) module for mxBB
CVE-2006-6565 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6564 (FileZilla Server before 0.9.22 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla Server
CVE-2006-6563 (Stack-based buffer overflow in the pr_ctrls_recv_request function in ...)
	- proftpd-dfsg 1.3.0-17 (medium)
	[sarge] - proftpd <not-affected> (Vulnerable code not activated in binary build)
CVE-2006-6562
	RESERVED
CVE-2006-6561 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Word ...)
	NOT-FOR-US: Microsoft
CVE-2006-6560 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
	NOT-FOR-US: mx_modsdb 1.0.0 module for MxBBmx_modsdb 1.0.0 module for MxBB
CVE-2006-6559 (SQL injection vulnerability in ProductDetails.asp in Lotfian Request ...)
	NOT-FOR-US: Lotfian Request For Travel
CVE-2006-6558 (Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Crob FTP Server
CVE-2006-6557 (Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have ...)
	NOT-FOR-US: Skulls!
CVE-2006-6556 (The eyeHome function in apps/eyeHome.eyeapp/aplic.php in EyeOS before ...)
	NOT-FOR-US: EyeOS
CVE-2006-6555 (Multiple SQL injection vulnerabilities in EasyFill before 0.5.1 allow ...)
	NOT-FOR-US: EasyFill
CVE-2006-6554 (Unspecified vulnerability in Kerio MailServer before 6.3.1 allows ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-6553 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: NewsSuite 1.03 module for mxBB
CVE-2006-6552 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6551 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Tucows Client Code Suite (CCS)
CVE-2006-6550 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2006-6549 (** DISPUTED ** ...)
	NOT-FOR-US: Rad Upload
CVE-2006-6548 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
	NOT-FOR-US: cPanel WebHost Manager
CVE-2006-6547 (Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod ...)
	NOT-FOR-US: Winamp
CVE-2006-6546 (PHP remote file inclusion vulnerability in inc/shows.inc.php in ...)
	NOT-FOR-US: cutenews
CVE-2006-6545 (PHP remote file inclusion vulnerability in includes/common.php in the ...)
	NOT-FOR-US: ErrorDocs 1.0.0 and earlier module for mxBB
CVE-2006-6544 (Cross-site scripting (XSS) vulnerability in CM68 News allows remote ...)
	NOT-FOR-US: CM68 News
CVE-2006-6543 (Multiple SQL injection vulnerabilities in login.asp in AppIntellect ...)
	NOT-FOR-US: AppIntellect SpotLight CRM
CVE-2006-6542 (SQL injection vulnerability in news.php in Fantastic News 2.1.4 and ...)
	NOT-FOR-US: Fantastic News
CVE-2006-6541 (** DISPUTED ** ...)
	NOT-FOR-US: Animated Smiley Generator
CVE-2006-6540 (SQL injection vulnerability in bt-trackback.php in Bluetrait before ...)
	NOT-FOR-US: Bluetrait
CVE-2006-6539 (Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and ...)
	NOT-FOR-US: Winamp Web Interface
CVE-2006-6538 (D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) ...)
	NOT-FOR-US: D-LINK
CVE-2006-6537 (IBM WebSphere Host On-Demand 6.0, 7.0, 8.0, 9.0, and possibly 10, ...)
	NOT-FOR-US: IBM
CVE-2006-6536 (Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber ...)
	NOT-FOR-US: Cilem Haber Free Edition
CVE-2006-6535 (The dev_queue_xmit function in Linux kernel 2.6 can fail before ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before upload into the archive; 2.6.10)
CVE-2006-6534 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce ...)
	NOT-FOR-US: osCommerce
CVE-2006-6533 (Directory traversal vulnerability in admin/templates_boxes_layout.php ...)
	NOT-FOR-US: osCommerce
CVE-2006-6532 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6531 (Cross-site scripting (XSS) vulnerability in the Help Tip module before ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6530 (SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 ...)
	NOT-FOR-US: Help Tip module for Drupal
CVE-2006-6529 (The Chatroom Module before 4.7.x.-1.0 for Drupal displays private ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6528 (The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom ...)
	NOT-FOR-US: Chatroom Module for Drupal
CVE-2006-6527 (PHP remote file inclusion vulnerability in guest.php in Gizzar ...)
	NOT-FOR-US: Gizzar
CVE-2006-6526 (PHP remote file inclusion vulnerability in index.php in Gizzar ...)
	NOT-FOR-US: Gizzar
CVE-2006-6525 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6524 (SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 ...)
	NOT-FOR-US: EzHRS HR Assist
CVE-2006-6523 (Cross-site scripting (XSS) vulnerability in mail/manage.html in ...)
	NOT-FOR-US: BoxTrapper in cPanel
CVE-2006-6522 (Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale ...)
	NOT-FOR-US: WikiTimeScale TwoZero
CVE-2006-6521 (SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6520 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Messageriescripthp
CVE-2006-6519 (SQL injection vulnerability in lire-avis.php in ProNews 1.5 allows ...)
	NOT-FOR-US: ProNews
CVE-2006-6518 (Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 ...)
	NOT-FOR-US: ProNews
CVE-2006-6517 (Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6516 (Multiple PHP remote file inclusion vulnerabilities in KDPics 1.16 and ...)
	NOT-FOR-US: KDPics
CVE-2006-6515 (Mantis before 1.1.0a2 sets the default value of ...)
	- mantis 1.0.6+dfsg-1 (unimportant)
	NOTE: http://www.mantisbt.org/bugs/print_bug_page.php?bug_id=5163
	NOTE: Not a security bug, only a very annoying feature.
CVE-2006-6514 (Winamp Web Interface (Wawi) 7.5.13 and earlier uses an insufficient ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6513 (The CControl::Download function (/dl URI) in Winamp Web Interface ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6512 (Directory traversal vulnerability in the Browse function (/browse URI) ...)
	NOT-FOR-US: Winamp Web Interface (Wawi)
CVE-2006-6511 (dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive ...)
	NOT-FOR-US: dadaIMC
CVE-2006-6510 (An unspecified ActiveX control in SiteKiosk before 6.5.150 is ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6509 (Cross-site scripting (XSS) vulnerability in the skinning feature in ...)
	NOT-FOR-US: SiteKiosk
CVE-2006-6508 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows ...)
	{DSA-1488-1}
	NOTE: This is covered/duped by CVE-2006-6841
	- phpbb2 2.0.21-6
CVE-2006-6507 (Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass ...)
	NOTE: MFSA-2006-76
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner <not-affected> (maintainer reported)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6506 (The &quot;Feed Preview&quot; feature in Mozilla Firefox 2.0 before 2.0.0.1 sends ...)
	NOTE: MFSA-2006-75
	- iceweasel 2.0.0.1+dfsg-1 (low)
	- iceape <not-affected> (maintainer reported)
CVE-2006-6505 (Multiple heap-based buffer overflows in Mozilla Thunderbird before ...)
	{DSA-1265-1}
	NOTE: MFSA-2006-74
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
	- icedove 1.5.0.9.dfsg1-1 (high)
	- iceape 1.0.7-1 (high)
	- mozilla <removed>
CVE-2006-6504 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and ...)
	NOTE: MFSA-2006-73
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	NOTE: Flaw was introduced in Firefox 1.5.0.4
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6503 (Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-72
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (high)
	- icedove 1.5.0.9.dfsg1-1 (high)
CVE-2006-6502 (Use-after-free vulnerability in the LiveConnect bridge code for ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-71
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (unimportant)
	- icedove 1.5.0.9.dfsg1-1 (unimportant)
	NOTE: Not exploitable in standard Icedove configuration
CVE-2006-6501 (Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-70
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6500 (Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, ...)
	NOTE: MFSA-2006-69
	- iceweasel <not-affected> (windows only)
	- xulrunner <not-affected> (Windows only)
	- iceape <not-affected> (windows only)
	- firefox <not-affected> (windows only)
	- mozilla <not-affected> (windows only)
	- mozilla-firefox <not-affected> (windows only)
	- mozilla-thunderbird <not-affected> (windows only)
	- icedove <not-affected> (windows only)
CVE-2006-6499 (The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
	NOTE: Is it possible to reduce the floating point precision in Linux as a non-priv
	NOTE: user? I don't think so
CVE-2006-6498 (Multiple unspecified vulnerabilities in the JavaScript engine for ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (high)
	- xulrunner 1.8.0.9-1 (high)
	- iceape 1.0.7-1 (high)
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- mozilla <removed> (high)
	- mozilla-firefox <removed> (high)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6497 (Multiple unspecified vulnerabilities in the layout engine for Mozilla ...)
	{DSA-1265-1 DSA-1258-1 DSA-1253-1}
	NOTE: MFSA-2006-68
	- iceweasel 2.0.0.1+dfsg-1 (medium)
	- xulrunner 1.8.0.9-1 (medium)
	- iceape 1.0.7-1 (medium)
	- firefox 45.0-1 (medium)
	- firefox-esr 45.0esr-1 (medium)
	- mozilla <removed> (medium)
	- mozilla-firefox <removed> (medium)
	- mozilla-thunderbird <removed> (low)
	- icedove 1.5.0.9.dfsg1-1 (low)
CVE-2006-6496 (The (1) VetMONNT.sys and (2) VetFDDNT.sys drivers in CA Anti-Virus ...)
	NOT-FOR-US: CA Anti-Virus
CVE-2006-6495 (Stack-based buffer overflow in ld.so.1 in Sun Solaris 8, 9, and 10 ...)
	NOT-FOR-US: Solaris
CVE-2006-6494 (Directory traversal vulnerability in ld.so.1 in Sun Solaris 8, 9, and ...)
	NOT-FOR-US: Solaris
CVE-2006-6493 (Buffer overflow in the krbv4_ldap_auth function in ...)
	- openldap2.3 <not-affected> (kerberos support not enabled)
	- openldap2 <not-affected> (kerberos support not enabled)
CVE-2006-6492
	REJECTED
CVE-2006-6491
	REJECTED
CVE-2006-6490 (Multiple buffer overflows in the SupportSoft (1) SmartIssue ...)
	NOT-FOR-US: SupportSoft ActiveX
CVE-2006-6489 (The SISCO OSI stack, as used in SISCO MMS-EASE, ICCP Toolkit for ...)
	NOT-FOR-US: SISCO OSI stack
CVE-2006-6488 (Stack-based buffer overflow in the DoModal function in the Dialog Wrapper ...)
	NOT-FOR-US: ICONICS
CVE-2006-6487 (Cross-site scripting (XSS) vulnerability in index.php in DT Guestbook ...)
	NOT-FOR-US: DT Guestbook
CVE-2006-6486 (SQL injection vulnerability in EasyPage allows remote attackers to ...)
	NOT-FOR-US: EasyPage
CVE-2006-6485 (Multiple cross-site scripting (XSS) vulnerabilities in ShopSite 8.1 ...)
	NOT-FOR-US: ShopSite
CVE-2006-6484 (The IMAP service for MailEnable Professional and Enterprise Edition ...)
	NOT-FOR-US: MailEnable
CVE-2006-6483 (Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6482 (Adobe ColdFusion MX7 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ColdFusion
CVE-2006-6481 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (low; bug #401874)
CVE-2006-6480 (admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6479 (Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6478 (Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow ...)
	NOT-FOR-US: AnnonceScriptHP
CVE-2006-6477 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6476 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6475 (FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in ...)
	NOT-FOR-US: Mandiant First Response (MFR)
CVE-2006-6474 (Untrusted search path vulnerability in McAfee VirusScan for Linux ...)
	NOT-FOR-US: McAfee
CVE-2006-6473 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6472 (The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6471 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6470 (The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6469 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6468 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6467 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-6466 (Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6465 (** DISPUTED ** ...)
	NOT-FOR-US: WikyBlog
CVE-2006-6464 (viewcart in Midicart accepts negative numbers in the Qty (quantity) ...)
	NOT-FOR-US: Midicart
CVE-2006-6463 (Unrestricted file upload vulnerability in admin/add.php in Midicart ...)
	NOT-FOR-US: Midicart
CVE-2006-6462 (PHP remote file inclusion vulnerability in engine/oldnews.inc.php in ...)
	NOT-FOR-US: CM68 News
CVE-2006-6461 (tr1.php in Yourfreeworld Stylish Text Ads Script allows remote ...)
	NOT-FOR-US: Yourfreeworld Stylish Text Ads Script
CVE-2006-6460 (Yourfreeworld.com Short Url &amp; Url Tracker Script allows remote ...)
	NOT-FOR-US: Yourfreeworld.com Short Url Script
CVE-2006-6459 (Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB ...)
	NOT-FOR-US: Toplist for phpBB
CVE-2006-6458 (The Trend Micro scan engine before 8.320 for Windows and before 8.150 ...)
	NOT-FOR-US: Trend Micro (Windows)
CVE-2006-6457 (tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other ...)
	- tikiwiki <removed> (bug #404472)
	NOTE: Might be a mis-report, check with upstream
CVE-2006-6456 (Unspecified vulnerability in Microsoft Word 2000, 2002, and 2003 and ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-6455 (Multiple SQL injection vulnerabilities in admin/default.asp in DUware ...)
	NOT-FOR-US: DUware
CVE-2006-6454 (execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6453 (PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in ...)
	NOT-FOR-US: J-OWAMP Web Interface
CVE-2006-6452 (Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles ...)
	NOT-FOR-US: RunCMS
CVE-2006-6451 (Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk ...)
	NOT-FOR-US: Plesk
CVE-2006-6450 (Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in ...)
	NOT-FOR-US: Novell ZENworks Patch Management
CVE-2006-6449 (Vt-Forum Lite 1.3 and earlier store sensitive information under the ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6448 (Multiple SQL injection vulnerabilities in Vt-Forum Lite 1.3 and ...)
	NOT-FOR-US: Vt-Forum
CVE-2006-6447 (Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite ...)
	NOT-FOR-US: Vt-Forum Lite
CVE-2006-6446 (SQL injection vulnerability in index.php in iWare Professional 5.0.4, ...)
	NOT-FOR-US: iWare Professional
CVE-2006-6445 (Directory traversal vulnerability in error.php in Envolution 1.1.0 and ...)
	NOT-FOR-US: Envolution
CVE-2006-6444 (Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and ...)
	NOT-FOR-US: Nostra DivX Player
CVE-2006-6443 (Buffer overflow in the Novell Distributed Print Services (NDPS) Print ...)
	NOT-FOR-US: Novell Distributed Print Services
CVE-2006-6442 (Stack-based buffer overflow in the SetClientInfo function in the ...)
	NOT-FOR-US: America Online
CVE-2006-6441 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6440 (Multiple unspecified vulnerabilities in Xerox WorkCentre and ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6439 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6438 (Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6437 (ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6436 (Cross-site scripting (XSS) vulnerability in the Network controller in ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6435 (The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6434 (Unspecified vulnerability in the Web User Interface in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6433 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6432 (Unspecified vulnerability in the Scan-to-mailbox feature in Xerox ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6431 (Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6430 (Web services in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6429 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6428 (Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6427 (The Web User Interface in Xerox WorkCentre and WorkCentre Pro before ...)
	NOT-FOR-US: Xerox WorkCentre and WorkCentre Pro
CVE-2006-6426 (PHP remote file inclusion vulnerability in design/thinkedit/render.php ...)
	NOT-FOR-US: ThinkEdit
CVE-2006-6425 (Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6424 (Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow ...)
	NOT-FOR-US: Novell NetMail
CVE-2006-6423 (Stack-based buffer overflow in the IMAP service for MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2006-6422 (Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle ...)
	NOT-FOR-US: AgileBill AgileVoice
CVE-2006-6421 (Cross-site scripting (XSS) vulnerability in the private message box ...)
	- phpbb2 2.0.21-6 (medium)
	[sarge] - phpbb2 <not-affected>
CVE-2006-6420 (Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6419 (jce.php in the JCE Admin Component in Ryan Demmer Joomla Content ...)
	NOT-FOR-US: Joomla Content Editor (JCE)
CVE-2006-6418 (Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2006-6417 (PHP remote file inclusion vulnerability in ...)
	- b2evolution <not-affected> (vulnerable code added later)
CVE-2006-6416 (Multiple PHP remote file inclusion vulnerabilities in PhpLeague - ...)
	NOT-FOR-US: PhpLeague
CVE-2006-6415 (** DISPUTED ** ...)
	NOT-FOR-US: phpAdsNew
CVE-2006-6414 (Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye ...)
	NOT-FOR-US: dol storye
CVE-2006-6413 (Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and ...)
	NOT-FOR-US: Amateras sns
CVE-2006-6412
	RESERVED
CVE-2006-6411 (PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows ...)
	NOT-FOR-US: Linksys
CVE-2006-6410 (Buffer overflow in an ActiveX control in VMWare 5.5.1 allows local ...)
	NOT-FOR-US: VMWare
CVE-2006-6409 (F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to ...)
	NOT-FOR-US: F-Secure
CVE-2006-6408 (Kaspersky Anti-Virus for Linux Mail Servers 5.5.10 allows remote ...)
	NOT-FOR-US: Kaspersky
CVE-2006-6407 (F-Prot Antivirus for Linux x86 Mail Servers 4.6.6 allows remote ...)
	NOT-FOR-US: F-Prot
CVE-2006-6406 (Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...)
	{DSA-1238-1}
	- clamav 0.88.7-1 (medium; bug #401873)
CVE-2006-6405 (BitDefender Mail Protection for SMB 2.0 allows remote attackers to ...)
	NOT-FOR-US: BitDefender
CVE-2006-6404 (INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows ...)
	NOT-FOR-US: Innovation Data Processing's FDR Backup
CVE-2006-6403 (mystats.php in MyStats 1.0.8 and earlier allows remote attackers to ...)
	NOT-FOR-US: MyStats
CVE-2006-6402 (SQL injection vulnerability in mystats.php in MyStats 1.0.8 and ...)
	NOT-FOR-US: MyStats
CVE-2006-6401 (Multiple cross-site scripting (XSS) vulnerabilities in mystats.php in ...)
	NOT-FOR-US: MyStats
CVE-2006-6400 (Buffer overflow in JustSystems Hanako 2004 through 2006, Hanako viewer ...)
	NOT-FOR-US: JustSystems
CVE-2006-6399 (SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6398 (Multiple SQL injection vulnerabilities in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-6397 (** DISPUTED ** ...)
	NOTE: not a vuln
CVE-2006-6396 (Stack-based buffer overflow in BlazeVideo HDTV Player 2.1, and ...)
	NOT-FOR-US: BlazeVideo HDTV Player
CVE-2006-6395 (Multiple memory leaks in Ulrik Petersen Emdros Database Engine before ...)
	NOT-FOR-US: Ulrik Petersen Emdros Database Engine
CVE-2006-6394 (SQL injection vulnerability in certain database classes in Jonas ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6393 (Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera ...)
	NOT-FOR-US: Jonas Gauffin Publicera
CVE-2006-6392 (Directory traversal vulnerability in index.php in plx Web Studio (aka ...)
	NOT-FOR-US: plxWebDev
CVE-2006-6391 (Multiple directory traversal vulnerabilities in Open Solution ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6390 (Multiple directory traversal vulnerabilities in Open Solution ...)
	NOT-FOR-US: Open Solution Quick.Cart
CVE-2006-6389 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
	NOT-FOR-US: ac4p Mobile
CVE-2006-6388 (Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6387 (Multiple SQL injection vulnerabilities in LINK Content Management ...)
	NOT-FOR-US: LINK Content Management Server
CVE-2006-6386 (Cross-site scripting (XSS) vulnerability in the CVS management/tracker ...)
	NOT-FOR-US: CVS management/tracker (drupal plugin)
CVE-2006-6384 (Absolute path traversal vulnerability in abitwhizzy.php before ...)
	NOT-FOR-US: abitwhizzy.php
CVE-2006-6383 (PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and ...)
	- php5 <removed> (unimportant)
	- php4 <removed> (unimportant)
	NOTE: safe-mode and basedir violations not treated as security issues
CVE-2006-6382 (The control panel for Positive Software H-Sphere before 2.5.0 RC3 ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-6381 (Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6380 (Cross-site scripting (XSS) vulnerability in index.asp in Ultimate ...)
	NOT-FOR-US: Ultimate HelpDesk
CVE-2006-6379 (Buffer overflow in the BrightStor Backup Discovery Service in multiple ...)
	NOT-FOR-US: BrightStor Backup Discovery Service
CVE-2006-6378 (BTSaveMySql 1.2 stores sensitive data under the web root with ...)
	NOT-FOR-US: BTSaveMySql
CVE-2006-6377 (Uploadscript 1.2 and earlier stores sensitive data under the web root ...)
	NOT-FOR-US: Uploadscript
CVE-2006-6376 (Multiple directory traversal vulnerabilities in fm.php in Simple File ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-6375 (Cross-site scripting (XSS) vulnerability in display.php in Simple ...)
	NOT-FOR-US: Simple machines Forum
CVE-2006-6374 (Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow ...)
	- phpmyadmin <not-affected> (low; bug #404744)
	[sarge] - phpmyadmin <not-affected> (doesn't use sessions at all)
	[etch] - phpmyadmin <not-affected> (not exploitable with Etch's php versions)
	NOTE: not exploitable with PHP 5.1.2+ and 4.4.2+
CVE-2006-6373 (PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive ...)
	- phpmyadmin <unfixed> (unimportant)
	NOTE: path is known in Debian anyway
CVE-2006-6372 (Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6371 (Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB ...)
	NOT-FOR-US: JAB Guest Book
CVE-2006-6370 (SQL injection vulnerability in forum/modules/gallery/post.php in ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-6369 (SQL injection vulnerability in lib/entry_reply_entry.php in Invision ...)
	NOT-FOR-US: Invision Community Blog Mod
CVE-2000-1242 (The HTTP service in American Power Conversion (APC) PowerChute uses a ...)
	NOT-FOR-US: APC PowerChute
CVE-2006-6385 (Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and ...)
	NOT-FOR-US: Affects only Windows despite other claims
CVE-2006-6368 (PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 ...)
	NOT-FOR-US: awrate
CVE-2006-6367 (Multiple SQL injection vulnerabilities in detail.asp in DUware ...)
	NOT-FOR-US: Duware
CVE-2006-6366 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-6365 (SQL injection vulnerability in detail.asp in DUware DUpaypal 3.1, and ...)
	NOT-FOR-US: Duware
CVE-2006-6364 (Cross-site scripting (XSS) vulnerability in error.php in Inside ...)
	NOT-FOR-US: Inside Systems Mail (ISMail)
CVE-2006-6363 (Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket ...)
	NOT-FOR-US: BlueSocket Secure Controller
CVE-2006-6362
	REJECTED
CVE-2006-6361 (Heap-based buffer overflow in the uploadprogress_php_rfc1867_file ...)
	NOT-FOR-US: Bitflux Upload Progress Mete
CVE-2006-6360 (PHP remote file inclusion vulnerability in activate.php in PHP Upload ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-6359 (Cross-site scripting (XSS) vulnerability in Stefan Frech ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6358 (SQL injection vulnerability in the login function in auth.inc in ...)
	NOT-FOR-US: Stefan Frech online-bookmarks
CVE-2006-6357 (Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in ...)
	NOT-FOR-US: PHPNews
CVE-2006-6356 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHPNews
CVE-2006-6355 (SQL injection vulnerability in default.asp in DuWare DuClassmate ...)
	NOT-FOR-US: DuWare
CVE-2006-6354 (Multiple SQL injection vulnerabilities in detail.asp in DuWare DuNews ...)
	NOT-FOR-US: DuWare
CVE-2006-6353 (Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6352 (FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6351 (KhaledMuratList stores sensitive data under the web root with ...)
	NOT-FOR-US: KhaledMuratList
CVE-2006-6350 (listpics 5 stores sensitive data under the web root with insufficient ...)
	NOT-FOR-US: listpics 5
CVE-2006-6349 (Multiple SQL injection vulnerabilities in PWP Technologies The ...)
	NOT-FOR-US: PWP Technologies The Classified Ad System
CVE-2006-6348 (Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 ...)
	NOT-FOR-US: mowdBB
CVE-2006-6347 (Unrestricted file upload vulnerability in TFT-Gallery allows remote ...)
	NOT-FOR-US: TFT-Gallery
CVE-2006-6346 (Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-6345 (Directory traversal vulnerability in SAP Internet Graphics Service ...)
	NOT-FOR-US: SAP
CVE-2006-6344 (Multiple unspecified vulnerabilities in Neocrome Seditio 1.10 and ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6343 (SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6342 (Multiple SQL injection vulnerabilities in KLF-DESIGN (aka Kim L. ...)
	NOT-FOR-US: KLF-DESIGN
CVE-2006-6341 (Multiple PHP remote file inclusion vulnerabilities in mg.applanix ...)
	NOT-FOR-US: mg.applanix
CVE-2006-6340 (keystone.exe in nVIDIA nView allows attackers to cause a denial of ...)
	NOT-FOR-US: nVIDIA nView
CVE-2006-6339 (SQL injection vulnerability in sites/index.php in deV!L`z Clanportal ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6338 (Unrestricted file upload vulnerability in upload/index.php in deV!L`z ...)
	NOT-FOR-US: deV!L`z Clanportal
CVE-2006-6337 (Multiple SQL injection vulnerabilities in giris.asp in Aspee and ...)
	NOT-FOR-US: Aspee Ziyaretci Defteri
CVE-2006-6336 (Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) ...)
	NOT-FOR-US: Eudora WorldMail
CVE-2006-6335 (Multiple buffer overflows in Sophos Anti-Virus scanning engine before ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2006-6334 (Heap-based buffer overflow in the SendChannelData function in wfica.ocx in ...)
	NOT-FOR-US: Citrix Presentation Server Client
CVE-2006-6333 (The tr_rx function in ibmtr.c for Linux kernel 2.6.19 assigns the ...)
	- linux-2.6 2.6.20-1
	[etch] - linux-2.6 <not-affected> (Only affects 2.6.19, introduced after 2.6.18)
CVE-2006-6332 (Stack-based buffer overflow in net80211/ieee80211_wireless.c in ...)
	- madwifi 1:0.9.2+r1842.20061207-2 (high; bug #402836; bug #402111)
	[etch] - madwifi <no-dsa> (Non-free not supported)
CVE-2006-6331 (metaInfo.php in TorrentFlux 2.2, when $cfg[&quot;enable_file_priority&quot;] is ...)
	- torrentflux 2.1-7 (bug #400582; medium)
CVE-2006-6330 (index.php for TorrentFlux 2.2 allows remote registered users to ...)
	- torrentflux 2.1-6 (bug #399169; medium)
CVE-2006-6329 (index.php for TorrentFlux 2.2 allows remote attackers to delete files ...)
	- torrentflux 2.1-6 (bug #399169)
CVE-2006-6328 (Directory traversal vulnerability in index.php for TorrentFlux 2.2 ...)
	- torrentflux 2.1-5 (bug #395930; medium)
	NOTE: duplicate of CVE-2006-5609
CVE-2006-6327
	RESERVED
CVE-2006-6326
	RESERVED
CVE-2006-6325
	RESERVED
CVE-2006-6324
	RESERVED
CVE-2006-6323
	RESERVED
CVE-2006-6322
	RESERVED
CVE-2006-6321
	RESERVED
CVE-2006-6320
	RESERVED
CVE-2006-6319
	RESERVED
CVE-2006-6318 (The show_elog_list function in elogd.c in elog 2.6.2 and earlier ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1
CVE-2006-6317
	RESERVED
CVE-2006-6316
	RESERVED
CVE-2006-6315
	RESERVED
CVE-2006-6314
	RESERVED
CVE-2006-6313
	RESERVED
CVE-2006-6312
	RESERVED
CVE-2006-6311 (Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-6310 (Microsoft Internet Explorer 6.0 SP1 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-6309 (Multiple array index errors in IBM Tivoli Storage Manager (TSM) before ...)
	NOT-FOR-US: Tivoli
CVE-2006-6308 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec LiveState
CVE-2006-6307 (srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6306 (Format string vulnerability in Novell Modular Authentication Services ...)
	NOT-FOR-US: Novell Netware
CVE-2006-6305 (Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when ...)
	- net-snmp <not-affected> (Only affects version 5.3.0)
CVE-2006-6304 (The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets ...)
	- linux-2.6 <not-affected> (Only affects plain 2.6.19)
CVE-2006-6303 (The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not ...)
	NOTE: http://www.ruby-lang.org/en/news/2006/12/04/another-dos-vulnerability-in-cgi-library/
	- ruby1.8 1.8.5-4 (low)
CVE-2006-6300 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2006-6299 (Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management ...)
	NOT-FOR-US: Novell ZENworks
CVE-2006-6298 (SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul ...)
	NOT-FOR-US: Metyus Okul Yonetim Sistemi
CVE-2006-6297 (Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin ...)
	- kdegraphics <unfixed> (unimportant)
	NOTE: Generic bug, treating it as a security problem is quite a stretch
CVE-2006-6296 (The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) ...)
	NOT-FOR-US: Microsoft
CVE-2006-6295 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
	NOT-FOR-US: MxBB Portal
CVE-2006-6294 (Multiple unspecified vulnerabilities in FRISK Software F-Prot ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6293 (Heap-based buffer overflow in FRISK Software F-Prot Antivirus before ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2006-6292 (Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, ...)
	NOT-FOR-US: Apple Airport
CVE-2006-6291 (Stack overflow in the IMAP module (MEIMAPS.EXE) in MailEnable ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-6290 (Multiple stack-based buffer overflows in the IMAP module (MEIMAPS.EXE) ...)
	NOT-FOR-US: MailEnable
CVE-2006-6289 (Woltlab Burning Board (wBB) Lite 1.0.2 does not properly unset ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-6288 (Multiple buffer overflows in Niek Albers CoolPlayer 216 and earlier ...)
	NOT-FOR-US: Niek Albers CoolPlayer
CVE-2006-6287 (Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote ...)
	NOT-FOR-US: AtomixMP3
CVE-2006-6286 (Palm Desktop 4.1.4 and earlier stores user data with weak permissions ...)
	NOT-FOR-US: Palm Desktop
CVE-2006-6285 (** DISPUTED ** ...)
	NOT-FOR-US: Kai Blankenhorn Bitfolge
CVE-2006-6284 (Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6283 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6282 (members.php in Vikingboard 0.1.2 allows remote attackers to trigger a ...)
	NOT-FOR-US: Vikingboard
CVE-2006-6281 (PHP remote file inclusion vulnerability in check_status.php in ...)
	NOT-FOR-US: dicshunary
CVE-2006-6280 (SQL injection vulnerability in viewthread.php in Oxygen (O2PHP ...)
	NOT-FOR-US: Oxygen (O2PHP Bulletin Board)
CVE-2006-6279 (index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6278 (Cross-site scripting (XSS) vulnerability in index.php in @lex ...)
	NOT-FOR-US: @lex Guestbook
CVE-2006-6277 (Directory traversal vulnerability in admin/FileServer.php in ...)
	NOT-FOR-US: ContentServ
CVE-2006-6276 (HTTP request smuggling vulnerability in Sun Java System Proxy Server ...)
	NOT-FOR-US: Sun Java System Proxy Server
CVE-2006-6275 (Race condition in the kernel in Sun Solaris 8 through 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-6274 (SQL injection vulnerability in articles.asp in Expinion.net iNews (1) ...)
	NOT-FOR-US: Expinion.net iNews
CVE-2006-6302 (fail2ban 0.7.4 and earlier does not properly parse sshd log files, ...)
	- fail2ban <not-affected> (looks fixed in 0.6, see #401793)
CVE-2006-6301 (DenyHosts 2.5 does not properly parse sshd log files, which allows ...)
	- denyhosts 2.6-1 (medium; bug #401795)
CVE-2006-6273 (sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6272 (Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP ...)
	NOT-FOR-US: Simple PHP Gallery
CVE-2006-6271 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 ...)
	NOT-FOR-US: PHPOLL
CVE-2006-6270 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
	NOT-FOR-US: ASPMForum
CVE-2006-6269 (Multiple SQL injection vulnerabilities in Infinitytechs Restaurants CM ...)
	NOT-FOR-US: Infinitytechs Restaurants CM
CVE-2006-6268 (SQL injection vulnerability in system/core/profile/profile.inc.php in ...)
	NOT-FOR-US: Neocrome Land Down Under
CVE-2006-6267 (PostNuke 0.7.5.0, and certain minor versions, allows remote attackers ...)
	NOT-FOR-US: PostNuke
CVE-2006-6266 (Teredo clients, when following item 6 of RFC4380 section 5.2.3, start ...)
	NOTE: It seems that no significant packet amplification takes place.
	NOTE: Probably harmless.
CVE-2006-6265 (Teredo clients, when located behind a restricted NAT, allow remote ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6264 (Teredo creates trusted peer entries for arbitrary incoming source ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6263 (Teredo clients, when source routing is enabled, recognize a Routing ...)
	NOTE: Potential firewall bypass is inherent to tunneling software.
	NOTE: Not a bug.
CVE-2006-6262 (Directory traversal vulnerability in mboard.php in PHPJunkYard (aka ...)
	NOT-FOR-US: PHPJunkYard MBoard
CVE-2006-6261 (Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows ...)
	NOT-FOR-US: Quintessential Player
CVE-2006-6260 (SQL injection vulnerability in login.asp in Redbinaria Sistema ...)
	NOT-FOR-US: Redbinaria Sistema Integrado de Administracion de Portales (SIAP)
CVE-2006-6259 (Multiple directory traversal vulnerabilities in (a) ...)
	NOT-FOR-US: AlternC
CVE-2006-6258 (The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the ...)
	NOT-FOR-US: AlternC
CVE-2006-6257 (The file manager in AlternC 0.9.5 and earlier, when warnings are ...)
	NOT-FOR-US: AlternC
CVE-2006-6256 (Cross-site scripting (XSS) vulnerability in the file manager in ...)
	NOT-FOR-US: AlternC
CVE-2006-6255 (Direct static code injection vulnerability in util.php in the NukeAI ...)
	NOT-FOR-US: NukeAI
CVE-2006-6254 (administration/telecharger.php in Cahier de texte 2.0 allows remote ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6253 (Cahier de texte 2.0 stores sensitive information under the web root, ...)
	NOT-FOR-US: Cahier de texte
CVE-2006-6252 (Microsoft Windows Live Messenger 8.0 and earlier, when gestual ...)
	NOT-FOR-US: Microsoft Windows Live Messenger
CVE-2006-6251 (Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote ...)
	NOT-FOR-US: VUPlayer
CVE-2006-6250 (Format string vulnerability in Songbird Media Player 0.2 and earlier ...)
	NOT-FOR-US: Songbird Media Player
CVE-2006-6249 (Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and ...)
	NOT-FOR-US: Chama Cargo
CVE-2006-6248 (index.php in GPhotos 1.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: GPhotos
CVE-2006-6247 (Multiple SQL injection vulnerabilities in Uapplication UPhotoGallery ...)
	NOT-FOR-US: UPhotoGallery
CVE-2006-6246 (Photo Organizer 2.32b and earlier does not properly check the ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6245 (Multiple SQL injection vulnerabilities in Photo Organizer (PO) 2.32b ...)
	NOT-FOR-US: Photo Organizer
CVE-2006-6244 (Coalescent Systems freePBX (formerly Asterisk Management Portal) ...)
	NOT-FOR-US: Coalescent Systems freePBX
CVE-2006-6243 (Multiple SQL injection vulnerabilities in index.asp in FipsSHOP allow ...)
	NOT-FOR-US: FipsSHOP
CVE-2006-6242 (Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and ...)
	- serendipity 1.0.4-1 (unimportant; bug #401614)
	NOTE: Only exploitable with register_globals
CVE-2006-6241 (Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6240 (Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 ...)
	NOT-FOR-US: Sorin Chitu Telnet-FTP Server
CVE-2006-6239 (webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise ...)
	NOT-FOR-US: MailEnable NetWebAdmin
CVE-2006-6238 (The AutoFill feature in Apple Safari 2.0.4 does not properly verify ...)
	NOT-FOR-US: Apple Safari
CVE-2006-6237 (SQL injection vulnerability in the decode_cookie function in ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2006-6236 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
	NOT-FOR-US: Acrobat Reader
CVE-2006-6235 (A &quot;stack overwrite&quot; vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x ...)
	{DSA-1231-1}
	- gnupg 1.4.6-1 (high; bug #401894; bug #401898; bug #401914)
	- gnupg2 2.0.0-5.2 (high; bug #401895; bug #401913)
CVE-2006-6234 (Multiple SQL injection vulnerabilities in the Content module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6233 (SQL injection vulnerability in the Downloads module for unknown ...)
	NOT-FOR-US: PostNuke
CVE-2006-6232 (PHP remote file inclusion vulnerability in admin/index.php in ...)
	NOT-FOR-US: DreamAccount
CVE-2006-6231 (vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: VuBB
CVE-2006-6230 (SQL injection vulnerability in vuBB 0.2.1 and earlier allows remote ...)
	NOT-FOR-US: VuBB
CVE-2006-6229 (Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6228 (Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2006-6227 (The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6226 (Multiple format string vulnerabilities in NeoEngine 0.8.2 and earlier, ...)
	NOT-FOR-US: NeoEngine
CVE-2006-6225 (Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 ...)
	NOT-FOR-US: GeekLog
CVE-2006-6224 (PHP remote file inclusion vulnerability in the installation scripts in ...)
	NOT-FOR-US: Puntal
CVE-2006-6223 (Cross-site scripting (XSS) vulnerability in Google Search Appliance ...)
	NOT-FOR-US: Google Search Appliance
CVE-2006-6222 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-6221 (2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote ...)
	NOT-FOR-US: 2X ThinClientServer Enterprise Edition
CVE-2006-6220 (Multiple SQL injection vulnerabilities in Recipes Website (Recipes ...)
	NOT-FOR-US: Recipes Complete Website
CVE-2006-6219 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6218 (Multiple SQL injection vulnerabilities in index.php in dev4u CMS allow ...)
	NOT-FOR-US: dev4u CMS
CVE-2006-6217 (PHP remote file inclusion vulnerability in formdisp.php in the Mermaid ...)
	NOT-FOR-US: Mermaid module for PHP-NUKE
CVE-2006-6216 (SQL injection vulnerability in admin_hacks_list.php in the Nivisec ...)
	NOT-FOR-US: Nivisec Hacks List
CVE-2006-6215 (Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6214 (SQL injection vulnerability in wallpaper.php in Wallpaper Website ...)
	NOT-FOR-US: Wallpaper Complete Website
CVE-2006-6213 (index.php in PEGames uses the extract function to overwrite critical ...)
	NOT-FOR-US: PEGames
CVE-2006-6212 (PHP remote file inclusion vulnerability in centre.php in Site News ...)
	NOT-FOR-US: Site News
CVE-2006-6211 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 ...)
	NOT-FOR-US: BirdBlog
CVE-2006-6210 (SQL injection vulnerability in listpics.asp in ASP ListPics 5.0 allows ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-6209 (Multiple SQL injection vulnerabilities in MidiCart ASP Shopping Cart ...)
	NOT-FOR-US: MidiCart ASP Shopping Cart
CVE-2006-6208 (Multiple SQL injection vulnerabilities in Enthrallweb eClassifieds ...)
	NOT-FOR-US: Enthreallweb eClassifieds
CVE-2006-6207 (** DISPUTED ** ...)
	NOT-FOR-US: Evolve Merchant
CVE-2006-6206 (SQL injection vulnerability in item.asp in WarHound General Shopping ...)
	NOT-FOR-US: WarHound General Shopping Cart
CVE-2006-6205 (Multiple cross-site scripting (XSS) vulnerabilities in result.asp in ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6204 (Multiple SQL injection vulnerabilities in Enthrallweb eHomes allow ...)
	NOT-FOR-US: Enthrallweb eHomes
CVE-2006-6203 (Directory traversal vulnerability in startdown.php in the Flyspray ME ...)
	NOT-FOR-US: Flyspray componenten for Mamba, this appears to be different from the Flyspray bug tracker
CVE-2006-6202 (PHP remote file inclusion vulnerability in modules/NukeAI/util.php in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6201 (Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by ...)
	NOT-FOR-US: Borland idsql32.dll
CVE-2006-6200 (Multiple SQL injection vulnerabilities in the (1) rate_article and (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-6199 (Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and ...)
	NOT-FOR-US: BlazeVideo BlazeDVD
CVE-2006-6198 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost ...)
	NOT-FOR-US: cPanel
CVE-2006-6197 (Multiple cross-site scripting (XSS) vulnerabilities in b2evolution ...)
	- b2evolution <not-affected> (0.9 releases not vulnerable)
CVE-2006-6196 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6195 (Multiple SQL injection vulnerabilities in Fixit iDMS Pro Image Gallery ...)
	NOT-FOR-US: Fixit iDMS Pro Image Gallery
CVE-2006-6194 (Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey ...)
	NOT-FOR-US: Ultimate Survey Pro
CVE-2006-6193 (SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier ...)
	NOT-FOR-US: BasicForum
CVE-2006-6192 (Unspecified scripts in the admin directory in 8pixel.net SimpleBlog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6191 (SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog ...)
	NOT-FOR-US: 8pixel.net SimpleBlog
CVE-2006-6190 (SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 ...)
	NOT-FOR-US: Anna^ IRC Bot
CVE-2006-6189 (SQL injection vulnerability in displayCalendar.asp in ClickTech Click ...)
	NOT-FOR-US: ClickTech Click Blog
CVE-2006-6188 (Cross-site scripting (XSS) vulnerability in view_search.asp in ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6187 (Multiple SQL injection vulnerabilities in ClickTech Click Gallery ...)
	NOT-FOR-US: ClickTech Click Gallery
CVE-2006-6186 (Multiple directory traversal vulnerabilities in enomphp 4.0 allow ...)
	NOT-FOR-US: enomphp
CVE-2006-6185 (Directory traversal vulnerability in script.php in Wabbit PHP Gallery ...)
	NOT-FOR-US: Wabbit PHP Gallery
CVE-2006-6184 (Multiple stack-based buffer overflows in Allied Telesyn TFTP Server ...)
	NOT-FOR-US: Allied Telesyn TFTP Server
CVE-2006-6183 (Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and ...)
	NOT-FOR-US: 3Com 3CTftpSvc
CVE-2006-6182 (The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop ...)
	NOT-FOR-US: Gabriele Teotino GNotebook
CVE-2006-6181 (Multiple SQL injection vulnerabilities in default.asp in ClickTech ...)
	NOT-FOR-US: ClickTech ClickContact
CVE-2006-6180 (Cross-site scripting (XSS) vulnerability in articles.asp in ...)
	NOT-FOR-US: iNews Publisher
CVE-2006-6179 (Buffer overflow in ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-6178 (Buffer overflow in PCCSRV\Web_console\RemoteInstallCGI\Wizard.exe for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-1999-1590 (Directory traversal vulnerability in Muhammad A. Muquit wwwcount ...)
	NOT-FOR-US: Muhammad A. Muquit wwwcoun
CVE-2006-XXXX [libxslt segfault / DoS]
	- libxslt 1.1.19-1 (low)
	[sarge] - libxslt <not-affected> (vulnerability added later)
CVE-2006-6177 (SQL injection vulnerability in system/core/users/users.profile.inc.php ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-6176 (Cross-site scripting (XSS) vulnerability in admin.php in Blogn before ...)
	NOT-FOR-US: Blogn
CVE-2006-6175 (Directory traversal vulnerability in lib/FBView.php in Horde Kronolith ...)
	- kronolith2 2.1.4-1 (bug #400899; bug #401061)
	- kronolith <not-affected> (Vulnerable code not present)
CVE-2006-6174 (Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and ...)
	- tdiary 2.0.2+20060303-4.1 (bug #400447; bug #400650)
CVE-2006-6173 (Buffer overflow in the shared_region_make_private_np function in ...)
	NOT-FOR-US: Mac OS X
CVE-2006-6172 (Buffer overflow in the asmrp_eval function in the RealMedia RTSP ...)
	{DSA-1244-1}
	- xine-lib 1.1.2+dfsg-2 (medium; bug #401740)
	- mplayer 1.0~rc1-11 (medium)
CVE-2006-6171 (** DISPUTED ** ...)
	{DSA-1218}
	- proftpd-dfsg 1.3.0-13 (low; bug #399070)
CVE-2006-6170 (Buffer overflow in the tls_x509_name_oneline function in the mod_tls ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-16 (medium; bug #400793)
CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...)
	NOT-FOR-US: Norton
CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...)
	NOT-FOR-US: ZoneAlarm
CVE-2006-6168 (tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6167 (** DISPUTED ** ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2006-6166 (Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin ...)
	NOT-FOR-US: Joomla Content Editor (JCE) for Joomla!
CVE-2006-6165 (** DISPUTED ** ...)
	NOTE: non-issue
CVE-2006-6164 (The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 ...)
	NOT-FOR-US: OpenBSD
CVE-2006-6163 (Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6162 (Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php ...)
	- tikiwiki 1.9.7+dfsg-1 (low)
CVE-2006-6161 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6160 (SQL injection vulnerability in details.asp in Doug Luxem Liberum Help ...)
	NOT-FOR-US: Doug Luxem Liberum Help Desk
CVE-2006-6159 (Multiple cross-site scripting (XSS) vulnerabilities in newticket.php ...)
	NOT-FOR-US: DeskPRO
CVE-2006-6158 (Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help ...)
	NOT-FOR-US: PMOS Help Desk
CVE-2006-6157 (SQL injection vulnerability in index.php in ContentNow 1.39 and ...)
	NOT-FOR-US: ContentNow
CVE-2006-6156 (Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6155 (Multiple SQL injection vulnerabilities in addrating.php in HIOX Star ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6154 (PHP remote file inclusion vulnerability in addcode.php in HIOX Star ...)
	NOT-FOR-US: HIOX Star Rating System Script (HSRS)
CVE-2006-6153 (Multiple cross-site scripting (XSS) vulnerabilities in vSpin.net ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6152 (Multiple SQL injection vulnerabilities in vSpin.net Classified System ...)
	NOT-FOR-US: vSpin.net
CVE-2006-6151 (PHP remote file inclusion vulnerability in centre.php in Messagerie ...)
	NOT-FOR-US: Messagerie Locale
CVE-2006-6150 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OWLLib
CVE-2006-6149 (SQL injection vulnerability in index.asp in JiRos FAQ Manager 1.0 ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6148 (Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp ...)
	NOT-FOR-US: JiRos FAQ Manager
CVE-2006-6147 (Multiple SQL injection vulnerabilities in JiRos Links Manager allow ...)
	NOT-FOR-US: JiRos Links Manager
CVE-2006-6146 (Buffer overflow in the HPDF_Page_Circle function in ...)
	NOT-FOR-US: libharu
CVE-2006-6145 (CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in ...)
	NOT-FOR-US: CRYPTOCard
CVE-2006-6144 (The &quot;mechglue&quot; abstraction interface of the GSS-API library for ...)
	- krb5 <not-affected> (Only 1.5 onwards are vulnerable)
CVE-2006-6143 (The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through ...)
	- krb5 1.4.4-6 (high)
	[sarge] - krb5 <not-affected>
CVE-2006-6142 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-1241-1}
	- squirrelmail 2:1.4.9a-1
CVE-2006-6141 (Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a ...)
	NOT-FOR-US: Tftpd32
CVE-2006-6140 (PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6139 (Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6138 (Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6137 (Multiple PHP remote file inclusion vulnerabilities in Sisfo Kampus 0.8 ...)
	NOT-FOR-US: Sisfo Kampus
CVE-2006-6136 (IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6135 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-6134 (Heap-based buffer overflow in the WMCheckURLScheme function in ...)
	NOT-FOR-US: Windows Media
CVE-2006-6133 (Stack-based buffer overflow in Visual Studio Crystal Reports for ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2006-6132 (Multiple SQL injection vulnerabilities in Link Exchange Lite allow ...)
	NOT-FOR-US: Link Exchange Lite
CVE-2006-6131 (Untrusted search path vulnerability in (1) WSAdminServer and (2) ...)
	NOT-FOR-US: Kerio WebSTAR
CVE-2006-6130 (Apple Mac OS X AppleTalk allows local users to cause a denial of ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6169 (Heap-based buffer overflow in the ask_outfile_name function in ...)
	{DSA-1231-1}
	- gnupg 1.4.5-3 (medium; bug #401765)
	- gnupg2 2.0.0-5.1 (medium; bug #400777)
CVE-2006-XXXX [smb4k security issue]
	- smb4k 0.7.5-1
	[sarge] - smb4k <not-affected> (Vulnerable code not present)
CVE-2006-6129 (Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6128 (The ReiserFS functionality in Linux kernel 2.6.18, and possibly other ...)
	- linux <not-affected> (Kernel rejects the malformed filesystem)
	- linux-2.6 <removed>
	[squeeze] - linux-2.6 <not-affected> (Kernel rejects the malformed filesystem)
	NOTE: It's not obvious when or how this was fixed
CVE-2006-6127 (Apple Mac OS X kernel allows local users to cause a denial of service ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6126 (Apple Mac OS X allows local users to cause a denial of service (memory ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6125 (Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) ...)
	NOT-FOR-US: NetGear
CVE-2006-6124 (Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server ...)
	NOT-FOR-US: SeleniumServer Web Server
CVE-2006-6123 (Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals ...)
	NOT-FOR-US: Coppermine Photo Gallery (CPG)
CVE-2006-6122 (Multiple buffer overflows in TIN before 1.8.2 have unspecified impact ...)
	- tin 1:1.8.2-1
CVE-2006-6121 (Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers ...)
	NOT-FOR-US: Acer
CVE-2006-6120 (Integer overflow in the KPresenter import filter for Microsoft ...)
	- koffice 1:1.6.1-1 (bug #401230; medium)
CVE-2006-6119 (mmgallery 1.55 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: mmgallery
CVE-2006-6118 (Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery ...)
	NOT-FOR-US: mmgallery
CVE-2006-6117 (SQL injection vulnerability in index1.asp in fipsGallery 1.5 and ...)
	NOT-FOR-US: fipsGallery
CVE-2006-6116 (SQL injection vulnerability in default2.asp in fipsForum 2.6 and ...)
	NOT-FOR-US: fipsForum
CVE-2006-6115 (SQL injection vulnerability in index.asp in fipsCMS 4.5 and earlier ...)
	NOT-FOR-US: fipsCMS
CVE-2006-6114
	REJECTED
CVE-2006-6113 (Monkey Boards 0.3.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Monkey Boards
CVE-2006-6112 (LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP ...)
	NOT-FOR-US: LifeType
CVE-2006-6111 (Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 ...)
	NOT-FOR-US: Alan Ward A-Cart Pro
CVE-2006-6110 (Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech ...)
	NOT-FOR-US: BPG-InfoTech Content Management System
CVE-2006-6109 (Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 ...)
	NOT-FOR-US: CandyPress Store
CVE-2006-6108 (Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta ...)
	NOT-FOR-US: EC-CUBE
CVE-2006-6107 (Unspecified vulnerability in the match_rule_equal function in ...)
	- dbus 1.0.2-1 (low)
	[sarge] - dbus <no-dsa> (Minor issue)
CVE-2006-6106 (Multiple buffer overflows in the cmtp_recv_interopmsg function in the ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9
CVE-2006-6105 (Format string vulnerability in the host chooser window (gdmchooser) in ...)
	- gdm 2.16.4-1 (medium; bug #403219)
	[sarge] - gdm <not-affected> (Vulnerable code not present)
CVE-2006-6104 (The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in ...)
	- mono 1.2.2.1-1 (low)
CVE-2006-6103 (Integer overflow in the ProcDbeSwapBuffers function in the DBE ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6102 (Integer overflow in the ProcDbeGetVisualInfo function in the DBE ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6101 (Integer overflow in the ProcRenderAddGlyphs function in the Render ...)
	{DSA-1249-1}
	- xorg-server 2:1.1.1-15
CVE-2006-6100
	REJECTED
CVE-2006-6099
	REJECTED
CVE-2006-6098
	REJECTED
CVE-2006-6097 (GNU tar 1.16 and 1.15.1, and possibly other versions, allows ...)
	{DSA-1223-1}
	- tar 1.16-2 (high; bug #399845)
CVE-2006-6096 (Cross-site scripting (XSS) vulnerability in activenews_search.asp in ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6095 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6094 (Multiple SQL injection vulnerabilities in ActiveNews Manager allow ...)
	NOT-FOR-US: ActiveNews Manage
CVE-2006-6093 (Multiple PHP remote file inclusion vulnerabilities in adminprint.php ...)
	NOT-FOR-US: PicturesPro Photo Cart
CVE-2006-6092 (Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 ...)
	NOT-FOR-US: Auto Gallery
CVE-2006-6091 (Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before ...)
	NOT-FOR-US: GrimBB
CVE-2006-6090 (Multiple SQL injection vulnerabilities in BaalAsp forum allow remote ...)
	NOT-FOR-US: BaalAsp
CVE-2006-6089 (Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6088 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
	NOT-FOR-US: i-Gallery
CVE-2006-6087 (Cross-site scripting (XSS) vulnerability in weblog.php in my little ...)
	NOT-FOR-US: my little weblog
CVE-2006-6086 (PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark ...)
	NOT-FOR-US: e-Ark
CVE-2006-6085 (Kile before 1.9.3 does not assign a backup file the same permissions ...)
	- kile 1:1.9.3-1 (low)
	[sarge] - kile <no-dsa> (Minor issue)
CVE-2006-6084 (Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy ...)
	NOT-FOR-US: aBitWhizzy
CVE-2006-6083 (SQL injection vulnerability in search.asp in CreaScripts Creadirectory ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6082 (Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts ...)
	NOT-FOR-US: CreaScripts Creadirectory
CVE-2006-6081 (PHP remote file inclusion vulnerability in Smarty_Compiler.class.php ...)
	NOT-FOR-US: Telaen
CVE-2006-6080 (Multiple SQL injection vulnerabilities in categories.asp in gNews ...)
	NOT-FOR-US: gNews
CVE-2006-6079 (Multiple PHP remote file inclusion vulnerabilities in LoudMouth 2.4 ...)
	NOT-FOR-US: LoudMouth (PHP thingy, not libloudmouth)
CVE-2006-6078 (PHP remote file inclusion vulnerability in common.inc.php in a-ConMan ...)
	NOT-FOR-US: a-ConMan
CVE-2006-6077 (The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and ...)
	{DSA-1336-1}
	NOTE: MFSA-2007-02
	- iceweasel 2.0.0.2+dfsg-1 (high; bug #409220)
	- iceape 1.0.8-1 (high)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	- xulrunner 1.8.0.10-1 (medium)
	NOTE: Epiphany affected by xulrunner
CVE-2006-6076 (Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly ...)
	NOT-FOR-US: BrightStor
CVE-2006-6075 (Cross-site scripting (XSS) vulnerability in addpost1.asp in BaalAsp ...)
	NOT-FOR-US: BaalAsp forum
CVE-2006-6074 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6073 (Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart ...)
	NOT-FOR-US: Enthrallweb eShopping Cart
CVE-2006-6072 (SQL injection vulnerability in bpg/publications_list.asp in ...)
	NOT-FOR-US: BPG-InfoTech Easy Publisher
CVE-2006-6071 (TWiki 4.0.5 and earlier, when running under Apache 1.3 using ...)
	- twiki 1:4.0.5-2 (bug #401303; low)
CVE-2006-6070 (SQL injection vulnerability in module/account/register/register.asp in ...)
	NOT-FOR-US: ASP Nuke
CVE-2006-6069 (index.php in mAlbum 0.3 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: mAlbum
CVE-2006-6068 (Directory traversal vulnerability in the cached_album function in ...)
	NOT-FOR-US: mAlbum
CVE-2006-6067 (Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real ...)
	NOT-FOR-US: DataShed
CVE-2006-6066 (Multiple SQL injection vulnerabilities in Dragon Calendar / Events ...)
	NOT-FOR-US: Dragon Calendar
CVE-2006-6065 (PHP remote file inclusion vulnerability in includes/mx_common.php in ...)
	NOT-FOR-US: CalSnails Module for MxBB Portal
CVE-2006-6064 (Multiple buffer overflows in the Message Parsing Interpreter (MPI) in ...)
	NOT-FOR-US: Fuzzball MUCK
CVE-2006-6063 (Stack-based buffer overflow in Un4seen XMPlay 3.3.0.5 and earlier ...)
	NOT-FOR-US: XMPlay
CVE-2006-6062 (Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6061 (com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-6060 (The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6059 (Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear ...)
	NOT-FOR-US: NetGear
CVE-2006-6058 (The minix filesystem code in Linux kernel 2.6.x before 2.6.24, ...)
	{DSA-1504-1 DSA-1436-1}
	- linux-2.6 2.6.22-6
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6057 (The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on ...)
	- linux-2.6 <not-affected> (Debian kernels up to 2.6.18 didn't include GFS)
CVE-2006-6056 (Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6055 (Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link ...)
	NOT-FOR-US: D-Link
CVE-2006-6054 (The ext2 file system code in Linux kernel 2.6.x allows local users to ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6053 (The ext3fs_dirhash function in Linux kernel 2.6.x allows local users ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (unimportant)
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-6052 (NetEpi Case Manager before 0.98 generates different error messages ...)
	NOT-FOR-US: NetEpi Case Manager
CVE-2006-6051 (PHP remote file inclusion vulnerability in reporter.logic.php in the ...)
	NOT-FOR-US: MosReporter (com_reporter) component for Joomla!
CVE-2006-6050 (Multiple SQL injection vulnerabilities in ClickTech Texas Rank'em ...)
	NOT-FOR-US: Rank'em
CVE-2006-6049 (PHP remote file inclusion vulnerability in shambo2.php in the Shambo2 ...)
	NOT-FOR-US: Shambo2 (com_shambo2) component for Mambo
CVE-2006-6048 (SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-6047 (Directory traversal vulnerability in manager/index.php in Etomite ...)
	NOT-FOR-US: Etomite CMSEtomite CMS
CVE-2006-6046 (Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 ...)
	NOT-FOR-US: eggblog
CVE-2006-6045 (Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin ...)
	NOT-FOR-US: omdev One Admin
CVE-2006-6044 (PHP remote file inclusion vulnerability in gallery_top.inc.php in ...)
	NOT-FOR-US: PHPQuickGallery
CVE-2006-6043 (PHP file inclusion vulnerability in loginform-inc.php in Oliver ...)
	NOT-FOR-US: Oliver (formerly Webshare)
CVE-2006-6042 (PHP remote file inclusion vulnerability in core/editor.php in ...)
	NOT-FOR-US: phpWebThings
CVE-2006-6041 (Multiple PHP remote file inclusion vulnerabilities in Laurent Van den ...)
	NOT-FOR-US: WORK system e-commerce
CVE-2006-6040 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: vBulletin
CVE-2006-6039 (SQL injection vulnerability in matchdetail.php in Powie's PHP ...)
	NOT-FOR-US: MatchMaker
CVE-2006-6038 (SQL injection vulnerability in editpoll.php in Powie's PHP Forum ...)
	NOT-FOR-US: Powie's PHP Forum
CVE-2006-6037 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-6036 (SQL injection vulnerability in OpenHuman before 1.0 allows remote ...)
	NOT-FOR-US: OpenHuman
CVE-2006-6035 (Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-6034 (Multiple SQL injection vulnerabilities in SitesOutlet E-commerce Kit-1 ...)
	NOT-FOR-US: SitesOutlet E-commerce Kit-1
CVE-2006-6033 (Multiple directory traversal vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6032 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-6031 (Multiple SQL injection vulnerabilities in Greater Cincinnati Internet ...)
	NOT-FOR-US: ASPCart
CVE-2006-6030 (Multiple SQL injection vulnerabilities in E-Calendar Pro 3.0 allow ...)
	NOT-FOR-US: E-Calendar ProE-Calendar Pro
CVE-2006-6029 (SQL injection vulnerability in vir_Login.asp in Property Pro 1.0 ...)
	NOT-FOR-US: Property Pro
CVE-2006-6028 (Directory traversal vulnerability in textview.php in Anton Vlasov ...)
	NOT-FOR-US: DoSePa
CVE-2006-6027 (Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-6026 (Heap-based buffer overflow in Real Networks Helix Server and Helix ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-6025 (QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-6024 (Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 ...)
	NOT-FOR-US: Eudora Worldmail
CVE-2006-6023 (** DISPUTED ** ...)
	NOT-FOR-US: Bloo
CVE-2006-6022 (Cross-site scripting (XSS) vulnerability in login_form.asp in ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6021 (SQL injection vulnerability in the login component in BestWebApp ...)
	NOT-FOR-US: BestWebApp Dating Site
CVE-2006-6020 (Cross-site scripting (XSS) vulnerability in announce.php in Blog ...)
	NOT-FOR-US: Blog Torrent Preview
CVE-2006-6019 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Bloo
CVE-2006-6018 (** DISPUTED ** ...)
	NOT-FOR-US: My-BIC
CVE-2006-6017 (WordPress before 2.0.5 does not properly store a profile containing a ...)
	- wordpress 2.0.5-0.1
CVE-2006-6016 (wp-admin/user-edit.php in WordPress before 2.0.5 allows remote ...)
	- wordpress 2.0.5-0.1
CVE-2006-6015 (Buffer overflow in the JavaScript implementation in Safari on Apple ...)
	- kdebase <unfixed> (unimportant; bug #400121)
	NOTE: Browser crashes are not treated as security problems
CVE-2006-6014 (The NetBSD-current kernel before 20061028 does not properly perform ...)
	NOT-FOR-US: NetBSD
CVE-2006-6013 (Integer signedness error in the fw_ioctl (FW_IOCTL) function in the ...)
	- kfreebsd-5 5.4-21
	[etch] - kfreebsd-5 <no-dsa> (no security support)
CVE-2006-6012 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
	NOT-FOR-US: Car Site Manager
CVE-2006-6011 (Unspecified vulnerability in SAP Web Application Server before 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-6010 (SAP allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: SAP
CVE-2006-6009 (Unspecified vulnerability in the Java Runtime Environment (JRE) Swing ...)
	- sun-java5 1.5.0-08-1
CVE-2006-6008 (ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, ...)
	{DSA-1217}
	- linux-ftpd 0.17-23
CVE-2006-6007 (save_profile.asp in WebEvents (Online Event Registration Template) 2.0 ...)
	NOT-FOR-US: WebEvents (Online Event Registration Template)
CVE-2006-6006
	REJECTED
CVE-2006-6005
	REJECTED
CVE-2006-6004
	REJECTED
CVE-2006-6003
	REJECTED
CVE-2006-6002
	REJECTED
CVE-2006-6001
	REJECTED
CVE-2006-6000
	REJECTED
CVE-2006-5999
	REJECTED
CVE-2006-5998
	REJECTED
CVE-2006-5997
	REJECTED
CVE-2006-5996
	REJECTED
CVE-2006-5995
	REJECTED
CVE-2006-5994 (Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-5993
	REJECTED
CVE-2006-5992
	REJECTED
CVE-2006-5991 (Multiple SQL injection vulnerabilities in wwweb concepts CactuShop ...)
	NOT-FOR-US: CactuShop
CVE-2006-5990 (VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and ...)
	NOT-FOR-US: VMWare
CVE-2006-5989 (Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 ...)
	{DSA-1247-1}
	- libapache-mod-auth-kerb 5.3-1 (low; bug #400589)
CVE-2006-5988 (Unspecified vulnerability in Windows 2000 Advanced Server SP4 running ...)
	NOT-FOR-US: Windows
CVE-2006-5987 (SQL injection vulnerability in default.asp in ASPintranet, possibly ...)
	NOT-FOR-US: ASPintranet
CVE-2006-5986 (admin/options.php in Extreme CMS 0.9, and possibly earlier, does not ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5985 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Extreme CMS
CVE-2006-5984 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-5983 (Multiple cross-site scripting (XSS) vulnerabilities in JBMC Software ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-5982 (SeleniumServer FTP Server 1.0, and possibly earlier, stores user ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5981 (Multiple directory traversal vulnerabilities in SeleniumServer FTP ...)
	NOT-FOR-US: Selenium Server
CVE-2006-5980 (adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5979 (Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure ...)
	NOT-FOR-US: NetJetServer
CVE-2006-5978 (Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown ...)
	NOT-FOR-US: E-Xoopport
CVE-2006-5977 (Multiple SQL injection vulnerabilities in MultiCalendars allow remote ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-5976 (Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe ...)
	NOT-FOR-US: BlogMe
CVE-2006-5975 (Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in ...)
	NOT-FOR-US: BlogMe
CVE-2006-5974 (fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message ...)
	- fetchmail 6.3.6-1 (low)
	[sarge] - fetchmail <not-affected> (Vulnerable code not present)
CVE-2006-5973 (Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and ...)
	- dovecot 1.0.rc15-1
	[sarge] - dovecot <not-affected> (Vulnerable code not present)
CVE-2005-4815 (SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before ...)
	NOT-FOR-US: SAP
CVE-2006-XXXX [Firefox Sage Extension Feed Script Insertion Vulnerability]
	- firefox-sage <not-affected> (medium; bug #399170)
	NOTE: Debian's version has HTML disabled
CVE-2006-5972 (Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless ...)
	NOT-FOR-US: NetGear
CVE-2006-5971 (Absolute path traversal vulnerability in admin/logfile.txt in Verity ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5970 (Verity Ultraseek before 5.7 allows remote attackers to obtain ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5969 (CRLF injection vulnerability in the evalFolderLine function in fvwm ...)
	- fvwm 1:2.5.18-2 (low; bug #400303)
	[sarge] - fvwm <no-dsa> (Minor issue)
CVE-2006-5968 (MDaemon 9.0.5, 9.0.6, 9.51, and 9.53, and possibly other versions, ...)
	NOT-FOR-US: MDaemon
CVE-2006-5967 (Race condition in Panda ActiveScan 5.53.00, and other versions before ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5966 (Panda ActiveScan 5.53.00, and other versions before 5.54.01, allows ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-5965 (PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure ...)
	NOT-FOR-US: PassGo SSO Plus
CVE-2006-5964 (choShilA.bpl in PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221 allows local ...)
	NOT-FOR-US: PentaZip
CVE-2006-5963 (Directory traversal vulnerability in PentaZip 8.5.1.190 and PentaSuite-PRO ...)
	NOT-FOR-US: PentaZip
CVE-2006-5962 (Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow ...)
	NOT-FOR-US: Hpecs Shopping Cart
CVE-2006-5961 (Buffer overflow in Mercury Mail Transport System 4.01b for Windows has ...)
	NOT-FOR-US: Mercury Mail Transport
CVE-2006-5960 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5959 (SQL injection vulnerability in browse.asp in A+ Store E-Commerce ...)
	NOT-FOR-US: A+ Store E-Commerce
CVE-2006-5958 (Multiple cross-site scripting (XSS) vulnerabilities in INFINICART ...)
	NOT-FOR-US: INFINICART
CVE-2006-5957 (** DISPUTED ** ...)
	NOT-FOR-US: INFINICART
CVE-2006-5956 (XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) ...)
	NOT-FOR-US: PHPRunner
CVE-2006-5955 (SQL injection vulnerability in listings.asp in 20/20 DataShed (aka ...)
	NOT-FOR-US: DataShed
CVE-2006-5954 (SQL injection vulnerability in page.asp in NetVIOS 2.0 and earlier ...)
	NOT-FOR-US: NetVIOS
CVE-2006-5953 (SQL injection vulnerability in viewcart.asp in Evolve shopping cart ...)
	NOT-FOR-US: Evolve shopping cart
CVE-2006-5952 (SQL injection vulnerability in admin/default.asp in ASP Smiley 1.0 ...)
	NOT-FOR-US: ASP Smiley
CVE-2006-5951 (PHP remote file inclusion vulnerability in pipe.php in Exophpdesk 1.2 ...)
	NOT-FOR-US: Exophpdesk
CVE-2006-5950 (Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5949 (Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta ...)
	NOT-FOR-US: ALTools ALFTP FTP Server
CVE-2006-5948 (PHP remote file inclusion vulnerability in pntUnit/Inspect.php in ...)
	NOT-FOR-US: phpPeanuts
CVE-2006-5947 (Multiple directory traversal vulnerabilities in Conxint FTP Server ...)
	NOT-FOR-US: Conxint FTP Server
CVE-2006-5946 (SQL injection vulnerability in demo/glossary/glossary.asp in FunkyASP ...)
	NOT-FOR-US: FunkyASP Glossary
CVE-2006-5945 (Multiple SQL injection vulnerabilities in MGinternet Car Site Manager ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5944 (Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in ...)
	NOT-FOR-US: MGinternet Car Site Manager
CVE-2006-5943 (Multiple SQL injection vulnerabilities in inventory/display/imager.asp ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5942 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Less Inventory Manager
CVE-2006-5941
	REJECTED
CVE-2006-5940 (Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5939 (Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5938 (Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5937 (Multiple integer overflows in Grisoft AVG Anti-Virus before 7.1.407 ...)
	NOT-FOR-US: Grisoft AVG Anti-Virus
CVE-2006-5936 (SQL injection vulnerability in dept.asp in SiteXpress E-Commerce ...)
	NOT-FOR-US: SiteXpress E-Commerce
CVE-2006-5935 (SQL injection vulnerability in index.php in ShopSystems 4.0 and ...)
	NOT-FOR-US: ShopSystems
CVE-2006-5934 (SQL injection vulnerability in admin/default.asp in Estate Agent ...)
	NOT-FOR-US: Estate Agent Manager
CVE-2006-5933 (SQL injection vulnerability in update.asp in UltraSite 1.0 allows ...)
	NOT-FOR-US: UltraSite
CVE-2006-5932 (Kahua before 0.7, when running multiple applications under a single ...)
	NOT-FOR-US: Kahua
CVE-2006-5931 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
	NOT-FOR-US: Aigaion
CVE-2006-5930 (Multiple PHP remote file inclusion vulnerabilities in Aigaion Web ...)
	NOT-FOR-US: Aigaion
CVE-2006-5929 (PHP remote file inclusion vulnerability in firepjs.php in ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5928 (Multiple PHP remote file inclusion vulnerabilities in Phpjobscheduler ...)
	NOT-FOR-US: Phpjobscheduler
CVE-2006-5927 (SQL injection vulnerability in cpLogin.asp in ASP Scripter Easy Portal ...)
	NOT-FOR-US: ASP Scripter Easy Portal
CVE-2006-5926 (Multiple SQL injection vulnerabilities in mail.php in Vallheru before ...)
	NOT-FOR-US: Vallheru
CVE-2006-5925 (Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed ...)
	{DSA-1240-1 DSA-1228-1 DSA-1226-1}
	- links 0.99+1.00pre12-1.1 (medium; bug #399188)
	- elinks 0.11.1-1.2 (medium; bug #399187)
	- links2 2.1pre25-2 (medium; bug #400718)
CVE-2006-5924 (Cross-site scripting (XSS) vulnerability in index.php in Efficient IP ...)
	NOT-FOR-US: Efficient IP iPmanager (IPm)
CVE-2006-5923 (PHP remote file inclusion vulnerability in index.php in Chris Mac ...)
	NOT-FOR-US: gtcatalog
CVE-2006-5922 (index.php in Wheatblog (wB) allows remote attackers to obtain ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5921 (Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5920 (** DISPUTED ** ...)
	NOT-FOR-US: Exporia
CVE-2006-5919 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: KnowledgeBuilder
CVE-2006-5918 (Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid ...)
	NOT-FOR-US: RapidKill
CVE-2006-5917 (Multiple SQL injection vulnerabilities in OmniStar Article Manager ...)
	NOT-FOR-US: OmniStar Article Manager
CVE-2006-5916 (Intego VirusBarrier X4 allows context-dependent attackers to bypass ...)
	NOT-FOR-US: Intego VirusBarrier
CVE-2006-5915 (Multiple cross-site scripting (XSS) vulnerabilities in ls.php in ...)
	NOT-FOR-US: LandShop
CVE-2006-5914 (SQL injection vulnerability in ls.php in SAMEDIA LandShop allows ...)
	NOT-FOR-US: LandShop
CVE-2006-5913 (Microsoft Internet Explorer 7 allows remote attackers to (1) cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5912 (Unspecified vulnerability in Campware Campsite before 2.6.2 has ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5911 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5910 (Multiple PHP remote file inclusion vulnerabilities in Campware ...)
	NOT-FOR-US: Campware Campsite
CVE-2006-5909 (generaloptions.php in Paul Tarjan Stanford Conference And Research ...)
	NOT-FOR-US: Stanford Conference And Research Forum (SCARF)
CVE-2006-5908 (Multiple SQL injection vulnerabilities in the login_user function in ...)
	NOT-FOR-US: Yet Another News System
CVE-2006-5907 (SQL injection vulnerability in modules/bannieres/bannieres.php in ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5906 (** DISPUTED ** ...)
	NOT-FOR-US: SCRIPT BANNIERES
CVE-2006-5905 (Web Directory Pro allows remote attackers to (1) backup the database ...)
	NOT-FOR-US: Web Directory Pro
CVE-2006-5904 (Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 ...)
	NOT-FOR-US: MWChat Pro
CVE-2006-5903 (Rahul Jonna Gmail File Space (GSpace) allows remote attackers to ...)
	NOT-FOR-US: GSpace
CVE-2006-5902 (viksoe GMail Drive shell extension allows remote attackers to perform ...)
	NOT-FOR-US: viksoe GMail Drive
CVE-2006-5901 (Hawking Technology wireless router WR254-CA uses a hardcoded IP ...)
	NOT-FOR-US: Hawking Technology wireless router WR254-CA
CVE-2006-5900 (Cross-site scripting (XSS) vulnerability in the ...)
	NOT-FOR-US: Zend Framework Preview
CVE-2006-5899 (** DISPUTED ** ...)
	NOT-FOR-US: @cid stat
CVE-2006-5898 (Directory traversal vulnerability in localization/languages.lib.php3 ...)
	NOT-FOR-US: PhpMyChat
CVE-2006-5897 (Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and ...)
	NOT-FOR-US: PhpMyChat Plus
CVE-2006-5896 (REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: Web Mech Designer
CVE-2006-5895 (PHP remote file inclusion vulnerability in core/core.php in EncapsCMS ...)
	NOT-FOR-US: EncapsCMS
CVE-2006-5894 (Directory traversal vulnerability in lang.php in Rama CMS 0.68 and ...)
	NOT-FOR-US: Rama CMS
CVE-2006-5893 (Multiple PHP remote file inclusion vulnerabilities in iWonder Designs ...)
	NOT-FOR-US: iWonder Designs Storystream
CVE-2006-5892 (SQL injection vulnerability in MoreInfo.asp in The Net Guys ...)
	NOT-FOR-US: The Net Guys ASPired2Poll
CVE-2006-5891 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5890 (SQL injection vulnerability in detail.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UStore
CVE-2006-5889 (SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 ...)
	NOT-FOR-US: BrewBlogger
CVE-2006-5888 (SQL injection vulnerability in viewarticle.asp in Superfreaker Studios ...)
	NOT-FOR-US: Superfreaker Studios UPublisher
CVE-2006-5887 (SQL injection vulnerability in CampusNewsDetails.asp in Dynamic ...)
	NOT-FOR-US: Dynamic Dataworx NuSchool
CVE-2006-5886 (SQL injection vulnerability in propertysdetails.asp in Dynamic ...)
	NOT-FOR-US: Dynamic Dataworx NuRealestate (NuRems)
CVE-2006-5885 (SQL injection vulnerability in Products.asp in NuStore 1.0 allows ...)
	NOT-FOR-US: NuStore
CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...)
	- fvwm 2.5.10-1
CVE-2006-5884 (Multiple unspecified vulnerabilities in DirectAnimation ActiveX ...)
	NOT-FOR-US: DirectAnimation ActiveX controls for Microsoft Internet Explorer
CVE-2006-5883 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel 10
CVE-2006-5882 (Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device ...)
	NOT-FOR-US: Broadcom BCMWL5.SYS
CVE-2006-5881 (SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx ...)
	NOT-FOR-US: Dynamic Dataworx NuCommunity
CVE-2006-5880 (SQL injection vulnerability on the subMenu page in switch.asp in Munch ...)
	NOT-FOR-US: Munch Pro
CVE-2006-5879 (SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta ...)
	NOT-FOR-US: ASPPortal
CVE-2006-5878 (Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 ...)
	{DSA-1209}
	- trac 0.10.1-1 (bug #397683)
CVE-2006-5877 (The enigmail extension before 0.94.2 does not properly handle large, ...)
	- enigmail 2:0.94.2-1 (bug #406604)
CVE-2006-5876 (The soup_headers_parse function in soup-headers.c for libsoup HTTP ...)
	{DSA-1248-1}
	- libsoup 2.2.98-2 (bug #405197; medium)
CVE-2006-5875 (eoc.py in Enemies of Carlotta (EoC) before 1.2.4 allows remote ...)
	{DSA-1236-1}
	- enemies-of-carlotta 1.2.4-1 (medium)
CVE-2006-5874 (Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...)
	{DSA-1232-1}
	- clamav 0.86-1
CVE-2006-5873 (Buffer overflow in the cluster_process_heartbeat function in cluster.c ...)
	{DSA-1230-1}
	- l2tpns 2.1.21-1 (medium; bug #401742)
	NOTE: http://secunia.com/advisories/23230/
CVE-2006-5872 (login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows ...)
	{DSA-1239-1}
	- sql-ledger 2.6.21-1
CVE-2006-5871 (smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 <not-affected> (Current Linux versions already implement intended behaviour)
CVE-2006-5870 (Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, ...)
	{DSA-1246-1}
	- openoffice.org 2.0.4-1 (medium; bug #405986; bug #405679)
CVE-2006-5869 (pstotext before 1.9 allows user-assisted attackers to execute ...)
	{DSA-1220}
	- pstotext 1.9-4 (bug #356988; medium)
CVE-2006-5868 (Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.11
CVE-2006-5867 (fetchmail before 6.3.6-rc4 does not properly enforce TLS and may transmit ...)
	{DSA-1259-1}
	- fetchmail 6.3.6-1 (low)
CVE-2006-5866 (Directory traversal vulnerability in Mdoc/view-sourcecode.php for ...)
	NOT-FOR-US: phpManta
CVE-2006-5865 (PHP remote file inclusion vulnerability in language.inc.php in MyAlbum ...)
	NOT-FOR-US: Script Dowload
CVE-2006-5863 (PHP remote file inclusion vulnerability in inc/session.php for ...)
	NOT-FOR-US: LetterIt
CVE-2006-5862 (Directory traversal vulnerability in the session mechanism of the web ...)
	NOT-FOR-US: Network Administration Visualized
CVE-2006-5861 (The Independent Management Architecture (IMA) service (ImaSrv.exe) in ...)
	NOT-FOR-US: Citrix
CVE-2006-5860 (Cross-site scripting (XSS) vulnerability in the administrator console ...)
	NOT-FOR-US: Adobe JRun
CVE-2006-5859 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 7 7.0 ...)
	NOT-FOR-US: Adobe ColdFusion
CVE-2006-5858 (Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft ...)
	NOT-FOR-US: Adobe
CVE-2006-5857 (Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote ...)
	NOT-FOR-US: Adobe
CVE-2006-5856 (Stack-based buffer overflow in the Adobe Download Manager before 2.2 ...)
	NOT-FOR-US: Adobe Download Manager
CVE-2006-5855 (Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 ...)
	NOT-FOR-US: Tivoli
CVE-2006-5854 (Multiple buffer overflows in the Spooler service (nwspool.dll) in ...)
	NOT-FOR-US: Novell Netware
CVE-2006-5853 (Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy ...)
	NOT-FOR-US: Immediacy CMS
CVE-2006-5852 (Untrusted search path vulnerability in openexec in OpenBase SQL before ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5851 (openexec in OpenBase SQL before 10.0.1 allows local users to create ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5850 (Stack-based buffer overflow in Essentia Web Server 2.15 for Windows ...)
	NOT-FOR-US: Essentia Web Server
CVE-2006-5849 (PHP remote file inclusion vulnerability in inc/irayofuncs.php in ...)
	NOT-FOR-US: IrayoBlog
CVE-2006-5848
	REJECTED
CVE-2006-5847 (Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5846 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5845 (Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5844 (Speedywiki 2.0 allows remote attackers to obtain the full path of the ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5843 (Cross-site scripting (XSS) vulnerability in index.php in Speedywiki ...)
	NOT-FOR-US: Speedywiki
CVE-2006-5842 (The keystore file in Unicore Client before 5.6 build 5, when running ...)
	NOT-FOR-US: Unicore
CVE-2006-5841 (Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in ...)
	NOT-FOR-US: DodosMail
CVE-2006-5840 (** DISPUTED ** ...)
	NOT-FOR-US: Abarcar Realty Portal
CVE-2006-5839 (PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure ...)
	NOT-FOR-US: PHPAdventure
CVE-2006-5838 (PHP remote file inclusion vulnerability in lib/class.Database.php in ...)
	NOT-FOR-US: NewP News Publication System
CVE-2006-5837 (Static code injection vulnerability in chat_panel.php in the ...)
	NOT-FOR-US: SimpleChat 1.0.0 module for iWare Professional CMS
CVE-2006-5836 (The fpathconf syscall function in bsd/kern/kern_descrip.c in the ...)
	NOT-FOR-US: Darwin kernel (XNU) 8.8.1 in Apple Mac OS X
CVE-2006-5835 (The Notes Remote Procedure Call (NRPC) protocol in IBM Lotus Notes ...)
	NOT-FOR-US: IBM Lotus Notes Domino
CVE-2006-5834 (Directory traversal vulnerability in general.php in OpenSolution ...)
	NOT-FOR-US: OpenSolution Quick.Cms.Lite
CVE-2006-5833 (gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require ...)
	NOT-FOR-US: GreenBeast CMS
CVE-2006-5832 (All In One Control Panel (AIOCP) 1.3.007 and earlier allows remote ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5831 (PHP remote file inclusion vulnerability in admin/code/index.php in All ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5830 (Multiple cross-site scripting (XSS) vulnerabilities in All In One ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5829 (Multiple SQL injection vulnerabilities in All In One Control Panel ...)
	NOT-FOR-US: All In One Control Panel (AIOCP)
CVE-2006-5828 (SQL injection vulnerability in detail.php in DeltaScripts PHP ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5827 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpComasy CMS
CVE-2006-5826 (Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 ...)
	NOT-FOR-US: Texas Imperial Software WFTPD Pro Server
CVE-2006-5825 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2006-5824 (Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows ...)
	- kfreebsd-5 <removed>
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5823 (The zlib_inflate function in Linux kernel 2.6.x allows local users to ...)
	{DSA-1503-2 DSA-1504-1 DSA-1503-1}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5822 (Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-5821 (Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ...)
	NOT-FOR-US: Citrix
CVE-2006-5820 (The LinkSBIcons method in the SuperBuddy ActiveX control ...)
	NOT-FOR-US: SuperBuddy ActiveX control
CVE-2006-5819 (Verity Ultraseek before 5.7 allows remote attackers to use the server ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2006-5864 (Stack-based buffer overflow in the ps_gettext function in ps.c for GNU ...)
	{DSA-1243-1 DSA-1214}
	- gv 1:3.6.2-3 (medium; bug #398292)
	- evince 0.4.0-3 (medium; bug #400904; bug #400906; bug #402063)
CVE-2006-5818 (Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-5817 (prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure ...)
	NOT-FOR-US: Parallels
CVE-2006-5816 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
	NOT-FOR-US: Business Card Web Builder
CVE-2006-5815 (Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 ...)
	{DSA-1222-1}
	- proftpd-dfsg 1.3.0-15 (bug #399070; high)
CVE-2006-5814 (Unspecified vulnerability in Novell eDirectory allows remote attackers ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5813 (Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5812 (Unspecified vulnerability in Kerio MailServer allows attackers to ...)
	NOT-FOR-US: Kerio
CVE-2006-5811 (PHP remote file inclusion vulnerability in library/translation.inc.php ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5810 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: XOOPS
CVE-2006-5809 (Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB ...)
	NOT-FOR-US: OvBB
CVE-2006-5808 (The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses ...)
	NOT-FOR-US: Cisco
CVE-2006-5807 (Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2006-5806 (SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when ...)
	NOT-FOR-US: Cisco
CVE-2006-5805 (Microsoft Internet Explorer 7 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5804 (PHP remote file inclusion vulnerability in admin.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2006-5803 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: mxBB Smartor Album
CVE-2006-5802 (SQL injection vulnerability in message_details.php in The Web Drivers ...)
	NOT-FOR-US: The Web Drivers Simple Forum
CVE-2006-5801 (The owserver module in owfs and owhttpd 2.5p5 and earlier does not ...)
	NOT-FOR-US: owfs
CVE-2006-5800 (Cross-site scripting (XSS) vulnerability in default.asp in ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5799 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5798 (SQL injection vulnerability in default.asp in Xenis.creator CMS allows ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5797 (Multiple SQL injection vulnerabilities in default.asp in Xenis.creator ...)
	NOT-FOR-US: Xenis.creator
CVE-2006-5796 (Multiple PHP remote file inclusion vulnerabilities in Soholaunch Pro ...)
	NOT-FOR-US: Soholaunch Pro
CVE-2006-5795 (Multiple PHP remote file inclusion vulnerabilities in OpenEMR 2.8.1 ...)
	NOT-FOR-US: OpenEMR
CVE-2006-5794 (Unspecified vulnerability in the sshd Privilege Separation Monitor in ...)
	- openssh 1:4.3p2-6 (unimportant)
	NOTE: Not a direct vulnerability
CVE-2006-5793 (The sPLT chunk handling code (png_set_sPLT function in pngset.c) in ...)
	- libpng 1.2.13-0 (low; bug #398706)
	[sarge] - libpng <no-dsa> (Minor issue)
CVE-2006-XXXX [obexpushd arbitrary command execution]
	- obexpushd 0.4+svn10-1 (bug #397297; medium)
CVE-2006-XXXX [motion insecure tempfile creation]
	- motion 3.2.3-2 (bug #393846; low)
	[sarge] - motion <no-dsa> (Minor issue)
CVE-2006-5792 (Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote ...)
	NOT-FOR-US: XLink Omni-NFS Enterprise
CVE-2006-5791 (Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5790 (Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and ...)
	{DSA-1242-1}
	- elog 2.6.2+r1754-1 (medium; bug #392016)
CVE-2006-5789 (War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated ...)
	NOT-FOR-US: WarFTPd
CVE-2006-5788 (PHP remote file inclusion vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5787 (admin/index.php in IPrimal Forums as of 20061105 allows remote ...)
	NOT-FOR-US: IPrimal Forums
CVE-2006-5786 (Directory traversal vulnerability in class2.php in e107 0.7.5 and ...)
	NOT-FOR-US: e107
CVE-2006-5785 (Unspecified vulnerability in SAP Web Application Server 6.40 before ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5784 (Unspecified vulnerability in enserver.exe in SAP Web Application ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2006-5783 (** DISPUTED ** ...)
	NOTE: irreproducible firefox issue
CVE-2006-5782 (radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not ...)
	NOT-FOR-US: HP OpenView
CVE-2006-5781 (Stack-based buffer overflow in the handshake function in iodine 0.3.2 ...)
	NOT-FOR-US: iodine
CVE-2006-5780 (Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 ...)
	NOT-FOR-US: XLink Omni-NFS
CVE-2006-5779 (OpenLDAP before 2.3.29 allows remote attackers to cause a denial of ...)
	- openldap2.2 <removed> (bug #397673)
	- openldap2.3 2.3.29-1
CVE-2006-5777 (Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to ...)
	NOT-FOR-US: Creasito E-Commerce Content Manager
CVE-2006-5776 (** DISPUTED ** ...)
	NOT-FOR-US: Ariadne
CVE-2006-5775 (Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard ...)
	NOT-FOR-US: FunkBoard
CVE-2006-5774 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before ...)
	NOT-FOR-US: Hyper NIKKI System
CVE-2006-5773 (Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5772 (Multiple SQL injection vulnerabilities in index.php in FreeWebshop ...)
	NOT-FOR-US: FreeWebshop
CVE-2006-5771 (Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 ...)
	NOT-FOR-US: Arkoon SSL360
CVE-2006-5770 (Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile ...)
	NOT-FOR-US: Mobile
CVE-2006-5769 (Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS ...)
	NOT-FOR-US: admin.tool CMS
CVE-2006-5768 (Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 ...)
	NOT-FOR-US: Cyberfolio
CVE-2006-5767 (PHP remote file inclusion vulnerability in includes/xhtml.php in Drake ...)
	NOT-FOR-US: Drake CMS
CVE-2006-5766 (PHP remote file inclusion vulnerability in volume.php in Article ...)
	NOT-FOR-US: Article System
CVE-2006-5765 (SQL injection vulnerability in rss.php in Article Script 1.6.3 and ...)
	NOT-FOR-US: Article Script
CVE-2006-5764 (PHP remote file inclusion vulnerability in contact.php in Free File ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5763 (Multiple PHP remote file inclusion vulnerabilities in Free File ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5762 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
	NOT-FOR-US: Free File Hosting
CVE-2006-5761 (Cross-site scripting (XSS) vulnerability in index.php in Rhadrix ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5760 (Multiple PHP remote file inclusion vulnerabilities in phpDynaSite ...)
	NOT-FOR-US: phpDynaSite
CVE-2006-5759 (index.php in Rhadrix If-CMS, possibly 1.01 and 2.07, allows remote ...)
	NOT-FOR-US: Rhadrix If-CMS
CVE-2006-5758 (The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5757 (Race condition in the __find_get_block_slow function in the ISO9660 ...)
	{DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-10 (low)
CVE-2006-5756
	REJECTED
CVE-2006-5755 (Linux kernel before 2.6.18, when running on x86_64 systems, does not ...)
	{DSA-1381-2}
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5754 (The aio_setup_ring function in Linux kernel does not properly ...)
	{DSA-1304}
	- linux-2.6 <not-affected> (Fixed before initial upload; 2.6.10)
CVE-2006-5753 (Unspecified vulnerability in the listxattr system call in Linux ...)
	{DSA-1503-2 DSA-1503-1 DSA-1356-1 DSA-1304}
	- linux-2.6 2.6.20-1
CVE-2006-5752 (Cross-site scripting (XSS) vulnerability in mod_status.c in the ...)
	- apache2 2.2.4-2 (low)
	[sarge] - apache2 2.0.54-5sarge2
	[etch] - apache2 2.2.3-4+etch2
	- apache <removed> (low)
	[etch] - apache 1.3.34-4.1+etch1
CVE-2006-5751 (Integer overflow in the get_fdb_entries function in ...)
	{DSA-1233}
	- linux-2.6 2.6.18-8 (medium)
CVE-2006-5750 (Directory traversal vulnerability in the DeploymentFileRepository ...)
	NOT-FOR-US: JBoss
CVE-2006-5749 (The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c ...)
	- linux-2.6 2.6.18.dfsg.1-10
CVE-2006-5748 (Multiple unspecified vulnerabilities in the JavaScript engine in ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5747 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.5.0.8-1 (high)
	- mozilla-firefox <removed>
	- mozilla-thunderbird <removed>
	[sarge] - mozilla <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-firefox <not-affected> (Vulnerable code not present)
	[sarge] - mozilla-thunderbird <not-affected> (Vulnerable code not present)
CVE-2006-5746 (The console in AirMagnet Enterprise before 7.5 build 6307 does not ...)
	NOT-FOR-US: AirMagnet
CVE-2006-5745 (Unspecified vulnerability in the setRequestHeader method in the ...)
	NOT-FOR-US: Microsoft
CVE-2006-5744 (Multiple SQL injection vulnerabilities in Highwall Enterprise and ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5743 (Multiple cross-site scripting (XSS) vulnerabilities in Highwall ...)
	NOT-FOR-US: Highwall Enterprise
CVE-2006-5742 (The AirMagnet Enterprise console and Remote Sensor console (Laptop) in ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5741 (Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet ...)
	NOT-FOR-US: AirMagnet Enterprise
CVE-2006-5739 (PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in ...)
	NOT-FOR-US: communityPortals
CVE-2006-5738 (Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow ...)
	NOT-FOR-US: PunBB
CVE-2006-5737 (PunBB uses a predictable cookie_seed value that can be derived from ...)
	NOT-FOR-US: PunBB
CVE-2006-5736 (SQL injection vulnerability in search.php in PunBB before 1.2.14, when ...)
	NOT-FOR-US: PunBB
CVE-2006-5735 (Directory traversal vulnerability in include/common.php in PunBB ...)
	NOT-FOR-US: PunBB
CVE-2006-5734 (Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 ...)
	NOT-FOR-US: ATutor
CVE-2006-5733 (Directory traversal vulnerability in error.php in PostNuke 0.763 and ...)
	NOT-FOR-US: PostNuke
CVE-2006-5732 (SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and ...)
	NOT-FOR-US: T.G.S. CMS
CVE-2006-5731 (Directory traversal vulnerability in classes/index.php in Lithium CMS ...)
	NOT-FOR-US: Lithium CMS
CVE-2006-5730 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Modx CMS
CVE-2006-5729 (Yazd Discussion Forum before 3.0 beta does not properly manage forum ...)
	NOT-FOR-US: Yazd Discussion Forum
CVE-2006-5728 (XM Easy Personal FTP Server 5.2.1 and earlier allows remote ...)
	NOT-FOR-US: XM Easy Personal FTP Server
CVE-2006-5727 (PHP remote file inclusion vulnerability in admin/controls/cart.php in ...)
	NOT-FOR-US: sazcart
CVE-2006-5726 (alloccgblk in the UFS filesystem in Solaris 10 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2006-5725 (The SSL server in AEP Smartgate 4.3b allows remote attackers to ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5724 (Heap-based buffer overflow the &quot;Answering Service&quot; function in ICQ ...)
	NOT-FOR-US: ICQ
CVE-2006-5723 (SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier ...)
	NOT-FOR-US: DataparkSearch Engine
CVE-2006-5722 (Multiple PHP remote file inclusion vulnerabilities in Segue CMS 1.5.9 ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5721 (The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) ...)
	NOT-FOR-US: Outpost Firewall PRO
CVE-2006-5720 (SQL injection vulnerability in modules/journal/search.php in the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5719 (SQL injection vulnerability in libs/sessions.lib.php in BytesFall ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5718 (Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin ...)
	- phpmyadmin 4:2.9.0.3-1 (low; bug #396638)
	[sarge]	- phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5717 (Multiple cross-site scripting (XSS) vulnerabilities in Zend Google ...)
	NOT-FOR-US: Zend Google Data Client Library (ZendGData)
CVE-2006-5716 (Directory traversal vulnerability in aff_news.php in FreeNews 2.1 ...)
	NOT-FOR-US: FreeNews
CVE-2006-5715 (Easy File Sharing (EFS) Easy Address Book 1.2, when run on an NTFS ...)
	NOT-FOR-US: Easy File Sharing (EFS) Easy Address Book
CVE-2006-5714 (Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5713 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-5712 (Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows ...)
	NOT-FOR-US: Mirapoint WebMail
CVE-2006-5711 (ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote ...)
	NOT-FOR-US: ECI Telecom
CVE-2006-5710 (The Airport driver for certain Orinoco based Airport cards in Darwin ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-5709 (Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5708 (Multiple unspecified vulnerabilities in MDaemon and WorldClient in ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-5707 (SQL injection vulnerability in index.php in PHPEasyData Pro 1.4.1 and ...)
	NOT-FOR-US: PHPEasyData
CVE-2006-5706 (Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local ...)
	- php5 5.2.0-1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: lack of basedir restrictions are not security-relevant by Debian PHP security policy
CVE-2006-5705 (Multiple directory traversal vulnerabilities in ...)
	- wordpress 2.0.5-0.1
CVE-2006-5704 (HP NonStop Server G06.29, when running Standard Security T6533G06 ...)
	NOT-FOR-US: HP
CVE-2006-5703 (Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in ...)
	- tikiwiki 1.9.6+dfsg-1 (low)
CVE-2006-5702 (Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information ...)
	- tikiwiki 1.9.6+dfsg-1 (medium)
CVE-2006-5701 (Double free vulnerability in squashfs module in the Linux kernel ...)
	- linux-2.6 <not-affected> (Vulnerable code not present)
	- squashfs 1:3.1r2-6.1
	NOTE: Mounting filesystem partitions should be limited to root
CVE-2006-5700
	REJECTED
CVE-2006-5699
	REJECTED
CVE-2006-5698
	REJECTED
CVE-2006-5697
	REJECTED
CVE-2006-5696
	REJECTED
CVE-2006-5695
	REJECTED
CVE-2006-5694
	REJECTED
CVE-2006-5693
	REJECTED
CVE-2006-5692
	REJECTED
CVE-2006-5691
	REJECTED
CVE-2006-5690
	REJECTED
CVE-2006-5689
	REJECTED
CVE-2006-5688
	REJECTED
CVE-2006-5687
	REJECTED
CVE-2006-5686
	REJECTED
CVE-2006-5685
	REJECTED
CVE-2006-5684
	REJECTED
CVE-2006-5683
	REJECTED
CVE-2006-5682
	REJECTED
CVE-2006-5681 (QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with ...)
	NOT-FOR-US: QuickTime on Mac OS X
CVE-2006-5680 (The libarchive library in FreeBSD 6-STABLE after 2006-09-05 and before ...)
	- libarchive 1.3.1-1 (unimportant)
CVE-2006-5679 (Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows ...)
	- kfreebsd-5 <removed> (medium)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5678 (** DISPUTED ** ...)
	NOT-FOR-US: Les Visiteurs
CVE-2006-5677 (resmom/start_exec.c in pbs_mom in TORQUE Resource Manager 2.0.0p8 and ...)
	- torque 2.1.6-1
CVE-2006-5676 (SQL injection vulnerability in consult/classement.php in Uni-Vert ...)
	NOT-FOR-US: PhpLeague
CVE-2006-5675 (Multiple unspecified vulnerabilities in Pentaho Business Intelligence ...)
	NOT-FOR-US: Pentaho Business Intelligence (BI) Suite
CVE-2006-5674 (Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and ...)
	NOT-FOR-US: miniBB
CVE-2006-5673 (PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB ...)
	NOT-FOR-US: miniBB
CVE-2006-5672 (PHP remote file inclusion vulnerability in web/init_mysource.php in ...)
	NOT-FOR-US: MySource CMS
CVE-2006-5671 (PHP remote file inclusion vulnerability in contact.php in Free Image ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5670 (PHP remote file inclusion vulnerability in forgot_pass.php in Free ...)
	NOT-FOR-US: Free Image Hosting
CVE-2006-5669 (PHP remote file inclusion vulnerability in gestion/savebackup.php in ...)
	NOT-FOR-US: Gepi
CVE-2006-5668 (Unspecified vulnerability in Ampache 3.3.2 and earlier, when ...)
	NOT-FOR-US: Ampache
CVE-2006-5667 (Multiple PHP remote file inclusion vulnerabilities in P-Book 1.17 and ...)
	NOT-FOR-US: P-Book
CVE-2006-5666 (SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 ...)
	NOT-FOR-US: E-Annu
CVE-2006-5665 (PHP remote file inclusion vulnerability in admin/modules_data.php in ...)
	NOT-FOR-US: phpBB module Spider Friendly
CVE-2006-5664 (The installation script in IBM Informix Dynamic Server 10.00, Informix ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5663 (IBM Informix Dynamic Server 10.00, Informix Client Software ...)
	NOT-FOR-US: IBM Informix
CVE-2006-5662 (SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows ...)
	NOT-FOR-US: easy notesManager (eNM)
CVE-2006-5661 (Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech ...)
	NOT-FOR-US: Netquery
CVE-2006-5660 (Cisco Security Agent Management Center (CSAMC) 5.1 before 5.1.0.79 ...)
	NOT-FOR-US: Cisco
CVE-2006-5659 (PAM_extern before 0.2 sends a password as a command line argument, ...)
	NOT-FOR-US: PAM_extern
CVE-2006-5658 (BlooMooWeb ActiveX control (AidemATL.dll) allows remote attackers to ...)
	NOT-FOR-US: BlooMooWeb ActiveX control
CVE-2006-5657 (Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5656 (Memory leak in the push_align function in src/util.c in Vilistextum ...)
	NOT-FOR-US: Vilistextum
CVE-2006-5655 (SQL injection vulnerability in index.php in OpenDocMan 1.2p3 allows ...)
	NOT-FOR-US: OpenDocMan
CVE-2006-5654 (Unspecified vulnerability in the Network Security Services (NSS) in ...)
	NOT-FOR-US: Sun Java System Web Server
CVE-2006-5653 (Cross-site scripting (XSS) vulnerability in the errorHTML function in ...)
	NOT-FOR-US: Sun Java System Messenger Express
CVE-2006-5652 (Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging ...)
	NOT-FOR-US: Sun
CVE-2006-5651 (list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to ...)
	NOT-FOR-US: DigiOz Guestbook
CVE-2006-5650 (The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ ...)
	NOT-FOR-US: ICQPhone.SipxPhoneManager
CVE-2006-5649 (Unspecified vulnerability in the &quot;alignment check exception handling&quot; ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-4
CVE-2006-5648 (Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-5647 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
	NOT-FOR-US: Sophos
CVE-2006-5646 (Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security ...)
	NOT-FOR-US: Sophos
CVE-2006-5645 (Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for ...)
	NOT-FOR-US: Sophos
CVE-2006-5644
	RESERVED
CVE-2006-5643 (Cross-site scripting (XSS) vulnerability in search_de.html in foresite ...)
	NOT-FOR-US: foresite CMS
CVE-2006-5642 (Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown ...)
	NOT-FOR-US: NmnLogger
CVE-2006-5641 (SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5640 (SQL injection vulnerability in guestbookview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-5639 (Unspecified vulnerability in the random number generator in OpenWBEM ...)
	NOT-FOR-US: OpenWBEM
CVE-2006-5638 (Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-5637 (PHP remote file inclusion vulnerability in faq_reply.php in Faq ...)
	NOT-FOR-US: Faq Administrator
CVE-2006-5636 (PHP remote file inclusion vulnerability in common.php in Simple ...)
	NOT-FOR-US: Simple Website Software
CVE-2006-5635 (SQL injection vulnerability in forum/search.asp in Web Wiz Forums ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-5634 (Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 ...)
	NOT-FOR-US: phpProfiles
CVE-2006-5633 (Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers ...)
	- firefox 45.0-1 (unimportant)
	- firefox-esr 45.0esr-1 (unimportant)
	- iceweasel <removed> (unimportant)
	- icedove <unfixed> (unimportant)
	- mozilla <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- mozilla-thunderbird <removed> (unimportant)
CVE-2006-5632 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5631 (Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop ...)
	NOT-FOR-US: iG Shop
CVE-2006-5630 (Hosting Controller 6.1 before Hotfix 3.3 allows remote attackers to ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5629 (Multiple SQL injection vulnerabilities in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-5628 (SQL injection vulnerability in login.asp in UNISOR Content Management ...)
	NOT-FOR-US: UNISOR Content Management System (CMS)
CVE-2006-5627 (Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and ...)
	NOT-FOR-US: QnECMS
CVE-2006-5626 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: phpFaber
CVE-2006-5625 (PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in ...)
	NOT-FOR-US: N/X 2002 Professional Edition Web Content Management System (WCMS)
CVE-2006-5624 (Multiple PHP remote file inclusion vulnerabilities in Multi-Page ...)
	NOT-FOR-US: Multi-Page Comment System (MPCS)
CVE-2006-5623 (PHP remote file inclusion vulnerability in ip.inc.php in Electronic ...)
	NOT-FOR-US: Electronic Engineering Tool (EE Tool)
CVE-2006-5622 (SQL injection vulnerability in picmgr.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-5621 (PHP remote file inclusion vulnerability in end.php in ask_rave 0.9 PR, ...)
	NOT-FOR-US: ask_rave
CVE-2006-5620 (PHP remote file inclusion vulnerability in include/menu_builder.php in ...)
	NOT-FOR-US: MiniBILL
CVE-2006-5619 (The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in ...)
	{DSA-1233}
	- linux-2.6 2.6.18-4 (low)
CVE-2006-5618 (Directory traversal vulnerability in script/cat_for_aff.php in Netref ...)
	NOT-FOR-US: Netref
CVE-2006-5617 (Directory traversal vulnerability in index.php in Thepeak File Upload ...)
	NOT-FOR-US: Thepeak File Upload Manager
CVE-2006-5616 (Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux ...)
	NOT-FOR-US: OpenPBS
CVE-2006-5615 (PHP remote file inclusion vulnerability in publish.php in Textpattern ...)
	NOT-FOR-US: Textpattern
CVE-2006-5614 (Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-5613 (PHP remote file inclusion in Core/core.inc.php in MP3 Streaming ...)
	NOT-FOR-US: MP3 Streaming DownSampler (mp3SDS)
CVE-2006-5612 (PHP remote file inclusion vulnerability in aide.php3 (aka aide.php) in ...)
	NOT-FOR-US: GestArt
CVE-2006-5611 (Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 ...)
	NOT-FOR-US: Toshiba
CVE-2006-5610 (PHP remote file inclusion vulnerability in player/includes/common.php ...)
	NOT-FOR-US: Teake Nutma Foing
CVE-2006-5609 (Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows ...)
	- torrentflux 2.1-5 (bug #395930; medium)
CVE-2006-5608 (SQL injection vulnerability in Extended Tracker (xtracker) 4.7 before ...)
	NOT-FOR-US: Extended Tracker (xtracker) for Drupal
CVE-2006-5607 (Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 ...)
	NOT-FOR-US: INCA IM-204
CVE-2006-5606 (Multiple SQL injection vulnerabilities in BytesFall Explorer ...)
	NOT-FOR-US: BytesFall Explorer (bfExplorer)
CVE-2006-5605 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCards
CVE-2006-5604 (Directory traversal vulnerability in phpcards.header.php in phpCards ...)
	NOT-FOR-US: phpCards
CVE-2006-5603 (SQL injection vulnerability in pop_mail.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-5600 (Axalto Protiva 1.1, possibly only non-commercial versions, stores ...)
	NOT-FOR-US: Axalto Protiva
CVE-2006-5599 (Cross-site scripting (XSS) vulnerability in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5598 (Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery ...)
	NOT-FOR-US: GOOP Gallery
CVE-2006-5597 (join.asp in MiniHTTP Web Forum &amp; File Server PowerPack 4.0 allows ...)
	NOT-FOR-US: MiniHTTP Web Forum
CVE-2006-5596 (Directory traversal vulnerability in the SSL server in AEP Smartgate ...)
	NOT-FOR-US: AEP Smartgate
CVE-2006-5595 (Unspecified vulnerability in the AirPcap support in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258)
CVE-2006-5594 (PHP remote file inclusion vulnerability in University of British ...)
	NOT-FOR-US: iPeer
CVE-2006-5593 (Buffer overflow in Desknet's (niokeru) before 5.0J R1.0 might allow ...)
	NOT-FOR-US: Desknet's (niokeru)
CVE-2006-5592 (Admin/adpoll.asp in PacPoll 4.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: PacPoll
CVE-2006-5591 (Multiple SQL injection vulnerabilities in Admin/check.asp in PacPoll ...)
	NOT-FOR-US: PacPoll
CVE-2006-5590 (PHP remote file inclusion vulnerability in index.php in ArticleBeach ...)
	NOT-FOR-US: ArticleBeach Script
CVE-2006-5589 (Multiple SQL injection vulnerabilities in LedgerSMB (LSMB) 1.1.0 and ...)
	NOT-FOR-US: LedgerSMB (LSMB)
CVE-2006-5588 (Multiple PHP remote file inclusion vulnerabilities in CMS Faethon 2.0 ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-5587 (Multiple PHP remote file inclusion vulnerabilities in MDweb 1.3 and ...)
	NOT-FOR-US: MDweb
CVE-2006-5586 (The Graphics Rendering Engine in Microsoft Windows 2000 SP4 and XP SP2 ...)
	NOT-FOR-US: Microsoft GDI
CVE-2006-5585 (The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-5584 (The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5583 (Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2006-5582
	REJECTED
CVE-2006-5581 (Unspecified vulnerability in Microsoft Internet Explorer 6 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-5580
	RESERVED
CVE-2006-5579 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2006-5578 (Microsoft Internet Explorer 6 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2006-5577 (Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2006-5576
	REJECTED
CVE-2006-5575
	REJECTED
CVE-2006-5574 (Unspecified vulnerability in the Brazilian Portuguese Grammar Checker ...)
	NOT-FOR-US: Microsoft
CVE-2006-5573
	REJECTED
CVE-2006-5572
	REJECTED
CVE-2006-5571 (Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5570 (Directory traversal vulnerability in /scripts/cruise/cws.exe in ...)
	NOT-FOR-US: CruiseWorks
CVE-2006-5569 (FtpXQ Server 3.0.1 installs with two default testing accounts, which ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5568 (FtpXQ Server 3.0.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FtpXQ
CVE-2006-5567 (Multiple heap-based buffer overflows in AOL Nullsoft WinAmp before ...)
	NOT-FOR-US: WinAmp
CVE-2006-5566 (CRLF injection vulnerability in premium/index.php in Shop-Script ...)
	NOT-FOR-US: Shop-Script
CVE-2006-5565 (CRLF injection vulnerability in MAXdev MD-Pro 1.0.76 allows remote ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5564 (Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-5563 (Unspecified vulnerability in Yahoo! Messenger (Service 18) before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-5562 (PHP remote file inclusion vulnerability in include/database.php in ...)
	NOT-FOR-US: SourceForge (gforge is not affected)
CVE-2006-5561 (SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows ...)
	NOT-FOR-US: Discuz! GBK
CVE-2006-5560 (Cross-site scripting (XSS) vulnerability in heading.php in Boesch ...)
	NOT-FOR-US: ProgSys
CVE-2006-5559 (The Execute method in the ADODB.Connection 2.7 and 2.8 ActiveX control ...)
	NOT-FOR-US: ADODB.Connection 2.7 ActiveX control
CVE-2006-5558 (Format string vulnerability in the swask command in HP-UX B.11.11 and ...)
	NOT-FOR-US: HP-UX
CVE-2006-5557 (Stack-based buffer overflow in the (1) swpackage and (2) swmodify ...)
	NOT-FOR-US: HP-UX
CVE-2006-5556 (Buffer overflow in the localtime_r function, and certain other ...)
	NOT-FOR-US: swask
CVE-2006-5555 (PHP remote file inclusion vulnerability in constantes.inc.php in ...)
	NOT-FOR-US: EPNadmin
CVE-2006-5554 (Directory traversal vulnerability in index.php in Imageview 5 allows ...)
	NOT-FOR-US: Imageview
CVE-2006-5553 (Cisco Security Agent (CSA) for Linux 4.5 before 4.5.1.657 and 5.0 ...)
	NOT-FOR-US: Cisco
CVE-2006-5552 (Multiple heap-based buffer overflows in RevilloC MailServer 1.21 and ...)
	NOT-FOR-US: RevilloC MailServer
CVE-2006-5551 (Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow ...)
	NOT-FOR-US: QK SMTP
CVE-2006-5550 (The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5549 (** DISPUTED ** ...)
	NOT-FOR-US: Adobe PHP SDK
CVE-2006-5548 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5547 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5546 (PHP remote file inclusion vulnerability in OTSCMS/OTSCMS.php in Open ...)
	NOT-FOR-US: Open Tibia Server Content Management System
CVE-2006-5545 (Premium Antispam in Symantec Mail Security for Domino Server 5.1.x ...)
	NOT-FOR-US: Symantec
CVE-2006-5544 (Visual truncation vulnerability in Microsoft Internet Explorer 7 ...)
	NOT-FOR-US: Microsoft
CVE-2006-5543 (PHP remote file inclusion vulnerability in misc/function.php3 in PHP ...)
	NOT-FOR-US: PHP Generator of Object SQL Database
CVE-2006-5542 (backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5541 (backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, ...)
	- postgresql-7.4 1:7.4.14-1 (unimportant)
	- postgresql-8.1 8.1.5-1 (unimportant)
	[sarge] - postgresql <unfixed> (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5540 (backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows ...)
	- postgresql-8.1 8.1.5-1 (unimportant)
	NOTE: All crashes can only be triggered by authenticated users, these are not
	NOTE: treated as vulnerabilities.
CVE-2006-5539 (PHP remote file inclusion vulnerability in login/secure.php in ...)
	NOT-FOR-US: UeberProject Management System
CVE-2006-5538 (D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote ...)
	NOT-FOR-US: D-Link
CVE-2006-5537 (Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm ...)
	NOT-FOR-US: D-Link
CVE-2006-5536 (Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T ...)
	NOT-FOR-US: D-Link
CVE-2006-5535 (Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager ...)
	NOT-FOR-US: WebHostManager cPanel
CVE-2006-5534 (Multiple cross-site scripting (XSS) vulnerabilities in index.htm in ...)
	NOT-FOR-US: Zwahlen Online Shop Freeware
CVE-2006-5533 (Multiple PHP remote file inclusion vulnerabilities in AROUNDMe 0.6.9, ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5532 (Cross-site scripting (XSS) vulnerability in rmgs/images.php in RMSOFT ...)
	NOT-FOR-US: RMSOFT Gallery System
CVE-2006-5531 (PHP remote file inclusion vulnerability in embedded.php in Ascended ...)
	NOT-FOR-US: Ascended Guestbook
CVE-2006-5530 (Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews ...)
	NOT-FOR-US: SimpNews
CVE-2006-5529 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5528 (Directory traversal vulnerability in mod.php in SchoolAlumni Portal ...)
	NOT-FOR-US: SchoolAlumni Portal
CVE-2006-5527 (PHP remote file inclusion vulnerability in lib.editor.inc.php in ...)
	NOT-FOR-US: InteliEditor
CVE-2006-5526 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
	NOT-FOR-US: Fully Modded phpBB (phpbbfm) / Teake Nutma Foing
CVE-2006-5525 (Incomplete blacklist vulnerability in mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-5524 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2006-5523 (PHP remote file inclusion vulnerability in common.php in EZ-Ticket ...)
	NOT-FOR-US: EZ-Ticket
CVE-2006-5522 (Multiple PHP remote file inclusion vulnerabilities in Johannes Erdfelt ...)
	NOT-FOR-US: Kawf
CVE-2006-5521 (PHP remote file inclusion vulnerability in DNS/RR.php in Net_DNS 0.03 ...)
	NOT-FOR-US: Net_DNS
CVE-2006-5520 (PHP remote file inclusion vulnerability in functions.php in ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5519 (PHP remote file inclusion vulnerability in ...)
	- egroupware <not-affected> (there is no path variable used to include plugin.php)
CVE-2006-5518 (Multiple PHP remote file inclusion vulnerabilities in Christopher ...)
	NOT-FOR-US: RSSonate
CVE-2006-5517 (Multiple PHP remote file inclusion vulnerabilities in Rhode Island ...)
	NOT-FOR-US: Open Meetings Filing Application
CVE-2006-5516 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: WikiNi
CVE-2006-5515 (Cross-site scripting (XSS) vulnerability in lib-history.inc.php in ...)
	NOT-FOR-US: phpPgAds / phpAdsNew
CVE-2006-5514 (SQL injection vulnerability in quiz.php in Web Group Communication ...)
	NOT-FOR-US: Web Group Communication
CVE-2006-5513 (SQL injection vulnerability in GeoNetwork opensource before 2.0.3 ...)
	NOT-FOR-US: GeoNetwork opensource
CVE-2005-4814 (Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5740 (Unspecified vulnerability in the LDAP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5602 (Multiple memory leaks in xsupplicant before 1.2.6, and possibly other ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-5601 (Stack-based buffer overflow in the eap_do_notify function in eap.c in ...)
	- xsupplicant 1.2.4.dfsg.1-3 (bug #396204; medium)
CVE-2006-XXXX [several possible mysql 5.0 local DoS vulnerabilities]
	- mysql-dfsg-5.0 5.0.26-1 (low)
CVE-2006-5512 (Cross-site scripting (XSS) vulnerability in article.htm in Zwahlen ...)
	NOT-FOR-US: Zwahlen Online Shop
CVE-2006-5511 (Direct static code injection vulnerability in delete.php in JaxUltraBB ...)
	NOT-FOR-US: JaxUltraBB
CVE-2006-5510 (Directory traversal vulnerability in explorer_load_lang.php in PH ...)
	NOT-FOR-US: Pexplorer
CVE-2006-5509 (Eval injection vulnerability in addentry.php in WoltLab Burning Book ...)
	NOT-FOR-US: Burning Book
CVE-2006-5508 (Multiple SQL injection vulnerabilities in addentry.php in WoltLab ...)
	NOT-FOR-US: Burning Book
CVE-2006-5507 (Multiple PHP remote file inclusion vulnerabilities in Der Dirigent ...)
	NOT-FOR-US: Der Dirigent
CVE-2006-5506 (Multiple PHP remote file inclusion vulnerabilities in WiClear 0.10 ...)
	NOT-FOR-US: WiClear
CVE-2006-5505 (Multiple PHP file inclusion vulnerabilities in 2BGal 3.0 allow remote ...)
	NOT-FOR-US: 2BGal
CVE-2006-5504 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5503 (Cross-site scripting (XSS) vulnerability in index.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-5502 (Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5501 (Buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control ...)
	NOT-FOR-US: AOL Security Edition
CVE-2006-5500 (Multiple SQL injection vulnerabilities in the checkUser function in ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5499 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity ...)
	- serendipity 1.0.2-1
CVE-2006-5498 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5497 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5496 (Multiple cross-site scripting (XSS) vulnerabilities in Timothy Claason ...)
	NOT-FOR-US: Timothy Claason KnowledgeBank
CVE-2006-5495 (Multiple PHP remote file inclusion vulnerabilities in Trawler Web CMS ...)
	NOT-FOR-US: Trawler Web CMS
CVE-2006-5494 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: pandaBB for PHP-Nuke
CVE-2006-5493 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DigitalHive
CVE-2006-5492 (Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 ...)
	NOT-FOR-US: Maarch
CVE-2006-5491 (Multiple SQL injection vulnerabilities in include/index.php in ...)
	NOT-FOR-US: UltraCMS
CVE-2006-5490 (Multiple SQL injection vulnerabilities in Segue Content Management ...)
	NOT-FOR-US: Segue CMS
CVE-2006-5489 (Research in Motion (RIM) BlackBerry Enterprise Server 4.1 SP2 before ...)
	NOT-FOR-US: RIM BlackBerry Enterprise Server
CVE-2006-5488 (SQL injection vulnerability in XchangeBoard 1.70, and possibly ...)
	NOT-FOR-US: XchangeBoard
CVE-2006-5487 (Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, ...)
	NOT-FOR-US: Marshal MailMarshal SMTP
CVE-2006-5486 (Cross-site scripting (XSS) vulnerability in Webmail in Sun Java System ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2006-5485 (Multiple PHP remote file inclusion vulnerabilities in SpeedBerg ...)
	NOT-FOR-US: SpeedBerg
CVE-2006-5484 (SSH Tectia Client/Server/Connector 5.1.0 and earlier, Manager 2.2.0 ...)
	NOT-FOR-US: SSH Tectia
CVE-2006-5483 (p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5482 (ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-5481 (Multiple PHP remote file inclusion vulnerabilities in 2le.net Castor ...)
	NOT-FOR-US: Castor
CVE-2006-5480 (PHP remote file inclusion vulnerability in lib/rs.php in 2le.net ...)
	NOT-FOR-US: Castor
CVE-2006-5479 (The NCP Engine in Novell eDirectory before 8.7.3.8 FTF1 allows remote ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5478 (Multiple stack-based buffer overflows in Novell eDirectory 8.8.x ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-5477 (Drupal 4.6.x before 4.6.10 and 4.7.x before 4.7.4 allows form ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5476 (Cross-site request forgery (CSRF) vulnerability in Drupal 4.6.x before ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5475 (Multiple cross-site scripting (XSS) vulnerabilities in the XML parser ...)
	- drupal <not-affected> (Our version of drupal is too old)
CVE-2006-5474 (The &quot;forgot password&quot; function in OneOrZero Helpdesk before 1.6.5.4 ...)
	NOT-FOR-US: OneOrZero Helpdesk
CVE-2006-5473 (** DISPUTED ** ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5472 (PHP remote file inclusion vulnerability in Softerra PHP Developer ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5471 (PHP remote file inclusion vulnerability in example/lib/grid3.lib.php ...)
	NOT-FOR-US: Softerra PHP Developer Library
CVE-2006-5470
	REJECTED
CVE-2006-5469 (Unspecified vulnerability in the WBXML dissector in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5468 (Unspecified vulnerability in the HTTP dissector in Wireshark (formerly ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-5467 (The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a ...)
	{DSA-1235-1 DSA-1234-1}
	- ruby1.8 1.8.5-3 (low; bug #398457)
	- ruby1.9 1.9.0+20070606-1 (low)
	[etch] - ruby1.9 <no-dsa> (Minor issue)
CVE-2006-5466 (Heap-based buffer overflow in the showQueryPackage function in librpm ...)
	- rpm 4.4.1-11 (low; bug #397076)
	[sarge] - rpm <no-dsa> (You need to trust the RPMs you're installing)
	NOTE: Only hypothetical, far-fetched attacks feasible
CVE-2006-5465 (Buffer overflow in PHP before 5.2.0 allows remote attackers to execute ...)
	{DSA-1206-1}
	- php4 4:4.4.4-4 (high; bug #396764)
	- php5 5.1.6-6 (high; bug #396766)
CVE-2006-5464 (Multiple unspecified vulnerabilities in the layout engine in Mozilla ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-65
	- firefox 45.0-1 (low)
	- firefox-esr 45.0esr-1 (low)
	- iceweasel 2.0+dfsg-1 (low)
	- icedove 1.5.0.8-1 (low)
	- mozilla <removed> (low)
	- xulrunner 1.8.0.8-1 (low)
CVE-2006-5463 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-67
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5462 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	NOTE: MFSA-2006-66
	NOTE: this is the similar to CVE-2006-4339, see also CVE-2006-4340
	NOTE: the fixes for CVE-2006-4340 were incomplete
	- firefox 45.0-1 (high)
	- firefox-esr 45.0esr-1 (high)
	- iceweasel 2.0+dfsg-1 (high)
	- icedove 1.5.0.8-1 (medium)
	- mozilla <removed> (high)
	- xulrunner 1.8.0.8-1 (high)
CVE-2006-5461 (Avahi before 0.6.15 does not verify the sender identity of netlink ...)
	- avahi 0.6.15-1 (low)
CVE-2006-XXXX [diffmon information leakage]
	- diffmon 20020222-2.2 (bug #382132)
CVE-2006-5460 (** DISPUTED ** ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5459 (Multiple PHP remote file inclusion vulnerabilities in Download-Engine ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5458 (PHP remote file inclusion vulnerability in common.php in Hinton Design ...)
	NOT-FOR-US: phpht Topsites
CVE-2006-5457 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Casino Script (Masvet)
CVE-2006-5456 (Multiple buffer overflows in GraphicsMagick before 1.1.7 and ...)
	{DSA-1213}
	- graphicsmagick 1.1.7-9 (medium)
	- imagemagick 7:6.2.4.5.dfsg1-0.11 (bug #393025)
CVE-2006-5455 (Cross-site request forgery (CSRF) vulnerability in editversions.cgi in ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <no-dsa> (CSRF infrastructure not present, too intrusive to backport)
CVE-2006-5454 (Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before ...)
	- bugzilla 2.22.1-1 (bug #395094; low)
	[sarge] - bugzilla <not-affected> (Vulnerable code not present)
CVE-2006-5453 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x ...)
	{DSA-1208-1}
	- bugzilla 2.22.1-1 (bug #395094; low)
CVE-2006-5452 (Buffer overflow in dtmail on HP Tru64 UNIX 4.0F through 5.1B and HP-UX ...)
	NOT-FOR-US: HP Tru64
CVE-2006-5451 (Multiple cross-site scripting (XSS) vulnerabilities in TorrentFlux 2.1 ...)
	- torrentflux 2.1-5 (bug #395099; low)
CVE-2006-5450 (SQL injection vulnerability in index.asp in Kinesis Interactive Cinema ...)
	NOT-FOR-US: Kinesis Interactive Cinema System (KICS) CMS
CVE-2006-5449 (procmail in Ingo H3 before 1.1.2 Horde module allows remote ...)
	{DSA-1204-1}
	- ingo1 1.1.2-1 (bug #396099)
CVE-2006-5448 (The drmstor.dll ActiveX object in Microsoft Windows Digital Rights ...)
	NOT-FOR-US: Microsoft
CVE-2006-5447 (Cross-site scripting (XSS) vulnerability in index.php in DEV Web ...)
	NOT-FOR-US: DEV Web Management System (WMS)
CVE-2006-5446 (SQL injection vulnerability in lobby/config.php in Casinosoft Casino ...)
	NOT-FOR-US: Casinosoft Casino Script (aka Masvet)
CVE-2006-5445 (Unspecified vulnerability in the SIP channel driver ...)
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080)
CVE-2006-5444 (Integer overflow in the get_input function in the Skinny channel ...)
	{DSA-1229-1}
	- asterisk 1:1.2.13~dfsg-1 (medium; bug #395080; bug #394025)
CVE-2006-5443 (Unspecified vulnerability in XIAO Gang WWW Interactive Mathematics ...)
	- wims 3.60-1 (bug #395102)
CVE-2006-5442 (ViewVC 1.0.2 and earlier does not specify a charset in its HTTP ...)
	- viewvc 1.0.3-1 (medium; bug #397669)
CVE-2006-5441 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev Web ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5440 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5439 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5438 (PHP remote file inclusion vulnerability in adminfoot.php in Comdev ...)
	NOT-FOR-US: Comdev Web Blogger
CVE-2006-5437 (** DISPUTED ** ...)
	NOT-FOR-US: phpAdsNew
CVE-2006-5436 (PHP remote file inclusion vulnerability in index.php in FreeFAQ 1.0.e ...)
	NOT-FOR-US: FreeFAQ
CVE-2006-5435 (** DISPUTED ** ...)
	- phpbb2 <not-affected> (not vulnerable)
CVE-2006-5434 (PHP remote file inclusion vulnerability in p-news.php in P-News 1.16 ...)
	NOT-FOR-US: P-News
CVE-2006-5433 (PHP remote file inclusion vulnerability in modules/guestbook/index.php ...)
	NOT-FOR-US: ALiCE-CMS
CVE-2006-5432 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: phpPowerCards
CVE-2006-5431 (PHP remote file inclusion vulnerability in gorum/dbproperty.php in ...)
	NOT-FOR-US: PHPOutsourcing Zorum
CVE-2006-5430 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: db-central (dbc) Enterprise CMS
CVE-2006-5429 (Multiple PHP remote file inclusion vulnerabilities in Barry Nauta BRIM ...)
	NOT-FOR-US: BRIM
CVE-2006-5428 (rpc.php in Cerberus Helpdesk 3.2.1 does not verify a client's ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-5427 (PHP remote file inclusion vulnerability in plugins/main.php in Php AMX ...)
	NOT-FOR-US: Php AMX
CVE-2006-5426 (PHP remote file inclusion vulnerability in lib/lcUser.php in LoCal ...)
	NOT-FOR-US: LoCal Calendar System
CVE-2006-5425 (XORP (eXtensible Open Router Platform) 1.2 and 1.3 allows remote ...)
	NOT-FOR-US: XORP (eXtensible Open Router Platform)
CVE-2006-5424 (Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial ...)
	NOT-FOR-US: Justsystem Ichitaro
CVE-2006-5423 (PHP remote file inclusion vulnerability in admin/admin_module.php in ...)
	NOT-FOR-US: Lou Portail
CVE-2006-5422 (PHP remote file inclusion vulnerability in calcul-page.php in Lodel ...)
	NOT-FOR-US: Lodel
CVE-2006-5421 (WSN Forum 1.3.4 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: WSN Forum
CVE-2006-5420 (Kerio WinRoute Firewall 6.2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-5419 (PHP remote file inclusion vulnerability in client.php in University of ...)
	NOT-FOR-US: Specimen Image Database (SID)
CVE-2006-5418 (PHP remote file inclusion vulnerability in archive/archive_topic.php ...)
	NOT-FOR-US: pbpbb archive for search engines (SearchIndexer) (aka phpBBSEI) for phpBB
CVE-2006-5417 (McAfee Network Agent (mcnasvc.exe) 1.0.178.0, as used by multiple ...)
	NOT-FOR-US: McAfee
CVE-2006-5416 (Cross-site scripting (XSS) vulnerability in my.acctab.php3 in F5 ...)
	NOT-FOR-US: F5
CVE-2006-5415 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: News Defilante Horizontale
CVE-2006-5414 (Barry Nauta BRIM before 1.2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Barry Nauta BRIM
CVE-2006-5413 (Multiple PHP remote file inclusion vulnerabilities in SuperMod 3.0.0 ...)
	NOT-FOR-US: SuperMod for YABB (YaBBSM)
CVE-2006-5412 (admin.php in PHP Outburst Easynews 4.4.1 and earlier, when ...)
	NOT-FOR-US: PHP Outburst Easynews
CVE-2006-5411 (Unrestricted file upload vulnerability in upload.php for Free Web ...)
	NOT-FOR-US: Free Web Publishing System (FreeWPS)
CVE-2006-5410 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BoonEx Dolphin
CVE-2006-5409 (Multiple SQL injection vulnerabilities in the wireless IDS management ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5408 (Multiple cross-site scripting (XSS) vulnerabilities in the wireless ...)
	NOT-FOR-US: Highwall Enterprise and Highwall Endpoint
CVE-2006-5407 (PHP remote file inclusion vulnerability in open_form.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2006-5406 (Passgo Defender 5.2 creates the application directory with insecure ...)
	NOT-FOR-US: Passgo Defender
CVE-2006-5405 (Unspecified vulnerability in Toshiba Bluetooth wireless device driver ...)
	NOT-FOR-US: Toshiba Bluetooth wireless device driver
CVE-2006-5404 (Unspecified vulnerability in an ActiveX control used in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2006-5403 (Stack-based buffer overflow in an ActiveX control used in Symantec ...)
	NOT-FOR-US: Symantec
CVE-2006-5402 (Multiple PHP remote file inclusion vulnerabilities in PHPmybibli 3.0.1 ...)
	NOT-FOR-US: PHPMyBibli
CVE-2006-5401 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AROUNDMe
CVE-2006-5400 (PHP remote file inclusion vulnerability in forum/track.php in ...)
	NOT-FOR-US: CyberBrau
CVE-2006-5399 (PHP remote file inclusion vulnerability in classes/Import_MM.class.php ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2006-5398 (SQL injection vulnerability in comments.php in Simplog 0.9.3.1 allows ...)
	NOT-FOR-US: Simplog
CVE-2006-5397 (The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 ...)
	- libx11 2:1.0.3-3 (low; bug #398460)
CVE-2006-5396 (The tcp_fuse_rcv_drain function in the Sun Solaris 10 kernel before ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-5395 (Buffer overflow in Microsoft Class Package Export Tool (aka ...)
	NOT-FOR-US: Microsoft
CVE-2006-5394 (The default configuration of Cisco Secure Desktop (CSD) has an ...)
	NOT-FOR-US: Cisco
CVE-2006-5393 (Cisco Secure Desktop (CSD) does not require that the ...)
	NOT-FOR-US: Cisco
CVE-2006-5392 (Multiple PHP remote file inclusion vulnerabilities in OpenDock ...)
	NOT-FOR-US: OpenDock FullCore
CVE-2006-5391 (Xfire 1.64 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Xfire
CVE-2006-5390 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ACP User Registration (MMW) module for phpBB
CVE-2006-5389 (tools/tellhim.php in PHP-Wyana allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Wyana
CVE-2006-5388 (SQL injection vulnerability in index.php in WebSPELL 4.01.01 and ...)
	NOT-FOR-US: WebSPELL
CVE-2006-5387 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PlusXL phpBB module
CVE-2006-5386 (PHP remote file inclusion vulnerability in process.php in NuralStorm ...)
	NOT-FOR-US: NuralStorm Webmail
CVE-2006-5385 (PHP remote file inclusion vulnerability in admin/admin_spam.php in the ...)
	NOT-FOR-US: SpamOborona phpBB module
CVE-2006-5384 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: CDS Agenda
CVE-2006-5383 (SQL injection vulnerability in comadd.php in Def-Blog 1.0.1 and ...)
	NOT-FOR-US: Def-Blog
CVE-2006-5382 (3Com Switch SS3 4400 switches, firmware 5.11, 6.00 and 6.10 and ...)
	NOT-FOR-US: 3Com
CVE-2003-1307 (** DISPUTED ** ...)
	NOTE: More of an apache flaw than a php flaw. And just one more reason
	NOTE: why you have lost as soon as an attacker can execute arbitrary
	NOTE: php scripts.
	NOTE: http://www.securityfocus.com/bid/9302
	NOTE: Probably an unfixable design flaw. But if you can execute a malicious
	NOTE: program, you can do $BADSTUFF anyway.
	- apache <unfixed> (unimportant)
	- apache2 <unfixed> (unimportant)
CVE-2006-XXXX [unspecified steam cache vulnerability]
	- steam <not-affected> (affects the old steam environment for corporate knowledge management package shipped in lenny and before, not the new Valve steam package)
CVE-2006-5381 (Contenido CMS stores sensitive data under the web root with ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5380 (** DISPUTED ** ...)
	NOT-FOR-US: Contenido CMS
CVE-2006-5379 (The accelerated rendering functionality of NVIDIA Binary Graphics ...)
	- nvidia-graphics-drivers 1.0.8776-1 (bug #393573)
	[sarge] - nvidia-graphics-drivers <not-affected> (1.0.7174 not affected)
	NOTE: see http://nvidia.custhelp.com/cgi-bin/nvidia.cfg/php/enduser/std_adp.php?p_faqid=1971
CVE-2006-5378 (Unspecified vulnerability in JD Edwards HTML Server in JD Edwards ...)
	NOT-FOR-US: EnterpriseOne
CVE-2006-5377 (Unspecified vulnerability in PeopleSoft component in Oracle PeopleSoft ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5376 (Multiple unspecified vulnerabilities in PeopleTools component in ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5375 (Multiple unspecified vulnerabilities in PeopleTools component in ...)
	NOT-FOR-US: PeopleSoft
CVE-2006-5374 (Unspecified vulnerability in Oracle Pharmaceutical Applications 4.5.1 ...)
	NOT-FOR-US: Oracle
CVE-2006-5373 (Unspecified vulnerability in Oracle Install Base component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5372 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5371 (Unspecified vulnerability in Oracle Email Center component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5370 (Multiple unspecified vulnerabilities in Oracle E-Business Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5369 (Unspecified vulnerability in Oracle Application Object Library in ...)
	NOT-FOR-US: Oracle
CVE-2006-5368 (Unspecified vulnerability in Oracle Exchange component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5367 (Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-5366 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-5365 (Unspecified vulnerability in Oracle Forms in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-5364 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5363 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5362 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5361 (Unspecified vulnerability in Oracle Containers for J2EE in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5360 (Unspecified vulnerability in Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5359 (Multiple unspecified vulnerabilities in Oracle Reports Developer ...)
	NOT-FOR-US: Oracle
CVE-2006-5358 (Unspecified vulnerability in Oracle Forms component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5357 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5356 (Unspecified vulnerability in Oracle Containers for J2EE component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5355 (Unspecified vulnerability in Oracle Single Sign-On component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5354 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and 10.1.0.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-5353 (Unspecified vulnerability in Oracle HTTP Server component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5352 (Multiple unspecified vulnerabilities in Oracle Application Express 1.5 ...)
	NOT-FOR-US: Oracle
CVE-2006-5351 (Multiple unspecified vulnerabilities in Oracle Application Express ...)
	NOT-FOR-US: Oracle
CVE-2006-5350 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5349 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, when running ...)
	NOT-FOR-US: Oracle
CVE-2006-5348 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5347 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7 and Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5346 (Unspecified vulnerability in Oracle HTTP Server 9.2.0.7, as used in ...)
	NOT-FOR-US: Oracle
CVE-2006-5345 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5344 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5343 (Unspecified vulnerability in Database Scheduler component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5342 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5341 (Multiple unspecified vulnerabilities in XMLDB component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5340 (Multiple unspecified vulnerabilities in Oracle Spatial component in ...)
	NOT-FOR-US: Oracle
CVE-2006-5339 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5338 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5337 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5336 (Multiple unspecified vulnerabilities in the Change Data Capture (CDC) ...)
	NOT-FOR-US: Oracle
CVE-2006-5335 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and ...)
	NOT-FOR-US: Oracle
CVE-2006-5334 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5333 (Unspecified vulnerability in Oracle Spatial component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-5332 (Unspecified vulnerability in xdb.dbms_xdbz in the XMLDB component for ...)
	NOT-FOR-US: Oracle
CVE-2006-5331 (The altivec_unavailable_exception function in ...)
	- linux <not-affected> (Fixed before src:linux-2.6 -> src:linux rename)
	NOTE: Fixed by: https://git.kernel.org/linus/6c4841c2b6c32a134f9f36e5e08857138cc12b10 (2.6.19-rc3)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=213229
CVE-2006-5330 (CRLF injection vulnerability in Adobe Flash Player plugin 9.0.16 and ...)
	- flashplugin-nonfree 9.0.31.0.1 (bug #402822; medium)
	NOTE: It is not clear if this is already fix in 9.0.21.78.X (previous version)
	NOTE: or not but it's fix in 9.0.31.0.1 for sure.
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
	[etch] - flashplugin-nonfree <no-dsa> (Contrib not supported, only installer package)
CVE-2006-5329
	REJECTED
CVE-2006-5328 (OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5327 (Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, ...)
	NOT-FOR-US: OpenBase SQL
CVE-2006-5326 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5325 (Multiple PHP remote file inclusion vulnerabilities in Dimitri Seitz ...)
	NOT-FOR-US: dwingmods for phpBB
CVE-2006-5324 (The Web Services Notification (WSN) security component of IBM ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5323 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-5322 (Multiple SQL injection vulnerabilities in phplist before 2.10.3 allow ...)
	NOT-FOR-US: phplist
CVE-2006-5321 (Multiple cross-site scripting (XSS) vulnerabilities in phplist before ...)
	NOT-FOR-US: phplist
CVE-2006-5320 (Directory traversal vulnerability in getimg.php in Album Photo Sans ...)
	NOT-FOR-US: Album Photo Sans Nom
CVE-2006-5319 (Directory traversal vulnerability in redir.php in Foafgen 0.3 allows ...)
	NOT-FOR-US: Foafgen
CVE-2006-5318 (PHP remote file inclusion vulnerability in index.php in Nayco JASmine ...)
	NOT-FOR-US: Nayco JASmine
CVE-2006-5317 (PHP remote file inclusion vulnerability in index.php in eboli allows ...)
	NOT-FOR-US: eboli
CVE-2006-5316 (registroTL stores sensitive information under the web root with ...)
	NOT-FOR-US: registroTL
CVE-2006-5315 (PHP remote file inclusion vulnerability in main.php in registroTL ...)
	NOT-FOR-US: registroTL
CVE-2006-5314 (PHP remote file inclusion vulnerability in ftag.php in TribunaLibre ...)
	NOT-FOR-US: TribunaLibre
CVE-2006-5313 (Hastymail 1.5 and earlier before 20061008 allows remote authenticated ...)
	- hastymail <removed>
CVE-2006-5312 (PHP remote file inclusion vulnerability in shoutbox.php in the Ajax ...)
	NOT-FOR-US: Ajax Shoutbox
CVE-2006-5311 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Buzlas
CVE-2006-5310 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpMyConferences
CVE-2006-5309 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Prillian French module for phpBB
CVE-2006-5308 (Multiple PHP remote file inclusion vulnerabilities in Open Conference ...)
	NOT-FOR-US: Open Conference Systems
CVE-2006-5307 (Multiple PHP remote file inclusion vulnerabilities in AFGB GUESTBOOK ...)
	NOT-FOR-US: AFGB GUESTBOOK
CVE-2006-5306 (Multiple PHP remote file inclusion vulnerabilities in the Journals ...)
	NOT-FOR-US: Journals System module for phpBB
CVE-2006-5305 (PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr ...)
	NOT-FOR-US: lat2cyr
CVE-2006-5304 (PHP remote file inclusion vulnerability in inc/settings.php in IncCMS ...)
	NOT-FOR-US: IncCMS Core
CVE-2006-5303 (Secure Computing SafeWord RemoteAccess 2.1 allows local users to ...)
	NOT-FOR-US: Secure Computing SafeWord RemoteAccess
CVE-2006-5302 (Multiple PHP remote file inclusion vulnerabilities in Redaction System ...)
	NOT-FOR-US: Redaction System
CVE-2006-5301 (PHP remote file inclusion vulnerability in includes/antispam.php in ...)
	NOT-FOR-US: SpamBlockerMODv module for phpBB
CVE-2006-5300 (Unspecified vulnerability in HP Version Control Agent before 2.1.5 ...)
	NOT-FOR-US: HP
CVE-2006-5299 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Gcontact
CVE-2006-5298 (The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5297 (Race condition in the safe_open function in the Mutt mail client ...)
	- mutt 1.5.13-1.1 (bug #396104; low)
	[sarge] - mutt <no-dsa> (Minor issue, tmp dirs on NFS cause problems in many scenarios)
CVE-2006-5296 (PowerPoint in Microsoft Office 2003 does not properly handle a ...)
	NOT-FOR-US: Microsoft
CVE-2006-5294 (Cross-site scripting (XSS) vulnerability in index.php in phplist ...)
	NOT-FOR-US: phplist
CVE-2006-5293 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: PhpOutsourcing Noah's Classifieds
CVE-2006-5292 (PHP remote file inclusion vulnerability in photo_comment.php in ...)
	NOT-FOR-US: Exhibit Engine
CVE-2006-5291 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download-Engine
CVE-2006-5290 (The ESS/ Network Controller and MicroServer Web Server components of ...)
	NOT-FOR-US: Xerox WorkCentre
CVE-2006-5289 (Multiple PHP remote file inclusion vulnerabilities in Vtiger CRM 4.2 ...)
	NOT-FOR-US: Vtiger CRM
CVE-2006-5288 (Cisco 2700 Series Wireless Location Appliances before 2.1.34.0 have a ...)
	NOT-FOR-US: Cisco
CVE-2006-5287 (Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 ...)
	NOT-FOR-US: Xeobook
CVE-2006-5286 (Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-5285 (SQL injection vulnerability in index.php in XeoPort 0.81, and possibly ...)
	NOT-FOR-US: XeoPort
CVE-2006-5284 (PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen ...)
	NOT-FOR-US: PHP News Reader (aka pnews)
CVE-2006-5283 (PHP remote file inclusion vulnerability in ftag.php in Minichat 6.0 ...)
	NOT-FOR-US: Minichat
CVE-2006-5282 (Multiple PHP remote file inclusion vulnerabilities in SH-News 3.1 and ...)
	NOT-FOR-US: SH-News
CVE-2006-5281 (PHP remote file inclusion vulnerability in naboard_pnr.php in n@board ...)
	NOT-FOR-US: n@board
CVE-2006-5280 (PHP remote file inclusion vulnerability in includes/import-archive.php ...)
	NOT-FOR-US: communityPortals
CVE-2006-5279
	RESERVED
CVE-2006-5278 (Integer overflow in the Real-Time Information Server (RIS) Data ...)
	NOT-FOR-US: Cisco
CVE-2006-5277 (Off-by-one error in the Certificate Trust List (CTL) Provider service ...)
	NOT-FOR-US: Cisco
CVE-2006-5276 (Stack-based buffer overflow in the DCE/RPC preprocessor in Snort ...)
	- snort <not-affected> (snort versions 2.3.x do not contain the DCE RPC preprocessor)
CVE-2006-5275
	RESERVED
CVE-2006-5274 (Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...)
	NOT-FOR-US: McAfee
CVE-2006-5273 (Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
	NOT-FOR-US: McAfee
CVE-2006-5272 (Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through ...)
	NOT-FOR-US: McAfee
CVE-2006-5271 (Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ...)
	NOT-FOR-US: McAfee
CVE-2006-5270 (Integer overflow in the Microsoft Malware Protection Engine ...)
	NOT-FOR-US: Microsoft
CVE-2006-5269 (Heap-based buffer overflow in an unspecified procedure in Trend Micro ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5268 (Unspecified vulnerability in Trend Micro ServerProtect 5.7 and 5.58 ...)
	NOT-FOR-US: Trend Micro
CVE-2006-5267
	RESERVED
CVE-2006-5266 (Multiple buffer overflows in Microsoft Dynamics GP (formerly Great ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5265 (Unspecified vulnerability in Microsoft Dynamics GP (formerly Great ...)
	NOT-FOR-US: Microsoft issue
CVE-2006-5264 (Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper ...)
	NOT-FOR-US: MysqlDumper
CVE-2006-5263 (Directory traversal vulnerability in templates/header.php3 in ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5262 (CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and ...)
	- hastymail <removed>
CVE-2006-5261 (Multiple PHP remote file inclusion vulnerabilities in PHPMyNews 1.4 ...)
	NOT-FOR-US: PHPMyNews
CVE-2006-5260 (PHP remote file inclusion vulnerability in compteur.php in Compteur 2 ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5259 (PHP remote file inclusion vulnerability in param_editor.php in ...)
	NOT-FOR-US: Compteur 2
CVE-2006-5258 (The spell checking component of (1) Asbru Web Content Management ...)
	NOT-FOR-US: Asbru Web Content Management
CVE-2006-5257 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Ciamos Content Management System
CVE-2006-5256 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-5255 (** DISPUTED ** ...)
	NOT-FOR-US: gCards
CVE-2006-5254 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Detailed User Registration (com_registration_detailed), aka regdetailed
CVE-2006-5253 (PHP remote file inclusion vulnerability in strload.php in Dayana ...)
	NOT-FOR-US: phpOnline (aka PHP-Online)
CVE-2006-5252 (PHP remote file inclusion vulnerability in includes/core.lib.php in ...)
	NOT-FOR-US: Webmedia Explorer
CVE-2006-5251 (PHP remote file inclusion vulnerability in index.php in Deep CMS 2.0a ...)
	NOT-FOR-US: Deep CMS
CVE-2006-5250 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BlueShoes
CVE-2006-5249 (PHP remote file inclusion vulnerability in tagmin/delTagUser.php in ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5248 (Eazy Cart stores sensitive information under the web root with ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5247 (Multiple cross-site scripting (XSS) vulnerabilities in Eazy Cart allow ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5246 (Eazy Cart allows remote attackers to change prices and other critical ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5245 (Eazy Cart allows remote attackers to bypass authentication and gain ...)
	NOT-FOR-US: Eazy Cart
CVE-2006-5244 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5243 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Blog
CVE-2006-5242 (SQL injection vulnerability in Etomite Content Management System (CMS) ...)
	NOT-FOR-US: Etomite Content Management System
CVE-2006-5241 (Multiple PHP remote file inclusion vulnerabilities in OpenDock Easy ...)
	NOT-FOR-US: Easy Gallery
CVE-2006-5240 (PHP remote file inclusion vulnerability in engine/require.php in ...)
	NOT-FOR-US: Docmint
CVE-2006-5239 (Multiple cross-site scripting (XSS) vulnerabilities in eXpBlog 0.3.5 ...)
	NOT-FOR-US: eXpBlog
CVE-2006-5238 (Unspecified vulnerability in the file upload module in Blue Smiley ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5237 (SQL injection vulnerability in Blue Smiley Organizer before 4.46 ...)
	NOT-FOR-US: Blue Smiley Organizer
CVE-2006-5236 (SQL injection vulnerability in search.php in 4images 1.7.x allows ...)
	NOT-FOR-US: 4images
CVE-2006-5235 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5234 (** DISPUTED ** ...)
	NOT-FOR-US: phpWebSite
CVE-2006-5233 (Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version ...)
	NOT-FOR-US: Polycom SoundPoint IP 301 VoIP Desktop Phone
CVE-2006-5232 (** DISPUTED ** ...)
	NOT-FOR-US: iSearch
CVE-2006-5231 (Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, ...)
	NOT-FOR-US: Grandstream GXP-2000 VoIP Desktop Phone
CVE-2006-5230 (PHP remote file inclusion vulnerability in forum.php in FreeForum ...)
	NOT-FOR-US: FreeForum
CVE-2006-5295 (Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-5229 (OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and ...)
	NOTE: This issues depends on the stack of selected authentication modules, while
	NOTE: some are resilient against such timing attacks, some aren't
	NOTE: This is inside responsibility of an admin
CVE-2006-5228 (Multiple SQL injection vulnerabilities in the Google Gadget login.php ...)
	NOT-FOR-US: ackerTodo
CVE-2006-5227 (Cross-site scripting (XSS) vulnerability in admin.php in TorrentFlux ...)
	- torrentflux 2.1-4 (bug #392501; low)
CVE-2006-5226 (PHP remote file inclusion vulnerability in moteur/moteur.php in ...)
	NOT-FOR-US: Freenews
CVE-2006-5225 (Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow ...)
	NOT-FOR-US: AAIportal
CVE-2006-5224 (PHP remote file inclusion vulnerability in includes/logger_engine.php ...)
	NOT-FOR-US: Security Suite IP Logger in dwingmods for phpBB
CVE-2006-5223 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: User Viewed Posts Tracker module for phpBB
CVE-2006-5222 (Multiple PHP remote file inclusion vulnerabilities in Dimension of ...)
	NOT-FOR-US: Dimension of phpBB
CVE-2006-5221 (Multiple SQL injection vulnerabilities in Cahier de texte 2.0 allow ...)
	NOT-FOR-US: Cahier de textes
CVE-2006-5220 (Multiple PHP remote file inclusion vulnerabilities in WebYep 1.1.9, ...)
	NOT-FOR-US: WebYep
CVE-2006-5219 (SQL injection vulnerability in blog/index.php in the blog module in ...)
	- moodle 1.6.2+20060930-1 (medium; bug #390294)
	[sarge] - moodle <not-affected> (Vulnerable code not present)
CVE-2006-5218 (Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in ...)
	NOT-FOR-US: systrace in OpenBSD and NetBSD
CVE-2006-5217 (SQL injection vulnerability in giris_yap.asp in Emek Portal 2.1 allows ...)
	NOT-FOR-US: Emek Portal
CVE-2006-5216 (Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) ...)
	NOT-FOR-US: Simple HTTPD
CVE-2006-5215 (The Xsession script, as used by X Display Manager (xdm) in NetBSD ...)
	- xdm 1:1.0.5-1 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5214 (Race condition in the Xsession script, as used by X Display Manager ...)
	- xdm 1:1.0.5-1 (low)
	- xorg 1:7.1.0-13 (low)
	[sarge] - xfree86 <no-dsa> (Minor issue)
	NOTE: probably fixed earlier than 1:1.0.5
CVE-2006-5213 (Sun Solaris 10 before 20061006 uses &quot;incorrect and insufficient ...)
	NOT-FOR-US: Solaris
CVE-2006-5212 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5211 (Trend Micro OfficeScan 6.0 in Client/Server/Messaging (CSM) Suite for ...)
	NOT-FOR-US: Trend Micro OfficeScan
CVE-2006-5210 (Directory traversal vulnerability in IronWebMail before 6.1.1 ...)
	NOT-FOR-US: IronWebMail
CVE-2006-5209 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Admin Topic Action Logging Mod for phpBB
CVE-2006-5208 (Multiple SQL injection vulnerabilities in PHP Classifieds 7.1 allow ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-5207 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpMyTeam
CVE-2006-5206 (SQL injection vulnerability in Invision Gallery 2.0.7 allows remote ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5205 (Directory traversal vulnerability in Invision Gallery 2.0.7 allows ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-5204 (Cross-site scripting (XSS) vulnerability in action_admin/member.php in ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5203 (Invision Power Board (IPB) 2.1.7 and earlier allows remote restricted ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-5202 (Linksys WRT54g firmware 1.00.9 does not require credentials when ...)
	NOT-FOR-US: Linksys
CVE-2006-5201 (Multiple packages on Sun Solaris, including (1) NSS; (2) Java JDK and ...)
	- sun-java5 1.5.0-10-1 (bug #393042)
	NOTE: this is similar to CVE-2006-4339
CVE-2006-5200 (Unspecified vulnerability in Adobe Breeze 5 Licensed Server and Breeze ...)
	NOT-FOR-US: Adobe
CVE-2006-5199 (Adobe Contribute Publishing Server leaks the administrator password in ...)
	NOT-FOR-US: Adobe
CVE-2006-5198 (The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software ...)
	NOT-FOR-US: WinZip
CVE-2006-5197 (PDshopPro stores sensitive information under the web root with ...)
	NOT-FOR-US: PDshopPro
CVE-2006-5196 (The HTTP interface in the Motorola SURFboard SB4200 Cable Modem allows ...)
	NOT-FOR-US: Motorola SURFboard
CVE-2006-5195 (Multiple cross-site scripting (XSS) vulnerabilities in Wheatblog 1.0 ...)
	NOT-FOR-US: Wheatblog
CVE-2006-5194 (Cross-site scripting (XSS) vulnerability in index.php in net2ftp 0.93 ...)
	NOT-FOR-US: net2ftp
CVE-2006-5193 (PHP remote file inclusion vulnerability in index.php in Josh Schmidt ...)
	NOT-FOR-US: WikyBlog
CVE-2006-5192 (PHP remote file inclusion vulnerability in includes/footer.php in ...)
	NOT-FOR-US: phpGreetz
CVE-2006-5191 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nivisec Static Topics module for phpBB
CVE-2006-5190 (Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2006-5189 (PHP remote file inclusion vulnerability in funzioni/lib/show_hlp.php ...)
	NOT-FOR-US: klinza professional cms
CVE-2006-5188 (Directory traversal vulnerability in download.php in webGENEius GOOP ...)
	NOT-FOR-US: webGENEius GOOP Gallery
CVE-2006-5187 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: Bulletin Board Ace (BBaCE)
CVE-2006-5186 (PHP remote file inclusion vulnerability in functions.php in ...)
	NOT-FOR-US: phpMyProfiler
CVE-2006-5185 (Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and ...)
	NOT-FOR-US: HAMweather
CVE-2006-5184 (SQL injection vulnerability in PKR Internet Taskjitsu before 2.0.6 ...)
	NOT-FOR-US: PKR Internet Taskjitsu
CVE-2006-5183 (Multiple PHP remote file inclusion vulnerabilities in Dayfox Designs ...)
	NOT-FOR-US: Dayfox Blog
CVE-2006-5182 (PHP remote file inclusion vulnerability in frontpage.php in Dan Jensen ...)
	NOT-FOR-US: Travelsized CMS
CVE-2006-5181 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5180 (PHP remote file inclusion vulnerability in include/main.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5179 (Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent ...)
	NOT-FOR-US: Intoto iGateway
CVE-2006-5178 (Race condition in the symlink function in PHP 5.1.6 and earlier allows ...)
	- php5 5.2.0-1 (bug #391281; unimportant)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	NOTE: open_basedir is not supported
CVE-2006-5177 (The NTLM authentication in MailEnable Professional 2.0 and Enterprise ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5176 (Buffer overflow in NTLM authentication in MailEnable Professional 2.0 ...)
	NOT-FOR-US: MailEnable Professional
CVE-2006-5175 (Cross-site request forgery (CSRF) vulnerability in the administrative ...)
	NOT-FOR-US: TeraStation HD-HTGL
CVE-2006-5174 (The copy_from_user function in the uaccess code in Linux kernel 2.6 ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-5
	NOTE: s390 only, fix in 2.6.18-3 was reverted in 2.6.18-4
CVE-2006-5173 (Linux kernel does not properly save or restore EFLAGS during a context ...)
	- linux-2.6 2.6.18-1
CVE-2006-5172 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5171 (Stack-based buffer overflow in the RPC interface in Mediasvr.exe in ...)
	NOT-FOR-US: Computer Associates (CA) Brightstor
CVE-2006-5170 (pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and ...)
	{DSA-1203-1}
	- libpam-ldap 180-1.2 (bug #392984; medium)
CVE-2006-5169 (Cross-site scripting (XSS) vulnerability in John Himmelman (aka ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5168 (Cross-site scripting (XSS) vulnerability in the search functionality ...)
	NOT-FOR-US: Pebble
CVE-2005-4813 (Unspecified vulnerability in Report Application Server ...)
	NOT-FOR-US: Business Objects Crystal Reports
CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...)
	NOT-FOR-US: Microsoft
CVE-2006-XXXX [zabbix format string vulnerabilities]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-XXXX [zabbix buffer overflows]
	- zabbix 1:1.1.2-4 (bug #391388)
CVE-2006-5167 (Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 ...)
	NOT-FOR-US: BasiliX
CVE-2006-5166 (PHP remote file inclusion vulnerability in functions.php in PHP Web ...)
	NOT-FOR-US: PHP Web Scripts Easy Banner Free
CVE-2006-5165 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
	NOT-FOR-US: Skrypty PPA Gallery
CVE-2006-5164 (Multiple cross-site scripting (XSS) vulnerabilities in cart.php in Sum ...)
	NOT-FOR-US: digiSHOP
CVE-2006-5163 (IBM Informix Dynamic Server 10.UC3RC1 Trial for Linux and possibly ...)
	NOT-FOR-US: IBM
CVE-2006-5162 (wininet.dll in Microsoft Internet Explorer 6.0 SP2 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-5161 (IBM Client Security Password Manager stores and distributes saved ...)
	NOT-FOR-US: IBM
CVE-2006-5160 (** DISPUTED ** ...)
	- firefox <not-affected> (no real issues)
CVE-2006-5159 (** DISPUTED ** ...)
	NOT-FOR-US: Bogus Firefox issue
CVE-2006-5158 (The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel ...)
	- linux-2.6 2.6.15
CVE-2006-5157 (Format string vulnerability in the ActiveX control (ATXCONSOLE.OCX) in ...)
	NOT-FOR-US: TrendMicro OfficeScan
CVE-2006-5156 (Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ...)
	NOT-FOR-US: McAfee
CVE-2006-5155 (PHP remote file inclusion vulnerability in core/pdf.php in VideoDB ...)
	NOT-FOR-US: VideoDB
CVE-2006-5154 (PHP remote file inclusion vulnerability in cp/sig.php in DeluxeBB 1.09 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-5153 (The (1) fwdrv.sys and (2) khips.sys drivers in Sunbelt Kerio Personal ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2006-5152 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-5151 (Unspecified vulnerability in HP Ignite-UX server before C.6.9.150 for ...)
	NOT-FOR-US: HP
CVE-2006-5150 (SQL injection vulnerability in the reports system in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5149 (Multiple directory traversal vulnerabilities in OpenBiblio before ...)
	NOT-FOR-US: OpenBiblio
CVE-2006-5148 (Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b ...)
	NOT-FOR-US: Forum82
CVE-2006-5147 (PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml ...)
	NOT-FOR-US: VAMP Webmail
CVE-2006-5146 (Multiple cross-site scripting (XSS) vulnerabilities in Yblog allow ...)
	NOT-FOR-US: Yblog
CVE-2006-5145 (Multiple SQL injection vulnerabilities in OlateDownload 3.4.0 allow ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5144 (Cross-site scripting (XSS) vulnerability in userupload.php in ...)
	NOT-FOR-US: OlateDownload
CVE-2006-5143 (Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 ...)
	NOT-FOR-US: Backup Agent RPC Server
CVE-2006-5142 (Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 ...)
	NOT-FOR-US: CA BrightStor ARCserver Backup
CVE-2006-5141 (PHP remote file inclusion vulnerability in script.php in Kevin A. ...)
	NOT-FOR-US: Open Geo Targeting (aka geotarget)
CVE-2006-5140 (SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image ...)
	NOT-FOR-US: Image Host Script (phpkimagehost)
CVE-2006-5139 (Unspecified vulnerability in MkPortal allows remote attackers to ...)
	NOT-FOR-US: MkPortal
CVE-2006-5138 (Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5137 (Multiple direct static code injection vulnerabilities in Groupee ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5136 (Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in ...)
	NOT-FOR-US: Groupee UBB.threads
CVE-2006-5135 (Multiple PHP remote file inclusion vulnerabilities in A-Blog 2 allow ...)
	NOT-FOR-US: A-Blog
CVE-2006-5134 (Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to ...)
	NOT-FOR-US: Mercury SiteScope
CVE-2006-5133 (Buffer overflow in GuildFTPd 0.999.13 allows remote attackers to have ...)
	NOT-FOR-US: GuildFTPd
CVE-2006-5132 (Multiple PHP remote file inclusion vulnerabilities in phpMyAgenda 3.0 ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-5131 (module/shout/jafshout.php (aka the shoutbox) in ph03y3nk just another ...)
	NOT-FOR-US: just another flat file (JAF) CMS
CVE-2006-5130 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5129 (Multiple cross-site scripting (XSS) vulnerabilities in ph03y3nk just ...)
	NOT-FOR-US: ust another flat file (JAF) CMS
CVE-2006-5128 (SQL injection vulnerability in index.php in Bartels Schoene ConPresso ...)
	NOT-FOR-US: ConPresso
CVE-2006-5127 (Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ...)
	NOT-FOR-US: ConPresso
CVE-2006-5126 (PHP remote file inclusion vulnerability in index.php in John Himmelman ...)
	NOT-FOR-US: PowerPortal
CVE-2006-5125 (Directory traversal vulnerability in window.php, possibly used by ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5124 (Multiple PHP remote file inclusion vulnerabilities in Joshua Muheim ...)
	NOT-FOR-US: phpMyWebmin
CVE-2006-5123 (Multiple PHP remote file inclusion vulnerabilities in Albrecht ...)
	NOT-FOR-US: PHProjekt
CVE-2006-5122 (Multiple cross-site scripting (XSS) vulnerabilities in Mercury ...)
	NOT-FOR-US: SiteScope
CVE-2006-5121 (SQL injection vulnerability in modules/Downloads/admin.php in the ...)
	NOT-FOR-US: PostNuke
CVE-2006-5120 (Multiple cross-site scripting (XSS) vulnerabilities in Scott Metoyer ...)
	NOT-FOR-US: Red Mombin
CVE-2006-5119 (Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart 1.3.5 ...)
	NOT-FOR-US: Zen Cart
CVE-2006-5118 (PHP remote file inclusion vulnerability in index.php3 in the PDD ...)
	NOT-FOR-US: PHPSelect Web Development Division
CVE-2006-5117 (phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web ...)
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; unimportant)
	NOTE: Only path disclosure
CVE-2006-5116 (Multiple cross-site request forgery (CSRF) vulnerabilities in ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.9.0.2-0.1 (bug #391090; bug #400553; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-5115 (Directory traversal vulnerability in kgcall.php in KGB 1.87 allows ...)
	NOT-FOR-US: KGB
CVE-2006-5114 (Multiple cross-site scripting (XSS) vulnerabilities in wgate in SAP ...)
	NOT-FOR-US: SAP
CVE-2006-5113 (Directory traversal vulnerability in common.php in Yuuki Yoshizawa ...)
	NOT-FOR-US: Exporia
CVE-2006-5112 (Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote ...)
	NOT-FOR-US: NaviCOPA Web Server
CVE-2006-5111 (The libksba library 0.9.12 and possibly other versions, as used by ...)
	- libksba 0.9.14-1 (low; bug #391278)
	[sarge] - libksba <no-dsa> (Minor issue)
CVE-2006-5110 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5109 (Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CubeCart
CVE-2006-5108 (Multiple cross-site scripting (XSS) vulnerabilities in Devellion ...)
	NOT-FOR-US: CubeCart
CVE-2006-5107 (Multiple SQL injection vulnerabilities in Devellion CubeCart 2.0.x ...)
	NOT-FOR-US: CubeCart
CVE-2006-5106 (Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 ...)
	NOT-FOR-US: FacileForms for Mambo and Joomla!
CVE-2006-5105 (Multiple PHP remote file inclusion vulnerabilities in SyntaxCMS 1.1.1 ...)
	NOT-FOR-US: SyntaxCMS
CVE-2006-5104 (SQL injection vulnerability in global.php in Jelsoft vBulletin 2.x ...)
	NOT-FOR-US: vBulletin
CVE-2006-5103 (PHP remote file inclusion vulnerability in admin/index2.php in bbsNew ...)
	NOT-FOR-US: bbsNew
CVE-2006-5102 (PHP remote file inclusion vulnerability in include/editfunc.inc.php in ...)
	NOT-FOR-US: Newswriter SW
CVE-2006-5101 (PHP remote file inclusion vulnerability in include.php in Comdev CSV ...)
	NOT-FOR-US: Comdev CSV Importer
CVE-2006-5100 (PHP remote file inclusion vulnerability in parse/parser.php in ...)
	NOT-FOR-US: WEB//NEWS (aka webnews)
CVE-2006-5099 (lib/exec/fetch.php in DokuWiki before 2006-03-09e, when ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5098 (lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote ...)
	- dokuwiki 0.0.20060309-5.2 (bug #391291; medium)
CVE-2006-5097 (** DISPUTED ** ...)
	NOT-FOR-US: net2ftp
CVE-2006-5096 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VirtueMart
CVE-2006-5095 (** DISPUTED ** ...)
	NOT-FOR-US: MyPhotos
CVE-2006-5094 (PHP remote file inclusion vulnerability in includes/functions_kb.php ...)
	NOT-FOR-US: phpBB XS
CVE-2006-5093 (PHP remote file inclusion vulnerability in index.php in Tagmin Control ...)
	NOT-FOR-US: TagIt! Tagboard
CVE-2006-5092 (PHP remote file inclusion vulnerability in navigation/menu.php in ...)
	NOT-FOR-US: A-Blog
CVE-2006-5091 (Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server ...)
	NOT-FOR-US: HP-UX Samba
CVE-2006-5090 (Multiple cross-site scripting (XSS) vulnerabilities in Phoenix ...)
	NOT-FOR-US: Phoenix Evolution CMS (PECMS)
CVE-2006-5089 (** DISPUTED ** ...)
	NOT-FOR-US: My-BIC
CVE-2006-5088 (PHP remote file inclusion vulnerability in connected_users.lib.php3 in ...)
	NOT-FOR-US: phpMyChat
CVE-2006-5087 (Multiple PHP remote file inclusion vulnerabilities in evoBB 0.3 and ...)
	NOT-FOR-US: evoBB
CVE-2006-5086 (Blog Pixel Motion 2.1.1 allows remote attackers to change the username ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5085 (Static code injection vulnerability in config.php in Blog Pixel Motion ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-5084 (Format string vulnerability in the NSRunAlertPanel function in eBay ...)
	NOT-FOR-US: Skype
CVE-2006-5083 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Integrated MODs (IM) Portal
CVE-2006-5082 (Unspecified vulnerability in Sugar Suite Open Source (SugarCRM) before ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-5081 (PHP remote file inclusion vulnerability in acc.php in QuickBlogger ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-5080 (Cross-site scripting (XSS) vulnerability in the search function in Six ...)
	NOT-FOR-US: Movable Type
CVE-2006-5079 (PHP remote file inclusion vulnerability in class.mysql.php in Matt ...)
	NOT-FOR-US: paBugs
CVE-2006-5078 (PHP remote file inclusion vulnerability in view/general.php in ...)
	NOT-FOR-US: Polaring
CVE-2006-5077 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Minerva
CVE-2006-5076 (Multiple PHP remote file inclusion vulnerabilities in OpenConcept ...)
	NOT-FOR-US: OpenConcept Back-End
CVE-2006-5075 (The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-5074 (Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice ...)
	NOT-FOR-US: PHP Invoice
CVE-2006-5073 (Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2006-5072 (The System.CodeDom.Compiler classes in Novell Mono create temporary ...)
	- mono 1.1.17.1-5
CVE-2006-5071 (Multiple cross-site scripting (XSS) vulnerabilities in eyeOS before ...)
	NOT-FOR-US: eyeOS
CVE-2006-5070 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: faceStones Personal
CVE-2006-5069 (Cross-site scripting (XSS) vulnerability in class.tx_indexedsearch.php ...)
	- typo3-src <not-affected> (only versions 4.0.0+4.0.1 affected)
CVE-2006-5068 (PHP remote file inclusion vulnerability in admin/index.php in ...)
	NOT-FOR-US: BrudaNews
CVE-2006-5067 (** DISPUTED ** ...)
	NOT-FOR-US: PHP System Administration Toolkit (PHPSaTK)
CVE-2006-5066 (Multiple cross-site scripting (XSS) vulnerabilities in DanPHPSupport ...)
	NOT-FOR-US: DanPHPSupport
CVE-2006-5065 (PHP remote file inclusion vulnerability in libs/dbmax/mysql.php in ...)
	NOT-FOR-US: ZoomStats
CVE-2006-5064 (Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4 ...)
	NOT-FOR-US: BirdBlog
CVE-2006-5063 (Cross-site scripting (XSS) vulnerability in Elog 2.6.1 allows remote ...)
	{DSA-1242-1}
	- elog 2.6.2+r1719-1 (bug #389361)
CVE-2006-5062 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PBLang (PBL)
CVE-2006-5061 (PHP remote file inclusion vulnerability in mcf.php in ...)
	NOT-FOR-US: Advanced-Clan-Script (AVCX)
CVE-2006-5060 (Cross-site scripting (XSS) vulnerability in login.php in Jamroom ...)
	NOT-FOR-US: Jamroom
CVE-2006-5059 (Multiple cross-site scripting (XSS) vulnerabilities in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-5058 (Buffer overflow in (1) Call of Duty 1.5b and earlier, (2) Call of Duty ...)
	NOT-FOR-US: Call of Duty
CVE-2006-5057 (Multiple cross-site scripting (XSS) vulnerabilities in Ktools.net ...)
	NOT-FOR-US: PhotoStore
CVE-2006-5056 (Cross-site scripting (XSS) vulnerability in index.php in Opial ...)
	NOT-FOR-US: Opial Audio/Video Download Management
CVE-2006-5055 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: syntaxCMS
CVE-2006-5054 (SQL injection vulnerability in uye/uye_ayrinti.asp in iyzi Forum 1 ...)
	NOT-FOR-US: iyzi Forum
CVE-2006-5053 (PHP remote file inclusion vulnerability in webnews/template.php in ...)
	NOT-FOR-US: Web-News
CVE-2006-5052 (Unspecified vulnerability in portable OpenSSH before 4.4, when running ...)
	[etch] - openssh <no-dsa> (Minor issue)
	- openssh 1:4.6p1-1 (low)
CVE-2006-5051 (Signal handler race condition in OpenSSH before 4.4 allows remote ...)
	{DSA-1638-1 DSA-1212 DSA-1189-1}
	- openssh 1:4.6p1-1 (low)
	- openssh-krb5 <removed> (high)
	NOTE: From my analysis only openssh with Kerberos support should be vulnerable
	NOTE: However, we'll fix openssh as well just to make sure
CVE-2006-5050 (Directory traversal vulnerability in httpd in Rob Landley BusyBox ...)
	- busybox <not-affected> (bug #390555; irreproducible)
	[sarge] - busybox <not-affected> (Vulnerable code not present)
CVE-2006-5049 (Unspecified vulnerability in Classifieds (com_classifieds) component ...)
	NOT-FOR-US: Classifieds (com_classifieds) component for Joomla!
CVE-2006-5048 (Multiple PHP remote file inclusion vulnerabilities in Security Images ...)
	NOT-FOR-US: Security Images (com_securityimages) component for Joomla!
CVE-2006-5047 (Unspecified vulnerability in rsgallery2.html.php in RS Gallery2 ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5046 (Unspecified vulnerability in RS Gallery2 (com_rsgallery2) 1.11.3 and ...)
	NOT-FOR-US: RS Gallery2 component for Joomla! (com_rsgallery2)
CVE-2006-5045 (Unspecified vulnerability in PollXT component (com_pollxt) 1.22.07 and ...)
	NOT-FOR-US: PollXT component (com_pollxt) for Joomla!
CVE-2006-5044 (Unspecified vulnerability in Prince Clan (Princeclan) Chess component ...)
	NOT-FOR-US: Prince Clan (Princeclan) Chess componen (com_pcchess) for Mambo and Joomla!
CVE-2006-5043 (Multiple PHP remote file inclusion vulnerabilities in the Joomlaboard ...)
	NOT-FOR-US: JoomlaBoard (com_joomlaboard) for Joomla!
CVE-2006-5042 (Unspecified vulnerability in mosMedia (com_mosmedia) 1.0.8 and earlier ...)
	NOT-FOR-US: mosMedia (com_mosmedia) for Joomla!
CVE-2006-5041 (Unspecified vulnerability in Hot Properties (possibly ...)
	NOT-FOR-US: Hot Properties (possibly com_hotproperties) for Joomla!
CVE-2006-5040 (Unspecified vulnerability in SEF404x (com_sef) for Joomla! has ...)
	NOT-FOR-US: SEF404x (com_sef) for Joomla!
CVE-2006-5039 (Unspecified vulnerability in Events 1.3 beta module (com_events) for ...)
	NOT-FOR-US: Events 1.3 beta module (com_events) for Joomla!
CVE-2006-5038 (The FiWin SS28S WiFi VoIP SIP/Skype Phone, firmware version 01_02_07, ...)
	NOT-FOR-US: FiWin
CVE-2006-5037 (** DISPUTED ** ...)
	NOT-FOR-US: MySource Matrix
CVE-2006-5036 (** DISPUTED ** ...)
	NOT-FOR-US: MySource Matrix
CVE-2006-5035 (Multiple cross-site scripting (XSS) vulnerabilities in Paul Smith ...)
	NOT-FOR-US: vCAP
CVE-2006-5034 (Directory traversal vulnerability in Paul Smith Computer Services vCAP ...)
	NOT-FOR-US: vCAP
CVE-2006-5033 (Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith ...)
	NOT-FOR-US: vCAP
CVE-2006-5032 (PHP remote file inclusion vulnerability in dix.php3 in PHPartenaire ...)
	NOT-FOR-US: PHPartenaire
CVE-2006-5031 (Directory traversal vulnerability in app/webroot/js/vendors.php in ...)
	- cakephp 1.1.13.4450-1
CVE-2006-5030 (SQL injection vulnerability in modules/messages/index.php in exV2 ...)
	NOT-FOR-US: exV2
CVE-2006-5029 (SQL injection vulnerability in thread.php in WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board (wBB)
CVE-2006-5028 (Directory traversal vulnerability in filemanager/filemanager.php in ...)
	NOT-FOR-US: Plesk
CVE-2006-5027 (Jeroen Vennegoor JevonCMS, possibly pre alpha, allows remote attackers ...)
	NOT-FOR-US: JevonCMS
CVE-2006-5026 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5025 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5024 (Multiple unspecified vulnerabilities in Paisterist Simple HTTP Scanner ...)
	NOT-FOR-US: Paisterist Simple HTTP Scanner (sHTTPScanner)
CVE-2006-5023 (SQL injection vulnerability in kategori.asp in xweblog 2.1 and earlier ...)
	NOT-FOR-US: xweblog
CVE-2006-5022 (PHP remote file inclusion vulnerability in includes/global.php in ...)
	NOT-FOR-US: pNews System 1.1.0 (aka PowerNews)
CVE-2006-5021 (Multiple PHP remote file inclusion vulnerabilities in redgun RedBLoG ...)
	NOT-FOR-US: RedBLoG
CVE-2006-5020 (Multiple PHP remote file inclusion vulnerabilities in SolidState 0.4 ...)
	NOT-FOR-US: SolidState
CVE-2006-5019 (Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Google Mini
CVE-2006-5018 (ContentKeeper 123.25 and earlier places passwords in cleartext in an ...)
	NOT-FOR-US: ContentKeeper
CVE-2006-5017 (SQL injection vulnerability in admin/all_users.php in Szava Gyula and ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5016 (Unrestricted file upload vulnerability in admin/x_image.php in Szava ...)
	NOT-FOR-US: e-Vision CMS
CVE-2006-5015 (PHP remote file inclusion vulnerability in hit.php in Kietu 3.2 allows ...)
	NOT-FOR-US: Kietu
CVE-2006-5014 (Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows ...)
	NOT-FOR-US: cPanel
CVE-2006-5013 (Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 ...)
	NOT-FOR-US: Solaris
CVE-2006-5012 (Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 ...)
	NOT-FOR-US: Solaris
CVE-2006-5011 (Untrusted search path vulnerability in snappd in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5010 (Untrusted search path vulnerability in acctctl in IBM AIX 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5009 (Unspecified vulnerability in xlock in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5008 (Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-5007 (Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5006 (Buffer overflow in cfgmgr in IBM AIX 5.2.0 and 5.3.0 allows local ...)
	NOT-FOR-US: AIX
CVE-2006-5005 (Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5004 (Unspecified vulnerability in the rdist command in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5003 (Unspecified vulnerability in the named8 command in IBM AIX 5.2.0 and ...)
	NOT-FOR-US: AIX
CVE-2006-5002 (Unspecified vulnerability in IBM Inventory Scout for AIX 2.2.0.0 ...)
	NOT-FOR-US: AIX
CVE-2006-5001 (Unspecified vulnerability in the log analyzer in WS_FTP Server 5.05 ...)
	NOT-FOR-US: WS_FTP
CVE-2006-5000 (Multiple buffer overflows in WS_FTP Server 5.05 before Hotfix 1, and ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4999
	RESERVED
CVE-2006-4998
	RESERVED
CVE-2006-4997 (The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-4996 (Unspecified vulnerability in JoomlaLib (com_joomlalib) before 1.2.2 ...)
	NOT-FOR-US: JoomlaLib (com_joomlalib) for Joomla!
CVE-2006-4995 (PHP remote file inclusion vulnerability in BSQ Sitestats ...)
	NOT-FOR-US: BSQ Sitestats for Joomla!
CVE-2006-4994 (Multiple unquoted Windows search path vulnerabilities in Apache ...)
	NOT-FOR-US: XAMPP
CVE-2006-4993 (Multiple PHP remote file inclusion vulnerabilities in AllMyGuests ...)
	NOT-FOR-US: AllMyGuests
CVE-2006-4992 (Multiple PHP remote file inclusion vulnerabilities in JD-WordPress for ...)
	NOT-FOR-US: JD-WordPress for Joomla!
CVE-2006-4991 (RSA Keon Certificate Authority (KeonCA) Manager 6.5.1 and 6.6 allows ...)
	NOT-FOR-US: RSA Keon Certificate Authority (KeonCA) Manager
CVE-2006-4990 (Multiple PHP remote file inclusion vulnerabilities in PhotoPost allow ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4989 (Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4988 (Multiple cross-site scripting (XSS) vulnerabilities in Patrick ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4987 (Multiple PHP remote file inclusion vulnerabilities in Patrick ...)
	NOT-FOR-US: Wili-CMS
CVE-2006-4986 (Grayscale BandSite CMS allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4985 (Multiple cross-site scripting (XSS) vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4984 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite CMS
CVE-2006-4983 (Cisco NAC allows quarantined devices to communicate over the network ...)
	NOT-FOR-US: Cisco
CVE-2006-4982 (Cisco NAC maintains an exception list that does not record device ...)
	NOT-FOR-US: Cisco
CVE-2006-4981 (Symantec Sygate NAC allows physically proximate attackers to bypass ...)
	NOT-FOR-US: Symantec
CVE-2006-4980 (Buffer overflow in the repr function in Python 2.3 through 2.6 before ...)
	{DSA-1198-1 DSA-1197-1}
	- python2.5 2.5-1 (bug #391589)
	- python2.4 2.4.3-9 (bug #391589)
	- python2.3 2.3.5-16 (bug #393053)
	- python2.2 <not-affected> (Compiled without UCS-4 support)
CVE-2006-4979 (Direct static code injection vulnerability in cfgphpquiz/install.php ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4978 (Multiple SQL injection vulnerabilities in Walter Beschmout PhpQuiz 1.2 ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4977 (Multiple unrestricted file upload vulnerabilities in (1) ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4976 (The Date Library in John Lim ADOdb Library for PHP allows remote ...)
	- libphp-adodb <unfixed> (unimportant)
	- gallery2 <removed> (unimportant)
	- phppgadmin <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpwiki <unfixed> (unimportant)
	- moodle <removed> (unimportant)
	NOTE: full path is known in Debian anyway
CVE-2006-4975 (Yahoo! Messenger for WAP permits saving messages that contain ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2006-4974 (Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4973 (Cross-site scripting (XSS) vulnerability in Default.aspx in Perpetual ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-4972 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4971 (MyBB (aka MyBulletinBoard) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4970 (PHP remote file inclusion vulnerability in enc/content.php in WAHM ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4969 (Multiple PHP remote file inclusion vulnerabilities in WAHM E-Commerce ...)
	NOT-FOR-US: Pie Cart Pro
CVE-2006-4968 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PNphpBB
	NOTE: code in phpBB is different and not affected
CVE-2006-4967 (Multiple cross-site scripting (XSS) vulnerabilities in NextAge Cart ...)
	NOT-FOR-US: NextAge Cart
CVE-2006-4966 (PHP remote file inclusion vulnerability in inc/ifunctions.php in ...)
	NOT-FOR-US: phpQuestionnaire
CVE-2006-4965 (Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to ...)
	NOT-FOR-US: Apple
	NOTE: also used for related MFSA-2007-28, but still a QuickTime/Windows only issue
CVE-2006-4964 (Cross-site scripting (XSS) vulnerability in MAXdev MDPro 1.0.76 before ...)
	NOT-FOR-US: MAXdev MDPro
CVE-2006-4963 (Directory traversal vulnerability in index.php in Exponent CMS 0.96.3 ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-4962 (Directory traversal vulnerability in pbd_engine.php in Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4961 (SQL injection vulnerability in the GetModuleConfig function in ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4960 (Cross-site scripting (XSS) vulnerability in index.php Php Blue Dragon ...)
	NOT-FOR-US: Php Blue Dragon
CVE-2006-4959 (Sun Secure Global Desktop (SSGD, aka Tarantella) before 4.3 allows ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4958 (Multiple cross-site scripting (XSS) vulnerabilities in Sun Secure ...)
	NOT-FOR-US: Sun Secure Global Desktop
CVE-2006-4957 (SQL injection vulnerability in the GetMember function in functions.php ...)
	NOT-FOR-US: MyReview
CVE-2006-4956 (Cross-site scripting (XSS) vulnerability in the updateuser servlet in ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4955 (Directory traversal vulnerability in the downloadfile servlet in Neon ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4954 (The updateuser servlet in Neon WebMail for Java before 5.08 does not ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4953 (Multiple SQL injection vulnerabilities in Neon WebMail for Java before ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4952 (The updatemail servlet in Neon WebMail for Java before 5.08 allows ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4951 (Neon WebMail for Java before 5.08 allows remote attackers to execute ...)
	NOT-FOR-US: Neon WebMail for Java
CVE-2006-4950 (Cisco IOS 12.2 through 12.4 before 20060920, as used by Cisco IAD2430, ...)
	NOT-FOR-US: Cisco
CVE-2006-4949 (Cross-site scripting (XSS) vulnerability in the Drupal 4.6 Site ...)
	NOT-FOR-US: Profile Directory (profile_pages.module) for Drupal
CVE-2006-4948 (Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server ...)
	NOT-FOR-US: TFTPDWIN
CVE-2006-4947 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Search ...)
	NOT-FOR-US: Search Keywords module for Drupal
CVE-2006-4946 (PHP remote file inclusion vulnerability in include/startup.inc.php in ...)
	NOT-FOR-US: CMSDevelopment Business Card Web Builder (BCWB)
CVE-2006-4945 (Multiple PHP remote file inclusion vulnerabilities in Cardway (aka ...)
	NOT-FOR-US: DigitalWebShop
CVE-2006-4944 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ProgSys
CVE-2006-4943 (course/jumpto.php in Moodle before 1.6.2 does not validate the session ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (File not present)
CVE-2006-4942 (Moodle before 1.6.2, when the configuration lacks (1) algebra or (2) ...)
	- moodle 1.6.2-1
CVE-2006-4941 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle before ...)
	- moodle 1.6.2-1
CVE-2006-4940 (login/forgot_password.php in Moodle before 1.6.2 allows remote ...)
	- moodle 1.6.2-1
	[sarge] - moodle <not-affected> (Function not present)
CVE-2006-4939 (backup/backup_scheduled.php in Moodle before 1.6.2 generates trace ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4938 (help.php in Moodle before 1.6.2 does not check the existence of ...)
	- moodle 1.6.2-1 (unimportant)
	NOTE: Path disclosure
CVE-2006-4937 (lib/setup.php in Moodle before 1.6.2 sets the error reporting level to ...)
	- moodle 1.6.2-1
CVE-2006-4936 (Moodle before 1.6.2 does not properly validate the module instance id ...)
	- moodle 1.6.2-1
CVE-2006-4935 (The Database module in Moodle before 1.6.2 does not properly handle ...)
	- moodle 1.6.2-1
CVE-2006-4934
	RESERVED
CVE-2006-4933
	RESERVED
CVE-2006-4932
	RESERVED
CVE-2006-4931
	RESERVED
CVE-2006-4930
	RESERVED
CVE-2006-4929
	RESERVED
CVE-2006-4928
	RESERVED
CVE-2006-4927 (The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2006-4926 (The NDIS-TDI Hooking Engine, as used in the (1) KLICK (KLICK.SYS) and ...)
	NOT-FOR-US: Kaspersky Labs
CVE-2005-4812 (The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, ...)
	NOT-FOR-US: SISCO OSI stack for Windows
CVE-2005-4811 (The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and ...)
	{DSA-1304}
	- linux-2.6 2.6.14
CVE-2006-4925 (packet.c in ssh in OpenSSH allows remote attackers to cause a denial ...)
	- openssh 1:5.1p1-5 (unimportant)
	NOTE: That's a non-issue
CVE-2006-4924 (sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, ...)
	{DSA-1212 DSA-1189-1}
	- openssh 1:4.3p2-4 (low; bug #389995)
	- openssh-krb5 <unfixed> (low)
CVE-2006-4923 (Cross-site scripting (XSS) vulnerability in search.php in eSyndiCat ...)
	NOT-FOR-US: eSyndiCat Portal System
CVE-2006-4922 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Site@School
CVE-2006-4921 (PHP remote file inclusion vulnerability in Site@School (S@S) 2.4.03 ...)
	NOT-FOR-US: Site@School
CVE-2006-4920 (Multiple PHP remote file inclusion vulnerabilities in Site@School ...)
	NOT-FOR-US: Site@School
CVE-2006-4919 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Site@School
CVE-2006-4918 (Multiple PHP remote file inclusion vulnerabilities in Simple ...)
	NOT-FOR-US: Simple Discussion Board
CVE-2006-4917 (Cross-site scripting (XSS) vulnerability in search.php in PT News ...)
	NOT-FOR-US: PT News
CVE-2006-4916 (SQL injection vulnerability in uye_profil.asp in Tekman Portal (TR) ...)
	NOT-FOR-US: Tekman Portal
CVE-2006-4915 (Cross-site scripting (XSS) vulnerability in index.php in Innovate ...)
	NOT-FOR-US: Innovate Portal
CVE-2006-4914 (Directory traversal vulnerability in A.l-Pifou 1.8p2 allows remote ...)
	NOT-FOR-US: A.l-Pifou
CVE-2006-4913 (Directory traversal vulnerability in chat/getStartOptions.php in ...)
	NOT-FOR-US: AlstraSoft E-friends
CVE-2006-4912 (PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and ...)
	NOT-FOR-US: PHP DocWriter
CVE-2006-4911 (Unspecified vulnerability in Cisco IPS 5.0 before 5.0(6p2) and 5.1 ...)
	NOT-FOR-US: Cisco
CVE-2006-4910 (The web administration interface (mainApp) to Cisco IDS before ...)
	NOT-FOR-US: Cisco
CVE-2006-4909 (Cross-site scripting (XSS) vulnerability in Cisco Guard DDoS ...)
	NOT-FOR-US: Cisco
CVE-2006-4908 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OSU
CVE-2006-4907 (OSU 3.11alpha and 3.10a allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: OSU
CVE-2006-4906 (SQL injection vulnerability in modules/calendar/week.php in ...)
	NOT-FOR-US: More.groupware
CVE-2006-4905 (PHP remote file inclusion vulnerability in index.php in Artmedic Links ...)
	NOT-FOR-US: Artmedic Links
CVE-2006-4904 (Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam ...)
	NOT-FOR-US: X-Cart
CVE-2006-4903
	RESERVED
CVE-2006-4902 (The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 ...)
	NOT-FOR-US: Symantec Veritas NetBackup
CVE-2006-4901 (Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4900 (Directory traversal vulnerability in Computer Associates (CA) eTrust ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4899 (The ePPIServlet script in Computer Associates (CA) eTrust Security ...)
	NOT-FOR-US: CA eTrust
CVE-2006-4898 (PHP remote file inclusion vulnerability in include/phpxd/phpXD.php in ...)
	NOT-FOR-US: guanxiCRM
CVE-2006-4897 (CMtextS 1.0 and earlier stores users_logins/admin.txt under the web ...)
	NOT-FOR-US: CMtextS
CVE-2006-4896
	REJECTED
CVE-2006-4895 (IDevSpot NexieAffiliate 1.9 and earlier allows remote attackers to ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4894 (Cross-site scripting (XSS) vulnerability in forms/lostpassword.php in ...)
	NOT-FOR-US: IDevSpot NexieAffiliate
CVE-2006-4893 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4892 (SQL injection vulnerability in faqview.asp in Techno Dreams FAQ ...)
	NOT-FOR-US: Techno Dreams FAQ
CVE-2006-4891 (SQL injection vulnerability in ArticlesTableview.asp in Techno Dreams ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-4890 (Multiple PHP remote file inclusion vulnerabilities in UNAK-CMS 1.5 and ...)
	NOT-FOR-US: UNAK-CMS
CVE-2006-4889 (Multiple PHP remote file inclusion vulnerabilities in Telekorn ...)
	NOT-FOR-US: Telekorn SignKorn Guestbook
CVE-2006-4888 (Microsoft Internet Explorer 6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-4887 (Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop ...)
	NOT-FOR-US: Apple
CVE-2006-4886 (The VirusScan On-Access Scan component in McAfee VirusScan Enterprise ...)
	NOT-FOR-US: McAfee
CVE-2006-4885 (PHP remote file inclusion vulnerability in Shadowed Portal 5.599 and ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4884 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot iSupport
CVE-2006-4883 (Multiple cross-site scripting (XSS) vulnerabilities in IDevSpot ...)
	NOT-FOR-US: IDevSpot BizDirectory
CVE-2006-4882 (SQL injection vulnerability in Review.asp in Julian Roberts Charon ...)
	NOT-FOR-US: Cart 3
CVE-2006-4881 (Multiple cross-site scripting (XSS) vulnerabilities in David Bennett ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4880 (David Bennett PHP-Post (PHPp) 1.0 and earlier allows remote attackers ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4879 (SQL injection vulnerability in profile.php in David Bennett PHP-Post ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4878 (Directory traversal vulnerability in footer.php in David Bennett ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4877 (Variable overwrite vulnerability in David Bennett PHP-Post (PHPp) 1.0 ...)
	NOT-FOR-US: PHP-Post (PHPp)
CVE-2006-4876 (Multiple SQL injection vulnerabilities in Jupiter CMS allow remote ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4875 (Unrestricted file upload vulnerability in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4874 (Multiple cross-site scripting (XSS) vulnerabilities in Jupiter CMS ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4873 (Jupiter CMS allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4872 (SQL injection vulnerability in search.asp in Keyvan1 (aka Keyvan ...)
	NOT-FOR-US: ECardPro
CVE-2006-4871 (SQL injection vulnerability in search_run.asp in Keyvan1 (aka Keyvan ...)
	NOT-FOR-US: EShoppingPro
CVE-2006-4870 (Multiple PHP remote file inclusion vulnerabilities in AEDating 4.1, ...)
	NOT-FOR-US: AEDating
CVE-2006-4869 (PHP remote file inclusion vulnerability in phpunity-postcard.php in ...)
	NOT-FOR-US: phpunity.postcard
CVE-2006-4868 (Stack-based buffer overflow in the Vector Graphics Rendering engine ...)
	NOT-FOR-US: Microsoft
CVE-2006-4867 (SQL injection vulnerability in mods.php in GNUTurk 2G and earlier ...)
	NOT-FOR-US: GNUTurk
CVE-2006-4866 (Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in ...)
	NOT-FOR-US: Apple
CVE-2006-4865 (Walter Beschmout PhpQuiz allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PhpQuiz
CVE-2006-4864 (PHP remote file inclusion vulnerability in index.php in All Enthusiast ...)
	NOT-FOR-US: ReviewPost
CVE-2006-4863 (** DISPUTED ** ...)
	NOT-FOR-US: mcLinksCounter
CVE-2006-4862 (SQL injection vulnerability in default.aspx in easypage allows remote ...)
	NOT-FOR-US: easypage
CVE-2006-4861 (SQL injection vulnerability in loginprocess.asp in Mohammed Mehdi ...)
	NOT-FOR-US: Complain Center
CVE-2006-4860 (Multiple unspecified vulnerabilities in (1) index.php, (2) ...)
	NOT-FOR-US: Limbo
CVE-2006-4859 (Unrestricted file upload vulnerability in contact.html.php in the ...)
	NOT-FOR-US: Limbo
CVE-2006-4858 (PHP remote file inclusion vulnerability in install.serverstat.php in ...)
	NOT-FOR-US: Serverstat (com_serverstat) component for Mambo
CVE-2006-4857 (SQL injection vulnerability in default.asp (aka the login page) in ...)
	NOT-FOR-US: ClickBlog
CVE-2006-4856 (Multiple cross-site scripting (XSS) vulnerabilities in Roller ...)
	NOT-FOR-US: WebLogger
CVE-2006-4855 (The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 ...)
	NOT-FOR-US: Symantec
CVE-2006-4854
	REJECTED
CVE-2006-4853 (SQL injection vulnerability in kategorix.asp in Haberx 1.02 through ...)
	NOT-FOR-US: Haberx
CVE-2006-4852 (SQL injection vulnerability in browse.asp in QuadComm Q-Shop 3.5 ...)
	NOT-FOR-US: QuadComm Q-Shop
CVE-2006-4851 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2006-4850 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: BolinOS
CVE-2006-4849 (PHP remote file inclusion vulnerability in header.php in ...)
	NOT-FOR-US: MobilePublisherPHP
CVE-2006-4848 (** DISPUTED ** ...)
	NOT-FOR-US: Hitweb
CVE-2006-4847 (Multiple buffer overflows in Ipswitch WS_FTP Server 5.05 before Hotfix ...)
	NOT-FOR-US: WS_FTP
CVE-2006-4846 (Unspecified vulnerability in Citrix Access Gateway with Advanced ...)
	NOT-FOR-US: Citrix
CVE-2006-4845 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: TeamCal
CVE-2006-4844 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-4843 (Cross-site scripting (XSS) vulnerability in the Active Content Filter ...)
	NOT-FOR-US: IBM Lotus Domino
CVE-2006-4842 (The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in ...)
	- xulrunner 1.8.0.9-1 (low; bug #405062)
	[sarge] - mozilla <no-dsa> (Minor issue)
	NOTE: could not find setuid binary in sid, but evolution-data-server has a setgid mail binary
	NOTE: see https://bugzilla.mozilla.org/show_bug.cgi?id=351470
CVE-2006-4841
	RESERVED
CVE-2006-4840
	REJECTED
CVE-2006-4839 (Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sophos
CVE-2006-4838 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal SE ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4837 (Multiple PHP remote file inclusion vulnerabilities in DCP-Portal SE ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4836 (SQL injection vulnerability in login.php in DCP-Portal SE 6.0 allows ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-4835 (Bluview Blue Magic Board (BMB) (aka BMForum) 5.5 allows remote ...)
	NOT-FOR-US: Blue Magic Board (BMB) (aka BMForum)
CVE-2006-4834 (PHP remote file inclusion vulnerability in index.php in Jule Slootbeek ...)
	NOT-FOR-US: phpQuiz
CVE-2006-4833 (Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4832 (Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT ...)
	NOT-FOR-US: NetPerformer
CVE-2006-4831 (Unspecified vulnerability in IP over DNS is now easy (iodine) before ...)
	NOT-FOR-US: IP over DNS is now easy (iodine)
CVE-2006-4830 (Directory traversal vulnerability in EditBlogTemplatesPlugin.java in ...)
	NOT-FOR-US: Blojsom
CVE-2006-4829 (Multiple cross-site scripting (XSS) vulnerabilities in David Czarnecki ...)
	NOT-FOR-US: Blojsom
CVE-2006-4828 (PHP remote file inclusion vulnerability in zipndownload.php in ...)
	NOT-FOR-US: PhotoPost
CVE-2006-4827 (Multiple PHP remote file inclusion vulnerabilities in Vmist Downstat ...)
	NOT-FOR-US: Vmist Downstat
CVE-2006-4826 (PHP remote file inclusion vulnerability in bottom.php in Shadowed ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-4825 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP Event Calendar
CVE-2006-4824 (PHP remote file inclusion vulnerability in lib/activeutil.php in ...)
	NOT-FOR-US: Quicksilver Forums (QSF)
CVE-2006-4823 (PHP remote file inclusion vulnerability in scripts/news_page.php in ...)
	NOT-FOR-US: Magic News
CVE-2006-4822 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: emuCMS
CVE-2006-4821 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Userreview ...)
	NOT-FOR-US: Drupal Userreview module
CVE-2006-4820 (Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-4819 (Heap-based buffer overflow in Opera 9.0 and 9.01 allows remote ...)
	NOT-FOR-US: Opera
CVE-2006-4818
	RESERVED
CVE-2006-4817
	RESERVED
CVE-2006-4816
	RESERVED
CVE-2006-4815
	RESERVED
CVE-2006-4814 (The mincore function in the Linux kernel before 2.4.33.6 does not ...)
	{DSA-1503-2 DSA-1503-1 DSA-1304}
	- linux-2.6 2.6.18.dfsg.1-9 (low)
	- kernel-patch-openvz 028.18.1
CVE-2006-4813 (The __block_prepare_write function in fs/buffer.c for Linux kernel ...)
	{DSA-1233}
	- linux-2.6 2.6.13-1
CVE-2006-4812 (Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote ...)
	- php4 <not-affected>
	- php5 5.1.6-5 (bug #391586)
CVE-2006-4811 (Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 ...)
	{DSA-1200-1}
	- qt-x11-free 3:3.3.7-1 (bug #394192; bug #394313)
	- qt4-x11 4.2.1-1 (bug #394192)
CVE-2006-4810 (Buffer overflow in the readline function in util/texindex.c, as used ...)
	{DSA-1219}
	- texinfo 4.8.dfsg.1-4
CVE-2006-4809 (Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4808 (Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4807 (loader_tga.c in imlib2 before 1.2.1, and possibly other versions, ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4806 (Multiple integer overflows in imlib2 allow user-assisted remote ...)
	- imlib2 1.3.0.0debian1-3 (medium; bug #397371)
CVE-2006-4805 (epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in ...)
	{DSA-1201-1}
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4804
	RESERVED
CVE-2006-4803 (The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4802 (Format string vulnerability in the Real Time Virus Scan service in ...)
	NOT-FOR-US: Symantec
CVE-2006-4801 (Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and ...)
	NOT-FOR-US: Roxio Toast
CVE-2006-4800 (Multiple buffer overflows in libavcodec in ffmpeg before ...)
	{DSA-1215}
	- ffmpeg 0.cvs20060329-1
	- xmovie <removed>
	- xine-lib 1.1.2-1
	- gst-ffmpeg 0.8.7-7 (medium; bug #401304)
	- gstreamer0.10-ffmpeg 0.10.1-3 (medium; bug #401311)
	- mplayer 1.0~rc1-1
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4799 (Buffer overflow in ffmpeg for xine-lib before 1.1.2 might allow ...)
	{DSA-1215}
	- xine-lib 1.1.2-1 (bug #369876; medium)
	NOTE: according to the changelog, libxine (starting from 1.1.2-4) links dynamically against ffmpeg
CVE-2006-4798 (SQL-Ledger before 2.4.4 stores a password in a query string, which ...)
	- sql-ledger 2.4.5-1
CVE-2006-4797 (Cross-site scripting (XSS) vulnerability in tag.php in CloudNine ...)
	NOT-FOR-US: CJ Tag Board
CVE-2006-4796 (Cross-site scripting (XSS) vulnerability in forum.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2006-4795 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2006-4794 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
	NOT-FOR-US: e107
CVE-2006-4793 (Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 ...)
	NOT-FOR-US: TualBLOG
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area ...)
	NOT-FOR-US: HP-UX
CVE-2006-5778 (ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir ...)
	{DSA-1217}
	- linux-ftpd 0.17-23 (low; bug #384454)
CVE-2006-XXXX [ejabberd HTML code injection]
	- ejabberd 1.1.1-8
CVE-2006-4792
	RESERVED
CVE-2006-4791
	RESERVED
CVE-2006-4789 (Buffer overflow in Open Movie Editor 0.0.20060901 allows local users ...)
	NOT-FOR-US: Open Movie Editor
CVE-2006-4788 (PHP remote file inclusion vulnerability in includes/log.inc.php in ...)
	NOT-FOR-US: SignKorn Guestbook
CVE-2006-4787 (AlphaMail before 1.0.16 allows local users to obtain sensitive ...)
	NOT-FOR-US: AlphaMail
CVE-2006-4786 (Moodle 1.6.1 and earlier allows remote attackers to obtain sensitive ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4785 (SQL injection vulnerability in blog/edit.php in Moodle 1.6.1 and ...)
	- moodle 1.6.2-1 (medium; bug #387177)
CVE-2006-4784 (Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 ...)
	- moodle 1.6.2-1 (low)
CVE-2006-4783 (SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4782 (src/index.php in WebSPELL 4.01.01 and earlier, when register_globals ...)
	NOT-FOR-US: WebSPELL
CVE-2006-4781 (Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2006-4780 (PHP remote file inclusion vulnerability in includes/functions.php in ...)
	NOT-FOR-US: phpBB XS
CVE-2006-4779 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Vitrax Premodded phpBB
CVE-2006-4778 (SQL injection vulnerability in Creative Commons Tools ccHost before ...)
	NOT-FOR-US: Creative Commons Tools ccHost
CVE-2006-4777 (Heap-based buffer overflow in the DirectAnimation Path Control ...)
	NOT-FOR-US: DirectAnimation.PathControl
CVE-2006-4776 (Heap-based buffer overflow in the VLAN Trunking Protocol (VTP) feature ...)
	NOT-FOR-US: Cisco
CVE-2006-4775 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and ...)
	NOT-FOR-US: Cisco
CVE-2006-4774 (The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows ...)
	NOT-FOR-US: Cisco
CVE-2006-4773 (Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and ...)
	NOT-FOR-US: Sun StorEdge
CVE-2006-4772 (HotPlug CMS stores sensitive information under the web root with ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-4771 (Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 ...)
	NOT-FOR-US: ForumJBC
CVE-2006-4770 (PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 ...)
	NOT-FOR-US: MiniPort@l
CVE-2006-4769 (PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 ...)
	NOT-FOR-US: p4CMS
CVE-2006-4768 (Multiple direct static code injection vulnerabilities in add_go.php in ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4767 (Multiple directory traversal vulnerabilities in Stefan Ernst ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4766 (Directory traversal vulnerability in print.php in Stefan Ernst ...)
	NOT-FOR-US: Stefan Ernst Newsscript (aka WM-News)
CVE-2006-4765 (NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows ...)
	NOT-FOR-US: NETGEAR
CVE-2006-4764 (PHP remote file inclusion vulnerability in common.php in Thomas LETE ...)
	NOT-FOR-US: WTools
CVE-2006-4763 (IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client's ...)
	NOT-FOR-US: IBM Lotus Domino Web Access
CVE-2006-4762 (Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader ...)
	NOT-FOR-US: Ykoon RssReader
CVE-2006-4761 (Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman ...)
	NOT-FOR-US: SharpReader
CVE-2006-4760 (Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero ...)
	NOT-FOR-US: RSSOwl
CVE-2006-4759 (PunBB 1.2.12 does not properly handle an avatar directory pathname ...)
	NOT-FOR-US: PunBB
CVE-2006-4758 (phpBB 2.0.21 does not properly handle pathnames ending in %00, which ...)
	{DSA-1488-1}
	- phpbb2 2.0.21-4 (bug #388120; unimportant)
	NOTE: Only exploitable by admins, which you'd need to trust
CVE-2006-4757 (Multiple SQL injection vulnerabilities in the admin section in e107 ...)
	NOT-FOR-US: e107
CVE-2006-4756 (SQL injection vulnerability in alpha.php in phpMyDirectory 10.4.6 and ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4755 (Cross-site scripting (XSS) vulnerability in alpha.php in ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-4754 (Cross-site scripting (XSS) vulnerability in index.php in PHProg before ...)
	NOT-FOR-US: PHProg
CVE-2006-4753 (Directory traversal vulnerability in index.php in PHProg before 1.1 ...)
	NOT-FOR-US: PHProg
CVE-2006-4752 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5.1 allows remote ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4751 (Cross-site scripting (XSS) vulnerability in index.php in Laurentiu ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page (XHP) CMS
CVE-2006-4750 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OPENi-CMS
CVE-2006-4749 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
	NOT-FOR-US: PHP Advanced Transfer Manager (phpATM)
CVE-2006-4748 (Multiple SQL injection vulnerabilities in F-ART BLOG:CMS 4.1 allow ...)
	NOT-FOR-US: F-ART BLOG:CMS
CVE-2006-4747 (Multiple cross-site scripting (XSS) vulnerabilities in IdevSpot ...)
	NOT-FOR-US: IdevSpot TextAds
CVE-2006-4746 (PHP remote file inclusion vulnerability in news/include/customize.php ...)
	NOT-FOR-US: Web Server Creator
CVE-2006-4745 (ScaryBear PocketExpense Pro 3.9.1 uses an internally recorded key to ...)
	NOT-FOR-US: ScaryBear PocketExpense Pro
CVE-2006-4744 (Abidia (1) O-Anywhere and (2) Abidia Wireless transmit authentication ...)
	NOT-FOR-US: Abidia (1) O-Anywhere and (2) Abidia Wireless
CVE-2006-4743 (WordPress 2.0.2 through 2.0.5 allows remote attackers to obtain ...)
	- wordpress 2.0.5-0.1 (unimportant)
	NOTE: path disclosure only
CVE-2006-4742 (Cross-site scripting (XSS) vulnerability in user_add.php in IDevSpot ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4741 (PHP remote file inclusion vulnerability in bits_listings.php in ...)
	NOT-FOR-US: PhpLinkExchange
CVE-2006-4740 (Jetbox CMS allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4739 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4738 (PHP remote file inclusion vulnerability in phpthumb.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4737 (SQL injection vulnerability in index.php in Jetbox CMS allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4736 (Multiple SQL injection vulnerabilities in index.php in CMS.R. 5.5 ...)
	NOT-FOR-US: CMS.R
CVE-2006-4735 (Kellan Elliott-McCrea MagpieRSS allows remote attackers to obtain ...)
	- magpierss <unfixed> (unimportant)
	NOTE: path disclosure only
CVE-2006-4734 (Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php ...)
	- tikiwiki 1.9.5+dfsg1-2 (medium; bug #388122)
CVE-2006-4733 (PHP remote file inclusion vulnerability in sipssys/code/box.inc.php in ...)
	NOT-FOR-US: simple, integrated publishing system (SIPS)
CVE-2006-4732 (Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an ...)
	NOT-FOR-US: Microsoft
CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1241 (Unspecified vulnerability in Haakon Nilsen simple, integrated ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4731 (Multiple directory traversal vulnerabilities in (1) login.pl and (2) ...)
	{DSA-1239-1}
	- sql-ledger 2.6.19-1
CVE-2006-4730
	RESERVED
CVE-2006-4729
	RESERVED
CVE-2006-4728
	RESERVED
CVE-2006-4727 (Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in ...)
	NOT-FOR-US: Tumbleweed EMF Administration Module
CVE-2006-4726 (Cross-site scripting (XSS) vulnerability in Adobe ColdFusion MX 6.1 ...)
	NOT-FOR-US: Adobe
CVE-2006-4725 (Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security ...)
	NOT-FOR-US: Adobe
CVE-2006-4724 (Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ...)
	NOT-FOR-US: Adobe
CVE-2006-4723 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-4722 (PHP remote file inclusion vulnerability in Open Bulletin Board ...)
	NOT-FOR-US: Open Bulletin Board (OpenBB)
CVE-2006-4721 (Directory traversal vulnerability in admin.php in CCleague Pro Sports ...)
	NOT-FOR-US: CCleague Pro Sports CMS
CVE-2006-4720 (PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO ...)
	NOT-FOR-US: mcGalleryPRO
CVE-2006-4719 (Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb ...)
	NOT-FOR-US: MyABraCaDaWeb
CVE-2006-4718 (Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in ...)
	NOT-FOR-US: KorviBlog
CVE-2006-4717 (The login redirection mechanism in the Drupal 4.7 Pubcookie module ...)
	NOT-FOR-US: Pubcookie module for Drupal
CVE-2006-4716 (PHP remote file inclusion vulnerability in demarrage.php in Fire Soft ...)
	NOT-FOR-US: Fire Soft Board (FSB)
CVE-2006-4715 (SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4714 (PHP remote file inclusion vulnerability in index.php in SpoonLabs ...)
	NOT-FOR-US: SpoonLabs Vivvo Article Management CMS
CVE-2006-4713 (PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA ...)
	NOT-FOR-US: PSYWERKS PUMA
CVE-2006-4712 (Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4711 (Multiple cross-site scripting (XSS) vulnerabilities in Sage allow ...)
	- firefox-sage 1.3.6-3 (bug #388149; medium)
CVE-2006-4710 (Multiple cross-site scripting (XSS) vulnerabilities in NewsGator ...)
	NOT-FOR-US: NewsGator FeedDemon
CVE-2006-4709 (SQL injection vulnerability in topic.php in Vikingboard 0.1b allows ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4708 (Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard ...)
	NOT-FOR-US: Vikingboard
CVE-2006-4707 (Cross-site scripting (XSS) vulnerability in admin/global.php (aka the ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4706 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4705 (SQL injection vulnerability in login.php in dwayner79 and Dominic ...)
	NOT-FOR-US: Timesheet (aka Timesheet.php)
CVE-2006-4704 (Cross-zone scripting vulnerability in the WMI Object Broker ...)
	NOT-FOR-US: Microsoft
CVE-2006-4703
	REJECTED
CVE-2006-4702 (Buffer overflow in the Windows Media Format Runtime in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4701
	REJECTED
CVE-2006-4700
	REJECTED
CVE-2006-4699
	REJECTED
CVE-2006-4698
	REJECTED
CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects ...)
	NOT-FOR-US: Microsoft
CVE-2006-4696 (Unspecified vulnerability in the Server service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-4695 (Unspecified vulnerability in certain COM objects in Microsoft Office ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-4694 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-4693 (Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4692 (Argument injection vulnerability in the Windows Object Packager ...)
	NOT-FOR-US: Microsoft Word
CVE-2006-4691 (Stack-based buffer overflow in the NetpManageIPCConnect function in ...)
	NOT-FOR-US: Microsoft
CVE-2006-4690
	REJECTED
CVE-2006-4689 (Unspecified vulnerability in the driver for the Client Service for ...)
	NOT-FOR-US: Microsoft
CVE-2006-4688 (Buffer overflow in Client Service for NetWare (CSNW) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4687 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-4686 (Buffer overflow in the Extensible Stylesheet Language Transformations ...)
	NOT-FOR-US: Microsoft
CVE-2006-4685 (The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core ...)
	NOT-FOR-US: Microsoft
CVE-2006-4684 (The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 ...)
	{DSA-1176-1}
	- zope2.7 <removed>
	- zope2.8 2.8.8-2
CVE-2006-4683 (IBM Director before 5.10 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: IBM Director
CVE-2006-4682 (Multiple unspecified vulnerabilities in IBM Director before 5.10 allow ...)
	NOT-FOR-US: IBM Director
CVE-2006-4681 (Directory traversal vulnerability in Redirect.bat in IBM Director ...)
	NOT-FOR-US: IBM Director
CVE-2006-4680 (The Remote UI in Canon imageRUNNER includes usernames and passwords ...)
	NOT-FOR-US: Canon imageRUNNER
CVE-2006-4679 (DokuWiki before 2006-03-09c enables the debug feature by default, ...)
	- dokuwiki 0.0.20060309-5.1 (low; bug #388082)
CVE-2006-4678 (PHP remote file inclusion vulnerability in News Evolution 3.0.3 allows ...)
	NOT-FOR-US: News Evolution
CVE-2006-4677 (** DISPUTED ** ...)
	NOT-FOR-US: phpopenchat
CVE-2006-4676 (TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and ...)
	NOT-FOR-US: TIBCO RendezVous
CVE-2006-4675 (Unrestricted file upload vulnerability in lib/exe/media.php in ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4674 (Direct static code injection vulnerability in doku.php in DokuWiki ...)
	- dokuwiki 0.0.20060309-5.1 (medium; bug #388082)
CVE-2006-4673 (Global variable overwrite vulnerability in maincore.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-4672 (PHP remote file inclusion vulnerability in profitCode ppalCart 2.5 EE, ...)
	NOT-FOR-US: ppalCart
CVE-2006-4671 (PHP remote file inclusion vulnerability in headlines.php in Fantastic ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4670 (Multiple PHP remote file inclusion vulnerabilities in PhotoKorn ...)
	NOT-FOR-US: PhotoKorn Gallery
CVE-2006-4669 (PHP remote file inclusion vulnerability in admin/system/include.php in ...)
	NOT-FOR-US: Somery
CVE-2006-4668 (Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley ...)
	NOT-FOR-US: AckerTodo
CVE-2006-4667 (Multiple SQL injection vulnerabilities in RunCMS 1.4.1 allow remote ...)
	NOT-FOR-US: RunCMS
CVE-2006-4666 (Multiple PHP remote file inclusion vulnerabilities in Stefan Ernst ...)
	NOT-FOR-US: Newsscript (aka WM-News)
CVE-2006-4665 (Cross-site scripting (XSS) vulnerability in index.php in MKPortal M1.1 ...)
	NOT-FOR-US: MKPortal
CVE-2006-4664 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Premod Shadow
CVE-2006-4663 (** DISPUTED ** ...)
	NOT-FOR-US: User problem
CVE-2006-4662 (Heap-based buffer overflow in the MCRegEx__Search function in AOL ICQ ...)
	NOT-FOR-US: AOL ICQ
CVE-2006-4661 (AOL ICQ Toolbar 1.3 for Internet Explorer (toolbaru.dll) does not ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4660 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS Feed ...)
	NOT-FOR-US: AOL ICQ Toolbar
CVE-2006-4659 (The Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4658 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 uses ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4657 (Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 ...)
	NOT-FOR-US: Panda Platinum Internet Security
CVE-2006-4656 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web Provence SL_Site
CVE-2006-4655 (Buffer overflow in the Strcmp function in the XKEYBOARD extension in X ...)
	NOT-FOR-US: X11R6.4
CVE-2006-4654 (Format string vulnerability in Easy Address Book Web Server 1.2 allows ...)
	NOT-FOR-US: Address Book Web Server
CVE-2006-4653 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll store ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4652 ((1) Amazing Little Poll and (2) Amazing Little Picture Poll have a ...)
	NOT-FOR-US: Amazing Little Poll
CVE-2006-4651 (Directory traversal vulnerability in download/index.php, and possibly ...)
	NOT-FOR-US: Php download
CVE-2006-4650 (Cisco IOS 12.0, 12.1, and 12.2, when GRE IP tunneling is used and the ...)
	NOT-FOR-US: Cisco
CVE-2006-4649 (PHP remote file inclusion vulnerability in bp_news.php in BinGo News ...)
	NOT-FOR-US: BinGo News
CVE-2006-4648 (PHP remote file inclusion vulnerability in bp_ncom.php in BinGo News ...)
	NOT-FOR-US: BinGo News
CVE-2006-4647 (PHP remote file inclusion vulnerability in news.php in Sponge News 2.2 ...)
	NOT-FOR-US: Sponge News
CVE-2006-4646 (Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto ...)
	NOT-FOR-US: Drupal Pathauto module
CVE-2006-4645 (PHP remote file inclusion vulnerability in akarru.gui/main_content.php ...)
	NOT-FOR-US: Social BookMarking Engine
CVE-2006-4644 (PHP remote file inclusion vulnerability in modules/home.module.php in ...)
	NOT-FOR-US: phpFullAnnu
CVE-2006-4643 (SQL injection vulnerability in consult/joueurs.php in Uni-Vert ...)
	NOT-FOR-US: PhpLeague
CVE-2006-4642 (AuditWizard 6.3.2, when using &quot;Remote Audit,&quot; logs the administrator ...)
	NOT-FOR-US: AuditWizard
CVE-2006-4641 (SQL injection vulnerability in kategori.asp in Muratsoft Haber Portal ...)
	NOT-FOR-US: Muratsoft Haber Portal
CVE-2006-4640 (Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-4639 (Multiple PHP remote file inclusion vulnerabilities in C-News.fr C-News ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4638 (PHP remote file inclusion vulnerability in article.php in ACGV News ...)
	NOT-FOR-US: ACGV News
CVE-2006-4637 (Multiple PHP remote file inclusion vulnerabilities in ACGV News 0.9.1 ...)
	NOT-FOR-US: ACGV News
CVE-2006-4636 (Directory traversal vulnerability in SZEWO PhpCommander 3.0 and ...)
	NOT-FOR-US: PhpCommander
CVE-2006-4635 (Unspecified vulnerability in MySource Classic 2.14.6, and possibly ...)
	NOT-FOR-US: MySource Classic
CVE-2006-4634 (Cross-site scripting (XSS) vulnerability in index.php in VBZooM allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-4633 (index.php in SoftBB 0.1, and possibly earlier, allows remote attackers ...)
	NOT-FOR-US: SoftBB
CVE-2006-4632 (Multiple SQL injection vulnerabilities in SoftBB 0.1, and possibly ...)
	NOT-FOR-US: SoftBB
CVE-2006-4631 (Direct static code injection vulnerability in admin/save_opt.php in ...)
	NOT-FOR-US: SoftBB
CVE-2006-4630 (PHP remote file inclusion vulnerability in jscript.php in Sky GUNNING ...)
	NOT-FOR-US: MySpeach
CVE-2006-4629 (PHP remote file inclusion vulnerability in affichage/commentaires.php ...)
	NOT-FOR-US: C-News.fr C-News
CVE-2006-4628 (Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows ...)
	NOT-FOR-US: VCD-db
CVE-2006-4627 (System Information ActiveX control (msinfo.dll), when accessed via ...)
	NOT-FOR-US: System Information ActiveX control
CVE-2006-4626 (Heap-based buffer overflow in alwil avast! Anti-virus Engine before ...)
	NOT-FOR-US: avast! Anti-virus Engine
CVE-2006-4625 (PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass ...)
	- php4 4:4.4.4-1 (bug #391282; unimportant)
	- php5 5.2.0-1 (bug #391281; unimportant)
	NOTE: open_basedir violations not supported in Debian's PHP
CVE-2006-4624 (CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-4623 (The Unidirectional Lightweight Encapsulation (ULE) decapsulation ...)
	{DSA-1304}
	- linux-2.6 2.6.18-1
CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2006-4790 (verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent ...)
	{DSA-1182-1}
	NOTE: GNUTLS-SA-2006-4
	- gnutls13 1.4.4-1 (high)
	- gnutls12 <removed> (high)
	- gnutls11 <removed> (high)
CVE-2006-XXXX [gnutls Adaptive Chosen Ciphertext Attack]
	NOTE: GNUTLS-SA-2006-3 (withdrawn)
	- gnutls13 1.4.3-1 (unimportant)
	- gnutls12 <removed> (unimportant)
	- gnutls11 <removed> (unimportant)
CVE-2006-4622 (PHP remote file inclusion vulnerability in annonce.php in AnnonceV ...)
	NOT-FOR-US: AnnonceV
CVE-2006-4621 (PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, ...)
	NOT-FOR-US: Pheap
CVE-2006-4620 (The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4619 (The start update window in update.exe in Avira AntiVir PersonalEdition ...)
	NOT-FOR-US: Avira
CVE-2006-4618 (PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in ...)
	- libphp-adodb <not-affected> (vulnerable code seems to be In-link specific)
	- egroupware <not-affected> (vulnerable code seems to be In-link specific)
	- moodle <not-affected> (vulnerable code seems to be In-link specific)
	- phppgadmin <not-affected> (vulnerable code seems to be In-link specific)
	- gallery2 <not-affected> (vulnerable code seems to be In-link specific)
	- phpwiki <not-affected> (vulnerable code seems to be In-link specific)
CVE-2006-4617 (Unrestricted file upload vulnerability in fileupload.html in vtiger ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4616 (SMTP service in MailEnable Standard, Professional, and Enterprise ...)
	NOT-FOR-US: MailEnable
CVE-2006-4615 (Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores ...)
	NOT-FOR-US: Shape Services
CVE-2006-4614 (PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords ...)
	NOT-FOR-US: PDAapps Verichat
CVE-2006-4613 (Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow ...)
	NOT-FOR-US: SnapGear
CVE-2006-4612 (SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows ...)
	NOT-FOR-US: ZIXForum
CVE-2006-4611 (Buffer overflow in the _tor_resolve function in dsocks.c in dsocks ...)
	NOT-FOR-US: dsocks
CVE-2006-4610 (PHP remote file inclusion vulnerability in index.php in GrapAgenda ...)
	NOT-FOR-US: GrapAgenda
CVE-2006-4609 (** DISPUTED ** ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4608 (Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4607 (admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote ...)
	NOT-FOR-US: php-Revista
CVE-2006-4606 (Multiple SQL injection vulnerabilities in Longino Jacome php-Revista ...)
	NOT-FOR-US: php-Revista
CVE-2006-4605 (PHP remote file inclusion vulnerability in index.php in Longino Jacome ...)
	NOT-FOR-US: php-Revista
CVE-2006-4604 (PHP remote file inclusion vulnerability in LFXlib/access_manager.php ...)
	NOT-FOR-US: Lanifex Database of Managed Objects (DMO)
CVE-2006-4603 (NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass ...)
	NOT-FOR-US: Swift Sound Web Dictate
CVE-2006-4601 (SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows ...)
	NOT-FOR-US: 1Two
CVE-2006-4600 (slapd in OpenLDAP before 2.3.25 allows remote authenticated users with ...)
	- openldap2.3 2.3.25-1
	- openldap2.2 <removed> (low)
	- openldap2 <not-affected> (low) (slapd not built from this version)
CVE-2006-4599 (SQL injection vulnerability in aut_verifica.inc.php in Autentificator ...)
	NOT-FOR-US: Autentificator
CVE-2006-4598 (Multiple SQL injection vulnerabilities in links.php in ssLinks 1.22 ...)
	NOT-FOR-US: ssLinks
CVE-2006-4597 (SQL injection vulnerability in devam.asp in ICBlogger 2.0 and earlier ...)
	NOT-FOR-US: ICBlogger
CVE-2006-4596 (PHP remote file inclusion in MyBace Light Skrip, when register_globals ...)
	NOT-FOR-US: MyBace Light Skrip
CVE-2006-4595 (muforum (&#181;forum) 0.4c stores membres/members.dat under the web ...)
	NOT-FOR-US: muforum
CVE-2006-4594 (Multiple PHP remote file inclusion vulnerabilities in PHP Advanced ...)
	NOT-FOR-US: phpAtm
CVE-2006-4593 (Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 ...)
	NOT-FOR-US: SoftBB
CVE-2006-4592 (Incomplete blacklist vulnerability in default.asp in 8pixel.net Simple ...)
	NOT-FOR-US: Simple Blog
CVE-2006-4591 (Multiple PHP remote file inclusion vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AltraSoft Template Seller
CVE-2006-4590 (SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP ...)
	NOT-FOR-US: Jetstat.com JS ASP Faq Manager
CVE-2006-4589 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: DynCMS
CVE-2006-4588 (vtiger CRM 4.2.4, and possibly earlier, allows remote attackers to ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4587 (Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM ...)
	NOT-FOR-US: vtiger CRM
CVE-2006-4586 (The admin panel in Tr Forum 2.0 accepts a username and password hash ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4585 (SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4584 (Tr Forum 2.0 allows remote attackers to bypass authentication and add ...)
	NOT-FOR-US: Tr Forum
CVE-2006-4583 (Multiple PHP remote file inclusion vulnerabilities in FlashChat before ...)
	NOT-FOR-US: FlashChat
CVE-2006-4582 (Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e ...)
	NOT-FOR-US: The Address Book
CVE-2006-4581 (Unrestricted file upload vulnerability in The Address Book 1.04e validates ...)
	NOT-FOR-US: The Address Book
CVE-2006-4580 (register.php in The Address Book 1.04e allows remote attackers to ...)
	NOT-FOR-US: The Address Book
CVE-2006-4579 (Directory traversal vulnerability in users.php in The Address Book ...)
	NOT-FOR-US: The Address Book
CVE-2006-4578 (export.php in The Address Book 1.04e writes username and password hash ...)
	NOT-FOR-US: The Address Book
CVE-2006-4577 (Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e ...)
	NOT-FOR-US: The Address Book
CVE-2006-4576 (Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows ...)
	NOT-FOR-US: The Address Book
CVE-2006-4575 (Multiple SQL injection vulnerabilities in The Address Book 1.04e allow remote ...)
	NOT-FOR-US: The Address Book
CVE-2006-4574 (Off-by-one error in the MIME Multipart dissector in Wireshark ...)
	- wireshark 0.99.4-1 (bug #396258; medium)
CVE-2006-4573 (Multiple unspecified vulnerabilities in the &quot;utf8 combining characters ...)
	{DSA-1202-1}
	- screen 4.0.3-0.1 (bug #395225; bug #395999; medium)
CVE-2006-4572 (ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows ...)
	- linux-2.6 2.6.18.dfsg.1-9 (medium)
CVE-2006-4571 (Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-64
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4570 (Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with ...)
	{DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-63
	- thunderbird 1.5.0.7-1
	- mozilla <removed>
CVE-2006-4569 (The popup blocker in Mozilla Firefox before 1.5.0.7 opens the &quot;blocked ...)
	NOTE: MFSA-2006-62
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
	[sarge] - mozilla-firefox <not-affected> (Regression only affecting 1.5)
CVE-2006-4568 (Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-61
	- mozilla <removed> (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (low)
	- thunderbird 1.5.0.7-1
CVE-2006-4567 (Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it ...)
	NOTE: MFSA-2006-58
	- firefox 1.5.dfsg+1.5.0.7-1 (unimportant)
	- thunderbird 1.5.0.7-1 (unimportant)
	[sarge] - mozilla-firefox <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: The internal update mechanism is disabled in Debian
CVE-2006-4566 (Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4565 (Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-57
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (low)
CVE-2006-4564 (SQL injection vulnerability in Sources/ManageBoards.php in Simple ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4563 (Cross-site scripting (XSS) vulnerability in the MyHeadlines before ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-4562 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2006-4561 (Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary ...)
	- xulrunner 1.8.0.7-1 (low)
	- firefox 1.5.dfsg+1.5.0.7-1 (low)
	[sarge] - mozilla <no-dsa> (Mozilla products from Sarge no longer supported)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-4560 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-4559 (Multiple PHP remote file inclusion vulnerabilities in Yet Another ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4558 (DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4557 (** DISPUTED ** ...)
	NOT-FOR-US: Discloser
CVE-2006-4556 (** DISPUTED ** ...)
	NOT-FOR-US: JIM component for Mambo and Joomla!
CVE-2006-4555 (Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control ...)
	NOT-FOR-US: Miniclip CR64Loader ActiveX control
CVE-2006-4554 (Stack-based buffer overflow in the ReadFile function in the ...)
	NOT-FOR-US: BeCubed Compression Plus
CVE-2006-4553 (PHP remote file inclusion vulnerability in plugin.class.php in the ...)
	NOT-FOR-US: com_comprofiler Components for Mambo and Joomla!
CVE-2006-4552 (Cross-site scripting (XSS) vulnerability in CHXO Feedsplitter ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4551 (Eval injection vulnerability in CHXO Feedsplitter 2006-01-21 allows ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4550 (Directory traversal vulnerability in CHXO Feedsplitter 2006-01-21 ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4549 (CHXO Feedsplitter 2006-01-21 allows remote attackers to read the ...)
	NOT-FOR-US: CHXO Feedsplitter
CVE-2006-4548 (e107 0.75 and earlier does not properly unset variables when the input ...)
	NOTE: this should be fixed in PHP (CVE-2006-3017)
CVE-2006-4547 (Lyris ListManager 8.95 allows remote authenticated users to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4546 (Lyris ListManager 8.95 allows remote authenticated users, who have ...)
	NOT-FOR-US: Lyris ListManager
CVE-2006-4545 (** DISPUTED ** ...)
	NOT-FOR-US: ModuleBased CMS Pre-Alpha
CVE-2006-4544 (Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when ...)
	NOT-FOR-US: ExBB
CVE-2006-4543 (Cross-site scripting (XSS) vulnerability in index.php in HLStats 1.34 ...)
	NOT-FOR-US: HLStats
CVE-2006-4542 (Webmin before 1.296 and Usermin before 1.226 do not properly handle a ...)
	{DSA-1199-1}
	- webmin <removed> (bug #391284)
	- usermin <removed>
CVE-2006-4541 (RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2006-4540 (Cross-site scripting (XSS) vulnerability in learncenter.asp in ...)
	NOT-FOR-US: Learn.com LearnCenter
CVE-2006-4539 ((1) includes/widgets/module_company_tickets.php and (2) ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-4538 (Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC ...)
	{DSA-1237 DSA-1233}
	- linux-2.6 2.6.17-9
CVE-2006-4537 (NET$SESSION_CONTROL.EXE in DECnet-Plus in OpenVMS ALPHA 7.3-2 and ...)
	NOT-FOR-US: OpenVMS
CVE-2006-4536 (SQL injection vulnerability in module/rejestracja.php in CMS Frogss ...)
	NOT-FOR-US: CMS Frogss
CVE-2006-4535 (The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.18-1
CVE-2006-4534 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-4533 (Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 ...)
	NOT-FOR-US: Plume CMS
CVE-2006-4532 (PHP remote file inclusion vulnerability in articles/article.php in Yet ...)
	NOT-FOR-US: Yet Another Community System (YACS) CMS
CVE-2006-4531 (PHP remote file inclusion vulnerability in lib/config.php in Pheap CMS ...)
	NOT-FOR-US: Pheap CMS
CVE-2006-4530 (Direct static code injection vulnerability in include/change.php in ...)
	NOT-FOR-US: membrepass
CVE-2006-4529 (SQL injection vulnerability in recherchemembre.php in membrepass 1.5. ...)
	NOT-FOR-US: membrepass
CVE-2006-4528 (Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 ...)
	NOT-FOR-US: membrepass
CVE-2006-4527 (includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when ...)
	NOT-FOR-US: CubeCart
CVE-2006-4526 (SQL injection vulnerability in includes/content/viewCat.inc.php in ...)
	NOT-FOR-US: CubeCart
CVE-2006-4525 (Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and ...)
	NOT-FOR-US: CubeCart
CVE-2006-4524 (Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz ...)
	NOT-FOR-US: Digiappz Freekot
CVE-2006-4523 (The web-based management interface in 2Wire, Inc. HomePortal and ...)
	NOT-FOR-US: 2Wire
CVE-2006-4522 (Unspecified vulnerability in dtterm in IBM AIX 5.2 and 5.3 allows ...)
	NOT-FOR-US: IBM AIX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to ...)
	- libphp-adodb <not-affected>
	- egroupware <not-affected>
	- moodle <not-affected>
	- phppgadmin 4.0.1-2 (unimportant)
	- gallery2 <not-affected>
	- phpwiki <unfixed> (unimportant)
CVE-2006-XXXX [hostapd dos]
	- hostapd 1:0.5.4-1
	[sarge] - hostapd <not-affected> (Vulnerable code not present)
CVE-2006-4521 (The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4520 (ncp in Novell eDirectory before 8.7.3 SP9, and 8.8.x before 8.8.1 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4519 (Multiple integer overflows in the image loader plug-ins in GIMP before ...)
	{DSA-1335-1}
	- gimp 2.2.16-1 (medium)
	NOTE: Security problems were fixed in 2.2.16, but only 2.2.17 fixes a PSD regression
CVE-2006-4518 (Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Qbik WinGate
CVE-2006-4517 (Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Novell iManager
CVE-2006-4516 (Integer signedness error in FreeBSD 6.0-RELEASE allows local users to ...)
	- kfreebsd-5 <removed> (low)
	[etch] - kfreebsd-5 <no-dsa> (no security support for freebsd)
CVE-2006-4515
	RESERVED
CVE-2006-4514 (Heap-based buffer overflow in the ole_info_read_metabat function in ...)
	{DSA-1221-1}
	- libgsf 1.14.2-1
CVE-2006-4513 (Multiple integer overflows in the WV library in wvWare (formerly ...)
	- wv 1.2.4-1 (bug #396256; medium)
	- abiword 2.4.6-1
	[sarge] - abiword 2.4.6-1.1 (bug #396360)
	NOTE: exact abiword fixed version not known, but <= 2.4.6-1
CVE-2006-4512
	RESERVED
CVE-2006-4511 (Messenger Agents (nmma.exe) in Novell GroupWise 2.0.2 and 1.0.6 allows ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-4510 (The evtFilteredMonitorEventsRequest function in the LDAP service in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4509 (Integer overflow in the evtFilteredMonitorEventsRequest function in ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4508 (Unspecified vulnerability in (1) Tor 0.1.0.x before 0.1.0.18 and ...)
	- tor 0.1.1.23-1
CVE-2006-4507 (Unspecified vulnerability in the TIFF viewer (possibly libTIFF) in the ...)
	NOT-FOR-US: Sony
	NOTE: According to the original advisory, this is just CVE-2006-3459
CVE-2006-4506 (idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local ...)
	NOT-FOR-US: Novell Identity Manager
CVE-2006-4505 (CRLF injection vulnerability in links.php in NX5Linx 1.0 allows remote ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4504 (SQL injection vulnerability in NX5Linx 1.0 allows remote attackers to ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4503 (Directory traversal vulnerability in link.php in NX5Linx 1.0 allows ...)
	NOT-FOR-US: NX5Linx
CVE-2006-4502 (ezPortal/ztml CMS 1.0 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4501 (SQL injection vulnerability in index.php in ezPortal/ztml CMS 1.0 ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4500 (Cross-site scripting (XSS) vulnerability in index.php in ezPortal/ztml ...)
	NOT-FOR-US: ezPortal/ztml CMS
CVE-2006-4499 (ModernBill 5.0.4 and earlier uses cURL with insecure settings for ...)
	NOT-FOR-US: ModernBill
CVE-2006-4498 (PHP remote file inclusion vulnerability in sommaire_admin.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2006-4497 (SQL injection vulnerability in comments.php in IwebNegar 1.1 allows ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4496 (Cross-site scripting (XSS) vulnerability in comments.php in IwebNegar ...)
	NOT-FOR-US: IwebNegar
CVE-2006-4495 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-4494 (Microsoft Visual Studio 6.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-4493 (xbiff2 1.9 creates $HOME/.xbiff2rc in a user's home directory with ...)
	NOT-FOR-US: xbiff2
	NOTE: xbase-clients contains xbiff, but it is not affected as it doesn't use a .xbiffrc
CVE-2006-4492 (Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4491 (Directory traversal vulnerability in Cybozu Collaborex, AG before ...)
	NOT-FOR-US: Cybozu Collaborex
CVE-2006-4490 (Multiple directory traversal vulnerabilities in Cybozu Office before ...)
	NOT-FOR-US: Cybozu Office
CVE-2006-4489 (Multiple PHP remote file inclusion vulnerabilities in MiniBill ...)
	NOT-FOR-US: MiniBill
CVE-2006-4488 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ExBB Italia
CVE-2006-4487 (DUware DUpoll 3.0 and 3.1 stores _private/Dupoll.mdb under the web ...)
	NOT-FOR-US: DUpoll
CVE-2006-4486 (Integer overflow in memory allocation routines in PHP before 5.1.6, ...)
	{DSA-1331-1}
	- php5 5.1.6-1
	- php4 4:4.4.4-1
CVE-2006-4485 (The stripos function in PHP before 5.1.5 has unknown impact and attack ...)
	- php5 5.1.6-1
	- php4 <not-affected> (Vulnerable function doesn't exist)
CVE-2006-4484 (Buffer overflow in the LWZReadByte_ function in ...)
	- libgd2 2.0.33-5.1 (medium; bug #384838)
	- xloadimage <unfixed> (unimportant; bug #384841)
	NOTE: xloadimage is a crasher only, not a security problem
CVE-2006-4483 (The cURL extension files (1) ext/curl/interface.c and (2) ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Safe mode violations not supported, insufficient measure
CVE-2006-4482 (Multiple heap-based buffer overflows in the (1) str_repeat and (2) ...)
	{DSA-1206-1}
	- php5 5.1.6-1 (medium)
	- php4 4:4.4.4-1 (medium)
CVE-2006-4481 (The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 ...)
	- php5 5.1.6-1 (unimportant)
	- php4 4:4.4.4-1 (unimportant)
	NOTE: Basedir violations not supported
CVE-2006-4480 (Incomplete blacklist vulnerability in the nk_CSS function in nuked.php ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-4479 (Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual ...)
	NOT-FOR-US: ezContents
CVE-2006-4478 (SQL injection vulnerability in headeruserdata.php in Visual Shapers ...)
	NOT-FOR-US: ezContents
CVE-2006-4477 (Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ...)
	NOT-FOR-US: ezContents
CVE-2006-4476 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla
CVE-2006-4475 (Joomla! before 1.0.11 does not limit access to the Admin Popups ...)
	NOT-FOR-US: Joomla
CVE-2006-4474 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2006-4473 (Unspecified vulnerability in com_content in Joomla! before 1.0.11, ...)
	NOT-FOR-US: Joomla
CVE-2006-4472 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow ...)
	NOT-FOR-US: Joomla
CVE-2006-4471 (The Admin Upload Image functionality in Joomla! before 1.0.11 allows ...)
	NOT-FOR-US: Joomla
CVE-2006-4470 (Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is ...)
	NOT-FOR-US: Joomla
CVE-2006-4469 (Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows ...)
	NOT-FOR-US: Joomla
CVE-2006-4468 (Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related ...)
	NOT-FOR-US: Joomla
CVE-2006-4467 (Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2006-4466 (Joomla! before 1.0.11 does not properly unset variables when the input ...)
	NOT-FOR-US: Joomla
CVE-2006-4465 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2006-4464 (The Nokia Browser, possibly Nokia Symbian 60 Browser 3rd edition, ...)
	NOT-FOR-US: Nokia
CVE-2006-4463 (SQL injection vulnerability in the administrator control panel in ...)
	NOT-FOR-US: JS ASP Faq Manager
CVE-2006-4462 (Gonafish.com LinksCaffe 2.0 and 3.0 do not properly restrict access to ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-4461 (Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly ...)
	NOT-FOR-US: Paessler IPCheck Server Monitor (not related to ipcheck in Debian)
CVE-2006-4460 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4459 (Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause ...)
	NOT-FOR-US: AnywhereUSB/5
CVE-2006-4458 (Directory traversal vulnerability in ...)
	- phpgroupware 0.9.16.011-1 (bug #386061; medium)
CVE-2006-4457 (PHP remote file inclusion vulnerability in index.php in phpECard 2.1.4 ...)
	NOT-FOR-US: phpECard
CVE-2006-4456 (PHP remote file inclusion vulnerability in functions.php in phpECard ...)
	NOT-FOR-US: phpECard
CVE-2006-4455 (** DISPUTED ** ...)
	- xchat <not-affected> (not reproducible)
CVE-2006-4454 (Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats ...)
	NOT-FOR-US: HLstats
CVE-2006-4453 (Cross-site scripting (XSS) vulnerability in PmWiki before 2.1.18 ...)
	NOT-FOR-US: PmWiki
CVE-2006-4452 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Web3news
CVE-2006-4451 (Direct static code injection vulnerability in CJ Tag Board 3.0 allows ...)
	NOT-FOR-US: Tag Board
CVE-2006-4450 (usercp_avatar.php in PHPBB 2.0.20, when avatar uploading is enabled, ...)
	- phpbb2 2.0.21-1 (unimportant)
	NOTE: That's by design and even disabled by default
CVE-2006-4449 (Cross-site scripting (XSS) vulnerability in attachment.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-4448 (Multiple PHP remote file inclusion vulnerabilities in interact 2.2, ...)
	NOT-FOR-US: interact
CVE-2006-4447 (X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, ...)
	{DSA-1193-1}
	- xbase-clients 1:7.1.ds-2 (unimportant)
	- xtrans 1.0.0-6 (unimportant)
	- xorg-server 1:1.0.2-9 (low)
	- libx11 2:1.0.0-7 (unimportant)
	- xdm 1:1.0.5-1 (unimportant)
	- xterm <unfixed> (unimportant)
CVE-2006-4446 (Heap-based buffer overflow in DirectAnimation.PathControl COM object ...)
	NOT-FOR-US: Microsoft
CVE-2006-4445 (** DISPUTED ** ...)
	NOT-FOR-US: CuteNews
CVE-2006-4444 (Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for ...)
	NOT-FOR-US: Cybozu Garoon
CVE-2006-4443 (PHP remote file inclusion vulnerability in myajaxphp.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Video Share Enterprise
CVE-2006-4442 (Cross-site scripting (XSS) vulnerability in PHP iAddressBook before ...)
	NOT-FOR-US: iAddressBook
CVE-2006-4441 (Multiple PHP remote file inclusion vulnerabilities in Ay System ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4440 (PHP remote file inclusion vulnerability in main.php in Ay System ...)
	NOT-FOR-US: Ay System Solutions CMS
CVE-2006-4439 (pkgadd in Sun Solaris 10 before 20060825 installs files with insecure ...)
	NOT-FOR-US: Solaris
CVE-2006-4438 (Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux ...)
	NOT-FOR-US: SpIDer for Dr.Web Scanner
CVE-2006-4437 (Eval injection vulnerability in Tagger LE allows remote attackers to ...)
	NOT-FOR-US: Tagger LE
CVE-2005-4810 (Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-4809 (Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla ...)
	- mozilla <removed> (low)
	- firefox <not-affected> (at least 1.5.0.6 is not vulnerable)
	- xulrunner <not-affected>
	[sarge] - mozilla <no-dsa> (Conceptual problem, not fixable in a backport)
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2006-4602 (Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 ...)
	- tikiwiki 1.9.4+dfsg2-3
CVE-2006-4436 (isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates ...)
	{DSA-1175-1}
	- isakmpd 20041012-4 (bug #385894; medium)
CVE-2006-4435 (OpenBSD 3.8, 3.9, and possibly earlier versions allows ...)
	NOT-FOR-US: OpenBSD
CVE-2006-4434 (Use-after-free vulnerability in Sendmail before 8.13.8 allows remote ...)
	{DSA-1164}
	- sendmail 8.13.8-1 (bug #385054; medium)
CVE-2006-4433 (PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.4-0.1 (unimportant)
	NOTE: Sanitising this is an application's job
CVE-2006-4432 (Directory traversal vulnerability in Zend Platform 2.2.1 and earlier ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4431 (Multiple buffer overflows in the (a) Session Clustering Daemon and the ...)
	NOT-FOR-US: Zend Platform
CVE-2006-4430 (The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2006-4429 (** DISPUTED ** ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4428 (** DISPUTED ** ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-4427 (index.php in eFiction before 2.0.7 allows remote attackers to bypass ...)
	NOT-FOR-US: eFiction
CVE-2006-4426 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: AlberT-EasySite
CVE-2006-4425 (Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4424 (PHP remote file inclusion vulnerability in coin_includes/constants.php ...)
	NOT-FOR-US: phpCOIN
CVE-2006-4423 (Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 ...)
	NOT-FOR-US: Bigace
CVE-2006-4422 (** DISPUTED ** ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-4421 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Yet Another PHP Image Gallery
CVE-2006-4420 (Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 ...)
	NOT-FOR-US: Phaos
CVE-2006-4419 (SQL injection vulnerability in note.php in ProManager 0.73 allows ...)
	NOT-FOR-US: ProManager
CVE-2006-4418 (Directory traversal vulnerability in index.php for Wikepage 2006.2a ...)
	NOT-FOR-US: Wikepage
CVE-2006-4417 (SQL injection vulnerability in edituser.php in Xoops before 2.0.15 ...)
	NOT-FOR-US: Xoops
CVE-2006-4416 (Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4415
	RESERVED
CVE-2006-4414
	RESERVED
CVE-2006-4413 (Apple Remote Desktop before 3.1 uses insecure permissions for certain ...)
	NOT-FOR-US: Apple Remote Desktop
CVE-2006-4412 (WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4411 (The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4410 (The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4409 (The Online Certificate Status Protocol (OCSP) service in the Security ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4408 (The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4407 (The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4406 (Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4405
	RESERVED
CVE-2006-4404 (The Installer application in Apple Mac OS X 10.4.8 and earlier, when ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4403 (The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4402 (Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4401 (Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4400 (Stack-based buffer overflow in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4399 (User interface inconsistency in Workgroup Manager in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4398 (Multiple buffer overflows in the Apple Type Services (ATS) server in ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4397 (Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4396 (The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-4395 (Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4394 (A logic error in LoginWindow in Apple Mac OS X 10.4 through 10.4.7, ...)
	NOT-FOR-US: Mac OS
CVE-2006-4393 (Unspecified vulnerability in LoginWindow in Apple Mac OS X 10.4 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4392 (The Mach kernel, as used in operating systems including (1) Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2006-4391 (Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 ...)
	NOT-FOR-US: Mac OS
CVE-2006-4390 (CFNetwork in Apple Mac OS X 10.4 through 10.4.7 and 10.3.9 allows ...)
	NOT-FOR-US: Mac OS
CVE-2006-4389 (Apple QuickTime before 7.1.3 allows user-assisted remote attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4388 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4387 (Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the ...)
	NOT-FOR-US: Mac OS
CVE-2006-4386 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4385 (Buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4384 (Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4383
	RESERVED
CVE-2006-4382 (Multiple buffer overflows in Apple QuickTime before 7.1.3 allow ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4381 (Integer overflow in Apple QuickTime before 7.1.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2006-4380 (MySQL before 4.1.13 allows local users to cause a denial of service ...)
	{DSA-1169}
	- mysql-dfsg-5.0 <not-affected> (only 4.1 affected)
	- mysql-dfsg <not-affected> (only 4.1 affected)
	- mysql-dfsg-4.1 <removed>
CVE-2006-4379 (Stack-based buffer overflow in the SMTP Daemon in Ipswitch ...)
	NOT-FOR-US: Ipswitch Collaboration 2006 Suite
CVE-2006-4378 (** DISPUTED ** ...)
	NOT-FOR-US: Rssxt component for Joomla! (com_rssxt)
CVE-2006-4377 (Multiple SQL injection vulnerabilities in Guder und Koch ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4376 (Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch ...)
	NOT-FOR-US: Eichhorn Portal
CVE-2006-4375 (** DISPUTED ** ...)
	NOT-FOR-US: Contacts XTD (ContXTD) component for Mambo (com_contxtd)
CVE-2006-4374 (IrfanView 3.98 (with plugins) allows user-assisted attackers to cause ...)
	NOT-FOR-US: IrfanView
CVE-2006-4373 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: pSlash
CVE-2006-4372 (PHP remote file inclusion vulnerability in admin.lurm_constructor.php ...)
	NOT-FOR-US: Lurm Constructor component (com_lurm_constructor) for Mambo
CVE-2006-4371 (Multiple directory traversal vulnerabilities in Alt-N WebAdmin 3.2.3 ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4370 (Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and ...)
	NOT-FOR-US: Alt-N WebAdmin
CVE-2006-4369 (Absolute path traversal vulnerability in includes/functions_portal.php ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4368 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: IntegraMOD Portal
CVE-2006-4367 (SQL injection vulnerability in alltopics.php in the All Topics Hack ...)
	NOT-FOR-US: All Topics Hack for phpBB
CVE-2006-4366 (PHP remote file inclusion vulnerability in index.php in RedBLoG 0.5 ...)
	NOT-FOR-US: RedBLoG
CVE-2006-4365 (Multiple PHP remote file inclusion vulnerabilities in VistaBB 2.0.33 ...)
	NOT-FOR-US: VistaBB
CVE-2006-4364 (Multiple heap-based buffer overflows in the POP3 server in Alt-N ...)
	NOT-FOR-US: Alt-N Technologies MDaemon
CVE-2006-4363 (PHP remote file inclusion vulnerability in admin.cropcanvas.php in the ...)
	NOT-FOR-US: CropImage component (com_cropimage) for Mambo
CVE-2006-4362 (Cross-site scripting (XSS) vulnerability in getad.php in Diesel Paid ...)
	NOT-FOR-US: Diesel Paid Mail
CVE-2006-4361 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Diesel Job Site
CVE-2006-4360 (Cross-site scripting (XSS) vulnerability in E-commerce 4.7 for Drupal ...)
	NOT-FOR-US: E-commerce for Drupal
CVE-2006-4359 (Stack-based buffer overflow in Trident Software PowerZip 7.06 Build ...)
	NOT-FOR-US: PowerZip
CVE-2006-4358 (Cross-site scripting (XSS) vulnerability in index.php in Diesel Pay ...)
	NOT-FOR-US: Diesel Pay
CVE-2006-4357 (PHP remote file inclusion vulnerability in clients/index.php in Diesel ...)
	NOT-FOR-US: Diesel Smart Traffic
CVE-2006-4356 (SQL injection vulnerability in Drupal Easylinks Module ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4355 (Cross-site scripting (XSS) vulnerability in Drupal Easylinks Module ...)
	NOT-FOR-US: Easylinks Module for Drupal
CVE-2006-4354 (PHP remote file inclusion vulnerability in e/class/CheckLevel.php in ...)
	NOT-FOR-US: Phome Empire CMS
CVE-2006-4353 (Unspecified vulnerability in Sun Java System Content Delivery Server ...)
	NOT-FOR-US: Sun Java System Content Delivery Server
CVE-2006-4352 (The ArrowPoint cookie functionality for Cisco 11000 series Content ...)
	NOT-FOR-US: Cisco
CVE-2006-4351 (Cross-site scripting (XSS) vulnerability in index.php in OneOrZero ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4350 (SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows ...)
	NOT-FOR-US: OneOrZero
CVE-2006-4349 (** DISPUTED ** ...)
	NOT-FOR-US: ToendaCMS
CVE-2006-4348 (PHP remote file inclusion vulnerability in config.kochsuite.php in the ...)
	NOT-FOR-US: Kochsuite (com_kochsuite) component for Mambo and Joomla!
CVE-2006-4347 (SQL injection vulnerability in user logon authentication request ...)
	NOT-FOR-US: Cool Manager
CVE-2006-4346 (Asterisk 1.2.10 supports the use of client-controlled variables to ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4345 (Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in ...)
	- asterisk 1:1.2.11.dfsg-1 (medium; bug #385060)
CVE-2006-4344 (CRLF injection vulnerability in CGI-Rescue Mail F/W System (formd) ...)
	NOT-FOR-US: CGI-Rescue Mail F/W System
CVE-2006-4343 (The get_server_hello function in the SSLv2 client code in OpenSSL ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-4342 (The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, ...)
	- linux-2.6 <not-affected> (Flaw specific to Red Hat backport)
CVE-2006-4341
	REJECTED
CVE-2006-4340 (Mozilla Network Security Service (NSS) library before 3.11.3, as used ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	NOTE: MFSA-2006-60, this is the similar to CVE-2006-4339
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.7-1 (high)
	- thunderbird 1.5.0.7-1 (high)
	- xulrunner 1.8.0.7-1 (high)
CVE-2006-4339 (OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, ...)
	{DSA-1174-1 DSA-1173-1}
	- openssl 0.9.8b-3 (medium)
	- openssl097 0.9.7i-2 (medium)
	- openssl096 <removed>
CVE-2006-4338 (unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (medium)
	- lha 1.14i-10.1 (medium; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4337 (Buffer overflow in the make_table function in the LHZ component in ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4336 (Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4335 (Array index error in the make_table function in unlzh.c in the LZH ...)
	{DSA-1181-1}
	- gzip 1.3.5-15 (high)
	- lha 1.14i-10.1 (high; bug #401301)
	[sarge] - lha <no-dsa> (Non-free not supported)
	[etch] - lha <no-dsa> (Non-free not supported)
CVE-2006-4334 (Unspecified vulnerability in gzip 1.3.5 allows context-dependent ...)
	{DSA-1974-1 DSA-1181-1}
	- gzip 1.3.5-15 (high)
CVE-2006-4333 (The SSCOP dissector in Wireshark (formerly Ethereal) before 0.99.3 allows ...)
	{DSA-1171}
	- wireshark 0.99.2-5.1 (low; bug #384529)
	- ethereal <removed> (low; bug #384528)
CVE-2006-4332 (Unspecified vulnerability in the DHCP dissector in Wireshark (formerly ...)
	- wireshark <not-affected> (windows only)
	- ethereal <not-affected> (windows only)
CVE-2006-4331 (Multiple off-by-one errors in the IPSec ESP preference parser in ...)
	- wireshark 0.99.2-5.1 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4330 (Unspecified vulnerability in the SCSI dissector in Wireshark (formerly ...)
	- wireshark 0.99.2-5 (medium; bug #384529)
	- ethereal <not-affected> (only wireshark 0.99.2 affected)
CVE-2006-4329 (Multiple PHP remote file inclusion vulnerabilities in Shadows Rising ...)
	NOT-FOR-US: Shadows Rising
CVE-2006-4328 (SQL injection vulnerability in admin.php in CloudNine Interactive ...)
	NOT-FOR-US: CloudNine
CVE-2006-4327 (Multiple cross-site scripting (XSS) vulnerabilities in add_url.php in ...)
	NOT-FOR-US: CloudNine
CVE-2006-4326 (Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, ...)
	NOT-FOR-US: Ichitaro
CVE-2006-4325 (Cross-site scripting (XSS) vulnerability in gbook.php in Doika ...)
	NOT-FOR-US: Doika
CVE-2006-4324 (Cross-site scripting (XSS) vulnerability in add_url2.php in ...)
	NOT-FOR-US: CityForFree
CVE-2006-4323 (SQL injection vulnerability in list.php in CityForFree indexcity 1.0, ...)
	NOT-FOR-US: CityForFree
CVE-2006-4322 (PHP remote file inclusion vulnerability in estateagent.php in the ...)
	NOT-FOR-US: Mambo
CVE-2006-4321 (PHP remote file inclusion vulnerability in cpg.php in the Coppermine ...)
	NOT-FOR-US: Mambo
CVE-2006-4320 (PHP remote file inclusion vulnerability in sef.php in the OpenSEF ...)
	NOT-FOR-US: OpenSEF for Joomla
CVE-2006-4319 (Buffer overflow in the format command in Solaris 8, 9, and 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2006-4318 (Buffer overflow in WFTPD Server 3.23 allows remote attackers to ...)
	NOT-FOR-US: WFTPD
CVE-2006-4317 (Cross-site scripting (XSS) vulnerability in attachment.php in WoltLab ...)
	NOT-FOR-US: WoltLab
CVE-2006-4316 (SSH Tectia Management Agent 2.1.2 allows local users to gain root ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4315 (Unquoted Windows search path vulnerability in multiple SSH Tectia ...)
	NOT-FOR-US: SSH Tectia Management Agent
CVE-2006-4314 (The manager server in Symantec Enterprise Security Manager (ESM) 6 and ...)
	NOT-FOR-US: Symantec
CVE-2006-4313 (Multiple unspecified vulnerabilities in Cisco VPN 3000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-4312 (Cisco PIX 500 Series Security Appliances and ASA 5500 Series Adaptive ...)
	NOT-FOR-US: Cisco
CVE-2006-4311 (PHP remote file inclusion vulnerability in Sonium Enterprise ...)
	NOT-FOR-US: Sonium Enterprise Adressbook
CVE-2006-4310 (Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of ...)
	{DSA-1227-1 DSA-1225-1 DSA-1224-1}
	- firefox 45.0-1
	- firefox-esr 45.0esr-1
	- iceweasel 2.0+dfsg-1
	- mozilla <removed>
	- mozilla-firefox <removed>
	- xulrunner 1.8.0.8-1
CVE-2006-4309 (VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not ...)
	NOT-FOR-US: AK-Systems Windows Terminal
CVE-2006-4308 (Multiple cross-site scripting (XSS) vulnerabilities in Blackboard ...)
	NOT-FOR-US: Blackboard Learning System
CVE-2006-4307 (Unspecified vulnerability in the format command in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2006-4306 (Unspecified vulnerability in Sun Solaris 8 and 9 before 20060821 ...)
	NOT-FOR-US: Solaris
CVE-2006-4305 (Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote ...)
	{DSA-1190-1}
	- maxdb-7.5.00 7.5.00.34-5 (high; bug #386182)
CVE-2006-4304 (Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD ...)
	- kfreebsd-5 5.4-18 (bug #391289)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4303 (Race condition in (1) libnsl and (2) TLI/XTI API routines in Sun ...)
	NOT-FOR-US: Solaris
CVE-2006-4302 (The Java Plug-in J2SE 1.3.0_02 through 5.0 Update 5, and Java Web ...)
	- sun-java5 1.5.0-07-1
CVE-2006-4301 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2006-4300 (SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and ...)
	NOT-FOR-US: SimpleBlog
CVE-2006-4299 (Cross-site scripting (XSS) vulnerability in tiki-searchindex.php in ...)
	- tikiwiki 1.9.4+dfsg2-2 (low; bug #384796)
CVE-2006-4298 (Multiple directory traversal vulnerabilities in cache.php in ...)
	NOT-FOR-US: osCommerce
CVE-2006-4297 (SQL injection vulnerability in shopping_cart.php in osCommerce before ...)
	NOT-FOR-US: osCommerce
CVE-2006-4296 (PHP remote file inclusion vulnerability in classes/Tar.php in ...)
	NOT-FOR-US: bigAPE-Backup component (com_babackup) for Mambo
CVE-2006-4295 (Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2006-4294 (Directory traversal vulnerability in viewfile in TWiki 4.0.0 through 4.0.4 ...)
	- twiki 1:4.0.4-3 (bug #389267; low)
CVE-2006-4293 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow ...)
	NOT-FOR-US: cPanel
CVE-2006-4292 (Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows ...)
	- honeyd 1.5b-1 (low; bug #384806)
	[sarge] - honeyd <no-dsa> (Minor issue)
CVE-2006-4291 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHlyMail Lite
CVE-2006-4290 (Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, ...)
	NOT-FOR-US: Sony
CVE-2006-4289 (Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x ...)
	NOT-FOR-US: Sony
CVE-2006-4288 (PHP remote file inclusion vulnerability in admin.a6mambocredits.php in ...)
	NOT-FOR-US: a6mambocredits component (com_a6mambocredits) for Mambo
CVE-2006-4287 (Multiple PHP remote file inclusion vulnerabilities in NES Game and NES ...)
	NOT-FOR-US: NES Game and NES System
CVE-2006-4286 (** DISPUTED ** ...)
	NOT-FOR-US: contentpublisher component (com_contentpublisher) for Mambo
CVE-2006-4285 (PHP remote file inclusion vulnerability in news.php in Fantastic News ...)
	NOT-FOR-US: Fantastic News
CVE-2006-4284 (SQL injection vulnerability in comments.asp in LBlog 1.05 and earlier ...)
	NOT-FOR-US: LBlog
CVE-2006-4283 (Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW ...)
	NOT-FOR-US: SOLMETRA SPAW Editor
CVE-2006-4282 (PHP remote file inclusion vulnerability in MamboLogin.php in the ...)
	NOT-FOR-US: MamboWiki component (com_mambowiki) for Mambo and Joomla!
CVE-2006-4281 (PHP remote file inclusion vulnerability in akocomments.php in ...)
	NOT-FOR-US: AkoComment 1.1 module (com_akocomment) for Mambo
CVE-2006-4280 (** DISPUTED ** ...)
	NOT-FOR-US: ANJEL (formerly MaMML) Component (com_anjel) for Mambo
CVE-2006-4279 (SQL injection vulnerability in topic_post.php in XennoBB 2.2.1 and ...)
	NOT-FOR-US: XennoBB
CVE-2006-4278 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SportsPHool
CVE-2006-4277 (Multiple PHP remote file inclusion vulnerabilities in Tutti Nova 1.6 ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4276 (PHP remote file inclusion vulnerability in Tutti Nova 1.6 and earlier ...)
	NOT-FOR-US: Tutti Nova
CVE-2006-4275 (PHP remote file inclusion vulnerability in catalogshop.php in the ...)
	NOT-FOR-US: CatalogShop component for Mambo (com_catalogshop)
CVE-2006-4274
	REJECTED
CVE-2006-4273 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4272 (** DISPUTED ** ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4271 (** DISPUTED ** ...)
	NOT-FOR-US: Jelsoft vBulletin
CVE-2006-4270 (PHP remote file inclusion vulnerability in mambelfish.class.php in the ...)
	NOT-FOR-US: mambelfish component (com_mambelfish) for Mambo
CVE-2006-4269 (** DISPUTED ** ...)
	NOT-FOR-US: x-shop component (com_x-shop) for Mambo and Joomla!
CVE-2006-4268 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 ...)
	NOT-FOR-US: CubeCart
CVE-2006-4267 (Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier ...)
	NOT-FOR-US: CubeCart
CVE-2006-4266 (Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, ...)
	NOT-FOR-US: Symantec
CVE-2006-4265 (Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows ...)
	NOT-FOR-US: Kaspersky
CVE-2006-4264 (** DISPUTED ** ...)
	NOT-FOR-US: lmtg_myhomepage Component (com_lmtg_myhomepage) for Mambo
CVE-2006-4263 (Multiple PHP remote file inclusion vulnerabilities in the Product ...)
	NOT-FOR-US: mambo-phpshop (com_phpshop) for Mambo and Joomla!
CVE-2006-4262 (Multiple buffer overflows in cscope 15.5 and earlier allow ...)
	{DSA-1186-1}
	- cscope 15.5+cvs20060902-1 (low; bug #385893)
CVE-2006-4261
	REJECTED
CVE-2006-4260 (Directory traversal vulnerability in index.php in Fotopholder 1.8 ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4259 (Cross-site scripting (XSS) vulnerability in index.php in Fotopholder ...)
	NOT-FOR-US: Fotopholder
CVE-2006-4258 (Absolute path traversal vulnerability in the get functionality in ...)
	NOT-FOR-US: Anti-Spam SMTP Proxy
CVE-2006-4257 (IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2006-4256 (index.php in Horde Application Framework before 3.1.2 allows remote ...)
	{DSA-1406-1}
	- horde3 3.1.3-1 (low; bug #383416)
CVE-2006-4255 (Cross-site scripting (XSS) vulnerability in horde/imp/search.php in ...)
	- imp4 4.1.3-1 (low; bug #383416)
CVE-2006-4254 (Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-4253 (Concurrency vulnerability in Mozilla Firefox 1.5.0.6 and earlier ...)
	NOTE: MFSA-2006-59
	- xulrunner 1.8.0.7-1 (medium)
	- firefox 1.5.dfsg+1.5.0.7-1 (medium)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.7-1 (low)
	- mozilla-firefox <removed> (unimportant)
	[sarge] - mozilla <unfixed> (unimportant)
	[sarge] - mozilla-thunderbird <unfixed> (unimportant)
	NOTE: On Sarge this is only a crasher, code injection is only possible for Firefox 1.5 et al.
CVE-2006-4252 (PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a ...)
	- pdns-recursor 3.1.4-1 (bug #398559)
	- pdns <not-affected> (Recursor module has been moved to pdns-recursor)
CVE-2006-4251 (Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow ...)
	{DSA-1211}
	- pdns-recursor 3.1.4-1 (bug #398557; high)
	- pdns 2.9.20-4
	NOTE: Recursor module has been moved to pdns-recursor
CVE-2006-4250 (Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows ...)
	{DSA-1278-1}
	- man-db 2.4.3-5
CVE-2006-4249 (Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when ...)
	- zope-cmfplone 2.5.1-3 (bug #401796)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
CVE-2006-4248 (thttpd on Debian GNU/Linux, and possibly other distributions, allows ...)
	{DSA-1205-1}
	- thttpd 2.23beta1-5 (bug #396277)
CVE-2006-4247 (Unspecified vulnerability in the Password Reset Tool before 0.4.1 on ...)
	[sarge] - zope-cmfplone <not-affected> (Vulnerable code not present)
	- zope-cmfplone 2.5.1-1
CVE-2006-4246 (Usermin before 1.220 (20060629) allows remote attackers to read ...)
	{DSA-1177-1}
	- usermin <removed> (bug #374609)
CVE-2006-4245
	RESERVED
	- archivemail 0.6.2-2 (bug #385253)
CVE-2006-4244 (SQL-Ledger 2.4.4 through 2.6.17 authenticates users by verifying that ...)
	{DSA-1239-1}
	- sql-ledger 2.6.18-1 (medium; bug #386519)
CVE-2006-4243 [linux vserver priviledge escalation in remount code]
	RESERVED
	- linux-2.6 2.6.17-9
CVE-2006-4242 (PHP remote file inclusion vulnerability in install.jim.php in the JIM ...)
	NOT-FOR-US: JIM component for Joomla or Mambo
CVE-2006-4241 (PHP remote file inclusion vulnerability in processor/reporter.sql.php ...)
	NOT-FOR-US: Reporter Mambo component (com_reporter)
CVE-2006-4240 (PHP remote file inclusion vulnerability in index.php in Fusion News ...)
	NOT-FOR-US: Fusion News
CVE-2006-4239 (PHP remote file inclusion vulnerability in include/urights.php in ...)
	NOT-FOR-US: Outreach Project Tool
CVE-2006-4238 (SQL injection vulnerability in torrents.php in WebTorrent (WTcom) ...)
	NOT-FOR-US: WebTorrent (WTcom)
CVE-2006-4237 (PHP remote file inclusion vulnerability in pageheaderdefault.inc.php ...)
	NOT-FOR-US: Invisionix Roaming System Remote (IRSR)
CVE-2006-4236 (Multiple PHP remote file inclusion vulnerabilities in POWERGAP allow ...)
	NOT-FOR-US: POWERGAP
CVE-2006-4235 (Buffer overflow in the import project functionality in Sony SonicStage ...)
	NOT-FOR-US: Sony
CVE-2006-4234 (PHP remote file inclusion vulnerability in classes/query.class.php in ...)
	NOT-FOR-US: dotProject
CVE-2006-4233 (Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4232 (Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, ...)
	NOT-FOR-US: Globus Toolkit
CVE-2006-4231 (IrfanView 3.98 (with plugins) allows remote attackers to cause a ...)
	NOT-FOR-US: IrfanView
CVE-2006-4230 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Lizge Web Portal
CVE-2006-4229 (PHP remote file inclusion vulnerability in archive.php in the ...)
	NOT-FOR-US: mosListMessenger Component (com_lm) for Mambo and Joomla!
CVE-2006-4228 (Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before ...)
	NOT-FOR-US: Symantec
CVE-2006-4227 (MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid ...)
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
CVE-2006-4226 (MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when ...)
	{DSA-1169}
	- mysql-dfsg-5.0 5.0.24-3 (low; bug #384798)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
CVE-2006-4225
	REJECTED
CVE-2006-4224 (Cross-site scripting (XSS) vulnerability in calendar.php in Virtual ...)
	NOT-FOR-US: Virtual War
CVE-2006-4223 (IBM WebSphere Application Server (WAS) before 6.0.2.13 allows ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4222 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere Application
CVE-2006-4221 (Stack-based buffer overflow in the IBM Access Support eGatherer ...)
	NOT-FOR-US: IBM
CVE-2006-4220 (Multiple cross-site scripting (XSS) vulnerabilities in webacc in ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-4219 (The Terminal Services COM object (tsuserex.dll) allows remote ...)
	NOT-FOR-US: Terminal Services COM object
CVE-2006-4218 (Directory traversal vulnerability in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4217 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4216
	REJECTED
CVE-2006-4215 (PHP remote file inclusion vulnerability in index.php in Zen Cart ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4214 (Multiple SQL injection vulnerabilities in Zen Cart 1.3.0.2 and earlier ...)
	NOT-FOR-US: Zen Cart
CVE-2006-4213 (PHP remote file inclusion vulnerability in config.php in David Kent ...)
	NOT-FOR-US: Thatware
CVE-2006-4212 (SQL injection vulnerability in b0zz and Chris Vincent Owl Intranet ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4211 (Cross-site scripting (XSS) vulnerability in b0zz and Chris Vincent Owl ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2006-4210 (nu_mail.inc.php in Andreas Kansok phPay 2.02 and 2.02.1, when ...)
	NOT-FOR-US: phPay
CVE-2006-4209 (PHP remote file inclusion vulnerability in install3.php in WEBInsta ...)
	NOT-FOR-US: WEBInsta Mailing List Manager
CVE-2006-4208 (Directory traversal vulnerability in wp-db-backup.php in Skippy ...)
	- wordpress 2.0.5-0.1 (unimportant; bug #384800)
	NOTE: Only exploitable by admin users, someone with the privilege to backup
	NOTE: your data must be trustworthy
CVE-2006-4207 (Multiple PHP remote file inclusion vulnerabilities in Bob Jewell ...)
	NOT-FOR-US: Discloser
CVE-2006-4206 (Cross-site scripting (XSS) vulnerability in calendar.asp in ...)
	NOT-FOR-US: ASPPlayground.NET Forum Advanced Edition
CVE-2006-4205 (Multiple PHP remote file inclusion vulnerabilities in WebDynamite ...)
	NOT-FOR-US: WebDynamite ProjectButler
CVE-2006-4204 (Multiple PHP remote file inclusion vulnerabilities in PHProjekt 5.1 ...)
	NOT-FOR-US: PHProjekt
CVE-2006-4203 (PHP remote file inclusion vulnerability in help.mmp.php in the MMP ...)
	NOT-FOR-US: MMP Component (com_mmp) for Mambo
CVE-2006-4202 (SQL injection vulnerability in proje_goster.php in Spidey Blog Script ...)
	NOT-FOR-US: Spidey Blog Script
CVE-2006-4201 (Unspecified vulnerability in the backup agent and Cell Manager in HP ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-4200 (Unspecified vulnerability in 04WebServer 1.83 and earlier allows ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4199 (Cross-site scripting (XSS) vulnerability in Soft3304 04WebServer 1.83 ...)
	NOT-FOR-US: 04WebServer
CVE-2006-4198 (PHP remote file inclusion vulnerability in includes/session.php in ...)
	NOT-FOR-US: Wheatblog
CVE-2006-4197 (Multiple buffer overflows in libmusicbrainz (aka mb_client or ...)
	{DSA-1162}
	- libmusicbrainz-2.1 2.1.4-1 (medium; bug #383030)
	- libmusicbrainz-2.0 <removed> (medium; bug #383031)
CVE-2006-4196 (PHP remote file inclusion vulnerability in index.php in WEBInsta CMS ...)
	NOT-FOR-US: WEBInsta CMS
CVE-2006-4195 (PHP remote file inclusion vulnerability in param.peoplebook.php in the ...)
	NOT-FOR-US: Peoplebook Component for Mambo (com_peoplebook)
CVE-2005-4808 (Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2005-4807 (Stack-based buffer overflow in the as_bad function in messages.c in ...)
	- binutils 2.17-1 (low)
	[sarge] - binutils <no-dsa> (Only a security-problems in far-fetched configurations)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access ...)
	NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a ...)
	NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, ...)
	NOT-FOR-US: 04WebServer
CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL ...)
	NOT-FOR-US: 04WebServer
CVE-2006-XXXX [gallery2 session ID disclosure]
	- gallery2 2.1.2-1
CVE-2006-XXXX [insecure filehandling in mysql_upgrade]
	- mysql-dfsg-5.0 5.0.24-1
	NOTE: mysql_upgrade not in 4.x
CVE-2006-4194 (** DISPUTED ** ...)
	NOT-FOR-US: Cisco
CVE-2006-4193 (Microsoft Internet Explorer 6.0 SP1 and possibly other versions allows ...)
	NOT-FOR-US: MS IE
CVE-2006-4192 (Multiple buffer overflows in MODPlug Tracker (OpenMPT) 1.17.02.43 and ...)
	- libmodplug 1:0.7-5.2 (medium; bug #383574)
	- gst-plugins-bad0.10 0.10.3-3.1 (medium; bug #407956)
CVE-2006-4191 (Directory traversal vulnerability in memcp.php in XMB (Extreme Message ...)
	NOT-FOR-US: XMB
CVE-2006-4190 (Directory traversal vulnerability in autohtml.php in the AutoHTML ...)
	NOT-FOR-US: PHP-Nuke module AutoHTML
CVE-2006-4189 (Multiple PHP remote file inclusion vulnerabilities in Dolphin 5.1 ...)
	NOT-FOR-US: Dolphin
CVE-2006-4188 (Unspecified vulnerability in the LP subsystem in HP-UX B.11.00, ...)
	NOT-FOR-US: HP-UX
CVE-2006-4187 (Unspecified vulnerability in HP-UX B.11.00, B.11.11 and B.11.23, when ...)
	NOT-FOR-US: HP-UX
CVE-2006-4186 (The iManager in eMBoxClient.jar in Novell eDirectory 8.7.3.8 writes ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4185 (Unspecified vulnerability in the NCPENGINE in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4184 (SmartLine DeviceLock before 5.73 Build 305 does not properly enforce ...)
	NOT-FOR-US: SmartLine DeviceLock
CVE-2006-4183 (Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) ...)
	NOT-FOR-US: Microsoft
CVE-2006-4182 (Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...)
	{DSA-1196-1}
	- clamav 0.88.5-1 (high; bug #393445)
CVE-2006-4181 (Format string vulnerability in the sqllog function in the SQL ...)
	NOT-FOR-US: GNU Radius
CVE-2006-4180
	REJECTED
CVE-2006-4179
	RESERVED
CVE-2006-4178 (Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and ...)
	- kfreebsd-5 <removed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4177 (Heap-based buffer overflow in the NCP engine in Novell eDirectory ...)
	NOT-FOR-US: Novell eDirectory
CVE-2006-4176
	RESERVED
CVE-2006-4175 (The LDAP server (ns-slapd) in Sun Java System Directory Server 5.2 ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-4174
	RESERVED
CVE-2006-4173
	RESERVED
CVE-2006-4172 (Integer overflow vulnerability in the i386_set_ldt call in FreeBSD ...)
	- kfreebsd-5 <removed> (bug #391289; low)
	[etch] - kfreebsd-5 <no-dsa> (Etch doesn't have security support for the FreeBSD kernel)
CVE-2006-4171
	RESERVED
CVE-2006-4170
	REJECTED
CVE-2006-4169 (Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin ...)
	NOT-FOR-US: G/PGP (GPG) plugin for Squirrelmail
CVE-2006-4168 (Integer overflow in the exif_data_load_data_entry function in ...)
	{DSA-1310-1}
	- libexif 0.6.16-1 (bug #430012)
CVE-2006-4167
	RESERVED
CVE-2006-4166 (PHP remote file inclusion vulnerability in TinyWebGallery 1.5 and ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-4165 (Cross-site scripting (XSS) vulnerability in NetCommons 1.0.8 and ...)
	NOT-FOR-US: NetCommons
CVE-2006-4164 (PHP remote file inclusion vulnerability in inc/header.inc.php in ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4163 (** DISPUTED ** ...)
	NOT-FOR-US: miniBloggie
CVE-2006-4162 (Cross-site scripting (XSS) vulnerability in Dragonfly CMS 9.0.6.1 and ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-4161 (Directory traversal vulnerability in the avatar_gallery action in ...)
	NOT-FOR-US: XennoBB
CVE-2006-4160 (Multiple PHP remote file inclusion vulnerabilities in Tony Bibbs and ...)
	NOT-FOR-US: MVCnPHP
CVE-2006-4159 (Multiple PHP remote file inclusion vulnerabilities in Chaussette ...)
	NOT-FOR-US: Chaussette
CVE-2006-4158 (PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 ...)
	NOT-FOR-US: Spaminator
CVE-2006-4157 (Cross-site scripting (XSS) vulnerability in index.php in Yet another ...)
	NOT-FOR-US: Yet another Bulletin Board (YaBB)
CVE-2006-4156 (** DISPUTED ** ...)
	NOT-FOR-US: pearlabs mafia moblog
CVE-2006-4155 (Unspecified vulnerability in func_topic_threaded.php (aka threaded ...)
	NOT-FOR-US: Invision Power Board (IPB)
CVE-2006-4154 (Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x ...)
	NOT-FOR-US: mod_tcl
CVE-2006-4153
	RESERVED
CVE-2006-4152
	RESERVED
CVE-2006-4151
	RESERVED
CVE-2006-4150
	RESERVED
CVE-2006-4149
	RESERVED
CVE-2006-4148
	RESERVED
CVE-2006-4147
	RESERVED
CVE-2006-4146 (Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 ...)
	- gdb <unfixed> (unimportant)
	NOTE: Every sensible use of gdb involves executing the debugged binary
CVE-2006-4145 (The Universal Disk Format (UDF) filesystem driver in Linux kernel ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-7
CVE-2006-4143 (Netgear FVG318 running firmware 1.0.40 allows remote attackers to ...)
	NOT-FOR-US: Netgear
CVE-2006-4142 (SQL injection vulnerability in extra/online.php in Virtual War (VWar) ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4141 (SQL injection vulnerability in news.php in Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War (VWar)
CVE-2006-4140 (Directory traversal vulnerability in IPCheck Server Monitor before ...)
	NOT-FOR-US: IPCheck Server Monitor
CVE-2006-4139 (Race condition in Sun Solaris 10 allows attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2006-4138 (Multiple unspecified vulnerabilities in Microsoft Windows Help File ...)
	NOT-FOR-US: Microsoft
CVE-2006-4137 (IBM WebSphere Application Server before 6.1.0.1 allows attackers to ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4136 (Multiple unspecified vulnerabilities in IBM WebSphere Application ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-4135 (** DISPUTED ** ...)
	NOT-FOR-US: Calendarix
CVE-2006-4134 (Unspecified vulnerability related to a &quot;design flaw&quot; in SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2006-4133 (Heap-based buffer overflow in SAP Internet Graphics Service (IGS) 6.40 ...)
	NOT-FOR-US: SAP
CVE-2006-4132 (ArcSoft MMS Composer 1.5.5.6 and possibly earlier, and 2.0.0.13 and ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4131 (Multiple buffer overflows in ArcSoft MMS Composer 1.5.5.6, and ...)
	NOT-FOR-US: ArcSoft MMS Composer
CVE-2006-4130 (PHP remote file inclusion vulnerability in admin.remository.php in the ...)
	NOT-FOR-US: Remository Component (com_remository) for Mambo and Joomla!
CVE-2006-4129 (PHP remote file inclusion vulnerability in admin.webring.docs.php in ...)
	NOT-FOR-US: Webring Component (com_webring) for Joomla!
CVE-2006-4128 (Multiple heap-based buffer overflows in Symantec VERITAS Backup Exec ...)
	NOT-FOR-US: Symantec VERITAS
CVE-2006-4127 (Multiple format string vulnerabilities in DConnect Daemon 0.7.0 and ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4126 (The dc_chat function in cmd.dc.c in DConnect Daemon 0.7.0 and earlier ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4125 (Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and ...)
	NOT-FOR-US: DConnect Daemon (dcd)
CVE-2006-4124 (The libXm library in LessTif 0.95.0 and earlier allows local users to ...)
	- lesstif2 1:0.94.4-1 (bug #382411; medium)
CVE-2006-4123 (PHP remote file inclusion vulnerability in boitenews4/index.php in ...)
	NOT-FOR-US: Boite de News
CVE-2006-4122 (Simple one-file guestbook 1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Simple one-file guestbook
CVE-2006-4121 (PHP remote file inclusion vulnerability in owimg.php3 in See-Commerce ...)
	NOT-FOR-US: See-Commerce
CVE-2006-4120 (Cross-site scripting (XSS) vulnerability in the Recipe module ...)
	NOT-FOR-US: Recipe module (recipe.module) for Drupal
CVE-2006-4119 (SQL injection vulnerability in gc.php in GeheimChaos 0.5 and earlier ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4118 (Multiple SQL injection vulnerabilities in GeheimChaos 0.5 and earlier ...)
	NOT-FOR-US: GeheimChaos
CVE-2006-4117 (The squeue_drain function in Sun Solaris 10, possibly only when run on ...)
	NOT-FOR-US: Solaris
CVE-2006-4116 (Multiple stack-based buffer overflows in Lhaz before 1.32 allow ...)
	NOT-FOR-US: Lhaz
CVE-2006-4115 (PHP remote file inclusion vulnerability in common.inc.php in PgMarket ...)
	NOT-FOR-US: PgMarket
CVE-2006-4114 (SQL injection vulnerability in view_com.php in Nicolas Grandjean ...)
	NOT-FOR-US: PHPMyRing
CVE-2006-4113 (PHP remote file inclusion vulnerability in genpage-cgi.php in Brian ...)
	NOT-FOR-US: hitweb
CVE-2006-4112 (Unspecified vulnerability in the &quot;dependency resolution mechanism&quot; in ...)
	- rails 1.1.6-1 (bug #382255; medium)
CVE-2006-4111 (Ruby on Rails before 1.1.5 allows remote attackers to execute Ruby ...)
	- rails 1.1.5-1 (bug #382255; medium)
CVE-2006-4110 (Apache 2.2.2, when running on Windows, allows remote attackers to read ...)
	- apache2 <not-affected> (Affects Apache on Windows only)
CVE-2006-4109 (Cross-site scripting (XSS) vulnerability in Bibliography ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4108 (SQL injection vulnerability in Bibliography (biblio.module) 4.6 before ...)
	NOT-FOR-US: Bibliography (biblio.module) for Drupal
CVE-2006-4107 (SQL injection vulnerability in the Job Search module (job.module) 4.6 ...)
	NOT-FOR-US: Job Search module (job.module) for Drupal
CVE-2006-4106 (Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 ...)
	NOT-FOR-US: blur6ex
CVE-2006-4105 (Cross-site scripting (XSS) vulnerability in Fill Threads Database ...)
	NOT-FOR-US: Fill Threads Database
CVE-2006-4104 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4103 (PHP remote file inclusion vulnerability in article-raw.php in Jason ...)
	NOT-FOR-US: phNNTP
CVE-2006-4102 (PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme ...)
	NOT-FOR-US: SQLiteWebAdmin
CVE-2006-4101
	RESERVED
CVE-2006-4100
	RESERVED
CVE-2006-4099 (Business Objects Crystal Enterprise 9 and 10 generates predictable ...)
	NOT-FOR-US: Business Objects
CVE-2006-4098 (Stack-based buffer overflow in the CSRadius service in Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2006-4097 (Multiple unspecified vulnerabilities in the CSRadius service in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-4096 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4095 (BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers ...)
	{DSA-1172-1}
	- bind <not-affected> (Not vulnerable according to CERT advisory)
	- bind9 1:9.3.2-P1-1 (medium; bug #386245; bug #386237)
CVE-2006-4094
	RESERVED
CVE-2006-4093 (Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on ...)
	{DSA-1184-2 DSA-1237}
	- linux-2.6 2.6.17-7
CVE-2006-4092 (Simpliciti Locked Browser does not properly limit a user's actions to ...)
	NOT-FOR-US: Simpliciti Locked Browser
CVE-2006-4091 (Multiple cross-site scripting (XSS) vulnerabilities in Archangel ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-4090 (Cross-site scripting (XSS) vulnerability in Webligo BlogHoster 2.2 ...)
	NOT-FOR-US: Webligo BlogHoster
CVE-2006-4089 (Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and ...)
	{DSA-1179-1}
	- alsaplayer 0.99.76-9 (medium; bug #382842)
CVE-2006-4088 (Multiple cross-site scripting (XSS) vulnerabilities in CivicSpace ...)
	NOT-FOR-US: CivicSpace
CVE-2006-4087 (Cross-site scripting (XSS) vulnerability in admin.cgi in ...)
	NOT-FOR-US: mojoGallery
CVE-2006-4086 (Cross-site scripting (XSS) vulnerability in index.php in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4085 (PHP remote file inclusion vulnerability in Olaf Noehring The Search ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4084 (Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4083 (PHP remote file inclusion vulnerability in viewevent.php in myWebland ...)
	NOT-FOR-US: myEvent
CVE-2006-4082 (Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4081 (preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4080 (DeluxeBB 1.08, and possibly earlier, uses cookies that include the MD5 ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4079 (Cross-site scripting (XSS) vulnerability in newpost.php in DeluxeBB ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4078 (pm.php (aka the PM system) in DeluxeBB 1.08, and possibly earlier, ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-4077 (PHP remote file inclusion vulnerability in CheckUpload.php in Vincenzo ...)
	NOT-FOR-US: Comet WebFileManager
CVE-2006-4076 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4075 (Multiple PHP remote file inclusion vulnerabilities in Wim Fleischhauer ...)
	NOT-FOR-US: docpile: wim's edition
CVE-2006-4074 (PHP remote file inclusion vulnerability in lib/tpl/default/main.php in ...)
	NOT-FOR-US: JD-Wiki Component (com_jd-wiki) for Joomla!
CVE-2006-4073 (Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz ...)
	NOT-FOR-US: phpCC
CVE-2006-4072 (Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 ...)
	NOT-FOR-US: Club-Nuke [XP]
CVE-2006-4144 (Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick ...)
	{DSA-1213}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (medium; bug #383314)
	- graphicsmagick 1.1.7-7 (medium; bug #383333)
CVE-2006-XXXX [crash in the certificate verification logic]
	NOTE: GNUTLS-SA-2006-2
	- gnutls11 <removed> (unimportant)
	- gnutls12 1.2.11-3 (unimportant)
	- gnutls13 1.4.2-1 (unimportant)
	NOTE: Normal bug, no reliable denial of service potential
CVE-2006-4071 (Sign extension vulnerability in the createBrushIndirect function in ...)
	NOT-FOR-US: Microsoft
CVE-2006-4070 (Format string vulnerability in Imendio Planner 0.13 allows ...)
	NOT-FOR-US: Imendio Planner
CVE-2006-4069 (Multiple cross-site scripting (XSS) vulnerabilities in Elaine Aquino ...)
	NOT-FOR-US: Online Zone Journals (OZJournals)
CVE-2006-4068 (The pswd.js script relies on the client to calculate whether a ...)
	NOT-FOR-US: pswd.js
CVE-2006-4067 (Cross-site scripting (XSS) vulnerability in cake/libs/error.php in ...)
	- cakephp 1.1.13.4450-1
CVE-2006-4066 (The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-4065 (Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko ...)
	NOT-FOR-US: SAPID Gallery
CVE-2006-4064 (SQL injection vulnerability in default.asp in YenerTurk Haber Script ...)
	NOT-FOR-US: YenerTurk Haber Script
CVE-2006-4063 (Multiple PHP remote file inclusion vulnerabilities in Csaba Godor ...)
	NOT-FOR-US: SAPID Blog
CVE-2006-4062 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: SAPID Shop
CVE-2006-4061 (** DISPUTED ** ...)
	NOT-FOR-US: phpPrintAnalyzer
CVE-2006-4060 (PHP remote file inclusion vulnerability in calendar.php in Visual ...)
	NOT-FOR-US: Visual Events Calendar
CVE-2006-4059 (Multiple PHP remote file inclusion vulnerabilities in USOLVED ...)
	NOT-FOR-US: USOLVED NEWSolved Lite
CVE-2006-4058 (Cross-site scripting (XSS) vulnerability in archive.php in Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-4057 (Buffer overflow in the preview_create function in gui.cpp in Mitch ...)
	NOT-FOR-US: Eremove
CVE-2006-4056 (Multiple SQL injection vulnerabilities in the authentication process ...)
	NOT-FOR-US: katzlbt The Address Book
CVE-2006-4055 (Multiple PHP remote file inclusion vulnerabilities in Olaf Noehring ...)
	NOT-FOR-US: The Search Engine Project (TSEP)
CVE-2006-4054 (Multiple PHP remote file inclusion vulnerabilities in ME Download ...)
	NOT-FOR-US: ME Download System
CVE-2006-4053 (PHP remote file inclusion vulnerability in templates/header.php in ME ...)
	NOT-FOR-US: ME Download System
CVE-2006-4052 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Simple Shop
CVE-2006-4051 (PHP remote file inclusion vulnerability in global.php in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-4050 (PHP remote file inclusion vulnerability in auto_check_renewals.php in ...)
	NOT-FOR-US: phpAutoMembersArea (phpAMA)
CVE-2006-4049 (Unspecified vulnerability in the utxconfig utility in Sun Ray Server ...)
	NOT-FOR-US: Sun
CVE-2006-4048 (Netious CMS 0.4 initializes session IDs based on the client IP ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4047 (SQL injection vulnerability in index.php in Netious CMS 0.4 and ...)
	NOT-FOR-US: Netious CMS
CVE-2006-4045 (PHP remote file inclusion vulnerability in news.php in Torbstoff News ...)
	NOT-FOR-US: Torbstoff News
CVE-2006-4044 (PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad ...)
	NOT-FOR-US: phpCodeCabinet
CVE-2006-4043 (index.php in myWebland myBloggie 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4042 (Multiple SQL injection vulnerabilities in trackback.php in myWebland ...)
	NOT-FOR-US: myWebland myBloggie
CVE-2006-4041 (SQL injection vulnerability in Pike before 7.6.86, when using a ...)
	- pike7.6 7.6.86-1
	[sarge] - pike7.6 <unfixed> (unimportant; bug #382607; bug #383766)
	[sarge] - pike7.2 <unfixed> (unimportant; bug #382607; bug #383766)
	NOTE: No applications using pike+postgres in Sarge, fix provides
	NOTE: new functions for proper quoting
CVE-2006-4040 (PHP remote file inclusion vulnerability in myevent.php in myWebland ...)
	NOT-FOR-US: myWebland myEvent
CVE-2006-4039 (Multiple SQL injection vulnerabilities in eintragen.php in GaesteChaos ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4038 (Multiple cross-site scripting (XSS) vulnerabilities in eintragen.php ...)
	NOT-FOR-US: GaesteChaos
CVE-2006-4037 (Unspecified vulnerability in Fenestrae Faxination Server allows remote ...)
	NOT-FOR-US: Fenestrae Faxination Server
CVE-2006-4036 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: ZoneX Publishers
CVE-2006-4035 (SQL injection vulnerability in counterchaos.php in CounterChaos 0.48c ...)
	NOT-FOR-US: CounterChaos
CVE-2006-4034 (PHP remote file inclusion vulnerability in include/html/config.php in ...)
	NOT-FOR-US: ModernGigabyte ModernBill
CVE-2006-4033 (Heap-based buffer overflow in Lhaplus.exe in Lhaplus 1.52, and ...)
	NOT-FOR-US: Lhaplus
CVE-2006-4032 (Unspecified vulnerability in Cisco IOS CallManager Express (CME) ...)
	NOT-FOR-US: Cisco
CVE-2006-4031 (MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to ...)
	- mysql-dfsg-5.0 5.0.24-1 (bug #382415; low)
	- mysql-dfsg <removed> (bug #380271; low)
	[sarge] - mysql-dfsg-4.1 <no-dsa> (Now documented design error, no real fix feasible)
	[sarge] - mysql-dfsg <no-dsa> (Now documented design error, no real fix feasible)
CVE-2006-4030 (Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5.3-1
	- gallery2 <not-affected> (vulnerable code not present)
CVE-2006-4029 (Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 ...)
	NOT-FOR-US: AGEphone
CVE-2006-4028 (Multiple unspecified vulnerabilities in WordPress before 2.0.4 have ...)
	- wordpress 2.0.4-1
CVE-2006-4027
	RESERVED
CVE-2006-XXXX [realtime-lsm-source: wrong permissions might lead to local root]
	- realtime-lsm 0.8.7-2 (bug #382161; low)
	[sarge] - realtime-lsm <not-affected>
	NOTE: only to user 1017 or group 1001 and only while root is building the module
CVE-2006-4026 (PHP remote file inclusion vulnerability in SAPID CMS 123 rc3 allows ...)
	NOT-FOR-US: SAPID CMS
CVE-2006-4025 (SQL injection vulnerability in profile.php in XennoBB 2.1.0 and ...)
	NOT-FOR-US: XennoBB
CVE-2006-4024 (The FESTAHES_Load function in pce/hes.c in Festalon 0.5.0 through ...)
	- festalon <not-affected> (vuln. code introduced in 0.5.0)
CVE-2006-4023 (The ip2long function in PHP 5.1.4 and earlier may incorrectly validate ...)
	- php5 <removed> (unimportant; bug #382257)
	- php4 <removed> (unimportant; bug #382270)
	NOTE: Not every lack of protection of programmer's flaws is a vulnerability
	NOTE: See notes by Sean for details
	NOTE: > the entry states that this is more likely a bug in any
	NOTE: > applications not performing further validation/sanitizing,
	NOTE: > and i tend to agree based on the php.net documentation, which
	NOTE: > states: "ip2long() should not be used as the sole form of IP
	NOTE: > validation. Combine it with long2ip()".
CVE-2006-4022 (Intel 2100 PRO/Wireless Network Connection driver PROSet before ...)
	NOT-FOR-US: Intel Windows driver
CVE-2006-4021 (The cryptographic module in ScatterChat 1.0.x allows attackers to ...)
	NOT-FOR-US: ScatterChat
CVE-2006-4020 (scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows ...)
	- php5 5.1.6-1 (unimportant; bug #382256; bug #382262)
	- php4 4:4.4.4-1 (unimportant; bug #382261)
	NOTE: Only exploitable by malicious, local user
CVE-2006-4019 (Dynamic variable evaluation vulnerability in compose.php in ...)
	{DSA-1154}
	- squirrelmail 2:1.4.8-1 (bug #382621)
CVE-2006-4018 (Heap-based buffer overflow in the pefromupx function in ...)
	{DSA-1153}
	- clamav 0.88.4-1 (high; bug #382004; bug #382007)
CVE-2006-4017 (Cross-site scripting (XSS) vulnerability in the search module in Inter ...)
	NOT-FOR-US: Inter Network Marketing (INM) CMS G3
CVE-2006-4016 (Cross-site scripting (XSS) vulnerability in /toendaCMS in toendaCMS ...)
	NOT-FOR-US: toendaCMS
CVE-2006-4015 (Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with ...)
	NOT-FOR-US: Hewlett-Packard
CVE-2006-4014 (Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control ...)
	NOT-FOR-US: Symantec
CVE-2006-4013 (Multiple directory traversal vulnerabilities in Symantec Brightmail ...)
	NOT-FOR-US: Symantec
CVE-2006-4012 (Multiple PHP remote file inclusion vulnerabilities in circeOS SaveWeb ...)
	NOT-FOR-US: circeOS SaveWeb
CVE-2006-4011 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Kayako eSupport
CVE-2006-4010 (SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and ...)
	NOT-FOR-US: Virtual War
CVE-2006-4009 (Cross-site scripting (XSS) vulnerability in war.php in Virtual War ...)
	NOT-FOR-US: Virtual War
CVE-2006-4008 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht Guestbook
CVE-2006-4007 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht Faq
CVE-2006-4006 (The do_gameinfo function in BomberClone 0.11.6 and earlier, and ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4005 (BomberClone 0.11.6 and earlier allows remote attackers to cause a ...)
	{DSA-1180-1}
	- bomberclone 0.11.7-1 (bug #382082; medium)
CVE-2006-4004 (Directory traversal vulnerability in index.php in vbPortal 3.0.2 ...)
	NOT-FOR-US: vbPortal
CVE-2006-4003 (The config method in Henrik Storner Hobbit monitor before 4.1.2p2 ...)
	NOT-FOR-US: Henrik Storner Hobbit monitor
CVE-2006-4002 (Cross-site scripting (XSS) vulnerability in user.module in Drupal 4.6 ...)
	{DSA-1147-1}
	- drupal 4.5.8-2 (bug #382087; medium)
CVE-2006-4001 (Login.pm in Barracuda Spam Firewall (BSF) 3.3.01.001 through ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-4000 (Directory traversal vulnerability in cgi-bin/preview_email.cgi in ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2006-3999 (ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier ...)
	NOT-FOR-US: ISS BlackICE
CVE-2006-3998 (PHP remote file inclusion vulnerability in conf.php in WoWRoster (aka ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3997 (PHP remote file inclusion vulnerability in hsList.php in WoWRoster ...)
	NOT-FOR-US: WoWRoster
CVE-2006-3996 (SQL injection vulnerability in links/index.php in ATutor 1.5.3.1 and ...)
	NOT-FOR-US: ATutor
CVE-2006-3995 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: UHP (User Home Pages) 0.5 component (aka com_uhp) for Mambo
CVE-2006-3994 (SQL injection vulnerability in the u2u_send_recp function in ...)
	NOT-FOR-US: XMB (aka extreme message board)
CVE-2006-3993 (PHP remote file inclusion vulnerability in copyright.php in Olaf ...)
	NOT-FOR-US: The Search Engine Project
CVE-2006-3992 (Unspecified vulnerability in the Centrino (1) w22n50.sys, (2) ...)
	NOT-FOR-US: Intel
CVE-2006-3991 (PHP remote file inclusion vulnerability in index.php in Vlad Vostrykh ...)
	NOT-FOR-US: Voodoo chat
CVE-2006-3990 (Multiple PHP remote file inclusion vulnerabilities in Paul M. Jones ...)
	- egroupware <not-affected>
	NOTE: According to upstream egroupware is not affected, see #382207
CVE-2006-3989 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3988 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3987 (Multiple PHP remote file inclusion vulnerabilities in index.php in ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3986 (PHP remote file inclusion vulnerability in index.php in Knusperleicht ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3985 (Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware ...)
	NOT-FOR-US: ConeXware
CVE-2006-3984 (PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in ...)
	NOT-FOR-US: Phpauction
CVE-2006-3983 (PHP remote file inclusion vulnerability in editprofile.php in ...)
	NOT-FOR-US: php(Reactor)
CVE-2006-3982 (PHP remote file inclusion vulnerability in quickie.php in ...)
	NOT-FOR-US: Knusperleicht
CVE-2006-3981 (PHP remote file inclusion vulnerability in about.mgm.php in Mambo ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3980 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambo Gallery Manager for Mambo
CVE-2006-3979 (The AdminAPI of ColdFusion MX 7 allows attackers to bypass ...)
	NOT-FOR-US: ColdFusion MX
CVE-2006-3978 (Unspecified vulnerability in a Verity third party library, as used on ...)
	NOT-FOR-US: Adobe ColdFusion MX
CVE-2006-3977 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3976 (Unspecified vulnerability in CA eTrust Antivirus WebScan before ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3975 (Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote ...)
	NOT-FOR-US: CA eTrust Antivirus WebScan
CVE-2006-3974 (Cross-site scripting (XSS) vulnerability in cgi-bin/admin in 3Com ...)
	NOT-FOR-US: 3Com
CVE-2006-3973 (My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is ...)
	NOT-FOR-US: My Firewall Plus
CVE-2006-3972 (Directory traversal vulnerability in ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-3971 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Ajax Chat
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by utf8]
	- libxml-parser-perl 2.34-4.2 (bug #378411; medium)
CVE-2006-XXXX [Buffer overflow in XML::Parser::Expat triggered by deep nesting]
	- libxml-parser-perl 2.34-4.1 (bug #378412; medium)
CVE-2006-3970 (PHP remote file inclusion vulnerability in lmo.php in the LMO ...)
	NOT-FOR-US: LMO for joomla
CVE-2006-3969 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Colophon for joomla
CVE-2006-3968 (The crypto provider in Sun Solaris 10 3/05 HW2 without patch ...)
	NOT-FOR-US: Solaris
CVE-2006-3967 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: moskool
CVE-2006-3966 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3965 (Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3964 (PHP remote file inclusion vulnerability in members.php in Banex PHP ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3963 (Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner ...)
	NOT-FOR-US: Banex PHP MySQL Banner Exchange
CVE-2006-3962 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: com_bayesiannaivefilter for mambo
CVE-2006-3961 (Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee ...)
	NOT-FOR-US: McAfee
CVE-2006-3960 (SQL injection vulnerability in top.php in X-Scripts X-Poll, probably ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-3959 (SQL injection vulnerability in protect.php in X-Scripts X-Protection ...)
	NOT-FOR-US: X-Scripts X-Protection
CVE-2006-3958 (Multiple unspecified cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3957 (PHP remote file inclusion vulnerability in payment.php in BosDev ...)
	NOT-FOR-US: BosDates
CVE-2006-3956 (Multiple cross-site scripting (XSS) vulnerabilities in contact.php in ...)
	NOT-FOR-US: Advanced Webhost Billing System
CVE-2006-3955 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB Forum
CVE-2006-3954 (Directory traversal vulnerability in usercp.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3953 (Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3952 (Stack-based buffer overflow in EFS Software Easy File Sharing FTP ...)
	NOT-FOR-US: EFS Software Easy File Sharing FTP
CVE-2006-3951 (PHP remote file inclusion vulnerability in moodle.php in Mam-moodle ...)
	NOT-FOR-US: Mam-moodle alpha component (com_moodle) for Mambo
CVE-2006-3950 (SQL injection vulnerability in x-statistics.php in X-Scripts ...)
	NOT-FOR-US: X-Statistics
CVE-2006-3949 (PHP remote file inclusion vulnerability in artlinks.dispnew.php in the ...)
	NOT-FOR-US: com_artlinks for Mambo
CVE-2006-3948 (Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke ...)
	NOT-FOR-US: php-nuke
CVE-2006-3947 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Mambatstaff
CVE-2006-3946 (WebCore in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows remote ...)
	NOT-FOR-US: Apple Safari 2.0.4
	NOTE: konqueror 3.5.x is not affected
	NOTE: PoC http://web.archive.org/web/20130701013045/http://browserfun.blogspot.com/2006/07/mobb-31-safari-khtmlparserpoponeblock.html
CVE-2006-3945 (The CSS functionality in Opera 9 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Opera
CVE-2006-3944 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3943 (Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3942 (The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3941 (Unspecified vulnerability in the daemons for Sun N1 Grid Engine 5.3 ...)
	NOT-FOR-US: N1 Grid Engine
CVE-2006-3940 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
	NOT-FOR-US: phpbb-Auction
CVE-2006-3939 (ScriptsCenter ezUpload Pro 2.2.0 allows remote attackers to perform ...)
	NOT-FOR-US: ScriptsCenter ezUpload Pro
CVE-2006-3938 (DotClear allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: DotClear
CVE-2006-3937 (post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain ...)
	NOT-FOR-US: x_atrix xGuestBook
CVE-2006-3936 (system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3935 (system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3934 (Absolute path traversal vulnerability in downloadTrigger.jsp in ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-3933 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
	NOT-FOR-US: OpenCms
CVE-2006-3932 (SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 ...)
	NOT-FOR-US: LinksCaffe
CVE-2006-3931 (Buffer overflow in the daemon function in midirecord.cc in Tuomas ...)
	NOT-FOR-US: Midirecord
CVE-2006-3930 (PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php ...)
	NOT-FOR-US: a6mambohelpdesk Mambo Component 18RC1
CVE-2006-3929 (Cross-site scripting (XSS) vulnerability in the Forms/rpSysAdmin ...)
	NOT-FOR-US: Zyxel
CVE-2006-3928 (PHP remote file inclusion vulnerability in index.php in WMNews 0.2a ...)
	NOT-FOR-US: WMNews
CVE-2006-3927 (Cross-site scripting (XSS) vulnerability in auctionsearch.php in ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3926 (Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote ...)
	NOT-FOR-US: PhpProBid
CVE-2006-3925 (Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control ...)
	NOT-FOR-US: ITIRecorder.MicRecorder ActiveX control
CVE-2006-3924 (Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before ...)
	NOT-FOR-US: Dokeos
CVE-2006-3923 (Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse ...)
	NOT-FOR-US: Fire-Mouse Toplist
CVE-2006-3922 (PHP remote file inclusion vulnerability in mod_membre/inscription.php ...)
	NOT-FOR-US: PortailPHP
CVE-2006-3921 (Sun Java System Application Server (SJSAS) 7 through 8.1 and Web ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-3920 (The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3919 (SQL injection vulnerability in index.php in SD Studio CMS allows ...)
	NOT-FOR-US: SD Studio CMS
CVE-2006-3918 (http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 ...)
	{DSA-1167-1}
	- apache2 2.0.55-4.1 (bug #381376; low)
	[sarge] - apache2 2.0.54-5sarge2
	- apache 1.3.34-3 (bug #381381; medium)
CVE-2006-3917 (PHP remote file inclusion vulnerability in inc/gabarits.php in R. ...)
	NOT-FOR-US: PHP Forge
CVE-2006-3916 (Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka ...)
	NOT-FOR-US: Solucija News
CVE-2006-3915 (Microsoft Internet Explorer 6 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3914 (Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite ...)
	NOT-FOR-US: Academic Suite
CVE-2006-3913 (Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul ...)
	{DSA-1142-1}
	- freeciv 2.0.8-3 (bug #381378; medium)
CVE-2006-3912 (Stack-based buffer overflow in the SFX module in WinRAR before 3.60 ...)
	NOT-FOR-US: WinRAR
CVE-2006-3911 (PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 ...)
	NOT-FOR-US: PHP Live
CVE-2006-3910 (Internet Explorer 6 on Windows XP SP2, when Outlook is installed, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3909 (Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads ...)
	NOT-FOR-US: WWWthreads
CVE-2006-3908 (Format string vulnerability in the flush_output function in ...)
	- gnelib 0.75+svn20091130-1
	NOTE: issue was fixed back in 2006 but there hasn't been any
	NOTE: release since 0.70 which is affected
CVE-2006-3907 (Siemens SpeedStream 2624 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Siemens
CVE-2006-3906 (Internet Key Exchange (IKE) version 1 protocol, as implemented on ...)
	NOT-FOR-US: Cisco
CVE-2006-3905 (SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3904 (SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-3903 (CRLF injection vulnerability in (1) index.php and (2) admin.php in ...)
	NOT-FOR-US: Webland MyBloggie
CVE-2006-3902 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3901 (Multiple stack-based buffer overflows in Tumbleweed Email Firewall ...)
	NOT-FOR-US: Tumbleweed Email Firewall
CVE-2006-3900 (Cross-site scripting (XSS) vulnerability in guestbook.php in TP-Book ...)
	NOT-FOR-US: TP-Book
CVE-2006-3899 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3898 (Microsoft Internet Explorer 6.0 on Windows XP SP2 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-3897 (Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3896 (The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies ...)
	NOT-FOR-US: NeoScale Systems CryptoStor
CVE-2006-3895
	RESERVED
CVE-2006-3894 (The RSA Crypto-C before 6.3.1 and Cert-C before 2.8 libraries, as used ...)
	NOT-FOR-US: RSA BSAFE
CVE-2006-3893 (Multiple buffer overflows in the ActiveX controls in Newtone ImageKit ...)
	NOT-FOR-US: Newtone ImageKit
CVE-2006-3892 (The Management Console server in EMC NetWorker (formerly Legato ...)
	NOT-FOR-US: EMC NetWorker
CVE-2006-3891
	RESERVED
CVE-2006-3890 (Stack-based buffer overflow in the Sky Software FileView ActiveX ...)
	NOT-FOR-US: Sky Software FileView ActiveX
CVE-2006-3889
	RESERVED
CVE-2006-3888 (Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader ...)
	NOT-FOR-US: AOL
CVE-2006-3887 (Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX ...)
	NOT-FOR-US: AOL
CVE-2006-3886 (SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3885 (Directory traversal vulnerability in Check Point Firewall-1 R55W ...)
	NOT-FOR-US: Check Point Firewall-1
CVE-2006-3884 (Multiple SQL injection vulnerabilities in links.php in Gonafish ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3883 (Multiple cross-site scripting (XSS) vulnerabilities in Gonafish ...)
	NOT-FOR-US: Gonafish LinksCaffe
CVE-2006-3882 (Shalwan MusicBox 2.3.4 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3881 (Cross-site scripting (XSS) vulnerability in Shalwan MusicBox 2.3.4 and ...)
	NOT-FOR-US: Shalwan MusicBox
CVE-2006-3880 (** DISPUTED ** ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3879 (Integer overflow in the loadChunk function in loaders/load_gt2.c in ...)
	- libmikmod <not-affected> (Debian's 3.1.1 version doesn't have GT2 support)
CVE-2006-3878 (Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql ...)
	NOT-FOR-US: Opsware Network Automation System
CVE-2006-3877 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3876 (Unspecified vulnerability in PowerPoint in Microsoft Office 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3875 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3874
	REJECTED
CVE-2006-3873 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3872
	REJECTED
CVE-2006-3871
	REJECTED
CVE-2006-3870
	REJECTED
CVE-2006-3869 (Heap-based buffer overflow in URLMON.DLL in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-3868 (Unspecified vulnerability in Microsoft Office XP and 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3867 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3866
	REJECTED
CVE-2006-3865
	REJECTED
CVE-2006-3864 (Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3863
	REJECTED
CVE-2006-3862 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3861 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3860 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3859 (IBM Informix Dynamic Server (IDS) allows remote authenticated users to ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3858 (IBM Informix Dynamic Server (IDS) before 9.40.xC8 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3857 (Multiple buffer overflows in IBM Informix Dynamic Server (IDS) before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3856 (IBM Informix Dynamic Server (IDS) before 9.40.xC7 and 10.00 before ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3855 (The ifx_load_internal function in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3854 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC7, ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3853 (Buffer overflow in IBM Informix Dynamic Server (IDS) before 9.40.TC7 ...)
	NOT-FOR-US: IBM Informix Dynamic Server
CVE-2006-3852 (Cross-site scripting (XSS) vulnerability in index.php in Micro ...)
	NOT-FOR-US: Micro GuestBook
CVE-2006-3851 (SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-3850 (** DISPUTED ** ...)
	NOT-FOR-US: Vanilla CMS
CVE-2006-3849 (Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection ...)
	NOT-FOR-US: Warzone
CVE-2006-3848 (Cross-site scripting (XSS) vulnerability in CGI wrapper for IP ...)
	- ipcalc 0.41-1 (bug #381469; low)
	[sarge] - ipcalc <no-dsa> (No exploit potential)
CVE-2006-3847 (PHP remote file inclusion vulnerability in (1) admin.php, and possibly ...)
	NOT-FOR-US: MoSpray
CVE-2006-3846 (PHP remote file inclusion vulnerability in extadminmenus.class.php in ...)
	NOT-FOR-US: MultiBanners
CVE-2006-3845 (Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 ...)
	NOT-FOR-US: WinRAR
CVE-2006-3844 (Buffer overflow in Quick 'n Easy FTP Server 3.0 allows remote ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2006-3843 (PHP remote file inclusion vulnerability in com_calendar.php in ...)
	NOT-FOR-US: Calendar Mambo Module
CVE-2006-3842 (Cross-site scripting (XSS) vulnerability in Zoho Virtual Office 3.2 ...)
	NOT-FOR-US: Zoho Virtual Office
CVE-2006-3841 (Cross-site scripting (XSS) vulnerability in WebScarab before ...)
	NOT-FOR-US: WebScarab
CVE-2006-3840 (The SMB Mailslot parsing functionality in PAM in multiple ISS products ...)
	NOT-FOR-US: various ISS products
CVE-2006-3839
	RESERVED
CVE-2006-3838 (Multiple stack-based buffer overflows in eIQnetworks Enterprise ...)
	NOT-FOR-US: eIQnetworks Enterprise
CVE-2006-XXXX [syslog-ng dos]
	- syslog-ng 2.0rc1-2 (low)
	[sarge] - syslog-ng <not-affected> (Vulnerable code not present)
CVE-2006-XXXX [courier-authdaemon: wrong socket permissions may lead to password disclosure]
	- courier-authlib 0.58-3.1 (bug #378571; medium)
	[sarge] - courier-authlib <not-affected> (bug #378571; medium)
CVE-2006-4046 (Multiple stack-based buffer overflows in Open Cubic Player 2.6.0pre6 ...)
	- ocp 0.1.10rc6-1 (medium; bug #381098)
CVE-2006-XXXX [uqwk buffer overflow]
	- uqwk 2.21-13 (bug #376577; low)
	[sarge] - uqwk <no-dsa> (Minor issue)
CVE-2006-3837 (delcookie.php in Professional Home Page Tools Guestbook changes the ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3836 (Directory traversal vulnerability in index.php in UNIDOmedia Chameleon ...)
	NOT-FOR-US: UNIDOmedia Chameleon
CVE-2006-3835 (Apache Tomcat 5 before 5.5.17 allows remote attackers to list ...)
	- tomcat5 <not-affected> (bug #380361; maintainter can't reproduce)
	- tomcat5.5 <not-affected> (bug #380376; maintainer can't reproduce)
CVE-2006-3834 (EJ3 TOPo 2.2.178 includes the password in cleartext in the ID field to ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3833 (index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3832 (SQL injection vulnerability in index.php in Gerrit van Aaken Loudblog ...)
	NOT-FOR-US: Gerrit van Aaken Loudblog
CVE-2006-3831 (The Backup selection in Kailash Nadh boastMachine (formerly bMachine) ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3830 (The Languages selection in the admin interface in Kailash Nadh ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3829 (Cross-site request forgery (CSRF) vulnerability in bmc/admin.php in ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3828 (Incomplete blacklist vulnerability in Kailash Nadh boastMachine ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3827 (SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3826 (Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh ...)
	NOT-FOR-US: Kailash Nadh boastMachine (formerly bMachine)
CVE-2006-3825 (The IPv4 implementation in Sun Solaris 10 before 20060721 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-3824 (systeminfo.c for Sun Solaris allows local users to read kernel memory ...)
	NOT-FOR-US: Solaris
CVE-2006-3823 (SQL injection vulnerability in index.php in GeodesicSolutions (1) ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions Premier and GeoClassifieds Basic
CVE-2006-3822 (SQL injection vulnerability in index.php in GeodesicSolutions ...)
	NOT-FOR-US: GeodesicSolutions GeoAuctions
CVE-2006-3821 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 ...)
	NOT-FOR-US: ATutor
CVE-2006-3820 (Cross-site scripting (XSS) vulnerability in loudblog/index.php in ...)
	NOT-FOR-US: Loudblog
CVE-2006-3819 (Eval injection vulnerability in the configure script in TWiki 4.0.0 ...)
	- twiki <not-affected> (only 4.0.x is affected)
CVE-2006-3818 (Cross-site scripting (XSS) vulnerability in the login page in Novell ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3817 (Cross-site scripting (XSS) vulnerability in Novell GroupWise WebAccess ...)
	NOT-FOR-US: Novell GroupWise WebAccess
CVE-2006-3816 (Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote ...)
	- krusader <not-affected> (bug #380063; file in directory with 0700 permissions)
CVE-2006-3815 (heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a ...)
	{DSA-1128}
	- heartbeat 1.2.4-13 (bug #379904; bug #380289)
CVE-2006-3814 (Buffer overflow in the Loader_XM::load_instrument_internal function in ...)
	{DSA-1166}
	- cheesetracker 0.9.9-6 (bug #380364; low)
CVE-2006-3813 (A regression error in the Perl package for Red Hat Enterprise Linux 4 ...)
	NOT-FOR-US: Perl in Red Hat Enterprise Linux 4
CVE-2006-3812 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-56
	[sarge] - mozilla <not-affected>
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (unimportant)
	[sarge] - mozilla-thunderbird <not-affected> (unimportant)
CVE-2006-3811 (Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-55
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3810 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox 1.5 before ...)
	{DSA-1159}
	NOTE: MFSA-2006-54
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3809 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-53
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3808 (Mozilla Firefox before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-52
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <removed> (medium)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1
CVE-2006-3807 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-51
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3806 (Multiple integer overflows in the Javascript engine in Mozilla Firefox ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3805 (The Javascript engine in Mozilla Firefox before 1.5.0.5, Thunderbird ...)
	{DSA-1161 DSA-1160 DSA-1159}
	NOTE: MFSA-2006-50
	- mozilla <removed> (high)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <removed> (high)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <removed> (medium)
CVE-2006-3804 (Heap-based buffer overflow in Mozilla Thunderbird before 1.5.0.5 and ...)
	NOTE: MFSA-2006-49
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	[sarge] - mozilla <not-affected> (mozilla 1.7 not affected)
	- mozilla <removed> (high)
	- thunderbird 1.5.0.5-1 (high)
	- mozilla-thunderbird <not-affected> (high)
CVE-2006-3803 (Race condition in the JavaScript garbage collection in Mozilla Firefox ...)
	NOTE: MFSA-2006-48
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3802 (Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-47
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (medium)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (medium)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3801 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not ...)
	NOTE: MFSA-2006-44
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- mozilla-thunderbird <not-affected> (only firefox >= 1.5)
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- xulrunner 1.8.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
CVE-2006-3800 (Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3799 (DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3798 (DeluxeBB 1.07 and earlier allows remote attackers to overwrite the (1) ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3797 (SQL injection vulnerability in DeluxeBB 1.07 and earlier allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3796 (DeluxeBB 1.07 and earlier does not properly handle a username composed ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3795 (Multiple cross-site scripting (XSS) vulnerabilities in DeluxeBB before ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3794 (** DISPUTED ** ...)
	NOT-FOR-US: AFCommerce
CVE-2006-3793 (PHP remote file inclusion vulnerability in constants.php in SiteDepth ...)
	NOT-FOR-US: SiteDepth
CVE-2006-3792 (SQL injection vulnerability in ServerClientUfo::recv_packet in ...)
	NOT-FOR-US: UFO2000
CVE-2006-3791 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
	NOT-FOR-US: UFO2000
CVE-2006-3790 (The decode_stringmap function in server_transport.cpp for UFO2000 svn ...)
	NOT-FOR-US: UFO2000
CVE-2006-3789 (Multiple array index errors in the (1) recv_rules, (2) ...)
	NOT-FOR-US: UFO2000
CVE-2006-3788 (Multiple buffer overflows in multiplay.cpp in UFO2000 svn 1057 allow ...)
	NOT-FOR-US: UFO2000
CVE-2006-3787 (kpf4ss.exe in Sunbelt Kerio Personal Firewall 4.3.x before 4.3.268 ...)
	NOT-FOR-US: Sunbelt Kerio Personal Firewall
CVE-2006-3786 (Symantec pcAnywhere 12.5 uses weak integrity protection for .cif (aka ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3785 (Symantec pcAnywhere 12.5 obfuscates the passwords in a GUI textbox ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3784 (Symantec pcAnywhere 12.5 uses weak default permissions for the ...)
	NOT-FOR-US: Symantec pcAnywhere
CVE-2006-3783 (Sun Solaris 10 allows local users to cause a denial of service (panic) ...)
	NOT-FOR-US: Solaris
CVE-2006-3782 (Unspecified vulnerability in the kernel debugger (kmdb) in Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2006-3781 (Unspecified vulnerability in Sun Solaris 10 allows context-dependent ...)
	NOT-FOR-US: Solaris
CVE-2006-3780 (Keyifweb Keyif Portal 2.0 stores sensitive information under the web ...)
	NOT-FOR-US: Keyifweb Keyif Portal
CVE-2006-3779 (Citrix MetaFrame up to XP 1.0 Feature 1, except when running on ...)
	NOT-FOR-US: Citrix
CVE-2006-3778 (IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to ...)
	NOT-FOR-US: IBM
CVE-2006-3777 (PHP remote file inclusion vulnerability in index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot PhpLinkExchange
CVE-2006-3776 (PHP remote file inclusion vulnerability in order/index.php in IDevSpot ...)
	NOT-FOR-US: IDevSpot (1) PhpHostBot 1.0 and (2) AutoHost 3.0
CVE-2006-3775 (SQL injection vulnerability in the init function in class_session.php ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3774 (PHP remote file inclusion vulnerability in performs.php in the ...)
	NOT-FOR-US: perForms component (com_performs) for Joomla!
CVE-2006-3773 (PHP remote file inclusion vulnerability in smf.php in the SMF-Forum ...)
	NOT-FOR-US: MF-Forum Bridge Component (com_smf) For Joomla! and Mambo
CVE-2006-3772 (PHP-Post 0.21 and 1.0, and possibly earlier versions, when auto-login ...)
	NOT-FOR-US: PHP-Post
CVE-2006-3771 (Multiple PHP remote file inclusion vulnerabilities in component.php in ...)
	NOT-FOR-US: iManage CMS
CVE-2006-3770 (Multiple SQL injection vulnerabilities in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-3769 (Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and ...)
	NOT-FOR-US: Top XL
CVE-2006-3768 (Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3767 (Cross-site scripting (XSS) vulnerability in showprofile.php in ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3766 (Darren's $5 Script Archive osDate 1.1.7 and earlier allows users to ...)
	NOT-FOR-US: Darren's $5 Script Archive osDate
CVE-2006-3765 (Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher ...)
	NOT-FOR-US: uttenlocher Webdesign hwdeGUEST
CVE-2006-3764 (Till Gerken phpPolls 1.0.3 allows remote attackers to create a new ...)
	NOT-FOR-US: phpPolls
CVE-2006-3763 (SQL injection vulnerability in category.php in Diesel Joke Site allows ...)
	NOT-FOR-US: Diesel Joke Site
CVE-2006-3762 (The Touch Control ActiveX control 2.0.0.55 allows remote attackers to ...)
	NOT-FOR-US: Touch Control ActiveX control
CVE-2006-3761 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3760 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3759 (Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3758 (inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3757 (index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Zen Cart
CVE-2006-3756 (Cross-site scripting (XSS) vulnerability in Geeklog 1.4.0sr4 and ...)
	NOT-FOR-US: Geeklog
CVE-2006-3755 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3754 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: FlushCMS
CVE-2006-3753 (setcookie.php for the administration login in Professional Home Page ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3752 (Multiple SQL injection vulnerabilities in class.php in Professional ...)
	NOT-FOR-US: Professional Home Page Tools Guestbook
CVE-2006-3751 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: HTMLArea3
CVE-2006-3750 (PHP remote file inclusion vulnerability in server.php in the Hashcash ...)
	NOT-FOR-US: Hashcash Component (com_hashcash) for Joomla
CVE-2006-3749 (PHP remote file inclusion vulnerability in sitemap.xml.php in Sitemap ...)
	NOT-FOR-US: Sitemap component (com_sitemap) for Mambo
CVE-2006-3748 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: LoudMouth Component for Mambo
CVE-2006-3747 (Off-by-one error in the ldap scheme handling in the Rewrite module ...)
	{DSA-1132-1 DSA-1131-1}
	- apache 1.3.34-3 (medium; bug #380231)
	- apache2 2.0.55-4.1 (medium; bug #380182)
CVE-2006-3746 (Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote ...)
	{DSA-1141-1 DSA-1140-1}
	- gnupg 1.4.5-1 (medium; bug #381204)
	- gnupg2 1.9.20-2 (medium)
CVE-2006-3745 (Unspecified vulnerability in the sctp_make_abort_user function in the ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.17-7
CVE-2006-3744 (Multiple integer overflows in ImageMagick before 6.2.9 allows ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-7
CVE-2006-3743 (Multiple buffer overflows in ImageMagick before 6.2.9 allow ...)
	{DSA-1168-1}
	- imagemagick 7:6.2.4.5.dfsg1-0.10 (bug #385062)
	- graphicsmagick 1.1.7-8
CVE-2006-3742 (The KDE PAM configuration shipped with Fedora Core 5 causes KDM ...)
	- kdebase <not-affected>
	NOTE: only in Fedora
CVE-2006-3741 (The perfmonctl system call (sys_perfmonctl) in Linux kernel 2.4.x and ...)
	{DSA-1233}
	- linux-2.6 2.6.18-1
CVE-2006-3740 (Integer overflow in the scan_cidfont function in X.Org 6.8.2 and ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3739 (Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X ...)
	{DSA-1193-1}
	- libxfont 1:1.2.2-1
CVE-2006-3738 (Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-XXXX [htdig: several unspecified security problems]
	- htdig 1:3.2.0b6-1
CVE-2006-XXXX [ldap account manager sets trivial password instead of disabling it]
	- ldap-account-manager 1.0.2-1.1 (bug #368804; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-XXXX [ldap account manager wrongly unlocks some passwords]
	- ldap-account-manager 1.0.3-1 (bug #375453; medium)
	[sarge] - ldap-account-manager <not-affected>
CVE-2006-3737 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Plesk
CVE-2006-3736 (PHP remote file inclusion vulnerability in core/videodb.class.xml.php ...)
	NOT-FOR-US: VideoDB for Mambo
CVE-2006-3735 (Multiple PHP remote file inclusion vulnerabilities in Mail2Forum ...)
	NOT-FOR-US: Mail2Forum
CVE-2006-3734 (Multiple unspecified vulnerabilities in the Command Line Interface ...)
	NOT-FOR-US: Cisco
CVE-2006-3733 (jmx-console/HtmlAdaptor in the jmx-console in the JBoss web ...)
	NOT-FOR-US: Cisco
CVE-2006-3732 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2006-3731 (Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted ...)
	- firefox 1.5.dfsg+1.5.0.6-1 (bug #379050; low)
	[sarge] - mozilla-firefox <not-affected> (Unreproducible on Sarge)
CVE-2006-3730 (Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 ...)
	NOT-FOR-US: MSIE
CVE-2006-3729 (DataSourceControl in Internet Explorer 6 on Windows XP SP2 with Office ...)
	NOT-FOR-US: MSIE
CVE-2006-3728 (Unspecified vulnerability in the kernel in Solaris 10 with patch ...)
	NOT-FOR-US: Solaris
CVE-2006-3727 (Multiple SQL injection vulnerabilities in Eskolar CMS 0.9.0.0 allow ...)
	NOT-FOR-US: Eskolar CMS
CVE-2006-3726 (Buffer overflow in FileCOPA FTP Server before 1.01 released on 18th ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-3725 (Norton Personal Firewall 2006 9.1.0.33 allows local users to cause a ...)
	NOT-FOR-US: Norton Personal Firewall
CVE-2006-3724 (Unspecified vulnerability in JD Edwards HTML Server for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3723 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3722 (Unspecified vulnerability in PeopleSoft Enterprise Portal for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3721 (Multiple unspecified vulnerabilities in Oracle Management Service for ...)
	NOT-FOR-US: Oracle
CVE-2006-3720 (Unspecified vulnerability in Enterprise Config Management for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3719 (Unspecified vulnerability in CORE: Repository for Oracle Enterprise ...)
	NOT-FOR-US: Oracle
CVE-2006-3718 (Multiple unspecified vulnerabilities in Oracle Exchange for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3717 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-3716 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-3715 (Unspecified vulnerability in Calendar for Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-3714 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3713 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3712 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3711 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3710 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3709 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3708 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3707 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3706 (Unspecified vulnerability in OC4J for Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-3705 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
	NOT-FOR-US: Oracle
CVE-2006-3704 (Unspecified vulnerability in the Oracle ODBC Driver for Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3703 (Unspecified vulnerability in InterMedia for Oracle Database 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-3702 (Multiple unspecified vulnerabilities in Oracle Database 8.1.7.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-3701 (Unspecified vulnerability in the Dictionary component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3700 (Multiple unspecified vulnerabilities in Oracle Database 9.2.0.6 and ...)
	NOT-FOR-US: Oracle
CVE-2006-3699 (Unspecified vulnerability in the Core RDBMS component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-3698 (Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have ...)
	NOT-FOR-US: Oracle
CVE-2006-3697 (Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3696 (filtnt.sys in Outpost Firewall Pro before 3.51.759.6511 (462) allows ...)
	NOT-FOR-US: Outpost Firewall Pro
CVE-2006-3694 (Multiple unspecified vulnerabilities in Ruby before 1.8.5 allow remote ...)
	{DSA-1157 DSA-1139-1}
	- ruby1.8 1.8.4-3 (bug #378029; medium)
	- ruby1.9 1.9.0+20060609-1 (medium)
CVE-2006-3693 (Rocks Clusters 4.1 and earlier allows local users to gain privileges ...)
	NOT-FOR-US: Rocks Clusters
CVE-2006-3692 (** DISPUTED ** ...)
	NOT-FOR-US: ListMessenger
CVE-2006-3691 (Multiple SQL injection vulnerabilities in VBZooM 1.11 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3690 (Multiple PHP remote file inclusion vulnerabilities in MiniBB Forum ...)
	NOT-FOR-US: MiniBB
CVE-2006-3689 (** DISPUTED ** ...)
	NOT-FOR-US: Codeworks Gnomedia SubberZ[Lite]
CVE-2006-3688 (SQL injection vulnerability in Room.php in Francisco Charrua ...)
	NOT-FOR-US: Francisco Charrua Photo-Gallery
CVE-2006-3687 (Stack-based buffer overflow in the Universal Plug and Play (UPnP) ...)
	NOT-FOR-US: D-Link
CVE-2006-3686 (Unspecified vulnerability in [SYSEXE]SMPUTIL.EXE in HP OpenVMS 7.3-2 ...)
	NOT-FOR-US: HP OpenVMS
CVE-2006-3685 (PHP remote file inclusion vulnerability in CzarNews 1.12 through 1.14 ...)
	NOT-FOR-US: CzarNews
CVE-2006-3684 (PHP remote file inclusion vulnerability in calendar.php in SoftComplex ...)
	NOT-FOR-US: SoftComplex PHP Event Calendar
CVE-2006-3683 (PHP remote file inclusion vulnerability in poll.php in Flipper Poll ...)
	NOT-FOR-US: Flipper Poll
CVE-2006-3682 (awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote ...)
	- awstats 6.5-2 (bug #378960; low)
	[sarge] - awstats 6.4-1sarge3
	NOTE: A previous DSA introduced a fix that renders this vulnerability in ineffective
CVE-2006-3681 (Multiple cross-site scripting (XSS) vulnerabilities in awstats.pl in ...)
	- awstats 6.5-2 (bug #378960; unimportant)
	NOTE: Path disclosure is not an issue for Debian
CVE-2006-3680 (Cross-site scripting (XSS) vulnerability in photocycle in Photocycle ...)
	NOT-FOR-US: Photocycle
CVE-2006-3679 (FatWire Content Server 5.5.0 allows remote attackers to bypass access ...)
	NOT-FOR-US: FatWire Content Server
CVE-2006-3678 (TippingPoint IPS running the TippingPoint Operating System (TOS) ...)
	NOT-FOR-US: TippingPoint
CVE-2006-3677 (Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows ...)
	NOTE: MFSA-2006-45
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird <not-affected>
	- mozilla-thunderbird <not-affected>
CVE-2006-3676 (admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote ...)
	NOT-FOR-US: planetGallery
CVE-2006-3675 (Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the ...)
	NOT-FOR-US: Password Safe
	NOTE: mypasswordsafe and pwsafe might use code from Password Safe,
	NOTE: but the problematic functionality is not present
CVE-2006-3674 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3673 (nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote ...)
	- armagetron 0.2.8.2.1-1 (bug #379062; low)
	[sarge] - armagetron <no-dsa> (Minor game DoS)
	[etch] - armagetron <no-dsa> (Minor game DoS)
CVE-2006-3672 (KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a ...)
	- kdelibs 4:3.5.4-1 (bug #378962; unimportant)
CVE-2006-3671 (Cross-site request forgery (CSRF) vulnerability in the communicate ...)
	{DTSA-31-1}
	- hyperestraier 1.3.3-1 (bug #379060; low)
CVE-2006-3670 (Stack-based buffer overflow in Winlpd 1.26 allows remote attackers to ...)
	NOT-FOR-US: Winlpd
CVE-2006-3669 (Mercury Messenger, possibly 1.7.1.1 and other versions, when running ...)
	NOT-FOR-US: Mercury Messenger
CVE-2006-3668 (Heap-based buffer overflow in the it_read_envelope function in Dynamic ...)
	{DSA-1123}
	- libdumb 1:0.9.3-5 (bug #379064; medium)
CVE-2006-3667 (Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking ...)
	NOT-FOR-US: Sybase/Financial Fusion Consumer Banking Suite
CVE-2006-3666 (SQL injection vulnerability in AjaxPortal 3.0, with magic_quotes_gpc ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3665 (SquirrelMail 1.4.6 and earlier, with register_globals enabled, allows ...)
	- squirrelmail 2:1.4.7-1 (unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3664 (Unspecified vulnerability in NIS server on Sun Solaris 8, 9, and 10 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-3663 (Finjan Vital Security Appliance 5100/8100 NG 8.3.5 stores passwords in ...)
	NOT-FOR-US: Finjan Appliance
CVE-2006-3662 (** DISPUTED ** ...)
	NOT-FOR-US: ATutor
CVE-2006-3661 (Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-3660 (Unspecified vulnerability in Microsoft PowerPoint 2003 has unknown ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3659 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3658 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3657 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3656 (Unspecified vulnerability in Microsoft PowerPoint 2003 allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3655 (Unspecified vulnerability in mso.dll in Microsoft PowerPoint 2003 ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3654 (Buffer overflow in wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3653 (wksss.exe 8.4.702.0 in Microsoft Works Spreadsheet 8.0 allows remote ...)
	NOT-FOR-US: Microsoft Works Spreadsheet
CVE-2006-3652 (Microsoft Internet Security and Acceleration (ISA) Server 2004 allows ...)
	NOT-FOR-US: Microsoft Internet Security and Acceleration Server
CVE-2006-3651 (Unspecified vulnerability in Microsoft Word 2000, 2002, and Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-3650 (Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X for Mac do not ...)
	NOT-FOR-US: Microsoft
CVE-2006-3649 (Buffer overflow in Microsoft Visual Basic for Applications (VBA) SDK ...)
	NOT-FOR-US: Microsoft
CVE-2006-3648 (Unspecified vulnerability in Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3647 (Integer overflow in Microsoft Word 2000, 2002, 2003, 2004 for Mac, and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3646
	REJECTED
CVE-2006-3645
	REJECTED
CVE-2006-3644
	REJECTED
CVE-2006-3643 (Cross-site scripting (XSS) vulnerability in Internet Explorer 5.01 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-3642
	REJECTED
CVE-2006-3641
	REJECTED
CVE-2006-3640 (Microsoft Internet Explorer 5.01 and 6 allows certain script to ...)
	NOT-FOR-US: Microsoft
CVE-2006-3639 (Microsoft Internet Explorer 5.01 and 6 does not properly identify the ...)
	NOT-FOR-US: Microsoft
CVE-2006-3638 (Microsoft Internet Explorer 5.01 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2006-3637 (Microsoft Internet Explorer 5.01 SP4 and 6 does not properly handle ...)
	NOT-FOR-US: Microsoft
CVE-2006-3636 (Multiple cross-site scripting (XSS) vulnerabilities in Mailman before ...)
	{DSA-1188-1}
	- mailman 1:2.1.8-3
CVE-2006-3635 (The ia64 subsystem in the Linux kernel before 2.6.26 allows local users ...)
	- linux <not-affected> (Fixed before initial rename to src:linux)
	NOTE: https://bugzilla.suse.com/show_bug.cgi?id=199440
	NOTE: Fixed by: https://git.kernel.org/linus/4dcc29e1574d88f4465ba865ed82800032f76418 (2.6.26-rc5)
CVE-2006-3634 (The (1) __futex_atomic_op and (2) futex_atomic_cmpxchg_inatomic ...)
	- linux-2.6 2.6.17-1 (medium)
CVE-2006-3633 (OSSP shiela 1.1.5 and earlier allows remote authenticated users to ...)
	NOT-FOR-US: shiela
CVE-2006-3632 (Buffer overflow in Wireshark (aka Ethereal) 0.8.16 to 0.99.0 ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3631 (Unspecified vulnerability in the SSH dissector in Wireshark (aka ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3630 (Multiple off-by-one errors in Wireshark (aka Ethereal) 0.9.7 to ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3629 (Unspecified vulnerability in the MOUNT dissector in Wireshark ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3628 (Multiple format string vulnerabilities in Wireshark (aka Ethereal) ...)
	{DSA-1127}
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
CVE-2006-3627 (Unspecified vulnerability in the GSM BSSMAP dissector in Wireshark ...)
	- ethereal <removed> (bug #378745; high)
	- wireshark 0.99.2-1 (high)
	[sarge] - ethereal <no-dsa> (Vulnerable code not present)
CVE-2006-3625 (FLV Players 8 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FLV Players
CVE-2006-3624 (Multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 ...)
	NOT-FOR-US: FLV Players
CVE-2006-3623 (Directory traversal vulnerability in Framework Service component in ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2006-3622 (The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3621 (SQL injection vulnerability in the showtopic module in Koobi Pro CMS ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3620 (Cross-site scripting (XSS) vulnerability in the showtopic module in ...)
	NOT-FOR-US: Koobi Pro CMS
CVE-2006-3619 (Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC ...)
	{DSA-1170}
	- gcc-4.1 4.1.1-11 (bug #368397; low)
	- gcc-3.4 3.4.4-0
	NOTE: gcc-3.4 no longer builds the fastjar package
CVE-2006-3618 (SQL injection vulnerability in pblguestbook.php in Pixelated By Lev ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3617 (Cross-site scripting (XSS) vulnerability in pblguestbook.php in ...)
	NOT-FOR-US: Pixelated By Lev (PBL) Guestbook
CVE-2006-3616 (Multiple cross-site scripting (XSS) vulnerabilities in Carbonize ...)
	NOT-FOR-US: Carbonize Lazarus Guestbook
CVE-2006-3615 (Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, ...)
	NOT-FOR-US: Phorum
CVE-2006-3614 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3613 (Multiple cross-site scripting (XSS) vulnerabilities in Chamberland ...)
	NOT-FOR-US: Chamberland Technology ezWaiter
CVE-2006-3612 (Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows ...)
	NOT-FOR-US: Phorum
CVE-2006-3611 (Directory traversal vulnerability in pm.php in Phorum 5 allows remote ...)
	NOT-FOR-US: Phorum
CVE-2006-3610 (index.php in Orbitcoders OrbitMATRIX 1.0 allows remote attackers to ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3609 (Cross-site scripting (XSS) vulnerability in index.php in Orbitcoders ...)
	NOT-FOR-US: Orbitcoders OrbitMATRIX
CVE-2006-3608 (The Gallery module in Simone Vellei Flatnuke 2.5.7 and earlier, when ...)
	NOT-FOR-US: Simone Vellei Flatnuke
CVE-2006-3607 (Multiple cross-site scripting (XSS) vulnerabilities in Softbiz Banner ...)
	NOT-FOR-US: Softbiz Banner Exchange Script (aka Banner Exchange Network Script)
CVE-2006-3606 (Unspecified vulnerability in Sun Solaris X Inter Client Exchange ...)
	NOTE: Sun Solaris
CVE-2006-3605 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3604 (Directory traversal vulnerability in FlexWATCH Network Camera 3.0 and ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3603 (Cross-site scripting (XSS) vulnerability in index.php in FlexWATCH ...)
	NOT-FOR-US: FlexWATCH Network Camera
CVE-2006-3602 (Directory traversal vulnerability in ...)
	NOTE: this is CVE-2005-4600
	NOT-FOR-US: Farsinews
CVE-2006-3601 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: DotNetNuke
CVE-2006-3600 (Multiple stack-based buffer overflows in the LookupTRM::lookup ...)
	{DSA-1135-1}
	- libtunepimp 0.4.2-4 (bug #378091; medium)
CVE-2006-3599 (SQL injection vulnerability in the Nuke Advanced Classifieds module ...)
	NOT-FOR-US: Nuke Advanced Classifieds module for PHP-Nuke
CVE-2006-3598 (SQL injection vulnerability in the Sections module for PHP-Nuke allows ...)
	NOT-FOR-US: Sections module for PHP-Nuke
CVE-2006-3597 (passwd before 1:4.0.13 on Ubuntu 6.06 LTS leaves the root password ...)
	- shadow <not-affected> (fix for a mistake in the Ubuntu installer)
CVE-2006-3596 (The device driver for Intel-based gigabit network adapters in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3595 (The default configuration of IOS HTTP server in Cisco Router Web Setup ...)
	NOT-FOR-US: Cisco
CVE-2006-3594 (Buffer overflow in Cisco Unified CallManager (CUCM) 5.0(1) through ...)
	NOT-FOR-US: Cisco
CVE-2006-3593 (The command line interface (CLI) in Cisco Unified CallManager (CUCM) ...)
	NOT-FOR-US: Cisco
CVE-2006-3592 (Unspecified vulnerability in the command line interface (CLI) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3591 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3626 (Race condition in Linux kernel 2.6.17.4 and earlier allows local users ...)
	{DSA-1111}
	- linux-2.6 2.6.17-4 (bug #378324; high)
CVE-2006-XXXX [insufficient form variable escaping]
	- webauth 3.5.2-1
CVE-2006-3590 (mso.dll, as used by Microsoft PowerPoint 2000 through 2003, allows ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-3589 (vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure ...)
	NOT-FOR-US: VMware
CVE-2006-3588 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3587 (Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3586 (SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3585 (Multiple cross-site scripting (XSS) vulnerabilities in Jetbox CMS 2.1 ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3584 (Dynamic variable evaluation vulnerability in index.php in Jetbox CMS ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3583 (Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-3582 (Multiple heap-based buffer overflows in Audacious AdPlug 2.0 and ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3581 (Multiple stack-based buffer overflows in Audacious AdPlug 2.0 and ...)
	- adplug 2.0.1-1 (bug #378279; medium)
CVE-2006-3580 (SQL injection vulnerability in pages.asp in ASP Stats Generator before ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3579 (Cross-site scripting (XSS) vulnerability in Fujitsu ServerView 2.50 up ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3578 (Directory traversal vulnerability in Fujitsu ServerView 2.50 up to ...)
	NOT-FOR-US: Fujitsu ServerView
CVE-2006-3577 (SQL injection vulnerability in index.php in LifeType 1.0.5 allows ...)
	NOT-FOR-US: LifeType
CVE-2006-3576 (SQL injection vulnerability in search.php in SenseSites CommonSense ...)
	NOT-FOR-US: SenseSites CommonSense
CVE-2006-3575 (Unknown vulnerability in the Buffer Overflow Protection in McAfee ...)
	NOT-FOR-US: McAfee VirusScan Enterprise
CVE-2006-3574 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Groupmax Collaboration Portal and Web Client and uCosminexus Collaboration Portal and Forum/File Sharing
CVE-2006-3573 (Format string vulnerability in the WriteText function in agl_text.cpp ...)
	NOT-FOR-US: Milan Mimica Sparklet
CVE-2006-3572 (SQL injection vulnerability in forumthread.php in Papoo 3 RC3 and ...)
	NOT-FOR-US: Papoo
CVE-2006-3571 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Papoo
CVE-2006-3570 (Cross-site scripting (XSS) vulnerability in the webform module in ...)
	- drupal <not-affected> (webform module is not in Debian Drupal 4.5 package)
CVE-2006-3569 (Unspecified vulnerability in NetApp Data ONTAP 7.0x through 7.0.4P8D9, ...)
	NOT-FOR-US: IBM Data ONTAP
CVE-2006-3568 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
	NOT-FOR-US: Fantastic Guestbook
CVE-2006-3567 (Cross-site scripting (XSS) vulnerability in the web administration ...)
	NOT-FOR-US: Juniper
CVE-2006-3566 (search.results.php in HiveMail 3.1 and earlier allows remote attackers ...)
	NOT-FOR-US: HiveMail
CVE-2006-3565 (SQL injection vulnerability in search.results.php in HiveMail 1.3 and ...)
	NOT-FOR-US: HiveMail
CVE-2006-3564 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
	NOT-FOR-US: HiveMail
CVE-2006-3563 (Cross-site scripting (XSS) vulnerability in gallery/thumb.php in ...)
	NOT-FOR-US: Winged Gallery
CVE-2006-3562 (PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow ...)
	NOT-FOR-US: Plume CMS
CVE-2006-3561 (BT Voyager 2091 Wireless firmware 2.21.05.08m_A2pB018c1.d16d and ...)
	NOT-FOR-US: BT Voyager
CVE-2006-3560 (SQL injection vulnerability in topics.php in Blue Dojo Graffiti Forums ...)
	NOT-FOR-US: Blue Dojo Graffiti Forums
CVE-2006-3559 (Multiple SQL injection vulnerabilities in Arif Supriyanto auraCMS 1.62 ...)
	NOT-FOR-US: auraCMS
CVE-2006-3558 (Multiple cross-site scripting (XSS) vulnerabilities in Arif Supriyanto ...)
	NOT-FOR-US: auraCMS
CVE-2006-3557 (MT Orumcek Toplist 2.2 stores DB/orumcektoplist.mdb under the web root ...)
	NOT-FOR-US: MT Orumcek Toplist
CVE-2006-3556 (PHP remote file inclusion vulnerability in extcalendar.php in Mohamed ...)
	NOT-FOR-US: Mohamed Moujami ExtCalendar
CVE-2006-3555 (Multiple cross-site scripting (XSS) vulnerabilities in submit.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-3554 (Directory traversal vulnerability in index.php in MKPortal 1.0.1 Final ...)
	NOT-FOR-US: MKPortal
CVE-2006-3553 (PlaNet Concept planetNews allows remote attackers to bypass ...)
	NOT-FOR-US: planetNews
CVE-2006-3552 (Premium Anti-Spam in Ipswitch IMail Secure Server 2006 and ...)
	NOT-FOR-US: Ipswitch IMail Secure Server 2006 and Collaboration Suite 2006 Premium
CVE-2006-3551 (NCP Secure Enterprise Client (aka VPN/PKI client) 8.30 Build 59, and ...)
	NOT-FOR-US: NCP VPN/PKI Client (apparently nothing to do with Novell)
CVE-2006-3550 (Multiple cross-site scripting (XSS) vulnerabilities in F5 Networks ...)
	NOT-FOR-US: F5 Netowrks FirePass
CVE-2006-3549 (services/go.php in Horde Application Framework 3.0.0 through 3.0.10 ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3548 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	{DSA-1406-1}
	- horde3 3.1.2-1 (bug #378281; low)
CVE-2006-3547 (** DISPUTED ** ...)
	NOT-FOR-US: EMC VMware Player
CVE-2006-3546 (Patrice Freydiere ImgSvr (aka ADA Image Server) allows remote ...)
	NOT-FOR-US: Patrice Freydiere ImgSvr
CVE-2006-3545 (** DISPUTED ** Microsoft Internet Explorer 7.0 Beta allows remote ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3544 (** DISPUTED ** ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3543 (** DISPUTED ** ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3542 (Multiple cross-site scripting (XSS) vulnerabilities in Garry Glendown ...)
	NOT-FOR-US: Garry Glendown Shopping Cart
CVE-2006-3541 (SQL injection vulnerability in Meine Links (aka My Links) in Kyberna ...)
	NOT-FOR-US: Meine Links (aka My Links) in Kyberna ky2help
CVE-2006-3540 (Check Point Zone Labs ZoneAlarm Internet Security Suite 6.5.722.000, ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm Internet Security Suite
CVE-2006-3539 (Multiple cross-site scripting (XSS) vulnerabilities in DKScript.com ...)
	NOT-FOR-US: DKScript.com Dragon's Kingdom Script
CVE-2006-3538 (Multiple cross-site scripting (XSS) vulnerabilities in demo.php in ...)
	NOT-FOR-US: BeatificFaith Eprayer
CVE-2006-3537 (PHP remote file inclusion vulnerability in index.php in Randshop ...)
	NOT-FOR-US: Randshop
CVE-2006-3536 (Direct static code injection vulnerability in code/class_db_text.php ...)
	NOT-FOR-US: EJ3 TOPo
CVE-2006-3535 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3534 (Directory traversal vulnerability in Nullsoft SHOUTcast DSP before ...)
	NOT-FOR-US: Nullsoft SHOUTcast DSP
CVE-2006-3533 (Multiple cross-site scripting (XSS) vulnerabilities in Pivot 1.30 RC2 ...)
	- pivot <itp> (bug #305786)
CVE-2006-3532 (PHP file inclusion vulnerability in includes/edit_new.php in Pivot ...)
	- pivot <itp> (bug #305786)
CVE-2006-3531 (includes/editor/insert_image.php in Pivot 1.30 RC2 and earlier creates ...)
	- pivot <itp> (bug #305786)
CVE-2006-3530 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PccookBook Component for Mambo and Joomla
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
	NOT-FOR-US: EarlyImpact ProductCart
CVE-2006-3529 (Memory leak in Juniper JUNOS 6.4 through 8.0, built before May 10, ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2006-3528 (Multiple PHP remote file inclusion vulnerabilities in Simpleboard ...)
	NOT-FOR-US: Simpleboard Mambo module
CVE-2006-3527 (Multiple PHP remote file inclusion vulnerabilities in BosClassifieds ...)
	NOT-FOR-US: BosClassifieds Classified Ads
CVE-2006-3526 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.php ...)
	NOT-FOR-US: Sport-slo Advanced Guestbook
CVE-2006-3525 (SQL injection vulnerability in category.php in PHCDownload 1.0.0 Final ...)
	NOT-FOR-US: PHCDownload
CVE-2006-3524 (Buffer overflow in SIPfoundry sipXtapi released before 20060324 allows ...)
	NOT-FOR-US: SIPfoundry sipXtapi
CVE-2006-3523 (Clearswift MIMEsweeper for Web before 5.1.15 Hotfix allows remote ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3522 (Cross-site scripting (XSS) vulnerability in Clearswift MIMEsweeper for ...)
	NOT-FOR-US: Clearswift MIMEsweeper
CVE-2006-3521 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: SiteForge Collaborative Development Platform
CVE-2006-3520 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Sabdrimer Pro
CVE-2006-3519 (Multiple cross-site scripting (XSS) vulnerabilities in The Banner ...)
	NOT-FOR-US: The Banner Engine
CVE-2006-3518 (SQL injection vulnerability in SayfalaAltList.asp in Webvizyon Portal ...)
	NOT-FOR-US: Webvizyon Portal
CVE-2006-3517 (PHP remote file inclusion vulnerability in stats.php in RW::Download, ...)
	NOT-FOR-US: RW::Download
CVE-2006-3516 (Multiple SQL injection vulnerabilities in FreeHost allow remote ...)
	NOT-FOR-US: FreeHost
CVE-2006-3515 (SQL injection vulnerability in the loginADP function in ajaxp.php in ...)
	NOT-FOR-US: AjaxPortal
CVE-2006-3514 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PHP-Blogger
CVE-2006-3513 (danim.dll in Microsoft Internet Explorer 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3512 (Internet Explorer 6 on Windows XP allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3511 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3510 (The Remote Data Service Object (RDS.DataControl) in Microsoft Internet ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3509 (Integer overflow in the API for the AirPort wireless driver on Apple ...)
	NOT-FOR-US: Apple
CVE-2006-3508 (Heap-based buffer overflow in the AirPort wireless driver on Apple Mac ...)
	NOT-FOR-US: Apple
CVE-2006-3507 (Multiple stack-based buffer overflows in the AirPort wireless driver ...)
	NOT-FOR-US: Apple
CVE-2006-3506 (Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and ...)
	NOT-FOR-US: Mac OS X
CVE-2006-3505 (WebKit in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3504 (The Download Validation in LaunchServices for Apple Mac OS X 10.4.7 ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3503 (Integer overflow in ImageIO in Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3502 (Unspecified vulnerability in ImageIO in Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3501 (Integer overflow in ImageIO for Apple Mac OS X 10.4.7 allows ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3500 (The dynamic linker (dyld) in Apple Mac OS X 10.4.7 allows local users ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3499 (The dynamic linker (dyld) in Apple Mac OS X 10.3.9 allows local users ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3498 (Stack-based buffer overflow in bootpd in the DHCP component for Apple ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3497 (Unspecified vulnerability in the &quot;compression state handling&quot; in Bom ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3496 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3495 (AFP Server in Apple Mac OS X 10.3.9 and 10.4.7 stores reconnect keys ...)
	NOT-FOR-US: Apple Mac OS
CVE-2006-3494 (Multiple cross-site scripting (XSS) vulnerabilities in Buddy Zone ...)
	NOT-FOR-US: Buddy Zone
CVE-2006-3493 (Buffer overflow in LsCreateLine function (mso_203) in mso.dll and ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-3492 (The CORBA::ORBInvokeRec::set_answer_invoke function in orb.cc in MICO ...)
	NOT-FOR-US: MICO
CVE-2006-3491 (Stack-based buffer overflow in Kaillera Server 0.86 and earlier allows ...)
	NOT-FOR-US: Kaillera Server
CVE-2006-3490 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3489 (F-Secure Anti-Virus 2003 through 2006 and other versions, Internet ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2006-3488 (Absolute path traversal vulnerability in administrador.asp in ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3487 (VirtuaStore 2.0 stores sensitive files under the web root with ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3485 (Multiple SQL injection vulnerabilities in AstroDog Press Some Chess ...)
	NOT-FOR-US: AstroDog Press Some Chess
CVE-2006-3484 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2006-3483 (PHPMailList 1.8.0 stores sensitive information under the web document ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3482 (Cross-site scripting (XSS) vulnerability in maillist.php in ...)
	NOT-FOR-US: PHPMailList
CVE-2006-3481 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.10 allow ...)
	NOT-FOR-US: Joomla
CVE-2006-3480 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2006-3479 (Cross-site request forgery (CSRF) vulnerability in the del_block ...)
	NOT-FOR-US: Nuked-Klan
CVE-2006-3478 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: MyPHP CMS
CVE-2006-3477 (Unspecified vulnerability in the POP service in Stalker CommuniGate ...)
	NOT-FOR-US: Stalker CommuniGate Pro
CVE-2006-3476 (Cross-site scripting (XSS) vulnerability in comments.php in ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-3475 (Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 ...)
	NOT-FOR-US: QBoard
CVE-2006-3474 (Multiple SQL injection vulnerabilities in Belchior Foundry vCard PRO ...)
	NOT-FOR-US: Belchior Foundry vCard PRO
CVE-2006-3473 (CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 ...)
	- drupal <not-affected> (form_mail Module not in debian)
CVE-2006-3472 (Microsoft Internet Explorer 6.0 and 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3471 (Microsoft Internet Explorer 6 on Windows XP allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3470 (The Dell Openmanage CD launches X11 and SSH daemons that do not ...)
	NOT-FOR-US: Dell Openmanage CD
CVE-2006-3469 (Format string vulnerability in time.cc in MySQL Server 4.1 before ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.22-1 (bug #375694)
CVE-2006-3468 (Linux kernel 2.6.x, when using both NFS and EXT3, allows remote ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-6
CVE-2006-3467 (Integer overflow in FreeType before 2.2 allows remote attackers to ...)
	{DSA-1193-1 DSA-1178-1}
	- freetype 2.2.1-5 (bug #379920; medium)
	- libxfont 1:1.2.0-2 (medium; bug #383353)
CVE-2006-3466
	REJECTED
CVE-2006-3465 (Unspecified vulnerability in the custom tag support for the TIFF ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3464 (TIFF library (libtiff) before 3.8.2 allows context-dependent attackers ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3463 (The EstimateStripByteCounts function in TIFF library (libtiff) before ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3462 (Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3461 (Heap-based buffer overflow in the PixarLog decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3460 (Heap-based buffer overflow in the JPEG decoder in the TIFF library ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3459 (Multiple stack-based buffer overflows in the TIFF library (libtiff) ...)
	{DSA-1137-1}
	- tiff 3.8.2-6
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-3486 (** DISPUTED ** ...)
	- mysql-dfsg-5.0 5.0.22-4 (unimportant; bug #378102)
	[sarge] - mysql-dfsg-4.1 <not-affected> (Vulnerable code not present)
	[sarge] - mysql-dfsg <not-affected> (Vulnerable code not present)
	NOTE: Only DoS possible, only root can trigger this -> non-issue
CVE-2006-3457 (Symantec On-Demand Agent (SODA) before 2.5 MR2 Build 2157, and the ...)
	NOT-FOR-US: Symantec
CVE-2006-3456 (The Symantec NAVOPTS.DLL ActiveX control (aka ...)
	NOT-FOR-US: Symantec
CVE-2006-3455 (The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3454 (Multiple format string vulnerabilities in Symantec AntiVirus Corporate ...)
	NOT-FOR-US: Symantec
CVE-2006-3453 (Buffer overflow in Adobe Acrobat 6.0 to 6.0.4 allows remote attackers ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3452 (Adobe Reader and Acrobat 6.0.4 and earlier, on Mac OSX, has insecure ...)
	NOT-FOR-US: Adobe acrobat
CVE-2006-3451 (Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage ...)
	NOT-FOR-US: Microsoft
CVE-2006-3450 (Microsoft Internet Explorer 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2006-3449 (Unspecified vulnerability in Microsoft PowerPoint 2000 through 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3448 (Buffer overflow in the Step-by-Step Interactive Training in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-3447
	REJECTED
CVE-2006-3446
	REJECTED
CVE-2006-3445 (Integer overflow in the ReadWideString function in agentdpv.dll in ...)
	NOT-FOR-US: Microsoft
CVE-2006-3444 (Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3443 (Untrusted search path vulnerability in Winlogon in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-3442 (Unspecified vulnerability in Pragmatic General Multicast (PGM) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-3441 (Buffer overflow in the DNS Client service in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-3440 (Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-3439 (Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-3438 (Unspecified vulnerability in Microsoft Hyperlink Object Library ...)
	NOT-FOR-US: Microsoft
CVE-2006-3437
	REJECTED
CVE-2006-3436 (Cross-site scripting (XSS) vulnerability in Microsoft .NET Framework ...)
	NOT-FOR-US: Microsoft
CVE-2006-3435 (PowerPoint in Microsoft Office 2000, XP, 2003, 2004 for Mac, and v.X ...)
	NOT-FOR-US: Microsoft
CVE-2006-3434 (Unspecified vulnerability in Microsoft Office 2000, XP, 2003, 2004 for ...)
	NOT-FOR-US: Microsoft
CVE-2006-3433
	REJECTED
CVE-2006-3432
	REJECTED
CVE-2006-3431 (Buffer overflow in certain Asian language versions of Microsoft Excel ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3430 (SQL injection vulnerability in checkprofile.asp in (1) PatchLink ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3429 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3428 (Cross-site scripting (XSS) vulnerability in TigerTom TTCalc 1.0 allows ...)
	NOT-FOR-US: TTCalc
CVE-2006-3427 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3426 (Directory traversal vulnerability in (a) PatchLink Update Server ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3425 (FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and ...)
	NOT-FOR-US: Novell PatchLink Update Server
CVE-2006-3424 (Multiple buffer overflows in WebEx Downloader ActiveX Control, ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3423 (WebEx Downloader ActiveX Control and WebEx Downloader Java before ...)
	NOT-FOR-US: WebEx Downloader ActiveX Control
CVE-2006-3422 (PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows ...)
	NOT-FOR-US: WonderEdit Pro CMS
CVE-2006-3421 (PHP remote file inclusion vulnerability in SmartSiteCMS 1.0 and ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3420 (Cross-site request forgery (CSRF) vulnerability in editpost.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3419 (Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes ...)
	- tor 0.1.1.20-1
CVE-2006-3418 (Tor before 0.1.1.20 does not validate that a server descriptor's ...)
	- tor 0.1.1.20-1
CVE-2006-3417 (Tor client before 0.1.1.20 prefers entry points based on is_fast or ...)
	- tor 0.1.1.20-1
CVE-2006-3416 (** DISPUTED ** ...)
	- tor 0.1.1.20-1
CVE-2006-3415 (Tor before 0.1.1.20 uses improper logic to validate the &quot;OR&quot; ...)
	- tor 0.1.1.20-1
CVE-2006-3414 (Tor before 0.1.1.20 supports server descriptors that contain hostnames ...)
	- tor 0.1.1.20-1
CVE-2006-3413 (The privoxy configuration file in Tor before 0.1.1.20, when run on ...)
	- tor 0.1.1.20-1
CVE-2006-3412 (Tor before 0.1.1.20 does not sufficiently obey certain firewall ...)
	- tor 0.1.1.20-1
CVE-2006-3411 (TLS handshakes in Tor before 0.1.1.20 generate public-private keys ...)
	- tor 0.1.1.20-1
CVE-2006-3410 (Tor before 0.1.1.20 creates &quot;internal circuits&quot; primarily consisting ...)
	- tor 0.1.1.20-1
CVE-2006-3409 (Integer overflow in Tor before 0.1.1.20 allows remote attackers to ...)
	- tor 0.1.1.20-1
CVE-2006-3408 (Unspecified vulnerability in the directory server (dirserver) in Tor ...)
	- tor 0.1.1.20-1
CVE-2006-3407 (Tor before 0.1.1.20 allows remote attackers to spoof log entries or ...)
	- tor 0.1.1.20-1
CVE-2006-3406 (Directory traversal vulnerability in qtofm.php in QTOFileManager 1.0 ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3405 (Cross-site scripting (XSS) vulnerability in qtofm.php in ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3403 (The smdb daemon (smbd/service.c) in Samba 3.0.1 through 3.0.22 allows remote ...)
	{DSA-1110}
	- samba 3.0.23a-1 (bug #378070)
CVE-2006-3402 (SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers ...)
	NOT-FOR-US: VirtuaStore
CVE-2006-3401 (Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: ...)
	NOT-FOR-US: Quake 3
CVE-2006-3400 (Stack-based buffer overflow in the CG_ServerCommand function in Quake ...)
	NOT-FOR-US: Soldier of Fortune 2
CVE-2006-3399 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki ...)
	NOT-FOR-US: MoniWiki
CVE-2006-3398 (The &quot;change password forms&quot; in Taskjitsu before 2.0.1 includes ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3397 (Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu ...)
	NOT-FOR-US: Taskjitsu
CVE-2006-3396 (PHP remote file inclusion vulnerability in galleria.html.php in ...)
	NOT-FOR-US: Galleria Mambo Module
CVE-2006-3395 (PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX ...)
	NOT-FOR-US: SiteBuilder-FX
CVE-2006-3394 (SQL injection vulnerability in the files mod in index.php in BXCP ...)
	NOT-FOR-US: BXCP
CVE-2006-3393 (Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and ...)
	NOT-FOR-US: Papyrus NASCAR Racing
CVE-2006-3392 (Webmin before 1.290 and Usermin before 1.220 calls the simplify_path ...)
	{DSA-1199-1}
	- webmin <removed> (medium; bug #381537)
CVE-2006-3391 (The Execute function in iMBCContents ActiveX Control before 2.0.0.59 ...)
	NOT-FOR-US: iMBCContents
CVE-2006-3390 (WordPress 2.0.3 allows remote attackers to obtain the installation ...)
	- wordpress 2.0.4-1 (unimportant)
	NOTE: http://wordpress.org/news/2006/07/wordpress-204/
CVE-2006-3389 (index.php in WordPress 2.0.3 allows remote attackers to obtain ...)
	- wordpress 2.0.4-1 (unimportant)
	NOTE: http://wordpress.org/news/2006/07/wordpress-204/
CVE-2006-3388 (Cross-site scripting (XSS) vulnerability in phpMyAdmin before 2.8.2 ...)
	- phpmyadmin 4:2.8.2-0.1 (bug #377748; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-3387 (Directory traversal vulnerability in sources/post.php in Fusion News ...)
	NOT-FOR-US: Fusion News
CVE-2006-3386 (index.php in Vincent Leclercq News 5.2 allows remote attackers to ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3385 (Cross-site scripting (XSS) vulnerability in divers.php in Vincent ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3384 (SQL injection vulnerability in divers.php in Vincent Leclercq News 5.2 ...)
	NOT-FOR-US: Vincent Leclercq News
CVE-2006-3383 (Cross-site scripting (XSS) vulnerability in index.php in mAds 1.0 ...)
	NOT-FOR-US: mAds
CVE-2006-3382 (Cross-site scripting (XSS) vulnerability in search.php in mAds 1.0 ...)
	NOT-FOR-US: mAds
CVE-2006-3381 (SturGeoN Upload allows remote attackers to execute arbitrary PHP code ...)
	NOT-FOR-US: SturGeoN
CVE-2006-3380 (Algorithmic complexity vulnerability in FreeStyle Wiki before 3.6.2 ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2006-3379 (Algorithmic complexity vulnerability in Hiki Wiki 0.6.0 through 0.6.5 ...)
	{DSA-1119}
	- hiki 0.8.6-1 (bug #378059; low)
CVE-2006-3378 (passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called ...)
	{DSA-1150-1}
	- shadow 1:4.0.14-1 (bug #379174)
CVE-2006-3377 (Cross-site scripting (XSS) vulnerability in JMB Software AutoRank PHP ...)
	NOT-FOR-US: JMB Software AutoRank PHP
CVE-2006-3376 (Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple ...)
	{DSA-1194-1}
	- libwmf 0.2.8.4-2 (bug #381538; medium)
CVE-2006-3375 (PHP remote file inclusion vulnerability in includes/header.inc.php in ...)
	NOT-FOR-US: Randshop
CVE-2006-3374 (PHP remote file inclusion vulnerability in index.php in Randshop 1.2 ...)
	NOT-FOR-US: Randshop
CVE-2006-3373 (Unspecified vulnerability in the client/bin/logfetch script in Hobbit ...)
	NOT-FOR-US: Hobbit
CVE-2006-3372 (Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3371 (Eupla Foros 1.0 stores the inc/config.inc file under the web document ...)
	NOT-FOR-US: Eupla Foros
CVE-2006-3370 (Blueboy 1.0.3 stores bb_news_config.inc under the web document root ...)
	NOT-FOR-US: Blueboy
CVE-2006-3369 (Kamikaze-QSCM 0.1 stores config.inc under the web document root with ...)
	NOT-FOR-US: Kamikaze-QSCM
CVE-2006-3368 (Efone 20000723 stores config.inc under the web document root with ...)
	NOT-FOR-US: Efone
CVE-2006-3367 (Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web ...)
	NOT-FOR-US: Mp3NetBox
CVE-2006-3366 (Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3365 (V3 Chat allows remote attackers to obtain the installation path via ...)
	NOT-FOR-US: V3 Chat
CVE-2006-3364 (SQL injection vulnerability in index.php in the NP_SEO plugin in ...)
	NOT-FOR-US: BLOG:CMS
CVE-2006-3363 (PHP remote file inclusion vulnerability in index.php in the Glossaire ...)
	NOT-FOR-US: Glossaire for Xoops
CVE-2006-3362 (Unrestricted file upload vulnerability in connectors/php/connector.php ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-3361 (PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and ...)
	NOT-FOR-US: Stud.IP
CVE-2006-3360 (Directory traversal vulnerability in index.php in phpSysInfo 2.5.1 ...)
	- phpsysinfo <unfixed> (unimportant)
	- egroupware <unfixed> (unimportant)
	- phpgroupware <unfixed> (unimportant)
	NOTE: Only the existence of files inside the WWW root is leaked. If this is
	NOTE: a threat to your setup you most probably shouldn't install a script which
	NOTE: exposes all your system data, either.
CVE-2006-3359 (Multiple SQL injection vulnerabilities in index.php in NewsPHP 2006 ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3358 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: NewsPHP
CVE-2006-3357 (Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) ...)
	NOT-FOR-US: HTML Help ActiveX control
CVE-2006-3356 (The TIFFFetchAnyArray function in ImageIO in Apple OS X 10.4.7 and ...)
	NOT-FOR-US: Apple
CVE-2006-3355 (Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll ...)
	- mpg123 0.60-1 (bug #377264; medium)
	[sarge] - mpg123 <no-dsa> (Non-free not supported)
CVE-2006-3354 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3353 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Opera
CVE-2006-3352 (** DISPUTED ** ...)
	NOTE: firefox, but invalid
CVE-2006-3351 (Buffer overflow in Windows Explorer (explorer.exe) on Windows XP and ...)
	NOT-FOR-US: Windows Explorer
CVE-2006-3695 (Trac before 0.9.6 does not disable the &quot;raw&quot; or &quot;include&quot; commands ...)
	{DSA-1152}
	- trac 0.9.6-1 (medium)
	[sarge] - trac 0.8.1-3sarge5
CVE-2006-3458 (Zope 2.7.0 to 2.7.8, 2.8.0 to 2.8.7, and 2.9.0 to 2.9.3 (Zope2) does ...)
	{DSA-1113}
	- zope2.7 <removed> (bug #377285; medium)
	- zope2.8 2.8.7-2 (bug #377277; medium)
	- zope2.9 2.9.3-3 (bug #377286; medium)
CVE-2006-3404 (Buffer overflow in the xcf_load_vector function in app/xcf/xcf-load.c ...)
	{DSA-1116}
	- gimp 2.2.11-3.1 (bug #377049; medium)
CVE-2006-3350 (Stack-based buffer overflow in AutoVue SolidModel Professional Desktop ...)
	NOT-FOR-US: AutoVue SolidModel Professional Desktop
CVE-2006-3349 (Multiple SQL injection vulnerabilities in SmS Script allow remote ...)
	NOT-FOR-US: SmS Script
CVE-2006-3348 (Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 ...)
	NOT-FOR-US: HSPcomplete
CVE-2006-3347 (SQL injection vulnerability in index.php in deV!Lz Clanportal DZCP ...)
	NOT-FOR-US: deV!Lz Clanportal DZCP
CVE-2006-3346 (SQL injection vulnerability in tree.php in MyNewsGroups 0.6 allows ...)
	NOT-FOR-US: MyNewsGroups
CVE-2006-3345 (Cross-site scripting (XSS) vulnerability in AliPAGER, possibly 1.5 and ...)
	NOT-FOR-US: AliPAGER
CVE-2006-3344 (Siemens Speedstream Wireless Router 2624 allows local users to bypass ...)
	NOT-FOR-US: Siemens Speedstream Wireless Router
CVE-2006-3343 (PHP remote file inclusion vulnerability in recipe/cookbook.php in ...)
	NOT-FOR-US: CrisoftRicette
CVE-2006-3342 (Cross-site scripting (XSS) vulnerability in index.php in Arctic 1.0.2 ...)
	NOT-FOR-US: Arctic
CVE-2006-3341 (SQL injection vulnerability in annonces-p-f.php in MyAds module 2.04jp ...)
	NOT-FOR-US: MyAds module for Xoops
CVE-2006-3340 (Multiple PHP remote file inclusion vulnerabilities in Pearl For Mambo ...)
	NOT-FOR-US: Pearl For Mambo
CVE-2006-3339 (secure/ConfigureReleaseNote.jspa in Atlassian JIRA 3.6.2-#156 allows ...)
	NOT-FOR-US: Atlassian
CVE-2006-3338 (Cross-site scripting (XSS) vulnerability in Atlassian JIRA 3.6.2-#156 ...)
	NOT-FOR-US: Atlassian
CVE-2006-3337 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: cPanel (not the Chinese language tool in Debian)
CVE-2006-3336 (TWiki 01-Dec-2000 up to 4.0.3 allows remote attackers to bypass the ...)
	- twiki 1:4.0.4-3 (low; bug #381907)
	NOTE: only in some server configurations
CVE-2006-3335 (Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2006-3334 (Buffer overflow in the png_decompress_chunk function in pngrutil.c in ...)
	- libpng 1.2.8rel-5.2 (bug #377298; bug #397892; unimportant)
	NOTE: A static 50 char array consumes 13 machine words on 32bit archs, so the overflow
	NOTE: cannot overwrite other memory sections
CVE-2006-3333 (Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3332 (SQL injection vulnerability in index.php in Zorum Forum 3.5 allows ...)
	NOT-FOR-US: Zorum Forum
CVE-2006-3331 (Opera before 9.0 does not reset the SSL security bar after displaying ...)
	NOT-FOR-US: Opera
CVE-2006-3330 (Cross-site scripting (XSS) vulnerability in AddAsset1.php in PHP/MySQL ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3329 (SQL injection vulnerability in search.php in PHP/MySQL Classifieds ...)
	NOT-FOR-US: PHP/MySQL Classifieds
CVE-2006-3328 (new_ticket.cgi in Hostflow 2.2.1-15 allows remote attackers to steal ...)
	NOT-FOR-US: Hostflow
CVE-2006-3327 (Cross-site scripting (XSS) vulnerability in Custom dating biz dating ...)
	NOT-FOR-US: Custom dating biz dating script
CVE-2006-3326 (Directory traversal vulnerability in QuickZip 3.06.3 allows remote ...)
	NOT-FOR-US: QuickZip
CVE-2006-3325 (client/cl_parse.c in the id3 Quake 3 Engine 1.32c and the Icculus ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660834)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3324 (The Automatic Downloading option in the id3 Quake 3 Engine and the ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660832)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-3323 (PHP remote file inclusion vulnerability in admin/admin.php in MF ...)
	NOT-FOR-US: MF Piadas
CVE-2006-3322 (SQL injection vulnerability in includes/functions_logging.php in ...)
	NOT-FOR-US: phpRaid
CVE-2006-3321 (Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp ...)
	NOT-FOR-US: OpenForum
CVE-2006-3320 (Cross-site scripting (XSS) vulnerability in command.php in SiteBar ...)
	{DSA-1130-1}
	- sitebar 3.3.8-1.1 (bug #377299; low)
CVE-2006-3319 (Cross-site scripting (XSS) vulnerability in rss/index.php in PHP ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-3318 (SQL injection vulnerability in register.php for phpRaid 3.0.6 and ...)
	NOT-FOR-US: phpRaid
CVE-2006-3317 (PHP remote file inclusion vulnerability in phpRaid 3.0.6 allows remote ...)
	NOT-FOR-US: phpRaid
CVE-2006-3316 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.5 ...)
	NOT-FOR-US: phpRaid
CVE-2006-3315 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3314 (PHP remote file inclusion vulnerability in page.php in an unspecified ...)
	NOT-FOR-US: "unspecified RahnemaCo.com product, possibly eShop"
CVE-2006-3313 (Cross-site scripting (XSS) vulnerability in search.jsp in Netsoft ...)
	NOT-FOR-US: Netsoft smartNet
CVE-2006-3312 (Multiple cross-site scripting (XSS) vulnerabilities in ashmans and ...)
	NOT-FOR-US: QaTraq
CVE-2006-3311 (Buffer overflow in Adobe Flash Player 8.0.24.0 and earlier, Flash ...)
	- flashplugin-nonfree 7.0.68.0.1
	[sarge] - flashplugin-nonfree <no-dsa> (Contrib not supported)
CVE-2006-3310
	RESERVED
CVE-2006-3309 (SQL injection vulnerability in SPT--ForumTopics.php in Scout Portal ...)
	NOT-FOR-US: Scout Portal
CVE-2006-3308 (Unspecified vulnerability in the wpprop code for Project EROS ...)
	NOT-FOR-US: bbsengine
CVE-2006-3307 (Multiple SQL injection vulnerabilities in Project EROS bbsengine ...)
	NOT-FOR-US: bbsengine
CVE-2006-3306 (Cross-site scripting (XSS) vulnerability in the preparestring function ...)
	NOT-FOR-US: bbsengine
CVE-2006-3305 (Multiple cross-site scripting (XSS) vulnerabilities in UebiMiau ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3304 (SQL injection vulnerability in cp.php in DeluxeBB 1.07 and earlier ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3303 (Multiple cross-site scripting (XSS) vulnerabilities in pm.php in ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-3302 (PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpQLAdmin ...)
	- phpqladmin <removed> (bug #376442; low)
CVE-2006-3300 (PHP remote file inclusion vulnerability in sms_config/gateway.php in ...)
	NOT-FOR-US: phpmysms
CVE-2006-3299 (Cross-site scripting (XSS) vulnerability in index.php in Usenet Script ...)
	NOT-FOR-US: Usenet Script
CVE-2006-3298 (Yahoo! Messenger 7.5.0.814 and 7.0.438 allows remote attackers to ...)
	NOT-FOR-US: Offical Yahoo! Messenger client
CVE-2006-3297 (Cross-site scripting (XSS) vulnerability in error.php in UebiMiau ...)
	NOT-FOR-US: UebiMiau
CVE-2006-3296 (SQL injection vulnerability in view.php in Open Guestbook 0.5 allows ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3295 (Cross-site scripting (XSS) vulnerability in header.php in Open ...)
	NOT-FOR-US: Open Guestbook
CVE-2006-3294 (PHP remote file inclusion vulnerability in mod_cbsms_messages.php in ...)
	NOT-FOR-US: CBSMS Mambo module
CVE-2006-3293 (parse_notice (TiCPU) in EnergyMech (emech) before 3.0.2 allows remote ...)
	NOT-FOR-US: EnergyMech
CVE-2006-3292 (SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows ...)
	NOT-FOR-US: Jaws
CVE-2006-3291 (The web interface on Cisco IOS 12.3(8)JA and 12.3(8)JA1, as used on ...)
	NOT-FOR-US: Cisco
CVE-2006-3290 (HTTP server in Cisco Wireless Control System (WCS) for Linux and ...)
	NOT-FOR-US: Cisco
CVE-2006-3289 (Cross-site scripting (XSS) vulnerability in the login page of the HTTP ...)
	NOT-FOR-US: Cisco
CVE-2006-3288 (Unspecified vulnerability in the TFTP server in Cisco Wireless Control ...)
	NOT-FOR-US: Cisco
CVE-2006-3287 (Cisco Wireless Control System (WCS) for Linux and Windows 4.0(1) and ...)
	NOT-FOR-US: Cisco
CVE-2006-3286 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3285 (The internal database in Cisco Wireless Control System (WCS) for Linux ...)
	NOT-FOR-US: Cisco
CVE-2006-3284 (Cross-site scripting (XSS) vulnerability in Dating Agent PRO 4.7.1 ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3283 (SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3282 (requirements.php in Dating Agent PRO 4.7.1 allows remote attackers to ...)
	NOT-FOR-US: Dating Agent PRO
CVE-2006-3281 (Microsoft Internet Explorer 6.0 does not properly handle Drag and Drop ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3280 (Cross-domain vulnerability in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-3279 (Cross-site scripting (XSS) vulnerability in aeDating 4.1 allows remote ...)
	NOT-FOR-US: aeDating
CVE-2006-3278 (Cross-site scripting (XSS) vulnerability in H-Sphere 2.5.1 Beta 1 and ...)
	NOT-FOR-US: H-Sphere
CVE-2006-3277 (The SMTP service of MailEnable Standard 1.92 and earlier, Professional ...)
	NOT-FOR-US: MailEnable
CVE-2006-3276 (Heap-based buffer overflow in RealNetworks Helix DNA Server 10.0 and ...)
	NOT-FOR-US: Helix DNA Server
CVE-2006-3275 (SQL injection vulnerability in profile.php in YaBB SE 1.5.5 and ...)
	NOT-FOR-US: YaBB
CVE-2006-3274 (Directory traversal vulnerability in Webmin before 1.280, when run on ...)
	- webmin <not-affected> (only windows)
CVE-2006-3273 (Cross-site scripting (XSS) vulnerability in menu.php in Some Chess 1.5 ...)
	NOT-FOR-US: Some Chess
CVE-2006-3272 (Cross-site request forgery (CSRF) vulnerability in menu.php in Some ...)
	NOT-FOR-US: Some Chess
CVE-2006-3271 (Multiple SQL injection vulnerabilities in Softbiz Dating 1.0 allow ...)
	NOT-FOR-US: Softbiz Dating
CVE-2006-3270 (SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3269 (PHP remote file inclusion vulnerability in includes/functions_cms.php ...)
	NOT-FOR-US: THoRCMS
CVE-2006-3268 (Unspecified vulnerability in the Windows Client API in Novell ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-3267 (SQL injection vulnerability in index.php in Infinite Core Technologies ...)
	NOT-FOR-US: Infinite Core Technologies
CVE-2006-3266 (Multiple PHP remote file inclusion vulnerabilities in Bee-hive Lite ...)
	NOT-FOR-US: Bee-hive
CVE-2006-3265 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Qdig
CVE-2006-3264 (Cross-site scripting (XSS) vulnerability in mclient.cgi in Namo ...)
	NOT-FOR-US: Namo DeepSearch
CVE-2006-3263 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3262 (SQL injection vulnerability in the Weblinks module (weblinks.php) in ...)
	- mambo 4.5.3h-2 (medium)
CVE-2006-3261 (Cross-site scripting (XSS) vulnerability in Trend Micro Control ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2006-3260 (Cross-site scripting (XSS) vulnerability in index.php in vlbook 1.02 ...)
	NOT-FOR-US: vlbook
CVE-2006-3259 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.7.5 ...)
	NOT-FOR-US: e107
CVE-2006-3258 (Multiple cross-site scripting (XSS) vulnerabilities in index.html in ...)
	NOT-FOR-US: BNBT TrinEdit and EasyTracker
CVE-2006-3257 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 ...)
	NOT-FOR-US: Claroline
CVE-2006-3256 (SQL injection vulnerability in report.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3255 (SQL injection vulnerability in showmods.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3254 (SQL injection vulnerability in newthread.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3253 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2006-3252 (Buffer overflow in the Online Registration Facility for Algorithmic ...)
	NOT-FOR-US: Algorithmic Research PrivateWire VPN
CVE-2006-3251 (Heap-based buffer overflow in the array_push function in hashcash.c ...)
	{DSA-1114}
	- hashcash 1.21 (bug #376444)
CVE-2006-3250 (Heap-based buffer overflow in Windows Live Messenger 8.0 allows ...)
	NOT-FOR-US: Windows Live Messenger
CVE-2006-3249 (** DISPUTED ** ...)
	NOT-FOR-US: Phorum
CVE-2006-3248
	REJECTED
CVE-2006-3247 (Multiple cross-site scripting (XSS) vulnerabilities in show.php in ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3246 (Cross-site scripting (XSS) vulnerability in show.php in GL-SH Deaf ...)
	NOT-FOR-US: GL-SH Deaf Forum
CVE-2006-3245 (Multiple cross-site scripting (XSS) vulnerabilities in activatemember ...)
	NOT-FOR-US: mvnForum
CVE-2006-3244 (Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier ...)
	NOT-FOR-US: Anthill
CVE-2006-3243 (SQL injection vulnerability in usercp.php in MyBB (MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-3242 (Stack-based buffer overflow in the browse_get_namespace function in ...)
	{DSA-1108}
	- mutt 1.5.11+cvs20060403-2 (low; bug #375828)
CVE-2006-3241 (Cross-site scripting (XSS) vulnerability in messages.php in XennoBB ...)
	NOT-FOR-US: XennoBB
CVE-2006-3240 (Cross-site scripting (XSS) vulnerability in classes/ui.class.php in ...)
	NOT-FOR-US: dotProject
CVE-2006-3239 (SQL injection vulnerability in message.php in VBZooM 1.11 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3238 (Multiple SQL injection vulnerabilities in VBZooM 1.00 and earlier ...)
	NOT-FOR-US: VBZooM
CVE-2006-3237 (Cross-site scripting (XSS) vulnerability in index.php in Enterprise ...)
	NOT-FOR-US: Enterprise Groupware System
CVE-2006-3236 (Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier ...)
	NOT-FOR-US: thinkWMS
CVE-2006-3235 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: FineShop
CVE-2006-3234 (Multiple SQL injection vulnerabilities in index.php in FineShop 3.0 ...)
	NOT-FOR-US: FineShop
CVE-2006-3233 (Cross-site scripting (XSS) vulnerability in openwebmail-read.pl in ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3232 (Unspecified vulnerability in IBM WebSphere Application Server before ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3231 (Unspecified vulnerability in IBM WebSphere Application Server (WAS) ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-3230 (Cross-site scripting (XSS) vulnerability in index.tmpl in Azureus ...)
	NOT-FOR-US: Azureus plugin that isn't distributed by default
CVE-2006-3229 (Cross-site scripting (XSS) vulnerability in Open WebMail (OWM) 2.52, ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-3228 (Buffer overflow in in_midi.dll for WinAmp 2.90 up to 5.23, including ...)
	NOT-FOR-US: WinAmp
CVE-2006-3227 (Interpretation conflict between Internet Explorer and other web ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3226 (Cisco Secure Access Control Server (ACS) 4.x for Windows uses the ...)
	NOT-FOR-US: Cisco
CVE-2006-3225 (Cross-site scripting (XSS) vulnerability in Sun ONE Application Server ...)
	NOT-FOR-US: Sun ONE Application Server
CVE-2006-3224 (Apple Safari 2.0.3 (417.9.3) on Mac OS X 10.4.6 allows remote ...)
	NOT-FOR-US: Apple Safari
CVE-2006-3223 (Format string vulnerability in CA Integrated Threat Management (ITM), ...)
	NOT-FOR-US: CA Integrated Threat Management (ITM), eTrust Antivirus (eAV), and eTrust PestPatrol (ePP)
CVE-2006-3222 (The FTP proxy module in Fortinet FortiOS (FortiGate) before 2.80 MR12 ...)
	NOT-FOR-US: Fortinet FortiOS
CVE-2006-3221 (SQL injection vulnerability in index.php in DataLife Engine 4.1 and ...)
	NOT-FOR-US: DataLife
CVE-2006-3220 (SQL injection vulnerability in studienplatztausch.php in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3219 (SQL injection vulnerability in thread.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3218 (SQL injection vulnerability in profile.php in Woltlab Burning Board ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-3217 (JaguarEditControl (JEdit) ActiveX Control 1.1.0.20 and earlier allows ...)
	NOT-FOR-US: JaguarEditControl
CVE-2006-3216 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3215 (Clearswift MAILsweeper for SMTP before 4.3.20 and MAILsweeper for ...)
	NOT-FOR-US: MAILsweeper
CVE-2006-3214 (Unspecified vulnerability in Hitachi Groupmax Address Server 7 and ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-3213 (SQL injection vulnerability in WeBBoA Hosting 1.1 allows remote ...)
	NOT-FOR-US: WeBBoA Hosting
CVE-2006-3212 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3211 (Cross-site scripting (XSS) vulnerability in sign.php in cjGuestbook ...)
	NOT-FOR-US: cjGuestbook
CVE-2006-3210 (Ralf Image Gallery (RIG) 0.7.4 and other versions before 1.0, when ...)
	NOT-FOR-US: Ralf Image Gallery
CVE-2006-3209 (** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft Windows
CVE-2006-3208 (Direct static code injection vulnerability in Ultimate PHP Board (UPB) ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3207 (Directory traversal vulnerability in newpost.php in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3206 (register.php in Ultimate PHP Board (UPB) 1.9.6 and earlier allows ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3205 (Ultimate PHP Board (UPB) 1.9.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3204 (Ultimate PHP Board (UPB) 1.9.6 and earlier uses a cryptographically ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3203 (The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2006-3202 (The ip6_savecontrol function in NetBSD 2.0 through 3.0, under certain ...)
	NOT-FOR-US: NetBSD's KAME stack
CVE-2006-3201 (Unspecified vulnerability in the kernel in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-3200 (Unspecified versions of Internet Explorer allow remote attackers to ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-3199 (Opera 9 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Opera
CVE-2006-3198 (Integer overflow in Opera 8.54 and earlier allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2006-3197 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-3196 (index.php in singapore 0.10.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: singapore
CVE-2006-3195 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2006-3194 (Directory traversal vulnerability in index.php in singapore 0.10.0 and ...)
	NOT-FOR-US: singapore
CVE-2006-3193 (Multiple PHP remote file inclusion vulnerabilities in Grayscale ...)
	NOT-FOR-US: BandSite
CVE-2006-3192 (PHP remote file inclusion vulnerability in Ad Manager Pro 2.6 allows ...)
	NOT-FOR-US: Ad Manager
CVE-2006-3191 (Cross-site scripting (XSS) vulnerability in comment.php in MPCS 0.2 ...)
	NOT-FOR-US: MPCS
CVE-2006-3190 (SQL injection vulnerability in administration/includes/login/auth.php ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3189 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: HotPlug CMS
CVE-2006-3188 (Multiple SQL injection vulnerabilities in Sharky e-shop 3.05 and ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3187 (Multiple cross-site scripting (XSS) vulnerabilities in Sharky e-shop ...)
	NOT-FOR-US: Sharky e-shop
CVE-2006-3186 (Multiple cross-site scripting (XSS) vulnerabilities in CMS Faethon ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3185 (PHP remote file inclusion vulnerability in data/header.php in CMS ...)
	NOT-FOR-US: CMS Faethon
CVE-2006-3184 (Direct static code injection vulnerability in ASP Stats Generator ...)
	NOT-FOR-US: ASP Stats Generator
CVE-2006-3183 (Cross-site scripting (XSS) vulnerability in index.php in MobeScripts ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3182 (Directory traversal vulnerability in index.php in MobeScripts Mobile ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3181 (SQL injection vulnerability in index.php in MobeScripts Mobile Space ...)
	NOT-FOR-US: Mobile Space Community
CVE-2006-3180 (Cross-site scripting (XSS) vulnerability in ftp_index.php in Confixx ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3179 (Cross-site scripting (XSS) vulnerability in tools_ftp_pwaendern.php in ...)
	NOT-FOR-US: Confixx Pro
CVE-2006-3178 (Directory traversal vulnerability in extract_chmLib example program in ...)
	{DSA-1144-1}
	- chmlib 0.38-1 (bug #374085; low)
CVE-2006-3177 (PHP remote file inclusion vulnerability in Admin/rtf_parser.php in The ...)
	NOT-FOR-US: The Bible Portal Project
CVE-2006-3176 (SQL injection vulnerability in xarancms_haupt.php in xarancms 2.0 ...)
	NOT-FOR-US: xarancms
CVE-2006-3175 (Multiple PHP remote file inclusion vulnerabilities in mcGuestbook 1.3 ...)
	NOT-FOR-US: mcGuestbook
CVE-2006-3174 (Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail ...)
	- squirrelmail 2:1.4.7-1 (bug #375782; unimportant)
	NOTE: Operation with registers_globals not supported
CVE-2006-3173 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3172 (Multiple PHP remote file inclusion vulnerabilities in Content*Builder ...)
	NOT-FOR-US: Content*Builder
CVE-2006-3171 (CRLF injection vulnerability in CS-Forum before 0.82 allows remote ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3170 (CS-Forum before 0.82 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3169 (Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3168 (SQL injection vulnerability in CS-Forum before 0.82 allows remote ...)
	NOT-FOR-US: CS-Forum
CVE-2006-3167 (Free Realty before 2.9 allows remote attackers to obtain the full path ...)
	NOT-FOR-US: Free Realty
CVE-2006-3166 (Cross-site scripting (XSS) vulnerability in propview.php in Free ...)
	NOT-FOR-US: Free Realty
CVE-2006-3165 (SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and ...)
	NOT-FOR-US: Free Realty
CVE-2006-3164 (SQL injection vulnerability in category.php in TPL Design tplShop 2.0 ...)
	NOT-FOR-US: tplShop
CVE-2006-3163 (Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 ...)
	NOT-FOR-US: IMGallery
CVE-2006-3162 (PHP remote file inclusion vulnerability in include/inc_foot.php in ...)
	NOT-FOR-US: SmartSiteCMS
CVE-2006-3161 (SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-3160 (Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple ...)
	NOT-FOR-US: Simple File Manager
CVE-2006-3159 (pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built ...)
	NOT-FOR-US: Sun ONE/iPlanet Messaging Server
CVE-2006-3158 (index.php in Eduha Meeting does not properly restrict file extensions ...)
	NOT-FOR-US: Eduha Meeting
CVE-2006-3157 (Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory ...)
	NOT-FOR-US: UltimateGoogle
CVE-2006-3156 (Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate ...)
	NOT-FOR-US: Ultimate eShop
CVE-2006-3155 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-3154 (SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3153 (Cross-site scripting (XSS) vulnerability in index.pl in Ultimate ...)
	NOT-FOR-US: Ultimate Estate
CVE-2006-3152 (Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and ...)
	NOT-FOR-US: phpTRADER
CVE-2006-3151 (Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-3150 (SQL injection vulnerability in index.php in CavoxCms 1.0.16 and ...)
	NOT-FOR-US: CavoxCms
CVE-2006-3149 (Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum ...)
	NOT-FOR-US: phpMyForum
CVE-2006-3148 (SQL injection vulnerability, possibly in search.inc.php, in ...)
	NOT-FOR-US: Open-Realty
CVE-2006-3147 (Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-3146 (The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier ...)
	NOT-FOR-US: Toshiba drivers for Windows
CVE-2006-3145 (Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows ...)
	- netpbm-free <not-affected> (Debian's version is too old; affects 10.30 to 10.33 only)
CVE-2006-3144 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: IBD Micro CMS
CVE-2006-3143 (Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus ...)
	NOT-FOR-US: Maximus SchoolMAX
CVE-2006-3142 (SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3141 (Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye ...)
	NOT-FOR-US: Tradingeye Shop
CVE-2006-3140 (SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and ...)
	NOT-FOR-US: openCI
CVE-2006-3139 (Multiple SQL injection vulnerabilities in war.php in Virtual War ...)
	NOT-FOR-US: Virtual War
CVE-2006-3138 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-3137 (Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge ...)
	NOT-FOR-US: Edge eCommerce Shop
CVE-2006-3136 (** DISPUTED ** ...)
	NOT-FOR-US: Nucleus
CVE-2006-3135 (Multiple SQL injection vulnerabilities in CMS Mundo 1.0 build 008, and ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-3134 (Buffer overflow in GraceNote CDDBControl ActiveX Control, as used by ...)
	NOT-FOR-US: GraceNote ActiveX Control
CVE-2006-3133
	RESERVED
CVE-2006-3132 (Cross-site scripting (XSS) vulnerability in qtofm.php4 in ...)
	NOT-FOR-US: QTOFileManager
CVE-2006-3131 (Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow ...)
	NOT-FOR-US: Clubpage
CVE-2006-3130 (SQL injection vulnerability in index.php in Clubpage allows remote ...)
	NOT-FOR-US: Clubpage
CVE-2006-3129 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in NC ...)
	NOT-FOR-US: LinkList
CVE-2006-3128 (choose_file.php in easy-CMS 0.1.2, when mod_mime is installed, does ...)
	NOT-FOR-US: easy-CMS
CVE-2006-3127 (Memory leak in Network Security Services (NSS) 3.11, as used in Sun ...)
	- mozilla <not-affected> (SunSolve claims it is only in 3.11; latest released is 3.10)
CVE-2006-3126 (c2faxrecv in capi4hylafax 01.02.03 allows remote attackers to execute ...)
	{DSA-1165}
	- capi4hylafax 1:01.03.00.99.svn.300-3
CVE-2006-3125 (Array index error in tetrinet.c in gtetrinet 0.7.8 and earlier allows ...)
	{DSA-1163}
	- gtetrinet 0.7.10-1
CVE-2006-3124 (Buffer overflow in the HTTP header parsing in Streamripper before ...)
	{DSA-1158}
	- streamripper 1.61.25-2
CVE-2006-3123 (Multiple integer overflows in the (1) dodecrypt and (2) doencrypt ...)
	{DSA-1138-1}
	- cfs 1.4.1-17
CVE-2006-3122 (The supersede_lease function in memory.c in ISC DHCP (dhcpd) server ...)
	{DSA-1143-1}
	- dhcp 2.0pl5-19.5 (bug #380273)
CVE-2006-3121 (The peel_netstring function in cl_netstring.c in the heartbeat ...)
	{DSA-1151-1}
	- heartbeat-2 2.0.6-2
	- heartbeat 1.2.4-14
CVE-2006-3120 (Format string vulnerability in Brian Wotring Osiris before 4.2.1 ...)
	{DSA-1129}
	- osiris 4.2.0-2 (medium)
CVE-2006-3119 (The fbgs framebuffer Postscript/PDF viewer in fbi before 2.01 has a ...)
	{DSA-1124}
	- fbi 2.05-1
CVE-2006-3118 (spread uses a temporary file with a static filename based on the port ...)
	- spread 3.17.3-4 (bug #375617; low)
	[sarge] - spread <no-dsa> (Minimal security implications)
CVE-2006-3117 (Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-3116 (Multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4 ...)
	NOT-FOR-US: phpRaid
CVE-2006-3115 (SQL injection vulnerability in view.php in phpRaid 3.0.4, and possibly ...)
	NOT-FOR-US: phpRaid
CVE-2006-3114 (PC Tools AntiVirus 2.1.0.51 uses insecure default permissions on the ...)
	NOT-FOR-US: PC Tools AntiVirus
CVE-2006-3113 (Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and ...)
	NOTE: MFSA-2006-46
	- mozilla <not-affected> (mozilla 1.7 not affected)
	- xulrunner 1.8.0.5-1 (high)
	- mozilla-firefox <not-affected> (only firefox >= 1.5)
	- firefox 1.5.dfsg+1.5.0.5-1 (high)
	- thunderbird 1.5.0.5-1 (medium)
	- mozilla-thunderbird <not-affected>
CVE-2006-3112 (Chipmailer 1.09 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3111 (Multiple SQL injection vulnerabilities in main.php in Chipmailer 1.09 ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3110 (Cross-site scripting (XSS) vulnerability in main.php in Chipmailer ...)
	NOT-FOR-US: Chipmailer
CVE-2006-3109 (Cross-site scripting (XSS) vulnerability in Cisco CallManager 3.3 ...)
	NOT-FOR-US: Cisco
CVE-2006-3108 (Cross-site scripting (XSS) vulnerability in EmailArchitect Email ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-3107 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-3106 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: phpMyDesktop
CVE-2006-3105 (CRLF injection vulnerability in Bitweaver 1.3 allows remote attackers ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3104 (users/index.php in Bitweaver 1.3 allows remote attackers to obtain ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3103 (Cross-site scripting (XSS) vulnerability in Bitweaver 1.3 allows ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3102 (Race condition in articles/BitArticle.php in Bitweaver 1.3, when run ...)
	NOT-FOR-US: Bitweaver
CVE-2006-3101 (Cross-site scripting (XSS) vulnerability in LogonProxy.cgi in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-3099
	RESERVED
CVE-2006-3098
	RESERVED
CVE-2006-3097 (Unspecified vulnerability in Support Tools Manager (xstm, cstm, and ...)
	NOT-FOR-US: HP-UX Support Tools Manager
CVE-2006-3096 (Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier ...)
	NOT-FOR-US: iPostMX
CVE-2006-3095 (Multiple cross-site scripting (XSS) vulnerabilities in iPostMX 2005 ...)
	NOT-FOR-US: iPostMX
CVE-2006-3094 (Multiple SQL injection vulnerabilities in Calendarix Basic ...)
	NOT-FOR-US: Calendarix Basic
CVE-2006-3093 (Multiple unspecified vulnerabilities in Adobe Acrobat Reader ...)
	NOT-FOR-US: Adobe Reader
CVE-2006-3092 (PhpMyFactures 1.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3091 (PhpMyFactures 1.0, and possibly 1.2 and earlier, allows remote ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3090 (Multiple SQL injection vulnerabilities in PhpMyFactures 1.0, and ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3089 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFactures ...)
	NOT-FOR-US: PhpMyFactures
CVE-2006-3088 (Cross-site scripting (XSS) vulnerability in index.php in Car ...)
	NOT-FOR-US: Car Classifieds
CVE-2006-3087 (Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 ...)
	NOT-FOR-US: EZGallery
CVE-2006-3086 (Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName ...)
	NOT-FOR-US: Microsoft
CVE-2006-3084 (The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3083 (The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) ...)
	{DSA-1146-1}
	- krb5 1.4.3-9 (medium)
CVE-2006-3082 (parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, ...)
	{DSA-1115 DSA-1107}
	- gnupg 1.4.3-2 (bug #375052; bug #375473; low)
	- gnupg2 1.9.20-1.1 (bug #375053; low)
CVE-2006-3081 (mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x ...)
	{DSA-1112}
	- mysql-dfsg-5.0 5.0.19-1 (bug #373913; high)
CVE-2006-3100 [termnetd buffer overflow]
	RESERVED
	- termpkg 3.3-7 (bug #358028; medium)
CVE-2006-3085 (xt_sctp in netfilter for Linux kernel before 2.6.17.1 allows attackers ...)
	- linux-2.6 2.6.16-15
CVE-2006-XXXX [webalizer-stonesteps XSS]
	- webalizer-stonesteps 2.4.1.2-1
CVE-2006-3080 (Cross-site scripting (XSS) vulnerability in viewposts.cfm in ...)
	NOT-FOR-US: aXentForum
CVE-2006-3079 (Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus ...)
	NOT-FOR-US: SSPwiz Plus
CVE-2006-3078 (Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier ...)
	NOT-FOR-US: APBoard
CVE-2006-3077 (Cross-site scripting (XSS) vulnerability in guestbook.cfm in ...)
	NOT-FOR-US: aXentGuestbook
CVE-2006-3076 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PhpBlueDragon
CVE-2006-3075 (Multiple PHP remote file inclusion vulnerabilities in PictureDis ...)
	NOT-FOR-US: PictureDis Professional
CVE-2006-3074 (klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky ...)
	NOT-FOR-US: Several Kaspersky products
CVE-2006-3073 (Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN ...)
	NOT-FOR-US: Cisco
CVE-2006-3072 (M4 Macro Library in Symantec Security Information Manager before ...)
	NOT-FOR-US: Symantec Security Information Manager
CVE-2006-3071 (Cross-site scripting (XSS) vulnerability in index.php in MP3 ...)
	NOT-FOR-US: MP3 Search/Archive
CVE-2006-3070 (write_ok.php in Zeroboard 4.1 pl8, when installed on Apache with ...)
	NOT-FOR-US: Zeroboard
CVE-2006-3069 (** DISPUTED ** ...)
	NOT-FOR-US: DoubleSpeak
CVE-2006-3068 (IBM DB2 Universal Database (UDB) before 8.2 FixPak 12 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3067 (Multiple unspecified vulnerabilities in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3066 (Buffer overflow in the TCP/IP listener in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2006-3065 (SQL injection vulnerability in engine/shards/blog.php in blur6ex ...)
	NOT-FOR-US: blur6ex
CVE-2006-3064 (SQL injection vulnerability in the add_hit function in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-3063 (Multiple cross-site scripting (XSS) vulnerabilities in myPHP Guestbook ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3062 (Cross-site scripting (XSS) vulnerability in index.php in myPHP ...)
	NOT-FOR-US: myPHP Guestbook
CVE-2006-3061 (Multiple cross-site scripting (XSS) vulnerabilities in 5 Star Review ...)
	NOT-FOR-US: 5 Star Review
CVE-2006-3060 (Cross-site scripting (XSS) vulnerability in P.A.I.D 2.2 allows remote ...)
	NOT-FOR-US: P.A.I.D
CVE-2006-3059 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
	NOT-FOR-US: Microsoft Excel
CVE-2006-3058
	RESERVED
CVE-2006-3057 (Unspecified vulnerability in NetworkManager daemon for DHCP (dhcdbd) ...)
	- dhcdbd 1.14-1
CVE-2006-3056 (SQL injection vulnerability in language.php in VBZooM 1.01 allows ...)
	NOT-FOR-US: VBZooM
CVE-2006-3055 (Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3054 (Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-3053 (** DISPUTED ** ...)
	NOT-FOR-US: PHORUM
CVE-2006-3052 (Cross-site scripting (XSS) vulnerability in Event Registration allows ...)
	NOT-FOR-US: Event Registration
CVE-2006-3051 (Cross-site scripting (XSS) vulnerability in list.php in SixCMS 6.0, ...)
	NOT-FOR-US: SixCMS
CVE-2006-3050 (Directory traversal vulnerability in detail.php in SixCMS 6.0, and ...)
	NOT-FOR-US: SixCMS
CVE-2006-3049 (Multiple cross-site scripting (XSS) vulnerabilities in booking3.php in ...)
	NOT-FOR-US: Mole Group Ticket Booking Script
CVE-2006-3048 (SQL injection vulnerability in TikiWiki 1.9.3.2 and possibly earlier ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3047 (Cross-site scripting (XSS) vulnerability in TikiWiki 1.9.3.2 and ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-3046 (Unspecified vulnerability in the admin login feature in Subtext 1.5, ...)
	NOT-FOR-US: Subtext
CVE-2006-3045 (PHP remote file inclusion vulnerability in manage_songs.php in Foing ...)
	NOT-FOR-US: Foing
CVE-2006-3044 (Cross-site scripting (XSS) vulnerability in LogiSphere 1.6.0 allows ...)
	NOT-FOR-US: LogiSphere
CVE-2006-3043 (Cross-site scripting (XSS) vulnerability in search.cfm in CreaFrameXe ...)
	NOT-FOR-US: CFXe-CMS
CVE-2006-3042 (** DISPUTED ** ...)
	NOT-FOR-US: ISPConfig
CVE-2006-3041 (** DISPUTED ** ...)
	NOT-FOR-US: Codewalkers Ltwcalendar
CVE-2006-3040 (** DISPUTED ** ...)
	NOT-FOR-US: Amr Talkbox
CVE-2006-3039 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3038 (Cross-site scripting (XSS) vulnerability in index.php in Cescripts ...)
	NOT-FOR-US: Cescripts Realty Home Rent
CVE-2006-3037 (Multiple cross-site scripting (XSS) vulnerabilities in publish.php in ...)
	NOT-FOR-US: ST AdManager Lite
CVE-2006-3036 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: 35mmslidegallery
CVE-2006-3035 (Multiple cross-site scripting (XSS) vulnerabilities in addwords.php in ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3034 (MyScrapbook 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3033 (Cross-site scripting (XSS) vulnerability in MyScrapbook 3.1 allows ...)
	NOT-FOR-US: MyScrapbook
CVE-2006-3032 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme ASP ...)
	NOT-FOR-US: Xtreme ASP Photo Gallery
CVE-2006-3031 (Multiple cross-site scripting (XSS) vulnerabilities in index.asp in ...)
	NOT-FOR-US: fipsCMS
CVE-2006-3030 (Multiple cross-site scripting (XSS) vulnerabilities in DwZone Shopping ...)
	NOT-FOR-US: DwZone Shopping Cart
CVE-2006-3029 (Cross-site scripting (XSS) vulnerability in default.asp in ClickTech ...)
	NOT-FOR-US: ClickTech Clickcart
CVE-2006-3028 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Minerva
CVE-2006-3027 (Multiple SQL injection vulnerabilities in Enthrallwebe ePhotos 2.2 and ...)
	NOT-FOR-US: Enthrallwebe ePhotos
CVE-2006-3026 (Multiple cross-site scripting (XSS) vulnerabilities in ClickGallery ...)
	NOT-FOR-US: ClickGallery
CVE-2006-3025 (Cross-site scripting (XSS) vulnerability in Cal.PHP3 in Chris Lea ...)
	NOT-FOR-US: Chris Lea Lucid Calendar
CVE-2006-3024 (Multiple cross-site scripting (XSS) vulnerabilities in EvGenius ...)
	NOT-FOR-US: EvGenius Counter
CVE-2006-3023 (Multiple cross-site scripting (XSS) vulnerabilities in thumbnails.asp ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2006-3022 (Cross-site scripting (XSS) vulnerability in zoom.php in fipsGallery ...)
	NOT-FOR-US: fipsGallery
CVE-2006-3021 (Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar ...)
	NOT-FOR-US: BlueCollar i-Gallery
CVE-2006-3020 (Multiple cross-site scripting (XSS) vulnerabilities in FullPhoto.asp ...)
	NOT-FOR-US: WS-Album
CVE-2006-3019 (Multiple PHP remote file inclusion vulnerabilities in phpCMS 1.2.1pl2 ...)
	NOT-FOR-US: phpCMS
CVE-2006-3018 (Unspecified vulnerability in the session extension functionality in ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 <removed> (unimportant)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3017 (zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x ...)
	{DSA-1206-1}
	- php5 5.1.4-0.1 (medium)
	- php4 4:4.4.4-1 (medium; bug #381998)
CVE-2006-3016 (Unspecified vulnerability in session.c in PHP before 5.1.3 has unknown ...)
	- php5 5.1.4-0.1 (unimportant)
	- php4 4:4.4.4-1 (unimportant; bug #382259)
	NOTE: Sanitising is the application's responsibilitys
CVE-2006-3015 (Argument injection vulnerability in WinSCP 3.8.1 build 328 allows ...)
	NOT-FOR-US: WinSCP
CVE-2006-3014 (Microsoft Excel allows user-assisted attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft Excel / Flashplayer for Windows
CVE-2006-3013 (Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3012 (SQL injection vulnerability in phpBannerExchange before 2.0 Update 6 ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-3011 (The error_log function in basic_functions.c in PHP before 4.4.4 and ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: Safe mode violations are not supported
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...)
	NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before ...)
	- php4 4:4.3.2+rc3-1
CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...)
	- php4 4:4.3.2+rc3-1
CVE-1999-1589 (Unspecified vulnerability in crontab in IBM AIX 3.2 allows local users ...)
	NOT-FOR-US: IBM AIX
CVE-2006-3010 (Multiple SQL injection vulnerabilities in Open Business Management ...)
	NOT-FOR-US: Open Business Management
CVE-2006-3009 (Multiple cross-site scripting (XSS) vulnerabilities in Open Business ...)
	NOT-FOR-US: Open Business Management
CVE-2006-3008
	REJECTED
CVE-2006-3007 (Multiple cross-site scripting (XSS) vulnerabilities in SHOUTcast 1.9.5 ...)
	NOT-FOR-US: SHOUTcast
CVE-2006-3006 (Cross-site scripting (XSS) vulnerability in iFoto 0.20, and possibly ...)
	NOT-FOR-US: iFoto
CVE-2006-3005 (The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is ...)
	- libjpeg6b <not-affected> (--maxmem is set during configure)
	- libjpeg-mmx <removed> (bug #373672; low)
	[sarge] - libjpeg-mmx <no-dsa> (If this poses a threat, the admin can apply resource limits)
CVE-2006-3004 (Multiple cross-site scripting (XSS) vulnerabilities in Ez Ringtone ...)
	NOT-FOR-US: Ez Ringtone
CVE-2006-3003 (details.php in Easy Ad-Manager allows remote attackers to obtain the ...)
	NOT-FOR-US: Easy Ad-Manager
CVE-2006-3002 (Cross-site scripting (XSS) vulnerability in details.php in Easy ...)
	NOT-FOR-US: OkScripts product
CVE-2006-3001 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: OkScripts product
CVE-2006-3000 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: OkScripts product
CVE-2006-2999 (Cross-site scripting (XSS) vulnerability in search.php in OkScripts ...)
	NOT-FOR-US: OkScripts product
CVE-2006-2998 (PHP remote file inclusion vulnerability in board/post.php in free ...)
	NOT-FOR-US: QBoard
CVE-2006-2997 (Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when ...)
	- zope-zms <unfixed> (bug #373667; unimportant)
	[sarge] - zope-zms <no-dsa> (Only exploitable with register_globals)
	NOTE: register_globals is an unsupported mode of operation in Debian
CVE-2006-2996 (PHP remote file inclusion vulnerability in inc/design.inc.php in ...)
	NOT-FOR-US: aePartner
CVE-2006-2995 (Multiple PHP remote file inclusion vulnerabilities in WebprojectDB ...)
	NOT-FOR-US: WebprojectDB
CVE-2006-2994 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phazizGuestbook
CVE-2006-2993 (Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2992 (Cross-site scripting (XSS) vulnerability in display.asp in My Photo ...)
	NOT-FOR-US: My Photo Scrapbook
CVE-2006-2991 (Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 ...)
	NOT-FOR-US: Ringlink
CVE-2006-2990 (Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft ...)
	NOT-FOR-US: VanillaSoft
CVE-2006-2989 (Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ...)
	NOT-FOR-US: ASP ListPics
CVE-2006-2988 (Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical ...)
	NOT-FOR-US: Chemical Dictionary
CVE-2006-2987 (Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka ...)
	NOT-FOR-US: PICRATE
CVE-2006-2986 (Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie ...)
	NOT-FOR-US: vSCAL and vsREAL
CVE-2006-2985 (SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2984 (Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD ...)
	NOT-FOR-US: IntegraMOD
CVE-2006-2983 (PHP remote file inclusion vulnerability in Enterprise Timesheet and ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2982 (Multiple PHP remote file inclusion vulnerabilities in Enterprise ...)
	NOT-FOR-US: Enterprise Timesheet and Payroll Systems (EPS)
CVE-2006-2981 (SQL injection vulnerability in vs_search.php in Arantius Vice Stats ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2980 (SQL injection vulnerability in block_forum_topic_new.php in ViArt Shop ...)
	NOT-FOR-US: ViArt
CVE-2006-2979 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Free ...)
	NOT-FOR-US: ViArt
CVE-2006-2978 (Mafia Moblog 0.6M1 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Moblog
CVE-2006-2977 (SQL injection vulnerability in big.php in Mafia Moblog 0.6M1 and ...)
	NOT-FOR-US: Moblog
CVE-2006-2976 (Unspecified vulnerability in usermgr.php in Coppermine Photo Gallery ...)
	NOT-FOR-US: Coppermine
CVE-2006-2975 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PBL Guestbook
CVE-2006-2974 (Multiple cross-site scripting (XSS) vulnerabilities in EmailArchitect ...)
	NOT-FOR-US: EmailArchitect
CVE-2006-2973 (Multiple SQL injection vulnerabilities in month.php in PHP Lite ...)
	NOT-FOR-US: PHP Lite Calendar
CVE-2006-2972 (SQL injection vulnerability in vs_resource.php in Arantius Vice Stats ...)
	NOT-FOR-US: Arantius Vice Stats
CVE-2006-2971 (Integer overflow in the recv_packet function in 0verkill 0.16 allows ...)
	- overkill 0.16-9 (bug #373687; low)
	[sarge] - overkill <no-dsa> (Only DoS against an obscure game, no code injection possible)
CVE-2006-2970 (videoPage.php in L0j1k tinyMuw 0.1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2969 (Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow ...)
	NOT-FOR-US: tinyMuw
CVE-2006-2968 (Cross-site scripting (XSS) vulnerability in search.php in PHP Labware ...)
	NOT-FOR-US: LabWiki
CVE-2006-2967 (Syworks SafeNET allows local users to bypass restrictions on network ...)
	NOT-FOR-US: SafeNET
CVE-2006-2966 (Cross-site scripting (XSS) vulnerability in Particle Soft Particle ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2965 (Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft ...)
	NOT-FOR-US: Particle Whois
CVE-2006-2964 (Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts ...)
	NOT-FOR-US: Xtreme Downloads
CVE-2006-2963 (Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in ...)
	NOT-FOR-US: Cabacos Web CMS
CVE-2006-2962 (PHP remote file inclusion vulnerability in sql_fcnsOLD.php in ...)
	NOT-FOR-US: Empris
CVE-2006-2961 (Stack-based buffer overflow in CesarFTP 0.99g and earlier allows ...)
	NOT-FOR-US: CesarFTP
CVE-2006-2960 (PHP remote file inclusion vulnerability in includes/joomla.php in ...)
	NOT-FOR-US: Joomla
CVE-2006-2959 (SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 ...)
	NOT-FOR-US: Snitz Forum
CVE-2006-2958 (Directory traversal vulnerability in FilZip 3.05 allows remote ...)
	NOT-FOR-US: FilZip
CVE-2006-2957 (Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and ...)
	NOT-FOR-US: i.List
CVE-2006-2956 (Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta ...)
	NOT-FOR-US: i.List
CVE-2006-2955 (Multiple cross-site scripting (XSS) vulnerabilities in KAPhotoservice ...)
	NOT-FOR-US: KAPhotoservice
CVE-2006-2954 (SQL injection vulnerability in files.asp in OfficeFlow 2.6 and earlier ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2953 (Cross-site scripting (XSS) vulnerability in default.asp in OfficeFlow ...)
	NOT-FOR-US: OfficeFlow
CVE-2006-2952 (Directory traversal vulnerability in Net Portal Dynamic System (NPDS) ...)
	NOT-FOR-US: NPDS
CVE-2006-2951 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
	NOT-FOR-US: NPDS
CVE-2006-2950 (Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote ...)
	NOT-FOR-US: NPDS
CVE-2006-2949 (Cross-site scripting (XSS) vulnerability in private.php in MyBB 1.1.2 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2948 (A-CART 2.0 stores the acart2_0.mdb file under the web document root ...)
	NOT-FOR-US: A-CART
CVE-2006-2947 (Dmx Forum 2.1a allows remote attackers to obtain username and password ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2946 (Dmx Forum 2.1a stores _includes/bd.inc under the web root with ...)
	NOT-FOR-US: Dmx Forum
CVE-2006-2945 (Unspecified vulnerability in the user profile change functionality in ...)
	- dokuwiki 0.0.20060309-4 (bug #373689; low)
CVE-2006-2944 (Unspecified vulnerability in CGI-RESCUE FORM2MAIL 1.21 and earlier ...)
	NOT-FOR-US: FORM2MAIL
CVE-2006-2943 (Unspecified vulnerability in CGI-RESCUE WebFORM 4.1 and earlier allows ...)
	NOT-FOR-US: WebFORM
CVE-2006-2942 (TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki ...)
	- twiki <not-affected> (Debian's version is old and does not include affected file)
CVE-2006-2941 (Mailman before 2.1.9rc1 allows remote attackers to cause a denial of ...)
	- mailman <not-affected> (Mailman uses the system version of the affected Python lib)
CVE-2006-2940 (OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions ...)
	{DSA-1195-1 DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <removed>
CVE-2006-2939
	REJECTED
CVE-2006-2938
	REJECTED
CVE-2006-2937 (OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote ...)
	{DSA-1185-2}
	- openssl 0.9.8c-2 (bug #389940)
	- openssl097 0.9.7k-2
	- openssl096 <not-affected>
CVE-2006-2936 (The ftdi_sio driver (usb/serial/ftdi_sio.c) in Linux kernel 2.6.x up ...)
	{DSA-1184-2}
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2935 (The dvd_read_bca function in the DVD handling code in ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.17-5 (low)
CVE-2006-2934 (SCTP conntrack (ip_conntrack_proto_sctp.c) in netfilter for Linux ...)
	- linux-2.6 2.6.17-3
CVE-2006-2933 (kdesktop_lock in kdebase before 3.1.3-5.11 for KDE in Red Hat ...)
	[sarge] - kdebase <not-affected> (Only KDE < 3.2 vulnerable)
	- kdebase 3.5.2-1 (medium)
	NOTE: exact fixed version not known, however bug only affects < 3.2
CVE-2006-2932 (A regression error in the restore_all code path of the 4/4GB split ...)
	- linux-2.6 <not-affected> (vulnerable code not present)
CVE-2006-2931 (CMS Mundo before 1.0 build 008 does not properly verify uploaded image files, ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2930 (Unspecified vulnerability in Sun Grid Engine 5.3 and Sun N1 Grid ...)
	NOT-FOR-US: Sun
CVE-2006-2929 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: OpenEMR
CVE-2006-2928 (Multiple PHP remote file inclusion vulnerabilities in CMS-Bandits 2.5 ...)
	NOT-FOR-US: CMS-Bandits
CVE-2006-2927 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
	NOT-FOR-US: CAForum
CVE-2006-2926 (Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate ...)
	NOT-FOR-US: Qbik
CVE-2006-2925 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Ingate
CVE-2006-2924 (Ingate Firewall in the SIP module before 4.4.1 and SIParator before ...)
	NOT-FOR-US: Ingate
CVE-2006-2923 (The iax_net_read function in the iaxclient open source library, as ...)
	- iaxclient 0.0+svn20060520-2
CVE-2006-2922 (Multiple PHP remote file inclusion vulnerabilities in MiraksGalerie ...)
	NOT-FOR-US: MiraksGalerie
CVE-2006-2921 (PHP remote file inclusion vulnerability in cmpro_header.inc.php in ...)
	NOT-FOR-US: CMPro
CVE-2006-2920 (Sylpheed-Claws before 2.2.2 and Sylpheed before 2.2.6 allow remote ...)
	- sylpheed 2.2.6-1 (low)
	[sarge] - sylpheed <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-gtk1 1.0.6-3 (bug #373187; low)
	- sylpheed-claws 1.0.5-3 (bug #372891; low)
	[sarge] - sylpheed-claws <no-dsa> (Minor evasion of phishing protection feature)
	- sylpheed-claws-gtk2 2.3.0-1 (bug #372889; low)
CVE-2006-2919 (Unspecified vulnerability in Microsoft NetMeeting 3.01 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-2918 (The Lanap BotDetect APS.NET CAPTCHA component before 1.5.4.0 stores ...)
	NOT-FOR-US: Lanap BotDetect APS.NET CAPTCHA component
CVE-2006-2917 (Directory traversal vulnerability in the IMAP server in WinGate ...)
	NOT-FOR-US: WinGate
CVE-2006-2916 (artswrapper in aRts, when running setuid root on Linux 2.6.0 or later ...)
	- arts 1.5.3-2 (bug #374003; low)
	[sarge] - arts <not-affected> (Not setuid root in Debian)
	NOTE: artswrapper is not suid root by default, but README.Debian describes it
CVE-2006-2915 (Multiple SQL injection vulnerabilities in DeluxeBB 1.06 allow remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2914 (PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2913 (Cross-site scripting (XSS) vulnerability in SelectaPix 1.31 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2912 (Multiple SQL injection vulnerabilities in SelectaPix 1.31 allow remote ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2911 (SQL injection vulnerability in controlpanel/index.php in CMS Mundo before 1.0 ...)
	NOT-FOR-US: CMS Mundo
CVE-2006-2910 (Buffer overflow in jetAudio 6.2.6.8330 (Basic), and possibly other ...)
	NOT-FOR-US: jetAudio
CVE-2006-2909 (Stack-based buffer overflow in the info tip shell extension ...)
	NOT-FOR-US: PicoZip
CVE-2006-2908 (The domecode function in inc/functions_post.php in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2907
	RESERVED
CVE-2006-2906 (The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas ...)
	{DSA-1117}
	- libgd2 2.0.33-5 (bug #372912; low)
	- tetex-bin <not-affected> (Links dynamically, see #382506)
CVE-2006-2905 (Partial Links 1.2.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Partial Links
CVE-2006-2904 (SQL injection vulnerability in index.php in Partial Links 1.2.2 allows ...)
	NOT-FOR-US: Partial Links
CVE-2006-2903 (Cross-site scripting (XSS) vulnerability in admin.php in Particle ...)
	NOT-FOR-US: Partial Links
CVE-2006-2902 (Directory traversal vulnerability in Particle Links 1.2.2 might allow ...)
	NOT-FOR-US: Partial Links
CVE-2006-2901 (The web server for D-Link Wireless Access-Point (DWL-2100ap) firmware ...)
	NOT-FOR-US: D-Link
CVE-2006-2900 (Internet Explorer 6 allows user-assisted remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2006-2899 (Unspecified vulnerability in ESTsoft InternetDISK versions before ...)
	NOT-FOR-US: ESTsoft InternetDISK
CVE-2006-2898 (The IAX2 channel driver (chan_iax2) for Asterisk 1.2.x before 1.2.9 ...)
	{DSA-1126}
	- asterisk 1:1.2.10.dfsg-2 (bug #380054)
	- iax 0.2.2-5
	[sarge] - iax <not-affected> (Vulnerable code not present)
	- iaxmodem 0.1.8.dfsg-2
CVE-2006-2897 (Cross-site scripting (XSS) vulnerability in FunkBoard 0.71 allows ...)
	NOT-FOR-US: Funkboard
CVE-2006-2896 (profile.php in FunkBoard CF0.71 allows remote attackers to change ...)
	NOT-FOR-US: Funkboard
CVE-2006-2895 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.6.0 up to ...)
	- mediawiki <not-affected> (Affects only 1.6.0-1.6.6)
CVE-2006-2894 (Mozilla Firefox 1.5.0.4, 2.0.x before 2.0.0.8, Mozilla Suite 1.7.13, ...)
	{DSA-1401-1 DSA-1392-1 DTSA-69-1 DTSA-80-1}
	- iceweasel 2.0.0.8
	- xulrunner 1.8.1.9-1
	- iceape 1.1.5
CVE-2006-2893 (index.php in GANTTy 1.0.3 allows remote attackers to obtain the full ...)
	NOT-FOR-US: GANTTy
CVE-2006-2892 (Cross-site scripting (XSS) vulnerability in index.php in GANTTy 1.0.3 ...)
	NOT-FOR-US: GANTTy
CVE-2006-2891 (Cross-site scripting (XSS) vulnerability in admin/index.php for ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2890 (Pixelpost 1-5rc1-2 and earlier, when register_globals is enabled, ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2889 (Multiple SQL injection vulnerabilities in index.php in Pixelpost ...)
	NOT-FOR-US: Pixelpost
CVE-2006-2888 (PHP remote file inclusion vulnerability in _wk/wk_lang.php in Wikiwig ...)
	NOT-FOR-US: Wikiwig
CVE-2006-2887 (Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and ...)
	NOT-FOR-US: myNewsletter
CVE-2006-2886 (view.php in KnowledgeTree Open Source 3.0.3 and earlier allows remote ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2885 (Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree ...)
	- knowledgetree <removed> (bug #373137; low)
CVE-2006-2884 (SQL injection vulnerability in index.php in Kmita FAQ 1.0 allows ...)
	NOT-FOR-US: Kmita
CVE-2006-2883 (Cross-site scripting (XSS) vulnerability in search.php in Kmita FAQ ...)
	NOT-FOR-US: Kmita
CVE-2006-2882 (Multiple cross-site scripting (XSS) vulnerabilities submit.asp in ...)
	NOT-FOR-US: ASPScriptz
CVE-2006-2881 (Multiple PHP remote file inclusion vulnerabilities in DreamAccount 3.1 ...)
	NOT-FOR-US: DreamAccount
CVE-2006-2880 (Cross-site scripting (XSS) vulnerability in the Contributed Packages ...)
	NOT-FOR-US: pyblosxom package doesn't ship plugins
CVE-2006-2879 (SQL injection vulnerability in newscomments.php in Alex News-Engine ...)
	NOT-FOR-US: Alex News-Engine
CVE-2006-2878 (The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier ...)
	- dokuwiki 0.0.20060309-4 (bug #370369; bug #370785; high)
CVE-2006-2877 (PHP remote file inclusion vulnerability in Bookmark4U 2.0.0 and ...)
	NOT-FOR-US: Bookmark4U
CVE-2006-2876 (Cross-site scripting (XSS) vulnerability in cat.php in PHP Pro Publish ...)
	NOT-FOR-US: PHP Pro Publish
CVE-2006-2875 (Stack-based buffer overflow in the CL_ParseDownload function of Quake ...)
	- tremulous 1.1.0-6 (bug #660827)
	[squeeze] - tremulous 1.1.0-7~squeeze1
	- ioquake3 1.36+svn1788j-1
CVE-2006-2874 (Unspecified vulnerability in OSADS Alliance Database before 1.4 has ...)
	NOT-FOR-US: OSADS
CVE-2006-2873 (Cross-site scripting (XSS) vulnerability in hava.asp in Enigma Haber ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2872 (PHP remote file inclusion vulnerability in config.php in Rumble 1.02 ...)
	NOT-FOR-US: Rumble
CVE-2006-2871 (** DISPUTED ** ...)
	NOT-FOR-US: CyBoards
CVE-2006-2870 (Cross-site scripting (XSS) vulnerability in forum_search.asp in ...)
	NOT-FOR-US: Intelligent Solutions Inc.
CVE-2006-2869 (Unspecified vulnerability in the CHM unpacker in avast! before 4.7.844 ...)
	NOT-FOR-US: Avast
CVE-2006-2868 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.6 ...)
	NOT-FOR-US: Claroline
CVE-2006-2867 (SQL injection vulnerability in editpost.php in CoolForum 0.8.3 beta ...)
	NOT-FOR-US: CoolForum
CVE-2006-2866 (PHP remote file inclusion vulnerability in layout/prepend.php in ...)
	NOT-FOR-US: DotClear
CVE-2006-2865 (** DISPUTED ** ...)
	NOTE: phpbb2, but invalid
CVE-2006-2864 (Multiple PHP remote file inclusion vulnerabilities in BlueShoes ...)
	NOT-FOR-US: BlueShoes
CVE-2006-2863 (PHP remote file inclusion vulnerability in class.cs_phpmailer.php in ...)
	NOT-FOR-US: CS-Cart
CVE-2006-2862 (SQL injection vulnerability in viewimage.php in Particle Gallery 1.0.0 ...)
	NOT-FOR-US: Particle Gallery
CVE-2006-2861 (SQL injection vulnerability in index.php in Particle Wiki 1.0.2 and ...)
	NOT-FOR-US: Particle Wiki
CVE-2006-2860 (PHP remote file inclusion vulnerability in Webspotblogging 3.0.1 ...)
	NOT-FOR-US: Webspotblogging
CVE-2006-2859 (** DISPUTED ** ...)
	NOT-FOR-US: MyBloggie
CVE-2006-2858 (SQL injection vulnerability in viewmsg.asp in LocazoList Classifieds ...)
	NOT-FOR-US: LocazoList
CVE-2006-2857 (SQL injection vulnerability in index.php in LifeType 1.0.4 allows ...)
	NOT-FOR-US: LifeType
CVE-2006-2856 (ActiveState ActivePerl 5.8.8.817 for Windows configures the site/lib ...)
	NOT-FOR-US: ActiveState
CVE-2006-2855 (SQL injection vulnerability in index.php in xueBook 1.0 allows remote ...)
	NOT-FOR-US: xueBook
CVE-2006-2854 (SQL injection vulnerability in index.php in iBWd Guestbook 1.0 allows ...)
	NOT-FOR-US: iBWd
CVE-2006-2853 (SQL injection vulnerability in content.php in abarcar Realty Portal ...)
	NOT-FOR-US: abarcar
CVE-2006-2852 (PHP remote file inclusion vulnerability in dotWidget CMS 1.0.6 and ...)
	NOT-FOR-US: dotWidget
CVE-2006-2851 (Cross-site scripting (XSS) vulnerability in index.php in dotProject ...)
	NOT-FOR-US: dotProject
CVE-2006-2850 (Cross-site scripting (XSS) vulnerability in recentchanges.php in PHP ...)
	NOT-FOR-US: LabWiki
CVE-2006-2849 (PHP remote file inclusion vulnerability in includes/webdav/server.php ...)
	NOT-FOR-US: Bytehoard
CVE-2006-2848 (links.asp in aspWebLinks 2.0 allows remote attackers to change the ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2847 (SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows ...)
	NOT-FOR-US: aspWebLinks
CVE-2006-2846 (Cross-site scripting (XSS) vulnerability in Print.PHP in VisionGate ...)
	NOT-FOR-US: VisionGate
CVE-2006-2845 (PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows ...)
	NOT-FOR-US: Redaxo
CVE-2006-2844 (Multiple PHP remote file inclusion vulnerabilities in Redaxo 3.0 allow ...)
	NOT-FOR-US: Redaxo
CVE-2006-2843 (PHP remote file inclusion vulnerability in Redaxo 2.7.4 allows remote ...)
	NOT-FOR-US: Redaxo
CVE-2006-2841 (Multiple PHP remote file inclusion vulnerabilities in AssoCIateD (aka ...)
	NOT-FOR-US: AssoCIateD
CVE-2006-2840 (Cross-site scripting (XSS) vulnerability in (1) uploads.php and (2) ...)
	NOT-FOR-US: PmWiki
CVE-2006-2839 (Directory traversal vulnerability in PG Problem Editor module ...)
	NOT-FOR-US: WeBWorK
CVE-2006-2838 (Buffer overflow in the web console in F-Secure Anti-Virus for ...)
	NOT-FOR-US: F-Secure
CVE-2006-2837 (Cross-site scripting (XSS) vulnerability in Techno Dreams Guest Book ...)
	NOT-FOR-US: Techno Dreams
CVE-2006-2836 (SQL injection vulnerability in comment.php in Pineapple Technologies ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2006-2835 (SQL injection vulnerability in saphplesson 2.0 allows remote attackers ...)
	NOT-FOR-US: saphplesson
CVE-2006-2834 (PHP remote file inclusion vulnerability in includes/common.php in ...)
	NOT-FOR-US: gnopaste
CVE-2006-2833 (Cross-site scripting (XSS) vulnerability in the taxonomy module in ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2832 (Cross-site scripting (XSS) vulnerability in the upload module ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2831 (Drupal 4.6.x before 4.6.8 and 4.7.x before 4.7.2, when running under ...)
	{DSA-1125}
	NOTE: Although not in the changelog, sesse@ (responsible for 4.5.8-1.1)
	NOTE: says he pulled in the entire patch for DRUPAL-SA-2006-007, which
	NOTE: fixes CVE-2006-2831.
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2830 (Buffer overflow in TIBCO Rendezvous before 7.5.1, TIBCO Runtime Agent ...)
	NOT-FOR-US: TIBCO
CVE-2006-2829 (Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before ...)
	NOT-FOR-US: TIBCO
CVE-2006-2828 (Global variable overwrite vulnerability in PHP-Nuke allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-2827 (** DISPUTED ** ...)
	NOT-FOR-US: X-Cart
CVE-2006-2826 (SQL injection vulnerability in sessions.inc in PHP Base Library ...)
	NOT-FOR-US: PHPLIB
CVE-2006-2825 (cPanel does not automatically synchronize the PHP open_basedir ...)
	NOT-FOR-US: cPanel the vhost manager, not cpanel the Chinese desktop configuration tool
CVE-2006-2824 (Logicalware MailManager before 2.0.10 does not remove 0xc8 0x27 (0xc8 ...)
	NOT-FOR-US: Logicalware
CVE-2006-2823 (Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive ...)
	NOT-FOR-US: ashopKart
CVE-2006-2822 (SQL injection vulnerability in admin/default.asp in Dusan Drobac ...)
	NOT-FOR-US: cforum
CVE-2006-2821 (Multiple cross-site scripting (XSS) vulnerabilities in DeltaScripts ...)
	NOT-FOR-US: DeltaScripts
CVE-2006-2820 (Cross-site scripting (XSS) vulnerability in HotWebScripts.com Weblog ...)
	NOT-FOR-US: HotWebScripts
CVE-2006-2819 (PHP remote file inclusion vulnerability in Wiki.php in Barnraiser ...)
	NOT-FOR-US: Barnraiser Igloo
CVE-2006-2818 (PHP remote file inclusion vulnerability in common-menu.php in Cameron ...)
	NOT-FOR-US: Cameron McKay Informium
CVE-2006-2817 (SQL injection vulnerability in bolum.php in tekno.Portal allows remote ...)
	NOT-FOR-US: tekno.Portal
CVE-2006-2816 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: CoolPHP
CVE-2006-2815 (Multiple cross-site scripting (XSS) vulnerabilities in Two Shoes ...)
	NOT-FOR-US: SimpleBoard
CVE-2006-2814 (Multiple buffer overflows in the (1) vGetPost and (2) main functions ...)
	NOT-FOR-US: iShopCart
CVE-2006-2813 (Directory traversal vulnerability in easy-scart.cgi in iShopCart ...)
	NOT-FOR-US: iShopCart
CVE-2006-2812 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: PICRATE
CVE-2006-2811 (Multiple PHP remote file inclusion vulnerabilities in Cantico ...)
	NOT-FOR-US: Ovidentia
CVE-2006-2810 (Multiple cross-site scripting (XSS) vulnerabilities in Belchior ...)
	NOT-FOR-US: Belchior vCard
CVE-2006-2809 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ar-blog
CVE-2006-2808 (Cross-site scripting (XSS) vulnerability in Lycos Tripod htmlGEAR ...)
	NOT-FOR-US: Lycos
CVE-2006-2807 (ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to ...)
	NOT-FOR-US: ASPwebSoft
CVE-2006-2806 (The SMTP server in Apache Java Mail Enterprise Server (aka Apache ...)
	NOT-FOR-US: Apache James
CVE-2005-2468 (Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2467 (Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum ...)
	NOT-FOR-US: MySQL Eventum
CVE-2005-2466 (Multiple SQL injection vulnerabilities in the auth_user function in ...)
	NOT-FOR-US: OpenBook
CVE-2005-2465 (Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2464 (login.php in PCXP/TOPPE CMS allows remote attackers to bypass ...)
	NOT-FOR-US: PC-EXPERIENCE/TOPPE CMS
CVE-2005-2463 (Kayako liveResponse 2.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2462 (Kayako liveResponse 2.x, when logging in a user, records the password ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2461 (Multiple SQL injection vulnerabilities in the calendar feature in ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2005-2460 (Multiple cross-site scripting (XSS) vulnerabilities in Kayako ...)
	NOT-FOR-US: Kayako liveResponse
CVE-2006-2842 (** DISPUTED ** ...)
	- squirrelmail 2:1.4.7-1 (unimportant; bug #373731)
	NOTE: Only exploitable with register_globals enabled
CVE-2006-XXXX [webalizer: symlink vulnerability]
	- webalizer 2.01.10-29 (low; bug #359745)
	[sarge] - webalizer <no-dsa> (Minor issue)
	NOTE: Only exploitable in far-fetched scenarios, running it as root is insecure anyway
CVE-2006-2805 (SQL injection vulnerability in VBulletin 3.0.10 allows remote ...)
	NOT-FOR-US: vBulletin
CVE-2006-2804 (Cross-site scripting (XSS) vulnerability in index.cfm in Goss ...)
	NOT-FOR-US: Goss iCM
CVE-2006-2803 (Multiple cross-site scripting (XSS) vulnerabilities in PHP ManualMaker ...)
	NOT-FOR-US: PHP ManualMaker
CVE-2006-2802 (Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib ...)
	{DSA-1105}
	- xine-lib 1.1.1-2 (bug #369876; medium)
CVE-2006-2801 (Multiple SQL injection vulnerabilities in Unak CMS 1.5 RC2 and earlier ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2800 (Multiple cross-site scripting (XSS) vulnerabilities in Unak CMS 1.5 ...)
	NOT-FOR-US: Unak CMS
CVE-2006-2799 (Cross-site scripting (XSS) vulnerability in content_footer.php in ...)
	NOT-FOR-US: toendaCMS
CVE-2006-2798 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2797 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2006-2796 (Cross-site scripting (XSS) vulnerability in gallery.php in Captivate ...)
	NOT-FOR-US: Captivate gallery.php
CVE-2006-2795 (Multiple cross-site scripting (XSS) vulnerabilities in XiTi Tracking ...)
	NOT-FOR-US: XiTi Tracking Script
CVE-2006-2794 (Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2793 (SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier ...)
	NOT-FOR-US: ASPSitem
CVE-2006-2792 (SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) ...)
	NOT-FOR-US: wbboard
CVE-2006-2791 (Directory traversal vulnerability in index.php in iBoutique.MALL and ...)
	NOT-FOR-US: iBoutique.MALL
CVE-2006-2790 (A package component in Sun Storage Automated Diagnostic Environment ...)
	NOT-FOR-US: Sun StorADE
CVE-2006-2789 (Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when &quot;load images if ...)
	- evolution 2.4.0-1 (low)
	[sarge] - evolution <not-affected> (Not reproducible on Sarge's evolution)
	NOTE: Verified that the patch has been applied in 2.4.0-1,
	NOTE: may have been fixed earlier.
CVE-2006-2788 (Double free vulnerability in the getRawDER function for nsIX509Cert in ...)
	{DSA-1210 DSA-1192-1 DSA-1191-1}
	- mozilla <removed> (high)
	- firefox 1.5.dfsg+1.5.0.4 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2787 (EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-31
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2786 (HTTP response smuggling vulnerability in Mozilla Firefox and ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-33
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2785 (Cross-site scripting (XSS) vulnerability in Mozilla Firefox before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-34
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2784 (The PLUGINSPAGE functionality in Mozilla Firefox before 1.5.0.4 allows ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-36
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla <removed> (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2783 (Mozilla Firefox and Thunderbird before 1.5.0.4 strip the Unicode ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-42
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- thunderbird 1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
	- webkit 1.0.1-1 (bug #535793)
	NOTE: http://trac.webkit.org/changeset/33380
	- qt4-x11 4:4.6.2-4 (low; bug #561760)
	[lenny] - qt4-x11 <no-dsa> (Minor impact, no apps in Lenny which use qtwebkit )
	NOTE: QT4 might be fixed earlier, but only 4.6.2 was checked against, Lenny is affected
	- kdelibs <not-affected> (bug #561765)
CVE-2006-2782 (Firefox 1.5.0.2 does not fix all test cases associated with ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-41
	- firefox 1.5.dfsg+1.5.0.4-1 (medium)
	- mozilla 2:1.7.13-0.3 (medium)
	- xulrunner 1.8.0.4-1 (medium)
CVE-2006-2781 (Double free vulnerability in nsVCard.cpp in Mozilla Thunderbird before ...)
	{DSA-1134-1 DSA-1118}
	NOTE: MFSA-2006-40
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
CVE-2006-2780 (Integer overflow in Mozilla Firefox and Thunderbird before 1.5.0.4 ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2779 (Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers ...)
	{DSA-1160 DSA-1159 DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-32
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2778 (The crypto.signText function in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-38
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2777 (Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-43
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2776 (Certain privileged UI code in Mozilla Firefox and Thunderbird before ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-37
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2775 (Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-35
	- firefox 1.5.dfsg+1.5.0.4-1 (high)
	- thunderbird 1.5.0.4-1 (high)
	- mozilla 2:1.7.13-0.3 (high)
	- xulrunner 1.8.0.4-1 (high)
CVE-2006-2774 (Cross-site scripting (XSS) vulnerability in search.php in QontentOne ...)
	NOT-FOR-US: QontentOne
CVE-2006-2773 (admin/redigera/redigera2.asp in Hogstorps hogstorp Guestbook 2.0 does ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2772 (Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2771 (admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not ...)
	NOT-FOR-US: Hogstorps
CVE-2006-2770 (Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 ...)
	NOT-FOR-US: pppBLOG
CVE-2006-2769 (The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through ...)
	- snort 2.3.3-8 (low; bug #381726)
	[sarge] - snort <no-dsa> (Minor impact)
CVE-2006-2768 (PHP remote file inclusion vulnerability in METAjour 2.1, when ...)
	NOT-FOR-US: METAjour
CVE-2006-2767 (PHP remote file inclusion vulnerability in Ottoman 1.1.2, when ...)
	NOT-FOR-US: Ottoman
CVE-2006-2766 (Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-2765 (Cross-site scripting (XSS) vulnerability in news_information.php in ...)
	NOT-FOR-US: Interlink
CVE-2006-2764 (Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows ...)
	NOT-FOR-US: GuestbookXL
CVE-2006-2763 (SQL injection vulnerability in Pre News Manager 1.0 allows remote ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2762 (PHP remote file inclusion vulnerability in includes/config.php in ...)
	{DSA-1096-1}
	- webcalendar 1.0.4-1 (medium)
CVE-2006-2761 (SQL injection vulnerability in Hitachi HITSENSER3 HITSENSER3/PRP, ...)
	NOT-FOR-US: Hitachi
CVE-2006-2760 (SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 ...)
	NOT-FOR-US: 4nForum
CVE-2006-2759 (jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2758 (Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 ...)
	- jetty <not-affected> (vulnerable code not in Debian version)
CVE-2006-2757 (Cross-site scripting (XSS) vulnerability in Chipmunk guestbook allows ...)
	NOT-FOR-US: Chipmunk guestbook
CVE-2006-2756 (Eitsop My Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eitsop
CVE-2006-2755 (Cross-site scripting (XSS) vulnerability in index.php in UBBThreads ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2754 (Stack-based buffer overflow in st.c in slurpd for OpenLDAP before ...)
	- openldap2.3 2.3.24-1 (bug #375494; bug #377047; unimportant)
	NOTE: File is only written and read by slurpd, only editable by root
CVE-2006-2752 (The RedCarpet /etc/ximian/rcd.conf configuration file in Novell Linux ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2751 (Cross-site scripting (XSS) vulnerability in Open Searchable Image ...)
	NOT-FOR-US: OSIC
CVE-2006-2750 (Cross-site scripting (XSS) vulnerability in the do_mysql_query ...)
	NOT-FOR-US: OSIC
CVE-2006-2749 (SQL injection vulnerability in search.php in Open Searchable Image ...)
	NOT-FOR-US: OSIC
CVE-2006-2748 (SQL injection vulnerability in the do_mysql_query function in core.php ...)
	NOT-FOR-US: OSIC
CVE-2006-2747 (Directory traversal vulnerability in index.php in PhpMyDesktop|arcade ...)
	NOT-FOR-US: PhpMyDesktop
CVE-2006-2746 (Multiple cross-site scripting (XSS) vulnerabilities in F@cile ...)
	NOT-FOR-US: F@cile
CVE-2006-2745 (Multiple PHP remote file inclusion vulnerabilities in F@cile ...)
	NOT-FOR-US: F@cile
CVE-2006-2744 (PHP remote file inclusion vulnerability in p-popupgallery.php in ...)
	NOT-FOR-US: F@cile
CVE-2006-2743 (Drupal 4.6.x before 4.6.7 and 4.7.0, when running on Apache with ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (bug #368835; medium)
CVE-2006-2742 (SQL injection vulnerability in Drupal 4.6.x before 4.6.7 and 4.7.0 ...)
	{DSA-1125}
	- drupal 4.5.8-1.1 (medium)
CVE-2006-2741 (Cross-site scripting (XSS) vulnerability in Epicdesigns tinyBB 0.3 ...)
	NOT-FOR-US: tinyBB
CVE-2006-2740 (Multiple SQL injection vulnerabilities in Epicdesigns tinyBB 0.3 allow ...)
	NOT-FOR-US: tinyBB
CVE-2006-2739 (PHP remote file inclusion vulnerability in footers.php in Epicdesigns ...)
	NOT-FOR-US: tinyBB
CVE-2006-2738 (The open source version of Open-Xchange 0.8.2 and earlier uses a ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-2737 (utilities/register.asp in Nukedit 4.9.6 and earlier allows remote ...)
	NOT-FOR-US: Nukedit
CVE-2006-2736 (PHP remote file inclusion vulnerability in blend_data/blend_common.php ...)
	NOT-FOR-US: Blend Portal
CVE-2006-2735 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Amod
CVE-2006-2734 (enter.asp in Mini-Nuke 2.3 and earlier makes it easier for remote ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2733 (membership.asp in Mini-Nuke 2.3 and earlier uses plaintext security ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2732 (SQL injection vulnerability in Your_Account.asp in Mini-Nuke 2.3 and ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-2731 (Multiple SQL injection vulnerabilities in Enigma Haber 4.3 and earlier ...)
	NOT-FOR-US: Enigma Haber
CVE-2006-2730 (PHP remote file inclusion vulnerability in admin/lib_action_step.php ...)
	NOT-FOR-US: Hot Open Tickets
CVE-2006-2729 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2728 (Cross-site scripting (XSS) vulnerability in superalbum/index.php in ...)
	NOT-FOR-US: Photoalbum
CVE-2006-2727 (home/register.php in Eggblog before 3.0 allows remote attackers to ...)
	NOT-FOR-US: Eggblog
CVE-2006-2726 (PHP remote file inclusion vulnerability in Fastpublish CMS 1.6.9.d ...)
	NOT-FOR-US: Fastpublish
CVE-2006-2725 (SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 ...)
	NOT-FOR-US: Eggblog
CVE-2006-2724 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.11 allows remote ...)
	NOT-FOR-US: PunBB
CVE-2006-2723 (Unspecified versions of Mozilla Firefox allow remote attackers to ...)
	- firefox 45.0-1 (unimportant)
	- firefox-esr 45.0esr-1 (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	- mozilla-firefox <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: Non-issue
CVE-2006-2722 (SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2721 (Cross-site scripting (XSS) vulnerability in news.php in VARIOMAT ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2720 (SQL injection vulnerability in news.php in VARIOMAT allows remote ...)
	NOT-FOR-US: VARIOMAT
CVE-2006-2719 (JIWA Financials 6.4.14 stores usernames and passwords for all accounts ...)
	NOT-FOR-US: JIWA
CVE-2006-2718 (JIWA Financials 6.4.14 passes a Microsoft SQL Server account's ...)
	NOT-FOR-US: JIWA
CVE-2006-2717 (Unspecified vulnerability in Secure Elements Class 5 AVR client and ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2716 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 uses a ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2715 (The Administration Console in Secure Elements Class 5 AVR (aka C5 EVM) ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2714 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 does not ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2713 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 generates ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2712 (Secure Elements Class 5 AVR (aka C5 EVM) client and server before ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2711 (Secure Elements Class 5 AVR (aka C5 EVM) 2.8.1 and earlier, and ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2710 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 uses the same ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2709 (Secure Elements Class 5 AVR (aka C5 EVM) before 2.8.1 do not validate ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2708 (Secure Elements Class 5 AVR client (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2707 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 does not ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2706 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2705 (Secure Elements Class 5 AVR server (aka C5 EVM) before 2.8.1 allows ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2704 (Secure Elements Class 5 AVR server and client (aka C5 EVM) before ...)
	NOT-FOR-US: C5 EVM
CVE-2006-2703 (The RedCarpet command-line client (rug) does not verify SSL ...)
	NOT-FOR-US: RedCarpet
CVE-2006-2702 (vars.php in WordPress 2.0.2, possibly when running on Mac OS X, allows ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2701 (SQL injection vulnerability in Geeklog 1.4.0sr2 and earlier allows ...)
	NOT-FOR-US: Geeklog
CVE-2006-2700 (SQL injection vulnerability in admin/auth.inc.php in Geeklog 1.4.0sr2 ...)
	NOT-FOR-US: Geeklog
CVE-2006-2699 (Cross-site scripting (XSS) vulnerability in getimage.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2006-2698 (Geeklog 1.4.0sr2 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Geeklog
CVE-2006-2697 (Multiple SQL injection vulnerabilities in Easy-Content Forums 1.0 ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2696 (Cross-site scripting (XSS) vulnerabilities in Easy-Content Forums 1.0 ...)
	NOT-FOR-US: Easy-Content
CVE-2006-2695 (admin/upprocess.php in DGNews 1.5 and earlier allows remote attackers ...)
	NOT-FOR-US: DGNews
CVE-2006-2694 (Multiple PHP remote file inclusion vulnerabilities in EzUpload Pro ...)
	NOT-FOR-US: EzUpload
CVE-2006-2693 (Directory traversal vulnerability in admin/admin_hacks_list.php in ...)
	NOT-FOR-US: Nivisec
CVE-2006-2692 (Multiple unspecified vulnerabilities in aMuleWeb for AMule before ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2691 (Unspecified &quot;information leakage&quot; vulnerabilities in aMuleWeb for ...)
	- amule 2.1.2-1 (medium)
CVE-2006-2690 (An unspecified script in EVA-Web 2.1.2 and earlier, probably ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2689 (Multiple cross-site scripting (XSS) vulnerabilities in EVA-Web 2.1.2 ...)
	NOT-FOR-US: EVA-Web
CVE-2006-2688 (SQL injection vulnerability in the employees node (class.employee.inc) ...)
	NOT-FOR-US: Achievo
CVE-2006-2687 (Cross-site scripting (XSS) vulnerability in adduser.php in PHP-AGTC ...)
	NOT-FOR-US: AGTC
CVE-2006-2686 (PHP remote file inclusion vulnerabilities in ActionApps 2.8.1 allow ...)
	NOT-FOR-US: ActionApps
CVE-2006-2685 (PHP remote file inclusion vulnerability in Basic Analysis and Security ...)
	- acidbase 1.2.5-1 (bug #370576; low)
CVE-2006-2684 (Cross-site scripting (XSS) vulnerability in the search module in CMS ...)
	NOT-FOR-US: Mundo
CVE-2006-2683 (PHP remote file inclusion vulnerability in 404.php in open-medium.CMS ...)
	NOT-FOR-US: open-medium
CVE-2006-2682 (PHP remote file inclusion vulnerability in BE_config.php in Back-End ...)
	NOT-FOR-US: Back-End
CVE-2006-2681 (PHP remote file inclusion vulnerability in SocketMail Lite and Pro ...)
	NOT-FOR-US: SocketMail
CVE-2006-2680 (Cross-site scripting (XSS) vulnerability in index.php in AZ Photo ...)
	NOT-FOR-US: AZ Photo Album
CVE-2006-2679 (Unspecified vulnerability in the VPN Client for Windows Graphical User ...)
	NOT-FOR-US: Cisco
CVE-2006-2678 (Multiple cross-site scripting (XSS) vulnerabilities in Pre News ...)
	NOT-FOR-US: Pre News Manager
CVE-2006-2677 (SiteScape Forum 7.2 and possibly earlier stores the avf.rc ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2676 (Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly ...)
	NOT-FOR-US: SiteScape Forum
CVE-2006-2675 (PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads ...)
	NOT-FOR-US: UBBThreads
CVE-2006-2674 (Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and ...)
	NOT-FOR-US: Tamber Forum
CVE-2006-2673 (Cross-site scripting (XSS) vulnerability in search.html in Bulletin ...)
	NOT-FOR-US: Elite-Board
CVE-2006-2672 (Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One ...)
	NOT-FOR-US: Realty Pro One
CVE-2006-2671 (SQL injection vulnerability in ChatPat 1.0 allows remote attackers to ...)
	NOT-FOR-US: ChatPat
CVE-2006-2670 (Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 ...)
	NOT-FOR-US: ChatPat
CVE-2006-2669 (Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping ...)
	NOT-FOR-US: Pre Shopping Mall
CVE-2006-2668 (Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 ...)
	NOT-FOR-US: Docebo LMS
CVE-2006-2667 (Direct static code injection vulnerability in WordPress 2.0.2 and ...)
	- wordpress 2.0.3-1 (bug #369014; medium)
CVE-2006-2666 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2665 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: V-Webmail
CVE-2006-2664 (Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote ...)
	NOT-FOR-US: iFdate
CVE-2006-2663 (Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 ...)
	NOT-FOR-US: iFlance
CVE-2006-2662 (VMware Server before RC1 does not clear user credentials from memory ...)
	NOT-FOR-US: VMware Server
CVE-2006-2661 (ftutil.c in Freetype before 2.2 allows remote attackers to cause a ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-2660 (Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 ...)
	- php4 4:4.4.4-1 (unimportant)
	- php5 5.1.6-1 (unimportant)
	NOTE: using a long enough path (>MAXPATHLEN) allows you to have
	NOTE: tempnam create a file without the temp extension. sounds like
	NOTE: another shoot yourself in the foot issue, since the local user
	NOTE: could just as easily create the file manually, and if the
	NOTE: tempnam function is taking unsanitized input, it's an
	NOTE: application error
CVE-2006-2658 (Directory traversal vulnerability in the xsp component in mod_mono in ...)
	- xsp 1.1.15-1
CVE-2006-2657
	REJECTED
CVE-2006-2655 (The build process for ypserv in FreeBSD 5.3 up to 6.1 accidentally ...)
	NOT-FOR-US: build process for ypserv in FreeBSD
CVE-2006-2654 (Directory traversal vulnerability in smbfs smbfs on FreeBSD 4.10 up to ...)
	NOT-FOR-US: FreeBSD-specific (see CVE-2006-1864 for Linux-specific CVE)
CVE-2006-2653 (Cross-site scripting (XSS) vulnerability in login_error.shtml for ...)
	NOT-FOR-US: D-Link
CVE-2006-2652 (Cross-site scripting (XSS) vulnerability in WikiNi 0.4.2 and earlier ...)
	NOT-FOR-US: WikiNi
CVE-2006-2651 (Cross-site scripting (XSS) vulnerability in index.php in Vacation ...)
	NOT-FOR-US: Vacation Rental Script
CVE-2006-2650 (SQL injection vulnerability in cosmicshop/search.php in ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2649 (Multiple cross-site scripting (XSS) vulnerabilities in (a) search.php, ...)
	NOT-FOR-US: CosmicShoppingCart
CVE-2006-2648 (Cross-site scripting (XSS) vulnerability in perform_search.asp for ...)
	NOT-FOR-US: ASPBB
CVE-2006-2647 (Untrusted search path vulnerability in update_flash for IBM AIX 5.1, ...)
	NOT-FOR-US: IBM AIX
CVE-2006-2646 (Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-2645 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Plume
CVE-2006-2644 (AWStats 6.5, and possibly other versions, allows remote authenticated ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #365910)
CVE-2006-XXXX [specialy crafted WAV turns mkvmerge into a malloc bomb]
	- mkvtoolnix 1.7.0-2 (bug #370144; low)
CVE-2006-XXXX ['Cache' shell injection vulnerability]
	- wordpress 2.0.3-1 (high; bug #369014)
CVE-2006-2753 (SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x ...)
	{DSA-1092-1}
	- mysql-dfsg <not-affected> (Vulnerable code was introduced in 4.1, see #369741)
	- mysql <not-affected> (Vulnerable code was introduced in 4.1, see #369754)
	- mysql-dfsg-5.0 5.0.22-1 (bug #369735; medium)
	- mysql-dfsg-4.1 <removed> (bug #369754; medium)
CVE-2006-2659 (libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause ...)
	{DSA-1101}
	- courier 0.53.2-1 (bug #368834)
CVE-2006-2656 (Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 ...)
	{DSA-1091-1}
	- tiff 3.8.2-3 (bug #369819; low)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2643 (Cross-site scripting (XSS) vulnerability in index.php in Monster Top ...)
	NOT-FOR-US: Monster Top List
CVE-2006-2642 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: Php-residence
CVE-2006-2641 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: John Frank Asset Manager
CVE-2006-2640 (Cross-site scripting (XSS) vulnerability in OmegaMw7a.ASP in OMEGA ...)
	NOT-FOR-US: OMEGA INterneSErvicesLosungen (INSEL)
CVE-2006-2639 (Cross-site scripting (XSS) vulnerability in the input forms in ...)
	NOT-FOR-US: PHPSimpleChoose
CVE-2006-2638 (SQL injection vulnerability in member.asp in qjForum allows remote ...)
	NOT-FOR-US: qjForum
CVE-2006-2637 (Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) ...)
	NOT-FOR-US: TuttoPhp
CVE-2006-2636 (newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to ...)
	NOT-FOR-US: Katy Whitton NewsCMSLite
CVE-2006-2635 (Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka ...)
	- tikiwiki 1.9.4-1 (medium)
CVE-2006-2634 (Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under ...)
	NOT-FOR-US: Neocrome Seditio
CVE-2006-2633 (Absolute path traversal vulnerability in the copy action in index.php ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2632 (Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard ...)
	NOT-FOR-US: Andrew Godwin ByteHoard
CVE-2006-2631 (phpFoX allows remote authenticated users to modify arbitrary accounts ...)
	NOT-FOR-US: phpFoX
CVE-2006-2630 (Stack-based buffer overflow in Symantec Antivirus 10.1 and Client ...)
	NOT-FOR-US: Symantec
CVE-2006-2629 (Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP ...)
	- linux-2.6 2.6.18-1 (low)
CVE-2006-2628
	RESERVED
CVE-2006-2627
	RESERVED
CVE-2006-2626
	RESERVED
CVE-2006-2625
	RESERVED
CVE-2006-2624
	RESERVED
CVE-2006-2623
	RESERVED
CVE-2006-2622
	RESERVED
CVE-2006-2621
	RESERVED
CVE-2006-2620
	RESERVED
CVE-2006-2619
	RESERVED
CVE-2006-2618 (Cross-site scripting (XSS) vulnerability in (1) AlstraSoft Web Host ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2617 ((1) AlstraSoft Web Host Directory 1.2, aka (2) HyperStop WebHost ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2616 (SQL injection vulnerability in the search script in (1) AlstraSoft Web ...)
	NOT-FOR-US: AlstraSoft Web Host Directory
CVE-2006-2615 (ping.php in Russcom.Ping allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Russcom.Ping
CVE-2006-2614 (Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-2613 (Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other ...)
	NOTE: Installation path disclosure is uninteresting on Debian systems.
	NOTE: The profile path might be more sensitive, but exploit that
	NOTE: requires another, real security bug.
CVE-2006-2612 (Novell Client for Windows 4.8 and 4.9 does not restrict access to the ...)
	NOT-FOR-US: Novell Client for Windows
	NOTE: The Windows clipboard is a public resource anyway.
CVE-2006-2611 (Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in ...)
	- mediawiki1.7 <not-affected> (Fixed in 1.7 prior to release)
	- mediawiki1.5 <removed>
CVE-2006-2610 (Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 ...)
	NOT-FOR-US: phpRaid
CVE-2006-2609 (artmedic newsletter 4.1.2 and possibly other versions, when ...)
	NOT-FOR-US: artmedic newsletter
CVE-2006-2608 (artmedic newsletter 4.1 and possibly other versions, when ...)
	NOT-FOR-US: artmedic newsletter
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows ...)
	{DSA-1184-2}
	- linux-2.6 <not-affected> (fixed before the first upload)
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...)
	- sun-java5 1.5.0-06-1 (low; bug #384734)
CVE-2006-XXXX [mono xsp file disclosure]
	- xsp 1.1.15-1 (medium)
CVE-2006-2607 (do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return ...)
	- cron 3.0pl1-64 (bug #85609; bug #86775; medium)
CVE-2006-2606 (Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and ...)
	NOT-FOR-US: Chatty
CVE-2006-2605 (Cross-site scripting (XSS) vulnerability in DSChat 1.0 and earlier ...)
	NOT-FOR-US: DSChat
CVE-2006-2604
	REJECTED
CVE-2006-2603
	REJECTED
CVE-2006-2602
	REJECTED
CVE-2006-2601
	REJECTED
CVE-2006-2600
	REJECTED
CVE-2006-2599
	REJECTED
CVE-2006-2598
	REJECTED
CVE-2006-2597
	REJECTED
CVE-2006-2596
	REJECTED
CVE-2006-2595
	REJECTED
CVE-2006-2594
	REJECTED
CVE-2006-2593
	REJECTED
CVE-2006-2592 (Unspecified vulnerability in DSChat 1.0 allows remote attackers to ...)
	NOT-FOR-US: DSChat
CVE-2006-2591 (Unspecified vulnerability in e107 before 0.7.5 has unknown impact and ...)
	NOT-FOR-US: e107
CVE-2006-2590 (SQL injection vulnerability in e107 before 0.7.5 allows remote ...)
	NOT-FOR-US: e107
CVE-2006-2589 (SQL injection vulnerability in rss.php in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2588 (Russcom PHPImages allows remote attackers to upload files of arbitrary ...)
	NOT-FOR-US: Russcom PHPImages
CVE-2006-2587 (Buffer overflow in the WebTool HTTP server component in (1) PunkBuster ...)
	NOT-FOR-US: WebTool HTTP server
CVE-2006-2586 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
	NOT-FOR-US: IpLogger
CVE-2006-2585 (SQL injection vulnerability in Destiney Links Script 2.1.2 allows ...)
	NOT-FOR-US: Destiney Links Script
CVE-2006-2584 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	NOT-FOR-US: SkyeBox
CVE-2006-2583 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Nucleus
CVE-2006-2582 (The editing form in RWiki 2.1.0pre1 through 2.1.0 allows remote ...)
	NOT-FOR-US: RWiki
CVE-2006-2581 (Cross-site scripting (XSS) vulnerability in Wiki content in RWiki ...)
	NOT-FOR-US: RWiki
CVE-2005-4806 (Multiple unspecified vulnerabilities in Sun Java System Web Proxy ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2005-4805 (Unspecified vulnerability in Sun Java System Application Server 7 ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4804 (Unspecified vulnerability in Sun Java System Application Server ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2006-2580 (Multiple unspecified vulnerabilities in HP OpenView Network Node ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2006-2579 (Unspecified vulnerability in HP OpenView Storage Data Protector 5.1 ...)
	NOT-FOR-US: HP OpenView Storage Data Protector
CVE-2006-2578 (admin/cron.php in eSyndicat Directory 1.2, when register_globals is ...)
	NOT-FOR-US: eSyndicat Directory
CVE-2006-2577 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2576 (Multiple PHP remote file inclusion vulnerabilities in Docebo 3.0.3 and ...)
	NOT-FOR-US: Docebo
CVE-2006-2575 (The setFrame function in Lib/2D/Surface.hpp for NetPanzer 0.8 and ...)
	- netpanzer 0.8+svn20060319-2 (bug #370146; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2006-2574 (Multiple unspecified vulnerabilities in Software Distributor in HP-UX ...)
	NOT-FOR-US: Software Distributor in HP-UX
CVE-2006-2573 (SQL injection vulnerability in index.php in DGBook 1.0, with ...)
	NOT-FOR-US: DGBook
CVE-2006-2572 (Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 ...)
	NOT-FOR-US: DGBook
CVE-2006-2571 (Cross-site scripting (XSS) vulnerability in search.html in Alkacon ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2006-2570 (PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-2569 (SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and ...)
	NOT-FOR-US: Linklist
CVE-2006-2568 (PHP remote file inclusion vulnerability in addpost_newpoll.php in ...)
	NOT-FOR-US: UBB.threads
CVE-2006-2567 (Cross-site scripting (XSS) vulnerability in submit_article.php in ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2566 (Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2565 (SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2564 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Alstrasoft Article Manager Pro
CVE-2006-2563 (The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to ...)
	- php4 4:4.4.4-1 (bug #370166; unimportant)
	- php5 5.1.6-1 (bug #370165; unimportant)
	NOTE: Safe mode violations are not supported
CVE-2006-2562 (ZyXEL P-335WT router allows remote attackers to bypass access ...)
	NOT-FOR-US: ZyXEL P-335WT router
CVE-2006-2561 (Edimax BR-6104K router allows remote attackers to bypass access ...)
	NOT-FOR-US: Edimax BR-6104K router
CVE-2006-2560 (Sitecom WL-153 router firmware before 1.38 allows remote attackers to ...)
	NOT-FOR-US: Sitecom WL-153 router
CVE-2006-2559 (Linksys WRT54G Wireless-G Broadband Router allows remote attackers to ...)
	NOT-FOR-US: Linksys WRT54G router
CVE-2006-2558 (Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier ...)
	NOT-FOR-US: IpLogger
CVE-2006-2557 (PHP remote file inclusion vulnerability in extras/poll/poll.php in ...)
	NOT-FOR-US: Newsportal
CVE-2006-2556 (Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal ...)
	- newsportal <itp> (bug #149069)
	NOTE: RFP #149069 closed after no activity since too long time
CVE-2006-2555 (The parse_command function in Genecys 0.2 and earlier allows remote ...)
	NOT-FOR-US: Genecys
CVE-2006-2554 (Buffer overflow in the tell_player_surr_changes function in Genecys ...)
	NOT-FOR-US: Genecys
CVE-2006-2553 (Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2552 (Jemscripts DownloadControl 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: DownloadControl
CVE-2006-2551 (Unspecified vulnerability in the kernel in HP-UX B.11.00 allows local ...)
	NOT-FOR-US: HP-UX
CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when ...)
	NOT-FOR-US: Fujitsu UXP/V
CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...)
	- bind <removed> (unimportant)
	- bind9 <not-affected> (does not send parallel queries)
	NOTE: Disabling recursion does not close all attack vectors.
	NOTE: Browser reflection attacks will still work.
	NOTE: Bind 8 design limitations that are only addressed in bind 9 are not
	NOTE: treated a security issues, DNS admins need to be aware what they are using
CVE-2006-2550 (perlpodder before 0.5 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: perlpodder
CVE-2006-2549 (Stack-based buffer overflow in PDF Form Filling and Flattening Tool ...)
	NOT-FOR-US: PDF Form Filling and Flattening Tool
CVE-2006-2548 (Prodder before 0.5, and perlpodder before 0.5, allows remote attackers ...)
	NOT-FOR-US: prodder/perlpodder
CVE-2006-2547 (Unspecified vulnerability in the sapdba command in SAP with Informix ...)
	NOT-FOR-US: Sap
CVE-2006-2546 (A recommended admin password reset mechanism for BEA WebLogic Server ...)
	NOT-FOR-US: BEA
CVE-2006-2545 (Multiple cross-site scripting (XSS) vulnerabilities in Xtreme Topsites ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2544 (Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2543 (Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors ...)
	NOT-FOR-US: Xtreme Topsites
CVE-2006-2542 (xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb ...)
	{DSA-1086-1}
	- xmcd 2.6-17.2 (bug #366816; medium)
CVE-2006-2541 (SQL injection vulnerability in settings.asp in Zixforum 1.12 allows ...)
	NOT-FOR-US: Zixforum
CVE-2006-2540 (Privacy leak in install.php for Diesel PHP Job Site sends sensitive ...)
	NOT-FOR-US: Diesel
CVE-2006-2539 (Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, ...)
	NOT-FOR-US: Sybase
CVE-2006-2538 (IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote ...)
	NOT-FOR-US: Windows-only Firefox plugin
CVE-2006-2537 (Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and ...)
	NOT-FOR-US: *BOR
CVE-2006-2536 (Cross-site scripting (XSS) vulnerability in Destiney Links Script ...)
	NOT-FOR-US: Destiney
CVE-2006-2535 (index.php in Destiney Links Script 2.1.2 allows remote attackers to ...)
	NOT-FOR-US: Destiney
CVE-2006-2534 (Destiney Links Script 2.1.2 does not protect library and other support ...)
	NOT-FOR-US: Destiney
CVE-2006-2533 (Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) ...)
	NOT-FOR-US: Destiney
CVE-2006-2532 (stats.php in Destiney Rated Images Script 0.5.0 allows remote ...)
	NOT-FOR-US: Destiney
CVE-2006-2531 (Ipswitch WhatsUp Professional 2006 only verifies the user's identity ...)
	NOT-FOR-US: Ipswitch
CVE-2006-2530 (avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly ...)
	NOT-FOR-US: Snitz mod
CVE-2006-2529 (editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-2528 (PHP remote file inclusion vulnerability in classified_right.php in ...)
	NOT-FOR-US: phpBazar
CVE-2006-2527 (Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers ...)
	NOT-FOR-US: phpBazar
CVE-2006-2526 (PHP remote file inclusion vulnerability in index.php in PHP Easy ...)
	NOT-FOR-US: PHP Easy Galerie
CVE-2006-2525 (SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote ...)
	NOT-FOR-US: UseBB
CVE-2006-2524 (Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier ...)
	NOT-FOR-US: UseBB
CVE-2006-2523 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
	NOT-FOR-US: phpListPro
CVE-2006-2522 (Dayfox Blog 2.0 and earlier stores user credentials in ...)
	NOT-FOR-US: Dayfox
CVE-2006-2521 (PHP remote file inclusion vulnerability in cron.php in phpMyDirectory ...)
	NOT-FOR-US: phpMyDirectory
CVE-2006-2520 (Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier ...)
	NOT-FOR-US: BitZipper
CVE-2006-2519 (Directory traversal vulnerability in ...)
	NOT-FOR-US: phpwcms
CVE-2006-2518 (Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows ...)
	NOT-FOR-US: phpwcms
CVE-2006-2517 (SQL injection vulnerability in MyWeb Portal Office, Standard Edition, ...)
	NOT-FOR-US: MyWeb
CVE-2006-2516 (mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is ...)
	NOT-FOR-US: XOOPS
CVE-2006-2515 (Cross-site scripting (XSS) vulnerability in index.php in Hiox ...)
	NOT-FOR-US: Hiox
CVE-2006-2514 (Coppermine galleries before 1.4.6, when running on Apache with ...)
	NOT-FOR-US: Coppermine
CVE-2006-2513 (Unspecified vulnerability in the installation process in Sun Java ...)
	NOT-FOR-US: Sun
CVE-2006-2512 (SQL injection vulnerability in Hitachi EUR Professional Edition, EUR ...)
	NOT-FOR-US: Hitachi
CVE-2006-2511 (The ActiveX version of FrontRange iHEAT allows remote authenticated ...)
	NOT-FOR-US: FrontRange
CVE-2006-2510 (Cross-site scripting (XSS) vulnerability in the URL submission form in ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2509 (SQL injection vulnerability in login.php in YourFreeWorld.com Short ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2508 (SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish ...)
	NOT-FOR-US: YourFreeWorld.com
CVE-2006-2507 (Multiple PHP remote file inclusion vulnerabilities in Teake Nutma ...)
	NOT-FOR-US: phpbb2 mod
CVE-2006-2506 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Sphider
CVE-2006-2505 (Oracle Database Server 10g Release 2 allows local users to execute ...)
	NOT-FOR-US: Oracle
CVE-2006-2504 (Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier ...)
	NOT-FOR-US: AZBOARD
CVE-2006-2503 (SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote ...)
	NOT-FOR-US: DeluxeBB
CVE-2006-2502 (Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) ...)
	- cyrus-imapd-2.2 <not-affected> (Vulnerable code not present)
CVE-2006-2501 (Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 ...)
	NOT-FOR-US: Sun
CVE-2006-2500 (Cross-site scripting (XSS) vulnerability in add_news.asp in ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2499 (SQL injection vulnerability in default.asp in CodeAvalanche News ...)
	NOT-FOR-US: CodeAvalanche News
CVE-2006-2498 (Invision Power Board (IPB) before 2.1.6 allows remote attackers to ...)
	NOT-FOR-US: Invision
CVE-2006-2497 (Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 ...)
	NOT-FOR-US: AspBB
CVE-2006-2496 (Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote ...)
	NOT-FOR-US: Novell
CVE-2006-2495 (Cross-site request forgery (CSRF) vulnerability in the Entry Manager ...)
	- serendipity 1.0-1
CVE-2006-2494 (Stack-based buffer overflow in IntelliTamper 2.07 allows remote ...)
	NOT-FOR-US: IntelliTampe
CVE-2006-2493
	REJECTED
CVE-2005-1755 (PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll ...)
	NOT-FOR-US: PHP Poll Creator
CVE-2005-1754 (** DISPUTED ** ...)
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1753 (** DISPUTED ** ...)
	NOT-FOR-US: JavaMail API
	NOTE: vulnerable file not in Debian
CVE-2005-1752 (viewFile.php in the scm component of Gforge before 4.0 allows remote ...)
	- gforge 3.1-30
	NOTE: viewFile.php disabled in 3.1-30
CVE-2006-2492 (Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, ...)
	NOT-FOR-US: Microsoft
CVE-2006-2491 (Cross-site scripting (XSS) vulnerability in (1) index.php and (2) ...)
	NOT-FOR-US: BoastMachine
CVE-2006-2490 (Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP ...)
	NOT-FOR-US: Mobotix
CVE-2006-2489 (Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; bug #368193; high)
	- nagios2 2.3-1 (bug #366683; bug #368199; high)
CVE-2006-2488 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS ...)
	NOT-FOR-US: Spymac
CVE-2006-2487 (Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 ...)
	NOT-FOR-US: ScozNews
CVE-2006-2486 (SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier ...)
	NOT-FOR-US: YapBB
CVE-2006-2485 (PHP remote file inclusion vulnerability in includes/class_template.php ...)
	NOT-FOR-US: Quezza
CVE-2006-2484 (Cross-site scripting (XSS) vulnerability in index.html in IceWarp ...)
	NOT-FOR-US: IceWarp
CVE-2006-2483 (PHP remote file inclusion vulnerability in cart_content.php in ...)
	NOT-FOR-US: Squirrelcart
CVE-2006-2482 (Heap-based buffer overflow in the TZipTV component in (1) ZipTV for ...)
	NOT-FOR-US: ZipTV
CVE-2006-2481 (VMware ESX Server 2.0.x before 2.0.2 and 2.x before 2.5.2 patch 4 ...)
	NOT-FOR-US: VMware ESX
CVE-2006-2480 (Format string vulnerability in Dia 0.94 allows user-assisted ...)
	- dia 0.95.0-4 (bug #368202; low)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2479 (The Update functionality in Bitrix Site Manager 4.1.x does not verify ...)
	NOT-FOR-US: Bitrix
CVE-2006-2478 (Bitrix Site Manager 4.1.x allows remote attackers to redirect users to ...)
	NOT-FOR-US: Bitrix
CVE-2006-2477 (Cross-site scripting (XSS) vulnerability in the administrative ...)
	NOT-FOR-US: Bitrix
CVE-2006-2476 (Bitrix Site Manager 4.1.x stores updater.log under the web document ...)
	NOT-FOR-US: Bitrix
CVE-2006-2475 (Directory traversal vulnerability in (1) edit_mailtexte.cgi and (2) ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2474 (SQL injection vulnerability in lshop.cgi in Cosmoshop 8.11.106 and ...)
	NOT-FOR-US: Cosmoshop
CVE-2006-2473 (** DISPUTED ** ...)
	NOT-FOR-US: OpenWiki
CVE-2006-2472 (Unspecified vulnerability in BEA WebLogic Server 9.1 and 9.0, 8.1 ...)
	NOT-FOR-US: BEA
CVE-2006-2471 (Multiple vulnerabilities in BEA WebLogic Server 8.1 through SP4, 7.0 ...)
	NOT-FOR-US: BEA
CVE-2006-2470 (Unspecified vulnerability in the WebLogic Server Administration ...)
	NOT-FOR-US: BEA
CVE-2006-2469 (The HTTP handlers in BEA WebLogic Server 9.0, 8.1 up to SP5, 7.0 up to ...)
	NOT-FOR-US: BEA
CVE-2006-2468 (The WebLogic Server Administration Console in BEA WebLogic Server 8.1 ...)
	NOT-FOR-US: BEA
CVE-2006-2467 (BEA WebLogic Server 8.1 up to SP4, 7.0 up to SP6, and 6.1 up to SP7 ...)
	NOT-FOR-US: BEA
CVE-2006-2466 (BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote ...)
	NOT-FOR-US: BEA
CVE-2006-2465 (Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary ...)
	- mp3info 0.8.4-9.1 (bug #368207; low)
	[sarge] - mp3info <no-dsa> (Hardly exploitable)
CVE-2006-2464 (stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and ...)
	NOT-FOR-US: BEA
CVE-2006-2463 (view_album.php in SelectaPix 1.31 and earlier allows remote attackers ...)
	NOT-FOR-US: SelectaPix
CVE-2006-2462 (BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service ...)
	NOT-FOR-US: BEA
CVE-2006-2461 (BEA WebLogic Server before 8.1 Service Pack 4 does not properly set ...)
	NOT-FOR-US: BEA
CVE-2006-2460 (Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2006-2459 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2458 (Multiple heap-based buffer overflows in Libextractor 0.5.13 and ...)
	{DSA-1081-1}
	- libextractor 0.5.14-1
CVE-2006-2457
	RESERVED
CVE-2006-2456
	RESERVED
CVE-2006-2455
	RESERVED
CVE-2006-2454
	RESERVED
CVE-2006-2453 (Multiple unspecified format string vulnerabilities in Dia have ...)
	- dia 0.95.0-4 (bug #368202; medium)
	[sarge] - dia <no-dsa> (Hardly exploitable, would require obviously malformed file names)
CVE-2006-2452 (GNOME GDM 2.8, 2.12, 2.14, and 2.15, when the &quot;face browser&quot; feature ...)
	- gdm 2.16.1-1 (bug #375281; medium)
	[sarge] - gdm <not-affected> (Vulnerable code has only been introduced with 2.8)
CVE-2006-2451 (The suid_dumpable support in Linux kernel 2.6.13 up to versions before ...)
	- linux-2.6 2.6.17-3 (high)
CVE-2006-2450 (auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass ...)
	- libvncserver 0.8.2-1 (high; bug #376824)
CVE-2006-2449 (KDE Display Manager (KDM) in KDE 3.2.0 up to 3.5.3 allows local users ...)
	{DSA-1156}
	- kdebase 4:3.5.2-2 (bug #374002; medium)
CVE-2006-2448 (Linux kernel before 2.6.16.21 and 2.6.17, when running on PowerPC, ...)
	- linux-2.6 2.6.16-15
CVE-2006-2447 (SpamAssassin before 3.1.3, when running with vpopmail and the paranoid ...)
	{DSA-1090-1}
	- spamassassin 3.1.3-1 (medium)
CVE-2006-2446 (Race condition between the kfree_skb and __skb_unlink functions in the ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.16-1
	NOTE: I'm not sure at which point this was merged, but I checked 2.6.16 and the
	NOTE: patch is included there
CVE-2006-2445 (Race condition in run_posix_cpu_timers in Linux kernel before ...)
	- linux-2.6 2.6.16-15
CVE-2006-2444 (The snmp_trap_decode function in the SNMP NAT helper for Linux kernel ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.16-15
CVE-2006-2442 (kphone 4.2 creates .qt/kphonerc with world-readable permissions, which ...)
	{DSA-1062-1}
	- kphone 1:4.2-3 (bug #337830; medium)
CVE-2006-2439 (Stack-based buffer overflow in ZipCentral 4.01 allows remote ...)
	NOT-FOR-US: ZipCentral
CVE-2006-2438 (Directory traversal vulnerability in the viewfile servlet in the ...)
	NOT-FOR-US: Caucho
CVE-2006-2437 (The viewfile servlet in the documentation package (resin-doc) for ...)
	NOT-FOR-US: Caucho
CVE-2006-2436 (WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2435 (Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 ...)
	NOT-FOR-US: IBM
CVE-2006-2434 (Unspecified vulnerability in WebSphere 5.1.1 (or any earlier ...)
	NOT-FOR-US: IBM
CVE-2006-2433 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2006-2432 (IBM WebSphere Application Server 5.0.2 (or any earlier cumulative fix) ...)
	NOT-FOR-US: IBM
CVE-2006-2431 (Cross-site scripting (XSS) vulnerability in the 500 Internal Server ...)
	NOT-FOR-US: IBM
CVE-2006-2430 (IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, ...)
	NOT-FOR-US: IBM
CVE-2006-2429 (Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, ...)
	NOT-FOR-US: IBM
CVE-2006-2428 (add.asp in DUware DUbanner 3.1 allows remote attackers to execute ...)
	NOT-FOR-US: Duware
CVE-2006-2427 (freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...)
	- clamav <not-affected> (clamav-freshclam doesn't ship freshclam setuid or setgid)
CVE-2006-2426 (Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 ...)
	{DSA-1769-1}
	- sun-java5 1.5.0-10-1 (bug #384734)
	- sun-java6 6-13-1 (bug #521414)
	[lenny] - sun-java6 <no-dsa> (Non-free not supported)
	- openjdk-6 6b14-1.5~pre1-3 (bug #566766)
CVE-2006-2425 (Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in ...)
	NOT-FOR-US: phpRemoteView
CVE-2006-2424 (PHP remote file inclusion vulnerability in ezUserManager 1.6 and ...)
	NOT-FOR-US: ezUserManager
CVE-2006-2423 (Cross-site scripting (XSS) vulnerability in ftplogin/index.php in ...)
	NOT-FOR-US: Confixx
CVE-2006-2422 (phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, ...)
	NOT-FOR-US: phpCOIN
CVE-2006-2421 (Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows ...)
	NOT-FOR-US: Pragma
CVE-2006-2420 (Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows ...)
	NOTE: "this issue normally would not be included in CVE, it is being identified since the Bugzilla developers have addressed it."
	- bugzilla <unfixed> (unimportant)
CVE-2006-2419 (Cross-site scripting (XSS) vulnerability in index.php in Directory ...)
	NOT-FOR-US: Directory Listing Script
CVE-2006-2418 (Cross-site scripting (XSS) vulnerabilities in certain versions of ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
CVE-2006-2417 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.x before ...)
	- phpmyadmin 4:2.8.1-1 (bug #368082; medium)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2416 (SQL injection vulnerability in class2.php in e107 0.7.2 and earlier ...)
	NOT-FOR-US: e107
CVE-2006-2415 (Multiple cross-site scripting (XSS) vulnerabilities in FlexChat 2.0 ...)
	NOT-FOR-US: FlexChat
CVE-2006-2414 (Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows ...)
	{DSA-1080-1}
	- dovecot 1.0.beta8-1 (low)
	[sarge] - dovecot <not-affected> (vulnerability introduced in 1.0)
CVE-2006-2413 (GNUnet before SVN revision 2781 allows remote attackers to cause a ...)
	- gnunet 0.7.0e-1 (bug #368159; medium)
	[sarge] - gnunet <not-affected> (according to maintainer)
CVE-2006-2412 (The raydium_network_read function in network.c in Raydium SVN revision ...)
	NOT-FOR-US: Raydium
CVE-2006-2411 (Buffer overflow in raydium_network_read function in network.c in ...)
	NOT-FOR-US: Raydium
CVE-2006-2410 (raydium_network_netcall_exec function in network.c in Raydium SVN ...)
	NOT-FOR-US: Raydium
CVE-2006-2409 (Format string vulnerability in the raydium_log function in console.c ...)
	NOT-FOR-US: Raydium
CVE-2006-2408 (Multiple buffer overflows in Raydium before SVN revision 310 allow ...)
	NOT-FOR-US: Raydium
CVE-2006-2407 (Stack-based buffer overflow in (1) WeOnlyDo wodSSHServer ActiveX ...)
	NOT-FOR-US: ActiveX component
CVE-2006-2406 (Directory traversal vulnerability in bb_lib/abbc.css.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2405 (Directory traversal vulnerability in unb_lib/abbc.conf.php in ...)
	NOT-FOR-US: Unclassified NewsBoard
CVE-2006-2404 (Directory traversal vulnerability in popup.php in RadScripts RadLance ...)
	NOT-FOR-US: RadScripts
CVE-2006-2403 (Buffer overflow in FileZilla before 2.2.23 allows remote attackers to ...)
	- filezilla <not-affected> (fixed before the first Debian upload)
CVE-2006-2402 (Buffer overflow in the changeRegistration function in servernet.cpp ...)
	NOT-FOR-US: Outgun
CVE-2006-2401 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
	NOT-FOR-US: Outgun
CVE-2006-2400 (The leetnet functions (leetnet/rudp.cpp) in Outgun 1.0.3 bot 2 and ...)
	NOT-FOR-US: Outgun
CVE-2006-2399 (Stack-based buffer overflow in the ...)
	NOT-FOR-US: Outgun
CVE-2006-2398 (Directory traversal vulnerability in index.php in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2397 (Multiple cross-site scripting (XSS) vulnerabilities in GPhotos 1.5 and ...)
	NOT-FOR-US: GPhotos web gallery
CVE-2006-2396 (Cross-site scripting (XSS) vulnerability in phpODP 1.5h allows remote ...)
	NOT-FOR-US: phpODP
CVE-2006-2395 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PopPhoto
CVE-2006-2394 (Cross-site scripting (XSS) vulnerability in chat.php in PHP Live ...)
	NOT-FOR-US: PHP Live Support
CVE-2006-2393 (The client_cmd function in Empire 4.3.2 and earlier allows remote ...)
	NOT-FOR-US: Debian's 'empire' is a different game
CVE-2006-2392 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHP Blue Dragon Platinum
CVE-2006-2391 (Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2390 (Cross-site scripting (XSS) vulnerability in OZJournals 1.2 allows ...)
	NOT-FOR-US: OZJournals
CVE-2006-2389 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-2388 (Microsoft Office Excel 2000 through 2004 allows user-assisted ...)
	NOT-FOR-US: Microsoft
CVE-2006-2387 (Unspecified vulnerability in Microsoft Excel 2000, 2002, 2003, 2004 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2386 (Unspecified vulnerability in Microsoft Outlook Express 6 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2006-2385 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2384 (Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-2383 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2382 (Heap-based buffer overflow in Microsoft Internet Explorer 5.01 SP4 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-2381
	REJECTED
CVE-2006-2380 (Microsoft Windows 2000 SP4 does not properly validate an RPC server ...)
	NOT-FOR-US: Microsoft
CVE-2006-2379 (Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-2378 (Buffer overflow in the ART Image Rendering component (jgdw400.dll) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-2377
	REJECTED
CVE-2006-2376 (Integer overflow in the PolyPolygon function in Graphics Rendering ...)
	NOT-FOR-US: Microsoft
CVE-2006-2375
	REJECTED
CVE-2006-2374 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-2373 (The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-2372 (Buffer overflow in the DHCP Client service for Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-2371 (Buffer overflow in the Remote Access Connection Manager service ...)
	NOT-FOR-US: Microsoft
CVE-2006-2370 (Buffer overflow in the Routing and Remote Access service (RRAS) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-2369 (RealVNC 4.1.1, and other products that use RealVNC such as AdderLink ...)
	- vnc4 4.1.1+X4.3.0-10 (high)
	[sarge] - vnc4 <not-affected> (vuln not in 4.0)
CVE-2006-2368 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
	NOT-FOR-US: Clansys
CVE-2006-2367 (Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka ...)
	NOT-FOR-US: Clansys
CVE-2006-2366 (ircp_io.c in libopenobex for ircp 1.2, when ircp is run with the -r ...)
	- libopenobex 1.2-3 (bug #366484)
CVE-2006-2365 (Cross-site scripting (XSS) vulnerability in a_login.php in Vizra ...)
	NOT-FOR-US: Vizra
CVE-2006-2364 (Cross-site scripting (XSS) vulnerability in the validation feature in ...)
	NOT-FOR-US: Macromedia
CVE-2006-2363 (SQL injection vulnerability in the weblinks option (weblinks.html.php) ...)
	NOT-FOR-US: Limbo
CVE-2006-2362 (Buffer overflow in getsym in tekhex.c in libbfd in Free Software ...)
	- binutils 2.17-1 (low; bug #368237)
	[sarge] - binutils <no-dsa> (Very minor issue)
CVE-2006-2361 (PHP remote file inclusion vulnerability in pafiledb_constants.php in ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2360 (SQL injection vulnerability in charts.php in the Chart mod for phpBB ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2359 (Cross-site scripting (XSS) vulnerability in charts.php in the Chart ...)
	NOT-FOR-US: phpbb mod
CVE-2006-2192
	RESERVED
CVE-2005-4803 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
	{DSA-857-1}
	- graphviz 2.2.1-1sarge1 (bug #336985; low)
CVE-2005-4802 (Flexbackup 1.2.1 and earlier allows local users to overwrite files and ...)
	{DSA-1216}
	- flexbackup 1.2.1-3 (bug #334350; low)
CVE-2005-4801 (Multiple cross-site request forgery (CSRF) vulnerabilities in Yet ...)
	NOT-FOR-US: YaPIG
CVE-2005-4800 (Direct static code injection vulnerability in Yet Another PHP Image ...)
	NOT-FOR-US: YaPIG
CVE-2005-4799 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP ...)
	NOT-FOR-US: YaPIG
CVE-2006-2358 (Multiple cross-site scripting (XSS) vulnerabilities in various scripts ...)
	NOT-FOR-US: Web Labs CMS
CVE-2006-2357 (Ipswitch WhatsUp Professional 2006 and WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2356 (NmConsole/utility/RenderMap.asp in Ipswitch WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2355 (Ipswitch WhatsUp Professional 2006 and Ipswitch WhatsUp Professional ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2354 (NmConsole/Login.asp in Ipswitch WhatsUp Professional 2006 and Ipswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2353 (NmConsole/DeviceSelection.asp in Ipswitch WhatsUp Professional 2006 ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2352 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2351 (Multiple cross-site scripting (XSS) vulnerabilities in IPswitch ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2006-2350
	REJECTED
CVE-2006-2349 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2348 (Cross-site scripting (XSS) vulnerability in form_grupo.html in ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2347 (E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Business Designer
CVE-2006-2346 (vpopmail 5.4.14 and 5.4.15, with cleartext passwords enabled, allows ...)
	- vpopmail <not-affected> (vulnerability introduced in 5.4.14)
	NOTE: Unable to reach CVS to determine if prior versions are affected
	NOTE: Micah will return to this one
CVE-2006-2345 (Cross-site scripting (XSS) vulnerability in inc/elementz.php in ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2344 (SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with ...)
	NOT-FOR-US: AliPAGER
CVE-2006-2343 (Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine ...)
	NOT-FOR-US: ManageEngine OpManager
CVE-2006-2342 (IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote ...)
	NOT-FOR-US: IBM WebSphere Application Server
CVE-2006-2341 (The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2006-2340 (Cross-site scripting (XSS) vulnerability in PassMasterFlex and ...)
	NOT-FOR-US: PassMasterFlex
CVE-2006-2339 (SQL injection vulnerability in index.php in evoTopsites 2.x and ...)
	NOT-FOR-US: evoTopsites
CVE-2006-2338 (PlaNet Concept plaNetStat 20050127 allows remote attackers to gain ...)
	NOT-FOR-US: PlaNet
CVE-2006-2337 (Directory traversal vulnerability in webcm in the D-Link DSL-G604T ...)
	NOT-FOR-US: D-Link
CVE-2006-2336 (SQL injection vulnerability in showthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2335 (Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and ...)
	NOT-FOR-US: vBulletin
CVE-2006-2334 (The RtlDosPathNameToNtPathName_U API function in NTDLL.DLL in ...)
	NOT-FOR-US: Windows
CVE-2006-2333 (Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2332 (Mozilla Firefox 1.5.0.3 allows remote attackers to cause a denial of ...)
	NOTE: 1.5.dfsg+1.5.0.3-2 didn't crash or do anything but stutter on the sample pages, marking it fixed in there
	- firefox 1.5.dfsg+1.5.0.3-2
CVE-2006-2331 (Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2330 (PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-2329 (AngelineCMS 0.6.5 and earlier allow remote attackers to obtain ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2328 (SQL injection vulnerability in lib/adodb/server.php in AngelineCMS ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-2327 (Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) ...)
	NOT-FOR-US: Novell
CVE-2006-2326 (Directory traversal vulnerability in index.php in OnlyScript.info ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2325 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: OnlyScript.info
CVE-2006-2324 (180solutions Zango downloads &quot;required Adware components&quot; without ...)
	NOT-FOR-US: 180solutions
CVE-2006-2323 (Multiple PHP remote file inclusion vulnerabilities in SmartISoft ...)
	NOT-FOR-US: SmartISoft
CVE-2006-2322 (The transparent proxy feature of the Cisco Application Velocity System ...)
	NOT-FOR-US: Cisco
CVE-2006-2321 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal Science ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2320 (Multiple SQL injection vulnerabilities in Ideal Science Ideal BB ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2319 (Ideal Science Ideal BB 1.5.4a and earlier does not properly check file ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2318 (Incomplete blacklist vulnerability in Ideal Science Ideal BB 1.5.4a ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2317 (Unspecified vulnerability in Ideal Science Ideal BB 1.5.4a and earlier ...)
	NOT-FOR-US: Ideal Science
CVE-2006-2316 (S24EvMon.exe in the Intel PROset/Wireless software, possibly ...)
	NOT-FOR-US: Intel Windows software
CVE-2006-2315 (** DISPUTED ** ...)
	NOT-FOR-US: ISPConfig
CVE-2006-2314 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (medium; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (medium)
	- postgresql-8.1 8.1.4-1 (medium)
	- pygresql 3.8-1.1 (medium)
	[sarge] - pygresql <not-affected> (Already includes proper quoting)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code. That's why
	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
	NOTE: The following packages needed to adapted to cope with the new system:
	NOTE: psycopg 1.1.21-5 (bug #369230)
	NOTE: python-pgsql 2.4.0-8 (bug #369250)
	NOTE: pygresql 1:3.8-1.1 (bug #369239)
	NOTE: dovecot 1.0.beta8-3 (bug #369359)
	NOTE: postfix 2.2.10-2 (bug #369349)
CVE-2006-2313 (PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before ...)
	{DSA-1087-1}
	- postgresql 7.5.4 (high; bug #368645)
	- postgresql-7.4 1:7.4.13-1 (high)
	- postgresql-8.1 8.1.4-1 (high)
	NOTE: Beginning with version 7.5.4, postgresql is a transition
	NOTE: package which does not contain actual code. That's why
	NOTE: it's marked as fixed here. (Previous versions are vulnerable.)
CVE-2006-2312 (Argument injection vulnerability in the URI handler in Skype 2.0.*.104 ...)
	NOT-FOR-US: Skype
CVE-2006-2311 (Cross-site scripting (XSS) vulnerability in BlueDragon Server and ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2310 (BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote ...)
	NOT-FOR-US: BlueDragon Server and Server JX
CVE-2006-2309 (The HTTP service in EServ/3 3.25 allows remote attackers to obtain ...)
	NOT-FOR-US: EServ
CVE-2006-2308 (Directory traversal vulnerability in the IMAP service in EServ/3 3.25 ...)
	NOT-FOR-US: EServ
CVE-2006-2307 (Cross-site scripting (XSS) vulnerability in Website Baker CMS before ...)
	NOT-FOR-US: Website Baker
CVE-2006-2306 (Cross-site scripting (XSS) vulnerability in moreinfo.asp in ...)
	NOT-FOR-US: EPublisherPro
CVE-2006-2305 (Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow ...)
	NOT-FOR-US: Jadu
CVE-2006-2304 (Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in ...)
	NOT-FOR-US: Novell software for Windows
CVE-2006-2303 (Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 ...)
	NOT-FOR-US: Windows ICQ client
CVE-2006-2302 (SQL injection vulnerability in admin_default.asp in DUGallery 2.x ...)
	NOT-FOR-US: DUGallery
CVE-2006-2301 (SQL injection vulnerability in admin_default.asp in OzzyWork Galeri ...)
	NOT-FOR-US: OzzyWork
CVE-2006-2300 (Multiple SQL injection vulnerabilities in EImagePro allow remote ...)
	NOT-FOR-US: EImagePro
CVE-2006-2299
	RESERVED
CVE-2006-2298 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
	NOT-FOR-US: Solaris
CVE-2006-2297 (Heap-based buffer overflow in Microsoft Infotech Storage System ...)
	NOT-FOR-US: Microsoft Infotech Storage System
CVE-2006-2296 (SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 ...)
	NOT-FOR-US: EDirectoryPro
CVE-2006-2295 (Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2294 (Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows ...)
	NOT-FOR-US: Dynamic Galerie
CVE-2006-2293 (SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 ...)
	NOT-FOR-US: MultiCalendars
CVE-2006-2292 (Multiple SQL injection vulnerabilities in IA-Calendar allow remote ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2291 (Cross-site scripting (XSS) vulnerability in calendar_new.asp in ...)
	NOT-FOR-US: IA-Calendar
CVE-2006-2290 (Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php ...)
	NOT-FOR-US: 2005-Comments-Script
CVE-2006-2289 (Buffer overflow in avahi-core in Avahi before 0.6.10 allows local ...)
	- avahi 0.6.10-1 (medium)
CVE-2006-2288 (Avahi before 0.6.10 allows local users to cause a denial of service ...)
	- avahi 0.6.10-1 (low)
CVE-2006-2287 (Multiple cross-site scripting (XSS) vulnerabilities in Vision Source ...)
	NOT-FOR-US: Vision Source
CVE-2006-2286 (Multiple PHP remote file inclusion vulnerabilities in ...)
	NOT-FOR-US: Dokeos
CVE-2006-2285 (PHP remote file inclusion vulnerability in authldap.php in Dokeos ...)
	NOT-FOR-US: Dokeos
CVE-2006-2284 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.7.5 ...)
	NOT-FOR-US: Claroline
CVE-2006-2283 (Multiple PHP remote file inclusion vulnerabilities in SpiffyJr phpRaid ...)
	NOT-FOR-US: phpRaid
CVE-2006-2282 (Cross-site scripting (XSS) vulnerability in X7 Chat 2.0.2 and earlier ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2281 (X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute ...)
	NOT-FOR-US: X-Scripts X-Poll
CVE-2006-2280 (Directory traversal vulnerability in website.php in openEngine 1.8 ...)
	NOT-FOR-US: openEngine
CVE-2006-2279 (Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2278 (SaphpLesson 3.0 does not initialize array variables, which allows ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-2277 (Multiple Apple Mac OS X 10.4 applications might allow ...)
	NOT-FOR-US: Apple Mac OS X
CVE-2006-2276 (bgpd in Quagga 0.98 and 0.99 before 20060504 allows local users to ...)
	{DSA-1059-1}
	- quagga 0.99.4-1 (bug #366980; low)
CVE-2006-2275 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	- linux-2.6 2.6.16-13
CVE-2006-2274 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2273 (The InstallProduct routine in the Verisign VUpdater.Install (aka ...)
	NOT-FOR-US: Verisign
CVE-2006-2272 (Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-2271 (The ECNE chunk handling in Linux SCTP (lksctp) before 2.6.17 allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2005-4798 (Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 <not-affected>
CVE-2006-2270 (PHP remote file inclusion vulnerability in includes/config.php in ...)
	NOT-FOR-US: Jetbox CMS
CVE-2006-2269 (Cross-site scripting (XSS) vulnerability in myWebland MyBloggie 2.1.3 ...)
	NOT-FOR-US: myWebland MyBloggie
CVE-2006-2268 (SQL injection vulnerability in FlexCustomer 0.0.4 and earlier allows ...)
	NOT-FOR-US: FlexCustomer
CVE-2006-2267 (Kerio WinRoute Firewall before 6.2.1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2006-2266 (SQL injection vulnerability in Chirpy! 0.1 allows remote attackers to ...)
	NOT-FOR-US: Chirpy!
CVE-2006-2265 (Cross-site scripting vulnerability in admin/main.asp in Ocean12 ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2264 (Multiple SQL injection vulnerabilities in Ocean12 Calendar Manager Pro ...)
	NOT-FOR-US: Ocean12 Calendar Manager Pro
CVE-2006-2263 (SQL injection vulnerability in shopcurrency.asp in VP-ASP 6.00 allows ...)
	NOT-FOR-US: VP-ASP
CVE-2006-2262 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2006-2261 (PHP remote file inclusion vulnerability in day.php in ACal 2.2.6 ...)
	NOT-FOR-US: ACal
CVE-2006-2260 (Cross-site scripting (XSS) vulnerability in the project module ...)
	- drupal <not-affected> (bug #366947)
CVE-2006-2259 (SQL injection vulnerability in Logon.asp in MaxxSchedule 1.0 allows ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2258 (Cross-site scripting (XSS) vulnerability in Logon.asp in MaxxSchedule ...)
	NOT-FOR-US: MaxxSchedule
CVE-2006-2257 (Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 ...)
	NOT-FOR-US: easyEvent
CVE-2006-2256 (PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp ...)
	NOT-FOR-US: EQdkp
CVE-2006-2255 (Multiple SQL injection vulnerabilities in Creative Community Portal ...)
	NOT-FOR-US: Creative Community Portal
CVE-2006-2254 (Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote ...)
	NOT-FOR-US: FileCOPA
CVE-2006-2253 (PHP remote file inclusion vulnerability in visible_count_inc.php in ...)
	NOT-FOR-US: Statit
CVE-2006-2252 (Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 ...)
	NOT-FOR-US: OpenFAQ
CVE-2006-2251 (SQL injection vulnerability in the do_mmod function in mod.php in ...)
	NOT-FOR-US: Invision Community Blog
CVE-2006-2250 (CuteNews 1.4.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CuteNews
CVE-2006-2249 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: CuteNews
CVE-2006-2248 (Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2006-2247 (WebCalendar 1.0.1 to 1.0.3 generates different error messages ...)
	{DSA-1056-1}
	- webcalendar 1.0.2-2.2 (medium; bug #366927)
CVE-2006-2246 (Cross-site scripting (XSS) vulnerability in UBlog 1.6 Access Edition ...)
	NOT-FOR-US: UBlog
CVE-2006-2245 (PHP remote file inclusion vulnerability in auction\auction_common.php ...)
	NOT-FOR-US: Auction mod 1.3m for phpBB
CVE-2006-2244 (Multiple SQL injection vulnerabilities in Web4Future News Portal allow ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2243 (Multiple cross-site scripting (XSS) vulnerabilities in Web4Future News ...)
	NOT-FOR-US: Web4Future News Portal
CVE-2006-2242 (acFTP 1.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: acFTP
CVE-2006-2241 (PHP remote file inclusion vulnerability in show.php in Fast Click SQL ...)
	NOT-FOR-US: Fast Click SQL Lite
CVE-2006-2240 (Unspecified vulnerability in the (1) web cache or (2) web proxy in ...)
	NOT-FOR-US: Fujitsu NetShelter/FW
CVE-2006-2239 (SQL injection vulnerability in readarticle.php in Newsadmin 1.1 allows ...)
	NOT-FOR-US: Newsadmin
CVE-2006-2238 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-2237 (The web interface for AWStats 6.4 and 6.5, when statistics updates are ...)
	{DSA-1058-1}
	- awstats 6.5-2 (bug #365909; bug #365910; medium)
CVE-2006-2236 (Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) ...)
	- tremulous 1.1.0-6 (bug #660827)
	[squeeze] - tremulous 1.1.0-7~squeeze1
	- ioquake3 1.36+svn1788j-1
CVE-2006-2235 (CodeMunkyX (aka free-php.net) Simple Poll 1.0, when authentication is ...)
	NOT-FOR-US: Simple Poll
CVE-2006-2234 (Multiple cross-site scripting (XSS) vulnerabilities in TyroCMS beta ...)
	NOT-FOR-US: TyroCMS
CVE-2006-2233 (Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) ...)
	NOT-FOR-US: BankTown Client Control
CVE-2006-2232 (Cross-site scripting (XSS) vulnerability in Scriptsez Cute Guestbook ...)
	NOT-FOR-US: Scriptsez Cute Guestbook
CVE-2006-2231 (Multiple cross-site scripting (XSS) vulnerabilities in addguest.cgi in ...)
	NOT-FOR-US: Big Webmaster Guestbook Script
CVE-2006-2230 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
	{DSA-1093-1}
	- xine-ui 0.99.4-2 (medium; bug #363370; bug #372172)
CVE-2006-2229 (OpenVPN 2.0.7 and earlier, when configured to use the --management ...)
	- openvpn <unfixed> (unimportant)
	NOTE: One needs to explicitly set the IP to something else than 127.0.0.1
	NOTE: in order to be vulnerable. The man page recommends not to do it.
CVE-2006-2228 (Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) ...)
	NOT-FOR-US: Web-Agora
CVE-2006-2227 (Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 ...)
	NOT-FOR-US: PunBB
CVE-2006-2226 (Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2225 (Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows ...)
	NOT-FOR-US: Easy Personal FTP Server
CVE-2006-2224 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2223 (RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly ...)
	{DSA-1059-1}
	- quagga 0.99.3-2 (bug #365940; medium)
CVE-2006-2222 (Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, ...)
	NOT-FOR-US: zawhttpd
CVE-2006-2221 (A third-party installer generation tool, possibly BitRock ...)
	- ejabberd <not-affected> (only binary distribution is affected)
CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: SQL query disclosure
CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: path disclosure
CVE-2006-2218 (Unspecified vulnerability in Internet Explorer 6.0 on Microsoft ...)
	NOT-FOR-US: MS IE
CVE-2006-2217 (SQL injection vulnerability in index.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2216 (Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain ...)
	NOT-FOR-US: OpenBB
CVE-2006-2215
	REJECTED
CVE-2005-4797 (Directory traversal vulnerability in printd line printer daemon (lpd) ...)
	NOT-FOR-US: Solaris
CVE-2005-4796 (Unspecified vulnerability in the XView library (libxview.so) in ...)
	- xview <not-affected> (xview on Solaris)
	NOTE: Is only relevant for suid binaries, but xview is not really suitable for
	NOTE: those anyway. Exact information is not available, but a similar problem
	NOTE: is already fixed in the Debian package.
CVE-2005-4795 (Unspecified vulnerability in the multi-language environment library ...)
	NOT-FOR-US: Solaris
CVE-2006-XXXX [cyrus-imapd allows user probes]
	- cyrus-imapd-2.2 2.2.13-3
	- kolab-cyrus-imapd 2.2.13-1
CVE-2006-2214 (Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier ...)
	NOT-FOR-US: 4images
CVE-2006-2213 (Hostapd 0.3.7-2 allows remote attackers to cause a denial of service ...)
	{DSA-1065-1}
	- hostapd 1:0.5.0-1 (bug #365897; high)
CVE-2006-2212 (Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows ...)
	NOT-FOR-US: KarjaSoft Sami FTP Server
CVE-2006-2211 (Absolute path traversal vulnerability in index.php in 321soft ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2210 (Cross-site scripting (XSS) vulnerability in index.php in 321soft ...)
	NOT-FOR-US: 321soft PhP-Gallery
CVE-2006-2209 (Multiple SQL injection vulnerabilities in index.php in PHP Arena ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2208 (Multiple cross-site scripting (XSS) vulnerabilities in mynews.inc.php ...)
	NOT-FOR-US: paCheckBook
CVE-2006-2207
	RESERVED
CVE-2006-2206 (The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 ...)
	NOT-FOR-US: UltraVNC
CVE-2006-2205 (The audio_write function in NetBSD 3.0 allows local users to cause a ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-2204 (SQL injection vulnerability in the topic deletion functionality ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-2203 (Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-2202 (SQL injection vulnerability in post.php in Invision Gallery 2.0.6 ...)
	NOT-FOR-US: Invision Gallery
CVE-2006-2201 (Unspecified vulnerability in CA Resource Initialization Manager ...)
	NOT-FOR-US: CA Resource Initialization Manager
CVE-2006-2200 (Stack-based buffer overflow in libmms, as used by (a) MiMMS 0.0.9 and ...)
	- libmms 0.2-7 (bug #374577; medium)
	- mimms 2.0.0-1 (bug #374577; medium)
	- xine-lib 1.1.2-2 (bug #374577; unimportant)
	NOTE: Not exploitable within xine, as alloced buffer are large enough
CVE-2006-2199 (Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2198 (OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before ...)
	{DSA-1104}
	- openoffice.org 2.0.3-1
CVE-2006-2197 (Integer overflow in wv2 before 0.2.3 might allow context-dependent ...)
	{DSA-1100}
	- wv2 0.2.2-6 (medium)
CVE-2006-2196 (Unspecified vulnerability in pinball 0.3.1 allows local users to gain ...)
	{DSA-1102}
	- pinball 0.3.1-6
CVE-2006-2195 (Cross-site scripting (XSS) vulnerability in horde 3 (horde3) before ...)
	{DSA-1099-1 DSA-1098-1}
	- horde3 3.1.1-3
CVE-2006-2194 (The winbind plugin in pppd for ppp 2.4.4 and earlier does not check ...)
	{DSA-1106}
	- ppp 2.4.4rel-1 (medium)
CVE-2006-2193 (Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff ...)
	{DSA-1091-1}
	- tiff 3.8.2-4 (bug #371064; bug #370355; medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2191 (** DISPUTED ** ...)
	- mailman <unfixed> (unimportant)
	NOTE: not exploitable
CVE-2006-2190 (Cross-site scripting (XSS) vulnerability in ow-shared.pl in ...)
	NOT-FOR-US: OpenWebMail
CVE-2006-2189 (SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 ...)
	NOT-FOR-US: Servous sBLOG
CVE-2006-2188 (Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 ...)
	NOT-FOR-US: CMScout
CVE-2006-2187 (Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 ...)
	NOT-FOR-US: zenphoto
CVE-2006-2186 (zenphoto 1.0.1 beta and earlier allow remote attackers to obtain ...)
	NOT-FOR-US: zenphoto
CVE-2006-2185 (PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password ...)
	NOT-FOR-US: Novell
CVE-2006-2184 (Cross-site scripting (XSS) vulnerability in search.php in PHPKB ...)
	NOT-FOR-US: PHPKB Knowledge Base
CVE-2006-2183 (Untrusted search path vulnerability in Truecrypt 4.1, when running ...)
	NOT-FOR-US: Truecrypt
CVE-2006-2182 (Multiple PHP remote file inclusion vulnerabilities in (1) eday.php, ...)
	NOT-FOR-US: albinator
CVE-2006-2181 (Multiple cross-site scripting (XSS) vulnerabilities in Albinator 2.0.8 ...)
	NOT-FOR-US: albinator
CVE-2006-2180 (Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2006-2179 (Multiple SQL injection vulnerabilities in CyberBuild allow remote ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2178 (Multiple cross-site scripting (XSS) vulnerabilities in CyberBuild ...)
	NOT-FOR-US: CyberBuild
CVE-2006-2177 (Cross-site scripting (XSS) vulnerability in viewcat.php in geoBlog 1.0 ...)
	NOT-FOR-US: geoBlog
CVE-2006-2176 (Multiple cross-site scripting (XSS) vulnerabilities in links.php in ...)
	NOT-FOR-US: PHP Linkliste
CVE-2006-2175 (PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 ...)
	NOT-FOR-US: Fast Click
CVE-2006-2174 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Virtual Hosting Control System (VHCS)
CVE-2006-2173 (Buffer overflow in FileZilla FTP Server 2.2.22 allows remote ...)
	NOT-FOR-US: FileZilla FTP Server
CVE-2006-2172 (Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated ...)
	NOT-FOR-US: Gene6 FTP Server
CVE-2006-2171 (Buffer overflow in WDM.exe in WarFTPD allows remote attackers to ...)
	NOT-FOR-US: WarFTPD
CVE-2006-2170 (Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2006-2169 (RT: Request Tracker 3.5.HEAD allows remote attackers to obtain ...)
	- request-tracker3.4 <not-affected> (file not included in 3.4)
CVE-2006-2168 (FileProtection Express 1.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: FileProtection Express
CVE-2006-2167 (Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, ...)
	NOT-FOR-US: SloughFlash
CVE-2006-2166 (Unspecified vulnerability in the HTTP management interface in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2006-2165 (Multiple cross-site scripting (XSS) vulnerabilities in Avactis ...)
	NOT-FOR-US: Avactis
CVE-2006-2164 (Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 ...)
	NOT-FOR-US: Avactis
CVE-2006-2163 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: Pinnacle
CVE-2006-2162 (Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before ...)
	{DSA-1072-1}
	- nagios 2:1.4-1 (bug #366682; bug #366803; medium)
	- nagios2 2.3-1 (bug #366683; medium)
CVE-2006-2161 (Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and ...)
	NOT-FOR-US: TZipBuilder/Abakt
CVE-2006-2160 (Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp ...)
	NOT-FOR-US: Russcom
CVE-2006-2159 (CRLF injection vulnerability in help.php in Russcom Network Loginphp ...)
	NOT-FOR-US: Russcom
CVE-2006-2158 (Dynamic variable evaluation vulnerability in index.php in Stadtaus ...)
	NOT-FOR-US: Stadtaus
CVE-2006-2157 (SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and ...)
	NOT-FOR-US: Plogger
CVE-2006-2156 (Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and ...)
	NOT-FOR-US: X7 Chat
CVE-2006-2155 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2154 (EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and ...)
	NOT-FOR-US: EMC Retrospect
CVE-2006-2153 (Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin ...)
	NOT-FOR-US: DirectAdmin
CVE-2006-2152 (PHP remote file inclusion vulnerability in admin/addentry.php in phpBB ...)
	NOT-FOR-US: phpBB Advanced Guestbook
CVE-2006-2151 (PHP remote file inclusion vulnerability in toplist.php in phpBB ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2150 (PHP remote file inclusion vulnerability in top/list.php in phpBB ...)
	NOT-FOR-US: phpBB TopList
CVE-2006-2149 (PHP remote file inclusion vulnerability in sources/lostpw.php in ...)
	NOT-FOR-US: Aardvark Topsites
CVE-2006-2147 (resmgrd in resmgr for SUSE Linux and other distributions does not ...)
	{DSA-1047-1}
	- resmgr 1.0-4 (low)
CVE-2006-2146 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: HB-NS
CVE-2006-2145 (Multiple SQL injection vulnerabilities in index.php in HB-NS 1.1.6 ...)
	NOT-FOR-US: HB-NS
CVE-2006-2144 (PHP remote file inclusion vulnerability in kopf.php in DMCounter ...)
	NOT-FOR-US: DMCounter
CVE-2006-2143 (Multiple cross-site scripting (XSS) vulnerabilities in TextFileBB ...)
	NOT-FOR-US: TextFileBB
CVE-2006-2142 (PHP remote file inclusion vulnerability in classes/adodbt/sql.php in ...)
	NOT-FOR-US: Limbo
CVE-2006-2141 (Cross-site scripting (XSS) vulnerability in popup_image in ...)
	NOT-FOR-US: Collaborative Portal Server
CVE-2006-2140 (Multiple cross-site scripting (XSS) vulnerabilities in OrbitHYIP 2.0 ...)
	NOT-FOR-US: OrbitHYIP
CVE-2006-2139 (Multiple SQL injection vulnerabilities in PHP Newsfeed 20040723 allow ...)
	NOT-FOR-US: PHP Newsfeed
CVE-2006-2138 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.29 ...)
	NOT-FOR-US: NeoMail
CVE-2006-2137 (PHP remote file inclusion vulnerability in master.php in OpenPHPNuke ...)
	NOT-FOR-US: OpenPHPNuke
CVE-2006-2136 (SQL injection vulnerability in news.php in AZNEWS allows remote ...)
	NOT-FOR-US: AZNEWS
CVE-2006-2135 (SQL injection vulnerability in login.php in Ruperts News allows remote ...)
	NOT-FOR-US: Ruperts News
CVE-2006-2134 (PHP remote file inclusion vulnerability in /includes/kb_constants.php ...)
	NOT-FOR-US: phpbb2 mod
CVE-2005-4794 (Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and ...)
	NOT-FOR-US: Cisco
CVE-2006-2148 (Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 ...)
	{DSA-1052-1}
	- cgiirc 0.5.9-1 (bug #365680; medium)
	[sarge] - cgiirc 0.5.4-6sarge1 (bug #365680; medium)
CVE-2006-2133 (SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and ...)
	NOT-FOR-US: BoonEx Barracuda
CVE-2006-2132 (SQL injection vulnerability in detail.asp in DUclassified allows ...)
	NOT-FOR-US: DUclassified
CVE-2006-2131 (include/class_poll.php in Advanced Poll 2.0.4 uses the ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2130 (SQL injection vulnerability in include/class_poll.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-2129 (Direct static code injection vulnerability in Pro Publish 2.0 allows ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2128 (Multiple SQL injection vulnerabilities in Pro Publish 2.0 allow remote ...)
	NOT-FOR-US: Pro Publish
CVE-2006-2127 (SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x ...)
	NOT-FOR-US: Blog Mod
CVE-2006-2126 (SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and ...)
	NOT-FOR-US: MaxTrade
CVE-2006-2125
	REJECTED
CVE-2006-2124 (Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and ...)
	NOT-FOR-US: SunShop
CVE-2006-2123 (Multiple SQL injection vulnerabilities in the report interface in ...)
	NOT-FOR-US: Network Administration Visualiazed
CVE-2006-2122 (PHP remote file inclusion vulnerability in index.php in CoolMenus allows ...)
	NOT-FOR-US: CoolMenus
CVE-2006-2121 (PHP remote file include vulnerability in admin/config_settings.tpl.php ...)
	NOT-FOR-US: I-RATER Platinum
CVE-2006-2120 (The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers ...)
	{DSA-1078-1}
	- tiff 3.8.1 (bug #366588; medium)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2119 (PHP remote file inclusion vulnerability in event/index.php in Artmedic ...)
	NOT-FOR-US: Artmedic
CVE-2006-2118 (JMK's Picture Gallery allows remote attackers to bypass authentication ...)
	NOT-FOR-US: JMK
CVE-2006-2117 (Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote ...)
	NOT-FOR-US: Thyme
CVE-2006-2116 (planetGallery allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: planetGallery
CVE-2006-2115 (Format string vulnerability in SWS web Server 0.1.7 allows remote ...)
	NOT-FOR-US: SWS
CVE-2006-2114 (Buffer overflow in SWS web Server 0.1.7 allows remote attackers to ...)
	NOT-FOR-US: SWS
CVE-2006-2113 (The embedded HTTP server in Fuji Xerox Printing Systems (FXPS) print ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2112 (Fuji Xerox Printing Systems (FXPS) print engine, as used in products ...)
	NOT-FOR-US: Fuji Xerox Printing Systems
CVE-2006-2111 (A component in Microsoft Outlook Express 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2110 (Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x ...)
	{DSA-1060-1}
	- kernel-patch-vserver 2:2.0.1-4 (low)
	- linux-2.6 2.6.16-11 (low)
CVE-2006-2109 (Cross-site scripting (XSS) vulnerability in the parse_query_str ...)
	NOTE: #357204: request for removal
	- jsboard 2.0.10-2 (bug #368305; low)
CVE-2006-2108 (parser.exe in Oc&#233; (OCE) 3121/3122 Printer allows remote attackers to ...)
	NOT-FOR-US: OCE
CVE-2006-2107 (Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote ...)
	NOT-FOR-US: BL4
CVE-2006-2106 (Cross-site scripting (XSS) vulnerability in Edgewall Software Trac ...)
	- trac 0.9.5-1 (medium)
	[sarge] - trac <unfixed> (medium)
	NOTE: http://trac.edgewall.org/changeset/3201
	NOTE: http://trac.edgewall.org/changeset/3287
	NOTE: the second reference fixes a regression in the first. i *believe*
	NOTE: that these correctly solve the problem, though we really ought
	NOTE: to run this by upstream or the reporter.
CVE-2006-2105 (Directory traversal vulnerability in index.php in Jupiter CMS 1.1.4 ...)
	NOT-FOR-US: Jupiter
CVE-2006-2104 (Multiple cross-site scripting (XSS) vulnerabilities in Kamgaing Email ...)
	NOT-FOR-US: Kamgaing
CVE-2006-2103 (SQL injection vulnerability in MyBB (MyBulletinBoard) 1.1.1 allows ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-2102 (Directory traversal vulnerability in PowerISO 2.9 allows remote ...)
	NOT-FOR-US: PowerISO
CVE-2006-2101 (Directory traversal vulnerability in WinISO 5.3 allows remote ...)
	NOT-FOR-US: WinISO
CVE-2006-2100 (Directory traversal vulnerability in Magic ISO 5.0 Build 0166 allows ...)
	NOT-FOR-US: Magic ISO
CVE-2006-2099 (Directory traversal vulnerability in UltraISO 8.0.0.1392 allows remote ...)
	NOT-FOR-US: UltraISO
CVE-2006-2098 (PHP remote file inclusion vulnerability in Thumbnail AutoIndex before ...)
	NOT-FOR-US: Thumbnail AutoIndex
CVE-2006-2097 (SQL injection vulnerability in func_msg.php in Invision Power Board ...)
	NOT-FOR-US: Invision
CVE-2006-2096 (plug.php in Land Down Under (LDU) 802 and earlier allows remote ...)
	NOT-FOR-US: LDU
CVE-2006-2095 (Phex before 2.8.6 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Phex
CVE-2006-2094 (Microsoft Internet Explorer before Windows XP Service Pack 2 and ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-2093 (Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted ...)
	- libnasl 2.2.8-1 (bug #365898; low)
	[sarge] - libnasl <no-dsa> (Hardly exploitable, see #365898)
CVE-2006-2092 (Unspecified vulnerability in HP StorageWorks Secure Path for Windows ...)
	NOT-FOR-US: HP
CVE-2006-2091 (admin.php in Virtual War (VWar) 1.5 and versions before 1.2 allows ...)
	NOT-FOR-US: Virtual War
CVE-2006-2090 (Multiple SQL injection vulnerabilities in misc.php in MySmartBB 1.1.x ...)
	NOT-FOR-US: MySmartBB
CVE-2006-2089 (Multiple cross-site scripting (XSS) vulnerabilities in misc.php in ...)
	NOT-FOR-US: OpenBB
CVE-2006-2088 (Multiple cross-site scripting (XSS) vulnerabilities in Devsyn Open ...)
	NOT-FOR-US: OpenBB
CVE-2006-2087 (The Gmax Mail client in Hitachi Groupmax before 20060426 allows remote ...)
	NOT-FOR-US: Hitachi Groupmax
CVE-2006-2086 (Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx ...)
	NOT-FOR-US: juniper SSL-VPN
CVE-2006-2085 (Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-2084 (Multiple cross-site scripting (XSS) vulnerabilities in FarsiNews 2.5.3 ...)
	NOT-FOR-US: FarsiNews
CVE-2006-2083 (Integer overflow in the receive_xattr function in the extended ...)
	- rsync 2.6.8-1 (bug #365614; high)
	[sarge] - rsync <not-affected> (xattr patch appeared in 2.6.7)
	[woody] - rsync <not-affected> (xattr patch appeared in 2.6.7)
CVE-2006-2082 (Directory traversal vulnerability in Quake 3 engine, as used in ...)
	- ioquake3 1.36+svn1788j-1
	- tremulous 1.1.0-6 (bug #660831)
	[squeeze] - tremulous 1.1.0-7~squeeze1
CVE-2006-2081 (Oracle Database Server 10g Release 2 allows local users to execute ...)
	NOT-FOR-US: Oracle
CVE-2006-2080 (SQL injection vulnerability in portfolio_photo_popup.php in Verosky ...)
	NOT-FOR-US: Verosky
CVE-2006-2079 (Cross-site scripting (XSS) vulnerability in portfolio.php in Verosky ...)
	NOT-FOR-US: Verosky
CVE-2006-2078 (Multiple unspecified vulnerabilities in multiple FITELnet products, ...)
	NOT-FOR-US: FITELnet
CVE-2006-2077 (Buffer overflow in Paul Rombouts pdnsd before 1.2.4 has unknown impact ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2076 (Memory leak in Paul Rombouts pdnsd before 1.2.4 allows remote ...)
	- pdnsd 1.2.4par-0.1 (bug #368268; medium)
CVE-2006-2075 (Unspecified vulnerability in MyDNS 1.1.0 allows remote attackers to ...)
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-2074 (Unspecified vulnerability in Juniper Networks JUNOSe E-series routers ...)
	NOT-FOR-US: Juniper Networks JUNOSe
CVE-2006-2073 (Unspecified vulnerability in ISC BIND allows remote attackers to cause ...)
	- bind9 1:9.3.3-1 (low)
	NOTE: Only exploitable by trusted users after TSIG transaction
	NOTE: https://lists.isc.org/pipermail/bind-users/2011-October/085298.html
CVE-2006-2072 (Multiple unspecified vulnerabilities in DeleGate 9.x before 9.0.6 and ...)
	NOT-FOR-US: DeleGate
CVE-2005-4793 (Multiple unspecified vulnerabilities in the web utility function in ...)
	NOT-FOR-US: Hitachi
CVE-2005-4792 (SQL injection vulnerability in index.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a ...)
	NOT-FOR-US: Opera
CVE-2006-2071 (Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass ...)
	- linux-2.6 2.6.16-8
CVE-2006-2070 (Cross-site scripting (XSS) vulnerability in member.php in DevBB 1.0.0 ...)
	NOT-FOR-US: DevBB
CVE-2006-2069 (The recursor in PowerDNS before 3.0.1 allows remote attackers to cause ...)
	- pdns-recursor 3.0.1-1 (medium)
CVE-2006-2068 (Unspecified vulnerability in Hitachi JP1 products allow remote ...)
	NOT-FOR-US: Hitachi JP1
CVE-2006-2067 (SQL injection vulnerability in vb_board_functions.php in MKPortal 1.1, ...)
	NOT-FOR-US: MKPortal
CVE-2006-2066 (Multiple cross-site scripting (XSS) vulnerabilities pm_popup.php in ...)
	NOT-FOR-US: MKPortal
CVE-2006-2065 (SQL injection vulnerability in save.php in PHPSurveyor 0.995 and ...)
	NOT-FOR-US: PHPSurveyor
CVE-2006-2064 (Unspecified vulnerability in the libpkcs11 library in Sun Solaris 10 ...)
	NOT-FOR-US: Sun
CVE-2006-2063 (Multiple cross-site scripting (XSS) vulnerabilities in Leadhound Full ...)
	NOT-FOR-US: Leadhound
CVE-2006-2062 (Multiple SQL injection vulnerabilities in Leadhound Full and LITE 2.1, ...)
	NOT-FOR-US: Leadhound
CVE-2006-2061 (SQL injection vulnerability in lib/func_taskmanager.php in Invision ...)
	NOT-FOR-US: Invision
CVE-2006-2060 (Directory traversal vulnerability in action_admin/paysubscriptions.php ...)
	NOT-FOR-US: Invision
CVE-2006-2059 (action_public/search.php in Invision Power Board (IPB) 2.1.x and 2.0.x ...)
	NOT-FOR-US: Invision
CVE-2006-2058 (Argument injection vulnerability in Avant Browser 10.1 Build 17 allows ...)
	NOT-FOR-US: Avant
CVE-2006-2057 (Argument injection vulnerability in Mozilla Firefox 1.0.6 allows ...)
	NOT-FOR-US: Only on Windows
CVE-2006-2056 (Argument injection vulnerability in Internet Explorer 6 for Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-2055 (Argument injection vulnerability in Microsoft Outlook 2003 SP1 allows ...)
	NOT-FOR-US: Micrsoft Outlook
CVE-2006-2054 (3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before ...)
	NOT-FOR-US: 3Com
CVE-2006-2053 (Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier ...)
	NOT-FOR-US: QuickEStore
CVE-2006-2052 (Cross-site scripting (XSS) vulnerability in Verosky Media Instant ...)
	NOT-FOR-US: Verosky
CVE-2006-2051 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: NextAge
CVE-2006-2050 (SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite ...)
	NOT-FOR-US: DCScripts
CVE-2006-2049 (Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts ...)
	NOT-FOR-US: DCScripts
CVE-2006-2048 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-2047 (Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2046 (Multiple SQL injection vulnerabilities in Application Dynamics ...)
	NOT-FOR-US: ColdFusion
CVE-2006-2045 (The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks ...)
	NOT-FOR-US: IP3
CVE-2006-2044 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default ...)
	NOT-FOR-US: IP3
CVE-2006-2043 (na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local ...)
	NOT-FOR-US: IP3
CVE-2006-2042 (Adobe Dreamweaver 8 before 8.0.2 and MX 2004 can generate code that ...)
	NOT-FOR-US: Adobe
CVE-2006-2041 (PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-2040 (Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 ...)
	NOT-FOR-US: photokorn
CVE-2006-2039 (Multiple SQL injection vulnerabilities in the osTicket module in Help ...)
	NOT-FOR-US: Help Center Live
CVE-2006-2038 (Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier ...)
	NOT-FOR-US: ampleShop
CVE-2006-2037 (Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 ...)
	NOT-FOR-US: Thwboard
CVE-2006-2036 (iOpus Secure Email Attachments (SEA), probably 1.0, does not properly ...)
	NOT-FOR-US: iOpus
CVE-2006-2035 (Websense, when configured to permit access to the dynamic content ...)
	NOT-FOR-US: Websense
CVE-2006-2034 (SQL injection vulnerability in function/showprofile.php in FlexBB ...)
	NOT-FOR-US: FlexBB
CVE-2006-2033 (PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and ...)
	NOT-FOR-US: Core
CVE-2006-2032 (Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and ...)
	NOT-FOR-US: Core
CVE-2006-2031 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-2030 (The Allied Telesyn AT-9724TS switch allows remote attackers to cause a ...)
	NOT-FOR-US: Allied Telesyn
CVE-2006-2029 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-2028 (Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-2027 (Buffer overflow in Unicode processing in the logging functionality in ...)
	NOT-FOR-US: Pablo Software
CVE-2006-2026 (Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2025 (Integer overflow in the TIFFFetchData function in tif_dirread.c for ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2024 (Multiple vulnerabilities in libtiff before 3.8.1 allow ...)
	{DSA-1054-1}
	[sarge] - tiff 3.7.2-3sarge1
	[woody] - tiff 3.5.5-7woody1
	- tiff 3.8.1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2006-2023 (Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c ...)
	NOT-FOR-US: Fenice
CVE-2006-2022 (Buffer overflow in the parse_url function in the RTSP module ...)
	NOT-FOR-US: Fenice
CVE-2006-2021 (Absolute path traversal vulnerability in recordings/misc/audio.php in ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2020 (Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores ...)
	NOT-FOR-US: Asterisk@Home
CVE-2006-2019 (Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows ...)
	NOT-FOR-US: Apple
CVE-2005-4791 (Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 ...)
	{DTSA-107-1}
	- beagle 0.2.13-1 (low)
	[etch] - beagle <no-dsa> (Minor issue)
	- banshee 0.11.2+dfsg-1 (low)
	- liferea 1.4.9-1 (low; bug #451548)
	[etch] - liferea <no-dsa> (Minor issue)
	- blam 1.8.4-1 (low)
	[etch] - blam <no-dsa> (Minor issue)
	NOTE: lintian bug filed: #451559
CVE-2005-4790 (Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and ...)
	- tomboy 0.8.1-2 (low)
	[etch] - tomboy <no-dsa> (Minor issue)
CVE-2005-4789 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
	- resmgr <not-affected>
CVE-2005-4788 (resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, ...)
	- resmgr <not-affected>
CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...)
	- resmgr <not-affected>
CVE-2006-XXXX [librsvg2 crash on certain svg files]
	- librsvg 2.14.3-2 (bug #361653; bug #361540; medium)
CVE-2006-2018 (SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows ...)
	NOT-FOR-US: vBulletin
CVE-2006-2017 (Dnsmasq 2.29 allows remote attackers to cause a denial of service ...)
	- dnsmasq 2.30-1 (medium)
	[sarge] - dnsmasq <not-affected> (Vulnerability was introduced in 2.28)
CVE-2006-2016 (Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin ...)
	{DSA-1057-1}
	- phpldapadmin 0.9.8.3-1 (bug #365313; low)
	- egroupware 1.2-104.dfsg-1 (bug #365314; low)
	NOTE: egroupware 1.2-1.dfsg-1 dropped phpldapadmin
CVE-2006-2015 (Cross-site scripting (XSS) vulnerability in SL_site 1.0 allows remote ...)
	NOT-FOR-US: SL_site
CVE-2006-2014 (Directory traversal vulnerability in gallerie.php in SL_site 1.0 ...)
	NOT-FOR-US: SL_site
CVE-2006-2013 (SQL injection vulnerability in page.php in SL_site 1.0 allows remote ...)
	NOT-FOR-US: SL_site
CVE-2006-2012 (Format string vulnerability in Skulltag 0.96f and earlier allows ...)
	NOT-FOR-US: Skulltag
CVE-2006-2011 (Cross-site scripting (XSS) vulnerability in member.php in 4images 1.7 ...)
	NOT-FOR-US: 4images
CVE-2006-2010 (Multiple SQL injection vulnerabilities in check_login.asp in Bloggage ...)
	NOT-FOR-US: Bloggage
CVE-2006-2009 (PHP remote file inclusion vulnerability in agenda.php3 in phpMyAgenda ...)
	NOT-FOR-US: phpMyAgenda
CVE-2006-2008 (PHP remote file inclusion vulnerability in movie_cls.php in Built2Go ...)
	NOT-FOR-US: Built2Go
CVE-2006-2007 (Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote ...)
	NOT-FOR-US: Winny
CVE-2006-2006 (Multiple directory traversal vulnerabilities in IZArc Archiver 3.5 ...)
	NOT-FOR-US: IZArc Archiver
CVE-2006-2005 (Eval injection vulnerability in index.php in ClanSys 1.1 allows remote ...)
	NOT-FOR-US: ClanSys
CVE-2006-2004 (Multiple SQL injection vulnerabilities in RI Blog 1.1 allow remote ...)
	NOT-FOR-US: RI Blog
CVE-2006-2003 (Cross-site scripting (XSS) vulnerability in cgi-bin/guest in Community ...)
	NOT-FOR-US: Community Architect Guestbook
CVE-2006-2002 (PHP remote file inclusion vulnerability in stats.php in MyGamingLadder ...)
	NOT-FOR-US: MyGamingLadder
CVE-2006-2001 (Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-2000 (Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods ...)
	NOT-FOR-US: logMethods
CVE-2006-1999 (The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1998 (OpenTTD 0.4.7 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: OpenTTD
CVE-2006-1997 (Unspecified vulnerability in Sybase Pylon Anywhere groupware ...)
	NOT-FOR-US: Sybase Pylon Anywhere
CVE-2006-1996 (Scry Gallery 1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1995 (Directory traversal vulnerability in index.php in Scry Gallery 1.1 ...)
	NOT-FOR-US: Scry Gallery
CVE-2006-1994 (PHP remote file inclusion vulnerability in dForum 1.5 and earlier ...)
	NOT-FOR-US: dForum
CVE-2006-1992 (mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2006-1991 (The substr_compare function in string.c in PHP 5.1.2 allows ...)
	- php4 <not-affected> (substr_compare does not exist in PHP 4.4.2)
	- php5 5.1.4-0.1 (bug #365312; medium)
CVE-2006-1990 (Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and ...)
	- php4 4:4.4.2-1.1 (bug #365311; unimportant)
	- php5 5.1.4-0.1 (bug #365312; unimportant)
	NOTE: This could only be exploited by a malicious, local user, which is an
	NOTE: unsupported use case
CVE-2006-1989 (Buffer overflow in the get_database function in the HTTP client in ...)
	{DSA-1050-1}
	- clamav 0.88.2
	[sarge] - clamav 0.84-2.sarge.9
CVE-2006-1988 (The WebTextRenderer(WebInternal) _CG_drawRun:style:geometry: function ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1987 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1986 (Apple Safari 2.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Apple Safari
	NOTE: PoC exploit does not work with konqueror 4:3.5.2-2
CVE-2006-1985 (Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build ...)
	NOT-FOR-US: BOMArchiveHelper
CVE-2006-1984 (Unspecified vulnerability in the _cg_TIFFSetField function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1983 (Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1982 (Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1981 (Unspecified vulnerability in Java InputMethods on Mac OS X 10.4.5 may ...)
	NOT-FOR-US: Mac OS X
CVE-2006-1980 (Cross-site scripting (XSS) vulnerability in W2B Online Banking allows ...)
	NOT-FOR-US: W2B Online Banking
CVE-2006-1979 (Cross-site scripting (XSS) vulnerability in mwguest.php in Manic Web ...)
	NOT-FOR-US: Manic Web MWGuest
CVE-2006-1978 (SQL injection vulnerability in inc/start.php in FlexBB 0.5.5 and ...)
	NOT-FOR-US: FlexBB
CVE-2006-1977 (Cross-site scripting (XSS) vulnerability in FlexBB 0.5.7 BETA and ...)
	NOT-FOR-US: FlexBB
CVE-2006-1993 (Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote ...)
	{DSA-1055-1 DSA-1053-1}
	- firefox 1.5.dfsg+1.5.0.3-1 (bug #364810; high)
	- mozilla <removed> (high)
	[sarge] - mozilla-thunderbird <no-dsa> (Not directly exploitable in Thunderbird)
CVE-2006-XXXX [typo3 mailforms can be abused to send spam]
	- typo3-src 4.0.2-1 (bug #364350)
CVE-2006-XXXX [moinmoin XSS]
	- moin 1.5.3-1
CVE-2006-1976 (Cross-site scripting (XSS) vulnerability in addRequest.php in Prayer ...)
	NOT-FOR-US: Prayer Request Board
CVE-2006-1975 (Cross-site scripting (XSS) vulnerability in guestbook_newentry.php in ...)
	NOT-FOR-US: PHP-Gastebuch
CVE-2006-1974 (SQL injection vulnerability in index.php in MyBB (MyBulletinBoard) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1973 (Multiple unspecified vulnerabilities in Linksys RT31P2 VoIP router ...)
	NOT-FOR-US: Linksys router
CVE-2006-1972 (Cross-site scripting (XSS) vulnerability in EasyGallery.php in Wingnut ...)
	NOT-FOR-US: EasyGallery
CVE-2006-1971 (Cross-site scripting (XSS) vulnerability in login.php in KRANKIKOM ...)
	NOT-FOR-US: KRANKIKOM ContentBoxX
CVE-2006-1970 (Cross-site scripting (XSS) vulnerability in classifieds/viewcat.cgi in ...)
	NOT-FOR-US: KCScripts Classifieds
CVE-2006-1969 (Cross-site scripting (XSS) vulnerability in search/search.cgi in an ...)
	NOT-FOR-US: KCScripts
CVE-2006-1968 (Cross-site scripting (XSS) vulnerability in news/NsVisitor.cgi in ...)
	NOT-FOR-US: KCScripts
CVE-2006-1967 (Cross-site scripting (XSS) vulnerability in calendar/Visitor.cgi in ...)
	NOT-FOR-US: KCScripts
CVE-2006-1966 (An unspecified Fortinet product, possibly Fortinet28, allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2006-1965 (Multiple cross-site scripting (XSS) vulnerabilities in aasi media Net ...)
	NOT-FOR-US: Net Clubs Pro
CVE-2006-1964 (SQL injection vulnerability in Haberler.asp in ASPSitem 1.83 and ...)
	NOT-FOR-US: ASPSitem
CVE-2006-1963 (Directory traversal vulnerability in main.php in PCPIN Chat 5.0.4 and ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1962 (SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows ...)
	NOT-FOR-US: PCPIN Chat
CVE-2006-1961 (Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express ...)
	NOT-FOR-US: Cisco
CVE-2006-1960 (Cross-site scripting (XSS) vulnerability in the appliance web user ...)
	NOT-FOR-US: Cisco
CVE-2006-1959 (PHP remote file inclusion vulnerability in direct.php in ActualScripts ...)
	NOT-FOR-US: ActualScripts ActualAnalyzer Lite
CVE-2006-1958 (Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote ...)
	NOT-FOR-US: WWWThreads
CVE-2006-1957 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1956 (The com_rss option (rss.php) in (1) Mambo and (2) Joomla! allows ...)
	- mambo 4.6.1-4 (bug #364769; medium)
CVE-2006-1955 (PHP remote file inclusion vulnerability in authent.php4 in Nicolas ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1954 (SQL injection vulnerability in authent.php4 in Nicolas Fischer (aka ...)
	NOT-FOR-US: RechnungsZentrale
CVE-2006-1953 (Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 ...)
	NOT-FOR-US: Caucho
CVE-2006-1952 (Directory traversal vulnerability in WinAgents TFTP Server for Windows ...)
	NOT-FOR-US: WinAgents TFTP Server for Windows
CVE-2006-1951 (Directory traversal vulnerability in SolarWinds TFTP Server 8.1 and ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2006-1950 (Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in ...)
	NOT-FOR-US: PerlCoders BannerFarm
CVE-2006-1949 (SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1948 (The &quot;Add Sender to Address Book&quot; operation ...)
	NOT-FOR-US: Lotus Notes
CVE-2006-1947 (Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum ...)
	NOT-FOR-US: NicPlex PlexCart
CVE-2006-1946 (Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and ...)
	NOT-FOR-US: Visale
CVE-2006-1945 (Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 ...)
	{DSA-1075-1}
	- awstats 6.5-2 (bug #364443; medium)
	NOTE: this might be the same core issue as CVE-2005-2732
CVE-2006-1944 (Multiple cross-site scripting (XSS) vulnerabilities in SibSoft ...)
	NOT-FOR-US: SibSoft CommuniMail
CVE-2006-1943 (Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts ...)
	NOT-FOR-US: Smarter Scripts IntelliLink Pro
CVE-2006-1942 (Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, ...)
	{DSA-1134-1 DSA-1120 DSA-1118}
	NOTE: MFSA-2006-39
	- firefox 1.5.dfsg+1.5.0.4-1 (low)
	- thunderbird <not-affected> (Windows-specific)
	- mozilla 2:1.7.13-0.3 (low)
	- xulrunner <not-affected> (Windows-specific)
CVE-2006-1941 (Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a ...)
	NOT-FOR-US: Neon Responder
CVE-2006-1940 (Unspecified vulnerability in Ethereal 0.10.4 up to 0.10.14 allows ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1939 (Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1938 (Multiple unspecified vulnerabilities in Ethereal 0.8.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1937 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1936 (Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1935 (Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1934 (Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1933 (Multiple unspecified vulnerabilities in Ethereal 0.10.x up to 0.10.14 ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1932 (Off-by-one error in the OID printing routine in Ethereal 0.10.x up to ...)
	{DSA-1049-1}
	- ethereal 0.99.0-1 (bug #364758; medium)
	[sarge] - ethereal 0.10.10-2sarge5 (bug #364758; medium)
	[woody] - ethereal 0.9.4-1woody15 (bug #364758; medium)
CVE-2006-1931 (The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, ...)
	{DSA-1157}
	NOTE: the redhat bugzilla entry says this is fixed in 1.8.3
	- ruby1.8 1.8.3 (bug #365520)
CVE-2006-1930 (** DISPUTED ** ...)
	NOT-FOR-US: Green Minute
CVE-2006-1929 (PHP remote file inclusion vulnerability in include/common.php in ...)
	NOT-FOR-US: I-Rater Platinum
CVE-2006-1928 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
	NOT-FOR-US: Cisco
CVE-2006-1927 (Cisco IOS XR, when configured for Multi Protocol Label Switching ...)
	NOT-FOR-US: Cisco
CVE-2006-1926 (SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 ...)
	NOT-FOR-US: ThWboard
CVE-2006-1925 (Directory traversal vulnerability in the editnews module ...)
	NOT-FOR-US: CuteNews
CVE-2006-1924 (SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 ...)
	NOT-FOR-US: LinPHA
CVE-2006-1923 (Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before ...)
	NOT-FOR-US: LinPHA
CVE-2006-1922 (PHP remote file inclusion vulnerability in (1) about.php or (2) ...)
	NOT-FOR-US: TotalCalendar
CVE-2006-1921 (nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute ...)
	NOT-FOR-US: PHP Net Tools
CVE-2006-1920 (SQL injection vulnerability in index.php in PMTool 1.2.2 allows remote ...)
	NOT-FOR-US: PMTool
CVE-2006-1919 (PHP remote file inclusion vulnerability in index.php in Internet ...)
	NOT-FOR-US: Internet Photoshow
CVE-2006-1918 (Multiple cross-site scripting (XSS) vulnerabilities in Papoo 2.1.5 ...)
	NOT-FOR-US: Papoo
CVE-2006-1917 (SQL injection vulnerability in member.php in Blackorpheus ...)
	NOT-FOR-US: Blackorpheus ClanMemberSkript
CVE-2006-1916 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: DbbS
CVE-2006-1915 (SQL injection vulnerability in topics.php in DbbS 2.0-alpha and ...)
	NOT-FOR-US: DbbS
CVE-2006-1914 (DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: DbbS
CVE-2006-1913 (Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax ...)
	NOT-FOR-US: Jax Guestbook
CVE-2006-1912 (MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1911 (Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1910 (config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2006-1909 (Directory traversal vulnerability in index.php in Coppermine 1.4.4 ...)
	NOT-FOR-US: Coppermine
CVE-2006-1908 (Cross-site scripting vulnerability in addevent.php in myEvent 1.x ...)
	NOT-FOR-US: myEvent
CVE-2006-1907 (Multiple SQL injection vulnerabilities in myEvent 1.x allow remote ...)
	NOT-FOR-US: myEvent
CVE-2005-4787 (** DISPUTED ** ...)
	NOT-FOR-US: Turnkey Web Tools SunShop Shopping Cart
CVE-2004-2657 (** DISPUTED ** ...)
	- mozilla-firefox <not-affected>
	- firefox <not-affected>
CVE-1999-1588 (Buffer overflow in nlps_server in Sun Solaris x86 2.4, 2.5, and 2.5.1 ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1906 (Cross-site scripting (XSS) vulnerability in index.php in jjgan852 ...)
	NOT-FOR-US: phpLister
CVE-2006-1905 (Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine ...)
	- xine-ui 0.99.4-1 (bug #363370; unimportant)
	NOTE: This is a non-issue: An attacker would need to trick the user into opening
	NOTE: an MP3 file with a very obviously manipulated filename containing the shellcode
CVE-2006-1904 (Cross-site scripting (XSS) vulnerability in index.php in AnimeGenesis ...)
	NOT-FOR-US: AnimeGenesis Gallery
CVE-2006-1903 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1902 (fold_binary in fold-const.c in GNU Compiler Collection (gcc) 4.1 ...)
	- gcc-4.1 4.1.0-2 (bug #356896; unimportant)
	NOTE: Turned out to be a non-issue
CVE-2006-1901 (Mozilla Camino 1.0 and earlier allow remote attackers to cause a ...)
	NOT-FOR-US: Mozilla Camino
CVE-2006-1900 (Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya ...)
	- amaya 9.51-1 (bug #362575; medium)
CVE-2006-1899 (Multiple cross-site scripting (XSS) vulnerabilities in dev Neuron Blog ...)
	NOT-FOR-US: Neuron Blog
CVE-2006-1898 (Multiple cross-site scripting (XSS) vulnerabilities in Ralph Capper ...)
	NOT-FOR-US: Tiny PHP Forum
CVE-2006-1897 (Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for &quot;Script ...)
	NOT-FOR-US: Webplus (aka talentsoft) Web+Shop
CVE-2006-1896 (Unspecified vulnerability in phpBB allows remote authenticated users ...)
	{DSA-1066-1}
	- phpbb2 2.0.18-3 (bug #365533; medium)
CVE-2006-1895 (Direct static code injection vulnerability in includes/template.php in ...)
	- phpbb2 <not-affected> (bug #365535)
CVE-2006-1894 (Cross-site scripting (XSS) vulnerability in RevoBoard 1.8, as derived ...)
	NOT-FOR-US: RevoBoard / PunBB
CVE-2006-1893 (Cross-site scripting (XSS) vulnerability in print.php in ar-blog 5.2 ...)
	NOT-FOR-US: ar-blog
CVE-2006-1892 (avast! 4 Linux Home Edition 1.0.5 allows local users to modify ...)
	NOT-FOR-US: avast! 4 Linux Home Edition
CVE-2006-1891 (Cross-site scripting (XSS) vulnerability in Martin Scheffler betaboard ...)
	NOT-FOR-US: betaboard
CVE-2006-1890 (Multiple PHP remote file inclusion vulnerabilities in myWebland ...)
	NOT-FOR-US: myWebland
CVE-2006-1889 (Cross-site scripting (XSS) vulnerability in the search action handler ...)
	NOT-FOR-US: Boardsolution
CVE-2006-1888 (phpGraphy 0.9.11 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: phpGraphy
CVE-2006-1887 (Unspecified vulnerability in Oracle JD Edwards EnterpriseOne Security ...)
	NOT-FOR-US: Oracle JD Edwards EnterpriseOne
CVE-2006-1886 (Unspecified vulnerability in the PeopleTools component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-1885 (Multiple unspecified vulnerabilities in the Reporting Framework ...)
	NOT-FOR-US: Oracle
CVE-2006-1884 (Unspecified vulnerability in the Oracle Thesaurus Management System ...)
	NOT-FOR-US: Oracle
CVE-2006-1883 (Unspecified vulnerability in the Oracle Application Object Library ...)
	NOT-FOR-US: Oracle
CVE-2006-1882 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-1881 (Unspecified vulnerability in the Financials for Asia/Pacific component ...)
	NOT-FOR-US: Oracle
CVE-2006-1880 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-1879 (Multiple unspecified vulnerabilities in the Email Server component in ...)
	NOT-FOR-US: Oracle
CVE-2006-1878 (Cross-site scripting (XSS) vulnerability in index.php in phpFaber ...)
	NOT-FOR-US: phpFaber TopSites
CVE-2006-1877 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1876 (Unspecified vulnerability in Oracle Database Server 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1875 (Unspecified vulnerability in Oracle Database Server 9.0.1.5, 9.2.0.7, ...)
	NOT-FOR-US: Oracle
CVE-2006-1874 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1873 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, 10.1.0.4, ...)
	NOT-FOR-US: Oracle
CVE-2006-1872 (Unspecified vulnerability in Oracle Database Server 9.0.1.5 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1871 (SQL injection vulnerability in Oracle Database Server 9.2.0.7 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1870 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-1869 (Unspecified vulnerability in Oracle Database Server 8.1.7.4 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1868 (Buffer overflow in the Advanced Replication component in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-1867 (Unspecified vulnerability in Oracle Database Server 9.2.0.6 has ...)
	NOT-FOR-US: Oracle
CVE-2006-1866 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2006-1865 (Argument injection vulnerability in Beagle before 0.2.5 allows ...)
	- beagle 0.2.6-2 (bug #365371; medium)
CVE-2006-1864 (Directory traversal vulnerability in smbfs in Linux 2.6.16 and earlier ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-13
CVE-2006-1863 (Directory traversal vulnerability in CIFS in Linux 2.6.16 and earlier ...)
	{DSA-1103}
	- linux-2.6 2.6.16-10
CVE-2006-1862 (The virtual memory implementation in Linux kernel 2.6.x allows local ...)
	- linux-2.6 <not-affected> (seems to be RedHat-specific)
CVE-2006-1861 (Multiple integer overflows in FreeType before 2.2 allow remote ...)
	{DSA-1095-1}
	- freetype 2.2.1-1
CVE-2006-1860 (lease_init in fs/locks.c in Linux kernel before 2.6.16.16 allows ...)
	- linux-2.6 2.6.16-14
CVE-2006-1859 (Memory leak in __setlease in fs/locks.c in Linux kernel before ...)
	- linux-2.6 2.6.16-14
CVE-2006-1858 (SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1857 (Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-1856 (Certain modifications to the Linux kernel 2.6.16 and earlier do not ...)
	{DSA-1184-2}
	- linux-2.6 2.6.16-12
CVE-2006-1855 (choose_new_parent in Linux kernel before 2.6.11.12 includes certain ...)
	{DSA-1184-2}
	NOTE: probably fixed before, but this is the oldest linux-2.6 in the changelog
	- linux-2.6 2.6.12-1
CVE-2006-1854 (** DISPUTED ** ...)
	NOT-FOR-US: BluePay Manager
CVE-2006-1853 (Multiple SQL injection vulnerabilities in ModernBill 4.3.2 and earlier ...)
	NOT-FOR-US: ModernBill
CVE-2006-1852 (SQL injection vulnerability in category.php in Article Publisher Pro ...)
	NOT-FOR-US: Article Publisher Pro
CVE-2006-1851 (xFlow 5.46.11 and earlier allows remote attackers to determine the ...)
	NOT-FOR-US: xFlow
CVE-2006-1850 (Multiple cross-site scripting (XSS) vulnerabilities in xFlow 5.46.11 ...)
	NOT-FOR-US: xFlow
CVE-2006-1849 (Multiple SQL injection vulnerabilities in members_only/index.cgi in ...)
	NOT-FOR-US: xFlow
CVE-2006-1848 (Multiple cross-site scripting (XSS) vulnerabilities in stats_view.php ...)
	NOT-FOR-US: LinPHA
CVE-2006-1847 (SQL injection vulnerability in the Your_Account module in PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1846 (Cross-site scripting (XSS) vulnerability in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-1845
	REJECTED
CVE-2006-1844 (The Debian installer for the (1) shadow 4.0.14 and (2) base-config ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	NOTE: seems to be a duplicate of CVE-2006-1376
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1843 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1842 (Cross-site scripting (XSS) vulnerability in global.php in ShoutBOOK ...)
	NOT-FOR-US: ShoutBOOK
CVE-2006-1841 (Cross-site scripting (XSS) vulnerability in search.php in boastMachine ...)
	NOT-FOR-US: boastMachine
CVE-2006-1840 (Multiple format string vulnerabilities in Empire Server before 4.3.1 ...)
	NOT-FOR-US: Wolfpack Empire Server (vms-empire in Debian is a different game)
CVE-2006-1839 (PHP remote file inclusion vulnerability in language.php in PHP Album ...)
	NOT-FOR-US: PHP Album
CVE-2006-1838 (edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Fuju News
CVE-2006-1837 (SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows ...)
	NOT-FOR-US: Fuju News
CVE-2006-1836 (Untrusted search path vulnerability in unspecified components in ...)
	NOT-FOR-US: Symantec LiveUpdate
CVE-2006-1835 (Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2006-1834 (Integer signedness error in Opera before 8.54 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2006-1833 (Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the ...)
	NOT-FOR-US: NetBSD
CVE-2006-1832 (sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the ...)
	NOT-FOR-US: sysinfo
CVE-2006-1831 (Direct static code injection vulnerability in sysinfo.cgi in sysinfo ...)
	NOT-FOR-US: sysinfo
CVE-2006-1830 (Sun Java Studio Enterprise 8, when installed as root, creates certain ...)
	NOT-FOR-US: Sun Java Studio Enterprise
CVE-2006-1829 (EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote ...)
	NOT-FOR-US: EAServer Manager in Sybase EAServer
CVE-2006-1828 (SQL injection vulnerability in php121language.php in PHP121 1.4 allows ...)
	NOT-FOR-US: PHP121
CVE-2006-1827 (Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-1 (bug #364195; medium)
	[sarge] - asterisk 1:1.0.7.dfsg.1-2sarge2 (bug #364195; medium)
	[woody] - asterisk 0.1.11-3woody1 (bug #364195; medium)
CVE-2005-4786 (Buffer overflow in the archive decompression library (vrAZMain.dll ...)
	NOT-FOR-US: HAURI anti-virus
CVE-2006-1826 (Multiple cross-site scripting (XSS) vulnerabilities in Snipe Gallery ...)
	NOT-FOR-US: Snipe Gallery
CVE-2006-1825 (Cross-site scripting (XSS) vulnerability in index.php in phpLinks ...)
	NOT-FOR-US: phpLinks
CVE-2006-1824 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: PhpGuestbook
CVE-2006-1823 (Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1822 (Cross-site scripting (XSS) vulnerability in search.php in FarsiNews ...)
	NOT-FOR-US: FarsiNews
CVE-2006-1821 (Directory traversal vulnerability in index.php in ModX 0.9.1 allows ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1820 (Cross-site scripting (XSS) vulnerability in index.php in ModX 0.9.1 ...)
	NOT-FOR-US: ModX CMS
CVE-2006-1819 (Directory traversal vulnerability in the loadConfig function in ...)
	NOT-FOR-US: phpWebSite
CVE-2006-1818 (Multiple cross-site scripting (XSS) vulnerabilities in warforge.NEWS ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1817 (SQL injection vulnerability in authcheck.php in warforge.NEWS 1.0, ...)
	NOT-FOR-US: warforge.NEWS
CVE-2006-1816 (PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and ...)
	NOT-FOR-US: VBulletin
CVE-2006-1815 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1814 (NetBSD 1.6, 2.0, 2.1 and 3.0 allows local users to cause a denial of ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1813 (Directory traversal vulnerability in index.php in phpWebFTP 3.2 and ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1812 (phpWebFTP 3.2 and earlier stores script.js under the web document root ...)
	NOT-FOR-US: phpWebFTP
CVE-2006-1811 (Multiple SQL injection vulnerabilities in FlexBB 0.5.5 BETA allow ...)
	NOT-FOR-US: FlexBB
CVE-2006-1810 (Multiple cross-site scripting (XSS) vulnerabilities in FlexBB 0.5.5 ...)
	NOT-FOR-US: FlexBB
CVE-2006-1809 (index.php in Lifetype 1.0.3 allows remote attackers to obtain ...)
	NOT-FOR-US: Lifetype
CVE-2006-1808 (Cross-site scripting (XSS) vulnerability in index.php in Lifetype ...)
	NOT-FOR-US: Lifetype
CVE-2006-1807 (Multiple SQL injection vulnerabilities in index.php in Musicbox 2.3.3 ...)
	NOT-FOR-US: Musicbox
CVE-2006-1806 (Cross-site scripting (XSS) vulnerability in index.php in Musicbox ...)
	NOT-FOR-US: Musicbox
CVE-2006-1805 (SQL injection vulnerability in member.php in PowerClan 1.14 allows ...)
	NOT-FOR-US: PowerClan
CVE-2006-1804 (SQL injection vulnerability in sql.php in phpMyAdmin 2.7.0-pl1 allows ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected>
CVE-2006-1803 (Cross-site scripting (XSS) vulnerability in sql.php in phpMyAdmin ...)
	- phpmyadmin 4:2.8.1-1 (bug #363519; low)
	[sarge] - phpmyadmin <not-affected> (CSRF code not present in Sarge, too intrusive to backport)
	NOTE: maintainer considers this not-affected.
CVE-2006-1802 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: TinyWebGallery
CVE-2006-1801 (Cross-site scripting (XSS) vulnerability in planetsearchplus.php in ...)
	NOT-FOR-US: planetSearch+
CVE-2006-1800 (Directory traversal vulnerability in posts.php in SimpleBBS 1.0.6 ...)
	NOT-FOR-US: SimpleBBS
CVE-2006-1799 (censtore.cgi in Censtore 7.3.002 and earlier allows remote attackers ...)
	NOT-FOR-US: Censtore
CVE-2006-1798 (SQL injection vulnerability in rateit.php in RateIt 2.2 allows remote ...)
	NOT-FOR-US: RateIt
CVE-2006-1797 (The kernel in NetBSD-current before September 28, 2005 allows local ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1796 (Cross-site scripting (XSS) vulnerability in the paging links ...)
	- wordpress 2.0.1 (bug #328909)
CVE-2006-1795 (Cross-site scripting (XSS) vulnerability in tablepublisher.cgi in UPDI ...)
	NOT-FOR-US: UPDI Network Enterprise
CVE-2006-1794 (SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly ...)
	NOTE: only in experimental
	- mambo 4.5.3h-1 (bug #354468)
CVE-2006-1793 (Directory traversal vulnerability in runCMS 1.2 and earlier allows ...)
	NOT-FOR-US: runCMS
CVE-2006-1792 (Unspecified vulnerability in the POP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-1791 (Directory traversal vulnerability in acc.php in QuickBlogger 1.4 ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1790 (A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5
	- mozilla-firefox <not-affected> (problematic fix not backported into 1.0.4-2sarge5)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2005-4785 (Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and ...)
	NOT-FOR-US: QuickBlogger
CVE-2006-1789 (Directory traversal vulnerability in pajax_call_dispatcher.php in ...)
	NOT-FOR-US: pajax
CVE-2006-1788 (Adobe Document Server for Reader Extensions 6.0, during log on, ...)
	NOT-FOR-US: Adobe
CVE-2006-1787 (Adobe Document Server for Reader Extensions 6.0 includes a user's ...)
	NOT-FOR-US: Adobe
CVE-2006-1786 (Cross-site scripting (XSS) vulnerability in Adobe Document Server for ...)
	NOT-FOR-US: Adobe
CVE-2006-1785 (Adobe Document Server for Reader Extensions 6.0 allows remote ...)
	NOT-FOR-US: Adobe
CVE-2006-1784 (PHP remote file inclusion vulnerability in admin/configset.php in ...)
	NOT-FOR-US: Sphider
CVE-2006-1783 (Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote ...)
	NOT-FOR-US: PatroNet CMS
CVE-2006-1782 (Unspecified vulnerability in Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1781 (PHP remote file inclusion vulnerability in functions.php in Circle R ...)
	NOT-FOR-US: Circle R Monster Top List
CVE-2006-1780 (The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-1779 (Cross-site scripting (XSS) vulnerability in login.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-1778 (Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog ...)
	NOT-FOR-US: Simplog
CVE-2006-1777 (Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft ...)
	NOT-FOR-US: Simplog
CVE-2006-1776 (PHP remote file inclusion vulnerability in doc/index.php in Jeremy ...)
	NOT-FOR-US: Simplog
CVE-2006-1775 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.19 ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Only exploitable by authenticated admin users
CVE-2006-1774 (HP System Management Homepage (SMH) 2.1.3.132, when running on ...)
	NOT-FOR-US: HP System Management Homepage
CVE-2006-1773 (SQL injection vulnerability in include.php in PHPKIT 1.6.1 Release 2 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1772 (debconf in Debian GNU/Linux, when configuring mnogosearch in the ...)
	- mnogosearch 3.2.37-3.1 (bug #361775)
	[sarge] - mnogosearch <no-dsa> (Minor issue)
CVE-2006-1771 (Directory traversal vulnerability in misc in pbcs.dll in SAXoTECH ...)
	NOT-FOR-US: SAXoPRESS
CVE-2006-1770 (Multiple PHP remote file inclusion vulnerabilities in Azerbaijan ...)
	NOT-FOR-US: AzDGVote
CVE-2006-1769 (Multiple cross-site scripting (XSS) vulnerabilities in UserLand Manila ...)
	NOT-FOR-US: UserLand Manila
CVE-2006-1768 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2006-1767 (Multiple PHP remote file inclusion vulnerabilities in nicecoder.com ...)
	NOT-FOR-US: INDEXU
CVE-2006-1766 (Multiple SQL injection vulnerabilities in Papoo 2.1.5, and 3 beta1 and ...)
	NOT-FOR-US: Papoo
CVE-2006-1765 (Cross-site scripting (XSS) vulnerability in index.php in JBook 1.3 ...)
	NOT-FOR-US: JBook
CVE-2006-1764 (Hosting Controller 6.1 stores forum/db/forum.mdb under the web ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1763 (Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1762 (Directory traversal vulnerability in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1761 (Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 ...)
	NOT-FOR-US: blur6ex
CVE-2006-1760 (Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow ...)
	NOT-FOR-US: JetPhoto
CVE-2006-1759 (Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1758 (SQL injection vulnerability in index.php in Vegadns 0.99 allows remote ...)
	NOT-FOR-US: Vegadns
CVE-2006-1757 (Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 ...)
	NOT-FOR-US: Vegadns
CVE-2006-1756 (MD News 1 allows remote attackers to bypass authentication via a ...)
	NOT-FOR-US: MD News 1
CVE-2006-1755 (SQL injection vulnerability in admin.php in MD News 1 allows remote ...)
	NOT-FOR-US: MD News 1
CVE-2006-1754 (SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, ...)
	NOT-FOR-US: SWSoft Confixx
CVE-2006-1753 (A cron job in fcheck before 2.7.59 allows local users to overwrite ...)
	{DSA-1035-1}
	- fcheck 2.7.59-8
CVE-2006-1752 (Multiple cross-site scripting (XSS) vulnerabilities in the backend in ...)
	NOT-FOR-US: MvBlog
CVE-2006-1751 (Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow ...)
	NOT-FOR-US: MvBlog
CVE-2006-1750 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Autogallery
CVE-2006-1749 (PHP remote file inclusion vulnerability in config.php in phpListPro ...)
	NOT-FOR-US: phpListPro
CVE-2006-1748 (Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows ...)
	NOT-FOR-US: XMB Forum
CVE-2006-1747 (PHP remote file inclusion vulnerability in Virtual War (VWar) 1.5.0 ...)
	NOT-FOR-US: Virtual War
CVE-2006-1746 (Directory traversal vulnerability in PHPList 2.10.2 and earlier allows ...)
	NOT-FOR-US: PHPList
CVE-2006-1745 (Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 ...)
	NOT-FOR-US: Bitweaver
CVE-2006-1743 (Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow ...)
	NOT-FOR-US: JBook
CVE-2006-1742 (The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: The Mozilla Foundation labels this as "critical", but it's not
	NOTE: clear if this bug is exploitable.
CVE-2006-1741 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1740 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1739 (The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1738 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1737 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5 and ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1736 (Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
CVE-2006-1735 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1734 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1733 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
CVE-2006-1732 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
CVE-2006-1731 (Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-2 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-1730 (Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	NOTE: MFSA2006-22 says that it is not clear whether Thunderbird is
	NOTE: exploitable in the default configuration.
	- xulrunner 1.8.0.1-9
CVE-2006-1729 (Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla ...)
	{DSA-1134-1 DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: Can likely be used to steal OpenSSH keys and the like.
CVE-2006-1728 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla <removed> (high)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
CVE-2006-1727 (Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla 2:1.7.13-0.1 (medium)
	- thunderbird 1.5.0.2-1 (medium)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: If print preview (and this bug) can be triggered from JavaScript,
	NOTE: the urgency should probably be raised.
CVE-2006-1726 (Unspecified vulnerability in Firefox and Thunderbird 1.5 before ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- thunderbird 1.5.0.2-1 (medium)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1725 (Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes ...)
	- firefox 1.5.dfsg+1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: New bug in Firefox 1.5.
CVE-2006-1724 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (medium)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1723 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.2 (medium)
	[sarge] - mozilla-firefox <no-dsa> (Mozilla products from Sarge no longer supported)
	- mozilla <removed> (medium)
	- thunderbird 1.5.0.2-1 (low)
	- xulrunner 1.8.0.1-9
	NOTE: This is probably: https://bugzilla.mozilla.org/show_bug.cgi?id=320459
CVE-2006-1722 (Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 ...)
	NOT-FOR-US: ShopXS
CVE-2006-1721 (digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer ...)
	{DSA-1042-1}
	- cyrus-sasl2 2.1.19.dfsg1-0.2 (bug #361937; low)
	- cyrus-sasl2-mit <not-affected> (does not install digest-md5)
CVE-2006-1720 (Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1719 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1718 (Magus Perde Clever Copy 3.0 and earlier stores sensitive information ...)
	NOT-FOR-US: Clever Copy
CVE-2006-1717 (Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1716 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1715 (Multiple directory traversal vulnerabilities in Christian Kindahl ...)
	NOT-FOR-US: TUGZip
CVE-2006-1714 (CRLF injection vulnerability in index.php in Christoph Roeder ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1713 (Cross-site scripting (XSS) vulnerability in index.php in Christoph ...)
	NOT-FOR-US: phpMyForum
CVE-2006-1710 (SQL injection vulnerability in admin.php in Design Nation DNGuestbook ...)
	NOT-FOR-US: DNGuestbook
CVE-2005-4784 (Multiple buffer overflows in the POSIX readdir_r function, as used in ...)
	NOTE: this does not affect linux
CVE-2005-4783 (kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not ...)
	NOT-FOR-US: NetBSD
CVE-2005-4782 (NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is ...)
	NOT-FOR-US: NetBSD
CVE-2005-4781 (Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 ...)
	NOT-FOR-US: SergiD Top Music module
CVE-2005-4780 (** DISPUTED ** ...)
	NOT-FOR-US: LightHouse CMS
CVE-2005-4779 (verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with ...)
	NOT-FOR-US: NetBSD
CVE-2005-4778 (The powersave daemon in SUSE Linux 10.0 before 20051007 has an ...)
	- powersave 0.12.7-1
	NOTE: https://bugzilla.novell.com/show_bug.cgi?id=119628&x=18&y=11&=Find
CVE-2005-4777 (Tashcom ASPEdit 2.9 stores the administration password (aka the FTP ...)
	NOT-FOR-US: Tashcom ASPEdit
CVE-2005-4776 (Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in ...)
	NOT-FOR-US: NetBSD
CVE-2005-4775 (Michael Scholz and Sebastian Stein Contineo 2.0, when the admin ...)
	NOT-FOR-US: Contineo
CVE-2005-4774 (Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote ...)
	NOT-FOR-US: Xerver
CVE-2005-4773 (The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x ...)
	NOT-FOR-US: VMware
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like ...)
	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
CVE-2006-1744 (Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows ...)
	{DSA-1036-1}
	- bsdgames 2.17-7 (bug #360989)
CVE-2006-1712 (Cross-site scripting (XSS) vulnerability in the private archive script ...)
	- mailman 0:2.1.7-2.1.8rc1-1
	[sarge] - mailman <not-affected> (Only affects Mailman 2.1.7)
CVE-2006-1711 (Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) ...)
	{DSA-1032-1}
	- zope-cmfplone 2.1.2-2
CVE-2006-1709 (Cross-site scripting (XSS) vulnerability in shop_main.cgi in ...)
	NOT-FOR-US: interaktiv.shop
CVE-2006-1708 (SQL injection vulnerability in member.php in Clansys 1.1 allows remote ...)
	NOT-FOR-US: Clansys
CVE-2006-1707 (index.php in Shopweezle 2.0 allows remote attackers to include ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1706 (Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote ...)
	NOT-FOR-US: Shopweezle
CVE-2006-1705 (Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with &quot;SELECT&quot; ...)
	NOT-FOR-US: Oracle
CVE-2006-1704 (Sire 2.0 nws allows remote attackers to upload arbitrary image files ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1703 (PHP remote file inclusion vulnerability in lire.php in Sire 2.0 nws ...)
	NOT-FOR-US: Sire 2.0 nws
CVE-2006-1702 (PHP remote file inclusion vulnerability in spip_login.php3 in SPIP ...)
	- spip 2.0.6-1
CVE-2006-1701 (Cross-site scripting (XSS) vulnerability in the Pages module in ...)
	NOT-FOR-US: Shadowed Portal
CVE-2006-1700 (Buy.php in Aweb Scripts Seller uses predictable cookies for ...)
	NOT-FOR-US: Aweb Scripts Seller
CVE-2006-1699 (Cross-site scripting (XSS) vulnerability in index.php in Aweb Banner ...)
	NOT-FOR-US: Aweb Banner
CVE-2006-1698 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1697 (Cross-site scripting (XSS) vulnerability in Matt Wright Guestbook ...)
	NOT-FOR-US: Matt Wright Guestbook
CVE-2006-1696 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 ...)
	- gallery 1.5.3-1 (bug #361758)
CVE-2006-1695 (The fbgs script in the fbi package 2.01-1.4, when the TMPDIR ...)
	{DSA-1068-1}
	- fbi 2.05-1 (bug #361370)
CVE-2006-1694 (SQL injection vulnerability in members.php in XBrite Members 1.1 and ...)
	NOT-FOR-US: XBrite Members
CVE-2006-1693 (Unspecified vulnerability in GlobalSCAPE Secure FTP Server before ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2006-1692 (Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1691 (SQL injection vulnerability in MWNewsletter 1.0.0b allows remote ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1690 (Cross-site scripting (XSS) vulnerability in subscribe.php in ...)
	NOT-FOR-US: MWNewsletter
CVE-2006-1689 (Unspecified vulnerability in su in HP HP-UX B.11.11, when using the ...)
	NOT-FOR-US: HP-UX
CVE-2006-1688 (Multiple PHP remote file inclusion vulnerabilities in SQuery 4.5 and ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1687 (Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1686 (Unspecified vulnerability in modules.php in APT-webshop-system 4.0 ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1685 (Multiple SQL injection vulnerabilities in modules.php in ...)
	NOT-FOR-US: APT-webshop-system
CVE-2006-1684 (Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier ...)
	NOT-FOR-US: ecotwo Shopsystem
CVE-2006-1683 (SQL injection vulnerability in admin/login.php in Chipmunk Guestbook ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-1682 (Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft ...)
	NOT-FOR-US: TalentSoft Web+Shop
CVE-2006-1681 (Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and ...)
	- cherokee 0.5.1-1
CVE-2006-1680 (Jupiter CMS 1.1.5, when display_errors is enabled, allows remote ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1679 (Cross-site scripting (XSS) vulnerability in modules/online.php in ...)
	NOT-FOR-US: Jupiter CMS
CVE-2006-1678 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.8.0.3-1 (bug #362567)
CVE-2006-1677 (MAXdev MDPro 1.0.73 and 1.0.72, and possibly other versions before ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1676 (SQL injection vulnerability in the display function in the Topics ...)
	NOT-FOR-US: MAXdev MD-Pro
CVE-2006-1675 (Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1674 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: PHPWebGallery
CVE-2006-1673 (Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard ...)
	NOT-FOR-US: Dark_Wizard vBug Tracker
CVE-2006-1672 (The installation of Cisco Transport Controller (CTC) for Cisco Optical ...)
	NOT-FOR-US: Cisco
CVE-2006-1671 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-1670 (Control cards for Cisco Optical Networking System (ONS) 15000 series ...)
	NOT-FOR-US: Cisco
CVE-2006-1669 (SQL injection vulnerability in chat/messagesL.php3 in phpHeaven Team ...)
	NOT-FOR-US: PHPMyChat
CVE-2006-1668 (newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1667 (SQL injection vulnerability in slides.php in Eric Gerdes Crafty Syntax ...)
	NOT-FOR-US: Crafty Syntax Image Gallery
CVE-2006-1666 (SQL injection vulnerability in forum.php in Arab Portal 2.0.1 stable ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1665 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1664 (Buffer overflow in xine_list_delete_current in libxine 1.14 and ...)
	- xine-lib <not-affected> (Not reproducible with Debian version, see bug #363127)
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2006-1663
	REJECTED
CVE-2006-1662 (The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote ...)
	NOT-FOR-US: Limbo CMS
CVE-2006-1661 (Multiple cross-site scripting (XSS) vulnerabilities in SKForum 1.5 and ...)
	NOT-FOR-US: SKForum
CVE-2006-1660 (Cross-site scripting (XSS) vulnerability in image_desc.php in Softbiz ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1659 (Multiple SQL injection vulnerabilities in Softbiz Image Gallery allow ...)
	NOT-FOR-US: Softbiz Image Gallery
CVE-2006-1658 (Direct static code injection vulnerability in ticker.db.php in Chucky ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2006-1657 (Cross-site scripting (XSS) vulnerability in index.php in Chucky ...)
	NOT-FOR-US: Chucky A. Ivey N.T.
CVE-2005-4772 (liby2util in Yet another Setup Tool (YaST) in SUSE Linux before ...)
	NOT-FOR-US: YaST
CVE-2005-4771 (Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility ...)
	NOT-FOR-US: Trusted Mobility Agent
CVE-2005-4770 (SQL injection vulnerability in an unspecified Accelerated Enterprise ...)
	NOT-FOR-US: Accelerated E Solutions
CVE-2005-4769 (SQL injection vulnerability in addrbook.php in Belchior Foundry vCard ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-4768 (SQL injection vulnerability in manage_account.php in Tux Racer TuxBank ...)
	NOT-FOR-US: Tux Racer TuxBank
CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, ...)
	- xscreensaver 4.18-1 (low)
CVE-2006-XXXX [linphone insecure password leakage]
	- linphone 1.3.5-1 (bug #361913)
CVE-2006-1656 (vserver in util-vserver 0.30.209 executes a command as root when the ...)
	- util-vserver 0.30.210-1 (bug #360438; unimportant)
CVE-2006-1655 (Multiple buffer overflows in mpg123 0.59r allow user-assisted ...)
	{DSA-1074-1}
	- mpg123 0.59r-22 (bug #361863)
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2006-1654 (Directory traversal vulnerability in the HP Color LaserJet 2500 ...)
	NOT-FOR-US: HP Colour LaserJet 2500 and 4600 Toolbox
CVE-2006-1653 (PHP remote file inclusion vulnerability in loadkernel.php in ...)
	NOT-FOR-US: AngelineCMS
CVE-2006-1652 (Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and ...)
	NOT-FOR-US: UltraVNC
CVE-2006-1651 (** DISPUTED ** ...)
	NOT-FOR-US: MS ISA
CVE-2006-1650 (Firefox 1.5.0.1 allows remote attackers to spoof the address bar and ...)
	NOTE: other reports indicate that Firefox is not vulnerable
CVE-2006-1649 (The &quot;restore to&quot; selection in the &quot;quarantine a file&quot; capability of ...)
	NOT-FOR-US: Eset Software NOD32 Antivirus 2.5
CVE-2006-1648 (SMART SynchronEyes Student and Teacher 6.0, and possibly earlier ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1647 (An unspecified &quot;logical programming mistake&quot; in SMART SynchronEyes ...)
	NOT-FOR-US: SMART SynchronEyes
CVE-2006-1646 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
	NOT-FOR-US: This is a slightly different racoon version, the Linux fork in Debian was already addressed in CVE-2005-3732
CVE-2006-1645 (Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav ...)
	NOT-FOR-US: ReloadCMS
CVE-2006-1644 (login.php in Interact 2.1.1 generates different responses depending on ...)
	NOT-FOR-US: Interact
CVE-2006-1643 (SQL injection vulnerability in login.php in Interact 2.1.1 allows ...)
	NOT-FOR-US: Interact
CVE-2006-1642 (Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows ...)
	NOT-FOR-US: Interact
CVE-2006-1641 (Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote ...)
	NOT-FOR-US: CzarNews
CVE-2006-1640 (Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 ...)
	NOT-FOR-US: CzarNews
CVE-2006-1639 (SQL injection vulnerability in index.php in wpBlog 0.4 allows remote ...)
	NOT-FOR-US: wpBlog
CVE-2006-1638 (Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote ...)
	NOT-FOR-US: aWebBB
CVE-2006-1637 (Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 ...)
	NOT-FOR-US: aWebBB
CVE-2006-1636 (PHP remote file inclusion vulnerability in get_header.php in VWar ...)
	NOT-FOR-US: VWar
CVE-2006-1635 (LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1634 (Cross-site scripting (XSS) vulnerability in index.php in LucidCMS ...)
	NOT-FOR-US: LucidCMS
CVE-2006-1633
	RESERVED
CVE-2006-1632
	RESERVED
CVE-2006-1631 (Unspecified vulnerability in the HTTP compression functionality in ...)
	NOT-FOR-US: Cisco
CVE-2006-1629 (OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute ...)
	{DSA-1045-1}
	- openvpn 2.0.6-1 (bug #360559; medium)
CVE-2006-1628 (Adobe LiveCycle Workflow 7.01 and LiveCycle Forum Manager 7.01 allows ...)
	NOT-FOR-US: Adobe LiveCycle
CVE-2006-1627 (Adobe Document Server for Reader Extensions 6.0 does not provide ...)
	NOT-FOR-US: Adobe Document Server
CVE-2006-1626 (Internet Explorer 6 for Windows XP SP2 and earlier allows remote ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1625 (Cross-site scripting (XSS) vulnerability in inc/functions_post.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1624 (The default configuration of syslogd in the Linux sysklogd package ...)
	- sysklogd <unfixed> (unimportant)
	NOTE: No sane person will open a network socket for syslog without apropriate
	NOTE: firewall rules. The default is not to listen to the network.
CVE-2006-1623 (Unspecified vulnerability in main.php in an unspecified &quot;file created ...)
	NOT-FOR-US: FleXiBle Development
CVE-2006-1622 (Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit ...)
	NOT-FOR-US: PHPSelect
CVE-2006-1621 (Directory traversal vulnerability in admin/folders/saveuploadfiles.asp ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1620 (admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1619 (IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote ...)
	NOT-FOR-US: WebSphere
CVE-2006-1618 (Format string vulnerability in the (1) Con_message and (2) conPrintf ...)
	NOT-FOR-US: Doomsday/deng
CVE-2006-1617 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1616 (Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow ...)
	NOT-FOR-US: Advanced Poll
CVE-2006-1613 (Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote ...)
	NOT-FOR-US: aWebNews
CVE-2006-1612 (Multiple cross-site scripting (XSS) vulnerabilities in visview.php in ...)
	NOT-FOR-US: aWebNews
CVE-2006-1611 (Directory traversal vulnerability in KGB Archiver before 1.1.5.22 ...)
	NOT-FOR-US: KGB Archiver
CVE-2006-1610 (PHP remote file inclusion vulnerability in lib/armygame.php in SQuery ...)
	NOT-FOR-US: SQuery / Autonomous LAN party
CVE-2006-1609 (Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, ...)
	NOT-FOR-US: Hitachi XFIT
CVE-2006-1608 (The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users ...)
	- php4 4:4.4.4-1 (bug #361856; unimportant)
	- php5 5.1.4-0.1 (bug #361915; unimportant)
	NOTE: Safe mode violations not supported
CVE-2006-1607 (Unspecified vulnerability in the banner module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1606 (Unspecified vulnerability in the image module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1605 (Unspecified vulnerability in the image module in Exponent CMS before ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1604 (Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has ...)
	NOT-FOR-US: Exponent CMS
CVE-2006-1603 (Cross-site scripting (XSS) vulnerability in profile.php in phpBB ...)
	- phpbb2 <not-affected> (According to Jeroen a non-issue, see notes)
	NOTE: <jvw> jmm: unable to everify, the variable in question is only printed
	NOTE: at one single page, and there it doesn't get taken from GET nor POST in my tests
	NOTE: <jvw> and, shock, the password isn't saved unhashed in the DB, so having
	NOTE: javascript in your password can't be exposed otherwise
	NOTE: <jvw> I'd forget about it unless someone comes with a proof of concept
CVE-2006-1602 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: PHPNuke Clan
CVE-2006-1601 (Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 ...)
	NOT-FOR-US: Sun Cluster
CVE-2006-1600 (SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 ...)
	NOT-FOR-US: PhpWebGallery
CVE-2006-1599 (Unspecified vulnerability in VCEngine.php in v-creator before ...)
	NOT-FOR-US: v-creator
CVE-2006-1598 (AN HTTPD 1.42n, and possibly other versions before 1.42p, allows ...)
	NOT-FOR-US: AN HTTPD
CVE-2006-1597
	RESERVED
CVE-2006-1596 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Claroline
CVE-2006-1595 (Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in ...)
	NOT-FOR-US: Claroline
CVE-2006-1594 (Multiple directory traversal vulnerabilities in document/rqmkhtml.php ...)
	NOT-FOR-US: Claroline
CVE-2006-1593 (The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1592 (Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) ...)
	NOT-FOR-US: X-Doom, ZDaemon
	NOTE: vulnerable functions don't exist in lxdoom, prboom
CVE-2006-1591 (Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe ...)
	NOT-FOR-US: Microsoft Windows Help
CVE-2006-1590 (Cross-site scripting (XSS) vulnerability in the PrintFreshPage ...)
	- acidbase 1.2.5-1 (bug #363548; unimportant)
	[sarge] - acidbase <no-dsa> (Hardly exploitable)
	- acidlab <removed> (bug #363549; unimportant)
	[sarge] - acidlab <no-dsa> (Hardly exploitable)
	NOTE: Not exploitable with the default configuration anyway.
CVE-2006-1589 (The elf_load_file function in NetBSD 2.0 through 3.0 allows local ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1588 (The bridge ioctl (if_bridge code) in NetBSD 1.6 through 3.0 does not ...)
	NOT-FOR-US: NetBSD kernel
CVE-2006-1587 (NetBSD 1.6 up to 3.0, when a user has &quot;set record&quot; in .mailrc with the ...)
	NOT-FOR-US: NetBSD
CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite ...)
	- openoffice.org 1.0.2
CVE-2006-1614 (Integer overflow in the cli_scanpe function in the PE header parser ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1630 (The cli_bitset_set function in libclamav/others.c in Clam AntiVirus ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1615 (Multiple format string vulnerabilities in the logging code in Clam ...)
	{DSA-1024-1}
	- clamav 0.88.1-1
CVE-2006-1586 (SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan ...)
	NOT-FOR-US: Egypt SiteMan
CVE-2006-1585 (Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote ...)
	NOT-FOR-US: MonAlbum
CVE-2006-1584 (Unspecified vulnerability in index.php in Warcraft III Replay Parser ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1583 (Cross-site scripting (XSS) vulnerability in index.php in Warcraft III ...)
	NOT-FOR-US: Warcraft III Replay
CVE-2006-1582 (Cross-site scripting (XSS) vulnerability in index.php in Blank'N'Berg ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1581 (Directory traversal vulnerability in index.php in Blank'N'Berg 0.2 ...)
	NOT-FOR-US: Blank'N'Berg
CVE-2006-1580 (Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 ...)
	NOT-FOR-US: Bugzero
CVE-2006-1579 (SQL injection vulnerability in topics.php in Dynamic Bulletin Board ...)
	NOT-FOR-US: Dynamic Bulletin Board System
CVE-2006-1578 (Multiple SQL injection vulnerabilities in Keystone Digital Library ...)
	NOT-FOR-US: Keystone Digital Library Suite
CVE-2006-1577 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	{DSA-1133-1}
	[woody] - mantis <not-affected> (Vulnerable code not present)
	- mantis 0.19.4-3.1 (bug #361138)
CVE-2006-1576 (Direct static code injection vulnerability in QLnews 1.2 allows remote ...)
	NOT-FOR-US: QLnews
CVE-2006-1575 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: QLnews
CVE-2006-1574 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, ...)
	NOT-FOR-US: Groupmax World Wide Web et. al.
CVE-2006-1573 (PHP remote file inclusion vulnerability in index.php in MediaSlash ...)
	NOT-FOR-US: MediaSlash Gallery
CVE-2006-1572 (SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote ...)
	NOT-FOR-US: Oxygen
CVE-2006-1571 (Multiple SQL injection vulnerabilities in loginprocess.php in ...)
	NOT-FOR-US: qliteNews
CVE-2006-1570 (Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 ...)
	NOT-FOR-US: Esqlanelapse
CVE-2006-1569 (Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote ...)
	NOT-FOR-US: RedCMS
CVE-2006-1568 (Multiple cross-site scripting (XSS) vulnerabilities in register.php in ...)
	NOT-FOR-US: RedCMS
CVE-2006-1567 (Cross-site scripting (XSS) vulnerability in searchresults.asp in ...)
	NOT-FOR-US: SiteSearch Indexer
CVE-2006-1566 (Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in ...)
	- libtunepimp 0.4.2-3 (bug #359241; low)
	[sarge] - libtunepimp <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1565 (Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian ...)
	- gpib 3.2.06-3 (bug #359239; low)
	[sarge] - gpib <not-affected> (rpath not set to /tmp in Sarge)
CVE-2006-1564 (Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for ...)
	- subversion 1.3.0-5 (bug #359234; low)
	[sarge] - subversion <not-affected> (No rpaths set in Sarge)
CVE-2006-1563 (Direct static code injection vulnerability in config.php in vscripts ...)
	NOT-FOR-US: VBook
CVE-2006-1562 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: VBook
CVE-2006-1561 (SQL injection vulnerability in index.php in vscripts (aka Kuba ...)
	NOT-FOR-US: VBook
CVE-2006-1560 (Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 ...)
	NOT-FOR-US: SkinTech phpNewsManager
CVE-2006-1559 (SQL injection vulnerability in PHP Script Index allows remote ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1558 (Cross-site scripting (XSS) vulnerability in search.php in PHP Script ...)
	NOT-FOR-US: PHP Script Index
CVE-2006-1557 (Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote ...)
	NOT-FOR-US: X-Changer
CVE-2006-1556 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: AL-Caricatier
CVE-2006-1555 (VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1554 (Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1553 (SQL injection vulnerability in functions/final_functions.php in VSNS ...)
	NOT-FOR-US: VSNS Lemon
CVE-2006-1552 (Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1551 (Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX ...)
	NOT-FOR-US: PAJAX
CVE-2006-1549 (PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation ...)
	- php4 <removed> (bug #361854; unimportant)
	- php5 5.1.4-0.1 (bug #361917; unimportant)
	[sarge] - php4 <no-dsa> (there are easier ways to segfault your own program)
CVE-2005-4767 (BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4766 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4765 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4764 (BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4763 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4762 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4761 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4760 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4759 (BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4758 (Unspecified vulnerability in the Administration server in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4757 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4756 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4755 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4754 (BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4753 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4752 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4751 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4750 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4749 (HTTP request smuggling vulnerability in BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1548 (Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1547 (ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1546 (Apache Software Foundation (ASF) Struts before 1.2.9 allows remote ...)
	- libstruts1.2-java 1.2.9-1 (bug #360551)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2006-1545 (Direct static code injection vulnerability in admin/config.php in ...)
	NOT-FOR-US: VNews
CVE-2006-1544 (Multiple cross-site scripting (XSS) vulnerabilities in news.php in ...)
	NOT-FOR-US: VNews
CVE-2006-1543 (Multiple SQL injection vulnerabilities in vscripts (aka Kuba ...)
	NOT-FOR-US: VNews
CVE-2006-1542 (Stack-based buffer overflow in Python 2.4.2 and earlier, running on ...)
	NOT-FOR-US: Bogus issue, this doesn't trigger any local overflow
	NOTE: Should be rejected
CVE-2006-1541 (SQL injection vulnerability in Default.asp in EzASPSite 2.0 RC3 and ...)
	NOT-FOR-US: EzASPSite
CVE-2006-1540 (MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1539 (Multiple buffer overflows in the checkscores function in scores.c in ...)
	- bsdgames 2.17-6 (bug #361160)
	[sarge] - bsdgames <no-dsa> (Minor impact)
CVE-2006-1538 (The Enova X-Wall ASIC encrypts with a key obtained via Microwire from ...)
	NOT-FOR-US: Enova X-Wall ASIC
CVE-2006-1537 (Craig Knudsen WebCalendar 1.1.0-CVS allows remote attackers to obtain ...)
	- webcalendar <unfixed> (unimportant)
CVE-2006-1536 (Multiple SQL injection vulnerabilities in Phoetux.net PhxContacts ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1535 (Cross-site scripting (XSS) vulnerability in login.php in Phoetux.net ...)
	NOT-FOR-US: Phoetux.net PhxContacts
CVE-2006-1534 (Multiple SQL injection vulnerabilities in Null news allow remote ...)
	NOT-FOR-US: Null news
CVE-2006-1533 (SQL injection vulnerability in newsletter.php in Sourceworkshop ...)
	NOT-FOR-US: Sourceworkshop newsletter
CVE-2006-1532 (Cross-site scripting (XSS) vulnerability in search.php in PHP ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-1531 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1530 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1529 (Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, ...)
	{DSA-1046-1}
	- firefox 1.5.0.2-1 (medium)
	- mozilla-firefox <not-affected> (pre-1.5 version not vulnerable)
	- thunderbird 1.5.0.2-1 (low)
	- mozilla-thunderbird <not-affected> (pre-1.5 version not vulnerable)
	- xulrunner 1.8.0.1-9
	NOTE: MFSA2006-20 says exploitability has not been confirmed.
	NOTE: Thunderbird is potentially affected as well, but not in the
	NOTE: default configuration.
CVE-2006-1528 (Linux kernel before 2.6.13 allows local users to cause a denial of ...)
	{DSA-1184-2 DSA-1183-1}
	- linux-2.6 2.6.13-1
CVE-2006-1527 (The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote ...)
	- linux-2.6 2.6.16-12 (low)
CVE-2006-1526 (Buffer overflow in the X render (Xrender) extension in X.org X server ...)
	- xorg-server 1:1.0.2-8 (bug #378464)
	[sarge] - xfree86 <not-affected> (Vulnerable code not present)
CVE-2006-1525 (ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
CVE-2006-1524 (madvise_remove in Linux kernel 2.6.16 up to 2.6.16.6 does not follow ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-8
CVE-2006-1523 (The __group_complete_signal function in the RCU signal handling ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-1522 (The sys_add_key function in the keyring code in Linux kernel 2.6.16.1 ...)
	- linux-2.6 2.6.16-7
CVE-2006-1521
	REJECTED
CVE-2006-1520 (Format string vulnerability in ANSI C Sender Policy Framework library ...)
	NOTE: Debian ships debugging disabled (this isn't a problem with a debugging command-line flag)
	- libspf <not-affected> (bug #368780; low)
CVE-2006-1519
	REJECTED
CVE-2006-1518 (Buffer overflow in the open_table function in sql_base.cc in MySQL ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; medium)
	- mysql-dfsg-4.1 <removed> (bug #365939; medium)
	- mysql-dfsg <removed> (bug #365939; bug #356751; medium)
	- mysql <removed> (bug #365939; medium)
CVE-2006-1517 (sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1516 (The check_connection function in sql_parse.cc in MySQL 4.0.x up to ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.21-1 (bug #365939; bug #365938; bug #366044; low)
	- mysql-dfsg-4.1 <removed> (bug #365939; bug #366043; low)
	- mysql-dfsg <removed> (bug #365939; bug #356751; low)
	- mysql <removed> (bug #365939; low)
CVE-2006-1515 (Buffer overflow in the addnewword function in typespeed 0.4.4 and ...)
	{DSA-1084-1}
	- typespeed 0.4.4-10
CVE-2006-1514 (Multiple buffer overflows in the abcmidi-yaps translator in abcmidi ...)
	{DSA-1043-1}
	- abcmidi 20060422-1
CVE-2006-1513 (Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted ...)
	{DSA-1041-1}
	- abc2ps <removed> (bug #373685; low)
CVE-2006-1512
	REJECTED
CVE-2006-1511 (Buffer overflow in the ILASM assembler in the Microsoft .NET 1.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-1510 (Buffer overflow in calloc.c in the Microsoft Windows XP SP2 ntdll.dll ...)
	NOT-FOR-US: Microsoft
CVE-2006-1509 (/sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 ...)
	NOT-FOR-US: HP-UX
CVE-2006-1508 (Multiple cross-site scripting (XSS) vulnerabilities in MH Software ...)
	NOT-FOR-US: MH Software Connect Daily Web Calendar
CVE-2006-1507 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
	NOT-FOR-US: PHPKIT
CVE-2006-1506 (Unspecified vulnerability in rsh in Sun Microsystems Sun Grid Engine ...)
	NOT-FOR-US: Sun Microsystems Sun Grid Engine 5.3
CVE-2006-1505 (base_maintenance.php in Basic Analysis and Security Engine (BASE) ...)
	- acidbase 1.2.4-1 (bug #361139)
CVE-2006-1504 (Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 ...)
	NOT-FOR-US: Arab Portal
CVE-2006-1503 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Virtual Wa
CVE-2006-1502 (Multiple integer overflows in MPlayer 1.0pre7try2 allow remote ...)
	NOT-FOR-US: MPlayer
	NOTE: I can't find the vulnerable code in xine-lib
CVE-2006-1501 (SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows ...)
	NOT-FOR-US: OneOrZero
CVE-2006-1500 (SQL injection vulnerability in index.php in Tilde CMS 3.0 allows ...)
	NOT-FOR-US: Tilde CMS 3.0
CVE-2006-1499 (SQL injection vulnerability in vCounter.php in vCounter 1.0 allows ...)
	NOT-FOR-US: vCounter
CVE-2006-1497 (Directory traversal vulnerability in index.php in ViHor Design allows ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1496 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: ViHor Design
CVE-2006-1495 (SQL injection vulnerability in general/sendpassword.php in (1) ...)
	NOT-FOR-US: PHPCollab / NetOffice
CVE-2006-1494 (Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 ...)
	- php4 4:4.4.4-1 (bug #361855; unimportant)
	- php5 5.1.4-0.1 (bug #361916; unimportant)
	NOTE: open_basedir violations are not supported
CVE-2006-1493 (Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1492 (Directory traversal vulnerability in dir.php in Explorer XP allows ...)
	NOT-FOR-US: Explorer XP
CVE-2006-1489 (Multiple SQL injection vulnerabilities in FusionZONE CouponZONE ...)
	NOT-FOR-US: FusionZONE CouponZONE
CVE-2005-4748 (PHP remote file include vulnerability in functions_admin.php in ...)
	NOT-FOR-US: Virtual War
CVE-2006-XXXX [unixodbc rpath set to /home]
	- unixodbc 2.2.11-11 (bug #358142; low)
	[sarge] - unixodbc <not-affected> (rpath not set to /home in Sarge)
CVE-2006-XXXX [fftw rpath set to user home]
	- fftw 2.1.3-17 (bug #358157; low)
	[sarge] - fftw <not-affected> (No rpath set in Sarge)
CVE-2006-XXXX [gauche-config rpath set to user home]
	- gauche 0.8.7-1 (bug #358139; low)
	[sarge] - gauche <not-affected> (gauche-config is a shell script in Sarge)
CVE-2006-XXXX [tcpquota rpath set to user home]
	- tcpquota 1.6.15-11 (bug #358369; low)
	[sarge] - tcpquota <no-dsa> (Only exploitable with strange AFS cell name)
CVE-2006-XXXX [hamlib3-perl rpath set to user home]
	- hamlib 1.2.5-3 (bug #358166; low)
	[sarge] - hamlib <no-dsa> (Only exploitable with strange user name)
CVE-2006-1550 (Multiple buffer overflows in the xfig import code (xfig-import.c) in ...)
	{DSA-1025-1}
	- dia 0.94.0-18 (bug #360566)
CVE-2006-1498 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and ...)
	- mediawiki 1.4.15-1
	- mediawiki1.5 1.5.8-1
CVE-2006-1491 (Eval injection vulnerability in Horde Application Framework versions ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1.1-1 (bug #361967)
CVE-2006-1490 (PHP before 5.1.3-RC1 might allow remote attackers to obtain portions ...)
	- php5 5.1.4-0.1 (bug #359907; low)
	- php4 4:4.4.2-1.1 (bug #359904; low)
	[sarge] - php4 <no-dsa> (Application's responsibility to sanitize input)
CVE-2006-1488 (ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1487 (Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2006-1486 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
	NOT-FOR-US: realestateZONE
CVE-2006-1485 (gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users ...)
	NOT-FOR-US: Greymatter
CVE-2006-1484 (Genius VideoCAM NB Driver does not drop privileges when saving files, ...)
	NOT-FOR-US: Genius VideoCAM NB Driver
CVE-2006-1483 (Blazix Web Server before 1.2.6, when running on Windows, allows remote ...)
	NOT-FOR-US: Blazix Web Server
CVE-2006-1482 (Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 ...)
	NOT-FOR-US: ConfTool
CVE-2006-1481 (SQL injection vulnerability in search.php in PHP Ticket 0.71 allows ...)
	NOT-FOR-US: PHP Ticket
CVE-2006-1480 (Directory traversal vulnerability in start.php in WebAlbum 2.02 allows ...)
	NOT-FOR-US: WebAlbum
CVE-2006-1479 (Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey ...)
	NOT-FOR-US: Serge Rey gtd-php
CVE-2006-1478 (Directory traversal vulnerability in (1) initiate.php and (2) possibly ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1477 (Multiple PHP remote file inclusion vulnerabilities in Turnkey Web ...)
	NOT-FOR-US: Turnkey Web Tools PHP Live Helper
CVE-2006-1476 (Windows Firewall in Microsoft Windows XP SP2 produces incorrect ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1475 (Windows Firewall in Microsoft Windows XP SP2 does not produce ...)
	NOT-FOR-US: Windows Firewall
CVE-2006-1474 (Cross-site scripting (XSS) vulnerability in the &quot;failed&quot; functionality ...)
	NOT-FOR-US: Raindance Web Conferencing Pro
CVE-2006-1473 (Integer overflow in AFP Server for Apple Mac OS X 10.3.9 and 10.4.7 ...)
	NOT-FOR-US: Apple
CVE-2006-1472 (Unspecified vulnerability in AFP Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1471 (Format string vulnerability in the CF_syslog function launchd in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1470 (OpenLDAP in Apple Mac OS X 10.4 up to 10.4.6 allows remote attackers ...)
	- openldap2 <not-affected> (Vulnerable code not present)
	- openldap2.2 <removed> (medium)
CVE-2006-1469 (Stack-based buffer overflow in ImageIO in Apple Mac OS X 10.4 up to ...)
	NOT-FOR-US: Apple
CVE-2006-1468 (Unspecified vulnerability in Apple File Protocol (AFP) server in Apple ...)
	NOT-FOR-US: Apple
CVE-2006-1467 (Integer overflow in the AAC file parsing code in Apple iTunes before ...)
	NOT-FOR-US: Apple iTunes
CVE-2006-1466 (Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects ...)
	NOT-FOR-US: Apple
CVE-2006-1465 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-1464 (Buffer overflow in Apple QuickTime before 7.1 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-1463 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1462 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1461 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1460 (Multiple buffer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1459 (Multiple integer overflows in Apple QuickTime before 7.1 allow remote ...)
	NOT-FOR-US: Apple
CVE-2006-1458 (Integer overflow in Apple QuickTime Player before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1457 (Safari on Apple Mac OS X 10.4.6, when &quot;Open `safe' files after ...)
	NOT-FOR-US: Apple
CVE-2006-1456 (Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1455 (QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1454 (Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1453 (Stack-based buffer overflow in Apple QuickTime before 7.1 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1452 (Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to ...)
	NOT-FOR-US: Apple
CVE-2006-1451 (MySQL Manager in Apple Mac OS X 10.3.9 and 10.4.6, when setting up a ...)
	NOT-FOR-US: MySQL Manager
CVE-2006-1450 (Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-1449 (Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows ...)
	NOT-FOR-US: Apple
CVE-2006-1448 (Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted ...)
	NOT-FOR-US: Apple
CVE-2006-1447 (LaunchServices in Apple Mac OS X 10.4.6 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2006-1446 (Keychain in Apple Mac OS X 10.3.9 and 10.4.6 might allow an ...)
	NOT-FOR-US: Apple
CVE-2006-1445 (Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2006-1444 (CoreGraphics in Apple Mac OS X 10.4.6, when &quot;Enable access for ...)
	NOT-FOR-US: Apple
CVE-2006-1443 (Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2006-1442 (The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 ...)
	NOT-FOR-US: Apple
CVE-2006-1441 (Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote ...)
	NOT-FOR-US: Apple
CVE-2006-1440 (BOM in Apple Mac OS X 10.3.9 and 10.4.6 allows attackers to overwrite ...)
	NOT-FOR-US: Apple
CVE-2006-1439 (NSSecureTextField in AppKit in Apple Mac OS X 10.4.6 does not ...)
	NOT-FOR-US: Apple
CVE-2006-1438 (Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP ...)
	NOT-FOR-US: aphpkb
CVE-2006-1437 (UPOINT @1 Event Publisher stores sensitive information under the web ...)
	NOT-FOR-US: UPOINT
CVE-2006-1436 (Multiple cross-site scripting (XSS) vulnerabilities in UPOINT @1 Event ...)
	NOT-FOR-US: UPOINT
CVE-2006-1435 (Cross-site scripting (XSS) vulnerability in genmessage.php in ...)
	NOT-FOR-US: Accounting Receiving and Inventory Administration (ARIA), different from debian aria
CVE-2006-1434 (Cross-site scripting (XSS) vulnerability in inscription.php in ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1433 (Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Annuaire (Directory)
CVE-2006-1432 (fusionZONE couponZONE 4.2 allows remote attackers to obtain the full ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1431 (Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE ...)
	NOT-FOR-US: fusionZONE couponZONE
CVE-2006-1430 (Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS ...)
	NOT-FOR-US: CONTROLzx HMS
CVE-2006-1429 (Cross-site scripting (XSS) vulnerability in accountlogon.cfm in ...)
	NOT-FOR-US: classifiedZONE
CVE-2006-1428 (Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 ...)
	NOT-FOR-US: phpCOIN
CVE-2006-1427 (Multiple cross-site scripting (XSS) vulnerabilities in WebAPP ...)
	NOT-FOR-US: WebAPP
CVE-2006-1426 (Multiple SQL injection vulnerabilities in Pixel Motion Blog allow ...)
	NOT-FOR-US: Blog Pixel Motion
CVE-2006-1425 (Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily ...)
	NOT-FOR-US: phpmyfamily
CVE-2006-1424
	REJECTED
CVE-2006-1423 (SQL injection vulnerability in showflat.php in UBB.threads 5.5.1, 6.0 ...)
	NOT-FOR-US: UBB.threads
CVE-2006-1422 (SQL injection vulnerability in details_view.php in PHP Booking Calendar ...)
	NOT-FOR-US: PHP Booking Calendar
CVE-2006-1421 (Multiple SQL injection vulnerabilities in akocomment.php in AkoComment ...)
	NOT-FOR-US: AkoComment
CVE-2006-1420 (SQL injection vulnerability in print.php in SaphpLesson 2.0 allows ...)
	NOT-FOR-US: SaphpLesson
CVE-2006-1419 (SQL injection vulnerability in the Calendar module in nuked-klan 1.7.5 ...)
	NOT-FOR-US: nuked-klan
CVE-2006-1418 (Cross-site scripting (XSS) vulnerability in default.asp in Caloris ...)
	NOT-FOR-US: Caloris Planitia E-School Management
CVE-2006-1417 (Multiple cross-site scripting (XSS) vulnerabilities in Caloris ...)
	NOT-FOR-US: Caloris Planitia Online Quiz System
CVE-2006-1416 (Cross-site scripting (XSS) vulnerability in afmsearch.aspx in Absolute ...)
	NOT-FOR-US: Absolute FAQ Manager .NET
CVE-2006-1415 (Cross-site scripting (XSS) vulnerability in iforget.aspx in dotNetBB ...)
	NOT-FOR-US: dotNetBB
CVE-2006-1414 (Multiple cross-site scripting (XSS) vulnerabilities in toast.asp in ...)
	NOT-FOR-US: Toast Forums
CVE-2006-1413 (Multiple cross-site scripting (XSS) vulnerabilities in EZHomepagePro ...)
	NOT-FOR-US: EZHomepagePro
CVE-2006-1412 (TFT Gallery 0.10 stores sensitive information under the web root with ...)
	NOT-FOR-US: TFT Gallery
CVE-2006-1411 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
	NOT-FOR-US: Absolute Image Gallery
CVE-2006-1410 (Multiple cross-site scripting (XSS) vulnerabilities in XIGLA Absolute ...)
	NOT-FOR-US: XIGLA Absolute Live Support
CVE-2006-1409 (Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1408 (Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vavoom
	NOTE: code in prboom and lxdoom looks completely different
CVE-2006-1407 (Multiple cross-site scripting (XSS) vulnerabilities in Helm Web ...)
	NOT-FOR-US: Helm Web Hosting Control Panel
CVE-2006-1406 (Multiple cross-site scripting (XSS) vulnerabilities in wbadmlog.aspx ...)
	NOT-FOR-US: uniForum
CVE-2006-1405 (Cross-site scripting (XSS) vulnerability in search.aspx in ...)
	NOT-FOR-US: SweetSuite.NET Content Management System
CVE-2006-1404 (Multiple cross-site scripting (XSS) vulnerabilities in bol.cgi in ...)
	NOT-FOR-US: BlankOL
CVE-2006-1403 (Format string vulnerability in the PrintString function in ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1402 (Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows ...)
	NOT-FOR-US: csDoom
	NOTE: prboom, lxdoom not affected
CVE-2006-1401 (Multiple cross-site scripting (XSS) vulnerabilities in search.php in ...)
	NOT-FOR-US: Calendar Express
CVE-2006-1400 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Metisware Instructor
CVE-2006-1399 (Cross-site scripting (XSS) vulnerability in searchresult.php in ...)
	NOT-FOR-US: Meeting Reserve
CVE-2006-1398 (Cross-site scripting (XSS) vulnerability in guestbook.php in G-Book ...)
	NOT-FOR-US: G-Book
CVE-2006-1397 (Multiple cross-site scripting (XSS) vulnerabilities in (a) phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-4747 (Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd ...)
	NOT-FOR-US: WebHost Automation Ltd Helm
CVE-2005-4746 (Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4745 (SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS ...)
	{DSA-1145-1}
	- freeradius 1.0.5-1
CVE-2005-4744 (Off-by-one error in the sql_error function in sql_unixodbc.c in ...)
	{DSA-1089-1}
	- freeradius 1.0.5-1
CVE-1999-1587 (/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier ...)
	NOT-FOR-US: Solaris
CVE-2006-1396 (Multiple cross-site scripting (XSS) vulnerabilities in Cholod MySQL ...)
	NOT-FOR-US: Cholod
CVE-2006-1395 (SQL injection vulnerability in mb.cgi in Cholod MySQL Based Message ...)
	NOT-FOR-US: Cholod
CVE-2006-1394 (Multiple cross-site scripting (XSS) vulnerabilities in the Microsoft ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1393 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1392 (Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in ...)
	NOT-FOR-US: Pubcookie
CVE-2006-1391 (The (a) Quick 'n Easy Web Server before 3.1.1 and (b) Baby ASP Web ...)
	NOT-FOR-US: Quick 'n Easy/Baby Web Server
CVE-2006-1390 (The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a ...)
	NOT-FOR-US: Shortcoming of Gentoo-specific games packaging
CVE-2006-1389 (Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-1388 (Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Internet Explorer
CVE-2006-1387 (TWiki 4.0, 4.0.1, and 20010901 through 20040904 allows remote ...)
	- twiki 1:4.0.4-3 (bug #367973)
CVE-2006-1386 (The (1) rdiff and (2) preview scripts in TWiki 4.0 and 4.0.1 ignore ...)
	- twiki <not-affected> (only affects 4.0.0 - 4.1.0, version in Debian too young)
CVE-2006-1385 (Stack-based buffer overflow in the parseTaggedData function in ...)
	NOT-FOR-US: Cisco
CVE-2006-1384 (Cross-site scripting (XSS) vulnerability in apwc_win_main.jsp in the ...)
	NOT-FOR-US: IBM Tivoli Business Systems Manager
CVE-2006-1383 (Directory traversal vulnerability in Baby FTP Server (BabyFTP) 1.24 ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1382 (PHP remote file inclusion vulnerability in impex/ImpExData.php in ...)
	NOT-FOR-US: vBulletin
CVE-2006-1381 (Trend Micro OfficeScan 5.5, and probably other versions before 6.5, ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1380 (ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite ...)
	NOT-FOR-US: Trend Micro
CVE-2006-1379 (Trend Micro PC-cillin Internet Security 2006 14.00.1485 and ...)
	NOT-FOR-US: Trend Micro
CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...)
	NOT-FOR-US: Baby FTP Server
CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...)
	NOT-FOR-US: Baby FTP Server
CVE-2002-2209 (Unspecified &quot;security vulnerability&quot; in Baby FTP Server versions ...)
	NOT-FOR-US: Baby FTP Server
CVE-2006-1378 (PasswordSafe 3.0 beta, when running on Windows before XP, uses a weak ...)
	NOT-FOR-US: PasswordSafe
CVE-2006-1377 (Cross-site scripting (XSS) vulnerability in img.php in (1) EasyMoblog ...)
	NOT-FOR-US: EasyMoblog
CVE-2006-1376 (The installation of Debian GNU/Linux 3.1r1 from the network install CD ...)
	[sarge] - shadow 1:4.0.3-31sarge8
	[sarge] - base-config <not-affected>
	NOTE: The installer is fixed separately, but the postinst of the shadow update
	NOTE: corrects permissions of a faulty install
	- shadow 1:4.0.14-9 (bug #358210; bug #356939)
	- base-config 2.68 (bug #254068; low)
CVE-2006-1375 (AdMan 1.0.20051221 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: AdMan
CVE-2006-1374 (SQL injection vulnerability in viewStatement.php in AdMan 1.0.20051221 ...)
	NOT-FOR-US: AdMan
CVE-2006-1373 (Cross-site scripting (XSS) vulnerability in status_image.php in PHP ...)
	NOT-FOR-US: PHP Live!
CVE-2006-1372 (Multiple SQL injection vulnerabilities in 1WebCalendar 4.0 and earlier ...)
	NOT-FOR-US: 1WebCalendar
CVE-2006-1371 (Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows ...)
	NOT-FOR-US: Laurentiu Matei eXpandable Home Page
CVE-2006-1370 (Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through ...)
	NOT-FOR-US: Real Player, according to Real Helix not affected
CVE-2006-1369 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1368 (Buffer overflow in the USB Gadget RNDIS implementation in the Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-1367 (The Motorola PEBL U6 08.83.76R, the Motorola V600, and possibly the ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1366 (Buffer overflow in the Motorola PEBL U6 08.83.76R, and possibly other ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1365 (The Motorola PEBL U6, the Motorola V600, and possibly the Motorola ...)
	NOT-FOR-US: Motorola hardware
CVE-2006-1364 (Microsoft w3wp (aka w3wp.exe) does not properly handle when the ...)
	NOT-FOR-US: Microsoft
CVE-2006-1363 (images.php in Justin White (aka YTZ) Free Web Publishing System ...)
	NOT-FOR-US: Justin White (aka YTZ) Free Web Publishing System
CVE-2006-1362 (Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-1361 (Cross-site scripting (XSS) vulnerability in OSWiki before 0.3.1 allows ...)
	NOT-FOR-US: OSWiki
CVE-2006-1360 (Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow ...)
	NOT-FOR-US: MusicBox
CVE-2006-1359 (Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1358 (Unspecified vulnerability in BEA WebLogic Portal 8.1 up to SP5 causes ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1357 (Cross-site scripting (XSS) vulnerability in my.support.php3 in F5 ...)
	NOT-FOR-US: F5 Firepass 4100 SSL VPN
CVE-2006-1356 (Stack-based buffer overflow in the count_vcards function in LibVC 3, ...)
	- libvc 003-4
CVE-2006-1355 (avast! Antivirus 4.6.763 and earlier sets &quot;BUILTIN\Everyone&quot; ...)
	NOT-FOR-US: avast AV
CVE-2006-1354 (Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows ...)
	{DSA-1089-1}
	- freeradius 1.1.0-1.2 (bug #359042; high)
CVE-2006-1353 (Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1352 (BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1351 (BEA WebLogic Server 6.1 SP7 and earlier allows remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-1350 (PHP remote file include vulnerability in index.php in 99Articles.com ...)
	NOT-FOR-US: 99Articles.com
CVE-2006-1349 (Multiple cross-site scripting (XSS) vulnerabilities in Musicbox 2.3 ...)
	NOT-FOR-US: MusicBox
CVE-2006-1348 (Cross-site scripting (XSS) vulnerability in index.php in Greg ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1347 (SQL injection vulnerability in loginfunction.php in Greg Neustaetter ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1346 (Directory traversal vulnerability in inc/setLang.php in Greg ...)
	NOT-FOR-US: Greg Neustaetter gCards
CVE-2006-1345 (polls.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1344 (Cross-site scripting (XSS) vulnerability in VeriSign haydn.exe, as ...)
	NOT-FOR-US: VeriSign haydn.exe
CVE-2006-1343 (net/ipv4/netfilter/ip_conntrack_core.c in Linux kernel 2.4 and 2.6, ...)
	{DSA-1184-2 DSA-1097-1}
	- linux-2.6 2.6.16-15
CVE-2006-1342 (net/ipv4/af_inet.c in Linux kernel 2.4 does not clear ...)
	- linux-2.6 <not-affected> (Only affects 2.4 kernels)
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...)
	NOT-FOR-US: Veritas Backup
CVE-2000-1240 (Unspecified vulnerability in siteman.php3 in AnyPortal(php) before 22 ...)
	NOT-FOR-US: AnyPortal
CVE-2006-1341 (SQL injection vulnerability in events.php in Maian Events 1.0 allows ...)
	NOT-FOR-US: Maian Events
CVE-2006-1340 (CuteNews 1.4.1 and possibly other versions allows remote attackers to ...)
	NOT-FOR-US: CuteNews
CVE-2006-1339 (Directory traversal vulnerability in inc/functions.inc.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-1338 (Webmail in MailEnable Professional Edition before 1.73 and Enterprise ...)
	NOT-FOR-US: MailEnable
CVE-2006-1337 (Buffer overflow in the POP 3 (POP3) service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2006-1336 (Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 ...)
	NOT-FOR-US: ExtCalendar
CVE-2006-1335 (gnome screensaver before 2.14, when running on an X server with ...)
	- gnome-screensaver 2.14.1-1 (bug #357885)
CVE-2006-1334 (Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow ...)
	NOT-FOR-US: Maian Weblog
CVE-2006-1333 (Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and ...)
	NOT-FOR-US: BetaParticle Blog
CVE-2006-1332 (Noah's Classifieds 1.3 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1331 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-1330 (Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier ...)
	NOT-FOR-US: phpWebsite
CVE-2006-1329 (The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows ...)
	- jabberd2 2.0s11-1 (bug #357874)
CVE-2006-1328 (SQL injection vulnerability in count.php in Skull-Splitter PHP ...)
	NOT-FOR-US: Skull-Splitter PHP
CVE-2006-1327 (SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote ...)
	NOT-FOR-US: SoftBB
CVE-2006-1326 (Multiple cross-site scripting (XSS) vulnerabilities in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1325 (Cross-site scripting (XSS) vulnerability in Streber 0.055 allows ...)
	NOT-FOR-US: Streber
CVE-2006-1324 (Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1323 (Directory traversal vulnerability in WinHKI 1.6 and earlier allows ...)
	NOT-FOR-US: WinHKI
CVE-2006-1322 (Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Netware
CVE-2006-1318 (Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, ...)
	NOT-FOR-US: Microsoft Office
CVE-2006-1317
	REJECTED
CVE-2006-1316 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-1315 (The Server Service (SRV.SYS driver) in Microsoft Windows 2000 SP4, XP ...)
	NOT-FOR-US: Microsoft
CVE-2006-1314 (Heap-based buffer overflow in the Server Service (SRV.SYS driver) in ...)
	NOT-FOR-US: Microsoft
CVE-2006-1313 (Microsoft JScript 5.1, 5.5, and 5.6 on Windows 2000 SP4, and 5.6 on ...)
	NOT-FOR-US: Microsoft JScript
CVE-2006-1312
	REJECTED
CVE-2006-1311 (The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; ...)
	NOT-FOR-US: Microsoft
CVE-2006-1310
	REJECTED
CVE-2006-1309 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1308 (Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1307
	REJECTED
CVE-2006-1306 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1305 (Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-1304 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1303 (Multiple unspecified vulnerabilities in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2006-1302 (Buffer overflow in Microsoft Excel 2000 through 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-1301 (Microsoft Excel 2000 through 2004 allows user-assisted attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1300 (Microsoft .NET framework 2.0 (ASP.NET) in Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2006-1299
	REJECTED
CVE-2006-1298 (Format string vulnerability in the Job Engine service (bengine.exe) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1297 (Unspecified vulnerability in Veritas Backup Exec for Windows Server ...)
	NOT-FOR-US: Veritas Backup
CVE-2006-1296 (Untrusted search path vulnerability in Beagle 0.2.2.1 might allow ...)
	- beagle 0.2.3-1 (bug #357392; low)
CVE-2006-1295 (Cross-site scripting (XSS) vulnerability in recherche.php3 in SPIP ...)
	- spip 2.0.6-1
CVE-2006-1294 (PHP remote file include vulnerability in PageController.php in ...)
	NOT-FOR-US: KnowledgebasePublisher
CVE-2006-1293 (Cross-site scripting (XSS) vulnerability in index.php in Contrexx CMS ...)
	NOT-FOR-US: Contrexx
CVE-2006-1292 (Directory traversal vulnerability in Jim Hu and Chad Little PHP ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1291 (publish.ical.php in Jim Hu and Chad Little PHP iCalendar 2.21 and ...)
	NOT-FOR-US: Jim Hu and Chad Little PHP iCalendar
CVE-2006-1290 (Multiple cross-site scripting (XSS) vulnerabilities in Milkeyway ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1289 (Multiple SQL injection vulnerabilities in Milkeyway Captive Portal 0.1 ...)
	NOT-FOR-US: Milkeyway Captive Portal
CVE-2006-1288 (Multiple SQL injection vulnerabilities in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1287 (Cross-site scripting (XSS) vulnerability in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1286 (Buffer overflow in the login dialog in dbisqlc.exe in SQLAnywhere for ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1285 (SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used in Symantec Ghost ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1284 (The installation of SQLAnywhere in Symantec Ghost 8.0 and 8.2, as used ...)
	NOT-FOR-US: Symantec Ghost
CVE-2006-1283 (opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD ...)
	- libpam-opie <not-affected> (FreeBSD specific vulnerability)
CVE-2006-1282 (CRLF injection vulnerability in inc/function.php in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1281 (Cross-site scripting (XSS) vulnerability in member.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1280 (CGI::Session 4.03-1 does not set proper permissions on temporary files ...)
	- libcgi-session-perl 4.07-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1279 (CGI::Session 4.03-1 allows local users to overwrite arbitrary files ...)
	- libcgi-session-perl 4.11-1 (low; bug #356555)
	[sarge] - libcgi-session-perl <no-dsa> (Minor issues)
CVE-2006-1278 (SQL injection vulnerability in @1 File Store 2006.03.07 allows remote ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1277 (Cross-site scripting (XSS) vulnerability in signup.php in @1 File ...)
	NOT-FOR-US: @1 File Store
CVE-2006-1276 (admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows ...)
	NOT-FOR-US: PHP SimpleNEWS
CVE-2006-1275 (GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GGZ Gaming Zone
CVE-2006-1274 (Classic Planer in AntiVir PersonalEdition Classic 7 does not drop ...)
	NOT-FOR-US: Antivir
CVE-2006-1273 (** DISPUTED ** ...)
	NOT-FOR-US: Reportedly problem with a firefox addon
CVE-2006-1272 (Multiple cross-site scripting (XSS) vulnerabilities in member.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1271 (SQL injection vulnerability in index.php in OxyNews allows remote ...)
	NOT-FOR-US: OxyNews
CVE-2006-1270 (Multiple cross-site scripting (XSS) vulnerabilities in zones.php in ...)
	NOT-FOR-US: Inprotect
CVE-2006-1269 (Buffer overflow in the parse function in parse.c in zoo 2.10 might ...)
	- zoo 2.10-18 (bug #367858; low)
	[sarge] - zoo <no-dsa> (Attack vector very far-fetched, hardly exploitable)
CVE-2006-1268 (The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 ...)
	NOT-FOR-US: Funkwerk X2300
CVE-2006-1267 (Invision Power Board 2.1.4 allows remote attackers to hijack sessions ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-1266 (Cross-site scripting (XSS) vulnerability in Service_Requests.asp in ...)
	NOT-FOR-US: VPMi Enterprise
CVE-2006-1265 (SQL injection vulnerability in discussion.class.php in xhawk.net ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1264 (Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 ...)
	NOT-FOR-US: xhawk.net discussion
CVE-2006-1263 (Multiple &quot;unannounced&quot; cross-site scripting (XSS) vulnerabilities in ...)
	- wordpress 2.0.2-1
CVE-2006-1262 (Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1261 (Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 ...)
	NOT-FOR-US: ASPPortal
CVE-2006-1260 (Horde Application Framework 3.0.9 allows remote attackers to read ...)
	{DSA-1034-1 DSA-1033-1}
	- horde3 3.1-1 (bug #358812)
CVE-2006-1259 (Multiple SQL injection vulnerabilities in Maian Support 1.0 allow ...)
	NOT-FOR-US: Maian Support
CVE-2006-1258 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows ...)
	- phpmyadmin 4:2.8.0.2-2 (bug #382228)
	[sarge] - phpmyadmin <not-affected> (Vulnerable code not present)
CVE-2006-1257 (The sample files in the authfiles directory in Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2006-1256 (Cross-site scripting (XSS) vulnerability in guestbook.php in Soren ...)
	NOT-FOR-US: Soren Boysen (SkullSplitter) PHP Guestbook
CVE-2006-1255 (Stack-based buffer overflow in the IMAP service in Mercur Messaging ...)
	NOT-FOR-US: Mercur Messaging
CVE-2006-1254 (Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows ...)
	NOT-FOR-US: BorderWare MXtreme
CVE-2006-1253 (Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote ...)
	NOT-FOR-US: glFTPd
CVE-2006-1252 (Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-1251 (Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 ...)
	- sa-exim 4.2.1-1 (bug #345071; bug #356301)
CVE-2006-1250 (Unspecified vulnerability in the Webmail module in Winmail before 4.3 ...)
	NOT-FOR-US: Winmail
CVE-2006-1249 (Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes ...)
	NOT-FOR-US: Apple Quicktime
CVE-2006-1248 (Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2006-1247 (rm_mlcache_file in bos.rte.install in AIX 5.1.0 through 5.3.0 allows ...)
	NOT-FOR-US: AIX
CVE-2006-1246 (Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 ...)
	NOT-FOR-US: AIX
CVE-2006-1245 (Buffer overflow in mshtml.dll in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2005-4743 (Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp ...)
	NOT-FOR-US: NeLogic Nephp Publisher
CVE-2005-4742 (Unspecified vulnerability in Echelog 0.6.2 allows attackers to ...)
	NOT-FOR-US: Echelog
CVE-2005-4741 (NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 ...)
	NOT-FOR-US: NetBSD
CVE-2005-4740 (IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4739 (IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4738 (IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4737 (IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4736 (IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4735 (IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2005-4734 (Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication ...)
	NOT-FOR-US: RSA Authentication Agent for Web
CVE-2005-4733 (NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow ...)
	NOT-FOR-US: NetBSD
CVE-2005-4732 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: TuxBank
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2005-XXXX [xsupplicant information leak]
	- xsupplicant 1.0.1-5 (bug #317703; low)
CVE-2006-1244 (Unspecified vulnerability in certain versions of xpdf after 3.00, as ...)
	{DSA-1019-1 DSA-982-1}
	- xpdf <not-affected> (All issues previously fixed)
	NOTE: Discussion has shown that the revamp patch doesn't fix new vulnerabilities
	- gpdf 2.10.0-3
	- koffice 2.3.3-1
	NOTE: xpdf (and therewith the questionable code) is not part of koffice for some time now
CVE-2006-1243 (Directory traversal vulnerability in install05.php in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2006-1242 (The ip_push_pending_frames function in Linux 2.4.x and 2.6.x before ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-4
CVE-2006-1241 (Firebird 1.5.2.4731 installs (1) fb_lock_mgr, (2) gds_drop, and (3) ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1240 (Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) ...)
	- firebird2 <not-affected> (Not setuid in Debian)
CVE-2006-1239 (Cross-site scripting (XSS) vulnerability in issue/createissue.aspx in ...)
	NOT-FOR-US: Gemini
CVE-2006-1238 (SQL injection vulnerability in DSLogin 1.0, with magic_quotes_gpc ...)
	NOT-FOR-US: DSLogin
CVE-2006-1237 (Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with ...)
	NOT-FOR-US: DSNewsletter
CVE-2005-4731 (The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the ...)
	NOT-FOR-US: PEAR HTML_QuickForm_Controller
CVE-2000-1239 (The HTTP interface of Tivoli Lightweight Client Framework (LCF) in IBM ...)
	NOT-FOR-US: Tivoli
CVE-2006-1236 (Buffer overflow in the SetUp function in socket/request.c in CrossFire ...)
	{DSA-1009-1}
	- crossfire 1.9.0-2 (medium)
CVE-2006-1235 (Directory traversal vulnerability in admin/deleteuser.php in HitHost ...)
	NOT-FOR-US: HitHost
CVE-2006-1234 (SQL injection vulnerability in index.php in DSCounter 1.2, with ...)
	NOT-FOR-US: DSCounter
CVE-2006-1233 (Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow ...)
	NOT-FOR-US: WMNews
CVE-2006-1232 (Multiple SQL injection vulnerabilities in DSDownload 1.0, with ...)
	NOT-FOR-US: DSDownload
CVE-2006-1231 (CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, ...)
	- capi4hylafax <not-affected> (Affected DEFINE not defined)
CVE-2006-1230 (Multiple cross-site scripting (XSS) vulnerabilities in create.php in ...)
	NOT-FOR-US: vCard
CVE-2006-1229 (SQL injection vulnerability in search.asp in Hosting Controller 6.1 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-1228 (Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1227 (Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1226 (Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1225 (CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x ...)
	{DSA-1007-1}
	- drupal 4.5.8-1
CVE-2006-1224 (Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows ...)
	NOT-FOR-US: GuppY
CVE-2006-1223 (Cross-site scripting (XSS) vulnerability in Jupiter Content Manager ...)
	NOT-FOR-US: Jupiter Content Manager
CVE-2006-1222 (Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 ...)
	NOT-FOR-US: zeroboard
CVE-2006-1221 (Untrusted search path vulnerability in the TrueVector service ...)
	NOT-FOR-US: TrueVector
CVE-2005-4730 (Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact ...)
	NOT-FOR-US: PEAR Text_Password
CVE-2006-XXXX [Insufficient filename sanitising in darcsweb]
	- darcsweb 0.15-1
CVE-2006-1220 (Integer overflow in the mach_msg_send function in the kernel for Mac ...)
	NOT-FOR-US: MacOS X
CVE-2006-1219 (Directory traversal vulnerability in Gallery 2.0.3 and earlier, and ...)
	- gallery2 2.0.4-1
CVE-2006-1218 (Unspecified vulnerability in the HTTP proxy in Novell BorderManager ...)
	NOT-FOR-US: Novell BorderManager
CVE-2006-1217 (SQL injection vulnerability in DSPoll 1.1 allows remote attackers to ...)
	NOT-FOR-US: DSPoll
CVE-2006-1216 (Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x ...)
	NOT-FOR-US: Runcms
CVE-2006-1215 (Cross-site scripting (XSS) vulnerability in misc.php in Woltlab ...)
	NOT-FOR-US: Woltlab BB
CVE-2006-1214 (UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified ...)
	NOT-FOR-US: UnrealIRCd
CVE-2006-1213 (JiRo's Banner System Experience and Professional 1.0 and earlier ...)
	NOT-FOR-US: JiRo's Banner System Experience and Professional
CVE-2006-1212 (Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows ...)
	NOT-FOR-US: CoreNews
CVE-2006-1211 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL ...)
	NOT-FOR-US: Tivoli
CVE-2006-1210 (The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 ...)
	NOT-FOR-US: Tivoli
CVE-2006-1209 (PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2006-1208 (Sergey Korostel PHP Upload Center allows remote attackers to execute ...)
	NOT-FOR-US: Sergey Korostel PHP Upload Center
CVE-2006-1207 (PHP Upload Center stores password hashes under the web root with ...)
	NOT-FOR-US: PHP Upload Center
CVE-2006-1206 (Matt Johnston Dropbear SSH server 0.47 and earlier, as used in ...)
	- dropbear 0.48-1
CVE-2006-1205 (Multiple cross-site scripting (XSS) vulnerabilities in myWebland ...)
	NOT-FOR-US: myBloggie
CVE-2006-1204 (Multiple cross-site scripting (XSS) vulnerabilities in txtForum ...)
	NOT-FOR-US: txtForum
CVE-2006-1203 (PHP remote file include vulnerability in common.php in txtForum ...)
	NOT-FOR-US: txtForum
CVE-2006-1202 (Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 ...)
	NOT-FOR-US: textfileBB
CVE-2006-1201 (Directory traversal vulnerability in resetpw.php in eschew.net ...)
	NOT-FOR-US: phpBannerExchange
CVE-2006-1200 (Direct static code injection vulnerability in add_link.txt in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1199 (Cross-site scripting (XSS) vulnerability in iframe.php in daverave ...)
	NOT-FOR-US: daverave Link Bank
CVE-2006-1198 (Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a ...)
	NOT-FOR-US: Comvigo IM Lock
CVE-2006-1197 (SafeDisc installs the driver service for the secdrv.sys driver with ...)
	NOT-FOR-US: SafeDisc
CVE-2006-1196 (Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 ...)
	NOT-FOR-US: QwikiWiki
CVE-2006-1195 (The enet_protocol_handle_send_fragment function in protocol.c for ENet ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1194 (Integer signedness error in the enet_protocol_handle_incoming_commands ...)
	NOT-FOR-US: Enet lib (Cube, Sauerbraten)
CVE-2006-1193 (Cross-site scripting (XSS) vulnerability in Microsoft Exchange Server ...)
	NOT-FOR-US: Microsoft Exchange Server
CVE-2006-1192 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1191 (Microsoft Internet Explorer 5.01 through 6 does not always correctly ...)
	NOT-FOR-US: Microsoft
CVE-2006-1190 (Microsoft Internet Explorer 5.01 through 6 does not always return the ...)
	NOT-FOR-US: Microsoft
CVE-2006-1189 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2006-1188 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1187
	REJECTED
CVE-2006-1186 (Microsoft Internet Explorer 5.01 through 6 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-1185 (Unspecified vulnerability in Microsoft Internet Explorer 5.01 through ...)
	NOT-FOR-US: Microsoft
CVE-2006-1184 (Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2006-1183 (The Ubuntu 5.10 installer does not properly clear passwords from the ...)
	- base-config <not-affected> (UBuntu specific)
	- shadow <not-affected> (UBuntu specific)
CVE-2006-1182 (Adobe Graphics Server 2.0 and 2.1 (formerly AlterCast) and Adobe ...)
	NOT-FOR-US: Adobe Graphics Server
CVE-2006-1181
	RESERVED
CVE-2006-1180
	RESERVED
CVE-2006-1179
	RESERVED
CVE-2006-1178 (Tamarack MMSd before 7.992 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Tamarack MMSd
CVE-2006-1177
	RESERVED
CVE-2006-1176 (Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl ...)
	NOT-FOR-US: eBay Enhanced Picture Services
CVE-2006-1175 (The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for ...)
	NOT-FOR-US: WeOnlyDo! SFTP
CVE-2006-1174 (useradd in shadow-utils before 4.0.3, and possibly other versions ...)
	- shadow 1:4.0.15-10 (low)
	[sarge] - shadow <not-affected> (Vulnerable code was introduced later)
CVE-2006-1173 (Sendmail before 8.13.7 allows remote attackers to cause a denial of ...)
	{DSA-1155}
	- sendmail 8.13.7-1 (low; bug #373801)
CVE-2006-1172 (Stack-based buffer overflow in the createPKCS10 function in ...)
	NOT-FOR-US: ActiveX control
CVE-2006-1171
	REJECTED
CVE-2006-1170
	REJECTED
CVE-2006-1169
	REJECTED
CVE-2006-1168 (The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) ...)
	{DSA-1149-1}
	- ncompress 4.2.4-16
CVE-2006-1167 (SGI ProPack 3 SP6 kernel displays the frame buffer contents of the ...)
	NOT-FOR-US: SGI
CVE-2006-1165 (Cross-site scripting (XSS) vulnerability in the mediamanager module in ...)
	- dokuwiki 0.0.20060309-3 (bug #357436)
CVE-2006-1164 (Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file ...)
	NOT-FOR-US: Nodez
CVE-2006-1163 (Cross-site scripting (XSS) vulnerability in Nodez 4.6.1.1 allows ...)
	NOT-FOR-US: Nodez
CVE-2006-1162 (Directory traversal vulnerability in Nodez 4.6.1.1 and earlier allows ...)
	NOT-FOR-US: Nodez
CVE-2006-1161 (Absolute path traversal vulnerability in Easy File Sharing (EFS) Web ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1160 (Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1159 (Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 ...)
	NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2006-1158 (Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause ...)
	NOT-FOR-US: Kerio MailServer
CVE-2006-1157 (Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 ...)
	NOT-FOR-US: Vz Scripts ADP Forum
CVE-2006-1156 (SQL injection vulnerability in manas tungare Site Membership Script ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1155 (Cross-site scripting (XSS) vulnerability in manas tungare Site ...)
	NOT-FOR-US: manas tungare Site Membership Script
CVE-2006-1154 (PHP remote file inclusion vulnerability in archive.php in Fantastic ...)
	NOT-FOR-US: Fantastic News
CVE-2006-1153 (SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers ...)
	NOT-FOR-US: D2-Shoutbox
CVE-2006-1152 (PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1151 (Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows ...)
	NOT-FOR-US: M-Phorum
CVE-2006-1150 (Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, ...)
	- teg 0.11.1-3 (bug #357645; low)
	[sarge] - teg <no-dsa> (Only DoS against exotic, mostly single player game)
CVE-2006-1149 (PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL ...)
	NOT-FOR-US: OWL Intranet Engine
CVE-2006-1148 (Multiple stack-based buffer overflows in the procConnectArgs function ...)
	- peercast 0.1217.toots.20060314-1
CVE-2006-1147 (The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1146 (Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1145 (Format string vulnerability in the safe_cprintf function in ...)
	NOT-FOR-US: Alien Arena Gold
CVE-2006-1144 (Cross-site scripting (XSS) vulnerability in HitHost 1.0.0 allows ...)
	NOT-FOR-US: Hit Host
CVE-2006-1143 (Cross-site scripting (XSS) vulnerability in FTPoed Blog Engine 1.1 ...)
	NOT-FOR-US: FTPoed Blog Engine
CVE-2006-1142 (Unspecified vulnerability in Ravenous Web Server before 0.7.1 allows ...)
	NOT-FOR-US: Ravenous Web Server
CVE-2006-1141 (Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows ...)
	- qmailadmin <removed> (bug #357896; medium)
CVE-2006-1140 (SQL injection vulnerability in rss.php in RedBLoG 0.5 allows remote ...)
	NOT-FOR-US: RedBLoG
CVE-2006-1139 (Unspecified vulnerability in the ESS/ Network Controller in Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1138 (Unspecified vulnerability in the web server code in Xerox CopyCentre ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1137 (Multiple unspecified vulnerabilities in Xerox CopyCentre and Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1136 (Buffer overflow in the PostScript file interpreter code for Xerox ...)
	NOT-FOR-US: Xerox CopyCentre
CVE-2006-1135 (Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 ...)
	NOT-FOR-US: sBlog
CVE-2006-1134 (SQL injection vulnerability in CyBoards PHP Lite 1.25, when ...)
	NOT-FOR-US: CyBoards
CVE-2006-1133 (Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 ...)
	NOT-FOR-US: vbzoom
CVE-2006-1132 (SQL injection vulnerability in show.php in vbzoom 1.11 allow remote ...)
	NOT-FOR-US: vbzoom
CVE-2006-1131 (Cross-site scripting (XSS) vulnerability in read.php in bitweaver CMS ...)
	NOT-FOR-US: bitweaver
CVE-2006-1130 (Cross-site scripting (XSS) vulnerability in EKINboard 1.0.3 allows ...)
	NOT-FOR-US: EKINboard
CVE-2006-1129 (SQL injection vulnerability in config.php in EKINboard 1.0.3 allows ...)
	NOT-FOR-US: EKINboard
CVE-2005-4729 (SQL injection vulnerability in show.php in VBZooM Forum allows remote ...)
	NOT-FOR-US: VBZooM
CVE-2006-1166 (Monotone 0.25 and earlier, when a user creates a file in a directory ...)
	- monotone 0.26pre1-0.1 (low)
	[sarge] - monotone <no-dsa> (Only exploitable in very far-fetched situation)
	NOTE: Needs a case-insensitive file system (e.g. VFAT or Samba) on the client
	NOTE: and massive social engineering
CVE-2006-1128 (Directory traversal vulnerability in the session handling class ...)
	- gallery2 2.0.3
CVE-2006-1127 (Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 ...)
	- gallery2 2.0.3
CVE-2006-1126 (Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP ...)
	- gallery2 2.0.3
CVE-2006-1125 (Grisoft AVG Free 7.1, and other versions including 7.0.308, sets ...)
	NOT-FOR-US: Grisoft AVG
CVE-2006-1124 (Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote ...)
	NOT-FOR-US: RevilloC MailServer and Proxy
CVE-2006-1123 (SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1122 (Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog ...)
	NOT-FOR-US: D2KBlog
CVE-2006-1121 (Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows ...)
	NOT-FOR-US: CuteNews
CVE-2006-1120 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-1119 (fantastico in Cpanel does not properly handle when it has insufficient ...)
	NOT-FOR-US: Cpanel (PHP)
CVE-2006-1118 (SQL injection vulnerability in bmail before Aardvark PR9.1 allows ...)
	NOT-FOR-US: Aardvark
CVE-2006-1117 (nCipher firmware before V10, as used by (1) nShield, (2) nForce, (3) ...)
	NOT-FOR-US: nCipher
CVE-2006-1116 (The CBC-MAC integrity functions in the nCipher nCore API before 2.18 ...)
	NOT-FOR-US: nCipher
CVE-2006-1115 (nCipher HSM before 2.22.6, when generating a Diffie-Hellman ...)
	NOT-FOR-US: nCipher
CVE-2006-1114 (Multiple directory traversal vulnerabilities in Loudblog before 0.42 ...)
	NOT-FOR-US: Loudblog
CVE-2006-1113 (SQL injection vulnerability in podcast.php in Loudblog before 0.42 ...)
	NOT-FOR-US: Loudblog
CVE-2006-1112 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1111 (Aztek Forum 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1110 (Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows ...)
	NOT-FOR-US: Aztek Forum
CVE-2006-1109 (SQL injection vulnerability in index.asp in Total Ecommerce 1.0 allows ...)
	NOT-FOR-US: Total Ecommerce
CVE-2006-1108 (SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1107 (Cross-site scripting (XSS) vulnerability in news.php in NMDeluxe ...)
	NOT-FOR-US: NMDeluxe
CVE-2006-1106 (Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1105 (Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1104 (Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and ...)
	NOT-FOR-US: Pixelpost
CVE-2006-1103 (engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1102 (Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1101 (The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1100 (Buffer overflow in the sgetstr function in shared/cube.h in ...)
	NOT-FOR-US: Sauerbraten / cube engine
CVE-2006-1099 (PHP remote file include vulnerability in logIT 1.3 and 1.4 allows ...)
	NOT-FOR-US: logIT
CVE-2006-1098 (** DISPUTED ** Multiple SQL injection vulnerabilities in NZ Ecommerce ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1097 (Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1096 (** DISPUTED ** ...)
	NOT-FOR-US: NZ Ecommerce
CVE-2006-1095 (Directory traversal vulnerability in the FileSession object in ...)
	NOTE: only version 3.2.7 is vulnerable, 3.2.8 is out
	NOTE: currently 3.1.3 is in Debian; very unlikely that 3.2.7 will be packaged
CVE-2006-1094 (SQL injection vulnerability in Datenbank MOD 2.7 and earlier for ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1093 (Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 ...)
	NOT-FOR-US: IBM WebSphere
CVE-2006-1092 (Unspecified vulnerability in the pagedata subsystem of the process ...)
	NOT-FOR-US: Solaris
CVE-2006-1091 (Kaspersky Antivirus 5.0.5 and 5.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2006-1090 (register.php in PunBB 1.2.10 allows remote attackers to cause an ...)
	NOT-FOR-US: PunBB
CVE-2006-1089 (Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 ...)
	NOT-FOR-US: PunBB
CVE-2006-1088 (PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1087 (Direct static code injection vulnerability in the modify_config action ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1086
	REJECTED
CVE-2006-1085 (admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1084 (Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1083 (Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and ...)
	NOT-FOR-US: PHP-Stats
CVE-2006-1082 (Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript ...)
	NOT-FOR-US: phpArcadeScript
CVE-2006-1081 (SQL injection vulnerability in forgotten_password.php in Jonathan ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2006-1080 (Cross-site scripting (XSS) vulnerability in login.php in Game-Panel ...)
	NOT-FOR-US: Game-Panel
CVE-2006-1079 (htpasswd, as used in Acme thttpd 2.25b and possibly other products ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable, but source contains note about
	NOTE: not being safe for sudo
	NOTE: filed whishlist bug to add this to manpage
CVE-2006-1078 (Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, ...)
	- thttpd 2.23beta1-2.4 (bug #253816; low)
	NOTE: apache's htpasswd not vulnerable
CVE-2006-1077 (Multiple cross-site scripting (XSS) vulnerabilities in the commentary ...)
	NOT-FOR-US: Evo-Dev evoBlog
CVE-2006-1076 (SQL injection vulnerability in index.php, possibly during a showtopic ...)
	NOT-FOR-US: checkInvision Power Board
CVE-2006-1075 (Format string vulnerability in the visualization function in Jason ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1074 (Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers ...)
	NOT-FOR-US: Liero Xtreme
CVE-2006-1073 (Directory traversal vulnerability in index.php in Daverave Simplog ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1072 (Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and ...)
	NOT-FOR-US: Daverave Simplog
CVE-2006-1071 (Cross-site scripting (XSS) vulnerability in index.php in DVguestbook ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1070 (Cross-site scripting (XSS) vulnerability in dv_gbook.php in ...)
	NOT-FOR-US: DVguestbook
CVE-2006-1069 (Unspecified vulnerability in the session handling for Geeklog 1.4.x ...)
	NOT-FOR-US: Geeklog
CVE-2006-1068 (Netgear 614 and 624 routers, possibly running VXWorks, allow remote ...)
	NOT-FOR-US: VXWorks
CVE-2006-1067 (Linksys WRT54G routers version 5 (running VXWorks) allow remote ...)
	NOT-FOR-US: VXWorks
CVE-2006-1066 (Linux kernel 2.6.16-rc2 and earlier, when running on x86_64 systems ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
CVE-2006-1065 (SQL injection vulnerability in search.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-1064 (Multiple cross-site scripting (XSS) vulnerabilities in Lurker 2.0 and ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1063 (Unspecified vulnerability in Lurker 2.0 and earlier allows remote ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1062 (Unspecified vulnerability in lurker.cgi for Lurker 2.0 and earlier ...)
	{DSA-999-1}
	- lurker 2.1-1
CVE-2006-1061 (Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 ...)
	- curl 7.15.3-1
	[woody] - curl <not-affected> (Vulnerable code not present)
	[sarge] - curl <not-affected> (Vulnerable code not present)
CVE-2006-1060 (Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might ...)
	{DSA-1038-1 DSA-1037-1}
	- xzgv 0.8-5.1 (bug #362288; medium)
	- zgv 5.9-2
CVE-2006-1059 (The winbindd daemon in Samba 3.0.21 to 3.0.21c writes the machine ...)
	- samba 3.0.22-1
	[woody] - samba <not-affected>
	[sarge] - samba <not-affected>
CVE-2006-1058 (BusyBox 1.1.1 does not use a salt when generating passwords, which ...)
	- busybox 1:1.1.3-1 (low; bug #360578)
	[woody] - busybox <not-affected>
	[sarge] - busybox <not-affected>
CVE-2006-1057 (Race condition in daemon/slave.c in gdm before 2.14.1 allows local ...)
	{DSA-1040-1}
	- gdm 2.14.4-1
CVE-2006-1056 (The Linux kernel before 2.6.16.9 and the FreeBSD kernel, when running ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-9
	- kfreebsd-5 5.4-17
	- xen-3.0 3.0.2+hg9656-1
CVE-2006-1055 (The fill_write_buffer function in sysfs/file.c in Linux kernel 2.6.12 ...)
	- linux-2.6 2.6.16-6
CVE-2006-1054
	REJECTED
CVE-2006-1053
	RESERVED
CVE-2006-1052 (The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows ...)
	{DSA-1184-2}
	- linux-2.6 2.6.15+2.6.16-rc5-0experimental.1 (low)
CVE-2006-1051 (SQL injection vulnerability in Akarru Social BookMarking Engine before ...)
	NOT-FOR-US: Akurru Social BookMarking Engine
CVE-2006-1050 (** DISPUTED ** ...)
	NOT-FOR-US: Kwik-Pay Payroll
CVE-2005-4728 (Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian ...)
	- amaya 9.4-1 (bug #341424)
	[sarge] - amaya <not-affected> (The Sarge version doesn't have an rpath set)
CVE-2006-1319 (chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little ...)
	- runit 1.4.1-1 (bug #356016; medium)
	[sarge] - runit <not-affected>
CVE-2006-1049 (Multiple SQL injection vulnerabilities in the Admin functionality in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1048 (Joomla! 1.0.7 and earlier allows attackers to bypass intended access ...)
	NOT-FOR-US: Joomla!
CVE-2006-1047 (Unspecified vulnerability in the &quot;Remember Me login functionality&quot; in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1046 (server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial ...)
	- monopd 0.9.3-2 (bug #355797; low)
	[sarge] - monopd <no-dsa> (Very minor security ramifications)
CVE-2006-1045 (The HTML rendering engine in Mozilla Thunderbird 1.5, when &quot;Block ...)
	{DSA-1051-1 DSA-1046-1}
	- thunderbird 1.5.0.2-1
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-1044 (Multiple buffer overflows in LISTSERV 14.3 and 14.4, including ...)
	NOT-FOR-US: LISTSERV
CVE-2006-1043 (Stack-based buffer overflow in Microsoft Visual Studio 6.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2006-1042 (Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote ...)
	NOT-FOR-US: Gregarius
CVE-2006-1041 (Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 ...)
	NOT-FOR-US: Gregarius
CVE-2006-1040 (Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 ...)
	NOT-FOR-US: vBulletin
CVE-2006-1039 (SAP Web Application Server (WebAS) Kernel before 7.0 allows remote ...)
	NOT-FOR-US: SAP
CVE-2006-1038 (Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and ...)
	NOT-FOR-US: SecureCRT
CVE-2006-1037 (SQL injection vulnerability in the Oracle Diagnostics module 2.2 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1036 (Multiple unspecified vulnerabilities in the Oracle Diagnostics module ...)
	NOT-FOR-US: Oracle
CVE-2006-1035 (Unspecified vulnerability in the Oracle Diagnostics module 2.2 and ...)
	NOT-FOR-US: Oracle
CVE-2006-1034 (Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-1033 (Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS ...)
	NOT-FOR-US: Dragonfly CMS
CVE-2006-1032 (Eval injection vulnerability in the decode function in rpc_decoder.php ...)
	NOT-FOR-US: phpRPC
CVE-2006-1031 (config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote ...)
	NOT-FOR-US: iGENUS Webmail
CVE-2006-1030 (Unspecified vulnerability in mod_templatechooser in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1029 (The cross-site scripting (XSS) countermeasures in ...)
	NOT-FOR-US: Joomla!
CVE-2006-1028 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1027 (feedcreator.class.php (aka the syndication component) in Joomla! 1.0.7 ...)
	NOT-FOR-US: Joomla!
CVE-2006-1026 (JFacets before 0.2 allows remote attackers to gain privileges as any ...)
	NOT-FOR-US: JFacets
CVE-2006-1025 (Cross-site scripting (XSS) vulnerability in manage.asp in Addsoft ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1024 (SQL injection vulnerability in MgrLogin.asp in Addsoft StoreBot 2005 ...)
	NOT-FOR-US: Addsoft StoreBot
CVE-2006-1023 (Directory traversal vulnerability in HP System Management Homepage ...)
	NOT-FOR-US: HP System Management
CVE-2006-1022 (PHP remote file include vulnerability in sol_menu.php in PeHePe Uyelik ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1021 (Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe ...)
	NOT-FOR-US: PeHePe Uyelik Sistemi
CVE-2006-1020 (SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas ...)
	NOT-FOR-US: Johnny_Vegas Vegas Forum
CVE-2006-1019 (Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 ...)
	NOT-FOR-US: UkiBoard
CVE-2006-1018 (SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 ...)
	NOT-FOR-US: DCI-Design Dawaween
CVE-2006-1017 (The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x ...)
	NOT-FOR-US: c-client
CVE-2006-1016 (Buffer overflow in the IsComponentInstalled method in Internet ...)
	NOT-FOR-US: Windows
CVE-2006-1015 (Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <removed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1014 (Argument injection vulnerability in certain PHP 4.x and 5.x ...)
	- php5 5.1.4-0.1 (bug #368595; unimportant)
	- php4 <removed> (bug #368592; unimportant)
	NOTE: It's the application's job to sanitize input passed to a function
CVE-2006-1013 (PHP remote file include vulnerability in index.php in SMartBlog (aka ...)
	NOT-FOR-US: SMartBlog
CVE-2006-1012 (SQL injection vulnerability in WordPress 1.5.2, and possibly other ...)
	- wordpress 2.0.1-1
CVE-2006-1011 (LetterMerger 1.2 stores user information in Access database files with ...)
	NOT-FOR-US: LetterMerger
CVE-2006-1010 (Buffer overflow in socket/request.c in CrossFire before 1.9.0, when ...)
	{DSA-1001-1}
	- crossfire 1.9.0-1
CVE-2006-1009 (M4 Project enigma-suite before 0.73.3 (Windows) has a default password ...)
	NOT-FOR-US: M4 Project enigma-suite
CVE-2006-1008 (Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and ...)
	NOT-FOR-US: N8cms
CVE-2006-1007 (Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow ...)
	NOT-FOR-US: N8cms
CVE-2006-1006 (Multiple SQL injection vulnerabilities in sendcard.php in sendcard ...)
	NOT-FOR-US: sendcard
CVE-2006-1005 (agencyprofile.asp in Parodia 6.2 and earlier might allow remote ...)
	NOT-FOR-US: Parodia
CVE-2006-1004 (Cross-site scripting (XSS) vulnerability in agencyprofile.asp in ...)
	NOT-FOR-US: Parodia
CVE-2006-1003 (The backup configuration option in NETGEAR WGT624 Wireless Firewall ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1002 (NETGEAR WGT624 Wireless DSL router has a default account of ...)
	NOT-FOR-US: NETGEAR hardware issue
CVE-2006-1001 (SQL injection vulnerability in the board module in LanSuite LanParty ...)
	NOT-FOR-US: LanSuite LanParty Intranet System
CVE-2006-1000 (Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 ...)
	NOT-FOR-US: Pentacle In-Out Board
CVE-2006-0999 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0998 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0997 (The SSL server implementation in NILE.NLM in Novell NetWare 6.5 and ...)
	NOT-FOR-US: Novell
CVE-2006-0996 (Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP ...)
	- php4 4:4.4.4-1 (bug #361853; unimportant)
	- php5 5.1.4-0.1 (bug #361914; unimportant)
	NOTE: Non-issue, explicit debug feature
CVE-2006-0995 (EMC Dantz Retrospect 7 backup client 7.0.107, and other versions ...)
	NOT-FOR-US: EMC Dantz Retrospect
CVE-2006-0994 (Multiple Sophos Anti-Virus products, including Anti-Virus for Windows ...)
	NOT-FOR-US: Sophos
CVE-2006-0993 (The web management interface in 3Com TippingPoint SMS Server before ...)
	NOT-FOR-US: 3Com
CVE-2006-0992 (Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 ...)
	NOT-FOR-US: Novell GroupWise
CVE-2006-0991 (Buffer overflow in the NetBackup Sharepoint Services server daemon ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0990 (Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0989 (Stack-based buffer overflow in the volume manager daemon (vmd) in ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2006-0988 (The default configuration of the DNS Server service on Windows Server ...)
	NOT-FOR-US: MS Windows issue
CVE-2006-0987 (The default configuration of ISC BIND before 9.4.1-P1, when configured ...)
	- bind <unfixed> (bug #355787; unimportant)
	- bind9 1:9.4.0-1 (bug #356266; unimportant)
	NOTE: This is within the responsibilities of a local admin, especially when
	NOTE: operating a DNS server, affected sites can configure AllowRecursion
CVE-2006-0986 (WordPress 2.0.1 and earlier allows remote attackers to obtain ...)
	- wordpress 2.0.2-1 (bug #355055; unimportant)
CVE-2006-0985 (Multiple cross-site scripting (XSS) vulnerabilities in the &quot;post ...)
	- wordpress 2.0.2-1 (bug #355055; medium)
CVE-2006-0984 (Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo ...)
	NOT-FOR-US: EJ3 TOPo not in debian
CVE-2006-0983 (Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 ...)
	NOT-FOR-US: QWikiWiki not in debian
CVE-2006-0982 (The on-access scanner for McAfee Virex 7.7 for Macintosh, in some ...)
	NOT-FOR-US: McAfee Virex 7.7 for Macintosh
CVE-2006-0981 (Directory traversal vulnerability in e-merge WinAce 2.6 and earlier ...)
	NOT-FOR-US: WinAce
CVE-2006-0980 (Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI ...)
	NOT-FOR-US: Jay Eckles CGI Calendar
CVE-2006-0979 (Unspecified vulnerability in the local weblog publisher in Nidelven IT ...)
	NOT-FOR-US: Nidelven IT Issue Dealer
CVE-2006-0978 (Multiple cross-site scripting (XSS) vulnerabilities in the View ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2006-0977 (Craig Morrison Mail Transport System Professional (aka MTS Pro) acts ...)
	NOT-FOR-US: MTS Pro
CVE-2006-0976 (Directory traversal vulnerability in scan_lang_insert.php in Boris ...)
	NOT-FOR-US: SPiD
CVE-2006-0975
	REJECTED
CVE-2006-0974 (Cross-site scripting (XSS) vulnerability in failure.asp in Battleaxe ...)
	NOT-FOR-US: bttlxeForum 2.0
CVE-2006-0973 (SQL injection vulnerability in topics.php in Appalachian State ...)
	NOT-FOR-US: phpWebSite
CVE-2006-0972 (SQL injection vulnerability in news.php in Tony Baird Fantastic News ...)
	NOT-FOR-US: Tony Baird Fantastic News
CVE-2006-0971 (Directory traversal vulnerability in Lionel Reyero DirectContact 0.3b ...)
	NOT-FOR-US: DirectContact
CVE-2006-0970 (PHP remote file inclusion vulnerability in index.php in one or more ...)
	NOT-FOR-US: ActiveCampaign products
CVE-2006-0969 (PHP remote file inclusion vulnerability in index.php in Top sites de ...)
	NOT-FOR-US: PixelArtKingdom TopSites
CVE-2006-0968 (The ncprwsnt service in NCP Network Communication Secure Client 8.11 ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0967 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0966 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0965 (NCP Network Communication Secure Client 8.11 Build 146, and possibly ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0964 (Client Firewall in NCP Network Communication Secure Client 8.11 Build ...)
	NOT-FOR-US: NCP Network Communication Secure Client
CVE-2006-0963 (Multiple buffer overflows in STLport 5.0.2 might allow local users to ...)
	- stlport5 5.0.2-1 (bug #358471; medium)
CVE-2006-0962 (SQL injection vulnerability in vuBB 0.2 allows remote attackers to ...)
	NOT-FOR-US: VuBB
CVE-2006-0961 (SQL injection vulnerability in yazdir.asp in Cilem Hiber 1.1 allows ...)
	NOT-FOR-US: Cilem Hiber
CVE-2006-0960 (uConfig agent in Compex NetPassage WPE54G router allows remote ...)
	NOT-FOR-US: Compex NetPassage WPE54G router
CVE-2006-0959 (SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0958 (Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0957 (Direct static code injection vulnerability in func.inc.php in ...)
	NOT-FOR-US: ZoneO-Soft freeForum
CVE-2006-0956 (nuauth in NuFW before 1.0.21 does not properly handle blocking TLS ...)
	- nufw 1.0.23-1 (bug #358475; low)
CVE-2006-0955
	RESERVED
CVE-2006-0954
	RESERVED
CVE-2006-0953
	RESERVED
CVE-2006-0952
	RESERVED
CVE-2006-0951 (The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the ...)
	NOT-FOR-US: NOD32
CVE-2006-0950 (unalz 0.53 allows user-assisted attackers to overwrite arbitrary ...)
	- unalz 0.55-1 (bug #356832; low)
	[sarge] - unalz <no-dsa> (Minor issue)
CVE-2006-0949 (RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2006-0948 (AOL 9.0 Security Edition revision 4184.2340, and probably other ...)
	NOT-FOR-US: AOL
CVE-2006-0947 (Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0946 (Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems ...)
	NOT-FOR-US: Thomson modem firmware
CVE-2006-0945 (PHP remote file include vulnerability in admin/index.php in Archangel ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0944 (Archangel Weblog 0.90.02 allows remote attackers to bypass ...)
	NOT-FOR-US: Archangel Weblog
CVE-2006-0943 (SQL injection vulnerability in the sondages module in index.php in ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0942 (SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0941 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0940 (Multiple direct static code injection vulnerabilities in ...)
	NOT-FOR-US: ShoutLIVE
CVE-2006-0939 (SQL injection vulnerability in DCI-Taskeen 1.03 allows remote ...)
	NOT-FOR-US: DCI-Taskeen
CVE-2006-0938 (Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and ...)
	- ezpublish <removed>
CVE-2006-1320 (util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a ...)
	{DSA-1109}
	- rssh 2.3.0-1.1 (bug #346322; bug #363978; low)
CVE-2006-1321 (Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 ...)
	- webcheck 1.9.6
CVE-2006-0937 (U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: U.N.U. Mailgust
CVE-2006-0936 (Free Host Shop Website Generator 3.3 allows remote authenticated users ...)
	NOT-FOR-US: Free Host Shop Website Generator
CVE-2006-0935 (Microsoft Word 2003 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2006-0934 (Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 ...)
	NOT-FOR-US: webinsta Limbo
CVE-2006-0933 (Cross-site scripting (XSS) vulnerability in PHPX 3.5.9 allows remote ...)
	NOT-FOR-US: PHPX
CVE-2006-0932 (Directory traversal vulnerability in zip.lib.php 0.1.1 in ...)
	NOT-FOR-US: zip.lib.php
CVE-2006-0931 (Directory traversal vulnerability in PEAR::Archive_Tar 1.2, and other ...)
	- php5 <removed> (bug #368545; unimportant)
	- php4 <removed> (bug #368545; unimportant)
	NOTE: is this really a vulnerability in pear?  it seems it should be a bug
	NOTE: in any application not checking for such archives.
	NOTE: Lack of a security feature is not a vulnerability
CVE-2006-0930 (Directory traversal vulnerability in Webmail in ArGoSoft Mail Server ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0929 (Directory traversal vulnerability in the IMAP server in ArGoSoft Mail ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0928 (The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote ...)
	NOT-FOR-US: ArgoSoft Mail Server
CVE-2006-0927 (Multiple cross-site scripting (XSS) vulnerabilities in the JGS-XA ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2006-0926 (Multiple directory traversal vulnerabilities in Allume StuffIt ...)
	NOT-FOR-US: StuffIt
CVE-2006-0925 (Format string vulnerability in the IMAP4rev1 server in Alt-N MDaemon ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2006-0924 (Cross-site scripting (XSS) vulnerability in Brown Bear iCal 3.10 ...)
	NOT-FOR-US: iCal
CVE-2006-0923 (Multiple cross-site scripting (XSS) vulnerabilities in MyPHPNuke (MPN) ...)
	NOT-FOR-US: MyPHPNuke
CVE-2006-0922 (CubeCart 3.0 through 3.6 does not properly check authorization for an ...)
	NOT-FOR-US: CubeCart
CVE-2006-0921 (Multiple directory traversal vulnerabilities in connector.php in ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2006-0920 (Oi! Email Marketing System 3.0 (aka Oi! 3) stores the server's FTP ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0919 (SQL injection vulnerability in index.php (aka the login page) in Oi! ...)
	NOT-FOR-US: Oi! Email Marketing System
CVE-2006-0918 (Buffer overflow in RITLabs The Bat! 3.60.07 allows remote attackers to ...)
	NOT-FOR-US: The Bat!
CVE-2006-0917 (Melange Chat Server (aka M-Chat), when accessed via a web browser, ...)
	NOT-FOR-US: Melange Chat Server
CVE-2006-0916 (Bugzilla 2.19.3 through 2.20 does not properly handle &quot;//&quot; sequences ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0915 (Bugzilla 2.16.10 does not properly handle certain characters in the ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0914 (Bugzilla 2.16.10, 2.17 through 2.18.4, and 2.20 does not properly ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0913 (SQL injection vulnerability in whineatnews.pl in Bugzilla 2.17 through ...)
	- bugzilla 2.20.1-1 (bug #354457; high)
	[woody] - bugzilla <not-affected> (Only 2.17 and above are affected)
	[sarge] - bugzilla <not-affected> (Only 2.17 and above are affected)
CVE-2006-0912 (Oreka before 0.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Oreka
CVE-2006-0911 (NmService.exe in Ipswitch WhatsUp Professional 2006 allows remote ...)
	NOT-FOR-US: WhatsUp Professional
CVE-2006-0910 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0909 (Invision Power Board (IPB) 2.1.4 and earlier allows remote attackers ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0908 (PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0907 (SQL injection vulnerability in PHP-Nuke before 7.8 Patched 3.2 allows ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0906 (SQL injection vulnerability in D3Jeeb Pro 3 allows remote attackers to ...)
	NOT-FOR-US: D3Jeeb Pro
CVE-2006-0905 (A &quot;programming error&quot; in fast_ipsec in FreeBSD 4.8-RELEASE through ...)
	- kfreebsd-5 5.4-16
CVE-2006-0904
	REJECTED
CVE-2006-0903 (MySQL 5.0.18 and earlier allows local users to bypass logging ...)
	{DSA-1079-1 DSA-1073-1 DSA-1071-1}
	- mysql-dfsg-5.0 5.0.19-3 (bug #359701; bug #366162; bug #366163)
CVE-2006-0902
	RESERVED
CVE-2006-0901 (Unspecified vulnerability in the hsfs filesystem in Solaris 8, 9, and ...)
	NOT-FOR-US: Solaris
CVE-2006-0900 (nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial ...)
	- kfreebsd-5 5.4-15
CVE-2006-0899 (Directory traversal vulnerability in index.php in 4Images 1.7.1 and ...)
	NOT-FOR-US: 4Images
CVE-2006-0898 (Crypt::CBC Perl module 2.16 and earlier, when running in RandomIV ...)
	{DSA-996-1}
	- libcrypt-cbc-perl 2.17-1
CVE-2006-0897 (** DISPUTED ** ...)
	NOT-FOR-US: VCS Virtual Program Management Intranet
CVE-2006-0896 (Cross-site scripting (XSS) vulnerability in Sources/Register.php in ...)
	NOT-FOR-US: Simple Machine Forum
CVE-2006-0895 (NOCC Webmail 1.0 allows remote attackers to obtain the installation ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0894 (Multiple cross-site scripting (XSS) vulnerabilities in NOCC Webmail ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0893 (NOCC Webmail 1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0892 (NOCC Webmail 1.0 stores e-mail attachments in temporary files with ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0891 (Multiple directory traversal vulnerabilities in NOCC Webmail 1.0 allow ...)
	NOT-FOR-US: NOCC Webmail
CVE-2006-0890 (Directory traversal vulnerability in SpeedProject Squeez 5.1, as used ...)
	NOT-FOR-US: SpeedProject Squeez
CVE-2006-0889 (Cross-site scripting (XSS) vulnerability in Calcium 3.10.1 allows ...)
	NOT-FOR-US: Calcium
CVE-2006-0888 (index.php in Invision Power Board (IPB) 2.0.1, with Code Confirmation ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0887 (Eval injection vulnerability in sessions.inc in PHP Base Library ...)
	NOT-FOR-US: PHPLIB
CVE-2006-0886 (Cross-site scripting (XSS) vulnerability in register.php in DEV web ...)
	NOT-FOR-US: DEV web management system
CVE-2006-0885 (Cross-site scripting (XSS) vulnerability in show_news.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2006-0884 (The WYSIWYG rendering engine (&quot;rich mail&quot; editor) in Mozilla ...)
	{DSA-1051-1 DSA-1046-1}
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- firefox 1.5.dfsg+1.5.0.2-1
	- xulrunner 1.8.0.1-9
	- mozilla 2:1.7.13-0.1
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...)
	- xscreensaver 4.21-1
	NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
	NOTE: in the Sarge version --jmm
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...)
	- xscreensaver 4.15-1
CVE-2006-0883 (OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not ...)
	- openssh 1:3.8.1p1-4
	[woody] - openssh <not-affected>
CVE-2006-0882 (Directory traversal vulnerability in include.php in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0881 (Multiple PHP remote file include vulnerabilities in gorum/gorumlib.php ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0880 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0879 (SQL injection vulnerability in the search tool in Noah's Classifieds ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0878 (Noah's Classifieds 1.3 allows remote attackers to obtain the ...)
	NOT-FOR-US: Noah's Classifieds
CVE-2006-0877 (Cross-site scripting vulnerability in Easy Forum 2.5 allows remote ...)
	NOT-FOR-US: Easy Forum
CVE-2006-0876 (POPFile before 0.22.4 allows remote attackers to cause a denial of ...)
	{DSA-1061-1}
	- popfile 0.22.4-1 (bug #354464; medium)
CVE-2006-0875 (Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 ...)
	NOT-FOR-US: runCMS
CVE-2006-0874 (Multiple unspecified vulnerabilities in Intensive Point iUser ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0873 (Absolute path traversal vulnerability in docs/showdocs.php in ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0872 (Directory traversal vulnerability in init.inc.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2006-0871 (Directory traversal vulnerability in the _setTemplate function in ...)
	- mambo 4.5.3h-1 (bug #354468)
	NOTE: only in experimental
CVE-2006-0870 (SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke CMS
CVE-2006-0869 (Directory traversal vulnerability in the &quot;remember me&quot; feature in ...)
	NOT-FOR-US: PHP PEAR LiveUser
CVE-2006-0868 (Multiple unspecified injection vulnerabilities in unspecified Auth ...)
	- php-auth 1.2.4-0.1 (bug #354474)
CVE-2006-0867 (Buffer overflow in certain versions of South River (aka SRT) WebDrive, ...)
	NOT-FOR-US: WebDrive
CVE-2006-0866 (PunBB 1.2.10 and earlier allows remote attackers to conduct brute ...)
	NOT-FOR-US: PunBB
CVE-2006-0865 (PunBB 1.2.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: PunBB
CVE-2006-0864 (filescan in Global Hauri ViRobot 2.0 20050817 does not verify the ...)
	NOT-FOR-US: Global Hauri ViRobot
CVE-2006-0863 (InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0862 (Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on ...)
	NOT-FOR-US: InfoVista PortalSE
CVE-2006-0861 (Michael Salzer Guestbox 0.6, and other versoins before 0.8, allows ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0860 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0859 (Michael Salzer Guestbox 0.6, and other versions before 0.8, allows ...)
	NOT-FOR-US: Michael Salzer Guestbox
CVE-2006-0858 (Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the ...)
	NOT-FOR-US: StarForce Safe'n'Sec Personal
CVE-2006-0857 (Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 ...)
	NOT-FOR-US: e107 CMS Chatbox plugin
CVE-2006-0856 (SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0855 (Stack-based buffer overflow in the fullpath function in misc.c for zoo ...)
	{DSA-991-1}
	- zoo 2.10-17 (bug #354461)
CVE-2006-0854 (PHP remote file inclusion vulnerability in common.php in Intensive ...)
	NOT-FOR-US: Intensive Point iUser Ecommerce
CVE-2006-0853 (Buffer overflow in the IMAP service of TrueNorth Internet Anywhere ...)
	NOT-FOR-US: TrueNorth Internet Anywhere
CVE-2006-0852 (Direct static code injection vulnerability in write.php in Admbook ...)
	NOT-FOR-US: Admbook
CVE-2006-0851 (SQL injection vulnerability in the forum module of ilchClan 1.05g and ...)
	NOT-FOR-US: ilchClan
CVE-2006-0850 (SQL injection vulnerability in include/includes/user/login.php in ...)
	NOT-FOR-US: ilchClan
CVE-2006-0849
	RESERVED
CVE-2006-0848 (The &quot;Open 'safe' files after downloading&quot; option in Safari on Apple ...)
	NOT-FOR-US: Apple Safari
CVE-2006-0847 (Directory traversal vulnerability in the staticfilter component in ...)
	- cherrypy2.1 2.1.1-1 (bug #353542)
	- python-cherrypy 2.1.1-1 (bug #354479)
CVE-2006-0846 (Multiple cross-site scripting (XSS) vulnerabilities in Leif M. ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0845 (Leif M. Wright's Blog 3.5 allows remote authenticated users with ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0844 (Leif M. Wright's Blog 3.5 does not make a password comparison when ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0843 (Leif M. Wright's Blog 3.5 stores the config file and other txt files ...)
	NOT-FOR-US: Leif M. Wright's Blog
CVE-2006-0842 (Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows ...)
	NOT-FOR-US: Calacode @Mail
CVE-2006-0841 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 ...)
	{DSA-1133-1}
	- mantis 0.19.4-3.1 (bug #378353)
CVE-2006-0840 (manage_user_page.php in Mantis 1.00rc4 and earlier does not properly ...)
	{DSA-944-1}
	- mantis 1.0
	NOTE: This was actually fixed upstream in Mantis 1.0.0rc5,
	NOTE: which was never uploaded.
CVE-2006-0839 (The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly ...)
	- snort <not-affected> (frag3 is only in 2.4, currently there is 2.3.3 in sid)
CVE-2006-0838 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext ...)
	NOT-FOR-US: Tivoli
CVE-2006-0837 (IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable ...)
	NOT-FOR-US: Tivoli
CVE-2006-0836 (Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an ...)
	NOTE: Denial of service by tricking someone into importing a manipulated LDIF file
	NOTE: That's a bug, but calling it a security problem is very far-fetched
CVE-2006-0835 (SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar ...)
	NOT-FOR-US: MitriDAT Web Calendar
CVE-2006-0834 (Uniden UIP1868P VoIP Telephone and Router has a default password of ...)
	NOT-FOR-US: Uniden UIP1868P VoIP Telephone
CVE-2006-0833 (Multiple cross-site scripting (XSS) vulnerabilities in Barracuda ...)
	NOT-FOR-US: Barracuda Directory
CVE-2006-0832 (Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow ...)
	NOT-FOR-US: WPC.easy
CVE-2006-0831 (PHP remote file include vulnerability in index.php in Tasarim Rehberi ...)
	NOT-FOR-US: Tasarim Rehberi
CVE-2006-0830 (The scripting engine in Internet Explorer allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2006-0829 (Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows ...)
	NOT-FOR-US: E-Blah Platinum
CVE-2006-0828 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0827 (Cross-site scripting vulnerability in ESS/ Network Controller and ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0826 (Unspecified vulnerability in ESS/ Network Controller and MicroServer ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0825 (Multiple unspecified vulnerabilities in ESS/ Network Controller and ...)
	NOT-FOR-US: Xerox WorkCentre / ESS/ Network Controller
CVE-2006-0824 (Multiple unspecified vulnerabilities in lib-common.php in Geeklog ...)
	NOT-FOR-US: Geeklog
CVE-2006-0823 (Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before ...)
	NOT-FOR-US: Geeklog
CVE-2006-0822 (Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 ...)
	NOT-FOR-US: EmuLinker Kaillera Server
CVE-2006-0821 (SQL injection vulnerability in index.php in BXCP 0.299 allows remote ...)
	NOT-FOR-US: BXCP
CVE-2006-0820 (Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0819 (Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source ...)
	NOT-FOR-US: Dwarf HTTP Server
CVE-2006-0818 (Absolute path directory traversal vulnerability in (1) MERAK Mail Server for ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0817 (Absolute path directory traversal vulnerability in (a) MERAK Mail ...)
	NOT-FOR-US: MERAK Mail Server and VisNetic MailServer
CVE-2006-0816 (Orion Application Server before 2.0.7, when running on Windows, allows ...)
	NOT-FOR-US: Orion Application Server
CVE-2006-0815 (NetworkActiv Web Server 3.5.15 allows remote attackers to read script ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2006-0814 (response.c in Lighttpd 1.4.10 and possibly previous versions, when run ...)
	NOT-FOR-US: Lighttpd under windows
CVE-2006-0813 (Heap-based buffer overflow in WinACE 2.60 allows user-assisted ...)
	NOT-FOR-US: WinACE
CVE-2006-0812 (The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server ...)
	NOT-FOR-US: WinACE VisNetic AntiVirus
CVE-2005-4727 (Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before ...)
	NOT-FOR-US: gBook
CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...)
	- squid 2.5.6
CVE-2006-0811 (Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board ...)
	NOT-FOR-US: Skate Board
CVE-2006-0810 (Unspecified vulnerability in config.php in Skate Board 0.9 allows ...)
	NOT-FOR-US: Skate Board
CVE-2006-0809 (Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote ...)
	NOT-FOR-US: Skate Board
CVE-2006-0808 (MUTE 0.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MUTE
CVE-2006-0807 (Stack-based buffer overflow in NJStar Chinese and Japanese Word ...)
	NOT-FOR-US: NJStar
CVE-2006-0806 (Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #358872; medium)
	- moodle 1.6.1+20060825-1 (bug #360396; medium)
	- cacti 0.8.6d-1 (medium)
	NOTE: according to maintainer, "Moodle neither uses nor plans to use
	NOTE: ADODB_Pager, so it's not affected by #360396, but include patch for
	NOTE: it anyway, just in case somebody decides to use it out of the blue
CVE-2006-0805 (The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed ...)
	NOT-FOR-US: php-Nuke
CVE-2006-0804 (Off-by-one error in TIN 1.8.0 and earlier might allow attackers to ...)
	- tin 1:1.8.2-1
	[sarge] - tin <not-affected> (Vulnerable code not present)
CVE-2006-0803 (The signature verification functionality in the YaST Online Update ...)
	NOT-FOR-US: YaSt Online Update
CVE-2006-0802 (Cross-site scripting (XSS) vulnerability in the NS-Languages module ...)
	NOT-FOR-US: PostNuke
CVE-2006-0801 (SQL injection vulnerability in the NS-Languages module for PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2006-0800 (Interpretation conflict in PostNuke 0.761 and earlier allows remote ...)
	NOT-FOR-US: PostNuke
CVE-2006-0799 (Microsoft Internet Explorer allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2006-0798 (Multiple directory traversal vulnerabilities in the IMAP service in ...)
	NOT-FOR-US: Macallan Mail Solution
CVE-2006-0797 (Nokia N70 cell phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Nokia cell phone
CVE-2006-0796 (Cross-site scripting (XSS) vulnerability in default.php in Clever Copy ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0795 (Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 ...)
	NOT-FOR-US: Quirex
CVE-2006-0794 (help.php in V-webmail 1.6.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: V-webmail
CVE-2006-0793 (frameset.php in V-webmail 1.6.2 allows remote attackers to conduct ...)
	NOT-FOR-US: V-webmail
CVE-2006-0792 (Cross-site scripting (XSS) vulnerability in preferences.personal.php ...)
	NOT-FOR-US: V-webmail
CVE-2006-0791 (PHP remote file inclusion vulnerability in index.php in DreamCost ...)
	NOT-FOR-US: DreamCost HostAdmin
CVE-2006-0790 (Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0789 (Certain unspecified Kyocera printers have a default &quot;admin&quot; account ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0788 (Kyocera 3830 (aka FS-3830N) printers have a back door that allows ...)
	NOT-FOR-US: Kyocera printers
CVE-2006-0787 (wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and ...)
	NOT-FOR-US: Plaino Wimpy
CVE-2006-0786 (Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0785 (Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2006-0784 (D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers ...)
	NOT-FOR-US: D-Link hardware
CVE-2006-0783 (Cross-site scripting (XSS) vulnerability in page.php in in Siteframe ...)
	NOT-FOR-US: Siteframe Beaumont
CVE-2006-0782 (Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0781 (Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0780 (Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in ...)
	NOT-FOR-US: PerlBlog
CVE-2006-0779 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0778 (Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier ...)
	NOT-FOR-US: XMB Forums
CVE-2006-0777 (Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0776 (Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts ...)
	NOT-FOR-US: Teca Scripts Guestex
CVE-2006-0775 (Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 ...)
	NOT-FOR-US: BirthSys
CVE-2006-0774 (SQL injection vulnerability in deleteSession() in DB_eSession library ...)
	NOT-FOR-US: DB_eSession
CVE-2006-0773 (Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0772 (SQL injection vulnerability in Hitachi Business Logic - Container ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2006-0771 (Format string vulnerability in PunkBuster 1.180 and earlier, as used ...)
	NOT-FOR-US: PunkBuster
CVE-2006-0770 (Cross-site scripting (XSS) vulnerability in calendar.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0769 (Unspecified vulnerability in in.rexecd in Solaris 10 allows local ...)
	NOT-FOR-US: Solaris
CVE-2006-0768 (Kadu 0.4.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Kadu
CVE-2006-0767 (CGIWrap before 3.10 allows remote attackers to obtain sensitive ...)
	- cgiwrap 3.9-3.1
	[sarge] - cgiwrap <no-dsa> (Only leaks information about the existance of users on a system)
CVE-2006-0766 (ICQ Inc. (formerly Mirabilis) ICQ 2003a, 2003b, Lite 4.0, Lite 4.1, ...)
	NOT-FOR-US: ICQ
CVE-2006-0765 (GUI display truncation vulnerability in ICQ Inc. (formerly Mirabilis) ...)
	NOT-FOR-US: ICQ
CVE-2006-0764 (The Authentication, Authorization, and Accounting (AAA) capability in ...)
	NOT-FOR-US: Cisco
CVE-2006-0763 (Cross-site scripting (XSS) vulnerability in dowebmailforward.cgi in ...)
	NOT-FOR-US: cPanel (not the same as in the cpanel package)
CVE-2006-0762 (WinAbility Folder Guard 4.11 allows local users to gain unauthorized ...)
	NOT-FOR-US: WinAbility Folder Guard
CVE-2006-0761 (Buffer overflow in BlackBerry Attachment Service in Research in Motion ...)
	NOT-FOR-US: BlackBerry
CVE-2006-0760 (LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive ...)
	NOT-FOR-US: LightTPD on windows
CVE-2006-0759 (Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier ...)
	NOT-FOR-US: HiveMail
CVE-2006-0758 (Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 ...)
	NOT-FOR-US: HiveMail
CVE-2006-0757 (Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier ...)
	NOT-FOR-US: HiveMail
CVE-2006-0756 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0755 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0754 (** DISPUTED ** ...)
	NOT-FOR-US: dotProject
CVE-2006-0753 (Memory leak in Microsoft Internet Explorer 6 for Windows XP Service ...)
	NOT-FOR-US: Microsoft
CVE-2006-0752 (Niels Provos Honeyd before 1.5 replies to certain illegal IP packet ...)
	- honeyd 1.5a-1 (bug #353064; low)
	[sarge] - honeyd <no-dsa> (Too insignificant)
CVE-2006-0751 (Multiple unspecified vulnerabilities in the (1) Filesystem in ...)
	NOT-FOR-US: Network Object Oriented File System (NOOFS)
CVE-2006-0750 (SQL injection vulnerability in army.php in supersmashbrothers (SSB) ...)
	NOT-FOR-US: supersmashbrothers
CVE-2006-0749 (nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- mozilla 2:1.7.13-0.1 (low)
	- thunderbird 1.5.0.2-1 (low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
CVE-2006-0748 (Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla-firefox 1.5.dfsg+1.5.0.2-1 (high)
	- mozilla 2:1.7.13-0.1 (high)
	- thunderbird 1.5.0.2-1 (high)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (high)
	- xulrunner 1.8.0.1-9
CVE-2006-0747 (Integer underflow in Freetype before 2.2 allows remote attackers to ...)
	{DSA-1095-1}
	- freetype 2.2.1-1 (medium)
CVE-2006-0746 (Certain patches for kpdf do not include all relevant patches from xpdf ...)
	{DSA-1008-1}
	- kdegraphics 4:3.5.0-3
	NOTE: Only affected the 3.3.2 KDE backport
CVE-2006-0745 (X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 ...)
	- xorg-x11 6.9.0.dfsg.1-5 (bug #360388; medium)
	- xorg-server 1:1.0.2-1 (bug #378465; medium)
	- xfree86 <not-affected>
CVE-2006-0744 (Linux kernel before 2.6.16.5 does not properly handle uncanonical ...)
	{DSA-1103}
	- linux-2.6 2.6.16-7
CVE-2006-0743 (Format string vulnerability in LocalSyslogAppender in Apache log4net ...)
	NOT-FOR-US: Log4Net
CVE-2006-0742 (The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0741 (Linux kernel before 2.6.15.5, when running on Intel processors, allows ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.15-8
CVE-2006-0740
	RESERVED
CVE-2006-0739 (eStara SIP softphone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0738 (Multiple format string vulnerabilities in eStara SIP softphone allow ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0737 (eStara SIP softphone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eStara SIP softphone
CVE-2006-0736 (Stack-based buffer overflow in the pam_micasa PAM authentication ...)
	NOT-FOR-US: pam_micasa / Novell
CVE-2005-4726 (MUTE 0.4 uses improper flood protection algorithms, which allows ...)
	NOT-FOR-US: MUTE
CVE-2005-4725 (Geeklog before 1.3.11sr3 allows remote attackers to bypass intended ...)
	NOT-FOR-US: Geeklog
CVE-2005-4724 (SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows ...)
	NOT-FOR-US: PhpTagCool
CVE-2006-2440 (Heap-based buffer overflow in the libMagick component of ImageMagick ...)
	{DSA-1168-1}
	- imagemagick 6:6.2.4.5-0.6 (bug #345595)
CVE-2006-0735 (Cross-site scripting (XSS) vulnerability in BBcode.pm in M. Blom ...)
	NOT-FOR-US: My Blog
CVE-2006-0734 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...)
	NOT-FOR-US: Half-Life
CVE-2006-0733 (** DISPUTED ** Cross-site scripting (XSS) vulnerability in WordPress ...)
	- wordpress <unfixed> (unimportant)
CVE-2006-0732 (Directory traversal vulnerability in SAP Business Connector (BC) 4.6 ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0731 (WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and ...)
	NOT-FOR-US: SAP Business Connector
CVE-2006-0730 (Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow ...)
	- dovecot 1.0.beta3-1 (bug #353341; medium)
	[sarge] - dovecot <not-affected> (Vulnerable code was introduced in 1.0beta1)
CVE-2006-0729 (SQL injection vulnerability in functions.php in Teca Diary PE 1.0 ...)
	NOT-FOR-US: Teca Diary
CVE-2006-0728 (SQL injection vulnerability in search.php in webSPELL 4.01.00 and ...)
	NOT-FOR-US: webSPELL
CVE-2006-0727 (SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis ...)
	NOT-FOR-US: MusOX DF
CVE-2006-0726 (Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke ...)
	NOT-FOR-US: CPG-Nuke
CVE-2006-0725 (PHP remote file inclusion vulnerability in prepend.php in Plume CMS ...)
	NOT-FOR-US: Plume CMS
CVE-2006-0724 (profile.php in Reamday Enterprises Magic News Lite 1.2.3, when ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0723 (PHP remote file inclusion vulnerability in preview.php in Reamday ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0722 (settings.php in Reamday Enterprises Magic Downloads 1.1.3, when ...)
	NOT-FOR-US: Reamday Enterprises Magic News Lite
CVE-2006-0721 (SQL injection vulnerability in pmlite.php in RunCMS 1.2 and 1.3a ...)
	NOT-FOR-US: RunCMS
CVE-2006-0720 (Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows ...)
	NOT-FOR-US: Winamp
CVE-2006-0719 (SQL injection vulnerability in member_login.php in PHP Classifieds ...)
	NOT-FOR-US: PHP Classifieds
CVE-2006-0718 (The Internet Key Exchange version 1 (IKEv1) implementation in Avaya ...)
	NOT-FOR-US: Avaya VSU
CVE-2006-0717 (IBM Tivoli Directory Server 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Tivoli
CVE-2006-0716 (SQL injection vulnerability in index.php in sNews 1.3 allows remote ...)
	NOT-FOR-US: sNews
CVE-2006-0715 (Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote ...)
	NOT-FOR-US: sNews
CVE-2006-0714 (Directory traversal vulnerability in the installation file ...)
	- flyspray <not-affected> (Vulnerable code not included in Debian)
CVE-2006-0713 (Directory traversal vulnerability in LinPHA 1.0 allows remote ...)
	NOT-FOR-US: LinPHA
CVE-2006-0712 (mail_html template in Squishdot 1.5.0 and earlier does not properly ...)
	NOT-FOR-US: Squishdot
CVE-2006-0711 (The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl ...)
	NOT-FOR-US: NeoMail
CVE-2006-0710 (Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 ...)
	NOT-FOR-US: Isode M-Vault
CVE-2006-0709 (Buffer overflow in Metamail 2.7-50 allows remote attackers to cause a ...)
	{DSA-995-1}
	- metamail 2.7-51 (bug #352482; bug #353539)
CVE-2006-0708 (Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow ...)
	NOT-FOR-US: Winamp
CVE-2006-0707 (PyBlosxom before 1.3.2, when running on certain webservers, allows ...)
	- pyblosxom 1.3.2-1 (high)
	[sarge] - pyblosxom <not-affected> (Vulnerable path handling code not present)
CVE-2006-0706 (Cross-site scripting vulnerability in eintrag.php in G&#228;stebuch ...)
	NOT-FOR-US: Gaestebuch
CVE-2006-0705 (Format string vulnerability in a logging function as used by various ...)
	NOT-FOR-US: Proprietary SFTP servers
CVE-2006-0704 (iE Integrator 4.4.220114, when configured without a &quot;bespoke error ...)
	NOT-FOR-US: iE Integrator
CVE-2006-0703 (Unspecified vulnerability in index.php in imageVue 16.1 has unknown ...)
	NOT-FOR-US: imageVue
CVE-2006-0702 (admin/upload.php in imageVue 16.1 allows remote attackers to upload ...)
	NOT-FOR-US: imageVue
CVE-2006-0701 (readfolder.php in imageVue 16.1 allows remote attackers to list ...)
	NOT-FOR-US: imageVue
CVE-2006-0700 (imageVue 16.1 allows remote attackers to obtain folder permission ...)
	NOT-FOR-US: imageVue
CVE-2006-0699 (Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki ...)
	NOT-FOR-US: QWikiWiki
CVE-2006-0698 (Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0697 (Zen Cart before 1.2.7 does not protect the admin/includes directory, ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0696 (SQL injection vulnerability in Zen Cart before 1.2.7 allows remote ...)
	NOT-FOR-US: Zen Cart
CVE-2006-0695 (Ansilove before 1.03 does not filter uploaded file extensions, which ...)
	NOT-FOR-US: Ansilove
CVE-2006-0694 (Unspecified vulnerability in the loaders (load_*.php) in Ansilove ...)
	NOT-FOR-US: Ansilove
CVE-2006-0693 (Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti ...)
	NOT-FOR-US: Roberto Butti CALimba
CVE-2006-0692 (Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL ...)
	NOT-FOR-US: Carey Briggs Timesheet
CVE-2006-0691 (edituser.php in TTS Time Tracking Software 3.0 does not verify that ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0690 (Multiple SQL injection vulnerabilities in TTS Time Tracking Software ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0689 (Cross-site scripting (XSS) vulnerability in the Registration Form in ...)
	NOT-FOR-US: TTS Time Tracking Software
CVE-2006-0688 (PHP remote file include vulnerability in application.php in ...)
	NOT-FOR-US: nicecoder.com indexu
CVE-2006-0687 (process.php in DocMGR 0.54.2 does not initialize the $siteModInfo ...)
	NOT-FOR-US: DocMGR
CVE-2006-0686 (add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0685 (The check_login function in login.php in Virtual Hosting Control ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0684 (change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0683 (Cross-site scripting (XSS) vulnerability in Virtual Hosting Control ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2006-0682 (Multiple cross-site scripting (XSS) vulnerabilities in bbcodes system ...)
	NOT-FOR-US: e107
CVE-2006-0681 (Format string vulnerability in powerd.c in Power Daemon (powerd) 2.0.2 ...)
	NOT-FOR-US: powerd
	NOTE: powerd supposedly normally comes with sysvinit, but not in debian
CVE-2006-0680 (Unspecified vulnerability in WebGUI before 6.8.6-gamma allows remote ...)
	NOT-FOR-US: WebGUI
CVE-2006-0679 (SQL injection vulnerability in index.php in the Your_Account module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0678 (PostgreSQL 7.3.x before 7.3.14, 7.4.x before 7.4.12, 8.0.x before ...)
	NOTE: Only vulnerable when compiled with asserts
	- postgresql <unfixed> (unimportant)
	- postgresql-8.0 8.0.7-1 (unimportant)
	- postgresql-8.1 8.1.3-1 (unimportant)
CVE-2005-4723 (D-Link DI-524 Wireless Router, DI-624 Wireless Router, and DI-784 ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-4722 (_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4721 (Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER ...)
	NOT-FOR-US: tmsPUBLISHER
CVE-2005-4720 (Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to ...)
	{DSA-1044-1}
	- mozilla-firefox 1.5.dfsg+1.5.0.2 (low)
	- firefox 1.5.dfsg-1
CVE-2005-4719 (Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 ...)
	NOT-FOR-US: Sysbotz Systems Panel
CVE-2005-4718 (Opera 8.02 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Opera
CVE-2005-4717 (Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-4716 (Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote ...)
	NOT-FOR-US: Hitachi TP1
CVE-2006-0677 (telnetd in Heimdal 0.6.x before 0.6.6 and 0.7.x before 0.7.2 allows ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0676 (Cross-site scripting (XSS) vulnerability in header.php in PHP-Nuke 6.0 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0675 (Cross-site scripting (XSS) vulnerability in search.php in Siteframe ...)
	NOT-FOR-US: SiteFrame
CVE-2006-0674 (Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 ...)
	NOT-FOR-US: IBM AIX
CVE-2006-0673 (Multiple SQL injection vulnerabilities in cms/index.php in Magic ...)
	NOT-FOR-US: Magic Calendar Lite
CVE-2006-0672 (Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before ...)
	NOT-FOR-US: HP PSC 1210 All-in-One printer
CVE-2006-0671 (Buffer overflow in Sony Ericsson K600i, V600i, W800i, and T68i cell ...)
	NOT-FOR-US: Sony Ericsson
CVE-2006-0670 (Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to ...)
	{DSA-990-1}
	- bluez-hcidump 1.30-1 (bug #351881; medium)
CVE-2006-0669 (** DISPUTED ** ...)
	NOT-FOR-US: Forum Light
CVE-2006-0668 (SQL injection vulnerability in index.php in PwsPHP 1.2.3 allows remote ...)
	NOT-FOR-US: PwsPHP
CVE-2006-0667 (lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary ...)
	NOT-FOR-US: AIX
CVE-2006-0666 (Unspecified vulnerability in the (1) unix_mp and (2) unix_64 kernels ...)
	NOT-FOR-US: AIX
CVE-2006-0665 (Unspecified vulnerability in (1) query_store.php and (2) ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0664 (Cross-site scripting (XSS) vulnerability in config_defaults_inc.php in ...)
	{DSA-1133-1}
	- mantis 0.19.4-3
	[woody] - mantis <not-affected> (Complete rewrite in 0.19)
CVE-2006-0663 (Multiple cross-site scripting (XSS) vulnerabilities in Lotus Domino ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0662 (Cross-site scripting (XSS) vulnerability in Lotus Domino iNotes Client ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0661 (Cross-site scripting (XSS) vulnerability in Scriptme SmE GB Host 1.21 ...)
	NOT-FOR-US: SmE GB Host
CVE-2006-0660 (Multiple directory traversal vulnerabilities in FarsiNews 2.5 and ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0659 (Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and ...)
	NOT-FOR-US: Runcms
CVE-2006-0658 (Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moin 1.5.8-4.1
	[etch] - moin <not-affected> (Vulnerable php code not present)
	- karrigell <not-affected> (Vulnerable php code not present)
CVE-2006-0657 (Cross-site scripting (XSS) vulnerability in Softcomplex PHP Event ...)
	NOT-FOR-US: Softcomplex
CVE-2006-0656 (Directory traversal vulnerability in HP Systems Insight Manager 4.2 ...)
	NOT-FOR-US: HP
CVE-2006-0655 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0654 (check.php in Hinton Design phpht Topsites 1.3 does not validate ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0653 (Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites ...)
	NOT-FOR-US: Hinton Design phpht Topsites
CVE-2006-0652 (WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2006-0651 (SQL injection vulnerability in index.php in vwdev allows remote ...)
	NOT-FOR-US: vwdev
CVE-2006-0650 (Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the ...)
	NOT-FOR-US: CPAINT
CVE-2006-0649 (Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 ...)
	NOT-FOR-US: DataparkSearch
CVE-2006-0648 (Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, ...)
	NOT-FOR-US: PHP iCalendar
CVE-2006-0647 (LDAP service in Sun Java System Directory Server 5.2, running on Linux ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2006-0646 (ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain ...)
	- binutils <not-affected> (SuSE specific vulnerability)
CVE-2006-0645 (Tiny ASN.1 Library (libtasn1) before 0.2.18, as used by (1) GnuTLS ...)
	{DSA-986-1 DSA-985-1}
	- libtasn1-2 <removed> (bug #352182; bug #365234)
	NOTE: upload of libtasn1-2 0.3.1-1 was reverted in 1:0.2.17-2 because of soname change
	- libtasn1-3 0.3.4-1
	- gnutls13 1.3.5-1
	- gnutls12 1.2.11-1
	- gnutls11 <removed>
CVE-2005-4715 (Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4714 (Format string vulnerability in the vmps_log function in OpenVMPS (VLAN ...)
	NOT-FOR-US: OpenVMPS
CVE-2005-4713 (Unspecified vulnerability in the SQL logging facility in PAM-MySQL ...)
	- pam-mysql 0.6.2-1 (bug #353589; low)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2005-4712 (CRLF injection vulnerability in process_signup.php in PHP Handicapper ...)
	NOT-FOR-US: Handicapper
CVE-2006-XXXX [dpkg-sig: insecure temp file bug]
	- dpkg-sig 0.13 (bug #352723; low)
	[sarge] - dpkg-sig <no-dsa> (Only affected in debug mode)
CVE-2006-2441 (Pioneers meta-server before 0.9.55, when the server-console is not ...)
	- pioneers 0.9.55-1 (bug #351986; medium)
	[sarge] - gnocatan <not-affected> (Not exploitable in Sarge per maintainer)
CVE-2006-0644 (Multiple directory traversal vulnerabilities in install.php in ...)
	NOT-FOR-US: CPG-Nuke Dragonfly CMS
CVE-2006-0643 (Cross-site scripting (XSS) vulnerability in WiredRed e/pop Web ...)
	NOT-FOR-US: WiredRed e/pop Web Conferencing
CVE-2006-0642 (Trend Micro ServerProtect 5.58, and possibly InterScan Messaging ...)
	NOT-FOR-US: Trend Micro
CVE-2006-0641 (Orbicule Undercover uses a third-party web server to determine the IP ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0640 (Orbicule Undercover allows attackers with physical or root access to ...)
	NOT-FOR-US: Orbicule Undercover
CVE-2006-0639 (Cross-site scripting (XSS) vulnerability in search.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0638 (SQL injection vulnerability in moderation.php in MyBB (aka ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0637 (Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows ...)
	NOT-FOR-US: QUALCOMM Eudora WorldMail
CVE-2006-0636 (desktop.php in eyeOS 0.8.9 and earlier tests for the existence of the ...)
	NOT-FOR-US: eyeOS
CVE-2006-0635 (Tiny C Compiler (TCC) 0.9.23 (aka TinyCC) evaluates the ...)
	- tcc 0.9.24~cvs20070502-1 (bug #352202; low)
	[sarge] - tcc <no-dsa> (Only incorrect code gen, hardly any production use)
	[etch] - tcc <no-dsa> (Documented as insecure; only incorrect code gen, hardly any production use)
CVE-2006-0634 (Borland C++Builder 6 (BCB6) with Update Pack 4 Enterprise edition ...)
	NOT-FOR-US: Borland C++Builder
CVE-2006-0633 (The make_password function in ipsclass.php in Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0632 (The gen_rand_string function in phpBB 2.0.19 uses insufficiently ...)
	- phpbb2 2.0.20 (low)
	[sarge] - phpbb2 <no-dsa> (Minor issue)
	NOTE: According to maintainers phpbb2 doesn't have useful countermeasures against
	NOTE: brute-force password guessing and as password seeding is based on milliseconds
	NOTE: NTP-timed attacks may even be in the area of a couple thousands attempts
	NOTE: instead of a million
	NOTE: Fixed in 2.0.20
CVE-2006-0631 (CRLF injection vulnerability in mailback.pl in Erik C. Thauvin ...)
	NOT-FOR-US: Erik C. Thauvin mailback
CVE-2006-0630 (RITLabs The Bat! before 3.0.0.15 displays certain important headers ...)
	NOT-FOR-US: The Bat!
CVE-2006-0629 (Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 ...)
	NOT-FOR-US: AIM
CVE-2006-0628 (myquiz.pl in Dale Ray MyQuiz 1.01 allows remote attackers to execute ...)
	NOT-FOR-US: Dale Ray MyQuiz
CVE-2006-0627 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0, 2.0a, and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0624 (SQL injection vulnerability in check.asp in Whomp Real Estate Manager ...)
	NOT-FOR-US: Whomp Real Estate Manager
CVE-2006-0623 (QNX Neutrino RTOS 6.3.0 ships /etc/rc.d/rc.local with world-writable ...)
	NOT-FOR-US: QNX
CVE-2006-0622 (QNX Neutrino RTOS 6.3.0 allows local users to cause a denial of ...)
	NOT-FOR-US: QNX
CVE-2006-0621 (Multiple buffer overflows in QNX Neutrino RTOS 6.2.0 allow local users ...)
	NOT-FOR-US: QNX
CVE-2006-0620 (Race condition in phfont in QNX Neutrino RTOS 6.2.1 allows local users ...)
	NOT-FOR-US: QNX
CVE-2006-0619 (Multiple stack-based buffer overflows in QNX Neutrino RTOS 6.3.0 allow ...)
	NOT-FOR-US: QNX
CVE-2006-0618 (Format string vulnerability in fontsleuth in QNX Neutrino RTOS 6.3.0 ...)
	NOT-FOR-US: QNX
CVE-2006-0617 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2006-0616 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 4 and ...)
	NOT-FOR-US: Sun Java
CVE-2006-0615 (Multiple unspecified vulnerabilities in Sun Java JDK and JRE 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2006-0614 (Unspecified vulnerability in Sun Java JDK and JRE 5.0 Update 3 and ...)
	NOT-FOR-US: Sun Java
CVE-2006-0613 (Unspecified vulnerability in Java Web Start after 1.0.1_02, as used in ...)
	NOT-FOR-US: Sun Java
CVE-2006-0612 (Powersave daemon before 0.10.15.2 allows local users to gain ...)
	- powersave 0.11.2-1
CVE-2006-0611 (Directory traversal vulnerability in compose.pl in @Mail 4.3 and ...)
	NOT-FOR-US: @Mail
CVE-2006-0610 (Multiple SQL injection vulnerabilities in 2200net Calendar system 1.2, ...)
	NOT-FOR-US: 2200net Calender system
CVE-2006-0609 (Cross-site scripting (XSS) vulnerability in add.php in Hinton Design ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0608 (Multiple SQL injection vulnerabilities in Hinton Design phphd 1.0 ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0607 (check.php in Hinton Design phphd 1.0 does not check passwords when ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0606 (SQL injection vulnerability in Unknown Domain Shoutbox 2005.07.21 ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0605 (Multiple cross-site scripting (XSS) vulnerabilities in Unknown Domain ...)
	NOT-FOR-US: Unknown Domain Shoutbox
CVE-2006-0604 (check.php in Hinton Design phphg Guestbook 1.2 does not check the user ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0603 (Multiple cross-site scripting vulnerabilities in signed.php in Hinton ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0602 (Multiple SQL injection vulnerabilities in Hinton Design phphg ...)
	NOT-FOR-US: Hinton Design phphd
CVE-2006-0601
	RESERVED
CVE-2006-0596
	RESERVED
CVE-2006-0595
	RESERVED
CVE-2006-0594
	RESERVED
CVE-2005-4711 (SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-4710 (Unspecified vulnerability in multiple Autodesk and AutoCAD products ...)
	NOT-FOR-US: AutoCAD
CVE-2006-0598 (Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0597 (Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0599 (The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0600 (elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1
CVE-2006-0593 (Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2006-0592 (Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server ...)
	NOT-FOR-US: Lexmark Printer
CVE-2006-0591 (The crypt_gensalt functions for BSDI-style extended DES-based and ...)
	NOT-FOR-US: crypt_blowfish implementation from OWL, does not seem to be in Debian
CVE-2006-0590 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: MyTopix
CVE-2006-0589 (MyTopix 1.2.3 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: MyTopix
CVE-2006-0588 (SQL injection vulnerability in search.php in MyTopix 1.2.3 allows ...)
	NOT-FOR-US: MyTopix
CVE-2006-0587 (Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 ...)
	- gallery 1.5.2-pl2-1
CVE-2006-0586 (Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before ...)
	NOT-FOR-US: Oracle
CVE-2006-0585 (jscript.dll in Microsoft Internet Explorer 6.0 SP1 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0584 (The PSCipher function in PeopleSoft People Tools 8.4x uses PKCS #5 ...)
	NOT-FOR-US: PeopleSoft People Tools
CVE-2006-0583 (SQL injection vulnerability in mailarticle.php in Clever Copy 3.0 and ...)
	NOT-FOR-US: Clever Copy
CVE-2006-0582 (Unspecified vulnerability in rshd in Heimdal 0.6.x before 0.6.6 and ...)
	{DSA-977-1}
	- heimdal 0.7.2-1
CVE-2006-0581 (SQL injection vulnerability in Hosting Controller 6.1 Hotfix 2.8 ...)
	NOT-FOR-US: Hosting Controller
CVE-2006-0580 (IBM Lotus Domino Server 7.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Lotus Domino
CVE-2006-0579 (Multiple integer overflows in (1) the new_demux_packet function in ...)
	- mplayer <not-affected> (fixed before first upload; 1.0pre7try3)
	NOTE: code not in ffmpeg and xine-lib
CVE-2006-0578 (Blue Coat Proxy Security Gateway OS (SGOS) 4.1.2.1 does not enforce ...)
	NOT-FOR-US: Blue Coat Proxy Security Gateway OS
CVE-2006-0577 (Lexmark X1185 printer allows local users to gain SYSTEM privileges by ...)
	NOT-FOR-US: Lexmark printer
CVE-2006-0576 (Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and ...)
	- oprofile 0.9.1-9 (bug #352910; low)
	[sarge] - oprofile <no-dsa> (requires sudo access to be vulnerable)
CVE-2006-0575 (convert-fcrontab in Fcron 2.9.5 and 3.0.0 allows remote attackers to ...)
	- fcron <not-affected> (Not included in Debian package)
CVE-2006-0574 (Cross-site scripting (XSS) vulnerability in mime/handle.html in cPanel ...)
	NOT-FOR-US: cPanel
CVE-2006-0573 (Multiple cross-site scripting (XSS) vulnerabilies in cPanel 10 and ...)
	NOT-FOR-US: cPanel
CVE-2006-0572 (phpstatus 1.0 does not require passwords when using cookies to ...)
	NOT-FOR-US: phpstatus
CVE-2006-0571 (Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 ...)
	NOT-FOR-US: phpstatus
CVE-2006-0570 (Multiple SQL injection vulnerabilities in phpstatus 1.0, when ...)
	NOT-FOR-US: phpstatus
CVE-2006-0569 (Cross-site scripting (XSS) vulnerability in user_class.php in Papoo ...)
	NOT-FOR-US: Papoo
CVE-2006-0568 (Cross-site scripting (XSS) vulnerability in throw.main in Outblaze ...)
	NOT-FOR-US: Outblaze
CVE-2006-0567 (Directory traversal vulnerability in Files Xaraya module before 0.5.1, ...)
	NOT-FOR-US: Xaraya
CVE-2006-0566 (The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote ...)
	NOT-FOR-US: Communigate Pro
CVE-2006-0565 (PHP remote file include vulnerability in inc/backend_settings.php in ...)
	NOT-FOR-US: LoudBlog
CVE-2006-0564 (Stack-based buffer overflow in Microsoft HTML Help Workshop ...)
	NOT-FOR-US: Microsoft
CVE-2006-0563 (SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0562 (Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut ...)
	NOT-FOR-US: PluggedOut Blog
CVE-2006-0561 (Cisco Secure Access Control Server (ACS) 3.x for Windows stores ACS ...)
	NOT-FOR-US: Cisco
CVE-2006-0560
	REJECTED
CVE-2006-0559 (Format string vulnerability in the SMTP server for McAfee WebShield ...)
	NOT-FOR-US: McAfee WebShield
CVE-2006-0558 (perfmon (perfmon.c) in Linux kernel on IA64 architectures allows local ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1 (bug #365375; low)
CVE-2006-0557 (sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0556
	REJECTED
CVE-2006-0555 (The Linux Kernel before 2.6.15.5 allows local users to cause a denial ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0554 (Linux kernel 2.6 before 2.6.15.5 allows local users to obtain ...)
	{DSA-1103}
	- linux-2.6 2.6.15-8
CVE-2006-0553 (PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to ...)
	- postgresql-8.1 8.1.3-1
CVE-2006-0552 (Unspecified vulnerability in the Net Listener component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0551 (SQL injection vulnerability in the Data Pump Metadata API in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0550 (Buffer overflow in an unspecified Oracle Client utility might allow ...)
	NOT-FOR-US: Oracle
CVE-2006-0549 (SQL injection vulnerability in the SYS.DBMS_METADATA_UTIL package in ...)
	NOT-FOR-US: Oracle
CVE-2006-0548 (SQL injection vulnerability in the Oracle Text component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0547 (Oracle Database 8i, 9i, and 10g allow remote authenticated users to ...)
	NOT-FOR-US: Oracle
CVE-2006-0546 (Unspecified vulnerability in index.php in a certain application ...)
	NOT-FOR-US: Strange app at www.egeinternet.com
CVE-2006-0545 (SQL injection vulnerability in showflat.php in Groupee (formerly known ...)
	NOT-FOR-US: UBB.threads
CVE-2006-0544 (urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) ...)
	NOT-FOR-US: Microsoft
CVE-2006-0543 (Cerulean Trillian 3.1.0.120 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2006-0542 (Multiple SQL injection vulnerabilities in config.php in NukedWeb ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0541 (Multiple cross-site scripting (XSS) vulnerabilities in Tachyon Vanilla ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0540 (Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook ...)
	NOT-FOR-US: Tachyon Vanilla Guestbook
CVE-2006-0539 (The convert-fcrontab program in fcron 3.0.0 might allow local users to ...)
	- fcron <not-affected> (Vulnerable app in the Debian package, not setuid anyway)
CVE-2006-0538 (CipherTrust IronMail 5.0.1, when &quot;Denial of Service Protection&quot; is ...)
	NOT-FOR-US: IronMail
CVE-2006-0537 (Buffer overflow in the POP3 server in Kinesphere Corporation eXchange ...)
	NOT-FOR-US: eXchange POP3
CVE-2006-0536 (Cross-site scripting (XSS) vulnerability in neomail.pl in NeoMail 1.27 ...)
	NOT-FOR-US: NeoMail
CVE-2006-0535 (Multiple cross-site scripting (XSS) vulnerabilities in Community ...)
	NOT-FOR-US: Community Server
CVE-2006-0534 (Multiple cross-site scripting (XSS) vulnerabilities in default.asp in ...)
	NOT-FOR-US: CyberShop Ultimate E-commerce
CVE-2006-0533 (Cross-site scripting (XSS) vulnerability in webmailaging.cgi in cPanel ...)
	NOT-FOR-US: cPanel
	NOTE: Not Debian's cpanel
CVE-2006-0532 (Cross-site scripting (XSS) vulnerability in resultat.asp in SoftMaker ...)
	NOT-FOR-US: SoftMaker Shop
CVE-2006-0531 (Unspecified vulnerability in Sun Java System Access Manager 7.0 allows ...)
	NOT-FOR-US: Sun Java System Access Manager
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...)
	NOT-FOR-US: NukedWeb
CVE-2006-0530 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0529 (Computer Associates (CA) Message Queuing (CAM / CAFT) before 1.07 ...)
	NOT-FOR-US: CA Message Queuing
	NOTE: CA Message Queuing is embeded in a lot of products, but they all seem
	NOTE: to be commercial products (see list in referenced URL)
CVE-2006-0528 (The cairo library (libcairo), as used in GNOME Evolution and possibly ...)
	- evolution 2.2.3-4 (low)
	[sarge] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
	[woody] - evolution <not-affected> (Vulnerability was apparantly introduced in 2.3.1)
CVE-2006-0527 (BIND 4 (BIND4) and BIND 8 (BIND8), if used as a target forwarder, ...)
	- bind 1:8.4.7-1 (low)
	[sarge] - bind <no-dsa> (Architectual limitatiom, upgrade to BIND 9 as a a fix)
	NOTE: BIND 8 is unsuitable for forwarder use because of its
	NOTE: architecture. Upgrade to BIND 9 as a fix.
	NOTE: This was fixed in sid by documenting it as an unfixable design limitation
CVE-2006-0526 (The default configuration of the America Online (AOL) client software ...)
	NOT-FOR-US: AOL
CVE-2006-0525 (Multiple Adobe products, including (1) Photoshop CS2, (2) Illustrator ...)
	NOT-FOR-US: Windows issue
CVE-2006-0524 (Cross-site scripting (XSS) vulnerability in ashnews.php in Derek ...)
	NOT-FOR-US: Derek Ashauer ashnews
CVE-2006-0523 (SQL injection vulnerability in global.php in MyBB before 1.03 allows ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0522 (SQL injection vulnerability in the Authentication Servlet in Symantec ...)
	NOT-FOR-US: Symantec Sygate Management Server
CVE-2006-0521 (Cross-site scripting (XSS) vulnerability in results.php in BrowserCRM ...)
	NOT-FOR-US: Browser CRM
CVE-2006-0520 (SQL injection vulnerability index.php in Dragoran Portal module 1.3 ...)
	NOT-FOR-US: Invision Power Board
CVE-2006-0519 (SPIP 1.8.2-e and earlier and 1.9 Alpha 2 (5539) and earlier allows ...)
	- spip 2.0.6-1 (medium; bug #351336)
CVE-2006-0518 (Cross-site scripting (XSS) vulnerability in index.php3 in SPIP 1.8.2-e ...)
	- spip 2.0.6-1 (medium; bug #351335)
CVE-2006-0517 (Multiple SQL injection vulnerabilities in ...)
	- spip 2.0.6-1 (medium; bug #351334)
CVE-2006-0625 (Directory traversal vulnerability in Spip_RSS.PHP in SPIP 1.8.2g and ...)
	- spip 2.0.6-1 (medium; bug #352076)
	NOTE: http://www.securityfocus.com/bid/16556
CVE-2006-0626 (SQL injection vulnerability in spip_acces_doc.php3 in SPIP 1.8.2g and ...)
	- spip 2.0.6-1 (medium; bug #352077)
	NOTE: http://www.securityfocus.com/bid/16551
CVE-2006-0516 (Unspecified vulnerability in the kernel processing in Solaris 10 64 ...)
	NOT-FOR-US: Solaris
CVE-2006-0515 (Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x ...)
	NOT-FOR-US: Cisco
CVE-2006-0514
	RESERVED
CVE-2006-0513 (Directory traversal vulnerability in pkmslogout in Tivoli Web Server ...)
	NOT-FOR-US: Tivoli
CVE-2006-0512 (PADL MigrationTools 46 creates temporary files insecurely, which ...)
	{DSA-1187-1}
	- migrationtools 46-2.1 (bug #338920; medium)
CVE-2006-0511 (** DISPUTED ** Blackboard Academic Suite 6.0 and earlier does not ...)
	NOT-FOR-US: Blackboard Academic Suite
CVE-2006-0510 (SQL injection vulnerability in userlogin.jsp in Daffodil CRM 1.5 ...)
	NOT-FOR-US: Daffodil
CVE-2006-0509 (Multiple cross-site scripting (XSS) vulnerabilities in clients.php in ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2006-0508 (Easy CMS stores the images directory under the web document root with ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0507 (Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow ...)
	NOT-FOR-US: Easy CMS
CVE-2006-0506 (Cross-site scripting (XSS) vulnerability in index.php in Nuked-klaN ...)
	NOT-FOR-US: Nuked-klaN
CVE-2006-0505 (zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to ...)
	NOT-FOR-US: Zbattle
CVE-2006-0504 (Unspecified vulnerability in MailEnable Enterprise Edition before 1.2 ...)
	NOT-FOR-US: MailEnable Enterprise Edition
CVE-2006-0503 (IMAP service in MailEnable Professional Edition before 1.72 allows ...)
	NOT-FOR-US: MailEnable Professional Edition
CVE-2006-0502 (PHP remote file inclusion vulnerability in loginout.php in FarsiNews ...)
	NOT-FOR-US: FarsiNews
CVE-2006-0501 (Cross-site scripting (XSS) vulnerability in MyCO Guestbook 1.0 allows ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0500 (MyCO Guestbook 1.0 stores the admin directory under the web document ...)
	NOT-FOR-US: MyCo Guestbook
CVE-2006-0499 (Cross-site scripting (XSS) vulnerability in rlink.php in Rlink 1.0.0 ...)
	NOT-FOR-US: Rlink module add-on for phpbb (not included in Debian package)
CVE-2005-4709 (The popSubjectContext method in the SecurityAssociation class in JBoss ...)
	NOT-FOR-US: JBoss Enterprise Java Beans
CVE-2005-4708 (Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute ...)
	NOT-FOR-US: Adobe Macromedia MX products (Captivate, Contribute and eLicensing client)
CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...)
	NOT-FOR-US: Derek Ashauer ashNews
CVE-2006-0498 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0497 (Multiple SQL injection vulnerabilities in PHP GEN before 1.4 allow ...)
	NOT-FOR-US: PHP GEN
CVE-2006-0496 (Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and ...)
	- iceweasel 3.0-1 (unimportant; bug #349339)
	- mozilla-firefox <removed> (unimportant; bug #349339)
	- iceape <removed> (unimportant)
	- xulrunner <unfixed> (unimportant)
	NOTE: This is not a direct vulnerability, but rather the lack of protection
	NOTE: for shooting into own's own foot, so we should treat it as a security
	NOTE: enhancement bug and not as a vulnerability.
CVE-2006-0495 (Cross-site scripting (XSS) vulnerability in the Add Thread to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0494 (Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.02 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0493 (Cross-site scripting (XSS) vulnerability in MG2 (formerly known as ...)
	NOT-FOR-US: MG2
CVE-2006-0492 (Multiple SQL injection vulnerabilities in Calendarix allow remote ...)
	NOT-FOR-US: Calendarix
CVE-2006-0491 (SQL injection vulnerability in SZUserMgnt.class.php in SZUserMgnt 1.4 ...)
	NOT-FOR-US: SZUserMgnt
CVE-2006-0490 (SQL injection vulnerability in login.asp in ASPThai.Net ASPThai Forums ...)
	NOT-FOR-US: ASPThai Forums
CVE-2006-0489 (** DISPUTED ** Buffer overflow in the font command of mIRC, probably ...)
	NOT-FOR-US: mIRC
CVE-2006-0488 (The VDM (Virtual DOS Machine) emulation environment for MS-DOS ...)
	NOT-FOR-US: Microsoft
CVE-2006-0487 (Multiple unspecified vulnerabilities in Tumbleweed MailGate Email ...)
	NOT-FOR-US: Tumbleweed MailGate Email Firewall
CVE-2006-0486 (Certain Cisco IOS releases in 12.2S based trains with maintenance ...)
	NOT-FOR-US: IOS
CVE-2006-0485 (The TCL shell in Cisco IOS 12.2(14)S before 12.2(14)S16, 12.2(18)S ...)
	NOT-FOR-US: IOS
CVE-2006-0484 (Directory traversal vulnerability in Vis.pl, as part of the FACE ...)
	NOT-FOR-US: FACE CONTROL product
CVE-2006-0483 (Cisco VPN 3000 series concentrators running software 4.7.0 through ...)
	NOT-FOR-US: Cisco
CVE-2006-0482 (Linux kernel 2.6.15.1 and earlier, when running on SPARC ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2006-0481 (Heap-based buffer overflow in the alpha strip capability in libpng ...)
	- libpng 1.2.8rel-3 (bug #352902; bug #352918)
	[sarge] - libpng <not-affected> (Only 1.2.7 affected)
	[woody] - libpng <not-affected> (Only 1.2.7 affected)
	[sarge] - libpng3 1.2.8rel-1
CVE-2006-0480 (Cross-site scripting (XSS) vulnerability in the Articles module in ...)
	NOT-FOR-US: sPaiz-Nuke
CVE-2006-0479 (pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, ...)
	NOT-FOR-US: PmWiki
CVE-2006-0478 (CRE Loaded 6.15 allows remote attackers to perform privileged actions, ...)
	NOT-FOR-US: CRE Loaded
CVE-2006-0477 (Buffer overflow in git-checkout-index in GIT before 1.1.5 allows ...)
	- git-core 1.1.5-1 (bug #350274)
CVE-2006-0476 (Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2006-0475 (PHP-Ping 1.3 does not properly validate ping counts, which allows ...)
	NOT-FOR-US: PHP-Ping
CVE-2006-0474 (Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers ...)
	NOT-FOR-US: Shareaza
CVE-2006-0473 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
	NOT-FOR-US: My little homepage
CVE-2006-0472 (Cross-site scripting (XSS) vulnerability in guestbook.php in my little ...)
	NOT-FOR-US: My little homepage
CVE-2006-0471 (Cross-site scripting (XSS) vulnerability in the bbcode function in ...)
	NOT-FOR-US: My little homepage
CVE-2006-0470 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0469 (Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and ...)
	NOT-FOR-US: uebimiau
	NOTE: this had an ITP back in 2002, but it never was done (bug #164116)
CVE-2006-0468 (CommuniGate Pro Core Server before 5.0.7 allows remote attackers to ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-4707 (Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before ...)
	NOT-FOR-US: PHP GEN
CVE-2005-4706 (Unspecified vulnerability in the &quot;privilege management&quot; feature of Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4705 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4704 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4703 (Apache Tomcat 4.0.3, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: Windows Tomcat vulnerability
CVE-2005-4702 (SQL injection vulnerability in the favorites module in index.php in ...)
	NOT-FOR-US: IPBProArcade
CVE-2005-4701 (Unspecified vulnerability in Process File System (procfs) in Sun ...)
	NOT-FOR-US: Solaris 10
CVE-2005-4700 (TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) ...)
	NOT-FOR-US: TellMe
CVE-2005-4699 (Argument injection vulnerability in TellMe 1.2 and earlier allows ...)
	NOT-FOR-US: TellMe
CVE-2005-4698 (Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier ...)
	NOT-FOR-US: TellMe
CVE-2005-4697 (The Microsoft Wireless Zero Configuration system (WZCS) allows local ...)
	NOT-FOR-US: Microsoft
CVE-2005-4696 (The Microsoft Wireless Zero Configuration system (WZCS) stores WEP ...)
	NOT-FOR-US: Microsoft
CVE-2005-4695 (Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2005-4694 (Unspecified vulnerability in the www_add method in Asset.pm in Plain ...)
	NOT-FOR-US: WebGUI
CVE-2005-4693 (Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to ...)
	- gaim-encryption 3.0~beta5-3 (low; bug #337127)
	[sarge] - gaim-encryption <no-dsa> (Minor issue)
CVE-2005-4692 (Unspecified vulnerability in mroovca stats (mroovcastats) before ...)
	NOT-FOR-US: mroovca
CVE-2005-4691 (imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, ...)
	NOT-FOR-US: NetBSD
CVE-2005-4690 (Six Apart Movable Type 3.16 allows local users with blog-creation ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4689 (Six Apart Movable Type 3.16 stores account names and password hashes ...)
	NOT-FOR-US: Six Apart Movable Type
CVE-2005-4688 (PunBB 1.2.9 does not require password entry when changing the e-mail ...)
	NOT-FOR-US: PunBB
CVE-2005-4687 (PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's ...)
	NOT-FOR-US: PunBB
CVE-2005-4686 (PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes ...)
	NOT-FOR-US: PunBB
CVE-2005-4685 (Firefox and Mozilla can associate a cookie with multiple domains when ...)
	NOTE: see CVE-2005-4684
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
	[sarge] - mozilla <no-dsa> (Hardly exploitable)
	- xulrunner <unfixed> (unimportant)
CVE-2005-4684 (Konqueror can associate a cookie with multiple domains when the DNS ...)
	NOTE: http://www.redhat.com/archives/fedora-extras-commits/2006-August/msg01104.html says "ignore (kdebase) not fixed upstream, low, can't fix"
	- kdebase <unfixed> (unimportant)
	[sarge] - kdebase <no-dsa> (Hardly exploitable)
CVE-2005-4683 (PADL MigrationTools 46, when a failure occurs, stores contents of ...)
	- migrationtools 46-2.1 (bug #338920; unimportant)
	NOTE: The temp fix makes use of TMPDIR
CVE-2005-4682 (Cross-site scripting (XSS) vulnerability in error.asp in AudienceView ...)
	NOT-FOR-US: AudienceView
CVE-2005-4681 (** DISPUTED ** Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 ...)
	NOT-FOR-US: mIRC
CVE-2005-4680 (Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-4679 (Internet Explorer 6 for Windows XP Service Pack 2 allows remote ...)
	NOT-FOR-US: Internet Explorer 6
CVE-2005-4678 (Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the ...)
	NOT-FOR-US: Apple
CVE-2005-4677 (SQL injection vulnerability in additional_images.php (aka the ...)
	NOT-FOR-US: osCommerce
CVE-2005-4676 (Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null ...)
	- exiv2 0.9
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...)
	NOT-FOR-US: VMware
CVE-2006-0467 (Unspecified vulnerability in Pioneers (formerly gnocatan) before ...)
	{DSA-964-1}
	[woody] - gnocatan 0.6.1-5woody3
	[sarge] - gnocatan 0.8.1.59-1sarge1
	- pioneers 0.9.49-1 (bug #350237; medium)
CVE-2006-0466 (Cross-site scripting (XSS) vulnerability in search.asp in Goldstag ...)
	NOT-FOR-US: Goldstag Content Management System
CVE-2006-0465 (Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in ...)
	NOT-FOR-US: active121 Site Manager
CVE-2006-0464 (Multiple SQL injection vulnerabilities in index.php in IdeoContent ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0463 (Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows ...)
	NOT-FOR-US: IdeoContent Manager
CVE-2006-0462 (SQL injection vulnerability in comentarios.php in AndoNET Blog ...)
	NOT-FOR-US: AndoNET Blog
CVE-2006-0461 (Cross-site scripting (XSS) vulnerability in core.input.php in ...)
	NOT-FOR-US: ExpressionEngine
CVE-2006-0460 (Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote ...)
	{DSA-997-1}
	- bomberclone 0.11.6.2-1
CVE-2006-0459 (flex.skl in Will Estes and John Millaway Fast Lexical Analyzer ...)
	{DSA-1020-1}
	- flex 2.5.33-1
CVE-2006-0458 (The DCC ACCEPT command handler in irssi before ...)
	- irssi-text <not-affected> (Only 0.8.10rc versions are affected)
CVE-2006-0457 (Race condition in the (1) add_key, (2) request_key, and (3) keyctl ...)
	- linux-2.6 2.6.15-6
CVE-2006-0456 (The strnlen_user function in Linux kernel before 2.6.16 on IBM S/390 ...)
	{DSA-1103}
	- linux-2.6 2.6.16-1
CVE-2006-0455 (gpgv in GnuPG before 1.4.2.1, when using unattended signature ...)
	{DSA-978-1}
	- gnupg 1.4.2.2-1 (bug #353017; bug #353019; bug #354620; medium)
	- gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0454 (Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ...)
	- linux-2.6 2.6.15-5
	[sarge] - kernel-source-2.6.8 <not-affected>
	[sarge] - kernel-source-2.4.27 <not-affected>
CVE-2006-0453 (The LDAP component in Fedora Directory Server 1.0 allow remote ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0452 (dn2ancestor in the LDAP component in Fedora Directory Server 1.0 ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0451 (Multiple memory leaks in the LDAP component in Fedora Directory Server ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2006-0450 (phpBB 2.0.19 and earlier allows remote attackers to cause a denial of ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: As discussed with the phpbb maintainers; this is only a lack of feature
	NOTE: (phpbb2 doesn't allow a kind of rate control for maximum login/searches for
	NOTE: a certain time frame), but not a directly fixable security problem
CVE-2006-0449 (Early termination vulnerability in the IMAP service in E-Post Mail ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0448 (Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0447 (Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail ...)
	NOT-FOR-US: E-Post Mail / SPA-PRO Mail
CVE-2006-0446 (Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote ...)
	NOT-FOR-US: WeBWorK
CVE-2006-0445 (index.php in Phpclanwebsite 1.23.1 allows remote authenticated users ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0444 (SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0443 (Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog ...)
	NOT-FOR-US: CheesyBlog
CVE-2006-0442 (Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0441 (Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote ...)
	NOT-FOR-US: Sami FTP Server
CVE-2006-0440 (Text Rider 2.4 allows attackers to bypass authentication and upload ...)
	NOT-FOR-US: Text Rider
CVE-2006-0439 (Text Rider 2.4 stores sensitive data in the data directory under the ...)
	NOT-FOR-US: Text Rider
CVE-2006-0438 (Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.19, when ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: No real world risk according to maintainer
CVE-2006-0437 (Cross-site scripting (XSS) vulnerability in admin_smilies.php in phpBB ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Intended behaviour according to maintainer
CVE-2006-0436 (Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2006-0435 (Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in ...)
	NOT-FOR-US: Oracle
CVE-2006-0434 (Directory traversal vulnerability in action.php in phpXplorer allows ...)
	NOT-FOR-US: phpXplorer
CVE-2005-4675 (Cross-site scripting (XSS) vulnerability in list.php in Complete PHP ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4674 (Multiple SQL injection vulnerabilities in list.php in Complete PHP ...)
	NOT-FOR-US: Complete PHP Counter
CVE-2005-4673 (ioFTPD 0.5.84 u responds with different messages depending on whether ...)
	NOT-FOR-US: ioFTPD
CVE-2005-4672 (Cross-site scripting (XSS) vulnerability in image-editor-52/index.php ...)
	NOT-FOR-US: CityPost Simple Image-Editor
CVE-2005-4671 (Cross-site scripting (XSS) vulnerability in simple-upload-53.php in ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4670 (Cross-site scripting (XSS) vulnerability in message.php in CityPost ...)
	NOT-FOR-US: CityPost Simple PHP Upload
CVE-2005-4669 (SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin ...)
	NOT-FOR-US: RT Internet Solutions (RTIS) WebAdmin
CVE-2005-4668 (The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK ...)
	NOT-FOR-US: ParoxProxy
CVE-2006-0433 (Selective Acknowledgement (SACK) in FreeBSD 5.3 and 5.4 does not ...)
	- kfreebsd-5 5.4-13
CVE-2006-0432 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0431 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0430 (Certain configurations of BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0429 (BEA WebLogic Server and WebLogic Express 9.0 causes new security ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0428 (Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0427 (Unspecified vulnerability in BEA WebLogic Server and WebLogic Express ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0426 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0425 (BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0424 (BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0423 (BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0422 (Multiple unspecified vulnerabilities in BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0421 (By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0420 (BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2006-0419 (BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-4667 (Buffer overflow in UnZip 5.50 and earlier allows user-assisted ...)
	{DSA-1012-1}
	- unzip 5.52-7 (low; bug #349794)
CVE-2006-0418 (Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 ...)
	NOT-FOR-US: 123 Flash Chat Server
CVE-2006-0417 (SQL injection vulnerability in login.php in miniBloggie 1.0 and ...)
	NOT-FOR-US: miniBloggie
CVE-2006-0416 (SleeperChat 0.3f and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0415 (Cross-site scripting (XSS) vulnerability in index.php in SleeperChat ...)
	NOT-FOR-US: SleeperChat
CVE-2006-0414 (Tor before 0.1.1.20 allows remote attackers to identify hidden ...)
	- tor 0.1.1.11-alpha-1 (bug #349283)
CVE-2006-0413 (Multiple SQL injection vulnerabilities in index.php in NewsPHP allow ...)
	NOT-FOR-US: NewsPHP
CVE-2006-0412 (SQL injection vulnerability in CyberShop allows remote attackers to ...)
	NOT-FOR-US: CyberShop
CVE-2006-0411 (claro_init_local.inc.php in Claroline 1.7.2 uses guessable session ...)
	NOT-FOR-US: Claroline
CVE-2006-0410 (SQL injection vulnerability in ADOdb before 4.71, when using ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (bug #349985; medium)
	- moodle 1.6-1 (bug #360395; medium)
	- cacti 0.8.6d-1 (medium)
CVE-2006-0409 (Cross-site scripting (XSS) vulnerability in index.php in Pixelpost ...)
	NOT-FOR-US: Pixelpost Photoblog
CVE-2006-0408 (rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users ...)
	NOT-FOR-US: Sun Grid Engine
CVE-2006-0407 (Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin ...)
	NOT-FOR-US: AZ Bulletin Board
CVE-2006-0406 (search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0405 (The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 ...)
	- tiff 3.8.0-2 (bug #350715)
	- tiff3 <not-affected> (fixed prior to initial upload)
	[sarge] - tiff <not-affected> (Vulnerability was introduced later)
	[woody] - tiff <not-affected> (Vulnerability was introduced later)
CVE-2006-0404 (Note-A-Day Weblog 2.2 stores sensitive data under the web document ...)
	NOT-FOR-US: Note-A-Day Weblog
CVE-2006-0403 (Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote ...)
	NOT-FOR-US: e-moBLOG
CVE-2006-0402 (SQL injection vulnerability in Zoph before 0.5pre1 allows remote ...)
	{DSA-989-1}
	- zoph 0.5-1 (bug #350717)
CVE-2006-0401 (Unspecified vulnerability in Mac OS X before 10.4.6, when running on ...)
	NOT-FOR-US: Apple
CVE-2006-0400 (CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers ...)
	NOT-FOR-US: Apple
CVE-2006-0399 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0398 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0397 (Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes ...)
	NOT-FOR-US: Apple
CVE-2006-0396 (Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when ...)
	NOT-FOR-US: Apple
CVE-2006-0395 (The Download Validation in Mail in Mac OS X 10.4 does not properly ...)
	NOT-FOR-US: Apple
CVE-2006-0394
	REJECTED
CVE-2006-0393 (OpenSSH in Apple Mac OS X 10.4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: Apple
CVE-2006-0392 (Buffer overflow in Apple Mac OS X 10.4.7 allows user-assisted ...)
	NOT-FOR-US: Apple
CVE-2006-0391 (Directory traversal vulnerability in the BOM framework in Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2006-0390
	REJECTED
CVE-2006-0389 (Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) ...)
	NOT-FOR-US: Apple
CVE-2006-0388 (Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows ...)
	NOT-FOR-US: Apple
CVE-2006-0387 (Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, ...)
	NOT-FOR-US: Apple
CVE-2006-0386 (FileVault in Mac OS X 10.4.5 and earlier does not properly mount user ...)
	NOT-FOR-US: Apple
CVE-2006-0385
	RESERVED
CVE-2006-0384 (automount in Mac OS X 10.4.5 and earlier allows remote file servers to ...)
	NOT-FOR-US: Apple
CVE-2006-0383 (IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 ...)
	NOT-FOR-US: Apple
CVE-2006-0382 (Apple Mac OS X 10.4.5 and allows local users to cause a denial of ...)
	NOT-FOR-US: Apple
CVE-2006-0381 (A logic error in the IP fragment cache functionality in pf in FreeBSD ...)
	- kfreebsd-5 5.4-14
CVE-2006-0380 (A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0379 (FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a ...)
	NOT-FOR-US: FreeBSD, possibly affects kfreebsd-5
CVE-2006-0378 (Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager ...)
	NOT-FOR-US: Netrix X-Site Manager
CVE-2006-0377 (CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354063; bug #355424)
CVE-2006-0376 (The 802.11 wireless client in certain operating systems including ...)
	NOT-FOR-US: Windows
CVE-2006-0375 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0374 (Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 ...)
	NOT-FOR-US: Advantage Century Telecommunication (ACT) P202S IP Phone
CVE-2006-0373 (Cross-site scripting (XSS) vulnerability in register.aspx in Douran ...)
	NOT-FOR-US: Douran FollowWeb
CVE-2006-0372 (Multiple SQL injection vulnerabilities in config.php in Insane Visions ...)
	NOT-FOR-US: Insane Visions BlogPHP
CVE-2006-0371 (Directory traversal vulnerability in index.php in Noah Medling RCBlog ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0370 (Noah Medling RCBlog 1.03 stores the data and config directories under ...)
	NOT-FOR-US: Noah Medling RCBlog
CVE-2006-0369 (** DISPUTED ** ...)
	- mysql-dfsg-4.1 <unfixed> (unimportant)
	NOTE: This isn't a security hole, it's expected behaviour
CVE-2006-0368 (Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2006-0367 (Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 ...)
	NOT-FOR-US: Cisco
CVE-2006-0366 (Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) ...)
	NOT-FOR-US: Phpclanwebsite
CVE-2006-0365 (Cross-site scripting (XSS) vulnerability in XMB (aka extreme message ...)
	NOT-FOR-US: XMB
CVE-2006-0364 (Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0363 (The &quot;Remember my Password&quot; feature in MSN Messenger 7.5 stores ...)
	NOT-FOR-US: MSN Messenger
CVE-2006-0362 (TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, ...)
	NOT-FOR-US: TippingPoint IPS
CVE-2006-0361 (Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0360 (MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to ...)
	NOT-FOR-US: MPM SIP IP Phone
CVE-2006-0359 (Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote ...)
	NOT-FOR-US: eyeBeam SIP Softphone
CVE-2006-0358 (Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 ...)
	NOT-FOR-US: PowerPortal
CVE-2006-0357 (Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, ...)
	NOT-FOR-US: Grant Averett Cerberus FTP Server
CVE-2006-0356 (Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause ...)
	NOT-FOR-US: Ari Pikivirta Home Ftp Server
CVE-2006-0355 (Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers ...)
	NOT-FOR-US: Helmsman Research (aka CoolUtils) HomeFtp
CVE-2006-0354 (Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) ...)
	NOT-FOR-US: Cisco
CVE-2006-0352 (The default configuration of Fluffington FLog 1.01 installs ...)
	NOT-FOR-US: Fluffington FLog
CVE-2006-0351 (Unspecified &quot;critical denial-of-service vulnerability&quot; in MyDNS before ...)
	{DSA-963-1}
	[sarge] - mydns 1.0.0-4sarge1
	- mydns 1.1.0+pre-3 (medium; bug #348826)
CVE-2006-0350 (Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote ...)
	NOT-FOR-US: eggblog
CVE-2006-0349 (SQL injection vulnerability in eggblog 2.0 allows remote attackers to ...)
	NOT-FOR-US: eggblog
CVE-2006-0348 (Format string vulnerability in the write_logfile function in ELOG ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0347 (Directory traversal vulnerability in ELOG before 2.6.1 allows remote ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; medium)
CVE-2006-0346 (Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0345 (Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote ...)
	NOT-FOR-US: SaralBlog
CVE-2006-0344 (Directory traversal vulnerability in Intervations FileCOPA FTP Server ...)
	NOT-FOR-US: FileCOPA FTP Server
CVE-2006-0343 (Unspecified vulnerability in the Port Discovery Standard and Advanced ...)
	NOT-FOR-US: Hitachi JP1/NetInsight II
CVE-2006-0342 (RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0341 (Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe ...)
	NOT-FOR-US: RockLiffe MailSite
CVE-2006-0340 (Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) ...)
	NOT-FOR-US: Cisco
CVE-2006-0339 (Buffer overflow in BitComet Client 0.60 allows remote attackers to ...)
	NOT-FOR-US: BitComet
CVE-2006-0338 (Multiple F-Secure Anti-Virus products and versions for Windows and ...)
	NOT-FOR-US: F-Secure
CVE-2006-0337 (Buffer overflow in multiple F-Secure Anti-Virus products and versions ...)
	NOT-FOR-US: F-Secure
CVE-2006-0336 (Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0335 (Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before ...)
	NOT-FOR-US: Kerio Firewall
CVE-2006-0334 (Cross-site scripting (XSS) vulnerability in search.php in My Amazon ...)
	NOT-FOR-US: My Amazon Store Manager
CVE-2006-0333 (Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote ...)
	NOT-FOR-US: ar-blog
CVE-2006-0332 (Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments ...)
	- ecartis 1.0.0+cvs.20030911-11 (low; bug #348824)
	[sarge] - ecartis <no-dsa> (No real fix available, only rare setups affected, minor exploit potential)
CVE-2006-0331 (Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin ...)
	NOT-FOR-US: Squirrelmail plugin
CVE-2006-0330 (Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 ...)
	{DSA-1148-1}
	- gallery 1.5.2-1
CVE-2006-0329 (SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, ...)
	NOT-FOR-US: HITSENSER Data Mart Server BS
CVE-2006-0328 (Format string vulnerability in Tftpd32 2.81 allows remote attackers to ...)
	NOT-FOR-US: Tftpd32, different from the tftpd in Debian
CVE-2006-0327 (TYPO3 3.7.1 allows remote attackers to obtain sensitive information ...)
	- typo3-src 4.0.2-1 (bug #364351; unimportant)
	NOTE: Only path disclosure
CVE-2006-0326
	RESERVED
CVE-2006-0325 (Etomite Content Management System 0.6, and possibly earlier versions, ...)
	NOT-FOR-US: Etomite CMS
CVE-2006-0324 (SQL injection vulnerability in WebspotBlogging 3.0 allows remote ...)
	NOT-FOR-US: WebspotBlogging
CVE-2006-0323 (Buffer overflow in swfformat.dll in multiple RealNetworks products and ...)
	NOT-FOR-US: Real Player (initial advisory claimed Helix affected, which is incorrect
CVE-2006-0322 (Unspecified vulnerability the edit comment formatting functionality in ...)
	- mediawiki 1.4.15-1 (low)
CVE-2005-4666 (Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 ...)
	NOT-FOR-US: PHlyMail
CVE-2006-0353 (unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to ...)
	{DSA-956-1}
	- lsh-utils 2.0.1cdbs-4 (low; bug #349303)
	NOTE: woody seems to be vulnerable as well (looking at the source code).
CVE-2006-0283 (Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, ...)
	NOT-FOR-US: Oracle
CVE-2006-0321 (fetchmail 6.3.0 and other versions before 6.3.2 allows remote ...)
	- fetchmail 6.3.2-1 (bug #348747; low)
	[sarge] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
	[woody] - fetchmail <not-affected> (regression in fetchmail 6.3.0 and 6.3.1)
CVE-2006-0320 (SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog ...)
	NOT-FOR-US: Bit 5 Blog
CVE-2006-0319 (Directory traversal vulnerability in the FTP server (port 22003/tcp) ...)
	NOT-FOR-US: Farmers WIFE
CVE-2006-0318 (SQL injection vulnerability in index.php in BlogPHP 1.0, when ...)
	NOT-FOR-US: BlogPHP
CVE-2006-0317 (Cross-site scripting (XSS) vulnerability in rkrt_stats.php in ...)
	NOT-FOR-US: RedKernel Referrer Tracker
CVE-2006-0316 (Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) ...)
	NOT-FOR-US: AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control
CVE-2006-0315 (index.php in EZDatabase before 2.1.2 does not properly cleanse the p ...)
	NOT-FOR-US: EZDatabase
CVE-2006-0314 (PDFdirectory before 1.0 stores sensitive data in plaintext, which ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0313 (Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 ...)
	NOT-FOR-US: PDFdirectory
CVE-2006-0312 (create.php in aoblogger 2.3 allows remote attackers to bypass ...)
	NOT-FOR-US: aoblogger
CVE-2006-0311 (SQL injection vulnerability in login.php in aoblogger 2.3 allows ...)
	NOT-FOR-US: aoblogger
CVE-2006-0310 (Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows ...)
	NOT-FOR-US: aoblogger
CVE-2006-0309 (Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote ...)
	NOT-FOR-US: Linksys hardware issue
CVE-2006-0308 (PHP remote file inclusion vulnerability in htmltonuke.php in the ...)
	NOT-FOR-US: HTMLtoNuke
CVE-2006-0307 (The DM Primer in the DM Deployment Common Component in Computer ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0306 (The DM Primer (dmprimer.exe) in the DM Deployment Common Component in ...)
	NOT-FOR-US: CA BrightStor products
CVE-2006-0305 (Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware ...)
	NOT-FOR-US: Clipcomm hardware
CVE-2006-0304 (Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to ...)
	NOT-FOR-US: dual dns server
CVE-2006-0303 (Multiple unspecified vulnerabilities in the (1) publishing component, ...)
	NOT-FOR-US: Joomla!
CVE-2006-0302 (ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 ...)
	NOT-FOR-US: ZyXel hardware
CVE-2006-0301 (Heap-based buffer overflow in Splash.cc in xpdf, as used in other ...)
	{DSA-1019-1 DSA-998-1 DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-974-1 DSA-972-1 DSA-971-1}
	- poppler 0.4.5-1 (medium)
	- tetex-bin 3.0-12 (medium)
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- kdegraphics 4:3.5.1-2 (medium)
	- gpdf 2.10.0-3 (medium)
	- xpdf 3.01-6 (bug #350785; bug #350783; medium)
	- koffice 1.5.0-1 (medium)
	- libextractor 0.5.10-1 (medium)
	- pdfkit.framework 0.8-4 (medium)
	- swftools <not-affected> (splash/ is not included, therefore no vulnerable code)
CVE-2006-0300 (Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted ...)
	{DSA-987-1}
	- tar 1.15.1-3 (bug #354091; high)
	- dpkg <not-affected> (has completely different tar implementation)
	[woody] - tar <not-affected>
CVE-2006-0299 (The E4X implementation in Mozilla Firefox before 1.5.0.1, Thunderbird ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (E4X not implemented in Mozilla 1.7)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0298 (The XML parser in Mozilla Firefox before 1.5.0.1 and SeaMonkey before ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0297 (Multiple integer overflows in Mozilla Firefox 1.5, Thunderbird 1.5 if ...)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	- mozilla <not-affected> (Mozilla 1.7 is not affected)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2006-0296 (The XULDocument.persist function in Mozilla, Firefox before 1.5.0.1, ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	- mozilla 2:1.7.13-0.1
	- thunderbird 1.5.0.2-1
CVE-2006-0295 (Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected>
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- thunderbird 1.5.0.2-1
CVE-2006-0294 (Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript ...)
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird <not-affected> (Only 1.5 is affected)
	- mozilla-thunderbird <removed>
	- thunderbird 1.5.0.2-1
CVE-2006-0293 (The function allocation code (js_NewFunction in jsfun.c) in Firefox ...)
	{DSA-1051-1 DSA-1046-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox <not-affected> (Only Firefox 1.5 is affected)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- mozilla 2:1.7.13-0.1
CVE-2006-0292 (The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.1-1 (bug #351442)
	[sarge] - mozilla-firefox 1.0.4-2sarge6
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8
	- thunderbird 1.5.0.2-1
	- mozilla 2:1.7.13-0.1
CVE-2006-0291 (Multiple unspecified vulnerabilities in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0290 (Unspecified vulnerability in Oracle Database Server 9.2.0.7, ...)
	NOT-FOR-US: Oracle
CVE-2006-0289 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0288 (Multiple unspecified vulnerabilities in the Oracle Reports Developer ...)
	NOT-FOR-US: Oracle
CVE-2006-0287 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0286 (Unspecified vulnerability in the Oracle HTTP Server component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0285 (Unspecified vulnerability in the Java Net component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0284 (Multiple unspecified vulnerabilities in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2006-0282 (Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, ...)
	NOT-FOR-US: Oracle
CVE-2006-0281 (Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 ...)
	NOT-FOR-US: Oracle
CVE-2006-0280 (Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 ...)
	NOT-FOR-US: Oracle
CVE-2006-0279 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0278 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0277 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2006-0276 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite ...)
	NOT-FOR-US: Oracle
CVE-2006-0275 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0274 (Unspecified vulnerability in the Oracle Reports Developer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0273 (Unspecified vulnerability in the Portal component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0272 (Unspecified vulnerability in the XML Database component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0271 (Unspecified vulnerability in the Upgrade &amp; Downgrade component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0270 (Unspecified vulnerability in the Transparent Data Encryption (TDE) ...)
	NOT-FOR-US: Oracle
CVE-2006-0269 (Unspecified vulnerability in the Streams Capture component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0268 (Unspecified vulnerability in the Security component of Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2006-0267 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0266 (Unspecified vulnerability in the Query Optimizer component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0265 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0264
	REJECTED
CVE-2006-0263 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0262 (Unspecified vulnerability in the Net Foundation Layer component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0261 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0260 (Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 ...)
	NOT-FOR-US: Oracle
CVE-2006-0259 (Multiple unspecified vulnerabilities in Oracle Database server ...)
	NOT-FOR-US: Oracle
CVE-2006-0258 (Unspecified vulnerability in the Connection Manager component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0257 (Unspecified vulnerability in the Change Data Capture component of ...)
	NOT-FOR-US: Oracle
CVE-2006-0256 (Unspecified vulnerability in the Advanced Queuing component of Oracle ...)
	NOT-FOR-US: Oracle
CVE-2006-0255 (Unquoted Windows search path vulnerability in Check Point VPN-1 ...)
	NOT-FOR-US: Check Point VPN
CVE-2006-0254 (Multiple cross-site scripting (XSS) vulnerabilities in Apache Geronimo ...)
	- geronimo <itp> (bug #481869)
CVE-2006-0253 (Buffer overflow in the Bluetooth OBEX Object Push service in &quot;Blue ...)
	NOT-FOR-US: AmbiCom Blue Neighbors
CVE-2006-0252 (SQL injection vulnerability in Benders Calendar 1.0 allows remote ...)
	NOT-FOR-US: Benders Calendar
CVE-2006-0251 (Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic ...)
	- faqomatic 2.712-3
CVE-2006-0250 (Format string vulnerability in the snmp_input function in snmptrapd in ...)
	NOT-FOR-US: cmu-snmp-linux fork from CMU SNMP
	NOTE: This bug is present in a fork, not in the mainline
	NOTE: CMU-SNMP/UCD-SNMP/NET-SNMP versions.
CVE-2006-0249 (SQL injection vulnerability in viewcat.php in BitDamaged geoBlog ...)
	NOT-FOR-US: geoBlog
CVE-2006-0248 (Virata-EmWeb web server 6_1_0, as used in (1) Intracom JetSpeed 500 ...)
	NOT-FOR-US: Virata-EmWeb web server
CVE-2006-0247 (Cross-site scripting (XSS) vulnerability in anyboard.cgi in Netbula ...)
	NOT-FOR-US: Anyboard
CVE-2006-0246 (Cross-site scripting (XSS) vulnerability in down.pl in Widexl Download ...)
	NOT-FOR-US: Widexl Download Tracker
CVE-2006-0245 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart ...)
	NOT-FOR-US: CubeCart
CVE-2006-0244 (** DISPUTED ** ...)
	NOT-FOR-US: phpXplorer
CVE-2006-0243 (Cross-site scripting (XSS) vulnerability in SMBCMS 2.1 allows remote ...)
	NOT-FOR-US: SMBCMS
CVE-2006-0242 (Cross-site scripting vulnerability in index.php in PHP Fusebox 4.0.6 ...)
	NOT-FOR-US: PHP Fusebox
CVE-2006-0241 (Cross-site scripting vulnerability in WBNews 1.1.0 and earlier allows ...)
	NOT-FOR-US: WBNews
CVE-2006-0240 (Multiple SQL injection vulnerabilities in Simple Blog 2.1 allow remote ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0239 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Blog 2.1 ...)
	NOT-FOR-US: Simple Blog
CVE-2006-0238 (SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 ...)
	NOT-FOR-US: GaMerZ WP-Stats
CVE-2006-0237 (Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce ...)
	NOT-FOR-US: GTP iCommerce
CVE-2006-0236 (GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, ...)
	[sarge] - mozilla-thunderbird <no-dsa> (Mozilla products from Sarge no longer supported)
CVE-2006-0235 (SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers ...)
	NOT-FOR-US: WhiteAlbum
CVE-2006-0234 (SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows ...)
	NOT-FOR-US: microBlog
CVE-2006-0233 (Cross-site scripting (XSS) vulnerability in functions.php in microBlog ...)
	NOT-FOR-US: microBlog
CVE-2006-0232 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0231 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0230 (Symantec Scan Engine 5.0.0.24, and possibly other versions before ...)
	NOT-FOR-US: Symantec Scan Engine
CVE-2006-0229 (Unquoted Windows search path vulnerability in Wehntrust might allow ...)
	NOT-FOR-US: Wehntrust
CVE-2006-0228 (The RBAC functionality in grsecurity before 2.1.8 does not properly ...)
	- kernel-patch-grsecurity2 2.1.8-1 (bug #349246; medium)
	- kernel-patch-2.4-grsecurity <removed> (bug #349247; medium)
CVE-2006-0227 (Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, ...)
	NOT-FOR-US: lpsched in Sun Solaris
CVE-2006-0226 (Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) ...)
	NOT-FOR-US: freebsd kernel
CVE-2006-0225 (scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands ...)
	- openssh 1:4.3p2-1 (low; bug #349645; bug #352254)
	[sarge] - openssh <no-dsa> (Protocol flaws inherited from rcp)
	- dropbear 0.48-1 (unimportant)
	NOTE: dropbear doesn't include scp in binary package
CVE-2006-0224 (Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 ...)
	{DSA-976-1}
	- libast 0.7-1
CVE-2005-4665 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier ...)
	NOT-FOR-US: PunBB
CVE-2006-0223 (Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat ...)
	NOT-FOR-US: TopCMM
CVE-2006-0222 (Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Template Seller Pro
CVE-2006-0221 (SQL injection vulnerability in index.asp in the Admin Panel in Dragon ...)
	NOT-FOR-US: Dragon Design Services Network (DDSN)
CVE-2006-0220 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 ...)
	NOT-FOR-US: DCP-Portal
CVE-2006-0219 (The original distribution of MyBulletinBoard (MyBB) to update from ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0218 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2006-0217 (Multiple cross-site scripting (XSS) vulnerabilities in Ultimate ...)
	NOT-FOR-US: Ultimate Auction
CVE-2006-0216 (admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0215 (Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2006-0214 (Eval injection vulnerability in ezDatabase 2.0 and earlier allows ...)
	NOT-FOR-US: ezDatabase
CVE-2006-0213 (Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 ...)
	NOT-FOR-US: Kolab Server
	NOTE: libkolab-perl are extensions for this server, but server does not seem to be in debian
CVE-2006-0212 (Directory traversal vulnerability in OBEX Push services in Toshiba ...)
	NOT-FOR-US: Toshiba Bluetooth Stack
CVE-2006-0211 (Cross-site scripting (XSS) vulnerability in forgotPassword.asp in Helm ...)
	NOT-FOR-US: Helm Hosting Control Panel
CVE-2006-0210 (Cross-site scripting (XSS) vulnerability in index.php in Interspire ...)
	NOT-FOR-US: Interspire TrackPoint NX
CVE-2006-0209 (SQL injection vulnerability in general_functions.php in TankLogger 2.4 ...)
	NOT-FOR-US: TankLogger
CVE-2006-0208 (Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and ...)
	- php5 5.1.2-1
	- php4 4:4.4.2-1 (bug #354682; low)
	[sarge] - php4 <no-dsa> (html_errors shouldn't be used)
CVE-2006-0207 (Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow ...)
	{DSA-1331-1}
	- php5 5.1.2-1 (bug #347894)
	- php4 4:4.4.2-1 (bug #354683)
CVE-2006-0206 (Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 ...)
	NOT-FOR-US: Light Weight Calendar
CVE-2006-0205 (Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0204 (Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 ...)
	NOT-FOR-US: Wordcircle
CVE-2006-0203 (membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0202 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0201 (Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP ...)
	NOT-FOR-US: PayPal Web Services
CVE-2006-0200 (Format string vulnerability in the error-reporting feature in the ...)
	- php5 5.1.2-1 (bug #347894; unimportant)
	- php4 <not-affected> (vulnerable code was introduced in PHP5)
	NOTE: Not built into the binary packages
CVE-2006-0199 (SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 ...)
	NOT-FOR-US: Mini-Nuke
CVE-2006-0198 (Cross-site scripting (XSS) vulnerability in a certain module, possibly ...)
	NOT-FOR-US: XOOPS
CVE-2006-0197 (The XClientMessageEvent struct used in certain components of X.Org ...)
	NOTE: Historic X11 bug #349251
CVE-2006-0196 (Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 ...)
	NOT-FOR-US: slsnif
CVE-2006-0195 (Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354062)
CVE-2006-0194 (Cross-site scripting (XSS) vulnerability in default.asp in FogBugz ...)
	NOT-FOR-US: FogBugz
CVE-2006-0193 (Cross-site scripting (XSS) vulnerability in the Hosting Control Panel ...)
	NOT-FOR-US: Positive Software H-Sphere
CVE-2006-0192 (SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 ...)
	NOT-FOR-US: ASPSurvey
CVE-2006-0191 (Unspecified vulnerability in Sun Solaris 10 allows local users to ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0190 (Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform ...)
	NOT-FOR-US: Sun Solaris
CVE-2006-0189 (Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows ...)
	NOT-FOR-US: eStara Softphone
CVE-2006-0188 (webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to ...)
	{DSA-988-1}
	- squirrelmail 2:1.4.6-1 (bug #354064)
CVE-2005-4664 (SQL injection vulnerability in OcoMon 1.21, and possibly other ...)
	NOT-FOR-US: OcoMon
CVE-2005-4663 (Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly ...)
	NOT-FOR-US: OcoMon
CVE-2005-4662 (Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly ...)
	NOT-FOR-US: OcoMon
CVE-2005-4661 (The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail ...)
	NOT-FOR-US: Campsite
CVE-2005-4660 (Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow ...)
	NOT-FOR-US: IPCop
CVE-2005-4659 (IPCop (aka IPCop Firewall) before 1.4.10 has world-readable ...)
	NOT-FOR-US: IPCop
CVE-2005-4658 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ASP-Programmers.com ASPKnowledgebase
CVE-2005-4657 (Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Ocean12
CVE-2005-4656 (SQL injection vulnerability in index.php in TClanPortal 1.1.3 and ...)
	NOT-FOR-US: TClanPortal
CVE-2005-4655 (Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4654 (Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) ...)
	NOT-FOR-US: Oracle
CVE-2005-4653 (Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier ...)
	NOT-FOR-US: AL-Caricatier
CVE-2005-4652 (SQL injection vulnerability in PHlyMail 3.02.01 allows remote ...)
	NOT-FOR-US: PHlyMail
CVE-2005-4651 (SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 ...)
	NOT-FOR-US: AlstraSoft EPay Pro
CVE-2005-4650 (Joomla! 1.03 does not restrict the number of &quot;Search&quot; Mambots, which ...)
	NOT-FOR-US: Joomla!
CVE-2005-4649 (Multiple cross-site scripting (XSS) vulnerabilities in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-4648 (Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and ...)
	NOT-FOR-US: Illustrate dBpowerAMP Music Converter
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2006-2443 (The Debian package of knowledgetree 2.0.7 creates environment.php with ...)
	- knowledgetree 2.0.7-2 (bug #348306; medium)
CVE-2006-0187 (By design, Microsoft Visual Studio 2005 automatically executes code in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0186
	REJECTED
CVE-2006-0185 (Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0184 (Multiple SQL injection vulnerabilities in AspTopSites allow remote ...)
	NOT-FOR-US: AspTopSites
CVE-2006-0183 (Direct static code injection vulnerability in edit.php in ACal ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0182 (login.php in ACal Calendar Project 2.2.5 allows remote attackers to ...)
	NOT-FOR-US: ACal Calendar Project
CVE-2006-0181 (Cisco Security Monitoring, Analysis and Response System (CS-MARS) ...)
	NOT-FOR-US: Cisco
CVE-2006-0180 (Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 ...)
	NOT-FOR-US: CaLogic Calendars
CVE-2006-0179 (The Cisco IP Phone 7940 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2006-0178 (Format string vulnerability in /bin/ftp in UNICOS 9.0.2.2 allows local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0177 (Multiple buffer overflows in Cray UNICOS 9.0.2.2 might allow local ...)
	NOT-FOR-US: Cray UNICOS
CVE-2006-0176 (Buffer overflow in certain functions in src/fileio.c and ...)
	- xmame 0.104-1 (medium; bug #349653)
	NOTE: Only xmame-svgalib is vulnerable, the xmame-x package has a debconf
	NOTE: question, that makes it very clear that setuid root is only for single-user
	NOTE: systems and xmame-sdl and xmess aren't setuid at all
	[sarge] - xmame <no-dsa> (XMame is non-free software)
CVE-2006-0175 (Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2006-0174 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0173 (Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0172 (Cross-site scripting (XSS) vulnerability in the file manager utility ...)
	NOT-FOR-US: Hummingbird Collaboration
CVE-2006-0171 (PHP remote file include vulnerability in index.php in OrjinWeb ...)
	NOT-FOR-US: OrjinWeb E-commerce
CVE-2006-0170
	REJECTED
CVE-2006-0169 (addresses.php3 in MyPhPim 01.05 does not restrict uploaded files, ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0168 (Cross-site scripting (XSS) vulnerability in MyPhPim 01.05 allows ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0167 (SQL injection vulnerability in MyPhPim 01.05 allows remote attackers ...)
	NOT-FOR-US: MyPhPim
CVE-2006-0166 (Symantec Norton SystemWorks and SystemWorks Premier 2005 and 2006 ...)
	NOT-FOR-US: Symantec SystemWorks
CVE-2006-0165 (Cross-site scripting (XSS) vulnerability in the DataForm Entries ...)
	NOT-FOR-US: WebGUI
CVE-2006-0164 (phgstats.inc.php in phgstats before 0.5.1, if register_globals is ...)
	NOT-FOR-US: phgstats
CVE-2006-0163 (SQL injection vulnerability in the search module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2006-0161 (Unspecified vulnerability in uucp in Sun Solaris 8 and 9 has unknown ...)
	NOT-FOR-US: Solaris
CVE-2005-4647 (Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4646 (Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 ...)
	NOT-FOR-US: PEARLINGER Pearl Forums
CVE-2005-4645 (SQL injection vulnerability in index.php in 3CFR allows remote ...)
	NOT-FOR-US: 3CFR
CVE-2005-4644 (Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in ...)
	{DSA-951-2}
	- trac 0.9.3-1
	[sarge] - trac 0.8.1-3sarge4 (medium)
CVE-2005-4643 (SQL injection vulnerability in index.php in Antharia OnContent // CMS ...)
	NOT-FOR-US: Antharia OnContent
CVE-2005-4642 (Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 ...)
	NOT-FOR-US: HydroBB
CVE-2006-0160 (SQL injection vulnerability in add_post.php3 in Venom Board 1.22 ...)
	NOT-FOR-US: Venom Board
CVE-2006-0159 (SQL injection vulnerability in escribir.php in Foro Domus 2.10 allows ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0158 (SQL injection vulnerability in index.php in CyberDoc SiteSuite CMS ...)
	NOT-FOR-US: CyberDoc SiteSuite CMS
CVE-2006-0157 (settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows ...)
	NOT-FOR-US: Reamday Enterprises Magic News Plus
CVE-2006-0156 (Cross-site scripting (XSS) vulnerability in Foxrum 4.0.4f allows ...)
	NOT-FOR-US: Foxforum
CVE-2006-0155 (Cross-site scripting (XSS) vulnerability in posts.php in 427BB 2.2 and ...)
	NOT-FOR-US: 427BB
CVE-2006-0154 (SQL injection vulnerability in showthread.php in 427BB 2.2 and 2.2.1 ...)
	NOT-FOR-US: 427BB
CVE-2006-0153 (427BB 2.2 and 2.2.1 verifies authentication credentials based on the ...)
	NOT-FOR-US: 427BB
CVE-2006-0152 (Cross-site scripting (XSS) in search_result.php in phpChamber 1.2 and ...)
	NOT-FOR-US: phpChamber
CVE-2006-0151 (sudo 1.6.8 and other versions does not clear the PYTHONINSPECT ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (medium)
	NOTE: The whole black list approach is flawed, for the DSA we'll switch to
	NOTE: a white list approach of known to be safe env vars.
CVE-2006-0150 (Multiple format string vulnerabilities in the auth_ldap_log_reason ...)
	{DSA-952-1}
	- libapache-auth-ldap <removed> (bug #347416)
CVE-2006-0149 (Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with ...)
	NOT-FOR-US: SimpBook
CVE-2006-0148 (NetSarang Xlpd 2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: NetSarang Xlpd
CVE-2006-0147 (Dynamic code evaluation vulnerability in tests/tmssql.php test script ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1 (medium)
	- moodle 1.6.3-2 (medium)
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0146 (The server.php test script in ADOdb for PHP before 4.70, as used in ...)
	{DSA-1031-1 DSA-1030-1 DSA-1029-1}
	- libphp-adodb 4.72-0.1 (medium; bug #349985)
	- cacti 0.8.6d-1 (medium)
	- moodle 1.6.3-2 (medium)
	NOTE: exact moodle fixed version not known, but at least <= 1.6.3-2
CVE-2006-0145 (The kernfs_xread function in kernfs in NetBSD 1.6 through 2.1, and ...)
	NOT-FOR-US: NetBSD
CVE-2006-0144 (The proxy server feature in go-pear.php in PHP PEAR 0.2.2, as used in ...)
	NOT-FOR-US: Neither php-pear nor php4-pear ship this file
CVE-2006-0143 (Microsoft Windows Graphics Rendering Engine (GRE) allows remote ...)
	NOT-FOR-US: Windows
CVE-2006-0142 (Cross-site scripting (XSS) vulnerability in andromeda.php in Andromeda ...)
	NOT-FOR-US: Andromeda
CVE-2006-0141 (Qualcomm Eudora Internet Mail Server (EIMS) before 3.2.8 allows remote ...)
	NOT-FOR-US: Eudora
CVE-2006-0140 (Cross-site scripting (XSS) vulnerability in post.php in NavBoard V16 ...)
	NOT-FOR-US: Navboard
CVE-2006-0139 (The send-private-message functionality (send-private-message.asp) in ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2005-4641 (SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote ...)
	NOT-FOR-US: eazyCMS
CVE-2005-4640 (SQL injection vulnerability in index.php in class-1 Poll Software 0.4 ...)
	NOT-FOR-US: class-1 Poll
CVE-2005-4639 (Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST ...)
	- linux-2.6 2.6.15-1 (low)
CVE-2005-4638 (index.php in Kayako SupportSuite 3.00.26 and earlier allow remote ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4637 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: Kayako SupportSuite
CVE-2005-4636 (OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, ...)
	- openoffice.org <unfixed> (unimportant)
	NOTE: This is a non-issue IMO (neilm). OOo just launches a web browser.
	NOTE: If the admin doesn't web browsing, why is one installed/enabled?
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2006-0162 (Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...)
	{DSA-947-1}
	- clamav 0.88-1
CVE-2006-0138 (aMSN (aka Alvaro's Messenger) allows remote attackers to cause a ...)
	- amsn 0.98.9-1 (low; bug #557754)
	[squeeze] - amsn <no-dsa> (minor issue)
	[etch] - amsn <no-dsa> (minor issue)
	[lenny] - amsn <no-dsa> (minor issue)
CVE-2006-0137 (SQL injection vulnerability in linkcategory.php in Phanatic Softwares ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0136 (Multiple cross-site scripting (XSS) vulnerabilities in the guestbook ...)
	NOT-FOR-US: Phanatic Softwares Chimera Web Portal System
CVE-2006-0135 (SQL injection vulnerability in login.php in TheWebForum (twf) 1.2.1 ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0134 (Cross-site scripting (XSS) vulnerability in register.php in ...)
	NOT-FOR-US: TheWebForum
CVE-2006-0133 (Multiple directory traversal vulnerabilities in AIX 5.3 ML03 allow ...)
	NOT-FOR-US: AIX
CVE-2006-0132 (Directory traversal vulnerability in webftp.php in SysCP WebFTP 1.2.6 ...)
	NOT-FOR-US: SysCP WebFTP
CVE-2006-0131 (boastMachine 3.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: boastMachine
CVE-2006-0130 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0129 (Mail Management Agent (MAILMA) (aka Mail Management Server) in ...)
	NOT-FOR-US: Mail Management Agent
CVE-2006-0128 (Buffer overflow in the IMAP service of Rockliffe MailSite before ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0127 (Directory traversal vulnerability in the IMAP service of Rockliffe ...)
	NOT-FOR-US: Rockliffe MailSite
CVE-2006-0126 (rxvt-unicode before 6.3, on certain platforms that use openpty and ...)
	- rxvt-unicode 6.3-1
	[sarge] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
	[woody] - rxvt-unicode <not-affected> (rxvt-unicode author disagrees with CVE, GNU/Linux not affected - see 6.3 entry in http://dist.schmorp.de/rxvt-unicode/Changes)
CVE-2006-0125 (Unspecified vulnerability in appserv/main.php in AppServ 2.4.5 allows ...)
	NOT-FOR-US: AppServ
CVE-2006-0124 (Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0123 (Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote ...)
	NOT-FOR-US: ADN Forum
CVE-2006-0122 (Cross-site scripting (XSS) vulnerability in Public/Index.asp in ...)
	NOT-FOR-US: Aquifer CMS
CVE-2006-0121 (Multiple memory leaks in IBM Lotus Notes and Domino Server before ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0120 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0119 (Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0118 (Unspecified vulnerability in IBM Lotus Notes and Domino Server before ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0117 (Buffer overflow in IBM Lotus Notes and Domino Server before 6.5.5 ...)
	NOT-FOR-US: Notes/Domino
CVE-2006-0116 (Cross-site scripting vulnerability search.inetstore in iNETstore ...)
	NOT-FOR-US: iNETstore Ebusiness Software
CVE-2006-0115 (Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug ...)
	NOT-FOR-US: OnePlug Solutions OnePlug CMS
CVE-2006-0114 (The vCard functions in Joomla! 1.0.5 use predictable sequential IDs ...)
	NOT-FOR-US: Joomla!
CVE-2006-0113 (Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0112 (Cross-site scripting (XSS) vulnerability in index.php in Enhanced ...)
	NOT-FOR-US: Enhanced Simple PHP Gallery
CVE-2006-0111 (Cross-site scripting vulnerability in index.php in Boxcar Media ...)
	NOT-FOR-US: Boxcar Media Shopping Cart
CVE-2006-0110 (Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus ...)
	NOT-FOR-US: Foro Domus
CVE-2006-0109 (Cross-site scripting vulnerability in category.php in Modular Merchant ...)
	NOT-FOR-US: Modular Merchant Shopping Cart
CVE-2006-0108 (SQL injection vulnerability in mcl_login.asp in Timecan CMS allows ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0107 (SQL injection vulnerability in Timecan CMS allows remote attackers to ...)
	NOT-FOR-US: Timecan CMS
CVE-2006-0105 (PostgreSQL 8.0.x before 8.0.6 and 8.1.x before 8.1.2, when running on ...)
	NOT-FOR-US: PostgreSQL on Windows
CVE-2006-0104 (Directory traversal vulnerability in TinyPHPForum 3.6 and earlier ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0103 (TinyPHPForum 3.6 and earlier stores the (1) users/[USERNAME].hash and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0102 (Cross-site scripting (XSS) vulnerability in TinyPHPForum (TPF) 3.6 and ...)
	NOT-FOR-US: TinyPHPForum
CVE-2006-0101 (Multiple cross-site scripting (XSS) vulnerabilities in sBLOG 0.7.1 ...)
	NOT-FOR-US: sBLOG
CVE-2006-0100 (Buffer overflow in NicoFTP 3.0.1.19 and earlier might allow local ...)
	NOT-FOR-US: NicoFTP
CVE-2006-0099 (PHP remote file include vulnerability in (1) ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2006-0098 (The dupfdopen function in sys/kern/kern_descrip.c in OpenBSD 3.7 and ...)
	NOT-FOR-US: OpenBSD
CVE-2006-0097 (Stack-based buffer overflow in the create_named_pipe function in ...)
	- php4 <not-affected> (Windows specific)
	- php5 <not-affected> (Windows specific)
CVE-2006-0096 (wan/sdla.c in Linux kernel 2.6.x before 2.6.11 and 2.4.x before 2.4.29 ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 2.4.27-8
CVE-2006-0095 (dm-crypt in Linux kernel 2.6.15 and earlier does not clear a structure ...)
	{DSA-1017-1}
	- linux-2.6 2.6.16-1
	- kernel-source-2.4.27 <not-affected> (2.4 doesn't have dm-crypt)
CVE-2006-0094 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
	NOT-FOR-US: oaBoard
CVE-2006-0093 (Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP ...)
	NOT-FOR-US: @Card ME PHP
CVE-2006-0092
	REJECTED
CVE-2006-0091 (Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange ...)
	NOT-FOR-US: Open-Xchange
CVE-2006-0090 (Directory traversal vulnerability in index.php in IDV Directory Viewer ...)
	NOT-FOR-US: IDV Directory Viewer
CVE-2006-0089 (Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to ...)
	NOT-FOR-US: ESRI ArcPad
CVE-2006-0088 (SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha ...)
	NOT-FOR-US: inTouch
CVE-2006-0087 (SQL injection vulnerability in (1) pages.php and (2) detail.php in ...)
	NOT-FOR-US: Lizard Cart
CVE-2006-0086 (Cross-site scripting vulnerability in index.php in Next Generation ...)
	NOT-FOR-US: Next Generation Image Gallery
CVE-2006-0085 (SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote ...)
	NOT-FOR-US: Nkads
CVE-2006-0084 (Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and ...)
	NOT-FOR-US: raSMP
CVE-2005-4635 (The nl_fib_input function in fib_frontend.c in the Linux kernel before ...)
	NOTE: Unclear, whether this is really exploitable, re-pinged Dann and Horms
CVE-2005-4634 (SQL injection vulnerability in index.php in ActiveCampaign SupportTrio ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-4633
	REJECTED
CVE-2005-4632 (SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and ...)
	NOT-FOR-US: Vote!Pro
CVE-2005-4631 (SQL injection vulnerability in index.php in Zina 0.12.07 and earlier ...)
	NOT-FOR-US: Zina
CVE-2005-4630 (SQL injection vulnerability in index.php in ClientExec 2.3 allows ...)
	NOT-FOR-US: ClientExec
CVE-2005-4629 (SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to ...)
	NOT-FOR-US: SMBCMS
CVE-2005-4628 (SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and ...)
	NOT-FOR-US: HelpDeskPoint
CVE-2005-4627 (Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite ...)
	NOT-FOR-US: GmailSite
CVE-2005-4626 (The default configuration of Recruitment Software installs ...)
	NOT-FOR-US: Recruitment Software
CVE-2005-4625 (Drivers for certain display adapters, including (1) an unspecified ATI ...)
	NOT-FOR-US: Strange Windows drivers
CVE-2005-4624 (The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows ...)
	NOT-FOR-US: PTnet ircd
CVE-2005-4623 (upload.exe in eFileGo 3.01 allows remote attackers to cause a denial ...)
	NOT-FOR-US: eFileGo
CVE-2005-4622 (Directory traversal vulnerability in eFileGo 3.01 allows remote ...)
	NOT-FOR-US: eFileGo
CVE-2005-4621 (Cross-site scripting (XSS) vulnerability in the editavatar page in ...)
	NOT-FOR-US: vBulletin
CVE-2005-4620 (Buffer overflow in WinRAR 3.50 and earlier allows local users to ...)
	NOT-FOR-US: WinRAR
CVE-2005-4619 (SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum ...)
	NOT-FOR-US: phpoutsourcing Zorum Forum
CVE-2005-4618 (Buffer overflow in sysctl in the Linux Kernel 2.6 before 2.6.15 allows ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.15-1
CVE-2006-0083 (Format string vulnerability in the logging code of SMS Server Tools ...)
	{DSA-930-2 DSA-930-1}
	- smstools 1.16-1.1 (bug #347221; medium)
CVE-2006-0106 (gdi/driver.c and gdi/printdrv.c in Wine 20050930, and other versions, ...)
	{DSA-954-1 CVE-2005-4560}
	- wine 0.9.2-1 (bug #346197; medium)
CVE-2006-0082 (Format string vulnerability in the SetImageInfo function in image.c ...)
	{DSA-1213}
	- imagemagick 6:6.2.4.5-0.6 (bug #345876)
CVE-2005-XXXX [World-readable config file with sensitive data in b2evolution]
	- b2evolution 0.9.1b-4 (bug #344000)
CVE-2006-0081 (ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics ...)
	NOT-FOR-US: Intel
CVE-2006-0080 (Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and ...)
	NOT-FOR-US: vBulletin
CVE-2006-0079 (SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 ...)
	NOT-FOR-US: ScozNet
CVE-2006-0078 (Multiple cross-site scripting (XSS) vulnerabilities in B-net Software ...)
	NOT-FOR-US: B-Net Software
CVE-2006-0077 (Off-by-one error in the getfattr function in File::ExtAttr before 0.03 ...)
	NOT-FOR-US: File::ExtAttr
CVE-2006-0076 (PHP remote file include vulnerability in forum.php in oaBoard 1.0 ...)
	NOT-FOR-US: oaBoard
CVE-2006-0075 (Direct static code injection vulnerability in phpBook 1.3.2 and ...)
	NOT-FOR-US: phpBook
CVE-2006-0074 (SQL injection vulnerability in profile.php in PHPenpals allows remote ...)
	NOT-FOR-US: PHPenpals
CVE-2006-0073 (Cross-site scripting (XSS) vulnerability in DiscusWare Discus Freeware ...)
	NOT-FOR-US: DiscusWare Discus
CVE-2006-0072 (Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote ...)
	NOT-FOR-US: SCO Openserver
CVE-2006-0071 (The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid ...)
	- pinentry <not-affected> (Gentoo-specific packaging flaw)
CVE-2006-0070 (** DISPUTED ** ...)
	- drupal <not-affected> (According to upstream advisory is junk, behaviour intentional)
	NOTE: This will probably be REJECTED anyway
CVE-2006-0069 (Cross-site scripting (XSS) vulnerability in addentry.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Guestbook
CVE-2006-0068 (SQL injection vulnerability in Primo Cart 1.0 and earlier allows ...)
	NOT-FOR-US: Primo Cart
CVE-2006-0067 (SQL injection vulnerability in login.php in VEGO Links Builder 2.00 ...)
	NOT-FOR-US: VEGO Links Builder
CVE-2006-0066 (SQL injection vulnerability in index.php in PHPjournaler 1.0 allows ...)
	NOT-FOR-US: PHPjournaler
CVE-2006-0065 (SQL injection vulnerability in (1) functions.php, (2) ...)
	NOT-FOR-US: VEGO Web Forum
CVE-2006-0064 (PHP remote file include vulnerability in includes/orderSuccess.inc.php ...)
	NOT-FOR-US: CubeCart
CVE-2006-0063 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when ...)
	- phpbb2 2.0.21-1 (unimportant)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
	NOTE: (Upstream fix was in 2.0.20.)
CVE-2005-4617 (SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier ...)
	NOT-FOR-US: cSupport
CVE-2005-4616 (SQL injection vulnerability in index.php in iSupport 1.06 allows ...)
	NOT-FOR-US: iSupport
CVE-2005-4615 (SQL injection vulnerability in news.php in DapperDesk 3.0.1 and ...)
	NOT-FOR-US: DapperDesk
CVE-2005-4614 (Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier ...)
	NOT-FOR-US: digiSHOP
CVE-2005-4613 (Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4612 (Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote ...)
	NOT-FOR-US: VUBB alpha
CVE-2005-4611 (SQL injection vulnerability in search.php in Free ClickBank 1.0 and ...)
	NOT-FOR-US: Free ClickBank
CVE-2005-4610 (Format string vulnerability in the server for Dopewars before 1.5.12, ...)
	- dopewars <not-affected> (According to upstream Windows-specific)
CVE-2005-4609 (index.php in BugPort 1.147 and earlier allows remote attackers to ...)
	NOT-FOR-US: BugPort
CVE-2005-4608 (SQL injection vulnerability in index.php in BugPort 1.147 allows ...)
	NOT-FOR-US: BugPort
CVE-2005-4607 (Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 ...)
	NOT-FOR-US: BugPort
CVE-2005-4606 (SQL injection vulnerability in check_user.asp in multiple Web Wiz ...)
	NOT-FOR-US: Web Wiz
CVE-2005-4605 (The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1
	- kernel-source-2.4.27 <not-affected> (2.4's proc_file_lseek contains a sanity check)
CVE-2005-XXXX [xshisen follows symlinks for shared gid games files]
	- xshisen 1.51-1-2 (bug #291613)
CVE-2006-0062 [Potential xlockmore bypass]
	RESERVED
	- xlockmore 1:5.13-2.1 (bug #309760)
CVE-2006-0061 [xlock segfaults when using libpam-opensc]
	RESERVED
	- xlockmore 1:5.22-1.2 (bug #318123; bug #399003; low)
	[sarge] - xlockmore <no-dsa> (Minor issue)
CVE-2006-0060
	RESERVED
CVE-2006-0059 (Heap-based buffer overflow in the ISO Transport Service over TCP (RFC ...)
	NOT-FOR-US: LiveData
CVE-2006-0058 (Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows ...)
	{DSA-1015-1}
	- sendmail 8.13.6-1 (bug #358440; high)
CVE-2006-0057 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2006-0056 (Double free vulnerability in the authentication and authentication ...)
	- pam-mysql 0.6.2-1 (bug #353589; medium)
	[sarge] - pam-mysql <not-affected> (Vulnerable code not present)
CVE-2006-0055 (The ispell_op function in ee on FreeBSD 4.10 to 6.0 uses predictable ...)
	- ee 1:1.4.2-5 (bug #348322)
CVE-2006-0054 (The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to ...)
	NOT-FOR-US: FreeBSD
CVE-2005-4604 (Buffer overflow in MTink in the printer-filters-utils package allows ...)
	- mtink <not-affected> (mtink not installed SUID root)
CVE-2005-4603 (Cross-site scripting (XSS) vulnerability in printthread.php in MyBB ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4602 (SQL injection vulnerability in inc/function_upload.php in MyBB before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4600 (Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
	- moodle <not-affected> (has newer version)
	- wordpress 2.5.1-3
	[etch] - wordpress <not-affected> (Vulnerable code not present)
	NOTE: this was possibly fixed before 2.5.1 in wordpress but since 2.5.1-3 wordpress
	NOTE: uses the system copy of tinymce and the exact fixed version is not
	NOTE: really determinably anymore
CVE-2005-4599 (Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-4598 (Cross-site scripting (XSS) vulnerability in home.php in OoApp ...)
	NOT-FOR-US: OoApp Guestbook
CVE-2005-4597 (Cross-site scripting (XSS) vulnerability in index.php in iPei ...)
	NOT-FOR-US: iPei Guestbook
CVE-2005-4596 (Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook ...)
	NOT-FOR-US: AdesGuestbook
CVE-2005-4595 (Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView ...)
	NOT-FOR-US: NView and XnView, different from nview from nvi
CVE-2005-4594 (Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers ...)
	NOT-FOR-US: TUGZip
CVE-2005-4593 (PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and ...)
	NOT-FOR-US: phpDocumentor
CVE-2005-4592 (Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Only some 0.96 CVS versions were affected)
CVE-2005-4591 (Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, ...)
	- bogofilter 0.96.3
	[sarge] - bogofilter <not-affected> (Sarge version doesn't include Unicode)
CVE-2005-4590 (Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4589 (Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the ...)
	NOT-FOR-US: Spb Kiosk Engine
CVE-2005-4588 (Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote ...)
	NOT-FOR-US: Koobi
CVE-2005-4587 (Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote ...)
	NOT-FOR-US: Juniper
CVE-2005-4586 (Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 ...)
	NOT-FOR-US: PHPSurveyor
CVE-2005-XXXX [snort: DoS in verbose mode]
	- snort 2.3.3-2 (bug #328134; low)
	[woody] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
	[sarge] - snort <no-dsa> (Only exploitable in obscure setups not used in production environments, see #328134)
CVE-2005-4601 (The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers ...)
	{DSA-957-2}
	- imagemagick 6:6.2.4.5-0.6 (bug #345238; medium)
	NOTE: Exploitable through Gnus and Thunderbird.
	- graphicsmagick 1.1.7-1
CVE-2006-0053 (Imager (libimager-perl) before 0.50 allows user-assisted attackers to ...)
	{DSA-1028-1}
	- libimager-perl 0.50-1 (bug #359661)
CVE-2006-0052 (The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, ...)
	{DSA-1027-1}
	- mailman 2.1.6-1 (bug #358892)
CVE-2006-0051 (Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through ...)
	{DSA-1023-1}
	- kaffeine 0.8-1
CVE-2006-0050 (snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary ...)
	{DSA-1013-1}
	- snmptrapfmt 1.10
CVE-2006-0049 (gpg in GnuPG before 1.4.2.2 does not properly verify non-detached ...)
	{DSA-993-2}
	- gnupg 1.4.2.2-1 (bug #356125; medium)
	- gnupg2 <not-affected> (Vulnerable code not activated)
CVE-2006-0048 (Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a ...)
	- tcpick 0.2.1-3 (bug #360571; low)
	[sarge] - tcpick <no-dsa> (Minor issue)
CVE-2006-0047 (packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause ...)
	{DSA-994-1}
	- freeciv 2.0.8-1 (medium; bug #355211)
CVE-2006-0046 (squid_redirect script in adzapper before 2006-01-29 allows remote ...)
	{DSA-966-1}
	- adzapper 20060115-1
CVE-2006-0045 (crawl before 4.0.0 does not securely call programs when saving and ...)
	{DSA-949-1}
	- crawl 1:4.0.0beta26-7 (medium)
CVE-2006-0044 (Unspecified vulnerability in context.py in Albatross web application ...)
	{DSA-942-1}
	- albatross 1.33-1
CVE-2005-4585 (Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to ...)
	- ethereal 0.10.14-1 (bug #345243; low)
	NOTE: This affects Woody and Sarge
CVE-2005-4584 (BZFlag server 2.0.4 and earlier allows remote attackers to cause a ...)
	- bzflag 2.0.6.20060412-1 (bug #345245; low)
	[sarge] - bzflag <no-dsa> (Minor DoS against a game)
CVE-2005-4583 (Unspecified vulnerability in the Management Interface in VMware ESX ...)
	NOT-FOR-US: VMWare
CVE-2005-4582 (Electric Sheep 2.6.3 does not require authentication or integrity ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: Even an authenticated server might serve unwanted content, so
	NOTE: this can't be considered a real vulnerability.
CVE-2005-4581 (Buffer overflow in Electric Sheep 2.6.3 client allows local users to ...)
	- electricsheep 2.6.3+cvs20051206-1 (unimportant)
	NOTE: This does not seem to be exploitable.
CVE-2005-4580 (Cross-site scripting (XSS) vulnerability in Day Communique 4 allows ...)
	NOT-FOR-US: Day Communique
CVE-2005-4579 (Multiple HTTP response splitting vulnerabilities in Hitachi Business ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4578 (Multiple SQL injection vulnerabilities in Hitachi Business Logic - ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4577 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Business Logic
CVE-2005-4576 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Fatwire Update Engine
CVE-2005-4575 (PaperThin CommonSpot Content Server 4.5 and earlier allow remote ...)
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4574 (Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin ...)
	{DSA-1201-1}
	NOT-FOR-US: CommonSpot Content Server
CVE-2005-4573 (PHP remote file include vulnerability in plog-admin-functions.php in ...)
	NOT-FOR-US: Plogger
CVE-2005-4572 (Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4571 (Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart ...)
	NOT-FOR-US: myEZshop Shopping Cart
CVE-2005-4570 (The Internet Key Exchange version 1 (IKEv1) implementations in ...)
	NOT-FOR-US: FortiOS
CVE-2005-4569 (Stack-based buffer overflow in index.fts in FTGate Technology ...)
	NOT-FOR-US: FTGate
CVE-2005-4568 (Multiple format string vulnerabilities in FTGate Technology (formerly ...)
	NOT-FOR-US: FTGate
CVE-2005-4567 (Multiple cross-site scripting (XSS) vulnerabilities in FTGate ...)
	NOT-FOR-US: FTGate
CVE-2005-4566 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
	NOT-FOR-US: NetVanta
CVE-2005-4565 (Format string vulnerability in the Internet Key Exchange version 1 ...)
	NOT-FOR-US: NetVanta
CVE-2005-4564 (The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN ...)
	NOT-FOR-US: NetVanta
CVE-2005-4563 (SQL injection vulnerability in main.php in Enterprise Heart Enterprise ...)
	NOT-FOR-US: Enterprise Heart Enterprise Connector
CVE-2005-4562
	REJECTED
CVE-2005-4561
	REJECTED
CVE-2005-4560 (The Windows Graphical Device Interface library (GDI32.DLL) in ...)
	{CVE-2006-0106}
	NOT-FOR-US: Microsoft
CVE-2005-4559 (mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4558 (IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4557 (dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4556 (PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2005-4555 (Cross-site scripting (XSS) vulnerability in add.php in DEV web ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4554 (Multiple SQL injection vulnerabilities in DEV web management system ...)
	NOT-FOR-US: DEV web management system
CVE-2005-4553 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-4552 (The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 ...)
	NOT-FOR-US: Sun Solaris PC NetLink
CVE-2005-4551 (Cross-site scripting (XSS) vulnerability in sign.php in codegrrl ...)
	NOT-FOR-US: codegrrl SimpBook
CVE-2005-4550 (The PORTAL schema in Oracle Application Server (OracleAS) Discussion ...)
	NOT-FOR-US: Oracle
CVE-2005-4549 (Cross-site scripting (XSS) vulnerability in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2005-4548 (SQL injection vulnerability in the &quot;user area&quot; in RWS Statistics ...)
	NOT-FOR-US: RWS Statistics Counter
CVE-2005-4547 (Cross-site scripting (XSS) vulnerability in home/search.php in eggblog ...)
	NOT-FOR-US: eggblog
CVE-2005-4546 (search.php in eggblog 2.0 allows remote attackers to obtain the full ...)
	NOT-FOR-US: eggblog
CVE-2005-4545 (Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ...)
	NOT-FOR-US: NetDirect ShopEngine
CVE-2005-4544
	REJECTED
CVE-2005-4543
	REJECTED
CVE-2005-4542
	REJECTED
CVE-2005-4541
	REJECTED
CVE-2005-4540
	REJECTED
CVE-2005-4539
	REJECTED
CVE-2005-4538
	REJECTED
CVE-2005-4537
	REJECTED
CVE-2005-4536 (Mail::Audit module in libmail-audit-perl 2.1-5, when logging is ...)
	{DSA-960-3}
	- libmail-audit-perl 2.1-5.1 (bug #344029; medium)
CVE-2005-4535
	REJECTED
CVE-2005-4533 (Argument injection vulnerability in scponlyc in scponly 4.1 and ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4532 (scponlyc in scponly 4.1 and earlier, when the operating system ...)
	{DSA-969-1}
	- scponly 4.6-1 (bug #344418)
CVE-2005-4531
	REJECTED
CVE-2005-4530 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: EPay Enterprise
CVE-2005-4529 (The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4528 (SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB ...)
	NOT-FOR-US: phpBB addon
CVE-2005-4527 (Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote ...)
	NOT-FOR-US: Direct News
CVE-2005-4526 (Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 ...)
	NOT-FOR-US: MIMEsweeper For Web
CVE-2005-4525 (SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local ...)
	NOT-FOR-US: Sygate
CVE-2005-4524 (Mantis 1.0.0rc3 does not properly handle &quot;Make note private&quot; when a ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4523 (Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4522 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4521 (CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4520 (Unspecified &quot;port injection&quot; vulnerabilities in filters in Mantis ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4519 (Multiple SQL injection vulnerabilities in the manage user page ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4518 (Mantis before 0.19.4 allows remote attackers to bypass the file upload ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4517 (SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4516 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4515 (** DISPUTED ** ...)
	NOT-FOR-US: WebDB
CVE-2005-4514 (** DISPUTED ** ...)
	NOT-FOR-US: Webwasher
CVE-2005-4513 (Cross-site scripting (XSS) vulnerability in WANDSOFT e-SEARCH allows ...)
	NOT-FOR-US: WANDSOFT e-SEARCH
CVE-2005-4512 (Cross-site scripting (XSS) vulnerability in WAXTRAPP 3.0.1 and earlier ...)
	NOT-FOR-US: WAXTRAPP
CVE-2005-4511 (Format string vulnerability in TN3270 Resource Gateway 1.1.0 allows ...)
	NOT-FOR-US: TN3270 Resource Gateway
CVE-2005-4510 (Directory traversal vulnerability in server.np in NetPublish Server 7 ...)
	NOT-FOR-US: Netpublish Server
CVE-2005-4509 (SQL injection vulnerability in index.asp in pTools allows remote ...)
	NOT-FOR-US: pTools
CVE-2005-4508 (Nexus Concepts Dev Hound 2.24 and earlier allows remote attackers to ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4507 (Multiple cross-site scripting (XSS) vulnerabilities in Nexus Concepts ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4506 (Nexus Concepts Dev Hound 2.24 and earlier stores username and password ...)
	NOT-FOR-US: Nexus Concepts Dev Hound
CVE-2005-4505 (Unquoted Windows search path vulnerability in McAfee VirusScan ...)
	NOT-FOR-US: McAfee
CVE-2005-4504 (The khtml::RenderTableSection::ensureRows function in KHTMLParser in ...)
	- kdelibs <not-affected>
	NOTE: Konqueror from sid doesn't crash, will test an older version later
CVE-2005-4503 (httprint v202, and possibly other versions before v301, allows remote ...)
	NOT-FOR-US: httprint
CVE-2005-4502 (Cross-site scripting (XSS) vulnerability in httprint v202, and ...)
	NOT-FOR-US: httprint
CVE-2005-4501 (MediaWiki before 1.5.4 uses a hard-coded &quot;internal placeholder ...)
	- mediawiki 1.4.13-1 (bug #345280)
CVE-2005-4500 (SQL injection vulnerability in MusicBox 2.3 allows remote attackers to ...)
	NOT-FOR-US: MusicBox
CVE-2005-4499 (The Downloadable RADIUS ACLs feature in Cisco PIX and VPN 3000 ...)
	NOT-FOR-US: Cisco
CVE-2005-4498 (Cross-site scripting (XSS) vulnerability in Text-e 1.6.4 and earlier ...)
	NOT-FOR-US: Text-e
CVE-2005-4497 (Cross-site scripting (XSS) vulnerability in Tangora Portal CMS 4.0 and ...)
	NOT-FOR-US: Tangora Portal
CVE-2005-4496 (Cross-site scripting (XSS) vulnerability in search in SyntaxCMS 1.2.1 ...)
	NOT-FOR-US: Syntax CMS
CVE-2005-4495 (** DISPUTED ** ...)
	NOT-FOR-US: SpireMedia
CVE-2005-4494 (Cross-site scripting (XSS) vulnerability in SPIP 1.8.2 and earlier ...)
	- spip 2.0.6-1 (medium; bug #352078)
CVE-2005-4493 (Cross-site scripting (XSS) vulnerability in SpearTek 6.0 and earlier ...)
	NOT-FOR-US: SpearTek
CVE-2005-4492 (Cross-site scripting (XSS) vulnerability in Starphire SiteSage 5.0.18 ...)
	NOT-FOR-US: Starphire SiteSage
CVE-2005-4491 (Multiple cross-site scripting (XSS) vulnerabilities in Sitekit CMS 6.6 ...)
	NOT-FOR-US: Sitekit CMS
CVE-2005-4490 (Multiple cross-site scripting (XSS) vulnerabilities in SCOOP! 2.3 and ...)
	NOT-FOR-US: SCOOP!
CVE-2005-4489 (Cross-site scripting (XSS) vulnerability in Scoop 1.1 RC1 and earlier ...)
	NOT-FOR-US: Scoop
CVE-2005-4488 (Multiple cross-site scripting (XSS) vulnerabilities in index.tpl in ...)
	NOT-FOR-US: Redakto WCMS
CVE-2005-4487 (Cross-site scripting (XSS) vulnerability in RAMSite R|1 CMS 1.0 and ...)
	NOT-FOR-US: RAMSite
CVE-2005-4486 (** DISPUTED ** ...)
	NOT-FOR-US: Quantum Art
CVE-2005-4485 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectApp 3.3 ...)
	NOT-FOR-US: ProjectApp
CVE-2005-4484 (Multiple cross-site scripting (XSS) vulnerabilities in IntranetApp 3.3 ...)
	NOT-FOR-US: IntranetApp
CVE-2005-4483 (Cross-site scripting (XSS) vulnerability in login.asp in SiteEnable ...)
	NOT-FOR-US: SiteEnable
CVE-2005-4482 (Cross-site scripting (XSS) vulnerability in login.asp in PortalApp 3.3 ...)
	NOT-FOR-US: PortalApp
CVE-2005-4481 (** DISPUTED ** ...)
	NOT-FOR-US: Polypoly
CVE-2005-4480 (Cross-site scripting (XSS) vulnerability in Plexcor CMS 4.0 and ...)
	NOT-FOR-US: Plexcor CMS
CVE-2005-4479 (SQL injection vulnerability in article.php in phpSlash 0.8.1 and ...)
	NOT-FOR-US: phpSlash
CVE-2005-4478 (Multiple SQL injection vulnerabilities in Papoo 2.1.2 and earlier ...)
	NOT-FOR-US: Papoo
CVE-2005-4477 (Cross-site scripting (XSS) vulnerability in papaya CMS 4.0.4 and ...)
	NOT-FOR-US: papaya CMS
CVE-2005-4476 (Cross-site scripting (XSS) vulnerability in store/search/results.html ...)
	NOT-FOR-US: OpenEdit
CVE-2005-4475 (Cross-site scripting (XSS) vulnerability in OpenCms 6.0.3 and earlier ...)
	NOT-FOR-US: OpenCms
CVE-2005-4534 (The shadow database feature (syncshadowdb) in Bugzilla 2.9 through ...)
	{DSA-1208-1}
	- bugzilla 2.18 (bug #329387; low)
	NOTE: The vulnerable script has been removed in the 2.18 upstream release
CVE-2005-XXXX [Insecure tempfile in libjpeg6b's exifautotran]
	- libjpeg6b 6b-11 (bug #340079; low)
	[woody] - libjpeg6b <not-affected> (Does not include exifautotran)
	[sarge] - libjpeg6b <no-dsa> (Creates tempfile in cwd, only very far-fetched attack vectors applicable)
CVE-2006-0043 (Buffer overflow in the realpath function in nfs-server rpc.mountd, as ...)
	{DSA-975-1}
	- nfs-user-server 2.2beta47-22 (high; bug #350020)
	NOTE: nfs-utils (kernel NFS server) is not affected
	NOTE: (it uses PATH_MAX for the buffer passed to realpath).
CVE-2006-0042 (Unspecified vulnerability in (1) apreq_parse_headers and (2) ...)
	{DSA-1000-2}
	- libapreq2 2.07-1
CVE-2006-0041
	REJECTED
CVE-2006-0040 (GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a ...)
	- evolution 2.10.1 (bug #398064; low)
	[etch] - evolution <no-dsa> (Minor issue)
	[sarge] - evolution <not-affected> (Not reproducable on Sarge)
CVE-2006-0039 (Race condition in the do_add_counters function in netfilter for Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-14
CVE-2006-0038 (Integer overflow in the do_replace function in netfilter for Linux ...)
	{DSA-1103 DSA-1097-1}
	- linux-2.6 2.6.16-1
CVE-2006-0037 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0036 (ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in ...)
	- linux-2.6 2.6.15-3
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
CVE-2006-0035 (The netlink_rcv_skb function in af_netlink.c in Linux kernel 2.6.14 ...)
	- linux-2.6 2.6.15-3
CVE-2006-0019 (Heap-based buffer overflow in the encodeURI and decodeURI functions in ...)
	{DSA-948-1}
	- kdelibs 4:3.5.1-1 (medium)
CVE-2005-4474 (Buffer overflow in the &quot;Add to archive&quot; command in WinRAR 3.51 allows ...)
	NOT-FOR-US: WinRAR
CVE-2005-4473 (Unspecified vulnerability in Macromedia JRun 4 web server (JWS) allows ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4472 (Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) ...)
	NOT-FOR-US: Macromedia JRun 4 web server
CVE-2005-4471 (POP3 service in Avaya Modular Messaging Message Storage Server (MSS) ...)
	NOT-FOR-US: Avaya Modular Messaging Message Storage Server
CVE-2005-4470 (Heap-based buffer overflow in the get_bhead function in readfile.c in ...)
	{DSA-1039-1 DTSA-29-1}
	- blender 2.40-1 (bug #344398; medium)
	[woody] - blender <no-dsa> (Woody has it in non-free and it is binary-only)
CVE-2005-4469 (Multiple direct static code injection vulnerabilities in PHPGedView ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4468 (PHP remote file include vulnerability in help_text_vars.php in ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4467 (Directory traversal vulnerability in help_text_vars.php in PHPGedView ...)
	NOT-FOR-US: PHPGedView
CVE-2005-4466 (Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll ...)
	NOT-FOR-US: SIP Proxy
CVE-2005-4465 (The Internet Key Exchange version 1 (IKEv1) implementation in NEC ...)
	NOT-FOR-US: NEC UNIVERGE IX1000, IX2000, and IX3000
CVE-2005-4464 (Ingate Firewall before 4.3.4 and SIParator before 4.3.4 allows remote ...)
	NOT-FOR-US: Ingate Firewall / SIParator
CVE-2005-4463 (WordPress before 1.5.2 allows remote attackers to obtain sensitive ...)
	- wordpress 1.5.2-1 (unimportant)
	NOTE: Only path disclosure
CVE-2005-4462 (PHP remote file include vulnerability in usermods.php in Tolva PHP ...)
	NOT-FOR-US: Tolva PHP website system
CVE-2005-4461 (SQL injection vulnerability in index.php in Beehive Forum 0.6.2 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4460 (Cross-site scripting (XSS) vulnerability in Beehive Forum 0.6.2 and ...)
	NOT-FOR-US: Beehive Forum
CVE-2005-4459 (Heap-based buffer overflow in the NAT networking components vmnat.exe ...)
	NOT-FOR-US: VMWare
CVE-2005-4458 (Group.pm in Metadot Portal Server 6.4.4 and earlier does not properly ...)
	NOT-FOR-US: Metadot Portal Server
CVE-2005-4457 (MailEnable Enterprise 1.1 before patch ME-10009 allows remote ...)
	NOT-FOR-US: MailEnable
CVE-2005-4456 (Multiple buffer overflows in MailEnable Professional 1.71 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-4455 (cleanhtml.pl 1.129 in LiveJournal CVS before Dec 13 2005 allows remote ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4454 (Validate-before-filter vulnerability in cleanhtml.pl 1.129 in ...)
	NOT-FOR-US: livejournal
	NOTE: liblivejournal-perl doesn't seem to embed any of the affected code
CVE-2005-4453 (UserProfile.cs in Ultraapps Issue Manager before 2.1 allows remote ...)
	NOT-FOR-US: Ultraapps Issue Manager
CVE-2005-4452 (Information Call Center stores the CallCenterData.mdb database under ...)
	NOT-FOR-US: Information Call Center
CVE-2005-4451 (Unspecified vulnerability in Software Distributor in HP-UX B.11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2005-4450 (Cross-site request forgery (CSRF) vulnerability in phpMyAdmin 2.7.0 ...)
	NOTE: According to the description possibly a dupe of the non-issue CVE-2005-4349
CVE-2005-4449 (verify.php in FlatNuke 2.5.6 allows remote authenticated ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4448 (FlatNuke 2.5.6 verifies authentication credentials based on an MD5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-4447 (SQL injection vulnerability in articles\articles_funcs.php in phpCOIN ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4446 (Cross-site scripting (XSS) vulnerability in index.asp in ASPBite 8.x ...)
	NOT-FOR-US: ASPBite
CVE-2005-4445 (Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4444 (Stack-based buffer overflow in the trace message functionality in ...)
	NOT-FOR-US: Pegasus Mail
CVE-2005-4443 (Untrusted search path vulnerability in Gauche before 0.8.6-r1 on ...)
	- gauche <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4442 (Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on ...)
	- openldap2 <not-affected> (Gentoo-specific packaging flaw)
	- openldap2.2 <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4441 (The PVLAN protocol allows remote attackers to bypass network ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4440 (The 802.1q VLAN protocol allows remote attackers to bypass network ...)
	NOT-FOR-US: VLAN protocol flaws, likely fixed in current kernels
CVE-2005-4439 (Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to ...)
	{DSA-967-1}
	- elog 2.6.1+r1642-1 (bug #349528; high)
CVE-2005-4438 (Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in ...)
	NOT-FOR-US: Dec2Rar
CVE-2005-4437 (MD5 Neighbor Authentication in Extended Interior Gateway Routing ...)
	NOT-FOR-US: IOS
CVE-2005-4436 (Extended Interior Gateway Routing Protocol (EIGRP) 1.2, as implemented ...)
	NOT-FOR-US: IOS
CVE-2005-4435 (Cross-site scripting (XSS) vulnerability in index.php AbleDesign D-Man ...)
	NOT-FOR-US: AbleDesign D-Man
CVE-2005-4434 (Cross-site scripting (XSS) vulnerability in AbleDesign ReSearch 2.x ...)
	NOT-FOR-US: AbleDesign ReSearch
CVE-2005-4433 (Cross-site scripting (XSS) vulnerability in search.php in Esselbach ...)
	NOT-FOR-US: Esselbach Storyteller CMS
CVE-2005-4432 (Cross-site scripting (XSS) vulnerability in index.php in PlaySMS 0.8 ...)
	NOT-FOR-US: PlaySMS
CVE-2005-4431 (SQL injection vulnerability in WowBB 1.65 allows remote attackers to ...)
	NOT-FOR-US: WowBB
CVE-2005-4430 (SQL injection vulnerability in LogicBill 1.0 and earlier allows remote ...)
	NOT-FOR-US: LogicBill
CVE-2005-4429 (SQL injection vulnerability in CS-Cart 1.3.0 allows remote attackers ...)
	NOT-FOR-US: CS-Cart
CVE-2005-4428 (Cross-site scripting (XSS) vulnerability in index.php in Cerberus ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4427 (Multiple SQL injection vulnerabilities in Cerberus Helpdesk allow ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-4426 (Interpretation conflict in YaBB before 2.1 allows remote authenticated ...)
	NOT-FOR-US: YaBB
CVE-2005-4425 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4424 (Directory traversal vulnerability in PHPKIT 1.6.1 R2 and earlier might ...)
	NOT-FOR-US: PHPKIT
CVE-2005-4423 (Unrestricted file upload vulnerability in PHPFM before 0.2.3 allows ...)
	NOT-FOR-US: PHPFM
CVE-2005-4422 (Unrestricted file upload vulnerability in toendaCMS before 0.6.2 ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4421 (Dev-Editor 3.0 allows remote attackers to access any directory outside ...)
	NOT-FOR-US: Dev-Editor
CVE-2005-4420 (Cross-site scripting (XSS) vulnerability in Honeycomb Archive ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4419 (Multiple SQL injection vulnerabilities in CategoryResults.cfm in ...)
	NOT-FOR-US: Honeycomb Archive Enterprise
CVE-2005-4417 (The default configuration of Widcomm Bluetooth for Windows (BTW) ...)
	NOT-FOR-US: Widcomm Bluetooth for Windows
CVE-2005-4416 (SQL injection vulnerability in index.php in TML CMS 0.5 allows remote ...)
	NOT-FOR-US: TML CMS
CVE-2005-4415 (Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 ...)
	NOT-FOR-US: TML CMS
CVE-2005-4414 (Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown ...)
	NOT-FOR-US: Teamwork 3
CVE-2005-4413 (Multiple cross-site scripting (XSS) vulnerabilities in sample scripts ...)
	NOT-FOR-US: Websphere
CVE-2005-4412 (Citrix Program Neighborhood client before 9.150 caches the user ...)
	NOT-FOR-US: Citrix
CVE-2005-4411 (Buffer overflow in Mercury Mail Transport System 4.01b allows remote ...)
	NOT-FOR-US: Mercury Mail Transport System
CVE-2005-4410 (Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote ...)
	NOT-FOR-US: NQcontent
CVE-2005-4409 (Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier ...)
	NOT-FOR-US: MMBase
CVE-2005-4408 (Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and ...)
	NOT-FOR-US: Miraserver
CVE-2005-4407 (Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4406 (SQL injection vulnerability in index.cfm in Mercury CMS 4.0 and ...)
	NOT-FOR-US: Mercury CMS
CVE-2005-4405 (redqueen.cgi in Red Queen 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Red Queen
CVE-2005-4404 (SQL injection vulnerability in default.asp in Media2 CMS Shop 18.x ...)
	NOT-FOR-US: Media2 CMS
CVE-2005-4403 (SQL injection vulnerability in index.php in Marwel 2.7 and earlier ...)
	NOT-FOR-US: Marwel
CVE-2005-4402 (Buffer overflow in MailEnable Professional 1.71 and earlier, and ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-4401 (Cross-site scripting (XSS) vulnerability in Lutece 1.2.3 and earlier ...)
	NOT-FOR-US: Lutece
CVE-2005-4400 (Cross-site scripting (XSS) vulnerability in downloads/portal_ent in ...)
	NOT-FOR-US: Liferay Portal Professional
CVE-2005-4399 (Cross-site scripting (XSS) vulnerability in search/index.php in ...)
	NOT-FOR-US: Libertas Enterprise CMS
CVE-2005-4398 (** DISPUTED ** ...)
	NOT-FOR-US: lemoon
CVE-2005-4397 (SQL injection vulnerability in RunScript.asp iCMS allows remote ...)
	NOT-FOR-US: iCMS
CVE-2005-4396 (Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS ...)
	NOT-FOR-US: iCMS
CVE-2005-4395 (Cross-site scripting (XSS) vulnerability in FarCry 3.0 and earlier ...)
	NOT-FOR-US: FarCry
CVE-2005-4394 (Cross-site scripting (XSS) vulnerability in EPiX 3.1.2 and earlier ...)
	NOT-FOR-US: EPiX
CVE-2005-4393 (Cross-site scripting (XSS) vulnerability in show.cfm in e-publish CMS ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4392 (SQL injection vulnerability in printer_friendly.cfm in e-publish CMS ...)
	NOT-FOR-US: e-publish CMS
CVE-2005-4391 (Cross-site scripting (XSS) vulnerability in damoon allows remote ...)
	NOT-FOR-US: damoon
CVE-2005-4390 (SQL injection vulnerability in index.php in ContentServ 3.1 and ...)
	NOT-FOR-US: ContentServ
CVE-2005-4389 (search.cfm in CONTENS 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: CONTENS
CVE-2005-4388 (Cross-site scripting (XSS) vulnerability in search.cfm in CONTENS 3.0 ...)
	NOT-FOR-US: CONTENS
CVE-2005-4387 (Cross-site scripting (XSS) vulnerability in home.php in contenite 0.11 ...)
	NOT-FOR-US: contenite
CVE-2005-4386 (Cross-site scripting (XSS) vulnerability in Colony CMS 2.75 and ...)
	NOT-FOR-US: Colony CMS
CVE-2005-4385 (Cross-site scripting (XSS) vulnerability in search.htm in Cofax 2.0 ...)
	NOT-FOR-US: Cofax
CVE-2005-4384 (CitySoft Community Enterprise 4.x allows remote attackers to obtain ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4383 (Cross-site scripting (XSS) vulnerability in index.cfm in CitySoft ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4382 (SQL injection vulnerability in CitySoft Community Enterprise 4.x ...)
	NOT-FOR-US: CitySoft Community Enterprise
CVE-2005-4381 (Multiple cross-site scripting (XSS) vulnerabilities in Caravel CMS 3.0 ...)
	NOT-FOR-US: Caravel CMS
CVE-2005-4380 (Multiple SQL injection vulnerabilities in Bitweaver 1.1 and 1.1.1 beta ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4379 (Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 ...)
	NOT-FOR-US: Bitweaver
CVE-2005-4378 (SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4377 (Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS ...)
	NOT-FOR-US: Baseline CMS
CVE-2005-4376 (Directory traversal vulnerability in Amaxus 3 and earlier allows ...)
	NOT-FOR-US: Amaxus
CVE-2005-4375 (Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier ...)
	NOT-FOR-US: Amaxus
CVE-2005-4374 (Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 ...)
	NOT-FOR-US: Allinta
CVE-2005-4373 (Adaptive Website Framework (AWF) 2.10 and earlier allows remote ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4372 (Cross-site scripting (XSS) vulnerability in account.html in Adaptive ...)
	NOT-FOR-US: Adaptive Website Framework
CVE-2005-4371 (Acidcat 2.1.13 and earlier stores the database under the web root with ...)
	NOT-FOR-US: Acidcat
CVE-2005-4370 (SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and ...)
	NOT-FOR-US: Acidcat
CVE-2005-4369 (Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows ...)
	NOT-FOR-US: Acuity CMS
CVE-2005-4368 (roundcube webmail Alpha, with a default high verbose level ...)
	- roundcube <not-affected> (Quotes are stripped now and if the task can't be found there is a default of mail)
CVE-2005-4367 (Cross-site scripting (XSS) vulnerability in register_domain.php in ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4366 (Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4365 (Multiple cross-site scripting (XSS) vulnerabilities in FLIP 0.9.0.1029 ...)
	NOT-FOR-US: FLIP
CVE-2005-4364 (Cross-site scripting (XSS) vulnerability in index.cfm in Hot Banana ...)
	NOT-FOR-US: Hot Banana Web Content Management Suite
CVE-2005-4363 (Cross-site scripting (XSS) vulnerability in the search engine in ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4362 (SQL injection vulnerability in page.php in Komodo CMS 2.1 allows ...)
	NOT-FOR-US: Komodo CMS
CVE-2005-4361 (Cross-site scripting (XSS) vulnerability in search.html in Magnolia ...)
	NOT-FOR-US: Magnolia Content Management Suite
CVE-2005-4360 (The URL parser in Microsoft Internet Information Services (IIS) 5.1 on ...)
	NOT-FOR-US: IIS
CVE-2005-4359 (SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 ...)
	NOT-FOR-US: ODFaq
CVE-2005-4358 (admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-4357 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.18, when ...)
	- phpbb2 2.0.21-1 (bug #344674; low)
	[sarge] - phpbb2 <no-dsa> (Affects only an inherently unsafe option only suitable for trusted users)
	NOTE: According to the maintainer only affects a config option that is strongly
	NOTE: discouraged due to potential security problems
CVE-2005-4356 (SQL injection vulnerability in UStore allows remote attackers to ...)
	NOT-FOR-US: UStore
CVE-2005-4355 (Multiple cross-site scripting (XSS) vulnerabilities in UStore allow ...)
	NOT-FOR-US: UStore
CVE-2005-4354 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
	NOT-FOR-US: Webglimpse
CVE-2005-4353 (SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4352 (The securelevels implementation in NetBSD 2.1 and earlier, and Linux ...)
	- linux-2.6 2.6.18-3
CVE-2005-4351 (The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up ...)
	- linux-2.6 2.6.18-3
CVE-2005-4350 (Unspecified vulnerability in WBEM Services A.01.x before A.01.05.12 ...)
	NOT-FOR-US: WBEM Services
CVE-2005-4349 (** DISPUTED ** ...)
	- phpmyadmin <unfixed> (unimportant)
	NOTE: Only for authenticated used, will possibly be rejected
CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...)
	NOT-FOR-US: IOS
CVE-2005-4348 (fetchmail before 6.3.1 and before 6.2.5.5, when configured for ...)
	{DSA-939-1}
	- fetchmail 6.3.1-1 (bug #343836; bug #345944; low)
CVE-2005-4418 (util-vserver before 0.30.208-1 with kernel-patch-vserver before ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1
CVE-2005-4347 (The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and ...)
	{DSA-1011-1}
	- util-vserver 0.30.208-1 (bug #329090; medium)
	- kernel-patch-vserver 2.3 (bug #329087; medium)
	NOTE: both util-vserver and the kernel-patch-vserver need to be upgraded to fix this vulnerability
CVE-2005-4346 (Invalid SQL syntax error in blog.php in phpBB Blog 2.2.2 and earlier ...)
	NOT-FOR-US: phpBB Blog
CVE-2005-4345 (Adobe (formerly Macromedia) ColdFusion MX 7.0 exposes the password ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4344 (Adobe (formerly Macromedia) ColdFusion MX 7.0 does not honor when the ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4343 (Adobe (formerly Macromedia) ColdFusion MX 6.0, 6.1, 6.1 with JRun, and ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4342 (ColdFusion Sandbox on Adobe (formerly Macromedia) ColdFusion MX 6.0, ...)
	NOT-FOR-US: ColdFusion MX
CVE-2005-4341 (Blackboard Learning and Community Portal System in Academic Suite ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4340
	REJECTED
CVE-2005-4339 (Cross-site scripting (XSS) vulnerability in Blackboard Learning and ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4338 (announcement.pl in Blackboard Learning and Community Portal System in ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4337 (The login page in Blackboard Learning and Community Portal System in ...)
	NOT-FOR-US: Academic Suite
CVE-2005-4336 (Cross-site scripting (XSS) vulnerability in ProjectForum 4.7.0 and ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4335 (ProjectForum 4.7.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: ProjectForum
CVE-2005-4334 (SQL injection vulnerability in ZixForum 1.12 allows remote attackers ...)
	NOT-FOR-US: ZixForum
CVE-2005-4333 (Multiple cross-site scripting (XSS) vulnerabilities in Binary Board ...)
	NOT-FOR-US: Binary Board System
CVE-2005-4332 (Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager ...)
	NOT-FOR-US: Secure Smart Manager
CVE-2005-4331 (SQL injection vulnerability in merchant.ihtml in iHTML Merchant ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4330 (SQL injection vulnerability in browse.ihtml in iHTML Merchant Mall ...)
	NOT-FOR-US: iHTML Merchant
CVE-2005-4329 (SQL injection vulnerability in pafiledb.php in PHP Arena paFileDB ...)
	NOT-FOR-US: paFileDB
CVE-2005-4328 (Cross-site scripting (XSS) vulnerability in webglimpse.cgi in ...)
	NOT-FOR-US: WebGlimpse
CVE-2005-4327 (Multiple cross-site scripting (XSS) vulnerabilities in Michael Arndt ...)
	NOT-FOR-US: Michael Arndt WebCal
CVE-2005-4326 (The web interface for American Power Conversion (APC) PowerChute ...)
	NOT-FOR-US: APC hardware issue
CVE-2005-4325 (Multiple unspecified vulnerabilities in Driverse before 0.56b have ...)
	NOT-FOR-US: Driverse
CVE-2005-4324 (Hitachi Groupmax Mail SMTP 06-50 through 06-52-/A and 07-00 through ...)
	NOT-FOR-US: Hitachi Groupmax Mail SMTP
CVE-2005-4323 (Unspecified vulnerability in Hitachi Cosminexus Collaboration Portal ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4322 (Multiple cross-site scripting (XSS) vulnerabilities in Hitachi ...)
	NOT-FOR-US: Hitachi Cosminexus Collaboration Portal
CVE-2005-4321 (The Internet Key Exchange version 1 (IKEv1) implementation in Apani ...)
	NOT-FOR-US: Apani Networks EpiForce
CVE-2005-4320 (Limbo CMS 1.0.4.2 and earlier allows remote attackers to obtain the ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4319 (Directory traversal vulnerability in index2.php in Limbo CMS 1.0.4.2 ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4318 (SQL injection vulnerability in index.php in Limbo CMS 1.0.4.2 and ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4317 (Limbo CMS 1.0.4.2 and earlier, with register_globals off, does not ...)
	NOT-FOR-US: Limbo CMS
CVE-2005-4316 (HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows remote attackers ...)
	NOT-FOR-US: HP-UX
CVE-2005-4315 (SQL injection vulnerability in the search function in Plexum PLEXCART ...)
	NOT-FOR-US: Plexum PLEXCART
CVE-2005-4314 (Cross-site scripting (XSS) vulnerability in ppcal.cgi in PPCal ...)
	NOT-FOR-US: PPCal Shopping Cart
CVE-2005-4313 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4312 (SQL injection vulnerability in index.php in AlmondSoft Almond ...)
	NOT-FOR-US: AlmondSoft Almond Personals
CVE-2005-4311 (Cross-site scripting (XSS) vulnerability in DCForum 6.25 and earlier, ...)
	NOT-FOR-US: DCForum
CVE-2005-4310 (SSH Tectia Server 5.0.0 (A, F, and T), when allowing host-based ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-4309 (SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4308 (index.php in ezUpload Pro 2.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ezUpload Pro
CVE-2005-4307 (Cross-site scripting (XSS) vulnerability in ScareCrow 2.13 and earlier ...)
	NOT-FOR-US: ScareCrow
CVE-2005-4306 (Multiple cross-site scripting (XSS) vulnerabilities in SiteNet BBS 2.0 ...)
	NOT-FOR-US: SiteNet BBS
CVE-2005-4305 (Cross-site scripting (XSS) vulnerability in Edgewall Trac 0.9, 0.9.1, ...)
	- trac 0.9.3-1 (bug #344006)
	[sarge] - trac <unfixed> (medium)
	NOTE: upstream bts at http://trac.edgewall.org/ticket/2473 claims this is
	NOTE: fixed in http://trac.edgewall.org/changeset/2724 but it's a fairly
	NOTE: invasive set of patches to backport. basically most instances
	NOTE: of input being escape()'d are no longer done so, and instead a
	NOTE: Markup() function replaces them, and special checks are done
	NOTE: on rendered HTML output to prevent XSS code from being displayed.
CVE-2005-4304 (index.php in ezDatabase 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4303 (SQL injection vulnerability in index.php for ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4302 (Directory traversal vulnerability in index.php in ezDatabase 2.1.2 and ...)
	NOT-FOR-US: ezDatabase
CVE-2005-4301 (Cross-site scripting (XSS) vulnerability in phpXplorer 0.9.12 and ...)
	NOT-FOR-US: pgpXplorer
CVE-2005-4300 (Format string vulnerability in the lire_pop function in pop.c in ...)
	NOT-FOR-US: libremail
CVE-2005-4299 (Cross-site scripting (XSS) vulnerability in atl.cgi in Atlant Pro 4.02 ...)
	NOT-FOR-US: Atlant Pro
CVE-2005-4298 (Cross-site scripting (XSS) vulnerability in atl.cgi in AtlantForum ...)
	NOT-FOR-US: AtlantForum
CVE-2005-4297 (Cross-site scripting (XSS) vulnerability in bbBoard 2.56 and earlier ...)
	NOT-FOR-US: bbBoard
CVE-2005-4296 (AppServ Open Project 2.5.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: AppServ Open Project
CVE-2005-4295 (Cross-site scripting (XSS) vulnerability in Absolute Image Gallery XE ...)
	NOT-FOR-US: Absolute Image Gallery XE
CVE-2005-4294 (Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before ...)
	NOT-FOR-US: Alkacon OpenCms
CVE-2005-4293 (Cross-site scripting (XSS) vulnerability in cp-app.cgi in ClickCartPro ...)
	NOT-FOR-US: ClickCartPro
CVE-2005-4292 (Cross-site scripting (XSS) vulnerability in CommerceSQL 1.0 and ...)
	NOT-FOR-US: CommerceSQL
CVE-2005-4291 (Cross-site scripting (XSS) vulnerability in cart.cgi in ECTOOLS ...)
	NOT-FOR-US: ECTOOLS Onlineshop
CVE-2005-4290 (Cross-site scripting (XSS) vulnerability in index.cgi in ECW-Cart 2.03 ...)
	NOT-FOR-US: ECW-Cart
CVE-2005-4289 (Cross-site scripting (XSS) vulnerability in EDCstore.pl in eDatCat 0.3 ...)
	NOT-FOR-US: eDatCat
CVE-2005-4288 (Cross-site scripting (XSS) vulnerability in index.php in MarmaraWeb ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4287 (PHP remote file include vulnerability in MarmaraWeb E-commerce allows ...)
	NOT-FOR-US: MarmaraWeb E-commerce
CVE-2005-4286 (Unspecified vulnerability in PhpLogCon before 1.2.2 allows remote ...)
	NOT-FOR-US: PhpLogCon
CVE-2005-4285 (Cross-site scripting (XSS) vulnerability in pdestore.cgi in Dick ...)
	NOT-FOR-US: Dick Copits PDEstore
CVE-2005-4284 (Cross-site scripting (XSS) vulnerability in StaticStore Search Engine ...)
	NOT-FOR-US: StaticStore Search Engine
CVE-2005-4283 (Cross-site scripting (XSS) vulnerability in The CITY Shop 1.3 and ...)
	NOT-FOR-US: The CITY Shop
CVE-2005-4282 (Cross-site scripting (XSS) vulnerability in Zaygo DomainCart 2.0 and ...)
	NOT-FOR-US: Zaygo DomainCart
CVE-2005-4281 (Cross-site scripting (XSS) vulnerability in Zaygo HostingCart 2.0 and ...)
	NOT-FOR-US: Zaygo HostingCart
CVE-2005-4280 (Untrusted search path vulnerability in CMake before 2.2.0-r1 on Gentoo ...)
	- cmake <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4279 (Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on ...)
	- qt-x11-free <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4278 (Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo ...)
	- perl <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-4277 (Cross-site scripting (XSS) vulnerability in index.php in toendaCMS ...)
	NOT-FOR-US: toendaCMS
CVE-2005-4276 (Westell Versalink 327W allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Westell Versalink
CVE-2005-4275 (Scientific Atlanta DPX2100 Cable Modem allows remote attackers to ...)
	NOT-FOR-US: Scientific Atlanta DPX2100 Cable Modem
CVE-2005-4274 (Unspecified vulnerability in Business Objects WebIntelligence 6.5x ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2005-4273 (Multiple unspecified vulnerabilities in (1) getShell and (2) ...)
	NOT-FOR-US: AIX
CVE-2005-4272 (Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote ...)
	NOT-FOR-US: AIX
CVE-2005-4271 (Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-4270 (Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows ...)
	NOT-FOR-US: Watchfire AppScan
CVE-2005-4269 (mshtml.dll in Microsoft Windows XP, Server 2003, and Internet Explorer ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-4268 (Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a ...)
	- cpio 2.6-10 (bug #344134; medium)
	[sarge] - cpio <unfixed> (medium)
	[woody] - cpio <unfixed> (medium)
CVE-2005-4267 (Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote ...)
	NOT-FOR-US: Qualcomm WorldMail
CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when ...)
	- snort 2.3.0-1
CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before ...)
	NOT-FOR-US: YaCy
CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...)
	NOT-FOR-US: NetBSD
CVE-2005-XXXX [rageirc IRC daemon always allows login with empty password]
	NOTE: not reproducible
	- rageircd <not-affected> (bug #343543; medium)
CVE-2005-4266 (WorldClient.dll in Alt-N MDaemon and WorldClient 8.1.3 trusts a ...)
	NOT-FOR-US: Alt-N MDaemon and WorldClient
CVE-2005-4265
	REJECTED
CVE-2005-4264 (Multiple SQL injection vulnerabilities in index.php in PHP Support ...)
	NOT-FOR-US: PHP Support Tickets
CVE-2005-4263 (SQL injection vulnerability in the News module in Envolution allows ...)
	NOT-FOR-US: Envolution
CVE-2005-4262 (Cross-site scripting (XSS) vulnerability in the News module in ...)
	NOT-FOR-US: Envolution
CVE-2005-4261 (Unspecified vulnerability in Positive Software Corporation CP+ ...)
	NOT-FOR-US: CP+
CVE-2005-4260 (Interpretation conflict in includes/mainfile.php in PHP-Nuke 7.9 and ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-4259 (Multiple SQL injection vulnerabilities in ASPBB 0.4 allow remote ...)
	NOT-FOR-US: ASPBB
CVE-2005-4258 (Unspecified Cisco Catalyst Switches allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-4257 (Linksys WRT54GS and BEFW11S4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-4256 (Cross-site scripting (XSS) vulnerability in forum.asp in ASP-DEV XM ...)
	NOT-FOR-US: ASP-DEV XM Forum
CVE-2005-4255 (Cross-site scripting (XSS) vulnerability in TextSearch in WikkaWiki ...)
	NOT-FOR-US: WikkaWiki
CVE-2005-4254 (SQL injection vulnerability in view_Results.php in DreamLevels ...)
	NOT-FOR-US: DreamLevels DreamPoll
CVE-2005-4253 (Cross-site scripting (XSS) vulnerability in getdox.php in Torrential ...)
	NOT-FOR-US: Torrential
CVE-2005-4252 (Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4251 (Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4250 (Directory traversal vulnerability in mcGallery PRO 2.2 and earlier ...)
	NOT-FOR-US: mcGallery PRO
CVE-2005-4249 (ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext ...)
	NOT-FOR-US: ADP Forum
CVE-2005-4248 (Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4247 (Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta ...)
	NOT-FOR-US: Plogger
CVE-2005-4246 (SQL injection vulnerability in Plogger Beta 2 and earlier allows ...)
	NOT-FOR-US: Plogger
CVE-2005-4245 (Cross-site scripting (XSS) vulnerability in search.php in Snipe ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4244 (SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows ...)
	NOT-FOR-US: Snipe Gallery
CVE-2005-4243 (Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote ...)
	NOT-FOR-US: QuickPayPro
CVE-2005-4241 (Cross-site scripting (XSS) vulnerability in the category page in ...)
	NOT-FOR-US: VCD-db
CVE-2005-4240 (SQL injection vulnerability in search.php in VCD-db 0.98 and earlier ...)
	NOT-FOR-US: VCD-db
CVE-2005-4239 (Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php ...)
	NOT-FOR-US: PHP JackKnife
CVE-2005-4238 (Cross-site scripting (XSS) vulnerability in view_filters_page.php in ...)
	{DSA-944-1}
	- mantis 0.19.4-1 (bug #345288)
CVE-2005-4237 (Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and ...)
	NOT-FOR-US: MySQL Auction
CVE-2005-4236 (Cross-site scripting (XSS) vulnerability in search.php in CKGOLD ...)
	NOT-FOR-US: CKGOLD
CVE-2005-4235 (Cross-site scripting (XSS) vulnerability in knowledgebase.php in ...)
	NOT-FOR-US: WHMCompleteSolution
CVE-2005-4234 (SQL injection vulnerability in gallery.php in EncapsGallery 1.0.0 and ...)
	NOT-FOR-US: EncapsGallery
CVE-2005-4233 (SQL injection vulnerability in advertiser_statistic.php in Ad Manager ...)
	NOT-FOR-US: Ad Manager Pro
CVE-2005-4232 (** DISPUTED ** ...)
	NOT-FOR-US: Jamit Job Board
CVE-2005-4231 (Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4230 (SQL injection vulnerability in poll.php in Link Up Gold 2.5 and ...)
	NOT-FOR-US: Link Up Gold
CVE-2005-4229 (Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction ...)
	NOT-FOR-US: EveryAuction
CVE-2005-4228 (Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and ...)
	NOT-FOR-US: PhpWebGallery
CVE-2005-4227 (Multiple &quot;potential&quot; SQL injection vulnerabilities in DCP-Portal 6.1.1 ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-4226 (Multiple &quot;potential&quot; SQL injection vulnerabilities in phpWebThings 1.4 ...)
	NOT-FOR-US: pgpWebThings
CVE-2005-4225 (Multiple &quot;potential&quot; SQL injection vulnerabilities in myBloggie 2.1.3 ...)
	NOT-FOR-US: myBloggie
CVE-2005-4224 (Multiple &quot;potential&quot; SQL injection vulnerabilities in e107 0.7 might ...)
	NOT-FOR-US: e107
CVE-2005-4223 (Multiple &quot;potential&quot; SQL injection vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-4222 (Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi ...)
	NOT-FOR-US: Lars Ellingsen Guestserver
CVE-2005-4221 (SQL injection vulnerability in link.php in Arab Portal System 2 Beta 2 ...)
	NOT-FOR-US: Arab Portal System
CVE-2005-4220 (Netgear RP114, and possibly other versions and devices, allows remote ...)
	NOT-FOR-US: Netgear hardware issue
CVE-2005-4219 (setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains ...)
	NOT-FOR-US: Innovative CMS
CVE-2005-4218 (SQL injection vulnerability in forum.php in PHPWebThings 1.4 allows ...)
	NOT-FOR-US: PHPWebThings
CVE-2005-4217 (Perl in Apple Mac OS X Server 10.3.9 does not properly drop privileges ...)
	- perl <not-affected> (MacOS specific vulnerability)
CVE-2005-4216 (The Administration Service (FMSAdmin.exe) in Macromedia Flash Media ...)
	NOT-FOR-US: Macromedia Flash Media Server
CVE-2005-4215 (Motorola SB5100E Cable Modem allows remote attackers to cause a denial ...)
	NOT-FOR-US: Motorola hardware
CVE-2005-4214 (phpCOIN 1.2.2 allows remote attackers to obtain the installation path ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4213 (SQL injection vulnerability in mod.php in phpCOIN 1.2.2 allows remote ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4212 (Directory traversal vulnerability in coin_includes/db.php in phpCOIN ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4211 (PHP remote file inclusion vulnerability in coin_includes/db.php in ...)
	NOT-FOR-US: phpCOIN
CVE-2005-4210 (Opera before 8.51, when running on Windows with Input Method Editor ...)
	NOT-FOR-US: Opera
CVE-2005-4209 (WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to ...)
	NOT-FOR-US: Alt-N MDaemon
CVE-2005-4208 (Directory traversal vulnerability in Flatnuke 2.5.6 allows remote ...)
	NOT-FOR-US: Flatnuke
CVE-2005-4207 (SQL injection vulnerability in BTGrup Admin WebController Script ...)
	NOT-FOR-US: BTGrup Admin WebController Script
CVE-2005-4206 (Blackboard Learning and Community Portal System in Academic Suite ...)
	NOT-FOR-US: Blackboard Learning and Community Port Systems
CVE-2005-4205 (Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList ...)
	NOT-FOR-US: LocazoList
CVE-2005-4204 (Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4203 (LogiSphere 0.9.9j does not restrict the number of messages that can be ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4202 (Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j ...)
	NOT-FOR-US: LogiSphere
CVE-2005-4201 (Directory traversal vulnerability in My Album Online 1.0 allows remote ...)
	NOT-FOR-US: My Album Online
CVE-2005-4200 (Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4199 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-4198 (SQL injection vulnerability in index.php in Netref 3.0 allows remote ...)
	NOT-FOR-US: Netref
CVE-2005-4197 (tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to ...)
	NOT-FOR-US: Nortel SSL VPN
CVE-2005-4196 (Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4195 (Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) ...)
	NOT-FOR-US: Scout Portal Toolkit
CVE-2005-4194 (Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming ...)
	NOT-FOR-US: Sights 'n Sounds Streaming Media Server
CVE-2005-4193 (Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows ...)
	NOT-FOR-US: UseBB
CVE-2005-4242 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 ...)
	- turba2 2.0.5-1 (bug #342946; medium)
CVE-2005-4192 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- mnemo2 2.0.3-1 (bug #342944; medium)
CVE-2005-4191 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- nag2 2.0.4-1 (bug #342945; medium)
CVE-2005-4190 (Multiple cross-site scripting (XSS) vulnerabilities in Horde ...)
	{DSA-1033-1}
	- horde3 3.0.9-1 (bug #342942; bug #354512; medium)
CVE-2005-4189 (Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith ...)
	{DSA-970-1}
	- kronolith2 2.0.6-1 (bug #342943; medium)
	- kronolith <removed> (bug #349261; medium)
CVE-2005-4188
	RESERVED
CVE-2005-4187
	RESERVED
CVE-2005-4186
	RESERVED
CVE-2005-4185
	RESERVED
CVE-2005-4184
	RESERVED
CVE-2005-4183
	RESERVED
CVE-2005-4182
	RESERVED
CVE-2005-4181
	RESERVED
CVE-2005-4180
	RESERVED
CVE-2005-4179
	RESERVED
CVE-2005-4177 (Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book ...)
	NOT-FOR-US: Magic Book Personal and Professional
CVE-2005-4176 (AWARD Bios Modular 4.50pg does not clear the keyboard buffer after ...)
	NOT-FOR-US: AWARD BIOS
CVE-2005-4175 (Insyde BIOS V190 does not clear the keyboard buffer after reading the ...)
	NOT-FOR-US: Insyde BIOS
CVE-2005-4174 (eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow ...)
	NOT-FOR-US: eFiction
CVE-2005-4173 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4172 (eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: eFiction
CVE-2005-4171 (The &quot;Upload new image&quot; command in the &quot;Manage Images&quot; eFiction 1.1, ...)
	NOT-FOR-US: eFiction
CVE-2005-4170 (SQL injection vulnerability in eFiction 1.1 allows remote attackers to ...)
	NOT-FOR-US: eFiction
CVE-2005-4169 (Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote ...)
	NOT-FOR-US: eFiction
CVE-2005-4168 (Multiple SQL injection vulnerabilities in eFiction 1.0, 1.1, and 2.0 ...)
	NOT-FOR-US: eFiction
CVE-2005-4167 (Cross-site scripting (XSS) vulnerability in eFiction 1.0 and 1.1 ...)
	NOT-FOR-US: eFiction
CVE-2005-4166 (Cross-site scripting (XSS) vulnerability in password.asp in DUWare ...)
	NOT-FOR-US: DUportal
CVE-2005-4165 (Multiple SQL injection vulnerabilities in ASP-DEV ASP Resources Forum ...)
	NOT-FOR-US: ASP-DEV ASP Resources Forum
CVE-2005-4178 (Buffer overflow in Dropbear server before 0.47 allows authenticated ...)
	{DSA-923-1}
	- dropbear 0.47-1 (high)
CVE-2005-4164 (SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows ...)
	NOT-FOR-US: PHP-addressbook
CVE-2005-4163 (Directory traversal vulnerability in captcha.php in Captcha PHP 0.9 ...)
	NOT-FOR-US: Captcha
CVE-2005-4162 (Cross-site scripting (XSS) vulnerability in cal_make.pl in ACME ...)
	NOT-FOR-US: ACME PerlCal
CVE-2005-4161 (** DISPUTED ** ...)
	NOT-FOR-US: MilliScripts
CVE-2005-4160 (Directory traversal vulnerability in getdox.php in Torrential 1.2 ...)
	NOT-FOR-US: Torrential
CVE-2005-4159 (** DISPUTED ** ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-4158 (Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear ...)
	{DSA-946-2}
	- sudo 1.6.8p12-1 (bug #342948; medium)
CVE-2005-4157 (Unspecified vulnerability in Kerio WinRoute Firewall before 6.1.3 ...)
	NOT-FOR-US: Kerio Firewall
CVE-2005-4156 (Unspecified vulnerability in Mambo 4.5 (1.0.0) through 4.5 (1.0.9), ...)
	NOT-FOR-US: Mambo
CVE-2005-4155 (registration.PHP in ATutor 1.5.1 pl2 allows remote attackers to ...)
	NOT-FOR-US: ATutor
CVE-2005-4154 (Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows ...)
	- php5 5.1.1-1
	NOTE: PHP 5 in Debian is vulnerable according to the changelog.
CVE-2005-4153 (Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial ...)
	{DSA-955-1}
	- mailman 2.1.5-10
CVE-2005-4152 (Soti Pocket Controller-Professional 5.0 allows remote attackers to ...)
	NOT-FOR-US: Soti Pocket Controller-Professional
CVE-2005-4151 (The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop ...)
	NOT-FOR-US: PGP Desktop Home
CVE-2005-4150 (Cross-site scripting (XSS) vulnerability in the portal login page in ...)
	NOT-FOR-US: CA Clever Path
CVE-2005-4149 (Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4148 (Lyris ListManager 8.5, and possibly other versions before 8.8, ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4147 (The TCLHTTPd service in Lyris ListManager before 8.9b allows remote ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4146 (Lyris ListManager before 8.9b allows remote attackers to obtain ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4145 (The MSDE version of Lyris ListManager 5.0 through 8.9b configures the ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4144 (Lyris ListManager 5.0 through 8.9a allows remote attackers to add ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4143 (SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4142 (The web interface for subscribing new users in Lyris ListManager 5.0 ...)
	NOT-FOR-US: Lyris ListManager
CVE-2005-4141 (Multiple SQL injection vulnerabilities in ASPMForum allow remote ...)
	NOT-FOR-US: ASPMForum
CVE-2005-4140 (SQL injection vulnerability in admin/login/index.php in Website Baker ...)
	NOT-FOR-US: Website Baker
CVE-2005-4139 (Multiple SQL injection vulnerabilities in ThWboard before 3 Beta 2.84 ...)
	NOT-FOR-US: ThWboard
CVE-2005-4138 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard before ...)
	NOT-FOR-US: ThWboard
CVE-2005-4137 (SQL injection vulnerability in viewinvoice.php in DRZES HMS 3.2 allows ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4136 (Cross-site scripting (XSS) vulnerability in login.php in DRZES HMS 3.2 ...)
	NOT-FOR-US: DRZES HMS
CVE-2005-4135 (Direct static code injection vulnerability in includes/newtopic.php in ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4134 (Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before ...)
	{DSA-1051-1 DSA-1046-1 DSA-1044-1}
	- firefox 1.5.dfsg+1.5.0.2-2 (unimportant)
	- mozilla 2:1.7.13-0.1 (unimportant)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (unimportant)
	NOTE: Not exploitable beyond a sluggish browser startup, see
	NOTE: http://web.archive.org/web/20141206010602/https://www.mozilla.org/security/history-title.html
CVE-2005-4133 (Sun Update Connection in Sun Solaris 10, when configured to use a web ...)
	NOT-FOR-US: Solaris
CVE-2005-4132 (Unspecified &quot;security leak&quot; vulnerability in Contenido before 4.6.4, ...)
	NOT-FOR-US: Contenido
CVE-2005-4131 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Excel
CVE-2005-4130 (** UNVERIFIABLE, PRERELEASE ** ...)
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4129
	REJECTED
CVE-2005-4128
	REJECTED
CVE-2005-4127
	REJECTED
CVE-2005-4126 (** UNVERIFIABLE, PRERELEASE ** ...)
	NOT-FOR-US: Pre-Notification for RealMedia vulnerability, which never appeared
CVE-2005-4125
	REJECTED
CVE-2005-4124
	REJECTED
CVE-2005-4123
	REJECTED
CVE-2005-4122
	REJECTED
CVE-2005-4121
	REJECTED
CVE-2005-4120
	REJECTED
CVE-2005-4119
	REJECTED
CVE-2005-4118
	REJECTED
CVE-2005-4117
	REJECTED
CVE-2005-4116
	REJECTED
CVE-2005-4115
	REJECTED
CVE-2005-4114
	REJECTED
CVE-2005-4113
	REJECTED
CVE-2005-4112
	REJECTED
CVE-2005-4111
	REJECTED
CVE-2005-4110
	REJECTED
CVE-2005-4109
	REJECTED
CVE-2005-4108
	REJECTED
CVE-2005-4107
	REJECTED
CVE-2005-4106
	REJECTED
CVE-2005-4105
	REJECTED
CVE-2005-4104
	REJECTED
CVE-2005-4103
	REJECTED
CVE-2005-4102
	REJECTED
CVE-2005-4101
	REJECTED
CVE-2005-4100
	REJECTED
CVE-2005-4099
	REJECTED
CVE-2005-4098
	REJECTED
CVE-2005-4097
	REJECTED
CVE-2005-4096
	REJECTED
CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...)
	NOT-FOR-US: Apache James
CVE-2005-4095 (Directory traversal vulnerability in connector.php in the ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4094 (connector.php in the fckeditor2rc2 addon in DoceboLMS 2.0.4 allows ...)
	NOT-FOR-US: DoceboLMS
CVE-2005-4093 (Check Point VPN-1 SecureClient NG with Application Intelligence R56, ...)
	NOT-FOR-US: Check Point
CVE-2005-4092 (Multiple heap-based buffer overflows in QuickTime.qts in Apple ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-4091 (Cross-site scripting (XSS) vulnerability in 1search.cgi in 1-Script ...)
	NOT-FOR-US: 1-Script 1-Search
CVE-2005-4090 (Unspecified vulnerability in HP-UX B.11.00 to B.11.23, when IPSEC is ...)
	NOT-FOR-US: HP-UX
CVE-2005-4089 (Microsoft Internet Explorer allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-4088 (SQL injection vulnerability in index.php in phpForumPro 2.2 allows ...)
	NOT-FOR-US: phpForumPro
CVE-2005-4087 (PHP remote file include vulnerability in acceptDecline.php in Sugar ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4086 (Directory traversal vulnerability in acceptDecline.php in Sugar Suite ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-4085 (Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web ...)
	NOT-FOR-US: BlueCoat WinProxy
CVE-2005-4084 (xs_edit.php in the phpBB eXtreme Styles module 2.2.1 and earlier ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4083 (Directory traversal vulnerability in xs_edit.php in the eXtreme Styles ...)
	NOT-FOR-US: phpBB eXtreme Styles module
CVE-2005-4082 (The dhcp.client program for QNX 4.25 vmware is setuid, possibly by ...)
	NOT-FOR-US: QNX
CVE-2005-4081 (Multiple SQL injection vulnerabilities in Alisveristr E-commerce allow ...)
	NOT-FOR-US: Alisveristr E-commerce
CVE-2005-4080 (Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 ...)
	- imp4 4.0.4-1 (bug #342654; unimportant)
	NOTE: Internet Explorer bug, most definitely fixed since long, didn't check though
CVE-2005-4079 (The register_globals emulation in phpMyAdmin 2.7.0 rc1 allows remote ...)
	- phpmyadmin <not-affected> (Affects only 2.7.0)
CVE-2005-4078 (Multiple cross-site scripting (XSS) vulnerabilities in Ideal BB.NET ...)
	NOT-FOR-US: Ideal BB.NET
CVE-2005-4076 (Buffer overflow in Appfluent Technology Database IDS 2.0 allows local ...)
	NOT-FOR-US: Appfluent Technology Database IDS 2.0
CVE-2005-4075 (Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4074 (Directory traversal vulnerability in index.cfm in CF_Nuke 4.6 and ...)
	NOT-FOR-US: CF_Nuke
CVE-2005-4073 (SQL injection vulnerability in view_archive.cfm in CFMagic Magic List ...)
	NOT-FOR-US: Magic List Pro
CVE-2005-4072 (Cross-site scripting (XSS) vulnerability in CFMagic Magic Forum ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4071 (Multiple SQL injection vulnerabilities in CFMagic Magic Forum Personal ...)
	NOT-FOR-US: Magic Personal Forum
CVE-2005-4070
	REJECTED
CVE-2005-4069 (SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure ...)
	NOT-FOR-US: Sony root kit
CVE-2005-4068 (Unspecified &quot;absolute path vulnerability&quot; in umountall in IBM AIX 5.1 ...)
	NOT-FOR-US: AIX
CVE-2005-4067
	REJECTED
CVE-2005-4066 (Total Commander 6.53 uses weak encryption to store FTP usernames and ...)
	NOT-FOR-US: Total Commander
CVE-2005-4065 (SQL injection vulnerability in the search module in Edgewall Trac ...)
	{DSA-951-2}
	- trac 0.9.2-1 (bug #342232; medium)
	[sarge] - trac 0.8.1-3sarge4
CVE-2005-4064 (Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote ...)
	NOT-FOR-US: A-FAQ
CVE-2005-4063 (Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp ...)
	NOT-FOR-US: NetAuctionHelp
CVE-2005-4062 (Cross-site scripting (XSS) vulnerability in CPSearch.asp in ...)
	NOT-FOR-US: XcClassified
CVE-2005-4061 (Cross-site scripting (XSS) vulnerability in PASearch.asp in ...)
	NOT-FOR-US: XcPhotoAlbum
CVE-2005-4060 (Cross-site scripting (XSS) vulnerability in search.asp in rwAuction ...)
	NOT-FOR-US: rwAuction
CVE-2005-4059 (SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and ...)
	NOT-FOR-US: LocazoList
CVE-2005-4058 (SQL injection vulnerability in saralblog 1 and earlier allows remote ...)
	NOT-FOR-US: saralblog
CVE-2005-4057 (Cross-site scripting (XSS) vulnerability in search.php in PluggedOut ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4056 (SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 ...)
	NOT-FOR-US: PluggedOut Nexus
CVE-2005-4055 (SQL injection vulnerability in index.php in Cars Portal 1.1 and ...)
	NOT-FOR-US: Cars Portal
CVE-2005-4054 (SQL injection vulnerability in index.php in PluggedOut Blog 1.9.5 and ...)
	NOT-FOR-US: PluggedOut Bot
CVE-2005-4053 (Cross-site scripting (XSS) vulnerability in coWiki 0.3.4 allows remote ...)
	NOT-FOR-US: coWiki
CVE-2005-4052 (e107 0.6174 allows remote attackers to redirect users to other web ...)
	NOT-FOR-US: e107
CVE-2005-4051 (e107 0.6174 allows remote attackers to vote multiple times for a ...)
	NOT-FOR-US: e107
CVE-2005-4050 (Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with ...)
	NOT-FOR-US: MultiVOIP hardware
CVE-2005-4049 (Multiple SQL injection vulnerabilities in Blog System 1.2 allow remote ...)
	NOT-FOR-US: Blog System
CVE-2005-4048 (Heap-based buffer overflow in the avcodec_default_get_buffer function ...)
	{DSA-1005-1 DSA-1004-1 DSA-992-1}
	- ffmpeg 0.cvs20050918-5.1 (bug #342207; medium)
	- xmovie <removed>
	- xine-lib 1.0.1-1.5 (bug #342208; medium)
	- mplayer <not-affected> (Fixed before initial upload)
	- gst-ffmpeg 0.8.7-5 (bug #343503; medium)
	- vlc 0.8.4.debian-2 (medium)
	NOTE: kino, smilutils, motion and vlc link statically against libavcodec, need a recompile once ffmpeg is fixed
	NOTE: smilutils, motion, kino link statically against libavcodec, but don't use the vulnerable function
CVE-2005-4047 (Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ...)
	NOT-FOR-US: IISWorks ASPKnowledgeBase
CVE-2005-4046 (Unspecified vulnerability in Reverse SSL Proxy Plug-in for Sun Java ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-4045 (Unspecified vulnerability in System Communications Services 6 ...)
	NOT-FOR-US: Sun Java System Messaging Server
CVE-2005-4044 (Cross-site scripting (XSS) vulnerability in search.cgi in Amazon ...)
	NOT-FOR-US: Amazon Search Directory
CVE-2005-4043 (SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and ...)
	NOT-FOR-US: Hobosworld HobSR
CVE-2005-4042 (Cross-site scripting (XSS) vulnerability in Warm Links 1.0.0 and ...)
	NOT-FOR-US: Warm Links
CVE-2005-4041 (Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy ...)
	NOT-FOR-US: MR CGI Guy Hot Links SQL
CVE-2005-4040 (SQL injection vulnerability in FileLister 0.51 and earlier allows ...)
	NOT-FOR-US: FileLister
CVE-2005-4039 (Directory traversal vulnerability in arhiva.php in Web4Future Portal ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4038 (SQL injection vulnerability in comentarii.php in Web4Future Portal ...)
	NOT-FOR-US: Web4Future Portal Solutions News Portal
CVE-2005-4037 (SQL injection vulnerability in functions.php in Web4Future Affiliate ...)
	NOT-FOR-US: Web4Future Affiliate Manager
CVE-2005-4036 (Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future ...)
	NOT-FOR-US: Web4Future Keyboard Frequency Counter
CVE-2005-4035 (Multiple SQL injection vulnerabilities in Web4Future eCommerce ...)
	NOT-FOR-US: Web4Future eCommerce Enterprise Edition
CVE-2005-4034 (Multiple SQL injection vulnerabilities in Web4Future eDating ...)
	NOT-FOR-US: Web4Future eDating Professional
CVE-2005-4033 (Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data ...)
	NOT-FOR-US: Nodezilla
CVE-2005-4032 (Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search ...)
	NOT-FOR-US: Easy Search System
CVE-2005-4031 (Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows ...)
	- mediawiki <not-affected> (Only affects the 1.5 branch)
CVE-2005-4030 (SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows ...)
	NOT-FOR-US: Quicksilver Forums
CVE-2005-4029 (WebEOC before 6.0.2 allows remote attackers to obtain valid usernames ...)
	NOT-FOR-US: WebEOC
CVE-2005-4028 (Multiple cross-site scripting (XSS) vulnerabilities in aMember allow ...)
	NOT-FOR-US: aMember
CVE-2005-4027 (SQL injection vulnerability in SimpleBBS 1.1 allows remote attackers ...)
	NOT-FOR-US: SimpleBBS
CVE-2005-4026 (search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before ...)
	NOT-FOR-US: Geeklog
CVE-2005-4025 (Help Desk Reloaded Free Help Desk does not remove or protect ...)
	NOT-FOR-US: Help Desk Reloaded Free Help Desk
CVE-2005-4024 (Cross-site scripting (XSS) vulnerability in Interspire FastFind 2004 ...)
	NOT-FOR-US: Interspire FastFind
CVE-2005-4023 (Unspecified vulnerability in the zipcart module in Gallery 2.0 before ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4022 (Cross-site scripting (XSS) vulnerability in the &quot;Add Image From Web&quot; ...)
	- gallery2 2.0.2-1 (medium)
CVE-2005-4021 (The installer for Gallery 2.0 before 2.0.2 stores the install log ...)
	- gallery2 2.0.2-1 (low)
CVE-2005-4020 (SQL injection vulnerability in create.php in Widget Imprint 1.0.26 and ...)
	NOT-FOR-US: Widget Imprint
CVE-2005-4019 (SQL injection vulnerability in index.php in Relative Real Estate ...)
	NOT-FOR-US: Relative Real Estate Systems
CVE-2005-4018 (SQL injection vulnerability in ls.php in Landshop Real Estate Commerce ...)
	NOT-FOR-US: Landshop Real Estate Commerce System
CVE-2005-4017 (property.php in Widget Property 1.1.19 allows remote attackers to ...)
	NOT-FOR-US: Widget Property
CVE-2005-4016 (SQL injection vulnerability in Widget Property 1.1.19 allows remote ...)
	NOT-FOR-US: Widget Property
CVE-2005-4015 (PHP Web Statistik 1.4 does not rotate the log database or limit the ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4014 (stat.php in PHP Web Statistik 1.4 allows remote attackers to cause a ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4013 (PHP Web Statistik 1.4 stores the stat.cfg file under the web root with ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4012 (Multiple cross-site scripting (XSS) vulnerabilities in PHP Web ...)
	NOT-FOR-US: PHP Web Statistik
CVE-2005-4011 (SQL injection vulnerability in calendar.php in Codewalkers ltwCalendar ...)
	NOT-FOR-US: Codewalkers ltwCalendar
CVE-2005-4010 (SQL injection vulnerability in KBase Express 1.0.0 and earlier allows ...)
	NOT-FOR-US: Kbase Express
CVE-2005-4009 (Multiple SQL injection vulnerabilities in PHP Lite Calendar Express ...)
	NOT-FOR-US: PHP Lite Calender Express
CVE-2005-4008 (SQL injection vulnerability in jax_calendar.php in Jax Calendar 1.34 ...)
	NOT-FOR-US: Jax Calendar
CVE-2005-4077 (Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 ...)
	{DSA-919-2}
	- curl 7.15.1-1 (bug #342339; bug #342696; medium)
CVE-2005-4007 (Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4006 (SAPID CMS before 1.2.3.03 allows remote attackers to bypass ...)
	NOT-FOR-US: SAPID CMS
CVE-2005-4005 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-4004 (Cross-site scripting (XSS) vulnerability in search.asp in ...)
	NOT-FOR-US: MyTemplateSite
CVE-2005-4003 (Multiple SQL injection vulnerabilities in Absolute Shopping Package ...)
	NOT-FOR-US: Absolute Shopping Package Solutions (ASPS) Shopping Cart
CVE-2005-4002 (WebEOC before 6.0.2 uses the same secret key for all installations, ...)
	NOT-FOR-US: WebEOC
CVE-2005-4001 (Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and ...)
	NOT-FOR-US: phpYellowTM Pro Edition
CVE-2005-4000 (Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater ...)
	NOT-FOR-US: SiteBeater News System
CVE-2005-3999 (Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater ...)
	NOT-FOR-US: SiteBeater MP3 Catalog
CVE-2005-3998 (Cross-site scripting (XSS) vulnerability in search.asp in Solupress ...)
	NOT-FOR-US: Solupress News
CVE-2005-3997 (Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3996 (SQL injection vulnerability in admin/password_forgotten.php in ...)
	NOT-FOR-US: Zen Cart
CVE-2005-3995 (Format string vulnerability in the dosyslog function in the OBEX ...)
	NOT-FOR-US: Sobexsrv
	NOTE: Checked obexserver source package, not vulnerable
CVE-2005-3994
	REJECTED
CVE-2005-3993 (Multiple unspecified vulnerabilities in MailEnable Professional 1.6 ...)
	NOT-FOR-US: MailEnable
CVE-2005-3992 (Multiple buffer overflows in WinEggDropShell remote access trojan ...)
	NOT-FOR-US: WinEggDropShell
CVE-2005-3991 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat ...)
	NOT-FOR-US: phpMyChat
CVE-2005-3990
	REJECTED
CVE-2005-3989 (Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack ...)
	NOT-FOR-US: Avaya hardware
CVE-2005-3988 (SQL injection vulnerability in article.php in Pineapple Technologies ...)
	NOT-FOR-US: Pineapple Technologies Lore
CVE-2005-3987 (Multiple SQL injection vulnerabilities in Tradesoft CMS allow remote ...)
	NOT-FOR-US: Tradesoft CMS
CVE-2005-3986 (Multiple SQL injection vulnerabilities in Instant Photo Gallery 1 and ...)
	NOT-FOR-US: Instant Photo Gallery
CVE-2005-3985 (The Internet Key Exchange version 1 (IKEv1) implementation in Astaro ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2005-3984 (SQL injection vulnerability in WebCalendar 1.0.1 allows remote ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3983 (Unknown vulnerability in the login page for HP Systems Insight Manager ...)
	NOT-FOR-US: HP Systems Insight Manager
CVE-2005-3982 (CRLF injection vulnerability in layers_toggle.php in WebCalendar 1.0.1 ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #342090)
CVE-2005-3981 (** DISPUTED ** ...)
	NOT-FOR-US: Windows
CVE-2005-3980 (SQL injection vulnerability in the ticket query module in Edgewall ...)
	- trac 0.9.1-1 (bug #341697; medium)
	[sarge] - trac <not-affected>
CVE-2005-3979 (relocate_server.php in Coppermine Photo Gallery (CPG) 1.4.2 and 1.4 ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-3978 (Multiple SQL injection vulnerabilities in NetClassifieds Premium ...)
	NOT-FOR-US: NetClassifieds Premium Edition
CVE-2005-3977 (Cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC ...)
	NOT-FOR-US: QualityEBiz Quality PPC
CVE-2005-3976 (SQL injection vulnerability in type.asp, as used in multiple DUware ...)
	NOT-FOR-US: Multipke DuWare products
CVE-2005-3975 (Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3974 (Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3, when running on ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (low)
CVE-2005-3973 (Multiple cross-site scripting (XSS) vulnerabilities in Drupal 4.5.0 ...)
	{DSA-958-1}
	- drupal 4.5.6-1 (bug #348811; medium)
CVE-2005-3972 (Cross-site scripting (XSS) vulnerability in extremesearch.php in ...)
	NOT-FOR-US: Extreme Search Corporate Edition
CVE-2005-3971 (Cross-site scripting (XSS) vulnerability in the login form in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2005-3970 (Cross-site scripting (XSS) vulnerability in MXChange before ...)
	NOT-FOR-US: MXChange
CVE-2005-3969 (SQL injection vulnerability in MXChange before 0.2.0-pre10 PL492 ...)
	NOT-FOR-US: MXChange
CVE-2005-3968 (SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier ...)
	NOT-FOR-US: PHPX
CVE-2005-3967 (Cross-site scripting (XSS) vulnerability in the dosearchsite.action ...)
	NOT-FOR-US: Atlassian Confluence
CVE-2005-3966 (Cross-site scripting (XSS) vulnerability in search.jsp in Java Search ...)
	NOT-FOR-US: Java Search Engine
CVE-2005-3965
	REJECTED
CVE-2005-3964 (Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, ...)
	- openmotif 2.2.3-1.4 (bug #342092; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-3963 (SQL injection vulnerability in session.php in DotClear before 1.2.3 ...)
	NOT-FOR-US: DotClear
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in ...)
	NOT-FOR-US: Eudora
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
	NOT-FOR-US: FreezeX
CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote ...)
	NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which ...)
	NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire ...)
	NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before ...)
	NOT-FOR-US: LinuxStat
CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows ...)
	NOT-FOR-US: Journalness
CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote ...)
	NOT-FOR-US: osCommerce
CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
	NOT-FOR-US: Zyxel hardware
CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
	NOT-FOR-US: TinyWeb
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System ...)
	NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX ...)
	NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous ...)
	NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2630 (The MIME transformation system ...)
	- phpmyadmin 2:2.6.0-pl2-1
CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Click to Meet express
CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, ...)
	- thttpd <not-affected> (Windows-specific vulnerabilities)
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
	NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular ...)
	NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows ...)
	NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in &quot;TextSearch&quot; in WackoWiki ...)
	NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when ...)
	NOT-FOR-US: Rippy the Aggregator
CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when ...)
	NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly ...)
	NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail ...)
	NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
	NOT-FOR-US: ActivePost Standard
CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions ...)
	NOT-FOR-US: Cutenews
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MyWeb
CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
	- kernel-patch-ctx 1:1.28-1 (bug #262903; medium)
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, ...)
	NOT-FOR-US: BNC
CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28 ...)
	NOT-FOR-US: Sophster suite
CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain ...)
	NOT-FOR-US: mntd
CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 ...)
	NOT-FOR-US: Symantec PowerQuest DeployCenter
CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the &quot;news ...)
	NOT-FOR-US: SmartWebby Smart Guest Book
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...)
	- kernel-patch-ctx 1:1.29-1
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2005-3962 (Integer overflow in the format string functionality (Perl_sv_vcatpvfn) ...)
	{DSA-943-1}
	- perl 5.8.7-9 (bug #341542; medium)
CVE-2006-0034 (Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext ...)
	NOT-FOR-US: Microsoft
CVE-2006-0033 (Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office ...)
	NOT-FOR-US: Microsoft
CVE-2006-0032 (Cross-site scripting (XSS) vulnerability in the Indexing Service in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0031 (Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0030 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0029 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0028 (Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0027 (Unspecified vulnerability in Microsoft Exchange allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-0026 (Buffer overflow in Microsoft Internet Information Services (IIS) 5.0, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0025 (Stack-based buffer overflow in Microsoft Windows Media Player 9 and 10 ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2006-0024 (Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 ...)
	- flashplugin-nonfree 7.0.61-4 (bug #357038; bug #357105)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2006-0023 (Microsoft Windows XP SP1 and SP2 before August 2004, and possibly ...)
	NOT-FOR-US: Microsoft
CVE-2006-0022 (Unspecified vulnerability in Microsoft PowerPoint in Microsoft Office ...)
	NOT-FOR-US: Microsoft PowerPoint
CVE-2006-0021 (Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0020 (An unspecified Microsoft WMF parsing application, as used in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2006-0018
	REJECTED
CVE-2005-3961 (export_handler.php in WebCalendar 1.0.1 allows remote attackers to ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3960 (Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kadu
CVE-2005-3959 (Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 ...)
	NOT-FOR-US: FreeWebStat
CVE-2005-3958 (SQL injection vulnerability in index.php in Entergal MX 2.0 allows ...)
	NOT-FOR-US: Entergal MX
CVE-2005-3957 (Unspecified vulnerability in the Trackback functionality in DotClear ...)
	NOT-FOR-US: DotClear
CVE-2005-3956 (Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 ...)
	NOT-FOR-US: DMANews
CVE-2005-3955 (Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, ...)
	NOT-FOR-US: MagpieRSS
CVE-2005-3954 (Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows ...)
	NOT-FOR-US: blogBuddies
CVE-2005-3953 (SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers ...)
	NOT-FOR-US: Bedeng PSP
CVE-2005-3952 (SQL injection vulnerability in PHP Labs Top Auction allows remote ...)
	NOT-FOR-US: PHP Labs Top Auction
CVE-2005-3951 (SQL injection vulnerability in survey.php in PHP Labs Survey Wizard ...)
	NOT-FOR-US: PHP Labs Survey Wizard
CVE-2005-3950 (nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users ...)
	- nufw 1.0.16-1 (bug #341544; medium)
CVE-2005-3949 (Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow ...)
	{DSA-1002-1}
	- webcalendar 1.0.2-1 (bug #341208; medium)
CVE-2005-3948 (Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and ...)
	NOT-FOR-US: PHPAlbum
CVE-2005-3947 (Directory traversal vulnerability in index.php in PHP Upload Center ...)
	NOT-FOR-US: PHP Upload Center
CVE-2005-3946 (Opera 8.50 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2005-3945 (The SynAttackProtect protection in Microsoft Windows 2003 before SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3944 (SQL injection vulnerability in survey.php in ilyav Survey System 1.1 ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3943 (Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and ...)
	NOT-FOR-US: ilyav Survey System
CVE-2005-3942 (SQL injection vulnerability in knowledgebase-control.php in Orca ...)
	NOT-FOR-US: Orca Knowledgebase
CVE-2005-3941 (SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier ...)
	NOT-FOR-US: Orca Blog
CVE-2005-3940 (SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c ...)
	NOT-FOR-US: Orca Ringmaker
CVE-2005-3939 (Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and ...)
	NOT-FOR-US: WSN Knowledge Base
CVE-2005-3938 (SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler ...)
	NOT-FOR-US: Softbiz FAQ
CVE-2005-3937 (SQL injection vulnerability in Softbiz B2B Trading Marketplace Script ...)
	NOT-FOR-US: Softbiz B2B
CVE-2005-3936 (PHP file include vulnerability in SocketKB 1.1.0 and earlier allows ...)
	NOT-FOR-US: SocketKB
CVE-2005-3935 (SQL injection vulnerability in SocketKB 1.1.0 and earlier allows ...)
	NOT-FOR-US: SocketKB
CVE-2005-3934 (Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-3933 (SQL injection vulnerability in index.php in 88Script's Event Calendar ...)
	NOT-FOR-US: 88Script's Event Calendar
CVE-2005-3932 (SQL injection vulnerability in okiraku.php in O-Kiraku Nikki 1.3 and ...)
	NOT-FOR-US: O-Kiraku Nikki
CVE-2005-3931 (SQL injection vulnerability in default.asp in ASP-Rider 1.6 allows ...)
	NOT-FOR-US: ASP-Rider
CVE-2005-3930 (SQL injection vulnerability in index.php in N-13 News 1.2 allows ...)
	NOT-FOR-US: N-13 News
CVE-2005-3929 (Directory traversal vulnerability in the create function in ...)
	NOT-FOR-US: Xaraya
	NOTE: xarMLSXML2PHPBackend.php, 'nuff said
CVE-2005-3928 (Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users ...)
	NOT-FOR-US: QNX
CVE-2005-3927 (Multiple directory traversal vulnerabilities in GuppY 4.5.9 and ...)
	NOT-FOR-US: GuppY
CVE-2005-3926 (Direct static code injection vulnerability in error.php in GuppY 4.5.9 ...)
	NOT-FOR-US: GuppY
CVE-2005-3925 (Multiple SQL injection vulnerabilities in Central Manchester CLC ...)
	NOT-FOR-US: Central Manchester CLC Helpdesk Issue Manager
CVE-2005-3924 (SQL injection vulnerability in themes/kategorie/index.php in Randshop ...)
	NOT-FOR-US: Randshop
CVE-2005-3923 (NetObjects Fusion 9 (NOF9) allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: NetObjects Fusion
CVE-2005-3922 (Heap-based buffer overflow in pskcmp.dll in Panda Software Antivirus ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3921 (Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for ...)
	NOT-FOR-US: IOS
CVE-2005-3920 (SQL injection vulnerability in Babe Logger 2 allows remote attackers ...)
	NOT-FOR-US: Babe Logger
CVE-2005-3919 (Cross-site scripting (XSS) vulnerability in PBLang 4.65 allows remote ...)
	NOT-FOR-US: PBLang
CVE-2005-3918 (** DISPUTED ** ...)
	NOT-FOR-US: OvBB
CVE-2005-3917 (SQL injection vulnerability in usersession in CommodityRentals 2.0 ...)
	NOT-FOR-US: CommidityRentals
CVE-2005-3916 (SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows ...)
	NOT-FOR-US: WSN Forum
CVE-2005-3915 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
	NOT-FOR-US: Clavister Web Client
CVE-2005-3914 (Multiple SQL injection vulnerabilities in AFFcommerce 1.1.4 allow ...)
	NOT-FOR-US: AFFcommerce
CVE-2005-3913 (Unspecified vulnerability in the domain alias management in Virtual ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3912 (Format string vulnerability in miniserv.pl Perl web server in Webmin ...)
	{DSA-1199-1}
	- webmin <not-affected> (Fixed through corrected Perl)
	NOTE: No longer exploitable with Perl 5.8.7-9, thus no dedicated Webmin updated
CVE-2005-3911 (Multiple SQL injection vulnerabilities in calendar.php in BosDates 4.0 ...)
	NOT-FOR-US: BosDates
CVE-2005-3910 (merchants/index.php in Post Affiliate Pro 2.0.4 and earlier, with ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3909 (SQL injection vulnerability in merchants/index.php in Post Affiliate ...)
	NOT-FOR-US: Post Affiliate Pro
CVE-2005-3908 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: GhostScripter Amazon Shop
CVE-2005-3907 (Unspecified vulnerability in Java Runtime Environment in Java JDK and ...)
	NOT-FOR-US: Sun Java
CVE-2005-3906 (Multiple unspecified vulnerabilities in reflection APIs in Java SDK ...)
	NOT-FOR-US: Sun Java
CVE-2005-3905 (Unspecified vulnerability in reflection APIs in Java SDK and JRE ...)
	NOT-FOR-US: Sun Java
CVE-2005-3904 (Unspecified vulnerability in Java Management Extensions (JMX) in Java ...)
	NOT-FOR-US: Sun Java
CVE-2005-3903 (Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-3902 (Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in ...)
	NOT-FOR-US: Virtual Hosting Control System
CVE-2005-3901 (Macromedia Flash Communication Server MX 1.0 and 1.5 does not ...)
	NOT-FOR-US: Flash MX
CVE-2005-3900 (Macromedia Breeze Communication Server and Breeze Live Server does 5.1 ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3899 (The automatic update feature in Google Talk allows remote attackers to ...)
	NOT-FOR-US: Google Talk
CVE-2005-3898
	REJECTED
CVE-2005-3897 (Apple Safari 2.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Safari
	NOTE: Not reproducible with konqueror 4:3.4.2-4.
CVE-2005-3896 (Mozilla allows remote attackers to cause a denial of service (CPU ...)
	NOTE: maintainers don't believe it is a security bug and can't reproduce after 1.5.dfsg-1
	- firefox 1.5.dfsg-1 (bug #340283; bug #345469; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #340283; bug #345469; unimportant)
	- mozilla <removed> (bug #340282; unimportant)
CVE-2005-3895 (Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3894 (Multiple cross-site scripting (XSS) vulnerabilities in index.pl in ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3893 (Multiple SQL injection vulnerabilities in index.pl in Open Ticket ...)
	{DSA-973-1}
	- otrs 2.0.4p01-1 (bug #340352; medium)
CVE-2005-3892 (Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3891 (Stack-based buffer overflow in Gadu-Gadu 7.20 allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3890 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3889 (Gadu-Gadu 7.20 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3888 (Memory leak in Gadu-Gadu 7.20 allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3887 (Gadu-Gadu 7.20 does not properly handle MS-DOS device names in ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2005-3886 (Unspecified vulnerability in Cisco Security Agent (CSA) 4.5.0 and ...)
	NOT-FOR-US: Cisco
CVE-2005-3885 (The ps2epsi extension shell script (ps2epsi.sh) in Inkscape before ...)
	{DSA-916-1}
	- inkscape 0.42-1 (bug #321501; low)
CVE-2005-3884 (Multiple SQL injection vulnerabilities in the search action in Zainu ...)
	NOT-FOR-US: Zaimu
CVE-2005-3883 (CRLF injection vulnerability in the mb_send_mail function in PHP ...)
	- php4 4:4.4.2-1 (bug #341726; medium)
	- php5 5.1.1-1 (bug #341368; medium)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
CVE-2005-3882 (SQL injection vulnerability in answer.php in FAQSystems FAQRing ...)
	NOT-FOR-US: FAQRing Knowledge Base
CVE-2005-3881 (SQL injection vulnerability in search.php in AtlantisFAQ Knowledge ...)
	NOT-FOR-US: AtlantisFAQ Knowledge Base
CVE-2005-3880 (Multiple SQL injection vulnerabilities in Omnistar KBase 4.0 and ...)
	NOT-FOR-US: Omnistar KBase
CVE-2005-3879 (Multiple SQL injection vulnerabilities in Softbiz Resource Repository ...)
	NOT-FOR-US: Softbiz Resource Repository Script
CVE-2005-3878 (Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 ...)
	NOT-FOR-US: PHP Doc System
CVE-2005-3877 (Multiple SQL injection vulnerabilities in Simple Document Management ...)
	NOT-FOR-US: Simple Document Management System
CVE-2005-3876 (Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ...)
	NOT-FOR-US: AD Center ADC2000 NG Pro
CVE-2005-3875 (Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 ...)
	NOT-FOR-US: Enterprise Connector
CVE-2005-3874 (SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and ...)
	NOT-FOR-US: Netzbrett
CVE-2005-3873 (SQL injection vulnerability in topic.php in ShockBoard 3.0 and 4.0 ...)
	NOT-FOR-US: ShockBoard
CVE-2005-3872 (Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier ...)
	NOT-FOR-US: Ugroup
CVE-2005-3871 (Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) ...)
	NOT-FOR-US: JBB
CVE-2005-3870 (Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 ...)
	NOT-FOR-US: edmoBBS
CVE-2005-3869 (Cross-site scripting (XSS) vulnerability in index.php in Google API ...)
	NOT-FOR-US: Google API
CVE-2005-3868 (Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier ...)
	NOT-FOR-US: K-Search
CVE-2005-3867 (Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine ...)
	NOT-FOR-US: RevenuePilot Search Engine
CVE-2005-3866 (Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine ...)
	NOT-FOR-US: SearchFeed Search Engine
CVE-2005-3865 (SQL injection vulnerability in index.php in AllWeb search 3.0 and ...)
	NOT-FOR-US: AllWeb search
CVE-2005-3864 (SQL injection vulnerability in index.php in SourceWell 1.1.2 and ...)
	NOT-FOR-US: SourceWell
CVE-2005-3863 (Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and ...)
	{DSA-1088-1 DSA-1083-1 DTSA-23-1}
	- centericq 4.21.0-6 (bug #340959; medium)
	- orpheus 1.5-5 (bug #368402; medium)
	- motor 2:3.4.0-6 (bug #368400; medium)
	NOTE: DTSA is for centericq only
	NOTE: This affects Sarge and Woody centericq
	NOTE: This affects Sarge and Woody motor
CVE-2005-3862 (Buffer overflow in unalz before 0.53 allows remote attackers to ...)
	{DSA-959-1}
	- unalz 0.55-1 (bug #340842; medium)
CVE-2005-3861 (PHP remote file inclusion vulnerability in content.php in phpGreetz ...)
	NOT-FOR-US: phpGreetz
CVE-2005-3860 (PHP remote file inclusion vulnerability in athena.php in Oliver May ...)
	NOT-FOR-US: Oliver May Athena PHP Website Administration
CVE-2005-3859 (PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 ...)
	NOT-FOR-US: Q-News
CVE-2005-3858 (Memory leak in the ip6_input_finish function in ip6_input.c in Linux ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.12-6
CVE-2005-3856 (The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and ...)
	- krusader 1.70.0-1 (bug #336169; low)
	[sarge] - krusader <not-affected>
	NOTE: This seems to be a dupe of CVE-2006-3816, pinged MITRE
CVE-2005-3855 (SQL injection vulnerability in process.php in 1-2-3 music store allows ...)
	NOT-FOR-US: 1-2-3 music store
CVE-2005-3854 (Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS ...)
	NOT-FOR-US: EasyPageCMS
CVE-2005-3853 (SQL injection vulnerability in snews.php in sNews 1.3 and earlier ...)
	NOT-FOR-US: sNews
CVE-2005-3852 (SQL injection vulnerability in search.asp in Online Work Order Suite ...)
	NOT-FOR-US: Online Work Order Suite
CVE-2005-3851 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
	NOT-FOR-US: Online Attendance System
CVE-2005-3850 (Cross-site scripting (XSS) vulnerability in search.asp in Online ...)
	NOT-FOR-US: Online Knowledge Base System
CVE-2005-3846 (SQL injection vulnerability in news.php in Fantastic News 2.1.1 and ...)
	NOT-FOR-US: Fantastic News
CVE-2005-3845 (SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 ...)
	NOT-FOR-US: EZ Invoice Inc
CVE-2005-3844 (SQL injection vulnerability in phpWordPress PHP News and Article ...)
	NOT-FOR-US: phpWordpress, this is not the same as Wordpress
CVE-2005-3843 (SQL injection vulnerability in faq.php in Nicecoder iDesk 1.0 allows ...)
	NOT-FOR-US: Nicecode iDesk
CVE-2005-3842 (SQL injection vulnerability in index.php in pdjk-support suite 1.1a ...)
	NOT-FOR-US: pdjk-support suite
CVE-2005-3841 (Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), ...)
	NOT-FOR-US: kPlaylist
CVE-2005-3840 (SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier ...)
	NOT-FOR-US: Omnistar Live
CVE-2005-3839 (Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk ...)
	NOT-FOR-US: SupportPRO Supportdesk
CVE-2005-3838 (Multiple SQL injection vulnerabilities in search.php in IsolSoft ...)
	NOT-FOR-US: IsolSoft Support Center
CVE-2005-3837 (Cross-site scripting (XSS) vulnerability in the search module in ...)
	NOT-FOR-US: sCssBoard
CVE-2005-3836 (SQL injection vulnerability in DeskLance 2.3 and earlier allows remote ...)
	NOT-FOR-US: DeskLance
CVE-2005-3835 (PHP remote file inclusion vulnerability in support/index.php in ...)
	NOT-FOR-US: DeskLance
CVE-2005-3834 (Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 ...)
	NOT-FOR-US: Tunez
CVE-2005-3833 (SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier ...)
	NOT-FOR-US: Tunez
CVE-2005-3832 (Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3831 (Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, ...)
	NOT-FOR-US: SpeedProject products
CVE-2005-3830 (index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3829 (index.php in ActiveCampaign KnowledgeBuilder 2.4 and earlier allows ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3828 (SQL injection vulnerability in index.php in ActiveCampaign ...)
	NOT-FOR-US: ActiveCampaign SupportTrio
CVE-2005-3827 (SQL injection vulnerability in product_cat in AgileBill 1.4.92 and ...)
	NOT-FOR-US: AgileBill
CVE-2005-3826 (Multiple SQL injection vulnerabilities in Ezyhelpdesk 1.0 allow remote ...)
	NOT-FOR-US: Ezyhelpdesk
CVE-2005-3825 (SQL injection vulnerability in index.php in Comdev Vote Caster 3.1 and ...)
	NOT-FOR-US: Comdev Vote Caster
CVE-2005-3824 (The uploads module in vTiger CRM 4.2 and earlier allows remote ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3823 (The Users module in vTiger CRM 4.2 and earlier allows remote attackers ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3822 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3821 (Cross-site scripting (XSS) vulnerability in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3820 (Multiple directory traversal vulnerabilities in index.php in vTiger ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3819 (Multiple SQL injection vulnerabilities in vTiger CRM 4.2 and earlier ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3818 (Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 4.2 ...)
	NOT-FOR-US: vTiger CRM
CVE-2005-3817 (Multiple SQL injection vulnerabilities in Softbiz Web Host Directory ...)
	NOT-FOR-US: Softbiz Web Host Directory
CVE-2005-3816 (Multiple SQL injection vulnerabilities in forum.php in freeForum 1.1 ...)
	NOT-FOR-US: freeForum
CVE-2005-3815 (SQL injection vulnerability in forum.php in Orca Forum 4.3b and ...)
	NOT-FOR-US: Orca Forum
CVE-2005-3814 (Multiple cross-site scripting (XSS) vulnerabilities in SmartPPC Pro ...)
	NOT-FOR-US: SmartPPC Pro
CVE-2005-3813 (IMAP service (meimaps.exe) of MailEnable Professional 1.7 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-3812 (freeFTPd 1.0.10 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3811 (Directory traversal vulnerability in admin/main.php in AMAX Magic ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3806 (The IPv6 flow label handling code (ip6_flowlabel.c) in Linux kernels ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3805 (A locking problem in POSIX timer cleanup handling on exit in Linux ...)
	- linux-2.6 2.6.14-1 (medium)
CVE-2005-3804 (Cisco IP Phone (VoIP) 7920 1.0(8) listens to UDP port 17185 to support ...)
	NOT-FOR-US: Cisco
CVE-2005-3803 (Cisco IP Phone (VoIP) 7920 1.0(8) contains certain hard-coded ...)
	NOT-FOR-US: Cisco
CVE-2005-3802 (Belkin F5D7232-4 and F5D7230-4 wireless routers with firmware 4.03.03 ...)
	NOT-FOR-US: Belkin hardware
CVE-2005-3801 (CounterPane PasswordSafe 1.x and 2.x allows local users to test ...)
	NOT-FOR-US: PasswordSafe
CVE-2005-3800 (Macromedia Contribute Publishing Server (CPS) before 1.11 uses a weak ...)
	NOT-FOR-US: Macromedia Contribute Publishing Server
CVE-2005-3799 (phpBB 2.0.18 allows remote attackers to obtain sensitive information ...)
	- phpbb2 <unfixed> (unimportant)
	NOTE: Not a real security problem, error messages might disclose the installation
	NOTE: which is known for the Debian package anyway
CVE-2005-3798 (SQL injection vulnerability in admin/index.php in AlstraSoft Template ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3797 (PHP remote file inclusion vulnerability in payment_paypal.php in ...)
	NOT-FOR-US: AlstraSoft Template Seller
CVE-2005-3796 (Direct static code injection vulnerability in admin_options_manage.php ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3795 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3794 (AlstraSoft Affiliate Network Pro 7.2 allows remote attackers to obtain ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3793 (Multiple SQL injection vulnerabilities in AlstraSoft Affiliate Network ...)
	NOT-FOR-US: AlstraSoft Affiliate Network
CVE-2005-3792 (Multiple SQL injection vulnerabilities in the Search module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3791 (HTTP response splitting vulnerability in phpAdsNew and phpPgAds 2.0.6 ...)
	NOT-FOR-US: phpAdsNew and phpPgAds
CVE-2005-3790 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpwcms
CVE-2005-3789 (Multiple directory traversal vulnerabilities in phpwcms 1.2.5 allow ...)
	NOT-FOR-US: phpwcms
CVE-2005-3788 (Race condition in Cisco Adaptive Security Appliance (ASA) 7.0(0), ...)
	NOT-FOR-US: Cisco
CVE-2005-3787 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #360726)
CVE-2005-3786 (Novell ZENworks for Desktops 4.0.1, ZENworks for Servers 3.0.2, and ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3785 (Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX ...)
	NOT-FOR-US: Ebuild IndeX
CVE-2005-3784 (The auto-reap of child processes in Linux kernel 2.6 before 2.6.15 ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3783 (The ptrace functionality (ptrace.c) in Linux kernel 2.6 before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3 (medium)
CVE-2005-3782 (Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the &quot;Name and ...)
	NOT-FOR-US: Apple
CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a ...)
	- astats <removed> (bug #287604)
CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy ...)
	NOT-FOR-US: PHProxy
CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) ...)
	NOT-FOR-US: Intel hardware
CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
	NOTE: There is a big note in the quake2 package stating that it is not secure.
	NOTE: Otherwise severity would be high.
CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...)
	NOT-FOR-US: ButtUglySoftware CleanCache
CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...)
	NOT-FOR-US: meindlSOFT Cute PHP Library
CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service ...)
	- gaim 0.82-1 (medium)
CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme ...)
	NOT-FOR-US: XMB
CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the ...)
	NOT-FOR-US: iChain
CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a ...)
	NOT-FOR-US: iChain
CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows ...)
	NOT-FOR-US: iChain
CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...)
	NOT-FOR-US: iChain
CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) ...)
	- phpgroupware 0.9.16.002-1
CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True, ...)
	- phpgroupware 0.9.14-0.RC3.1
CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create ...)
	- phpgroupware 0.9.16.000.1.cvs.20040620-1
CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain ...)
	- phpgroupware 0.9.14.007
CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare ...)
	- phpgroupware 0.9.14.007
CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ...)
	- phpgroupware 0.9.14.007
CVE-2005-3848 (Memory leak in the icmp_push_reply function in Linux 2.6 before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3847 (The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13-1
CVE-2005-3849 (Cross-site scripting (XSS) vulnerability in the Search module in ...)
	NOT-FOR-US: PmWiki
CVE-2003-XXXX [Insecure tempfile in x-face-el]
	- x-face-el 1.3.6.23-1
	NOTE: DSA-340
CVE-2005-3781 (Unspecified vulnerability in in.named in Solaris 9 allows attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-3780 (Multiple buffer overflows in IPUpdate 1.1 might allow attackers to ...)
	NOT-FOR-US: IPUpdate
CVE-2005-3779 (Unspecified vulnerability in xterm for HP-UX 11.00, 11.11, and 11.23 ...)
	NOT-FOR-US: HP-UX
CVE-2005-3778 (Unspecified vulnerability in MyBulletinBoard (MyBB) before 1.0 PR2 Rev ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3777 (MyBulletinBoard (MyBB) 1.0 PR2 Rev 686 allows remote attackers to ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3776 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3775 (PHP remote file inclusion vulnerability in pollvote.php in PollVote ...)
	NOT-FOR-US: PollVote
CVE-2005-3774 (Cisco PIX 6.3 and 7.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2005-3773 (Unspecified vulnerability in Joomla! before 1.0.4 has unknown impact ...)
	NOT-FOR-US: Joomla
CVE-2005-3772 (Multiple SQL injection vulnerabilities in Joomla! before 1.0.4 allow ...)
	NOT-FOR-US: Joomla
CVE-2005-3771 (Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before ...)
	NOT-FOR-US: Joomla
CVE-2005-3770 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Post (PHPp) ...)
	NOT-FOR-US: PHP-Post
CVE-2005-3769 (SQL injection vulnerability in files.php in PHP Download Manager 1.1.3 ...)
	NOT-FOR-US: PHP Download Manager
CVE-2005-3768 (Buffer overflow in the Internet Key Exchange version 1 (IKEv1) ...)
	NOT-FOR-US: Symantec appliances
CVE-2005-3767 (Exponent CMS 0.96.3 and later versions does not properly restrict the ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3766 (Exponent CMS 0.96.3 and later versions stores sensitive user pages ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3765 (Exponent CMS 0.96.3 and later versions performs a chmod on uploaded ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3764 (The image gallery (imagegallery) component in Exponent CMS 0.96.3 and ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3763 (Exponent CMS 0.96.3 and later versions includes the full installation ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3762 (SQL injection vulnerability in the navigation module ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3761 (Cross-site scripting (XSS) vulnerability in Exponent CMS 0.96.3 and ...)
	NOT-FOR-US: Exponent CMS
CVE-2005-3760 (Double free vulnerability in the BBOORB module in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2005-3758 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3757 (The Saxon XSLT parser in Google Mini Search Appliance, and possibly ...)
	NOTE: XSLTs can call arbitrary java methods in libsaxon-java. This behaviour
	NOTE: is well documented and can be switched off. Let's hope that all users
	NOTE: of saxon are aware of this. A warning has been added to the readme.
	NOTE: Current rdependencies:
	- ooo2dbk <not-affected> (uses it's own xslt unless overridden by command line arg)
CVE-2005-3756 (Google Mini Search Appliance, and possibly Google Search Appliance, ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3755 (Directory traversal vulnerability in Google Mini Search Appliance, and ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3754 (Cross-site scripting (XSS) vulnerability in Google Mini Search ...)
	NOT-FOR-US: Google search appliance
CVE-2005-3750 (Opera before 8.51 on Linux and Unix systems allows remote attackers to ...)
	NOT-FOR-US: Opera
CVE-2005-3749 (Unspecified &quot;absolute path vulnerabilities&quot; in the diagela command ...)
	NOT-FOR-US: AIX
CVE-2005-3748 (SQL injection vulnerability in the Search module in Tru-Zone Nuke ET ...)
	NOT-FOR-US: Tru-Zone Nuke ET
CVE-2005-3747 (Unspecified vulnerability in Jetty before 5.1.6 allows remote ...)
	- jetty 5.1.8-1 (bug #340582; medium)
CVE-2005-3746 (SQL injection vulnerability in thread.php in APBoard allows remote ...)
	NOT-FOR-US: APBoard
CVE-2005-3745 (Cross-site scripting (XSS) vulnerability in Apache Struts 1.2.7, and ...)
	- libstruts1.2-java 1.2.8-1 (bug #340583; medium)
	[sarge] - libstruts1.2-java <no-dsa> (Only in contrib, relies on proprietary Java)
CVE-2005-3744 (SQL injection vulnerability in index.php in phpComasy 0.7.5 and ...)
	NOT-FOR-US: phpComasy
CVE-2005-3743 (SQL injection vulnerability in results.php in SimplePoll allows remote ...)
	NOT-FOR-US: SimplePoll
CVE-2005-3742 (Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2005-3741 (Almond Classifieds does not properly verify the password, which allows ...)
	NOT-FOR-US: Almond Classifieds
CVE-2005-3740 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3739 (Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3738 (globals.php in Mambo Site Server 4.0.14 and earlier, when ...)
	NOT-FOR-US: Mambo
CVE-2005-3737 (Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 ...)
	{DSA-916-1 DTSA-24-1}
	- inkscape 0.43-1 (bug #330894; medium)
CVE-2005-3736 (Multiple cross-site scripting (XSS) vulnerabilities in e-Quick Cart ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3735 (Multiple SQL injection vulnerabilities in e-Quick Cart allow remote ...)
	NOT-FOR-US: e-Quick Cart
CVE-2005-3734 (Cross-site scripting (XSS) vulnerability in the &quot;add content&quot; page in ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-3733 (The Internet Key Exchange version 1 (IKEv1) implementation in Juniper ...)
	NOT-FOR-US: Juniper products using IKE
CVE-2005-3732 (The Internet Key Exchange version 1 (IKEv1) implementation ...)
	{DSA-965-1}
	- ipsec-tools 1:0.6.3-1 (bug #340584; low)
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain ...)
	NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote ...)
	- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and ...)
	NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
	NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
	NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld ...)
	NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
	NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business ...)
	NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences ...)
	NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...)
	NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
	NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...)
	NOT-FOR-US: Sambar
CVE-2005-3808 (Integer overflow in the invalidate_inode_pages2_range function in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3809 (The nfattr_to_tcp function in ip_conntrack_proto_tcp.c in ctnetlink in ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3810 (ip_conntrack_proto_icmp.c in ctnetlink in Linux kernel 2.6.14 up to ...)
	- linux-2.6 2.6.14-4 (medium)
	[sarge] - kernel-source-2.4.27 <not-affected> (Vulnerable code not present)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code not present)
CVE-2005-3759 (Multiple cross-site scripting (XSS) vulnerabilities in Horde before ...)
	{DSA-909-1}
	- horde3 3.0.7-1 (bug #340323; medium)
CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...)
	{DSA-907-1}
	- ipmenu 0.0.3-5
CVE-2005-3731 (Unspecified vulnerability in yaSSL before 1.0.6 has unknown impact and ...)
	- cyassl <not-affected> (Fixed before initial upload to archive)
CVE-2005-3730 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3729 (Idetix Software Systems Revize CMS allows remote attackers to obtain ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3728 (Idetix Software Systems Revize CMS stores conf/revize.xml under the ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3727 (SQL injection vulnerability in debug/query_results.jsp in Idetix ...)
	NOT-FOR-US: Revize CMS
CVE-2005-3726 (SQL injection vulnerability in Interspire ArticleLive NX 0.3 allows ...)
	NOT-FOR-US: ArticleLive NX
CVE-2005-3725 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 uses hardcoded IP ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3724 (Zyxel P2000W Version 1 VOIP WIFI Phone Wj.00.10 allows remote ...)
	NOT-FOR-US: Zyxel WIFI Phone
CVE-2005-3723 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 does not allow the user to ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3722 (The SNMP v1/v2c daemon in Hitachi IP5000 VOIP WIFI Phone 1.5.6 allows ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3721 (The default configuration of the HTTP server in Hitachi IP5000 VOIP ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3720 (The default index page in the HTTP server in Hitachi IP5000 VOIP WIFI ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3719 (Hitachi IP5000 VOIP WIFI Phone 1.5.6 has a hard-coded administrator ...)
	NOT-FOR-US: Hitachi WIFI Phone
CVE-2005-3718 (UTStarcom F1000 VOIP WIFI Phone s2.0 running VxWorks 5.5.1 with kernel ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3717 (The telnet daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3716 (The SNMP daemon in UTStarcom F1000 VOIP WIFI Phone s2.0 running ...)
	NOT-FOR-US: UTStarcom WIFI Phone
CVE-2005-3715 (Senao SI-680H Wireless VoIP Phone Firmware 0.03.0839 leaves the ...)
	NOT-FOR-US: Senao Wireless VoIP Phone
CVE-2005-3699 (Opera Web Browser 8.50 and 8.0 through 8.0.2 allows remote attackers ...)
	NOT-FOR-US: Opera
CVE-2005-3698 (PHP Easy Download allows remote attackers to bypass authentication via ...)
	NOT-FOR-US: PHP Easy Download
CVE-2005-3697 (Unspecified vulnerability in the administration interface in Uresk ...)
	NOT-FOR-US: Uresk Links Lite
CVE-2005-3696 (SQL injection vulnerability in Arki-DB 1.0 and 2.0 allows remote ...)
	NOT-FOR-US: Arki-DB
CVE-2005-3695 (Cross-site scripting (XSS) vulnerability in admin/config/confMgr.php ...)
	NOT-FOR-US: LiteSpeed Webserver
CVE-2005-3694 (centericq 4.20.0-r3 with &quot;Enable peer-to-peer communications&quot; set ...)
	{DSA-912-1}
	- centericq 4.21.0-4 (bug #334089; low)
CVE-2005-3693 (The AxWebRemoveCtrl ActiveX control for uninstalling the SunnComm ...)
	NOT-FOR-US: SunnComm MediaMax DRM
CVE-2005-3692 (Cross-site scripting (XSS) vulnerability in AMAX Magic Winmail Server ...)
	NOT-FOR-US: AMAX Magic Winmail Server
CVE-2005-3691 (Directory traversal vulnerability in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3690 (Stack-based buffer overflow in the IMAP service (meimaps.exe) of ...)
	NOT-FOR-US: MailEnable Professional
CVE-2005-3689 (post.php in XMB 1.9.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: XMB
CVE-2005-3688 (Cross-site scripting (XSS) vulnerability in members.php in XMB 1.9.3 ...)
	NOT-FOR-US: XMB
CVE-2005-3687 (cancel_account.php in WHM AutoPilot 2.5.30 and earlier allows remote ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2005-3686 (SQL injection vulnerability in search.inc.php in Unclassified ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-3685 (Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2005-3684 (Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3683 (Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging ...)
	NOT-FOR-US: freeFTPd
CVE-2005-3682 (Multiple SQL injection vulnerabilities in Wizz Forum 1.20 allow remote ...)
	NOT-FOR-US: Wizz Forum
CVE-2005-3681 (SQL injection vulnerability in viewcat.php in XOOPS WF-Downloads ...)
	NOT-FOR-US: Xoops
CVE-2005-3680 (Directory traversal vulnerability in editor_registry.php in XOOPS ...)
	NOT-FOR-US: Xoops
CVE-2005-3679 (SQL injection vulnerability in admin/index.php in ActiveCampaign ...)
	NOT-FOR-US: ActiveCampaign 1-2-All Broadcast Email
CVE-2005-3678 (Google Talk before 1.0.0.76, with email notification enabled, allows ...)
	NOT-FOR-US: Google Talk
CVE-2005-3677 (Buffer overflow in RealNetworks RealPlayer 10 and 10.5 allows remote ...)
	- helix-player <not-affected>
CVE-2005-3676 (SQL injection vulnerability in download.php in PhpWebThings 1.4.4 ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3675 (The Transmission Control Protocol (TCP) allows remote attackers to ...)
	NOTE: Generic protocol weakness, likely hard to fix at the kernel
	NOTE: level without performance impact.
CVE-2005-3674 (The Internet Key Exchange version 1 (IKEv1) implementation in the ...)
	NOT-FOR-US: libike from Solaris
CVE-2005-3673 (The Internet Key Exchange version 1 (IKEv1) implementation in Check ...)
	NOT-FOR-US: Check Point's IKE implementation
CVE-2005-3672 (The Internet Key Exchange version 1 (IKEv1) implementation in ...)
	NOT-FOR-US: StoneGate's IKE implementation
CVE-2005-3671 (The Internet Key Exchange version 1 (IKEv1) implementation in Openswan ...)
	- openswan 1:2.4.4-1 (bug #339082; low)
	[sarge] - openswan <no-dsa> (Only exploitable in inherently insecure mode of operation)
	NOTE: Initial 2.4.3 didn't fix all the issues from the NISCC report
CVE-2005-3670 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
	NOT-FOR-US: HP-UX's IKE implementation
CVE-2005-3669 (Multiple unspecified vulnerabilities in the Internet Key Exchange ...)
	NOT-FOR-US: Cisco
CVE-2005-3668 (Multiple buffer overflows in multiple unspecified implementations of ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3667 (Multiple unspecified vulnerabilities in multiple unspecified ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3666 (Multiple unspecified format string vulnerabilities in multiple ...)
	NOT-FOR-US: Just a "meta CVE" for all the IKE issues, will possibly be rejected
CVE-2005-3665 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-2 (bug #340438; medium)
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
	NOT-FOR-US: Tivoli
CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses ...)
	NOT-FOR-US: FoolProof Security
CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost ...)
	NOT-FOR-US: Novell Client Firewall
CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
	- xboard 4.2.7-3 (bug #343560; unimportant)
CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow ...)
	NOT-FOR-US: Layton HelpBox
CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 ...)
	NOT-FOR-US: Nortel hardware
CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
	- samba 3.0.6-1
CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as ...)
	NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, ...)
	{DSA-1064-1}
	- cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
	NOTE: Sarge and Woody are affected
CVE-2005-XXXX [unsafe file permissions in vpnc]
	- vpnc 0.3.3+SVN20051028-3 (bug #340105; unimportant)
	NOTE: Only an example file
CVE-2006-0017
	RESERVED
CVE-2006-0016
	RESERVED
CVE-2006-0015 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0014 (Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2006-0013 (Buffer overflow in the Web Client service (WebClnt.dll) for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2006-0012 (Unspecified vulnerability in Windows Explorer in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2006-0011
	REJECTED
CVE-2006-0010 (Heap-based buffer overflow in T2EMBED.DLL in Microsoft Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0009 (Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other ...)
	NOT-FOR-US: Microsoft
CVE-2006-0008 (The ShellAbout API call in Korean Input Method Editor (IME) in Korean ...)
	NOT-FOR-US: Microsoft
CVE-2006-0007 (Buffer overflow in GIFIMP32.FLT, as used in Microsoft Office 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2006-0006 (Heap-based buffer overflow in the bitmap processing routine in ...)
	NOT-FOR-US: Microsoft
CVE-2006-0005 (Buffer overflow in the plug-in for Microsoft Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2006-0004 (Microsoft PowerPoint 2000 in Office 2000 SP3 has an interaction with ...)
	NOT-FOR-US: Microsoft
CVE-2006-0003 (Unspecified vulnerability in the RDS.Dataspace ActiveX control, which ...)
	NOT-FOR-US: RDS.Dataspace
CVE-2006-0002 (Unspecified vulnerability in Microsoft Outlook 2000 through 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2006-0001 (Stack-based buffer overflow in Microsoft Publisher 2000 through 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3714 (The network interface for Apple AirPort Express 6.x before Firmware ...)
	NOT-FOR-US: Apple AirPort
CVE-2005-3713 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3712 (Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 ...)
	NOT-FOR-US: Apple
CVE-2005-3711 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3710 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3709 (Integer underflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3708 (Integer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3707 (Buffer overflow in Apple Quicktime before 7.0.4 allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-3706 (Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3705 (Heap-based buffer overflow in WebKit in Mac OS X and OS X Server ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3704 (System log server in Mac OS X and OS X Server 10.4 through 10.4.3 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3703
	REJECTED
CVE-2005-3702 (Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote ...)
	NOT-FOR-US: Safari
CVE-2005-3701 (Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3700 (Unknown vulnerability in iodbcadmintool in the ODBC Administrator ...)
	NOT-FOR-US: Mac OS X
CVE-2005-3664 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3663 (Unquoted Windows search path vulnerability in Kaspersky Anti-Virus 5.0 ...)
	NOT-FOR-US: Kaspersky AV
CVE-2005-3662 (Off-by-one buffer overflow in pnmtopng before 2.39, when using the ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3661 (Dell TrueMobile 2300 Wireless Broadband Router running firmware ...)
	NOT-FOR-US: Dell hardware issue
CVE-2005-3660 (Linux kernel 2.4 and 2.6 allows attackers to cause a denial of service ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	NOTE: Design limitation, for rare corner cases, where this poses a problem advanced
	NOTE: resource management systems can be deployed
CVE-2005-3659 (nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3658 (Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x ...)
	NOT-FOR-US: EMC Legato NetWorker
CVE-2005-3657 (The ActiveX control in MCINSCTL.DLL for McAfee VirusScan Security ...)
	NOT-FOR-US: McAfee
CVE-2005-3656 (Multiple format string vulnerabilities in logging functions in ...)
	{DSA-935-1}
	[sarge] - libapache2-mod-auth-pgsql 2.0.2b1-5sarge0
	- libapache2-mod-auth-pgsql 2.0.2b1-7
	- libapache-mod-auth-pgsql <not-affected> (Does not contain the vulnerable ap_log_rerror() function)
CVE-2005-3655 (Heap-based buffer overflow in Novell Open Enterprise Server Remote ...)
	NOT-FOR-US: Novell Open Enterprise Server
CVE-2005-3654 (Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to ...)
	NOT-FOR-US: Blue Coat WinProxy
CVE-2005-3653 (Heap-based buffer overflow in the iGateway service for various ...)
	NOT-FOR-US: IGateway
CVE-2005-3652 (Heap-based buffer overflow in Citrix Program Neighborhood client 9.0 ...)
	NOT-FOR-US: Citrix
CVE-2005-3651 (Stack-based buffer overflow in the dissect_ospf_v3_address_prefix ...)
	{DSA-920-1}
	- ethereal 0.10.13-1.1 (bug #342911; medium)
CVE-2005-3650 (The CodeSupport.ocx ActiveX control, as used by Sony to uninstall the ...)
	NOT-FOR-US: Sony Root Kit Uninstaller
CVE-2005-3649 (jumpto.php in Moodle 1.5.2 allows remote attackers to redirect users ...)
	NOTE: only exploitable in certian configurations (non-default)
	NOTE: warning added..
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <not-affected> (Isn't explotable in sarge)
CVE-2005-3648 (Multiple SQL injection vulnerabilities in the get_record function in ...)
	- moodle 1.5.3+20060108-1 (bug #338592; low)
	[sarge] - moodle <no-dsa> (Only exploitable in strange PHP setups)
CVE-2005-3647 (Folder Guard allows local users to bypass protections by running from ...)
	NOT-FOR-US: Folder Guard
CVE-2005-3646 (Multiple SQL injection vulnerabilities in lib-sessions.inc.php in ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3645 (phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows ...)
	NOT-FOR-US: phpAdsNews
CVE-2005-3644 (PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows ...)
	NOT-FOR-US: Windows
CVE-2005-3643 (IBM DB2 Database server running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: DB2
CVE-2005-3642 (IBM Informix Dynamic Database server running on Windows XP with Simple ...)
	NOT-FOR-US: Informix
CVE-2005-3641 (Oracle Databases running on Windows XP with Simple File Sharing ...)
	NOT-FOR-US: Oracle
CVE-2005-3640 (Multiple buffer overflows in the IMAP Groupware Mail server of ...)
	NOT-FOR-US: FTGate
CVE-2005-3639 (PHP file inclusion vulnerability in the osTicket module in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-3638 (Cross-site scripting (XSS) vulnerabilities in Ekinboard 1.0.3 allow ...)
	NOT-FOR-US: Ekinboard
CVE-2005-3637
	REJECTED
CVE-2005-3636 (Cross-site scripting (XSS) vulnerability in SAP Web Application Server ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3635 (Multiple cross-site scripting (XSS) vulnerabilities in SAP Web ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3634 (frameset.htm in the BSP runtime in SAP Web Application Server (WAS) ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3633 (HTTP response splitting vulnerability in frameset.htm in SAP Web ...)
	NOT-FOR-US: SAP Web Application Server
CVE-2005-3632 (Multiple buffer overflows in pnmtopng in netpbm 10.0 and earlier allow ...)
	{DSA-904-1}
	- netpbm-free 2:10.0-10.1 (medium; bug #351639)
CVE-2005-3631 (udev does not properly set permissions on certain files in /dev/input, ...)
	- udev <not-affected> (Red Hat specific)
CVE-2005-3630 (Fedora Directory Server before 10 allows remote attackers to obtain ...)
	NOT-FOR-US: Fedora Directory Server
CVE-2005-3629 (initscripts in Red Hat Enterprise Linux 4 does not properly handle ...)
	NOTE: current sudo cleans the environment, so we are not affected
	- sysvconfig <not-affected> (sudo cleans env anyway)
CVE-2005-3628 (Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3627 (Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- kdegraphics 4:3.5.0-3
	- gpdf 2.10.0-2 (bug #342286)
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3626 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.3-2
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cupsys 1.1.22-7
	- cups 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	- tetex-bin 3.0-12
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3625 (Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- gpdf 2.10.0-2 (bug #342286)
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3624 (The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, ...)
	{DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- poppler 0.4.4-1 (bug #346076)
	- tetex-bin 3.0-12
	- gpdf 2.10.0-2 (bug #342286)
	- kdegraphics 4:3.5.0-3
	- xpdf 3.01-4
	- koffice 1:1.4.2-6 (bug #342294)
	- libextractor 0.5.9-1
	- pdfkit.framework 0.8-4
	- pdftohtml 0.36-12
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: cupsys switched to an external PDF implementation in 1.1.22-7.
	NOTE: tetex-bin switched to poppler in 3.0-12.
CVE-2005-3623 (nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Does not contain NFS ACLs)
	- linux-2.6 2.6.14-7
CVE-2005-3622 (phpMyAdmin 2.7.0-beta1 and earlier allows remote attackers to obtain ...)
	- phpmyadmin <unfixed> (unimportant)
CVE-2005-3620 (The management interface for VMware ESX Server 2.0.x before 2.0.2 ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3619 (Cross-site scripting (XSS) vulnerability in the management interface ...)
	NOT-FOR-US: VMware ESX
CVE-2005-3618 (Cross-site request forgery (CSRF) vulnerability in the management ...)
	NOT-FOR-US: VMWare ESX
CVE-2005-3617
	RESERVED
CVE-2005-3616
	RESERVED
CVE-2005-3615
	RESERVED
CVE-2005-3614
	RESERVED
CVE-2005-3613
	RESERVED
CVE-2005-3612
	RESERVED
CVE-2005-3611
	RESERVED
CVE-2005-3610
	RESERVED
CVE-2005-3609
	RESERVED
CVE-2005-3608
	RESERVED
CVE-2005-3607
	RESERVED
CVE-2005-3606
	RESERVED
CVE-2005-3605
	RESERVED
CVE-2005-3604
	RESERVED
CVE-2005-3603
	RESERVED
CVE-2005-3602
	RESERVED
CVE-2005-3601
	RESERVED
CVE-2005-3600
	RESERVED
CVE-2005-3599
	RESERVED
CVE-2005-3598
	RESERVED
CVE-2005-3597
	REJECTED
CVE-2005-3596 (SQL injection vulnerability in ASPKnowledgebase allows remote ...)
	NOT-FOR-US: ASPKnowledgebase
CVE-2005-3595 (By default Microsoft Windows XP Home Edition installs with a blank ...)
	NOT-FOR-US: Windows XP
CVE-2005-3594 (game_score.php in e107 allows remote attackers to insert high scores ...)
	NOT-FOR-US: e107
CVE-2005-3592 (index.php CuteNews 1.4.0 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CuteNews
CVE-2005-3591 (Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier ...)
	- flashplugin-nonfree 7.0.61-1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-3589 (Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote ...)
	NOT-FOR-US: FileZilla Server
CVE-2005-3588 (SQL injection vulnerability in admin.php in Advanced Guestbook 2.2 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-3587 (Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-947-1}
	- clamav 0.87.1-1 (medium)
	NOTE: sarge is affected (not in oldstable)
CVE-2005-3586 (content.php in Mambo 4.5.2 through 4.5.2.3 allows remote attackers to ...)
	NOT-FOR-US: Mambo
CVE-2005-3585 (SQL injection vulnerability in forum.php in PhpWebThings 1.4.4 allows ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3584 (Cross-site scripting (XSS) vulnerability in forum.php in PhpWebThings ...)
	NOT-FOR-US: PhpWebThings
CVE-2005-3583 ((1) Java Runtime Environment (JRE) and (2) Software Development Kit ...)
	NOT-FOR-US: Sun Java
CVE-2005-3582 (ImageMagick before 6.2.4.2-r1 allows local users in the portage group ...)
	- imagemagick <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3581 (GDAL before 1.3.0-r1 allows local users in the portage group to ...)
	- gdal <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3580 (QDBM before 1.8.33-r2 allows local users in the portage group to ...)
	- qdbm <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3579 (ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3578 (SQL injection vulnerability in ts.exe (aka ts.cgi) in Walla TeleSite ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3577 (Cross-site scripting vulnerability (XSS) in ts.exe (aka ts.cgi) in ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3576 (ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Walla TeleSite
CVE-2005-3575 (SQL injection vulnerability in show.php in Cyphor 0.19 and earlier ...)
	NOT-FOR-US: Cyphor
CVE-2005-3574 (PHP file inclusion vulnerability in index.php of iCMS allows remote ...)
	NOT-FOR-US: iCMS
CVE-2005-3573 (Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character ...)
	{DSA-955-1}
	- mailman 2.1.5-10 (bug #327732; bug #339095; medium)
CVE-2005-3572 (SQL injection vulnerability in index.php in Peel 2.6 through 2.7 ...)
	NOT-FOR-US: Peel
CVE-2005-3571 (PHP file inclusion vulnerability in protection.php in CodeGrrl (a) ...)
	NOT-FOR-US: protection.php from several crappy web apps not in Debian
CVE-2005-3570 (Unspecified cross-site scripting (XSS) vulnerability in Horde before ...)
	{DSA-914-1}
	- horde2 2.2.9-1 (bug #338983)
CVE-2005-3569 (INSO service in IBM DB2 Content Manager before 8.2 Fix Pack 10 on AIX ...)
	NOT-FOR-US: DB2
CVE-2005-3568 (db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 ...)
	NOT-FOR-US: DB2
CVE-2005-3567 (slapd daemon in IBM Tivoli Directory Server (ITDS) 5.2.0 and 6.0.0 ...)
	NOT-FOR-US: Tivoli
CVE-2005-3566 (Buffer overflow in various ha commands of VERITAS Cluster Server for ...)
	NOT-FOR-US: VERITAS Cluster Server
CVE-2005-3565 (Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and ...)
	NOT-FOR-US: HP-UX
CVE-2005-3564 (envd daemon in HP-UX B.11.00 through B.11.11 allows local users to ...)
	NOT-FOR-US: HP-UX
CVE-2005-3563
	REJECTED
CVE-2005-3562
	REJECTED
CVE-2005-3561
	REJECTED
CVE-2005-3560 (Zone Labs (1) ZoneAlarm Pro 6.0, (2) ZoneAlarm Internet Security Suite ...)
	NOT-FOR-US: Zone Labs
CVE-2005-3559 (Directory traversal vulnerability in vmail.cgi in Asterisk 1.0.9 ...)
	{DSA-1048-1}
	- asterisk 1:1.2.7.1.dfsg-2 (bug #338116; medium)
CVE-2005-3558 (PHP file inclusion vulnerability in index.php in OSTE 1.0 allows ...)
	NOT-FOR-US: OSTE
CVE-2005-3557 (Directory traversal vulnerability in admin/defaults.php in PHPlist ...)
	NOT-FOR-US: PHPList
CVE-2005-3556 (Multiple cross-site scripting (XSS) vulnerabilities in PHPlist 2.10.1 ...)
	NOT-FOR-US: PHPList
CVE-2005-3555 (Multiple SQL injection vulnerabilities in PHPlist 2.10.1 and earlier ...)
	NOT-FOR-US: PHPList
CVE-2005-3554 (Multiple eval injection vulnerabilities in the help function in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3553 (Multiple SQL injection vulnerabilities in include.php in PHPKIT 1.6.1 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3552 (Multiple cross-site scripting (XSS) vulnerabilities in PHPKIT 1.6.1 R2 ...)
	NOT-FOR-US: PHPKIT
CVE-2005-3551 (toendaCMS before 0.6.2 stores user account and session data in the web ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3550 (Directory traversal vulnerability in admin.php in toendaCMS before ...)
	NOT-FOR-US: toendaCMS
CVE-2005-3549 (Direct code injection vulnerability in Task Manager in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3548 (Directory traversal vulnerability in Task Manager in Invision Power ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3547 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-3546 (suid.cgi scripts in F-Secure (1) Internet Gatekeeper for Linux before ...)
	NOT-FOR-US: F-Secure Internet Gatekeeper and Antivirus Gateway
CVE-2005-3545 (SQL injection vulnerability in index.php of the report module in ...)
	NOT-FOR-US: ibProArcade
CVE-2005-3544 (Cross-site scripting (XSS) vulnerability in u2u.php in XMB 1.9.3 ...)
	NOT-FOR-US: XMB
CVE-2005-3543 (SQL injection vulnerability in search.php in Phorum 5.0.0alpha through ...)
	NOT-FOR-US: Phorum
CVE-2005-3542
	REJECTED
CVE-2005-3541
	RESERVED
CVE-2005-3540 (Buffer overflow in petris before 1.0.1 allows remote attackers to ...)
	{DSA-929-1}
	- petris 1.0.1-5
CVE-2005-3539 (Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier ...)
	{DSA-933-1}
	- hylafax 2:4.2.4-2 (bug #347298)
	NOTE: First patch had regressions
CVE-2005-3538 (hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts ...)
	- hylafax 2:4.2.4-1
	[sarge] - hylafax <not-affected> (Affected only 4.2.3)
	[woody] - hylafax <not-affected> (Affected only 4.2.3)
CVE-2005-3537 (A &quot;missing request validation&quot; error in phpBB 2 before 2.0.18 allows ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3536 (SQL injection vulnerability in phpBB 2 before 2.0.18 allows remote ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; medium)
CVE-2005-3535 (Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary ...)
	{DSA-926-1}
	- ketm 0.0.6-17sarge1 (low)
CVE-2005-3534 (Buffer overflow in the Network Block Device (nbd) server 2.7.5 and ...)
	{DSA-924-1}
	- nbd 1:2.8.3-1
CVE-2005-3533 (Buffer overflow in OSH before 1.7-15 allows local users to execute ...)
	{DSA-918-1}
	- osh 1.7-15
CVE-2005-3532 (authpam.c in courier-authdaemon for Courier Mail Server 0.37.3 through ...)
	{DSA-917-1}
	- courier 0.47-12 (bug #211920; medium)
CVE-2005-3531 (fusermount in FUSE before 2.4.1, if installed setuid root, allows ...)
	{DTSA-27-1}
	- fuse 2.4.1-0.1 (bug #340398; low)
	[sarge] - fuse <no-dsa> (Minor local DoS)
CVE-2005-3530 (Cross-site scripting (XSS) vulnerability in Antville 1.1 allows remote ...)
	NOT-FOR-US: Antville
CVE-2005-3529 (tiki-view_forum_thread.php in TikiWiki 1.9.0 through 1.9.2 allows ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3528 (Cross-site scripting (XSS) vulnerability in tiki-view_forum_thread.php ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3527 (Race condition in do_coredump in signal.c in Linux kernel 2.6 allows ...)
	- linux-2.6 2.6.14-1 (low)
	- kernel-source-2.4.27 <not-affected> (Vulnerable code was introduced later)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was introduced later)
	NOTE: http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-3527?op=file&rev=0&sc=0
CVE-2005-3526 (Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-3525 (Stack-based buffer overflow in an ActiveX control for the installer ...)
	NOT-FOR-US: Adobe
CVE-2005-3522 (Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine ...)
	NOT-FOR-US: ManageEngine NetflowAnalyzer
CVE-2005-3521 (SQL injection vulnerability in resetcore.php in e107 0.617 through ...)
	NOT-FOR-US: e107
CVE-2005-3520 (Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 ...)
	NOT-FOR-US: MySource
CVE-2005-3519 (Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow ...)
	NOT-FOR-US: MySource
CVE-2005-3518 (SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 ...)
	NOT-FOR-US: PunBB
CVE-2005-3517 (Chipmunk Scripts Guestbook allows remote attackers to obtain the ...)
	NOT-FOR-US: Chipmunk Scripts Guestbook
CVE-2005-3516 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Directory
CVE-2005-3515 (Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk ...)
	NOT-FOR-US: Chipmunk Topsites
CVE-2005-3514 (Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum ...)
	NOT-FOR-US: Chipmunk Forum
CVE-2005-3513 (index.php in VUBB alpha rc1 allows remote attackers to obtain the ...)
	NOT-FOR-US: VUBB
CVE-2005-3512 (Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha ...)
	NOT-FOR-US: VUBB
CVE-2005-3511 (Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS ...)
	NOT-FOR-US: Spymac Web OS
CVE-2005-3510 (Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a ...)
	- tomcat5 <not-affected> (Debian's 5.0 version is not vulnerable)
CVE-2005-3509 (Multiple SQL injection vulnerabilities in JPortal allow remote ...)
	NOT-FOR-US: JPortal
CVE-2005-3508 (SQL injection vulnerability in showGallery.php in Gallery (Galerie) ...)
	NOT-FOR-US: Tonio gallery (not the one in the gallery debian package)
CVE-2005-3507 (Directory traversal vulnerability in CuteNews 1.4.1 allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2005-3506 (Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server ...)
	NOT-FOR-US: Sambar
CVE-2005-3505 (Cross-site scripting (XSS) vulnerability in the Entropy Chat script in ...)
	NOT-FOR-US: Entropy Chat Script
CVE-2005-3504 (Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is ...)
	NOT-FOR-US: AIX
CVE-2005-3503 (chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other ...)
	NOT-FOR-US: SuSE fork of passwd
CVE-2005-3502 (attachment_send.php in Cerberus Helpdesk allows remote attackers to ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-3499 (Frisk F-Prot Antivirus allows remote attackers to bypass protection ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3498 (IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before ...)
	NOT-FOR-US: WebSphere
CVE-2005-3497 (** DISPUTED ** ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3496 (Cross-site scripting (XSS) vulnerability in PHP Handicapper allows ...)
	NOT-FOR-US: PHP Handicapper
CVE-2005-3495 (Ar-blog 5.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3494 (Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier ...)
	NOT-FOR-US: Ar-blog
CVE-2005-3493 (Battle Carry .005 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Battle Carry
CVE-2005-3492 (FlatFrag 0.3 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3491 (Multiple buffer overflows in the receiver function in loop.c in ...)
	NOT-FOR-US: FlatFrag
CVE-2005-3490 (Directory traversal vulnerability in the web server in Asus Video ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3489 (Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using ...)
	NOT-FOR-US: Asus Video Security
CVE-2005-3488 (Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3487 (Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3486 (Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and ...)
	- scorched3d 39.1+cvs20050929-2 (bug #337403; medium)
CVE-2005-3485 (Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote ...)
	NOT-FOR-US: Glider Collect'n kill
CVE-2005-3484 (Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier ...)
	NOT-FOR-US: NeroNET
CVE-2005-3483 (Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows ...)
	NOT-FOR-US: GO-Global
CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software ...)
	NOT-FOR-US: Proprietary Java
CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...)
	NOT-FOR-US: Kazaa
CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: IBM Net.Data
CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: cgihtml
CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote ...)
	NOT-FOR-US: cgihtml
CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and ...)
	NOT-FOR-US: S-PLUS
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...)
	NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...)
	NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...)
	NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Pocket Internet Explorer
CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Winamp
CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Winamp
CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server ...)
	NOT-FOR-US: AN HTTP
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...)
	NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...)
	NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...)
	NOT-FOR-US: Ancient Mozilla issue
CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, ...)
	NOT-FOR-US: Longshine hardware
CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: iCal
CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and ...)
	- libhttpfetcher 1.1.0-1
CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to ...)
	NOT-FOR-US: CuteFTP
CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain ...)
	NOT-FOR-US: E-theni
CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute ...)
	NOT-FOR-US: E-theni
CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...)
	NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows ...)
	NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...)
	NOT-FOR-US: N/X 2000
CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 ...)
	NOT-FOR-US: Efficient Networks hardware issue
CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which ...)
	NOT-FOR-US: WebIntelligence
CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WebShell
CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote ...)
	NOT-FOR-US: WebShell
CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...)
	NOT-FOR-US: Mambo
CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...)
	- phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3)
CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...)
	NOT-FOR-US: Sage
CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...)
	NOT-FOR-US: Sage
CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...)
	NOT-FOR-US: MyGuestbook
CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...)
	NOT-FOR-US: WihPhoto
CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ...)
	NOT-FOR-US: Nuked-Klan
CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and ...)
	NOT-FOR-US: WWWBoard
CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in ...)
	NOT-FOR-US: Tanne
CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...)
	NOT-FOR-US: BRW WebWeaver
CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...)
	NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port
CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in ...)
	- ssldump 0.9b3
CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote ...)
	NOT-FOR-US: webresolve
CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks ...)
	NOTE: verified with rpm 4.4.1, but this can hardly affect debian at
	NOTE: all since it requires rpm be configured to trust some key,
	NOTE: which in debian requires a manual and non-documented
	NOTE: initialization of the rpm database which is not configured in
	NOTE: the package
CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...)
	NOT-FOR-US: Outlook Express
CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...)
	- webmin 1.000 (high)
CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote ...)
	NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM)
CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...)
	NOTE: freebsd misconfiguration
CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...)
	- zmailer 2.99.56-1 (high)
	NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian.
CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the ...)
	- samba 2.2.5 (high)
CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and ...)
	NOT-FOR-US: Winamp
CVE-2002-2194
	REJECTED
CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...)
	NOT-FOR-US: Mojo Mail
CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the ...)
	NOT-FOR-US: (Lotus Domino
CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext ...)
	NOT-FOR-US: ArtsCore Studios CuteCast Forum
CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software ...)
	NOT-FOR-US: ActiveXperts Software ActiveWebserver
CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2187 (Unknown &quot;file disclosure&quot; vulnerability in Macromedia JRun 3.0, 3.1, ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ...)
	NOTE: fixed in IRIX..
CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...)
	NOT-FOR-US: DigiChat
CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...)
	NOT-FOR-US: phpShare
CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 ...)
	NOT-FOR-US: MSN666
CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited ...)
	NOT-FOR-US: SonicWall
CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not ...)
	NOT-FOR-US: OpenBSD kernel
CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment ...)
	NOT-FOR-US: ClearPath MCP
CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for ...)
	NOT-FOR-US: phpWebSite
CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP ...)
	NOT-FOR-US: BEA
CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote ...)
	NOT-FOR-US: Gender MOD
CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...)
	NOT-FOR-US: phpSquidPass
CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly ...)
	NOT-FOR-US: Informed Designer, Informed Filler
CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...)
	NOT-FOR-US: acWEB
CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...)
	NOT-FOR-US: AIM
CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for ...)
	NOT-FOR-US: 123tkShop
CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 ...)
	NOT-FOR-US: FuseTalk
CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...)
	NOT-FOR-US: IMHO Webmail for Roxen
CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...)
	NOT-FOR-US: KvPoll
CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2002-2160
	REJECTED
CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the ...)
	NOT-FOR-US: Linksys hardware
CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...)
	NOT-FOR-US: zenTrack
CVE-2002-2157
	REJECTED
CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows ...)
	NOT-FOR-US: Monkey HTTP Daemon
CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...)
	NOT-FOR-US: Oracle Application Server
CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 ...)
	NOT-FOR-US: Software602
CVE-2002-2151
	REJECTED
CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than ...)
	NOTE: SYN floods etc generally filed as issues in linux specifically
	NOTE: if it is affected
CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service ...)
	NOT-FOR-US: Lucent Access Point
CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline ...)
	NOT-FOR-US: Lucent MAX Router
CVE-2002-2147
	REJECTED
CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...)
	NOT-FOR-US: BearShare
CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative ...)
	NOT-FOR-US: MySimple News
CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...)
	NOT-FOR-US: BEA
CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...)
	NOT-FOR-US: BEA
CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...)
	NOT-FOR-US: Cisco
CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not ...)
	NOT-FOR-US: Cisco
CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when ...)
	NOT-FOR-US: HP Advanced Server
CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and ...)
	NOT-FOR-US: GlobalSunTech Wireless Access Points
CVE-2002-2136
	REJECTED
CVE-2002-2135
	REJECTED
CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: PEEL
CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...)
	NOT-FOR-US: Telindus 1100 ASDL router
CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove ...)
	NOT-FOR-US: Windows
CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows ...)
	NOT-FOR-US: Perl-HTTPd
CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to ...)
	- gallery 1.3.3 (high)
CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora ...)
	NOT-FOR-US: w-Agora
CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...)
	NOT-FOR-US: w-Agora
CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...)
	NOT-FOR-US: Integrity Protection Driver (IPD)
CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...)
	NOT-FOR-US: MSIE
CVE-2000-1238 (BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-3621 (CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows ...)
	{DSA-1207-1}
	- phpmyadmin 4:2.6.4-pl4-1 (bug #339437; medium)
CVE-2005-3524 (Buffer overflow in the SSL-ready version of linux-ftpd ...)
	{DSA-896-1}
	- linux-ftpd-ssl 0.17.18+0.3-5 (bug #339074; high)
CVE-2005-3807 (Memory leak in the VFS file lease handling in locks.c in Linux kernels ...)
	- linux-2.6 2.6.14-4
CVE-2005-3857 (The time_out_leases function in locks.c for Linux kernel before ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (low)
CVE-2005-XXXX [user logout in drupal has no effect]
	[sarge] - drupal <not-affected> (bug was introduced after 4.5.3)
	- drupal 4.5.5-3 (bug #336719; medium)
CVE-2005-XXXX [double free() in libungif]
	- libungif4 4.1.4-1 (bug #338542; medium)
CVE-2005-3523 (Format string vulnerability in friendsd2 in GpsDrive allows remote ...)
	{DSA-891-1}
	- gpsdrive 2.09-2sarge1 (bug #337495; medium)
CVE-2005-XXXX [Insecure temp files in note]
	- note 1.3.1-3 (bug #337492; unimportant)
	NOTE: Second issue not shipped in binary, only example, first issue not sufficiently
	NOTE: predictable for a real world attack
CVE-2005-3500 (The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3501 (The cabd_find function in cabd.c of the libmspack library (mspack) for ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (medium)
CVE-2005-3482 (Cisco 1200, 1131, and 1240 series Access Points, when operating in ...)
	NOT-FOR-US: Cisco
CVE-2005-3481 (Cisco IOS 12.0 to 12.4 might allow remote attackers to execute ...)
	NOT-FOR-US: IOS
CVE-2005-3480 (login.asp in Ringtail CaseBook 6.1.0 displays different error messages ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3479 (Cross-site scripting (XSS) vulnerability in login.asp in Ringtail ...)
	NOT-FOR-US: Ringtail CaseBook
CVE-2005-3478 (SQL injection vulnerability in index.php in PHPCafe.net Tutorials ...)
	NOT-FOR-US: PHPCafe Tutorial Manager
CVE-2005-3477 (Multiple interpretation error in the image upload handling code in ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3476 (Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and ...)
	NOT-FOR-US: OpenVMS
CVE-2005-3475 (Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Hasbani Web Server
CVE-2005-3474 (The aries.sys driver in Sony First4Internet XCP DRM software hides any ...)
	NOT-FOR-US: XCP DRM
CVE-2005-3473 (Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-3472 (Unspecified vulnerability in Sun Java System Communications Express ...)
	NOT-FOR-US: Sun Java System Communications Express
CVE-2005-3471 (Directory traversal vulnerability in the ruleset view for MailWatch ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3470 (SQL injection vulnerability in in the authenticate function in ...)
	NOT-FOR-US: MailWatch for MailScanner
CVE-2005-3469 (SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows ...)
	NOT-FOR-US: News2Net
CVE-2005-3468 (Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: F-Secure
CVE-2005-3467 (Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2005-3466 (Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to ...)
	NOT-FOR-US: Oracle
CVE-2005-3465 (Unspecified vulnerability in JDEdwards HTML Server in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2005-3464 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3463 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3462 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3461 (Unspecified vulnerability in PeopleTools in Oracle PeopleSoft ...)
	NOT-FOR-US: Oracle
CVE-2005-3460 (Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager ...)
	NOT-FOR-US: Oracle
CVE-2005-3459 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3458 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3457 (Unspecified vulnerability in Oracle E-Business Suite and Applications ...)
	NOT-FOR-US: Oracle
CVE-2005-3456 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2005-3455 (Multiple unspecified vulnerabilities in Oracle E-Business Suite and ...)
	NOT-FOR-US: Oracle
CVE-2005-3454 (Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g ...)
	NOT-FOR-US: Oracle
CVE-2005-3453 (Multiple unspecified vulnerabilities in Web Cache in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2005-3452 (Unspecified vulnerability in Web Cache in Oracle Application Server ...)
	NOT-FOR-US: Oracle
CVE-2005-3451 (Unspecified vulnerability in SQL*ReportWriter in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3450 (Unspecified vulnerability in the HTTP Server in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3449 (Multiple unspecified vulnerabilities in Oracle Application Server 9.0 ...)
	NOT-FOR-US: Oracle
CVE-2005-3448 (Unspecified vulnerability in the OC4J Module in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2005-3447 (Unspecified vulnerability in Single Sign-On in Oracle Database Server ...)
	NOT-FOR-US: Oracle
CVE-2005-3446 (Unspecified vulnerability in Internet Directory in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3445 (Multiple unspecified vulnerabilities in HTTP Server in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3444 (Multiple unspecified vulnerabilities in the Programmatic Interface in ...)
	NOT-FOR-US: Oracle
CVE-2005-3443 (Unspecified vulnerability in the Spatial component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3442 (Multiple unspecified vulnerabilities in Oracle Database Server 8i up ...)
	NOT-FOR-US: Oracle
CVE-2005-3441 (Unspecified vulnerability in Intelligent Agent in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3440 (Unspecified vulnerability in Database Scheduler in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3439 (Multiple unspecified vulnerabilities in Oracle Database Server 10g up ...)
	NOT-FOR-US: Oracle
CVE-2005-3438 (Multiple unspecified vulnerabilities in Oracle Database Server 9i up ...)
	NOT-FOR-US: Oracle
CVE-2005-3437 (Unspecified vulnerability in the PL/SQL component in Oracle Database ...)
	NOT-FOR-US: Oracle
CVE-2005-3436 (Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows ...)
	NOT-FOR-US: Nuked-Klan
CVE-2005-3435 (admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3434 (Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) ...)
	NOT-FOR-US: Archilles Newsworld
CVE-2005-3433 (Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers ...)
	NOT-FOR-US: Mirabilis ICQ
CVE-2005-3432 (MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password ...)
	NOT-FOR-US: MiniGal2
CVE-2005-3431 (Absolute path traversal vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3430 (Incomplete blacklist vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3429 (Rockliffe MailSite Express before 6.1.22, with the option to save ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3428 (Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express ...)
	NOT-FOR-US: MailSite Express
CVE-2005-3427 (The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit ...)
	NOT-FOR-US: IPS Sensors
CVE-2005-3426 (Cisco CSS 11500 Content Services Switch (CSS) with SSL termination ...)
	NOT-FOR-US: Cisco
CVE-2005-3425 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1
CVE-2005-3424 (Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 ...)
	{DSA-877-1}
	- gnump3d 2.9.5-1 (low)
CVE-2005-3423 (Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow ...)
	NOT-FOR-US: Subdreamer
CVE-2005-3422 (Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast ...)
	NOT-FOR-US: ASP Fast Forum
CVE-2005-3421 (estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote ...)
	NOT-FOR-US: Hyper Estraier
CVE-2005-3420 (usercp_register.php in phpBB 2.0.17 allows remote attackers to modify ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
	NOTE: http://www.hardened-php.net/advisory_172005.75.html
	NOTE: http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
	NOTE: Remote code execution may be possible, especially in conjunction
	NOTE: with PHP bugs.
CVE-2005-3419 (SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3418 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3417 (phpBB 2.0.17 and earlier, when the register_long_arrays directive is ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3416 (phpBB 2.0.17 and earlier, when register_globals is enabled and the ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3415 (phpBB 2.0.17 and earlier allows remote attackers to bypass protection ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #336582; bug #336587)
CVE-2005-3414 (eyeOS 0.8.4 stores usrinfo.xml under the web document root with ...)
	NOT-FOR-US: eyeOS
CVE-2005-3413 (Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 ...)
	NOT-FOR-US: eyeOS
CVE-2005-3412 (Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows ...)
	NOT-FOR-US: Elite Forum
CVE-2005-3411 (Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums ...)
	NOT-FOR-US: Snitz Forums
CVE-2005-3410
	RESERVED
CVE-2005-3409 (OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #337334; low)
CVE-2005-3408 (SQL injection vulnerability in news.php in gCards version 1.43 allows ...)
	NOT-FOR-US: gCards
CVE-2005-3407 (SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote ...)
	NOT-FOR-US: phpESP
CVE-2005-3406 (Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier ...)
	NOT-FOR-US: phpESP
CVE-2005-3405 (ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute ...)
	NOT-FOR-US: ATutor
CVE-2005-3404 (Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through ...)
	NOT-FOR-US: ATutor
CVE-2005-3403 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 ...)
	NOT-FOR-US: ATutor
CVE-2005-3402 (The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly ...)
	NOTE: That's a non-issue; only a feature request for an improvement in a corner case.
	NOTE: If someone wants to use security-sensitive communication a TLS-secured server
	NOTE: should be used.
CVE-2005-3401 (Multiple interpretation error in TheHacker 5.8.4.128 allows remote ...)
	NOT-FOR-US: TheHacker
CVE-2005-3400 (Multiple interpretation error in Fortinet 2.48.0.0 allows remote ...)
	NOT-FOR-US: Fortinet
CVE-2005-3399 (Multiple interpretation error in CAT-QuickHeal 8.0 allows remote ...)
	NOT-FOR-US: CAT-QuickHeal
CVE-2005-3398 (The default configuration of the web server for the Solaris Management ...)
	NOT-FOR-US: Solaris Management Console
CVE-2005-3397 (Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows ...)
	NOT-FOR-US: Comersus BackOffice
CVE-2005-3396 (Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, ...)
	NOT-FOR-US: AIX
CVE-2005-3395 (SQL injection vulnerability in Invision Gallery 2.0.3 allows remote ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-3394 (Multiple SQL injection vulnerabilities in forum.php in oaboard forum ...)
	NOT-FOR-US: oaboard
CVE-2005-3393 (Format string vulnerability in the foreign_option function in ...)
	{DSA-885-1}
	- openvpn 2.0.5-1 (bug #336751; medium)
CVE-2005-3392 (Unspecified vulnerability in PHP before 4.4.1, when using the virtual ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354681; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: According to CVE, this is a safe mode violation,
	NOTE: therefore low impact. (According to SuSE, it's an
	NOTE: information leak.)
CVE-2005-3391 (Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354678; low)
	[sarge] - php4 <no-dsa> (Safe mode violations not supported)
	- php5 5.1.1-1 (bug #336654; low)
	NOTE: This is a safe mode violation, therefore low impact.
CVE-2005-3390 (The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354680; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (Operation with register_globals not supported)
	NOTE: http://www.hardened-php.net/advisory_202005.79.html
	NOTE: http://www.hardened-php.net/globals-problem
CVE-2005-3389 (The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, ...)
	- php4 4:4.4.2-1 (bug #336645; bug #354690; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (application's job to sanitize input)
	NOTE: http://www.hardened-php.net/advisory_192005.78.html
CVE-2005-3388 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
	{CVE-2002-1954}
	- php4 4:4.4.2-1 (bug #336645; low)
	- php5 5.1.1-1 (bug #336654; low)
	[sarge] - php4 <no-dsa> (not worth an update)
	NOTE: http://www.hardened-php.net/advisory_182005.77.html
	NOTE: fixed in CVS, estimated release of PHP5.1 to fix this issue
CVE-2005-3387 (The startup script in packages/RedHat/ntop.init in ntop before 3.2, ...)
	- ntop <not-affected> (Red Hat specific packaging flaw)
CVE-2005-3386 (SQL injection vulnerability in Techno Dreams Web Directory script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3385 (SQL injection vulnerability in Techno Dreams Mailing List script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3384 (SQL injection vulnerability in Techno Dreams Guest Book script allows ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3383 (SQL injection vulnerability in Techno Dreams Announcement script ...)
	NOT-FOR-US: Techno Dreams scripts
CVE-2005-3382 (Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine ...)
	NOT-FOR-US: Sophos
CVE-2005-3381 (Multiple interpretation error in Ukrainian National Antivirus (UNA) ...)
	NOT-FOR-US: Ukranian National Antivirus
CVE-2005-3380 (Multiple interpretation error in Panda Titanium 2005 4.02.01 allows ...)
	NOT-FOR-US: Panda Titanium
CVE-2005-3379 (Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 ...)
	NOT-FOR-US: Trend Micro
CVE-2005-3378 (Multiple interpretation error in Norman 5.81 with the 5.83.02 engine ...)
	NOT-FOR-US: Norman
CVE-2005-3377 (Multiple interpretation error in (1) McAfee Internet Security Suite ...)
	NOT-FOR-US: McAfee
CVE-2005-3376 (Multiple interpretation error in Kaspersky 5.0.372 allows remote ...)
	NOT-FOR-US: Kaspersky
CVE-2005-3375 (Multiple interpretation error in Ikarus demo version allows remote ...)
	NOT-FOR-US: Ikarus
CVE-2005-3374 (Multiple interpretation error in F-Prot 3.16c allows remote attackers ...)
	NOT-FOR-US: F-Prot
CVE-2005-3373 (Multiple interpretation error in Dr.Web 4.32b allows remote attackers ...)
	NOT-FOR-US: Dr. Web
CVE-2005-3372 (Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 ...)
	NOT-FOR-US: eTrust
CVE-2005-3371 (Multiple interpretation error in AVG 7 7.0.323 allows remote attackers ...)
	NOT-FOR-US: AVG
CVE-2005-3370 (Multiple interpretation error in ArcaVir 2005 package 2005-06-21 ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3369 (Multiple SQL injection vulnerabilities in the Info-DB module ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-3368 (Cross-site scripting (XSS) vulnerability in the Search_Enhanced module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3367 (Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog ...)
	NOT-FOR-US: SparkleBlog
CVE-2005-3366 (PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 ...)
	NOT-FOR-US: PHP iCalendar
CVE-2005-3365 (Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-3364 (Multiple SQL injection vulnerabilities in DboardGear allow remote ...)
	NOT-FOR-US: DboardGear
CVE-2005-3363 (SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 ...)
	NOT-FOR-US: saphp Lesson
CVE-2005-3362
	REJECTED
CVE-2005-3361 (Cross-site scripting (XSS) vulnerability in forum/index.php in ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3360 (The installation of Trend Micro PC-Cillin Internet Security 2005 12.00 ...)
	NOT-FOR-US: Trend Micro PC-Cillin Internet Security 2005
CVE-2005-3359 (The atm module in Linux kernel 2.6 before 2.6.14 allows local users to ...)
	{DSA-1103}
	- linux-2.6 2.6.14
CVE-2005-3358 (Linux kernel before 2.6.15 allows local users to cause a denial of ...)
	{DSA-1017-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3357 (mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost ...)
	- apache2 2.0.55-4 (bug #351246; low)
	[sarge] - apache2 2.0.54-5sarge2
CVE-2005-3356 (The mq_open system call in Linux kernel 2.6.9, in certain situations, ...)
	{DSA-1017-1}
	- linux-2.6 2.6.15-4
CVE-2005-3355 (Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3354 (Stack-based buffer overflow in the ldif_get_line function in ldif.c of ...)
	{DSA-908-1 DSA-906-1}
	- sylpheed 2.0.4-1 (bug #338434; medium)
	- sylpheed-gtk1 1.0.6-1 (medium)
	- sylpheed-claws 1.0.5-2 (bug #338436; medium)
	- sylpheed-claws-gtk2 1.9.100-1 (bug #339529; medium)
CVE-2005-3353 (The exif_read_data function in the Exif module in PHP before 4.4.1 ...)
	{DSA-1206-1}
	- php4 4:4.4.2-1 (bug #339577; medium)
	- php5 5.1.1-1 (bug #336654; medium)
CVE-2005-3352 (Cross-site scripting (XSS) vulnerability in the mod_imap module of ...)
	{DSA-1167-1}
	- apache 1.3.34-2 (bug #343466; low)
	- apache2 2.0.55-4 (bug #343467; bug #349793; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: Version(s): prior to 1.3.35-dev, 2.0.56-dev are affected
	NOTE: Means oldstable and stable are affected
CVE-2005-3351 (SpamAssassin 3.0.4 allows attackers to bypass spam detection via an ...)
	- spamassassin 3.1.0a-1 (bug #339526; low)
	[sarge] - spamassassin <no-dsa> (DoS affects only a single message)
	[woody] - spamassassin <no-dsa> (DoS affects only a single message)
CVE-2005-3350 (libungif library before 4.1.0 allows attackers to corrupt memory and ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; high)
	- giflib 4.1.4-1 (bug #395382)
CVE-2005-3349 (GNU Gnump3d before 2.9.8 allows local users to modify or delete ...)
	{DSA-901-1}
	- gnump3d 2.9.8-1
CVE-2005-3348 (HTTP response splitting vulnerability in index.php in phpSysInfo 2.4 ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3347 (Multiple directory traversal vulnerabilities in index.php in ...)
	{DSA-899-1 DSA-898-1 DSA-897-1}
	- phpsysinfo 2.3-7 (bug #339079)
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-3346 (Buffer overflow in the environment variable substitution code in ...)
	{DSA-918-1}
	- osh 1.7-15 (bug #338312; bug #323424; bug #323482; bug #311369; medium)
CVE-2005-3345 (rssh 2.0.0 through 2.2.3 allows local users to bypass access ...)
	- rssh 2.3.0-1 (bug #344395; bug #344424)
	[sarge] - rssh 2.2.3-1.sarge.1
	NOTE: Update was introduced through s-p-u, not a DSA
CVE-2005-3344 (The default installation of Horde 3.0.4 contains an administrative ...)
	{DSA-884-1}
	- horde3 3.0.5-2 (bug #332290; bug #332289; medium)
CVE-2005-3343 (tkdiff before 4.1.1 allows local users to overwrite arbitrary files ...)
	{DSA-927-1}
	- tkdiff 1:4.0.2-2 (low)
CVE-2005-3342 (noweb 2.10c and earlier allows local users to overwrite arbitrary ...)
	{DSA-968-1}
	- noweb 2.10c-3.2 (low)
CVE-2005-3340 (The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and ...)
	{DSA-941-1}
	- tuxpaint 1:0.9.15b-1 (low)
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...)
	NOT-FOR-US: Integrity Protection Driver
CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...)
	NOT-FOR-US: nylon
CVE-2005-XXXX [ntop format string vulnerability]
	- ntop 3:4.0.3+dfsg1-1 (bug #335996; unimportant)
	NOTE: Not exploitable
CVE-2005-3341 (DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users ...)
	{DSA-928-1}
	- dhis-tools-dns 5.0-5
CVE-2005-3339 (Mantis before 0.19.3 caches the User ID longer than necessary, which ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682)
CVE-2005-3338 (Unspecified vulnerability in Mantis before 0.19.3, when using ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3337 (Multiple cross-site scripting (XSS) vulnerabilities in Mantis before ...)
	NOTE: This is a duplicate of CVE-2005-3091 (first issue) and CVE-2005-2557 (second
	NOTE: issue). This will be rejected.
CVE-2005-3336 (SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (high)
CVE-2005-3335 (PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #335938; medium)
CVE-2005-3334 (Cross-site scripting (XSS) vulnerability in index.php in Flyspray ...)
	{DSA-953-1}
	- flyspray 0.9.8-4 (bug #335997; low)
	NOTE: Sarge is confirmed vulnerable
CVE-2005-3333 (SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to ...)
	NOT-FOR-US: eBASEweb
CVE-2005-3332 (PHP remote file include vulnerability in admin/define.inc.php in ...)
	NOT-FOR-US: Belchior Foundry vCard
CVE-2005-3331 (viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary ...)
	- mgdiff 1.0-28 (bug #335188; unimportant)
CVE-2005-3330 (The _httpsrequest function in Snoopy 1.2, as used in products such as ...)
	- wordpress <not-affected> (bug #335817; unimportant)
	NOTE: Upstream claims the modified Snoopy class is secure
CVE-2005-3329 (Cross-site scripting (XSS) vulnerability in RSA Authentication Agent ...)
	NOT-FOR-US: RSA Authentication Agent
CVE-2005-3328 (PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 ...)
	NOT-FOR-US: PunBB
CVE-2005-3327 (Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators ...)
	NOT-FOR-US: Data ONTAP
CVE-2005-3326 (SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-3325 (Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in ...)
	{DSA-893-1}
	- acidbase 1.2.1-1 (bug #335998; bug #336788; medium)
	NOTE: the fix from 1.2-2 did not address the problem fully
	- acidlab 0.9.6b20-13
CVE-2005-3324 (SQL injection vulnerability in chat.php in MWChat 6.8 allows remote ...)
	NOT-FOR-US: MWChat
CVE-2005-3323 (docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows ...)
	{DSA-910-1}
	- zope2.8 2.8.1-7 (bug #334055; bug #334054; high)
	- zope2.7 2.7.8-1 (bug #334055; bug #334054; high)
CVE-2005-3322 (Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote ...)
	- squid <not-affected>
	NOTE: see bug #334882 for details
CVE-2005-3321 (chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify ...)
	NOT-FOR-US: SuSE-specific tool
CVE-2005-3320 (Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager ...)
	NOT-FOR-US: SiteTurn Domain Manager
CVE-2005-3319 (The apache2handler SAPI (sapi_apache2.c) in the Apache module ...)
	- php4 4:4.4.2-1 (bug #336004; bug #354684; low)
	- php5 5.1.1-1 (bug #336005; low)
	[sarge] - php4 <not-affected>
	NOTE: can't reproduce, error may not be present in 4.3.
	NOTE: tentatively marking as not-affected in sarge.
CVE-2005-3318 (Buffer overflow in the _chm_decompress_block function in CHM lib ...)
	{DSA-886-1}
	- chmlib 0.37-1 (bug #335931; medium)
CVE-2005-3317 (Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and ...)
	NOT-FOR-US: ZipGenius
CVE-2005-3316 (The installation of ON Symantec Discovery 4.5.x and Symantec Discovery ...)
	NOT-FOR-US: Symantec Discovery
CVE-2005-3315 (Multiple SQL injection vulnerabilities in Novell ZENworks Patch ...)
	NOT-FOR-US: Novell ZENworks
CVE-2005-3314 (Stack-based buffer overflow in the IMAP daemon in Novell Netmail 3.5.2 ...)
	NOT-FOR-US: Novell Netmail
CVE-2005-3313 (The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers ...)
	[woody] - ethereal <not-affected> (Only affects version 0.10.13)
	[sarge] - ethereal <not-affected> (Only affects version 0.10.13)
	- ethereal 0.10.14-1 (medium)
CVE-2005-3312 (The HTML rendering engine in Microsoft Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-3311 (BMC Software Control-M 6.1.03 for Solaris, and possibly other ...)
	NOT-FOR-US: BMC Software Control-M
CVE-2005-3310 (Interpretation conflict in phpBB 2.0.17, with remote avatars and ...)
	{DSA-925-1}
	- phpbb2 2.0.18-1 (bug #335662; low)
CVE-2005-3309 (Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote ...)
	NOT-FOR-US: Zomplog
CVE-2005-3308 (Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 ...)
	NOT-FOR-US: Zomplog
CVE-2005-3307 (Directory traversal vulnerability in index.php for FlatNuke 2.5.6 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3306 (Cross-site scripting (XSS) vulnerability in index.php for FlatNuke ...)
	NOT-FOR-US: FlatNuke
CVE-2005-3305 (Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote ...)
	NOT-FOR-US: Nuked Klan
CVE-2005-3304 (Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3303 (The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (high)
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
	NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple ...)
	NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0 ...)
	NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive ...)
	NOT-FOR-US: NETFile Server
CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer ...)
	- gnutls11 1.0.16-8 (bug #336006; low)
	- gnutls12 <not-affected> (fixed before upload)
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the &quot;image send&quot; option by ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam ...)
	NOT-FOR-US: Webcam Watchdog
CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli ...)
	NOT-FOR-US: Tivoli
CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function ...)
	NOT-FOR-US: OpenFTPD
CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
	NOT-FOR-US: Gattaca
CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
	NOT-FOR-US: Gattaca
CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote ...)
	NOT-FOR-US: Gattaca
CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Gattaca
CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Gattaca
CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: myServer
CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote ...)
	NOT-FOR-US: myServer
CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
	NOT-FOR-US: VMWare Workstation
CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: PowerPortal
CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g ...)
	NOT-FOR-US: WIKINDX
CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Inweb Mail Server
CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to ...)
	- im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected)
CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
	NOT-FOR-US: MailEnable Professional
CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown ...)
	- ilohamail 0.8.14-0rc1
CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote ...)
	NOT-FOR-US: OpenText FirstClass
CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to ...)
	NOT-FOR-US: Opera
CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees ...)
	- dropbear 0.43-2
CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a &quot;major ...)
	NOT-FOR-US: PHP Live!
CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2005-XXXX [kernel: Signedness problems in net/core/filter]
	- linux-2.6 2.6.12-2
	[sarge] - kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected>
	NOTE: http://kernel.suse.com/cgit/kernel/commit/?h=v2.6.12.5&id=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e
CVE-2005-XXXX [Insecure temp file usage in thttpd's syslogtocern]
	- thttpd 2.23beta1-4 (low)
	[sarge] - thttpd <no-dsa> (Minor issue in addon package)
CVE-2005-3301 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335513; medium)
CVE-2005-3300 (The register_globals emulation layer in grab_globals.php for ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl3-1 (bug #335306; high)
CVE-2005-3299 (PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin ...)
	[sarge] - phpmyadmin <not-affected> (Not affected according to maintainer; #333433)
	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
CVE-2005-3298 (Multiple buffer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3297 (Multiple integer overflows in OpenWBEM on SuSE Linux 9 allow remote ...)
	NOT-FOR-US: OpenWBEM
CVE-2005-3296 (The FTP server in HP-UX 10.20, B.11.00, and B.11.11, allows remote ...)
	NOT-FOR-US: HP-UX
CVE-2005-3295 (Unspecified vulnerability in HP-UX B.11.23 on Itanium platforms allows ...)
	NOT-FOR-US: HP-UX
CVE-2005-3294 (Typsoft FTP Server 1.11, with &quot;Sub Directory Include&quot; enabled, allows ...)
	NOT-FOR-US: Typsoft FTP Server
CVE-2005-3293 (Xerver 4.17 allows remote attackers to (1) obtain source code of ...)
	NOT-FOR-US: Xerver
CVE-2005-3292 (Multiple cross-site scripting (XSS) vulnerabilities in Xeobook 0.93 ...)
	NOT-FOR-US: Xeobook
CVE-2005-3291 (Stani's Python Editor (SPE) 0.7.5 is installed with world-writable ...)
	- spe <not-affected> (Gentoo-specific packaging flaw)
CVE-2005-3290 (SQL injection vulnerability in Accelerated Mortgage Manager allows ...)
	NOT-FOR-US: Accelerated Mortgage manager
CVE-2005-3289 (LSCFG in IBM AIX 5.2 and 5.3 does not create temporary files securely, ...)
	NOT-FOR-US: AIX
CVE-2005-3288 (Mailsite Express allows remote attackers to upload and execute files ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3287 (Incomplete blacklist vulnerability in Mailsite Express allows remote ...)
	NOT-FOR-US: Mailsite Express
CVE-2005-3286 (The FWDRV driver in Kerio Personal Firewall 4.2 and Server Firewall ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2005-3285 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: Comersus Backoffice Plus
CVE-2005-3284 (Multiple buffer overflows in AhnLab V3 AntiVirus V3Pro 2004 before ...)
	NOT-FOR-US: AhnLab
CVE-2005-3283 (Cross-site scripting (XSS) vulnerability in TikiWiki before 1.9.1.1 ...)
	NOT-FOR-US: TikiWiki
CVE-2005-3282 (Splatt Forum 3.0 to 3.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Splatt Forum
CVE-2005-3281 (Directory traversal vulnerability in NukeFixes 3.1 for PHP-Nuke 7.8 ...)
	NOT-FOR-US: PHP-Nuke addon
CVE-2005-3280 (Paros 3.2.5 uses a default password for the &quot;sa&quot; account in the ...)
	NOT-FOR-US: Paros
CVE-2005-3279 (Stack-based buffer overflow in the vgasco_printf function in Jan Kybic ...)
	- bmv 1.2-18 (bug #335497; unimportant)
	NOTE: Vulnerable code not activated in binary package
CVE-2005-3278 (Integer overflow in the openpsfile function in gsinterf.c for Jan ...)
	{DSA-981-1}
	- bmv 1.2-18 (bug #335497; medium)
	NOTE: Sarge and Woody are affected (and the patch applied to fix this in unstable works on both of them, an easy DSA)
CVE-2005-3277 (The LPD service in HP-UX 10.20 11.11 (11i) and earlier allows remote ...)
	NOT-FOR-US: HP-UX
CVE-2005-XXXX [adduser's deluser creates backup files with world readable permissions]
	- adduser 3.77 (bug #331720; low)
	[sarge] - adduser <no-dsa> (Very minimal security ramifications, admin's reponsibility)
CVE-2005-XXXX [Pavuk Digest Authentication Buffer Overflow]
	- pavuk 0.9.33-1 (bug #264684; high)
	NOTE: second hole mentioned in bug report
CVE-2005-3751 (HTTP request smuggling vulnerability in Pound before 1.9.4 allows ...)
	{DSA-934-1}
	- pound 1.9.4-1 (low)
	NOTE: see http://www.apsis.ch/pound/pound_list/archive/2005/2005-10/1129827166000/index_html?fullMode=1#1129827166000
CVE-2005-3276 (The sys_get_thread_area function in process.c in Linux 2.6 before ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-2
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3275 (The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.13-1 (low)
	- kernel-source-2.4.27 2.4.27-11 (low)
CVE-2005-3274 (Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 ...)
	{DSA-922-1}
	- linux-2.6 2.6.13-1 (low)
CVE-2005-3273 (The rose_rt_ioctl function in rose_route.c for Radionet Open Source ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3272 (Linux kernel before 2.6.12 allows remote attackers to poison the ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3271 (Exec in Linux kernel 2.6 does not properly clear posix-timers in ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3270 (Untrusted search path vulnerability in DiskMountNotify for Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3269 (Stack-based buffer overflow in help.cgi in the HTTP administrative ...)
	NOT-FOR-US: Sun Java System Directory Server
CVE-2005-3268 (yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and ...)
	- yiff 2.14.2-8 (bug #334616; low)
	[sarge] - yiff <no-dsa> (Only a minor privacy leak)
CVE-2005-3267 (Integer overflow in Skype client before 1.4.x.84 on Windows, before ...)
	NOT-FOR-US: Skype
CVE-2005-3266
	REJECTED
CVE-2005-3265 (Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows ...)
	NOT-FOR-US: Skype
CVE-2005-3264 (Cross-site scripting (XSS) vulnerability in thread.php for Zeroblog ...)
	NOT-FOR-US: Zeroblog
CVE-2005-3263 (Stack-based buffer overflow in UNACEV2.DLL for RARLAB WinRAR 2.90 ...)
	NOT-FOR-US: WinRAR
CVE-2005-3262 (Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows ...)
	NOT-FOR-US: WinRAR
CVE-2005-3261 (getversions.php in versatileBulletinBoard (vBB) 1.0.0 RC2 lists the ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3260 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3259 (Multiple SQL injection vulnerabilities in versatileBulletinBoard (vBB) ...)
	NOT-FOR-US: versatileBulletinBoard
CVE-2005-3258 (The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and ...)
	- squid <not-affected> (bug #334882; medium)
	NOTE: Bug was introduced in a patch to squid-2.5.STABLE10,
	NOTE: this patch was never applied to the Debian package.
CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
	{DSA-889-1}
	- enigmail 2:0.93-1 (bug #335731; medium)
CVE-2005-3253 (Wireless Access Points (AP) for (1) Avaya AP-3 through AP-6 2.5 to ...)
	NOT-FOR-US: Avaya Wireless Access Points
CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
	- snort <not-affected> (Vulnerable code was introduced later, see bug #334606)
CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
	- gallery2 2.0.1-1 (medium)
CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2005-3249 (Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3248 (Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.1 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3247 (The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause ...)
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	[sarge] - ethereal <not-affected> (This only affects Ethereal 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3246 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.14 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3245 (Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 ...)
	- ethereal 0.10.13-1 (bug #334880; medium)
CVE-2005-3244 (The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.10.3 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3243 (Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The SLIMP3 issue affects Woody/Sarge, the AgentX issue only Sarge
CVE-2005-3242 (Ethereal 0.10.12 and earlier allows remote attackers to cause a denial ...)
	{DSA-1171}
	[woody] - ethereal <not-affected> (This only affects Ethereal 0.9.7 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3241 (Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote ...)
	{DSA-1171}
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: The ISAKMP issue only affects sid, the other three Woody and Sarge
CVE-2005-3240 (Race condition in Microsoft Internet Explorer allows user-assisted ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
	NOT-FOR-US: Solaris
CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-4 (bug #334113; medium)
CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
	NOT-FOR-US: Cyphor
CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...)
	NOT-FOR-US: Cyphor
CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...)
	NOT-FOR-US: Proland Protector Plus
CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...)
	NOT-FOR-US: Grisoft AVG Antivirus
CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...)
	NOT-FOR-US: Trustix Antivirus
CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...)
	NOT-FOR-US: TheHacker
CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...)
	NOT-FOR-US: CAT Quick Heal
CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...)
	NOT-FOR-US: Panda Antivirus
CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
	- clamav <not-affected> (predates any supported Debian release)
	NOTE: Should rather be fixed in the buggy (fringe, proprietary) RAR unpackers
CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
	NOT-FOR-US: Ikarus Antivirus
CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
	NOT-FOR-US: UNA Antivirus
CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...)
	NOT-FOR-US: ArcaVir
CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...)
	NOT-FOR-US: eTrust Antivirus
CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...)
	NOT-FOR-US: AntiVir
CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...)
	NOT-FOR-US: Rising Antivirus
CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...)
	NOT-FOR-US: VBA32 Antivirus
CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...)
	NOT-FOR-US: Fortinet Antivirus
CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...)
	NOT-FOR-US: Norman Antivirus
CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...)
	NOT-FOR-US: Avira Antivirus
CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...)
	NOT-FOR-US: Dr. Web Antivirus
CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...)
	NOT-FOR-US: Sophos Antivirus
CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...)
	NOT-FOR-US: McAfee Antivirus
CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...)
	NOT-FOR-US: Avast Antovirus
CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...)
	NOT-FOR-US: F-Prot Antivirus
CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...)
	NOT-FOR-US: NOD32 Antivirus
CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...)
	NOT-FOR-US: BitDefender Antivirus
CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...)
	NOT-FOR-US: aeNovo apps
CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...)
	NOT-FOR-US: Oracle
CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...)
	NOT-FOR-US: Oracle
CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...)
	NOT-FOR-US: Oracle
CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...)
	NOT-FOR-US: Oracle
CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...)
	NOT-FOR-US: Oracle
CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro (UNP) ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
	NOT-FOR-US: Utopia News Pro
CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
	NOT-FOR-US: aspReady
CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...)
	NOT-FOR-US: Webroot Desktop Firewall
CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...)
	NOT-FOR-US: Planet Technology switch
CVE-2005-3195
	REJECTED
CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
	NOT-FOR-US: ALZip
CVE-2005-3193 (Heap-based buffer overflow in the JPXStream::readCodestream function ...)
	{DSA-984-1 DSA-982-1 DSA-979-1 DSA-961-1 DSA-950-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1 DTSA-28-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml <not-affected> (Vulnerable xpdf code not contained)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice <not-affected> (Vulnerable xpdf code not contained)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3192 (Heap-based buffer overflow in the StreamPredictor function in Xpdf ...)
	{DSA-1019-1 DSA-983-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- poppler 0.4.3-2 (bug #342288; medium)
	NOTE: Intial poppler patch in 0.4.2-1.1 was incomplete
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cupsys 1.1.23-13 (unimportant)
	- cups 1.1.23-13 (unimportant)
	- pdfkit.framework 0.8-4
CVE-2005-3191 (Multiple heap-based buffer overflows in the (1) ...)
	{DSA-984-1 DSA-983-1 DSA-982-1 DSA-979-1 DSA-962-1 DSA-961-1 DSA-950-1 DSA-940-1 DSA-938-1 DSA-937-1 DSA-936-1 DSA-932-1 DSA-931-1}
	- xpdf 3.01-3 (bug #342281; bug #342337; medium)
	- gpdf 2.10.0-1 (bug #342286; medium)
	- pdftohtml 0.36-12 (bug #342289; medium)
	- kdegraphics 4:3.4.3-4 (bug #342287; medium)
	NOTE: Previous kdegraphics fix was incomplete
	- pdfkit.framework 0.8-4
	- poppler 0.4.2-1.1 (bug #342288; medium)
	- tetex-bin 3.0-11 (bug #342292; medium)
	- koffice 1:1.4.2-5 (bug #342294; medium)
	- libextractor 0.5.8-1 (medium)
	- cups 1.1.23-13 (unimportant)
	- cupsys 1.1.23-13 (unimportant)
CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
	NOT-FOR-US: iGateway
CVE-2005-3189 (Directory traversal vulnerability in Qualcomm WorldMail IMAP Server ...)
	NOT-FOR-US: Qualcomm WorldMail IMAP Server
CVE-2005-3188 (Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2005-3187 (The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a ...)
	NOT-FOR-US: WinProxy
CVE-2005-3186 (Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in ...)
	{DSA-913-1 DSA-911-1}
	- gtk+2.0 2.6.10-2 (bug #339431; medium)
	- gdk-pixbuf 0.22.0-11 (bug #339431; bug #339458; medium)
CVE-2005-3184 (Buffer overflow vulnerability in the unicode_to_bytes in the Service ...)
	[woody] - ethereal <not-affected> (Affects only Ethereal 0.10.10 to 0.10.12)
	- ethereal 0.10.13-1 (bug #334880; medium)
	NOTE: Sarge is vulnerable
CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...)
	- w3c-libwww 5.4.0-11 (bug #334443; low)
	[sarge] - w3c-libwww <no-dsa> (Minor DoS)
CVE-2005-3182 (Buffer overflow in the HTTP management interface for GFI MailSecurity ...)
	NOT-FOR-US: GFI MailSecurity
CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
	- xscreensaver 4.23-2 (bug #334193; low)
	[sarge] - xscreensaver <no-dsa> (Unproblematic for users running stable)
CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
	{DSA-919-2}
	- wget 1.10.2-1 (medium)
	[sarge] - wget <not-affected> (Does not contain NTML authentication code)
	[woody] - wget <not-affected> (Does not contain NTML authentication code)
	- curl 7.15.0-1 (bug #333734; medium)
CVE-2005-3239 (The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...)
	{DSA-887-1 DTSA-21-1}
	- clamav 0.87.1-1 (bug #333566; medium)
CVE-2005-3181 (The audit system in Linux kernel 2.6.6, and other versions before ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental1 (low)
	- kernel-source-2.4.27 <not-affected> (2.4 kernels don't have CONFIG_AUDITSYSCALL)
CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
	- php5 5.0.5-2 (unimportant)
	- php4 4:4.4.0-3 (unimportant)
	NOTE: Safe mode violations not supported
CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
	{DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
	- linux-2.6 2.6.13-2 (low)
	- kernel-source-2.4.27 <not-affected>
	NOTE: 2.6.12 itself not affected, fixed in SVN
CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...)
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...)
	{DSA-859-1 DSA-858-1}
	- xloadimage 4.1-15 (bug #332524; medium)
	- xli 1.17.0-20 (medium)
	NOTE: xli couldn't load the provided test images when I checked?
CVE-2005-3302 (Eval injection vulnerability in bvh_import.py in Blender 2.36 allows ...)
	{DSA-1039-1}
	- blender 2.37a-1 (bug #330895; medium)
	[woody] - blender <not-affected> (Woody's blender does not contain the bvh_import.py script)
CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...)
	NOT-FOR-US: Microsoft
CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...)
	NOT-FOR-US: Microsoft
CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...)
	NOT-FOR-US: Microsoft
CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...)
	NOT-FOR-US: Microsoft
CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
	NOT-FOR-US: Microsoft
CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...)
	NOT-FOR-US: Microsoft
CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the &quot;audit ...)
	NOT-FOR-US: Microsoft
CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
	- mediawiki 1.4.11-1 (bug #332408; medium)
CVE-2005-3166 (Unspecified vulnerability in &quot;edit submission handling&quot; for MediaWiki ...)
	- mediawiki 1.4.11-1 (bug #332408)
CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
	- mediawiki 1.4.9
CVE-2005-3164 (The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 ...)
	NOT-FOR-US: Hitachi Cosminexus Application Server
CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
	- polipo 0.9.9-1 (bug #332411; low)
	[sarge] - polipo <no-dsa> (Minor issue)
CVE-2005-3162
	REJECTED
CVE-2005-3161 (Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...)
	NOT-FOR-US: EasyGuppy
CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
	NOT-FOR-US: MailEnable Enterprise
CVE-2005-3154 (Format string vulnerability in the logging functionality in ...)
	NOT-FOR-US: Bitdefender Antivirus
CVE-2005-3153 (login.php in myBloggie 2.1.3 beta and earlier allows remote attackers ...)
	NOT-FOR-US: MyBloggie
CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
	NOT-FOR-US: CubeCart
CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
	- blender <unfixed> (bug #332413; unimportant)
	NOTE: To exploit this an attacker would need to trick a user into opening a file
	NOTE: with a very suspicious file, no automatic processing of Blender files
	NOTE: This might even be fixed in 2.42
CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
	{DSA-855-1}
	- weex 2.6.1-6sarge1 (bug #332424; medium)
CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
	{DSA-895-1 DTSA-22-1}
	- uim 1:0.4.7-2 (bug #331620; medium)
CVE-2005-3148 (StoreBackup before 1.19 does not properly set the uid and guid for ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434)
CVE-2005-3147 (StoreBackup before 1.19 creates the backup root with world-readable ...)
	{DSA-1022-1}
	- storebackup 1.19-1 (bug #332434; medium)
CVE-2005-3146 (StoreBackup before 1.19 allows local users to perform unauthorized ...)
	{DSA-1022-1}
	- storebackup 1.19-2 (bug #332434; medium)
	NOTE: The upstream fix only mitigated the issue, but didn't fix it
CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
	NOT-FOR-US: Standard Based Linux Instrumentation
CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...)
	NOT-FOR-US: Mailbox Server for 4D WebStar
CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...)
	NOT-FOR-US: Kaspersky Antivirus
CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
	NOT-FOR-US: Procom NetFORCE
CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
	NOT-FOR-US: Virtools Web Player
CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...)
	NOT-FOR-US: Citrix
CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...)
	NOT-FOR-US: MERAK Mail Server
CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...)
	- serendipity 1.0-1
CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...)
	NOT-FOR-US: Address Add Plugin for Squirrelmail
CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
	NOT-FOR-US: lucidCMS
CVE-2005-3126 (The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) ...)
	{DSA-945-1}
	- antiword 0.35-2 (low)
CVE-2005-3125
	REJECTED
CVE-2005-3124 (syslogtocern in Acme thttpd before 2.23 allows local users to write ...)
	{DSA-883-1}
	- thttpd 2.23beta1-4
CVE-2005-3123 (Directory traversal vulnerability in GNUMP3D before 2.9.6 allows ...)
	{DSA-877-1}
	- gnump3d 2.9.6-1 (medium)
CVE-2005-3122
	REJECTED
CVE-2005-3121 (A rule file in module-assistant before 0.9.10 causes a temporary file ...)
	{DSA-867-1}
	- module-assistant 0.9.10
CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
	{DSA-1085-1 DSA-876-1 DSA-874-1}
	- lynx 2.8.5-2sarge1 (bug #335033; high)
	- lynx-cur 2.8.6-16 (bug #334423; high)
	- lynx-ssl <removed>
CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...)
	{DSA-845-1}
	- mason 1.0.0-3
CVE-2005-3117
	REJECTED
CVE-2005-3116 (Stack-based buffer overflow in a shared library as used by the Volume ...)
	NOT-FOR-US: VERITAS Backup
CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
	NOT-FOR-US: mpeg-tools
CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-3112 (The &quot;reset password&quot; feature in Macromedia Breeze 5.0 stores passwords ...)
	NOT-FOR-US: Macromedia Breeze
CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.12)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
	{DSA-922-1}
	- kernel-source-2.4.27 <unfixed> (bug #332569; unimportant)
	NOTE: Montecito CPUs are not available on the market yet
	- linux-2.6 2.6.12-1
CVE-2005-XXXX [Minor local DoS as libldap]
	- openldap 2.4.13 (bug #253838; low)
	- openldap2.3 <removed>
	[lenny] - openldap <no-dsa> (Minor issue)
	[etch] - openldap2.3 <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
	- mpack 1.6-1 (bug #216566)
CVE-2005-XXXX [coreutils ignores umask when using -m in mkdir, mkfifo and mknod]
	- coreutils 5.93-1 (bug #306076; low)
	[sarge] - coreutils <no-dsa> (Minor issue, hardly exploitable)
	[woody] - coreutils <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-XXXX [tar's rmt command may have undesired side effects]
	- tar <unfixed> (bug #290435; unimportant)
	[sarge] - tar <no-dsa> (Hardly exploitable)
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
	- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
	- libnss-ldap 199-1 (bug #169793)
CVE-2005-3752 (Unspecified vulnerability in ldapdiff before 1.1.1 has unknown impact ...)
	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
	- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
	- barrendero 1.1-1 (bug #279163)
CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
	- hdup 2.0.14-2 (bug #302790; low)
	NOTE: Minor issue, workaround and patch documented since version above
	[sarge] - hdup <no-dsa> (Mostly a design limitation, very limited security implications)
CVE-2001-XXXX [crypt++ passes passwords through the command line]
	- crypt++el 2.91-2.1 (bug #105562; low)
CVE-2004-XXXX [Two vulnerabilities in sredird]
	- sredird 2.2.1-1.1 (bug #267098)
CVE-2003-XXXX [fuzz: Insecure temp file usage]
	- fuzz 0.6-7.1 (bug #183047)
CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
	- findutils 4.2.22-1 (bug #313081)
	[woody] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
	[sarge] - findutils <not-affected> (Only code between 4.2.18 and 4.2.22 affected)
CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.18 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.19 is affected)
	- bugzilla 2.18.4-1 (bug #331206; medium)
CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...)
	{DSA-847-1}
	- dia 0.94.0-15 (bug #330890; medium)
CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
CVE-2002-XXXX [sanitizer bypassal through quoted file names]
	- sanitizer 1.76-1 (bug #149799; medium)
	[sarge] - sanitizer <not-affected> (Sarge version already fixed)
	NOTE: This was fixed earlier in fact, but it's unknown when
CVE-2005-XXXX [Heap overflow in libosip URI parsing]
	- libosip2 2.0.9-1 (bug #308737)
CVE-2005-XXXX [rkhunter: Insecure temporary file]
	- rkhunter 1.2.7-14 (bug #330627; medium)
CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
	NOT-FOR-US: Movable Type
CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
	NOT-FOR-US: Movable Type
CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
	NOT-FOR-US: Movable Type
CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
	NOT-FOR-US: Movable Type
CVE-2005-3100 (Unspecified &quot;PPTP Remote DoS Vulnerability&quot; in Astaro Security Linux ...)
	NOT-FOR-US: Astato Security Linux
CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
	NOT-FOR-US: Solaris
CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
	- qpopper <not-affected> (bug #330123; Vulnerable code not shipped in binary)
CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
	NOT-FOR-US: Avi Alkalay
CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
	NOT-FOR-US: Nokia cell phones
CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
	NOT-FOR-US: Image-Line Software FL Studio
CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
	{DSA-905-1}
	- mantis 0.19.3-0.1 (bug #330682; low)
CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
	- mantis 0.19.2-4 (bug #330682; medium)
CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
	- mozilla-firefox 1.0.7-1 (unimportant)
	NOTE: Browser crashes not treated as security problems
CVE-2005-3088 (fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 ...)
	{DSA-900-3}
	- fetchmail 6.2.5.4-1 (bug #336096; low)
CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...)
	{DSA-827-1}
	- backupninja 0.8-2 (medium)
CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
	- microcode.ctl 0.20080131-1 (bug #282583; unimportant)
	NOTE: The validity of the microcode is ensure inside the CPU
CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
	- gnupg 1.0.7-1 (bug #107374)
CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
	NOT-FOR-US: SecureW2 TLS
CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
	NOT-FOR-US: contentSrv
CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...)
	NOT-FOR-US: Riverdark Studios RSS Syndicator
CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...)
	NOT-FOR-US: Sony PSP
CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...)
	NOT-FOR-US: SEO-Board
CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...)
	{DSA-1006-1}
	- wzdftpd 0.5.5-1 (high)
CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
	NOT-FOR-US: GeSHi
CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform &quot;code inclusion&quot; ...)
	NOT-FOR-US: PunBB
CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...)
	NOT-FOR-US: Simplog
CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...)
	NOT-FOR-US: Zengaia
CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...)
	NOT-FOR-US: RSyslog
CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
	- interchange 5.2.1-1 (bug #329705)
CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...)
	- interchange 5.2.1-1 (bug #329705; medium)
CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
	NOT-FOR-US: Solaris
CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...)
	- hylafax 1:4.2.2+rc1 (bug #329384; unimportant)
	NOTE: This was judged non-exploitable
CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
	{DSA-865-1}
	- hylafax 1:4.2.2+rc1 (bug #329384; low)
CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...)
	{DSA-869-1}
	- eric 3.7.2-1 (bug #330608; medium)
CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
	NOT-FOR-US: PerlDiver
CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers to ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
	NOT-FOR-US: MultiTheftAuto
CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
	NOT-FOR-US: MailGust
CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
	NOT-FOR-US: AlstraSoft E-Friends
CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
	NOT-FOR-US: PowerArchiver
CVE-2003-XXXX [Insecure temp files in lilo]
	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
	- distcc 2.18.3-3 (bug #298929; low)
	[sarge] - distcc <no-dsa> (Only affects distcc in a very non-standard way not recommended for unstrusted environments)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
	- phpwiki 1.3.12p2-1 (bug #282565; medium)
CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
	- gnumach 1:20050801-3 (bug #46709)
	NOTE: Nearly six years old :-)
CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
	NOT-FOR-US: AIX
CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
	NOT-FOR-US: Opera
CVE-2005-3058 (Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS ...)
	NOT-FOR-US: FortiGate
CVE-2005-3057 (The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, ...)
	NOT-FOR-US: FortiGate
CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
	RESERVED
	- twiki 20040902-2 (bug #330733; high)
CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
	{DSA-1017-1}
	- linux-2.6 2.6.14-1 (bug #330287; bug #332587; medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
	- php4 4:4.4.0-3 (bug #353585; bug #354685; medium)
	- php5 5.0.5-2 (bug #353585; medium)
	[sarge] - php4 <no-dsa> (open_basedir violations not supported)
CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
	NOT-FOR-US: jportal
CVE-2005-3051 (Stack-based buffer overflow in the ARJ plugin (arj.dll) 3.9.2.0 for ...)
	NOT-FOR-US: 7-Zip
CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...)
	NOT-FOR-US: PhpMyFaq
CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...)
	NOT-FOR-US: My Little Forum
CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...)
	- emacs21 21.3-1 (bug #286183; medium)
CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
	[sarge] - egroupware <no-dsa> (Minor issue)
CVE-2005-XXXX [Insecure pidfile handling in mailleds]
	- mailleds 0.93-11.1 (bug #329365; low)
	[sarge] - mailleds <no-dsa> (Hardly exploitable)
CVE-2005-XXXX [kdebase uses urandom as an entropy source]
	- kdebase <unfixed> (bug #325369; unimportant)
	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
	NOTE: on Linux urandom should provide sufficient entropy
CVE-2005-3753 (Linux kernel before after 2.6.12 and before 2.6.13.1 might allow ...)
	- linux-2.6 2.6.12-7 (low)
CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
	- webmin 1.230-1 (high; bug #329741)
	[sarge] - webmin <not-affected> (Vulnerable code not present, see #329741)
	- usermin 1.160-1 (high; bug #329742)
	NOTE: SNS Advisory 83, http://marc.info:80/?m=112733083203821
CVE-2005-3041 (Unspecified &quot;drag-and-drop vulnerability&quot; in Opera Web Browser before ...)
	NOT-FOR-US: Opera
CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
	NOT-FOR-US: TAC Vista
CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
	NOT-FOR-US: Mall23 eCommerce
CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
	NOT-FOR-US: Handy Address Book Server
CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
	NOT-FOR-US: File Transfer Anywhere
CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
	NOT-FOR-US: Compuware DriverStudio
CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
	NOT-FOR-US: vxWeb - WinCE software
CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
	NOT-FOR-US: vxTfpSrv - WinCE software
CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
	NOT-FOR-US: Ahnlab Anti virus
CVE-2005-3028
	REJECTED
CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
	NOT-FOR-US: Sybari Antigen anti spam solution
CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
	NOT-FOR-US: Epay Pro
CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
	NOT-FOR-US: vBulletin
CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
	NOT-FOR-US: vBulletin
CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
	NOT-FOR-US: vBulletin
CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
	NOT-FOR-US: vBulletin
CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
	NOT-FOR-US: vBulletin
CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Safari
CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
	NOT-FOR-US: Content2Web
CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
	NOT-FOR-US: Ensim webppliance
CVE-2005-3013 (Buffer overflow in liby2util in Yet another Setup Tool (YaST) for SuSE ...)
	NOT-FOR-US: YaST
CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
	NOT-FOR-US: SimpleCDR-X
CVE-2005-3011 (The sort_offline function for texindex in texinfo 4.8 and earlier ...)
	{DSA-1219}
	- texinfo 4.8-1 (bug #328365; low)
	[sarge] - texinfo <no-dsa> (Minor issue, hardly exploitable)
CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
	NOT-FOR-US: CuteNews
CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
	NOT-FOR-US: CuteNews
CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
	NOT-FOR-US: Tofu
CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
	NOT-FOR-US: Opera
CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
	NOT-FOR-US: Opera
CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
	NOT-FOR-US: Helpdesk Software Hesk
CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
	NOT-FOR-US: Interakt MX Shop
CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
	NOT-FOR-US: NooTopList
CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
	NOT-FOR-US: Multi-Computer Control System
CVE-2005-3001 (Unspecified vulnerability in the &quot;tl&quot; driver in Solaris 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
	NOT-FOR-US: PHP Advanced Transfer Manager
CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
	NOT-FOR-US: VERITAS storage solutions
CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
	- bacula 1.38.9-1 (bug #329271; low)
	NOTE: Sarge affected, didn't exist in Woody
CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
	NOT-FOR-US: IBM Rational ClearQuest
CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
	NOT-FOR-US: HP Tru64
CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
	- ncompress <not-affected> (bug #329052; unimportant)
	NOTE: see bug close message,  Debian's ncompress doesn't expose affected scripts
CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
	{DSA-843-1}
	- arc 5.21m-1 (low)
CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
	NOT-FOR-US: LineControl Java Client
CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
	NOT-FOR-US: DeluxeBB
CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
	NOT-FOR-US: HP printers
CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
	NOT-FOR-US: Digital Scribe
CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
	NOT-FOR-US: AhnLab antivirus and related products
CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
	NOT-FOR-US: aeDating script
CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
	NOT-FOR-US: Avocent hardware issue
CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
	NOT-FOR-US: Oracle
CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
	NOT-FOR-US: CompaqHTTPServer
CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
	NOT-FOR-US: Orion
CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
	NOT-FOR-US: phpoutsourcing Noah's classifieds
CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...)
	{DSA-878-1}
	- netpbm-free 2:10.0-10
CVE-2005-2977 (The SELinux version of PAM before 0.78 r3 allows local users to ...)
	- pam 0.99.7.1-2 (bug #336344; low)
	[etch] - pam 0.79-5
	[sarge] - pam <not-affected> (Does not contain SELinux support)
	[woody] - pam <not-affected> (Does not contain SELinux support)
CVE-2005-2976 (Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; medium)
	- gtk+2.0 2.6.10-2
CVE-2005-2975 (io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before ...)
	{DSA-913-1 DSA-911-1}
	- gdk-pixbuf 0.22.0-11 (bug #339431; low)
	- gtk+2.0 2.6.10-2 (bug #339431; low)
CVE-2005-2974 (libungif library before 4.1.0 allows attackers to cause a denial of ...)
	{DSA-890-1}
	- libungif4 4.1.3-4 (bug #337972; unimportant)
	- giflib 4.1.4-1 (bug #395382; unimportant)
	NOTE: Just a bug, hardly security implications
CVE-2005-2973 (The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.13+2.6.14-rc4-0experimental.1 (low)
CVE-2005-2972 (Multiple stack-based buffer overflows in the RTF import feature in ...)
	{DSA-894-1}
	- abiword 2.4.1-1 (bug #333740; medium)
CVE-2005-2971 (Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 ...)
	{DSA-872-1}
	- koffice 1:1.3.5-5 (bug #333497; medium)
CVE-2005-2970 (Memory leak in the worker MPM (worker.c) for Apache 2, in certain ...)
	- apache2 2.0.55-1 (bug #340337; low)
	[sarge] - apache2 2.0.54-5sarge2
	NOTE: this occurs in the binary package apache2-mpm-worker
CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
	{DSA-888-1 DSA-882-1 DSA-881-1 DSA-875-1}
	- openssl 0.9.8-3 (bug #333500; low)
	- openssl097 0.9.7g-5 (bug #333500; low)
	- openssl094 <removed>
	- openssl095 <removed>
	- openssl096 <removed>
CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
	{DSA-868-1}
	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
	{DSA-863-1}
	- xine-lib 1.0.1-1.4 (bug #332919; bug #333682; medium)
CVE-2005-2965
	REJECTED
CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
	{DSA-894-1}
	- abiword 2.2.10-1 (bug #329839; medium)
CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...)
	{DSA-844-1}
	- mod-auth-shadow 1.4-2 (bug #323789; medium)
CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...)
	{DSA-830-1}
	- ntlmaps 0.9.9-4
CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...)
	{DSA-834-1}
	NOTE: prozilla is not in sarge or etch
CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...)
	{DSA-836-1 DSA-835-1}
	- cfengine <removed> (bug #332433; low)
	- cfengine2 2.1.17-1 (bug #332432; low)
	NOTE: maintainer does not think it's a hole, script is unused/broken
CVE-2005-2959 (Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows ...)
	{DSA-870-1}
	- sudo 1.6.8p9-3 (medium)
CVE-2005-2958 (Multiple format string vulnerabilities in the GNOME Data Access ...)
	{DSA-871-1}
	- libgda2 1.2.2-1 (medium)
CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
	NOT-FOR-US: AVIRA Desktop
CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores temporary chat ...)
	NOT-FOR-US: ATutor
CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
	NOT-FOR-US: ATutor
CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
	NOT-FOR-US: ATutor
CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
	NOT-FOR-US: MIVA Merchant
CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
	NOT-FOR-US: Subscribe Me Pro
CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
	NOT-FOR-US: AzDGDating lite
CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
	NOT-FOR-US: Sawmill
CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
	NOT-FOR-US: pam_per_user (not in Debian)
CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
	NOT-FOR-US: KillProcess
CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-assisted ...)
	NOT-FOR-US: KillProcess
CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
	- openssl 0.9.8-1 (bug #314465; unimportant)
	NOTE: MD5 is still good enough for most applications, second preimage attacks
	NOTE: haven't been presented yet
CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
	NOT-FOR-US: GNOME Workstation Command Center
CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...)
	{DSA-902-1}
	- xmail 1.22-1 (bug #333863; medium)
CVE-2005-2942
	REJECTED
CVE-2005-2941
	RESERVED
CVE-2005-2940 (Unquoted Windows search path vulnerability in Microsoft Antispyware ...)
	NOT-FOR-US: Microsoft Antispyware
CVE-2005-2939 (Unquoted Windows search path vulnerability in VMWare Workstation 5.0.0 ...)
	NOT-FOR-US: VMWare
CVE-2005-2938 (Unquoted Windows search path vulnerability in iTunesHelper.exe in ...)
	NOT-FOR-US: iTunes
CVE-2005-2937
	REJECTED
CVE-2005-2936 (Unquoted Windows search path vulnerability in RealNetworks RealPlayer ...)
	NOT-FOR-US: Real Player
CVE-2005-2935 (Unquoted Windows search path vulnerability in Microsoft AntiSpyware ...)
	NOT-FOR-US: Microsoft AntiSpyware
CVE-2005-2934 (Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 ...)
	NOT-FOR-US: SCO
CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...)
	{DSA-861-1}
	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
	- pine 4.64-1 (medium; bug #348407)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	[sarge] - pine <no-dsa> (pine is non-free; doesn't permit distribution of modified binaries)
CVE-2005-2932 (Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, ...)
	NOT-FOR-US: Check Point Zone Labs ZoneAlarm
CVE-2005-2931 (Format string vulnerability in the SMTP service in IMail Server 8.20 ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2929 (Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote ...)
	- lynx <not-affected> (Debian's default config is not vulnerable)
CVE-2005-2928
	RESERVED
CVE-2005-2927 (Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2926 (Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO ...)
	NOT-FOR-US: SCO Unixware
CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
	NOT-FOR-US: IRIX
CVE-2005-2924
	RESERVED
CVE-2005-2923 (The IMAP server in IMail Server 8.20 in Ipswitch Collaboration Suite ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-2922 (Heap-based buffer overflow in the embedded player in multiple ...)
	- helix-player 1.0.7-1 (bug #358754; medium)
CVE-2005-2921
	RESERVED
CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2913
	REJECTED
CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2911
	RESERVED
CVE-2005-2910
	RESERVED
CVE-2005-2909
	RESERVED
CVE-2005-2908
	RESERVED
CVE-2005-2907
	RESERVED
CVE-2005-2906
	RESERVED
CVE-2005-2905
	RESERVED
CVE-2005-2904 (Zebedee 2.4.1, when &quot;allowed redirection port&quot; is not set, allows ...)
	NOT-FOR-US: Zebedee
CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
	NOT-FOR-US: NOD32 Anti virus
CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
	NOT-FOR-US: class-1 Forum
CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
	NOT-FOR-US: CjWeb2Mail
CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
	NOT-FOR-US: CjLinkOut
CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
	NOT-FOR-US: CjTagBoard
CVE-2005-2898 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. ...)
	NOT-FOR-US: Filezilla
CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
	NOT-FOR-US: WEB//NEWS
CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
	NOT-FOR-US: PBLang
CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
	NOT-FOR-US: PBLang
CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
	NOT-FOR-US: PBLang
CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
	NOT-FOR-US: PBLang
CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
	NOT-FOR-US: WebArchiveX
CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
	NOT-FOR-US: SecureOL
CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
	NOT-FOR-US: Check Point
CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
	NOT-FOR-US: MAXDev MD-Pro
CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2883
	REJECTED
CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
	NOT-FOR-US: phpCommunityCalendar
CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
	{DSA-843-1}
	- arc 5.21m-1 (bug #329053; low)
CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...)
	{DSA-828-1}
	- squid 2.5.10-7
	NOTE: Patch was added to -6, but not listed in dpatch's list of patches
CVE-2005-XXXX [user password file created by gajim is world-readable]
	- gajim 0.8.2-1 (bug #325080; low)
CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
	- zope2.7 2.7.8-1 (bug #313644; bug #313621; low)
	[sarge] - zope2.7 <no-dsa> (Inside the responsibility of the admin)
CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
	- wine 0.0.20050830-1 (bug #327261; bug #327262; low)
	[sarge] - wine <no-dsa> (Minor issue)
CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; bug #329280; medium)
CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
	{DSA-824-1 DTSA-19-1}
	- clamav 0.87-1 (bug #328660; medium)
CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
	{DSA-822-1}
	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (medium)
	- kernel-source-2.4.27 <not-affected> (code is vulnerable but there is no amd64 for 2.4 in Sarge)
CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
	NOTE: proactively fixed by the robustness patch
	- twiki 20040902-2
CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
	{DSA-825-1 DSA-823-1}
	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
	- loop-aes-utils 2.12p-9 (bug #328626; medium)
CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...)
	{DSA-856-1}
	- py2play 0.1.8-1 (bug #326976; medium)
CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
	- cups 1.1.23-1
	- cupsys 1.1.23-1
CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
	{DSA-868-1 DSA-866-1 DSA-837-1}
	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; bug #327366; medium)
	- mozilla 2:1.7.12-1 (bug #327455; medium)
	- mozilla-thunderbird 1.0.7-1
	NOTE: epiphany-browser is apparently fixed fix the mozilla
	NOTE: upload; see bug #327366
CVE-2005-2930 (Stack-based buffer overflow in the _chm_find_in_PMGL function in ...)
	{DSA-886-1}
	- chmlib 0.36-1 (bug #327431; medium)
CVE-2005-2802
	REJECTED
CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
	{DSA-841-1 DTSA-20-1}
	- mailutils 1:0.6.90-3 (bug #327424; high)
CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	{DSA-880-1}
	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
	NOT-FOR-US: ZipTorrent
CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
	NOT-FOR-US: BlueWhaleCRM
CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: Mercora IMRadio
CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
	NOT-FOR-US: aMember Pro
CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: URBAN
CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
	NOT-FOR-US: OpenWebmail
CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
	NOT-FOR-US: ADSL hardware
CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
	NOT-FOR-US: N-Stealth
CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
	- nikto 1.35-1.1 (bug #327339; medium)
CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
	NOT-FOR-US: Rediff BOL)
CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
	NOT-FOR-US: Free SMTP Server
CVE-2005-2856 (Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party ...)
	NOT-FOR-US: ALZip
CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
	NOT-FOR-US: Unclassified Newsboard
CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
	NOT-FOR-US: thesitewizard.com chfeedback.pl
CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
	NOT-FOR-US: GuppY
CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
	NOT-FOR-US: Novell Netware
CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
	{DTSA-25-1}
	- smb4k 0.6.4-1 (bug #337471; medium)
	NOTE: fix in 0.6.3-1 was incomplete according to maintainer
CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SlimFTPD
CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
	NOT-FOR-US: Barracuda antispam solution
CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
	NOT-FOR-US: CMS Made Simple
CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
	NOT-FOR-US: Ariba Spend Management System
CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
	NOT-FOR-US: Indiatimes Messenger
CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
	NOT-FOR-US: Hesk
CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
	NOT-FOR-US: DameWare Mini
CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
	NOT-FOR-US: IOS
CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
	NOT-FOR-US: MAXdev
CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
	NOT-FOR-US: MAXdev
CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
	NOT-FOR-US: myBloggie
CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
	NOT-FOR-US: WebGUI
CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
	NOT-FOR-US: Phorum
CVE-2005-2835
	RESERVED
CVE-2005-2834
	RESERVED
CVE-2005-2833
	RESERVED
CVE-2005-2832
	RESERVED
CVE-2005-2831 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2830 (Microsoft Internet Explorer 5.01, 5.5, and 6, when using an HTTPS ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2829 (Multiple design errors in Microsoft Internet Explorer 5.01, 5.5, and 6 ...)
	NOT-FOR-US: Microsoft Internet Explorer
CVE-2005-2828
	RESERVED
CVE-2005-2827 (The thread termination routine in the kernel for Windows NT 4.0 and ...)
	NOT-FOR-US: Windows NT
CVE-2005-2826
	RESERVED
CVE-2005-2825
	RESERVED
CVE-2005-2824
	RESERVED
CVE-2005-2823
	RESERVED
CVE-2005-2822
	RESERVED
CVE-2005-2821
	RESERVED
CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327181; medium)
CVE-2005-2819 (DownFile 1.3 allows remote attackers to gain administrator privileges ...)
	NOT-FOR-US: DownFile
CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
	NOT-FOR-US: DownFile
CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
	NOT-FOR-US: Greymatter
CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
	NOT-FOR-US: man2web
CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
	NOT-FOR-US: urban game
CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
	NOT-FOR-US: silc daemon
CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
	- frox 0.7.18-1 (medium)
CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
	- frox <not-affected> (does not run setuid root in the Debian package)
CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
	NOT-FOR-US: BNBT EasyTracker
CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
	NOT-FOR-US: e107
CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...)
	NOT-FOR-US: GroupWise
CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.3-1
CVE-2005-2800 (Memory leak in the seq_file implementation in the SCSI procfs ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-6 (low)
	- kernel-source-2.4.27 <not-affected> (seq_file introduced in 2.6)
CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
	NOT-FOR-US: Linksys routers
CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: Not enabled in the binary build, see #326065
	- openssh-krb5 <removed> (bug #327233; medium)
	[sarge] - openssh-krb5 <no-dsa> (Intended bahaviour, see #327233)
CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
	- openssh 1:4.2p1-1 (bug #326065; unimportant)
	NOTE: GSSAPI features not activated in binary builds
CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
	{DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2795
	RESERVED
CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
	{DSA-809-3 DSA-809-1}
	- squid 2.5.10-5 (medium)
CVE-2005-2793 (PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
	[sarge] - phpldapadmin <not-affected> (code not present in sarge)
	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
	NOT-FOR-US: BFCC
CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2784 (SQL injection vulnerability in the login function for the ...)
	NOT-FOR-US: cosmoshop
CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
	NOT-FOR-US: AutoLinks Pro
CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
	{DSA-1063-1}
	- phpgroupware 0.9.16.009-1 (bug #340094; medium)
	- egroupware 1.0.0.009.dfsg-3-4 (bug #340495; medium)
	[woody] - phpgroupware <not-affected> (fudforum not included until 0.9.16)
	NOTE: Sarge affected, woody isn't
CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
	NOT-FOR-US: iTAN
CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
	NOT-FOR-US: Looking Glass
CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
	NOT-FOR-US: Litium Quake mod
CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
	NOT-FOR-US: HP OpenView
CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
	{DSA-832-1}
	- gopher 3.0.11 (bug #327722; high)
CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
	NOT-FOR-US: Reflection for Secure IT
CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
	{DSA-820-1}
	- courier 0.47-9 (bug #327727; medium)
CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
	NOT-FOR-US: Sophos AntiVirus
CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
	NOT-FOR-US: LeapFTP
CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
	- linux-2.6 2.6.12-6 (low)
CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
	NOT-FOR-US: OpenTTD
CVE-2005-2762 (Avaya VPNRemote before 4.2.33 stores credentials in cleartext in ...)
	NOT-FOR-US: VPNRemote
CVE-2005-2760
	RESERVED
CVE-2005-2759 (** SPLIT ** The jlucaller program in LiveUpdate for Symantec Norton ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2005-2757 (Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2756 (Apple QuickTime before 7.0.3 allows user-assisted attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2755 (Apple QuickTime Player before 7.0.3 allows user-assisted attackers to ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2754 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2753 (Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted ...)
	NOT-FOR-US: Apple QuickTime
CVE-2005-2752 (An unspecified kernel interface in Mac OS X 10.4.2 and earlier does ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2751 (memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2750 (Software Update in Mac OS X 10.4.2, when the user marks all updates to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2749 (Unspecified vulnerability in the Finder Get Info window for Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2748 (The malloc function in the libSystem library in Apple Mac OS X 10.3.9 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2747 (Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2746 (Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2745 (Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2744 (Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2743 (The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2742 (SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2741 (Authorization Services in securityd for Apple Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2740
	REJECTED
CVE-2005-2739 (Keychain Access in Mac OS X 10.4.2 and earlier keeps a password ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2738 (Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
	NOT-FOR-US: PhotoPost
CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
	NOT-FOR-US: YaPig
CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
	NOT-FOR-US: phpGraphy
CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
	{DSA-1148-1}
	- gallery 1.5-2 (bug #325285; medium)
CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
	NOT-FOR-US: Simple PHP Blog
CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
	NOTE: path disclosure, so not very important on debian systems
	NOTE: unreproducible according to bug #327729
CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
	NOT-FOR-US: Astato specific
CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
	NOT-FOR-US: Astato specific
CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
	NOT-FOR-US: Astato specific
CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
	{DSA-805-1}
	NOTE: The CVE description is wrong, this has been merged for 2.0.55
	- apache2 2.0.54-5 (bug #326435; medium)
CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
	NOT-FOR-US: Home Ftp Server
CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
	NOT-FOR-US: QNX
CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
	NOT-FOR-US: PaFileDB
CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Foojan PHP Weblog
CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
	NOT-FOR-US: HAURI Antivirus
CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Ventrilo
CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
	NOT-FOR-US: MPlayer
CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
	{DSA-799-1}
	- webcalendar 0.9.45-7 (bug #326223; medium)
CVE-2005-2715 (Format string vulnerability in the Java user interface service ...)
	NOT-FOR-US: VERITAS NetBackup Data and Business Center
CVE-2005-2714 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-2713 (passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-2712 (The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, ...)
	NOT-FOR-US: IBM
CVE-2005-2711 (ISS BlackIce 3.6, as used in multiple products including BlackICE PC ...)
	NOT-FOR-US: ISS
CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
	{DSA-826-1}
	NOTE: see  http://www.open-security.org/advisories/13
	- helix-player 1.0.6-1 (bug #330364; high)
CVE-2005-2709 (The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 2.6.14-3
CVE-2005-2708 (The search_binary_handler function in exec.c in Linux 2.4 kernel on ...)
	- kernel-source-2.4.27 <not-affected> (amd64/2.4 not supported)
CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; high)
	- mozilla 2:1.7.12-1 (high)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...)
	{DSA-868-1 DSA-866-1 DSA-838-1}
	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
	- mozilla 2:1.7.12-1 (bug #329778; medium)
	- mozilla-thunderbird 1.0.7-1
CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
	{DSA-807-1 DSA-805-1}
	- libapache-mod-ssl 2.8.24-1 (medium)
	- apache2 2.0.54-5 (bug #327210; medium)
CVE-2005-2699 (Unrestricted file upload vulnerability in admin/admin.php in PHPKit ...)
	NOT-FOR-US: PHPKit
CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
	NOT-FOR-US: Nephp Publisher Enterprise
CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
	NOT-FOR-US: Notes
CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
	NOT-FOR-US: Cisco
CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
	NOT-FOR-US: WinAce
CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
	NOT-FOR-US: SunOS
CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
	NOT-FOR-US: Solaris
CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
	NOT-FOR-US: SunOS
CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
	{DSA-793-1}
	- courier 0.47-8 (medium; bug #325631)
CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
	[sarge] - kernel-source-2.4.27 <no-dsa> (Unfixable design issues)
	[sarge] - kernel-source-2.6.8 <no-dsa> (Unfixable design issues)
	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
	- linux-2.6 2.6.18-1 (bug #332381; low)
	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
	NOTE: of ipt_recent the best solution, which seems to occur soon
CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
	- linux-2.6 2.6.12-1
CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
	{DSA-798-1}
	- phpgroupware 0.9.16.008-1
CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
	{DSA-796-1}
	- affix 2.1.2-3 (bug #325444; medium)
CVE-2005-XXXX [Insecure tempfile usage in tleds]
	- tleds 1.05beta10-9 (bug #276789; low)
CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
	{DSA-806-1 DSA-802-1}
	NOTE: cvsbug was removed from the cvs binary package in 1:1.11.5-4.
	NOTE: The copy in the cvs source package was fixed in 1:1.12.9-15.
	- cvs 1:1.11.5-4 (bug #325106; low)
	- gcvs 1.0final-8 (bug #324969; low)
CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
	NOT-FOR-US: RunCMS
CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
	NOT-FOR-US: RunCMS
CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
	NOT-FOR-US: SaveWebPortal
CVE-2005-XXXX [Insecure temp files in firehol]
	- firehol 1.231-4 (unimportant)
	NOTE: Only exploitable inside modified binary installation
CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
	NOT-FOR-US: Virtual Edge Netquery
CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)
	NOT-FOR-US: PHPKit
CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
	NOT-FOR-US: DTLink AreaEdit
CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
	NOT-FOR-US: Cisco
CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
	NOT-FOR-US: BEA WebLogic Portal
CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
	NOT-FOR-US: Sysinternals Process Explorer
CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
	NOT-FOR-US: MSIE
CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...)
	NOT-FOR-US: ACNews
CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
	NOT-FOR-US: Coppermine
CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
	NOT-FOR-US: Land Down Under
CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
	NOT-FOR-US: Burning Board
CVE-2005-2671
	REJECTED
CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
	NOT-FOR-US: HAURI
CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
	NOT-FOR-US: Computer Associates
CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
	- openssh 1:4.0p1-1 (unimportant)
	NOTE: Lack of a security feature, not a vulnerability
CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
	NOT-FOR-US: elm-me+ is no longer in unstable or testing
CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
	NOT-FOR-US: Whisper
CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (low; bug #329307)
CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
	{DSA-848-1}
	- masqmail 0.2.21-1 (high; bug #329307)
CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...)
	{DSA-852-1}
	- up-imapproxy 1.2.4-2 (high)
CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
	{DSA-839-1}
	- apachetop 0.12.5-3
CVE-2005-2659 (Buffer overflow in the LZX decompression in CHM Lib (chmlib) 0.35, as ...)
	{DSA-886-1}
	- chmlib 0.37-2 (medium)
CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
	{DSA-812-1}
	- turqstat 2.2.4-1 (medium)
CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
	{DSA-811-2}
	- common-lisp-controller 4.18 (bug #328633; medium)
CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
	{DSA-794-1}
	NOTE: Fix in -8 had problems
	- polygen 1.0.6-9 (bug #325468; low)
CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
	{DSA-791-1 DTSA-11-1}
	- maildrop 2.0.2-7 (bug #325135; medium)
CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
	{DSA-790-1}
	- phpldapadmin 0.9.6c-5 (bug #322423; medium)
	- egroupware <not-affected> (copy included is older and not vulnerable; bug #339583)
CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
	- cplay 1.49-8 (bug #324913; low)
	[woody] - cplay <not-affected> (CPLAY_TMP doesn't exist in this version)
	[sarge] - cplay <no-dsa> (Hardly exploitable)
CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
	{DSA-814-1 DTSA-17-1}
	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...)
	NOT-FOR-US: BBCaffe
CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
	NOT-FOR-US: Zorum
CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...)
	NOT-FOR-US: Zorum
CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...)
	NOT-FOR-US: Emefa Guestbook
CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
	NOT-FOR-US: ATutor
CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...)
	NOT-FOR-US: W-Agora
CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...)
	NOT-FOR-US: JaguarControl
CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
	- tor 0.1.0.14-1 (bug #323786; medium)
CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
	- mutt <not-affected> (bug #323956; high)
	NOTE: Status is not clear; upstream is unresponsive.
	NOTE: this bug was closed as it was unreproducable in Debian
CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
	{DSA-785-1}
	- libpam-ldap 178-1sarge1 (bug #324899)
CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
	NOT-FOR-US: Outlook
CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...)
	NOT-FOR-US: MyProxy
CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...)
	NOTE: could not reproduce this with squid 2.5, neither could the redhat guys
	NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522
	- squid 2.5
CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...)
	- squid 2.5.8
CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM ...)
	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...)
	NOT-FOR-US: DiamondCS
CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
	NOT-FOR-US: Juniper
CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
	NOT-FOR-US: World Poker Championship
CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
	NOT-FOR-US: PHPFreeNews
CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-2634 (Buffer overflow in the Log-SCR function in the &quot;Log to Screen&quot; feature ...)
	NOT-FOR-US: WinFTP Server
CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
	NOT-FOR-US: PHPTB Topic Board
CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
	NOT-FOR-US: Mediabox 404
CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
	NOT-FOR-US: Cisco
CVE-2005-2630 (Heap-based buffer overflow in DUNZIP32.DLL for RealPlayer 8, 10, and ...)
	- helix-player <not-affected> (Only Windows version of Real are affected)
CVE-2005-2629 (Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne ...)
	{DSA-915-1}
	- helix-player 1.0.6-1 (bug #340270; medium)
CVE-2005-2628 (Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to ...)
	- flashplugin-nonfree 7.0.61-1.1 (bug #339290; high)
	[sarge] - flashplugin-nonfree <no-dsa> (Only affects proprietary Flash plugin)
CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
	{DSA-788-1 DTSA-1-1}
	- kismet 2005.08.R1-1 (bug #323386; high)
CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
	NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
	NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows ...)
	NOT-FOR-US: wmFrog
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
	NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
	NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
	NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
	- cplay 1.49-3 (medium)
CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
	NOT-FOR-US: Open WebMail
CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
	NOT-FOR-US: miniBB
CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
	NOT-FOR-US: Tutti Nova
CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
	NOT-FOR-US: Hitachi Cosminexus Portal Framework
CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
	NOT-FOR-US: S-Mart Shopping Cart or RediCart
CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
	NOT-FOR-US: Jaws
CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
	NOT-FOR-US: Jaws
CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
	NOT-FOR-US: Jaws
CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
	NOT-FOR-US: Kerio
CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
	- proxytunnel 1.2.0-1
CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
	NOT-FOR-US: HP printers
CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
	NOT-FOR-US: Computer Associates Unicenter Common Services
CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
	NOT-FOR-US: CPAINT ajax toolkit
CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: ECW Shop
CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
	NOT-FOR-US: Novell GroupWise
CVE-2005-2619 (Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly ...)
	NOT-FOR-US: Autonomy
CVE-2005-2618 (Multiple stack-based buffer overflows in Autonomy (formerly Verity) ...)
	NOT-FOR-US: Autonomy
CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
	NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
	NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
	NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
	NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...)
	NOT-FOR-US: BEA
CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...)
	NOT-FOR-US: Keene Digital Media Server
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
	NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
	NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
	NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...)
	- samhain 2.0.2
CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...)
	- samhain 2.0.2
CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...)
	- kernel-patch-vserver 1.9.2
CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...)
	- phpgroupware 0.9.14.002
CVE-2004-2406 (Unknown &quot;overflow&quot; in the phpgw_config table for phpGroupWare before ...)
	- phpgroupware 0.9.14.002
CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2404
	REJECTED
CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
	NOT-FOR-US: YaBB
CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
	NOT-FOR-US: YaBB
CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...)
	NOT-FOR-US: WinFTP Server
CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
	NOT-FOR-US: Sidewinder
CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe
CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...)
	NOT-FOR-US: Blue Coat
CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...)
	NOT-FOR-US: Sun JSSE
CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
	NOT-FOR-US: libuser
CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
	NOT-FOR-US: ECW-Shop
CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
	NOT-FOR-US: (FreeBSD)
	NOTE: old freebsd, before it was introduced in Debian
CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
	NOT-FOR-US: Sun JSSE and JRE
CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
	{DTSA-16-1}
	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html - amd64 specific DOS
	- linux-2.6 2.6.12-6
CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
	NOT-FOR-US: ezUpload
CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
	NOT-FOR-US: EQdkp
CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
	NOT-FOR-US: Discuz
CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
	NOT-FOR-US: CPAINT Ajax
CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
	- wordpress 1.5.2-1 (bug #323040; high)
CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
	NOT-FOR-US: VegaDNS
CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
	NOT-FOR-US: SafeHTML
CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
	NOT-FOR-US: PHPSimplicity
CVE-2005-2606 (Unknown vulnerability in the &quot;frontend authentication&quot; in PHlyMail ...)
	NOT-FOR-US: PHlyMail
CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
	NOT-FOR-US: Lasso Professional Server
CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
	NOT-FOR-US: My Image Gallery (Mig)
CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
	- mozilla-firefox <not-affected> (According to Bugzilla Windows/Mac only)
CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
	NOT-FOR-US: MidiCart
CVE-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as used in other products ...)
	{DSA-899-1 DSA-798-1}
	- egroupware 1.0.0.009.dfsg-3-2 (bug #323928; medium)
	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
	NOT-FOR-US: Hummingbird FTP for Connectivity
CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos 1.6 and ...)
	NOT-FOR-US: Dokeos
CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
	NOT-FOR-US: AOL Client
CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
	{DSA-879-1}
	- gallery 1.5-2 (medium)
CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
	NOT-FOR-US: Dada Mail
CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
	NOT-FOR-US: Apple Safari
CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
	NOT-FOR-US: MindAlign
CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
	NOT-FOR-US: MindAlign
CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
	NOT-FOR-US: MindAlign
CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
	NOT-FOR-US: MindAlign
CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
	NOT-FOR-US: WRT54GS wireless router
CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
	NOT-FOR-US: DVBBS
CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
	NOT-FOR-US: PHPTB Topic Boards
CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
	NOT-FOR-US: Mentor ADSL-FR4II router
CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
	NOT-FOR-US: Kaspersky
CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
	NOT-FOR-US: Grandstream BudgeTone
CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
	NOT-FOR-US: Contivity
CVE-2005-2578
	REJECTED
CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
	NOT-FOR-US: Wyse Winterm
CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
	NOT-FOR-US: CaLogic
CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
	NOT-FOR-US: XMB Forum
CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
	- mysql <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...)
	NOT-FOR-US: FunkBoard
CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...)
	NOT-FOR-US: SysCP
CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...)
	NOT-FOR-US: SysCP
CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
	NOT-FOR-US: Gravity Board X (GBX)
CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...)
	NOT-FOR-US: MYFAQ
CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...)
	NOT-FOR-US: CFBB
CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...)
	NOT-FOR-US: e107 portal
CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
	{DSA-833-2 DSA-831-1 DSA-829-1}
	- mysql-dfsg-4.1 4.1.13 (medium)
	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (low)
CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
	{DSA-778-1}
	- mantis 0.19.2-4 (medium)
CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-6 (medium)
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
	NOT-FOR-US: rexecd
CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
	NOT-FOR-US: sercd
CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...)
	NOT-FOR-US: sercd
CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Winamp
CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...)
	- jetty 4.2.19-1 (medium)
CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...)
	NOT-FOR-US: @Mail
CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...)
	NOT-FOR-US: @Mail
CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...)
	NOT-FOR-US: Alcatel OmniSwitch
CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
	NOT-FOR-US: 1st Class Mail Server
CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...)
	NOT-FOR-US: BadBlue
CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
	NOT-FOR-US: AIM
CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...)
	- bochs 2.1.1-1
CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...)
	NOT-FOR-US: Red Storm Games
CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...)
	NOT-FOR-US: Opt-X
CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...)
	NOT-FOR-US: WFTPD
CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...)
	NOT-FOR-US: GlobalScape Secure FTP Server
CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Targem Battle Mages
CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
	- phpbb2 2.0.6c (low)
CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
	NOT-FOR-US: roofpoint Protection Server
CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...)
	NOT-FOR-US: Fizmez
CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
	NOT-FOR-US: 4nGuestbook
CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
	NOT-FOR-US: BugPort
CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
	NOT-FOR-US: GBook
CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
	NOT-FOR-US: GBook
CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
	- phpbb2 2.0.8 (low)
CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
	NOT-FOR-US: Tunez
CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...)
	NOT-FOR-US: Sybari AntiGen for Domino
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
	NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
	NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
	NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
	NOT-FOR-US: VocalTec
CVE-2004-2343 (** DISPUTED ** ...)
	NOTE: apache disputes this and I agree -- joeyh
CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ChatterBox
CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
	NOT-FOR-US: iSearch
CVE-2004-2340 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: PunkBuster Screenshot Database
CVE-2004-2339 (** DISPUTED ** ...)
	NOT-FOR-US: Microsoft
CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
	NOT-FOR-US: inlook
CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
	NOT-FOR-US: Novel Groupwise
CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
	NOT-FOR-US: Bodington
CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
	NOT-FOR-US: WWW::Form
CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
	NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
	NOT-FOR-US: IP3 Networks NetAccess
CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...)
	NOT-FOR-US: IBM Informatik Dynamic Server
CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...)
	NOT-FOR-US: SurgeFTP Server
CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
	NOT-FOR-US: Novell iChain Server
CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
	- courier <unfixed> (unimportant)
	NOTE: This is a lack of a security feature, but not a direct vulnerability
CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
	NOT-FOR-US: AIX only
CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...)
	NOT-FOR-US: Crob FTP Server
CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...)
	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...)
	NOT-FOR-US: MS IE
CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...)
	NOT-FOR-US: Solaris
CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...)
	NOT-FOR-US: Computer Associates
CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
	- mtools 3.9.9
CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
	- mathopd 1.5b14
CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
	- gallery 1.4.1
CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
	NOT-FOR-US: BEA
CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...)
	NOT-FOR-US: BEA
CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...)
	NOT-FOR-US: BEA
CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...)
	NOT-FOR-US: BEA
CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...)
	NOT-FOR-US: BEA
CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...)
	NOT-FOR-US: BEA
CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...)
	NOT-FOR-US: BEA
CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...)
	- gallery 1.3.3
CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
	- clamav 0.86.2-1 (low)
	[sarge] - clamav 0.84-2.sarge.2
CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-12 (bug #323363; medium)
CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
	NOT-FOR-US: Integrated Light Out in HP servers
CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
	NOT-FOR-US: Novell eDirectory
CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
	{DSA-782-1 DTSA-9-1}
	- bluez-utils 2.19-1 (bug #323365; medium)
CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Arab Portal
CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
	NOTE: This is intended behaviour, after all tar is an archiving tool and you
	NOTE: need to give -p as a command line flag
	- tar <unfixed> (bug #328228; unimportant)
CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
	NOT-FOR-US: FlatNuke
CVE-2005-2536 (pstotext before 1.8g does not properly use the &quot;-dSAFER&quot; option when ...)
	{DSA-792-1}
	- pstotext 1.9-2 (bug #319758; medium)
CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2533 (OpenVPN before 2.0.1, when running in &quot;dev tap&quot; Ethernet bridging ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2531 (OpenVPN before 2.0.1, when running with &quot;verb 0&quot; and without TLS ...)
	{DSA-851-1}
	- openvpn 2.0.2-1 (bug #324167; high)
CVE-2005-2530 (Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2529 (Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2528
	REJECTED
CVE-2005-2527 (Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X ...)
	NOT-FOR-US: Java / Apple
CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
	NOT-FOR-US: MacOS X
CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
	NOT-FOR-US: MacOS X
CVE-2005-2524 (Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to ...)
	NOT-FOR-US: MacOS X
CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
	NOT-FOR-US: Weblog Server in Mac OS X
CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
	- slocate <not-affected> (Uses secure glibc code, see #324951)
CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
	- drupal 4.5.5-1 (bug #323347; high)
	- phpgroupware 0.9.16.008-1 (bug #323349; high)
	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
	- phpwiki <unfixed> (unimportant)
	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
	- php4 4:4.3.10-16 (bug #323366; high)
	- php5 5.0.5-1 (high)
CVE-2005-2497
	REJECTED
CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
	{DSA-801-1}
	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
	- ntp 1:4.2.0a+stable-2sarge1 (medium)
	[etch] - ntp 1:4.2.0a+stable-2sarge1 (medium)
CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
	{DSA-816-1}
	- xorg-x11 6.8.2.dfsg.1-7 (medium)
CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
	{DSA-815-1}
	- kdebase 4:3.4.2-3 (bug #327039; medium)
CVE-2005-2493
	RESERVED
CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
	- pcre3 6.3-1 (bug #324531; medium)
	- gnumeric 1.5.1-1 (bug #326628; bug #326898; unimportant)
	- goffice 0.1.0-3 (bug #326898; unimportant)
	- vfu <not-affected> (does not include the vulnerable part of pcre)
	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
	- python2.1 2.1.3dfsg-3 (medium)
	- python2.2 2.2.3dfsg-4 (medium)
	- python2.3 2.3.5-8 (medium)
CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
	{DSA-1017-1}
	- linux-2.6 2.6.12-7 (bug #327416; medium)
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-XXXX [Buffer overflow in Description parsing]
	- bidwatcher <removed> (bug #319489; low)
	[sarge] - bidwatcher <no-dsa> (Totally broken due to Ebay changes, no users, no exploits)
CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
	- dbmail 2.2.1-1 (bug #303991; bug #290833; medium)
CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
	- mldonkey 2.5.28.1-1 (bug #300560; low)
CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
	- classpath 2:0.92-1 (bug #267040; bug #301134; high)
	[etch] - classpath <not-affected> (Doesn't build the gcjwebplugin binary package)
CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
	- dbmail 2.2.1-1 (bug #290833; medium)
CVE-2005-2548 (vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote ...)
	{DSA-922-1 DTSA-16-1}
	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
	NOTE: 2.6.12-1 contained a partially broken fix
	- linux-2.6 2.6.12-6 (bug #309308; low)
CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
	NOT-FOR-US: Web Content Management News System
CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
	NOT-FOR-US: Sun switches
CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
	NOT-FOR-US: PortailPHP
CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
	NOT-FOR-US: Logicampus
CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
	NOT-FOR-US: Denora IRC stats
CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...)
	NOT-FOR-US: Karrigell
CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
	NOT-FOR-US: Metasploit Framework
CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Fusebox
CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
	NOT-FOR-US: Fusebox
CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Quick 'n Easy FTP Server
CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
	NOT-FOR-US: Silvernews
CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
	NOT-FOR-US: Naxtor Shopping Cart
CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
	{DSA-903-1}
	- unzip 5.52-4 (bug #321927; low)
CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
	NOT-FOR-US: ChurchInfo
CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
	NOT-FOR-US: BusinessMail
CVE-2005-2471 (pstopnm in netpbm does not properly use the &quot;-dSAFER&quot; option when ...)
	{DSA-1021-1}
	- netpbm-free 2:10.0-9 (bug #319757; low)
CVE-2005-2470 (Buffer overflow in a &quot;core application plug-in&quot; for Adobe Reader 5.1 ...)
	NOT-FOR-US: Adobe
CVE-2005-2469 (Stack-based buffer overflow in the NMAP Agent for Novell NetMail 3.52C ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (bug #323173; medium)
	- kernel-source-2.4.27 2.4.27-12 (medium)
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Eudora
CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
	NOT-FOR-US: Omnicron
CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
	NOT-FOR-US: Novell Internet Messaging System
CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
	NOT-FOR-US: Pointsec
CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
	NOT-FOR-US: SurfControl
CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
	NOT-FOR-US: QNX
CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
	NOT-FOR-US: Novell eDirectory
CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
	NOT-FOR-US: Blue World Lasso Web Data Engine
CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
	NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
	NOT-FOR-US: Hyper NIKKI System (HNS) Lite
CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
	- netjuke 1.0b7
CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: HTMLsearch
CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
	NOT-FOR-US: RCA Digital Cable Modem
CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Fwmon
CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
	NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
	NOTE: debian's nms-formmail is a reimplementation of old formmail
CVE-2002-2108 (Unknown vulnerability in the &quot;VAIO Manual&quot; software in certain Sony ...)
	NOT-FOR-US: Sony VAIO
CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
	NOT-FOR-US: OpenKeyServer
CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
	NOT-FOR-US: WikkiTikkiTavi
CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
	NOT-FOR-US: Microsoft
CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
	NOT-FOR-US: Ganglia PHP RRD Web Client
	NOTE: not ganglia-monitor
CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
	- apache 1.3.24 (low)
CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
	- jzlib 0.0.7 (low)
CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
	- ddd <not-affected> (ddd is not setuid/gid so not exploitable)
CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
	NOT-FOR-US: Axspawn-pam
CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
	- maradns 0.9.01 (low)
CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
	NOT-FOR-US: Netware
CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
	NOT-FOR-US: Joe Testa hellbent 01 webserver
CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
	NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
	NOT-FOR-US: decfingerd
CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
	NOT-FOR-US: aucho Technology Resin server
CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
	NOT-FOR-US: Solaris
CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
	NOT-FOR-US: clump/os
CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
	NOT-FOR-US: ScriptEase
CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
	NOT-FOR-US: UnixWare/OpenUnix
CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
	NOT-FOR-US: SCO
CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
	NOT-FOR-US: CDE
CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
	NOTE: insufficient info to check, but not same code base
CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
	NOT-FOR-US: Apple
CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall
CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
	- wine 0.0.20050830-1 (bug #321470; unimportant)
	NOTE: Not shipped in binary package
CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
	- metamail 2.7-48 (bug #321473; low)
	[sarge] - metamail <no-dsa> (Hardly exploitable, minor Dos)
CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
	- xfree86 <removed> (bug #321447; low)
	[woody] - xfree86 <no-dsa> (Hardly exploitable)
	[sarge] - xfree86 <no-dsa> (Hardly exploitable)
	- x11-apps 7.7~1 (bug #321447; low)
	[squeeze] - x11-apps <no-dsa> (Minor issue)
CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
	- ghostscript 8.61.dfsg.1~svn8187-1 (bug #291452; unimportant)
	NOTE: Not included in the binary package
CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
	NOTE: binary not shipped
	- sysklogd <unfixed> (bug #281448; unimportant)
CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
	- fftw3 3.0.1-12 (low; bug #321566)
	[sarge] - fftw3 <no-dsa> (Minor issue)
CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
	- clamav-getfiles 0.5-1 (bug #321446; medium)
	[sarge] - clamav-getfiles <not-affected> (Sarge version uses mktemp)
CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316881; low)
	[sarge] - cgiwrap <no-dsa> (Minor impact)
CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
	{DTSA-6-1}
	- cgiwrap 3.9-3.1 (bug #316901; low)
	[sarge] - cgiwrap <no-dsa> (Minor information disclosure, only debugging libs)
CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
	{DSA-1016-1 DTSA-13-1}
	- evolution 2.2.3-3 (high; bug #322535)
CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
CVE-2005-XXXX [nvi: init.d recover file security bugs]
	- nvi 1.79-22 (bug #298114; medium)
CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
	[woody] - bugzilla <not-affected> (Vulnerable script is not present)
	[sarge] - bugzilla <not-affected> (Vulnerable script is not present)
	- bugzilla 2.18.3-2 (bug #321567; low)
CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
	- tor 0.1.0.14-1 (medium)
CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
	{DSA-1018-1 DSA-1017-1 DTSA-16-1}
	- linux-2.6 2.6.12-3 (medium)
CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 2.6.12-2 (bug #321401; medium)
	- kernel-source-2.4.27 2.4.27-11 (medium)
CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
	NOT-FOR-US: Greasemonkey
CVE-2005-2454 (IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
	NOT-FOR-US: NetworkActiv Web Server
CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
	- tiff 3.7.0-1
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
	NOT-FOR-US: IOS
CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
	{DSA-776-1 DTSA-3-1}
	- clamav 0.86.2-1 (medium)
CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
	NOT-FOR-US: sandbox
CVE-2005-2448 (Multiple &quot;endianness errors&quot; in libgadu in ekg before 1.6rc2 allow ...)
	{DSA-1318-1 DSA-813-1 DTSA-2-1 DTSA-4-1}
	- ekg 1:1.5+20050718+1.6rc3-1 (low)
	- centericq 4.20.0-9 (bug #323185; medium)
CVE-2005-2447
	REJECTED
CVE-2005-2446
	REJECTED
CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
	NOT-FOR-US: Product Cart
CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
	NOT-FOR-US: KShout
CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
	NOT-FOR-US: SPI Dynamics Web Inspect
CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
	NOT-FOR-US: VBzoom
CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
	NOT-FOR-US: Thomson Web Skill Vantage Manager
CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
	NOT-FOR-US: UseBB
CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
	NOT-FOR-US: UseBB
CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
	NOT-FOR-US: Website Baker
CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
	NOT-FOR-US: Website Baker
CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
	NOT-FOR-US: Linksys hardware
CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
	NOT-FOR-US: PhpList
CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
	NOT-FOR-US: PhpList
CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
	- gforge 4.5.14-2 (bug #328224; unimportant)
	NOTE: Direct flooding is possible as well in most circumstances.
	NOTE: (Upstream fix was in gforge 4.5.0.1.)
CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
	{DSA-1094-1}
	- gforge 4.5.14-9 (bug #328224; medium)
CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all fields&quot; ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
	NOT-FOR-US: FTPshell Server
CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
	NOT-FOR-US: Ares FileShare
CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
	NOT-FOR-US: Siemens hardware
CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Beehive
CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
	NOT-FOR-US: Beehive
CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
	NOT-FOR-US: Beehive
CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
	NOT-FOR-US: FtpLocate
CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
	NOT-FOR-US: hardware issue
CVE-2005-2418
	REJECTED
CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Contrexx
CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
	NOT-FOR-US: Contrexx
CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
	NOT-FOR-US: Contrexx
CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
	- firefox 1.5.dfsg-1 (unimportant)
	- mozilla-firefox 1.5.dfsg-1 (bug #327549; unimportant)
	- mozilla 1.5.dfsg-1 (bug #327550; unimportant)
	- iceweasel <not-affected>
	NOTE: The turned out to be non-exploitable
CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
	NOT-FOR-US: Atomic Photo Album
CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
	NOT-FOR-US: First Post
CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
	{DSA-808-1}
	- tdiary 2.0.2-1 (bug #319315; medium)
CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
	NOT-FOR-US: Network Manager
CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
	NOT-FOR-US: nbsmtp
CVE-2005-2408
	REJECTED
CVE-2005-2407 (A design error in Opera 8.01 and earlier allows user-assisted ...)
	NOT-FOR-US: Opera
CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
	NOT-FOR-US: Opera
CVE-2005-2405 (Opera 8.01, when the &quot;Arial Unicode MS&quot; font (ARIALUNI.TTF) is ...)
	NOT-FOR-US: Opera
CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
	NOT-FOR-US: Light Web File Manager
CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
	NOT-FOR-US: ActivePerl
CVE-2004-2285
	REJECTED
CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
	NOT-FOR-US: osCommerce
CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
	NOT-FOR-US: Sendcard
CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
	NOT-FOR-US: RealChat
CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
	NOT-FOR-US: PHPSiteSearch
CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
	NOT-FOR-US: PHPFinance
CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
	NOT-FOR-US: phpBook
CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
	- firefox <removed> (bug #320539; unimportant)
	- iceweasel <removed> (bug #320539; unimportant)
	- mozilla-firefox 1.4.99+1.5rc3.dfsg-2 (bug #320539; unimportant)
	- mozilla <removed> (bug #320538; unimportant)
	NOTE: Firefox and Mozilla follow RFC behaviour. This is more a lack of security
	NOTE: feature (client-side preference for stronger methods) and not a vulnerabilit
	NOTE: This also seems like a rare setup.
CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
	NOT-FOR-US: CuteNews
CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
	NOT-FOR-US: CuteNews
CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
	NOT-FOR-US: CMSimple
CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
	{DSA-795-2}
	- proftpd 1.2.10-20 (low)
	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
	NOT-FOR-US: Veritas NetBackup
CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
	NOT-FOR-US: some windows USB driver
CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...)
	NOT-FOR-US: GoodTech SMTP server
CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
	NOT-FOR-US: UNACEV2.DLL
CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...)
	NOT-FOR-US: Oray PeanutHull
CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...)
	NOT-FOR-US: PHP Surveyor
CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2378 (Directory traversal vulnerability in Oracle Reports allows remote ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
	NOT-FOR-US: Race Driver
CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...)
	NOT-FOR-US: Race Driver
CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...)
	NOT-FOR-US: Belkin 54g wireless routers
CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...)
	NOT-FOR-US: SlimFTPd
CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
	NOT-FOR-US: Oracle Forms
CVE-2005-2371 (Directory traversal vulnerability in Oracle Reports 6.0, 6i, 9i, and ...)
	NOT-FOR-US: Oracle Reports
CVE-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu, as used in ekg before ...)
	{DSA-1318-1 DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
	- gaim 1:1.4.0-5 (low)
	- centericq 4.20.0-9 (bug #323185; low)
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
	{DSA-813-1 DTSA-2-1}
	- centericq 4.20.0-9 (bug #323185; medium)
	- gaim 1:1.5.0-1 (bug #350071; medium)
	[woody] - gaim <not-affected> (affected code libgadu not present in woody)
	[sarge] - gaim <not-affected> (old version of libgadu in gaim is not affected)
	- ekg 1:1.5+20050712+1.6rc2-1 (medium)
	[sarge] - ekg <not-affected>
	NOTE: The fixes from centericq for integer overflows are all present in ekg from stable
CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
	{DTSA-12-1}
	- vim 1:6.3-085+1 (bug #320017; medium)
	[sarge] - vim 1:6.3-071+1sarge1
	NOTE: For some reason this was fixed through an upload to s-p-u, not stable-security
CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; bug #320192; medium)
CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
	- ethereal 0.10.12-1 (bug #320183; low)
	NOTE: This affects partially Woody and Sarge
CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...)
	{DSA-853-1}
	- ethereal 0.10.12-1 (bug #320183; low)
CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
	- kfreebsd-5 5.3-1 (medium)
CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
	NOT-FOR-US: EMC Navisphere Manager
CVE-2005-2355
	REJECTED
CVE-2005-2347
	RESERVED
CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2005-2345
	REJECTED
CVE-2005-2344 (The BlackBerry Attachment Service in Research in Motion (RIM) ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2343 (Research in Motion (RIM) BlackBerry Handheld web browser for ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2342 (Research in Motion (RIM) BlackBerry Router allows remote attackers to ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2341 (Heap-based buffer overflow in Research in Motion (RIM) BlackBerry ...)
	NOT-FOR-US: Research in Motion
CVE-2005-2340 (Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows ...)
	NOT-FOR-US: Apple Quicktime
CVE-2005-2339 (Cross-site scripting (XSS) vulnerability in the Unicode version of ...)
	NOT-FOR-US: unicode msearch
CVE-2005-2338 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP ...)
	NOT-FOR-US: Xoops
CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
	{DSA-864-1 DSA-862-1 DSA-860-1}
	- ruby <removed>
	- ruby1.6 1.6.8-13 (medium)
	- ruby1.8 1.8.3-1 (bug #332742; medium)
	- ruby1.9 1.9.0+20050921-1 (medium)
CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
	[sarge] - hiki <not-affected> (code not present in sarge)
	- hiki 0.8.2-1
CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
	NOT-FOR-US: Y.SAK
CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
	NOT-FOR-US: smilies_popup.php
CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...)
	NOT-FOR-US: PHPPageProtect
CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
	NOT-FOR-US: MooseGallery
CVE-2005-2330 (Directory traversal vulnerability in extras/update.php in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...)
	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...)
	NOT-FOR-US: Laffer
CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...)
	NOT-FOR-US: e107
CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
	NOT-FOR-US: Clever Copy
CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...)
	NOT-FOR-US: Class-1 Forum
CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
	NOT-FOR-US: CaLogic
CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...)
	NOT-FOR-US: Yawp
CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
	NOT-FOR-US: DVBBS
CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
	{DSA-849-1}
	- shorewall 2.4.1-2 (bug #318946; medium)
CVE-2005-2316 (Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers ...)
	NOT-FOR-US: dnrd
CVE-2005-2315 (Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 ...)
	NOT-FOR-US: dnrd
CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
	NOT-FOR-US: PHPsFTPd
CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
	NOT-FOR-US: Realnode Emilda
CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
	- sms-pl 2.1.0-1 (bug #320540; unimportant)
	NOTE: vulnerable contrib file only in source package
CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions ...)
	NOT-FOR-US: Winamp
CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Opera
CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
	NOT-FOR-US: MSIE
CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
	NOT-FOR-US: DG Remote Control Server
CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-2303
	REJECTED
CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
	{DSA-771-1}
	- pdns 2.9.18-1 (medium; bug #318798)
CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Skype
CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
	NOT-FOR-US: Simple Message Board
CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
	NOT-FOR-US: Sybase EAServer
CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: YabbSE
CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
	- netpanzer 0.8+svn20060319-1 (bug #318329; low)
	[sarge] - netpanzer <no-dsa> (Minor DoS against a game)
CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
	NOT-FOR-US: Oracle
CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
	NOT-FOR-US: Oracle
CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
	NOT-FOR-US: Oracle
CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
	NOT-FOR-US: Oracle
CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
	NOT-FOR-US: WPS
CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
	NOT-FOR-US: PHPCounter
CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: SoftiaCom wMailServer
CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
	NOT-FOR-US: WebEOC
CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
	NOT-FOR-US: WebEOC
CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
	NOT-FOR-US: WebEOC
CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
	NOT-FOR-US: WebEOC
CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
	NOT-FOR-US: WebEOC
CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
	NOT-FOR-US: Cisco
CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
	NOT-FOR-US: MailEnable
CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318328; medium)
CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
	NOT-FOR-US: Novell Groupwise WebAccess
CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
	NOT-FOR-US: OpenWebmail
CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
	- dansguardian 2.6.1-13 (medium)
CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
	- dansguardian 2.7.7-2
CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
	NOT-FOR-US: vHost
CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
	NOT-FOR-US: aGSM Half-Life
CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
	NOT-FOR-US: I-Mall Commerce
CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
	NOT-FOR-US: w3m Jigsaw
CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: efFingerD
CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
	NOT-FOR-US: efFingerD
CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
	NOT-FOR-US: IBM Parallel Environment
CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
	- pads 1.1.1 (high)
CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: PimenGest2
CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
	NOT-FOR-US: Ansel
CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
	NOT-FOR-US: Ansel
CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
	- uudeview 0.5.20-2.1 (bug #320541; low)
	[sarge] - uudeview <no-dsa> (Hardly exploitable)
	NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500)
CVE-2004-2264 (** DISPUTED ** ...)
	- less <not-affected> (less is not suid, explotability unlikely)
CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
	NOT-FOR-US: PlaySMS
CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
	NOT-FOR-US: e107
CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...)
	NOT-FOR-US: e107
CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...)
	NOT-FOR-US: Opera
CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...)
	- vsftpd 2.0.1-1 (low)
CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...)
	NOT-FOR-US: Hummingbird Exceed
CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2250 (Unknown vulnerability in the &quot;access code&quot; in RemoteEditor before ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2249 (Unknown vulnerability in the &quot;access code&quot; in SecureEditor before ...)
	NOT-FOR-US: SecureEditor
CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2247 (Unknown vulnerability in the &quot;admin of paypal email addresses&quot; in ...)
	NOT-FOR-US: AudienceConnect
CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...)
	NOT-FOR-US: Goollery
CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...)
	NOT-FOR-US: Goollery
CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...)
	NOT-FOR-US: Phorum
CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...)
	NOT-FOR-US: Phorum
CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
	- vpopmail <removed> (bug #320608; low)
CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
	NOTE: maintainer says does not apply to debian, see #320608
CVE-2004-2238 (** DISPUTED ** ...)
	NOTE: format string vuln in vpopmail doesn't seem to be real
CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...)
	- moodle 1.4-1
CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...)
	- moodle 1.3.3-1
CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...)
	- moodle 1.2.1-1
CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...)
	- moodle 1.2.1-1
CVE-2004-2233 (Unknown &quot;front page vulnerability with Moodle servers&quot; for Moodle ...)
	- moodle 1.3.2-1
CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...)
	- moodle 1.4.2-1
CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
	NOT-FOR-US: InstallAnywhere
CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...)
	NOT-FOR-US: Oracle
CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...)
	- mozilla-firefox 1.0-1
CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...)
	- mozilla-thunderbird 1.0-3
CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...)
	- mozilla-firefox 0.99+1.0RC1-1
CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
	NOT-FOR-US: Message Foundry
CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...)
	NOT-FOR-US: SoftCart
CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...)
	NOT-FOR-US: Microsoft
CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...)
	NOT-FOR-US: PHPMyWebHosting
CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...)
	NOT-FOR-US: yChat
CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
	NOT-FOR-US: Sun Java
CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...)
	- rxvt-unicode 3.8-1
CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
	- xmovie <removed>
CVE-2005-XXXX [xgalaga score file segfault]
	- xgalaga 2.0.34-31 (bug #319686; low)
	[sarge] - xgalaga <no-dsa> (Minor issue)
CVE-2005-XXXX [xemeraldia games file overwrite]
	- xemeraldia 0.4-1 (bug #319661; low)
	[sarge] - xemeraldia <no-dsa> (Very minor issue)
CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
	{DSA-774-1}
	NOTE: previous fix in -15 was broken
	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
	{DSA-766-1}
	- webcalendar 0.9.45-7 (bug #315671; medium)
CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
	NOT-FOR-US: Website Baker
CVE-2005-2275
	RESERVED
CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
	NOT-FOR-US: MSIE
CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
	NOT-FOR-US: Opera
CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...)
	NOT-FOR-US: Sfari
CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
	NOT-FOR-US: iCab
CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (bug #318062; bug #325851; high)
	- mozilla-thunderbird 1.0.6-1 (high)
CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (low; bug #318728)
CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (high)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
	{DSA-779-2 DSA-779-1 DTSA-8-2}
	- mozilla-firefox 1.0.4-2sarge3 (medium)
CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
	- mozilla-thunderbird 1.0.6-1 (medium; bug #318728)
CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.5-1 (medium)
	- mozilla 2:1.7.9-1 (medium; bug #318062)
CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
	NOT-FOR-US: magicHTML
CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...)
	NOT-FOR-US: WWWeBBB forum
CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
	NOT-FOR-US: Portix
CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...)
	NOT-FOR-US: Novell Netware
CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...)
	NOT-FOR-US: FTGate
CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: FTGate
CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
	- kernel-patch-openmosix <removed> (bug #319621; low)
CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
	NOT-FOR-US: FTGate
CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
	NOT-FOR-US: Microsoft
CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...)
	NOT-FOR-US: Lil' HTTP server
CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...)
	NOT-FOR-US: ICQ
CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...)
	NOT-FOR-US: Mailidx
CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...)
	NOT-FOR-US: Microsoft
CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...)
	NOT-FOR-US: Sun Java
CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Tru64
CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...)
	NOT-FOR-US: SecureClean
CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...)
	NOT-FOR-US: Eraser
CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...)
	NOT-FOR-US: Eraser
CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...)
	NOT-FOR-US: BCWipe
CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...)
	NOT-FOR-US: WebCalender
CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...)
	NOT-FOR-US: PhpWebGallery
CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...)
	NOT-FOR-US: AtGuard
CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...)
	NOTE: fixed in upstream 1.0.1
	NOTE: see http://web.archive.org/web/20090628044831/http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
	- mozilla 2:1.1-1 (low)
CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
	- links2 <not-affected> (Fixed before upload into archiv; 2.0pre5)
CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
	NOT-FOR-US: Intel motherboards
CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
	NOT-FOR-US: TeeKai
CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
	NOT-FOR-US: TeeKai
CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...)
	NOT-FOR-US: TeeKai
CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...)
	NOT-FOR-US: TeeKai
CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...)
	NOT-FOR-US: TeeKai
CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...)
	NOT-FOR-US: Cisco
CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
	NOT-FOR-US: Cisco
CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
	- modlogan 0.7.12-1 (low)
CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
	NOTE: one day upstream webserver compromise
CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
	NOT-FOR-US: PFinger
CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
	- sketch 0.6.13-1 (low)
CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
	NOT-FOR-US: X-News
CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: x-stat
CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
	NOT-FOR-US: x-stat
CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
	NOTE: old patch
CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
	NOT-FOR-US: QNX
CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
	NOT-FOR-US: QNX
CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...)
	NOT-FOR-US: QNX
CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...)
	NOT-FOR-US: QNX
CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...)
	NOT-FOR-US: NGPT
	NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
	NOTE: NPTL does not have this problem.
CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...)
	NOT-FOR-US: Cisco
CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
	NOT-FOR-US: Sun
CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...)
	NOT-FOR-US: RealityScape
CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...)
	NOT-FOR-US: Email Sanitizer
CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
	NOT-FOR-US: FAQManager
CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...)
	NOT-FOR-US: PHPNuke
CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
	NOT-FOR-US: Microsoft
CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...)
	NOT-FOR-US: PHP, Mircrosoft
CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...)
	NOT-FOR-US: Microsoft
CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...)
	NOT-FOR-US: DOOW
CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...)
	NOT-FOR-US: BrowseFTP
CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
	- imp 3:2.2.6-5 (high)
CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
	NOT-FOR-US: We use the OTHER beep program :P
CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...)
	NOTE: only affects old-stable
CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...)
	NOT-FOR-US: wbboard
CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...)
	NOT-FOR-US: osCommerce
CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
	NOT-FOR-US: SAS/Base
CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
	- user-mode-linux 2.4.17-9 (high)
CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
	NOT-FOR-US: PostNuke
CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
	NOT-FOR-US: Apache
CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
	NOT-FOR-US: faqomatic
CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
	NOT-FOR-US: Tomcat
CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
	NOT-FOR-US: Tomcat
CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...)
	NOT-FOR-US: Tomcat
CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...)
	NOT-FOR-US: Tomcat
CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...)
	NOT-FOR-US: Sun
CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...)
	NOT-FOR-US: Compaq
CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...)
	NOT-FOR-US: Compaq
CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
	NOT-FOR-US: Compaq
CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
	NOT-FOR-US: jmcce
CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...)
	NOT-FOR-US: VVOS
CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...)
	NOT-FOR-US: UnixWare
CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...)
	NOT-FOR-US: Postnuke
CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
	NOT-FOR-US: Postnuke
CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
	NOT-FOR-US: Windows
CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...)
	NOT-FOR-US: WebBBS
CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...)
	NOT-FOR-US: Windows
CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...)
	NOT-FOR-US: osCommerce
CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...)
	NOT-FOR-US: Resin
CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Resin
CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Resin
CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...)
	NOT-FOR-US: Resin
CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
	NOTE: presumably fixed in linux 2.4.12
CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
	NOT-FOR-US: Microsoft
CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
	NOT-FOR-US: Openwave WAP gateway
CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
	NOT-FOR-US: CMG WAP gateway
CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
	- vanessa-logger 0.0.2
CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
	NOT-FOR-US: MacOS
CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
	NOT-FOR-US: HP-UX
CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
	NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
	- nvi 1.79-16a.1
	NOTE: was DSA 085
CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...)
	NOTE: DSA 082
	- xvt 2.1-13
CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
	NOT-FOR-US: OpenBSD
CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
	- snort 1.8.3
CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
	NOT-FOR-US: AIX
CVE-2001-1556 (The log files in Apache web server contain information directly ...)
	NOTE: documented issue in apache, unlikely to be changed
	NOTE: see http://httpd.apache.org/docs/logs.html
CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
	NOT-FOR-US: Solaris
CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
	NOT-FOR-US: AIX
CVE-2001-1553 (Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, ...)
	- setiathome <not-affected> (not suid in debian)
CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
	NOTE: no info in CVE db about fix
CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
	NOT-FOR-US: Centra
CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2001-1547 (Outlook Express 6.0, with &quot;Do not allow attachments to be saved or ...)
	NOT-FOR-US: Outlook
CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
	NOT-FOR-US: Pathways Homecare
CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
	NOT-FOR-US: Macromedia JRun
CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
	NOT-FOR-US: Axis network camera
CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
	NOT-FOR-US: NAI WebShield SMTP
CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
	NOT-FOR-US: BSDI UUCP
CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...)
	NOT-FOR-US: IPRoute router software
	NOTE: This is not for iproute/iproute2.
	NOTE: From Chris Gragsone's message on BUGTRAQ:
	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
	NOTE: "for networks running the Internet Protocol (IP)."
CVE-2001-1539 (Stack consumption vulnerability in Internet Explorer The JavaScript ...)
	NOT-FOR-US: MSIE
CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
	NOT-FOR-US: SpeedXess HA-120 DSL router
CVE-2001-1537 (The default &quot;basic&quot; security setting' in config.php for TWIG webmail ...)
	NOTE: current twig package seems to have secure cookies enabled
	NOTE: still uses "basic" security setting.
CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...)
	NOT-FOR-US: Autogalaxy
CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
	- slash 2.2.6-8 (bug #328927; low)
	[sarge] - slash <no-dsa> (Lack of a security feature, minor security problem)
CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
	- apache <unfixed> (bug #328919; unimportant)
	- apache2 <unfixed> (unimportant)
	NOTE: Cookies are only used for invading user privacy,
	NOTE: not for authentication, so apache and apache2 should be fine.
CVE-2001-1533 (** DISPUTED * ...)
	NOT-FOR-US: Microsoft
CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...)
	NOT-FOR-US: WebX
CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...)
	NOT-FOR-US: Claris Emailer
CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...)
	NOTE: verified current webmin is ok
CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...)
	NOT-FOR-US: AIX
CVE-2001-1528 (AmTote International homebet program returns different error messages ...)
	NOT-FOR-US: AmTote International homebet
CVE-2001-1527 (easyNews 1.5 and earlier stores administration passwords in cleartext ...)
	NOT-FOR-US: easynews
CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
	NOT-FOR-US: easynews
CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...)
	NOT-FOR-US: easynews
CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...)
	NOT-FOR-US: Xircom REX
CVE-2001-1519 (** DISPUTED ** ...)
	NOT-FOR-US: RunAs
CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
	NOT-FOR-US: RunAs
CVE-2001-1517 (** DISPUTED ** ...)
	NOT-FOR-US: RunAs
CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...)
	NOT-FOR-US: phpReview
CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...)
	NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...)
	NOT-FOR-US: JRun
CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...)
	NOT-FOR-US: JRun
CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...)
	NOT-FOR-US: JRun
CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...)
	NOT-FOR-US: JRun
CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
	NOT-FOR-US: HP-UX
CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
	- lprng <not-affected> (Not suid in Debian)
	- cups <not-affected> (Not suid in Debian)
	- cupsys <not-affected> (Not suid in Debian)
CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
	- openssh 1:3.0.1
CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
	NOT-FOR-US: FTGate
CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...)
	NOT-FOR-US: Oracle
CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...)
	NOT-FOR-US: Oracle
CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
	NOT-FOR-US: Phorum
CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...)
	NOT-FOR-US: Phorum
CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Phorum
CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...)
	NOT-FOR-US: Phorum
CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
	NOT-FOR-US: Phorum
CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
	NOT-FOR-US: Phorum
CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
	NOT-FOR-US: USANet
CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
	NOT-FOR-US: Squito Gallery
CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
	NOT-FOR-US: PhpSlash
CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
	{DSA-759-1}
	- phppgadmin 3.5.4-1 (bug #318284; medium)
CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: PhpAuction
CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
	NOT-FOR-US: PHPSecurePages (phpSP)
CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
	{DSA-762-1}
	- affix 2.1.2-2 (bug #318327; medium)
CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
	NOT-FOR-US: Jinzora
CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
	NOT-FOR-US: DownloadProtect
CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
	NOTE: no details available
	- moodle 1.5.1-1
CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
	NOT-FOR-US: iPhotoAlbum
CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
	NOT-FOR-US: BIG-IP
CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
	NOT-FOR-US: Cisco
CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
	NOT-FOR-US: Cisco
CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
	NOT-FOR-US: Cisco
CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
	{DSA-1003-1}
	- xpvm 1.2.5-8 (bug #318285; medium)
CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
	- oftpd 20040304-1 (bug #318286; medium)
	NOTE: This was fixed in the patch set maintained by Werner Koch, it's included
CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
	NOT-FOR-US: AIX
CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
	NOT-FOR-US: AIX
CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
	NOT-FOR-US: AIX
CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
	NOT-FOR-US: AIX
CVE-2005-2233 (Buffer overflow in multiple &quot;p&quot; commands in IBM AIX 5.1, 5.2 and 5.3 ...)
	NOT-FOR-US: AIX
CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
	NOT-FOR-US: AIX
CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
	{DSA-761-2}
	- heartbeat 1.2.3-12 (bug #318287; medium)
CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
	- elmo 1.3.0-1.1 (bug #318291; low)
	[sarge] - elmo <no-dsa> (Minor issue)
CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
	NOT-FOR-US: Blog Torrent
CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
	NOT-FOR-US: Softiacom wMailserver
CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
	NOT-FOR-US: Outlook
CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
	NOT-FOR-US: MailEnable
CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
	NOT-FOR-US: MailEnable
CVE-2005-2221 (** DISPUTED ** ...)
	NOT-FOR-US: Dragonfly
CVE-2005-2220 (** DISPUTED ** ...)
	NOT-FOR-US: Dragonfly
CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...)
	- kfreebsd5-source 5.3-17 (medium)
CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
	NOT-FOR-US: Dansie Shopping Cart
CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
	NOT-FOR-US: PhotoGal
CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
	- mediawiki 1.4.9
CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
	- apt-setup <unfixed> (bug #305142; unimportant)
	NOTE: That's by design. We want to provide non-root users access to the source code,
	NOTE: thus it needs to be world-readable. Also, the password can't be too sensitive
	NOTE: as it'll be sent non-encrypted over the wire.
CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
	NOT-FOR-US: MMS Ripper
CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
	NOTE: duplicate of CVE-2005-1856
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
	NOTE: duplicate of CVE-2005-1855
	NOTE: Mitre contacted - micah April 20, 2006
	NOTE: Mitre re-contacted - micah June 5, 2006
CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
	NOT-FOR-US: Internet Download Manager
CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
	NOT-FOR-US: ScanShare
CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: PrivaShare
CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
	NOT-FOR-US: CartWIZ
CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
	NOT-FOR-US: kaiseki.cgi
CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
	NOT-FOR-US: SiteMinder
CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
	NOT-FOR-US: phpWishlist
CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
	NOT-FOR-US: Xerox Hardware issue
CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
	NOT-FOR-US: Xerox hardware
CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
	NOT-FOR-US: PPA web photo gallery
CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
	NOT-FOR-US: SPiD
CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
	NOT-FOR-US: Id Board
CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...)
	NOT-FOR-US: Apple Airport
CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
	NOT-FOR-US: Apple Darwin Streaming Server
CVE-2005-2194 (Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 ...)
	NOT-FOR-US: Apple
CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
	NOT-FOR-US: PunBB
CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
	NOT-FOR-US: SimplePHPBlog
CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
	NOT-FOR-US: Comersus
CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
	NOT-FOR-US: Comersus
CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
	NOT-FOR-US: Lantronix SecureLinx
CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
	NOT-FOR-US: McAfee IntruShield
CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
	NOT-FOR-US: eRoom
CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
	NOT-FOR-US: eRoom
CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
	NOT-FOR-US: PhpXmail
CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
	NOT-FOR-US: SIP phone hardware issue
CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
	- gnats 4.0 (bug #318481; high)
CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
	NOT-FOR-US: Jaws
CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
	NOTE: the affected probe.cgi
CVE-2005-2177 (Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when ...)
	{DSA-873-1}
	- net-snmp 5.2.1.2-1 (bug #318420; low)
	- ucd-snmp 4.2.5-5.1 (bug #337394; low)
	[sarge] - ucd-snmp <no-dsa> (Minor issue)
CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
	NOT-FOR-US: Novell NetMail
CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
	NOT-FOR-US: Notes
CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18.3-1 (low)
CVE-2005-2172
	RESERVED
CVE-2005-2171
	RESERVED
CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
	NOT-FOR-US: Tivoli
CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
	NOT-FOR-US: AliveSites
CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
	NOT-FOR-US: AliveSites
CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
	NOT-FOR-US: Express-Web
CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
	NOT-FOR-US: IdealBB
CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
	NOT-FOR-US: IdealBB
CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
	NOT-FOR-US: IdealBB
CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
	NOT-FOR-US: NatterChat
CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
	NOT-FOR-US: Veritas
CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
	NOT-FOR-US: Cold Fusion
CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
	NOT-FOR-US: Ansel
CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 ...)
	NOT-FOR-US: DUclassified
CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
	NOT-FOR-US: DUforum
CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
	NOT-FOR-US: DUforum
CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
	NOT-FOR-US: DUclassified
CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
	NOT-FOR-US: DUclassmate
CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
	NOT-FOR-US: kdocker
CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
	NOT-FOR-US: Zanfi
CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
	NOT-FOR-US: Zanfi
CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
	NOT-FOR-US: MailEnable
CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
	NOT-FOR-US: CJOverkill
CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
	- unzoo 4.4-3 (bug #306164)
CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
	NOT-FOR-US: DMXReady
CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
	NOT-FOR-US: DMXReady
CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
	NOT-FOR-US: Digicraft Yak!
CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
	NOT-FOR-US: WeHelpBUS
CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
	NOT-FOR-US: Macromedia JRun
CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
	NOT-FOR-US: Microsoft
CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
	NOT-FOR-US: Microsoft
CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
	NOT-FOR-US: ReviewPost
CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
	- cherokee 0.4.8
CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
	NOT-FOR-US: Caravan
CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BaSoMail
CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
	- latex2rtf 1.9.16
CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
	NOT-FOR-US: Canon ImageRUNNER
CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
	NOT-FOR-US: Lords of the Realm
CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
	NOT-FOR-US: VP-ASP
CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
	- serendipity 1.0-1
CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
	NOT-FOR-US: Online Recruitment Agency
CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
	NOT-FOR-US: Online-bookmarks
CVE-2005-2348
	REJECTED
CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
	NOT-FOR-US: PHPSource Printer
CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
	NOT-FOR-US: Plague
CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...)
	NOT-FOR-US: Plague
CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
	NOT-FOR-US: Plague
CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...)
	NOT-FOR-US: GlobalNoteScript
CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...)
	NOT-FOR-US: Covide
CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
	NOT-FOR-US: AutoIndex PHP Script
CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
	NOT-FOR-US: MyGuestbook
CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
	{DSA-768-1}
	- phpbb2 2.0.13+1-6sarge1 (bug #317739; high)
CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
	NOT-FOR-US: IMail
CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
	NOT-FOR-US: PlanetDNS
CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...)
	NOT-FOR-US: JBoss
CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
	NOT-FOR-US: nabopoll
CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
	NOT-FOR-US: PHPNews
CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...)
	NOT-FOR-US: osTicket
CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
	NOT-FOR-US: osTicket
CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
	NOT-FOR-US: Geeklog
CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
	{DSA-784-1}
	- courier 0.47-6 (bug #320290; low)
CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
	NOT-FOR-US: Microsoft
CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
	{DSA-764-1}
	- cacti 0.8.6f-1 (bug #316590; high)
CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
	{DSA-739-1}
	- trac 0.8.4-1
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
	NOT-FOR-US: Prevx Pro
CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: TCP Chat
CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
	NOT-FOR-US: FSboard
CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
	NOT-FOR-US: Pavsta
CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
	NOT-FOR-US: Comdev eCommerce
CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
	NOT-FOR-US: NateOn Messenger
CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...)
	NOT-FOR-US: Raritan Dominion SX
CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
	NOT-FOR-US: EtoShop
CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
	NOT-FOR-US: NetBSD
CVE-2005-2133
	REJECTED
CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
	NOT-FOR-US: SCO UnixWare
CVE-2005-2131
	RESERVED
CVE-2005-2130
	RESERVED
CVE-2005-2129
	RESERVED
CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-2126 (The FTP client in Windows XP SP1 and Server 2003, and Internet ...)
	NOT-FOR-US: Windows
CVE-2005-2125
	RESERVED
CVE-2005-2124 (Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) ...)
	NOT-FOR-US: Windows
CVE-2005-2123 (Multiple integer overflows in the Graphics Rendering Engine ...)
	NOT-FOR-US: Windows
CVE-2005-2122 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
	NOT-FOR-US: Windows
CVE-2005-2121
	RESERVED
CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
	NOT-FOR-US: Windows
CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
	NOT-FOR-US: Microsoft
CVE-2005-2118 (Windows Shell for Microsoft Windows 2000 SP4, XP SP1 and SP2, and ...)
	NOT-FOR-US: Windows
CVE-2005-2117 (Web View in Windows Explorer on Microsoft Windows 2000 SP4, XP SP1 and ...)
	NOT-FOR-US: Windows
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
	- cups 1.1.20final+rc1-1 (low)
	- cupsys 1.1.20final+rc1-1 (low)
CVE-2005-2116
	REJECTED
CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
	NOTE: cannot reproduce with firefox 1.0.5-1 and Sarge's Mozilla using POC exploits
	[sarge] - mozilla <not-affected> (Unreproducible)
	- mozilla 2:1.7.10-1 (bug #318723; medium)
CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
	NOT-FOR-US: Xoops
CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
	NOT-FOR-US: Xoops
CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
	NOT-FOR-US: Community Link Pro Web Editor
CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
	- wordpress 1.5.1.3-1 (bug #316402)
CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
	{DSA-745-1}
	- drupal 4.5.4-1 (bug #316362)
CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
	NOT-FOR-US: IOS
CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...)
	NOT-FOR-US: sysreport
CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (high; bug #323706)
CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...)
	{DTSA-5-1}
	- gaim 1:1.4.0-5 (medium; bug #323706)
CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
	{DSA-818-1}
	- kdeedu 4:3.4.2-1 (low)
CVE-2005-2100 (The rw_vm function in usercopy.c in the 4GB split patch for the Linux ...)
	- linux-2.6 <not-affected> (Red Hat specific according to Horms)
	- kernel-source-2.4.27 <not-affected> (Red Hat specific according to Horms)
CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
	{DTSA-16-1}
	NOTE: 2.6.8 and 2.4.27 not affected
	- linux-2.6 2.6.12-3 (bug #323039; medium)
CVE-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table in PDF files, ...)
	{DSA-1136-1 DSA-984-1 DSA-982-1 DSA-936-1 DSA-780-1 DTSA-28-1}
	- kdegraphics 4:3.4.2-1 (bug #322458; low)
	- xpdf 3.00-15 (bug #322462; low)
	[woody] - tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
	- tetex-bin 3.0-12
	NOTE: tetex links to poppler since 3.0-12
	[sarge] - tetex-bin <not-affected> (tetex2 uses an older version, which is not affected)
	- gpdf 2.10.0-4 (bug #334454; low)
	NOTE: Cups switched to xpdf-utils
	- cupsys 1.1.22-7 (bug #324464)
	- cups 1.1.22-7 (bug #324464)
	[woody] - cupsys <not-affected> (Vulnerable code not present)
	- poppler 0.4.0-1 (low)
	- libextractor 0.5.8-1 (medium)
CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-740-1}
	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
	NOTE: Florian Weimer is doing a comprehensive audit using clamav
	NOTE: to search for static zlib signatures in binaries in Debian
	NOTE: Not all of the listed packages have been checked for actual
	NOTE: exploitability using this hole.
	NOTE: oldstable (woody) had zlib 1.1, which is not affected
	[woody] - dpkg <not-affected> (Woody contains zlib 1.1, which is not affected)
	- dpkg 1.13.11 (bug #317967; unimportant)
	NOTE: You need to trust debs anyway, when installing them
	- zsync 0.4.0-2 (bug #317968; medium)
	[woody] - dump <not-affected> (Woody contains zlib 1.1, which is not affected)
	[sarge] - dump <no-dsa> (Backups do not contain untrusted data)
	- dump 0.4b40-1 (bug #317966; low)
	[woody] - aide <not-affected> (Woody contains zlib 1.1, which is not affected)
	- aide 0.10-6.1.1 (bug #317523; unimportant)
	NOTE: aide only uses zlib to compress/decompress internal data
	[woody] - amd64-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- amd64-libs 1.3 (bug #317970; medium)
	[woody] - ia32-libs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- ia32-libs 1.6 (bug #317971; medium)
	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
	[woody] - bacula <not-affected> (Woody contains zlib 1.1, which is not affected)
	- bacula 1.36.3-2 (bug #318014; medium)
	[sarge] - bacula <no-dsa> (Backups do not contain untrusted data)
	[woody] - sash <not-affected> (Woody contains zlib 1.1, which is not affected)
	- sash 3.7-6 (bug #318246; bug #318069; medium)
	[woody] - libphysfs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- libphysfs 1.0.0-5 (bug #318091; unimportant)
	- oops 1.5.23.cvs-3 (bug #318097; medium)
	[woody] - rpm <not-affected> (Woody contains zlib 1.1, which is not affected)
	- rpm 4.0.4-31.1 (bug #318099; unimportant)
	NOTE: You need to trust rpms anyway, when installing them
	- rageircd 2.0.0-3sid1 (bug #309196; medium)
	- systemimager-ssh <not-affected> (bug #318101; unimportant)
	NOTE: see dannf's first bug comment; systemimager-ssh doesn't use compression
	[woody] - texmacs <not-affected> (Woody contains zlib 1.1, which is not affected)
	- texmacs 1:1.0.5-3 (bug #318100; medium)
	[sarge] - texmacs <no-dsa> (Hardly exploitable)
	- zlib 1:1.2.2-7 (bug #317133; medium)
	- pvpgn 1.7.8-2 (bug #332236)
	- mysql-dfsg-4.1 4.1.13-1 (bug #319858; unimportant)
	- mrtg <not-affected> (Only used for internal compression, current versions link dynamically)
	- rsync <not-affected> (Uses zlib 1.1, which is not affected)
	NOTE: rsync upstream updated the internal zlib copy in 2.6.6 without real need,
	NOTE: as the included version was never affected, despite claiming them so.
CVE-2005-2095 (options_identities.php in SquirrelMail 1.4.4 and earlier uses the ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #317094)
CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
	NOT-FOR-US: Sun
CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
	NOT-FOR-US: BEA WebLogic
CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
	NOT-FOR-US: Websphere
CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
	- tomcat4 4.1.28-1
	NOTE: tomcat5 in experimental has this fix as well
CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
	NOT-FOR-US: Microsoft
CVE-2005-2088 (The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when ...)
	{DSA-805-1 DSA-803-1}
	- apache 1.3.33-8 (bug #322607; medium)
	- apache2 2.0.54-5 (bug #316173; medium)
CVE-2005-2087 (Internet Explorer 5.01 SP4 up to 6 on various Windows operating ...)
	NOT-FOR-US: Microsoft
CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
	NOT-FOR-US: Inframail
CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
	NOT-FOR-US: Community Forum
CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
	NOT-FOR-US: IA eMailServer
CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: imTRSET
CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
	- asterisk 1:1.0.9.dfsg-1 (bug #315532; unimportant)
	NOTE: Can only be exploited by users who already have the privilege to execute arbitrary commands
CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
	NOT-FOR-US: Veritas Backup
CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
	NOT-FOR-US: Lpanel
CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: GoodTech SMTP Server
CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
	NOT-FOR-US: Real Estate Management Software
CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Chatman
CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
	NOT-FOR-US: INTELLIPEER Email Server
CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
	- mysql-dfsg-4.1 4.1.5-1
CVE-2004-2148 (Unknown local vulnerability in the &quot;change user&quot; feature of Slava ...)
	- fprobe-ng 1.1-1
	- fprobe 1.1-4
	NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package
	NOTE: replaced fprobe therefore marking as fixed in 1.1-4
CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
	NOT-FOR-US: Baal Smart Forms
CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...)
	NOT-FOR-US: Mambo Portal
CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
	- sdd 1.52-1
CVE-2004-2141
	REJECTED
CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
	NOT-FOR-US: YaBB
CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
	NOT-FOR-US: YaBB
CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
	NOT-FOR-US: MySQLGuest
CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: BisonFTP Server
CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
	NOT-FOR-US: HP Version Control Repository Manager
CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
	NOT-FOR-US: DB2
CVE-2005-2072 (The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT ...)
	NOT-FOR-US: Solaris
CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #318755; medium)
CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
	{DSA-785-1}
	- openldap2.2 2.2.26-3 (bug #316674; medium)
	- openldap2 2.1.30-11 (medium)
	- libpam-ldap 178-1sarge1 (bug #316972; medium)
	- libnss-ldap 238-1.1 (bug #316973; medium)
CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
	- kfreebsd-source <unfixed>
CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
	NOT-FOR-US: ASP Nuke
CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
	NOT-FOR-US: ActiveBuyAndSell
CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (bug #318756; medium)
CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
	NOT-FOR-US: Affected only Real Player, not Helix Player
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
	NOT-FOR-US: Perception LiteServe
CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: iSMTP
CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...)
	NOT-FOR-US: Microsoft
CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
	NOT-FOR-US: QNX
CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...)
	NOTE: verified current version is not vulnerable to exploit
CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...)
	NOT-FOR-US: Solaris
CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
	NOT-FOR-US: Watchguard SOHO
CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass ...)
	NOT-FOR-US: IPFilter
CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
	NOT-FOR-US: Proprietary PGP
CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
	- net-tools <unfixed> (unimportant)
	NOTE: This seems to be a misunderstanding of what the PROMISC flag
	NOTE: is about. ifconfig reports properly when it is set using
	NOTE: "ifconfig promisc".
CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of &quot;A0&quot; to encrypt ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...)
	NOT-FOR-US: Zaurus hardware
CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...)
	NOT-FOR-US: Microsoft
CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
	NOT-FOR-US: pp_powerSwitch
CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
	NOT-FOR-US: Sourcecraft Networking Utils
CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...)
	NOT-FOR-US: SnortCenter
CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
	NOT-FOR-US: Magic Notebook
CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...)
	NOT-FOR-US: Com21 hardware
CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...)
	NOT-FOR-US: XiRCON
CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...)
	NOT-FOR-US: My Postcards Platinum
CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...)
	NOT-FOR-US: Imatix Xitami
CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)
	NOT-FOR-US: phpEventCalender
CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...)
	NOTE: No kernels in Sarge or sid affected
CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
	NOT-FOR-US: SurfinGate
CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
	NOT-FOR-US: Cybozu Share
CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...)
	NOT-FOR-US: kmMail
CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
	- pen <not-affected> (pen was introduced after this old vulnerability)
CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...)
	- rox 1.3.0-1
CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
	NOT-FOR-US: Iomega hardware issue
CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
	NOTE: php function that displays the PHP logo and version information. In the bug
	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
	NOTE: function.
	NOTE: can not reproduce in any versions of php4 in the archive.
	- php4 <not-affected> (bug #349260; low)
	- php5 5.1.1-1 (bug #336654; low)
CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
	NOT-FOR-US: AIM
CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
	NOT-FOR-US: phpRank
CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
	NOT-FOR-US: GoAhead WebServer
CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
	NOT-FOR-US: phpRank
CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...)
	- gringotts <not-affected> (fixed before Gringotts was in Debian)
CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...)
	- webmin 1.000-2
CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...)
	NOT-FOR-US: VNSL
CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...)
	NOT-FOR-US: SmailMail
CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...)
	NOT-FOR-US: Motorola Surfboard
CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...)
	NOT-FOR-US: SafeTP
CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...)
	NOT-FOR-US: Imatix
CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...)
	NOT-FOR-US: RadioBird
CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...)
	NOT-FOR-US: LCC-Win32
CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...)
	NOT-FOR-US: FlashFXP
CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Virgil CGI Scanner
CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...)
	NOT-FOR-US: Symantex Appliance
CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...)
	NOT-FOR-US: UTStarcom
CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...)
	NOT-FOR-US: Microsoft
CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...)
	NOT-FOR-US: AN HTTPd
CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...)
	NOT-FOR-US: PHP Arena
CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...)
	NOT-FOR-US: 602Pro LAN SUITE
CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...)
	NOT-FOR-US: Aquonics File Manager
CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...)
	NOT-FOR-US: Tiny Personal Firewall
CVE-2002-1924 (PowerChute plus 5.0.2 creates a &quot;Pwrchute&quot; directory during ...)
	NOT-FOR-US: Powerchute
CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...)
	- mysql <not-affected> (Windows specific)
CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: FtpXQ
CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...)
	NOT-FOR-US: VS-ASP
CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...)
	NOT-FOR-US: Microsoft ADO
CVE-2002-1917 (CRLF injection vulnerability in the &quot;User Profile: Send Email&quot; feature ...)
	NOT-FOR-US: Geeklog
CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...)
	NOT-FOR-US: Pirch
CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...)
	NOT-FOR-US: tip
CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...)
	- dump 0.4b31-1
CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...)
	NOT-FOR-US: myPHPNuke
CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...)
	NOT-FOR-US: SkyStream
CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...)
	NOT-FOR-US: ZoneAlarm
CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...)
	NOT-FOR-US: Ingenium Learning Management System
CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...)
	NOT-FOR-US: TelCondex
CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...)
	NOT-FOR-US: ViaVideo
CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...)
	NOT-FOR-US: ghttpd
CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...)
	- pine 4.62-1 (low)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: checked listed version, and it didn't have the problem
	NOTE: pine is non-free (alpine is free)
CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: CGIForum
CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...)
	NOT-FOR-US: BBGallery
CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...)
	NOT-FOR-US: Pinboard
CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...)
	NOT-FOR-US: IceWarp Web Mail
CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a ...)
	NOT-FOR-US: MyWebserver
CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
	- alsaplayer 0.99.72-1
CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...)
	- tomcat4 <not-affected> (Windows-specific Tomcat problems)
CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...)
	- phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295)
CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...)
	NOT-FOR-US: IRCIT
CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...)
	NOT-FOR-US: RedHat specific
CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
	NOT-FOR-US: Logsurfer
CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...)
	NOT-FOR-US: CommonName Toolbar
CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for ...)
	NOT-FOR-US: phpMyNewsletter
CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...)
	NOT-FOR-US: TightAuction
CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for ...)
	NOT-FOR-US: PPhlogger
CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...)
	NOT-FOR-US: Py-Membres
CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...)
	- qt-x11-free 2:3.0.4-1
CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...)
	NOT-FOR-US: Oracle
CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...)
	NOT-FOR-US: LokwaBB
CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...)
	NOT-FOR-US: w-Agora
CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Netgear hardware
CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...)
	NOT-FOR-US: Entercept Agent
CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...)
	NOT-FOR-US: Astrocam
CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...)
	NOT-FOR-US: Microsoft
CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...)
	NOT-FOR-US: Solaris
CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...)
	NOT-FOR-US: Heysoft EventSave
CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...)
	NOT-FOR-US: Dispair
CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...)
	NOT-FOR-US: Embedded HTTP server
CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...)
	NOT-FOR-US: Simple Web Server
CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...)
	NOT-FOR-US: Iomega NAS
CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SmartMail Server
CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...)
	NOT-FOR-US: Sybase ASE
CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: Pramati
CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...)
	NOT-FOR-US: Orion
CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...)
	NOT-FOR-US: Oracle
CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...)
	NOT-FOR-US: jo! jo Webserver
CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...)
	NOT-FOR-US: HP Application Server
CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...)
	NOT-FOR-US: Macromedia JRun
CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...)
	NOT-FOR-US: rlaj whois.cgi
CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...)
	NOT-FOR-US: MyNewsGroups
CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
	- monkey 0.9.2-1
	NOTE: Vulnerable code verified not be present in any Debian version
CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...)
	NOT-FOR-US: WS_FTP Pro
CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...)
	- apache2 2.0.42-1
CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...)
	NOT-FOR-US: ParaChat
CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...)
	NOT-FOR-US: TightVNC on Windows only
CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...)
	NOT-FOR-US: YaBB
CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...)
	NOT-FOR-US: YaBB
CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...)
	NOT-FOR-US: Microsoft Windows Media Player
CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Perlbot
CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Perlbot
CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...)
	NOT-FOR-US: Nogusta NOLA
CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...)
	NOT-FOR-US: some irssi tarballs contained a backdoor
CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...)
	NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52)
CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...)
	NOT-FOR-US: Charities.cron
CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...)
	NOT-FOR-US: Image Display System
CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...)
	NOT-FOR-US: Xerox Docutech
CVE-2002-1832 (Unknown vulnerability in the &quot;ipopts decode&quot; functionality in ...)
	NOT-FOR-US: Firestorm IDS
CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...)
	NOT-FOR-US: Microsoft MSN Messenger Service
CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...)
	NOT-FOR-US: Open Bulletin Board
CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...)
	NOT-FOR-US: Open Bulletin Board
CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Savant Webserver
CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...)
	- sendmail 8.12-4
CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...)
	- kernel-patch-2.4-grsecurity 1.9.6-1
CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...)
	NOT-FOR-US: WASD
CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
	NOT-FOR-US: MSIE
CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...)
	NOT-FOR-US: Zeroo
CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...)
	NOT-FOR-US: IBM HTTP Server on AS/400
CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...)
	NOT-FOR-US: TinyHTTPD
CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...)
	NOT-FOR-US: httpbench
CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
	NOT-FOR-US: Veritas
CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
	NOT-FOR-US: ATPhttpd
CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
	NOT-FOR-US: Aquonics
CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...)
	- bonobo <not-affected> (efstool not suid on Debian)
CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...)
	NOT-FOR-US: AIM
CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...)
	NOT-FOR-US: gdam123
CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...)
	NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...)
	NOT-FOR-US: D-Link DWL-900AP+ Access Point
CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...)
	NOT-FOR-US: MySQL windows binary
CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...)
	NOT-FOR-US: Meunity
CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
	NOT-FOR-US: Drupal
CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
	- dacode <removed> (bug #322605; low)
	[sarge] - dacode <no-dsa> (Minor issue; attacker would need to bypass moderator review/approval)
	NOTE: Sarge is affected (has same version as testing/unstable)
CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
	NOT-FOR-US: NPDS
CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
	NOT-FOR-US: Xoops
CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
	NOT-FOR-US: ImageFolio
CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
	NOT-FOR-US: phpRank
CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
	NOT-FOR-US: phpRank
CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) ...)
	NOT-FOR-US: MidiCart
CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...)
	NOT-FOR-US: ChaiVM
CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...)
	NOT-FOR-US: HP ldapux-pamauthz
CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
	NOT-FOR-US: HP Virtualvault OS
CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
	NOT-FOR-US: Fake Identd
CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...)
	NOT-FOR-US: microsoft
CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...)
	- newsx 1.4pl6.0-2
CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...)
	- nn 6.6.4-1
CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
	NOT-FOR-US: SGI IRIX
CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
	NOT-FOR-US: Zeus Administration Server
CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...)
	- php4 4:4.3.10-15
CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
	NOT-FOR-US: microsoft
CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
	NOT-FOR-US: JAF CMS
CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
	NOT-FOR-US: Real Player
	NOTE: This didn't affected Helix, although the changelog claimed so, see
	NOTE: http://service.real.com/help/faq/security/050623_player/EN/
CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
	NOT-FOR-US: BEWAC
CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
	- tor 0.0.9.10-1 (medium)
CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
	NOT-FOR-US: Duware
CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1, and ...)
	NOT-FOR-US: Duware
CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
	NOT-FOR-US: Duware
CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
	NOT-FOR-US: Duware
CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
	NOT-FOR-US: Duware
CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
	NOT-FOR-US: ATutor
CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
	NOT-FOR-US: XAMPP
CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
	NOT-FOR-US: ajax-spell
CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
	NOT-FOR-US: ViRobot
CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
	{DSA-758-1}
	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
CVE-2005-2039 (Unknown vulnerability in &quot;various plugins&quot; for NanoBlogger 3.2.1 and ...)
	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
	NOT-FOR-US: Fortibus CMS
CVE-2005-2036 (modifyUser.asp in Cool Cafe (Cool Caf&#233;) Chat 1.2.1 allows remote ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe (Cool Caf&#233;) ...)
	NOT-FOR-US: Cool Cafe Chat
CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
	NOT-FOR-US: iGallery
CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for Blue-Collar ...)
	NOT-FOR-US: iGallery
CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
	NOT-FOR-US: socialMPN
CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
	NOT-FOR-US: external script that allow interaction between amarok and a browser
CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
	NOT-FOR-US: Enterasys hardware issue
CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
	{DSA-738-1}
	NOTE: varying and apparently innacurate info about what versions fix it
	- razor 2.720-1 (low)
CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
	- gnupg2 1.9.15-1
CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
	NOT-FOR-US: iPlanet
CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
	NOT-FOR-US: cPanel
CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...)
	NOT-FOR-US: 3com Network Supervisor
CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
	NOT-FOR-US: FreeBSD ipfw
CVE-2005-2018
	RESERVED
CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
	NOT-FOR-US: Symantec AntiVirus
CVE-2005-2016
	RESERVED
CVE-2005-2015
	RESERVED
CVE-2005-2014 (The &quot;upload a language pack&quot; feature in paFAQ 1.0 Beta 4 allows remote ...)
	NOT-FOR-US: paFAQ
CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFAQ
CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
	NOT-FOR-US: paFAQ
CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
	NOT-FOR-US: paFAQ
CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
	NOT-FOR-US: Ublog Reload
CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
	- yaws 1.56-1 (low)
CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
	- trac 0.8.4-1 (bug #315145)
	[sarge] - trac 0.8.1-3sarge1
CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: JBOSS
CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
	NOT-FOR-US: Mambo
CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
	NOT-FOR-US: paFileDB
CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
	NOT-FOR-US: paFileDB
CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
	NOT-FOR-US: McGallery
CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
	NOT-FOR-US: McGallery
CVE-2005-1996 (PHP remote file inclusion vulnerability in start.php in Bitrix Site ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Bitrix Site Manager
CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
	{DSA-735-2 DSA-735-1}
	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
	{DSA-748-1}
	- ruby1.8 1.8.2-8 (bug #315064; medium)
	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
CVE-2005-1991
	RESERVED
CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
	NOT-FOR-US: MSIE
CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
	NOT-FOR-US: MSIE
CVE-2005-1987 (Buffer overflow in Collaboration Data Objects (CDO), as used in ...)
	NOT-FOR-US: Microsoft
CVE-2005-1986
	RESERVED
CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...)
	NOT-FOR-US: Microsoft
CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
	NOT-FOR-US: Spoolsv.exe
CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
	NOT-FOR-US: Microsoft
CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1978 (COM+ in Microsoft Windows does not properly &quot;create and use memory ...)
	NOT-FOR-US: Microsoft
CVE-2005-1977
	RESERVED
CVE-2005-1976 (Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets ...)
	NOT-FOR-US: Novell NetMail
CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
	- uw-imap 7:2002ddebian1-2 (bug #315499; unimportant)
	NOTE: This only applies to very exotic setups. It's also documented in the FAQ
	NOTE: and if someone has such a setup she will have to recompile the package with
	NOTE: the security features enabled.
CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
	NOT-FOR-US: DeleGate
CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
	NOT-FOR-US: BPM Studio Pro
CVE-2002-1779 (The &quot;block fragmented IP Packets&quot; option in Symantec Norton Personal ...)
	NOT-FOR-US: Norton
CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
	NOT-FOR-US: Norton
CVE-2002-1777 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1776 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1775 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1774 (** DISPUTED ** ...)
	NOT-FOR-US: Symantec
CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
	NOT-FOR-US: ICQ for MacOS X
CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain &quot;Domain ...)
	NOT-FOR-US: Novell Netware
CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
	NOT-FOR-US: FormMail
CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Eudora
CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
	NOT-FOR-US: Oracle
CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
	NOT-FOR-US: Netscape
	NOTE: didn't check mozilla
CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
	- evolution 1.0.5
CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
	NOT-FOR-US: acrobat
CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the &quot;Shift&quot; ...)
	NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
	NOT-FOR-US: Microsoft
CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
	NOT-FOR-US: PHProjekt
CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ACDSee
CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
	- tinc 1.0pre5
CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
	NOT-FOR-US: Novell NetWare
CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
	NOT-FOR-US: csNews
CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
	NOT-FOR-US: csChat-R-Box
CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
	NOT-FOR-US: csLiveSupport
CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
	NOT-FOR-US: csGuestbook
CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
	NOT-FOR-US: Windows 2000 Terminal Services
CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
	- slash 2.2.3
CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
	- vtun 2.5b2
CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
	- vtun 2.5b2
CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
	NOT-FOR-US: Microsoft
CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AOL ICQ
CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
	- soap-lite 0.55
CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
	NOT-FOR-US: WorldClient
CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
	NOT-FOR-US: WorldClient
CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
	NOT-FOR-US: Astaro Security Linux
CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
	NOT-FOR-US: CGINews
CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
	NOT-FOR-US: dlogin
CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
	NOT-FOR-US: NewsPro
CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
	NOT-FOR-US: Prospero MessageBoards
CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
	NOT-FOR-US: Actinic Catalog
CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
	NOT-FOR-US: IBM AS/400
CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
	NOT-FOR-US: askSam Web Publisher
CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
	NOT-FOR-US: PhotoDB
CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
	NOT-FOR-US: PHPImageView
CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
	NOT-FOR-US: Powerboards
CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
	NOT-FOR-US: microsoft
CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
	- altermime <not-affected> (fixed before the first Debian upload)
CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
	NOT-FOR-US: Spooky Login
CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
	NOT-FOR-US: Bavo
CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
	NOT-FOR-US: microsoft
CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
	NOT-FOR-US: microsoft
CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
	- openssh <not-affected> ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.")
CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
	NOT-FOR-US: msec
CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: microsoft
CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
	NOT-FOR-US: BasiliX
CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
	NOT-FOR-US: BasiliX
CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
	NOT-FOR-US: BasiliX
CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
	NOT-FOR-US: BasiliX
CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when &quot;allow_url_fopen&quot; and ...)
	- phpbb2 2.0.6c-1
CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
	NOT-FOR-US: Cisco
CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2002-1704 (Zeroboard 4.1, when the &quot;allow_url_fopen&quot; and &quot;register_globals&quot; ...)
	NOT-FOR-US: Zeroboard
CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
	NOT-FOR-US: NetAuction
CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
	NOT-FOR-US: DeltaScripts PHP Classifieds
CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
	NOT-FOR-US: ColdFusion
CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
	NOT-FOR-US: ASP Client Check
CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
	- vtun 2.6-1
CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
	NOT-FOR-US: Microsoft Outlook plugin
CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
	NOT-FOR-US: Norton
CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
	NOT-FOR-US: Microsoft
CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
	NOT-FOR-US: AIX
CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
	NOT-FOR-US: AIX
CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
	NOT-FOR-US: Microsoft
CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
	NOT-FOR-US: AIX
CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
	NOT-FOR-US: AIX
CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
	NOT-FOR-US: BadBlue Enterprise Edition
CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
	NOT-FOR-US: Deerfield D2Gfx
CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
	NOT-FOR-US: BadBlue Personal Edition
CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
	NOT-FOR-US: NewsReactor
CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
	- slash <not-affected> (Only present in intermediate CVS version, not released in Debian)
CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
	NOT-FOR-US: COWS
CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
	NOT-FOR-US: vBulletin
CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
	NOT-FOR-US: vBulletin
CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
	NOT-FOR-US: mrtgconfig
CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
	NOT-FOR-US: BindView NetInventory
CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
	NOT-FOR-US: Unreal IRCd
CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
	- webmin 0.93 (medium)
CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
	- webmin <not-affected> (packaging flaw of an unknown RPM based distro)
	NOTE: Permissions of Debian's webmin package look sane and FHS compliant
CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
	NOT-FOR-US: Microsoft
CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: HP-UX
CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
	- kfreebsd-source <not-affected> (kfreebsd/Debian uses a much more recent kernel)
CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
	NOT-FOR-US: Oracle
CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
	NOT-FOR-US: HP Secure OS layer
CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
	- tinc 1.0pre5-1
CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Lotus Notes
CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
	NOT-FOR-US: Sun
CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
	NOT-FOR-US: WebCart
CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
	NOTE: Fix went into proftpd CVS on 2002-12-12
	- proftpd 1.2.8-1
CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
	- proftpd 1.2.4-1
CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
	NOT-FOR-US: Check Point
CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary ...)
	NOT-FOR-US: mod_bf
CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
	- thttpd 2.21
CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
	NOT-FOR-US: Network Query Tool
CVE-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
	- util-linux 2.11n-1
CVE-2001-1492
	REJECTED
CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Opera
CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
	NOTE: mozilla is quite easily DOSable with all sorts of large html
	NOTE: files, probably not worth following up on.
CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
	NOT-FOR-US: Open Projects ircd
CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
	- qpopper <not-affected> (Vulnerable code verified not present)
CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
	NOT-FOR-US: Alcatel hardware issue
CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
	- libpam-opie <unfixed> (bug #112279; unimportant)
	NOTE: This is documented and not really important. In contrast to passwords
	NOTE: used by humans
	[sarge] - libpam-opie <no-dsa> (Documented shortcoming, minor impact)
CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
	NOT-FOR-US: Xitami
CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
	NOT-FOR-US: Sun Java
CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
	NOT-FOR-US: Sun
CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
	NOT-FOR-US: UnixWare
CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
	- snort 1.6.1-1
CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
	NOT-FOR-US: Xitami
CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
	NOT-FOR-US: Annuaire
CVE-2005-1974 (Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) ...)
	NOT-FOR-US: Sun Java
CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
	NOT-FOR-US: Sun Java
CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
	NOT-FOR-US: InteractivePHP FusionBB
CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with &quot;Launch with ...)
	NOT-FOR-US: pcAnywhere
CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
	NOT-FOR-US: Pragma Telnetserver
CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
	NOT-FOR-US: ProductCart Ecommerce
CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
	NOT-FOR-US: e107
CVE-2005-1965 (PHP remote file inclusion vulnerability in siteframe.php for Broadpool ...)
	NOT-FOR-US: Broadpool Siteframe
CVE-2005-1964 (PHP remote file inclusion vulnerability in utilit.php for Ovidentia ...)
	NOT-FOR-US: Ovidentia Portal
CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
	NOT-FOR-US: Cerberus Helpdesk
CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
	NOT-FOR-US: C-JDBC
CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
	NOT-FOR-US: C.J. Steele Tattle
CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
	NOT-FOR-US: JamMail
CVE-2005-1958
	REJECTED
CVE-2005-1957 (mtnpeak.net File Upload Manager does not properly check user ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
	NOT-FOR-US: File Upload Manager
CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
	NOT-FOR-US: singapore
CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: singapore
CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
	NOT-FOR-US: Pico Server
CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
	NOT-FOR-US: Pico Server
CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
	NOT-FOR-US: osCommerce
CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webhints
CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
	NOT-FOR-US: e107
CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
	NOT-FOR-US: Invision Gallery
CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
	NOT-FOR-US: Invision Blog
CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
	NOT-FOR-US: xmysqladmin
CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
	NOT-FOR-US: Loki download manager
CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
	NOT-FOR-US: SilverCity
CVE-2005-1940
	RESERVED
CVE-2005-1939 (Directory traversal vulnerability in Ipswitch WhatsUp Small Business ...)
	NOT-FOR-US: Ipswitch WhatsUp
CVE-2005-1938
	REJECTED
CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	- mozilla-firefox 1.0.6-1 (medium)
	- mozilla 2:1.7.10-1 (medium)
	[woody] - mozilla <not-affected> (regression of a previous security fix)
CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
	NOT-FOR-US: Microsoft
CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
	NOT-FOR-US: Xerox hardware issue
CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
	NOT-FOR-US: Microsoft
CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
	NOT-FOR-US: Apple
CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1930 (Directory traversal vulnerability in the Crystal Report component ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1929 (Multiple heap-based buffer overflows in (1) isaNVWRequest.dll and (2) ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1928 (Trend Micro ServerProtect EarthAgent for Windows Management Console ...)
	NOT-FOR-US: Trend Micro ServerProtect
CVE-2005-1927
	RESERVED
CVE-2005-1926
	RESERVED
CVE-2005-1925 (Multiple directory traversal vulnerabilities in Tikiwiki before 1.9.1 ...)
	NOT-FOR-US: Tikiwiki
CVE-2005-1924 (The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote ...)
	NOT-FOR-US: External Squirrelmail plugin not packaged in Debian
CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1 (bug #316401; bug #316462; medium)
CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
	{DSA-737-1 DTSA-3-1}
	- clamav 0.86.1-1 (low)
CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
	- serendipity 1.0-1
	- drupal 4.5.4-1 (high; bug #316362)
	- phpgroupware 0.9.16.006-1 (high)
	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
	- phpwiki 1.3.7-4 (bug #316714; high)
	- php4 4:4.3.10-16 (high; bug #316447)
	- horde3 <not-affected> (horde3 ships different XMLRPC code)
CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
	{DSA-804-2}
	- kdelibs 4:3.4.2-1 (bug #319016; medium)
CVE-2005-1919
	REJECTED
CVE-2005-1918 (The original patch for a GNU tar directory traversal vulnerability ...)
	- tar 1.14-2.2
	NOTE: 1.14-2.2 is ok, maybe Debian was not-affected anyway
CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
	NOT-FOR-US: kpopper, there is a kpopper in kerberos4kth-servers, but this is not the same one
CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
	NOT-FOR-US: log4sh
CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
	{DSA-754-1 DTSA-2-1}
	- centericq 4.20.0-7 (medium)
CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
	{DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.6.11 2.6.11-6 (medium)
CVE-2005-1912
	REJECTED
CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
	- leafnode 1.11.3.rel-1 (bug #338886; low)
	[sarge] - leafnode 1.11.2.rel-1.0sarge0
CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
	NOT-FOR-US: WWWeb Concepts Events System
CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
	NOT-FOR-US: Perception LiteWeb
CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
	NOT-FOR-US: Microsoft
CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
	NOT-FOR-US: livingmailing
CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
	NOT-FOR-US: Kaspersky
CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
	NOT-FOR-US: JiRo's Upload Systems
CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
	NOT-FOR-US: SPA-PRO Mail
CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
	NOT-FOR-US: Sawmill
CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: Sawmill
CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
	NOT-FOR-US: RakNet
CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
	NOT-FOR-US: phpThumb
CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
	NOT-FOR-US: FlexCast
CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
	NOT-FOR-US: FlatNuke
CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
	NOT-FOR-US: Mortiforo
CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
	NOT-FOR-US: Sun ONE
CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
	NOT-FOR-US: Solaris
CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
	NOT-FOR-US: YaPiG
CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
	NOT-FOR-US: YaPiG
CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
	NOT-FOR-US: YaPiG
CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
	NOT-FOR-US: YaPiG
CVE-2005-1882 (PHP remote file inclusion vulnerability in last_gallery.php in YaPiG ...)
	NOT-FOR-US: YaPiG
CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
	NOT-FOR-US: YaPiG
CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: everybuddy
CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: LutelWall
CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
	NOT-FOR-US: GIPTables
CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
	NOT-FOR-US: Lpanel
CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
	NOT-FOR-US: CuteNews
CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
	NOT-FOR-US: Exhibit Engine
CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
	NOT-FOR-US: Dzip
CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
	NOT-FOR-US: Crob
CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
	NOT-FOR-US: WebSphere
CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
	- drupal 4.5.3-1
CVE-2005-1870 (PHP remote file inclusion vulnerability in childwindow.inc.php in ...)
	NOT-FOR-US: Popper
CVE-2005-1869 (PHP remote file inclusion vulnerability in start_lobby.php in MWChat ...)
	NOT-FOR-US: MWChat
CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: I-Man
CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
	NOT-FOR-US: Symantec
CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
	NOT-FOR-US: Calendarix
CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
	NOT-FOR-US: Calendarix
CVE-2005-1864 (PHP remote file inclusion vulnerability in cal_admintop.php in ...)
	NOT-FOR-US: Calendarix
CVE-2003-1218
	REJECTED
CVE-2003-1217
	REJECTED
CVE-2005-1863
	REJECTED
CVE-2005-1862
	REJECTED
CVE-2005-1861
	REJECTED
CVE-2005-1860
	REJECTED
CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
	NOT-FOR-US: arshell
CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
	{DSA-786-1}
	- simpleproxy 3.2-4 (medium)
CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (bug #315582; low)
	NOTE: maybe a duplicate of CVE-2005-2212, author contacted
CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
	{DSA-787-1}
	- backup-manager 0.5.8-2 (medium)
	NOTE: maybe a duplicate of CVE-2005-2211, author contacted
CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to &quot;missing ...)
	{DSA-772-1}
	- apt-cacher 0.9.10 (high)
CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
	{DSA-770-1}
	- gopher 3.0.8 (low)
CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
	{DSA-767-1 DTSA-4-1}
	- kdenetwork 4:3.3.2-5 (bug #319443; unimportant)
	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
	NOTE: no shared lib version is found. As the Debian package has a dependency on
	NOTE: it the maintainer does not intent to fix it, see # 319443
	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...)
	{DSA-760-1 DTSA-4-1}
	- ekg 1:1.5+20050712+1.6rc2-1 (low)
CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
	{DSA-1026-1 DSA-797-2 DSA-797-1 DSA-763-1}
	NOTE: This is only contrib code not built in the binary packages AFAIK
	- zlib 1:1.2.3-1 (low)
	- zsync 0.4.1-1 (low)
	- sash 3.7-5sarge1 (low)
	NOTE: zsync 0.4.0-2 (mentioned in DSA-797-1) was never uploaded.
CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
	{DSA-750-1}
	- dhcpcd 1:1.3.22pl4-22 (medium)
CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
	NOT-FOR-US: YaMT
CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
	NOT-FOR-US: YaMT
CVE-2005-1845
	REJECTED
CVE-2005-1844
	REJECTED
CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
	NOT-FOR-US: Windows
CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
	NOT-FOR-US: Windows
CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
	NOT-FOR-US: acroread
CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
	{DSA-744-1}
	- fuse 2.3.0-1
CVE-2005-2349 [Directory traversal in zoo]
	RESERVED
	- zoo 2.10-4 (low; bug #309594)
CVE-2005-2350 [Cross Site Scripting in websieve]
	RESERVED
	- websieve <removed> (bug #311838; low)
CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
	NOT-FOR-US: phpCMS
CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
	NOT-FOR-US: Liberum
CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
	NOT-FOR-US: Liberum
CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded username ...)
	NOT-FOR-US: Fortinet firewall
CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...)
	NOT-FOR-US: NEXTWEB
CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1831 (** DISPUTED ** ...)
	- sudo <not-affected> (Unreproducable, seems like a broken PAM setup on the submitter's side)
CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...)
	NOT-FOR-US: SoftICE
CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: D-Link hardware issue
CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...)
	NOT-FOR-US: HP Radia
CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...)
	NOT-FOR-US: HP Radia
CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...)
	- mailutils 1:0.6.1-2
CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
	NOT-FOR-US: Qualiteam X-Cart
CVE-2005-1821 (PHP remote file inclusion vulnerability in pdl_header.inc.php in ...)
	NOT-FOR-US: PowerDownload
CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...)
	NOT-FOR-US: Zeroboard
CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...)
	NOT-FOR-US: NikoSoft WebMail
CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
	NOT-FOR-US: NewLife Blogger
CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...)
	NOT-FOR-US: PicoWebServer
CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
	NOT-FOR-US: FutureSoft TFTP Server
CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
	- wordpress 1.5.1.2-1
CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sony hardware issue
CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Stronghold game
CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
	- libphp-phpmailer 1.73
CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
	NOT-FOR-US: PeerCast
CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
	NOT-FOR-US: Online Solutions for Educators
CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
	NOT-FOR-US: Net Portal Dynamic System
CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
	NOT-FOR-US: Nortel hardware
CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
	NOT-FOR-US: Nokia hardware
CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
	NOT-FOR-US: Jaws glossary gadget
CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
	NOT-FOR-US: FreeStyle Wiki
CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
	NOT-FOR-US: ServersCheck
CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
	NOTE: Cryptographic attack on AES, cannot be fixed
CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
	{DSA-749-1}
	- ettercap 1:0.7.1-1.1 (bug #311615)
CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
	NOT-FOR-US: ClamAV on Mac OS X
CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
	NOT-FOR-US: Microsoft
CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
	NOT-FOR-US: Microsoft
CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
	NOT-FOR-US: Microsoft
CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106, and ...)
	{CVE-2005-3896}
	NOT-FOR-US: Microsoft
	NOTE: The exploit causes Mozilla to crash, see CVE-2005-3896.
CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
	NOT-FOR-US: India Software Solution shopping cart
CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: phpStat
CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
	NOT-FOR-US: FunkyASP
CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
	NOT-FOR-US: ZonGG
CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
	NOT-FOR-US: BookReview
CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
	NOT-FOR-US: BookReview
CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
	NOT-FOR-US: MailEnable
CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
	NOT-FOR-US: Active News Manager
CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
	NOT-FOR-US: PostNuke
CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
	NOT-FOR-US: PostNuke
CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
	NOT-FOR-US: C'Nedra
CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
	NOT-FOR-US: Terminator game
CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
	- davfs2 0.2.4-1 (bug #310757; medium)
CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
	NOT-FOR-US: Listserv
CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
	NOT-FOR-US: Terminator game
CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
	NOT-FOR-US: HPUX
CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
	NOT-FOR-US: Avast
CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-756-1}
	- squirrelmail 2:1.4.4-6sarge1 (bug #314374; medium)
CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
	{DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
	{DSA-922-1 DSA-921-1}
	- linux-2.6 2.6.12-1
	- kernel-source-2.4.27 2.4.27-11
	NOTE: amd64 is not supported for 2.4 (the issue is amd64 speficic)
CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
	{DSA-826-1}
	- helix-player 1.0.5-1 (bug #316276; high)
	NOTE: Helix Player is affected according to:
	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
	{DSA-922-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
	{DSA-922-1 DSA-921-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	- kernel-source-2.4.27 2.4.27-11
CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
	{DSA-1018-1 DSA-922-1 DTSA-16-1}
	- linux-2.6 2.6.12-1 (medium)
CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
	NOT-FOR-US: sysreport
CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
	- shtool 2.0.1-2 (low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (unimportant)
	- php4 4:4.4.0-1 (unimportant)
CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
	NOT-FOR-US: Novell
CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
	NOT-FOR-US: Novell
CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
	NOT-FOR-US: Novell
CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
	{DSA-789-1 DTSA-15-1}
	- shtool 2.0.1-2 (bug #311206; low)
	[sarge] - shtool <no-dsa> (Minor issue)
	- mysql-ocaml 1.0.3-6 (bug #314464; unimportant)
	- php4 4:4.3.10-16 (low)
CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
	- linux-2.6 2.6.10-1 (low)
	- linux-2.6.24 <not-affected> (fixed before initial upload)
CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
	- linux-2.6 2.6.32-2 (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: minor issue; solution (removal of cryptoloop) would be a significant change
	NOTE: if backported to the stable releases
	NOTE: mitigation: use dm-crypt or loop-aes for disk encrytion instead of cryptoloop
CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
	NOT-FOR-US: Oracle
CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
	NOT-FOR-US: CVSup third party modules
CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
	NOT-FOR-US: PJ CGI Nero
CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
	- phpbb2 2.0.6d-2
CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SurfNOW
CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
	NOT-FOR-US: WebWeaver
CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
	NOT-FOR-US: Web Blog
CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
	NOT-FOR-US: BlackICE
CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
	NOT-FOR-US: BlackICE
CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
	- gallery 1.4.4-pl1-1
CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
	NOT-FOR-US: Nextplace
CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
	NOT-FOR-US: Intra Forum
CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
	NOT-FOR-US: Borland Web Server
CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Reptile Web Server
CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...)
	NOT-FOR-US: Oracle
CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...)
	NOT-FOR-US: ProxyNow!
CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...)
	NOT-FOR-US: BremsServer
CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...)
	NOT-FOR-US: BremsServer
CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...)
	NOT-FOR-US: Phorum
CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...)
	NOT-FOR-US: Freesco
CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...)
	NOT-FOR-US: Need for Speed game
CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
	NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
	- fvwm <not-affected> (Used mktemp)
	- xbase-clients <not-affected> (x11perfcomp uses mkdir atomically)
	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
	NOT-FOR-US: Mephistoles
CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
	- honeyd 0.8-1
CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...)
	NOT-FOR-US: WebcamXP
CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
	- phpbb2 2.0.8a-1
CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
	- moodle 1.4.4.dfsg.1-3
CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
	RESERVED
	- mutt 1.5.20-7 (bug #311296; unimportant)
	[sarge] - mutt <no-dsa> (Minor annoyance, not a real DoS)
	NOTE: An "attacker" could achieve the same by simply filling up /tmp
CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
	NOTE: no longer affected.
	- gforge 3.1-26
CVE-2005-XXXX [osh buffer overflow]
	- osh 1.7-13 (bug #311369)
CVE-2005-XXXX [xile buffer overrun in terminal code]
	- zile 2.0.4-2
CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
	NOT-FOR-US: ezwdc NewsletterEz
CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...)
	NOT-FOR-US: Halo
CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
	- net-snmp <not-affected> (fixproc not installed in Debian package)
CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...)
	NOT-FOR-US: Iron Bars Shell
CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow &quot;non-authorized ...)
	NOT-FOR-US: PROMS
CVE-2005-1736 (PROMS 0.11 does not properly handle &quot;certain combinations of rights,&quot; ...)
	NOT-FOR-US: PROMS
CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
	NOT-FOR-US: PROMS
CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
	NOT-FOR-US: PROMS
CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
	NOT-FOR-US: Cookie Cart
CVE-2005-1731
	REJECTED
CVE-2005-1730 (Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in ...)
	NOT-FOR-US: Novell iManager
CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Novell
CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
	NOT-FOR-US: Apple
CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
	NOT-FOR-US: Apple
CVE-2005-1726 (The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
	NOT-FOR-US: Apple
CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
	NOT-FOR-US: Apple
CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
	NOT-FOR-US: Apple
CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
	NOT-FOR-US: Apple
CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
	NOT-FOR-US: Apple
CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
	NOT-FOR-US: avast! antivirus
CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
	NOT-FOR-US: War Times
CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
	NOT-FOR-US: Zyxel hardware
CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
	NOT-FOR-US: TOPo
CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
	NOT-FOR-US: TOPo
CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
	NOT-FOR-US: SurgeMail
CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
	NOT-FOR-US: Serendipity
CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
	NOT-FOR-US: Serendipity
CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
	NOT-FOR-US: Gibraltar Firewall
CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...)
	NOT-FOR-US: Blue Coat
CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
	NOT-FOR-US: Gentoo
CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
	- mailscanner 4.42.9 (bug #310774; low)
	[sarge] - mailscanner <no-dsa> (Minor issue)
CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
	- gdb 6.3-6
CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
	- gdb 6.3-6
CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
	NOT-FOR-US: Warrior Kings: Battles
CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
	NOT-FOR-US: PortailPHP
CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
	NOT-FOR-US: PostNuke
CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
	NOT-FOR-US: PostNuke
CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
	NOT-FOR-US: PostNuke
CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
	NOT-FOR-US: PostNuke
CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
	NOT-FOR-US: PostNuke
CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
	NOT-FOR-US: PostNuke
CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
	NOT-FOR-US: CA Antivirus
CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...)
	- gxine 0.4.7-0.1 (bug #310712; medium)
CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
	NOT-FOR-US: SAP
CVE-2005-1690
	REJECTED
CVE-2005-1689 (Double free vulnerability in the krb5_recvauth function in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (medium)
CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
	- wordpress 1.5.1-1
CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
	- wordpress 1.5.1-1
CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
	{DSA-753-1}
	NOTE: Only exploitable under rare circumstances
	- gedit 2.10.3-1 (low)
CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
	NOT-FOR-US: episodex
CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
	NOT-FOR-US: episodex
CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-1682 (** DISPUTED ** ...)
	NOT-FOR-US: Solstice Internet Mail Server
CVE-2005-1681 (PHP remote file inclusion vulnerability in common.php in phpATM 1.21, ...)
	NOT-FOR-US: phpATM
CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
	NOT-FOR-US: D-Link hardware
CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
	- picasm 1.12c-1
CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
	NOT-FOR-US: Groove
CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
	NOT-FOR-US: Groove
CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
	NOT-FOR-US: Groove
CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
	NOT-FOR-US: Groove
CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
	NOT-FOR-US: Help Center Live
CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
	NOT-FOR-US: Extreme BlackDiamond hardware
CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
	NOT-FOR-US: Opera
CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
	NOT-FOR-US: YusASP Web Asset Manager
CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
	NOT-FOR-US: DataTrac Activity Console
CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
	NOT-FOR-US: Orenosv
CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
	NOT-FOR-US: Microsoft
CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Jeuce Personal Web Server
CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
	NOT-FOR-US: EZGuestbook
CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
	NOT-FOR-US: MyServer
CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
	NOT-FOR-US: MyServer
CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
	NOT-FOR-US: Mercur Messaging
CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
	- rsync 2.6.1-1
CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
	NOT-FOR-US: InoculateIT
CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
	NOT-FOR-US: Microsoft
CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Matrix FTP Server
CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
	NOT-FOR-US: Sophos
CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
	NOT-FOR-US: Sambar
CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
	NOT-FOR-US: phpcodeCabinet
CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
	NOT-FOR-US: JShop
CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
	NOT-FOR-US: Opera
CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
	NOT-FOR-US: Nadeo
CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
	NOT-FOR-US: Jelsoft Bulletin
CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sophos
CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
	NOT-FOR-US: Dream FTP
CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
	- kernel-patch-vserver 1.9.4-1
CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
	NOT-FOR-US: Mambo
CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
	NOT-FOR-US: Macallan
CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
	NOT-FOR-US: VisualShapers
CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
	NOT-FOR-US: MaxWebPortal
CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
	NOT-FOR-US: Monkey
CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
	NOT-FOR-US: Oracle
CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Crob
CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
	NOT-FOR-US: Crob
CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Crob
CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
	NOT-FOR-US: Monkey
CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
	NOT-FOR-US: Mambo
CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
	NOT-FOR-US: Caucho Technology Resin
CVE-2005-XXXX [Two DoS condition in ekg]
	- ekg 1:1.5+20050411-3
CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
	- lcrash 7.0.0.pre.cvs.20050322-3
CVE-2005-XXXX [Multiple security problems in lbreakout2]
	- lbreakout2 2.5.2-2
CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
	NOT-FOR-US: Woppoware
CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
	NOT-FOR-US: Woppoware
CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
	NOT-FOR-US: Woppoware
CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
	NOT-FOR-US: Woppoware
CVE-2005-1649 (The IPv6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
	NOT-FOR-US: Windows
CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
	NOT-FOR-US: GASoft
CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
	NOT-FOR-US: GASoft
CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
	NOT-FOR-US: Fastream NETFile
CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
	NOT-FOR-US: Keyvan1 Gallery
CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
	NOT-FOR-US: Livre d'Or
CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
	NOT-FOR-US: Zoidcom
CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
	NOT-FOR-US: Ignition Project
CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
	NOT-FOR-US: Sigma
CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
	NOT-FOR-US: SafeHTML
CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
	NOT-FOR-US: NPDS
CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
	{DSA-783-1}
	- mysql-dfsg 4.0.12-2 (bug #319526; low)
	- mysql-dfsg-4.1 4.1.12 (medium; bug #319526)
	- mysql-dfsg-5.0 5.0.11beta-3 (medium)
CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
	- cheetah 0.9.16-1
CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
	NOT-FOR-US: Booby
CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
	NOT-FOR-US: phpbb attachment mod
CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
	NOT-FOR-US: Photopost
CVE-2005-1628 (apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows ...)
	NOT-FOR-US: WebAPP
CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to &quot;a ...)
	- viewglob 2.0.1-1
	[sarge] - viewglob <not-affected> (1.x version in Sarge is not vulnerable)
CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
	NOT-FOR-US: Pico Server
CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-1624
	RESERVED
CVE-2005-1623
	RESERVED
CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
	NOT-FOR-US: MetaCart
CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
	NOT-FOR-US: Postnuke mod
CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
	NOT-FOR-US: Skull-Splitter Guestbook
CVE-2005-1619 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: PHPMyChat
CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
	NOT-FOR-US: Willings WebCAM
CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
	NOT-FOR-US: OpenBB
CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
	NOT-FOR-US: OpenBB
CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
	NOT-FOR-US: Web Crossing
CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
	NOT-FOR-US: Tru-Zone NukeET
CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
	NOT-FOR-US: Sun StorEdge 6130 Arrays
CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
	NOT-FOR-US: Remote Cart
CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
	NOT-FOR-US: H-Sphere Winbox
CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
	NOT-FOR-US: guestbook for SiteStudio
CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
	NOT-FOR-US: phpATM
CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
	NOT-FOR-US: NiteEnterprises Remote File Manager
CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
	NOT-FOR-US: Net56 Browser Based File Manager
CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
	NOT-FOR-US: MRO Maximo Self Service
CVE-2005-1600 (A &quot;mathematical flaw&quot; in the implementation of the El Gamal signature ...)
	NOT-FOR-US: LibTomCrypt
CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
	NOT-FOR-US: Kryloff Technologies Subject Search Server
CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
	NOT-FOR-US: Fusion SBX
CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
	NOT-FOR-US: CodeThat ShoppingCart
CVE-2005-1592 (Multiple &quot;javascript vulerabilities in BB code&quot; in BirdBlog before ...)
	NOT-FOR-US: BirdBlog
CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
	NOT-FOR-US: LedForums
CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: HTTP Commander
CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
	- clamav 0.85.1-1 (low)
	[sarge] - clamav 0.84-2.sarge.1
CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
	- xorg-x11 <not-affected> (Xfree-specific, inspected the Subversion tree)
CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
	[sarge] - kernel-source-2.6.8 <not-affected>
CVE-2005-1588 (** DISPUTED ** ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
	NOT-FOR-US: Quick.cart
CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
	NOT-FOR-US: Quick.Forum
CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
	NOT-FOR-US: 1Two News
CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
	NOT-FOR-US: 1Two News
CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
	NOT-FOR-US: bug_list.php
CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
	NOT-FOR-US: BoastMachine
CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
	NOT-FOR-US: Apple
CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
	NOT-FOR-US: EnCase
CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
	NOT-FOR-US: APG Classmaster
CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
	NOTE: appears windows specific
CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
	NOT-FOR-US: Windows
CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
	NOT-FOR-US: ASP Virtual News Manager
CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: ShowOff
CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
	NOT-FOR-US: ShowOff
CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
	NOTE: for-for-us (bttlxeForum)
CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
	NOT-FOR-US: DirectTopics
CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
	NOT-FOR-US: Acrowave AAP-3100AR wireless router
CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
	[woody] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	[sarge] - bugzilla <not-affected> (Only Bugzilla >= 2.17 is affected)
	- bugzilla 2.18-7 (bug #308789; medium)
CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
	- bugzilla 2.16.7-7sarge1
CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
	NOT-FOR-US: Nexusway
CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
	NOT-FOR-US: Nexusway
CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
	NOT-FOR-US: Nexusway
CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
	NOT-FOR-US: WebApp Guestbook PRO
CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
	NOT-FOR-US: Gamespy cd-key validation system
CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
	NOT-FOR-US: JRun
CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
	NOT-FOR-US: WowBB
CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
	NOT-FOR-US: GeoVision Digital Video Surveillance System
CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
	NOT-FOR-US: easy message board
CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
	NOT-FOR-US: easy message board
CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
	NOT-FOR-US: Bakbone Netvault
CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
	{DSA-743-1}
	- ht 0.8.0-3 (bug #308587)
CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...)
	{DSA-755-1}
	NOTE: CVE info about vulnerable version number is bogus
	- tiff 3.7.2-3 (bug #309739)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
	NOT-FOR-US: Novell Zenworks
CVE-2005-1542
	RESERVED
CVE-2005-1541
	RESERVED
CVE-2005-1540
	RESERVED
CVE-2005-1539
	RESERVED
CVE-2005-1538
	RESERVED
CVE-2005-1537
	RESERVED
CVE-2005-1536
	RESERVED
CVE-2005-1535
	RESERVED
CVE-2005-1534
	RESERVED
CVE-2005-1533
	RESERVED
CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
	- mozilla-firefox 1.0.4
	- mozilla 2:1.7.8
CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with &quot;Scan inside archive files&quot; enabled, ...)
	NOT-FOR-US: Sophos
CVE-2005-1529
	RESERVED
CVE-2005-1528 (Untrusted search path vulnerability in the crttrap command in QNX ...)
	NOT-FOR-US: QNX
CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
	{DSA-892-1}
	- awstats 6.4-1.1 (bug #322591; bug #334833; bug #336137; medium)
CVE-2005-1526 (PHP remote file inclusion vulnerability in config_settings.php in ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
	{DSA-764-1}
	- cacti 0.8.6e-1 (bug #315703; high)
CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
	{DSA-732-1}
	- mailutils 1:0.6.1-3
CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
	{DSA-751-1}
	- squid 2.5.9-9 (bug #309504)
CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
	NOT-FOR-US: Solaris
CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
	NOT-FOR-US: Cisco
CVE-2005-XXXX [Buffer overflow in libotr]
	- libotr 2.0.2-1
CVE-2005-XXXX [vpnc: config file path security hole]
	- vpnc 0.3.2+SVN20050326-2
CVE-2005-XXXX [Several buffer overflows in termpkg]
	- termpkg 3.3-2
CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
	NOTE: already fixed since 2.15-6
	- binutils 2.15-6
CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
	- kmd 0.9.19-1.1
CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
	NOTE: Source package has been renamed from unrar to unrar-free
	- unrar-free 1:0.0.1-2
CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
	NOT-FOR-US: PwsPHP
CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
	NOT-FOR-US: WebSTAR
CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...)
	NOT-FOR-US: CJ Ultra Plus
CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
	NOT-FOR-US: MacOS
CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
	NOT-FOR-US: MidiCart
CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: MidiCart
CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
	NOT-FOR-US: myBloggie
CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
	NOT-FOR-US: myBloggie
CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
	NOT-FOR-US: myBloggie
CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
	NOT-FOR-US: myBloggie
CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
	NOT-FOR-US: Oracle
CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
	NOT-FOR-US: Oracle
CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
	NOT-FOR-US: MegaBook
CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
	NOT-FOR-US: SimpleCam
CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
	NOT-FOR-US: Gossamer Threads Links
CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
CVE-2005-1487 (** DISPUTED ** ...)
	NOT-FOR-US: FishCart
CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
	NOT-FOR-US: FishCart
CVE-2005-1485 (Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
	NOT-FOR-US: Golden FTP Server Pro
CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
	NOT-FOR-US: ArticleLive
CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
	NOT-FOR-US: ASP Inline Corporate Calendar
CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
	NOT-FOR-US: RaidenFTPD
CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
	NOT-FOR-US: JGS-Portal
CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
	NOT-FOR-US: DMail
CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
	NOT-FOR-US: DMail
CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
	- qmail 1.03-38
CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
	- qmail 1.03-38
CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
	- qmail 1.03-38
CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and ...)
	NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
	NOT-FOR-US: LinPHA
CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
	- dansguardian 2.5.2-0-0.1
CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier ...)
	NOT-FOR-US: lostBook
CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
	NOT-FOR-US: RiSearch
CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
	- phpbb2 2.0.10-1
CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
	- phpbb2 2.0.10-1
CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
	NOT-FOR-US: Easyins Stadtportal
CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
	NOT-FOR-US: no_package
CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
	NOT-FOR-US: no_package
CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
	NOT-FOR-US: no_package
CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
	NOT-FOR-US: no_package
CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
	NOT-FOR-US: no_package
CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
	{DSA-1014-1}
	- firebird2 1.5.3.4870-3 (bug #357580)
CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
	NOT-FOR-US: no_package
CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in ...)
	NOT-FOR-US: no_package
CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
	NOT-FOR-US: no_package
CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: no_package
CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
	NOT-FOR-US: no_package
CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
	NOT-FOR-US: no_package
CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: no_package
CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
	NOT-FOR-US: no_package
CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: no_package
CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
	NOT-FOR-US: no_package
CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
	NOT-FOR-US: no_package
CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
	NOT-FOR-US: no_package
CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
	NOT-FOR-US: no_package
CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
	NOT-FOR-US: no_package
CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
	- icecast2 2.0.1.debian-1
CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
	- pound 1.7-1
CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
	NOT-FOR-US: no_package
CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
	NOT-FOR-US: no_package
CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
	NOT-FOR-US: no_package
CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
	NOT-FOR-US: various perls on Windows
CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
	NOT-FOR-US: osCommerce
CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
	NOT-FOR-US: php-nuke
CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
	NOT-FOR-US: php-nuke
CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x ...)
	NOT-FOR-US: php-nuke
CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
	NOT-FOR-US: netchat
CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
	NOT-FOR-US: WebCT
CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
	- wget 1.9.1-12
CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
	NOT-FOR-US: NetBSD
CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 ...)
	NOT-FOR-US: phpShop
CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of &quot;Everyone ...)
	NOT-FOR-US: OfficeScan
CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
	NOT-FOR-US: Eudora
CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
	NOT-FOR-US: SUSE Live CD
CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
	NOT-FOR-US: DeleGate
CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
	NOT-FOR-US: IRIX
CVE-2004-2001 (ifconfig &quot;-arp&quot; in SGI IRIX 6.5 through 6.5.22m does not properly ...)
	NOT-FOR-US: IRIX
CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
	NOT-FOR-US: Php-Nuke
CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
	NOT-FOR-US: Windows
CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
	NOT-FOR-US: php-nuke
CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
	NOT-FOR-US: kolab
CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
	NOT-FOR-US: omail
CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
	NOT-FOR-US: aweb
CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: aweb
CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
	NOT-FOR-US: Coppermine
CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
	NOT-FOR-US: Coppermine
CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
	NOT-FOR-US: Coppermine
CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
	- kernel-patch-adamantix <not-affected> (Only affects PaX for kernel 2.6)
CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
	NOT-FOR-US: YaBB
CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
	NOT-FOR-US: Crystal Reports
CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
	NOT-FOR-US: PROPS
CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
	NOT-FOR-US: PROPS
CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
	- moodle 1.3
CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
	NOT-FOR-US: paFileDB
CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: paFileDB
CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: DiGi Web Server
CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
	NOT-FOR-US: OpenBB
CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
	NOT-FOR-US: OpenBB
CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
	NOT-FOR-US: OpenBB
CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
	NOT-FOR-US: Protector System
CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
	NOT-FOR-US: Protector System
CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
	NOT-FOR-US: Protector System
CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
	NOT-FOR-US: Protector System
CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
	NOT-FOR-US: Unreal engine
CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
	NOT-FOR-US: PostNuke
CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
	NOT-FOR-US: PostNuke
CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
	NOT-FOR-US: phProfession
CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
	NOT-FOR-US: phProfession
CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: phProfession
CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
	- xine-ui 0.99.1
CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
	- phpbb2 2.0.9
CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
	NOT-FOR-US: PostNuke
CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
	- ncftp 2:3.1.8-1 (low)
CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
	NOT-FOR-US: bitdefender
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
	- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
	NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB ...)
	NOT-FOR-US: phpbb as modified by przemo
CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
	NOT-FOR-US: Solaris
CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
	NOT-FOR-US: Fastream NETFile FTP/Web Server
CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
	- kphone 1:4.0.2
CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
	NOT-FOR-US: Zaep
CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
	NOT-FOR-US: Phorum
CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
	NOT-FOR-US: Nuked-KlaN
CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
	NOT-FOR-US: SCT Campus Pipeline
CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 ...)
	NOT-FOR-US: Gemitel
CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
	NOT-FOR-US: Citadel
CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
	NOT-FOR-US: MSIE
CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded &quot;1502&quot; ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
	NOT-FOR-US: Crackalaka
CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: rsniff
CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
	- lcdproc 0.4.5
CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
	- lcdproc 0.4.5
CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
	- lcdproc 0.4.5
CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
	NOT-FOR-US: phpnuke
CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
	NOT-FOR-US: phpnuke
CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
	NOT-FOR-US: phpnuke
CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
	NOT-FOR-US: AzDGDatingLite
CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
	NOT-FOR-US: Symantec
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
	- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
	NOT-FOR-US: blaxxun
CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
	NOT-FOR-US: Citrix MetaFrame Password Manager
CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: gentoo portage
CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
	NOT-FOR-US: IGI 2 Covert Strike server
CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
	- monit 1:4.2.1
CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
	- monit 1:4.2.1-1
CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
	- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
	NOT-FOR-US: no_package
CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ...)
	NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
	NOT-FOR-US: no_package
CVE-2004-1893 (Dreamweaver MX, when &quot;Using Driver On Testing Server&quot; or &quot;Using DSN on ...)
	NOT-FOR-US: no_package
CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...)
	NOT-FOR-US: no_package
CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 &quot;doesn't work with ...)
	NOT-FOR-US: no_package
CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
	NOT-FOR-US: no_package
CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
	NOT-FOR-US: no_package
CVE-2004-1886
	REJECTED
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
	NOT-FOR-US: no_package
CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
	NOT-FOR-US: no_package
CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...)
	NOT-FOR-US: no_package
CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...)
	NOT-FOR-US: no_package
CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...)
	- openldap2 2.1.17-1
CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...)
	NOT-FOR-US: no_package
CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...)
	NOT-FOR-US: no_package
CVE-2004-1876 (The &quot;%f&quot; feature in the VirusEvent directive in Clam AntiVirus daemon ...)
	- clamav 0.70-1
CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...)
	NOT-FOR-US: no_package
CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...)
	NOT-FOR-US: no_package
CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
	NOT-FOR-US: no_package
CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: no_package
CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...)
	NOT-FOR-US: no_package
CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...)
	NOT-FOR-US: no_package
CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...)
	NOT-FOR-US: no_package
CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
	- nstx 1.1-beta4-1
CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...)
	NOT-FOR-US: no_package
CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
	NOT-FOR-US: no_package
CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka ...)
	NOT-FOR-US: no_package
CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
	NOT-FOR-US: no_package
CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
	NOT-FOR-US: no_package
CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
	NOT-FOR-US: no_package
CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
	NOT-FOR-US: no_package
CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...)
	NOT-FOR-US: no_package
CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
	NOT-FOR-US: no_package
CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...)
	NOT-FOR-US: no_package
CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...)
	NOT-FOR-US: no_package
CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...)
	NOT-FOR-US: no_package
CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
	NOT-FOR-US: no_package
CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: no_package
CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: no_package
CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...)
	NOT-FOR-US: no_package
CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...)
	NOT-FOR-US: no_package
CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...)
	NOT-FOR-US: no_package
CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...)
	NOT-FOR-US: no_package
CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
	NOT-FOR-US: no_package
CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
	NOT-FOR-US: no_package
CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...)
	NOT-FOR-US: no_package
CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...)
	NOT-FOR-US: no_package
CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...)
	NOT-FOR-US: no_package
CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...)
	- apache2 2.0.53-1
CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
	NOT-FOR-US: no_package
CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...)
	NOT-FOR-US: no_package
CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...)
	NOT-FOR-US: no_package
CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...)
	NOT-FOR-US: no_package
CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...)
	NOT-FOR-US: no_package
CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...)
	NOT-FOR-US: no_package
CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...)
	NOT-FOR-US: no_package
CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
	NOT-FOR-US: no_package
CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
	NOT-FOR-US: no_package
CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
	NOT-FOR-US: no_package
CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
	NOT-FOR-US: no_package
CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in ...)
	NOT-FOR-US: no_package
CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...)
	NOT-FOR-US: no_package
CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...)
	NOT-FOR-US: no_package
CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...)
	NOT-FOR-US: no_package
CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
	NOT-FOR-US: no_package
CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
	NOT-FOR-US: no_package
CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...)
	NOT-FOR-US: no_package
CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...)
	NOT-FOR-US: no_package
CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...)
	NOT-FOR-US: no_package
CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...)
	NOT-FOR-US: no_package
CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
	NOT-FOR-US: no_package
CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...)
	- phpbb2 2.0.10-1
	NOTE: probably fixed in 2.0.6d-3
CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...)
	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
	NOTE: see bug #308875
CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...)
	NOT-FOR-US: no_package
CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...)
	NOT-FOR-US: no_package
CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...)
	NOT-FOR-US: no_package
CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...)
	NOT-FOR-US: no_package
CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: no_package
CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...)
	NOT-FOR-US: no_package
CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...)
	NOT-FOR-US: no_package
CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
	NOT-FOR-US: no_package
CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...)
	NOT-FOR-US: no_package
CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...)
	NOT-FOR-US: ZyWALL
CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...)
	NOT-FOR-US: ASP-Nuke
CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...)
	NOT-FOR-US: PostCalendar
CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
	NOT-FOR-US: PortalApp
CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...)
	NOT-FOR-US: web server of Webcam Watchdog
CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...)
	NOT-FOR-US: Net2Soft Flash FTP Server
CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...)
	NOT-FOR-US: Athena Web Registration
CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...)
	NOT-FOR-US: ThWboard
CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...)
	NOT-FOR-US: omail webmail
CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...)
	- openldap2 2.1.17-1
CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...)
	NOT-FOR-US: MDaemon
CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...)
	NOT-FOR-US: MyProxy
CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...)
	- cherokee 0.4.21b01-1
CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...)
	NOT-FOR-US: VieBoard
CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...)
	NOT-FOR-US: VieBoard
CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...)
	NOT-FOR-US: Booby
CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...)
	NOT-FOR-US: Portal DB
CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...)
	NOT-FOR-US: IA WebMail Server
CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
	NOT-FOR-US: e107
CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
	NOT-FOR-US: PHPRecipeBook
CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...)
	NOT-FOR-US: Nokia IPSO
CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Unichat
CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...)
	NOT-FOR-US: PHPKIT
CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...)
	NOT-FOR-US: TelCondex SimpleWebServer
CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...)
	NOT-FOR-US: ThWboard
CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...)
	NOT-FOR-US: ThWboard
CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...)
	NOT-FOR-US: Oracle Collaboration Suite
CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...)
	NOT-FOR-US: MPM Guestbook
CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 ...)
	NOT-FOR-US: Advanced Poll
CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...)
	NOT-FOR-US: Sympoll
CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
	NOT-FOR-US: NullSoft Shoutcast Server
CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
	NOT-FOR-US: Centrinity FirstClass
CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...)
	NOT-FOR-US: Apache Software Foundation Cocoon
CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...)
	- libapache-mod-security 1.8.4-1
CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
	NOT-FOR-US: kpopup
CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
	NOT-FOR-US: DATEV Nutzungskontrolle
CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...)
	NOT-FOR-US: kpopup
CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...)
	NOT-FOR-US: HTTP Commander
CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...)
	- mldonkey 2.5.11-1
CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Ganglia gmond
CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
	NOT-FOR-US: Tritanium Bulletin Board
CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
	- linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper)
CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
	NOT-FOR-US: FlexWATCH
CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
	NOT-FOR-US: Plug and Play Web Server
CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
	NOT-FOR-US: Citrix
CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
	NOT-FOR-US: Sun JRE/SDK
CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
	- xcdroast 0.98+0alpha15-1 (bug #310046)
CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...)
	NOT-FOR-US: MAILsweeper
CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
	NOT-FOR-US: byteHoard
CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
	NOT-FOR-US: WebTide
CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...)
	NOT-FOR-US: Fastream
CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
	NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...)
	NOT-FOR-US: Les Visiteurs
CVE-2003-1147
	REJECTED
CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
	NOT-FOR-US: Easy PHP Photo Album
CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
	NOT-FOR-US: OpenAutoClassifieds
CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...)
	NOT-FOR-US: Perception LiteServe
CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
	NOT-FOR-US: Croteam Serious Sam demo
CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...)
	NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...)
	NOT-FOR-US: Musicqueue
CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...)
	- apache2 <not-affected> (Red Hat specific default config)
CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...)
	NOT-FOR-US: sh-httpd
CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...)
	NOT-FOR-US: Chi Kien Uong Guestbook
CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
	NOT-FOR-US: Sun JVM
CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
	NOT-FOR-US: The Bat!
CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to ...)
	NOT-FOR-US: vBulletin
CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
	NOT-FOR-US: PortalApp
CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
	- mozilla-firefox 1.0.4-1
CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
	NOT-FOR-US: Opera
CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
	NOT-FOR-US: Apple
CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
	NOT-FOR-US: Apple
CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...)
	NOT-FOR-US: Apple
CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
	NOT-FOR-US: RSA SecurID Web Agent
CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
	- mailutils 1:0.6.1-2
CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
	- maradns 1.0.27-1
CVE-2005-2352 [Temp file races in gs-gpl addons scripts]
	RESERVED
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
CVE-2005-XXXX [Possible SQL injection in freeradius]
	- freeradius 1.0.2-4
CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
	{DSA-1051-1 DSA-1046-1}
	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
	[sarge] - mozilla-thunderbird 1.0.2-2.sarge1.0.8 (low)
	- firefox 1.5.dfsg+1.5.0.2-1
	- thunderbird 1.5.0.2-1
	- xulrunner 1.8.0.1-9
CVE-2005-XXXX [Directory traversal in unzoo]
	- unzoo 4.4-4
CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
	- syslog-ng 1.6.5-2.1
CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
	- trackballs 1.1.1-1 (bug #302454; medium)
	[sarge] - trackballs <no-dsa> (Hardly exploitable)
	NOTE: CVE request sent to mitre (who sent this? any response?)
	NOTE: Trackballs doesn't run as gid games anymore, high-score files are
	NOTE: stored in user's home directories instead.
CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1462 (Double free vulnerability in the ICEP dissector in Ethereal before ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1458 (Multiple unknown &quot;other problems&quot; in the KINK dissector in Ethereal ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
	- ethereal 0.10.10-2sarge2
CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...)
	- freeradius 1.0.2-4
CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...)
	- freeradius 1.0.2-4
CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
	- leafnode 1.11.2.rel-1
CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
	- openssh 1:3.8p1
CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2005-XXXX [Missing input validation in xtradius]
	- xtradius 1.2.1-beta2-2 (bug #307796; unimportant)
CVE-2005-XXXX [fai tempfile vulnerability]
	- fai 2.8.2
CVE-2005-2354 [nvu uses old copy of mozilla xpcom]
	RESERVED
	NOTE: have not checked to see which security holes are in it exactly
	- nvu <removed> (bug #306822; medium)
CVE-2005-2356
	RESERVED
	NOTE: This was assigned to an eskuel non-issue before due to Red Hat typos
CVE-2005-XXXX [Buffer overflow in elog's header buffer]
	- elog 2.5.7+r1558-3 (bug #349528; high)
CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
	- ipsec-tools 1:0.5.2-1
CVE-2005-1452 (Serendipity before 0.8 allows Chief users to &quot;hide plugins installed ...)
	- serendipity 1.0-1
CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
	- serendipity 1.0-1
CVE-2005-1450 (Unknown vulnerability in &quot;the function used to validate path-names for ...)
	- serendipity 1.0-1
CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
	- serendipity 1.0-1
CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
	- serendipity 1.0-1
CVE-2005-1447 (PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
	NOT-FOR-US: SitePanel
CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
	NOT-FOR-US: SitePanel
CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
	NOT-FOR-US: SitePanel
CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
	NOT-FOR-US: ViArt Shop
CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
	NOT-FOR-US: osTicket
CVE-2005-1438 (PHP remote file inclusion vulnerability in main.php in osTicket allows ...)
	NOT-FOR-US: osTicket
CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
	NOT-FOR-US: osTicket
CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
	NOT-FOR-US: osTicket
CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
	- openwebmail <removed>
CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1432
	RESERVED
CVE-2005-1431 (The &quot;record packet parsing&quot; in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
	NOT-FOR-US: WWWguestbook
CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
	NOT-FOR-US: Uapplication Uphotogallery
CVE-2005-1426 (Uapplication Ublog Reload stores sensitive information under the web ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-1425 (Uapplication Uguestbook 1.0 stores sensitive information under the web ...)
	NOT-FOR-US: Uapplication Uguestbook
CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
	NOT-FOR-US: GoText
CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
	NOT-FOR-US: 602 LAN SUITE
CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
	NOT-FOR-US: Raysoft Video Cam Server
CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
	NOT-FOR-US: Ocean12 Mailing list manager
CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
	NOT-FOR-US: Netleaf
CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
	NOT-FOR-US: 04WebServer
CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
	NOT-FOR-US: GlobalSCAPE Secure FTP Server
CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
	NOT-FOR-US: FilePocket
CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
	NOT-FOR-US: enVivo
CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
	NOT-FOR-US: ECommPro
CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
	NOT-FOR-US: ICUII
CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
	- postgresql 7.4.7-6
CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
	- postgresql 7.4.7-6
CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Apple
CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
	NOT-FOR-US: Skype
CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
	NOT-FOR-US: JW Amazon Web Store
CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
	NOT-FOR-US: NeL libarary
CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
	NOT-FOR-US: Mtp-Target
CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
	- kfreebsd5-source 5.3-10
CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
	- kfreebsd5-source 5.3-10
CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
	NOT-FOR-US: Skype
CVE-2004-1777 (A &quot;range check error&quot; in Skype for Windows before 0.98.0.28 allows ...)
	NOT-FOR-US: Skype
CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
	NOT-FOR-US: PHPCart
CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
	NOT-FOR-US: PHPCalender
CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
	NOT-FOR-US: ARPUS Ceterm
CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
	NOT-FOR-US: ArcGIS
CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
	- phpmyadmin <not-affected> (Only part of examples that an admin would need to modify anyway)
CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
	{DSA-934-1}
	[sarge] - pound 1.8.2-1sarge1
	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
CVE-2005-1390
	REJECTED
CVE-2005-1389
	REJECTED
CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
	NOT-FOR-US: SURVIVOR
CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Safari
CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
	NOT-FOR-US: phpCoin
CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
	NOT-FOR-US: Oracle
CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
	NOT-FOR-US: Oracle
CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
	NOT-FOR-US: Oracle
CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
	NOT-FOR-US: BEA Weblogic
CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
	- lam <not-affected> (Mandrake specific packaging flaw)
CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
	NOT-FOR-US: phpbb mod
CVE-2005-1377 (Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
	NOT-FOR-US: Claroline
CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 ...)
	NOT-FOR-US: Claroline
CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 ...)
	NOT-FOR-US: Claroline
CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
	NOT-FOR-US: Koobi CMS
CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
	NOT-FOR-US: NetVault
CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
	NOT-FOR-US: NetVault
CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
	NOT-FOR-US: HP OpenView
CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
	- kernel-source-2.4.27 <not-affected>
	- kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
	[sarge] - kernel-source-2.6.8 <not-affected>
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.8)
CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
	NOT-FOR-US: pServ
CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: pServ
CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: pServ
CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
	- shadow 4.0.8
	[sarge] - shadow <not-affected> (was introduced after version 4.0.3)
	[woody] - shadow <not-affected> (was introduced after version 4.0.3)
CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
	NOT-FOR-US: MetaBid Auctions
CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
	NOT-FOR-US: MetaCart
CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
	NOT-FOR-US: MetaCart
CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
	NOT-FOR-US: MetaCart
CVE-2005-1360 (PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 ...)
	NOT-FOR-US: GrayCMS
CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
	NOT-FOR-US: text.cgi
CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: text.cgi
CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
	NOT-FOR-US: text.cgi
CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
	NOT-FOR-US: includer.cgi
CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: forum.pl
CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: forum.pl
CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: ad.cgi
CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
	{DSA-727-1}
	- libconvert-uulib-perl 1.0.5.1
CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
	NOT-FOR-US: MailEnable
CVE-2005-1347 (** UNVERIFIABLE ** ...)
	NOT-FOR-US: acrobat
CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
	NOT-FOR-US: Symantec
CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
	{DSA-721-1}
	- squid 2.5.9-7
CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
	- apache2 2.0.54-3 (bug #322604)
CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
	NOT-FOR-US: vpnd for Mac OS X
CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Apple Terminal
CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
	- lukemftpd <not-affected> (our lukemftpd uses pw->pw_name when checking /etc/ftpchroot)
CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1334
	REJECTED
CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
	NOT-FOR-US: Mac OS X
CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
	NOT-FOR-US: VooDoo cIRCle BOTNET
CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
	NOT-FOR-US: phpMyVisites
CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
	NOT-FOR-US: NetTerm
CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
	- nag 1.1-3.1 (bug #307173)
CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
	- sork-vacation 2.2.2-1
CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
	- mnemo 1.1-2.1 (bug #307180)
	- mnemo2 <not-affected> (fixed before 2.1.1)
CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
	- imp4 <not-affected>
	- imp3 3.2.8-1 (bug #328218; low)
CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
	- sork-forwards 2.2.2-1
CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
	NOT-FOR-US: Hord Chora module
CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
	- sork-accounts 2.1.2-1
CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
	- turba 1.2.5-1
CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
	- kronolith 1.1.4-1
CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
	- sork-passwd 2.2.2-1
CVE-2005-1312 (PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
	NOT-FOR-US: Yappa-NG
CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
	NOT-FOR-US: bBlog
CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
	NOT-FOR-US: bBlog
CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
	- courier <unfixed> (bug #307575; unimportant)
CVE-2005-1307 (The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version ...)
	NOT-FOR-US: Adobe Version Cue
CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
	NOT-FOR-US: Adobe Reader 7
CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: hyper.cgi
CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: citat.pl
CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
	NOT-FOR-US: Confixx
CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
	NOT-FOR-US: nProtect:Netizen
CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
	NOT-FOR-US: inserter.cgi
CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
	NOT-FOR-US: include.cgi
CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: include.cgi
CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: include.cgi
CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
	- affix-kernel 2.1.1-1.1
CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
	NOT-FOR-US: StorePortal
CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
	NOT-FOR-US: CartWIZ ASP Cart
CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
	- phpbb2 2.0.13-6sarge1 (low)
CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: E-Cart
CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
	NOT-FOR-US: ACS Blog
CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
	NOT-FOR-US: BK Forum
CVE-2005-1286 (Unquoted Windows search path vulnerability in BitDefender 8 allows ...)
	NOT-FOR-US: Bitdefender
CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
	NOT-FOR-US: Argosoft Mail Server Pro
CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.10.10-2
CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
	- ethereal 0.10.10-2
	- tcpdump 3.8.3-4
CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
	{DSA-850-1}
	- tcpdump 3.8.3-4
CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
	- tcpdump 3.8.3-4 (bug #307920)
CVE-2005-1277
	REJECTED
CVE-2005-1276
	RESERVED
CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-1273
	RESERVED
CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
	NOT-FOR-US: Backup Agent for Microsoft SQL
CVE-2005-1271
	REJECTED
CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
	- rkhunter 1.2.7-14 (medium)
CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
	- apache 1.3.31-1
CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
	- libconvert-uulib-perl 1.0.5.1-1
CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
	{DSA-734-1}
	- gaim 1:1.3.1-1 (bug #315356; low)
CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
	{DSA-805-1}
	- apache2 2.0.54-5 (bug #320048; bug #320063; bug #322613; low)
	- apache <not-affected> (Not affected, see #322613)
CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
	{DSA-854-1}
	- tcpdump 3.9.0.cvs.20050614-1 (medium)
CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
	{DSA-736-2 DSA-736-1}
	- spamassassin 3.0.4-1 (bug #314447; medium)
CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
	{DSA-922-1}
	- linux-2.6 2.6.12-1
CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.10)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	[sarge] - kernel-source-2.4.27 2.4.27-10
	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
	- gaim 1:1.2.1-1.1
CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
	{DSA-741-1}
	- bzip2 1.0.2-7
CVE-2005-1259
	RESERVED
CVE-2005-1258
	RESERVED
CVE-2005-1257
	RESERVED
CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
	NOT-FOR-US: IMail
CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
	NOT-FOR-US: IMail
CVE-2005-1253
	RESERVED
CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
	NOT-FOR-US: IMail
CVE-2005-1251
	RESERVED
CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
	NOT-FOR-US: IpSwitch
CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
	NOT-FOR-US: IMail
CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
	NOT-FOR-US: Apple iTunes
CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: Novell Nsure Audit
CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
	NOT-FOR-US: snmppd
CVE-2005-XXXX [Multiple security problems in Quake 2]
	NOTE: this release added lots of warnings about the security problems
	- quake2 1:0.3-1.1
CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-1244 (** DISPUTED ** ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
	NOT-FOR-US: AS/400 FTP server addon
CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
	NOT-FOR-US: AS/400 FTP server
CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
	NOT-FOR-US: FlexPHPNews
CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
	NOT-FOR-US: DUPortal
CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
	NOT-FOR-US: phpbb-Auction
CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
	NOT-FOR-US: PHP Labs proFile
CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
	NOT-FOR-US: Sun ONE Proxy Server
CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
	NOT-FOR-US: JAWS
CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
	NOT-FOR-US: Yawcan
CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #306693; medium)
CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
	NOT-FOR-US: PHPProjekt
CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
	NOT-FOR-US: DUPortal
CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
	NOT-FOR-US: Ocean12 Calender manager
CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
	NOT-FOR-US: Annuaire Netref
CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
	NOT-FOR-US: ECommPro
CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Shoutbox
CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
	NOT-FOR-US: Microsoft Color Management Module
CVE-2005-1217
	RESERVED
CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
	NOT-FOR-US: Microsoft
CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
	NOT-FOR-US: Microsoft
CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
	NOT-FOR-US: Microsoft
CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
	NOT-FOR-US: Microsoft
CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-1210
	RESERVED
CVE-2005-1209
	RESERVED
CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
	NOT-FOR-US: Microsoft
CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
	NOT-FOR-US: Microsoft
CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
	- postgresql <unfixed> (unimportant)
	NOTE: This is not a real world problem; it's only applicable in rare circurstances
	NOTE: like someone analysing stolen user database information and even then the gain
	NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
	- libpam-ssh 1.91.0-9
CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: Desktop Rover
CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
	NOT-FOR-US: AZbb
CVE-2005-1200 (PHP remote file inclusion vulnerability in main_index.php in AZ ...)
	NOT-FOR-US: AZbb
CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
	NOT-FOR-US: UBB.threads
CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
	NOT-FOR-US: Anaconda Foundation Directory
CVE-2005-1197 (SQL injection vulnerability in the ...)
	NOT-FOR-US: Oracle
CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
	NOT-FOR-US: PHPBB Knowledgebase Mod
CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
	- xine-lib 1.0.1-1
	- mplayer <not-affected> (fixed in 1.0-pre7, which was released before etch)
CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
	- nasm 0.98.38-1.2 (bug #309049)
CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
	- phpbb2 2.0.13-6sarge1 (medium)
CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
	NOT-FOR-US: HP-UX
CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
	NOT-FOR-US: Cisco
CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
	NOT-FOR-US: Cisco
CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
	NOT-FOR-US: Cisco
CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the &quot;disallow NULL passwords&quot; ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
	NOT-FOR-US: Commercial SSH
CVE-2001-1473 (The SSH-1 protocol allows remote servers to conduct man-in-the-middle ...)
	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol.
CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
	- phpbb2 2.0.6c-1
CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
	- phpbb2 2.0.6c-1
CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
	NOT-FOR-US: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
CVE-2001-1468 (PHP remote file inclusion vulnerability in checklogin.php in ...)
	NOT-FOR-US: phpSecurePages
CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
	- expect <not-affected> (in expect 5.42.1, mkpasswd does not seed by pid)
	NOTE: doesn't seem to seed at all; my tests indicate it generates no dups in
	NOTE: some 100000 passwords.
CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
	NOT-FOR-US: VanDyke SecureCRT
CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
	NOT-FOR-US: SurfControl SuperScout
CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
	NOT-FOR-US: Crystal Reports
CVE-2001-1463 (The remote administration client for RhinoSoft Serv-U 3.0 sends the ...)
	NOT-FOR-US: RhinoSoft Serv-U
CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
	NOT-FOR-US: RSA Security SecurID
CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
	NOT-FOR-US: PostNuke
CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
	- openssh 1:3.0.1p1-1
CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
	NOT-FOR-US: Novell Groupwise
CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
	NOT-FOR-US: CrazyWWWBoard
CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
	NOT-FOR-US: Gauntlet Firewall
CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
	NOT-FOR-US: Netegrity SiteMinder
CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
	- mysql-dfsg 3.23.33-1
CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
	NOT-FOR-US: Windows
CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
	NOT-FOR-US: Windows
CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
	NOT-FOR-US: Windows
CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
	- apache <not-affected> (Mandrake specific packaging flaw)
CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
	NOT-FOR-US: Magic eDeveloper
CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
	NOT-FOR-US: Windows
CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
	NOT-FOR-US: MacOS X
CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
	NOT-FOR-US: Lotus Domino
CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
	NOT-FOR-US: Generic protocol flaw
CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
	- inn2 2.3.3+20020922-1
	- innfeed 0.10.1.7-7
CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
	NOT-FOR-US: VisualAge for Java
CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
	NOT-FOR-US: AIX
CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
	NOT-FOR-US: HP-UX
CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
	NOT-FOR-US: Handspring Visor
CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
	NOT-FOR-US: easyScripts easyNews
CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
	NOT-FOR-US: Dallas Semiconductor iButton DS1991
CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
	NOT-FOR-US: Tru64 UNIX
CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
	NOT-FOR-US: IOS
CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
	NOT-FOR-US: Quikstore Shopping Cart
CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
	NOT-FOR-US: AIX
CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
	- lpr 1:0.48-1
CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
	- lpr 1:0.48-1
CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
	- gcc-3.3 1:3.3.4-1
CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
	NOT-FOR-US: Windows
CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
	NOT-FOR-US: Windows
CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
	NOT-FOR-US: AIX
CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
	NOT-FOR-US: Lotus Domino
CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
	NOT-FOR-US: AIX
CVE-1999-1582 (By design, the &quot;established&quot; command on the Cisco PIX firewall allows ...)
	NOT-FOR-US: Cisco
CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
	NOT-FOR-US: Windows
CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
	- sendmail <not-affected> (Sun-specific)
CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
	NOT-FOR-US: Windows
CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
	NOT-FOR-US: Windows
CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
	NOT-FOR-US: Windows
CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
	NOT-FOR-US: Acrobat Reader
CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
	NOT-FOR-US: Kodak/Wang tools for IE
CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
	NOT-FOR-US: AIX
CVE-1999-1573 (Multiple unknown vulnerabilities in the &quot;r-cmnds&quot; (1) remshd, (2) ...)
	NOT-FOR-US: HP-UX
CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
	NOT-FOR-US: Windows
CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
	NOT-FOR-US: WebcamXP
CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...)
	NOT-FOR-US: WinHex
CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1185 (Unquoted Windows search path vulnerability in Musicmatch Jukebox ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
	NOT-FOR-US: Apparently bogus report. at least on Linux it couldn't be reproduced
CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
	NOT-FOR-US: mvnForum
CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
	NOT-FOR-US: iSeries OS
CVE-2005-1181 (** DISPUTED ** ...)
	NOT-FOR-US: Ariadne CMS
CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
	NOT-FOR-US: Xerox
CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
	NOT-FOR-US: Oracle
CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
	- webmin <not-affected>
	NOTE: I haven't found further information on this, but this appears to only
	NOTE: affect non-Debian setups
CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
	NOT-FOR-US: AIX
CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...)
	{DSA-757-1}
	- krb5 1.3.6-4 (bug #318437; medium)
CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package ...)
	NOT-FOR-US: Oracle
CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
	NOT-FOR-US: PMSoftware Simple Web Server
CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine Photo Gallery
CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...)
	NOT-FOR-US: moddb phpbb2 add-on
CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
	NOT-FOR-US: Mafia Blog
CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
	NOT-FOR-US: Musicmatch
CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
	NOT-FOR-US: Dameware
CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Yager game
CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Yager game
CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
	NOT-FOR-US: Yager game
CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
	NOT-FOR-US: OneWorldStore
CVE-2005-1160 (The privileged &quot;chrome&quot; UI code in Firefox before 1.0.3 and Mozilla ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
	{DSA-781-1}
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-1158 (Multiple &quot;missing security checks&quot; in Firefox before 1.0.3 allow ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
	- mozilla-firefox 1.0.3-1
	- mozilla 2:1.7.7-1
CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
	{DSA-728-1}
	- qpopper 4.0.5-4sarge1
CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
	NOT-FOR-US: Sun Java
CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
	NOT-FOR-US: ACNews
CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1146 (** DISPUTED ** ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1145 (** DISPUTED ** ...)
	NOT-FOR-US: CalenderScript
CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
	NOT-FOR-US: EasyPHPCalender
CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
	- gocr 0.39-5
CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
	- gocr 0.39-5
CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
	NOT-FOR-US: MyBloggie
CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
	NOT-FOR-US: Opera
CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
	NOT-FOR-US: Kerio
CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
	NOT-FOR-US: sphpBlog
CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
	NOT-FOR-US: Serendipity
CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
	NOT-FOR-US: AS/400 system software
CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
	NOT-FOR-US: LG mobile phone
CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
	NOT-FOR-US: Veritas Focalpoint Server
CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
	NOT-FOR-US: PinnacleCart
CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
	- egroupware 1.0.0.007-2.dfsg-1
CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
	NOT-FOR-US: VHCS
CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
	{DSA-1122 DSA-1121}
	- libnet-server-perl 0.89-1 (bug #378640)
	NOTE: Net::Server was already fixed in 0.87-1, although the changelog doesn't mention
	NOTE: the security implication, which was noticed later. I've verified both fixes
	NOTE: are identical
	NOTE: but DSA-1122 thinks it was fixed in 0.89-1, so mark that version to make
	NOTE: scripts happy (at time of writing, 0.90-1 is in testing)
	- postgrey 1.22-1
CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
	NOT-FOR-US: Free BSD
CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
	- libsafe <removed>
CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
	NOT-FOR-US: Solaris
CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
	NOT-FOR-US: monkeyd
CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
	NOT-FOR-US: monkeyd
CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
	{DSA-726-1}
	- oops 1.5.23.cvs-2.2 (bug #307360; high)
CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
	{DSA-1010-1}
	- ilohamail 0.8.14-0rc3sarge1 (bug #304525; medium)
CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
	- sudo <unfixed> (bug #283161; unimportant)
	NOTE: That's a policy violation, but not a security problem
CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
	NOT-FOR-US: RSA authentication agent
CVE-2005-1117 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: All4WWW Homepage creator
CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
	NOT-FOR-US: phpbb2 calendar addon
CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
	NOT-FOR-US: Photo Album
CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
	NOT-FOR-US: Photo Album
CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
	NOT-FOR-US: PhpBB Plus
CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
	NOT-FOR-US: IBM Websphere
CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
	{DSA-846-1}
	- cpio 2.6-6 (bug #305372; low)
CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
	NOT-FOR-US: Sumus web server
CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
	{DSA-713-1}
	- junkbuster <removed> (bug #304793)
	- privoxy <not-affected>
CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
	{DSA-713-1}
	- junkbuster <removed>
	- privoxy <not-affected>
CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
	NOT-FOR-US: McAfee
CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
	- postgrey 1.21-1
CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
	NOT-FOR-US: Windows
CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
	- libgnumail-java <unfixed> (bug #304712; unimportant)
	NOTE: This just provides an Java API function to receive a file name, sanitising
	NOTE: this file name for further use must be done inside the application calling
	NOTE: the function
CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
	NOT-FOR-US: Centra
CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	NOTE: Upstream developers don't consider this an issue, see bug #304468
CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
	NOT-FOR-US: Lotus Domino Server
CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
	- postfix-gld 1.5-1
CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
	- postfix-gld 1.5-1
CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
	NOT-FOR-US: GetDataBack for NTFS (Windows)
CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
	NOT-FOR-US: Rebrand P2P Share Spy
CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
	NOT-FOR-US: Ocean12 Membership Manager Pro
CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
	NOT-FOR-US: FTP Now
CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
	NOT-FOR-US: Miranda IM
CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
	NOT-FOR-US: DeluxeFTP
CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
	NOT-FOR-US: Maxthon
CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
	NOT-FOR-US: Maxthon
CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
	NOT-FOR-US: DC++
CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
	NOT-FOR-US: AN HTTPD
CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
	NOT-FOR-US: aeDating
CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
	NOT-FOR-US: aeDating
CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
	NOT-FOR-US: aeDating
CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
	NOT-FOR-US: AtDGDatingPlatinum
CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
	NOT-FOR-US: JAR in J2SE SDK
CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
	NOT-FOR-US: zOOm Media Gallery
CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
	NOT-FOR-US: XAMPP Apache distribution specific issue
CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
	NOT-FOR-US: WebCT
CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
	NOT-FOR-US: RadScripts RadBids Gold
CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
	NOT-FOR-US: JPortal
CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
	NOT-FOR-US: sCssBoard
CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
	NOT-FOR-US: Access_user class
CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
	- pine 4.63-1 (unimportant)
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
	NOTE: Not shipped in the binary package
CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
	- tetex-base <not-affected> (/var/cache/fonts is not writable by normal users in Debian)
CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
	- rsnapshot 1.2.1-1
CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
	NOT-FOR-US: Kerio
CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
	NOT-FOR-US: Kerio
CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
	- logwatch 5.0-1
CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
	NOT-FOR-US: Novell Netware
CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
	NOT-FOR-US: Linksys WET11
CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
	NOT-FOR-US: Cisco
CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
	NOT-FOR-US: Cisco
CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
	NOT-FOR-US: HP OpenView Network Node Manager
CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
	NOT-FOR-US: TowerBlog
CVE-2005-1054 (PHP remote file inclusion vulnerability in news.php in ModernBill ...)
	NOT-FOR-US: ModernBill
CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
	NOT-FOR-US: ModernBill
CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
	NOT-FOR-US: Microsoft
CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
	NOT-FOR-US: PunBB
CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
	NOT-FOR-US: PostNuke
CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
	NOT-FOR-US: PostNuke
CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
	NOT-FOR-US: PunBB
CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
	{DSA-714-1}
	- kdelibs 4:3.3.2-6
CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
	NOT-FOR-US: OpenText
CVE-2005-1044
	REJECTED
CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
	- php4 4:4.3.10-10 (bug #306003)
CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
	- netapplet <not-affected> (Not vulnerable, see bug #310833)
CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
	- coreutils 6.10-1 (bug #304556; unimportant)
	NOTE: Minor issue, generic UNIX design issue, see discussion in #304556)
CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
	NOTE: long fixed in Debian's cron
CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
	NOT-FOR-US: AIX
CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
	NOT-FOR-US: FreeBSD
CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
	- pavuk 0.9.32-1
CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: SurgeFTP
CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: CubeCart
CVE-2005-1032
	REJECTED
CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
	NOT-FOR-US: exoops
CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
	NOT-FOR-US: Active Auction House
CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
	NOT-FOR-US: SnailSource phpBB mod
CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
	NOT-FOR-US: IBM
CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
	NOT-FOR-US: ColdFusion
CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
	NOT-FOR-US: IOS
CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
	NOT-FOR-US: IOS
CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
	NOT-FOR-US: Aeon
CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
	NOT-FOR-US: CA ArcServe Backup
CVE-2005-XXXX [Some security issues in mod_security]
	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
	NOTE: the changelog entries matches the security criteria, but the changelog
	NOTE: claims so.
	- libapache-mod-security 1.8.7-1
CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
	- imms 2.0.3-1
CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
	- smarty 2.6.9-1
CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
	- obexftp 0.10.7-3
CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...)
	NOT-FOR-US: MaxWebPortal
CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...)
	NOT-FOR-US: MailEnable
CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...)
	NOT-FOR-US: MailEnable
CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
	NOT-FOR-US: SiteEnable
CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...)
	NOT-FOR-US: ComersusCart
CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...)
	NOT-FOR-US: NetVault
CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...)
	NOT-FOR-US: XM Forum
CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...)
	NOT-FOR-US: CommuniGate Pro
CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...)
	NOT-FOR-US: SonicWALL
CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
	NOT-FOR-US: PayProCart
CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...)
	NOT-FOR-US: PayProCart
CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...)
	NOT-FOR-US: PayProCart
CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...)
	NOT-FOR-US: LOG-FT File Transfer
CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
	NOT-FOR-US: ProductCart
CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
	NOT-FOR-US: ProductCart
CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...)
	NOT-FOR-US: SCO
CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
	- phpmyadmin 3:2.6.2-rc1-1
CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not &quot;use a secure location ...)
	NOT-FOR-US: AIX
CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
	- sharutils 1:4.2.1-13
CVE-2005-0989 (The find_replen function in jsstr.c in the Javascript engine for ...)
	{DSA-781-1}
	- mozilla 2:1.7.7-1 (bug #306001)
	- mozilla-firefox 1.0.2-3
	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
	{DSA-752-1}
	- gzip 1.3.5-10
CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
	NOT-FOR-US: IRC Services NickServ
CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
	NOT-FOR-US: Lotus Domino
CVE-2005-0985 (Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows ...)
	NOT-FOR-US: Apple
CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
	NOT-FOR-US: Star Wars game
CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
	NOT-FOR-US: Quake 3 based games
CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...)
	NOT-FOR-US: Yet Another Forum.net
CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0980 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
	NOT-FOR-US: Alstrasoft EPay
CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...)
	NOT-FOR-US: Rumba
CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
	NOT-FOR-US: IVT BlueSoleil
CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16 (bug #303177)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
	NOT-FOR-US: Apple
CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
	NOT-FOR-US: Apple
CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
	NOT-FOR-US: Apple
CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...)
	NOT-FOR-US: Apple
CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
	NOT-FOR-US: Apple
CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...)
	NOT-FOR-US: Apple
CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
	NOT-FOR-US: CA eTrust IDS
CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
	- gaim 1:1.2.1-1
CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
	- openwebmail <removed>
CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
	- gaim 1:1.2.1-1 (bug #303581)
CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
	NOT-FOR-US: Kerio firewall
CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
	NOT-FOR-US: ACPI BIOS hardware issue
CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...)
	NOT-FOR-US: SquirrelCart
CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...)
	- horde3 3.0.4-1
	- horde2 2.2.8-1
CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
	NOT-FOR-US: YepYep mtftpd
CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...)
	NOT-FOR-US: BayTech RPC
CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...)
	NOT-FOR-US: InterAKT MX Kart
CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...)
	NOT-FOR-US: InterAKT MX Shop
CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
	NOT-FOR-US: Windows
CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
	{DSA-730-1}
	- bzip2 1.0.2-6
	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
	NOTE: attacker would have to exploit the minimal time span between uncompressing
	NOTE: the file and chmodding it to delete the file and place a hardlink to another
	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
	NOT-FOR-US: PafileDB
CVE-2005-0951
	REJECTED
CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
	NOT-FOR-US: FastStone 4in1 Browser
CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
	NOT-FOR-US: PortalApp
CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...)
	NOT-FOR-US: PortalApp
CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
	NOT-FOR-US: phpCoin
CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...)
	NOT-FOR-US: phpCoin
CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) ...)
	NOT-FOR-US: Microsoft
CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
	NOT-FOR-US: Cisco
CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
	NOT-FOR-US: Sybase ASE
CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
	- openoffice.org 1.1.3-9
CVE-2005-0939
	RESERVED
CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
	NOT-FOR-US: UBlog
CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
	- kernel-source-2.6.8 2.6.8-16
CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
	- freeciv 2.0.1-1
CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
	- mailscanner 4.40.11-1
CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
	- kdenetwork 4:3.3.2-2
CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
	NOT-FOR-US: ESMI PayPal Storefront
CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...)
	NOT-FOR-US: WackoWiki
CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0931 (PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 ...)
	NOT-FOR-US: The Includer
CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...)
	NOT-FOR-US: Chatness
CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...)
	NOT-FOR-US: WebAPP
CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...)
	- sylpheed 1.0.4-1
	- sylpheed-claws 1.0.4-1
CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
	NOT-FOR-US: Uapplication Ublog
CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
	NOT-FOR-US: Norton AntiVirus
CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
	NOT-FOR-US: Lotus
CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
	NOT-FOR-US: Bugtracker.NET
CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
	NOT-FOR-US: Adventia E-Data
CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
	NOT-FOR-US: Adobe SVG Viewer
CVE-2005-0917 (PHP remote file inclusion vulnerability in index_header.php for ...)
	NOT-FOR-US: EncapsBB
CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
	- kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
	NOT-FOR-US: Webmasters-Debutants WD Guestbook
CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
	NOT-FOR-US: CPG Dragonfly
CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
	- smarty 2.6.8-1
CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...)
	NOT-FOR-US: deplate
CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...)
	NOT-FOR-US: exoops
CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...)
	NOT-FOR-US: exoops
CVE-2005-0909 (PHP remote file inclusion vulnerability in shoutact.php for TKai's ...)
	NOT-FOR-US: THai's Shoutbox
CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
	NOT-FOR-US: Valdersoft Shopping Cart
CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...)
	NOT-FOR-US: Tincat network library
CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...)
	NOT-FOR-US: Maxthon
CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the &quot;Force shutdown ...)
	NOT-FOR-US: Microsoft
CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...)
	NOT-FOR-US: QuickTime PictureViewer
CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: NukeBookmarks for php-nuke
CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...)
	NOT-FOR-US: AS/400 running OS400
CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0897 (PHP remote file inclusion vulnerability in catalog.php in E-Store ...)
	NOT-FOR-US: E-Store Kit-2 PayPal Edition
CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...)
	NOT-FOR-US: phpMyDirectory
CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Netcomm 1300NB DSL Modem
CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
	- openmosixview 1.5-7
CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
	- smail <removed> (bug #335042; unimportant)
	NOTE: cording to upstream impossible to exploit
CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
	{DSA-722-1}
	- smail 3.2.0.115-7 (bug #301428; high)
CVE-2005-0891 (Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
	NOTE: The description is wrong; 2.6 is affected as well
	- gtk+2.0 2.6.4-1
	- gdk-pixbuf 0.22.0-7.1
CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
	- sharutils 1:4.2.1-12
CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
	- sharutils 1:4.2.1-11
CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...)
	NOT-FOR-US: X-News
CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...)
	NOT-FOR-US: Netscape Enterprise Server
CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...)
	NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...)
	- cryptcat 20031202-2
	NOTE: don't know when it was fixed, verified above version is ok
CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...)
	- cgiemail 1.6-14
CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
	NOT-FOR-US: Verity Search97
CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
	- squirrelmail 1:1.2.3
CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
	- squirrelmail 1:1.2.3
CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
	- squirrelmail 1:1.2.3
CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
	- slash 2.2.6-8 (bug #160579; low)
	[sarge] - slash <no-dsa> (Minor security implications)
CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
	NOT-FOR-US: commercial ssh
CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
	- postgresql 7.2.3
CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-1638
	REJECTED
CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
	NOT-FOR-US: Oracle
CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
	NOT-FOR-US: Oracle
CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
	NOT-FOR-US: Oracle
CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
	NOT-FOR-US: NetWare
CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
	NOT-FOR-US: QNX
CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
	NOT-FOR-US: Oracle
CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
	NOT-FOR-US: Oracle
CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
	NOT-FOR-US: Oracle
CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
	NOT-FOR-US: Multi-Tech ProxyServer
CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
	NOT-FOR-US: Dream4 Koobi CMS
CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0887 (Eval injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.4.4-1
CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
	NOT-FOR-US: XMB Forum
CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
	NOT-FOR-US: DigitalHive
CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
	NOT-FOR-US: BirdBlog
CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
	NOT-FOR-US: Interspire ArticleLive
CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0879 (PHP remote file include vulnerability in (1) content.php and (2) ...)
	NOT-FOR-US: Vortex Portal
CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
	- dnsmasq 2.21
CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
	- dnsmasq 2.21
CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
	NOT-FOR-US: Oracle
CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
	NOT-FOR-US: Topic Calendar phpbb2 plugin
CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
	{DSA-899-1 DSA-898-1 DSA-897-1 DSA-724-1}
	NOTE: Fix in phpsysinfo 2.3-3 was apparently incomplete.
	- phpsysinfo 2.3-7
	- egroupware 1.0.0.009.dfsg-3-3
	- phpgroupware 0.9.16.008-2
CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
	- phpsysinfo 2.3-3 (bug #301118; unimportant)
CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
	- tn5250 <not-affected> (cannot find STRPCO or STRPCCMD in tn5250)
CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
	- kernel-source-2.4.27 <not-affected> (kernel 2.4 doesn't have sysfs)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 <not-affected> (Not vulnerable, see #306137)
CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
	- cdrtools 4:2.01+01a01-4 (bug #291376; low)
	[sarge] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
	[woody] - cdrtools <no-dsa> (Only exploitable in rare debugging mode)
CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
	NOT-FOR-US: Scalable OGo (SOGo)
CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
	NOT-FOR-US: Mike Spice Mike's Vote CGI
CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
	NOT-FOR-US: Mike Spice Quiz CGI
CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
	NOT-FOR-US: Mike Spice My Calendar
CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
	NOT-FOR-US: Lotus Domino
CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
	NOT-FOR-US: General protocol flaw, cannot be fixed
CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
	NOT-FOR-US: AIX
CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
	NOT-FOR-US: AIX
CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
	NOT-FOR-US: AIX
CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
	NOT-FOR-US: AIX
CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
	NOT-FOR-US: Samsung ADSL modems
CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0862 (Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat ...)
	NOT-FOR-US: PHPOpenChat
CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
	NOT-FOR-US: Delegate
CVE-2005-0860 (PHP remote file inclusion vulnerability in TRG News Script 3.0 allows ...)
	NOT-FOR-US: TRG News Script
CVE-2005-0859 (PHP remote file inclusion vulnerability in CzarNews 1.13b allows ...)
	NOT-FOR-US: CzarNews
CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...)
	NOT-FOR-US: CoolForum
CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...)
	NOT-FOR-US: CoolForum
CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
	NOT-FOR-US: CoolForum
CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: CoolForum
CVE-2005-0854 (betaparticle blog (bp blog), posisbly before version 4, allows remote ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
	NOT-FOR-US: betaparticle blog
CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...)
	NOT-FOR-US: Microsoft Windows
CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...)
	NOT-FOR-US: FileZilla FTP server
CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
	NOT-FOR-US: Multiple commercial games by FUN Labs
CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Code Ocean FTP Server
CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...)
	NOT-FOR-US: HP-UX
CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: GoAhead Web Server
CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...)
	- screen <not-affected> (HAVE_BRAILLE not set in binary build)
CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
	NOT-FOR-US: SurgeMail
CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory of ...)
	NOT-FOR-US: Nortel Contivity
CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
	NOT-FOR-US: Phorum
CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako eSupport
CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
	NOT-FOR-US: phpmyfamily
CVE-2005-0840
	REJECTED
CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
	- icecast2 <unfixed> (bug #301368; unimportant)
	NOTE: According to upstream a non-issue
CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
	NOT-FOR-US: Java Web Start for proprietary Sun Java
CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
	NOT-FOR-US: Belkin 54G router
CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
	NOT-FOR-US: PHP-Post
CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
	NOT-FOR-US: Xzabite DynDNS Updater
CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
	NOT-FOR-US: PHP-Fusion Addon
CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
	NOT-FOR-US: e-Xoops based products
CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: OllyDbg MS Windows debugger
CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
	- ltris 1.0.6-1.1 (bug #291620)
CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
	- mathopd 1.5p5-1
CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
	NOT-FOR-US: Cherokee
CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
	NOT-FOR-US: Cherokee
CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
	NOT-FOR-US: Nokia Firewall appliances
CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
	NOT-FOR-US: Cayman DSL router
CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
	NOTE: I could track this down to this posting
	NOTE: http://web.archive.org/web/20051206035530/http://cert.uni-stuttgart.de:80/archive/vuln-dev/2001/11/msg00104.html
	NOTE: This looks very obscure an does not contain useful information on how this
	NOTE: was triggered and even then it's not a problem, as mcedit usage does not
	NOTE: have a remote impact and is not suid
CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC@Chip are shipped ...)
	NOT-FOR-US: IPC@CHIP Embedded web server
CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
	NOT-FOR-US: ColdFusion
CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
	NOT-FOR-US: Alcatel Speed Touch
CVE-2005-XXXX [Various /tmp related security issues in cernlib]
	- cernlib 2004.11.04-3
CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
	NOT-FOR-US: iSnooker
CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
	NOT-FOR-US: Citrix
CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
	NOT-FOR-US: Citrix
CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
	NOT-FOR-US: MS Office
CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
	NOT-FOR-US: Novell Netware
CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
	NOT-FOR-US: Pun BB
CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
	NOT-FOR-US: Symantec Gateway
CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2005-0815 (Multiple &quot;range checking flaws&quot; in the ISO9660 filesystem handler in ...)
	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc1)
	[sarge] - kernel-source-2.6.8 2.6.8-16
CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
	{DSA-717-1}
	- lsh-utils 2.0.1-1
CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
	NOT-FOR-US: ir
CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
	NOT-FOR-US: NotifyLink
CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
CVE-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote ...)
	NOT-FOR-US: Cain &amp; Abel
CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
	- evolution 2.0.4-2
CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
	NOT-FOR-US: Subdreamer
CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
	NOT-FOR-US: MailEnable
CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
	NOT-FOR-US: ACS Blog
CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
	NOT-FOR-US: The Includer
CVE-2005-0800 (PHP remote file inclusion vulnerability in install.php in mcNews 1.3 ...)
	NOT-FOR-US: mcNews
CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
	NOT-FOR-US: MySQL on Windows
CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
	NOT-FOR-US: Hola CMS
CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
	NOT-FOR-US: ZPanel
CVE-2005-0793 (PHP remote file inclusion vulnerability in zpanel.php in ZPanel allows ...)
	NOT-FOR-US: ZPanel
CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
	NOT-FOR-US: ZPanel
CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: phpAdsNew
CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
	NOT-FOR-US: SimpGB
CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
	NOT-FOR-US: YaBB
CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
	NOT-FOR-US: Phorum
CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
	NOT-FOR-US: Phorum
CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
	NOT-FOR-US: paFileDB
CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFileDB
CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: PlatinumFTP
CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
	NOT-FOR-US: VERITAS Backup Exec
CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
	NOT-FOR-US: IDA Pro
CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
	NOT-FOR-US: GoodTech Telnet Server
CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
	- kernel-source-2.6.8 2.6.8-15
CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
	- ethereal 0.10.10-1
CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
	- ethereal 0.10.10-1
CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
	- rxvt-unicode 5.3-1
CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
	{DSA-698-1}
	- mc 1:4.6.0-4.6.1-pre3-1
	NOTE: Sarge-specific regression correcting a previous DSA.
CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
	- imagemagick 5:6.0.2.5 (bug #301110)
CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
	{DSA-702-1}
	- imagemagick 5:6.0.0-1
	NOTE: Does only affect imagemagick releases prior to 6
CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
	- gzip 1.3.5-10 (low)
	- bzip2 1.0.2-8.1 (bug #321286; low)
	[sarge] - bzip2 <no-dsa> (Minor issue)
CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
	- linux-2.6 <not-affected> (Fixed before upload in archive)
CVE-2005-0756 (ptrace in Linux kernel 2.6.8.1 does not properly verify addresses on ...)
	{DSA-922-1 DSA-921-1}
	- kernel-source-2.4.27 2.4.27-11 (medium)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.12-rc5)
CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
	- helix-player 1.0.4-1
CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
	- kdewebdev 1:3.3.2-6
CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
	{DSA-742-1}
	- cvs 1:1.12.9-13
CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
	- mozilla-firefox 1.0.3-1
CVE-2005-0751
	REJECTED
CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
	- kernel-source-2.4.27 2.4.27-10
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.5)
CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...)
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-10
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...)
	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
	NOT-FOR-US: Adobe PhotoDeluxe
CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
	NOT-FOR-US: Advanced Poll
CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
	NOT-FOR-US: WinVNC
CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
	NOT-FOR-US: no_package
	NOTE: Debian's nvi recover script is very different
CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
	- omniorb4 4.0.5-2
CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
	NOT-FOR-US: not part of Woody, has been removed from sarge/sid
CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
	- wine 0.0.20050310-1.1
CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...)
	- openslp 1.0.11a-2
CVE-2005-0748 (PHP remote file inclusion vulnerability in initdb.php for WEBInsta ...)
	NOT-FOR-US: WEBInsta
CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: ApplyYourself
CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...)
	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
	NOT-FOR-US: Novell iChain
CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
	NOT-FOR-US: Xoops
CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
	NOT-FOR-US: Sun Java System Application Server
CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
	NOT-FOR-US: YaBB
CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
	{DSA-718-1}
	- ethereal 0.10.10-1
CVE-2005-0738 (Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
	NOT-FOR-US: Yahoo Messenger
CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
	- kernel-source-2.4.27 <not-affected> (There is no epoll in kernel 2.4)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0735 (newsscript.pl for NewsScript allows remote attackers to gain ...)
	NOT-FOR-US: newsscript
CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
	NOT-FOR-US: PY Software Active Webcam WebServer
CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0728
	REJECTED
CVE-2005-0727
	REJECTED
CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
	NOT-FOR-US: UBB.threads
CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
	NOT-FOR-US: wfsections
CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: paFileDB
CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...)
	NOT-FOR-US: paFileDB
CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0721 (PHP remote file inclusion vulnerability in modules.php in eXPerience2 ...)
	NOT-FOR-US: eXPerience2
CVE-2005-0720 (PHP remote file inclusion vulnerability in admin/header.php in PHP ...)
	NOT-FOR-US: mcNews
CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
	NOT-FOR-US: Tru64
CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
	- squid 2.5.8 (bug #305605)
CVE-2005-0717
	RESERVED
CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
	NOT-FOR-US: Mac OS
CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
	NOT-FOR-US: Mac OS
CVE-2005-0714
	REJECTED
CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
	NOT-FOR-US: Mac OS
CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
	NOT-FOR-US: Mac OS
CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
	{DSA-707-1}
	- mysql-dfsg 4.0.24
	- mysql-dfsg-4.1 4.1.10a
CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
	- kfreebsd-8 <not-affected> (Fixed before initial release; bug #613311)
	- kfreebsd-7 <not-affected> (Fixed before initial release; bug #613311)
CVE-2003-1130
	REJECTED
CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
	NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
	NOT-FOR-US: X2 XMMS Remote
CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
	NOT-FOR-US: e-Gap
CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
	NOT-FOR-US: SunOne/iPlanet
CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...)
	NOT-FOR-US: SunOne
CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
	NOT-FOR-US: Sun Management Center
CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
	NOT-FOR-US: Sun JRE
CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
	NOT-FOR-US: ScriptLogic
CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
	NOT-FOR-US: SSH Tectia Server
CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...)
	- openssh <not-affected>
CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...)
	- setiathome 3.04
CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
	NOT-FOR-US: RealSystem Server
CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
	NOT-FOR-US: Oracle E-Business Suite
CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...)
	NOT-FOR-US: Nortel Networks Succession Communication Server
CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...)
	NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...)
	NOT-FOR-US: IPTel SIP Express Router
CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...)
	NOT-FOR-US: Ingate Firewall and Ingate SIParator
CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...)
	NOT-FOR-US: dynamicsoft
CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...)
	NOT-FOR-US: Columbia SIP User Agent
CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...)
	NOT-FOR-US: Alcatel
CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
	NOT-FOR-US: Microsoft
CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...)
	NOT-FOR-US: MSIE
CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...)
	NOT-FOR-US: IBM Tivoli Firewall Toolbox
CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...)
	NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...)
	NOT-FOR-US: shar on HP-UX
CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
	NOT-FOR-US: HP-UX)
CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
	NOT-FOR-US: HP-UX)
CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...)
	NOT-FOR-US: Mike Spice's My Classifieds
CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...)
	- dansguardian 2.4.5-1
CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...)
	NOT-FOR-US: Computer Associates MLink
CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...)
	NOT-FOR-US: Cisco
CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...)
	- shadow <not-affected> (Debian's pwck and grpck do not overflow and are not suid)
CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
	- apache2 2.0.42
CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
	- apache2 2.0.36
CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
	NOT-FOR-US: AIM in MSIE
CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
	NOT-FOR-US: Ipswitch Collaboration Suite
CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
	[sarge] - gnome-vfs2 <not-affected> (does not install the module with the vulnerable code)
	- grip 3.2.0-4 (low)
	- libcdaudio 0.99.9-2.1 (bug #304799; low)
	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
	- gnome-vfs2 2.10.1-3
CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...)
	- ethereal 0.10.10-1
CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
	- ethereal 0.10.10-1
CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1769 (The &quot;Allow cPanel users to reset their password via email&quot; feature in ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...)
	NOT-FOR-US: Solaris
CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...)
	NOT-FOR-US: NetScreen-Security Manager
CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...)
	- libapache-mod-security <not-affected> (only seems to affect 1.7.4, not the newer branch in Debian)
CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: HP-UX
CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
	NOT-FOR-US: hsrun.exe
CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
	- ethereal 0.10.3
CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...)
	NOT-FOR-US: Cisco
CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM ...)
	NOT-FOR-US: Cisco
CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...)
	NOT-FOR-US: Cisco
CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using &quot;memory&quot; ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-1092 (Unknown vulnerability in the &quot;Automatic File Content Type Recognition ...)
	- file 3.4.1
CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...)
	NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...)
	NOT-FOR-US: AbsoluteTelnet
CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
	NOT-FOR-US: Xerox MicroServer Web Server
CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
	NOT-FOR-US: phpMyFAQ
CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
	NOT-FOR-US: Oracle
CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
	NOT-FOR-US: Aztek
CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
	- ethereal 0.10.9-2
CVE-2005-0698 (PHP remote file inclusion vulnerability in PHPWebLog 0.5.3 and earlier ...)
	NOT-FOR-US: PHPWebLog
CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...)
	NOT-FOR-US: CopperExport
CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
	NOT-FOR-US: Hosting Controller
CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
	NOT-FOR-US: JoWood Chaser (for Windows)
CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...)
	NOT-FOR-US: PHP-Fusion
CVE-2005-0691 (PHP remote file inclusion vulnerability in article mode for ...)
	NOT-FOR-US: SocialMPN
CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
	NOT-FOR-US: Gene6 FTP Server for Win
CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
	NOT-FOR-US: The Includer
CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
	NOT-FOR-US: Windows
CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
	- hashcash 1.17-1
CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
	- mlterm 2.9.2 (bug #298621)
CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
	NOT-FOR-US: OutStart Participate Enterprise
CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
	- maxdb-7.5.00 7.5.00.24-3
CVE-2005-0683
	REJECTED
CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
	- drupal 4.5.2
CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Nokia
CVE-2005-0680 (PHP remote file inclusion vulnerability in ...)
	NOT-FOR-US: Download Center Lite
CVE-2005-0679 (PHP remote file inclusion vulnerability in tell_a_friend.inc.php for ...)
	NOT-FOR-US: Tell A Friend Script
CVE-2005-0678 (PHP remote file inclusion vulnerability in formmail.inc.php for Form ...)
	NOT-FOR-US: Form Mail Script
CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
	NOT-FOR-US: Zorum
CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
	NOT-FOR-US: Zorum
CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
	NOT-FOR-US: Zorum
CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
	NOT-FOR-US: Pabox for PHPNuke
CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
	- phpbb2 2.0.13-2
CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
	NOT-FOR-US: Ca3DE
CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
	NOT-FOR-US: phpCOIN
CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
	NOT-FOR-US: HAVP
CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
	- sylpheed 1.0.3-1
	- sylpheed-claws 1.0.3-1
CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
	- kernel-patch-adamantix 1.7
CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
	{DSA-709-1}
	- libexif 0.6.9-5
CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
	NOT-FOR-US: Mercury Board
CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
	NOT-FOR-US: Woltlab Burning Board
CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
	NOT-FOR-US: D-Forum
CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
	- phpbb2 <unfixed> (unimportant)
CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
	NOT-FOR-US: Typo3 extension
CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
	NOT-FOR-US: Computalynx CProxy
CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
	NOT-FOR-US: auraCMS
CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: auraCMS
CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
	NOTE: this is not a security issue according to maintainer
CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
	- phpmyadmin 3:2.6.1-pl3-1
CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
	NOT-FOR-US: OpenVMS
CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...)
	NOT-FOR-US: ProjectBB
CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
	NOT-FOR-US: Pixel-Apes SafeHTML
CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
	NOT-FOR-US: paNews
CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
	NOT-FOR-US: paNews
CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
	NOT-FOR-US: McAfee Virus Scanners
CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
	NOT-FOR-US: Computer Associates UAM
CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
	{DSA-695-1 DSA-694-1}
	- xloadimage 4.1-14.2
	- xli 1.17.0-17
CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
	{DSA-695-1 DSA-694-1}
	- xli 1.17.0-18
	- xloadimage 4.1-14.1 (bug #298926)
CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
	NOT-FOR-US: OpenBSD
CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
	NOT-FOR-US: Foxmail
CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Foxmail
CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
	NOT-FOR-US: PHPNews
CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
	NOT-FOR-US: PBLang
CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
	NOT-FOR-US: PBLang
CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
	NOT-FOR-US: 427BB
CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
	NOT-FOR-US: Forumwa
CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
	- qt-x11-free <not-affected> (RPATH disabled in Debian's build)
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
	NOT-FOR-US: Symantec DNSd
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
	NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
	NOT-FOR-US: Zorum
CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
	- squid 2.5.9-2
CVE-2005-0940
	REJECTED
CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
	- reportbug 3.8 (bug #295407)
CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
	- reportbug 3.8 (bug #295407)
CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
	NOT-FOR-US: RaidenHTTPD
CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Scrapland
CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
	NOT-FOR-US: Einstein
CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
	NOT-FOR-US: Einstein
CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
	NOT-FOR-US: PostNuke
CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
	NOT-FOR-US: PostNuke
CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
	NOT-FOR-US: PostNuke
CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
	- phpbb2 2.0.13-1
CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
	- knowledgeroot <not-affected> (fixed before first upload; see bug #381912)
CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
	NOT-FOR-US: Cisco
CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
	NOT-FOR-US: Real
CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
	NOT-FOR-US: FreeBSD portupgrade
CVE-2005-0609
	REJECTED
CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
	NOT-FOR-US: Half Life WebMod
CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
	NOT-FOR-US: CubeCert
CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
	NOT-FOR-US: CubeCert
CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
	{DSA-723-1}
	- lesstif2 1:0.93.94-11.1 (bug #298183; bug #299236)
	NOTE: libxmp4 is the real culprit
	- xfree86 4.3.0.dfsg.1-13
	- xorg-x11 <not-affected> (Fixed before upload into archive)
	- openmotif 2.2.3-1.1 (bug #308819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
	NOT-FOR-US: GFI Languard Network Security Scanner
CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
	- phpbb2 2.0.13-1
CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
	- unzip 5.52-1
	NOTE: um, tar does this too, not really considered a security hole
CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
	NOT-FOR-US: Real
CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
	NOT-FOR-US: Cisco
CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
	- php4 4:4.3.8-1
CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
	NOT-FOR-US: BadBlue
CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
	NOT-FOR-US: Apple
CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
	- mozilla-firefox 1.0.1
CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
	- mozilla-firefox 1.0.1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...)
	- mozilla-firefox 1.0.1
CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
	NOTE: windows only
CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...)
	- mozilla-firefox 1.0.1
	- mozilla 2:1.7.6-1
CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
	NOT-FOR-US: Computer Associates (CA) License Client
CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
	NOT-FOR-US: cmd5checkpw
CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
	NOT-FOR-US: FreeNX
CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...)
	- mozilla-firefox 1.0.1-1
CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...)
	NOT-FOR-US: MKBold-MKItalic
CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...)
	NOT-FOR-US: STSF in Solaris
CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
	NOT-FOR-US: Stormy Studios Knet
CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...)
	NOT-FOR-US: CIS Webserver
CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...)
	NOTE: Historic Gaim on Windows
CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...)
	NOT-FOR-US: PunBB
CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: PunBB
CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...)
	NOT-FOR-US: PunBB
CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...)
	NOT-FOR-US: Soldier of Fortune II
CVE-2005-0567 (Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro (goldenftpd) 2.x allows ...)
	NOT-FOR-US: Golden FTP Server
CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
	NOT-FOR-US: Microsoft
CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
	NOT-FOR-US: MSN Messenger
CVE-2005-0561
	RESERVED
CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
	NOT-FOR-US: Exchange server
CVE-2005-0559
	RESERVED
CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
	NOT-FOR-US: Microsoft Word
CVE-2005-0557
	RESERVED
CVE-2005-0556
	RESERVED
CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
	NOT-FOR-US: MSIE
CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
	NOT-FOR-US: MSIE
CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
	NOT-FOR-US: MSIE
CVE-2005-0552
	RESERVED
CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
	NOT-FOR-US: Microsoft
CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
	NOT-FOR-US: Solaris
CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
	NOT-FOR-US: Solaris
CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
	NOT-FOR-US: Apple Java plugin
CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
	NOT-FOR-US: Gaucho
CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...)
	NOT-FOR-US: Ground Control II
CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: RealVNC
CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...)
	NOT-FOR-US: Attack Mitigator IPS 5500
CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...)
	NOT-FOR-US: NtRegmon
CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...)
	NOT-FOR-US: NetworkEverywhere NR041
CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...)
	NOT-FOR-US: PHP Code Snippet Library
CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...)
	NOT-FOR-US: Painkiller
CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
	NOT-FOR-US: WebAPP
CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: musicd
CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: musicd
CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Bird Chat
CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...)
	NOT-FOR-US: JShop
CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...)
	- cacti 0.8.5a-5
CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
	- cacti 0.8.5a-5
CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...)
	- sympa 4.1.5-4 (bug #298105; unimportant)
	NOTE: A user with the privilege to create new mailing lists needs to be trustworthy
CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows ...)
	- mantis 0.19.2-1
CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
	- mydms 1.4.3-1
CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
	- mydms 1.4.3-1
CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
	- mantis 0.19.0-1
CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
	- mantis 0.19.0-1
CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
	NOT-FOR-US: Nihuo Web Log Analyzer
CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
	NOT-FOR-US: sarad
CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BadBlue
CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
	NOT-FOR-US: XV
CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
	NOT-FOR-US: XV
CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
	NOT-FOR-US: Merak Webmail Server
CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
	NOT-FOR-US: IPD
CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
	- gv 1:3.6.1-1
CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
	NOT-FOR-US: PForum
CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
	NOT-FOR-US: PRM on HP-UX
CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
	NOT-FOR-US: TypePad
CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
	- moodle 1.4-1
CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: page.cgi
CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Webbsyte
CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...)
	NOT-FOR-US: Oracle
CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...)
	NOT-FOR-US: U.S. Robotics wireless access point
CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...)
	NOT-FOR-US: WpQuiz
CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
	NOT-FOR-US: Fusion News
CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...)
	NOT-FOR-US: Lexar Safe Guard
CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...)
	NOT-FOR-US: diagmond on HP-UX
CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...)
	NOT-FOR-US: ftpd on HP-UX
CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...)
	- cyrus21-imapd 2.1.18-1
CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)
	NOT-FOR-US: MS Office
CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
	- phpmyadmin 3:2.6.1-pl2-1
CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...)
	NOT-FOR-US: Cyclades AlterPath Manager
CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
	NOT-FOR-US: IBM
CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
	NOT-FOR-US: ginp
CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
	NOT-FOR-US: iGeneric (iG) Shop
CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
	NOT-FOR-US: Trend Micro AntiVirus
CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11-rc4)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...)
	- kernel-source-2.6.8 2.6.8-14
	NOTE: affects only 2.6 (see #296906)
CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0528
	REJECTED
CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
	NOT-FOR-US: PBLang
CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
	{DSA-729-1 DSA-708-1}
	- php4 4:4.3.10-10
	- php3 3:3.0.18-31
CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
	- php3 <not-affected>
	- php4 4:4.3.10-10
CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
	{DSA-719-1}
	- prozilla 1:1.3.7.4-1
CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
	NOT-FOR-US: Chat Anywhere
CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
	NOT-FOR-US: SendLink
CVE-2005-0520 (ArGoSoft FTP Server before 1.4.2.8 allows remote attackers to read ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0519 (ArGoSoft FTP Server before 1.4.2.7 allows remote attackers to read ...)
	NOT-FOR-US: ArGoSoft
CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: eXeem
CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...)
	NOT-FOR-US: PeerFTP
CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
	NOT-FOR-US: ImageGalleryPlugin for Twiki
CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
	NOT-FOR-US: My Firewall Plus
CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2005-0513 (PHP remote file inclusion vulnerability in mail_autocheck.php in the ...)
	NOT-FOR-US: pMachine
CVE-2005-0512 (PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 ...)
	NOT-FOR-US: Mambo
CVE-2005-0511 (misc.php for vBulletin 3.0.6 and earlier, when &quot;Add Template Name in ...)
	NOT-FOR-US: vBulletin
CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...)
	NOT-FOR-US: pMachine
CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...)
	NOT-FOR-US: fallback-reboot
CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...)
	NOTE: default config of Mono not vulnerable
	- mono 1.1.6-4 (medium)
CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
	- batik 1.5.1-1
CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...)
	NOT-FOR-US: SD Server
CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...)
	NOT-FOR-US: Avaya IP Office Phone Manager
CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
	- irm 1.5.3.1-1
CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.6.8 2.6.8-12
	- kernel-source-2.6.9 2.6.9-5
	- kernel-source-2.6.10 2.6.10-2
	- kernel-source-2.4.27 2.4.27-8
CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
	- uim 1:0.4.6beta2-1
CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
	NOT-FOR-US: Xinkaa
CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Bontago
CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE6
CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...)
	NOT-FOR-US: Gigafast router
CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...)
	NOT-FOR-US: ADP Elite System
CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...)
	NOT-FOR-US: Arkeia Network Backup
CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...)
	NOT-FOR-US: Thomson TCW690 cable modem
CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...)
	NOT-FOR-US: Biz Mail From
CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...)
	NOT-FOR-US: Acrobat Reader
CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...)
	NOT-FOR-US: Arkeia Server Backup
CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
	- curl 7.13.0-2
CVE-2005-0489 (The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
	- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
	- cfengine2 2.1.8-1
CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
	NOT-FOR-US: PopMessenger
CVE-2004-1697 (The &quot;Forgot your Password&quot; link in Computer Associates (CA) Unicenter ...)
	NOT-FOR-US: Computer Associates Unicenter Management Portal
CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...)
	NOT-FOR-US: Symantec
CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ...)
	NOT-FOR-US: Mambo
CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...)
	NOT-FOR-US: Mambo
CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...)
	- sudo 1.6.8p3-1
CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Pigeon Server
CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...)
	NOT-FOR-US: SMC router
CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...)
	NOT-FOR-US: Zyxel
CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
	NOT-FOR-US: crrtrap
CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...)
	NOT-FOR-US: QNX FTP
CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...)
	NOT-FOR-US: QNX
CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...)
	NOT-FOR-US: TwinFTP
CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
	NOT-FOR-US: Serv-U FTP
CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
	NOT-FOR-US: Subjects
CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
	NOT-FOR-US: Halo Combat Evolved
CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
	NOT-FOR-US: PsNews
CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Call of Duty
CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
	NOT-FOR-US: Engenio/LSI Logic storage controllers
CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: YaBB
CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
	NOT-FOR-US: MailWorks
CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier ...)
	NOT-FOR-US: CuteNews
CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
	NOT-FOR-US: CuteNews
CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
	NOT-FOR-US: DasBlog
CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
	NOT-FOR-US: Comersus Shopping Cart
CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
	- openssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
	NOTE: See bug #296547 for details
CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
	NOT-FOR-US: D-Link DCS-900
CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
	NOT-FOR-US: Msinfo32.exe
CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
	NOT-FOR-US: Password Protect
CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
	NOT-FOR-US: Password Protect
CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
	NOT-FOR-US: Xedus
CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
	NOT-FOR-US: Xedus
CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
	NOT-FOR-US: Xedus
CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
	NOT-FOR-US: Titan
CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
	NOT-FOR-US: XOOPS
CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
	NOT-FOR-US: Thomson cable modem
CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
	- krb4 <unfixed> (unimportant)
	[woody] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb4 <no-dsa> (Documented behaviour in MIT Kerberos)
	- krb5 1.8.3+dfsg-4 (unimportant)
	[woody] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	[sarge] - krb5 <no-dsa> (Documented behaviour in MIT Kerberos)
	- netkit-telnet <not-affected> (netkit-telnet is not affected)
	NOTE: telnet code was removed earlier than 1.8.3, but that's the version that was available to check
CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
	NOTE: This is not a real security issue; it just describes the fact that the Gecko
	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
	NOTE: during transfer any user will cancel the transfer and if you load it from the
	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
	NOTE: generally try to make sense of anything even remotely resembling HTML.
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
	NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
	NOT-FOR-US: Hawking Technologies HAR11A modem/router
CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
	NOT-FOR-US: WvTftp
CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
	- bugzilla 2.16.7
CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
	- moniwiki 1.0.9
CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
	NOT-FOR-US: Dwc_articles
CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
	- rssh 2.2.2
CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
	NOT-FOR-US: ability server
CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
	NOT-FOR-US: ability server
CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
	NOT-FOR-US: pGina
CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
	NOT-FOR-US: Carbon Copy
CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
	NOT-FOR-US: UBB.threads
CVE-2004-1621 (** DISPUTED ** ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows ...)
	NOT-FOR-US: Serendipity
CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
	NOT-FOR-US: Privateer's Bounty: Age of Sail II
CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Tonecast
CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers ...)
	{DSA-1077-1 DSA-1076-1}
	- lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low)
	- lynx-cur 2.8.6-6 (low)
	- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
	- links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
	NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
	- mozilla-firefox <not-affected> (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6)
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
	NOTE: example page did not bother firefox 1.0+dfsg.1-6
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
	- proftpd 1.2.10-4
CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
	NOT-FOR-US: coolphp
CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
	NOT-FOR-US: Acrobat
CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
	NOT-FOR-US: RIM Blackberry
CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
	NOT-FOR-US: 3COM router
CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
	NOT-FOR-US: ShixxNote
CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
	NOT-FOR-US: SCT email client
CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...)
	- ocportal <itp> (bug #625865)
CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
	NOT-FOR-US: Micronet Wireless Router
CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: clientexec
CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
	NOT-FOR-US: GoSmart
CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
	NOT-FOR-US: GoSmart
CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
	NOT-FOR-US: Monolith Games
CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
	- wordpress 1.2.1-1.1
CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
	NOT-FOR-US: FTP server in TriDComm
CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
	NOT-FOR-US: CubeCart
CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: CubeCart
CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
	NOT-FOR-US: phplinks
CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
	NOT-FOR-US: Judge Dredd
CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
	- xerces25 2.5.0-4
	- xerces24 2.4.0-4
	- xerces23 <not-affected> (not affected, see bug #296432)
	- xerces21 <not-affected> (not affected, see bug #296466)
CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
	NOT-FOR-US: Vypress
CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
	NOT-FOR-US: bBlog
CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
	NOT-FOR-US: dbPowerAmp
CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
	NOT-FOR-US: Parachat
CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
	NOT-FOR-US: w-Agora
CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
	NOT-FOR-US: w-Agora
CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
	NOT-FOR-US: w-Agora
CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
	NOT-FOR-US: w-Agora
CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
	- icecast2 2.0.2.debian-1
CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
	- wordpress 1.2.2-1.1
CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 ...)
	NOT-FOR-US: YahooPOPS
CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
	NOT-FOR-US: BroadBoard Instant ASP Message Board
CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex ...)
	NOT-FOR-US: @lex GuestBook
CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
	NOT-FOR-US: aspWebAlbum
CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
	NOT-FOR-US: aspWebCalendar
CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...)
	NOT-FOR-US: PafileDB
CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
	NOT-FOR-US: Motorola Router
CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
	NOT-FOR-US: ActivePost
CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
	NOT-FOR-US: ActivePost
CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
	NOT-FOR-US: ActivePost
CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
	NOT-FOR-US: MDaemon
CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
	- moniwiki 1.0.9-4
CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
	NOT-FOR-US: Kyako ESupport
CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
	NOT-FOR-US: Tarantella Secure Global Desktop
CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...)
	NOT-FOR-US: paNews
CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
	NOT-FOR-US: GProFTPD
CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
	NOT-FOR-US: Glftpd
CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...)
	NOT-FOR-US: TrackerCam
CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...)
	NOT-FOR-US: hpm_guestbook.cgi
CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...)
	NOT-FOR-US: paFAQ
CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...)
	- webcalendar 0.9.45-3
CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
	- gaim 1:1.1.3-1
CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
	{DSA-716-1}
	- gaim 1:1.1.3-1
CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
	NOT-FOR-US: SUN JRE
CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
	- wpasupplicant 0.3.8-1
CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
	- krb4 1.2.2-11.2 (bug #306141)
	- krb5 1.3.6-2
	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
	- netkit-telnet 0.17-28
	- heimdal 0.6.3-10
CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
	{DSA-731-1 DSA-703-1}
	- krb5 1.3.6-2
	- krb4 1.2.2-11.2 (bug #306141)
CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)
	- putty 0.57-1
CVE-2005-0466
	RESERVED
CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
	NOT-FOR-US: SGI IRIX
CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...)
	- jspwiki 2.0.52-8
CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...)
	NOT-FOR-US: SecureCRT
CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...)
	NOT-FOR-US: ZyXEL Routers
CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...)
	NOT-FOR-US: Halo: Combat Evolved
CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...)
	NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
	NOT-FOR-US: DMS POP3
CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...)
	NOT-FOR-US: AppServ
CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...)
	NOT-FOR-US: MSIE
CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...)
	NOT-FOR-US: Hired Team
CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...)
	NOT-FOR-US: Hired Team
CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...)
	NOT-FOR-US: Hired Team
CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...)
	NOT-FOR-US: Army Men RTS
CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...)
	NOT-FOR-US: Eudora
CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...)
	NOT-FOR-US: phpBugTracker
CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...)
	NOT-FOR-US: Zone Labs IMsecure
CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...)
	NOT-FOR-US: vBulletin
CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...)
	NOT-FOR-US: Hotfoon
CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...)
	- webcalendar 0.9.45-1
CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...)
	- webcalendar 0.9.45-1
CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...)
	- webcalendar 0.9.45-1
CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
	- webcalendar 0.9.45-1
CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
	- webcalendar 0.9.45-1
CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...)
	NOT-FOR-US: JAF
CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...)
	NOT-FOR-US: JAF
CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...)
	NOT-FOR-US: Lithtech
CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...)
	NOT-FOR-US: HELM
CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
	NOT-FOR-US: HELM
CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...)
	NOT-FOR-US: XDICT
CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2005-0463 (Unknown &quot;major security flaws&quot; in Ulog-php before 1.0, related to ...)
	NOT-FOR-US: ulog-php
CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
	NOT-FOR-US: NewsBruiser
CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
	- phpmyadmin 4:2.6.2 (unimportant)
	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki@netia.net.pl> :
	NOTE: I think it is not a problem on Debian as far as everybody knows the full
	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
	- oscommerce <itp> (bug #532489)
CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
	NOT-FOR-US: Opera
CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
	NOT-FOR-US: Opera
CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
	NOT-FOR-US: Opera
CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
	NOT-FOR-US: Opera
CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
	NOT-FOR-US: Opera
CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
	NOT-FOR-US: Real
CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
	NOT-FOR-US: DCP-Portal
CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
	NOT-FOR-US: Lighttpd
CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
	NOT-FOR-US: Sami HTTP Server
CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
	{DSA-1018-1 DSA-1017-1}
	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
	{DSA-1678-1 DSA-696-1}
	- perl 5.8.4-7
CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
	NOT-FOR-US: Quake 3
CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
	{DSA-688-1}
	- squid 2.5.8-3
CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...)
	- openwebmail <removed>
CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...)
	NOT-FOR-US: VMware
CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...)
	NOT-FOR-US: CubeCart
CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...)
	NOT-FOR-US: CubeCart
CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...)
	NOT-FOR-US: Sybase
CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
	- elog 2.5.7+r1558-1
CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...)
	- elog 2.5.7+r1558-1
CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...)
	- awstats 6.3-1
CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
	- awstats 6.3-1
CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...)
	- awstats 6.3-1
CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...)
	- awstats 6.3-1
CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
	NOT-FOR-US: PHP-Nuke
CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...)
	NOT-FOR-US: Barracuda Spam Firewall
CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
	- pdns 2.9.16-6
CVE-2005-0427 (The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the ...)
	- webmin <not-affected> (Gentoo specific)
CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
	NOT-FOR-US: Solaris
CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
	NOT-FOR-US: Websphere
CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...)
	NOT-FOR-US: ASPjar Guestbook
CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...)
	NOT-FOR-US: DelphiTurk
CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...)
	NOT-FOR-US: 3com
CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
	NOT-FOR-US: Sun Java
CVE-2005-0417 (Unknown &quot;high risk&quot; vulnerability in DB2 Universal Database 8.1 and ...)
	NOT-FOR-US: IBM DB2
CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
	NOT-FOR-US: Windows
CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...)
	NOT-FOR-US: Emdros
CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
	NOT-FOR-US: MyPHP Forum
CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
	NOT-FOR-US: Spidean PostWrap
CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
	NOT-FOR-US: Openconf
CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
	- imagemagick <unfixed> (bug #298051; unimportant)
	NOTE: <Maulkin> The EXIF spec says "if your app can't handle $foo, don't touch $foo"
	NOTE: <Piet> 'convert -strip' will remove exif data according to http://web.archive.org/web/20130922031724/http://www.imagemagick.org:80/pipermail/magick-users/2006-May/017538.html
CVE-2005-0405
	RESERVED
CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
	- kdepim 3.4-1 (bug #305601; low)
	[sarge] - kdepim <no-dsa> (Hardly exploitable)
	NOTE: According to the KDE bug the URL bar in 3.4 cannot be manipulated. Kmail also
	NOTE: warns that HTML mails introduce the risk of phishing. This could as well
	NOTE: be unimportant
CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...)
	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
	- mozilla-firefox 1.0.2-1
CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.11.6)
	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
	- mozilla-firefox 1.0.2-1
	- mozilla-thunderbird 1.0.2-1
CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
	- ipsec-tools 1:0.5-5
CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
	{DSA-702-1}
	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
	- graphicsmagick 1.1.7-1
CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
	NOTE: fix in -4 was broken
	- kdelibs 4:3.3.2-6
CVE-2005-0395
	REJECTED
CVE-2005-0394
	RESERVED
CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
	{DSA-733-1}
	- crip 3.5-1sarge2 (low)
CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
	{DSA-725-2 DSA-725-1}
	- ppxp 0.2001080415-11
CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
	{DSA-712-1}
	- geneweb 4.10-7 (bug #304405)
CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
	{DSA-706-1}
	- axel 1.0b-1
CVE-2005-0389
	REJECTED
CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
	{DSA-704-1}
	- remstats 1.0.13a-5
CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
	{DSA-700-1}
	- mailreader 2.3.29-11
CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
	{DSA-693-1}
	- luxman 0.41-20 (bug #299857)
CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...)
	- wget 1.9.1-11
CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
	- wget 1.9.1-11
CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
	NOT-FOR-US: Trend Micro Control Manager
CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Breed game
CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
	NOT-FOR-US: forumKIT
CVE-2005-0380 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
	NOT-FOR-US: ZeroBoard
CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
	- horde2 <not-affected>
	- horde3 3.0.1-1
CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
	NOT-FOR-US: sgallery
CVE-2005-0376 (PHP remote file inclusion vulnerability in SGallery 1.01 allows local ...)
	NOT-FOR-US: sgallery
CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
	NOT-FOR-US: sgallery
CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
	NOT-FOR-US: bitboard
CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
	NOTE: cyrus-sasl2 already has patch applied
	NOTE: oldstable version not affected, thus marking it as done with the oldstable version
	- cyrus-sasl <not-affected> (cyrus-sasl code seems too old for any of the problems to apply)
	- cyrus-sasl2 2.1.19.dfsg1-0sarge2
CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...)
	{DSA-686-1}
	- gftp 2.0.18-1
	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
	- armagetron 0.2.8.2.1-1 (bug #296840; low)
	[sarge] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
	[etch] - armagetron <no-dsa> (Remaining vulnerabilities are minor)
CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but oldstable is affected
CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
	- armagetron 0.2.7.0-1
	NOTE: Sarge has this version number, but olstable is affected
CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
	NOT-FOR-US: CMScore
CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
	- gnupg 1.4.1-1
CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
	- bind9 <not-affected> (Bind on hp-ux)
CVE-2005-0361
	RESERVED
CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
	NOT-FOR-US: Microsoft
CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
	NOT-FOR-US: EMC Legato
CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
	- linux-2.6 <not-affected> (Linux is not vulnerable, see #310804)
	- kernel-source-2.4.27 <not-affected> (Linux is not vulnerable, see #310804)
	- kfreebsd5-source 5.3-15 (medium)
CVE-2005-0355
	RESERVED
CVE-2005-0354
	RESERVED
CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
	NOT-FOR-US: Sentinel License Manager
CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
	NOT-FOR-US: Servers Alive
CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...)
	NOT-FOR-US: SCO OpenServer
CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
	NOT-FOR-US: BrightStor ARCserve Backup
CVE-2004-9999
	REJECTED
CVE-2004-9998
	REJECTED
CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped)
	- atftp <not-affected> (atftp checks h_length)
	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
	- tftp-hpa <not-affected> (bug #295297; not exploitable)
	NOTE: The address length comes from libc, not the network.
CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
	- socat 1.4.0.3-1
CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
	NOT-FOR-US: BNC irc proxy
CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
	NOT-FOR-US: Real
CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
	NOT-FOR-US: HP StorageWorks Command View XP
CVE-2004-1479
	REJECTED
CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
	NOT-FOR-US: JRun
CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
	NOT-FOR-US: JRun
CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
	- xine-lib 1-rc6
	- vlc <not-affected> (affected part of xine-lib code copy not present)
	- libcdio 0.69
CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
	- xine-lib 1-rc6
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
	- cvs 1:1.12.9
CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
	NOT-FOR-US: snipsnap
CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
	NOT-FOR-US: SUS
CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
	- webmin 1.160
	- usermin 1.090
CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
	- egroupware 1.0.00.004
CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
	- gallery 1.4.4-pl2
CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
	NOT-FOR-US: WinZip
CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
	- moin 1.2.3-1
CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
	- moin 1.2.3-1
CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
	NOT-FOR-US: Cisco
CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
	NOT-FOR-US: Cisco
CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
	NOT-FOR-US: Cisco
CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
	NOT-FOR-US: Cisco
CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
	NOT-FOR-US: Novell
CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
	- cvstrac 1.1.4-1
CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
	- xine-lib 1-rc5-1.1
	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
	NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
	- glibc 2.3.5 (bug #272210; unimportant)
	NOTE: according to GOTO Masanori this is not a security problem
	NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
	NOTE: Although not a real issue we should play safe with 2.3.5, where the code
	NOTE: was reorganized
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
	- mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
	- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
	- mozilla 2:1.7-1
CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
	NOT-FOR-US: ScreenOS
CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
	- nessus-core 2.0.12-1
CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
	- roundup 0.7.3-1
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
	- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
	NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
	NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
	- putty 0.56-1
CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
	NOT-FOR-US: BlackJumboDog
CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
	- subversion 1.0.6-1
CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
	- pavuk 0.9pl28-3.1
CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
	NOT-FOR-US: Cisco
CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
	NOT-FOR-US: Cisco
CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
	NOT-FOR-US: FormMail.php != nms-formmail
CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in ...)
	NOT-FOR-US: Arcade.php
CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
	- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 ...)
	- moodle 1.4.3-1
CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor ...)
	NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and ...)
	NOT-FOR-US: ZeroBoard
CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
	NOT-FOR-US: WPKontakt
CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
	NOT-FOR-US: PsychoStats
CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
	NOT-FOR-US: RealOne IE plugin
CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
	NOT-FOR-US: 2Bgal
CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
	NOT-FOR-US: Kayako
CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
	NOT-FOR-US: Kayako
CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
	NOT-FOR-US: Ikonboard
CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 ...)
	NOT-FOR-US: GNUBoard
CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
	NOT-FOR-US: iWebNegar
CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
	NOT-FOR-US: Asp-rider
CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
	NOT-FOR-US: ASP Calendar
CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...)
	NOT-FOR-US: MacOSX
CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
	- usemod-wiki 1.0-6
CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
	NOT-FOR-US: Winamp
CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
	NOT-FOR-US: Lithtech engine
CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
	- monit 1:4.2.1-1
CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
	- monit 1:4.2.1-1
CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
	- kdelibs 4:3.3.2-2
CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
	{DSA-682-1}
	- awstats 6.2-1.2
CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
	- awstats 6.2-1.2
	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
	NOT-FOR-US: Woltlab Burning Book
CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
	NOT-FOR-US: RealArcade
CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
	NOT-FOR-US: RealArcade
CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
	NOT-FOR-US: SafeNet
CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
	NOT-FOR-US: php-fusion
CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
	NOT-FOR-US: PerlDesk
CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
	NOT-FOR-US: Apple
CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
	NOT-FOR-US: Apple
CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
	NOT-FOR-US: Apple
CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Foxmail
CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
	NOT-FOR-US: Savant Web Server
CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
	- postfix 2.1.4-5
CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
	NOT-FOR-US: Linksys
CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
	NOT-FOR-US: LanChat
CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
	NOT-FOR-US: DeskNow Mail server
CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
	NOT-FOR-US: Winrar
CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
	NOT-FOR-US: Painkiller
CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
	NOT-FOR-US: ZipGenius
CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
	NOT-FOR-US: Netgear
CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
	NOT-FOR-US: PafileDB
CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: PafileDB
CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
	NOT-FOR-US: Xpand Rally
CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
	NOT-FOR-US: Infinite Mobile Delivery Webmail
CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
	NOT-FOR-US: Merak Mail server
CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
	NOT-FOR-US: Webadmin
CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
	NOT-FOR-US: Webadmin
CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
	NOT-FOR-US: Webadmin
CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
	NOT-FOR-US: WebWasher
CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
	NOT-FOR-US: Magic Winmail
CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
	NOT-FOR-US: WarFTPD under NT
CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
	NOT-FOR-US: Ingate
CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Exponent
CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
	NOT-FOR-US: Exponent
CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
	NOT-FOR-US: W32Dasm
CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: MercuryBoard
CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
	NOT-FOR-US: Siteman
CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
	NOT-FOR-US: DivX Player
CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
	NOT-FOR-US: BackOffice Lite
CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
	- jsboard 2.0.10-1
CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
	- gforge 3.1-26
CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
	NOT-FOR-US: Oracle
CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
	NOT-FOR-US: Oracle
CVE-2005-0296 (** DISPUTED ** ...)
	NOT-FOR-US: Novell
CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
	NOT-FOR-US: nProtect
CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Minis
CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
	NOT-FOR-US: Minis
CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
	NOT-FOR-US: phpGiftReg
CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
	NOT-FOR-US: NetGear
CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
	NOT-FOR-US: NetGear
CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
	NOT-FOR-US: Apple
CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
	NOT-FOR-US: eMotion MediaPartner
CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
	NOT-FOR-US: BottomLine WebSeries
CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
	NOT-FOR-US: QwikiWiki
CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
	NOT-FOR-US: MyBB (aka MyBulletinBoard)
CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
	NOT-FOR-US: Soldner Secret
CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
	NOT-FOR-US: 3COM 3CDaemon
CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
	NOT-FOR-US: PhotoPost
CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
	NOT-FOR-US: ReviewPost
CVE-2005-0269 (The file extension check in GNUBoard 3.40 and earlier only verifies ...)
	NOT-FOR-US: GNUBoard
CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
	NOT-FOR-US: FlatNuke
CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
	NOT-FOR-US: OWL intranet
CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...)
	NOT-FOR-US: AIX
CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
	NOT-FOR-US: AIX
CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
	NOT-FOR-US: ARCserve Backup
CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...)
	- phpbb2 2.0.12-1
CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
	- phpbb2 2.0.12-1
CVE-2005-0257
	RESERVED
CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 ...)
	{DSA-705-1}
	- wu-ftpd 2.6.2-19
CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
	- mozilla-firefox 1.0.1
	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
	- mozilla 2:1.7.6
CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
	NOT-FOR-US: BibORB
CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
	NOT-FOR-US: BibORB
CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
	NOT-FOR-US: BibORB
CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
	NOT-FOR-US: BibORB
CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
	NOT-FOR-US: AIX
CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)
	NOT-FOR-US: Symantec AntiVirus Library
CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
	NOT-FOR-US: Solaris
CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
	{DSA-683-1}
	- postgresql 7.4.7-2
CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...)
	- postgresql 7.4.7-1
CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...)
	{DSA-683-1}
	- postgresql 7.4.7-1
CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
	- postgresql 7.4.7-1
CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...)
	NOT-FOR-US: Yahoo! Messenger
CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...)
	- squid 2.5.7-7
CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)
	NOT-FOR-US: Solaris
CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Solaris
CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...)
	NOT-FOR-US: Solaris
CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...)
	NOT-FOR-US: Solaris
CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...)
	NOT-FOR-US: Solaris
CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...)
	NOT-FOR-US: Solaris
CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
	NOT-FOR-US: Solaris
CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
	NOT-FOR-US: Solaris
CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...)
	NOT-FOR-US: Solaris
CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...)
	NOT-FOR-US: Solaris
CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
	NOT-FOR-US: Solaris
CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...)
	NOT-FOR-US: Solaris
CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
	NOT-FOR-US: Solaris
CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
	NOT-FOR-US: Solaris
CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...)
	NOT-FOR-US: Solaris
CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...)
	NOT-FOR-US: Solaris
CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
	NOT-FOR-US: Solaris
CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...)
	NOT-FOR-US: Solaris
CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...)
	NOT-FOR-US: Solaris
CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
	NOT-FOR-US: Solaris
CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
	NOT-FOR-US: Mailtool for OpenWindows
CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...)
	NOT-FOR-US: Solaris
CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...)
	NOT-FOR-US: Solaris
CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...)
	NOT-FOR-US: Solaris
CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...)
	NOT-FOR-US: Solaris
CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
	NOT-FOR-US: AIX
CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
	NOT-FOR-US: S/MIME plugin
CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
	- epiphany-browser 1.4.8-2
CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...)
	- kdelibs 4:3.3.2-3
CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
	NOT-FOR-US: Omniweb
CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...)
	NOT-FOR-US: Opera
CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...)
	NOT-FOR-US: Safari
CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...)
	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
	NOTE: solution in the future
	- mozilla-firefox 1.0.1-1
	- mozilla 2:1.7.6-1
CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
	- mozilla-firefox 1.0+dfsg.1-6
CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers
	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
	- mozilla-firefox <not-affected> (Affects only Firefox on Windows)
CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
	NOT-FOR-US: CitrusDB
CVE-2005-0228
	REJECTED
CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
	{DSA-668-1}
	- postgresql 7.4.7-1
CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
	- firehol 1.214-4
CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
	NOT-FOR-US: HP-UX
CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
	- gallery 1.4.4-pl5-1
CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
	NOT-FOR-US: Invision Community Blog
CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
	NOT-FOR-US: Woltlab Burning Board Lite
CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
	- mozilla <not-affected> (Mozilla 1.6 for Windows)
CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
	NOT-FOR-US: SPHPBlog
CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
	NOT-FOR-US: WinHKI
CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-15
	- kernel-source-2.4.27 2.4.27-9 (bug #300838)
CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9
CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
	- gaim 1:1.1.4
CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
	- xpdf <not-affected> (Initial Debian fix was already correct)
	- gpdf <not-affected> (Initial Debian fix was already correct)
	- kdegraphics <not-affected> (Initial Debian fix was already correct)
	- tetex-bin <not-affected> (Initial Debian fix was already correct)
	- pdftohtml <not-affected> (Initial Debian fix was already correct)
	- cups 1.1.22-7
	- cupsys 1.1.22-7
	NOTE: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
	NOTE: cupsys uses an external xpdf now.
CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
	{DSA-692-1}
	- kdenetwork 4:3.1.6
CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-9 (bug #296700; high)
CVE-2005-0203
	REJECTED
CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
	{DSA-674-1}
	- mailman 2.1.5-6
CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
	- dbus 0.22
CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
	NOT-FOR-US: TikiWiki
CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
	NOT-FOR-US: ngIRCd
CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
	NOT-FOR-US: Cisco
CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
	NOT-FOR-US: Cisco
CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
	{DSA-667-1}
	- squid 2.5.7-7
CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
	NOT-FOR-US: mRouter in iSync in OS X
CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
	NOT-FOR-US: RealPlayer
CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
	NOT-FOR-US: AtHoc toolbar
CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
	NOT-FOR-US: Cisco
CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
	NOT-FOR-US: NodeManager Professional
CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
	NOT-FOR-US: vacation plugin
CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
	NOT-FOR-US: mod_dosevasive module for apache
CVE-2005-0181
	RESERVED
CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
	[sarge] - kernel-source-2.6.8 2.6.8-12
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (intlen and outlen are unsigned in 2.4)
CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
	[sarge] - kernel-source-2.6.8 <not-affected> (Vulnerable code was only introduced in 2.6.9)
	- linux-2.6 <not-affected> (Fixed before initial release)
CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...)
	- kernel-source-2.4.27 <not-affected> (v2.4 is safe because back there current->signal was not shared.)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
	- kernel-source-2.4.27 <not-affected> (According to joshk, doesn't apply to 2.4.27)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8.1)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
	- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
	NOT-FOR-US: Veritas NetBackup Administrative Assistant
CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...)
	- gpsd 2.7-4
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
	- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
	NOT-FOR-US: TikiWiki
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
	- phpgroupware 0.9.16.005-1 (unimportant)
	NOTE: path disclosure only, path is known on Debian anyway
CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...)
	- glibc 2.3.2.ds1-19
CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
	- clamav 0.81
CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
	- uw-imap 7:2002edebian1-6
CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
	{DSA-667-1}
	- squid 2.5.7-6
CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
	- squid 2.5.7-6
CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
	{DSA-667-1}
	- squid 2.5.7-4
CVE-2005-0172
	REJECTED
CVE-2005-0171
	REJECTED
CVE-2005-0170
	REJECTED
CVE-2005-0169
	REJECTED
CVE-2005-0168
	REJECTED
CVE-2005-0167
	REJECTED
CVE-2005-0166
	REJECTED
CVE-2005-0165
	REJECTED
CVE-2005-0164
	RESERVED
CVE-2005-0163
	RESERVED
CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
	- openswan 2.3.0-2
	- freeswan <not-affected>
CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...)
	- unace 1.2b-3
CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...)
	- unace 1.2b-3
CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
	{DSA-679-1}
	- toolchain-source 3.4-5
CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
	{DSA-687-1}
	- bidwatcher 1.3.17-1
CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
	{DSA-720-1}
	- smartlist 3.15-18
CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
	- perl 5.8.4-6
CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...)
	- perl 5.8.4-6
	- mooix 1.0rc5.pre4
CVE-2005-0154
	RESERVED
CVE-2005-0153
	RESERVED
CVE-2005-0152 (PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows ...)
	{DSA-662-1}
	- squirrelmail 1:1.2.7-1
	NOTE: This bug exists only in version 1.2.6.
CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
	NOT-FOR-US: Adobe License Management Software
CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
	- mozilla-firefox 1.0
CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...)
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.4
CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
	- mozilla-thunderbird <not-affected> (Affects only Thunderbird on Windows)
CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...)
	- mozilla-firefox 1.0
CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...)
	- mozilla-firefox 1.0
	- mozilla-thunderbird 0.7
	- mozilla 2:1.7.5
CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
	NOT-FOR-US: PeID
CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
	NOT-FOR-US: Irix
CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
	NOT-FOR-US: Irix
CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
CVE-2005-0136 (The Linux kernel before 2.6.11 on the Itanium IA64 platform has ...)
	[sarge] - kernel-source-2.6.8 2.6.8-14
	- linux-2.6 2.6.11
CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
	{DSA-1082-1 DSA-1070-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
	- clamav 0.80-0.81rc1-1
CVE-2005-0132
	RESERVED
CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
	- konversation 0.15-3
CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
	- konversation 0.15-3
CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
	- konversation 0.15-3
CVE-2005-0128
	REJECTED
CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
	NOT-FOR-US: MacOS
CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
	NOT-FOR-US: MacOS
CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
	NOT-FOR-US: MacOS
CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 2.6.12-1
CVE-2005-0123
	REJECTED
CVE-2005-0122
	REJECTED
CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
	NOT-FOR-US: golddig
CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
	NOT-FOR-US: helvis
CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
	NOT-FOR-US: helvis
CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
	NOT-FOR-US: helvis
CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
	- xshisen 1.51-1-1.1 (bug #289784)
CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
	- awstats 6.2-1.1
CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
	NOT-FOR-US: DataRescue Interactive Disassembler
CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
	NOT-FOR-US: ZoneAlarm
CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
	NOT-FOR-US: IRIX
CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...)
	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
	NOTE: attack, paranoid people should disable hyper threading
	- kfreebsd5-source 5.3-11
CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
	{DSA-659-1}
	- libapache-mod-auth-radius 1.5.7-6
	- libpam-radius-auth 1.3.16-3
CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
	{DSA-690-1}
	- bsmtpd 2.3pl8b-16
CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
	- libnet-ssleay-perl 1.25-1.1
CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
	{DSA-684-1}
	- typespeed 0.4.4-8
CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
	{DSA-662-1}
	- squirrelmail 2:1.4.4
CVE-2005-0103 (PHP remote file inclusion vulnerability in webmail.php in SquirrelMail ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
	{DSA-673-1}
	- evolution 2.0.3-1.2 (bug #295548)
CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
	- newspost 2.1.1-2
CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
	{DSA-685-1 DSA-671-1 DSA-670-1}
	- emacs21 21.3+1-9
	- xemacs21 21.4.16-2
CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
	{DSA-691-1}
	- abuse <removed>
CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
	- squid 2.5.7-4
CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
	- squid 2.5.7-4
CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
	{DSA-651-1}
	- squid 2.5.7-4
CVE-2005-0093
	REJECTED
CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
	- linux-2.6 <not-affected> (Apparently specific to Red hat hugemem kernel)
CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
	{DSA-666-1}
	- python2.2 2.2.3-14
	- python2.3 2.3.4+2.3.5c1-2
	- python2.4 2.4-5
CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
	{DSA-689-1}
	- libapache2-mod-python 3.1.3-3
	- libapache-mod-python 2:2.7.10-4
CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
	- alsa-lib 1.0.9-1 (unimportant)
CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
	- less <not-affected> (Red Hat specific less bug)
CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
	{DSA-680-1}
	- htdig 1:3.1.6-11 (bug #305996)
CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
	{DSA-653-1}
	- ethereal 0.10.9-1
CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
	- maxdb-7.5.00 7.5.00.24-1
CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
	- maxdb-7.5.00 7.5.00.21-1
CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
	{DSA-657-1}
	- xine-lib 1-rc6a-1
CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
	- jabber 1.4.3-3 (unimportant)
	NOTE: We do not ship jadc2s.
CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: mod_access_referer
CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
	- xshisen 1.51-1-1 (bug #213957)
CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
	- mailman 2.1.5-5
CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
	{DSA-649-1}
	- xtrlock 2.0-9
CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...)
	{DSA-660-1}
	- kdebase 4:3.0.5
CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
	{DSA-658-1}
	- libdbi-perl 1.46-6
CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
	{DSA-672-1}
	- xview 3.2p1.4-19
CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
	- squirrelmail 2:1.4.4-1
CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
	{DSA-676-1}
	- xpcd 2.08-11.1 (bug #294793)
CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
	{DSA-677-1}
	- sympa 4.1.2-2.1
CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
	{DSA-655-1}
	- zhcon 1:0.2.3-8.1 (bug #292210)
CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...)
	{DSA-656-1}
	- vdr 1.2.6-6
CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...)
	{DSA-681-1}
	- synaesthesia 2.1-3
	NOTE: does not apply for sarge, program is not setuid anymore
CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...)
	- vim 1:6.3-058+1
CVE-2005-0068 (The original design of ICMP does not require authentication for ...)
	NOTE: general icmp design error
CVE-2005-0067 (The original design of TCP does not require that port numbers be ...)
	NOTE: general tcp design error, no indication it affects linux
CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
	NOTE: general tcp design error
CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
	NOTE: general tcp design error
CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
	{DSA-648-1 DSA-645-1}
	- xpdf 3.00-13
	- gpdf 2.8.2-1.2
	- pdftohtml 0.36-11
	- kdegraphics 4:3.3.2-2
	- tetex-bin 2.0.2-26
	- cupsys 1.1.22-6 (bug #324459)
	- cups 1.1.22-6 (bug #324459)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.23-13, the dormant code in the source
	NOTE: package was fixed.
CVE-2005-0063 (The document processing application used by the Windows Shell in ...)
	NOT-FOR-US: Microsoft
CVE-2005-0062
	RESERVED
CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
	NOT-FOR-US: TAPI for Windows
CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)
	NOT-FOR-US: Microsoft
CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...)
	NOT-FOR-US: Microsoft
CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2005-0052
	RESERVED
CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...)
	NOT-FOR-US: Microsoft
CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly &quot;validate the use ...)
	NOT-FOR-US: Microsoft
CVE-2005-0046
	RESERVED
CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
	NOT-FOR-US: Microsoft
CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
	NOT-FOR-US: Microsoft
CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
	NOT-FOR-US: iTunes
CVE-2005-0042
	RESERVED
CVE-2005-0041
	RESERVED
CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
	NOT-FOR-US: DotNetNuke
CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
	NOTE: These are known issues of IPSEC and basically every VPN system using
	NOTE: encryption without authentication.
	NOTE: openswan even prevents such configurations
CVE-2005-0038 (The DNS implementation of PowerDNS 2.9.16 and earlier allows remote ...)
	- pdns 2.9.17-1
CVE-2005-0037 (The DNS implementation of DNRD before 2.10 allows remote attackers to ...)
	NOT-FOR-US: dnrd
CVE-2005-0036 (The DNS implementation in DeleGate 8.10.2 and earlier allows remote ...)
	NOT-FOR-US: DeleGate
CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
	NOT-FOR-US: Adobe
CVE-2005-0034 (An &quot;incorrect assumption&quot; in the authvalidated validator function in ...)
	- bind9 1:9.3.1
	[woody] - bind9 <not-affected>
	[sarge] - bind9 <not-affected>
	NOTE: only affects bind9 9.3.0, sarge and woody have an earlier versions
CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
	- bind 1:8.4.6-1
CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
	NOT-FOR-US: MSIE
CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
	NOT-FOR-US: NetBSD
CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
	NOT-FOR-US: Shoutcast
CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
	NOT-FOR-US: IBM DB2
CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
	NOT-FOR-US: Oracle
CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
	NOT-FOR-US: Oracle
CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
	NOT-FOR-US: Oracle
CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
	NOT-FOR-US: Oracle
CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
	NOT-FOR-US: Oracle
CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
	NOT-FOR-US: Oracle
CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
	NOT-FOR-US: Oracle
CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
	NOT-FOR-US: Oracle
CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
	NOT-FOR-US: Oracle
CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
	NOT-FOR-US: Windows
CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
	NOT-FOR-US: Solaris
CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
	NOT-FOR-US: Solaris
CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
	NOT-FOR-US: ssh on Solaris
CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
	NOT-FOR-US: Solaris
CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
	NOT-FOR-US: Solaris
CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
	NOT-FOR-US: Solaris
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
	NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
	- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
	- xfree86 <not-affected> (xdm on Solaris)
	- xorg-x11 <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
	NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CVE-2004-1344
	REJECTED
CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
	{DSA-711-1}
	- info2www 1.2.2.9-23 (bug #281655)
CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
	{DSA-659-1}
	- libpam-radius-auth 1.3.16-1.1
CVE-2005-0032
	RESERVED
CVE-2005-0031
	RESERVED
CVE-2005-0030
	RESERVED
CVE-2005-0029
	RESERVED
CVE-2005-0028
	RESERVED
CVE-2005-0027
	RESERVED
CVE-2005-0026
	RESERVED
CVE-2005-0025
	RESERVED
CVE-2005-0024
	RESERVED
CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...)
	- gnome-libs <unfixed> (bug #329156; unimportant)
	- vte <unfixed> (bug #330907; unimportant)
	NOTE: Not considered a security problem, see #329156
CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
	- exim4 4.34-10
CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
	{DSA-637-1 DSA-635-1}
	- exim4 4.34-10
	- exim 3.36-13 (bug #290036)
	- exim-tls <removed>
CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
	{DSA-641-1}
	- playmidi 2.4debian-3
CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
	{DSA-675-1}
	- hztty 2.0-6.1
CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
	{DSA-661-2}
	- f2c 20020621-3.4 (bug #292792)
CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
	{DSA-640-1}
	- gatos 0.0.5-15
CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
	{DSA-650-1}
	- sword 1.5.7-7 (bug #291433)
CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
	- ncpfs 2.2.6-1
CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
	{DSA-665-1}
	- ncpfs 2.2.6-1
CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
	- dillo 0.8.3-1
CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
	- kdeedu 4:3.3.2-2
CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
	- ethereal 0.10.9-1
CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...)
	- ethereal 0.10.9-1
CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...)
	- ethereal 0.10.9-1
CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
	- ethereal 0.10.9-1
CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...)
	- ethereal 0.10.9-1
CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
	{DSA-646-1}
	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
	{DSA-647-1}
	- mysql-dfsg-4.1 4.1.8a-6
	- mysql-dfsg 4.0.23-3
CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 2.4.27-9
	[sarge] - kernel-source-2.6.8 2.6.8-9
CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
	NOT-FOR-US: poppassd_pam
CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	NOTE: i386 and smp specific
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
	NOT-FOR-US: oracle
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
	NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
	- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
	NOT-FOR-US: hpux
CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
	NOT-FOR-US: microsoft
CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
	NOT-FOR-US: AIX
CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
	NOT-FOR-US: AIX
CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: hpux
CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
	NOT-FOR-US: Crystal FTP client
CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
	NOT-FOR-US: Ultrix
CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
	NOT-FOR-US: Microsoft
CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
	NOT-FOR-US: Netbsd
CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
	NOT-FOR-US: Cisco
CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
	NOT-FOR-US: MSIE
CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
	{DSA-627-1}
	- namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
	- netcat <not-affected> (only affects netcat in Windows)
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
	- mozilla 2:1.7.5-1 (bug #288047)
CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
	- phpbb2 2.0.10-3
CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
	NOT-FOR-US: MacOS
CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
	NOT-FOR-US: My Firewall Plus
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
	NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
	{DSA-617-1}
	- tiff 3.6.1-4
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
	- tiff 3.7.0 (low)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
	NOT-FOR-US: Microsoft
CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
	- file 4.12
CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
	NOT-FOR-US: Yanf
CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
	NOT-FOR-US: YAMT
CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
	NOT-FOR-US: xlreader
CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
	- xine-lib 1-rc8-1
	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
	NOT-FOR-US: vilistextum
CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
	NOT-FOR-US: vb2c
CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
	- unrtf 0.19.3-1.1 (bug #287038)
CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
	- groff 1.18.1.1-5
CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
	- uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
	- tnftp 20050625-0.1 (bug #285902; medium)
CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
	NOT-FOR-US: rtf2latex2e
CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
	NOT-FOR-US: ringtonetools
CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
	NOT-FOR-US: qwik-smtpd
CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
	NOT-FOR-US: pgn2web
CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
	{DSA-625-1}
	- pcal 4.8.0-1
CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
	NOT-FOR-US: o3read
CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
	{DSA-623-1}
	- nasm 0.98.38-1.1 (bug #285889)
CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
	NOT-FOR-US: NapShare
CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
	NOT-FOR-US: mplayer
CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
	- mpg123 0.59r-20 (bug #287043)
CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
	NOT-FOR-US: mview
CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
	{DSA-632-1}
	- linpopup 1.2.0-7
CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
	NOT-FOR-US: junkie
CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
	NOT-FOR-US: junkie
CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
	NOT-FOR-US: jpegtoavi
CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
	NOT-FOR-US: jcabc2ps
CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
	NOT-FOR-US: html2hdml
CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
	- filter 2.4.2-1.1
CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
	NOT-FOR-US: dxfscope
CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
	NOT-FOR-US: csv2xml
CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
	NOT-FOR-US: Convex
CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
	{DSA-644-1}
	- chbg 1.5-4
CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
	NOT-FOR-US: ChangePassword
CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
	NOT-FOR-US: bsb2ppm
CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
	NOT-FOR-US: asp2php
CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
	NOT-FOR-US: abctab2ps
CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
	NOT-FOR-US: abcpp
CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
	- abcm2ps 4.8.5-1
CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
	NOT-FOR-US: abc2mtex
CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
	- abcmidi 20050101-1
CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
	NOT-FOR-US: 2fax
CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1253
	RESERVED
CVE-2004-1252
	RESERVED
CVE-2004-1251
	RESERVED
CVE-2004-1250
	RESERVED
CVE-2004-1249
	RESERVED
CVE-2004-1248
	RESERVED
CVE-2004-1247
	RESERVED
CVE-2004-1246
	RESERVED
CVE-2004-1245
	RESERVED
CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2004-1243
	REJECTED
CVE-2004-1242
	REJECTED
CVE-2004-1241
	REJECTED
CVE-2004-1240
	REJECTED
CVE-2004-1239
	REJECTED
CVE-2004-1238
	REJECTED
CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
	- linux-2.6 <not-affected> (Apparently Red Hat specific)
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
	NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
	- mtr 0.67-1
CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
	NOT-FOR-US: paFileDB
CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Remote Execute
CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kreed
CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
	NOT-FOR-US: Blog Torrent
CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
	NOT-FOR-US: IpCop
CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
	NOT-FOR-US: Verisign Payflow Link
CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
	NOT-FOR-US: Orbz
CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
	NOTE: at best a local DOS by the user running fluxbox.
	NOTE: Where's the security hole?
	- fluxbox 0.9.11-1
CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
	NOT-FOR-US: phpCMS
CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
	NOT-FOR-US: phpCMS
CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Opera
CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
	NOTE: memory leak, doubt it's usefully exploitable
	NOTE: did not followup
CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
	NOT-FOR-US: Safari
CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
	NOT-FOR-US: MSIE
CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
	NOT-FOR-US: inShop
CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
	NOT-FOR-US: Insite Inmail
CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to ...)
	NOT-FOR-US: Prevex Home
CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-6
	- linux-2.6 <not-affected> (fixed before initial upload)
	- linux-2.6.24 <not-affected> (fixed before initial upload)
CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
	NOTE: has a misleading entry titled "Fix exploitable hole"
	NOTE: http://www.securityfocus.com/advisories/7579
	NOTE: http://xforce.iss.net/xforce/xfdb/18370
	NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
	{DSA-629-1}
	- krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
	- xine-lib 1-rc8-1
	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
	- xine-lib 1-rc8-1
	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
	{DSA-626-1}
	- tiff 3.6.1-5
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
	{DSA-634-1}
	- hylafax 1:4.2.1-1
CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
	{DSA-622-1}
	- htmlheadline <removed>
CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
	{DSA-678-1}
	- netkit-rwho 0.17-8
CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
	{DSA-615-1}
	- debmake 3.7.7
CVE-2004-1178
	RESERVED
CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
	{DSA-674-1}
	- mailman 2.1.5-5
CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
	NOT-FOR-US: MSIE
CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
	- kdelibs 4:3.3.1-2
	- kdebase 4:3.3.1-3
CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
	{DSA-612-1}
	- a2ps 1:4.13b-4.2 (bug #283134)
CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
	NOT-FOR-US: gentoo mirrorselect
CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
	{DSA-631-1}
	- kdelibs 4:3.3.2-1
CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
	NOT-FOR-US: Cisco
CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
	- scponly 4.0-1
CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
	- rssh 2.2.3-1
CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
	NOT-FOR-US: Netscape
CVE-2004-1159
	REJECTED
CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
	- kdelibs 4:3.3.1-3
	- kdebase 4:3.3.1-4
CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
	NOT-FOR-US: Opera
CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...)
	- mozilla 2:1.7.6-1
	- mozilla-firefox 1.0.1
CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
	NOT-FOR-US: Microsoft MSIE
CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
	{DSA-701-1}
	- samba 3.0.10-1
CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
	NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
	- phpmyadmin 2:2.6.1-rc1-1
CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
	- phpmyadmin 2:2.6.1-rc1-1
CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...)
	- cvstrac 1.1.5
CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...)
	- kdelibs 4:3.3.2-1
CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
	NOTE: amd64 specific
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
	- mailman 2.1.5-5
CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
	{DSA-613-1}
	- ethereal 0.10.8-1
CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
	- ethereal 0.10.8-1
CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
	- ethereal 0.10.8-1
CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
	- ethereal 0.10.8-1
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
	- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
	- linux-2.6 <not-affected> (Fixed before upload into the archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
	NOT-FOR-US: CuteFTP
CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
	NOT-FOR-US: WS-Ftpd
CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
	NOT-FOR-US: Microsoft
CVE-2004-1132
	RESERVED
CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
	NOT-FOR-US: SCO
CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
	NOT-FOR-US: CMailServer
CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
	NOT-FOR-US: CMailServer
CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
	NOT-FOR-US: CMailServer
CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
CVE-2004-1126
	RESERVED
CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
	{DSA-621-1 DSA-619-1}
	- xpdf 3.00-11
	- cupsys 1.1.22-2
	- cups 1.1.22-2
	- tetex-bin 2.0.2-25
	- gpdf 2.8.2-1
	- koffice 1:1.3.5-1
CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
	NOT-FOR-US: UnixWare
CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
	NOT-FOR-US: Darwin Streaming Server
CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
	NOT-FOR-US: Safari
CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
	NOT-FOR-US: Safari
CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
	{DSA-663-1}
	- prozilla 1:1.3.7.3-1
CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
	NOT-FOR-US: Winamp
CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
	NOT-FOR-US: ChessBrain
CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
	NOT-FOR-US: GIMPS
CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
	- setiathome <not-affected> (Gentoo-specific vulnerability)
CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
	NOT-FOR-US: Skype
CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
	- sqlgrey 1.2.0
CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
	NOT-FOR-US: Cisco
CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
	- mtink 1.0.5
	NOTE: debian not vulnerable except in edge case
CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
	NOT-FOR-US: Gentoolkit
CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
	NOT-FOR-US: Portage
CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
	{DSA-642-1}
	- gallery 1.4.4-pl4-1
CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
	NOT-FOR-US: Nortel Networks Contivity VPN Client
CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
	NOT-FOR-US: MailPost
CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
	NOT-FOR-US: MailPost
CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
	NOT-FOR-US: MailPost
CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
	NOT-FOR-US: MailPost
CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
	- mime-tools 5.415-1
CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
	- cherokee <not-affected> (Fixed before upload into archive)
CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
	- libarchive-zip-perl 1.14-1
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version ...)
	NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that &quot;Secure Keyboard ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
	NOT-FOR-US: Microsoft
CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
	- ncpfs 2.2.5-2
CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
	NOT-FOR-US: Citrix
CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
	NOT-FOR-US: Citrix
CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c ...)
	{DSA-609-1}
	- atari800 1.3.2-1
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
	- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (2.6 only issue)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 2.4.27-7
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
	- cyrus21-imapd <not-affected> (Only affected 2.2 series)
CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
	NOT-FOR-US: FreeBSD
CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
	- php4 4:4.3.10-1
CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
	- php4 4:4.3.10-1
CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
	- php4 4:4.3.10-1
CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, ...)
	- bugzilla 2.16.7-2
CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
	- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
	- phpmyadmin 2:2.6.0-pl3-1
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
	NOT-FOR-US: AIX
CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
	NOT-FOR-US: fetch on FreeBSD
CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
	{DSA-595-1}
	- bnc <removed>
CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
	{DSA-596-2}
	- sudo 1.6.8p3-1
CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-1048
	RESERVED
CVE-2004-1047
	RESERVED
CVE-2004-1046
	RESERVED
CVE-2004-1045
	RESERVED
CVE-2004-1044
	RESERVED
CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: MSIE
CVE-2004-1042
	RESERVED
CVE-2004-1041
	RESERVED
CVE-2004-1040
	RESERVED
CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
	NOT-FOR-US: IEEE1394 specification bug, physical security
CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
	- twiki 20030201-6
CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
	- squirrelmail 2:1.4.3a-3
CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
	- up-imapproxy 1.2.2+1.2.3rc2-1
CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
	- kaffeine 0.4.3.1-3
	- gxine 0.4-rc1
CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
	- fcron 2.9.5.1-1
CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
	- fcron 2.9.5.1-1
CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
	NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
	{DSA-652-1}
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
	{DSA-628-1 DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
	- imlib2 1.1.2-2.1
CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
	{DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
CVE-2004-1024
	RESERVED
CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
	NOT-FOR-US: MacOS
CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...)
	- php4 4:4.3.10-1
CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
	- php4 4:4.3.10-1
CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...)
	- php4 4:4.3.10-1
	- php3 3:3.0.18-29
CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
	{DSA-606-1}
	- nfs-utils 1:1.0.6-3.1
CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
	{DSA-624-1}
	- zip 2.30-8
CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
	- putty 0.56-1
CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
	- bogofilter 0.92.8-1
CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
	{DSA-584-1}
	- dhcp 2.0pl5-19.1
CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: Trend ScanMail
CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
	- ppp 2.4.2+20040428-3
CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
	{DSA-585-1}
	NOTE: Fixed in 	shadow 1:4.0.3-30.3 for the first time.
	NOTE: Apparently, the fix was lost somehow, see #309587.
	NOTE: It was reapplied to sarge before the release, and to sid in
	NOTE: version 1:4.0.3-35.
	- shadow 1:4.0.3-35
	[sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
	{DSA-630-1}
	- lintian 1.23.6 (bug #286379; low)
CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
	NOTE: changelog says he only patched 1095, but diff comparison
	NOTE: shows 0999 was also fixed.
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
	{DSA-616-1}
	- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
	{DSA-610-1}
	- cscope 15.5-1.1 (bug #282815)
	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CVE-2004-0995
	REJECTED
CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
	{DSA-614-1}
	NOTE: only indication that it's this CVE is in the debian package changelog
	- xzgv 0.8-3
CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
	{DSA-604-1}
	- hpsockd 0.14
CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
	NOT-FOR-US: Proxytunnel
CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
	- mpg123 0.59r-19
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
	- libgd2 2.0.30-1
	- libgd 1.8.4-36.1
CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
	{DSA-582-1}
	- libxml 1:1.8.17-9
	- libxml2 2.6.11-5
CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
	NOT-FOR-US: Apple
CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
	{DSA-598-1}
	- yardradius 1.0.20-15
CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
	{DSA-580-1}
	- iptables 1.2.11-4
CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
	NOT-FOR-US: windows
CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...)
	- mailutils 1:0.5-4
CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
	{DSA-586-1}
	- ruby1.8 1.8.1+1.8.2pre2-4
	- ruby1.6 1.6.8-12
	- ruby <removed>
CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
	{DSA-578-1}
	- mpg123 0.59r-18
	NOTE: Original fix in -17 was incomplete
CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
	{DSA-593-1}
	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
	- graphicsmagick 1.1.7-1
CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
	{DSA-592-1}
	- ez-ipupdate 3.0.11b8-8
CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the &quot;Drag and ...)
	NOT-FOR-US: windows
CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...)
	NOT-FOR-US: windows
CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...)
	{DSA-577-1}
	- postgresql 7.4.6-1
CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
	{DSA-620-1}
	- perl 5.8.4-4
CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
	{DSA-603-1}
	- openssl 0.9.7e-3
	NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
	- netatalk 1.6.4a-1 (low)
CVE-2004-0973
	REJECTED
CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
	{DSA-583-1}
	- lvm10 1:1.0.8-8
CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
	NOTE: Not shipped in the krb5 binary package
	- krb5 <unfixed> (bug #278271; unimportant)
	- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
	{DSA-588-1}
	- gzip 1.3.5-8 (bug #259043; bug #257314; medium)
CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
	- groff 1.18.1.1-2
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
	{DSA-636-1}
	- glibc 2.3.2.ds1-19
CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts ...)
	- gs-common 0.3.6-0.1
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
	- gettext 0.14.1-6
CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
	NOT-FOR-US: HP-UX
CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
	{DSA-587-1}
	- zinf <not-affected> (According to DSA-587 not affected, as module was rewritten)
	- freeamp <removed>
CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...)
	NOT-FOR-US: windows
CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
	NOT-FOR-US: Apple Remote Desktop Client
CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
	- freeradius 1.0.1
CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
	- freeradius 1.0.1
CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...)
	- php4 4:4.3.9
CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
	- php4 4:4.3.9
CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
	{DSA-707-1}
	- mysql-dfsg-4.1 4.1.10a-6
	- mysql-dfsg 4.0.24-5
CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
	- mysql-dfsg <not-affected> (Not vulnerable, http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge)
CVE-2004-0955
	REJECTED
CVE-2004-0954
	REJECTED
CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
	- jabber <not-affected> (Jabber version 2 is vulnerable, we have an older version that seems not)
CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
	NOT-FOR-US: HP-UX
CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...)
	NOT-FOR-US: HP-UX
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
	NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
CVE-2004-0948
	REJECTED
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
	{DSA-652-1}
	NOTE: see http://lwn.net/Alerts/110733/
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
	- nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0943
	REJECTED
CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
	- apache2 2.0.52-2
CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
	{DSA-602-1 DSA-601-1}
	- libgd2 2.0.33-1.1
	- libgd 1.8.4-36.1
CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
	{DSA-594-1}
	- apache 1.3.33-2
CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
	- freeradius 1.0.1
CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
	NOT-FOR-US: RAV antivirus
CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
	NOT-FOR-US: Eset anti-virus
CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
	NOT-FOR-US: Kaspersky antivirus
CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
	- samba 3.0.8-1
CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
	- tiff3g <removed>
CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
	NOT-FOR-US: Macromedia
CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
	NOT-FOR-US: MacOS
CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
	NOT-FOR-US: MacOS
CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
	NOT-FOR-US: MacOS
CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
	NOT-FOR-US: MacOS
CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
	{DSA-566-1}
	- cupsys 1.1.20final+rc1-9
	- cups 1.1.20final+rc1-9
CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
	NOT-FOR-US: MacOS
CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
	NOT-FOR-US: MacOS
CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
	NOT-FOR-US: norton
CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
	{DSA-576-1}
	- squid 2.5.7
CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...)
	NOT-FOR-US: Vignette Application Portal
CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
	{DSA-574-1}
	- cabextract 1.1-1
CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
	{DSA-605-1}
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237)
CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
	{DSA-607-1}
	NOTE: Previous -9 fix had some issues of its own
	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
	NOTE: lesstif1 and 2 have to be fixed separately
	- lesstif1-1 1:0.93.94-11.3 (bug #294099)
	NOTE: but lesstif2 did get fixed for this hole..
	- lesstif2 1:0.93.94-11.2
	- openmotif 2.2.3-1.1 (bug #309819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
	{DSA-572-1}
	- ecartis 1.0.0+cvs.20030911-8
CVE-2004-0912
	RESERVED
CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
	{DSA-569-1 DSA-556-1}
	- netkit-telnet-ssl 0.17.24+0.1-4
	- netkit-telnet 0.17-26
CVE-2004-0910
	REJECTED
CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
	- mozilla-firefox <not-affected> (non-Debian packaging issue)
CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
	NOT-FOR-US: Microsoft
CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
	NOT-FOR-US: Microsoft
CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
	NOT-FOR-US: Microsoft
CVE-2004-0898
	RESERVED
CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
	NOT-FOR-US: Windows
CVE-2004-0896
	RESERVED
CVE-2004-0895
	RESERVED
CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
	NOT-FOR-US: Microsoft
CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
	NOT-FOR-US: Microsoft
CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
	- gaim 1:1.0.2
CVE-2004-0890
	REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
	- xpdf 3.00-10 (medium)
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
	{DSA-599-1 DSA-581-1 DSA-573-1}
	- koffice 1:1.3.4-1
	- tetex-bin 2.0.2-23
	- xpdf 3.00-9
	- gpdf 2.8.0-1
	- kdegraphics 4:3.3.1-1 (bug #280373)
	- cupsys 1.1.22-6 (bug #324460)
	- cups 1.1.22-6 (bug #324460)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
	NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
	- apache2 2.0.52-2
	- libapache-mod-ssl 2.8.20-1
CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
	{DSA-568-1 DSA-563-3}
	- cyrus-sasl <removed>
	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 2.4.27-6
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
	NOTE: details http://security.e-matters.de/advisories/132004.html
	- samba 3.0.7
CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0879
	RESERVED
CVE-2004-0878
	RESERVED
CVE-2004-0877
	RESERVED
CVE-2004-0876
	RESERVED
CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
	- phpgroupware 0.9.16.002
CVE-2004-0874
	REJECTED
CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
	NOT-FOR-US: apple
CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
	NOT-FOR-US: Opera
CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
	NOT-FOR-US: MSIE
CVE-2004-0868
	REJECTED
CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
	- mozilla-firefox 0.9.3
CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
	NOT-FOR-US: MSIE
CVE-2004-0865
	RESERVED
CVE-2004-0864
	RESERVED
CVE-2004-0863
	RESERVED
CVE-2004-0862
	RESERVED
CVE-2004-0861
	REJECTED
CVE-2004-0860
	REJECTED
CVE-2004-0859
	REJECTED
CVE-2004-0858
	REJECTED
CVE-2004-0857
	REJECTED
CVE-2004-0856
	REJECTED
CVE-2004-0855
	REJECTED
CVE-2004-0854
	REJECTED
CVE-2004-0853
	REJECTED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
	{DSA-611-1}
	- htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
	{DSA-559-1}
	- net-acct 0.71-7
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
	- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
	NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
	NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
	NOT-FOR-US: microsoft
CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
	NOT-FOR-US: microsoft
CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
	NOT-FOR-US: microsoft
CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...)
	NOT-FOR-US: microsoft
CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
	NOT-FOR-US: microsoft
CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
	NOT-FOR-US: microsoft
CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
	- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
	{DSA-554-1}
	- sendmail 8.13.1-13
CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
	- squid 2.5.6-8
CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
	NOT-FOR-US: McAfee
CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
	- samba 2.2.11
CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
	NOTE: not-fos-us (AIX)
CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
	{DSA-547-1}
	- imagemagick 5:6.0.7.1-1
CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
	NOT-FOR-US: netscape NSS
CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
	NOT-FOR-US: Apple
CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
	NOT-FOR-US: Apple
CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...)
	NOT-FOR-US: Apple
CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
	NOT-FOR-US: Apple
CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: winamp
CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
	NOT-FOR-US: openbsd
CVE-2004-0818
	REJECTED
CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
	{DSA-548-2}
	- imlib+png2 1.9.14-16.2
	- imlib 1.9.14-17 (bug #285025)
CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (2.6 specific issue)
CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
	{DSA-600-1}
	- samba 3.0.6-1 (bug #274342)
CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	[sarge] - kernel-source-2.6.8 2.6.8-8
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 <not-affected> (Only an issue with botched permissions)
CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.0-test10)
	- kernel-source-2.4.27 <not-affected> (2.4 not support for amd64)
CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents &quot;the merging of the ...)
	- apache2 2.0.52
CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
	NOT-FOR-US: Netopia Timbuktu
CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
	{DSA-558-1}
	- apache2 2.0.51-1
	- libapache-mod-dav 1.0.3-10
CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
	- samba 3.0.7
CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
	- samba 3.0.7
CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
	- cdrtools 4:2.0+a34-2
CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
	{DSA-564-1}
	- mpg123 0.59r-16
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
	{DSA-552-1}
	- imlib2 1.1.0-12.4
CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
	- foomatic-filters 3.0.2
CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
	- zlib 1:1.2.1.1-6
	[woody] - zlib <not-affected> (zlib 1.1 is not affected)
CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
	- spamassassin 2.64
CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
	{DSA-551-1}
	- lukemftpd 1.1-2.2 (bug #266370)
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
	- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
	{DSA-538}
	- rsync 2.6.2-3
CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
	- kernel-source-2.4.27 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
	- linux-2.6 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
	NOT-FOR-US: DNS impleementations not in Debian
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
	NOT-FOR-US: OpenCA
CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
	- apache <not-affected>	(not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge)
	- apache2 2.0.51
CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
	- gaim 1:0.82
CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
	- gaim 1:0.82
CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
	{DSA-549-1}
	- gtk+2.0 2.4.9-2
CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
	{DSA-541}
	- icecast-server 1:1.3.12-8
CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
	- cvs 1:1.12.9
CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
	- courier 0.45.6-1 (medium; bug #266723)
	NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite
	NOTE: mentioned in the bug report.
CVE-2004-0776
	RESERVED
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
	NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
	NOT-FOR-US: Real Helix server
CVE-2004-0773
	RESERVED
CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
	- dgen 1.23-6
CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
	- mozilla-firefox 0.9.3
CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
	- mozilla 2:1.7
CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0756
	REJECTED
CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
	{DSA-537}
	- ruby1.8 1.8.1+1.8.2pre1-4
	- ruby <removed>
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
	- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
	{DSA-546-1}
	- gdk-pixbuf 0.22.0-7
CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
	- openoffice.org 1.1.2-4
CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
	- apache2 2.0.50-11
CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
	NOT-FOR-US: Red Hat specific
CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
	- subversion 1.0.9-2
CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
	- apache2 2.0.51
CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
	[sarge] - apache2 <not-affected>
	- apache2 2.0.51
CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3
CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
	NOT-FOR-US: MacOS
CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
	NOT-FOR-US: MacOS
CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
	NOT-FOR-US: LionMax Software WWW File Share Pro
CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
	NOT-FOR-US: Lexmark
CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
	NOT-FOR-US: Whisper FTP Surfer
CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
	NOT-FOR-US: phpnuke
CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
	NOT-FOR-US: phpnuke
CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
	NOT-FOR-US: phpnuke
CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
	NOT-FOR-US: various windows games
CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Web_Store.cgi
CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
	NOT-FOR-US: OllyDbg
CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
	NOT-FOR-US: phpnuke
CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
	NOT-FOR-US: phpnuke
CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
	- phpbb2 2.0.10
CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
	- phpbb2 2.0.10
CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
	NOT-FOR-US: Microsoft
CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
	- moodle 1.4
CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
	NOT-FOR-US: Half Life
CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
	- mozilla 2:1.6
CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
	[sarge] - kdebase 4:3.2.3-1.sarge.1
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
	- kdebase 4:3.3.0-1
CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
	NOT-FOR-US: Safari
CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
	NOTE: upstream versions became vulnerable again, see
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
	NOTE: and were fixed again, it got CVE-2005-1937 for the reversion
	- mozilla 2:1.7.10-1 (medium)
	- mozilla-firefox 1.0.6-1 (medium)
CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
	NOT-FOR-US: opera 7.50
CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
	NOT-FOR-US: HP-UX
CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
	NOT-FOR-US: Cisco
CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
	NOT-FOR-US: Cisco
CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
	NOT-FOR-US: HP OpenView Select Access
CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
	- moin 1.2.2
CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
	NOT-FOR-US: Solaris
CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
	{DSA-532}
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0694 (Buffer overflow in LHA 1.14 and earlier allows remote attackers to ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
	{DSA-539}
	- kdelibs 4:3.3.0-1
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
	- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
	NOT-FOR-US: WebSphere Edge Server
CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
	NOT-FOR-US: Norton
CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
	NOT-FOR-US: Zoom DSL modem
CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
	NOT-FOR-US: UnrealIRCd
CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
	NOT-FOR-US: 12Planet Chat Server
CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
	NOT-FOR-US: c32web.exe
CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
	NOT-FOR-US: Netegrity IdentityMinder Web Edition
CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
	NOT-FOR-US: Brightmail Spamfilter
CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
	NOT-FOR-US: Rompager
CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
	NOT-FOR-US: Lotus
CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Lotus
CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
	- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
	NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
	NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
	NOT-FOR-US: D-Link AirPlus DI-614+
CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
	NOT-FOR-US: CuteNews
CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
	- mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
	- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
	- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins)
CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
	- ntp 4.0
CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
	- pure-ftpd 1.0.19-1
CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
	NOT-FOR-US: Solaris
CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
	NOT-FOR-US: Solaris
CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
	NOT-FOR-US: Sun JRE
CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
	NOT-FOR-US: Cisco
CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
	{DSA-530}
	- l2tpd 0.70-pre20031121-2
CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
	- mozilla 2:1.7.1
	- mozilla-firefox 0.9.2
	- mozilla-thunderbird 0.7.2
CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
	- shorewall 2.0.3a
CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
	NOT-FOR-US: JRun
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
	{DSA-579-1 DSA-550-1}
	- abiword 2.0.8
	- wv 1.0.2-0.1 (bug #264972)
	NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
	NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
	{DSA-529}
	- netkit-telnet-ssl 0.17.24+0.1-2
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
	NOT-FOR-US: Oracle
CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
	NOT-FOR-US: Oracle
CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
	{DSA-528}
	- ethereal 0.10.5-1
CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
	NOT-FOR-US: adobe reader
CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
	- mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium)
	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
	[sarge] - kernel-source-2.6.8 2.6.8-1
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
	NOT-FOR-US: Infinity WEB
CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic ...)
	NOT-FOR-US: Artmedic links
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
	{DSA-590-1}
	- gnats 4.0-6.1
CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does ...)
	NOT-FOR-US: MacOS
CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
	NOT-FOR-US: Newsletter ZWS
CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
	NOT-FOR-US: vBulletin
CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
	NOTE: does not seem to be part of linux kernel or other package
CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
	NOT-FOR-US: freebsd
CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
	NOT-FOR-US: ArbitroWeb
CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
	NOT-FOR-US: D-Link DI-614+ SOHO router
CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
	NOT-FOR-US: osTicket
CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
	NOT-FOR-US: osTicket
CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
	NOT-FOR-US: ZoneAlarm Pro
CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
	NOT-FOR-US: Netgear FVS318 VPN Router
CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
	NOT-FOR-US: Microsoft MN-500 Wireless Router
CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
	- rssh 2.2.1
CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
	NOT-FOR-US: Unreal Engine
CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
	- ipsec-tools 0.3.3-1
CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
	NOT-FOR-US: giFT-FastTrack not in debian
CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
	- gzip <not-affected> (Gentoo-specific bug in gzip introduced by botched security fix)
CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
	- distcc 2.18.1-4
CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
	- samba 3.0.5 (bug #260838)
CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
	{DSA-571-1 DSA-570-1 DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
	{DSA-669-1 DSA-531}
	- php3 3:3.0.18-27
	- php4 4:4.3.8-1
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
	{DSA-669-1 DSA-531}
	- php4 4:4.3.8-1
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in ...)
	NOT-FOR-US: linux 2.4 with usagi patches
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
	{DSA-533}
	- courier 0.45.4-4
CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
	- freeswan 2.04-10
	- openswan 2.2.0
CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
	NOT-FOR-US: Cisco
CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
	- usermin 1.090-1
CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
	- qla2x00 7.01.01-1
CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-2004-0585
	REJECTED
CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
	- imp3 3.2.4
CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
	NOT-FOR-US: Mandrake script
CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
	NOT-FOR-US: Linksys routers
CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
	{DSA-522}
	- super 3.23.0-1
CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
	NOT-FOR-US: Wingate
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
	NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
	NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
	NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
	NOT-FOR-US: Windows
CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
	NOT-FOR-US: Windows
CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
	NOT-FOR-US: Windows
CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
	NOT-FOR-US: Microsoft
CVE-2004-0570
	RESERVED
CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
	NOT-FOR-US: Windows
CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
	NOT-FOR-US: HyperTerminal
CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
	NOT-FOR-US: Windows
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
	NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
	{DSA-557-1}
	- rp-pppoe 3.5-4 (bug #343264)
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
	{DSA-555-1}
	- freenet6 1.0-2.2
CVE-2004-0562
	REJECTED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
	{DSA-544-1}
	- webmin 1.160-1
	- usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
	{DSA-545-1}
	- cups 1.1.20final+rc1-6
	- cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
	{DSA-565-1}
	- sox 12.17.4-9 (bug #262083)
CVE-2004-0556
	REJECTED
CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
	{DSA-643-1}
	- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
	RESERVED
CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
	NOT-FOR-US: Sophos Small Business Suite
CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
	NOT-FOR-US: Cisco
CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
	NOT-FOR-US: Real Player
CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
	NOT-FOR-US: Windows
CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
	- aspell 0.50.5-3
CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
	{DSA-516}
	- postgresql 07.03.0200-3
CVE-2004-0546
	RESERVED
CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIX
CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
	NOT-FOR-US: AIX
CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
	- php4 <not-affected> (Only affects Windows)
CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
	- squid 2.5.5-5
CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
	NOT-FOR-US: Windows
CVE-2004-0539 (The &quot;Show in Finder&quot; button in the Safari web browser in Mac OS X ...)
	NOT-FOR-US: MacOS
CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
	NOT-FOR-US: MacOS
CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a &quot;Shortcut ...)
	NOT-FOR-US: Opera
CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
	- tripwire 2.3.1.2.0-2.1
CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0532
	RESERVED
CVE-2004-0531
	RESERVED
CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
	- php4 <not-affected> (Slackware specific rpath issue)
CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
	NOT-FOR-US: Netscape Navigator 7.1
CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
	- kdebase 2.2.3
CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
	NOT-FOR-US: Windows
CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
	NOT-FOR-US: iLO
CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
	{DSA-520}
	- krb5 1.3.3-2
CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
	{DSA-512}
	- gallery 1.4.3-pl2-1
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
	NOT-FOR-US: MacOS
CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
	NOT-FOR-US: MacOS
CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;package ...)
	NOT-FOR-US: MacOS
CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
	NOT-FOR-US: MacOS
CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
	NOT-FOR-US: MacOS
CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...)
	NOT-FOR-US: MacOS
CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0509
	RESERVED
CVE-2004-0508
	RESERVED
CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
	- ethereal 0.10.4
CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
	- ethereal 0.10.4
CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
	- ethereal 0.10.4
CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
	- ethereal 0.10.4
CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...)
	NOT-FOR-US: Microsoft
CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
	NOT-FOR-US: Microsoft
CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
	NOT-FOR-US: Microsoft
CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
	- gaim 1:0.81-3
CVE-2004-0499
	REJECTED
CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
	NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
	NOTE: fixed in 2.6.7
CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc1)
CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
	- gnome-vfs 1.0.1
CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
	- apache2 2.0.50-1
CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
	{DSA-525}
	- apache 1.3.31-2
CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
	NOTE: appears redhat specific
CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
	NOT-FOR-US: MacOS
CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
	{DSA-532}
	- apache2 2.0.50-1
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
	NOT-FOR-US: Norton
CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
	NOT-FOR-US: MacOS
CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
	NOT-FOR-US: IRIX
CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
	NOT-FOR-US: OpenBSD
CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
	NOT-FOR-US: the KCMS on Solaris
CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
	NOTE: only a Mozilla DOS
CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
	NOT-FOR-US: Microsoft
CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
	NOT-FOR-US: Help Center (HelpCtr.exe)
CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
	NOT-FOR-US: opera
CVE-2004-0472
	REJECTED
CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...)
	NOT-FOR-US: WebConnect
CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
	NOT-FOR-US: WebConnect
CVE-2004-0464
	REJECTED
CVE-2004-0463
	REJECTED
CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
	NOT-FOR-US: Multiple embedded hardware vendors
CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
	- dhcp3 3.0.1
CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
	- dhcp3 3.0.1
CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
	NOT-FOR-US: DOS in 802.11 protocol
CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
	{DSA-503}
	- mah-jong 1.6.2-1
CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
	{DSA-540}
	- mysql-dfsg 4.0.20-11
	- mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
	{DSA-527}
	- pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
	{DSA-523}
	- www-sql 0.5.7-18
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0453 (Format string vulnerability in the monitor &quot;memory dump&quot; command in ...)
	- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
	{DSA-1678-1 DSA-620-1}
	- perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
	{DSA-521}
	- sup 1.8-11
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
	{DSA-513}
	- log2mail 0.2.8-3
CVE-2004-0449
	REJECTED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
	{DSA-510}
	- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-0446
	RESERVED
CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
	NOT-FOR-US: Norton
CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
	NOT-FOR-US: Norton
CVE-2004-0443
	RESERVED
CVE-2004-0442
	RESERVED
CVE-2004-0441
	RESERVED
CVE-2004-0440
	RESERVED
CVE-2004-0439
	RESERVED
CVE-2004-0438
	RESERVED
CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
	NOT-FOR-US: Titan FTP Server
CVE-2004-0436
	RESERVED
CVE-2004-0435 (Certain &quot;programming errors&quot; in the msync system call for FreeBSD ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
	{DSA-504}
	- heimdal 0.6.2-1
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
	- mplayer 1.0~pre6a-1
	- xine-lib 1-rc4
CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
	- proftpd 1.2.9-4
CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
	NOT-FOR-US: Apple QuickTime
CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0429 (Unknown vulnerability related to &quot;the handling of large requests&quot; in ...)
	NOT-FOR-US: RAdmin for Mac OS X
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
	NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
	{DSA-499}
	- rsync 2.6.1-1
CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
	NOT-FOR-US: windows
CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
	NOTE: fixed after 2.6.4/2.4.26 kernel
CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
	- ssmtp <unfixed> (unimportant)
	NOTE: bug still exists in the ssmtp source, but is only activated if
	NOTE: --enable-logfile is used in ./configure
	NOTE: The package doesn't enable that flag so it is safe.
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
	{DSA-500}
	- flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
	{DSA-498}
	- libpng 1.0.15-5
	- libpng3 1.2.5.0-6
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
	NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
	[sarge] - xfree86 <not-affected> (vulnerable code not present)
	- xdm <not-affected> (vulnerable code not present)
CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS protocol command ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc6)
CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
	{DSA-517}
	- cvs 1:1.12.9-1
CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
	- subversion 1.0.5-1
CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
	- mailman 2.1.4-5
CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
	{DSA-518}
	- kdelibs 4:3.2.3
CVE-2004-0410
	REJECTED
CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
	{DSA-493}
	- xchat 2.0.8-1
CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
	{DSA-494}
	- ident2 1.04-2
CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
	NOT-FOR-US: ColdFusion
CVE-2004-0406
	REJECTED
CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...)
	{DSA-488}
	- logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
	- ipsec-tools 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
	{DSA-508}
	- xpcd 2.08-10
CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
	- libtasn1 0.1.2-2
CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
	{DSA-507 DSA-506}
	- cadaver 0.22.1-3
	- neon 0.24.6.dfsg-1
CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
	- subversion 1.0.3-1 (bug #249791)
CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
	{DSA-505}
	- cvs 1:1.12.5-6
CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
	{DSA-509}
	- gatos 0.0.5-12
CVE-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
	- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
	NOT-FOR-US: Cisco
CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
	NOT-FOR-US: SCO OpenServer
CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-6
CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
	NOT-FOR-US: RealPlayer plugin
CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
	- mplayer 1.0~pre6a-1
CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
	NOT-FOR-US: Oracle 9i Application Server Web Cache
CVE-2004-0384
	RESERVED
CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
	NOT-FOR-US: Mail for Mac OS X
CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
	NOT-FOR-US: CUPS printing system in Mac OS X
CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-4
CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CVE-2004-0378
	REJECTED
CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
	- perl <not-affected> (Win32 specific)
CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
	{DSA-473}
	- oftpd 20040304-1 (bug #353882)
CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to &quot;expose the ...)
	{DSA-471}
	- interchange 5.0.1-1
CVE-2004-0373
	RESERVED
CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
	{DSA-477}
	- xine-ui 0.99.1-1
CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
	{DSA-476}
	- heimdal 0.6.1-1
CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
	NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
	NOT-FOR-US: Entrust LibKmp ISAKMP library
CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
	NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
	{DSA-469}
	- pam-pgsql 0.5.2-7.1
	NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9
CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
	NOT-FOR-US: WrapNISUM ActiveX
CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
	NOT-FOR-US: SymSpamHelper ActiveX
CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
	NOT-FOR-US: ISS Protocol Analysis Module
CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
	NOT-FOR-US: safari
CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
	NOT-FOR-US: solaris
CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
	NOT-FOR-US: VirtuaNews Admin Panel
CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
	NOT-FOR-US: SL Mail Pro
CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
	NOT-FOR-US: Cisco
CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
	NOT-FOR-US: GWeb HTTP Server
CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
	NOT-FOR-US: SpiderSales
CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
	- proftpd 1.2.9
CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
	NOT-FOR-US: Red Faction
CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...)
	NOT-FOR-US: WFPTD
CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
	NOT-FOR-US: WFPTD
CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
	NOT-FOR-US: WFPTD
CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
	- phpbb2 2.0.6d
CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
	NOT-FOR-US: Invision Board Forum
CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the &quot;Directory ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic ...)
	NOT-FOR-US: AXIS 2100
CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
	- uudeview 0.5.20 (medium)
CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
	NOT-FOR-US: extremail
CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
	NOT-FOR-US: Dell OpenManage Web Server
CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
	NOT-FOR-US: Serv-U
CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: FreeChat
CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
	NOT-FOR-US: Gigabyte Broadband Router
CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
	NOT-FOR-US: PhpNewsManager
CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
	NOT-FOR-US: GateKeeper Pro
CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
	NOT-FOR-US: TypSoft
CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
	NOT-FOR-US: confirm 0.70
CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Team Factor
CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
	NOT-FOR-US: ezBoard
CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Avirt
CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Avirt
CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
	NOT-FOR-US: WebzEdit
CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
	NOT-FOR-US: PSOProxy
CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
	NOT-FOR-US: LINKSYS
CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
	NOT-FOR-US: APC
CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
	NOT-FOR-US: LiveJournal
CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
	NOT-FOR-US: cisco
CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
	NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
	NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
	NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
	NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
	NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
	NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
	- mnogosearch 3.2.18
	NOTE: it's not quite clear which version exactly fixes the problem;
	NOTE: I checked the source code of the most recent version and compared
	NOTE: it with the problematic section described in the advisory
	NOTE: (http://marc.info/?l=bugtraq&m=107695139930726&w=2)
	NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
	NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
	NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...)
	NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
	NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
	NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
	NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
	NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
	NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
	NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the &quot;public message&quot; capability ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
	NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
	NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
	NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
	NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
	NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
	NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
	NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
	NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
	NOT-FOR-US: rxgoogle.cgi
CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
	NOT-FOR-US: PHPX
CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
	NOT-FOR-US: PHPX
CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
	NOT-FOR-US: Chaser
CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
	NOT-FOR-US: Les Commentaires
CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Web Crossing
CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
	NOT-FOR-US: Cisco
CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
	NOT-FOR-US: AIX
CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow ...)
	- overkill 0.16-7
CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
	NOT-FOR-US: Aprox PHP Portal
CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
	NOT-FOR-US: thePHOTOtool
CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
	NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: the attack works with a certain non-negligible probability, but even
	NOTE: when successful, it only causes a TCP disconnect, which will (in most
	NOTE: circumstances) be reestablished right away, causing essentially no impact
CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
	- linux-2.6 2.6.6-1
	- linux-2.6.24 <not-affected>
CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
	- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
	- zoneminder 1.22.3-1
	NOTE: fixed in 1.19.2, which was released before initial upload of 1.22.3
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0225
	RESERVED
CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
	- courier 0.45.1-1
CVE-2004-0223
	RESERVED
CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
	NOT-FOR-US: MS-Outlook-Express
CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
	NOT-FOR-US: Windows bug
CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
	NOT-FOR-US: Windows bug
CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
	NOT-FOR-US: Windows bug
CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
	NOT-FOR-US: Windows bug
CVE-2004-0207 (&quot;Shatter&quot; style vulnerability in the Window Management application ...)
	NOT-FOR-US: Windows bug
CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
	NOT-FOR-US: Visual Studio bug
CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
	NOT-FOR-US: Exchange bug
CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
	NOT-FOR-US: DirectX
CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
	NOT-FOR-US: Windows HTML Help
CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
	NOT-FOR-US: Windows bug
CVE-2004-0198
	RESERVED
CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
	NOT-FOR-US: MSJet bug
CVE-2004-0196
	RESERVED
CVE-2004-0195
	RESERVED
CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2004-0187
	REJECTED
CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
	- mailman <not-affected> (RedHat specific bug)
CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre5)
CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
	{DSA-487}
	- neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3)
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
	{DSA-511}
	- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
	{CVE-2000-0992}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
	NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
	NOTE: jmm: 3.9p1 thus marked as fixed version
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
	- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
	- ltrace <not-affected> (Not setuid/setgid in Debian)
CVE-2004-0170
	RESERVED
CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
	NOT-FOR-US: CoreFoundation for Mac OS X
CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
	NOT-FOR-US: Safari
CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
	- ipsec-tools 0.3.3-1
	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
	NOTE: the problem, but the patch that fixes the bug is applied:
	NOTE: http://marc.info/?l=bugtraq&m=107411758202662&w=2
CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
	{DSA-445}
	- lbreakout2 2.4
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to ...)
	{DSA-484}
	- xonix 1.4-21
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
	{DSA-485}
	- ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
	- ipsec-tools 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
	- nfs-utils 1:1.0.5-3
CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
	{DSA-462}
	- xitalk 1.1.11-11
CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
	{DSA-451}
	- xboing 2.4-26.1 (bug #174924)
CVE-2004-0147
	REJECTED
CVE-2004-0146
	REJECTED
CVE-2004-0145
	REJECTED
CVE-2004-0144
	REJECTED
CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
	NOT-FOR-US: Nokia mobile phones
CVE-2004-0142
	REJECTED
CVE-2004-0141
	REJECTED
CVE-2004-0140
	REJECTED
CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
	NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
	NOT-FOR-US: IRIX
CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
	NOT-FOR-US: IRIX
CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
	NOT-FOR-US: IRIX
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...)
	NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
	NOT-FOR-US: phpGedView
CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
	NOT-FOR-US: phpGedView
CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
	NOT-FOR-US: FreeBSD jail
CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT ...)
	NOT-FOR-US: Windows bug
CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
	NOT-FOR-US: Windows bug
CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
	NOT-FOR-US: Windows bug
CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
	- openssl 0.9.7d-1
CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
	{DSA-455}
	- libxml 1:1.8.17-5
	- libxml2 2.6.6-1
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
	- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a size check&quot; when ...)
	{DSA-432}
	- crawl 1:4.0.0beta26-4
CVE-2004-0102
	RESERVED
CVE-2004-0101
	RESERVED
CVE-2004-0100
	RESERVED
CVE-2004-0098
	REJECTED
CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
	{DSA-448}
	- pwlib 1.5.2-4
CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
	NOT-FOR-US: Safari
CVE-2004-0091 (** DISPUTED ** ...)
	NOT-FOR-US: vBulletin
CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
	NOT-FOR-US: MacOS
CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
	NOT-FOR-US: MacOS
CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
	NOT-FOR-US: MacOS
CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...)
	NOT-FOR-US: MacOS
CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
	{DSA-465}
	- openssl 0.9.6d-1
CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
	{DSA-465}
	- openssl 0.9.7d-1
	- openssl096 0.9.6m-1
CVE-2004-0076
	REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
	- xsok <not-affected> (Not vulnerable. See bug #278777)
CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) ...)
	NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
	NOT-FOR-US: Accipiter Direct Server 6.0
CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
	NOT-FOR-US: PHP Man Page Lookup 1.2.0
CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
	NOT-FOR-US: HD Soft Windows FTP Server 1.6
CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
	NOT-FOR-US: phpGedView
CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
	NOT-FOR-US: phpGedView
CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
	NOT-FOR-US: phpGedView
CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
	NOT-FOR-US: SuSE YaST
CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
	NOT-FOR-US: FishCart
CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
	NOT-FOR-US: Antivir
CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Nortel Networks products
CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
	NOT-FOR-US: Cisco
CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2004-0048
	RESERVED
CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
	{DSA-430}
	- trr19 1.0beta5-17.1 (bug #264702)
CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
	NOT-FOR-US: SnapStream PVS LITE
CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
	NOT-FOR-US: Yahoo Instant Messenger
CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
	- vsftpd 2.0.1-1
	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce ...)
	{DSA-421}
	- mod-auth-shadow 1.4-1
CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
	NOT-FOR-US: Check Point Firewall
CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
	NOT-FOR-US: McAfee
CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
	NOT-FOR-US: FistClass Desktop Client
CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
	NOT-FOR-US: Phorum
CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) ...)
	NOT-FOR-US: PHPGEDVIEW
CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
	NOT-FOR-US: Lotus Notes Domino
CVE-2004-0027
	RESERVED
CVE-2004-0026
	RESERVED
CVE-2004-0025
	RESERVED
CVE-2004-0024
	RESERVED
CVE-2004-0023
	RESERVED
CVE-2004-0022
	RESERVED
CVE-2004-0021
	RESERVED
CVE-2004-0020
	RESERVED
CVE-2004-0019
	RESERVED
CVE-2004-0018
	RESERVED
CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
	{DSA-412}
	- nd 0.8.2-1
CVE-2004-0012
	REJECTED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7)
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
	NOT-FOR-US: FreeBSD netinet
CVE-2003-1565
	REJECTED
CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
	NOT-FOR-US: IBM DB2
CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of ...)
	NOT-FOR-US: microsoft
CVE-2003-1047
	REJECTED
CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
	- bugzilla 2.16.4-1
CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
	- bugzilla 2.16.4-1
CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
	- bugzilla 2.16.4-1
CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
	- bugzilla 2.16.4-1
CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
	- bugzilla 2.16.4-1
CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
	NOTE: linux kernel kmod local DoS, fixed in all current kernels
CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
	NOT-FOR-US: SAP
CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
	NOT-FOR-US: SAP
CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
	NOT-FOR-US: SAP
CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
	NOT-FOR-US: SAP
CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
	NOT-FOR-US: SAP
CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
	NOT-FOR-US: Pi3Web not in debian
CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
	NOT-FOR-US: VBulletin
CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
	NOT-FOR-US: Dameware
CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
	NOT-FOR-US: microsoft
CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
	NOT-FOR-US: solaris
CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
	{DSA-424}
	- mc 1:4.6.0-4.6.1-pre1-1
CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
	NOT-FOR-US: SCO
CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
	- irssi-text 0.8.9-0.1
CVE-2003-1019
	RESERVED
CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
	NOT-FOR-US: AIX
CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
	- flashplugin-nonfree 7.0.25-1
CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
	NOTE: Multiple vendor MIME quote bypass filtering
CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
	- mime-tools 5.411-2
CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
	NOTE: Multiple vendor MIME RFC822 comment bypass filtering
CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.10.0-1
CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
	NOT-FOR-US: Apple
CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
	NOT-FOR-US: Apple
CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
	NOT-FOR-US: Apple
CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
	NOT-FOR-US: Apple
CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
	NOT-FOR-US: Apple
CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
	NOT-FOR-US: Cisco
CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
	NOT-FOR-US: Cisco
CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
	- xchat 2.0.7
CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
	NOT-FOR-US: Solaris
CVE-2003-0998 (Unknown &quot;potential system security vulnerability&quot; in Computer ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0997 (Unknown &quot;Denial of Service Attack&quot; vulnerability in Computer ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
	NOT-FOR-US: Microsoft
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
	- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
	- squirrelmail 1.4.2 (low)
	NOTE: Only potentially exploitable withexternel GPG Plugin, see
	NOTE: http://www.securityfocus.com/archive/1/348366
	NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
	{DSA-425}
	- tcpdump 3.8.1
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
	- apache 1.3.29.0.2-5
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
	NOT-FOR-US: Cisco
CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
	NOT-FOR-US: Cisco
CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
	NOT-FOR-US: visitorbook.pl
CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
	NOT-FOR-US: gpgkeys_hkp
CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
	- cvs 1:1.11.10
CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
	NOT-FOR-US: netware
CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
	NOT-FOR-US: MacOS
CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
	NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
	{DSA-452}
	- libapache-mod-python 2:2.7.10-1
CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
	{DSA-408}
	- screen 4.0.2-0.1
CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
	{DSA-429}
	- gnupg 1.2.4-1
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
	NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
	- freeradius 1.0.1 (unimportant)
	NOTE: freeradius module in question is not built in debian package
CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
	- freeradius 0.9.2-4
CVE-2003-0996 (Unknown &quot;System Security Vulnerability&quot; in Computer Associates (CA) ...)
	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
	{DSA-436}
	- mailman 2.1.4-1
CVE-2003-0964
	REJECTED
CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
	{DSA-406}
	- lftp 2.6.10-1
CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
	{DSA-404}
	- rsync 2.5.6-1.1
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
	NOT-FOR-US: OpenCA
CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21)
CVE-2003-0958
	RESERVED
CVE-2003-0957
	RESERVED
CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22)
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
	NOT-FOR-US: rcp
CVE-2003-0953
	REJECTED
CVE-2003-0952
	REJECTED
CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
	NOT-FOR-US: HP-UX
CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
	NOT-FOR-US: PeopleSoft PeopleTools
CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
	{DSA-405}
	- xsok 1.02-11
CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
	- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
	- clamav 0.65
CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
	NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
	NOT-FOR-US: UnixWare
CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
	NOT-FOR-US: PCAnywhere
CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
	- net-snmp 5.0.9
CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
	NOT-FOR-US: Symbol Access Portable Data Terminal
CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
	{DSA-398}
	- conquest 7.2-5
CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
	{DSA-400}
	- omega-rpg 1:0.90-pa9-11
CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
	{DSA-407}
	- ethereal 0.9.16-0.1
CVE-2003-0923
	REJECTED
CVE-2003-0922
	REJECTED
CVE-2003-0921
	REJECTED
CVE-2003-0920
	REJECTED
CVE-2003-0919
	REJECTED
CVE-2003-0918
	REJECTED
CVE-2003-0917
	REJECTED
CVE-2003-0916
	RESERVED
CVE-2003-0915
	RESERVED
CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
	{DSA-409}
	- bind 1:8.4.3-1
CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
	NOT-FOR-US: MacOS
CVE-2003-0912
	RESERVED
CVE-2003-0911
	RESERVED
CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
	NOT-FOR-US: Windows
CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
	NOT-FOR-US: Windows
CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
	NOT-FOR-US: Windows
CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
	NOT-FOR-US: Windows
CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
	NOT-FOR-US: Windows
CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
	NOT-FOR-US: Windows
CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
	{DSA-402}
	- minimalist 2.4-1
CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
	{DSA-397}
	- postgresql 7.3.4-1
	NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the
	NOTE: DSA, that's why the DSA says that unstable is not affected.
CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...)
	- perl 5.8.2
CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3
CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0897 (&quot;Shatter&quot; vulnerability in CommCtl32.dll in Windows XP may allow local ...)
	NOT-FOR-US: microsoft
CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
	NOT-FOR-US: Sun/Java
CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
	NOT-FOR-US: Oracle
CVE-2003-0893
	RESERVED
CVE-2003-0892
	RESERVED
CVE-2003-0891
	RESERVED
CVE-2003-0890
	RESERVED
CVE-2003-0889
	RESERVED
CVE-2003-0888
	RESERVED
CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...)
	NOTE: verified Debian is not explitable; we don't put the cache in /tmp
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
	{DSA-401}
	- hylafax 1:4.1.8-1
CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...)
	- xscreensaver 4.15
CVE-2003-0884
	RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
	NOT-FOR-US: Apple
CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
	NOT-FOR-US: Apple
CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
	NOT-FOR-US: Apple
CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
	NOT-FOR-US: Apple
CVE-2003-0879
	REJECTED
CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
	NOT-FOR-US: Apple
CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
	NOT-FOR-US: Apple
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
	NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
	NOTE: Vulnerable code not shipped in the binary package
	- openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
	NOT-FOR-US: Deskpro
CVE-2003-0873
	REJECTED
CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
	NOT-FOR-US: SCO
CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
	NOT-FOR-US: Apple
CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
	NOT-FOR-US: Opera
CVE-2003-0869
	REJECTED
CVE-2003-0868
	REJECTED
CVE-2003-0867
	REJECTED
CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
	{DSA-395}
	- tomcat4 4.1.24-2
CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
	{DSA-435}
	- mpg123 0.59r-15
CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
	- ircd-irc2 2.10.3p5-1
CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
	NOTE: php4, this bug appears not to have been fixed.
	NOTE: submitted to BTS on libapache-mod-php4
	NOTE: developer claims there is no problem
CVE-2003-0862
	REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
	- php4 4:4.3.3-1
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
	- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...)
	NOT-FOR-US: Data predating security tracker
CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
	{DSA-492}
	- iproute 20010824-13.1
CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
	- pan 0.13.4-1
CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
	- coreutils 5.2.1-1
CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
	- coreutils 5.2.1-1
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
	- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
	- openssl096 0.9.6l
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
	{DSA-410}
	- libnids 1.18-1
CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
	- cfengine2 2.0.9+2.1.0b3-1
CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
	{DSA-428}
	- slocate 2.7-3
CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
	NOT-FOR-US: SuSE
CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
	NOT-FOR-US: SuSE
CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
	NOT-FOR-US: JBoss
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
	- libapache-mod-gzip <unfixed> (unimportant)
	NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
	NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
	NOT-FOR-US: HPUX
CVE-2003-0839 (Directory traversal vulnerability in the &quot;Shell Folders&quot; capability in ...)
	NOT-FOR-US: microsoft
CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
	NOT-FOR-US: microsoft
CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
	NOTE: mplayer fixed before upload
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
	NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
	{DSA-392}
	- webfs 1.20
CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
	- proftpd 1.2.9-1
CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
	{DSA-390}
	- marbles <removed>
CVE-2003-0829
	RESERVED
CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
	{DSA-391}
	- freesweep 0.88-4.1 (bug #242616)
CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
	{DSA-717-1}
	- lsh-utils 1.4.2-6
CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
	NOT-FOR-US: microsoft
CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
	NOT-FOR-US: microsoft
CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
	NOT-FOR-US: microsoft
CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
	NOT-FOR-US: microsoft
CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
	NOT-FOR-US: microsoft
CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: microsoft
CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
	NOT-FOR-US: microsoft
CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0811
	RESERVED
CVE-2003-0810
	RESERVED
CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
	NOT-FOR-US: microsoft
CVE-2003-0808
	RESERVED
CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
	NOT-FOR-US: microsoft
CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
	{DSA-387}
	- gopher 3.0.6
	NOTE: gopherd was removed from the gopher package in version 3.0.6.
CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
	NOT-FOR-US: BSD
CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
	NOT-FOR-US: Nokia
CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
	NOT-FOR-US: Nokia
CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
	NOT-FOR-US: Nokia
CVE-2003-0800
	REJECTED
CVE-2003-0799
	REJECTED
CVE-2003-0798
	REJECTED
CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
	{DSA-415}
	- quagga 0.96.4x-4
CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
	- gdm 2.4.4.4
CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
	- gdm 2.4.4.4
CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
	- fetchmail 6.2.5
CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
	- mozilla 2:1.5
CVE-2003-0790
	REJECTED
CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
	- apache2 2.0.48
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
	- cups 1.1.19
	- cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
	- openssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
	- openssh 1:3.7.1p2
CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
	{DSA-389}
	- ipmasq 3.5.12
CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
	NOT-FOR-US: IBM TSM
CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
	{DSA-385}
	- hztty 2.0-6
CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
	{DSA-467}
	- ecartis 1.0.0+cvs.20030911
CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
	{DSA-381}
	- mysql-dfsg 4.0.15-1
CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
	- asterisk 0.7.0
CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly &quot;check the ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
	{DSA-379}
	- sane-backends 1.0.11-1
CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
	NOT-FOR-US: WS_FTP server
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
	- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
	NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
	NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
	NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
	NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
	NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
	NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
	NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
	NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
	- asterisk 0.5.0
CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: optisoft blubster
CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
	NOT-FOR-US: IBM DB2
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
	NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
	NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
	NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
	NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
	NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
	NOT-FOR-US: SAP
CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
	NOT-FOR-US: SAP
CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
	NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
	NOT-FOR-US: castlerock SNMPc
CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
	- leafnode 1.9.42
CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
	{DSA-376}
	- exim 3.36-8
CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
	NOT-FOR-US: SCO
CVE-2003-0741
	REJECTED
CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
	- stunnel 2:3.26 (bug #278942)
	- stunnel4 2:4.04
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
	NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
	NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
	- libpam-ldap 164-1
	- libnss-ldap 207-1
CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
	NOT-FOR-US: BEA weblogic
CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
	NOT-FOR-US: cisco
CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
	NOT-FOR-US: cisco
CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
	{DSA-380}
	- xfree86 4.2.1-12
CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
	NOT-FOR-US: tellurian tftpdNT
CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
	- horde2 2.2.4
CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
	NOT-FOR-US: oracle
CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
	NOT-FOR-US: RealOne player
CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
	NOT-FOR-US: Real Networks Server / Helix Server
CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
	NOT-FOR-US: HP Tru64
CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
	- gkrellm 2.1.14
CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
	NOT-FOR-US: solaris
CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
	- pine 4.58
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
	- pine 4.58
	- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
	NOT-FOR-US: microsoft
CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
	NOT-FOR-US: microsoft
CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
	NOT-FOR-US: microsoft
CVE-2003-0716
	RESERVED
CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
	NOT-FOR-US: microsoft
CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
	NOT-FOR-US: microsoft
CVE-2003-0713
	RESERVED
CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
	NOT-FOR-US: microsoft
CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
	NOT-FOR-US: pchealth for windows
CVE-2003-0710
	RESERVED
CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
	- whois 4.6.7
CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
	{DSA-375}
	- node 0.3.2-1
CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
	{DSA-378}
	- mah-jong 1.5.6-2
CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
	NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
	NOT-FOR-US: microsoft
CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
	NOT-FOR-US: microsoft
CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
	NOTE: fixed in 2.4.22-pre3
CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
	NOTE: fixed in 2.4.21-rc2
CVE-2003-0698
	REJECTED
CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
	NOT-FOR-US: AIX
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
	NOT-FOR-US: AIX
CVE-2003-0695 (Multiple &quot;buffer management errors&quot; in OpenSSH before 3.7.1 may allow ...)
	{DSA-383 DSA-382}
	- openssh 1:3.7.1
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0693 (A &quot;buffer management error&quot; in buffer_append_space of buffer.c for ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-6.0
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
	{DSA-388}
	- kdebase 4:3.2
CVE-2003-0691
	REJECTED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
	{DSA-443 DSA-388}
	- xfree86 4.3.0-0pre1v2
	- kdebase 4:3.2
CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
	- glibc 2.2.5
CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
	- sendmail 8.12.9
CVE-2003-0687
	REJECTED
CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
	{DSA-374}
	- libpam-smb <removed>
CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
	{DSA-372}
	- netris 0.52-1
CVE-2003-0684
	REJECTED
CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
	NOT-FOR-US: SGI
CVE-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
	{DSA-383 DSA-382}
	- openssh 1:3.6.1p2-9
CVE-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
	{DSA-384}
	- sendmail 8.12.10-1
CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0678
	REJECTED
CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
	NOT-FOR-US: Sun iPlanet
CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
	{DSA-370}
	- pam-pgsql 0.5.2-7
CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
	NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
	NOT-FOR-US: solaris
CVE-2003-0668
	RESERVED
CVE-2003-0667
	RESERVED
CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
	NOT-FOR-US: microsoft
CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
	NOT-FOR-US: microsoft
CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
	NOT-FOR-US: microsoft
CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
	NOT-FOR-US: microsoft
CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
	NOT-FOR-US: microsoft
CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
	NOT-FOR-US: microsoft
CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
	NOT-FOR-US: microsoft
CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
	NOT-FOR-US: microsoft
CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
	NOT-FOR-US: docview / caldera
CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
	{DSA-366}
	- eroaster 2.2.0-0.5-1
CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
	- cdrtools 4:2.0+a18-1
CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
	{DSA-373}
	- autorespond 2.0.4-1
CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
	NOT-FOR-US: NetBSD
CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
	{DSA-367}
	- xtokkaetama 1.0b-9
CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
	NOT-FOR-US: mod_mylo for apache
CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
	NOT-FOR-US: gamespy
CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
	{DSA-368}
	- xpcd 2.08-9
CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
	{DSA-472}
	- fte 0.50.0-1.1 (bug #203871)
CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
	NOT-FOR-US: ActiveX
CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
	- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
	NOT-FOR-US: Watchguard / win
CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
	NOT-FOR-US: novell ichain
CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
	NOT-FOR-US: novell ichain
CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
	NOT-FOR-US: novell ichain
CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
	NOT-FOR-US: novell ichain
CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
	NOT-FOR-US: novell ichain
CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
	NOT-FOR-US: oracle
CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
	NOT-FOR-US: oracle
CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
	NOT-FOR-US: oracle
CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
	NOT-FOR-US: VMware
CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
	{DSA-359}
	- atari800 1.3.1-2
CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
	NOT-FOR-US: peoplesoft
CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
	{DSA-360}
	- xfstt 1.5.1-1
CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
	NOT-FOR-US: BEA Tuxedo
CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
	{DSA-364}
	- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
	{DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
	{DSA-431}
	- perl 5.8.3-3
CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
	{DSA-362}
	- mindi 0.86-1
CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
	{DSA-371}
	- perl 5.8.0-19
CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
	{DSA-355}
	- gallery 1.3.4-3
CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
	{DSA-369}
	- zblast 1.2.1-7
CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...)
	- crafty 19.3-1
CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
	{DSA-356}
	- xtokkaetama 1.0b-8
CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
	NOT-FOR-US: McAfee
CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
	NOT-FOR-US: Solaris
CVE-2003-0608
	RESERVED
CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
	{DSA-354}
	- xconq 7.4.1-2.1 (bug #202963)
CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
	{DSA-353}
	- sup 1.8-9
CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
	- bugzilla 2.16.3
CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
	- bugzilla 2.16.3
CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
	NOT-FOR-US: Apple
CVE-2003-0600
	RESERVED
CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0598
	REJECTED
CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
	NOT-FOR-US: Unixware
CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
	{DSA-352}
	- fdclone 2.04-1
CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
	NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
	NOTE: cannot find reference to it being fixed.
CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
	NOT-FOR-US: opera
CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
	{DSA-459}
	- kdelibs 4:3.1.3-1
CVE-2003-0591
	REJECTED
CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Digi-ads
CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
	NOT-FOR-US: Digi-news
CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
	NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
	NOT-FOR-US: Brooky eStore
CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
	NOT-FOR-US: BRU
CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
	NOT-FOR-US: BRU
CVE-2003-0582
	REJECTED
CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
	{DSA-360}
	- xfstt 1.5-1
CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
	NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
	- mpg123 0.59r-1
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
	NOT-FOR-US: IRIX
CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
	NOT-FOR-US: IRIX
CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
	NOT-FOR-US: IRIX
CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
	NOT-FOR-US: IRIX
CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
	NOT-FOR-US: IRIX
CVE-2003-0571
	REJECTED
CVE-2003-0570
	REJECTED
CVE-2003-0569
	REJECTED
CVE-2003-0568
	REJECTED
CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
	NOT-FOR-US: Cisco
CVE-2003-0566
	RESERVED
CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
	NOTE: affects many implementations of the X.400 protocol
CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
	NOTE: affects multiple S/MIME implementations
	NOTE: checked current mozilla, which contains safe NSS 3.9.1
	- mozilla 2:1.7.3
CVE-2003-0563
	RESERVED
CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
	NOT-FOR-US: Novell Netware
CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
	NOT-FOR-US: IglooFTP
CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
	NOT-FOR-US: VP-ASP
CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
	NOT-FOR-US: phpforum
CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
	NOT-FOR-US: LeapFTP
CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
	NOT-FOR-US: StoreFront
CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Polycom MGC
CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
	NOT-FOR-US: NeoModus Direct Connect
CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
	NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
	- gdm 2.4.1.5
CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
	- gdm 2.4.1.5
CVE-2003-0547 (GDM before 2.4.1.6, when using the &quot;examine session errors&quot; feature, ...)
	- gdm 2.4.1.5
CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
	NOT-FOR-US: up2date
CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
	{DSA-394 DSA-393}
	- openssl 0.9.7c
	- openssl096 0.9.6k
CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
	- apache2 2.0.48
	- apache 1.3.29
CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
	{DSA-710-1}
	- evolution <not-affected> (Does not affect evolution on debian)
	- gtkhtml 1.0.4-6.2
CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
	{DSA-343}
	- skk 10.62a-6
	- ddskk 12.1.cvs.20030622-1
CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
	{DSA-342}
	- mozart 1.2.5.20030212-2
CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
	{DSA-341}
	- liece 2.0+0.20030527cvs-1
CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
	{DSA-346}
	- phpsysinfo 2.1-1
CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
	{DSA-345}
	- xbl 1.0k-6
CVE-2003-0534
	RESERVED
CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
	NOT-FOR-US: Microsoft
CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
	NOT-FOR-US: Microsoft
CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2003-0529
	RESERVED
CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
	NOT-FOR-US: Microsoft
CVE-2003-0527
	RESERVED
CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
	NOT-FOR-US: Microsoft
CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
	- qt-x11-free <not-affected> (appears specific to the knoppix CD)
CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
	NOT-FOR-US: ProductCart
CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
	NOT-FOR-US: ProductCart
CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
	NOT-FOR-US: Microsoft
CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
	NOT-FOR-US: MacOS
CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
	- mgetty 1.1.29 (bug #199351)
CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
	{DSA-347}
	- teapop 0.3.5-2
CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
	NOT-FOR-US: Safari
CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
	NOT-FOR-US: MSIE
CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
	NOT-FOR-US: Cisco
CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
	NOT-FOR-US: Cisco
CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
	NOT-FOR-US: ezbounce
CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
	NOT-FOR-US: Cyberstrong eShop
CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
	NOT-FOR-US: acroread
CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
	NOT-FOR-US: Microsoft
CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
	{DSA-365}
	- phpgroupware 0.9.14.007-1
CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
	NOT-FOR-US: Microsoft
CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
	NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
	{DSA-338}
	- proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
	{DSA-335}
	- mantis 0.17.5-6
CVE-2003-0498 (Cach&#233; Database 5.x installs the /cachesys/csp directory with insecure ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0497 (Cach&#233; Database 5.x installs /cachesys/bin/cache with world-writable ...)
	NOT-FOR-US: Intersystems Cache database
CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
	NOT-FOR-US: lednews; not in debian
CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
	NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
	NOT-FOR-US: Xoops
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
	NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
	{DSA-330}
	- tcptraceroute 1.4-4
CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
	NOT-FOR-US: Kerio Mail server
CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
	- phpbb2 2.0.6
CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
	NOT-FOR-US: Progress 4GL Compiler
CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
	- phpbb2 2.0.6d-3
CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
	NOT-FOR-US: XMB Forum
CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
	- tutos 1.1.20030715-1
CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	- tutos 1.1.20030715-1
CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
	NOT-FOR-US: VMware
CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
	NOT-FOR-US: WebBBS; not in debian
CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
	NOT-FOR-US: bahamut and other irc daemons; not in debian
CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
	- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
	{DSA-423 DSA-358}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
	NOT-FOR-US: iWeb server
CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
	NOT-FOR-US: iWeb server
CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
	NOT-FOR-US: SGI IRIX
CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
	NOT-FOR-US: webadmin / win
CVE-2003-0470 (Buffer overflow in the &quot;RuFSI Utility Class&quot; ActiveX control (aka ...)
	NOT-FOR-US: symantec activex
CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
	{DSA-363}
	- postfix 1.1.12
CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
	NOTE: fixed in linux 2.4.21
CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
	{DSA-357}
	- wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
	- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
	NOTE: arch specific asm versions:
	NOTE: x86 is not affected
	NOTE: ppc32 fixed in 2.4.22-rc4
	NOTE: not an issue on alpha, see bug #280492
	- kernel-source-2.4.27 2.4.27-8
	NOTE: above fixes s390x, ppc64 and s390 and generic C version
CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
	NOTE: fixed in linux 2.4.22-pre8
CVE-2003-0463
	REJECTED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
	{DSA-423 DSA-358}
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
	- kernel-source-2.4.27 2.4.27-1
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
	- apache <not-affected> (Affects only Apache for Windows and OS/2)
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
	NOT-FOR-US: HP
CVE-2003-0457
	RESERVED
CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
	NOT-FOR-US: visnetic website
CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
	{DSA-331}
	- imagemagick 4:5.5.7-1
CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
	{DSA-334}
	- xgalaga 2.0.34-22
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
	{DSA-348}
	- traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
	{DSA-329}
	- osh 1.7-12
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
	{DSA-327}
	- xbl 1.0k-5
CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
	{DSA-321}
	- radiusd-cistron 1.6.6-2
CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
	NOT-FOR-US: progress database
CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
	NOT-FOR-US: portmon; not in debian
CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
	NOT-FOR-US: microsoft
CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
	NOT-FOR-US: microsoft
CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
	{DSA-328}
	- webfs 1.20
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
	{DSA-337}
	- gtksee 0.5.6-1
CVE-2003-0443
	RESERVED
CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
	{DSA-351}
	- php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
	{DSA-326}
	- orville-write 2.54-1
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
	{DSA-339}
	- semi 1.14.5+20030609-1 (bug #223456)
	- wemi <removed>
CVE-2003-0439
	REJECTED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
	{DSA-325}
	- eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
	- mnogosearch 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
	- mnogosearch 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
	{DSA-322}
	- typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
	- kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable)
	- gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
	- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
	{DSA-315}
	- gnocatan 0.8.0-1 (bug #328136)
	- pioneers <not-affected> (bug #328136)
CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
	- ethereal 0.9.13-1
CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
	{DSA-324}
	- ethereal 0.9.13-1
CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
	{DSA-320}
	- mikmod 3.1.6-6
CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
	NOT-FOR-US: Apple
CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
	NOT-FOR-US: Apple
CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
	NOT-FOR-US: Apple
CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
	NOT-FOR-US: Apple
CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
	NOT-FOR-US: Apple
CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
	NOT-FOR-US: SMC
CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
	- kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
	- linux-2.6 <not-affected> (Affects only Linux 2.0.x)
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
	NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
	NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
	NOT-FOR-US: Sun ONE
CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
	NOT-FOR-US: AnalogX proxy
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
	NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
	NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
	- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
	NOT-FOR-US: PalmVNC
CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
	NOT-FOR-US: Vignette
CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
	NOT-FOR-US: Vignette
CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
	NOT-FOR-US: Vignette
CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
	NOT-FOR-US: Vignette / AIX
CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
	NOT-FOR-US: Vignette StoryServer
CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
	NOT-FOR-US: FastTrack network code (Kazaa)
CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
	- linux-atm 2.4.1
CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
	NOT-FOR-US: Ultimate PHP Board
CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
	NOT-FOR-US: BLNews
CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
	NOT-FOR-US: Privacyware Privatefirewall
CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
	NOT-FOR-US: ST FTP Service (DOS)
CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
	NOT-FOR-US: Magic WinMail Server
CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
	- opt 3.19
CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
	NOT-FOR-US: RSA ACE/Agent
CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
	- pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer)
	NOTE: From the libc documentation:
	NOTE: "The user cannot do anything to fool these functions."
	NOTE: This means that this is not a bug in getlogin.
CVE-2003-0387
	RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
	- openssh 1:3.8p1-1
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
	{DSA-310}
	- xaos 3.1r-4
CVE-2003-0384
	RESERVED
CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
	{DSA-309}
	- eterm 0.9.2-1
CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
	{DSA-323}
	- noweb 2.10c-3.1 (bug #271146)
CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
	{DSA-314}
	- atftp 0.6.2
CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
	NOT-FOR-US: MaxOS
CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
	NOT-FOR-US: MaxOS
CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Eudora
CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
	NOT-FOR-US: XMBforum aka Partagium)
CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
	- nessus-core 2.0.6
CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow ...)
	- nessus-core 2.0.6
CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...)
	- nessus-core 2.0.6
CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
	NOT-FOR-US: Prishtina FTP client
CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
	{DSA-361}
	- kdelibs 4:3.1.3-1
CVE-2003-0369
	RESERVED
CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
	NOT-FOR-US: Nokia Gateway GPRS
CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
	{DSA-318}
	- lyskom-server 2.0.7-2
CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
	NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6)
CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
	- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
	{DSA-307}
	- gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
	{DSA-316}
	- nethack 3.4.1-1
	- jnethack 1.1.5-15
	- slashem 0.0.6E4F8-6
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
	{DSA-350 DSA-316}
	- falconseye 1.9.3-9
	- nethack 3.4.1-1
	- slashem 0.0.6E4F8-6
	- jnethack 1.1.5-15
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
	{DSA-313}
	- ethereal 0.9.12-1
CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
	NOT-FOR-US: Safari
CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
	- gs-gpl 7.07
CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
	NOT-FOR-US: Microsoft
CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2003-0351
	REJECTED
CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...)
	NOT-FOR-US: Microsoft
CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
	NOT-FOR-US: Microsoft
CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
	NOT-FOR-US: Microsoft
CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
	NOT-FOR-US: Microsoft
CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
	NOT-FOR-US: Microsoft
CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
	NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
	NOT-FOR-US: Owl Intranet Engine
CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
	NOT-FOR-US: Puresecure
CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
	NOT-FOR-US: WsMp3
CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
	NOT-FOR-US: WsMp3
CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
	NOT-FOR-US: lsadmin
CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Eudora
CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
	NOT-FOR-US: Slaskware specific
CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
	- ircii-pana 1:1.0-0c19.20030512-1
CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
	NOT-FOR-US: C-Kermit on HP-UX
CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
	NOT-FOR-US: BadBlue
CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
	NOT-FOR-US: ttForum
CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
	NOT-FOR-US: CesarFTP
CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
	{DSA-399 DSA-306}
	- epic4 1:1.1.11.20030409-2
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
	NOT-FOR-US: Sybase Adaptive Server Enterprise
CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
	- slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments)
	NOTE: Even if exploited, you get only slocate gid.
CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
	- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
	{DSA-287}
	- epic4 1:1.1.11.20030409-1
	- epic 3.004-19
CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
	{DSA-298 DSA-291}
	- epic4 1:1.1.11.20030409-1
	- ircii 20030315-1
CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
	{DSA-306}
	- ircii-pana 1:1.0-0c19-8
CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
	NOT-FOR-US: ttCMS
CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
	NOT-FOR-US: SmartMax MailMax
CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
	NOT-FOR-US: iisPROTECT
CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
	NOT-FOR-US: Venturi Client
CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
	NOT-FOR-US: Snowblind Web Server
CVE-2003-0311
	RESERVED
CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
	- ezpublish 2.2.8-1
CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: MSIE
CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
	{DSA-305}
	- sendmail 8.12.9-2
CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
	NOT-FOR-US: Poster version.two
CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
	NOT-FOR-US: Windows
CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
	NOT-FOR-US: Cisco
CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
	NOT-FOR-US: Eudora
CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
	NOT-FOR-US: Microsort
CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
	NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway
CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
	NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway
CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
	- mozilla 2:1.5-1
	NOTE: May have been fixed in an earlier version. Not clear how
	NOTE: Mozilla's a/b versions map to the Debian version.
CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
	- uw-imap 7:2002c
	- pine 4.62-1
	- alpine <not-affected> (this was fixed in pine before alpine was released to the public)
	NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable
CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
	- evolution 1.3.2
CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
	NOT-FOR-US: vBulletin
CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: php-proxima
CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: PalmOS
CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
	NOT-FOR-US: Inktomi
CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
	NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: eServ
CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
	- cdrtools 4:2.0+a14-1
CVE-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP ...)
	NOT-FOR-US: IP Messenger for Win
CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
	NOT-FOR-US: Movable Type
CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 ...)
	NOT-FOR-US: Snitz Forums
CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
	NOT-FOR-US: bad sendmail config on AIX
CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
	NOT-FOR-US: Adobe Acrobat
CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
	NOT-FOR-US: Phorum
CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
	{DSA-344}
	- unzip 5.50-3
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
	- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
	NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
	NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
	NOT-FOR-US: HappyMail
CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
	NOT-FOR-US: HappyMail
CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Pi3Web
CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: YaBB SE
CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
	NOT-FOR-US: ListProc
CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
	- request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian)
CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
	NOT-FOR-US: miniPortail
CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
	NOT-FOR-US: Personal FTP Server
CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
	NOT-FOR-US: Apple Airport
CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
	NOT-FOR-US: youbin
CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
	NOT-FOR-US: SLWebMail on Windows
CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
	NOT-FOR-US: SDBINST for SAP database
CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
	NOT-FOR-US: SLMail
CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
	NOT-FOR-US: FTGatePro
CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
	{DSA-299}
	- leksbot 1.2-5 (bug #186421)
CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
	{DSA-302}
	- fuzz 0.6-7.1
CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
	NOT-FOR-US: Cisco
CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
	NOT-FOR-US: AIX
CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
	- kdenetwork 3.2.0
CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
	- gnupg 1.2.2
CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
	- apache2 2.0.47
CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
	- apache2 2.0.47
CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
	{DSA-349}
	- nfs-utils 1:1.0.3-2
CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
	- nis 3.11
CVE-2003-0250
	RESERVED
CVE-2003-0249 (** DISPUTED ** ...)
	NOTE: unimportant (php)
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
	- linux-2.6 <not-affected>
CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
	- linux-2.6 <not-affected>
CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
	- apache2 2.0.46
CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2)
	- linux-2.6 <not-affected>
CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
	NOT-FOR-US: Happycgi.com Happymall
CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
	NOT-FOR-US: MacOS
CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
	NOT-FOR-US: FrontRange GoldMine / win
CVE-2003-0240 (The web-based administration capability for various Axis Network ...)
	NOT-FOR-US: Axis Network Camera
CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0237 (The &quot;ICQ Features on Demand&quot; functionality for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
	NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0234
	RESERVED
CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
	NOT-FOR-US: microsoft
CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
	NOT-FOR-US: microsoft
CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
	NOT-FOR-US: microsoft
CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain ...)
	NOT-FOR-US: microsoft
CVE-2003-0229
	RESERVED
CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
	NOT-FOR-US: microsoft
CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
	NOT-FOR-US: microsoft
CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
	NOT-FOR-US: microsoft
CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
	NOT-FOR-US: microsoft
CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
	NOT-FOR-US: microsoft
CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
	NOT-FOR-US: microsoft
CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
	NOT-FOR-US: oracle
CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
	NOT-FOR-US: HP tru64
CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
	NOT-FOR-US: Monkey http daemon; not in debian
CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
	NOT-FOR-US: cisco
CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
	NOT-FOR-US: bttlxeForum / win
CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
	{DSA-292}
	- mime-support 3.23-1
CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
	{DSA-295}
	- pptpd 1.1.4-0.b3.2
CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
	{DSA-289}
	- rinetd 0.61-2
CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
	- xinetd 1:2.3.11
CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
	NOT-FOR-US: cisco
CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
	NOT-FOR-US: macromedia flash
CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
	{DSA-286}
	- gs-common 0.3.3.1
CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
	{DSA-294}
	- gkrellm-newsticker <removed>
CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
	{DSA-296 DSA-293 DSA-284}
	- kdebase 4:3.1.0-1
	- kdegraphics 4:3.1.0-1
CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
	{DSA-281}
	- moxftp 2.2-18.20
CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
	{DSA-279}
	- metrics <removed>
CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0200
	REJECTED
CVE-2003-0199
	REJECTED
CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
	NOT-FOR-US: MacOS
CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
	NOT-FOR-US: Interbase Database
CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
	{DSA-280}
	- samba 3.0
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
	{DSA-317}
	- cups 1.1.19final-1
	- cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
	- tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw)
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
	{DSA-575-1}
	- catdoc 0.91.5-2
CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
	- apache2 2.0.47
CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
	- openssh 1:3.8.1p1-8.sarge.4 (bug #196413)
CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
	- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
	{DSA-304}
	- lv 4.49.5-2
CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21)
CVE-2003-0186
	RESERVED
CVE-2003-0185
	RESERVED
CVE-2003-0184
	RESERVED
CVE-2003-0183
	RESERVED
CVE-2003-0182
	RESERVED
CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
	NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
	NOT-FOR-US: IRIX
CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
	NOT-FOR-US: IRIX
CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
	NOT-FOR-US: IRIX
CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
	NOT-FOR-US: IRIX
CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
	{DSA-283}
	- xfsdump 2.2.8-1
CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
	- php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
	NOT-FOR-US: MacOS
CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
	NOT-FOR-US: AIX
CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
	NOT-FOR-US: HP Instant TopTools
CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
	NOT-FOR-US: Apple QuickTime Player
CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
	{DSA-300 DSA-274}
	- balsa 2.0.10
	- mutt 1.4.0
CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
	- php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
	- eog 2.2.1
CVE-2003-0164
	RESERVED
CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
	- gaim-encryption <not-affected> (fixed before first upload; 1.16)
CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
	{DSA-271}
	- ecartis 1.0.0+cvs.20030321-1
CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
	{DSA-290 DSA-278}
	- sendmail-wide 8.12.9+3.5Wbeta-1
	- sendmail 8.12.9-1
CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
	- squirrelmail 1:1.2.11
CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
	- ethereal 0.9.10
CVE-2003-0158
	REJECTED
CVE-2003-0157
	REJECTED
CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
	{DSA-264}
	- lxr 0.3-4
CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
	{DSA-265}
	- bonsai 1.3+cvs20030317-1
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
	- mysql <removed>
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
	NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
	{DSA-263}
	- lpr 1:2000.05.07-4.20
	- netpbm-free 2:9.20-9
CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
	{DSA-275 DSA-267}
	- lpr 1:2000.05.07-4.20
	- lpr-ppd 1:0.72-3
CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
	NOT-FOR-US: acroread
CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
	NOT-FOR-US: Real
CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
	{DSA-268}
	- mutt 1.5.4-1
CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
	{DSA-273 DSA-266}
	- krb4 1.2.2-1
	- krb5 1.2.7-3
CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
	{DSA-273 DSA-269 DSA-266}
	- krb4 1.2.2-1
	- heimdal 0.5.2-1
	- krb5 1.2.7-3
CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
	NOT-FOR-US: Nokia Serving GPRS support node
CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
	{DSA-285}
	- lprng 3.8.20-4.
CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
	- vsftpd <not-affected> (Red Hat specific packaging flaw)
CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
	- apache2 2.0.46
CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
	- evolution 1.2.4
CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
	- apache2 2.0.45
CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
	{DSA-288}
	- openssl 0.9.7b-1
	- openssl096 0.9.6j-1
CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
	- evolution 1.2.3
CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
	- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
	[sarge] - kernel-source-2.6.8 <not-affected>
	- linux-2.6 <not-affected>
	- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21)
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
	NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
	NOT-FOR-US: AIX
CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
	NOT-FOR-US: Microsoft
CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
	NOT-FOR-US: Microsoft
CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
	NOT-FOR-US: Microsoft
CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
	NOT-FOR-US: Microsoft
CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
	NOT-FOR-US: Microsoft
CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
	NOT-FOR-US: Microsoft
CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
	NOT-FOR-US: Microsoft
CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
	NOT-FOR-US: Microsoft
CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
	NOT-FOR-US: Microsoft
CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
	NOT-FOR-US: Symantec Enterprise Firewall
CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
	NOT-FOR-US: ServerMask
CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
	{DSA-319}
	- webmin 1.070-1
CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
	{DSA-277}
	- apcupsd 3.8.5-1.2
CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
	NOT-FOR-US: Oracle
CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
	NOT-FOR-US: Solaris
CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
	NOT-FOR-US: Solaris
CVE-2003-0090
	REJECTED
CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
	NOT-FOR-US: HP-UX
CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
	{DSA-262}
	- samba 2.2.8
CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
	NOT-FOR-US: mod_auth_any not in Debian
CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
	- apache2 2.0.46
	- apache 1.3.25
CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
	{DSA-266}
	- krb5 1.3.3-2
CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
	- gnome-lokkit 0.50.22-4
CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
	- dcgui 0.2.2
CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
	- plptools 0.12-0
CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
	{DSA-266}
	- krb5 1.2.7-3
	NOTE: changelog does not mention this one, verified patch from upstream was applied to this version.
CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
	NOT-FOR-US: HP UX
CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
	- krb5 1.2.4
CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
	{DSA-248}
	- hypermail 2.1.6-1
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
	{DSA-252}
	- slocate 2.7-1
CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
	NOT-FOR-US: MacOS
CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
	- putty 0.53-b-2003-01-04-1
	NOTE: apparently fixed upstream 2002-11-12 changelog
CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
	NOT-FOR-US: commercial ssh clients
CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
	{DSA-246}
	- tomcat <removed>
CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
	- krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs)
CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
	{DSA-436}
	- mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
	{DSA-244}
	- noffle 1.1.2-1
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
	- mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable)
	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
	NOTE: chooser/mtinkc.c's version, which goes into mtinkc
CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
	NOT-FOR-US: Protegrity Secure.Data Extension Feature
CVE-2003-0029
	RESERVED
CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
	{DSA-282 DSA-272 DSA-266}
	- glibc 2.3.1-16
	- dietlibc 0.22-2
	- krb5 1.3.3-2
	NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
	{DSA-231}
	- dhcp3 3.0+3.0.1rc11-1
CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
	{DSA-229}
	- imp 2.2.6-7
	- imp3 <not-affected>
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
	{DSA-633-1}
	- bmv 1.2-17
CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
	NOT-FOR-US: Microsoft
CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
	NOT-FOR-US: Windows Script Engine for JScript
CVE-2003-0008
	RESERVED
CVE-2003-0006
	RESERVED
CVE-2003-0005
	RESERVED
CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)
CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
	NOT-FOR-US: IBM DB2
CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
	[woody] - mailreader <not-affected> (Affects only 2.3.30-2.3.32)
	- mailreader 2.3.33
CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
	{DSA-534}
	- mailreader 2.3.29-9
CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
	{DSA-215}
	- cyrus-imapd 1.5.19-9.10
CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
	NOT-FOR-US: SAP
CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
	NOT-FOR-US: SAP
CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
	NOT-FOR-US: SAP
CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
	NOT-FOR-US: SAP
CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
	{DSA-437}
	- cgiemail 1.6-20
CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
	- ucd-snmp 4.2.3-2
CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
	- gv 1:3.5.8-27
CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
	- openssl 0.9.6g-1
CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
	NOTE: tomcat4 cross-site scripting vuln
CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
	- netris 0.52-1
CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
	- wget 1.8.2-8
CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
	NOT-FOR-US: microsoft
CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
	- stunnel4 4.04-1
	- stunnel 2:3.24-1
CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
	{DSA-396}
	- thttpd 2.23beta1-2.3 (bug #216677)
CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
	NOT-FOR-US: microsoft
CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
	NOT-FOR-US: ion-p
CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
	NOT-FOR-US: cisco
CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
	NOT-FOR-US: cisco
CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a &quot;public&quot; ...)
	NOT-FOR-US: cisco
CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
	NOT-FOR-US: cisco
CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
	NOT-FOR-US: cisco
CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
	NOT-FOR-US: AIX
CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Webweaver
CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
	NOT-FOR-US: Coolsoft
CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
	NOT-FOR-US: SolarWinds
CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
	NOT-FOR-US: MDaemon
CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Molly
CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
	NOT-FOR-US: Symantec
CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
	- jetty <not-affected> (Fixed before upload into archive; 4.1 series)
CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
	NOT-FOR-US: EMU Webmail
CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
	NOT-FOR-US: Sun
CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
	NOT-FOR-US: Miniserver
CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
	NOT-FOR-US: PowerFTP
CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
	NOT-FOR-US: Coolforum
CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: BRU
CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
	NOT-FOR-US: Unreal
CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
	- linuxconf <removed>
CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
	NOT-FOR-US: webserver-4everyone
CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
	NOT-FOR-US: AFD not in debian
CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
	NOT-FOR-US: NetBSD
CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
	NOT-FOR-US: FactoSystem
CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
	NOT-FOR-US: SWServer
CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
	NOT-FOR-US: Jawmail
CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
	NOT-FOR-US: Cisco
CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
	NOT-FOR-US: PlanetDNS
CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
	NOT-FOR-US: db4web
CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
	NOT-FOR-US: db4web
CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
	NOT-FOR-US: phpGB not in Debian
CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
	NOT-FOR-US: HPUX
CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
	NOT-FOR-US: HPUX
CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
	NOT-FOR-US: HPUX
CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
	NOT-FOR-US: Shoutcase
CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
	- flashplugin-nonfree 6.0.61.0-1
CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
	NOT-FOR-US: Cafelog
CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
	NOT-FOR-US: Cafelog
CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
	NOT-FOR-US: Cafelog
CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
	NOT-FOR-US: Organic PHP
CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Webshop Manager
CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
	NOT-FOR-US: L-Forum not in Debian
CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: mIRC
CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
	NOT-FOR-US: OmniHTTPD
CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
	NOT-FOR-US: Blazix not in Debian
CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
	NOT-FOR-US: IBM UniVerse
CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
	NOT-FOR-US: eUpload not in Debian
CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
	NOT-FOR-US: CERN HTTPD not in Debian
CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
	NOT-FOR-US: Google Toolbar
CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
	NOT-FOR-US: Tomahawk
CVE-2002-1440 (The Gateway GS-400 server has a default root password of &quot;0001n&quot; that ...)
	NOT-FOR-US: Gateway
CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
	NOT-FOR-US: HPUX
CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
	NOT-FOR-US: Kerio
CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Kerio
CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
	NOT-FOR-US: MidiCart
CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
	NOT-FOR-US: Belkin
CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
	NOT-FOR-US: ShoutBox
CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
	NOT-FOR-US: dotproject
CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
	NOT-FOR-US: Easy Homepage Creator
CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
	- phpgroupware <not-affected> (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x)
CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
	NOT-FOR-US: Webeasymail
CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
	NOT-FOR-US: Duma
CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
	NOT-FOR-US: East Guestbook
CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
	NOT-FOR-US: HPUX
CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
	NOT-FOR-US: HP Openview
CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
	NOT-FOR-US: HPUX
CVE-2002-1404
	REJECTED
CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
	- postgresql 7.2.2-2
CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
	{DSA-165}
	- postgresql 7.2.2-2
CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
	- postgresql 7.2.2-2
CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
	{DSA-202}
	- im 1:141-20
CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
	- kdemultimedia 4:3.0.5a
	- kdebase 4:3.0.5a
	- kdeutils 4:3.0.5a
	- kdegames 4:3.0.5a
	- kdesdk 4:3.0.5a
	- kdepim 4:3.0.5a
	- kdelibs 4:3.0.5a
	- kdenetwork 4:3.0.5a
	- kdegraphics 4:3.0.5a
	- kdeadmin 4:3.0.5a
CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
	{DSA-227}
	- openldap2 2.0.27-3
CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1370
	REJECTED
CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
	- openssh <not-affected> (OpenSSH not vulnerable)
CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.9.8-1
CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
	- ethereal 0.9.8-1
CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
	NOT-FOR-US: LocalWEB2000 HTTP server
CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
	NOT-FOR-US: CartMan
CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
	NOT-FOR-US: Melange Chat System
CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
	- cyrus-sasl2 2.1.10-1
CVE-2002-1346
	RESERVED
CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
	NOTE: multiple ftp client issues
CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
	{DSA-209}
	- wget 1.8.2-8
CVE-2002-1343
	RESERVED
CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
	{DSA-203}
	- smb2www 980804-17
CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
	{DSA-220}
	- squirrelmail 1:1.3.2-2
CVE-2002-1340 (The &quot;ConnectionFile&quot; property in the DataSourceControl component in ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1339 (The &quot;XMLURL&quot; property in the Spreadsheet component of Office Web ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
	NOT-FOR-US: Office Web Components
CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
	- w3m-ssl <removed>
CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
	NOT-FOR-US: BizDesign
CVE-2002-1333
	RESERVED
CVE-2002-1332
	RESERVED
CVE-2002-1331
	RESERVED
CVE-2002-1330
	RESERVED
CVE-2002-1329
	RESERVED
CVE-2002-1328
	RESERVED
CVE-2002-1326
	RESERVED
CVE-2002-1324
	RESERVED
CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
	NOT-FOR-US: ClearCase
CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
	NOT-FOR-US: Realplayer
CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
	NOT-FOR-US: iPlanet
CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
	NOT-FOR-US: iPlanet
CVE-2002-1314
	RESERVED
CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
	NOT-FOR-US: Linksys
CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
	NOT-FOR-US: Macromedia
CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
	{DSA-214}
	- kdenetwork 4:2.2.2-14.20
CVE-2002-1305
	REJECTED
CVE-2002-1304
	REJECTED
CVE-2002-1303
	REJECTED
CVE-2002-1302
	REJECTED
CVE-2002-1301
	REJECTED
CVE-2002-1300
	REJECTED
CVE-2002-1299
	REJECTED
CVE-2002-1298
	REJECTED
CVE-2002-1297
	REJECTED
CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
	NOT-FOR-US: Microsoft
CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
	NOT-FOR-US: Microsoft
CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
	NOT-FOR-US: Microsoft
CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
	NOT-FOR-US: SuSE-specific lprfilter package
CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
	NOT-FOR-US: Novell iManager (eMFrame)
CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
	{DSA-204}
	- kdelibs 4:3.1.0-1
CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
	NOT-FOR-US: RealSecure Event Collector
CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
	{DSA-194}
	- masqmail 0.2.15-1
CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
	{DSA-192}
	- html2ps 1.0b3-2
CVE-2002-1274
	RESERVED
CVE-2002-1273
	RESERVED
CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
	NOT-FOR-US: MacOS
CVE-2002-1263
	REJECTED
CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
	NOT-FOR-US: Microsoft
CVE-2002-1261
	REJECTED
CVE-2002-1259
	REJECTED
CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
	NOT-FOR-US: Microsoft
CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1249
	RESERVED
CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
	{DSA-193}
	- kdenetwork 4:2.2.2-14.3
CVE-2002-1246
	RESERVED
CVE-2002-1243
	RESERVED
CVE-2002-1241
	RESERVED
CVE-2002-1240
	RESERVED
CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
	NOT-FOR-US: Peter Sandvik's Simple Web Server
CVE-2002-1237
	RESERVED
CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
	{DSA-185 DSA-184 DSA-183}
	- heimdal 0.4e-22
	- krb4 1.1-11-8
	- krb5 1.2.6-2
CVE-2002-1234
	REJECTED
CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
	NOT-FOR-US: Avaya Cajun switches
CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
	NOT-FOR-US: Solaris
CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
	{DSA-178}
	- heimdal 0.4e-21
CVE-2002-1218
	RESERVED
CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
	NOT-FOR-US: Microsoft
CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
	- tar 1.13.25
CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
	{DSA-174}
	- heartbeat 0.4.9.2-1
CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
	NOT-FOR-US: Eudora
CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
	NOT-FOR-US: SolarWinds TFTP Server
CVE-2002-1208
	RESERVED
CVE-2002-1207
	RESERVED
CVE-2002-1206
	RESERVED
CVE-2002-1205
	RESERVED
CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
	NOT-FOR-US: Netscape Communicator 4.x
CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
	NOT-FOR-US: IBM SecureWay Firewall
CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AIX
CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
	NOT-FOR-US: NetBSD
CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
	NOT-FOR-US: NetBSD
CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
	NOT-FOR-US: Sabre Desktop
CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
	NOT-FOR-US: Cisco
CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
	NOT-FOR-US: Microsoft IIS
CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
	NOT-FOR-US: Winamp
CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
	NOT-FOR-US: Winamp
CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
	{DSA-171}
	- fetchmail 6.1.0-1
CVE-2002-1173
	RESERVED
CVE-2002-1172
	RESERVED
CVE-2002-1171
	RESERVED
CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
	- wn <removed>
CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
	- sendmail 8.12.3-5
CVE-2002-1161
	REJECTED
CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
	NOTE: kon2. patched, but I don't know when.
	NOTE: assuming the current unstable/testing version is ok then..
	- kon2 0.3.9b-18
CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
	NOT-FOR-US: Microsoft Netmeeting
CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...)
	NOT-FOR-US: Invision Board
CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
	NOT-FOR-US: Microsoft SQL
CVE-2002-1144
	RESERVED
CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
	NOT-FOR-US: Microsoft Word & Excel
CVE-2002-1136
	RESERVED
CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
	NOT-FOR-US: Dino's Webserver
CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1130
	RESERVED
CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
	NOT-FOR-US: HP Tru64
CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
	NOT-FOR-US: FreeBSD
CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
	{DSA-166}
	- purity 1-16
CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
	NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages.
CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
	NOT-FOR-US: Savant Web Server
CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
	NOT-FOR-US: Cisco
CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
	NOT-FOR-US: Cisco
CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
	- libesmtp 0.8.11-1
CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
	NOT-FOR-US: Oracle
CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
	NOT-FOR-US: ezContents
CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
	NOT-FOR-US: ezContents
CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
	NOT-FOR-US: ezContents
CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
	NOT-FOR-US: ezContents
CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
	NOT-FOR-US: ezContents
CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
	NOT-FOR-US: ezContents
CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
	NOT-FOR-US: Abyss
CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
	NOT-FOR-US: Abyss
CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
	NOT-FOR-US: IPSwitch
CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
	NOT-FOR-US: Pegasus
CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
	NOT-FOR-US: MERCUR Mailserver
CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
	NOT-FOR-US: ZyXEL
CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
	- phpwiki 1.3.4-1
CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
	NOT-FOR-US: D-Link hardware
CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
	NOT-FOR-US: IC9 Print Server
CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
	NOT-FOR-US: Jana Server
CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
	NOT-FOR-US: Jana Server
CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
	NOT-FOR-US: Jana Server
CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
	NOT-FOR-US: Jana Server
CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
	NOT-FOR-US: Cobalt Qube
CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
	NOT-FOR-US: Brother hardware
CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
	NOT-FOR-US: Jigsaw
CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
	NOT-FOR-US: HP printers
CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
	NOT-FOR-US: Soho Firewall
CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Ultrafunk Popcorn
CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
	NOT-FOR-US: iPlanet
CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
	NOT-FOR-US: SMIT
CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
	NOT-FOR-US: WebSecure
CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.2-1
CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/1:0.9.2-1
CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
	NOT-FOR-US: Fluid Dynamics
CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
	NOT-FOR-US: iRunBook
CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
	NOT-FOR-US: iRunBook
CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
	NOT-FOR-US: KeyFocus Web Server
CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
	NOT-FOR-US: Worldspam for Windows
CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
	NOT-FOR-US: Oddsock Winamp plugin
CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
	NOT-FOR-US: Macromedia Sitespring
CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: BadBlue
CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
	NOT-FOR-US: BadBlue
CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
	NOT-FOR-US: BadBlue
CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
	NOT-FOR-US: Adobe
CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
	NOT-FOR-US: Adobe
CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
	NOT-FOR-US: Adobe
CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
	NOT-FOR-US: Adobe
CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
	NOT-FOR-US: Adobe
CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
	NOT-FOR-US: Tivoli
CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
	NOT-FOR-US: Tivoli
CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Domino
CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
	NOT-FOR-US: PowerBASIC
CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
	NOT-FOR-US: Blackboard
CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
	NOT-FOR-US: ArGoSoft
CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
	NOT-FOR-US: MyWebServer
CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
	NOT-FOR-US: AnalogX Proxy
CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
	NOT-FOR-US: CARE
CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
	NOT-FOR-US: CARE
CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
	NOT-FOR-US: Novell
CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
	NOT-FOR-US: Novell
CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
	NOT-FOR-US: SunPci II VNC
CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
	NOT-FOR-US: HP
CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
	NOT-FOR-US: HP
CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
	NOT-FOR-US: HP
CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
	{DSA-157}
	- irssi-text 0.8.5-2
CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
	NOT-FOR-US: Microsoft
CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
	NOT-FOR-US: Microsoft
CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
	NOT-FOR-US: Microsoft
CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
	{DSA-165}
	- postgresql 7.2.2-1
CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
	NOT-FOR-US: Microsoft Windows specific
CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
	NOT-FOR-US: 4D web server
CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
	NOT-FOR-US: GeekLog
CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
	NOT-FOR-US: GeekLog
CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
	NOT-FOR-US: Voxel Dot Net CBMS
CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
	NOT-FOR-US: Splatt Forum
CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
	NOT-FOR-US: BlackICE Agent
CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
	NOT-FOR-US: YaBB
CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
	NOT-FOR-US: Cisco
CVE-2002-0951 (SQL injection vulnerability in Ruslan &lt;Body&gt;Builder allows remote ...)
	NOT-FOR-US: Ruslan
CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
	NOT-FOR-US: TransWARE Active!
CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
	NOT-FOR-US: Telindus ADSL router
CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
	NOT-FOR-US: MakeBook
CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
	NOT-FOR-US: DeepMetrix LiveStats
CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
	NOT-FOR-US: MetaCart
CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
	NOT-FOR-US: Lugiment Log Explorer
CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
	NOT-FOR-US: nCipher MSCAPI
CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
	NOT-FOR-US: JRun
CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
	- tomcat 3.2.3-1
CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
	NOT-FOR-US: Jon Hedley AlienForm2
CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
	NOT-FOR-US: Datalex PLC BooktIt Consumer
CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
	NOT-FOR-US: MyHelpDesk
CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
	NOT-FOR-US: Netware
CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
	NOT-FOR-US: Netware
CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
	NOT-FOR-US: pirch
CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
	NOT-FOR-US: webMathematica
CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
	NOT-FOR-US: mmftpd not in Debian anymore
CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
	NOT-FOR-US: CGIScript.net not int Debian
CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
	NOT-FOR-US: Xandros specific tool
CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
	NOT-FOR-US: Slurp NNTP
CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
	NOTE: DSA-129
CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
	NOTE: netstd
CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
	NOT-FOR-US: mnews
CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
	NOT-FOR-US: Cisco
CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
	NOT-FOR-US: SHOUTcast
CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
	NOT-FOR-US: Informix
CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
	NOT-FOR-US: wbboard
CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
	- phpbb2 2.0.6c-1
CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
	- amanda 2.4.0b6-1
CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
	NOT-FOR-US: Falcon
CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
	- swatch 3.0.4-1
CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
	NOT-FOR-US: NewAtlanta ServletExec
CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
	NOT-FOR-US: 3com
CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
	NOT-FOR-US: Solaris
CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
	NOT-FOR-US: Solaris
CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
	NOT-FOR-US: Compaq
CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
	NOT-FOR-US: Cisco
CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
	NOT-FOR-US: Cisco
CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
	NOT-FOR-US: Cisco
CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
	NOT-FOR-US: CFXImage
CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
	NOT-FOR-US: LogiSense
CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
	NOT-FOR-US: Shambala
CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Shambala
CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
	{DSA-150}
	- interchange 4.8.6-1
CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
	NOT-FOR-US: Cisco
CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
	NOT-FOR-US: IIS
CVE-2002-0868
	RESERVED
CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
	NOT-FOR-US: Windows
CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
	NOT-FOR-US: Oracle
CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
	NOT-FOR-US: Oracle
CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
	NOT-FOR-US: SuSE specific
CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
	NOT-FOR-US: Cisco
CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
	NOT-FOR-US: iSCSI
CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0841
	REJECTED
CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
	{DSA-195 DSA-188 DSA-187}
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
	{DSA-182 DSA-179 DSA-176}
	- kdegraphics 4:2.2.2-6.9
	- gnome-gv 1.99.7-9
	- gv 1:3.5.8-27
CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
	- wordtrans 1.1pre9
CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
	{DSA-162}
	- ethereal 0.9.6-1
CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
	NOT-FOR-US: Eudora
CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
	NOT-FOR-US: Internet Explorer
CVE-2002-0828
	REJECTED
CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
	NOT-FOR-US: UnixWare
CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
	- libnss-ldap 199-1
CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
	- ethereal 0.9.4-1woody1
CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
	- arts <not-affected> (artscontrol not suid root)
CVE-2002-0815 (The Javascript &quot;Same Origin Policy&quot; (SOP), as implemented in (1) ...)
	- mozilla 2:1.0.0-1
CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
	NOT-FOR-US: Compaq hardware
CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
	NOTE: bugzilla 2.16.0-2.1
CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
	NOT-FOR-US: BadBlue
CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
	NOT-FOR-US: YoungZoft
CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
	NOT-FOR-US: HP
CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
	NOT-FOR-US: Solaris
CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
	NOT-FOR-US: QNX
CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
	NOT-FOR-US: Cisco
CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
	NOT-FOR-US: iCon
CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
	NOT-FOR-US: Critical Path inJoin Directory Server
CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
	NOT-FOR-US: Lidik web server
CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
	NOT-FOR-US: Novell
CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
	NOT-FOR-US: Novell
CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
	- viewcvs 0.9.2-5
CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
	NOT-FOR-US: Historic Quake2 issue
CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
	NOT-FOR-US: Cisco
CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
	NOT-FOR-US: simpleinit
CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Phorum
CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
	NOT-FOR-US: HP
CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
	- webmin 0.980-1
	- usermin 0.910-1
CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
	NOT-FOR-US: Talentsoft
CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
	NOT-FOR-US: CGIscript.net
CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
	NOT-FOR-US: AIX
CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
	NOT-FOR-US: AIX
CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
	NOT-FOR-US: AIX
CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
	NOT-FOR-US: AIX
CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
	- slrn 0.9.6.2-9
CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
	NOT-FOR-US: PostCalendat
CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
	- squid <not-affected> (Historic vulnerability, fixed before Woody was released)
CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
	NOT-FOR-US: MyGuestbook
CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
	NOT-FOR-US: vqServer
CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
	NOT-FOR-US: guestbook
CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
	NOT-FOR-US: windows
CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
	NOT-FOR-US: windows
CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
	NOT-FOR-US: internet explorer
CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
	- php4 4:4.2.2-1
CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
	- squid 2.4.6-2
CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
	- squid 2.4.6-2
CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
	NOT-FOR-US: EASM
CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
	NOT-FOR-US: HP
CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
	NOT-FOR-US: no_package
CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
	NOT-FOR-US: no_package
CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
	NOT-FOR-US: no_package
CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
	NOT-FOR-US: no_package
CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
	NOT-FOR-US: no_package
CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
	- dhcp3 3.0+3.0.1rc9-1
CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
	NOT-FOR-US: windows
CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
	NOT-FOR-US: windows
CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
	NOT-FOR-US: McAfee
CVE-2002-0689
	RESERVED
CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
	NOT-FOR-US: no_package
CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
	- glibc 2.2.5-8
CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
	NOT-FOR-US: no_package
CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
	NOT-FOR-US: no_package
CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
	NOT-FOR-US: no_package
CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: no_package
CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: no_package
CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: no_package
CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: no_package
CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
	{DSA-201}
	- freeswan 1.99-1
CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
	NOT-FOR-US: ZMerge
CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
	- apache2 2.0.40
CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
	{DSA-140}
	- libpng 1.0.12-4
	- libpng3 1.2.1-2
CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
	{DSA-136}
	- openssl 0.9.6e-1
CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly ...)
	{DSA-138}
	- gallery 1.3-3
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
	NOT-FOR-US: windows mta
CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in ...)
	NOT-FOR-US: juniper router
CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive ...)
	NOT-FOR-US: windows mta
CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) ...)
	NOT-FOR-US: ncipher hardware
CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe ...)
	NOT-FOR-US: windows firewall
CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...)
	NOT-FOR-US: cisco
CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD ...)
	NOT-FOR-US: cisco
CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) ...)
	NOT-FOR-US: windows mta
CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...)
	NOT-FOR-US: monkeyd, not in debian
CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can ...)
	- eggdrop 1.6.17
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...)
	NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...)
	- clamav 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...)
	- php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...)
	NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
	NOT-FOR-US: open/netbsd
CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to ...)
	- libtool 1.5.6
CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for ...)
	NOT-FOR-US: acroread
CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...)
	NOT-FOR-US: realsecure/blackice
CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ...)
	- mozilla 2:1.7.3
CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext ...)
	NOT-FOR-US: symantec
CVE-2004-0189 (The &quot;%xx&quot; URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
	{DSA-474}
	- squid 2.5.5-1
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
	{DSA-461}
	- calife 2.8.6-1 (bug #235157)
CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, ...)
	{DSA-463}
	- samba 3.0.2-2
CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...)
	NOT-FOR-US: apache/cygwin
CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...)
	NOT-FOR-US: freebsd/os x
CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...)
	NOT-FOR-US: os x
CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly ...)
	NOT-FOR-US: os x
CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon ...)
	NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...)
	{DSA-446}
	- synaesthesia 2.1-3
	NOTE: synaesthesia is no longer setuid in Debian.
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
	{DSA-447}
	- hsftp 1.15-1
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before ...)
	{DSA-458-3}
	- python2.2 2.2.2
CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...)
	NOT-FOR-US: gnu radiusd, not in debian
CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...)
	- phpmyadmin 2:2.6.0-pl2
CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...)
	NOT-FOR-US: freebsd
CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain ...)
	NOT-FOR-US: microsoft
CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not ...)
	NOT-FOR-US: microsoft
CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 ...)
	NOT-FOR-US: microsoft
CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for ...)
	NOT-FOR-US: bsd
CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...)
	- apache2 2.0.52
CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...)
	{DSA-464}
	- gdk-pixbuf 0.22.0-3
CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...)
	{DSA-460}
	- sysstat 5.0.2-1
CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...)
	NOT-FOR-US: freebsd
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...)
	- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a ...)
	NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...)
	NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...)
	- samba 3.0.7
CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...)
	NOT-FOR-US: debian uses different login
CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...)
	- mutt 1.5.6-20040722+1
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to ...)
	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3)
	- kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the ...)
	- kernel-source-2.4.24 2.4.24-3
	NOTE: fixed in 2.4.26-pre3
CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents ...)
	NOT-FOR-US: ezcontents, commercial
CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...)
	NOT-FOR-US: phpdig, not in debian
CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...)
	NOT-FOR-US: ncipher hsm
CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote ...)
	NOT-FOR-US: real helix
CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control ...)
	- inn2 2.4.1+20040820
	[woody] - inn2 <not-affected>
CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password ...)
	NOT-FOR-US: cisco
CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through ...)
	NOT-FOR-US: checkpoint
CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...)
	NOT-FOR-US: vbulletin, commercial
CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and ...)
	NOT-FOR-US: phorum, not in debian
CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
	{DSA-420}
	- jitterbug 1.6.2-4.5
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the &quot;save ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before ...)
	{DSA-418}
	- vbox3 0.1.8
CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...)
	{DSA-414}
	- jabber 1.4.3-1
CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...)
	- apache-ssl 1.3.31
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...)
	NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace ...)
	- kernel-image-2.6.8-9-amd64-generic <unfixed>
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...)
	NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: windows
CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2003-0994 (The GUI functionality for an interactive session in Symantec ...)
	NOT-FOR-US: norton
CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...)
	- apache 1.3.29.0.2-4
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...)
	{DSA-436}
	- mailman 2.1-1
	NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...)
	- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before ...)
	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1)
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
	{DSA-411}
	- mpg321 0.2.10.3
CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and ...)
	NOT-FOR-US: elm
CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, ...)
	{DSA-426}
	- netpbm-free 2:9.25-9
CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components ...)
	NOT-FOR-US: microsoft
CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows ...)
	NOT-FOR-US: microsoft
CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...)
	{DSA-261}
	- tcpdump 3.7.2-1
CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null ...)
	{DSA-259}
	- qpopper 4.0.4-9
CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...)
	NOT-FOR-US: SOHO Routefinder
CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a ...)
	NOT-FOR-US: man before 1.51
CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...)
	NOT-FOR-US: lotus notes
CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before ...)
	NOT-FOR-US: lotus notes
CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...)
	{DSA-256}
	- mhc 0.25+20030224-1
CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...)
	- zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...)
	NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...)
	NOT-FOR-US: nokia handset
CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows ...)
	{DSA-260}
	- file 3.40-1.1
CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...)
	NOT-FOR-US: cisco
CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...)
	- php4 4:4.3.2+rc3-1
CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, ...)
	NOT-FOR-US: oracle
CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 ...)
	NOT-FOR-US: mandrake specific
CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote ...)
	{DSA-261}
	- tcpdump 3.7.1-1
CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...)
	NOT-FOR-US: macosX
CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language ...)
	NOT-FOR-US: AIX
CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector ...)
	{DSA-258}
	- ethereal 0.9.9-2
CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...)
	{DSA-253}
	- openssl 0.9.7a-1
CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and ...)
	NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for ...)
	NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...)
	{DSA-303}
	- mysql-dfsg 4.0.12-2
CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...)
	- vte 1:0.11.10-1
CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...)
	- putty 0.54-1
CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to ...)
	{DSA-496}
	- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to ...)
	- rxvt 1:2.6.4-6.1 (bug #244810)
	NOTE: woody version is still vulnerable
CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window ...)
	NOT-FOR-US: uxterm not in Debian
CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window ...)
	NOT-FOR-US: dtterm not in Debian
CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows ...)
	NOT-FOR-US: NOD32 not in Debian
CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for ...)
	- krb5 1.2.5-1
CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows ...)
	- krb5 1.2.5-1
CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin ...)
	NOT-FOR-US: apple
CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime ...)
	NOT-FOR-US: apple
CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple ...)
	NOT-FOR-US: apple
CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
	NOT-FOR-US: apple
CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow ...)
	NOT-FOR-US: windows
CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
	{DSA-246}
	- tomcat 3.3.1a-1
CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...)
	{DSA-247}
	- courier 0.40.2-3
	- courier-ssl 0.40.2-3
CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other ...)
	{DSA-245}
	- dhcp3 3.0+3.0.1rc11-3
	NOTE: Version information in DSA is wrong.
CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...)
	{DSA-297}
	- snort 2.0.0-1
CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a ...)
	{DSA-228}
	- libmcrypt 2.5.5-1
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
	NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...)
	NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
	NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
	NOTE: never vulnerable to the problem described.
	NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0022 (The &quot;screen dump&quot; feature in rxvt 2.7.8 allows attackers to overwrite ...)
	- rxvt 1:2.6.4-6.1
CVE-2003-0021 (The &quot;screen dump&quot; feature in Eterm 0.9.1 and earlier allows attackers ...)
	- eterm 0.9.2-1
	NOTE: According to upstream changelog and http://marc.info/?l=bugtraq&m=104612710031920&w=2
	NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...)
	- apache2 2.0.49
	- apache 1.3.29.0.2-4
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has ...)
	NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...)
	{DSA-423 DSA-358}
	- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
	NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...)
	NOT-FOR-US: apache on windows
CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...)
	{DSA-233}
	- cvs 1.11.2-5.1
CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x ...)
	{DSA-230}
	- bugzilla 2.16.2-1
CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center ...)
	NOT-FOR-US: windows
CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt ...)
	NOT-FOR-US: windows
CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft ...)
	NOT-FOR-US: windows
CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT ...)
	NOT-FOR-US: windows
CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...)
	NOT-FOR-US: windows
CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before ...)
	NOTE: fixed after 2.6/2.4.20 kernel
CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...)
	NOT-FOR-US: gbook not in Debian
CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...)
	NOT-FOR-US: novell
CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIX
CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...)
	NOT-FOR-US: lhttpd not in Debian
CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ...)
	NOT-FOR-US: AIX
CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...)
	NOT-FOR-US: Netscreen
CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...)
	NOT-FOR-US: NetBSD
CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...)
	NOT-FOR-US: BadBlue not in Debian
CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x ...)
	NOT-FOR-US: norton
CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote ...)
	NOT-FOR-US: acusend not in Debian
CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...)
	- phpbb2 2.0.6c-1
	NOTE: according to http://www.securityfocus.com/archive/1/297419
	NOTE: phpBB versions above 2.0.0 are not vulnerable.
CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary ...)
	NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian
CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the ...)
	NOT-FOR-US: surfcontrol
CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the ...)
	NOT-FOR-US: mondosearch
CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) ...)
	NOT-FOR-US: winamp
CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...)
	NOT-FOR-US: webserver 4D
CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard ...)
	NOT-FOR-US: WatchGuard
CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions ...)
	NOT-FOR-US: IRIX
CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ...)
	NOT-FOR-US: IRIX
CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows ...)
	NOT-FOR-US: IRIX
CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite ...)
	NOT-FOR-US: interbase
CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 ...)
	NOT-FOR-US: OpenVMS
CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() ...)
	- vnc 3.3.3r2-21
CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary ...)
	- xfree86 4.1.0-7
CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...)
	NOT-FOR-US: redhat and mandrake only
CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board ...)
	NOT-FOR-US: WoltLab Burning Board not in Debian
CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...)
	NOT-FOR-US: xbreaky not in Debian
CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) ...)
	NOT-FOR-US: Enterasys
CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier ...)
	NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows ...)
	NOT-FOR-US: Aestiva
CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...)
	NOT-FOR-US: Lycos
CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...)
	NOT-FOR-US: Cisco
CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...)
	NOT-FOR-US: NetBSD
CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...)
	- cacti 0.6.8-1
CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti ...)
	{DSA-164}
	- cacti 0.6.8a-2
CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...)
	NOT-FOR-US: NetBSD
CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...)
	- xfree86 4.2.1-1 (bug #280872)
CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ...)
	- evolution 1.2.0-1 (bug #280883)
CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...)
	- scponly 3.8-1
	NOTE: according to http://web.archive.org/web/20150425070754/http://sublimation.org/scponly/ (scponly home page)
	NOTE: only versions of scponly older than scponly-2.4 are affected
CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ...)
	NOT-FOR-US: AIX
CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...)
	NOT-FOR-US: symantec
CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...)
	NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...)
	NOT-FOR-US: Cisco
CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...)
	NOT-FOR-US: nCipher PKCS#11 library
CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
	NOT-FOR-US: Google toolbar
CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
	NOT-FOR-US: Perl on Novell
CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except ...)
	NOT-FOR-US: Achievo not in Debian
CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read ...)
	NOT-FOR-US: Sympoll not in Debian
CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...)
	{DSA-141}
	- mpack 1.5-9
CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote ...)
	- mpack 1.5-9
CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...)
	NOT-FOR-US: OpenBSD
CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes ...)
	NOT-FOR-US: IRIX on Origin
CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...)
	NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges ...)
	- qmailadmin 1.0.6-1
CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, ...)
	NOT-FOR-US: RCONAG6 for Novell Netware SP2
CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...)
	NOT-FOR-US: TinySSL not in Debian
CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote ...)
	{DSA-210}
	- lynx 2.8.4.1b-4
	- lynx-ssl 1:2.8.4.1b-3.1
CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla]
	- bugzilla 2.16.2-1
CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to ...)
	{DSA-219}
	- dhcpcd 1:1.3.22pl2-2
	NOTE: Debian sarge uses dhcp >= 2.0
CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...)
	- php4 4:4.3.2+rc3-1
	NOTE: according to http://www.securityfocus.com/bid/6488
	NOTE: woody is not vulnerable
CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet ...)
	{DSA-225}
	- tomcat4 4.1.16-1
CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...)
	- mgetty 1.1.30-1
	NOTE: woody version seems to be vulnerable see bug #199351
CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...)
	{DSA-223}
	- geneweb 4.09-1
CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to ...)
	{DSA-217}
	- typespeed 0.4.2-2
CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 ...)
	{DSA-221}
	- mhonarc 2.5.14-1
CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users ...)
	- openwebmail 1.90-1
CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...)
	{DSA-232 DSA-226 DSA-222}
	- xpdf-i 2.01-2
	- xpdf 2.01-2
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to ...)
	- flashplugin-nonfree 6.0.69-1
CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...)
	- exim4 4.11-0.0.1
	- exim 3.36-14
CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service ...)
	{DSA-336}
	- kernel-source-2.2.25 2.2.25-2
CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to ...)
	- vim 6.1.263-1
	NOTE: woody seems to be still vulnerable
	NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003
	NOTE: but no advisory (nor fixed package) have been published yet.
	NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz@debian.org> about this.
	NOTE: No response from maintainer, I have mailed security team.
	NOTE: Martin Schulze don't consider this as an issue for updating woody.
CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL ...)
	{DSA-212}
	- mysql <removed>
CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...)
	{DSA-232}
	- cups 1.1.18-1
	- cupsys 1.1.18-1
CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not ...)
	{DSA-216}
	- fetchmail 6.2.0-1
CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...)
	{DSA-213}
	- libpng 1.0.12-7
	- libpng3 1.2.5-8
CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of ...)
	{DSA-211}
	- micq 0.4.9.4-1
CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...)
	NOT-FOR-US: sun
CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...)
	{DSA-206}
	- tcpdump 3.7.2-1
	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
CVE-2002-XXXX [Multiple buffer overflows in gtetrinet]
	- gtetrinet 0.4.4-1
CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...)
	NOT-FOR-US: PC-cillin
CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...)
	{DSA-251 DSA-250 DSA-249}
	- w3m 0.3.2.2-1
	- w3mmee 0.3.p24.17-3
CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...)
	{DSA-257}
	- sendmail 8.13.0.PreAlpha4-0
	- sendmail-wine <removed>
	NOTE: problem in sendmail 8.12, sarge uses 8.13
CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...)
	- tightvnc 1.2.6-1
CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...)
	NOT-FOR-US: windows
CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows ...)
	NOT-FOR-US: windows
CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may ...)
	{DSA-208}
	- perl 5.8.0-14
CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: pine not in Debian
CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 ...)
	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...)
	{DSA-200}
	- samba 2.2.7
CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...)
	NOT-FOR-US: solaris
CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...)
	{DSA-198}
	- nullmailer 1.00RC5-17
CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...)
	{DSA-197}
	- courier 0.40.0-1
CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote ...)
	- mozilla 2:1.2-1
	NOTE: woody is vulnerable see #237422
CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...)
	{DSA-199}
	- mhonarc 2.5.13-1
CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris ...)
	NOT-FOR-US: Solaris
CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the ...)
	- kdeutils 4:3.2.1-1
CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...)
	NOTE: Linuxconf not in testing/unstable
CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...)
	{DSA-190}
	- wmaker 0.80.1-4
CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...)
	NOT-FOR-US: Alcatel
CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...)
	{DSA-386}
	- libmailtools-perl 1.51 (bug #168381)
CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a ...)
	NOT-FOR-US: Mac OS X
CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...)
	NOTE: don't know which version of glibc fix this
	NOTE: I've mailed maintainers.
CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...)
	NOT-FOR-US: oracle
CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
	NOT-FOR-US: Microsoft JVM
CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...)
	NOT-FOR-US: Microsoft Windows
CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft Outlook
CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...)
	NOT-FOR-US: PeopleSoft
CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...)
	{DSA-186}
	- log2mail 0.2.6-1
CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain ...)
	NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other ...)
	NOT-FOR-US: Xeneo Web Server
CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ...)
	{DSA-189}
	- luxman 0.41-19
CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...)
	NOT-FOR-US: Pablo FTP Server
CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote ...)
	NOT-FOR-US: PHP-Nuke not in Debian
CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...)
	NOT-FOR-US: QNX
CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast ...)
	NOT-FOR-US: Linksys
CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS ...)
	{DSA-180}
	- nis 3.9-6.2
CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a ...)
	NOT-FOR-US: SCO
CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows ...)
	NOT-FOR-US: Windows NT
CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) ...)
	{DSA-177}
	- pam 0.76-6
CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE ...)
	- kdenetwork 4:3.1.0-1
CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView ...)
	- kdegraphics 4:3.1.0-1
CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst ...)
	NOT-FOR-US: CISCO
CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...)
	{DSA-196}
	- bind 1:8.3.3-3
	- bind9 <not-affected>
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Prometheus not in Debian
CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...)
	{DSA-175}
	- syslog-ng 1.5.21-1
CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary ...)
	NOT-FOR-US: ypxfrd not in Debian
CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282500
CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...)
	- bugzilla 2.16.1-1
	NOTE: woody seems to be vulnerable, bug #282501
CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before ...)
	{DSA-173}
	- bugzilla 2.16.0-2.1
CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ...)
	{DSA-169}
	- htcheck 1:1.1-1.2
CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite ...)
	{DSA-172}
	- tkmail <removed>
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...)
	NOT-FOR-US: CISCO
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
	NOT-FOR-US: Microsoft
CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...)
	NOT-FOR-US: Microsoft
CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...)
	NOT-FOR-US: Microsoft
CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain ...)
	NOT-FOR-US: Microsoft
CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default ...)
	NOT-FOR-US: Microsoft
CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the ...)
	NOT-FOR-US: Microsoft
CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2002-1180 (A typographical error in the script source access permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...)
	NOT-FOR-US: Microsoft
CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ...)
	- jetty 4.1.0
CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...)
	- net-snmp 5.0.6
CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before ...)
	NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server
CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...)
	NOT-FOR-US: pam_xauth
CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...)
	{DSA-224}
	- canna 3.6p1-1
CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...)
	{DSA-181}
	- libapache-mod-ssl 2.8.9-2.3
CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...)
	- apache2 2.0.43
CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...)
	- analog 2:5.23
CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: IBM Websphere
CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...)
	- kdebase 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
	{DSA-167}
	- kdelibs 4:2.2.2-14
CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...)
	{DSA-170}
	- tomcat4 4.1.12-1
CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...)
	NOT-FOR-US: HP Procurve 4000M Switch firmware
CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
	- glibc 2.3
	- bind 1:8.3.3
CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...)
	NOT-FOR-US: Microsoft
CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...)
	NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...)
	NOT-FOR-US: Microsoft
CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...)
	NOT-FOR-US: Microsoft
CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...)
	NOT-FOR-US: Microsoft
CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...)
	NOT-FOR-US: phpWebSite
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...)
	{DSA-191}
	- squirrelmail 1:1.2.8-1.1
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...)
	- mozilla 2:1.2
CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner ...)
	NOT-FOR-US: Microsoft
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...)
	{DSA-159}
	- python1.5 1.5.2-24
	- python2.1 2.1.3-6a
	- python2.2 2.2.1-8
	- python2.3 <not-affected>
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
	NOT-FOR-US: Oracle
CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2002-1116 (The &quot;View Bugs&quot; page (view_all_bug_page.php) in Mantis 0.17.4a and ...)
	{DSA-161}
	- mantis 0.17.5-2
CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify ...)
	{DSA-153}
	- mantis 0.17.4a-2
CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...)
	NOTE: old amavis shell script
CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x ...)
	NOT-FOR-US: Cisco
CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...)
	NOT-FOR-US: Cisco
CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ...)
	NOT-FOR-US: Cisco
CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows ...)
	NOT-FOR-US: Cisco
CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...)
	NOT-FOR-US: Cisco
CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...)
	NOT-FOR-US: Cisco
CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when ...)
	NOT-FOR-US: Cisco
CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...)
	- mozilla 2:1.0.2
CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...)
	NOT-FOR-US: Novell GroupWise
CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows ...)
	NOT-FOR-US: Abyss Web Server
CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems ...)
	NOT-FOR-US: CacheFlow CacheOS
CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...)
	NOT-FOR-US: Van Dyke SecureCRT SSH client
CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...)
	NOT-FOR-US: SmartMax MailMax POP3 daemon
CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...)
	NOT-FOR-US: Microsoft
CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...)
	NOT-FOR-US: Pablo FTP server
CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...)
	NOT-FOR-US: W3C Jigsaw Proxy Server
CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG ...)
	{DSA-254}
	- traceroute-nanog 6.3.0-1
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
	NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
	- dcl <not-affected> (Vulnerable code not present, affected dcl "Double Choco Latte")
	NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On
	NOTE: 2017-08-30 an unrelated source took over the source package name dcl.
	NOTE: Original issue fixed in dcl/20020706
CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Omnicron OmniHTTPd
CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...)
	NOT-FOR-US: KeyFocus (KF) web server
CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...)
	NOT-FOR-US: BEA WebLogic Server and Express
CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code ...)
	NOT-FOR-US: JRun
CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote ...)
	NOT-FOR-US: Cisco
CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold ...)
	NOT-FOR-US: Real
CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...)
	NOT-FOR-US: Real
CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 ...)
	NOT-FOR-US: Inktomi
CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to ...)
	NOT-FOR-US: Betsie
CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...)
	NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote ...)
	NOT-FOR-US: Novell
CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote ...)
	NOT-FOR-US: AnalogX SimpleServer:Shout
CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges ...)
	NOT-FOR-US: PHPAuction
CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 ...)
	NOT-FOR-US: Symantec
CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...)
	{DSA-158}
	- gaim 1:0.59.1-2
CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...)
	NOT-FOR-US: Xsco
CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...)
	NOT-FOR-US: Xsco
CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...)
	{DSA-168}
	- php3 3:3.0.18-23.2
	- php4 4:4.2.3-3
CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...)
	{DSA-156}
	- epic4-script-light 1:2.7.30p5-2
CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...)
	NOT-FOR-US: ndcfg
CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...)
	NOT-FOR-US: Help and Support Center for Windows XP
CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...)
	{DSA-155}
	- kdelibs 4:2.2.2-14
CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...)
	NOTE: mysql problem only affects Windows
CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...)
	NOT-FOR-US: AnalogX SimpleServer:WWW
CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote ...)
	NOT-FOR-US: eDonkey
CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on ...)
	NOT-FOR-US: Oracle
CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Half Life
CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) ...)
	NOT-FOR-US: PHP Reactor
CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen ...)
	NOT-FOR-US: PHP Address
CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 ...)
	NOT-FOR-US: Cisco
CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server ...)
	NOT-FOR-US: Oracle
CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a ...)
	NOT-FOR-US: SeaNox Devwex
CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and ...)
	NOT-FOR-US: Java on Windows
CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows ...)
	NOT-FOR-US: Cisco
CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, ...)
	- tomcat4 4.1.9-1
CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...)
	- squid 2.4.7
CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...)
	- courier 0.46
CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...)
	NOT-FOR-US: Caldera Volution Manager
CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...)
	- sendmail 8.12.5
CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers ...)
	- kismet 2.2.2-1
CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows ...)
	NOT-FOR-US: pks
CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary ...)
	NOT-FOR-US: Opera
CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: LocalWEB2000
CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote ...)
	NOT-FOR-US: MatuFtpServer
CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows ...)
	NOT-FOR-US: NewAtlanta ServletExec ISAPI
CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ...)
	NOT-FOR-US: NetScreen ScreenOS
CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local ...)
	- qpopper 4.0.5-1
CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...)
	NOT-FOR-US: scoadmin
CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...)
	{DSA-154}
	- fam 2.6.8-1
CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which ...)
	{DSA-152}
	- l2tpd 0.68-1
CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services ...)
	{DSA-151}
	- xinetd 1:2.3.7-1
CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP ...)
	NOT-FOR-US: Microsoft
CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office ...)
	NOT-FOR-US: Microsoft
CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...)
	NOT-FOR-US: Microsoft
CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...)
	NOT-FOR-US: Oracle
CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) ...)
	- isdnutils 1:3.2
CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...)
	NOT-FOR-US: PGP corporate desktop
CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, ...)
	NOT-FOR-US: Cisco
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
	{DSA-145}
	- tinyproxy 1.4.3-3
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...)
	- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...)
	NOT-FOR-US: Sun ONE
CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...)
	- cvs 1:1.11.2
CVE-2002-0842 (Format string vulnerability in certain third party modifications to ...)
	NOTE: mod_dav for apache not vulnerable according to
	NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html
CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...)
	{DSA-195 DSA-188 DSA-187}
	- apache2 2.0.43-1
	- apache 1.3.27-0.1
	- apache-perl 1.3.26-1.1-1.27-3-1
CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...)
	{DSA-207}
	- tetex-bin 1.0.7+20021025-4
CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...)
	NOT-FOR-US: RedHat/Intel PXE daemon
	NOTE: this is not the one in Debian
CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, ...)
	NOT-FOR-US: BSD/NFS
CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...)
	NOT-FOR-US: WS FTP server
CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary ...)
	NOT-FOR-US: BSD/pppd
CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute ...)
	NOT-FOR-US: Windows
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...)
	{DSA-144}
	- wwwoffle 2.7d-1
CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to ...)
	{DSA-139}
	- super 3.18.0-3
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...)
	NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...)
	NOT-FOR-US: VMware
CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...)
	- bugzilla 2.16.0
CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...)
	- bugzilla 2.16.0
CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...)
	- bugzilla 2.16.0
CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows ...)
	- bugzilla 2.16.0
CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...)
	- bugzilla 2.16.0
CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...)
	- bugzilla 2.16.0
CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding ...)
	- postgresql 7.2
CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...)
	NOT-FOR-US: Macromedia / Windows
CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...)
	NOT-FOR-US: AIX
CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...)
	- mnogosearch 3.1.19-3
CVE-2002-0788 (An interaction between PGP 7.0.3 with the &quot;wipe deleted files&quot; option, ...)
	NOT-FOR-US: windows
CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...)
	NOT-FOR-US: AOL AIM
CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and ...)
	NOT-FOR-US: CISCO
CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and ...)
	NOT-FOR-US: Ipswitch not in Debian
CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...)
	NOT-FOR-US: Hosting Controller 2002
CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and ...)
	- lukemftp 1.5-7
CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...)
	- openssh 1:3.3p1-0.0woody1
CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
	NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote ...)
	NOT-FOR-US: SUSE specific
CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...)
	NOT-FOR-US: Labview
CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: psyBNC
CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...)
	{DSA-163}
	- mhonarc 2.5.11-1
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...)
	NOT-FOR-US: Sambar web server
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...)
	NOT-FOR-US: Microsoft
CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...)
	NOT-FOR-US: B2
CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...)
	- thttpd 2.21
CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...)
	NOT-FOR-US: Microsoft
CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0719 (SQL injection vulnerability in the function that services for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...)
	NOT-FOR-US: Microsoft
CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...)
	NOT-FOR-US: SCO OpenServer
CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...)
	- squid 2.4.6
CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier ...)
	NOT-FOR-US: sendform.cgi
CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...)
	NOTE: kernel netfilter bug, not in user space
	NOTE: this is fixed in kernel 2.4.20
	- kernel-image-2.4.18-i386 <unfixed> (bug #152152; unimportant)
CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...)
	- perl 5.8.0-7 (bug #282527)
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
	NOT-FOR-US: BSD
CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)
	NOT-FOR-US: Microsoft
CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files ...)
	NOT-FOR-US: Microsoft
CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of ...)
	NOT-FOR-US: Microsoft
CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...)
	{DSA-490}
	- zope 2.6.0-0.1
CVE-2002-0687 (The &quot;through the web code&quot; capability for Zope 2.0 through 2.5.1 b1 ...)
	- zope 2.5.1b2
CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for ...)
	NOT-FOR-US: PGP Outlook Encryption Plug-In
CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows ...)
	- tomcat 4.0.4
CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC ...)
	NOT-FOR-US: CDE
CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to ...)
	NOT-FOR-US: CDE ToolTalk
CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...)
	NOT-FOR-US: MacOS
CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
	NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...)
	NOT-FOR-US: Norton
CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users ...)
	{DSA-160}
	- scrollkeeper 0.3.11-2
CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to ...)
	{DSA-137}
	- mm 1.1.3-7
CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ...)
	{DSA-135}
	- libapache-mod-ssl 2.8.9-2
CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and ...)
	- glibc 2.2.5-8
CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote ...)
	NOT-FOR-US: microsoft
CVE-2002-0648 (The legacy &lt;script&gt; data-island capability for XML in Microsoft ...)
	NOT-FOR-US: microsoft
CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...)
	NOT-FOR-US: microsoft
CVE-2002-0642 (The registry key containing the SQL Server service account information ...)
	NOT-FOR-US: microsoft
CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...)
	- openssh 1:3.4 (high)
CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote ...)
	- openssh 1:3.4 (high)
CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 ...)
	NOT-FOR-US: SGI
CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer ...)
	NOT-FOR-US: Microsoft
CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote ...)
	NOT-FOR-US: DNSTools
CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 ...)
	NOT-FOR-US: Flash
CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...)
	NOT-FOR-US: ISS
CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Blahz
CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner ...)
	NOT-FOR-US: Foundstone
CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...)
	NOT-FOR-US: ColdFusion
CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access ...)
	NOT-FOR-US: Oracle
CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...)
	NOT-FOR-US: Oracle
CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...)
	NOT-FOR-US: Oracle
CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows ...)
	NOT-FOR-US: SunShop
CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...)
	NOT-FOR-US: Winamp
CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server ...)
	NOT-FOR-US: Aprelium
CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...)
	NOT-FOR-US: Demarc
CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 ...)
	NOT-FOR-US: Symantec
CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...)
	NOT-FOR-US: EMU
CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...)
	NOT-FOR-US: EMU
CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies ...)
	NOT-FOR-US: popper_mod
CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework ...)
	NOT-FOR-US: Cisco
CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ...)
	NOT-FOR-US: Posadis
CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: csSearch
CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 ...)
	NOT-FOR-US: WebSight
CVE-2002-0493 (Apache Tomcat may be started without proper security settings if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...)
	NOT-FOR-US: Instant Web Mail
CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote ...)
	NOT-FOR-US: Linux Directory Penguin
CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and ...)
	NOT-FOR-US: Hosting Controller
CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...)
	NOT-FOR-US: ARSC
CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone ...)
	NOT-FOR-US: Big Sam
CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote ...)
	NOT-FOR-US: PHProjekt
CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to ...)
	NOT-FOR-US: PHP FirstPost
CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial ...)
	NOT-FOR-US: Windows
CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that ...)
	NOT-FOR-US: Windows
CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...)
	NOT-FOR-US: PHP Imglist
CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...)
	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
	- kernel-source-2.2.20 <removed>
CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive ...)
	NOT-FOR-US: mIRC
CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...)
	NOT-FOR-US: SPHERE
CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...)
	NOT-FOR-US: Red-M
CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, ...)
	NOT-FOR-US: Red-M
CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...)
	NOT-FOR-US: Red-M
CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be ...)
	NOT-FOR-US: Red-M
CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, ...)
	NOT-FOR-US: Red-M
CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote ...)
	- apache2 2.0.37
CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating ...)
	{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
	- acm 5.0-10
	- glibc 2.2.5-13
	- dietlibc 0.20-0cvs20020808
	- krb5 1.2.5-2
	- openafs 1.2.6-1
CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module ...)
	NOT-FOR-US: Sun
CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers ...)
	{DSA-255}
	- tcpdump 3.7.1-1.2
CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...)
	NOT-FOR-US: Apple
CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player ...)
	NOT-FOR-US: Microsoft
CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows ...)
	NOT-FOR-US: AOL
CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which ...)
	NOT-FOR-US: IRIX
CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows ...)
	NOT-FOR-US: MediaMail
CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...)
	NOT-FOR-US: SGI
CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) ...)
	NOT-FOR-US: Cisco
CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin ...)
	NOT-FOR-US: OpenBB
CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ...)
	NOT-FOR-US: Snitz
CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...)
	NOT-FOR-US: Essentia
CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the ...)
	NOT-FOR-US: Symantec
CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops ...)
	NOT-FOR-US: Symantec
CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code ...)
	NOT-FOR-US: CatchUp
CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...)
	NOT-FOR-US: WebNews
CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, ...)
	NOT-FOR-US: pforum
CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to ...)
	NOT-FOR-US: Falcon
CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before ...)
	NOT-FOR-US: SIPS
CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...)
	NOT-FOR-US: Sawmill
CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through ...)
	NOT-FOR-US: HP
CVE-2002-0246 (Format string vulnerability in the message catalog library functions ...)
	NOT-FOR-US: UnixWare
CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...)
	NOT-FOR-US: Cisco
CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE ...)
	NOT-FOR-US: ISS
CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...)
	NOT-FOR-US: DCForum
CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ...)
	NOT-FOR-US: Xinet
CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...)
	NOT-FOR-US: Tarantella
CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing ...)
	NOT-FOR-US: Nortel
CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows ...)
	NOT-FOR-US: Real Networks
CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof ...)
	NOT-FOR-US: psyBNC
CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the ...)
	NOT-FOR-US: ACD
CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0160 (The administration function in Cisco Secure Access Control Server ...)
	NOT-FOR-US: Cisco
CVE-2002-0159 (Format string vulnerability in the administration function in Cisco ...)
	NOT-FOR-US: Cisco
CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...)
	NOT-FOR-US: Microsoft
CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...)
	NOT-FOR-US: Microsoft
CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail ...)
	NOT-FOR-US: Microsoft
CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...)
	NOT-FOR-US: Microsoft
CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new ...)
	NOT-FOR-US: Microsoft
CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce ...)
	NOT-FOR-US: Microsoft
CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives &quot;Everyone&quot; group ...)
	NOT-FOR-US: Microsoft
CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...)
	NOT-FOR-US: Microsoft
CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the ...)
	NOT-FOR-US: Microsoft
CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...)
	NOT-FOR-US: Microsoft
CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with &quot;Bugs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0004 (Heap corruption vulnerability in the &quot;at&quot; program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1407 (Bugzilla before 2.14 allows Bugzilla users to bypass group security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1406 (process_bug.cgi in Bugzilla before 2.14 does not set the &quot;groupset&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1391 (Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1386 (WFTPD 3.00 allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1385 (The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1383 (initscript in setserial 2.17-4 and earlier uses predictable temporary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1382 (The &quot;echo simulation&quot; traffic analysis countermeasure in OpenSSH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1380 (OpenSSH before 2.9.9, while using keypairs and multiple keys of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1378 (fetchmailconf in fetchmail before 5.7.4 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1375 (tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1374 (expect before 5.32 searches for its libraries in /var/tmp before other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1373 (MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1372 (Oracle 9i Application Server 1.0.2 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1371 (The default configuration of Oracle Application Server 9iAS 1.0.2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1370 (prepend.php3 in PHPLib before 7.2d, when register_globals is enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1369 (Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1367 (The checkAccess function in PHPSlice 0.1.4, and all other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1359 (Volution clients 1.0.7 and earlier attempt to contact the computer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1352 (Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1351 (Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1350 (Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1349 (Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1347 (Windows 2000 allows local users to cause a denial of service and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1345 (bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1342 (Apache before 1.3.20 on Windows and OS/2 systems allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1334 (Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1328 (Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1327 (pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1322 (xinetd 2.1.8 and earlier runs with a default umask of 0, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1303 (The default configuration of SecuRemote for Check Point Firewall-1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1302 (The change password option in the Windows Security interface for ...)
	NOT-FOR-US: Microsoft
CVE-2001-1301 (rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1299 (Zorbat Zorbstats PHP script before 0.9 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1297 (PHP remote file inclusion vulnerability in Actionpoll PHP script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1296 (More.groupware PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1295 (Directory traversal vulnerability in Cerberus FTP Server 1.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1291 (The telnet server for 3Com hardware such as PS40 SuperStack II does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1279 (Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1277 (makewhatis in the man package before 1.5i2 allows an attacker in group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1276 (ispell before 3.1.20 allows local users to overwrite files of other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1266 (Directory traversal vulnerability in Doug Neal's HTTPD Daemon ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1252 (Network Associates PGP Keyserver 7.0 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1251 (SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1247 (PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1246 (PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1240 (The default configuration of sudo in Engarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1237 (Phormation PHP script 0.9.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1236 (myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1235 (pSlash PHP script 0.7 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1234 (Bharat Mediratta Gallery PHP script before 1.2.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1231 (GroupWise 5.5 and 6 running in live remote or smart caching mode ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1227 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1215 (Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1203 (Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1201 (Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1200 (Microsoft Windows XP allows local users to bypass a locked screen and ...)
	NOT-FOR-US: Microsoft
CVE-2001-1199 (Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1193 (Directory traversal vulnerability in EFTP 2.0.8.346 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1186 (Microsoft IIS 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2001-1185 (Some AIO operations in FreeBSD 4.4 may be delayed until after a call ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1183 (PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers ...)
	NOT-FOR-US: Cisco
CVE-2001-1180 (FreeBSD 4.3 does not properly clear shared signal handlers when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1177 (ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1176 (Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1175 (vipw in the util-linux package before 2.10 causes /etc/shadow to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1174 (Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1172 (OmniSecure HTTProtect 1.1.1 allows a superuser without omnish ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1166 (linprocfs on FreeBSD 4.3 and earlier does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1162 (Directory traversal vulnerability in the %m macro in the smb.conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1161 (Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1160 (udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1158 (Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1155 (TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1153 (lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1149 (Panda Antivirus Platinum before 6.23.00 allows a remore attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1147 (The PAM implementation in /bin/login of the util-linux package before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1146 (AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1145 (fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1144 (Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1141 (The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1132 (Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1130 (Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1121 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1119 (cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1118 (A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1117 (LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1116 (Identix BioLogon 2.03 and earlier does not lock secondary displays on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1113 (Buffer overflow in TrollFTPD 1.26 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1108 (Directory traversal vulnerability in SnapStream PVS 1.2a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1106 (The default configuration of Sambar Server 5 and earlier uses a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1103 (FTP Voyager ActiveX control before 8.0, when it is marked as safe for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1100 (sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1099 (The default configuration of Norton AntiVirus for Microsoft Exchange ...)
	NOT-FOR-US: Norton
CVE-2001-1098 (Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in ...)
	NOT-FOR-US: Cisco
CVE-2001-1096 (Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a ...)
	NOT-FOR-US: AIX
CVE-2001-1095 (Buffer overflow in uuq in AIX 4 could allow local users to execute ...)
	NOT-FOR-US: AIX
CVE-2001-1089 (libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1088 (Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2001-1085 (Lmail 2.7 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1084 (Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1083 (Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1081 (Format string vulnerabilities in Livingston/Lucent RADIUS before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1080 (diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable ...)
	NOT-FOR-US: AIX
CVE-2001-1079 (create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates ...)
	NOT-FOR-US: AIX
CVE-2001-1075 (poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1074 (Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1072 (Apache with mod_rewrite enabled on most UNIX systems allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1071 (Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) ...)
	NOT-FOR-US: Cisco
CVE-2001-1069 (libCoolType library as used in Adobe Acrobat (acroread) on Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1067 (Buffer overflow in AOLserver 3.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1066 (ns6install installation script for Netscape 6.01 on Solaris, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1063 (Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1062 (Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1059 (VMWare creates a temporary file vmware-log.USERNAME with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1056 (IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1055 (The Microsoft Windows network stack allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-1054 (PHPAdsNew PHP script allows remote attackers to include arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1053 (AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1049 (Phorecast PHP script before 0.40 allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1048 (AWOL PHP script allows remote attackers to include arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1046 (Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1043 (ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1038 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote ...)
	NOT-FOR-US: Cisco
CVE-2001-1037 (Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2001-1036 (GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1035 (Binary decoding feature of slrn 0.9 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1032 (admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1030 (Squid before 2.3STABLE5 in HTTP accelerator mode does not enable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1029 (libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1028 (Buffer overflow in ultimate_source function of man 1.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1027 (Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1022 (Format string vulnerability in pic utility in groff 1.16.1 and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1020 (edit_image.php in Vibechild Directory Manager before 0.91 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1017 (rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1016 (PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1011 (index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1010 (Directory traversal vulnerability in pagecount CGI script in Sambar ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1008 (Java Plugin 1.4 for JRE 1.3 executes signed applets even if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1002 (The default configuration of the DVI print filter (dvips) in Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0998 (IBM HACMP 4.4 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0995 (PHProjekt before 2.4a allows remote attackers to perform actions as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0993 (sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0987 (Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0982 (Directory traversal vulnerability in IBM Tivoli WebSEAL Policy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0981 (HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the &quot;unix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0980 (docview before 1.0-15 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0978 (login in HP-UX 10.26 does not record failed login attempts in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0977 (slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0973 (BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0969 (ipfw in FreeBSD does not properly handle the use of &quot;me&quot; in its rules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0965 (glFTPD 1.23 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0963 (Directory traversal vulnerability in SpoonFTP 1.1 allows local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0962 (IBM WebSphere Application Server 3.02 through 3.53 uses predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0961 (Buffer overflow in tab expansion capability of the most program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0960 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0959 (Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0954 (Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0951 (Windows 2000 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Microsoft
CVE-2001-0946 (apmscript in Apmd in Red Hat 7.2 &quot;Enigma&quot; allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0940 (Buffer overflow in the GUI authentication code of Check Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0939 (Lotus Domino 5.08 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0936 (Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0929 (Cisco IOS Firewall Feature set, aka Context Based Access Control ...)
	NOT-FOR-US: Cisco
CVE-2001-0921 (Netscape 4.79 and earlier for MacOS allows an attacker with access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0920 (Format string vulnerability in auto nice daemon (AND) 1.0.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0918 (Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0917 (Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0914 (Linux kernel before 2.4.11pre3 in multiple Linux distributions allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0912 (Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0909 (Buffer overflow in helpctr.exe program in Microsoft Help Center for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0907 (Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0906 (teTeX filter before 1.0.7 allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0905 (Race condition in signal handling of procmail 3.20 and earlier, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0902 (Microsoft IIS 5.0 allows remote attackers to spoof web log entries via ...)
	NOT-FOR-US: Microsoft
CVE-2001-0901 (Hypermail allows remote attackers to execute arbitrary commands on a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0900 (Directory traversal vulnerability in modules.php in Gallery before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0899 (Network Tools 0.2 for PHP-Nuke allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0896 (Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0895 (Multiple Cisco networking products allow remote attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0894 (Vulnerability in Postfix SMTP server before 20010228-pl07, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0891 (Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0889 (Exim 3.22 and earlier, in some configurations, does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0888 (Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0887 (xSANE 0.81 and earlier allows local users to modify files of other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0886 (Buffer overflow in glob function of glibc allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0884 (Cross-site scripting vulnerability in Mailman email archiver before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0879 (Format string vulnerability in the C runtime functions in SQL Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0877 (Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0876 (Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0875 (Internet Explorer 5.5 and 6.0 allows remote attackers to cause the ...)
	NOT-FOR-US: Microsoft
CVE-2001-0874 (Internet Explorer 5.5 and 6.0 allow remote attackers to read certain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0873 (uuxqt in Taylor UUCP package does not properly remove dangerous long ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0872 (OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0869 (Format string vulnerability in the default logging callback function ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0867 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0866 (Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0865 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0864 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0863 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0862 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0861 (Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0860 (Terminal Services Manager MMC in Windows 2000 and XP trusts the Client ...)
	NOT-FOR-US: Microsoft
CVE-2001-0859 (2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0857 (Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0852 (TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0851 (Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0850 (A configuration error in the libdb1 package in OpenLinux 3.1 uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0846 (Lotus Domino 5.x allows remote attackers to read files or execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0843 (Squid proxy server 2.4 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0837 (DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0836 (Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0834 (htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0833 (Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0830 (6tunnel 0.08 and earlier does not properly close sockets that were ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0828 (A cross-site scripting vulnerability in Caucho Technology Resin before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0825 (Buffer overflow in internal string handling routines of xinetd before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0823 (The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0822 (FPF kernel module 1.0 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0819 (A buffer overflow in Linux fetchmail before 5.8.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0816 (OpenSSH before 2.9.9, when running sftp using sftp-server and using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0815 (Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0806 (Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0805 (Directory traversal vulnerability in ttawebtop.cgi in Tarantella ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0804 (Directory traversal vulnerability in story.pl in Interactive Story 1.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0803 (Buffer overflow in the client connection routine of libDtSvc.so.1 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0801 (lpstat in IRIX 6.5.13f and earlier allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0797 (Buffer overflow in login in various System V based operating systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0796 (SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0792 (Format string vulnerability in XChat 1.2.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0787 (LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0784 (Directory traversal vulnerability in Icecast 1.3.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0779 (Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0774 (Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0773 (Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0770 (Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0769 (Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0765 (BisonFTP V4R1 allows local users to access directories outside of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0764 (Buffer overflow in ntping in scotty 2.1.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0763 (Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0760 (Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0757 (Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC ...)
	NOT-FOR-US: Cisco
CVE-2001-0754 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0752 (Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0751 (Cisco switches and routers running CBOS 2.3.8 and earlier use ...)
	NOT-FOR-US: Cisco
CVE-2001-0750 (Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0749 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0748 (Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other ...)
	NOT-FOR-US: Cisco
CVE-2001-0745 (Netscape 4.7x allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0741 (Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0740 (3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0739 (Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0738 (LogLine function in klogd in sysklogd 1.3 in various Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0733 (The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0731 (Apache 1.3.20 with Multiviews enabled allows remote attackers to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0730 (split-logfile in Apache 1.3.20 allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0728 (Buffer overflow in Compaq Management Agents before 5.2, included in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0727 (Internet Explorer 6.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2001-0726 (Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used ...)
	NOT-FOR-US: Microsoft
CVE-2001-0724 (Internet Explorer 5.5 allows remote attackers to bypass security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0723 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0722 (Internet Explorer 5.5 and 6.0 allows remote attackers to read and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0720 (Internet Explorer 5.1 for Macintosh on Mac OS X allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0719 (Buffer overflow in Microsoft Windows Media Player 6.4 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0718 (Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) ...)
	NOT-FOR-US: Microsoft
CVE-2001-0717 (Format string vulnerability in ToolTalk database server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0716 (Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0710 (NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0706 (Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0701 (Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0700 (Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0699 (Buffer overflow in cb_reset in the System Service Processor (SSP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0698 (Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0697 (NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0696 (NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0692 (SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0690 (Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0686 (Buffer overflow in mail included with SunOS 5.8 for x86 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0685 (Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0682 (ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0680 (Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0677 (Eudora 5.0.2 allows a remote attacker to read arbitrary files via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0676 (Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0675 (Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2001-0670 (Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0668 (Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0667 (Internet Explorer 6 and earlier, when used with the Telnet client in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0666 (Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an ...)
	NOT-FOR-US: Microsoft
CVE-2001-0665 (Internet Explorer 6 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0664 (Internet Explorer 5.5 and 5.01 allows remote attackers to bypass ...)
	NOT-FOR-US: Microsoft
CVE-2001-0663 (Terminal Server in Windows NT and Windows 2000 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0662 (RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0660 (Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0659 (Buffer overflow in IrDA driver providing infrared data exchange on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0658 (Cross-site scripting (CSS) vulnerability in Microsoft Internet ...)
	NOT-FOR-US: Microsoft
CVE-2001-0653 (Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0652 (Heap overflow in xlock in Solaris 2.6 through 8 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0650 (Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0648 (Directory traversal vulnerability in PHProjekt 2.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0646 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0644 (Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0643 (Internet Explorer 5.5 does not display the Class ID (CLSID) when it is ...)
	NOT-FOR-US: Microsoft
CVE-2001-0641 (Buffer overflow in man program in various distributions of Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0635 (Red Hat Linux 7.1 sets insecure permissions on swap files created ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0634 (Sun Chili!Soft ASP has weak permissions on various configuration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0631 (Centrinity First Class Internet Services 5.50 allows for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0630 (Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0629 (HP Event Correlation Service (ecsd) as included with OpenView Network Node  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0628 (Microsoft Word 2000 does not check AutoRecovery (.asd) files for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0627 (vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0626 (O'Reilly Website Professional 2.5.4 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0625 (ftpdownload in Computer Associates InoculateIT 6.0 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0622 (The web management service on Cisco Content Service series 11000 ...)
	NOT-FOR-US: Cisco
CVE-2001-0621 (The FTP server on Cisco Content Service 11000 series switches (CSS) ...)
	NOT-FOR-US: Cisco
CVE-2001-0616 (Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0615 (Directory traversal vulnerability in Faust Informatics Freestyle Chat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0613 (Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0612 (McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0611 (Becky! 2.00.05 and earlier can allow a remote attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0596 (Netscape Communicator before 4.77 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0595 (Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0594 (kcms_configure as included with Solaris 7 and 8 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0593 (Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0591 (Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0590 (Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0589 (NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0586 (TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0585 (Gordano NTMail 6.0.3c allows a remote attacker to create a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0574 (Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0573 (lsfs in AIX 4.x allows a local user to gain additional privileges by ...)
	NOT-FOR-US: AIX
CVE-2001-0567 (Digital Creations Zope 2.3.2 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0565 (Buffer overflow in mailx in Solaris 8 and earlier allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0564 (APC Web/SNMP Management Card prior to Firmware 310 only supports one ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0563 (ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0560 (Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0559 (crontab in Vixie cron 3.0.1 and earlier does not properly drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0558 (T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0554 (Buffer overflow in BSD-based telnetd telnet daemon on various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0553 (SSH Secure Shell 3.0.0 on Unix systems does not properly perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0550 (wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0549 (Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0548 (Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0547 (Memory leak in the proxy service in Microsoft Internet Security and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0546 (Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security ...)
	NOT-FOR-US: Microsoft
CVE-2001-0545 (IIS 4.0 with URL redirection enabled allows remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2001-0544 (IIS 5.0 allows local users to cause a denial of service (hang) via by ...)
	NOT-FOR-US: Microsoft
CVE-2001-0543 (Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0541 (Buffer overflow in Microsoft Windows Media Player 7.1 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2001-0540 (Memory leak in Terminal servers in Windows NT and Windows 2000 allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0538 (Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0537 (HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-2001-0533 (Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows ...)
	NOT-FOR-US: AIX
CVE-2001-0530 (Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0529 (OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0528 (Oracle E-Business Suite Release 11i Applications Desktop Integrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0527 (DCScripts DCForum versions 2000 and earlier allow a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0526 (Buffer overflow in the Xview library as used by mailtool in Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0525 (Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0522 (Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0518 (Oracle listener before Oracle 9i allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0517 (Oracle listener in Oracle 8i on Solaris allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0514 (SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0513 (Oracle listener process on Windows NT redirects connection requests to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0508 (Vulnerability in IIS 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2001-0507 (IIS 5.0 uses relative paths to find system files that will run ...)
	NOT-FOR-US: Microsoft
CVE-2001-0506 (Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-0504 (Vulnerability in authentication process for SMTP service in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2001-0503 (Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0502 (Running Windows 2000 LDAP Server over SSL, a function does not ...)
	NOT-FOR-US: Microsoft
CVE-2001-0501 (Microsoft Word 2002 and earlier allows attackers to automatically ...)
	NOT-FOR-US: Microsoft
CVE-2001-0500 (Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0497 (dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0495 (Directory traversal in DataWizard WebXQ server 1.204 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0494 (Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0493 (Small HTTP server 2.03 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0489 (Format string vulnerability in gftp prior to 2.0.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0488 (pcltotiff in HP-UX 10.x has unnecessary set group id permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0487 (AIX SNMP server snmpd allows remote attackers to cause a denial of ...)
	NOT-FOR-US: AIX
CVE-2001-0486 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0485 (Unknown vulnerability in netprint in IRIX 6.2, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0482 (Configuration error in Argus PitBull LX allows root users to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0481 (Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0475 (index.php in Jelsoft vBulletin does not properly initialize a PHP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0474 (Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0473 (Format string vulnerability in Mutt before 1.2.5 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0469 (rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0467 (Directory traversal vulnerability in RobTex Viking Web server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0465 (TurboTax saves passwords in a temporary file when a user imports ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0463 (Directory traversal vulnerability in cal_make.pl in PerlCal allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0462 (Directory traversal vulnerability in Perl web server 0.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0461 (template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0457 (man2html before 1.5-22 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0456 (postinst installation script for Proftpd in Debian 2.2 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0455 (Cisco Aironet 340 Series wireless bridge before 8.55 does not properly ...)
	NOT-FOR-US: Cisco
CVE-2001-0449 (Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0444 (Cisco CBOS 2.3.0.053 sends output of the &quot;sh nat&quot; (aka &quot;show nat&quot;) ...)
	NOT-FOR-US: Cisco
CVE-2001-0442 (Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0440 (Buffer overflow in logging functions of licq before 1.0.3 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0439 (licq before 1.0.3 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0434 (The LogDataListToFile ActiveX function used in (1) Knowledge Center ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0430 (Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0429 (Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an ...)
	NOT-FOR-US: Cisco
CVE-2001-0428 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0427 (Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0423 (Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0422 (Buffer overflow in Xsun in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0416 (sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0414 (Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0413 (BinTec X4000 Access router, and possibly other versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0412 (Cisco Content Services (CSS) switch products 11800 and earlier, aka ...)
	NOT-FOR-US: Cisco
CVE-2001-0409 (vim (aka gvim) allows local users to modify files being edited by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0408 (vim (aka gvim) processes VIM control codes that are embedded in a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0407 (Directory traversal vulnerability in MySQL before 3.23.36 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0405 (ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0402 (IPFilter 3.4.16 and earlier does not include sufficient session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0394 (Remote manager service in Website Pro 3.0.37 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0388 (time server daemon timed allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0387 (Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0386 (AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0383 (banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0379 (Vulnerability in the newgrp program included with HP9000 servers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0378 (readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0377 (Infradig Inframail prior to 3.98a allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0375 (Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa ...)
	NOT-FOR-US: Cisco
CVE-2001-0373 (The default configuration of the Dr. Watson program in Windows NT and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0371 (Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0368 (Directory traversal vulnerability in BearShare 2.2.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0366 (saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0365 (Eudora before 5.1 allows a remote attacker to execute arbitrary code, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0364 (SSH Communications Security sshd 2.4 for Windows allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0361 (Implementations of SSH version 1.5, including (1) OpenSSH up to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0353 (Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0351 (Microsoft Windows 2000 telnet service allows a local user to make a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0348 (Microsoft Windows 2000 telnet service allows attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0347 (Information disclosure vulnerability in Microsoft Windows 2000 telnet ...)
	NOT-FOR-US: Microsoft
CVE-2001-0346 (Handle leak in Microsoft Windows 2000 telnet service allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0345 (Microsoft Windows 2000 telnet service allows attackers to prevent idle ...)
	NOT-FOR-US: Microsoft
CVE-2001-0344 (An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using ...)
	NOT-FOR-US: Microsoft
CVE-2001-0341 (Buffer overflow in Microsoft Visual Studio RAD Support sub-component ...)
	NOT-FOR-US: Microsoft
CVE-2001-0340 (An interaction between the Outlook Web Access (OWA) service in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0339 (Internet Explorer 5.5 and earlier allows remote attackers to display a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0338 (Internet Explorer 5.5 and earlier does not properly validate digital ...)
	NOT-FOR-US: Microsoft
CVE-2001-0336 (The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an ...)
	NOT-FOR-US: Microsoft
CVE-2001-0335 (FTP service in IIS 5.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2001-0334 (FTP service in IIS 5.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0333 (Directory traversal vulnerability in IIS 5.0 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0331 (Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0330 (Bugzilla 2.10 allows remote attackers to access sensitive information, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0327 (iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0326 (Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0321 (opendir.php script in PHP-Nuke allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0319 (orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0318 (Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0317 (Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0316 (Linux kernel 2.4 and 2.2 allows local users to read kernel memory and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0311 (Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0310 (sort in FreeBSD 4.1.1 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0309 (inetd in Red Hat 6.2 does not properly close sockets for internal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0301 (Buffer overflow in Analog before 4.16 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0299 (Buffer overflow in Voyager web administration server for Nokia IP440 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0295 (Directory traversal vulnerability in War FTP 1.67.04 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0290 (Vulnerability in Mailman 2.0.1 and earlier allows list administrators ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0289 (Joe text editor 2.8 searches the current working directory (CWD) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0288 (Cisco switches and routers running IOS 12.1 and earlier produce ...)
	NOT-FOR-US: Cisco
CVE-2001-0287 (VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0284 (Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0280 (Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0279 (Buffer overflow in sudo earlier than 1.6.3p6 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0278 (Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0276 (ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0274 (kicq IRC client 1.0.0, and possibly later versions, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0269 (pam_ldap authentication module in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0268 (The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0267 (NM debug in HP MPE/iX 6.5 and earlier does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0266 (Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0265 (ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0260 (Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0259 (ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0252 (iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0245 (Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in ...)
	NOT-FOR-US: Microsoft
CVE-2001-0244 (Buffer overflow in Microsoft Index Server 2.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0243 (Windows Media Player 7 and earlier stores Internet shortcuts in a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0241 (Buffer overflow in Internet Printing ISAPI extension in Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0240 (Microsoft Word before Word 2002 allows attackers to automatically ...)
	NOT-FOR-US: Microsoft
CVE-2001-0239 (Microsoft Internet Security and Acceleration (ISA) Server 2000 Web ...)
	NOT-FOR-US: Microsoft
CVE-2001-0238 (Microsoft Data Access Component Internet Publishing Provider ...)
	NOT-FOR-US: Microsoft
CVE-2001-0237 (Memory leak in Microsoft 2000 domain controller allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0236 (Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0235 (Vulnerability in crontab allows local users to read crontab files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0234 (NewsDaemon before 0.21b allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0233 (Buffer overflow in micq client 0.4.6 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0230 (Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0222 (webmin 0.84 and earlier allows local users to overwrite and create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0221 (Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0219 (Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0218 (Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0215 (ROADS search.pl program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0207 (Buffer overflow in bing allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0204 (Watchguard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0203 (Watchguard Firebox II firewall allows users with read-only access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0197 (Format string vulnerability in print_client in icecast 1.3.8beta2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0196 (inetd ident server in FreeBSD 4.x and earlier does not properly set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0195 (sash before 3.4-4 in Debian GNU/Linux does not properly clone ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0194 (Buffer overflow in httpGets function in CUPS 1.1.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0193 (Format string vulnerability in man in some Linux distributions allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0191 (gnuserv before 3.12, as shipped with XEmacs, does not properly check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0190 (Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0189 (Directory traversal vulnerability in LocalWEB2000 HTTP server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0187 (Format string vulnerability in wu-ftp 2.6.1 and earlier, when running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0185 (Netopia R9100 router version 4.6 allows authenticated users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0183 (ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0182 (FireWall-1 4.1 with a limited-IP license allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0179 (Allaire JRun 3.0 allows remote attackers to list contents of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0178 (kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0176 (The setuid doroot program in Voyant Sonata 3.x executes arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0175 (The caching module in Netscape Fasttrack Server 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0174 (Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0170 (glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0169 (When using the LD_PRELOAD environmental variable in SUID or SGID ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0166 (Macromedia Shockwave Flash plugin version 8 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0165 (Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0164 (Buffer overflow in Netscape Directory Server 4.12 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0157 (Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0156 (VShell SSH gateway 1.0.1 and earlier has a default port forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0155 (Format string vulnerability in VShell SSH gateway 1.0.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0154 (HTML e-mail feature in Internet Explorer 5.5 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0153 (Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0152 (The password protection option for the Compressed Folders feature in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0151 (IIS 5.0 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0150 (Internet Explorer 5.5 and earlier executes Telnet sessions using ...)
	NOT-FOR-US: Microsoft
CVE-2001-0149 (Windows Scripting Host in Internet Explorer 5.5 and earlier allows ...)
	NOT-FOR-US: Microsoft
CVE-2001-0148 (The WMP ActiveX Control in Windows Media Player 7 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0147 (Buffer overflow in Windows 2000 event viewer snap-in allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0144 (CORE SDI SSH1 CRC-32 compensation attack detector allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0143 (vpop3d program in linuxconf 1.23r and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0142 (squid 2.3 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0141 (mgetty 1.1.22 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0140 (arpwatch 2.1a4 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0139 (inn 2.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0138 (privatepw program in wu-ftpd before 2.6.1-6 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0137 (Windows Media Player 7 allows remote attackers to execute malicious ...)
	NOT-FOR-US: Microsoft
CVE-2001-0136 (Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0130 (Buffer overflow in HTML parser of the Lotus R5 Domino Server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0129 (Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0128 (Zope before 2.2.4 does not properly compute local roles, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0126 (Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0125 (exmh 2.2 and earlier allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0124 (Buffer overflow in exrecover in Solaris 2.6 and earlier possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0123 (Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0122 (Kernel leak in AfpaCache module of the Fast Response Cache Accelerator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0121 (ImageCast Control Center 4.1.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0120 (useradd program in shadow-utils program may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0119 (getty_ps 2.0.7j allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0118 (rdist 6.1.5 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0117 (sdiff 2.7 in the diffutils package allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0116 (gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0115 (Buffer overflow in arp command in Solaris 7 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0111 (Format string vulnerability in splitvt before 1.6.5 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0110 (Buffer overflow in jaZip Zip/Jaz drive manager allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0109 (rctab in SuSE 7.0 and earlier allows local users to create or overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0108 (PHP Apache module 4.0.4 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0106 (Vulnerability in inetd server in HP-UX 11.04 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0105 (Vulnerability in top in HP-UX 11.04 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0100 (bslist.cgi mailing list script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0099 (bsguest.cgi guestbook script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0096 (FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0095 (catman in Solaris 2.7 and 2.8 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0094 (Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0092 (A function in Internet Explorer 5.0 through 5.5 does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2001-0091 (The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0090 (The Print Templates feature in Internet Explorer 5.5 executes ...)
	NOT-FOR-US: Microsoft
CVE-2001-0089 (Internet Explorer 5.0 through 5.5 allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2001-0085 (Buffer overflow in Kermit communications software in HP-UX 11.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0083 (Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0081 (swinit in nCipher does not properly disable the Operator Card Set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0080 (Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0078 (in.mond in Sun Cluster 2.x allows local users to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0077 (The clustmon service in Sun Cluster 2.x does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0072 (gpg (aka GnuPG) 1.0.4 and other versions imports both public and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0071 (gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0069 (dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0066 (Secure Locate (slocate) allows local users to corrupt memory via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0063 (procfs in FreeBSD and possibly other operating systems allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0062 (procfs in FreeBSD and possibly other operating systems allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0061 (procfs in FreeBSD and possibly other operating systems does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0060 (Format string vulnerability in stunnel 3.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0059 (patchadd in Solaris allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0058 (The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier ...)
	NOT-FOR-US: Cisco
CVE-2001-0057 (Cisco 600 routers running CBOS 2.4.1 and earlier allow remote ...)
	NOT-FOR-US: Cisco
CVE-2001-0056 (The Cisco Web Management interface in routers running CBOS 2.4.1 and ...)
	NOT-FOR-US: Cisco
CVE-2001-0055 (CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2001-0054 (Directory traversal vulnerability in FTP Serv-U before 2.5i allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0053 (One-byte buffer overflow in replydirname function in BSD-based ftpd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0050 (Buffer overflow in BitchX IRC client allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0043 (phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0042 (PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0041 (Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches ...)
	NOT-FOR-US: Cisco
CVE-2001-0040 (APC UPS daemon, apcupsd, saves its process ID in a world-writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0039 (IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0036 (KTH Kerberos IV allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0035 (Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0034 (KTH Kerberos IV allows local users to specify an alternate proxy using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0033 (KTH Kerberos IV allows local users to change the configuration of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0028 (Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0026 (rp-pppoe PPPoE client allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0021 (MailMan Webmail 3.0.25 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0020 (Directory traversal vulnerability in Arrowpoint (aka Cisco Content ...)
	NOT-FOR-US: Cisco
CVE-2001-0018 (Windows 2000 domain controller in Windows 2000 Server, Advanced ...)
	NOT-FOR-US: Microsoft
CVE-2001-0017 (Memory leak in PPTP server in Windows NT 4.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0016 (NTLM Security Support Provider (NTLMSSP) service does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0015 (Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users ...)
	NOT-FOR-US: Microsoft
CVE-2001-0014 (Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not ...)
	NOT-FOR-US: Microsoft
CVE-2001-0013 (Format string vulnerability in nslookupComplain function in BIND 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0012 (BIND 4 and BIND 8 allow remote attackers to access sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0011 (Buffer overflow in nslookupComplain function in BIND 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0010 (Buffer overflow in transaction signature (TSIG) handling code in BIND ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0009 (Directory traversal vulnerability in Lotus Domino 5.0.5 web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0008 (Backdoor account in Interbase database server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0007 (Buffer overflow in NetScreen Firewall WebUI allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0006 (The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has ...)
	NOT-FOR-US: Microsoft
CVE-2001-0005 (Buffer overflow in the parsing mechanism of the file loader in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0004 (IIS 5.0 and 4.0 allows remote attackers to read the source code for ...)
	NOT-FOR-US: Microsoft
CVE-2001-0003 (Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and ...)
	NOT-FOR-US: Microsoft
CVE-2001-0002 (Internet Explorer 5.5 and earlier allows remote attackers to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0001 (cookiedecode function in PHP-Nuke 4.4 allows users to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1212 (Zope 2.2.0 through 2.2.4 does not properly protect a data updating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1211 (Zope 2.2.0 through 2.2.4 does not properly perform security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1210 (Directory traversal vulnerability in source.jsp of Apache Tomcat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1203 (Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1200 (Windows NT allows remote attackers to list all users in a domain by ...)
	NOT-FOR-US: Microsoft
CVE-2000-1196 (PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1195 (telnet daemon (telnetd) from the Linux netkit package before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1193 (Performance Metrics Collector Daemon (PMCD) in Performance Copilot in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1190 (imwheel-solo in imwheel package allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1189 (Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1187 (Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1184 (telnetd in FreeBSD 4.2 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1182 (WatchGuard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1181 (Real Networks RealServer 7 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1180 (Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1179 (Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1178 (Joe text editor follows symbolic links when creating a rescue copy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1174 (Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1171 (Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1170 (Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1169 (OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1167 (ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1166 (Twig webmail system does not properly set the &quot;vhosts&quot; variable if it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1165 (Balabit syslog-ng allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1164 (WinVNC installs the WinVNC3 registry key with permissions that give ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1163 (ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1162 (ghostscript before 5.10-16 allows local users to overwrite files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1149 (Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1148 (The installation of VolanoChatPro chat server sets world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1146 (Recourse ManTrap 1.6 allows attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1145 (Recourse ManTrap 1.6 allows attackers who have gained root access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1144 (Recourse ManTrap 1.6 sets up a chroot environment to hide the fact ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1143 (Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1142 (Recourse ManTrap 1.6 generates an error when an attacker cd's to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1141 (Recourse ManTrap 1.6 modifies the kernel so that &quot;..&quot; does not appear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1140 (Recourse ManTrap 1.6 does not properly hide processes from attackers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1139 (The installation of Microsoft Exchange 2000 before Rev. A creates a ...)
	NOT-FOR-US: Microsoft
CVE-2000-1137 (GNU ed before 0.2-18.1 allows local users to overwrite the files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1136 (elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1135 (fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1132 (DCForum cgforum.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1131 (Bill Kendrick web site guestbook (GBook) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1124 (Buffer overflow in piobe command in IBM AIX 4.3.x allows local users ...)
	NOT-FOR-US: AIX
CVE-2000-1123 (Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may ...)
	NOT-FOR-US: AIX
CVE-2000-1122 (Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may ...)
	NOT-FOR-US: AIX
CVE-2000-1121 (Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow ...)
	NOT-FOR-US: AIX
CVE-2000-1120 (Buffer overflow in digest command in IBM AIX 4.3.x and earlier ...)
	NOT-FOR-US: AIX
CVE-2000-1119 (Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows ...)
	NOT-FOR-US: AIX
CVE-2000-1115 (Buffer overflow in remote web administration component (webprox.dll) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1113 (Buffer overflow in Microsoft Windows Media Player allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-1112 (Microsoft Windows Media Player 7 executes scripts in custom skin ...)
	NOT-FOR-US: Microsoft
CVE-2000-1111 (Telnet Service for Windows 2000 Professional does not properly ...)
	NOT-FOR-US: Microsoft
CVE-2000-1109 (Midnight Commander (mc) 4.5.51 and earlier does not properly process ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1108 (cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1107 (in.identd ident server in SuSE Linux 6.x and 7.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1106 (Trend Micro InterScan VirusWall creates an &quot;Intscan&quot; share to the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1101 (Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1099 (Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1097 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1096 (crontab by Paul Vixie uses predictable file names for a temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1095 (modprobe in the modutils 2.3.x package on Linux systems allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1094 (Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1089 (Buffer overflow in Microsoft Phone Book Service allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2000-1080 (Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1077 (Buffer overflow in the SHTML logging functionality of iPlanet Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1075 (Directory traversal vulnerability in iPlanet Certificate Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1074 (csstart program in iCal 2.1 Patch 2 uses relative pathnames to install ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1073 (csstart program in iCal 2.1 Patch 2 searches for the cshttpd program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1072 (iCal 2.1 Patch 2 installs many files with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1071 (The GUI installation for iCal 2.1 Patch 2 disables access control for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1070 (pollit.cgi in Poll It 2.01 and earlier uses data files that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1069 (pollit.cgi in Poll It 2.01 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1068 (pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1061 (Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-1060 (The default configuration of XFCE 3.5.1 bypasses the Xauthority access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1059 (The default configuration of the Xsession file in Mandrake Linux 7.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1058 (Buffer overflow in OverView5 CGI program in HP OpenView Network Node ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1057 (Vulnerabilities in database configuration scripts in HP OpenView ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1056 (CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-2000-1055 (Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows ...)
	NOT-FOR-US: Cisco
CVE-2000-1054 (Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and ...)
	NOT-FOR-US: Cisco
CVE-2000-1051 (Directory traversal vulnerability in Allaire JRun 2.3 server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1050 (Allaire JRun 3.0 http servlet server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1049 (Allaire JRun 3.0 http servlet server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1047 (Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1045 (nss_ldap earlier than 121, when run with nscd (name service caching ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1044 (Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1043 (Format string vulnerability in ypserv in Mandrake Linux 7.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1042 (Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1041 (Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1040 (Format string vulnerability in logging function of ypbind 3.3, while ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1038 (The web administration interface for IBM AS/400 Firewall allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1036 (Directory traversal vulnerability in Extent RBS ISP web server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1034 (Buffer overflow in the System Monitor ActiveX control in Windows 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2000-1032 (The client authentication interface for Check Point Firewall-1 4.0 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1031 (Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1027 (Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine ...)
	NOT-FOR-US: Cisco
CVE-2000-1026 (Multiple buffer overflows in LBNL tcpdump allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1024 (eWave ServletExec 3.0C and earlier does not restrict access to the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1022 (The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier ...)
	NOT-FOR-US: Cisco
CVE-2000-1019 (Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1018 (shred 1.0 file wiping utility does not properly open a file for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1016 (The default configuration of Apache (httpd.conf) on SuSE 6.4 includes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1014 (Format string vulnerability in the search97.cgi CGI script in SCO help ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1011 (Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1010 (Format string vulnerability in talkd in OpenBSD and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1007 (I-gear 3.5.7 and earlier does not properly process log entries in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1006 (Microsoft Exchange Server 5.5 does not properly handle a MIME header ...)
	NOT-FOR-US: Microsoft
CVE-2000-1005 (Directory traversal vulnerability in html_web_store.cgi and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1004 (Format string vulnerability in OpenBSD photurisd allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1003 (NETBIOS client in Windows 95 and Windows 98 allows a remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2000-1002 (POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1001 (add_2_basket.asp in Element InstantShop allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1000 (Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0996 (Format string vulnerability in OpenBSD su program (and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0995 (Format string vulnerability in OpenBSD yp_passwd program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0994 (Format string vulnerability in OpenBSD fstat program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0993 (Format string vulnerability in pw_error function in BSD libutil ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0992 (Directory traversal vulnerability in scp in sshd 1.2.xx allows a ...)
	{CVE-2004-0175}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: Rediscoved as CVE-2004-0175, see there.
CVE-2000-0991 (Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0990 (cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0989 (Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0984 (The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2000-0983 (Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0982 (Internet Explorer before 5.5 forwards cached user credentials for a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0981 (MySQL Database Engine uses a weak authentication method which leaks ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0980 (NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink ...)
	NOT-FOR-US: Microsoft
CVE-2000-0979 (File and Print Sharing service in Windows 95, Windows 98, and Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0978 (bbd server in Big Brother System and Network Monitor before 1.5c2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0977 (mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0976 (Buffer overflow in xlib in XFree 3.3.x possibly allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0975 (Directory traversal vulnerability in apexec.pl in Anaconda Foundation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0974 (GnuPG (gpg) 1.0.3 does not properly check all signatures of a file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0973 (Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0972 (HP-UX 11.00 crontab allows local users to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0970 (IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure ...)
	NOT-FOR-US: Microsoft
CVE-2000-0969 (Format string vulnerability in Half Life dedicated server build 3104 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0968 (Buffer overflow in Half Life dedicated server before build 3104 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0967 (PHP 3 and 4 do not properly cleanse user-injected format strings, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0966 (Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0965 (The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0964 (Buffer overflow in the web administration service for the HiNet LP5100 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0962 (The IPSEC implementation in OpenBSD 2.7 does not properly handle empty ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0961 (Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0960 (The POP3 server in Netscape Messaging Server 4.15p1 generates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0959 (glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0958 (HotJava Browser 3.0 allows remote attackers to access the DOM of a web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0957 (The pluggable authentication module for mysql (pam_mysql) before 0.4.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0956 (cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0953 (Shambala Server 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0952 (global.cgi CGI program in Global 3.55 and earlier on NetBSD allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0951 (A misconfiguration in IIS 5.0 with Index Server enabled and the Index ...)
	NOT-FOR-US: Microsoft
CVE-2000-0949 (Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0948 (GnoRPM before 0.95 allows local users to modify arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0947 (Format string vulnerability in cfd daemon in GNU CFEngine before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0946 (Compaq Easy Access Keyboard software 1.3 does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0945 (The web configuration interface for Catalyst 3500 XL switches allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0944 (CGI Script Center News Update 1.1 does not properly validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0943 (Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0942 (The CiWebHitsFile component in Microsoft Indexing Services for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0941 (Kootenay Web KW Whois 1.0 CGI program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0938 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0937 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0936 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0935 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0934 (Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0933 (The Input Method Editor (IME) in the Simplified Chinese version of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0932 (MAILsweeper for SMTP 3.x does not properly handle corrupt CDA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0930 (Pegasus Mail 3.12 allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0929 (Microsoft Windows Media Player 7 allows attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0928 (WQuinn QuotaAdvisor 4.1 allows users to list directories and files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0927 (WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0926 (SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0925 (The default installation of SmartWin CyberOffice Shopping Cart 2 (aka ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0924 (Directory traversal vulnerability in search.cgi CGI script in Armada ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0923 (authenticate.cgi CGI program in Aplio PRO allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0922 (Directory traversal vulnerability in Bytes Interactive Web Shopper ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0921 (Directory traversal vulnerability in Hassan Consulting shop.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0920 (Directory traversal vulnerability in BOA web server 0.94.8.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0919 (Directory traversal vulnerability in PHPix Photo Album 1.0.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0917 (Format string vulnerability in use_syslog() function in LPRng 3.6.24 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0915 (fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0914 (OpenBSD 2.6 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0913 (mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0912 (MultiHTML CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0911 (IMP 2.2 and earlier allows attackers to read and delete arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0910 (Horde library 1.02 allows attackers to execute arbitrary commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0909 (Buffer overflow in the automatic mail checking component of Pine 4.21 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0908 (BrowseGate 2.80 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0901 (Format string vulnerability in screen 3.9.5 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0900 (Directory traversal vulnerability in ssi CGI program in thttpd 2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0897 (Small HTTP Server 2.03 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0896 (WatchGuard SOHO firewall allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0895 (Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0894 (HTTP server on the WatchGuard SOHO firewall does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0892 (Some telnet clients allow remote telnet servers to request environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0891 (A default ECL in Lotus Notes before 5.02 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0890 (periodic in FreeBSD 4.1.1 and earlier, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0888 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0887 (named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0886 (IIS 5.0 allows remote attackers to execute arbitrary commands via a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0884 (IIS 4.0 and 5.0 allows remote attackers to read documents outside of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0883 (The default configuration of mod_perl for Apache as installed on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0878 (The mailto CGI script allows remote attacker to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0877 (mailform.pl CGI script in MailForm 2.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0876 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0875 (WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0874 (Eudora mail client includes the absolute path of the sender's host ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0873 (netstat in AIX 4.x.x does not properly restrict access to the -Zi ...)
	NOT-FOR-US: AIX
CVE-2000-0871 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0870 (Buffer overflow in EFTP allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0869 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0868 (The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0867 (Kernel logging daemon (klogd) in Linux does not properly cleanse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0865 (Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0864 (Race condition in the creation of a Unix domain socket in GNOME esound ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0863 (Buffer overflow in listmanager earlier than 2.105.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0862 (Vulnerability in an administrative interface utility for Allaire ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0861 (Mailman 1.1 allows list administrators to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0860 (The file upload capability in PHP versions 3 and 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0859 (The web configuration server for NTMail V5 and V6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0858 (Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0856 (Buffer overflow in SunFTP build 9(1) allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0854 (When a Microsoft Office 2000 document is launched, the directory of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0853 (YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0852 (Multiple buffer overflows in eject on FreeBSD and possibly other OSes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0851 (Buffer overflow in the Still Image Service in Windows 2000 allows local ...)
	NOT-FOR-US: Microsoft
CVE-2000-0850 (Netegrity SiteMinder before 4.11 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0849 (Race condition in Microsoft Windows Media server allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0848 (Buffer overflow in IBM WebSphere web application server (WAS) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0847 (Buffer overflow in University of Washington c-client library (used by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0846 (Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0844 (Some functions that implement the locale subsystem on Unix do not  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0839 (WinCOM LPD 1.00.90 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0838 (Fastream FUR HTTP server 1.0b allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0837 (FTP Serv-U 2.5e allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0834 (The Windows 2000 telnet client attempts to perform NTLM authentication ...)
	NOT-FOR-US: Microsoft
CVE-2000-0830 (annclist.exe in webTV for Windows allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0829 (The tmpwatch utility in Red Hat Linux forks a new process for each ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0825 (Ipswitch Imail 6.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0824 (The unsetenv function in glibc 2.1.1 does not properly unset an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0818 (The default installation for the Oracle listener program 7.3.4, 8.0.6, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0816 (Linux tmpwatch --fuser option allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0813 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0811 (Auction Weaver 1.0 through 1.04 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0810 (Auction Weaver 1.0 through 1.04 does not properly validate the names ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0809 (Buffer overflow in Getkey in the protocol checker in the inter-module ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0808 (The seed generation mechanism in the inter-module S/Key authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0807 (The OPSEC communications authentication mechanism (fwn1) in Check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0806 (The inter-module authentication mechanism (fwa1) in Check Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0805 (Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0804 (Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0803 (GNU Groff uses the current working directory to find a device ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0799 (inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0797 (Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0796 (Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0795 (Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0792 (Gnome Lokkit firewall package before 0.41 does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0790 (The web-based folder display capability in Microsoft Internet Explorer ...)
	NOT-FOR-US: Microsoft
CVE-2000-0788 (The Mail Merge tool in Microsoft Word does not prompt the user before ...)
	NOT-FOR-US: Microsoft
CVE-2000-0787 (IRC Xchat client versions 1.4.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0786 (GNU userv 1.0.0 and earlier does not properly perform file descriptor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0783 (Watchguard Firebox II allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0782 (netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0781 (uagentsetup in ARCServeIT Client Agent 6.62 does not properly check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0780 (The web server in IPSWITCH IMail 6.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0779 (Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0778 (IIS 5.0 allows remote attackers to obtain source code for .ASP files ...)
	NOT-FOR-US: Microsoft
CVE-2000-0777 (The password protection feature of Microsoft Money can store the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0776 (Mediahouse Statistics Server 5.02x allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0773 (Bajie HTTP web server 0.30a allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0771 (Microsoft Windows 2000 allows local users to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0770 (IIS 4.0 and 5.0 does not properly restrict access to certain types of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0768 (A function in Internet Explorer 4.x and 5.x does not properly verify ...)
	NOT-FOR-US: Microsoft
CVE-2000-0767 (The ActiveX control for invoking a scriptlet in Internet Explorer 4.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0766 (Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0765 (Buffer overflow in the HTML interpreter in Microsoft Office 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0764 (Intel Express 500 series switches allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0763 (xlockmore and xlockf do not properly cleanse user-injected format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0762 (The default installation of eTrust Access Control (formerly SeOS) uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0761 (OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0758 (The web interface for Lyris List Manager 3 and 4 allows list ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0754 (Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0753 (The Microsoft Outlook mail client identifies the physical path of the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0751 (mopd (Maintenance Operations Protocol loader daemon) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0750 (Buffer overflow in mopd (Maintenance Operations Protocol loader ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0749 (Buffer overflow in the Linux binary compatibility module in FreeBSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0747 (The logrotate script for OpenLDAP before 1.2.11 in Conectiva ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0745 (admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0744 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0743 (Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0742 (The IPX protocol implementation in Microsoft Windows 95 and 98 allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0741 (Format string vulnerability in strong.exe program in NAI Net Tools PKI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0740 (Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0739 (Directory traversal vulnerability in strong.exe program in NAI Net ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0738 (WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0737 (The Service Control Manager (SCM) in Windows 2000 creates predictable ...)
	NOT-FOR-US: Microsoft
CVE-2000-0733 (Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0732 (Worm HTTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0731 (Directory traversal vulnerability in Worm HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0730 (Vulnerability in newgrp command in HP-UX 11.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0729 (FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0728 (xpdf PDF viewer client earlier than 0.91 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0727 (xpdf PDF viewer client earlier than 0.91 does not properly launch a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0726 (CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0725 (Zope before 2.2.1 does not properly restrict access to the getRoles ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0720 (news.cgi in GWScripts News Publisher does not properly authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0718 (A race condition in MandrakeUpdate allows local users to modify RPM ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0717 (GoodTech FTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0716 (WorldClient email client in MDaemon 2.8 includes the session ID in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0712 (Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0711 (Netscape Communicator does not properly prevent a ServerSocket object ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0708 (Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0707 (PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0706 (Buffer overflows in ntop running in web mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0705 (ntop running in web mode allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0703 (suidperl (aka sperl) does not properly cleanse the escape sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0702 (The net.init rc script in HP-UX 11.00 (S008net.init) allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0700 (Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit ...)
	NOT-FOR-US: Cisco
CVE-2000-0699 (Format string vulnerability in ftpd in HP-UX 10.20 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0698 (Minicom 1.82.1 and earlier on some Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0694 (pgxconfig in the Raptor GFX configuration tool allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0693 (pgxconfig in the Raptor GFX configuration tool uses a relative path ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0685 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0684 (BEA WebLogic 5.1.x does not properly restrict access to the ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0683 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0682 (BEA WebLogic 5.1.x allows remote attackers to read source code for ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0681 (Buffer overflow in BEA WebLogic server proxy plugin allows remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0679 (The CVS 1.10.8 client trusts pathnames that are provided by the CVS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0678 (PGP 5.5.x through 6.5.3 does not properly check if an Additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0677 (Buffer overflow in IBM Net.Data db2www CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0676 (Netscape Communicator and Navigator 4.04 through 4.74 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0675 (Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0674 (ftp.pl CGI program for Virtual Visions FTP browser allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0673 (The NetBIOS Name Server (NBNS) protocol does not perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0672 (The default configuration of Jakarta Tomcat does not restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0671 (Roxen web server earlier than 2.0.69 allows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0670 (The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0669 (Novell NetWare 5.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0668 (pam_console PAM module in Linux systems allows a user to access the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0666 (rpc.statd in the nfs-utils package in various Linux distributions does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0665 (GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0664 (AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0663 (The registry entry for the Windows Shell executable (Explorer.exe) in ...)
	NOT-FOR-US: Microsoft
CVE-2000-0662 (Internet Explorer 5.x and Microsoft Outlook allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0661 (WircSrv IRC Server 5.07s allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0660 (The WDaemon web server for WorldClient 2.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0655 (Netscape Communicator 4.73 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0654 (Microsoft Enterprise Manager allows local users to obtain database ...)
	NOT-FOR-US: Microsoft
CVE-2000-0652 (IBM WebSphere allows remote attackers to read source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0651 (The ClientTrust program in Novell BorderManager does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0650 (The default installation of VirusScan 4.5 and NetShield 4.5 has ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0644 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0643 (Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0642 (The default configuration of WebActive HTTP Server 1.00 stores the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0641 (Savant web server allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0640 (Guild FTPd allows remote attackers to determine the existence of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0639 (The default configuration of Big Brother 1.4h2 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0638 (bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0637 (Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary ...)
	NOT-FOR-US: Microsoft
CVE-2000-0636 (HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0635 (The view_page.html sample page in the MiniVend shopping cart program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0634 (The web administration interface for CommuniGate Pro 3.2.5 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0633 (Vulnerability in Mandrake Linux usermode package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0632 (Buffer overflow in the web archive component of L-Soft Listserv 1.8d ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0631 (An administrative script from IIS 3.0, later included in IIS 4.0 and ...)
	NOT-FOR-US: Microsoft
CVE-2000-0630 (IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source ...)
	NOT-FOR-US: Microsoft
CVE-2000-0628 (The source.asp example script in the Apache ASP module Apache::ASP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0627 (BlackBoard CourseInfo 4.0 does not properly authenticate users, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0624 (Buffer overflow in Winamp 2.64 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0622 (Buffer overflow in Webfind CGI program in O'Reilly WebSite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0621 (Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0620 (libX11 X library allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0619 (Top Layer AppSwitch 2500 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0616 (Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0615 (LPRng 3.6.x improperly installs lpd as setuid root, which can allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0613 (Cisco Secure PIX Firewall does not properly identify forged TCP Reset ...)
	NOT-FOR-US: Cisco
CVE-2000-0611 (The default configuration of NetWin dMailWeb and cwMail trusts all POP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0610 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0604 (gkermit in Red Hat Linux is improperly installed with setgid uucp, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0603 (Microsoft SQL Server 7.0 allows a local user to bypass permissions for ...)
	NOT-FOR-US: Microsoft
CVE-2000-0602 (Secure Locate (slocate) in Red Hat Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0601 (LeafChat 1.7 IRC client allows a remote IRC server to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0600 (Netscape Enterprise Server in NetWare 5.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0599 (Buffer overflow in iMesh 1.02 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0598 (Fortech Proxy+ allows remote attackers to bypass access restrictions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0597 (Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are ...)
	NOT-FOR-US: Microsoft
CVE-2000-0596 (Internet Explorer 5.x does not warn a user before opening a Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-2000-0595 (libedit searches for the .editrc file in the current directory instead ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0594 (BitchX IRC client does not properly cleanse an untrusted format ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0593 (WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0591 (Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0590 (Poll It 2.0 CGI script allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0588 (SawMill 5.0.21 CGI program allows remote attackers to read the first ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0587 (The privpath directive in glftpd 1.18 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0586 (Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0585 (ISC DHCP client program dhclient allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0584 (Buffer overflow in Canna input system allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0583 (vchkpw program in vpopmail before version 4.8 does not properly cleanse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0582 (Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0581 (Windows 2000 Telnet Server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2000-0579 (IRIX crontab creates temporary files with predictable file names and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0577 (Netscape Professional Services FTP Server 1.3.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0576 (Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows ...)
	NOT-FOR-US: AIX
CVE-2000-0575 (SSH 1.2.27 with Kerberos authentication support stores Kerberos ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0573 (The lreply function in wu-ftpd 2.6.0 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0571 (LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0570 (FirstClass Internet Services server 5.770, and other versions before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0569 (Sybergen Sygate allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0568 (Sybergen Secure Desktop 2.1 does not properly protect against false ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0567 (Buffer overflow in Microsoft Outlook and Outlook Express allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0566 (makewhatis in Linux man package allows local users to overwrite files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0565 (SmartFTP Daemon 0.2 allows a local user to access arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0561 (Buffer overflow in WebBBS 1.15 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0558 (Buffer overflow in HP Openview Network Node Manager 6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0557 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0556 (Buffer overflow in the web interface for Cmail 2.4.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0555 (Ceilidh allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0553 (Race condition in IPFilter firewall 3.4.3 and earlier, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0552 (ICQwebmail client for ICQ 2000A creates a world readable temporary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0551 (The file transfer mechanism in Danware NetOp 6.0 does not provide ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0550 (Kerberos 4 KDC program improperly frees memory twice (aka ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0549 (Kerberos 4 KDC program does not properly check for null termination of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0548 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0542 (Tigris remote access server before 11.5.4.22 does not properly record ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0541 (The Panda Antivirus console on port 2001 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0540 (JSP sample files in Allaire JRun 2.3.x allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0539 (Servlet examples in Allaire JRun 2.3.x allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0538 (ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0537 (BRU backup software allows local users to append data to arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0536 (xinetd 2.1.8.x does not properly restrict connections if hostnames are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0534 (The apsfilter software in the FreeBSD ports package does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0533 (Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0532 (A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0530 (The KApplication class in the KDE 1.1.2 configuration file management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0529 (Net Tools PKI Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0528 (Net Tools PKI Server does not properly restrict access to remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0525 (OpenSSH does not properly drop privileges when the UseLogin option is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0523 (Buffer overflow in the logging feature of EServ 2.9.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0522 (RSA ACE/Server allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0521 (Savant web server allows remote attackers to read source code of CGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0519 (Internet Explorer 4.x and 5.x does not properly re-validate an SSL ...)
	NOT-FOR-US: Microsoft
CVE-2000-0518 (Internet Explorer 4.x and 5.x does not properly verify all contents of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0517 (Netscape 4.73 and earlier does not properly warn users about a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0516 (When configured to store configuration information in an LDAP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0515 (The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0514 (GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0513 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0512 (CUPS (Common Unix Printing System) 1.04 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0511 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0510 (CUPS (Common Unix Printing System) 1.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0508 (rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0507 (Imate Webmail Server 2.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0506 (The &quot;capabilities&quot; feature in Linux before 2.2.16 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0505 (The Apache 1.3.x HTTP server for Windows platforms allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0504 (libICE in XFree86 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0502 (Mcafee VirusScan 4.03 does not properly restrict access to the alert ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0501 (Race condition in MDaemon 2.8.5.0 POP server allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0500 (The default configuration of BEA WebLogic 5.1.0 allows a remote ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0499 (The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2000-0498 (Unify eWave ServletExec allows a remote attacker to view source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0497 (IBM WebSphere server 3.0.2 allows a remote attacker to view source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0495 (Microsoft Windows Media Encoder allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0494 (Veritas Volume Manager creates a world writable .server_pids file, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0493 (Buffer overflow in Simple Network Time Sync (SMTS) daemon allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0490 (Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0489 (FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0488 (Buffer overflow in ITHouse mail server 1.04 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0486 (Buffer overflow in Cisco TACACS+ tac_plus server allows remote ...)
	NOT-FOR-US: Cisco
CVE-2000-0485 (Microsoft SQL Server allows local users to obtain database passwords ...)
	NOT-FOR-US: Microsoft
CVE-2000-0484 (Buffer overflow in Small HTTP Server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0483 (The DocumentTemplate package in Zope 2.2 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0482 (Check Point Firewall-1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0481 (Buffer overflow in KDE Kmail allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0478 (In some cases, Norton Antivirus for Exchange (NavExchange) enters a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0477 (Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0475 (Windows 2000 allows a local user process to access another user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0474 (Real Networks RealServer 7.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0472 (Buffer overflow in innd 2.2.2 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0471 (Buffer overflow in ufsrestore in Solaris 8 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0470 (Allegro RomPager HTTP server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0469 (Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0468 (man in HP-UX 10.20 and 11 allows local attackers to overwrite files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0467 (Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0466 (AIX cdmount allows local users to gain root privileges via shell ...)
	NOT-FOR-US: AIX
CVE-2000-0465 (Internet Explorer 4.x and 5.x does not properly verify the domain of a  ...)
	NOT-FOR-US: Microsoft
CVE-2000-0464 (Internet Explorer 4.x and 5.x allows remote attackers to execute ...)
	NOT-FOR-US: Microsoft
CVE-2000-0463 (BeOS 5.0 allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0462 (ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0461 (The undocumented semconfig system call in BSD freezes the state of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0460 (Buffer overflow in KDE kdesud on Linux allows local uses to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0459 (IMP does not remove files properly if the MSWordView application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0458 (The MSWordView application in IMP creates world-readable files in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0457 (ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file ...)
	NOT-FOR-US: Microsoft
CVE-2000-0456 (NetBSD 1.4.2 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0455 (Buffer overflow in xlockmore xlock program version 4.16 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0454 (Buffer overflow in Linux cdrecord allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0453 (XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0452 (Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0451 (The Intel express 8100 ISDN router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0448 (The WebShield SMTP Management Tool version 4.5.44 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0447 (Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0446 (Buffer overflow in MDBMS database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0445 (The pgpk command in PGP 5.x on Unix systems uses an insufficiently ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0443 (The web interface server in HP Web JetAdmin 5.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0442 (Qpopper 2.53 and earlier allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0441 (Vulnerability in AIX 3.2.x and 4.x allows local users to gain write ...)
	NOT-FOR-US: AIX
CVE-2000-0440 (NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0439 (Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain ...)
	NOT-FOR-US: Microsoft
CVE-2000-0438 (Buffer overflow in fdmount on Linux systems allows local users in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0437 (Buffer overflow in the CyberPatrol daemon &quot;cyberdaemon&quot; used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0436 (MetaProducts Offline Explorer 1.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0435 (The allmanageup.pl file upload CGI script in the Allmanage Website ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0432 (The calender.pl and the calendar_admin.pl calendar scripts by Matt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0431 (Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0430 (Cart32 allows remote attackers to access sensitive debugging ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0428 (Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0427 (The Aladdin Knowledge Systems eToken device allows attackers with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0426 (UltraBoard 1.6 and other versions allow remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0425 (Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0424 (The CGI counter 4.0.7 by George Burgyan allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0421 (The process_bug.cgi script in Bugzilla allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0419 (The Office 2000 UA ActiveX Control is marked as &quot;safe for scripting,&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0418 (The Cayman 3220-H DSL router allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0417 (The HTTP administration interface to the Cayman 3220-H DSL router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0416 (NTMail 5.x allows network users to bypass the NTMail proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0414 (Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0411 (Matt Wright's FormMail CGI script allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0410 (ColdFusion Server 4.5.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0409 (Netscape 4.73 and earlier follows symlinks when it imports a new ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0408 (IIS 4.05 and 5.0 allow remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0407 (Buffer overflow in Solaris netpr program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0406 (Netscape Communicator before version 4.73 and Navigator 4.07 do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0405 (Buffer overflow in L0pht AntiSniff allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0404 (The CIFS Computer Browser service allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0403 (The CIFS Computer Browser service on Windows NT 4.0 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0402 (The Mixed Mode authentication capability in Microsoft SQL Server 7.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0399 (Buffer overflow in MDaemon POP server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0398 (Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0397 (The EMURL web-based email account software encodes predictable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0396 (The add.exe program in the Carello shopping cart software allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0395 (Buffer overflow in CProxy 3.3 allows remote users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0394 (NetProwler 3.0 allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0393 (The KDE kscd program does not drop privileges when executing a program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0392 (Buffer overflow in ksu in Kerberos 5 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0391 (Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0390 (Buffer overflow in krb425_conv_principal function in Kerberos 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0389 (Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0388 (Buffer overflow in FreeBSD libmytinfo library allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0387 (The makelev program in the golddig game from the FreeBSD ports ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0382 (ColdFusion ClusterCATS appends stale query string arguments to a URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0381 (The Gossamer Threads DBMan db.cgi CGI script allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0380 (The IOS HTTP service in Cisco routers and switches running IOS 11.1 ...)
	NOT-FOR-US: Cisco
CVE-2000-0379 (The Netopia R9100 router does not prevent authenticated users from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0378 (The pam_console PAM module in Linux systems performs a chown on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0377 (The Remote Registry server in Windows NT 4.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0376 (Buffer overflow in the HTTP proxy server for the i-drive Filo software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0375 (The kernel in FreeBSD 3.2 follows symbolic links when it creates core ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0374 (The default configuration of kdm in Caldera and Mandrake Linux, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0373 (Vulnerabilities in the KDE kvt terminal program allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0372 (Vulnerability in Caldera rmt command in the dump package 0.4b4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0371 (The libmediatool library used for the KDE mediatool allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0370 (The debug option in Caldera Linux smail allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0369 (The IDENT server in Caldera Linux 2.3 creates multiple threads for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0368 (Classic Cisco IOS 9.1 and later allows attackers with access to the ...)
	NOT-FOR-US: Cisco
CVE-2000-0367 (Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0366 (dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0363 (Linux cdwtools 093 and earlier allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0362 (Buffer overflows in Linux cdwtools 093 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0361 (The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0360 (Buffer overflow in INN 2.2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0359 (Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0356 (Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0354 (mirror 2.8.x in Linux systems allows remote attackers to create files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0353 (Pine 4.x allows a remote attacker to execute arbitrary commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0352 (Pine before version 4.21 does not properly filter shell metacharacters ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0351 (Some packaging commands in SCO UnixWare 7.1.0 have insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0350 (A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0349 (Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0348 (A vulnerability in the Sendmail configuration file sendmail.cf as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0347 (Windows 95 and Windows 98 allow a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0346 (AppleShare IP 6.1 and later allows a remote attacker to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0344 (The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0342 (Eudora 4.x allows remote attackers to bypass the user warning for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0341 (ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0340 (Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0339 (ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0338 (Concurrent Versions Software (CVS) uses predictable temporary file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0337 (Buffer overflow in Xsun X server in Solaris 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0336 (Linux OpenLDAP server allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0335 (The resolver in glibc 2.1.3 uses predictable IDs, which allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0334 (The Allaire Spectra container editor preview tool does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0332 (UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0331 (Buffer overflow in Microsoft command processor (CMD.EXE) for Windows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0330 (The networking software in Windows 95 and Windows 98 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0329 (A Microsoft ActiveX control allows a remote attacker to execute a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0328 (Windows NT 4.0 generates predictable random TCP initial sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0327 (Microsoft Virtual Machine (VM) allows remote attackers to escape the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0324 (pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0323 (The Microsoft Jet database engine allows an attacker to modify text ...)
	NOT-FOR-US: Microsoft
CVE-2000-0322 (The passwd.php3 CGI script in the Red Hat Piranha Virtual Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0320 (Qpopper 2.53 and 3.0 does not properly identify the \n string which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0319 (mail.local in Sendmail 8.10.x does not properly identify the .\n ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0318 (Atrium Mercur Mail Server 3.2 allows local attackers to read other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0316 (Buffer overflow in Solaris 7 lp allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0315 (traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0314 (traceroute in NetBSD 1.3.3 and Linux systems allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0313 (Vulnerability in OpenBSD 2.6 allows a local user to change interface ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0311 (The Windows 2000 domain controller allows a malicious user to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0310 (IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0309 (The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0308 (Insecure file permissions for Netscape FastTrack Server 2.x, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0307 (Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0306 (Buffer overflow in calserver in SCO OpenServer allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0305 (Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0304 (Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory ...)
	NOT-FOR-US: Microsoft
CVE-2000-0303 (Quake3 Arena allows malicious server operators to read or modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0302 (Microsoft Index Server allows remote attackers to view the source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0301 (Ipswitch IMAIL server 6.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0298 (The unattended installation of Windows 2000 with the OEMPreinstall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0297 (Allaire Forums 2.0.5 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0296 (fcheck allows local users to gain privileges by embedding shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0294 (Buffer overflow in healthd for FreeBSD allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0292 (The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0290 (Buffer overflow in Webstar HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0289 (IP masquerading in Linux 2.2.x allows remote attackers to route UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0287 (The BizDB CGI script bizdb-search.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0285 (Buffer overflow in XFree86 3.3.x allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0283 (The default installation of IRIX Performance Copilot allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0282 (TalentSoft webpsvr daemon in the Web+ shopping cart application allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0279 (BeOS allows remote attackers to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0278 (The SalesLogix Eviewer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0277 (Microsoft Excel 97 and 2000 does not warn the user when executing ...)
	NOT-FOR-US: Microsoft
CVE-2000-0276 (BeOS 4.5 and 5.0 allow local users to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0274 (The Linux trustees kernel patch allows attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0273 (PCAnywhere allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0272 (RealNetworks RealServer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0268 (Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Cisco
CVE-2000-0267 (Cisco Catalyst 5.4.x allows a user to gain access to the &quot;enable&quot; mode ...)
	NOT-FOR-US: Cisco
CVE-2000-0265 (Panda Security 3.0 allows users to uninstall the Panda software via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0264 (Panda Security 3.0 with registry editing disabled allows users to edit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0263 (The X font server xfs in Red Hat Linux 6.x allows an attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0262 (The AVM KEN! ISDN Proxy server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0261 (The AVM KEN! web server allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0260 (Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0258 (IIS 4.0 and 5.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Microsoft
CVE-2000-0257 (Buffer overflow in the NetWare remote web administration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0255 (The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0254 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0253 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0252 (The dansie shopping cart application cart.pl allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0251 (HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0249 (The AIX Fast Response Cache Accelerator (FRCA) allows local users to ...)
	NOT-FOR-US: AIX
CVE-2000-0247 (Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0246 (IIS 4.0 and 5.0 does not properly perform ISAPI extension processing ...)
	NOT-FOR-US: Microsoft
CVE-2000-0245 (Vulnerability in SGI IRIX objectserver daemon allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0243 (AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0240 (vqSoft vqServer program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0238 (Buffer overflow in the web server for Norton AntiVirus for Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0237 (Netscape Enterprise Server with Web Publishing enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0236 (Netscape Enterprise Server with Directory Indexing enabled allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0235 (Buffer overflow in the huh program in the orville-write package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0234 (The default configuration of Cobalt RaQ2 and RaQ3 as specified in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0233 (SuSE Linux IMAP server allows remote attackers to bypass IMAP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0232 (Microsoft TCP/IP Printing Services, aka Print Services for Unix, ...)
	NOT-FOR-US: Microsoft
CVE-2000-0231 (Linux kreatecd trusts a user-supplied path that is used to find the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0230 (Buffer overflow in imwheel allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0229 (gpm-root in the gpm package does not properly drop privileges, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0228 (Microsoft Windows Media License Manager allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2000-0226 (IIS 4.0 allows attackers to cause a denial of service by requesting a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0225 (The Pocsag POC32 program does not properly prevent remote users from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0224 (ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0223 (Buffer overflow in the wmcdplay CD player program for the WindowMaker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0222 (The installation for Windows 2000 does not activate the Administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0221 (The Nautica Marlin bridge allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0218 (Buffer overflow in Linux mount and umount allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0217 (The default configuration of SSH allows X forwarding, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0215 (Vulnerability in SCO cu program in UnixWare 7.x allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0212 (InterAccess TelnetD Server 4.0 allows remote attackers to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0211 (The Windows Media server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0210 (The lit program in Sun Flex License Manager (FlexLM) follows symlinks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0209 (Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0208 (The htdig (ht://Dig) CGI program htsearch allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0207 (SGI InfoSearch CGI program infosrch.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0206 (The installation of Oracle 8.1.5.x on Linux follows symlinks and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0202 (Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow ...)
	NOT-FOR-US: Microsoft
CVE-2000-0201 (The window.showHelp() method in Internet Explorer 5.x does not ...)
	NOT-FOR-US: Microsoft
CVE-2000-0200 (Buffer overflow in Microsoft Clip Art Gallery allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0196 (Buffer overflow in mhshow in the Linux nmh package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0195 (setxconf in Corel Linux allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0194 (buildxconf in Corel Linux allows local users to modify or create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0193 (The default configuration of Dosemu in Corel Linux 1.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0192 (The default installation of Caldera OpenLinux 2.3 includes the CGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0191 (Axis StorPoint CD allows remote attackers to access administrator URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0189 (ColdFusion Server 4.x allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0186 (Buffer overflow in the dump utility in the Linux ext2fs backup package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0185 (RealMedia RealServer reveals the real IP address of a Real Server, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0184 (Linux printtool sets the permissions of printer configuration files to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0183 (Buffer overflow in ircII 4.4 IRC client allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0182 (iPlanet Web Server 4.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0181 (Firewall-1 3.0 and 4.0 leaks packets with private IP address ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0180 (Sojourn search engine allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0179 (HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0178 (ServerIron switches by Foundry Networks have predictable TCP/IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0175 (Buffer overflow in StarOffice StarScheduler web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0174 (StarOffice StarScheduler web server allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0172 (The mtr program only uses a seteuid call when attempting to drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0171 (atsadc in the atsar package for Linux does not properly check the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0170 (Buffer overflow in the man program in Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0169 (Batch files in the Oracle web listener ows-bin directory allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0168 (Microsoft Windows 9x operating systems allow an attacker to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2000-0166 (Buffer overflow in the InterAccess telnet server TelnetD allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0165 (The Delegate application proxy has several buffer overflows which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0164 (The installation of Sun Internet Mail Server (SIMS) creates a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0162 (The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0161 (Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not ...)
	NOT-FOR-US: Microsoft
CVE-2000-0159 (HP Ignite-UX does not save /etc/passwd when it creates an image of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0157 (NetBSD ptrace call on VAX allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0156 (Internet Explorer 4.x and 5.x allows remote web servers to access ...)
	NOT-FOR-US: Microsoft
CVE-2000-0152 (Remote attackers can cause a denial of service in Novell BorderManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0150 (Check Point Firewall-1 allows remote attackers to bypass port access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0149 (Zeus web server allows remote attackers to view the source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0148 (MySQL 3.22 allows remote attackers to bypass password authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0146 (The Java Server in the Novell GroupWise Web Access Enhancement Pack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0145 (The libguile.so library file used by gnucash in Debian GNU/Linux is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0144 (Axis 700 Network Scanner does not properly restrict access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0141 (Infopop Ultimate Bulletin Board (UBB) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0140 (Internet Anywhere POP3 Mail Server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0139 (Internet Anywhere POP3 Mail Server allows local users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0131 (Buffer overflow in War FTPd 1.6x allows users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0130 (Buffer overflow in SCO scohelp program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0128 (The Finger Server 0.82 allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0127 (The Webspeed configuration program does not properly disable access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0121 (The Recycle Bin utility in Windows NT and Windows 2000 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0120 (The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0117 (The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0116 (Firewall-1 does not properly filter script tags, which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0113 (The SyGate Remote Management program does not properly restrict access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0112 (The default installation of Debian GNU/Linux uses an insecure Master ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0111 (The RightFax web client uses predictable session numbers, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0107 (Linux apcd program allows local attackers to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0100 (The SMS Remote Control program is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0099 (Buffer overflow in UnixWare ppptalk command allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0098 (Microsoft Index Server allows remote attackers to determine the real ...)
	NOT-FOR-US: Microsoft
CVE-2000-0097 (The WebHits ISAPI filter in Microsoft Index Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0095 (The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0094 (procfs in BSD systems allows local users to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0092 (The BSD make program allows local users to modify files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0091 (Buffer overflow in vchkpw/vpopmail POP authentication package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0090 (VMWare 1.1.2 allows local users to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0089 (The rdisk utility in Microsoft Terminal Server Edition and Windows NT ...)
	NOT-FOR-US: Microsoft
CVE-2000-0088 (Buffer overflow in the conversion utilities for Japanese, Korean and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0087 (Netscape Mail Notification (nsnotify) utility in Netscape Communicator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0083 (HP asecure creates the Audio Security File audio.sec with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0080 (AIX techlibss allows local users to overwrite files via a symlink ...)
	NOT-FOR-US: AIX
CVE-2000-0076 (nviboot boot script in the Debian nvi package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0075 (Super Mail Transfer Package (SMTP), later called MsgCore, has a memory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0073 (Buffer overflow in Microsoft Rich Text Format (RTF) reader allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0072 (Visual Casel (Vcasel) does not properly prevent users from executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0070 (NtImpersonateClientOfPort local procedure call in Windows NT 4.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0065 (Buffer overflow in InetServ 3.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0064 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0063 (cgiproc CGI script in Nortel Contivity HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0062 (The DTML implementation in the Z Object Publishing Environment (Zope) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0060 (Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0057 (Cold Fusion CFCACHE tag places temporary cache files within the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0056 (IMail IMONITOR status.cgi CGI script allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0053 (Microsoft Commercial Internet System (MCIS) IMAP server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0052 (Red Hat userhelper program in the usermode package allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0051 (The Allaire Spectra Configuration Wizard allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0050 (The Allaire Spectra Webtop allows authenticated users to access other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0048 (get_it program in Corel Linux Update allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0045 (MySQL allows local users to modify passwords for arbitrary MySQL users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0044 (Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0043 (Buffer overflow in CamShot WebCam HTTP server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0042 (Buffer overflow in CSM mail server allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0041 (Macintosh systems generate large ICMP datagrams in response to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0040 (glFtpD allows local users to gain privileges via metacharacters in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0039 (AltaVista search engine allows remote attackers to read files above ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0037 (Majordomo wrapper allows local users to gain privileges by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0036 (Outlook Express 5 for Macintosh downloads attachments to HTML mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0034 (Netscape 4.7 records user passwords in the preferences.js file during ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0033 (InterScan VirusWall SMTP scanner does not properly scan messages with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0032 (Solaris dmi_cmd allows local users to crash the dmispd daemon by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0031 (The initscripts package in Red Hat Linux allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0030 (Solaris dmispd dmi_cmd allows local users to fill up restricted disk ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0029 (UnixWare pis and mkpis commands allow local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0027 (IBM Network Station Manager NetStation allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0026 (Buffer overflow in UnixWare i2odialogd daemon allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0025 (IIS 4.0 and Site Server 3.0 allow remote attackers to read source code ...)
	NOT-FOR-US: Microsoft
CVE-2000-0024 (IIS does not properly canonicalize URLs, potentially allowing remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0023 (Buffer overflow in Lotus Domino HTTP server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0022 (Lotus Domino HTTP server does not properly disable anonymous access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0020 (DNS PRO allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0018 (wmmon in FreeBSD allows local users to gain privileges via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0015 (CascadeView TFTP server allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0014 (Denial of service in Savant web server via a null character in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0013 (IRIX soundplayer program allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0012 (Buffer overflow in w3-msql CGI program in miniSQL package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0011 (Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0010 (WebWho+ whois.cgi program allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0009 (The bna_pass program in Optivity NETarchitect uses the PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0007 (Trend Micro PC-Cillin does not restrict access to its internal proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0006 (strace allows local users to read arbitrary files via memory mapped ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0004 (ZBServer Pro allows remote attackers to read source code for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0003 (Buffer overflow in UnixWare rtpm program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0002 (Buffer overflow in ZBServer Pro 1.50 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0001 (RealMedia server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1568 (Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1565 (Man2html 2.1 and earlier allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1556 (Microsoft SQL Server 6.5 uses weak encryption for the password for the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1550 (bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1542 (RPMMail before 1.4 allows remote attackers to execute commands via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1537 (IIS 3.x and 4.x does not distinguish between pages requiring ...)
	NOT-FOR-US: Microsoft
CVE-1999-1535 (Buffer overflow in AspUpload.dll in Persits Software AspUpload before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1531 (Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1530 (cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1520 (A configuration problem in the Ad Server Sample directory (AdSamples) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1512 (The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1507 (Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1494 (colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1490 (xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1488 (sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1486 (sadc in IBM AIX 4.1 through 4.3, when called from programs such as ...)
	NOT-FOR-US: AIX
CVE-1999-1481 (Squid 2.2.STABLE5 and below, when using external authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1478 (The Sun HotSpot Performance Engine VM allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1476 (A bug in Intel Pentium processor (MMX and Overdrive) allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1473 (When a Web site redirects the browser to another site, Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1472 (Internet Explorer 4.0 allows remote attackers to read arbitrary text ...)
	NOT-FOR-US: Microsoft
CVE-1999-1468 (rdist in various UNIX systems uses popen to execute sendmail, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1456 (thttpd HTTP server 2.03 and earlier allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1455 (RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1452 (GINA in Windows NT 4.0 allows attackers with physical access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1437 (ePerl 2.2.12 allows remote attackers to read arbitrary files and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1433 (HP JetAdmin D.01.09 on Solaris allows local users to change the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1432 (Power management (Powermanagement) on Solaris 2.4 through 2.6 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1423 (ping in Solaris 2.3 through 2.6 allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1419 (Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1414 (IBM Netfinity Remote Control allows local users to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1411 (The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1409 (The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1407 (ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1402 (The access permissions for a UNIX domain socket are ignored in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1397 (Index Server 2.0 on IIS 4.0 stores physical path information in the ...)
	NOT-FOR-US: Microsoft
CVE-1999-1386 (Perl 5.004_04 and earlier follows symbolic links when running with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1385 (Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1384 (Indigo Magic System Tour in the SGI system tour package (systour) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1382 (NetWare NFS mode 1 and 2 implements the &quot;Read Only&quot; flag in Unix by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1380 (Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1379 (DNS allows remote attackers to use DNS name servers as traffic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1365 (Windows NT searches a user's home directory (%systemroot% by default) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1363 (Windows NT 3.51 and 4.0 allow local users to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1362 (Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1360 (Windows NT 4.0 allows local users to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1359 (When the Ntconfig.pol file is used on a server whose name is longer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1358 (When an administrator in Windows NT or Windows 2000 changes a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1356 (Compaq Integration Maintenance Utility as used in Compaq Insight ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1351 (Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1341 (Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1339 (Vulnerability when Network Address Translation (NAT) is enabled in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1337 (FTP client in Midnight Commander (mc) before 4.5.11 stores usernames ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1336 (3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1335 (snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1333 (automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1332 (gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows ...)
	{DSA-308}
	- gzip 1.3.5-6
CVE-1999-1331 (netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1330 (The snprintf function in the db library 1.85.4 ignores the size ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1329 (Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1328 (linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1327 (Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1326 (wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1325 (SAS System 5.18 on VAX/VMS is installed with insecure permissions for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1324 (VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1321 (Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1320 (Vulnerability in Novell NetWare 3.x and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1318 (/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1317 (Windows NT 4.0 SP4 and earlier allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1316 (Passfilt.dll in Windows NT SP2 allows users to create a password that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1309 (Sendmail before 8.6.7 allows local users to gain root access via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1301 (A design flaw in the Z-Modem protocol allows the remote sender of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1298 (Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1297 (cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1294 (Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1290 (Buffer overflow in nftp FTP client version 1.40 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1288 (Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1284 (NukeNabber allows remote attackers to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1279 (An interaction between the AS/400 shared folders feature and Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-1276 (fte-console in the fte package before 0.46b-4.1 does not drop root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1263 (Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1262 (Java in Netscape 4.5 does not properly restrict applets from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1259 (Microsoft Office 98, Macintosh Edition, does not properly initialize ...)
	NOT-FOR-US: Microsoft
CVE-1999-1258 (rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1249 (movemail in HP-UX 10.20 has insecure permissions, which allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1246 (Direct Mailer feature in Microsoft Site Server 3.0 saves user domain ...)
	NOT-FOR-US: Microsoft
CVE-1999-1243 (SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1233 (IIS 4.0 does not properly restrict access for the initial session ...)
	NOT-FOR-US: Microsoft
CVE-1999-1226 (Netscape Communicator 4.7 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1223 (IIS 3.0 allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1222 (Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1217 (The PATH in Windows NT includes the current working directory (.), ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1215 (LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1214 (The asynchronous I/O facility in 4.4 BSD kernel does not check user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1209 (Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1208 (Buffer overflow in ping in AIX 4.2 and earlier allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-1205 (nettune in HP-UX 10.01 and 10.00 is installed setuid root, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1204 (Check Point Firewall-1 does not properly handle certain restricted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1203 (Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1201 (Windows 95 and Windows 98 systems, when configured with multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1199 (Apache WWW server 1.3.1 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1198 (BuildDisk program on NeXT systems before 2.0 does not prompt users for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1197 (TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1194 (chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1193 (The &quot;me&quot; user in NeXT NeXTstep 2.1 and earlier has wheel group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1192 (Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1191 (Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1189 (Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1188 (mysqld in MySQL 3.21 creates log files with world-readable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1181 (Vulnerability in On-Line Customer Registration software for IRIX 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1177 (Directory traversal vulnerability in nph-publish before 1.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1175 (Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS ...)
	NOT-FOR-US: Cisco
CVE-1999-1167 (Cross-site scripting vulnerability in Third Voice Web annotation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1163 (Vulnerability in HP Series 800 S/X/V Class servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1162 (Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1161 (Vulnerability in ppl in HP-UX 10.x and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1160 (Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1159 (SSH 2.0.11 and earlier allows local users to request remote forwarding ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1157 (Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1156 (BisonWare FTP Server 4.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1148 (FTP service in IIS 4.0 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1147 (Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1146 (Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1145 (Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1144 (Certain files in MPower in HP-UX 10.x are installed with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1143 (Vulnerability in runtime linker program rld in SGI IRIX 6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1142 (SunOS 4.1.2 and earlier allows local users to gain privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1140 (Buffer overflow in CrackLib 2.5 may allow local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1139 (Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1138 (SCO UNIX System V/386 Release 3.2, and other SCO products, installs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1137 (The permissions for the /dev/audio device on Solaris 2.2 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1136 (Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1132 (Windows NT 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1131 (Buffer overflow in OSF Distributed Computing Environment (DCE) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1127 (Windows NT 4.0 does not properly shut down invalid named pipe RPC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1122 (Vulnerability in restore in SunOS 4.0.3 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1121 (The default configuration for UUCP in AIX before 3.2 allows local ...)
	NOT-FOR-US: AIX
CVE-1999-1120 (netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1119 (FTP installation script anon.ftp in AIX insecurely configures ...)
	NOT-FOR-US: AIX
CVE-1999-1118 (ndd in Solaris 2.6 allows local users to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1117 (lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files ...)
	NOT-FOR-US: AIX
CVE-1999-1116 (Vulnerability in runpriv in Indigo Magic System Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1115 (Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1114 (Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1111 (Vulnerability in StackGuard before 1.21 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1109 (Sendmail before 8.10.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1105 (Windows 95, when Remote Administration and File Sharing for NetWare ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1104 (Windows 95 uses weak encryption for the password list (.pwl) file used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1103 (dxconsole in DEC OSF/1 3.2C and earlier allows local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1102 (lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1100 (Cisco PIX Private Link 4.1.6 and earlier does not properly process ...)
	NOT-FOR-US: Cisco
CVE-1999-1099 (Kerberos 4 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1098 (Vulnerability in BSD Telnet client with encryption and Kerberos 4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1094 (Buffer overflow in Internet Explorer 4.01 and earlier allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1093 (Buffer overflow in the Window.External function in the JScript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1090 (The default configuration of NCSA Telnet package for Macintosh and PC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1087 (Internet Explorer 4 treats a 32-bit number (&quot;dotless IP address&quot;) in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1085 (SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1080 (rmmount in SunOS 5.7 may mount file systems without the nosuid flag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1074 (Webmin before 0.5 does not restrict the number of invalid passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1059 (Vulnerability in rexec daemon (rexecd) in AT&amp;T TCP/IP 4.0 for various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1057 (VMS 4.0 through 5.3 allows local users to gain privileges via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1055 (Microsoft Excel 97 does not warn the user before executing worksheet ...)
	NOT-FOR-US: Microsoft
CVE-1999-1048 (Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1047 (When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1045 (pnserver in RealServer 5.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1044 (Vulnerability in Advanced File System Utility (advfs) in Digital UNIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1037 (rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1035 (IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-1034 (Vulnerability in login in AT&amp;T System V Release 4 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1032 (Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1028 (Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1027 (Solaris 2.6 HW3/98 installs admintool with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1021 (NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1019 (SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1014 (Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1011 (The Remote Data Service (RDS) DataFactory component of Microsoft Data ...)
	NOT-FOR-US: Microsoft
CVE-1999-1010 (An SSH 1.2.27 server allows a client to use the &quot;none&quot; cipher, even if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1008 (xsoldier program allows local users to gain root access via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1007 (Buffer overflow in VDO Live Player allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1005 (Groupwise web server GWWEB.EXE allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1004 (Buffer overflow in the POP server POProxy for the Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1001 (Cisco Cache Engine allows a remote attacker to gain access via a null ...)
	NOT-FOR-US: Cisco
CVE-1999-1000 (The web administration interface for Cisco Cache Engine allows remote ...)
	NOT-FOR-US: Cisco
CVE-1999-0999 (Microsoft SQL 7.0 server allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-0998 (Cisco Cache Engine allows an attacker to replace content in the cache. ...)
	NOT-FOR-US: Cisco
CVE-1999-0997 (wu-ftp with FTP conversion enabled allows an attacker to execute ...)
	{DSA-377}
	- wu-ftpd 2.6.2-15
CVE-1999-0996 (Buffer overflow in Infoseek Ultraseek search engine allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0995 (Windows NT Local Security Authority (LSA) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0994 (Windows NT with SYSKEY reuses the keystream that is used for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0992 (HP VirtualVault with the PHSS_17692 patch allows unprivileged ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0991 (Buffer overflow in GoodTech Telnet Server NT allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0989 (Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) ...)
	NOT-FOR-US: Microsoft
CVE-1999-0987 (Windows NT does not properly download a system policy if the domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0986 (The ping command in Linux 2.0.3x allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0982 (The Sun Web-Based Enterprise Management (WBEM) installation script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0981 (Internet Explorer 5.01 and earlier allows a remote attacker to create ...)
	NOT-FOR-US: Microsoft
CVE-1999-0980 (Windows NT Service Control Manager (SCM) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0979 (The SCO UnixWare privileged process system allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0978 (htdig allows remote attackers to execute commands via filenames with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0977 (Buffer overflow in Solaris sadmind allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0976 (Sendmail allows local users to reinitialize the aliases database via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0975 (The Windows help system can allow a local user to execute commands as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0974 (Buffer overflow in Solaris snoop allows remote attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0973 (Buffer overflow in Solaris snoop program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0972 (Buffer overflow in Xshipwars xsw program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0971 (Buffer overflow in Exim allows local users to gain root privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0969 (The Windows NT RPC service allows remote attackers to conduct a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0968 (Buffer overflow in BNC IRC proxy allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0967 (Buffer overflow in the HTML library used by Internet Explorer, Outlook ...)
	NOT-FOR-US: Microsoft
CVE-1999-0966 (Buffer overflow in Solaris getopt in libc allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0965 (Race condition in xterm allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0964 (Buffer overflow in FreeBSD setlocale in the libc module allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0963 (FreeBSD mount_union command allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0962 (Buffer overflow in HPUX passwd command allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0961 (HPUX sysdiag allows local users to gain root privileges via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0960 (IRIX cdplayer allows local users to create directories in arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0959 (IRIX startmidi program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0958 (sudo 1.5.x allows local users to execute arbitrary commands via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0957 (MajorCool mj_key_cache program allows local users to modify files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0956 (The NeXT NetInfo _writers property allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0955 (Race condition in wu-ftpd and BSDI ftpd allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0954 (WWWBoard has a default username and default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0953 (WWWBoard stores encrypted passwords in a password file that is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0951 (Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0950 (Buffer overflow in WFTPD FTP server allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0947 (AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0946 (Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0945 (Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange ...)
	NOT-FOR-US: Microsoft
CVE-1999-0943 (Buffer overflow in OpenLink 3.2 allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0942 (UnixWare dos7utils allows a local user to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0940 (Buffer overflow in mutt mail client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0939 (Denial of service in Debian IRC Epic/epic4 client via a long string. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0938 (MBone SDR Package allows remote attackers to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0937 (BNBForm allows remote attackers to read arbitrary files via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0936 (BNBSurvey survey.cgi program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0935 (classifieds.cgi allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0934 (classifieds.cgi allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0933 (TeamTrack web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0932 (Mediahouse Statistics Server allows remote attackers to read the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0931 (Buffer overflow in Mediahouse Statistics Server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0930 (wwwboard allows a remote attacker to delete message board articles via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0928 (Buffer overflow in SmartDesk WebSuite allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0927 (NTMail allows remote attackers to read arbitrary files via a .. (dot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0924 (The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0922 (An example application in ColdFusion Server 4.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0921 (BMC Patrol allows any remote attacker to flood its UDP port, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0920 (Buffer overflow in the pop-2d POP daemon in the IMAP package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0918 (Denial of service in various Windows systems via malformed, fragmented ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0917 (The Preloader ActiveX control used by Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0916 (WebTrends software stores account names and passwords in a file which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0915 (URL Live! web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0914 (Buffer overflow in the FTP client in the Debian GNU/Linux netstd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0912 (FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0909 (Multihomed Windows systems allow a remote attacker to bypass IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0908 (Denial of service in Solaris TCP streams driver via a malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0907 (sccw allows local users to read arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0906 (Buffer overflow in sccw allows local users to gain root access via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0905 (Denial of service in Axent Raptor firewall via malformed zero-length ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0904 (Buffer overflow in BFTelnet allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0903 (genfilt in the AIX Packet Filtering Module does not properly filter ...)
	NOT-FOR-US: AIX
CVE-1999-0902 (ypserv allows local administrators to modify password tables. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0901 (ypserv allows a local user to modify the GECOS and login shells ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0900 (Buffer overflow in rpc.yppasswdd allows a local user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0899 (The Windows NT 4.0 print spooler allows a local user to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0898 (Buffer overflows in Windows NT 4.0 print spooler allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0897 (iChat ROOMS Webserver allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0896 (Buffer overflow in RealNetworks RealServer administration utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0895 (Firewall-1 does not properly restrict access to LDAP attributes. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0894 (Red Hat Linux screen program does not use Unix98 ptys, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0893 (userOsa in SCO OpenServer allows local users to corrupt files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0892 (Buffer overflow in Netscape Communicator before 4.7 via a dynamic font ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0891 (The &quot;download behavior&quot; in Internet Explorer 5 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0890 (iHTML Merchant allows remote attackers to obtain sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0889 (Cisco 675 routers running CBOS allow remote attackers to establish ...)
	NOT-FOR-US: Cisco
CVE-1999-0888 (dbsnmp in Oracle Intelligent Agent allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0887 (FTGate web interface server allows remote attackers to read files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0886 (The security descriptor for RASMAN allows users to point to an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0884 (The Zeus web server administrative interface uses weak encryption for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0883 (Zeus web server allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0881 (Falcon web server allows remote attackers to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0880 (Denial of service in WU-FTPD via the SITE NEWER command, which does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0879 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0878 (Buffer overflow in WU-FTPD and related FTP servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0877 (Internet Explorer 5 allows remote attackers to read files via an ...)
	NOT-FOR-US: Microsoft
CVE-1999-0876 (Buffer overflow in Internet Explorer 4.0 via EMBED tag. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0875 (DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0874 (Buffer overflow in IIS 4.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-1999-0873 (Buffer overflow in Skyfull mail server via MAIL FROM command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0871 (Internet Explorer 4.0 and 4.01 allow a remote attacker to read files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0870 (Internet Explorer 4.01 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0869 (Internet Explorer 3.x to 4.01 allows a remote attacker to insert ...)
	NOT-FOR-US: Microsoft
CVE-1999-0868 (ucbmail allows remote attackers to execute commands via shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0867 (Denial of service in IIS 4.0 via a flood of HTTP requests with ...)
	NOT-FOR-US: Microsoft
CVE-1999-0866 (Buffer overflow in UnixWare xauto program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0865 (Buffer overflow in CommuniGatePro via a long string to the HTTP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0864 (UnixWare programs that dump core allow a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0861 (Race condition in the SSL ISAPI filter in IIS and other servers may ...)
	NOT-FOR-US: Microsoft
CVE-1999-0859 (Solaris arp allows local users to read files via the -f parameter, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0858 (Internet Explorer 5 allows a remote attacker to modify the IE client's ...)
	NOT-FOR-US: Microsoft
CVE-1999-0856 (login in Slackware 7.0 allows remote attackers to identify valid users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0854 (Ultimate Bulletin Board stores data files in the cgi-bin directory, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0853 (Buffer overflow in Netscape Enterprise Server and Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0851 (Denial of service in BIND named via naptr. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0849 (Denial of service in BIND named via maxdname. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0848 (Denial of service in BIND named via consuming more than &quot;fdmax&quot; file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0847 (Buffer overflow in free internet chess server (FICS) program, xboard. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0842 (Symantec Mail-Gear 1.0 web interface server allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0839 (Windows NT Task Scheduler installed with Internet Explorer 5 allows a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0838 (Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0837 (Denial of service in BIND by improperly closing TCP sessions via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0836 (UnixWare uidadmin allows local users to modify arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0835 (Denial of service in BIND named via malformed SIG records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0834 (Buffer overflow in RSAREF2 via the encryption and decryption functions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0833 (Buffer overflow in BIND 8.2 via NXT records. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0832 (Buffer overflow in NFS server on Linux allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0831 (Denial of service in Linux syslogd via a large number of connections. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0826 (Buffer overflow in FreeBSD angband allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0824 (A Windows NT user can use SUBST to map a drive letter to a folder, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0823 (Buffer overflow in FreeBSD xmindpath allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0820 (FreeBSD seyon allows users to gain privileges via a modified PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0819 (NTMail does not disable the VRFY command, even if the administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0817 (Lynx WWW client allows a remote attacker to specify command-line ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0815 (Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0814 (Red Hat pump DHCP client allows remote attackers to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0813 (Cfingerd with ALLOW_EXECUTION enabled does not properly drop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0812 (Race condition in Samba smbmnt allows local users to mount file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0811 (Buffer overflow in Samba smbd program via a malformed message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0810 (Denial of service in Samba NETBIOS name service daemon (nmbd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0809 (Netscape Communicator 4.x with Javascript enabled does not warn a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0807 (The Netscape Directory Server installation procedure leaves sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0806 (Buffer overflow in Solaris dtprintinfo program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0804 (Denial of service in Linux 2.2.x kernels via malformed ICMP packets ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0803 (The fwluser script in AIX eNetwork Firewall allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0802 (Buffer overflow in Internet Explorer 5 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-1999-0801 (BMC Patrol allows remote attackers to gain access to an agent by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0800 (The GetFile.cfm file in Allaire Forums allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0799 (Buffer overflow in bootpd 2.4.3 and earlier via a long boot file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0797 (NIS finger allows an attacker to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0796 (FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0794 (Microsoft Excel does not warn a user when a macro is present in a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0793 (Internet Explorer allows remote attackers to read files by redirecting ...)
	NOT-FOR-US: Microsoft
CVE-1999-0791 (Hybrid Network cable modems do not include an authentication mechanism ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0790 (A remote attacker can read information from a Netscape user's cache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0789 (Buffer overflow in AIX ftpd in the libc library. ...)
	NOT-FOR-US: AIX
CVE-1999-0788 (Arkiea nlservd allows remote attackers to conduct a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0787 (The SSH authentication agent follows symlinks via a UNIX domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0786 (The dynamic linker in Solaris allows a local user to create arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0785 (The INN inndstart program allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0783 (FreeBSD allows local users to conduct a denial of service by creating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0782 (KDE kppp allows local users to create a directory in an arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0781 (KDE allows local users to execute arbitrary commands by setting the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0780 (KDE klock allows local users to kill arbitrary processes by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0779 (Denial of service in HP-UX SharedX recserv program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0778 (Buffer overflow in Xi Graphics Accelerated-X server allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0777 (IIS FTP servers may allow a remote attacker to read or delete files on ...)
	NOT-FOR-US: Microsoft
CVE-1999-0775 (Cisco Gigabit Switch routers running IOS allow remote attackers to ...)
	NOT-FOR-US: Cisco
CVE-1999-0774 (Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0773 (Buffer overflow in Solaris lpset program allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0772 (Denial of service in Compaq Management Agents and the Compaq Survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0771 (The web components of Compaq Management Agents and the Compaq Survey ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0770 (Firewall-1 sets a long timeout for connections that begin with ACK or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0769 (Vixie Cron on Linux systems allows local users to set parameters of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0768 (Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0766 (The Microsoft Java Virtual Machine allows a malicious Java applet to ...)
	NOT-FOR-US: Microsoft
CVE-1999-0765 (SGI IRIX midikeys program allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0764 (NetBSD allows ARP packets to overwrite static ARP entries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0763 (NetBSD on a multi-homed host allows ARP packets on one network to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0762 (When Javascript is embedded within the TITLE tag, Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0761 (Buffer overflow in FreeBSD fts library routines allows local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0760 (Undocumented ColdFusion Markup Language (CFML) tags and functions in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0759 (Buffer overflow in FuseMAIL POP service via long USER and PASS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0758 (Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0756 (ColdFusion Administrator with Advanced Security enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0755 (Windows NT RRAS and RAS clients cache a user's password even if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0754 (The INN inndstart program allows local users to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0753 (The w3-msql CGI script provided with Mini SQL allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0752 (Denial of service in Netscape Enterprise Server via a buffer overflow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0751 (Buffer overflow in Accept command in Netscape Enterprise Server 3.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0749 (Buffer overflow in Microsoft Telnet client in Windows 95 and Windows ...)
	NOT-FOR-US: Microsoft
CVE-1999-0747 (Denial of service in BSDi Symmetric Multiprocessing (SMP) when an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0746 (A default configuration of in.identd in SuSE Linux waits 120 seconds ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0745 (Buffer overflow in Source Code Browser Program Database Name Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0744 (Buffer overflow in Netscape Enterprise Server and FastTrask Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0743 (Trn allows local users to overwrite other users' files via symlinks. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0742 (The Debian mailman package uses weak authentication, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0740 (Remote attackers can cause a denial of service on Linux in.telnetd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0735 (KDE K-Mail allows local users to gain privileges via a symlink attack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0734 (A default configuration of CiscoSecure Access Control Server (ACS) ...)
	NOT-FOR-US: Cisco
CVE-1999-0733 (Buffer overflow in VMWare 1.0.1 for Linux via a long HOME ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0732 (The logging facility of the Debian smtp-refuser package allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0731 (The KDE klock program allows local users to unlock a session using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0730 (The zsoelim program in the Debian man-db package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0729 (Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0728 (A Windows NT user can disable the keyboard or mouse by directly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0727 (A kernel leak in the OpenBSD kernel allows IPsec packets to be sent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0726 (An attacker can conduct a denial of service in Windows NT by executing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0725 (When IIS is run with a default language of Chinese, Korean, or ...)
	NOT-FOR-US: Microsoft
CVE-1999-0724 (Buffer overflow in OpenBSD procfs and fdescfs file systems via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0723 (The Windows NT Client Server Runtime Subsystem (CSRSS) can be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0722 (The default configuration of Cobalt RaQ2 servers allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0721 (Denial of service in Windows NT Local Security Authority (LSA) through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0720 (The pt_chown command in Linux allows local users to modify TTY ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0719 (The Guile plugin for the Gnumeric spreadsheet package allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0718 (IBM GINA, when used for OS/2 domain authentication of Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0717 (A remote attacker can disable the virus warning mechanism in Microsoft ...)
	NOT-FOR-US: Microsoft
CVE-1999-0716 (Buffer overflow in Windows NT 4.0 help file utility via a malformed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0715 (Buffer overflow in Remote Access Service (RAS) client allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0714 (Vulnerability in Compaq Tru64 UNIX edauth command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0713 (The dtlogin program in Compaq Tru64 UNIX allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0711 (The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0710 (The Squid package in Red Hat Linux 5.2 and 6.0, and other ...)
	{DSA-576-1}
	- squid 2.5.7-1
CVE-1999-0708 (Buffer overflow in cfingerd allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0707 (The default FTP configuration in HP Visualize Conference allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0706 (Linux xmonisdn package allows local users to gain root privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0705 (Buffer overflow in INN inews program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0704 (Buffer overflow in Berkeley automounter daemon (amd) logging facility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0703 (OpenBSD, BSDI, and other Unix operating systems allow users to set ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0702 (Internet Explorer 5.0 and 5.01 allows remote attackers to modify or ...)
	NOT-FOR-US: Microsoft
CVE-1999-0701 (After an unattended installation of Windows NT 4.0, an installation ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0700 (Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed ...)
	NOT-FOR-US: Microsoft
CVE-1999-0699 (The Bluestone Sapphire web server allows session hijacking via easily ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0697 (SCO Doctor allows local users to gain root privileges through a Tools ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0696 (Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0695 (The Sybase PowerDynamo personal web server allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0694 (Denial of service in AIX ptrace system call allows local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0693 (Buffer overflow in TT_SESSION environment variable in ToolTalk shared ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0692 (The default configuration of the Array Services daemon (arrayd) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0691 (Buffer overflow in the AddSuLog function of the CDE dtaction utility ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0690 (HP CDE program includes the current directory in root's PATH variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0689 (The CDE dtspcd daemon allows local users to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0688 (Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0687 (The ToolTalk ttsession daemon uses weak RPC authentication, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0686 (Denial of service in Netscape Enterprise Server (NES) in HP Virtual ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0685 (Buffer overflow in Netscape Communicator via EMBED tags in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0683 (Denial of service in Gauntlet Firewall via a malformed ICMP packet. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0682 (Microsoft Exchange 5.5 allows a remote attacker to relay email ...)
	NOT-FOR-US: Microsoft
CVE-1999-0681 (Buffer overflow in Microsoft FrontPage Server Extensions (PWS) ...)
	NOT-FOR-US: Microsoft
CVE-1999-0680 (Windows NT Terminal Server performs extra work when a client opens a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0679 (Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0678 (A default configuration of Apache on Debian GNU/Linux sets the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0676 (sdtcm_convert in Solaris 2.6 allows a local user to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0675 (Check Point FireWall-1 can be subjected to a denial of service via UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0674 (The BSD profil system call allows a local user to modify the internal ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0672 (Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0671 (Buffer overflow in ToxSoft NextFTP client through CWD command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0668 (The scriptlet.typelib ActiveX control is marked as &quot;safe for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0628 (The rwho/rwhod service is running, which exposes machine status ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0627 (The rexd service is running, which uses weak authentication that can ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0626 (A version of rusers is running that exposes valid user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0612 (A version of finger is running that exposes valid user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0608 (An incorrect configuration of the PDG Shopping Cart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0566 (An attacker can write to syslog files from any location, causing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0551 (HP OpenMail can be misconfigured to allow users to run arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0526 (An X server's access control is disabled (e.g. through an &quot;xhost +&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0514 (UDP messages to broadcast addresses are allowed, allowing for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0513 (ICMP messages to broadcast addresses are allowed, allowing for a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0496 (A Windows NT 4.0 user can gain administrative rights by forcing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0494 (Denial of service in WinGate proxy through a buffer overflow in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0493 (rpc.statd allows remote attackers to forward RPC calls to the local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0491 (The prompt parsing in bash allows a local user to execute commands as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0487 (The DHTML Edit ActiveX control in Internet Explorer allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0485 (Remote attackers can cause a system crash through ipintr() in ipq in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0484 (Buffer overflow in OpenBSD ping. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0483 (OpenBSD crash using nlink value in FFS and EXT2FS filesystems. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0482 (OpenBSD kernel crash through TSS handling, as caused by the crashme ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0481 (Denial of service in &quot;poll&quot; in OpenBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0479 (Denial of service Netscape Enterprise Server with VirtualVault on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0478 (Denial of service in HP-UX sendmail 8.8.6 related to accepting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0475 (A race condition in how procmail handles .procmailrc files allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0474 (The ICQ Webserver allows remote attackers to use .. to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0473 (The rsync command before rsync 2.3.1 may inadvertently change the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0472 (The SNMP default community name &quot;public&quot; is not properly removed in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0471 (The remote proxy server in Winroute allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0470 (A weak encryption algorithm is used for passwords in Novell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0468 (Internet Explorer 5.0 allows a remote server to read arbitrary files ...)
	NOT-FOR-US: Microsoft
CVE-1999-0466 (The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0464 (Local users can perform a denial of service in Tripwire 1.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0463 (Remote attackers can perform a denial of service using IRIX fcagent. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0458 (L0phtcrack 2.5 used temporary files in the system TEMP directory which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0457 (Linux ftpwatch program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0449 (The ExAir sample site in IIS 4 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0448 (IIS 4.0 and Apache log HTTP request methods, regardless of how long ...)
	NOT-FOR-US: Microsoft
CVE-1999-0447 (Local users can gain privileges using the debug utility in the MPE/iX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0446 (Local users can perform a denial of service in NetBSD 1.3.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0445 (In Cisco routers under some versions of IOS 12.0 running NAT, some ...)
	NOT-FOR-US: Cisco
CVE-1999-0442 (Solaris ff.core allows local users to modify files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0441 (Remote attackers can perform a denial of service in WinGate machines ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0440 (The byte code verifier component of the Java Virtual Machine (JVM) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0439 (Buffer overflow in procmail before version 3.12 allows remote or local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0438 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0437 (Remote attackers can perform a denial of service in WebRamp systems by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0436 (Domain Enterprise Server Management System (DESMS) in HP-UX allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0433 (XFree86 startx command is vulnerable to a symlink attack, allowing local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0432 (ftp on HP-UX 11.00 allows local users to gain privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0430 (Cisco Catalyst LAN switches running Catalyst 5000 supervisor software ...)
	NOT-FOR-US: Cisco
CVE-1999-0429 (The Lotus Notes 4.5 client may send a copy of encrypted mail in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0428 (OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0425 (talkback in Netscape 4.5 allows a local user to kill an arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0424 (talkback in Netscape 4.5 allows a local user to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0423 (Vulnerability in hpterm on HP-UX 10.20 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0422 (In some cases, NetBSD 1.3.3 mount allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0421 (During a reboot after an installation of Linux Slackware 3.6, a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0420 (umapfs allows local users to gain root privileges by changing their ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0417 (64 bit Solaris 7 procfs allows local users to perform a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0416 (Vulnerability in Cisco 7xx series routers allows a remote attacker to ...)
	NOT-FOR-US: Cisco
CVE-1999-0415 (The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled ...)
	NOT-FOR-US: Cisco
CVE-1999-0414 (In Linux before version 2.0.36, remote attackers can spoof a TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0413 (A buffer overflow in the SGI X server allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0412 (In IIS and other web servers, an attacker can attack commands as ...)
	NOT-FOR-US: Microsoft
CVE-1999-0410 (The cancel command in Solaris 2.6 (i386) has a buffer overflow that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0409 (Buffer overflow in gnuplot in Linux version 3.5 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0408 (Files created from interactive shell sessions in Cobalt RaQ ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0407 (By default, IIS 4.0 has a virtual directory /IISADMPWD which contains ...)
	NOT-FOR-US: Microsoft
CVE-1999-0405 (A buffer overflow in lsof allows local users to obtain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0404 (Buffer overflow in the Mail-Max SMTP server for Windows systems allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0403 (A bug in Cyrix CPUs on Linux allows local users to perform a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0402 (wget 1.5.3 follows symlinks to change permissions of the target file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0396 (A race condition between the select() and accept() calls in NetBSD TCP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0395 (A race condition in the BackWeb Polite Agent Protocol allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0393 (Remote attackers can cause a denial of service in Sendmail 8.8.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0392 (Buffer overflow in Thomas Boutell's cgic library version up to 1.05. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0391 (The cryptographic challenge of SMB authentication in Windows 95 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0390 (Buffer overflow in Dosemu Slang library in Linux. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0388 (DataLynx suGuard trusts the PATH environment variable to execute the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0387 (A legacy credential caching mechanism used in Windows 95 and Windows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0386 (Microsoft Personal Web Server and FrontPage Personal Web Server in ...)
	NOT-FOR-US: Microsoft
CVE-1999-0385 (The LDAP bind function in Exchange 5.5 has a buffer overflow that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0384 (The Forms 2.0 ActiveX control (included with Visual Basic for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0383 (ACC Tigris allows public access without a login. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0382 (The screen saver in Windows NT does not verify that its security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0380 (SLMail 3.1 and 3.2 allows local users to access any file in the NTFS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0379 (Microsoft Taskpads allows remote web sites to execute commands on the ...)
	NOT-FOR-US: Microsoft
CVE-1999-0378 (InterScan VirusWall for Solaris doesn't scan files for viruses when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0377 (Process table attack in Unix systems allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0376 (Local users in Windows NT can obtain administrator privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0375 (Buffer overflow in webd in Network Flight Recorder (NFR) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0374 (Debian GNU/Linux cfengine package is susceptible to a symlink attack. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0373 (Buffer overflow in the &quot;Super&quot; utility in Debian GNU/Linux, and other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0372 (The installer for BackOffice Server includes account names and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0371 (Lynx allows a local user to overwrite sensitive files through /tmp ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0369 (The Sun sdtcm_convert calendar utility for OpenWindows has a buffer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0368 (Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0367 (NetBSD netstat command allows local users to access kernel memory. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0366 (In some cases, Service Pack 4 for Windows NT 4.0 can allow access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0365 (The metamail package allows remote command execution using shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0363 (SuSE 5.2 PLP lpc program has a buffer overflow that leads to root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0362 (WS_FTP server remote denial of service through cwd command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0358 (Digital Unix 4.0 has a buffer overflow in the inc program of the mh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0357 (Windows 98 and other operating systems allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0355 (Local or remote users can force ControlIT 4.5 to reboot or force a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0353 (rpc.pcnfsd in HP gives remote root access by changing the permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0351 (FTP PASV &quot;Pizza Thief&quot; denial of service and unauthorized data ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0350 (Race condition in the db_loader program in ClearCase gives local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0349 (A buffer overflow in the FTP list (ls) command in IIS allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0348 (IIS ASP caching problem releases sensitive information when two ...)
	NOT-FOR-US: Microsoft
CVE-1999-0346 (CGI PHP mlog script allows an attacker to read any file on the target ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0344 (NT users can gain debug-level access on a system process using the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0343 (A malicious Palace server can force a client to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0342 (Linux PAM modules allow local users to gain root access using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0341 (Buffer overflow in the Linux mail program &quot;deliver&quot; allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0340 (Buffer overflow in Linux Slackware crond program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0339 (Buffer overflow in the libauth library in Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0338 (AIX Licensed Program Product performance tools allow local users to ...)
	NOT-FOR-US: AIX
CVE-1999-0337 (AIX batch queue (bsh) allows local and remote users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0335 (DEPRECATED.  This entry has been deprecated.  It is a duplicate of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0334 (In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0332 (Buffer overflow in NetMeeting allows denial of service and remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0329 (SGI mediad program allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0328 (SGI permissions program allows local users to gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0327 (SGI syserr program allows local users to corrupt files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0326 (Vulnerability in HP-UX mediainit program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0325 (vhe_u_mnt program in HP-UX allows local users to create root files through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0324 (ppl program in HP-UX allows local users to create root files through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0323 (FreeBSD mmap function allows users to modify append-only or immutable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0322 (The open() function in FreeBSD allows local attackers to write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0321 (Buffer overflow in Solaris kcms_configure command allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0320 (SunOS rpc.cmsd allows attackers to obtain root access by overwriting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0318 (Buffer overflow in xmcd 2.0p12 allows local users to gain access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0316 (Buffer overflow in Linux splitvt command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0315 (Buffer overflow in Solaris fdformat command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0314 (ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0313 (disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0312 (HP ypbind allows attackers with root privileges to modify NIS data. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0311 (fpkg2swpk in HP-UX allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0310 (SSH 1.2.25 on HP-UX allows access to new user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0309 (HP-UX vgdisplay program gives root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0308 (HP-UX gwind program allows users to modify arbitrary files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0305 (The system configuration control (sysctl) facility in BSD based ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0304 (mmap function in BSD allows local attackers in the kmem group to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0303 (Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0302 (SunOS/Solaris FTP clients can be forced to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0301 (Buffer overflow in SunOS/Solaris ps command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0300 (nis_cachemgr for Solaris NIS+ allows attackers to add malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0299 (Buffer overflow in FreeBSD lpd through long DNS hostnames. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0297 (Buffer overflow in Vixie Cron library up to version 3.0 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0296 (Solaris volrmmount program allows attackers to read any file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0295 (Solaris sysdef command allows local users to read kernel memory, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0294 (All records in a WINS database can be deleted through SNMP for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0293 (AAA authentication on Cisco systems allows attackers to execute ...)
	NOT-FOR-US: Cisco
CVE-1999-0292 (Denial of service through Winpopup using large user names. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0291 (The WinGate proxy is installed without a password, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0290 (The WinGate telnet proxy allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0289 (The Apache web server for Win32 may provide access to restricted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0288 (The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0281 (Denial of service in IIS using long URLs. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0280 (Remote command execution in Microsoft Internet Explorer using .lnk and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0279 (Excite for Web Servers (EWS) allows remote command execution via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0278 (In IIS, remote attackers can obtain source code for ASP files by appending ...)
	NOT-FOR-US: Microsoft
CVE-1999-0277 (The WorkMan program can be used to overwrite any file to get root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0276 (mSQL v2.0.1 and below allows remote execution through a buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0275 (Denial of service in Windows NT DNS servers by flooding port 53 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0274 (Denial of service in Windows NT DNS servers through malicious packet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0273 (Denial of service through Solaris 2.5.1 telnet by sending ^D characters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0272 (Denial of service in Slmail v2.5 through the POP3 port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0270 (Directory traversal vulnerability in pfdispaly.cgi program (sometimes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0269 (Netscape Enterprise servers may list files through the PageServices query. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0268 (MetaInfo MetaWeb web server allows users to upload, execute, and read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0267 (Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0266 (The info2www CGI script allows remote file access or remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0265 (ICMP redirect messages may crash or lock up a host. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0264 (htmlscript CGI program allows remote read access to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0263 (Solaris SUNWadmap can be exploited to obtain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0262 (Hylafax faxsurvey CGI script on Linux allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0260 (The jj CGI program allows command execution via shell metacharacters. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0259 (cfingerd lists all users on a system via search.**@target. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0256 (Buffer overflow in War FTP allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0252 (Buffer overflow in listserv allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0251 (Denial of service in talk program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0248 (A race condition in the authentication agent mechanism of sshd 1.2.17 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0247 (Buffer overflow in nnrpd program in INN up to version 1.6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0245 (Some configurations of NIS+ in Linux allowed attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0244 (Livingston RADIUS code has a buffer overflow which can allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0239 (Netscape FastTrack Web server lists files when a lowercase &quot;get&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0237 (Remote execution of arbitrary commands through Guestbook CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0236 (ScriptAlias directory in NCSA and Apache httpd allowed attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0234 (Bash treats any character with a value of 255 as a command separator. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0233 (IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd ...)
	NOT-FOR-US: Microsoft
CVE-1999-0230 (Buffer overflow in Cisco 7xx routers through the telnet service. ...)
	NOT-FOR-US: Cisco
CVE-1999-0228 (Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0227 (Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0225 (Windows NT 4.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0224 (Denial of service in Windows NT messenger service through a long ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0223 (Solaris syslogd crashes when receiving a message from a host that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0221 (Denial of service of Ascend routers through port 150 (remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0219 (Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0218 (Livingston portmaster machines could be rebooted via a series ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0217 (Malicious option settings in UDP packets could force a reboot in SunOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0215 (Routed allows attackers to append data to files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0214 (Denial of service by sending forged ICMP unreachable packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0212 (Solaris rpc.mountd generates error messages that allow a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0211 (Extra long export lists over 256 characters in some mount daemons ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0210 (Automount daemon automountd allows local or remote users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0209 (The SunView (SunTools) selection_svc facility allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0208 (rpc.ypupdated (NIS) allows remote users to execute arbitrary commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0207 (Remote attacker can execute commands through Majordomo using the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0206 (MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0204 (Sendmail 8.6.9 allows remote attackers to execute root commands, using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0203 (In Sendmail, attackers can gain root privileges via SMTP by specifying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0202 (The GNU tar command, when used in FTP sessions, may allow an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0201 (A quote cwd command on FTP servers can reveal the full path of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0196 (websendmail in Webgais 1.0 allows a remote user to access arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0194 (Denial of service in in.comsat allows attackers to generate messages. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0192 (Buffer overflow in telnet daemon tgetent routing allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0191 (IIS newdsn.exe CGI script allows remote users to overwrite files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0190 (Solaris rpcbind can be exploited to overwrite arbitrary files and gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0189 (Solaris rpcbind listens on a high numbered UDP port, which may not be ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0188 (The passwd command in Solaris can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0185 (In SunOS or Solaris, a remote user could connect from an FTP server's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0184 (When compiled with the -DALLOW_UPDATES option, bind allows dynamic ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0183 (Linux implementations of TFTP would allow access to files outside the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0182 (Samba has a buffer overflow which allows a remote attacker to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0181 (The wall daemon can be used for denial of service, social engineering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0180 (in.rshd allows users to login with a NULL username and execute commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0179 (Windows NT crashes or locks up when a Samba client executes a &quot;cd ..&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0178 (Buffer overflow in the win-c-sample program (win-c-sample.exe) in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0177 (The uploader program in the WebSite web server allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0176 (The Webgais program allows a remote user to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0175 (The convert.bas program in the Novell web server allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0174 (The view-source CGI program allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0173 (FormMail CGI program can be used by web servers other than the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0172 (FormMail CGI program allows remote execution of commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0170 (Remote attackers can mount an NFS file system in Ultrix or OSF, even ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0168 (The portmapper may act as a proxy and redirect service requests from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0167 (In SunOS, NFS file handles could be guessed, giving unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0166 (NFS allows users to use a &quot;cd ..&quot; command to access other directories ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0164 (A race condition in the Solaris ps command allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0162 (The &quot;established&quot; keyword in some Cisco IOS software allowed ...)
	NOT-FOR-US: Cisco
CVE-1999-0161 (In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended ...)
	NOT-FOR-US: Cisco
CVE-1999-0160 (Some classic Cisco IOS devices have a vulnerability in the PPP CHAP ...)
	NOT-FOR-US: Cisco
CVE-1999-0159 (Attackers can crash a Cisco IOS router or device, provided they can ...)
	NOT-FOR-US: Cisco
CVE-1999-0158 (Cisco PIX firewall manager (PFM) on Windows NT allows attackers to ...)
	NOT-FOR-US: Cisco
CVE-1999-0157 (Cisco PIX firewall and CBAC IP fragmentation attack results in a ...)
	NOT-FOR-US: Cisco
CVE-1999-0155 (The ghostscript command with the -dSAFER option allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0153 (Windows 95/NT out of band (OOB) data denial of service through NETBIOS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0152 (The DG/UX finger daemon allows remote command execution through shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0151 (The SATAN session key may be disclosed if the user points the web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0150 (The Perl fingerd program allows arbitrary command execution from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0149 (The wrap CGI program in IRIX allows remote attackers to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0148 (The handler CGI program in IRIX allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0147 (The aglimpse CGI program of the Glimpse package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0146 (The campas CGI program provided with some NCSA web servers allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0145 (Sendmail WIZ command enabled, allowing root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0143 (Kerberos 4 key servers allow a user to masquerade as another by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0142 (The Java Applet Security Manager implementation in Netscape Navigator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0141 (Java Bytecode Verifier allows malicious applets to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0139 (Buffer overflow in Solaris x86 mkcookie allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0138 (The suidperl and sperl program do not give up root privileges when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0137 (The dip program on many Linux systems allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0136 (Kodak Color Management System (KCMS) on Solaris allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0135 (admintool in Solaris allows a local user to write to arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0134 (vold in Solaris 2.x allows local users to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0133 (fm_fls license server for Adobe Framemaker allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0132 (Expreserve, as used in vi and ex, allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0131 (Buffer overflow and denial of service in Sendmail 8.7.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0130 (Local users can start Sendmail in daemon mode and gain root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0129 (Sendmail allows local users to write to a file and gain group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0128 (Oversized ICMP ping packets can result in a denial of service, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0126 (SGI IRIX buffer overflow in xterm and Xaw allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0125 (Buffer overflow in SGI IRIX mailx program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0124 (Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0122 (Buffer overflow in AIX lchangelv gives root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0120 (Sun/Solaris utmp file allows local users to gain root access if it ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0118 (AIX infod allows local users to gain root access through an X display. ...)
	NOT-FOR-US: AIX
CVE-1999-0117 (AIX passwd allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0116 (Denial of service when an attacker sends many SYN packets to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0115 (AIX bugfiler program allows local users to gain root access. ...)
	NOT-FOR-US: AIX
CVE-1999-0113 (Some implementations of rlogin allow root access if given a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0112 (Buffer overflow in AIX dtterm program for the CDE. ...)
	NOT-FOR-US: AIX
CVE-1999-0111 (RIP v1 is susceptible to spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0109 (Buffer overflow in ffbconfig in Solaris 2.5.1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0108 (The printers program in IRIX has a buffer overflow that gives root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0103 (Echo and chargen, or other combinations of UDP services, can be used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0102 (Buffer overflow in SLmail 3.x allows attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0101 (Buffer overflow in AIX and Solaris &quot;gethostbyname&quot; library call allows ...)
	NOT-FOR-US: AIX
CVE-1999-0100 (Remote access in AIX innd 1.5.1, using control messages. ...)
	NOT-FOR-US: AIX
CVE-1999-0099 (Buffer overflow in syslog utility allows local or remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0097 (The AIX FTP client can be forced to execute commands from a malicious ...)
	NOT-FOR-US: AIX
CVE-1999-0096 (Sendmail decode alias can be used to overwrite sensitive files. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0095 (The debug command in Sendmail is enabled, allowing attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0094 (AIX piodmgrsu command allows local users to gain additional ...)
	NOT-FOR-US: AIX
CVE-1999-0093 (AIX nslookup command allows local users to obtain root access by not ...)
	NOT-FOR-US: AIX
CVE-1999-0091 (Buffer overflow in AIX writesrv command allows local users to obtain ...)
	NOT-FOR-US: AIX
CVE-1999-0090 (Buffer overflow in AIX rcp command allows local users to obtain ...)
	NOT-FOR-US: AIX
CVE-1999-0087 (Denial of service in AIX telnet can freeze a system and prevent ...)
	NOT-FOR-US: AIX
CVE-1999-0085 (Buffer overflow in rwhod on AIX and other operating systems allows ...)
	NOT-FOR-US: AIX
CVE-1999-0084 (Certain NFS servers allow users to use mknod to gain privileges by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0083 (getcwd() file descriptor leak in FTP. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0082 (CWD ~root command in ftpd allows root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0081 (wu-ftp allows files to be overwritten via the rnfr command. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0080 (Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0079 (Remote attackers can cause a denial of service in FTP by issuing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0077 (Predictable TCP sequence numbers allow spoofing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0075 (PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0074 (Listening TCP ports are sequentially allocated, allowing spoofing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0073 (Telnet allows a remote client to specify environment variables including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0072 (Buffer overflow in AIX xdat gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0071 (Apache httpd cookie buffer overflow for versions 1.1.1 and earlier. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0070 (test-cgi program allows an attacker to list files on the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0069 (Solaris ufsrestore buffer overflow. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0068 (CGI PHP mylog script allows an attacker to read any file on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0067 (phf CGI program allows remote command execution through shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0066 (AnyForm CGI remote execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0065 (Multiple buffer overflows in how dtmail handles attachments allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0064 (Buffer overflow in AIX lquerylv program gives root access to local users. ...)
	NOT-FOR-US: AIX
CVE-1999-0063 (Cisco IOS 12.0 and other versions can be crashed by malicious UDP ...)
	NOT-FOR-US: Cisco
CVE-1999-0062 (The chpass command in OpenBSD allows a local user to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0060 (Attackers can cause a denial of service in Ascend MAX and Pipeline ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0059 (IRIX fam service allows an attacker to obtain a list of all files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0058 (Buffer overflow in PHP cgi program, php.cgi allows shell access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0057 (Vacation program allows command execution by remote users through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0056 (Buffer overflow in Sun's ping program can give root access to local users. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0055 (Buffer overflows in Sun libnsl allow root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0054 (Sun's ftpd daemon can be subjected to a denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0053 (TCP RST denial of service in FreeBSD. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0052 (IP fragmentation denial of service in FreeBSD allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0051 (Arbitrary file creation and program execution using FLEXlm ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0050 (Buffer overflow in HP-UX newgrp program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0049 (Csetup under IRIX allows arbitrary file creation or overwriting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0048 (Talkd, when given corrupt DNS information, can be used to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0047 (MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0046 (Buffer overflow of rlogin program using TERM environmental variable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0045 (List of arbitrary files on Web host via nph-test-cgi script. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0044 (fsdump command in IRIX allows local users to obtain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0043 (Command execution via shell metachars in INN daemon (innd) 1.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0042 (Buffer overflow in University of Washington's implementation of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0041 (Buffer overflow in NLS (Natural Language Service). ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0040 (Buffer overflow in Xt library of X Windowing System allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0039 (webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0038 (Buffer overflow in xlock program allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0037 (Arbitrary command execution via metamail package using message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0036 (IRIX login program with a nonzero LOCKOUT parameter allows creation or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0035 (Race condition in signal handling routine in ftpd, allowing read/write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0034 (Buffer overflow in suidperl (sperl), Perl 4.x and 5.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0032 (Buffer overflow in lpr, as used in BSD-based systems including Linux, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0031 (JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and ...)
	NOT-FOR-US: Microsoft
CVE-1999-0029 (root privileges via buffer overflow in ordist command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0028 (root privileges via buffer overflow in login/scheme command on SGI ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0027 (root privileges via buffer overflow in eject command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0026 (root privileges via buffer overflow in pset command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0025 (root privileges via buffer overflow in df command on SGI IRIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0024 (DNS cache poisoning via BIND, by predictable query IDs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0023 (Local user gains root privileges via buffer overflow in rdist, via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0022 (Local user gains root privileges via buffer overflow in rdist, via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0021 (Arbitrary command execution via buffer overflow in Count.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0019 (Delete or create a file via rpc.statd, due to invalid information. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0018 (Buffer overflow in statd allows root privileges. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0017 (FTP servers can allow an attacker to connect to arbitrary ports on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0016 (Land IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0014 (Unauthorized privileged access or denial of service via dtappgather ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0013 (Stolen credentials from SSH clients via ssh-agent program, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0012 (Some web servers under Microsoft Windows allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-1999-0011 (Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0010 (Denial of Service vulnerability in BIND 8 Releases via maliciously ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0009 (Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0008 (Buffer overflow in NIS+, in Sun's rpc.nisd program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0007 (Information from SSL-encrypted sessions via PKCS #1. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0006 (Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0005 (Arbitrary command execution via IMAP buffer overflow in authenticate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0003 (Execute commands as root via buffer overflow in Tooltalk database ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0002 (Buffer overflow in NFS mountd gives root access to remote attackers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
	- apache2 2.0.40
CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
	NOT-FOR-US: IRIX
CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0646
	REJECTED
CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
	NOT-FOR-US: Microsoft
CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
	NOT-FOR-US: InterScan
CVE-2002-0636
	RESERVED
CVE-2002-0635
	REJECTED
CVE-2002-0634
	REJECTED
CVE-2002-0633
	REJECTED
CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
	NOT-FOR-US: SGI
CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
	NOT-FOR-US: Polycom
CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
	NOT-FOR-US: Polycom
CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...)
	NOT-FOR-US: Polycom
CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...)
	NOT-FOR-US: Microsoft
CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...)
	NOT-FOR-US: PHP-Survey
CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: FileSeek
CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...)
	NOT-FOR-US: FileSeek
CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...)
	NOT-FOR-US: HP
CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
	NOT-FOR-US: HP
CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...)
	NOT-FOR-US: Matu
CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...)
	NOT-FOR-US: Snitz
CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...)
	NOT-FOR-US: 3Cdaemon
CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...)
	NOT-FOR-US: Snapgear
CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...)
	NOT-FOR-US: Snapgear
CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...)
	NOT-FOR-US: Snapgear
CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...)
	NOT-FOR-US: WebTrends
CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...)
	NOT-FOR-US: WebTrends
CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...)
	NOT-FOR-US: AOL
CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...)
	NOT-FOR-US: AOL
CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...)
	NOT-FOR-US: IncrediBB
CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...)
	NOT-FOR-US: PVote
CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
	NOT-FOR-US: PVote
CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
	NOT-FOR-US: HP-UX
CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...)
	NOT-FOR-US: WorkforceROI
CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
	NOT-FOR-US: 4D WebServer
CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...)
	NOT-FOR-US: HP-UX
CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...)
	NOT-FOR-US: Oracle
CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...)
	NOT-FOR-US: Oracle
CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
	NOT-FOR-US: Oracle
CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
	NOT-FOR-US: Oracle
CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...)
	NOT-FOR-US: Oracle
CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
	NOT-FOR-US: Oracle
CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...)
	NOT-FOR-US: Oracle
CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...)
	NOT-FOR-US: TYPSoft
CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
	NOT-FOR-US: Quik-Serv
CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...)
	NOT-FOR-US: IBM
CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...)
	NOT-FOR-US: IBM
CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...)
	NOT-FOR-US: Melange
CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Dynamic Guestbook
CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
	NOT-FOR-US: Anthill
CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...)
	NOT-FOR-US: Anthill
CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
	NOT-FOR-US: Winamp
CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...)
	NOT-FOR-US: Aprelium
CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...)
	NOT-FOR-US: Tivoli
CVE-2002-0540 (Nortel CVX 1800 is installed with a default &quot;public&quot; community string, ...)
	NOT-FOR-US: Nortel
CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...)
	NOT-FOR-US: SWS
CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...)
	NOT-FOR-US: PostBoard
CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...)
	NOT-FOR-US: PostBoard
CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...)
	NOT-FOR-US: Novell
CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...)
	NOT-FOR-US: HP/Apple
CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...)
	NOT-FOR-US: Watchguard
CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...)
	NOT-FOR-US: Watchguard
CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...)
	NOT-FOR-US: ASP-Nuke
CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...)
	NOT-FOR-US: FreeBSD
CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...)
	NOT-FOR-US: OpenBSD
CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...)
	NOT-FOR-US: Oracle
CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: wwwisis
CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...)
	NOT-FOR-US: Microsoft
CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...)
	NOT-FOR-US: Citrix
CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...)
	NOT-FOR-US: Citrix
CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...)
	NOT-FOR-US: Citrix
CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
	NOT-FOR-US: Microsoft
CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the &quot;Skip scanning ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0421 (IIS 4.0 allows local users to bypass the &quot;User cannot change password&quot; ...)
	NOT-FOR-US: Microsoft
CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0418 (Directory traversal vulnerability in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...)
	NOT-FOR-US: Microsoft
CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0390
	RESERVED
CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
	{DSA-147}
	- mailman 2.0.12-1
CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0383
	RESERVED
CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
	NOT-FOR-US: Microsoft
CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0365
	RESERVED
CVE-2002-0361
	RESERVED
CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the &quot;halt&quot; user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return (&quot;CR&quot;) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0270 (Opera, when configured with the &quot;Determine action by MIME type&quot; option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...)
	NOT-FOR-US: Microsoft
CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0253 (PHP, when not configured with the &quot;display_errors = Off&quot; setting in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...)
	NOT-FOR-US: Microsoft
CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
	NOT-FOR-US: Microsoft
CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...)
	NOT-FOR-US: Cisco
CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...)
	NOT-FOR-US: Microsoft
CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0195
	RESERVED
CVE-2002-0194
	RESERVED
CVE-2002-0192
	REJECTED
CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-2002-0182
	RESERVED
CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
	{DSA-380}
	- xfree86 4.2.1-11
CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0161
	RESERVED
CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...)
	NOT-FOR-US: Microsoft
CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0114 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0113 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...)
	NOT-FOR-US: Microsoft
CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0035
	REJECTED
CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
	NOT-FOR-US: Microsoft
CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
	{DSA-196}
	- bind9 <not-affected>
	- bind 1:8.3.3-3
CVE-2002-0019
	RESERVED
CVE-2002-0016
	RESERVED
CVE-2002-0015
	RESERVED
CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...)
	NOTE: not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge
	NOTE: discussion at:
	NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html
	NOTE: listed sarge version contains a fix like the patch from Gentoo
	- ncompress 4.2.4-15
CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...)
	NOT-FOR-US: Microsoft
CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the &quot;--reject-with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
	NOT-FOR-US: AIX
CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
	NOT-FOR-US: AIX
CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Microsoft
CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1273 (The &quot;mxcsr P4&quot; vulnerability in the Linux kernel before 2.2.17-14, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...)
	NOT-FOR-US: Microsoft
CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...)
	NOT-FOR-US: Microsoft
CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...)
	NOT-FOR-US: Cisco
CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1167
	REJECTED
CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...)
	NOT-FOR-US: Cisco
CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...)
	NOT-FOR-US: Cisco
CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...)
	NOT-FOR-US: Cisco
CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...)
	NOT-FOR-US: Cisco
CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...)
	NOT-FOR-US: AIX
CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
	{DSA-148}
	- hylafax 4.1.2-2.1
CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...)
	{DSA-301}
	- libgtop 1.0.13-4
CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with &quot;Prompt to allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
	NOT-FOR-US: Microsoft
CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0885
	RESERVED
CVE-2001-0883
	RESERVED
CVE-2001-0882
	RESERVED
CVE-2001-0881
	RESERVED
CVE-2001-0880
	RESERVED
CVE-2001-0878
	RESERVED
CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0814
	REJECTED
CVE-2001-0813
	REJECTED
CVE-2001-0812
	REJECTED
CVE-2001-0811
	REJECTED
CVE-2001-0810
	REJECTED
CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0802
	REJECTED
CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0798
	REJECTED
CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Cisco
CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
	{DSA-695-1}
	- xli 1.17.0-17
CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
	NOT-FOR-US: Cisco
CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...)
	- cfingerd 1.4.3-1.1 (bug #104394)
	NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates
	NOTE: its changes.
CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0725
	RESERVED
CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...)
	NOT-FOR-US: Microsoft
CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...)
	NOT-FOR-US: Cisco
CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0673
	RESERVED
CVE-2001-0672
	RESERVED
CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0661
	RESERVED
CVE-2001-0657
	REJECTED
CVE-2001-0656
	REJECTED
CVE-2001-0655
	REJECTED
CVE-2001-0654
	REJECTED
CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...)
	NOT-FOR-US: Cisco
CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0539
	RESERVED
CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0532
	RESERVED
CVE-2001-0531
	RESERVED
CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...)
	NOT-FOR-US: Microsoft
CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0418 (content.pl script in NCM Content Management System allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
	NOT-FOR-US: Microsoft
CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
	NOT-FOR-US: Microsoft
CVE-2001-0343
	RESERVED
CVE-2001-0342
	RESERVED
CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
	NOT-FOR-US: Microsoft
CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...)
	NOT-FOR-US: Microsoft
CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0307 (Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
	NOT-FOR-US: Microsoft
CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
	NOT-FOR-US: Microsoft
CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
	NOT-FOR-US: Microsoft
CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0168 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0167 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...)
	NOT-FOR-US: Cisco
CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...)
	NOT-FOR-US: Cisco
CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0159
	RESERVED
CVE-2001-0158
	RESERVED
CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
	NOT-FOR-US: Microsoft
CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
	{DSA-195 DSA-188 DSA-187}
	- apache-perl 1.3.26-1.1-1.27-3-1
	- apache 1.3.27-1
CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the &quot;lock ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0103 (CoffeeCup Direct and Free FTP clients uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0102 (&quot;Multiple Users&quot; Control Panel in Mac OS 9 allows Normal users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0048 (The &quot;Configure Your Server&quot; tool in Microsoft 2000 domain controllers ...)
	NOT-FOR-US: Microsoft
CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...)
	NOT-FOR-US: Cisco
CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1209 (The &quot;sa&quot; account is installed with a default null password on (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
	- apache 1.3.11 (unimportant)
	NOTE: only an example script /usr/share/doc/apache-common/examples/
CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1161 (The installation of AdCycle banner management system leaves the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1127 (registrar in the HP resource monitor service allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1104 (Variant of the &quot;IIS Cross-Site Scripting&quot; vulnerability as originally ...)
	NOT-FOR-US: Microsoft
CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1100 (The default configuration for PostACI webmail system installs the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...)
	NOT-FOR-US: Microsoft
CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...)
	NOT-FOR-US: Microsoft
CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1030 (CS&amp;T CorporateTime for the Web returns different error messages for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0998 (Format string vulnerability in top program allows local attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...)
	NOT-FOR-US: Cisco
CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0842 (The search97cgi/vtopic&quot; in the UnixWare 7 scohelphttp webserver allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...)
	NOT-FOR-US: Microsoft
CVE-2000-0812 (The administration module in Sun Java web server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0774 (The sample Java servlet &quot;test&quot; in Bajie HTTP web server 0.30a reveals ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...)
	NOT-FOR-US: Microsoft
CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...)
	NOT-FOR-US: Microsoft
CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux 6.2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
	NOT-FOR-US: Microsoft
CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
	NOT-FOR-US: Microsoft
CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...)
	- kdebase 4:2.2.2-14.6
CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...)
	NOT-FOR-US: Microsoft
CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...)
	NOT-FOR-US: Microsoft
CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...)
	NOT-FOR-US: Microsoft
CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...)
	NOT-FOR-US: Microsoft
CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0434 (The administrative password for the Allmanage web site administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...)
	NOT-FOR-US: Microsoft
CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
	NOT-FOR-US: Microsoft
CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
	NOT-FOR-US: Cisco
CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...)
	NOT-FOR-US: Microsoft
CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...)
	NOT-FOR-US: Microsoft
CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...)
	NOT-FOR-US: Microsoft
CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...)
	NOT-FOR-US: Microsoft
CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0134 (The Check It Out shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...)
	NOT-FOR-US: Microsoft
CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...)
	NOT-FOR-US: Microsoft
CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...)
	NOT-FOR-US: Microsoft
CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0108 (The Intellivend shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...)
	NOT-FOR-US: Microsoft
CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...)
	NOT-FOR-US: Microsoft
CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
	{DSA-664-1}
	- cpio 2.5-1.2 (bug #293379)
CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1560 (Vulnerability in a script in Texas A&amp;M University (TAMU) Tiger allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...)
	NOT-FOR-US: AIX
CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...)
	NOT-FOR-US: AIX
CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...)
	NOT-FOR-US: Cisco
CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...)
	NOT-FOR-US: Cisco
CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...)
	NOT-FOR-US: Cisco
CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1454 (Macromedia &quot;The Matrix&quot; screen saver on Windows 95 with the &quot;Password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...)
	NOT-FOR-US: Microsoft
CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...)
	NOT-FOR-US: Microsoft
CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
	NOT-FOR-US: Microsoft
CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the &quot;Run only allowed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1429 (DIT TransferPro installs devices with world-readable and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1418 (ICQ99 ICQ web server build 1701 with &quot;Active Homepage&quot; enabled ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
	NOT-FOR-US: AIX
CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...)
	NOT-FOR-US: AIX
CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1400 (The Economist screen saver 1999 with the &quot;Password Protected&quot; option ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1393 (Control Panel &quot;Password Security&quot; option for Apple Powerbooks allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...)
	NOT-FOR-US: Microsoft
CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...)
	NOT-FOR-US: Microsoft
CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1310
	REJECTED
CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
	NOT-FOR-US: Cisco
CVE-1999-1305 (Vulnerability in &quot;at&quot; program in SCO UNIX 4.2 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1302 (Unspecified vulnerability in pt_chmod in SCO UNIX 4.2 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a &quot;nobody&quot; ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...)
	NOT-FOR-US: Microsoft
CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...)
	NOT-FOR-US: Microsoft
CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1232 (Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1228 (Various modems that do not implement a guard time, or are configured ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...)
	NOT-FOR-US: Cisco
CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
	NOT-FOR-US: Cisco
CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
	NOT-FOR-US: Microsoft
CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...)
	NOT-FOR-US: Cisco
CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
	NOT-FOR-US: Microsoft
CVE-1999-1108
	REJECTED
CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...)
	NOT-FOR-US: Microsoft
CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1084 (The &quot;AEDebug&quot; registry key is installed with insecure permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...)
	NOT-FOR-US: AIX
CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...)
	NOT-FOR-US: AIX
CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1056
	REJECTED
CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
	NOT-FOR-US: Microsoft
CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...)
	NOT-FOR-US: Cisco
CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...)
	NOT-FOR-US: Microsoft
CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...)
	NOT-FOR-US: Microsoft
CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...)
	NOT-FOR-US: AIX
CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange  ...)
	NOT-FOR-US: Microsoft
CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
	NOT-FOR-US: Microsoft
CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
	NOT-FOR-US: Cisco
CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...)
	NOT-FOR-US: Microsoft
CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0677 (The WebRamp web administration utility has a default password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0669 (The Eyedog ActiveX control is marked as &quot;safe for scripting&quot; for ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0663 (A system-critical program, library, or file has a checksum or other ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0662 (A system-critical program or library does not have the appropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0661 (A system is running a version of software that was replaced with a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0660
	REJECTED
CVE-1999-0659
	REJECTED
CVE-1999-0658
	REJECTED
CVE-1999-0657 (WinGate is being used. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0656 (The ugidd RPC interface, by design, allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0655
	REJECTED
CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0653 (A component service related to NIS+ is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0652
	REJECTED
CVE-1999-0651 (The rsh/rlogin service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0650 (The netstat service is running, which provides sensitive information ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0649
	REJECTED
CVE-1999-0648
	REJECTED
CVE-1999-0647
	REJECTED
CVE-1999-0646
	REJECTED
CVE-1999-0645
	REJECTED
CVE-1999-0644
	REJECTED
CVE-1999-0643
	REJECTED
CVE-1999-0642
	REJECTED
CVE-1999-0641 (The UUCP service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0640 (The Gopher service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0639 (The chargen service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0638 (The daytime service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0637 (The systat service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0636 (The discard service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0635 (The echo service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0634
	REJECTED
CVE-1999-0633
	REJECTED
CVE-1999-0632 (The RPC portmapper service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0631
	REJECTED
CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0629 (The ident/identd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0625 (The rpc.rquotad service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0624 (The rstat/rstatd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0623
	REJECTED
CVE-1999-0622
	REJECTED
CVE-1999-0621
	REJECTED
CVE-1999-0620
	REJECTED
CVE-1999-0619
	REJECTED
CVE-1999-0618 (The rexec service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0617
	REJECTED
CVE-1999-0616
	REJECTED
CVE-1999-0615
	REJECTED
CVE-1999-0614
	REJECTED
CVE-1999-0613 (The rpc.sprayd service is running. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0610 (An incorrect configuration of the Webcart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0607 (quikstore.cgi in QuikStore shopping cart stores quikstore.cfg under ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart  ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0602 (A network intrusion detection system (IDS) does not properly ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0595 (A Windows NT system does not clear the system page file during ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0593 (The default setting for the Winlogon key entry ShutdownWithoutLogon in ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0586 (A network service is running on a nonstandard port. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0585 (A Windows NT administrator account has the default name of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0584 (A Windows NT file system is not NTFS. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0572 (.reg files are associated with the Windows NT registry editor ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0571 (A router's configuration service or management interface (such as a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...)
	NOT-FOR-US: Microsoft
CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...)
	- webmin 1.160-1
CVE-1999-0556 (Two or more Unix accounts have the same UID. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0555 (A Unix account with a name other than &quot;root&quot; has UID 0, i.e. root ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0546 (The Windows NT guest account is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
	NOT-FOR-US: Microsoft
CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0533 (A DNS server allows inverse queries. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0532 (A DNS server allows zone transfers. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0531
	REJECTED
CVE-1999-0530 (A system is operating in &quot;promiscuous&quot; mode which allows it to perform ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0524 (ICMP information such as (1) netmask and (2) timestamp is allowed from ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0521 (An NIS domain name is easily guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0516 (An SNMP community name is guessable. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0508 (An account on a router, firewall, or other network device has a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0507 (An account on a router, firewall, or other network device has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0504 (A Windows NT local user or administrator account has a default, null, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0503 (A Windows NT local user or administrator account has a guessable ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0501 (A Unix account has a guessable password. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0497 (Anonymous FTP is enabled. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0495 (A remote attacker can gain access to a file system using ..  (dot dot) ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...)
	NOT-FOR-US: Microsoft
CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...)
	NOT-FOR-US: Microsoft
CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...)
	NOT-FOR-US: Microsoft
CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
	NOT-FOR-US: Microsoft
CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
	NOT-FOR-US: Cisco
CVE-1999-0452 (A service or application has a backdoor password that was placed there ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
	NOT-FOR-US: HP-UX
CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
	NOT-FOR-US: Eudora
CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
	NOT-FOR-US: Microsoft
CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
	NOT-FOR-US: SCO
CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
	NOT-FOR-US: DEC UNIX
CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
	NOT-FOR-US: Mirc
CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
	NOT-FOR-US: Sun
CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
	NOT-FOR-US: Microsoft
CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
	NOT-FOR-US: NetWare
CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
	NOT-FOR-US: Windows
CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
	NOT-FOR-US: Windows
CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0347 (Internet Explorer 4.01 allows remote attackers to read local files and ...)
	NOT-FOR-US: Windows
CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
	NOT-FOR-US: Windows
CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
	NOT-FOR-US: HP
CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
	NOT-FOR-US: HP
CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
	NOT-FOR-US: Windows
CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
	NOT-FOR-US: HP
CVE-1999-0306 (buffer overflow in HP xlock program. ...)
	NOT-FOR-US: HP
CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
	NOT-FOR-US: Windows
CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
	NOT-FOR-US: Windows
CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
	NOT-FOR-US: Windows
CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0282
	REJECTED
CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
	NOT-FOR-US: HP
CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
	NOT-FOR-US: Windows
CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
	NOT-FOR-US: HP
CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
	NOT-FOR-US: Windows
CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
	NOT-FOR-US: Windows
CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
	NOT-FOR-US: Cisco
CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
	NOT-FOR-US: Solaris
CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
	NOT-FOR-US: Windows
CVE-1999-0198 (finger .@host on some systems may print information on some user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
	NOT-FOR-US: Ascend/3com
CVE-1999-0187
	REJECTED
CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
	NOT-FOR-US: Solaris
CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0165 (NFS cache poisoning. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
	NOT-FOR-US: Windows
CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
	NOT-FOR-US: Windows
CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
	NOT-FOR-US: HP-UX
CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
	NOT-FOR-US: Windows
CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0110
	REJECTED
CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0106 (Finger redirection allows finger bombs. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
	NOT-FOR-US: AIX
CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
	NOT-FOR-US: AIX
CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
	NOT-FOR-US: AIX
CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
	NOT-FOR-US: AIX
CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
	NOT-FOR-US: SGI
CVE-1999-0020
	REJECTED
CVE-1999-0015 (Teardrop IP denial of service. ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
	NOT-FOR-US: Data pre-dating the Security Tracker
CVE-1999-0001 (ip_input.c in BSD-derived TCP/IP implementations allows remote ...)
	NOT-FOR-US: Data pre-dating the Security Tracker